[flashproxy/master] Rename PIN_GOOGLE_CERT to PIN_GOOGLE_CA_CERT. - tor-commits

8 Nov 2013

commit eccf3f46188d2b60f93128ab76218f07e9965698
Author: David Fifield david@bamsoftware.com
Date:   Fri Nov 8 12:32:13 2013 -0800
Rename PIN_GOOGLE_CERT to PIN_GOOGLE_CA_CERT.
I think this makes it more clear that this certificate belongs to a CA
    (i.e., Equifax), not to Google.
---
 flashproxy-reg-appspot       |    4 ++--
 flashproxy-reg-email         |    4 ++--
 flashproxy/keys.py           |    2 +-
 flashproxy/test/test_keys.py |    6 +++---
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/flashproxy-reg-appspot b/flashproxy-reg-appspot
index a261f10..884c112 100755
--- a/flashproxy-reg-appspot
+++ b/flashproxy-reg-appspot
@@ -13,7 +13,7 @@ import tempfile
 import urlparse
 import urllib2
-from flashproxy.keys import PIN_GOOGLE_CERT, PIN_GOOGLE_PUBKEY_SHA1, check_certificate_pin, temp_cert
+from flashproxy.keys import PIN_GOOGLE_CA_CERT, PIN_GOOGLE_PUBKEY_SHA1, check_certificate_pin, temp_cert
 from flashproxy.util import parse_addr_spec, format_addr
try:
@@ -141,7 +141,7 @@ class PinHTTPSConnection(httplib.HTTPSConnection):
         ctx = SSL.Context("tlsv1")
         ctx.set_verify(SSL.verify_peer, 3)
-        with temp_cert(PIN_GOOGLE_CERT) as ca_file:
+        with temp_cert(PIN_GOOGLE_CA_CERT) as ca_file:
             ret = ctx.load_verify_locations(ca_file.name)
             assert ret == 1
diff --git a/flashproxy-reg-email b/flashproxy-reg-email
index 4f4599c..fa08d9f 100755
--- a/flashproxy-reg-email
+++ b/flashproxy-reg-email
@@ -11,7 +11,7 @@ import sys
 import tempfile
 import urllib
-from flashproxy.keys import PIN_GOOGLE_CERT, PIN_GOOGLE_PUBKEY_SHA1, DEFAULT_FACILITATOR_PUBKEY_PEM, check_certificate_pin, temp_cert
+from flashproxy.keys import PIN_GOOGLE_CA_CERT, PIN_GOOGLE_PUBKEY_SHA1, DEFAULT_FACILITATOR_PUBKEY_PEM, check_certificate_pin, temp_cert
 from flashproxy.util import parse_addr_spec, format_addr
try:
@@ -184,7 +184,7 @@ try:
     ctx = SSL.Context("tlsv1")
     ctx.set_verify(SSL.verify_peer, 3)
-    with temp_cert(PIN_GOOGLE_CERT) as ca_file:
+    with temp_cert(PIN_GOOGLE_CA_CERT) as ca_file:
         # We roll our own initial EHLO/STARTTLS because smtplib.SMTP.starttls
         # doesn't allow enough certificate validation.
         code, msg = smtp.docmd("EHLO", EHLO_FQDN)
diff --git a/flashproxy/keys.py b/flashproxy/keys.py
index 5b4b9fa..28b4406 100644
--- a/flashproxy/keys.py
+++ b/flashproxy/keys.py
@@ -7,7 +7,7 @@ from hashlib import sha1
 # To find the certificate to copy here,
 # $ strace openssl s_client -connect FRONT_DOMAIN:443 -verify 10 -CApath /etc/ssl/certs 2>&1 | grep /etc/ssl/certs
 # stat("/etc/ssl/certs/XXXXXXXX.0", {st_mode=S_IFREG|0644, st_size=YYYY, ...}) = 0
-PIN_GOOGLE_CERT = """\
+PIN_GOOGLE_CA_CERT = """\
 subject=/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
 issuer=/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
 -----BEGIN CERTIFICATE-----
diff --git a/flashproxy/test/test_keys.py b/flashproxy/test/test_keys.py
index 4488118..00b82a7 100644
--- a/flashproxy/test/test_keys.py
+++ b/flashproxy/test/test_keys.py
@@ -1,12 +1,12 @@
 import os.path
 import unittest
-from flashproxy.keys import PIN_GOOGLE_CERT, PIN_GOOGLE_PUBKEY_SHA1, check_certificate_pin, temp_cert
+from flashproxy.keys import PIN_GOOGLE_CA_CERT, PIN_GOOGLE_PUBKEY_SHA1, check_certificate_pin, temp_cert
class TempCertTest(unittest.TestCase):
     def test_temp_cert_success(self):
         fn = None
-        with temp_cert(PIN_GOOGLE_CERT) as ca_file:
+        with temp_cert(PIN_GOOGLE_CA_CERT) as ca_file:
             fn = ca_file.name
             self.assertTrue(os.path.exists(fn))
         self.assertFalse(os.path.exists(fn))
@@ -14,7 +14,7 @@ class TempCertTest(unittest.TestCase):
     def test_temp_cert_raise(self):
         fn = None
         try:
-            with temp_cert(PIN_GOOGLE_CERT) as ca_file:
+            with temp_cert(PIN_GOOGLE_CA_CERT) as ca_file:
                 fn = ca_file.name
                 raise ValueError()
             self.fail()

    