summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJean-Paul Calderone <exarkun@divmod.com>2011-06-12 17:20:31 -0400
committerJean-Paul Calderone <exarkun@divmod.com>2011-06-12 17:20:31 -0400
commit0da7acc9079aeba61a764cb84b243e4742dae92d (patch)
tree95228a0bcac56023c8a82de8a8deff1af5fdaee5
parent9828f666f9eed90290093e962181d6065bb2017c (diff)
parentc27733339ba8f678479db744e75a994639cba61e (diff)
downloadpyopenssl-0da7acc9079aeba61a764cb84b243e4742dae92d.tar.gz
Catch up to trunk
Diffstat
-rw-r--r--COPYING515
-rw-r--r--ChangeLog65
-rw-r--r--LICENSE202
-rw-r--r--MANIFEST.in2
-rw-r--r--OpenSSL/__init__.py10
-rw-r--r--OpenSSL/crypto/crl.c17
-rw-r--r--OpenSSL/crypto/crypto.c17
-rw-r--r--OpenSSL/crypto/crypto.h19
-rw-r--r--OpenSSL/crypto/netscape_spki.c9
-rw-r--r--OpenSSL/crypto/netscape_spki.h3
-rw-r--r--OpenSSL/crypto/pkcs12.c37
-rw-r--r--OpenSSL/crypto/pkcs12.h4
-rw-r--r--OpenSSL/crypto/pkcs7.c6
-rw-r--r--OpenSSL/crypto/pkcs7.h4
-rw-r--r--OpenSSL/crypto/pkey.c11
-rw-r--r--OpenSSL/crypto/pkey.h6
-rw-r--r--OpenSSL/crypto/revoked.c3
-rw-r--r--OpenSSL/crypto/x509.c89
-rw-r--r--OpenSSL/crypto/x509.h4
-rw-r--r--OpenSSL/crypto/x509ext.c31
-rw-r--r--OpenSSL/crypto/x509ext.h4
-rw-r--r--OpenSSL/crypto/x509name.c33
-rw-r--r--OpenSSL/crypto/x509name.h4
-rw-r--r--OpenSSL/crypto/x509req.c11
-rw-r--r--OpenSSL/crypto/x509req.h4
-rw-r--r--OpenSSL/crypto/x509store.c6
-rw-r--r--OpenSSL/crypto/x509store.h4
-rw-r--r--OpenSSL/rand/rand.c7
-rwxr-xr-xOpenSSL/ssl/connection.c177
-rw-r--r--OpenSSL/ssl/connection.h4
-rw-r--r--OpenSSL/ssl/context.c103
-rw-r--r--OpenSSL/ssl/context.h5
-rw-r--r--OpenSSL/ssl/ssl.c80
-rw-r--r--OpenSSL/ssl/ssl.h4
-rw-r--r--OpenSSL/test/__init__.py3
-rw-r--r--OpenSSL/test/test_crypto.py211
-rw-r--r--OpenSSL/test/test_rand.py3
-rw-r--r--OpenSSL/test/test_ssl.py509
-rw-r--r--OpenSSL/test/util.py28
-rw-r--r--OpenSSL/tsafe.py2
-rw-r--r--OpenSSL/util.c5
-rw-r--r--OpenSSL/util.h8
-rw-r--r--OpenSSL/version.py7
-rw-r--r--PKG-INFO15
-rw-r--r--README26
-rw-r--r--doc/html/about.html2
-rw-r--r--doc/html/building-unix.html2
-rw-r--r--doc/html/building-windows.html2
-rw-r--r--doc/html/building.html6
-rw-r--r--doc/html/callbacks.html2
-rw-r--r--doc/html/contents.html26
-rw-r--r--doc/html/crl.html24
-rw-r--r--doc/html/exceptions.html2
-rw-r--r--doc/html/index.html44
-rw-r--r--doc/html/internals.html8
-rw-r--r--doc/html/intro.html6
-rw-r--r--doc/html/openssl-509ext.html22
-rw-r--r--doc/html/openssl-connection.html80
-rw-r--r--doc/html/openssl-context.html56
-rw-r--r--doc/html/openssl-crypto.html42
-rw-r--r--doc/html/openssl-netscape-spki.html28
-rw-r--r--doc/html/openssl-pkcs12.html36
-rw-r--r--doc/html/openssl-pkcs7.html28
-rw-r--r--doc/html/openssl-pkey.html24
-rw-r--r--doc/html/openssl-rand.html32
-rw-r--r--doc/html/openssl-ssl.html58
-rw-r--r--doc/html/openssl-x509.html89
-rw-r--r--doc/html/openssl-x509name.html38
-rw-r--r--doc/html/openssl-x509req.html32
-rw-r--r--doc/html/openssl-x509store.html20
-rw-r--r--doc/html/openssl.html38
-rw-r--r--doc/html/pyOpenSSL.how2
-rw-r--r--doc/html/pyOpenSSL.html44
-rw-r--r--doc/html/revoked.html28
-rw-r--r--doc/html/socket-methods.html2
-rw-r--r--doc/pyOpenSSL.ps1418
-rw-r--r--doc/pyOpenSSL.tex81
-rw-r--r--doc/pyOpenSSL.txt52
-rw-r--r--examples/certgen.py5
-rw-r--r--examples/simple/client.py5
-rw-r--r--examples/simple/server.py5
-rw-r--r--examples/sni/README19
-rw-r--r--examples/sni/another.invalid.crt17
-rw-r--r--examples/sni/another.invalid.key15
-rw-r--r--examples/sni/client.py35
-rw-r--r--examples/sni/example.invalid.crt17
-rw-r--r--examples/sni/example.invalid.key15
-rw-r--r--examples/sni/server.py64
-rw-r--r--leakcheck/context-info-callback.py3
-rw-r--r--leakcheck/context-passphrase-callback.py3
-rw-r--r--leakcheck/context-verify-callback.py3
-rw-r--r--leakcheck/crypto.py3
-rw-r--r--leakcheck/thread-crash.py3
-rwxr-xr-xsetup.py4
94 files changed, 3051 insertions, 1856 deletions
diff --git a/COPYING b/COPYING
deleted file mode 100644
index c4792dd..0000000
--- a/COPYING
+++ /dev/null
@@ -1,515 +0,0 @@
-
- GNU LESSER GENERAL PUBLIC LICENSE
- Version 2.1, February 1999
-
- Copyright (C) 1991, 1999 Free Software Foundation, Inc.
- 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- Everyone is permitted to copy and distribute verbatim copies
- of this license document, but changing it is not allowed.
-
-[This is the first released version of the Lesser GPL. It also counts
- as the successor of the GNU Library Public License, version 2, hence
- the version number 2.1.]
-
- Preamble
-
- The licenses for most software are designed to take away your
-freedom to share and change it. By contrast, the GNU General Public
-Licenses are intended to guarantee your freedom to share and change
-free software--to make sure the software is free for all its users.
-
- This license, the Lesser General Public License, applies to some
-specially designated software packages--typically libraries--of the
-Free Software Foundation and other authors who decide to use it. You
-can use it too, but we suggest you first think carefully about whether
-this license or the ordinary General Public License is the better
-strategy to use in any particular case, based on the explanations
-below.
-
- When we speak of free software, we are referring to freedom of use,
-not price. Our General Public Licenses are designed to make sure that
-you have the freedom to distribute copies of free software (and charge
-for this service if you wish); that you receive source code or can get
-it if you want it; that you can change the software and use pieces of
-it in new free programs; and that you are informed that you can do
-these things.
-
- To protect your rights, we need to make restrictions that forbid
-distributors to deny you these rights or to ask you to surrender these
-rights. These restrictions translate to certain responsibilities for
-you if you distribute copies of the library or if you modify it.
-
- For example, if you distribute copies of the library, whether gratis
-or for a fee, you must give the recipients all the rights that we gave
-you. You must make sure that they, too, receive or can get the source
-code. If you link other code with the library, you must provide
-complete object files to the recipients, so that they can relink them
-with the library after making changes to the library and recompiling
-it. And you must show them these terms so they know their rights.
-
- We protect your rights with a two-step method: (1) we copyright the
-library, and (2) we offer you this license, which gives you legal
-permission to copy, distribute and/or modify the library.
-
- To protect each distributor, we want to make it very clear that
-there is no warranty for the free library. Also, if the library is
-modified by someone else and passed on, the recipients should know
-that what they have is not the original version, so that the original
-author's reputation will not be affected by problems that might be
-introduced by others.
-^L
- Finally, software patents pose a constant threat to the existence of
-any free program. We wish to make sure that a company cannot
-effectively restrict the users of a free program by obtaining a
-restrictive license from a patent holder. Therefore, we insist that
-any patent license obtained for a version of the library must be
-consistent with the full freedom of use specified in this license.
-
- Most GNU software, including some libraries, is covered by the
-ordinary GNU General Public License. This license, the GNU Lesser
-General Public License, applies to certain designated libraries, and
-is quite different from the ordinary General Public License. We use
-this license for certain libraries in order to permit linking those
-libraries into non-free programs.
-
- When a program is linked with a library, whether statically or using
-a shared library, the combination of the two is legally speaking a
-combined work, a derivative of the original library. The ordinary
-General Public License therefore permits such linking only if the
-entire combination fits its criteria of freedom. The Lesser General
-Public License permits more lax criteria for linking other code with
-the library.
-
- We call this license the "Lesser" General Public License because it
-does Less to protect the user's freedom than the ordinary General
-Public License. It also provides other free software developers Less
-of an advantage over competing non-free programs. These disadvantages
-are the reason we use the ordinary General Public License for many
-libraries. However, the Lesser license provides advantages in certain
-special circumstances.
-
- For example, on rare occasions, there may be a special need to
-encourage the widest possible use of a certain library, so that it
-becomes
-a de-facto standard. To achieve this, non-free programs must be
-allowed to use the library. A more frequent case is that a free
-library does the same job as widely used non-free libraries. In this
-case, there is little to gain by limiting the free library to free
-software only, so we use the Lesser General Public License.
-
- In other cases, permission to use a particular library in non-free
-programs enables a greater number of people to use a large body of
-free software. For example, permission to use the GNU C Library in
-non-free programs enables many more people to use the whole GNU
-operating system, as well as its variant, the GNU/Linux operating
-system.
-
- Although the Lesser General Public License is Less protective of the
-users' freedom, it does ensure that the user of a program that is
-linked with the Library has the freedom and the wherewithal to run
-that program using a modified version of the Library.
-
- The precise terms and conditions for copying, distribution and
-modification follow. Pay close attention to the difference between a
-"work based on the library" and a "work that uses the library". The
-former contains code derived from the library, whereas the latter must
-be combined with the library in order to run.
-^L
- GNU LESSER GENERAL PUBLIC LICENSE
- TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
-
- 0. This License Agreement applies to any software library or other
-program which contains a notice placed by the copyright holder or
-other authorized party saying it may be distributed under the terms of
-this Lesser General Public License (also called "this License").
-Each licensee is addressed as "you".
-
- A "library" means a collection of software functions and/or data
-prepared so as to be conveniently linked with application programs
-(which use some of those functions and data) to form executables.
-
- The "Library", below, refers to any such software library or work
-which has been distributed under these terms. A "work based on the
-Library" means either the Library or any derivative work under
-copyright law: that is to say, a work containing the Library or a
-portion of it, either verbatim or with modifications and/or translated
-straightforwardly into another language. (Hereinafter, translation is
-included without limitation in the term "modification".)
-
- "Source code" for a work means the preferred form of the work for
-making modifications to it. For a library, complete source code means
-all the source code for all modules it contains, plus any associated
-interface definition files, plus the scripts used to control
-compilation
-and installation of the library.
-
- Activities other than copying, distribution and modification are not
-covered by this License; they are outside its scope. The act of
-running a program using the Library is not restricted, and output from
-such a program is covered only if its contents constitute a work based
-on the Library (independent of the use of the Library in a tool for
-writing it). Whether that is true depends on what the Library does
-and what the program that uses the Library does.
-
- 1. You may copy and distribute verbatim copies of the Library's
-complete source code as you receive it, in any medium, provided that
-you conspicuously and appropriately publish on each copy an
-appropriate copyright notice and disclaimer of warranty; keep intact
-all the notices that refer to this License and to the absence of any
-warranty; and distribute a copy of this License along with the
-Library.
-
- You may charge a fee for the physical act of transferring a copy,
-and you may at your option offer warranty protection in exchange for a
-fee.
-
- 2. You may modify your copy or copies of the Library or any portion
-of it, thus forming a work based on the Library, and copy and
-distribute such modifications or work under the terms of Section 1
-above, provided that you also meet all of these conditions:
-
- a) The modified work must itself be a software library.
-
- b) You must cause the files modified to carry prominent notices
- stating that you changed the files and the date of any change.
-
- c) You must cause the whole of the work to be licensed at no
- charge to all third parties under the terms of this License.
-
- d) If a facility in the modified Library refers to a function or a
- table of data to be supplied by an application program that uses
- the facility, other than as an argument passed when the facility
- is invoked, then you must make a good faith effort to ensure that,
- in the event an application does not supply such function or
- table, the facility still operates, and performs whatever part of
- its purpose remains meaningful.
-
- (For example, a function in a library to compute square roots has
- a purpose that is entirely well-defined independent of the
- application. Therefore, Subsection 2d requires that any
- application-supplied function or table used by this function must
- be optional: if the application does not supply it, the square
- root function must still compute square roots.)
-
-These requirements apply to the modified work as a whole. If
-identifiable sections of that work are not derived from the Library,
-and can be reasonably considered independent and separate works in
-themselves, then this License, and its terms, do not apply to those
-sections when you distribute them as separate works. But when you
-distribute the same sections as part of a whole which is a work based
-on the Library, the distribution of the whole must be on the terms of
-this License, whose permissions for other licensees extend to the
-entire whole, and thus to each and every part regardless of who wrote
-it.
-
-Thus, it is not the intent of this section to claim rights or contest
-your rights to work written entirely by you; rather, the intent is to
-exercise the right to control the distribution of derivative or
-collective works based on the Library.
-
-In addition, mere aggregation of another work not based on the Library
-with the Library (or with a work based on the Library) on a volume of
-a storage or distribution medium does not bring the other work under
-the scope of this License.
-
- 3. You may opt to apply the terms of the ordinary GNU General Public
-License instead of this License to a given copy of the Library. To do
-this, you must alter all the notices that refer to this License, so
-that they refer to the ordinary GNU General Public License, version 2,
-instead of to this License. (If a newer version than version 2 of the
-ordinary GNU General Public License has appeared, then you can specify
-that version instead if you wish.) Do not make any other change in
-these notices.
-^L
- Once this change is made in a given copy, it is irreversible for
-that copy, so the ordinary GNU General Public License applies to all
-subsequent copies and derivative works made from that copy.
-
- This option is useful when you wish to copy part of the code of
-the Library into a program that is not a library.
-
- 4. You may copy and distribute the Library (or a portion or
-derivative of it, under Section 2) in object code or executable form
-under the terms of Sections 1 and 2 above provided that you accompany
-it with the complete corresponding machine-readable source code, which
-must be distributed under the terms of Sections 1 and 2 above on a
-medium customarily used for software interchange.
-
- If distribution of object code is made by offering access to copy
-from a designated place, then offering equivalent access to copy the
-source code from the same place satisfies the requirement to
-distribute the source code, even though third parties are not
-compelled to copy the source along with the object code.
-
- 5. A program that contains no derivative of any portion of the
-Library, but is designed to work with the Library by being compiled or
-linked with it, is called a "work that uses the Library". Such a
-work, in isolation, is not a derivative work of the Library, and
-therefore falls outside the scope of this License.
-
- However, linking a "work that uses the Library" with the Library
-creates an executable that is a derivative of the Library (because it
-contains portions of the Library), rather than a "work that uses the
-library". The executable is therefore covered by this License.
-Section 6 states terms for distribution of such executables.
-
- When a "work that uses the Library" uses material from a header file
-that is part of the Library, the object code for the work may be a
-derivative work of the Library even though the source code is not.
-Whether this is true is especially significant if the work can be
-linked without the Library, or if the work is itself a library. The
-threshold for this to be true is not precisely defined by law.
-
- If such an object file uses only numerical parameters, data
-structure layouts and accessors, and small macros and small inline
-functions (ten lines or less in length), then the use of the object
-file is unrestricted, regardless of whether it is legally a derivative
-work. (Executables containing this object code plus portions of the
-Library will still fall under Section 6.)
-
- Otherwise, if the work is a derivative of the Library, you may
-distribute the object code for the work under the terms of Section 6.
-Any executables containing that work also fall under Section 6,
-whether or not they are linked directly with the Library itself.
-^L
- 6. As an exception to the Sections above, you may also combine or
-link a "work that uses the Library" with the Library to produce a
-work containing portions of the Library, and distribute that work
-under terms of your choice, provided that the terms permit
-modification of the work for the customer's own use and reverse
-engineering for debugging such modifications.
-
- You must give prominent notice with each copy of the work that the
-Library is used in it and that the Library and its use are covered by
-this License. You must supply a copy of this License. If the work
-during execution displays copyright notices, you must include the
-copyright notice for the Library among them, as well as a reference
-directing the user to the copy of this License. Also, you must do one
-of these things:
-
- a) Accompany the work with the complete corresponding
- machine-readable source code for the Library including whatever
- changes were used in the work (which must be distributed under
- Sections 1 and 2 above); and, if the work is an executable linked
- with the Library, with the complete machine-readable "work that
- uses the Library", as object code and/or source code, so that the
- user can modify the Library and then relink to produce a modified
- executable containing the modified Library. (It is understood
- that the user who changes the contents of definitions files in the
- Library will not necessarily be able to recompile the application
- to use the modified definitions.)
-
- b) Use a suitable shared library mechanism for linking with the
- Library. A suitable mechanism is one that (1) uses at run time a
- copy of the library already present on the user's computer system,
- rather than copying library functions into the executable, and (2)
- will operate properly with a modified version of the library, if
- the user installs one, as long as the modified version is
- interface-compatible with the version that the work was made with.
-
- c) Accompany the work with a written offer, valid for at
- least three years, to give the same user the materials
- specified in Subsection 6a, above, for a charge no more
- than the cost of performing this distribution.
-
- d) If distribution of the work is made by offering access to copy
- from a designated place, offer equivalent access to copy the above
- specified materials from the same place.
-
- e) Verify that the user has already received a copy of these
- materials or that you have already sent this user a copy.
-
- For an executable, the required form of the "work that uses the
-Library" must include any data and utility programs needed for
-reproducing the executable from it. However, as a special exception,
-the materials to be distributed need not include anything that is
-normally distributed (in either source or binary form) with the major
-components (compiler, kernel, and so on) of the operating system on
-which the executable runs, unless that component itself accompanies
-the executable.
-
- It may happen that this requirement contradicts the license
-restrictions of other proprietary libraries that do not normally
-accompany the operating system. Such a contradiction means you cannot
-use both them and the Library together in an executable that you
-distribute.
-^L
- 7. You may place library facilities that are a work based on the
-Library side-by-side in a single library together with other library
-facilities not covered by this License, and distribute such a combined
-library, provided that the separate distribution of the work based on
-the Library and of the other library facilities is otherwise
-permitted, and provided that you do these two things:
-
- a) Accompany the combined library with a copy of the same work
- based on the Library, uncombined with any other library
- facilities. This must be distributed under the terms of the
- Sections above.
-
- b) Give prominent notice with the combined library of the fact
- that part of it is a work based on the Library, and explaining
- where to find the accompanying uncombined form of the same work.
-
- 8. You may not copy, modify, sublicense, link with, or distribute
-the Library except as expressly provided under this License. Any
-attempt otherwise to copy, modify, sublicense, link with, or
-distribute the Library is void, and will automatically terminate your
-rights under this License. However, parties who have received copies,
-or rights, from you under this License will not have their licenses
-terminated so long as such parties remain in full compliance.
-
- 9. You are not required to accept this License, since you have not
-signed it. However, nothing else grants you permission to modify or
-distribute the Library or its derivative works. These actions are
-prohibited by law if you do not accept this License. Therefore, by
-modifying or distributing the Library (or any work based on the
-Library), you indicate your acceptance of this License to do so, and
-all its terms and conditions for copying, distributing or modifying
-the Library or works based on it.
-
- 10. Each time you redistribute the Library (or any work based on the
-Library), the recipient automatically receives a license from the
-original licensor to copy, distribute, link with or modify the Library
-subject to these terms and conditions. You may not impose any further
-restrictions on the recipients' exercise of the rights granted herein.
-You are not responsible for enforcing compliance by third parties with
-this License.
-^L
- 11. If, as a consequence of a court judgment or allegation of patent
-infringement or for any other reason (not limited to patent issues),
-conditions are imposed on you (whether by court order, agreement or
-otherwise) that contradict the conditions of this License, they do not
-excuse you from the conditions of this License. If you cannot
-distribute so as to satisfy simultaneously your obligations under this
-License and any other pertinent obligations, then as a consequence you
-may not distribute the Library at all. For example, if a patent
-license would not permit royalty-free redistribution of the Library by
-all those who receive copies directly or indirectly through you, then
-the only way you could satisfy both it and this License would be to
-refrain entirely from distribution of the Library.
-
-If any portion of this section is held invalid or unenforceable under
-any particular circumstance, the balance of the section is intended to
-apply, and the section as a whole is intended to apply in other
-circumstances.
-
-It is not the purpose of this section to induce you to infringe any
-patents or other property right claims or to contest validity of any
-such claims; this section has the sole purpose of protecting the
-integrity of the free software distribution system which is
-implemented by public license practices. Many people have made
-generous contributions to the wide range of software distributed
-through that system in reliance on consistent application of that
-system; it is up to the author/donor to decide if he or she is willing
-to distribute software through any other system and a licensee cannot
-impose that choice.
-
-This section is intended to make thoroughly clear what is believed to
-be a consequence of the rest of this License.
-
- 12. If the distribution and/or use of the Library is restricted in
-certain countries either by patents or by copyrighted interfaces, the
-original copyright holder who places the Library under this License
-may add an explicit geographical distribution limitation excluding those
-countries, so that distribution is permitted only in or among
-countries not thus excluded. In such case, this License incorporates
-the limitation as if written in the body of this License.
-
- 13. The Free Software Foundation may publish revised and/or new
-versions of the Lesser General Public License from time to time.
-Such new versions will be similar in spirit to the present version,
-but may differ in detail to address new problems or concerns.
-
-Each version is given a distinguishing version number. If the Library
-specifies a version number of this License which applies to it and
-"any later version", you have the option of following the terms and
-conditions either of that version or of any later version published by
-the Free Software Foundation. If the Library does not specify a
-license version number, you may choose any version ever published by
-the Free Software Foundation.
-^L
- 14. If you wish to incorporate parts of the Library into other free
-programs whose distribution conditions are incompatible with these,
-write to the author to ask for permission. For software which is
-copyrighted by the Free Software Foundation, write to the Free
-Software Foundation; we sometimes make exceptions for this. Our
-decision will be guided by the two goals of preserving the free status
-of all derivatives of our free software and of promoting the sharing
-and reuse of software generally.
-
- NO WARRANTY
-
- 15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO
-WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW.
-EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
-OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY
-KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE
-LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME
-THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
-
- 16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN
-WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY
-AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU
-FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR
-CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE
-LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING
-RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A
-FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF
-SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
-DAMAGES.
-
- END OF TERMS AND CONDITIONS
-^L
- How to Apply These Terms to Your New Libraries
-
- If you develop a new library, and you want it to be of the greatest
-possible use to the public, we recommend making it free software that
-everyone can redistribute and change. You can do so by permitting
-redistribution under these terms (or, alternatively, under the terms
-of the ordinary General Public License).
-
- To apply these terms, attach the following notices to the library.
-It is safest to attach them to the start of each source file to most
-effectively convey the exclusion of warranty; and each file should
-have at least the "copyright" line and a pointer to where the full
-notice is found.
-
-
- <one line to give the library's name and a brief idea of what it
-does.>
- Copyright (C) <year> <name of author>
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-
-Also add information on how to contact you by electronic and paper
-mail.
-
-You should also get your employer (if you work as a programmer) or
-your
-school, if any, to sign a "copyright disclaimer" for the library, if
-necessary. Here is a sample; alter the names:
-
- Yoyodyne, Inc., hereby disclaims all copyright interest in the
- library `Frob' (a library for tweaking knobs) written by James
-Random Hacker.
-
- <signature of Ty Coon>, 1 April 1990
- Ty Coon, President of Vice
-
-That's all there is to it!
-
-
diff --git a/ChangeLog b/ChangeLog
index c286c03..2a4c6ec 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,68 @@
+2011-05-20 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * OpenSSL/ssl/connection.c, OpenSSL/test/test_ssl.py: Add a new
+ method to the Connection type, get_peer_cert_chain, for retrieving
+ the peer's certificate chain.
+
+2011-05-19 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * OpenSSL/crypto/x509.c, OpenSSL/test/test_crypto.py: Add a new
+ method to the X509 type, get_signature_algorithm, for inspecting
+ the signature algorithm field of the certificate. Based on a
+ patch from <lp:~okuda>.
+
+2011-05-10 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * OpenSSL/crypto/crypto.h: Work around a Windows/OpenSSL 1.0 issue
+ explicitly including a Windows header before any OpenSSL headers.
+
+ * OpenSSL/crypto/pkcs12.c: Work around an OpenSSL 1.0 issue by
+ explicitly flushing errors known to be uninteresting after calling
+ PKCS12_parse.
+
+ * OpenSSL/ssl/context.c: Remove SSLv2 support if the underlying
+ OpenSSL library does not provide it.
+
+ * OpenSSL/test/test_crypto.py: Support an OpenSSL 1.0 change from
+ MD5 to SHA1 by allowing either hash algorithm's result as the
+ return value of X509.subject_name_hash.
+
+ * OpenSSL/test/test_ssl.py: Support an OpenSSL 1.0 change from MD5
+ to SHA1 by constructing certificate files named using both hash
+ algorithms' results when testing Context.load_verify_locations.
+
+ * Support OpenSSL 1.0.0a.
+
+2011-04-15 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * OpenSSL/ssl/ssl.c: Add OPENSSL_VERSION_NUMBER, SSLeay_version
+ and related constants for retrieving version information about the
+ underlying OpenSSL library.
+
+2011-04-07 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * Release 0.12
+
+2011-04-06 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * OpenSSL/crypto/x509.c: Add get_extension_count and get_extension
+ to the X509 type, allowing read access to certificate extensions.
+
+ * OpenSSL/crypto/x509ext.c: Add get_short_name and get_data to the
+ X509Extension type, allowing read access to the contents of an
+ extension.
+
+2011-03-21 Olivier Hervieu <lp:~ohe>
+
+ * OpenSSL/ssl/ssl.c: Expose a number of symbolic constants for
+ values passed to the connection "info" callback.
+
+2011-01-22 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * OpenSSL/ssl/connection.py: Add support for new-style
+ buffers (primarily memoryviews) to Connection.send and
+ Connection.sendall.
+
2010-11-01 Jean-Paul Calderone <exarkun@twistedmatrix.com>
* Release 0.11
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..d645695
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,202 @@
+
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright [yyyy] [name of copyright owner]
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
diff --git a/MANIFEST.in b/MANIFEST.in
index a26f83f..0c2be95 100644
--- a/MANIFEST.in
+++ b/MANIFEST.in
@@ -1,5 +1,5 @@
recursive-include OpenSSL *.h
-include COPYING ChangeLog INSTALL README TODO MANIFEST.in OpenSSL/RATIONALE
+include LICENSE ChangeLog INSTALL README TODO MANIFEST.in OpenSSL/RATIONALE
include doc/pyOpenSSL.tex doc/Makefile
recursive-include doc/tools *
recursive-include examples *
diff --git a/OpenSSL/__init__.py b/OpenSSL/__init__.py
index 004cd05..c9ea33b 100644
--- a/OpenSSL/__init__.py
+++ b/OpenSSL/__init__.py
@@ -1,10 +1,6 @@
-#
-# __init__.py
-#
-# Copyright (C) AB Strakt 2001, All rights reserved
-#
-# $Id: __init__.py,v 1.4 2004/07/22 12:01:25 martin Exp $
-#
+# Copyright (C) AB Strakt
+# See LICENSE for details.
+
"""
pyOpenSSL - A simple wrapper around the OpenSSL library
"""
diff --git a/OpenSSL/crypto/crl.c b/OpenSSL/crypto/crl.c
index bc76f22..eec5bcb 100644
--- a/OpenSSL/crypto/crl.c
+++ b/OpenSSL/crypto/crl.c
@@ -276,12 +276,15 @@ PyTypeObject crypto_CRL_Type = {
};
int init_crypto_crl(PyObject *module) {
- if (PyType_Ready(&crypto_CRL_Type) < 0) {
- return 0;
- }
+ if (PyType_Ready(&crypto_CRL_Type) < 0) {
+ return 0;
+ }
- if (PyModule_AddObject(module, "CRL", (PyObject *)&crypto_CRL_Type) != 0) {
- return 0;
- }
- return 1;
+ /* PyModule_AddObject steals a reference.
+ */
+ Py_INCREF((PyObject *)&crypto_CRL_Type);
+ if (PyModule_AddObject(module, "CRL", (PyObject *)&crypto_CRL_Type) != 0) {
+ return 0;
+ }
+ return 1;
}
diff --git a/OpenSSL/crypto/crypto.c b/OpenSSL/crypto/crypto.c
index 28b279a..3573a12 100644
--- a/OpenSSL/crypto/crypto.c
+++ b/OpenSSL/crypto/crypto.c
@@ -1,9 +1,10 @@
/*
* crypto.c
*
- * Copyright (C) AB Strakt 2001, All rights reserved
- * Copyright (C) Keyphrene 2004, All rights reserved
- * Copyright (C) Jean-Paul Calderone 2008-2009, All rights reserved
+ * Copyright (C) AB Strakt
+ * Copyright (C) Keyphrene
+ * Copyright (C) Jean-Paul Calderone
+ * See LICENSE for details.
*
* Main file of crypto sub module.
* See the file RATIONALE for a short explanation of why this module was written.
@@ -837,13 +838,21 @@ PyOpenSSL_MODINIT(crypto) {
crypto_API[crypto_PKCS7_New_NUM] = (void *)crypto_PKCS7_New;
crypto_API[crypto_NetscapeSPKI_New_NUM] = (void *)crypto_NetscapeSPKI_New;
c_api_object = PyCObject_FromVoidPtr((void *)crypto_API, NULL);
- if (c_api_object != NULL)
+ if (c_api_object != NULL) {
+ /* PyModule_AddObject steals a reference.
+ */
+ Py_INCREF(c_api_object);
PyModule_AddObject(module, "_C_API", c_api_object);
+ }
#endif
crypto_Error = PyErr_NewException("OpenSSL.crypto.Error", NULL, NULL);
if (crypto_Error == NULL)
goto error;
+
+ /* PyModule_AddObject steals a reference.
+ */
+ Py_INCREF(crypto_Error);
if (PyModule_AddObject(module, "Error", crypto_Error) != 0)
goto error;
diff --git a/OpenSSL/crypto/crypto.h b/OpenSSL/crypto/crypto.h
index 947f349..4006e71 100644
--- a/OpenSSL/crypto/crypto.h
+++ b/OpenSSL/crypto/crypto.h
@@ -1,19 +1,32 @@
/*
* crypto.h
*
- * Copyright (C) AB Strakt 2001, All rights reserved
+ * Copyright (C) AB Strakt
+ * See LICENSE for details.
*
* Exports from crypto.c.
* See the file RATIONALE for a short explanation of why this module was written.
*
* Reviewed 2001-07-23
*
- * @(#) $Id: crypto.h,v 1.14 2004/08/09 13:41:25 martin Exp $
*/
#ifndef PyOpenSSL_CRYPTO_H_
#define PyOpenSSL_CRYPTO_H_
#include <Python.h>
+/* Work around a bug in OpenSSL 1.0.0 which is caused by winsock.h being
+ included (from dtls1.h) too late by the OpenSSL header files, overriding
+ the fixes (in ossl_typ.h) for symbol clashes caused by this OS header
+ file.
+
+ In order to have those fixes still take effect, we include winsock.h
+ here, prior to including any OpenSSL header files.
+
+ */
+#ifdef _WIN32
+# include "winsock.h"
+#endif
+
#include "x509.h"
#include "x509name.h"
#include "netscape_spki.h"
@@ -110,7 +123,7 @@ extern void **crypto_API;
PyObject *crypto_dict, *crypto_api_object; \
crypto_dict = PyModule_GetDict(crypto_module); \
crypto_api_object = PyDict_GetItemString(crypto_dict, "_C_API"); \
- if (PyCObject_Check(crypto_api_object)) { \
+ if (crypto_api_object && PyCObject_Check(crypto_api_object)) { \
crypto_API = (void **)PyCObject_AsVoidPtr(crypto_api_object); \
} \
} \
diff --git a/OpenSSL/crypto/netscape_spki.c b/OpenSSL/crypto/netscape_spki.c
index ff40962..9369d50 100644
--- a/OpenSSL/crypto/netscape_spki.c
+++ b/OpenSSL/crypto/netscape_spki.c
@@ -1,7 +1,8 @@
/*
* netscape_spki.c
*
- * Copyright (C) Tollef Fog Heen 2003
+ * Copyright (C) Tollef Fog Heen
+ * See LICENSE for details.
*
* Netscape SPKI handling, thin wrapper
*/
@@ -297,10 +298,16 @@ init_crypto_netscape_spki(PyObject *module) {
return 0;
}
+ /* PyModule_AddObject steals a reference
+ */
+ Py_INCREF((PyObject *)&crypto_NetscapeSPKI_Type);
if (PyModule_AddObject(module, "NetscapeSPKI", (PyObject *)&crypto_NetscapeSPKI_Type) != 0) {
return 0;
}
+ /* PyModule_AddObject steals a reference
+ */
+ Py_INCREF((PyObject *)&crypto_NetscapeSPKI_Type);
if (PyModule_AddObject(module, "NetscapeSPKIType", (PyObject *)&crypto_NetscapeSPKI_Type) != 0) {
return 0;
}
diff --git a/OpenSSL/crypto/netscape_spki.h b/OpenSSL/crypto/netscape_spki.h
index 19389d8..2f07307 100644
--- a/OpenSSL/crypto/netscape_spki.h
+++ b/OpenSSL/crypto/netscape_spki.h
@@ -1,7 +1,8 @@
/*
* netscape_spki.h
*
- * Copyright (C) Tollef Fog Heen 2003, All rights reserved
+ * Copyright (C) Tollef Fog Heen
+ * See LICENSE for details.
*
* Handle Netscape SPKI (challenge response) certificate requests.
*
diff --git a/OpenSSL/crypto/pkcs12.c b/OpenSSL/crypto/pkcs12.c
index 81d6074..a1a5a79 100644
--- a/OpenSSL/crypto/pkcs12.c
+++ b/OpenSSL/crypto/pkcs12.c
@@ -1,7 +1,8 @@
/*
* pkcs12.c
*
- * Copyright (C) AB Strakt 2001, All rights reserved
+ * Copyright (C) AB Strakt
+ * See LICENSE for details.
*
* Certificate transport (PKCS12) handling code,
* mostly thin wrappers around OpenSSL.
@@ -336,15 +337,25 @@ crypto_PKCS12_New(PKCS12 *p12, char *passphrase) {
}
/* parse the PKCS12 lump */
- if (p12 && !PKCS12_parse(p12, passphrase, &pkey, &cert, &cacerts)) {
- /*
- * If PKCS12_parse fails, and it allocated cacerts, it seems to free
- * cacerts, but not re-NULL the pointer. Zounds! Make sure it is
- * re-set to NULL here, else we'll have a double-free below.
- */
- cacerts = NULL;
- exception_from_error_queue(crypto_Error);
- goto error;
+ if (p12) {
+ if (!PKCS12_parse(p12, passphrase, &pkey, &cert, &cacerts)) {
+ /*
+ * If PKCS12_parse fails, and it allocated cacerts, it seems to
+ * free cacerts, but not re-NULL the pointer. Zounds! Make sure
+ * it is re-set to NULL here, else we'll have a double-free below.
+ */
+ cacerts = NULL;
+ exception_from_error_queue(crypto_Error);
+ goto error;
+ } else {
+ /*
+ * OpenSSL 1.0.0 sometimes leaves an X509_check_private_key error in
+ * the queue for no particular reason. This error isn't interesting
+ * to anyone outside this function. It's not even interesting to
+ * us. Get rid of it.
+ */
+ flush_error_queue();
+ }
}
if (!(self = PyObject_GC_New(crypto_PKCS12Obj, &crypto_PKCS12_Type))) {
@@ -551,10 +562,16 @@ init_crypto_pkcs12(PyObject *module) {
return 0;
}
+ /* PyModule_AddObject steals a reference.
+ */
+ Py_INCREF((PyObject *)&crypto_PKCS12_Type);
if (PyModule_AddObject(module, "PKCS12", (PyObject *)&crypto_PKCS12_Type) != 0) {
return 0;
}
+ /* PyModule_AddObject steals a reference.
+ */
+ Py_INCREF((PyObject *)&crypto_PKCS12_Type);
if (PyModule_AddObject(module, "PKCS12Type", (PyObject *)&crypto_PKCS12_Type) != 0) {
return 0;
}
diff --git a/OpenSSL/crypto/pkcs12.h b/OpenSSL/crypto/pkcs12.h
index 3abfa52..f0de1a8 100644
--- a/OpenSSL/crypto/pkcs12.h
+++ b/OpenSSL/crypto/pkcs12.h
@@ -1,11 +1,11 @@
/*
* pkcs12.h
*
- * Copyright (C) AB Strakt 2001, All rights reserved
+ * Copyright (C) AB Strakt
+ * See LICENSE for details.
*
* Export PKCS12 functions and data structure.
*
- * @(#) $$
*/
#ifndef PyOpenSSL_crypto_PKCS12_H_
#define PyOpenSSL_crypto_PKCS12_H_
diff --git a/OpenSSL/crypto/pkcs7.c b/OpenSSL/crypto/pkcs7.c
index fff95e2..1770f7f 100644
--- a/OpenSSL/crypto/pkcs7.c
+++ b/OpenSSL/crypto/pkcs7.c
@@ -1,7 +1,8 @@
/*
* pkcs7.c
*
- * Copyright (C) AB Strakt 2002, All rights reserved
+ * Copyright (C) AB Strakt
+ * See LICENSE for details.
*
* PKCS7 handling code, mostly thin wrappers around OpenSSL.
* See the file RATIONALE for a short explanation of why this module was written.
@@ -203,6 +204,9 @@ init_crypto_pkcs7(PyObject *module) {
return 0;
}
+ /* PyModule_AddObject steals a reference.
+ */
+ Py_INCREF((PyObject *)&crypto_PKCS7_Type);
if (PyModule_AddObject(module, "PKCS7Type", (PyObject *)&crypto_PKCS7_Type) != 0) {
return 0;
}
diff --git a/OpenSSL/crypto/pkcs7.h b/OpenSSL/crypto/pkcs7.h
index bdbb425..d8453b2 100644
--- a/OpenSSL/crypto/pkcs7.h
+++ b/OpenSSL/crypto/pkcs7.h
@@ -1,12 +1,12 @@
/*
* pkcs7.h
*
- * Copyright (C) AB Strakt 2002, All rights reserved
+ * Copyright (C) AB Strakt
+ * See LICENSE for details.
*
* Export pkcs7 functions and data structure.
* See the file RATIONALE for a short explanation of why this module was written.
*
- * @(#) $Id: pkcs7.h,v 1.2 2002/09/04 22:24:59 iko Exp $
*/
#ifndef PyOpenSSL_crypto_PKCS7_H_
#define PyOpenSSL_crypto_PKCS7_H_
diff --git a/OpenSSL/crypto/pkey.c b/OpenSSL/crypto/pkey.c
index 6494d2a..0a13aa3 100644
--- a/OpenSSL/crypto/pkey.c
+++ b/OpenSSL/crypto/pkey.c
@@ -1,8 +1,9 @@
/*
* pkey.c
*
- * Copyright (C) AB Strakt 2001, All rights reserved
- * Copyright (C) Jean-Paul Calderone 2008, All rights reserved
+ * Copyright (C) AB Strakt
+ * Copyright (C) Jean-Paul Calderone
+ * See LICENSE for details.
*
* Public/rivate key handling code, mostly thin wrappers around OpenSSL.
* See the file RATIONALE for a short explanation of why this module was written.
@@ -251,10 +252,16 @@ init_crypto_pkey(PyObject *module)
return 0;
}
+ /* PyModule_AddObject steals a reference.
+ */
+ Py_INCREF((PyObject *)&crypto_PKey_Type);
if (PyModule_AddObject(module, "PKey", (PyObject *)&crypto_PKey_Type) != 0) {
return 0;
}
+ /* PyModule_AddObject steals a reference.
+ */
+ Py_INCREF((PyObject *)&crypto_PKey_Type);
if (PyModule_AddObject(module, "PKeyType", (PyObject *)&crypto_PKey_Type) != 0) {
return 0;
}
diff --git a/OpenSSL/crypto/pkey.h b/OpenSSL/crypto/pkey.h
index 3ac7bde..dc5e52e 100644
--- a/OpenSSL/crypto/pkey.h
+++ b/OpenSSL/crypto/pkey.h
@@ -1,13 +1,13 @@
/*
* pkey.h
*
- * Copyright (C) AB Strakt 2001, All rights reserved
- * Copyright (C) Jean-Paul Calderone 2008, All rights reserved
+ * Copyright (C) AB Strakt
+ * Copyright (C) Jean-Paul Calderone
+ * See LICENSE for details.
*
* Export pkey functions and data structure.
* See the file RATIONALE for a short explanation of why this module was written.
*
- * @(#) $Id: pkey.h,v 1.5 2002/09/04 22:24:59 iko Exp $
*/
#ifndef PyOpenSSL_crypto_PKEY_H_
#define PyOpenSSL_crypto_PKEY_H_
diff --git a/OpenSSL/crypto/revoked.c b/OpenSSL/crypto/revoked.c
index e9b1297..93f9946 100644
--- a/OpenSSL/crypto/revoked.c
+++ b/OpenSSL/crypto/revoked.c
@@ -434,6 +434,9 @@ int init_crypto_revoked(PyObject *module) {
return 0;
}
+ /* PyModule_AddObject steals a reference.
+ */
+ Py_INCREF((PyObject *)&crypto_Revoked_Type);
if (PyModule_AddObject(module, "Revoked", (PyObject *)&crypto_Revoked_Type) != 0) {
return 0;
}
diff --git a/OpenSSL/crypto/x509.c b/OpenSSL/crypto/x509.c
index 9c2448c..0754dec 100644
--- a/OpenSSL/crypto/x509.c
+++ b/OpenSSL/crypto/x509.c
@@ -1,8 +1,9 @@
/*
* x509.c
*
- * Copyright (C) AB Strakt 2001, All rights reserved
- * Copyright (C) Jean-Paul Calderone 2008, All rights reserved
+ * Copyright (C) AB Strakt
+ * Copyright (C) Jean-Paul Calderone
+ * See LICENSE for details.
*
* Certificate (X.509) handling code, mostly thin wrappers around OpenSSL.
* See the file RATIONALE for a short explanation of why this module was written.
@@ -12,6 +13,7 @@
#include <Python.h>
#define crypto_MODULE
#include "crypto.h"
+#include "x509ext.h"
/*
* X.509 is a standard for digital certificates. See e.g. the OpenSSL homepage
@@ -299,7 +301,7 @@ crypto_X509_get_pubkey(crypto_X509Obj *self, PyObject *args)
py_pkey = crypto_PKey_New(pkey, 1);
if (py_pkey != NULL) {
- py_pkey->only_public = 1;
+ py_pkey->only_public = 1;
}
return (PyObject *)py_pkey;
}
@@ -517,6 +519,34 @@ crypto_X509_gmtime_adj_notAfter(crypto_X509Obj *self, PyObject *args)
return Py_None;
}
+
+static char crypto_X509_get_signature_algorithm_doc[] = "\n\
+Retrieve the signature algorithm used in the certificate\n\
+\n\
+@return: A byte string giving the name of the signature algorithm used in\n\
+ the certificate.\n\
+@raise ValueError: If the signature algorithm is undefined.\n\
+";
+
+static PyObject *
+crypto_X509_get_signature_algorithm(crypto_X509Obj *self, PyObject *args) {
+ ASN1_OBJECT *alg;
+ int nid;
+
+ if (!PyArg_ParseTuple(args, ":get_signature_algorithm")) {
+ return NULL;
+ }
+
+ alg = self->x509->cert_info->signature->algorithm;
+ nid = OBJ_obj2nid(alg);
+ if (nid == NID_undef) {
+ PyErr_SetString(PyExc_ValueError, "Undefined signature algorithm");
+ return NULL;
+ }
+ return PyBytes_FromString(OBJ_nid2ln(nid));
+}
+
+
static char crypto_X509_sign_doc[] = "\n\
Sign the certificate using the supplied key and digest\n\
\n\
@@ -684,6 +714,52 @@ crypto_X509_add_extensions(crypto_X509Obj *self, PyObject *args)
return Py_None;
}
+static char crypto_X509_get_extension_count_doc[] = "\n\
+Get the number of extensions on the certificate.\n\
+\n\
+@return: Number of extensions as a Python integer\n\
+";
+
+static PyObject *
+crypto_X509_get_extension_count(crypto_X509Obj *self, PyObject *args) {
+ if (!PyArg_ParseTuple(args, ":get_extension_count")) {
+ return NULL;
+ }
+
+ return PyLong_FromLong((long)X509_get_ext_count(self->x509));
+}
+
+static char crypto_X509_get_extension_doc[] = "\n\
+Get a specific extension of the certificate by index.\n\
+\n\
+@param index: The index of the extension to retrieve.\n\
+@return: The X509Extension object at the specified index.\n\
+";
+
+static PyObject *
+crypto_X509_get_extension(crypto_X509Obj *self, PyObject *args) {
+ crypto_X509ExtensionObj *extobj;
+ int loc;
+ X509_EXTENSION *ext;
+
+ if (!PyArg_ParseTuple(args, "i:get_extension", &loc)) {
+ return NULL;
+ }
+
+ /* will return NULL if loc is outside the range of extensions,
+ not registered as an error*/
+ ext = X509_get_ext(self->x509, loc);
+ if (!ext) {
+ PyErr_SetString(PyExc_IndexError, "extension index out of bounds");
+ return NULL; /* Should be reported as an IndexError ? */
+ }
+
+ extobj = PyObject_New(crypto_X509ExtensionObj, &crypto_X509Extension_Type);
+ extobj->x509_extension = X509_EXTENSION_dup(ext);
+
+ return (PyObject*)extobj;
+}
+
/*
* ADD_METHOD(name) expands to a correct PyMethodDef declaration
* { 'name', (PyCFunction)crypto_X509_name, METH_VARARGS }
@@ -709,11 +785,14 @@ static PyMethodDef crypto_X509_methods[] =
ADD_METHOD(set_notAfter),
ADD_METHOD(gmtime_adj_notBefore),
ADD_METHOD(gmtime_adj_notAfter),
+ ADD_METHOD(get_signature_algorithm),
ADD_METHOD(sign),
ADD_METHOD(has_expired),
ADD_METHOD(subject_name_hash),
ADD_METHOD(digest),
ADD_METHOD(add_extensions),
+ ADD_METHOD(get_extension),
+ ADD_METHOD(get_extension_count),
{ NULL, NULL }
};
#undef ADD_METHOD
@@ -833,10 +912,14 @@ init_crypto_x509(PyObject *module)
return 0;
}
+ /* PyModule_AddObject steals a reference.
+ */
+ Py_INCREF((PyObject *)&crypto_X509_Type);
if (PyModule_AddObject(module, "X509", (PyObject *)&crypto_X509_Type) != 0) {
return 0;
}
+ Py_INCREF((PyObject *)&crypto_X509_Type);
if (PyModule_AddObject(module, "X509Type", (PyObject *)&crypto_X509_Type) != 0) {
return 0;
}
diff --git a/OpenSSL/crypto/x509.h b/OpenSSL/crypto/x509.h
index 43e41eb..f6cd190 100644
--- a/OpenSSL/crypto/x509.h
+++ b/OpenSSL/crypto/x509.h
@@ -1,14 +1,14 @@
/*
* x509.h
*
- * Copyright (C) AB Strakt 2001, All rights reserved
+ * Copyright (C) AB Strakt
+ * See LICENSE for details.
*
* Export x509 functions and data structure.
* See the file RATIONALE for a short explanation of why this module was written.
*
* Reviewed 2001-07-23
*
- * @(#) $Id: x509.h,v 1.9 2002/09/04 22:24:59 iko Exp $
*/
#ifndef PyOpenSSL_crypto_X509_H_
#define PyOpenSSL_crypto_X509_H_
diff --git a/OpenSSL/crypto/x509ext.c b/OpenSSL/crypto/x509ext.c
index d629732..adbe084 100644
--- a/OpenSSL/crypto/x509ext.c
+++ b/OpenSSL/crypto/x509ext.c
@@ -1,12 +1,12 @@
/*
* x509ext.c
*
- * Copyright (C) Jean-Paul Calderone 2008, All rights reserved
+ * Copyright (C) Jean-Paul Calderone
+ * See LICENSE for details.
*
* Export X.509 extension functions and data structures.
* See the file RATIONALE for a short explanation of why this module was written.
*
- * @(#) $Id: x509ext.c,v 1.1 2002/07/09 13:34:46 martin Exp $
*/
#include <Python.h>
@@ -51,6 +51,26 @@ crypto_X509Extension_get_short_name(crypto_X509ExtensionObj *self, PyObject *arg
}
+static char crypto_X509Extension_get_data_doc[] = "\n\
+Returns the data of the X509Extension\n\
+\n\
+@return: A C{str} giving the X509Extension's ASN.1 encoded data.\n\
+";
+
+static PyObject *
+crypto_X509Extension_get_data(crypto_X509ExtensionObj *self, PyObject *args) {
+ ASN1_OCTET_STRING *data;
+ PyObject *result;
+
+ if (!PyArg_ParseTuple(args, ":get_data")) {
+ return NULL;
+ }
+
+ data = X509_EXTENSION_get_data(self->x509_extension);
+ result = PyBytes_FromStringAndSize((const char*)data->data, data->length);
+ return result;
+}
+
/*
* ADD_METHOD(name) expands to a correct PyMethodDef declaration
* { 'name', (PyCFunction)crypto_X509Extension_name, METH_VARARGS }
@@ -62,6 +82,7 @@ static PyMethodDef crypto_X509Extension_methods[] =
{
ADD_METHOD(get_critical),
ADD_METHOD(get_short_name),
+ ADD_METHOD(get_data),
{ NULL, NULL }
};
#undef ADD_METHOD
@@ -295,11 +316,17 @@ init_crypto_x509extension(PyObject *module)
return 0;
}
+ /* PyModule_AddObject steals a reference.
+ */
+ Py_INCREF((PyObject *)&crypto_X509Extension_Type);
if (PyModule_AddObject(module, "X509Extension",
(PyObject *)&crypto_X509Extension_Type) != 0) {
return 0;
}
+ /* PyModule_AddObject steals a reference.
+ */
+ Py_INCREF((PyObject *)&crypto_X509Extension_Type);
if (PyModule_AddObject(module, "X509ExtensionType",
(PyObject *)&crypto_X509Extension_Type) != 0) {
return 0;
diff --git a/OpenSSL/crypto/x509ext.h b/OpenSSL/crypto/x509ext.h
index 6ce7f68..3ddc716 100644
--- a/OpenSSL/crypto/x509ext.h
+++ b/OpenSSL/crypto/x509ext.h
@@ -1,12 +1,12 @@
/*
* x509ext.h
*
- * Copyright (C) Awanim 2002, All rights reserved
+ * Copyright (C) Awanim
+ * See LICENSE for details.
*
* Export X.509 extension functions and data structures.
* See the file RATIONALE for a short explanation of why this module was written.
*
- * @(#) $Id: x509ext.h,v 1.2 2002/09/04 22:24:59 iko Exp $
*/
#ifndef PyOpenSSL_crypto_X509EXTENSION_H_
#define PyOpenSSL_crypto_X509EXTENSION_H_
diff --git a/OpenSSL/crypto/x509name.c b/OpenSSL/crypto/x509name.c
index e10c5a5..a62c957 100644
--- a/OpenSSL/crypto/x509name.c
+++ b/OpenSSL/crypto/x509name.c
@@ -1,8 +1,9 @@
/*
* x509name.c
*
- * Copyright (C) AB Strakt 2001, All rights reserved
- * Copyright (C) Jean-Paul Calderone 2008-2009, All rights reserved
+ * Copyright (C) AB Strakt
+ * Copyright (C) Jean-Paul Calderone
+ * See LICENSE for details.
*
* X.509 Name handling, mostly thin wrapping.
* See the file RATIONALE for a short explanation of why this module was written.
@@ -194,14 +195,30 @@ crypto_X509Name_getattro(crypto_X509NameObj *self, PyObject *nameobj)
* value - The value to set
*/
static int
-crypto_X509Name_setattr(crypto_X509NameObj *self, char *name, PyObject *value)
+crypto_X509Name_setattro(crypto_X509NameObj *self, PyObject *nameobj, PyObject *value)
{
int nid;
int result;
char *buffer;
+ char *name;
+
+ if (!PyBytes_CheckExact(nameobj) && !PyUnicode_CheckExact(nameobj)) {
+ PyErr_Format(PyExc_TypeError,
+ "attribute name must be string, not '%.200s'",
+ Py_TYPE(nameobj)->tp_name);
+ return -1;
+ }
+
+#ifdef PY3
+ name = PyBytes_AsString(PyUnicode_AsASCIIString(nameobj));
+#else
+ name = PyBytes_AsString(nameobj);
+#endif
if ((nid = OBJ_txt2nid(name)) == NID_undef)
{
+ /* Just like the case in the getattr function */
+ flush_error_queue();
PyErr_SetString(PyExc_AttributeError, "No such attribute");
return -1;
}
@@ -474,7 +491,7 @@ PyTypeObject crypto_X509Name_Type = {
(destructor)crypto_X509Name_dealloc,
NULL, /* print */
NULL, /* getattr */
- (setattrfunc)crypto_X509Name_setattr,
+ NULL, /* setattr */
NULL, /* reserved */
(reprfunc)crypto_X509Name_repr,
NULL, /* as_number */
@@ -484,7 +501,7 @@ PyTypeObject crypto_X509Name_Type = {
NULL, /* call */
NULL, /* str */
(getattrofunc)crypto_X509Name_getattro, /* getattro */
- NULL, /* setattro */
+ (setattrofunc)crypto_X509Name_setattro, /* setattro */
NULL, /* as_buffer */
Py_TPFLAGS_DEFAULT | Py_TPFLAGS_HAVE_GC, /* tp_flags */
crypto_X509Name_doc, /* tp_doc */
@@ -520,10 +537,16 @@ init_crypto_x509name(PyObject *module)
return 0;
}
+ /* PyModule_AddObject steals a reference.
+ */
+ Py_INCREF((PyObject *)&crypto_X509Name_Type);
if (PyModule_AddObject(module, "X509Name", (PyObject *)&crypto_X509Name_Type) != 0) {
return 0;
}
+ /* PyModule_AddObject steals a reference.
+ */
+ Py_INCREF((PyObject *)&crypto_X509Name_Type);
if (PyModule_AddObject(module, "X509NameType", (PyObject *)&crypto_X509Name_Type) != 0) {
return 0;
}
diff --git a/OpenSSL/crypto/x509name.h b/OpenSSL/crypto/x509name.h
index 362ce35..bfc7628 100644
--- a/OpenSSL/crypto/x509name.h
+++ b/OpenSSL/crypto/x509name.h
@@ -1,14 +1,14 @@
/*
* x509name.h
*
- * Copyright (C) AB Strakt 2001, All rights reserved
+ * Copyright (C) AB Strakt
+ * See LICENSE for details.
*
* Export X.509 name functions and data structures.
* See the file RATIONALE for a short explanation of why this module was written.
*
* Reviewed 2001-07-23
*
- * @(#) $Id: x509name.h,v 1.8 2002/09/04 22:24:59 iko Exp $
*/
#ifndef PyOpenSSL_crypto_X509NAME_H_
#define PyOpenSSL_crypto_X509NAME_H_
diff --git a/OpenSSL/crypto/x509req.c b/OpenSSL/crypto/x509req.c
index 23c0218..a2d1f11 100644
--- a/OpenSSL/crypto/x509req.c
+++ b/OpenSSL/crypto/x509req.c
@@ -1,8 +1,9 @@
/*
* x509req.c
*
- * Copyright (C) AB Strakt 2001, All rights reserved
- * Copyright (C) Jean-Paul Calderone 2008, All rights reserved
+ * Copyright (C) AB Strakt
+ * Copyright (C) Jean-Paul Calderone
+ * See LICENSE for details.
*
* X.509 Request handling, mostly thin wrapping.
* See the file RATIONALE for a short explanation of why this module was written.
@@ -412,10 +413,16 @@ init_crypto_x509req(PyObject *module)
return 0;
}
+ /* PyModule_AddObject steals a reference.
+ */
+ Py_INCREF((PyObject *)&crypto_X509Req_Type);
if (PyModule_AddObject(module, "X509Req", (PyObject *)&crypto_X509Req_Type) != 0) {
return 0;
}
+ /* PyModule_AddObject steals a reference.
+ */
+ Py_INCREF((PyObject *)&crypto_X509Req_Type);
if (PyModule_AddObject(module, "X509ReqType", (PyObject *)&crypto_X509Req_Type) != 0) {
return 0;
}
diff --git a/OpenSSL/crypto/x509req.h b/OpenSSL/crypto/x509req.h
index db8043c..5fe0524 100644
--- a/OpenSSL/crypto/x509req.h
+++ b/OpenSSL/crypto/x509req.h
@@ -1,12 +1,12 @@
/*
* x509req.h
*
- * Copyright (C) AB Strakt 2001, All rights reserved
+ * Copyright (C) AB Strakt
+ * See LICENSE for details.
*
* Export X509 request functions and data structures.
* See the file RATIONALE for a short explanation of why this module was written.
*
- * @(#) $Id: x509req.h,v 1.6 2002/09/04 22:24:59 iko Exp $
*/
#ifndef PyOpenSSL_SSL_X509REQ_H_
#define PyOpenSSL_SSL_X509REQ_H_
diff --git a/OpenSSL/crypto/x509store.c b/OpenSSL/crypto/x509store.c
index 30ae508..bf22756 100644
--- a/OpenSSL/crypto/x509store.c
+++ b/OpenSSL/crypto/x509store.c
@@ -1,7 +1,8 @@
/*
* x509store.c
*
- * Copyright (C) AB Strakt 2001, All rights reserved
+ * Copyright (C) AB Strakt
+ * See LICENSE for details.
*
* X.509 Store handling, mostly thin wrapping.
* See the file RATIONALE for a short explanation of why this module was written.
@@ -137,6 +138,9 @@ init_crypto_x509store(PyObject *module)
return 0;
}
+ /* PyModule_AddObject steals a reference.
+ */
+ Py_INCREF((PyObject *)&crypto_X509Store_Type);
if (PyModule_AddObject(module, "X509StoreType", (PyObject *)&crypto_X509Store_Type) != 0) {
return 0;
}
diff --git a/OpenSSL/crypto/x509store.h b/OpenSSL/crypto/x509store.h
index 9ed5073..de3531d 100644
--- a/OpenSSL/crypto/x509store.h
+++ b/OpenSSL/crypto/x509store.h
@@ -1,12 +1,12 @@
/*
* x509store.h
*
- * Copyright (C) AB Strakt 2001, All rights reserved
+ * Copyright (C) AB Strakt
+ * See LICENSE for details.
*
* Export X509 store functions and data structures.
* See the file RATIONALE for a short explanation of why this module was written.
*
- * @(#) $Id: x509store.h,v 1.4 2002/09/04 22:24:59 iko Exp $
*/
#ifndef PyOpenSSL_SSL_X509STORE_H_
#define PyOpenSSL_SSL_X509STORE_H_
diff --git a/OpenSSL/rand/rand.c b/OpenSSL/rand/rand.c
index fabf805..8307ac6 100644
--- a/OpenSSL/rand/rand.c
+++ b/OpenSSL/rand/rand.c
@@ -1,12 +1,12 @@
/*
* rand.c
*
- * Copyright (C) AB Strakt 2001, All rights reserved
+ * Copyright (C) AB Strakt
+ * See LICENSE file for details.
*
* PRNG management routines, thin wrappers.
* See the file RATIONALE for a short explanation of why this module was written.
