merge trunk and resolve simple conflict
diff --git a/ChangeLog b/ChangeLog
index d9d45f8..145f6b4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,30 @@
-2009-07-17  Rick Dean  <rick@fdd.com>
-            Jean-Paul Calderone  <exarkun@twistedmatrix.com>
+2009-11-13  Jean-Paul Calderone  <exarkun@twistedmatrix.com>
+
+	* Release 0.10
+
+2009-11-07  Žiga Seilnacht, Jean-Paul Calderone  <exarkun@twistedmatrix.com>
+
+	* src/ssl/connection.c, src/ssl/context.c: Add set_client_ca_list,
+	  add_client_ca, and get_client_ca_list to Context for manipulating
+	  the list of certificate authority names which are sent by servers
+	  with the certificate request message.
+	* src/util.h: Add ssize-related defines if the version of Python
+	  being used does not have them.
+	* setup.py: Significant changes to the way Windows builds are done,
+	  particularly the way OpenSSL headers and libraries are found (with
+	  the new --with-openssl argument to build_ext).
+
+2009-08-27  Rick Dean  <rick@fdd.com>, Jean-Paul Calderone  <exarkun@twistedmatrix.com>
+
+	* src/crypto/pkcs12.c: Add setters to the PKCS12 type for the
+	  certificate, private key, ca certificate list, and friendly
+	  name, and add a getter for the friendly name.  Also add a method
+	  for exporting a PKCS12 object as a string.
+	* test/test_crypto.py: Add lots of additional tests for the PKCS12
+	  type.
+	* doc/pyOpenSSL.tex: Documentation for the new PKCS12 methods.
+
+2009-07-17  Rick Dean  <rick@fdd.com>, Jean-Paul Calderone  <exarkun@twistedmatrix.com>
 
 	* src/crypto/x509ext.c: Add subject and issuer parameters to
 	  X509Extension, allowing creation of extensions which require that
@@ -89,7 +114,7 @@
 
 	* src/crypto/x509ext.c, test/test_crypto.py: Add the get_short_name
 	  method to X509Extension based on patch from Alex Stapleton.
-	
+
 2008-12-31  Jean-Paul Calderone  <exarkun@twistedmatrix.com>
 
 	* src/crypto/x509ext.c, test/test_crypto.py: Fix X509Extension so
diff --git a/INSTALL b/INSTALL
index b650ba6..f4635c5 100644
--- a/INSTALL
+++ b/INSTALL
@@ -38,31 +38,77 @@
 
 -- Building the Module on a Windows System --
 
-pyOpenSSL is known to build with mingw32 for Python 2.3 through Python 2.5. 
-For Python 2.6, the official Windows installer of which is built with
-Microsoft Visual Studio 2008 (version 9.0), Microsoft Visual Studio 2008
-(version 9.0) is required.  You can specify that mingw32 be used by passing
-the --compiler argument to build_ext.  You will also need to specify the
-location of the OpenSSL headers and libraries:
+First you should get OpenSSL linked with the same runtime library that Python
+uses.  If you are using Python 2.6 you can use the installer at:
 
-  C:\pyOpenSSL-X.Y> setup.py build_ext -c mingw32 -I C:\OpenSSL\include ^
-                      -L C:\OpenSSL bdist_msi
+  http://www.slproweb.com/products/Win32OpenSSL.html
 
-The correct header and library paths depend on how you have OpenSSL
-installed.  The above paths are correct for the default installation of
-(<http://www.slproweb.com/products/Win32OpenSSL.html>).
+The binaries in the installer are built with Visual Studio 2008 at the
+time of this writing, which is the same compiler used for building the
+official Python 2.6 installers.
+
+If you want to build pyOpenSSL for an older Python version, it is preferred
+to build OpenSSL yourself, either with the Visual Studio 2003 compiler or
+with the MinGW compiler.  This way you avoid all potential incompatibilities
+between different versions of runtime library (msvcrt.dll).  To build
+OpenSSL follow the instructions in its source distribution and make sure
+that you build a shared library, not a static one.  pyOpenSSL fails some of
+its tests when linked with the static OpenSSL libraries.  Use the same
+compiler for OpenSSL that you will use for pyOpenSSL later.  Make sure that
+OpenSSL is properly installed before continuing.  To install OpenSSL when
+building with MinGW, use the folowing script:
+
+set OPENSSL_INSTALL_DIR=%1
+mkdir %OPENSSL_INSTALL_DIR%
+mkdir %OPENSSL_INSTALL_DIR%\bin
+mkdir %OPENSSL_INSTALL_DIR%\include
+mkdir %OPENSSL_INSTALL_DIR%\include\openssl
+mkdir %OPENSSL_INSTALL_DIR%\lib
+copy /b .\*.dll            %OPENSSL_INSTALL_DIR%\bin
+copy /b .\out\openssl.exe  %OPENSSL_INSTALL_DIR%\bin
+copy /b .\outinc\openssl\* %OPENSSL_INSTALL_DIR%\include\openssl
+copy /b .\out\*.a          %OPENSSL_INSTALL_DIR%\lib
+
+Ensure that OpenSSL's openssl.exe executable can be found on PATH before
+running pyOpenSSL's setup script.  The setup script finds OpenSSL's include
+dir and lib dir based on the location of openssl.exe, and the test suite
+requires openssl.exe for output comparison.  Alternatively, you can specify
+the --with-openssl option to setup.py's build_ext command with the path to
+the OpenSSL installation dir:
+
+  > python setup.py build_ext --with-openssl=C:\path\to\openssl build
+
+pyOpenSSL is known to build with mingw32 for Python 2.3 through Python 2.5.
+Before using the mingw32 compiler for Python 2.3, you will have to create
+a Python library that MinGW understands. Find and download the pexports
+program, put it and MinGW's bin directory on path, then run from Python's
+install dir:
+
+> pexports python23.dll > libs\python23.def
+> dlltool --dllname python23.dll --def libs\python23.def \
+          --output-lib libs\libpython23.a
+
+For Python 2.4 and 2.5, no special preparation is needed, just make sure that
+MinGW's gcc is on PATH.  You can specify that mingw32 be used by passing
+the --compiler argument to build_ext:
+
+  C:\pyOpenSSL-X.Y> setup.py build_ext -c mingw32 bdist_msi
 
 The bdist_msi command will build an MSI installer.  It can be substituted
-with another bdist command if another kind of installer is desired.
+with another bdist command if another kind of installer is desired or with
+the install command if you want to install directly.
 
-To build with MSVC instead, omit the -c option and pass a slightly different
-library directory:
+For Python 2.4 and 2.5 you can use Visual Studio 2003 in addition to MinGW.
+For Python 2.6, the official Windows installer of which is built with
+Microsoft Visual Studio 2008 (version 9.0), Microsoft Visual Studio 2008
+(version 9.0) is required.
 
-  C:\pyOpenSSL-X.Y> setup.py build_ext -I C:\OpenSSL\include ^
-                      -L C:\OpenSSL\lib bdist_msi
+To build with MSVC, just omit the compiler specific option:
+
+  C:\pyOpenSSL-X.Y> setup.py bdist_msi
 
 The resulting binary distribution will be placed in the dist directory. To
-install it, dDepending on what kind of distribution you create, run it,
+install it, depending on what kind of distribution you create, run it,
 unzip it, or copy it to Python installation's site-packages.
 
 And similarily, you can do
@@ -72,8 +118,9 @@
 to get more information.
 
 Big thanks to Itamar Shtull-Trauring, Oleg Orlov, Zooko O'Whielacronx, Chris
-Galvan, and #python and #distutils on FreeNode for their help with Windows
-build instructions.
+Galvan, Žiga Seilnacht, and #python and #distutils on FreeNode for their
+help with Windows build instructions and to Michael Schneider for providing
+Windows build hosts.
 
 -- Documentation --
 
diff --git a/doc/html/about.html b/doc/html/about.html
index 244c51e..48c5c93 100644
--- a/doc/html/about.html
+++ b/doc/html/about.html
@@ -15,17 +15,17 @@
 <table align="center" width="100%" cellpadding="0" cellspacing="2">
 <tr>
 <td><A href="socket-methods.html"><img src="previous.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Previous Page" width="32"></A></td>
 <td><A HREF="pyOpenSSL.html"><img src="up.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Up One Level" width="32"></A></td>
 <td><img src="blank.gif"
   border="0" height="32"
   alt="" width="32"></td>
 <td align="center" width="100%">Python OpenSSL Manual</td>
 <td><A href="contents.html"><img src="contents.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Contents" width="32"></A></td>
 <td><img src="blank.gif"
   border="0" height="32"
@@ -74,17 +74,17 @@
 <table align="center" width="100%" cellpadding="0" cellspacing="2">
 <tr>
 <td><A href="socket-methods.html"><img src="previous.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Previous Page" width="32"></A></td>
 <td><A HREF="pyOpenSSL.html"><img src="up.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Up One Level" width="32"></A></td>
 <td><img src="blank.gif"
   border="0" height="32"
   alt="" width="32"></td>
 <td align="center" width="100%">Python OpenSSL Manual</td>
 <td><A href="contents.html"><img src="contents.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Contents" width="32"></A></td>
 <td><img src="blank.gif"
   border="0" height="32"
@@ -96,7 +96,7 @@
 <b class="navlabel">Previous:</b> <a class="sectref" href="socket-methods.html">4.3 Acessing Socket Methods</A>
 <b class="navlabel">Up:</b> <a class="sectref" HREF="pyOpenSSL.html">Python OpenSSL Manual</A>
 <hr>
-<span class="release-info">Release 0.9.</span>
+<span class="release-info">Release 0.10.</span>
 </DIV>
 <!--End of Navigation Panel-->
 
diff --git a/doc/html/building-unix.html b/doc/html/building-unix.html
index d28728e..9b36657 100644
--- a/doc/html/building-unix.html
+++ b/doc/html/building-unix.html
@@ -17,17 +17,17 @@
 <table align="center" width="100%" cellpadding="0" cellspacing="2">
 <tr>
 <td><A href="building.html"><img src="previous.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Previous Page" width="32"></A></td>
 <td><A href="building.html"><img src="up.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Up One Level" width="32"></A></td>
 <td><A href="building-windows.html"><img src="next.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Next Page" width="32"></A></td>
 <td align="center" width="100%">Python OpenSSL Manual</td>
 <td><A href="contents.html"><img src="contents.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Contents" width="32"></A></td>
 <td><img src="blank.gif"
   border="0" height="32"
@@ -94,17 +94,17 @@
 <table align="center" width="100%" cellpadding="0" cellspacing="2">
 <tr>
 <td><A href="building.html"><img src="previous.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Previous Page" width="32"></A></td>
 <td><A href="building.html"><img src="up.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Up One Level" width="32"></A></td>
 <td><A href="building-windows.html"><img src="next.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Next Page" width="32"></A></td>
 <td align="center" width="100%">Python OpenSSL Manual</td>
 <td><A href="contents.html"><img src="contents.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Contents" width="32"></A></td>
 <td><img src="blank.gif"
   border="0" height="32"
@@ -117,7 +117,7 @@
 <b class="navlabel">Up:</b> <a class="sectref" href="building.html">2 Building and Installing</A>
 <b class="navlabel">Next:</b> <a class="sectref" href="building-windows.html">2.2 Building the Module</A>
 <hr>
-<span class="release-info">Release 0.9.</span>
+<span class="release-info">Release 0.10.</span>
 </DIV>
 <!--End of Navigation Panel-->
 
diff --git a/doc/html/building-windows.html b/doc/html/building-windows.html
index 5b81f9a..bf8bf0d 100644
--- a/doc/html/building-windows.html
+++ b/doc/html/building-windows.html
@@ -16,17 +16,17 @@
 <table align="center" width="100%" cellpadding="0" cellspacing="2">
 <tr>
 <td><A href="building-unix.html"><img src="previous.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Previous Page" width="32"></A></td>
 <td><A href="building.html"><img src="up.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Up One Level" width="32"></A></td>
 <td><A href="openssl.html"><img src="next.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Next Page" width="32"></A></td>
 <td align="center" width="100%">Python OpenSSL Manual</td>
 <td><A href="contents.html"><img src="contents.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Contents" width="32"></A></td>
 <td><img src="blank.gif"
   border="0" height="32"
@@ -86,17 +86,17 @@
 <table align="center" width="100%" cellpadding="0" cellspacing="2">
 <tr>
 <td><A href="building-unix.html"><img src="previous.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Previous Page" width="32"></A></td>
 <td><A href="building.html"><img src="up.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Up One Level" width="32"></A></td>
 <td><A href="openssl.html"><img src="next.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Next Page" width="32"></A></td>
 <td align="center" width="100%">Python OpenSSL Manual</td>
 <td><A href="contents.html"><img src="contents.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Contents" width="32"></A></td>
 <td><img src="blank.gif"
   border="0" height="32"
@@ -109,7 +109,7 @@
 <b class="navlabel">Up:</b> <a class="sectref" href="building.html">2 Building and Installing</A>
 <b class="navlabel">Next:</b> <a class="sectref" href="openssl.html">3 OpenSSL  </A>
 <hr>
-<span class="release-info">Release 0.9.</span>
+<span class="release-info">Release 0.10.</span>
 </DIV>
 <!--End of Navigation Panel-->
 
diff --git a/doc/html/building.html b/doc/html/building.html
index 0b5c466..4db96f5 100644
--- a/doc/html/building.html
+++ b/doc/html/building.html
@@ -17,17 +17,17 @@
 <table align="center" width="100%" cellpadding="0" cellspacing="2">
 <tr>
 <td><A href="intro.html"><img src="previous.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Previous Page" width="32"></A></td>
 <td><A HREF="pyOpenSSL.html"><img src="up.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Up One Level" width="32"></A></td>
 <td><A href="building-unix.html"><img src="next.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Next Page" width="32"></A></td>
 <td align="center" width="100%">Python OpenSSL Manual</td>
 <td><A href="contents.html"><img src="contents.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Contents" width="32"></A></td>
 <td><img src="blank.gif"
   border="0" height="32"
@@ -42,6 +42,7 @@
 <br><hr>
 </DIV>
 <!--End of Navigation Panel-->
+
 <H1><A NAME="SECTION000300000000000000000">&nbsp;</A>
 <BR>
 2 Building and Installing 
@@ -57,7 +58,6 @@
 <P>
 
 <p><hr>
-
 <!--Table of Child-Links-->
 <A NAME="CHILD_LINKS"><STRONG>Subsections</STRONG></A>
 
@@ -74,17 +74,17 @@
 <table align="center" width="100%" cellpadding="0" cellspacing="2">
 <tr>
 <td><A href="intro.html"><img src="previous.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Previous Page" width="32"></A></td>
 <td><A HREF="pyOpenSSL.html"><img src="up.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Up One Level" width="32"></A></td>
 <td><A href="building-unix.html"><img src="next.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Next Page" width="32"></A></td>
 <td align="center" width="100%">Python OpenSSL Manual</td>
 <td><A href="contents.html"><img src="contents.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Contents" width="32"></A></td>
 <td><img src="blank.gif"
   border="0" height="32"
@@ -97,7 +97,7 @@
 <b class="navlabel">Up:</b> <a class="sectref" HREF="pyOpenSSL.html">Python OpenSSL Manual</A>
 <b class="navlabel">Next:</b> <a class="sectref" href="building-unix.html">2.1 Building the Module</A>
 <hr>
-<span class="release-info">Release 0.9.</span>
+<span class="release-info">Release 0.10.</span>
 </DIV>
 <!--End of Navigation Panel-->
 
diff --git a/doc/html/callbacks.html b/doc/html/callbacks.html
index 49565a3..809a5fc 100644
--- a/doc/html/callbacks.html
+++ b/doc/html/callbacks.html
@@ -17,17 +17,17 @@
 <table align="center" width="100%" cellpadding="0" cellspacing="2">
 <tr>
 <td><A href="exceptions.html"><img src="previous.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Previous Page" width="32"></A></td>
 <td><A href="internals.html"><img src="up.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Up One Level" width="32"></A></td>
 <td><A href="socket-methods.html"><img src="next.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Next Page" width="32"></A></td>
 <td align="center" width="100%">Python OpenSSL Manual</td>
 <td><A href="contents.html"><img src="contents.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Contents" width="32"></A></td>
 <td><img src="blank.gif"
   border="0" height="32"
@@ -90,17 +90,17 @@
 <table align="center" width="100%" cellpadding="0" cellspacing="2">
 <tr>
 <td><A href="exceptions.html"><img src="previous.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Previous Page" width="32"></A></td>
 <td><A href="internals.html"><img src="up.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Up One Level" width="32"></A></td>
 <td><A href="socket-methods.html"><img src="next.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Next Page" width="32"></A></td>
 <td align="center" width="100%">Python OpenSSL Manual</td>
 <td><A href="contents.html"><img src="contents.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Contents" width="32"></A></td>
 <td><img src="blank.gif"
   border="0" height="32"
@@ -113,7 +113,7 @@
 <b class="navlabel">Up:</b> <a class="sectref" href="internals.html">4 Internals</A>
 <b class="navlabel">Next:</b> <a class="sectref" href="socket-methods.html">4.3 Acessing Socket Methods</A>
 <hr>
-<span class="release-info">Release 0.9.</span>
+<span class="release-info">Release 0.10.</span>
 </DIV>
 <!--End of Navigation Panel-->
 
diff --git a/doc/html/contents.html b/doc/html/contents.html
index f773e89..fd18d5c 100644
--- a/doc/html/contents.html
+++ b/doc/html/contents.html
@@ -17,13 +17,13 @@
 <table align="center" width="100%" cellpadding="0" cellspacing="2">
 <tr>
 <td><A HREF="pyOpenSSL.html"><img src="previous.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Previous Page" width="32"></A></td>
 <td><A HREF="pyOpenSSL.html"><img src="up.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Up One Level" width="32"></A></td>
 <td><A href="intro.html"><img src="next.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Next Page" width="32"></A></td>
 <td align="center" width="100%">Python OpenSSL Manual</td>
 <td><img src="blank.gif"
@@ -86,13 +86,13 @@
 <table align="center" width="100%" cellpadding="0" cellspacing="2">
 <tr>
 <td><A HREF="pyOpenSSL.html"><img src="previous.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Previous Page" width="32"></A></td>
 <td><A HREF="pyOpenSSL.html"><img src="up.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Up One Level" width="32"></A></td>
 <td><A href="intro.html"><img src="next.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Next Page" width="32"></A></td>
 <td align="center" width="100%">Python OpenSSL Manual</td>
 <td><img src="blank.gif"
@@ -106,7 +106,7 @@
 <b class="navlabel">Up:</b> <a class="sectref" HREF="pyOpenSSL.html">Python OpenSSL Manual</A>
 <b class="navlabel">Next:</b> <a class="sectref" href="intro.html">1 Introduction</A>
 <hr>
-<span class="release-info">Release 0.9.</span>
+<span class="release-info">Release 0.10.</span>
 </DIV>
 <!--End of Navigation Panel-->
 
diff --git a/doc/html/exceptions.html b/doc/html/exceptions.html
index acbc8ce..f8b07ee 100644
--- a/doc/html/exceptions.html
+++ b/doc/html/exceptions.html
@@ -17,17 +17,17 @@
 <table align="center" width="100%" cellpadding="0" cellspacing="2">
 <tr>
 <td><A href="internals.html"><img src="previous.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Previous Page" width="32"></A></td>
 <td><A href="internals.html"><img src="up.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Up One Level" width="32"></A></td>
 <td><A href="callbacks.html"><img src="next.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Next Page" width="32"></A></td>
 <td align="center" width="100%">Python OpenSSL Manual</td>
 <td><A href="contents.html"><img src="contents.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Contents" width="32"></A></td>
 <td><img src="blank.gif"
   border="0" height="32"
@@ -66,17 +66,17 @@
 <table align="center" width="100%" cellpadding="0" cellspacing="2">
 <tr>
 <td><A href="internals.html"><img src="previous.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Previous Page" width="32"></A></td>
 <td><A href="internals.html"><img src="up.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Up One Level" width="32"></A></td>
 <td><A href="callbacks.html"><img src="next.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Next Page" width="32"></A></td>
 <td align="center" width="100%">Python OpenSSL Manual</td>
 <td><A href="contents.html"><img src="contents.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Contents" width="32"></A></td>
 <td><img src="blank.gif"
   border="0" height="32"
@@ -89,7 +89,7 @@
 <b class="navlabel">Up:</b> <a class="sectref" href="internals.html">4 Internals</A>
 <b class="navlabel">Next:</b> <a class="sectref" href="callbacks.html">4.2 Callbacks</A>
 <hr>
-<span class="release-info">Release 0.9.</span>
+<span class="release-info">Release 0.10.</span>
 </DIV>
 <!--End of Navigation Panel-->
 
diff --git a/doc/html/index.html b/doc/html/index.html
index 7de0b68..6eaaa67 100644
--- a/doc/html/index.html
+++ b/doc/html/index.html
@@ -20,11 +20,11 @@
   border="0" height="32"
   alt="" width="32"></td>
 <td><A href="contents.html"><img src="next.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Next Page" width="32"></A></td>
 <td align="center" width="100%">Python OpenSSL Manual</td>
 <td><A href="contents.html"><img src="contents.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Contents" width="32"></A></td>
 <td><img src="blank.gif"
   border="0" height="32"
@@ -37,6 +37,7 @@
 <br><hr>
 </DIV>
 <!--End of Navigation Panel-->
+
 <P>
 
 <div class="titlepage">
@@ -62,7 +63,6 @@
 <P>
 
 <p><hr>
-
 <!--Table of Child-Links-->
 
 
@@ -144,11 +144,11 @@
   border="0" height="32"
   alt="" width="32"></td>
 <td><A href="contents.html"><img src="next.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Next Page" width="32"></A></td>
 <td align="center" width="100%">Python OpenSSL Manual</td>
 <td><A href="contents.html"><img src="contents.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Contents" width="32"></A></td>
 <td><img src="blank.gif"
   border="0" height="32"
@@ -159,7 +159,7 @@
 </tr></table>
 <b class="navlabel">Next:</b> <a class="sectref" href="contents.html">Contents</A>
 <hr>
-<span class="release-info">Release 0.9.</span>
+<span class="release-info">Release 0.10.</span>
 </DIV>
 <!--End of Navigation Panel-->
 
diff --git a/doc/html/internals.html b/doc/html/internals.html
index 142cf33..31db8df 100644
--- a/doc/html/internals.html
+++ b/doc/html/internals.html
@@ -17,17 +17,17 @@
 <table align="center" width="100%" cellpadding="0" cellspacing="2">
 <tr>
 <td><A href="openssl-connection.html"><img src="previous.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Previous Page" width="32"></A></td>
 <td><A HREF="pyOpenSSL.html"><img src="up.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Up One Level" width="32"></A></td>
 <td><A href="exceptions.html"><img src="next.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Next Page" width="32"></A></td>
 <td align="center" width="100%">Python OpenSSL Manual</td>
 <td><A href="contents.html"><img src="contents.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Contents" width="32"></A></td>
 <td><img src="blank.gif"
   border="0" height="32"
@@ -42,6 +42,7 @@
 <br><hr>
 </DIV>
 <!--End of Navigation Panel-->
+
 <H1><A NAME="SECTION000500000000000000000">&nbsp;</A>
 <BR>
 4 Internals 
@@ -54,7 +55,6 @@
 <P>
 
 <p><hr>
-
 <!--Table of Child-Links-->
 <A NAME="CHILD_LINKS"><STRONG>Subsections</STRONG></A>
 
@@ -73,17 +73,17 @@
 <table align="center" width="100%" cellpadding="0" cellspacing="2">
 <tr>
 <td><A href="openssl-connection.html"><img src="previous.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Previous Page" width="32"></A></td>
 <td><A HREF="pyOpenSSL.html"><img src="up.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Up One Level" width="32"></A></td>
 <td><A href="exceptions.html"><img src="next.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Next Page" width="32"></A></td>
 <td align="center" width="100%">Python OpenSSL Manual</td>
 <td><A href="contents.html"><img src="contents.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Contents" width="32"></A></td>
 <td><img src="blank.gif"
   border="0" height="32"
@@ -96,7 +96,7 @@
 <b class="navlabel">Up:</b> <a class="sectref" HREF="pyOpenSSL.html">Python OpenSSL Manual</A>
 <b class="navlabel">Next:</b> <a class="sectref" href="exceptions.html">4.1 Exceptions</A>
 <hr>
-<span class="release-info">Release 0.9.</span>
+<span class="release-info">Release 0.10.</span>
 </DIV>
 <!--End of Navigation Panel-->
 
diff --git a/doc/html/intro.html b/doc/html/intro.html
index 45d16c0..ea79ebe 100644
--- a/doc/html/intro.html
+++ b/doc/html/intro.html
@@ -17,17 +17,17 @@
 <table align="center" width="100%" cellpadding="0" cellspacing="2">
 <tr>
 <td><A href="contents.html"><img src="previous.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Previous Page" width="32"></A></td>
 <td><A HREF="pyOpenSSL.html"><img src="up.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Up One Level" width="32"></A></td>
 <td><A href="building.html"><img src="next.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Next Page" width="32"></A></td>
 <td align="center" width="100%">Python OpenSSL Manual</td>
 <td><A href="contents.html"><img src="contents.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Contents" width="32"></A></td>
 <td><img src="blank.gif"
   border="0" height="32"
@@ -55,7 +55,7 @@
 were also limited, though in different ways.  Unfortunately, Python's standard
 library SSL support has remained weak, although other packages (such as
 M2Crypto<A NAME="tex2html1"
-  HREF="#foot951"><SUP>1</SUP></A>)
+  HREF="#foot1085"><SUP>1</SUP></A>)
 have made great advances and now equal or exceed pyOpenSSL's functionality.
 
 <P>
@@ -67,7 +67,7 @@
 <P>
 <BR><HR><H4>Footnotes</H4>
 <DL>
-<DT><A NAME="foot951">...
+<DT><A NAME="foot1085">...
 M2Crypto</A><A
  href="intro.html#tex2html1"><SUP>1</SUP></A></DT>
 <DD>See <a class="url" href="http://chandlerproject.org/Projects/MeTooCrypto">http://chandlerproject.org/Projects/MeTooCrypto</a>
@@ -79,17 +79,17 @@
 <table align="center" width="100%" cellpadding="0" cellspacing="2">
 <tr>
 <td><A href="contents.html"><img src="previous.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Previous Page" width="32"></A></td>
 <td><A HREF="pyOpenSSL.html"><img src="up.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Up One Level" width="32"></A></td>
 <td><A href="building.html"><img src="next.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Next Page" width="32"></A></td>
 <td align="center" width="100%">Python OpenSSL Manual</td>
 <td><A href="contents.html"><img src="contents.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Contents" width="32"></A></td>
 <td><img src="blank.gif"
   border="0" height="32"
@@ -102,7 +102,7 @@
 <b class="navlabel">Up:</b> <a class="sectref" HREF="pyOpenSSL.html">Python OpenSSL Manual</A>
 <b class="navlabel">Next:</b> <a class="sectref" href="building.html">2 Building and Installing</A>
 <hr>
-<span class="release-info">Release 0.9.</span>
+<span class="release-info">Release 0.10.</span>
 </DIV>
 <!--End of Navigation Panel-->
 
diff --git a/doc/html/openssl-509ext.html b/doc/html/openssl-509ext.html
index 50a91c9..b168f9b 100644
--- a/doc/html/openssl-509ext.html
+++ b/doc/html/openssl-509ext.html
@@ -17,17 +17,17 @@
 <table align="center" width="100%" cellpadding="0" cellspacing="2">
 <tr>
 <td><A href="openssl-pkcs12.html"><img src="previous.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Previous Page" width="32"></A></td>
 <td><A href="openssl-crypto.html"><img src="up.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Up One Level" width="32"></A></td>
 <td><A href="openssl-netscape-spki.html"><img src="next.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Next Page" width="32"></A></td>
 <td align="center" width="100%">Python OpenSSL Manual</td>
 <td><A href="contents.html"><img src="contents.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Contents" width="32"></A></td>
 <td><img src="blank.gif"
   border="0" height="32"
@@ -52,13 +52,13 @@
 X509Extension objects have several methods:
 
 <P>
-<dl><dt><b><a name='l2h-84'><tt class='method'>get_critical</tt></a></b>()
+<dl><dt><b><a name='l2h-90'><tt class='method'>get_critical</tt></a></b>()
 <dd>
 Return the critical field of the extension object.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-85'><tt class='method'>get_short_name</tt></a></b>()
+<dl><dt><b><a name='l2h-91'><tt class='method'>get_short_name</tt></a></b>()
 <dd>
 Return the short type name of the extension object.
 </dl>
@@ -70,17 +70,17 @@
 <table align="center" width="100%" cellpadding="0" cellspacing="2">
 <tr>
 <td><A href="openssl-pkcs12.html"><img src="previous.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Previous Page" width="32"></A></td>
 <td><A href="openssl-crypto.html"><img src="up.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Up One Level" width="32"></A></td>
 <td><A href="openssl-netscape-spki.html"><img src="next.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Next Page" width="32"></A></td>
 <td align="center" width="100%">Python OpenSSL Manual</td>
 <td><A href="contents.html"><img src="contents.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Contents" width="32"></A></td>
 <td><img src="blank.gif"
   border="0" height="32"
@@ -93,7 +93,7 @@
 <b class="navlabel">Up:</b> <a class="sectref" href="openssl-crypto.html">3.1 crypto  </A>
 <b class="navlabel">Next:</b> <a class="sectref" href="openssl-netscape-spki.html">3.1.9 NetscapeSPKI objects</A>
 <hr>
-<span class="release-info">Release 0.9.</span>
+<span class="release-info">Release 0.10.</span>
 </DIV>
 <!--End of Navigation Panel-->
 
diff --git a/doc/html/openssl-connection.html b/doc/html/openssl-connection.html
index 6ce5ae2..fd45c80 100644
--- a/doc/html/openssl-connection.html
+++ b/doc/html/openssl-connection.html
@@ -16,17 +16,17 @@
 <table align="center" width="100%" cellpadding="0" cellspacing="2">
 <tr>
 <td><A href="openssl-context.html"><img src="previous.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Previous Page" width="32"></A></td>
 <td><A href="openssl-ssl.html"><img src="up.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Up One Level" width="32"></A></td>
 <td><A href="internals.html"><img src="next.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Next Page" width="32"></A></td>
 <td align="center" width="100%">Python OpenSSL Manual</td>
 <td><A href="contents.html"><img src="contents.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Contents" width="32"></A></td>
 <td><img src="blank.gif"
   border="0" height="32"
@@ -51,7 +51,7 @@
 Connection objects have the following methods:
 
 <P>
-<dl><dt><b><a name='l2h-149'><tt class='method'>accept</tt></a></b>()
+<dl><dt><b><a name='l2h-160'><tt class='method'>accept</tt></a></b>()
 <dd>
 Call the <tt class="method">accept</tt> method of the underlying socket and set up SSL on the
 returned socket, using the Context object supplied to this Connection object at
@@ -61,20 +61,20 @@
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-150'><tt class='method'>bind</tt></a></b>(<var>address</var>)
+<dl><dt><b><a name='l2h-161'><tt class='method'>bind</tt></a></b>(<var>address</var>)
 <dd>
 Call the <tt class="method">bind</tt> method of the underlying socket.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-151'><tt class='method'>close</tt></a></b>()
+<dl><dt><b><a name='l2h-162'><tt class='method'>close</tt></a></b>()
 <dd>
 Call the <tt class="method">close</tt> method of the underlying socket. Note: If you want
 correct SSL closure, you need to call the <tt class="method">shutdown</tt> method first.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-152'><tt class='method'>connect</tt></a></b>(<var>address</var>)
+<dl><dt><b><a name='l2h-163'><tt class='method'>connect</tt></a></b>(<var>address</var>)
 <dd>
 Call the <tt class="method">connect</tt> method of the underlying socket and set up SSL on the
 socket, using the Context object supplied to this Connection object at
@@ -82,7 +82,7 @@
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-153'><tt class='method'>connect_ex</tt></a></b>(<var>address</var>)
+<dl><dt><b><a name='l2h-164'><tt class='method'>connect_ex</tt></a></b>(<var>address</var>)
 <dd>
 Call the <tt class="method">connect_ex</tt> method of the underlying socket and set up SSL on
 the socket, using the Context object supplied to this Connection object at
@@ -91,7 +91,7 @@
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-154'><tt class='method'>do_handshake</tt></a></b>()
+<dl><dt><b><a name='l2h-165'><tt class='method'>do_handshake</tt></a></b>()
 <dd>
 Perform an SSL handshake (usually called after <tt class="method">renegotiate</tt> or one of
 <tt class="method">set_accept_state</tt> or <tt class="method">set_accept_state</tt>). This can raise the
@@ -99,25 +99,25 @@
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-155'><tt class='method'>fileno</tt></a></b>()
+<dl><dt><b><a name='l2h-166'><tt class='method'>fileno</tt></a></b>()
 <dd>
 Retrieve the file descriptor number for the underlying socket.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-156'><tt class='method'>listen</tt></a></b>(<var>backlog</var>)
+<dl><dt><b><a name='l2h-167'><tt class='method'>listen</tt></a></b>(<var>backlog</var>)
 <dd>
 Call the <tt class="method">listen</tt> method of the underlying socket.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-157'><tt class='method'>get_app_data</tt></a></b>()
+<dl><dt><b><a name='l2h-168'><tt class='method'>get_app_data</tt></a></b>()
 <dd>
 Retrieve application data as set by <tt class="method">set_app_data</tt>.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-158'><tt class='method'>get_cipher_list</tt></a></b>()
+<dl><dt><b><a name='l2h-169'><tt class='method'>get_cipher_list</tt></a></b>()
 <dd>
 Retrieve the list of ciphers used by the Connection object. WARNING: This API
 has changed. It used to take an optional parameter and just return a string,
@@ -125,44 +125,65 @@
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-159'><tt class='method'>get_context</tt></a></b>()
+<dl><dt><b><a name='l2h-170'><tt class='method'>get_client_ca_list</tt></a></b>()
+<dd>
+Retrieve the list of preferred client certificate issuers sent by the server
+as <tt class="class">OpenSSL.crypto.X509Name</tt> objects.
+
+<P>
+If this is a client <tt class="class">Connection</tt>, the list will be empty until the
+connection with the server is established.
+
+<P>
+If this is a server <tt class="class">Connection</tt>, return the list of certificate
+authorities that will be sent or has been sent to the client, as controlled
+by this <tt class="class">Connection</tt>'s <tt class="class">Context</tt>.
+
+<P>
+
+<span class='versionnote'>New in version 0.10.</span>
+
+</dl>
+
+<P>
+<dl><dt><b><a name='l2h-171'><tt class='method'>get_context</tt></a></b>()
 <dd>
 Retrieve the Context object associated with this Connection.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-160'><tt class='method'>get_peer_certificate</tt></a></b>()
+<dl><dt><b><a name='l2h-172'><tt class='method'>get_peer_certificate</tt></a></b>()
 <dd>
 Retrieve the other side's certificate (if any)
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-161'><tt class='method'>getpeername</tt></a></b>()
+<dl><dt><b><a name='l2h-173'><tt class='method'>getpeername</tt></a></b>()
 <dd>
 Call the <tt class="method">getpeername</tt> method of the underlying socket.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-162'><tt class='method'>getsockname</tt></a></b>()
+<dl><dt><b><a name='l2h-174'><tt class='method'>getsockname</tt></a></b>()
 <dd>
 Call the <tt class="method">getsockname</tt> method of the underlying socket.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-163'><tt class='method'>getsockopt</tt></a></b>(<var>level, optname</var><big>[</big><var>, buflen</var><big>]</big>)
+<dl><dt><b><a name='l2h-175'><tt class='method'>getsockopt</tt></a></b>(<var>level, optname</var><big>[</big><var>, buflen</var><big>]</big>)
 <dd>
 Call the <tt class="method">getsockopt</tt> method of the underlying socket.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-164'><tt class='method'>pending</tt></a></b>()
+<dl><dt><b><a name='l2h-176'><tt class='method'>pending</tt></a></b>()
 <dd>
 Retrieve the number of bytes that can be safely read from the SSL buffer
 (<i>not</i> the underlying transport buffer).
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-165'><tt class='method'>recv</tt></a></b>(<var>bufsize</var>)
+<dl><dt><b><a name='l2h-177'><tt class='method'>recv</tt></a></b>(<var>bufsize</var>)
 <dd>
 Receive data from the Connection. The return value is a string representing the
 data received. The maximum amount of data to be received at once, is specified
@@ -170,20 +191,37 @@
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-166'><tt class='method'>renegotiate</tt></a></b>()
+<dl><dt><b><a name='l2h-178'><tt class='method'>bio_write</tt></a></b>(<var>bytes</var>)
+<dd>
+If the Connection was created with a memory BIO, this method can be used to add
+bytes to the read end of that memory BIO.  The Connection can then read the
+bytes (for example, in response to a call to <tt class="method">recv</tt>).
+</dl>
+
+<P>
+<dl><dt><b><a name='l2h-179'><tt class='method'>renegotiate</tt></a></b>()
 <dd>
 Renegotiate the SSL session. Call this if you wish to change cipher suites or
 anything like that.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-167'><tt class='method'>send</tt></a></b>(<var>string</var>)
+<dl><dt><b><a name='l2h-180'><tt class='method'>send</tt></a></b>(<var>string</var>)
 <dd>
 Send the <var>string</var> data to the Connection.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-168'><tt class='method'>sendall</tt></a></b>(<var>string</var>)
+<dl><dt><b><a name='l2h-181'><tt class='method'>bio_read</tt></a></b>(<var>bufsize</var>)
+<dd>
+If the Connection was created with a memory BIO, this method can be used to
+read bytes from the write end of that memory BIO.  Many Connection methods will
+add bytes which must be read in this manner or the buffer will eventually fill
+up and the Connection will be able to take no further actions.
+</dl>
+
+<P>
+<dl><dt><b><a name='l2h-182'><tt class='method'>sendall</tt></a></b>(<var>string</var>)
 <dd>
 Send all of the <var>string</var> data to the Connection. This calls <tt class="method">send</tt>
 repeatedly until all data is sent. If an error occurs, it's impossible to tell
@@ -191,40 +229,40 @@
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-169'><tt class='method'>set_accept_state</tt></a></b>()
+<dl><dt><b><a name='l2h-183'><tt class='method'>set_accept_state</tt></a></b>()
 <dd>
 Set the connection to work in server mode. The handshake will be handled
 automatically by read/write.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-170'><tt class='method'>set_app_data</tt></a></b>(<var>data</var>)
+<dl><dt><b><a name='l2h-184'><tt class='method'>set_app_data</tt></a></b>(<var>data</var>)
 <dd>
 Associate <var>data</var> with this Connection object. <var>data</var> can be retrieved
 later using the <tt class="method">get_app_data</tt> method.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-171'><tt class='method'>set_connect_state</tt></a></b>()
+<dl><dt><b><a name='l2h-185'><tt class='method'>set_connect_state</tt></a></b>()
 <dd>
 Set the connection to work in client mode. The handshake will be handled
 automatically by read/write.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-172'><tt class='method'>setblocking</tt></a></b>(<var>flag</var>)
+<dl><dt><b><a name='l2h-186'><tt class='method'>setblocking</tt></a></b>(<var>flag</var>)
 <dd>
 Call the <tt class="method">setblocking</tt> method of the underlying socket.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-173'><tt class='method'>setsockopt</tt></a></b>(<var>level, optname, value</var>)
+<dl><dt><b><a name='l2h-187'><tt class='method'>setsockopt</tt></a></b>(<var>level, optname, value</var>)
 <dd>
 Call the <tt class="method">setsockopt</tt> method of the underlying socket.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-174'><tt class='method'>shutdown</tt></a></b>()
+<dl><dt><b><a name='l2h-188'><tt class='method'>shutdown</tt></a></b>()
 <dd>
 Send the shutdown message to the Connection. Returns true if the shutdown
 message exchange is completed and false otherwise (in which case you call
@@ -233,40 +271,66 @@
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-175'><tt class='method'>get_shutdown</tt></a></b>()
+<dl><dt><b><a name='l2h-189'><tt class='method'>get_shutdown</tt></a></b>()
 <dd>
 Get the shutdown state of the Connection.  Returns a bitvector of either or
 both of <var>SENT_SHUTDOWN</var> and <var>RECEIVED_SHUTDOWN</var>.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-176'><tt class='method'>set_shutdown</tt></a></b>(<var>state</var>)
+<dl><dt><b><a name='l2h-190'><tt class='method'>set_shutdown</tt></a></b>(<var>state</var>)
 <dd>
 Set the shutdown state of the Connection.  <var>state</var> is a bitvector of
 either or both of <var>SENT_SHUTDOWN</var> and <var>RECEIVED_SHUTDOWN</var>.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-177'><tt class='method'>sock_shutdown</tt></a></b>(<var>how</var>)
+<dl><dt><b><a name='l2h-191'><tt class='method'>sock_shutdown</tt></a></b>(<var>how</var>)
 <dd>
 Call the <tt class="method">shutdown</tt> method of the underlying socket.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-178'><tt class='method'>state_string</tt></a></b>()
+<dl><dt><b><a name='l2h-192'><tt class='method'>bio_shutdown</tt></a></b>()
+<dd>
+If the Connection was created with a memory BIO, this method can be used to
+indicate that ``end of file'' has been reached on the read end of that memory
+BIO.
+</dl>
+
+<P>
+<dl><dt><b><a name='l2h-193'><tt class='method'>state_string</tt></a></b>()
 <dd>
 Retrieve a verbose string detailing the state of the Connection.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-179'><tt class='method'>want_read</tt></a></b>()
+<dl><dt><b><a name='l2h-194'><tt class='method'>client_random</tt></a></b>()
+<dd>
+Retrieve the random value used with the client hello message.
+</dl>
+
+<P>
+<dl><dt><b><a name='l2h-195'><tt class='method'>server_random</tt></a></b>()
+<dd>
+Retrieve the random value used with the server hello message.
+</dl>
+
+<P>
+<dl><dt><b><a name='l2h-196'><tt class='method'>master_key</tt></a></b>()
+<dd>
+Retrieve the value of the master key for this session.
+</dl>
+
+<P>
+<dl><dt><b><a name='l2h-197'><tt class='method'>want_read</tt></a></b>()
 <dd>
 Checks if more data has to be read from the transport layer to complete an
 operation.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-180'><tt class='method'>want_write</tt></a></b>()
+<dl><dt><b><a name='l2h-198'><tt class='method'>want_write</tt></a></b>()
 <dd>
 Checks if there is data to write to the transport layer to complete an
 operation.
@@ -279,17 +343,17 @@
 <table align="center" width="100%" cellpadding="0" cellspacing="2">
 <tr>
 <td><A href="openssl-context.html"><img src="previous.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Previous Page" width="32"></A></td>
 <td><A href="openssl-ssl.html"><img src="up.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Up One Level" width="32"></A></td>
 <td><A href="internals.html"><img src="next.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Next Page" width="32"></A></td>
 <td align="center" width="100%">Python OpenSSL Manual</td>
 <td><A href="contents.html"><img src="contents.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Contents" width="32"></A></td>
 <td><img src="blank.gif"
   border="0" height="32"
@@ -302,7 +366,7 @@
 <b class="navlabel">Up:</b> <a class="sectref" href="openssl-ssl.html">3.3 SSL  </A>
 <b class="navlabel">Next:</b> <a class="sectref" href="internals.html">4 Internals</A>
 <hr>
-<span class="release-info">Release 0.9.</span>
+<span class="release-info">Release 0.10.</span>
 </DIV>
 <!--End of Navigation Panel-->
 
diff --git a/doc/html/openssl-context.html b/doc/html/openssl-context.html
index 64ff08b..5ea2591 100644
--- a/doc/html/openssl-context.html
+++ b/doc/html/openssl-context.html
@@ -17,17 +17,17 @@
 <table align="center" width="100%" cellpadding="0" cellspacing="2">
 <tr>
 <td><A href="openssl-ssl.html"><img src="previous.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Previous Page" width="32"></A></td>
 <td><A href="openssl-ssl.html"><img src="up.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Up One Level" width="32"></A></td>
 <td><A href="openssl-connection.html"><img src="next.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Next Page" width="32"></A></td>
 <td align="center" width="100%">Python OpenSSL Manual</td>
 <td><A href="contents.html"><img src="contents.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Contents" width="32"></A></td>
 <td><img src="blank.gif"
   border="0" height="32"
@@ -52,7 +52,7 @@
 Context objects have the following methods:
 
 <P>
-<dl><dt><b><a name='l2h-124'><tt class='method'>check_privatekey</tt></a></b>()
+<dl><dt><b><a name='l2h-133'><tt class='method'>check_privatekey</tt></a></b>()
 <dd>
 Check if the private key (loaded with <tt class="method">use_privatekey<big>[</big>_file<big>]</big></tt>)
 matches the certificate (loaded with <tt class="method">use_certificate<big>[</big>_file<big>]</big></tt>).
@@ -60,13 +60,13 @@
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-125'><tt class='method'>get_app_data</tt></a></b>()
+<dl><dt><b><a name='l2h-134'><tt class='method'>get_app_data</tt></a></b>()
 <dd>
 Retrieve application data as set by <tt class="method">set_app_data</tt>.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-126'><tt class='method'>get_cert_store</tt></a></b>()
+<dl><dt><b><a name='l2h-135'><tt class='method'>get_cert_store</tt></a></b>()
 <dd>
 Retrieve the certificate store (a X509Store object) that the context uses.
 This can be used to add "trusted" certificates without using the.
@@ -74,34 +74,60 @@
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-127'><tt class='method'>get_timeout</tt></a></b>()
+<dl><dt><b><a name='l2h-136'><tt class='method'>get_timeout</tt></a></b>()
 <dd>
 Retrieve session timeout, as set by <tt class="method">set_timeout</tt>. The default is 300
 seconds.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-128'><tt class='method'>get_verify_depth</tt></a></b>()
+<dl><dt><b><a name='l2h-137'><tt class='method'>get_verify_depth</tt></a></b>()
 <dd>
 Retrieve the Context object's verify depth, as set by
 <tt class="method">set_verify_depth</tt>.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-129'><tt class='method'>get_verify_mode</tt></a></b>()
+<dl><dt><b><a name='l2h-138'><tt class='method'>get_verify_mode</tt></a></b>()
 <dd>
 Retrieve the Context object's verify mode, as set by <tt class="method">set_verify</tt>.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-130'><tt class='method'>load_client_ca</tt></a></b>(<var>pemfile</var>)
+<dl><dt><b><a name='l2h-139'><tt class='method'>load_client_ca</tt></a></b>(<var>pemfile</var>)
 <dd>
 Read a file with PEM-formatted certificates that will be sent to the client
 when requesting a client certificate.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-131'><tt class='method'>load_verify_locations</tt></a></b>(<var>pemfile, capath</var>)
+<dl><dt><b><a name='l2h-140'><tt class='method'>set_client_ca_list</tt></a></b>(<var>certificate_authorities</var>)
+<dd>
+Replace the current list of preferred certificate signers that would be
+sent to the client when requesting a client certificate with the
+<var>certificate_authorities</var> sequence of <tt class="class">OpenSSL.crypto.X509Name</tt>s.
+
+<P>
+
+<span class='versionnote'>New in version 0.10.</span>
+
+</dl>
+
+<P>
+<dl><dt><b><a name='l2h-141'><tt class='method'>add_client_ca</tt></a></b>(<var>certificate_authority</var>)
+<dd>
+Extract a <tt class="class">OpenSSL.crypto.X509Name</tt> from the <var>certificate_authority</var>
+<tt class="class">OpenSSL.crypto.X509</tt> certificate and add it to the list of preferred
+certificate signers sent to the client when requesting a client certificate.
+
+<P>
+
+<span class='versionnote'>New in version 0.10.</span>
+
+</dl>
+
+<P>
+<dl><dt><b><a name='l2h-142'><tt class='method'>load_verify_locations</tt></a></b>(<var>pemfile, capath</var>)
 <dd>
 Specify where CA certificates for verification purposes are located. These
 are trusted certificates. Note that the certificates have to be in PEM
@@ -111,34 +137,34 @@
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-132'><tt class='method'>set_default_verify_paths</tt></a></b>()
+<dl><dt><b><a name='l2h-143'><tt class='method'>set_default_verify_paths</tt></a></b>()
 <dd>
 Specify that the platform provided CA certificates are to be used for
 verification purposes.  This method may not work properly on OS X.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-133'><tt class='method'>load_tmp_dh</tt></a></b>(<var>dhfile</var>)
+<dl><dt><b><a name='l2h-144'><tt class='method'>load_tmp_dh</tt></a></b>(<var>dhfile</var>)
 <dd>
 Load parameters for Ephemeral Diffie-Hellman from <var>dhfile</var>.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-134'><tt class='method'>set_app_data</tt></a></b>(<var>data</var>)
+<dl><dt><b><a name='l2h-145'><tt class='method'>set_app_data</tt></a></b>(<var>data</var>)
 <dd>
 Associate <var>data</var> with this Context object. <var>data</var> can be retrieved
 later using the <tt class="method">get_app_data</tt> method.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-135'><tt class='method'>set_cipher_list</tt></a></b>(<var>ciphers</var>)
+<dl><dt><b><a name='l2h-146'><tt class='method'>set_cipher_list</tt></a></b>(<var>ciphers</var>)
 <dd>
 Set the list of ciphers to be used in this context. See the OpenSSL manual for
 more information (e.g. ciphers(1))
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-136'><tt class='method'>set_info_callback</tt></a></b>(<var>callback</var>)
+<dl><dt><b><a name='l2h-147'><tt class='method'>set_info_callback</tt></a></b>(<var>callback</var>)
 <dd>
 Set the information callback to <var>callback</var>. This function will be called
 from time to time during SSL handshakes.
@@ -149,14 +175,14 @@
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-137'><tt class='method'>set_options</tt></a></b>(<var>options</var>)
+<dl><dt><b><a name='l2h-148'><tt class='method'>set_options</tt></a></b>(<var>options</var>)
 <dd>
 Add SSL options. Options you have set before are not cleared!
 This method should be used with the <tt class="constant">OP_*</tt> constants.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-138'><tt class='method'>set_passwd_cb</tt></a></b>(<var>callback</var><big>[</big><var>, userdata</var><big>]</big>)
+<dl><dt><b><a name='l2h-149'><tt class='method'>set_passwd_cb</tt></a></b>(<var>callback</var><big>[</big><var>, userdata</var><big>]</big>)
 <dd>
 Set the passphrase callback to <var>callback</var>. This function will be called
 when a private key with a passphrase is loaded. <var>callback</var> must accept
@@ -170,7 +196,7 @@
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-139'><tt class='method'>set_session_id</tt></a></b>(<var>name</var>)
+<dl><dt><b><a name='l2h-150'><tt class='method'>set_session_id</tt></a></b>(<var>name</var>)
 <dd>
 Set the context <var>name</var> within which a session can be reused for this
 Context object. This is needed when doing session resumption, because there is
@@ -179,7 +205,7 @@
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-140'><tt class='method'>set_timeout</tt></a></b>(<var>timeout</var>)
+<dl><dt><b><a name='l2h-151'><tt class='method'>set_timeout</tt></a></b>(<var>timeout</var>)
 <dd>
 Set the timeout for newly created sessions for this Context object to
 <var>timeout</var>. <var>timeout</var> must be given in (whole) seconds. The default
@@ -188,7 +214,7 @@
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-141'><tt class='method'>set_verify</tt></a></b>(<var>mode, callback</var>)
+<dl><dt><b><a name='l2h-152'><tt class='method'>set_verify</tt></a></b>(<var>mode, callback</var>)
 <dd>
 Set the verification flags for this Context object to <var>mode</var> and specify
 that <var>callback</var> should be used for verification callbacks. <var>mode</var>
@@ -203,39 +229,39 @@
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-142'><tt class='method'>set_verify_depth</tt></a></b>(<var>depth</var>)
+<dl><dt><b><a name='l2h-153'><tt class='method'>set_verify_depth</tt></a></b>(<var>depth</var>)
 <dd>
 Set the maximum depth for the certificate chain verification that shall be
 allowed for this Context object.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-143'><tt class='method'>use_certificate</tt></a></b>(<var>cert</var>)
+<dl><dt><b><a name='l2h-154'><tt class='method'>use_certificate</tt></a></b>(<var>cert</var>)
 <dd>
 Use the certificate <var>cert</var> which has to be a X509 object.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-144'><tt class='method'>add_extra_chain_cert</tt></a></b>(<var>cert</var>)
+<dl><dt><b><a name='l2h-155'><tt class='method'>add_extra_chain_cert</tt></a></b>(<var>cert</var>)
 <dd>
 Adds the certificate <var>cert</var>, which has to be a X509 object, to the
 certificate chain presented together with the certificate.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-145'><tt class='method'>use_certificate_chain_file</tt></a></b>(<var>file</var>)
+<dl><dt><b><a name='l2h-156'><tt class='method'>use_certificate_chain_file</tt></a></b>(<var>file</var>)
 <dd>
 Load a certificate chain from <var>file</var> which must be PEM encoded.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-146'><tt class='method'>use_privatekey</tt></a></b>(<var>pkey</var>)
+<dl><dt><b><a name='l2h-157'><tt class='method'>use_privatekey</tt></a></b>(<var>pkey</var>)
 <dd>
 Use the private key <var>pkey</var> which has to be a PKey object.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-147'><tt class='method'>use_certificate_file</tt></a></b>(<var>file</var><big>[</big><var>, format</var><big>]</big>)
+<dl><dt><b><a name='l2h-158'><tt class='method'>use_certificate_file</tt></a></b>(<var>file</var><big>[</big><var>, format</var><big>]</big>)
 <dd>
 Load the first certificate found in <var>file</var>. The certificate must be in the
 format specified by <var>format</var>, which is either <tt class="constant">FILETYPE_PEM</tt> or
@@ -243,7 +269,7 @@
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-148'><tt class='method'>use_privatekey_file</tt></a></b>(<var>file</var><big>[</big><var>, format</var><big>]</big>)
+<dl><dt><b><a name='l2h-159'><tt class='method'>use_privatekey_file</tt></a></b>(<var>file</var><big>[</big><var>, format</var><big>]</big>)
 <dd>
 Load the first private key found in <var>file</var>. The private key must be in the
 format specified by <var>format</var>, which is either <tt class="constant">FILETYPE_PEM</tt> or
@@ -257,17 +283,17 @@
 <table align="center" width="100%" cellpadding="0" cellspacing="2">
 <tr>
 <td><A href="openssl-ssl.html"><img src="previous.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Previous Page" width="32"></A></td>
 <td><A href="openssl-ssl.html"><img src="up.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Up One Level" width="32"></A></td>
 <td><A href="openssl-connection.html"><img src="next.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Next Page" width="32"></A></td>
 <td align="center" width="100%">Python OpenSSL Manual</td>
 <td><A href="contents.html"><img src="contents.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Contents" width="32"></A></td>
 <td><img src="blank.gif"
   border="0" height="32"
@@ -280,7 +306,7 @@
 <b class="navlabel">Up:</b> <a class="sectref" href="openssl-ssl.html">3.3 SSL  </A>
 <b class="navlabel">Next:</b> <a class="sectref" href="openssl-connection.html">3.3.2 Connection objects</A>
 <hr>
-<span class="release-info">Release 0.9.</span>
+<span class="release-info">Release 0.10.</span>
 </DIV>
 <!--End of Navigation Panel-->
 
diff --git a/doc/html/openssl-crypto.html b/doc/html/openssl-crypto.html
index 6a06a8f..1f43cc9 100644
--- a/doc/html/openssl-crypto.html
+++ b/doc/html/openssl-crypto.html
@@ -17,17 +17,17 @@
 <table align="center" width="100%" cellpadding="0" cellspacing="2">
 <tr>
 <td><A href="openssl.html"><img src="previous.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Previous Page" width="32"></A></td>
 <td><A href="openssl.html"><img src="up.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Up One Level" width="32"></A></td>
 <td><A href="openssl-x509.html"><img src="next.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Next Page" width="32"></A></td>
 <td align="center" width="100%">Python OpenSSL Manual</td>
 <td><A href="contents.html"><img src="contents.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Contents" width="32"></A></td>
 <td><img src="blank.gif"
   border="0" height="32"
@@ -42,6 +42,7 @@
 <br><hr>
 </DIV>
 <!--End of Navigation Panel-->
+
 <H2><A NAME="SECTION000410000000000000000">&nbsp;</A>
 <BR>
 3.1 <tt class="module">crypto</tt> -- Generic cryptographic module 
@@ -53,37 +54,41 @@
 <P>
 <dl><dt><b><a name='l2h-6'><tt>X509Type</tt></a></b>
 <dd>
-A Python type object representing the X509 object type.
+See <tt class="class">X509</tt>.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-7'><tt class='function'>X509</tt></a></b>()
+<dl><dt><b>class <a name='l2h-7'><tt class='class'>X509</tt></a></b>()
 <dd>
-Factory function that creates an X509 object.
+A class representing X.509 certificates.
 </dl>
 
