Get rid of some top-level code, remove the code that reflects a weird edge case (but the weird edge case is still there inside OpenSSL), and add a bit of docs.

1 files changed, 23 insertions, 12 deletions

diff --git a/OpenSSL/SSL.py b/OpenSSL/SSL.py
index 86410c0..e5ae085 100644
--- a/OpenSSL/SSL.py
+++ b/OpenSSL/SSL.py
@@ -124,18 +124,29 @@ SSL_CB_CONNECT_EXIT = _lib.SSL_CB_CONNECT_EXIT
 SSL_CB_HANDSHAKE_START = _lib.SSL_CB_HANDSHAKE_START
 SSL_CB_HANDSHAKE_DONE = _lib.SSL_CB_HANDSHAKE_DONE
 
-_Cryptography_HAS_EC = _lib.Cryptography_HAS_EC
-ELLIPTIC_CURVE_DESCRIPTIONS = {}  # In case there's no EC support
-if _Cryptography_HAS_EC:
-    _num_curves = _lib.EC_get_builtin_curves(_ffi.NULL, 0)
-    _curves = _ffi.new('EC_builtin_curve[]', _num_curves)
-    if _lib.EC_get_builtin_curves(_curves, _num_curves) == _num_curves:
-        ELLIPTIC_CURVE_DESCRIPTIONS = dict(
-            (_ffi.string(_lib.OBJ_nid2sn(c.nid)).decode('ascii'),
-             _ffi.string(c.comment).decode('utf-8'))
-            for c in _curves)
-    del _num_curves
-    del _curves
+def _get_elliptic_curves(lib):
+    """
+    Load the names of the supported elliptic curves from OpenSSL.
+
+    :param lib: The OpenSSL library binding object.
+    :return: A set of :py:obj:`unicode` giving the names of the elliptic curves
+        the underlying library supports.
+    """
+    if lib.Cryptography_HAS_EC:
+        num_curves = lib.EC_get_builtin_curves(_ffi.NULL, 0)
+        builtin_curves = _ffi.new('EC_builtin_curve[]', num_curves)
+        # The return value on this call should be num_curves again.  We could
+        # check it to make sure but if it *isn't* then.. what could we do?
+        # Abort the whole process, I suppose...?  -exarkun
+        lib.EC_get_builtin_curves(builtin_curves, num_curves)
+        return set(
+            _ffi.string(lib.OBJ_nid2sn(c.nid)).decode("ascii")
+            for c in builtin_curves)
+    else:
+        return set()
+
+ELLIPTIC_CURVES = _get_elliptic_curves()
+
 
 
 class Error(Exception):