*
- * Reviewed 2001-07-23
*/
#include <Python.h>
@@ -288,6 +288,9 @@ PyOpenSSL_MODINIT(rand) {
goto error;
}
+ /* PyModule_AddObject steals a reference.
+ */
+ Py_INCREF(rand_Error);
if (PyModule_AddObject(module, "Error", rand_Error) != 0) {
goto error;
}
diff --git a/OpenSSL/ssl/connection.c b/OpenSSL/ssl/connection.c
index 1d45926..9e9794b 100755
--- a/OpenSSL/ssl/connection.c
+++ b/OpenSSL/ssl/connection.c
@@ -1,8 +1,9 @@
/*
* connection.c
*
- * Copyright (C) AB Strakt 2001, All rights reserved
- * Copyright (C) Jean-Paul Calderone 2008, All rights reserved
+ * Copyright (C) AB Strakt
+ * Copyright (C) Jean-Paul Calderone
+ * See LICENSE for details.
*
* SSL Connection objects and methods.
* See the file RATIONALE for a short explanation of why this module was written.
@@ -262,6 +263,94 @@ ssl_Connection_get_context(ssl_ConnectionObj *self, PyObject *args) {
return (PyObject *)self->context;
}
+static char ssl_Connection_set_context_doc[] = "\n\
+Switch this connection to a new session context\n\
+\n\
+@param context: A L{Context} instance giving the new session context to use.\n\
+\n\
+";
+static PyObject *
+ssl_Connection_set_context(ssl_ConnectionObj *self, PyObject *args) {
+ ssl_ContextObj *ctx;
+ ssl_ContextObj *old;
+
+ if (!PyArg_ParseTuple(args, "O!:set_context", &ssl_Context_Type, &ctx)) {
+ return NULL;
+ }
+
+ /* This Connection will hold on to this context now. Make sure it stays
+ * alive.
+ */
+ Py_INCREF(ctx);
+
+ /* XXX The unit tests don't actually verify that this call is made.
+ * They're satisfied if self->context gets updated.
+ */
+ SSL_set_SSL_CTX(self->ssl, ctx->ctx);
+
+ /* Swap the old out and the new in.
+ */
+ old = self->context;
+ self->context = ctx;
+
+ /* XXX The unit tests don't verify that this reference is dropped.
+ */
+ Py_DECREF(old);
+
+ Py_INCREF(Py_None);
+ return Py_None;
+}
+
+static char ssl_Connection_get_servername_doc[] = "\n\
+Retrieve the servername extension value if provided in the client hello\n\
+message, or None if there wasn't one.\n\
+\n\
+@return: A byte string giving the server name or C{None}.\n\
+\n\
+";
+static PyObject *
+ssl_Connection_get_servername(ssl_ConnectionObj *self, PyObject *args) {
+ int type = TLSEXT_NAMETYPE_host_name;
+ const char *name;
+
+ if (!PyArg_ParseTuple(args, ":get_servername")) {
+ return NULL;
+ }
+
+ name = SSL_get_servername(self->ssl, type);
+
+ if (name == NULL) {
+ Py_INCREF(Py_None);
+ return Py_None;
+ } else {
+ return PyBytes_FromString(name);
+ }
+}
+
+
+static char ssl_Connection_set_tlsext_host_name_doc[] = "\n\
+Set the value of the servername extension to send in the client hello.\n\
+\n\
+@param name: A byte string giving the name.\n\
+\n\
+";
+static PyObject *
+ssl_Connection_set_tlsext_host_name(ssl_ConnectionObj *self, PyObject *args) {
+ char *buf;
+
+ if (!PyArg_ParseTuple(args, BYTESTRING_FMT ":set_tlsext_host_name", &buf)) {
+ return NULL;
+ }
+
+ /* XXX I guess this can fail sometimes? */
+ SSL_set_tlsext_host_name(self->ssl, buf);
+
+ Py_INCREF(Py_None);
+ return Py_None;
+}
+
+
+
static char ssl_Connection_pending_doc[] = "\n\
Get the number of bytes that can be safely read from the connection\n\
\n\
@@ -331,18 +420,32 @@ method again with the SAME buffer.\n\
@return: The number of bytes written\n\
";
static PyObject *
-ssl_Connection_send(ssl_ConnectionObj *self, PyObject *args)
-{
- char *buf;
+ssl_Connection_send(ssl_ConnectionObj *self, PyObject *args) {
int len, ret, err, flags;
+ char *buf;
+
+#if PY_VERSION_HEX >= 0x02060000
+ Py_buffer pbuf;
+
+ if (!PyArg_ParseTuple(args, "s*|i:send", &pbuf, &flags))
+ return NULL;
+
+ buf = pbuf.buf;
+ len = pbuf.len;
+#else
if (!PyArg_ParseTuple(args, "s#|i:send", &buf, &len, &flags))
return NULL;
+#endif
MY_BEGIN_ALLOW_THREADS(self->tstate)
ret = SSL_write(self->ssl, buf, len);
MY_END_ALLOW_THREADS(self->tstate)
+#if PY_VERSION_HEX >= 0x02060000
+ PyBuffer_Release(&pbuf);
+#endif
+
if (PyErr_Occurred())
{
flush_error_queue();
@@ -378,8 +481,18 @@ ssl_Connection_sendall(ssl_ConnectionObj *self, PyObject *args)
int len, ret, err, flags;
PyObject *pyret = Py_None;
+#if PY_VERSION_HEX >= 0x02060000
+ Py_buffer pbuf;
+
+ if (!PyArg_ParseTuple(args, "s*|i:sendall", &pbuf, &flags))
+ return NULL;
+
+ buf = pbuf.buf;
+ len = pbuf.len;
+#else
if (!PyArg_ParseTuple(args, "s#|i:sendall", &buf, &len, &flags))
return NULL;
+#endif
do {
MY_BEGIN_ALLOW_THREADS(self->tstate)
@@ -403,9 +516,13 @@ ssl_Connection_sendall(ssl_ConnectionObj *self, PyObject *args)
handle_ssl_errors(self->ssl, err, ret);
pyret = NULL;
break;
- }
+ }
} while (len > 0);
+#if PY_VERSION_HEX >= 0x02060000
+ PyBuffer_Release(&pbuf);
+#endif
+
Py_XINCREF(pyret);
return pyret;
}
@@ -1069,6 +1186,44 @@ ssl_Connection_get_peer_certificate(ssl_ConnectionObj *self, PyObject *args)
}
}
+static char ssl_Connection_get_peer_cert_chain_doc[] = "\n\
+Retrieve the other side's certificate (if any)\n\
+\n\
+@return: A list of X509 instances giving the peer's certificate chain,\n\
+ or None if it does not have one.\n\
+";
+static PyObject *
+ssl_Connection_get_peer_cert_chain(ssl_ConnectionObj *self, PyObject *args) {
+ STACK_OF(X509) *sk;
+ PyObject *chain;
+ crypto_X509Obj *cert;
+ Py_ssize_t i;
+
+ if (!PyArg_ParseTuple(args, ":get_peer_cert_chain")) {
+ return NULL;
+ }
+
+ sk = SSL_get_peer_cert_chain(self->ssl);
+ if (sk != NULL) {
+ chain = PyList_New(sk_X509_num(sk));
+ for (i = 0; i < sk_X509_num(sk); i++) {
+ cert = new_x509(sk_X509_value(sk, i), 1);
+ if (!cert) {
+ /* XXX Untested */
+ Py_DECREF(chain);
+ return NULL;
+ }
+ CRYPTO_add(&cert->x509->references, 1, CRYPTO_LOCK_X509);
+ PyList_SET_ITEM(chain, i, (PyObject *)cert);
+ }
+ return chain;
+ } else {
+ Py_INCREF(Py_None);
+ return Py_None;
+ }
+
+}
+
static char ssl_Connection_want_read_doc[] = "\n\
Checks if more data has to be read from the transport layer to complete an\n\
operation.\n\
@@ -1114,6 +1269,9 @@ ssl_Connection_want_write(ssl_ConnectionObj *self, PyObject *args)
static PyMethodDef ssl_Connection_methods[] =
{
ADD_METHOD(get_context),
+ ADD_METHOD(set_context),
+ ADD_METHOD(get_servername),
+ ADD_METHOD(set_tlsext_host_name),
ADD_METHOD(pending),
ADD_METHOD(send),
ADD_ALIAS (write, send),
@@ -1146,6 +1304,7 @@ static PyMethodDef ssl_Connection_methods[] =
ADD_METHOD(master_key),
ADD_METHOD(sock_shutdown),
ADD_METHOD(get_peer_certificate),
+ ADD_METHOD(get_peer_cert_chain),
ADD_METHOD(want_read),
ADD_METHOD(want_write),
ADD_METHOD(set_accept_state),
@@ -1403,10 +1562,16 @@ init_ssl_connection(PyObject *module) {
return 0;
}
+ /* PyModule_AddObject steals a reference.
+ */
+ Py_INCREF((PyObject *)&ssl_Connection_Type);
if (PyModule_AddObject(module, "Connection", (PyObject *)&ssl_Connection_Type) != 0) {
return 0;
}
+ /* PyModule_AddObject steals a reference.
+ */
+ Py_INCREF((PyObject *)&ssl_Connection_Type);
if (PyModule_AddObject(module, "ConnectionType", (PyObject *)&ssl_Connection_Type) != 0) {
return 0;
}
diff --git a/OpenSSL/ssl/connection.h b/OpenSSL/ssl/connection.h
index 4e1e4d2..59f659b 100644
--- a/OpenSSL/ssl/connection.h
+++ b/OpenSSL/ssl/connection.h
@@ -1,14 +1,14 @@
/*
* connection.h
*
- * Copyright (C) AB Strakt 2001, All rights reserved
+ * Copyright (C) AB Strakt
+ * See LICENSE for details.
*
* Export SSL Connection data structures and functions.
* See the file RATIONALE for a short explanation of why this module was written.
*
* Reviewed 2001-07-23
*
- * @(#) $Id: connection.h,v 1.11 2002/09/04 22:24:59 iko Exp $
*/
#ifndef PyOpenSSL_SSL_CONNECTION_H_
#define PyOpenSSL_SSL_CONNECTION_H_
diff --git a/OpenSSL/ssl/context.c b/OpenSSL/ssl/context.c
index a0b9a72..c2bdcab 100644
--- a/OpenSSL/ssl/context.c
+++ b/OpenSSL/ssl/context.c
@@ -1,8 +1,9 @@
/*
* context.c
*
- * Copyright (C) AB Strakt 2001, All rights reserved
- * Copyright (C) Jean-Paul Calderone 2008, All rights reserved
+ * Copyright (C) AB Strakt
+ * Copyright (C) Jean-Paul Calderone
+ * See LICENSE for details.
*
* SSL Context objects and their methods.
* See the file RATIONALE for a short explanation of why this module was written.
@@ -236,6 +237,54 @@ global_info_callback(const SSL *ssl, int where, int _ret)
return;
}
+/*
+ * Globally defined TLS extension server name callback. This is called from
+ * OpenSSL internally. The GIL will not be held when this function is invoked.
+ * It must not be held when the function returns.
+ *
+ * ssl represents the connection this callback is for
+ *
+ * alert is a pointer to the alert value which maybe will be emitted to the
+ * client if there is an error handling the client hello (which contains the
+ * server name). This is an out parameter, maybe.
+ *
+ * arg is an arbitrary pointer specified by SSL_CTX_set_tlsext_servername_arg.
+ * It will be NULL for all pyOpenSSL uses.
+ */
+static int
+global_tlsext_servername_callback(const SSL *ssl, int *alert, void *arg) {
+ int result = 0;
+ PyObject *argv, *ret;
+ ssl_ConnectionObj *conn = (ssl_ConnectionObj *)SSL_get_app_data(ssl);
+
+ /*
+ * GIL isn't held yet. First things first - acquire it, or any Python API
+ * we invoke might segfault or blow up the sun. The reverse will be done
+ * before returning.
+ */
+ MY_END_ALLOW_THREADS(conn->tstate);
+
+ argv = Py_BuildValue("(O)", (PyObject *)conn);
+ ret = PyEval_CallObject(conn->context->tlsext_servername_callback, argv);
+ Py_DECREF(argv);
+ Py_DECREF(ret);
+
+ /*
+ * This function is returning into OpenSSL. Release the GIL again.
+ */
+ MY_BEGIN_ALLOW_THREADS(conn->tstate);
+ return result;
+}
+
+/*
+ * More recent builds of OpenSSL may have SSLv2 completely disabled.
+ */
+#ifdef OPENSSL_NO_SSL2
+#define SSLv2_METHOD_TEXT ""
+#else
+#define SSLv2_METHOD_TEXT "SSLv2_METHOD, "
+#endif
+
static char ssl_Context_doc[] = "\n\
Context(method) -> Context instance\n\
@@ -243,10 +292,12 @@ Context(method) -> Context instance\n\
OpenSSL.SSL.Context instances define the parameters for setting up new SSL\n\
connections.\n\
\n\
-@param method: One of SSLv2_METHOD, SSLv3_METHOD, SSLv23_METHOD, or\n\
+@param method: One of " SSLv2_METHOD_TEXT "SSLv3_METHOD, SSLv23_METHOD, or\n\
TLSv1_METHOD.\n\
";
+#undef SSLv2_METHOD_TEXT
+
static char ssl_Context_load_verify_locations_doc[] = "\n\
Let SSL know where we can find trusted certificates for the certificate\n\
chain\n\
@@ -1057,6 +1108,34 @@ ssl_Context_set_options(ssl_ContextObj *self, PyObject *args)
return PyLong_FromLong(SSL_CTX_set_options(self->ctx, options));
}
+static char ssl_Context_set_tlsext_servername_callback_doc[] = "\n\
+Specify a callback function to be called when clients specify a server name.\n\
+\n\
+@param callback: The callback function. It will be invoked with one\n\
+ argument, the Connection instance.\n\
+\n\
+";
+static PyObject *
+ssl_Context_set_tlsext_servername_callback(ssl_ContextObj *self, PyObject *args) {
+ PyObject *callback;
+ PyObject *old;
+
+ if (!PyArg_ParseTuple(args, "O:set_tlsext_servername_callback", &callback)) {
+ return NULL;
+ }
+
+ Py_INCREF(callback);
+ old = self->tlsext_servername_callback;
+ self->tlsext_servername_callback = callback;
+ Py_DECREF(old);
+
+ SSL_CTX_set_tlsext_servername_callback(self->ctx, global_tlsext_servername_callback);
+ SSL_CTX_set_tlsext_servername_arg(self->ctx, NULL);
+
+ Py_INCREF(Py_None);
+ return Py_None;
+}
+
/*
* Member methods in the Context object
@@ -1095,6 +1174,7 @@ static PyMethodDef ssl_Context_methods[] = {
ADD_METHOD(set_app_data),
ADD_METHOD(get_cert_store),
ADD_METHOD(set_options),
+ ADD_METHOD(set_tlsext_servername_callback),
{ NULL, NULL }
};
#undef ADD_METHOD
@@ -1106,11 +1186,19 @@ static PyMethodDef ssl_Context_methods[] = {
*/
static ssl_ContextObj*
ssl_Context_init(ssl_ContextObj *self, int i_method) {
+#if (OPENSSL_VERSION_NUMBER >> 28) == 0x01
+ const
+#endif
SSL_METHOD *method;
switch (i_method) {
case ssl_SSLv2_METHOD:
+#ifdef OPENSSL_NO_SSL2
+ PyErr_SetString(PyExc_ValueError, "SSLv2_METHOD not supported by this version of OpenSSL");
+ return NULL;
+#else
method = SSLv2_method();
+#endif
break;
case ssl_SSLv23_METHOD:
method = SSLv23_method();
@@ -1135,6 +1223,9 @@ ssl_Context_init(ssl_ContextObj *self, int i_method) {
self->info_callback = Py_None;
Py_INCREF(Py_None);
+ self->tlsext_servername_callback = Py_None;
+
+ Py_INCREF(Py_None);
self->passphrase_userdata = Py_None;
Py_INCREF(Py_None);
@@ -1309,10 +1400,16 @@ init_ssl_context(PyObject *module) {
return 0;
}
+ /* PyModule_AddObject steals a reference.
+ */
+ Py_INCREF((PyObject *)&ssl_Context_Type);
if (PyModule_AddObject(module, "Context", (PyObject *)&ssl_Context_Type) < 0) {
return 0;
}
+ /* PyModule_AddObject steals a reference.
+ */
+ Py_INCREF((PyObject *)&ssl_Context_Type);
if (PyModule_AddObject(module, "ContextType", (PyObject *)&ssl_Context_Type) < 0) {
return 0;
}
diff --git a/OpenSSL/ssl/context.h b/OpenSSL/ssl/context.h
index b52acf1..19b5e9e 100644
--- a/OpenSSL/ssl/context.h
+++ b/OpenSSL/ssl/context.h
@@ -1,14 +1,14 @@
/*
* context.h
*
- * Copyright (C) AB Strakt 2001, All rights reserved
+ * Copyright (C) AB Strakt
+ * See LICENSE for details.
*
* Export SSL Context object data structures and functions.
* See the file RATIONALE for a short explanation of why this module was written.
*
* Reviewed 2001-07-23
*
- * @(#) $Id: context.h,v 1.6 2002/09/04 22:24:59 iko Exp $
*/
#ifndef PyOpenSSL_SSL_CONTEXT_H_
#define PyOpenSSL_SSL_CONTEXT_H_
@@ -29,6 +29,7 @@ typedef struct {
*passphrase_userdata,
*verify_callback,
*info_callback,
+ *tlsext_servername_callback,
*app_data;
PyThreadState *tstate;
} ssl_ContextObj;
diff --git a/OpenSSL/ssl/ssl.c b/OpenSSL/ssl/ssl.c
index 5e56030..0dd9871 100644
--- a/OpenSSL/ssl/ssl.c
+++ b/OpenSSL/ssl/ssl.c
@@ -1,8 +1,9 @@
/*
* ssl.c
*
- * Copyright (C) AB Strakt 2001, All rights reserved
- * Copyright (C) Jean-Paul Calderone 2008, All rights reserved
+ * Copyright (C) AB Strakt
+ * Copyright (C) Jean-Paul Calderone
+ * See LICENSE for details.
*
* Main file of the SSL sub module.
* See the file RATIONALE for a short explanation of why this module was written.
@@ -49,9 +50,30 @@ PyObject *ssl_Error, /* Base class */
*ssl_WantX509LookupError, /* ... */
*ssl_SysCallError; /* Uses (errno,errstr) */
+static char ssl_SSLeay_version_doc[] = "\n\
+Return a string describing the version of OpenSSL in use.\n\
+\n\
+@param type: One of the SSLEAY_ constants defined in this module.\n\
+";
+
+static PyObject *
+ssl_SSLeay_version(PyObject *spam, PyObject *args) {
+ int t;
+ const char *version;
+
+ if (!PyArg_ParseTuple(args, "i:SSLeay_version", &t)) {
+ return NULL;
+ }
+
+ version = SSLeay_version(t);
+ return PyBytes_FromStringAndSize(version, strlen(version));
+}
+
+
/* Methods in the OpenSSL.SSL module */
static PyMethodDef ssl_methods[] = {
+ { "SSLeay_version", ssl_SSLeay_version, METH_VARARGS, ssl_SSLeay_version_doc },
{ NULL, NULL }
};
@@ -117,8 +139,12 @@ PyOpenSSL_MODINIT(SSL) {
ssl_API[ssl_Context_New_NUM] = (void *)ssl_Context_New;
ssl_API[ssl_Connection_New_NUM] = (void *)ssl_Connection_New;
ssl_api_object = PyCObject_FromVoidPtr((void *)ssl_API, NULL);
- if (ssl_api_object != NULL)
+ if (ssl_api_object != NULL) {
+ /* PyModule_AddObject steals a reference.
+ */
+ Py_INCREF(ssl_api_object);
PyModule_AddObject(module, "_C_API", ssl_api_object);
+ }
#endif
/* Exceptions */
@@ -126,18 +152,24 @@ PyOpenSSL_MODINIT(SSL) {
* ADD_EXCEPTION(dict,name,base) expands to a correct Exception declaration,
* inserting OpenSSL.SSL.name into dict, derviving the exception from base.
*/
-#define ADD_EXCEPTION(_name, _base) \
-do { \
+#define ADD_EXCEPTION(_name, _base) \
+do { \
ssl_##_name = PyErr_NewException("OpenSSL.SSL."#_name, _base, NULL);\
if (ssl_##_name == NULL) \
- goto error; \
+ goto error; \
+ /* PyModule_AddObject steals a reference. */ \
+ Py_INCREF(ssl_##_name); \
if (PyModule_AddObject(module, #_name, ssl_##_name) != 0) \
- goto error; \
+ goto error; \
} while (0)
ssl_Error = PyErr_NewException("OpenSSL.SSL.Error", NULL, NULL);
- if (ssl_Error == NULL)
+ if (ssl_Error == NULL) {
goto error;
+ }
+
+ /* PyModule_AddObject steals a reference. */
+ Py_INCREF(ssl_Error);
if (PyModule_AddObject(module, "Error", ssl_Error) != 0)
goto error;
@@ -209,6 +241,38 @@ do { \
PyModule_AddIntConstant(module, "SENT_SHUTDOWN", SSL_SENT_SHUTDOWN);
PyModule_AddIntConstant(module, "RECEIVED_SHUTDOWN", SSL_RECEIVED_SHUTDOWN);
+ /* For set_info_callback */
+ PyModule_AddIntConstant(module, "SSL_ST_CONNECT", SSL_ST_CONNECT);
+ PyModule_AddIntConstant(module, "SSL_ST_ACCEPT", SSL_ST_ACCEPT);
+ PyModule_AddIntConstant(module, "SSL_ST_MASK", SSL_ST_MASK);
+ PyModule_AddIntConstant(module, "SSL_ST_INIT", SSL_ST_INIT);
+ PyModule_AddIntConstant(module, "SSL_ST_BEFORE", SSL_ST_BEFORE);
+ PyModule_AddIntConstant(module, "SSL_ST_OK", SSL_ST_OK);
+ PyModule_AddIntConstant(module, "SSL_ST_RENEGOTIATE", SSL_ST_RENEGOTIATE);
+ PyModule_AddIntConstant(module, "SSL_CB_LOOP", SSL_CB_LOOP);
+ PyModule_AddIntConstant(module, "SSL_CB_EXIT", SSL_CB_EXIT);
+ PyModule_AddIntConstant(module, "SSL_CB_READ", SSL_CB_READ);
+ PyModule_AddIntConstant(module, "SSL_CB_WRITE", SSL_CB_WRITE);
+ PyModule_AddIntConstant(module, "SSL_CB_ALERT", SSL_CB_ALERT);
+ PyModule_AddIntConstant(module, "SSL_CB_READ_ALERT", SSL_CB_READ_ALERT);
+ PyModule_AddIntConstant(module, "SSL_CB_WRITE_ALERT", SSL_CB_WRITE_ALERT);
+ PyModule_AddIntConstant(module, "SSL_CB_ACCEPT_LOOP", SSL_CB_ACCEPT_LOOP);
+ PyModule_AddIntConstant(module, "SSL_CB_ACCEPT_EXIT", SSL_CB_ACCEPT_EXIT);
+ PyModule_AddIntConstant(module, "SSL_CB_CONNECT_LOOP", SSL_CB_CONNECT_LOOP);
+ PyModule_AddIntConstant(module, "SSL_CB_CONNECT_EXIT", SSL_CB_CONNECT_EXIT);
+ PyModule_AddIntConstant(module, "SSL_CB_HANDSHAKE_START", SSL_CB_HANDSHAKE_START);
+ PyModule_AddIntConstant(module, "SSL_CB_HANDSHAKE_DONE", SSL_CB_HANDSHAKE_DONE);
+
+ /* Version information indicators, used with SSLeay_version */
+ PyModule_AddIntConstant(module, "SSLEAY_VERSION", SSLEAY_VERSION);
+ PyModule_AddIntConstant(module, "SSLEAY_CFLAGS", SSLEAY_CFLAGS);
+ PyModule_AddIntConstant(module, "SSLEAY_BUILT_ON", SSLEAY_BUILT_ON);
+ PyModule_AddIntConstant(module, "SSLEAY_PLATFORM", SSLEAY_PLATFORM);
+ PyModule_AddIntConstant(module, "SSLEAY_DIR", SSLEAY_DIR);
+
+ /* Straight up version number */
+ PyModule_AddIntConstant(module, "OPENSSL_VERSION_NUMBER", OPENSSL_VERSION_NUMBER);
+
if (!init_ssl_context(module))
goto error;
if (!init_ssl_connection(module))
diff --git a/OpenSSL/ssl/ssl.h b/OpenSSL/ssl/ssl.h
index 75597ca..6a0a57e 100644
--- a/OpenSSL/ssl/ssl.h
+++ b/OpenSSL/ssl/ssl.h
@@ -1,14 +1,14 @@
/*
* ssl.h
*
- * Copyright (C) AB Strakt 2001, All rights reserved
+ * Copyright (C) AB Strakt
+ * See LICENSE for details.
*
* Export functions and exceptions from the SSL sub module.
* See the file RATIONALE for a short explanation of why this module was written.
*
* Reviewed 2001-07-23
*
- * @(#) $Id: ssl.h,v 1.6 2002/04/08 19:25:43 martin Exp $
*/
#ifndef PyOpenSSL_SSL_H_
#define PyOpenSSL_SSL_H_
diff --git a/OpenSSL/test/__init__.py b/OpenSSL/test/__init__.py
index ab9c4cb..ccb4e9a 100644
--- a/OpenSSL/test/__init__.py
+++ b/OpenSSL/test/__init__.py
@@ -1,4 +1,5 @@
-# Copyright (C) Jean-Paul Calderone 2008, All rights reserved
+# Copyright (C) Jean-Paul Calderone
+# See LICENSE for details.
"""
Package containing unit tests for L{OpenSSL}.
diff --git a/OpenSSL/test/test_crypto.py b/OpenSSL/test/test_crypto.py
index 07c172f..71da5c3 100644
--- a/OpenSSL/test/test_crypto.py
+++ b/OpenSSL/test/test_crypto.py
@@ -1,4 +1,5 @@
-# Copyright (C) Jean-Paul Calderone 2008, All rights reserved
+# Copyright (c) Jean-Paul Calderone
+# See LICENSE file for details.
"""
Unit tests for L{OpenSSL.crypto}.
@@ -25,6 +26,13 @@ from OpenSSL.crypto import NetscapeSPKI, NetscapeSPKIType
from OpenSSL.crypto import sign, verify
from OpenSSL.test.util import TestCase, bytes, b
+def normalize_certificate_pem(pem):
+ return dump_certificate(FILETYPE_PEM, load_certificate(FILETYPE_PEM, pem))
+
+
+def normalize_privatekey_pem(pem):
+ return dump_privatekey(FILETYPE_PEM, load_privatekey(FILETYPE_PEM, pem))
+
root_cert_pem = b("""-----BEGIN CERTIFICATE-----
MIIC7TCCAlagAwIBAgIIPQzE4MbeufQwDQYJKoZIhvcNAQEFBQAwWDELMAkGA1UE
@@ -79,7 +87,7 @@ uzujnS8YXWvM7DM1Ilozk4MzPug8jzFp5uhKCQ==
-----END CERTIFICATE-----
""")
-server_key_pem = b("""-----BEGIN RSA PRIVATE KEY-----
+server_key_pem = normalize_privatekey_pem(b("""-----BEGIN RSA PRIVATE KEY-----
MIICWwIBAAKBgQC+pvhuud1dLaQQvzipdtlcTotgr5SuE2LvSx0gz/bg1U3u1eQ+
U5eqsxaEUceaX5p5Kk+QflvW8qdjVNxQuYS5uc0gK2+OZnlIYxCf4n5GYGzVIx3Q
SBj/TAEFB2WuVinZBiCbxgL7PFM1Kpa+EwVkCAduPpSflJJPwkYGrK2MHQIDAQAB
@@ -94,7 +102,7 @@ FwwOhpahld+vqhYk+pfuWWUpQciE+Bu7ZQJASjfT4sQv4qbbKK/scePicnDdx9th
NaeNCFfH3aeTrX0LyQJAMBWjWmeKM2G2sCExheeQK0ROnaBC8itCECD4Jsve4nqf
r50+LF74iLXFwqysVCebPKMOpDWp/qQ1BbJQIPs7/A==
-----END RSA PRIVATE KEY-----
-""")
+"""))
client_cert_pem = b("""-----BEGIN CERTIFICATE-----
MIICJjCCAY+gAwIBAgIJAKxpFI5lODkjMA0GCSqGSIb3DQEBBQUAMFgxCzAJBgNV
@@ -112,7 +120,7 @@ PSTJCjJOn3xo2NTKRgV1gaoTf2EhL+RG8TQ=
-----END CERTIFICATE-----
""")
-client_key_pem = b("""-----BEGIN RSA PRIVATE KEY-----
+client_key_pem = normalize_privatekey_pem(b("""-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQDAZh/SRtNm5ntMT4qb6YzEpTroMlq2rn+GrRHRiZ+xkCw/CGNh
btPir7/QxaUj26BSmQrHw1bGKEbPsWiW7bdXSespl+xKiku4G/KvnnmWdeJHqsiX
eUZtqurMELcPQAw9xPHEuhqqUJvvEoMTsnCEqGM+7DtboCRajYyHfluARQIDAQAB
@@ -127,7 +135,7 @@ si6xwT7GzMDkk/ko684AV3KPc/h6G0yGtFIrMg7J3uExpR/VdH2KgwMkZXisSMvw
JJEQjOMCVsEJlRk54WWjAkEAzoZNH6UhDdBK5F38rVt/y4SEHgbSfJHIAmPS32Kq
f6GGcfNpip0Uk7q7udTKuX7Q/buZi/C4YW7u3VKAquv9NA==
-----END RSA PRIVATE KEY-----
-""")
+"""))
cleartextCertificatePEM = b("""-----BEGIN CERTIFICATE-----
MIIC7TCCAlagAwIBAgIIPQzE4MbeufQwDQYJKoZIhvcNAQEFBQAwWDELMAkGA1UE
@@ -149,7 +157,8 @@ w/njVbKMXrvc83qmTdGl3TAM0fxQIpqgcglFLveEBgzn
-----END CERTIFICATE-----
""")
-cleartextPrivateKeyPEM = b("""-----BEGIN RSA PRIVATE KEY-----
+cleartextPrivateKeyPEM = normalize_privatekey_pem(b("""\
+-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQD5mkLpi7q6ROdu7khB3S9aanA0Zls7vvfGOmB80/yeylhGpsjA
jWen0VtSQke/NlEPGtO38tsV7CsuFnSmschvAnGrcJl76b0UOOHUgDTIoRxC6QDU
3claegwsrBA+sJEBbqx5RdXbIRGicPG/8qQ4Zm1SKOgotcbwiaor2yxZ2wIDAQAB
@@ -164,7 +173,7 @@ ttXigLnCqR486JDPTi9ZscoZkZ+w7y6e/hH8t6d5Vjt48JVyfjPIaJY+km58LcN3
6AWSeGAdtRFHVzR7oHjVAkB4hutvxiOeiIVQNBhM6RSI9aBPMI21DoX2JRoxvNW2
cbvAhow217X9V0dVerEOKxnNYspXRrh36h7k4mQA+sDq
-----END RSA PRIVATE KEY-----
-""")
+"""))
cleartextCertificateRequestPEM = b("""-----BEGIN CERTIFICATE REQUEST-----
MIIBnjCCAQcCAQAwXjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAklMMRAwDgYDVQQH
@@ -352,6 +361,26 @@ class X509ExtTests(TestCase):
self.assertEqual(ext.get_short_name(), b('nsComment'))
+ def test_get_data(self):
+ """
+ L{X509Extension.get_data} returns a string giving the data of the
+ extension.
+ """
+ ext = X509Extension(b('basicConstraints'), True, b('CA:true'))
+ # Expect to get back the DER encoded form of CA:true.
+ self.assertEqual(ext.get_data(), b('0\x03\x01\x01\xff'))
+
+
+ def test_get_data_wrong_args(self):
+ """
+ L{X509Extension.get_data} raises L{TypeError} if passed any arguments.
+ """
+ ext = X509Extension(b('basicConstraints'), True, b('CA:true'))
+ self.assertRaises(TypeError, ext.get_data, None)
+ self.assertRaises(TypeError, ext.get_data, "foo")
+ self.assertRaises(TypeError, ext.get_data, 7)
+
+
def test_unused_subject(self):
"""
The C{subject} parameter to L{X509Extension} may be provided for an
@@ -597,6 +626,33 @@ class X509NameTests(TestCase):
name, type(name), X509NameType))
+ def test_onlyStringAttributes(self):
+ """
+ Attempting to set a non-L{str} attribute name on an L{X509NameType}
+ instance causes L{TypeError} to be raised.
+ """
+ name = self._x509name()
+ # Beyond these cases, you may also think that unicode should be
+ # rejected. Sorry, you're wrong. unicode is automatically converted to
+ # str outside of the control of X509Name, so there's no way to reject
+ # it.
+ self.assertRaises(TypeError, setattr, name, None, "hello")
+ self.assertRaises(TypeError, setattr, name, 30, "hello")
+ class evil(str):
+ pass
+ self.assertRaises(TypeError, setattr, name, evil(), "hello")
+
+
+ def test_setInvalidAttribute(self):
+ """
+ Attempting to set any attribute name on an L{X509NameType} instance for
+ which no corresponding NID is defined causes L{AttributeError} to be
+ raised.
+ """
+ name = self._x509name()
+ self.assertRaises(AttributeError, setattr, name, "no such thing", None)
+
+
def test_attributes(self):
"""
L{X509NameType} instances have attributes for each standard (?)
@@ -946,6 +1002,26 @@ class X509Tests(TestCase, _PKeyInteractionTestsMixin):
"""
pemData = cleartextCertificatePEM + cleartextPrivateKeyPEM
+ extpem = """
+-----BEGIN CERTIFICATE-----
+MIIC3jCCAkegAwIBAgIJAJHFjlcCgnQzMA0GCSqGSIb3DQEBBQUAMEcxCzAJBgNV
+BAYTAlNFMRUwEwYDVQQIEwxXZXN0ZXJib3R0b20xEjAQBgNVBAoTCUNhdGFsb2dp
+eDENMAsGA1UEAxMEUm9vdDAeFw0wODA0MjIxNDQ1MzhaFw0wOTA0MjIxNDQ1Mzha
+MFQxCzAJBgNVBAYTAlNFMQswCQYDVQQIEwJXQjEUMBIGA1UEChMLT3Blbk1ldGFk
+aXIxIjAgBgNVBAMTGW5vZGUxLm9tMi5vcGVubWV0YWRpci5vcmcwgZ8wDQYJKoZI
+hvcNAQEBBQADgY0AMIGJAoGBAPIcQMrwbk2nESF/0JKibj9i1x95XYAOwP+LarwT
+Op4EQbdlI9SY+uqYqlERhF19w7CS+S6oyqx0DRZSk4Y9dZ9j9/xgm2u/f136YS1u
+zgYFPvfUs6PqYLPSM8Bw+SjJ+7+2+TN+Tkiof9WP1cMjodQwOmdsiRbR0/J7+b1B
+hec1AgMBAAGjgcQwgcEwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNT
+TCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFIdHsBcMVVMbAO7j6NCj
+03HgLnHaMB8GA1UdIwQYMBaAFL2h9Bf9Mre4vTdOiHTGAt7BRY/8MEYGA1UdEQQ/
+MD2CDSouZXhhbXBsZS5vcmeCESoub20yLmV4bWFwbGUuY29thwSC7wgKgRNvbTJA
+b3Blbm1ldGFkaXIub3JnMA0GCSqGSIb3DQEBBQUAA4GBALd7WdXkp2KvZ7/PuWZA
+MPlIxyjS+Ly11+BNE0xGQRp9Wz+2lABtpgNqssvU156+HkKd02rGheb2tj7MX9hG
+uZzbwDAZzJPjzDQDD7d3cWsrVcfIdqVU7epHqIadnOF+X0ghJ39pAm6VVadnSXCt
+WpOdIpB8KksUTCzV591Nr1wd
+-----END CERTIFICATE-----
+ """
def signable(self):
"""
Create and return a new L{X509}.
@@ -1198,6 +1274,77 @@ class X509Tests(TestCase, _PKeyInteractionTestsMixin):
b("A8:EB:07:F8:53:25:0A:F2:56:05:C5:A5:C4:C4:C7:15"))
+ def _extcert(self, pkey, extensions):
+ cert = X509()
+ cert.set_pubkey(pkey)
+ cert.get_subject().commonName = "Unit Tests"
+ cert.get_issuer().commonName = "Unit Tests"
+ when = b(datetime.now().strftime("%Y%m%d%H%M%SZ"))
+ cert.set_notBefore(when)
+ cert.set_notAfter(when)
+
+ cert.add_extensions(extensions)
+ return load_certificate(
+ FILETYPE_PEM, dump_certificate(FILETYPE_PEM, cert))
+
+
+ def test_extension_count(self):
+ """
+ L{X509.get_extension_count} returns the number of extensions that are
+ present in the certificate.
+ """
+ pkey = load_privatekey(FILETYPE_PEM, client_key_pem)
+ ca = X509Extension(b('basicConstraints'), True, b('CA:FALSE'))
+ key = X509Extension(b('keyUsage'), True, b('digitalSignature'))
+ subjectAltName = X509Extension(
+ b('subjectAltName'), True, b('DNS:example.com'))
+
+ # Try a certificate with no extensions at all.
+ c = self._extcert(pkey, [])
+ self.assertEqual(c.get_extension_count(), 0)
+
+ # And a certificate with one
+ c = self._extcert(pkey, [ca])
+ self.assertEqual(c.get_extension_count(), 1)
+
+ # And a certificate with several
+ c = self._extcert(pkey, [ca, key, subjectAltName])
+ self.assertEqual(c.get_extension_count(), 3)
+
+
+ def test_get_extension(self):
+ """
+ L{X509.get_extension} takes an integer and returns an L{X509Extension}
+ corresponding to the extension at that index.
+ """
+ pkey = load_privatekey(FILETYPE_PEM, client_key_pem)
+ ca = X509Extension(b('basicConstraints'), True, b('CA:FALSE'))
+ key = X509Extension(b('keyUsage'), True, b('digitalSignature'))
+ subjectAltName = X509Extension(
+ b('subjectAltName'), False, b('DNS:example.com'))
+
+ cert = self._extcert(pkey, [ca, key, subjectAltName])
+
+ ext = cert.get_extension(0)
+ self.assertTrue(isinstance(ext, X509Extension))
+ self.assertTrue(ext.get_critical())
+ self.assertEqual(ext.get_short_name(), b('basicConstraints'))
+
+ ext = cert.get_extension(1)
+ self.assertTrue(isinstance(ext, X509Extension))
+ self.assertTrue(ext.get_critical())
+ self.assertEqual(ext.get_short_name(), b('keyUsage'))
+
+ ext = cert.get_extension(2)
+ self.assertTrue(isinstance(ext, X509Extension))
+ self.assertFalse(ext.get_critical())
+ self.assertEqual(ext.get_short_name(), b('subjectAltName'))
+
+ self.assertRaises(IndexError, cert.get_extension, -1)
+ self.assertRaises(IndexError, cert.get_extension, 4)
+ self.assertRaises(TypeError, cert.get_extension, "hello")
+
+
def test_invalid_digest_algorithm(self):
"""
L{X509.digest} raises L{ValueError} if called with an unrecognized hash
@@ -1326,7 +1473,53 @@ class X509Tests(TestCase, _PKeyInteractionTestsMixin):
name.
"""
cert = load_certificate(FILETYPE_PEM, self.pemData)
- self.assertEquals(cert.subject_name_hash(), 3350047874)
+ self.assertIn(
+ cert.subject_name_hash(),
+ [3350047874, # OpenSSL 0.9.8, MD5
+ 3278919224, # OpenSSL 1.0.0, SHA1
+ ])
+
+
+ def test_get_signature_algorithm(self):
+ """
+ L{X509Type.get_signature_algorithm} returns a string which means
+ the algorithm used to sign the certificate.
+ """
+ cert = load_certificate(FILETYPE_PEM, self.pemData)
+ self.assertEqual(
+ b("sha1WithRSAEncryption"), cert.get_signature_algorithm())
+
+
+ def test_get_undefined_signature_algorithm(self):
+ """
+ L{X509Type.get_signature_algorithm} raises L{ValueError} if the
+ signature algorithm is undefined or unknown.
+ """
+ # This certificate has been modified to indicate a bogus OID in the
+ # signature algorithm field so that OpenSSL does not recognize it.
+ certPEM = """\
+-----BEGIN CERTIFICATE-----
+MIIC/zCCAmigAwIBAgIBATAGBgJ8BQUAMHsxCzAJBgNVBAYTAlNHMREwDwYDVQQK
+EwhNMkNyeXB0bzEUMBIGA1UECxMLTTJDcnlwdG8gQ0ExJDAiBgNVBAMTG00yQ3J5
+cHRvIENlcnRpZmljYXRlIE1hc3RlcjEdMBsGCSqGSIb3DQEJARYObmdwc0Bwb3N0
+MS5jb20wHhcNMDAwOTEwMDk1MTMwWhcNMDIwOTEwMDk1MTMwWjBTMQswCQYDVQQG
+EwJTRzERMA8GA1UEChMITTJDcnlwdG8xEjAQBgNVBAMTCWxvY2FsaG9zdDEdMBsG
+CSqGSIb3DQEJARYObmdwc0Bwb3N0MS5jb20wXDANBgkqhkiG9w0BAQEFAANLADBI
+AkEArL57d26W9fNXvOhNlZzlPOACmvwOZ5AdNgLzJ1/MfsQQJ7hHVeHmTAjM664V
++fXvwUGJLziCeBo1ysWLRnl8CQIDAQABo4IBBDCCAQAwCQYDVR0TBAIwADAsBglg
+hkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O
+BBYEFM+EgpK+eyZiwFU1aOPSbczbPSpVMIGlBgNVHSMEgZ0wgZqAFPuHI2nrnDqT
+FeXFvylRT/7tKDgBoX+kfTB7MQswCQYDVQQGEwJTRzERMA8GA1UEChMITTJDcnlw
+dG8xFDASBgNVBAsTC00yQ3J5cHRvIENBMSQwIgYDVQQDExtNMkNyeXB0byBDZXJ0
+aWZpY2F0ZSBNYXN0ZXIxHTAbBgkqhkiG9w0BCQEWDm5ncHNAcG9zdDEuY29tggEA
+MA0GCSqGSIb3DQEBBAUAA4GBADv8KpPo+gfJxN2ERK1Y1l17sz/ZhzoGgm5XCdbx
+jEY7xKfpQngV599k1xhl11IMqizDwu0855agrckg2MCTmOI9DZzDD77tAYb+Dk0O
+PEVk0Mk/V0aIsDE9bolfCi/i/QWZ3N8s5nTWMNyBBBmoSliWCm4jkkRZRD0ejgTN
+tgI5
+-----END CERTIFICATE-----
+"""
+ cert = load_certificate(FILETYPE_PEM, certPEM)
+ self.assertRaises(ValueError, cert.get_signature_algorithm)
@@ -1547,7 +1740,7 @@ class PKCS12Tests(TestCase):
dumped_p12 = p12.export(passphrase=passwd, iter=2, maciter=3)
reloaded_p12 = load_pkcs12(dumped_p12, passwd)
self.assertEqual(
- p12.get_friendlyname(),reloaded_p12.get_friendlyname())
+ p12.get_friendlyname(), reloaded_p12.get_friendlyname())
# We would use the openssl program to confirm the friendly
# name, but it is not possible. The pkcs12 command
# does not store the friendly name in the cert's
diff --git a/OpenSSL/test/test_rand.py b/OpenSSL/test/test_rand.py
index a785168..00fc6d1 100644
--- a/OpenSSL/test/test_rand.py
+++ b/OpenSSL/test/test_rand.py
@@ -1,4 +1,5 @@
-# Copyright (C) Frederick Dean 2009, All rights reserved
+# Copyright (c) Frederick Dean
+# See LICENSE for details.
"""
Unit tests for L{OpenSSL.rand}.
diff --git a/OpenSSL/test/test_ssl.py b/OpenSSL/test/test_ssl.py
index 6c8579b..2ab67fd 100644
--- a/OpenSSL/test/test_ssl.py
+++ b/OpenSSL/test/test_ssl.py
@@ -1,32 +1,41 @@
-# Copyright (C) Jean-Paul Calderone 2008-2010, All rights reserved
+# Copyright (C) Jean-Paul Calderone
+# See LICENSE for details.
"""
Unit tests for L{OpenSSL.SSL}.
"""
+from gc import collect
from errno import ECONNREFUSED, EINPROGRESS, EWOULDBLOCK
-from sys import platform
+from sys import platform, version_info
from socket import error, socket
from os import makedirs
from os.path import join
from unittest import main
+from weakref import ref
-from OpenSSL.crypto import TYPE_RSA, FILETYPE_PEM, FILETYPE_ASN1
+from OpenSSL.crypto import TYPE_RSA, FILETYPE_PEM
from OpenSSL.crypto import PKey, X509, X509Extension
from OpenSSL.crypto import dump_privatekey, load_privatekey
from OpenSSL.crypto import dump_certificate, load_certificate
+from OpenSSL.SSL import OPENSSL_VERSION_NUMBER, SSLEAY_VERSION, SSLEAY_CFLAGS
+from OpenSSL.SSL import SSLEAY_PLATFORM, SSLEAY_DIR, SSLEAY_BUILT_ON
from OpenSSL.SSL import SENT_SHUTDOWN, RECEIVED_SHUTDOWN
from OpenSSL.SSL import SSLv2_METHOD, SSLv3_METHOD, SSLv23_METHOD, TLSv1_METHOD
from OpenSSL.SSL import OP_NO_SSLv2, OP_NO_SSLv3, OP_SINGLE_DH_USE
-from OpenSSL.SSL import VERIFY_PEER, VERIFY_FAIL_IF_NO_PEER_CERT, VERIFY_CLIENT_ONCE
-from OpenSSL.SSL import Error, SysCallError, WantReadError, ZeroReturnError
+from OpenSSL.SSL import (
+ VERIFY_PEER, VERIFY_FAIL_IF_NO_PEER_CERT, VERIFY_CLIENT_ONCE, VERIFY_NONE)
+from OpenSSL.SSL import (
+ Error, SysCallError, WantReadError, ZeroReturnError, SSLeay_version)
from OpenSSL.SSL import Context, ContextType, Connection, ConnectionType
from OpenSSL.test.util import TestCase, bytes, b
-from OpenSSL.test.test_crypto import cleartextCertificatePEM, cleartextPrivateKeyPEM
-from OpenSSL.test.test_crypto import client_cert_pem, client_key_pem
-from OpenSSL.test.test_crypto import server_cert_pem, server_key_pem, root_cert_pem
+from OpenSSL.test.test_crypto import (
+ cleartextCertificatePEM, cleartextPrivateKeyPEM)
+from OpenSSL.test.test_crypto import (
+ client_cert_pem, client_key_pem, server_cert_pem, server_key_pem,
+ root_cert_pem)
try:
from OpenSSL.SSL import OP_NO_QUERY_MTU
@@ -41,6 +50,13 @@ try:
except ImportError:
OP_NO_TICKET = None
+from OpenSSL.SSL import (
+ SSL_ST_CONNECT, SSL_ST_ACCEPT, SSL_ST_MASK, SSL_ST_INIT, SSL_ST_BEFORE,
+ SSL_ST_OK, SSL_ST_RENEGOTIATE,
+ SSL_CB_LOOP, SSL_CB_EXIT, SSL_CB_READ, SSL_CB_WRITE, SSL_CB_ALERT,
+ SSL_CB_READ_ALERT, SSL_CB_WRITE_ALERT, SSL_CB_ACCEPT_LOOP,
+ SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP, SSL_CB_CONNECT_EXIT,
+ SSL_CB_HANDSHAKE_START, SSL_CB_HANDSHAKE_DONE)
# openssl dhparam 128 -out dh-128.pem (note that 128 is a small number of bits
# to use)
@@ -54,6 +70,7 @@ MBYCEQCobsg29c9WZP/54oAPcwiDAgEC
def verify_cb(conn, cert, errnum, depth, ok):
return ok
+
def socket_pair():
"""
Establish and return a pair of network sockets connected to each other.
@@ -96,6 +113,60 @@ def handshake(client, server):
conns.remove(conn)
+def _create_certificate_chain():
+ """
+ Construct and return a chain of certificates.
+
+ 1. A new self-signed certificate authority certificate (cacert)
+ 2. A new intermediate certificate signed by cacert (icert)
+ 3. A new server certificate signed by icert (scert)
+ """
+ caext = X509Extension(b('basicConstraints'), False, b('CA:true'))
+
+ # Step 1
+ cakey = PKey()
+ cakey.generate_key(TYPE_RSA, 512)
+ cacert = X509()
+ cacert.get_subject().commonName = "Authority Certificate"
+ cacert.set_issuer(cacert.get_subject())
+ cacert.set_pubkey(cakey)
+ cacert.set_notBefore(b("20000101000000Z"))
+ cacert.set_notAfter(b("20200101000000Z"))
+ cacert.add_extensions([caext])
+ cacert.set_serial_number(0)
+ cacert.sign(cakey, "sha1")
+
+ # Step 2
+ ikey = PKey()
+ ikey.generate_key(TYPE_RSA, 512)
+ icert = X509()
+ icert.get_subject().commonName = "Intermediate Certificate"
+ icert.set_issuer(cacert.get_subject())
+ icert.set_pubkey(ikey)
+ icert.set_notBefore(b("20000101000000Z"))
+ icert.set_notAfter(b("20200101000000Z"))
+ icert.add_extensions([caext])
+ icert.set_serial_number(0)
+ icert.sign(cakey, "sha1")
+
+ # Step 3
+ skey = PKey()
+ skey.generate_key(TYPE_RSA, 512)
+ scert = X509()
+ scert.get_subject().commonName = "Server Certificate"
+ scert.set_issuer(icert.get_subject())
+ scert.set_pubkey(skey)
+ scert.set_notBefore(b("20000101000000Z"))
+ scert.set_notAfter(b("20200101000000Z"))
+ scert.add_extensions([
+ X509Extension(b('basicConstraints'), True, b('CA:false'))])
+ scert.set_serial_number(0)
+ scert.sign(ikey, "sha1")
+
+ return [(cakey, cacert), (ikey, icert), (skey, scert)]
+
+
+
class _LoopbackMixin:
"""
Helper mixin which defines methods for creating a connected socket pair and
@@ -141,7 +212,7 @@ class _LoopbackMixin:
# Give the side a chance to generate some more bytes, or
# succeed.
try:
- bytes = read.recv(2 ** 16)
+ data = read.recv(2 ** 16)
except WantReadError:
# It didn't succeed, so we'll hope it generated some
# output.
@@ -149,7 +220,7 @@ class _LoopbackMixin:
else:
# It did succeed, so we'll stop now and let the caller deal
# with it.
- return (read, bytes)
+ return (read, data)
while True:
# Keep copying as long as there's more stuff there.
@@ -167,6 +238,36 @@ class _LoopbackMixin:
+class VersionTests(TestCase):
+ """
+ Tests for version information exposed by
+ L{OpenSSL.SSL.SSLeay_version} and
+ L{OpenSSL.SSL.OPENSSL_VERSION_NUMBER}.
+ """
+ def test_OPENSSL_VERSION_NUMBER(self):
+ """
+ L{OPENSSL_VERSION_NUMBER} is an integer with status in the low
+ byte and the patch, fix, minor, and major versions in the
+ nibbles above that.
+ """
+ self.assertTrue(isinstance(OPENSSL_VERSION_NUMBER, int))
+
+
+ def test_SSLeay_version(self):
+ """
+ L{SSLeay_version} takes a version type indicator and returns
+ one of a number of version strings based on that indicator.
+ """
+ versions = {}
+ for t in [SSLEAY_VERSION, SSLEAY_CFLAGS, SSLEAY_BUILT_ON,
+ SSLEAY_PLATFORM, SSLEAY_DIR]:
+ version = SSLeay_version(t)
+ versions[version] = t
+ self.assertTrue(isinstance(version, bytes))
+ self.assertEqual(len(versions), 5)
+
+
+
class ContextTests(TestCase, _LoopbackMixin):
"""
Unit tests for L{OpenSSL.SSL.Context}.
@@ -176,8 +277,16 @@ class ContextTests(TestCase, _LoopbackMixin):
L{Context} can be instantiated with one of L{SSLv2_METHOD},
L{SSLv3_METHOD}, L{SSLv23_METHOD}, or L{TLSv1_METHOD}.
"""
- for meth in [SSLv2_METHOD, SSLv3_METHOD, SSLv23_METHOD, TLSv1_METHOD]:
+ for meth in [SSLv3_METHOD, SSLv23_METHOD, TLSv1_METHOD]:
Context(meth)
+
+ try:
+ Context(SSLv2_METHOD)
+ except ValueError:
+ # Some versions of OpenSSL have SSLv2, some don't.
+ # Difficult to say in advance.
+ pass
+
self.assertRaises(TypeError, Context, "")
self.assertRaises(ValueError, Context, 10)
@@ -512,12 +621,14 @@ class ContextTests(TestCase, _LoopbackMixin):
"""
capath = self.mktemp()
makedirs(capath)
- # Hash value computed manually with c_rehash to avoid depending on
- # c_rehash in the test suite.
- cafile = join(capath, 'c7adac82.0')
- fObj = open(cafile, 'w')
- fObj.write(cleartextCertificatePEM.decode('ascii'))
- fObj.close()
+ # Hash values computed manually with c_rehash to avoid depending on
+ # c_rehash in the test suite. One is from OpenSSL 0.9.8, the other
+ # from OpenSSL 1.0.0.
+ for name in ['c7adac82.0', 'c3705638.0']:
+ cafile = join(capath, name)
+ fObj = open(cafile, 'w')
+ fObj.write(cleartextCertificatePEM.decode('ascii'))
+ fObj.close()
self._load_verify_locations_test(None, capath)
@@ -590,59 +701,6 @@ class ContextTests(TestCase, _LoopbackMixin):
self.assertRaises(TypeError, context.add_extra_chain_cert, object(), object())
- def _create_certificate_chain(self):
- """
- Construct and return a chain of certificates.
-
- 1. A new self-signed certificate authority certificate (cacert)
- 2. A new intermediate certificate signed by cacert (icert)
- 3. A new server certificate signed by icert (scert)
- """
- caext = X509Extension(b('basicConstraints'), False, b('CA:true'))
-
- # Step 1
- cakey = PKey()
- cakey.generate_key(TYPE_RSA, 512)
- cacert = X509()
- cacert.get_subject().commonName = "Authority Certificate"
- cacert.set_issuer(cacert.get_subject())
- cacert.set_pubkey(cakey)
- cacert.set_notBefore(b("20000101000000Z"))
- cacert.set_notAfter(b("20200101000000Z"))
- cacert.add_extensions([caext])
- cacert.set_serial_number(0)
- cacert.sign(cakey, "sha1")
-
- # Step 2
- ikey = PKey()
- ikey.generate_key(TYPE_RSA, 512)
- icert = X509()
- icert.get_subject().commonName = "Intermediate Certificate"
- icert.set_issuer(cacert.get_subject())
- icert.set_pubkey(ikey)
- icert.set_notBefore(b("20000101000000Z"))
- icert.set_notAfter(b("20200101000000Z"))
- icert.add_extensions([caext])
- icert.set_serial_number(0)
- icert.sign(cakey, "sha1")
-
- # Step 3
- skey = PKey()
- skey.generate_key(TYPE_RSA, 512)
- scert = X509()
- scert.get_subject().commonName = "Server Certificate"
- scert.set_issuer(icert.get_subject())
- scert.set_pubkey(skey)
- scert.set_notBefore(b("20000101000000Z"))
- scert.set_notAfter(b("20200101000000Z"))
- scert.add_extensions([
- X509Extension(b('basicConstraints'), True, b('CA:false'))])
- scert.set_serial_number(0)
- scert.sign(ikey, "sha1")
-
- return [(cakey, cacert), (ikey, icert), (skey, scert)]
-
-
def _handshake_test(self, serverContext, clientContext):
"""
Verify that a client and server created with the given contexts can
@@ -678,7 +736,7 @@ class ContextTests(TestCase, _LoopbackMixin):
to it with a client which trusts cacert and requires verification to
succeed.
"""
- chain = self._create_certificate_chain()
+ chain = _create_certificate_chain()
[(cakey, cacert), (ikey, icert), (skey, scert)] = chain
# Dump the CA certificate to a file because that's the only way to load
@@ -719,7 +777,7 @@ class ContextTests(TestCase, _LoopbackMixin):
to it with a client which trusts cacert and requires verification to
succeed.
"""
- chain = self._create_certificate_chain()
+ chain = _create_certificate_chain()
[(cakey, cacert), (ikey, icert), (skey, scert)] = chain
# Write out the chain file.
@@ -817,6 +875,106 @@ class ContextTests(TestCase, _LoopbackMixin):
+class ServerNameCallbackTests(TestCase, _LoopbackMixin):
+ """
+ Tests for L{Context.set_tlsext_servername_callback} and its interaction with
+ L{Connection}.
+ """
+ def test_wrong_args(self):
+ """
+ L{Context.set_tlsext_servername_callback} raises L{TypeError} if called
+ with other than one argument.
+ """
+ context = Context(TLSv1_METHOD)
+ self.assertRaises(TypeError, context.set_tlsext_servername_callback)
+ self.assertRaises(
+ TypeError, context.set_tlsext_servername_callback, 1, 2)
+
+ def test_old_callback_forgotten(self):
+ """
+ If L{Context.set_tlsext_servername_callback} is used to specify a new
+ callback, the one it replaces is dereferenced.
+ """
+ def callback(connection):
+ pass
+
+ def replacement(connection):
+ pass
+
+ context = Context(TLSv1_METHOD)
+ context.set_tlsext_servername_callback(callback)
+
+ tracker = ref(callback)
+ del callback
+
+ context.set_tlsext_servername_callback(replacement)
+ collect()
+ self.assertIdentical(None, tracker())
+
+
+ def test_no_servername(self):
+ """
+ When a client specifies no server name, the callback passed to
+ L{Context.set_tlsext_servername_callback} is invoked and the result of
+ L{Connection.get_servername} is C{None}.
+ """
+ args = []
+ def servername(conn):
+ args.append((conn, conn.get_servername()))
+ context = Context(TLSv1_METHOD)
+ context.set_tlsext_servername_callback(servername)
+
+ # Lose our reference to it. The Context is responsible for keeping it
+ # alive now.
+ del servername
+ collect()
+
+ # Necessary to actually accept the connection
+ context.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))
+ context.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))
+
+ # Do a little connection to trigger the logic
+ server = Connection(context, None)
+ server.set_accept_state()
+
+ client = Connection(Context(TLSv1_METHOD), None)
+ client.set_connect_state()
+
+ self._interactInMemory(server, client)
+
+ self.assertEqual([(server, None)], args)
+
+
+ def test_servername(self):
+ """
+ When a client specifies a server name in its hello message, the callback
+ passed to L{Contexts.set_tlsext_servername_callback} is invoked and the
+ result of L{Connection.get_servername} is that server name.
+ """
+ args = []
+ def servername(conn):
+ args.append((conn, conn.get_servername()))
+ context = Context(TLSv1_METHOD)
+ context.set_tlsext_servername_callback(servername)
+
+ # Necessary to actually accept the connection
+ context.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))
+ context.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))
+
+ # Do a little connection to trigger the logic
+ server = Connection(context, None)
+ server.set_accept_state()
+
+ client = Connection(Context(TLSv1_METHOD), None)
+ client.set_connect_state()
+ client.set_tlsext_host_name(b("foo1.example.com"))
+
+ self._interactInMemory(server, client)
+
+ self.assertEqual([(server, b("foo1.example.com"))], args)
+
+
+
class ConnectionTests(TestCase, _LoopbackMixin):
"""
Unit tests for L{OpenSSL.SSL.Connection}.
@@ -868,6 +1026,71 @@ class ConnectionTests(TestCase, _LoopbackMixin):
self.assertRaises(TypeError, connection.get_context, None)
+ def test_set_context_wrong_args(self):
+ """
+ L{Connection.set_context} raises L{TypeError} if called with a
+ non-L{Context} instance argument or with any number of arguments other
+ than 1.
