There are several settings that can be set on a client computer that control how the client verifies that servers they are connecting to are secure. If you want to deploy these settings in an enterprise-level network, contact Perforce Support for help.
Where to configure settings
Windows
Configure settings in the following locations in the registry:
- P4 Plan client — HKEY_CURRENT_USER/Software/Hansoft/Hansoft Project Manager/Client/SecuritySettings/Normal
- P4 Plan Server Administrator client — HKEY_CURRENT_USER/Software/Hansoft/Hansoft Project Manager/Client/SecuritySettings/ServerAdmin
Mac
Configure settings in ~/Library/Preferences/se.hansoft.Hansoft Project Manager.plist. Use the following prefixes based on the client:
- P4 Plan client — Client.SecuritySettings.Normal
- P4 Plan Server Administrator client — Client.SecuritySettings.ServerAdmin
See the Apple web site for information about editing configuration files.
Linux
Configure settings in ~/.config/Hansoft/Hansoft Project\ Manager.conf.
Settings
| Key | Value/Description |
|---|---|
| AllowUserTrustDecisions | Value of 1: should P4 Plan be unable to determine whether a certificate presented to it by a server can be trusted, the user will be shown the certificate sent by the server. The user will be able to decide whether to continue with the connection. This setting also determines whether a user can choose to connect to a server that has identified itself as a P4 Plan server that pre-dates certificate authentication support. Value of 0: the user is not able to make decisions on certificate trust. If P4 Plan is unable to verify a certificate, the connection will fail. This is enabled by default. |
| UserCanStoreTrustedCertificates | This key is only applicable if AllowUserTrustDecisions has a value of 1. Value of 0: the user is not permitted to allow P4 Plan to remember certificates that they have manually trusted in the past. Value of 1: The user is permitted to allow P4 Plan to remember certificates that they have manually trusted in the past. This list can be managed from the Connect options UI within the P4 Plan client. This is enabled by default. |
| VerificationDepth | A value ranging between 0 and 9. This determines the limit up to which depth certificates in a chain are used during the verification procedure. If the certificate chain is longer than allowed, the certificates above the limit are ignored. |
| PublicCertificate | String consisting of the public certificate used by the client. |
| PrivateKey | String consisting of the private key used by the client. |
| CertificateAuthorityCertificate | String consisting of the public certificate of the certificate authority used by the client to verify certificates presented by P4 Plan servers. It is also possible to supply a path to the public certificate of the certificate authority. This value should be added as a registry key named ‘CertificateAuthorityPath’ |
| CertificateRevocationList | String consisting of the certificate revocation list of the certificate authority used by the client. It is also possible to supply a path to the CRL file. This value should be added as a registry key named ‘CertificateRevocationListPath’ |
| ValidateHostNameMatchesSAN | A value of 1 indicates that the client should validate that the certificate is valid for the hostname that is being connected to. This is enabled by default. |
| AllowUserToIgnoreValidationErrors | A value of 1 indicates that the user is allowed to ignore validation errors such as hostname mismatches and expired certificates. This is enabled by default. |
| AllowInsecureSSLProtocols | A value of 1 indicates that the user is allowed to connect to servers that are running an older version of SSL. Setting this to 0 results in the client only being able to connect to servers that are running the same version or newer. This is enabled by default. |