%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /lib/python3/dist-packages/OpenSSL/__pycache__/
Upload File :
Create Path :
Current File : //lib/python3/dist-packages/OpenSSL/__pycache__/SSL.cpython-312.pyc

�

<#e8����ddlZddlZddlmZddlmZmZddlmZm	Z	ddl
mZddlm
Z
ddlmZmZmZmZmZmZmZmZddlm Z m!Z!m"Z"m#Z#m$Z$m%Z%gd	�Z&ejNZ'ejPxZ(Z)ejTxZ*Z+ejXxZ,Z-ej\xZ.Z/ej`xZ0Z1ejdZ3ejhZ5d
Z6dZ7dZ8d
Z9dZ:dZ;dZ<dZ=dZ>dZ?	ej�Z@ej�ZAej�ZBej�ZCej�ZDej�ZGej�ZIej�ZKej�ZMej�ZO	ej�ZQe&j�d�ej�ZTej�ZVej�ZXej�ZZej�Z\ej�Z^ej�Z`ej�Zbej�Zdej�Zfej�Zhej�Zjej�Zlej�Znej�Zpej�Zrej�Ztej�Zvej�Zxej�Zzej�Z|ej�Z~ej�Z�e�jZ�	e�jZ�e&j�d�	e�j
Z�e&j�d�e�jZ�e�jZ�e�jZ�e�jZ�e�jZ�e�j"Z�e�j&Z�e�j*Z�e�j.Z�e�j2Z�e�j6Z�e�j:Z�e�j>Z�e�jBZ�e�jDZ�e�jFZ�e�jHZ�e�jJZ�e�jLZ�e�jNZ�e�jPZ�e�jRZ�e�jTZ�e�jVZ�e�jXZ�e�jZZ�e�j\Z�e�j^Z�e�j`Z�Gd�d�Z�gd�Z�dgZ�d Z�d!Z�Gd"�d#e��Z�eee��Z�ee��Z�Gd$�d%e��Z�Gd&�d'e��Z�Gd(�d)e��Z�Gd*�d+e��Z�Gd,�d-e��Z�Gd.�d/�Z�Gd0�d1e��Z�e��Z�Gd2�d3e��Z�Gd4�d5e��Z�Gd6�d7e��Z�Gd8�d9e��Z�Gd:�d;e��Z�d<�Z�d=�Z�e�Z�d>�Z�e�e�j�d?�Z�e�e�ed@d�dA�Z�GdB�dC�Z�GdD�dE�Z�GdF�dG�Z�y#eE$rdZ@dZAdZBdZCdZDY��NwxYw#eE$rY��wxYw#eE$rY���wxYw#eE$rY���wxYw)H�N)�	errorcode)�partial�wraps)�chain�count)�platform)�WeakValueDictionary)�UNSPECIFIED�exception_from_error_queue�ffi�lib�make_assert�no_zero_allocator�
path_bytes�text_to_bytes_and_warn)�FILETYPE_PEM�PKey�X509�X509Name�	X509Store�_PassphraseHelper)b�OPENSSL_VERSION_NUMBER�SSLEAY_VERSION�
SSLEAY_CFLAGS�SSLEAY_PLATFORM�
SSLEAY_DIR�SSLEAY_BUILT_ON�OPENSSL_VERSION�OPENSSL_CFLAGS�OPENSSL_PLATFORM�OPENSSL_DIR�OPENSSL_BUILT_ON�
SENT_SHUTDOWN�RECEIVED_SHUTDOWN�
SSLv23_METHOD�TLSv1_METHOD�TLSv1_1_METHOD�TLSv1_2_METHOD�
TLS_METHOD�TLS_SERVER_METHOD�TLS_CLIENT_METHOD�DTLS_METHOD�DTLS_SERVER_METHOD�DTLS_CLIENT_METHOD�SSL3_VERSION�TLS1_VERSION�TLS1_1_VERSION�TLS1_2_VERSION�TLS1_3_VERSION�OP_NO_SSLv2�OP_NO_SSLv3�OP_NO_TLSv1�
OP_NO_TLSv1_1�
OP_NO_TLSv1_2�MODE_RELEASE_BUFFERS�OP_SINGLE_DH_USE�OP_SINGLE_ECDH_USE�OP_EPHEMERAL_RSA�OP_MICROSOFT_SESS_ID_BUG�OP_NETSCAPE_CHALLENGE_BUG�#OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG�OP_SSLREF2_REUSE_CERT_TYPE_BUG�OP_MICROSOFT_BIG_SSLV3_BUFFER�OP_MSIE_SSLV2_RSA_PADDING�OP_SSLEAY_080_CLIENT_DH_BUG�
OP_TLS_D5_BUG�OP_TLS_BLOCK_PADDING_BUG�OP_DONT_INSERT_EMPTY_FRAGMENTS�OP_CIPHER_SERVER_PREFERENCE�OP_TLS_ROLLBACK_BUG�OP_PKCS1_CHECK_1�OP_PKCS1_CHECK_2�OP_NETSCAPE_CA_DN_BUG�"OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG�OP_NO_COMPRESSION�OP_NO_QUERY_MTU�OP_COOKIE_EXCHANGE�OP_NO_TICKET�OP_ALL�VERIFY_PEER�VERIFY_FAIL_IF_NO_PEER_CERT�VERIFY_CLIENT_ONCE�VERIFY_NONE�SESS_CACHE_OFF�SESS_CACHE_CLIENT�SESS_CACHE_SERVER�SESS_CACHE_BOTH�SESS_CACHE_NO_AUTO_CLEAR�SESS_CACHE_NO_INTERNAL_LOOKUP�SESS_CACHE_NO_INTERNAL_STORE�SESS_CACHE_NO_INTERNAL�SSL_ST_CONNECT�
SSL_ST_ACCEPT�SSL_ST_MASK�SSL_CB_LOOP�SSL_CB_EXIT�SSL_CB_READ�SSL_CB_WRITE�SSL_CB_ALERT�SSL_CB_READ_ALERT�SSL_CB_WRITE_ALERT�SSL_CB_ACCEPT_LOOP�SSL_CB_ACCEPT_EXIT�SSL_CB_CONNECT_LOOP�SSL_CB_CONNECT_EXIT�SSL_CB_HANDSHAKE_START�SSL_CB_HANDSHAKE_DONE�Error�
WantReadError�WantWriteError�WantX509LookupError�ZeroReturnError�SysCallError�NO_OVERLAPPING_PROTOCOLS�SSLeay_version�Session�Context�
Connection�X509VerificationCodes�������	�
��iiiii�
OP_NO_TLSv1_3�OP_NO_RENEGOTIATION�OP_IGNORE_UNEXPECTED_EOFc�h�eZdZdZej
ZejZejZ
ejZejZejZej"Zej&Zej*Zej.Zej2Zej6Zej:Zej>Z ejBZ"ejFZ$ejJZ&ejNZ(ejRZ*ejVZ,ejZZ.ej^Z0ejbZ2ejfZ4ejjZ6ejnZ8ejrZ:ejvZ<ejzZ>ej~Z@ej�ZBej�ZDej�ZFej�ZHej�ZJej�ZLej�ZNej�ZPej�ZRej�ZTej�ZVej�ZXej�ZZej�Z\ej�Z^ej�Z`ej�Zbej�Zdej�Zfej�Zhej�Zjej�Zlej�Znej�Zpej�Zrej�Ztej�Zvy)rya\
    Success and error codes for X509 verification, as returned by the
    underlying ``X509_STORE_CTX_get_error()`` function and passed by pyOpenSSL
    to verification callback functions.

    See `OpenSSL Verification Errors
    <https://www.openssl.org/docs/manmaster/man3/X509_verify_cert_error_string.html#ERROR-CODES>`_
    for details.
    N)w�__name__�
__module__�__qualname__�__doc__�_lib�	X509_V_OK�OK�$X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT�ERR_UNABLE_TO_GET_ISSUER_CERT�X509_V_ERR_UNABLE_TO_GET_CRL�ERR_UNABLE_TO_GET_CRL�+X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE�$ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE�*X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE�#ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE�-X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY�&ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY�!X509_V_ERR_CERT_SIGNATURE_FAILURE�ERR_CERT_SIGNATURE_FAILURE� X509_V_ERR_CRL_SIGNATURE_FAILURE�ERR_CRL_SIGNATURE_FAILURE�X509_V_ERR_CERT_NOT_YET_VALID�ERR_CERT_NOT_YET_VALID�X509_V_ERR_CERT_HAS_EXPIRED�ERR_CERT_HAS_EXPIRED�X509_V_ERR_CRL_NOT_YET_VALID�ERR_CRL_NOT_YET_VALID�X509_V_ERR_CRL_HAS_EXPIRED�ERR_CRL_HAS_EXPIRED�)X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD�"ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD�(X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD�!ERR_ERROR_IN_CERT_NOT_AFTER_FIELD�)X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD�"ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD�)X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD�"ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD�X509_V_ERR_OUT_OF_MEM�ERR_OUT_OF_MEM�&X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT�ERR_DEPTH_ZERO_SELF_SIGNED_CERT�$X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN�ERR_SELF_SIGNED_CERT_IN_CHAIN�,X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY�%ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY�*X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE�#ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE�X509_V_ERR_CERT_CHAIN_TOO_LONG�ERR_CERT_CHAIN_TOO_LONG�X509_V_ERR_CERT_REVOKED�ERR_CERT_REVOKED�X509_V_ERR_INVALID_CA�ERR_INVALID_CA�X509_V_ERR_PATH_LENGTH_EXCEEDED�ERR_PATH_LENGTH_EXCEEDED�X509_V_ERR_INVALID_PURPOSE�ERR_INVALID_PURPOSE�X509_V_ERR_CERT_UNTRUSTED�ERR_CERT_UNTRUSTED�X509_V_ERR_CERT_REJECTED�ERR_CERT_REJECTED�"X509_V_ERR_SUBJECT_ISSUER_MISMATCH�ERR_SUBJECT_ISSUER_MISMATCH�X509_V_ERR_AKID_SKID_MISMATCH�ERR_AKID_SKID_MISMATCH�&X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH�ERR_AKID_ISSUER_SERIAL_MISMATCH�X509_V_ERR_KEYUSAGE_NO_CERTSIGN�ERR_KEYUSAGE_NO_CERTSIGN�#X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER�ERR_UNABLE_TO_GET_CRL_ISSUER�'X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION� ERR_UNHANDLED_CRITICAL_EXTENSION�X509_V_ERR_KEYUSAGE_NO_CRL_SIGN�ERR_KEYUSAGE_NO_CRL_SIGN�+X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION�$ERR_UNHANDLED_CRITICAL_CRL_EXTENSION�X509_V_ERR_INVALID_NON_CA�ERR_INVALID_NON_CA�%X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED�ERR_PROXY_PATH_LENGTH_EXCEEDED�(X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE�!ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE�)X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED�"ERR_PROXY_CERTIFICATES_NOT_ALLOWED�X509_V_ERR_INVALID_EXTENSION�ERR_INVALID_EXTENSION�#X509_V_ERR_INVALID_POLICY_EXTENSION�ERR_INVALID_POLICY_EXTENSION�X509_V_ERR_NO_EXPLICIT_POLICY�ERR_NO_EXPLICIT_POLICY�X509_V_ERR_DIFFERENT_CRL_SCOPE�ERR_DIFFERENT_CRL_SCOPE�(X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE�!ERR_UNSUPPORTED_EXTENSION_FEATURE�X509_V_ERR_UNNESTED_RESOURCE�ERR_UNNESTED_RESOURCE�X509_V_ERR_PERMITTED_VIOLATION�ERR_PERMITTED_VIOLATION�X509_V_ERR_EXCLUDED_VIOLATION�ERR_EXCLUDED_VIOLATION�X509_V_ERR_SUBTREE_MINMAX�ERR_SUBTREE_MINMAX�&X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE�ERR_UNSUPPORTED_CONSTRAINT_TYPE�(X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX�!ERR_UNSUPPORTED_CONSTRAINT_SYNTAX�"X509_V_ERR_UNSUPPORTED_NAME_SYNTAX�ERR_UNSUPPORTED_NAME_SYNTAX�$X509_V_ERR_CRL_PATH_VALIDATION_ERROR�ERR_CRL_PATH_VALIDATION_ERROR�X509_V_ERR_HOSTNAME_MISMATCH�ERR_HOSTNAME_MISMATCH�X509_V_ERR_EMAIL_MISMATCH�ERR_EMAIL_MISMATCH�X509_V_ERR_IP_ADDRESS_MISMATCH�ERR_IP_ADDRESS_MISMATCH�#X509_V_ERR_APPLICATION_VERIFICATION�ERR_APPLICATION_VERIFICATION���-/usr/lib/python3/dist-packages/OpenSSL/SSL.pyryry�s����
���B�$(�$M�$M�!� �=�=���8�8�)�	
�7�7�(�	
�:�:�+�"&�!G�!G�� $� E� E��!�?�?���;�;�� �=�=���9�9���6�6�'�	
�5�5�&�	
�6�6�'�	
�6�6�'��/�/�N��3�3�$�%)�$M�$M�!��9�9�*�	
�7�7�(�#�A�A���3�3���/�/�N�#�C�C���9�9���7�7���5�5��"&�"I�"I��!�?�?���3�3�$� $�C�C��#'�#K�#K� ��4�4�%� $�C�C���8�8�)��7�7��%)�%O�%O�"��5�5�&�	
�6�6�'�!�=�=��#'�#K�#K� �!�?�?��"�A�A���5�5�&�!�=�=��"�A�A��!�?�?���7�7���3�3�$�	
�5�5�&�#'�"I�"I��$(�$M�$M�!� �=�=���7�7��"�A�A��#'�#K�#K� rry)z"/etc/ssl/certs/ca-certificates.crtz /etc/pki/tls/certs/ca-bundle.crtz/etc/ssl/ca-bundle.pemz/etc/pki/tls/cacert.pemz1/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pemz/etc/ssl/certss$/opt/pyca/cryptography/openssl/certss'/opt/pyca/cryptography/openssl/cert.pemc��eZdZdZy)rnz4
    An error occurred in an `OpenSSL.SSL` API.
    N�r�r�r�r�r�rrrnrn|s��rrnc��eZdZy)roN�r�r�r�r�rrroro����rroc��eZdZy)rpNrr�rrrprp�rrrpc��eZdZy)rqNrr�rrrqrq�rrrqc��eZdZy)rrNrr�rrrrrr�rrrrc��eZdZy)rsNrr�rrrsrs�rrrsc��eZdZdZd�Zd�Zy)�_CallbackExceptionHelpera�
    A base class for wrapper classes that allow for intelligent exception
    handling in OpenSSL callbacks.

