s/SSL/TLS/g (almost)

SSL is the old/outdated name. Since 1999, it's called TLS.

In this changeset, I did the mostly harmless changes (UI, logs, docs).

README.rst

@@ -44,10 +44,10 @@ Features
   accounts - everything supported by python-social-auth package)
 * Manual IP updates via web interface
 * Browser-based update client for temporary/adhoc usage
-* Shows time since last update via api, whether it used SSL or not
+* Shows time since last update via api, whether it used TLS or not
 * Shows v4 and v6 IP addresses (from master nameserver records)
 * Shows client / server fault counters, available and abuse flags
-* Supports IP v4 and v6, SSL.
+* Supports IP v4 and v6, TLS.
 * Easy and simple web interface, it tries to actively help to configure
   routers / update clients / nameservers.
 * Made with security and privacy in mind

conftest.py

@@ -28,7 +28,7 @@ PASSWORD = 'pass'
 HOSTNAME = 'nsupdate-ddns-client-unittest.' + BASEDOMAIN
 _PASSWORD = 'yUTvxjRwNu'  # no problem, is only used for this unit test
 SERVER = 'ipv4.' + BASEDOMAIN
-SECURE = False  # SSL/SNI support on python 2.x sucks :(
+SECURE = False  # TLS/SNI support on python 2.x sucks :(
 
 from django.utils.translation import activate
 

docs/security.rst

@@ -22,7 +22,7 @@ For the router / update client configuration examples we show when creating a
 update secret, we use update URLs with https: (and we also tell why it might
 not work).
 
-On the hosts overview page, we show whether we received the last update via SSL.
+On the hosts overview page, we show whether we received the last update via TLS.
 
 
 Login with remote vs. local Account
@@ -109,8 +109,8 @@ Other Services Update Secret (dyndns2 client)
 We need to store this secret "as is" into the database for the same reasons as
 outlined above.
 
-But: we tell you in the services overview whether we'll use SSL to transmit the
+But: we tell you in the services overview whether we'll use TLS to transmit the
-update, so at least if SSL is enabled, it won't go unencrypted over the wire.
+update, so at least if TLS is enabled, it won't go unencrypted over the wire.
 
 
 CSRF protection

nsupdate/api/views.py

@@ -307,7 +307,7 @@ def _update(host, hostname, ipaddr, ssl=False, logger=None):
     :param host: host object
     :param hostname: hostname (fqdn)
     :param ipaddr: new ip addr (v4 or v6)
-    :param ssl: True if we use SSL/https
+    :param ssl: True if we use TLS/https
     :param logger: a logger object
     :return: Response object with dyndns2 response
     """
@@ -331,7 +331,7 @@ def _update(host, hostname, ipaddr, ssl=False, logger=None):
     host.poke(kind, ssl)
     try:
         update(hostname, ipaddr)
-        logger.info('%s - received good update -> ip: %s ssl: %r' % (hostname, ipaddr, ssl))
+        logger.info('%s - received good update -> ip: %s tls: %r' % (hostname, ipaddr, ssl))
         # now check if there are other services we shall relay updates to:
         for hc in host.serviceupdaterhostconfigs.all():
             if (kind == 'ipv4' and hc.give_ipv4 and hc.service.accept_ipv4
@@ -350,12 +350,12 @@ def _update(host, hostname, ipaddr, ssl=False, logger=None):
                     logger.exception("the dyndns2 updater raised an exception [%r]" % kwargs)
         return Response('good %s' % ipaddr)
     except SameIpError:
-        logger.warning('%s - received no-change update, ip: %s ssl: %r' % (hostname, ipaddr, ssl))
+        logger.warning('%s - received no-change update, ip: %s tls: %r' % (hostname, ipaddr, ssl))
         host.register_client_fault()
         return Response('nochg %s' % ipaddr)
     except (DnsUpdateError, NameServerNotAvailable) as e:
         msg = str(e)
-        logger.error('%s - received update that resulted in a dns error [%s], ip: %s ssl: %r' % (
+        logger.error('%s - received update that resulted in a dns error [%s], ip: %s tls: %r' % (
                      hostname, msg, ipaddr, ssl))
         host.register_server_fault()
         return Response('dnserr')
@@ -368,7 +368,7 @@ def _delete(host, hostname, ipaddr, ssl=False, logger=None):
     :param host: host object
     :param hostname: hostname (fqdn)
     :param ipaddr: ip addr (to determine record type A or AAAA)
-    :param ssl: True if we use SSL/https
+    :param ssl: True if we use TLS/https
     :param logger: a logger object
     :return: Response object with dyndns2 response
     """
@@ -394,12 +394,12 @@ def _delete(host, hostname, ipaddr, ssl=False, logger=None):
     try:
         rdtype = 'A' if kind == 'ipv4' else 'AAAA'
         delete(hostname, rdtype)
-        logger.info('%s - received delete for record %s, ssl: %r' % (hostname, rdtype, ssl))
+        logger.info('%s - received delete for record %s, tls: %r' % (hostname, rdtype, ssl))
         # XXX unclear what to do for "other services" we relay updates to
         return Response('deleted %s' % rdtype)
     except (DnsUpdateError, NameServerNotAvailable) as e:
         msg = str(e)
-        logger.error('%s - received delete for record %s that resulted in a dns error [%s], ssl: %r' % (
+        logger.error('%s - received delete for record %s that resulted in a dns error [%s], tls: %r' % (
                      hostname, rdtype, msg, ssl))
         host.register_server_fault()
         return Response('dnserr')

nsupdate/main/models.py

@@ -234,7 +234,7 @@ class Host(models.Model):
     def generate_secret(self, secret=None):
         # note: we use a quick hasher for the update_secret as expensive
         # more modern hashes might put too much load on the servers. also
-        # many update clients might use http without ssl, so it is not too
+        # many update clients might use http without tls, so it is not too
         # secure anyway.
         if secret is None:
             user_model = get_user_model()
@@ -278,7 +278,7 @@ class ServiceUpdater(models.Model):
         help_text="Update Server URL path of this service")
     secure = models.BooleanField(
         default=True,
-        help_text="Use https / SSL to contact the Update Server?")
+        help_text="Use https / TLS to contact the Update Server?")
 