+ """
+ ctx = Context(TLSv1_METHOD)
+ connection = Connection(ctx, None)
+ self.assertRaises(TypeError, connection.set_context)
+ self.assertRaises(TypeError, connection.set_context, object())
+ self.assertRaises(TypeError, connection.set_context, "hello")
+ self.assertRaises(TypeError, connection.set_context, 1)
+ self.assertRaises(TypeError, connection.set_context, 1, 2)
+ self.assertRaises(
+ TypeError, connection.set_context, Context(TLSv1_METHOD), 2)
+ self.assertIdentical(ctx, connection.get_context())
+
+
+ def test_set_context(self):
+ """
+ L{Connection.set_context} specifies a new L{Context} instance to be used
+ for the connection.
+ """
+ original = Context(SSLv23_METHOD)
+ replacement = Context(TLSv1_METHOD)
+ connection = Connection(original, None)
+ connection.set_context(replacement)
+ self.assertIdentical(replacement, connection.get_context())
+ # Lose our references to the contexts, just in case the Connection isn't
+ # properly managing its own contributions to their reference counts.
+ del original, replacement
+ collect()
+
+
+ def test_set_tlsext_host_name_wrong_args(self):
+ """
+ If L{Connection.set_tlsext_host_name} is called with a non-byte string
+ argument or a byte string with an embedded NUL or other than one
+ argument, L{TypeError} is raised.
+ """
+ conn = Connection(Context(TLSv1_METHOD), None)
+ self.assertRaises(TypeError, conn.set_tlsext_host_name)
+ self.assertRaises(TypeError, conn.set_tlsext_host_name, object())
+ self.assertRaises(TypeError, conn.set_tlsext_host_name, 123, 456)
+ self.assertRaises(
+ TypeError, conn.set_tlsext_host_name, b("with\0null"))
+
+ if version_info >= (3,):
+ # On Python 3.x, don't accidentally implicitly convert from text.
+ self.assertRaises(
+ TypeError,
+ conn.set_tlsext_host_name, b("example.com").decode("ascii"))
+
+
+ def test_get_servername_wrong_args(self):
+ """
+ L{Connection.get_servername} raises L{TypeError} if called with any
+ arguments.
+ """
+ connection = Connection(Context(TLSv1_METHOD), None)
+ self.assertRaises(TypeError, connection.get_servername, object())
+ self.assertRaises(TypeError, connection.get_servername, 1)
+ self.assertRaises(TypeError, connection.get_servername, "hello")
+
+
def test_pending(self):
"""
L{Connection.pending} returns the number of bytes available for
@@ -1047,6 +1270,68 @@ class ConnectionTests(TestCase, _LoopbackMixin):
self.assertRaises(NotImplementedError, conn.makefile)
+ def test_get_peer_cert_chain_wrong_args(self):
+ """
+ L{Connection.get_peer_cert_chain} raises L{TypeError} if called with any
+ arguments.
+ """
+ conn = Connection(Context(TLSv1_METHOD), None)
+ self.assertRaises(TypeError, conn.get_peer_cert_chain, 1)
+ self.assertRaises(TypeError, conn.get_peer_cert_chain, "foo")
+ self.assertRaises(TypeError, conn.get_peer_cert_chain, object())
+ self.assertRaises(TypeError, conn.get_peer_cert_chain, [])
+
+
+ def test_get_peer_cert_chain(self):
+ """
+ L{Connection.get_peer_cert_chain} returns a list of certificates which
+ the connected server returned for the certification verification.
+ """
+ chain = _create_certificate_chain()
+ [(cakey, cacert), (ikey, icert), (skey, scert)] = chain
+
+ serverContext = Context(TLSv1_METHOD)
+ serverContext.use_privatekey(skey)
+ serverContext.use_certificate(scert)
+ serverContext.add_extra_chain_cert(icert)
+ serverContext.add_extra_chain_cert(cacert)
+ server = Connection(serverContext, None)
+ server.set_accept_state()
+
+ # Create the client
+ clientContext = Context(TLSv1_METHOD)
+ clientContext.set_verify(VERIFY_NONE, verify_cb)
+ client = Connection(clientContext, None)
+ client.set_connect_state()
+
+ self._interactInMemory(client, server)
+
+ chain = client.get_peer_cert_chain()
+ self.assertEqual(len(chain), 3)
+ self.assertEqual(
+ "Server Certificate", chain[0].get_subject().CN)
+ self.assertEqual(
+ "Intermediate Certificate", chain[1].get_subject().CN)
+ self.assertEqual(
+ "Authority Certificate", chain[2].get_subject().CN)
+
+
+ def test_get_peer_cert_chain_none(self):
+ """
+ L{Connection.get_peer_cert_chain} returns C{None} if the peer sends no
+ certificate chain.
+ """
+ ctx = Context(TLSv1_METHOD)
+ ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))
+ ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))
+ server = Connection(ctx, None)
+ server.set_accept_state()
+ client = Connection(Context(TLSv1_METHOD), None)
+ client.set_connect_state()
+ self._interactInMemory(client, server)
+ self.assertIdentical(None, server.get_peer_cert_chain())
+
+
class ConnectionGetCipherListTests(TestCase):
"""
@@ -1074,6 +1359,49 @@ class ConnectionGetCipherListTests(TestCase):
+class ConnectionSendTests(TestCase, _LoopbackMixin):
+ """
+ Tests for L{Connection.send}
+ """
+ def test_wrong_args(self):
+ """
+ When called with arguments other than a single string,
+ L{Connection.send} raises L{TypeError}.
+ """
+ connection = Connection(Context(TLSv1_METHOD), None)
+ self.assertRaises(TypeError, connection.send)
+ self.assertRaises(TypeError, connection.send, object())
+ self.assertRaises(TypeError, connection.send, "foo", "bar")
+
+
+ def test_short_bytes(self):
+ """
+ When passed a short byte string, L{Connection.send} transmits all of it
+ and returns the number of bytes sent.
+ """
+ server, client = self._loopback()
+ count = server.send(b('xy'))
+ self.assertEquals(count, 2)
+ self.assertEquals(client.recv(2), b('xy'))
+
+ try:
+ memoryview
+ except NameError:
+ "cannot test sending memoryview without memoryview"
+ else:
+ def test_short_memoryview(self):
+ """
+ When passed a memoryview onto a small number of bytes,
+ L{Connection.send} transmits all of them and returns the number of
+ bytes sent.
+ """
+ server, client = self._loopback()
+ count = server.send(memoryview(b('xy')))
+ self.assertEquals(count, 2)
+ self.assertEquals(client.recv(2), b('xy'))
+
+
+
class ConnectionSendallTests(TestCase, _LoopbackMixin):
"""
Tests for L{Connection.sendall}.
@@ -1099,6 +1427,21 @@ class ConnectionSendallTests(TestCase, _LoopbackMixin):
self.assertEquals(client.recv(1), b('x'))
+ try:
+ memoryview
+ except NameError:
+ "cannot test sending memoryview without memoryview"
+ else:
+ def test_short_memoryview(self):
+ """
+ When passed a memoryview onto a small number of bytes,
+ L{Connection.sendall} transmits all of them.
+ """
+ server, client = self._loopback()
+ server.sendall(memoryview(b('x')))
+ self.assertEquals(client.recv(1), b('x'))
+
+
def test_long(self):
"""
L{Connection.sendall} transmits all of the bytes in the string passed to
@@ -1617,6 +1960,28 @@ class MemoryBIOTests(TestCase, _LoopbackMixin):
self._check_client_ca_list(set_replaces_add_ca)
+class InfoConstantTests(TestCase):
+ """
+ Tests for assorted constants exposed for use in info callbacks.
+ """
+ def test_integers(self):
+ """
+ All of the info constants are integers.
+
+ This is a very weak test. It would be nice to have one that actually
+ verifies that as certain info events happen, the value passed to the
+ info callback matches up with the constant exposed by OpenSSL.SSL.
+ """
+ for const in [
+ SSL_ST_CONNECT, SSL_ST_ACCEPT, SSL_ST_MASK, SSL_ST_INIT,
+ SSL_ST_BEFORE, SSL_ST_OK, SSL_ST_RENEGOTIATE,
+ SSL_CB_LOOP, SSL_CB_EXIT, SSL_CB_READ, SSL_CB_WRITE, SSL_CB_ALERT,
+ SSL_CB_READ_ALERT, SSL_CB_WRITE_ALERT, SSL_CB_ACCEPT_LOOP,
+ SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP, SSL_CB_CONNECT_EXIT,
+ SSL_CB_HANDSHAKE_START, SSL_CB_HANDSHAKE_DONE]:
+
+ self.assertTrue(isinstance(const, int))
+
if __name__ == '__main__':
main()
diff --git a/OpenSSL/test/util.py b/OpenSSL/test/util.py
index 61246a6..643fb91 100644
--- a/OpenSSL/test/util.py
+++ b/OpenSSL/test/util.py
@@ -1,5 +1,5 @@
-# Copyright (C) Jean-Paul Calderone 2009, All rights reserved
-# Copyright (c) 2001-2009 Twisted Matrix Laboratories.
+# Copyright (C) Jean-Paul Calderone
+# Copyright (C) Twisted Matrix Laboratories.
# See LICENSE for details.
"""
@@ -15,16 +15,14 @@ import sys
from OpenSSL.crypto import Error, _exception_from_error_queue
-
-try:
- bytes = bytes
-except NameError:
+if sys.version_info < (3, 0):
def b(s):
return s
bytes = str
else:
def b(s):
- return s.encode("ascii")
+ return s.encode("charmap")
+ bytes = bytes
class TestCase(TestCase):
@@ -52,6 +50,22 @@ class TestCase(TestCase):
self.fail("Left over errors in OpenSSL error queue: " + repr(e))
+ def failUnlessIn(self, containee, container, msg=None):
+ """
+ Fail the test if C{containee} is not found in C{container}.
+
+ @param containee: the value that should be in C{container}
+ @param container: a sequence type, or in the case of a mapping type,
+ will follow semantics of 'if key in dict.keys()'
+ @param msg: if msg is None, then the failure message will be
+ '%r not in %r' % (first, second)
+ """
+ if containee not in container:
+ raise self.failureException(msg or "%r not in %r"
+ % (containee, container))
+ return containee
+ assertIn = failUnlessIn
+
def failUnlessIdentical(self, first, second, msg=None):
"""
Fail the test if C{first} is not C{second}. This is an
diff --git a/OpenSSL/tsafe.py b/OpenSSL/tsafe.py
index fe4b75f..9d7ad2f 100644
--- a/OpenSSL/tsafe.py
+++ b/OpenSSL/tsafe.py
@@ -16,7 +16,7 @@ class Connection:
'setblocking', 'fileno', 'shutdown', 'close', 'get_cipher_list',
'getpeername', 'getsockname', 'getsockopt', 'setsockopt',
'makefile', 'get_app_data', 'set_app_data', 'state_string',
- 'sock_shutdown', 'get_peer_certificate', 'want_read',
+ 'sock_shutdown', 'get_peer_certificate', 'get_peer_cert_chain', 'want_read',
'want_write', 'set_connect_state', 'set_accept_state',
'connect_ex', 'sendall'):
exec("""def %s(self, *args):
diff --git a/OpenSSL/util.c b/OpenSSL/util.c
index 3859cb8..ca60ccf 100644
--- a/OpenSSL/util.c
+++ b/OpenSSL/util.c
@@ -1,8 +1,9 @@
/*
* util.c
*
- * Copyright (C) AB Strakt 2001, All rights reserved
- * Copyright (C) Jean-Paul Calderone 2009, All rights reserved
+ * Copyright (C) AB Strakt
+ * Copyright (C) Jean-Paul Calderone
+ * See LICENSE for details.
*
* Utility functions.
* See the file RATIONALE for a short explanation of why this module was written.
diff --git a/OpenSSL/util.h b/OpenSSL/util.h
index bfbbb6c..e634b01 100644
--- a/OpenSSL/util.h
+++ b/OpenSSL/util.h
@@ -1,14 +1,14 @@
/*
* util.h
*
- * Copyright (C) AB Strakt 2001, All rights reserved
+ * Copyright (C) AB Strakt
+ * See LICENSE for details.
*
* Export utility functions and macros.
* See the file RATIONALE for a short explanation of why this module was written.
*
* Reviewed 2001-07-23
*
- * @(#) $Id: util.h,v 1.8 2002/08/16 10:08:09 martin Exp $
*/
#ifndef PyOpenSSL_UTIL_H_
#define PyOpenSSL_UTIL_H_
@@ -137,4 +137,8 @@ extern PyObject* PyOpenSSL_LongToHex(PyObject *o);
#define PyOpenSSL_LongToHex(o) PyNumber_ToBase(o, 16)
#endif
+#ifndef Py_TYPE
+#define Py_TYPE(ob) (((PyObject*)(ob))->ob_type)
+#endif
+
#endif
diff --git a/OpenSSL/version.py b/OpenSSL/version.py
index d8abe10..b7255e9 100644
--- a/OpenSSL/version.py
+++ b/OpenSSL/version.py
@@ -1,8 +1,9 @@
-# Copyright (C) AB Strakt 2001-2004, All rights reserved
-# Copyright (C) Jean-Paul Calderone 2008-2010, All rights reserved
+# Copyright (C) AB Strakt
+# Copyright (C) Jean-Paul Calderone
+# See LICENSE for details.
"""
pyOpenSSL - A simple wrapper around the OpenSSL library
"""
-__version__ = '0.11'
+__version__ = '0.12'
diff --git a/PKG-INFO b/PKG-INFO
deleted file mode 100644
index a8ffd00..0000000
--- a/PKG-INFO
+++ /dev/null
@@ -1,15 +0,0 @@
-Metadata-Version: 1.0
-Name: pyOpenSSL
-Version: 0.6
-Summary: Python wrapper module around the OpenSSL library
-Home-page: http://pyopenssl.sourceforge.net/
-Author: Martin Sjögren, AB Strakt
-Author-email: msjogren@gmail.com
-License: LGPL
-Description: High-level wrapper around a subset of the OpenSSL library, includes
- * SSL.Connection objects, wrapping the methods of Python's portable
- sockets
- * Callbacks written in Python
- * Extensive error-handling mechanism, mirroring OpenSSL's error codes
- ... and much more ;)
-Platform: UNKNOWN
diff --git a/README b/README
index fae0ae1..191fa5b 100644
--- a/README
+++ b/README
@@ -2,29 +2,7 @@
pyOpenSSL - A Python wrapper around the OpenSSL library
------------------------------------------------------------------------------
-Copyright (C) AB Strakt 2001, All rights reserved
-
-I wrote this module working for AB Strakt (http://www.strakt.com/) and they
-paid me to do it, and it is with their consent this module is released to the
-general public.
-
See the file INSTALL for installation instructions.
-I appreciate bug reports and patches, just mail me!
-
-
-This library is free software; you can redistribute it and/or
-modify it under the terms of the GNU Lesser General Public
-License as published by the Free Software Foundation; either
-version 2 of the License, or (at your option) any later version.
-
-This library is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-Lesser General Public License for more details.
-
-A copy of the GNU Lesser General Public License (version 2.1) is included in
-the file COPYING.
-
-
-@(#) $Id: README,v 1.2 2001/07/25 10:42:57 martin Exp $
+I appreciate bug reports and patches. Please visit
+<http://bugs.launchpad.net/pyopenssl>.
diff --git a/doc/html/about.html b/doc/html/about.html
index 92c9984..ae0996e 100644
--- a/doc/html/about.html
+++ b/doc/html/about.html
@@ -96,7 +96,7 @@ About this document ...</A>
<b class="navlabel">Previous:</b> <a class="sectref" href="socket-methods.html">4.3 Acessing Socket Methods</A>
<b class="navlabel">Up:</b> <a class="sectref" HREF="pyOpenSSL.html">Python OpenSSL Manual</A>
<hr>
-<span class="release-info">Release 0.11.</span>
+<span class="release-info">Release 0.12.</span>
</DIV>
<!--End of Navigation Panel-->
diff --git a/doc/html/building-unix.html b/doc/html/building-unix.html
index 47b1086..a9376fe 100644
--- a/doc/html/building-unix.html
+++ b/doc/html/building-unix.html
@@ -117,7 +117,7 @@ to find out more about how to use the script.
<b class="navlabel">Up:</b> <a class="sectref" href="building.html">2 Building and Installing</A>
<b class="navlabel">Next:</b> <a class="sectref" href="building-windows.html">2.2 Building the Module</A>
<hr>
-<span class="release-info">Release 0.11.</span>
+<span class="release-info">Release 0.12.</span>
</DIV>
<!--End of Navigation Panel-->
diff --git a/doc/html/building-windows.html b/doc/html/building-windows.html
index ae2bdd7..018c7e8 100644
--- a/doc/html/building-windows.html
+++ b/doc/html/building-windows.html
@@ -109,7 +109,7 @@ to get more information.
<b class="navlabel">Up:</b> <a class="sectref" href="building.html">2 Building and Installing</A>
<b class="navlabel">Next:</b> <a class="sectref" href="openssl.html">3 OpenSSL </A>
<hr>
-<span class="release-info">Release 0.11.</span>
+<span class="release-info">Release 0.12.</span>
</DIV>
<!--End of Navigation Panel-->
diff --git a/doc/html/building.html b/doc/html/building.html
index 534002b..9fb0a8d 100644
--- a/doc/html/building.html
+++ b/doc/html/building.html
@@ -62,9 +62,9 @@ I have tested this on Debian Linux systems (woody and sid), Solaris 2.6 and
<A NAME="CHILD_LINKS"><STRONG>Subsections</STRONG></A>
<UL CLASS="ChildLinks">
-<LI><A NAME="tex2html79"
- href="building-unix.html">2.1 Building the Module on a Unix System </A>
<LI><A NAME="tex2html80"
+ href="building-unix.html">2.1 Building the Module on a Unix System </A>
+<LI><A NAME="tex2html81"
href="building-windows.html">2.2 Building the Module on a Windows System </A>
</UL>
<!--End of Table of Child-Links-->
@@ -97,7 +97,7 @@ I have tested this on Debian Linux systems (woody and sid), Solaris 2.6 and
<b class="navlabel">Up:</b> <a class="sectref" HREF="pyOpenSSL.html">Python OpenSSL Manual</A>
<b class="navlabel">Next:</b> <a class="sectref" href="building-unix.html">2.1 Building the Module</A>
<hr>
-<span class="release-info">Release 0.11.</span>
+<span class="release-info">Release 0.12.</span>
</DIV>
<!--End of Navigation Panel-->
diff --git a/doc/html/callbacks.html b/doc/html/callbacks.html
index 77cdfc6..0275e75 100644
--- a/doc/html/callbacks.html
+++ b/doc/html/callbacks.html
@@ -113,7 +113,7 @@ threadsafe (as long as properly initialized, as pyOpenSSL initializes it).
<b class="navlabel">Up:</b> <a class="sectref" href="internals.html">4 Internals</A>
<b class="navlabel">Next:</b> <a class="sectref" href="socket-methods.html">4.3 Acessing Socket Methods</A>
<hr>
-<span class="release-info">Release 0.11.</span>
+<span class="release-info">Release 0.12.</span>
</DIV>
<!--End of Navigation Panel-->
diff --git a/doc/html/contents.html b/doc/html/contents.html
index ee61942..c006687 100644
--- a/doc/html/contents.html
+++ b/doc/html/contents.html
@@ -46,36 +46,36 @@ Contents</A>
<!--Table of Contents-->
<UL CLASS="TofC">
-<LI><A NAME="tex2html45"
- href="intro.html">1 Introduction </A>
<LI><A NAME="tex2html46"
+ href="intro.html">1 Introduction </A>
+<LI><A NAME="tex2html47"
href="building.html">2 Building and Installing </A>
<UL>
-<LI><A NAME="tex2html47"
- href="building-unix.html">2.1 Building the Module on a Unix System </A>
<LI><A NAME="tex2html48"
+ href="building-unix.html">2.1 Building the Module on a Unix System </A>
+<LI><A NAME="tex2html49"
href="building-windows.html">2.2 Building the Module on a Windows System </A>
</UL>
<BR>
-<LI><A NAME="tex2html49"
+<LI><A NAME="tex2html50"
href="openssl.html">3 OpenSSL -- Python interface to OpenSSL </A>
<UL>
-<LI><A NAME="tex2html50"
- href="openssl-crypto.html">3.1 crypto -- Generic cryptographic module </A>
<LI><A NAME="tex2html51"
- href="openssl-rand.html">3.2 rand -- An interface to the OpenSSL pseudo random number generator </A>
+ href="openssl-crypto.html">3.1 crypto -- Generic cryptographic module </A>
<LI><A NAME="tex2html52"
+ href="openssl-rand.html">3.2 rand -- An interface to the OpenSSL pseudo random number generator </A>
+<LI><A NAME="tex2html53"
href="openssl-ssl.html">3.3 SSL -- An interface to the SSL-specific parts of OpenSSL </A>
</UL>
<BR>
-<LI><A NAME="tex2html53"
+<LI><A NAME="tex2html54"
href="internals.html">4 Internals </A>
<UL>
-<LI><A NAME="tex2html54"
- href="exceptions.html">4.1 Exceptions </A>
<LI><A NAME="tex2html55"
- href="callbacks.html">4.2 Callbacks </A>
+ href="exceptions.html">4.1 Exceptions </A>
<LI><A NAME="tex2html56"
+ href="callbacks.html">4.2 Callbacks </A>
+<LI><A NAME="tex2html57"
href="socket-methods.html">4.3 Acessing Socket Methods </A>
</UL></UL>
<!--End of Table of Contents-->
@@ -106,7 +106,7 @@ Contents</A>
<b class="navlabel">Up:</b> <a class="sectref" HREF="pyOpenSSL.html">Python OpenSSL Manual</A>
<b class="navlabel">Next:</b> <a class="sectref" href="intro.html">1 Introduction</A>
<hr>
-<span class="release-info">Release 0.11.</span>
+<span class="release-info">Release 0.12.</span>
</DIV>
<!--End of Navigation Panel-->
diff --git a/doc/html/crl.html b/doc/html/crl.html
index c75aaf8..4ce6acb 100644
--- a/doc/html/crl.html
+++ b/doc/html/crl.html
@@ -1,8 +1,8 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
-<title>3.1.10 CRL objects </title>
-<META NAME="description" CONTENT="3.1.10 CRL objects ">
+<title>3.1.11 CRL objects </title>
+<META NAME="description" CONTENT="3.1.11 CRL objects ">
<META NAME="keywords" CONTENT="pyOpenSSL">
<META NAME="resource-type" CONTENT="document">
<META NAME="distribution" CONTENT="global">
@@ -36,36 +36,36 @@
border="0" height="32"
alt="" width="32"></td>
</tr></table>
-<b class="navlabel">Previous:</b> <a class="sectref" href="openssl-netscape-spki.html">3.1.9 NetscapeSPKI objects</A>
+<b class="navlabel">Previous:</b> <a class="sectref" href="openssl-netscape-spki.html">3.1.10 NetscapeSPKI objects</A>
<b class="navlabel">Up:</b> <a class="sectref" href="openssl-crypto.html">3.1 crypto </A>
-<b class="navlabel">Next:</b> <a class="sectref" href="revoked.html">3.1.11 Revoked objects</A>
+<b class="navlabel">Next:</b> <a class="sectref" href="revoked.html">3.1.12 Revoked objects</A>
<br><hr>
</DIV>
<!--End of Navigation Panel-->
-<H3><A NAME="SECTION0004110000000000000000">&nbsp;</A>
+<H3><A NAME="SECTION0004111000000000000000">&nbsp;</A>
<BR>
-3.1.10 CRL objects
+3.1.11 CRL objects
</H3>
<P>
CRL objects have the following methods:
<P>
-<dl><dt><b><a name='l2h-102'><tt class='method'>add_revoked</tt></a></b>(<var>revoked</var>)
+<dl><dt><b><a name='l2h-106'><tt class='method'>add_revoked</tt></a></b>(<var>revoked</var>)
<dd>
Add a Revoked object to the CRL, by value not reference.
</dl>
<P>
-<dl><dt><b><a name='l2h-103'><tt class='method'>export</tt></a></b>(<var>cert, key</var><big>[</big><var>, type=FILETYPE_PEM</var><big>]</big><big>[</big><var>, days=100</var><big>]</big>)
+<dl><dt><b><a name='l2h-107'><tt class='method'>export</tt></a></b>(<var>cert, key</var><big>[</big><var>, type=FILETYPE_PEM</var><big>]</big><big>[</big><var>, days=100</var><big>]</big>)
<dd>
Use <var>cert</var> and <var>key</var> to sign the CRL and return the CRL as a string.
<var>days</var> is the number of days before the next CRL is due.
</dl>
<P>
-<dl><dt><b><a name='l2h-104'><tt class='method'>get_revoked</tt></a></b>()
+<dl><dt><b><a name='l2h-108'><tt class='method'>get_revoked</tt></a></b>()
<dd>
Return a tuple of Revoked objects, by value not reference.
</dl>
@@ -96,11 +96,11 @@ Return a tuple of Revoked objects, by value not reference.
border="0" height="32"
alt="" width="32"></td>
</tr></table>
-<b class="navlabel">Previous:</b> <a class="sectref" href="openssl-netscape-spki.html">3.1.9 NetscapeSPKI objects</A>
+<b class="navlabel">Previous:</b> <a class="sectref" href="openssl-netscape-spki.html">3.1.10 NetscapeSPKI objects</A>
<b class="navlabel">Up:</b> <a class="sectref" href="openssl-crypto.html">3.1 crypto </A>
-<b class="navlabel">Next:</b> <a class="sectref" href="revoked.html">3.1.11 Revoked objects</A>
+<b class="navlabel">Next:</b> <a class="sectref" href="revoked.html">3.1.12 Revoked objects</A>
<hr>
-<span class="release-info">Release 0.11.</span>
+<span class="release-info">Release 0.12.</span>
</DIV>
<!--End of Navigation Panel-->
diff --git a/doc/html/exceptions.html b/doc/html/exceptions.html
index 0729fc1..038d546 100644
--- a/doc/html/exceptions.html
+++ b/doc/html/exceptions.html
@@ -89,7 +89,7 @@ For more information about this, see section <A href="openssl-ssl.html#openssl-s
<b class="navlabel">Up:</b> <a class="sectref" href="internals.html">4 Internals</A>
<b class="navlabel">Next:</b> <a class="sectref" href="callbacks.html">4.2 Callbacks</A>
<hr>
-<span class="release-info">Release 0.11.</span>
+<span class="release-info">Release 0.12.</span>
</DIV>
<!--End of Navigation Panel-->
diff --git a/doc/html/index.html b/doc/html/index.html
index 4eab092..c5d7e7a 100644
--- a/doc/html/index.html
+++ b/doc/html/index.html
@@ -87,52 +87,54 @@ calling a corresponding function in the OpenSSL library.
href="openssl-crypto.html">3.1 <tt class="module">crypto</tt> -- Generic cryptographic module </A>
<UL>
<LI><A NAME="tex2html15"
- href="openssl-x509.html">3.1.1 X509 objects </A>
+ href="openssl-x509ext.html">3.1.1 X509Extension objects </A>
<LI><A NAME="tex2html16"
- href="openssl-x509name.html">3.1.2 X509Name objects </A>
+ href="openssl-x509.html">3.1.2 X509 objects </A>
<LI><A NAME="tex2html17"
- href="openssl-x509req.html">3.1.3 X509Req objects </A>
+ href="openssl-x509name.html">3.1.3 X509Name objects </A>
<LI><A NAME="tex2html18"
- href="openssl-x509store.html">3.1.4 X509Store objects </A>
+ href="openssl-x509req.html">3.1.4 X509Req objects </A>
<LI><A NAME="tex2html19"
- href="openssl-pkey.html">3.1.5 PKey objects </A>
+ href="openssl-x509store.html">3.1.5 X509Store objects </A>
<LI><A NAME="tex2html20"
- href="openssl-pkcs7.html">3.1.6 PKCS7 objects </A>
+ href="openssl-pkey.html">3.1.6 PKey objects </A>
<LI><A NAME="tex2html21"
- href="openssl-pkcs12.html">3.1.7 PKCS12 objects </A>
+ href="openssl-pkcs7.html">3.1.7 PKCS7 objects </A>
<LI><A NAME="tex2html22"
- href="openssl-509ext.html">3.1.8 X509Extension objects </A>
+ href="openssl-pkcs12.html">3.1.8 PKCS12 objects </A>
<LI><A NAME="tex2html23"
- href="openssl-netscape-spki.html">3.1.9 NetscapeSPKI objects </A>
+ href="openssl-509ext.html">3.1.9 X509Extension objects </A>
<LI><A NAME="tex2html24"
- href="crl.html">3.1.10 CRL objects </A>
+ href="openssl-netscape-spki.html">3.1.10 NetscapeSPKI objects </A>
<LI><A NAME="tex2html25"
- href="revoked.html">3.1.11 Revoked objects </A>
-</UL>
+ href="crl.html">3.1.11 CRL objects </A>
<LI><A NAME="tex2html26"
- href="openssl-rand.html">3.2 <tt class="module">rand</tt> -- An interface to the OpenSSL pseudo random number generator </A>
+ href="revoked.html">3.1.12 Revoked objects </A>
+</UL>
<LI><A NAME="tex2html27"
+ href="openssl-rand.html">3.2 <tt class="module">rand</tt> -- An interface to the OpenSSL pseudo random number generator </A>
+<LI><A NAME="tex2html28"
href="openssl-ssl.html">3.3 <tt class="module">SSL</tt> -- An interface to the SSL-specific parts of OpenSSL </A>
<UL>
-<LI><A NAME="tex2html28"
- href="openssl-context.html">3.3.1 Context objects </A>
<LI><A NAME="tex2html29"
+ href="openssl-context.html">3.3.1 Context objects </A>
+<LI><A NAME="tex2html30"
href="openssl-connection.html">3.3.2 Connection objects </A>
</UL>
</UL>
<BR>
-<LI><A NAME="tex2html30"
+<LI><A NAME="tex2html31"
href="internals.html">4 Internals </A>
<UL>
-<LI><A NAME="tex2html31"
- href="exceptions.html">4.1 Exceptions </A>
<LI><A NAME="tex2html32"
- href="callbacks.html">4.2 Callbacks </A>
+ href="exceptions.html">4.1 Exceptions </A>
<LI><A NAME="tex2html33"
+ href="callbacks.html">4.2 Callbacks </A>
+<LI><A NAME="tex2html34"
href="socket-methods.html">4.3 Acessing Socket Methods </A>
</UL>
<BR>
-<LI><A NAME="tex2html34"
+<LI><A NAME="tex2html35"
href="about.html">About this document ...</A>
</UL>
<!--End of Table of Child-Links-->
@@ -163,7 +165,7 @@ calling a corresponding function in the OpenSSL library.
</tr></table>
<b class="navlabel">Next:</b> <a class="sectref" href="contents.html">Contents</A>
<hr>
-<span class="release-info">Release 0.11.</span>
+<span class="release-info">Release 0.12.</span>
</DIV>
<!--End of Navigation Panel-->
diff --git a/doc/html/internals.html b/doc/html/internals.html
index b6f70c0..3fe630b 100644
--- a/doc/html/internals.html
+++ b/doc/html/internals.html
@@ -59,11 +59,11 @@ accessing socket methods. This is what this chapter is about.
<A NAME="CHILD_LINKS"><STRONG>Subsections</STRONG></A>
<UL CLASS="ChildLinks">
-<LI><A NAME="tex2html322"
+<LI><A NAME="tex2html336"
href="exceptions.html">4.1 Exceptions </A>
-<LI><A NAME="tex2html323"
+<LI><A NAME="tex2html337"
href="callbacks.html">4.2 Callbacks </A>
-<LI><A NAME="tex2html324"
+<LI><A NAME="tex2html338"
href="socket-methods.html">4.3 Acessing Socket Methods </A>
</UL>
<!--End of Table of Child-Links-->
@@ -96,7 +96,7 @@ accessing socket methods. This is what this chapter is about.
<b class="navlabel">Up:</b> <a class="sectref" HREF="pyOpenSSL.html">Python OpenSSL Manual</A>
<b class="navlabel">Next:</b> <a class="sectref" href="exceptions.html">4.1 Exceptions</A>
<hr>
-<span class="release-info">Release 0.11.</span>
+<span class="release-info">Release 0.12.</span>
</DIV>
<!--End of Navigation Panel-->
diff --git a/doc/html/intro.html b/doc/html/intro.html
index 442abb1..7cb1cf1 100644
--- a/doc/html/intro.html
+++ b/doc/html/intro.html
@@ -55,7 +55,7 @@ was begun) was severely limited. Other OpenSSL wrappers for Python at the time
were also limited, though in different ways. Unfortunately, Python's standard
library SSL support has remained weak, although other packages (such as
M2Crypto<A NAME="tex2html1"
- HREF="#foot1178"><SUP>1</SUP></A>)
+ HREF="#foot1200"><SUP>1</SUP></A>)
have made great advances and now equal or exceed pyOpenSSL's functionality.
<P>
@@ -67,7 +67,7 @@ and advance.
<P>
<BR><HR><H4>Footnotes</H4>
<DL>
-<DT><A NAME="foot1178">...
+<DT><A NAME="foot1200">...
M2Crypto</A><A
href="intro.html#tex2html1"><SUP>1</SUP></A></DT>
<DD>See <a class="url" href="http://chandlerproject.org/Projects/MeTooCrypto">http://chandlerproject.org/Projects/MeTooCrypto</a>
@@ -102,7 +102,7 @@ M2Crypto</A><A
<b class="navlabel">Up:</b> <a class="sectref" HREF="pyOpenSSL.html">Python OpenSSL Manual</A>
<b class="navlabel">Next:</b> <a class="sectref" href="building.html">2 Building and Installing</A>
<hr>
-<span class="release-info">Release 0.11.</span>
+<span class="release-info">Release 0.12.</span>
</DIV>
<!--End of Navigation Panel-->
diff --git a/doc/html/openssl-509ext.html b/doc/html/openssl-509ext.html
index f6a3237..5334adf 100644
--- a/doc/html/openssl-509ext.html
+++ b/doc/html/openssl-509ext.html
@@ -1,8 +1,8 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
-<title>3.1.8 X509Extension objects </title>
-<META NAME="description" CONTENT="3.1.8 X509Extension objects ">
+<title>3.1.9 X509Extension objects </title>
+<META NAME="description" CONTENT="3.1.9 X509Extension objects ">
<META NAME="keywords" CONTENT="pyOpenSSL">
<META NAME="resource-type" CONTENT="document">
<META NAME="distribution" CONTENT="global">
@@ -36,29 +36,29 @@
border="0" height="32"
alt="" width="32"></td>
</tr></table>
-<b class="navlabel">Previous:</b> <a class="sectref" href="openssl-pkcs12.html">3.1.7 PKCS12 objects</A>
+<b class="navlabel">Previous:</b> <a class="sectref" href="openssl-pkcs12.html">3.1.8 PKCS12 objects</A>
<b class="navlabel">Up:</b> <a class="sectref" href="openssl-crypto.html">3.1 crypto </A>
-<b class="navlabel">Next:</b> <a class="sectref" href="openssl-netscape-spki.html">3.1.9 NetscapeSPKI objects</A>
+<b class="navlabel">Next:</b> <a class="sectref" href="openssl-netscape-spki.html">3.1.10 NetscapeSPKI objects</A>
<br><hr>
</DIV>
<!--End of Navigation Panel-->
-<H3><A NAME="SECTION000418000000000000000">&nbsp;</A>
+<H3><A NAME="SECTION000419000000000000000">&nbsp;</A>
<BR>
-3.1.8 X509Extension objects
+3.1.9 X509Extension objects
</H3>
<P>
X509Extension objects have several methods:
<P>
-<dl><dt><b><a name='l2h-95'><tt class='method'>get_critical</tt></a></b>()
+<dl><dt><b><a name='l2h-99'><tt class='method'>get_critical</tt></a></b>()
<dd>
Return the critical field of the extension object.
</dl>
<P>
-<dl><dt><b><a name='l2h-96'><tt class='method'>get_short_name</tt></a></b>()
+<dl><dt><b><a name='l2h-100'><tt class='method'>get_short_name</tt></a></b>()
<dd>
Return the short type name of the extension object.
</dl>
@@ -89,11 +89,11 @@ Return the short type name of the extension object.
border="0" height="32"
alt="" width="32"></td>
</tr></table>
-<b class="navlabel">Previous:</b> <a class="sectref" href="openssl-pkcs12.html">3.1.7 PKCS12 objects</A>
+<b class="navlabel">Previous:</b> <a class="sectref" href="openssl-pkcs12.html">3.1.8 PKCS12 objects</A>
<b class="navlabel">Up:</b> <a class="sectref" href="openssl-crypto.html">3.1 crypto </A>
-<b class="navlabel">Next:</b> <a class="sectref" href="openssl-netscape-spki.html">3.1.9 NetscapeSPKI objects</A>
+<b class="navlabel">Next:</b> <a class="sectref" href="openssl-netscape-spki.html">3.1.10 NetscapeSPKI objects</A>
<hr>
-<span class="release-info">Release 0.11.</span>
+<span class="release-info">Release 0.12.</span>
</DIV>
<!--End of Navigation Panel-->
diff --git a/doc/html/openssl-connection.html b/doc/html/openssl-connection.html
index 7ff7b6a..36441af 100644
--- a/doc/html/openssl-connection.html
+++ b/doc/html/openssl-connection.html
@@ -51,7 +51,7 @@
Connection objects have the following methods:
<P>
-<dl><dt><b><a name='l2h-175'><tt class='method'>accept</tt></a></b>()
+<dl><dt><b><a name='l2h-179'><tt class='method'>accept</tt></a></b>()
<dd>
Call the <tt class="method">accept</tt> method of the underlying socket and set up SSL on the
returned socket, using the Context object supplied to this Connection object at
@@ -61,20 +61,20 @@ socket's <tt class="method">accept</tt>.
</dl>
<P>
-<dl><dt><b><a name='l2h-176'><tt class='method'>bind</tt></a></b>(<var>address</var>)
+<dl><dt><b><a name='l2h-180'><tt class='method'>bind</tt></a></b>(<var>address</var>)
<dd>
Call the <tt class="method">bind</tt> method of the underlying socket.
</dl>
<P>
-<dl><dt><b><a name='l2h-177'><tt class='method'>close</tt></a></b>()
+<dl><dt><b><a name='l2h-181'><tt class='method'>close</tt></a></b>()
<dd>
Call the <tt class="method">close</tt> method of the underlying socket. Note: If you want
correct SSL closure, you need to call the <tt class="method">shutdown</tt> method first.
</dl>
<P>
-<dl><dt><b><a name='l2h-178'><tt class='method'>connect</tt></a></b>(<var>address</var>)
+<dl><dt><b><a name='l2h-182'><tt class='method'>connect</tt></a></b>(<var>address</var>)
<dd>
Call the <tt class="method">connect</tt> method of the underlying socket and set up SSL on the
socket, using the Context object supplied to this Connection object at
@@ -82,7 +82,7 @@ creation.
</dl>
<P>
-<dl><dt><b><a name='l2h-179'><tt class='method'>connect_ex</tt></a></b>(<var>address</var>)
+<dl><dt><b><a name='l2h-183'><tt class='method'>connect_ex</tt></a></b>(<var>address</var>)
<dd>
Call the <tt class="method">connect_ex</tt> method of the underlying socket and set up SSL on
the socket, using the Context object supplied to this Connection object at
@@ -91,7 +91,7 @@ return 0, SSL won't be initialized.
</dl>
<P>
-<dl><dt><b><a name='l2h-180'><tt class='method'>do_handshake</tt></a></b>()
+<dl><dt><b><a name='l2h-184'><tt class='method'>do_handshake</tt></a></b>()
<dd>
Perform an SSL handshake (usually called after <tt class="method">renegotiate</tt> or one of
<tt class="method">set_accept_state</tt> or <tt class="method">set_accept_state</tt>). This can raise the
@@ -99,25 +99,25 @@ same exceptions as <tt class="method">send</tt> and <tt class="method">recv</tt>
</dl>
<P>
-<dl><dt><b><a name='l2h-181'><tt class='method'>fileno</tt></a></b>()
+<dl><dt><b><a name='l2h-185'><tt class='method'>fileno</tt></a></b>()
<dd>
Retrieve the file descriptor number for the underlying socket.
</dl>
<P>
-<dl><dt><b><a name='l2h-182'><tt class='method'>listen</tt></a></b>(<var>backlog</var>)
+<dl><dt><b><a name='l2h-186'><tt class='method'>listen</tt></a></b>(<var>backlog</var>)
<dd>
Call the <tt class="method">listen</tt> method of the underlying socket.
</dl>
<P>
-<dl><dt><b><a name='l2h-183'><tt class='method'>get_app_data</tt></a></b>()
+<dl><dt><b><a name='l2h-187'><tt class='method'>get_app_data</tt></a></b>()
<dd>
Retrieve application data as set by <tt class="method">set_app_data</tt>.
</dl>
<P>
-<dl><dt><b><a name='l2h-184'><tt class='method'>get_cipher_list</tt></a></b>()
+<dl><dt><b><a name='l2h-188'><tt class='method'>get_cipher_list</tt></a></b>()
<dd>
Retrieve the list of ciphers used by the Connection object. WARNING: This API
has changed. It used to take an optional parameter and just return a string,
@@ -125,7 +125,7 @@ but not it returns the entire list in one go.
</dl>
<P>
-<dl><dt><b><a name='l2h-185'><tt class='method'>get_client_ca_list</tt></a></b>()
+<dl><dt><b><a name='l2h-189'><tt class='method'>get_client_ca_list</tt></a></b>()
<dd>
Retrieve the list of preferred client certificate issuers sent by the server
as <tt class="class">OpenSSL.crypto.X509Name</tt> objects.
@@ -146,44 +146,44 @@ by this <tt class="class">Connection</tt>'s <tt class="class">Context</tt>.
</dl>
<P>
-<dl><dt><b><a name='l2h-186'><tt class='method'>get_context</tt></a></b>()
+<dl><dt><b><a name='l2h-190'><tt class='method'>get_context</tt></a></b>()
<dd>
Retrieve the Context object associated with this Connection.
</dl>
<P>
-<dl><dt><b><a name='l2h-187'><tt class='method'>get_peer_certificate</tt></a></b>()
+<dl><dt><b><a name='l2h-191'><tt class='method'>get_peer_certificate</tt></a></b>()
<dd>
Retrieve the other side's certificate (if any)
</dl>
<P>
-<dl><dt><b><a name='l2h-188'><tt class='method'>getpeername</tt></a></b>()
+<dl><dt><b><a name='l2h-192'><tt class='method'>getpeername</tt></a></b>()
<dd>
Call the <tt class="method">getpeername</tt> method of the underlying socket.
</dl>
<P>
-<dl><dt><b><a name='l2h-189'><tt class='method'>getsockname</tt></a></b>()
+<dl><dt><b><a name='l2h-193'><tt class='method'>getsockname</tt></a></b>()
<dd>
Call the <tt class="method">getsockname</tt> method of the underlying socket.
</dl>
<P>
-<dl><dt><b><a name='l2h-190'><tt class='method'>getsockopt</tt></a></b>(<var>level, optname</var><big>[</big><var>, buflen</var><big>]</big>)
+<dl><dt><b><a name='l2h-194'><tt class='method'>getsockopt</tt></a></b>(<var>level, optname</var><big>[</big><var>, buflen</var><big>]</big>)
<dd>
Call the <tt class="method">getsockopt</tt> method of the underlying socket.
</dl>
<P>
-<dl><dt><b><a name='l2h-191'><tt class='method'>pending</tt></a></b>()
+<dl><dt><b><a name='l2h-195'><tt class='method'>pending</tt></a></b>()
<dd>
Retrieve the number of bytes that can be safely read from the SSL buffer
(<i>not</i> the underlying transport buffer).
</dl>
<P>
-<dl><dt><b><a name='l2h-192'><tt class='method'>recv</tt></a></b>(<var>bufsize</var>)
+<dl><dt><b><a name='l2h-196'><tt class='method'>recv</tt></a></b>(<var>bufsize</var>)
<dd>
Receive data from the Connection. The return value is a string representing the
data received. The maximum amount of data to be received at once, is specified
@@ -191,7 +191,7 @@ by <var>bufsize</var>.
</dl>
<P>
-<dl><dt><b><a name='l2h-193'><tt class='method'>bio_write</tt></a></b>(<var>bytes</var>)
+<dl><dt><b><a name='l2h-197'><tt class='method'>bio_write</tt></a></b>(<var>bytes</var>)
<dd>
If the Connection was created with a memory BIO, this method can be used to add
bytes to the read end of that memory BIO. The Connection can then read the
@@ -199,20 +199,20 @@ bytes (for example, in response to a call to <tt class="method">recv</tt>).
</dl>
<P>
-<dl><dt><b><a name='l2h-194'><tt class='method'>renegotiate</tt></a></b>()
+<dl><dt><b><a name='l2h-198'><tt class='method'>renegotiate</tt></a></b>()
<dd>
Renegotiate the SSL session. Call this if you wish to change cipher suites or
anything like that.
</dl>
<P>
-<dl><dt><b><a name='l2h-195'><tt class='method'>send</tt></a></b>(<var>string</var>)
+<dl><dt><b><a name='l2h-199'><tt class='method'>send</tt></a></b>(<var>string</var>)
<dd>
Send the <var>string</var> data to the Connection.
</dl>
<P>
-<dl><dt><b><a name='l2h-196'><tt class='method'>bio_read</tt></a></b>(<var>bufsize</var>)
+<dl><dt><b><a name='l2h-200'><tt class='method'>bio_read</tt></a></b>(<var>bufsize</var>)
<dd>
If the Connection was created with a memory BIO, this method can be used to
read bytes from the write end of that memory BIO. Many Connection methods will
@@ -221,7 +221,7 @@ up and the Connection will be able to take no further actions.
</dl>
<P>
-<dl><dt><b><a name='l2h-197'><tt class='method'>sendall</tt></a></b>(<var>string</var>)
+<dl><dt><b><a name='l2h-201'><tt class='method'>sendall</tt></a></b>(<var>string</var>)
<dd>
Send all of the <var>string</var> data to the Connection. This calls <tt class="method">send</tt>
repeatedly until all data is sent. If an error occurs, it's impossible to tell
@@ -229,40 +229,40 @@ how much data has been sent.
</dl>
<P>
-<dl><dt><b><a name='l2h-198'><tt class='method'>set_accept_state</tt></a></b>()
+<dl><dt><b><a name='l2h-202'><tt class='method'>set_accept_state</tt></a></b>()
<dd>
Set the connection to work in server mode. The handshake will be handled
automatically by read/write.
</dl>
<P>
-<dl><dt><b><a name='l2h-199'><tt class='method'>set_app_data</tt></a></b>(<var>data</var>)
+<dl><dt><b><a name='l2h-203'><tt class='method'>set_app_data</tt></a></b>(<var>data</var>)
<dd>
Associate <var>data</var> with this Connection object. <var>data</var> can be retrieved
later using the <tt class="method">get_app_data</tt> method.
</dl>
<P>
-<dl><dt><b><a name='l2h-200'><tt class='method'>set_connect_state</tt></a></b>()
+<dl><dt><b><a name='l2h-204'><tt class='method'>set_connect_state</tt></a></b>()
<dd>
Set the connection to work in client mode. The handshake will be handled
automatically by read/write.
</dl>
<P>
-<dl><dt><b><a name='l2h-201'><tt class='method'>setblocking</tt></a></b>(<var>flag</var>)
+<dl><dt><b><a name='l2h-205'><tt class='method'>setblocking</tt></a></b>(<var>flag</var>)
<dd>
Call the <tt class="method">setblocking</tt> method of the underlying socket.
</dl>
<P>
-<dl><dt><b><a name='l2h-202'><tt class='method'>setsockopt</tt></a></b>(<var>level, optname, value</var>)
+<dl><dt><b><a name='l2h-206'><tt class='method'>setsockopt</tt></a></b>(<var>level, optname, value</var>)
<dd>
Call the <tt class="method">setsockopt</tt> method of the underlying socket.
</dl>
<P>
-<dl><dt><b><a name='l2h-203'><tt class='method'>shutdown</tt></a></b>()
+<dl><dt><b><a name='l2h-207'><tt class='method'>shutdown</tt></a></b>()
<dd>
Send the shutdown message to the Connection. Returns true if the shutdown
message exchange is completed and false otherwise (in which case you call
@@ -271,27 +271,27 @@ readable/writeable.
</dl>
<P>
-<dl><dt><b><a name='l2h-204'><tt class='method'>get_shutdown</tt></a></b>()
+<dl><dt><b><a name='l2h-208'><tt class='method'>get_shutdown</tt></a></b>()
<dd>
Get the shutdown state of the Connection. Returns a bitvector of either or
both of <var>SENT_SHUTDOWN</var> and <var>RECEIVED_SHUTDOWN</var>.
</dl>
<P>
-<dl><dt><b><a name='l2h-205'><tt class='method'>set_shutdown</tt></a></b>(<var>state</var>)
+<dl><dt><b><a name='l2h-209'><tt class='method'>set_shutdown</tt></a></b>(<var>state</var>)
<dd>
Set the shutdown state of the Connection. <var>state</var> is a bitvector of
either or both of <var>SENT_SHUTDOWN</var> and <var>RECEIVED_SHUTDOWN</var>.
</dl>
<P>
-<dl><dt><b><a name='l2h-206'><tt class='method'>sock_shutdown</tt></a></b>(<var>how</var>)
+<dl><dt><b><a name='l2h-210'><tt class='method'>sock_shutdown</tt></a></b>(<var>how</var>)
<dd>
Call the <tt class="method">shutdown</tt> method of the underlying socket.
</dl>
<P>
-<dl><dt><b><a name='l2h-207'><tt class='method'>bio_shutdown</tt></a></b>()
+<dl><dt><b><a name='l2h-211'><tt class='method'>bio_shutdown</tt></a></b>()
<dd>
If the Connection was created with a memory BIO, this method can be used to
indicate that ``end of file'' has been reached on the read end of that memory
@@ -299,38 +299,38 @@ BIO.
</dl>
<P>
-<dl><dt><b><a name='l2h-208'><tt class='method'>state_string</tt></a></b>()
+<dl><dt><b><a name='l2h-212'><tt class='method'>state_string</tt></a></b>()
<dd>
Retrieve a verbose string detailing the state of the Connection.
</dl>
<P>
-<dl><dt><b><a name='l2h-209'><tt class='method'>client_random</tt></a></b>()
+<dl><dt><b><a name='l2h-213'><tt class='method'>client_random</tt></a></b>()
<dd>
Retrieve the random value used with the client hello message.
</dl>
<P>
-<dl><dt><b><a name='l2h-210'><tt class='method'>server_random</tt></a></b>()
+<dl><dt><b><a name='l2h-214'><tt class='method'>server_random</tt></a></b>()
<dd>
Retrieve the random value used with the server hello message.
</dl>
<P>
-<dl><dt><b><a name='l2h-211'><tt class='method'>master_key</tt></a></b>()
+<dl><dt><b><a name='l2h-215'><tt class='method'>master_key</tt></a></b>()
<dd>
Retrieve the value of the master key for this session.
</dl>
<P>
-<dl><dt><b><a name='l2h-212'><tt class='method'>want_read</tt></a></b>()
+<dl><dt><b><a name='l2h-216'><tt class='method'>want_read</tt></a></b>()
<dd>
Checks if more data has to be read from the transport layer to complete an
operation.
</dl>
<P>
-<dl><dt><b><a name='l2h-213'><tt class='method'>want_write</tt></a></b>()
+<dl><dt><b><a name='l2h-217'><tt class='method'>want_write</tt></a></b>()
<dd>
Checks if there is data to write to the transport layer to complete an
operation.
@@ -366,7 +366,7 @@ operation.
<b class="navlabel">Up:</b> <a class="sectref" href="openssl-ssl.html">3.3 SSL </A>
<b class="navlabel">Next:</b> <a class="sectref" href="internals.html">4 Internals</A>
<hr>
-<span class="release-info">Release 0.11.</span>
+<span class="release-info">Release 0.12.</span>
</DIV>
<!--End of Navigation Panel-->
diff --git a/doc/html/openssl-context.html b/doc/html/openssl-context.html
index 7c9ab4c..c42e56f 100644
--- a/doc/html/openssl-context.html
+++ b/doc/html/openssl-context.html
@@ -52,7 +52,7 @@
Context objects have the following methods:
<P>
-<dl><dt><b><a name='l2h-148'><tt class='method'>check_privatekey</tt></a></b>()
+<dl><dt><b><a name='l2h-152'><tt class='method'>check_privatekey</tt></a></b>()
<dd>
Check if the private key (loaded with <tt class="method">use_privatekey<big>[</big>_file<big>]</big></tt>)
matches the certificate (loaded with <tt class="method">use_certificate<big>[</big>_file<big>]</big></tt>).
@@ -60,13 +60,13 @@ Returns <code>None</code> if they match, raises <tt class="exception">Error</tt>
</dl>
<P>
-<dl><dt><b><a name='l2h-149'><tt class='method'>get_app_data</tt></a></b>()
+<dl><dt><b><a name='l2h-153'><tt class='method'>get_app_data</tt></a></b>()
<dd>
Retrieve application data as set by <tt class="method">set_app_data</tt>.
</dl>
<P>
-<dl><dt><b><a name='l2h-150'><tt class='method'>get_cert_store</tt></a></b>()
+<dl><dt><b><a name='l2h-154'><tt class='method'>get_cert_store</tt></a></b>()
<dd>
Retrieve the certificate store (a X509Store object) that the context uses.
This can be used to add "trusted" certificates without using the.
@@ -74,34 +74,34 @@ This can be used to add "trusted" certificates without using the.
</dl>
<P>
-<dl><dt><b><a name='l2h-151'><tt class='method'>get_timeout</tt></a></b>()
+<dl><dt><b><a name='l2h-155'><tt class='method'>get_timeout</tt></a></b>()
<dd>
Retrieve session timeout, as set by <tt class="method">set_timeout</tt>. The default is 300
seconds.
</dl>
<P>
-<dl><dt><b><a name='l2h-152'><tt class='method'>get_verify_depth</tt></a></b>()
+<dl><dt><b><a name='l2h-156'><tt class='method'>get_verify_depth</tt></a></b>()
<dd>
Retrieve the Context object's verify depth, as set by
<tt class="method">set_verify_depth</tt>.
</dl>
<P>
-<dl><dt><b><a name='l2h-153'><tt class='method'>get_verify_mode</tt></a></b>()
+<dl><dt><b><a name='l2h-157'><tt class='method'>get_verify_mode</tt></a></b>()
<dd>
Retrieve the Context object's verify mode, as set by <tt class="method">set_verify</tt>.
</dl>
<P>
-<dl><dt><b><a name='l2h-154'><tt class='method'>load_client_ca</tt></a></b>(<var>pemfile</var>)
+<dl><dt><b><a name='l2h-158'><tt class='method'>load_client_ca</tt></a></b>(<var>pemfile</var>)
<dd>
Read a file with PEM-formatted certificates that will be sent to the client
when requesting a client certificate.
</dl>
<P>
-<dl><dt><b><a name='l2h-155'><tt class='method'>set_client_ca_list</tt></a></b>(<var>certificate_authorities</var>)
+<dl><dt><b><a name='l2h-159'><tt class='method'>set_client_ca_list</tt></a></b>(<var>certificate_authorities</var>)
<dd>
Replace the current list of preferred certificate signers that would be
sent to the client when requesting a client certificate with the
@@ -114,7 +114,7 @@ sent to the client when requesting a client certificate with the
</dl>
<P>
-<dl><dt><b><a name='l2h-156'><tt class='method'>add_client_ca</tt></a></b>(<var>certificate_authority</var>)
+<dl><dt><b><a name='l2h-160'><tt class='method'>add_client_ca</tt></a></b>(<var>certificate_authority</var>)
<dd>
Extract a <tt class="class">OpenSSL.crypto.X509Name</tt> from the <var>certificate_authority</var>
<tt class="class">OpenSSL.crypto.X509</tt> certificate and add it to the list of preferred
@@ -127,7 +127,7 @@ certificate signers sent to the client when requesting a client certificate.
</dl>
<P>
-<dl><dt><b><a name='l2h-157'><tt class='method'>load_verify_locations</tt></a></b>(<var>pemfile, capath</var>)
+<dl><dt><b><a name='l2h-161'><tt class='method'>load_verify_locations</tt></a></b>(<var>pemfile, capath</var>)
<dd>
Specify where CA certificates for verification purposes are located. These
are trusted certificates. Note that the certificates have to be in PEM
@@ -137,34 +137,34 @@ format. If capath is passed, it must be a directory prepared using the
</dl>
<P>
-<dl><dt><b><a name='l2h-158'><tt class='method'>set_default_verify_paths</tt></a></b>()
+<dl><dt><b><a name='l2h-162'><tt class='method'>set_default_verify_paths</tt></a></b>()
<dd>
Specify that the platform provided CA certificates are to be used for
verification purposes. This method may not work properly on OS X.
</dl>
<P>
-<dl><dt><b><a name='l2h-159'><tt class='method'>load_tmp_dh</tt></a></b>(<var>dhfile</var>)
+<dl><dt><b><a name='l2h-163'><tt class='method'>load_tmp_dh</tt></a></b>(<var>dhfile</var>)
<dd>
Load parameters for Ephemeral Diffie-Hellman from <var>dhfile</var>.
</dl>
<P>
-<dl><dt><b><a name='l2h-160'><tt class='method'>set_app_data</tt></a></b>(<var>data</var>)
+<dl><dt><b><a name='l2h-164'><tt class='method'>set_app_data</tt></a></b>(<var>data</var>)
<dd>
Associate <var>data</var> with this Context object. <var>data</var> can be retrieved
later using the <tt class="method">get_app_data</tt> method.
</dl>
<P>
-<dl><dt><b><a name='l2h-161'><tt class='method'>set_cipher_list</tt></a></b>(<var>ciphers</var>)
+<dl><dt><b><a name='l2h-165'><tt class='method'>set_cipher_list</tt></a></b>(<var>ciphers</var>)
<dd>
Set the list of ciphers to be used in this context. See the OpenSSL manual for
more information (e.g. ciphers(1))
</dl>
<P>
-<dl><dt><b><a name='l2h-162'><tt class='method'>set_info_callback</tt></a></b>(<var>callback</var>)
+<dl><dt><b><a name='l2h-166'><tt class='method'>set_info_callback</tt></a></b>(<var>callback</var>)
<dd>
Set the information callback to <var>callback</var>. This function will be called
from time to time during SSL handshakes.
@@ -175,14 +175,14 @@ function call.
</dl>
<P>
-<dl><dt><b><a name='l2h-163'><tt class='method'>set_options</tt></a></b>(<var>options</var>)
+<dl><dt><b><a name='l2h-167'><tt class='method'>set_options</tt></a></b>(<var>options</var>)
<dd>
Add SSL options. Options you have set before are not cleared!
This method should be used with the <tt class="constant">OP_*</tt> constants.
</dl>
<P>
-<dl><dt><b><a name='l2h-164'><tt class='method'>set_passwd_cb</tt></a></b>(<var>callback</var><big>[</big><var>, userdata</var><big>]</big>)
+<dl><dt><b><a name='l2h-168'><tt class='method'>set_passwd_cb</tt></a></b>(<var>callback</var><big>[</big><var>, userdata</var><big>]</big>)
<dd>
Set the passphrase callback to <var>callback</var>. This function will be called
when a private key with a passphrase is loaded. <var>callback</var> must accept
@@ -196,7 +196,7 @@ verify that the two values supplied are equal. Third, the value given as the
</dl>
<P>
-<dl><dt><b><a name='l2h-165'><tt class='method'>set_session_id</tt></a></b>(<var>name</var>)
+<dl><dt><b><a name='l2h-169'><tt class='method'>set_session_id</tt></a></b>(<var>name</var>)
<dd>
Set the context <var>name</var> within which a session can be reused for this
Context object. This is needed when doing session resumption, because there is
@@ -205,7 +205,7 @@ no way for a stored session to know which Context object it is associated with.
</dl>
<P>
-<dl><dt><b><a name='l2h-166'><tt class='method'>set_timeout</tt></a></b>(<var>timeout</var>)
+<dl><dt><b><a name='l2h-170'><tt class='method'>set_timeout</tt></a></b>(<var>timeout</var>)
<dd>
Set the timeout for newly created sessions for this Context object to
<var>timeout</var>. <var>timeout</var> must be given in (whole) seconds. The default
@@ -214,7 +214,7 @@ SSL_CTX_set_timeout(3)).
</dl>
<P>
-<dl><dt><b><a name='l2h-167'><tt class='method'>set_verify</tt></a></b>(<var>mode, callback</var>)
+<dl><dt><b><a name='l2h-171'><tt class='method'>set_verify</tt></a></b>(<var>mode, callback</var>)
<dd>
Set the verification flags for this Context object to <var>mode</var> and specify
that <var>callback</var> should be used for verification callbacks. <var>mode</var>
@@ -229,39 +229,39 @@ and false otherwise.