    :ivar list _problems: Any exceptions that occurred while executing in a
        context where they could not be raised in the normal way.  Typically
        this is because OpenSSL has called into some Python code and requires a
        return value.  The exceptions are saved to be raised later when it is
        possible to do so.
    c��g|_y�N)�	_problems��selfs r�__init__z!_CallbackExceptionHelper.__init__�s	����rc��|jr&	t�|jjd��y#t$rY�'wxYw)z�
        Raise an exception from the OpenSSL error queue or that was previously
        captured whe running a callback.
        rN)r�_raise_current_errorrn�poprs r�raise_if_problemz)_CallbackExceptionHelper.raise_if_problem�sF��
�>�>�
�$�&��.�.�$�$�Q�'�'����
��
�s�
4�	A�AN)r�r�r�r�rrr�rrrr�s��	��
(rrc��eZdZdZd�Zy)�
_VerifyHelperz^
    Wrap a callback such that it can be used as a certificate verification
    callback.
    c����tj��t����fd��}tjd|��_y)Nc���tj|�}tj|�tj|�}tj
|�}tj|�}tj�}tj||�}tj|}	�|||||�}	|	r%tj|tj�yy#t$r%}
�jj|
�Yd}
~
yd}
~
wwxYw)N�r)r��X509_STORE_CTX_get_current_cert�X509_up_refr�_from_raw_x509_ptr�X509_STORE_CTX_get_error�X509_STORE_CTX_get_error_depth�"SSL_get_ex_data_X509_STORE_CTX_idx�X509_STORE_CTX_get_ex_datarx�_reverse_mapping�X509_STORE_CTX_set_errorr��	Exceptionr�append)
�ok�	store_ctx�x509�cert�error_number�error_depth�index�ssl�
connection�result�e�callbackrs
           ��r�wrapperz'_VerifyHelper.__init__.<locals>.wrapper�s�����7�7�	�B�D����T�"��*�*�4�0�D��8�8��C�L��=�=�i�H�K��;�;�=�E��1�1�)�U�C�C�#�4�4�S�9�J�
�!���l�K������1�1�)�T�^�^�L�����
����%�%�a�(���
�s�)C�	D�&D�Dzint (*)(int, X509_STORE_CTX *)�rrr�_ffir2�rr2r3s`` rrz_VerifyHelper.__init__�s>��� �)�)�$�/�	�x��	�
�	�2�
�
�,�g�
��
rN�r�r�r�r�rr�rrrr�s���

rrc��eZdZdZd�Zy)�_ALPNSelectHelperzQ
    Wrap a callback such that it can be used as an ALPN selection callback.
    c����tj��t����fd��}tjd|��_y)Nc���	tj|}tj||�dd}g}|r)|d}	|d|	dz}
|j	|
�||	dzd}|r�)�||�}d}|t
urd}d}nt
|t�std��tjdt|��tjd|�g|_|jdd|d<|jd|d<|stjStjS#t$r5}
�j j	|
�tj"cYd}
~
Sd}
~
wwxYw)	NrrTrFz^ALPN callback must return a bytestring or the special NO_OVERLAPPING_PROTOCOLS sentinel value.zunsigned char *�unsigned char[])rxr#r5�bufferr&rt�
isinstance�bytes�	TypeError�new�len�_alpn_select_callback_argsr��SSL_TLSEXT_ERR_NOACK�SSL_TLSEXT_ERR_OKr%r�SSL_TLSEXT_ERR_ALERT_FATAL)r.�out�outlen�in_�inlen�arg�conn�instr�	protolist�encoded_len�proto�outbytes�any_acceptedr1r2rs              ��rr3z+_ALPNSelectHelper.__init__.<locals>.wrapper�s]���(
7�!�2�2�3�7��
���C��/��2���	��"'��(�K�!�!�k�A�o�6�E��$�$�U�+�!�+��/�"3�4�E�	�$�D�)�4��#���7�7�"�H�#(�L�#�H�e�4�#�K����H�H�.��H�
�>��H�H�.��9�3��/�!�;�;�A�>�q�A��q�	��8�8��;��A��#��4�4�4��-�-�-���
7����%�%�a�(��6�6�6��
7�s+�AD�B%D�D�	E�*E�E�Ez^int (*)(SSL *, unsigned char **, unsigned char *, const unsigned char *, unsigned int, void *)r4r6s`` rrz_ALPNSelectHelper.__init__�sD��� �)�)�$�/�	�x��)	7�
�)	7�V�
�
�?�
�
��
rNr7r�rrr9r9�s���5
rr9c��eZdZdZd�Zy)�_OCSPServerCallbackHelpera�
    Wrap a callback such that it can be used as an OCSP callback for the server
    side.

    Annoyingly, OpenSSL defines one OCSP callback but uses it in two different
    ways. For servers, that callback is expected to retrieve some OCSP data and
    hand it to OpenSSL, and may return only SSL_TLSEXT_ERR_OK,
    SSL_TLSEXT_ERR_FATAL, and SSL_TLSEXT_ERR_NOACK. For clients, that callback
    is expected to check the OCSP data, and returns a negative value on error,
    0 if the response is not acceptable, or positive if it is. These are
    mutually exclusive return code behaviours, and they mean that we need two
    helpers so that we always return an appropriate error code if the user's
    code throws an exception.

    Given that we have to have two helpers anyway, these helpers are a bit more
    helpery than most: specifically, they hide a few more of the OpenSSL
    functions so that the user has an easier time writing these callbacks.

    This helper implements the server side.
    c����tj��t����fd��}tjd|��_y)Nc����	tj|}|tjk7rtj|�}nd}�||�}t|t�std��|syt|�}tj|�}|tj||�ddtj|||�y#t$r%}�	jj|�Yd}~yd}~wwxYw)Nz'OCSP callback must return a bytestring.rzr�)rxr#r5�NULL�from_handler>r?r@rBr��OPENSSL_mallocr=�SSL_set_tlsext_status_ocsp_respr%rr&)
r.�cdatarL�data�	ocsp_data�ocsp_data_length�data_ptrr1r2rs
        ��rr3z3_OCSPServerCallbackHelper.__init__.<locals>.wrapper7s����#
�!�2�2�3�7���D�I�I�%��+�+�E�2�D��D�%�T�4�0�	�!�)�U�3�#�$M�N�N�!��$'�y�>� ��.�.�/?�@��=F����H�&6�7��:��4�4���#3�����
����%�%�a�(���
�s�A$B9�(AB9�9	C'�C"�"C'�int (*)(SSL *, void *)r4r6s`` rrz"_OCSPServerCallbackHelper.__init__4s=��� �)�)�$�/�	�x��$	�
�$	�L�
�
�&>��H��
rNr7r�rrrTrTs
���**IrrTc��eZdZdZd�Zy)�_OCSPClientCallbackHelpera�
    Wrap a callback such that it can be used as an OCSP callback for the client
    side.

    Annoyingly, OpenSSL defines one OCSP callback but uses it in two different
    ways. For servers, that callback is expected to retrieve some OCSP data and
    hand it to OpenSSL, and may return only SSL_TLSEXT_ERR_OK,
    SSL_TLSEXT_ERR_FATAL, and SSL_TLSEXT_ERR_NOACK. For clients, that callback
    is expected to check the OCSP data, and returns a negative value on error,
    0 if the response is not acceptable, or positive if it is. These are
    mutually exclusive return code behaviours, and they mean that we need two
    helpers so that we always return an appropriate error code if the user's
    code throws an exception.

    Given that we have to have two helpers anyway, these helpers are a bit more
    helpery than most: specifically, they hide a few more of the OpenSSL
    functions so that the user has an easier time writing these callbacks.

    This helper implements the client side.
    c����tj��t����fd��}tjd|��_y)Nc���	tj|}|tjk7rtj|�}nd}tj
d�}t
j||�}|dkrd}ntj|d|�dd}�	|||�}tt|��S#t$r%}�
jj|�Yd}~yd}~wwxYw)N�unsigned char **rr���)rxr#r5rXrYrAr��SSL_get_tlsext_status_ocsp_respr=�int�boolr%rr&)r.r\rLr]�ocsp_ptr�ocsp_lenr^�validr1r2rs         ��rr3z3_OCSPClientCallbackHelper.__init__.<locals>.wrapperzs����
�!�2�2�3�7���D�I�I�%��+�+�E�2�D��D� �8�8�$6�7���?�?��X�N���a�<� #�I�!%���H�Q�K�� B�1� E�I� ��y�$�7���4��;�'�'���
����%�%�a�(���
�s�B*B.�.	C�7C�Crar4r6s`` rrz"_OCSPClientCallbackHelper.__init__ws<��� �)�)�$�/�	�x��	�
�	�<�
�
�&>��H��
rNr7r�rrrcrcas
���*"Irrcc��eZdZd�Zy)�_CookieGenerateCallbackHelperc����tj��t����fd��}tjd|��_y)Nc����	tj|}�|�}||dt|�t|�|d<y#t$r%}�jj|�Yd}~yd}~wwxYw)Nrr)rxr#rBr%rr&)r.rGrHrL�cookier1r2rs      ��rr3z7_CookieGenerateCallbackHelper.__init__.<locals>.wrapper�sf���	
�!�2�2�3�7��!�$���'-��A��F��$���K��q�	����
����%�%�a�(���
�s�7;�	A)�A$�$A)z/int (*)(SSL *, unsigned char *, unsigned int *)r4r6s`` rrz&_CookieGenerateCallbackHelper.__init__�s?��� �)�)�$�/�	�x��
	�
�
	��
�
�=��
��
rN�r�r�r�rr�rrroro�s��
rroc��eZdZd�Zy)�_CookieVerifyCallbackHelperc����tj��t����fd��}tjd|��_y)Nc���	tj|}�|t|d|��S#t$r%}�jj|�Yd}~yd}~wwxYw�Nr)rxr#r?r%rr&)r.�c_cookie�
cookie_lenrLr1r2rs     ��rr3z5_CookieVerifyCallbackHelper.__init__.<locals>.wrapper�sV���
�!�2�2�3�7����e�H�Q�z�,B�&C�D�D���
����%�%�a�(���
�s�'+�	A�A�Az-int (*)(SSL *, unsigned char *, unsigned int)r4r6s`` rrz$_CookieVerifyCallbackHelper.__init__�s?��� �)�)�$�/�	�x��	�
�	��
�
�;��
��
rNrsr�rrruru�s��
rruc���d}t|t�st|dd�}|�|�}t|t�r|}t|t�std��|dkrt	d|fz��|S)N�filenoz3argument must be an int, or have a fileno() method.rz1file descriptor cannot be a negative integer (%i))r>ri�getattrr@�
ValueError)�obj�fd�meths   r�_asFileDescriptorr��sv��	
�B��c�3���s�H�d�+�����&�C��#�s��
���b�#���M�N�N�	�a���?�2�%�G�
�	
��Irc�R�tjtj|��S)z�
    Return a string describing the version of OpenSSL in use.

