Regenerate docs

15 files changed, 713 insertions, 630 deletions

diff --git a/doc/html/intro.html b/doc/html/intro.html
index 23a29ea..e781927 100644
--- a/doc/html/intro.html
+++ b/doc/html/intro.html
@@ -55,7 +55,7 @@ was begun) was severely limited.  Other OpenSSL wrappers for Python at the time
 were also limited, though in different ways.  Unfortunately, Python's standard
 library SSL support has remained weak, although other packages (such as
 M2Crypto<A NAME="tex2html1"
-  HREF="#foot924"><SUP>1</SUP></A>)
+  HREF="#foot951"><SUP>1</SUP></A>)
 have made great advances and now equal or exceed pyOpenSSL's functionality.
 
 <P>
@@ -67,7 +67,7 @@ and advance.
 <P>
 <BR><HR><H4>Footnotes</H4>
 <DL>
-<DT><A NAME="foot924">...
+<DT><A NAME="foot951">...
 M2Crypto</A><A
  href="intro.html#tex2html1"><SUP>1</SUP></A></DT>
 <DD>See <a class="url" href="http://chandlerproject.org/Projects/MeTooCrypto">http://chandlerproject.org/Projects/MeTooCrypto</a>
diff --git a/doc/html/openssl-509ext.html b/doc/html/openssl-509ext.html
index 297eec1..cbffb32 100644
--- a/doc/html/openssl-509ext.html
+++ b/doc/html/openssl-509ext.html
@@ -49,15 +49,21 @@ border="0" height="32"
 </H3>
 
 <P>
-X509Extension objects currently only have one method:
+X509Extension objects have several methods:
 
 <P>
-<dl><dt><b><a name='l2h-82'><tt class='method'>get_critical</tt></a></b>()
+<dl><dt><b><a name='l2h-84'><tt class='method'>get_critical</tt></a></b>()
 <dd>
 Return the critical field of the extension object.
 </dl>
 
 <P>
+<dl><dt><b><a name='l2h-85'><tt class='method'>get_short_name</tt></a></b>()
+<dd>
+Return the short type name of the extension object.
+</dl>
+
+<P>
 
 <DIV CLASS="navigation">
 <p><hr>
diff --git a/doc/html/openssl-connection.html b/doc/html/openssl-connection.html
index 524fb32..1cab1df 100644
--- a/doc/html/openssl-connection.html
+++ b/doc/html/openssl-connection.html
@@ -51,7 +51,7 @@ border="0" height="32"
 Connection objects have the following methods:
 
 <P>
-<dl><dt><b><a name='l2h-145'><tt class='method'>accept</tt></a></b>()
+<dl><dt><b><a name='l2h-149'><tt class='method'>accept</tt></a></b>()
 <dd>
 Call the <tt class="method">accept</tt> method of the underlying socket and set up SSL on the
 returned socket, using the Context object supplied to this Connection object at
@@ -61,20 +61,20 @@ socket's <tt class="method">accept</tt>.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-146'><tt class='method'>bind</tt></a></b>(<var>address</var>)
+<dl><dt><b><a name='l2h-150'><tt class='method'>bind</tt></a></b>(<var>address</var>)
 <dd>
 Call the <tt class="method">bind</tt> method of the underlying socket.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-147'><tt class='method'>close</tt></a></b>()
+<dl><dt><b><a name='l2h-151'><tt class='method'>close</tt></a></b>()
 <dd>
 Call the <tt class="method">close</tt> method of the underlying socket. Note: If you want
 correct SSL closure, you need to call the <tt class="method">shutdown</tt> method first.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-148'><tt class='method'>connect</tt></a></b>(<var>address</var>)
+<dl><dt><b><a name='l2h-152'><tt class='method'>connect</tt></a></b>(<var>address</var>)
 <dd>
 Call the <tt class="method">connect</tt> method of the underlying socket and set up SSL on the
 socket, using the Context object supplied to this Connection object at
@@ -82,7 +82,7 @@ creation.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-149'><tt class='method'>connect_ex</tt></a></b>(<var>address</var>)
+<dl><dt><b><a name='l2h-153'><tt class='method'>connect_ex</tt></a></b>(<var>address</var>)
 <dd>
 Call the <tt class="method">connect_ex</tt> method of the underlying socket and set up SSL on
 the socket, using the Context object supplied to this Connection object at
@@ -91,7 +91,7 @@ return 0, SSL won't be initialized.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-150'><tt class='method'>do_handshake</tt></a></b>()
+<dl><dt><b><a name='l2h-154'><tt class='method'>do_handshake</tt></a></b>()
 <dd>
 Perform an SSL handshake (usually called after <tt class="method">renegotiate</tt> or one of
 <tt class="method">set_accept_state</tt> or <tt class="method">set_accept_state</tt>). This can raise the
@@ -99,25 +99,25 @@ same exceptions as <tt class="method">send</tt> and <tt class="method">recv</tt>
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-151'><tt class='method'>fileno</tt></a></b>()
+<dl><dt><b><a name='l2h-155'><tt class='method'>fileno</tt></a></b>()
 <dd>
 Retrieve the file descriptor number for the underlying socket.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-152'><tt class='method'>listen</tt></a></b>(<var>backlog</var>)
+<dl><dt><b><a name='l2h-156'><tt class='method'>listen</tt></a></b>(<var>backlog</var>)
 <dd>
 Call the <tt class="method">listen</tt> method of the underlying socket.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-153'><tt class='method'>get_app_data</tt></a></b>()
+<dl><dt><b><a name='l2h-157'><tt class='method'>get_app_data</tt></a></b>()
 <dd>
 Retrieve application data as set by <tt class="method">set_app_data</tt>.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-154'><tt class='method'>get_cipher_list</tt></a></b>()
+<dl><dt><b><a name='l2h-158'><tt class='method'>get_cipher_list</tt></a></b>()
 <dd>
 Retrieve the list of ciphers used by the Connection object. WARNING: This API
 has changed. It used to take an optional parameter and just return a string,
@@ -125,44 +125,44 @@ but not it returns the entire list in one go.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-155'><tt class='method'>get_context</tt></a></b>()
+<dl><dt><b><a name='l2h-159'><tt class='method'>get_context</tt></a></b>()
 <dd>
 Retrieve the Context object associated with this Connection.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-156'><tt class='method'>get_peer_certificate</tt></a></b>()
+<dl><dt><b><a name='l2h-160'><tt class='method'>get_peer_certificate</tt></a></b>()
 <dd>
 Retrieve the other side's certificate (if any)
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-157'><tt class='method'>getpeername</tt></a></b>()
+<dl><dt><b><a name='l2h-161'><tt class='method'>getpeername</tt></a></b>()
 <dd>
 Call the <tt class="method">getpeername</tt> method of the underlying socket.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-158'><tt class='method'>getsockname</tt></a></b>()
+<dl><dt><b><a name='l2h-162'><tt class='method'>getsockname</tt></a></b>()
 <dd>
 Call the <tt class="method">getsockname</tt> method of the underlying socket.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-159'><tt class='method'>getsockopt</tt></a></b>(<var>level, optname</var><big>[</big><var>, buflen</var><big>]</big>)
+<dl><dt><b><a name='l2h-163'><tt class='method'>getsockopt</tt></a></b>(<var>level, optname</var><big>[</big><var>, buflen</var><big>]</big>)
 <dd>
 Call the <tt class="method">getsockopt</tt> method of the underlying socket.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-160'><tt class='method'>pending</tt></a></b>()
+<dl><dt><b><a name='l2h-164'><tt class='method'>pending</tt></a></b>()
 <dd>
 Retrieve the number of bytes that can be safely read from the SSL buffer
 (<i>not</i> the underlying transport buffer).
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-161'><tt class='method'>recv</tt></a></b>(<var>bufsize</var>)
+<dl><dt><b><a name='l2h-165'><tt class='method'>recv</tt></a></b>(<var>bufsize</var>)
 <dd>
 Receive data from the Connection. The return value is a string representing the
 data received. The maximum amount of data to be received at once, is specified
@@ -170,20 +170,20 @@ by <var>bufsize</var>.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-162'><tt class='method'>renegotiate</tt></a></b>()
+<dl><dt><b><a name='l2h-166'><tt class='method'>renegotiate</tt></a></b>()
 <dd>
 Renegotiate the SSL session. Call this if you wish to change cipher suites or
 anything like that.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-163'><tt class='method'>send</tt></a></b>(<var>string</var>)
+<dl><dt><b><a name='l2h-167'><tt class='method'>send</tt></a></b>(<var>string</var>)
 <dd>
 Send the <var>string</var> data to the Connection.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-164'><tt class='method'>sendall</tt></a></b>(<var>string</var>)
+<dl><dt><b><a name='l2h-168'><tt class='method'>sendall</tt></a></b>(<var>string</var>)
 <dd>
 Send all of the <var>string</var> data to the Connection. This calls <tt class="method">send</tt>
 repeatedly until all data is sent. If an error occurs, it's impossible to tell
@@ -191,40 +191,40 @@ how much data has been sent.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-165'><tt class='method'>set_accept_state</tt></a></b>()
+<dl><dt><b><a name='l2h-169'><tt class='method'>set_accept_state</tt></a></b>()
 <dd>
 Set the connection to work in server mode. The handshake will be handled
 automatically by read/write.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-166'><tt class='method'>set_app_data</tt></a></b>(<var>data</var>)
+<dl><dt><b><a name='l2h-170'><tt class='method'>set_app_data</tt></a></b>(<var>data</var>)
 <dd>
 Associate <var>data</var> with this Connection object. <var>data</var> can be retrieved
 later using the <tt class="method">get_app_data</tt> method.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-167'><tt class='method'>set_connect_state</tt></a></b>()
+<dl><dt><b><a name='l2h-171'><tt class='method'>set_connect_state</tt></a></b>()
 <dd>
 Set the connection to work in client mode. The handshake will be handled
 automatically by read/write.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-168'><tt class='method'>setblocking</tt></a></b>(<var>flag</var>)
+<dl><dt><b><a name='l2h-172'><tt class='method'>setblocking</tt></a></b>(<var>flag</var>)
 <dd>
 Call the <tt class="method">setblocking</tt> method of the underlying socket.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-169'><tt class='method'>setsockopt</tt></a></b>(<var>level, optname, value</var>)
+<dl><dt><b><a name='l2h-173'><tt class='method'>setsockopt</tt></a></b>(<var>level, optname, value</var>)
 <dd>
 Call the <tt class="method">setsockopt</tt> method of the underlying socket.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-170'><tt class='method'>shutdown</tt></a></b>()
+<dl><dt><b><a name='l2h-174'><tt class='method'>shutdown</tt></a></b>()
 <dd>
 Send the shutdown message to the Connection. Returns true if the shutdown
 message exchange is completed and false otherwise (in which case you call
@@ -233,40 +233,40 @@ readable/writeable.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-171'><tt class='method'>get_shutdown</tt></a></b>()
+<dl><dt><b><a name='l2h-175'><tt class='method'>get_shutdown</tt></a></b>()
 <dd>
 Get the shutdown state of the Connection.  Returns a bitvector of either or
 both of <var>SENT_SHUTDOWN</var> and <var>RECEIVED_SHUTDOWN</var>.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-172'><tt class='method'>set_shutdown</tt></a></b>(<var>state</var>)
+<dl><dt><b><a name='l2h-176'><tt class='method'>set_shutdown</tt></a></b>(<var>state</var>)
 <dd>
 Set the shutdown state of the Connection.  <var>state</var> is a bitvector of
 either or both of <var>SENT_SHUTDOWN</var> and <var>RECEIVED_SHUTDOWN</var>.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-173'><tt class='method'>sock_shutdown</tt></a></b>(<var>how</var>)
+<dl><dt><b><a name='l2h-177'><tt class='method'>sock_shutdown</tt></a></b>(<var>how</var>)
 <dd>
 Call the <tt class="method">shutdown</tt> method of the underlying socket.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-174'><tt class='method'>state_string</tt></a></b>()
+<dl><dt><b><a name='l2h-178'><tt class='method'>state_string</tt></a></b>()
 <dd>
 Retrieve a verbose string detailing the state of the Connection.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-175'><tt class='method'>want_read</tt></a></b>()
+<dl><dt><b><a name='l2h-179'><tt class='method'>want_read</tt></a></b>()
 <dd>
 Checks if more data has to be read from the transport layer to complete an
 operation.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-176'><tt class='method'>want_write</tt></a></b>()
+<dl><dt><b><a name='l2h-180'><tt class='method'>want_write</tt></a></b>()
 <dd>
 Checks if there is data to write to the transport layer to complete an
 operation.
diff --git a/doc/html/openssl-context.html b/doc/html/openssl-context.html
index 011688c..3d155bf 100644
--- a/doc/html/openssl-context.html
+++ b/doc/html/openssl-context.html
@@ -52,7 +52,7 @@ border="0" height="32"
 Context objects have the following methods:
 
 <P>
-<dl><dt><b><a name='l2h-121'><tt class='method'>check_privatekey</tt></a></b>()
+<dl><dt><b><a name='l2h-124'><tt class='method'>check_privatekey</tt></a></b>()
 <dd>
 Check if the private key (loaded with <tt class="method">use_privatekey<big>[</big>_file<big>]</big></tt>)
 matches the certificate (loaded with <tt class="method">use_certificate<big>[</big>_file<big>]</big></tt>).
@@ -60,13 +60,13 @@ Returns <code>None</code> if they match, raises <tt class="exception">Error</tt>
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-122'><tt class='method'>get_app_data</tt></a></b>()
+<dl><dt><b><a name='l2h-125'><tt class='method'>get_app_data</tt></a></b>()
 <dd>
 Retrieve application data as set by <tt class="method">set_app_data</tt>.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-123'><tt class='method'>get_cert_store</tt></a></b>()
+<dl><dt><b><a name='l2h-126'><tt class='method'>get_cert_store</tt></a></b>()
 <dd>
 Retrieve the certificate store (a X509Store object) that the context uses.
 This can be used to add "trusted" certificates without using the.
@@ -74,61 +74,71 @@ This can be used to add "trusted" certificates without using the.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-124'><tt class='method'>get_timeout</tt></a></b>()
+<dl><dt><b><a name='l2h-127'><tt class='method'>get_timeout</tt></a></b>()
 <dd>
 Retrieve session timeout, as set by <tt class="method">set_timeout</tt>. The default is 300
 seconds.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-125'><tt class='method'>get_verify_depth</tt></a></b>()
+<dl><dt><b><a name='l2h-128'><tt class='method'>get_verify_depth</tt></a></b>()
 <dd>
 Retrieve the Context object's verify depth, as set by
 <tt class="method">set_verify_depth</tt>.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-126'><tt class='method'>get_verify_mode</tt></a></b>()
+<dl><dt><b><a name='l2h-129'><tt class='method'>get_verify_mode</tt></a></b>()
 <dd>
-Retrieve the Context object's verify mode, as set by <tt class="method">set_verify_mode</tt>.
+Retrieve the Context object's verify mode, as set by <tt class="method">set_verify</tt>.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-127'><tt class='method'>load_client_ca</tt></a></b>(<var>pemfile</var>)
+<dl><dt><b><a name='l2h-130'><tt class='method'>load_client_ca</tt></a></b>(<var>pemfile</var>)
 <dd>
 Read a file with PEM-formatted certificates that will be sent to the client
 when requesting a client certificate.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-128'><tt class='method'>load_verify_locations</tt></a></b>(<var>pemfile</var>)
+<dl><dt><b><a name='l2h-131'><tt class='method'>load_verify_locations</tt></a></b>(<var>pemfile, capath</var>)
 <dd>
-Specify where CA certificates for verification purposes are located. These are
-trusted certificates. Note that the certificates have to be in PEM format.
+Specify where CA certificates for verification purposes are located. These
+are trusted certificates. Note that the certificates have to be in PEM
+format.  If capath is passed, it must be a directory prepared using the
+<code>c_rehash</code> tool included with OpenSSL.  Either, but not both, of
+<var>pemfile</var> or <var>capath</var> may be <code>None</code>.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-129'><tt class='method'>load_tmp_dh</tt></a></b>(<var>dhfile</var>)
+<dl><dt><b><a name='l2h-132'><tt class='method'>set_default_verify_paths</tt></a></b>()
+<dd>
+Specify that the platform provided CA certificates are to be used for
+verification purposes.  This method may not work properly on OS X.
+</dl>
+
+<P>
+<dl><dt><b><a name='l2h-133'><tt class='method'>load_tmp_dh</tt></a></b>(<var>dhfile</var>)
 <dd>
 Load parameters for Ephemeral Diffie-Hellman from <var>dhfile</var>.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-130'><tt class='method'>set_app_data</tt></a></b>(<var>data</var>)
+<dl><dt><b><a name='l2h-134'><tt class='method'>set_app_data</tt></a></b>(<var>data</var>)
 <dd>
 Associate <var>data</var> with this Context object. <var>data</var> can be retrieved
 later using the <tt class="method">get_app_data</tt> method.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-131'><tt class='method'>set_cipher_list</tt></a></b>(<var>ciphers</var>)
+<dl><dt><b><a name='l2h-135'><tt class='method'>set_cipher_list</tt></a></b>(<var>ciphers</var>)
 <dd>
 Set the list of ciphers to be used in this context. See the OpenSSL manual for
 more information (e.g. ciphers(1))
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-132'><tt class='method'>set_info_callback</tt></a></b>(<var>callback</var>)
+<dl><dt><b><a name='l2h-136'><tt class='method'>set_info_callback</tt></a></b>(<var>callback</var>)
 <dd>
 Set the information callback to <var>callback</var>. This function will be called
 from time to time during SSL handshakes.
@@ -139,14 +149,14 @@ function call.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-133'><tt class='method'>set_options</tt></a></b>(<var>options</var>)
+<dl><dt><b><a name='l2h-137'><tt class='method'>set_options</tt></a></b>(<var>options</var>)
 <dd>
 Add SSL options. Options you have set before are not cleared!
 This method should be used with the <tt class="constant">OP_*</tt> constants.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-134'><tt class='method'>set_passwd_cb</tt></a></b>(<var>callback</var><big>[</big><var>, userdata</var><big>]</big>)
+<dl><dt><b><a name='l2h-138'><tt class='method'>set_passwd_cb</tt></a></b>(<var>callback</var><big>[</big><var>, userdata</var><big>]</big>)
 <dd>
 Set the passphrase callback to <var>callback</var>. This function will be called
 when a private key with a passphrase is loaded. <var>callback</var> must accept
@@ -160,7 +170,7 @@ verify that the two values supplied are equal. Third, the value given as the
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-135'><tt class='method'>set_session_id</tt></a></b>(<var>name</var>)
+<dl><dt><b><a name='l2h-139'><tt class='method'>set_session_id</tt></a></b>(<var>name</var>)
 <dd>
 Set the context <var>name</var> within which a session can be reused for this
 Context object. This is needed when doing session resumption, because there is
@@ -169,7 +179,7 @@ no way for a stored session to know which Context object it is associated with.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-136'><tt class='method'>set_timeout</tt></a></b>(<var>timeout</var>)
+<dl><dt><b><a name='l2h-140'><tt class='method'>set_timeout</tt></a></b>(<var>timeout</var>)
 <dd>
 Set the timeout for newly created sessions for this Context object to
 <var>timeout</var>. <var>timeout</var> must be given in (whole) seconds. The default
@@ -178,7 +188,7 @@ SSL_CTX_set_timeout(3)).
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-137'><tt class='method'>set_verify</tt></a></b>(<var>mode, callback</var>)
+<dl><dt><b><a name='l2h-141'><tt class='method'>set_verify</tt></a></b>(<var>mode, callback</var>)
 <dd>
 Set the verification flags for this Context object to <var>mode</var> and specify
 that <var>callback</var> should be used for verification callbacks. <var>mode</var>
@@ -193,39 +203,39 @@ and false otherwise.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-138'><tt class='method'>set_verify_depth</tt></a></b>(<var>depth</var>)
+<dl><dt><b><a name='l2h-142'><tt class='method'>set_verify_depth</tt></a></b>(<var>depth</var>)
 <dd>
 Set the maximum depth for the certificate chain verification that shall be
 allowed for this Context object.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-139'><tt class='method'>use_certificate</tt></a></b>(<var>cert</var>)
+<dl><dt><b><a name='l2h-143'><tt class='method'>use_certificate</tt></a></b>(<var>cert</var>)
 <dd>
 Use the certificate <var>cert</var> which has to be a X509 object.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-140'><tt class='method'>add_extra_chain_cert</tt></a></b>(<var>cert</var>)
+<dl><dt><b><a name='l2h-144'><tt class='method'>add_extra_chain_cert</tt></a></b>(<var>cert</var>)
 <dd>
 Adds the certificate <var>cert</var>, which has to be a X509 object, to the
 certificate chain presented together with the certificate.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-141'><tt class='method'>use_certificate_chain_file</tt></a></b>(<var>file</var>)
+<dl><dt><b><a name='l2h-145'><tt class='method'>use_certificate_chain_file</tt></a></b>(<var>file</var>)
 <dd>
 Load a certificate chain from <var>file</var> which must be PEM encoded.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-142'><tt class='method'>use_privatekey</tt></a></b>(<var>pkey</var>)
+<dl><dt><b><a name='l2h-146'><tt class='method'>use_privatekey</tt></a></b>(<var>pkey</var>)
 <dd>
 Use the private key <var>pkey</var> which has to be a PKey object.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-143'><tt class='method'>use_certificate_file</tt></a></b>(<var>file</var><big>[</big><var>, format</var><big>]</big>)
+<dl><dt><b><a name='l2h-147'><tt class='method'>use_certificate_file</tt></a></b>(<var>file</var><big>[</big><var>, format</var><big>]</big>)
 <dd>
 Load the first certificate found in <var>file</var>. The certificate must be in the
 format specified by <var>format</var>, which is either <tt class="constant">FILETYPE_PEM</tt> or
@@ -233,7 +243,7 @@ format specified by <var>format</var>, which is either <tt class="constant">FILE
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-144'><tt class='method'>use_privatekey_file</tt></a></b>(<var>file</var><big>[</big><var>, format</var><big>]</big>)
+<dl><dt><b><a name='l2h-148'><tt class='method'>use_privatekey_file</tt></a></b>(<var>file</var><big>[</big><var>, format</var><big>]</big>)
 <dd>
 Load the first private key found in <var>file</var>. The private key must be in the
 format specified by <var>format</var>, which is either <tt class="constant">FILETYPE_PEM</tt> or
diff --git a/doc/html/openssl-netscape-spki.html b/doc/html/openssl-netscape-spki.html
index 7a6fcd8..046d04a 100644
--- a/doc/html/openssl-netscape-spki.html
+++ b/doc/html/openssl-netscape-spki.html
@@ -51,31 +51,34 @@ border="0" height="32"
 NetscapeSPKI objects have the following methods:
 
