vKgsV%SSKJr SSKrSSKrSSKrSSKrSSKJr SSKJ r SSK J r J r SSK JrJr SSKJr SSKJrJrJrJr SS KJr SS KJr SS KJr SS KJr SS KJr SSKJ!r" SSKJ#r$ SSKJ%r& SSKJ'r( SSKJ)r* SSKJ+r, SSK-J.r.J/r/J0r0J1r1J2r2J3r3J4r4J5r5 /SQr6\$Rnr7S\8S'\$Rrr9S\8S'\$Rtr:S\8S'\$Rvr;S\8S'\$Rxr\:r?\;r@\r?r1r3r6r8rAr2r4r@rCrBr0r.rDr=r5r7r9r:r/r;OP_NO_RENEGOTIATIONOP_IGNORE_UNEXPECTED_EOFOP_LEGACY_SERVER_CONNECTr-rormrlrnrMrHrNrGrIrKrLrJrcrbrdr]rZr^r`rWr_rarVrUrYrXr\r[_Tc\rSrSrSrg)_NoOverlappingProtocolsiN__name__ __module__ __qualname____firstlineno____static_attributes__rK/var/www/highfloat_scraper/venv/lib/python3.13/site-packages/OpenSSL/SSL.pyrrrrrpcp\rSrSrSr\R r\Rr \Rr \Rr \Rr\R r\R$r\R(r\R,r\R0r\R4r\R8r\R<r\R@r!\RDr#\RHr%\RLr'\RPr)\RTr+\RXr-\R\r/\R`r1\Rdr3\Rhr5\Rlr7\Rpr9\Rtr;\Rxr=\R|r?\RrA\RrC\RrE\RrG\RrI\RrK\RrM\RrO\RrQ\RrS\RrU\RrW\RrY\Rr[\Rr]\Rr_\Rra\Rrc\Rre\Rrg\Rri\Rrk\Rrm\Rro\Rrq\Rrs\Rru\RrwSrxg)ri0a@ Success and error codes for X509 verification, as returned by the underlying ``X509_STORE_CTX_get_error()`` function and passed by pyOpenSSL to verification callback functions. See `OpenSSL Verification Errors `_ for details. rN)yrrrr__doc___lib X509_V_OKOK$X509_V_ERR_UNABLE_TO_GET_ISSUER_CERTERR_UNABLE_TO_GET_ISSUER_CERTX509_V_ERR_UNABLE_TO_GET_CRLERR_UNABLE_TO_GET_CRL+X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE$ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE*X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE#ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE-X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY&ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY!X509_V_ERR_CERT_SIGNATURE_FAILUREERR_CERT_SIGNATURE_FAILURE X509_V_ERR_CRL_SIGNATURE_FAILUREERR_CRL_SIGNATURE_FAILUREX509_V_ERR_CERT_NOT_YET_VALIDERR_CERT_NOT_YET_VALIDX509_V_ERR_CERT_HAS_EXPIREDERR_CERT_HAS_EXPIREDX509_V_ERR_CRL_NOT_YET_VALIDERR_CRL_NOT_YET_VALIDX509_V_ERR_CRL_HAS_EXPIREDERR_CRL_HAS_EXPIRED)X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD"ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD(X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD!ERR_ERROR_IN_CERT_NOT_AFTER_FIELD)X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD"ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD)X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD"ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELDX509_V_ERR_OUT_OF_MEMERR_OUT_OF_MEM&X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERTERR_DEPTH_ZERO_SELF_SIGNED_CERT$X509_V_ERR_SELF_SIGNED_CERT_IN_CHAINERR_SELF_SIGNED_CERT_IN_CHAIN,X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY%ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY*X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE#ERR_UNABLE_TO_VERIFY_LEAF_SIGNATUREX509_V_ERR_CERT_CHAIN_TOO_LONGERR_CERT_CHAIN_TOO_LONGX509_V_ERR_CERT_REVOKEDERR_CERT_REVOKEDX509_V_ERR_INVALID_CAERR_INVALID_CAX509_V_ERR_PATH_LENGTH_EXCEEDEDERR_PATH_LENGTH_EXCEEDEDX509_V_ERR_INVALID_PURPOSEERR_INVALID_PURPOSEX509_V_ERR_CERT_UNTRUSTEDERR_CERT_UNTRUSTEDX509_V_ERR_CERT_REJECTEDERR_CERT_REJECTED"X509_V_ERR_SUBJECT_ISSUER_MISMATCHERR_SUBJECT_ISSUER_MISMATCHX509_V_ERR_AKID_SKID_MISMATCHERR_AKID_SKID_MISMATCH&X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCHERR_AKID_ISSUER_SERIAL_MISMATCHX509_V_ERR_KEYUSAGE_NO_CERTSIGNERR_KEYUSAGE_NO_CERTSIGN#X509_V_ERR_UNABLE_TO_GET_CRL_ISSUERERR_UNABLE_TO_GET_CRL_ISSUER'X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION ERR_UNHANDLED_CRITICAL_EXTENSIONX509_V_ERR_KEYUSAGE_NO_CRL_SIGNERR_KEYUSAGE_NO_CRL_SIGN+X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION$ERR_UNHANDLED_CRITICAL_CRL_EXTENSIONX509_V_ERR_INVALID_NON_CAERR_INVALID_NON_CA%X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDEDERR_PROXY_PATH_LENGTH_EXCEEDED(X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE!ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE)X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED"ERR_PROXY_CERTIFICATES_NOT_ALLOWEDX509_V_ERR_INVALID_EXTENSIONERR_INVALID_EXTENSION#X509_V_ERR_INVALID_POLICY_EXTENSIONERR_INVALID_POLICY_EXTENSIONX509_V_ERR_NO_EXPLICIT_POLICYERR_NO_EXPLICIT_POLICYX509_V_ERR_DIFFERENT_CRL_SCOPEERR_DIFFERENT_CRL_SCOPE(X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE!ERR_UNSUPPORTED_EXTENSION_FEATUREX509_V_ERR_UNNESTED_RESOURCEERR_UNNESTED_RESOURCEX509_V_ERR_PERMITTED_VIOLATIONERR_PERMITTED_VIOLATIONX509_V_ERR_EXCLUDED_VIOLATIONERR_EXCLUDED_VIOLATIONX509_V_ERR_SUBTREE_MINMAXERR_SUBTREE_MINMAX&X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPEERR_UNSUPPORTED_CONSTRAINT_TYPE(X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX!ERR_UNSUPPORTED_CONSTRAINT_SYNTAX"X509_V_ERR_UNSUPPORTED_NAME_SYNTAXERR_UNSUPPORTED_NAME_SYNTAX$X509_V_ERR_CRL_PATH_VALIDATION_ERRORERR_CRL_PATH_VALIDATION_ERRORX509_V_ERR_HOSTNAME_MISMATCHERR_HOSTNAME_MISMATCHX509_V_ERR_EMAIL_MISMATCHERR_EMAIL_MISMATCHX509_V_ERR_IP_ADDRESS_MISMATCHERR_IP_ADDRESS_MISMATCH#X509_V_ERR_APPLICATION_VERIFICATIONERR_APPLICATION_VERIFICATIONrrrrrr0s B$($M$M! == 88) 77( ::+"&!G!G $ E E!??;; ==99 66' 55& 66' 66'//N 33$%)$M$M! 99* 77(#AA33//N#CC997755"&"I"I!?? 33$ $CC#'#K#K  44% $CC 88)77%)%O%O" 55& 66'!==#'#K#K !??"AA 55&!=="AA!??77 33$ 55&#'"I"I$($M$M! ==77"AA#'#K#K rr)z"/etc/ssl/certs/ca-certificates.crtz /etc/pki/tls/certs/ca-bundle.crtz/etc/ssl/ca-bundle.pemz/etc/pki/tls/cacert.pemz1/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pemz/etc/ssl/certss$/opt/pyca/cryptography/openssl/certss'/opt/pyca/cryptography/openssl/cert.pemc\rSrSrSrSrg)rriz, An error occurred in an `OpenSSL.SSL` API. rN)rrrrrrrrrrrrrsrrrc\rSrSrSrg)rirNrrrrrrrrrc\rSrSrSrg)rirNrrrrrrrrrc\rSrSrSrg)rirNrrrrrrrrrc\rSrSrSrg)rirNrrrrrrrrrc\rSrSrSrg)r|irNrrrrr|r|rrr|c,\rSrSrSrSSjrSSjrSrg)_CallbackExceptionHelperia A base class for wrapper classes that allow for intelligent exception handling in OpenSSL callbacks. :ivar list _problems: Any exceptions that occurred while executing in a context where they could not be raised in the normal way. Typically this is because OpenSSL has called into some Python code and requires a return value. The exceptions are saved to be raised later when it is possible to do so. c/UlgN _problemsselfs r__init__!_CallbackExceptionHelper.__init__s *,rcUR(a&[5 URRS5eg![a N(f=f)zi Raise an exception from the OpenSSL error queue or that was previously captured whe running a callback. rN)r _raise_current_errorrrpopr!s rraise_if_problem)_CallbackExceptionHelper.raise_if_problemsF >> $&..$$Q' '   s 9 AArNreturnNone)rrrrrr#r(rrrrrrs - (rrc"\rSrSrSrSSjrSrg) _VerifyHelperizR Wrap a callback such that it can be used as a certificate verification callback. c^^[RT5 [T5UU4Sj5n[R"SU5Tlg)Nc2>[R"U5n[R"U5 [R"U5n[R "U5n[R "U5n[R"5n[R"X5n[RUnT "XXEU5n U (a&[R"U[R5 gg![a%n T RRU 5 Sn A gSn A ff=f)Nr)rX509_STORE_CTX_get_current_cert X509_up_refr_from_raw_x509_ptrX509_STORE_CTX_get_errorX509_STORE_CTX_get_error_depth"SSL_get_ex_data_X509_STORE_CTX_idxX509_STORE_CTX_get_ex_datarp_reverse_mappingX509_STORE_CTX_set_errorr Exceptionr append) ok store_ctxrcert error_number error_depthindexssl connectionresultecallbackr"s rwrapper'_VerifyHelper.__init__..wrappers77 BD   T "**40D88CL==iHK;;=E11)CC#44S9J !l11)T^^L %%a( s/ C'' D1DDzint (*)(int, X509_STORE_CTX *)rr#r_ffirGr"rGrHs`` rr#_VerifyHelper.__init__s> ))$/ x   2 ,g  rrGN)rG_VerifyCallbackr+r,rrrrrr#rrrrr.r.s   rr.c"\rSrSrSrSSjrSrg)_ALPNSelectHelperizI Wrap a callback such that it can be used as an ALPN selection callback. c^^[RT5 [T5UU4Sj5n[R"SU5Tlg)Nc>[RUn[R"X45SSn/nU(a.USn USU S-n UR U 5 XyS-SnU(aM.T"Xh5n Sn U [ LaSn Sn O [ U [5(d [S5e[R"S[U 55[R"SU 5/Ul URSSUS'URSUS'U (d[R$[R$![a5n TR R U 5 [R"sSn A $Sn A ff=f) Nrr1TrFz^ALPN callback must return a bytestring or the special NO_OVERLAPPING_PROTOCOLS sentinel value.zunsigned char *unsigned char[])rpr9rKbufferr<r& isinstancebytes TypeErrornewlen_alpn_select_callback_argsrSSL_TLSEXT_ERR_NOACKSSL_TLSEXT_ERR_OKr;r SSL_TLSEXT_ERR_ALERT_FATAL)rCoutoutlenin_inlenargconninstr protolist encoded_lenprotooutbytes any_acceptedrFrGr"s rrH+_ALPNSelectHelper.