 <P>
 <dl><dt><b><a name='l2h-8'><tt>X509NameType</tt></a></b>
 <dd>
-A Python type object representing the X509Name object type.
+See <tt class="class">X509Name</tt>.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-9'><tt class='function'>X509Name</tt></a></b>(<var>x509name</var>)
+<dl><dt><b>class <a name='l2h-9'><tt class='class'>X509Name</tt></a></b>(<var>x509name</var>)
 <dd>
-Factory function that creates a copy of <var>x509name</var>.
+A class representing X.509 Distinguished Names.
+
+<P>
+This constructor creates a copy of <var>x509name</var> which should be an
+instance of <tt class="class">X509Name</tt>.
 </dl>
 
 <P>
 <dl><dt><b><a name='l2h-10'><tt>X509ReqType</tt></a></b>
 <dd>
-A Python type object representing the X509Req object type.
+See <tt class="class">X509Req</tt>.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-11'><tt class='function'>X509Req</tt></a></b>()
+<dl><dt><b>class <a name='l2h-11'><tt class='class'>X509Req</tt></a></b>()
 <dd>
-Factory function that creates an X509Req object.
+A class representing X.509 certificate requests.
 </dl>
 
 <P>
@@ -95,13 +100,13 @@
 <P>
 <dl><dt><b><a name='l2h-13'><tt>PKeyType</tt></a></b>
 <dd>
-A Python type object representing the PKey object type.
+See <tt class="class">PKey</tt>.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-14'><tt class='function'>PKey</tt></a></b>()
+<dl><dt><b>class <a name='l2h-14'><tt class='class'>PKey</tt></a></b>()
 <dd>
-Factory function that creates a PKey object.
+A class representing DSA or RSA keys.
 </dl>
 
 <P>
@@ -119,27 +124,32 @@
 <P>
 <dl><dt><b><a name='l2h-17'><tt>X509ExtensionType</tt></a></b>
 <dd>
-A Python type object representing the X509Extension object type.
+See <tt class="class">X509Extension</tt>.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-18'><tt class='function'>X509Extension</tt></a></b>(<var>typename, critical, value</var>)
+<dl><dt><b>class <a name='l2h-18'><tt class='class'>X509Extension</tt></a></b>(<var>typename, critical, value</var><big>[</big><var>, subject</var><big>]</big><big>[</big><var>, issuer</var><big>]</big>)
 <dd>
-Factory function that creates a X509Extension object.
+A class representing an X.509 v3 certificate extensions.
+See <a class="url" href="http://openssl.org/docs/apps/x509v3_config.html#STANDARD_EXTENSIONS">http://openssl.org/docs/apps/x509v3_config.html#STANDARD_EXTENSIONS</a>for <var>typename</var> strings and their options.
+Optional parameters <var>subject</var> and <var>issuer</var> must be X509 objects.
 </dl>
 
 <P>
 <dl><dt><b><a name='l2h-19'><tt>NetscapeSPKIType</tt></a></b>
 <dd>
-A Python type object representing the NetscapeSPKI object type.
+See <tt class="class">NetscapeSPKI</tt>.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-20'><tt class='function'>NetscapeSPKI</tt></a></b>(<big>[</big><var>enc</var><big>]</big>)
+<dl><dt><b>class <a name='l2h-20'><tt class='class'>NetscapeSPKI</tt></a></b>(<big>[</big><var>enc</var><big>]</big>)
 <dd>
-Factory function that creates a NetscapeSPKI object. If the <var>enc</var> argument
-is present, it should be a base64-encoded string representing a NetscapeSPKI
-object, as returned by the <tt class="method">b64_encode</tt> method.
+A class representing Netscape SPKI objects.
+
+<P>
+If the <var>enc</var> argument is present, it should be a base64-encoded string
+representing a NetscapeSPKI object, as returned by the <tt class="method">b64_encode</tt>
+method.
 </dl>
 
 <P>
@@ -224,13 +234,16 @@
 <dl><dt><b><a name='l2h-31'><tt class='function'>load_pkcs12</tt></a></b>(<var>buffer</var><big>[</big><var>, passphrase</var><big>]</big>)
 <dd>
 Load pkcs12 data from the string <var>buffer</var>. If the pkcs12 structure is
-encrypted, a <var>passphrase</var> must be included.
+encrypted, a <var>passphrase</var> must be included.  The MAC is always
+checked and thus required.
+
+<P>
+See also the man page for the C function <tt class="function">PKCS12_parse</tt>.
 </dl>
 
 <P>
 
 <p><hr>
-
 <!--Table of Child-Links-->
 <A NAME="CHILD_LINKS"><STRONG>Subsections</STRONG></A>
 
@@ -261,17 +274,17 @@
 <table align="center" width="100%" cellpadding="0" cellspacing="2">
 <tr>
 <td><A href="openssl.html"><img src="previous.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Previous Page" width="32"></A></td>
 <td><A href="openssl.html"><img src="up.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Up One Level" width="32"></A></td>
 <td><A href="openssl-x509.html"><img src="next.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Next Page" width="32"></A></td>
 <td align="center" width="100%">Python OpenSSL Manual</td>
 <td><A href="contents.html"><img src="contents.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Contents" width="32"></A></td>
 <td><img src="blank.gif"
   border="0" height="32"
@@ -284,7 +297,7 @@
 <b class="navlabel">Up:</b> <a class="sectref" href="openssl.html">3 OpenSSL  </A>
 <b class="navlabel">Next:</b> <a class="sectref" href="openssl-x509.html">3.1.1 X509 objects</A>
 <hr>
-<span class="release-info">Release 0.9.</span>
+<span class="release-info">Release 0.10.</span>
 </DIV>
 <!--End of Navigation Panel-->
 
diff --git a/doc/html/openssl-netscape-spki.html b/doc/html/openssl-netscape-spki.html
index 404ee2b..6c008f8 100644
--- a/doc/html/openssl-netscape-spki.html
+++ b/doc/html/openssl-netscape-spki.html
@@ -16,17 +16,17 @@
 <table align="center" width="100%" cellpadding="0" cellspacing="2">
 <tr>
 <td><A href="openssl-509ext.html"><img src="previous.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Previous Page" width="32"></A></td>
 <td><A href="openssl-crypto.html"><img src="up.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Up One Level" width="32"></A></td>
 <td><A href="openssl-rand.html"><img src="next.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Next Page" width="32"></A></td>
 <td align="center" width="100%">Python OpenSSL Manual</td>
 <td><A href="contents.html"><img src="contents.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Contents" width="32"></A></td>
 <td><img src="blank.gif"
   border="0" height="32"
@@ -51,25 +51,25 @@
 NetscapeSPKI objects have the following methods:
 
 <P>
-<dl><dt><b><a name='l2h-86'><tt class='method'>b64_encode</tt></a></b>()
+<dl><dt><b><a name='l2h-92'><tt class='method'>b64_encode</tt></a></b>()
 <dd>
 Return a base64-encoded string representation of the object.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-87'><tt class='method'>get_pubkey</tt></a></b>()
+<dl><dt><b><a name='l2h-93'><tt class='method'>get_pubkey</tt></a></b>()
 <dd>
 Return the public key of object.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-88'><tt class='method'>set_pubkey</tt></a></b>(<var>key</var>)
+<dl><dt><b><a name='l2h-94'><tt class='method'>set_pubkey</tt></a></b>(<var>key</var>)
 <dd>
 Set the public key of the object to <var>key</var>.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-89'><tt class='method'>sign</tt></a></b>(<var>key, digest_name</var>)
+<dl><dt><b><a name='l2h-95'><tt class='method'>sign</tt></a></b>(<var>key, digest_name</var>)
 <dd>
 Sign the NetscapeSPKI object using the given <var>key</var> and
 <var>digest_name</var>.  <var>digest_name</var> must be a string describing a digest
@@ -78,7 +78,7 @@
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-90'><tt class='method'>verify</tt></a></b>(<var>key</var>)
+<dl><dt><b><a name='l2h-96'><tt class='method'>verify</tt></a></b>(<var>key</var>)
 <dd>
 Verify the NetscapeSPKI object using the given <var>key</var>.
 </dl>
@@ -90,17 +90,17 @@
 <table align="center" width="100%" cellpadding="0" cellspacing="2">
 <tr>
 <td><A href="openssl-509ext.html"><img src="previous.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Previous Page" width="32"></A></td>
 <td><A href="openssl-crypto.html"><img src="up.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Up One Level" width="32"></A></td>
 <td><A href="openssl-rand.html"><img src="next.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Next Page" width="32"></A></td>
 <td align="center" width="100%">Python OpenSSL Manual</td>
 <td><A href="contents.html"><img src="contents.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Contents" width="32"></A></td>
 <td><img src="blank.gif"
   border="0" height="32"
@@ -113,7 +113,7 @@
 <b class="navlabel">Up:</b> <a class="sectref" href="openssl-crypto.html">3.1 crypto  </A>
 <b class="navlabel">Next:</b> <a class="sectref" href="openssl-rand.html">3.2 rand  </A>
 <hr>
-<span class="release-info">Release 0.9.</span>
+<span class="release-info">Release 0.10.</span>
 </DIV>
 <!--End of Navigation Panel-->
 
diff --git a/doc/html/openssl-pkcs12.html b/doc/html/openssl-pkcs12.html
index a5409d0..ce7c970 100644
--- a/doc/html/openssl-pkcs12.html
+++ b/doc/html/openssl-pkcs12.html
@@ -17,17 +17,17 @@
 <table align="center" width="100%" cellpadding="0" cellspacing="2">
 <tr>
 <td><A href="openssl-pkcs7.html"><img src="previous.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Previous Page" width="32"></A></td>
 <td><A href="openssl-crypto.html"><img src="up.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Up One Level" width="32"></A></td>
 <td><A href="openssl-509ext.html"><img src="next.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Next Page" width="32"></A></td>
 <td align="center" width="100%">Python OpenSSL Manual</td>
 <td><A href="contents.html"><img src="contents.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Contents" width="32"></A></td>
 <td><img src="blank.gif"
   border="0" height="32"
@@ -52,22 +52,67 @@
 PKCS12 objects have the following methods:
 
 <P>
-<dl><dt><b><a name='l2h-81'><tt class='method'>get_certificate</tt></a></b>()
+<dl><dt><b><a name='l2h-81'><tt class='method'>export</tt></a></b>(<big>[</big><var>passphrase=None</var><big>]</big><big>[</big><var>, iter=2048</var><big>]</big><big>[</big><var>, maciter=1</var><big>]</big>)
+<dd>
+Returns a PKCS12 object as a string.
+
+<P>
+The optional <var>passphrase</var> must be a string not a callback.
+
+<P>
+See also the man page for the C function <tt class="function">PKCS12_create</tt>.
+</dl>
+
+<P>
+<dl><dt><b><a name='l2h-82'><tt class='method'>get_ca_certificates</tt></a></b>()
+<dd>
+Return CA certificates within the PKCS12 object as a tuple. Returns
+<tt class="constant">None</tt> if no CA certificates are present.
+</dl>
+
+<P>
+<dl><dt><b><a name='l2h-83'><tt class='method'>get_certificate</tt></a></b>()
 <dd>
 Return certificate portion of the PKCS12 structure.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-82'><tt class='method'>get_privatekey</tt></a></b>()
+<dl><dt><b><a name='l2h-84'><tt class='method'>get_friendlyname</tt></a></b>()
+<dd>
+Return friendlyName portion of the PKCS12 structure.
+</dl>
+
+<P>
+<dl><dt><b><a name='l2h-85'><tt class='method'>get_privatekey</tt></a></b>()
 <dd>
 Return private key portion of the PKCS12 structure
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-83'><tt class='method'>get_ca_certificates</tt></a></b>()
+<dl><dt><b><a name='l2h-86'><tt class='method'>set_ca_certificates</tt></a></b>(<var>cacerts</var>)
 <dd>
-Return CA certificates within the PKCS12 object as a tuple. Returns
-None if no CA certificates are present.
+Replace or set the CA certificates within the PKCS12 object with the sequence <var>cacerts</var>.
+
+<P>
+Set <var>cacerts</var> to <tt class="constant">None</tt> to remove all CA certificates.
+</dl>
+
+<P>
+<dl><dt><b><a name='l2h-87'><tt class='method'>set_certificate</tt></a></b>(<var>cert</var>)
+<dd>
+Replace or set the certificate portion of the PKCS12 structure.
+</dl>
+
+<P>
+<dl><dt><b><a name='l2h-88'><tt class='method'>set_friendlyname</tt></a></b>(<var>name</var>)
+<dd>
+Replace or set the friendlyName portion of the PKCS12 structure.
+</dl>
+
+<P>
+<dl><dt><b><a name='l2h-89'><tt class='method'>set_privatekey</tt></a></b>(<var>pkey</var>)
+<dd>
+Replace or set private key portion of the PKCS12 structure
 </dl>
 
 <P>
@@ -77,17 +122,17 @@
 <table align="center" width="100%" cellpadding="0" cellspacing="2">
 <tr>
 <td><A href="openssl-pkcs7.html"><img src="previous.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Previous Page" width="32"></A></td>
 <td><A href="openssl-crypto.html"><img src="up.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Up One Level" width="32"></A></td>
 <td><A href="openssl-509ext.html"><img src="next.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Next Page" width="32"></A></td>
 <td align="center" width="100%">Python OpenSSL Manual</td>
 <td><A href="contents.html"><img src="contents.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Contents" width="32"></A></td>
 <td><img src="blank.gif"
   border="0" height="32"
@@ -100,7 +145,7 @@
 <b class="navlabel">Up:</b> <a class="sectref" href="openssl-crypto.html">3.1 crypto  </A>
 <b class="navlabel">Next:</b> <a class="sectref" href="openssl-509ext.html">3.1.8 X509Extension objects</A>
 <hr>
-<span class="release-info">Release 0.9.</span>
+<span class="release-info">Release 0.10.</span>
 </DIV>
 <!--End of Navigation Panel-->
 
diff --git a/doc/html/openssl-pkcs7.html b/doc/html/openssl-pkcs7.html
index dff42f1..1d0981f 100644
--- a/doc/html/openssl-pkcs7.html
+++ b/doc/html/openssl-pkcs7.html
@@ -17,17 +17,17 @@
 <table align="center" width="100%" cellpadding="0" cellspacing="2">
 <tr>
 <td><A href="openssl-pkey.html"><img src="previous.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Previous Page" width="32"></A></td>
 <td><A href="openssl-crypto.html"><img src="up.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Up One Level" width="32"></A></td>
 <td><A href="openssl-pkcs12.html"><img src="next.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Next Page" width="32"></A></td>
 <td align="center" width="100%">Python OpenSSL Manual</td>
 <td><A href="contents.html"><img src="contents.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Contents" width="32"></A></td>
 <td><img src="blank.gif"
   border="0" height="32"
@@ -88,17 +88,17 @@
 <table align="center" width="100%" cellpadding="0" cellspacing="2">
 <tr>
 <td><A href="openssl-pkey.html"><img src="previous.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Previous Page" width="32"></A></td>
 <td><A href="openssl-crypto.html"><img src="up.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Up One Level" width="32"></A></td>
 <td><A href="openssl-pkcs12.html"><img src="next.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Next Page" width="32"></A></td>
 <td align="center" width="100%">Python OpenSSL Manual</td>
 <td><A href="contents.html"><img src="contents.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Contents" width="32"></A></td>
 <td><img src="blank.gif"
   border="0" height="32"
@@ -111,7 +111,7 @@
 <b class="navlabel">Up:</b> <a class="sectref" href="openssl-crypto.html">3.1 crypto  </A>
 <b class="navlabel">Next:</b> <a class="sectref" href="openssl-pkcs12.html">3.1.7 PKCS12 objects</A>
 <hr>
-<span class="release-info">Release 0.9.</span>
+<span class="release-info">Release 0.10.</span>
 </DIV>
 <!--End of Navigation Panel-->
 
diff --git a/doc/html/openssl-pkey.html b/doc/html/openssl-pkey.html
index b504c9b..a180ec3 100644
--- a/doc/html/openssl-pkey.html
+++ b/doc/html/openssl-pkey.html
@@ -17,17 +17,17 @@
 <table align="center" width="100%" cellpadding="0" cellspacing="2">
 <tr>
 <td><A href="openssl-x509store.html"><img src="previous.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Previous Page" width="32"></A></td>
 <td><A href="openssl-crypto.html"><img src="up.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Up One Level" width="32"></A></td>
 <td><A href="openssl-pkcs7.html"><img src="next.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Next Page" width="32"></A></td>
 <td align="center" width="100%">Python OpenSSL Manual</td>
 <td><A href="contents.html"><img src="contents.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Contents" width="32"></A></td>
 <td><img src="blank.gif"
   border="0" height="32"
@@ -77,17 +77,17 @@
 <table align="center" width="100%" cellpadding="0" cellspacing="2">
 <tr>
 <td><A href="openssl-x509store.html"><img src="previous.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Previous Page" width="32"></A></td>
 <td><A href="openssl-crypto.html"><img src="up.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Up One Level" width="32"></A></td>
 <td><A href="openssl-pkcs7.html"><img src="next.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Next Page" width="32"></A></td>
 <td align="center" width="100%">Python OpenSSL Manual</td>
 <td><A href="contents.html"><img src="contents.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Contents" width="32"></A></td>
 <td><img src="blank.gif"
   border="0" height="32"
@@ -100,7 +100,7 @@
 <b class="navlabel">Up:</b> <a class="sectref" href="openssl-crypto.html">3.1 crypto  </A>
 <b class="navlabel">Next:</b> <a class="sectref" href="openssl-pkcs7.html">3.1.6 PKCS7 objects</A>
 <hr>
-<span class="release-info">Release 0.9.</span>
+<span class="release-info">Release 0.10.</span>
 </DIV>
 <!--End of Navigation Panel-->
 
diff --git a/doc/html/openssl-rand.html b/doc/html/openssl-rand.html
index fc21189..21ec9b2 100644
--- a/doc/html/openssl-rand.html
+++ b/doc/html/openssl-rand.html
@@ -17,17 +17,17 @@
 <table align="center" width="100%" cellpadding="0" cellspacing="2">
 <tr>
 <td><A href="openssl-netscape-spki.html"><img src="previous.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Previous Page" width="32"></A></td>
 <td><A href="openssl.html"><img src="up.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Up One Level" width="32"></A></td>
 <td><A href="openssl-ssl.html"><img src="next.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Next Page" width="32"></A></td>
 <td align="center" width="100%">Python OpenSSL Manual</td>
 <td><A href="contents.html"><img src="contents.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Contents" width="32"></A></td>
 <td><img src="blank.gif"
   border="0" height="32"
@@ -56,61 +56,93 @@
 declares the following:
 
 <P>
-<dl><dt><b><a name='l2h-92'><tt class='function'>add</tt></a></b>(<var>string, entropy</var>)
+<dl><dt><b><a name='l2h-98'><tt class='function'>add</tt></a></b>(<var>string, entropy</var>)
 <dd>
 Mix bytes from <var>string</var> into the PRNG state. The <var>entropy</var> argument is
 (the lower bound of) an estimate of how much randomness is contained in
-<var>string</var>, measured in bytes. For more information, see e.g. <a class="rfc" name="rfcref-1878"
+<var>string</var>, measured in bytes. For more information, see e.g. <a class="rfc" name="rfcref-2096"
 href="http://www.ietf.org/rfc/rfc1750.txt">RFC 1750</a>.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-93'><tt class='function'>egd</tt></a></b>(<var>path</var><big>[</big><var>, bytes</var><big>]</big>)
+<dl><dt><b><a name='l2h-99'><tt class='function'>bytes</tt></a></b>(<var>num_bytes</var>)
+<dd>
+Get some random bytes from the PRNG as a string.
+
+<P>
+This is a wrapper for the C function <tt class="function">RAND_bytes</tt>.
+</dl>
+
+<P>
+<dl><dt><b><a name='l2h-100'><tt class='function'>cleanup</tt></a></b>()
+<dd>
+Erase the memory used by the PRNG.
+
+<P>
+This is a wrapper for the C function <tt class="function">RAND_cleanup</tt>.
+</dl>
+
+<P>
+<dl><dt><b><a name='l2h-101'><tt class='function'>egd</tt></a></b>(<var>path</var><big>[</big><var>, bytes</var><big>]</big>)
 <dd>
 Query the Entropy Gathering Daemon<A NAME="tex2html2"
-  HREF="#foot972"><SUP>2</SUP></A> on socket <var>path</var> for <var>bytes</var>
+  HREF="#foot1108"><SUP>2</SUP></A> on socket <var>path</var> for <var>bytes</var>
 bytes of random data and and uses <tt class="function">add</tt> to seed the PRNG. The default
 value of <var>bytes</var> is 255.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-94'><tt class='function'>load_file</tt></a></b>(<var>path</var><big>[</big><var>, bytes</var><big>]</big>)
+<dl><dt><b><a name='l2h-102'><tt class='function'>load_file</tt></a></b>(<var>path</var><big>[</big><var>, bytes</var><big>]</big>)
 <dd>
 Read <var>bytes</var> bytes (or all of it, if <var>bytes</var> is negative) of data from
 the file <var>path</var> to seed the PRNG. The default value of <var>bytes</var> is -1.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-95'><tt class='function'>screen</tt></a></b>()
+<dl><dt><b><a name='l2h-103'><tt class='function'>screen</tt></a></b>()
 <dd>
 Add the current contents of the screen to the PRNG state.
 Availability: Windows.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-96'><tt class='function'>seed</tt></a></b>(<var>string</var>)
+<dl><dt><b><a name='l2h-104'><tt class='function'>seed</tt></a></b>(<var>string</var>)
 <dd>
 This is equivalent to calling <tt class="function">add</tt> with <var>entropy</var> as the length
 of the string.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-97'><tt class='function'>status</tt></a></b>()
+<dl><dt><b><a name='l2h-105'><tt class='function'>status</tt></a></b>()
 <dd>
 Returns true if the PRNG has been seeded with enough data, and false otherwise.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-98'><tt class='function'>write_file</tt></a></b>(<var>path</var>)
+<dl><dt><b><a name='l2h-106'><tt class='function'>write_file</tt></a></b>(<var>path</var>)
 <dd>
 Write a number of random bytes (currently 1024) to the file <var>path</var>. This
 file can then be used with <tt class="function">load_file</tt> to seed the PRNG again.
 </dl>
 
 <P>
+<dl><dt><b>exception <a name='l2h-107'><tt class='exception'>Error</tt></a></b>
+<dd>
+If the current RAND method supports any errors, this is raised when needed.
+The default method does not raise this when the entropy pool is depleted.
+
+<P>
+Whenever this exception is raised directly, it has a list of error messages
+from the OpenSSL error queue, where each item is a tuple <code>(<var>lib</var>,
+<var>function</var>, <var>reason</var>)</code>. Here <var>lib</var>, <var>function</var> and <var>reason</var>
+are all strings, describing where and what the problem is. See <span class='manpage'><i>err</i>(3)</span>
+for more information.
+</dl>
+
+<P>
 <BR><HR><H4>Footnotes</H4>
 <DL>
-<DT><A NAME="foot972">... Daemon</A><A
+<DT><A NAME="foot1108">... Daemon</A><A
  href="openssl-rand.html#tex2html2"><SUP>2</SUP></A></DT>
 <DD>See
 <a class="url" href="http://www.lothar.com/tech/crypto/">http://www.lothar.com/tech/crypto/</a>
@@ -122,17 +154,17 @@
 <table align="center" width="100%" cellpadding="0" cellspacing="2">
 <tr>
 <td><A href="openssl-netscape-spki.html"><img src="previous.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Previous Page" width="32"></A></td>
 <td><A href="openssl.html"><img src="up.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Up One Level" width="32"></A></td>
 <td><A href="openssl-ssl.html"><img src="next.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Next Page" width="32"></A></td>
 <td align="center" width="100%">Python OpenSSL Manual</td>
 <td><A href="contents.html"><img src="contents.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Contents" width="32"></A></td>
 <td><img src="blank.gif"
   border="0" height="32"
@@ -145,7 +177,7 @@
 <b class="navlabel">Up:</b> <a class="sectref" href="openssl.html">3 OpenSSL  </A>
 <b class="navlabel">Next:</b> <a class="sectref" href="openssl-ssl.html">3.3 SSL  </A>
 <hr>
-<span class="release-info">Release 0.9.</span>
+<span class="release-info">Release 0.10.</span>
 </DIV>
 <!--End of Navigation Panel-->
 
diff --git a/doc/html/openssl-ssl.html b/doc/html/openssl-ssl.html
index 7d12f84..2f376ba 100644
--- a/doc/html/openssl-ssl.html
+++ b/doc/html/openssl-ssl.html
@@ -16,17 +16,17 @@
 <table align="center" width="100%" cellpadding="0" cellspacing="2">
 <tr>
 <td><A href="openssl-rand.html"><img src="previous.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Previous Page" width="32"></A></td>
 <td><A href="openssl.html"><img src="up.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Up One Level" width="32"></A></td>
 <td><A href="openssl-context.html"><img src="next.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Next Page" width="32"></A></td>
 <td align="center" width="100%">Python OpenSSL Manual</td>
 <td><A href="contents.html"><img src="contents.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Contents" width="32"></A></td>
 <td><img src="blank.gif"
   border="0" height="32"
@@ -41,6 +41,7 @@
 <br><hr>
 </DIV>
 <!--End of Navigation Panel-->
+
 <H2><A NAME="SECTION000430000000000000000">&nbsp;</A>
 <BR>
 3.3 <tt class="module">SSL</tt> -- An interface to the SSL-specific parts of OpenSSL 
@@ -54,39 +55,39 @@
 Context, Connection.
 
 <P>
-<dl><dt><b><a name='l2h-100'><tt>SSLv2_METHOD</tt></a></b>
+<dl><dt><b><a name='l2h-109'><tt>SSLv2_METHOD</tt></a></b>
 <dd>
-<dt><b><a name='l2h-114'><tt>SSLv3_METHOD</tt></a></b><dd>
-<dt><b><a name='l2h-115'><tt>SSLv23_METHOD</tt></a></b><dd>
-<dt><b><a name='l2h-116'><tt>TLSv1_METHOD</tt></a></b><dd>
+<dt><b><a name='l2h-123'><tt>SSLv3_METHOD</tt></a></b><dd>
+<dt><b><a name='l2h-124'><tt>SSLv23_METHOD</tt></a></b><dd>
+<dt><b><a name='l2h-125'><tt>TLSv1_METHOD</tt></a></b><dd>
 These constants represent the different SSL methods to use when creating a
 context object.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-101'><tt>VERIFY_NONE</tt></a></b>
+<dl><dt><b><a name='l2h-110'><tt>VERIFY_NONE</tt></a></b>
 <dd>
-<dt><b><a name='l2h-117'><tt>VERIFY_PEER</tt></a></b><dd>
-<dt><b><a name='l2h-118'><tt>VERIFY_FAIL_IF_NO_PEER_CERT</tt></a></b><dd>
+<dt><b><a name='l2h-126'><tt>VERIFY_PEER</tt></a></b><dd>
+<dt><b><a name='l2h-127'><tt>VERIFY_FAIL_IF_NO_PEER_CERT</tt></a></b><dd>
 These constants represent the verification mode used by the Context
 object's <tt class="method">set_verify</tt> method.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-102'><tt>FILETYPE_PEM</tt></a></b>
+<dl><dt><b><a name='l2h-111'><tt>FILETYPE_PEM</tt></a></b>
 <dd>
-<dt><b><a name='l2h-119'><tt>FILETYPE_ASN1</tt></a></b><dd>
+<dt><b><a name='l2h-128'><tt>FILETYPE_ASN1</tt></a></b><dd>
 File type constants used with the <tt class="method">use_certificate_file</tt> and
 <tt class="method">use_privatekey_file</tt> methods of Context objects.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-103'><tt>OP_SINGLE_DH_USE</tt></a></b>
+<dl><dt><b><a name='l2h-112'><tt>OP_SINGLE_DH_USE</tt></a></b>
 <dd>
-<dt><b><a name='l2h-120'><tt>OP_EPHEMERAL_RSA</tt></a></b><dd>
-<dt><b><a name='l2h-121'><tt>OP_NO_SSLv2</tt></a></b><dd>
-<dt><b><a name='l2h-122'><tt>OP_NO_SSLv3</tt></a></b><dd>
-<dt><b><a name='l2h-123'><tt>OP_NO_TLSv1</tt></a></b><dd>
+<dt><b><a name='l2h-129'><tt>OP_EPHEMERAL_RSA</tt></a></b><dd>
+<dt><b><a name='l2h-130'><tt>OP_NO_SSLv2</tt></a></b><dd>
+<dt><b><a name='l2h-131'><tt>OP_NO_SSLv3</tt></a></b><dd>
+<dt><b><a name='l2h-132'><tt>OP_NO_TLSv1</tt></a></b><dd>
 Constants used with <tt class="method">set_options</tt> of Context objects.
 <tt class="constant">OP_SINGLE_DH_USE</tt> means to always create a new key when using ephemeral
 Diffie-Hellman. <tt class="constant">OP_EPHEMERAL_RSA</tt> means to always use ephemeral RSA keys
@@ -97,35 +98,44 @@
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-104'><tt>ContextType</tt></a></b>
+<dl><dt><b><a name='l2h-113'><tt>ContextType</tt></a></b>
 <dd>
-A Python type object representing the Context object type.
+See <tt class="class">Context</tt>.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-105'><tt class='function'>Context</tt></a></b>(<var>method</var>)
+<dl><dt><b>class <a name='l2h-114'><tt class='class'>Context</tt></a></b>(<var>method</var>)
 <dd>
-Factory function that creates a new Context object given an SSL method. The
-method should be <tt class="constant">SSLv2_METHOD</tt>, <tt class="constant">SSLv3_METHOD</tt>,
+A class representing SSL contexts.  Contexts define the parameters of one or
+more SSL connections.
+
+<P>
+<var>method</var> should be <tt class="constant">SSLv2_METHOD</tt>, <tt class="constant">SSLv3_METHOD</tt>,
 <tt class="constant">SSLv23_METHOD</tt> or <tt class="constant">TLSv1_METHOD</tt>.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-106'><tt>ConnectionType</tt></a></b>
+<dl><dt><b><a name='l2h-115'><tt>ConnectionType</tt></a></b>
 <dd>
-A Python type object representing the Connection object type.
+See <tt class="class">Connection</tt>.
 </dl>
 
 <P>
-<dl><dt><b><a name='l2h-107'><tt class='function'>Connection</tt></a></b>(<var>context, socket</var>)
+<dl><dt><b>class <a name='l2h-116'><tt class='class'>Connection</tt></a></b>(<var>context, socket</var>)
 <dd>
-Factory fucnction that creates a new Connection object given an SSL context and
-a socket <A NAME="tex2html4"
-  HREF="#foot975"><SUP>3</SUP></A> object.
+A class representing SSL connections.
+
+<P>
+<var>context</var> should be an instance of <tt class="class">Context</tt> and <var>socket</var>
+should be a socket <A NAME="tex2html4"
+  HREF="#foot1112"><SUP>3</SUP></A> object.  <var>socket</var> may be
+<var>None</var>; in this case, the Connection is created with a memory BIO: see
+the <tt class="method">bio_read</tt>, <tt class="method">bio_write</tt>, and <tt class="method">bio_shutdown</tt>
+methods.
 </dl>
 
 <P>
-<dl><dt><b>exception <a name='l2h-108'><tt class='exception'>Error</tt></a></b>
+<dl><dt><b>exception <a name='l2h-117'><tt class='exception'>Error</tt></a></b>
 <dd>
 This exception is used as a base class for the other SSL-related
 exceptions, but may also be raised directly.
@@ -139,7 +149,7 @@
 </dl>
 
 <P>
-<dl><dt><b>exception <a name='l2h-109'><tt class='exception'>ZeroReturnError</tt></a></b>
+<dl><dt><b>exception <a name='l2h-118'><tt class='exception'>ZeroReturnError</tt></a></b>
 <dd>
 This exception matches the error return code <code>SSL_ERROR_ZERO_RETURN</code>, and
 is raised when the SSL Connection has been closed. In SSL 3.0 and TLS 1.0, this
@@ -153,21 +163,31 @@
 </dl>
 
 <P>
-<dl><dt><b>exception <a name='l2h-110'><tt class='exception'>WantReadError</tt></a></b>
+<dl><dt><b>exception <a name='l2h-119'><tt class='exception'>WantReadError</tt></a></b>
 <dd>
 The operation did not complete; the same I/O method should be called again
 later, with the same arguments. Any I/O method can lead to this since new
 handshakes can occur at any time.
+
+<P>
+The wanted read is for <i>dirty</i> data sent over the network, not the
+<i>clean</i> data inside the tunnel.  For a socket based SSL connection,
+<i>read</i> means data coming at us over the network.  Until that read
+succeeds, the attempted <tt class="method">OpenSSL.SSL.Connection.recv</tt>,
+<tt class="method">OpenSSL.SSL.Connection.send</tt>, or
+<tt class="method">OpenSSL.SSL.Connection.do_handshake</tt> is prevented or incomplete. You
+probably want to <tt class="method">select()</tt> on the socket before trying again.
 </dl>
 
 <P>
-<dl><dt><b>exception <a name='l2h-111'><tt class='exception'>WantWriteError</tt></a></b>
+<dl><dt><b>exception <a name='l2h-120'><tt class='exception'>WantWriteError</tt></a></b>
 <dd>
-See <tt class="exception">WantReadError</tt>.
+See <tt class="exception">WantReadError</tt>.  The socket send buffer may be too full to
+write more data.
 </dl>
 
 <P>
-<dl><dt><b>exception <a name='l2h-112'><tt class='exception'>WantX509LookupError</tt></a></b>
+<dl><dt><b>exception <a name='l2h-121'><tt class='exception'>WantX509LookupError</tt></a></b>
 <dd>
 The operation did not complete because an application callback has asked to be
 called again. The I/O method should be called again later, with the same
@@ -176,7 +196,7 @@
 </dl>
 
 <P>
-<dl><dt><b>exception <a name='l2h-113'><tt class='exception'>SysCallError</tt></a></b>
+<dl><dt><b>exception <a name='l2h-122'><tt class='exception'>SysCallError</tt></a></b>
 <dd>
 The <tt class="exception">SysCallError</tt> occurs when there's an I/O error and OpenSSL's
 error queue does not contain any information. This can mean two things: An
@@ -188,16 +208,15 @@
 <P>
 <BR><HR><H4>Footnotes</H4>
 <DL>
-<DT><A NAME="foot975">... socket</A><A
+<DT><A NAME="foot1112">... socket</A><A
  href="openssl-ssl.html#tex2html4"><SUP>3</SUP></A></DT>
-<DD>Actually, all that is required is an object that
-<i>behaves</i> like a socket, you could even use files, even though it'd be
-tricky to get the handshakes right!
+<DD>Actually, all that is required is an object
+that <i>behaves</i> like a socket, you could even use files, even though
+it'd be tricky to get the handshakes right!
 
 </DD>
 </DL>
 <p><hr>
-
 <!--Table of Child-Links-->
 <A NAME="CHILD_LINKS"><STRONG>Subsections</STRONG></A>
 
@@ -214,17 +233,17 @@
 <table align="center" width="100%" cellpadding="0" cellspacing="2">
 <tr>
 <td><A href="openssl-rand.html"><img src="previous.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Previous Page" width="32"></A></td>
 <td><A href="openssl.html"><img src="up.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Up One Level" width="32"></A></td>
 <td><A href="openssl-context.html"><img src="next.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Next Page" width="32"></A></td>
 <td align="center" width="100%">Python OpenSSL Manual</td>
 <td><A href="contents.html"><img src="contents.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Contents" width="32"></A></td>
 <td><img src="blank.gif"
   border="0" height="32"
@@ -237,7 +256,7 @@
 <b class="navlabel">Up:</b> <a class="sectref" href="openssl.html">3 OpenSSL  </A>
 <b class="navlabel">Next:</b> <a class="sectref" href="openssl-context.html">3.3.1 Context objects</A>
 <hr>
-<span class="release-info">Release 0.9.</span>
+<span class="release-info">Release 0.10.</span>
 </DIV>
 <!--End of Navigation Panel-->
 
diff --git a/doc/html/openssl-x509.html b/doc/html/openssl-x509.html
index 20af102..aa3ac50 100644
--- a/doc/html/openssl-x509.html
+++ b/doc/html/openssl-x509.html
@@ -17,17 +17,17 @@
 <table align="center" width="100%" cellpadding="0" cellspacing="2">
 <tr>
 <td><A href="openssl-crypto.html"><img src="previous.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Previous Page" width="32"></A></td>
 <td><A href="openssl-crypto.html"><img src="up.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Up One Level" width="32"></A></td>
 <td><A href="openssl-x509name.html"><img src="next.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Next Page" width="32"></A></td>
 <td align="center" width="100%">Python OpenSSL Manual</td>
 <td><A href="contents.html"><img src="contents.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Contents" width="32"></A></td>
 <td><img src="blank.gif"
   border="0" height="32"
@@ -215,17 +215,17 @@
 <table align="center" width="100%" cellpadding="0" cellspacing="2">
 <tr>
 <td><A href="openssl-crypto.html"><img src="previous.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Previous Page" width="32"></A></td>
 <td><A href="openssl-crypto.html"><img src="up.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Up One Level" width="32"></A></td>
 <td><A href="openssl-x509name.html"><img src="next.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Next Page" width="32"></A></td>
 <td align="center" width="100%">Python OpenSSL Manual</td>
 <td><A href="contents.html"><img src="contents.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Contents" width="32"></A></td>
 <td><img src="blank.gif"
   border="0" height="32"
@@ -238,7 +238,7 @@
 <b class="navlabel">Up:</b> <a class="sectref" href="openssl-crypto.html">3.1 crypto  </A>
 <b class="navlabel">Next:</b> <a class="sectref" href="openssl-x509name.html">3.1.2 X509Name objects</A>
 <hr>
-<span class="release-info">Release 0.9.</span>
+<span class="release-info">Release 0.10.</span>
 </DIV>
 <!--End of Navigation Panel-->
 
diff --git a/doc/html/openssl-x509name.html b/doc/html/openssl-x509name.html
index 21a4f0b..67459f6 100644
--- a/doc/html/openssl-x509name.html
+++ b/doc/html/openssl-x509name.html
@@ -17,17 +17,17 @@
 <table align="center" width="100%" cellpadding="0" cellspacing="2">
 <tr>
 <td><A href="openssl-x509.html"><img src="previous.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Previous Page" width="32"></A></td>
 <td><A href="openssl-crypto.html"><img src="up.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Up One Level" width="32"></A></td>
 <td><A href="openssl-x509req.html"><img src="next.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Next Page" width="32"></A></td>
 <td align="center" width="100%">Python OpenSSL Manual</td>
 <td><A href="contents.html"><img src="contents.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Contents" width="32"></A></td>
 <td><img src="blank.gif"
   border="0" height="32"
@@ -128,17 +128,17 @@
 <table align="center" width="100%" cellpadding="0" cellspacing="2">
 <tr>
 <td><A href="openssl-x509.html"><img src="previous.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Previous Page" width="32"></A></td>
 <td><A href="openssl-crypto.html"><img src="up.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Up One Level" width="32"></A></td>
 <td><A href="openssl-x509req.html"><img src="next.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Next Page" width="32"></A></td>
 <td align="center" width="100%">Python OpenSSL Manual</td>
 <td><A href="contents.html"><img src="contents.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Contents" width="32"></A></td>
 <td><img src="blank.gif"
   border="0" height="32"
@@ -151,7 +151,7 @@
 <b class="navlabel">Up:</b> <a class="sectref" href="openssl-crypto.html">3.1 crypto  </A>
 <b class="navlabel">Next:</b> <a class="sectref" href="openssl-x509req.html">3.1.3 X509Req objects</A>
 <hr>
-<span class="release-info">Release 0.9.</span>
+<span class="release-info">Release 0.10.</span>
 </DIV>
 <!--End of Navigation Panel-->
 
diff --git a/doc/html/openssl-x509req.html b/doc/html/openssl-x509req.html
index be646b7..d9410c3 100644
--- a/doc/html/openssl-x509req.html
+++ b/doc/html/openssl-x509req.html
@@ -17,17 +17,17 @@
 <table align="center" width="100%" cellpadding="0" cellspacing="2">
 <tr>
 <td><A href="openssl-x509name.html"><img src="previous.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Previous Page" width="32"></A></td>
 <td><A href="openssl-crypto.html"><img src="up.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Up One Level" width="32"></A></td>
 <td><A href="openssl-x509store.html"><img src="next.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Next Page" width="32"></A></td>
 <td align="center" width="100%">Python OpenSSL Manual</td>
 <td><A href="contents.html"><img src="contents.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Contents" width="32"></A></td>
 <td><img src="blank.gif"
   border="0" height="32"
@@ -102,17 +102,17 @@
 <table align="center" width="100%" cellpadding="0" cellspacing="2">
 <tr>
 <td><A href="openssl-x509name.html"><img src="previous.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Previous Page" width="32"></A></td>
 <td><A href="openssl-crypto.html"><img src="up.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Up One Level" width="32"></A></td>
 <td><A href="openssl-x509store.html"><img src="next.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Next Page" width="32"></A></td>
 <td align="center" width="100%">Python OpenSSL Manual</td>
 <td><A href="contents.html"><img src="contents.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Contents" width="32"></A></td>
 <td><img src="blank.gif"
   border="0" height="32"
@@ -125,7 +125,7 @@
 <b class="navlabel">Up:</b> <a class="sectref" href="openssl-crypto.html">3.1 crypto  </A>
 <b class="navlabel">Next:</b> <a class="sectref" href="openssl-x509store.html">3.1.4 X509Store objects</A>
 <hr>
-<span class="release-info">Release 0.9.</span>
+<span class="release-info">Release 0.10.</span>
 </DIV>
 <!--End of Navigation Panel-->
 
diff --git a/doc/html/openssl-x509store.html b/doc/html/openssl-x509store.html
index ec6aafe..7682d6d 100644
--- a/doc/html/openssl-x509store.html
+++ b/doc/html/openssl-x509store.html
@@ -17,17 +17,17 @@
 <table align="center" width="100%" cellpadding="0" cellspacing="2">
 <tr>
 <td><A href="openssl-x509req.html"><img src="previous.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Previous Page" width="32"></A></td>
 <td><A href="openssl-crypto.html"><img src="up.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Up One Level" width="32"></A></td>
 <td><A href="openssl-pkey.html"><img src="next.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Next Page" width="32"></A></td>
 <td align="center" width="100%">Python OpenSSL Manual</td>
 <td><A href="contents.html"><img src="contents.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Contents" width="32"></A></td>
 <td><img src="blank.gif"
   border="0" height="32"
@@ -64,17 +64,17 @@
 <table align="center" width="100%" cellpadding="0" cellspacing="2">
 <tr>
 <td><A href="openssl-x509req.html"><img src="previous.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Previous Page" width="32"></A></td>
 <td><A href="openssl-crypto.html"><img src="up.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Up One Level" width="32"></A></td>
 <td><A href="openssl-pkey.html"><img src="next.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Next Page" width="32"></A></td>
 <td align="center" width="100%">Python OpenSSL Manual</td>
 <td><A href="contents.html"><img src="contents.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Contents" width="32"></A></td>
 <td><img src="blank.gif"
   border="0" height="32"
@@ -87,7 +87,7 @@
 <b class="navlabel">Up:</b> <a class="sectref" href="openssl-crypto.html">3.1 crypto  </A>
 <b class="navlabel">Next:</b> <a class="sectref" href="openssl-pkey.html">3.1.5 PKey objects</A>
 <hr>
-<span class="release-info">Release 0.9.</span>
+<span class="release-info">Release 0.10.</span>
 </DIV>
 <!--End of Navigation Panel-->
 
diff --git a/doc/html/openssl.html b/doc/html/openssl.html
index d410112..f94e6ed 100644
--- a/doc/html/openssl.html
+++ b/doc/html/openssl.html
@@ -17,17 +17,17 @@
 <table align="center" width="100%" cellpadding="0" cellspacing="2">
 <tr>
 <td><A href="building-windows.html"><img src="previous.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Previous Page" width="32"></A></td>
 <td><A HREF="pyOpenSSL.html"><img src="up.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Up One Level" width="32"></A></td>
 <td><A href="openssl-crypto.html"><img src="next.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Next Page" width="32"></A></td>
 <td align="center" width="100%">Python OpenSSL Manual</td>
 <td><A href="contents.html"><img src="contents.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Contents" width="32"></A></td>
 <td><img src="blank.gif"
   border="0" height="32"
@@ -42,6 +42,7 @@
 <br><hr>
 </DIV>
 <!--End of Navigation Panel-->
+
 <H1><A NAME="SECTION000400000000000000000">&nbsp;</A>
 <BR>
 3 <tt class="module">OpenSSL</tt> -- Python interface to OpenSSL 
@@ -75,7 +76,6 @@
 <P>
 
 <p><hr>
-
 <!--Table of Child-Links-->
 <A NAME="CHILD_LINKS"><STRONG>Subsections</STRONG></A>
 
@@ -120,17 +120,17 @@
 <table align="center" width="100%" cellpadding="0" cellspacing="2">
 <tr>
 <td><A href="building-windows.html"><img src="previous.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Previous Page" width="32"></A></td>
 <td><A HREF="pyOpenSSL.html"><img src="up.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Up One Level" width="32"></A></td>
 <td><A href="openssl-crypto.html"><img src="next.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Next Page" width="32"></A></td>
 <td align="center" width="100%">Python OpenSSL Manual</td>
 <td><A href="contents.html"><img src="contents.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Contents" width="32"></A></td>
 <td><img src="blank.gif"
   border="0" height="32"
@@ -143,7 +143,7 @@
 <b class="navlabel">Up:</b> <a class="sectref" HREF="pyOpenSSL.html">Python OpenSSL Manual</A>
 <b class="navlabel">Next:</b> <a class="sectref" href="openssl-crypto.html">3.1 crypto  </A>
 <hr>
-<span class="release-info">Release 0.9.</span>
+<span class="release-info">Release 0.10.</span>
 </DIV>
 <!--End of Navigation Panel-->
 
diff --git a/doc/html/pyOpenSSL.html b/doc/html/pyOpenSSL.html
index 7de0b68..6eaaa67 100644
--- a/doc/html/pyOpenSSL.html
+++ b/doc/html/pyOpenSSL.html
@@ -20,11 +20,11 @@
   border="0" height="32"
   alt="" width="32"></td>
 <td><A href="contents.html"><img src="next.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Next Page" width="32"></A></td>
 <td align="center" width="100%">Python OpenSSL Manual</td>
 <td><A href="contents.html"><img src="contents.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Contents" width="32"></A></td>
 <td><img src="blank.gif"
   border="0" height="32"
@@ -37,6 +37,7 @@
 <br><hr>
 </DIV>
 <!--End of Navigation Panel-->
+
 <P>
 