 <P>
-<dl><dt><b><a name='l2h-83'><tt class='method'>b64_encode</tt></a></b>()
+<dl><dt><b><a name='l2h-86'><tt class='method'>b64_encode</tt></a></b>()
 <dd>
 Return a base64-encoded string representation of the object.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-84'><tt class='method'>get_pubkey</tt></a></b>()
+<dl><dt><b><a name='l2h-87'><tt class='method'>get_pubkey</tt></a></b>()
 <dd>
 Return the public key of object.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-85'><tt class='method'>set_pubkey</tt></a></b>(<var>key</var>)
+<dl><dt><b><a name='l2h-88'><tt class='method'>set_pubkey</tt></a></b>(<var>key</var>)
 <dd>
 Set the public key of the object to <var>key</var>.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-86'><tt class='method'>sign</tt></a></b>(<var>key, digest_name</var>)
+<dl><dt><b><a name='l2h-89'><tt class='method'>sign</tt></a></b>(<var>key, digest_name</var>)
 <dd>
-Sign the NetscapeSPKI object using the given <var>key</var> and <var>digest_name</var>.
+Sign the NetscapeSPKI object using the given <var>key</var> and
+<var>digest_name</var>.  <var>digest_name</var> must be a string describing a digest
+algorithm supported by OpenSSL (by EVP_get_digestbyname, specifically).  For
+example, <tt class="constant">"md5"</tt> or <tt class="constant">"sha1"</tt>.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-87'><tt class='method'>verify</tt></a></b>(<var>key</var>)
+<dl><dt><b><a name='l2h-90'><tt class='method'>verify</tt></a></b>(<var>key</var>)
 <dd>
 Verify the NetscapeSPKI object using the given <var>key</var>.
 </dl>
diff --git a/doc/html/openssl-pkcs12.html b/doc/html/openssl-pkcs12.html
index 914df6c..8325d57 100644
--- a/doc/html/openssl-pkcs12.html
+++ b/doc/html/openssl-pkcs12.html
@@ -52,19 +52,19 @@ border="0" height="32"
 PKCS12 objects have the following methods:
 
 <P>
-<dl><dt><b><a name='l2h-79'><tt class='method'>get_certificate</tt></a></b>()
+<dl><dt><b><a name='l2h-81'><tt class='method'>get_certificate</tt></a></b>()
 <dd>
 Return certificate portion of the PKCS12 structure.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-80'><tt class='method'>get_privatekey</tt></a></b>()
+<dl><dt><b><a name='l2h-82'><tt class='method'>get_privatekey</tt></a></b>()
 <dd>
 Return private key portion of the PKCS12 structure
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-81'><tt class='method'>get_ca_certificates</tt></a></b>()
+<dl><dt><b><a name='l2h-83'><tt class='method'>get_ca_certificates</tt></a></b>()
 <dd>
 Return CA certificates within the PKCS12 object as a tuple. Returns
 None if no CA certificates are present.
diff --git a/doc/html/openssl-pkcs7.html b/doc/html/openssl-pkcs7.html
index c4b0d71..e1d78e8 100644
--- a/doc/html/openssl-pkcs7.html
+++ b/doc/html/openssl-pkcs7.html
@@ -52,31 +52,31 @@ border="0" height="32"
 PKCS7 objects have the following methods:
 
 <P>
-<dl><dt><b><a name='l2h-74'><tt class='method'>type_is_signed</tt></a></b>()
+<dl><dt><b><a name='l2h-76'><tt class='method'>type_is_signed</tt></a></b>()
 <dd>
 FIXME
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-75'><tt class='method'>type_is_enveloped</tt></a></b>()
+<dl><dt><b><a name='l2h-77'><tt class='method'>type_is_enveloped</tt></a></b>()
 <dd>
 FIXME
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-76'><tt class='method'>type_is_signedAndEnveloped</tt></a></b>()
+<dl><dt><b><a name='l2h-78'><tt class='method'>type_is_signedAndEnveloped</tt></a></b>()
 <dd>
 FIXME
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-77'><tt class='method'>type_is_data</tt></a></b>()
+<dl><dt><b><a name='l2h-79'><tt class='method'>type_is_data</tt></a></b>()
 <dd>
 FIXME
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-78'><tt class='method'>get_type_name</tt></a></b>()
+<dl><dt><b><a name='l2h-80'><tt class='method'>get_type_name</tt></a></b>()
 <dd>
 Get the type name of the PKCS7.
 </dl>
diff --git a/doc/html/openssl-pkey.html b/doc/html/openssl-pkey.html
index f5c2b55..0843b90 100644
--- a/doc/html/openssl-pkey.html
+++ b/doc/html/openssl-pkey.html
@@ -52,20 +52,20 @@ border="0" height="32"
 The PKey object has the following methods:
 
 <P>
-<dl><dt><b><a name='l2h-71'><tt class='method'>bits</tt></a></b>()
+<dl><dt><b><a name='l2h-73'><tt class='method'>bits</tt></a></b>()
 <dd>
 Return the number of bits of the key.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-72'><tt class='method'>generate_key</tt></a></b>(<var>type, bits</var>)
+<dl><dt><b><a name='l2h-74'><tt class='method'>generate_key</tt></a></b>(<var>type, bits</var>)
 <dd>
 Generate a public/private key pair of the type <var>type</var> (one of
 <tt class="constant">TYPE_RSA</tt> and <tt class="constant">TYPE_DSA</tt>) with the size <var>bits</var>.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-73'><tt class='method'>type</tt></a></b>()
+<dl><dt><b><a name='l2h-75'><tt class='method'>type</tt></a></b>()
 <dd>
 Return the type of the key.
 </dl>
diff --git a/doc/html/openssl-rand.html b/doc/html/openssl-rand.html
index 47f03b2..8d1498b 100644
--- a/doc/html/openssl-rand.html
+++ b/doc/html/openssl-rand.html
@@ -56,52 +56,52 @@ This module handles the OpenSSL pseudo random number generator (PRNG) and
 declares the following:
 
 <P>
-<dl><dt><b><a name='l2h-89'><tt class='function'>add</tt></a></b>(<var>string, entropy</var>)
+<dl><dt><b><a name='l2h-92'><tt class='function'>add</tt></a></b>(<var>string, entropy</var>)
 <dd>
 Mix bytes from <var>string</var> into the PRNG state. The <var>entropy</var> argument is
 (the lower bound of) an estimate of how much randomness is contained in
-<var>string</var>, measured in bytes. For more information, see e.g. <a class="rfc" name="rfcref-1840"
+<var>string</var>, measured in bytes. For more information, see e.g. <a class="rfc" name="rfcref-1878"
 href="http://www.ietf.org/rfc/rfc1750.txt">RFC 1750</a>.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-90'><tt class='function'>egd</tt></a></b>(<var>path</var><big>[</big><var>, bytes</var><big>]</big>)
+<dl><dt><b><a name='l2h-93'><tt class='function'>egd</tt></a></b>(<var>path</var><big>[</big><var>, bytes</var><big>]</big>)
 <dd>
 Query the Entropy Gathering Daemon<A NAME="tex2html2"
-  HREF="#foot945"><SUP>2</SUP></A> on socket <var>path</var> for <var>bytes</var>
+  HREF="#foot972"><SUP>2</SUP></A> on socket <var>path</var> for <var>bytes</var>
 bytes of random data and and uses <tt class="function">add</tt> to seed the PRNG. The default
 value of <var>bytes</var> is 255.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-91'><tt class='function'>load_file</tt></a></b>(<var>path</var><big>[</big><var>, bytes</var><big>]</big>)
+<dl><dt><b><a name='l2h-94'><tt class='function'>load_file</tt></a></b>(<var>path</var><big>[</big><var>, bytes</var><big>]</big>)
 <dd>
 Read <var>bytes</var> bytes (or all of it, if <var>bytes</var> is negative) of data from
 the file <var>path</var> to seed the PRNG. The default value of <var>bytes</var> is -1.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-92'><tt class='function'>screen</tt></a></b>()
+<dl><dt><b><a name='l2h-95'><tt class='function'>screen</tt></a></b>()
 <dd>
 Add the current contents of the screen to the PRNG state.
 Availability: Windows.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-93'><tt class='function'>seed</tt></a></b>(<var>string</var>)
+<dl><dt><b><a name='l2h-96'><tt class='function'>seed</tt></a></b>(<var>string</var>)
 <dd>
 This is equivalent to calling <tt class="function">add</tt> with <var>entropy</var> as the length
 of the string.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-94'><tt class='function'>status</tt></a></b>()
+<dl><dt><b><a name='l2h-97'><tt class='function'>status</tt></a></b>()
 <dd>
 Returns true if the PRNG has been seeded with enough data, and false otherwise.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-95'><tt class='function'>write_file</tt></a></b>(<var>path</var>)
+<dl><dt><b><a name='l2h-98'><tt class='function'>write_file</tt></a></b>(<var>path</var>)
 <dd>
 Write a number of random bytes (currently 1024) to the file <var>path</var>. This
 file can then be used with <tt class="function">load_file</tt> to seed the PRNG again.
@@ -110,7 +110,7 @@ file can then be used with <tt class="function">load_file</tt> to seed the PRNG
 <P>
 <BR><HR><H4>Footnotes</H4>
 <DL>
-<DT><A NAME="foot945">... Daemon</A><A
+<DT><A NAME="foot972">... Daemon</A><A
  href="openssl-rand.html#tex2html2"><SUP>2</SUP></A></DT>
 <DD>See
 <a class="url" href="http://www.lothar.com/tech/crypto/">http://www.lothar.com/tech/crypto/</a>
diff --git a/doc/html/openssl-ssl.html b/doc/html/openssl-ssl.html
index 3d2409e..053c715 100644
--- a/doc/html/openssl-ssl.html
+++ b/doc/html/openssl-ssl.html
@@ -54,39 +54,39 @@ This module handles things specific to SSL. There are two objects defined:
 Context, Connection.
 
 <P>
-<dl><dt><b><a name='l2h-97'><tt>SSLv2_METHOD</tt></a></b>
+<dl><dt><b><a name='l2h-100'><tt>SSLv2_METHOD</tt></a></b>
 <dd>
-<dt><b><a name='l2h-111'><tt>SSLv3_METHOD</tt></a></b><dd>
-<dt><b><a name='l2h-112'><tt>SSLv23_METHOD</tt></a></b><dd>
-<dt><b><a name='l2h-113'><tt>TLSv1_METHOD</tt></a></b><dd>
+<dt><b><a name='l2h-114'><tt>SSLv3_METHOD</tt></a></b><dd>
+<dt><b><a name='l2h-115'><tt>SSLv23_METHOD</tt></a></b><dd>
+<dt><b><a name='l2h-116'><tt>TLSv1_METHOD</tt></a></b><dd>
 These constants represent the different SSL methods to use when creating a
 context object.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-98'><tt>VERIFY_NONE</tt></a></b>
+<dl><dt><b><a name='l2h-101'><tt>VERIFY_NONE</tt></a></b>
 <dd>
-<dt><b><a name='l2h-114'><tt>VERIFY_PEER</tt></a></b><dd>
-<dt><b><a name='l2h-115'><tt>VERIFY_FAIL_IF_NO_PEER_CERT</tt></a></b><dd>
+<dt><b><a name='l2h-117'><tt>VERIFY_PEER</tt></a></b><dd>
+<dt><b><a name='l2h-118'><tt>VERIFY_FAIL_IF_NO_PEER_CERT</tt></a></b><dd>
 These constants represent the verification mode used by the Context
 object's <tt class="method">set_verify</tt> method.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-99'><tt>FILETYPE_PEM</tt></a></b>
+<dl><dt><b><a name='l2h-102'><tt>FILETYPE_PEM</tt></a></b>
 <dd>
-<dt><b><a name='l2h-116'><tt>FILETYPE_ASN1</tt></a></b><dd>
+<dt><b><a name='l2h-119'><tt>FILETYPE_ASN1</tt></a></b><dd>
 File type constants used with the <tt class="method">use_certificate_file</tt> and
 <tt class="method">use_privatekey_file</tt> methods of Context objects.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-100'><tt>OP_SINGLE_DH_USE</tt></a></b>
+<dl><dt><b><a name='l2h-103'><tt>OP_SINGLE_DH_USE</tt></a></b>
 <dd>
-<dt><b><a name='l2h-117'><tt>OP_EPHEMERAL_RSA</tt></a></b><dd>
-<dt><b><a name='l2h-118'><tt>OP_NO_SSLv2</tt></a></b><dd>
-<dt><b><a name='l2h-119'><tt>OP_NO_SSLv3</tt></a></b><dd>
-<dt><b><a name='l2h-120'><tt>OP_NO_TLSv1</tt></a></b><dd>
+<dt><b><a name='l2h-120'><tt>OP_EPHEMERAL_RSA</tt></a></b><dd>
+<dt><b><a name='l2h-121'><tt>OP_NO_SSLv2</tt></a></b><dd>
+<dt><b><a name='l2h-122'><tt>OP_NO_SSLv3</tt></a></b><dd>
+<dt><b><a name='l2h-123'><tt>OP_NO_TLSv1</tt></a></b><dd>
 Constants used with <tt class="method">set_options</tt> of Context objects.
 <tt class="constant">OP_SINGLE_DH_USE</tt> means to always create a new key when using ephemeral
 Diffie-Hellman. <tt class="constant">OP_EPHEMERAL_RSA</tt> means to always use ephemeral RSA keys
@@ -97,13 +97,13 @@ handshake, but don't want to use SSLv2.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-101'><tt>ContextType</tt></a></b>
+<dl><dt><b><a name='l2h-104'><tt>ContextType</tt></a></b>
 <dd>
 A Python type object representing the Context object type.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-102'><tt class='function'>Context</tt></a></b>(<var>method</var>)
+<dl><dt><b><a name='l2h-105'><tt class='function'>Context</tt></a></b>(<var>method</var>)
 <dd>
 Factory function that creates a new Context object given an SSL method. The
 method should be <tt class="constant">SSLv2_METHOD</tt>, <tt class="constant">SSLv3_METHOD</tt>,
@@ -111,21 +111,21 @@ method should be <tt class="constant">SSLv2_METHOD</tt>, <tt class="constant">SS
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-103'><tt>ConnectionType</tt></a></b>
+<dl><dt><b><a name='l2h-106'><tt>ConnectionType</tt></a></b>
 <dd>
 A Python type object representing the Connection object type.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-104'><tt class='function'>Connection</tt></a></b>(<var>context, socket</var>)
+<dl><dt><b><a name='l2h-107'><tt class='function'>Connection</tt></a></b>(<var>context, socket</var>)
 <dd>
 Factory fucnction that creates a new Connection object given an SSL context and
 a socket <A NAME="tex2html4"
-  HREF="#foot948"><SUP>3</SUP></A> object.
+  HREF="#foot975"><SUP>3</SUP></A> object.
 </dl>
 
 <P>
-<dl><dt><b>exception <a name='l2h-105'><tt class='exception'>Error</tt></a></b>
+<dl><dt><b>exception <a name='l2h-108'><tt class='exception'>Error</tt></a></b>
 <dd>
 This exception is used as a base class for the other SSL-related
 exceptions, but may also be raised directly.
@@ -139,7 +139,7 @@ for more information.
 </dl>
 
 <P>
-<dl><dt><b>exception <a name='l2h-106'><tt class='exception'>ZeroReturnError</tt></a></b>
+<dl><dt><b>exception <a name='l2h-109'><tt class='exception'>ZeroReturnError</tt></a></b>
 <dd>
 This exception matches the error return code <code>SSL_ERROR_ZERO_RETURN</code>, and
 is raised when the SSL Connection has been closed. In SSL 3.0 and TLS 1.0, this
@@ -153,7 +153,7 @@ It may seem a little strange that this is an exception, but it does match an
 </dl>
 
 <P>
-<dl><dt><b>exception <a name='l2h-107'><tt class='exception'>WantReadError</tt></a></b>
+<dl><dt><b>exception <a name='l2h-110'><tt class='exception'>WantReadError</tt></a></b>
 <dd>
 The operation did not complete; the same I/O method should be called again
 later, with the same arguments. Any I/O method can lead to this since new
@@ -161,13 +161,13 @@ handshakes can occur at any time.
 </dl>
 
 <P>
-<dl><dt><b>exception <a name='l2h-108'><tt class='exception'>WantWriteError</tt></a></b>
+<dl><dt><b>exception <a name='l2h-111'><tt class='exception'>WantWriteError</tt></a></b>
 <dd>
 See <tt class="exception">WantReadError</tt>.
 </dl>
 
 <P>
-<dl><dt><b>exception <a name='l2h-109'><tt class='exception'>WantX509LookupError</tt></a></b>
+<dl><dt><b>exception <a name='l2h-112'><tt class='exception'>WantX509LookupError</tt></a></b>
 <dd>
 The operation did not complete because an application callback has asked to be
 called again. The I/O method should be called again later, with the same
@@ -176,7 +176,7 @@ callbacks in this version.
 </dl>
 
 <P>
-<dl><dt><b>exception <a name='l2h-110'><tt class='exception'>SysCallError</tt></a></b>
+<dl><dt><b>exception <a name='l2h-113'><tt class='exception'>SysCallError</tt></a></b>
 <dd>
 The <tt class="exception">SysCallError</tt> occurs when there's an I/O error and OpenSSL's
 error queue does not contain any information. This can mean two things: An
@@ -188,7 +188,7 @@ The parameter to the exception is always a pair <code>(<var>errnum</var>,
 <P>
 <BR><HR><H4>Footnotes</H4>
 <DL>
-<DT><A NAME="foot948">... socket</A><A
+<DT><A NAME="foot975">... socket</A><A
  href="openssl-ssl.html#tex2html4"><SUP>3</SUP></A></DT>
 <DD>Actually, all that is required is an object that
 <i>behaves</i> like a socket, you could even use files, even though it'd be
diff --git a/doc/html/openssl-x509.html b/doc/html/openssl-x509.html
index bd60d79..95f1a21 100644
--- a/doc/html/openssl-x509.html
+++ b/doc/html/openssl-x509.html
@@ -197,6 +197,9 @@ Return the hash of the certificate subject.
 <dl><dt><b><a name='l2h-53'><tt class='method'>digest</tt></a></b>(<var>digest_name</var>)
 <dd>
 Return a digest of the certificate, using the <var>digest_name</var> method.
+<var>digest_name</var> must be a string describing a digest algorithm supported
+by OpenSSL (by EVP_get_digestbyname, specifically).  For example,
+<tt class="constant">"md5"</tt> or <tt class="constant">"sha1"</tt>.
 </dl>
 
 <P>
diff --git a/doc/html/openssl-x509req.html b/doc/html/openssl-x509req.html
index d80c218..2d62c5e 100644
--- a/doc/html/openssl-x509req.html
+++ b/doc/html/openssl-x509req.html
@@ -83,6 +83,19 @@ Verify a certificate request using the public key <var>pkey</var>.
 </dl>
 
 <P>
+<dl><dt><b><a name='l2h-70'><tt class='method'>set_version</tt></a></b>(<var>version</var>)
+<dd>
+Set the version (RFC 2459, 4.1.2.1) of the certificate request to
+<var>version</var>.
+</dl>
+
+<P>
+<dl><dt><b><a name='l2h-71'><tt class='method'>get_version</tt></a></b>()
+<dd>
+Get the version (RFC 2459, 4.1.2.1) of the certificate request.
+</dl>
+
+<P>
 
 <DIV CLASS="navigation">
 <p><hr>
diff --git a/doc/html/openssl-x509store.html b/doc/html/openssl-x509store.html
index a9e84c2..f42da95 100644
--- a/doc/html/openssl-x509store.html
+++ b/doc/html/openssl-x509store.html
@@ -52,7 +52,7 @@ border="0" height="32"
 The X509Store object has currently just one method:
 
