| Server IP : 192.158.238.246 / Your IP : 3.142.201.222 Web Server : LiteSpeed System : Linux uniform.iwebfusion.net 4.18.0-553.27.1.lve.1.el8.x86_64 #1 SMP Wed Nov 20 15:58:00 UTC 2024 x86_64 User : jenniferflocom ( 1321) PHP Version : 8.1.32 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : OFF | Pkexec : OFF Directory : /opt/alt/python37/lib/python3.7/site-packages/OpenSSL/__pycache__/ |
Upload File : |
B
����uŹY~1�����������������@���sx��d�dl�Z�d�dlZd�dlmZ�d�dlmZmZ�d�dlmZm Z �d�dl
m
Z
�d�dl
m
Z
�d�dlmZ�d�dlmZmZmZmZ�d�d lmZmZmZ
m
Z
m Z m!Z"m#Z$m%Z&m'Z(�d�d
l)m*Z*m+Z+m,Z,m-Z-m.Z.m/Z/�ye0Z1W�n$�e2k
r����G�d
d
��d
e3�Z1Y�nX�ye4Z5W�n&�e2k
�r ���G�d
d��de3�Z5Y�nX�e
j6Z6e
j7Z7e
j8Z8e
j9Z9e
j:Z:e
j;Z;e
j<Z=e
j>Z?dZ@dZAdZBdZCdZDdZEe
jFZGe
jHZIe
jJZKe
jLZMe
jNZOe
jPZQe
jRZSe
jTZUe
jVZWe
jXZYe
jZZ[e
j\Z]e
j^Z_e
j`Zae
jbZce
jdZee
jfZge
jhZie
jjZke
jlZme
jnZoe
jpZqe
jrZse
jtZue
jvZwe
jxZye
jzZ{e
j|Z}e
j~Ze
j�Z�e
j�Z�e
j�Z�e
j�Z�e
j�Z�e
j�Z�e
j�Z�e
j�Z�e
j�Z�e
j�Z�e
j�Z�e
j�Z�e
j�Z�e
j�Z�e
j�Z�e
j�Z�e
j��r�e
j�Z�e
j�Z�e
j�Z�e
j�Z�e
j�Z�e
j�Z�e
j�Z�e
j�Z�e
j�Z�e
j�Z�e
j�Z�e
j�Z�e
j�Z�e
j�Z�e
j�Z�e
j�Z�e
j�Z�dddddgZ�dgZ�dZ�d
Z�G�d
d
��d
e��Z�eee��Z�e e��Z�G�d d ��d e��Z�G�d!d"��d"e��Z�G�d#d$��d$e��Z�G�d%d&��d&e��Z�G�d'd(��d(e��Z�G�d)d*��d*e3�Z�G�d+d,��d,e��Z�G�d-d.��d.e��Z�G�d/d0��d0e��Z�G�d1d2��d2e��Z�G�d3d4��d4e��Z�G�d5d6��d6e��Z�d7d8��Z�d9d:��Z�d;d<��Z�e�e
j�d=�Z�e�e
j�d>�Z�e�e
j�d?�Z�G�d@dA��dAe3�Z�G�dBdC��dCe3�Z�ee�e�dDeσZ�G�dEdF��dFe3�Z�ee�e�dGeσZ�e
�ӡ��dS�)H�����N)�platform)�wraps�partial)�count�chain)�WeakValueDictionary)� errorcode)�
deprecated)�
binary_type�
integer_types�int2byte�
indexbytes) �
UNSPECIFIED�exception_from_error_queue�ffi�lib�
make_assert�native�
path_string�text_to_bytes_and_warn�no_zero_allocator)�
FILETYPE_PEM�_PassphraseHelper�PKey�X509Name�X509� X509Storec���������������@���s
���e�Zd�ZdS�)�
_memoryviewN)�__name__�
__module__�
__qualname__��r!���r!����</opt/alt/python37/lib/python3.7/site-packages/OpenSSL/SSL.pyr
���!���s���r
���c���������������@���s
���e�Zd�ZdS�)�_bufferN)r
���r ���r ���r!���r!���r!���r"���r#���'���s���r#���������������������������z"/etc/ssl/certs/ca-certificates.crtz /etc/pki/tls/certs/ca-bundle.crtz/etc/ssl/ca-bundle.pemz/etc/pki/tls/cacert.pemz1/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pemz/etc/ssl/certss$���/opt/pyca/cryptography/openssl/certss'���/opt/pyca/cryptography/openssl/cert.pemc���������������@���s���e�Zd�ZdZdS�)�Errorz4
An error occurred in an `OpenSSL.SSL` API.
N)r
���r ���r ����__doc__r!���r!���r!���r"���r*�������s���r*���c���������������@���s
���e�Zd�ZdS�)�
WantReadErrorN)r
���r ���r ���r!���r!���r!���r"���r,�������s���r,���c���������������@���s
���e�Zd�ZdS�)�WantWriteErrorN)r
���r ���r ���r!���r!���r!���r"���r-�������s���r-���c���������������@���s
���e�Zd�ZdS�)�WantX509LookupErrorN)r
���r ���r ���r!���r!���r!���r"���r.�������s���r.���c���������������@���s
���e�Zd�ZdS�)�ZeroReturnErrorN)r
���r ���r ���r!���r!���r!���r"���r/�������s���r/���c���������������@���s
���e�Zd�ZdS�)�
SysCallErrorN)r
���r ���r ���r!���r!���r!���r"���r0�������s���r0���c���������������@���s ���e�Zd�ZdZdd��Zdd��ZdS�)�_CallbackExceptionHelpera���
A base class for wrapper classes that allow for intelligent exception
handling in OpenSSL callbacks.
:ivar list _problems: Any exceptions that occurred while executing in a
context where they could not be raised in the normal way. Typically
this is because OpenSSL has called into some Python code and requires a
return value. The exceptions are saved to be raised later when it is
possible to do so.
c�������������C���s
���g�|�_�d�S�)N)� _problems)�selfr!���r!���r"����__init__����s����z!_CallbackExceptionHelper.__init__c�������������C���s6���|�j�r2y
t���W�n�tk
r$���Y�nX�|�j��d��dS�)z�
Raise an exception from the OpenSSL error queue or that was previously
captured whe running a callback.
r���N)r2����_raise_current_errorr*����pop)r3���r!���r!���r"����raise_if_problem����s
����
z)_CallbackExceptionHelper.raise_if_problemN)r
���r ���r ���r+���r4���r7���r!���r!���r!���r"���r1�������s���
r1���c���������������@���s���e�Zd�ZdZdd��ZdS�)�
_VerifyHelperz^
Wrap a callback such that it can be used as a certificate verification
callback.
c����������������s2���t�����t������fdd��}t�d|��_d�S�)Nc�������
���
������s����t��t��}t�|�|_t�|�}t�|�}t���}t�||�}t j
|�}y��|||||��}W�n.�t
k
r��} �z�j
�
| ��dS�d�} ~ X�Y�n
X�|r�t�|tj��dS�dS�d�S�)Nr���r$���)r����__new__�_libZ X509_STORE_CTX_get_current_cert�_x509ZX509_STORE_CTX_get_errorZ
X509_STORE_CTX_get_error_depthZ"SSL_get_ex_data_X509_STORE_CTX_idxZX509_STORE_CTX_get_ex_data�
Connection�_reverse_mapping� Exceptionr2����appendZX509_STORE_CTX_set_errorZ X509_V_OK)
�okZ store_ctx�certZ
error_numberZ
error_depth�index�sslZ
connection�result�e)�callbackr3���r!���r"����wrapper����s"����
z'_VerifyHelper.__init__.<locals>.wrapperz
int (*)(int, X509_STORE_CTX *))r1���r4���r����_ffirF���)r3���rF���rG���r!���)rF���r3���r"���r4�������s����
z_VerifyHelper.__init__N)r
���r ���r ���r+���r4���r!���r!���r!���r"���r8�������s���r8���c���������������@���s���e�Zd�ZdZdd��ZdS�)�_NpnAdvertiseHelperzT
Wrap a callback such that it can be used as an NPN advertisement callback.
c����������������s2���t�����t������fdd��}t�d|��_d�S�)Nc����������
������s����ynt�j|��}��|�}d�t�dd��|D����}t�dt|��t�d|�g|_|jd�d�|d<�|jd�|d<�dS��t k
r��}�z�j
�
|��dS�d�}~X�Y�nX�d�S�) N�����c�������������s���s
���|�]}t�t|��|fV��qd�S�)N)r
����len)�.0�pr!���r!���r"���� <genexpr>
��s����z@_NpnAdvertiseHelper.__init__.<locals>.wrapper.<locals>.<genexpr>zunsigned int *zunsigned char[]r���r$���r%���)
r<���r=����joinr����
from_iterablerH����newrK����
_npn_advertise_callback_argsr>���r2���r?���)rC����out�outlen�arg�conn�protos�protostrrE���)rF���r3���r!���r"���rG�����s����
z-_NpnAdvertiseHelper.__init__.<locals>.wrapperz>int (*)(SSL *, const unsigned char **, unsigned int *, void *))r1���r4���r���rH���rF���)r3���rF���rG���r!���)rF���r3���r"���r4�������s
����
z
_NpnAdvertiseHelper.__init__N)r
���r ���r ���r+���r4���r!���r!���r!���r"���rI�������s���rI���c���������������@���s���e�Zd�ZdZdd��ZdS�)�_NpnSelectHelperzP
Wrap a callback such that it can be used as an NPN selection callback.