    :param type: One of the :const:`OPENSSL_` constants defined in this module.
    )r5�stringr��OpenSSL_version)�types rr�r��s���;�;�t�+�+�D�1�2�2rc������fd�}|S)a�
    Builds a decorator that ensures that functions that rely on OpenSSL
    functions that are not present in this build raise NotImplementedError,
    rather than AttributeError coming out of cryptography.

    :param flag: A cryptography flag that guards the functions, e.g.
        ``Cryptography_HAS_NEXTPROTONEG``.
    :param error: The string to be used in the exception if the flag is false.
    c�6���st|��fd��}|S|S)Nc���t���r��NotImplementedError)�args�kwargs�errors  �r�explodez<_make_requires.<locals>._requires_decorator.<locals>.explode�s���)�%�0�0r)r)�funcr�r��flags  ��r�_requires_decoratorz+_make_requires.<locals>._requires_decorator�s(����
�4�[�
1��
1��N��Krr�)r�r�r�s`` r�_make_requiresr��s���	��rzALPN not available�Cryptography_HAS_KEYLOGzKey logging not availablec��eZdZdZy)rvz�
    A class representing an SSL session.  A session defines certain connection
    parameters which may be re-used to speed up the setup of subsequent
    connections.

    .. versionadded:: 0.14
    Nrr�rrrvrv	s���	rrvc�|�eZdZdZeejdfeejefe	eje
feejefe
ejdfeejdfeej"dfeej&dfeej*dfeej.dfi
Zd�Zd�Zd�Zd3d�Zd�Zd3d�Zd	�Zd
�Z d�Z!d�Z"e#fd
�Z$d�Z%d�Z&d�Z'e(fd�Z)d�Z*d�Z+d�Z,d�Z-d�Z.d�Z/d3d�Z0d�Z1d�Z2d�Z3d�Z4d�Z5d�Z6d�Z7d �Z8d!�Z9d"�Z:d#�Z;e<d$��Z=d%�Z>d&�Z?d'�Z@d(�ZAd)�ZBd*�ZCd+�ZDeEd,��ZFeEd-��ZGd.�ZHd3d/�ZId3d0�ZJd1�ZKd2�ZLy)4rwau
    :class:`OpenSSL.SSL.Context` instances define the parameters for setting
    up new SSL connections.

    :param method: One of TLS_METHOD, TLS_CLIENT_METHOD, TLS_SERVER_METHOD,
                   DTLS_METHOD, DTLS_CLIENT_METHOD, or DTLS_SERVER_METHOD.
                   SSLv23_METHOD, TLSv1_METHOD, etc. are deprecated and should
                   not be used.
    Nc��t|t�std��	|j|\}}|�}t
|tjk7�tj|�}t
|tjk7�tj|tj�}||_
d|_d|_d|_d|_d|_d|_d|_d|_d|_d|_d|_d|_d|_d|_d|_d|_|j=tj>�|�#|jA|�|jC|�yy#t$rtd��wxYw)Nzmethod must be an integerzNo such protocol)"r>rir@�_methods�KeyErrorr~�_openssl_assertr5rXr��SSL_CTX_new�gc�SSL_CTX_free�_context�_passphrase_helper�_passphrase_callback�_passphrase_userdata�_verify_helper�_verify_callback�_info_callback�_keylog_callback�_tlsext_servername_callback�	_app_data�_alpn_select_helper�_alpn_select_callback�_ocsp_helper�_ocsp_callback�
_ocsp_data�_cookie_generate_helper�_cookie_verify_helper�set_mode�SSL_MODE_ENABLE_PARTIAL_WRITE�set_min_proto_version�set_max_proto_version)r�method�method_func�version�
method_obj�contexts      rrzContext.__init__-s\���&�#�&��7�8�8�	1�#'�=�=��#8� �K��!�]�
��
�d�i�i�/�0��"�"�:�.����4�9�9�,�-��'�'�'�4�#4�#4�5����
�"&���$(��!�$(��!�"��� $���"��� $���+/��(����#'�� �%)��"� ���"������'+��$�%)��"��
�
�d�8�8�9����&�&�w�/��&�&�w�/���;�	1��/�0�0�	1�s�E#�#E8c�\�ttj|j|�dk(�y)aD
        Set the minimum supported protocol version. Setting the minimum
        version to 0 will enable protocol versions down to the lowest version
        supported by the library.

        If the underlying OpenSSL build is missing support for the selected
        version, this method will raise an exception.
        rN)r�r��SSL_CTX_set_min_proto_versionr��rr�s  rr�zContext.set_min_proto_versionT�%��	��.�.�t�}�}�g�F�!�K�	
rc�\�ttj|j|�dk(�y)aC
        Set the maximum supported protocol version. Setting the maximum
        version to 0 will enable protocol versions up to the highest version
        supported by the library.

        If the underlying OpenSSL build is missing support for the selected
        version, this method will raise an exception.
        rN)r�r��SSL_CTX_set_max_proto_versionr�r�s  rr�zContext.set_max_proto_versionar�rc���|�tj}nt|�}|�tj}nt|�}tj|j
||�}|st
�yy)aU
        Let SSL know where we can find trusted certificates for the certificate
        chain.  Note that the certificates have to be in PEM format.

        If capath is passed, it must be a directory prepared using the
        ``c_rehash`` tool included with OpenSSL.  Either, but not both, of
        *pemfile* or *capath* may be :data:`None`.

        :param cafile: In which file we can find the certificates (``bytes`` or
            ``unicode``).
        :param capath: In which directory we can find the certificates
            (``bytes`` or ``unicode``).

        :return: None
        N)r5rX�_path_bytesr��SSL_CTX_load_verify_locationsr�r)r�cafile�capath�load_results    r�load_verify_locationszContext.load_verify_locationsns_�� �>��Y�Y�F� ��(�F��>��Y�Y�F� ��(�F��8�8��M�M�6�6�
��� �"�rc�T���t����fd��}tt|dd��S)Nc�,���||�j�Sr)r�)�size�verify�userdatar2rs   ��rr3z'Context._wrap_callback.<locals>.wrapper�s����D�&�$�*C�*C�D�DrT)�	more_args�truncate)rrrr6s`` r�_wrap_callbackzContext._wrap_callback�s3���	�x��	E�
�	E�!��'�T�D�
�	
rc���t|�std��|j|�|_|jj|_t
j|j|j
�||_	y)a�
        Set the passphrase callback.  This function will be called
        when a private key with a passphrase is loaded.

        :param callback: The Python callback to use.  This must accept three
            positional arguments.  First, an integer giving the maximum length
            of the passphrase it may return.  If the returned passphrase is
            longer than this, it will be truncated.  Second, a boolean value
            which will be true if the user should be prompted for the
            passphrase twice and the callback should verify that the two values
            supplied are equal. Third, the value given as the *userdata*
            parameter to :meth:`set_passwd_cb`.  The *callback* must return
            a byte string. If an error occurs, *callback* should return a false
            value (e.g. an empty string).
        :param userdata: (optional) A Python object which will be given as
                         argument to the callback
        :return: None
        �callback must be callableN)
�callabler@r�r�r2r�r��SSL_CTX_set_default_passwd_cbr�r�)rr2r�s   r�
set_passwd_cbzContext.set_passwd_cb�sf��&��!��7�8�8�"&�"5�"5�h�"?���$(�$;�$;�$D�$D��!��*�*��M�M�4�4�4�	
�%-��!rc�T�tj|j�}t|dk(�t	j
tj��jd�}t	j
tj��jd�}|j||�s}t	j
tj��}t	j
tj��}|tk(r%|tk(r|jtt �yyyy)a�
        Specify that the platform provided CA certificates are to be used for
        verification purposes. This method has some caveats related to the
        binary wheels that cryptography (pyOpenSSL's primary dependency) ships:

        *   macOS will only load certificates using this method if the user has
            the ``openssl@1.1`` `Homebrew <https://brew.sh>`_ formula installed
            in the default location.
        *   Windows will not work.
        *   manylinux1 cryptography wheels will work on most common Linux
            distributions in pyOpenSSL 17.1.0 and above.  pyOpenSSL detects the
            manylinux1 wheel and attempts to load roots via a fallback path.

        :return: None
        r�asciiN)r�� SSL_CTX_set_default_verify_pathsr�r�r5r��X509_get_default_cert_dir_env�decode�X509_get_default_cert_file_env�_check_env_vars_set�X509_get_default_cert_dir�X509_get_default_cert_file�_CRYPTOGRAPHY_MANYLINUX_CA_DIR�_CRYPTOGRAPHY_MANYLINUX_CA_FILE�_fallback_default_verify_paths�_CERTIFICATE_FILE_LOCATIONS�_CERTIFICATE_PATH_LOCATIONS)r�
set_result�dir_env_var�file_env_var�default_dir�default_files      r�set_default_verify_pathsz Context.set_default_verify_paths�s���(�:�:�4�=�=�I�
��
�a��(��k�k�$�"D�"D�"F�G�N�N��
���{�{��/�/�1�
�
�&��/�	��'�'��\�B��+�+�d�&D�&D�&F�G�K��;�;�t�'F�'F�'H�I�L�
�=�=� �$C�C��3�3�/�1L��D�>�Crc��tjj|�duxs!tjj|�duS)zp
        Check to see if the default cert dir/file environment vars are present.

        :return: bool
        N)�os�environ�get)rr�r�s   rr�zContext._check_env_vars_set�s8��
�J�J�N�N�<�(��4�
7��z�z�~�~�k�*�$�6�	
rc���|D]4}tjj|�s�#|j|�n|D]5}tjj	|�s�#|jd|�yy)aW
        Default verify paths are based on the compiled version of OpenSSL.
        However, when pyca/cryptography is compiled as a manylinux1 wheel
        that compiled location can potentially be wrong. So, like Go, we
        will try a predefined set of paths and attempt to load roots
        from there.

        :return: None
        N)r��path�isfiler��isdir)r�	file_path�dir_pathr�r�s     rr�z&Context._fallback_default_verify_paths�sh�� �	�F��w�w�~�~�f�%��*�*�6�2��	�
�	�F��w�w�}�}�V�$��*�*�4��8��	rc�t�t|�}tj|j|�}|st	�yy)z�
        Load a certificate chain from a file.

        :param certfile: The name of the certificate chain file (``bytes`` or
            ``unicode``).  Must be PEM encoded.

        :return: None
        N)r�r��"SSL_CTX_use_certificate_chain_filer�r)r�certfiler0s   r�use_certificate_chain_filez"Context.use_certificate_chain_files7���x�(���8�8��M�M�8�
��� �"�rc��t|�}t|t�std��t	j
|j||�}|st�yy)ah
        Load a certificate from a file

        :param certfile: The name of the certificate file (``bytes`` or
            ``unicode``).
        :param filetype: (optional) The encoding of the file, which is either
            :const:`FILETYPE_PEM` or :const:`FILETYPE_ASN1`.  The default is
            :const:`FILETYPE_PEM`.

        :return: None
        �filetype must be an integerN)r�r>rir@r��SSL_CTX_use_certificate_filer�r)rr��filetype�
use_results    r�use_certificate_filezContext.use_certificate_filesO���x�(���(�C�(��9�:�:��6�6��M�M�8�X�
�
�� �"�rc��t|t�std��tj|j
|j�}|st�yy�zs
        Load a certificate from a X509 object

        :param cert: The X509 object
        :return: None
        zcert must be an X509 instanceN)r>rr@r��SSL_CTX_use_certificater��_x509r�rr*r�s   r�use_certificatezContext.use_certificate*sB���$��%��;�<�<��1�1�$�-�-����L�
�� �"�rc��t|t�std��tj|j
�}tj|j|�}|s tj|�t�yy)z�
        Add certificate to chain

        :param certobj: The X509 certificate object to add to the chain
        :return: None
        z certobj must be an X509 instanceN)
r>rr@r��X509_dupr��SSL_CTX_add_extra_chain_certr��	X509_freer)r�certobj�copy�
add_results    r�add_extra_chain_certzContext.add_extra_chain_cert9s\���'�4�(��>�?�?��}�}�W�]�]�+���6�6�t�}�}�d�K�
���N�N�4� � �"�rc�n�|j�|jjt�t�yr)r�rrnrrs r�_raise_passphrase_exceptionz#Context._raise_passphrase_exceptionJs(���"�"�.��#�#�4�4�U�;��rc���t|�}|turt}nt|t�std��t
j|j||�}|s|j�yy)aR
        Load a private key from a file

        :param keyfile: The name of the key file (``bytes`` or ``unicode``)
        :param filetype: (optional) The encoding of the file, which is either
            :const:`FILETYPE_PEM` or :const:`FILETYPE_ASN1`.  The default is
            :const:`FILETYPE_PEM`.

