From 46008bf2cdd47f01ac40c252ce826215884946bb Mon Sep 17 00:00:00 2001 From: Thomas Waldmann Date: Fri, 30 May 2014 01:10:33 +0200 Subject: [PATCH] s/SSL/TLS/g (almost) SSL is the old/outdated name. Since 1999, it's called TLS. In this changeset, I did the mostly harmless changes (UI, logs, docs). --- README.rst | 4 ++-- conftest.py | 2 +- docs/security.rst | 6 +++--- nsupdate/api/views.py | 14 +++++++------- nsupdate/main/models.py | 4 ++-- nsupdate/main/templates/main/overview.html | 4 ++-- nsupdate/main/templates/main/status.html | 8 ++++---- .../main/updater_hostconfig_overview.html | 2 +- nsupdate/utils/_tests/test_ddns_client.py | 2 +- nsupdate/utils/ddns_client.py | 2 +- 10 files changed, 24 insertions(+), 24 deletions(-) diff --git a/README.rst b/README.rst index 4da9a63..ab966de 100644 --- a/README.rst +++ b/README.rst @@ -44,10 +44,10 @@ Features accounts - everything supported by python-social-auth package) * Manual IP updates via web interface * Browser-based update client for temporary/adhoc usage -* Shows time since last update via api, whether it used SSL or not +* Shows time since last update via api, whether it used TLS or not * Shows v4 and v6 IP addresses (from master nameserver records) * Shows client / server fault counters, available and abuse flags -* Supports IP v4 and v6, SSL. +* Supports IP v4 and v6, TLS. * Easy and simple web interface, it tries to actively help to configure routers / update clients / nameservers. * Made with security and privacy in mind diff --git a/conftest.py b/conftest.py index 538bc2d..a02f7a1 100644 --- a/conftest.py +++ b/conftest.py @@ -28,7 +28,7 @@ PASSWORD = 'pass' HOSTNAME = 'nsupdate-ddns-client-unittest.' + BASEDOMAIN _PASSWORD = 'yUTvxjRwNu' # no problem, is only used for this unit test SERVER = 'ipv4.' + BASEDOMAIN -SECURE = False # SSL/SNI support on python 2.x sucks :( +SECURE = False # TLS/SNI support on python 2.x sucks :( from django.utils.translation import activate diff --git a/docs/security.rst b/docs/security.rst index 3c024fa..16ce29b 100644 --- a/docs/security.rst +++ b/docs/security.rst @@ -22,7 +22,7 @@ For the router / update client configuration examples we show when creating a update secret, we use update URLs with https: (and we also tell why it might not work). -On the hosts overview page, we show whether we received the last update via SSL. +On the hosts overview page, we show whether we received the last update via TLS. Login with remote vs. local Account @@ -109,8 +109,8 @@ Other Services Update Secret (dyndns2 client) We need to store this secret "as is" into the database for the same reasons as outlined above. -But: we tell you in the services overview whether we'll use SSL to transmit the -update, so at least if SSL is enabled, it won't go unencrypted over the wire. +But: we tell you in the services overview whether we'll use TLS to transmit the +update, so at least if TLS is enabled, it won't go unencrypted over the wire. CSRF protection diff --git a/nsupdate/api/views.py b/nsupdate/api/views.py index d791bd4..1277b89 100644 --- a/nsupdate/api/views.py +++ b/nsupdate/api/views.py @@ -307,7 +307,7 @@ def _update(host, hostname, ipaddr, ssl=False, logger=None): :param host: host object :param hostname: hostname (fqdn) :param ipaddr: new ip addr (v4 or v6) - :param ssl: True if we use SSL/https + :param ssl: True if we use TLS/https :param logger: a logger object :return: Response object with