c����������������s2���t�����t������fdd��}t�d|��_d�S�)Nc�������
���
������s����y�t�j|��}t�||�d�d���}g�}x<|r`t|d�} |d| d���}
|�|
��|| d�d���}q&W���||�}
t�dt|
��t�d|
�g|_|jd�d�|d<�|jd�|d<�dS��t k
r��}
�z�j
�|
��dS�d�}
~
X�Y�nX�d�S�)Nr���r$���zunsigned char *zunsigned char[]r%���)
r<���r=���rH����bufferr
���r?���rQ���rK����_npn_select_callback_argsr>���r2���)
rC���rS���rT����in_�inlenrU���rV����instr� protolist�l�proto�outstrrE���)rF���r3���r!���r"���rG���+��s$����
z*_NpnSelectHelper.__init__.<locals>.wrapperz^int (*)(SSL *, unsigned char **, unsigned char *, const unsigned char *, unsigned int, void *))r1���r4���r���rH���rF���)r3���rF���rG���r!���)rF���r3���r"���r4���(��s
����
"z_NpnSelectHelper.__init__N)r
���r ���r ���r+���r4���r!���r!���r!���r"���rY���#��s���rY���c���������������@���s���e�Zd�ZdZdd��ZdS�)�_ALPNSelectHelperzQ
Wrap a callback such that it can be used as an ALPN selection callback.
c����������������s2���t�����t������fdd��}t�d|��_d�S�)Nc�������
���
������s����y�t�j|��}t�||�d�d���}g�}x<|r`t|d�} |d| d���}
|�|
��|| d�d���}q&W���||�}
t|
t�s~td��t� dt
|
��t� d|
�g|_
|j
d�d�|d<�|j
d�|d<�dS��t
k
r��}
�z�j
�|
��dS�d�}
~
X�Y�nX�d�S�)Nr���r$���z'ALPN callback must return a bytestring.zunsigned char *zunsigned char[]r%���)r<���r=���rH���rZ���r
���r?����
isinstance�
_binary_type� TypeErrorrQ���rK����_alpn_select_callback_argsr>���r2���)
rC���rS���rT���r\���r]���rU���rV���r^���r_���Z
encoded_lenra���rb���rE���)rF���r3���r!���r"���rG���\��s(����
z+_ALPNSelectHelper.__init__.<locals>.wrapperz^int (*)(SSL *, unsigned char **, unsigned char *, const unsigned char *, unsigned int, void *))r1���r4���r���rH���rF���)r3���rF���rG���r!���)rF���r3���r"���r4���Y��s
����
$z_ALPNSelectHelper.__init__N)r
���r ���r ���r+���r4���r!���r!���r!���r"���rc���T��s���rc���c���������������@���s���e�Zd�ZdZdd��ZdS�)�_OCSPServerCallbackHelpera���
Wrap a callback such that it can be used as an OCSP callback for the server
side.
Annoyingly, OpenSSL defines one OCSP callback but uses it in two different
ways. For servers, that callback is expected to retrieve some OCSP data and
hand it to OpenSSL, and may return only SSL_TLSEXT_ERR_OK,
SSL_TLSEXT_ERR_FATAL, and SSL_TLSEXT_ERR_NOACK. For clients, that callback
is expected to check the OCSP data, and returns a negative value on error,
0 if the response is not acceptable, or positive if it is. These are
mutually exclusive return code behaviours, and they mean that we need two
helpers so that we always return an appropriate error code if the user's
code throws an exception.
Given that we have to have two helpers anyway, these helpers are a bit more
helpery than most: specifically, they hide a few more of the OpenSSL
functions so that the user has an easier time writing these callbacks.
This helper implements the server side.
c����������������s2���t�����t������fdd��}t�d|��_d�S�)Nc����������
������s����y�t�j|��}|tjkr"t�|�}nd�}��||�}t|t�sBtd��|sJdS�t|�}t �
|�}|t�
||�d�d��<�t �
|�||��dS��t
k
r��}�z�j�|��dS�d�}~X�Y�nX�d�S�)Nz'OCSP callback must return a bytestring.r&���r���r%���)r<���r=���rH����NULL�
from_handlerd���re���rf���rK���r:���ZOPENSSL_mallocrZ���Z SSL_set_tlsext_status_ocsp_respr>���r2���r?���)rC����cdatarV����data� ocsp_dataZocsp_data_lengthZdata_ptrrE���)rF���r3���r!���r"���rG������s&����
z3_OCSPServerCallbackHelper.__init__.<locals>.wrapperzint (*)(SSL *, void *))r1���r4���r���rH���rF���)r3���rF���rG���r!���)rF���r3���r"���r4������s����
,z"_OCSPServerCallbackHelper.__init__N)r
���r ���r ���r+���r4���r!���r!���r!���r"���rh������s���rh���c���������������@���s���e�Zd�ZdZdd��ZdS�)�_OCSPClientCallbackHelpera���
Wrap a callback such that it can be used as an OCSP callback for the client
side.
Annoyingly, OpenSSL defines one OCSP callback but uses it in two different
ways. For servers, that callback is expected to retrieve some OCSP data and
hand it to OpenSSL, and may return only SSL_TLSEXT_ERR_OK,
SSL_TLSEXT_ERR_FATAL, and SSL_TLSEXT_ERR_NOACK. For clients, that callback
is expected to check the OCSP data, and returns a negative value on error,
0 if the response is not acceptable, or positive if it is. These are
mutually exclusive return code behaviours, and they mean that we need two
helpers so that we always return an appropriate error code if the user's
code throws an exception.
Given that we have to have two helpers anyway, these helpers are a bit more
helpery than most: specifically, they hide a few more of the OpenSSL
functions so that the user has an easier time writing these callbacks.
This helper implements the client side.
c����������������s2���t�����t������fdd��}t�d|��_d�S�)Nc������� ���
������s����yxt�j|��}|tjkr"t�|�}nd�}t�d�}t�|�|�}|dk�rJd}nt�|d�|�d�d���}��|||�}t t
|��S��t
k
r��}�z�j
�
|��dS�d�}~X�Y�nX�d�S�)Nzunsigned char **r���rJ������)r<���r=���rH���ri���rj���rQ���r:���Z SSL_get_tlsext_status_ocsp_resprZ����int�boolr>���r2���r?���) rC���rk���rV���rl���Zocsp_ptrZocsp_lenrm���ZvalidrE���)rF���r3���r!���r"���rG������s
����
z3_OCSPClientCallbackHelper.__init__.<locals>.wrapperzint (*)(SSL *, void *))r1���r4���r���rH���rF���)r3���rF���rG���r!���)rF���r3���r"���r4������s����
z"_OCSPClientCallbackHelper.__init__N)r
���r ���r ���r+���r4���r!���r!���r!���r"���rn������s���rn���c�������������C���sd���d�}t�|�t�s(t|�dd��}|d�k r(|��}�t�|�t�r6|�}t�|t�sJtd��n|dk�r`td|f���|S�)N�filenoz3argument must be an int, or have a fileno() method.r���z1file descriptor cannot be a negative integer (%i))rd���r
����getattrrf����
ValueError)�obj�fd�methr!���r!���r"����_asFileDescriptor
��s����
rx���c�������������C���s���t��t�|���S�)z�
Return a string describing the version of OpenSSL in use.
:param type: One of the SSLEAY_ constants defined in this module.
)rH����stringr:����SSLeay_version)�typer!���r!���r"���rz���
��s����rz���c����������������s������fdd�}|S�)a���
Builds a decorator that ensures that functions that rely on OpenSSL
functions that are not present in this build raise NotImplementedError,
rather than AttributeError coming out of cryptography.
:param flag: A cryptography flag that guards the functions, e.g.
``Cryptography_HAS_NEXTPROTONEG``.
:param error: The string to be used in the exception if the flag is false.
c����������������s$����s
t�|����fdd��}|S�|�S�d�S�)Nc�������������� ���s
���t�����d�S�)N)�NotImplementedError)�args�kwargs)�errorr!���r"����explode2��s����z<_make_requires.<locals>._requires_decorator.<locals>.explode)r���)�funcr����)r����flagr!���r"����_requires_decorator0��s����z+_make_requires.<locals>._requires_decoratorr!���)r����r���r����r!���)r���r����r"����_make_requires&��s����
r����zNPN not availablezALPN not availablezSNI not availablec���������������@���s
���e�Zd�ZdS�)�SessionN)r
���r ���r ���r!���r!���r!���r"���r����K��s���r����c������������
���@���s���e�Zd�ZdZededededede diZ
e
dd ��e
�
��D���Z
d
d
��Z
dcd
d�Zdd��Zdddd�Zdd��Zdd��Zdd��Zdd��Zefdd
�Zd
d
��Zd d ��Zd!d"��Zefd#d$�Zd%d&��Z
d'd(��Z
d)d*��Z
d+d,��Z d-d.��Z d/d0��Z!d1d2��Z"d3d4��Z#d5d6��Z$d7d8��Z%d9d:��Z&d;d<��Z'd=d>��Z(d?d@��Z)dAdB��Z*dCdD��Z+dEdF��Z,dGdH��Z-dIdJ��Z.dKdL��Z/dMdN��Z0dOdP��Z1dQdR��Z2e3dSdT���Z4e5dUdV���Z6e5dWdX���Z7e8dYdZ���Z9e8d[d\���Z:d]d^��Z;ded_d`�Z<dfdadb�Z=d
S�)g�Contextzn
:class:`OpenSSL.SSL.Context` instances define the parameters for setting
up new SSL connections.