        :return: None
        r�N)
r��_UNSPECIFIEDrr>rir@r��SSL_CTX_use_PrivateKey_filer�r	)r�keyfiler�r�s    r�use_privatekey_filezContext.use_privatekey_filePsb���g�&���|�#�#�H��H�c�*��9�:�:��5�5��M�M�7�H�
�
���,�,�.�rc��t|t�std��tj|j
|j�}|s|j�yy�zs
        Load a private key from a PKey object

        :param pkey: The PKey object
        :return: None
        zpkey must be a PKey instanceN)r>rr@r��SSL_CTX_use_PrivateKeyr��_pkeyr	�r�pkeyr�s   r�use_privatekeyzContext.use_privatekeyhsH���$��%��:�;�;��0�0�����
�
�K�
���,�,�.�rc�X�tj|j�st�yy)z�
        Check if the private key (loaded with :meth:`use_privatekey`) matches
        the certificate (loaded with :meth:`use_certificate`)

        :return: :data:`None` (raises :exc:`Error` if something's wrong)
        N)r��SSL_CTX_check_private_keyr�rrs r�check_privatekeyzContext.check_privatekeyws!���-�-�d�m�m�<� �"�=rc��tjtd|��}t|tj
k7�tj|j|�y)a%
        Load the trusted certificates that will be sent to the client.  Does
        not actually imply any of the certificates are trusted; that must be
        configured separately.

        :param bytes cafile: The path to a certificates file in PEM format.
        :return: None
        r�N)r��SSL_load_client_CA_file�_text_to_bytes_and_warnr�r5rX�SSL_CTX_set_client_CA_listr�)rr��ca_lists   r�load_client_cazContext.load_client_ca�sE���.�.�#�H�f�5�
��	��4�9�9�,�-��'�'��
�
�w�?rc	��td|�}ttj|j|t|��dk(�y)aV
        Set the session id to *buf* within which a session can be reused for
        this Context object.  This is needed when doing session resumption,
        because there is no way for a stored session to know which Context
        object it is associated with.

        :param bytes buf: The session id.

        :returns: None
        �bufrN)rr�r��SSL_CTX_set_session_id_contextr�rB)rr s  r�set_session_idzContext.set_session_id�s:��&�e�S�1����/�/��
�
�s�C��H�M��
�	
rc�x�t|t�std��tj|j
|�S)a�
        Set the behavior of the session cache used by all connections using
        this Context.  The previously set mode is returned.  See
        :const:`SESS_CACHE_*` for details about particular modes.

        :param mode: One or more of the SESS_CACHE_* flags (combine using
            bitwise or)
        :returns: The previously set caching mode.

        .. versionadded:: 0.14
        �mode must be an integer)r>rir@r��SSL_CTX_set_session_cache_moder��r�modes  r�set_session_cache_modezContext.set_session_cache_mode�s1���$��$��5�6�6��2�2�4�=�=�$�G�Grc�@�tj|j�S)z�
        Get the current session cache mode.

        :returns: The currently used cache mode.

        .. versionadded:: 0.14
        )r��SSL_CTX_get_session_cache_moder�rs r�get_session_cache_modezContext.get_session_cache_mode�s���2�2�4�=�=�A�Arc��t|t�std��|�>d|_d|_tj|j|tj�yt|�std��t|�|_|jj|_tj|j||j�y)a�
        Set the verification flags for this Context object to *mode* and
        specify that *callback* should be used for verification callbacks.

        :param mode: The verify mode, this should be one of
            :const:`VERIFY_NONE` and :const:`VERIFY_PEER`. If
            :const:`VERIFY_PEER` is used, *mode* can be OR:ed with
            :const:`VERIFY_FAIL_IF_NO_PEER_CERT` and
            :const:`VERIFY_CLIENT_ONCE` to further control the behaviour.
        :param callback: The optional Python verification callback to use.
            This should take five arguments: A Connection object, an X509
            object, and three integer variables, which are in turn potential
            error number, error depth and return code. *callback* should
            return True if verification passes and False otherwise.
            If omitted, OpenSSL's default verification is used.
        :return: None

        See SSL_CTX_set_verify(3SSL) for further details.
        r$Nr�)
r>rir@r�r�r��SSL_CTX_set_verifyr�r5rXr�rr2�rr'r2s   r�
set_verifyzContext.set_verify�s���(�$��$��5�6�6���"&�D��$(�D�!��#�#�D�M�M�4����C��H�%�� ;�<�<�"/��"9�D��$(�$7�$7�$@�$@�D�!��#�#�D�M�M�4��9N�9N�Orc�z�t|t�std��tj|j
|�y)z�
        Set the maximum depth for the certificate chain verification that shall
        be allowed for this Context object.

        :param depth: An integer specifying the verify depth
        :return: None
        zdepth must be an integerN)r>rir@r��SSL_CTX_set_verify_depthr�)r�depths  r�set_verify_depthzContext.set_verify_depth�s.���%��%��6�7�7��%�%�d�m�m�U�;rc�@�tj|j�S)z�
        Retrieve the Context object's verify mode, as set by
        :meth:`set_verify`.

        :return: The verify mode
        )r��SSL_CTX_get_verify_moder�rs r�get_verify_modezContext.get_verify_mode�s���+�+�D�M�M�:�:rc�@�tj|j�S)z�
        Retrieve the Context object's verify depth, as set by
        :meth:`set_verify_depth`.

        :return: The verify depth
        )r��SSL_CTX_get_verify_depthr�rs r�get_verify_depthzContext.get_verify_depth�s���,�,�T�]�]�;�;rc���t|�}tj|d�}|tjk(r
t�tj|tj�}tj|tjtjtj�}tj|tj�}tj|j|�}t|dk(�y)z�
        Load parameters for Ephemeral Diffie-Hellman

        :param dhfile: The file to load EDH parameters from (``bytes`` or
            ``unicode``).

        :return: None
        �rrN)
r�r��BIO_new_filer5rXrr��BIO_free�PEM_read_bio_DHparams�DH_free�SSL_CTX_set_tmp_dhr�r�)r�dhfile�bio�dh�ress     r�load_tmp_dhzContext.load_tmp_dh�s����V�$�������-���$�)�)�� �"��g�g�c�4�=�=�)��
�
'�
'��T�Y�Y��	�	�4�9�9�
M��
�W�W�R����
&���%�%�d�m�m�R�8����q��!rc�`�tj|j|j��y)a

        Select a curve to use for ECDHE key exchange.

        :param curve: A curve object to use as returned by either
            :meth:`OpenSSL.crypto.get_elliptic_curve` or
            :meth:`OpenSSL.crypto.get_elliptic_curves`.

        :return: None
        N)r��SSL_CTX_set_tmp_ecdhr��
_to_EC_KEY)r�curves  r�set_tmp_ecdhzContext.set_tmp_ecdhs!��	
�!�!�$�-�-��1A�1A�1C�Drc��td|�}t|t�std��t	tj|j|�dk(�t|d�}|j�gd�k(rtdg��y)z�
        Set the list of ciphers to be used in this context.

        See the OpenSSL manual for more information (e.g.
        :manpage:`ciphers(1)`).

        :param bytes cipher_list: An OpenSSL cipher string.
        :return: None
        �cipher_listz"cipher_list must be a byte string.rN)�TLS_AES_256_GCM_SHA384�TLS_CHACHA20_POLY1305_SHA256�TLS_AES_128_GCM_SHA256)zSSL routines�SSL_CTX_set_cipher_listzno cipher match)rr>r?r@r�r�rPr�rx�get_cipher_listrn)rrL�tmpconns   r�set_cipher_listzContext.set_cipher_lists���.�m�[�I���+�u�-��@�A�A���(�(�����D��I�	
��T�4�(���"�"�$�)
�
�
����
�
rc�F�tj�}t|tjk7�	|D]�}t|t�s"tdt|�j�d���tj|j�}t|tjk7�tj||�}|r��tj|�t���	tj"|j$|�y#t$rtj |��wxYw)a_
        Set the list of preferred client certificate signers for this server
        context.

        This list of certificate authorities will be sent to the client when
        the server requests a client certificate.

        :param certificate_authorities: a sequence of X509Names.
        :return: None

        .. versionadded:: 0.10
        z)client CAs must be X509Name objects, not z objectsN)r��sk_X509_NAME_new_nullr�r5rXr>rr@r�r��
X509_NAME_dup�_name�sk_X509_NAME_push�X509_NAME_freerr%�sk_X509_NAME_freerr�)r�certificate_authorities�
name_stack�ca_namer�push_results      r�set_client_ca_listzContext.set_client_ca_listFs����/�/�1�
��
�d�i�i�/�0�	�2�
+��!�'�8�4�#�%)�'�]�%;�%;�>����)�)�'�-�-�8�����	�	� 1�2�"�4�4�Z��F��"��'�'��-�(�*�
+� 	
�'�'��
�
�z�B��	�	��"�"�:�.��	�s�B
D�=!D� D c��t|t�std��tj|j
|j�}t|dk(�y)ai
        Add the CA certificate to the list of preferred signers for this
        context.

        The list of certificate authorities will be sent to the client when the
        server requests a client certificate.

        :param certificate_authority: certificate authority's X509 certificate.
        :return: None

        .. versionadded:: 0.10
        z.certificate_authority must be an X509 instancerN)r>rr@r��SSL_CTX_add_client_CAr�r�r�)r�certificate_authorityrs   r�
add_client_cazContext.add_client_caisI���/��6��L�M�M��/�/��M�M�0�6�6�
�
�	�
�a��(rc�x�t|t�std��tj|j
|�S)aQ
        Set the timeout for newly created sessions for this Context object to
        *timeout*.  The default value is 300 seconds. See the OpenSSL manual
        for more information (e.g. :manpage:`SSL_CTX_set_timeout(3)`).

        :param timeout: The timeout in (whole) seconds
        :return: The previous session timeout
        ztimeout must be an integer)r>rir@r��SSL_CTX_set_timeoutr�)r�timeouts  r�set_timeoutzContext.set_timeout~s1���'�3�'��8�9�9��'�'��
�
�w�?�?rc�@�tj|j�S)z�
        Retrieve session timeout, as set by :meth:`set_timeout`. The default
        is 300 seconds.

        :return: The session timeout
        )r��SSL_CTX_get_timeoutr�rs r�get_timeoutzContext.get_timeout�s���'�'��
�
�6�6rc���t���fd��}tjd|�|_t	j
|j|j�y)a�
        Set the information callback to *callback*. This function will be
        called from time to time during SSL handshakes.

        :param callback: The Python callback to use.  This should take three
            arguments: a Connection object and two integers.  The first integer
            specifies where in the SSL handshake the function was called, and
            the other the return code from a (possibly failed) internal
            function call.
        :return: None
        c�<���tj|||�yr�rxr#)r.�where�return_coder2s   �rr3z*Context.set_info_callback.<locals>.wrapper�s����Z�0�0��5�u�k�Jrzvoid (*)(const SSL *, int, int)N)rr5r2r�r��SSL_CTX_set_info_callbackr�r6s ` r�set_info_callbackzContext.set_info_callback�sQ���
�x��	K�
�	K�#�m�m�-�w�
���	
�&�&�t�}�}�d�6I�6I�Jrc���t���fd��}tjd|�|_t	j
|j|j�y)a
        Set the TLS key logging callback to *callback*. This function will be
        called whenever TLS key material is generated or received, in order
        to allow applications to store this keying material for debugging
        purposes.

        :param callback: The Python callback to use.  This should take two
            arguments: a Connection object and a bytestring that contains
            the key material in the format used by NSS for its SSLKEYLOGFILE
            debugging output.
        :return: None
        c�d��tj|�}�tj||�yr)r5r�rxr#)r.�liner2s  �rr3z,Context.set_keylog_callback.<locals>.wrapper�s&����;�;�t�$�D��Z�0�0��5�t�<rz#void (*)(const SSL *, const char *)N)rr5r2r�r��SSL_CTX_set_keylog_callbackr�r6s ` r�set_keylog_callbackzContext.set_keylog_callback�sO���
�x��	=�
�	=�!%�
�
�1�7�!
���	
�(�(�����8M�8M�Nrc��|jS)zw
        Get the application data (supplied via :meth:`set_app_data()`)

        :return: The application data
        �r�rs r�get_app_datazContext.get_app_data�����~�~�rc��||_y)z�
        Set the application data (will be returned from get_app_data())

        :param data: Any Python object
        :return: None
        Nrx�rr]s  r�set_app_datazContext.set_app_data������rc��tj|j�}|tjk(rytjt
�}||_|S)z�
        Get the certificate store for the context.  This can be used to add
        "trusted" certificates without using the
        :meth:`load_verify_locations` method.