__init__..wrappers\( 7!2237  C/2 "'(K!!kAo6E$$U+!/"34E e$D4# 77"H#(L#He44#KHH.H >HH.93/!;;A>qAq 88;A#444--- 7%%a(666 7s+A!D(&B1D(D(( E'2*E"E'"E'z^int (*)(SSL *, unsigned char **, unsigned char *, const unsigned char *, unsigned int, void *)rJrLs`` rr#_ALPNSelectHelper.__init__sD ))$/ x) 7 ) 7V ?    rrNNrG_ALPNSelectCallbackr+r,rPrrrrRrRs 5 rrRc"\rSrSrSrSSjrSrg)_OCSPServerCallbackHelperiLa Wrap a callback such that it can be used as an OCSP callback for the server side. Annoyingly, OpenSSL defines one OCSP callback but uses it in two different ways. For servers, that callback is expected to retrieve some OCSP data and hand it to OpenSSL, and may return only SSL_TLSEXT_ERR_OK, SSL_TLSEXT_ERR_FATAL, and SSL_TLSEXT_ERR_NOACK. For clients, that callback is expected to check the OCSP data, and returns a negative value on error, 0 if the response is not acceptable, or positive if it is. These are mutually exclusive return code behaviours, and they mean that we need two helpers so that we always return an appropriate error code if the user's code throws an exception. Given that we have to have two helpers anyway, these helpers are a bit more helpery than most: specifically, they hide a few more of the OpenSSL functions so that the user has an easier time writing these callbacks. This helper implements the server side. c^^[RT5 [T5UU4Sj5n[R"SU5Tlg)Nc>[RUnU[R:wa[R"U5nOSnT"X#5n[ U[ 5(d [S5eU(dg[U5n[R"U5nU[R"Xe5SS&[R"XU5 g![a%nT RRU5 SnAgSnAff=f)Nz'OCSP callback must return a bytestring.rr)rpr9rKNULL from_handlerWrXrYr[rOPENSSL_mallocrVSSL_set_tlsext_status_ocsp_respr;r r<) rCcdataredata ocsp_dataocsp_data_lengthdata_ptrrFrGr"s rrH3_OCSPServerCallbackHelper.__init__..wrapperes# !2237DII%++E2DD%T0 !)U33#$MNN !$'y> ../?@=F H7:44#3 %%a( sA/C3AC C4C//C4int (*)(SSL *, void *)rJrLs`` rr#"_OCSPServerCallbackHelper.__init__bs= ))$/ x$  $ L &>H rrNN)rGz_OCSPServerCallback[Any]r+r,rPrrrrqrqLs **Irrqc"\rSrSrSrSSjrSrg)_OCSPClientCallbackHelperia Wrap a callback such that it can be used as an OCSP callback for the client side. Annoyingly, OpenSSL defines one OCSP callback but uses it in two different ways. For servers, that callback is expected to retrieve some OCSP data and hand it to OpenSSL, and may return only SSL_TLSEXT_ERR_OK, SSL_TLSEXT_ERR_FATAL, and SSL_TLSEXT_ERR_NOACK. For clients, that callback is expected to check the OCSP data, and returns a negative value on error, 0 if the response is not acceptable, or positive if it is. These are mutually exclusive return code behaviours, and they mean that we need two helpers so that we always return an appropriate error code if the user's code throws an exception. Given that we have to have two helpers anyway, these helpers are a bit more helpery than most: specifically, they hide a few more of the OpenSSL functions so that the user has an easier time writing these callbacks. This helper implements the client side. c^^[RT5 [T5UU4Sj5n[R"SU5Tlg)Nc>[RUnU[R:wa[R"U5nOSn[R "S5n[ R"X5nUS:aSnO[R"USU5SSnT "X&U5n[[U55$![a%nT RRU5 SnAgSnAff=f)Nunsigned char **rr)rpr9rKrurvrZrSSL_get_tlsext_status_ocsp_resprVrboolr;r r<) rCryrerzocsp_ptrocsp_lenr{validrFrGr"s rrH3_OCSPClientCallbackHelper.__init__..wrappers !2237DII%++E2DD 88$67??Na< #I!% HQK B1 EI $74;'' %%a( sB.B22 C!<CC!rrJrLs`` rr#"_OCSPClientCallbackHelper.__init__s< ))$/ x   < &>H rrNN)rGz_OCSPClientCallback[Any]r+r,rPrrrrrs *"Irrc\rSrSrSSjrSrg)_CookieGenerateCallbackHelperic^^[RT5 [T5UU4Sj5n[R"SU5Tlg)Nc>[RUnT"U5nXAS[U5&[U5US'g![a%nTRR U5 SnAgSnAff=f)Nrr1)rpr9r[r;r r<)rCr`rarecookierFrGr"s rrH7_CookieGenerateCallbackHelper.__init__..wrappersd !2237!$'-AF $Kq  %%a( s6: A)A$$A)z/int (*)(SSL *, unsigned char *, unsigned int *)rJrLs`` rr#&_CookieGenerateCallbackHelper.__init__s? ))$/ x    =   rrNNrG_CookieGenerateCallbackr+r,rrrrr#rrrrrrs rrc\rSrSrSSjrSrg)_CookieVerifyCallbackHelperic^^[RT5 [T5UU4Sj5n[R"SU5Tlg)Nc>[RUnT"U[USU55$![a%nTRR U5 SnAgSnAff=fNr)rpr9rXr;r r<)rCc_cookie cookie_lenrerFrGr"s rrH5_CookieVerifyCallbackHelper.__init__..wrappersV !2237eHQz,B&CDD %%a( s'+ AAAz-int (*)(SSL *, unsigned char *, unsigned int)rJrLs`` rr#$_CookieVerifyCallbackHelper.__init__s? ))$/ x    ;   rrNNrG_CookieVerifyCallbackr+r,rrrrrrs rrcSn[U[5(d[USS5nUbU"5n[U[5(aUn[U[5(d [S5eUS:a[ SUSS35eU$)Nfilenoz3argument must be an int, or have a fileno() method.rz.file descriptor cannot be a negative integer (i))rWrgetattrrY ValueError)objfdmeths r_asFileDescriptorrs B c3  sHd+  &C#s  b#  MNN aT(d[U5U4Sj5nU$U$)Nc>[T5erNotImplementedError)argskwargserrors rexplode<_make_requires.._requires_decorator..explode"s)%00r)r)funcrrflags r_requires_decorator+_make_requires.._requires_decorators( 4[ 1 1NKrr)rrrs`` r_make_requiresrs  rCryptography_HAS_KEYLOGzKey logging not availablec$\rSrSr%SrS\S'Srg)r{i2z A class representing an SSL session. A session defines certain connection parameters which may be re-used to speed up the setup of subsequent connections. .. versionadded:: 0.14 r _sessionrN)rrrrr__annotations__rrrrr{r{2sMrr{c\rSrSr%Sr\\RS4\\R\ 4\ \R\ 4\ \R\ 4\\RS4\\R S4\\R$S4\\R(S4\\R,S4\\R0S40 rS\S'S7SjrS8SjrS8SjrS9S:S jjrS;S jrS9SS jr"S?Sjr#S@Sjr$\%4SASjjr&SBSjr'SCSjr(S=Sjr)\%4SDSjjr*SESjr+S=Sjr,SFSjr-SGSjr.SHSjr/SISjr0S9SJSjjr1SKSjr2SISjr3SISjr4SLSjr5SMS jr6SNS!jr7SOS"jr8SPS#jr9SQS$jr:SIS%jr;SRS&jr<\=SSS'j5r>STS(jr?SUS)jr@SVS*jrASWS+jrBSHS,jrCSXS-jrDSYS.jrESZS/jrFS[S0jrGS\S1jrHS9S]S2jjrIS9S^S3jjrJS_S4jrKS`S5jrLS6rMg)arqi>aY :class:`OpenSSL.SSL.Context` instances define the parameters for setting up new SSL connections. :param method: One of TLS_METHOD, TLS_CLIENT_METHOD, TLS_SERVER_METHOD, DTLS_METHOD, DTLS_CLIENT_METHOD, or DTLS_SERVER_METHOD. SSLv23_METHOD, TLSv1_METHOD, etc. are deprecated and should not be used. Nz@typing.ClassVar[dict[int, tuple[Callable[[], Any], int | None]]]_methodsc[U[5(d [S5eURUup#U"5n[ U[R:g5 [R"U5n[ U[R:g5 [R"U[R5nXPl SUlSUlSUlSUlSUlSUlSUlSUlSUlSUlSUlSUlSUlSUlSUlSUlUR=[R>5 Ub#URAU5 URCU5 gg![a [ S5ef=f)Nzmethod must be an integerzNo such protocol)"rWrrYrKeyErrorr_openssl_assertrKrur SSL_CTX_newgc SSL_CTX_free_context_passphrase_helper_passphrase_callback_passphrase_userdata_verify_helper_verify_callback_info_callback_keylog_callback_tlsext_servername_callback _app_data_alpn_select_helper_alpn_select_callback _ocsp_helper_ocsp_callback _ocsp_data_cookie_generate_helper_cookie_verify_helperset_modeSSL_MODE_ENABLE_PARTIAL_WRITEset_min_proto_versionset_max_proto_version)r"method method_funcversion method_objcontexts rr#Context.__init__Xso&#&&78 8 1#'==#8 K!]  dii/0"":.499,-'''4#4#45 <@EI!04!488<" $+/(=A AE"    '+  $JN" d889    & &w /  & &w / G 1/0 0 1s E))E?c^[[R"URU5S:H5 g)a Set the minimum supported protocol version. Setting the minimum version to 0 will enable protocol versions down to the lowest version supported by the library. If the underlying OpenSSL build is missing support for the selected version, this method will raise an exception. r1N)rrSSL_CTX_set_min_proto_versionrr"rs rrContext.set_min_proto_version%   . .t}}g F! K rc^[[R"URU5S:H5 g)a Set the maximum supported protocol version. Setting the maximum version to 0 will enable protocol versions up to the highest version supported by the library. If the underlying OpenSSL build is missing support for the selected version, this method will raise an exception. r1N)rrSSL_CTX_set_max_proto_versionrrs rrContext.set_max_proto_versionrrcUc[RnO [U5nUc[RnO [U5n[R"UR X5nU(d [ 5 gg)a Let SSL know where we can find trusted certificates for the certificate chain. Note that the certificates have to be in PEM format. If capath is passed, it must be a directory prepared using the ``c_rehash`` tool included with OpenSSL. Either, but not both, of *pemfile* or *capath* may be :data:`None`. :param cafile: In which file we can find the certificates (``bytes`` or ``str``). :param capath: In which directory we can find the certificates (``bytes`` or ``str``). :return: None N)rKru _path_bytesrSSL_CTX_load_verify_locationsrr&)r"cafilecapath load_results rload_verify_locationsContext.load_verify_locationss]( >YYF (F >YYF (F88 MM6  "rcT^^[T5SUU4Sjj5n[[USSS9$)Nc*>T"XTR5$r)r)sizeverifyuserdatarGr"s rrH'Context._wrap_callback..wrappersD$*C*CD DrT) more_argstruncate)rrrrrr r+rX)rr rrLs`` r_wrap_callbackContext._wrap_callbacks5 x E  E! 