Z
SSLv2_methodZ
SSLv3_methodZ
SSLv23_methodZ
TLSv1_methodZTLSv1_1_methodZTLSv1_2_methodc�������������c���s0���|�](\}}t�t|d��d�k r|t�t|�fV��qd�S�)N)rs���r:���)rL����
identifier�namer!���r!���r"���rN���]��s���zContext.<genexpr>c�������������C���s&��t�|t�std��y|�j|�}W�n
�tk
r<���td��Y�nX�|��}t|tjk��t �
|�}t|tjk��t�
|t j
�}y
t �
|d�}t|dk��W�n�tk
r����Y�nX�||�_d|�_d|�_d|�_d|�_d|�_d|�_d|�_d|�_d|�_d|�_d|�_d|�_d|�_
d|�_
d|�_
d|�_ d|�_ |��!t j"��dS�)zo
:param method: One of SSLv2_METHOD, SSLv3_METHOD, SSLv23_METHOD, or
TLSv1_METHOD.
zmethod must be an integerzNo such protocolr$���N)#rd���r
���rf����_methods�KeyErrorrt����_openssl_assertrH���ri���r:���Z
SSL_CTX_new�gcZ
SSL_CTX_freeZSSL_CTX_set_ecdh_auto�AttributeError�_context�_passphrase_helper�_passphrase_callback�_passphrase_userdata�_verify_helper�_verify_callback�_info_callback�_tlsext_servername_callback� _app_data�_npn_advertise_helper�_npn_advertise_callback�_npn_select_helper�_npn_select_callback�_alpn_select_helper�_alpn_select_callback�
_ocsp_helper�_ocsp_callback�
_ocsp_data�set_modeZ
SSL_MODE_ENABLE_PARTIAL_WRITE)r3����methodZ
method_funcZ
method_obj�context�resr!���r!���r"���r4���a��sF����
zContext.__init__Nc�������������C���sN���|dkrt�j}nt|�}|dkr(t�j}nt|�}t�|�j||�}|sJt���dS�)aX��
Let SSL know where we can find trusted certificates for the certificate
chain
:param cafile: In which file we can find the certificates (``bytes`` or
``unicode``).
:param capath: In which directory we can find the certificates
(``bytes`` or ``unicode``).
:return: None
N)rH���ri����
_path_stringr:���Z
SSL_CTX_load_verify_locationsr����r5���)r3����cafile�capathZ
load_resultr!���r!���r"����load_verify_locations���s����
z
Context.load_verify_locationsc����������������s&���t�������fdd��}tt|ddd�S�)Nc����������������s�����|�|�j��S�)N)r����)�sizeZverify�userdata)rF���r3���r!���r"���rG������s����z'Context._wrap_callback.<locals>.wrapperT)Z more_args�truncate)r���r���r���)r3���rF���rG���r!���)rF���r3���r"����_wrap_callback���s����zContext._wrap_callbackc�������������C���s@���t�|�std��|��|�|�_|�jj|�_t�|�j|�j��||�_ dS�)z�
Set the passphrase callback
:param callback: The Python callback to use
:param userdata: (optional) A Python object which will be given as
argument to the callback
:return: None
zcallback must be callableN)
�callablerf���r����r����rF���r����r:���Z
SSL_CTX_set_default_passwd_cbr����r����)r3���rF���r����r!���r!���r"����
set_passwd_cb���s����
zContext.set_passwd_cbc�������������C���s����t��|�j�}t|dk��t�t������d�}t�t������d�}|�� ||�s�t�t��
���}t�t��
���}|t
kr�|t
kr�|��tt��dS�)z[
Use the platform-specific CA certificate locations
:return: None
r$����asciiN)r:���Z SSL_CTX_set_default_verify_pathsr����r����rH���ry���Z
X509_get_default_cert_dir_env�decodeZ
X509_get_default_cert_file_env�_check_env_vars_setZX509_get_default_cert_dirZX509_get_default_cert_file� _CRYPTOGRAPHY_MANYLINUX1_CA_DIR� _CRYPTOGRAPHY_MANYLINUX1_CA_FILE�
_fallback_default_verify_paths�_CERTIFICATE_FILE_LOCATIONS�_CERTIFICATE_PATH_LOCATIONS)r3����
set_result�
dir_env_var�
file_env_varZ
default_dirZ
default_filer!���r!���r"����set_default_verify_paths���s ����
z Context.set_default_verify_pathsc�������������C���s ���t�j�|�dk p
t�j�|�dk S�)zp
Check to see if the default cert dir/file environment vars are present.
:return: bool
N)�os�environ�get)r3���r����r����r!���r!���r"���r�������s����zContext._check_env_vars_setc�������������C���sR���x$|D�]
}t�j�|�r|��|��P�qW�x&|D�]
}t�j�|�r,|��d|��P�q,W�dS�)aW��
Default verify paths are based on the compiled version of OpenSSL.
However, when pyca/cryptography is compiled as a manylinux1 wheel
that compiled location can potentially be wrong. So, like Go, we
will try a predefined set of paths and attempt to load roots
from there.
:return: None
N)r�����path�isfiler�����isdir)r3���� file_pathZdir_pathr����r����r!���r!���r"���r�������s����
z&Context._fallback_default_verify_pathsc�������������C���s$���t�|�}t�|�j|�}|s t���dS�)z�
Load a certificate chain from a file
:param certfile: The name of the certificate chain file (``bytes`` or
``unicode``).
:return: None
N)r����r:���Z"SSL_CTX_use_certificate_chain_filer����r5���)r3����certfilerD���r!���r!���r"����use_certificate_chain_file��s
����
z"Context.use_certificate_chain_filec�������������C���s8���t�|�}t|t�std��t�|�j||�}|s4t���dS�)z�
Load a certificate from a file
:param certfile: The name of the certificate file (``bytes`` or
``unicode``).
:param filetype: (optional) The encoding of the file, default is PEM
:return: None
zfiletype must be an integerN)r����rd���r
���rf���r:���Z
SSL_CTX_use_certificate_filer����r5���)r3���r�����filetype�
use_resultr!���r!���r"����use_certificate_file ��s����
z
Context.use_certificate_filec�������������C���s0���t�|t�std��t�|�j|j�}|s,t���dS�)zs
Load a certificate from a X509 object
:param cert: The X509 object
:return: None
z
cert must be an X509 instanceN)rd���r���rf���r:���ZSSL_CTX_use_certificater����r;���r5���)r3���rA���r����r!���r!���r"����use_certificate3��s
����
zContext.use_certificatec�������������C���sD���t�|t�std��t�|j�}t�|�j|�}|s@t�|��t ���dS�)z�
Add certificate to chain
:param certobj: The X509 certificate object to add to the chain
:return: None
z certobj must be an X509 instanceN)
rd���r���rf���r:����X509_dupr;���Z
SSL_CTX_add_extra_chain_certr����� X509_freer5���)r3���Zcertobj�copy�
add_resultr!���r!���r"����add_extra_chain_certA��s����
z
Context.add_extra_chain_certc�������������C���s ���|�j�d�k r|�j��t��t���d�S�)N)r����r7���r*���r5���)r3���r!���r!���r"����_raise_passphrase_exceptionR��s����
z#Context._raise_passphrase_exceptionc�������������C���sH���t�|�}|tkrt}nt|t�s(td��t�|�j||�}|sD|�� ���dS�)z�
Load a private key from a file
:param keyfile: The name of the key file (``bytes`` or ``unicode``)
:param filetype: (optional) The encoding of the file, default is PEM
:return: None
zfiletype must be an integerN)
r�����
_UNSPECIFIEDr���rd���r
���rf���r:���ZSSL_CTX_use_PrivateKey_filer����r����)r3���Zkeyfiler����r����r!���r!���r"����use_privatekey_fileX��s����
zContext.use_privatekey_filec�������������C���s2���t�|t�std��t�|�j|j�}|s.|�����dS�)zs
Load a private key from a PKey object
:param pkey: The PKey object
:return: None
z
pkey must be a PKey instanceN)rd���r���rf���r:���ZSSL_CTX_use_PrivateKeyr����Z_pkeyr����)r3���Zpkeyr����r!���r!���r"����use_privatekeym��s
����
zContext.use_privatekeyc�������������C���s���t��|�j�st���dS�)z�
Check that the private key and certificate match up
:return: None (raises an exception if something's wrong)
N)r:���ZSSL_CTX_check_private_keyr����r5���)r3���r!���r!���r"����check_privatekey{��s����
zContext.check_privatekeyc�������������C���s0���t��td|��}t|tjk��t��|�j|��dS�)a%��
Load the trusted certificates that will be sent to the client. Does
not actually imply any of the certificates are trusted; that must be
configured separately.
:param bytes cafile: The path to a certificates file in PEM format.
:return: None
r����N)r:���ZSSL_load_client_CA_file�_text_to_bytes_and_warnr����rH���ri����SSL_CTX_set_client_CA_listr����)r3���r����Zca_listr!���r!���r"����load_client_ca���s����
zContext.load_client_cac�������������C���s*���t�d|�}tt�|�j|t|��dk��dS�)aV��
Set the session id to *buf* within which a session can be reused for
this Context object. This is needed when doing session resumption,
because there is no way for a stored session to know which Context
object it is associated with.
:param bytes buf: The session id.
:returns: None
�bufr$���N)r����r����r:���Z
SSL_CTX_set_session_id_contextr����rK���)r3���r����r!���r!���r"����set_session_id���s����
zContext.set_session_idc�������������C���s ���t�|t�std��t�|�j|�S�)z�
Enable/disable session caching and specify the mode used.