 <div class="titlepage">
@@ -62,7 +63,6 @@
 <P>
 
 <p><hr>
-
 <!--Table of Child-Links-->
 
 
@@ -144,11 +144,11 @@
   border="0" height="32"
   alt="" width="32"></td>
 <td><A href="contents.html"><img src="next.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Next Page" width="32"></A></td>
 <td align="center" width="100%">Python OpenSSL Manual</td>
 <td><A href="contents.html"><img src="contents.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Contents" width="32"></A></td>
 <td><img src="blank.gif"
   border="0" height="32"
@@ -159,7 +159,7 @@
 </tr></table>
 <b class="navlabel">Next:</b> <a class="sectref" href="contents.html">Contents</A>
 <hr>
-<span class="release-info">Release 0.9.</span>
+<span class="release-info">Release 0.10.</span>
 </DIV>
 <!--End of Navigation Panel-->
 
diff --git a/doc/html/socket-methods.html b/doc/html/socket-methods.html
index a63ddd4..51ccc5f 100644
--- a/doc/html/socket-methods.html
+++ b/doc/html/socket-methods.html
@@ -16,17 +16,17 @@
 <table align="center" width="100%" cellpadding="0" cellspacing="2">
 <tr>
 <td><A href="callbacks.html"><img src="previous.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Previous Page" width="32"></A></td>
 <td><A href="internals.html"><img src="up.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Up One Level" width="32"></A></td>
 <td><A href="about.html"><img src="next.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Next Page" width="32"></A></td>
 <td align="center" width="100%">Python OpenSSL Manual</td>
 <td><A href="contents.html"><img src="contents.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Contents" width="32"></A></td>
 <td><img src="blank.gif"
   border="0" height="32"
@@ -88,17 +88,17 @@
 <table align="center" width="100%" cellpadding="0" cellspacing="2">
 <tr>
 <td><A href="callbacks.html"><img src="previous.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Previous Page" width="32"></A></td>
 <td><A href="internals.html"><img src="up.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Up One Level" width="32"></A></td>
 <td><A href="about.html"><img src="next.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Next Page" width="32"></A></td>
 <td align="center" width="100%">Python OpenSSL Manual</td>
 <td><A href="contents.html"><img src="contents.gif"
-border="0" height="32"
+  border="0" height="32"
   alt="Contents" width="32"></A></td>
 <td><img src="blank.gif"
   border="0" height="32"
@@ -111,7 +111,7 @@
 <b class="navlabel">Up:</b> <a class="sectref" href="internals.html">4 Internals</A>
 <b class="navlabel">Next:</b> <a class="sectref" href="about.html">About this document ...</A>
 <hr>
-<span class="release-info">Release 0.9.</span>
+<span class="release-info">Release 0.10.</span>
 </DIV>
 <!--End of Navigation Panel-->
 