'TD  rc[U5(d [S5eURU5UlURRUl[ R"URUR 5 X l g)ar Set the passphrase callback. This function will be called when a private key with a passphrase is loaded. :param callback: The Python callback to use. This must accept three positional arguments. First, an integer giving the maximum length of the passphrase it may return. If the returned passphrase is longer than this, it will be truncated. Second, a boolean value which will be true if the user should be prompted for the passphrase twice and the callback should verify that the two values supplied are equal. Third, the value given as the *userdata* parameter to :meth:`set_passwd_cb`. The *callback* must return a byte string. If an error occurs, *callback* should return a false value (e.g. an empty string). :param userdata: (optional) A Python object which will be given as argument to the callback :return: None callback must be callableN) callablerYrrrGrrSSL_CTX_set_default_passwd_cbrr)r"rGrs r set_passwd_cbContext.set_passwd_cbsg.!!78 8"&"5"5h"?$($;$;$D$D! ** MM444 %-!rcr[R"UR5n[US:H5 [R "[R "55RS5n[R "[R"55RS5nURX#5(d[R "[R"55n[R "[R"55nU[:Xa&U[:XaUR[[ 5 gggg)aw Specify that the platform provided CA certificates are to be used for verification purposes. This method has some caveats related to the binary wheels that cryptography (pyOpenSSL's primary dependency) ships: * macOS will only load certificates using this method if the user has the ``openssl@1.1`` `Homebrew `_ formula installed in the default location. * Windows will not work. * manylinux cryptography wheels will work on most common Linux distributions in pyOpenSSL 17.1.0 and above. pyOpenSSL detects the manylinux wheel and attempts to load roots via a fallback path. :return: None r1asciiN)r SSL_CTX_set_default_verify_pathsrrrKrX509_get_default_cert_dir_envdecodeX509_get_default_cert_file_env_check_env_vars_setX509_get_default_cert_dirX509_get_default_cert_file_CRYPTOGRAPHY_MANYLINUX_CA_DIR_CRYPTOGRAPHY_MANYLINUX_CA_FILE_fallback_default_verify_paths_CERTIFICATE_FILE_LOCATIONS_CERTIFICATE_PATH_LOCATIONS)r" set_result dir_env_var file_env_var default_dir default_files rset_default_verify_paths Context.set_default_verify_pathss(::4==I  a( kk$"D"D"FGNN  {{  / / 1 &/ '' BB++d&D&D&FGK;;t'F'F'HIL == $CC33/1LD>Crc[RRU5SL=(d! [RRU5SL$)zX Check to see if the default cert dir/file environment vars are present. :return: bool N)osenvironget)r"rrs rr Context._check_env_vars_sets8 JJNN< ( 4 7zz~~k*$6 rcUH:n[RRU5(dM)URU5 O UH;n[RR U5(dM)URSU5 g g)a Default verify paths are based on the compiled version of OpenSSL. However, when pyca/cryptography is compiled as a manylinux wheel that compiled location can potentially be wrong. So, like Go, we will try a predefined set of paths and attempt to load roots from there. :return: None N)rpathisfilerisdir)r" file_pathdir_pathrrs rr&Context._fallback_default_verify_paths*sd Fww~~f%%**62 Fww}}V$$**48rc[U5n[R"URU5nU(d [ 5 gg)z Load a certificate chain from a file. :param certfile: The name of the certificate chain file (``bytes`` or ``str``). Must be PEM encoded. :return: None N)rr"SSL_CTX_use_certificate_chain_filerr&)r"certfilerEs ruse_certificate_chain_file"Context.use_certificate_chain_file@s7x(88 MM8  "rc[U5n[U[5(d [S5e[R "UR X5nU(d [5 gg)a$ Load a certificate from a file :param certfile: The name of the certificate file (``bytes`` or ``str``). :param filetype: (optional) The encoding of the file, which is either :const:`FILETYPE_PEM` or :const:`FILETYPE_ASN1`. The default is :const:`FILETYPE_PEM`. :return: None filetype must be an integerN)rrWrrYrSSL_CTX_use_certificate_filerr&)r"r*filetype use_results ruse_certificate_fileContext.use_certificate_fileQsPx((C((9: :66 MM8  "rc [U[5(d[R"U5nO[R"S[ SS9 [ R"URUR5nU(d [5 ggzS Load a certificate from a X509 object :param cert: The X509 object :return: None ePassing pyOpenSSL X509 objects is deprecated. You should use a cryptography.x509.Certificate instead.rt stacklevelN) rWrfrom_cryptographywarningswarnDeprecationWarningrSSL_CTX_use_certificater_x509r&r"r?r1s ruse_certificateContext.use_certificateise$%%))$/D MMJ#  11$--L  "rcb[U[5(d[R"U5nO[R"S[ SS9 [ R"UR5n[ R"URU5nU(d![ R"U5 [5 gg)zi Add certificate to chain :param certobj: The X509 certificate object to add to the chain :return: None r6rtr7N) rWrr9r:r;r<rX509_dupr>SSL_CTX_add_extra_chain_certr X509_freer&)r"certobjcopy add_results radd_extra_chain_certContext.add_extra_chain_certs'4((,,W5G MMJ#  }}W]]+66t}}dK  NN4 "rcpURbURR[5 [5 gr)rr(rrr&r!s r_raise_passphrase_exception#Context._raise_passphrase_exceptions(  " " .  # # 4 4U ;rc[U5n[U[5(d [S5e[R "UR X5nU(dUR5 gg)a Load a private key from a file :param keyfile: The name of the key file (``bytes`` or ``str``) :param filetype: (optional) The encoding of the file, which is either :const:`FILETYPE_PEM` or :const:`FILETYPE_ASN1`. The default is :const:`FILETYPE_PEM`. :return: None r.N)rrWrrYrSSL_CTX_use_PrivateKey_filerrL)r"keyfiler0r1s ruse_privatekey_fileContext.use_privatekey_filesVg&(C((9: :55 MM7   , , .rc[U[5(d[R"U5nO[R"S[ SS9 [ R"URUR5nU(dUR5 ggzS Load a private key from a PKey object :param pkey: The PKey object :return: None z`Passing pyOpenSSL PKey objects is deprecated. You should use a cryptography private key instead.rtr7N) rWrfrom_cryptography_keyr:r;r<rSSL_CTX_use_PrivateKeyr_pkeyrLr"pkeyr1s ruse_privatekeyContext.use_privatekeysk$%%--d3D MME#  00 K   , , .rcd[R"UR5(d [5 gg)z Check if the private key (loaded with :meth:`use_privatekey`) matches the certificate (loaded with :meth:`use_certificate`) :return: :data:`None` (raises :exc:`Error` if something's wrong) N)rSSL_CTX_check_private_keyrr&r!s rcheck_privatekeyContext.check_privatekeys$--dmm<< "=rc[R"[SU55n[U[R :g5 [R "URU5 g)z Load the trusted certificates that will be sent to the client. Does not actually imply any of the certificates are trusted; that must be configured separately. :param bytes cafile: The path to a certificates file in PEM format. :return: None rN)rSSL_load_client_CA_file_text_to_bytes_and_warnrrKruSSL_CTX_set_client_CA_listr)r"rca_lists rload_client_caContext.load_client_casE.. #Hf 5  499,- '' w?rc [SU5n[[R"URU[ U55S:H5 g)a Set the session id to *buf* within which a session can be reused for this Context object. This is needed when doing session resumption, because there is no way for a stored session to know which Context object it is associated with. :param bytes buf: The session id. :returns: None bufr1N)rbrrSSL_CTX_set_session_id_contextrr[)r"rhs rset_session_idContext.set_session_ids:&eS1  / / sCH M  rc[U[5(d [S5e[R"UR U5$)aN Set the behavior of the session cache used by all connections using this Context. The previously set mode is returned. See :const:`SESS_CACHE_*` for details about particular modes. :param mode: One or more of the SESS_CACHE_* flags (combine using bitwise or) :returns: The previously set caching mode. .. versionadded:: 0.14 mode must be an integer)rWrrYrSSL_CTX_set_session_cache_moderr"modes rset_session_cache_modeContext.set_session_cache_modes4$$$56 6224==$GGrcB[R"UR5$)zg Get the current session cache mode. :returns: The currently used cache mode. .. versionadded:: 0.14 )rSSL_CTX_get_session_cache_moderr!s rget_session_cache_modeContext.get_session_cache_mode s224==AArc[U[5(d [S5eUc?SUlSUl[ R "URU[R5 g[U5(d [S5e[U5UlURRUl[ R "URXR5 g)aZ Set the verification flags for this Context object to *mode* and specify that *callback* should be used for verification callbacks. :param mode: The verify mode, this should be one of :const:`VERIFY_NONE` and :const:`VERIFY_PEER`. If :const:`VERIFY_PEER` is used, *mode* can be OR:ed with :const:`VERIFY_FAIL_IF_NO_PEER_CERT` and :const:`VERIFY_CLIENT_ONCE` to further control the behaviour. :param callback: The optional Python verification callback to use. This should take five arguments: A Connection object, an X509 object, and three integer variables, which are in turn potential error number, error depth and return code. *callback* should return True if verification passes and False otherwise. If omitted, OpenSSL's default verification is used. :return: None See SSL_CTX_set_verify(3SSL) for further details. rmNr) rWrrYrrrSSL_CTX_set_verifyrrKrurr.rGr"rprGs r set_verifyContext.set_verifys,$$$56 6  "&D $(D !  # #DMM4 CH%% ;<<"/"9D $($7$7$@$@D !  # #DMM49N9N Orc[U[5(d [S5e[R"UR U5 g)z Set the maximum depth for the certificate chain verification that shall be allowed for this Context object. :param depth: An integer specifying the verify depth :return: None zdepth must be an integerN)rWrrYrSSL_CTX_set_verify_depthr)r"depths rset_verify_depthContext.set_verify_depth;s1%%%67 7 %%dmmU;rcB[R"UR5$)zd Retrieve the Context object's verify mode, as set by :meth:`set_verify`. :return: The verify mode )rSSL_CTX_get_verify_moderr!s rget_verify_modeContext.get_verify_modeHs++DMM::rcB[R"UR5$)zl Retrieve the Context object's verify depth, as set by :meth:`set_verify_depth`. :return: The verify depth )rSSL_CTX_get_verify_depthrr!s rget_verify_depthContext.get_verify_depthQs,,T]];;rc[U5n[R"US5nU[R:Xa [ 5 [R "U[R5n[R"U[R[R[R5n[R "U[R5n[R"URU5n[US:H5 g)z Load parameters for Ephemeral Diffie-Hellman :param dhfile: The file to load EDH parameters from (``bytes`` or ``str``). :return: None rr1N) rr BIO_new_filerKrur&rBIO_freePEM_read_bio_DHparamsDH_freeSSL_CTX_set_tmp_dhrr)r"dhfilebiodhress r load_tmp_dhContext.load_tmp_dhZsV$- $))  "ggc4==)  ' 'TYY 499 M WWR &%%dmmR8q!rcp[U[5(aJ[R"S[SS9 [ R "URUR55 gURnUS:XaSnOUS:XaSn[ R"UR55nU[ R:Xa [5 [ R"U5n[U[ R":g5 [ R$"U[ R&5n[ R "URU5 g) aZ Select a curve to use for ECDHE key exchange. :param curve: A curve instance from cryptography (:class:`~cryptogragraphy.hazmat.primitives.asymmetric.ec.EllipticCurve`). Alternatively (deprecated) a curve object from either :meth:`OpenSSL.crypto.get_elliptic_curve` or :meth:`OpenSSL.crypto.get_elliptic_curves`. :return: None z|Passing pyOpenSSL elliptic curves to set_tmp_ecdh is deprecated. You should use cryptography's elliptic curve types instead.rtr7 secp192r1 prime192v1 secp256r1 prime256v1N)rWrr:r;r<rSSL_CTX_set_tmp_ecdhr _to_EC_KEYname OBJ_txt2nidencode NID_undefr&EC_KEY_new_by_curve_namerrKrur EC_KEY_free)r"curvernidrs r set_tmp_ecdhContext.set_tmp_ecdhos e^ , , MM%#   % %dmmU5E5E5G H::D{"#$#""4;;=1Cdnn$$&..s3B B$))O ,T--.B  % %dmmR 8rc[SU5n[U[5(d [S5e[ [ R "URU5S:H5 [US5nUR5/SQ:Xa [S/5eg)z Set the list of ciphers to be used in this context. See the OpenSSL manual for more information (e.g. :manpage:`ciphers(1)`). :param bytes cipher_list: An OpenSSL cipher string. :return: None cipher_listz"cipher_list must be a byte string.r1N)TLS_AES_256_GCM_SHA384TLS_CHACHA20_POLY1305_SHA256TLS_AES_128_GCM_SHA256)z SSL routinesSSL_CTX_set_cipher_listzno cipher match) rbrWrXrYrrrrrpget_cipher_listrr)r"rtmpconns rset_cipher_listContext.set_cipher_lists.m[I +u--@A A  ( ( D I T4(  " " $)     rcj[R"5n[U[R:g5 UHn[ U[ 5(d"[S[U5RS35e[R"UR5n[U[R:g5 [R"X$5nU(aM[R"U5 [5 M [R""UR$U5 g![a [R "U5 ef=f)a Set the list of preferred client certificate signers for this server context. This list of certificate authorities will be sent to the client when the server requests a client certificate. :param certificate_authorities: a sequence of X509Names. :return: None .. versionadded:: 0.10 z)client CAs must be X509Name objects, not z objectsN)rsk_X509_NAME_new_nullrrKrurWrrYrr X509_NAME_dup_namesk_X509_NAME_pushX509_NAME_freer&r;sk_X509_NAME_freercr)r"certificate_authorities name_stackca_namerG push_results rset_client_ca_listContext.set_client_ca_lists//1  dii/0 2!'844#C=112(<))'--8 12"44ZF "{''-(*3 '' zB    " ": .  sBD $D"D2c[U[5(d[R"U5nO[R"S[ SS9 [ R"URUR5n[US:H5 g)a) Add the CA certificate to the list of preferred signers for this context. The list of certificate authorities will be sent to the client when the server requests a client certificate. :param certificate_authority: certificate authority's X509 certificate. :return: None .. versionadded:: 0.10 r6rtr7r1N) rWrr9r:r;r<rSSL_CTX_add_client_CArr>r)r"certificate_authorityrHs r add_client_caContext.add_client_casr/66$($:$:%% ! MMJ#  // MM066   a(rc[U[5(d [S5e[R"UR U5$)a! Set the timeout for newly created sessions for this Context object to *timeout*. The default value is 300 seconds. See the OpenSSL manual for more information (e.g. :manpage:`SSL_CTX_set_timeout(3)`). :param timeout: The timeout in (whole) seconds :return: The previous session timeout ztimeout must be an integer)rWrrYrSSL_CTX_set_timeoutr)r"timeouts r set_timeoutContext.set_timeouts4'3''89 9'' w??rcB[R"UR5$)zt Retrieve session timeout, as set by :meth:`set_timeout`. The default is 300 seconds. :return: The session timeout )rSSL_CTX_get_timeoutrr!s r get_timeoutContext.get_timeouts'' 66rc^[T5U4Sj5n[R"SU5Ul[R "UR UR5 g)a Set the information callback to *callback*. This function will be called from time to time during SSL handshakes. :param callback: The Python callback to use. This should take three arguments: a Connection object and two integers. The first integer specifies where in the SSL handshake the function was called, and the other the return code from a (possibly failed) internal function call. :return: None c:>T"[RUX5 grrpr9)rCwhere return_coderGs rrH*Context.set_info_callback..wrapper*s Z005u Jrzvoid (*)(const SSL *, int, int)N)rrKrGrrSSL_CTX_set_info_callbackrrLs ` rset_info_callbackContext.set_info_callbacksQ x K  K#mm -w  &&t}}d6I6IJrc^[T5U4Sj5n[R"SU5Ul[R "UR UR5 g)a Set the TLS key logging callback to *callback*. This function will be called whenever TLS key material is generated or received, in order to allow applications to store this keying material for debugging purposes. :param callback: The Python callback to use. This should take two arguments: a Connection object and a bytestring that contains the key material in the format used by NSS for its SSLKEYLOGFILE debugging output. :return: None cf>[R"U5nT"[RUU5 gr)rKrrpr9)rClinerGs rrH,Context.set_keylog_callback..wrapperDs&;;t$D Z005t T"[RU5 grr)rCalertrdrGs rrH7Context.set_tlsext_servername_callback..wrappers Z005 6rzint (*)(SSL *, int *, void *)N)rrKrGrr&SSL_CTX_set_tlsext_servername_callbackrrLs ` rset_tlsext_servername_callback&Context.set_tlsext_servername_callbacksR x   ,0== +W, ( 33 MM4;; rc[U[5(d [S5e[[R "UR U5S:H5 g)z Enable support for negotiating SRTP keying material. :param bytes profiles: A colon delimited list of protection profile names, like ``b'SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32'``. :return: None zprofiles must be a byte string.rN)rWrXrYrrSSL_CTX_set_tlsext_use_srtpr)r"profiless rset_tlsext_use_srtpContext.set_tlsext_use_srtps>(E**=> >  , ,T]]H E J rc U(d [S5eSR[R"SU555n[R "SU5n[ [R"URU[U55S:H5 g)a] Specify the protocols that the client is prepared to speak after the TLS connection has been negotiated using Application Layer Protocol Negotiation. :param protos: A list of the protocols to be offered to the server. This list should be a Python list of bytestrings representing the protocols to offer, e.g. ``[b'http/1.1', b'spdy/2']``. 