:param mode: One or more of the SESS_CACHE_* flags (combine using
bitwise or)
:returns: The previously set caching mode.
zmode must be an integer)rd���r
���rf���r:���Z
SSL_CTX_set_session_cache_moder����)r3����moder!���r!���r"����set_session_cache_mode���s����
z
Context.set_session_cache_modec�������������C���s
���t��|�j�S�)z:
:returns: The currently used cache mode.
)r:���Z
SSL_CTX_get_session_cache_moder����)r3���r!���r!���r"����get_session_cache_mode���s����z
Context.get_session_cache_modec�������������C���sL���t�|t�std��t|�s"td��t|�|�_|�jj|�_t� |�j
||�j��dS�)aG��
Set the verify mode and verify callback
:param mode: The verify mode, this is either VERIFY_NONE or
VERIFY_PEER combined with possible other flags
:param callback: The Python callback to use
:return: None
See SSL_CTX_set_verify(3SSL) for further details.
zmode must be an integerzcallback must be callableN)
rd���r
���rf���r����r8���r����rF���r����r:���ZSSL_CTX_set_verifyr����)r3���r����rF���r!���r!���r"����
set_verify���s����
zContext.set_verifyc�������������C���s$���t�|t�std��t�|�j|��dS�)zz
Set the verify depth
:param depth: An integer specifying the verify depth
:return: None
zdepth must be an integerN)rd���r
���rf���r:���ZSSL_CTX_set_verify_depthr����)r3����depthr!���r!���r"����set_verify_depth���s����
zContext.set_verify_depthc�������������C���s
���t��|�j�S�)zG
Get the verify mode
:return: The verify mode
)r:���ZSSL_CTX_get_verify_moder����)r3���r!���r!���r"����get_verify_mode���s����zContext.get_verify_modec�������������C���s
���t��|�j�S�)zI
Get the verify depth
:return: The verify depth
)r:���ZSSL_CTX_get_verify_depthr����)r3���r!���r!���r"����get_verify_depth���s����zContext.get_verify_depthc�������������C���sh���t�|�}t�|d�}|tjkr$t���t�|tj�}t�|tjtjtj�}t�|tj �}t�
|�j
|��dS�)z�
Load parameters for Ephemeral Diffie-Hellman
:param dhfile: The file to load EDH parameters from (``bytes`` or
``unicode``).
:return: None
����rN)
r����r:���Z
BIO_new_filerH���ri���r5���r����ZBIO_freeZPEM_read_bio_DHparamsZDH_freeZSSL_CTX_set_tmp_dhr����)r3���Zdhfile�bioZdhr!���r!���r"����
load_tmp_dh���s����
zContext.load_tmp_dhc�������������C���s���t��|�j|�����dS�)a��
Select a curve to use for ECDHE key exchange.
:param curve: A curve object to use as returned by either
:py:meth:`OpenSSL.crypto.get_elliptic_curve` or
:py:meth:`OpenSSL.crypto.get_elliptic_curves`.
:return: None
N)r:���ZSSL_CTX_set_tmp_ecdhr����Z
_to_EC_KEY)r3���Zcurver!���r!���r"����
set_tmp_ecdh���s����
zContext.set_tmp_ecdhc�������������C���s6���t�d|�}t|t�s
td��tt�|�j|�dk��dS�)z�
Set the list of ciphers to be used in this context.
See the OpenSSL manual for more information (e.g.
:manpage:`ciphers(1)`).
:param bytes cipher_list: An OpenSSL cipher string.
:return: None
�
cipher_listz"cipher_list must be a byte string.r$���N)r����rd����bytesrf���r����r:���ZSSL_CTX_set_cipher_listr����)r3���r����r!���r!���r"����set_cipher_list
��s
����
zContext.set_cipher_listc�������������C���s����t����}t|tjk��yjxd|D�]\}t|t�s@tdt|�j f���t��
|j
�}t|tjk��t��
||�}|s
t��
|��t���q
W�W�n���t��|����Y�nX�t��|�j|��dS�)a?��
Set the list of preferred client certificate signers for this server
context.
This list of certificate authorities will be sent to the client when
the server requests a client certificate.
:param certificate_authorities: a sequence of X509Names.
:return: None
z3client CAs must be X509Name objects, not %s objectsN)r:���Zsk_X509_NAME_new_nullr����rH���ri���rd���r���rf���r{���r
����
X509_NAME_dup�_nameZsk_X509_NAME_push�X509_NAME_freer5���Zsk_X509_NAME_freer����r����)r3���Zcertificate_authoritiesZ
name_stackZca_namer����Z
push_resultr!���r!���r"����set_client_ca_list
��s$����
zContext.set_client_ca_listc�������������C���s2���t�|t�std��t�|�j|j�}t|dk��dS�)aI��
Add the CA certificate to the list of preferred signers for this
context.
The list of certificate authorities will be sent to the client when the
server requests a client certificate.
:param certificate_authority: certificate authority's X509 certificate.
:return: None
z.certificate_authority must be an X509 instancer$���N)rd���r���rf���r:���ZSSL_CTX_add_client_CAr����r;���r����)r3���Zcertificate_authorityr����r!���r!���r"����
add_client_caA��s
����
zContext.add_client_cac�������������C���s ���t�|t�std��t�|�j|�S�)z�
Set session timeout
:param timeout: The timeout in seconds
:return: The previous session timeout
ztimeout must be an integer)rd���r
���rf���r:���ZSSL_CTX_set_timeoutr����)r3����timeoutr!���r!���r"����
set_timeoutS��s����
zContext.set_timeoutc�������������C���s
���t��|�j�S�)zO
Get the session timeout
:return: The session timeout
)r:���ZSSL_CTX_get_timeoutr����)r3���r!���r!���r"����
get_timeout_��s����zContext.get_timeoutc����������������s6���t������fdd��}t�d|�|�_t�|�j|�j��dS�)zr
Set the info callback
:param callback: The Python callback to use
:return: None
c����������������s�����t�j|��||��d�S�)N)r<���r=���)rC����whereZ
return_code)rF���r!���r"���rG���n��s����z*Context.set_info_callback.<locals>.wrapperz void (*)(const SSL *, int, int)N)r���rH���rF���r����r:���ZSSL_CTX_set_info_callbackr����)r3���rF���rG���r!���)rF���r"����set_info_callbackg��s����
zContext.set_info_callbackc�������������C���s���|�j�S�)zo
Get the application data (supplied via set_app_data())
:return: The application data
)r����)r3���r!���r!���r"����
get_app_datau��s����zContext.get_app_datac�������������C���s
���||�_�dS�)z�
Set the application data (will be returned from get_app_data())
:param data: Any Python object
:return: None
N)r����)r3���rl���r!���r!���r"����
set_app_data}��s����zContext.set_app_datac�������������C���s.���t��|�j�}|tjkrdS�t�t�}||_|S�)z�
Get the certificate store for the context.
:return: A X509Store object or None if it does not have one.
N)r:���ZSSL_CTX_get_cert_storer����rH���ri���r
���r9���Z_store)r3����storeZpystorer!���r!���r"����get_cert_store���s
����
zContext.get_cert_storec�������������C���s ���t�|t�std��t�|�j|�S�)z�
Add options. Options set before are not cleared!
:param options: The options to add.
:return: The new option bitmask.
zoptions must be an integer)rd���r
���rf���r:���ZSSL_CTX_set_optionsr����)r3����optionsr!���r!���r"����
set_options���s����
zContext.set_optionsc�������������C���s ���t�|t�std��t�|�j|�S�)z�
Add modes via bitmask. Modes set before are not cleared!
:param mode: The mode to add.
:return: The new mode bitmask.
zmode must be an integer)rd���r
���rf���r:���ZSSL_CTX_set_moder����)r3���r����r!���r!���r"���r�������s����
zContext.set_modec����������������s6���t������fdd��}t�d|�|�_t�|�j|�j��dS�)z�
Specify a callback function to be called when clients specify a server
name.
:param callback: The callback function. It will be invoked with one
argument, the Connection instance.
c����������������s�����t�j|����dS�)Nr���)r<���r=���)rC���ZalertrU���)rF���r!���r"���rG������s����z7Context.set_tlsext_servername_callback.<locals>.wrapperz#int (*)(const SSL *, int *, void *)N)r���rH���rF���r����r:���Z&SSL_CTX_set_tlsext_servername_callbackr����)r3���rF���rG���r!���)rF���r"����
set_tlsext_servername_callback���s
����
z&Context.set_tlsext_servername_callbackc�������������C���s,���t�|�|�_|�jj|�_t�|�j|�jtj��dS�)a���
Specify a callback function that will be called when offering `Next
Protocol Negotiation
<https://technotes.googlecode.com/git/nextprotoneg.html>`_ as a server.
:param callback: The callback function. It will be invoked with one
argument, the Connection instance. It should return a list of
bytestrings representing the advertised protocols, like
``[b'http/1.1', b'spdy/2']``.
N) rI���r����rF���r����r:���Z%SSL_CTX_set_next_protos_advertised_cbr����rH���ri���)r3���rF���r!���r!���r"����set_npn_advertise_callback���s����
z"Context.set_npn_advertise_callbackc�������������C���s,���t�|�|�_|�jj|�_t�|�j|�jtj��dS�)a���
Specify a callback function that will be called when a server offers
Next Protocol Negotiation options.