</dl>
<P>
-<dl><dt><b><a name='l2h-168'><tt class='method'>set_verify_depth</tt></a></b>(<var>depth</var>)
+<dl><dt><b><a name='l2h-172'><tt class='method'>set_verify_depth</tt></a></b>(<var>depth</var>)
<dd>
Set the maximum depth for the certificate chain verification that shall be
allowed for this Context object.
</dl>
<P>
-<dl><dt><b><a name='l2h-169'><tt class='method'>use_certificate</tt></a></b>(<var>cert</var>)
+<dl><dt><b><a name='l2h-173'><tt class='method'>use_certificate</tt></a></b>(<var>cert</var>)
<dd>
Use the certificate <var>cert</var> which has to be a X509 object.
</dl>
<P>
-<dl><dt><b><a name='l2h-170'><tt class='method'>add_extra_chain_cert</tt></a></b>(<var>cert</var>)
+<dl><dt><b><a name='l2h-174'><tt class='method'>add_extra_chain_cert</tt></a></b>(<var>cert</var>)
<dd>
Adds the certificate <var>cert</var>, which has to be a X509 object, to the
certificate chain presented together with the certificate.
</dl>
<P>
-<dl><dt><b><a name='l2h-171'><tt class='method'>use_certificate_chain_file</tt></a></b>(<var>file</var>)
+<dl><dt><b><a name='l2h-175'><tt class='method'>use_certificate_chain_file</tt></a></b>(<var>file</var>)
<dd>
Load a certificate chain from <var>file</var> which must be PEM encoded.
</dl>
<P>
-<dl><dt><b><a name='l2h-172'><tt class='method'>use_privatekey</tt></a></b>(<var>pkey</var>)
+<dl><dt><b><a name='l2h-176'><tt class='method'>use_privatekey</tt></a></b>(<var>pkey</var>)
<dd>
Use the private key <var>pkey</var> which has to be a PKey object.
</dl>
<P>
-<dl><dt><b><a name='l2h-173'><tt class='method'>use_certificate_file</tt></a></b>(<var>file</var><big>[</big><var>, format</var><big>]</big>)
+<dl><dt><b><a name='l2h-177'><tt class='method'>use_certificate_file</tt></a></b>(<var>file</var><big>[</big><var>, format</var><big>]</big>)
<dd>
Load the first certificate found in <var>file</var>. The certificate must be in the
format specified by <var>format</var>, which is either <tt class="constant">FILETYPE_PEM</tt> or
@@ -269,7 +269,7 @@ format specified by <var>format</var>, which is either <tt class="constant">FILE
</dl>
<P>
-<dl><dt><b><a name='l2h-174'><tt class='method'>use_privatekey_file</tt></a></b>(<var>file</var><big>[</big><var>, format</var><big>]</big>)
+<dl><dt><b><a name='l2h-178'><tt class='method'>use_privatekey_file</tt></a></b>(<var>file</var><big>[</big><var>, format</var><big>]</big>)
<dd>
Load the first private key found in <var>file</var>. The private key must be in the
format specified by <var>format</var>, which is either <tt class="constant">FILETYPE_PEM</tt> or
@@ -306,7 +306,7 @@ format specified by <var>format</var>, which is either <tt class="constant">FILE
<b class="navlabel">Up:</b> <a class="sectref" href="openssl-ssl.html">3.3 SSL </A>
<b class="navlabel">Next:</b> <a class="sectref" href="openssl-connection.html">3.3.2 Connection objects</A>
<hr>
-<span class="release-info">Release 0.11.</span>
+<span class="release-info">Release 0.12.</span>
</DIV>
<!--End of Navigation Panel-->
diff --git a/doc/html/openssl-crypto.html b/doc/html/openssl-crypto.html
index 18f8cf4..7fc909f 100644
--- a/doc/html/openssl-crypto.html
+++ b/doc/html/openssl-crypto.html
@@ -10,7 +10,7 @@
<LINK REL="next" href="openssl-rand.html">
<LINK REL="previous" href="openssl.html">
<LINK REL="up" href="openssl.html">
-<LINK REL="next" href="openssl-x509.html">
+<LINK REL="next" href="openssl-x509ext.html">
</head>
<body>
<DIV CLASS="navigation">
@@ -22,7 +22,7 @@
<td><A href="openssl.html"><img src="up.gif"
border="0" height="32"
alt="Up One Level" width="32"></A></td>
-<td><A href="openssl-x509.html"><img src="next.gif"
+<td><A href="openssl-x509ext.html"><img src="next.gif"
border="0" height="32"
alt="Next Page" width="32"></A></td>
<td align="center" width="100%">Python OpenSSL Manual</td>
@@ -38,7 +38,7 @@
</tr></table>
<b class="navlabel">Previous:</b> <a class="sectref" href="openssl.html">3 OpenSSL </A>
<b class="navlabel">Up:</b> <a class="sectref" href="openssl.html">3 OpenSSL </A>
-<b class="navlabel">Next:</b> <a class="sectref" href="openssl-x509.html">3.1.1 X509 objects</A>
+<b class="navlabel">Next:</b> <a class="sectref" href="openssl-x509ext.html">3.1.1 X509Extension objects</A>
<br><hr>
</DIV>
<!--End of Navigation Panel-->
@@ -240,7 +240,7 @@ pass phrase.
<dl><dt><b><a name='l2h-32'><tt class='function'>load_crl</tt></a></b>(<var>type, buffer</var>)
<dd>
Load Certificate Revocation List (CRL) data from a string <var>buffer</var>.
-<var>buffer</var> encoded with the type <var>type</var>. The type <var>type</var>
+<var>buffer</var> encoded with the type <var>type</var>. The type <var>type</var>
must either <tt class="constant">FILETYPE_PEM</tt> or <tt class="constant">FILETYPE_ASN1</tt>).
</dl>
@@ -298,28 +298,30 @@ message digest type of the signature, for example <code>``sha1''</code>.
<A NAME="CHILD_LINKS"><STRONG>Subsections</STRONG></A>
<UL CLASS="ChildLinks">
-<LI><A NAME="tex2html139"
- href="openssl-x509.html">3.1.1 X509 objects </A>
-<LI><A NAME="tex2html140"
- href="openssl-x509name.html">3.1.2 X509Name objects </A>
<LI><A NAME="tex2html141"
- href="openssl-x509req.html">3.1.3 X509Req objects </A>
+ href="openssl-x509ext.html">3.1.1 X509Extension objects </A>
<LI><A NAME="tex2html142"
- href="openssl-x509store.html">3.1.4 X509Store objects </A>
+ href="openssl-x509.html">3.1.2 X509 objects </A>
<LI><A NAME="tex2html143"
- href="openssl-pkey.html">3.1.5 PKey objects </A>
+ href="openssl-x509name.html">3.1.3 X509Name objects </A>
<LI><A NAME="tex2html144"
- href="openssl-pkcs7.html">3.1.6 PKCS7 objects </A>
+ href="openssl-x509req.html">3.1.4 X509Req objects </A>
<LI><A NAME="tex2html145"
- href="openssl-pkcs12.html">3.1.7 PKCS12 objects </A>
+ href="openssl-x509store.html">3.1.5 X509Store objects </A>
<LI><A NAME="tex2html146"
- href="openssl-509ext.html">3.1.8 X509Extension objects </A>
+ href="openssl-pkey.html">3.1.6 PKey objects </A>
<LI><A NAME="tex2html147"
- href="openssl-netscape-spki.html">3.1.9 NetscapeSPKI objects </A>
+ href="openssl-pkcs7.html">3.1.7 PKCS7 objects </A>
<LI><A NAME="tex2html148"
- href="crl.html">3.1.10 CRL objects </A>
+ href="openssl-pkcs12.html">3.1.8 PKCS12 objects </A>
<LI><A NAME="tex2html149"
- href="revoked.html">3.1.11 Revoked objects </A>
+ href="openssl-509ext.html">3.1.9 X509Extension objects </A>
+<LI><A NAME="tex2html150"
+ href="openssl-netscape-spki.html">3.1.10 NetscapeSPKI objects </A>
+<LI><A NAME="tex2html151"
+ href="crl.html">3.1.11 CRL objects </A>
+<LI><A NAME="tex2html152"
+ href="revoked.html">3.1.12 Revoked objects </A>
</UL>
<!--End of Table of Child-Links-->
@@ -333,7 +335,7 @@ message digest type of the signature, for example <code>``sha1''</code>.
<td><A href="openssl.html"><img src="up.gif"
border="0" height="32"
alt="Up One Level" width="32"></A></td>
-<td><A href="openssl-x509.html"><img src="next.gif"
+<td><A href="openssl-x509ext.html"><img src="next.gif"
border="0" height="32"
alt="Next Page" width="32"></A></td>
<td align="center" width="100%">Python OpenSSL Manual</td>
@@ -349,9 +351,9 @@ message digest type of the signature, for example <code>``sha1''</code>.
</tr></table>
<b class="navlabel">Previous:</b> <a class="sectref" href="openssl.html">3 OpenSSL </A>
<b class="navlabel">Up:</b> <a class="sectref" href="openssl.html">3 OpenSSL </A>
-<b class="navlabel">Next:</b> <a class="sectref" href="openssl-x509.html">3.1.1 X509 objects</A>
+<b class="navlabel">Next:</b> <a class="sectref" href="openssl-x509ext.html">3.1.1 X509Extension objects</A>
<hr>
-<span class="release-info">Release 0.11.</span>
+<span class="release-info">Release 0.12.</span>
</DIV>
<!--End of Navigation Panel-->
diff --git a/doc/html/openssl-netscape-spki.html b/doc/html/openssl-netscape-spki.html
index 50e125e..d4cfcc0 100644
--- a/doc/html/openssl-netscape-spki.html
+++ b/doc/html/openssl-netscape-spki.html
@@ -1,8 +1,8 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
-<title>3.1.9 NetscapeSPKI objects </title>
-<META NAME="description" CONTENT="3.1.9 NetscapeSPKI objects ">
+<title>3.1.10 NetscapeSPKI objects </title>
+<META NAME="description" CONTENT="3.1.10 NetscapeSPKI objects ">
<META NAME="keywords" CONTENT="pyOpenSSL">
<META NAME="resource-type" CONTENT="document">
<META NAME="distribution" CONTENT="global">
@@ -36,41 +36,41 @@
border="0" height="32"
alt="" width="32"></td>
</tr></table>
-<b class="navlabel">Previous:</b> <a class="sectref" href="openssl-509ext.html">3.1.8 X509Extension objects</A>
+<b class="navlabel">Previous:</b> <a class="sectref" href="openssl-509ext.html">3.1.9 X509Extension objects</A>
<b class="navlabel">Up:</b> <a class="sectref" href="openssl-crypto.html">3.1 crypto </A>
-<b class="navlabel">Next:</b> <a class="sectref" href="crl.html">3.1.10 CRL objects</A>
+<b class="navlabel">Next:</b> <a class="sectref" href="crl.html">3.1.11 CRL objects</A>
<br><hr>
</DIV>
<!--End of Navigation Panel-->
-<H3><A NAME="SECTION000419000000000000000">&nbsp;</A>
+<H3><A NAME="SECTION0004110000000000000000">&nbsp;</A>
<BR>
-3.1.9 NetscapeSPKI objects
+3.1.10 NetscapeSPKI objects
</H3>
<P>
NetscapeSPKI objects have the following methods:
<P>
-<dl><dt><b><a name='l2h-97'><tt class='method'>b64_encode</tt></a></b>()
+<dl><dt><b><a name='l2h-101'><tt class='method'>b64_encode</tt></a></b>()
<dd>
Return a base64-encoded string representation of the object.
</dl>
<P>
-<dl><dt><b><a name='l2h-98'><tt class='method'>get_pubkey</tt></a></b>()
+<dl><dt><b><a name='l2h-102'><tt class='method'>get_pubkey</tt></a></b>()
<dd>
Return the public key of object.
</dl>
<P>
-<dl><dt><b><a name='l2h-99'><tt class='method'>set_pubkey</tt></a></b>(<var>key</var>)
+<dl><dt><b><a name='l2h-103'><tt class='method'>set_pubkey</tt></a></b>(<var>key</var>)
<dd>
Set the public key of the object to <var>key</var>.
</dl>
<P>
-<dl><dt><b><a name='l2h-100'><tt class='method'>sign</tt></a></b>(<var>key, digest_name</var>)
+<dl><dt><b><a name='l2h-104'><tt class='method'>sign</tt></a></b>(<var>key, digest_name</var>)
<dd>
Sign the NetscapeSPKI object using the given <var>key</var> and
<var>digest_name</var>. <var>digest_name</var> must be a string describing a digest
@@ -79,7 +79,7 @@ example, <tt class="constant">"md5"</tt> or <tt class="constant">"sha1"</tt>.
</dl>
<P>
-<dl><dt><b><a name='l2h-101'><tt class='method'>verify</tt></a></b>(<var>key</var>)
+<dl><dt><b><a name='l2h-105'><tt class='method'>verify</tt></a></b>(<var>key</var>)
<dd>
Verify the NetscapeSPKI object using the given <var>key</var>.
</dl>
@@ -110,11 +110,11 @@ Verify the NetscapeSPKI object using the given <var>key</var>.
border="0" height="32"
alt="" width="32"></td>
</tr></table>
-<b class="navlabel">Previous:</b> <a class="sectref" href="openssl-509ext.html">3.1.8 X509Extension objects</A>
+<b class="navlabel">Previous:</b> <a class="sectref" href="openssl-509ext.html">3.1.9 X509Extension objects</A>
<b class="navlabel">Up:</b> <a class="sectref" href="openssl-crypto.html">3.1 crypto </A>
-<b class="navlabel">Next:</b> <a class="sectref" href="crl.html">3.1.10 CRL objects</A>
+<b class="navlabel">Next:</b> <a class="sectref" href="crl.html">3.1.11 CRL objects</A>
<hr>
-<span class="release-info">Release 0.11.</span>
+<span class="release-info">Release 0.12.</span>
</DIV>
<!--End of Navigation Panel-->
diff --git a/doc/html/openssl-pkcs12.html b/doc/html/openssl-pkcs12.html
index 30dd509..60bb008 100644
--- a/doc/html/openssl-pkcs12.html
+++ b/doc/html/openssl-pkcs12.html
@@ -1,8 +1,8 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
-<title>3.1.7 PKCS12 objects </title>
-<META NAME="description" CONTENT="3.1.7 PKCS12 objects ">
+<title>3.1.8 PKCS12 objects </title>
+<META NAME="description" CONTENT="3.1.8 PKCS12 objects ">
<META NAME="keywords" CONTENT="pyOpenSSL">
<META NAME="resource-type" CONTENT="document">
<META NAME="distribution" CONTENT="global">
@@ -36,23 +36,23 @@
border="0" height="32"
alt="" width="32"></td>
</tr></table>
-<b class="navlabel">Previous:</b> <a class="sectref" href="openssl-pkcs7.html">3.1.6 PKCS7 objects</A>
+<b class="navlabel">Previous:</b> <a class="sectref" href="openssl-pkcs7.html">3.1.7 PKCS7 objects</A>
<b class="navlabel">Up:</b> <a class="sectref" href="openssl-crypto.html">3.1 crypto </A>
-<b class="navlabel">Next:</b> <a class="sectref" href="openssl-509ext.html">3.1.8 X509Extension objects</A>
+<b class="navlabel">Next:</b> <a class="sectref" href="openssl-509ext.html">3.1.9 X509Extension objects</A>
<br><hr>
</DIV>
<!--End of Navigation Panel-->
-<H3><A NAME="SECTION000417000000000000000">&nbsp;</A>
+<H3><A NAME="SECTION000418000000000000000">&nbsp;</A>
<BR>
-3.1.7 PKCS12 objects
+3.1.8 PKCS12 objects
</H3>
<P>
PKCS12 objects have the following methods:
<P>
-<dl><dt><b><a name='l2h-86'><tt class='method'>export</tt></a></b>(<big>[</big><var>passphrase=None</var><big>]</big><big>[</big><var>, iter=2048</var><big>]</big><big>[</big><var>, maciter=1</var><big>]</big>)
+<dl><dt><b><a name='l2h-90'><tt class='method'>export</tt></a></b>(<big>[</big><var>passphrase=None</var><big>]</big><big>[</big><var>, iter=2048</var><big>]</big><big>[</big><var>, maciter=1</var><big>]</big>)
<dd>
Returns a PKCS12 object as a string.
@@ -64,32 +64,32 @@ See also the man page for the C function <tt class="function">PKCS12_create</tt>
</dl>
<P>
-<dl><dt><b><a name='l2h-87'><tt class='method'>get_ca_certificates</tt></a></b>()
+<dl><dt><b><a name='l2h-91'><tt class='method'>get_ca_certificates</tt></a></b>()
<dd>
Return CA certificates within the PKCS12 object as a tuple. Returns
<tt class="constant">None</tt> if no CA certificates are present.
</dl>
<P>
-<dl><dt><b><a name='l2h-88'><tt class='method'>get_certificate</tt></a></b>()
+<dl><dt><b><a name='l2h-92'><tt class='method'>get_certificate</tt></a></b>()
<dd>
Return certificate portion of the PKCS12 structure.
</dl>
<P>
-<dl><dt><b><a name='l2h-89'><tt class='method'>get_friendlyname</tt></a></b>()
+<dl><dt><b><a name='l2h-93'><tt class='method'>get_friendlyname</tt></a></b>()
<dd>
Return friendlyName portion of the PKCS12 structure.
</dl>
<P>
-<dl><dt><b><a name='l2h-90'><tt class='method'>get_privatekey</tt></a></b>()
+<dl><dt><b><a name='l2h-94'><tt class='method'>get_privatekey</tt></a></b>()
<dd>
Return private key portion of the PKCS12 structure
</dl>
<P>
-<dl><dt><b><a name='l2h-91'><tt class='method'>set_ca_certificates</tt></a></b>(<var>cacerts</var>)
+<dl><dt><b><a name='l2h-95'><tt class='method'>set_ca_certificates</tt></a></b>(<var>cacerts</var>)
<dd>
Replace or set the CA certificates within the PKCS12 object with the sequence <var>cacerts</var>.
@@ -98,19 +98,19 @@ Set <var>cacerts</var> to <tt class="constant">None</tt> to remove all CA certif
</dl>
<P>
-<dl><dt><b><a name='l2h-92'><tt class='method'>set_certificate</tt></a></b>(<var>cert</var>)
+<dl><dt><b><a name='l2h-96'><tt class='method'>set_certificate</tt></a></b>(<var>cert</var>)
<dd>
Replace or set the certificate portion of the PKCS12 structure.
</dl>
<P>
-<dl><dt><b><a name='l2h-93'><tt class='method'>set_friendlyname</tt></a></b>(<var>name</var>)
+<dl><dt><b><a name='l2h-97'><tt class='method'>set_friendlyname</tt></a></b>(<var>name</var>)
<dd>
Replace or set the friendlyName portion of the PKCS12 structure.
</dl>
<P>
-<dl><dt><b><a name='l2h-94'><tt class='method'>set_privatekey</tt></a></b>(<var>pkey</var>)
+<dl><dt><b><a name='l2h-98'><tt class='method'>set_privatekey</tt></a></b>(<var>pkey</var>)
<dd>
Replace or set private key portion of the PKCS12 structure
</dl>
@@ -141,11 +141,11 @@ Replace or set private key portion of the PKCS12 structure
border="0" height="32"
alt="" width="32"></td>
</tr></table>
-<b class="navlabel">Previous:</b> <a class="sectref" href="openssl-pkcs7.html">3.1.6 PKCS7 objects</A>
+<b class="navlabel">Previous:</b> <a class="sectref" href="openssl-pkcs7.html">3.1.7 PKCS7 objects</A>
<b class="navlabel">Up:</b> <a class="sectref" href="openssl-crypto.html">3.1 crypto </A>
-<b class="navlabel">Next:</b> <a class="sectref" href="openssl-509ext.html">3.1.8 X509Extension objects</A>
+<b class="navlabel">Next:</b> <a class="sectref" href="openssl-509ext.html">3.1.9 X509Extension objects</A>
<hr>
-<span class="release-info">Release 0.11.</span>
+<span class="release-info">Release 0.12.</span>
</DIV>
<!--End of Navigation Panel-->
diff --git a/doc/html/openssl-pkcs7.html b/doc/html/openssl-pkcs7.html
index 2fd08e4..cdf8644 100644
--- a/doc/html/openssl-pkcs7.html
+++ b/doc/html/openssl-pkcs7.html
@@ -1,8 +1,8 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
-<title>3.1.6 PKCS7 objects </title>
-<META NAME="description" CONTENT="3.1.6 PKCS7 objects ">
+<title>3.1.7 PKCS7 objects </title>
+<META NAME="description" CONTENT="3.1.7 PKCS7 objects ">
<META NAME="keywords" CONTENT="pyOpenSSL">
<META NAME="resource-type" CONTENT="document">
<META NAME="distribution" CONTENT="global">
@@ -36,47 +36,47 @@
border="0" height="32"
alt="" width="32"></td>
</tr></table>
-<b class="navlabel">Previous:</b> <a class="sectref" href="openssl-pkey.html">3.1.5 PKey objects</A>
+<b class="navlabel">Previous:</b> <a class="sectref" href="openssl-pkey.html">3.1.6 PKey objects</A>
<b class="navlabel">Up:</b> <a class="sectref" href="openssl-crypto.html">3.1 crypto </A>
-<b class="navlabel">Next:</b> <a class="sectref" href="openssl-pkcs12.html">3.1.7 PKCS12 objects</A>
+<b class="navlabel">Next:</b> <a class="sectref" href="openssl-pkcs12.html">3.1.8 PKCS12 objects</A>
<br><hr>
</DIV>
<!--End of Navigation Panel-->
-<H3><A NAME="SECTION000416000000000000000">&nbsp;</A>
+<H3><A NAME="SECTION000417000000000000000">&nbsp;</A>
<BR>
-3.1.6 PKCS7 objects
+3.1.7 PKCS7 objects
</H3>
<P>
PKCS7 objects have the following methods:
<P>
-<dl><dt><b><a name='l2h-81'><tt class='method'>type_is_signed</tt></a></b>()
+<dl><dt><b><a name='l2h-85'><tt class='method'>type_is_signed</tt></a></b>()
<dd>
FIXME
</dl>
<P>
-<dl><dt><b><a name='l2h-82'><tt class='method'>type_is_enveloped</tt></a></b>()
+<dl><dt><b><a name='l2h-86'><tt class='method'>type_is_enveloped</tt></a></b>()
<dd>
FIXME
</dl>
<P>
-<dl><dt><b><a name='l2h-83'><tt class='method'>type_is_signedAndEnveloped</tt></a></b>()
+<dl><dt><b><a name='l2h-87'><tt class='method'>type_is_signedAndEnveloped</tt></a></b>()
<dd>
FIXME
</dl>
<P>
-<dl><dt><b><a name='l2h-84'><tt class='method'>type_is_data</tt></a></b>()
+<dl><dt><b><a name='l2h-88'><tt class='method'>type_is_data</tt></a></b>()
<dd>
FIXME
</dl>
<P>
-<dl><dt><b><a name='l2h-85'><tt class='method'>get_type_name</tt></a></b>()
+<dl><dt><b><a name='l2h-89'><tt class='method'>get_type_name</tt></a></b>()
<dd>
Get the type name of the PKCS7.
</dl>
@@ -107,11 +107,11 @@ Get the type name of the PKCS7.
border="0" height="32"
alt="" width="32"></td>
</tr></table>
-<b class="navlabel">Previous:</b> <a class="sectref" href="openssl-pkey.html">3.1.5 PKey objects</A>
+<b class="navlabel">Previous:</b> <a class="sectref" href="openssl-pkey.html">3.1.6 PKey objects</A>
<b class="navlabel">Up:</b> <a class="sectref" href="openssl-crypto.html">3.1 crypto </A>
-<b class="navlabel">Next:</b> <a class="sectref" href="openssl-pkcs12.html">3.1.7 PKCS12 objects</A>
+<b class="navlabel">Next:</b> <a class="sectref" href="openssl-pkcs12.html">3.1.8 PKCS12 objects</A>
<hr>
-<span class="release-info">Release 0.11.</span>
+<span class="release-info">Release 0.12.</span>
</DIV>
<!--End of Navigation Panel-->
diff --git a/doc/html/openssl-pkey.html b/doc/html/openssl-pkey.html
index 5693f0e..f10cd19 100644
--- a/doc/html/openssl-pkey.html
+++ b/doc/html/openssl-pkey.html
@@ -1,8 +1,8 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
-<title>3.1.5 PKey objects </title>
-<META NAME="description" CONTENT="3.1.5 PKey objects ">
+<title>3.1.6 PKey objects </title>
+<META NAME="description" CONTENT="3.1.6 PKey objects ">
<META NAME="keywords" CONTENT="pyOpenSSL">
<META NAME="resource-type" CONTENT="document">
<META NAME="distribution" CONTENT="global">
@@ -36,36 +36,36 @@
border="0" height="32"
alt="" width="32"></td>
</tr></table>
-<b class="navlabel">Previous:</b> <a class="sectref" href="openssl-x509store.html">3.1.4 X509Store objects</A>
+<b class="navlabel">Previous:</b> <a class="sectref" href="openssl-x509store.html">3.1.5 X509Store objects</A>
<b class="navlabel">Up:</b> <a class="sectref" href="openssl-crypto.html">3.1 crypto </A>
-<b class="navlabel">Next:</b> <a class="sectref" href="openssl-pkcs7.html">3.1.6 PKCS7 objects</A>
+<b class="navlabel">Next:</b> <a class="sectref" href="openssl-pkcs7.html">3.1.7 PKCS7 objects</A>
<br><hr>
</DIV>
<!--End of Navigation Panel-->
-<H3><A NAME="SECTION000415000000000000000">&nbsp;</A>
+<H3><A NAME="SECTION000416000000000000000">&nbsp;</A>
<BR>
-3.1.5 PKey objects
+3.1.6 PKey objects
</H3>
<P>
The PKey object has the following methods:
<P>
-<dl><dt><b><a name='l2h-78'><tt class='method'>bits</tt></a></b>()
+<dl><dt><b><a name='l2h-82'><tt class='method'>bits</tt></a></b>()
<dd>
Return the number of bits of the key.
</dl>
<P>
-<dl><dt><b><a name='l2h-79'><tt class='method'>generate_key</tt></a></b>(<var>type, bits</var>)
+<dl><dt><b><a name='l2h-83'><tt class='method'>generate_key</tt></a></b>(<var>type, bits</var>)
<dd>
Generate a public/private key pair of the type <var>type</var> (one of
<tt class="constant">TYPE_RSA</tt> and <tt class="constant">TYPE_DSA</tt>) with the size <var>bits</var>.
</dl>
<P>
-<dl><dt><b><a name='l2h-80'><tt class='method'>type</tt></a></b>()
+<dl><dt><b><a name='l2h-84'><tt class='method'>type</tt></a></b>()
<dd>
Return the type of the key.
</dl>
@@ -96,11 +96,11 @@ Return the type of the key.
border="0" height="32"
alt="" width="32"></td>
</tr></table>
-<b class="navlabel">Previous:</b> <a class="sectref" href="openssl-x509store.html">3.1.4 X509Store objects</A>
+<b class="navlabel">Previous:</b> <a class="sectref" href="openssl-x509store.html">3.1.5 X509Store objects</A>
<b class="navlabel">Up:</b> <a class="sectref" href="openssl-crypto.html">3.1 crypto </A>
-<b class="navlabel">Next:</b> <a class="sectref" href="openssl-pkcs7.html">3.1.6 PKCS7 objects</A>
+<b class="navlabel">Next:</b> <a class="sectref" href="openssl-pkcs7.html">3.1.7 PKCS7 objects</A>
<hr>
-<span class="release-info">Release 0.11.</span>
+<span class="release-info">Release 0.12.</span>
</DIV>
<!--End of Navigation Panel-->
diff --git a/doc/html/openssl-rand.html b/doc/html/openssl-rand.html
index 229e445..46e7189 100644
--- a/doc/html/openssl-rand.html
+++ b/doc/html/openssl-rand.html
@@ -36,7 +36,7 @@
border="0" height="32"
alt="" width="32"></td>
</tr></table>
-<b class="navlabel">Previous:</b> <a class="sectref" href="revoked.html">3.1.11 Revoked objects</A>
+<b class="navlabel">Previous:</b> <a class="sectref" href="revoked.html">3.1.12 Revoked objects</A>
<b class="navlabel">Up:</b> <a class="sectref" href="openssl.html">3 OpenSSL </A>
<b class="navlabel">Next:</b> <a class="sectref" href="openssl-ssl.html">3.3 SSL </A>
<br><hr>
@@ -56,16 +56,16 @@ This module handles the OpenSSL pseudo random number generator (PRNG) and
declares the following:
<P>
-<dl><dt><b><a name='l2h-113'><tt class='function'>add</tt></a></b>(<var>string, entropy</var>)
+<dl><dt><b><a name='l2h-117'><tt class='function'>add</tt></a></b>(<var>string, entropy</var>)
<dd>
Mix bytes from <var>string</var> into the PRNG state. The <var>entropy</var> argument is
(the lower bound of) an estimate of how much randomness is contained in
-<var>string</var>, measured in bytes. For more information, see e.g. <a class="rfc" name="rfcref-2269"
+<var>string</var>, measured in bytes. For more information, see e.g. <a class="rfc" name="rfcref-2324"
href="http://www.ietf.org/rfc/rfc1750.txt">RFC 1750</a>.
</dl>
<P>
-<dl><dt><b><a name='l2h-114'><tt class='function'>bytes</tt></a></b>(<var>num_bytes</var>)
+<dl><dt><b><a name='l2h-118'><tt class='function'>bytes</tt></a></b>(<var>num_bytes</var>)
<dd>
Get some random bytes from the PRNG as a string.
@@ -74,7 +74,7 @@ This is a wrapper for the C function <tt class="function">RAND_bytes</tt>.
</dl>
<P>
-<dl><dt><b><a name='l2h-115'><tt class='function'>cleanup</tt></a></b>()
+<dl><dt><b><a name='l2h-119'><tt class='function'>cleanup</tt></a></b>()
<dd>
Erase the memory used by the PRNG.
@@ -83,50 +83,50 @@ This is a wrapper for the C function <tt class="function">RAND_cleanup</tt>.
</dl>
<P>
-<dl><dt><b><a name='l2h-116'><tt class='function'>egd</tt></a></b>(<var>path</var><big>[</big><var>, bytes</var><big>]</big>)
+<dl><dt><b><a name='l2h-120'><tt class='function'>egd</tt></a></b>(<var>path</var><big>[</big><var>, bytes</var><big>]</big>)
<dd>
Query the Entropy Gathering Daemon<A NAME="tex2html2"
- HREF="#foot1204"><SUP>2</SUP></A> on socket <var>path</var> for <var>bytes</var>
+ HREF="#foot1227"><SUP>2</SUP></A> on socket <var>path</var> for <var>bytes</var>
bytes of random data and and uses <tt class="function">add</tt> to seed the PRNG. The default
value of <var>bytes</var> is 255.
</dl>
<P>
-<dl><dt><b><a name='l2h-117'><tt class='function'>load_file</tt></a></b>(<var>path</var><big>[</big><var>, bytes</var><big>]</big>)
+<dl><dt><b><a name='l2h-121'><tt class='function'>load_file</tt></a></b>(<var>path</var><big>[</big><var>, bytes</var><big>]</big>)
<dd>
Read <var>bytes</var> bytes (or all of it, if <var>bytes</var> is negative) of data from
the file <var>path</var> to seed the PRNG. The default value of <var>bytes</var> is -1.
</dl>
<P>
-<dl><dt><b><a name='l2h-118'><tt class='function'>screen</tt></a></b>()
+<dl><dt><b><a name='l2h-122'><tt class='function'>screen</tt></a></b>()
<dd>
Add the current contents of the screen to the PRNG state.
Availability: Windows.
</dl>
<P>
-<dl><dt><b><a name='l2h-119'><tt class='function'>seed</tt></a></b>(<var>string</var>)
+<dl><dt><b><a name='l2h-123'><tt class='function'>seed</tt></a></b>(<var>string</var>)
<dd>
This is equivalent to calling <tt class="function">add</tt> with <var>entropy</var> as the length
of the string.
</dl>
<P>
-<dl><dt><b><a name='l2h-120'><tt class='function'>status</tt></a></b>()
+<dl><dt><b><a name='l2h-124'><tt class='function'>status</tt></a></b>()
<dd>
Returns true if the PRNG has been seeded with enough data, and false otherwise.
</dl>
<P>
-<dl><dt><b><a name='l2h-121'><tt class='function'>write_file</tt></a></b>(<var>path</var>)
+<dl><dt><b><a name='l2h-125'><tt class='function'>write_file</tt></a></b>(<var>path</var>)
<dd>
Write a number of random bytes (currently 1024) to the file <var>path</var>. This
file can then be used with <tt class="function">load_file</tt> to seed the PRNG again.
</dl>
<P>
-<dl><dt><b>exception <a name='l2h-122'><tt class='exception'>Error</tt></a></b>
+<dl><dt><b>exception <a name='l2h-126'><tt class='exception'>Error</tt></a></b>
<dd>
If the current RAND method supports any errors, this is raised when needed.
The default method does not raise this when the entropy pool is depleted.
@@ -142,7 +142,7 @@ for more information.
<P>
<BR><HR><H4>Footnotes</H4>
<DL>
-<DT><A NAME="foot1204">... Daemon</A><A
+<DT><A NAME="foot1227">... Daemon</A><A
href="openssl-rand.html#tex2html2"><SUP>2</SUP></A></DT>
<DD>See
<a class="url" href="http://www.lothar.com/tech/crypto/">http://www.lothar.com/tech/crypto/</a>
@@ -173,11 +173,11 @@ for more information.
border="0" height="32"
alt="" width="32"></td>
</tr></table>
-<b class="navlabel">Previous:</b> <a class="sectref" href="revoked.html">3.1.11 Revoked objects</A>
+<b class="navlabel">Previous:</b> <a class="sectref" href="revoked.html">3.1.12 Revoked objects</A>
<b class="navlabel">Up:</b> <a class="sectref" href="openssl.html">3 OpenSSL </A>
<b class="navlabel">Next:</b> <a class="sectref" href="openssl-ssl.html">3.3 SSL </A>
<hr>
-<span class="release-info">Release 0.11.</span>
+<span class="release-info">Release 0.12.</span>
</DIV>
<!--End of Navigation Panel-->
diff --git a/doc/html/openssl-ssl.html b/doc/html/openssl-ssl.html
index 4afcef2..a607e41 100644
--- a/doc/html/openssl-ssl.html
+++ b/doc/html/openssl-ssl.html
@@ -55,39 +55,39 @@ This module handles things specific to SSL. There are two objects defined:
Context, Connection.
<P>
-<dl><dt><b><a name='l2h-124'><tt>SSLv2_METHOD</tt></a></b>
+<dl><dt><b><a name='l2h-128'><tt>SSLv2_METHOD</tt></a></b>
<dd>
-<dt><b><a name='l2h-138'><tt>SSLv3_METHOD</tt></a></b><dd>
-<dt><b><a name='l2h-139'><tt>SSLv23_METHOD</tt></a></b><dd>
-<dt><b><a name='l2h-140'><tt>TLSv1_METHOD</tt></a></b><dd>
+<dt><b><a name='l2h-142'><tt>SSLv3_METHOD</tt></a></b><dd>
+<dt><b><a name='l2h-143'><tt>SSLv23_METHOD</tt></a></b><dd>
+<dt><b><a name='l2h-144'><tt>TLSv1_METHOD</tt></a></b><dd>
These constants represent the different SSL methods to use when creating a
context object.
</dl>
<P>
-<dl><dt><b><a name='l2h-125'><tt>VERIFY_NONE</tt></a></b>
+<dl><dt><b><a name='l2h-129'><tt>VERIFY_NONE</tt></a></b>
<dd>
-<dt><b><a name='l2h-141'><tt>VERIFY_PEER</tt></a></b><dd>
-<dt><b><a name='l2h-142'><tt>VERIFY_FAIL_IF_NO_PEER_CERT</tt></a></b><dd>
+<dt><b><a name='l2h-145'><tt>VERIFY_PEER</tt></a></b><dd>
+<dt><b><a name='l2h-146'><tt>VERIFY_FAIL_IF_NO_PEER_CERT</tt></a></b><dd>
These constants represent the verification mode used by the Context
object's <tt class="method">set_verify</tt> method.
</dl>
<P>
-<dl><dt><b><a name='l2h-126'><tt>FILETYPE_PEM</tt></a></b>
+<dl><dt><b><a name='l2h-130'><tt>FILETYPE_PEM</tt></a></b>
<dd>
-<dt><b><a name='l2h-143'><tt>FILETYPE_ASN1</tt></a></b><dd>
+<dt><b><a name='l2h-147'><tt>FILETYPE_ASN1</tt></a></b><dd>
File type constants used with the <tt class="method">use_certificate_file</tt> and
<tt class="method">use_privatekey_file</tt> methods of Context objects.
</dl>
<P>
-<dl><dt><b><a name='l2h-127'><tt>OP_SINGLE_DH_USE</tt></a></b>
+<dl><dt><b><a name='l2h-131'><tt>OP_SINGLE_DH_USE</tt></a></b>
<dd>
-<dt><b><a name='l2h-144'><tt>OP_EPHEMERAL_RSA</tt></a></b><dd>
-<dt><b><a name='l2h-145'><tt>OP_NO_SSLv2</tt></a></b><dd>
-<dt><b><a name='l2h-146'><tt>OP_NO_SSLv3</tt></a></b><dd>
-<dt><b><a name='l2h-147'><tt>OP_NO_TLSv1</tt></a></b><dd>
+<dt><b><a name='l2h-148'><tt>OP_EPHEMERAL_RSA</tt></a></b><dd>
+<dt><b><a name='l2h-149'><tt>OP_NO_SSLv2</tt></a></b><dd>
+<dt><b><a name='l2h-150'><tt>OP_NO_SSLv3</tt></a></b><dd>
+<dt><b><a name='l2h-151'><tt>OP_NO_TLSv1</tt></a></b><dd>
Constants used with <tt class="method">set_options</tt> of Context objects.
<tt class="constant">OP_SINGLE_DH_USE</tt> means to always create a new key when using ephemeral
Diffie-Hellman. <tt class="constant">OP_EPHEMERAL_RSA</tt> means to always use ephemeral RSA keys
@@ -98,13 +98,13 @@ handshake, but don't want to use SSLv2.
</dl>
<P>
-<dl><dt><b><a name='l2h-128'><tt>ContextType</tt></a></b>
+<dl><dt><b><a name='l2h-132'><tt>ContextType</tt></a></b>
<dd>
See <tt class="class">Context</tt>.
</dl>
<P>
-<dl><dt><b>class <a name='l2h-129'><tt class='class'>Context</tt></a></b>(<var>method</var>)
+<dl><dt><b>class <a name='l2h-133'><tt class='class'>Context</tt></a></b>(<var>method</var>)
<dd>
A class representing SSL contexts. Contexts define the parameters of one or
more SSL connections.
@@ -115,27 +115,27 @@ more SSL connections.
</dl>
<P>
-<dl><dt><b><a name='l2h-130'><tt>ConnectionType</tt></a></b>
+<dl><dt><b><a name='l2h-134'><tt>ConnectionType</tt></a></b>
<dd>
See <tt class="class">Connection</tt>.
</dl>
<P>
-<dl><dt><b>class <a name='l2h-131'><tt class='class'>Connection</tt></a></b>(<var>context, socket</var>)
+<dl><dt><b>class <a name='l2h-135'><tt class='class'>Connection</tt></a></b>(<var>context, socket</var>)
<dd>
A class representing SSL connections.
<P>
<var>context</var> should be an instance of <tt class="class">Context</tt> and <var>socket</var>
should be a socket <A NAME="tex2html4"
- HREF="#foot1208"><SUP>3</SUP></A> object. <var>socket</var> may be
+ HREF="#foot1231"><SUP>3</SUP></A> object. <var>socket</var> may be
<var>None</var>; in this case, the Connection is created with a memory BIO: see
the <tt class="method">bio_read</tt>, <tt class="method">bio_write</tt>, and <tt class="method">bio_shutdown</tt>
methods.
</dl>
<P>
-<dl><dt><b>exception <a name='l2h-132'><tt class='exception'>Error</tt></a></b>
+<dl><dt><b>exception <a name='l2h-136'><tt class='exception'>Error</tt></a></b>
<dd>
This exception is used as a base class for the other SSL-related
exceptions, but may also be raised directly.
@@ -149,7 +149,7 @@ for more information.
</dl>
<P>
-<dl><dt><b>exception <a name='l2h-133'><tt class='exception'>ZeroReturnError</tt></a></b>
+<dl><dt><b>exception <a name='l2h-137'><tt class='exception'>ZeroReturnError</tt></a></b>
<dd>
This exception matches the error return code <code>SSL_ERROR_ZERO_RETURN</code>, and
is raised when the SSL Connection has been closed. In SSL 3.0 and TLS 1.0, this
@@ -163,7 +163,7 @@ It may seem a little strange that this is an exception, but it does match an
</dl>
<P>
-<dl><dt><b>exception <a name='l2h-134'><tt class='exception'>WantReadError</tt></a></b>
+<dl><dt><b>exception <a name='l2h-138'><tt class='exception'>WantReadError</tt></a></b>
<dd>
The operation did not complete; the same I/O method should be called again
later, with the same arguments. Any I/O method can lead to this since new
@@ -180,14 +180,14 @@ probably want to <tt class="method">select()</tt> on the socket before trying ag
</dl>
<P>
-<dl><dt><b>exception <a name='l2h-135'><tt class='exception'>WantWriteError</tt></a></b>
+<dl><dt><b>exception <a name='l2h-139'><tt class='exception'>WantWriteError</tt></a></b>
<dd>
See <tt class="exception">WantReadError</tt>. The socket send buffer may be too full to
write more data.
</dl>
<P>
-<dl><dt><b>exception <a name='l2h-136'><tt class='exception'>WantX509LookupError</tt></a></b>
+<dl><dt><b>exception <a name='l2h-140'><tt class='exception'>WantX509LookupError</tt></a></b>
<dd>
The operation did not complete because an application callback has asked to be
called again. The I/O method should be called again later, with the same
@@ -196,7 +196,7 @@ callbacks in this version.
</dl>
<P>
-<dl><dt><b>exception <a name='l2h-137'><tt class='exception'>SysCallError</tt></a></b>
+<dl><dt><b>exception <a name='l2h-141'><tt class='exception'>SysCallError</tt></a></b>
<dd>
The <tt class="exception">SysCallError</tt> occurs when there's an I/O error and OpenSSL's
error queue does not contain any information. This can mean two things: An
@@ -208,7 +208,7 @@ The parameter to the exception is always a pair <code>(<var>errnum</var>,
<P>
<BR><HR><H4>Footnotes</H4>
<DL>
-<DT><A NAME="foot1208">... socket</A><A
+<DT><A NAME="foot1231">... socket</A><A
href="openssl-ssl.html#tex2html4"><SUP>3</SUP></A></DT>
<DD>Actually, all that is required is an object
that <i>behaves</i> like a socket, you could even use files, even though
@@ -221,9 +221,9 @@ it'd be tricky to get the handshakes right!
<A NAME="CHILD_LINKS"><STRONG>Subsections</STRONG></A>
<UL CLASS="ChildLinks">
-<LI><A NAME="tex2html289"
+<LI><A NAME="tex2html303"
href="openssl-context.html">3.3.1 Context objects </A>
-<LI><A NAME="tex2html290"
+<LI><A NAME="tex2html304"
href="openssl-connection.html">3.3.2 Connection objects </A>
</UL>
<!--End of Table of Child-Links-->
@@ -256,7 +256,7 @@ it'd be tricky to get the handshakes right!
<b class="navlabel">Up:</b> <a class="sectref" href="openssl.html">3 OpenSSL </A>
<b class="navlabel">Next:</b> <a class="sectref" href="openssl-context.html">3.3.1 Context objects</A>
<hr>
-<span class="release-info">Release 0.11.</span>
+<span class="release-info">Release 0.12.</span>
</DIV>
<!--End of Navigation Panel-->
diff --git a/doc/html/openssl-x509.html b/doc/html/openssl-x509.html
index c138766..ab814a3 100644
--- a/doc/html/openssl-x509.html
+++ b/doc/html/openssl-x509.html
@@ -1,14 +1,14 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
-<title>3.1.1 X509 objects </title>
-<META NAME="description" CONTENT="3.1.1 X509 objects ">
+<title>3.1.2 X509 objects </title>
+<META NAME="description" CONTENT="3.1.2 X509 objects ">
<META NAME="keywords" CONTENT="pyOpenSSL">
<META NAME="resource-type" CONTENT="document">
<META NAME="distribution" CONTENT="global">
<link rel="STYLESHEET" href="pyOpenSSL.css">
<LINK REL="next" href="openssl-x509name.html">
-<LINK REL="previous" href="openssl-crypto.html">
+<LINK REL="previous" href="openssl-x509ext.html">
<LINK REL="up" href="openssl-crypto.html">
<LINK REL="next" href="openssl-x509name.html">
</head>
@@ -16,7 +16,7 @@
<DIV CLASS="navigation">
<table align="center" width="100%" cellpadding="0" cellspacing="2">
<tr>
-<td><A href="openssl-crypto.html"><img src="previous.gif"
+<td><A href="openssl-x509ext.html"><img src="previous.gif"
border="0" height="32"
alt="Previous Page" width="32"></A></td>
<td><A href="openssl-crypto.html"><img src="up.gif"
@@ -36,53 +36,53 @@
border="0" height="32"
alt="" width="32"></td>
</tr></table>
-<b class="navlabel">Previous:</b> <a class="sectref" href="openssl-crypto.html">3.1 crypto </A>
+<b class="navlabel">Previous:</b> <a class="sectref" href="openssl-x509ext.html">3.1.1 X509Extension objects</A>
<b class="navlabel">Up:</b> <a class="sectref" href="openssl-crypto.html">3.1 crypto </A>
-<b class="navlabel">Next:</b> <a class="sectref" href="openssl-x509name.html">3.1.2 X509Name objects</A>
+<b class="navlabel">Next:</b> <a class="sectref" href="openssl-x509name.html">3.1.3 X509Name objects</A>
<br><hr>
</DIV>
<!--End of Navigation Panel-->
-<H3><A NAME="SECTION000411000000000000000">&nbsp;</A>
+<H3><A NAME="SECTION000412000000000000000">&nbsp;</A>
<BR>
-3.1.1 X509 objects
+3.1.2 X509 objects
</H3>
<P>
X509 objects have the following methods:
<P>
-<dl><dt><b><a name='l2h-39'><tt class='method'>get_issuer</tt></a></b>()
+<dl><dt><b><a name='l2h-41'><tt class='method'>get_issuer</tt></a></b>()
<dd>
Return an X509Name object representing the issuer of the certificate.
</dl>
<P>
-<dl><dt><b><a name='l2h-40'><tt class='method'>get_pubkey</tt></a></b>()
+<dl><dt><b><a name='l2h-42'><tt class='method'>get_pubkey</tt></a></b>()
<dd>
Return a PKey object representing the public key of the certificate.
</dl>
<P>
-<dl><dt><b><a name='l2h-41'><tt class='method'>get_serial_number</tt></a></b>()
+<dl><dt><b><a name='l2h-43'><tt class='method'>get_serial_number</tt></a></b>()
<dd>
Return the certificate serial number.
</dl>
<P>
-<dl><dt><b><a name='l2h-42'><tt class='method'>get_subject</tt></a></b>()
+<dl><dt><b><a name='l2h-44'><tt class='method'>get_subject</tt></a></b>()
<dd>
Return an X509Name object representing the subject of the certificate.
</dl>
<P>
-<dl><dt><b><a name='l2h-43'><tt class='method'>get_version</tt></a></b>()
+<dl><dt><b><a name='l2h-45'><tt class='method'>get_version</tt></a></b>()
<dd>
Return the certificate version.
</dl>
<P>
-<dl><dt><b><a name='l2h-44'><tt class='method'>get_notBefore</tt></a></b>()
+<dl><dt><b><a name='l2h-46'><tt class='method'>get_notBefore</tt></a></b>()
<dd>
Return a string giving the time before which the certificate is not valid. The
string is formatted as an ASN1 GENERALIZEDTIME:
@@ -95,7 +95,7 @@ If no value exists for this field, <code>None</code> is returned.
</dl>
<P>
-<dl><dt><b><a name='l2h-45'><tt class='method'>get_notAfter</tt></a></b>()
+<dl><dt><b><a name='l2h-47'><tt class='method'>get_notAfter</tt></a></b>()
<dd>
Return a string giving the time after which the certificate is not valid. The
string is formatted as an ASN1 GENERALIZEDTIME:
@@ -108,7 +108,7 @@ If no value exists for this field, <code>None</code> is returned.
</dl>
<P>
-<dl><dt><b><a name='l2h-46'><tt class='method'>set_notBefore</tt></a></b>(<var>when</var>)
+<dl><dt><b><a name='l2h-48'><tt class='method'>set_notBefore</tt></a></b>(<var>when</var>)
<dd>
Change the time before which the certificate is not valid. <var>when</var> is a
string formatted as an ASN1 GENERALIZEDTIME:
@@ -120,7 +120,7 @@ string formatted as an ASN1 GENERALIZEDTIME:
</dl>
<P>
-<dl><dt><b><a name='l2h-47'><tt class='method'>set_notAfter</tt></a></b>(<var>when</var>)
+<dl><dt><b><a name='l2h-49'><tt class='method'>set_notAfter</tt></a></b>(<var>when</var>)
<dd>
Change the time after which the certificate is not valid. <var>when</var> is a
string formatted as an ASN1 GENERALIZEDTIME:
@@ -132,69 +132,69 @@ string formatted as an ASN1 GENERALIZEDTIME:
</dl>
<P>
-<dl><dt><b><a name='l2h-48'><tt class='method'>gmtime_adj_notBefore</tt></a></b>(<var>time</var>)
+<dl><dt><b><a name='l2h-50'><tt class='method'>gmtime_adj_notBefore</tt></a></b>(<var>time</var>)
<dd>
Adjust the timestamp (in GMT) when the certificate starts being valid.
</dl>
<P>
-<dl><dt><b><a name='l2h-49'><tt class='method'>gmtime_adj_notAfter</tt></a></b>(<var>time</var>)
+<dl><dt><b><a name='l2h-51'><tt class='method'>gmtime_adj_notAfter</tt></a></b>(<var>time</var>)
<dd>
Adjust the timestamp (in GMT) when the certificate stops being valid.
</dl>
<P>
-<dl><dt><b><a name='l2h-50'><tt class='method'>has_expired</tt></a></b>()
+<dl><dt><b><a name='l2h-52'><tt class='method'>has_expired</tt></a></b>()
<dd>
Checks the certificate's time stamp against current time. Returns true if the
certificate has expired and false otherwise.
</dl>
<P>
-<dl><dt><b><a name='l2h-51'><tt class='method'>set_issuer</tt></a></b>(<var>issuer</var>)
+<dl><dt><b><a name='l2h-53'><tt class='method'>set_issuer</tt></a></b>(<var>issuer</var>)
<dd>
Set the issuer of the certificate to <var>issuer</var>.
</dl>
<P>
-<dl><dt><b><a name='l2h-52'><tt class='method'>set_pubkey</tt></a></b>(<var>pkey</var>)
+<dl><dt><b><a name='l2h-54'><tt class='method'>set_pubkey</tt></a></b>(<var>pkey</var>)
<dd>
Set the public key of the certificate to <var>pkey</var>.
</dl>
<P>
-<dl><dt><b><a name='l2h-53'><tt class='method'>set_serial_number</tt></a></b>(<var>serialno</var>)
+<dl><dt><b><a name='l2h-55'><tt class='method'>set_serial_number</tt></a></b>(<var>serialno</var>)
<dd>
Set the serial number of the certificate to <var>serialno</var>.
</dl>
<P>
-<dl><dt><b><a name='l2h-54'><tt class='method'>set_subject</tt></a></b>(<var>subject</var>)
+<dl><dt><b><a name='l2h-56'><tt class='method'>set_subject</tt></a></b>(<var>subject</var>)
<dd>
Set the subject of the certificate to <var>subject</var>.
</dl>
<P>
-<dl><dt><b><a name='l2h-55'><tt class='method'>set_version</tt></a></b>(<var>version</var>)
+<dl><dt><b><a name='l2h-57'><tt class='method'>set_version</tt></a></b>(<var>version</var>)
<dd>
Set the certificate version to <var>version</var>.
</dl>
<P>
-<dl><dt><b><a name='l2h-56'><tt class='method'>sign</tt></a></b>(<var>pkey, digest</var>)
+<dl><dt><b><a name='l2h-58'><tt class='method'>sign</tt></a></b>(<var>pkey, digest</var>)
<dd>
Sign the certificate, using the key <var>pkey</var> and the message digest algorithm
identified by the string <var>digest</var>.
</dl>
<P>
-<dl><dt><b><a name='l2h-57'><tt class='method'>subject_name_hash</tt></a></b>()
+<dl><dt><b><a name='l2h-59'><tt class='method'>subject_name_hash</tt></a></b>()
<dd>
Return the hash of the certificate subject.
</dl>
<P>
-<dl><dt><b><a name='l2h-58'><tt class='method'>digest</tt></a></b>(<var>digest_name</var>)
+<dl><dt><b><a name='l2h-60'><tt class='method'>digest</tt></a></b>(<var>digest_name</var>)
<dd>
Return a digest of the certificate, using the <var>digest_name</var> method.
<var>digest_name</var> must be a string describing a digest algorithm supported
@@ -203,18 +203,41 @@ by OpenSSL (by EVP_get_digestbyname, specifically). For example,
</dl>
<P>
-<dl><dt><b><a name='l2h-59'><tt class='method'>add_extensions</tt></a></b>(<var>extensions</var>)
+<dl><dt><b><a name='l2h-61'><tt class='method'>add_extensions</tt></a></b>(<var>extensions</var>)
<dd>
Add the extensions in the sequence <var>extensions</var> to the certificate.
</dl>
<P>
+<dl><dt><b><a name='l2h-62'><tt class='method'>get_extension_count</tt></a></b>()
+<dd>
+Return the number of extensions on this certificate.
+
+<span class='versionnote'>New in version 0.12.</span>
+
+</dl>
+
+<P>
+<dl><dt><b><a name='l2h-63'><tt class='method'>get_extension</tt></a></b>(<var>index</var>)
+<dd>
+Retrieve the extension on this certificate at the given index.
+
+<P>
+Extensions on a certificate are kept in order. The index parameter selects
+which extension will be returned. The returned object will be an X509Extension
+instance.
+
+<span class='versionnote'>New in version 0.12.</span>
+
+</dl>
+
+<P>
<DIV CLASS="navigation">
<p><hr>
<table align="center" width="100%" cellpadding="0" cellspacing="2">
<tr>
-<td><A href="openssl-crypto.html"><img src="previous.gif"
+<td><A href="openssl-x509ext.html"><img src="previous.gif"
border="0" height="32"
alt="Previous Page" width="32"></A></td>
<td><A href="openssl-crypto.html"><img src="up.gif"
@@ -234,11 +257,11 @@ Add the extensions in the sequence <var>extensions</var> to the certificate.
border="0" height="32"
alt="" width="32"></td>
</tr></table>
-<b class="navlabel">Previous:</b> <a class="sectref" href="openssl-crypto.html">3.1 crypto </A>
+<b class="navlabel">Previous:</b> <a class="sectref" href="openssl-x509ext.html">3.1.1 X509Extension objects</A>
<b class="navlabel">Up:</b> <a class="sectref" href="openssl-crypto.html">3.1 crypto </A>
-<b class="navlabel">Next:</b> <a class="sectref" href="openssl-x509name.html">3.1.2 X509Name objects</A>
+<b class="navlabel">Next:</b> <a class="sectref" href="openssl-x509name.html">3.1.3 X509Name objects</A>
<hr>
-<span class="release-info">Release 0.11.</span>
+<span class="release-info">Release 0.12.</span>
</DIV>
<!--End of Navigation Panel-->
diff --git a/doc/html/openssl-x509name.html b/doc/html/openssl-x509name.html
index 17960ca..e5bbdec 100644
--- a/doc/html/openssl-x509name.html
+++ b/doc/html/openssl-x509name.html
@@ -1,8 +1,8 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
-<title>3.1.2 X509Name objects </title>
-<META NAME="description" CONTENT="3.1.2 X509Name objects ">
+<title>3.1.3 X509Name objects </title>
+<META NAME="description" CONTENT="3.1.3 X509Name objects ">
<META NAME="keywords" CONTENT="pyOpenSSL">
<META NAME="resource-type" CONTENT="document">
<META NAME="distribution" CONTENT="global">
@@ -36,36 +36,36 @@
border="0" height="32"
alt="" width="32"></td>
</tr></table>
-<b class="navlabel">Previous:</b> <a class="sectref" href="openssl-x509.html">3.1.1 X509 objects</A>
+<b class="navlabel">Previous:</b> <a class="sectref" href="openssl-x509.html">3.1.2 X509 objects</A>
<b class="navlabel">Up:</b> <a class="sectref" href="openssl-crypto.html">3.1 crypto </A>
-<b class="navlabel">Next:</b> <a class="sectref" href="openssl-x509req.html">3.1.3 X509Req objects</A>
+<b class="navlabel">Next:</b> <a class="sectref" href="openssl-x509req.html">3.1.4 X509Req objects</A>
<br><hr>
</DIV>
<!--End of Navigation Panel-->
-<H3><A NAME="SECTION000412000000000000000">&nbsp;</A>
+<H3><A NAME="SECTION000413000000000000000">&nbsp;</A>
<BR>
-3.1.2 X509Name objects
+3.1.3 X509Name objects
</H3>
<P>
X509Name objects have the following methods:
<P>
-<dl><dt><b><a name='l2h-60'><tt class='method'>hash</tt></a></b>()
+<dl><dt><b><a name='l2h-64'><tt class='method'>hash</tt></a></b>()
<dd>
Return an integer giving the first four bytes of the MD5 digest of the DER
representation of the name.
</dl>
<P>
-<dl><dt><b><a name='l2h-61'><tt class='method'>der</tt></a></b>()
+<dl><dt><b><a name='l2h-65'><tt class='method'>der</tt></a></b>()
<dd>
Return a string giving the DER representation of the name.
</dl>
<P>
-<dl><dt><b><a name='l2h-62'><tt class='method'>get_components</tt></a></b>()
+<dl><dt><b><a name='l2h-66'><tt class='method'>get_components</tt></a></b>()
<dd>
Return a list of two-tuples of strings giving the components of the name.
</dl>
@@ -74,49 +74,49 @@ Return a list of two-tuples of strings giving the components of the name.
X509Name objects have the following members:
<P>
-<dl><dt><b><a name='l2h-63'><tt class='member'>countryName</tt></a></b>
+<dl><dt><b><a name='l2h-67'><tt class='member'>countryName</tt></a></b>
<dd>
The country of the entity. <code>C</code> may be used as an alias for
<code>countryName</code>.
</dl>
<P>
-<dl><dt><b><a name='l2h-64'><tt class='member'>stateOrProvinceName</tt></a></b>
+<dl><dt><b><a name='l2h-68'><tt class='member'>stateOrProvinceName</tt></a></b>
<dd>
The state or province of the entity. <code>ST</code> may be used as an alias for
<code>stateOrProvinceName</code>·
</dl>
<P>
-<dl><dt><b><a name='l2h-65'><tt class='member'>localityName</tt></a></b>
+<dl><dt><b><a name='l2h-69'><tt class='member'>localityName</tt></a></b>
<dd>
The locality of the entity. <code>L</code> may be used as an alias for
<code>localityName</code>.
</dl>
<P>
-<dl><dt><b><a name='l2h-66'><tt class='member'>organizationName</tt></a></b>
+<dl><dt><b><a name='l2h-70'><tt class='member'>organizationName</tt></a></b>
<dd>
The organization name of the entity. <code>O</code> may be used as an alias for
<code>organizationName</code>.
</dl>
<P>
-<dl><dt><b><a name='l2h-67'><tt class='member'>organizationalUnitName</tt></a></b>
+<dl><dt><b><a name='l2h-71'><tt class='member'>organizationalUnitName</tt></a></b>
<dd>
The organizational unit of the entity. <code>OU</code> may be used as an alias for
<code>organizationalUnitName</code>.