'at least one protocol must be specifiedrc3N# UHn[[U545U4v M g7frrXr[.0ps r *Context.set_alpn_protos.. Fv!Ay!11 5v#%rUrN) rjoinr from_iterablerKrZrrSSL_CTX_set_alpn_protosrr[r"protosprotostr input_strs rset_alpn_protosContext.set_alpn_protoss{FG G88   FvF F  HH.9   ( ( y#h-   rc[U5UlURRUl[R "UR UR[R5 g)aD Specify a callback function that will be called on the server when a client offers protocols using ALPN. :param callback: The callback function. It will be invoked with two arguments: the Connection, and a list of offered protocols as bytestrings, e.g ``[b'http/1.1', b'spdy/2']``. It can return one of those bytestrings to indicate the chosen protocol, the empty bytestring to terminate the TLS connection, or the :py:obj:`NO_OVERLAPPING_PROTOCOLS` to indicate that no offered protocol was selected, but that the connection should not be aborted. N) rRrrGrrSSL_CTX_set_alpn_select_cbrrKrur"rGs rset_alpn_select_callback Context.set_alpn_select_callbacksH$5X#> %)%=%=%F%F" '' MM455tyy rc~XlURUlUc[RUlO[R "U5Ul[R"URUR5n[US:H5 [R"URUR 5n[US:H5 g)z This internal helper does the common work for ``set_ocsp_server_callback`` and ``set_ocsp_client_callback``, which is almost all of it. Nr1) rrGrrKrur new_handlerSSL_CTX_set_tlsext_status_cbrrSSL_CTX_set_tlsext_status_arg)r"helperrzrcs r_set_ocsp_callbackContext._set_ocsp_callbacks#$oo <"iiDO"ood3DO  . . MM4..  a  / / t Oa rc<[U5nURX25 g)a Set a callback to provide OCSP data to be stapled to the TLS handshake on the server side. :param callback: The callback function. It will be invoked with two arguments: the Connection, and the optional arbitrary data you have provided. The callback must return a bytestring that contains the OCSP data to staple to the handshake. If no OCSP data is available for this connection, return the empty bytestring. :param data: Some opaque data that will be passed into the callback function when called. This can be used to avoid needing to do complex data lookups or to keep track of what context is being used. This parameter is optional. N)rqr!r"rGrzrs rset_ocsp_server_callback Context.set_ocsp_server_callbacks&+84 -rc<[U5nURX25 g)a Set a callback to validate OCSP data stapled to the TLS handshake on the client side. :param callback: The callback function. It will be invoked with three arguments: the Connection, a bytestring containing the stapled OCSP assertion, and the optional arbitrary data you have provided. The callback must return a boolean that indicates the result of validating the OCSP data: ``True`` if the OCSP data is valid and the certificate can be trusted, or ``False`` if either the OCSP data is invalid or the certificate has been revoked. :param data: Some opaque data that will be passed into the callback function when called. This can be used to avoid needing to do complex data lookups or to keep track of what context is being used. This parameter is optional. N)rr!r$s rset_ocsp_client_callback Context.set_ocsp_client_callbacks*+84 -rc[U5Ul[R"URURR 5 gr)rrrSSL_CTX_set_cookie_generate_cbrrGrs rset_cookie_generate_callback$Context.set_cookie_generate_callback1s6(EX'N$ ++ MM  ( ( 1 1 rc[U5Ul[R"URURR 5 gr)rrrSSL_CTX_set_cookie_verify_cbrrGrs rset_cookie_verify_callback"Context.set_cookie_verify_callback:s6&A%J" )) MM  & & / / r)rrrrrrrrrrrrrrrrr)rrr+r,)rrr+r,r)r_StrOrBytesPath | Nonerr2r+r,)rG_PassphraseCallback[_T]r+r )rGr3r _T | Noner+r,r*)rstrrr5r+r)r% list[str]r&r6r+r,)r*_StrOrBytesPathr+r,)r*r7r0rr+r,r?X509 | x509.Certificater+r,)rFr9r+r,)rPr7r0rr+r,rYz_PrivateKey | PKeyr+r,)rrXr+r,)rhrXr+r,)rprr+r,r+rrprrGz_VerifyCallback | Noner+r,)r~rr+r,)rr7r+r,)rz!_EllipticCurve | ec.EllipticCurver+r,)rrXr+r,)rzSequence[X509Name]r+r,)rr9r+r,)rrr+r,)rGz&Callable[[Connection, int, int], None]r+r,)rGz#Callable[[Connection, bytes], None]r+r,r+r rzr r+r,)r+zX509Store | None)rrr+r,)rGzCallable[[Connection], None]r+r,)rrXr+r,rz list[bytes]r+r,rn)rz5_OCSPClientCallbackHelper | _OCSPServerCallbackHelperrzz Any | Noner+r,)rGz_OCSPServerCallback[_T]rzr4r+r,)rGz_OCSPClientCallback[_T]rzr4r+r,rr)Nrrrrrrzr TLS_methodrrhr}rer~rfrjrkTLS_server_methodriTLS_client_methodr# DTLS_methodr$DTLS_server_methodr"DTLS_client_methodrrr#rrrrrrr rr+rr2r@rIrLrQrZr^rerjrqrurzrrrrrrrrrrr_requires_keylogrrrrrrrrrrr!r%r(r,r0rrrrrqrq>sa .t 5.9.9T__d+D22D9D22D9d&&-T44d;T44d;   +0Z    *."#&"#'"#  "#H  /    #-)--  -B.`  ".7 ,#$:F#'#36# #0#0#49E/&/25/ /0/0# @ "H"B=A#P#P#9#P #PJ <;<"*%9N%N#C'9#C #CJ )%< )  )D @7K>K K0O;O OO4" @ : 4  2  # J (!E!!  !6.)..  .2.)..  .0 /   -  rrqc<\rSrSr%\"5rS\S'SVSWSjjrSXSjrSYSjr SZSjr S[S jr S\S jr SVS]S jjr S^S jrS_S jrS`SjrSaSjrS^SjrSbSjrS^SjrScSdSjjr\rScSdSjjrSVSeSjjr\rSfSgSjjrShSjrSiSjrSjSjrSkSjrSlSjrSkSjr S^Sjr!SmSjr"SnSjr#SoS jr$SlS!jr%SpS"jr&SkS#jr'SlS$jr(SkS%jr)SqS&jr*SrS'jr+SsS(jr,StS)jr-SuS*jr.S^S+jr/SvS,jr0SwS-jr1S\S.jr2S\S/jr3S\S0jr4SVSxS1jjr5SyS2jr6\7RpSzS3j5r9\7RpS4S5.S{S6jj5r9S4S5.S|S7jjr9\7RpSzS8j5r:\7RpS4S5.S{S9jj5r:S4S5.S|S:jjr:\;S}S;j5r<\;S~S<j5r=\7RpSS=j5r>\7RpS4S5.SS>jj5r>S4S5.SS?jjr>\7RpSS@j5r?\7RpS4S5.SSAjj5r?S4S5.SSBjjr?SkSCjr@SkSDjrASlSEjrBSlSFjrCSSGjrDSSHjrESSIjrFS\SJjrGS\SKjrHSSLjrISpSMjrJSSNjrKSSOjrLS^SPjrMSSQjrNSwSRjrOSwSSjrPSlSTjrQSUrRg)rpiDz&typing.MutableMapping[Any, Connection]r9Nc[U[5(d [S5e[R"UR 5n[ R"U[R5Ul [R"UR[R5 XlSUl SUl URUlURUlUR UlUR"UlXR$UR'UcSUl[R("[R*"55Ul[/UR,[ R0:g5 [R("[R*"55Ul[/UR2[ R0:g5 [R4"URUR,UR25 gSUlSUlX l[R6"UR[9UR&55n[/US:H5 g)z Create a new Connection object, using the given OpenSSL.SSL.Context instance and socket. :param context: An SSL Context to use for this connection :param socket: The socket to use for transport layer "context must be a Context instanceNr1)rWrqrYrSSL_newrrKrSSL_free_ssl SSL_set_modeSSL_MODE_AUTO_RETRYrr\rrrrr9_socketBIO_new BIO_s_mem _into_sslrru _from_ssl SSL_set_bio SSL_set_fdr)r"rsocketrCrs rr#Connection.__init__Is'7++@A All7++,GGC/ $))T%=%=>  +/' &44 ' 8 8(/'F'F$%,%B%B"+/dii( >DL!\\$..*:;DN DNNdii7 8!\\$..*:;DN DNNdii7 8   TYY G!DN!DN!L ,T\\:J J!O ,rcURc&[SURRSUS35e[ URU5$)za Look up attributes on the wrapped socket object if they are not found on the Connection object. 'z' object has no attribute ')rOAttributeError __class__rrr"rs r __getattr__Connection.__getattr__sL <<  DNN++,,GvQO 4<<. .rc|URRb$URRR5 URRb$URRR5 URRb$URRR5 [ R "X5nU[ R:Xa [5eU[ R:Xa [5eU[ R:Xa [5eU[ R:Xa [5eU[ R:Xa[ S:Xa["R$"5SnO["R&n[ R("5S:XdUS:wa8US:a&US:wa [+U[,R."U55e[+SS5e[15 gU[ R2:Xa[ R("5S:wa[ R("5n[ R4"U5n[ R6(a=[9U[ R::H5 [ R<"5 [+SS5e[15 gU[ R>:Xag[15 g)Nwin32rrzUnexpected EOF) rrr(rrr SSL_get_errorSSL_ERROR_WANT_READrSSL_ERROR_WANT_WRITErSSL_ERROR_ZERO_RETURNrSSL_ERROR_WANT_X509_LOOKUPrSSL_ERROR_SYSCALLr rK getwinerrorerrnoERR_peek_errorr|rrr& SSL_ERROR_SSLERR_GET_REASON-Cryptography_HAS_UNEXPECTED_EOF_WHILE_READINGr"SSL_R_UNEXPECTED_EOF_WHILE_READINGERR_clear_errorSSL_ERROR_NONE)r"rCrErrh peeked_errorreasons r_raise_ssl_errorConnection._raise_ssl_errors == ' ' 3 MM ( ( 9 9 ; == , , 8 MM - - > > @ == % % 1 MM & & 7 7 9""3/ D,, ,/ ! d// / " " d00 0!# # d55 5%' ' d,, ,7"((*1- ""$)UaZA:%1*&uimmE.BCC"2'788%& d(( (T-@-@-Ba-G ..0L((6FAAdEEE$$&"2'788$& d)) )  "rcUR$)zP Retrieve the :class:`Context` object associated with this :class:`Connection`. )rr!s r get_contextConnection.get_contexts }}rc[U[5(d [S5e[R"UR UR 5 Xlg)z Switch this connection to a new session context. :param context: A :class:`Context` instance giving the new session context to use. rIN)rWrqrYrSSL_set_SSL_CTXrLr)r"rs r set_contextConnection.set_contexts<'7++@A A TYY(8(89 rc[R"UR[R5nU[R :Xag[R "U5$)z Retrieve the servername extension value if provided in the client hello message, or None if there wasn't one. :return: A byte string giving the server name or :data:`None`. .. versionadded:: 0.13 N)rSSL_get_servernamerLTLSEXT_NAMETYPE_host_namerKrurr\s rget_servernameConnection.get_servernamesC&& IIt55  499 {{4  rc[U[5(d [S5eUc?SUlSUl[ R "URU[R5 g[U5(d [S5e[U5UlURRUl[ R "URXR5 g)z Override the Context object's verification flags for this specific connection. See :py:meth:`Context.set_verify` for details. rmNr) rWrrYrrrSSL_set_verifyrLrKrurr.rGrys rrzConnection.set_verifys$$$56 6  "&D $(D !    4 ;H%% ;<<"/"9D $($7$7$@$@D !    