     # what kind(s) of IPs is (are) acceptable to this service:
     accept_ipv4 = models.BooleanField(default=False)

nsupdate/main/templates/main/overview.html

@@ -35,7 +35,7 @@
                         ({{ host.last_update_ipv4|timesince }},
                          {% if not host.ssl_update_ipv4 %}
                          <span class="label label-warning">no {% else %}
-                         <span class="label label-success">{% endif %}SSL</span>)
+                         <span class="label label-success">{% endif %}TLS</span>)
                         {% else %}
                         (unknown)
                         {% endif %}
@@ -46,7 +46,7 @@
                         ({{ host.last_update_ipv6|timesince }},
                          {% if not host.ssl_update_ipv6 %}
                          <span class="label label-warning">no {% else %}
-                         <span class="label label-success">{% endif %}SSL</span>)
+                         <span class="label label-success">{% endif %}TLS</span>)
                         {% else %}
                         (unknown)
                         {% endif %}

nsupdate/main/templates/main/status.html

@@ -21,13 +21,13 @@
                 <dd>{{ hosts_total }}</dd>
                 <dt>Unavailable / Abuse / Abuse-Blocked:</dt>
                 <dd>{{ hosts_unavailable }} / {{ hosts_abuse }} / {{ hosts_abuse_blocked }}</dd>
-                <dt>ip v4 (ssl) / v6 (ssl) updated last 2d:</dt>
+                <dt>ip v4 (tls) / v6 (tls) updated last 2d:</dt>
                 <dd>{{ hosts_ipv4_2d }} ({{ hosts_ipv4_ssl_2d }}) / {{ hosts_ipv6_2d }} ({{ hosts_ipv6_ssl_2d }})</dd>
-                <dt>ip v4 (ssl) / v6 (ssl) updated last 2w:</dt>
+                <dt>ip v4 (tls) / v6 (tls) updated last 2w:</dt>
                 <dd>{{ hosts_ipv4_2w }} ({{ hosts_ipv4_ssl_2w }}) / {{ hosts_ipv6_2w }} ({{ hosts_ipv6_ssl_2w }})</dd>
-                <dt>ip v4 (ssl) / v6 (ssl) updated last 2m:</dt>
+                <dt>ip v4 (tls) / v6 (tls) updated last 2m:</dt>
                 <dd>{{ hosts_ipv4_2m }} ({{ hosts_ipv4_ssl_2m }}) / {{ hosts_ipv6_2m }} ({{ hosts_ipv6_ssl_2m }})</dd>
-                <dt>ip v4 (ssl) / v6 (ssl) updated last 2y:</dt>
+                <dt>ip v4 (tls) / v6 (tls) updated last 2y:</dt>
                 <dd>{{ hosts_ipv4_2y }} ({{ hosts_ipv4_ssl_2y }}) / {{ hosts_ipv6_2y }} ({{ hosts_ipv6_ssl_2y }})</dd>
             </dl>
         </div>

nsupdate/main/templates/main/updater_hostconfig_overview.html

@@ -17,7 +17,7 @@
             </thead>
             {% for uc in updater_configs %}
                 <tr>
-                    <td>{{ uc.service.name }} (SSL: {{ uc.service.secure|yesno }})</td>
+                    <td>{{ uc.service.name }} (TLS: {{ uc.service.secure|yesno }})</td>
                     <td><a href="{% url 'updater_hostconfig' uc.pk %}">{{ uc.hostname }}</a></td>
                     <td>{{ uc.give_ipv4|yesno }}</td>
                     <td>{{ uc.give_ipv6|yesno }}</td>

nsupdate/utils/_tests/test_ddns_client.py

@@ -12,7 +12,7 @@ HOSTNAME = 'nsupdate-ddns-client-unittest.' + BASEDOMAIN
 INVALID_HOSTNAME = 'nsupdate-ddns-client-nohost.' + BASEDOMAIN
 USER, PASSWORD = HOSTNAME, 'yUTvxjRwNu'  # no problem, is only used for this unit test
 SERVER = 'ipv4.' + BASEDOMAIN
-SECURE = False  # SSL/SNI support on python 2.x sucks :(
+SECURE = False  # TLS/SNI support on python 2.x sucks :(
 
 
 class TestDynDns2Client(object):

nsupdate/utils/ddns_client.py

@@ -24,7 +24,7 @@ def dyndns2_update(name, password,
     :param hostname: hostname we want to update
     :param myip: the new ip address for hostname
     :param path: url path (default: '/nic/update')
-    :param secure: whether to use ssl for the request (default: True)
+    :param secure: whether to use tls for the request (default: True)
                    note: if you use secure=False, it will transmit
                    the given data unencrypted.
     :param timeout: how long to wait until response has to begin