        :return: A X509Store object or None if it does not have one.
        N)r��SSL_CTX_get_cert_storer�r5rXr�__new__�_store)r�store�pystores   r�get_cert_storezContext.get_cert_store�sC���+�+�D�M�M�:���D�I�I����#�#�I�.������rc�x�t|t�std��tj|j
|�S)z�
        Add options. Options set before are not cleared!
        This method should be used with the :const:`OP_*` constants.

        :param options: The options to add.
        :return: The new option bitmask.
        zoptions must be an integer)r>rir@r��SSL_CTX_set_optionsr�)r�optionss  r�set_optionszContext.set_options�s1���'�3�'��8�9�9��'�'��
�
�w�?�?rc�x�t|t�std��tj|j
|�S)z�
        Add modes via bitmask. Modes set before are not cleared!  This method
        should be used with the :const:`MODE_*` constants.

        :param mode: The mode to add.
        :return: The new mode bitmask.
        r$)r>rir@r��SSL_CTX_set_moder�r&s  rr�zContext.set_mode�s1���$��$��5�6�6��$�$�T�]�]�D�9�9rc���t���fd��}tjd|�|_t	j
|j|j�y)a
        Specify a callback function to be called when clients specify a server
        name.

        :param callback: The callback function.  It will be invoked with one
            argument, the Connection instance.

        .. versionadded:: 0.13
        c�8���tj|�yrxrm)r.�alertrKr2s   �rr3z7Context.set_tlsext_servername_callback.<locals>.wrappers����Z�0�0��5�6�rzint (*)(SSL *, int *, void *)N)rr5r2r�r��&SSL_CTX_set_tlsext_servername_callbackr�r6s ` r�set_tlsext_servername_callbackz&Context.set_tlsext_servername_callbacksR���
�x��	�
�	�,0�=�=�+�W�,
��(�	
�3�3��M�M�4�;�;�	
rc��t|t�std��tt	j
|j|�dk(�y)z�
        Enable support for negotiating SRTP keying material.

        :param bytes profiles: A colon delimited list of protection profile
            names, like ``b'SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32'``.
        :return: None
        zprofiles must be a byte string.rN)r>r?r@r�r��SSL_CTX_set_tlsext_use_srtpr�)r�profiless  r�set_tlsext_use_srtpzContext.set_tlsext_use_srtps;���(�E�*��=�>�>���,�,�T�]�]�H�E��J�	
rc	��|std��djtjd�|D���}t	j
d|�}t
tj|j|t|��dk(�y)a�
        Specify the protocols that the client is prepared to speak after the
        TLS connection has been negotiated using Application Layer Protocol
        Negotiation.

        :param protos: A list of the protocols to be offered to the server.
            This list should be a Python list of bytestrings representing the
            protocols to offer, e.g. ``[b'http/1.1', b'spdy/2']``.
        �'at least one protocol must be specifiedrc3�JK�|]}tt|�f�|f���y�wr�r?rB��.0�ps  r�	<genexpr>z*Context.set_alpn_protos.<locals>.<genexpr>:� ����F�!���A��y�!1�1� 5�F���!#r<rN)r~�joinr�
from_iterabler5rAr�r��SSL_CTX_set_alpn_protosr�rB�r�protos�protostr�	input_strs    r�set_alpn_protoszContext.set_alpn_protos&s{����F�G�G��8�8����F�v�F�F�
���H�H�.��9�	�	��(�(��
�
�y�#�h�-�
��
�	
rc���t|�|_|jj|_t	j
|j|jtj�y)a�
        Specify a callback function that will be called on the server when a
        client offers protocols using ALPN.

        :param callback: The callback function.  It will be invoked with two
            arguments: the Connection, and a list of offered protocols as
            bytestrings, e.g ``[b'http/1.1', b'spdy/2']``.  It can return
            one of those bytestrings to indicate the chosen protocol, the
            empty bytestring to terminate the TLS connection, or the
            :py:obj:`NO_OVERLAPPING_PROTOCOLS` to indicate that no offered
            protocol was selected, but that the connection should not be
            aborted.
        N)	r9r�r2r�r��SSL_CTX_set_alpn_select_cbr�r5rX�rr2s  r�set_alpn_select_callbackz Context.set_alpn_select_callbackLsH��$5�X�#>�� �%)�%=�%=�%F�%F��"��'�'��M�M�4�5�5�t�y�y�	
rc�x�||_|j|_|�tj|_ntj|�|_tj|j|j�}t|dk(�tj|j|j
�}t|dk(�y)z�
        This internal helper does the common work for
        ``set_ocsp_server_callback`` and ``set_ocsp_client_callback``, which is
        almost all of it.
        Nr)r�r2r�r5rXr��
new_handler��SSL_CTX_set_tlsext_status_cbr�r��SSL_CTX_set_tlsext_status_arg)r�helperr]�rcs    r�_set_ocsp_callbackzContext._set_ocsp_callbackas���#���$�o�o����<�"�i�i�D�O�"�o�o�d�3�D�O�
�
.�
.��M�M�4�.�.�
��	��a�� �
�
/�
/��
�
�t���
O����a�� rc�>�t|�}|j||�y)a�
        Set a callback to provide OCSP data to be stapled to the TLS handshake
        on the server side.

        :param callback: The callback function. It will be invoked with two
            arguments: the Connection, and the optional arbitrary data you have
            provided. The callback must return a bytestring that contains the
            OCSP data to staple to the handshake. If no OCSP data is available
            for this connection, return the empty bytestring.
        :param data: Some opaque data that will be passed into the callback
            function when called. This can be used to avoid needing to do
            complex data lookups or to keep track of what context is being
            used. This parameter is optional.
        N)rTr��rr2r]r�s    r�set_ocsp_server_callbackz Context.set_ocsp_server_callbackus��+�8�4�������-rc�>�t|�}|j||�y)a�
        Set a callback to validate OCSP data stapled to the TLS handshake on
        the client side.

        :param callback: The callback function. It will be invoked with three
            arguments: the Connection, a bytestring containing the stapled OCSP
            assertion, and the optional arbitrary data you have provided. The
            callback must return a boolean that indicates the result of
            validating the OCSP data: ``True`` if the OCSP data is valid and
            the certificate can be trusted, or ``False`` if either the OCSP
            data is invalid or the certificate has been revoked.
        :param data: Some opaque data that will be passed into the callback
            function when called. This can be used to avoid needing to do
            complex data lookups or to keep track of what context is being
            used. This parameter is optional.
        N)rcr�r�s    r�set_ocsp_client_callbackz Context.set_ocsp_client_callback�s��"+�8�4�������-rc��t|�|_tj|j|jj
�yr)ror�r��SSL_CTX_set_cookie_generate_cbr�r2r�s  r�set_cookie_generate_callbackz$Context.set_cookie_generate_callback�s3��'D�X�'N��$��+�+��M�M��(�(�1�1�	
rc��t|�|_tj|j|jj
�yr)rur�r��SSL_CTX_set_cookie_verify_cbr�r2r�s  r�set_cookie_verify_callbackz"Context.set_cookie_verify_callback�s3��%@��%J��"��)�)��M�M��&�&�/�/�	
rr)Mr�r�r�r�r%r��
TLS_methodr&r0r'r1r(r2r)r*�TLS_server_methodr+�TLS_client_methodr,�DTLS_methodr-�DTLS_server_methodr.�DTLS_client_methodr�rr�r�r�r�r�r�r�r�r�rr�r�rr	rrrrrr"r(r+r/r3r6r9rErJrSr_rcrgrjrq�_requires_keylogrvryr}r�r�r�r�r��_requires_alpnr�r�r�r�r�r�r�r�rrrwrws����	�����.��t����5�����.�9�����.�9��T�_�_�d�+��D�2�2�D�9��D�2�2�D�9��d�&�&��-��T�4�4�d�;��T�4�4�d�;��H�%0�N
�
�#�@
�-�:.�`	
��(#�"7C�#�,
#�#�"�5A�/�0
/�#�
@�
�"H�"B�!P�F<�;�<�"�*
E�%�N!C�F)�*@�7�K�,�O��O�0���"@�:�
�.

��#
��#
�J�
��
�(!�(.�$.�(
�
rrwc���eZdZe�ZdFd�Zd�Zd�Zd�Zd�Z	d�Z
dFd�Zd	�Zd
�Z
d�Zd�Zd
�Zd�Zd�ZdGd�ZeZdGd�ZdFd�ZeZdHd�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Z d�Z!d�Z"d�Z#d�Z$d �Z%d!�Z&d"�Z'd#�Z(d$�Z)d%�Z*d&�Z+d'�Z,d(�Z-d)�Z.d*�Z/d+�Z0d,�Z1d-�Z2dFd.�Z3d/�Z4d0�Z5d1�Z6e7d2��Z8d3�Z9d4�Z:d5�Z;d6�Z<d7�Z=d8�Z>d9�Z?d:�Z@d;�ZAd<�ZBd=�ZCd>�ZDd?�ZEd@�ZFdA�ZGdB�ZHeIdC��ZJeIdD��ZKdE�ZLy)IrxNc�|�t|t�std��tj|j
�}t
j|tj�|_	tj|jtj�||_d|_d|_
|j|_|j|_|j |_|j"|_||j$|j<|��d|_tj(tj*��|_t/|j,tj0k7�tj(tj*��|_t/|j2tj0k7�tj4|j|j,|j2�yd|_d|_||_tj6|jt9|j&��}t/|dk(�y)z�
        Create a new Connection object, using the given OpenSSL.SSL.Context
        instance and socket.

        :param context: An SSL Context to use for this connection
        :param socket: The socket to use for transport layer
        �"context must be a Context instanceNr)r>rwr@r��SSL_newr�r5r��SSL_free�_ssl�SSL_set_mode�SSL_MODE_AUTO_RETRYr�rCr�r�r�r�r#�_socket�BIO_new�	BIO_s_mem�	_into_sslr�rX�	_from_ssl�SSL_set_bio�
SSL_set_fdr�)rr��socketr.r�s     rrzConnection.__init__�s����'�7�+��@�A�A��l�l�7�+�+�,���G�G�C����/��	�
	
���$�)�)�T�%=�%=�>���
����+/��'�
&�4�4��� '� 8� 8���(/�'F�'F��$�%,�%B�%B��"�+/����d�i�i�(��>��D�L�!�\�\�$�.�.�*:�;�D�N��D�N�N�d�i�i�7�8�!�\�\�$�.�.�*:�;�D�N��D�N�N�d�i�i�7�8����T�Y�Y�������G�!�D�N�!�D�N�!�D�L�����	�	�,�T�\�\�:��J�
�J�!�O�,rc��|j�&td|jj�d|�d���t	|j|�S)zy
        Look up attributes on the wrapped socket object if they are not found
        on the Connection object.
        �'z' object has no attribute ')r��AttributeError�	__class__r�r}�r�names  r�__getattr__zConnection.__getattr__�sB��
�<�<�� ��>�>�*�*�D�2��
�
�4�<�<��.�.rc�:�|jj�$|jjj�|jj�$|jjj�|jj�$|jjj�tj||�}|t
jk(r
t��|t
jk(r
t��|t
jk(r
t��|t
jk(r
t��|t
jk(r�tj �dk(rf|dkrUt"dk(rt%j&�d}nt$j(}|dk7rt+|t-j.|���t+dd��t1�y|t
j2k(r�tj �dk7r�tj �}tj4|�}t
j6r<t9|t
j:k(�tj<�t+dd��t1�y|t
j>k(ryt1�y)Nr�win32rgzUnexpected EOF) r�r�rr�r�r��
SSL_get_error�SSL_ERROR_WANT_READro�SSL_ERROR_WANT_WRITErp�SSL_ERROR_ZERO_RETURNrr�SSL_ERROR_WANT_X509_LOOKUPrq�SSL_ERROR_SYSCALL�ERR_peek_errorrr5�getwinerror�errnorsrr�r�
SSL_ERROR_SSL�ERR_GET_REASON�-Cryptography_HAS_UNEXPECTED_EOF_WHILE_READINGr��"SSL_R_UNEXPECTED_EOF_WHILE_READING�ERR_clear_error�SSL_ERROR_NONE)rr.r0r�r��peeked_error�reasons       r�_raise_ssl_errorzConnection._raise_ssl_error�s����=�=�'�'�3��M�M�(�(�9�9�;��=�=�,�,�8��M�M�-�-�>�>�@��=�=�%�%�1��M�M�&�&�7�7�9��"�"�3��/���D�,�,�,��/�!�
�d�/�/�
/� �"�"�
�d�0�0�
0�!�#�#�
�d�5�5�
5�%�'�'�
�d�,�,�
,��"�"�$��)��A�:��7�*� $� 0� 0� 2�1� 5�� $�
�
����z�*�5�)�-�-��2F�G�G�"�2�'7�8�8�%�&�
�d�(�(�
(�T�-@�-@�-B�a�-G� �.�.�0�L��(�(��6�F��A�A���d�E�E�E���$�$�&�"�2�'7�8�8�$�&�
�d�)�)�
)�� �"rc��|jS)zh
        Retrieve the :class:`Context` object associated with this
        :class:`Connection`.
        )r�rs r�get_contextzConnection.get_context+s��
�}�}�rc��t|t�std��tj|j
|j�||_y)z�
        Switch this connection to a new session context.