diff --git a/doc/pyOpenSSL.ps b/doc/pyOpenSSL.ps
index b4f7502..1b1eaad 100644
--- a/doc/pyOpenSSL.ps
+++ b/doc/pyOpenSSL.ps
@@ -1,8 +1,8 @@
 %!PS-Adobe-2.0
 %%Creator: dvips(k) 5.96.1 Copyright 2007 Radical Eye Software
 %%Title: pyOpenSSL.dvi
-%%CreationDate: Sat Apr 25 10:38:41 2009
-%%Pages: 15
+%%CreationDate: Fri Nov 13 09:16:45 2009
+%%Pages: 17
 %%PageOrder: Ascend
 %%BoundingBox: 0 0 596 842
 %%DocumentPaperSizes: a4
@@ -10,7 +10,7 @@
 %DVIPSWebPage: (www.radicaleye.com)
 %DVIPSCommandLine: dvips -N0 -o pyOpenSSL.ps pyOpenSSL
 %DVIPSParameters: dpi=600
-%DVIPSSource:  TeX output 2009.04.25:1038
+%DVIPSSource:  TeX output 2009.11.13:0916
 %%BeginProcSet: tex.pro 0 0
 %!
 /TeXDict 300 dict def TeXDict begin/N{def}def/B{bind def}N/S{exch}N/X{S
@@ -109,8 +109,8 @@
 1FC0001FC0001FC0001FC0001FC0001FC0001FC0001FC0001FC0001FC0001FC0001FC000
 1FC0001FC0001FC0FFFFC0FFFFC012787ED920>93 D E
 %EndDVIPSBitmapFont
-%DVIPSBitmapFont: Fc ecti1000 10 47
-/Fc 47 123 df<00000000FF0003F000000003FFE00FFC0000000FC0F01F1E0000003F00
+%DVIPSBitmapFont: Fc ecti1000 10 52
+/Fc 52 123 df<00000000FF0003F000000003FFE00FFC0000000FC0F01F1E0000003F00
 783E0F0000007E01F87C3F0000007C03F8FC7F000000FC03F8F87F000001F803F9F87F00
 0001F803F1F87E000001F801E1F83C000003F00003F000000003F00003F000000003F000
 03F000000007F00003F000000007E00007F000000007E00007E000000007E00007E00000
@@ -167,182 +167,219 @@
 007F00007E007E0000FE007E0000FE00FE0000FC00FE0001FC00FE0001F800FC0001F800
 FC0003F000FC0003F000FC0003E000FC0007E0007C0007C0007C000F80007C000F80007C
 001F00003E003E00003E007C00001F00F800000F83E0000007FF80000000FE0000002439
-77B62A>48 D<000300003800078000F80007F007F00007FFFFE00007FFFF80000FFFFF00
-000FFFFE00000FFFF800000FFFC000001E1C0000001C000000001C000000001C00000000
-3C0000000038000000003800000000380000000078000000007000000000700000000070
-7F000000F1FFC00000E783E00000FE01F00000F800F80001F000F80001E000FC0001C000
-7C000180007C000000007E000000007E000000007E00000000FE00000000FE00000000FE
-00000000FE00000001FE00000001FC001E0001FC007F0001FC007F0003FC00FF0003F800
-FF0003F800FE0007F000F80007F000E00007E000E0000FE000E0001FC000E0001F8000F0
-003F0000F0007E00007800FC00007C01F800003E07F000001FFFC000000FFF00000003F8
-000000253977B62A>53 D<000003F80000000FFE0000003FFF800000FE0FC00001F807E0
-0003F003E00007E003F0000FC001F0001F8001F0003F0001F0007F0001F8007E0001F800
-FE0001F800FE0001F801FC0001F801FC0003F801FC0003F803FC0003F803F80003F803F8
-0003F003F80007F007F80007F007F00007F007F0000FF007F0000FF007F0000FE007F000
-1FE003E0001FE003E0003FE003F0007FC001F0007FC001F000FFC000F801FFC0007803BF
-80003C0F3F80001FFC3F800007F07F000000007F000000007E00000000FE00000000FC00
-000001FC00000001F800000003F000000003F0003E0007E0007F000FC0007F000F80007F
-001F8000FE003F0000FC007E00007000FC00007803F000007C0FE000003FFF8000001FFE
-00000003F8000000253978B62A>57 D<00000003FE000E0000003FFF801E000000FFFFE0
-3C000003FE01F03C00000FF000787C00003FC0003CFC00007F00001FF80000FE00000FF8
-0003FC00000FF80007F8000007F8000FF0000007F0001FE0000003F0003FC0000003F000
-3F80000003F0007F00000003E000FF00000003E001FE00000003E001FC00000003E003FC
-00000003C007F800000003C007F800000003C00FF000000003C00FF000000003801FE000
-000003801FE000000000001FE000000000003FC000000000003FC000000000003FC00000
-0000007FC000000000007F8000000000007F8000000000007F800000000000FF80000000
-0000FF000000000000FF000000000000FF000000000000FF000000000000FF0000000038
-00FF000000003800FF000000007800FE000000007000FF000000007000FF00000000F000
-7F00000000E0007F00000001E0007F00000001C0007F00000003C0003F8000000780003F
-8000000700001F8000000E00001FC000001E00000FC000003C00000FE0000078000007F0
-0001F0000003F80003C0000001FE000F800000007F807E000000003FFFFC000000000FFF
-E00000000000FF00000000373D74BA3B>67 D<0003FFFFFFFE00000003FFFFFFFFC00000
-03FFFFFFFFF000000007F8000FF800000007F00003FC00000007F00000FE0000000FF000
-007F0000000FF000003F8000000FE000001F8000000FE000001FC000001FE000000FC000
-001FE000000FE000001FC000000FE000001FC0000007E000003FC0000007E000003FC000
-0007F000003F80000007F000003F80000007F000007F80000007F000007F80000007F000
-007F00000007F000007F00000007F00000FF00000007F00000FF0000000FF00000FE0000
-000FF00000FE0000000FF00001FE0000000FF00001FE0000000FE00001FC0000001FE000
-01FC0000001FE00003FC0000001FE00003FC0000001FC00003F80000003FC00003F80000
-003FC00007F80000003F800007F80000007F800007F00000007F000007F00000007F0000
-0FF0000000FE00000FF0000000FE00000FE0000001FC00000FE0000001F800001FE00000
-03F800001FE0000007F000001FC0000007E000001FC000000FC000003FC000001F800000
-3FC000003F8000003F8000007F0000003F800000FC0000007F800003F80000007F800007
-F00000007F00001FC0000000FF0001FF8000007FFFFFFFFE000000FFFFFFFFF0000000FF
-FFFFFF800000003C397CB83F>I<0007FFFFFFFFFF0007FFFFFFFFFF0007FFFFFFFFFF00
-000FF00003FF00000FE000007F00000FE000003E00001FE000003E00001FE000001E0000
-1FC000001E00001FC000001E00003FC000001E00003FC000001E00003F8000001E00003F
-8000001C00007F8000001C00007F8000001C00007F0003801C00007F0003801C0000FF00
-07801C0000FF000780000000FE000700000000FE000F00000001FE000F00000001FE001F
-00000001FC003E00000001FC007E00000003FFFFFE00000003FFFFFE00000003FFFFFC00
-000003F800FC00000007F8007C00000007F8003C00000007F0003800000007F000380000
-000FF000780000000FF0007800E0000FE0007000E0000FE0007001E0001FE0007001C000
-1FE0000001C0001FC0000003C0001FC000000380003FC000000780003FC000000700003F
-8000000F00003F8000000F00007F8000001E00007F8000003E00007F0000003C00007F00
-00007C0000FF000000FC0000FF000001F80000FE000007F80001FE00007FF000FFFFFFFF
-FFF000FFFFFFFFFFF000FFFFFFFFFFE00038397BB838>I<0003FFFFF80FFFFFE00003FF
-FFF80FFFFFE00003FFFFF80FFFFFE0000007F800001FE000000007F000001FC000000007
-F000001FC00000000FF000003FC00000000FF000003F800000000FE000003F800000000F
-E000003F800000001FE000007F800000001FE000007F000000001FC000007F000000001F
-C000007F000000003FC00000FF000000003FC00000FE000000003F800000FE000000003F
-800000FE000000007F800001FE000000007F800001FC000000007F000001FC000000007F
-000001FC00000000FF000003FC00000000FF000003F800000000FE000003F800000000FE
-000003F800000001FFFFFFFFF800000001FFFFFFFFF000000001FFFFFFFFF000000001FC
-000007F000000003FC00000FF000000003FC00000FE000000003F800000FE000000003F8
-00000FE000000007F800001FE000000007F800001FC000000007F000001FC000000007F0
-00001FC00000000FF000003FC00000000FF000003F800000000FE000003F800000000FE0
-00003F800000001FE000007F800000001FE000007F000000001FC000007F000000001FC0
-00007F000000003FC00000FF000000003FC00000FE000000003F800000FE000000003F80
-0000FE000000007F800001FE000000007F800001FC000000007F000001FC00000000FF00
-0003FC0000007FFFFE01FFFFF80000FFFFFE03FFFFF80000FFFFFE03FFFFF8000043397C
-B83E>72 D<0003FFFFF80003FFFFF80003FFFFF8000007F800000007F000000007F00000
-000FF00000000FF00000000FE00000000FE00000001FE00000001FE00000001FC0000000
-1FC00000003FC00000003FC00000003F800000003F800000007F800000007F800000007F
-000000007F00000000FF00000000FF00000000FE00000000FE00000001FE00000001FE00
-000001FC00000001FC00000003FC00000003FC00000003F800000003F800000007F80000
-0007F800000007F000000007F00000000FF00000000FF00000000FE00000000FE0000000
-1FE00000001FE00000001FC00000001FC00000003FC00000003FC00000003F800000003F
-800000007F800000007F800000007F00000000FF800000FFFFFF0000FFFFFF0000FFFFFE
-000025397CB820>I<0003FFF80000FFFFE00003FFF80000FFFFE00003FFFC0000FFFFE0
-000007FC000007F800000007FE000003F000000007FE000003E00000000FFE000003C000
-00000FFF000003C00000000E7F000003800000000E7F000003800000001E7F8000078000
-00001E3F800007000000001C3F800007000000001C3FC00007000000003C1FC0000F0000
-00003C1FE0000E00000000380FE0000E00000000380FE0000E00000000780FF0001E0000
-00007807F0001C000000007007F0001C000000007007F8001C00000000F003F8003C0000
-0000F003FC003800000000E003FC003800000000E001FC003800000001E001FE00780000
-0001E000FE007000000001C000FE007000000001C000FF007000000003C0007F00F00000
-0003C0007F00E00000000380007F80E00000000380003F80E00000000780003FC1E00000
-000780001FC1C00000000700001FC1C00000000700001FE1C00000000F00000FE3C00000
-000F00000FE3800000000E00000FF3800000000E000007F3800000001E000007FF800000
-001E000007FF000000001C000003FF000000001C000003FF000000003C000001FF000000
-003C000001FE0000000038000001FE0000000038000000FE0000000078000000FE000000
-0078000000FC00000000F80000007C00000003FC0000007C0000007FFFE000003C000000
-FFFFE0000038000000FFFFE000003800000043397CB83E>78 D<00000003FE0000000000
-3FFFC000000000FC07F000000003E001F80000000F80007C0000003F00003E0000007E00
-001F000000F800001F800001F000000FC00007E000000FC0000FC0000007E0001FC00000
-07E0001F80000007F0003F00000003F0007E00000003F000FE00000003F801FC00000003
-F801FC00000003F803F800000003F803F800000003F807F000000003F807F000000003F8
-0FF000000003F80FE000000003F81FE000000007F81FC000000007F83FC000000007F83F
-C000000007F83FC000000007F87F800000000FF07F800000000FF07F800000000FF07F80
-0000000FF0FF000000001FE0FF000000001FE0FF000000001FE0FF000000003FC0FF0000
-00003FC0FF000000003F80FF000000007F80FF000000007F00FF00000000FF00FF000000
-00FE00FF00000001FE00FF00000001FC007F00000003F8007F00000007F0007F00000007
-F0007F0000000FE0003F0000001FC0003F8000003F80001F8000003F00001FC000007E00
-000FC00000FC000007E00003F0000003F00007E0000001F8000F80000000FC003F000000
-003F01FC000000001FFFE00000000001FF00000000353D74BA40>I<0003FFFFFFF00000
-03FFFFFFFE000003FFFFFFFF80000007F8003FC0000007F0000FF0000007F00007F00000
-0FF00003F800000FF00001FC00000FE00001FC00000FE00001FC00001FE00001FE00001F
-E00001FE00001FC00001FE00001FC00001FE00003FC00001FE00003FC00003FC00003F80
-0003FC00003F800003FC00007F800007F800007F800007F000007F00000FF000007F0000
-0FE00000FF00001FC00000FF00003F000000FE0000FE000000FE0001F8000001FE000FE0
-000001FFFFFF80000001FFFFFC00000001FC003F00000003FC000F80000003FC000FC000
-0003F80007E0000003F80007F0000007F80003F0000007F80003F0000007F00003F00000
-07F00003F800000FF00007F800000FF00007F000000FE00007F000000FE00007F000001F
-E0000FF000001FE0000FF000001FC0000FF000001FC0000FF000003FC0000FF000003FC0
-001FF000003F80001FE007003F80001FE007007F80001FE00F007F80001FE00E007F0000
-1FE00E00FF00000FE01C7FFFFE000FE03CFFFFFE0007F078FFFFFE0003F0F00000000000
-FFE000000000003F80383B7CB83D>82 D<0000003FC00E000001FFF01C000007FFFC1C00
-001FC07E3C00003F001F7C00007C000FF80000F80007F80001F00003F80003E00003F800
-07C00001F00007C00001F0000F800001F0000F800001F0001F800001E0001F000001E000
-1F000001E0001F000001E0003F000001C0003F000001C0003F000001C0003F8000000000
-3F80000000003FC0000000001FE0000000001FFC000000001FFF800000000FFFF0000000
-0FFFFE00000007FFFF80000003FFFFE0000000FFFFF00000003FFFF800000007FFF80000
-00007FFC000000000FFC0000000003FC0000000001FC0000000001FC0000000000FC0000
-000000FC00000000007C000E0000007C000E0000007C000E0000007C001E000000FC001E
-000000F8001E000000F8001E000000F8003E000001F0003E000001F0003E000003E0003E
-000003E0007F000007C0007F00000F80007F80001F00007FC0003E0000F9F000FC0000F8
-FC03F80000F07FFFE00000E01FFF800000C003FC0000002F3D7ABA2F>I<07FFFFFFFFFF
-E007FFFFFFFFFFE00FFFFFFFFFFFE00FF800FF001FE00FC000FE0007C01F8000FE0007C0
-1F0001FE0003C01E0001FE0003C01C0001FC0003C03C0001FC0003803C0003FC00038038
-0003FC000380780003F8000380700003F8000780700007F8000780F00007F8000700E000
-07F0000700E00007F0000700E0000FF000070000000FF000000000000FE000000000000F
-E000000000001FE000000000001FE000000000001FC000000000001FC000000000003FC0
-00000000003FC000000000003F8000000000003F8000000000007F8000000000007F8000
-000000007F0000000000007F000000000000FF000000000000FF000000000000FE000000
-000000FE000000000001FE000000000001FE000000000001FC000000000001FC00000000
-0003FC000000000003FC000000000003F8000000000003F8000000000007F80000000000
-07F8000000000007F0000000000007F000000000000FF000000000000FF000000000000F
-E000000000003FF0000000007FFFFFF8000000FFFFFFF8000000FFFFFFF8000000333971
-B83B>I<3FFFFF800FFFFE3FFFFF800FFFFE3FFFFF800FFFFE007F8000007F80007F0000
-003F00007F0000003E0000FF0000003C0000FF0000003C0000FE000000380000FE000000
-380001FE000000780001FE000000700001FC000000700001FC000000700003FC000000F0
-0003FC000000E00003F8000000E00003F8000000E00007F8000001E00007F8000001C000
-07F0000001C00007F0000001C0000FF0000003C0000FF000000380000FE000000380000F
-E000000380001FE000000780001FE000000700001FC000000700001FC000000700003FC0
-00000F00003FC000000E00003F8000000E00003F8000000E00007F8000001E00007F8000
-001C00007F0000001C00007F0000001C00007F0000003C0000FF000000380000FE000000
-380000FE000000780000FE000000700000FE000000700000FE000000F00000FE000001E0
-0000FE000001C00000FE000003C000007E0000078000007E00000F0000007E00000E0000
-003F00003E0000001F80007C0000001F8000F00000000FC003E000000007F01FC0000000
-01FFFF00000000007FFC00000000001FE000000000373B70B83E>I<FFFFF80003FFFEFF
-FFF80003FFFEFFFFF80003FFFC03FE0000007FC003FC0000003F0001FC0000003E0001FC
-0000003C0001FC000000380001FC000000700001FC000000700001FC000000E00001FC00
-0001E00001FC000001C00001FE000003800001FE000003800000FE000007000000FE0000
-0F000000FE00000E000000FE00001C000000FE00001C000000FE000038000000FE000038
-000000FE000070000000FE0000E0000000FE0000E0000000FF0001C00000007F0001C000
-00007F0003800000007F0007800000007F0007000000007F000E000000007F000E000000
-007F001C000000007F003C000000007F0038000000007F0070000000007F807000000000
-3F80E0000000003F81E0000000003F81C0000000003F8380000000003F8380000000003F
-8700000000003F8700000000003F8E00000000003F9E00000000003F9C00000000003FF8
-00000000003FF800000000001FF000000000001FF000000000001FE000000000001FC000
-000000001FC000000000001F8000000000001F8000000000001F0000000000001E000000
-0000001E0000000000373B6FB83E>I<FFFFF80FFFFF001FFFF0FFFFF80FFFFF003FFFF0
-FFFFF00FFFFF003FFFE007FE00007FE00003FE0003F800003F800001FC0003F800003F80
-0000F00003F800003F800000F00003F800003F800001E00003F800003F800001C00003F8
-00003F800003C00003F800003F800003800003F800003F800007800003F800007F800007
-000003F800007F80000E000003F80000FF80000E000003F80001FF80001C000003F80001
-FF80001C000003F80003BF800038000003FC0003BF800038000001FC00073F8000700000
-01FC00073F800070000001FC000E3F8000E0000001FC000E3FC000E0000001FC001C1FC0
-01C0000001FC001C1FC003C0000001FC00381FC00380000001FC00381FC00700000001FC
-00701FC00700000001FC00F01FC00E00000001FC00E01FC00E00000001FC01C01FC01C00
-000001FC01C01FC01C00000001FC03801FC03800000001FC03801FC03800000001FC0700
-1FC07000000001FC07001FC07000000001FC0E001FC0E000000001FC0E001FC1E0000000
-01FC1C001FC1C000000001FC1C001FC38000000001FC38001FC38000000001FC78001FC7
-0000000001FC70001FC70000000001FCE0001FCE0000000001FEE0001FCE0000000000FF
-C0001FDC0000000000FFC0001FDC0000000000FF80001FF80000000000FF80001FF80000
-000000FF00001FF00000000000FF00000FF00000000000FE00000FE00000000000FE0000
-0FC00000000000FC00000FC00000000000FC00000F800000000000F800000F8000000000
-00F000000F000000000000F000000F000000000000E000000E00000000004C3B6FB853>
-I<FFFFFFFFFFFCFFFFFFFFFFFEFFFFFFFFFFFEFFFFFFFFFFFC2F047C7040>95
+77B62A>48 D<000000380000003800000070000000F0000001F0000003F0000007E00000
+0FE000003FE00000FFE00007FFC0003FCFC0003F1FC000101FC000001F8000001F800000
+3F8000003F8000003F0000003F0000007F0000007F0000007E0000007E000000FE000000
+FE000000FC000000FC000001FC000001FC000001F8000001F8000003F8000003F8000003
+F0000003F0000007F0000007F0000007E0000007E000000FE000000FE000000FC000000F
+C000001FC000001FC000001F8000001F8000003F8000003F8000003F0000007F8000FFFF
+FF80FFFFFF80FFFFFF801D3777B62A>I<000003F00000001FFE0000007C0F800000F007
+C00001C003E000038003F000070001F0000F0001F8001E0001F8001C0001F8003C6001F8
+00387001FC00783001FC00703001FC00F03001FC00E03001FC00E07003FC01E06003F801
+C06003F801C0E003F801C0C007F801C1C007F00181800FF00183800FE001C7001FC001FE
+003FC00078003F800000007F00000000FE00000001F800000003F000000007E00000001F
+800000003F00000000FC00000001F000000007C00000000F800000003E000000007C0000
+0000F80000C001F00001C003E00001C003C00001C007800003C00F000003800E00000780
+1E00000F803C00001F003FF8003F007FFFC07E00783FFFFC00700FFFFC00F007FFF800E0
+01FFF000E000FFC000E0001F0000263979B62A>I<00000000E000000003F000000003F0
+00000003F000000007F000000007E000000007E000000007E00000000FE00000000FC000
+00000FC00000001FC00000001F800000001F800000003F800000003F000000003F000000
+007E000000007E000000007E00000000FC00000000FC00000001F800000001F800000003
+F000000003F000000003E000000007C000000007C00000000F800000001F800000001F00
+0000003E000000003E000000007C00000000F81C000000F83E000001F07E000003E07E00
+0003C07E000007C0FE00000F80FC00001F00FC00003E00FC00003C01FC00007801F80000
+F001F80001E001F80003C003F80007FE03F0001FFFC3F0003FFFFBF0007C01FFF040F000
+3FFFE0600007FFE0000007FF0000000FE00000000FC00000000FC00000000FC00000001F
+C00000001F800000001F800000001F800000003F800000003F000000003F000000003F00
+0000003F000000003E000000001C000024477DB62A>52 D<000300003800078000F80007
+F007F00007FFFFE00007FFFF80000FFFFF00000FFFFE00000FFFF800000FFFC000001E1C
+0000001C000000001C000000001C000000003C0000000038000000003800000000380000
+0000780000000070000000007000000000707F000000F1FFC00000E783E00000FE01F000
+00F800F80001F000F80001E000FC0001C0007C000180007C000000007E000000007E0000
+00007E00000000FE00000000FE00000000FE00000000FE00000001FE00000001FC001E00
+01FC007F0001FC007F0003FC00FF0003F800FF0003F800FE0007F000F80007F000E00007
+E000E0000FE000E0001FC000E0001F8000F0003F0000F0007E00007800FC00007C01F800
+003E07F000001FFFC000000FFF00000003F8000000253977B62A>I<000003F80000000F
+FF0000003FFF800000FE07E00001F003E00003E001F00007C001F0000F8000F8001F0000
+F8001F0000F8003E0000F8003E0000F8003E0001F8007E0001F0007E0001F0007E0003F0
+007E0003E0007F0007E0007F800FC0007FC00F80007FE01F00003FF03E00003FF8780000
+1FFDF000000FFFC0000007FF80000003FFC0000003FFE000000FFFF000001E7FF800007C
+1FFC0000F80FFC0003E007FE0007C003FE000FC001FF001F8000FF001F00007F003E0000
+7F007E00003F007C00003F007C00003F00FC00003E00F800003E00F800003E00F800007E
+00F800007C00F80000F800F80000F800F80001F000FC0003E0007C0007C0007E000F8000
+3F003F00001F80FE00000FFFF8000003FFE0000000FF000000253978B62A>56
+D<000003F80000000FFE0000003FFF800000FE0FC00001F807E00003F003E00007E003F0
+000FC001F0001F8001F0003F0001F0007F0001F8007E0001F800FE0001F800FE0001F801
+FC0001F801FC0003F801FC0003F803FC0003F803F80003F803F80003F003F80007F007F8
+0007F007F00007F007F0000FF007F0000FF007F0000FE007F0001FE003E0001FE003E000
+3FE003F0007FC001F0007FC001F000FFC000F801FFC0007803BF80003C0F3F80001FFC3F
+800007F07F000000007F000000007E00000000FE00000000FC00000001FC00000001F800
+000003F000000003F0003E0007E0007F000FC0007F000F80007F001F8000FE003F0000FC
+007E00007000FC00007803F000007C0FE000003FFF8000001FFE00000003F80000002539
+78B62A>I<07FFFFFFFFFFFC0FFFFFFFFFFFFE0000000000000000000000000000000000
+000000000000000000000000000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000000000000000000000000000
+0000000000000000000000000000000000000000000000FFFFFFFFFFFFE07FFFFFFFFFFF
+C03714779E40>61 D<00000003FE000E0000003FFF801E000000FFFFE03C000003FE01F0
+3C00000FF000787C00003FC0003CFC00007F00001FF80000FE00000FF80003FC00000FF8
+0007F8000007F8000FF0000007F0001FE0000003F0003FC0000003F0003F80000003F000
+7F00000003E000FF00000003E001FE00000003E001FC00000003E003FC00000003C007F8
+00000003C007F800000003C00FF000000003C00FF000000003801FE000000003801FE000
+000000001FE000000000003FC000000000003FC000000000003FC000000000007FC00000
+0000007F8000000000007F8000000000007F800000000000FF800000000000FF00000000
+0000FF000000000000FF000000000000FF000000000000FF000000003800FF0000000038
+00FF000000007800FE000000007000FF000000007000FF00000000F0007F00000000E000
+7F00000001E0007F00000001C0007F00000003C0003F8000000780003F8000000700001F
+8000000E00001FC000001E00000FC000003C00000FE0000078000007F00001F0000003F8
+0003C0000001FE000F800000007F807E000000003FFFFC000000000FFFE00000000000FF
+00000000373D74BA3B>67 D<0003FFFFFFFE00000003FFFFFFFFC0000003FFFFFFFFF000
+000007F8000FF800000007F00003FC00000007F00000FE0000000FF000007F0000000FF0
+00003F8000000FE000001F8000000FE000001FC000001FE000000FC000001FE000000FE0
+00001FC000000FE000001FC0000007E000003FC0000007E000003FC0000007F000003F80
+000007F000003F80000007F000007F80000007F000007F80000007F000007F00000007F0
+00007F00000007F00000FF00000007F00000FF0000000FF00000FE0000000FF00000FE00
+00000FF00001FE0000000FF00001FE0000000FE00001FC0000001FE00001FC0000001FE0
+0003FC0000001FE00003FC0000001FC00003F80000003FC00003F80000003FC00007F800
+00003F800007F80000007F800007F00000007F000007F00000007F00000FF0000000FE00
+000FF0000000FE00000FE0000001FC00000FE0000001F800001FE0000003F800001FE000
+0007F000001FC0000007E000001FC000000FC000003FC000001F8000003FC000003F8000
+003F8000007F0000003F800000FC0000007F800003F80000007F800007F00000007F0000
+1FC0000000FF0001FF8000007FFFFFFFFE000000FFFFFFFFF0000000FFFFFFFF80000000
+3C397CB83F>I<0007FFFFFFFFFF0007FFFFFFFFFF0007FFFFFFFFFF00000FF00003FF00
+000FE000007F00000FE000003E00001FE000003E00001FE000001E00001FC000001E0000
+1FC000001E00003FC000001E00003FC000001E00003F8000001E00003F8000001C00007F
+8000001C00007F8000001C00007F0003801C00007F0003801C0000FF0007801C0000FF00
+0780000000FE000700000000FE000F00000001FE000F00000001FE001F00000001FC003E
+00000001FC007E00000003FFFFFE00000003FFFFFE00000003FFFFFC00000003F800FC00
+000007F8007C00000007F8003C00000007F0003800000007F000380000000FF000780000
+000FF0007800E0000FE0007000E0000FE0007001E0001FE0007001C0001FE0000001C000
+1FC0000003C0001FC000000380003FC000000780003FC000000700003F8000000F00003F
+8000000F00007F8000001E00007F8000003E00007F0000003C00007F0000007C0000FF00
+0000FC0000FF000001F80000FE000007F80001FE00007FF000FFFFFFFFFFF000FFFFFFFF
+FFF000FFFFFFFFFFE00038397BB838>I<0003FFFFF80FFFFFE00003FFFFF80FFFFFE000
+03FFFFF80FFFFFE0000007F800001FE000000007F000001FC000000007F000001FC00000
+000FF000003FC00000000FF000003F800000000FE000003F800000000FE000003F800000
+001FE000007F800000001FE000007F000000001FC000007F000000001FC000007F000000
+003FC00000FF000000003FC00000FE000000003F800000FE000000003F800000FE000000
+007F800001FE000000007F800001FC000000007F000001FC000000007F000001FC000000
+00FF000003FC00000000FF000003F800000000FE000003F800000000FE000003F8000000
+01FFFFFFFFF800000001FFFFFFFFF000000001FFFFFFFFF000000001FC000007F0000000
+03FC00000FF000000003FC00000FE000000003F800000FE000000003F800000FE0000000
+07F800001FE000000007F800001FC000000007F000001FC000000007F000001FC0000000
+0FF000003FC00000000FF000003F800000000FE000003F800000000FE000003F80000000
+1FE000007F800000001FE000007F000000001FC000007F000000001FC000007F00000000
+3FC00000FF000000003FC00000FE000000003F800000FE000000003F800000FE00000000
+7F800001FE000000007F800001FC000000007F000001FC00000000FF000003FC0000007F
+FFFE01FFFFF80000FFFFFE03FFFFF80000FFFFFE03FFFFF8000043397CB83E>72
+D<0003FFFFF80003FFFFF80003FFFFF8000007F800000007F000000007F00000000FF000
+00000FF00000000FE00000000FE00000001FE00000001FE00000001FC00000001FC00000
+003FC00000003FC00000003F800000003F800000007F800000007F800000007F00000000
+7F00000000FF00000000FF00000000FE00000000FE00000001FE00000001FE00000001FC
+00000001FC00000003FC00000003FC00000003F800000003F800000007F800000007F800
+000007F000000007F00000000FF00000000FF00000000FE00000000FE00000001FE00000
+001FE00000001FC00000001FC00000003FC00000003FC00000003F800000003F80000000
+7F800000007F800000007F00000000FF800000FFFFFF0000FFFFFF0000FFFFFE00002539
+7CB820>I<0003FFF80000FFFFE00003FFF80000FFFFE00003FFFC0000FFFFE0000007FC
+000007F800000007FE000003F000000007FE000003E00000000FFE000003C00000000FFF
+000003C00000000E7F000003800000000E7F000003800000001E7F800007800000001E3F
+800007000000001C3F800007000000001C3FC00007000000003C1FC0000F000000003C1F
+E0000E00000000380FE0000E00000000380FE0000E00000000780FF0001E000000007807
+F0001C000000007007F0001C000000007007F8001C00000000F003F8003C00000000F003
+FC003800000000E003FC003800000000E001FC003800000001E001FE007800000001E000
+FE007000000001C000FE007000000001C000FF007000000003C0007F00F000000003C000
+7F00E00000000380007F80E00000000380003F80E00000000780003FC1E0000000078000
+1FC1C00000000700001FC1C00000000700001FE1C00000000F00000FE3C00000000F0000
+0FE3800000000E00000FF3800000000E000007F3800000001E000007FF800000001E0000
+07FF000000001C000003FF000000001C000003FF000000003C000001FF000000003C0000
+01FE0000000038000001FE0000000038000000FE0000000078000000FE00000000780000
+00FC00000000F80000007C00000003FC0000007C0000007FFFE000003C000000FFFFE000
+0038000000FFFFE000003800000043397CB83E>78 D<00000003FE00000000003FFFC000
+000000FC07F000000003E001F80000000F80007C0000003F00003E0000007E00001F0000
+00F800001F800001F000000FC00007E000000FC0000FC0000007E0001FC0000007E0001F
+80000007F0003F00000003F0007E00000003F000FE00000003F801FC00000003F801FC00
+000003F803F800000003F803F800000003F807F000000003F807F000000003F80FF00000
+0003F80FE000000003F81FE000000007F81FC000000007F83FC000000007F83FC0000000
+07F83FC000000007F87F800000000FF07F800000000FF07F800000000FF07F800000000F
+F0FF000000001FE0FF000000001FE0FF000000001FE0FF000000003FC0FF000000003FC0
+FF000000003F80FF000000007F80FF000000007F00FF00000000FF00FF00000000FE00FF
+00000001FE00FF00000001FC007F00000003F8007F00000007F0007F00000007F0007F00
+00000FE0003F0000001FC0003F8000003F80001F8000003F00001FC000007E00000FC000
+00FC000007E00003F0000003F00007E0000001F8000F80000000FC003F000000003F01FC
+000000001FFFE00000000001FF00000000353D74BA40>I<0003FFFFFFF0000003FFFFFF
+FE000003FFFFFFFF80000007F8003FC0000007F0000FF0000007F00007F000000FF00003
+F800000FF00001FC00000FE00001FC00000FE00001FC00001FE00001FE00001FE00001FE
+00001FC00001FE00001FC00001FE00003FC00001FE00003FC00003FC00003F800003FC00
+003F800003FC00007F800007F800007F800007F000007F00000FF000007F00000FE00000
+FF00001FC00000FF00003F000000FE0000FE000000FE0001F8000001FE000FE0000001FF
+FFFF80000001FFFFFC00000001FC003F00000003FC000F80000003FC000FC0000003F800
+07E0000003F80007F0000007F80003F0000007F80003F0000007F00003F0000007F00003
+F800000FF00007F800000FF00007F000000FE00007F000000FE00007F000001FE0000FF0
+00001FE0000FF000001FC0000FF000001FC0000FF000003FC0000FF000003FC0001FF000
+003F80001FE007003F80001FE007007F80001FE00F007F80001FE00E007F00001FE00E00
+FF00000FE01C7FFFFE000FE03CFFFFFE0007F078FFFFFE0003F0F00000000000FFE00000
+0000003F80383B7CB83D>82 D<0000003FC00E000001FFF01C000007FFFC1C00001FC07E
+3C00003F001F7C00007C000FF80000F80007F80001F00003F80003E00003F80007C00001
+F00007C00001F0000F800001F0000F800001F0001F800001E0001F000001E0001F000001
+E0001F000001E0003F000001C0003F000001C0003F000001C0003F80000000003F800000
+00003FC0000000001FE0000000001FFC000000001FFF800000000FFFF00000000FFFFE00
+000007FFFF80000003FFFFE0000000FFFFF00000003FFFF800000007FFF8000000007FFC
+000000000FFC0000000003FC0000000001FC0000000001FC0000000000FC0000000000FC
+00000000007C000E0000007C000E0000007C000E0000007C001E000000FC001E000000F8
+001E000000F8001E000000F8003E000001F0003E000001F0003E000003E0003E000003E0
+007F000007C0007F00000F80007F80001F00007FC0003E0000F9F000FC0000F8FC03F800
+00F07FFFE00000E01FFF800000C003FC0000002F3D7ABA2F>I<07FFFFFFFFFFE007FFFF
+FFFFFFE00FFFFFFFFFFFE00FF800FF001FE00FC000FE0007C01F8000FE0007C01F0001FE
+0003C01E0001FE0003C01C0001FC0003C03C0001FC0003803C0003FC000380380003FC00
+0380780003F8000380700003F8000780700007F8000780F00007F8000700E00007F00007
+00E00007F0000700E0000FF000070000000FF000000000000FE000000000000FE0000000
+00001FE000000000001FE000000000001FC000000000001FC000000000003FC000000000
+003FC000000000003F8000000000003F8000000000007F8000000000007F800000000000
+7F0000000000007F000000000000FF000000000000FF000000000000FE000000000000FE
+000000000001FE000000000001FE000000000001FC000000000001FC000000000003FC00
+0000000003FC000000000003F8000000000003F8000000000007F8000000000007F80000
+00000007F0000000000007F000000000000FF000000000000FF000000000000FE0000000
+00003FF0000000007FFFFFF8000000FFFFFFF8000000FFFFFFF8000000333971B83B>I<
+3FFFFF800FFFFE3FFFFF800FFFFE3FFFFF800FFFFE007F8000007F80007F0000003F0000
+7F0000003E0000FF0000003C0000FF0000003C0000FE000000380000FE000000380001FE
+000000780001FE000000700001FC000000700001FC000000700003FC000000F00003FC00
+0000E00003F8000000E00003F8000000E00007F8000001E00007F8000001C00007F00000
+01C00007F0000001C0000FF0000003C0000FF000000380000FE000000380000FE0000003
+80001FE000000780001FE000000700001FC000000700001FC000000700003FC000000F00
+003FC000000E00003F8000000E00003F8000000E00007F8000001E00007F8000001C0000
+7F0000001C00007F0000001C00007F0000003C0000FF000000380000FE000000380000FE
+000000780000FE000000700000FE000000700000FE000000F00000FE000001E00000FE00
+0001C00000FE000003C000007E0000078000007E00000F0000007E00000E0000003F0000
+3E0000001F80007C0000001F8000F00000000FC003E000000007F01FC000000001FFFF00
+000000007FFC00000000001FE000000000373B70B83E>I<FFFFF80003FFFEFFFFF80003
+FFFEFFFFF80003FFFC03FE0000007FC003FC0000003F0001FC0000003E0001FC0000003C
+0001FC000000380001FC000000700001FC000000700001FC000000E00001FC000001E000
+01FC000001C00001FE000003800001FE000003800000FE000007000000FE00000F000000
+FE00000E000000FE00001C000000FE00001C000000FE000038000000FE000038000000FE
+000070000000FE0000E0000000FE0000E0000000FF0001C00000007F0001C00000007F00
+03800000007F0007800000007F0007000000007F000E000000007F000E000000007F001C
+000000007F003C000000007F0038000000007F0070000000007F8070000000003F80E000
+0000003F81E0000000003F81C0000000003F8380000000003F8380000000003F87000000
+00003F8700000000003F8E00000000003F9E00000000003F9C00000000003FF800000000
+003FF800000000001FF000000000001FF000000000001FE000000000001FC00000000000
+1FC000000000001F8000000000001F8000000000001F0000000000001E0000000000001E
+0000000000373B6FB83E>I<FFFFF80FFFFF001FFFF0FFFFF80FFFFF003FFFF0FFFFF00F
+FFFF003FFFE007FE00007FE00003FE0003F800003F800001FC0003F800003F800000F000
+03F800003F800000F00003F800003F800001E00003F800003F800001C00003F800003F80
+0003C00003F800003F800003800003F800003F800007800003F800007F800007000003F8
+00007F80000E000003F80000FF80000E000003F80001FF80001C000003F80001FF80001C
+000003F80003BF800038000003FC0003BF800038000001FC00073F800070000001FC0007
+3F800070000001FC000E3F8000E0000001FC000E3FC000E0000001FC001C1FC001C00000
+01FC001C1FC003C0000001FC00381FC00380000001FC00381FC00700000001FC00701FC0
+0700000001FC00F01FC00E00000001FC00E01FC00E00000001FC01C01FC01C00000001FC
+01C01FC01C00000001FC03801FC03800000001FC03801FC03800000001FC07001FC07000
+000001FC07001FC07000000001FC0E001FC0E000000001FC0E001FC1E000000001FC1C00
+1FC1C000000001FC1C001FC38000000001FC38001FC38000000001FC78001FC700000000
+01FC70001FC70000000001FCE0001FCE0000000001FEE0001FCE0000000000FFC0001FDC
+0000000000FFC0001FDC0000000000FF80001FF80000000000FF80001FF80000000000FF
+00001FF00000000000FF00000FF00000000000FE00000FE00000000000FE00000FC00000
+000000FC00000FC00000000000FC00000F800000000000F800000F800000000000F00000
+0F000000000000F000000F000000000000E000000E00000000004C3B6FB853>I<FFFFFF
+FFFFFCFFFFFFFFFFFEFFFFFFFFFFFEFFFFFFFFFFFC2F047C7040>95
 D<0000F800000007FE0000001F871C00003E03FE00007C03FE0000F801FE0001F801FE00
 03F000FC0007E000FC000FE000FC000FC001FC001FC001F8001FC001F8003F8001F8003F
 8003F8007F8003F0007F0003F0007F0003F0007F0007F000FF0007E000FE0007E000FE00
@@ -2253,8 +2290,8 @@
 FFFFFFF0FFFFFFFFF0FFFFFFFFF0FFFFFFFFF07FFFFFFFE024247DA32C>I
 E
 %EndDVIPSBitmapFont
-%DVIPSBitmapFont: Fm ecbx1000 10 29
-/Fm 29 122 df<FFFFFFFFFFFFFFFFFFFFFFFCFFFFFFFFFFFFFFFFFFFFFFFCFFFFFFFFFF
+%DVIPSBitmapFont: Fm ecbx1000 10 30
+/Fm 30 122 df<FFFFFFFFFFFFFFFFFFFFFFFCFFFFFFFFFFFFFFFFFFFFFFFCFFFFFFFFFF
 FFFFFFFFFFFFFC5E0380975F>22 D<00001E000000003E00000000FE00000007FE000000
 7FFE0000FFFFFE0000FFFFFE0000FFFFFE0000FF8FFE0000000FFE0000000FFE0000000F
 FE0000000FFE0000000FFE0000000FFE0000000FFE0000000FFE0000000FFE0000000FFE
@@ -2287,51 +2324,59 @@
 1E0000FFC0003C0000FFC0007C0000FFC000F80000FFC000FFFFFFFFFF80FFFFFFFFFF80
 FFFFFFFFFF80FFFFFFFFFF80000001FFC000000001FFC000000001FFC000000001FFC000
 000001FFC000000001FFC000000001FFC000000001FFC000000001FFC000000001FFC000
-0003FFFFFF800003FFFFFF800003FFFFFF800003FFFFFF8029367DB530>I<FFFFFFFFFF
-C00000FFFFFFFFFFFC0000FFFFFFFFFFFF0000FFFFFFFFFFFFC000007FF00003FFE00000
-7FF00000FFF000007FF000007FF800007FF000003FFC00007FF000001FFC00007FF00000
-1FFE00007FF000001FFE00007FF000000FFF00007FF000000FFF00007FF000000FFF0000
-7FF000000FFF00007FF000000FFF00007FF000000FFF00007FF000000FFF00007FF00000
-1FFE00007FF000001FFE00007FF000001FFC00007FF000003FFC00007FF000007FF80000
-7FF00000FFF000007FF00001FFC000007FF0000FFF8000007FFFFFFFFC0000007FFFFFFF
-FC0000007FFFFFFFFF8000007FF00000FFF000007FF000003FF800007FF000001FFC0000
-7FF000000FFE00007FF0000007FF00007FF0000007FF80007FF0000003FFC0007FF00000
-03FFC0007FF0000003FFC0007FF0000003FFE0007FF0000003FFE0007FF0000003FFE000
-7FF0000003FFE0007FF0000003FFE0007FF0000003FFE0007FF0000003FFE0007FF00000
-03FFC0007FF0000003FFC0007FF0000007FFC0007FF000000FFF80007FF000000FFF0000
-7FF000001FFF00007FF000007FFE00007FF00001FFFC00FFFFFFFFFFFFF000FFFFFFFFFF
-FFC000FFFFFFFFFFFF0000FFFFFFFFFFF000003B397DB844>66 D<FFFFFFFCFFFFFFFCFF
-FFFFFCFFFFFFFC007FF800007FF800007FF800007FF800007FF800007FF800007FF80000
-7FF800007FF800007FF800007FF800007FF800007FF800007FF800007FF800007FF80000
-7FF800007FF800007FF800007FF800007FF800007FF800007FF800007FF800007FF80000
-7FF800007FF800007FF800007FF800007FF800007FF800007FF800007FF800007FF80000
-7FF800007FF800007FF800007FF800007FF800007FF800007FF800007FF800007FF80000
-7FF800007FF800007FF800007FF800007FF800007FF800FFFFFFFCFFFFFFFCFFFFFFFCFF
-FFFFFC1E397DB824>73 D<FFFFFFFF000000FFFFFFFF000000FFFFFFFF000000FFFFFFFF
+0003FFFFFF800003FFFFFF800003FFFFFF800003FFFFFF8029367DB530>I<00000FF800
+0000FFFE000003FFFF80000FF80FC0003FE003E0007F8001F000FF000FF001FF001FF803
+FE003FF807FC003FF80FFC003FF80FF8003FF81FF8003FF81FF8003FF83FF8001FF03FF8
+000FE07FF00000007FF00000007FF00000007FF00800007FF07FF000FFF1FFFC00FFF3FF
+FF00FFF780FF80FFFF007FC0FFFE003FE0FFFC003FF0FFFC001FF8FFF8001FF8FFF8001F
+FCFFF8001FFCFFF8001FFCFFF0001FFEFFF0001FFEFFF0001FFEFFF0001FFE7FF0001FFE
+7FF0001FFE7FF0001FFE7FF0001FFE7FF0001FFE3FF0001FFE3FF0001FFC3FF0001FFC1F
+F8001FFC1FF8001FF80FF8003FF80FFC003FF007FC003FE003FE007FC001FF81FF8000FF
+FFFF00003FFFFC00000FFFF0000001FF800027377CB530>54 D<FFFFFFFFFFC00000FFFF
+FFFFFFFC0000FFFFFFFFFFFF0000FFFFFFFFFFFFC000007FF00003FFE000007FF00000FF
+F000007FF000007FF800007FF000003FFC00007FF000001FFC00007FF000001FFE00007F
+F000001FFE00007FF000000FFF00007FF000000FFF00007FF000000FFF00007FF000000F
+FF00007FF000000FFF00007FF000000FFF00007FF000000FFF00007FF000001FFE00007F
+F000001FFE00007FF000001FFC00007FF000003FFC00007FF000007FF800007FF00000FF
+F000007FF00001FFC000007FF0000FFF8000007FFFFFFFFC0000007FFFFFFFFC0000007F
+FFFFFFFF8000007FF00000FFF000007FF000003FF800007FF000001FFC00007FF000000F
+FE00007FF0000007FF00007FF0000007FF80007FF0000003FFC0007FF0000003FFC0007F
+F0000003FFC0007FF0000003FFE0007FF0000003FFE0007FF0000003FFE0007FF0000003
+FFE0007FF0000003FFE0007FF0000003FFE0007FF0000003FFE0007FF0000003FFC0007F
+F0000003FFC0007FF0000007FFC0007FF000000FFF80007FF000000FFF00007FF000001F
+FF00007FF000007FFE00007FF00001FFFC00FFFFFFFFFFFFF000FFFFFFFFFFFFC000FFFF
+FFFFFFFF0000FFFFFFFFFFF000003B397DB844>66 D<FFFFFFFCFFFFFFFCFFFFFFFCFFFF
+FFFC007FF800007FF800007FF800007FF800007FF800007FF800007FF800007FF800007F
+F800007FF800007FF800007FF800007FF800007FF800007FF800007FF800007FF800007F
+F800007FF800007FF800007FF800007FF800007FF800007FF800007FF800007FF800007F
+F800007FF800007FF800007FF800007FF800007FF800007FF800007FF800007FF800007F
+F800007FF800007FF800007FF800007FF800007FF800007FF800007FF800007FF800007F
+F800007FF800007FF800007FF800007FF800FFFFFFFCFFFFFFFCFFFFFFFCFFFFFFFC1E39
+7DB824>73 D<FFFFFFFF000000FFFFFFFF000000FFFFFFFF000000FFFFFFFF000000007F
+F800000000007FF800000000007FF800000000007FF800000000007FF800000000007FF8
+00000000007FF800000000007FF800000000007FF800000000007FF800000000007FF800
 000000007FF800000000007FF800000000007FF800000000007FF800000000007FF80000
 0000007FF800000000007FF800000000007FF800000000007FF800000000007FF8000000
 00007FF800000000007FF800000000007FF800000000007FF800000000007FF800000000
-007FF800000000007FF800000000007FF800000000007FF800000000007FF80000000000
-7FF800000000007FF800000000007FF800000000007FF800000000007FF800000000007F
-F800000000007FF800000000007FF800000000007FF800000000007FF800000000007FF8
-00000780007FF800000780007FF800000780007FF800000780007FF800000780007FF800
-000F80007FF800000F00007FF800000F00007FF800000F00007FF800001F00007FF80000
-1F00007FF800003F00007FF800003F00007FF800007F00007FF80000FF00007FF80001FF
-00007FF80003FF00007FF8000FFE00007FF8007FFE00FFFFFFFFFFFE00FFFFFFFFFFFE00
-FFFFFFFFFFFE00FFFFFFFFFFFE0031397DB839>76 D<000000FFF800000000000FFFFF80
-000000007FFFFFF000000001FFC01FFC00000007FF0007FF0000001FFC0001FFC000003F
-F000007FE000007FE000003FF00000FFC000001FF80001FF8000000FFC0003FF8000000F
-FE0007FF00000007FF0007FF00000007FF000FFE00000003FF800FFE00000003FF801FFC
-00000001FFC01FFC00000001FFC03FFC00000001FFE03FFC00000001FFE03FFC00000001
-FFE07FF800000000FFF07FF800000000FFF07FF800000000FFF07FF800000000FFF0FFF8
-00000000FFF8FFF800000000FFF8FFF800000000FFF8FFF800000000FFF8FFF800000000
-FFF8FFF800000000FFF8FFF800000000FFF8FFF800000000FFF8FFF800000000FFF8FFF8
-00000000FFF8FFF800000000FFF8FFF800000000FFF87FF800000000FFF07FFC00000001
-FFF07FFC00000001FFF07FFC00000001FFF03FFC00000001FFE03FFC00000001FFE03FFE
-00000003FFE01FFE00000003FFC01FFE00000003FFC00FFF00000007FF8007FF00000007
-FF0007FF8000000FFF0003FFC000001FFE0001FFC000001FFC0000FFE000003FF800007F
-F000007FF000003FFC0001FFE000001FFF0007FFC0000007FFC01FFF00000001FFFFFFFC
-000000007FFFFFF0000000000FFFFF800000000000FFF80000003D3B7BB948>79
+007FF800000000007FF800000000007FF800000000007FF800000000007FF80000078000
+7FF800000780007FF800000780007FF800000780007FF800000780007FF800000F80007F
+F800000F00007FF800000F00007FF800000F00007FF800001F00007FF800001F00007FF8
+00003F00007FF800003F00007FF800007F00007FF80000FF00007FF80001FF00007FF800
+03FF00007FF8000FFE00007FF8007FFE00FFFFFFFFFFFE00FFFFFFFFFFFE00FFFFFFFFFF
+FE00FFFFFFFFFFFE0031397DB839>76 D<000000FFF800000000000FFFFF80000000007F
+FFFFF000000001FFC01FFC00000007FF0007FF0000001FFC0001FFC000003FF000007FE0
+00007FE000003FF00000FFC000001FF80001FF8000000FFC0003FF8000000FFE0007FF00
+000007FF0007FF00000007FF000FFE00000003FF800FFE00000003FF801FFC00000001FF
+C01FFC00000001FFC03FFC00000001FFE03FFC00000001FFE03FFC00000001FFE07FF800
+000000FFF07FF800000000FFF07FF800000000FFF07FF800000000FFF0FFF800000000FF
+F8FFF800000000FFF8FFF800000000FFF8FFF800000000FFF8FFF800000000FFF8FFF800
+000000FFF8FFF800000000FFF8FFF800000000FFF8FFF800000000FFF8FFF800000000FF
+F8FFF800000000FFF8FFF800000000FFF87FF800000000FFF07FFC00000001FFF07FFC00
+000001FFF07FFC00000001FFF03FFC00000001FFE03FFC00000001FFE03FFE00000003FF
+E01FFE00000003FFC01FFE00000003FFC00FFF00000007FF8007FF00000007FF0007FF80
+00000FFF0003FFC000001FFE0001FFC000001FFC0000FFE000003FF800007FF000007FF0
+00003FFC0001FFE000001FFF0007FFC0000007FFC01FFF00000001FFFFFFFC000000007F
+FFFFF0000000000FFFFF800000000000FFF80000003D3B7BB948>79
 D<FFFFFFFFFF0000FFFFFFFFFFF000FFFFFFFFFFFE00FFFFFFFFFFFF80007FF8000FFFC0
 007FF80001FFE0007FF80000FFF0007FF800007FF8007FF800003FFC007FF800003FFC00
 7FF800001FFE007FF800001FFE007FF800001FFF007FF800001FFF007FF800001FFF007F
@@ -2714,35 +2759,108 @@
 07FE078003FE078001FF0F0000FFFE00003FFC00000FF0001A2F7EAE22>I
 E
 %EndDVIPSBitmapFont
-%DVIPSBitmapFont: Fp ecss0900 9 29
-/Fp 29 122 df<FEFEFEFEFEFEFE0707798615>46 D<00000070000000F8000000F80000
-01F8000001F0000001F0000003F0000003E0000003E0000007E0000007C0000007C00000
-0FC000000F8000000F8000001F8000001F0000001F0000003F0000003E0000003E000000
-7E0000007C0000007C000000FC000000F8000000F8000001F8000001F0000001F0000003
-F0000003E0000003E0000007E0000007C0000007C000000FC000000F8000001F8000001F
-0000001F0000003F0000003E0000003E0000007E0000007C0000007C000000FC000000F8
-000000F8000001F8000001F0000001F0000003F0000003E0000003E0000007E0000007C0
-000007C000000FC000000F8000000F8000001F8000001F0000001F0000003F0000003E00
-00003E0000007E0000007C0000007C000000FC000000F8000000F8000000700000001D4B
-7CB726>I<FEFEFEFEFEFEFE00000000000000000000000000000000000000FEFEFEFEFE
-FEFE072179A015>58 D<000007F8000000007FFF00000001FFFFC0000007FFFFE000000F
-FFFFF000001FF80FF800007FC003FC0000FF8000FC0001FE0000FE0001FC00007E0003F8
-007E7F0007F001FFBF000FE007FFFF000FC00FFFFF801FC01FFFFF801F803FC3FF803F80
-7F00FF803F007E007F803F00FC003FC07E00FC003FC07E01F8001FC07E01F8001FC0FE01
-F8001FC0FC03F0000FC0FC03F0000FC0FC03F0000FC0FC03F0000FC0FC03F0000FC0FC03
-F0000FC0FC03F0000FC0FC03F0000FC0FC03F0000FC0FC03F0000FC0FE01F8001F807E01
-F8001F807E01F8001F807E00FC003F003F00FC003F003F007E007E003F807F00FE001F80
-3FC3FC001FC01FFFF8000FC00FFFF0000FE007FFE00007F001FF800003F8007E000001FC
-0000000001FE0000000000FF80000FC0007FC0003F80001FF803FF00000FFFFFFE000007
-FFFFF8000001FFFFF00000007FFF8000000007FC00002A387CB633>64
-D<00000FFC0000007FFFC00003FFFFF00007FFFFFC001FFFFFFC003FF807FC007FC000F8
-00FF00007801FE00001803FC00000807F800000007F00000000FE00000000FE00000001F
-C00000001FC00000003F800000003F800000007F000000007F000000007F000000007F00
+%DVIPSBitmapFont: Fp ecss0900 9 46
+/Fp 46 122 df<0007E03F80000FF83F80003FF83F80007FF83F80007FF83F8000FC183F
+8000F8083F8001F800000001F000000001F000000003F000000003F000000003F0000000
+03F000000003F000000003F000000003F000000003F000000003F000000003F000000003
+F000000003F0000000FFFFF81F80FFFFF81F80FFFFF81F80FFFFF81F80FFFFF81F8003F0
+001F8003F0001F8003F0001F8003F0001F8003F0001F8003F0001F8003F0001F8003F000
+1F8003F0001F8003F0001F8003F0001F8003F0001F8003F0001F8003F0001F8003F0001F
+8003F0001F8003F0001F8003F0001F8003F0001F8003F0001F8003F0001F8003F0001F80
+03F0001F8003F0001F8003F0001F8003F0001F8003F0001F8003F0001F8021377FB629>
+28 D<000000380038000000007C007C000000007C007C000000007C007C00000000FC00
+FC00000000F800F800000000F800F800000000F800F800000000F800F800000001F801F8
+00000001F001F000000001F001F000000001F001F000000001F001F000000003F003F000
+000003E003E000000003E003E000000003E003E000000003E003E000000007E007E00000
+0007C007C000000007C007C000000007C007C000000007C007C0003FFFFFFFFFFFF8FFFF
+FFFFFFFFFEFFFFFFFFFFFFFEFFFFFFFFFFFFFEFFFFFFFFFFFFFE00003F003F000000003E
+003E000000003E003E000000003E003E000000003E003E000000003E003E000000007E00
+7E000000007C007C000000007C007C000000007C007C000000007C007C00000000FC00FC
+0000FFFFFFFFFFFFFEFFFFFFFFFFFFFEFFFFFFFFFFFFFEFFFFFFFFFFFFFE3FFFFFFFFFFF
+F80003E003E000000003E003E000000003E003E000000007E007E000000007C007C00000
+0007C007C000000007C007C00000000FC00FC00000000F800F800000000F800F80000000
+0F800F800000001F801F800000001F001F000000001F001F000000001F001F000000001F
+001F000000003F003F000000003E003E000000003E003E000000003E003E000000007E00
+7E000000007C007C000000007C007C000000007C007C0000000038003800000037477CB5
+40>35 D<FEFEFEFEFEFEFE0707798615>46 D<00000070000000F8000000F8000001F800
+0001F0000001F0000003F0000003E0000003E0000007E0000007C0000007C000000FC000
+000F8000000F8000001F8000001F0000001F0000003F0000003E0000003E0000007E0000
+007C0000007C000000FC000000F8000000F8000001F8000001F0000001F0000003F00000
+03E0000003E0000007E0000007C0000007C000000FC000000F8000001F8000001F000000
+1F0000003F0000003E0000003E0000007E0000007C0000007C000000FC000000F8000000
+F8000001F8000001F0000001F0000003F0000003E0000003E0000007E0000007C0000007
+C000000FC000000F8000000F8000001F8000001F0000001F0000003F0000003E0000003E
+0000007E0000007C0000007C000000FC000000F8000000F8000000700000001D4B7CB726
+>I<000FE000007FFC0000FFFE0001FFFF0003FFFF8007F83FC00FE00FE01FC007F01F80
+03F01F0001F03F0001F83F0001F83E0000F87E0000FC7E0000FC7E0000FC7C00007CFC00
+007EFC00007EFC00007EFC00007EFC00007EFC00007EFC00007EFC00007EFC00007EFC00
+007EFC00007EFC00007EFC00007EFC00007EFC00007EFC00007EFC00007EFC00007EFC00
+007E7E0000FC7E0000FC7E0000FC7E0000FC7E0000FC3F0001F83F0001F83F8003F81F80
+03F01FC007F00FE00FE007F83FC007FFFFC003FFFF8000FFFE00007FFC00000FE0001F35
+7DB226>I<001FE00000FFFC0003FFFF0007FFFF800FFFFFC01FF03FE03FC00FF07F0007
+F03E0003F01C0003F81C0001F8080001F8000001F8000003F8000003F8000003F0000003
+F0000007F000000FE000001FE000003FC00001FF80007FFF00007FFE00007FF800007FFC
+00007FFF0000003FC000000FE0000007F0000003F8000001F8000001FC000001FC000000
+FE000000FE000000FE000000FE000000FE000000FE000000FE400001FC600001FC700001
+FCF80003F8FC0007F87F000FF03FE03FE01FFFFFC00FFFFF8003FFFF0000FFFC00001FE0
+001F357DB226>51 D<1FFFFFF01FFFFFF01FFFFFF01FFFFFF01FFFFFF01F8000001F8000
+001F8000001F8000001F8000001F8000001F8000001F8000001F8000001F8000001F8000
+001F8000001F87E0001FBFFC001FFFFE001FFFFF001FFFFF801FF83FC01FE00FE01FC007
+F01F8007F01F8003F81F0003F8000003F8000001FC000001FC000001FC000001FC000001
+FC000001FC000001FC000001FC000001FC000003F8200003F8300003F8700007F0780007
+F0FC000FE07F001FC03FC07FC01FFFFF800FFFFE0007FFFC0001FFF000003FC0001E337D
+B026>53 D<000FE000007FF80000FFFE0001FFFF0003FFFF8007F83FC00FE00FE01FC007
+E01F8003F03F0001F07E0001F87E0001F87E0000F8FC0000FCFC0000FCFC0000FCFC0000
+7CFC00007CFC00007EFC00007EFC00007EFC00007EFC00007EFC0000FE7E0000FE7E0000
+FE7E0001FE7F0001FE3F0003FE3F8007FE1FC00FFE0FF03F7E0FFFFE7E07FFFCFC03FFF8
+FC01FFE0FC007F00FC000000F8000001F8000001F8000003F0000003F0000007E0000007
+E000000FC008001F800C007F001F81FF001FFFFE003FFFF8001FFFF00007FFC00000FF00
+001F357DB226>57 D<FEFEFEFEFEFEFE00000000000000000000000000000000000000FE
+FEFEFEFEFEFE072179A015>I<000007F8000000007FFF00000001FFFFC0000007FFFFE0
+00000FFFFFF000001FF80FF800007FC003FC0000FF8000FC0001FE0000FE0001FC00007E
+0003F8007E7F0007F001FFBF000FE007FFFF000FC00FFFFF801FC01FFFFF801F803FC3FF
+803F807F00FF803F007E007F803F00FC003FC07E00FC003FC07E01F8001FC07E01F8001F
+C0FE01F8001FC0FC03F0000FC0FC03F0000FC0FC03F0000FC0FC03F0000FC0FC03F0000F
+C0FC03F0000FC0FC03F0000FC0FC03F0000FC0FC03F0000FC0FC03F0000FC0FE01F8001F
+807E01F8001F807E01F8001F807E00FC003F003F00FC003F003F007E007E003F807F00FE
+001F803FC3FC001FC01FFFF8000FC00FFFF0000FE007FFE00007F001FF800003F8007E00
+0001FC0000000001FE0000000000FF80000FC0007FC0003F80001FF803FF00000FFFFFFE
+000007FFFFF8000001FFFFF00000007FFF8000000007FC00002A387CB633>64
+D<00001FE0000000001FE0000000001FE0000000003FF0000000003FF0000000003FF000
+0000007DF80000000079F800000000F9FC00000000F8FC00000000F8FC00000001F0FE00
+000001F0FE00000001F07E00000003E07F00000003E07F00000007E03F80000007C03F80
+000007C03F8000000FC01FC000000F801FC000000F801FC000001F800FE000001F000FE0
+00003F0007F000003F0007F000003E0007F000007E0003F800007C0003F800007C0003F8
+0000FC0001FC0000F80001FC0001F80001FE0001FFFFFFFE0001FFFFFFFE0003FFFFFFFF
+0003FFFFFFFF0003FFFFFFFF0007E000003F8007C000003F800FC000003FC00FC000001F
+C00F8000001FC01F8000001FE01F8000000FE01F0000000FE03F00000007F03E00000007
+F07E00000007F87E00000003F87C00000003F8FC00000001FC2E347EB333>I<00000FFC
+0000007FFFC00003FFFFF00007FFFFFC001FFFFFFC003FF807FC007FC000F800FF000078
+01FE00001803FC00000807F800000007F00000000FE00000000FE00000001FC00000001F
+C00000003F800000003F800000007F000000007F000000007F000000007F00000000FE00
 000000FE00000000FE00000000FE00000000FE00000000FE00000000FE00000000FE0000
-0000FE00000000FE00000000FE00000000FE00000000FE000000007F000000007F000000
-007F000000007F000000003F800000003F800000001FC00000001FC00000000FE0000000
-0FE000000007F000000007F800000003FC00000201FE00000600FF00001E007FC0007E00
-3FF803FE001FFFFFFE0007FFFFFC0003FFFFF000007FFFC000000FFE0027387BB531>67
+0000FE00000000FE00000000FE00000000FE000000007F000000007F000000007F000000
+007F000000003F800000003F800000001FC00000001FC00000000FE00000000FE0000000
+07F000000007F800000003FC00000201FE00000600FF00001E007FC0007E003FF803FE00
+1FFFFFFE0007FFFFFC0003FFFFF000007FFFC000000FFE0027387BB531>67
+D<FFFFFF800000FFFFFFF00000FFFFFFFC0000FFFFFFFF0000FFFFFFFFC000FE0001FFE0
+00FE00003FF000FE00000FF800FE000007FC00FE000001FE00FE000000FE00FE000000FF
+00FE0000007F00FE0000003F80FE0000003F80FE0000001FC0FE0000001FC0FE0000000F
+E0FE0000000FE0FE0000000FE0FE00000007E0FE00000007F0FE00000007F0FE00000007
+F0FE00000007F0FE00000007F0FE00000007F0FE00000007F0FE00000007F0FE00000007
+F0FE00000007F0FE00000007F0FE00000007E0FE0000000FE0FE0000000FE0FE0000000F
+C0FE0000001FC0FE0000001FC0FE0000003F80FE0000007F80FE0000007F00FE000000FF
+00FE000001FE00FE000003FC00FE00000FF800FE00003FF000FE0001FFE000FFFFFFFFC0
+00FFFFFFFF0000FFFFFFFE0000FFFFFFF00000FFFFFF8000002C3479B338>I<FFFFFFFF
+C0FFFFFFFFC0FFFFFFFFC0FFFFFFFFC0FFFFFFFFC0FE00000000FE00000000FE00000000
+FE00000000FE00000000FE00000000FE00000000FE00000000FE00000000FE00000000FE
+00000000FE00000000FE00000000FE00000000FE00000000FE00000000FE00000000FFFF
+FFFF00FFFFFFFF00FFFFFFFF00FFFFFFFF00FFFFFFFF00FE00000000FE00000000FE0000
+0000FE00000000FE00000000FE00000000FE00000000FE00000000FE00000000FE000000
+00FE00000000FE00000000FE00000000FE00000000FE00000000FE00000000FE00000000
+FE00000000FE00000000FFFFFFFFE0FFFFFFFFE0FFFFFFFFE0FFFFFFFFE0FFFFFFFFE0FF
+FFFFFFE0233479B32E>I<FEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFE
+FEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFEFE073479B315>73
 D<FF800000007FC0FFC0000000FFC0FFC0000000FFC0FFC0000000FFC0FFE0000001FFC0
 FFE0000001FFC0FDE0000001EFC0FDF0000003EFC0FDF0000003EFC0FCF8000007CFC0FC
 F8000007CFC0FCF8000007CFC0FC7C00000F8FC0FC7C00000F8FC0FC7C00000F8FC0FC7E
@@ -2753,23 +2871,65 @@
 C0FC007C0F800FC0FC007E1F800FC0FC003E1F000FC0FC003E1F000FC0FC003F3F000FC0
 FC001F3E000FC0FC001F3E000FC0FC000F3C000FC0FC000FFC000FC0FC000FFC000FC0FC
 0007F8000FC0FC0007F8000FC0FC0007F8000FC0FC0003F0000FC0FC000000000FC0FC00
-0000000FC0323478B343>77 D<FFFFFF0000FFFFFFE000FFFFFFF800FFFFFFFC00FFFFFF
-FF00FE0003FF80FE00007FC0FE00001FC0FE00000FE0FE000007F0FE000007F0FE000003
-F0FE000003F8FE000003F8FE000001F8FE000001F8FE000001F8FE000003F8FE000003F8
-FE000003F0FE000007F0FE000007F0FE00000FE0FE00001FC0FE00007FC0FE0003FF80FF
-FFFFFF00FFFFFFFC00FFFFFFF800FFFFFFE000FFFFFF0000FE00000000FE00000000FE00
-000000FE00000000FE00000000FE00000000FE00000000FE00000000FE00000000FE0000
-0000FE00000000FE00000000FE00000000FE00000000FE00000000FE00000000FE000000
-00FE00000000FE00000000FE00000000FE00000000253479B331>80
-D<FFFFFFFFFFF8FFFFFFFFFFF8FFFFFFFFFFF8FFFFFFFFFFF8FFFFFFFFFFF800001FC000
-0000001FC0000000001FC0000000001FC0000000001FC0000000001FC0000000001FC000
-0000001FC0000000001FC0000000001FC0000000001FC0000000001FC0000000001FC000
-0000001FC0000000001FC0000000001FC0000000001FC0000000001FC0000000001FC000
-0000001FC0000000001FC0000000001FC0000000001FC0000000001FC0000000001FC000
-0000001FC0000000001FC0000000001FC0000000001FC0000000001FC0000000001FC000
-0000001FC0000000001FC0000000001FC0000000001FC0000000001FC0000000001FC000
-0000001FC0000000001FC0000000001FC0000000001FC0000000001FC0000000001FC000
-0000001FC0000000001FC0000000001FC0000000001FC000002D347DB334>84
+0000000FC0323478B343>77 D<FFC000007EFFE000007EFFE000007EFFF000007EFFF000
+007EFFF800007EFDF800007EFCFC00007EFCFC00007EFCFE00007EFC7E00007EFC7F0000
+7EFC3F00007EFC3F80007EFC1F80007EFC1FC0007EFC0FC0007EFC0FE0007EFC0FE0007E
+FC07F0007EFC07F0007EFC03F8007EFC03F8007EFC01FC007EFC01FC007EFC00FE007EFC
+00FE007EFC007F007EFC007F007EFC003F807EFC003F807EFC001FC07EFC001FC07EFC00
+0FE07EFC000FE07EFC0007E07EFC0007F07EFC0003F07EFC0003F87EFC0001F87EFC0001
+FC7EFC0000FC7EFC0000FE7EFC00007E7EFC00007E7EFC00003F7EFC00003FFEFC00001F
+FEFC00001FFEFC00000FFEFC00000FFEFC000007FE273479B336>I<00000FF000000000
+FFFF00000003FFFFC000000FFFFFF000001FFFFFF800003FF00FFC00007FC003FE0000FF
+0000FF0001FE00007F8003FC00003FC007F800001FE007F000000FE00FE0000007F00FC0
+000003F01FC0000003F81F80000001F83F80000001FC3F80000001FC7F00000000FE7F00
+000000FE7F00000000FE7E000000007EFE000000007FFE000000007FFE000000007FFE00
+0000007FFE000000007FFE000000007FFE000000007FFE000000007FFE000000007FFE00
+0000007FFE000000007FFF00000000FF7F00000000FE7F00000000FE7F00000000FE7F80
+000001FE3F80000001FC3F80000001FC3FC0000003FC1FC0000003F81FE0000007F80FE0
+000007F007F000000FE007F800001FE003FC00003FC001FE00007F8000FF0000FF00007F
+C003FE00003FF00FFC00001FFFFFF800000FFFFFF0000003FFFFC0000000FFFF00000000
+1FF8000030387CB539>I<FFFFFF0000FFFFFFE000FFFFFFF800FFFFFFFC00FFFFFFFF00
+FE0003FF80FE00007FC0FE00001FC0FE00000FE0FE000007F0FE000007F0FE000003F0FE
+000003F8FE000003F8FE000001F8FE000001F8FE000001F8FE000003F8FE000003F8FE00
+0003F0FE000007F0FE000007F0FE00000FE0FE00001FC0FE00007FC0FE0003FF80FFFFFF
+FF00FFFFFFFC00FFFFFFF800FFFFFFE000FFFFFF0000FE00000000FE00000000FE000000
+00FE00000000FE00000000FE00000000FE00000000FE00000000FE00000000FE00000000
+FE00000000FE00000000FE00000000FE00000000FE00000000FE00000000FE00000000FE
+00000000FE00000000FE00000000FE00000000253479B331>I<FFFFFF0000FFFFFFE000
+FFFFFFFC00FFFFFFFE00FFFFFFFF80FE0001FFC0FE00003FE0FE00000FF0FE000007F0FE
+000003F8FE000001F8FE000001FCFE000000FCFE000000FCFE000000FCFE000000FCFE00
+0001FCFE000001F8FE000003F8FE000007F0FE00000FF0FE00003FE0FE0001FFC0FFFFFF
+FF80FFFFFFFE00FFFFFFFC00FFFFFFE000FFFFFF8000FE001FC000FE000FC000FE000FE0
+00FE0007F000FE0003F000FE0003F800FE0001F800FE0001FC00FE0000FE00FE0000FE00
+FE00007F00FE00003F00FE00003F80FE00001FC0FE00001FC0FE00000FE0FE000007E0FE
+000007F0FE000003F8FE000003F8FE000001FCFE000000FCFE000000FEFE0000007F2834
+79B332>82 D<0003FE0000001FFFE000007FFFF80001FFFFFE0003FFFFFF0007FC03FF00
+0FF0007F001FC0001E001F80000E003F000006003F000002007E000000007E000000007E
+000000007E000000007E000000007E000000007F000000007F000000003F800000003FC0
+0000001FF00000001FFC0000000FFFE0000007FFFE000003FFFF800001FFFFE000007FFF
+F800001FFFFC000003FFFE0000003FFF00000003FF00000000FF800000003FC00000001F
+C00000001FC00000000FE00000000FE000000007E000000007E000000007E000000007E0
+00000007E000000007E04000000FC06000000FC07000001F807C00001F80FF00007F00FF
+C000FF00FFF803FE007FFFFFFC001FFFFFF00007FFFFE00000FFFF8000000FFC00002338
+7DB52B>I<FFFFFFFFFFF8FFFFFFFFFFF8FFFFFFFFFFF8FFFFFFFFFFF8FFFFFFFFFFF800
+001FC0000000001FC0000000001FC0000000001FC0000000001FC0000000001FC0000000
+001FC0000000001FC0000000001FC0000000001FC0000000001FC0000000001FC0000000
+001FC0000000001FC0000000001FC0000000001FC0000000001FC0000000001FC0000000
+001FC0000000001FC0000000001FC0000000001FC0000000001FC0000000001FC0000000
+001FC0000000001FC0000000001FC0000000001FC0000000001FC0000000001FC0000000
+001FC0000000001FC0000000001FC0000000001FC0000000001FC0000000001FC0000000
+001FC0000000001FC0000000001FC0000000001FC0000000001FC0000000001FC0000000
+001FC0000000001FC0000000001FC0000000001FC0000000001FC000002D347DB334>I<
+7FC0000007F03FC000000FF01FE000000FE00FF000001FC007F800003FC007F800007F80
+03FC00007F0001FE0000FE0000FE0001FE0000FF0001FC00007F8003F800003FC007F000
+001FC00FF000000FE00FE000000FF01FC0000007F83F80000003F83F80000001FC7F0000
+0001FEFE00000000FFFE000000007FFC000000003FF8000000001FF0000000001FF00000
+00000FE0000000001FE0000000001FF0000000003FF8000000007FFC000000007EFE0000
+0000FEFE00000001FC7F00000003F83F80000003F01FC0000007F01FC000000FE00FE000
+001FC007F000001FC007F800003F8003FC00007F0001FC0000FF0000FE0000FE0000FF00
+01FC00007F8003F800003F8003F800003FC007F000001FE00FE000000FF01FE0000007F0
+1FC0000007F83F80000003FC7F00000001FEFF00000001FF30347FB333>88
+D<7FFFFFFFFFFCFFFFFFFFFFFEFFFFFFFFFFFE7FFFFFFFFFFC2F047A6F3C>95
 D<003FC00003FFF0000FFFFC001FFFFE001FFFFF001FC07F801E001F8018001FC010000F
 C000000FE0000007E0000007E0000007E0000007E0000007E0000007E00003FFE0003FFF
 E001FFFFE007FFFFE01FFFC7E03FF007E07F8007E07E0007E0FC0007E0FC0007E0FC0007
@@ -2853,25 +3013,28 @@
 E0FC0007E0FC0007E0FC0007E0FC0007E0FC0007E0FC0007E0FC0007E0FC0007E0FC0007
 E0FC0007E0FC0007E0FC0007E0FC0007E0FC0007E0FC0007E0FC0007E0FC0007E0FC0007
 E0FC0007E0FC0007E0FC0007E0FC0007E0FC000FE0FC001FE0FE003FE0FF00FFE07FFFFF
-E07FFFF7E03FFFE7E01FFF07E007F800001B227AA028>I<FC0007F0001F80FE0007F000
-1F807E000FF0003F007E000FF8003F007E000F78003F003F001F78003E003F001F78007E
-003F001E7C007E001F803E7C007C001F803E3C00FC001F803E3E00FC000F803C3E00F800
-0FC07C3E01F8000FC07C1E01F8000FC07C1F01F80007E0781F01F00007E0F81F03F00007
-E0F80F83F00003E0F80F83E00003F0F00F83E00003F1F00F87E00001F1F007C7C00001F1
-E007C7C00001F1E007C7C00001FBE003CFC00000FBE003CF800000FBC003EF800000FBC0
-01EF8000007BC001EF0000007F8001FF0000007F8001FF0000003F8000FE0000003F0000
-FE000031217FA034>119 D<7E00003F003F00007F001F8000FE001FC000FC000FE001F8
-0007E003F00003F007E00001F80FE00000FC0FC000007E1F8000007F3F0000003F7E0000
-001FFC0000000FF800000007F800000003F000000003F000000007F80000000FFC000000
-1FFC0000003F3E0000003E1F0000007C1F800000FC0FC00001F807E00003F003F00007E0
-03F00007E001F8000FC000FC001F80007E003F00007F007F00003F80FE00001FC0222180
-A023>I<FE00003F7E00007E7E00007E3F00007E3F0000FC3F8000FC1F8001F81FC001F8
-0FC001F80FC003F007E003F007E003E007F007E003F007E003F007C001F80FC001F80F80
-00F80F8000FC1F8000FC1F00007C1F00007E3E00003E3E00003E3E00001F3C00001F7C00
-000F7800000F7800000F78000007F0000007F0000003E0000003E0000003E0000003C000
-0007C0000007800000078000000F8000000F0000001F0000001E0000203E0000387C0000
-3FFC00003FF800003FF800003FF000000FC0000020317FA023>I
-E
+E07FFFF7E03FFFE7E01FFF07E007F800001B227AA028>I<FC00003F7E00003E7E00007E
+7F00007E3F0000FC3F0000FC3F8000FC1F8001F81F8001F80FC003F00FC003F00FC003F0