</dl>
<P>
-<dl><dt><b><a name='l2h-68'><tt class='member'>commonName</tt></a></b>
+<dl><dt><b><a name='l2h-72'><tt class='member'>commonName</tt></a></b>
<dd>
The common name of the entity. <code>CN</code> may be used as an alias for
<code>commonName</code>.
</dl>
<P>
-<dl><dt><b><a name='l2h-69'><tt class='member'>emailAddress</tt></a></b>
+<dl><dt><b><a name='l2h-73'><tt class='member'>emailAddress</tt></a></b>
<dd>
The e-mail address of the entity.
</dl>
@@ -147,11 +147,11 @@ The e-mail address of the entity.
border="0" height="32"
alt="" width="32"></td>
</tr></table>
-<b class="navlabel">Previous:</b> <a class="sectref" href="openssl-x509.html">3.1.1 X509 objects</A>
+<b class="navlabel">Previous:</b> <a class="sectref" href="openssl-x509.html">3.1.2 X509 objects</A>
<b class="navlabel">Up:</b> <a class="sectref" href="openssl-crypto.html">3.1 crypto </A>
-<b class="navlabel">Next:</b> <a class="sectref" href="openssl-x509req.html">3.1.3 X509Req objects</A>
+<b class="navlabel">Next:</b> <a class="sectref" href="openssl-x509req.html">3.1.4 X509Req objects</A>
<hr>
-<span class="release-info">Release 0.11.</span>
+<span class="release-info">Release 0.12.</span>
</DIV>
<!--End of Navigation Panel-->
diff --git a/doc/html/openssl-x509req.html b/doc/html/openssl-x509req.html
index 31561b5..3625c27 100644
--- a/doc/html/openssl-x509req.html
+++ b/doc/html/openssl-x509req.html
@@ -1,8 +1,8 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
-<title>3.1.3 X509Req objects </title>
-<META NAME="description" CONTENT="3.1.3 X509Req objects ">
+<title>3.1.4 X509Req objects </title>
+<META NAME="description" CONTENT="3.1.4 X509Req objects ">
<META NAME="keywords" CONTENT="pyOpenSSL">
<META NAME="resource-type" CONTENT="document">
<META NAME="distribution" CONTENT="global">
@@ -36,61 +36,61 @@
border="0" height="32"
alt="" width="32"></td>
</tr></table>
-<b class="navlabel">Previous:</b> <a class="sectref" href="openssl-x509name.html">3.1.2 X509Name objects</A>
+<b class="navlabel">Previous:</b> <a class="sectref" href="openssl-x509name.html">3.1.3 X509Name objects</A>
<b class="navlabel">Up:</b> <a class="sectref" href="openssl-crypto.html">3.1 crypto </A>
-<b class="navlabel">Next:</b> <a class="sectref" href="openssl-x509store.html">3.1.4 X509Store objects</A>
+<b class="navlabel">Next:</b> <a class="sectref" href="openssl-x509store.html">3.1.5 X509Store objects</A>
<br><hr>
</DIV>
<!--End of Navigation Panel-->
-<H3><A NAME="SECTION000413000000000000000">&nbsp;</A>
+<H3><A NAME="SECTION000414000000000000000">&nbsp;</A>
<BR>
-3.1.3 X509Req objects
+3.1.4 X509Req objects
</H3>
<P>
X509Req objects have the following methods:
<P>
-<dl><dt><b><a name='l2h-70'><tt class='method'>get_pubkey</tt></a></b>()
+<dl><dt><b><a name='l2h-74'><tt class='method'>get_pubkey</tt></a></b>()
<dd>
Return a PKey object representing the public key of the certificate request.
</dl>
<P>
-<dl><dt><b><a name='l2h-71'><tt class='method'>get_subject</tt></a></b>()
+<dl><dt><b><a name='l2h-75'><tt class='method'>get_subject</tt></a></b>()
<dd>
Return an X509Name object representing the subject of the certificate.
</dl>
<P>
-<dl><dt><b><a name='l2h-72'><tt class='method'>set_pubkey</tt></a></b>(<var>pkey</var>)
+<dl><dt><b><a name='l2h-76'><tt class='method'>set_pubkey</tt></a></b>(<var>pkey</var>)
<dd>
Set the public key of the certificate request to <var>pkey</var>.
</dl>
<P>
-<dl><dt><b><a name='l2h-73'><tt class='method'>sign</tt></a></b>(<var>pkey, digest</var>)
+<dl><dt><b><a name='l2h-77'><tt class='method'>sign</tt></a></b>(<var>pkey, digest</var>)
<dd>
Sign the certificate request, using the key <var>pkey</var> and the message digest
algorithm identified by the string <var>digest</var>.
</dl>
<P>
-<dl><dt><b><a name='l2h-74'><tt class='method'>verify</tt></a></b>(<var>pkey</var>)
+<dl><dt><b><a name='l2h-78'><tt class='method'>verify</tt></a></b>(<var>pkey</var>)
<dd>
Verify a certificate request using the public key <var>pkey</var>.
</dl>
<P>
-<dl><dt><b><a name='l2h-75'><tt class='method'>set_version</tt></a></b>(<var>version</var>)
+<dl><dt><b><a name='l2h-79'><tt class='method'>set_version</tt></a></b>(<var>version</var>)
<dd>
Set the version (RFC 2459, 4.1.2.1) of the certificate request to
<var>version</var>.
</dl>
<P>
-<dl><dt><b><a name='l2h-76'><tt class='method'>get_version</tt></a></b>()
+<dl><dt><b><a name='l2h-80'><tt class='method'>get_version</tt></a></b>()
<dd>
Get the version (RFC 2459, 4.1.2.1) of the certificate request.
</dl>
@@ -121,11 +121,11 @@ Get the version (RFC 2459, 4.1.2.1) of the certificate request.
border="0" height="32"
alt="" width="32"></td>
</tr></table>
-<b class="navlabel">Previous:</b> <a class="sectref" href="openssl-x509name.html">3.1.2 X509Name objects</A>
+<b class="navlabel">Previous:</b> <a class="sectref" href="openssl-x509name.html">3.1.3 X509Name objects</A>
<b class="navlabel">Up:</b> <a class="sectref" href="openssl-crypto.html">3.1 crypto </A>
-<b class="navlabel">Next:</b> <a class="sectref" href="openssl-x509store.html">3.1.4 X509Store objects</A>
+<b class="navlabel">Next:</b> <a class="sectref" href="openssl-x509store.html">3.1.5 X509Store objects</A>
<hr>
-<span class="release-info">Release 0.11.</span>
+<span class="release-info">Release 0.12.</span>
</DIV>
<!--End of Navigation Panel-->
diff --git a/doc/html/openssl-x509store.html b/doc/html/openssl-x509store.html
index 9c6c290..03d589e 100644
--- a/doc/html/openssl-x509store.html
+++ b/doc/html/openssl-x509store.html
@@ -1,8 +1,8 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
-<title>3.1.4 X509Store objects </title>
-<META NAME="description" CONTENT="3.1.4 X509Store objects ">
+<title>3.1.5 X509Store objects </title>
+<META NAME="description" CONTENT="3.1.5 X509Store objects ">
<META NAME="keywords" CONTENT="pyOpenSSL">
<META NAME="resource-type" CONTENT="document">
<META NAME="distribution" CONTENT="global">
@@ -36,23 +36,23 @@
border="0" height="32"
alt="" width="32"></td>
</tr></table>
-<b class="navlabel">Previous:</b> <a class="sectref" href="openssl-x509req.html">3.1.3 X509Req objects</A>
+<b class="navlabel">Previous:</b> <a class="sectref" href="openssl-x509req.html">3.1.4 X509Req objects</A>
<b class="navlabel">Up:</b> <a class="sectref" href="openssl-crypto.html">3.1 crypto </A>
-<b class="navlabel">Next:</b> <a class="sectref" href="openssl-pkey.html">3.1.5 PKey objects</A>
+<b class="navlabel">Next:</b> <a class="sectref" href="openssl-pkey.html">3.1.6 PKey objects</A>
<br><hr>
</DIV>
<!--End of Navigation Panel-->
-<H3><A NAME="SECTION000414000000000000000">&nbsp;</A>
+<H3><A NAME="SECTION000415000000000000000">&nbsp;</A>
<BR>
-3.1.4 X509Store objects
+3.1.5 X509Store objects
</H3>
<P>
The X509Store object has currently just one method:
<P>
-<dl><dt><b><a name='l2h-77'><tt class='method'>add_cert</tt></a></b>(<var>cert</var>)
+<dl><dt><b><a name='l2h-81'><tt class='method'>add_cert</tt></a></b>(<var>cert</var>)
<dd>
Add the certificate <var>cert</var> to the certificate store.
</dl>
@@ -83,11 +83,11 @@ Add the certificate <var>cert</var> to the certificate store.
border="0" height="32"
alt="" width="32"></td>
</tr></table>
-<b class="navlabel">Previous:</b> <a class="sectref" href="openssl-x509req.html">3.1.3 X509Req objects</A>
+<b class="navlabel">Previous:</b> <a class="sectref" href="openssl-x509req.html">3.1.4 X509Req objects</A>
<b class="navlabel">Up:</b> <a class="sectref" href="openssl-crypto.html">3.1 crypto </A>
-<b class="navlabel">Next:</b> <a class="sectref" href="openssl-pkey.html">3.1.5 PKey objects</A>
+<b class="navlabel">Next:</b> <a class="sectref" href="openssl-pkey.html">3.1.6 PKey objects</A>
<hr>
-<span class="release-info">Release 0.11.</span>
+<span class="release-info">Release 0.12.</span>
</DIV>
<!--End of Navigation Panel-->
diff --git a/doc/html/openssl.html b/doc/html/openssl.html
index e47b130..4ecc438 100644
--- a/doc/html/openssl.html
+++ b/doc/html/openssl.html
@@ -80,41 +80,43 @@ An interface to the SSL-specific parts of OpenSSL.
<A NAME="CHILD_LINKS"><STRONG>Subsections</STRONG></A>
<UL CLASS="ChildLinks">
-<LI><A NAME="tex2html112"
+<LI><A NAME="tex2html113"
href="openssl-crypto.html">3.1 <tt class="module">crypto</tt> -- Generic cryptographic module </A>
<UL>
-<LI><A NAME="tex2html113"
- href="openssl-x509.html">3.1.1 X509 objects </A>
<LI><A NAME="tex2html114"
- href="openssl-x509name.html">3.1.2 X509Name objects </A>
+ href="openssl-x509ext.html">3.1.1 X509Extension objects </A>
<LI><A NAME="tex2html115"
- href="openssl-x509req.html">3.1.3 X509Req objects </A>
+ href="openssl-x509.html">3.1.2 X509 objects </A>
<LI><A NAME="tex2html116"
- href="openssl-x509store.html">3.1.4 X509Store objects </A>
+ href="openssl-x509name.html">3.1.3 X509Name objects </A>
<LI><A NAME="tex2html117"
- href="openssl-pkey.html">3.1.5 PKey objects </A>
+ href="openssl-x509req.html">3.1.4 X509Req objects </A>
<LI><A NAME="tex2html118"
- href="openssl-pkcs7.html">3.1.6 PKCS7 objects </A>
+ href="openssl-x509store.html">3.1.5 X509Store objects </A>
<LI><A NAME="tex2html119"
- href="openssl-pkcs12.html">3.1.7 PKCS12 objects </A>
+ href="openssl-pkey.html">3.1.6 PKey objects </A>
<LI><A NAME="tex2html120"
- href="openssl-509ext.html">3.1.8 X509Extension objects </A>
+ href="openssl-pkcs7.html">3.1.7 PKCS7 objects </A>
<LI><A NAME="tex2html121"
- href="openssl-netscape-spki.html">3.1.9 NetscapeSPKI objects </A>
+ href="openssl-pkcs12.html">3.1.8 PKCS12 objects </A>
<LI><A NAME="tex2html122"
- href="crl.html">3.1.10 CRL objects </A>
+ href="openssl-509ext.html">3.1.9 X509Extension objects </A>
<LI><A NAME="tex2html123"
- href="revoked.html">3.1.11 Revoked objects </A>
+ href="openssl-netscape-spki.html">3.1.10 NetscapeSPKI objects </A>
+<LI><A NAME="tex2html124"
+ href="crl.html">3.1.11 CRL objects </A>
+<LI><A NAME="tex2html125"
+ href="revoked.html">3.1.12 Revoked objects </A>
</UL>
<BR>
-<LI><A NAME="tex2html124"
+<LI><A NAME="tex2html126"
href="openssl-rand.html">3.2 <tt class="module">rand</tt> -- An interface to the OpenSSL pseudo random number generator </A>
-<LI><A NAME="tex2html125"
+<LI><A NAME="tex2html127"
href="openssl-ssl.html">3.3 <tt class="module">SSL</tt> -- An interface to the SSL-specific parts of OpenSSL </A>
<UL>
-<LI><A NAME="tex2html126"
+<LI><A NAME="tex2html128"
href="openssl-context.html">3.3.1 Context objects </A>
-<LI><A NAME="tex2html127"
+<LI><A NAME="tex2html129"
href="openssl-connection.html">3.3.2 Connection objects </A>
</UL></UL>
<!--End of Table of Child-Links-->
@@ -147,7 +149,7 @@ An interface to the SSL-specific parts of OpenSSL.
<b class="navlabel">Up:</b> <a class="sectref" HREF="pyOpenSSL.html">Python OpenSSL Manual</A>
<b class="navlabel">Next:</b> <a class="sectref" href="openssl-crypto.html">3.1 crypto </A>
<hr>
-<span class="release-info">Release 0.11.</span>
+<span class="release-info">Release 0.12.</span>
</DIV>
<!--End of Navigation Panel-->
diff --git a/doc/html/pyOpenSSL.how b/doc/html/pyOpenSSL.how
index 1d37fe6..2464192 100644
--- a/doc/html/pyOpenSSL.how
+++ b/doc/html/pyOpenSSL.how
@@ -1 +1 @@
-+++ perl /home/exarkun/Projects/pyOpenSSL/branches/release-0.11/doc/tools/node2label.pl *.html
++++ perl /home/exarkun/Projects/pyOpenSSL/trunk/doc/tools/node2label.pl *.html
diff --git a/doc/html/pyOpenSSL.html b/doc/html/pyOpenSSL.html
index 4eab092..c5d7e7a 100644
--- a/doc/html/pyOpenSSL.html
+++ b/doc/html/pyOpenSSL.html
@@ -87,52 +87,54 @@ calling a corresponding function in the OpenSSL library.
href="openssl-crypto.html">3.1 <tt class="module">crypto</tt> -- Generic cryptographic module </A>
<UL>
<LI><A NAME="tex2html15"
- href="openssl-x509.html">3.1.1 X509 objects </A>
+ href="openssl-x509ext.html">3.1.1 X509Extension objects </A>
<LI><A NAME="tex2html16"
- href="openssl-x509name.html">3.1.2 X509Name objects </A>
+ href="openssl-x509.html">3.1.2 X509 objects </A>
<LI><A NAME="tex2html17"
- href="openssl-x509req.html">3.1.3 X509Req objects </A>
+ href="openssl-x509name.html">3.1.3 X509Name objects </A>
<LI><A NAME="tex2html18"
- href="openssl-x509store.html">3.1.4 X509Store objects </A>
+ href="openssl-x509req.html">3.1.4 X509Req objects </A>
<LI><A NAME="tex2html19"
- href="openssl-pkey.html">3.1.5 PKey objects </A>
+ href="openssl-x509store.html">3.1.5 X509Store objects </A>
<LI><A NAME="tex2html20"
- href="openssl-pkcs7.html">3.1.6 PKCS7 objects </A>
+ href="openssl-pkey.html">3.1.6 PKey objects </A>
<LI><A NAME="tex2html21"
- href="openssl-pkcs12.html">3.1.7 PKCS12 objects </A>
+ href="openssl-pkcs7.html">3.1.7 PKCS7 objects </A>
<LI><A NAME="tex2html22"
- href="openssl-509ext.html">3.1.8 X509Extension objects </A>
+ href="openssl-pkcs12.html">3.1.8 PKCS12 objects </A>
<LI><A NAME="tex2html23"
- href="openssl-netscape-spki.html">3.1.9 NetscapeSPKI objects </A>
+ href="openssl-509ext.html">3.1.9 X509Extension objects </A>
<LI><A NAME="tex2html24"
- href="crl.html">3.1.10 CRL objects </A>
+ href="openssl-netscape-spki.html">3.1.10 NetscapeSPKI objects </A>
<LI><A NAME="tex2html25"
- href="revoked.html">3.1.11 Revoked objects </A>
-</UL>
+ href="crl.html">3.1.11 CRL objects </A>
<LI><A NAME="tex2html26"
- href="openssl-rand.html">3.2 <tt class="module">rand</tt> -- An interface to the OpenSSL pseudo random number generator </A>
+ href="revoked.html">3.1.12 Revoked objects </A>
+</UL>
<LI><A NAME="tex2html27"
+ href="openssl-rand.html">3.2 <tt class="module">rand</tt> -- An interface to the OpenSSL pseudo random number generator </A>
+<LI><A NAME="tex2html28"
href="openssl-ssl.html">3.3 <tt class="module">SSL</tt> -- An interface to the SSL-specific parts of OpenSSL </A>
<UL>
-<LI><A NAME="tex2html28"
- href="openssl-context.html">3.3.1 Context objects </A>
<LI><A NAME="tex2html29"
+ href="openssl-context.html">3.3.1 Context objects </A>
+<LI><A NAME="tex2html30"
href="openssl-connection.html">3.3.2 Connection objects </A>
</UL>
</UL>
<BR>
-<LI><A NAME="tex2html30"
+<LI><A NAME="tex2html31"
href="internals.html">4 Internals </A>
<UL>
-<LI><A NAME="tex2html31"
- href="exceptions.html">4.1 Exceptions </A>
<LI><A NAME="tex2html32"
- href="callbacks.html">4.2 Callbacks </A>
+ href="exceptions.html">4.1 Exceptions </A>
<LI><A NAME="tex2html33"
+ href="callbacks.html">4.2 Callbacks </A>
+<LI><A NAME="tex2html34"
href="socket-methods.html">4.3 Acessing Socket Methods </A>
</UL>
<BR>
-<LI><A NAME="tex2html34"
+<LI><A NAME="tex2html35"
href="about.html">About this document ...</A>
</UL>
<!--End of Table of Child-Links-->
@@ -163,7 +165,7 @@ calling a corresponding function in the OpenSSL library.
</tr></table>
<b class="navlabel">Next:</b> <a class="sectref" href="contents.html">Contents</A>
<hr>
-<span class="release-info">Release 0.11.</span>
+<span class="release-info">Release 0.12.</span>
</DIV>
<!--End of Navigation Panel-->
diff --git a/doc/html/revoked.html b/doc/html/revoked.html
index 0a7d547..e2e5d9f 100644
--- a/doc/html/revoked.html
+++ b/doc/html/revoked.html
@@ -1,8 +1,8 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
-<title>3.1.11 Revoked objects </title>
-<META NAME="description" CONTENT="3.1.11 Revoked objects ">
+<title>3.1.12 Revoked objects </title>
+<META NAME="description" CONTENT="3.1.12 Revoked objects ">
<META NAME="keywords" CONTENT="pyOpenSSL">
<META NAME="resource-type" CONTENT="document">
<META NAME="distribution" CONTENT="global">
@@ -35,49 +35,49 @@
border="0" height="32"
alt="" width="32"></td>
</tr></table>
-<b class="navlabel">Previous:</b> <a class="sectref" href="crl.html">3.1.10 CRL objects</A>
+<b class="navlabel">Previous:</b> <a class="sectref" href="crl.html">3.1.11 CRL objects</A>
<b class="navlabel">Up:</b> <a class="sectref" href="openssl-crypto.html">3.1 crypto </A>
<b class="navlabel">Next:</b> <a class="sectref" href="openssl-rand.html">3.2 rand </A>
<br><hr>
</DIV>
<!--End of Navigation Panel-->
-<H3><A NAME="SECTION0004111000000000000000">&nbsp;</A>
+<H3><A NAME="SECTION0004112000000000000000">&nbsp;</A>
<BR>
-3.1.11 Revoked objects
+3.1.12 Revoked objects
</H3>
<P>
Revoked objects have the following methods:
<P>
-<dl><dt><b><a name='l2h-105'><tt class='method'>all_reasons</tt></a></b>()
+<dl><dt><b><a name='l2h-109'><tt class='method'>all_reasons</tt></a></b>()
<dd>
Return a list of all supported reasons.
</dl>
<P>
-<dl><dt><b><a name='l2h-106'><tt class='method'>get_reason</tt></a></b>()
+<dl><dt><b><a name='l2h-110'><tt class='method'>get_reason</tt></a></b>()
<dd>
Return the revocation reason as a str. Can be
None, which differs from "Unspecified".
</dl>
<P>
-<dl><dt><b><a name='l2h-107'><tt class='method'>get_rev_date</tt></a></b>()
+<dl><dt><b><a name='l2h-111'><tt class='method'>get_rev_date</tt></a></b>()
<dd>
Return the revocation date as a str.
The string is formatted as an ASN1 GENERALIZEDTIME.
</dl>
<P>
-<dl><dt><b><a name='l2h-108'><tt class='method'>get_serial</tt></a></b>()
+<dl><dt><b><a name='l2h-112'><tt class='method'>get_serial</tt></a></b>()
<dd>
Return a str containing a hex number of the serial of the revoked certificate.
</dl>
<P>
-<dl><dt><b><a name='l2h-109'><tt class='method'>set_reason</tt></a></b>(<var>reason</var>)
+<dl><dt><b><a name='l2h-113'><tt class='method'>set_reason</tt></a></b>(<var>reason</var>)
<dd>
Set the revocation reason. <var>reason</var> must
be None or a string, but the values are limited.
@@ -85,14 +85,14 @@ Spaces and case are ignored. See <tt class="method">all_reasons</tt>.
</dl>
<P>
-<dl><dt><b><a name='l2h-110'><tt class='method'>set_rev_date</tt></a></b>(<var>date</var>)
+<dl><dt><b><a name='l2h-114'><tt class='method'>set_rev_date</tt></a></b>(<var>date</var>)
<dd>
Set the revocation date.
The string is formatted as an ASN1 GENERALIZEDTIME.
</dl>
<P>
-<dl><dt><b><a name='l2h-111'><tt class='method'>set_serial</tt></a></b>(<var>serial</var>)
+<dl><dt><b><a name='l2h-115'><tt class='method'>set_serial</tt></a></b>(<var>serial</var>)
<dd>
<var>serial</var> is a string containing a hex number of the serial of the revoked certificate.
</dl>
@@ -123,11 +123,11 @@ The string is formatted as an ASN1 GENERALIZEDTIME.
border="0" height="32"
alt="" width="32"></td>
</tr></table>
-<b class="navlabel">Previous:</b> <a class="sectref" href="crl.html">3.1.10 CRL objects</A>
+<b class="navlabel">Previous:</b> <a class="sectref" href="crl.html">3.1.11 CRL objects</A>
<b class="navlabel">Up:</b> <a class="sectref" href="openssl-crypto.html">3.1 crypto </A>
<b class="navlabel">Next:</b> <a class="sectref" href="openssl-rand.html">3.2 rand </A>
<hr>
-<span class="release-info">Release 0.11.</span>
+<span class="release-info">Release 0.12.</span>
</DIV>
<!--End of Navigation Panel-->
diff --git a/doc/html/socket-methods.html b/doc/html/socket-methods.html
index 0148ee5..46ecc01 100644
--- a/doc/html/socket-methods.html
+++ b/doc/html/socket-methods.html
@@ -111,7 +111,7 @@ read-transport or the write-transport?
<b class="navlabel">Up:</b> <a class="sectref" href="internals.html">4 Internals</A>
<b class="navlabel">Next:</b> <a class="sectref" href="about.html">About this document ...</A>
<hr>
-<span class="release-info">Release 0.11.</span>
+<span class="release-info">Release 0.12.</span>
</DIV>
<!--End of Navigation Panel-->
diff --git a/doc/pyOpenSSL.ps b/doc/pyOpenSSL.ps
index 72fa5a5..3eef2c6 100644
--- a/doc/pyOpenSSL.ps
+++ b/doc/pyOpenSSL.ps
@@ -1,7 +1,7 @@
%!PS-Adobe-2.0
%%Creator: dvips(k) 5.96.1 Copyright 2007 Radical Eye Software
%%Title: pyOpenSSL.dvi
-%%CreationDate: Sun Oct 31 10:36:29 2010
+%%CreationDate: Mon Apr 11 19:56:45 2011
%%Pages: 18
%%PageOrder: Ascend
%%BoundingBox: 0 0 596 842
@@ -10,7 +10,7 @@
%DVIPSWebPage: (www.radicaleye.com)
%DVIPSCommandLine: dvips -N0 -o pyOpenSSL.ps pyOpenSSL
%DVIPSParameters: dpi=600
-%DVIPSSource: TeX output 2010.10.31:1036
+%DVIPSSource: TeX output 2011.04.11:1956
%%BeginProcSet: tex.pro 0 0
%!
/TeXDict 300 dict def TeXDict begin/N{def}def/B{bind def}N/S{exch}N/X{S
@@ -4112,8 +4112,8 @@ FC0000000001F80000000001F80000003003F00000003E07F00000003FFFE00000003FFF
C00000003FFFC00000003FFF800000003FFF0000000007FC000000002F4C7EB334>121
D E
%EndDVIPSBitmapFont
-%DVIPSBitmapFont: Fs ecsi1200 12 8
-/Fs 8 116 df<3FC07F807F807F807F807F80FF00FF000A0877871B>46
+%DVIPSBitmapFont: Fs ecsi1200 12 9
+/Fs 9 116 df<3FC07F807F807F807F807F80FF00FF000A0877871B>46
D<0000007F8000000003FFF00000000FFFFC0000003FFFFE0000007FFFFF000000FFFFFF
800003FF81FF800007FC007FC00007F8003FC0000FE0001FE0001FC0000FE0003F80000F
E0003F80000FE0007F000007F0007E000007F000FE000007F000FC000007F001FC000007
@@ -4135,29 +4135,40 @@ F00000000FF00000001FE00000001FE00000001FE00000001FE00000003FC00000003FC0
00007F80000000FF00000000FF00000000FF00000000FF00000000FF00000001FE000000
01FE00000001FE00000001FE00000003FC00000003FC00000003FC00000003FC00000003
FC00000007F800007FFFFFFF807FFFFFFF807FFFFFFF807FFFFFFF80FFFFFFFF00FFFFFF
-FF00224377C231>I<0001FFFFFFF000000003FFFFFFFE00000003FFFFFFFFC0000003FF
-FFFFFFF0000003FFFFFFFFF8000007FFFFFFFFFC000007F800007FFE000007F800000FFF
-000007F8000003FF800007F8000000FF80000FF00000007FC0000FF00000007FC0000FF0
-0000003FE0000FF00000003FE0000FF00000003FE0001FE00000001FE0001FE00000001F
-E0001FE00000001FE0001FE00000003FE0001FE00000003FC0003FC00000003FC0003FC0
-0000007FC0003FC00000007F80003FC0000000FF80007F80000001FF00007F80000003FE
-00007F80000007FE00007F8000000FFC00007F8000003FF80000FF000000FFF00000FF00
-000FFFC00000FFFFFFFFFF800000FFFFFFFFFE000000FFFFFFFFF8000001FFFFFFFFE000
-0001FFFFFFFF00000001FFFFFFFC00000001FE0001FC00000003FC0001FE00000003FC00
-01FE00000003FC0000FE00000003FC0000FF00000003FC00007F00000007F800007F8000
-0007F800007F80000007F800003F80000007F800003FC0000007F800003FC000000FF000
-001FC000000FF000001FE000000FF000001FE000000FF000000FF000000FF000000FF000
-001FE000000FF000001FE0000007F800001FE0000007F800001FE0000003F800003FC000
-0003FC00003FC0000003FC00003FC0000001FC00003FC0000001FE00003FC0000001FE00
-007F80000000FF00007F80000000FF00007F80000000FF00007F800000007F80007F8000
-00007F8000FF000000007F8000FF000000003FC0003B4577C43F>82
-D<00000FFC000000FFFF800003FFFFC0001FFFFFF0003FFFFFF8003FFFFFF8007FE00FFC
-007F0003FE00780003FE00600001FE00000001FE00000001FF00000000FF00000000FF00
-000000FF00000001FE00000001FE00000001FE00000001FE00000001FE00000003FC0000
-0FFFFC0001FFFFFC000FFFFFFC003FFFFFFC00FFFFFFF803FFFC07F807FF8007F80FFC00
-07F81FF00007F83FC0000FF03F80000FF07F00000FF07F00000FF0FE00001FE0FE00001F
-E0FE00003FE0FF00003FE0FF0000FFE0FF8003FFC07FF01FFFC07FFFFFFFC07FFFFFFFC0
-3FFFFF3FC01FFFFC7F800FFFE07F8003FE000000282F7AAD2F>97
+FF00224377C231>I<0000001FF000000000FFFE00000003FFFF8000000FFFFFE000001F
+FFFFF000003FFFFFF800007FC07FF80000FE000FFC0001FC0007FE0003F80003FE0007F0
+0001FE0007E00001FF000FC00000FF001FC00000FF001F800000FF003F000000FF003F00
+0000FF003E000000FF001E000000FF001E000000FF000C000000FF0004000000FF000000
+0000FE0000000001FE0000000001FE0000000001FC0000000003FC0000000003F8000000
+0007F8000000000FF0000000000FE0000000001FE0000000003FC0000000007F80000000
+00FF0000000001FE0000000003FC0000000007F8000000000FF0000000001FE000000000
+3F80000000007F0000000000FE0000000003FC0000000007F0000000000FE0000000001F
+C0000000007F8000000000FE0000000001FC0000000003F80000000007F0000000000FE0
+000000003F80000000007F0000000000FE0000000001FC0000000003F80000000007E000
+0000001FC0000000003F80000000007FFFFFFFFE007FFFFFFFFE007FFFFFFFFE007FFFFF
+FFFE00FFFFFFFFFC00FFFFFFFFFC0030437BC231>I<0001FFFFFFF000000003FFFFFFFE
+00000003FFFFFFFFC0000003FFFFFFFFF0000003FFFFFFFFF8000007FFFFFFFFFC000007
+F800007FFE000007F800000FFF000007F8000003FF800007F8000000FF80000FF0000000
+7FC0000FF00000007FC0000FF00000003FE0000FF00000003FE0000FF00000003FE0001F
+E00000001FE0001FE00000001FE0001FE00000001FE0001FE00000003FE0001FE0000000
+3FC0003FC00000003FC0003FC00000007FC0003FC00000007F80003FC0000000FF80007F
+80000001FF00007F80000003FE00007F80000007FE00007F8000000FFC00007F8000003F
+F80000FF000000FFF00000FF00000FFFC00000FFFFFFFFFF800000FFFFFFFFFE000000FF
+FFFFFFF8000001FFFFFFFFE0000001FFFFFFFF00000001FFFFFFFC00000001FE0001FC00
+000003FC0001FE00000003FC0001FE00000003FC0000FE00000003FC0000FF00000003FC
+00007F00000007F800007F80000007F800007F80000007F800003F80000007F800003FC0
+000007F800003FC000000FF000001FC000000FF000001FE000000FF000001FE000000FF0
+00000FF000000FF000000FF000001FE000000FF000001FE0000007F800001FE0000007F8
+00001FE0000003F800003FC0000003FC00003FC0000003FC00003FC0000001FC00003FC0
+000001FE00003FC0000001FE00007F80000000FF00007F80000000FF00007F80000000FF
+00007F800000007F80007F800000007F8000FF000000007F8000FF000000003FC0003B45
+77C43F>82 D<00000FFC000000FFFF800003FFFFC0001FFFFFF0003FFFFFF8003FFFFFF8
+007FE00FFC007F0003FE00780003FE00600001FE00000001FE00000001FF00000000FF00
+000000FF00000000FF00000001FE00000001FE00000001FE00000001FE00000001FE0000
+0003FC00000FFFFC0001FFFFFC000FFFFFFC003FFFFFFC00FFFFFFF803FFFC07F807FF80
+07F80FFC0007F81FF00007F83FC0000FF03F80000FF07F00000FF07F00000FF0FE00001F
+E0FE00001FE0FE00003FE0FF00003FE0FF0000FFE0FF8003FFC07FF01FFFC07FFFFFFFC0
+7FFFFFFFC03FFFFF3FC01FFFFC7F800FFFE07F8003FE000000282F7AAD2F>97
D<000007F80000003FFE000000FFFF800003FFFFC00007FFFFE0000FFFFFF0003FF81FF0
007FC007F800FF8003F800FE0001F801FC0001F803F80000FC07F00000FC07F00000FC0F
E00000FC0FC000007C1FC000007C1F8000007C3FFFFFFFFC3FFFFFFFF83FFFFFFFF87FFF
@@ -4691,91 +4702,94 @@ ifelse
end
%%EndSetup
%%Page: 1 1
-TeXDict begin 1 0 bop 0 83 3901 9 v 1890 451 a Ft(Python)64
-b(Op)5 b(enSSL)64 b(Manual)3394 619 y Fs(Release)34 b(0.11)2927
-974 y Fr(Jean-P)m(aul)i(Calderone)3280 1328 y Fq(Octob)r(er)26
-b(31,)h(2010)3014 1475 y Fp(exa)n(rkun@t)n(wistedmatrix.com)1781
-1697 y Fo(Abstract)208 1841 y Fn(This)32 b(mo)r(dule)f(is)h(a)g(rather)
+TeXDict begin 1 0 bop 0 83 3901 9 v 1890 430 a Ft(Python)64
+b(Op)5 b(enSSL)64 b(Manual)3394 599 y Fs(Release)34 b(0.12)2927
+953 y Fr(Jean-P)m(aul)i(Calderone)3386 1307 y Fq(April)27
+b(11,)g(2011)3014 1454 y Fp(exa)n(rkun@t)n(wistedmatrix.com)1781
+1650 y Fo(Abstract)208 1779 y Fn(This)32 b(mo)r(dule)f(is)h(a)g(rather)
g(thin)f(wrapp)r(er)h(around)g(\(a)g(subset)f(of)6 b(\))32
b(the)g(Op)r(enSSL)e(library)-6 b(.)52 b(With)32 b(thin)f(wrapp)r(er)
-208 1932 y(I)d(mean)h(that)f(a)i(lot)f(of)h(the)f(ob)t(ject)h(metho)r
+208 1870 y(I)d(mean)h(that)f(a)i(lot)f(of)h(the)f(ob)t(ject)h(metho)r
(ds)e(do)h(nothing)g(more)g(than)g(calling)h(a)g(corresp)r(onding)g
-(function)f(in)g(the)208 2024 y(Op)r(enSSL)24 b(library)-6
-b(.)0 2298 y Fr(Contents)0 2481 y Fm(1)77 b(In)m(tro)s(duction)3201
-b(2)0 2663 y(2)77 b(Building)30 b(and)i(Installing)2765
-b(2)125 2763 y Fq(2.1)83 b(Building)28 b(the)g(Mo)r(dule)g(on)f(a)g
+(function)f(in)g(the)208 1961 y(Op)r(enSSL)24 b(library)-6
+b(.)0 2231 y Fr(Contents)0 2414 y Fm(1)77 b(In)m(tro)s(duction)3201
+b(2)0 2596 y(2)77 b(Building)30 b(and)i(Installing)2765
+b(2)125 2696 y Fq(2.1)83 b(Building)28 b(the)g(Mo)r(dule)g(on)f(a)g
(Unix)h(System)87 b(.)41 b(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f
(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)
-134 b(2)125 2863 y(2.2)83 b(Building)28 b(the)g(Mo)r(dule)g(on)f(a)g
+134 b(2)125 2796 y(2.2)83 b(Building)28 b(the)g(Mo)r(dule)g(on)f(a)g
(Windo)n(ws)g(System)59 b(.)41 b(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)
h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)134
-b(3)0 3045 y Fm(3)77 b Fl(OpenSSL)28 b Fm(\026)33 b(Python)f(in)m
-(terface)h(to)e(Op)s(enSSL)2030 b(3)125 3145 y Fq(3.1)83
+b(3)0 2978 y Fm(3)77 b Fl(OpenSSL)28 b Fm(\026)33 b(Python)f(in)m
+(terface)h(to)e(Op)s(enSSL)2030 b(3)125 3078 y Fq(3.1)83
b Fl(crypto)26 b Fq(\026)h(Generic)g(cryptographic)f(mo)r(dule)79
b(.)42 b(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)
h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)134 b(3)315
-3244 y(X509)27 b(ob)5 b(jects)73 b(.)42 b(.)f(.)h(.)f(.)h(.)g(.)f(.)h
-(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)
-h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f
-(.)h(.)134 b(5)315 3344 y(X509Name)27 b(ob)5 b(jects)57
-b(.)41 b(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)
-f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)f(.)h
-(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)134 b(7)315 3444 y(X509Req)27
-b(ob)5 b(jects)60 b(.)42 b(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)f(.)h
-(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)
-f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)134
-b(7)315 3543 y(X509Store)26 b(ob)5 b(jects)78 b(.)41
+3178 y(X509Extension)27 b(ob)5 b(jects)102 b(.)41 b(.)h(.)f(.)h(.)f(.)h
+(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)
+f(.)h(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)134
+b(5)315 3277 y(X509)27 b(ob)5 b(jects)73 b(.)42 b(.)f(.)h(.)f(.)h(.)g
+(.)f(.)h(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)
+h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f
+(.)h(.)f(.)h(.)134 b(5)315 3377 y(X509Name)27 b(ob)5
+b(jects)57 b(.)41 b(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h
+(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)
+h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)134 b(7)315 3476
+y(X509Req)27 b(ob)5 b(jects)60 b(.)42 b(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f
+(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)
+g(.)f(.)h(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)134
+b(8)315 3576 y(X509Store)26 b(ob)5 b(jects)78 b(.)41
b(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h
(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)
-f(.)h(.)f(.)h(.)f(.)h(.)134 b(8)315 3643 y(PKey)28 b(ob)5
+f(.)h(.)f(.)h(.)f(.)h(.)134 b(8)315 3676 y(PKey)28 b(ob)5
b(jects)58 b(.)42 b(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)f(.)h
(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)
f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)134
-b(8)315 3743 y(PK)n(CS7)27 b(ob)5 b(jects)59 b(.)41 b(.)h(.)f(.)h(.)g
+b(8)315 3775 y(PK)n(CS7)27 b(ob)5 b(jects)59 b(.)41 b(.)h(.)f(.)h(.)g
(.)f(.)h(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)
h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f
-(.)h(.)f(.)h(.)134 b(8)315 3842 y(PK)n(CS12)27 b(ob)5
+(.)h(.)f(.)h(.)134 b(8)315 3875 y(PK)n(CS12)27 b(ob)5
b(jects)81 b(.)42 b(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f
(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)
-f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)134 b(8)315
-3942 y(X509Extension)27 b(ob)5 b(jects)102 b(.)41 b(.)h(.)f(.)h(.)f(.)h
+f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)134 b(9)315
+3975 y(X509Extension)27 b(ob)5 b(jects)102 b(.)41 b(.)h(.)f(.)h(.)f(.)h
(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)
f(.)h(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)134
-b(9)315 4041 y(Netscap)r(eSPKI)28 b(ob)5 b(jects)58 b(.)42
+b(9)315 4074 y(Netscap)r(eSPKI)28 b(ob)5 b(jects)58 b(.)42
b(.)f(.)h(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f
(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)
-f(.)h(.)f(.)h(.)134 b(9)315 4141 y(CRL)28 b(ob)5 b(jects)87
+f(.)h(.)f(.)h(.)93 b(10)315 4174 y(CRL)28 b(ob)5 b(jects)87
b(.)42 b(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)
h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f
(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)93 b(10)315
-4241 y(Rev)n(ok)n(ed)27 b(ob)5 b(jects)83 b(.)42 b(.)f(.)h(.)g(.)f(.)h
+4273 y(Rev)n(ok)n(ed)27 b(ob)5 b(jects)83 b(.)42 b(.)f(.)h(.)g(.)f(.)h
(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)
h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f
-(.)h(.)93 b(10)125 4340 y(3.2)83 b Fl(rand)26 b Fq(\026)i(An)g(in)n
+(.)h(.)93 b(10)125 4373 y(3.2)83 b Fl(rand)26 b Fq(\026)i(An)g(in)n
(terface)f(to)g(the)h(Op)r(enSSL)g(pseudo)f(random)g(n)n(um)n(b)r(er)g
(generator)50 b(.)41 b(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)93
-b(10)125 4440 y(3.3)83 b Fl(SSL)27 b Fq(\026)g(An)i(in)n(terface)d(to)i
+b(11)125 4473 y(3.3)83 b Fl(SSL)27 b Fq(\026)g(An)i(in)n(terface)d(to)i
(the)g(SSL-sp)r(eci\034c)f(parts)g(of)h(Op)r(enSSL)64
b(.)42 b(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)
-h(.)f(.)h(.)93 b(11)315 4540 y(Con)n(text)28 b(ob)5 b(jects)98
+h(.)f(.)h(.)93 b(11)315 4572 y(Con)n(text)28 b(ob)5 b(jects)98
b(.)42 b(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)
h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)f
-(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)93 b(13)315 4639 y(Connection)27
+(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)93 b(13)315 4672 y(Connection)27
b(ob)5 b(jects)108 b(.)42 b(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f
(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)
f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)93 b(15)0
-4822 y Fm(4)77 b(In)m(ternals)3310 b(17)125 4921 y Fq(4.1)83
+4855 y Fm(4)77 b(In)m(ternals)3310 b(17)125 4954 y Fq(4.1)83
b(Exceptions)i(.)41 b(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h
(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)
f(.)h(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)93
-b(17)125 5021 y(4.2)83 b(Callbac)n(ks)68 b(.)42 b(.)f(.)h(.)f(.)h(.)f
+b(17)125 5054 y(4.2)83 b(Callbac)n(ks)68 b(.)42 b(.)f(.)h(.)f(.)h(.)f
(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)
g(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f
-(.)h(.)f(.)h(.)f(.)h(.)93 b(17)125 5121 y(4.3)83 b(A)n(cessing)27
+(.)h(.)f(.)h(.)f(.)h(.)93 b(18)125 5154 y(4.3)83 b(A)n(cessing)27
b(So)r(c)n(k)n(et)g(Metho)r(ds)82 b(.)42 b(.)f(.)h(.)f(.)h(.)f(.)h(.)g
(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)
h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)93 b(18)p
-0 5268 V eop end
+0 5300 V eop end
%%Page: 2 2
TeXDict begin 2 1 bop 0 85 a Fr(1)114 b(Intro)s(duction)0
314 y Fq(The)41 b(reason)e(p)n(yOp)r(enSSL)i(w)n(as)e(created)h(is)h
@@ -4991,913 +5005,939 @@ b(giving)e(the)i(data)f(to)h(whic)n(h)f(the)h(signature)208
b Fq(instance)27 b(naming)g(the)g(message)e(digest)i(t)n(yp)r(e)g(of)g
(the)h(signature,)e(for)g(example)g Fl(\020sha1\021)p
Fq(.)208 3170 y(New)h(in)h(v)n(ersion)e(0.11.)0 3433
-y Ff(X509)h(objects)0 3634 y Fq(X509)f(ob)5 b(jects)27
-b(ha)n(v)n(e)g(the)h(follo)n(wing)e(metho)r(ds:)0 3781
-y Fl(get_issuer\(\))208 3880 y Fq(Return)h(an)h(X509Name)e(ob)5
-b(ject)27 b(represen)n(ting)f(the)i(issuer)f(of)g(the)h(certi\034cate.)
-0 4027 y Fl(get_pubkey\(\))208 4127 y Fq(Return)f(a)g(PKey)h(ob)5
-b(ject)27 b(represen)n(ting)f(the)i(public)g(k)n(ey)f(of)g(the)h
-(certi\034cate.)0 4274 y Fl(get_serial_numbe)o(r\()o(\))208
-4373 y Fq(Return)f(the)h(certi\034cate)f(serial)g(n)n(um)n(b)r(er.)0
-4520 y Fl(get_subject\(\))208 4620 y Fq(Return)g(an)h(X509Name)e(ob)5
-b(ject)27 b(represen)n(ting)f(the)i(sub)5 b(ject)28 b(of)f(the)h
-(certi\034cate.)0 4767 y Fl(get_version\(\))208 4866
-y Fq(Return)f(the)h(certi\034cate)f(v)n(ersion.)0 5013
-y Fl(get_notBefore\(\))208 5113 y Fq(Return)f(a)h(string)f(giving)f
-(the)j(time)f(b)r(efore)f(whic)n(h)h(the)g(certi\034cate)f(is)g(not)h
-(v)-5 b(alid.)37 b(The)26 b(string)g(is)h(formatted)f(as)g(an)208
-5212 y(ASN1)h(GENERALIZEDTIME:)p 0 5549 3901 4 v 0 5649
-a Ff(3.1)82 b Fl(crypto)25 b Ff(\026)j(Generic)g(cryptographic)e(mo)r
-(dule)2234 b(5)p eop end
+y Ff(X509Extension)f(objects)0 3634 y Fq(X509Extension)h(ob)5
+b(jects)27 b(ha)n(v)n(e)g(the)h(follo)n(wing)e(metho)r(ds:)0
+3781 y Fl(get_short_name\(\))208 3880 y Fq(Retriev)n(e)g(the)i(short)f
+(descriptiv)n(e)g(name)g(for)g(this)h(extension.)208
+4013 y(The)f(result)g(is)h(a)f(b)n(yte)h(string)e(lik)n(e)i
+Fl(\020basicConstrain)o(ts)o(\021)p Fq(.)68 b(New)27
+b(in)h(v)n(ersion)e(0.12.)0 4160 y Fl(get_data\(\))208
+4260 y Fq(Retriev)n(e)g(the)i(data)f(for)g(this)h(extension.)208
+4392 y(The)f(result)g(is)h(the)g(ASN.1)g(enco)r(ded)f(form)g(of)h(the)g
+(extension)f(data)g(as)g(a)g(b)n(yte)g(string.)74 b(New)27
+b(in)h(v)n(ersion)e(0.12.)0 4655 y Ff(X509)h(objects)0
+4856 y Fq(X509)f(ob)5 b(jects)27 b(ha)n(v)n(e)g(the)h(follo)n(wing)e
+(metho)r(ds:)0 5003 y Fl(get_issuer\(\))208 5102 y Fq(Return)h(an)h
+(X509Name)e(ob)5 b(ject)27 b(represen)n(ting)f(the)i(issuer)f(of)g(the)
+h(certi\034cate.)0 5249 y Fl(get_pubkey\(\))208 5349
+y Fq(Return)f(a)g(PKey)h(ob)5 b(ject)27 b(represen)n(ting)f(the)i
+(public)g(k)n(ey)f(of)g(the)h(certi\034cate.)p 0 5549
+3901 4 v 0 5649 a Ff(3.1)82 b Fl(crypto)25 b Ff(\026)j(Generic)g
+(cryptographic)e(mo)r(dule)2234 b(5)p eop end
%%Page: 6 6
-TeXDict begin 6 5 bop 1110 174 a Fi(YYYYMMDDhhmmssZ)1110
-266 y(YYYYMMDDhhmmss+hhmm)1110 357 y(YYYYMMDDhhmmss-hhmm)208
-514 y Fq(If)28 b(no)f(v)-5 b(alue)27 b(exists)g(for)g(this)h(\034eld,)g
-Fl(None)e Fq(is)i(returned.)0 661 y Fl(get_notAfter\(\))208
-760 y Fq(Return)h(a)g(string)g(giving)g(the)g(time)h(after)f(whic)n(h)h
-(the)g(certi\034cate)e(is)i(not)f(v)-5 b(alid.)43 b(The)29
-b(string)g(is)g(formatted)h(as)e(an)208 860 y(ASN1)f(GENERALIZEDTIME:)
-1110 1084 y Fi(YYYYMMDDhhmmssZ)1110 1175 y(YYYYMMDDhhmmss+hhmm)1110
-1267 y(YYYYMMDDhhmmss-hhmm)208 1424 y Fq(If)h(no)f(v)-5
+TeXDict begin 6 5 bop 0 83 a Fl(get_serial_numbe)o(r\()o(\))208
+183 y Fq(Return)27 b(the)h(certi\034cate)f(serial)g(n)n(um)n(b)r(er.)0
+330 y Fl(get_subject\(\))208 429 y Fq(Return)g(an)h(X509Name)e(ob)5
+b(ject)27 b(represen)n(ting)f(the)i(sub)5 b(ject)28 b(of)f(the)h
+(certi\034cate.)0 576 y Fl(get_version\(\))208 676 y
+Fq(Return)f(the)h(certi\034cate)f(v)n(ersion.)0 823 y
+Fl(get_notBefore\(\))208 922 y Fq(Return)f(a)h(string)f(giving)f(the)j
+(time)f(b)r(efore)f(whic)n(h)h(the)g(certi\034cate)f(is)g(not)h(v)-5
+b(alid.)37 b(The)26 b(string)g(is)h(formatted)f(as)g(an)208
+1022 y(ASN1)h(GENERALIZEDTIME:)1110 1246 y Fi(YYYYMMDDhhmmssZ)1110
+1337 y(YYYYMMDDhhmmss+hhmm)1110 1429 y(YYYYMMDDhhmmss-hhmm)208
+1585 y Fq(If)h(no)f(v)-5 b(alue)27 b(exists)g(for)g(this)h(\034eld,)g
+Fl(None)e Fq(is)i(returned.)0 1732 y Fl(get_notAfter\(\))208
+1832 y Fq(Return)h(a)g(string)g(giving)g(the)g(time)h(after)f(whic)n(h)
+h(the)g(certi\034cate)e(is)i(not)f(v)-5 b(alid.)43 b(The)29
+b(string)g(is)g(formatted)h(as)e(an)208 1932 y(ASN1)f(GENERALIZEDTIME:)
+1110 2156 y Fi(YYYYMMDDhhmmssZ)1110 2247 y(YYYYMMDDhhmmss+hhmm)1110
+2338 y(YYYYMMDDhhmmss-hhmm)208 2495 y Fq(If)h(no)f(v)-5
b(alue)27 b(exists)g(for)g(this)h(\034eld,)g Fl(None)e
-Fq(is)i(returned.)0 1570 y Fl(set_notBefore\()p Fc(when)6
-b Fl(\))208 1670 y Fq(Change)35 b(the)i(time)f(b)r(efore)g(whic)n(h)g
+Fq(is)i(returned.)0 2642 y Fl(set_notBefore\()p Fc(when)6
+b Fl(\))208 2742 y Fq(Change)35 b(the)i(time)f(b)r(efore)g(whic)n(h)g
(the)h(certi\034cate)f(is)g(not)g(v)-5 b(alid.)63 b Fc(when)43
b Fq(is)36 b(a)g(string)f(formatted)h(as)g(an)g(ASN1)208
-1770 y(GENERALIZEDTIME:)1110 1994 y Fi(YYYYMMDDhhmmssZ)1110
-2085 y(YYYYMMDDhhmmss+hhmm)1110 2176 y(YYYYMMDDhhmmss-hhmm)0
-2381 y Fl(set_notAfter\()p Fc(when)6 b Fl(\))208 2481
+2841 y(GENERALIZEDTIME:)1110 3065 y Fi(YYYYMMDDhhmmssZ)1110
+3157 y(YYYYMMDDhhmmss+hhmm)1110 3248 y(YYYYMMDDhhmmss-hhmm)0
+3453 y Fl(set_notAfter\()p Fc(when)6 b Fl(\))208 3552
y Fq(Change)38 b(the)h(time)h(after)e(whic)n(h)h(the)h(certi\034cate)e
(is)h(not)g(v)-5 b(alid.)71 b Fc(when)46 b Fq(is)39 b(a)g(string)f
-(formatted)h(as)f(an)h(ASN1)208 2580 y(GENERALIZEDTIME:)1110
-2804 y Fi(YYYYMMDDhhmmssZ)1110 2896 y(YYYYMMDDhhmmss+hhmm)1110
-2987 y(YYYYMMDDhhmmss-hhmm)0 3192 y Fl(gmtime_adj_notBe)o(fo)o(re\()o
-Fc(time)6 b Fl(\))208 3291 y Fq(A)n(djust)28 b(the)g(timestamp)g(\(in)g
+(formatted)h(as)f(an)h(ASN1)208 3652 y(GENERALIZEDTIME:)1110
+3876 y Fi(YYYYMMDDhhmmssZ)1110 3967 y(YYYYMMDDhhmmss+hhmm)1110
+4059 y(YYYYMMDDhhmmss-hhmm)0 4263 y Fl(gmtime_adj_notBe)o(fo)o(re\()o
+Fc(time)6 b Fl(\))208 4363 y Fq(A)n(djust)28 b(the)g(timestamp)g(\(in)g
(GMT\))g(when)g(the)f(certi\034cate)g(starts)g(b)r(eing)h(v)-5
-b(alid.)0 3438 y Fl(gmtime_adj_notAf)o(te)o(r\()p Fc(t)o(ime)6
-b Fl(\))208 3538 y Fq(A)n(djust)28 b(the)g(timestamp)g(\(in)g(GMT\))g
+b(alid.)0 4510 y Fl(gmtime_adj_notAf)o(te)o(r\()p Fc(t)o(ime)6
+b Fl(\))208 4609 y Fq(A)n(djust)28 b(the)g(timestamp)g(\(in)g(GMT\))g
(when)g(the)f(certi\034cate)g(stops)g(b)r(eing)h(v)-5
-b(alid.)0 3685 y Fl(has_expired\(\))208 3784 y Fq(Chec)n(ks)32
+b(alid.)0 4756 y Fl(has_expired\(\))208 4856 y Fq(Chec)n(ks)32
b(the)h(certi\034cate's)f(time)i(stamp)f(against)f(curren)n(t)g(time.)
