------------------------------------------------------------------------------
To reply, visit https://hellosplat.com/s/beanbag/tickets/4867/
------------------------------------------------------------------------------
New ticket #4867 by gwar
For Beanbag, Inc. > Review Board
Status: New
Tags: Priority:Medium, Type:Defect
------------------------------------------------------------------------------
Reviewboard mishandles a changed Perforce fingerprint (vs the initial cert)
==============================================================================
# What version are you running?
3.0.14
# What's the URL of the page containing the problem?
admin/db/scmtools/repository/3/
(where 3 is the perforce repo)
# What steps will reproduce the problem?
1. renew an SSL cert in perforce (which typically expire every 2 years)
2. RB fails to post and some UI components are missing from reviews (eg. the
Information panel on the right above Reviewers)
3. Editing the repo fails when you save it again and then hit the "trust..."
button (ends up sending the "p4 -p <path> trust -i ..." command gibberish and
results in a 500 error.
# What is the expected output? What do you see instead?
RB parse the trust error properly in the case of a changed fingerprint. This
is how I hacked it to fix the issue but could be handled more elegantly (around
line 500):
elif "To allow connection use the 'p4 trust' command" in error:
fingerprint = error.split(r'\n')[3]
if fingerprint.startswith("If this is not a scheduled key
change"):
fingerprint = error.split(r'\n')[6]
logging.info("fingerprint is: %s", fingerprint)
raise UnverifiedCertificateError(
Certificate(fingerprint=fingerprint))
else:
raise SCMError(error)
In the case of the initial cert index [3] contains the fingerprint. In the
case of a changed cert index [6] contains the fingerprint. With the original
code, it passed "If this is a scheduled key change" to p4 trust -i which
timesout and causes a 500 error.
# What operating system are you using? What browser?
N/A - server side. RB server is running on Ubuntu 16.04
# Please provide any additional information below.
To figure out the issue I added a logging.info of the error message which
contained this
error: [P4#run] Errors during command execution( "p4 login" )
[Error]: "******* WARNING P4PORT IDENTIFICATION HAS CHANGED!
*******\nIt is possible that someone is intercepting your connection\nto the
Perforce P4PORT '<p4-server>:1666'\nIf this is not a scheduled key change, then
you should contact\nyour Perforce administrator.\nThe fingerprint for the
mismatched key sent to your client
is\n00:11:22:33:44:55:66:77:88:99:00:11:22:33\nTo allow connection use the 'p4
trust' command."
The stacktrace wasn't helpful by itself since it doesn't contain the error
message only this:
File
"/usr/local/lib/python2.7/dist-packages/ReviewBoard-3.0.14-py2.7.egg/reviewboard/scmtools/perforce.py",
line 755, in get_changeset
"""
File
"/usr/local/lib/python2.7/dist-packages/ReviewBoard-3.0.14-py2.7.egg/reviewboard/scmtools/perforce.py",
line 514, in get_changeset
File "/usr/lib/python2.7/contextlib.py", line 17, in __enter__
return self.gen.next()
File
"/usr/local/lib/python2.7/dist-packages/ReviewBoard-3.0.14-py2.7.egg/reviewboard/scmtools/perforce.py",
line 497, in run_worker
raise UnverifiedCertificateError(
UnverifiedCertificateError: A verified SSL certificate is required to connect
to this repository.
------------------------------------------------------------------------------
--
You received this message because you are subscribed to the Google Groups
"reviewboard-issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to reviewboard-issues+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/reviewboard-issues/20200404191156.32088.89957%40ip-10-1-54-209.ec2.internal.