41F1F GrcB[R"UR5$)zg Retrieve the Connection object's verify mode, as set by :meth:`set_verify`. :return: The verify mode )rSSL_get_verify_moderLr!s rrConnection.get_verify_modes'' 22rc [U[5(d[R"U5nO[R"S[ SS9 [ R"URUR5nU(d [5 ggr5) rWrr9r:r;r<rSSL_use_certificaterLr>r&r?s rr@Connection.use_certificate se$%%))$/D MMJ#  --diiD  "rc*[U[5(d[R"U5nO[R"S[ SS9 [ R"URUR5nU(dURR5 ggrT) rWrrUr:r;r<rSSL_use_PrivateKeyrLrWrrLrXs rrZConnection.use_privatekey"so$%%--d3D MME#  ,,TYY C  MM 5 5 7rcF[R"URU5 g)a For DTLS, set the maximum UDP payload size (*not* including IP/UDP overhead). Note that you might have to set :data:`OP_NO_QUERY_MTU` to prevent OpenSSL from spontaneously clearing this. :param mtu: An integer giving the maximum transmission unit. .. versionadded:: 21.1 N)r SSL_set_mturL)r"mtus rset_ciphertext_mtuConnection.set_ciphertext_mtu:s C(rc[[S5(d [S5e[R"UR5$)z For DTLS, get the maximum size of unencrypted data you can pass to :meth:`write` without exceeding the MTU (as passed to :meth:`set_ciphertext_mtu`). :return: The effective MTU as an integer. .. versionadded:: 21.1 DTLS_get_data_mtuz requires OpenSSL 1.1.1 or better)hasattrrrrrLr!s rget_cleartext_mtuConnection.get_cleartext_mtuHs3t011%&HI I%%dii00rc[U[5(d [S5eSU;a [S5e[R"UR U5 g)z Set the value of the servername extension to send in the client hello. :param name: A byte string giving the name. .. versionadded:: 0.13 zname must be a byte stringzname must not contain NUL byteN)rWrXrYrSSL_set_tlsext_host_namerLr\s rset_tlsext_host_nameConnection.set_tlsext_host_nameWsF$&&89 9 d]<= = %%dii6rcB[R"UR5$)z Get the number of bytes that can be safely read from the SSL buffer (**not** the underlying transport buffer). :return: The number of bytes available in the receive buffer. )r SSL_pendingrLr!s rpendingConnection.pendinggs **rcB[SU5n[R"U5n[U5S:a [ S5e[ R "URU[U55nURURU5 UsSSS5 $!,(df  g=f)as Send data on the connection. NOTE: If you get one of the WantRead, WantWrite or WantX509Lookup exceptions on this, you have to call the method again with the SAME buffer. :param buf: The string, buffer or memoryview to send :param flags: (optional) Included for compatibility with the socket API, the value is ignored :return: The number of bytes written rhz,Cannot send more than 2**31-1 bytes at once.N) rbrK from_bufferr[rr SSL_writerLrr)r"rhflagsrzrEs rsendConnection.sendps{&eS1   c "d3x*$ B^^DIItSY?F  ! !$))V 4# " "s A#B Bc ^[SU5n[R"U5n[U5nSnU(a[[R "UR X5-[US55nURUR U5 XV- nXF-nU(aM[UsSSS5 $!,(df  g=f)ai Send "all" data on the connection. This calls send() repeatedly until all data is sent. If an error occurs, it's impossible to tell how much data has been sent. :param buf: The string, buffer or memoryview to send :param flags: (optional) Included for compatibility with the socket API, the value is ignored :return: The number of bytes written rhrrN) rbrKrr[rrrLminrr)r"rhrrz left_to_send total_sentrEs rsendallConnection.sendalls&eS1   c "ds8LJIIt0#lJ2O%%dii8$ & ,# " "sA.BB B,c@[SU5nUb:U[R-(a"[R"UR X15nO![R "UR X15nURUR U5 [R"X45SS$)z Receive data on the connection. :param bufsiz: The maximum number of bytes to read :param flags: (optional) The only supported flag is ``MSG_PEEK``, all other flags are ignored. :return: The string read from the Connection char[]N) _no_zero_allocatorrVMSG_PEEKrSSL_peekrLSSL_readrrrKrV)r"bufsizrrhrEs rrecvConnection.recvsq!62  !8]]499c:F]]499c:F dii0{{3'**rcUc [U5nO[U[U55n[SU5nUb:U[R-(a"[ R "URXB5nO![ R"URXB5nURURU5 [[R"XE55USU&U$)a  Receive data on the connection and copy it directly into the provided buffer, rather than creating a new string. :param buffer: The buffer to copy into. :param nbytes: (optional) The maximum number of bytes to read into the buffer. If not present, defaults to the size of the buffer. If larger than the size of the buffer, is reduced to the size of the buffer. :param flags: (optional) The only supported flag is ``MSG_PEEK``, all other flags are ignored. :return: The number of bytes read into the buffer. Nr) r[rrrVrrrrLrrr memoryviewrKrV)r"rVnbytesrrhrEs r recv_intoConnection.recv_intos& >[FV-F !62  !8]]499c:F]]499c:F dii0 %T[[%=>w rcD[R"U5(a{[R"U5(a [5e[R"U5(a [ 5e[R "U5(a [S5e[S5e[5 g)NBIO_should_io_specialzunknown bio failure) rBIO_should_retryBIO_should_readrBIO_should_writerrrr&)r"rrEs r_handle_bio_errorsConnection._handle_bio_errorss{   % %##C((#o%&&s++$&&++C00!!899!!677 ! "rcBURc [S5e[U[5(d [S5e[ SU5n[ R "URX!5nUS::aURURU5 [R"X#5SS$)ay If the Connection was created with a memory BIO, this method can be used to read bytes from the write end of that memory BIO. Many Connection methods will add bytes which must be read in this manner or the buffer will eventually fill up and the Connection will be able to take no further actions. :param bufsiz: The maximum number of bytes to read :return: The string read. NConnection sock was not Nonezbufsiz must be an integerrr) rSrYrWrrrBIO_readrrKrV)r"rrhrEs rbio_readConnection.bio_reads >> !:; ;&#&&78 8 62t~~s; Q;  # #DNNF ;{{3'**rcJ[SU5nURc [S5e[R"U5n[ R "URU[U55nUS::aURURU5 UsSSS5 $!,(df  g=f)a2 If the Connection was created with a memory BIO, this method can be used to add bytes to the read end of that memory BIO. The Connection can then read the bytes (for example, in response to a call to :meth:`recv`). :param buf: The string to put into the memory BIO. :return: The number of bytes written rhNrr) rbrRrYrKrr BIO_writer[r)r"rhrzrEs r bio_writeConnection.bio_write sz&eS1 >> !:; ;   c "d^^DNND#d)DF{''? # " "s AB B"cUR5(d-[[R"UR5S:H5 gg)z^ Renegotiate the session. :return: True if the renegotiation can be started, False otherwise r1TF)renegotiate_pendingrrSSL_renegotiaterLr!s r renegotiateConnection.renegotiate% s5 '')) D00;q@ Arc|[R"UR5nURURU5 g)z Perform an SSL handshake (usually called after :meth:`renegotiate` or one of :meth:`set_accept_state` or :meth:`set_connect_state`). This can raise the same exceptions as :meth:`send` and :meth:`recv`. :return: None. N)rSSL_do_handshakerLrrr"rEs r do_handshakeConnection.do_handshake0 s,&&tyy1 dii0rcH[R"UR5S:H$)z Check if there's a renegotiation in progress, it will return False once a renegotiation is finished. :return: Whether there's a renegotiation in progress r1)rSSL_renegotiate_pendingrLr!s rrConnection.renegotiate_pending; s++DII6!;;rcB[R"UR5$)zV Find out the total number of renegotiations. :return: The number of renegotiations. )rSSL_total_renegotiationsrLr!s rtotal_renegotiationsConnection.total_renegotiationsD s ,,TYY77rcx[R"UR5 URR U5$)a Call the :meth:`connect` method of the underlying socket and set up SSL on the socket, using the :class:`Context` object supplied to this :class:`Connection` object at creation. :param addr: A remote address :return: What the socket's connect method returns )rSSL_set_connect_staterLrOconnect)r"addrs rrConnection.connectL s+ ""499-||##D))rc^URRnUR5 U"U5$)a] Call the :meth:`connect_ex` method of the underlying socket and set up SSL on the socket, using the Context object supplied to this Connection object at creation. Note that if the :meth:`connect_ex` method of the socket doesn't return 0, SSL won't be initialized. :param addr: A remove address :return: What the socket's connect_ex method returns )rO connect_exset_connect_state)r"rrs rrConnection.connect_exX s*\\,,   $rcURR5up[URU5nUR 5 X24$)aS Call the :meth:`accept` method of the underlying socket and set up SSL on the returned socket, using the Context object supplied to this :class:`Connection` object at creation. :return: A *(conn, addr)* pair where *conn* is the new :class:`Connection` object created, and *address* is as returned by the socket's :meth:`accept`. )rOacceptrprset_accept_state)r"clientrres rrConnection.acceptf s<||**, $--0 |rc[R"5n[R"URU5n[R"U5 UR bUR R 5 URbURR 5 US:Xa [5eUS:aURURU5 gg![R"U5 f=f)zu Call the OpenSSL function DTLSv1_listen on this connection. See the OpenSSL manual for more details. :return: None Nr) r BIO_ADDR_new DTLSv1_listenrL BIO_ADDR_freerr(rrrr)r"bio_addrrEs rrConnection.DTLSv1_listenu s$$& )'' 8> !:; ; ##DNNA6rc[R"UR5nUS:a#URURU5 S5eUS:agg)a! Send the shutdown message to the Connection. :return: True if the shutdown completed successfully (i.e. both sides have sent closure alerts), False otherwise (in which case you call :meth:`recv` or :meth:`send` when the connection becomes readable/writeable). rFrT)r SSL_shutdownrLrrrs rshutdownConnection.shutdown sJ""499- A:  ! !