dyndns2 response """ @@ -331,7 +331,7 @@ def _update(host, hostname, ipaddr, ssl=False, logger=None): host.poke(kind, ssl) try: update(hostname, ipaddr) - logger.info('%s - received good update -> ip: %s ssl: %r' % (hostname, ipaddr, ssl)) + logger.info('%s - received good update -> ip: %s tls: %r' % (hostname, ipaddr, ssl)) # now check if there are other services we shall relay updates to: for hc in host.serviceupdaterhostconfigs.all(): if (kind == 'ipv4' and hc.give_ipv4 and hc.service.accept_ipv4 @@ -350,12 +350,12 @@ def _update(host, hostname, ipaddr, ssl=False, logger=None): logger.exception("the dyndns2 updater raised an exception [%r]" % kwargs) return Response('good %s' % ipaddr) except SameIpError: - logger.warning('%s - received no-change update, ip: %s ssl: %r' % (hostname, ipaddr, ssl)) + logger.warning('%s - received no-change update, ip: %s tls: %r' % (hostname, ipaddr, ssl)) host.register_client_fault() return Response('nochg %s' % ipaddr) except (DnsUpdateError, NameServerNotAvailable) as e: msg = str(e) - logger.error('%s - received update that resulted in a dns error [%s], ip: %s ssl: %r' % ( + logger.error('%s - received update that resulted in a dns error [%s], ip: %s tls: %r' % ( hostname, msg, ipaddr, ssl)) host.register_server_fault() return Response('dnserr') @@ -368,7 +368,7 @@ def _delete(host, hostname, ipaddr, ssl=False, logger=None): :param host: host object :param hostname: hostname (fqdn) :param ipaddr: ip addr (to determine record type A or AAAA) - :param ssl: True if we use SSL/https + :param ssl: True if we use TLS/https :param logger: a logger object :return: Response object with dyndns2 response """ @@ -394,12 +394,12 @@ def _delete(host, hostname, ipaddr, ssl=False, logger=None): try: rdtype = 'A' if kind == 'ipv4' else 'AAAA' delete(hostname, rdtype) - logger.info('%s - received delete for record %s, ssl: %r' % (hostname, rdtype, ssl)) + logger.info('%s - received delete for record %s, tls: %r' % (hostname, rdtype, ssl)) # XXX unclear what to do for "other services" we relay updates to return Response('deleted %s' % rdtype) except (DnsUpdateError, NameServerNotAvailable) as e: msg = str(e) - logger.error('%s - received delete for record %s that resulted in a dns error [%s], ssl: %r' % ( + logger.error('%s - received delete for record %s that resulted in a dns error [%s], tls: %r' % ( hostname, rdtype, msg, ssl)) host.register_server_fault() return Response('dnserr') diff --git a/nsupdate/main/models.py b/nsupdate/main/models.py index 5ca243e..cc67b87 100644 --- a/nsupdate/main/models.py +++ b/nsupdate/main/models.py @@ -234,7 +234,7 @@ class Host(models.Model): def generate_secret(self, secret=None): # note: we use a quick hasher for the update_secret as expensive # more modern hashes might put too much load on the servers. also - # many update clients might use http without ssl, so it is not too + # many update clients might use http without tls, so it is not too # secure anyway. if secret is None: user_model = get_user_model() @@ -278,7 +278,7 @@ class ServiceUpdater(models.Model): help_text="Update Server URL path of this service") secure = models.BooleanField( default=True, - help_text="Use https / SSL to contact the Update Server?") + help_text="Use https / TLS to contact the Update Server?") # what kind(s) of IPs is (are) acceptable to this service: accept_ipv4 = models.BooleanField(default=False) diff --git