+07E007E007E007E003F007C003F00FC003F00FC001F80F8001F81F8001F81F8000FC1F00
+00FC3F00007C3E00007E3E00007E7E00003E7C00003E7C00003E7C00001F7800001FF800
+000FF000000FF000000FF00020217FA023>I<FC0007F0001F80FE0007F0001F807E000F
+F0003F007E000FF8003F007E000F78003F003F001F78003E003F001F78007E003F001E7C
+007E001F803E7C007C001F803E3C00FC001F803E3E00FC000F803C3E00F8000FC07C3E01
+F8000FC07C1E01F8000FC07C1F01F80007E0781F01F00007E0F81F03F00007E0F80F83F0
+0003E0F80F83E00003F0F00F83E00003F1F00F87E00001F1F007C7C00001F1E007C7C000
+01F1E007C7C00001FBE003CFC00000FBE003CF800000FBC003EF800000FBC001EF800000
+7BC001EF0000007F8001FF0000007F8001FF0000003F8000FE0000003F0000FE00003121
+7FA034>I<7E00003F003F00007F001F8000FE001FC000FC000FE001F80007E003F00003
+F007E00001F80FE00000FC0FC000007E1F8000007F3F0000003F7E0000001FFC0000000F
+F800000007F800000003F000000003F000000007F80000000FFC0000001FFC0000003F3E
+0000003E1F0000007C1F800000FC0FC00001F807E00003F003F00007E003F00007E001F8
+000FC000FC001F80007E003F00007F007F00003F80FE00001FC0222180A023>I<FE0000
+3F7E00007E7E00007E3F00007E3F0000FC3F8000FC1F8001F81FC001F80FC001F80FC003
+F007E003F007E003E007F007E003F007E003F007C001F80FC001F80F8000F80F8000FC1F
+8000FC1F00007C1F00007E3E00003E3E00003E3E00001F3C00001F7C00000F7800000F78
+00000F78000007F0000007F0000003E0000003E0000003E0000003C0000007C000000780
+0000078000000F8000000F0000001F0000001E0000203E0000387C00003FFC00003FF800
+003FF800003FF000000FC0000020317FA023>I E
 %EndDVIPSBitmapFont
 %DVIPSBitmapFont: Fq ecrm1000 10 83
 /Fq 83 184 df<01800060038000E0070001C00E0003801C0007001800060038000E0030
@@ -3888,34 +4051,32 @@
 00FE000001FC00FE000001FC00FE000003F800FE000003F800FE000007F000FE000007F0
 00FE00000FE000FE00000FE000FF00001FC0007F00003F80007F00007F80007F8000FF00
 003FC001FE00003FE007FC00003FF81FF800001FFFFFF000000FFFFFE0000007FFFFC000
-0003FFFF00000000FFFC000000001FE00000002C4577C231>48 D<0000003FC000000001
-FFF800000007FFFC0000001FFFFE0000003FFFFF0000007FFFFF800001FFC0FFC00003FE
-003FC00007FC001FE0000FF8000FE0001FF0000FF0001FE0000FF0003FC00007F0007F80
-0007F0007F000007F000FF000007F800FE000007F801FE000007F801FE000007F803FC00
-0007F803FC000007F803FC000007F807F8000007F807F8000007F807F8000007F807F800
-000FF007F800000FF007F000000FF00FF000000FF00FF000001FF00FF000001FF00FF000
-003FF00FF000003FE00FF000007FE007F800007FE007F80000FFE007F80001FFC007FC00
-03FFC003FC0007FFC003FE000FFFC003FF003FFF8001FFFFFF7F8001FFFFFC7F8000FFFF
-F8FF00007FFFE0FF00003FFF80FE00000FFE01FE0000000001FC0000000003FC00000000
-03F80000000007F80000000007F0000000000FF0000000001FE0000000001FC000000000
-3F80000000007F8000000000FF0000000001FE0000180003FC000038000FF800007E001F
-F000007F80FFE00000FFFFFFC000007FFFFF0000003FFFFE0000001FFFF80000000FFFE0
-00000001FF000000002D4578C231>57 D<0001FFFFFFF000000003FFFFFFFE00000003FF
-FFFFFFC0000003FFFFFFFFF0000003FFFFFFFFF8000007FFFFFFFFFC000007F800007FFE
-000007F800000FFF000007F8000003FF800007F8000000FF80000FF00000007FC0000FF0
-0000007FC0000FF00000003FE0000FF00000003FE0000FF00000003FE0001FE00000001F
-E0001FE00000001FE0001FE00000001FE0001FE00000003FE0001FE00000003FC0003FC0
-0000003FC0003FC00000007FC0003FC00000007F80003FC0000000FF80007F80000001FF
-00007F80000003FE00007F80000007FE00007F8000000FFC00007F8000003FF80000FF00
-0000FFF00000FF00000FFFC00000FFFFFFFFFF800000FFFFFFFFFE000000FFFFFFFFF800
-0001FFFFFFFFE0000001FFFFFFFF00000001FFFFFFFC00000001FE0001FC00000003FC00
-01FE00000003FC0001FE00000003FC0000FE00000003FC0000FF00000003FC00007F0000
-0007F800007F80000007F800007F80000007F800003F80000007F800003FC0000007F800
-003FC000000FF000001FC000000FF000001FE000000FF000001FE000000FF000000FF000
-000FF000000FF000001FE000000FF000001FE0000007F800001FE0000007F800001FE000
-0003F800003FC0000003FC00003FC0000003FC00003FC0000001FC00003FC0000001FE00
-003FC0000001FE00007F80000000FF00007F80000000FF00007F80000000FF00007F8000
-00007F80007F800000007F8000FF000000007F8000FF000000003FC0003B4577C43F>82
+0003FFFF00000000FFFC000000001FE00000002C4577C231>48 D<00000000C000000003
+C000000007C00000001F800000007F80000007FF80000FFFFF80000FFFFF80000FFFFF00
+000FFFFF00001FFEFF00001FF0FF00000000FF00000001FE00000001FE00000001FE0000
+0001FE00000001FE00000003FC00000003FC00000003FC00000003FC00000007F8000000
+07F800000007F800000007F800000007F80000000FF00000000FF00000000FF00000000F
+F00000000FF00000001FE00000001FE00000001FE00000001FE00000003FC00000003FC0
+0000003FC00000003FC00000003FC00000007F800000007F800000007F800000007F8000
+00007F80000000FF00000000FF00000000FF00000000FF00000000FF00000001FE000000
+01FE00000001FE00000001FE00000003FC00000003FC00000003FC00000003FC00000003
+FC00000007F800007FFFFFFF807FFFFFFF807FFFFFFF807FFFFFFF80FFFFFFFF00FFFFFF
+FF00224377C231>I<0001FFFFFFF000000003FFFFFFFE00000003FFFFFFFFC0000003FF
+FFFFFFF0000003FFFFFFFFF8000007FFFFFFFFFC000007F800007FFE000007F800000FFF
+000007F8000003FF800007F8000000FF80000FF00000007FC0000FF00000007FC0000FF0
+0000003FE0000FF00000003FE0000FF00000003FE0001FE00000001FE0001FE00000001F
+E0001FE00000001FE0001FE00000003FE0001FE00000003FC0003FC00000003FC0003FC0
+0000007FC0003FC00000007F80003FC0000000FF80007F80000001FF00007F80000003FE
+00007F80000007FE00007F8000000FFC00007F8000003FF80000FF000000FFF00000FF00
+000FFFC00000FFFFFFFFFF800000FFFFFFFFFE000000FFFFFFFFF8000001FFFFFFFFE000
+0001FFFFFFFF00000001FFFFFFFC00000001FE0001FC00000003FC0001FE00000003FC00
+01FE00000003FC0000FE00000003FC0000FF00000003FC00007F00000007F800007F8000
+0007F800007F80000007F800003F80000007F800003FC0000007F800003FC000000FF000
+001FC000000FF000001FE000000FF000001FE000000FF000000FF000000FF000000FF000
+001FE000000FF000001FE0000007F800001FE0000007F800001FE0000003F800003FC000
+0003FC00003FC0000003FC00003FC0000001FC00003FC0000001FE00003FC0000001FE00
+007F80000000FF00007F80000000FF00007F80000000FF00007F800000007F80007F8000
+00007F8000FF000000007F8000FF000000003FC0003B4577C43F>82
 D<00000FFC000000FFFF800003FFFFC0001FFFFFF0003FFFFFF8003FFFFFF8007FE00FFC
 007F0003FE00780003FE00600001FE00000001FE00000001FF00000000FF00000000FF00
 000000FF00000001FE00000001FE00000001FE00000001FE00000001FE00000003FC0000
@@ -4457,9 +4618,9 @@
 %%EndSetup
 %%Page: 1 1
 TeXDict begin 1 0 bop 0 83 3901 9 v 1890 451 a Ft(Python)64
-b(Op)5 b(enSSL)64 b(Manual)3443 619 y Fs(Release)33 b(0.9)2927
-974 y Fr(Jean-P)m(aul)j(Calderone)3386 1328 y Fq(April)27
-b(25,)g(2009)3014 1475 y Fp(exa)n(rkun@t)n(wistedmatrix.com)1781
+b(Op)5 b(enSSL)64 b(Manual)3394 619 y Fs(Release)34 b(0.10)2927
+974 y Fr(Jean-P)m(aul)i(Calderone)3208 1328 y Fq(No)n(v)n(em)n(b)r(er)
+26 b(13,)h(2009)3014 1475 y Fp(exa)n(rkun@t)n(wistedmatrix.com)1781
 1697 y Fo(Abstract)208 1841 y Fn(This)32 b(mo)r(dule)f(is)h(a)g(rather)
 g(thin)f(wrapp)r(er)h(around)g(\(a)g(subset)f(of)6 b(\))32
 b(the)g(Op)r(enSSL)e(library)-6 b(.)52 b(With)32 b(thin)f(wrapp)r(er)
@@ -4496,7 +4657,7 @@
 b(jects)58 b(.)42 b(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)f(.)h
 (.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)
 f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)134
-b(7)315 3743 y(PK)n(CS7)27 b(ob)5 b(jects)59 b(.)41 b(.)h(.)f(.)h(.)g
+b(8)315 3743 y(PK)n(CS7)27 b(ob)5 b(jects)59 b(.)41 b(.)h(.)f(.)h(.)g
 (.)f(.)h(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)
 h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f
 (.)h(.)f(.)h(.)134 b(8)315 3842 y(PK)n(CS12)27 b(ob)5
@@ -4506,34 +4667,34 @@
 3942 y(X509Extension)27 b(ob)5 b(jects)102 b(.)41 b(.)h(.)f(.)h(.)f(.)h
 (.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)
 f(.)h(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)134
-b(8)315 4041 y(Netscap)r(eSPKI)28 b(ob)5 b(jects)58 b(.)42
+b(9)315 4041 y(Netscap)r(eSPKI)28 b(ob)5 b(jects)58 b(.)42
 b(.)f(.)h(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f
 (.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)
-f(.)h(.)f(.)h(.)134 b(8)125 4141 y(3.2)83 b Fl(rand)26
+f(.)h(.)f(.)h(.)134 b(9)125 4141 y(3.2)83 b Fl(rand)26
 b Fq(\026)i(An)g(in)n(terface)f(to)g(the)h(Op)r(enSSL)g(pseudo)f
 (random)g(n)n(um)n(b)r(er)g(generator)50 b(.)41 b(.)h(.)f(.)h(.)g(.)f
 (.)h(.)f(.)h(.)f(.)h(.)134 b(9)125 4241 y(3.3)83 b Fl(SSL)27
 b Fq(\026)g(An)i(in)n(terface)d(to)i(the)g(SSL-sp)r(eci\034c)f(parts)g
 (of)h(Op)r(enSSL)64 b(.)42 b(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)f(.)
-h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)134 b(9)315 4340 y(Con)n(text)28
+h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)93 b(10)315 4340 y(Con)n(text)28
 b(ob)5 b(jects)98 b(.)42 b(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)f(.)h
 (.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)
 f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)93
 b(11)315 4440 y(Connection)27 b(ob)5 b(jects)108 b(.)42
 b(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)g
 (.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)
-h(.)f(.)h(.)f(.)h(.)93 b(12)0 4623 y Fm(4)77 b(In)m(ternals)3310
-b(14)125 4722 y Fq(4.1)83 b(Exceptions)i(.)41 b(.)h(.)f(.)h(.)f(.)h(.)g
+h(.)f(.)h(.)f(.)h(.)93 b(13)0 4623 y Fm(4)77 b(In)m(ternals)3310
+b(16)125 4722 y Fq(4.1)83 b(Exceptions)i(.)41 b(.)h(.)f(.)h(.)f(.)h(.)g
 (.)f(.)h(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)
 h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f
-(.)h(.)f(.)h(.)93 b(14)125 4822 y(4.2)83 b(Callbac)n(ks)68
+(.)h(.)f(.)h(.)93 b(16)125 4822 y(4.2)83 b(Callbac)n(ks)68
 b(.)42 b(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)f(.)h(.)
 g(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f
 (.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)93
-b(15)125 4921 y(4.3)83 b(A)n(cessing)27 b(So)r(c)n(k)n(et)g(Metho)r(ds)
+b(16)125 4921 y(4.3)83 b(A)n(cessing)27 b(So)r(c)n(k)n(et)g(Metho)r(ds)
 82 b(.)42 b(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f
 (.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)f(.)h(.)f(.)h(.)f(.)h(.)g(.)f(.)h(.)
-f(.)h(.)f(.)h(.)93 b(15)p 0 5068 V eop end
+f(.)h(.)f(.)h(.)93 b(17)p 0 5068 V eop end
 %%Page: 2 2
 TeXDict begin 2 1 bop 0 85 a Fr(1)114 b(Intro)s(duction)0
 314 y Fq(The)41 b(reason)e(p)n(yOp)r(enSSL)i(w)n(as)e(created)h(is)h
@@ -4619,856 +4780,977 @@
 3635 y Fl(SSL)208 3734 y Fq(An)g(in)n(terface)e(to)i(the)g(SSL-sp)r
 (eci\034c)f(parts)g(of)h(Op)r(enSSL.)0 4014 y Fj(3.1)97
 b Fd(crypto)34 b Fj(\026)e(Generic)i(cryptographic)e(mo)s(dule)0
-4214 y Fl(X509Type)208 4314 y Fq(A)27 b(Python)h(t)n(yp)r(e)g(ob)5
-b(ject)28 b(represen)n(ting)d(the)j(X509)f(ob)5 b(ject)27
-b(t)n(yp)r(e.)0 4461 y Fl(X509\(\))208 4561 y Fq(F)-7
-b(actory)26 b(function)i(that)g(creates)e(an)i(X509)e(ob)5
-b(ject.)0 4707 y Fl(X509NameType)208 4807 y Fq(A)27 b(Python)h(t)n(yp)r
-(e)g(ob)5 b(ject)28 b(represen)n(ting)d(the)j(X509Name)f(ob)5
-b(ject)27 b(t)n(yp)r(e.)0 4954 y Fl(X509Name\()p Fc(x509name)6
-b Fl(\))208 5054 y Fq(F)-7 b(actory)26 b(function)i(that)g(creates)e(a)
-h(cop)n(y)g(of)34 b Fc(x509name)6 b Fq(.)0 5200 y Fl(X509ReqType)208
-5300 y Fq(A)27 b(Python)h(t)n(yp)r(e)g(ob)5 b(ject)28
-b(represen)n(ting)d(the)j(X509Req)f(ob)5 b(ject)27 b(t)n(yp)r(e.)p
-0 5549 3901 4 v 0 5649 a Ff(2.2)82 b(Building)27 b(the)g(Mo)r(dule)g
-(on)g(a)g(Windo)n(ws)g(System)2164 b(3)p eop end
+4214 y Fl(X509Type)208 4314 y Fq(See)27 b Fl(X509)p Fq(.)0
+4461 y Fm(class)k Fl(X509\(\))208 4561 y Fq(A)c(class)g(represen)n
+(ting)f(X.509)h(certi\034cates.)0 4707 y Fl(X509NameType)208
+4807 y Fq(See)g Fl(X509Name)p Fq(.)0 4954 y Fm(class)k
+Fl(X509Name\()p Fc(x509name)6 b Fl(\))208 5054 y Fq(A)27
+b(class)g(represen)n(ting)f(X.509)h(Distinguished)g(Names.)208
+5186 y(This)g(constructor)f(creates)g(a)i(cop)n(y)e(of)34
+b Fc(x509name)h Fq(whic)n(h)28 b(should)f(b)r(e)h(an)f(instance)g(of)34
+b Fl(X509Name)p Fq(.)0 5333 y Fl(X509ReqType)p 0 5549
+3901 4 v 0 5649 a Ff(2.2)82 b(Building)27 b(the)g(Mo)r(dule)g(on)g(a)g
+(Windo)n(ws)g(System)2164 b(3)p eop end
 %%Page: 4 4
-TeXDict begin 4 3 bop 0 83 a Fl(X509Req\(\))208 183 y
-Fq(F)-7 b(actory)26 b(function)i(that)g(creates)e(an)i(X509Req)e(ob)5
-b(ject.)0 330 y Fl(X509StoreType)208 429 y Fq(A)27 b(Python)h(t)n(yp)r
-(e)g(ob)5 b(ject)28 b(represen)n(ting)d(the)j(X509Store)e(ob)5
-b(ject)27 b(t)n(yp)r(e.)0 576 y Fl(PKeyType)208 676 y
-Fq(A)g(Python)h(t)n(yp)r(e)g(ob)5 b(ject)28 b(represen)n(ting)d(the)j
-(PKey)g(ob)5 b(ject)27 b(t)n(yp)r(e.)0 823 y Fl(PKey\(\))208
-922 y Fq(F)-7 b(actory)26 b(function)i(that)g(creates)e(a)h(PKey)h(ob)5
-b(ject.)0 1069 y Fl(PKCS7Type)208 1169 y Fq(A)27 b(Python)h(t)n(yp)r(e)
-g(ob)5 b(ject)28 b(represen)n(ting)d(the)j(PK)n(CS7)f(ob)5
-b(ject)28 b(t)n(yp)r(e.)0 1316 y Fl(PKCS12Type)208 1415
-y Fq(A)f(Python)h(t)n(yp)r(e)g(ob)5 b(ject)28 b(represen)n(ting)d(the)j
-(PK)n(CS12)f(ob)5 b(ject)27 b(t)n(yp)r(e.)0 1562 y Fl(X509ExtensionTyp)
-o(e)208 1662 y Fq(A)g(Python)h(t)n(yp)r(e)g(ob)5 b(ject)28
-b(represen)n(ting)d(the)j(X509Extension)f(ob)5 b(ject)27
-b(t)n(yp)r(e.)0 1808 y Fl(X509Extension\()p Fc(typ)l(ename,)e(critic)l
-(al,)31 b(value)6 b Fl(\))208 1908 y Fq(F)-7 b(actory)26
-b(function)i(that)g(creates)e(a)h(X509Extension)g(ob)5
-b(ject.)0 2055 y Fl(NetscapeSPKIType)208 2155 y Fq(A)27
-b(Python)h(t)n(yp)r(e)g(ob)5 b(ject)28 b(represen)n(ting)d(the)j
-(Netscap)r(eSPKI)g(ob)5 b(ject)27 b(t)n(yp)r(e.)0 2316
-y Fl(NetscapeSPKI\()p Fb([)p Fc(enc)11 b Fb(])p Fl(\))208
-2415 y Fq(F)-7 b(actory)29 b(function)i(that)g(creates)e(a)h(Netscap)r
-(eSPKI)g(ob)5 b(ject.)45 b(If)31 b(the)g Fc(enc)k Fq(argumen)n(t)30
-b(is)g(presen)n(t,)h(it)f(should)h(b)r(e)f(a)208 2515
-y(base64-enco)r(ded)25 b(string)i(represen)n(ting)f(a)h(Netscap)r
-(eSPKI)h(ob)5 b(ject,)27 b(as)g(returned)g(b)n(y)g(the)h
-Fl(b64_encode)c Fq(metho)r(d.)0 2662 y Fl(FILETYPE_PEM)0
-2762 y(FILETYPE_ASN1)208 2861 y Fq(File)j(t)n(yp)r(e)h(constan)n(ts.)0
-3008 y Fl(TYPE_RSA)0 3108 y(TYPE_DSA)208 3207 y Fq(Key)e(t)n(yp)r(e)i
-(constan)n(ts.)0 3354 y Fm(exception)k Fl(Error)208 3454
-y Fq(Generic)27 b(exception)g(used)g(in)h(the)g Fl(crypto)d
-Fq(mo)r(dule.)0 3601 y Fl(dump_certificate)o(\()p Fc(t)o(yp)l(e,)g(c)l
-(ert)8 b Fl(\))208 3700 y Fq(Dump)28 b(the)g(certi\034cate)f
+TeXDict begin 4 3 bop 208 83 a Fq(See)27 b Fl(X509Req)p
+Fq(.)0 230 y Fm(class)k Fl(X509Req\(\))208 330 y Fq(A)c(class)g
+(represen)n(ting)f(X.509)h(certi\034cate)f(requests.)0
+476 y Fl(X509StoreType)208 576 y Fq(A)h(Python)h(t)n(yp)r(e)g(ob)5
+b(ject)28 b(represen)n(ting)d(the)j(X509Store)e(ob)5
+b(ject)27 b(t)n(yp)r(e.)0 723 y Fl(PKeyType)208 823 y
+Fq(See)g Fl(PKey)p Fq(.)0 969 y Fm(class)k Fl(PKey\(\))208
+1069 y Fq(A)c(class)g(represen)n(ting)f(DSA)i(or)f(RSA)h(k)n(eys.)0
+1216 y Fl(PKCS7Type)208 1316 y Fq(A)f(Python)h(t)n(yp)r(e)g(ob)5
+b(ject)28 b(represen)n(ting)d(the)j(PK)n(CS7)f(ob)5 b(ject)28
+b(t)n(yp)r(e.)0 1462 y Fl(PKCS12Type)208 1562 y Fq(A)f(Python)h(t)n(yp)
+r(e)g(ob)5 b(ject)28 b(represen)n(ting)d(the)j(PK)n(CS12)f(ob)5
+b(ject)27 b(t)n(yp)r(e.)0 1709 y Fl(X509ExtensionTyp)o(e)208
+1808 y Fq(See)g Fl(X509Extension)p Fq(.)0 1955 y Fm(class)k
+Fl(X509Extension\()p Fc(typ)l(ename,)25 b(critic)l(al,)31
+b(value)6 b Fb([)p Fc(,)31 b(subje)l(ct)19 b Fb(][)p
+Fc(,)30 b(issuer)21 b Fb(])p Fl(\))208 2055 y Fq(A)181
+b(class)g(represen)n(ting)e(an)j(X.509)e(v3)h(certi\034cate)f
+(extensions.)498 b(See)208 2155 y Fp(http://op)r(enssl.o)n(rg/do)r
+(cs/apps/x509v3_con\034g.html#ST)-6 b(AND)n(ARD_EXTENSIONS)65
+b Fq(for)60 b Fc(typ)l(ename)67 b Fq(strings)59 b(and)208
+2254 y(their)27 b(options.)36 b(Optional)27 b(parameters)f
+Fc(subje)l(ct)35 b Fq(and)28 b Fc(issuer)36 b Fq(m)n(ust)28
+b(b)r(e)g(X509)e(ob)5 b(jects.)0 2401 y Fl(NetscapeSPKIType)208
+2501 y Fq(See)27 b Fl(NetscapeSPKI)p Fq(.)0 2664 y Fm(class)k
+Fl(NetscapeSPKI\()p Fb([)p Fc(enc)11 b Fb(])p Fl(\))208
+2764 y Fq(A)27 b(class)g(represen)n(ting)f(Netscap)r(e)i(SPKI)f(ob)5
+b(jects.)208 2890 y(If)37 b(the)g Fc(enc)k Fq(argumen)n(t)35
+b(is)i(presen)n(t,)h(it)f(should)f(b)r(e)h(a)g(base64-enco)r(ded)d
+(string)i(represen)n(ting)f(a)h(Netscap)r(eSPKI)208 2989
+y(ob)5 b(ject,)27 b(as)g(returned)g(b)n(y)g(the)h Fl(b64_encode)c
+Fq(metho)r(d.)0 3136 y Fl(FILETYPE_PEM)0 3236 y(FILETYPE_ASN1)208
+3335 y Fq(File)j(t)n(yp)r(e)h(constan)n(ts.)0 3482 y
+Fl(TYPE_RSA)0 3582 y(TYPE_DSA)208 3681 y Fq(Key)e(t)n(yp)r(e)i(constan)
+n(ts.)0 3828 y Fm(exception)k Fl(Error)208 3928 y Fq(Generic)27
+b(exception)g(used)g(in)h(the)g Fl(crypto)d Fq(mo)r(dule.)0
+4075 y Fl(dump_certificate)o(\()p Fc(t)o(yp)l(e,)g(c)l(ert)8
+b Fl(\))208 4174 y Fq(Dump)28 b(the)g(certi\034cate)f
 Fc(c)l(ert)35 b Fq(in)n(to)27 b(a)h(bu\033er)f(string)g(enco)r(ded)h
-(with)g(the)g(t)n(yp)r(e)f Fc(typ)l(e)6 b Fq(.)0 3847
+(with)g(the)g(t)n(yp)r(e)f Fc(typ)l(e)6 b Fq(.)0 4321
 y Fl(dump_certificate)o(_r)o(equ)o(es)o(t\()o Fc(typ)l(e,)25
-b(r)l(e)l(q)7 b Fl(\))208 3947 y Fq(Dump)28 b(the)g(certi\034cate)f
+b(r)l(e)l(q)7 b Fl(\))208 4421 y Fq(Dump)28 b(the)g(certi\034cate)f
 (request)g Fc(r)l(e)l(q)35 b Fq(in)n(to)27 b(a)g(bu\033er)h(string)f
 (enco)r(ded)g(with)h(the)g(t)n(yp)r(e)g Fc(typ)l(e)6
-b Fq(.)0 4108 y Fl(dump_privatekey\()o Fc(typ)l(e,)25
+b Fq(.)0 4582 y Fl(dump_privatekey\()o Fc(typ)l(e,)25
 b(pkey)7 b Fb([)p Fc(,)31 b(cipher,)h(p)l(assphr)l(ase)19
-b Fb(])p Fl(\))208 4208 y Fq(Dump)39 b(the)f(priv)-5
+b Fb(])p Fl(\))208 4682 y Fq(Dump)39 b(the)f(priv)-5
 b(ate)38 b(k)n(ey)h Fc(pkey)46 b Fq(in)n(to)38 b(a)g(bu\033er)g(string)
 g(enco)r(ded)g(with)g(the)h(t)n(yp)r(e)f Fc(typ)l(e)6
 b Fq(,)42 b(optionally)37 b(\(if)45 b Fc(typ)l(e)g Fq(is)208
-4307 y Fl(FILETYPE_PEM)p Fq(\))22 b(encrypting)27 b(it)h(using)h
+4781 y Fl(FILETYPE_PEM)p Fq(\))22 b(encrypting)27 b(it)h(using)h
 Fc(cipher)38 b Fq(and)27 b Fc(p)l(assphr)l(ase)6 b Fq(.)208
-4440 y Fc(p)l(assphr)l(ase)35 b Fq(m)n(ust)28 b(b)r(e)g(either)f(a)g
+4907 y Fc(p)l(assphr)l(ase)35 b Fq(m)n(ust)28 b(b)r(e)g(either)f(a)g
 (string)g(or)g(a)g(callbac)n(k)f(for)h(pro)n(viding)f(the)i(pass)f
-(phrase.)0 4587 y Fl(load_certificate)o(\()p Fc(t)o(yp)l(e,)e(bu\033er)
-9 b Fl(\))208 4687 y Fq(Load)26 b(a)h(certi\034cate)g(\(X509\))g(from)h
+(phrase.)0 5054 y Fl(load_certificate)o(\()p Fc(t)o(yp)l(e,)e(bu\033er)
+9 b Fl(\))208 5154 y Fq(Load)26 b(a)h(certi\034cate)g(\(X509\))g(from)h
 (the)f(string)h Fc(bu\033er)37 b Fq(enco)r(ded)27 b(with)h(the)g(t)n
-(yp)r(e)g Fc(typ)l(e)6 b Fq(.)0 4834 y Fl(load_certificate)o(_r)o(equ)o
-(es)o(t\()o Fc(typ)l(e,)25 b(bu\033er)9 b Fl(\))208 4933
+(yp)r(e)g Fc(typ)l(e)6 b Fq(.)0 5300 y Fl(load_certificate)o(_r)o(equ)o
+(es)o(t\()o Fc(typ)l(e,)25 b(bu\033er)9 b Fl(\))208 5400
 y Fq(Load)26 b(a)h(certi\034cate)g(request)g(\(X509Req\))g(from)g(the)h
 (string)g Fc(bu\033er)37 b Fq(enco)r(ded)27 b(with)h(the)g(t)n(yp)r(e)g
-Fc(typ)l(e)6 b Fq(.)0 5099 y Fl(load_privatekey\()o Fc(typ)l(e,)25
+Fc(typ)l(e)6 b Fq(.)p 0 5549 3901 4 v 0 5649 a Ff(4)2239
+b(3)83 b Fl(OpenSSL)24 b Ff(\026)k(Python)f(interface)h(to)f(Op)r
+(enSSL)p eop end
+%%Page: 5 5
+TeXDict begin 5 4 bop 0 90 a Fl(load_privatekey\()o Fc(typ)l(e,)25
 b(bu\033er)9 b Fb([)p Fc(,)29 b(p)l(assphr)l(ase)20 b
-Fb(])p Fl(\))208 5199 y Fq(Load)43 b(a)h(priv)-5 b(ate)44
+Fb(])p Fl(\))208 189 y Fq(Load)43 b(a)h(priv)-5 b(ate)44
 b(k)n(ey)f(\(PKey\))i(from)f(the)h(string)g Fc(bu\033er)53
 b Fq(enco)r(ded)44 b(with)h(the)f(t)n(yp)r(e)h Fc(typ)l(e)51
-b Fq(\(m)n(ust)45 b(b)r(e)f(one)g(of)208 5298 y Fl(FILETYPE_PEM)22
-b Fq(and)28 b Fl(FILETYPE_ASN1)p Fq(\).)p 0 5549 3901
-4 v 0 5649 a Ff(4)2239 b(3)83 b Fl(OpenSSL)24 b Ff(\026)k(Python)f
-(interface)h(to)f(Op)r(enSSL)p eop end
-%%Page: 5 5
-TeXDict begin 5 4 bop 208 83 a Fc(p)l(assphr)l(ase)35
-b Fq(m)n(ust)28 b(b)r(e)g(either)f(a)g(string)g(or)g(a)g(callbac)n(k)f
-(for)h(pro)n(viding)f(the)i(pass)f(phrase.)0 230 y Fl
-(load_pkcs7_data\()o Fc(typ)l(e,)e(bu\033er)9 b Fl(\))208
-330 y Fq(Load)26 b(pk)n(cs7)h(data)g(from)g(the)h(string)g
+b Fq(\(m)n(ust)45 b(b)r(e)f(one)g(of)208 289 y Fl(FILETYPE_PEM)22
+b Fq(and)28 b Fl(FILETYPE_ASN1)p Fq(\).)208 422 y Fc(p)l(assphr)l(ase)
+35 b Fq(m)n(ust)28 b(b)r(e)g(either)f(a)g(string)g(or)g(a)g(callbac)n
+(k)f(for)h(pro)n(viding)f(the)i(pass)f(phrase.)0 569
+y Fl(load_pkcs7_data\()o Fc(typ)l(e,)e(bu\033er)9 b Fl(\))208
+668 y Fq(Load)26 b(pk)n(cs7)h(data)g(from)g(the)h(string)g
 Fc(bu\033er)36 b Fq(enco)r(ded)28 b(with)g(the)g(t)n(yp)r(e)g
-Fc(typ)l(e)6 b Fq(.)0 491 y Fl(load_pkcs12\()p Fc(bu\033er)j
+Fc(typ)l(e)6 b Fq(.)0 829 y Fl(load_pkcs12\()p Fc(bu\033er)j
 Fb([)p Fc(,)24 b(p)l(assphr)l(ase)c Fb(])p Fl(\))208
-590 y Fq(Load)30 b(pk)n(cs12)f(data)h(from)h(the)g(string)g
+929 y Fq(Load)30 b(pk)n(cs12)f(data)h(from)h(the)g(string)g
 Fc(bu\033er)9 b Fq(.)47 b(If)31 b(the)h(pk)n(cs12)d(structure)h(is)h
 (encrypted,)g(a)g Fc(p)l(assphr)l(ase)39 b Fq(m)n(ust)31
-b(b)r(e)208 690 y(included.)0 953 y Ff(X509)c(objects)0
-1154 y Fq(X509)f(ob)5 b(jects)27 b(ha)n(v)n(e)g(the)h(follo)n(wing)e
-(metho)r(ds:)0 1300 y Fl(get_issuer\(\))208 1400 y Fq(Return)h(an)h
-(X509Name)e(ob)5 b(ject)27 b(represen)n(ting)f(the)i(issuer)f(of)g(the)
-h(certi\034cate.)0 1547 y Fl(get_pubkey\(\))208 1646
-y Fq(Return)f(a)g(PKey)h(ob)5 b(ject)27 b(represen)n(ting)f(the)i
-(public)g(k)n(ey)f(of)g(the)h(certi\034cate.)0 1793 y
-Fl(get_serial_numbe)o(r\()o(\))208 1893 y Fq(Return)f(the)h
-(certi\034cate)f(serial)g(n)n(um)n(b)r(er.)0 2040 y Fl(get_subject\(\))
-208 2139 y Fq(Return)g(an)h(X509Name)e(ob)5 b(ject)27
-b(represen)n(ting)f(the)i(sub)5 b(ject)28 b(of)f(the)h(certi\034cate.)0
-2286 y Fl(get_version\(\))208 2386 y Fq(Return)f(the)h(certi\034cate)f
-(v)n(ersion.)0 2533 y Fl(get_notBefore\(\))208 2632 y
-Fq(Return)f(a)h(string)f(giving)f(the)j(time)f(b)r(efore)f(whic)n(h)h
-(the)g(certi\034cate)f(is)g(not)h(v)-5 b(alid.)37 b(The)26
-b(string)g(is)h(formatted)f(as)g(an)208 2732 y(ASN1)h(GENERALIZEDTIME:)
-1110 2956 y Fi(YYYYMMDDhhmmssZ)1110 3048 y(YYYYMMDDhhmmss+hhmm)1110
-3139 y(YYYYMMDDhhmmss-hhmm)208 3296 y Fq(If)h(no)f(v)-5
+b(b)r(e)208 1029 y(included.)37 b(The)27 b(MA)n(C)h(is)g(alw)n(a)n(ys)d
+(c)n(hec)n(k)n(ed)i(and)g(th)n(us)h(required.)208 1161
+y(See)f(also)g(the)h(man)f(page)g(for)g(the)h(C)f(function)h
+Fl(PKCS12_parse)p Fq(.)0 1424 y Ff(X509)f(objects)0 1625
+y Fq(X509)f(ob)5 b(jects)27 b(ha)n(v)n(e)g(the)h(follo)n(wing)e(metho)r
+(ds:)0 1772 y Fl(get_issuer\(\))208 1871 y Fq(Return)h(an)h(X509Name)e
+(ob)5 b(ject)27 b(represen)n(ting)f(the)i(issuer)f(of)g(the)h
+(certi\034cate.)0 2018 y Fl(get_pubkey\(\))208 2118 y
+Fq(Return)f(a)g(PKey)h(ob)5 b(ject)27 b(represen)n(ting)f(the)i(public)
+g(k)n(ey)f(of)g(the)h(certi\034cate.)0 2265 y Fl(get_serial_numbe)o
+(r\()o(\))208 2364 y Fq(Return)f(the)h(certi\034cate)f(serial)g(n)n(um)
+n(b)r(er.)0 2511 y Fl(get_subject\(\))208 2611 y Fq(Return)g(an)h
+(X509Name)e(ob)5 b(ject)27 b(represen)n(ting)f(the)i(sub)5
+b(ject)28 b(of)f(the)h(certi\034cate.)0 2758 y Fl(get_version\(\))208
+2857 y Fq(Return)f(the)h(certi\034cate)f(v)n(ersion.)0
+3004 y Fl(get_notBefore\(\))208 3104 y Fq(Return)f(a)h(string)f(giving)
+f(the)j(time)f(b)r(efore)f(whic)n(h)h(the)g(certi\034cate)f(is)g(not)h
+(v)-5 b(alid.)37 b(The)26 b(string)g(is)h(formatted)f(as)g(an)208
+3204 y(ASN1)h(GENERALIZEDTIME:)1110 3428 y Fi(YYYYMMDDhhmmssZ)1110
+3519 y(YYYYMMDDhhmmss+hhmm)1110 3610 y(YYYYMMDDhhmmss-hhmm)208
+3767 y Fq(If)h(no)f(v)-5 b(alue)27 b(exists)g(for)g(this)h(\034eld,)g
+Fl(None)e Fq(is)i(returned.)0 3914 y Fl(get_notAfter\(\))208
+4014 y Fq(Return)h(a)g(string)g(giving)g(the)g(time)h(after)f(whic)n(h)
+h(the)g(certi\034cate)e(is)i(not)f(v)-5 b(alid.)43 b(The)29
+b(string)g(is)g(formatted)h(as)e(an)208 4113 y(ASN1)f(GENERALIZEDTIME:)
+1110 4337 y Fi(YYYYMMDDhhmmssZ)1110 4429 y(YYYYMMDDhhmmss+hhmm)1110
+4520 y(YYYYMMDDhhmmss-hhmm)208 4677 y Fq(If)h(no)f(v)-5
 b(alue)27 b(exists)g(for)g(this)h(\034eld,)g Fl(None)e
-Fq(is)i(returned.)0 3443 y Fl(get_notAfter\(\))208 3542
-y Fq(Return)h(a)g(string)g(giving)g(the)g(time)h(after)f(whic)n(h)h
-(the)g(certi\034cate)e(is)i(not)f(v)-5 b(alid.)43 b(The)29
-b(string)g(is)g(formatted)h(as)e(an)208 3642 y(ASN1)f(GENERALIZEDTIME:)
-1110 3866 y Fi(YYYYMMDDhhmmssZ)1110 3957 y(YYYYMMDDhhmmss+hhmm)1110
-4049 y(YYYYMMDDhhmmss-hhmm)208 4205 y Fq(If)h(no)f(v)-5
-b(alue)27 b(exists)g(for)g(this)h(\034eld,)g Fl(None)e
-Fq(is)i(returned.)0 4352 y Fl(set_notBefore\()p Fc(when)6
-b Fl(\))208 4452 y Fq(Change)35 b(the)i(time)f(b)r(efore)g(whic)n(h)g
+Fq(is)i(returned.)0 4824 y Fl(set_notBefore\()p Fc(when)6
+b Fl(\))208 4923 y Fq(Change)35 b(the)i(time)f(b)r(efore)g(whic)n(h)g
 (the)h(certi\034cate)f(is)g(not)g(v)-5 b(alid.)63 b Fc(when)43
 b Fq(is)36 b(a)g(string)f(formatted)h(as)g(an)g(ASN1)208
-4552 y(GENERALIZEDTIME:)1110 4776 y Fi(YYYYMMDDhhmmssZ)1110
-4867 y(YYYYMMDDhhmmss+hhmm)1110 4958 y(YYYYMMDDhhmmss-hhmm)0
-5163 y Fl(set_notAfter\()p Fc(when)6 b Fl(\))208 5263
-y Fq(Change)38 b(the)h(time)h(after)e(whic)n(h)h(the)h(certi\034cate)e
-(is)h(not)g(v)-5 b(alid.)71 b Fc(when)46 b Fq(is)39 b(a)g(string)f
-(formatted)h(as)f(an)h(ASN1)208 5362 y(GENERALIZEDTIME:)p
-0 5549 3901 4 v 0 5649 a Ff(3.1)82 b Fl(crypto)25 b Ff(\026)j(Generic)g
-(cryptographic)e(mo)r(dule)2234 b(5)p eop end
+5023 y(GENERALIZEDTIME:)p 0 5549 3901 4 v 0 5649 a Ff(3.1)82
+b Fl(crypto)25 b Ff(\026)j(Generic)g(cryptographic)e(mo)r(dule)2234
+b(5)p eop end
 %%Page: 6 6
 TeXDict begin 6 5 bop 1110 174 a Fi(YYYYMMDDhhmmssZ)1110
 266 y(YYYYMMDDhhmmss+hhmm)1110 357 y(YYYYMMDDhhmmss-hhmm)0
-562 y Fl(gmtime_adj_notBe)o(fo)o(re\()o Fc(time)6 b Fl(\))208
-661 y Fq(A)n(djust)28 b(the)g(timestamp)g(\(in)g(GMT\))g(when)g(the)f
-(certi\034cate)g(starts)g(b)r(eing)h(v)-5 b(alid.)0 808
-y Fl(gmtime_adj_notAf)o(te)o(r\()p Fc(t)o(ime)6 b Fl(\))208
-908 y Fq(A)n(djust)28 b(the)g(timestamp)g(\(in)g(GMT\))g(when)g(the)f
-(certi\034cate)g(stops)g(b)r(eing)h(v)-5 b(alid.)0 1054
-y Fl(has_expired\(\))208 1154 y Fq(Chec)n(ks)32 b(the)h
-(certi\034cate's)f(time)i(stamp)f(against)f(curren)n(t)g(time.)54
-b(Returns)33 b(true)g(if)g(the)h(certi\034cate)e(has)h(expired)208
-1254 y(and)27 b(false)g(otherwise.)0 1401 y Fl(set_issuer\()p
-Fc(issuer)9 b Fl(\))208 1500 y Fq(Set)28 b(the)f(issuer)g(of)h(the)g
-(certi\034cate)f(to)g Fc(issuer)9 b Fq(.)0 1647 y Fl(set_pubkey\()p
-Fc(pkey)e Fl(\))208 1747 y Fq(Set)28 b(the)f(public)h(k)n(ey)f(of)h
-(the)g(certi\034cate)f(to)g Fc(pkey)7 b Fq(.)0 1894 y
-Fl(set_serial_numbe)o(r\()o Fc(serialno)e Fl(\))208 1993
+562 y Fl(set_notAfter\()p Fc(when)6 b Fl(\))208 661 y
+Fq(Change)38 b(the)h(time)h(after)e(whic)n(h)h(the)h(certi\034cate)e
+(is)h(not)g(v)-5 b(alid.)71 b Fc(when)46 b Fq(is)39 b(a)g(string)f
+(formatted)h(as)f(an)h(ASN1)208 761 y(GENERALIZEDTIME:)1110
+985 y Fi(YYYYMMDDhhmmssZ)1110 1076 y(YYYYMMDDhhmmss+hhmm)1110
+1168 y(YYYYMMDDhhmmss-hhmm)0 1372 y Fl(gmtime_adj_notBe)o(fo)o(re\()o
+Fc(time)6 b Fl(\))208 1472 y Fq(A)n(djust)28 b(the)g(timestamp)g(\(in)g
+(GMT\))g(when)g(the)f(certi\034cate)g(starts)g(b)r(eing)h(v)-5
+b(alid.)0 1619 y Fl(gmtime_adj_notAf)o(te)o(r\()p Fc(t)o(ime)6
+b Fl(\))208 1718 y Fq(A)n(djust)28 b(the)g(timestamp)g(\(in)g(GMT\))g
+(when)g(the)f(certi\034cate)g(stops)g(b)r(eing)h(v)-5
+b(alid.)0 1865 y Fl(has_expired\(\))208 1965 y Fq(Chec)n(ks)32
+b(the)h(certi\034cate's)f(time)i(stamp)f(against)f(curren)n(t)g(time.)
+54 b(Returns)33 b(true)g(if)g(the)h(certi\034cate)e(has)h(expired)208
+2064 y(and)27 b(false)g(otherwise.)0 2211 y Fl(set_issuer\()p
+Fc(issuer)9 b Fl(\))208 2311 y Fq(Set)28 b(the)f(issuer)g(of)h(the)g
+(certi\034cate)f(to)g Fc(issuer)9 b Fq(.)0 2458 y Fl(set_pubkey\()p
+Fc(pkey)e Fl(\))208 2557 y Fq(Set)28 b(the)f(public)h(k)n(ey)f(of)h
+(the)g(certi\034cate)f(to)g Fc(pkey)7 b Fq(.)0 2704 y
+Fl(set_serial_numbe)o(r\()o Fc(serialno)e Fl(\))208 2804
 y Fq(Set)28 b(the)f(serial)g(n)n(um)n(b)r(er)g(of)h(the)g
-(certi\034cate)f(to)g Fc(serialno)5 b Fq(.)0 2140 y Fl(set_subject\()p
-Fc(subje)l(ct)j Fl(\))208 2240 y Fq(Set)28 b(the)f(sub)5
+(certi\034cate)f(to)g Fc(serialno)5 b Fq(.)0 2951 y Fl(set_subject\()p
+Fc(subje)l(ct)j Fl(\))208 3050 y Fq(Set)28 b(the)f(sub)5
 b(ject)28 b(of)g(the)g(certi\034cate)f(to)g Fc(subje)l(ct)8
-b Fq(.)0 2387 y Fl(set_version\()p Fc(version)e Fl(\))208
-2486 y Fq(Set)28 b(the)f(certi\034cate)g(v)n(ersion)f(to)i
-Fc(version)6 b Fq(.)0 2633 y Fl(sign\()p Fc(pkey,)29
-b(digest)8 b Fl(\))208 2733 y Fq(Sign)22 b(the)h(certi\034cate,)f
+b Fq(.)0 3197 y Fl(set_version\()p Fc(version)e Fl(\))208
+3297 y Fq(Set)28 b(the)f(certi\034cate)g(v)n(ersion)f(to)i
+Fc(version)6 b Fq(.)0 3444 y Fl(sign\()p Fc(pkey,)29
+b(digest)8 b Fl(\))208 3543 y Fq(Sign)22 b(the)h(certi\034cate,)f
 (using)g(the)h(k)n(ey)g Fc(pkey)31 b Fq(and)22 b(the)h(message)e
 (digest)h(algorithm)f(iden)n(ti\034ed)i(b)n(y)f(the)h(string)f
-Fc(digest)8 b Fq(.)0 2880 y Fl(subject_name_has)o(h\()o(\))208
-2979 y Fq(Return)27 b(the)h(hash)f(of)h(the)g(certi\034cate)f(sub)5
-b(ject.)0 3126 y Fl(digest\()p Fc(digest_name)h Fl(\))208
-3226 y Fq(Return)38 b(a)f(digest)h(of)g(the)g(certi\034cate,)i(using)e
+Fc(digest)8 b Fq(.)0 3690 y Fl(subject_name_has)o(h\()o(\))208
+3790 y Fq(Return)27 b(the)h(hash)f(of)h(the)g(certi\034cate)f(sub)5
+b(ject.)0 3937 y Fl(digest\()p Fc(digest_name)h Fl(\))208
+4036 y Fq(Return)38 b(a)f(digest)h(of)g(the)g(certi\034cate,)i(using)e
 (the)g Fc(digest_name)45 b Fq(metho)r(d.)69 b Fc(digest_name)45
-b Fq(m)n(ust)38 b(b)r(e)g(a)g(string)208 3325 y(describing)28
+b Fq(m)n(ust)38 b(b)r(e)g(a)g(string)208 4136 y(describing)28
 b(a)i(digest)f(algorithm)f(supp)r(orted)i(b)n(y)f(Op)r(enSSL)h(\(b)n(y)
 g(EVP_get_digestb)n(yname,)f(sp)r(eci\034cally\).)43
-b(F)-7 b(or)208 3425 y(example,)27 b Fl("md5")e Fq(or)i
-Fl("sha1")p Fq(.)0 3572 y Fl(add_extensions\()p Fc(ex)o(tensions)7
-b Fl(\))208 3671 y Fq(A)n(dd)27 b(the)h(extensions)f(in)h(the)g
+b(F)-7 b(or)208 4236 y(example,)27 b Fl("md5")e Fq(or)i
+Fl("sha1")p Fq(.)0 4382 y Fl(add_extensions\()p Fc(ex)o(tensions)7
+b Fl(\))208 4482 y Fq(A)n(dd)27 b(the)h(extensions)f(in)h(the)g
 (sequence)f Fc(extensions)34 b Fq(to)27 b(the)h(certi\034cate.)0
-3934 y Ff(X509Name)e(objects)0 4135 y Fq(X509Name)g(ob)5
+4745 y Ff(X509Name)e(objects)0 4946 y Fq(X509Name)g(ob)5
 b(jects)27 b(ha)n(v)n(e)g(the)h(follo)n(wing)e(metho)r(ds:)0
-4282 y Fl(hash\(\))208 4381 y Fq(Return)e(an)g(in)n(teger)f(giving)g
+5092 y Fl(hash\(\))208 5192 y Fq(Return)e(an)g(in)n(teger)f(giving)g
 (the)i(\034rst)f(four)g(b)n(ytes)f(of)h(the)h(MD5)f(digest)g(of)g(the)h
-(DER)g(represen)n(tation)e(of)h(the)g(name.)0 4528 y
-Fl(der\(\))208 4628 y Fq(Return)j(a)g(string)g(giving)g(the)h(DER)h
-(represen)n(tation)c(of)j(the)g(name.)0 4775 y Fl(get_components\(\))
-208 4874 y Fq(Return)f(a)g(list)h(of)g(t)n(w)n(o-tuples)e(of)i(strings)
-e(giving)h(the)h(comp)r(onen)n(ts)f(of)h(the)g(name.)0
-5021 y(X509Name)e(ob)5 b(jects)27 b(ha)n(v)n(e)g(the)h(follo)n(wing)e
-(mem)n(b)r(ers:)0 5168 y Fl(countryName)208 5268 y Fq(The)h(coun)n(try)
-g(of)g(the)h(en)n(tit)n(y)-7 b(.)37 b Fl(C)27 b Fq(ma)n(y)g(b)r(e)h
-(used)g(as)f(an)g(alias)f(for)h Fl(countryName)p Fq(.)p
-0 5549 3901 4 v 0 5649 a Ff(6)2239 b(3)83 b Fl(OpenSSL)24
-b Ff(\026)k(Python)f(interface)h(to)f(Op)r(enSSL)p eop
-end
+(DER)g(represen)n(tation)e(of)h(the)g(name.)0 5339 y
+Fl(der\(\))p 0 5549 3901 4 v 0 5649 a Ff(6)2239 b(3)83
+b Fl(OpenSSL)24 b Ff(\026)k(Python)f(interface)h(to)f(Op)r(enSSL)p
+eop end
 %%Page: 7 7
-TeXDict begin 7 6 bop 0 83 a Fl(stateOrProvinceN)o(am)o(e)208
-183 y Fq(The)27 b(state)h(or)e(pro)n(vince)g(of)i(the)g(en)n(tit)n(y)-7
+TeXDict begin 7 6 bop 208 83 a Fq(Return)27 b(a)g(string)g(giving)g
+(the)h(DER)h(represen)n(tation)c(of)j(the)g(name.)0 230
+y Fl(get_components\(\))208 330 y Fq(Return)f(a)g(list)h(of)g(t)n(w)n
+(o-tuples)e(of)i(strings)e(giving)h(the)h(comp)r(onen)n(ts)f(of)h(the)g
+(name.)0 476 y(X509Name)e(ob)5 b(jects)27 b(ha)n(v)n(e)g(the)h(follo)n
+(wing)e(mem)n(b)r(ers:)0 623 y Fl(countryName)208 723
+y Fq(The)h(coun)n(try)g(of)g(the)h(en)n(tit)n(y)-7 b(.)37
+b Fl(C)27 b Fq(ma)n(y)g(b)r(e)h(used)g(as)f(an)g(alias)f(for)h
+Fl(countryName)p Fq(.)0 870 y Fl(stateOrProvinceN)o(am)o(e)208
+969 y Fq(The)g(state)h(or)e(pro)n(vince)g(of)i(the)g(en)n(tit)n(y)-7
 b(.)37 b Fl(ST)27 b Fq(ma)n(y)f(b)r(e)i(used)g(as)f(an)g(alias)g(for)g
-Fl(stateOrProvince)o(Na)o(me)p Fq(\267)0 330 y Fl(localityName)208
-429 y Fq(The)g(lo)r(calit)n(y)g(of)h(the)f(en)n(tit)n(y)-7
+Fl(stateOrProvince)o(Na)o(me)p Fq(\267)0 1116 y Fl(localityName)208
+1216 y Fq(The)g(lo)r(calit)n(y)g(of)h(the)f(en)n(tit)n(y)-7
 b(.)37 b Fl(L)28 b Fq(ma)n(y)e(b)r(e)i(used)g(as)f(an)g(alias)g(for)g
-Fl(localityName)p Fq(.)0 576 y Fl(organizationName)208
-676 y Fq(The)g(organization)e(name)j(of)f(the)h(en)n(tit)n(y)-7
+Fl(localityName)p Fq(.)0 1363 y Fl(organizationName)208
+1462 y Fq(The)g(organization)e(name)j(of)f(the)h(en)n(tit)n(y)-7
 b(.)37 b Fl(O)27 b Fq(ma)n(y)g(b)r(e)h(used)g(as)e(an)i(alias)e(for)h
-Fl(organizationName)p Fq(.)0 823 y Fl(organizationalUn)o(it)o(Nam)o(e)
-208 922 y Fq(The)g(organizational)e(unit)j(of)g(the)g(en)n(tit)n(y)-7
+Fl(organizationName)p Fq(.)0 1609 y Fl(organizationalUn)o(it)o(Nam)o(e)
+208 1709 y Fq(The)g(organizational)e(unit)j(of)g(the)g(en)n(tit)n(y)-7
 b(.)36 b Fl(OU)27 b Fq(ma)n(y)g(b)r(e)h(used)g(as)f(an)g(alias)f(for)h
-Fl(organizationalUni)o(tN)o(am)o(e)p Fq(.)0 1069 y Fl(commonName)208
-1169 y Fq(The)g(common)g(name)h(of)f(the)h(en)n(tit)n(y)-7
+Fl(organizationalUni)o(tN)o(am)o(e)p Fq(.)0 1856 y Fl(commonName)208
+1955 y Fq(The)g(common)g(name)h(of)f(the)h(en)n(tit)n(y)-7
 b(.)37 b Fl(CN)27 b Fq(ma)n(y)f(b)r(e)i(used)g(as)f(an)g(alias)g(for)g
-Fl(commonName)p Fq(.)0 1316 y Fl(emailAddress)208 1415
+Fl(commonName)p Fq(.)0 2102 y Fl(emailAddress)208 2202
 y Fq(The)g(e-mail)g(address)f(of)i(the)g(en)n(tit)n(y)-7
-b(.)0 1678 y Ff(X509Req)26 b(objects)0 1879 y Fq(X509Req)g(ob)5
+b(.)0 2465 y Ff(X509Req)26 b(objects)0 2665 y Fq(X509Req)g(ob)5
 b(jects)27 b(ha)n(v)n(e)g(the)h(follo)n(wing)e(metho)r(ds:)0
-2025 y Fl(get_pubkey\(\))208 2125 y Fq(Return)h(a)g(PKey)h(ob)5
+2812 y Fl(get_pubkey\(\))208 2912 y Fq(Return)h(a)g(PKey)h(ob)5
 b(ject)27 b(represen)n(ting)f(the)i(public)g(k)n(ey)f(of)g(the)h
-(certi\034cate)f(request.)0 2272 y Fl(get_subject\(\))208
-2372 y Fq(Return)g(an)h(X509Name)e(ob)5 b(ject)27 b(represen)n(ting)f
+(certi\034cate)f(request.)0 3059 y Fl(get_subject\(\))208
+3158 y Fq(Return)g(an)h(X509Name)e(ob)5 b(ject)27 b(represen)n(ting)f
 (the)i(sub)5 b(ject)28 b(of)f(the)h(certi\034cate.)0
-2518 y Fl(set_pubkey\()p Fc(pkey)7 b Fl(\))208 2618 y
+3305 y Fl(set_pubkey\()p Fc(pkey)7 b Fl(\))208 3405 y
 Fq(Set)28 b(the)f(public)h(k)n(ey)f(of)h(the)g(certi\034cate)f(request)
-g(to)g Fc(pkey)7 b Fq(.)0 2765 y Fl(sign\()p Fc(pkey,)29
-b(digest)8 b Fl(\))208 2865 y Fq(Sign)36 b(the)g(certi\034cate)g
+g(to)g Fc(pkey)7 b Fq(.)0 3552 y Fl(sign\()p Fc(pkey,)29
+b(digest)8 b Fl(\))208 3651 y Fq(Sign)36 b(the)g(certi\034cate)g
 (request,)h(using)f(the)g(k)n(ey)h Fc(pkey)45 b Fq(and)36
 b(the)g(message)f(digest)g(algorithm)g(iden)n(ti\034ed)i(b)n(y)f(the)
-208 2964 y(string)28 b Fc(digest)8 b Fq(.)0 3111 y Fl(verify\()p
-Fc(pkey)f Fl(\))208 3211 y Fq(V)-7 b(erify)27 b(a)g(certi\034cate)g
+208 3751 y(string)28 b Fc(digest)8 b Fq(.)0 3898 y Fl(verify\()p
+Fc(pkey)f Fl(\))208 3997 y Fq(V)-7 b(erify)27 b(a)g(certi\034cate)g
 (request)g(using)g(the)h(public)g(k)n(ey)g Fc(pkey)7
-b Fq(.)0 3358 y Fl(set_version\()p Fc(version)f Fl(\))208
-3457 y Fq(Set)28 b(the)f(v)n(ersion)f(\(RF)n(C)i(2459,)e(4.1.2.1\))g
+b Fq(.)0 4144 y Fl(set_version\()p Fc(version)f Fl(\))208
+4244 y Fq(Set)28 b(the)f(v)n(ersion)f(\(RF)n(C)i(2459,)e(4.1.2.1\))g
 (of)i(the)g(certi\034cate)f(request)f(to)i Fc(version)6
-b Fq(.)0 3604 y Fl(get_version\(\))208 3704 y Fq(Get)28
+b Fq(.)0 4391 y Fl(get_version\(\))208 4490 y Fq(Get)28
 b(the)f(v)n(ersion)f(\(RF)n(C)i(2459,)e(4.1.2.1\))g(of)i(the)g
-(certi\034cate)f(request.)0 3967 y Ff(X509Sto)n(re)f(objects)0
-4167 y Fq(The)i(X509Store)d(ob)5 b(ject)28 b(has)f(curren)n(tly)f(just)
-i(one)g(metho)r(d:)0 4314 y Fl(add_cert\()p Fc(c)l(ert)8
-b Fl(\))208 4414 y Fq(A)n(dd)27 b(the)h(certi\034cate)f
-Fc(c)l(ert)36 b Fq(to)27 b(the)h(certi\034cate)f(store.)0
-4677 y Ff(PKey)g(objects)0 4877 y Fq(The)h(PKey)f(ob)5
-b(ject)27 b(has)g(the)h(follo)n(wing)f(metho)r(ds:)0
-5024 y Fl(bits\(\))208 5124 y Fq(Return)g(the)h(n)n(um)n(b)r(er)f(of)h
-(bits)g(of)f(the)h(k)n(ey)-7 b(.)0 5271 y Fl(generate_key\()p
-Fc(typ)l(e,)25 b(bits)7 b Fl(\))208 5370 y Fq(Generate)22
+(certi\034cate)f(request.)0 4753 y Ff(X509Sto)n(re)f(objects)0
+4954 y Fq(The)i(X509Store)d(ob)5 b(ject)28 b(has)f(curren)n(tly)f(just)
+i(one)g(metho)r(d:)0 5101 y Fl(add_cert\()p Fc(c)l(ert)8
+b Fl(\))208 5200 y Fq(A)n(dd)27 b(the)h(certi\034cate)f
+Fc(c)l(ert)36 b Fq(to)27 b(the)h(certi\034cate)f(store.)p
+0 5549 3901 4 v 0 5649 a Ff(3.1)82 b Fl(crypto)25 b Ff(\026)j(Generic)g
+(cryptographic)e(mo)r(dule)2234 b(7)p eop end
+%%Page: 8 8
+TeXDict begin 8 7 bop 0 83 a Ff(PKey)27 b(objects)0 283
+y Fq(The)h(PKey)f(ob)5 b(ject)27 b(has)g(the)h(follo)n(wing)f(metho)r
+(ds:)0 430 y Fl(bits\(\))208 530 y Fq(Return)g(the)h(n)n(um)n(b)r(er)f
+(of)h(bits)g(of)f(the)h(k)n(ey)-7 b(.)0 677 y Fl(generate_key\()p
+Fc(typ)l(e,)25 b(bits)7 b Fl(\))208 776 y Fq(Generate)22
 b(a)h(public/priv)-5 b(ate)23 b(k)n(ey)f(pair)h(of)g(the)h(t)n(yp)r(e)f
 Fc(typ)l(e)30 b Fq(\(one)23 b(of)30 b Fl(TYPE_RSA)19
 b Fq(and)24 b Fl(TYPE_DSA)p Fq(\))c(with)j(the)h(size)f
-Fc(bits)7 b Fq(.)p 0 5549 3901 4 v 0 5649 a Ff(3.1)82
-b Fl(crypto)25 b Ff(\026)j(Generic)g(cryptographic)e(mo)r(dule)2234
-b(7)p eop end
-%%Page: 8 8
-TeXDict begin 8 7 bop 0 83 a Fl(type\(\))208 183 y Fq(Return)27
-b(the)h(t)n(yp)r(e)g(of)f(the)h(k)n(ey)-7 b(.)0 446 y
-Ff(PK)n(CS7)27 b(objects)0 646 y Fq(PK)n(CS7)g(ob)5 b(jects)27
-b(ha)n(v)n(e)f(the)i(follo)n(wing)f(metho)r(ds:)0 793
-y Fl(type_is_signed\(\))208 893 y Fq(FIXME)0 1040 y Fl
-(type_is_envelope)o(d\()o(\))208 1139 y Fq(FIXME)0 1286
-y Fl(type_is_signedAn)o(dE)o(nve)o(lo)o(pe)o(d\(\))208
-1386 y Fq(FIXME)0 1532 y Fl(type_is_data\(\))208 1632
-y Fq(FIXME)0 1779 y Fl(get_type_name\(\))208 1879 y Fq(Get)h(the)f(t)n
-(yp)r(e)h(name)g(of)f(the)h(PK)n(CS7.)0 2142 y Ff(PK)n(CS12)e(objects)0
-2342 y Fq(PK)n(CS12)g(ob)5 b(jects)28 b(ha)n(v)n(e)e(the)i(follo)n
-(wing)e(metho)r(ds:)0 2489 y Fl(get_certificate\()o(\))208
-2589 y Fq(Return)h(certi\034cate)g(p)r(ortion)g(of)h(the)g(PK)n(CS12)e
-(structure.)0 2735 y Fl(get_privatekey\(\))208 2835 y
-Fq(Return)h(priv)-5 b(ate)27 b(k)n(ey)g(p)r(ortion)g(of)h(the)g(PK)n
-(CS12)e(structure)0 2982 y Fl(get_ca_certifica)o(te)o(s\(\))208
-3082 y Fq(Return)k(CA)g(certi\034cates)f(within)i(the)f(PK)n(CS12)f(ob)
-5 b(ject)30 b(as)f(a)g(tuple.)45 b(Returns)30 b(None)g(if)g(no)g(CA)g
-(certi\034cates)f(are)208 3181 y(presen)n(t.)0 3444 y
-Ff(X509Extension)c(objects)0 3645 y Fq(X509Extension)h(ob)5
-b(jects)27 b(ha)n(v)n(e)g(sev)n(eral)f(metho)r(ds:)0
-3792 y Fl(get_critical\(\))208 3891 y Fq(Return)h(the)h(critical)f
-(\034eld)h(of)f(the)h(extension)f(ob)5 b(ject.)0 4038
-y Fl(get_short_name\(\))208 4138 y Fq(Return)27 b(the)h(short)f(t)n(yp)
-r(e)h(name)f(of)h(the)g(extension)f(ob)5 b(ject.)0 4401
-y Ff(Netscap)r(eSPKI)27 b(objects)0 4601 y Fq(Netscap)r(eSPKI)h(ob)5
-b(jects)27 b(ha)n(v)n(e)f(the)i(follo)n(wing)e(metho)r(ds:)0
-4748 y Fl(b64_encode\(\))208 4848 y Fq(Return)h(a)g(base64-enco)r(ded)f
-(string)h(represen)n(tation)e(of)j(the)g(ob)5 b(ject.)0
-4995 y Fl(get_pubkey\(\))208 5094 y Fq(Return)27 b(the)h(public)g(k)n
-(ey)f(of)h(ob)5 b(ject.)0 5241 y Fl(set_pubkey\()p Fc(key)i
-Fl(\))208 5341 y Fq(Set)28 b(the)f(public)h(k)n(ey)f(of)h(the)g(ob)5
-b(ject)27 b(to)h Fc(key)7 b Fq(.)p 0 5549 3901 4 v 0
-5649 a Ff(8)2239 b(3)83 b Fl(OpenSSL)24 b Ff(\026)k(Python)f(interface)
-h(to)f(Op)r(enSSL)p eop end
+Fc(bits)7 b Fq(.)0 923 y Fl(type\(\))208 1023 y Fq(Return)27
+b(the)h(t)n(yp)r(e)g(of)f(the)h(k)n(ey)-7 b(.)0 1282
+y Ff(PK)n(CS7)27 b(objects)0 1483 y Fq(PK)n(CS7)g(ob)5
+b(jects)27 b(ha)n(v)n(e)f(the)i(follo)n(wing)f(metho)r(ds:)0
+1630 y Fl(type_is_signed\(\))208 1729 y Fq(FIXME)0 1876
+y Fl(type_is_envelope)o(d\()o(\))208 1976 y Fq(FIXME)0
+2123 y Fl(type_is_signedAn)o(dE)o(nve)o(lo)o(pe)o(d\(\))208
+2222 y Fq(FIXME)0 2369 y Fl(type_is_data\(\))208 2469
+y Fq(FIXME)0 2616 y Fl(get_type_name\(\))208 2715 y Fq(Get)h(the)f(t)n
+(yp)r(e)h(name)g(of)f(the)h(PK)n(CS7.)0 2975 y Ff(PK)n(CS12)e(objects)0
+3175 y Fq(PK)n(CS12)g(ob)5 b(jects)28 b(ha)n(v)n(e)e(the)i(follo)n
+(wing)e(metho)r(ds:)0 3336 y Fl(export\()p Fb([)p Fc(p)l(assphr)l
+(ase=None)16 b Fb(][)p Fc(,)29 b(iter=2048)c Fb(][)p
+Fc(,)k(maciter=1)24 b Fb(])p Fl(\))208 3436 y Fq(Returns)j(a)g(PK)n
+(CS12)g(ob)5 b(ject)27 b(as)g(a)g(string.)208 3564 y(The)g(optional)g
+Fc(p)l(assphr)l(ase)35 b Fq(m)n(ust)28 b(b)r(e)g(a)f(string)g(not)h(a)f
+(callbac)n(k.)208 3693 y(See)g(also)g(the)h(man)f(page)g(for)g(the)h(C)
+f(function)h Fl(PKCS12_create)p Fq(.)0 3840 y Fl(get_ca_certifica)o(te)
+o(s\(\))208 3939 y Fq(Return)i(CA)h(certi\034cates)f(within)h(the)g(PK)
+n(CS12)f(ob)5 b(ject)30 b(as)g(a)h(tuple.)46 b(Returns)31
+b Fl(None)e Fq(if)i(no)f(CA)h(certi\034cates)f(are)208
+4039 y(presen)n(t.)0 4186 y Fl(get_certificate\()o(\))208
+4286 y Fq(Return)d(certi\034cate)g(p)r(ortion)g(of)h(the)g(PK)n(CS12)e
+(structure.)0 4432 y Fl(get_friendlyname)o(\(\))208 4532
+y Fq(Return)h(friendlyName)h(p)r(ortion)f(of)g(the)h(PK)n(CS12)f
+(structure.)0 4679 y Fl(get_privatekey\(\))208 4778 y
+Fq(Return)g(priv)-5 b(ate)27 b(k)n(ey)g(p)r(ortion)g(of)h(the)g(PK)n
+(CS12)e(structure)0 4925 y Fl(set_ca_certifica)o(te)o(s\()p
+Fc(c)-5 b(ac)l(erts)7 b Fl(\))208 5025 y Fq(Replace)27
+b(or)f(set)i(the)g(CA)g(certi\034cates)e(within)j(the)f(PK)n(CS12)e(ob)
+5 b(ject)27 b(with)h(the)g(sequence)f Fc(c)l(ac)l(erts)7
+b Fq(.)208 5154 y(Set)28 b Fc(c)l(ac)l(erts)34 b Fq(to)27
+b Fl(None)f Fq(to)i(remo)n(v)n(e)e(all)h(CA)h(certi\034cates.)0
+5300 y Fl(set_certificate\()o Fc(c)l(ert)8 b Fl(\))208
+5400 y Fq(Replace)27 b(or)f(set)i(the)g(certi\034cate)f(p)r(ortion)g
+(of)g(the)h(PK)n(CS12)f(structure.)p 0 5549 3901 4 v
+0 5649 a Ff(8)2239 b(3)83 b Fl(OpenSSL)24 b Ff(\026)k(Python)f
+(interface)h(to)f(Op)r(enSSL)p eop end
 %%Page: 9 9
-TeXDict begin 9 8 bop 0 83 a Fl(sign\()p Fc(key,)29 b(digest_name)6
-b Fl(\))208 183 y Fq(Sign)30 b(the)h(Netscap)r(eSPKI)f(ob)5
+TeXDict begin 9 8 bop 0 83 a Fl(set_friendlyname)o(\()p
+Fc(n)o(ame)6 b Fl(\))208 183 y Fq(Replace)27 b(or)f(set)i(the)g
+(friendlyName)f(p)r(ortion)g(of)h(the)g(PK)n(CS12)e(structure.)0
+330 y Fl(set_privatekey\()p Fc(pkey)7 b Fl(\))208 429
+y Fq(Replace)27 b(or)f(set)i(priv)-5 b(ate)27 b(k)n(ey)g(p)r(ortion)g
+(of)h(the)g(PK)n(CS12)e(structure)0 692 y Ff(X509Extension)f(objects)0
+893 y Fq(X509Extension)h(ob)5 b(jects)27 b(ha)n(v)n(e)g(sev)n(eral)f
+(metho)r(ds:)0 1040 y Fl(get_critical\(\))208 1139 y
+Fq(Return)h(the)h(critical)f(\034eld)h(of)f(the)h(extension)f(ob)5
+b(ject.)0 1286 y Fl(get_short_name\(\))208 1386 y Fq(Return)27
+b(the)h(short)f(t)n(yp)r(e)h(name)f(of)h(the)g(extension)f(ob)5
+b(ject.)0 1649 y Ff(Netscap)r(eSPKI)27 b(objects)0 1849
+y Fq(Netscap)r(eSPKI)h(ob)5 b(jects)27 b(ha)n(v)n(e)f(the)i(follo)n
+(wing)e(metho)r(ds:)0 1996 y Fl(b64_encode\(\))208 2096
+y Fq(Return)h(a)g(base64-enco)r(ded)f(string)h(represen)n(tation)e(of)j
+(the)g(ob)5 b(ject.)0 2242 y Fl(get_pubkey\(\))208 2342
+y Fq(Return)27 b(the)h(public)g(k)n(ey)f(of)h(ob)5 b(ject.)0
+2489 y Fl(set_pubkey\()p Fc(key)i Fl(\))208 2589 y Fq(Set)28
+b(the)f(public)h(k)n(ey)f(of)h(the)g(ob)5 b(ject)27 b(to)h
+Fc(key)7 b Fq(.)0 2735 y Fl(sign\()p Fc(key,)29 b(digest_name)6
+b Fl(\))208 2835 y Fq(Sign)30 b(the)h(Netscap)r(eSPKI)f(ob)5
 b(ject)30 b(using)g(the)h(giv)n(en)f Fc(key)38 b Fq(and)31
 b Fc(digest_name)6 b Fq(.)46 b Fc(digest_name)37 b Fq(m)n(ust)31
-b(b)r(e)g(a)f(string)208 282 y(describing)e(a)i(digest)f(algorithm)f
+b(b)r(e)g(a)f(string)208 2935 y(describing)e(a)i(digest)f(algorithm)f
 (supp)r(orted)i(b)n(y)f(Op)r(enSSL)h(\(b)n(y)g(EVP_get_digestb)n
-(yname,)f(sp)r(eci\034cally\).)43 b(F)-7 b(or)208 382
+(yname,)f(sp)r(eci\034cally\).)43 b(F)-7 b(or)208 3034
 y(example,)27 b Fl("md5")e Fq(or)i Fl("sha1")p Fq(.)0
-529 y Fl(verify\()p Fc(key)7 b Fl(\))208 628 y Fq(V)-7
+3181 y Fl(verify\()p Fc(key)7 b Fl(\))208 3281 y Fq(V)-7
 b(erify)27 b(the)h(Netscap)r(eSPKI)g(ob)5 b(ject)27 b(using)g(the)h
-(giv)n(en)f Fc(key)7 b Fq(.)0 906 y Fj(3.2)97 b Fd(rand)34
+(giv)n(en)f Fc(key)7 b Fq(.)0 3560 y Fj(3.2)97 b Fd(rand)34
 b Fj(\026)e(An)h(interface)g(to)g(the)g(Op)s(enSSL)f(pseudo)h(random)g
-(numb)s(er)g(generato)m(r)0 1106 y Fq(This)28 b(mo)r(dule)f(handles)h
+(numb)s(er)g(generato)m(r)0 3761 y Fq(This)28 b(mo)r(dule)f(handles)h
 (the)f(Op)r(enSSL)h(pseudo)f(random)g(n)n(um)n(b)r(er)g(generator)f
-(\(PRNG\))j(and)e(declares)f(the)i(follo)n(wing:)0 1253
-y Fl(add\()p Fc(string,)g(entr)l(opy)7 b Fl(\))208 1353
+(\(PRNG\))j(and)e(declares)f(the)i(follo)n(wing:)0 3908
+y Fl(add\()p Fc(string,)g(entr)l(opy)7 b Fl(\))208 4007
 y Fq(Mix)22 b(b)n(ytes)g(from)g Fc(string)30 b Fq(in)n(to)22
 b(the)h(PRNG)h(state.)35 b(The)22 b Fc(entr)l(opy)30
 b Fq(argumen)n(t)22 b(is)g(\(the)h(lo)n(w)n(er)e(b)r(ound)i(of)6
-b(\))23 b(an)f(estimate)208 1452 y(of)f(ho)n(w)g(m)n(uc)n(h)h
+b(\))23 b(an)f(estimate)208 4107 y(of)f(ho)n(w)g(m)n(uc)n(h)h
 (randomness)e(is)h(con)n(tained)g(in)h Fc(string)7 b
 Fq(,)23 b(measured)e(in)h(b)n(ytes.)34 b(F)-7 b(or)21
-b(more)g(information,)h(see)g(e.g.)34 b(RF)n(C)208 1552
-y(1750.)0 1699 y Fl(egd\()p Fc(p)l(ath)6 b Fb([)p Fc(,)29
-b(bytes)19 b Fb(])p Fl(\))208 1798 y Fq(Query)29 b(the)j(En)n(trop)n(y)
-e(Gathering)g(Daemon)1629 1768 y Fk(2)1697 1798 y Fq(on)h(so)r(c)n(k)n
-(et)f Fc(p)l(ath)38 b Fq(for)30 b Fc(bytes)38 b Fq(b)n(ytes)31
-b(of)g(random)f(data)g(and)h(and)g(uses)208 1898 y Fl(add)26
-b Fq(to)h(seed)h(the)g(PRNG.)g(The)g(default)g(v)-5 b(alue)27
-b(of)34 b Fc(bytes)h Fq(is)27 b(255.)0 2059 y Fl(load_file\()p
-Fc(p)l(ath)6 b Fb([)p Fc(,)26 b(bytes)19 b Fb(])p Fl(\))208
-2159 y Fq(Read)29 b Fc(bytes)38 b Fq(b)n(ytes)30 b(\(or)f(all)h(of)g
-(it,)i(if)37 b Fc(bytes)g Fq(is)31 b(negativ)n(e\))e(of)h(data)g(from)g
-(the)g(\034le)h Fc(p)l(ath)37 b Fq(to)30 b(seed)g(the)h(PRNG.)g(The)208
-2259 y(default)d(v)-5 b(alue)27 b(of)34 b Fc(bytes)h
-Fq(is)27 b(-1.)0 2405 y Fl(screen\(\))208 2505 y Fq(A)n(dd)g(the)h
-(curren)n(t)f(con)n(ten)n(ts)g(of)g(the)h(screen)f(to)g(the)h(PRNG)h
-(state.)37 b(A)-9 b(v)k(ailabilit)n(y:)36 b(Windo)n(ws.)0
-2652 y Fl(seed\()p Fc(string)7 b Fl(\))208 2752 y Fq(This)27
-b(is)h(equiv)-5 b(alen)n(t)27 b(to)g(calling)h Fl(add)f
-Fq(with)h Fc(entr)l(opy)35 b Fq(as)27 b(the)h(length)f(of)h(the)g
-(string.)0 2898 y Fl(status\(\))208 2998 y Fq(Returns)f(true)g(if)i
-(the)e(PRNG)i(has)e(b)r(een)h(seeded)f(with)h(enough)f(data,)g(and)h
-(false)f(otherwise.)0 3145 y Fl(write_file\()p Fc(p)l(ath)6
-b Fl(\))208 3245 y Fq(W)-7 b(rite)34 b(a)g(n)n(um)n(b)r(er)g(of)h
-(random)e(b)n(ytes)h(\(curren)n(tly)g(1024\))f(to)h(the)h(\034le)f
-Fc(p)l(ath)6 b Fq(.)59 b(This)34 b(\034le)h(can)f(then)g(b)r(e)h(used)g
-(with)208 3344 y Fl(load_file)23 b Fq(to)28 b(seed)f(the)h(PRNG)h
-(again.)0 3621 y Fj(3.3)97 b Fd(SSL)33 b Fj(\026)f(An)h(interface)h(to)
-e(the)h(SSL-sp)s(eci\034c)h(pa)m(rts)f(of)f(Op)s(enSSL)0
-3822 y Fq(This)c(mo)r(dule)f(handles)h(things)f(sp)r(eci\034c)h(to)f
-(SSL.)h(There)f(are)f(t)n(w)n(o)h(ob)5 b(jects)27 b(de\034ned:)38
-b(Con)n(text,)27 b(Connection.)0 3969 y Fl(SSLv2_METHOD)0
-4068 y(SSLv3_METHOD)0 4168 y(SSLv23_METHOD)0 4268 y(TLSv1_METHOD)208
-4367 y Fq(These)g(constan)n(ts)f(represen)n(t)h(the)h(di\033eren)n(t)f
-(SSL)h(metho)r(ds)g(to)f(use)h(when)f(creating)g(a)g(con)n(text)g(ob)5
-b(ject.)0 4514 y Fl(VERIFY_NONE)0 4614 y(VERIFY_PEER)0
-4713 y(VERIFY_FAIL_IF_N)o(O_)o(PEE)o(R_)o(CE)o(RT)208
-4813 y Fq(These)27 b(constan)n(ts)f(represen)n(t)h(the)h(v)n
-(eri\034cation)e(mo)r(de)h(used)h(b)n(y)f(the)h(Con)n(text)f(ob)5
-b(ject's)27 b Fl(set_verify)d Fq(metho)r(d.)0 4960 y
-Fl(FILETYPE_PEM)0 5060 y(FILETYPE_ASN1)208 5159 y Fq(File)41
-b(t)n(yp)r(e)g(constan)n(ts)f(used)h(with)g(the)h Fl(use_certificate)o
-(_f)o(ile)34 b Fq(and)41 b Fl(use_privatekey_f)o(il)o(e)35
-b Fq(metho)r(ds)41 b(of)208 5259 y(Con)n(text)27 b(ob)5
-b(jects.)p 0 5323 1560 4 v 92 5377 a Fh(2)127 5400 y
-Fg(See)24 b Fp(http://www.lotha)n(r.com/tech/crypto/)p
+b(more)g(information,)h(see)g(e.g.)34 b(RF)n(C)208 4207
+y(1750.)0 4354 y Fl(bytes\()p Fc(num_bytes)7 b Fl(\))208
+4453 y Fq(Get)28 b(some)e(random)h(b)n(ytes)g(from)g(the)h(PRNG)h(as)e
+(a)g(string.)208 4586 y(This)g(is)h(a)f(wrapp)r(er)f(for)h(the)h(C)g
+(function)g Fl(RAND_bytes)p Fq(.)0 4733 y Fl(cleanup\(\))208
+4833 y Fq(Erase)e(the)i(memory)f(used)h(b)n(y)f(the)h(PRNG.)208
+4965 y(This)f(is)h(a)f(wrapp)r(er)f(for)h(the)h(C)g(function)g
+Fl(RAND_cleanup)p Fq(.)0 5129 y Fl(egd\()p Fc(p)l(ath)6
+b Fb([)p Fc(,)29 b(bytes)19 b Fb(])p Fl(\))208 5229 y
+Fq(Query)29 b(the)j(En)n(trop)n(y)e(Gathering)g(Daemon)1629
+5198 y Fk(2)1697 5229 y Fq(on)h(so)r(c)n(k)n(et)f Fc(p)l(ath)38
+b Fq(for)30 b Fc(bytes)38 b Fq(b)n(ytes)31 b(of)g(random)f(data)g(and)h
+(and)g(uses)p 0 5298 1560 4 v 92 5352 a Fh(2)127 5375
+y Fg(See)24 b Fp(http://www.lotha)n(r.com/tech/crypto/)p
 0 5549 3901 4 v 0 5649 a Ff(3.2)82 b Fl(rand)26 b Ff(\026)i(An)g
 (interface)f(to)g(the)h(Op)r(enSSL)g(pseudo)e(random)h(numb)r(er)h
 (generato)n(r)1148 b(9)p eop end
 %%Page: 10 10
-TeXDict begin 10 9 bop 0 83 a Fl(OP_SINGLE_DH_USE)0 183
-y(OP_EPHEMERAL_RSA)0 282 y(OP_NO_SSLv2)0 382 y(OP_NO_SSLv3)0
-482 y(OP_NO_TLSv1)208 581 y Fq(Constan)n(ts)30 b(used)i(with)g
-Fl(set_options)26 b Fq(of)32 b(Con)n(text)f(ob)5 b(jects.)48
-b Fl(OP_SINGLE_DH_USE)25 b Fq(means)31 b(to)g(alw)n(a)n(ys)f(create)g
-(a)208 681 y(new)19 b(k)n(ey)f(when)h(using)g(ephemeral)f
-(Di\036e-Hellman.)34 b Fl(OP_EPHEMERAL_RSA)13 b Fq(means)18
-b(to)h(alw)n(a)n(ys)e(use)i(ephemeral)g(RSA)208 780 y(k)n(eys)f(when)h
-(doing)f(RSA)i(op)r(erations.)33 b Fl(OP_NO_SSLv2)p Fq(,)16
-b Fl(OP_NO_SSLv3)f Fq(and)k Fl(OP_NO_TLSv1)14 b Fq(means)19
-b(to)g(disable)f(those)208 880 y(sp)r(eci\034c)29 b(proto)r(cols.)39
-b(This)29 b(is)g(in)n(teresting)g(if)g(y)n(ou're)f(using)g(e.g.)41
-b Fl(SSLv23_METHOD)24 b Fq(to)29 b(get)g(an)f(SSLv2-compatible)208
-980 y(handshak)n(e,)e(but)i(don't)g(w)n(an)n(t)f(to)g(use)h(SSLv2.)0
-1127 y Fl(ContextType)208 1226 y Fq(A)f(Python)h(t)n(yp)r(e)g(ob)5
-b(ject)28 b(represen)n(ting)d(the)j(Con)n(text)g(ob)5
-b(ject)27 b(t)n(yp)r(e.)0 1373 y Fl(Context\()p Fc(metho)l(d)9
-b Fl(\))208 1473 y Fq(F)-7 b(actory)34 b(function)i(that)g(creates)f(a)
-g(new)h(Con)n(text)f(ob)5 b(ject)36 b(giv)n(en)e(an)i(SSL)g(metho)r(d.)
-61 b(The)36 b(metho)r(d)g(should)g(b)r(e)208 1572 y Fl(SSLv2_METHOD)p
-Fq(,)22 b Fl(SSLv3_METHOD)p Fq(,)h Fl(SSLv23_METHOD)f
-Fq(or)27 b Fl(TLSv1_METHOD)p Fq(.)0 1719 y Fl(ConnectionType)208
-1819 y Fq(A)g(Python)h(t)n(yp)r(e)g(ob)5 b(ject)28 b(represen)n(ting)d
-(the)j(Connection)f(ob)5 b(ject)28 b(t)n(yp)r(e.)0 1966
-y Fl(Connection\()p Fc(c)l(ontext,)c(so)l(cket)8 b Fl(\))208
-2065 y Fq(F)-7 b(actory)26 b(fucnction)i(that)g(creates)e(a)h(new)h
-(Connection)f(ob)5 b(ject)27 b(giv)n(en)g(an)g(SSL)h(con)n(text)f(and)h
-(a)f(so)r(c)n(k)n(et)3538 2035 y Fk(3)3603 2065 y Fq(ob)5
-b(ject.)0 2212 y Fm(exception)32 b Fl(Error)208 2312
-y Fq(This)i(exception)g(is)h(used)f(as)g(a)h(base)e(class)h(for)g(the)h
-(other)f(SSL-related)g(exceptions,)i(but)f(ma)n(y)f(also)f(b)r(e)i
-(raised)208 2411 y(directly)-7 b(.)208 2544 y(Whenev)n(er)36
+TeXDict begin 10 9 bop 208 83 a Fl(add)26 b Fq(to)h(seed)h(the)g(PRNG.)
+g(The)g(default)g(v)-5 b(alue)27 b(of)34 b Fc(bytes)h
+Fq(is)27 b(255.)0 244 y Fl(load_file\()p Fc(p)l(ath)6
+b Fb([)p Fc(,)26 b(bytes)19 b Fb(])p Fl(\))208 344 y
+Fq(Read)29 b Fc(bytes)38 b Fq(b)n(ytes)30 b(\(or)f(all)h(of)g(it,)i(if)
+37 b Fc(bytes)g Fq(is)31 b(negativ)n(e\))e(of)h(data)g(from)g(the)g
+(\034le)h Fc(p)l(ath)37 b Fq(to)30 b(seed)g(the)h(PRNG.)g(The)208
+444 y(default)d(v)-5 b(alue)27 b(of)34 b Fc(bytes)h Fq(is)27
+b(-1.)0 590 y Fl(screen\(\))208 690 y Fq(A)n(dd)g(the)h(curren)n(t)f
+(con)n(ten)n(ts)g(of)g(the)h(screen)f(to)g(the)h(PRNG)h(state.)37
+b(A)-9 b(v)k(ailabilit)n(y:)36 b(Windo)n(ws.)0 837 y
+Fl(seed\()p Fc(string)7 b Fl(\))208 937 y Fq(This)27
+b(is)h(equiv)-5 b(alen)n(t)27 b(to)g(calling)h Fl(add)f
+Fq(with)h Fc(entr)l(opy)35 b Fq(as)27 b(the)h(length)f(of)h(the)g
+(string.)0 1083 y Fl(status\(\))208 1183 y Fq(Returns)f(true)g(if)i
+(the)e(PRNG)i(has)e(b)r(een)h(seeded)f(with)h(enough)f(data,)g(and)h
+(false)f(otherwise.)0 1330 y Fl(write_file\()p Fc(p)l(ath)6
+b Fl(\))208 1430 y Fq(W)-7 b(rite)34 b(a)g(n)n(um)n(b)r(er)g(of)h
+(random)e(b)n(ytes)h(\(curren)n(tly)g(1024\))f(to)h(the)h(\034le)f
+Fc(p)l(ath)6 b Fq(.)59 b(This)34 b(\034le)h(can)f(then)g(b)r(e)h(used)g
+(with)208 1529 y Fl(load_file)23 b Fq(to)28 b(seed)f(the)h(PRNG)h
+(again.)0 1676 y Fm(exception)j Fl(Error)208 1776 y Fq(If)i(the)g
+(curren)n(t)f(RAND)i(metho)r(d)f(supp)r(orts)f(an)n(y)g(errors,)h(this)
+g(is)f(raised)g(when)h(needed.)56 b(The)33 b(default)i(metho)r(d)208
+1875 y(do)r(es)27 b(not)g(raise)g(this)h(when)f(the)h(en)n(trop)n(y)e
+(p)r(o)r(ol)i(is)f(depleted.)208 2000 y(Whenev)n(er)36
 b(this)h(exception)g(is)g(raised)f(directly)-7 b(,)40
 b(it)d(has)g(a)f(list)i(of)f(error)e(messages)g(from)i(the)h(Op)r
-(enSSL)f(error)208 2644 y(queue,)k(where)d(eac)n(h)f(item)i(is)g(a)f
+(enSSL)f(error)208 2100 y(queue,)k(where)d(eac)n(h)f(item)i(is)g(a)f
 (tuple)h Fl(\()p Fc(lib)5 b Fl(,)44 b Fc(function)6 b
 Fl(,)43 b Fc(r)l(e)l(ason)6 b Fl(\))p Fq(.)70 b(Here)38
 b Fc(lib)5 b Fq(,)43 b Fc(function)h Fq(and)39 b Fc(r)l(e)l(ason)45
-b Fq(are)37 b(all)208 2743 y(strings,)26 b(describing)h(where)g(and)g
+b Fq(are)37 b(all)208 2200 y(strings,)26 b(describing)h(where)g(and)g
 (what)h(the)g(problem)f(is.)36 b(See)28 b Fc(err)p Fq(\(3\))g(for)f
-(more)g(information.)0 2890 y Fm(exception)32 b Fl(ZeroReturnError)208
-2990 y Fq(This)g(exception)g(matc)n(hes)g(the)h(error)d(return)i(co)r
-(de)h Fl(SSL_ERROR_ZERO_)o(RE)o(TUR)o(N)p Fq(,)26 b(and)33
-b(is)f(raised)f(when)i(the)g(SSL)208 3090 y(Connection)c(has)g(b)r(een)
-h(closed.)43 b(In)29 b(SSL)h(3.0)f(and)h(TLS)g(1.0,)f(this)h(only)f(o)r
-(ccurs)g(if)h(a)g(closure)e(alert)h(has)g(o)r(ccurred)208
-3189 y(in)g(the)g(proto)r(col,)f(i.e.)41 b(the)29 b(connection)f(has)g
-(b)r(een)i(closed)e(cleanly)-7 b(.)40 b(Note)29 b(that)g(this)g(do)r
-(es)f(not)h(necessarily)e(mean)208 3289 y(that)g(the)h(transp)r(ort)f
-(la)n(y)n(er)f(\(e.g.)36 b(a)28 b(so)r(c)n(k)n(et\))e(has)h(b)r(een)h
-(closed.)208 3422 y(It)k(ma)n(y)f(seem)h(a)f(little)i(strange)e(that)h
-(this)g(is)g(an)g(exception,)g(but)h(it)f(do)r(es)g(matc)n(h)g(an)f
-Fl(SSL_ERROR)e Fq(co)r(de,)j(and)g(is)208 3521 y(v)n(ery)26
-b(con)n(v)n(enien)n(t.)0 3668 y Fm(exception)32 b Fl(WantReadError)208
-3768 y Fq(The)i(op)r(eration)e(did)j(not)f(complete;)j(the)d(same)g
-(I/O)f(metho)r(d)h(should)g(b)r(e)g(called)g(again)f(later,)i(with)f
-(the)h(same)208 3867 y(argumen)n(ts.)g(An)n(y)28 b(I/O)e(metho)r(d)i
-(can)f(lead)h(to)f(this)h(since)f(new)h(handshak)n(es)e(can)h(o)r(ccur)
-g(at)g(an)n(y)g(time.)0 4014 y Fm(exception)32 b Fl(WantWriteError)208
-4114 y Fq(See)27 b Fl(WantReadError)p Fq(.)0 4261 y Fm(exception)32
-b Fl(WantX509LookupE)o(rr)o(or)208 4360 y Fq(The)24 b(op)r(eration)g
-(did)h(not)g(complete)f(b)r(ecause)g(an)h(application)f(callbac)n(k)f
-(has)h(ask)n(ed)g(to)g(b)r(e)h(called)g(again.)34 b(The)25
-b(I/O)208 4460 y(metho)r(d)f(should)h(b)r(e)f(called)g(again)g(later,)g
-(with)h(the)g(same)e(argumen)n(ts.)35 b(Note:)g(This)24
-b(w)n(on't)h(o)r(ccur)e(in)i(this)g(v)n(ersion,)208 4560
-y(as)h(there)i(are)e(no)i(suc)n(h)f(callbac)n(ks)f(in)i(this)f(v)n
-(ersion.)0 4707 y Fm(exception)32 b Fl(SysCallError)208
-4806 y Fq(The)25 b Fl(SysCallError)20 b Fq(o)r(ccurs)k(when)i(there's)e
-(an)h(I/O)g(error)e(and)i(Op)r(enSSL's)g(error)e(queue)i(do)r(es)g(not)
-g(con)n(tain)g(an)n(y)208 4906 y(information.)59 b(This)36
-b(can)f(mean)g(t)n(w)n(o)g(things:)52 b(An)36 b(error)d(in)j(the)g
-(transp)r(ort)e(proto)r(col,)i(or)f(an)g(end)h(of)f(\034le)h(that)208
-5005 y(violates)26 b(the)i(proto)r(col.)36 b(The)27 b(parameter)f(to)i
-(the)g(exception)f(is)g(alw)n(a)n(ys)f(a)h(pair)g Fl(\()p
-Fc(errnum)6 b Fl(,)42 b Fc(errstr)9 b Fl(\))p Fq(.)p
-0 5075 1560 4 v 92 5128 a Fh(3)127 5152 y Fg(A)n(ctually)-6
-b(,)25 b(all)e(that)j(is)d(required)j(is)e(an)g(ob)t(ject)h(that)h
-Fa(b)l(ehaves)e Fg(lik)n(e)g(a)h(so)r(c)n(k)n(et,)g(y)n(ou)g(could)g
-(ev)n(en)g(use)f(\034les,)g(ev)n(en)i(though)f(it'd)f(b)r(e)h(tric)n
-(ky)g(to)0 5231 y(get)g(the)f(handshak)n(es)h(righ)n(t!)p
-0 5549 3901 4 v 0 5649 a Ff(10)2197 b(3)83 b Fl(OpenSSL)24
+(more)g(information.)0 2473 y Fj(3.3)97 b Fd(SSL)33 b