        :param context: A :class:`Context` instance giving the new session
            context to use.
        r�N)r>rwr@r��SSL_set_SSL_CTXr�r�)rr�s  r�set_contextzConnection.set_context2s;���'�7�+��@�A�A����T�Y�Y��(8�(8�9���
rc��tj|jtj�}|tj
k(ryt	j|�S)z�
        Retrieve the servername extension value if provided in the client hello
        message, or None if there wasn't one.

        :return: A byte string giving the server name or :data:`None`.

        .. versionadded:: 0.13
        N)r��SSL_get_servernamer��TLSEXT_NAMETYPE_host_namer5rXr�r�s  r�get_servernamezConnection.get_servername?sC���&�&��I�I�t�5�5�
���4�9�9����{�{�4� � rc��t|t�std��|�>d|_d|_tj|j|tj�yt|�std��t|�|_|jj|_tj|j||j�y)z�
        Override the Context object's verification flags for this specific
        connection. See :py:meth:`Context.set_verify` for details.
        r$Nr�)
r>rir@r�r�r��SSL_set_verifyr�r5rXr�rr2r.s   rr/zConnection.set_verifyPs���
�$��$��5�6�6���"&�D��$(�D�!�����	�	�4����;��H�%�� ;�<�<�"/��"9�D��$(�$7�$7�$@�$@�D�!�����	�	�4��1F�1F�Grc�@�tj|j�S)z�
        Retrieve the Connection object's verify mode, as set by
        :meth:`set_verify`.

        :return: The verify mode
        )r��SSL_get_verify_moder�rs rr6zConnection.get_verify_modeds���'�'��	�	�2�2rc��t|t�std��tj|j
|j�}|st�yyr�)r>rr@r��SSL_use_certificater�r�rr�s   rr�zConnection.use_certificatemsB���$��%��;�<�<��-�-�d�i�i����D�
�� �"�rc���t|t�std��tj|j
|j�}|s|jj�yyr)	r>rr@r��SSL_use_PrivateKeyr�rr�r	rs   rrzConnection.use_privatekey|sL���$��%��:�;�;��,�,�T�Y�Y��
�
�C�
���M�M�5�5�7�rc�D�tj|j|�y)aK
        For DTLS, set the maximum UDP payload size (*not* including IP/UDP
        overhead).

        Note that you might have to set :data:`OP_NO_QUERY_MTU` to prevent
        OpenSSL from spontaneously clearing this.

        :param mtu: An integer giving the maximum transmission unit.

        .. versionadded:: 21.1
        N)r��SSL_set_mtur�)r�mtus  r�set_ciphertext_mtuzConnection.set_ciphertext_mtu�s��	
������C�(rc�v�ttd�std��tj|j�S)a

        For DTLS, get the maximum size of unencrypted data you can pass to
        :meth:`write` without exceeding the MTU (as passed to
        :meth:`set_ciphertext_mtu`).

        :return: The effective MTU as an integer.

        .. versionadded:: 21.1
        �DTLS_get_data_mtuz requires OpenSSL 1.1.1 or better)�hasattrr�r�rr�rs r�get_cleartext_mtuzConnection.get_cleartext_mtu�s0���t�0�1�%�&H�I�I��%�%�d�i�i�0�0rc��t|t�std��d|vrtd��tj|j
|�y)z�
        Set the value of the servername extension to send in the client hello.

        :param name: A byte string giving the name.

        .. versionadded:: 0.13
        zname must be a byte string�zname must not contain NUL byteN)r>r?r@r��SSL_set_tlsext_host_namer�r�s  r�set_tlsext_host_namezConnection.set_tlsext_host_name�sC���$��&��8�9�9�
�d�]��<�=�=�	
�%�%�d�i�i��6rc�@�tj|j�S)z�
        Get the number of bytes that can be safely read from the SSL buffer
        (**not** the underlying transport buffer).

        :return: The number of bytes available in the receive buffer.
        )r��SSL_pendingr�rs r�pendingzConnection.pending�s������	�	�*�*rc�2�td|�}tj|�5}t|�dkDrt	d��tj|j|t|��}|j|j|�|cddd�S#1swYyxYw)a�
        Send data on the connection. NOTE: If you get one of the WantRead,
        WantWrite or WantX509Lookup exceptions on this, you have to call the
        method again with the SAME buffer.

        :param buf: The string, buffer or memoryview to send
        :param flags: (optional) Included for compatibility with the socket
                      API, the value is ignored
        :return: The number of bytes written
        r ��z,Cannot send more than 2**31-1 bytes at once.N)	rr5�from_bufferrBr~r��	SSL_writer�r�)rr �flagsr]r0s     r�sendzConnection.send�s���&�e�S�1��
�
�
�c�
"�
	�d��3�x�*�$� �B����^�^�D�I�I�t�S��Y�?�F��!�!�$�)�)�V�4��
	�
	�
	�s�A!B
�
Bc	�@�td|�}tj|�5}t|�}d}|rWt	j
|j||zt|d��}|j|j|�||z
}||z}|r�W|cddd�S#1swYyxYw)a�
        Send "all" data on the connection. This calls send() repeatedly until
        all data is sent. If an error occurs, it's impossible to tell how much
        data has been sent.

        :param buf: The string, buffer or memoryview to send
        :param flags: (optional) Included for compatibility with the socket
                      API, the value is ignored
        :return: The number of bytes written
        r rrN)	rr5rrBr�rr��minr�)rr rr]�left_to_send�
total_sentr0s       r�sendallzConnection.sendall�s���&�e�S�1��
�
�
�c�
"�	�d��s�8�L��J������I�I�t�j�0�#�l�J�2O����%�%�d�i�i��8��f�$�
���&����	�	�	�s�A&B�	B�Bc�4�td|�}|�5|tjzr"tj|j
||�}n!tj|j
||�}|j|j
|�tj||�ddS)a
        Receive data on the connection.

        :param bufsiz: The maximum number of bytes to read
        :param flags: (optional) The only supported flag is ``MSG_PEEK``,
            all other flags are ignored.
        :return: The string read from the Connection
        �char[]N)
�_no_zero_allocatorr��MSG_PEEKr��SSL_peekr��SSL_readr�r5r=)r�bufsizrr r0s     r�recvzConnection.recv�sw��!��6�2��������!8��]�]�4�9�9�c�6�:�F��]�]�4�9�9�c�6�:�F����d�i�i��0��{�{�3��'��*�*rc��|�t|�}nt|t|��}td|�}|�5|tjzr"tj|j||�}n!tj|j||�}|j|j|�ttj||��|d||S)ae
        Receive data on the connection and copy it directly into the provided
        buffer, rather than creating a new string.

        :param buffer: The buffer to copy into.
        :param nbytes: (optional) The maximum number of bytes to read into the
            buffer. If not present, defaults to the size of the buffer. If
            larger than the size of the buffer, is reduced to the size of the
            buffer.
        :param flags: (optional) The only supported flag is ``MSG_PEEK``,
            all other flags are ignored.
        :return: The number of bytes read into the buffer.
        Nr)
rBrrr�rr�rr�r r��
memoryviewr5r=)rr=�nbytesrr r0s      r�	recv_intozConnection.recv_into
s����>���[�F����V��-�F�
!��6�2��������!8��]�]�4�9�9�c�6�:�F��]�]�4�9�9�c�6�:�F����d�i�i��0�%�T�[�[��f�%=�>��w����
rc��tj|�ritj|�r
t��tj|�r
t��tj|�rtd��td��t�y)N�BIO_should_io_specialzunknown bio failure)	r��BIO_should_retry�BIO_should_readro�BIO_should_writerpr(r~r)rrBr0s   r�_handle_bio_errorszConnection._handle_bio_errors2so��� � ��%��#�#�C�(�#�o�%��&�&�s�+�$�&�&��+�+�C�0�!�!8�9�9�!�!6�7�7�
!�"rc�4�|j�td��t|t�std��t	d|�}tj|j||�}|dkr|j|j|�tj||�ddS)a�
        If the Connection was created with a memory BIO, this method can be
        used to read bytes from the write end of that memory BIO.  Many
        Connection methods will add bytes which must be read in this manner or
        the buffer will eventually fill up and the Connection will be able to
        take no further actions.

        :param bufsiz: The maximum number of bytes to read
        :return: The string read.
        N�Connection sock was not Nonezbufsiz must be an integerrr)
r�r@r>rirr��BIO_readr,r5r=)rr!r r0s    r�bio_readzConnection.bio_readDs����>�>�!��:�;�;��&�#�&��7�8�8� ��6�2�����t�~�~�s�F�;���Q�;��#�#�D�N�N�F�;��{�{�3��'��*�*rc�8�td|�}|j�td��tj|�5}tj|j|t|��}|dkr|j|j|�|cddd�S#1swYyxYw)aj
        If the Connection was created with a memory BIO, this method can be
        used to add bytes to the read end of that memory BIO.  The Connection
        can then read the bytes (for example, in response to a call to
        :meth:`recv`).

        :param buf: The string to put into the memory BIO.
        :return: The number of bytes written
        r Nr.r)	rr�r@r5rr��	BIO_writerBr,)rr r]r0s    r�	bio_writezConnection.bio_write\s���&�e�S�1���>�>�!��:�;�;�
�
�
�c�
"�	�d��^�^�D�N�N�D�#�d�)�D�F���{��'�'�����?��		�	�	�s�A
B�Bc�|�|j�s,ttj|j�dk(�yy)z�
        Renegotiate the session.

        :return: True if the renegotiation can be started, False otherwise
        :rtype: bool
        rTF)�renegotiate_pendingr�r��SSL_renegotiater�rs r�renegotiatezConnection.renegotiateqs2���'�'�)��D�0�0����;�q�@�A��rc�z�tj|j�}|j|j|�y)a
        Perform an SSL handshake (usually called after :meth:`renegotiate` or
        one of :meth:`set_accept_state` or :meth:`set_connect_state`). This can
        raise the same exceptions as :meth:`send` and :meth:`recv`.

        :return: None.
        N)r��SSL_do_handshaker�r��rr0s  r�do_handshakezConnection.do_handshake}s,���&�&�t�y�y�1�����d�i�i��0rc�F�tj|j�dk(S)z�
        Check if there's a renegotiation in progress, it will return False once
        a renegotiation is finished.

        :return: Whether there's a renegotiation in progress
        :rtype: bool
        r)r��SSL_renegotiate_pendingr�rs rr5zConnection.renegotiate_pending�s���+�+�D�I�I�6�!�;�;rc�@�tj|j�S)z�
        Find out the total number of renegotiations.

        :return: The number of renegotiations.
        :rtype: int
        )r��SSL_total_renegotiationsr�rs r�total_renegotiationszConnection.total_renegotiations�s���,�,�T�Y�Y�7�7rc�v�tj|j�|jj	|�S)a4
        Call the :meth:`connect` method of the underlying socket and set up SSL
        on the socket, using the :class:`Context` object supplied to this
        :class:`Connection` object at creation.

        :param addr: A remote address
        :return: What the socket's connect method returns
        )r��SSL_set_connect_stater�r��connect)r�addrs  rrCzConnection.connect�s+��	
�"�"�4�9�9�-��|�|�#�#�D�)�)rc�^�|jj}|j�||�S)a�
        Call the :meth:`connect_ex` method of the underlying socket and set up
        SSL on the socket, using the Context object supplied to this Connection
        object at creation. Note that if the :meth:`connect_ex` method of the
        socket doesn't return 0, SSL won't be initialized.

