p4 is not being build with SSL support, which makes connecting to a perforce server using SSL impossible. The p4 binary that can be downloaded from Perforce directly supports SSL, so I'd consider this a regression.
I think you mean devel/p4 (?).
Yes. I meant devel/p4.
Created attachment 191208 [details] Build p4api with SSL support Mike, could you please test the attached patch? Also, would you mind testing whether you can connect to your server with the devel/py-p4python and/or devel/rubygem-p4ruby ports? I think they should be ok, but I'm not 100% sure.
devel/p4 now works. I don't use ruby at all, so I don't think I would be a good tester for it. I haven't used py-p4python, but I was able to get it to compile once I applied a similar patch to devel/p4api. However, when I tried to follow a simple example as shown here: https://www.perforce.com/perforce/r14.2/manuals/p4script/python.programming.html I couldn't connect. It gave me the following error: SSL library must be at least version 1.0.0. This might just be operator error on my part, though. I still haven't wrapped my brain around the recent port changes to the management of different python versions and I probably have a mash-mash of python 2.7, 3.5 and 3.6 installed and I don't know where the SSL library is picked up. I tried using python3.5. I did notice that the WWW link in devel/py-p4python/pkg-descr is invalid. mike
I don't have any trouble compiling py-p4python with a vanilla devel/p4api. Could you please show me the build error that you get?
I’m sorry, I wasn’t clear. I was able to build it fine. I had the error when I was testing it from the python command line. I created a P4 instance, set the port, user, client and password and then called the connect() method. That’s when I got the error message.
So to be clear, you got the "SSL library must be at least version 1.0.0." error when you used a py-p4python built with the vanilla p4api, and also when you used a patched p4api?
The error only appeared when I used the patched p4api. Without the patch it just wouldn’t connect when I used a port setting with the ssl: prefix. If I used a port setting without the ssl: prefix, it would give an error saying an SSL connection was required. I don’t remember the exact verbiage. I didn’t tcpdump it or run it through ktrace or truss (which I did with p4 when I was trying to figure out why it wasn’t working this morning), but I assume it behaved the same as the unpatched p4, namely not even opening a socket.
Created attachment 191209 [details] Build devel/p4 and devel/py-p4python with SSL support Ok, I think I've got it now. Try the new patch. This should hopefully get SSL working in py-p4python. Thanks for your patience.
Created attachment 191212 [details] Build devel/p4 and devel/py-p4python with SSL support Actually, use this one instead.
I tried the patch and I'm seeing something weird. This is from the python shell. If it set up my port with the ssl: prefix, I get the error message: Failed client SSL connection setup, server not using SSL. But if I remove the ssl: prefix, it connects. I double-checked things using p4 both locally and on a remote machine and my p4 server is definitely running with SSL enabled and the ssl: prefix is required. Then I sent and applied the devel/p4 patch to devel/p4api since I noticed it was being build without -DUSE_SSL. This did produce some errors while linking p4api and p4dvcsapi: clang++: error: no such file or directory: '/usr/lib/lib.pic/libssl.a' clang++: error: no such file or directory: '/usr/lib/lib.pic/libcrypto.a' But aside from that it still installed. Then I ran my test from the python interpreter (after rebuilding and reinstalling py-p4python using your patch). This time I could connect to the server both with and without the ssl: prefix, which makes no sense since it should fail without the prefix. I'm not sure what's going on, but it appear that py-p4python was connecting using SSL even if the ssl: prefix was not present when using your py-p4python patch regardless of how p4api as patched.
(In reply to Mike Durian from comment #11) Even though it looked like p4api installed, it doesn't install librpc.a or libsupp.a when you build it that way. So we can't use that patch. AFAICT, from looking at the build system, it shouldn't be necessary anyway. The p4api is built with libp4sslstub.a. Then consumers like py-p4python can choose whether to link to libp4sslstub.a (which does not provide SSL support) or OpenSSL's libssl.a and libcrypto.a (which do). As for py-p4python failing to distinguish the ssl:// prefix, that sounds like a bug in py-p4python. Do you happen to have any other p4 servers that _don't_ require ssl? I no longer have access to any kind of p4 server, so I can't test this myself.
No, sorry. I only have the one depot that runs with SSL.
Ok. In that case, I'll just commit the changes to devel/p4. I'll only commit the py-p4python changes if I can find another tester.
A commit references this bug: Author: asomers Date: Mon Mar 5 17:08:32 UTC 2018 New revision: 463653 URL: https://svnweb.freebsd.org/changeset/ports/463653 Log: devel/p4: build with SSL support SSL support was inadvertenly removed from devel/p4 (but not devel/p4api) by r460727. This change restores it. PR: 226352 Reported by: Mike Durian <durian@boogie.com> Changes: head/devel/p4/Makefile