54 b(Returns)33 b(true)g(if)g(the)h(certi\034cate)e(has)h(expired)208
-3884 y(and)27 b(false)g(otherwise.)0 4031 y Fl(set_issuer\()p
-Fc(issuer)9 b Fl(\))208 4130 y Fq(Set)28 b(the)f(issuer)g(of)h(the)g
-(certi\034cate)f(to)g Fc(issuer)9 b Fq(.)0 4277 y Fl(set_pubkey\()p
-Fc(pkey)e Fl(\))208 4377 y Fq(Set)28 b(the)f(public)h(k)n(ey)f(of)h
-(the)g(certi\034cate)f(to)g Fc(pkey)7 b Fq(.)0 4524 y
-Fl(set_serial_numbe)o(r\()o Fc(serialno)e Fl(\))208 4623
-y Fq(Set)28 b(the)f(serial)g(n)n(um)n(b)r(er)g(of)h(the)g
-(certi\034cate)f(to)g Fc(serialno)5 b Fq(.)0 4770 y Fl(set_subject\()p
-Fc(subje)l(ct)j Fl(\))208 4870 y Fq(Set)28 b(the)f(sub)5
-b(ject)28 b(of)g(the)g(certi\034cate)f(to)g Fc(subje)l(ct)8
-b Fq(.)0 5017 y Fl(set_version\()p Fc(version)e Fl(\))208
-5116 y Fq(Set)28 b(the)f(certi\034cate)g(v)n(ersion)f(to)i
-Fc(version)6 b Fq(.)0 5263 y Fl(sign\()p Fc(pkey,)29
-b(digest)8 b Fl(\))208 5363 y Fq(Sign)22 b(the)h(certi\034cate,)f
-(using)g(the)h(k)n(ey)g Fc(pkey)31 b Fq(and)22 b(the)h(message)e
-(digest)h(algorithm)f(iden)n(ti\034ed)i(b)n(y)f(the)h(string)f
-Fc(digest)8 b Fq(.)p 0 5549 3901 4 v 0 5649 a Ff(6)2239
+4955 y(and)27 b(false)g(otherwise.)0 5102 y Fl(set_issuer\()p
+Fc(issuer)9 b Fl(\))208 5202 y Fq(Set)28 b(the)f(issuer)g(of)h(the)g
+(certi\034cate)f(to)g Fc(issuer)9 b Fq(.)0 5349 y Fl(set_pubkey\()p
+Fc(pkey)e Fl(\))p 0 5549 3901 4 v 0 5649 a Ff(6)2239
b(3)83 b Fl(OpenSSL)24 b Ff(\026)k(Python)f(interface)h(to)f(Op)r
(enSSL)p eop end
%%Page: 7 7
-TeXDict begin 7 6 bop 0 83 a Fl(subject_name_has)o(h\()o(\))208
-183 y Fq(Return)27 b(the)h(hash)f(of)h(the)g(certi\034cate)f(sub)5
-b(ject.)0 330 y Fl(digest\()p Fc(digest_name)h Fl(\))208
-429 y Fq(Return)38 b(a)f(digest)h(of)g(the)g(certi\034cate,)i(using)e
+TeXDict begin 7 6 bop 208 83 a Fq(Set)28 b(the)f(public)h(k)n(ey)f(of)h
+(the)g(certi\034cate)f(to)g Fc(pkey)7 b Fq(.)0 230 y
+Fl(set_serial_numbe)o(r\()o Fc(serialno)e Fl(\))208 330
+y Fq(Set)28 b(the)f(serial)g(n)n(um)n(b)r(er)g(of)h(the)g
+(certi\034cate)f(to)g Fc(serialno)5 b Fq(.)0 476 y Fl(set_subject\()p
+Fc(subje)l(ct)j Fl(\))208 576 y Fq(Set)28 b(the)f(sub)5
+b(ject)28 b(of)g(the)g(certi\034cate)f(to)g Fc(subje)l(ct)8
+b Fq(.)0 723 y Fl(set_version\()p Fc(version)e Fl(\))208
+823 y Fq(Set)28 b(the)f(certi\034cate)g(v)n(ersion)f(to)i
+Fc(version)6 b Fq(.)0 969 y Fl(sign\()p Fc(pkey,)29 b(digest)8
+b Fl(\))208 1069 y Fq(Sign)22 b(the)h(certi\034cate,)f(using)g(the)h(k)
+n(ey)g Fc(pkey)31 b Fq(and)22 b(the)h(message)e(digest)h(algorithm)f
+(iden)n(ti\034ed)i(b)n(y)f(the)h(string)f Fc(digest)8
+b Fq(.)0 1216 y Fl(subject_name_has)o(h\()o(\))208 1316
+y Fq(Return)27 b(the)h(hash)f(of)h(the)g(certi\034cate)f(sub)5
+b(ject.)0 1462 y Fl(digest\()p Fc(digest_name)h Fl(\))208
+1562 y Fq(Return)38 b(a)f(digest)h(of)g(the)g(certi\034cate,)i(using)e
(the)g Fc(digest_name)45 b Fq(metho)r(d.)69 b Fc(digest_name)45
-b Fq(m)n(ust)38 b(b)r(e)g(a)g(string)208 529 y(describing)28
+b Fq(m)n(ust)38 b(b)r(e)g(a)g(string)208 1662 y(describing)28
b(a)i(digest)f(algorithm)f(supp)r(orted)i(b)n(y)f(Op)r(enSSL)h(\(b)n(y)
g(EVP_get_digestb)n(yname,)f(sp)r(eci\034cally\).)43
-b(F)-7 b(or)208 628 y(example,)27 b Fl("md5")e Fq(or)i
-Fl("sha1")p Fq(.)0 775 y Fl(add_extensions\()p Fc(ex)o(tensions)7
-b Fl(\))208 875 y Fq(A)n(dd)27 b(the)h(extensions)f(in)h(the)g
+b(F)-7 b(or)208 1761 y(example,)27 b Fl("md5")e Fq(or)i
+Fl("sha1")p Fq(.)0 1908 y Fl(add_extensions\()p Fc(ex)o(tensions)7
+b Fl(\))208 2008 y Fq(A)n(dd)27 b(the)h(extensions)f(in)h(the)g
(sequence)f Fc(extensions)34 b Fq(to)27 b(the)h(certi\034cate.)0
-1138 y Ff(X509Name)e(objects)0 1338 y Fq(X509Name)g(ob)5
-b(jects)27 b(ha)n(v)n(e)g(the)h(follo)n(wing)e(metho)r(ds:)0
-1485 y Fl(hash\(\))208 1585 y Fq(Return)e(an)g(in)n(teger)f(giving)g
-(the)i(\034rst)f(four)g(b)n(ytes)f(of)h(the)h(MD5)f(digest)g(of)g(the)h
-(DER)g(represen)n(tation)e(of)h(the)g(name.)0 1732 y
-Fl(der\(\))208 1831 y Fq(Return)j(a)g(string)g(giving)g(the)h(DER)h
-(represen)n(tation)c(of)j(the)g(name.)0 1978 y Fl(get_components\(\))
-208 2078 y Fq(Return)f(a)g(list)h(of)g(t)n(w)n(o-tuples)e(of)i(strings)
-e(giving)h(the)h(comp)r(onen)n(ts)f(of)h(the)g(name.)0
-2225 y(X509Name)e(ob)5 b(jects)27 b(ha)n(v)n(e)g(the)h(follo)n(wing)e
-(mem)n(b)r(ers:)0 2372 y Fl(countryName)208 2471 y Fq(The)h(coun)n(try)
+2155 y Fl(get_extension_co)o(un)o(t\(\))208 2254 y Fq(Return)f(the)h(n)
+n(um)n(b)r(er)f(of)h(extensions)f(on)g(this)h(certi\034cate.)73
+b(New)28 b(in)g(v)n(ersion)e(0.12.)0 2401 y Fl(get_extension\()p
+Fc(index)10 b Fl(\))208 2501 y Fq(Retriev)n(e)26 b(the)i(extension)f
+(on)h(this)f(certi\034cate)g(at)h(the)g(giv)n(en)f(index.)208
+2634 y(Extensions)35 b(on)h(a)f(certi\034cate)g(are)g(k)n(ept)h(in)g
+(order.)60 b(The)35 b(index)h(parameter)e(selects)i(whic)n(h)f
+(extension)h(will)g(b)r(e)208 2733 y(returned.)g(The)28
+b(returned)f(ob)5 b(ject)27 b(will)h(b)r(e)g(an)f(X509Extension)f
+(instance.)74 b(New)28 b(in)f(v)n(ersion)f(0.12.)0 2996
+y Ff(X509Name)g(objects)0 3197 y Fq(X509Name)g(ob)5 b(jects)27
+b(ha)n(v)n(e)g(the)h(follo)n(wing)e(metho)r(ds:)0 3344
+y Fl(hash\(\))208 3443 y Fq(Return)e(an)g(in)n(teger)f(giving)g(the)i
+(\034rst)f(four)g(b)n(ytes)f(of)h(the)h(MD5)f(digest)g(of)g(the)h(DER)g
+(represen)n(tation)e(of)h(the)g(name.)0 3590 y Fl(der\(\))208
+3690 y Fq(Return)j(a)g(string)g(giving)g(the)h(DER)h(represen)n(tation)
+c(of)j(the)g(name.)0 3837 y Fl(get_components\(\))208
+3936 y Fq(Return)f(a)g(list)h(of)g(t)n(w)n(o-tuples)e(of)i(strings)e
+(giving)h(the)h(comp)r(onen)n(ts)f(of)h(the)g(name.)0
+4083 y(X509Name)e(ob)5 b(jects)27 b(ha)n(v)n(e)g(the)h(follo)n(wing)e
+(mem)n(b)r(ers:)0 4230 y Fl(countryName)208 4330 y Fq(The)h(coun)n(try)
g(of)g(the)h(en)n(tit)n(y)-7 b(.)37 b Fl(C)27 b Fq(ma)n(y)g(b)r(e)h
(used)g(as)f(an)g(alias)f(for)h Fl(countryName)p Fq(.)0
-2618 y Fl(stateOrProvinceN)o(am)o(e)208 2718 y Fq(The)g(state)h(or)e
+4476 y Fl(stateOrProvinceN)o(am)o(e)208 4576 y Fq(The)g(state)h(or)e
(pro)n(vince)g(of)i(the)g(en)n(tit)n(y)-7 b(.)37 b Fl(ST)27
b Fq(ma)n(y)f(b)r(e)i(used)g(as)f(an)g(alias)g(for)g
-Fl(stateOrProvince)o(Na)o(me)p Fq(\267)0 2865 y Fl(localityName)208
-2964 y Fq(The)g(lo)r(calit)n(y)g(of)h(the)f(en)n(tit)n(y)-7
+Fl(stateOrProvince)o(Na)o(me)p Fq(\267)0 4723 y Fl(localityName)208
+4823 y Fq(The)g(lo)r(calit)n(y)g(of)h(the)f(en)n(tit)n(y)-7
b(.)37 b Fl(L)28 b Fq(ma)n(y)e(b)r(e)i(used)g(as)f(an)g(alias)g(for)g
-Fl(localityName)p Fq(.)0 3111 y Fl(organizationName)208
-3211 y Fq(The)g(organization)e(name)j(of)f(the)h(en)n(tit)n(y)-7
+Fl(localityName)p Fq(.)0 4969 y Fl(organizationName)208
+5069 y Fq(The)g(organization)e(name)j(of)f(the)h(en)n(tit)n(y)-7
b(.)37 b Fl(O)27 b Fq(ma)n(y)g(b)r(e)h(used)g(as)e(an)i(alias)e(for)h
-Fl(organizationName)p Fq(.)0 3358 y Fl(organizationalUn)o(it)o(Nam)o(e)
-208 3457 y Fq(The)g(organizational)e(unit)j(of)g(the)g(en)n(tit)n(y)-7
+Fl(organizationName)p Fq(.)0 5216 y Fl(organizationalUn)o(it)o(Nam)o(e)
+208 5316 y Fq(The)g(organizational)e(unit)j(of)g(the)g(en)n(tit)n(y)-7
b(.)36 b Fl(OU)27 b Fq(ma)n(y)g(b)r(e)h(used)g(as)f(an)g(alias)f(for)h
-Fl(organizationalUni)o(tN)o(am)o(e)p Fq(.)0 3604 y Fl(commonName)208
-3704 y Fq(The)g(common)g(name)h(of)f(the)h(en)n(tit)n(y)-7
+Fl(organizationalUni)o(tN)o(am)o(e)p Fq(.)p 0 5549 3901
+4 v 0 5649 a Ff(3.1)82 b Fl(crypto)25 b Ff(\026)j(Generic)g
+(cryptographic)e(mo)r(dule)2234 b(7)p eop end
+%%Page: 8 8
+TeXDict begin 8 7 bop 0 83 a Fl(commonName)208 183 y
+Fq(The)27 b(common)g(name)h(of)f(the)h(en)n(tit)n(y)-7
b(.)37 b Fl(CN)27 b Fq(ma)n(y)f(b)r(e)i(used)g(as)f(an)g(alias)g(for)g
-Fl(commonName)p Fq(.)0 3851 y Fl(emailAddress)208 3950
+Fl(commonName)p Fq(.)0 330 y Fl(emailAddress)208 429
y Fq(The)g(e-mail)g(address)f(of)i(the)g(en)n(tit)n(y)-7
-b(.)0 4213 y Ff(X509Req)26 b(objects)0 4414 y Fq(X509Req)g(ob)5
+b(.)0 692 y Ff(X509Req)26 b(objects)0 893 y Fq(X509Req)g(ob)5
b(jects)27 b(ha)n(v)n(e)g(the)h(follo)n(wing)e(metho)r(ds:)0
-4561 y Fl(get_pubkey\(\))208 4660 y Fq(Return)h(a)g(PKey)h(ob)5
+1040 y Fl(get_pubkey\(\))208 1139 y Fq(Return)h(a)g(PKey)h(ob)5
b(ject)27 b(represen)n(ting)f(the)i(public)g(k)n(ey)f(of)g(the)h
-(certi\034cate)f(request.)0 4807 y Fl(get_subject\(\))208
-4907 y Fq(Return)g(an)h(X509Name)e(ob)5 b(ject)27 b(represen)n(ting)f
+(certi\034cate)f(request.)0 1286 y Fl(get_subject\(\))208
+1386 y Fq(Return)g(an)h(X509Name)e(ob)5 b(ject)27 b(represen)n(ting)f
(the)i(sub)5 b(ject)28 b(of)f(the)h(certi\034cate.)0
-5054 y Fl(set_pubkey\()p Fc(pkey)7 b Fl(\))208 5153 y
+1532 y Fl(set_pubkey\()p Fc(pkey)7 b Fl(\))208 1632 y
Fq(Set)28 b(the)f(public)h(k)n(ey)f(of)h(the)g(certi\034cate)f(request)
-g(to)g Fc(pkey)7 b Fq(.)0 5300 y Fl(sign\()p Fc(pkey,)29
-b(digest)8 b Fl(\))208 5400 y Fq(Sign)36 b(the)g(certi\034cate)g
+g(to)g Fc(pkey)7 b Fq(.)0 1779 y Fl(sign\()p Fc(pkey,)29
+b(digest)8 b Fl(\))208 1879 y Fq(Sign)36 b(the)g(certi\034cate)g
(request,)h(using)f(the)g(k)n(ey)h Fc(pkey)45 b Fq(and)36
-b(the)g(message)f(digest)g(algorithm)g(iden)n(ti\034ed)i(b)n(y)f(the)p
-0 5549 3901 4 v 0 5649 a Ff(3.1)82 b Fl(crypto)25 b Ff(\026)j(Generic)g
-(cryptographic)e(mo)r(dule)2234 b(7)p eop end
-%%Page: 8 8
-TeXDict begin 8 7 bop 208 83 a Fq(string)28 b Fc(digest)8
-b Fq(.)0 230 y Fl(verify\()p Fc(pkey)f Fl(\))208 330
-y Fq(V)-7 b(erify)27 b(a)g(certi\034cate)g(request)g(using)g(the)h
-(public)g(k)n(ey)g Fc(pkey)7 b Fq(.)0 476 y Fl(set_version\()p
-Fc(version)f Fl(\))208 576 y Fq(Set)28 b(the)f(v)n(ersion)f(\(RF)n(C)i
-(2459,)e(4.1.2.1\))g(of)i(the)g(certi\034cate)f(request)f(to)i
-Fc(version)6 b Fq(.)0 723 y Fl(get_version\(\))208 823
-y Fq(Get)28 b(the)f(v)n(ersion)f(\(RF)n(C)i(2459,)e(4.1.2.1\))g(of)i
-(the)g(certi\034cate)f(request.)0 1082 y Ff(X509Sto)n(re)f(objects)0
-1283 y Fq(The)i(X509Store)d(ob)5 b(ject)28 b(has)f(curren)n(tly)f(just)
-i(one)g(metho)r(d:)0 1429 y Fl(add_cert\()p Fc(c)l(ert)8
-b Fl(\))208 1529 y Fq(A)n(dd)27 b(the)h(certi\034cate)f
+b(the)g(message)f(digest)g(algorithm)g(iden)n(ti\034ed)i(b)n(y)f(the)
+208 1978 y(string)28 b Fc(digest)8 b Fq(.)0 2125 y Fl(verify\()p
+Fc(pkey)f Fl(\))208 2225 y Fq(V)-7 b(erify)27 b(a)g(certi\034cate)g
+(request)g(using)g(the)h(public)g(k)n(ey)g Fc(pkey)7
+b Fq(.)0 2372 y Fl(set_version\()p Fc(version)f Fl(\))208
+2471 y Fq(Set)28 b(the)f(v)n(ersion)f(\(RF)n(C)i(2459,)e(4.1.2.1\))g
+(of)i(the)g(certi\034cate)f(request)f(to)i Fc(version)6
+b Fq(.)0 2618 y Fl(get_version\(\))208 2718 y Fq(Get)28
+b(the)f(v)n(ersion)f(\(RF)n(C)i(2459,)e(4.1.2.1\))g(of)i(the)g
+(certi\034cate)f(request.)0 2981 y Ff(X509Sto)n(re)f(objects)0
+3181 y Fq(The)i(X509Store)d(ob)5 b(ject)28 b(has)f(curren)n(tly)f(just)
+i(one)g(metho)r(d:)0 3328 y Fl(add_cert\()p Fc(c)l(ert)8
+b Fl(\))208 3428 y Fq(A)n(dd)27 b(the)h(certi\034cate)f
Fc(c)l(ert)36 b Fq(to)27 b(the)h(certi\034cate)f(store.)0
-1789 y Ff(PKey)g(objects)0 1989 y Fq(The)h(PKey)f(ob)5
+3691 y Ff(PKey)g(objects)0 3891 y Fq(The)h(PKey)f(ob)5
b(ject)27 b(has)g(the)h(follo)n(wing)f(metho)r(ds:)0
-2136 y Fl(bits\(\))208 2236 y Fq(Return)g(the)h(n)n(um)n(b)r(er)f(of)h
-(bits)g(of)f(the)h(k)n(ey)-7 b(.)0 2383 y Fl(generate_key\()p
-Fc(typ)l(e,)25 b(bits)7 b Fl(\))208 2482 y Fq(Generate)22
+4038 y Fl(bits\(\))208 4138 y Fq(Return)g(the)h(n)n(um)n(b)r(er)f(of)h
+(bits)g(of)f(the)h(k)n(ey)-7 b(.)0 4285 y Fl(generate_key\()p
+Fc(typ)l(e,)25 b(bits)7 b Fl(\))208 4384 y Fq(Generate)22
b(a)h(public/priv)-5 b(ate)23 b(k)n(ey)f(pair)h(of)g(the)h(t)n(yp)r(e)f
Fc(typ)l(e)30 b Fq(\(one)23 b(of)30 b Fl(TYPE_RSA)19
b Fq(and)24 b Fl(TYPE_DSA)p Fq(\))c(with)j(the)h(size)f
-Fc(bits)7 b Fq(.)0 2629 y Fl(type\(\))208 2729 y Fq(Return)27
-b(the)h(t)n(yp)r(e)g(of)f(the)h(k)n(ey)-7 b(.)0 2988
-y Ff(PK)n(CS7)27 b(objects)0 3189 y Fq(PK)n(CS7)g(ob)5
+Fc(bits)7 b Fq(.)0 4531 y Fl(type\(\))208 4631 y Fq(Return)27
+b(the)h(t)n(yp)r(e)g(of)f(the)h(k)n(ey)-7 b(.)0 4894
+y Ff(PK)n(CS7)27 b(objects)0 5094 y Fq(PK)n(CS7)g(ob)5
b(jects)27 b(ha)n(v)n(e)f(the)i(follo)n(wing)f(metho)r(ds:)0
-3336 y Fl(type_is_signed\(\))208 3435 y Fq(FIXME)0 3582
-y Fl(type_is_envelope)o(d\()o(\))208 3682 y Fq(FIXME)0
-3829 y Fl(type_is_signedAn)o(dE)o(nve)o(lo)o(pe)o(d\(\))208
-3928 y Fq(FIXME)0 4075 y Fl(type_is_data\(\))208 4175
-y Fq(FIXME)0 4322 y Fl(get_type_name\(\))208 4421 y Fq(Get)h(the)f(t)n
-(yp)r(e)h(name)g(of)f(the)h(PK)n(CS7.)0 4681 y Ff(PK)n(CS12)e(objects)0
-4881 y Fq(PK)n(CS12)g(ob)5 b(jects)28 b(ha)n(v)n(e)e(the)i(follo)n
-(wing)e(metho)r(ds:)0 5043 y Fl(export\()p Fb([)p Fc(p)l(assphr)l
-(ase=None)16 b Fb(][)p Fc(,)29 b(iter=2048)c Fb(][)p
-Fc(,)k(maciter=1)24 b Fb(])p Fl(\))208 5142 y Fq(Returns)j(a)g(PK)n
-(CS12)g(ob)5 b(ject)27 b(as)g(a)g(string.)208 5271 y(The)g(optional)g
-Fc(p)l(assphr)l(ase)35 b Fq(m)n(ust)28 b(b)r(e)g(a)f(string)g(not)h(a)f
-(callbac)n(k.)208 5400 y(See)g(also)g(the)h(man)f(page)g(for)g(the)h(C)
-f(function)h Fl(PKCS12_create)p Fq(.)p 0 5549 3901 4
-v 0 5649 a Ff(8)2239 b(3)83 b Fl(OpenSSL)24 b Ff(\026)k(Python)f
-(interface)h(to)f(Op)r(enSSL)p eop end
+5241 y Fl(type_is_signed\(\))208 5341 y Fq(FIXME)p 0
+5549 3901 4 v 0 5649 a Ff(8)2239 b(3)83 b Fl(OpenSSL)24
+b Ff(\026)k(Python)f(interface)h(to)f(Op)r(enSSL)p eop
+end
%%Page: 9 9
-TeXDict begin 9 8 bop 0 83 a Fl(get_ca_certifica)o(te)o(s\(\))208
-183 y Fq(Return)30 b(CA)h(certi\034cates)f(within)h(the)g(PK)n(CS12)f
-(ob)5 b(ject)30 b(as)g(a)h(tuple.)46 b(Returns)31 b Fl(None)e
-Fq(if)i(no)f(CA)h(certi\034cates)f(are)208 282 y(presen)n(t.)0
-429 y Fl(get_certificate\()o(\))208 529 y Fq(Return)d(certi\034cate)g
-(p)r(ortion)g(of)h(the)g(PK)n(CS12)e(structure.)0 676
-y Fl(get_friendlyname)o(\(\))208 775 y Fq(Return)h(friendlyName)h(p)r
-(ortion)f(of)g(the)h(PK)n(CS12)f(structure.)0 922 y Fl
-(get_privatekey\(\))208 1022 y Fq(Return)g(priv)-5 b(ate)27
-b(k)n(ey)g(p)r(ortion)g(of)h(the)g(PK)n(CS12)e(structure)0
-1169 y Fl(set_ca_certifica)o(te)o(s\()p Fc(c)-5 b(ac)l(erts)7
-b Fl(\))208 1268 y Fq(Replace)27 b(or)f(set)i(the)g(CA)g
-(certi\034cates)e(within)j(the)f(PK)n(CS12)e(ob)5 b(ject)27
-b(with)h(the)g(sequence)f Fc(c)l(ac)l(erts)7 b Fq(.)208
-1401 y(Set)28 b Fc(c)l(ac)l(erts)34 b Fq(to)27 b Fl(None)f
-Fq(to)i(remo)n(v)n(e)e(all)h(CA)h(certi\034cates.)0 1548
-y Fl(set_certificate\()o Fc(c)l(ert)8 b Fl(\))208 1648
-y Fq(Replace)27 b(or)f(set)i(the)g(certi\034cate)f(p)r(ortion)g(of)g
-(the)h(PK)n(CS12)f(structure.)0 1794 y Fl(set_friendlyname)o(\()p
-Fc(n)o(ame)6 b Fl(\))208 1894 y Fq(Replace)27 b(or)f(set)i(the)g
+TeXDict begin 9 8 bop 0 83 a Fl(type_is_envelope)o(d\()o(\))208
+183 y Fq(FIXME)0 330 y Fl(type_is_signedAn)o(dE)o(nve)o(lo)o(pe)o
+(d\(\))208 429 y Fq(FIXME)0 576 y Fl(type_is_data\(\))208
+676 y Fq(FIXME)0 823 y Fl(get_type_name\(\))208 922 y
+Fq(Get)28 b(the)f(t)n(yp)r(e)h(name)g(of)f(the)h(PK)n(CS7.)0
+1185 y Ff(PK)n(CS12)e(objects)0 1386 y Fq(PK)n(CS12)g(ob)5
+b(jects)28 b(ha)n(v)n(e)e(the)i(follo)n(wing)e(metho)r(ds:)0
+1547 y Fl(export\()p Fb([)p Fc(p)l(assphr)l(ase=None)16
+b Fb(][)p Fc(,)29 b(iter=2048)c Fb(][)p Fc(,)k(maciter=1)24
+b Fb(])p Fl(\))208 1646 y Fq(Returns)j(a)g(PK)n(CS12)g(ob)5
+b(ject)27 b(as)g(a)g(string.)208 1779 y(The)g(optional)g
+Fc(p)l(assphr)l(ase)35 b Fq(m)n(ust)28 b(b)r(e)g(a)f(string)g(not)h(a)f
+(callbac)n(k.)208 1912 y(See)g(also)g(the)h(man)f(page)g(for)g(the)h(C)
+f(function)h Fl(PKCS12_create)p Fq(.)0 2059 y Fl(get_ca_certifica)o(te)
+o(s\(\))208 2159 y Fq(Return)i(CA)h(certi\034cates)f(within)h(the)g(PK)
+n(CS12)f(ob)5 b(ject)30 b(as)g(a)h(tuple.)46 b(Returns)31
+b Fl(None)e Fq(if)i(no)f(CA)h(certi\034cates)f(are)208
+2258 y(presen)n(t.)0 2405 y Fl(get_certificate\()o(\))208
+2505 y Fq(Return)d(certi\034cate)g(p)r(ortion)g(of)h(the)g(PK)n(CS12)e
+(structure.)0 2652 y Fl(get_friendlyname)o(\(\))208 2751
+y Fq(Return)h(friendlyName)h(p)r(ortion)f(of)g(the)h(PK)n(CS12)f
+(structure.)0 2898 y Fl(get_privatekey\(\))208 2998 y
+Fq(Return)g(priv)-5 b(ate)27 b(k)n(ey)g(p)r(ortion)g(of)h(the)g(PK)n
+(CS12)e(structure)0 3145 y Fl(set_ca_certifica)o(te)o(s\()p
+Fc(c)-5 b(ac)l(erts)7 b Fl(\))208 3244 y Fq(Replace)27
+b(or)f(set)i(the)g(CA)g(certi\034cates)e(within)j(the)f(PK)n(CS12)e(ob)
+5 b(ject)27 b(with)h(the)g(sequence)f Fc(c)l(ac)l(erts)7
+b Fq(.)208 3377 y(Set)28 b Fc(c)l(ac)l(erts)34 b Fq(to)27
+b Fl(None)f Fq(to)i(remo)n(v)n(e)e(all)h(CA)h(certi\034cates.)0
+3524 y Fl(set_certificate\()o Fc(c)l(ert)8 b Fl(\))208
+3624 y Fq(Replace)27 b(or)f(set)i(the)g(certi\034cate)f(p)r(ortion)g
+(of)g(the)h(PK)n(CS12)f(structure.)0 3770 y Fl(set_friendlyname)o(\()p
+Fc(n)o(ame)6 b Fl(\))208 3870 y Fq(Replace)27 b(or)f(set)i(the)g
(friendlyName)f(p)r(ortion)g(of)h(the)g(PK)n(CS12)e(structure.)0
-2041 y Fl(set_privatekey\()p Fc(pkey)7 b Fl(\))208 2141
+4017 y Fl(set_privatekey\()p Fc(pkey)7 b Fl(\))208 4117
y Fq(Replace)27 b(or)f(set)i(priv)-5 b(ate)27 b(k)n(ey)g(p)r(ortion)g
-(of)h(the)g(PK)n(CS12)e(structure)0 2404 y Ff(X509Extension)f(objects)0
-2604 y Fq(X509Extension)h(ob)5 b(jects)27 b(ha)n(v)n(e)g(sev)n(eral)f
-(metho)r(ds:)0 2751 y Fl(get_critical\(\))208 2851 y
+(of)h(the)g(PK)n(CS12)e(structure)0 4380 y Ff(X509Extension)f(objects)0
+4580 y Fq(X509Extension)h(ob)5 b(jects)27 b(ha)n(v)n(e)g(sev)n(eral)f
+(metho)r(ds:)0 4727 y Fl(get_critical\(\))208 4827 y
Fq(Return)h(the)h(critical)f(\034eld)h(of)f(the)h(extension)f(ob)5
-b(ject.)0 2997 y Fl(get_short_name\(\))208 3097 y Fq(Return)27
+b(ject.)0 4973 y Fl(get_short_name\(\))208 5073 y Fq(Return)27
b(the)h(short)f(t)n(yp)r(e)h(name)f(of)h(the)g(extension)f(ob)5
-b(ject.)0 3360 y Ff(Netscap)r(eSPKI)27 b(objects)0 3561
-y Fq(Netscap)r(eSPKI)h(ob)5 b(jects)27 b(ha)n(v)n(e)f(the)i(follo)n
-(wing)e(metho)r(ds:)0 3707 y Fl(b64_encode\(\))208 3807
+b(ject.)p 0 5549 3901 4 v 0 5649 a Ff(3.1)82 b Fl(crypto)25
+b Ff(\026)j(Generic)g(cryptographic)e(mo)r(dule)2234
+b(9)p eop end
+%%Page: 10 10
+TeXDict begin 10 9 bop 0 83 a Ff(Netscap)r(eSPKI)27 b(objects)0
+283 y Fq(Netscap)r(eSPKI)h(ob)5 b(jects)27 b(ha)n(v)n(e)f(the)i(follo)n
+(wing)e(metho)r(ds:)0 430 y Fl(b64_encode\(\))208 530
y Fq(Return)h(a)g(base64-enco)r(ded)f(string)h(represen)n(tation)e(of)j
-(the)g(ob)5 b(ject.)0 3954 y Fl(get_pubkey\(\))208 4054
+(the)g(ob)5 b(ject.)0 677 y Fl(get_pubkey\(\))208 776
y Fq(Return)27 b(the)h(public)g(k)n(ey)f(of)h(ob)5 b(ject.)0
-4200 y Fl(set_pubkey\()p Fc(key)i Fl(\))208 4300 y Fq(Set)28
+923 y Fl(set_pubkey\()p Fc(key)i Fl(\))208 1023 y Fq(Set)28
b(the)f(public)h(k)n(ey)f(of)h(the)g(ob)5 b(ject)27 b(to)h
-Fc(key)7 b Fq(.)0 4447 y Fl(sign\()p Fc(key,)29 b(digest_name)6
-b Fl(\))208 4547 y Fq(Sign)30 b(the)h(Netscap)r(eSPKI)f(ob)5
+Fc(key)7 b Fq(.)0 1170 y Fl(sign\()p Fc(key,)29 b(digest_name)6
+b Fl(\))208 1269 y Fq(Sign)30 b(the)h(Netscap)r(eSPKI)f(ob)5
b(ject)30 b(using)g(the)h(giv)n(en)f Fc(key)38 b Fq(and)31
b Fc(digest_name)6 b Fq(.)46 b Fc(digest_name)37 b Fq(m)n(ust)31
-b(b)r(e)g(a)f(string)208 4646 y(describing)e(a)i(digest)f(algorithm)f
+b(b)r(e)g(a)f(string)208 1369 y(describing)e(a)i(digest)f(algorithm)f
(supp)r(orted)i(b)n(y)f(Op)r(enSSL)h(\(b)n(y)g(EVP_get_digestb)n
-(yname,)f(sp)r(eci\034cally\).)43 b(F)-7 b(or)208 4746
+(yname,)f(sp)r(eci\034cally\).)43 b(F)-7 b(or)208 1469
y(example,)27 b Fl("md5")e Fq(or)i Fl("sha1")p Fq(.)0
-4893 y Fl(verify\()p Fc(key)7 b Fl(\))208 4992 y Fq(V)-7
+1616 y Fl(verify\()p Fc(key)7 b Fl(\))208 1715 y Fq(V)-7
b(erify)27 b(the)h(Netscap)r(eSPKI)g(ob)5 b(ject)27 b(using)g(the)h
-(giv)n(en)f Fc(key)7 b Fq(.)p 0 5549 3901 4 v 0 5649
-a Ff(3.1)82 b Fl(crypto)25 b Ff(\026)j(Generic)g(cryptographic)e(mo)r
-(dule)2234 b(9)p eop end
-%%Page: 10 10
-TeXDict begin 10 9 bop 0 83 a Ff(CRL)27 b(objects)0 283
-y Fq(CRL)h(ob)5 b(jects)27 b(ha)n(v)n(e)f(the)i(follo)n(wing)e(metho)r
-(ds:)0 430 y Fl(add_revoked\()p Fc(r)l(evoke)l(d)9 b
-Fl(\))208 530 y Fq(A)n(dd)27 b(a)h(Rev)n(ok)n(ed)e(ob)5
+(giv)n(en)f Fc(key)7 b Fq(.)0 1978 y Ff(CRL)27 b(objects)0
+2179 y Fq(CRL)h(ob)5 b(jects)27 b(ha)n(v)n(e)f(the)i(follo)n(wing)e
+(metho)r(ds:)0 2326 y Fl(add_revoked\()p Fc(r)l(evoke)l(d)9
+b Fl(\))208 2425 y Fq(A)n(dd)27 b(a)h(Rev)n(ok)n(ed)e(ob)5
b(ject)27 b(to)g(the)h(CRL,)g(b)n(y)f(v)-5 b(alue)28
-b(not)f(reference.)0 691 y Fl(export\()p Fc(c)l(ert,)g(key)7
+b(not)f(reference.)0 2586 y Fl(export\()p Fc(c)l(ert,)g(key)7
b Fb([)p Fc(,)31 b(typ)l(e=FILETYPE_PEM)c Fb(][)p Fc(,)i(days=100)c
-Fb(])p Fl(\))208 791 y Fq(Use)i Fc(c)l(ert)36 b Fq(and)28
+Fb(])p Fl(\))208 2686 y Fq(Use)i Fc(c)l(ert)36 b Fq(and)28
b Fc(key)36 b Fq(to)27 b(sign)h(the)g(CRL)g(and)g(return)f(the)h(CRL)g
(as)g(a)f(string.)37 b Fc(days)f Fq(is)28 b(the)g(n)n(um)n(b)r(er)g(of)
-g(da)n(ys)e(b)r(efore)208 890 y(the)i(next)f(CRL)h(is)f(due.)0
-1037 y Fl(get_revoked\(\))208 1137 y Fq(Return)g(a)g(tuple)i(of)e(Rev)n
+g(da)n(ys)e(b)r(efore)208 2786 y(the)i(next)f(CRL)h(is)f(due.)0
+2933 y Fl(get_revoked\(\))208 3032 y Fq(Return)g(a)g(tuple)i(of)e(Rev)n
(ok)n(ed)f(ob)5 b(jects,)27 b(b)n(y)h(v)-5 b(alue)27
-b(not)h(reference.)0 1400 y Ff(Revok)n(ed)e(objects)0
-1600 y Fq(Rev)n(ok)n(ed)g(ob)5 b(jects)27 b(ha)n(v)n(e)g(the)h(follo)n
-(wing)e(metho)r(ds:)0 1747 y Fl(all_reasons\(\))208 1847
+b(not)h(reference.)0 3295 y Ff(Revok)n(ed)e(objects)0
+3496 y Fq(Rev)n(ok)n(ed)g(ob)5 b(jects)27 b(ha)n(v)n(e)g(the)h(follo)n
+(wing)e(metho)r(ds:)0 3643 y Fl(all_reasons\(\))208 3742
y Fq(Return)h(a)g(list)h(of)g(all)f(supp)r(orted)g(reasons.)0
-1994 y Fl(get_reason\(\))208 2093 y Fq(Return)g(the)h(rev)n(o)r(cation)
+3889 y Fl(get_reason\(\))208 3989 y Fq(Return)g(the)h(rev)n(o)r(cation)
e(reason)g(as)h(a)g(str.)36 b(Can)28 b(b)r(e)g(None,)f(whic)n(h)h
-(di\033ers)f(from)g("Unsp)r(eci\034ed".)0 2240 y Fl(get_rev_date\(\))
-208 2340 y Fq(Return)g(the)h(rev)n(o)r(cation)e(date)h(as)g(a)g(str.)37
+(di\033ers)f(from)g("Unsp)r(eci\034ed".)0 4136 y Fl(get_rev_date\(\))
+208 4235 y Fq(Return)g(the)h(rev)n(o)r(cation)e(date)h(as)g(a)g(str.)37
b(The)27 b(string)g(is)h(formatted)f(as)g(an)g(ASN1)h(GENERALIZEDTIME.)
-0 2487 y Fl(get_serial\(\))208 2586 y Fq(Return)f(a)g(str)h(con)n
+0 4382 y Fl(get_serial\(\))208 4482 y Fq(Return)f(a)g(str)h(con)n
(taining)e(a)h(hex)h(n)n(um)n(b)r(er)f(of)h(the)f(serial)g(of)g(the)h
-(rev)n(ok)n(ed)e(certi\034cate.)0 2733 y Fl(set_reason\()p
-Fc(r)l(e)l(ason)6 b Fl(\))208 2833 y Fq(Set)32 b(the)g(rev)n(o)r
+(rev)n(ok)n(ed)e(certi\034cate.)0 4629 y Fl(set_reason\()p
+Fc(r)l(e)l(ason)6 b Fl(\))208 4728 y Fq(Set)32 b(the)g(rev)n(o)r
(cation)e(reason.)47 b Fc(r)l(e)l(ason)39 b Fq(m)n(ust)32
b(b)r(e)g(None)f(or)g(a)g(string,)i(but)f(the)g(v)-5
b(alues)31 b(are)g(limited.)50 b(Spaces)31 b(and)208
-2933 y(case)26 b(are)h(ignored.)35 b(See)28 b Fl(all_reasons)p
-Fq(.)0 3079 y Fl(set_rev_date\()p Fc(date)6 b Fl(\))208
-3179 y Fq(Set)28 b(the)f(rev)n(o)r(cation)f(date.)37
+4828 y(case)26 b(are)h(ignored.)35 b(See)28 b Fl(all_reasons)p
+Fq(.)0 4975 y Fl(set_rev_date\()p Fc(date)6 b Fl(\))208
+5074 y Fq(Set)28 b(the)f(rev)n(o)r(cation)f(date.)37
b(The)28 b(string)e(is)i(formatted)f(as)g(an)g(ASN1)h(GENERALIZEDTIME.)
-0 3326 y Fl(set_serial\()p Fc(serial)9 b Fl(\))208 3426
+0 5221 y Fl(set_serial\()p Fc(serial)9 b Fl(\))208 5321
y Fc(serial)37 b Fq(is)27 b(a)h(string)f(con)n(taining)f(a)h(hex)h(n)n
(um)n(b)r(er)f(of)g(the)h(serial)f(of)g(the)h(rev)n(ok)n(ed)e
-(certi\034cate.)0 3705 y Fj(3.2)97 b Fd(rand)34 b Fj(\026)e(An)h
-(interface)g(to)g(the)g(Op)s(enSSL)f(pseudo)h(random)g(numb)s(er)g
-(generato)m(r)0 3906 y Fq(This)28 b(mo)r(dule)f(handles)h(the)f(Op)r
-(enSSL)h(pseudo)f(random)g(n)n(um)n(b)r(er)g(generator)f(\(PRNG\))j
-(and)e(declares)f(the)i(follo)n(wing:)0 4053 y Fl(add\()p
-Fc(string,)g(entr)l(opy)7 b Fl(\))208 4152 y Fq(Mix)22
-b(b)n(ytes)g(from)g Fc(string)30 b Fq(in)n(to)22 b(the)h(PRNG)h(state.)
-35 b(The)22 b Fc(entr)l(opy)30 b Fq(argumen)n(t)22 b(is)g(\(the)h(lo)n
-(w)n(er)e(b)r(ound)i(of)6 b(\))23 b(an)f(estimate)208
-4252 y(of)f(ho)n(w)g(m)n(uc)n(h)h(randomness)e(is)h(con)n(tained)g(in)h
-Fc(string)7 b Fq(,)23 b(measured)e(in)h(b)n(ytes.)34
-b(F)-7 b(or)21 b(more)g(information,)h(see)g(e.g.)34
-b(RF)n(C)208 4351 y(1750.)0 4498 y Fl(bytes\()p Fc(num_bytes)7
-b Fl(\))208 4598 y Fq(Get)28 b(some)e(random)h(b)n(ytes)g(from)g(the)h
-(PRNG)h(as)e(a)g(string.)208 4731 y(This)g(is)h(a)f(wrapp)r(er)f(for)h
-(the)h(C)g(function)g Fl(RAND_bytes)p Fq(.)0 4878 y Fl(cleanup\(\))208
-4977 y Fq(Erase)e(the)i(memory)f(used)h(b)n(y)f(the)h(PRNG.)208
-5110 y(This)f(is)h(a)f(wrapp)r(er)f(for)h(the)h(C)g(function)g
-Fl(RAND_cleanup)p Fq(.)0 5274 y Fl(egd\()p Fc(p)l(ath)6
-b Fb([)p Fc(,)29 b(bytes)19 b Fb(])p Fl(\))p 0 5549 3901
-4 v 0 5649 a Ff(10)2197 b(3)83 b Fl(OpenSSL)24 b Ff(\026)k(Python)f
-(interface)h(to)f(Op)r(enSSL)p eop end
+(certi\034cate.)p 0 5549 3901 4 v 0 5649 a Ff(10)2197
+b(3)83 b Fl(OpenSSL)24 b Ff(\026)k(Python)f(interface)h(to)f(Op)r
+(enSSL)p eop end
%%Page: 11 11
-TeXDict begin 11 10 bop 208 83 a Fq(Query)29 b(the)j(En)n(trop)n(y)e
-(Gathering)g(Daemon)1629 53 y Fk(2)1697 83 y Fq(on)h(so)r(c)n(k)n(et)f
-Fc(p)l(ath)38 b Fq(for)30 b Fc(bytes)38 b Fq(b)n(ytes)31
-b(of)g(random)f(data)g(and)h(and)g(uses)208 183 y Fl(add)26
-b Fq(to)h(seed)h(the)g(PRNG.)g(The)g(default)g(v)-5 b(alue)27
-b(of)34 b Fc(bytes)h Fq(is)27 b(255.)0 344 y Fl(load_file\()p
-Fc(p)l(ath)6 b Fb([)p Fc(,)26 b(bytes)19 b Fb(])p Fl(\))208
-444 y Fq(Read)29 b Fc(bytes)38 b Fq(b)n(ytes)30 b(\(or)f(all)h(of)g
-(it,)i(if)37 b Fc(bytes)g Fq(is)31 b(negativ)n(e\))e(of)h(data)g(from)g
-(the)g(\034le)h Fc(p)l(ath)37 b Fq(to)30 b(seed)g(the)h(PRNG.)g(The)208
-543 y(default)d(v)-5 b(alue)27 b(of)34 b Fc(bytes)h Fq(is)27
-b(-1.)0 690 y Fl(screen\(\))208 790 y Fq(A)n(dd)g(the)h(curren)n(t)f
-(con)n(ten)n(ts)g(of)g(the)h(screen)f(to)g(the)h(PRNG)h(state.)37
-b(A)-9 b(v)k(ailabilit)n(y:)36 b(Windo)n(ws.)0 937 y
-Fl(seed\()p Fc(string)7 b Fl(\))208 1036 y Fq(This)27
+TeXDict begin 11 10 bop 0 83 a Fj(3.2)97 b Fd(rand)34
+b Fj(\026)e(An)h(interface)g(to)g(the)g(Op)s(enSSL)f(pseudo)h(random)g
+(numb)s(er)g(generato)m(r)0 283 y Fq(This)28 b(mo)r(dule)f(handles)h
+(the)f(Op)r(enSSL)h(pseudo)f(random)g(n)n(um)n(b)r(er)g(generator)f
+(\(PRNG\))j(and)e(declares)f(the)i(follo)n(wing:)0 430
+y Fl(add\()p Fc(string,)g(entr)l(opy)7 b Fl(\))208 530
+y Fq(Mix)22 b(b)n(ytes)g(from)g Fc(string)30 b Fq(in)n(to)22
+b(the)h(PRNG)h(state.)35 b(The)22 b Fc(entr)l(opy)30
+b Fq(argumen)n(t)22 b(is)g(\(the)h(lo)n(w)n(er)e(b)r(ound)i(of)6
+b(\))23 b(an)f(estimate)208 630 y(of)f(ho)n(w)g(m)n(uc)n(h)h
+(randomness)e(is)h(con)n(tained)g(in)h Fc(string)7 b
+Fq(,)23 b(measured)e(in)h(b)n(ytes.)34 b(F)-7 b(or)21
+b(more)g(information,)h(see)g(e.g.)34 b(RF)n(C)208 729
+y(1750.)0 876 y Fl(bytes\()p Fc(num_bytes)7 b Fl(\))208
+976 y Fq(Get)28 b(some)e(random)h(b)n(ytes)g(from)g(the)h(PRNG)h(as)e
+(a)g(string.)208 1109 y(This)g(is)h(a)f(wrapp)r(er)f(for)h(the)h(C)g
+(function)g Fl(RAND_bytes)p Fq(.)0 1255 y Fl(cleanup\(\))208
+1355 y Fq(Erase)e(the)i(memory)f(used)h(b)n(y)f(the)h(PRNG.)208
+1488 y(This)f(is)h(a)f(wrapp)r(er)f(for)h(the)h(C)g(function)g
+Fl(RAND_cleanup)p Fq(.)0 1651 y Fl(egd\()p Fc(p)l(ath)6
+b Fb([)p Fc(,)29 b(bytes)19 b Fb(])p Fl(\))208 1751 y
+Fq(Query)29 b(the)j(En)n(trop)n(y)e(Gathering)g(Daemon)1629
+1721 y Fk(2)1697 1751 y Fq(on)h(so)r(c)n(k)n(et)f Fc(p)l(ath)38
+b Fq(for)30 b Fc(bytes)38 b Fq(b)n(ytes)31 b(of)g(random)f(data)g(and)h
+(and)g(uses)208 1851 y Fl(add)26 b Fq(to)h(seed)h(the)g(PRNG.)g(The)g
+(default)g(v)-5 b(alue)27 b(of)34 b Fc(bytes)h Fq(is)27
+b(255.)0 2012 y Fl(load_file\()p Fc(p)l(ath)6 b Fb([)p
+Fc(,)26 b(bytes)19 b Fb(])p Fl(\))208 2112 y Fq(Read)29
+b Fc(bytes)38 b Fq(b)n(ytes)30 b(\(or)f(all)h(of)g(it,)i(if)37
+b Fc(bytes)g Fq(is)31 b(negativ)n(e\))e(of)h(data)g(from)g(the)g
+(\034le)h Fc(p)l(ath)37 b Fq(to)30 b(seed)g(the)h(PRNG.)g(The)208
+2211 y(default)d(v)-5 b(alue)27 b(of)34 b Fc(bytes)h
+Fq(is)27 b(-1.)0 2358 y Fl(screen\(\))208 2458 y Fq(A)n(dd)g(the)h
+(curren)n(t)f(con)n(ten)n(ts)g(of)g(the)h(screen)f(to)g(the)h(PRNG)h
+(state.)37 b(A)-9 b(v)k(ailabilit)n(y:)36 b(Windo)n(ws.)0
+2605 y Fl(seed\()p Fc(string)7 b Fl(\))208 2704 y Fq(This)27
b(is)h(equiv)-5 b(alen)n(t)27 b(to)g(calling)h Fl(add)f
Fq(with)h Fc(entr)l(opy)35 b Fq(as)27 b(the)h(length)f(of)h(the)g
-(string.)0 1183 y Fl(status\(\))208 1283 y Fq(Returns)f(true)g(if)i
+(string.)0 2851 y Fl(status\(\))208 2951 y Fq(Returns)f(true)g(if)i
(the)e(PRNG)i(has)e(b)r(een)h(seeded)f(with)h(enough)f(data,)g(and)h
-(false)f(otherwise.)0 1430 y Fl(write_file\()p Fc(p)l(ath)6
-b Fl(\))208 1529 y Fq(W)-7 b(rite)34 b(a)g(n)n(um)n(b)r(er)g(of)h
+(false)f(otherwise.)0 3098 y Fl(write_file\()p Fc(p)l(ath)6
+b Fl(\))208 3197 y Fq(W)-7 b(rite)34 b(a)g(n)n(um)n(b)r(er)g(of)h
(random)e(b)n(ytes)h(\(curren)n(tly)g(1024\))f(to)h(the)h(\034le)f
Fc(p)l(ath)6 b Fq(.)59 b(This)34 b(\034le)h(can)f(then)g(b)r(e)h(used)g
-(with)208 1629 y Fl(load_file)23 b Fq(to)28 b(seed)f(the)h(PRNG)h
-(again.)0 1776 y Fm(exception)j Fl(Error)208 1875 y Fq(If)i(the)g
+(with)208 3297 y Fl(load_file)23 b Fq(to)28 b(seed)f(the)h(PRNG)h
+(again.)0 3444 y Fm(exception)j Fl(Error)208 3543 y Fq(If)i(the)g
(curren)n(t)f(RAND)i(metho)r(d)f(supp)r(orts)f(an)n(y)g(errors,)h(this)
g(is)f(raised)g(when)h(needed.)56 b(The)33 b(default)i(metho)r(d)208
-1975 y(do)r(es)27 b(not)g(raise)g(this)h(when)f(the)h(en)n(trop)n(y)e
-(p)r(o)r(ol)i(is)f(depleted.)208 2104 y(Whenev)n(er)36
+3643 y(do)r(es)27 b(not)g(raise)g(this)h(when)f(the)h(en)n(trop)n(y)e
+(p)r(o)r(ol)i(is)f(depleted.)208 3776 y(Whenev)n(er)36
b(this)h(exception)g(is)g(raised)f(directly)-7 b(,)40
b(it)d(has)g(a)f(list)i(of)f(error)e(messages)g(from)i(the)h(Op)r
-(enSSL)f(error)208 2204 y(queue,)k(where)d(eac)n(h)f(item)i(is)g(a)f
+(enSSL)f(error)208 3875 y(queue,)k(where)d(eac)n(h)f(item)i(is)g(a)f
(tuple)h Fl(\()p Fc(lib)5 b Fl(,)44 b Fc(function)6 b
Fl(,)43 b Fc(r)l(e)l(ason)6 b Fl(\))p Fq(.)70 b(Here)38
b Fc(lib)5 b Fq(,)43 b Fc(function)h Fq(and)39 b Fc(r)l(e)l(ason)45
-b Fq(are)37 b(all)208 2303 y(strings,)26 b(describing)h(where)g(and)g
+b Fq(are)37 b(all)208 3975 y(strings,)26 b(describing)h(where)g(and)g
(what)h(the)g(problem)f(is.)36 b(See)28 b Fc(err)p Fq(\(3\))g(for)f
-(more)g(information.)0 2580 y Fj(3.3)97 b Fd(SSL)33 b
+(more)g(information.)0 4255 y Fj(3.3)97 b Fd(SSL)33 b
Fj(\026)f(An)h(interface)h(to)e(the)h(SSL-sp)s(eci\034c)h(pa)m(rts)f
-(of)f(Op)s(enSSL)0 2780 y Fq(This)c(mo)r(dule)f(handles)h(things)f(sp)r
+(of)f(Op)s(enSSL)0 4455 y Fq(This)c(mo)r(dule)f(handles)h(things)f(sp)r
(eci\034c)h(to)f(SSL.)h(There)f(are)f(t)n(w)n(o)h(ob)5
b(jects)27 b(de\034ned:)38 b(Con)n(text,)27 b(Connection.)0
-2927 y Fl(SSLv2_METHOD)0 3027 y(SSLv3_METHOD)0 3126 y(SSLv23_METHOD)0
-3226 y(TLSv1_METHOD)208 3326 y Fq(These)g(constan)n(ts)f(represen)n(t)h
+4602 y Fl(SSLv2_METHOD)0 4702 y(SSLv3_METHOD)0 4801 y(SSLv23_METHOD)0
+4901 y(TLSv1_METHOD)208 5001 y Fq(These)g(constan)n(ts)f(represen)n(t)h
(the)h(di\033eren)n(t)f(SSL)h(metho)r(ds)g(to)f(use)h(when)f(creating)g
-(a)g(con)n(text)g(ob)5 b(ject.)0 3473 y Fl(VERIFY_NONE)0
-3572 y(VERIFY_PEER)0 3672 y(VERIFY_FAIL_IF_N)o(O_)o(PEE)o(R_)o(CE)o(RT)
-208 3771 y Fq(These)27 b(constan)n(ts)f(represen)n(t)h(the)h(v)n
-(eri\034cation)e(mo)r(de)h(used)h(b)n(y)f(the)h(Con)n(text)f(ob)5
-b(ject's)27 b Fl(set_verify)d Fq(metho)r(d.)0 3918 y
-Fl(FILETYPE_PEM)0 4018 y(FILETYPE_ASN1)208 4118 y Fq(File)41
-b(t)n(yp)r(e)g(constan)n(ts)f(used)h(with)g(the)h Fl(use_certificate)o
-(_f)o(ile)34 b Fq(and)41 b Fl(use_privatekey_f)o(il)o(e)35
-b Fq(metho)r(ds)41 b(of)208 4217 y(Con)n(text)27 b(ob)5
-b(jects.)0 4364 y Fl(OP_SINGLE_DH_USE)0 4464 y(OP_EPHEMERAL_RSA)0
-4563 y(OP_NO_SSLv2)0 4663 y(OP_NO_SSLv3)0 4763 y(OP_NO_TLSv1)208
-4862 y Fq(Constan)n(ts)30 b(used)i(with)g Fl(set_options)26
-b Fq(of)32 b(Con)n(text)f(ob)5 b(jects.)48 b Fl(OP_SINGLE_DH_USE)25
-b Fq(means)31 b(to)g(alw)n(a)n(ys)f(create)g(a)208 4962
-y(new)19 b(k)n(ey)f(when)h(using)g(ephemeral)f(Di\036e-Hellman.)34
-b Fl(OP_EPHEMERAL_RSA)13 b Fq(means)18 b(to)h(alw)n(a)n(ys)e(use)i
-(ephemeral)g(RSA)208 5061 y(k)n(eys)f(when)h(doing)f(RSA)i(op)r
-(erations.)33 b Fl(OP_NO_SSLv2)p Fq(,)16 b Fl(OP_NO_SSLv3)f
-Fq(and)k Fl(OP_NO_TLSv1)14 b Fq(means)19 b(to)g(disable)f(those)208
-5161 y(sp)r(eci\034c)29 b(proto)r(cols.)39 b(This)29
+(a)g(con)n(text)g(ob)5 b(ject.)0 5147 y Fl(VERIFY_NONE)0
+5247 y(VERIFY_PEER)p 0 5308 1560 4 v 92 5362 a Fh(2)127
+5385 y Fg(See)24 b Fp(http://www.lotha)n(r.com/tech/crypto/)p
+0 5549 3901 4 v 0 5649 a Ff(3.2)82 b Fl(rand)26 b Ff(\026)i(An)g
+(interface)f(to)g(the)h(Op)r(enSSL)g(pseudo)e(random)h(numb)r(er)h
+(generato)n(r)1107 b(11)p eop end
+%%Page: 12 12
+TeXDict begin 12 11 bop 0 83 a Fl(VERIFY_FAIL_IF_N)o(O_)o(PEE)o(R_)o
+(CE)o(RT)208 183 y Fq(These)27 b(constan)n(ts)f(represen)n(t)h(the)h(v)
+n(eri\034cation)e(mo)r(de)h(used)h(b)n(y)f(the)h(Con)n(text)f(ob)5
+b(ject's)27 b Fl(set_verify)d Fq(metho)r(d.)0 330 y Fl(FILETYPE_PEM)0
+429 y(FILETYPE_ASN1)208 529 y Fq(File)41 b(t)n(yp)r(e)g(constan)n(ts)f
+(used)h(with)g(the)h Fl(use_certificate)o(_f)o(ile)34
+b Fq(and)41 b Fl(use_privatekey_f)o(il)o(e)35 b Fq(metho)r(ds)41
+b(of)208 628 y(Con)n(text)27 b(ob)5 b(jects.)0 775 y
+Fl(OP_SINGLE_DH_USE)0 875 y(OP_EPHEMERAL_RSA)0 975 y(OP_NO_SSLv2)0
+1074 y(OP_NO_SSLv3)0 1174 y(OP_NO_TLSv1)208 1273 y Fq(Constan)n(ts)30
+b(used)i(with)g Fl(set_options)26 b Fq(of)32 b(Con)n(text)f(ob)5
+b(jects.)48 b Fl(OP_SINGLE_DH_USE)25 b Fq(means)31 b(to)g(alw)n(a)n(ys)
+f(create)g(a)208 1373 y(new)19 b(k)n(ey)f(when)h(using)g(ephemeral)f
+(Di\036e-Hellman.)34 b Fl(OP_EPHEMERAL_RSA)13 b Fq(means)18
+b(to)h(alw)n(a)n(ys)e(use)i(ephemeral)g(RSA)208 1473
+y(k)n(eys)f(when)h(doing)f(RSA)i(op)r(erations.)33 b
+Fl(OP_NO_SSLv2)p Fq(,)16 b Fl(OP_NO_SSLv3)f Fq(and)k
+Fl(OP_NO_TLSv1)14 b Fq(means)19 b(to)g(disable)f(those)208
+1572 y(sp)r(eci\034c)29 b(proto)r(cols.)39 b(This)29
b(is)g(in)n(teresting)g(if)g(y)n(ou're)f(using)g(e.g.)41
b Fl(SSLv23_METHOD)24 b Fq(to)29 b(get)g(an)f(SSLv2-compatible)208
-5261 y(handshak)n(e,)e(but)i(don't)g(w)n(an)n(t)f(to)g(use)h(SSLv2.)p
-0 5323 1560 4 v 92 5377 a Fh(2)127 5400 y Fg(See)c Fp(http://www.lotha)
-n(r.com/tech/crypto/)p 0 5549 3901 4 v 0 5649 a Ff(3.3)82
-b Fl(SSL)26 b Ff(\026)i(An)g(interface)g(to)f(the)g(SSL-sp)r(eci\034c)h
-(pa)n(rts)f(of)h(Op)r(enSSL)1611 b(11)p eop end
-%%Page: 12 12
-TeXDict begin 12 11 bop 0 83 a Fl(ContextType)208 183
-y Fq(See)27 b Fl(Context)p Fq(.)0 330 y Fm(class)k Fl(Context\()p
-Fc(metho)l(d)9 b Fl(\))208 429 y Fq(A)27 b(class)g(represen)n(ting)f
-(SSL)i(con)n(texts.)36 b(Con)n(texts)27 b(de\034ne)h(the)g(parameters)d
-(of)j(one)f(or)g(more)f(SSL)i(connections.)208 562 y
-Fc(metho)l(d)36 b Fq(should)28 b(b)r(e)g Fl(SSLv2_METHOD)p
-Fq(,)22 b Fl(SSLv3_METHOD)p Fq(,)h Fl(SSLv23_METHOD)f
-Fq(or)27 b Fl(TLSv1_METHOD)p Fq(.)0 709 y Fl(ConnectionType)208
-808 y Fq(See)g Fl(Connection)p Fq(.)0 955 y Fm(class)k
+1672 y(handshak)n(e,)e(but)i(don't)g(w)n(an)n(t)f(to)g(use)h(SSLv2.)0
+1819 y Fl(ContextType)208 1918 y Fq(See)f Fl(Context)p
+Fq(.)0 2065 y Fm(class)k Fl(Context\()p Fc(metho)l(d)9
+b Fl(\))208 2165 y Fq(A)27 b(class)g(represen)n(ting)f(SSL)i(con)n
+(texts.)36 b(Con)n(texts)27 b(de\034ne)h(the)g(parameters)d(of)j(one)f
+(or)g(more)f(SSL)i(connections.)208 2298 y Fc(metho)l(d)36
+b Fq(should)28 b(b)r(e)g Fl(SSLv2_METHOD)p Fq(,)22 b
+Fl(SSLv3_METHOD)p Fq(,)h Fl(SSLv23_METHOD)f Fq(or)27
+b Fl(TLSv1_METHOD)p Fq(.)0 2445 y Fl(ConnectionType)208
+2544 y Fq(See)g Fl(Connection)p Fq(.)0 2691 y Fm(class)k
Fl(Connection\()p Fc(c)l(ontext,)25 b(so)l(cket)8 b Fl(\))208
-1055 y Fq(A)27 b(class)g(represen)n(ting)f(SSL)i(connections.)208
-1188 y Fc(c)l(ontext)44 b Fq(should)37 b(b)r(e)g(an)g(instance)g(of)44
+2791 y Fq(A)27 b(class)g(represen)n(ting)f(SSL)i(connections.)208
+2924 y Fc(c)l(ontext)44 b Fq(should)37 b(b)r(e)g(an)g(instance)g(of)44
b Fl(Context)34 b Fq(and)j Fc(so)l(cket)46 b Fq(should)37
-b(b)r(e)g(a)g(so)r(c)n(k)n(et)2978 1158 y Fk(3)3053 1188
+b(b)r(e)g(a)g(so)r(c)n(k)n(et)2978 2893 y Fk(3)3053 2924
y Fq(ob)5 b(ject.)66 b Fc(so)l(cket)45 b Fq(ma)n(y)37
-b(b)r(e)208 1287 y Fc(None)6 b Fq(;)27 b(in)h(this)g(case,)e(the)i
+b(b)r(e)208 3023 y Fc(None)6 b Fq(;)27 b(in)h(this)g(case,)e(the)i
(Connection)f(is)g(created)g(with)h(a)f(memory)g(BIO:)f(see)h(the)h
-Fl(bio_read)p Fq(,)c Fl(bio_write)p Fq(,)g(and)208 1387
-y Fl(bio_shutdown)e Fq(metho)r(ds.)0 1534 y Fm(exception)32
-b Fl(Error)208 1634 y Fq(This)i(exception)g(is)h(used)f(as)g(a)h(base)e
+Fl(bio_read)p Fq(,)c Fl(bio_write)p Fq(,)g(and)208 3123
+y Fl(bio_shutdown)e Fq(metho)r(ds.)0 3270 y Fm(exception)32
+b Fl(Error)208 3369 y Fq(This)i(exception)g(is)h(used)f(as)g(a)h(base)e
(class)h(for)g(the)h(other)f(SSL-related)g(exceptions,)i(but)f(ma)n(y)f
-(also)f(b)r(e)i(raised)208 1733 y(directly)-7 b(.)208
-1866 y(Whenev)n(er)36 b(this)h(exception)g(is)g(raised)f(directly)-7
+(also)f(b)r(e)i(raised)208 3469 y(directly)-7 b(.)208
+3602 y(Whenev)n(er)36 b(this)h(exception)g(is)g(raised)f(directly)-7
b(,)40 b(it)d(has)g(a)f(list)i(of)f(error)e(messages)g(from)i(the)h(Op)
-r(enSSL)f(error)208 1966 y(queue,)k(where)d(eac)n(h)f(item)i(is)g(a)f
+r(enSSL)f(error)208 3701 y(queue,)k(where)d(eac)n(h)f(item)i(is)g(a)f
(tuple)h Fl(\()p Fc(lib)5 b Fl(,)44 b Fc(function)6 b
Fl(,)43 b Fc(r)l(e)l(ason)6 b Fl(\))p Fq(.)70 b(Here)38
b Fc(lib)5 b Fq(,)43 b Fc(function)h Fq(and)39 b Fc(r)l(e)l(ason)45
-b Fq(are)37 b(all)208 2065 y(strings,)26 b(describing)h(where)g(and)g
+b Fq(are)37 b(all)208 3801 y(strings,)26 b(describing)h(where)g(and)g
(what)h(the)g(problem)f(is.)36 b(See)28 b Fc(err)p Fq(\(3\))g(for)f
-(more)g(information.)0 2212 y Fm(exception)32 b Fl(ZeroReturnError)208
-2312 y Fq(This)g(exception)g(matc)n(hes)g(the)h(error)d(return)i(co)r
+(more)g(information.)0 3948 y Fm(exception)32 b Fl(ZeroReturnError)208
+4048 y Fq(This)g(exception)g(matc)n(hes)g(the)h(error)d(return)i(co)r
(de)h Fl(SSL_ERROR_ZERO_)o(RE)o(TUR)o(N)p Fq(,)26 b(and)33
-b(is)f(raised)f(when)i(the)g(SSL)208 2411 y(Connection)c(has)g(b)r(een)
+b(is)f(raised)f(when)i(the)g(SSL)208 4147 y(Connection)c(has)g(b)r(een)
h(closed.)43 b(In)29 b(SSL)h(3.0)f(and)h(TLS)g(1.0,)f(this)h(only)f(o)r
(ccurs)g(if)h(a)g(closure)e(alert)h(has)g(o)r(ccurred)208
-2511 y(in)g(the)g(proto)r(col,)f(i.e.)41 b(the)29 b(connection)f(has)g
+4247 y(in)g(the)g(proto)r(col,)f(i.e.)41 b(the)29 b(connection)f(has)g
(b)r(een)i(closed)e(cleanly)-7 b(.)40 b(Note)29 b(that)g(this)g(do)r
-(es)f(not)h(necessarily)e(mean)208 2611 y(that)g(the)h(transp)r(ort)f
+(es)f(not)h(necessarily)e(mean)208 4346 y(that)g(the)h(transp)r(ort)f
(la)n(y)n(er)f(\(e.g.)36 b(a)28 b(so)r(c)n(k)n(et\))e(has)h(b)r(een)h
-(closed.)208 2743 y(It)k(ma)n(y)f(seem)h(a)f(little)i(strange)e(that)h
+(closed.)208 4479 y(It)k(ma)n(y)f(seem)h(a)f(little)i(strange)e(that)h
(this)g(is)g(an)g(exception,)g(but)h(it)f(do)r(es)g(matc)n(h)g(an)f
-Fl(SSL_ERROR)e Fq(co)r(de,)j(and)g(is)208 2843 y(v)n(ery)26
-b(con)n(v)n(enien)n(t.)0 2990 y Fm(exception)32 b Fl(WantReadError)208
-3090 y Fq(The)i(op)r(eration)e(did)j(not)f(complete;)j(the)d(same)g
+Fl(SSL_ERROR)e Fq(co)r(de,)j(and)g(is)208 4579 y(v)n(ery)26
+b(con)n(v)n(enien)n(t.)0 4726 y Fm(exception)32 b Fl(WantReadError)208
+4825 y Fq(The)i(op)r(eration)e(did)j(not)f(complete;)j(the)d(same)g
(I/O)f(metho)r(d)h(should)g(b)r(e)g(called)g(again)f(later,)i(with)f
-(the)h(same)208 3189 y(argumen)n(ts.)g(An)n(y)28 b(I/O)e(metho)r(d)i
+(the)h(same)208 4925 y(argumen)n(ts.)g(An)n(y)28 b(I/O)e(metho)r(d)i
(can)f(lead)h(to)f(this)h(since)f(new)h(handshak)n(es)e(can)h(o)r(ccur)
-g(at)g(an)n(y)g(time.)208 3322 y(The)44 b(w)n(an)n(ted)h(read)f(is)g
+g(at)g(an)n(y)g(time.)208 5058 y(The)44 b(w)n(an)n(ted)h(read)f(is)g
(for)h Fc(dirty)g Fq(data)g(sen)n(t)f(o)n(v)n(er)f(the)j(net)n(w)n
(ork,)h(not)e(the)h Fc(cle)l(an)f Fq(data)f(inside)h(the)g(tunnel.)208
-3422 y(F)-7 b(or)39 b(a)i(so)r(c)n(k)n(et)e(based)h(SSL)h(connection,)i
+5157 y(F)-7 b(or)39 b(a)i(so)r(c)n(k)n(et)e(based)h(SSL)h(connection,)i
Fc(r)l(e)l(ad)e Fq(means)f(data)g(coming)g(at)g(us)h(o)n(v)n(er)e(the)i
-(net)n(w)n(ork.)74 b(Un)n(til)41 b(that)208 3521 y(read)d(succeeds,)k
-(the)d(attempted)h Fl(OpenSSL.SSL.Conn)o(ect)o(io)o(n.)o(rec)o(v)p
+(net)n(w)n(ork.)74 b(Un)n(til)41 b(that)p 0 5227 1560
+4 v 92 5280 a Fh(3)127 5304 y Fg(A)n(ctually)-6 b(,)25
+b(all)e(that)j(is)d(required)j(is)e(an)g(ob)t(ject)h(that)h
+Fa(b)l(ehaves)e Fg(lik)n(e)g(a)h(so)r(c)n(k)n(et,)g(y)n(ou)g(could)g
+(ev)n(en)g(use)f(\034les,)g(ev)n(en)i(though)f(it'd)f(b)r(e)h(tric)n
+(ky)g(to)0 5383 y(get)g(the)f(handshak)n(es)h(righ)n(t!)p
+0 5549 3901 4 v 0 5649 a Ff(12)2197 b(3)83 b Fl(OpenSSL)24
+b Ff(\026)k(Python)f(interface)h(to)f(Op)r(enSSL)p eop
+end
+%%Page: 13 13
+TeXDict begin 13 12 bop 208 83 a Fq(read)38 b(succeeds,)k(the)d
+(attempted)h Fl(OpenSSL.SSL.Conn)o(ect)o(io)o(n.)o(rec)o(v)p
Fq(,)c Fl(OpenSSL.SSL.Conn)o(ec)o(tio)o(n.)o(se)o(nd)p
-Fq(,)g(or)208 3621 y Fl(OpenSSL.SSL.Con)o(ne)o(ct)o(ion)o(.d)o(o_h)o
-(an)o(ds)o(hak)o(e)15 b Fq(is)22 b(prev)n(en)n(ted)e(or)h(incomplete.)
