diff options
author | Jean-Paul Calderone <exarkun@twistedmatrix.com> | 2014-04-18 22:00:10 -0400 |
---|---|---|
committer | Jean-Paul Calderone <exarkun@twistedmatrix.com> | 2014-04-18 22:00:10 -0400 |
commit | c09fd581772ebe9d30bcf6b24665b4b75175029b (patch) | |
tree | 7b75907547593638e7fabe393cfb4bc7447ac35f /doc | |
parent | f43678bc99019f55908752f9885f680cd70d42ca (diff) | |
download | pyopenssl-c09fd581772ebe9d30bcf6b24665b4b75175029b.tar.gz |
Switch to an explicit curve object.
Happily, this eliminates just about all of the error cases.
Diffstat (limited to 'doc')
-rw-r--r-- | doc/api/crypto.rst | 22 | ||||
-rw-r--r-- | doc/api/ssl.rst | 27 |
2 files changed, 27 insertions, 22 deletions
diff --git a/doc/api/crypto.rst b/doc/api/crypto.rst index ee93cfb..974e516 100644 --- a/doc/api/crypto.rst +++ b/doc/api/crypto.rst @@ -119,6 +119,28 @@ Generic exception used in the :py:mod:`.crypto` module. +.. py:function:: get_elliptic_curves + + Return a set of objects representing the elliptic curves supported in the + OpenSSL build in use. + + The curve objects have a :py:class:`unicode` ``name`` attribute by which + they identifying themselves. + + The curve objects are useful as values for the argument accepted by + :py:meth:`Context.set_tmp_ecdh_curve` to specify which elliptical curve + should be used for ECDHE key exchange. + + +.. py:function:: get_elliptic_curve + + Return a single curve object selected by name. + + See :py:func:`get_elliptic_curves` for information about curve objects. + + If the named curve is not supported then :py:class:`ValueError` is raised. + + .. py:function:: dump_certificate(type, cert) Dump the certificate *cert* into a buffer string encoded with the type diff --git a/doc/api/ssl.rst b/doc/api/ssl.rst index b7eca70..9016e98 100644 --- a/doc/api/ssl.rst +++ b/doc/api/ssl.rst @@ -110,17 +110,6 @@ Context, Connection. .. versionadded:: 0.14 -.. py:data:: ELLIPTIC_CURVE_DESCRIPTIONS - - A dictionary mapping short names of elliptic curves to textual - descriptions. This dictionary contains exactly the set of curves - supported by the OpenSSL build in use. - - The keys are the curve names that can be passed into - Constants used with :py:meth:`Context.set_tmp_ecdh_curve` to - specify which elliptical curve should be used for ECDHE key exchange. - - .. py:data:: OPENSSL_VERSION_NUMBER An integer giving the version number of the OpenSSL library used to build this @@ -327,21 +316,15 @@ Context objects have the following methods: Load parameters for Ephemeral Diffie-Hellman from *dhfile*. -.. py:method:: Context.set_tmp_ecdh_curve(curve_name) - Select a curve to use for ECDHE key exchange. +.. py:method:: Context.set_tmp_ecdh_curve(curve) - The valid values of *curve_name* are the keys in - :py:data:`ELLIPTIC_CURVE_DESCRIPTIONS`. + Select a curve to use for ECDHE key exchange. - Raises a subclass of ``ValueError`` if the linked OpenSSL was not - compiled with elliptical curve support or the specified curve is - not available. You can check the specific subclass, but, in - general, you should just handle ``ValueError``. + The valid values of *curve* are the objects returned by + :py:func:`OpenSSL.crypto.get_elliptic_curves` or + :py:func:`OpenSSL.crypto.get_elliptic_curve`. - :param curve_name: The 'short name' of a curve, e.g. 'prime256v1' - :type curve_name: str - :return: None .. py:method:: Context.set_app_data(data) |