a/nsupdate/main/templates/main/overview.html b/nsupdate/main/templates/main/overview.html index eb4bc0e..9e29f03 100644 --- a/nsupdate/main/templates/main/overview.html +++ b/nsupdate/main/templates/main/overview.html @@ -35,7 +35,7 @@ ({{ host.last_update_ipv4|timesince }}, {% if not host.ssl_update_ipv4 %} no {% else %} - {% endif %}SSL) + {% endif %}TLS) {% else %} (unknown) {% endif %} @@ -46,7 +46,7 @@ ({{ host.last_update_ipv6|timesince }}, {% if not host.ssl_update_ipv6 %} no {% else %} - {% endif %}SSL) + {% endif %}TLS) {% else %} (unknown) {% endif %} diff --git a/nsupdate/main/templates/main/status.html b/nsupdate/main/templates/main/status.html index 5dc8539..e91e6da 100644 --- a/nsupdate/main/templates/main/status.html +++ b/nsupdate/main/templates/main/status.html @@ -21,13 +21,13 @@
{{ hosts_total }}
Unavailable / Abuse / Abuse-Blocked:
{{ hosts_unavailable }} / {{ hosts_abuse }} / {{ hosts_abuse_blocked }}
-
ip v4 (ssl) / v6 (ssl) updated last 2d:
+
ip v4 (tls) / v6 (tls) updated last 2d:
{{ hosts_ipv4_2d }} ({{ hosts_ipv4_ssl_2d }}) / {{ hosts_ipv6_2d }} ({{ hosts_ipv6_ssl_2d }})
-
ip v4 (ssl) / v6 (ssl) updated last 2w:
+
ip v4 (tls) / v6 (tls) updated last 2w:
{{ hosts_ipv4_2w }} ({{ hosts_ipv4_ssl_2w }}) / {{ hosts_ipv6_2w }} ({{ hosts_ipv6_ssl_2w }})
-
ip v4 (ssl) / v6 (ssl) updated last 2m:
+
ip v4 (tls) / v6 (tls) updated last 2m:
{{ hosts_ipv4_2m }} ({{ hosts_ipv4_ssl_2m }}) / {{ hosts_ipv6_2m }} ({{ hosts_ipv6_ssl_2m }})
-
ip v4 (ssl) / v6 (ssl) updated last 2y:
+
ip v4 (tls) / v6 (tls) updated last 2y:
{{ hosts_ipv4_2y }} ({{ hosts_ipv4_ssl_2y }}) / {{ hosts_ipv6_2y }} ({{ hosts_ipv6_ssl_2y }})
diff --git a/nsupdate/main/templates/main/updater_hostconfig_overview.html b/nsupdate/main/templates/main/updater_hostconfig_overview.html index 1fd109b..6ff4eb8 100644 --- a/nsupdate/main/templates/main/updater_hostconfig_overview.html +++ b/nsupdate/main/templates/main/updater_hostconfig_overview.html @@ -17,7 +17,7 @@ {% for uc in updater_configs %} - {{ uc.service.name }} (SSL: {{ uc.service.secure|yesno }}) + {{ uc.service.name }} (TLS: {{ uc.service.secure|yesno }}) {{ uc.hostname }} {{ uc.give_ipv4|yesno }} {{ uc.give_ipv6|yesno }} diff --git a/nsupdate/utils/_tests/test_ddns_client.py b/nsupdate/utils/_tests/test_ddns_client.py index a51340d..4d07198 100644 --- a/nsupdate/utils/_tests/test_ddns_client.py +++ b/nsupdate/utils/_tests/test_ddns_client.py @@ -12,7 +12,7 @@ HOSTNAME = 'nsupdate-ddns-client-unittest.' + BASEDOMAIN INVALID_HOSTNAME = 'nsupdate-ddns-client-nohost.' + BASEDOMAIN USER, PASSWORD = HOSTNAME, 'yUTvxjRwNu' # no problem, is only used for this unit test SERVER = 'ipv4.' + BASEDOMAIN -SECURE = False # SSL/SNI support on python 2.x sucks :( +SECURE = False # TLS/SNI support on python 2.x sucks :( class TestDynDns2Client(object): diff --git a/nsupdate/utils/ddns_client.py b/nsupdate/utils/ddns_client.py index d90e9de..852aae9 100644 --- a/nsupdate/utils/ddns_client.py +++ b/nsupdate/utils/ddns_client.py @@ -24,7 +24,7 @@ def dyndns2_update(name, password, :param hostname: hostname we want to update :param myip: the new ip address for hostname :param path: url path (default: '/nic/update') - :param secure: whether to use ssl for the request (default: True) + :param secure: whether to use tls for the request (default: True) note: if you use secure=False, it will transmit the given data unencrypted. :param timeout: how long to wait until response has to begin