-35 b(Y)-7 b(ou)22 b(probably)e(w)n(an)n(t)h(to)g Fl(select\(\))208
-3721 y Fq(on)27 b(the)h(so)r(c)n(k)n(et)e(b)r(efore)h(trying)g(again.)0
-3867 y Fm(exception)32 b Fl(WantWriteError)208 3967 y
-Fq(See)27 b Fl(WantReadError)p Fq(.)32 b(The)27 b(so)r(c)n(k)n(et)g
-(send)g(bu\033er)h(ma)n(y)f(b)r(e)h(to)r(o)f(full)h(to)g(write)f(more)g
-(data.)0 4114 y Fm(exception)32 b Fl(WantX509LookupE)o(rr)o(or)208
-4214 y Fq(The)24 b(op)r(eration)g(did)h(not)g(complete)f(b)r(ecause)g
+Fq(,)g(or)208 183 y Fl(OpenSSL.SSL.Con)o(ne)o(ct)o(ion)o(.d)o(o_h)o(an)
+o(ds)o(hak)o(e)15 b Fq(is)22 b(prev)n(en)n(ted)e(or)h(incomplete.)35
+b(Y)-7 b(ou)22 b(probably)e(w)n(an)n(t)h(to)g Fl(select\(\))208
+282 y Fq(on)27 b(the)h(so)r(c)n(k)n(et)e(b)r(efore)h(trying)g(again.)0
+429 y Fm(exception)32 b Fl(WantWriteError)208 529 y Fq(See)27
+b Fl(WantReadError)p Fq(.)32 b(The)27 b(so)r(c)n(k)n(et)g(send)g
+(bu\033er)h(ma)n(y)f(b)r(e)h(to)r(o)f(full)h(to)g(write)f(more)g(data.)
+0 676 y Fm(exception)32 b Fl(WantX509LookupE)o(rr)o(or)208
+775 y Fq(The)24 b(op)r(eration)g(did)h(not)g(complete)f(b)r(ecause)g
(an)h(application)f(callbac)n(k)f(has)h(ask)n(ed)g(to)g(b)r(e)h(called)
-g(again.)34 b(The)25 b(I/O)208 4313 y(metho)r(d)f(should)h(b)r(e)f
+g(again.)34 b(The)25 b(I/O)208 875 y(metho)r(d)f(should)h(b)r(e)f
(called)g(again)g(later,)g(with)h(the)g(same)e(argumen)n(ts.)35
b(Note:)g(This)24 b(w)n(on't)h(o)r(ccur)e(in)i(this)g(v)n(ersion,)208
-4413 y(as)h(there)i(are)e(no)i(suc)n(h)f(callbac)n(ks)f(in)i(this)f(v)n
-(ersion.)0 4560 y Fm(exception)32 b Fl(SysCallError)208
-4659 y Fq(The)25 b Fl(SysCallError)20 b Fq(o)r(ccurs)k(when)i(there's)e
+975 y(as)h(there)i(are)e(no)i(suc)n(h)f(callbac)n(ks)f(in)i(this)f(v)n
+(ersion.)0 1121 y Fm(exception)32 b Fl(SysCallError)208
+1221 y Fq(The)25 b Fl(SysCallError)20 b Fq(o)r(ccurs)k(when)i(there's)e
(an)h(I/O)g(error)e(and)i(Op)r(enSSL's)g(error)e(queue)i(do)r(es)g(not)
-g(con)n(tain)g(an)n(y)208 4759 y(information.)59 b(This)36
+g(con)n(tain)g(an)n(y)208 1321 y(information.)59 b(This)36
b(can)f(mean)g(t)n(w)n(o)g(things:)52 b(An)36 b(error)d(in)j(the)g
(transp)r(ort)e(proto)r(col,)i(or)f(an)g(end)h(of)f(\034le)h(that)208
-4859 y(violates)26 b(the)i(proto)r(col.)36 b(The)27 b(parameter)f(to)i
+1420 y(violates)26 b(the)i(proto)r(col.)36 b(The)27 b(parameter)f(to)i
(the)g(exception)f(is)g(alw)n(a)n(ys)f(a)h(pair)g Fl(\()p
-Fc(errnum)6 b Fl(,)42 b Fc(errstr)9 b Fl(\))p Fq(.)p
-0 4928 1560 4 v 92 4981 a Fh(3)127 5005 y Fg(A)n(ctually)-6
-b(,)25 b(all)e(that)j(is)d(required)j(is)e(an)g(ob)t(ject)h(that)h
-Fa(b)l(ehaves)e Fg(lik)n(e)g(a)h(so)r(c)n(k)n(et,)g(y)n(ou)g(could)g
-(ev)n(en)g(use)f(\034les,)g(ev)n(en)i(though)f(it'd)f(b)r(e)h(tric)n
-(ky)g(to)0 5084 y(get)g(the)f(handshak)n(es)h(righ)n(t!)p
-0 5549 3901 4 v 0 5649 a Ff(12)2197 b(3)83 b Fl(OpenSSL)24
-b Ff(\026)k(Python)f(interface)h(to)f(Op)r(enSSL)p eop
-end
-%%Page: 13 13
-TeXDict begin 13 12 bop 0 83 a Ff(Context)27 b(objects)0
-283 y Fq(Con)n(text)g(ob)5 b(jects)27 b(ha)n(v)n(e)g(the)h(follo)n
-(wing)e(metho)r(ds:)0 430 y Fl(check_privatekey)o(\(\))208
-547 y Fq(Chec)n(k)k(if)i(the)g(priv)-5 b(ate)31 b(k)n(ey)f(\(loaded)h
-(with)h Fl(use_privatekey)p Fb([)p Fl(_)o(fi)o(le)11
-b Fb(])p Fq(\))26 b(matc)n(hes)k(the)i(certi\034cate)f(\(loaded)g(with)
-208 674 y Fl(use_certificate)o Fb([)p Fl(_)o(fil)o(e)11
-b Fb(])p Fq(\).)31 b(Returns)d Fl(None)e Fq(if)i(they)f(matc)n(h,)h
-(raises)e Fl(Error)g Fq(otherwise.)0 821 y Fl(get_app_data\(\))208
-921 y Fq(Retriev)n(e)g(application)h(data)g(as)g(set)h(b)n(y)g
-Fl(set_app_data)p Fq(.)0 1068 y Fl(get_cert_store\(\))208
-1167 y Fq(Retriev)n(e)34 b(the)i(certi\034cate)f(store)f(\(a)h
+Fc(errnum)6 b Fl(,)42 b Fc(errstr)9 b Fl(\))p Fq(.)0
+1683 y Ff(Context)27 b(objects)0 1884 y Fq(Con)n(text)g(ob)5
+b(jects)27 b(ha)n(v)n(e)g(the)h(follo)n(wing)e(metho)r(ds:)0
+2031 y Fl(check_privatekey)o(\(\))208 2147 y Fq(Chec)n(k)k(if)i(the)g
+(priv)-5 b(ate)31 b(k)n(ey)f(\(loaded)h(with)h Fl(use_privatekey)p
+Fb([)p Fl(_)o(fi)o(le)11 b Fb(])p Fq(\))26 b(matc)n(hes)k(the)i
+(certi\034cate)f(\(loaded)g(with)208 2275 y Fl(use_certificate)o
+Fb([)p Fl(_)o(fil)o(e)11 b Fb(])p Fq(\).)31 b(Returns)d
+Fl(None)e Fq(if)i(they)f(matc)n(h,)h(raises)e Fl(Error)g
+Fq(otherwise.)0 2421 y Fl(get_app_data\(\))208 2521 y
+Fq(Retriev)n(e)g(application)h(data)g(as)g(set)h(b)n(y)g
+Fl(set_app_data)p Fq(.)0 2668 y Fl(get_cert_store\(\))208
+2768 y Fq(Retriev)n(e)34 b(the)i(certi\034cate)f(store)f(\(a)h
(X509Store)f(ob)5 b(ject\))35 b(that)h(the)f(con)n(text)g(uses.)60
-b(This)35 b(can)g(b)r(e)h(used)f(to)g(add)208 1267 y("trusted")26
+b(This)35 b(can)g(b)r(e)h(used)f(to)g(add)208 2867 y("trusted")26
b(certi\034cates)h(without)h(using)f(the.)37 b Fl(load_verify_loca)o
-(tio)o(ns)o(\(\))21 b Fq(metho)r(d.)0 1414 y Fl(get_timeout\(\))208
-1513 y Fq(Retriev)n(e)26 b(session)h(timeout,)h(as)f(set)g(b)n(y)i
+(tio)o(ns)o(\(\))21 b Fq(metho)r(d.)0 3014 y Fl(get_timeout\(\))208
+3114 y Fq(Retriev)n(e)26 b(session)h(timeout,)h(as)f(set)g(b)n(y)i
Fl(set_timeout)p Fq(.)j(The)c(default)g(is)f(300)f(seconds.)0
-1660 y Fl(get_verify_depth)o(\(\))208 1760 y Fq(Retriev)n(e)g(the)i
+3261 y Fl(get_verify_depth)o(\(\))208 3360 y Fq(Retriev)n(e)g(the)i
(Con)n(text)f(ob)5 b(ject's)28 b(v)n(erify)e(depth,)j(as)d(set)i(b)n(y)
-g Fl(set_verify_depth)p Fq(.)0 1907 y Fl(get_verify_mode\()o(\))208
-2006 y Fq(Retriev)n(e)e(the)i(Con)n(text)f(ob)5 b(ject's)28
+g Fl(set_verify_depth)p Fq(.)0 3507 y Fl(get_verify_mode\()o(\))208
+3607 y Fq(Retriev)n(e)e(the)i(Con)n(text)f(ob)5 b(ject's)28
b(v)n(erify)e(mo)r(de,)i(as)f(set)h(b)n(y)g Fl(set_verify)p
-Fq(.)0 2153 y Fl(load_client_ca\()p Fc(p)l(em\034le)6
-b Fl(\))208 2253 y Fq(Read)33 b(a)g(\034le)h(with)g(PEM-formatted)g
+Fq(.)0 3754 y Fl(load_client_ca\()p Fc(p)l(em\034le)6
+b Fl(\))208 3853 y Fq(Read)33 b(a)g(\034le)h(with)g(PEM-formatted)g
(certi\034cates)f(that)h(will)g(b)r(e)g(sen)n(t)f(to)h(the)g(clien)n(t)
-f(when)h(requesting)f(a)g(clien)n(t)208 2353 y(certi\034cate.)0
-2499 y Fl(set_client_ca_li)o(st)o(\()p Fc(c)l(erti\034c)l(ate_au)o
-(thorities)7 b Fl(\))208 2599 y Fq(Replace)23 b(the)h(curren)n(t)g
+f(when)h(requesting)f(a)g(clien)n(t)208 3953 y(certi\034cate.)0
+4100 y Fl(set_client_ca_li)o(st)o(\()p Fc(c)l(erti\034c)l(ate_au)o
+(thorities)7 b Fl(\))208 4199 y Fq(Replace)23 b(the)h(curren)n(t)g
(list)g(of)g(preferred)f(certi\034cate)g(signers)g(that)h(w)n(ould)f(b)
r(e)i(sen)n(t)f(to)g(the)g(clien)n(t)g(when)g(requesting)208
-2699 y(a)j(clien)n(t)g(certi\034cate)g(with)h(the)g Fc(c)l(erti\034c)l
+4299 y(a)j(clien)n(t)g(certi\034cate)g(with)h(the)g Fc(c)l(erti\034c)l
(ate_authorities)35 b Fq(sequence)27 b(of)34 b Fl(OpenSSL.crypto.X5)o
-(09)o(Na)o(me)p Fq(s)o(.)208 2832 y(New)27 b(in)h(v)n(ersion)e(0.10.)0
-2978 y Fl(add_client_ca\()p Fc(c)l(erti\034c)l(ate_aut)o(hority)7
-b Fl(\))208 3078 y Fq(Extract)22 b(a)g Fl(OpenSSL.crypto.X)o(50)o(9Na)o
+(09)o(Na)o(me)p Fq(s)o(.)208 4432 y(New)27 b(in)h(v)n(ersion)e(0.10.)0
+4579 y Fl(add_client_ca\()p Fc(c)l(erti\034c)l(ate_aut)o(hority)7
+b Fl(\))208 4678 y Fq(Extract)22 b(a)g Fl(OpenSSL.crypto.X)o(50)o(9Na)o
(me)16 b Fq(from)22 b(the)h Fc(c)l(erti\034c)l(ate_authority)30
b Fl(OpenSSL.crypto.X)o(509)16 b Fq(certi\034cate)208
-3178 y(and)k(add)g(it)h(to)f(the)h(list)f(of)h(preferred)e
+4778 y(and)k(add)g(it)h(to)f(the)h(list)f(of)h(preferred)e
(certi\034cate)h(signers)f(sen)n(t)h(to)g(the)h(clien)n(t)f(when)h
-(requesting)e(a)h(clien)n(t)h(certi\034cate.)208 3310
-y(New)27 b(in)h(v)n(ersion)e(0.10.)0 3457 y Fl(load_verify_loca)o(ti)o
+(requesting)e(a)h(clien)n(t)h(certi\034cate.)208 4911
+y(New)27 b(in)h(v)n(ersion)e(0.10.)0 5058 y Fl(load_verify_loca)o(ti)o
(ons)o(\()p Fc(p)l(em\034le,)e(c)l(ap)l(ath)6 b Fl(\))208
-3557 y Fq(Sp)r(ecify)24 b(where)f(CA)g(certi\034cates)g(for)g(v)n
+5157 y Fq(Sp)r(ecify)24 b(where)f(CA)g(certi\034cates)g(for)g(v)n
(eri\034cation)f(purp)r(oses)h(are)f(lo)r(cated.)35 b(These)23
-b(are)g(trusted)g(certi\034cates.)35 b(Note)208 3657
+b(are)g(trusted)g(certi\034cates.)35 b(Note)208 5257
y(that)c(the)g(certi\034cates)f(ha)n(v)n(e)f(to)i(b)r(e)g(in)g(PEM)h
(format.)46 b(If)31 b(capath)f(is)h(passed,)f(it)i(m)n(ust)e(b)r(e)i(a)
-e(directory)f(prepared)208 3756 y(using)i(the)h Fl(c_rehash)c
+e(directory)f(prepared)208 5356 y(using)i(the)h Fl(c_rehash)c
Fq(to)r(ol)j(included)h(with)g(Op)r(enSSL.)g(Either,)h(but)f(not)g(b)r
(oth,)h(of)38 b Fc(p)l(em\034le)g Fq(or)31 b Fc(c)l(ap)l(ath)39
-b Fq(ma)n(y)31 b(b)r(e)208 3856 y Fl(None)p Fq(.)0 4003
+b Fq(ma)n(y)31 b(b)r(e)p 0 5549 3901 4 v 0 5649 a Ff(3.3)82
+b Fl(SSL)26 b Ff(\026)i(An)g(interface)g(to)f(the)g(SSL-sp)r(eci\034c)h
+(pa)n(rts)f(of)h(Op)r(enSSL)1611 b(13)p eop end
+%%Page: 14 14
+TeXDict begin 14 13 bop 208 83 a Fl(None)p Fq(.)0 230
y Fl(set_default_veri)o(fy)o(_pa)o(th)o(s\()o(\))208
-4102 y Fq(Sp)r(ecify)20 b(that)h(the)g(platform)f(pro)n(vided)f(CA)h
+330 y Fq(Sp)r(ecify)20 b(that)h(the)g(platform)f(pro)n(vided)f(CA)h
(certi\034cates)g(are)f(to)h(b)r(e)h(used)f(for)g(v)n(eri\034cation)f
-(purp)r(oses.)33 b(This)21 b(metho)r(d)208 4202 y(ma)n(y)26
-b(not)i(w)n(ork)e(prop)r(erly)h(on)g(OS)g(X.)0 4349 y
-Fl(load_tmp_dh\()p Fc(dh\034le)6 b Fl(\))208 4448 y Fq(Load)26
+(purp)r(oses.)33 b(This)21 b(metho)r(d)208 429 y(ma)n(y)26
+b(not)i(w)n(ork)e(prop)r(erly)h(on)g(OS)g(X.)0 576 y
+Fl(load_tmp_dh\()p Fc(dh\034le)6 b Fl(\))208 676 y Fq(Load)26
b(parameters)g(for)h(Ephemeral)g(Di\036e-Hellman)h(from)g
-Fc(dh\034le)6 b Fq(.)0 4595 y Fl(set_app_data\()p Fc(data)g
-Fl(\))208 4695 y Fq(Asso)r(ciate)25 b Fc(data)33 b Fq(with)27
+Fc(dh\034le)6 b Fq(.)0 823 y Fl(set_app_data\()p Fc(data)g
+Fl(\))208 922 y Fq(Asso)r(ciate)25 b Fc(data)33 b Fq(with)27
b(this)f(Con)n(text)f(ob)5 b(ject.)36 b Fc(data)e Fq(can)25
b(b)r(e)i(retriev)n(ed)d(later)i(using)f(the)i Fl(get_app_data)21
-b Fq(metho)r(d.)0 4842 y Fl(set_cipher_list\()o Fc(ciphers)7
-b Fl(\))208 4941 y Fq(Set)28 b(the)g(list)h(of)f(ciphers)f(to)h(b)r(e)g
+b Fq(metho)r(d.)0 1069 y Fl(set_cipher_list\()o Fc(ciphers)7
+b Fl(\))208 1169 y Fq(Set)28 b(the)g(list)h(of)f(ciphers)f(to)h(b)r(e)g
(used)g(in)g(this)h(con)n(text.)37 b(See)28 b(the)h(Op)r(enSSL)f(man)n
-(ual)f(for)h(more)f(information)g(\(e.g.)208 5041 y(ciphers\(1\)\))0
-5188 y Fl(set_info_callbac)o(k\()o Fc(c)l(al)t(lb)l(ack)9
-b Fl(\))208 5288 y Fq(Set)33 b(the)f(information)g(callbac)n(k)f(to)i
+(ual)f(for)h(more)f(information)g(\(e.g.)208 1268 y(ciphers\(1\)\))0
+1415 y Fl(set_info_callbac)o(k\()o Fc(c)l(al)t(lb)l(ack)9
+b Fl(\))208 1515 y Fq(Set)33 b(the)f(information)g(callbac)n(k)f(to)i
Fc(c)l(al)t(lb)l(ack)9 b Fq(.)54 b(This)32 b(function)h(will)g(b)r(e)g
(called)f(from)g(time)h(to)g(time)g(during)f(SSL)208
-5387 y(handshak)n(es.)49 b Fc(c)l(al)t(lb)l(ack)43 b
+1614 y(handshak)n(es.)49 b Fc(c)l(al)t(lb)l(ack)43 b
Fq(should)32 b(tak)n(e)g(three)g(argumen)n(ts:)45 b(a)32
b(Connection)g(ob)5 b(ject)32 b(and)g(t)n(w)n(o)g(in)n(tegers.)50
-b(The)32 b(\034rst)p 0 5549 3901 4 v 0 5649 a Ff(3.3)82
-b Fl(SSL)26 b Ff(\026)i(An)g(interface)g(to)f(the)g(SSL-sp)r(eci\034c)h
-(pa)n(rts)f(of)h(Op)r(enSSL)1611 b(13)p eop end
-%%Page: 14 14
-TeXDict begin 14 13 bop 208 83 a Fq(in)n(teger)31 b(sp)r(eci\034es)g
-(where)h(in)g(the)g(SSL)g(handshak)n(e)f(the)h(function)h(w)n(as)e
-(called,)h(and)g(the)g(other)g(the)g(return)f(co)r(de)208
-183 y(from)c(a)g(\(p)r(ossibly)g(failed\))h(in)n(ternal)f(function)h
-(call.)0 330 y Fl(set_options\()p Fc(options)7 b Fl(\))208
-429 y Fq(A)n(dd)28 b(SSL)h(options.)38 b(Options)28 b(y)n(ou)f(ha)n(v)n
-(e)g(set)i(b)r(efore)f(are)f(not)h(cleared!)38 b(This)28
+b(The)32 b(\034rst)208 1714 y(in)n(teger)f(sp)r(eci\034es)g(where)h(in)
+g(the)g(SSL)g(handshak)n(e)f(the)h(function)h(w)n(as)e(called,)h(and)g
+(the)g(other)g(the)g(return)f(co)r(de)208 1814 y(from)c(a)g(\(p)r
+(ossibly)g(failed\))h(in)n(ternal)f(function)h(call.)0
+1961 y Fl(set_options\()p Fc(options)7 b Fl(\))208 2060
+y Fq(A)n(dd)28 b(SSL)h(options.)38 b(Options)28 b(y)n(ou)f(ha)n(v)n(e)g
+(set)i(b)r(efore)f(are)f(not)h(cleared!)38 b(This)28
b(metho)r(d)h(should)f(b)r(e)h(used)f(with)h(the)208
-529 y Fl(OP_*)d Fq(constan)n(ts.)0 676 y Fl(set_passwd_cb\()p
+2160 y Fl(OP_*)d Fq(constan)n(ts.)0 2307 y Fl(set_passwd_cb\()p
Fc(c)l(al)t(lb)l(ack)9 b Fb([)p Fc(,)25 b(user)l(data)19
-b Fb(])p Fl(\))208 775 y Fq(Set)42 b(the)g(passphrase)f(callbac)n(k)f
+b Fb(])p Fl(\))208 2406 y Fq(Set)42 b(the)g(passphrase)f(callbac)n(k)f
(to)i Fc(c)l(al)t(lb)l(ack)9 b Fq(.)82 b(This)42 b(function)h(will)f(b)
r(e)g(called)g(when)g(a)g(priv)-5 b(ate)42 b(k)n(ey)f(with)h(a)208
-875 y(passphrase)32 b(is)i(loaded.)56 b Fc(c)l(al)t(lb)l(ack)45
+2506 y(passphrase)32 b(is)i(loaded.)56 b Fc(c)l(al)t(lb)l(ack)45
b Fq(m)n(ust)34 b(accept)g(three)g(p)r(ositional)f(argumen)n(ts.)56
-b(First,)35 b(an)f(in)n(teger)f(giving)h(the)208 975
+b(First,)35 b(an)f(in)n(teger)f(giving)h(the)208 2606
y(maxim)n(um)e(length)i(of)f(the)g(passphrase)f(it)h(ma)n(y)g(return.)
53 b(If)33 b(the)h(returned)e(passphrase)g(is)h(longer)f(than)h(this,)i
-(it)208 1074 y(will)29 b(b)r(e)h(truncated.)43 b(Second,)30
+(it)208 2705 y(will)29 b(b)r(e)h(truncated.)43 b(Second,)30
b(a)f(b)r(o)r(olean)g(v)-5 b(alue)29 b(whic)n(h)h(will)g(b)r(e)g(true)f
(if)h(the)g(user)f(should)g(b)r(e)h(prompted)g(for)f(the)208
-1174 y(passphrase)k(t)n(wice)h(and)h(the)g(callbac)n(k)f(should)g(v)n
+2805 y(passphrase)k(t)n(wice)h(and)h(the)g(callbac)n(k)f(should)g(v)n
(erify)h(that)g(the)g(t)n(w)n(o)f(v)-5 b(alues)35 b(supplied)g(are)f
-(equal.)58 b(Third,)37 b(the)208 1273 y(v)-5 b(alue)27
+(equal.)58 b(Third,)37 b(the)208 2904 y(v)-5 b(alue)27
b(giv)n(en)g(as)g(the)h Fc(user)l(data)35 b Fq(parameter)26
b(to)h Fl(set_passwd_cb)p Fq(.)32 b(If)c(an)g(error)d(o)r(ccurs,)i
Fc(c)l(al)t(lb)l(ack)39 b Fq(should)27 b(return)g(a)208
-1373 y(false)g(v)-5 b(alue)27 b(\(e.g.)37 b(an)27 b(empt)n(y)h
-(string\).)0 1520 y Fl(set_session_id\()p Fc(n)o(ame)6
-b Fl(\))208 1620 y Fq(Set)33 b(the)h(con)n(text)f Fc(name)39
+3004 y(false)g(v)-5 b(alue)27 b(\(e.g.)37 b(an)27 b(empt)n(y)h
+(string\).)0 3151 y Fl(set_session_id\()p Fc(n)o(ame)6
+b Fl(\))208 3251 y Fq(Set)33 b(the)h(con)n(text)f Fc(name)39
b Fq(within)34 b(whic)n(h)f(a)g(session)f(can)h(b)r(e)h(reused)e(for)h
(this)g(Con)n(text)g(ob)5 b(ject.)54 b(This)33 b(is)g(needed)208
-1719 y(when)e(doing)g(session)g(resumption,)h(b)r(ecause)g(there)f(is)h
+3350 y(when)e(doing)g(session)g(resumption,)h(b)r(ecause)g(there)f(is)h
(no)f(w)n(a)n(y)g(for)g(a)g(stored)g(session)f(to)i(kno)n(w)f(whic)n(h)
-g(Con)n(text)208 1819 y(ob)5 b(ject)27 b(it)h(is)f(asso)r(ciated)g
+g(Con)n(text)208 3450 y(ob)5 b(ject)27 b(it)h(is)f(asso)r(ciated)g
(with.)37 b Fc(name)d Fq(ma)n(y)27 b(b)r(e)h(an)n(y)e(binary)h(data.)0
-1966 y Fl(set_timeout\()p Fc(time)l(out)8 b Fl(\))208
-2065 y Fq(Set)29 b(the)g(timeout)h(for)e(newly)h(created)f(sessions)g
+3597 y Fl(set_timeout\()p Fc(time)l(out)8 b Fl(\))208
+3696 y Fq(Set)29 b(the)g(timeout)h(for)e(newly)h(created)f(sessions)g
(for)h(this)g(Con)n(text)g(ob)5 b(ject)28 b(to)h Fc(time)l(out)8
b Fq(.)41 b Fc(time)l(out)36 b Fq(m)n(ust)29 b(b)r(e)h(giv)n(en)208
-2165 y(in)f(\(whole\))f(seconds.)40 b(The)29 b(default)g(v)-5
+3796 y(in)f(\(whole\))f(seconds.)40 b(The)29 b(default)g(v)-5
b(alue)28 b(is)h(300)e(seconds.)40 b(See)29 b(the)g(Op)r(enSSL)g(man)n
-(ual)f(for)g(more)g(information)208 2265 y(\(e.g.)36
-b(SSL_CTX_set_timeout\(3\)\).)0 2411 y Fl(set_verify\()p
-Fc(mo)l(de,)26 b(c)l(al)t(lb)l(ack)9 b Fl(\))208 2511
+(ual)f(for)g(more)g(information)208 3896 y(\(e.g.)36
+b(SSL_CTX_set_timeout\(3\)\).)0 4042 y Fl(set_verify\()p
+Fc(mo)l(de,)26 b(c)l(al)t(lb)l(ack)9 b Fl(\))208 4142
y Fq(Set)36 b(the)h(v)n(eri\034cation)e(\035ags)g(for)h(this)h(Con)n
(text)f(ob)5 b(ject)36 b(to)g Fc(mo)l(de)44 b Fq(and)36
b(sp)r(ecify)g(that)h Fc(c)l(al)t(lb)l(ack)47 b Fq(should)36
-b(b)r(e)h(used)208 2611 y(for)30 b(v)n(eri\034cation)g(callbac)n(ks.)45
+b(b)r(e)h(used)208 4242 y(for)30 b(v)n(eri\034cation)g(callbac)n(ks.)45
b Fc(mo)l(de)38 b Fq(should)31 b(b)r(e)h(one)e(of)38
b Fl(VERIFY_NONE)26 b Fq(and)31 b Fl(VERIFY_PEER)p Fq(.)c(If)38
-b Fl(VERIFY_PEER)26 b Fq(is)208 2710 y(used,)j Fc(mo)l(de)36
+b Fl(VERIFY_PEER)26 b Fq(is)208 4341 y(used,)j Fc(mo)l(de)36
b Fq(can)29 b(b)r(e)g(OR:ed)g(with)g Fl(VERIFY_FAIL_IF_NO)o(_P)o(EE)o
(R_C)o(ER)o(T)23 b Fq(and)29 b Fl(VERIFY_CLIENT_O)o(NCE)22
-b Fq(to)29 b(further)208 2810 y(con)n(trol)23 b(the)j(b)r(eha)n(viour.)
+b Fq(to)29 b(further)208 4441 y(con)n(trol)23 b(the)j(b)r(eha)n(viour.)
34 b Fc(c)l(al)t(lb)l(ack)i Fq(should)25 b(tak)n(e)f(\034v)n(e)h
(argumen)n(ts:)34 b(A)25 b(Connection)g(ob)5 b(ject,)25
-b(an)g(X509)f(ob)5 b(ject,)25 b(and)208 2910 y(three)e(in)n(teger)g(v)
+b(an)g(X509)f(ob)5 b(ject,)25 b(and)208 4541 y(three)e(in)n(teger)g(v)
-5 b(ariables,)23 b(whic)n(h)h(are)f(in)h(turn)g(p)r(oten)n(tial)g
(error)d(n)n(um)n(b)r(er,)k(error)c(depth)k(and)f(return)f(co)r(de.)35
-b Fc(c)l(al)t(lb)l(ack)208 3009 y Fq(should)27 b(return)g(true)g(if)h
+b Fc(c)l(al)t(lb)l(ack)208 4640 y Fq(should)27 b(return)g(true)g(if)h
(v)n(eri\034cation)f(passes)f(and)h(false)h(otherwise.)0
-3156 y Fl(set_verify_depth)o(\()p Fc(depth)6 b Fl(\))208
-3256 y Fq(Set)36 b(the)g(maxim)n(um)f(depth)h(for)g(the)g
+4787 y Fl(set_verify_depth)o(\()p Fc(depth)6 b Fl(\))208
+4887 y Fq(Set)36 b(the)g(maxim)n(um)f(depth)h(for)g(the)g
(certi\034cate)f(c)n(hain)g(v)n(eri\034cation)f(that)i(shall)f(b)r(e)h
-(allo)n(w)n(ed)e(for)i(this)f(Con)n(text)208 3355 y(ob)5
-b(ject.)0 3502 y Fl(use_certificate\()o Fc(c)l(ert)j
-Fl(\))208 3602 y Fq(Use)27 b(the)h(certi\034cate)f Fc(c)l(ert)35
+(allo)n(w)n(ed)e(for)i(this)f(Con)n(text)208 4986 y(ob)5
+b(ject.)0 5133 y Fl(use_certificate\()o Fc(c)l(ert)j
+Fl(\))208 5233 y Fq(Use)27 b(the)h(certi\034cate)f Fc(c)l(ert)35
b Fq(whic)n(h)28 b(has)f(to)g(b)r(e)h(a)f(X509)g(ob)5
-b(ject.)0 3749 y Fl(add_extra_chain_)o(ce)o(rt\()o Fc(c)l(ert)j
-Fl(\))208 3848 y Fq(A)n(dds)32 b(the)h(certi\034cate)f
+b(ject.)0 5380 y Fl(add_extra_chain_)o(ce)o(rt\()o Fc(c)l(ert)j
+Fl(\))p 0 5549 3901 4 v 0 5649 a Ff(14)2197 b(3)83 b
+Fl(OpenSSL)24 b Ff(\026)k(Python)f(interface)h(to)f(Op)r(enSSL)p
+eop end
+%%Page: 15 15
+TeXDict begin 15 14 bop 208 83 a Fq(A)n(dds)32 b(the)h(certi\034cate)f
Fc(c)l(ert)8 b Fq(,)34 b(whic)n(h)f(has)f(to)g(b)r(e)i(a)e(X509)f(ob)5
b(ject,)34 b(to)f(the)g(certi\034cate)f(c)n(hain)g(presen)n(ted)g
-(together)208 3948 y(with)c(the)g(certi\034cate.)0 4095
+(together)208 183 y(with)c(the)g(certi\034cate.)0 330
y Fl(use_certificate_)o(ch)o(ain)o(_f)o(il)o(e\()p Fc(\034)o(le)6
-b Fl(\))208 4194 y Fq(Load)26 b(a)h(certi\034cate)g(c)n(hain)g(from)h
+b Fl(\))208 429 y Fq(Load)26 b(a)h(certi\034cate)g(c)n(hain)g(from)h
Fc(\034le)34 b Fq(whic)n(h)27 b(m)n(ust)h(b)r(e)g(PEM)g(enco)r(ded.)0
-4341 y Fl(use_privatekey\()p Fc(pkey)7 b Fl(\))208 4441
+576 y Fl(use_privatekey\()p Fc(pkey)7 b Fl(\))208 676
y Fq(Use)27 b(the)h(priv)-5 b(ate)27 b(k)n(ey)h Fc(pkey)36
b Fq(whic)n(h)28 b(has)f(to)g(b)r(e)h(a)f(PKey)h(ob)5
-b(ject.)0 4602 y Fl(use_certificate_)o(fi)o(le\()o Fc(\034le)h
-Fb([)p Fc(,)24 b(format)d Fb(])p Fl(\))208 4702 y Fq(Load)i(the)h
+b(ject.)0 837 y Fl(use_certificate_)o(fi)o(le\()o Fc(\034le)h
+Fb([)p Fc(,)24 b(format)d Fb(])p Fl(\))208 937 y Fq(Load)i(the)h
(\034rst)g(certi\034cate)f(found)h(in)h Fc(\034le)6 b
Fq(.)36 b(The)24 b(certi\034cate)f(m)n(ust)h(b)r(e)h(in)f(the)g(format)
g(sp)r(eci\034ed)g(b)n(y)h Fc(format)8 b Fq(,)25 b(whic)n(h)208
-4801 y(is)i(either)g Fl(FILETYPE_PEM)c Fq(or)k Fl(FILETYPE_ASN1)p
+1036 y(is)i(either)g Fl(FILETYPE_PEM)c Fq(or)k Fl(FILETYPE_ASN1)p
Fq(.)k(The)d(default)g(is)f Fl(FILETYPE_PEM)p Fq(.)0
-4948 y Fl(use_privatekey_f)o(il)o(e\()p Fc(\034)o(le)6
-b Fb([)p Fc(,)25 b(format)20 b Fb(])p Fl(\))208 5048
+1183 y Fl(use_privatekey_f)o(il)o(e\()p Fc(\034)o(le)6
+b Fb([)p Fc(,)25 b(format)20 b Fb(])p Fl(\))208 1283
y Fq(Load)31 b(the)h(\034rst)g(priv)-5 b(ate)31 b(k)n(ey)g(found)i(in)f
Fc(\034le)6 b Fq(.)50 b(The)32 b(priv)-5 b(ate)32 b(k)n(ey)f(m)n(ust)h
(b)r(e)g(in)h(the)f(format)f(sp)r(eci\034ed)i(b)n(y)f
-Fc(format)8 b Fq(,)208 5148 y(whic)n(h)27 b(is)g(either)h
+Fc(format)8 b Fq(,)208 1382 y(whic)n(h)27 b(is)g(either)h
Fl(FILETYPE_PEM)22 b Fq(or)27 b Fl(FILETYPE_ASN1)p Fq(.)32
-b(The)27 b(default)h(is)g Fl(FILETYPE_PEM)p Fq(.)p 0
-5549 3901 4 v 0 5649 a Ff(14)2197 b(3)83 b Fl(OpenSSL)24
-b Ff(\026)k(Python)f(interface)h(to)f(Op)r(enSSL)p eop
-end
-%%Page: 15 15
-TeXDict begin 15 14 bop 0 83 a Ff(Connection)26 b(objects)0
-283 y Fq(Connection)h(ob)5 b(jects)27 b(ha)n(v)n(e)f(the)i(follo)n
-(wing)f(metho)r(ds:)0 430 y Fl(accept\(\))208 530 y Fq(Call)33
-b(the)g Fl(accept)e Fq(metho)r(d)j(of)f(the)h(underlying)f(so)r(c)n(k)n
-(et)f(and)h(set)h(up)g(SSL)f(on)g(the)h(returned)f(so)r(c)n(k)n(et,)h
-(using)f(the)208 630 y(Con)n(text)22 b(ob)5 b(ject)22
-b(supplied)h(to)f(this)h(Connection)f(ob)5 b(ject)22
-b(at)h(creation.)34 b(Returns)22 b(a)g(pair)g Fl(\()p
-Fc(c)l(onn)6 b Fl(,)43 b Fc(addr)l(ess)7 b Fl(\))p Fq(.)36
-b(where)208 729 y Fc(c)l(onn)d Fq(is)28 b(the)g(new)f(Connection)g(ob)5
-b(ject)28 b(created,)e(and)i Fc(addr)l(ess)35 b Fq(is)28
-b(as)f(returned)g(b)n(y)g(the)h(so)r(c)n(k)n(et's)e Fl(accept)p
-Fq(.)0 876 y Fl(bind\()p Fc(addr)l(ess)7 b Fl(\))208
-976 y Fq(Call)27 b(the)h Fl(bind)e Fq(metho)r(d)i(of)f(the)h
-(underlying)f(so)r(c)n(k)n(et.)0 1123 y Fl(close\(\))208
-1222 y Fq(Call)i(the)h Fl(close)e Fq(metho)r(d)i(of)g(the)g(underlying)
+b(The)27 b(default)h(is)g Fl(FILETYPE_PEM)p Fq(.)0 1645
+y Ff(Connection)e(objects)0 1846 y Fq(Connection)h(ob)5
+b(jects)27 b(ha)n(v)n(e)f(the)i(follo)n(wing)f(metho)r(ds:)0
+1993 y Fl(accept\(\))208 2092 y Fq(Call)33 b(the)g Fl(accept)e
+Fq(metho)r(d)j(of)f(the)h(underlying)f(so)r(c)n(k)n(et)f(and)h(set)h
+(up)g(SSL)f(on)g(the)h(returned)f(so)r(c)n(k)n(et,)h(using)f(the)208
+2192 y(Con)n(text)22 b(ob)5 b(ject)22 b(supplied)h(to)f(this)h
+(Connection)f(ob)5 b(ject)22 b(at)h(creation.)34 b(Returns)22
+b(a)g(pair)g Fl(\()p Fc(c)l(onn)6 b Fl(,)43 b Fc(addr)l(ess)7
+b Fl(\))p Fq(.)36 b(where)208 2292 y Fc(c)l(onn)d Fq(is)28
+b(the)g(new)f(Connection)g(ob)5 b(ject)28 b(created,)e(and)i
+Fc(addr)l(ess)35 b Fq(is)28 b(as)f(returned)g(b)n(y)g(the)h(so)r(c)n(k)
+n(et's)e Fl(accept)p Fq(.)0 2438 y Fl(bind\()p Fc(addr)l(ess)7
+b Fl(\))208 2538 y Fq(Call)27 b(the)h Fl(bind)e Fq(metho)r(d)i(of)f
+(the)h(underlying)f(so)r(c)n(k)n(et.)0 2685 y Fl(close\(\))208
+2784 y Fq(Call)i(the)h Fl(close)e Fq(metho)r(d)i(of)g(the)g(underlying)
f(so)r(c)n(k)n(et.)43 b(Note:)e(If)31 b(y)n(ou)e(w)n(an)n(t)g(correct)f
-(SSL)i(closure,)f(y)n(ou)g(need)h(to)208 1322 y(call)d(the)h
-Fl(shutdown)c Fq(metho)r(d)k(\034rst.)0 1469 y Fl(connect\()p
-Fc(addr)l(ess)7 b Fl(\))208 1568 y Fq(Call)31 b(the)h
+(SSL)i(closure,)f(y)n(ou)g(need)h(to)208 2884 y(call)d(the)h
+Fl(shutdown)c Fq(metho)r(d)k(\034rst.)0 3031 y Fl(connect\()p
+Fc(addr)l(ess)7 b Fl(\))208 3131 y Fq(Call)31 b(the)h
Fl(connect)e Fq(metho)r(d)i(of)g(the)g(underlying)g(so)r(c)n(k)n(et)e
(and)i(set)g(up)g(SSL)h(on)e(the)i(so)r(c)n(k)n(et,)f(using)f(the)h
-(Con)n(text)208 1668 y(ob)5 b(ject)27 b(supplied)h(to)f(this)h
-(Connection)f(ob)5 b(ject)27 b(at)h(creation.)0 1815
-y Fl(connect_ex\()p Fc(addr)l(ess)7 b Fl(\))208 1914
+(Con)n(text)208 3230 y(ob)5 b(ject)27 b(supplied)h(to)f(this)h
+(Connection)f(ob)5 b(ject)27 b(at)h(creation.)0 3377
+y Fl(connect_ex\()p Fc(addr)l(ess)7 b Fl(\))208 3477
y Fq(Call)24 b(the)g Fl(connect_ex)c Fq(metho)r(d)25
b(of)f(the)h(underlying)f(so)r(c)n(k)n(et)f(and)h(set)g(up)h(SSL)f(on)g
(the)h(so)r(c)n(k)n(et,)f(using)g(the)g(Con)n(text)208
-2014 y(ob)5 b(ject)35 b(supplied)g(to)h(this)f(Connection)g(ob)5
+3576 y(ob)5 b(ject)35 b(supplied)g(to)h(this)f(Connection)g(ob)5
b(ject)36 b(at)f(creation.)59 b(Note)36 b(that)f(if)h(the)g
-Fl(connect_ex)31 b Fq(metho)r(d)36 b(of)g(the)208 2114
+Fl(connect_ex)31 b Fq(metho)r(d)36 b(of)g(the)208 3676
y(so)r(c)n(k)n(et)26 b(do)r(esn't)i(return)f(0,)g(SSL)h(w)n(on't)f(b)r
-(e)h(initialized.)0 2261 y Fl(do_handshake\(\))208 2360
+(e)h(initialized.)0 3823 y Fl(do_handshake\(\))208 3922
y Fq(P)n(erform)49 b(an)h(SSL)g(handshak)n(e)f(\(usually)h(called)g
(after)f Fl(renegotiate)d Fq(or)j(one)h(of)57 b Fl(set_accept_stat)o(e)
-44 b Fq(or)208 2460 y Fl(set_accept_stat)o(e)p Fq(\).)31
+44 b Fq(or)208 4022 y Fl(set_accept_stat)o(e)p Fq(\).)31
b(This)d(can)f(raise)f(the)i(same)f(exceptions)g(as)g
-Fl(send)f Fq(and)h Fl(recv)p Fq(.)0 2607 y Fl(fileno\(\))208
-2706 y Fq(Retriev)n(e)f(the)i(\034le)g(descriptor)e(n)n(um)n(b)r(er)i
-(for)f(the)h(underlying)e(so)r(c)n(k)n(et.)0 2853 y Fl(listen\()p
-Fc(b)l(acklo)l(g)7 b Fl(\))208 2953 y Fq(Call)27 b(the)h
+Fl(send)f Fq(and)h Fl(recv)p Fq(.)0 4169 y Fl(fileno\(\))208
+4269 y Fq(Retriev)n(e)f(the)i(\034le)g(descriptor)e(n)n(um)n(b)r(er)i
+(for)f(the)h(underlying)e(so)r(c)n(k)n(et.)0 4415 y Fl(listen\()p
+Fc(b)l(acklo)l(g)7 b Fl(\))208 4515 y Fq(Call)27 b(the)h
Fl(listen)d Fq(metho)r(d)j(of)f(the)h(underlying)f(so)r(c)n(k)n(et.)0
-3100 y Fl(get_app_data\(\))208 3199 y Fq(Retriev)n(e)f(application)h
-(data)g(as)g(set)h(b)n(y)g Fl(set_app_data)p Fq(.)0 3346
-y Fl(get_cipher_list\()o(\))208 3446 y Fq(Retriev)n(e)23
+4662 y Fl(get_app_data\(\))208 4762 y Fq(Retriev)n(e)f(application)h
+(data)g(as)g(set)h(b)n(y)g Fl(set_app_data)p Fq(.)0 4908
+y Fl(get_cipher_list\()o(\))208 5008 y Fq(Retriev)n(e)23
b(the)h(list)g(of)g(ciphers)g(used)g(b)n(y)f(the)i(Connection)e(ob)5
b(ject.)36 b(W)-9 b(ARNING:)25 b(This)f(API)h(has)e(c)n(hanged.)35
-b(It)24 b(used)208 3545 y(to)j(tak)n(e)g(an)g(optional)g(parameter)f
+b(It)24 b(used)208 5108 y(to)j(tak)n(e)g(an)g(optional)g(parameter)f
(and)h(just)h(return)g(a)f(string,)g(but)h(not)f(it)h(returns)f(the)h
-(en)n(tire)f(list)h(in)g(one)f(go.)0 3692 y Fl(get_client_ca_li)o(st)o
-(\(\))208 3792 y Fq(Retriev)n(e)e(the)i(list)g(of)f(preferred)g(clien)n
+(en)n(tire)f(list)h(in)g(one)f(go.)0 5255 y Fl(get_client_ca_li)o(st)o
+(\(\))208 5354 y Fq(Retriev)n(e)e(the)i(list)g(of)f(preferred)g(clien)n
(t)g(certi\034cate)g(issuers)g(sen)n(t)g(b)n(y)g(the)h(serv)n(er)e(as)h
-Fl(OpenSSL.crypto.)o(X50)o(9N)o(am)o(e)208 3892 y Fq(ob)5
-b(jects.)208 4024 y(If)25 b(this)g(is)f(a)h(clien)n(t)f
-Fl(Connection)p Fq(,)e(the)j(list)g(will)g(b)r(e)g(empt)n(y)f(un)n(til)
-h(the)h(connection)e(with)h(the)g(serv)n(er)e(is)h(established.)208
-4157 y(If)33 b(this)g(is)g(a)f(serv)n(er)g Fl(Connection)p
+Fl(OpenSSL.crypto.)o(X50)o(9N)o(am)o(e)p 0 5549 3901
+4 v 0 5649 a Ff(3.3)82 b Fl(SSL)26 b Ff(\026)i(An)g(interface)g(to)f
+(the)g(SSL-sp)r(eci\034c)h(pa)n(rts)f(of)h(Op)r(enSSL)1611
+b(15)p eop end
+%%Page: 16 16
+TeXDict begin 16 15 bop 208 83 a Fq(ob)5 b(jects.)208
+216 y(If)25 b(this)g(is)f(a)h(clien)n(t)f Fl(Connection)p
+Fq(,)e(the)j(list)g(will)g(b)r(e)g(empt)n(y)f(un)n(til)h(the)h
+(connection)e(with)h(the)g(serv)n(er)e(is)h(established.)208
+349 y(If)33 b(this)g(is)g(a)f(serv)n(er)g Fl(Connection)p
Fq(,)e(return)i(the)h(list)h(of)e(certi\034cate)h(authorities)f(that)h
-(will)g(b)r(e)h(sen)n(t)e(or)g(has)h(b)r(een)208 4257
+(will)g(b)r(e)h(sen)n(t)e(or)g(has)h(b)r(een)208 448
y(sen)n(t)27 b(to)g(the)h(clien)n(t,)g(as)f(con)n(trolled)f(b)n(y)h
(this)h Fl(Connection)p Fq('s)c Fl(Context)p Fq(.)208
-4390 y(New)j(in)h(v)n(ersion)e(0.10.)0 4537 y Fl(get_context\(\))208
-4636 y Fq(Retriev)n(e)g(the)i(Con)n(text)f(ob)5 b(ject)28
-b(asso)r(ciated)e(with)i(this)g(Connection.)0 4783 y
-Fl(get_peer_certifi)o(ca)o(te\()o(\))208 4883 y Fq(Retriev)n(e)e(the)i
-(other)f(side's)g(certi\034cate)g(\(if)i(an)n(y\))0 5030
-y Fl(getpeername\(\))208 5129 y Fq(Call)e(the)h Fl(getpeername)23
+581 y(New)j(in)h(v)n(ersion)e(0.10.)0 728 y Fl(get_context\(\))208
+828 y Fq(Retriev)n(e)g(the)i(Con)n(text)f(ob)5 b(ject)28
+b(asso)r(ciated)e(with)i(this)g(Connection.)0 975 y Fl
+(get_peer_certifi)o(ca)o(te\()o(\))208 1074 y Fq(Retriev)n(e)e(the)i
+(other)f(side's)g(certi\034cate)g(\(if)i(an)n(y\))0 1221
+y Fl(getpeername\(\))208 1321 y Fq(Call)e(the)h Fl(getpeername)23
b Fq(metho)r(d)28 b(of)f(the)h(underlying)f(so)r(c)n(k)n(et.)0
-5276 y Fl(getsockname\(\))208 5376 y Fq(Call)g(the)h
+1468 y Fl(getsockname\(\))208 1567 y Fq(Call)g(the)h
Fl(getsockname)23 b Fq(metho)r(d)28 b(of)f(the)h(underlying)f(so)r(c)n
-(k)n(et.)p 0 5549 3901 4 v 0 5649 a Ff(3.3)82 b Fl(SSL)26
-b Ff(\026)i(An)g(interface)g(to)f(the)g(SSL-sp)r(eci\034c)h(pa)n(rts)f
-(of)h(Op)r(enSSL)1611 b(15)p eop end
-%%Page: 16 16
-TeXDict begin 16 15 bop 0 90 a Fl(getsockopt\()p Fc(level,)26
-b(optname)6 b Fb([)p Fc(,)31 b(bu\035en)18 b Fb(])p Fl(\))208
-189 y Fq(Call)27 b(the)h Fl(getsockopt)23 b Fq(metho)r(d)28
-b(of)g(the)g(underlying)f(so)r(c)n(k)n(et.)0 336 y Fl(pending\(\))208
-436 y Fq(Retriev)n(e)22 b(the)h(n)n(um)n(b)r(er)g(of)g(b)n(ytes)g(that)
-h(can)e(b)r(e)i(safely)f(read)f(from)h(the)g(SSL)h(bu\033er)f(\()p
-Fc(not)g Fq(the)h(underlying)e(transp)r(ort)208 535 y(bu\033er\).)0
-682 y Fl(recv\()p Fc(bufsize)6 b Fl(\))208 782 y Fq(Receiv)n(e)30
-b(data)h(from)g(the)h(Connection.)47 b(The)31 b(return)g(v)-5
-b(alue)31 b(is)h(a)e(string)h(represen)n(ting)f(the)h(data)g(receiv)n
-(ed.)47 b(The)208 881 y(maxim)n(um)27 b(amoun)n(t)g(of)g(data)h(to)f(b)
-r(e)h(receiv)n(ed)e(at)i(once,)f(is)g(sp)r(eci\034ed)h(b)n(y)h
-Fc(bufsize)6 b Fq(.)0 1028 y Fl(bio_write\()p Fc(bytes)h
-Fl(\))208 1128 y Fq(If)27 b(the)h(Connection)f(w)n(as)f(created)h(with)
-g(a)g(memory)g(BIO,)g(this)g(metho)r(d)h(can)f(b)r(e)h(used)f(to)g(add)
-g(b)n(ytes)g(to)g(the)h(read)208 1228 y(end)g(of)g(that)g(memory)f
-(BIO.)g(The)h(Connection)g(can)f(then)i(read)e(the)h(b)n(ytes)g(\(for)f
-(example,)h(in)g(resp)r(onse)f(to)h(a)f(call)208 1327
-y(to)g Fl(recv)p Fq(\).)0 1474 y Fl(renegotiate\(\))208
-1574 y Fq(Renegotiate)f(the)i(SSL)g(session.)36 b(Call)27
-b(this)h(if)g(y)n(ou)f(wish)g(to)h(c)n(hange)e(cipher)h(suites)h(or)e
-(an)n(ything)h(lik)n(e)g(that.)0 1721 y Fl(send\()p Fc(string)7
-b Fl(\))208 1820 y Fq(Send)27 b(the)h Fc(string)35 b
-Fq(data)27 b(to)h(the)g(Connection.)0 1967 y Fl(bio_read\()p
-Fc(bufsize)6 b Fl(\))208 2067 y Fq(If)31 b(the)g(Connection)g(w)n(as)f
-(created)g(with)i(a)e(memory)g(BIO,)h(this)g(metho)r(d)g(can)g(b)r(e)h
-(used)e(to)h(read)f(b)n(ytes)h(from)g(the)208 2166 y(write)d(end)g(of)g
-(that)h(memory)e(BIO.)h(Man)n(y)f(Connection)h(metho)r(ds)h(will)f(add)
-g(b)n(ytes)g(whic)n(h)g(m)n(ust)g(b)r(e)h(read)e(in)i(this)208
-2266 y(manner)c(or)h(the)g(bu\033er)h(will)f(ev)n(en)n(tually)f(\034ll)
-i(up)g(and)f(the)g(Connection)g(will)g(b)r(e)h(able)f(to)g(tak)n(e)g
-(no)g(further)g(actions.)0 2413 y Fl(sendall\()p Fc(string)7
-b Fl(\))208 2512 y Fq(Send)30 b(all)f(of)h(the)g Fc(string)37
-b Fq(data)29 b(to)g(the)h(Connection.)43 b(This)30 b(calls)f
-Fl(send)f Fq(rep)r(eatedly)h(un)n(til)h(all)f(data)h(is)f(sen)n(t.)43
-b(If)30 b(an)208 2612 y(error)25 b(o)r(ccurs,)i(it's)h(imp)r(ossible)f
+(k)n(et.)0 1731 y Fl(getsockopt\()p Fc(level,)f(optname)6
+b Fb([)p Fc(,)31 b(bu\035en)18 b Fb(])p Fl(\))208 1830
+y Fq(Call)27 b(the)h Fl(getsockopt)23 b Fq(metho)r(d)28
+b(of)g(the)g(underlying)f(so)r(c)n(k)n(et.)0 1977 y Fl(pending\(\))208
+2077 y Fq(Retriev)n(e)22 b(the)h(n)n(um)n(b)r(er)g(of)g(b)n(ytes)g
+(that)h(can)e(b)r(e)i(safely)f(read)f(from)h(the)g(SSL)h(bu\033er)f(\()
+p Fc(not)g Fq(the)h(underlying)e(transp)r(ort)208 2176
+y(bu\033er\).)0 2323 y Fl(recv\()p Fc(bufsize)6 b Fl(\))208
+2423 y Fq(Receiv)n(e)30 b(data)h(from)g(the)h(Connection.)47
+b(The)31 b(return)g(v)-5 b(alue)31 b(is)h(a)e(string)h(represen)n(ting)
+f(the)h(data)g(receiv)n(ed.)47 b(The)208 2523 y(maxim)n(um)27
+b(amoun)n(t)g(of)g(data)h(to)f(b)r(e)h(receiv)n(ed)e(at)i(once,)f(is)g
+(sp)r(eci\034ed)h(b)n(y)h Fc(bufsize)6 b Fq(.)0 2669
+y Fl(bio_write\()p Fc(bytes)h Fl(\))208 2769 y Fq(If)27
+b(the)h(Connection)f(w)n(as)f(created)h(with)g(a)g(memory)g(BIO,)g
+(this)g(metho)r(d)h(can)f(b)r(e)h(used)f(to)g(add)g(b)n(ytes)g(to)g
+(the)h(read)208 2869 y(end)g(of)g(that)g(memory)f(BIO.)g(The)h
+(Connection)g(can)f(then)i(read)e(the)h(b)n(ytes)g(\(for)f(example,)h
+(in)g(resp)r(onse)f(to)h(a)f(call)208 2968 y(to)g Fl(recv)p
+Fq(\).)0 3115 y Fl(renegotiate\(\))208 3215 y Fq(Renegotiate)f(the)i
+(SSL)g(session.)36 b(Call)27 b(this)h(if)g(y)n(ou)f(wish)g(to)h(c)n
+(hange)e(cipher)h(suites)h(or)e(an)n(ything)h(lik)n(e)g(that.)0
+3362 y Fl(send\()p Fc(string)7 b Fl(\))208 3461 y Fq(Send)27
+b(the)h Fc(string)35 b Fq(data)27 b(to)h(the)g(Connection.)0
+3608 y Fl(bio_read\()p Fc(bufsize)6 b Fl(\))208 3708
+y Fq(If)31 b(the)g(Connection)g(w)n(as)f(created)g(with)i(a)e(memory)g
+(BIO,)h(this)g(metho)r(d)g(can)g(b)r(e)h(used)e(to)h(read)f(b)n(ytes)h
+(from)g(the)208 3807 y(write)d(end)g(of)g(that)h(memory)e(BIO.)h(Man)n
+(y)f(Connection)h(metho)r(ds)h(will)f(add)g(b)n(ytes)g(whic)n(h)g(m)n
+(ust)g(b)r(e)h(read)e(in)i(this)208 3907 y(manner)c(or)h(the)g
+(bu\033er)h(will)f(ev)n(en)n(tually)f(\034ll)i(up)g(and)f(the)g
+(Connection)g(will)g(b)r(e)h(able)f(to)g(tak)n(e)g(no)g(further)g
+(actions.)0 4054 y Fl(sendall\()p Fc(string)7 b Fl(\))208
+4154 y Fq(Send)30 b(all)f(of)h(the)g Fc(string)37 b Fq(data)29
+b(to)g(the)h(Connection.)43 b(This)30 b(calls)f Fl(send)f
+Fq(rep)r(eatedly)h(un)n(til)h(all)f(data)h(is)f(sen)n(t.)43
+b(If)30 b(an)208 4253 y(error)25 b(o)r(ccurs,)i(it's)h(imp)r(ossible)f
(to)g(tell)h(ho)n(w)f(m)n(uc)n(h)h(data)f(has)g(b)r(een)h(sen)n(t.)0
-2759 y Fl(set_accept_state)o(\(\))208 2859 y Fq(Set)20
+4400 y Fl(set_accept_state)o(\(\))208 4500 y Fq(Set)20
b(the)g(connection)f(to)h(w)n(ork)e(in)i(serv)n(er)e(mo)r(de.)34
b(The)20 b(handshak)n(e)f(will)h(b)r(e)g(handled)g(automatically)e(b)n
-(y)i(read/write.)0 3005 y Fl(set_app_data\()p Fc(data)6
-b Fl(\))208 3105 y Fq(Asso)r(ciate)39 b Fc(data)47 b
+(y)i(read/write.)0 4647 y Fl(set_app_data\()p Fc(data)6
+b Fl(\))208 4746 y Fq(Asso)r(ciate)39 b Fc(data)47 b
Fq(with)40 b(this)g(Connection)g(ob)5 b(ject.)73 b Fc(data)47
b Fq(can)39 b(b)r(e)i(retriev)n(ed)d(later)h(using)h(the)g
-Fl(get_app_data)208 3205 y Fq(metho)r(d.)0 3352 y Fl(set_connect_stat)o
-(e\()o(\))208 3451 y Fq(Set)21 b(the)g(connection)g(to)g(w)n(ork)e(in)i
+Fl(get_app_data)208 4846 y Fq(metho)r(d.)0 4993 y Fl(set_connect_stat)o
+(e\()o(\))208 5092 y Fq(Set)21 b(the)g(connection)g(to)g(w)n(ork)e(in)i
(clien)n(t)g(mo)r(de.)35 b(The)21 b(handshak)n(e)f(will)h(b)r(e)g
-(handled)g(automatically)f(b)n(y)h(read/write.)0 3598
-y Fl(setblocking\()p Fc(\035ag)7 b Fl(\))208 3698 y Fq(Call)27
+(handled)g(automatically)f(b)n(y)h(read/write.)0 5239
+y Fl(setblocking\()p Fc(\035ag)7 b Fl(\))208 5339 y Fq(Call)27
b(the)h Fl(setblocking)23 b Fq(metho)r(d)28 b(of)f(the)h(underlying)f
-(so)r(c)n(k)n(et.)0 3845 y Fl(setsockopt\()p Fc(level,)f(optname,)31
-b(value)6 b Fl(\))208 3944 y Fq(Call)27 b(the)h Fl(setsockopt)23
-b Fq(metho)r(d)28 b(of)g(the)g(underlying)f(so)r(c)n(k)n(et.)0
-4091 y Fl(shutdown\(\))208 4191 y Fq(Send)35 b(the)h(sh)n(utdo)n(wn)f
-(message)f(to)h(the)h(Connection.)60 b(Returns)35 b(true)g(if)h(the)g
-(sh)n(utdo)n(wn)e(message)g(exc)n(hange)g(is)208 4290
-y(completed)25 b(and)g(false)h(otherwise)e(\(in)i(whic)n(h)g(case)e(y)n
-(ou)h(call)g Fl(recv\(\))e Fq(or)i Fl(send\(\))e Fq(when)j(the)g
-(connection)f(b)r(ecomes)208 4390 y(readable/writeable.)0
-4537 y Fl(get_shutdown\(\))208 4636 y Fq(Get)70 b(the)g(sh)n(utdo)n(wn)
-f(state)g(of)h(the)g(Connection.)162 b(Returns)69 b(a)h(bitv)n(ector)e
-(of)i(either)f(or)g(b)r(oth)h(of)208 4736 y Fc(SENT_SHUTDO)n(WN)39
-b Fq(and)27 b Fc(RECEIVED_SHUTDO)n(WN)14 b Fq(.)0 4883
-y Fl(set_shutdown\()p Fc(state)6 b Fl(\))208 4983 y Fq(Set)21
-b(the)g(sh)n(utdo)n(wn)g(state)g(of)g(the)g(Connection.)34
-b Fc(state)27 b Fq(is)21 b(a)g(bitv)n(ector)f(of)h(either)g(or)f(b)r
-(oth)i(of)27 b Fc(SENT_SHUTDO)n(WN)208 5082 y Fq(and)g
-Fc(RECEIVED_SHUTDO)n(WN)14 b Fq(.)0 5229 y Fl(sock_shutdown\()p
-Fc(how)9 b Fl(\))208 5329 y Fq(Call)27 b(the)h Fl(shutdown)c
-Fq(metho)r(d)k(of)g(the)g(underlying)e(so)r(c)n(k)n(et.)p
-0 5549 3901 4 v 0 5649 a Ff(16)2197 b(3)83 b Fl(OpenSSL)24
-b Ff(\026)k(Python)f(interface)h(to)f(Op)r(enSSL)p eop
-end
+(so)r(c)n(k)n(et.)p 0 5549 3901 4 v 0 5649 a Ff(16)2197
+b(3)83 b Fl(OpenSSL)24 b Ff(\026)k(Python)f(interface)h(to)f(Op)r
+(enSSL)p eop end
%%Page: 17 17
-TeXDict begin 17 16 bop 0 83 a Fl(bio_shutdown\(\))208
-183 y Fq(If)29 b(the)h(Connection)f(w)n(as)f(created)g(with)i(a)f
-(memory)f(BIO,)h(this)h(metho)r(d)f(can)g(b)r(e)h(used)f(to)g(indicate)
-g(that)h(\020end)f(of)208 282 y(\034le\021)34 b(has)27
-b(b)r(een)h(reac)n(hed)e(on)h(the)h(read)f(end)h(of)f(that)h(memory)f
-(BIO.)0 429 y Fl(state_string\(\))208 529 y Fq(Retriev)n(e)f(a)i(v)n
-(erb)r(ose)e(string)g(detailing)i(the)g(state)f(of)h(the)f(Connection.)
