Merge remote-tracking branch 'origin/master' into 159-crl-export-digest

2 files changed, 86 insertions, 2 deletions

diff --git a/doc/api/crypto.rst b/doc/api/crypto.rst
index c5b7c33..fb254cf 100644
--- a/doc/api/crypto.rst
+++ b/doc/api/crypto.rst
@@ -42,7 +42,17 @@
 
 .. py:data:: X509StoreType
 
-    A Python type object representing the X509Store object type.
+    See :py:class:`X509Store`
+
+
+.. py:data X509Store
+
+    A class representing the X.509 store.
+
+
+.. py:data:: X509StoreContext
+
+    A class representing the X.509 store context.
 
 
 .. py:data:: PKeyType
@@ -257,7 +267,7 @@ X509 objects have the following methods:
     Return the signature algorithm used in the certificate.  If the algorithm is
     undefined, raise :py:data:`ValueError`.
 
-    ..versionadded:: 0.13
+    .. versionadded:: 0.13
 
 
 .. py:method:: X509.get_subject()
@@ -526,6 +536,36 @@ The X509Store object has currently just one method:
     Add the certificate *cert* to the certificate store.
 
 
+X509StoreContextError objects
+-----------------------------
+
+The X509StoreContextError is an exception raised from
+`X509StoreContext.verify_certificate` in circumstances where a certificate
+cannot be verified in a provided context.
+
+The certificate for which the verification error was detected is given by the
+``certificate`` attribute of the exception instance as a :class:`X509`
+instance.
+
+Details about the verification error are given in the exception's ``args`` attribute.
+
+
+X509StoreContext objects
+------------------------
+
+The X509StoreContext object is used for verifying a certificate against a set
+of trusted certificates.
+
+
+.. py:method:: X509StoreContext.verify_certificate()
+
+    Verify a certificate in the context of this initialized `X509StoreContext`.
+    On error, raises `X509StoreContextError`, otherwise does nothing.
+
+    .. versionadded:: 0.15
+
+
+
 .. _openssl-pkey:
 
 PKey objects
diff --git a/doc/api/ssl.rst b/doc/api/ssl.rst
index a75af1f..e6a0775 100644
--- a/doc/api/ssl.rst
+++ b/doc/api/ssl.rst
@@ -472,6 +472,33 @@ Context objects have the following methods:
     .. versionadded:: 0.13
 
 
+.. py:method:: Context.set_npn_advertise_callback(callback)
+
+    Specify a callback function that will be called when offering `Next
+    Protocol Negotiation
+    <https://technotes.googlecode.com/git/nextprotoneg.html>`_ as a server.
+
+    *callback* should be the callback function.  It will be invoked with one
+    argument, the :py:class:`Connection` instance.  It should return a list of
+    bytestrings representing the advertised protocols, like
+    ``[b'http/1.1', b'spdy/2']``.
+
+    .. versionadded:: 0.15
+
+
+.. py:method:: Context.set_npn_select_callback(callback):
+
+    Specify a callback function that will be called when a server offers Next
+    Protocol Negotiation options.
+
+    *callback* should be the callback function.  It will be invoked with two
+    arguments: the :py:class:`Connection`, and a list of offered protocols as
+    bytestrings, e.g. ``[b'http/1.1', b'spdy/2']``.  It should return one of
+    those bytestrings, the chosen protocol.
+
+    .. versionadded:: 0.15
+
+
 .. _openssl-session:
 
 Session objects
@@ -614,6 +641,14 @@ Connection objects have the following methods:
     by *bufsize*.
 
 
+.. py:method:: Connection.recv_into(buffer[, nbytes[, flags]])
+
+    Receive data from the Connection and copy it directly into the provided
+    buffer. The return value is the number of bytes read from the connection.
+    The maximum amount of data to be received at once is specified by *nbytes*.
+    *flags* is accepted for compatibility with ``socket.recv_into`` but its
+    value is ignored.
+
 .. py:method:: Connection.bio_write(bytes)
 
     If the Connection was created with a memory BIO, this method can be used to add
@@ -806,6 +841,15 @@ Connection objects have the following methods:
     .. versionadded:: 0.15
 
 
+.. py:method:: Connection.get_next_proto_negotiated():
+
+    Get the protocol that was negotiated by Next Protocol Negotiation. Returns
+    a bytestring of the protocol name. If no protocol has been negotiated yet,
+    returns an empty string.
+
+    .. versionadded:: 0.15
+
+
 .. Rubric:: Footnotes
 
 .. [#connection-context-socket] Actually, all that is required is an object that