$))V 4 '- '5 aZrc/n[5Hon[R"URU5nU[R :Xa U$UR [R"U5RS55 Mq U$)zh Retrieve the list of ciphers used by the Connection object. :return: A list of native cipher strings. utf-8) r rSSL_get_cipher_listrLrKrur<rr )r"ciphersrrEs rrConnection.get_cipher_list sh A--dii;F" NN4;;v.55g> ?  rc[R"UR5nU[R:Xa/$/n[ [R "U55Hn[R"X5n[R"U5n[U[R:g5 [R"[5n[R"U[R5UlURU5 M U$)a Get CAs whose certificates are suggested for client authentication. :return: If this is a server connection, the list of certificate authorities that will be sent or has been sent to the client, as controlled by this :class:`Connection`'s :class:`Context`. If this is a client connection, the list will be empty until the connection with the server is established. .. versionadded:: 0.10 )rSSL_get_client_CA_listrLrKrurangesk_X509_NAME_numsk_X509_NAME_valuerrrrrrrr<)r"ca_namesrErrrGpynames rget_client_ca_listConnection.get_client_ca_list s..tyy9 tyy It,,X67A**87D%%d+D DDII- .%%h/F774)<)<=FL MM& !8 rc[S5e)z| The makefile() method is not implemented, since there is no dup semantics for SSL connections :raise: NotImplementedError z1Cannot make file object of OpenSSL.SSL.Connectionrr"rrs rmakefileConnection.makefile s" ?  rcUR$)zZ Retrieve application data as set by :meth:`set_app_data`. :return: The application data rr!s rrConnection.get_app_data rrcXlg)zG Set application data :param data: The application data :return: None Nrrs rrConnection.set_app_data rrcB[R"UR5$)z~ Get the shutdown state of the Connection. :return: The shutdown state, a bitvector of SENT_SHUTDOWN, RECEIVED_SHUTDOWN. )rSSL_get_shutdownrLr!s r get_shutdownConnection.get_shutdown s$$TYY//rc[U[5(d [S5e[R"UR U5 g)zw Set the shutdown state of the Connection. :param state: bitvector of SENT_SHUTDOWN, RECEIVED_SHUTDOWN. :return: None zstate must be an integerN)rWrrYrSSL_set_shutdownrL)r"states r set_shutdownConnection.set_shutdown s1%%%67 7 dii/rcj[R"[R"UR55$)zl Retrieve a verbose string detailing the state of the Connection. :return: A string representing the state )rKrrSSL_state_string_longrLr!s rget_state_stringConnection.get_state_string* s" {{455dii@AArct[R"UR5nU[R:Xag[R "UR[RS5n[ US:5 [SU5n[R "URX25 [R"X25SS$)zi Retrieve the random value used with the server hello message. :return: A string representing the state NrrU) rSSL_get_sessionrLrKruSSL_get_server_randomrrrVr"sessionlengthoutps r server_randomConnection.server_random2 s &&tyy1 dii ++DIItyy!D #!"3V< ""499d;{{4(++rct[R"UR5nU[R:Xag[R "UR[RS5n[ US:5 [SU5n[R "URX25 [R"X25SS$)zi Retrieve the random value used with the client hello message. :return: A string representing the state NrrU) rr%rLrKruSSL_get_client_randomrrrVr's r client_randomConnection.client_randomA s &&tyy1 dii ++DIItyy!D #!"3V< ""499d;{{4(++rcL[R"UR5nU[R:Xag[R "U[RS5n[ US:5 [SU5n[R "XU5 [R"X25SS$)zb Retrieve the value of the master key for this session. :return: A string representing the state NrrU) rr%rLrKruSSL_SESSION_get_master_keyrrrVr's r master_keyConnection.master_keyQ s| &&tyy1 dii 00$))QG #!"3V< ''v>{{4(++rc [SU5n[RnSnSnUbUn[U5nSn[R "UR UUU[U5UUU5n[US:H5 [R"XB5SS$)a Obtain keying material for application use. :param: label - a disambiguating label string as described in RFC 5705 :param: olen - the length of the exported key material in bytes :param: context - a per-association context value :return: the exported key material bytes or None rUrNr1) rrKrur[rSSL_export_keying_materialrLrrV) r"labelolenrr* context_buf context_len use_contextsuccesss rexport_keying_material!Connection.export_keying_materiala s""3T:ii    !Kg,KK11 II    J      1 %{{4&q))rc:URR"U0UD6$)z Call the :meth:`shutdown` method of the underlying socket. See :manpage:`shutdown(2)`. :return: What the socket's shutdown() method returns )rOrrs r sock_shutdownConnection.sock_shutdown s||$$d5f55rcgrrr"as_cryptographys rget_certificateConnection.get_certificate  rF)rDcgrrrCs rrErF rGrc[R"UR5nU[R:waE[R "U5 [ R"U5nU(aUR5$U$g)z Retrieve the local certificate (if any) :param bool as_cryptography: Controls whether a ``cryptography.x509.Certificate`` or an ``OpenSSL.crypto.X509`` object should be returned. :return: The local certificate N) rSSL_get_certificaterLrKrur3rr4to_cryptographyr"rDr?pycerts rrErF s\'' 2 499    T ",,T2F--//MrcgrrrCs rget_peer_certificateConnection.get_peer_certificate rGrcgrrrCs rrOrP rGrc[R"UR5nU[R:wa/[ R "U5nU(aUR5$U$g)z Retrieve the other side's certificate (if any) :param bool as_cryptography: Controls whether a ``cryptography.x509.Certificate`` or an ``OpenSSL.crypto.X509`` object should be returned. :return: The peer's certificate N)rSSL_get_peer_certificaterLrKrurr4rKrLs rrOrP sN,,TYY7 499 ,,T2F--//MrcP/n[[R"U55Hn[R"X5n[ U[ R :g5 [R"U5n[ US:5 [R"U5nURU5 M U$zJ Internal helper to convert a STACK_OF(X509) to a list of X509 instances. r1) rr sk_X509_num sk_X509_valuerrKrur3rr4r< cert_stackrErr?rrMs r_cert_stack_to_listConnection._cert_stack_to_list s t'' 34A%%j4D DDII- .""4(C C1H %,,T2F MM& ! 5 rcl/n[[R"U55Hn[R"X5n[ U[ R :g5 [R"U5n[ US:5 [R"U5nURUR55 M U$rU) rrrVrWrrKrur3rr4r<rKrXs r _cert_stack_to_cryptography_list+Connection._cert_stack_to_cryptography_list st'' 34A%%j4D DDII- .""4(C C1H %,,T2F MM&002 3 5 rcgrrrCs rget_peer_cert_chainConnection.get_peer_cert_chain rGrcgrrrCs rr`ra rGrc[R"UR5nU[R:XagU(aUR U5$UR U5$)a; Retrieve the other side's certificate (if any) :param bool as_cryptography: Controls whether a list of ``cryptography.x509.Certificate`` or ``OpenSSL.crypto.X509`` object should be returned. :return: A list of X509 instances giving the peer's certificate chain, or None if it does not have one. N)rSSL_get_peer_cert_chainrLrKrur]rZr"rDrYs rr`ra sL11$))<  " 88D D'' 33rcgrrrCs rget_verified_chainConnection.get_verified_chain rGrcgrrrCs rrgrh rGrc[R"UR5nU[R:XagU(aUR U5$UR U5$)a* Retrieve the verified certificate chain of the peer including the peer's end entity certificate. It must be called after a session has been successfully established. If peer verification was not successful the chain may be incomplete, invalid, or None. :param bool as_cryptography: Controls whether a list of ``cryptography.x509.Certificate`` or ``OpenSSL.crypto.X509`` object should be returned. :return: A list of X509 instances giving the peer's verified certificate chain, or None if it does not have one. .. versionadded:: 20.0 N)rSSL_get0_verified_chainrLrKrur]rZres rrgrh sL*11$))<  " 88D D'' 33rcB[R"UR5$)z Checks if more data has to be read from the transport layer to complete an operation. :return: True iff more data has to be read )r SSL_want_readrLr!s r want_readConnection.want_read= s!!$)),,rcB[R"UR5$)z} Checks if there is data to write to the transport layer to complete an operation. :return: True iff there is data to write )rSSL_want_writerLr!s r want_writeConnection.want_writeF s""499--rcD[R"UR5 g)zv Set the connection to work in server mode. The handshake will be handled automatically by read/write. :return: None N)rSSL_set_accept_staterLr!s rrConnection.set_accept_stateO s !!