-0 676 y Fl(client_random\(\))208 775 y Fq(Retriev)n(e)f(the)i(random)f
+TeXDict begin 17 16 bop 0 83 a Fl(setsockopt\()p Fc(level,)26
+b(optname,)31 b(value)6 b Fl(\))208 183 y Fq(Call)27
+b(the)h Fl(setsockopt)23 b Fq(metho)r(d)28 b(of)g(the)g(underlying)f
+(so)r(c)n(k)n(et.)0 330 y Fl(shutdown\(\))208 429 y Fq(Send)35
+b(the)h(sh)n(utdo)n(wn)f(message)f(to)h(the)h(Connection.)60
+b(Returns)35 b(true)g(if)h(the)g(sh)n(utdo)n(wn)e(message)g(exc)n
+(hange)g(is)208 529 y(completed)25 b(and)g(false)h(otherwise)e(\(in)i
+(whic)n(h)g(case)e(y)n(ou)h(call)g Fl(recv\(\))e Fq(or)i
+Fl(send\(\))e Fq(when)j(the)g(connection)f(b)r(ecomes)208
+628 y(readable/writeable.)0 775 y Fl(get_shutdown\(\))208
+875 y Fq(Get)70 b(the)g(sh)n(utdo)n(wn)f(state)g(of)h(the)g
+(Connection.)162 b(Returns)69 b(a)h(bitv)n(ector)e(of)i(either)f(or)g
+(b)r(oth)h(of)208 975 y Fc(SENT_SHUTDO)n(WN)39 b Fq(and)27
+b Fc(RECEIVED_SHUTDO)n(WN)14 b Fq(.)0 1121 y Fl(set_shutdown\()p
+Fc(state)6 b Fl(\))208 1221 y Fq(Set)21 b(the)g(sh)n(utdo)n(wn)g(state)
+g(of)g(the)g(Connection.)34 b Fc(state)27 b Fq(is)21
+b(a)g(bitv)n(ector)f(of)h(either)g(or)f(b)r(oth)i(of)27
+b Fc(SENT_SHUTDO)n(WN)208 1321 y Fq(and)g Fc(RECEIVED_SHUTDO)n(WN)14
+b Fq(.)0 1468 y Fl(sock_shutdown\()p Fc(how)9 b Fl(\))208
+1567 y Fq(Call)27 b(the)h Fl(shutdown)c Fq(metho)r(d)k(of)g(the)g
+(underlying)e(so)r(c)n(k)n(et.)0 1714 y Fl(bio_shutdown\(\))208
+1814 y Fq(If)j(the)h(Connection)f(w)n(as)f(created)g(with)i(a)f(memory)
+f(BIO,)h(this)h(metho)r(d)f(can)g(b)r(e)h(used)f(to)g(indicate)g(that)h
+(\020end)f(of)208 1913 y(\034le\021)34 b(has)27 b(b)r(een)h(reac)n(hed)
+e(on)h(the)h(read)f(end)h(of)f(that)h(memory)f(BIO.)0
+2060 y Fl(state_string\(\))208 2160 y Fq(Retriev)n(e)f(a)i(v)n(erb)r
+(ose)e(string)g(detailing)i(the)g(state)f(of)h(the)f(Connection.)0
+2307 y Fl(client_random\(\))208 2406 y Fq(Retriev)n(e)f(the)i(random)f
(v)-5 b(alue)27 b(used)h(with)g(the)g(clien)n(t)f(hello)h(message.)0
-922 y Fl(server_random\(\))208 1022 y Fq(Retriev)n(e)e(the)i(random)f
+2553 y Fl(server_random\(\))208 2653 y Fq(Retriev)n(e)e(the)i(random)f
(v)-5 b(alue)27 b(used)h(with)g(the)g(serv)n(er)e(hello)h(message.)0
-1169 y Fl(master_key\(\))208 1268 y Fq(Retriev)n(e)f(the)i(v)-5
+2800 y Fl(master_key\(\))208 2899 y Fq(Retriev)n(e)f(the)i(v)-5
b(alue)28 b(of)f(the)h(master)f(k)n(ey)g(for)g(this)h(session.)0
-1415 y Fl(want_read\(\))208 1515 y Fq(Chec)n(ks)e(if)i(more)f(data)g
+3046 y Fl(want_read\(\))208 3146 y Fq(Chec)n(ks)e(if)i(more)f(data)g
(has)g(to)h(b)r(e)g(read)e(from)i(the)f(transp)r(ort)g(la)n(y)n(er)f
-(to)h(complete)h(an)f(op)r(eration.)0 1662 y Fl(want_write\(\))208
-1761 y Fq(Chec)n(ks)f(if)i(there)g(is)f(data)g(to)h(write)f(to)g(the)h
+(to)h(complete)h(an)f(op)r(eration.)0 3293 y Fl(want_write\(\))208
+3392 y Fq(Chec)n(ks)f(if)i(there)g(is)f(data)g(to)h(write)f(to)g(the)h
(transp)r(ort)f(la)n(y)n(er)f(to)h(complete)h(an)f(op)r(eration.)0
-2081 y Fr(4)114 b(Internals)0 2310 y Fq(W)-7 b(e)25 b(ran)g(in)n(to)f
+3714 y Fr(4)114 b(Internals)0 3943 y Fq(W)-7 b(e)25 b(ran)g(in)n(to)f
(three)h(main)g(problems)f(dev)n(eloping)g(this:)36 b(Exceptions,)25
b(callbac)n(ks)f(and)h(accessing)e(so)r(c)n(k)n(et)h(metho)r(ds.)36
-b(This)0 2410 y(is)27 b(what)h(this)g(c)n(hapter)e(is)i(ab)r(out.)0
-2687 y Fj(4.1)97 b(Exceptions)0 2887 y Fq(W)-7 b(e)52
+b(This)0 4043 y(is)27 b(what)h(this)g(c)n(hapter)e(is)i(ab)r(out.)0
+4322 y Fj(4.1)97 b(Exceptions)0 4523 y Fq(W)-7 b(e)52
b(realized)f(early)g(that)h(most)g(of)g(the)g(exceptions)f(w)n(ould)h
(b)r(e)g(raised)f(b)n(y)h(the)g(I/O)f(functions)h(of)g(Op)r(enSSL,)0
-2987 y(so)d(it)i(felt)f(natural)f(to)h(mimic)g(Op)r(enSSL's)g(error)e
+4622 y(so)d(it)i(felt)f(natural)f(to)h(mimic)g(Op)r(enSSL's)g(error)e
(co)r(de)i(system,)55 b(translating)48 b(them)j(in)n(to)e(Python)i
-(exceptions.)0 3087 y(This)30 b(naturally)e(giv)n(es)h(us)h(the)g
+(exceptions.)0 4722 y(This)30 b(naturally)e(giv)n(es)h(us)h(the)g
(exceptions)f Fl(SSL.ZeroReturnEr)o(ro)o(r)p Fq(,)24
b Fl(SSL.WantReadError)o Fq(,)h Fl(SSL.WantWriteEr)o(ro)o(r)p
-Fq(,)0 3186 y Fl(SSL.WantX509Look)o(up)o(Err)o(or)c Fq(and)27
-b Fl(SSL.SysCallError)p Fq(.)0 3333 y(F)-7 b(or)27 b(more)g
-(information)g(ab)r(out)g(this,)h(see)f(section)g(3.3.)0
-3611 y Fj(4.2)97 b(Callbacks)0 3811 y Fq(There)34 b(are)f(a)h(n)n(um)n
-(b)r(er)g(of)h(problems)e(with)i(callbac)n(ks.)56 b(First)34
-b(of)g(all,)i(Op)r(enSSL)f(is)f(written)h(as)e(a)h(C)h(library)-7
-b(,)34 b(it's)h(not)0 3911 y(mean)n(t)26 b(to)g(ha)n(v)n(e)e(Python)j
-(callbac)n(ks,)d(so)i(a)f(w)n(a)n(y)g(around)g(that)h(is)g(needed.)36
-b(Another)26 b(problem)f(is)h(thread)g(supp)r(ort.)36
-b(A)26 b(lot)0 4010 y(of)h(the)g(Op)r(enSSL)g(I/O)e(functions)i(can)g
-(blo)r(c)n(k)f(if)h(the)g(so)r(c)n(k)n(et)f(is)g(in)h(blo)r(c)n(king)f
-(mo)r(de,)h(and)g(then)g(y)n(ou)f(w)n(an)n(t)g(other)g(Python)0
-4110 y(threads)i(to)g(b)r(e)h(able)g(to)f(do)h(other)f(things.)40
-b(The)28 b(real)g(trouble)g(is)h(if)g(y)n(ou'v)n(e)e(released)h(the)h
-(global)e(CPython)i(in)n(terpreter)0 4210 y(lo)r(c)n(k)e(to)h(do)f(a)h
-(p)r(oten)n(tially)f(blo)r(c)n(king)g(op)r(eration,)g(and)h(the)g(op)r
-(eration)f(calls)g(a)g(callbac)n(k.)36 b(Then)28 b(w)n(e)g(m)n(ust)g
-(tak)n(e)f(the)h(GIL)0 4309 y(bac)n(k,)f(since)g(calling)g(Python)h
-(APIs)g(without)g(holding)f(it)h(is)g(not)f(allo)n(w)n(ed.)0
-4456 y(There)d(are)f(t)n(w)n(o)g(solutions)h(to)g(the)h(\034rst)f
-(problem,)g(b)r(oth)h(of)f(whic)n(h)g(are)f(necessary)-7
-b(.)34 b(The)25 b(\034rst)f(solution)f(to)h(use)h(is)f(if)g(the)h(C)0
-4556 y(callbac)n(k)i(allo)n(ws)f(\021userdata\021)33
+Fq(,)0 4822 y Fl(SSL.WantX509Look)o(up)o(Err)o(or)c Fq(and)27
+b Fl(SSL.SysCallError)p Fq(.)0 4969 y(F)-7 b(or)27 b(more)g
+(information)g(ab)r(out)g(this,)h(see)f(section)g(3.3.)p
+0 5549 3901 4 v 3817 5649 a Ff(17)p eop end
+%%Page: 18 18
+TeXDict begin 18 17 bop 0 83 a Fj(4.2)97 b(Callbacks)0
+283 y Fq(There)34 b(are)f(a)h(n)n(um)n(b)r(er)g(of)h(problems)e(with)i
+(callbac)n(ks.)56 b(First)34 b(of)g(all,)i(Op)r(enSSL)f(is)f(written)h
+(as)e(a)h(C)h(library)-7 b(,)34 b(it's)h(not)0 383 y(mean)n(t)26
+b(to)g(ha)n(v)n(e)e(Python)j(callbac)n(ks,)d(so)i(a)f(w)n(a)n(y)g
+(around)g(that)h(is)g(needed.)36 b(Another)26 b(problem)f(is)h(thread)g
+(supp)r(ort.)36 b(A)26 b(lot)0 483 y(of)h(the)g(Op)r(enSSL)g(I/O)e
+(functions)i(can)g(blo)r(c)n(k)f(if)h(the)g(so)r(c)n(k)n(et)f(is)g(in)h
+(blo)r(c)n(king)f(mo)r(de,)h(and)g(then)g(y)n(ou)f(w)n(an)n(t)g(other)g
+(Python)0 582 y(threads)i(to)g(b)r(e)h(able)g(to)f(do)h(other)f
+(things.)40 b(The)28 b(real)g(trouble)g(is)h(if)g(y)n(ou'v)n(e)e
+(released)h(the)h(global)e(CPython)i(in)n(terpreter)0
+682 y(lo)r(c)n(k)e(to)h(do)f(a)h(p)r(oten)n(tially)f(blo)r(c)n(king)g
+(op)r(eration,)g(and)h(the)g(op)r(eration)f(calls)g(a)g(callbac)n(k.)36
+b(Then)28 b(w)n(e)g(m)n(ust)g(tak)n(e)f(the)h(GIL)0 782
+y(bac)n(k,)f(since)g(calling)g(Python)h(APIs)g(without)g(holding)f(it)h
+(is)g(not)f(allo)n(w)n(ed.)0 929 y(There)d(are)f(t)n(w)n(o)g(solutions)
+h(to)g(the)h(\034rst)f(problem,)g(b)r(oth)h(of)f(whic)n(h)g(are)f
+(necessary)-7 b(.)34 b(The)25 b(\034rst)f(solution)f(to)h(use)h(is)f
+(if)g(the)h(C)0 1028 y(callbac)n(k)i(allo)n(ws)f(\021userdata\021)33
b(to)28 b(b)r(e)h(passed)e(to)h(it)g(\(an)g(arbitrary)e(p)r(oin)n(ter)i
(normally\).)37 b(This)28 b(is)g(great!)37 b(W)-7 b(e)28
-b(can)g(set)g(our)0 4655 y(Python)i(function)g(ob)5 b(ject)29
+b(can)g(set)g(our)0 1128 y(Python)i(function)g(ob)5 b(ject)29
b(as)f(the)i(real)f(userdata)f(and)h(em)n(ulate)g(userdata)f(for)h(the)
h(Python)f(function)h(in)g(another)e(w)n(a)n(y)-7 b(.)0
-4755 y(The)24 b(other)g(solution)g(can)g(b)r(e)h(used)g(if)g(an)f(ob)5
+1227 y(The)24 b(other)g(solution)g(can)g(b)r(e)h(used)g(if)g(an)f(ob)5
b(ject)24 b(with)h(an)f(\021app_data\021)29 b(system)c(alw)n(a)n(ys)d
(is)j(passed)e(to)h(the)h(callbac)n(k.)35 b(F)-7 b(or)0
-4855 y(example,)26 b(the)h(SSL)f(ob)5 b(ject)26 b(in)h(Op)r(enSSL)f
+1327 y(example,)26 b(the)h(SSL)f(ob)5 b(ject)26 b(in)h(Op)r(enSSL)f
(has)g(app_data)f(functions)i(and)f(in)h(e.g.)36 b(the)26
b(v)n(eri\034cation)f(callbac)n(ks,)g(y)n(ou)g(can)0
-4954 y(retriev)n(e)i(the)i(related)f(SSL)h(ob)5 b(ject.)39
+1427 y(retriev)n(e)i(the)i(related)f(SSL)h(ob)5 b(ject.)39
b(What)29 b(w)n(e)g(do)f(is)g(to)h(set)f(our)g(wrapp)r(er)g
Fl(Connection)c Fq(ob)5 b(ject)28 b(as)g(app_data)g(for)g(the)0
-5054 y(SSL)g(ob)5 b(ject,)27 b(and)h(w)n(e)f(can)g(easily)g(\034nd)h
-(the)g(Python)g(callbac)n(k.)0 5201 y(The)23 b(other)g(problem)g(is)g
+1526 y(SSL)g(ob)5 b(ject,)27 b(and)h(w)n(e)f(can)g(easily)g(\034nd)h
+(the)g(Python)g(callbac)n(k.)0 1673 y(The)23 b(other)g(problem)g(is)g
(solv)n(ed)f(using)h(thread)g(lo)r(cal)g(v)-5 b(ariables.)34
b(Whenev)n(er)22 b(the)i(GIL)g(is)f(released)f(b)r(efore)h(calling)f
-(in)n(to)h(an)0 5300 y(Op)r(enSSL)j(API,)g(the)g(PyThreadState)f(p)r
+(in)n(to)h(an)0 1773 y(Op)r(enSSL)j(API,)g(the)g(PyThreadState)f(p)r
(oin)n(ter)g(returned)g(b)n(y)h Fl(PyEval_SaveState)19
b Fq(is)25 b(stored)g(in)g(a)g(global)g(thread)g(lo)r(cal)0
-5400 y(v)-5 b(ariable)27 b(\(using)g(Python's)h(o)n(wn)f(TLS)h(API,)g
+1872 y(v)-5 b(ariable)27 b(\(using)g(Python's)h(o)n(wn)f(TLS)h(API,)g
Fl(PyThread_set_key_)o(va)o(lue)o Fq(\).)k(When)c(it)g(is)g(necessary)e
-(to)h(re-acquire)f(the)p 0 5549 3901 4 v 3817 5649 a
-Ff(17)p eop end
-%%Page: 18 18
-TeXDict begin 18 17 bop 0 83 a Fq(GIL,)22 b(either)g(after)g(the)h(Op)r
+(to)h(re-acquire)f(the)0 1972 y(GIL,)c(either)g(after)g(the)h(Op)r
(enSSL)f(API)h(returns)e(or)h(in)g(a)g(C)g(callbac)n(k)f(in)n(v)n(ok)n
(ed)f(b)n(y)i(that)h(Op)r(enSSL)f(API,)h(the)g(v)-5 b(alue)22
-b(of)g(the)0 183 y(thread)32 b(lo)r(cal)f(v)-5 b(ariable)32
+b(of)g(the)0 2072 y(thread)32 b(lo)r(cal)f(v)-5 b(ariable)32
b(is)g(retriev)n(ed)f(\()p Fl(PyThread_get_key)o(_va)o(lu)o(e)p
Fq(\))26 b(and)33 b(used)f(to)g(re-acquire)e(the)j(GIL.)f(This)h(allo)n
-(ws)0 282 y(Python)f(threads)e(to)h(execute)h(while)f(Op)r(enSSL)g
+(ws)0 2171 y(Python)f(threads)e(to)h(execute)h(while)f(Op)r(enSSL)g
(APIs)h(are)f(running)f(and)i(allo)n(ws)e(use)h(of)g(an)n(y)f
-(particular)g(p)n(yOp)r(enSSL)0 382 y(ob)5 b(ject)29
+(particular)g(p)n(yOp)r(enSSL)0 2271 y(ob)5 b(ject)29
b(from)f(an)n(y)g(Python)i(thread,)e(since)h(there)g(is)g(no)f(p)r
(er-thread)g(state)h(asso)r(ciated)f(with)h(an)n(y)f(of)h(these)g(ob)5
-b(jects)28 b(and)0 482 y(since)f(Op)r(enSSL)h(is)g(threadsafe)e(\(as)h
+b(jects)28 b(and)0 2371 y(since)f(Op)r(enSSL)h(is)g(threadsafe)e(\(as)h
(long)g(as)g(prop)r(erly)g(initialized,)g(as)g(p)n(yOp)r(enSSL)h
-(initializes)f(it\).)0 761 y Fj(4.3)97 b(A)m(cessing)35
-b(So)s(ck)m(et)e(Metho)s(ds)0 962 y Fq(W)-7 b(e)27 b(quic)n(kly)e(sa)n
+(initializes)f(it\).)0 2650 y Fj(4.3)97 b(A)m(cessing)35
+b(So)s(ck)m(et)e(Metho)s(ds)0 2851 y Fq(W)-7 b(e)27 b(quic)n(kly)e(sa)n
(w)h(the)g(b)r(ene\034t)h(of)g(wrapping)e(so)r(c)n(k)n(et)g(metho)r(ds)
h(in)h(the)g Fl(SSL.Connection)20 b Fq(class,)26 b(for)g(an)g(easy)f
-(transition)0 1061 y(in)n(to)e(using)f(SSL.)h(The)g(problem)f(here)h
+(transition)0 2950 y(in)n(to)e(using)f(SSL.)h(The)g(problem)f(here)h
(is)f(that)h(the)h Fl(socket)c Fq(mo)r(dule)j(lac)n(ks)f(a)g(C)h(API,)h
-(and)e(all)h(the)g(metho)r(ds)g(are)f(declared)0 1161
+(and)e(all)h(the)g(metho)r(ds)g(are)f(declared)0 3050
y(static.)36 b(One)27 b(approac)n(h)d(w)n(ould)i(b)r(e)h(to)f(ha)n(v)n
(e)g Fl(OpenSSL)d Fq(as)j(a)g(submo)r(dule)h(to)f(the)h
Fl(socket)d Fq(mo)r(dule,)j(placing)f(all)g(the)h(co)r(de)0
-1261 y(in)j(`)p Fp(so)r(ck)n(etmo)r(dule.c)p Fq(',)h(but)f(this)g(is)g
+3149 y(in)j(`)p Fp(so)r(ck)n(etmo)r(dule.c)p Fq(',)h(but)f(this)g(is)g
(ob)n(viously)e(not)i(a)f(go)r(o)r(d)g(solution,)h(since)g(y)n(ou)f
(migh)n(t)g(not)h(w)n(an)n(t)f(to)h(imp)r(ort)g(tonnes)f(of)0
-1360 y(extra)f(stu\033)h(y)n(ou're)e(not)i(going)e(to)i(use)f(when)h
+3249 y(extra)f(stu\033)h(y)n(ou're)e(not)i(going)e(to)i(use)f(when)h
(imp)r(orting)f(the)i Fl(socket)c Fq(mo)r(dule.)40 b(The)29
-b(other)f(approac)n(h)e(is)j(to)f(someho)n(w)0 1460 y(get)33
+b(other)f(approac)n(h)e(is)j(to)f(someho)n(w)0 3349 y(get)33
b(a)g(p)r(oin)n(ter)g(to)h(the)f(metho)r(d)h(to)g(b)r(e)f(called,)i
(either)e(the)h(C)g(function,)h(or)e(a)g(callable)f(Python)i(ob)5
-b(ject.)54 b(This)34 b(is)f(not)0 1559 y(really)26 b(a)i(go)r(o)r(d)f
+b(ject.)54 b(This)34 b(is)f(not)0 3448 y(really)26 b(a)i(go)r(o)r(d)f
(solution)g(either,)g(since)g(there's)h(a)f(lot)g(of)h(lo)r(okups)f(in)
-n(v)n(olv)n(ed.)0 1706 y(The)h(w)n(a)n(y)f(it)h(w)n(orks)e(is)i(that)h
+n(v)n(olv)n(ed.)0 3595 y(The)h(w)n(a)n(y)f(it)h(w)n(orks)e(is)i(that)h
(y)n(ou)e(ha)n(v)n(e)g(to)g(supply)h(a)g(\020)7 b Fl(socket)p
Fq(-lik)n(e\021)31 b(transp)r(ort)c(ob)5 b(ject)28 b(to)f(the)i
-Fl(SSL.Connection)p Fq(.)j(The)0 1806 y(only)24 b(requiremen)n(t)f(of)i
+Fl(SSL.Connection)p Fq(.)j(The)0 3695 y(only)24 b(requiremen)n(t)f(of)i
(this)f(ob)5 b(ject)24 b(is)h(that)f(it)h(has)f(a)g Fl(fileno\(\))d
Fq(metho)r(d)k(that)f(returns)g(a)g(\034le)g(descriptor)f(that's)i(v)-5
-b(alid)24 b(at)0 1906 y(the)g(C)g(lev)n(el)f(\(i.e.)36
+b(alid)24 b(at)0 3794 y(the)g(C)g(lev)n(el)f(\(i.e.)36
b(y)n(ou)23 b(can)h(use)f(the)i(system)e(calls)g(read)g(and)h(write\).)
35 b(If)25 b(y)n(ou)e(w)n(an)n(t)g(to)h(use)f(the)h Fl(connect\(\))c
-Fq(or)j Fl(accept\(\))0 2005 y Fq(metho)r(ds)29 b(of)h(the)f
+Fq(or)j Fl(accept\(\))0 3894 y Fq(metho)r(ds)29 b(of)h(the)f
Fl(SSL.Connection)24 b Fq(ob)5 b(ject,)29 b(the)h(transp)r(ort)e(ob)5
b(ject)29 b(has)f(to)h(supply)h(suc)n(h)f(metho)r(ds)g(to)r(o.)41
-b(Apart)29 b(from)0 2105 y(them,)c(an)n(y)e(metho)r(d)h(lo)r(okups)f
+b(Apart)29 b(from)0 3994 y(them,)c(an)n(y)e(metho)r(d)h(lo)r(okups)f
(in)h(the)f Fl(SSL.Connection)18 b Fq(ob)5 b(ject)24
b(that)f(fail)h(are)f(passed)f(on)i(to)f(the)h(underlying)f(transp)r
-(ort)0 2204 y(ob)5 b(ject.)0 2351 y(F)-7 b(uture)25 b(c)n(hanges)f
+(ort)0 4093 y(ob)5 b(ject.)0 4240 y(F)-7 b(uture)25 b(c)n(hanges)f
(migh)n(t)h(b)r(e)g(to)g(allo)n(w)f(Python-lev)n(el)g(transp)r(ort)g
(ob)5 b(jects,)25 b(that)g(instead)g(of)g(ha)n(ving)g
-Fl(fileno\(\))d Fq(metho)r(ds,)0 2451 y(ha)n(v)n(e)h
+Fl(fileno\(\))d Fq(metho)r(ds,)0 4340 y(ha)n(v)n(e)h
Fl(read\(\))g Fq(and)h Fl(write\(\))e Fq(metho)r(ds,)k(so)e(more)f(adv)
-5 b(anced)24 b(features)h(of)f(Python)h(can)g(b)r(e)g(used.)35
-b(This)25 b(w)n(ould)f(probably)0 2551 y(en)n(tail)36
+b(This)25 b(w)n(ould)f(probably)0 4439 y(en)n(tail)36
b(some)g(sort)g(of)g(Op)r(enSSL)h(\020BIOs\021,)g(but)g(con)n(v)n
(erting)e(Python)i(strings)e(bac)n(k)h(and)g(forth)g(is)h(exp)r(ensiv)n
-(e,)h(so)e(this)0 2650 y(shouldn't)f(b)r(e)h(used)f(unless)g(necessary)
+(e,)h(so)e(this)0 4539 y(shouldn't)f(b)r(e)h(used)f(unless)g(necessary)
-7 b(.)57 b(Other)35 b(nice)g(things)g(w)n(ould)g(b)r(e)g(to)g(b)r(e)h
(able)e(to)h(pass)g(in)g(di\033eren)n(t)g(transp)r(ort)0
-2750 y(ob)5 b(jects)41 b(for)g(reading)f(and)h(writing,)j(but)e(then)g
+4639 y(ob)5 b(jects)41 b(for)g(reading)f(and)h(writing,)j(but)e(then)g
(the)g Fl(fileno\(\))c Fq(metho)r(d)k(of)47 b Fl(SSL.Connection)36
-b Fq(b)r(ecomes)41 b(virtually)0 2849 y(useless.)36 b(Also,)27
+b Fq(b)r(ecomes)41 b(virtually)0 4738 y(useless.)36 b(Also,)27
b(should)h(the)g(metho)r(d)g(resolution)e(b)r(e)i(used)g(on)f(the)h
(read-transp)r(ort)d(or)i(the)h(write-transp)r(ort?)p
0 5549 3901 4 v 0 5649 a Ff(18)3368 b(4)83 b(Internals)p
diff --git a/doc/pyOpenSSL.tex b/doc/pyOpenSSL.tex
index 294008c..4e00c14 100644
--- a/doc/pyOpenSSL.tex
+++ b/doc/pyOpenSSL.tex
@@ -2,7 +2,7 @@
\title{Python OpenSSL Manual}
-\release{0.11}
+\release{0.12}
\author{Jean-Paul Calderone}
\authoraddress{\email{exarkun@twistedmatrix.com}}
@@ -269,7 +269,7 @@ pass phrase.
\begin{funcdesc}{load_crl}{type, buffer}
Load Certificate Revocation List (CRL) data from a string \var{buffer}.
-\var{buffer} encoded with the type \var{type}. The type \var{type}
+\var{buffer} encoded with the type \var{type}. The type \var{type}
must either \constant{FILETYPE_PEM} or \constant{FILETYPE_ASN1}).
\end{funcdesc}
@@ -321,6 +321,11 @@ Return a PKey object representing the public key of the certificate.
Return the certificate serial number.
\end{methoddesc}
+\begin{methoddesc}[X509]{get_signature_algorithm}{}
+Return the signature algorithm used in the certificate. If the algorithm is
+undefined, raise \code{ValueError}.
+\end{methoddesc}
+
\begin{methoddesc}[X509]{get_subject}{}
Return an X509Name object representing the subject of the certificate.
\end{methoddesc}
@@ -424,6 +429,20 @@ by OpenSSL (by EVP_get_digestbyname, specifically). For example,
Add the extensions in the sequence \var{extensions} to the certificate.
\end{methoddesc}
+\begin{methoddesc}[X509]{get_extension_count}{}
+Return the number of extensions on this certificate.
+\versionadded{0.12}
+\end{methoddesc}
+
+\begin{methoddesc}[X509]{get_extension}{index}
+Retrieve the extension on this certificate at the given index.
+
+Extensions on a certificate are kept in order. The index parameter selects
+which extension will be returned. The returned object will be an X509Extension
+instance.
+\versionadded{0.12}
+\end{methoddesc}
+
\subsubsection{X509Name objects \label{openssl-x509name}}
X509Name objects have the following methods:
@@ -616,7 +635,17 @@ Return the critical field of the extension object.
\end{methoddesc}
\begin{methoddesc}[X509Extension]{get_short_name}{}
-Return the short type name of the extension object.
+Retrieve the short descriptive name for this extension.
+
+The result is a byte string like \code{``basicConstraints''}.
+\versionadded{0.12}
+\end{methoddesc}
+
+\begin{methoddesc}[X509Extension]{get_data}{}
+Retrieve the data for this extension.
+
+The result is the ASN.1 encoded form of the extension data as a byte string.
+\versionadded{0.12}
\end{methoddesc}
\subsubsection{NetscapeSPKI objects \label{openssl-netscape-spki}}
@@ -817,6 +846,28 @@ interesting if you're using e.g. \constant{SSLv23_METHOD} to get an SSLv2-compat
handshake, but don't want to use SSLv2.
\end{datadesc}
+\begin{datadesc}{SSLEAY_VERSION}
+\dataline{SSLEAY_CFLAGS}
+\dataline{SSLEAY_BUILT_ON}
+\dataline{SSLEAY_PLATFORM}
+\dataline{SSLEAY_DIR}
+Constants used with \method{SSLeay_version} to specify what OpenSSL version
+information to retrieve. See the man page for the \function{SSLeay_version} C
+API for details.
+\end{datadesc}
+
+\begin{datadesc}{OPENSSL_VERSION_NUMBER}
+An integer giving the version number of the OpenSSL library used to build this
+version of pyOpenSSL. See the man page for the \function{SSLeay_version} C API
+for details.
+\end{datadesc}
+
+\begin{funcdesc}{SSLeay_version}{type}
+Retrieve a string describing some aspect of the underlying OpenSSL version. The
+type passed in should be one of the \constant{SSLEAY_*} constants defined in
+this module.
+\end{funcdesc}
+
\begin{datadesc}{ContextType}
See \class{Context}.
\end{datadesc}
@@ -1071,6 +1122,12 @@ format specified by \var{format}, which is either \constant{FILETYPE_PEM} or
\constant{FILETYPE_ASN1}. The default is \constant{FILETYPE_PEM}.
\end{methoddesc}
+\begin{methoddesc}[Context]{set_tlsext_servername_callback}{callback}
+Specify a one-argument callable to use as the TLS extension server name
+callback. When a connection using the server name extension is made using this
+context, the callback will be invoked with the \code{Connection} instance.
+\versionadded{0.13}
+\end{methoddesc}
\subsubsection{Connection objects \label{openssl-connection}}
@@ -1148,10 +1205,18 @@ by this \class{Connection}'s \class{Context}.
Retrieve the Context object associated with this Connection.
\end{methoddesc}
+\begin{methoddesc}[Connection]{set_context}{context}
+Specify a replacement Context object for this Connection.
+\end{methoddesc}
+
\begin{methoddesc}[Connection]{get_peer_certificate}{}
Retrieve the other side's certificate (if any)
\end{methoddesc}
+\begin{methoddesc}[Connection]{get_peer_cert_chain}{}
+Retrieve the tuple of the other side's certificate chain (if any)
+\end{methoddesc}
+
\begin{methoddesc}[Connection]{getpeername}{}
Call the \method{getpeername} method of the underlying socket.
\end{methoddesc}
@@ -1279,6 +1344,16 @@ Checks if there is data to write to the transport layer to complete an
operation.
\end{methoddesc}
+\begin{methoddesc}[Connection]{set_tlsext_host_name}{name}
+Specify the byte string to send as the server name in the client hello message.
+\versionadded{0.13}
+\end{methoddesc}
+
+\begin{methoddesc}[Connection]{get_servername}{}
+Get the value of the server name received in the client hello message.
+\versionadded{0.13}
+\end{methoddesc}
+
\section{Internals \label{internals}}
diff --git a/doc/pyOpenSSL.txt b/doc/pyOpenSSL.txt
index 0002d97..6e5acee 100644
--- a/doc/pyOpenSSL.txt
+++ b/doc/pyOpenSSL.txt
@@ -268,7 +268,24 @@ setup.py --help
``sha1''. New in version 0.11.
- 3.1.1 X509 objects
+ 3.1.1 X509Extension objects
+
+ X509Extension objects have the following methods:
+
+ get_short_name()
+ Retrieve the short descriptive name for this extension.
+
+ The result is a byte string like ``basicConstraints''. New in
+ version 0.12.
+
+ get_data()
+ Retrieve the data for this extension.
+
+ The result is the ASN.1 encoded form of the extension data as a
+ byte string. New in version 0.12.
+
+
+ 3.1.2 X509 objects
X509 objects have the following methods:
@@ -370,8 +387,19 @@ setup.py --help
Add the extensions in the sequence extensions to the
certificate.
+ get_extension_count()
+ Return the number of extensions on this certificate. New in
+ version 0.12.
+
+ get_extension(index)
+ Retrieve the extension on this certificate at the given index.
+
+ Extensions on a certificate are kept in order. The index
+ parameter selects which extension will be returned. The returned
+ object will be an X509Extension instance. New in version 0.12.
+
- 3.1.2 X509Name objects
+ 3.1.3 X509Name objects
X509Name objects have the following methods:
@@ -416,7 +444,7 @@ setup.py --help
The e-mail address of the entity.
- 3.1.3 X509Req objects
+ 3.1.4 X509Req objects
X509Req objects have the following methods:
@@ -446,7 +474,7 @@ setup.py --help
Get the version (RFC 2459, 4.1.2.1) of the certificate request.
- 3.1.4 X509Store objects
+ 3.1.5 X509Store objects
The X509Store object has currently just one method:
@@ -454,7 +482,7 @@ setup.py --help
Add the certificate cert to the certificate store.
- 3.1.5 PKey objects
+ 3.1.6 PKey objects
The PKey object has the following methods:
@@ -469,7 +497,7 @@ setup.py --help
Return the type of the key.
- 3.1.6 PKCS7 objects
+ 3.1.7 PKCS7 objects
PKCS7 objects have the following methods:
@@ -489,7 +517,7 @@ setup.py --help
Get the type name of the PKCS7.
- 3.1.7 PKCS12 objects
+ 3.1.8 PKCS12 objects
PKCS12 objects have the following methods:
@@ -529,7 +557,7 @@ setup.py --help
Replace or set private key portion of the PKCS12 structure
- 3.1.8 X509Extension objects
+ 3.1.9 X509Extension objects
X509Extension objects have several methods:
@@ -540,7 +568,7 @@ setup.py --help
Return the short type name of the extension object.
- 3.1.9 NetscapeSPKI objects
+ 3.1.10 NetscapeSPKI objects
NetscapeSPKI objects have the following methods:
@@ -563,7 +591,7 @@ setup.py --help
Verify the NetscapeSPKI object using the given key.
- 3.1.10 CRL objects
+ 3.1.11 CRL objects
CRL objects have the following methods:
@@ -578,7 +606,7 @@ setup.py --help
Return a tuple of Revoked objects, by value not reference.
- 3.1.11 Revoked objects
+ 3.1.12 Revoked objects
Revoked objects have the following methods:
@@ -1234,4 +1262,4 @@ setup.py --help
Python OpenSSL Manual
__________________________________________________________________
- Release 0.11.
+ Release 0.12.
diff --git a/examples/certgen.py b/examples/certgen.py
index b50dfdc..f157235 100644
--- a/examples/certgen.py
+++ b/examples/certgen.py
@@ -1,7 +1,8 @@
# -*- coding: latin-1 -*-
#
-# Copyright (C) Martin Sjögren and AB Strakt 2001, All rights reserved
-# Copyright (C) Jean-Paul Calderone 2008, All rights reserved
+# Copyright (C) AB Strakt
+# Copyright (C) Jean-Paul Calderone
+# See LICENSE for details.
"""
Certificate generation module.
diff --git a/examples/simple/client.py b/examples/simple/client.py
index dcad3ba..0247c67 100644
--- a/examples/simple/client.py
+++ b/examples/simple/client.py
@@ -1,7 +1,8 @@
# -*- coding: latin-1 -*-
#
-# Copyright (C) 2001 Martin Sjögren and AB Strakt, All rights reserved
-# Copyright (C) Jean-Paul Calderone 2008, All rights reserved
+# Copyright (C) AB Strakt
+# Copyright (C) Jean-Paul Calderone
+# See LICENSE for details.
"""
Simple SSL client, using blocking I/O
diff --git a/examples/simple/server.py b/examples/simple/server.py
index 518f9e6..37e36dd 100644
--- a/examples/simple/server.py
+++ b/examples/simple/server.py
@@ -1,7 +1,8 @@
# -*- coding: latin-1 -*-
#
-# Copyright (C) 2001 Martin Sjögren and AB Strakt, All rights reserved
-# Copyright (C) Jean-Paul Calderone 2008, All rights reserved
+# Copyright (C) AB Strakt
+# Copyright (C) Jean-Paul Calderone
+# See LICENSE for details.
"""
Simple echo server, using nonblocking I/O
diff --git a/examples/sni/README b/examples/sni/README
new file mode 100644
index 0000000..4c74eb5
--- /dev/null
+++ b/examples/sni/README
@@ -0,0 +1,19 @@
+This directory contains client and server examples for the "Server Name
+Indication" (SNI) feature.
+
+Run server.py with no arguments. It will accept one client connection and
+then exit. It has two certificates it can use, one for "example.invalid"
+and another for "another.invalid". If a client indicates one of these names
+to it, it will use the corresponding certificate for that connection (if a
+client doesn't indicate a name or indicates another name, it won't try to
+use any certificate).
+
+Run client.py with one argument, the server name to indicate. For example:
+
+ $ python client.py example.invalid
+ Connecting... connected ('127.0.0.1', 8443)
+ Server subject is <X509Name object '/OU=Security/O=pyOpenSSL/CN=example.invalid/ST=New York/C=US/emailAddress=invalid@example.invalid/L=New York'>
+ $
+
+Depending on what hostname is supplied, the server will select a different
+certificate to use and the client output will be different.
diff --git a/examples/sni/another.invalid.crt b/examples/sni/another.invalid.crt
new file mode 100644
index 0000000..995e14c
--- /dev/null
+++ b/examples/sni/another.invalid.crt
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICqTCCAhICAQEwDQYJKoZIhvcNAQEEBQAwgZwxETAPBgNVBAsTCFNlY3VyaXR5
+MRIwEAYDVQQKEwlweU9wZW5TU0wxGDAWBgNVBAMTD2Fub3RoZXIuaW52YWxpZDER
+MA8GA1UECBMITmV3IFlvcmsxCzAJBgNVBAYTAlVTMSYwJAYJKoZIhvcNAQkBFhdp
+bnZhbGlkQGFub3RoZXIuaW52YWxpZDERMA8GA1UEBxMITmV3IFlvcmswHhcNMTEw
+NjA2MTIyMTQyWhcNMTIwNjA1MTIyMTQyWjCBnDERMA8GA1UECxMIU2VjdXJpdHkx
+EjAQBgNVBAoTCXB5T3BlblNTTDEYMBYGA1UEAxMPYW5vdGhlci5pbnZhbGlkMREw
+DwYDVQQIEwhOZXcgWW9yazELMAkGA1UEBhMCVVMxJjAkBgkqhkiG9w0BCQEWF2lu
+dmFsaWRAYW5vdGhlci5pbnZhbGlkMREwDwYDVQQHEwhOZXcgWW9yazCBnzANBgkq
+hkiG9w0BAQEFAAOBjQAwgYkCgYEA7jUOM0EnH0/bvqyQfrGlZ5ROc29JWEq3wp7/
+n96cxQ/oSf5G6rlQ5ZYnDlp44csQOY3DIq5/7cRju/Qf5cZ03YMOjzYSi4ElS0+o
+3Av/VgL/ssC6Z0PfQO4+NyXIQTn+cS6P6T65AVBdqn6Z5t0eY0wkU6QznpdJ/1c2
+a7gIYnUCAwEAATANBgkqhkiG9w0BAQQFAAOBgQBqyrP1wmpTmfeZnoB7piJd+qIj
+VHpCDRAZcdsxKUl/8PahjtWPMB0G5VaMwOoIGIlMxZ/LPKf44cA+QNEIXq8rohr2
+XFaA4t4X4aP7OmwQ4pa8mh4r86mP+vQU2iRJOqRYP+/gKaAqI2+ZbORZXJ7bewb5
+DTvvQRw2PRBf270h8g==
+-----END CERTIFICATE-----
diff --git a/examples/sni/another.invalid.key b/examples/sni/another.invalid.key
new file mode 100644
index 0000000..8d955f6
--- /dev/null
+++ b/examples/sni/another.invalid.key
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQDuNQ4zQScfT9u+rJB+saVnlE5zb0lYSrfCnv+f3pzFD+hJ/kbq
+uVDllicOWnjhyxA5jcMirn/txGO79B/lxnTdgw6PNhKLgSVLT6jcC/9WAv+ywLpn
+Q99A7j43JchBOf5xLo/pPrkBUF2qfpnm3R5jTCRTpDOel0n/VzZruAhidQIDAQAB
+AoGBAOGaJBHM8fWI17DVlKA5NVNNNaPEUW2qjjFoDuflmQpWD4UMqzOhQYm/VMwW
+SYhnnr0zkw1kwUp6Bo87HX6sH37b1GeqIyp+b0Hqc+vLyiXPo0suqV23B9K8jjZ0
+6ap8h6hxpa5D1HtYKKDzWLhLJVtmtslxsvimR/CS+rmpUgBBAkEA+lJ2dXMDsUzB
+xOpX8MLfQsl8XB5tx4ejmXGyNp/hmRFqFi38FFemJXX1YC3wL5jbQ2Ltz9rnbdnG
+Xb/IWrn25QJBAPOcPua6xiNTWW5519JGaNgWdYnUgbj/ib8waLoElHp5Hl5DLuYX
+y8U96Xl/wAE4aQnp5R/PS75tYrKZo79z9FECQQDALk1J8IpWNbLSRoRLkKEtulji
+tG3d8VH1/WcwLuFZzhfffWB6Eay6N+yx8bLkJ/u2qZ4gpVRmbvqvgQ0GMp3NAkBE
+FFczzeCPgLyOdjiNSCYGtYgVg7DZDXjmWFX8HkmMTIrjFu1lWiMVNS8pSD1VWflo
+zte8Ywcs6Y7akLtFRtdxAkEA346J1/Zqtibez2TcjzCK+s9Ihwta23ZN2YTjo60o
+sDZ5AVJwyLa7VFEzO/e9v2ytD7k9fCJjHcxIWIe8zj0dYA==
+-----END RSA PRIVATE KEY-----
diff --git a/examples/sni/client.py b/examples/sni/client.py
new file mode 100644
index 0000000..5b93671
--- /dev/null
+++ b/examples/sni/client.py
@@ -0,0 +1,35 @@
+# Copyright (C) Jean-Paul Calderone
+# See LICENSE for details.
+
+if __name__ == '__main__':
+ import client
+ raise SystemExit(client.main())
+
+from sys import argv, stdout
+from socket import socket
+
+from OpenSSL.SSL import TLSv1_METHOD, Context, Connection
+
+def main():
+ """
+ Connect to an SNI-enabled server and request a specific hostname, specified
+ by argv[1], of it.
+ """
+ if len(argv) < 2:
+ print 'Usage: %s <hostname>' % (argv[0],)
+ return 1
+
+ client = socket()
+
+ print 'Connecting...',
+ stdout.flush()
+ client.connect(('127.0.0.1', 8443))
+ print 'connected', client.getpeername()
+
+ client_ssl = Connection(Context(TLSv1_METHOD), client)
+ client_ssl.set_connect_state()
+ client_ssl.set_tlsext_host_name(argv[1])
+ client_ssl.do_handshake()
+ print 'Server subject is', client_ssl.get_peer_certificate().get_subject()
+ client_ssl.close()
+
diff --git a/examples/sni/example.invalid.crt b/examples/sni/example.invalid.crt
new file mode 100644
index 0000000..b0cabac
--- /dev/null
+++ b/examples/sni/example.invalid.crt
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICqTCCAhICAQEwDQYJKoZIhvcNAQEEBQAwgZwxETAPBgNVBAsTCFNlY3VyaXR5
+MRIwEAYDVQQKEwlweU9wZW5TU0wxGDAWBgNVBAMTD2V4YW1wbGUuaW52YWxpZDER
+MA8GA1UECBMITmV3IFlvcmsxCzAJBgNVBAYTAlVTMSYwJAYJKoZIhvcNAQkBFhdp
+bnZhbGlkQGV4YW1wbGUuaW52YWxpZDERMA8GA1UEBxMITmV3IFlvcmswHhcNMTEw
+NjA2MTIyMTMzWhcNMTIwNjA1MTIyMTMzWjCBnDERMA8GA1UECxMIU2VjdXJpdHkx
+EjAQBgNVBAoTCXB5T3BlblNTTDEYMBYGA1UEAxMPZXhhbXBsZS5pbnZhbGlkMREw
+DwYDVQQIEwhOZXcgWW9yazELMAkGA1UEBhMCVVMxJjAkBgkqhkiG9w0BCQEWF2lu
+dmFsaWRAZXhhbXBsZS5pbnZhbGlkMREwDwYDVQQHEwhOZXcgWW9yazCBnzANBgkq
+hkiG9w0BAQEFAAOBjQAwgYkCgYEAwmLucR0IXvoGTOfzb2WJlHis2s/FFJfmYAKd
+hq9bs+XzPeAPG0VQqAsy+om1gBOb8KPGtSet2SeNc25FU+QuwAza8uws7EaxD9b9
+CcarIh2X5LMcmiI/p34FuVGUSVsfc4QCTYFWGA0Mrw4jz9sGGeSEmTjVRnc3uAix
+31orKScCAwEAATANBgkqhkiG9w0BAQQFAAOBgQBxm8Qta5wYFmQ3l3EAne9+HaQ5
+gPStgox6STmyOGfRkybSePgOeKftOasaXpKboiNg6PJEkaFEnl9epNwS+8PIjQqv
+mPiZdlrNIfw+YVWpqgcTAIzkhYFH0K4v6d5Wn2adNgd5KbrxYOjsr2w0ixQEtdW/
++z1x/ngjc08EPqOIPQ==
+-----END CERTIFICATE-----
diff --git a/examples/sni/example.invalid.key b/examples/sni/example.invalid.key
new file mode 100644
index 0000000..192e346
--- /dev/null
+++ b/examples/sni/example.invalid.key
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDCYu5xHQhe+gZM5/NvZYmUeKzaz8UUl+ZgAp2Gr1uz5fM94A8b
+RVCoCzL6ibWAE5vwo8a1J63ZJ41zbkVT5C7ADNry7CzsRrEP1v0JxqsiHZfksxya
+Ij+nfgW5UZRJWx9zhAJNgVYYDQyvDiPP2wYZ5ISZONVGdze4CLHfWispJwIDAQAB
+AoGBAL8L8qNTUHXgL68ITRZP6g71J5YKm/zoafA0wdOsp2lA+Hb4roAz+Nif4SOh
+krPlEd9JZ7OF4vRJTlmDqDmSS2qY7hJuZpdrdvhdxaPGeX4uftC43thEzxLxPQHd
+gCCxugbGJOHChjMPk06oC0w1q70ex3gWmki82Jt/5INV6Z6RAkEA4km0s0RvbVmW
+AT12PROplCRE86eJNlLCVp2TJNl0LPZe5uWqaZZ8wBvfFd1PXEk/Qcpj4IotMZ5M
+1Ai4zw2+6QJBANvo6R5yLRrY8/7YKw9Y/1bbSRLhGYok2Ur4fFz64G28wA1VI3yS
+uXrJ7NjTVykfrBq59WEfh3a15P9g/TMAPY8CQQDdW3Z9iqtpj6IScnowgwR22wfs
+RW4PCuP6cMhY2rMvrI3nVrDd+wzrrBgNPmF8iFZt2Drdkq1lBVJodGO8f9jJAj9O
+K3yyVeOyp2wUKsMjsX8SYOCY1Ws+r9qNy8ZpRsSAPZgHJTx4C6/i9eQ7LuTMuXV0
+CqYu4AZHLGE6Zj+a4XsCQQC8Ken471EXuahfPcKTzsphuZnYZkoVUsFUxJFfqG+S
+8k2Jo/4c+2NyyvVXhXu2at8kmu45c92BrCTXIvLEwtnn
+-----END RSA PRIVATE KEY-----
diff --git a/examples/sni/server.py b/examples/sni/server.py
new file mode 100644
index 0000000..8738416
--- /dev/null
+++ b/examples/sni/server.py
@@ -0,0 +1,64 @@
+# Copyright (C) Jean-Paul Calderone
+# See LICENSE for details.
+
+if __name__ == '__main__':
+ import server
+ raise SystemExit(server.main())
+
+from sys import stdout
+from socket import SOL_SOCKET, SO_REUSEADDR, socket
+
+from OpenSSL.crypto import FILETYPE_PEM, load_privatekey, load_certificate
+from OpenSSL.SSL import TLSv1_METHOD, Context, Connection
+
+def load(domain):
+ crt = open(domain + ".crt")
+ key = open(domain + ".key")
+ result = (
+ load_privatekey(FILETYPE_PEM, key.read()),
+ load_certificate(FILETYPE_PEM, crt.read()))
+ crt.close()
+ key.close()
+ return result
+
+
+def main():
+ """
+ Run an SNI-enabled server which selects between a few certificates in a
+ C{dict} based on the handshake request it receives from a client.
+ """
+ port = socket()
+ port.setsockopt(SOL_SOCKET, SO_REUSEADDR, 1)
+ port.bind(('', 8443))
+ port.listen(3)
+
+ print 'Accepting...',
+ stdout.flush()
+ server, addr = port.accept()
+ print 'accepted', addr
+
+ server_context = Context(TLSv1_METHOD)
+ server_context.set_tlsext_servername_callback(pick_certificate)
+
+ server_ssl = Connection(server_context, server)
+ server_ssl.set_accept_state()
+ server_ssl.do_handshake()
+ server.close()
+
+
+certificates = {
+ "example.invalid": load("example.invalid"),
+ "another.invalid": load("another.invalid"),
+ }
+
+
+def pick_certificate(connection):
+ try:
+ key, cert = certificates[connection.get_servername()]
+ except KeyError:
+ pass
+ else:
+ new_context = Context(TLSv1_METHOD)
+ new_context.use_privatekey(key)
+ new_context.use_certificate(cert)
+ connection.set_context(new_context)
diff --git a/leakcheck/context-info-callback.py b/leakcheck/context-info-callback.py
index d4c9fa5..6a3925c 100644
--- a/leakcheck/context-info-callback.py
+++ b/leakcheck/context-info-callback.py
@@ -1,4 +1,5 @@
-# Copyright (C) Jean-Paul Calderone 2008, All rights reserved
+# Copyright (C) Jean-Paul Calderone
+# See LICENSE for details.
#
# Stress tester for thread-related bugs in global_info_callback in
# src/ssl/context.c. In 0.7 and earlier, this will somewhat reliably
diff --git a/leakcheck/context-passphrase-callback.py b/leakcheck/context-passphrase-callback.py
index 0f0933c..ba71655 100644
--- a/leakcheck/context-passphrase-callback.py
+++ b/leakcheck/context-passphrase-callback.py
@@ -1,4 +1,5 @@
-# Copyright (C) Jean-Paul Calderone 2008, All rights reserved
+# Copyright (C) Jean-Paul Calderone
+# See LICENSE for details.
#
# Stress tester for thread-related bugs in global_passphrase_callback in
# src/ssl/context.c. In 0.7 and earlier, this will somewhat reliably
diff --git a/leakcheck/context-verify-callback.py b/leakcheck/context-verify-callback.py
index 5e49d7a..0ae586b 100644
--- a/leakcheck/context-verify-callback.py
+++ b/leakcheck/context-verify-callback.py
@@ -1,4 +1,5 @@
-# Copyright (C) Jean-Paul Calderone 2008, All rights reserved
+# Copyright (C) Jean-Paul Calderone
+# See LICENSE for details.
#
# Stress tester for thread-related bugs in global_verify_callback in
# src/ssl/context.c. This will reliably segfault if context.c isn't a
diff --git a/leakcheck/crypto.py b/leakcheck/crypto.py
index eb00182..07b77e5 100644
--- a/leakcheck/crypto.py
+++ b/leakcheck/crypto.py
@@ -1,3 +1,6 @@
+# Copyright (C) Jean-Paul Calderone
+# See LICENSE for details.
+
import sys
from OpenSSL.crypto import TYPE_DSA, Error, PKey, X509
diff --git a/leakcheck/thread-crash.py b/leakcheck/thread-crash.py
index 26048a5..a1ebbdd 100644
--- a/leakcheck/thread-crash.py
+++ b/leakcheck/thread-crash.py
@@ -1,4 +1,5 @@
-# Copyright (C) Jean-Paul Calderone 2008, All rights reserved
+# Copyright (C) Jean-Paul Calderone
+# See LICENSE for details.
#
# Stress tester for thread-related bugs in ssl_Connection_send and
# ssl_Connection_recv in src/ssl/connection.c for usage of a single
diff --git a/setup.py b/setup.py
index 1a74e6e..73c88a0 100755
--- a/setup.py
+++ b/setup.py
@@ -15,7 +15,7 @@ from distutils.errors import DistutilsFileError
from distutils.command.build_ext import build_ext
# XXX Deduplicate this
-__version__ = '0.11'
+__version__ = '0.12'
crypto_src = ['OpenSSL/crypto/crypto.c', 'OpenSSL/crypto/x509.c',
'OpenSSL/crypto/x509name.c', 'OpenSSL/crypto/pkey.c',
@@ -211,7 +211,7 @@ setup(name='pyOpenSSL', version=__version__,
maintainer = 'Jean-Paul Calderone',
maintainer_email = 'exarkun@twistedmatrix.com',
url = 'http://pyopenssl.sourceforge.net/',
- license = 'LGPL',
+ license = 'APL2',
long_description = """\
High-level wrapper around a subset of the OpenSSL library, includes
* SSL.Connection objects, wrapping the methods of Python's portable
View Lorry Controller Status