fix spelling in comments

api/certadd/insert.go

@@ -168,7 +168,7 @@ func (h *Handler) Handle(w http.ResponseWriter, r *http.Request) error {
 			return err
 		}
 
-		// We parse the OCSP repsonse in order to get the next
+		// We parse the OCSP response in order to get the next
 		// update time/expiry time
 		ocspParsed, err := stdocsp.ParseResponse(ocspResponse, nil)
 		if err != nil {

api/revoke/revoke.go

@@ -113,7 +113,7 @@ func (h *Handler) Handle(w http.ResponseWriter, r *http.Request) error {
 			return err
 		}
 
-		// We parse the OCSP repsonse in order to get the next
+		// We parse the OCSP response in order to get the next
 		// update time/expiry time
 		ocspParsed, err := stdocsp.ParseResponse(ocspResponse, nil)
 		if err != nil {

certdb/sql/sql_test.go

@@ -86,7 +86,7 @@ func testInsertCertificateAndGetCertificate(ta TestAccessor, t *testing.T) {
 
 	got := rets[0]
 
-	// relfection comparison with zero time objects are not stable as it seems
+	// reflection comparison with zero time objects are not stable as it seems
 	if want.Serial != got.Serial || want.Status != got.Status ||
 		want.AKI != got.AKI || !got.RevokedAt.IsZero() ||
 		want.PEM != got.PEM || !roughlySameTime(got.Expiry, expiry) {
@@ -132,7 +132,7 @@ func testInsertCertificateAndGetUnexpiredCertificate(ta TestAccessor, t *testing
 
 	got := rets[0]
 
-	// relfection comparison with zero time objects are not stable as it seems
+	// reflection comparison with zero time objects are not stable as it seems
 	if want.Serial != got.Serial || want.Status != got.Status ||
 		want.AKI != got.AKI || !got.RevokedAt.IsZero() ||
 		want.PEM != got.PEM || !roughlySameTime(got.Expiry, expiry) {
@@ -188,7 +188,7 @@ func testUpdateCertificateAndGetCertificate(ta TestAccessor, t *testing.T) {
 
 	got := rets[0]
 
-	// relfection comparison with zero time objects are not stable as it seems
+	// reflection comparison with zero time objects are not stable as it seems
 	if want.Serial != got.Serial || got.Status != "revoked" ||
 		want.AKI != got.AKI || got.RevokedAt.IsZero() ||
 		want.PEM != got.PEM {
@@ -202,7 +202,7 @@ func testUpdateCertificateAndGetCertificate(ta TestAccessor, t *testing.T) {
 
 	got = rets[0]
 
-	// relfection comparison with zero time objects are not stable as it seems
+	// reflection comparison with zero time objects are not stable as it seems
 	if want.Serial != got.Serial || got.Status != "revoked" ||
 		want.AKI != got.AKI || got.RevokedAt.IsZero() ||
 		want.PEM != got.PEM {
@@ -216,7 +216,7 @@ func testUpdateCertificateAndGetCertificate(ta TestAccessor, t *testing.T) {
 
 	got = rets[0]
 
-	// relfection comparison with zero time objects are not stable as it seems
+	// reflection comparison with zero time objects are not stable as it seems
 	if want.Serial != got.Serial || got.Status != "revoked" ||
 		want.AKI != got.AKI || got.RevokedAt.IsZero() ||
 		want.PEM != got.PEM {

cli/gencert/gencert_test.go

@@ -201,7 +201,7 @@ func TestBadGencertMain(t *testing.T) {
 
 	err = gencertMain([]string{"../testdata/nothing"}, cli.Config{})
 	if err == nil {
-		t.Fatal("Trying to read a non-existance file, should report error")
+		t.Fatal("Trying to read a non-existence file, should report error")
 	}
 
 	err = gencertMain([]string{"../testdata/csr.json"}, cli.Config{IsCA: true, CAKeyFile: "../../testdata/garbage.crt"})

cli/serve/serve.go

@@ -80,7 +80,7 @@ func v1APIPath(path string) string {
 }
 
 // httpBox implements http.FileSystem which allows the use of Box with a http.FileServer.
-// Atempting to Open an API endpoint will result in an error.
+// Attempting to Open an API endpoint will result in an error.
 type httpBox struct {
 	*rice.Box
 	redirects map[string]string

helpers/helpers.go

@@ -185,7 +185,7 @@ func HashAlgoString(alg x509.SignatureAlgorithm) string {
 	}
 }
 
-// EncodeCertificatesPEM encodes a number of x509 certficates to PEM
+// EncodeCertificatesPEM encodes a number of x509 certificates to PEM
 func EncodeCertificatesPEM(certs []*x509.Certificate) []byte {
 	var buffer bytes.Buffer
 	for _, cert := range certs {
@@ -198,7 +198,7 @@ func EncodeCertificatesPEM(certs []*x509.Certificate) []byte {
 	return buffer.Bytes()
 }
 