:param callback: The callback function. It will be invoked with two
arguments: the Connection, and a list of offered protocols as
bytestrings, e.g. ``[b'http/1.1', b'spdy/2']``. It should return
one of those bytestrings, the chosen protocol.
N) rY���r����rF���r����r:���Z SSL_CTX_set_next_proto_select_cbr����rH���ri���)r3���rF���r!���r!���r"����set_npn_select_callback���s����
z Context.set_npn_select_callbackc�������������C���s>���d��t�dd��|D����}t�d|�}t�|�j|t|���dS�)ag��
Specify the clients ALPN protocol list.
These protocols are offered to the server during protocol negotiation.
:param protos: A list of the protocols to be offered to the server.
This list should be a Python list of bytestrings representing the
protocols to offer, e.g. ``[b'http/1.1', b'spdy/2']``.
rJ���c�������������s���s
���|�]}t�t|��|fV��qd�S�)N)r
���rK���)rL���rM���r!���r!���r"���rN������s����z*Context.set_alpn_protos.<locals>.<genexpr>zunsigned char[]N) rO���r���rP���rH���rQ���r:���ZSSL_CTX_set_alpn_protosr����rK���)r3���rW���rX���� input_strr!���r!���r"����set_alpn_protos���s����
zContext.set_alpn_protosc�������������C���s,���t�|�|�_|�jj|�_t�|�j|�jtj��dS�)ab��
Set the callback to handle ALPN protocol choice.
:param callback: The callback function. It will be invoked with two
arguments: the Connection, and a list of offered protocols as
bytestrings, e.g ``[b'http/1.1', b'spdy/2']``. It should return
one of those bytestrings, the chosen protocol.
N) rc���r����rF���r����r:���ZSSL_CTX_set_alpn_select_cbr����rH���ri���)r3���rF���r!���r!���r"����set_alpn_select_callback���s����
z Context.set_alpn_select_callbackc�������������C���sh���||�_�|j|�_|dkr tj|�_n
t�|�|�_t�|�j |�j�}t
|dk��t�
|�j |�j�}t
|dk��dS�)z�
This internal helper does the common work for
``set_ocsp_server_callback`` and ``set_ocsp_client_callback``, which is
almost all of it.
Nr$���)
r����rF���r����rH���ri���r����Z
new_handler:���Z
SSL_CTX_set_tlsext_status_cbr����r����Z
SSL_CTX_set_tlsext_status_arg)r3����helperrl����rcr!���r!���r"����_set_ocsp_callback��s����
zContext._set_ocsp_callbackc�������������C���s���t�|�}|��||��dS�)a���
Set a callback to provide OCSP data to be stapled to the TLS handshake
on the server side.
:param callback: The callback function. It will be invoked with two
arguments: the Connection, and the optional arbitrary data you have
provided. The callback must return a bytestring that contains the
OCSP data to staple to the handshake. If no OCSP data is available
for this connection, return the empty bytestring.
:param data: Some opaque data that will be passed into the callback
function when called. This can be used to avoid needing to do
complex data lookups or to keep track of what context is being
used. This parameter is optional.
N)rh���r����)r3���rF���rl���r����r!���r!���r"����set_ocsp_server_callback��s����z Context.set_ocsp_server_callbackc�������������C���s���t�|�}|��||��dS�)a���
Set a callback to validate OCSP data stapled to the TLS handshake on
the client side.
:param callback: The callback function. It will be invoked with three
arguments: the Connection, a bytestring containing the stapled OCSP
assertion, and the optional arbitrary data you have provided. The
callback must return a boolean that indicates the result of
validating the OCSP data: ``True`` if the OCSP data is valid and
the certificate can be trusted, or ``False`` if either the OCSP
data is invalid or the certificate has been revoked.
:param data: Some opaque data that will be passed into the callback
function when called. This can be used to avoid needing to do
complex data lookups or to keep track of what context is being
used. This parameter is optional.
N)rn���r����)r3���rF���rl���r����r!���r!���r"����set_ocsp_client_callback,��s����z Context.set_ocsp_client_callback)N)N)N)N)>r
���r ���r ���r+����
SSLv2_METHOD�
SSLv3_METHOD�
SSLv23_METHOD�
TLSv1_METHOD�TLSv1_1_METHOD�TLSv1_2_METHODr�����dict�itemsr4���r����r����r����r����r����r����r����r���r����r����r����r����r����r����r����r����r����r����r����r����r����r����r����r����r����r����r����r����r����r����r����r����r����r����r����r����r�����
_requires_snir�����
_requires_npnr����r�����_requires_alpnr����r����r����r����r����r!���r!���r!���r"���r����O��sl���2
'
#
r����z4ContextType has been deprecated, use Context insteadc���������������@���s���e�Zd�ZdZe��Zdtdd�Zdd��Zdd��Zd d
��Z d
d
��Z
e
d
d���Z
e
dd���Z
dd��Zdudd�ZeZdvdd�Zdwdd�ZeZdxdd�Zd
d
��Zd
d ��Zd d!��Zd"d#��Zd$d%��Zd&d'��Zd(d)��Zd*d+��Z
d,d-��Z
d.d/��Z
d0d1��Z d2d3��Z d4d5��Z!d6d7��Z"d8d9��Z#d:d;��Z$d<d=��Z%d>d?��Z&d@dA��Z'dBdC��Z(dDdE��Z)dFdG��Z*dHdI��Z+dJdK��Z,dLdM��Z-dNdO��Z.dPdQ��Z/dRdS��Z0dTdU��Z1dVdW��Z2dXdY��Z3dZd[��Z4d\d]��Z5d^d_��Z6d`da��Z7dbdc��Z8ddde��Z9dfdg��Z:dhdi��Z;djdk��Z<e=dldm���Z>e?dndo���Z@e?dpdq���ZAdrds��ZBdS�)yr<���z
Nc�������������C���s����t�|t�std��t�|j�}t�|tj�|�_ ||�_d|�_
d|�_
d|�_
d|�_
|�|�j|�j <�|dkr�d|�_t�t����|�_t|�jtjk��t�t����|�_t|�jtjk��t�|�j |�j|�j��n2d|�_d|�_||�_t�|�j t|�j��}t|dk��dS�)z�
Create a new Connection object, using the given OpenSSL.SSL.Context
instance and socket.
:param context: An SSL Context to use for this connection
:param socket: The socket to use for transport layer
z"context must be a Context instanceNr$���)rd���r����rf���r:���ZSSL_newr����rH���r����ZSSL_free�_sslr����rR���r[���rg���r=����_socketZBIO_newZ BIO_s_mem� _into_sslr����ri���� _from_sslZ
SSL_set_bioZ
SSL_set_fdrx���)r3���r�����socketrC���r����r!���r!���r"���r4���L��s.����
zConnection.__init__c�������������C���s0���|�j�dkr td|�jj|f���n
t|�j�|�S�dS�)zy
Look up attributes on the wrapped socket object if they are not found
on the Connection object.
Nz!'%s' object has no attribute '%s')r
��r����� __class__r
���rs���)r3���r����r!���r!���r"����
__getattr__}��s����
zConnection.__getattr__c�������������C���sT��|�j�jd�k r|�j�j����|�j�jd�k r0|�j�j����|�j�jd�k rH|�j�j����|�j�jd�k r`|�j�j����|�j�jd�k rx|�j�j����t�||�}|tj kr�t
���n�|tj
kr�t
���n�|tj
kr�t���n�|tjkr�t���n�|tjk�r<t���dk�r4|dk��r(tdk�rt���d�}ntj}|dk�r(t|t�|���tdd��nt���n|tjk�rJnt���d�S�)Nr����win32ro���zUnexpected EOF)
r����r����r7���r����r����r����r����r:���Z
SSL_get_errorZSSL_ERROR_WANT_READr,���ZSSL_ERROR_WANT_WRITEr-���ZSSL_ERROR_ZERO_RETURNr/���ZSSL_ERROR_WANT_X509_LOOKUPr.���ZSSL_ERROR_SYSCALLZERR_peek_errorr���rH���Z
getwinerror�errnor0���r���r����r5���ZSSL_ERROR_NONE)r3���rC���rD���r���r��r!���r!���r"����_raise_ssl_error���s@����
zConnection._raise_ssl_errorc�������������C���s���|�j�S�)z%
Get session context
)r����)r3���r!���r!���r"����
get_context���s����zConnection.get_contextc�������������C���s,���t�|t�std��t�|�j|j��||�_dS�)z�
Switch this connection to a new session context
:param context: A :py:class:`Context` instance giving the new session
context to use.
z"context must be a Context instanceN)rd���r����rf���r:���ZSSL_set_SSL_CTXr
��r����)r3���r����r!���r!���r"����
set_context���s����
zConnection.set_contextc�������������C���s(���t��|�jt�j�}|tjkr
dS�t�|�S�)z�
Retrieve the servername extension value if provided in the client hello
message, or None if there wasn't one.
:return: A byte string giving the server name or :py:data:`None`.
N)r:���ZSSL_get_servernamer
��ZTLSEXT_NAMETYPE_host_namerH���ri���ry���)r3���r����r!���r!���r"����get_servername���s
����
zConnection.get_servernamec�������������C���s6���t�|t�std��nd|kr$td��t�|�j|��dS�)z�
Set the value of the servername extension to send in the client hello.
:param name: A byte string giving the name.
zname must be a byte string�����z
name must not contain NUL byteN)rd���r����rf���r:���ZSSL_set_tlsext_host_namer
��)r3���r����r!���r!���r"����set_tlsext_host_name���s
����
z Connection.set_tlsext_host_namec�������������C���s
���t��|�j�S�)z�
Get the number of bytes that can be safely read from the connection
:return: The number of bytes available in the receive buffer.