 <P>
-<dl><dt><b><a name='l2h-70'><tt class='method'>add_cert</tt></a></b>(<var>cert</var>)
+<dl><dt><b><a name='l2h-72'><tt class='method'>add_cert</tt></a></b>(<var>cert</var>)
 <dd>
 Add the certificate <var>cert</var> to the certificate store.
 </dl>
diff --git a/doc/pyOpenSSL.ps b/doc/pyOpenSSL.ps
index f9b845b..cfd9199 100644
--- a/doc/pyOpenSSL.ps
+++ b/doc/pyOpenSSL.ps
@@ -1,7 +1,7 @@
 %!PS-Adobe-2.0
 %%Creator: dvips(k) 5.96.1 Copyright 2007 Radical Eye Software
 %%Title: pyOpenSSL.dvi
-%%CreationDate: Sun Oct 19 11:51:38 2008
+%%CreationDate: Sat Mar  7 09:06:10 2009
 %%Pages: 15
 %%PageOrder: Ascend
 %%BoundingBox: 0 0 596 842
@@ -10,7 +10,7 @@
 %DVIPSWebPage: (www.radicaleye.com)
 %DVIPSCommandLine: dvips -N0 -o pyOpenSSL.ps pyOpenSSL
 %DVIPSParameters: dpi=600
-%DVIPSSource:  TeX output 2008.10.19:1151
+%DVIPSSource:  TeX output 2009.03.07:0906
 %%BeginProcSet: tex.pro 0 0
 %!
 /TeXDict 300 dict def TeXDict begin/N{def}def/B{bind def}N/S{exch}N/X{S
@@ -1794,8 +1794,11 @@ FF00000001E0000000F00000007C0000003E0000003F0000001F0000001F8000001F8038
 001F807C001F80FE001F80FE001F80FE001F00FC003F0078003E0070007C003800F8001F
 01F00007FFC00000FF000019277DA521>I E
 %EndDVIPSBitmapFont
-%DVIPSBitmapFont: Fl ectt1000 10 68
-/Fl 68 123 df<0000380000FC0001FC0003FC0007F8000FF0001FC0003F80007F0000FE
+%DVIPSBitmapFont: Fl ectt1000 10 69
+/Fl 69 123 df<3C001E007F007F00FF007F80FF007F80FF007F80FF007F80FF007F80FF
+007F807F007F007F007F007F007F007F007F007F007F007F007F007E003F007E003F007E
+003F007E003F007E003F007E003F003E003E003E003E003E003E003C001E001C001C0019
+1977B32C>34 D<0000380000FC0001FC0003FC0007F8000FF0001FC0003F80007F0000FE
 0001FC0003F80003F00007F00007E0000FE0000FC0001F80001F80003F80003F00003F00
 007F00007E00007E00007E0000FE0000FC0000FC0000FC0000FC0000FC0000FC0000FC00
 00FC0000FC0000FC0000FC0000FC0000FE00007E00007E00007E00007F00003F00003F00
@@ -4485,8 +4488,8 @@ ifelse
 %%Page: 1 1
 TeXDict begin 1 0 bop 0 83 3901 9 v 1890 451 a Ft(Python)64
 b(Op)5 b(enSSL)64 b(Manual)3443 619 y Fs(Release)33 b(0.8)3189
-974 y Fr(Ma)m(rtin)k(Sj\366gren)3280 1328 y Fq(Octob)r(er)26
-b(19,)h(2008)3301 1475 y Fp(ma)n(rtin@strakt.com)1781
+974 y Fr(Ma)m(rtin)k(Sj\366gren)3383 1328 y Fq(Marc)n(h)27
+b(7,)g(2009)3301 1475 y Fp(ma)n(rtin@strakt.com)1781
 1697 y Fo(Abstract)208 1841 y Fn(This)32 b(mo)r(dule)f(is)h(a)g(rather)
 g(thin)f(wrapp)r(er)h(around)g(\(a)g(subset)f(of)6 b(\))32
 b(the)g(Op)r(enSSL)e(library)-6 b(.)52 b(With)32 b(thin)f(wrapp)r(er)
@@ -4526,7 +4529,7 @@ f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)134
 b(7)315 3743 y(PK)n(CS7)27 b(ob)5 b(jects)59 b(.)41 b(.)h(.)f(.)h(.)g
 (.)f(.)h(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)
 h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f
-(.)h(.)f(.)h(.)134 b(7)315 3842 y(PK)n(CS12)27 b(ob)5
+(.)h(.)f(.)h(.)134 b(8)315 3842 y(PK)n(CS12)27 b(ob)5
 b(jects)81 b(.)42 b(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f
 (.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)
 f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)134 b(8)315
@@ -4539,14 +4542,14 @@ b(.)f(.)h(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f
 f(.)h(.)f(.)h(.)134 b(8)125 4141 y(3.2)83 b Fl(rand)26
 b Fq(\026)i(An)g(in)n(terface)f(to)g(the)h(Op)r(enSSL)g(pseudo)f
 (random)g(n)n(um)n(b)r(er)g(generator)50 b(.)41 b(.)h(.)f(.)h(.)g(.)f
-(.)h(.)f(.)h(.)f(.)h(.)134 b(8)125 4241 y(3.3)83 b Fl(SSL)27
+(.)h(.)f(.)h(.)f(.)h(.)134 b(9)125 4241 y(3.3)83 b Fl(SSL)27
 b Fq(\026)g(An)i(in)n(terface)d(to)i(the)g(SSL-sp)r(eci\034c)f(parts)g
 (of)h(Op)r(enSSL)64 b(.)42 b(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)f(.)
 h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)134 b(9)315 4340 y(Con)n(text)28
 b(ob)5 b(jects)98 b(.)42 b(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)f(.)h
 (.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)
 f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)93
-b(10)315 4440 y(Connection)27 b(ob)5 b(jects)108 b(.)42
+b(11)315 4440 y(Connection)27 b(ob)5 b(jects)108 b(.)42
 b(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)g
 (.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)
 h(.)f(.)h(.)f(.)h(.)93 b(12)0 4623 y Fm(4)77 b(In)m(ternals)3310
@@ -4557,7 +4560,7 @@ h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f
 b(.)42 b(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)f(.)h(.)
 g(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f
 (.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)93
-b(14)125 4921 y(4.3)83 b(A)n(cessing)27 b(So)r(c)n(k)n(et)g(Metho)r(ds)
+b(15)125 4921 y(4.3)83 b(A)n(cessing)27 b(So)r(c)n(k)n(et)g(Metho)r(ds)
 82 b(.)42 b(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f
 (.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)
 f(.)h(.)f(.)h(.)93 b(15)p 0 5068 V eop end
@@ -4807,671 +4810,695 @@ b(digest)8 b Fl(\))208 2733 y Fq(Sign)22 b(the)h(certi\034cate,)f
 Fc(digest)8 b Fq(.)0 2880 y Fl(subject_name_has)o(h\()o(\))208
 2979 y Fq(Return)27 b(the)h(hash)f(of)h(the)g(certi\034cate)f(sub)5
 b(ject.)0 3126 y Fl(digest\()p Fc(digest_name)h Fl(\))208
-3226 y Fq(Return)27 b(a)g(digest)h(of)f(the)h(certi\034cate,)f(using)g
-(the)h Fc(digest_name)35 b Fq(metho)r(d.)0 3373 y Fl(add_extensions\()p
-Fc(ex)o(tensions)7 b Fl(\))208 3472 y Fq(A)n(dd)27 b(the)h(extensions)f
-(in)h(the)g(sequence)f Fc(extensions)34 b Fq(to)27 b(the)h
-(certi\034cate.)0 3735 y Ff(X509Name)e(objects)0 3936
-y Fq(X509Name)g(ob)5 b(jects)27 b(ha)n(v)n(e)g(the)h(follo)n(wing)e
-(metho)r(ds:)0 4083 y Fl(hash\(\))208 4182 y Fq(Return)e(an)g(in)n
-(teger)f(giving)g(the)i(\034rst)f(four)g(b)n(ytes)f(of)h(the)h(MD5)f
-(digest)g(of)g(the)h(DER)g(represen)n(tation)e(of)h(the)g(name.)0
-4329 y Fl(der\(\))208 4429 y Fq(Return)j(a)g(string)g(giving)g(the)h
-(DER)h(represen)n(tation)c(of)j(the)g(name.)0 4576 y
-Fl(get_components\(\))208 4675 y Fq(Return)f(a)g(list)h(of)g(t)n(w)n
-(o-tuples)e(of)i(strings)e(giving)h(the)h(comp)r(onen)n(ts)f(of)h(the)g
-(name.)0 4822 y(X509Name)e(ob)5 b(jects)27 b(ha)n(v)n(e)g(the)h(follo)n
-(wing)e(mem)n(b)r(ers:)0 4969 y Fl(countryName)208 5069
-y Fq(The)h(coun)n(try)g(of)g(the)h(en)n(tit)n(y)-7 b(.)37
-b Fl(C)27 b Fq(ma)n(y)g(b)r(e)h(used)g(as)f(an)g(alias)f(for)h
-Fl(countryName)p Fq(.)0 5215 y Fl(stateOrProvinceN)o(am)o(e)208
-5315 y Fq(The)g(state)h(or)e(pro)n(vince)g(of)i(the)g(en)n(tit)n(y)-7
-b(.)37 b Fl(ST)27 b Fq(ma)n(y)f(b)r(e)i(used)g(as)f(an)g(alias)g(for)g
-Fl(stateOrProvince)o(Na)o(me)p Fq(\267)p 0 5549 3901
-4 v 0 5649 a Ff(6)2239 b(3)83 b Fl(OpenSSL)24 b Ff(\026)k(Python)f
-(interface)h(to)f(Op)r(enSSL)p eop end
+3226 y Fq(Return)38 b(a)f(digest)h(of)g(the)g(certi\034cate,)i(using)e
+(the)g Fc(digest_name)45 b Fq(metho)r(d.)69 b Fc(digest_name)45
+b Fq(m)n(ust)38 b(b)r(e)g(a)g(string)208 3325 y(describing)28
+b(a)i(digest)f(algorithm)f(supp)r(orted)i(b)n(y)f(Op)r(enSSL)h(\(b)n(y)
+g(EVP_get_digestb)n(yname,)f(sp)r(eci\034cally\).)43
+b(F)-7 b(or)208 3425 y(example,)27 b Fl("md5")e Fq(or)i
+Fl("sha1")p Fq(.)0 3572 y Fl(add_extensions\()p Fc(ex)o(tensions)7
+b Fl(\))208 3671 y Fq(A)n(dd)27 b(the)h(extensions)f(in)h(the)g
+(sequence)f Fc(extensions)34 b Fq(to)27 b(the)h(certi\034cate.)0
+3934 y Ff(X509Name)e(objects)0 4135 y Fq(X509Name)g(ob)5
+b(jects)27 b(ha)n(v)n(e)g(the)h(follo)n(wing)e(metho)r(ds:)0
+4282 y Fl(hash\(\))208 4381 y Fq(Return)e(an)g(in)n(teger)f(giving)g
+(the)i(\034rst)f(four)g(b)n(ytes)f(of)h(the)h(MD5)f(digest)g(of)g(the)h
+(DER)g(represen)n(tation)e(of)h(the)g(name.)0 4528 y
+Fl(der\(\))208 4628 y Fq(Return)j(a)g(string)g(giving)g(the)h(DER)h
+(represen)n(tation)c(of)j(the)g(name.)0 4775 y Fl(get_components\(\))
+208 4874 y Fq(Return)f(a)g(list)h(of)g(t)n(w)n(o-tuples)e(of)i(strings)
+e(giving)h(the)h(comp)r(onen)n(ts)f(of)h(the)g(name.)0
+5021 y(X509Name)e(ob)5 b(jects)27 b(ha)n(v)n(e)g(the)h(follo)n(wing)e
+(mem)n(b)r(ers:)0 5168 y Fl(countryName)208 5268 y Fq(The)h(coun)n(try)
+g(of)g(the)h(en)n(tit)n(y)-7 b(.)37 b Fl(C)27 b Fq(ma)n(y)g(b)r(e)h
+(used)g(as)f(an)g(alias)f(for)h Fl(countryName)p Fq(.)p
+0 5549 3901 4 v 0 5649 a Ff(6)2239 b(3)83 b Fl(OpenSSL)24
+b Ff(\026)k(Python)f(interface)h(to)f(Op)r(enSSL)p eop
+end
 %%Page: 7 7
-TeXDict begin 7 6 bop 0 83 a Fl(localityName)208 183
-y Fq(The)27 b(lo)r(calit)n(y)g(of)h(the)f(en)n(tit)n(y)-7
+TeXDict begin 7 6 bop 0 83 a Fl(stateOrProvinceN)o(am)o(e)208
+183 y Fq(The)27 b(state)h(or)e(pro)n(vince)g(of)i(the)g(en)n(tit)n(y)-7
+b(.)37 b Fl(ST)27 b Fq(ma)n(y)f(b)r(e)i(used)g(as)f(an)g(alias)g(for)g
+Fl(stateOrProvince)o(Na)o(me)p Fq(\267)0 330 y Fl(localityName)208
+429 y Fq(The)g(lo)r(calit)n(y)g(of)h(the)f(en)n(tit)n(y)-7
 b(.)37 b Fl(L)28 b Fq(ma)n(y)e(b)r(e)i(used)g(as)f(an)g(alias)g(for)g
-Fl(localityName)p Fq(.)0 330 y Fl(organizationName)208
-429 y Fq(The)g(organization)e(name)j(of)f(the)h(en)n(tit)n(y)-7
+Fl(localityName)p Fq(.)0 576 y Fl(organizationName)208
+676 y Fq(The)g(organization)e(name)j(of)f(the)h(en)n(tit)n(y)-7
 b(.)37 b Fl(O)27 b Fq(ma)n(y)g(b)r(e)h(used)g(as)e(an)i(alias)e(for)h
-Fl(organizationName)p Fq(.)0 576 y Fl(organizationalUn)o(it)o(Nam)o(e)
-208 676 y Fq(The)g(organizational)e(unit)j(of)g(the)g(en)n(tit)n(y)-7
+Fl(organizationName)p Fq(.)0 823 y Fl(organizationalUn)o(it)o(Nam)o(e)
+208 922 y Fq(The)g(organizational)e(unit)j(of)g(the)g(en)n(tit)n(y)-7
 b(.)36 b Fl(OU)27 b Fq(ma)n(y)g(b)r(e)h(used)g(as)f(an)g(alias)f(for)h
-Fl(organizationalUni)o(tN)o(am)o(e)p Fq(.)0 823 y Fl(commonName)208
-922 y Fq(The)g(common)g(name)h(of)f(the)h(en)n(tit)n(y)-7
+Fl(organizationalUni)o(tN)o(am)o(e)p Fq(.)0 1069 y Fl(commonName)208
+1169 y Fq(The)g(common)g(name)h(of)f(the)h(en)n(tit)n(y)-7
 b(.)37 b Fl(CN)27 b Fq(ma)n(y)f(b)r(e)i(used)g(as)f(an)g(alias)g(for)g
-Fl(commonName)p Fq(.)0 1069 y Fl(emailAddress)208 1169
+Fl(commonName)p Fq(.)0 1316 y Fl(emailAddress)208 1415
 y Fq(The)g(e-mail)g(address)f(of)i(the)g(en)n(tit)n(y)-7
-b(.)0 1432 y Ff(X509Req)26 b(objects)0 1632 y Fq(X509Req)g(ob)5
+b(.)0 1678 y Ff(X509Req)26 b(objects)0 1879 y Fq(X509Req)g(ob)5
 b(jects)27 b(ha)n(v)n(e)g(the)h(follo)n(wing)e(metho)r(ds:)0
-1779 y Fl(get_pubkey\(\))208 1879 y Fq(Return)h(a)g(PKey)h(ob)5
+2025 y Fl(get_pubkey\(\))208 2125 y Fq(Return)h(a)g(PKey)h(ob)5
 b(ject)27 b(represen)n(ting)f(the)i(public)g(k)n(ey)f(of)g(the)h
-(certi\034cate)f(request.)0 2025 y Fl(get_subject\(\))208
-2125 y Fq(Return)g(an)h(X509Name)e(ob)5 b(ject)27 b(represen)n(ting)f
+(certi\034cate)f(request.)0 2272 y Fl(get_subject\(\))208
+2372 y Fq(Return)g(an)h(X509Name)e(ob)5 b(ject)27 b(represen)n(ting)f
 (the)i(sub)5 b(ject)28 b(of)f(the)h(certi\034cate.)0
-2272 y Fl(set_pubkey\()p Fc(pkey)7 b Fl(\))208 2372 y
+2518 y Fl(set_pubkey\()p Fc(pkey)7 b Fl(\))208 2618 y
 Fq(Set)28 b(the)f(public)h(k)n(ey)f(of)h(the)g(certi\034cate)f(request)
-g(to)g Fc(pkey)7 b Fq(.)0 2518 y Fl(sign\()p Fc(pkey,)29
-b(digest)8 b Fl(\))208 2618 y Fq(Sign)36 b(the)g(certi\034cate)g
+g(to)g Fc(pkey)7 b Fq(.)0 2765 y Fl(sign\()p Fc(pkey,)29
+b(digest)8 b Fl(\))208 2865 y Fq(Sign)36 b(the)g(certi\034cate)g
 (request,)h(using)f(the)g(k)n(ey)h Fc(pkey)45 b Fq(and)36
 b(the)g(message)f(digest)g(algorithm)g(iden)n(ti\034ed)i(b)n(y)f(the)
-208 2718 y(string)28 b Fc(digest)8 b Fq(.)0 2865 y Fl(verify\()p
-Fc(pkey)f Fl(\))208 2964 y Fq(V)-7 b(erify)27 b(a)g(certi\034cate)g
+208 2964 y(string)28 b Fc(digest)8 b Fq(.)0 3111 y Fl(verify\()p
+Fc(pkey)f Fl(\))208 3211 y Fq(V)-7 b(erify)27 b(a)g(certi\034cate)g
 (request)g(using)g(the)h(public)g(k)n(ey)g Fc(pkey)7
-b Fq(.)0 3227 y Ff(X509Sto)n(re)26 b(objects)0 3428 y
-Fq(The)i(X509Store)d(ob)5 b(ject)28 b(has)f(curren)n(tly)f(just)i(one)g
-(metho)r(d:)0 3575 y Fl(add_cert\()p Fc(c)l(ert)8 b Fl(\))208
-3674 y Fq(A)n(dd)27 b(the)h(certi\034cate)f Fc(c)l(ert)36
-b Fq(to)27 b(the)h(certi\034cate)f(store.)0 3937 y Ff(PKey)g(objects)0
-4138 y Fq(The)h(PKey)f(ob)5 b(ject)27 b(has)g(the)h(follo)n(wing)f
-(metho)r(ds:)0 4285 y Fl(bits\(\))208 4384 y Fq(Return)g(the)h(n)n(um)n
-(b)r(er)f(of)h(bits)g(of)f(the)h(k)n(ey)-7 b(.)0 4531
-y Fl(generate_key\()p Fc(typ)l(e,)25 b(bits)7 b Fl(\))208
-4631 y Fq(Generate)22 b(a)h(public/priv)-5 b(ate)23 b(k)n(ey)f(pair)h
-(of)g(the)h(t)n(yp)r(e)f Fc(typ)l(e)30 b Fq(\(one)23
-b(of)30 b Fl(TYPE_RSA)19 b Fq(and)24 b Fl(TYPE_DSA)p
-Fq(\))c(with)j(the)h(size)f Fc(bits)7 b Fq(.)0 4778 y
-Fl(type\(\))208 4877 y Fq(Return)27 b(the)h(t)n(yp)r(e)g(of)f(the)h(k)n
-(ey)-7 b(.)0 5140 y Ff(PK)n(CS7)27 b(objects)0 5341 y
-Fq(PK)n(CS7)g(ob)5 b(jects)27 b(ha)n(v)n(e)f(the)i(follo)n(wing)f
-(metho)r(ds:)p 0 5549 3901 4 v 0 5649 a Ff(3.1)82 b Fl(crypto)25
-b Ff(\026)j(Generic)g(cryptographic)e(mo)r(dule)2234
+b Fq(.)0 3358 y Fl(set_version\()p Fc(version)f Fl(\))208
+3457 y Fq(Set)28 b(the)f(v)n(ersion)f(\(RF)n(C)i(2459,)e(4.1.2.1\))g
+(of)i(the)g(certi\034cate)f(request)f(to)i Fc(version)6
+b Fq(.)0 3604 y Fl(get_version\(\))208 3704 y Fq(Get)28
+b(the)f(v)n(ersion)f(\(RF)n(C)i(2459,)e(4.1.2.1\))g(of)i(the)g
+(certi\034cate)f(request.)0 3967 y Ff(X509Sto)n(re)f(objects)0
+4167 y Fq(The)i(X509Store)d(ob)5 b(ject)28 b(has)f(curren)n(tly)f(just)
+i(one)g(metho)r(d:)0 4314 y Fl(add_cert\()p Fc(c)l(ert)8
+b Fl(\))208 4414 y Fq(A)n(dd)27 b(the)h(certi\034cate)f
+Fc(c)l(ert)36 b Fq(to)27 b(the)h(certi\034cate)f(store.)0
+4677 y Ff(PKey)g(objects)0 4877 y Fq(The)h(PKey)f(ob)5
+b(ject)27 b(has)g(the)h(follo)n(wing)f(metho)r(ds:)0
+5024 y Fl(bits\(\))208 5124 y Fq(Return)g(the)h(n)n(um)n(b)r(er)f(of)h
+(bits)g(of)f(the)h(k)n(ey)-7 b(.)0 5271 y Fl(generate_key\()p
+Fc(typ)l(e,)25 b(bits)7 b Fl(\))208 5370 y Fq(Generate)22
+b(a)h(public/priv)-5 b(ate)23 b(k)n(ey)f(pair)h(of)g(the)h(t)n(yp)r(e)f
+Fc(typ)l(e)30 b Fq(\(one)23 b(of)30 b Fl(TYPE_RSA)19
+b Fq(and)24 b Fl(TYPE_DSA)p Fq(\))c(with)j(the)h(size)f
+Fc(bits)7 b Fq(.)p 0 5549 3901 4 v 0 5649 a Ff(3.1)82
+b Fl(crypto)25 b Ff(\026)j(Generic)g(cryptographic)e(mo)r(dule)2234
 b(7)p eop end
 %%Page: 8 8
-TeXDict begin 8 7 bop 0 83 a Fl(type_is_signed\(\))208
-183 y Fq(FIXME)0 330 y Fl(type_is_envelope)o(d\()o(\))208
-429 y Fq(FIXME)0 576 y Fl(type_is_signedAn)o(dE)o(nve)o(lo)o(pe)o
-(d\(\))208 676 y Fq(FIXME)0 823 y Fl(type_is_data\(\))208
-922 y Fq(FIXME)0 1069 y Fl(get_type_name\(\))208 1169
-y Fq(Get)28 b(the)f(t)n(yp)r(e)h(name)g(of)f(the)h(PK)n(CS7.)0
-1432 y Ff(PK)n(CS12)e(objects)0 1632 y Fq(PK)n(CS12)g(ob)5
-b(jects)28 b(ha)n(v)n(e)e(the)i(follo)n(wing)e(metho)r(ds:)0
-1779 y Fl(get_certificate\()o(\))208 1879 y Fq(Return)h(certi\034cate)g
-(p)r(ortion)g(of)h(the)g(PK)n(CS12)e(structure.)0 2025
-y Fl(get_privatekey\(\))208 2125 y Fq(Return)h(priv)-5
-b(ate)27 b(k)n(ey)g(p)r(ortion)g(of)h(the)g(PK)n(CS12)e(structure)0
-2272 y Fl(get_ca_certifica)o(te)o(s\(\))208 2372 y Fq(Return)k(CA)g
-(certi\034cates)f(within)i(the)f(PK)n(CS12)f(ob)5 b(ject)30
-b(as)f(a)g(tuple.)45 b(Returns)30 b(None)g(if)g(no)g(CA)g
-(certi\034cates)f(are)208 2471 y(presen)n(t.)0 2734 y
-Ff(X509Extension)c(objects)0 2935 y Fq(X509Extension)h(ob)5
-b(jects)27 b(curren)n(tly)g(only)g(ha)n(v)n(e)f(one)i(metho)r(d:)0
-3082 y Fl(get_critical\(\))208 3181 y Fq(Return)f(the)h(critical)f
-(\034eld)h(of)f(the)h(extension)f(ob)5 b(ject.)0 3444
-y Ff(Netscap)r(eSPKI)27 b(objects)0 3645 y Fq(Netscap)r(eSPKI)h(ob)5
+TeXDict begin 8 7 bop 0 83 a Fl(type\(\))208 183 y Fq(Return)27
+b(the)h(t)n(yp)r(e)g(of)f(the)h(k)n(ey)-7 b(.)0 446 y
+Ff(PK)n(CS7)27 b(objects)0 646 y Fq(PK)n(CS7)g(ob)5 b(jects)27
+b(ha)n(v)n(e)f(the)i(follo)n(wing)f(metho)r(ds:)0 793
+y Fl(type_is_signed\(\))208 893 y Fq(FIXME)0 1040 y Fl
+(type_is_envelope)o(d\()o(\))208 1139 y Fq(FIXME)0 1286
+y Fl(type_is_signedAn)o(dE)o(nve)o(lo)o(pe)o(d\(\))208
+1386 y Fq(FIXME)0 1532 y Fl(type_is_data\(\))208 1632
+y Fq(FIXME)0 1779 y Fl(get_type_name\(\))208 1879 y Fq(Get)h(the)f(t)n
+(yp)r(e)h(name)g(of)f(the)h(PK)n(CS7.)0 2142 y Ff(PK)n(CS12)e(objects)0
+2342 y Fq(PK)n(CS12)g(ob)5 b(jects)28 b(ha)n(v)n(e)e(the)i(follo)n
+(wing)e(metho)r(ds:)0 2489 y Fl(get_certificate\()o(\))208
+2589 y Fq(Return)h(certi\034cate)g(p)r(ortion)g(of)h(the)g(PK)n(CS12)e
+(structure.)0 2735 y Fl(get_privatekey\(\))208 2835 y
+Fq(Return)h(priv)-5 b(ate)27 b(k)n(ey)g(p)r(ortion)g(of)h(the)g(PK)n
