[tor-commits] [flashproxy/master] Rename PIN_GOOGLE_CERT to PIN_GOOGLE_CA_CERT.
dcf at torproject.org
dcf at torproject.org
Fri Nov 8 20:39:33 UTC 2013
commit eccf3f46188d2b60f93128ab76218f07e9965698
Author: David Fifield <david at bamsoftware.com>
Date: Fri Nov 8 12:32:13 2013 -0800
Rename PIN_GOOGLE_CERT to PIN_GOOGLE_CA_CERT.
I think this makes it more clear that this certificate belongs to a CA
(i.e., Equifax), not to Google.
---
flashproxy-reg-appspot | 4 ++--
flashproxy-reg-email | 4 ++--
flashproxy/keys.py | 2 +-
flashproxy/test/test_keys.py | 6 +++---
4 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/flashproxy-reg-appspot b/flashproxy-reg-appspot
index a261f10..884c112 100755
--- a/flashproxy-reg-appspot
+++ b/flashproxy-reg-appspot
@@ -13,7 +13,7 @@ import tempfile
import urlparse
import urllib2
-from flashproxy.keys import PIN_GOOGLE_CERT, PIN_GOOGLE_PUBKEY_SHA1, check_certificate_pin, temp_cert
+from flashproxy.keys import PIN_GOOGLE_CA_CERT, PIN_GOOGLE_PUBKEY_SHA1, check_certificate_pin, temp_cert
from flashproxy.util import parse_addr_spec, format_addr
try:
@@ -141,7 +141,7 @@ class PinHTTPSConnection(httplib.HTTPSConnection):
ctx = SSL.Context("tlsv1")
ctx.set_verify(SSL.verify_peer, 3)
- with temp_cert(PIN_GOOGLE_CERT) as ca_file:
+ with temp_cert(PIN_GOOGLE_CA_CERT) as ca_file:
ret = ctx.load_verify_locations(ca_file.name)
assert ret == 1
diff --git a/flashproxy-reg-email b/flashproxy-reg-email
index 4f4599c..fa08d9f 100755
--- a/flashproxy-reg-email
+++ b/flashproxy-reg-email
@@ -11,7 +11,7 @@ import sys
import tempfile
import urllib
-from flashproxy.keys import PIN_GOOGLE_CERT, PIN_GOOGLE_PUBKEY_SHA1, DEFAULT_FACILITATOR_PUBKEY_PEM, check_certificate_pin, temp_cert
+from flashproxy.keys import PIN_GOOGLE_CA_CERT, PIN_GOOGLE_PUBKEY_SHA1, DEFAULT_FACILITATOR_PUBKEY_PEM, check_certificate_pin, temp_cert
from flashproxy.util import parse_addr_spec, format_addr
try:
@@ -184,7 +184,7 @@ try:
ctx = SSL.Context("tlsv1")
ctx.set_verify(SSL.verify_peer, 3)
- with temp_cert(PIN_GOOGLE_CERT) as ca_file:
+ with temp_cert(PIN_GOOGLE_CA_CERT) as ca_file:
# We roll our own initial EHLO/STARTTLS because smtplib.SMTP.starttls
# doesn't allow enough certificate validation.
code, msg = smtp.docmd("EHLO", EHLO_FQDN)
diff --git a/flashproxy/keys.py b/flashproxy/keys.py
index 5b4b9fa..28b4406 100644
--- a/flashproxy/keys.py
+++ b/flashproxy/keys.py
@@ -7,7 +7,7 @@ from hashlib import sha1
# To find the certificate to copy here,
# $ strace openssl s_client -connect FRONT_DOMAIN:443 -verify 10 -CApath /etc/ssl/certs 2>&1 | grep /etc/ssl/certs
# stat("/etc/ssl/certs/XXXXXXXX.0", {st_mode=S_IFREG|0644, st_size=YYYY, ...}) = 0
-PIN_GOOGLE_CERT = """\
+PIN_GOOGLE_CA_CERT = """\
subject=/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
issuer=/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
-----BEGIN CERTIFICATE-----
diff --git a/flashproxy/test/test_keys.py b/flashproxy/test/test_keys.py
index 4488118..00b82a7 100644
--- a/flashproxy/test/test_keys.py
+++ b/flashproxy/test/test_keys.py
@@ -1,12 +1,12 @@
import os.path
import unittest
-from flashproxy.keys import PIN_GOOGLE_CERT, PIN_GOOGLE_PUBKEY_SHA1, check_certificate_pin, temp_cert
+from flashproxy.keys import PIN_GOOGLE_CA_CERT, PIN_GOOGLE_PUBKEY_SHA1, check_certificate_pin, temp_cert
class TempCertTest(unittest.TestCase):
def test_temp_cert_success(self):
fn = None
- with temp_cert(PIN_GOOGLE_CERT) as ca_file:
+ with temp_cert(PIN_GOOGLE_CA_CERT) as ca_file:
fn = ca_file.name
self.assertTrue(os.path.exists(fn))
self.assertFalse(os.path.exists(fn))
@@ -14,7 +14,7 @@ class TempCertTest(unittest.TestCase):
def test_temp_cert_raise(self):
fn = None
try:
- with temp_cert(PIN_GOOGLE_CERT) as ca_file:
+ with temp_cert(PIN_GOOGLE_CA_CERT) as ca_file:
fn = ca_file.name
raise ValueError()
self.fail()
More information about the tor-commits
mailing list