From c045607b39219fe3b71d1cc80a2bd85b2af5666d Mon Sep 17 00:00:00 2001
From: Noah Laptop <noah@koontzs.com>
Date: Fri, 10 Jan 2020 17:04:37 -0800
Subject: [PATCH] Clarification edits for trust anchor generation

---
 TrustAnchors.md                        | 6 +++---
 tools/pycert_bearssl/pycert_bearssl.py | 8 ++++----
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/TrustAnchors.md b/TrustAnchors.md
index 05cfa30..f9b7eb6 100644
--- a/TrustAnchors.md
+++ b/TrustAnchors.md
@@ -43,11 +43,11 @@ A full example of a trust anchor header can be found in [this file](./readme/cer
 For HTTPS, there a couple of tools you can use. Ordered from easiest to hardest:
 * [This website, written to simplify the creation of trust anchor headers](https://openslab-osu.github.io/bearssl-certificate-utility/). Simply plug and play.
 * [pycert_bearssl](./tools/pycert_bearssl/pycert_bearssl.py), a command line utility based on a [pycert](https://learn.adafruit.com/introducing-the-adafruit-wiced-feather-wifi/pycert-dot-py). You will need to install Python 3, and follow the instructions in the [pycert_bearssl.py file](./tools/pycert_bearssl/pycert_bearssl.py). You'll want to use the `pycert_bearssl.py download` command once the utility is set up.
-* The brssl command line utility, included in the [BearSSL source](https://bearssl.org/gitweb/?p=BearSSL;a=blob_plain;f=tools/brssl.h;hb=HEAD). You will need to compile this file yourself.
+* The `brssl` command line utility, included in the [BearSSL source](https://bearssl.org/gitweb/?p=BearSSL;a=blob_plain;f=tools/brssl.h;hb=HEAD). You will need to compile this file yourself.
 
 ### Other Connections
 
-For other kinds of SSL connections, you will need to find the root certificate being used by your host. You can check out [this StackExchange post](https://superuser.com/questions/97201/how-to-save-a-remote-server-ssl-certificate-locally-as-a-file) for numerous methods of acquiring this certificate from a server. If these methods are not sufficient, you may need to request this certificate from your network administrator. Once you have the certificate, convert it to PEM format if needed (I use [this website](https://www.sslshopper.com/ssl-converter.html)), and use the `pycert_bearssl.py convert` command to convert the certificate into a trust anchor header.
+For other kinds of SSL connections, you will need to find the root certificate being used by your host. You can check out [this StackExchange post](https://superuser.com/questions/97201/how-to-save-a-remote-server-ssl-certificate-locally-as-a-file) for numerous methods of acquiring this certificate from a server. If these methods are not sufficient, you may need to request this certificate from your network administrator. Once you have the certificate, convert it to PEM format if needed (I use [this website](https://www.sslshopper.com/ssl-converter.html)), and use the `pycert_bearssl.py convet --no-search` command to convert the certificate into a trust anchor header.
 
 ## Using Trust Anchors
 
@@ -55,7 +55,7 @@ Once you've generated a trust anchor array, add it to your Arduino sketch using
 ```C++
 #include "yourtrustanchorfile.h"
 // ...
-SSLClient client(SomeClient, TAs, (size_t)TAs_NUM, SomePin);
+SSLClient<SomeClientType> client(SomeClient, TAs, (size_t)TAs_NUM, SomePin);
 // ...
 ```
 Where `yourtrustanchorfile.h` contains a generated trust anchor array names `TAs`, with length `TAs_NUM`. BearSSL will now automatically use these trust anchors when `SSLClient::connect` is called.
\ No newline at end of file
diff --git a/tools/pycert_bearssl/pycert_bearssl.py b/tools/pycert_bearssl/pycert_bearssl.py
index 392838e..475c59c 100644
--- a/tools/pycert_bearssl/pycert_bearssl.py
+++ b/tools/pycert_bearssl/pycert_bearssl.py
@@ -69,7 +69,7 @@ def download(port, cert_var, cert_length_var, output, use_store, keep_dupes, dom
     Note that the certificates will be validated before they are downloaded!
     """
     # if array is emptey, exit
-    if len(domain) is 0:
+    if len(domain) == 0:
       return
     # prepare the root certificate store
     cert_obj_store = cert_util.parse_root_certificate_store(use_store)
@@ -100,8 +100,8 @@ def download(port, cert_var, cert_length_var, output, use_store, keep_dupes, dom
               help='the location of the .pem file containing a list of trusted root certificates (default: use certifi.where())')
 @click.option('--keep-dupes', '-d', is_flag=True, default=False,
               help='write all certs including any duplicates (default: remove duplicates)')
-@click.option('--no-verify', '-n', is_flag=True, default=False,
-              help='Do not attempt to match a root certificate to the provided PEM files')
+@click.option('--no-search', '-n', is_flag=True, default=False,
+              help='Do not attempt to search for a root certificate to the provided PEM files, instead treat the PEM files as the root certificates')
 @click.argument('cert', type=click.File('r'), nargs=-1)
 def convert(cert_var, cert_length_var, output, use_store, keep_dupes, no_verify, cert):
     """Convert PEM certificates into a C header that can be imported into a
@@ -117,7 +117,7 @@ def convert(cert_var, cert_length_var, output, use_store, keep_dupes, no_verify,
       pycert convert foo.pem bar.pem
     """
     # if array is emptey, exit
-    if len(cert) is 0:
+    if len(cert) == 0:
       return
     # prepare root certificate store
     cert_obj_store = cert_util.parse_root_certificate_store(use_store)