        :param addr: A remove address
        :return: What the socket's connect_ex method returns
        )r��
connect_ex�set_connect_state)rrDrFs   rrFzConnection.connect_ex�s*���\�\�,�,�
���� ��$��rc��|jj�\}}t|j|�}|j	�||fS)a�
        Call the :meth:`accept` method of the underlying socket and set up SSL
        on the returned socket, using the Context object supplied to this
        :class:`Connection` object at creation.

        :return: A *(conn, addr)* pair where *conn* is the new
            :class:`Connection` object created, and *address* is as returned by
            the socket's :meth:`accept`.
        )r��acceptrxr��set_accept_state)r�clientrDrLs    rrIzConnection.accept�s@���|�|�*�*�,�����$�-�-��0�������d�|�rc���tj�}	tj|j|�}tj|�|j
�|j
j
�|j�|jj
�|dk(r
t��|dkr|j|j|�yy#tj|�wxYw)z�
        Call the OpenSSL function DTLSv1_listen on this connection. See the
        OpenSSL manual for more details.

        :return: None
        Nr)
r��BIO_ADDR_new�
DTLSv1_listenr��
BIO_ADDR_freer�rr�ror�)r�bio_addrr0s   rrNzConnection.DTLSv1_listen�s����$�$�&��	)��'�'��	�	�8�<�F����x�(�
�'�'�3��(�(�9�9�;��%�%�1��&�&�7�7�9��Q�;��/�!��A�:��!�!�$�)�)�V�4���
���x�(�s� C	�	C c��tjd�}tjd�}tj|j||�r|d|ddzzSy)a}
        Determine when the DTLS SSL object next needs to perform internal
        processing due to the passage of time.

        When the returned number of seconds have passed, the
        :meth:`DTLSv1_handle_timeout` method needs to be called.

        :return: The time left in seconds before the next timeout or `None`
            if no timeout is currently active.
        ztime_t *zlong *ri@BN)r5rAr��Cryptography_DTLSv1_get_timeoutr�)r�ptv_sec�ptv_usecs   r�DTLSv1_get_timeoutzConnection.DTLSv1_get_timeout�sQ���(�(�:�&���8�8�H�%���/�/��	�	�7�H�M��1�:��!��w�!6�7�7�rc��tj|j�}|dkr|j|j|�yt	|�S)z�
        Handles any timeout events which have become pending on a DTLS SSL
        object.

        :return: `True` if there was a pending timeout, `False` otherwise.
        rN)r��DTLSv1_handle_timeoutr�r�rjr:s  rrWz Connection.DTLSv1_handle_timeout�s=���+�+�D�I�I�6���A�:��!�!�$�)�)�V�4���<�rc�r�|j�td��tj|jd�y)z�
        If the Connection was created with a memory BIO, this method can be
        used to indicate that *end of file* has been reached on the read end of
        that memory BIO.

        :return: None
        Nr.r)r�r@r��BIO_set_mem_eof_returnr�rs r�bio_shutdownzConnection.bio_shutdown�s.���>�>�!��:�;�;��#�#�D�N�N�A�6rc��tj|j�}|dkr|j|j|�y|dkDryy)aQ
        Send the shutdown message to the Connection.

        :return: True if the shutdown completed successfully (i.e. both sides
                 have sent closure alerts), False otherwise (in which case you
                 call :meth:`recv` or :meth:`send` when the connection becomes
                 readable/writeable).
        rTFN)r��SSL_shutdownr�r�r:s  r�shutdownzConnection.shutdown
	s@���"�"�4�9�9�-���A�:��!�!�$�)�)�V�4�
�a�Z��rc��g}t�D]k}tj|j|�}|tj
k(r|S|j
t	j|�jd���m|S)z�
        Retrieve the list of ciphers used by the Connection object.

        :return: A list of native cipher strings.
        �utf-8)	rr��SSL_get_cipher_listr�r5rXr&r�r�)r�ciphers�ir0s    rrQzConnection.get_cipher_list	so������	@�A��-�-�d�i�i��;�F�����"����
�N�N�4�;�;�v�.�5�5�g�>�?�		@�
�rc���tj|j�}|tjk(rgSg}ttj|��D]�}tj||�}tj|�}t|tjk7�tjt�}tj|tj�|_|j|���|S)a�
        Get CAs whose certificates are suggested for client authentication.

        :return: If this is a server connection, the list of certificate
            authorities that will be sent or has been sent to the client, as
            controlled by this :class:`Connection`'s :class:`Context`.

            If this is a client connection, the list will be empty until the
            connection with the server is established.

        .. versionadded:: 0.10
        )r��SSL_get_client_CA_listr�r5rX�range�sk_X509_NAME_num�sk_X509_NAME_valuerVr�rr�r�rYrWr&)r�ca_namesr0rbr�r�pynames       r�get_client_ca_listzConnection.get_client_ca_list)	s����.�.�t�y�y�9���t�y�y� ��I����t�,�,�X�6�7�	"�A��*�*�8�Q�7�D��%�%�d�+�D��D�D�I�I�-�.��%�%�h�/�F��7�7�4��)<�)<�=�F�L��M�M�&�!�	"��
rc��td��)z�
        The makefile() method is not implemented, since there is no dup
        semantics for SSL connections

        :raise: NotImplementedError
        z1Cannot make file object of OpenSSL.SSL.Connectionr��rr�r�s   r�makefilezConnection.makefileF	s��"�?�
�	
rc��|jS)zr
        Retrieve application data as set by :meth:`set_app_data`.

        :return: The application data
        rxrs rryzConnection.get_app_dataQ	rzrc��||_y)zg
        Set application data

        :param data: The application data
        :return: None
        Nrxr|s  rr}zConnection.set_app_dataY	r~rc�@�tj|j�S)z�
        Get the shutdown state of the Connection.

        :return: The shutdown state, a bitvector of SENT_SHUTDOWN,
            RECEIVED_SHUTDOWN.
        )r��SSL_get_shutdownr�rs r�get_shutdownzConnection.get_shutdownb	s���$�$�T�Y�Y�/�/rc�z�t|t�std��tj|j
|�y)z�
        Set the shutdown state of the Connection.

        :param state: bitvector of SENT_SHUTDOWN, RECEIVED_SHUTDOWN.
        :return: None
        zstate must be an integerN)r>rir@r��SSL_set_shutdownr�)r�states  r�set_shutdownzConnection.set_shutdownk	s.���%��%��6�7�7����d�i�i��/rc�f�tjtj|j��S)z�
        Retrieve a verbose string detailing the state of the Connection.

        :return: A string representing the state
        :rtype: bytes
        )r5r�r��SSL_state_string_longr�rs r�get_state_stringzConnection.get_state_stringw	s"���{�{�4�5�5�d�i�i�@�A�Arc�n�tj|j�}|tjk(rytj
|jtjd�}t
|dkD�td|�}tj
|j||�tj||�ddS)z�
        Retrieve the random value used with the server hello message.

        :return: A string representing the state
        Nrr<)	r��SSL_get_sessionr�r5rX�SSL_get_server_randomr�rr=�r�session�length�outps    r�
server_randomzConnection.server_random�	s����&�&�t�y�y�1���d�i�i����+�+�D�I�I�t�y�y�!�D�����
�#�!�"3�V�<���"�"�4�9�9�d�F�;��{�{�4��(��+�+rc�n�tj|j�}|tjk(rytj
|jtjd�}t
|dkD�td|�}tj
|j||�tj||�ddS)z�
        Retrieve the random value used with the client hello message.

        :return: A string representing the state
        Nrr<)	r�r{r�r5rX�SSL_get_client_randomr�rr=r}s    r�
client_randomzConnection.client_random�	s����&�&�t�y�y�1���d�i�i����+�+�D�I�I�t�y�y�!�D�����
�#�!�"3�V�<���"�"�4�9�9�d�F�;��{�{�4��(��+�+rc�F�tj|j�}|tjk(rytj
|tjd�}t
|dkD�td|�}tj
|||�tj||�ddS)zz
        Retrieve the value of the master key for this session.

        :return: A string representing the state
        Nrr<)	r�r{r�r5rX�SSL_SESSION_get_master_keyr�rr=r}s    r�
master_keyzConnection.master_key�	s����&�&�t�y�y�1���d�i�i����0�0��$�)�)�Q�G�����
�#�!�"3�V�<���'�'���v�>��{�{�4��(��+�+rc
��td|�}tj}d}d}|�|}t|�}d}t	j
|j|||t|�|||�}t|dk(�tj||�ddS)aH
        Obtain keying material for application use.

        :param: label - a disambiguating label string as described in RFC 5705
        :param: olen - the length of the exported key material in bytes
        :param: context - a per-association context value
        :return: the exported key material bytes or None
        r<rNr)	rr5rXrBr��SSL_export_keying_materialr�r�r=)	r�label�olenr�r��context_buf�context_len�use_context�successs	         r�export_keying_materialz!Connection.export_keying_material�	s���"�"3�T�:���i�i��������!�K��g�,�K��K��1�1��I�I������J����	
��	��1��%��{�{�4��&�q�)�)rc�:�|jj|i|��S)z�
        Call the :meth:`shutdown` method of the underlying socket.
        See :manpage:`shutdown(2)`.

        :return: What the socket's shutdown() method returns
        )r�r]rls   r�
sock_shutdownzConnection.sock_shutdown�	s ��%�t�|�|�$�$�d�5�f�5�5rc��tj|j�}|tjk7r*tj
|�t
j|�Sy)za
        Retrieve the local certificate (if any)

        :return: The local certificate
        N)r��SSL_get_certificater�r5rXrrr�rr*s  r�get_certificatezConnection.get_certificate�	sF���'�'��	�	�2���4�9�9�����T�"��*�*�4�0�0�rc��tj|j�}|tjk7rtj|�Sy)zi
        Retrieve the other side's certificate (if any)

        :return: The peer's certificate
        N)r��SSL_get_peer_certificater�r5rXrrr�s  r�get_peer_certificatezConnection.get_peer_certificate�	s8���,�,�T�Y�Y�7���4�9�9���*�*�4�0�0�rc�F�g}ttj|��D]}}tj||�}t	|t
jk7�tj|�}t	|dk\�tj|�}|j|��|S)zb
        Internal helper to convert a STACK_OF(X509) to a list of X509
        instances.
        r)rer��sk_X509_num�
sk_X509_valuer�r5rXrrrr&)�
cert_stackr0rbr*rD�pycerts      r�_cert_stack_to_listzConnection._cert_stack_to_list�	s������t�'�'�
�3�4�	"�A��%�%�j�!�4�D��D�D�I�I�-�.��"�"�4�(�C��C�1�H�%��,�,�T�2�F��M�M�&�!�
	"��
rc��tj|j�}|tjk(ry|j|�S)z�
        Retrieve the other side's certificate (if any)

        :return: A list of X509 instances giving the peer's certificate chain,
                 or None if it does not have one.
        N)r��SSL_get_peer_cert_chainr�r5rXr��rr�s  r�get_peer_cert_chainzConnection.get_peer_cert_chain�	s8���1�1�$�)�)�<�
�����"���'�'�
�3�3rc��tj|j�}|tjk(ry|j|�S)a�
        Retrieve the verified certificate chain of the peer including the
        peer's end entity certificate. It must be called after a session has
        been successfully established. If peer verification was not successful
        the chain may be incomplete, invalid, or None.

        :return: A list of X509 instances giving the peer's verified
                 certificate chain, or None if it does not have one.

        .. versionadded:: 20.0
        N)r��SSL_get0_verified_chainr�r5rXr�r�s  r�get_verified_chainzConnection.get_verified_chain

s8���1�1�$�)�)�<�
�����"���'�'�
�3�3rc�@�tj|j�S)z�
        Checks if more data has to be read from the transport layer to complete
        an operation.

        :return: True iff more data has to be read
        )r��
SSL_want_readr�rs r�	want_readzConnection.want_read
s���!�!�$�)�)�,�,rc�@�tj|j�S)z�
        Checks if there is data to write to the transport layer to complete an
        operation.

        :return: True iff there is data to write
        )r��SSL_want_writer�rs r�
want_writezConnection.want_write&
s���"�"�4�9�9�-�-rc�B�tj|j�y)z�
        Set the connection to work in server mode. The handshake will be
        handled automatically by read/write.

        :return: None
        N)r��SSL_set_accept_stater�rs rrJzConnection.set_accept_state/
s��	
�!�!�$�)�)�,rc�B�tj|j�y)z�
        Set the connection to work in client mode. The handshake will be
        handled automatically by read/write.

        :return: None
        N)r�rBr�rs rrGzConnection.set_connect_state8
s��	
�"�"�4�9�9�-rc���tj|j�}|tjk(ryt
j
t
�}tj|tj�|_	|S)z�
        Returns the Session currently used.

        :return: An instance of :class:`OpenSSL.SSL.Session` or
            :obj:`None` if no session exists.