+Fj(\026)f(An)h(interface)h(to)e(the)h(SSL-sp)s(eci\034c)h(pa)m(rts)f
+(of)f(Op)s(enSSL)0 2673 y Fq(This)c(mo)r(dule)f(handles)h(things)f(sp)r
+(eci\034c)h(to)f(SSL.)h(There)f(are)f(t)n(w)n(o)h(ob)5
+b(jects)27 b(de\034ned:)38 b(Con)n(text,)27 b(Connection.)0
+2820 y Fl(SSLv2_METHOD)0 2920 y(SSLv3_METHOD)0 3019 y(SSLv23_METHOD)0
+3119 y(TLSv1_METHOD)208 3218 y Fq(These)g(constan)n(ts)f(represen)n(t)h
+(the)h(di\033eren)n(t)f(SSL)h(metho)r(ds)g(to)f(use)h(when)f(creating)g
+(a)g(con)n(text)g(ob)5 b(ject.)0 3365 y Fl(VERIFY_NONE)0
+3465 y(VERIFY_PEER)0 3565 y(VERIFY_FAIL_IF_N)o(O_)o(PEE)o(R_)o(CE)o(RT)
+208 3664 y Fq(These)27 b(constan)n(ts)f(represen)n(t)h(the)h(v)n
+(eri\034cation)e(mo)r(de)h(used)h(b)n(y)f(the)h(Con)n(text)f(ob)5
+b(ject's)27 b Fl(set_verify)d Fq(metho)r(d.)0 3811 y
+Fl(FILETYPE_PEM)0 3911 y(FILETYPE_ASN1)208 4010 y Fq(File)41
+b(t)n(yp)r(e)g(constan)n(ts)f(used)h(with)g(the)h Fl(use_certificate)o
+(_f)o(ile)34 b Fq(and)41 b Fl(use_privatekey_f)o(il)o(e)35
+b Fq(metho)r(ds)41 b(of)208 4110 y(Con)n(text)27 b(ob)5
+b(jects.)0 4257 y Fl(OP_SINGLE_DH_USE)0 4356 y(OP_EPHEMERAL_RSA)0
+4456 y(OP_NO_SSLv2)0 4556 y(OP_NO_SSLv3)0 4655 y(OP_NO_TLSv1)208
+4755 y Fq(Constan)n(ts)30 b(used)i(with)g Fl(set_options)26
+b Fq(of)32 b(Con)n(text)f(ob)5 b(jects.)48 b Fl(OP_SINGLE_DH_USE)25
+b Fq(means)31 b(to)g(alw)n(a)n(ys)f(create)g(a)208 4855
+y(new)19 b(k)n(ey)f(when)h(using)g(ephemeral)f(Di\036e-Hellman.)34
+b Fl(OP_EPHEMERAL_RSA)13 b Fq(means)18 b(to)h(alw)n(a)n(ys)e(use)i
+(ephemeral)g(RSA)208 4954 y(k)n(eys)f(when)h(doing)f(RSA)i(op)r
+(erations.)33 b Fl(OP_NO_SSLv2)p Fq(,)16 b Fl(OP_NO_SSLv3)f
+Fq(and)k Fl(OP_NO_TLSv1)14 b Fq(means)19 b(to)g(disable)f(those)208
+5054 y(sp)r(eci\034c)29 b(proto)r(cols.)39 b(This)29
+b(is)g(in)n(teresting)g(if)g(y)n(ou're)f(using)g(e.g.)41
+b Fl(SSLv23_METHOD)24 b Fq(to)29 b(get)g(an)f(SSLv2-compatible)208
+5154 y(handshak)n(e,)e(but)i(don't)g(w)n(an)n(t)f(to)g(use)h(SSLv2.)0
+5300 y Fl(ContextType)208 5400 y Fq(See)f Fl(Context)p
+Fq(.)p 0 5549 3901 4 v 0 5649 a Ff(10)2197 b(3)83 b Fl(OpenSSL)24
 b Ff(\026)k(Python)f(interface)h(to)f(Op)r(enSSL)p eop
 end
 %%Page: 11 11
-TeXDict begin 11 10 bop 0 83 a Ff(Context)27 b(objects)0
-283 y Fq(Con)n(text)g(ob)5 b(jects)27 b(ha)n(v)n(e)g(the)h(follo)n
-(wing)e(metho)r(ds:)0 430 y Fl(check_privatekey)o(\(\))208
-547 y Fq(Chec)n(k)k(if)i(the)g(priv)-5 b(ate)31 b(k)n(ey)f(\(loaded)h
-(with)h Fl(use_privatekey)p Fb([)p Fl(_)o(fi)o(le)11
+TeXDict begin 11 10 bop 0 83 a Fm(class)31 b Fl(Context\()p
+Fc(metho)l(d)9 b Fl(\))208 183 y Fq(A)27 b(class)g(represen)n(ting)f
+(SSL)i(con)n(texts.)36 b(Con)n(texts)27 b(de\034ne)h(the)g(parameters)d
+(of)j(one)f(or)g(more)f(SSL)i(connections.)208 315 y
+Fc(metho)l(d)36 b Fq(should)28 b(b)r(e)g Fl(SSLv2_METHOD)p
+Fq(,)22 b Fl(SSLv3_METHOD)p Fq(,)h Fl(SSLv23_METHOD)f
+Fq(or)27 b Fl(TLSv1_METHOD)p Fq(.)0 462 y Fl(ConnectionType)208
+562 y Fq(See)g Fl(Connection)p Fq(.)0 709 y Fm(class)k
+Fl(Connection\()p Fc(c)l(ontext,)25 b(so)l(cket)8 b Fl(\))208
+808 y Fq(A)27 b(class)g(represen)n(ting)f(SSL)i(connections.)208
+941 y Fc(c)l(ontext)44 b Fq(should)37 b(b)r(e)g(an)g(instance)g(of)44
+b Fl(Context)34 b Fq(and)j Fc(so)l(cket)46 b Fq(should)37
+b(b)r(e)g(a)g(so)r(c)n(k)n(et)2978 911 y Fk(3)3053 941
+y Fq(ob)5 b(ject.)66 b Fc(so)l(cket)45 b Fq(ma)n(y)37
+b(b)r(e)208 1041 y Fc(None)6 b Fq(;)27 b(in)h(this)g(case,)e(the)i
+(Connection)f(is)g(created)g(with)h(a)f(memory)g(BIO:)f(see)h(the)h
+Fl(bio_read)p Fq(,)c Fl(bio_write)p Fq(,)g(and)208 1141
+y Fl(bio_shutdown)e Fq(metho)r(ds.)0 1287 y Fm(exception)32
+b Fl(Error)208 1387 y Fq(This)i(exception)g(is)h(used)f(as)g(a)h(base)e
+(class)h(for)g(the)h(other)f(SSL-related)g(exceptions,)i(but)f(ma)n(y)f
+(also)f(b)r(e)i(raised)208 1487 y(directly)-7 b(.)208
+1620 y(Whenev)n(er)36 b(this)h(exception)g(is)g(raised)f(directly)-7
+b(,)40 b(it)d(has)g(a)f(list)i(of)f(error)e(messages)g(from)i(the)h(Op)
+r(enSSL)f(error)208 1719 y(queue,)k(where)d(eac)n(h)f(item)i(is)g(a)f
+(tuple)h Fl(\()p Fc(lib)5 b Fl(,)44 b Fc(function)6 b
+Fl(,)43 b Fc(r)l(e)l(ason)6 b Fl(\))p Fq(.)70 b(Here)38
+b Fc(lib)5 b Fq(,)43 b Fc(function)h Fq(and)39 b Fc(r)l(e)l(ason)45
+b Fq(are)37 b(all)208 1819 y(strings,)26 b(describing)h(where)g(and)g
+(what)h(the)g(problem)f(is.)36 b(See)28 b Fc(err)p Fq(\(3\))g(for)f
+(more)g(information.)0 1966 y Fm(exception)32 b Fl(ZeroReturnError)208
+2065 y Fq(This)g(exception)g(matc)n(hes)g(the)h(error)d(return)i(co)r
+(de)h Fl(SSL_ERROR_ZERO_)o(RE)o(TUR)o(N)p Fq(,)26 b(and)33
+b(is)f(raised)f(when)i(the)g(SSL)208 2165 y(Connection)c(has)g(b)r(een)
+h(closed.)43 b(In)29 b(SSL)h(3.0)f(and)h(TLS)g(1.0,)f(this)h(only)f(o)r
+(ccurs)g(if)h(a)g(closure)e(alert)h(has)g(o)r(ccurred)208
+2265 y(in)g(the)g(proto)r(col,)f(i.e.)41 b(the)29 b(connection)f(has)g
+(b)r(een)i(closed)e(cleanly)-7 b(.)40 b(Note)29 b(that)g(this)g(do)r
+(es)f(not)h(necessarily)e(mean)208 2364 y(that)g(the)h(transp)r(ort)f
+(la)n(y)n(er)f(\(e.g.)36 b(a)28 b(so)r(c)n(k)n(et\))e(has)h(b)r(een)h
+(closed.)208 2497 y(It)k(ma)n(y)f(seem)h(a)f(little)i(strange)e(that)h
+(this)g(is)g(an)g(exception,)g(but)h(it)f(do)r(es)g(matc)n(h)g(an)f
+Fl(SSL_ERROR)e Fq(co)r(de,)j(and)g(is)208 2597 y(v)n(ery)26
+b(con)n(v)n(enien)n(t.)0 2743 y Fm(exception)32 b Fl(WantReadError)208
+2843 y Fq(The)i(op)r(eration)e(did)j(not)f(complete;)j(the)d(same)g
+(I/O)f(metho)r(d)h(should)g(b)r(e)g(called)g(again)f(later,)i(with)f
+(the)h(same)208 2943 y(argumen)n(ts.)g(An)n(y)28 b(I/O)e(metho)r(d)i
+(can)f(lead)h(to)f(this)h(since)f(new)h(handshak)n(es)e(can)h(o)r(ccur)
+g(at)g(an)n(y)g(time.)208 3076 y(The)44 b(w)n(an)n(ted)h(read)f(is)g
+(for)h Fc(dirty)g Fq(data)g(sen)n(t)f(o)n(v)n(er)f(the)j(net)n(w)n
+(ork,)h(not)e(the)h Fc(cle)l(an)f Fq(data)f(inside)h(the)g(tunnel.)208
+3175 y(F)-7 b(or)39 b(a)i(so)r(c)n(k)n(et)e(based)h(SSL)h(connection,)i
+Fc(r)l(e)l(ad)e Fq(means)f(data)g(coming)g(at)g(us)h(o)n(v)n(er)e(the)i
+(net)n(w)n(ork.)74 b(Un)n(til)41 b(that)208 3275 y(read)d(succeeds,)k
+(the)d(attempted)h Fl(OpenSSL.SSL.Conn)o(ect)o(io)o(n.)o(rec)o(v)p
+Fq(,)c Fl(OpenSSL.SSL.Conn)o(ec)o(tio)o(n.)o(se)o(nd)p
+Fq(,)g(or)208 3374 y Fl(OpenSSL.SSL.Con)o(ne)o(ct)o(ion)o(.d)o(o_h)o
+(an)o(ds)o(hak)o(e)15 b Fq(is)22 b(prev)n(en)n(ted)e(or)h(incomplete.)
+35 b(Y)-7 b(ou)22 b(probably)e(w)n(an)n(t)h(to)g Fl(select\(\))208
+3474 y Fq(on)27 b(the)h(so)r(c)n(k)n(et)e(b)r(efore)h(trying)g(again.)0
+3621 y Fm(exception)32 b Fl(WantWriteError)208 3721 y
+Fq(See)27 b Fl(WantReadError)p Fq(.)32 b(The)27 b(so)r(c)n(k)n(et)g
+(send)g(bu\033er)h(ma)n(y)f(b)r(e)h(to)r(o)f(full)h(to)g(write)f(more)g
+(data.)0 3867 y Fm(exception)32 b Fl(WantX509LookupE)o(rr)o(or)208
+3967 y Fq(The)24 b(op)r(eration)g(did)h(not)g(complete)f(b)r(ecause)g
+(an)h(application)f(callbac)n(k)f(has)h(ask)n(ed)g(to)g(b)r(e)h(called)
+g(again.)34 b(The)25 b(I/O)208 4067 y(metho)r(d)f(should)h(b)r(e)f
+(called)g(again)g(later,)g(with)h(the)g(same)e(argumen)n(ts.)35
+b(Note:)g(This)24 b(w)n(on't)h(o)r(ccur)e(in)i(this)g(v)n(ersion,)208
+4166 y(as)h(there)i(are)e(no)i(suc)n(h)f(callbac)n(ks)f(in)i(this)f(v)n
+(ersion.)0 4313 y Fm(exception)32 b Fl(SysCallError)208
+4413 y Fq(The)25 b Fl(SysCallError)20 b Fq(o)r(ccurs)k(when)i(there's)e
+(an)h(I/O)g(error)e(and)i(Op)r(enSSL's)g(error)e(queue)i(do)r(es)g(not)
+g(con)n(tain)g(an)n(y)208 4512 y(information.)59 b(This)36
+b(can)f(mean)g(t)n(w)n(o)g(things:)52 b(An)36 b(error)d(in)j(the)g
+(transp)r(ort)e(proto)r(col,)i(or)f(an)g(end)h(of)f(\034le)h(that)208
+4612 y(violates)26 b(the)i(proto)r(col.)36 b(The)27 b(parameter)f(to)i
+(the)g(exception)f(is)g(alw)n(a)n(ys)f(a)h(pair)g Fl(\()p
+Fc(errnum)6 b Fl(,)42 b Fc(errstr)9 b Fl(\))p Fq(.)0
+4875 y Ff(Context)27 b(objects)0 5076 y Fq(Con)n(text)g(ob)5
+b(jects)27 b(ha)n(v)n(e)g(the)h(follo)n(wing)e(metho)r(ds:)p
+0 5145 1560 4 v 92 5198 a Fh(3)127 5222 y Fg(A)n(ctually)-6
+b(,)25 b(all)e(that)j(is)d(required)j(is)e(an)g(ob)t(ject)h(that)h
+Fa(b)l(ehaves)e Fg(lik)n(e)g(a)h(so)r(c)n(k)n(et,)g(y)n(ou)g(could)g
+(ev)n(en)g(use)f(\034les,)g(ev)n(en)i(though)f(it'd)f(b)r(e)h(tric)n
+(ky)g(to)0 5301 y(get)g(the)f(handshak)n(es)h(righ)n(t!)p
+0 5549 3901 4 v 0 5649 a Ff(3.3)82 b Fl(SSL)26 b Ff(\026)i(An)g
+(interface)g(to)f(the)g(SSL-sp)r(eci\034c)h(pa)n(rts)f(of)h(Op)r(enSSL)
+1611 b(11)p eop end
+%%Page: 12 12
+TeXDict begin 12 11 bop 0 83 a Fl(check_privatekey)o(\(\))208
+199 y Fq(Chec)n(k)30 b(if)i(the)g(priv)-5 b(ate)31 b(k)n(ey)f(\(loaded)
+h(with)h Fl(use_privatekey)p Fb([)p Fl(_)o(fi)o(le)11
 b Fb(])p Fq(\))26 b(matc)n(hes)k(the)i(certi\034cate)f(\(loaded)g(with)
-208 674 y Fl(use_certificate)o Fb([)p Fl(_)o(fil)o(e)11
+208 327 y Fl(use_certificate)o Fb([)p Fl(_)o(fil)o(e)11
 b Fb(])p Fq(\).)31 b(Returns)d Fl(None)e Fq(if)i(they)f(matc)n(h,)h
-(raises)e Fl(Error)g Fq(otherwise.)0 821 y Fl(get_app_data\(\))208
-921 y Fq(Retriev)n(e)g(application)h(data)g(as)g(set)h(b)n(y)g
-Fl(set_app_data)p Fq(.)0 1068 y Fl(get_cert_store\(\))208
-1167 y Fq(Retriev)n(e)34 b(the)i(certi\034cate)f(store)f(\(a)h
+(raises)e Fl(Error)g Fq(otherwise.)0 474 y Fl(get_app_data\(\))208
+573 y Fq(Retriev)n(e)g(application)h(data)g(as)g(set)h(b)n(y)g
+Fl(set_app_data)p Fq(.)0 720 y Fl(get_cert_store\(\))208
+820 y Fq(Retriev)n(e)34 b(the)i(certi\034cate)f(store)f(\(a)h
 (X509Store)f(ob)5 b(ject\))35 b(that)h(the)f(con)n(text)g(uses.)60
-b(This)35 b(can)g(b)r(e)h(used)f(to)g(add)208 1267 y("trusted")26
+b(This)35 b(can)g(b)r(e)h(used)f(to)g(add)208 920 y("trusted")26
 b(certi\034cates)h(without)h(using)f(the.)37 b Fl(load_verify_loca)o
-(tio)o(ns)o(\(\))21 b Fq(metho)r(d.)0 1414 y Fl(get_timeout\(\))208
-1513 y Fq(Retriev)n(e)26 b(session)h(timeout,)h(as)f(set)g(b)n(y)i
+(tio)o(ns)o(\(\))21 b Fq(metho)r(d.)0 1066 y Fl(get_timeout\(\))208
+1166 y Fq(Retriev)n(e)26 b(session)h(timeout,)h(as)f(set)g(b)n(y)i
 Fl(set_timeout)p Fq(.)j(The)c(default)g(is)f(300)f(seconds.)0
-1660 y Fl(get_verify_depth)o(\(\))208 1760 y Fq(Retriev)n(e)g(the)i
+1313 y Fl(get_verify_depth)o(\(\))208 1413 y Fq(Retriev)n(e)g(the)i
 (Con)n(text)f(ob)5 b(ject's)28 b(v)n(erify)e(depth,)j(as)d(set)i(b)n(y)
-g Fl(set_verify_depth)p Fq(.)0 1907 y Fl(get_verify_mode\()o(\))208
-2006 y Fq(Retriev)n(e)e(the)i(Con)n(text)f(ob)5 b(ject's)28
+g Fl(set_verify_depth)p Fq(.)0 1559 y Fl(get_verify_mode\()o(\))208
+1659 y Fq(Retriev)n(e)e(the)i(Con)n(text)f(ob)5 b(ject's)28
 b(v)n(erify)e(mo)r(de,)i(as)f(set)h(b)n(y)g Fl(set_verify)p
-Fq(.)0 2153 y Fl(load_client_ca\()p Fc(p)l(em\034le)6
-b Fl(\))208 2253 y Fq(Read)33 b(a)g(\034le)h(with)g(PEM-formatted)g
+Fq(.)0 1806 y Fl(load_client_ca\()p Fc(p)l(em\034le)6
+b Fl(\))208 1906 y Fq(Read)33 b(a)g(\034le)h(with)g(PEM-formatted)g
 (certi\034cates)f(that)h(will)g(b)r(e)g(sen)n(t)f(to)h(the)g(clien)n(t)
-f(when)h(requesting)f(a)g(clien)n(t)208 2353 y(certi\034cate.)0
-2499 y Fl(load_verify_loca)o(ti)o(ons)o(\()p Fc(p)l(em\034le,)24
-b(c)l(ap)l(ath)6 b Fl(\))208 2599 y Fq(Sp)r(ecify)24
-b(where)f(CA)g(certi\034cates)g(for)g(v)n(eri\034cation)f(purp)r(oses)h
-(are)f(lo)r(cated.)35 b(These)23 b(are)g(trusted)g(certi\034cates.)35
-b(Note)208 2699 y(that)c(the)g(certi\034cates)f(ha)n(v)n(e)f(to)i(b)r
-(e)g(in)g(PEM)h(format.)46 b(If)31 b(capath)f(is)h(passed,)f(it)i(m)n
-(ust)e(b)r(e)i(a)e(directory)f(prepared)208 2798 y(using)i(the)h
-Fl(c_rehash)c Fq(to)r(ol)j(included)h(with)g(Op)r(enSSL.)g(Either,)h
-(but)f(not)g(b)r(oth,)h(of)38 b Fc(p)l(em\034le)g Fq(or)31
-b Fc(c)l(ap)l(ath)39 b Fq(ma)n(y)31 b(b)r(e)208 2898
-y Fl(None)p Fq(.)0 3045 y Fl(set_default_veri)o(fy)o(_pa)o(th)o(s\()o
-(\))208 3144 y Fq(Sp)r(ecify)20 b(that)h(the)g(platform)f(pro)n(vided)f
-(CA)h(certi\034cates)g(are)f(to)h(b)r(e)h(used)f(for)g(v)n
-(eri\034cation)f(purp)r(oses.)33 b(This)21 b(metho)r(d)208
-3244 y(ma)n(y)26 b(not)i(w)n(ork)e(prop)r(erly)h(on)g(OS)g(X.)0
-3391 y Fl(load_tmp_dh\()p Fc(dh\034le)6 b Fl(\))208 3491
-y Fq(Load)26 b(parameters)g(for)h(Ephemeral)g(Di\036e-Hellman)h(from)g
-Fc(dh\034le)6 b Fq(.)0 3637 y Fl(set_app_data\()p Fc(data)g
-Fl(\))208 3737 y Fq(Asso)r(ciate)25 b Fc(data)33 b Fq(with)27
+f(when)h(requesting)f(a)g(clien)n(t)208 2005 y(certi\034cate.)0
+2152 y Fl(set_client_ca_li)o(st)o(\()p Fc(c)l(erti\034c)l(ate_au)o
+(thorities)7 b Fl(\))208 2252 y Fq(Replace)23 b(the)h(curren)n(t)g
+(list)g(of)g(preferred)f(certi\034cate)g(signers)g(that)h(w)n(ould)f(b)
+r(e)i(sen)n(t)f(to)g(the)g(clien)n(t)g(when)g(requesting)208
+2351 y(a)j(clien)n(t)g(certi\034cate)g(with)h(the)g Fc(c)l(erti\034c)l
+(ate_authorities)35 b Fq(sequence)27 b(of)34 b Fl(OpenSSL.crypto.X5)o
+(09)o(Na)o(me)p Fq(s)o(.)208 2484 y(New)27 b(in)h(v)n(ersion)e(0.10.)0
+2631 y Fl(add_client_ca\()p Fc(c)l(erti\034c)l(ate_aut)o(hority)7
+b Fl(\))208 2731 y Fq(Extract)22 b(a)g Fl(OpenSSL.crypto.X)o(50)o(9Na)o
+(me)16 b Fq(from)22 b(the)h Fc(c)l(erti\034c)l(ate_authority)30
+b Fl(OpenSSL.crypto.X)o(509)16 b Fq(certi\034cate)208
+2830 y(and)k(add)g(it)h(to)f(the)h(list)f(of)h(preferred)e
+(certi\034cate)h(signers)f(sen)n(t)h(to)g(the)h(clien)n(t)f(when)h
+(requesting)e(a)h(clien)n(t)h(certi\034cate.)208 2963
+y(New)27 b(in)h(v)n(ersion)e(0.10.)0 3110 y Fl(load_verify_loca)o(ti)o
+(ons)o(\()p Fc(p)l(em\034le,)e(c)l(ap)l(ath)6 b Fl(\))208
+3210 y Fq(Sp)r(ecify)24 b(where)f(CA)g(certi\034cates)g(for)g(v)n
+(eri\034cation)f(purp)r(oses)h(are)f(lo)r(cated.)35 b(These)23
+b(are)g(trusted)g(certi\034cates.)35 b(Note)208 3309
+y(that)c(the)g(certi\034cates)f(ha)n(v)n(e)f(to)i(b)r(e)g(in)g(PEM)h
+(format.)46 b(If)31 b(capath)f(is)h(passed,)f(it)i(m)n(ust)e(b)r(e)i(a)
+e(directory)f(prepared)208 3409 y(using)i(the)h Fl(c_rehash)c
+Fq(to)r(ol)j(included)h(with)g(Op)r(enSSL.)g(Either,)h(but)f(not)g(b)r
+(oth,)h(of)38 b Fc(p)l(em\034le)g Fq(or)31 b Fc(c)l(ap)l(ath)39
+b Fq(ma)n(y)31 b(b)r(e)208 3509 y Fl(None)p Fq(.)0 3655
+y Fl(set_default_veri)o(fy)o(_pa)o(th)o(s\()o(\))208
+3755 y Fq(Sp)r(ecify)20 b(that)h(the)g(platform)f(pro)n(vided)f(CA)h
+(certi\034cates)g(are)f(to)h(b)r(e)h(used)f(for)g(v)n(eri\034cation)f
+(purp)r(oses.)33 b(This)21 b(metho)r(d)208 3855 y(ma)n(y)26
+b(not)i(w)n(ork)e(prop)r(erly)h(on)g(OS)g(X.)0 4002 y
+Fl(load_tmp_dh\()p Fc(dh\034le)6 b Fl(\))208 4101 y Fq(Load)26
+b(parameters)g(for)h(Ephemeral)g(Di\036e-Hellman)h(from)g
+Fc(dh\034le)6 b Fq(.)0 4248 y Fl(set_app_data\()p Fc(data)g
+Fl(\))208 4348 y Fq(Asso)r(ciate)25 b Fc(data)33 b Fq(with)27
 b(this)f(Con)n(text)f(ob)5 b(ject.)36 b Fc(data)e Fq(can)25
 b(b)r(e)i(retriev)n(ed)d(later)i(using)f(the)i Fl(get_app_data)21
-b Fq(metho)r(d.)0 3884 y Fl(set_cipher_list\()o Fc(ciphers)7
-b Fl(\))208 3984 y Fq(Set)28 b(the)g(list)h(of)f(ciphers)f(to)h(b)r(e)g
+b Fq(metho)r(d.)0 4495 y Fl(set_cipher_list\()o Fc(ciphers)7
+b Fl(\))208 4594 y Fq(Set)28 b(the)g(list)h(of)f(ciphers)f(to)h(b)r(e)g
 (used)g(in)g(this)h(con)n(text.)37 b(See)28 b(the)h(Op)r(enSSL)f(man)n
-(ual)f(for)h(more)f(information)g(\(e.g.)208 4083 y(ciphers\(1\)\))0
-4230 y Fl(set_info_callbac)o(k\()o Fc(c)l(al)t(lb)l(ack)9
-b Fl(\))208 4330 y Fq(Set)33 b(the)f(information)g(callbac)n(k)f(to)i
+(ual)f(for)h(more)f(information)g(\(e.g.)208 4694 y(ciphers\(1\)\))0
+4841 y Fl(set_info_callbac)o(k\()o Fc(c)l(al)t(lb)l(ack)9
+b Fl(\))208 4940 y Fq(Set)33 b(the)f(information)g(callbac)n(k)f(to)i
 Fc(c)l(al)t(lb)l(ack)9 b Fq(.)54 b(This)32 b(function)h(will)g(b)r(e)g
 (called)f(from)g(time)h(to)g(time)g(during)f(SSL)208
-4429 y(handshak)n(es.)49 b Fc(c)l(al)t(lb)l(ack)43 b
+5040 y(handshak)n(es.)49 b Fc(c)l(al)t(lb)l(ack)43 b
 Fq(should)32 b(tak)n(e)g(three)g(argumen)n(ts:)45 b(a)32
 b(Connection)g(ob)5 b(ject)32 b(and)g(t)n(w)n(o)g(in)n(tegers.)50
-b(The)32 b(\034rst)208 4529 y(in)n(teger)f(sp)r(eci\034es)g(where)h(in)
+b(The)32 b(\034rst)208 5140 y(in)n(teger)f(sp)r(eci\034es)g(where)h(in)
 g(the)g(SSL)g(handshak)n(e)f(the)h(function)h(w)n(as)e(called,)h(and)g
-(the)g(other)g(the)g(return)f(co)r(de)208 4629 y(from)c(a)g(\(p)r
+(the)g(other)g(the)g(return)f(co)r(de)208 5239 y(from)c(a)g(\(p)r
 (ossibly)g(failed\))h(in)n(ternal)f(function)h(call.)0
-4775 y Fl(set_options\()p Fc(options)7 b Fl(\))208 4875
-y Fq(A)n(dd)28 b(SSL)h(options.)38 b(Options)28 b(y)n(ou)f(ha)n(v)n(e)g
-(set)i(b)r(efore)f(are)f(not)h(cleared!)38 b(This)28
-b(metho)r(d)h(should)f(b)r(e)h(used)f(with)h(the)208
-4975 y Fl(OP_*)d Fq(constan)n(ts.)0 5122 y Fl(set_passwd_cb\()p
+5386 y Fl(set_options\()p Fc(options)7 b Fl(\))p 0 5549
+3901 4 v 0 5649 a Ff(12)2197 b(3)83 b Fl(OpenSSL)24 b
+Ff(\026)k(Python)f(interface)h(to)f(Op)r(enSSL)p eop
+end
+%%Page: 13 13
+TeXDict begin 13 12 bop 208 83 a Fq(A)n(dd)28 b(SSL)h(options.)38
+b(Options)28 b(y)n(ou)f(ha)n(v)n(e)g(set)i(b)r(efore)f(are)f(not)h
+(cleared!)38 b(This)28 b(metho)r(d)h(should)f(b)r(e)h(used)f(with)h
+(the)208 183 y Fl(OP_*)d Fq(constan)n(ts.)0 330 y Fl(set_passwd_cb\()p
 Fc(c)l(al)t(lb)l(ack)9 b Fb([)p Fc(,)25 b(user)l(data)19
-b Fb(])p Fl(\))208 5221 y Fq(Set)42 b(the)g(passphrase)f(callbac)n(k)f
+b Fb(])p Fl(\))208 429 y Fq(Set)42 b(the)g(passphrase)f(callbac)n(k)f
 (to)i Fc(c)l(al)t(lb)l(ack)9 b Fq(.)82 b(This)42 b(function)h(will)f(b)
 r(e)g(called)g(when)g(a)g(priv)-5 b(ate)42 b(k)n(ey)f(with)h(a)208
-5321 y(passphrase)32 b(is)i(loaded.)56 b Fc(c)l(al)t(lb)l(ack)45
+529 y(passphrase)32 b(is)i(loaded.)56 b Fc(c)l(al)t(lb)l(ack)45
 b Fq(m)n(ust)34 b(accept)g(three)g(p)r(ositional)f(argumen)n(ts.)56
-b(First,)35 b(an)f(in)n(teger)f(giving)h(the)p 0 5549
-3901 4 v 0 5649 a Ff(3.3)82 b Fl(SSL)26 b Ff(\026)i(An)g(interface)g
-(to)f(the)g(SSL-sp)r(eci\034c)h(pa)n(rts)f(of)h(Op)r(enSSL)1611
-b(11)p eop end
-%%Page: 12 12
-TeXDict begin 12 11 bop 208 83 a Fq(maxim)n(um)32 b(length)i(of)f(the)g
-(passphrase)f(it)h(ma)n(y)g(return.)53 b(If)33 b(the)h(returned)e
-(passphrase)g(is)h(longer)f(than)h(this,)i(it)208 183
-y(will)29 b(b)r(e)h(truncated.)43 b(Second,)30 b(a)f(b)r(o)r(olean)g(v)
--5 b(alue)29 b(whic)n(h)h(will)g(b)r(e)g(true)f(if)h(the)g(user)f
-(should)g(b)r(e)h(prompted)g(for)f(the)208 282 y(passphrase)k(t)n(wice)
-h(and)h(the)g(callbac)n(k)f(should)g(v)n(erify)h(that)g(the)g(t)n(w)n
-(o)f(v)-5 b(alues)35 b(supplied)g(are)f(equal.)58 b(Third,)37
-b(the)208 382 y(v)-5 b(alue)27 b(giv)n(en)g(as)g(the)h
-Fc(user)l(data)35 b Fq(parameter)26 b(to)h Fl(set_passwd_cb)p
-Fq(.)32 b(If)c(an)g(error)d(o)r(ccurs,)i Fc(c)l(al)t(lb)l(ack)39
-b Fq(should)27 b(return)g(a)208 482 y(false)g(v)-5 b(alue)27
-b(\(e.g.)37 b(an)27 b(empt)n(y)h(string\).)0 628 y Fl(set_session_id\()
-p Fc(n)o(ame)6 b Fl(\))208 728 y Fq(Set)33 b(the)h(con)n(text)f
-Fc(name)39 b Fq(within)34 b(whic)n(h)f(a)g(session)f(can)h(b)r(e)h
-(reused)e(for)h(this)g(Con)n(text)g(ob)5 b(ject.)54 b(This)33
-b(is)g(needed)208 828 y(when)e(doing)g(session)g(resumption,)h(b)r
-(ecause)g(there)f(is)h(no)f(w)n(a)n(y)g(for)g(a)g(stored)g(session)f
-(to)i(kno)n(w)f(whic)n(h)g(Con)n(text)208 927 y(ob)5
-b(ject)27 b(it)h(is)f(asso)r(ciated)g(with.)37 b Fc(name)d
-Fq(ma)n(y)27 b(b)r(e)h(an)n(y)e(binary)h(data.)0 1074
-y Fl(set_timeout\()p Fc(time)l(out)8 b Fl(\))208 1174
-y Fq(Set)29 b(the)g(timeout)h(for)e(newly)h(created)f(sessions)g(for)h
-(this)g(Con)n(text)g(ob)5 b(ject)28 b(to)h Fc(time)l(out)8
+b(First,)35 b(an)f(in)n(teger)f(giving)h(the)208 628
+y(maxim)n(um)e(length)i(of)f(the)g(passphrase)f(it)h(ma)n(y)g(return.)
+53 b(If)33 b(the)h(returned)e(passphrase)g(is)h(longer)f(than)h(this,)i
+(it)208 728 y(will)29 b(b)r(e)h(truncated.)43 b(Second,)30
+b(a)f(b)r(o)r(olean)g(v)-5 b(alue)29 b(whic)n(h)h(will)g(b)r(e)g(true)f
+(if)h(the)g(user)f(should)g(b)r(e)h(prompted)g(for)f(the)208
+828 y(passphrase)k(t)n(wice)h(and)h(the)g(callbac)n(k)f(should)g(v)n
+(erify)h(that)g(the)g(t)n(w)n(o)f(v)-5 b(alues)35 b(supplied)g(are)f
+(equal.)58 b(Third,)37 b(the)208 927 y(v)-5 b(alue)27
+b(giv)n(en)g(as)g(the)h Fc(user)l(data)35 b Fq(parameter)26
+b(to)h Fl(set_passwd_cb)p Fq(.)32 b(If)c(an)g(error)d(o)r(ccurs,)i
+Fc(c)l(al)t(lb)l(ack)39 b Fq(should)27 b(return)g(a)208
+1027 y(false)g(v)-5 b(alue)27 b(\(e.g.)37 b(an)27 b(empt)n(y)h
+(string\).)0 1174 y Fl(set_session_id\()p Fc(n)o(ame)6
+b Fl(\))208 1273 y Fq(Set)33 b(the)h(con)n(text)f Fc(name)39
+b Fq(within)34 b(whic)n(h)f(a)g(session)f(can)h(b)r(e)h(reused)e(for)h
+(this)g(Con)n(text)g(ob)5 b(ject.)54 b(This)33 b(is)g(needed)208
+1373 y(when)e(doing)g(session)g(resumption,)h(b)r(ecause)g(there)f(is)h
+(no)f(w)n(a)n(y)g(for)g(a)g(stored)g(session)f(to)i(kno)n(w)f(whic)n(h)
+g(Con)n(text)208 1473 y(ob)5 b(ject)27 b(it)h(is)f(asso)r(ciated)g
+(with.)37 b Fc(name)d Fq(ma)n(y)27 b(b)r(e)h(an)n(y)e(binary)h(data.)0
+1620 y Fl(set_timeout\()p Fc(time)l(out)8 b Fl(\))208
+1719 y Fq(Set)29 b(the)g(timeout)h(for)e(newly)h(created)f(sessions)g
+(for)h(this)g(Con)n(text)g(ob)5 b(ject)28 b(to)h Fc(time)l(out)8
 b Fq(.)41 b Fc(time)l(out)36 b Fq(m)n(ust)29 b(b)r(e)h(giv)n(en)208
-1273 y(in)f(\(whole\))f(seconds.)40 b(The)29 b(default)g(v)-5
+1819 y(in)f(\(whole\))f(seconds.)40 b(The)29 b(default)g(v)-5
 b(alue)28 b(is)h(300)e(seconds.)40 b(See)29 b(the)g(Op)r(enSSL)g(man)n
-(ual)f(for)g(more)g(information)208 1373 y(\(e.g.)36
-b(SSL_CTX_set_timeout\(3\)\).)0 1520 y Fl(set_verify\()p
-Fc(mo)l(de,)26 b(c)l(al)t(lb)l(ack)9 b Fl(\))208 1620
+(ual)f(for)g(more)g(information)208 1918 y(\(e.g.)36
+b(SSL_CTX_set_timeout\(3\)\).)0 2065 y Fl(set_verify\()p
+Fc(mo)l(de,)26 b(c)l(al)t(lb)l(ack)9 b Fl(\))208 2165
 y Fq(Set)36 b(the)h(v)n(eri\034cation)e(\035ags)g(for)h(this)h(Con)n
 (text)f(ob)5 b(ject)36 b(to)g Fc(mo)l(de)44 b Fq(and)36
 b(sp)r(ecify)g(that)h Fc(c)l(al)t(lb)l(ack)47 b Fq(should)36
-b(b)r(e)h(used)208 1719 y(for)30 b(v)n(eri\034cation)g(callbac)n(ks.)45
+b(b)r(e)h(used)208 2265 y(for)30 b(v)n(eri\034cation)g(callbac)n(ks.)45
 b Fc(mo)l(de)38 b Fq(should)31 b(b)r(e)h(one)e(of)38
 b Fl(VERIFY_NONE)26 b Fq(and)31 b Fl(VERIFY_PEER)p Fq(.)c(If)38
-b Fl(VERIFY_PEER)26 b Fq(is)208 1819 y(used,)j Fc(mo)l(de)36
+b Fl(VERIFY_PEER)26 b Fq(is)208 2364 y(used,)j Fc(mo)l(de)36
 b Fq(can)29 b(b)r(e)g(OR:ed)g(with)g Fl(VERIFY_FAIL_IF_NO)o(_P)o(EE)o
 (R_C)o(ER)o(T)23 b Fq(and)29 b Fl(VERIFY_CLIENT_O)o(NCE)22
-b Fq(to)29 b(further)208 1918 y(con)n(trol)23 b(the)j(b)r(eha)n(viour.)
+b Fq(to)29 b(further)208 2464 y(con)n(trol)23 b(the)j(b)r(eha)n(viour.)
 34 b Fc(c)l(al)t(lb)l(ack)i Fq(should)25 b(tak)n(e)f(\034v)n(e)h
 (argumen)n(ts:)34 b(A)25 b(Connection)g(ob)5 b(ject,)25
-b(an)g(X509)f(ob)5 b(ject,)25 b(and)208 2018 y(three)e(in)n(teger)g(v)
+b(an)g(X509)f(ob)5 b(ject,)25 b(and)208 2563 y(three)e(in)n(teger)g(v)
 -5 b(ariables,)23 b(whic)n(h)h(are)f(in)h(turn)g(p)r(oten)n(tial)g
 (error)d(n)n(um)n(b)r(er,)k(error)c(depth)k(and)f(return)f(co)r(de.)35
-b Fc(c)l(al)t(lb)l(ack)208 2118 y Fq(should)27 b(return)g(true)g(if)h
+b Fc(c)l(al)t(lb)l(ack)208 2663 y Fq(should)27 b(return)g(true)g(if)h
 (v)n(eri\034cation)f(passes)f(and)h(false)h(otherwise.)0
-2265 y Fl(set_verify_depth)o(\()p Fc(depth)6 b Fl(\))208
-2364 y Fq(Set)36 b(the)g(maxim)n(um)f(depth)h(for)g(the)g
+2810 y Fl(set_verify_depth)o(\()p Fc(depth)6 b Fl(\))208
+2910 y Fq(Set)36 b(the)g(maxim)n(um)f(depth)h(for)g(the)g
 (certi\034cate)f(c)n(hain)g(v)n(eri\034cation)f(that)i(shall)f(b)r(e)h
-(allo)n(w)n(ed)e(for)i(this)f(Con)n(text)208 2464 y(ob)5
-b(ject.)0 2611 y Fl(use_certificate\()o Fc(c)l(ert)j
-Fl(\))208 2710 y Fq(Use)27 b(the)h(certi\034cate)f Fc(c)l(ert)35
+(allo)n(w)n(ed)e(for)i(this)f(Con)n(text)208 3009 y(ob)5
+b(ject.)0 3156 y Fl(use_certificate\()o Fc(c)l(ert)j
+Fl(\))208 3256 y Fq(Use)27 b(the)h(certi\034cate)f Fc(c)l(ert)35
 b Fq(whic)n(h)28 b(has)f(to)g(b)r(e)h(a)f(X509)g(ob)5
-b(ject.)0 2857 y Fl(add_extra_chain_)o(ce)o(rt\()o Fc(c)l(ert)j
-Fl(\))208 2957 y Fq(A)n(dds)32 b(the)h(certi\034cate)f
+b(ject.)0 3403 y Fl(add_extra_chain_)o(ce)o(rt\()o Fc(c)l(ert)j
+Fl(\))208 3502 y Fq(A)n(dds)32 b(the)h(certi\034cate)f
 Fc(c)l(ert)8 b Fq(,)34 b(whic)n(h)f(has)f(to)g(b)r(e)i(a)e(X509)f(ob)5
 b(ject,)34 b(to)f(the)g(certi\034cate)f(c)n(hain)g(presen)n(ted)g
-(together)208 3056 y(with)c(the)g(certi\034cate.)0 3203
+(together)208 3602 y(with)c(the)g(certi\034cate.)0 3749
 y Fl(use_certificate_)o(ch)o(ain)o(_f)o(il)o(e\()p Fc(\034)o(le)6
-b Fl(\))208 3303 y Fq(Load)26 b(a)h(certi\034cate)g(c)n(hain)g(from)h
+b Fl(\))208 3848 y Fq(Load)26 b(a)h(certi\034cate)g(c)n(hain)g(from)h
 Fc(\034le)34 b Fq(whic)n(h)27 b(m)n(ust)h(b)r(e)g(PEM)g(enco)r(ded.)0
-3450 y Fl(use_privatekey\()p Fc(pkey)7 b Fl(\))208 3549
+3995 y Fl(use_privatekey\()p Fc(pkey)7 b Fl(\))208 4095
 y Fq(Use)27 b(the)h(priv)-5 b(ate)27 b(k)n(ey)h Fc(pkey)36
 b Fq(whic)n(h)28 b(has)f(to)g(b)r(e)h(a)f(PKey)h(ob)5
-b(ject.)0 3711 y Fl(use_certificate_)o(fi)o(le\()o Fc(\034le)h
-Fb([)p Fc(,)24 b(format)d Fb(])p Fl(\))208 3810 y Fq(Load)i(the)h
+b(ject.)0 4256 y Fl(use_certificate_)o(fi)o(le\()o Fc(\034le)h
+Fb([)p Fc(,)24 b(format)d Fb(])p Fl(\))208 4356 y Fq(Load)i(the)h
 (\034rst)g(certi\034cate)f(found)h(in)h Fc(\034le)6 b
 Fq(.)36 b(The)24 b(certi\034cate)f(m)n(ust)h(b)r(e)h(in)f(the)g(format)
 g(sp)r(eci\034ed)g(b)n(y)h Fc(format)8 b Fq(,)25 b(whic)n(h)208
-3910 y(is)i(either)g Fl(FILETYPE_PEM)c Fq(or)k Fl(FILETYPE_ASN1)p
+4455 y(is)i(either)g Fl(FILETYPE_PEM)c Fq(or)k Fl(FILETYPE_ASN1)p
 Fq(.)k(The)d(default)g(is)f Fl(FILETYPE_PEM)p Fq(.)0
-4057 y Fl(use_privatekey_f)o(il)o(e\()p Fc(\034)o(le)6
-b Fb([)p Fc(,)25 b(format)20 b Fb(])p Fl(\))208 4156
+4602 y Fl(use_privatekey_f)o(il)o(e\()p Fc(\034)o(le)6
+b Fb([)p Fc(,)25 b(format)20 b Fb(])p Fl(\))208 4702
 y Fq(Load)31 b(the)h(\034rst)g(priv)-5 b(ate)31 b(k)n(ey)g(found)i(in)f
 Fc(\034le)6 b Fq(.)50 b(The)32 b(priv)-5 b(ate)32 b(k)n(ey)f(m)n(ust)h
 (b)r(e)g(in)h(the)f(format)f(sp)r(eci\034ed)i(b)n(y)f
-Fc(format)8 b Fq(,)208 4256 y(whic)n(h)27 b(is)g(either)h
+Fc(format)8 b Fq(,)208 4801 y(whic)n(h)27 b(is)g(either)h
 Fl(FILETYPE_PEM)22 b Fq(or)27 b Fl(FILETYPE_ASN1)p Fq(.)32
-b(The)27 b(default)h(is)g Fl(FILETYPE_PEM)p Fq(.)0 4519
-y Ff(Connection)e(objects)0 4720 y Fq(Connection)h(ob)5
-b(jects)27 b(ha)n(v)n(e)f(the)i(follo)n(wing)f(metho)r(ds:)0
-4866 y Fl(accept\(\))208 4966 y Fq(Call)33 b(the)g Fl(accept)e
-Fq(metho)r(d)j(of)f(the)h(underlying)f(so)r(c)n(k)n(et)f(and)h(set)h
-(up)g(SSL)f(on)g(the)h(returned)f(so)r(c)n(k)n(et,)h(using)f(the)208
-5066 y(Con)n(text)22 b(ob)5 b(ject)22 b(supplied)h(to)f(this)h
-(Connection)f(ob)5 b(ject)22 b(at)h(creation.)34 b(Returns)22
-b(a)g(pair)g Fl(\()p Fc(c)l(onn)6 b Fl(,)43 b Fc(addr)l(ess)7
-b Fl(\))p Fq(.)36 b(where)208 5165 y Fc(c)l(onn)d Fq(is)28
-b(the)g(new)f(Connection)g(ob)5 b(ject)28 b(created,)e(and)i
-Fc(addr)l(ess)35 b Fq(is)28 b(as)f(returned)g(b)n(y)g(the)h(so)r(c)n(k)
-n(et's)e Fl(accept)p Fq(.)0 5312 y Fl(bind\()p Fc(addr)l(ess)7
-b Fl(\))p 0 5549 3901 4 v 0 5649 a Ff(12)2197 b(3)83
-b Fl(OpenSSL)24 b Ff(\026)k(Python)f(interface)h(to)f(Op)r(enSSL)p
-eop end
-%%Page: 13 13
-TeXDict begin 13 12 bop 208 83 a Fq(Call)27 b(the)h Fl(bind)e
-Fq(metho)r(d)i(of)f(the)h(underlying)f(so)r(c)n(k)n(et.)0
-230 y Fl(close\(\))208 330 y Fq(Call)i(the)h Fl(close)e
-Fq(metho)r(d)i(of)g(the)g(underlying)f(so)r(c)n(k)n(et.)43
-b(Note:)e(If)31 b(y)n(ou)e(w)n(an)n(t)g(correct)f(SSL)i(closure,)f(y)n
-(ou)g(need)h(to)208 429 y(call)d(the)h Fl(shutdown)c
-Fq(metho)r(d)k(\034rst.)0 576 y Fl(connect\()p Fc(addr)l(ess)7
-b Fl(\))208 676 y Fq(Call)31 b(the)h Fl(connect)e Fq(metho)r(d)i(of)g
-(the)g(underlying)g(so)r(c)n(k)n(et)e(and)i(set)g(up)g(SSL)h(on)e(the)i
-(so)r(c)n(k)n(et,)f(using)f(the)h(Con)n(text)208 775
-y(ob)5 b(ject)27 b(supplied)h(to)f(this)h(Connection)f(ob)5
-b(ject)27 b(at)h(creation.)0 922 y Fl(connect_ex\()p
-Fc(addr)l(ess)7 b Fl(\))208 1022 y Fq(Call)24 b(the)g
-Fl(connect_ex)c Fq(metho)r(d)25 b(of)f(the)h(underlying)f(so)r(c)n(k)n
-(et)f(and)h(set)g(up)h(SSL)f(on)g(the)h(so)r(c)n(k)n(et,)f(using)g(the)
-g(Con)n(text)208 1121 y(ob)5 b(ject)35 b(supplied)g(to)h(this)f
-(Connection)g(ob)5 b(ject)36 b(at)f(creation.)59 b(Note)36
-b(that)f(if)h(the)g Fl(connect_ex)31 b Fq(metho)r(d)36
-b(of)g(the)208 1221 y(so)r(c)n(k)n(et)26 b(do)r(esn't)i(return)f(0,)g
-(SSL)h(w)n(on't)f(b)r(e)h(initialized.)0 1368 y Fl(do_handshake\(\))208
-1468 y Fq(P)n(erform)49 b(an)h(SSL)g(handshak)n(e)f(\(usually)h(called)
-g(after)f Fl(renegotiate)d Fq(or)j(one)h(of)57 b Fl(set_accept_stat)o
-(e)44 b Fq(or)208 1567 y Fl(set_accept_stat)o(e)p Fq(\).)31
+b(The)27 b(default)h(is)g Fl(FILETYPE_PEM)p Fq(.)0 5064
+y Ff(Connection)e(objects)0 5265 y Fq(Connection)h(ob)5
+b(jects)27 b(ha)n(v)n(e)f(the)i(follo)n(wing)f(metho)r(ds:)p
+0 5549 3901 4 v 0 5649 a Ff(3.3)82 b Fl(SSL)26 b Ff(\026)i(An)g
+(interface)g(to)f(the)g(SSL-sp)r(eci\034c)h(pa)n(rts)f(of)h(Op)r(enSSL)
+1611 b(13)p eop end
+%%Page: 14 14
+TeXDict begin 14 13 bop 0 83 a Fl(accept\(\))208 183
+y Fq(Call)33 b(the)g Fl(accept)e Fq(metho)r(d)j(of)f(the)h(underlying)f
+(so)r(c)n(k)n(et)f(and)h(set)h(up)g(SSL)f(on)g(the)h(returned)f(so)r(c)
+n(k)n(et,)h(using)f(the)208 282 y(Con)n(text)22 b(ob)5
+b(ject)22 b(supplied)h(to)f(this)h(Connection)f(ob)5
+b(ject)22 b(at)h(creation.)34 b(Returns)22 b(a)g(pair)g
+Fl(\()p Fc(c)l(onn)6 b Fl(,)43 b Fc(addr)l(ess)7 b Fl(\))p
+Fq(.)36 b(where)208 382 y Fc(c)l(onn)d Fq(is)28 b(the)g(new)f
+(Connection)g(ob)5 b(ject)28 b(created,)e(and)i Fc(addr)l(ess)35
+b Fq(is)28 b(as)f(returned)g(b)n(y)g(the)h(so)r(c)n(k)n(et's)e
+Fl(accept)p Fq(.)0 529 y Fl(bind\()p Fc(addr)l(ess)7
+b Fl(\))208 628 y Fq(Call)27 b(the)h Fl(bind)e Fq(metho)r(d)i(of)f(the)
+h(underlying)f(so)r(c)n(k)n(et.)0 775 y Fl(close\(\))208
+875 y Fq(Call)i(the)h Fl(close)e Fq(metho)r(d)i(of)g(the)g(underlying)f
+(so)r(c)n(k)n(et.)43 b(Note:)e(If)31 b(y)n(ou)e(w)n(an)n(t)g(correct)f
+(SSL)i(closure,)f(y)n(ou)g(need)h(to)208 975 y(call)d(the)h
+Fl(shutdown)c Fq(metho)r(d)k(\034rst.)0 1121 y Fl(connect\()p
+Fc(addr)l(ess)7 b Fl(\))208 1221 y Fq(Call)31 b(the)h
+Fl(connect)e Fq(metho)r(d)i(of)g(the)g(underlying)g(so)r(c)n(k)n(et)e
+(and)i(set)g(up)g(SSL)h(on)e(the)i(so)r(c)n(k)n(et,)f(using)f(the)h
+(Con)n(text)208 1321 y(ob)5 b(ject)27 b(supplied)h(to)f(this)h
+(Connection)f(ob)5 b(ject)27 b(at)h(creation.)0 1468
+y Fl(connect_ex\()p Fc(addr)l(ess)7 b Fl(\))208 1567
+y Fq(Call)24 b(the)g Fl(connect_ex)c Fq(metho)r(d)25
+b(of)f(the)h(underlying)f(so)r(c)n(k)n(et)f(and)h(set)g(up)h(SSL)f(on)g
+(the)h(so)r(c)n(k)n(et,)f(using)g(the)g(Con)n(text)208
+1667 y(ob)5 b(ject)35 b(supplied)g(to)h(this)f(Connection)g(ob)5
+b(ject)36 b(at)f(creation.)59 b(Note)36 b(that)f(if)h(the)g
+Fl(connect_ex)31 b Fq(metho)r(d)36 b(of)g(the)208 1766
+y(so)r(c)n(k)n(et)26 b(do)r(esn't)i(return)f(0,)g(SSL)h(w)n(on't)f(b)r
+(e)h(initialized.)0 1913 y Fl(do_handshake\(\))208 2013
+y Fq(P)n(erform)49 b(an)h(SSL)g(handshak)n(e)f(\(usually)h(called)g
+(after)f Fl(renegotiate)d Fq(or)j(one)h(of)57 b Fl(set_accept_stat)o(e)
+44 b Fq(or)208 2113 y Fl(set_accept_stat)o(e)p Fq(\).)31
 b(This)d(can)f(raise)f(the)i(same)f(exceptions)g(as)g
-Fl(send)f Fq(and)h Fl(recv)p Fq(.)0 1714 y Fl(fileno\(\))208
-1814 y Fq(Retriev)n(e)f(the)i(\034le)g(descriptor)e(n)n(um)n(b)r(er)i
-(for)f(the)h(underlying)e(so)r(c)n(k)n(et.)0 1961 y Fl(listen\()p
-Fc(b)l(acklo)l(g)7 b Fl(\))208 2060 y Fq(Call)27 b(the)h
+Fl(send)f Fq(and)h Fl(recv)p Fq(.)0 2259 y Fl(fileno\(\))208
+2359 y Fq(Retriev)n(e)f(the)i(\034le)g(descriptor)e(n)n(um)n(b)r(er)i
+(for)f(the)h(underlying)e(so)r(c)n(k)n(et.)0 2506 y Fl(listen\()p
+Fc(b)l(acklo)l(g)7 b Fl(\))208 2606 y Fq(Call)27 b(the)h
 Fl(listen)d Fq(metho)r(d)j(of)f(the)h(underlying)f(so)r(c)n(k)n(et.)0
-2207 y Fl(get_app_data\(\))208 2307 y Fq(Retriev)n(e)f(application)h
-(data)g(as)g(set)h(b)n(y)g Fl(set_app_data)p Fq(.)0 2454
-y Fl(get_cipher_list\()o(\))208 2553 y Fq(Retriev)n(e)23
+2752 y Fl(get_app_data\(\))208 2852 y Fq(Retriev)n(e)f(application)h
+(data)g(as)g(set)h(b)n(y)g Fl(set_app_data)p Fq(.)0 2999
+y Fl(get_cipher_list\()o(\))208 3099 y Fq(Retriev)n(e)23
 b(the)h(list)g(of)g(ciphers)g(used)g(b)n(y)f(the)i(Connection)e(ob)5
 b(ject.)36 b(W)-9 b(ARNING:)25 b(This)f(API)h(has)e(c)n(hanged.)35
-b(It)24 b(used)208 2653 y(to)j(tak)n(e)g(an)g(optional)g(parameter)f
+b(It)24 b(used)208 3198 y(to)j(tak)n(e)g(an)g(optional)g(parameter)f
 (and)h(just)h(return)g(a)f(string,)g(but)h(not)f(it)h(returns)f(the)h
-(en)n(tire)f(list)h(in)g(one)f(go.)0 2800 y Fl(get_context\(\))208
-2899 y Fq(Retriev)n(e)f(the)i(Con)n(text)f(ob)5 b(ject)28
-b(asso)r(ciated)e(with)i(this)g(Connection.)0 3046 y
-Fl(get_peer_certifi)o(ca)o(te\()o(\))208 3146 y Fq(Retriev)n(e)e(the)i
-(other)f(side's)g(certi\034cate)g(\(if)i(an)n(y\))0 3293
-y Fl(getpeername\(\))208 3392 y Fq(Call)e(the)h Fl(getpeername)23
+(en)n(tire)f(list)h(in)g(one)f(go.)0 3345 y Fl(get_client_ca_li)o(st)o
+(\(\))208 3445 y Fq(Retriev)n(e)e(the)i(list)g(of)f(preferred)g(clien)n
+(t)g(certi\034cate)g(issuers)g(sen)n(t)g(b)n(y)g(the)h(serv)n(er)e(as)h
+Fl(OpenSSL.crypto.)o(X50)o(9N)o(am)o(e)208 3544 y Fq(ob)5
+b(jects.)208 3677 y(If)25 b(this)g(is)f(a)h(clien)n(t)f
+Fl(Connection)p Fq(,)e(the)j(list)g(will)g(b)r(e)g(empt)n(y)f(un)n(til)
+h(the)h(connection)e(with)h(the)g(serv)n(er)e(is)h(established.)208
+3810 y(If)33 b(this)g(is)g(a)f(serv)n(er)g Fl(Connection)p
+Fq(,)e(return)i(the)h(list)h(of)e(certi\034cate)h(authorities)f(that)h
+(will)g(b)r(e)h(sen)n(t)e(or)g(has)h(b)r(een)208 3910
+y(sen)n(t)27 b(to)g(the)h(clien)n(t,)g(as)f(con)n(trolled)f(b)n(y)h
+(this)h Fl(Connection)p Fq('s)c Fl(Context)p Fq(.)208
+4042 y(New)j(in)h(v)n(ersion)e(0.10.)0 4189 y Fl(get_context\(\))208
+4289 y Fq(Retriev)n(e)g(the)i(Con)n(text)f(ob)5 b(ject)28
+b(asso)r(ciated)e(with)i(this)g(Connection.)0 4436 y
+Fl(get_peer_certifi)o(ca)o(te\()o(\))208 4535 y Fq(Retriev)n(e)e(the)i
+(other)f(side's)g(certi\034cate)g(\(if)i(an)n(y\))0 4682
+y Fl(getpeername\(\))208 4782 y Fq(Call)e(the)h Fl(getpeername)23
 b Fq(metho)r(d)28 b(of)f(the)h(underlying)f(so)r(c)n(k)n(et.)0
-3539 y Fl(getsockname\(\))208 3639 y Fq(Call)g(the)h
+4929 y Fl(getsockname\(\))208 5028 y Fq(Call)g(the)h
 Fl(getsockname)23 b Fq(metho)r(d)28 b(of)f(the)h(underlying)f(so)r(c)n
-(k)n(et.)0 3802 y Fl(getsockopt\()p Fc(level,)f(optname)6
-b Fb([)p Fc(,)31 b(bu\035en)18 b Fb(])p Fl(\))208 3902
+(k)n(et.)0 5192 y Fl(getsockopt\()p Fc(level,)f(optname)6
+b Fb([)p Fc(,)31 b(bu\035en)18 b Fb(])p Fl(\))208 5292
 y Fq(Call)27 b(the)h Fl(getsockopt)23 b Fq(metho)r(d)28
-b(of)g(the)g(underlying)f(so)r(c)n(k)n(et.)0 4049 y Fl(pending\(\))208
-4148 y Fq(Retriev)n(e)22 b(the)h(n)n(um)n(b)r(er)g(of)g(b)n(ytes)g
-(that)h(can)e(b)r(e)i(safely)f(read)f(from)h(the)g(SSL)h(bu\033er)f(\()
-p Fc(not)g Fq(the)h(underlying)e(transp)r(ort)208 4248
-y(bu\033er\).)0 4395 y Fl(recv\()p Fc(bufsize)6 b Fl(\))208
-4495 y Fq(Receiv)n(e)30 b(data)h(from)g(the)h(Connection.)47
-b(The)31 b(return)g(v)-5 b(alue)31 b(is)h(a)e(string)h(represen)n(ting)
-f(the)h(data)g(receiv)n(ed.)47 b(The)208 4594 y(maxim)n(um)27
-b(amoun)n(t)g(of)g(data)h(to)f(b)r(e)h(receiv)n(ed)e(at)i(once,)f(is)g
-(sp)r(eci\034ed)h(b)n(y)h Fc(bufsize)6 b Fq(.)0 4741
-y Fl(renegotiate\(\))208 4841 y Fq(Renegotiate)26 b(the)i(SSL)g
-(session.)36 b(Call)27 b(this)h(if)g(y)n(ou)f(wish)g(to)h(c)n(hange)e
-(cipher)h(suites)h(or)e(an)n(ything)h(lik)n(e)g(that.)0
-4988 y Fl(send\()p Fc(string)7 b Fl(\))208 5087 y Fq(Send)27
-b(the)h Fc(string)35 b Fq(data)27 b(to)h(the)g(Connection.)0
-5234 y Fl(sendall\()p Fc(string)7 b Fl(\))208 5334 y
-Fq(Send)30 b(all)f(of)h(the)g Fc(string)37 b Fq(data)29
-b(to)g(the)h(Connection.)43 b(This)30 b(calls)f Fl(send)f
-Fq(rep)r(eatedly)h(un)n(til)h(all)f(data)h(is)f(sen)n(t.)43
-b(If)30 b(an)p 0 5549 3901 4 v 0 5649 a Ff(3.3)82 b Fl(SSL)26
-b Ff(\026)i(An)g(interface)g(to)f(the)g(SSL-sp)r(eci\034c)h(pa)n(rts)f
-(of)h(Op)r(enSSL)1611 b(13)p eop end
-%%Page: 14 14
-TeXDict begin 14 13 bop 208 83 a Fq(error)25 b(o)r(ccurs,)i(it's)h(imp)
-r(ossible)f(to)g(tell)h(ho)n(w)f(m)n(uc)n(h)h(data)f(has)g(b)r(een)h
-(sen)n(t.)0 230 y Fl(set_accept_state)o(\(\))208 330
-y Fq(Set)20 b(the)g(connection)f(to)h(w)n(ork)e(in)i(serv)n(er)e(mo)r
-(de.)34 b(The)20 b(handshak)n(e)f(will)h(b)r(e)g(handled)g
-(automatically)e(b)n(y)i(read/write.)0 476 y Fl(set_app_data\()p
-Fc(data)6 b Fl(\))208 576 y Fq(Asso)r(ciate)39 b Fc(data)47
-b Fq(with)40 b(this)g(Connection)g(ob)5 b(ject.)73 b
-Fc(data)47 b Fq(can)39 b(b)r(e)i(retriev)n(ed)d(later)h(using)h(the)g
-Fl(get_app_data)208 676 y Fq(metho)r(d.)0 823 y Fl(set_connect_stat)o
-(e\()o(\))208 922 y Fq(Set)21 b(the)g(connection)g(to)g(w)n(ork)e(in)i
+b(of)g(the)g(underlying)f(so)r(c)n(k)n(et.)p 0 5549 3901
+4 v 0 5649 a Ff(14)2197 b(3)83 b Fl(OpenSSL)24 b Ff(\026)k(Python)f
+(interface)h(to)f(Op)r(enSSL)p eop end
+%%Page: 15 15
+TeXDict begin 15 14 bop 0 83 a Fl(pending\(\))208 183
+y Fq(Retriev)n(e)22 b(the)h(n)n(um)n(b)r(er)g(of)g(b)n(ytes)g(that)h
+(can)e(b)r(e)i(safely)f(read)f(from)h(the)g(SSL)h(bu\033er)f(\()p
+Fc(not)g Fq(the)h(underlying)e(transp)r(ort)208 282 y(bu\033er\).)0
+429 y Fl(recv\()p Fc(bufsize)6 b Fl(\))208 529 y Fq(Receiv)n(e)30
+b(data)h(from)g(the)h(Connection.)47 b(The)31 b(return)g(v)-5
+b(alue)31 b(is)h(a)e(string)h(represen)n(ting)f(the)h(data)g(receiv)n
+(ed.)47 b(The)208 628 y(maxim)n(um)27 b(amoun)n(t)g(of)g(data)h(to)f(b)
+r(e)h(receiv)n(ed)e(at)i(once,)f(is)g(sp)r(eci\034ed)h(b)n(y)h
+Fc(bufsize)6 b Fq(.)0 775 y Fl(bio_write\()p Fc(bytes)h
+Fl(\))208 875 y Fq(If)27 b(the)h(Connection)f(w)n(as)f(created)h(with)g
+(a)g(memory)g(BIO,)g(this)g(metho)r(d)h(can)f(b)r(e)h(used)f(to)g(add)g
+(b)n(ytes)g(to)g(the)h(read)208 975 y(end)g(of)g(that)g(memory)f(BIO.)g
+(The)h(Connection)g(can)f(then)i(read)e(the)h(b)n(ytes)g(\(for)f
+(example,)h(in)g(resp)r(onse)f(to)h(a)f(call)208 1074
+y(to)g Fl(recv)p Fq(\).)0 1221 y Fl(renegotiate\(\))208
+1321 y Fq(Renegotiate)f(the)i(SSL)g(session.)36 b(Call)27
+b(this)h(if)g(y)n(ou)f(wish)g(to)h(c)n(hange)e(cipher)h(suites)h(or)e
+(an)n(ything)h(lik)n(e)g(that.)0 1468 y Fl(send\()p Fc(string)7
+b Fl(\))208 1567 y Fq(Send)27 b(the)h Fc(string)35 b
+Fq(data)27 b(to)h(the)g(Connection.)0 1714 y Fl(bio_read\()p
+Fc(bufsize)6 b Fl(\))208 1814 y Fq(If)31 b(the)g(Connection)g(w)n(as)f
+(created)g(with)i(a)e(memory)g(BIO,)h(this)g(metho)r(d)g(can)g(b)r(e)h
+(used)e(to)h(read)f(b)n(ytes)h(from)g(the)208 1913 y(write)d(end)g(of)g
+(that)h(memory)e(BIO.)h(Man)n(y)f(Connection)h(metho)r(ds)h(will)f(add)
+g(b)n(ytes)g(whic)n(h)g(m)n(ust)g(b)r(e)h(read)e(in)i(this)208
+2013 y(manner)c(or)h(the)g(bu\033er)h(will)f(ev)n(en)n(tually)f(\034ll)
+i(up)g(and)f(the)g(Connection)g(will)g(b)r(e)h(able)f(to)g(tak)n(e)g
+(no)g(further)g(actions.)0 2160 y Fl(sendall\()p Fc(string)7
+b Fl(\))208 2259 y Fq(Send)30 b(all)f(of)h(the)g Fc(string)37
+b Fq(data)29 b(to)g(the)h(Connection.)43 b(This)30 b(calls)f
+Fl(send)f Fq(rep)r(eatedly)h(un)n(til)h(all)f(data)h(is)f(sen)n(t.)43
+b(If)30 b(an)208 2359 y(error)25 b(o)r(ccurs,)i(it's)h(imp)r(ossible)f
+(to)g(tell)h(ho)n(w)f(m)n(uc)n(h)h(data)f(has)g(b)r(een)h(sen)n(t.)0
+2506 y Fl(set_accept_state)o(\(\))208 2606 y Fq(Set)20
+b(the)g(connection)f(to)h(w)n(ork)e(in)i(serv)n(er)e(mo)r(de.)34
+b(The)20 b(handshak)n(e)f(will)h(b)r(e)g(handled)g(automatically)e(b)n
+(y)i(read/write.)0 2752 y Fl(set_app_data\()p Fc(data)6
+b Fl(\))208 2852 y Fq(Asso)r(ciate)39 b Fc(data)47 b
+Fq(with)40 b(this)g(Connection)g(ob)5 b(ject.)73 b Fc(data)47
+b Fq(can)39 b(b)r(e)i(retriev)n(ed)d(later)h(using)h(the)g
+Fl(get_app_data)208 2952 y Fq(metho)r(d.)0 3099 y Fl(set_connect_stat)o
+(e\()o(\))208 3198 y Fq(Set)21 b(the)g(connection)g(to)g(w)n(ork)e(in)i
 (clien)n(t)g(mo)r(de.)35 b(The)21 b(handshak)n(e)f(will)h(b)r(e)g
-(handled)g(automatically)f(b)n(y)h(read/write.)0 1069
-y Fl(setblocking\()p Fc(\035ag)7 b Fl(\))208 1169 y Fq(Call)27
+(handled)g(automatically)f(b)n(y)h(read/write.)0 3345
+y Fl(setblocking\()p Fc(\035ag)7 b Fl(\))208 3445 y Fq(Call)27
 b(the)h Fl(setblocking)23 b Fq(metho)r(d)28 b(of)f(the)h(underlying)f
-(so)r(c)n(k)n(et.)0 1316 y Fl(setsockopt\()p Fc(level,)f(optname,)31
-b(value)6 b Fl(\))208 1415 y Fq(Call)27 b(the)h Fl(setsockopt)23
+(so)r(c)n(k)n(et.)0 3591 y Fl(setsockopt\()p Fc(level,)f(optname,)31
+b(value)6 b Fl(\))208 3691 y Fq(Call)27 b(the)h Fl(setsockopt)23
 b Fq(metho)r(d)28 b(of)g(the)g(underlying)f(so)r(c)n(k)n(et.)0
-1562 y Fl(shutdown\(\))208 1662 y Fq(Send)35 b(the)h(sh)n(utdo)n(wn)f
+3838 y Fl(shutdown\(\))208 3938 y Fq(Send)35 b(the)h(sh)n(utdo)n(wn)f
 (message)f(to)h(the)h(Connection.)60 b(Returns)35 b(true)g(if)h(the)g
-(sh)n(utdo)n(wn)e(message)g(exc)n(hange)g(is)208 1761
+(sh)n(utdo)n(wn)e(message)g(exc)n(hange)g(is)208 4037
 y(completed)25 b(and)g(false)h(otherwise)e(\(in)i(whic)n(h)g(case)e(y)n
 (ou)h(call)g Fl(recv\(\))e Fq(or)i Fl(send\(\))e Fq(when)j(the)g
-(connection)f(b)r(ecomes)208 1861 y(readable/writeable.)0
-2008 y Fl(get_shutdown\(\))208 2107 y Fq(Get)70 b(the)g(sh)n(utdo)n(wn)
+(connection)f(b)r(ecomes)208 4137 y(readable/writeable.)0
+4284 y Fl(get_shutdown\(\))208 4383 y Fq(Get)70 b(the)g(sh)n(utdo)n(wn)
 f(state)g(of)h(the)g(Connection.)162 b(Returns)69 b(a)h(bitv)n(ector)e
-(of)i(either)f(or)g(b)r(oth)h(of)208 2207 y Fc(SENT_SHUTDO)n(WN)39
-b Fq(and)27 b Fc(RECEIVED_SHUTDO)n(WN)14 b Fq(.)0 2354
-y Fl(set_shutdown\()p Fc(state)6 b Fl(\))208 2454 y Fq(Set)21
+(of)i(either)f(or)g(b)r(oth)h(of)208 4483 y Fc(SENT_SHUTDO)n(WN)39
+b Fq(and)27 b Fc(RECEIVED_SHUTDO)n(WN)14 b Fq(.)0 4630
+y Fl(set_shutdown\()p Fc(state)6 b Fl(\))208 4729 y Fq(Set)21
 b(the)g(sh)n(utdo)n(wn)g(state)g(of)g(the)g(Connection.)34
 b Fc(state)27 b Fq(is)21 b(a)g(bitv)n(ector)f(of)h(either)g(or)f(b)r
-(oth)i(of)27 b Fc(SENT_SHUTDO)n(WN)208 2553 y Fq(and)g
-Fc(RECEIVED_SHUTDO)n(WN)14 b Fq(.)0 2700 y Fl(sock_shutdown\()p
-Fc(how)9 b Fl(\))208 2800 y Fq(Call)27 b(the)h Fl(shutdown)c
+(oth)i(of)27 b Fc(SENT_SHUTDO)n(WN)208 4829 y Fq(and)g
+Fc(RECEIVED_SHUTDO)n(WN)14 b Fq(.)0 4976 y Fl(sock_shutdown\()p
+Fc(how)9 b Fl(\))208 5076 y Fq(Call)27 b(the)h Fl(shutdown)c
 Fq(metho)r(d)k(of)g(the)g(underlying)e(so)r(c)n(k)n(et.)0
-2946 y Fl(state_string\(\))208 3046 y Fq(Retriev)n(e)g(a)i(v)n(erb)r
-(ose)e(string)g(detailing)i(the)g(state)f(of)h(the)f(Connection.)0
-3193 y Fl(want_read\(\))208 3293 y Fq(Chec)n(ks)f(if)i(more)f(data)g
+5222 y Fl(bio_shutdown\(\))208 5322 y Fq(If)j(the)h(Connection)f(w)n
+(as)f(created)g(with)i(a)f(memory)f(BIO,)h(this)h(metho)r(d)f(can)g(b)r
+(e)h(used)f(to)g(indicate)g(that)h(\020end)f(of)p 0 5549
+3901 4 v 0 5649 a Ff(3.3)82 b Fl(SSL)26 b Ff(\026)i(An)g(interface)g
+(to)f(the)g(SSL-sp)r(eci\034c)h(pa)n(rts)f(of)h(Op)r(enSSL)1611
+b(15)p eop end
+%%Page: 16 16
+TeXDict begin 16 15 bop 208 83 a Fq(\034le\021)34 b(has)27
+b(b)r(een)h(reac)n(hed)e(on)h(the)h(read)f(end)h(of)f(that)h(memory)f
+(BIO.)0 230 y Fl(state_string\(\))208 330 y Fq(Retriev)n(e)f(a)i(v)n
+(erb)r(ose)e(string)g(detailing)i(the)g(state)f(of)h(the)f(Connection.)
+0 476 y Fl(client_random\(\))208 576 y Fq(Retriev)n(e)f(the)i(random)f
+(v)-5 b(alue)27 b(used)h(with)g(the)g(clien)n(t)f(hello)h(message.)0
+723 y Fl(server_random\(\))208 823 y Fq(Retriev)n(e)e(the)i(random)f(v)
+-5 b(alue)27 b(used)h(with)g(the)g(serv)n(er)e(hello)h(message.)0
+969 y Fl(master_key\(\))208 1069 y Fq(Retriev)n(e)f(the)i(v)-5
+b(alue)28 b(of)f(the)h(master)f(k)n(ey)g(for)g(this)h(session.)0
+1216 y Fl(want_read\(\))208 1316 y Fq(Chec)n(ks)e(if)i(more)f(data)g
 (has)g(to)h(b)r(e)g(read)e(from)i(the)f(transp)r(ort)g(la)n(y)n(er)f
-(to)h(complete)h(an)f(op)r(eration.)0 3439 y Fl(want_write\(\))208
-3539 y Fq(Chec)n(ks)f(if)i(there)g(is)f(data)g(to)h(write)f(to)g(the)h
+(to)h(complete)h(an)f(op)r(eration.)0 1462 y Fl(want_write\(\))208
+1562 y Fq(Chec)n(ks)f(if)i(there)g(is)f(data)g(to)h(write)f(to)g(the)h
 (transp)r(ort)f(la)n(y)n(er)f(to)h(complete)h(an)f(op)r(eration.)0
-3861 y Fr(4)114 b(Internals)0 4090 y Fq(W)-7 b(e)25 b(ran)g(in)n(to)f
+1882 y Fr(4)114 b(Internals)0 2111 y Fq(W)-7 b(e)25 b(ran)g(in)n(to)f
 (three)h(main)g(problems)f(dev)n(eloping)g(this:)36 b(Exceptions,)25
 b(callbac)n(ks)f(and)h(accessing)e(so)r(c)n(k)n(et)h(metho)r(ds.)36
-b(This)0 4190 y(is)27 b(what)h(this)g(c)n(hapter)e(is)i(ab)r(out.)0
-4469 y Fj(4.1)97 b(Exceptions)0 4670 y Fq(W)-7 b(e)52
+b(This)0 2210 y(is)27 b(what)h(this)g(c)n(hapter)e(is)i(ab)r(out.)0
+2488 y Fj(4.1)97 b(Exceptions)0 2688 y Fq(W)-7 b(e)52
 b(realized)f(early)g(that)h(most)g(of)g(the)g(exceptions)f(w)n(ould)h
 (b)r(e)g(raised)f(b)n(y)h(the)g(I/O)f(functions)h(of)g(Op)r(enSSL,)0
-4769 y(so)d(it)i(felt)f(natural)f(to)h(mimic)g(Op)r(enSSL's)g(error)e
+2788 y(so)d(it)i(felt)f(natural)f(to)h(mimic)g(Op)r(enSSL's)g(error)e
 (co)r(de)i(system,)55 b(translating)48 b(them)j(in)n(to)e(Python)i
-(exceptions.)0 4869 y(This)30 b(naturally)e(giv)n(es)h(us)h(the)g
+(exceptions.)0 2887 y(This)30 b(naturally)e(giv)n(es)h(us)h(the)g
 (exceptions)f Fl(SSL.ZeroReturnEr)o(ro)o(r)p Fq(,)24
 b Fl(SSL.WantReadError)o Fq(,)h Fl(SSL.WantWriteEr)o(ro)o(r)p
-Fq(,)0 4969 y Fl(SSL.WantX509Look)o(up)o(Err)o(or)c Fq(and)27
-b Fl(SSL.SysCallError)p Fq(.)0 5115 y(F)-7 b(or)27 b(more)g
-(information)g(ab)r(out)g(this,)h(see)f(section)g(3.3.)p
-0 5549 3901 4 v 0 5649 a Ff(14)3368 b(4)83 b(Internals)p
-eop end
-%%Page: 15 15
-TeXDict begin 15 14 bop 0 83 a Fj(4.2)97 b(Callbacks)0
-283 y Fq(There)34 b(are)f(a)h(n)n(um)n(b)r(er)g(of)h(problems)e(with)i
-(callbac)n(ks.)56 b(First)34 b(of)g(all,)i(Op)r(enSSL)f(is)f(written)h
-(as)e(a)h(C)h(library)-7 b(,)34 b(it's)h(not)0 383 y(mean)n(t)26
-b(to)g(ha)n(v)n(e)e(Python)j(callbac)n(ks,)d(so)i(a)f(w)n(a)n(y)g
-(around)g(that)h(is)g(needed.)36 b(Another)26 b(problem)f(is)h(thread)g
-(supp)r(ort.)36 b(A)26 b(lot)0 483 y(of)h(the)g(Op)r(enSSL)g(I/O)e
-(functions)i(can)g(blo)r(c)n(k)f(if)h(the)g(so)r(c)n(k)n(et)f(is)g(in)h
-(blo)r(c)n(king)f(mo)r(de,)h(and)g(then)g(y)n(ou)f(w)n(an)n(t)g(other)g
-(Python)0 582 y(threads)i(to)g(b)r(e)h(able)g(to)f(do)h(other)f
-(things.)40 b(The)28 b(real)g(trouble)g(is)h(if)g(y)n(ou'v)n(e)e
-(released)h(the)h(global)e(CPython)i(in)n(terpreter)0
-682 y(lo)r(c)n(k)e(to)h(do)f(a)h(p)r(oten)n(tially)f(blo)r(c)n(king)g
-(op)r(eration,)g(and)h(the)g(op)r(eration)f(calls)g(a)g(callbac)n(k.)36
-b(Then)28 b(w)n(e)g(m)n(ust)g(tak)n(e)f(the)h(GIL)0 782
-y(bac)n(k,)f(since)g(calling)g(Python)h(APIs)g(without)g(holding)f(it)h
-(is)g(not)f(allo)n(w)n(ed.)0 929 y(There)d(are)f(t)n(w)n(o)g(solutions)
-h(to)g(the)h(\034rst)f(problem,)g(b)r(oth)h(of)f(whic)n(h)g(are)f
-(necessary)-7 b(.)34 b(The)25 b(\034rst)f(solution)f(to)h(use)h(is)f
-(if)g(the)h(C)0 1028 y(callbac)n(k)i(allo)n(ws)f(\021userdata\021)33
+Fq(,)0 2987 y Fl(SSL.WantX509Look)o(up)o(Err)o(or)c Fq(and)27
+b Fl(SSL.SysCallError)p Fq(.)0 3134 y(F)-7 b(or)27 b(more)g
+(information)g(ab)r(out)g(this,)h(see)f(section)g(3.3.)0
+3411 y Fj(4.2)97 b(Callbacks)0 3612 y Fq(There)34 b(are)f(a)h(n)n(um)n
+(b)r(er)g(of)h(problems)e(with)i(callbac)n(ks.)56 b(First)34
+b(of)g(all,)i(Op)r(enSSL)f(is)f(written)h(as)e(a)h(C)h(library)-7
+b(,)34 b(it's)h(not)0 3711 y(mean)n(t)26 b(to)g(ha)n(v)n(e)e(Python)j
+(callbac)n(ks,)d(so)i(a)f(w)n(a)n(y)g(around)g(that)h(is)g(needed.)36
+b(Another)26 b(problem)f(is)h(thread)g(supp)r(ort.)36
+b(A)26 b(lot)0 3811 y(of)h(the)g(Op)r(enSSL)g(I/O)e(functions)i(can)g
+(blo)r(c)n(k)f(if)h(the)g(so)r(c)n(k)n(et)f(is)g(in)h(blo)r(c)n(king)f
+(mo)r(de,)h(and)g(then)g(y)n(ou)f(w)n(an)n(t)g(other)g(Python)0
+3911 y(threads)i(to)g(b)r(e)h(able)g(to)f(do)h(other)f(things.)40
+b(The)28 b(real)g(trouble)g(is)h(if)g(y)n(ou'v)n(e)e(released)h(the)h
+(global)e(CPython)i(in)n(terpreter)0 4010 y(lo)r(c)n(k)e(to)h(do)f(a)h
+(p)r(oten)n(tially)f(blo)r(c)n(king)g(op)r(eration,)g(and)h(the)g(op)r
+(eration)f(calls)g(a)g(callbac)n(k.)36 b(Then)28 b(w)n(e)g(m)n(ust)g
+(tak)n(e)f(the)h(GIL)0 4110 y(bac)n(k,)f(since)g(calling)g(Python)h
+(APIs)g(without)g(holding)f(it)h(is)g(not)f(allo)n(w)n(ed.)0
+4257 y(There)d(are)f(t)n(w)n(o)g(solutions)h(to)g(the)h(\034rst)f
+(problem,)g(b)r(oth)h(of)f(whic)n(h)g(are)f(necessary)-7
+b(.)34 b(The)25 b(\034rst)f(solution)f(to)h(use)h(is)f(if)g(the)h(C)0
+4356 y(callbac)n(k)i(allo)n(ws)f(\021userdata\021)33
 b(to)28 b(b)r(e)h(passed)e(to)h(it)g(\(an)g(arbitrary)e(p)r(oin)n(ter)i
 (normally\).)37 b(This)28 b(is)g(great!)37 b(W)-7 b(e)28
-b(can)g(set)g(our)0 1128 y(Python)i(function)g(ob)5 b(ject)29
+b(can)g(set)g(our)0 4456 y(Python)i(function)g(ob)5 b(ject)29
 b(as)f(the)i(real)f(userdata)f(and)h(em)n(ulate)g(userdata)f(for)h(the)
 h(Python)f(function)h(in)g(another)e(w)n(a)n(y)-7 b(.)0
-1227 y(The)24 b(other)g(solution)g(can)g(b)r(e)h(used)g(if)g(an)f(ob)5
+4556 y(The)24 b(other)g(solution)g(can)g(b)r(e)h(used)g(if)g(an)f(ob)5
 b(ject)24 b(with)h(an)f(\021app_data\021)29 b(system)c(alw)n(a)n(ys)d
 (is)j(passed)e(to)h(the)h(callbac)n(k.)35 b(F)-7 b(or)0
-1327 y(example,)26 b(the)h(SSL)f(ob)5 b(ject)26 b(in)h(Op)r(enSSL)f
+4655 y(example,)26 b(the)h(SSL)f(ob)5 b(ject)26 b(in)h(Op)r(enSSL)f
 (has)g(app_data)f(functions)i(and)f(in)h(e.g.)36 b(the)26
 b(v)n(eri\034cation)f(callbac)n(ks,)g(y)n(ou)g(can)0
-1427 y(retriev)n(e)i(the)i(related)f(SSL)h(ob)5 b(ject.)39
+4755 y(retriev)n(e)i(the)i(related)f(SSL)h(ob)5 b(ject.)39
 b(What)29 b(w)n(e)g(do)f(is)g(to)h(set)f(our)g(wrapp)r(er)g
 Fl(Connection)c Fq(ob)5 b(ject)28 b(as)g(app_data)g(for)g(the)0
-1526 y(SSL)g(ob)5 b(ject,)27 b(and)h(w)n(e)f(can)g(easily)g(\034nd)h
-(the)g(Python)g(callbac)n(k.)0 1673 y(The)23 b(other)g(problem)g(is)g
+4855 y(SSL)g(ob)5 b(ject,)27 b(and)h(w)n(e)f(can)g(easily)g(\034nd)h
+(the)g(Python)g(callbac)n(k.)0 5001 y(The)23 b(other)g(problem)g(is)g
 (solv)n(ed)f(using)h(thread)g(lo)r(cal)g(v)-5 b(ariables.)34
 b(Whenev)n(er)22 b(the)i(GIL)g(is)f(released)f(b)r(efore)h(calling)f
-(in)n(to)h(an)0 1773 y(Op)r(enSSL)j(API,)g(the)g(PyThreadState)f(p)r
+(in)n(to)h(an)0 5101 y(Op)r(enSSL)j(API,)g(the)g(PyThreadState)f(p)r
 (oin)n(ter)g(returned)g(b)n(y)h Fl(PyEval_SaveState)19
 b Fq(is)25 b(stored)g(in)g(a)g(global)g(thread)g(lo)r(cal)0
-1872 y(v)-5 b(ariable)27 b(\(using)g(Python's)h(o)n(wn)f(TLS)h(API,)g
+5201 y(v)-5 b(ariable)27 b(\(using)g(Python's)h(o)n(wn)f(TLS)h(API,)g
 Fl(PyThread_set_key_)o(va)o(lue)o Fq(\).)k(When)c(it)g(is)g(necessary)e
-(to)h(re-acquire)f(the)0 1972 y(GIL,)c(either)g(after)g(the)h(Op)r
+(to)h(re-acquire)f(the)0 5300 y(GIL,)c(either)g(after)g(the)h(Op)r
 (enSSL)f(API)h(returns)e(or)h(in)g(a)g(C)g(callbac)n(k)f(in)n(v)n(ok)n
 (ed)f(b)n(y)i(that)h(Op)r(enSSL)f(API,)h(the)g(v)-5 b(alue)22
-b(of)g(the)0 2072 y(thread)32 b(lo)r(cal)f(v)-5 b(ariable)32
+b(of)g(the)0 5400 y(thread)32 b(lo)r(cal)f(v)-5 b(ariable)32
 b(is)g(retriev)n(ed)f(\()p Fl(PyThread_get_key)o(_va)o(lu)o(e)p
 Fq(\))26 b(and)33 b(used)f(to)g(re-acquire)e(the)j(GIL.)f(This)h(allo)n
-(ws)0 2171 y(Python)f(threads)e(to)h(execute)h(while)f(Op)r(enSSL)g
-(APIs)h(are)f(running)f(and)i(allo)n(ws)e(use)h(of)g(an)n(y)f
-(particular)g(p)n(yOp)r(enSSL)0 2271 y(ob)5 b(ject)29
-b(from)f(an)n(y)g(Python)i(thread,)e(since)h(there)g(is)g(no)f(p)r
-(er-thread)g(state)h(asso)r(ciated)f(with)h(an)n(y)f(of)h(these)g(ob)5
-b(jects)28 b(and)0 2371 y(since)f(Op)r(enSSL)h(is)g(threadsafe)e(\(as)h
-(long)g(as)g(prop)r(erly)g(initialized,)g(as)g(p)n(yOp)r(enSSL)h
-(initializes)f(it\).)0 2650 y Fj(4.3)97 b(A)m(cessing)35
-b(So)s(ck)m(et)e(Metho)s(ds)0 2851 y Fq(W)-7 b(e)27 b(quic)n(kly)e(sa)n
+(ws)p 0 5549 3901 4 v 0 5649 a Ff(16)3368 b(4)83 b(Internals)p
+eop end
+%%Page: 17 17
+TeXDict begin 17 16 bop 0 83 a Fq(Python)32 b(threads)e(to)h(execute)h
+(while)f(Op)r(enSSL)g(APIs)h(are)f(running)f(and)i(allo)n(ws)e(use)h
+(of)g(an)n(y)f(particular)g(p)n(yOp)r(enSSL)0 183 y(ob)5
+b(ject)29 b(from)f(an)n(y)g(Python)i(thread,)e(since)h(there)g(is)g(no)
+f(p)r(er-thread)g(state)h(asso)r(ciated)f(with)h(an)n(y)f(of)h(these)g
+(ob)5 b(jects)28 b(and)0 282 y(since)f(Op)r(enSSL)h(is)g(threadsafe)e
+(\(as)h(long)g(as)g(prop)r(erly)g(initialized,)g(as)g(p)n(yOp)r(enSSL)h
+(initializes)f(it\).)0 562 y Fj(4.3)97 b(A)m(cessing)35
+b(So)s(ck)m(et)e(Metho)s(ds)0 762 y Fq(W)-7 b(e)27 b(quic)n(kly)e(sa)n
 (w)h(the)g(b)r(ene\034t)h(of)g(wrapping)e(so)r(c)n(k)n(et)g(metho)r(ds)
 h(in)h(the)g Fl(SSL.Connection)20 b Fq(class,)26 b(for)g(an)g(easy)f
-(transition)0 2950 y(in)n(to)e(using)f(SSL.)h(The)g(problem)f(here)h
-(is)f(that)h(the)h Fl(socket)c Fq(mo)r(dule)j(lac)n(ks)f(a)g(C)h(API,)h
-(and)e(all)h(the)g(metho)r(ds)g(are)f(declared)0 3050
+(transition)0 862 y(in)n(to)e(using)f(SSL.)h(The)g(problem)f(here)h(is)
+f(that)h(the)h Fl(socket)c Fq(mo)r(dule)j(lac)n(ks)f(a)g(C)h(API,)h
+(and)e(all)h(the)g(metho)r(ds)g(are)f(declared)0 962
 y(static.)36 b(One)27 b(approac)n(h)d(w)n(ould)i(b)r(e)h(to)f(ha)n(v)n
 (e)g Fl(OpenSSL)d Fq(as)j(a)g(submo)r(dule)h(to)f(the)h
 Fl(socket)d Fq(mo)r(dule,)j(placing)f(all)g(the)h(co)r(de)0
-3149 y(in)j(`)p Fp(so)r(ck)n(etmo)r(dule.c)p Fq(',)h(but)f(this)g(is)g
+1061 y(in)j(`)p Fp(so)r(ck)n(etmo)r(dule.c)p Fq(',)h(but)f(this)g(is)g
 (ob)n(viously)e(not)i(a)f(go)r(o)r(d)g(solution,)h(since)g(y)n(ou)f
 (migh)n(t)g(not)h(w)n(an)n(t)f(to)h(imp)r(ort)g(tonnes)f(of)0
-3249 y(extra)f(stu\033)h(y)n(ou're)e(not)i(going)e(to)i(use)f(when)h
+1161 y(extra)f(stu\033)h(y)n(ou're)e(not)i(going)e(to)i(use)f(when)h
 (imp)r(orting)f(the)i Fl(socket)c Fq(mo)r(dule.)40 b(The)29
-b(other)f(approac)n(h)e(is)j(to)f(someho)n(w)0 3349 y(get)33
+b(other)f(approac)n(h)e(is)j(to)f(someho)n(w)0 1261 y(get)33
 b(a)g(p)r(oin)n(ter)g(to)h(the)f(metho)r(d)h(to)g(b)r(e)f(called,)i
 (either)e(the)h(C)g(function,)h(or)e(a)g(callable)f(Python)i(ob)5
-b(ject.)54 b(This)34 b(is)f(not)0 3448 y(really)26 b(a)i(go)r(o)r(d)f
+b(ject.)54 b(This)34 b(is)f(not)0 1360 y(really)26 b(a)i(go)r(o)r(d)f
 (solution)g(either,)g(since)g(there's)h(a)f(lot)g(of)h(lo)r(okups)f(in)
-n(v)n(olv)n(ed.)0 3595 y(The)h(w)n(a)n(y)f(it)h(w)n(orks)e(is)i(that)h
+n(v)n(olv)n(ed.)0 1507 y(The)h(w)n(a)n(y)f(it)h(w)n(orks)e(is)i(that)h
 (y)n(ou)e(ha)n(v)n(e)g(to)g(supply)h(a)g(\020)7 b Fl(socket)p
 Fq(-lik)n(e\021)31 b(transp)r(ort)c(ob)5 b(ject)28 b(to)f(the)i
-Fl(SSL.Connection)p Fq(.)j(The)0 3695 y(only)24 b(requiremen)n(t)f(of)i
+Fl(SSL.Connection)p Fq(.)j(The)0 1607 y(only)24 b(requiremen)n(t)f(of)i
 (this)f(ob)5 b(ject)24 b(is)h(that)f(it)h(has)f(a)g Fl(fileno\(\))d
 Fq(metho)r(d)k(that)f(returns)g(a)g(\034le)g(descriptor)f(that's)i(v)-5
-b(alid)24 b(at)0 3794 y(the)g(C)g(lev)n(el)f(\(i.e.)36
+b(alid)24 b(at)0 1706 y(the)g(C)g(lev)n(el)f(\(i.e.)36
 b(y)n(ou)23 b(can)h(use)f(the)i(system)e(calls)g(read)g(and)h(write\).)
 35 b(If)25 b(y)n(ou)e(w)n(an)n(t)g(to)h(use)f(the)h Fl(connect\(\))c
-Fq(or)j Fl(accept\(\))0 3894 y Fq(metho)r(ds)29 b(of)h(the)f
+Fq(or)j Fl(accept\(\))0 1806 y Fq(metho)r(ds)29 b(of)h(the)f
 Fl(SSL.Connection)24 b Fq(ob)5 b(ject,)29 b(the)h(transp)r(ort)e(ob)5
 b(ject)29 b(has)f(to)h(supply)h(suc)n(h)f(metho)r(ds)g(to)r(o.)41
-b(Apart)29 b(from)0 3994 y(them,)c(an)n(y)e(metho)r(d)h(lo)r(okups)f
+b(Apart)29 b(from)0 1906 y(them,)c(an)n(y)e(metho)r(d)h(lo)r(okups)f
 (in)h(the)f Fl(SSL.Connection)18 b Fq(ob)5 b(ject)24
 b(that)f(fail)h(are)f(passed)f(on)i(to)f(the)h(underlying)f(transp)r
-(ort)0 4093 y(ob)5 b(ject.)0 4240 y(F)-7 b(uture)25 b(c)n(hanges)f
+(ort)0 2005 y(ob)5 b(ject.)0 2152 y(F)-7 b(uture)25 b(c)n(hanges)f
 (migh)n(t)h(b)r(e)g(to)g(allo)n(w)f(Python-lev)n(el)g(transp)r(ort)g
 (ob)5 b(jects,)25 b(that)g(instead)g(of)g(ha)n(ving)g
-Fl(fileno\(\))d Fq(metho)r(ds,)0 4340 y(ha)n(v)n(e)h
+Fl(fileno\(\))d Fq(metho)r(ds,)0 2252 y(ha)n(v)n(e)h
 Fl(read\(\))g Fq(and)h Fl(write\(\))e Fq(metho)r(ds,)k(so)e(more)f(adv)
 -5 b(anced)24 b(features)h(of)f(Python)h(can)g(b)r(e)g(used.)35
-b(This)25 b(w)n(ould)f(probably)0 4439 y(en)n(tail)36
+b(This)25 b(w)n(ould)f(probably)0 2351 y(en)n(tail)36
 b(some)g(sort)g(of)g(Op)r(enSSL)h(\020BIOs\021,)g(but)g(con)n(v)n
 (erting)e(Python)i(strings)e(bac)n(k)h(and)g(forth)g(is)h(exp)r(ensiv)n
-(e,)h(so)e(this)0 4539 y(shouldn't)f(b)r(e)h(used)f(unless)g(necessary)
+(e,)h(so)e(this)0 2451 y(shouldn't)f(b)r(e)h(used)f(unless)g(necessary)
 -7 b(.)57 b(Other)35 b(nice)g(things)g(w)n(ould)g(b)r(e)g(to)g(b)r(e)h
 (able)e(to)h(pass)g(in)g(di\033eren)n(t)g(transp)r(ort)0
-4639 y(ob)5 b(jects)41 b(for)g(reading)f(and)h(writing,)j(but)e(then)g
+2551 y(ob)5 b(jects)41 b(for)g(reading)f(and)h(writing,)j(but)e(then)g
 (the)g Fl(fileno\(\))c Fq(metho)r(d)k(of)47 b Fl(SSL.Connection)36
-b Fq(b)r(ecomes)41 b(virtually)0 4738 y(useless.)36 b(Also,)27
+b Fq(b)r(ecomes)41 b(virtually)0 2650 y(useless.)36 b(Also,)27
 b(should)h(the)g(metho)r(d)g(resolution)e(b)r(e)i(used)g(on)f(the)h
 (read-transp)r(ort)d(or)i(the)h(write-transp)r(ort?)p
-0 5549 3901 4 v 0 5649 a Ff(4.2)82 b(Callbacks)3302 b(15)p
-eop end
+0 5549 3901 4 v 0 5649 a Ff(4.3)82 b(A)n(cessing)26 b(So)r(ck)n(et)h
+(Metho)r(ds)2744 b(17)p eop end
 %%Trailer
 