+(CS12)e(structure)0 2982 y Fl(get_ca_certifica)o(te)o(s\(\))208
+3082 y Fq(Return)k(CA)g(certi\034cates)f(within)i(the)f(PK)n(CS12)f(ob)
+5 b(ject)30 b(as)f(a)g(tuple.)45 b(Returns)30 b(None)g(if)g(no)g(CA)g
+(certi\034cates)f(are)208 3181 y(presen)n(t.)0 3444 y
+Ff(X509Extension)c(objects)0 3645 y Fq(X509Extension)h(ob)5
+b(jects)27 b(ha)n(v)n(e)g(sev)n(eral)f(metho)r(ds:)0
+3792 y Fl(get_critical\(\))208 3891 y Fq(Return)h(the)h(critical)f
+(\034eld)h(of)f(the)h(extension)f(ob)5 b(ject.)0 4038
+y Fl(get_short_name\(\))208 4138 y Fq(Return)27 b(the)h(short)f(t)n(yp)
+r(e)h(name)f(of)h(the)g(extension)f(ob)5 b(ject.)0 4401
+y Ff(Netscap)r(eSPKI)27 b(objects)0 4601 y Fq(Netscap)r(eSPKI)h(ob)5
 b(jects)27 b(ha)n(v)n(e)f(the)i(follo)n(wing)e(metho)r(ds:)0
-3792 y Fl(b64_encode\(\))208 3891 y Fq(Return)h(a)g(base64-enco)r(ded)f
+4748 y Fl(b64_encode\(\))208 4848 y Fq(Return)h(a)g(base64-enco)r(ded)f
 (string)h(represen)n(tation)e(of)j(the)g(ob)5 b(ject.)0
-4038 y Fl(get_pubkey\(\))208 4138 y Fq(Return)27 b(the)h(public)g(k)n
-(ey)f(of)h(ob)5 b(ject.)0 4285 y Fl(set_pubkey\()p Fc(key)i
-Fl(\))208 4384 y Fq(Set)28 b(the)f(public)h(k)n(ey)f(of)h(the)g(ob)5
-b(ject)27 b(to)h Fc(key)7 b Fq(.)0 4531 y Fl(sign\()p
-Fc(key,)29 b(digest_name)6 b Fl(\))208 4631 y Fq(Sign)27
-b(the)h(Netscap)r(eSPKI)g(ob)5 b(ject)27 b(using)g(the)h(giv)n(en)f
-Fc(key)35 b Fq(and)28 b Fc(digest_name)6 b Fq(.)0 4778
-y Fl(verify\()p Fc(key)h Fl(\))208 4877 y Fq(V)-7 b(erify)27
-b(the)h(Netscap)r(eSPKI)g(ob)5 b(ject)27 b(using)g(the)h(giv)n(en)f
-Fc(key)7 b Fq(.)0 5157 y Fj(3.2)97 b Fd(rand)34 b Fj(\026)e(An)h
-(interface)g(to)g(the)g(Op)s(enSSL)f(pseudo)h(random)g(numb)s(er)g
-(generato)m(r)0 5357 y Fq(This)28 b(mo)r(dule)f(handles)h(the)f(Op)r
-(enSSL)h(pseudo)f(random)g(n)n(um)n(b)r(er)g(generator)f(\(PRNG\))j
-(and)e(declares)f(the)i(follo)n(wing:)p 0 5549 3901 4
-v 0 5649 a Ff(8)2239 b(3)83 b Fl(OpenSSL)24 b Ff(\026)k(Python)f
-(interface)h(to)f(Op)r(enSSL)p eop end
+4995 y Fl(get_pubkey\(\))208 5094 y Fq(Return)27 b(the)h(public)g(k)n
+(ey)f(of)h(ob)5 b(ject.)0 5241 y Fl(set_pubkey\()p Fc(key)i
+Fl(\))208 5341 y Fq(Set)28 b(the)f(public)h(k)n(ey)f(of)h(the)g(ob)5
+b(ject)27 b(to)h Fc(key)7 b Fq(.)p 0 5549 3901 4 v 0
+5649 a Ff(8)2239 b(3)83 b Fl(OpenSSL)24 b Ff(\026)k(Python)f(interface)
+h(to)f(Op)r(enSSL)p eop end
 %%Page: 9 9
-TeXDict begin 9 8 bop 0 83 a Fl(add\()p Fc(string,)28
-b(entr)l(opy)7 b Fl(\))208 183 y Fq(Mix)22 b(b)n(ytes)g(from)g
-Fc(string)30 b Fq(in)n(to)22 b(the)h(PRNG)h(state.)35
-b(The)22 b Fc(entr)l(opy)30 b Fq(argumen)n(t)22 b(is)g(\(the)h(lo)n(w)n
-(er)e(b)r(ound)i(of)6 b(\))23 b(an)f(estimate)208 282
-y(of)f(ho)n(w)g(m)n(uc)n(h)h(randomness)e(is)h(con)n(tained)g(in)h
-Fc(string)7 b Fq(,)23 b(measured)e(in)h(b)n(ytes.)34
-b(F)-7 b(or)21 b(more)g(information,)h(see)g(e.g.)34
-b(RF)n(C)208 382 y(1750.)0 529 y Fl(egd\()p Fc(p)l(ath)6
-b Fb([)p Fc(,)29 b(bytes)19 b Fb(])p Fl(\))208 628 y
-Fq(Query)29 b(the)j(En)n(trop)n(y)e(Gathering)g(Daemon)1629
-598 y Fk(2)1697 628 y Fq(on)h(so)r(c)n(k)n(et)f Fc(p)l(ath)38
-b Fq(for)30 b Fc(bytes)38 b Fq(b)n(ytes)31 b(of)g(random)f(data)g(and)h
-(and)g(uses)208 728 y Fl(add)26 b Fq(to)h(seed)h(the)g(PRNG.)g(The)g
-(default)g(v)-5 b(alue)27 b(of)34 b Fc(bytes)h Fq(is)27
-b(255.)0 889 y Fl(load_file\()p Fc(p)l(ath)6 b Fb([)p
-Fc(,)26 b(bytes)19 b Fb(])p Fl(\))208 989 y Fq(Read)29
-b Fc(bytes)38 b Fq(b)n(ytes)30 b(\(or)f(all)h(of)g(it,)i(if)37
-b Fc(bytes)g Fq(is)31 b(negativ)n(e\))e(of)h(data)g(from)g(the)g
-(\034le)h Fc(p)l(ath)37 b Fq(to)30 b(seed)g(the)h(PRNG.)g(The)208
-1089 y(default)d(v)-5 b(alue)27 b(of)34 b Fc(bytes)h
-Fq(is)27 b(-1.)0 1235 y Fl(screen\(\))208 1335 y Fq(A)n(dd)g(the)h
+TeXDict begin 9 8 bop 0 83 a Fl(sign\()p Fc(key,)29 b(digest_name)6
+b Fl(\))208 183 y Fq(Sign)30 b(the)h(Netscap)r(eSPKI)f(ob)5
+b(ject)30 b(using)g(the)h(giv)n(en)f Fc(key)38 b Fq(and)31
+b Fc(digest_name)6 b Fq(.)46 b Fc(digest_name)37 b Fq(m)n(ust)31
+b(b)r(e)g(a)f(string)208 282 y(describing)e(a)i(digest)f(algorithm)f
+(supp)r(orted)i(b)n(y)f(Op)r(enSSL)h(\(b)n(y)g(EVP_get_digestb)n
+(yname,)f(sp)r(eci\034cally\).)43 b(F)-7 b(or)208 382
+y(example,)27 b Fl("md5")e Fq(or)i Fl("sha1")p Fq(.)0
+529 y Fl(verify\()p Fc(key)7 b Fl(\))208 628 y Fq(V)-7
+b(erify)27 b(the)h(Netscap)r(eSPKI)g(ob)5 b(ject)27 b(using)g(the)h
+(giv)n(en)f Fc(key)7 b Fq(.)0 906 y Fj(3.2)97 b Fd(rand)34
+b Fj(\026)e(An)h(interface)g(to)g(the)g(Op)s(enSSL)f(pseudo)h(random)g
+(numb)s(er)g(generato)m(r)0 1106 y Fq(This)28 b(mo)r(dule)f(handles)h
+(the)f(Op)r(enSSL)h(pseudo)f(random)g(n)n(um)n(b)r(er)g(generator)f
+(\(PRNG\))j(and)e(declares)f(the)i(follo)n(wing:)0 1253
+y Fl(add\()p Fc(string,)g(entr)l(opy)7 b Fl(\))208 1353
+y Fq(Mix)22 b(b)n(ytes)g(from)g Fc(string)30 b Fq(in)n(to)22
+b(the)h(PRNG)h(state.)35 b(The)22 b Fc(entr)l(opy)30
+b Fq(argumen)n(t)22 b(is)g(\(the)h(lo)n(w)n(er)e(b)r(ound)i(of)6
+b(\))23 b(an)f(estimate)208 1452 y(of)f(ho)n(w)g(m)n(uc)n(h)h
+(randomness)e(is)h(con)n(tained)g(in)h Fc(string)7 b
+Fq(,)23 b(measured)e(in)h(b)n(ytes.)34 b(F)-7 b(or)21
+b(more)g(information,)h(see)g(e.g.)34 b(RF)n(C)208 1552
+y(1750.)0 1699 y Fl(egd\()p Fc(p)l(ath)6 b Fb([)p Fc(,)29
+b(bytes)19 b Fb(])p Fl(\))208 1798 y Fq(Query)29 b(the)j(En)n(trop)n(y)
+e(Gathering)g(Daemon)1629 1768 y Fk(2)1697 1798 y Fq(on)h(so)r(c)n(k)n
+(et)f Fc(p)l(ath)38 b Fq(for)30 b Fc(bytes)38 b Fq(b)n(ytes)31
+b(of)g(random)f(data)g(and)h(and)g(uses)208 1898 y Fl(add)26
+b Fq(to)h(seed)h(the)g(PRNG.)g(The)g(default)g(v)-5 b(alue)27
+b(of)34 b Fc(bytes)h Fq(is)27 b(255.)0 2059 y Fl(load_file\()p
+Fc(p)l(ath)6 b Fb([)p Fc(,)26 b(bytes)19 b Fb(])p Fl(\))208
+2159 y Fq(Read)29 b Fc(bytes)38 b Fq(b)n(ytes)30 b(\(or)f(all)h(of)g
+(it,)i(if)37 b Fc(bytes)g Fq(is)31 b(negativ)n(e\))e(of)h(data)g(from)g
+(the)g(\034le)h Fc(p)l(ath)37 b Fq(to)30 b(seed)g(the)h(PRNG.)g(The)208
+2259 y(default)d(v)-5 b(alue)27 b(of)34 b Fc(bytes)h
+Fq(is)27 b(-1.)0 2405 y Fl(screen\(\))208 2505 y Fq(A)n(dd)g(the)h
 (curren)n(t)f(con)n(ten)n(ts)g(of)g(the)h(screen)f(to)g(the)h(PRNG)h
 (state.)37 b(A)-9 b(v)k(ailabilit)n(y:)36 b(Windo)n(ws.)0
-1482 y Fl(seed\()p Fc(string)7 b Fl(\))208 1582 y Fq(This)27
+2652 y Fl(seed\()p Fc(string)7 b Fl(\))208 2752 y Fq(This)27
 b(is)h(equiv)-5 b(alen)n(t)27 b(to)g(calling)h Fl(add)f
 Fq(with)h Fc(entr)l(opy)35 b Fq(as)27 b(the)h(length)f(of)h(the)g
-(string.)0 1728 y Fl(status\(\))208 1828 y Fq(Returns)f(true)g(if)i
+(string.)0 2898 y Fl(status\(\))208 2998 y Fq(Returns)f(true)g(if)i
 (the)e(PRNG)i(has)e(b)r(een)h(seeded)f(with)h(enough)f(data,)g(and)h
-(false)f(otherwise.)0 1975 y Fl(write_file\()p Fc(p)l(ath)6
-b Fl(\))208 2075 y Fq(W)-7 b(rite)34 b(a)g(n)n(um)n(b)r(er)g(of)h
+(false)f(otherwise.)0 3145 y Fl(write_file\()p Fc(p)l(ath)6
+b Fl(\))208 3245 y Fq(W)-7 b(rite)34 b(a)g(n)n(um)n(b)r(er)g(of)h
 (random)e(b)n(ytes)h(\(curren)n(tly)g(1024\))f(to)h(the)h(\034le)f
 Fc(p)l(ath)6 b Fq(.)59 b(This)34 b(\034le)h(can)f(then)g(b)r(e)h(used)g
-(with)208 2174 y Fl(load_file)23 b Fq(to)28 b(seed)f(the)h(PRNG)h
-(again.)0 2454 y Fj(3.3)97 b Fd(SSL)33 b Fj(\026)f(An)h(interface)h(to)
+(with)208 3344 y Fl(load_file)23 b Fq(to)28 b(seed)f(the)h(PRNG)h
+(again.)0 3621 y Fj(3.3)97 b Fd(SSL)33 b Fj(\026)f(An)h(interface)h(to)
 e(the)h(SSL-sp)s(eci\034c)h(pa)m(rts)f(of)f(Op)s(enSSL)0
-2654 y Fq(This)c(mo)r(dule)f(handles)h(things)f(sp)r(eci\034c)h(to)f
+3822 y Fq(This)c(mo)r(dule)f(handles)h(things)f(sp)r(eci\034c)h(to)f
 (SSL.)h(There)f(are)f(t)n(w)n(o)h(ob)5 b(jects)27 b(de\034ned:)38
-b(Con)n(text,)27 b(Connection.)0 2801 y Fl(SSLv2_METHOD)0
-2901 y(SSLv3_METHOD)0 3000 y(SSLv23_METHOD)0 3100 y(TLSv1_METHOD)208
-3200 y Fq(These)g(constan)n(ts)f(represen)n(t)h(the)h(di\033eren)n(t)f
+b(Con)n(text,)27 b(Connection.)0 3969 y Fl(SSLv2_METHOD)0
+4068 y(SSLv3_METHOD)0 4168 y(SSLv23_METHOD)0 4268 y(TLSv1_METHOD)208
+4367 y Fq(These)g(constan)n(ts)f(represen)n(t)h(the)h(di\033eren)n(t)f
 (SSL)h(metho)r(ds)g(to)f(use)h(when)f(creating)g(a)g(con)n(text)g(ob)5
-b(ject.)0 3346 y Fl(VERIFY_NONE)0 3446 y(VERIFY_PEER)0
-3546 y(VERIFY_FAIL_IF_N)o(O_)o(PEE)o(R_)o(CE)o(RT)208
-3645 y Fq(These)27 b(constan)n(ts)f(represen)n(t)h(the)h(v)n
+b(ject.)0 4514 y Fl(VERIFY_NONE)0 4614 y(VERIFY_PEER)0
+4713 y(VERIFY_FAIL_IF_N)o(O_)o(PEE)o(R_)o(CE)o(RT)208
+4813 y Fq(These)27 b(constan)n(ts)f(represen)n(t)h(the)h(v)n
 (eri\034cation)e(mo)r(de)h(used)h(b)n(y)f(the)h(Con)n(text)f(ob)5
-b(ject's)27 b Fl(set_verify)d Fq(metho)r(d.)0 3792 y
-Fl(FILETYPE_PEM)0 3892 y(FILETYPE_ASN1)208 3991 y Fq(File)41
+b(ject's)27 b Fl(set_verify)d Fq(metho)r(d.)0 4960 y
+Fl(FILETYPE_PEM)0 5060 y(FILETYPE_ASN1)208 5159 y Fq(File)41
 b(t)n(yp)r(e)g(constan)n(ts)f(used)h(with)g(the)h Fl(use_certificate)o
 (_f)o(ile)34 b Fq(and)41 b Fl(use_privatekey_f)o(il)o(e)35
-b Fq(metho)r(ds)41 b(of)208 4091 y(Con)n(text)27 b(ob)5
-b(jects.)0 4238 y Fl(OP_SINGLE_DH_USE)0 4338 y(OP_EPHEMERAL_RSA)0
-4437 y(OP_NO_SSLv2)0 4537 y(OP_NO_SSLv3)0 4636 y(OP_NO_TLSv1)208
-4736 y Fq(Constan)n(ts)30 b(used)i(with)g Fl(set_options)26
-b Fq(of)32 b(Con)n(text)f(ob)5 b(jects.)48 b Fl(OP_SINGLE_DH_USE)25
-b Fq(means)31 b(to)g(alw)n(a)n(ys)f(create)g(a)208 4836
-y(new)19 b(k)n(ey)f(when)h(using)g(ephemeral)f(Di\036e-Hellman.)34
-b Fl(OP_EPHEMERAL_RSA)13 b Fq(means)18 b(to)h(alw)n(a)n(ys)e(use)i
-(ephemeral)g(RSA)208 4935 y(k)n(eys)f(when)h(doing)f(RSA)i(op)r
-(erations.)33 b Fl(OP_NO_SSLv2)p Fq(,)16 b Fl(OP_NO_SSLv3)f
-Fq(and)k Fl(OP_NO_TLSv1)14 b Fq(means)19 b(to)g(disable)f(those)208
-5035 y(sp)r(eci\034c)29 b(proto)r(cols.)39 b(This)29
-b(is)g(in)n(teresting)g(if)g(y)n(ou're)f(using)g(e.g.)41
-b Fl(SSLv23_METHOD)24 b Fq(to)29 b(get)g(an)f(SSLv2-compatible)208
-5135 y(handshak)n(e,)e(but)i(don't)g(w)n(an)n(t)f(to)g(use)h(SSLv2.)p
-0 5204 1560 4 v 92 5258 a Fh(2)127 5281 y Fg(See)c Fp(http://www.lotha)
-n(r.com/tech/crypto/)p 0 5549 3901 4 v 0 5649 a Ff(3.3)82
-b Fl(SSL)26 b Ff(\026)i(An)g(interface)g(to)f(the)g(SSL-sp)r(eci\034c)h
-(pa)n(rts)f(of)h(Op)r(enSSL)1652 b(9)p eop end
+b Fq(metho)r(ds)41 b(of)208 5259 y(Con)n(text)27 b(ob)5
+b(jects.)p 0 5323 1560 4 v 92 5377 a Fh(2)127 5400 y
+Fg(See)24 b Fp(http://www.lotha)n(r.com/tech/crypto/)p
+0 5549 3901 4 v 0 5649 a Ff(3.2)82 b Fl(rand)26 b Ff(\026)i(An)g
+(interface)f(to)g(the)h(Op)r(enSSL)g(pseudo)e(random)h(numb)r(er)h
+(generato)n(r)1148 b(9)p eop end
 %%Page: 10 10
-TeXDict begin 10 9 bop 0 83 a Fl(ContextType)208 183
-y Fq(A)27 b(Python)h(t)n(yp)r(e)g(ob)5 b(ject)28 b(represen)n(ting)d
-(the)j(Con)n(text)g(ob)5 b(ject)27 b(t)n(yp)r(e.)0 330
-y Fl(Context\()p Fc(metho)l(d)9 b Fl(\))208 429 y Fq(F)-7
-b(actory)34 b(function)i(that)g(creates)f(a)g(new)h(Con)n(text)f(ob)5
-b(ject)36 b(giv)n(en)e(an)i(SSL)g(metho)r(d.)61 b(The)36
-b(metho)r(d)g(should)g(b)r(e)208 529 y Fl(SSLv2_METHOD)p
+TeXDict begin 10 9 bop 0 83 a Fl(OP_SINGLE_DH_USE)0 183
+y(OP_EPHEMERAL_RSA)0 282 y(OP_NO_SSLv2)0 382 y(OP_NO_SSLv3)0
+482 y(OP_NO_TLSv1)208 581 y Fq(Constan)n(ts)30 b(used)i(with)g
+Fl(set_options)26 b Fq(of)32 b(Con)n(text)f(ob)5 b(jects.)48
+b Fl(OP_SINGLE_DH_USE)25 b Fq(means)31 b(to)g(alw)n(a)n(ys)f(create)g
+(a)208 681 y(new)19 b(k)n(ey)f(when)h(using)g(ephemeral)f
+(Di\036e-Hellman.)34 b Fl(OP_EPHEMERAL_RSA)13 b Fq(means)18
+b(to)h(alw)n(a)n(ys)e(use)i(ephemeral)g(RSA)208 780 y(k)n(eys)f(when)h
+(doing)f(RSA)i(op)r(erations.)33 b Fl(OP_NO_SSLv2)p Fq(,)16
+b Fl(OP_NO_SSLv3)f Fq(and)k Fl(OP_NO_TLSv1)14 b Fq(means)19
+b(to)g(disable)f(those)208 880 y(sp)r(eci\034c)29 b(proto)r(cols.)39
+b(This)29 b(is)g(in)n(teresting)g(if)g(y)n(ou're)f(using)g(e.g.)41
+b Fl(SSLv23_METHOD)24 b Fq(to)29 b(get)g(an)f(SSLv2-compatible)208
+980 y(handshak)n(e,)e(but)i(don't)g(w)n(an)n(t)f(to)g(use)h(SSLv2.)0
+1127 y Fl(ContextType)208 1226 y Fq(A)f(Python)h(t)n(yp)r(e)g(ob)5
+b(ject)28 b(represen)n(ting)d(the)j(Con)n(text)g(ob)5
+b(ject)27 b(t)n(yp)r(e.)0 1373 y Fl(Context\()p Fc(metho)l(d)9
+b Fl(\))208 1473 y Fq(F)-7 b(actory)34 b(function)i(that)g(creates)f(a)
+g(new)h(Con)n(text)f(ob)5 b(ject)36 b(giv)n(en)e(an)i(SSL)g(metho)r(d.)
+61 b(The)36 b(metho)r(d)g(should)g(b)r(e)208 1572 y Fl(SSLv2_METHOD)p
 Fq(,)22 b Fl(SSLv3_METHOD)p Fq(,)h Fl(SSLv23_METHOD)f
-Fq(or)27 b Fl(TLSv1_METHOD)p Fq(.)0 676 y Fl(ConnectionType)208
-775 y Fq(A)g(Python)h(t)n(yp)r(e)g(ob)5 b(ject)28 b(represen)n(ting)d
-(the)j(Connection)f(ob)5 b(ject)28 b(t)n(yp)r(e.)0 922
+Fq(or)27 b Fl(TLSv1_METHOD)p Fq(.)0 1719 y Fl(ConnectionType)208
+1819 y Fq(A)g(Python)h(t)n(yp)r(e)g(ob)5 b(ject)28 b(represen)n(ting)d
+(the)j(Connection)f(ob)5 b(ject)28 b(t)n(yp)r(e.)0 1966
 y Fl(Connection\()p Fc(c)l(ontext,)c(so)l(cket)8 b Fl(\))208
-1022 y Fq(F)-7 b(actory)26 b(fucnction)i(that)g(creates)e(a)h(new)h
+2065 y Fq(F)-7 b(actory)26 b(fucnction)i(that)g(creates)e(a)h(new)h
 (Connection)f(ob)5 b(ject)27 b(giv)n(en)g(an)g(SSL)h(con)n(text)f(and)h
-(a)f(so)r(c)n(k)n(et)3538 992 y Fk(3)3603 1022 y Fq(ob)5
-b(ject.)0 1169 y Fm(exception)32 b Fl(Error)208 1268
+(a)f(so)r(c)n(k)n(et)3538 2035 y Fk(3)3603 2065 y Fq(ob)5
+b(ject.)0 2212 y Fm(exception)32 b Fl(Error)208 2312
 y Fq(This)i(exception)g(is)h(used)f(as)g(a)h(base)e(class)h(for)g(the)h
 (other)f(SSL-related)g(exceptions,)i(but)f(ma)n(y)f(also)f(b)r(e)i
-(raised)208 1368 y(directly)-7 b(.)208 1501 y(Whenev)n(er)36
+(raised)208 2411 y(directly)-7 b(.)208 2544 y(Whenev)n(er)36
 b(this)h(exception)g(is)g(raised)f(directly)-7 b(,)40
 b(it)d(has)g(a)f(list)i(of)f(error)e(messages)g(from)i(the)h(Op)r
-(enSSL)f(error)208 1600 y(queue,)k(where)d(eac)n(h)f(item)i(is)g(a)f
+(enSSL)f(error)208 2644 y(queue,)k(where)d(eac)n(h)f(item)i(is)g(a)f
 (tuple)h Fl(\()p Fc(lib)5 b Fl(,)44 b Fc(function)6 b
 Fl(,)43 b Fc(r)l(e)l(ason)6 b Fl(\))p Fq(.)70 b(Here)38
 b Fc(lib)5 b Fq(,)43 b Fc(function)h Fq(and)39 b Fc(r)l(e)l(ason)45
-b Fq(are)37 b(all)208 1700 y(strings,)26 b(describing)h(where)g(and)g
+b Fq(are)37 b(all)208 2743 y(strings,)26 b(describing)h(where)g(and)g
 (what)h(the)g(problem)f(is.)36 b(See)28 b Fc(err)p Fq(\(3\))g(for)f
-(more)g(information.)0 1847 y Fm(exception)32 b Fl(ZeroReturnError)208
-1946 y Fq(This)g(exception)g(matc)n(hes)g(the)h(error)d(return)i(co)r
+(more)g(information.)0 2890 y Fm(exception)32 b Fl(ZeroReturnError)208
+2990 y Fq(This)g(exception)g(matc)n(hes)g(the)h(error)d(return)i(co)r
 (de)h Fl(SSL_ERROR_ZERO_)o(RE)o(TUR)o(N)p Fq(,)26 b(and)33
-b(is)f(raised)f(when)i(the)g(SSL)208 2046 y(Connection)c(has)g(b)r(een)
+b(is)f(raised)f(when)i(the)g(SSL)208 3090 y(Connection)c(has)g(b)r(een)
 h(closed.)43 b(In)29 b(SSL)h(3.0)f(and)h(TLS)g(1.0,)f(this)h(only)f(o)r
 (ccurs)g(if)h(a)g(closure)e(alert)h(has)g(o)r(ccurred)208
-2146 y(in)g(the)g(proto)r(col,)f(i.e.)41 b(the)29 b(connection)f(has)g
+3189 y(in)g(the)g(proto)r(col,)f(i.e.)41 b(the)29 b(connection)f(has)g
 (b)r(een)i(closed)e(cleanly)-7 b(.)40 b(Note)29 b(that)g(this)g(do)r
-(es)f(not)h(necessarily)e(mean)208 2245 y(that)g(the)h(transp)r(ort)f
+(es)f(not)h(necessarily)e(mean)208 3289 y(that)g(the)h(transp)r(ort)f
 (la)n(y)n(er)f(\(e.g.)36 b(a)28 b(so)r(c)n(k)n(et\))e(has)h(b)r(een)h
-(closed.)208 2378 y(It)k(ma)n(y)f(seem)h(a)f(little)i(strange)e(that)h
+(closed.)208 3422 y(It)k(ma)n(y)f(seem)h(a)f(little)i(strange)e(that)h
 (this)g(is)g(an)g(exception,)g(but)h(it)f(do)r(es)g(matc)n(h)g(an)f
-Fl(SSL_ERROR)e Fq(co)r(de,)j(and)g(is)208 2478 y(v)n(ery)26
-b(con)n(v)n(enien)n(t.)0 2625 y Fm(exception)32 b Fl(WantReadError)208
-2724 y Fq(The)i(op)r(eration)e(did)j(not)f(complete;)j(the)d(same)g
+Fl(SSL_ERROR)e Fq(co)r(de,)j(and)g(is)208 3521 y(v)n(ery)26
+b(con)n(v)n(enien)n(t.)0 3668 y Fm(exception)32 b Fl(WantReadError)208
+3768 y Fq(The)i(op)r(eration)e(did)j(not)f(complete;)j(the)d(same)g
 (I/O)f(metho)r(d)h(should)g(b)r(e)g(called)g(again)f(later,)i(with)f
-(the)h(same)208 2824 y(argumen)n(ts.)g(An)n(y)28 b(I/O)e(metho)r(d)i
+(the)h(same)208 3867 y(argumen)n(ts.)g(An)n(y)28 b(I/O)e(metho)r(d)i
 (can)f(lead)h(to)f(this)h(since)f(new)h(handshak)n(es)e(can)h(o)r(ccur)
-g(at)g(an)n(y)g(time.)0 2971 y Fm(exception)32 b Fl(WantWriteError)208
-3070 y Fq(See)27 b Fl(WantReadError)p Fq(.)0 3217 y Fm(exception)32
-b Fl(WantX509LookupE)o(rr)o(or)208 3317 y Fq(The)24 b(op)r(eration)g
