Rename pinned_ca_cert_hash to ssl_fingerprint

puddly · puddly · commit c333bb43fc18 · 2026-03-07T10:32:00.000-05:00
diff --git a/README.md b/README.md
@@ -118,7 +118,7 @@ fingerprint = await async_fetch_remote_fingerprint("https://kvm.local/api/")
 # Then connect with the pinned fingerprint
 async with NanoKVMClient(
     "https://kvm.local/api/",
-    pinned_ca_cert_hash=fingerprint,
+    ssl_fingerprint=fingerprint,
 ) as client:
     await client.authenticate("username", "password")
 ```
diff --git a/nanokvm/client.py b/nanokvm/client.py
@@ -126,7 +126,7 @@ def __init__(
         session: ClientSession | None = None,
         verify_ssl: bool = True,
         ssl_ca_cert: str | None = None,
-        pinned_ca_cert_hash: str | None = None,
+        ssl_fingerprint: str | None = None,
         use_password_obfuscation: bool | None = None,
     ) -> None:
         """
@@ -141,7 +141,7 @@ def __init__(
                 Set to False to disable verification for self-signed certificates.
             ssl_ca_cert: Path to custom CA certificate bundle file for SSL verification.
                 Useful for self-signed certificates or private CAs.
-            pinned_ca_cert_hash: SHA-256 fingerprint of the server's TLS certificate
+            ssl_fingerprint: SHA-256 fingerprint of the server's TLS certificate
                 as a hex string. When set, the client will verify the server's
                 certificate fingerprint instead of performing CA-based verification.
                 Use `async_fetch_remote_fingerprint()` to retrieve this value.
@@ -158,7 +158,7 @@ def __init__(
         self._ws: aiohttp.ClientWebSocketResponse | None = None
         self._verify_ssl = verify_ssl
         self._ssl_ca_cert = ssl_ca_cert
-        self._pinned_ca_cert_hash = pinned_ca_cert_hash
+        self._ssl_fingerprint = ssl_fingerprint
         self._use_password_obfuscation = use_password_obfuscation
         self._ssl_config: ssl.SSLContext | Fingerprint | bool | None = None
 
@@ -167,7 +167,7 @@ def _create_ssl_context(self) -> ssl.SSLContext | Fingerprint | bool:
         Create and configure SSL context based on initialization parameters.
 
         Returns:
-            Fingerprint: Certificate fingerprint pinning (when pinned_ca_cert_hash set)
+            Fingerprint: Certificate fingerprint pinning (when ssl_fingerprint set)
             ssl.SSLContext: Configured SSL context for custom certificates
             True: Use default SSL verification (aiohttp default)
             False: Disable SSL verification
@@ -177,9 +177,9 @@ def _create_ssl_context(self) -> ssl.SSLContext | Fingerprint | bool:
             ssl.SSLError: If the CA certificate is invalid.
         """
 
-        if self._pinned_ca_cert_hash:
+        if self._ssl_fingerprint:
             _LOGGER.debug("Using certificate fingerprint pinning")
-            return Fingerprint(bytes.fromhex(self._pinned_ca_cert_hash))
+            return Fingerprint(bytes.fromhex(self._ssl_fingerprint))
 
         if not self._verify_ssl:
             _LOGGER.warning(
diff --git a/nanokvm/utils.py b/nanokvm/utils.py
@@ -53,7 +53,7 @@ async def async_fetch_remote_fingerprint(url: str) -> str:
     then returns its SHA-256 hash as an uppercase hex string.
 
     This is useful for establishing an initial trust-on-first-use pin with
-    `NanoKVMClient(url, pinned_ca_cert_hash=...)`.
+    `NanoKVMClient(url, ssl_fingerprint=...)`.
     """
     parsed_url = urllib.parse.urlparse(url)
     hostname = parsed_url.hostname
diff --git a/tests/test_certificate_pinning.py b/tests/test_certificate_pinning.py
@@ -165,7 +165,7 @@ async def test_certificate_pinning(nanokvm_https_server: str) -> None:
     # Step 3: pinned fingerprint allows the connection to succeed
     async with NanoKVMClient(
         url,
-        pinned_ca_cert_hash=fingerprint,
+        ssl_fingerprint=fingerprint,
         use_password_obfuscation=False,
     ) as client:
         await client.authenticate("admin", "test")
@@ -178,7 +178,7 @@ async def test_certificate_pinning_wrong_hash(nanokvm_https_server: str) -> None
 
     async with NanoKVMClient(
         url,
-        pinned_ca_cert_hash="AB" * 32,
+        ssl_fingerprint="AB" * 32,
         use_password_obfuscation=False,
     ) as client:
         with pytest.raises(aiohttp.ServerFingerprintMismatch):