)r:���Z
SSL_pendingr
��)r3���r!���r!���r"����pending���s����zConnection.pendingr���c�������������C���sz���t�d|�}t|t�r
|���}t|t�r.t|�}t|t�s@td��t|�dkrTt d��t
�
|�j
|t|��}|��
|�j
|��|S�)a���
Send data on the connection. NOTE: If you get one of the WantRead,
WantWrite or WantX509Lookup exceptions on this, you have to call the
method again with the SAME buffer.
:param buf: The string, buffer or memoryview to send
:param flags: (optional) Included for compatibility with the socket
API, the value is ignored
:return: The number of bytes written
r����z0data must be a memoryview, buffer or byte stringi���z,Cannot send more than 2**31-1 bytes at once.)r����rd���r
����tobytesr#����strr����rf���rK���rt���r:���� SSL_writer
��r��)r3���r�����flagsrD���r!���r!���r"����send���s����
zConnection.sendc�������������C���s����t�d|�}t|t�r
|���}t|t�r.t|�}t|t�s@td��t|�}d}t �
d|�}x@|r�t
�
|�j
||�t|d��}|��|�j
|��||7�}||8�}qZW�dS�)a���
Send "all" data on the connection. This calls send() repeatedly until
all data is sent. If an error occurs, it's impossible to tell how much
data has been sent.
:param buf: The string, buffer or memoryview to send
:param flags: (optional) Included for compatibility with the socket
API, the value is ignored
:return: The number of bytes written
r����z/buf must be a memoryview, buffer or byte stringr���zchar[]i���N)r����rd���r
���r��r#���r
��r����rf���rK���rH���rQ���r:���r
��r
���minr��)r3���r����r
��Z
left_to_send�
total_sentrl���rD���r!���r!���r"����sendall��s$����
zConnection.sendallc�������������C���s`���t�d|�}|dk r.|tj@�r.t�|�j||�}nt�|�j||�}|��|�j|��t� ||�dd��S�)a��
Receive data on the connection.
:param bufsiz: The maximum number of bytes to read
:param flags: (optional) The only supported flag is ``MSG_PEEK``,
all other flags are ignored.
:return: The string read from the Connection
zchar[]N)
�_no_zero_allocatorr���MSG_PEEKr:����SSL_peekr
���SSL_readr��rH���rZ���)r3����bufsizr
��r����rD���r!���r!���r"����recv,��s
����
zConnection.recvc�������������C���s����|dkrt�|�}nt|t�|��}td|�}|dk rN|tj@�rNt�|�j||�}nt�|�j||�}|�� |�j|��y
t
t
�
||��|d|�<�W�n(�t
k
r����t
�
||�|d|�<�Y�nX�|S�)aW��
Receive data on the connection and store the data into a buffer rather
than creating a new string.
:param buffer: The buffer to copy into.
:param nbytes: (optional) The maximum number of bytes to read into the
buffer. If not present, defaults to the size of the buffer. If
larger than the size of the buffer, is reduced to the size of the
buffer.
:param flags: (optional) The only supported flag is ``MSG_PEEK``,
all other flags are ignored.
:return: The number of bytes read into the buffer.
Nzchar[])rK���r ��r#��r��r$��r:���r%��r
��r&��r���
memoryviewrH���rZ���� NameError)r3���rZ����nbytesr
��r����rD���r!���r!���r"���� recv_into>��s����
zConnection.recv_intoc�������������C���sV���t��|�rLt��|�r
t���qRt��|�r.t���qRt��|�rBtd��qRtd��nt���d�S�)N�BIO_should_io_specialzunknown bio failure) r:���ZBIO_should_retryZBIO_should_readr,���ZBIO_should_writer-���r-��rt���r5���)r3���r����rD���r!���r!���r"����_handle_bio_errorsg��s����
z
Connection._handle_bio_errorsc�������������C���sh���|�j�dkrtd��t|t�s$td��td|�}t�|�j�||�}|dkrT|��|�j�|��t� ||�dd��S�)z�
When using non-socket connections this function reads the "dirty" data
that would have traveled away on the network.
:param bufsiz: The maximum number of bytes to read
:return: The string read.
Nz
Connection sock was not Nonezbufsiz must be an integerzchar[]r���)
r��rf���rd���r
���r#��r:���ZBIO_readr.��rH���rZ���)r3���r'��r����rD���r!���r!���r"����bio_ready��s����
zConnection.bio_readc�������������C���sJ���t�d|�}|�jdkr
td��t�|�j|t|��}|dkrF|��|�j|��|S�)z�
When using non-socket connections this function sends "dirty" data that
would have traveled in on the network.
:param buf: The string to put into the memory BIO.
:return: The number of bytes written
r����Nz
Connection sock was not Noner���)r����r
��rf���r:���Z BIO_writerK���r.��)r3���r����rD���r!���r!���r"���� bio_write���s����
zConnection.bio_writec�������������C���s$���|�����s tt�|�j�dk��dS�dS�)z�
Renegotiate the session.
:return: True if the renegotiation can be started, False otherwise
:rtype: bool
r$���TF)�renegotiate_pendingr����r:���ZSSL_renegotiater
��)r3���r!���r!���r"����
renegotiate���s����zConnection.renegotiatec�������������C���s
���t��|�j�}|��|�j|��dS�)z�
Perform an SSL handshake (usually called after renegotiate() or one of
set_*_state()). This can raise the same exceptions as send and recv.
:return: None.
N)r:���ZSSL_do_handshaker
��r��)r3���rD���r!���r!���r"����
do_handshake���s����
zConnection.do_handshakec�������������C���s���t��|�j�dkS�)z�
Check if there's a renegotiation in progress, it will return False once
a renegotiation is finished.
:return: Whether there's a renegotiation in progress
:rtype: bool
r$���)r:���ZSSL_renegotiate_pendingr
��)r3���r!���r!���r"���r1�����s����z
Connection.renegotiate_pendingc�������������C���s
���t��|�j�S�)z�
Find out the total number of renegotiations.
:return: The number of renegotiations.
:rtype: int
)r:���ZSSL_total_renegotiationsr
��)r3���r!���r!���r"����total_renegotiations���s����z Connection.total_renegotiationsc�������������C���s���t��|�j��|�j�|�S�)z�
Connect to remote host and set up client-side SSL
:param addr: A remote address
:return: What the socket's connect method returns
)r:����SSL_set_connect_stater
��r
���connect)r3����addrr!���r!���r"���r6�����s����
zConnection.connectc�������������C���s���|�j�j}|�����||�S�)a��
Connect to remote host and set up client-side SSL. Note that if the
socket's connect_ex method doesn't return 0, SSL won't be initialized.
:param addr: A remove address
:return: What the socket's connect_ex method returns
)r
���
connect_ex�set_connect_state)r3���r7��r8��r!���r!���r"���r8�����s����zConnection.connect_exc�������������C���s*���|�j����\}}t|�j|�}|����||fS�)z�
Accept incoming connection and set up SSL on it
:return: A (conn,addr) pair where conn is a Connection and addr is an
address
)r
���acceptr<���r�����set_accept_state)r3���Zclientr7��rV���r!���r!���r"���r:�����s����
zConnection.acceptc�������������C���s$���|�j�dkrtd��t�|�jd��dS�)z�
When using non-socket connections this function signals end of
data on the input for this connection.
:return: None
Nz
Connection sock was not Noner���)r��rf���r:���ZBIO_set_mem_eof_returnr
��)r3���r!���r!���r"����
bio_shutdown���s����
zConnection.bio_shutdownc�������������C���s8���t��|�j�}|dk�r$|��|�j|��n|dkr0dS�dS�dS�)a��
Send closure alert
:return: True if the shutdown completed successfully (i.e. both sides
have sent closure alerts), false otherwise (i.e. you have to
wait for a ZeroReturnError on a recv() method call
r���TFN)r:���Z
SSL_shutdownr
��r��)r3���rD���r!���r!���r"����shutdown���s
����
zConnection.shutdownc�������������C���sF���g�}x<t���D�]2}t�|�j|�}|tjkr*P�|�tt�|����q
W�|S�)z�
Retrieve the list of ciphers used by the Connection object.
:return: A list of native cipher strings.
) r���r:���ZSSL_get_cipher_listr
��rH���ri���r?����_nativery���)r3���Zciphers�irD���r!���r!���r"����get_cipher_list��s����
zConnection.get_cipher_listc�������������C���s����t��|�j�}|tjkrg�S�g�}x^tt��|��D�]L}t��||�}t��|�}t |tjk��t
�
t
�}t�
|t�j
�|_|�|��q.W�|S�)a���
Get CAs whose certificates are suggested for client authentication.
:return: If this is a server connection, a list of X509Names
representing the acceptable CAs as set by
:py:meth:`OpenSSL.SSL.Context.set_client_ca_list` or
:py:meth:`OpenSSL.SSL.Context.add_client_ca`. If this is a client
connection, the list of such X509Names sent by the server, or an
empty list if that has not yet happened.