+g(at)g(an)n(y)g(time.)0 4014 y Fm(exception)32 b Fl(WantWriteError)208
+4114 y Fq(See)27 b Fl(WantReadError)p Fq(.)0 4261 y Fm(exception)32
+b Fl(WantX509LookupE)o(rr)o(or)208 4360 y Fq(The)24 b(op)r(eration)g
 (did)h(not)g(complete)f(b)r(ecause)g(an)h(application)f(callbac)n(k)f
 (has)h(ask)n(ed)g(to)g(b)r(e)h(called)g(again.)34 b(The)25
-b(I/O)208 3417 y(metho)r(d)f(should)h(b)r(e)f(called)g(again)g(later,)g
+b(I/O)208 4460 y(metho)r(d)f(should)h(b)r(e)f(called)g(again)g(later,)g
 (with)h(the)g(same)e(argumen)n(ts.)35 b(Note:)g(This)24
-b(w)n(on't)h(o)r(ccur)e(in)i(this)g(v)n(ersion,)208 3516
+b(w)n(on't)h(o)r(ccur)e(in)i(this)g(v)n(ersion,)208 4560
 y(as)h(there)i(are)e(no)i(suc)n(h)f(callbac)n(ks)f(in)i(this)f(v)n
-(ersion.)0 3663 y Fm(exception)32 b Fl(SysCallError)208
-3763 y Fq(The)25 b Fl(SysCallError)20 b Fq(o)r(ccurs)k(when)i(there's)e
+(ersion.)0 4707 y Fm(exception)32 b Fl(SysCallError)208
+4806 y Fq(The)25 b Fl(SysCallError)20 b Fq(o)r(ccurs)k(when)i(there's)e
 (an)h(I/O)g(error)e(and)i(Op)r(enSSL's)g(error)e(queue)i(do)r(es)g(not)
-g(con)n(tain)g(an)n(y)208 3862 y(information.)59 b(This)36
+g(con)n(tain)g(an)n(y)208 4906 y(information.)59 b(This)36
 b(can)f(mean)g(t)n(w)n(o)g(things:)52 b(An)36 b(error)d(in)j(the)g
 (transp)r(ort)e(proto)r(col,)i(or)f(an)g(end)h(of)f(\034le)h(that)208
-3962 y(violates)26 b(the)i(proto)r(col.)36 b(The)27 b(parameter)f(to)i
+5005 y(violates)26 b(the)i(proto)r(col.)36 b(The)27 b(parameter)f(to)i
 (the)g(exception)f(is)g(alw)n(a)n(ys)f(a)h(pair)g Fl(\()p
-Fc(errnum)6 b Fl(,)42 b Fc(errstr)9 b Fl(\))p Fq(.)0
-4225 y Ff(Context)27 b(objects)0 4425 y Fq(Con)n(text)g(ob)5
-b(jects)27 b(ha)n(v)n(e)g(the)h(follo)n(wing)e(metho)r(ds:)0
-4572 y Fl(check_privatekey)o(\(\))208 4689 y Fq(Chec)n(k)k(if)i(the)g
-(priv)-5 b(ate)31 b(k)n(ey)f(\(loaded)h(with)h Fl(use_privatekey)p
-Fb([)p Fl(_)o(fi)o(le)11 b Fb(])p Fq(\))26 b(matc)n(hes)k(the)i
-(certi\034cate)f(\(loaded)g(with)208 4816 y Fl(use_certificate)o
-Fb([)p Fl(_)o(fil)o(e)11 b Fb(])p Fq(\).)31 b(Returns)d
-Fl(None)e Fq(if)i(they)f(matc)n(h,)h(raises)e Fl(Error)g
-Fq(otherwise.)0 4963 y Fl(get_app_data\(\))208 5063 y
-Fq(Retriev)n(e)g(application)h(data)g(as)g(set)h(b)n(y)g
-Fl(set_app_data)p Fq(.)p 0 5134 1560 4 v 92 5188 a Fh(3)127
-5211 y Fg(A)n(ctually)-6 b(,)25 b(all)e(that)j(is)d(required)j(is)e(an)
-g(ob)t(ject)h(that)h Fa(b)l(ehaves)e Fg(lik)n(e)g(a)h(so)r(c)n(k)n(et,)
-g(y)n(ou)g(could)g(ev)n(en)g(use)f(\034les,)g(ev)n(en)i(though)f(it'd)f
-(b)r(e)h(tric)n(ky)g(to)0 5290 y(get)g(the)f(handshak)n(es)h(righ)n(t!)
-p 0 5549 3901 4 v 0 5649 a Ff(10)2197 b(3)83 b Fl(OpenSSL)24
+Fc(errnum)6 b Fl(,)42 b Fc(errstr)9 b Fl(\))p Fq(.)p
+0 5075 1560 4 v 92 5128 a Fh(3)127 5152 y Fg(A)n(ctually)-6
+b(,)25 b(all)e(that)j(is)d(required)j(is)e(an)g(ob)t(ject)h(that)h
+Fa(b)l(ehaves)e Fg(lik)n(e)g(a)h(so)r(c)n(k)n(et,)g(y)n(ou)g(could)g
+(ev)n(en)g(use)f(\034les,)g(ev)n(en)i(though)f(it'd)f(b)r(e)h(tric)n
+(ky)g(to)0 5231 y(get)g(the)f(handshak)n(es)h(righ)n(t!)p
+0 5549 3901 4 v 0 5649 a Ff(10)2197 b(3)83 b Fl(OpenSSL)24
 b Ff(\026)k(Python)f(interface)h(to)f(Op)r(enSSL)p eop
 end
 %%Page: 11 11
-TeXDict begin 11 10 bop 0 83 a Fl(get_cert_store\(\))208
-183 y Fq(Retriev)n(e)34 b(the)i(certi\034cate)f(store)f(\(a)h
+TeXDict begin 11 10 bop 0 83 a Ff(Context)27 b(objects)0
+283 y Fq(Con)n(text)g(ob)5 b(jects)27 b(ha)n(v)n(e)g(the)h(follo)n
+(wing)e(metho)r(ds:)0 430 y Fl(check_privatekey)o(\(\))208
+547 y Fq(Chec)n(k)k(if)i(the)g(priv)-5 b(ate)31 b(k)n(ey)f(\(loaded)h
+(with)h Fl(use_privatekey)p Fb([)p Fl(_)o(fi)o(le)11
+b Fb(])p Fq(\))26 b(matc)n(hes)k(the)i(certi\034cate)f(\(loaded)g(with)
+208 674 y Fl(use_certificate)o Fb([)p Fl(_)o(fil)o(e)11
+b Fb(])p Fq(\).)31 b(Returns)d Fl(None)e Fq(if)i(they)f(matc)n(h,)h
+(raises)e Fl(Error)g Fq(otherwise.)0 821 y Fl(get_app_data\(\))208
+921 y Fq(Retriev)n(e)g(application)h(data)g(as)g(set)h(b)n(y)g
+Fl(set_app_data)p Fq(.)0 1068 y Fl(get_cert_store\(\))208
+1167 y Fq(Retriev)n(e)34 b(the)i(certi\034cate)f(store)f(\(a)h
 (X509Store)f(ob)5 b(ject\))35 b(that)h(the)f(con)n(text)g(uses.)60
-b(This)35 b(can)g(b)r(e)h(used)f(to)g(add)208 282 y("trusted")26
+b(This)35 b(can)g(b)r(e)h(used)f(to)g(add)208 1267 y("trusted")26
 b(certi\034cates)h(without)h(using)f(the.)37 b Fl(load_verify_loca)o
-(tio)o(ns)o(\(\))21 b Fq(metho)r(d.)0 429 y Fl(get_timeout\(\))208
-529 y Fq(Retriev)n(e)26 b(session)h(timeout,)h(as)f(set)g(b)n(y)i
+(tio)o(ns)o(\(\))21 b Fq(metho)r(d.)0 1414 y Fl(get_timeout\(\))208
+1513 y Fq(Retriev)n(e)26 b(session)h(timeout,)h(as)f(set)g(b)n(y)i
 Fl(set_timeout)p Fq(.)j(The)c(default)g(is)f(300)f(seconds.)0
-676 y Fl(get_verify_depth)o(\(\))208 775 y Fq(Retriev)n(e)g(the)i(Con)n
-(text)f(ob)5 b(ject's)28 b(v)n(erify)e(depth,)j(as)d(set)i(b)n(y)g
-Fl(set_verify_depth)p Fq(.)0 922 y Fl(get_verify_mode\()o(\))208
-1022 y Fq(Retriev)n(e)e(the)i(Con)n(text)f(ob)5 b(ject's)28
-b(v)n(erify)e(mo)r(de,)i(as)f(set)h(b)n(y)g Fl(set_verify_mode)p
-Fq(.)0 1169 y Fl(load_client_ca\()p Fc(p)l(em\034le)6
-b Fl(\))208 1268 y Fq(Read)33 b(a)g(\034le)h(with)g(PEM-formatted)g
+1660 y Fl(get_verify_depth)o(\(\))208 1760 y Fq(Retriev)n(e)g(the)i
+(Con)n(text)f(ob)5 b(ject's)28 b(v)n(erify)e(depth,)j(as)d(set)i(b)n(y)
+g Fl(set_verify_depth)p Fq(.)0 1907 y Fl(get_verify_mode\()o(\))208
+2006 y Fq(Retriev)n(e)e(the)i(Con)n(text)f(ob)5 b(ject's)28
+b(v)n(erify)e(mo)r(de,)i(as)f(set)h(b)n(y)g Fl(set_verify)p
+Fq(.)0 2153 y Fl(load_client_ca\()p Fc(p)l(em\034le)6
+b Fl(\))208 2253 y Fq(Read)33 b(a)g(\034le)h(with)g(PEM-formatted)g
 (certi\034cates)f(that)h(will)g(b)r(e)g(sen)n(t)f(to)h(the)g(clien)n(t)
-f(when)h(requesting)f(a)g(clien)n(t)208 1368 y(certi\034cate.)0
-1515 y Fl(load_verify_loca)o(ti)o(ons)o(\()p Fc(p)l(em\034le)6
-b Fl(\))208 1614 y Fq(Sp)r(ecify)24 b(where)f(CA)g(certi\034cates)g
-(for)g(v)n(eri\034cation)f(purp)r(oses)h(are)f(lo)r(cated.)35
-b(These)23 b(are)g(trusted)g(certi\034cates.)35 b(Note)208
-1714 y(that)27 b(the)h(certi\034cates)f(ha)n(v)n(e)f(to)i(b)r(e)g(in)g
-(PEM)g(format.)0 1861 y Fl(load_tmp_dh\()p Fc(dh\034le)6
-b Fl(\))208 1961 y Fq(Load)26 b(parameters)g(for)h(Ephemeral)g
-(Di\036e-Hellman)h(from)g Fc(dh\034le)6 b Fq(.)0 2107
-y Fl(set_app_data\()p Fc(data)g Fl(\))208 2207 y Fq(Asso)r(ciate)25
-b Fc(data)33 b Fq(with)27 b(this)f(Con)n(text)f(ob)5
-b(ject.)36 b Fc(data)e Fq(can)25 b(b)r(e)i(retriev)n(ed)d(later)i
-(using)f(the)i Fl(get_app_data)21 b Fq(metho)r(d.)0 2354
-y Fl(set_cipher_list\()o Fc(ciphers)7 b Fl(\))208 2454
-y Fq(Set)28 b(the)g(list)h(of)f(ciphers)f(to)h(b)r(e)g(used)g(in)g
-(this)h(con)n(text.)37 b(See)28 b(the)h(Op)r(enSSL)f(man)n(ual)f(for)h
-(more)f(information)g(\(e.g.)208 2553 y(ciphers\(1\)\))0
-2700 y Fl(set_info_callbac)o(k\()o Fc(c)l(al)t(lb)l(ack)9
-b Fl(\))208 2800 y Fq(Set)33 b(the)f(information)g(callbac)n(k)f(to)i
+f(when)h(requesting)f(a)g(clien)n(t)208 2353 y(certi\034cate.)0
+2499 y Fl(load_verify_loca)o(ti)o(ons)o(\()p Fc(p)l(em\034le,)24
+b(c)l(ap)l(ath)6 b Fl(\))208 2599 y Fq(Sp)r(ecify)24
+b(where)f(CA)g(certi\034cates)g(for)g(v)n(eri\034cation)f(purp)r(oses)h
+(are)f(lo)r(cated.)35 b(These)23 b(are)g(trusted)g(certi\034cates.)35
+b(Note)208 2699 y(that)c(the)g(certi\034cates)f(ha)n(v)n(e)f(to)i(b)r
+(e)g(in)g(PEM)h(format.)46 b(If)31 b(capath)f(is)h(passed,)f(it)i(m)n
+(ust)e(b)r(e)i(a)e(directory)f(prepared)208 2798 y(using)i(the)h
+Fl(c_rehash)c Fq(to)r(ol)j(included)h(with)g(Op)r(enSSL.)g(Either,)h
+(but)f(not)g(b)r(oth,)h(of)38 b Fc(p)l(em\034le)g Fq(or)31
+b Fc(c)l(ap)l(ath)39 b Fq(ma)n(y)31 b(b)r(e)208 2898
+y Fl(None)p Fq(.)0 3045 y Fl(set_default_veri)o(fy)o(_pa)o(th)o(s\()o
+(\))208 3144 y Fq(Sp)r(ecify)20 b(that)h(the)g(platform)f(pro)n(vided)f
+(CA)h(certi\034cates)g(are)f(to)h(b)r(e)h(used)f(for)g(v)n
+(eri\034cation)f(purp)r(oses.)33 b(This)21 b(metho)r(d)208
+3244 y(ma)n(y)26 b(not)i(w)n(ork)e(prop)r(erly)h(on)g(OS)g(X.)0
+3391 y Fl(load_tmp_dh\()p Fc(dh\034le)6 b Fl(\))208 3491
+y Fq(Load)26 b(parameters)g(for)h(Ephemeral)g(Di\036e-Hellman)h(from)g
+Fc(dh\034le)6 b Fq(.)0 3637 y Fl(set_app_data\()p Fc(data)g
+Fl(\))208 3737 y Fq(Asso)r(ciate)25 b Fc(data)33 b Fq(with)27
+b(this)f(Con)n(text)f(ob)5 b(ject.)36 b Fc(data)e Fq(can)25
+b(b)r(e)i(retriev)n(ed)d(later)i(using)f(the)i Fl(get_app_data)21
+b Fq(metho)r(d.)0 3884 y Fl(set_cipher_list\()o Fc(ciphers)7
+b Fl(\))208 3984 y Fq(Set)28 b(the)g(list)h(of)f(ciphers)f(to)h(b)r(e)g
+(used)g(in)g(this)h(con)n(text.)37 b(See)28 b(the)h(Op)r(enSSL)f(man)n
+(ual)f(for)h(more)f(information)g(\(e.g.)208 4083 y(ciphers\(1\)\))0
+4230 y Fl(set_info_callbac)o(k\()o Fc(c)l(al)t(lb)l(ack)9
+b Fl(\))208 4330 y Fq(Set)33 b(the)f(information)g(callbac)n(k)f(to)i
 Fc(c)l(al)t(lb)l(ack)9 b Fq(.)54 b(This)32 b(function)h(will)g(b)r(e)g
 (called)f(from)g(time)h(to)g(time)g(during)f(SSL)208
-2899 y(handshak)n(es.)49 b Fc(c)l(al)t(lb)l(ack)43 b
+4429 y(handshak)n(es.)49 b Fc(c)l(al)t(lb)l(ack)43 b
 Fq(should)32 b(tak)n(e)g(three)g(argumen)n(ts:)45 b(a)32
 b(Connection)g(ob)5 b(ject)32 b(and)g(t)n(w)n(o)g(in)n(tegers.)50
-b(The)32 b(\034rst)208 2999 y(in)n(teger)f(sp)r(eci\034es)g(where)h(in)
+b(The)32 b(\034rst)208 4529 y(in)n(teger)f(sp)r(eci\034es)g(where)h(in)
 g(the)g(SSL)g(handshak)n(e)f(the)h(function)h(w)n(as)e(called,)h(and)g
-(the)g(other)g(the)g(return)f(co)r(de)208 3099 y(from)c(a)g(\(p)r
+(the)g(other)g(the)g(return)f(co)r(de)208 4629 y(from)c(a)g(\(p)r
 (ossibly)g(failed\))h(in)n(ternal)f(function)h(call.)0
-3245 y Fl(set_options\()p Fc(options)7 b Fl(\))208 3345
+4775 y Fl(set_options\()p Fc(options)7 b Fl(\))208 4875
 y Fq(A)n(dd)28 b(SSL)h(options.)38 b(Options)28 b(y)n(ou)f(ha)n(v)n(e)g
 (set)i(b)r(efore)f(are)f(not)h(cleared!)38 b(This)28
 b(metho)r(d)h(should)f(b)r(e)h(used)f(with)h(the)208
-3445 y Fl(OP_*)d Fq(constan)n(ts.)0 3591 y Fl(set_passwd_cb\()p
+4975 y Fl(OP_*)d Fq(constan)n(ts.)0 5122 y Fl(set_passwd_cb\()p
 Fc(c)l(al)t(lb)l(ack)9 b Fb([)p Fc(,)25 b(user)l(data)19
-b Fb(])p Fl(\))208 3691 y Fq(Set)42 b(the)g(passphrase)f(callbac)n(k)f
+b Fb(])p Fl(\))208 5221 y Fq(Set)42 b(the)g(passphrase)f(callbac)n(k)f
 (to)i Fc(c)l(al)t(lb)l(ack)9 b Fq(.)82 b(This)42 b(function)h(will)f(b)
 r(e)g(called)g(when)g(a)g(priv)-5 b(ate)42 b(k)n(ey)f(with)h(a)208
-3791 y(passphrase)32 b(is)i(loaded.)56 b Fc(c)l(al)t(lb)l(ack)45
+5321 y(passphrase)32 b(is)i(loaded.)56 b Fc(c)l(al)t(lb)l(ack)45
 b Fq(m)n(ust)34 b(accept)g(three)g(p)r(ositional)f(argumen)n(ts.)56
-b(First,)35 b(an)f(in)n(teger)f(giving)h(the)208 3890
-y(maxim)n(um)e(length)i(of)f(the)g(passphrase)f(it)h(ma)n(y)g(return.)
-53 b(If)33 b(the)h(returned)e(passphrase)g(is)h(longer)f(than)h(this,)i
-(it)208 3990 y(will)29 b(b)r(e)h(truncated.)43 b(Second,)30
-b(a)f(b)r(o)r(olean)g(v)-5 b(alue)29 b(whic)n(h)h(will)g(b)r(e)g(true)f
-(if)h(the)g(user)f(should)g(b)r(e)h(prompted)g(for)f(the)208
-4090 y(passphrase)k(t)n(wice)h(and)h(the)g(callbac)n(k)f(should)g(v)n
-(erify)h(that)g(the)g(t)n(w)n(o)f(v)-5 b(alues)35 b(supplied)g(are)f
-(equal.)58 b(Third,)37 b(the)208 4189 y(v)-5 b(alue)27
-b(giv)n(en)g(as)g(the)h Fc(user)l(data)35 b Fq(parameter)26
-b(to)h Fl(set_passwd_cb)p Fq(.)32 b(If)c(an)g(error)d(o)r(ccurs,)i
-Fc(c)l(al)t(lb)l(ack)39 b Fq(should)27 b(return)g(a)208
-4289 y(false)g(v)-5 b(alue)27 b(\(e.g.)37 b(an)27 b(empt)n(y)h
-(string\).)0 4436 y Fl(set_session_id\()p Fc(n)o(ame)6
-b Fl(\))208 4535 y Fq(Set)33 b(the)h(con)n(text)f Fc(name)39
-b Fq(within)34 b(whic)n(h)f(a)g(session)f(can)h(b)r(e)h(reused)e(for)h
-(this)g(Con)n(text)g(ob)5 b(ject.)54 b(This)33 b(is)g(needed)208
-4635 y(when)e(doing)g(session)g(resumption,)h(b)r(ecause)g(there)f(is)h
-(no)f(w)n(a)n(y)g(for)g(a)g(stored)g(session)f(to)i(kno)n(w)f(whic)n(h)
-g(Con)n(text)208 4735 y(ob)5 b(ject)27 b(it)h(is)f(asso)r(ciated)g
-(with.)37 b Fc(name)d Fq(ma)n(y)27 b(b)r(e)h(an)n(y)e(binary)h(data.)0
-4882 y Fl(set_timeout\()p Fc(time)l(out)8 b Fl(\))208
-4981 y Fq(Set)29 b(the)g(timeout)h(for)e(newly)h(created)f(sessions)g
-(for)h(this)g(Con)n(text)g(ob)5 b(ject)28 b(to)h Fc(time)l(out)8
-b Fq(.)41 b Fc(time)l(out)36 b Fq(m)n(ust)29 b(b)r(e)h(giv)n(en)208
-5081 y(in)f(\(whole\))f(seconds.)40 b(The)29 b(default)g(v)-5
-b(alue)28 b(is)h(300)e(seconds.)40 b(See)29 b(the)g(Op)r(enSSL)g(man)n
-(ual)f(for)g(more)g(information)208 5180 y(\(e.g.)36
-b(SSL_CTX_set_timeout\(3\)\).)0 5327 y Fl(set_verify\()p
-Fc(mo)l(de,)26 b(c)l(al)t(lb)l(ack)9 b Fl(\))p 0 5549
+b(First,)35 b(an)f(in)n(teger)f(giving)h(the)p 0 5549
 3901 4 v 0 5649 a Ff(3.3)82 b Fl(SSL)26 b Ff(\026)i(An)g(interface)g
 (to)f(the)g(SSL-sp)r(eci\034c)h(pa)n(rts)f(of)h(Op)r(enSSL)1611
 b(11)p eop end
 %%Page: 12 12
-TeXDict begin 12 11 bop 208 83 a Fq(Set)36 b(the)h(v)n(eri\034cation)e
-(\035ags)g(for)h(this)h(Con)n(text)f(ob)5 b(ject)36 b(to)g
-Fc(mo)l(de)44 b Fq(and)36 b(sp)r(ecify)g(that)h Fc(c)l(al)t(lb)l(ack)47
-b Fq(should)36 b(b)r(e)h(used)208 183 y(for)30 b(v)n(eri\034cation)g
-(callbac)n(ks.)45 b Fc(mo)l(de)38 b Fq(should)31 b(b)r(e)h(one)e(of)38
+TeXDict begin 12 11 bop 208 83 a Fq(maxim)n(um)32 b(length)i(of)f(the)g
+(passphrase)f(it)h(ma)n(y)g(return.)53 b(If)33 b(the)h(returned)e
+(passphrase)g(is)h(longer)f(than)h(this,)i(it)208 183
+y(will)29 b(b)r(e)h(truncated.)43 b(Second,)30 b(a)f(b)r(o)r(olean)g(v)
+-5 b(alue)29 b(whic)n(h)h(will)g(b)r(e)g(true)f(if)h(the)g(user)f
+(should)g(b)r(e)h(prompted)g(for)f(the)208 282 y(passphrase)k(t)n(wice)
+h(and)h(the)g(callbac)n(k)f(should)g(v)n(erify)h(that)g(the)g(t)n(w)n
+(o)f(v)-5 b(alues)35 b(supplied)g(are)f(equal.)58 b(Third,)37
+b(the)208 382 y(v)-5 b(alue)27 b(giv)n(en)g(as)g(the)h
+Fc(user)l(data)35 b Fq(parameter)26 b(to)h Fl(set_passwd_cb)p
+Fq(.)32 b(If)c(an)g(error)d(o)r(ccurs,)i Fc(c)l(al)t(lb)l(ack)39
+b Fq(should)27 b(return)g(a)208 482 y(false)g(v)-5 b(alue)27
+b(\(e.g.)37 b(an)27 b(empt)n(y)h(string\).)0 628 y Fl(set_session_id\()
+p Fc(n)o(ame)6 b Fl(\))208 728 y Fq(Set)33 b(the)h(con)n(text)f
+Fc(name)39 b Fq(within)34 b(whic)n(h)f(a)g(session)f(can)h(b)r(e)h
+(reused)e(for)h(this)g(Con)n(text)g(ob)5 b(ject.)54 b(This)33
+b(is)g(needed)208 828 y(when)e(doing)g(session)g(resumption,)h(b)r
+(ecause)g(there)f(is)h(no)f(w)n(a)n(y)g(for)g(a)g(stored)g(session)f
+(to)i(kno)n(w)f(whic)n(h)g(Con)n(text)208 927 y(ob)5
+b(ject)27 b(it)h(is)f(asso)r(ciated)g(with.)37 b Fc(name)d
+Fq(ma)n(y)27 b(b)r(e)h(an)n(y)e(binary)h(data.)0 1074
+y Fl(set_timeout\()p Fc(time)l(out)8 b Fl(\))208 1174
+y Fq(Set)29 b(the)g(timeout)h(for)e(newly)h(created)f(sessions)g(for)h
+(this)g(Con)n(text)g(ob)5 b(ject)28 b(to)h Fc(time)l(out)8
+b Fq(.)41 b Fc(time)l(out)36 b Fq(m)n(ust)29 b(b)r(e)h(giv)n(en)208
+1273 y(in)f(\(whole\))f(seconds.)40 b(The)29 b(default)g(v)-5
+b(alue)28 b(is)h(300)e(seconds.)40 b(See)29 b(the)g(Op)r(enSSL)g(man)n
+(ual)f(for)g(more)g(information)208 1373 y(\(e.g.)36
+b(SSL_CTX_set_timeout\(3\)\).)0 1520 y Fl(set_verify\()p
+Fc(mo)l(de,)26 b(c)l(al)t(lb)l(ack)9 b Fl(\))208 1620
+y Fq(Set)36 b(the)h(v)n(eri\034cation)e(\035ags)g(for)h(this)h(Con)n
+(text)f(ob)5 b(ject)36 b(to)g Fc(mo)l(de)44 b Fq(and)36
+b(sp)r(ecify)g(that)h Fc(c)l(al)t(lb)l(ack)47 b Fq(should)36
+b(b)r(e)h(used)208 1719 y(for)30 b(v)n(eri\034cation)g(callbac)n(ks.)45
+b Fc(mo)l(de)38 b Fq(should)31 b(b)r(e)h(one)e(of)38
 b Fl(VERIFY_NONE)26 b Fq(and)31 b Fl(VERIFY_PEER)p Fq(.)c(If)38
-b Fl(VERIFY_PEER)26 b Fq(is)208 282 y(used,)j Fc(mo)l(de)36
+b Fl(VERIFY_PEER)26 b Fq(is)208 1819 y(used,)j Fc(mo)l(de)36
 b Fq(can)29 b(b)r(e)g(OR:ed)g(with)g Fl(VERIFY_FAIL_IF_NO)o(_P)o(EE)o
 (R_C)o(ER)o(T)23 b Fq(and)29 b Fl(VERIFY_CLIENT_O)o(NCE)22
-b Fq(to)29 b(further)208 382 y(con)n(trol)23 b(the)j(b)r(eha)n(viour.)
+b Fq(to)29 b(further)208 1918 y(con)n(trol)23 b(the)j(b)r(eha)n(viour.)
 34 b Fc(c)l(al)t(lb)l(ack)i Fq(should)25 b(tak)n(e)f(\034v)n(e)h
 (argumen)n(ts:)34 b(A)25 b(Connection)g(ob)5 b(ject,)25
-b(an)g(X509)f(ob)5 b(ject,)25 b(and)208 482 y(three)e(in)n(teger)g(v)-5
-b(ariables,)23 b(whic)n(h)h(are)f(in)h(turn)g(p)r(oten)n(tial)g(error)d
-(n)n(um)n(b)r(er,)k(error)c(depth)k(and)f(return)f(co)r(de.)35
-b Fc(c)l(al)t(lb)l(ack)208 581 y Fq(should)27 b(return)g(true)g(if)h(v)
-n(eri\034cation)f(passes)f(and)h(false)h(otherwise.)0