 userdict /end-hook known{end-hook}if
diff --git a/doc/pyOpenSSL.tex b/doc/pyOpenSSL.tex
index c7d3a6c..a41b575 100644
--- a/doc/pyOpenSSL.tex
+++ b/doc/pyOpenSSL.tex
@@ -2,7 +2,7 @@
 
 \title{Python OpenSSL Manual}
 
-\release{0.9}
+\release{0.10}
 
 \author{Jean-Paul Calderone}
 \authoraddress{\email{exarkun@twistedmatrix.com}}
@@ -189,8 +189,8 @@
 \end{datadesc}
 
 \begin{classdesc}{X509Extension}{typename, critical, value\optional{, subject}\optional{, issuer}}
-A class representing an X.509 v3 certificate extensions.  
-See \url{http://openssl.org/docs/apps/x509v3_config.html\#STANDARD_EXTENSIONS} 
+A class representing an X.509 v3 certificate extensions.
+See \url{http://openssl.org/docs/apps/x509v3_config.html\#STANDARD_EXTENSIONS}
 for \var{typename} strings and their options.
 Optional parameters \var{subject} and \var{issuer} must be X509 objects.
 \end{classdesc}
@@ -279,7 +279,10 @@
 
 \begin{funcdesc}{load_pkcs12}{buffer\optional{, passphrase}}
 Load pkcs12 data from the string \var{buffer}. If the pkcs12 structure is
-encrypted, a \var{passphrase} must be included.
+encrypted, a \var{passphrase} must be included.  The MAC is always
+checked and thus required.
+
+See also the man page for the C function \function{PKCS12_parse}.
 \end{funcdesc}
 
 \subsubsection{X509 objects \label{openssl-x509}}
@@ -541,17 +544,47 @@
 
 PKCS12 objects have the following methods:
 
+\begin{methoddesc}[PKCS12]{export}{\optional{passphrase=None}\optional{, iter=2048}\optional{, maciter=1}}
+Returns a PKCS12 object as a string.
+
+The optional \var{passphrase} must be a string not a callback.
+
+See also the man page for the C function \function{PKCS12_create}.
+\end{methoddesc}
+
+\begin{methoddesc}[PKCS12]{get_ca_certificates}{}
+Return CA certificates within the PKCS12 object as a tuple. Returns
+\constant{None} if no CA certificates are present.
+\end{methoddesc}
+
 \begin{methoddesc}[PKCS12]{get_certificate}{}
 Return certificate portion of the PKCS12 structure.
 \end{methoddesc}
 
+\begin{methoddesc}[PKCS12]{get_friendlyname}{}
+Return friendlyName portion of the PKCS12 structure.
+\end{methoddesc}
+
 \begin{methoddesc}[PKCS12]{get_privatekey}{}
 Return private key portion of the PKCS12 structure
 \end{methoddesc}
 
-\begin{methoddesc}[PKCS12]{get_ca_certificates}{}
-Return CA certificates within the PKCS12 object as a tuple. Returns
-None if no CA certificates are present.
+\begin{methoddesc}[PKCS12]{set_ca_certificates}{cacerts}
+Replace or set the CA certificates within the PKCS12 object with the sequence \var{cacerts}.
+
+Set \var{cacerts} to \constant{None} to remove all CA certificates.
+\end{methoddesc}
+
+\begin{methoddesc}[PKCS12]{set_certificate}{cert}
+Replace or set the certificate portion of the PKCS12 structure.
+\end{methoddesc}
+
+\begin{methoddesc}[PKCS12]{set_friendlyname}{name}
+Replace or set the friendlyName portion of the PKCS12 structure.
+\end{methoddesc}
+
+\begin{methoddesc}[PKCS12]{set_privatekey}{pkey}
+Replace or set private key portion of the PKCS12 structure
 \end{methoddesc}
 
 \subsubsection{X509Extension objects \label{openssl-509ext}}
@@ -708,7 +741,7 @@
 \end{funcdesc}
 
 \begin{excdesc}{Error}
-If the current RAND method supports any errors, this is raised when needed.  
+If the current RAND method supports any errors, this is raised when needed.
 The default method does not raise this when the entropy pool is depleted.
 
 Whenever this exception is raised directly, it has a list of error messages
@@ -888,6 +921,22 @@
 when requesting a client certificate.
 \end{methoddesc}
 
+\begin{methoddesc}[Context]{set_client_ca_list}{certificate_authorities}
+Replace the current list of preferred certificate signers that would be
+sent to the client when requesting a client certificate with the
+\var{certificate_authorities} sequence of \class{OpenSSL.crypto.X509Name}s.
+
+\versionadded{0.10}
+\end{methoddesc}
+
+\begin{methoddesc}[Context]{add_client_ca}{certificate_authority}
+Extract a \class{OpenSSL.crypto.X509Name} from the \var{certificate_authority}
+\class{OpenSSL.crypto.X509} certificate and add it to the list of preferred
+certificate signers sent to the client when requesting a client certificate.
+
+\versionadded{0.10}
+\end{methoddesc}
+
 \begin{methoddesc}[Context]{load_verify_locations}{pemfile, capath}
 Specify where CA certificates for verification purposes are located. These
 are trusted certificates. Note that the certificates have to be in PEM
@@ -1061,6 +1110,20 @@
 but not it returns the entire list in one go.
 \end{methoddesc}
 
+\begin{methoddesc}[Connection]{get_client_ca_list}{}
+Retrieve the list of preferred client certificate issuers sent by the server
+as \class{OpenSSL.crypto.X509Name} objects.
+
+If this is a client \class{Connection}, the list will be empty until the
+connection with the server is established.
+
+If this is a server \class{Connection}, return the list of certificate
+authorities that will be sent or has been sent to the client, as controlled
+by this \class{Connection}'s \class{Context}.
+
+\versionadded{0.10}
+\end{methoddesc}
+
 \begin{methoddesc}[Connection]{get_context}{}
 Retrieve the Context object associated with this Connection.
 \end{methoddesc}
diff --git a/doc/pyOpenSSL.txt b/doc/pyOpenSSL.txt
index 3b1e050..198fe83 100644
--- a/doc/pyOpenSSL.txt
+++ b/doc/pyOpenSSL.txt
@@ -130,31 +130,34 @@
 3.1 crypto -- Generic cryptographic module
 
    X509Type
-          A Python type object representing the X509 object type.
+          See X509.
 
-   X509()
-          Factory function that creates an X509 object.
+   class X509()
+          A class representing X.509 certificates.
 
    X509NameType
-          A Python type object representing the X509Name object type.
+          See X509Name.
 
-   X509Name(x509name)
-          Factory function that creates a copy of x509name.
+   class X509Name(x509name)
+          A class representing X.509 Distinguished Names.
+
+          This constructor creates a copy of x509name which should be an
+          instance of X509Name.
 
    X509ReqType
-          A Python type object representing the X509Req object type.
+          See X509Req.
 
-   X509Req()
-          Factory function that creates an X509Req object.
+   class X509Req()
+          A class representing X.509 certificate requests.
 
    X509StoreType
           A Python type object representing the X509Store object type.
 
    PKeyType
-          A Python type object representing the PKey object type.
+          See PKey.
 
-   PKey()
-          Factory function that creates a PKey object.
+   class PKey()
+          A class representing DSA or RSA keys.
 
    PKCS7Type
           A Python type object representing the PKCS7 object type.
@@ -163,18 +166,22 @@
           A Python type object representing the PKCS12 object type.
 
    X509ExtensionType
-          A Python type object representing the X509Extension object type.
+          See X509Extension.
 
-   X509Extension(typename, critical, value)
-          Factory function that creates a X509Extension object.
+   class X509Extension(typename, critical, value[, subject][, issuer])
+          A class representing an X.509 v3 certificate extensions. See
+          http://openssl.org/docs/apps/x509v3_config.html#STANDARD_EXTENSI
+          ONSfor typename strings and their options. Optional parameters
+          subject and issuer must be X509 objects.
 
    NetscapeSPKIType
-          A Python type object representing the NetscapeSPKI object type.
+          See NetscapeSPKI.
 
-   NetscapeSPKI([enc])
-          Factory function that creates a NetscapeSPKI object. If the enc
-          argument is present, it should be a base64-encoded string
-          representing a NetscapeSPKI object, as returned by the
+   class NetscapeSPKI([enc])
+          A class representing Netscape SPKI objects.
+
+          If the enc argument is present, it should be a base64-encoded
+          string representing a NetscapeSPKI object, as returned by the
           b64_encode method.
 
    FILETYPE_PEM
@@ -227,7 +234,10 @@
 
    load_pkcs12(buffer[, passphrase])
           Load pkcs12 data from the string buffer. If the pkcs12 structure
-          is encrypted, a passphrase must be included.
+          is encrypted, a passphrase must be included. The MAC is always
+          checked and thus required.
+
+          See also the man page for the C function PKCS12_parse.
 
 
   3.1.1 X509 objects
@@ -455,16 +465,41 @@
 
    PKCS12 objects have the following methods:
 
-   get_certificate()
-          Return certificate portion of the PKCS12 structure.
+   export([passphrase=None][, iter=2048][, maciter=1])
+          Returns a PKCS12 object as a string.
 
-   get_privatekey()
-          Return private key portion of the PKCS12 structure
+          The optional passphrase must be a string not a callback.
+
+          See also the man page for the C function PKCS12_create.
 
    get_ca_certificates()
           Return CA certificates within the PKCS12 object as a tuple.
           Returns None if no CA certificates are present.
 
+   get_certificate()
+          Return certificate portion of the PKCS12 structure.
+
+   get_friendlyname()
+          Return friendlyName portion of the PKCS12 structure.
+
+   get_privatekey()
+          Return private key portion of the PKCS12 structure
+
+   set_ca_certificates(cacerts)
+          Replace or set the CA certificates within the PKCS12 object with
+          the sequence cacerts.
+
+          Set cacerts to None to remove all CA certificates.
+
+   set_certificate(cert)
+          Replace or set the certificate portion of the PKCS12 structure.
+
+   set_friendlyname(name)
+          Replace or set the friendlyName portion of the PKCS12 structure.
+
+   set_privatekey(pkey)
+          Replace or set private key portion of the PKCS12 structure
+
 
   3.1.8 X509Extension objects
 
@@ -511,6 +546,16 @@
           contained in string, measured in bytes. For more information,
           see e.g. RFC 1750.
 
+   bytes(num_bytes)
+          Get some random bytes from the PRNG as a string.
+
+          This is a wrapper for the C function RAND_bytes.
+
+   cleanup()
+          Erase the memory used by the PRNG.
+
+          This is a wrapper for the C function RAND_cleanup.
+
    egd(path[, bytes])
           Query the Entropy Gathering Daemon^2 on socket path for bytes
           bytes of random data and and uses add to seed the PRNG. The
@@ -538,6 +583,17 @@
           path. This file can then be used with load_file to seed the PRNG
           again.
 
+   exception Error
+          If the current RAND method supports any errors, this is raised
+          when needed. The default method does not raise this when the
+          entropy pool is depleted.
+
+          Whenever this exception is raised directly, it has a list of
+          error messages from the OpenSSL error queue, where each item is
+          a tuple (lib, function, reason). Here lib, function and reason
+          are all strings, describing where and what the problem is. See
+          err(3) for more information.
+
 
 3.3 SSL -- An interface to the SSL-specific parts of OpenSSL
 
@@ -587,19 +643,25 @@
           want to use SSLv2.
 
    ContextType
-          A Python type object representing the Context object type.
+          See Context.
 
-   Context(method)
-          Factory function that creates a new Context object given an SSL
-          method. The method should be SSLv2_METHOD, SSLv3_METHOD,
-          SSLv23_METHOD or TLSv1_METHOD.
+   class Context(method)
+          A class representing SSL contexts. Contexts define the
+          parameters of one or more SSL connections.
+
+          method should be SSLv2_METHOD, SSLv3_METHOD, SSLv23_METHOD or
+          TLSv1_METHOD.
 
    ConnectionType
-          A Python type object representing the Connection object type.
+          See Connection.
 
-   Connection(context, socket)
-          Factory fucnction that creates a new Connection object given an
-          SSL context and a socket ^3 object.
+   class Connection(context, socket)
+          A class representing SSL connections.
+
+          context should be an instance of Context and socket should be a
+          socket ^3 object. socket may be None; in this case, the
+          Connection is created with a memory BIO: see the bio_read,
+          bio_write, and bio_shutdown methods.
 
    exception Error
           This exception is used as a base class for the other SSL-related
@@ -627,8 +689,17 @@
           called again later, with the same arguments. Any I/O method can
           lead to this since new handshakes can occur at any time.
 
+          The wanted read is for dirty data sent over the network, not the
+          clean data inside the tunnel. For a socket based SSL connection,
+          read means data coming at us over the network. Until that read
+          succeeds, the attempted OpenSSL.SSL.Connection.recv,
+          OpenSSL.SSL.Connection.send, or
+          OpenSSL.SSL.Connection.do_handshake is prevented or incomplete.
+          You probably want to select() on the socket before trying again.
+
    exception WantWriteError
-          See WantReadError.
+          See WantReadError. The socket send buffer may be too full to
+          write more data.
 
    exception WantX509LookupError
           The operation did not complete because an application callback
@@ -676,6 +747,22 @@
           Read a file with PEM-formatted certificates that will be sent to
           the client when requesting a client certificate.
 
+   set_client_ca_list(certificate_authorities)
+          Replace the current list of preferred certificate signers that
+          would be sent to the client when requesting a client certificate
+          with the certificate_authorities sequence of
+          OpenSSL.crypto.X509Names.
+
+          New in version 0.10.
+
+   add_client_ca(certificate_authority)
+          Extract a OpenSSL.crypto.X509Name from the certificate_authority
+          OpenSSL.crypto.X509 certificate and add it to the list of
+          preferred certificate signers sent to the client when requesting
+          a client certificate.
+
+          New in version 0.10.
+
    load_verify_locations(pemfile, capath)
           Specify where CA certificates for verification purposes are
           located. These are trusted certificates. Note that the
@@ -827,6 +914,19 @@
           parameter and just return a string, but not it returns the
           entire list in one go.
 
+   get_client_ca_list()
+          Retrieve the list of preferred client certificate issuers sent
+          by the server as OpenSSL.crypto.X509Name objects.
+
+          If this is a client Connection, the list will be empty until the
+          connection with the server is established.
+
+          If this is a server Connection, return the list of certificate
+          authorities that will be sent or has been sent to the client, as
+          controlled by this Connection's Context.
+
+          New in version 0.10.
+
    get_context()
           Retrieve the Context object associated with this Connection.
 
@@ -851,6 +951,12 @@
           representing the data received. The maximum amount of data to be
           received at once, is specified by bufsize.
 