        .. versionadded:: 0.14
        N)
r��SSL_get1_sessionr�r5rXrvr�r��SSL_SESSION_free�_session)rr~�	pysessions   r�get_sessionzConnection.get_sessionA
sT���'�'��	�	�2���d�i�i����O�O�G�,�	�!�W�W�W�d�.C�.C�D�	���rc��t|t�std��tj|j
|j�}t|dk(�y)z�
        Set the session to be used when the TLS/SSL connection is established.

        :param session: A Session instance representing the session to use.
        :returns: None

        .. versionadded:: 0.14
        z"session must be a Session instancerN)r>rvr@r��SSL_set_sessionr�r�r�)rr~r0s   r�set_sessionzConnection.set_sessionR
sB���'�7�+��@�A�A��%�%�d�i�i��1A�1A�B����!��$rc���tjdd�}||j|d�}|dk(rytd|�}||j||�tj||�ddS)a�
        Helper to implement :meth:`get_finished` and
        :meth:`get_peer_finished`.

        :param function: Either :data:`SSL_get_finished`: or
            :data:`SSL_get_peer_finished`.

        :return: :data:`None` if the desired message has not yet been
            received, otherwise the contents of the message.
        :rtype: :class:`bytes` or :class:`NoneType`
        rrN)r5rAr�rr=)r�function�emptyr�r s     r�_get_finished_messagez Connection._get_finished_messagea
sb��0����1�%����	�	�5�!�,���1�9�� ��4�0������C��&��{�{�3��%�a�(�(rc�@�|jtj�S)a
        Obtain the latest TLS Finished message that we sent.

        :return: The contents of the message or :obj:`None` if the TLS
            handshake has not yet completed.
        :rtype: :class:`bytes` or :class:`NoneType`

        .. versionadded:: 0.15
        )r�r��SSL_get_finishedrs r�get_finishedzConnection.get_finished�
s���)�)�$�*?�*?�@�@rc�@�|jtj�S)a!
        Obtain the latest TLS Finished message that we received from the peer.

        :return: The contents of the message or :obj:`None` if the TLS
            handshake has not yet completed.
        :rtype: :class:`bytes` or :class:`NoneType`

        .. versionadded:: 0.15
        )r�r��SSL_get_peer_finishedrs r�get_peer_finishedzConnection.get_peer_finished�
s���)�)�$�*D�*D�E�Erc���tj|j�}|tjk(rytj
tj|��}|jd�S)a
        Obtain the name of the currently used cipher.

        :returns: The name of the currently used cipher or :obj:`None`
            if no connection has been established.
        :rtype: :class:`unicode` or :class:`NoneType`

        .. versionadded:: 0.15
        Nr_)r��SSL_get_current_cipherr�r5rXr��SSL_CIPHER_get_namer�)r�cipherr�s   r�get_cipher_namezConnection.get_cipher_name�
sO���,�,�T�Y�Y�7���T�Y�Y����;�;�t�7�7��?�@�D��;�;�w�'�'rc��tj|j�}|tjk(rytj
|tj�S)a.
        Obtain the number of secret bits of the currently used cipher.

        :returns: The number of secret bits of the currently used cipher
            or :obj:`None` if no connection has been established.
        :rtype: :class:`int` or :class:`NoneType`

        .. versionadded:: 0.15
        N)r�r�r�r5rX�SSL_CIPHER_get_bits)rr�s  r�get_cipher_bitszConnection.get_cipher_bits�
s>���,�,�T�Y�Y�7���T�Y�Y����+�+�F�D�I�I�>�>rc���tj|j�}|tjk(rytj
tj|��}|jd�S)a%
        Obtain the protocol version of the currently used cipher.

        :returns: The protocol name of the currently used cipher
            or :obj:`None` if no connection has been established.
        :rtype: :class:`unicode` or :class:`NoneType`

        .. versionadded:: 0.15
        Nr_)r�r�r�r5rXr��SSL_CIPHER_get_versionr�)rr�r�s   r�get_cipher_versionzConnection.get_cipher_version�
sO���,�,�T�Y�Y�7���T�Y�Y����k�k�$�"=�"=�f�"E�F�G��>�>�'�*�*rc��tjtj|j��}|jd�S)a>
        Retrieve the protocol version of the current connection.

        :returns: The TLS version of the current connection, for example
            the value for TLS 1.2 would be ``TLSv1.2``or ``Unknown``
            for connections that were not successfully established.
        :rtype: :class:`unicode`
        r_)r5r�r��SSL_get_versionr�r�r�s  r�get_protocol_version_namez$Connection.get_protocol_version_name�
s0���+�+�d�2�2�4�9�9�=�>���~�~�g�&�&rc�D�tj|j�}|S)a
        Retrieve the SSL or TLS protocol version of the current connection.

        :returns: The TLS version of the current connection.  For example,
            it will return ``0x769`` for connections made over TLS version 1.
        :rtype: :class:`int`
        )r��SSL_versionr�r�s  r�get_protocol_versionzConnection.get_protocol_version�
s���"�"�4�9�9�-���rc	��|std��djtjd�|D���}t	j
d|�}t
tj|j|t|��dk(�y)ah
        Specify the client's ALPN protocol list.

        These protocols are offered to the server during protocol negotiation.

        :param protos: A list of the protocols to be offered to the server.
            This list should be a Python list of bytestrings representing the
            protocols to offer, e.g. ``[b'http/1.1', b'spdy/2']``.
        r�rc3�JK�|]}tt|�f�|f���y�wrr�r�s  rr�z-Connection.set_alpn_protos.<locals>.<genexpr>�
r�r�r<rN)r~r�rr�r5rAr�r��SSL_set_alpn_protosr�rBr�s    rr�zConnection.set_alpn_protos�
ss����F�G�G��8�8����F�v�F�F�
���H�H�.��9�	�	��$�$�T�Y�Y�	�3�x�=�I�Q�N�	
rc���tjd�}tjd�}tj|j||�|sytj
|d|d�ddS)z�
        Get the protocol that was negotiated by ALPN.

        :returns: A bytestring of the protocol name.  If no protocol has been
            negotiated yet, returns an empty bytestring.
        rfzunsigned int *rrN)r5rAr��SSL_get0_alpn_selectedr�r=)rr]�data_lens   r�get_alpn_proto_negotiatedz$Connection.get_alpn_proto_negotiateds\���x�x�*�+���8�8�,�-���#�#�D�I�I�t�X�>����{�{�4��7�H�Q�K�0��3�3rc�|�tj|jtj�}t	|dk(�y)a
        Called to request that the server sends stapled OCSP data, if
        available. If this is not called on the client side then the server
        will not send OCSP data. Should be used in conjunction with
        :meth:`Context.set_ocsp_client_callback`.
        rN)r��SSL_set_tlsext_status_typer��TLSEXT_STATUSTYPE_ocspr�)rr�s  r�request_ocspzConnection.request_ocsps1���
,�
,��I�I�t�2�2�
��	��a�� rr)r)NN)Mr�r�r�r	r#rr�r�r�r�r�r/r6r�rrrrrr�writerr"�readr&r,r0r3r7r;r5r@rCrFrIrNrUrWrZr]rQrjrmryr}rrrvryr�r�r�r�r�r�r��staticmethodr�r�r�r�r�rJrGr�r�r�r�r�r�r�r�r�r�r�r�r�r�r�rrrxrx�s���*�,��8-�t/�5#�n� �!�"H�(3�
#�
8�)�
1�7� +��4
�E��:+�"�D�#�J#�$+�0�*
�	1�<�8�
*� �
�5�4�$ �7��"��:	
���0�
0�B�
,�,� ,� *�<6�
�	��
��
�4�4�&-�.�-�.��"
%� )�D
A�
F�(�"?� +�"
'�	�� 
�� 
�D�4��4�"
!rrx)�r�r�r�r�	functoolsrr�	itertoolsrr�sysr�weakrefr	�
OpenSSL._utilr
rr�_exception_from_error_queuerr5r
r�r�_make_assertrrrr�rr�OpenSSL.cryptorrrrrr�__all__rrrrrr rr!rr"r�SSL_SENT_SHUTDOWNr#�SSL_RECEIVED_SHUTDOWNr$r%r&r'r(r)r*r+r,r-r.r/r0r1r2r3r��SSL_OP_NO_SSLv2r4�SSL_OP_NO_SSLv3r5�SSL_OP_NO_TLSv1r6�SSL_OP_NO_TLSv1_1r7�SSL_OP_NO_TLSv1_2r8�SSL_OP_NO_TLSv1_3r�r&�SSL_MODE_RELEASE_BUFFERSr9�SSL_OP_SINGLE_DH_USEr:�SSL_OP_SINGLE_ECDH_USEr;�SSL_OP_EPHEMERAL_RSAr<�SSL_OP_MICROSOFT_SESS_ID_BUGr=�SSL_OP_NETSCAPE_CHALLENGE_BUGr>�'SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUGr?�"SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUGr@�!SSL_OP_MICROSOFT_BIG_SSLV3_BUFFERrA�SSL_OP_MSIE_SSLV2_RSA_PADDINGrB�SSL_OP_SSLEAY_080_CLIENT_DH_BUGrC�SSL_OP_TLS_D5_BUGrD�SSL_OP_TLS_BLOCK_PADDING_BUGrE�"SSL_OP_DONT_INSERT_EMPTY_FRAGMENTSrF�SSL_OP_CIPHER_SERVER_PREFERENCErG�SSL_OP_TLS_ROLLBACK_BUGrH�SSL_OP_PKCS1_CHECK_1rI�SSL_OP_PKCS1_CHECK_2rJ�SSL_OP_NETSCAPE_CA_DN_BUGrK�&SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUGrL�SSL_OP_NO_COMPRESSIONrM�SSL_OP_NO_QUERY_MTUrN�SSL_OP_COOKIE_EXCHANGErO�SSL_OP_NO_TICKETrP�SSL_OP_NO_RENEGOTIATIONr��SSL_OP_IGNORE_UNEXPECTED_EOFr��
SSL_OP_ALLrQ�SSL_VERIFY_PEERrR�SSL_VERIFY_FAIL_IF_NO_PEER_CERTrS�SSL_VERIFY_CLIENT_ONCErT�SSL_VERIFY_NONErU�SSL_SESS_CACHE_OFFrV�SSL_SESS_CACHE_CLIENTrW�SSL_SESS_CACHE_SERVERrX�SSL_SESS_CACHE_BOTHrY�SSL_SESS_CACHE_NO_AUTO_CLEARrZ�!SSL_SESS_CACHE_NO_INTERNAL_LOOKUPr[� SSL_SESS_CACHE_NO_INTERNAL_STOREr\�SSL_SESS_CACHE_NO_INTERNALr]r^r_r`rarbrcrdrerfrgrhrirjrkrlrmryr�r�r�r�r%rnrr�rorprqrrrsrr�objectrtr9rTrcrorur�r�rur��Cryptography_HAS_ALPNr�r}r�rvrwrxr�rr�<module>rs��	�
��$�"��'�	�	�	���c��L�4�4��#'�#7�#7�7��.�!%�!4�!4�4���%)�%:�%:�:��?��+�+�+��j�%)�%:�%:�:��?��&�&�
��.�.���
�������
�
�����������
��$�$�L��$�$�L��(�(�N��(�(�N��(�(�N��"�"���"�"���"�"���&�&�
��&�&�
�	��*�*�M��N�N�?�#��4�4���,�,���0�0���,�,���<�<�� �>�>���0�0�$�"&�!H�!H�� $� F� F�� �>�>��"�B�B���&�&�
��<�<��!%�!H�!H��"�B�B���2�2���,�,���,�,���6�6���/�/�#��.�.���*�*���0�0���$�$��	��6�6���N�N�(�)�	�#�@�@���N�N�-�.�
�����"�"��"�B�B���0�0���"�"���(�(���.�.���.�.���*�*���<�<�� $� F� F��#�D�D���8�8���$�$���"�"�
������������������ � ��� � ���*�*���,�,���,�,���,�,���.�.���.�.���4�4���2�2��gL�gL�V�����"I��"L���I���:�E�B���u�%��	�E�	�	�U�	�	�%�	�	�e�	�	�5�	�(�(�8%
�,�%
�P"�8��:
�0�:
�z@I� 8�@I�F8I� 8�8I�v
�$<�
�.
�":�
�&�(3�!���2 ���� 4���
"��D�+�T�2�4O���
		�		�R
�R
�jy!�y!��[0���L��L��N��N��N���"�	��	��J�	��	���	��	�sH�<U
�U �
U,�)U8�
U�U� U)�(U)�,U5�4U5�8V�V

Zerion Mini Shell 1.0