-728 y Fl(set_verify_depth)o(\()p Fc(depth)6 b Fl(\))208
-828 y Fq(Set)36 b(the)g(maxim)n(um)f(depth)h(for)g(the)g(certi\034cate)
-f(c)n(hain)g(v)n(eri\034cation)f(that)i(shall)f(b)r(e)h(allo)n(w)n(ed)e
-(for)i(this)f(Con)n(text)208 927 y(ob)5 b(ject.)0 1074
-y Fl(use_certificate\()o Fc(c)l(ert)j Fl(\))208 1174
-y Fq(Use)27 b(the)h(certi\034cate)f Fc(c)l(ert)35 b Fq(whic)n(h)28
-b(has)f(to)g(b)r(e)h(a)f(X509)g(ob)5 b(ject.)0 1321 y
-Fl(add_extra_chain_)o(ce)o(rt\()o Fc(c)l(ert)j Fl(\))208
-1420 y Fq(A)n(dds)32 b(the)h(certi\034cate)f Fc(c)l(ert)8
-b Fq(,)34 b(whic)n(h)f(has)f(to)g(b)r(e)i(a)e(X509)f(ob)5
+b(an)g(X509)f(ob)5 b(ject,)25 b(and)208 2018 y(three)e(in)n(teger)g(v)
+-5 b(ariables,)23 b(whic)n(h)h(are)f(in)h(turn)g(p)r(oten)n(tial)g
+(error)d(n)n(um)n(b)r(er,)k(error)c(depth)k(and)f(return)f(co)r(de.)35
+b Fc(c)l(al)t(lb)l(ack)208 2118 y Fq(should)27 b(return)g(true)g(if)h
+(v)n(eri\034cation)f(passes)f(and)h(false)h(otherwise.)0
+2265 y Fl(set_verify_depth)o(\()p Fc(depth)6 b Fl(\))208
+2364 y Fq(Set)36 b(the)g(maxim)n(um)f(depth)h(for)g(the)g
+(certi\034cate)f(c)n(hain)g(v)n(eri\034cation)f(that)i(shall)f(b)r(e)h
+(allo)n(w)n(ed)e(for)i(this)f(Con)n(text)208 2464 y(ob)5
+b(ject.)0 2611 y Fl(use_certificate\()o Fc(c)l(ert)j
+Fl(\))208 2710 y Fq(Use)27 b(the)h(certi\034cate)f Fc(c)l(ert)35
+b Fq(whic)n(h)28 b(has)f(to)g(b)r(e)h(a)f(X509)g(ob)5
+b(ject.)0 2857 y Fl(add_extra_chain_)o(ce)o(rt\()o Fc(c)l(ert)j
+Fl(\))208 2957 y Fq(A)n(dds)32 b(the)h(certi\034cate)f
+Fc(c)l(ert)8 b Fq(,)34 b(whic)n(h)f(has)f(to)g(b)r(e)i(a)e(X509)f(ob)5
 b(ject,)34 b(to)f(the)g(certi\034cate)f(c)n(hain)g(presen)n(ted)g
-(together)208 1520 y(with)c(the)g(certi\034cate.)0 1667
+(together)208 3056 y(with)c(the)g(certi\034cate.)0 3203
 y Fl(use_certificate_)o(ch)o(ain)o(_f)o(il)o(e\()p Fc(\034)o(le)6
-b Fl(\))208 1766 y Fq(Load)26 b(a)h(certi\034cate)g(c)n(hain)g(from)h
+b Fl(\))208 3303 y Fq(Load)26 b(a)h(certi\034cate)g(c)n(hain)g(from)h
 Fc(\034le)34 b Fq(whic)n(h)27 b(m)n(ust)h(b)r(e)g(PEM)g(enco)r(ded.)0
-1913 y Fl(use_privatekey\()p Fc(pkey)7 b Fl(\))208 2013
+3450 y Fl(use_privatekey\()p Fc(pkey)7 b Fl(\))208 3549
 y Fq(Use)27 b(the)h(priv)-5 b(ate)27 b(k)n(ey)h Fc(pkey)36
 b Fq(whic)n(h)28 b(has)f(to)g(b)r(e)h(a)f(PKey)h(ob)5
-b(ject.)0 2174 y Fl(use_certificate_)o(fi)o(le\()o Fc(\034le)h
-Fb([)p Fc(,)24 b(format)d Fb(])p Fl(\))208 2274 y Fq(Load)i(the)h
+b(ject.)0 3711 y Fl(use_certificate_)o(fi)o(le\()o Fc(\034le)h
+Fb([)p Fc(,)24 b(format)d Fb(])p Fl(\))208 3810 y Fq(Load)i(the)h
 (\034rst)g(certi\034cate)f(found)h(in)h Fc(\034le)6 b
 Fq(.)36 b(The)24 b(certi\034cate)f(m)n(ust)h(b)r(e)h(in)f(the)g(format)
 g(sp)r(eci\034ed)g(b)n(y)h Fc(format)8 b Fq(,)25 b(whic)n(h)208
-2373 y(is)i(either)g Fl(FILETYPE_PEM)c Fq(or)k Fl(FILETYPE_ASN1)p
+3910 y(is)i(either)g Fl(FILETYPE_PEM)c Fq(or)k Fl(FILETYPE_ASN1)p
 Fq(.)k(The)d(default)g(is)f Fl(FILETYPE_PEM)p Fq(.)0
-2520 y Fl(use_privatekey_f)o(il)o(e\()p Fc(\034)o(le)6
-b Fb([)p Fc(,)25 b(format)20 b Fb(])p Fl(\))208 2620
+4057 y Fl(use_privatekey_f)o(il)o(e\()p Fc(\034)o(le)6
+b Fb([)p Fc(,)25 b(format)20 b Fb(])p Fl(\))208 4156
 y Fq(Load)31 b(the)h(\034rst)g(priv)-5 b(ate)31 b(k)n(ey)g(found)i(in)f
 Fc(\034le)6 b Fq(.)50 b(The)32 b(priv)-5 b(ate)32 b(k)n(ey)f(m)n(ust)h
 (b)r(e)g(in)h(the)f(format)f(sp)r(eci\034ed)i(b)n(y)f
-Fc(format)8 b Fq(,)208 2720 y(whic)n(h)27 b(is)g(either)h
+Fc(format)8 b Fq(,)208 4256 y(whic)n(h)27 b(is)g(either)h
 Fl(FILETYPE_PEM)22 b Fq(or)27 b Fl(FILETYPE_ASN1)p Fq(.)32
-b(The)27 b(default)h(is)g Fl(FILETYPE_PEM)p Fq(.)0 2983
-y Ff(Connection)e(objects)0 3183 y Fq(Connection)h(ob)5
+b(The)27 b(default)h(is)g Fl(FILETYPE_PEM)p Fq(.)0 4519
+y Ff(Connection)e(objects)0 4720 y Fq(Connection)h(ob)5
 b(jects)27 b(ha)n(v)n(e)f(the)i(follo)n(wing)f(metho)r(ds:)0
-3330 y Fl(accept\(\))208 3429 y Fq(Call)33 b(the)g Fl(accept)e
+4866 y Fl(accept\(\))208 4966 y Fq(Call)33 b(the)g Fl(accept)e
 Fq(metho)r(d)j(of)f(the)h(underlying)f(so)r(c)n(k)n(et)f(and)h(set)h
 (up)g(SSL)f(on)g(the)h(returned)f(so)r(c)n(k)n(et,)h(using)f(the)208
-3529 y(Con)n(text)22 b(ob)5 b(ject)22 b(supplied)h(to)f(this)h
+5066 y(Con)n(text)22 b(ob)5 b(ject)22 b(supplied)h(to)f(this)h
 (Connection)f(ob)5 b(ject)22 b(at)h(creation.)34 b(Returns)22
 b(a)g(pair)g Fl(\()p Fc(c)l(onn)6 b Fl(,)43 b Fc(addr)l(ess)7
-b Fl(\))p Fq(.)36 b(where)208 3629 y Fc(c)l(onn)d Fq(is)28
+b Fl(\))p Fq(.)36 b(where)208 5165 y Fc(c)l(onn)d Fq(is)28
 b(the)g(new)f(Connection)g(ob)5 b(ject)28 b(created,)e(and)i
 Fc(addr)l(ess)35 b Fq(is)28 b(as)f(returned)g(b)n(y)g(the)h(so)r(c)n(k)
-n(et's)e Fl(accept)p Fq(.)0 3776 y Fl(bind\()p Fc(addr)l(ess)7
-b Fl(\))208 3875 y Fq(Call)27 b(the)h Fl(bind)e Fq(metho)r(d)i(of)f
-(the)h(underlying)f(so)r(c)n(k)n(et.)0 4022 y Fl(close\(\))208
-4122 y Fq(Call)i(the)h Fl(close)e Fq(metho)r(d)i(of)g(the)g(underlying)
-f(so)r(c)n(k)n(et.)43 b(Note:)e(If)31 b(y)n(ou)e(w)n(an)n(t)g(correct)f
-(SSL)i(closure,)f(y)n(ou)g(need)h(to)208 4221 y(call)d(the)h
-Fl(shutdown)c Fq(metho)r(d)k(\034rst.)0 4368 y Fl(connect\()p
-Fc(addr)l(ess)7 b Fl(\))208 4468 y Fq(Call)31 b(the)h
-Fl(connect)e Fq(metho)r(d)i(of)g(the)g(underlying)g(so)r(c)n(k)n(et)e
-(and)i(set)g(up)g(SSL)h(on)e(the)i(so)r(c)n(k)n(et,)f(using)f(the)h
-(Con)n(text)208 4567 y(ob)5 b(ject)27 b(supplied)h(to)f(this)h
-(Connection)f(ob)5 b(ject)27 b(at)h(creation.)0 4714
-y Fl(connect_ex\()p Fc(addr)l(ess)7 b Fl(\))208 4814
-y Fq(Call)24 b(the)g Fl(connect_ex)c Fq(metho)r(d)25
-b(of)f(the)h(underlying)f(so)r(c)n(k)n(et)f(and)h(set)g(up)h(SSL)f(on)g
-(the)h(so)r(c)n(k)n(et,)f(using)g(the)g(Con)n(text)208
-4914 y(ob)5 b(ject)35 b(supplied)g(to)h(this)f(Connection)g(ob)5
-b(ject)36 b(at)f(creation.)59 b(Note)36 b(that)f(if)h(the)g
-Fl(connect_ex)31 b Fq(metho)r(d)36 b(of)g(the)208 5013
-y(so)r(c)n(k)n(et)26 b(do)r(esn't)i(return)f(0,)g(SSL)h(w)n(on't)f(b)r
-(e)h(initialized.)0 5160 y Fl(do_handshake\(\))208 5260
-y Fq(P)n(erform)49 b(an)h(SSL)g(handshak)n(e)f(\(usually)h(called)g
-(after)f Fl(renegotiate)d Fq(or)j(one)h(of)57 b Fl(set_accept_stat)o(e)
-44 b Fq(or)208 5359 y Fl(set_accept_stat)o(e)p Fq(\).)31
-b(This)d(can)f(raise)f(the)i(same)f(exceptions)g(as)g
-Fl(send)f Fq(and)h Fl(recv)p Fq(.)p 0 5549 3901 4 v 0
-5649 a Ff(12)2197 b(3)83 b Fl(OpenSSL)24 b Ff(\026)k(Python)f
-(interface)h(to)f(Op)r(enSSL)p eop end
+n(et's)e Fl(accept)p Fq(.)0 5312 y Fl(bind\()p Fc(addr)l(ess)7
+b Fl(\))p 0 5549 3901 4 v 0 5649 a Ff(12)2197 b(3)83
+b Fl(OpenSSL)24 b Ff(\026)k(Python)f(interface)h(to)f(Op)r(enSSL)p
+eop end
 %%Page: 13 13
-TeXDict begin 13 12 bop 0 83 a Fl(fileno\(\))208 183
-y Fq(Retriev)n(e)26 b(the)i(\034le)g(descriptor)e(n)n(um)n(b)r(er)i
-(for)f(the)h(underlying)e(so)r(c)n(k)n(et.)0 330 y Fl(listen\()p
-Fc(b)l(acklo)l(g)7 b Fl(\))208 429 y Fq(Call)27 b(the)h
+TeXDict begin 13 12 bop 208 83 a Fq(Call)27 b(the)h Fl(bind)e
+Fq(metho)r(d)i(of)f(the)h(underlying)f(so)r(c)n(k)n(et.)0
+230 y Fl(close\(\))208 330 y Fq(Call)i(the)h Fl(close)e
+Fq(metho)r(d)i(of)g(the)g(underlying)f(so)r(c)n(k)n(et.)43
+b(Note:)e(If)31 b(y)n(ou)e(w)n(an)n(t)g(correct)f(SSL)i(closure,)f(y)n
+(ou)g(need)h(to)208 429 y(call)d(the)h Fl(shutdown)c
+Fq(metho)r(d)k(\034rst.)0 576 y Fl(connect\()p Fc(addr)l(ess)7
+b Fl(\))208 676 y Fq(Call)31 b(the)h Fl(connect)e Fq(metho)r(d)i(of)g
+(the)g(underlying)g(so)r(c)n(k)n(et)e(and)i(set)g(up)g(SSL)h(on)e(the)i
+(so)r(c)n(k)n(et,)f(using)f(the)h(Con)n(text)208 775
+y(ob)5 b(ject)27 b(supplied)h(to)f(this)h(Connection)f(ob)5
+b(ject)27 b(at)h(creation.)0 922 y Fl(connect_ex\()p
+Fc(addr)l(ess)7 b Fl(\))208 1022 y Fq(Call)24 b(the)g
+Fl(connect_ex)c Fq(metho)r(d)25 b(of)f(the)h(underlying)f(so)r(c)n(k)n
+(et)f(and)h(set)g(up)h(SSL)f(on)g(the)h(so)r(c)n(k)n(et,)f(using)g(the)
+g(Con)n(text)208 1121 y(ob)5 b(ject)35 b(supplied)g(to)h(this)f
+(Connection)g(ob)5 b(ject)36 b(at)f(creation.)59 b(Note)36
+b(that)f(if)h(the)g Fl(connect_ex)31 b Fq(metho)r(d)36
+b(of)g(the)208 1221 y(so)r(c)n(k)n(et)26 b(do)r(esn't)i(return)f(0,)g
+(SSL)h(w)n(on't)f(b)r(e)h(initialized.)0 1368 y Fl(do_handshake\(\))208
+1468 y Fq(P)n(erform)49 b(an)h(SSL)g(handshak)n(e)f(\(usually)h(called)
+g(after)f Fl(renegotiate)d Fq(or)j(one)h(of)57 b Fl(set_accept_stat)o
+(e)44 b Fq(or)208 1567 y Fl(set_accept_stat)o(e)p Fq(\).)31
+b(This)d(can)f(raise)f(the)i(same)f(exceptions)g(as)g
+Fl(send)f Fq(and)h Fl(recv)p Fq(.)0 1714 y Fl(fileno\(\))208
+1814 y Fq(Retriev)n(e)f(the)i(\034le)g(descriptor)e(n)n(um)n(b)r(er)i
+(for)f(the)h(underlying)e(so)r(c)n(k)n(et.)0 1961 y Fl(listen\()p
+Fc(b)l(acklo)l(g)7 b Fl(\))208 2060 y Fq(Call)27 b(the)h
 Fl(listen)d Fq(metho)r(d)j(of)f(the)h(underlying)f(so)r(c)n(k)n(et.)0
-576 y Fl(get_app_data\(\))208 676 y Fq(Retriev)n(e)f(application)h
-(data)g(as)g(set)h(b)n(y)g Fl(set_app_data)p Fq(.)0 823
-y Fl(get_cipher_list\()o(\))208 922 y Fq(Retriev)n(e)23
+2207 y Fl(get_app_data\(\))208 2307 y Fq(Retriev)n(e)f(application)h
+(data)g(as)g(set)h(b)n(y)g Fl(set_app_data)p Fq(.)0 2454
+y Fl(get_cipher_list\()o(\))208 2553 y Fq(Retriev)n(e)23
 b(the)h(list)g(of)g(ciphers)g(used)g(b)n(y)f(the)i(Connection)e(ob)5
 b(ject.)36 b(W)-9 b(ARNING:)25 b(This)f(API)h(has)e(c)n(hanged.)35
-b(It)24 b(used)208 1022 y(to)j(tak)n(e)g(an)g(optional)g(parameter)f
+b(It)24 b(used)208 2653 y(to)j(tak)n(e)g(an)g(optional)g(parameter)f
 (and)h(just)h(return)g(a)f(string,)g(but)h(not)f(it)h(returns)f(the)h
-(en)n(tire)f(list)h(in)g(one)f(go.)0 1169 y Fl(get_context\(\))208
-1268 y Fq(Retriev)n(e)f(the)i(Con)n(text)f(ob)5 b(ject)28
-b(asso)r(ciated)e(with)i(this)g(Connection.)0 1415 y
-Fl(get_peer_certifi)o(ca)o(te\()o(\))208 1515 y Fq(Retriev)n(e)e(the)i
-(other)f(side's)g(certi\034cate)g(\(if)i(an)n(y\))0 1662
-y Fl(getpeername\(\))208 1761 y Fq(Call)e(the)h Fl(getpeername)23
+(en)n(tire)f(list)h(in)g(one)f(go.)0 2800 y Fl(get_context\(\))208
+2899 y Fq(Retriev)n(e)f(the)i(Con)n(text)f(ob)5 b(ject)28
+b(asso)r(ciated)e(with)i(this)g(Connection.)0 3046 y
+Fl(get_peer_certifi)o(ca)o(te\()o(\))208 3146 y Fq(Retriev)n(e)e(the)i
+(other)f(side's)g(certi\034cate)g(\(if)i(an)n(y\))0 3293
+y Fl(getpeername\(\))208 3392 y Fq(Call)e(the)h Fl(getpeername)23
 b Fq(metho)r(d)28 b(of)f(the)h(underlying)f(so)r(c)n(k)n(et.)0
-1908 y Fl(getsockname\(\))208 2008 y Fq(Call)g(the)h
+3539 y Fl(getsockname\(\))208 3639 y Fq(Call)g(the)h
 Fl(getsockname)23 b Fq(metho)r(d)28 b(of)f(the)h(underlying)f(so)r(c)n
-(k)n(et.)0 2171 y Fl(getsockopt\()p Fc(level,)f(optname)6
-b Fb([)p Fc(,)31 b(bu\035en)18 b Fb(])p Fl(\))208 2271
+(k)n(et.)0 3802 y Fl(getsockopt\()p Fc(level,)f(optname)6
+b Fb([)p Fc(,)31 b(bu\035en)18 b Fb(])p Fl(\))208 3902
 y Fq(Call)27 b(the)h Fl(getsockopt)23 b Fq(metho)r(d)28
-b(of)g(the)g(underlying)f(so)r(c)n(k)n(et.)0 2418 y Fl(pending\(\))208
-2517 y Fq(Retriev)n(e)22 b(the)h(n)n(um)n(b)r(er)g(of)g(b)n(ytes)g
+b(of)g(the)g(underlying)f(so)r(c)n(k)n(et.)0 4049 y Fl(pending\(\))208
+4148 y Fq(Retriev)n(e)22 b(the)h(n)n(um)n(b)r(er)g(of)g(b)n(ytes)g
 (that)h(can)e(b)r(e)i(safely)f(read)f(from)h(the)g(SSL)h(bu\033er)f(\()
-p Fc(not)g Fq(the)h(underlying)e(transp)r(ort)208 2617
-y(bu\033er\).)0 2764 y Fl(recv\()p Fc(bufsize)6 b Fl(\))208
-2864 y Fq(Receiv)n(e)30 b(data)h(from)g(the)h(Connection.)47
+p Fc(not)g Fq(the)h(underlying)e(transp)r(ort)208 4248
+y(bu\033er\).)0 4395 y Fl(recv\()p Fc(bufsize)6 b Fl(\))208
+4495 y Fq(Receiv)n(e)30 b(data)h(from)g(the)h(Connection.)47
 b(The)31 b(return)g(v)-5 b(alue)31 b(is)h(a)e(string)h(represen)n(ting)
-f(the)h(data)g(receiv)n(ed.)47 b(The)208 2963 y(maxim)n(um)27
+f(the)h(data)g(receiv)n(ed.)47 b(The)208 4594 y(maxim)n(um)27
 b(amoun)n(t)g(of)g(data)h(to)f(b)r(e)h(receiv)n(ed)e(at)i(once,)f(is)g
-(sp)r(eci\034ed)h(b)n(y)h Fc(bufsize)6 b Fq(.)0 3110
-y Fl(renegotiate\(\))208 3210 y Fq(Renegotiate)26 b(the)i(SSL)g
+(sp)r(eci\034ed)h(b)n(y)h Fc(bufsize)6 b Fq(.)0 4741
+y Fl(renegotiate\(\))208 4841 y Fq(Renegotiate)26 b(the)i(SSL)g
 (session.)36 b(Call)27 b(this)h(if)g(y)n(ou)f(wish)g(to)h(c)n(hange)e
 (cipher)h(suites)h(or)e(an)n(ything)h(lik)n(e)g(that.)0
-3357 y Fl(send\()p Fc(string)7 b Fl(\))208 3456 y Fq(Send)27
+4988 y Fl(send\()p Fc(string)7 b Fl(\))208 5087 y Fq(Send)27
 b(the)h Fc(string)35 b Fq(data)27 b(to)h(the)g(Connection.)0
-3603 y Fl(sendall\()p Fc(string)7 b Fl(\))208 3703 y
+5234 y Fl(sendall\()p Fc(string)7 b Fl(\))208 5334 y
 Fq(Send)30 b(all)f(of)h(the)g Fc(string)37 b Fq(data)29
 b(to)g(the)h(Connection.)43 b(This)30 b(calls)f Fl(send)f
 Fq(rep)r(eatedly)h(un)n(til)h(all)f(data)h(is)f(sen)n(t.)43
-b(If)30 b(an)208 3802 y(error)25 b(o)r(ccurs,)i(it's)h(imp)r(ossible)f
-(to)g(tell)h(ho)n(w)f(m)n(uc)n(h)h(data)f(has)g(b)r(een)h(sen)n(t.)0
-3949 y Fl(set_accept_state)o(\(\))208 4049 y Fq(Set)20
-b(the)g(connection)f(to)h(w)n(ork)e(in)i(serv)n(er)e(mo)r(de.)34
-b(The)20 b(handshak)n(e)f(will)h(b)r(e)g(handled)g(automatically)e(b)n
-(y)i(read/write.)0 4196 y Fl(set_app_data\()p Fc(data)6
-b Fl(\))208 4295 y Fq(Asso)r(ciate)39 b Fc(data)47 b
-Fq(with)40 b(this)g(Connection)g(ob)5 b(ject.)73 b Fc(data)47
-b Fq(can)39 b(b)r(e)i(retriev)n(ed)d(later)h(using)h(the)g
-Fl(get_app_data)208 4395 y Fq(metho)r(d.)0 4542 y Fl(set_connect_stat)o
-(e\()o(\))208 4641 y Fq(Set)21 b(the)g(connection)g(to)g(w)n(ork)e(in)i
+b(If)30 b(an)p 0 5549 3901 4 v 0 5649 a Ff(3.3)82 b Fl(SSL)26
+b Ff(\026)i(An)g(interface)g(to)f(the)g(SSL-sp)r(eci\034c)h(pa)n(rts)f
+(of)h(Op)r(enSSL)1611 b(13)p eop end
+%%Page: 14 14
+TeXDict begin 14 13 bop 208 83 a Fq(error)25 b(o)r(ccurs,)i(it's)h(imp)
+r(ossible)f(to)g(tell)h(ho)n(w)f(m)n(uc)n(h)h(data)f(has)g(b)r(een)h
+(sen)n(t.)0 230 y Fl(set_accept_state)o(\(\))208 330
+y Fq(Set)20 b(the)g(connection)f(to)h(w)n(ork)e(in)i(serv)n(er)e(mo)r
+(de.)34 b(The)20 b(handshak)n(e)f(will)h(b)r(e)g(handled)g
+(automatically)e(b)n(y)i(read/write.)0 476 y Fl(set_app_data\()p
+Fc(data)6 b Fl(\))208 576 y Fq(Asso)r(ciate)39 b Fc(data)47
+b Fq(with)40 b(this)g(Connection)g(ob)5 b(ject.)73 b
+Fc(data)47 b Fq(can)39 b(b)r(e)i(retriev)n(ed)d(later)h(using)h(the)g
+Fl(get_app_data)208 676 y Fq(metho)r(d.)0 823 y Fl(set_connect_stat)o
+(e\()o(\))208 922 y Fq(Set)21 b(the)g(connection)g(to)g(w)n(ork)e(in)i
 (clien)n(t)g(mo)r(de.)35 b(The)21 b(handshak)n(e)f(will)h(b)r(e)g
-(handled)g(automatically)f(b)n(y)h(read/write.)0 4788
-y Fl(setblocking\()p Fc(\035ag)7 b Fl(\))208 4888 y Fq(Call)27
+(handled)g(automatically)f(b)n(y)h(read/write.)0 1069
+y Fl(setblocking\()p Fc(\035ag)7 b Fl(\))208 1169 y Fq(Call)27
 b(the)h Fl(setblocking)23 b Fq(metho)r(d)28 b(of)f(the)h(underlying)f
-(so)r(c)n(k)n(et.)0 5035 y Fl(setsockopt\()p Fc(level,)f(optname,)31
-b(value)6 b Fl(\))208 5134 y Fq(Call)27 b(the)h Fl(setsockopt)23
+(so)r(c)n(k)n(et.)0 1316 y Fl(setsockopt\()p Fc(level,)f(optname,)31
+b(value)6 b Fl(\))208 1415 y Fq(Call)27 b(the)h Fl(setsockopt)23
 b Fq(metho)r(d)28 b(of)g(the)g(underlying)f(so)r(c)n(k)n(et.)0
-5281 y Fl(shutdown\(\))208 5381 y Fq(Send)35 b(the)h(sh)n(utdo)n(wn)f
+1562 y Fl(shutdown\(\))208 1662 y Fq(Send)35 b(the)h(sh)n(utdo)n(wn)f
 (message)f(to)h(the)h(Connection.)60 b(Returns)35 b(true)g(if)h(the)g
-(sh)n(utdo)n(wn)e(message)g(exc)n(hange)g(is)p 0 5549
-3901 4 v 0 5649 a Ff(3.3)82 b Fl(SSL)26 b Ff(\026)i(An)g(interface)g
-(to)f(the)g(SSL-sp)r(eci\034c)h(pa)n(rts)f(of)h(Op)r(enSSL)1611
-b(13)p eop end
-%%Page: 14 14
-TeXDict begin 14 13 bop 208 83 a Fq(completed)25 b(and)g(false)h
-(otherwise)e(\(in)i(whic)n(h)g(case)e(y)n(ou)h(call)g
-Fl(recv\(\))e Fq(or)i Fl(send\(\))e Fq(when)j(the)g(connection)f(b)r
-(ecomes)208 183 y(readable/writeable.)0 330 y Fl(get_shutdown\(\))208
-429 y Fq(Get)70 b(the)g(sh)n(utdo)n(wn)f(state)g(of)h(the)g
-(Connection.)162 b(Returns)69 b(a)h(bitv)n(ector)e(of)i(either)f(or)g
-(b)r(oth)h(of)208 529 y Fc(SENT_SHUTDO)n(WN)39 b Fq(and)27
-b Fc(RECEIVED_SHUTDO)n(WN)14 b Fq(.)0 676 y Fl(set_shutdown\()p
-Fc(state)6 b Fl(\))208 775 y Fq(Set)21 b(the)g(sh)n(utdo)n(wn)g(state)g
-(of)g(the)g(Connection.)34 b Fc(state)27 b Fq(is)21 b(a)g(bitv)n(ector)
-f(of)h(either)g(or)f(b)r(oth)i(of)27 b Fc(SENT_SHUTDO)n(WN)208
-875 y Fq(and)g Fc(RECEIVED_SHUTDO)n(WN)14 b Fq(.)0 1022
-y Fl(sock_shutdown\()p Fc(how)9 b Fl(\))208 1121 y Fq(Call)27