-// EncodeCertificatePEM encodes a single x509 certficates to PEM
+// EncodeCertificatePEM encodes a single x509 certificates to PEM
 func EncodeCertificatePEM(cert *x509.Certificate) []byte {
 	return EncodeCertificatesPEM([]*x509.Certificate{cert})
 }
@@ -408,7 +408,7 @@ func ParseCSR(in []byte) (csr *x509.CertificateRequest, rest []byte, err error)
 	return csr, rest, nil
 }
 
-// ParseCSRPEM parses a PEM-encoded certificiate signing request.
+// ParseCSRPEM parses a PEM-encoded certificate signing request.
 // It does not check the signature. This is useful for dumping data from a CSR
 // locally.
 func ParseCSRPEM(csrPEM []byte) (*x509.CertificateRequest, error) {

initca/initca.go

@@ -113,7 +113,7 @@ func NewFromPEM(req *csr.CertificateRequest, keyFile string) (cert, csrPEM []byt
 
 // RenewFromPEM re-creates a root certificate from the CA cert and key
 // files. The resulting root certificate will have the input CA certificate
-// as the template and have the same expiry length. E.g. the exsiting CA
+// as the template and have the same expiry length. E.g. the existing CA
 // is valid for a year from Jan 01 2015 to Jan 01 2016, the renewed certificate
 // will be valid from now and expire in one year as well.
 func RenewFromPEM(caFile, keyFile string) ([]byte, error) {
@@ -178,7 +178,7 @@ func NewFromSigner(req *csr.CertificateRequest, priv crypto.Signer) (cert, csrPE
 
 // RenewFromSigner re-creates a root certificate from the CA cert and crypto.Signer.
 // The resulting root certificate will have ca certificate
-// as the template and have the same expiry length. E.g. the exsiting CA
+// as the template and have the same expiry length. E.g. the existing CA
 // is valid for a year from Jan 01 2015 to Jan 01 2016, the renewed certificate
 // will be valid from now and expire in one year as well.
 func RenewFromSigner(ca *x509.Certificate, priv crypto.Signer) ([]byte, error) {

scan/connectivity.go

@@ -53,7 +53,7 @@ var (
 )
 
 func initOnCloudFlareScan() ([]*net.IPNet, error) {
-	// Propogate previous errors and don't attempt to re-download.
+	// Propagate previous errors and don't attempt to re-download.
 	if cfNetsErr != nil {
 		return nil, cfNetsErr
 	}

scan/tls_handshake.go

@@ -19,7 +19,7 @@ var TLSHandshake = &Family{
 	Description: "Scans for host's SSL/TLS version and cipher suite negotiation",
 	Scanners: map[string]*Scanner{
 		"CipherSuite": {
-			"Determines host's cipher suites accepted and prefered order",
+			"Determines host's cipher suites accepted and preferred order",
 			cipherSuiteScan,
 		},
 		"SigAlgs": {

transport/core/backoff_test.go

@@ -44,7 +44,7 @@ func TestSetup(t *testing.T) {
 	}
 }
 
-// Ensure that tries incremenets as expected.
+// Ensure that tries increments as expected.
 func TestTries(t *testing.T) {
 	b := NewWithoutJitter(5, 1)
 

transport/roots/system/root_darwin_test.go

@@ -58,6 +58,6 @@ func TestSystemRoots(t *testing.T) {
 	}
 
 	if have < want {
-		t.Errorf("insufficent overlap between cgo and non-cgo roots; want at least %d, have %d", want, have)
+		t.Errorf("insufficient overlap between cgo and non-cgo roots; want at least %d, have %d", want, have)
 	}
 }

ubiquity/ubiquity_platform.go

@@ -181,7 +181,7 @@ func UntrustedPlatforms(root *x509.Certificate) []string {
 	return ret
 }
 
-// CrossPlatformUbiquity returns a ubiquity score (persumably relecting the market share in percentage)
+// CrossPlatformUbiquity returns a ubiquity score (presumably relecting the market share in percentage)
 // based on whether the given chain can be verified with the different platforms' root certificate stores.
 func CrossPlatformUbiquity(chain []*x509.Certificate) int {
 	// There is no root store info, every chain is equal weighted as 0.

ubiquity/ubiquity_test.go

@@ -240,7 +240,7 @@ func TestPlatformKeyStoreUbiquity(t *testing.T) {
 	// load Platforms with test data
 	// "Macrosoft" has all three certs.
 	// "Godzilla" has two certs, cert1 and cert2.
-	// "Pinapple" has cert1.
+	// "Pineapple" has cert1.
 	// "Colorful" has no key store data, default to trust any cert
 	// All platforms support the same crypto suite.
 	platformA := Platform{Name: "MacroSoft", Weight: 100, HashAlgo: "SHA2", KeyAlgo: "ECDSA256", KeyStoreFile: "testdata/macrosoft.pem"}