)r:���ZSSL_get_client_CA_listr
��rH���ri����rangeZsk_X509_NAME_numZsk_X509_NAME_valuer����r����r���r9���r����r����r����r?���)r3���Zca_namesrD���r?��r����r����Zpynamer!���r!���r"����get_client_ca_list��s����
z
Connection.get_client_ca_listc�������������C���s
���t�d��dS�)z�
The makefile() method is not implemented, since there is no dup
semantics for SSL connections
:raise: NotImplementedError
z1Cannot make file object of OpenSSL.SSL.ConnectionN)r|���)r3���r!���r!���r"����makefile0��s����zConnection.makefilec�������������C���s���|�j�S�)zM
Get application data
:return: The application data
)r����)r3���r!���r!���r"���r����:��s����zConnection.get_app_datac�������������C���s
���||�_�dS�)zh
Set application data
:param data - The application data
:return: None
N)r����)r3���rl���r!���r!���r"���r����B��s����zConnection.set_app_datac�������������C���s
���t��|�j�S�)z�
Get shutdown state
:return: The shutdown state, a bitvector of SENT_SHUTDOWN,
RECEIVED_SHUTDOWN.
)r:���ZSSL_get_shutdownr
��)r3���r!���r!���r"����
get_shutdownK��s����zConnection.get_shutdownc�������������C���s$���t�|t�std��t�|�j|��dS�)z�
Set shutdown state
:param state - bitvector of SENT_SHUTDOWN, RECEIVED_SHUTDOWN.
:return: None
zstate must be an integerN)rd���r
���rf���r:���ZSSL_set_shutdownr
��)r3����stater!���r!���r"����
set_shutdownT��s����
zConnection.set_shutdownc�������������C���s���t��t�|�j��S�)z�
Retrieve a verbose string detailing the state of the Connection.
:return: A string representing the state
:rtype: bytes
)rH���ry���r:���ZSSL_state_string_longr
��)r3���r!���r!���r"����get_state_string`��s����zConnection.get_state_stringc�������������C���sf���t��|�j�}|tjkrdS�t��|�jtjd�}|dks8t�td|�}t��|�j||��t�||�dd��S�)zi
Get a copy of the server hello nonce.
:return: A string representing the state
Nr���zunsigned char[]) r:����SSL_get_sessionr
��rH���ri���ZSSL_get_server_random�AssertionErrorr#��rZ���)r3����session�length�outpr!���r!���r"����
server_randomi��s����
zConnection.server_randomc�������������C���sf���t��|�j�}|tjkrdS�t��|�jtjd�}|dks8t�td|�}t��|�j||��t�||�dd��S�)zi
Get a copy of the client hello nonce.
:return: A string representing the state
Nr���zunsigned char[]) r:���rH��r
��rH���ri���ZSSL_get_client_randomrI��r#��rZ���)r3���rJ��rK��rL��r!���r!���r"����
client_randomx��s����
zConnection.client_randomc�������������C���sb���t��|�j�}|tjkrdS�t��|tjd�}|dks6t�td|�}t��|||��t�||�dd��S�)za
Get a copy of the master key.
:return: A string representing the state
Nr���zunsigned char[]) r:���rH��r
��rH���ri���ZSSL_SESSION_get_master_keyrI��r#��rZ���)r3���rJ��rK��rL��r!���r!���r"����
master_key���s����
zConnection.master_keyc�������������O���s���|�j�j||�S�)z_
See shutdown(2)
:return: What the socket's shutdown() method returns
)r
��r=��)r3���r}���r~���r!���r!���r"����
sock_shutdown���s����zConnection.sock_shutdownc�������������C���s8���t��|�j�}|tjkr4t�t�}t�|t�j�|_ |S�dS�)zi
Retrieve the other side's certificate (if any)
:return: The peer's certificate
N)
r:���ZSSL_get_peer_certificater
��rH���ri���r���r9���r����r����r;���)r3���rA����pycertr!���r!���r"����get_peer_certificate���s
����
z Connection.get_peer_certificatec�������������C���sp���t��|�j�}|tjkrdS�g�}xLtt��|��D�]:}t��t��||��}t �
t �}t�
|t�j
�|_
|�|��q.W�|S�)z�
Retrieve the other side's certificate (if any)
:return: A list of X509 instances giving the peer's certificate chain,
or None if it does not have one.
N)r:���ZSSL_get_peer_cert_chainr
��rH���ri���rA��Z
sk_X509_numr����Z
sk_X509_valuer���r9���r����r����r;���r?���)r3���Z
cert_stackrD���r?��rA���rQ��r!���r!���r"����get_peer_cert_chain���s����
z
Connection.get_peer_cert_chainc�������������C���s
���t��|�j�S�)z�
Checks if more data has to be read from the transport layer to complete
an operation.
:return: True iff more data has to be read
)r:���Z
SSL_want_readr
��)r3���r!���r!���r"���� want_read���s����zConnection.want_readc�������������C���s
���t��|�j�S�)z�
Checks if there is data to write to the transport layer to complete an
operation.
:return: True iff there is data to write
)r:���ZSSL_want_writer
��)r3���r!���r!���r"����
want_write���s����zConnection.want_writec�������������C���s���t��|�j��dS�)z�
Set the connection to work in server mode. The handshake will be
handled automatically by read/write.
:return: None
N)r:���ZSSL_set_accept_stater
��)r3���r!���r!���r"���r;�����s����zConnection.set_accept_statec�������������C���s���t��|�j��dS�)z�
Set the connection to work in client mode. The handshake will be
handled automatically by read/write.
:return: None
N)r:���r5��r
��)r3���r!���r!���r"���r9�����s����z
Connection.set_connect_statec�������������C���s8���t��|�j�}|tjkrdS�t�t�}t�|t�j�|_ |S�)z�
Returns the Session currently used.
@return: An instance of :py:class:`OpenSSL.SSL.Session` or
:py:obj:`None` if no session exists.
N)
r:���ZSSL_get1_sessionr
��rH���ri���r����r9���r����ZSSL_SESSION_free�_session)r3���rJ��Z pysessionr!���r!���r"����
get_session���s
����
zConnection.get_sessionc�������������C���s0���t�|t�std��t�|�j|j�}|s,t���dS�)z�
Set the session to be used when the TLS/SSL connection is established.
:param session: A Session instance representing the session to use.
:returns: None
z"session must be a Session instanceN)rd���r����rf���r:���ZSSL_set_sessionr
��rV��r5���)r3���rJ��rD���r!���r!���r"����
set_session���s
����
zConnection.set_sessionc�������������C���sR���t��dd�}||�j|d�}|dkr&dS�td|�}||�j||��t��||�dd��S�)a���
Helper to implement :py:meth:`get_finished` and
:py:meth:`get_peer_finished`.
:param function: Either :py:data:`SSL_get_finished`: or
:py:data:`SSL_get_peer_finished`.
:return: :py:data:`None` if the desired message has not yet been
received, otherwise the contents of the message.
:rtype: :py:class:`bytes` or :py:class:`NoneType`
zchar[]r���N)rH���rQ���r
��r#��rZ���)r3����function�emptyr����r����r!���r!���r"����_get_finished_message��s����
z Connection._get_finished_messagec�������������C���s
���|���tj�S�)a��
Obtain the latest `handshake finished` message sent to the peer.
:return: The contents of the message or :py:obj:`None` if the TLS
handshake has not yet completed.
:rtype: :py:class:`bytes` or :py:class:`NoneType`
)r[��r:���ZSSL_get_finished)r3���r!���r!���r"����
get_finished$��s����zConnection.get_finishedc�������������C���s
���|���tj�S�)a
��
Obtain the latest `handshake finished` message received from the peer.
:return: The contents of the message or :py:obj:`None` if the TLS
handshake has not yet completed.
:rtype: :py:class:`bytes` or :py:class:`NoneType`
)r[��r:���ZSSL_get_peer_finished)r3���r!���r!���r"����get_peer_finished.��s����z
Connection.get_peer_finishedc�������������C���s8���t��|�j�}|tjkrdS�t�t��|��}|�d�S�dS�)z�
Obtain the name of the currently used cipher.
:returns: The name of the currently used cipher or :py:obj:`None`
if no connection has been established.
:rtype: :py:class:`unicode` or :py:class:`NoneType`
Nzutf-8)r:����SSL_get_current_cipherr
��rH���ri���ry���ZSSL_CIPHER_get_namer����)r3����cipherr����r!���r!���r"����get_cipher_name8��s
����
zConnection.get_cipher_namec�������������C���s,���t��|�j�}|tjkrdS�t��|tj�S�dS�)a��
Obtain the number of secret bits of the currently used cipher.
:returns: The number of secret bits of the currently used cipher
or :py:obj:`None` if no connection has been established.
:rtype: :py:class:`int` or :py:class:`NoneType`
N)r:���r^��r
��rH���ri���ZSSL_CIPHER_get_bits)r3���r_��r!���r!���r"����get_cipher_bitsG��s����
zConnection.get_cipher_bitsc�������������C���s8���t��|�j�}|tjkrdS�t�t��|��}|�d�S�dS�)a��
Obtain the protocol version of the currently used cipher.
:returns: The protocol name of the currently used cipher
or :py:obj:`None` if no connection has been established.
:rtype: :py:class:`unicode` or :py:class:`NoneType`
Nzutf-8)r:���r^��r
��rH���ri���ry���ZSSL_CIPHER_get_versionr����)r3���r_���versionr!���r!���r"����get_cipher_versionU��s
����
z
Connection.get_cipher_versionc�������������C���s
���t��t�|�j��}|�d�S�)a?��
Obtain the protocol version of the current connection.
:returns: The TLS version of the current connection, for example
the value for TLS 1.2 would be ``TLSv1.2``or ``Unknown``
for connections that were not successfully established.