-b(the)h Fl(shutdown)c Fq(metho)r(d)k(of)g(the)g(underlying)e(so)r(c)n
-(k)n(et.)0 1268 y Fl(state_string\(\))208 1368 y Fq(Retriev)n(e)g(a)i
-(v)n(erb)r(ose)e(string)g(detailing)i(the)g(state)f(of)h(the)f
-(Connection.)0 1515 y Fl(want_read\(\))208 1614 y Fq(Chec)n(ks)f(if)i
-(more)f(data)g(has)g(to)h(b)r(e)g(read)e(from)i(the)f(transp)r(ort)g
-(la)n(y)n(er)f(to)h(complete)h(an)f(op)r(eration.)0 1761
-y Fl(want_write\(\))208 1861 y Fq(Chec)n(ks)f(if)i(there)g(is)f(data)g
-(to)h(write)f(to)g(the)h(transp)r(ort)f(la)n(y)n(er)f(to)h(complete)h
-(an)f(op)r(eration.)0 2180 y Fr(4)114 b(Internals)0 2410
-y Fq(W)-7 b(e)25 b(ran)g(in)n(to)f(three)h(main)g(problems)f(dev)n
-(eloping)g(this:)36 b(Exceptions,)25 b(callbac)n(ks)f(and)h(accessing)e
-(so)r(c)n(k)n(et)h(metho)r(ds.)36 b(This)0 2509 y(is)27
-b(what)h(this)g(c)n(hapter)e(is)i(ab)r(out.)0 2787 y
-Fj(4.1)97 b(Exceptions)0 2987 y Fq(W)-7 b(e)52 b(realized)f(early)g
-(that)h(most)g(of)g(the)g(exceptions)f(w)n(ould)h(b)r(e)g(raised)f(b)n
-(y)h(the)g(I/O)f(functions)h(of)g(Op)r(enSSL,)0 3087
-y(so)d(it)i(felt)f(natural)f(to)h(mimic)g(Op)r(enSSL's)g(error)e(co)r
-(de)i(system,)55 b(translating)48 b(them)j(in)n(to)e(Python)i
-(exceptions.)0 3186 y(This)30 b(naturally)e(giv)n(es)h(us)h(the)g
+(sh)n(utdo)n(wn)e(message)g(exc)n(hange)g(is)208 1761
+y(completed)25 b(and)g(false)h(otherwise)e(\(in)i(whic)n(h)g(case)e(y)n
+(ou)h(call)g Fl(recv\(\))e Fq(or)i Fl(send\(\))e Fq(when)j(the)g
+(connection)f(b)r(ecomes)208 1861 y(readable/writeable.)0
+2008 y Fl(get_shutdown\(\))208 2107 y Fq(Get)70 b(the)g(sh)n(utdo)n(wn)
+f(state)g(of)h(the)g(Connection.)162 b(Returns)69 b(a)h(bitv)n(ector)e
+(of)i(either)f(or)g(b)r(oth)h(of)208 2207 y Fc(SENT_SHUTDO)n(WN)39
+b Fq(and)27 b Fc(RECEIVED_SHUTDO)n(WN)14 b Fq(.)0 2354
+y Fl(set_shutdown\()p Fc(state)6 b Fl(\))208 2454 y Fq(Set)21
+b(the)g(sh)n(utdo)n(wn)g(state)g(of)g(the)g(Connection.)34
+b Fc(state)27 b Fq(is)21 b(a)g(bitv)n(ector)f(of)h(either)g(or)f(b)r
+(oth)i(of)27 b Fc(SENT_SHUTDO)n(WN)208 2553 y Fq(and)g
+Fc(RECEIVED_SHUTDO)n(WN)14 b Fq(.)0 2700 y Fl(sock_shutdown\()p
+Fc(how)9 b Fl(\))208 2800 y Fq(Call)27 b(the)h Fl(shutdown)c
+Fq(metho)r(d)k(of)g(the)g(underlying)e(so)r(c)n(k)n(et.)0
+2946 y Fl(state_string\(\))208 3046 y Fq(Retriev)n(e)g(a)i(v)n(erb)r
+(ose)e(string)g(detailing)i(the)g(state)f(of)h(the)f(Connection.)0
+3193 y Fl(want_read\(\))208 3293 y Fq(Chec)n(ks)f(if)i(more)f(data)g
+(has)g(to)h(b)r(e)g(read)e(from)i(the)f(transp)r(ort)g(la)n(y)n(er)f
+(to)h(complete)h(an)f(op)r(eration.)0 3439 y Fl(want_write\(\))208
+3539 y Fq(Chec)n(ks)f(if)i(there)g(is)f(data)g(to)h(write)f(to)g(the)h
+(transp)r(ort)f(la)n(y)n(er)f(to)h(complete)h(an)f(op)r(eration.)0
+3861 y Fr(4)114 b(Internals)0 4090 y Fq(W)-7 b(e)25 b(ran)g(in)n(to)f
+(three)h(main)g(problems)f(dev)n(eloping)g(this:)36 b(Exceptions,)25
+b(callbac)n(ks)f(and)h(accessing)e(so)r(c)n(k)n(et)h(metho)r(ds.)36
+b(This)0 4190 y(is)27 b(what)h(this)g(c)n(hapter)e(is)i(ab)r(out.)0
+4469 y Fj(4.1)97 b(Exceptions)0 4670 y Fq(W)-7 b(e)52
+b(realized)f(early)g(that)h(most)g(of)g(the)g(exceptions)f(w)n(ould)h
+(b)r(e)g(raised)f(b)n(y)h(the)g(I/O)f(functions)h(of)g(Op)r(enSSL,)0
+4769 y(so)d(it)i(felt)f(natural)f(to)h(mimic)g(Op)r(enSSL's)g(error)e
+(co)r(de)i(system,)55 b(translating)48 b(them)j(in)n(to)e(Python)i
+(exceptions.)0 4869 y(This)30 b(naturally)e(giv)n(es)h(us)h(the)g
 (exceptions)f Fl(SSL.ZeroReturnEr)o(ro)o(r)p Fq(,)24
 b Fl(SSL.WantReadError)o Fq(,)h Fl(SSL.WantWriteEr)o(ro)o(r)p
-Fq(,)0 3286 y Fl(SSL.WantX509Look)o(up)o(Err)o(or)c Fq(and)27
-b Fl(SSL.SysCallError)p Fq(.)0 3433 y(F)-7 b(or)27 b(more)g
-(information)g(ab)r(out)g(this,)h(see)f(section)g(3.3.)0
-3710 y Fj(4.2)97 b(Callbacks)0 3911 y Fq(There)34 b(are)f(a)h(n)n(um)n
-(b)r(er)g(of)h(problems)e(with)i(callbac)n(ks.)56 b(First)34
-b(of)g(all,)i(Op)r(enSSL)f(is)f(written)h(as)e(a)h(C)h(library)-7
-b(,)34 b(it's)h(not)0 4010 y(mean)n(t)26 b(to)g(ha)n(v)n(e)e(Python)j
-(callbac)n(ks,)d(so)i(a)f(w)n(a)n(y)g(around)g(that)h(is)g(needed.)36
-b(Another)26 b(problem)f(is)h(thread)g(supp)r(ort.)36
-b(A)26 b(lot)0 4110 y(of)h(the)g(Op)r(enSSL)g(I/O)e(functions)i(can)g
-(blo)r(c)n(k)f(if)h(the)g(so)r(c)n(k)n(et)f(is)g(in)h(blo)r(c)n(king)f
-(mo)r(de,)h(and)g(then)g(y)n(ou)f(w)n(an)n(t)g(other)g(Python)0
-4210 y(threads)i(to)g(b)r(e)h(able)g(to)f(do)h(other)f(things.)40
-b(The)28 b(real)g(trouble)g(is)h(if)g(y)n(ou'v)n(e)e(released)h(the)h
-(global)e(CPython)i(in)n(terpreter)0 4309 y(lo)r(c)n(k)e(to)h(do)f(a)h
-(p)r(oten)n(tially)f(blo)r(c)n(king)g(op)r(eration,)g(and)h(the)g(op)r
-(eration)f(calls)g(a)g(callbac)n(k.)36 b(Then)28 b(w)n(e)g(m)n(ust)g
-(tak)n(e)f(the)h(GIL)0 4409 y(bac)n(k,)f(since)g(calling)g(Python)h
-(APIs)g(without)g(holding)f(it)h(is)g(not)f(allo)n(w)n(ed.)0
-4556 y(There)d(are)f(t)n(w)n(o)g(solutions)h(to)g(the)h(\034rst)f
-(problem,)g(b)r(oth)h(of)f(whic)n(h)g(are)f(necessary)-7
-b(.)34 b(The)25 b(\034rst)f(solution)f(to)h(use)h(is)f(if)g(the)h(C)0
-4655 y(callbac)n(k)i(allo)n(ws)f(\021userdata\021)33
+Fq(,)0 4969 y Fl(SSL.WantX509Look)o(up)o(Err)o(or)c Fq(and)27
+b Fl(SSL.SysCallError)p Fq(.)0 5115 y(F)-7 b(or)27 b(more)g
+(information)g(ab)r(out)g(this,)h(see)f(section)g(3.3.)p
+0 5549 3901 4 v 0 5649 a Ff(14)3368 b(4)83 b(Internals)p
+eop end
+%%Page: 15 15
+TeXDict begin 15 14 bop 0 83 a Fj(4.2)97 b(Callbacks)0
+283 y Fq(There)34 b(are)f(a)h(n)n(um)n(b)r(er)g(of)h(problems)e(with)i
+(callbac)n(ks.)56 b(First)34 b(of)g(all,)i(Op)r(enSSL)f(is)f(written)h
+(as)e(a)h(C)h(library)-7 b(,)34 b(it's)h(not)0 383 y(mean)n(t)26
+b(to)g(ha)n(v)n(e)e(Python)j(callbac)n(ks,)d(so)i(a)f(w)n(a)n(y)g
+(around)g(that)h(is)g(needed.)36 b(Another)26 b(problem)f(is)h(thread)g
+(supp)r(ort.)36 b(A)26 b(lot)0 483 y(of)h(the)g(Op)r(enSSL)g(I/O)e
+(functions)i(can)g(blo)r(c)n(k)f(if)h(the)g(so)r(c)n(k)n(et)f(is)g(in)h
+(blo)r(c)n(king)f(mo)r(de,)h(and)g(then)g(y)n(ou)f(w)n(an)n(t)g(other)g
+(Python)0 582 y(threads)i(to)g(b)r(e)h(able)g(to)f(do)h(other)f
+(things.)40 b(The)28 b(real)g(trouble)g(is)h(if)g(y)n(ou'v)n(e)e
+(released)h(the)h(global)e(CPython)i(in)n(terpreter)0
+682 y(lo)r(c)n(k)e(to)h(do)f(a)h(p)r(oten)n(tially)f(blo)r(c)n(king)g
+(op)r(eration,)g(and)h(the)g(op)r(eration)f(calls)g(a)g(callbac)n(k.)36
+b(Then)28 b(w)n(e)g(m)n(ust)g(tak)n(e)f(the)h(GIL)0 782
+y(bac)n(k,)f(since)g(calling)g(Python)h(APIs)g(without)g(holding)f(it)h
+(is)g(not)f(allo)n(w)n(ed.)0 929 y(There)d(are)f(t)n(w)n(o)g(solutions)
+h(to)g(the)h(\034rst)f(problem,)g(b)r(oth)h(of)f(whic)n(h)g(are)f
+(necessary)-7 b(.)34 b(The)25 b(\034rst)f(solution)f(to)h(use)h(is)f
+(if)g(the)h(C)0 1028 y(callbac)n(k)i(allo)n(ws)f(\021userdata\021)33
 b(to)28 b(b)r(e)h(passed)e(to)h(it)g(\(an)g(arbitrary)e(p)r(oin)n(ter)i
 (normally\).)37 b(This)28 b(is)g(great!)37 b(W)-7 b(e)28
-b(can)g(set)g(our)0 4755 y(Python)i(function)g(ob)5 b(ject)29
+b(can)g(set)g(our)0 1128 y(Python)i(function)g(ob)5 b(ject)29
 b(as)f(the)i(real)f(userdata)f(and)h(em)n(ulate)g(userdata)f(for)h(the)
 h(Python)f(function)h(in)g(another)e(w)n(a)n(y)-7 b(.)0
-4855 y(The)24 b(other)g(solution)g(can)g(b)r(e)h(used)g(if)g(an)f(ob)5
+1227 y(The)24 b(other)g(solution)g(can)g(b)r(e)h(used)g(if)g(an)f(ob)5
 b(ject)24 b(with)h(an)f(\021app_data\021)29 b(system)c(alw)n(a)n(ys)d
 (is)j(passed)e(to)h(the)h(callbac)n(k.)35 b(F)-7 b(or)0
-4954 y(example,)26 b(the)h(SSL)f(ob)5 b(ject)26 b(in)h(Op)r(enSSL)f
+1327 y(example,)26 b(the)h(SSL)f(ob)5 b(ject)26 b(in)h(Op)r(enSSL)f
 (has)g(app_data)f(functions)i(and)f(in)h(e.g.)36 b(the)26
 b(v)n(eri\034cation)f(callbac)n(ks,)g(y)n(ou)g(can)0
-5054 y(retriev)n(e)i(the)i(related)f(SSL)h(ob)5 b(ject.)39
+1427 y(retriev)n(e)i(the)i(related)f(SSL)h(ob)5 b(ject.)39
 b(What)29 b(w)n(e)g(do)f(is)g(to)h(set)f(our)g(wrapp)r(er)g
 Fl(Connection)c Fq(ob)5 b(ject)28 b(as)g(app_data)g(for)g(the)0
-5154 y(SSL)g(ob)5 b(ject,)27 b(and)h(w)n(e)f(can)g(easily)g(\034nd)h
-(the)g(Python)g(callbac)n(k.)0 5300 y(The)23 b(other)g(problem)g(is)g
+1526 y(SSL)g(ob)5 b(ject,)27 b(and)h(w)n(e)f(can)g(easily)g(\034nd)h
+(the)g(Python)g(callbac)n(k.)0 1673 y(The)23 b(other)g(problem)g(is)g
 (solv)n(ed)f(using)h(thread)g(lo)r(cal)g(v)-5 b(ariables.)34
 b(Whenev)n(er)22 b(the)i(GIL)g(is)f(released)f(b)r(efore)h(calling)f
-(in)n(to)h(an)0 5400 y(Op)r(enSSL)j(API,)g(the)g(PyThreadState)f(p)r
+(in)n(to)h(an)0 1773 y(Op)r(enSSL)j(API,)g(the)g(PyThreadState)f(p)r
 (oin)n(ter)g(returned)g(b)n(y)h Fl(PyEval_SaveState)19
-b Fq(is)25 b(stored)g(in)g(a)g(global)g(thread)g(lo)r(cal)p
-0 5549 3901 4 v 0 5649 a Ff(14)3368 b(4)83 b(Internals)p
-eop end
-%%Page: 15 15
-TeXDict begin 15 14 bop 0 83 a Fq(v)-5 b(ariable)27 b(\(using)g
-(Python's)h(o)n(wn)f(TLS)h(API,)g Fl(PyThread_set_key_)o(va)o(lue)o
-Fq(\).)k(When)c(it)g(is)g(necessary)e(to)h(re-acquire)f(the)0
-183 y(GIL,)c(either)g(after)g(the)h(Op)r(enSSL)f(API)h(returns)e(or)h
-(in)g(a)g(C)g(callbac)n(k)f(in)n(v)n(ok)n(ed)f(b)n(y)i(that)h(Op)r
-(enSSL)f(API,)h(the)g(v)-5 b(alue)22 b(of)g(the)0 282
-y(thread)32 b(lo)r(cal)f(v)-5 b(ariable)32 b(is)g(retriev)n(ed)f(\()p
-Fl(PyThread_get_key)o(_va)o(lu)o(e)p Fq(\))26 b(and)33
-b(used)f(to)g(re-acquire)e(the)j(GIL.)f(This)h(allo)n(ws)0
-382 y(Python)f(threads)e(to)h(execute)h(while)f(Op)r(enSSL)g(APIs)h
-(are)f(running)f(and)i(allo)n(ws)e(use)h(of)g(an)n(y)f(particular)g(p)n
-(yOp)r(enSSL)0 482 y(ob)5 b(ject)29 b(from)f(an)n(y)g(Python)i(thread,)
-e(since)h(there)g(is)g(no)f(p)r(er-thread)g(state)h(asso)r(ciated)f
-(with)h(an)n(y)f(of)h(these)g(ob)5 b(jects)28 b(and)0
-581 y(since)f(Op)r(enSSL)h(is)g(threadsafe)e(\(as)h(long)g(as)g(prop)r
-(erly)g(initialized,)g(as)g(p)n(yOp)r(enSSL)h(initializes)f(it\).)0
-861 y Fj(4.3)97 b(A)m(cessing)35 b(So)s(ck)m(et)e(Metho)s(ds)0
-1061 y Fq(W)-7 b(e)27 b(quic)n(kly)e(sa)n(w)h(the)g(b)r(ene\034t)h(of)g
-(wrapping)e(so)r(c)n(k)n(et)g(metho)r(ds)h(in)h(the)g
-Fl(SSL.Connection)20 b Fq(class,)26 b(for)g(an)g(easy)f(transition)0
-1161 y(in)n(to)e(using)f(SSL.)h(The)g(problem)f(here)h(is)f(that)h(the)
-h Fl(socket)c Fq(mo)r(dule)j(lac)n(ks)f(a)g(C)h(API,)h(and)e(all)h(the)
-g(metho)r(ds)g(are)f(declared)0 1261 y(static.)36 b(One)27
-b(approac)n(h)d(w)n(ould)i(b)r(e)h(to)f(ha)n(v)n(e)g
-Fl(OpenSSL)d Fq(as)j(a)g(submo)r(dule)h(to)f(the)h Fl(socket)d
-Fq(mo)r(dule,)j(placing)f(all)g(the)h(co)r(de)0 1360
-y(in)j(`)p Fp(so)r(ck)n(etmo)r(dule.c)p Fq(',)h(but)f(this)g(is)g(ob)n
-(viously)e(not)i(a)f(go)r(o)r(d)g(solution,)h(since)g(y)n(ou)f(migh)n
-(t)g(not)h(w)n(an)n(t)f(to)h(imp)r(ort)g(tonnes)f(of)0
-1460 y(extra)f(stu\033)h(y)n(ou're)e(not)i(going)e(to)i(use)f(when)h
+b Fq(is)25 b(stored)g(in)g(a)g(global)g(thread)g(lo)r(cal)0
+1872 y(v)-5 b(ariable)27 b(\(using)g(Python's)h(o)n(wn)f(TLS)h(API,)g
+Fl(PyThread_set_key_)o(va)o(lue)o Fq(\).)k(When)c(it)g(is)g(necessary)e
+(to)h(re-acquire)f(the)0 1972 y(GIL,)c(either)g(after)g(the)h(Op)r
+(enSSL)f(API)h(returns)e(or)h(in)g(a)g(C)g(callbac)n(k)f(in)n(v)n(ok)n
+(ed)f(b)n(y)i(that)h(Op)r(enSSL)f(API,)h(the)g(v)-5 b(alue)22
+b(of)g(the)0 2072 y(thread)32 b(lo)r(cal)f(v)-5 b(ariable)32
+b(is)g(retriev)n(ed)f(\()p Fl(PyThread_get_key)o(_va)o(lu)o(e)p
+Fq(\))26 b(and)33 b(used)f(to)g(re-acquire)e(the)j(GIL.)f(This)h(allo)n
+(ws)0 2171 y(Python)f(threads)e(to)h(execute)h(while)f(Op)r(enSSL)g
+(APIs)h(are)f(running)f(and)i(allo)n(ws)e(use)h(of)g(an)n(y)f
+(particular)g(p)n(yOp)r(enSSL)0 2271 y(ob)5 b(ject)29
+b(from)f(an)n(y)g(Python)i(thread,)e(since)h(there)g(is)g(no)f(p)r
+(er-thread)g(state)h(asso)r(ciated)f(with)h(an)n(y)f(of)h(these)g(ob)5
+b(jects)28 b(and)0 2371 y(since)f(Op)r(enSSL)h(is)g(threadsafe)e(\(as)h
+(long)g(as)g(prop)r(erly)g(initialized,)g(as)g(p)n(yOp)r(enSSL)h
+(initializes)f(it\).)0 2650 y Fj(4.3)97 b(A)m(cessing)35
+b(So)s(ck)m(et)e(Metho)s(ds)0 2851 y Fq(W)-7 b(e)27 b(quic)n(kly)e(sa)n
+(w)h(the)g(b)r(ene\034t)h(of)g(wrapping)e(so)r(c)n(k)n(et)g(metho)r(ds)
+h(in)h(the)g Fl(SSL.Connection)20 b Fq(class,)26 b(for)g(an)g(easy)f
+(transition)0 2950 y(in)n(to)e(using)f(SSL.)h(The)g(problem)f(here)h
+(is)f(that)h(the)h Fl(socket)c Fq(mo)r(dule)j(lac)n(ks)f(a)g(C)h(API,)h
+(and)e(all)h(the)g(metho)r(ds)g(are)f(declared)0 3050
+y(static.)36 b(One)27 b(approac)n(h)d(w)n(ould)i(b)r(e)h(to)f(ha)n(v)n
+(e)g Fl(OpenSSL)d Fq(as)j(a)g(submo)r(dule)h(to)f(the)h
+Fl(socket)d Fq(mo)r(dule,)j(placing)f(all)g(the)h(co)r(de)0
+3149 y(in)j(`)p Fp(so)r(ck)n(etmo)r(dule.c)p Fq(',)h(but)f(this)g(is)g
+(ob)n(viously)e(not)i(a)f(go)r(o)r(d)g(solution,)h(since)g(y)n(ou)f
+(migh)n(t)g(not)h(w)n(an)n(t)f(to)h(imp)r(ort)g(tonnes)f(of)0
+3249 y(extra)f(stu\033)h(y)n(ou're)e(not)i(going)e(to)i(use)f(when)h
 (imp)r(orting)f(the)i Fl(socket)c Fq(mo)r(dule.)40 b(The)29
-b(other)f(approac)n(h)e(is)j(to)f(someho)n(w)0 1559 y(get)33
+b(other)f(approac)n(h)e(is)j(to)f(someho)n(w)0 3349 y(get)33
 b(a)g(p)r(oin)n(ter)g(to)h(the)f(metho)r(d)h(to)g(b)r(e)f(called,)i
 (either)e(the)h(C)g(function,)h(or)e(a)g(callable)f(Python)i(ob)5
-b(ject.)54 b(This)34 b(is)f(not)0 1659 y(really)26 b(a)i(go)r(o)r(d)f
+b(ject.)54 b(This)34 b(is)f(not)0 3448 y(really)26 b(a)i(go)r(o)r(d)f
 (solution)g(either,)g(since)g(there's)h(a)f(lot)g(of)h(lo)r(okups)f(in)
-n(v)n(olv)n(ed.)0 1806 y(The)h(w)n(a)n(y)f(it)h(w)n(orks)e(is)i(that)h
+n(v)n(olv)n(ed.)0 3595 y(The)h(w)n(a)n(y)f(it)h(w)n(orks)e(is)i(that)h
 (y)n(ou)e(ha)n(v)n(e)g(to)g(supply)h(a)g(\020)7 b Fl(socket)p
 Fq(-lik)n(e\021)31 b(transp)r(ort)c(ob)5 b(ject)28 b(to)f(the)i
-Fl(SSL.Connection)p Fq(.)j(The)0 1906 y(only)24 b(requiremen)n(t)f(of)i
+Fl(SSL.Connection)p Fq(.)j(The)0 3695 y(only)24 b(requiremen)n(t)f(of)i
 (this)f(ob)5 b(ject)24 b(is)h(that)f(it)h(has)f(a)g Fl(fileno\(\))d
 Fq(metho)r(d)k(that)f(returns)g(a)g(\034le)g(descriptor)f(that's)i(v)-5
-b(alid)24 b(at)0 2005 y(the)g(C)g(lev)n(el)f(\(i.e.)36
+b(alid)24 b(at)0 3794 y(the)g(C)g(lev)n(el)f(\(i.e.)36
 b(y)n(ou)23 b(can)h(use)f(the)i(system)e(calls)g(read)g(and)h(write\).)
 35 b(If)25 b(y)n(ou)e(w)n(an)n(t)g(to)h(use)f(the)h Fl(connect\(\))c
-Fq(or)j Fl(accept\(\))0 2105 y Fq(metho)r(ds)29 b(of)h(the)f
+Fq(or)j Fl(accept\(\))0 3894 y Fq(metho)r(ds)29 b(of)h(the)f
 Fl(SSL.Connection)24 b Fq(ob)5 b(ject,)29 b(the)h(transp)r(ort)e(ob)5
 b(ject)29 b(has)f(to)h(supply)h(suc)n(h)f(metho)r(ds)g(to)r(o.)41
-b(Apart)29 b(from)0 2204 y(them,)c(an)n(y)e(metho)r(d)h(lo)r(okups)f
+b(Apart)29 b(from)0 3994 y(them,)c(an)n(y)e(metho)r(d)h(lo)r(okups)f
 (in)h(the)f Fl(SSL.Connection)18 b Fq(ob)5 b(ject)24
 b(that)f(fail)h(are)f(passed)f(on)i(to)f(the)h(underlying)f(transp)r
-(ort)0 2304 y(ob)5 b(ject.)0 2451 y(F)-7 b(uture)25 b(c)n(hanges)f
+(ort)0 4093 y(ob)5 b(ject.)0 4240 y(F)-7 b(uture)25 b(c)n(hanges)f
 (migh)n(t)h(b)r(e)g(to)g(allo)n(w)f(Python-lev)n(el)g(transp)r(ort)g
 (ob)5 b(jects,)25 b(that)g(instead)g(of)g(ha)n(ving)g
-Fl(fileno\(\))d Fq(metho)r(ds,)0 2551 y(ha)n(v)n(e)h
+Fl(fileno\(\))d Fq(metho)r(ds,)0 4340 y(ha)n(v)n(e)h
 Fl(read\(\))g Fq(and)h Fl(write\(\))e Fq(metho)r(ds,)k(so)e(more)f(adv)
 -5 b(anced)24 b(features)h(of)f(Python)h(can)g(b)r(e)g(used.)35
-b(This)25 b(w)n(ould)f(probably)0 2650 y(en)n(tail)36
+b(This)25 b(w)n(ould)f(probably)0 4439 y(en)n(tail)36
 b(some)g(sort)g(of)g(Op)r(enSSL)h(\020BIOs\021,)g(but)g(con)n(v)n
 (erting)e(Python)i(strings)e(bac)n(k)h(and)g(forth)g(is)h(exp)r(ensiv)n
-(e,)h(so)e(this)0 2750 y(shouldn't)f(b)r(e)h(used)f(unless)g(necessary)
+(e,)h(so)e(this)0 4539 y(shouldn't)f(b)r(e)h(used)f(unless)g(necessary)
 -7 b(.)57 b(Other)35 b(nice)g(things)g(w)n(ould)g(b)r(e)g(to)g(b)r(e)h
 (able)e(to)h(pass)g(in)g(di\033eren)n(t)g(transp)r(ort)0
-2849 y(ob)5 b(jects)41 b(for)g(reading)f(and)h(writing,)j(but)e(then)g
+4639 y(ob)5 b(jects)41 b(for)g(reading)f(and)h(writing,)j(but)e(then)g
 (the)g Fl(fileno\(\))c Fq(metho)r(d)k(of)47 b Fl(SSL.Connection)36
-b Fq(b)r(ecomes)41 b(virtually)0 2949 y(useless.)36 b(Also,)27
+b Fq(b)r(ecomes)41 b(virtually)0 4738 y(useless.)36 b(Also,)27
 b(should)h(the)g(metho)r(d)g(resolution)e(b)r(e)i(used)g(on)f(the)h
 (read-transp)r(ort)d(or)i(the)h(write-transp)r(ort?)p
-0 5549 3901 4 v 0 5649 a Ff(4.3)82 b(A)n(cessing)26 b(So)r(ck)n(et)h
-(Metho)r(ds)2744 b(15)p eop end
+0 5549 3901 4 v 0 5649 a Ff(4.2)82 b(Callbacks)3302 b(15)p
+eop end
 %%Trailer
 
