Bug Fixes

#1484083 (Bug #89648, #89890) ** The db.sendq entries for a failed parallel sync are now immediately removed from db.sendq.

#1483314 (Bug #89040) * 'p4 print -o <a filename in the os temp directory>' will now work even if a P4CLIENTPATH is set or the DVCS P4INITROOT is set. This is a new exception to the P4CLIENTPATH feature.

#1481077, #1481305, #1483342 (Bugs #89051, #90160) * ** *** SSL connections now allow use of TLSv1.1 and TLSv1.2 in addition to the existing support for TLSv1.0. Clients and servers will choose the highest TLS version supported by both ends of the connection; thus old clients and old servers will always use TLSv1.0, and by default new clients connecting to new servers will use TLSv1.2.

Two new configurables are provided to restrict the allowed TLS versions when a new client connnects to a new server: ssl.tls.version.min [default=10] ssl.tls.version.max [default=12] These default settings allow TLSv1.0, TLSv1.1, and TLSv1.2.

Each of these configurables can take one of the following values: 10 specifies TLSv1.0 11 specifies TLSv1.1 12 specifies TLSv1.2 ssl.tls.version.min specifies the lowest TLS version that will be accepted, and ssl.tls.version.max specifies the highest TLS version that will be accepted.

Changes to these configurables on a server will not take effect until the server is restarted.

Thus, to force use of a new client, the server can set ssl.tls.version.min=11 (or 12) because old clients support only TLSv1.0.

To force the use of TLSv1.1, set ssl.tls.version.min=11 ssl.tls.version.max=11

To force the use of TLSv1.2, set ssl.tls.version.min=12 ssl.tls.version.max=12

To allow TLSv1.1 or TLSv1.2 but exclude TLSv1.0, set ssl.tls.version.min=11 ssl.tls.version.max=12

These configurables are designed to allow the server to restrict the set of allowed TLS protocol versions, but they can be used by clients as well; this is probably useful mostly for testing, although it can be use to prevent connecting to potentially vulnerable servers. When used by a client these configurables specify the lowest and highest TLS versions that will be offered.

Values of either configurable outside of the legal range will be treated as if they were pinned to the nearest end of the range. Thus values below 10 will be treated as 10; values above 12 will be treated as 12.

Be careful not to set ssl.tls.version.min > ssl.tls.version.max because then no clients will be able to connect. In this case you will need to change these settings on the command line, e.g.: p4d -c"set ssl.tls.version.min=10" p4d -c"set ssl.tls.version.max=12" and then restart the server.

Note that if there are no allowed TLS versions common to the client and the server, or if the server is not using SSL, then the client will get an error similar to this:

Perforce client error: SSL connect to ssl:host:1666 failed (Connection reset by peer). Remove SSL protocol prefix from P4PORT or fix the TLS settings.

If the client or server does not offer any protocol versions (eg, because the client set ssl.tls.version.min > ssl.tls.version.max) then the client will get an error similar to this:

Perforce client error: SSL protocol: error:14077102:SSL routines: SSL23_GET_SERVER_HELLO:unsupported protocol:

There are only two lines in this error message; the actual error has the "SSL protocol:" line and the "GET_SERVER_HELLO" line on a single line, but they are split here for readability.

#1478875 (Bug #89781) ** 'p4 depot -f' would allow changing the depot type of a depot that is not empty. This has been fixed.

#1474602 (Bug #89677) ** 'p4 admin stop/restart' could cause a server crash if the new configurable 'db.monitor.interval' had been set.

#1473213 (Bug #89657) ** 'p4d -xx' could incorrectly declare "db.workingx/db.revsh inconsistencies found," and incorrectly generate jnl.fix records, in some situations where multiple shelves existed for the same files.

#1471463 (Bug #89336) ** 'p4 add ...' could generate many "Error object passed to database" errors and fail to terminate when MaxScanRows or MaxLockTime has been reached. This could also happen with 'p4 reconcile' or 'p4 status'. This behavior has been fixed.