:rtype: :py:class:`unicode`
zutf-8)rH���ry���r:���ZSSL_get_versionr
��r����)r3���rb��r!���r!���r"����get_protocol_version_named��s���� z$Connection.get_protocol_version_namec�������������C���s���t��|�j�}|S�)z�
Obtain the protocol version of the current connection.
:returns: The TLS version of the current connection, for example
the value for TLS 1 would be 0x769.
:rtype: :py:class:`int`
)r:���Z
SSL_versionr
��)r3���rb��r!���r!���r"����get_protocol_versionp��s����
z Connection.get_protocol_versionc�������������C���s@���t��d�}t��d�}t�|�j||��t��|d�|d��dd��S�)z>
Get the protocol that was negotiated by NPN.
zunsigned char **zunsigned int *r���N)rH���rQ���r:���Z
SSL_get0_next_proto_negotiatedr
��rZ���)r3���rl����data_lenr!���r!���r"����get_next_proto_negotiated{��s����
z$Connection.get_next_proto_negotiatedc�������������C���s>���d��t�dd��|D����}t�d|�}t�|�j|t|���dS�)ah��
Specify the client's ALPN protocol list.
These protocols are offered to the server during protocol negotiation.
:param protos: A list of the protocols to be offered to the server.
This list should be a Python list of bytestrings representing the
protocols to offer, e.g. ``[b'http/1.1', b'spdy/2']``.
rJ���c�������������s���s
���|�]}t�t|��|fV��qd�S�)N)r
���rK���)rL���rM���r!���r!���r"���rN������s����z-Connection.set_alpn_protos.<locals>.<genexpr>zunsigned char[]N) rO���r���rP���rH���rQ���r:���ZSSL_set_alpn_protosr
��rK���)r3���rW���rX���r����r!���r!���r"���r�������s����
zConnection.set_alpn_protosc�������������C���sH���t��d�}t��d�}t�|�j||��|s,dS�t��|d�|d��dd��S�)z?
Get the protocol that was negotiated by ALPN.
zunsigned char **zunsigned int *rJ���r���N)rH���rQ���r:���ZSSL_get0_alpn_selectedr
��rZ���)r3���rl���rf��r!���r!���r"����get_alpn_proto_negotiated���s
����
z$Connection.get_alpn_proto_negotiatedc�������������C���s ���t��|�jt�j�}t|dk��dS�)a��
Called to request that the server sends stapled OCSP data, if
available. If this is not called on the client side then the server
will not send OCSP data. Should be used in conjunction with
:meth:`Context.set_ocsp_client_callback`.
r$���N)r:���ZSSL_set_tlsext_status_typer
��ZTLSEXT_STATUSTYPE_ocspr����)r3���r����r!���r!���r"����
request_ocsp���s����
zConnection.request_ocsp)N)r���)r���)N)NN)Cr
���r ���r ���r+���r���r=���r4���r��r��r��r��r��r��r��r��r ���writer"��r(���readr,��r.��r/��r0��r2��r3��r1��r4��r6��r8��r:��r<��r=��r@��rB��rC��r����r����rD��rF��rG��rM��rN��rO��rP��rR��rS��rT��rU��r;��r9��rW��rX��r[��r\��r]��r`��ra��rc��rd��re��r ��rg��r
��r����rh��ri��r!���r!���r!���r"���r<���G��sx���
1
)
$
)
"
r<���z:ConnectionType has been deprecated, use Connection instead)�r����r���sysr���� functoolsr���r���� itertoolsr���r����weakrefr���r��r���Zcryptography.utilsr ����sixr
���re���r
���r
���r
���Z
OpenSSL._utilr���r����r���Z_exception_from_error_queuer���rH���r���r:���r���Z
_make_assertr���r>��r���r����r���r����r���r#��ZOpenSSL.cryptor���r���r���r���r���r
���r)��r
���r*���objectrZ���r#���ZOPENSSL_VERSION_NUMBERZSSLEAY_VERSIONZ
SSLEAY_CFLAGSZSSLEAY_PLATFORMZ
SSLEAY_DIRZSSLEAY_BUILT_ONZSSL_SENT_SHUTDOWNZ
SENT_SHUTDOWNZSSL_RECEIVED_SHUTDOWNZRECEIVED_SHUTDOWNr���r��r��r��r��r��ZSSL_OP_NO_SSLv2Z
OP_NO_SSLv2ZSSL_OP_NO_SSLv3Z
OP_NO_SSLv3ZSSL_OP_NO_TLSv1Z
OP_NO_TLSv1ZSSL_OP_NO_TLSv1_1Z
OP_NO_TLSv1_1ZSSL_OP_NO_TLSv1_2Z
OP_NO_TLSv1_2ZSSL_MODE_RELEASE_BUFFERSZMODE_RELEASE_BUFFERSZSSL_OP_SINGLE_DH_USEZOP_SINGLE_DH_USEZSSL_OP_SINGLE_ECDH_USEZOP_SINGLE_ECDH_USEZSSL_OP_EPHEMERAL_RSAZOP_EPHEMERAL_RSAZ
SSL_OP_MICROSOFT_SESS_ID_BUGZOP_MICROSOFT_SESS_ID_BUGZ
SSL_OP_NETSCAPE_CHALLENGE_BUGZOP_NETSCAPE_CHALLENGE_BUGZ'SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUGZ#OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUGZ"SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUGZ
OP_SSLREF2_REUSE_CERT_TYPE_BUGZ!SSL_OP_MICROSOFT_BIG_SSLV3_BUFFERZ
OP_MICROSOFT_BIG_SSLV3_BUFFERZ
SSL_OP_MSIE_SSLV2_RSA_PADDINGZOP_MSIE_SSLV2_RSA_PADDINGZ SSL_OP_SSLEAY_080_CLIENT_DH_BUGZOP_SSLEAY_080_CLIENT_DH_BUGZSSL_OP_TLS_D5_BUGZ
OP_TLS_D5_BUGZ
SSL_OP_TLS_BLOCK_PADDING_BUGZOP_TLS_BLOCK_PADDING_BUGZ"SSL_OP_DONT_INSERT_EMPTY_FRAGMENTSZ
OP_DONT_INSERT_EMPTY_FRAGMENTSZ SSL_OP_CIPHER_SERVER_PREFERENCEZOP_CIPHER_SERVER_PREFERENCEZSSL_OP_TLS_ROLLBACK_BUGZOP_TLS_ROLLBACK_BUGZSSL_OP_PKCS1_CHECK_1ZOP_PKCS1_CHECK_1ZSSL_OP_PKCS1_CHECK_2ZOP_PKCS1_CHECK_2ZSSL_OP_NETSCAPE_CA_DN_BUGZOP_NETSCAPE_CA_DN_BUGZ&SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUGZ"OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUGZSSL_OP_NO_COMPRESSIONZOP_NO_COMPRESSIONZSSL_OP_NO_QUERY_MTUZOP_NO_QUERY_MTUZSSL_OP_COOKIE_EXCHANGEZOP_COOKIE_EXCHANGEZSSL_OP_NO_TICKETZ
OP_NO_TICKETZ
SSL_OP_ALLZOP_ALLZSSL_VERIFY_PEERZ
VERIFY_PEERZ SSL_VERIFY_FAIL_IF_NO_PEER_CERTZVERIFY_FAIL_IF_NO_PEER_CERTZSSL_VERIFY_CLIENT_ONCEZVERIFY_CLIENT_ONCEZSSL_VERIFY_NONEZ
VERIFY_NONEZSSL_SESS_CACHE_OFFZSESS_CACHE_OFFZSSL_SESS_CACHE_CLIENTZSESS_CACHE_CLIENTZSSL_SESS_CACHE_SERVERZSESS_CACHE_SERVERZSSL_SESS_CACHE_BOTHZSESS_CACHE_BOTHZ
SSL_SESS_CACHE_NO_AUTO_CLEARZSESS_CACHE_NO_AUTO_CLEARZ!SSL_SESS_CACHE_NO_INTERNAL_LOOKUPZ
SESS_CACHE_NO_INTERNAL_LOOKUPZ SSL_SESS_CACHE_NO_INTERNAL_STOREZ
SESS_CACHE_NO_INTERNAL_STOREZSSL_SESS_CACHE_NO_INTERNALZSESS_CACHE_NO_INTERNALZSSL_ST_CONNECTZ
SSL_ST_ACCEPTZ
SSL_ST_MASKZCryptography_HAS_SSL_STZ
SSL_ST_INITZ
SSL_ST_BEFOREZ SSL_ST_OKZSSL_ST_RENEGOTIATEZ
SSL_CB_LOOPZ
SSL_CB_EXITZ
SSL_CB_READZ
SSL_CB_WRITEZ
SSL_CB_ALERTZSSL_CB_READ_ALERTZSSL_CB_WRITE_ALERTZSSL_CB_ACCEPT_LOOPZSSL_CB_ACCEPT_EXITZSSL_CB_CONNECT_LOOPZSSL_CB_CONNECT_EXITZSSL_CB_HANDSHAKE_STARTZSSL_CB_HANDSHAKE_DONEr����r����r����r����r>���r*���r5���r����r,���r-���r.���r/���r0���r1���r8���rI���rY���rc���rh���rn���rx���rz���r����Z
Cryptography_HAS_NEXTPROTONEGr ��ZCryptography_HAS_ALPNr
��Z Cryptography_HAS_TLSEXT_HOSTNAMEr��r����r����r
����DeprecationWarningZ
ContextTyper<���ZConnectionTypeZSSL_library_initr!���r!���r!���r"����<module>���s*��
,
&)13H;
�����w������x