 userdict /end-hook known{end-hook}if
diff --git a/doc/pyOpenSSL.txt b/doc/pyOpenSSL.txt
index 29c36b4..3ac1acd 100644
--- a/doc/pyOpenSSL.txt
+++ b/doc/pyOpenSSL.txt
@@ -324,7 +324,9 @@ setup.py --help
 
    digest(digest_name)
           Return a digest of the certificate, using the digest_name
-          method.
+          method. digest_name must be a string describing a digest
+          algorithm supported by OpenSSL (by EVP_get_digestbyname,
+          specifically). For example, "md5" or "sha1".
 
    add_extensions(extensions)
           Add the extensions in the sequence extensions to the
@@ -398,6 +400,13 @@ setup.py --help
    verify(pkey)
           Verify a certificate request using the public key pkey.
 
+   set_version(version)
+          Set the version (RFC 2459, 4.1.2.1) of the certificate request
+          to version.
+
+   get_version()
+          Get the version (RFC 2459, 4.1.2.1) of the certificate request.
+
 
   3.1.4 X509Store objects
 
@@ -459,11 +468,14 @@ setup.py --help
 
   3.1.8 X509Extension objects
 
-   X509Extension objects currently only have one method:
+   X509Extension objects have several methods:
 
    get_critical()
           Return the critical field of the extension object.
 
+   get_short_name()
+          Return the short type name of the extension object.
+
 
   3.1.9 NetscapeSPKI objects
 
@@ -480,7 +492,9 @@ setup.py --help
 
    sign(key, digest_name)
           Sign the NetscapeSPKI object using the given key and
-          digest_name.
+          digest_name. digest_name must be a string describing a digest
+          algorithm supported by OpenSSL (by EVP_get_digestbyname,
+          specifically). For example, "md5" or "sha1".
 
    verify(key)
           Verify the NetscapeSPKI object using the given key.
@@ -656,17 +670,24 @@ setup.py --help
           set_verify_depth.
 
    get_verify_mode()
-          Retrieve the Context object's verify mode, as set by
-          set_verify_mode.
+          Retrieve the Context object's verify mode, as set by set_verify.
 
    load_client_ca(pemfile)
           Read a file with PEM-formatted certificates that will be sent to
           the client when requesting a client certificate.
 
-   load_verify_locations(pemfile)
+   load_verify_locations(pemfile, capath)
           Specify where CA certificates for verification purposes are
           located. These are trusted certificates. Note that the
-          certificates have to be in PEM format.
+          certificates have to be in PEM format. If capath is passed, it
+          must be a directory prepared using the c_rehash tool included
+          with OpenSSL. Either, but not both, of pemfile or capath may be
+          None.
+
+   set_default_verify_paths()
+          Specify that the platform provided CA certificates are to be
+          used for verification purposes. This method may not work
+          properly on OS X.
 
    load_tmp_dh(dhfile)
           Load parameters for Ephemeral Diffie-Hellman from dhfile.