$)),rcD[R"UR5 g)zv Set the connection to work in client mode. The handshake will be handled automatically by read/write. :return: None N)rrrLr!s rrConnection.set_connect_stateX s ""499-rc[R"UR5nU[R:Xag[ R [ 5n[R"U[R5Ul U$)z Returns the Session currently used. :return: An instance of :class:`OpenSSL.SSL.Session` or :obj:`None` if no session exists. .. versionadded:: 0.14 N) rSSL_get1_sessionrLrKrur{rrSSL_SESSION_freer)r"r( pysessions r get_sessionConnection.get_sessiona sT'' 2 dii OOG, !WWWd.C.CD rc[U[5(d [S5e[R"UR UR 5n[US:H5 g)z Set the session to be used when the TLS/SSL connection is established. :param session: A Session instance representing the session to use. :returns: None .. versionadded:: 0.14 z"session must be a Session instancer1N)rWr{rYrSSL_set_sessionrLrr)r"r(rEs r set_sessionConnection.set_sessionr sE'7++@A A%%dii1A1AB! $rc[R"SS5nU"URUS5nUS:Xag[SU5nU"URXC5 [R"XC5SS$)a Helper to implement :meth:`get_finished` and :meth:`get_peer_finished`. :param function: Either :data:`SSL_get_finished`: or :data:`SSL_get_peer_finished`. :return: :data:`None` if the desired message has not yet been received, otherwise the contents of the message. rrN)rKrZrLrrV)r"functionemptyrrhs r_get_finished_message Connection._get_finished_message s^21% 5!, 19 40C&{{3%a((rc@UR[R5$)z Obtain the latest TLS Finished message that we sent. :return: The contents of the message or :obj:`None` if the TLS handshake has not yet completed. .. versionadded:: 0.15 )rrSSL_get_finishedr!s r get_finishedConnection.get_finished s))$*?*?@@rc@UR[R5$)z Obtain the latest TLS Finished message that we received from the peer. :return: The contents of the message or :obj:`None` if the TLS handshake has not yet completed. .. versionadded:: 0.15 )rrSSL_get_peer_finishedr!s rget_peer_finishedConnection.get_peer_finished s))$*D*DEErc[R"UR5nU[R:Xag[R "[R "U55nURS5$)z Obtain the name of the currently used cipher. :returns: The name of the currently used cipher or :obj:`None` if no connection has been established. .. versionadded:: 0.15 Nr)rSSL_get_current_cipherrLrKrurSSL_CIPHER_get_namer )r"cipherrs rget_cipher_nameConnection.get_cipher_name sO,,TYY7 TYY ;;t77?@D;;w' 'rc[R"UR5nU[R:Xag[R "U[R5$)z Obtain the number of secret bits of the currently used cipher. :returns: The number of secret bits of the currently used cipher or :obj:`None` if no connection has been established. .. versionadded:: 0.15 N)rrrLrKruSSL_CIPHER_get_bits)r"rs rget_cipher_bitsConnection.get_cipher_bits s>,,TYY7 TYY ++FDII> >rc[R"UR5nU[R:Xag[R "[R "U55nURS5$)z Obtain the protocol version of the currently used cipher. :returns: The protocol name of the currently used cipher or :obj:`None` if no connection has been established. .. versionadded:: 0.15 Nr)rrrLrKrurSSL_CIPHER_get_versionr )r"rrs rget_cipher_versionConnection.get_cipher_version sO,,TYY7 TYY kk$"="=f"EFG>>'* *rc[R"[R"UR55nUR S5$)z Retrieve the protocol version of the current connection. :returns: The TLS version of the current connection, for example the value for TLS 1.2 would be ``TLSv1.2``or ``Unknown`` for connections that were not successfully established. r)rKrrSSL_get_versionrLr rs rget_protocol_version_name$Connection.get_protocol_version_name s0++d22499=>~~g&&rcF[R"UR5nU$)z Retrieve the SSL or TLS protocol version of the current connection. :returns: The TLS version of the current connection. For example, it will return ``0x769`` for connections made over TLS version 1. )r SSL_versionrLrs rget_protocol_versionConnection.get_protocol_version s""499-rc U(d [S5eSR[R"SU555n[R "SU5n[ [R"URU[U55S:H5 g)a8 Specify the client's ALPN protocol list. These protocols are offered to the server during protocol negotiation. :param protos: A list of the protocols to be offered to the server. This list should be a Python list of bytestrings representing the protocols to offer, e.g. ``[b'http/1.1', b'spdy/2']``. rrc3N# UHn[[U545U4v M g7frrrs rr -Connection.set_alpn_protos.. r r rUrN) rr rrrKrZrrSSL_set_alpn_protosrLr[rs rrConnection.set_alpn_protos ssFG G88   FvF F  HH.9   $ $TYY 3x= IQ N rc[R"S5n[R"S5n[R"URX5 U(dg[R "USUS5SS$)z Get the protocol that was negotiated by ALPN. :returns: A bytestring of the protocol name. If no protocol has been negotiated yet, returns an empty bytestring. rzunsigned int *rrN)rKrZrSSL_get0_alpn_selectedrLrV)r"rzdata_lens rget_alpn_proto_negotiated$Connection.get_alpn_proto_negotiated sZxx*+88,- ##DIIt>{{47HQK033rc[R"UR5nU(dg[R"UR 5$)z Get the SRTP protocol which was negotiated. :returns: A bytestring of the SRTP profile name. If no profile has been negotiated yet, returns an empty bytestring. r)rSSL_get_selected_srtp_profilerLrKrr)r"profiles rget_selected_srtp_profile$Connection.get_selected_srtp_profile1 s144TYY?{{7<<((rc~[R"UR[R5n[ US:H5 g)z Called to request that the server sends stapled OCSP data, if available. If this is not called on the client side then the server will not send OCSP data. Should be used in conjunction with :meth:`Context.set_ocsp_client_callback`. r1N)rSSL_set_tlsext_status_typerLTLSEXT_STATUSTYPE_ocspr)r"r s r request_ocspConnection.request_ocsp> s1 , , IIt22  a r) r\rrrrrSrRrOrLrrr)rrqrVzsocket.socket | Noner+r,)rr5r+r )rCr rErr+r,)r+rq)rrqr+r,)r+ bytes | Noner<r;r8r:)rrr+r,)rrXr+r,)r)rhrXrrr+r)rrr int | Noner+rX)NN)rVr rrrrr+r)rr rErr+typing.NoReturn)rrr+rX)rhrXr+r)r+rr*)rr r+r,)rr r+r)r+ztuple[Connection, Any])r+r)r+r6)r+zlist[X509Name])rr rr r+rr=r>)rrr+r,)r+rX)r7rXr8rrrr+rX)rr rr r+r,)rDtyping.Literal[True]r+zx509.Certificate | None)rDtyping.Literal[False]r+z X509 | None)rD,typing.Literal[True] | typing.Literal[False]r+zX509 | x509.Certificate | None)rYr r+z list[X509])rYr r+zlist[x509.Certificate])rDrr+zlist[x509.Certificate] | None)rDrr+zlist[X509] | None)rDrr+z*list[X509] | list[x509.Certificate] | None)r+zSession | None)r(r{r+r,)rzCallable[[Any, Any, int], int]r+r)r+z str | None)r+r5r?)Srrrrrr9rr#r]rrruryr~rzrr@rZrrrrrwriterrreadrrrrrrrrrrrrrrrrrr rrrrrr"r+r/r3r=r@typingoverloadrErO staticmethodrZr]r`rgrnrrrrr}rrrrrrrrrrrrrrrrrrprpDs< @D:-:-(<:- :-x /3#j  !$=AHH#9H H,3#080 ) 17 +4 E:+" D " ((( ( (T#$+0*  1<8 *   54$   7$ :  0 0B ,, ,"@D**"%*0<* *@6 __ "6    __:? "7   INF ( . __ "6    __:? "7   INF ( ,   " __ "6 &   __:? "7   IN4F4 4 4. __ "6 &   __:? "7   IN4F4 4 4:-.-." %!)6!) !)F A F( ?+ '  D4" ) !r)rr r+r)rrr+rX)rrrr5r+zCallable[[_T], _T]) __future__rrrVrr:collections.abcrrhr functoolsrr itertoolsrr sysr r r r rweakrefr cryptographyr)cryptography.hazmat.primitives.asymmetricr OpenSSL._utilrr7r_exception_from_error_queuerrKrrr _make_assertrrrrrrbOpenSSL.cryptorrrrrrr r!__all__r,rr+r(r*r)r'rTrQrSrRrPSSL_SENT_SHUTDOWNrFSSL_RECEIVED_SHUTDOWNrErzrr}r~rjrkrir#r$r"rOrhrerfrgSSL_OP_NO_SSLv2rsSSL_OP_NO_SSLv3rtSSL_OP_NO_TLSv1ruSSL_OP_NO_TLSv1_1rvSSL_OP_NO_TLSv1_2rwSSL_OP_NO_TLSv1_3rxSSL_MODE_RELEASE_BUFFERSr%SSL_OP_SINGLE_DH_USEr>SSL_OP_SINGLE_ECDH_USEr?SSL_OP_EPHEMERAL_RSAr1SSL_OP_MICROSOFT_SESS_ID_BUGr3SSL_OP_NETSCAPE_CHALLENGE_BUGr6'SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUGr8"SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUGrA!SSL_OP_MICROSOFT_BIG_SSLV3_BUFFERr2SSL_OP_MSIE_SSLV2_RSA_PADDINGr4SSL_OP_SSLEAY_080_CLIENT_DH_BUGr@SSL_OP_TLS_D5_BUGrCSSL_OP_TLS_BLOCK_PADDING_BUGrB"SSL_OP_DONT_INSERT_EMPTY_FRAGMENTSr0SSL_OP_CIPHER_SERVER_PREFERENCEr.SSL_OP_TLS_ROLLBACK_BUGrDSSL_OP_PKCS1_CHECK_1r<SSL_OP_PKCS1_CHECK_2r=SSL_OP_NETSCAPE_CA_DN_BUGr5&SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUGr7SSL_OP_NO_COMPRESSIONr9SSL_OP_NO_QUERY_MTUr:SSL_OP_COOKIE_EXCHANGEr/SSL_OP_NO_TICKETr;SSL_OP_NO_RENEGOTIATIONrr<rZSSL_OP_IGNORE_UNEXPECTED_EOFrSSL_OP_LEGACY_SERVER_CONNECTr SSL_OP_ALLr-SSL_VERIFY_PEERroSSL_VERIFY_FAIL_IF_NO_PEER_CERTrmSSL_VERIFY_CLIENT_ONCErlSSL_VERIFY_NONErnSSL_SESS_CACHE_OFFrMSSL_SESS_CACHE_CLIENTrHSSL_SESS_CACHE_SERVERrNSSL_SESS_CACHE_BOTHrGSSL_SESS_CACHE_NO_AUTO_CLEARrI!SSL_SESS_CACHE_NO_INTERNAL_LOOKUPrK SSL_SESS_CACHE_NO_INTERNAL_STORErLSSL_SESS_CACHE_NO_INTERNALrJrcrbrdr]rZr^r`rWr_rarVrUrYrXr\r[rrr&UnionListrXrorrr_OCSPClientCallback_OCSPServerCallbackr_PassphraseCallbackrOrrrrrr;rrr&rrrrrr|rr.rRrqrrrrrryrrrFr{rqrprrrrsD" $$"33'8   d N#999+++)))--#-## S#--#-  "  "&& ..     %% c%%% c%)))))))))'' S''' S''' S'++ s+++ s+++ s+ 99c911#155C511#1 $ A A#A!%!C!C3C00$S'+&M&MM%)%K%KsK!%!C!C3C#'#G#GSG++ s+ $ A A#A&*&M&MM#'#G#GSG77S7,,11#1!;;s;//#C3333///55C5)) c) #;;; NN() $($E$EcE NN-. $($E$EcE NN-.oo'' S'#'#G#GSG55C5'' S'---33333333/// $ A A#A%)%K%KsK$($I$IcI"===)))'' s'## S### S### S### S#%% c%%% c%//3/11C111C111C133S333S3"999!77s7 T]  34 V[[')@@A  #L>5#89 ,!6!<= eXb\BDHI hrl;UBCT8B<8%?@L$S#>DEgLgLV "I"LI :EBu% E  U  %  e  5 ((8% ,% P: 0: z@I 8@IF8I 88Iv $< . ": &(3!2" D+Q/1L  C C L D!D!}2      s6$^9$^$^^ ^^^^('^(