+   bio_write(bytes)
+          If the Connection was created with a memory BIO, this method can
+          be used to add bytes to the read end of that memory BIO. The
+          Connection can then read the bytes (for example, in response to
+          a call to recv).
+
    renegotiate()
           Renegotiate the SSL session. Call this if you wish to change
           cipher suites or anything like that.
@@ -858,6 +964,13 @@
    send(string)
           Send the string data to the Connection.
 
+   bio_read(bufsize)
+          If the Connection was created with a memory BIO, this method can
+          be used to read bytes from the write end of that memory BIO.
+          Many Connection methods will add bytes which must be read in
+          this manner or the buffer will eventually fill up and the
+          Connection will be able to take no further actions.
+
    sendall(string)
           Send all of the string data to the Connection. This calls send
           repeatedly until all data is sent. If an error occurs, it's
@@ -898,9 +1011,23 @@
    sock_shutdown(how)
           Call the shutdown method of the underlying socket.
 
+   bio_shutdown()
+          If the Connection was created with a memory BIO, this method can
+          be used to indicate that ``end of file'' has been reached on the
+          read end of that memory BIO.
+
    state_string()
           Retrieve a verbose string detailing the state of the Connection.
 
+   client_random()
+          Retrieve the random value used with the client hello message.
+
+   server_random()
+          Retrieve the random value used with the server hello message.
+
+   master_key()
+          Retrieve the value of the master key for this session.
+
    want_read()
           Checks if more data has to be read from the transport layer to
           complete an operation.
@@ -1031,4 +1158,4 @@
                             Python OpenSSL Manual
      __________________________________________________________________
 
-   Release 0.9.
+   Release 0.10.
diff --git a/setup.py b/setup.py
index 7011f9d..9cb4364 100755
--- a/setup.py
+++ b/setup.py
@@ -11,10 +11,13 @@
 Installation script for the OpenSSL module
 """
 
+import distutils.log
+distutils.log.set_verbosity(3)
+
 import sys, os
 from distutils.core import Extension, setup
-
-from glob import glob
+from distutils.errors import DistutilsFileError
+from distutils.command.build_ext import build_ext
 
 from version import __version__
 
@@ -46,25 +49,143 @@
 if os.name == 'nt' or sys.platform == 'win32':
 
     Libraries = ['Ws2_32']
-    def makeTellMeIf(original, what):
-        class tellMeIf(original):
-            def __init__(*a, **kw):
-                Libraries.extend(what)
-                return original.__init__(*a, **kw)
-        return tellMeIf
 
-    from distutils import cygwinccompiler
-    cygwinccompiler.Mingw32CCompiler = makeTellMeIf(cygwinccompiler.Mingw32CCompiler, ['eay32', 'ssl32'])
-    from distutils import msvccompiler
-    msvccompiler.MSVCCompiler = makeTellMeIf(msvccompiler.MSVCCompiler, ['libeay32', 'ssleay32'])
 
-    import shutil
-    shutil.copy("C:\\OpenSSL\\ssleay32.dll", os.path.split(os.path.abspath(__file__))[0])
-    shutil.copy("C:\\OpenSSL\\libeay32.dll", os.path.split(os.path.abspath(__file__))[0])
-    package_data = {'': ['ssleay32.dll', 'libeay32.dll']}
+
+    class BuildExtension(build_ext):
+        """
+        A custom command that semiautomatically finds dependencies required by
+        PyOpenSSL.
+        """
+
+        user_options = (build_ext.user_options +
+                        [("with-openssl=", None,
+                          "directory where OpenSSL is installed")])
+        with_openssl = None
+        openssl_dlls = ()
+        openssl_mingw = False
+
+
+        def finalize_options(self):
+            """
+            Update build options with details about OpenSSL.
+            """
+            build_ext.finalize_options(self)
+            if self.with_openssl is None:
+                self.find_openssl()
+            self.find_openssl_dlls()
+            self.add_openssl_compile_info()
+
+
+        def find_openssl(self):
+            """
+            Find OpenSSL's install directory.
+            """
+            potentials = []
+            dirs = os.environ.get("PATH").split(os.pathsep)
+            for d in dirs:
+                if os.path.exists(os.path.join(d, "openssl.exe")):
+                    ssldir, bin = os.path.split(d)
+                    if not bin:
+                        ssldir, bin = os.path.split(ssldir)
+                    potentials.append(ssldir)
+                    childdirs = os.listdir(ssldir)
+                    if "lib" in childdirs and "include" in childdirs:
+                        self.with_openssl = ssldir
+                        return
+            if potentials:
+                raise DistutilsFileError(
+                    "Only found improper OpenSSL directories: %r" % (
+                        potentials,))
+            else:
+                raise DistutilsFileError("Could not find 'openssl.exe'")
+
+
+        def find_openssl_dlls(self):
+            """
+            Find OpenSSL's shared libraries.
+            """
+            self.openssl_dlls = []
+            self.find_openssl_dll("libssl32.dll", False)
+            if self.openssl_dlls:
+                self.openssl_mingw = True
+            else:
+                self.find_openssl_dll("ssleay32.dll", True)
+            self.find_openssl_dll("libeay32.dll", True)
+            # add zlib to the mix if it looks like OpenSSL
+            # was linked with a private copy of it
+            self.find_openssl_dll("zlib1.dll", False)
+
+
+        def find_openssl_dll(self, name, required):
+            """
+            Find OpenSSL's shared library and its path after installation.
+            """
+            dllpath = os.path.join(self.with_openssl, "bin", name)
+            if not os.path.exists(dllpath):
+                if required:
+                    raise DistutilsFileError("could not find '%s'" % name)
+                else:
+                    return
+            newpath = os.path.join(self.build_lib, "OpenSSL", name)
+            self.openssl_dlls.append((dllpath, newpath))
+
+
+        def add_openssl_compile_info(self):
+            """
+            Set up various compile and link parameters.
+            """
+            if self.compiler == "mingw32":
+                if self.openssl_mingw:
+                    # Library path and library names are sane when OpenSSL is
+                    # built with MinGW .
+                    libdir = "lib"
+                    libs = ["eay32", "ssl32"]
+                else:
+                    libdir = ""
+                    libs = []
+                    # Unlike when using the binary installer, which creates
+                    # an atypical shared library name 'ssleay32', so we have
+                    # to use this workaround.
+                    if self.link_objects is None:
+                        self.link_objects = []
+                    for dllpath, _ in self.openssl_dlls:
+                        dllname = os.path.basename(dllpath)
+                        libname = os.path.splitext(dllname)[0] + ".a"
+                        libpath = os.path.join(self.with_openssl,
+                                               "lib", "MinGW", libname)
+                        self.link_objects.append(libpath)
+            else:
+                libdir = "lib"
+                libs = ["libeay32", "ssleay32"]
+            self.include_dirs.append(os.path.join(self.with_openssl, "include"))
+            self.library_dirs.append(os.path.join(self.with_openssl, libdir))
+            self.libraries.extend(libs)
+
+
+        def run(self):
+            """
+            Build extension modules and copy shared libraries.
+            """
+            build_ext.run(self)
+            for dllpath, newpath in self.openssl_dlls:
+                self.copy_file(dllpath, newpath)
+
+
+        def get_outputs(self):
+            """
+            Return a list of file paths built by this comand.
+            """
+            output = [pathpair[1] for pathpair in self.openssl_dlls]
+            output.extend(build_ext.get_outputs(self))
+            return output
+
+
+
 else:
     Libraries = ['ssl', 'crypto']
-    package_data = {}
+    BuildExtension = build_ext
+
 
 
 def mkExtension(name):
@@ -87,7 +208,7 @@
                      'OpenSSL.test.test_rand',
                      'OpenSSL.test.test_ssl'],
       zip_safe = False,
-      package_data = package_data,
+      cmdclass = {"build_ext": BuildExtension},
       description = 'Python wrapper module around the OpenSSL library',
       author = 'Martin Sjögren, AB Strakt',
       author_email = 'msjogren@gmail.com',
diff --git a/src/crypto/crypto.c b/src/crypto/crypto.c
index a3ce9a9..981d478 100644
--- a/src/crypto/crypto.c
+++ b/src/crypto/crypto.c
@@ -12,6 +12,7 @@
 #include <Python.h>
 #define crypto_MODULE
 #include "crypto.h"
+#include "pkcs12.h"
 
 static char crypto_doc[] = "\n\
 Main file of crypto sub module.\n\
@@ -540,7 +541,6 @@
 static PyObject *
 crypto_load_pkcs12(PyObject *spam, PyObject *args)
 {
-    crypto_PKCS12Obj *crypto_PKCS12_New(PKCS12 *, char *);
     int len;
     char *buffer, *passphrase = NULL;
     BIO *bio;
diff --git a/src/crypto/pkcs12.c b/src/crypto/pkcs12.c
index 28ea2fe..2302242 100644
--- a/src/crypto/pkcs12.c
+++ b/src/crypto/pkcs12.c
@@ -3,9 +3,9 @@
  *
  * Copyright (C) AB Strakt 2001, All rights reserved
  *
- * Certificate transport (PKCS12) handling code, 
+ * Certificate transport (PKCS12) handling code,
  * mostly thin wrappers around OpenSSL.
- * See the file RATIONALE for a short explanation of why 
+ * See the file RATIONALE for a short explanation of why
  * this module was written.
  *
  * Reviewed 2001-07-23
@@ -14,12 +14,13 @@
 #define crypto_MODULE
 #include "crypto.h"
 
-/* 
- * PKCS12 is a standard exchange format for digital certificates.  
+/*
+ * PKCS12 is a standard exchange format for digital certificates.
  * See e.g. the OpenSSL homepage http://www.openssl.org/ for more information
  */
 
 static void crypto_PKCS12_dealloc(crypto_PKCS12Obj *self);
+static int crypto_PKCS12_clear(crypto_PKCS12Obj *self);
 
 static char crypto_PKCS12_get_certificate_doc[] = "\n\
 Return certificate portion of the PKCS12 structure\n\
@@ -36,19 +37,77 @@
     return self->cert;
 }
 
+static char crypto_PKCS12_set_certificate_doc[] = "\n\
+Replace the certificate portion of the PKCS12 structure\n\
+\n\
+@param cert: The new certificate.\n\
+@type cert: L{X509} or L{NoneType}\n\
+@return: None\n\
+";
+static PyObject *
+crypto_PKCS12_set_certificate(crypto_PKCS12Obj *self, PyObject *args, PyObject *keywds) {
+    PyObject *cert = NULL;
+    static char *kwlist[] = {"cert", NULL};
+
+    if (!PyArg_ParseTupleAndKeywords(args, keywds, "O:set_certificate",
+        kwlist, &cert))
+        return NULL;
+
+    if (cert != Py_None && ! crypto_X509_Check(cert)) {
+        PyErr_SetString(PyExc_TypeError, "cert must be type X509 or None");
+        return NULL;
+    }
+
+    Py_INCREF(cert);  /* Make consistent before calling Py_DECREF() */
+    Py_DECREF(self->cert);
+    self->cert = cert;
+
+    Py_INCREF(Py_None);
+    return Py_None;
+}
+
 static char crypto_PKCS12_get_privatekey_doc[] = "\n\
 Return private key portion of the PKCS12 structure\n\
 \n\
 @returns: PKey object containing the private key\n\
 ";
-static PyObject *
+static crypto_PKeyObj *
 crypto_PKCS12_get_privatekey(crypto_PKCS12Obj *self, PyObject *args)
 {
     if (!PyArg_ParseTuple(args, ":get_privatekey"))
         return NULL;
 
     Py_INCREF(self->key);
-    return self->key;
+    return (crypto_PKeyObj *) self->key;
+}
+
+static char crypto_PKCS12_set_privatekey_doc[] = "\n\
+Replace or set the certificate portion of the PKCS12 structure\n\
+\n\
+@param pkey: The new private key.\n\
+@type pkey: L{PKey}\n\
+@return: None\n\
+";
+static PyObject *
+crypto_PKCS12_set_privatekey(crypto_PKCS12Obj *self, PyObject *args, PyObject *keywds) {
+    PyObject *pkey = NULL;
+    static char *kwlist[] = {"pkey", NULL};
+
+    if (!PyArg_ParseTupleAndKeywords(args, keywds, "O:set_privatekey",
+        kwlist, &pkey))
+        return NULL;
+
+    if (pkey != Py_None && ! crypto_PKey_Check(pkey)) {
+        PyErr_SetString(PyExc_TypeError, "pkey must be type X509 or None");
+        return NULL;
+    }
+
+    Py_INCREF(pkey);  /* Make consistent before calling Py_DECREF() */
+    Py_DECREF(self->key);
+    self->key = pkey;
+
+    Py_INCREF(Py_None);
+    return Py_None;
 }
 
 static char crypto_PKCS12_get_ca_certificates_doc[] = "\n\
@@ -67,6 +126,163 @@
     return self->cacerts;
 }
 
+static char crypto_PKCS12_set_ca_certificates_doc[] = "\n\
+Replace or set the CA certificates withing the PKCS12 object.\n\
+\n\
+@param cacerts: The new CA certificates.\n\
+@type cacerts: Iterable of L{X509} or L{NoneType}\n\
+@return: None\n\
+";
+static PyObject *
+crypto_PKCS12_set_ca_certificates(crypto_PKCS12Obj *self, PyObject *args, PyObject *keywds)
+{
+    PyObject *obj;
+    PyObject *cacerts;
+    static char *kwlist[] = {"cacerts", NULL};
+    int i, len; /* Py_ssize_t for Python 2.5+ */
+
+    if (!PyArg_ParseTupleAndKeywords(args, keywds, "O:set_ca_certificates",
+        kwlist, &cacerts))
+        return NULL;
+    if (cacerts == Py_None) {
+        Py_INCREF(cacerts);
+    } else {
+        /* It's iterable */
+        cacerts = PySequence_Tuple(cacerts);
+        if (cacerts == NULL) {
+            return NULL;
+        }
+        len = PyTuple_Size(cacerts);
+
+        /* Check is's a simple list filled only with X509 objects. */
+        for (i = 0; i < len; i++) {
+            obj = PyTuple_GetItem(cacerts, i);
+            if (!crypto_X509_Check(obj)) {
+                Py_DECREF(cacerts);
+                PyErr_SetString(PyExc_TypeError, "iterable must only contain X509Type");
+                return NULL;
+            }
+        }
+    }
+
+    Py_DECREF(self->cacerts);
+    self->cacerts = cacerts;
+
+    Py_INCREF(Py_None);
+    return Py_None;
+}
+
+static char crypto_PKCS12_get_friendlyname_doc[] = "\n\
+Return friendly name portion of the PKCS12 structure\n\
+\n\
+@returns: String containing the friendlyname\n\
+";
+static PyObject *
+crypto_PKCS12_get_friendlyname(crypto_PKCS12Obj *self, PyObject *args) {
+    if (!PyArg_ParseTuple(args, ":get_friendlyname"))
+        return NULL;
+
+    Py_INCREF(self->friendlyname);
+    return (PyObject *) self->friendlyname;
+}
+
+static char crypto_PKCS12_set_friendlyname_doc[] = "\n\
+Replace or set the certificate portion of the PKCS12 structure\n\
+\n\
+@param name: The new friendly name.\n\
+@type name: L{str}\n\
+@return: None\n\
+";
+static PyObject *
+crypto_PKCS12_set_friendlyname(crypto_PKCS12Obj *self, PyObject *args, PyObject *keywds) {
+    PyObject *name = NULL;
+    static char *kwlist[] = {"name", NULL};
+
+    if (!PyArg_ParseTupleAndKeywords(args, keywds, "O:set_friendlyname",
+        kwlist, &name))
+        return NULL;
+
+    if (name != Py_None && ! PyString_CheckExact(name)) {
+        PyErr_SetString(PyExc_TypeError, "name must be a str or None");
+        return NULL;
+    }
+
+    Py_INCREF(name);  /* Make consistent before calling Py_DECREF() */
+    Py_DECREF(self->friendlyname);
+    self->friendlyname = name;
+
+    Py_INCREF(Py_None);
+    return Py_None;
+}
+
+static char crypto_PKCS12_export_doc[] = "\n\
+export([passphrase=None][, friendly_name=None][, iter=2048][, maciter=1]\n\
+Dump a PKCS12 object as a string.  See also \"man PKCS12_create\".\n\
+\n\
+@param passphrase: used to encrypt the PKCS12\n\
+@type passphrase: L{str}\n\
+@param iter: How many times to repeat the encryption\n\
+@type iter: L{int}\n\
+@param maciter: How many times to repeat the MAC\n\
+@type maciter: L{int}\n\
+@return: The string containing the PKCS12\n\
+";
+static PyObject *
+crypto_PKCS12_export(crypto_PKCS12Obj *self, PyObject *args, PyObject *keywds) {
+    int i; /* Py_ssize_t for Python 2.5+ */
+    PyObject *obj;
+    int buf_len;
+    PyObject *buffer;
+    char *temp, *passphrase = NULL, *friendly_name = NULL;
+    BIO *bio;
+    PKCS12 *p12;
+    EVP_PKEY *pkey = NULL;
+    STACK_OF(X509) *cacerts = NULL;
+    X509 *x509 = NULL;
+    int iter = 0;  /* defaults to PKCS12_DEFAULT_ITER */
+    int maciter = 0;
+    static char *kwlist[] = {"passphrase", "iter", "maciter", NULL};
+
+    if (!PyArg_ParseTupleAndKeywords(args, keywds, "|zii:export",
+        kwlist, &passphrase, &iter, &maciter))
+        return NULL;
+
+    if (self->key != Py_None) {
+        pkey = ((crypto_PKeyObj*) self->key)->pkey;
+    }
+    if (self->cert != Py_None) {
+        x509 = ((crypto_X509Obj*) self->cert)->x509;
+    }
+    if (self->cacerts != Py_None) {
+        cacerts = sk_X509_new_null();
+        for (i = 0; i < PyTuple_Size(self->cacerts); i++) {  /* For each CA cert */
+            obj = PySequence_GetItem(self->cacerts, i);
+            /* assert(PyObject_IsInstance(obj, (PyObject *) &crypto_X509_Type )); */
+            sk_X509_push(cacerts, (( crypto_X509Obj* ) obj)->x509);
+            Py_DECREF(obj);
+        }
+    }
+    if (self->friendlyname != Py_None) {
+        friendly_name = PyString_AsString(self->friendlyname);
+    }
+
+    p12 = PKCS12_create(passphrase, friendly_name, pkey, x509, cacerts,
+                        NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
+                        NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
+                        iter, maciter, 0);
+    sk_X509_free(cacerts); /* NULL safe.  Free just the container. */
+    if (p12 == NULL) {
+        exception_from_error_queue(crypto_Error);
+        return NULL;
+    }
+    bio = BIO_new(BIO_s_mem());
+    i2d_PKCS12_bio(bio, p12);
+    buf_len = BIO_get_mem_data(bio, &temp);
+    buffer = PyString_FromStringAndSize(temp, buf_len);
+    BIO_free(bio);
+    return buffer;
+}
+
 /*
  * ADD_METHOD(name) expands to a correct PyMethodDef declaration
  *   {  'name', (PyCFunction)crypto_PKCS12_name, METH_VARARGS, crypto_PKCS12_name_doc }
@@ -74,11 +290,19 @@
  */
 #define ADD_METHOD(name)        \
     { #name, (PyCFunction)crypto_PKCS12_##name, METH_VARARGS, crypto_PKCS12_##name##_doc }
+#define ADD_KW_METHOD(name)        \
+    { #name, (PyCFunction)crypto_PKCS12_##name, METH_VARARGS | METH_KEYWORDS, crypto_PKCS12_##name##_doc }
 static PyMethodDef crypto_PKCS12_methods[] =
 {
     ADD_METHOD(get_certificate),
+    ADD_KW_METHOD(set_certificate),
     ADD_METHOD(get_privatekey),
+    ADD_KW_METHOD(set_privatekey),
     ADD_METHOD(get_ca_certificates),
+    ADD_KW_METHOD(set_ca_certificates),
+    ADD_METHOD(get_friendlyname),
+    ADD_KW_METHOD(set_friendlyname),
+    ADD_KW_METHOD(export),
     { NULL, NULL }
 };
 #undef ADD_METHOD
@@ -88,16 +312,18 @@
  * The strategy for this object is to create all the Python objects
  * corresponding to the cert/key/CA certs right away
  *
- * Arguments: p12        - A "real" PKCS12 object
+ * Arguments: p12        - A "real" PKCS12 object or NULL
  *            passphrase - Passphrase to use when decrypting the PKCS12 object
  * Returns:   The newly created PKCS12 object
  */
 crypto_PKCS12Obj *
-crypto_PKCS12_New(PKCS12 *p12, char *passphrase)
-{
-    crypto_PKCS12Obj *self;
+crypto_PKCS12_New(PKCS12 *p12, char *passphrase) {
+    crypto_PKCS12Obj *self = NULL;
     PyObject *cacertobj = NULL;
 
+    unsigned char *alias_str;
+    int alias_len;
+
     X509 *cert = NULL;
     EVP_PKEY *pkey = NULL;
     STACK_OF(X509) *cacerts = NULL;
@@ -105,55 +331,113 @@
     int i, cacert_count = 0;
 
     /* allocate space for the CA cert stack */
-    cacerts = sk_X509_new_null();
-
-    /* parse the PKCS12 lump */
-    if (!(cacerts && PKCS12_parse(p12, passphrase, &pkey, &cert, &cacerts)))
-    {
-        exception_from_error_queue(crypto_Error);
-        return NULL;
+    if((cacerts = sk_X509_new_null()) == NULL) {
+        goto error;   /* out of memory? */
     }
 
-    if (!(self = PyObject_GC_New(crypto_PKCS12Obj, &crypto_PKCS12_Type)))
-        return NULL;
-
-    self->cert = NULL;
-    self->key = NULL;
-    Py_INCREF(Py_None);
-    self->cacerts = Py_None;
-
-    if ((self->cert = (PyObject *)crypto_X509_New(cert, 1)) == NULL)
+    /* parse the PKCS12 lump */
+    if (p12 && !PKCS12_parse(p12, passphrase, &pkey, &cert, &cacerts)) {
+        /*
+         * If PKCS12_parse fails, and it allocated cacerts, it seems to free
+         * cacerts, but not re-NULL the pointer.  Zounds!  Make sure it is
+         * re-set to NULL here, else we'll have a double-free below.
+         */
+        cacerts = NULL;
+        exception_from_error_queue(crypto_Error);
         goto error;
+    }
 
-    if ((self->key = (PyObject *)crypto_PKey_New(pkey, 1)) == NULL)
+    if (!(self = PyObject_GC_New(crypto_PKCS12Obj, &crypto_PKCS12_Type))) {
         goto error;
+    }
 
-    /* Make a tuple for the CA certs */
-    cacert_count = sk_X509_num(cacerts);
-    if (cacert_count > 0)
-    {
-        Py_DECREF(self->cacerts);
-        if ((self->cacerts = PyTuple_New(cacert_count)) == NULL)
+    /* client certificate and friendlyName */
+    if (cert == NULL) {
+        Py_INCREF(Py_None);
+        self->cert = Py_None;
+        Py_INCREF(Py_None);
+        self->friendlyname = Py_None;
+    } else {
+        if ((self->cert = (PyObject *)crypto_X509_New(cert, 1)) == NULL) {
             goto error;
+        }
 
-        for (i = 0; i < cacert_count; i++)
-        {
-            cert = sk_X509_value(cacerts, i);
-            if ((cacertobj = (PyObject *)crypto_X509_New(cert, 1)) == NULL)
+        /*  Now we need to extract the friendlyName of the PKCS12
+         *  that was stored by PKCS_parse() in the alias of the
+         *  certificate. */
+        alias_str = X509_alias_get0(cert, &alias_len);
+        if (alias_str) {
+            if (!(self->friendlyname = Py_BuildValue("s#", alias_str, alias_len))) {
+                /*
+                 * XXX Untested
+                 */
                 goto error;
+            }
+            /* success */
+        } else {
+            Py_INCREF(Py_None);
+            self->friendlyname = Py_None;
+        }
+    }
+
+    /* private key */
+    if (pkey == NULL) {
+        Py_INCREF(Py_None);
+        self->key = Py_None;
+    } else {
+        if ((self->key = (PyObject *)crypto_PKey_New(pkey, 1)) == NULL)
+            goto error;
+    }
+
+    /* CA certs */
+    cacert_count = sk_X509_num(cacerts);
+    if (cacert_count <= 0) {
+        Py_INCREF(Py_None);
+        self->cacerts = Py_None;
+    } else {
+        if ((self->cacerts = PyTuple_New(cacert_count)) == NULL) {
+            goto error;
+        }
+
+        for (i = 0; i < cacert_count; i++) {
+            cert = sk_X509_value(cacerts, i);
+            if ((cacertobj = (PyObject *)crypto_X509_New(cert, 1)) == NULL) {
+                goto error;
+            }
             PyTuple_SET_ITEM(self->cacerts, i, cacertobj);
         }
     }
 
-    sk_X509_free(cacerts); /* don't free the certs, just the stack */
+    sk_X509_free(cacerts); /* Don't free the certs, just the container. */
     PyObject_GC_Track(self);
 
     return self;
+
 error:
-    crypto_PKCS12_dealloc(self);
+    sk_X509_free(cacerts); /* NULL safe. Free just the container. */
+    if (self) {
+        crypto_PKCS12_clear(self);
+        PyObject_GC_Del(self);
+    }
     return NULL;
 }
 
+static char crypto_PKCS12_doc[] = "\n\
+PKCS12() -> PKCS12 instance\n\
+\n\
+Create a new empty PKCS12 object.\n\
+\n\
+@returns: The PKCS12 object\n\
+";
+static PyObject *
+crypto_PKCS12_new(PyTypeObject *subtype, PyObject *args, PyObject *kwargs) {
+    if (!PyArg_ParseTuple(args, ":PKCS12")) {
+        return NULL;
+    }
+
+    return (PyObject *)crypto_PKCS12_New(NULL, NULL);
+}
+
 /*
  * Find attribute
  *
@@ -188,6 +472,8 @@
         ret = visit(self->key, arg);
     if (ret == 0 && self->cacerts != NULL)
         ret = visit(self->cacerts, arg);
+    if (ret == 0 && self->friendlyname != NULL)
+        ret = visit(self->friendlyname, arg);
     return ret;
 }
 
@@ -206,6 +492,8 @@
     self->key = NULL;
     Py_XDECREF(self->cacerts);
     self->cacerts = NULL;
+    Py_XDECREF(self->friendlyname);
+    self->friendlyname = NULL;
     return 0;
 }
 
@@ -245,9 +533,24 @@
     NULL, /* setattro */
     NULL, /* as_buffer */
     Py_TPFLAGS_DEFAULT | Py_TPFLAGS_HAVE_GC,
-    NULL, /* doc */
+    crypto_PKCS12_doc,
     (traverseproc)crypto_PKCS12_traverse,
     (inquiry)crypto_PKCS12_clear,
+    NULL, /* tp_richcompare */
+    0, /* tp_weaklistoffset */
+    NULL, /* tp_iter */
+    NULL, /* tp_iternext */
+    crypto_PKCS12_methods, /* tp_methods */
+    NULL, /* tp_members */
+    NULL, /* tp_getset */
+    NULL, /* tp_base */
+    NULL, /* tp_dict */
+    NULL, /* tp_descr_get */
+    NULL, /* tp_descr_set */
+    0, /* tp_dictoffset */
+    NULL, /* tp_init */
+    NULL, /* tp_alloc */
+    crypto_PKCS12_new, /* tp_new */
 };
 
 /*
@@ -262,10 +565,13 @@
         return 0;
     }
 
+    if (PyModule_AddObject(module, "PKCS12", (PyObject *)&crypto_PKCS12_Type) != 0) {
+        return 0;
+    }
+
     if (PyModule_AddObject(module, "PKCS12Type", (PyObject *)&crypto_PKCS12_Type) != 0) {
         return 0;
     }
 
     return 1;
 }
-
diff --git a/src/crypto/pkcs12.h b/src/crypto/pkcs12.h
index 32c9ec4..3abfa52 100644
--- a/src/crypto/pkcs12.h
+++ b/src/crypto/pkcs12.h
@@ -22,9 +22,18 @@
 
 typedef struct {
     PyObject_HEAD
+    /*
+     * These either refer to a PyObject* of the appropriate type, or Py_None if
+     * they don't have a value.  They aren't set to NULL except during
+     * finalization.
+     */
     PyObject            *cert;
     PyObject            *key;
     PyObject            *cacerts;
+    PyObject            *friendlyname;
 } crypto_PKCS12Obj;
 
+crypto_PKCS12Obj *
+crypto_PKCS12_New(PKCS12 *p12, char *passphrase);
+
 #endif
diff --git a/src/ssl/connection.c b/src/ssl/connection.c
index e10989b..1c59ff3 100755
--- a/src/ssl/connection.c
+++ b/src/ssl/connection.c
@@ -829,6 +829,59 @@
     return lst;
 }
 
+static char ssl_Connection_get_client_ca_list_doc[] = "\n\
+Get CAs whose certificates are suggested for client authentication.\n\
+\n\
+@return: If this is a server connection, a list of X509Names representing\n\
+    the acceptable CAs as set by L{OpenSSL.SSL.Context.set_client_ca_list} or\n\
+    L{OpenSSL.SSL.Context.add_client_ca}.  If this is a client connection,\n\
+    the list of such X509Names sent by the server, or an empty list if that\n\
+    has not yet happened.\n\
+";
+
+static PyObject *
+ssl_Connection_get_client_ca_list(ssl_ConnectionObj *self, PyObject *args) {
+    STACK_OF(X509_NAME) *CANames;
+    PyObject *CAList;
+    int i, n;
+
+    if (!PyArg_ParseTuple(args, ":get_client_ca_list")) {
+        return NULL;
+    }
+    CANames = SSL_get_client_CA_list(self->ssl);
+    if (CANames == NULL) {
+        return PyList_New(0);
+    }
+    n = sk_X509_NAME_num(CANames);
+    CAList = PyList_New(n);
+    if (CAList == NULL) {
+        return NULL;
+    }
+    for (i = 0; i < n; i++) {
+        X509_NAME *CAName;
+        PyObject *CA;
+
+        CAName = X509_NAME_dup(sk_X509_NAME_value(CANames, i));
+        if (CAName == NULL) {
+            Py_DECREF(CAList);
+            exception_from_error_queue(ssl_Error);
+            return NULL;
+        }
+        CA = (PyObject *)crypto_X509Name_New(CAName, 1);
+        if (CA == NULL) {
+            X509_NAME_free(CAName);
+            Py_DECREF(CAList);
+            return NULL;
+        }
+        if (PyList_SetItem(CAList, i, CA)) {
+            Py_DECREF(CA);
+            Py_DECREF(CAList);
+            return NULL;
+        }
+    }
+    return CAList;
+}
+
 static char ssl_Connection_makefile_doc[] = "\n\
 The makefile() method is not implemented, since there is no dup semantics\n\
 for SSL connections\n\
@@ -1087,6 +1140,7 @@
     ADD_METHOD(bio_shutdown),
     ADD_METHOD(shutdown),
     ADD_METHOD(get_cipher_list),
+    ADD_METHOD(get_client_ca_list),
     ADD_METHOD(makefile),
     ADD_METHOD(get_app_data),
     ADD_METHOD(set_app_data),
diff --git a/src/ssl/context.c b/src/ssl/context.c
index df7411f..ebaf164 100644
--- a/src/ssl/context.c
+++ b/src/ssl/context.c
@@ -13,8 +13,10 @@
 
 #if PY_VERSION_HEX >= 0x02050000
 # define PYARG_PARSETUPLE_FORMAT const char
+# define PYOBJECT_GETATTRSTRING_TYPE const char*
 #else
 # define PYARG_PARSETUPLE_FORMAT char
+# define PYOBJECT_GETATTRSTRING_TYPE char*
 #endif
 
 #ifndef MS_WINDOWS
@@ -335,37 +337,64 @@
     return Py_None;
 }
 
+static PyTypeObject *
+type_modified_error(const char *name) {
+    PyErr_Format(PyExc_RuntimeError,
+                 "OpenSSL.crypto's '%s' attribute has been modified",
+                 name);
+    return NULL;
+}
+
+static PyTypeObject *
+import_crypto_type(const char *name, size_t objsize) {
+    PyObject *module, *type, *name_attr;
+    PyTypeObject *res;
+    int right_name;
+
+    module = PyImport_ImportModule("OpenSSL.crypto");
+    if (module == NULL) {
+        return NULL;
+    }
+    type = PyObject_GetAttrString(module, (PYOBJECT_GETATTRSTRING_TYPE)name);
+    Py_DECREF(module);
+    if (type == NULL) {
+        return NULL;
+    }
+    if (!(PyType_Check(type))) {
+        Py_DECREF(type);
+        return type_modified_error(name);
+    }
+    name_attr = PyObject_GetAttrString(type, "__name__");
+    if (name_attr == NULL) {
+        Py_DECREF(type);
+        return NULL;
+    }
+    right_name = (PyString_CheckExact(name_attr) &&
+                  strcmp(name, PyString_AsString(name_attr)) == 0);
+    Py_DECREF(name_attr);
+    res = (PyTypeObject *)type;
+    if (!right_name || res->tp_basicsize != objsize) {
+        Py_DECREF(type);
+        return type_modified_error(name);
+    }
+    return res;
+}
+
 static crypto_X509Obj *
-parse_certificate_argument(const char* format1, const char* format2, PyObject* args)
-{
+parse_certificate_argument(const char* format, PyObject* args) {
     static PyTypeObject *crypto_X509_type = NULL;
     crypto_X509Obj *cert;
 
-    /* We need to check that cert really is an X509 object before
-       we deal with it. The problem is we can't just quickly verify
-       the type (since that comes from another module). This should
-       do the trick (reasonably well at least): Once we have one
-       verified object, we use it's type object for future
-       comparisons. */
-
-    if (!crypto_X509_type)
-    {
-	if (!PyArg_ParseTuple(args, (PYARG_PARSETUPLE_FORMAT *)format1, &cert))
-	    return NULL;
-
-	if (strcmp(cert->ob_type->tp_name, "X509") != 0 || 
-	    cert->ob_type->tp_basicsize != sizeof(crypto_X509Obj))
-	{
-	    PyErr_SetString(PyExc_TypeError, "Expected an X509 object");
-	    return NULL;
-	}
-
-	crypto_X509_type = cert->ob_type;
+    if (!crypto_X509_type) {
+        crypto_X509_type = import_crypto_type("X509", sizeof(crypto_X509Obj));
+        if (!crypto_X509_type) {
+            return NULL;
+        }
     }
-    else
-	if (!PyArg_ParseTuple(args, (PYARG_PARSETUPLE_FORMAT *)format2, crypto_X509_type,
-			      &cert))
-	    return NULL;
+    if (!PyArg_ParseTuple(args, (PYARG_PARSETUPLE_FORMAT *)format,
+                          crypto_X509_type, &cert)) {
+        return NULL;
+    }
     return cert;
 }
 
@@ -381,7 +410,7 @@
 {
     X509* cert_original;
     crypto_X509Obj *cert = parse_certificate_argument(
-        "O:add_extra_chain_cert", "O!:add_extra_chain_cert", args);
+        "O!:add_extra_chain_cert", args);
     if (cert == NULL)
     {
         return NULL;
@@ -471,7 +500,7 @@
 ssl_Context_use_certificate(ssl_ContextObj *self, PyObject *args)
 {
     crypto_X509Obj *cert = parse_certificate_argument(
-        "O:use_certificate", "O!:use_certificate", args);
+        "O!:use_certificate", args);
     if (cert == NULL) {
         return NULL;
     }
@@ -533,43 +562,24 @@
 @return: None\n\
 ";
 static PyObject *
-ssl_Context_use_privatekey(ssl_ContextObj *self, PyObject *args)
-{
+ssl_Context_use_privatekey(ssl_ContextObj *self, PyObject *args) {
     static PyTypeObject *crypto_PKey_type = NULL;
     crypto_PKeyObj *pkey;
 
-    /* We need to check that cert really is a PKey object before
-       we deal with it. The problem is we can't just quickly verify
-       the type (since that comes from another module). This should
-       do the trick (reasonably well at least): Once we have one
-       verified object, we use it's type object for future
-       comparisons. */
-
-    if (!crypto_PKey_type)
-    {
-	if (!PyArg_ParseTuple(args, "O:use_privatekey", &pkey))
-	    return NULL;
-
-	if (strcmp(pkey->ob_type->tp_name, "OpenSSL.crypto.PKey") != 0 ||
-	    pkey->ob_type->tp_basicsize != sizeof(crypto_PKeyObj))
-	{
-	    PyErr_SetString(PyExc_TypeError, "Expected a PKey object");
-	    return NULL;
-	}
-
-	crypto_PKey_type = pkey->ob_type;
+    if (!crypto_PKey_type) {
+        crypto_PKey_type = import_crypto_type("PKey", sizeof(crypto_PKeyObj));
+        if (!crypto_PKey_type) {
+            return NULL;
+        }
     }
-    else
-    if (!PyArg_ParseTuple(args, "O!:use_privatekey", crypto_PKey_type, &pkey))
+    if (!PyArg_ParseTuple(args, "O!:use_privatekey", crypto_PKey_type, &pkey)) {
         return NULL;
+    }
 
-    if (!SSL_CTX_use_PrivateKey(self->ctx, pkey->pkey))
-    {
+    if (!SSL_CTX_use_PrivateKey(self->ctx, pkey->pkey)) {
         exception_from_error_queue(ssl_Error);
         return NULL;
-    }
-    else
-    {
+    } else {
         Py_INCREF(Py_None);
         return Py_None;
     }
@@ -789,6 +799,111 @@
     }
 }
 
+static char ssl_Context_set_client_ca_list_doc[] = "\n\
+Set the list of preferred client certificate signers for this server context.\n\
+\n\
+This list of certificate authorities will be sent to the client when the\n\
+server requests a client certificate.\n\
+\n\
+@param certificate_authorities: a sequence of X509Names.\n\
+@return: None\n\
+";
+
+static PyObject *
+ssl_Context_set_client_ca_list(ssl_ContextObj *self, PyObject *args)
+{
+    static PyTypeObject *X509NameType;
+    PyObject *sequence, *tuple, *item;
+    crypto_X509NameObj *name;
+    X509_NAME *sslname;
+    STACK_OF(X509_NAME) *CANames;
+    Py_ssize_t length;
+    int i;
+
+    if (X509NameType == NULL) {
+        X509NameType = import_crypto_type("X509Name", sizeof(crypto_X509NameObj));
+        if (X509NameType == NULL) {
+            return NULL;
+        }
+    }
+    if (!PyArg_ParseTuple(args, "O:set_client_ca_list", &sequence)) {
+        return NULL;
+    }
+    tuple = PySequence_Tuple(sequence);
+    if (tuple == NULL) {
+        return NULL;
+    }
+    length = PyTuple_Size(tuple);
+    if (length >= INT_MAX) {
+        PyErr_SetString(PyExc_ValueError, "client CA list is too long");
+        Py_DECREF(tuple);
+        return NULL;
+    }
+    CANames = sk_X509_NAME_new_null();
+    if (CANames == NULL) {
+        Py_DECREF(tuple);
+        exception_from_error_queue(ssl_Error);
+        return NULL;
+    }
+    for (i = 0; i < length; i++) {
+        item = PyTuple_GetItem(tuple, i);
+        if (item->ob_type != X509NameType) {
+            PyErr_Format(PyExc_TypeError,
+                         "client CAs must be X509Name objects, not %s objects",
+                         item->ob_type->tp_name);
+            sk_X509_NAME_free(CANames);
+            Py_DECREF(tuple);
+            return NULL;
+        }
+        name = (crypto_X509NameObj *)item;
+        sslname = X509_NAME_dup(name->x509_name);
+        if (sslname == NULL) {
+            sk_X509_NAME_free(CANames);
+            Py_DECREF(tuple);
+            exception_from_error_queue(ssl_Error);
+            return NULL;
+        }
+        if (!sk_X509_NAME_push(CANames, sslname)) {
+            X509_NAME_free(sslname);
+            sk_X509_NAME_free(CANames);
+            Py_DECREF(tuple);
+            exception_from_error_queue(ssl_Error);
+            return NULL;
+        }
+    }
+    Py_DECREF(tuple);
+    SSL_CTX_set_client_CA_list(self->ctx, CANames);
+    Py_INCREF(Py_None);
+    return Py_None;
+}
+
+static char ssl_Context_add_client_ca_doc[] = "\n\
+Add the CA certificate to the list of preferred signers for this context.\n\
+\n\
+The list of certificate authorities will be sent to the client when the\n\
+server requests a client certificate.\n\
+\n\
+@param certificate_authority: certificate authority's X509 certificate.\n\
+@return: None\n\
+";
+
+static PyObject *
+ssl_Context_add_client_ca(ssl_ContextObj *self, PyObject *args)
+{
+    crypto_X509Obj *cert;
+
+    cert = parse_certificate_argument("O!:add_client_ca", args);
+    if (cert == NULL) {
+        return NULL;
+    }
+    if (!SSL_CTX_add_client_CA(self->ctx, cert->x509)) {
+        exception_from_error_queue(ssl_Error);
+        return NULL;
+    }
+    Py_INCREF(Py_None);
+    return Py_None;
+}
+
 static char ssl_Context_set_timeout_doc[] = "\n\
 Set session timeout\n\
 \n\
@@ -960,6 +1075,8 @@
     ADD_METHOD(get_verify_depth),
     ADD_METHOD(load_tmp_dh),
     ADD_METHOD(set_cipher_list),
+    ADD_METHOD(set_client_ca_list),
+    ADD_METHOD(add_client_ca),
     ADD_METHOD(set_timeout),
     ADD_METHOD(get_timeout),
     ADD_METHOD(set_info_callback),
diff --git a/src/util.h b/src/util.h
index d9dc7d2..6724f5a 100644
--- a/src/util.h
+++ b/src/util.h
@@ -119,6 +119,10 @@
 }
 #endif
 
-
+#if !defined(PY_SSIZE_T_MIN)
+typedef int Py_ssize_t;
+#define PY_SSIZE_T_MAX INT_MAX
+#define PY_SSIZE_T_MIN INT_MIN
+#endif
 
 #endif
diff --git a/test/test_crypto.py b/test/test_crypto.py
index 641bdaa..ca65c78 100644
--- a/test/test_crypto.py
+++ b/test/test_crypto.py
@@ -6,6 +6,7 @@
 
 from unittest import main
 
+import os, re
 from os import popen2
 from datetime import datetime, timedelta
 
@@ -18,12 +19,115 @@
 from OpenSSL.crypto import dump_certificate, load_certificate_request
 from OpenSSL.crypto import dump_certificate_request, dump_privatekey
 from OpenSSL.crypto import PKCS7Type, load_pkcs7_data
-from OpenSSL.crypto import PKCS12Type, load_pkcs12
+from OpenSSL.crypto import PKCS12, PKCS12Type, load_pkcs12
 from OpenSSL.crypto import CRL, Revoked, load_crl
 from OpenSSL.crypto import NetscapeSPKI, NetscapeSPKIType
 from OpenSSL.test.util import TestCase
 
 
+root_cert_pem = """-----BEGIN CERTIFICATE-----
+MIIC7TCCAlagAwIBAgIIPQzE4MbeufQwDQYJKoZIhvcNAQEFBQAwWDELMAkGA1UE
+BhMCVVMxCzAJBgNVBAgTAklMMRAwDgYDVQQHEwdDaGljYWdvMRAwDgYDVQQKEwdU
+ZXN0aW5nMRgwFgYDVQQDEw9UZXN0aW5nIFJvb3QgQ0EwIhgPMjAwOTAzMjUxMjM2
+NThaGA8yMDE3MDYxMTEyMzY1OFowWDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAklM
+MRAwDgYDVQQHEwdDaGljYWdvMRAwDgYDVQQKEwdUZXN0aW5nMRgwFgYDVQQDEw9U
+ZXN0aW5nIFJvb3QgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPmaQumL
+urpE527uSEHdL1pqcDRmWzu+98Y6YHzT/J7KWEamyMCNZ6fRW1JCR782UQ8a07fy
+2xXsKy4WdKaxyG8CcatwmXvpvRQ44dSANMihHELpANTdyVp6DCysED6wkQFurHlF
+1dshEaJw8b/ypDhmbVIo6Ci1xvCJqivbLFnbAgMBAAGjgbswgbgwHQYDVR0OBBYE
+FINVdy1eIfFJDAkk51QJEo3IfgSuMIGIBgNVHSMEgYAwfoAUg1V3LV4h8UkMCSTn
+VAkSjch+BK6hXKRaMFgxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJJTDEQMA4GA1UE
+BxMHQ2hpY2FnbzEQMA4GA1UEChMHVGVzdGluZzEYMBYGA1UEAxMPVGVzdGluZyBS
+b290IENBggg9DMTgxt659DAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GB
+AGGCDazMJGoWNBpc03u6+smc95dEead2KlZXBATOdFT1VesY3+nUOqZhEhTGlDMi
+hkgaZnzoIq/Uamidegk4hirsCT/R+6vsKAAxNTcBjUeZjlykCJWy5ojShGftXIKY
+w/njVbKMXrvc83qmTdGl3TAM0fxQIpqgcglFLveEBgzn
+-----END CERTIFICATE-----
+"""
+
+root_key_pem = """-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQD5mkLpi7q6ROdu7khB3S9aanA0Zls7vvfGOmB80/yeylhGpsjA
+jWen0VtSQke/NlEPGtO38tsV7CsuFnSmschvAnGrcJl76b0UOOHUgDTIoRxC6QDU
+3claegwsrBA+sJEBbqx5RdXbIRGicPG/8qQ4Zm1SKOgotcbwiaor2yxZ2wIDAQAB
+AoGBAPCgMpmLxzwDaUmcFbTJUvlLW1hoxNNYSu2jIZm1k/hRAcE60JYwvBkgz3UB
+yMEh0AtLxYe0bFk6EHah11tMUPgscbCq73snJ++8koUw+csk22G65hOs51bVb7Aa
+6JBe67oLzdtvgCUFAA2qfrKzWRZzAdhUirQUZgySZk+Xq1pBAkEA/kZG0A6roTSM
+BVnx7LnPfsycKUsTumorpXiylZJjTi9XtmzxhrYN6wgZlDOOwOLgSQhszGpxVoMD
+u3gByT1b2QJBAPtL3mSKdvwRu/+40zaZLwvSJRxaj0mcE4BJOS6Oqs/hS1xRlrNk
+PpQ7WJ4yM6ZOLnXzm2mKyxm50Mv64109FtMCQQDOqS2KkjHaLowTGVxwC0DijMfr
+I9Lf8sSQk32J5VWCySWf5gGTfEnpmUa41gKTMJIbqZZLucNuDcOtzUaeWZlZAkA8
+ttXigLnCqR486JDPTi9ZscoZkZ+w7y6e/hH8t6d5Vjt48JVyfjPIaJY+km58LcN3
+6AWSeGAdtRFHVzR7oHjVAkB4hutvxiOeiIVQNBhM6RSI9aBPMI21DoX2JRoxvNW2
+cbvAhow217X9V0dVerEOKxnNYspXRrh36h7k4mQA+sDq
+-----END RSA PRIVATE KEY-----
+"""
+
+server_cert_pem = """-----BEGIN CERTIFICATE-----
+MIICKDCCAZGgAwIBAgIJAJn/HpR21r/8MA0GCSqGSIb3DQEBBQUAMFgxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJJTDEQMA4GA1UEBxMHQ2hpY2FnbzEQMA4GA1UEChMH
+VGVzdGluZzEYMBYGA1UEAxMPVGVzdGluZyBSb290IENBMCIYDzIwMDkwMzI1MTIz
+NzUzWhgPMjAxNzA2MTExMjM3NTNaMBgxFjAUBgNVBAMTDWxvdmVseSBzZXJ2ZXIw
+gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL6m+G653V0tpBC/OKl22VxOi2Cv
+lK4TYu9LHSDP9uDVTe7V5D5Tl6qzFoRRx5pfmnkqT5B+W9byp2NU3FC5hLm5zSAr
+b45meUhjEJ/ifkZgbNUjHdBIGP9MAQUHZa5WKdkGIJvGAvs8UzUqlr4TBWQIB24+
+lJ+Ukk/CRgasrYwdAgMBAAGjNjA0MB0GA1UdDgQWBBS4kC7Ij0W1TZXZqXQFAM2e
+gKEG2DATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQUFAAOBgQBh30Li
+dJ+NlxIOx5343WqIBka3UbsOb2kxWrbkVCrvRapCMLCASO4FqiKWM+L0VDBprqIp
+2mgpFQ6FHpoIENGvJhdEKpptQ5i7KaGhnDNTfdy3x1+h852G99f1iyj0RmbuFcM8
+uzujnS8YXWvM7DM1Ilozk4MzPug8jzFp5uhKCQ==
+-----END CERTIFICATE-----
+"""
+
+server_key_pem = """-----BEGIN RSA PRIVATE KEY-----
+MIICWwIBAAKBgQC+pvhuud1dLaQQvzipdtlcTotgr5SuE2LvSx0gz/bg1U3u1eQ+
+U5eqsxaEUceaX5p5Kk+QflvW8qdjVNxQuYS5uc0gK2+OZnlIYxCf4n5GYGzVIx3Q
+SBj/TAEFB2WuVinZBiCbxgL7PFM1Kpa+EwVkCAduPpSflJJPwkYGrK2MHQIDAQAB
+AoGAbwuZ0AR6JveahBaczjfnSpiFHf+mve2UxoQdpyr6ROJ4zg/PLW5K/KXrC48G
+j6f3tXMrfKHcpEoZrQWUfYBRCUsGD5DCazEhD8zlxEHahIsqpwA0WWssJA2VOLEN
+j6DuV2pCFbw67rfTBkTSo32ahfXxEKev5KswZk0JIzH3ooECQQDgzS9AI89h0gs8
+Dt+1m11Rzqo3vZML7ZIyGApUzVan+a7hbc33nbGRkAXjHaUBJO31it/H6dTO+uwX
+msWwNG5ZAkEA2RyFKs5xR5USTFaKLWCgpH/ydV96KPOpBND7TKQx62snDenFNNbn
+FwwOhpahld+vqhYk+pfuWWUpQciE+Bu7ZQJASjfT4sQv4qbbKK/scePicnDdx9th
+4e1EeB9xwb+tXXXUo/6Bor/AcUNwfiQ6Zt9PZOK9sR3lMZSsP7rMi7kzuQJABie6
+1sXXjFH7nNJvRG4S39cIxq8YRYTy68II/dlB2QzGpKxV/POCxbJ/zu0CU79tuYK7
+NaeNCFfH3aeTrX0LyQJAMBWjWmeKM2G2sCExheeQK0ROnaBC8itCECD4Jsve4nqf
+r50+LF74iLXFwqysVCebPKMOpDWp/qQ1BbJQIPs7/A==
+-----END RSA PRIVATE KEY-----
+"""
+
+client_cert_pem = """-----BEGIN CERTIFICATE-----
+MIICJjCCAY+gAwIBAgIJAKxpFI5lODkjMA0GCSqGSIb3DQEBBQUAMFgxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJJTDEQMA4GA1UEBxMHQ2hpY2FnbzEQMA4GA1UEChMH
+VGVzdGluZzEYMBYGA1UEAxMPVGVzdGluZyBSb290IENBMCIYDzIwMDkwMzI1MTIz
+ODA1WhgPMjAxNzA2MTExMjM4MDVaMBYxFDASBgNVBAMTC3VnbHkgY2xpZW50MIGf
+MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDAZh/SRtNm5ntMT4qb6YzEpTroMlq2
+rn+GrRHRiZ+xkCw/CGNhbtPir7/QxaUj26BSmQrHw1bGKEbPsWiW7bdXSespl+xK
+iku4G/KvnnmWdeJHqsiXeUZtqurMELcPQAw9xPHEuhqqUJvvEoMTsnCEqGM+7Dtb
+oCRajYyHfluARQIDAQABozYwNDAdBgNVHQ4EFgQUNQB+qkaOaEVecf1J3TTUtAff
+0fAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADgYEAyv/Jh7gM
+Q3OHvmsFEEvRI+hsW8y66zK4K5de239Y44iZrFYkt7Q5nBPMEWDj4F2hLYWL/qtI
+9Zdr0U4UDCU9SmmGYh4o7R4TZ5pGFvBYvjhHbkSFYFQXZxKUi+WUxplP6I0wr2KJ
+PSTJCjJOn3xo2NTKRgV1gaoTf2EhL+RG8TQ=
+-----END CERTIFICATE-----
+"""
+
+client_key_pem = """-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQDAZh/SRtNm5ntMT4qb6YzEpTroMlq2rn+GrRHRiZ+xkCw/CGNh
+btPir7/QxaUj26BSmQrHw1bGKEbPsWiW7bdXSespl+xKiku4G/KvnnmWdeJHqsiX
+eUZtqurMELcPQAw9xPHEuhqqUJvvEoMTsnCEqGM+7DtboCRajYyHfluARQIDAQAB
+AoGATkZ+NceY5Glqyl4mD06SdcKfV65814vg2EL7V9t8+/mi9rYL8KztSXGlQWPX
+zuHgtRoMl78yQ4ZJYOBVo+nsx8KZNRCEBlE19bamSbQLCeQMenWnpeYyQUZ908gF
+h6L9qsFVJepgA9RDgAjyDoS5CaWCdCCPCH2lDkdcqC54SVUCQQDseuduc4wi8h4t
+V8AahUn9fn9gYfhoNuM0gdguTA0nPLVWz4hy1yJiWYQe0H7NLNNTmCKiLQaJpAbb
+TC6vE8C7AkEA0Ee8CMJUc20BnGEmxwgWcVuqFWaKCo8jTH1X38FlATUsyR3krjW2
+dL3yDD9NwHxsYP7nTKp/U8MV7U9IBn4y/wJBAJl7H0/BcLeRmuJk7IqJ7b635iYB
+D/9beFUw3MUXmQXZUfyYz39xf6CDZsu1GEdEC5haykeln3Of4M9d/4Kj+FcCQQCY
+si6xwT7GzMDkk/ko684AV3KPc/h6G0yGtFIrMg7J3uExpR/VdH2KgwMkZXisSMvw
+JJEQjOMCVsEJlRk54WWjAkEAzoZNH6UhDdBK5F38rVt/y4SEHgbSfJHIAmPS32Kq
+f6GGcfNpip0Uk7q7udTKuX7Q/buZi/C4YW7u3VKAquv9NA==
+-----END RSA PRIVATE KEY-----
+"""
+
 cleartextCertificatePEM = """-----BEGIN CERTIFICATE-----
 MIIC7TCCAlagAwIBAgIIPQzE4MbeufQwDQYJKoZIhvcNAQEFBQAwWDELMAkGA1UE
 BhMCVVMxCzAJBgNVBAgTAklMMRAwDgYDVQQHEwdDaGljYWdvMRAwDgYDVQQKEwdU
@@ -95,57 +199,6 @@
 """
 encryptedPrivateKeyPEMPassphrase = "foobar"
 
-# Some PKCS12 data, base64 encoded.  The data itself was constructed using the
-# openssl command line:
-#
-#    openssl pkcs12 -export -in s.pem -out o.p12 -inkey s.pem -certfile s.pem
-#
-# With s.pem containing a private key and certificate.  The contents of the
-# generated file, o.p12, were then base64 encoded to produce this value.
-pkcs12Data = """\
-MIIJGQIBAzCCCN8GCSqGSIb3DQEHAaCCCNAEggjMMIIIyDCCBucGCSqGSIb3DQEHBqCCBtgwggbU
-AgEAMIIGzQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIdwchN+KDjC8CAggAgIIGoOh59lWQ
-vz7FB2ewPHduY3pBhJX1W7ioN1k2xAoelE04v30CvNNa0A8qIjk6U7WLRXL74jG1xPq+WcAUtNtk
-3ZfTaPTPR+q5xVNBZFHeKDirt7yherl8Xs16OEl0IgNpNHRLeHxi4JeBqkGReq1vkybus2ALyQ/B
-FgbrNJiaGpvUx64A3FnHKbT0pVIvsg5iqcpCQ2SDLeJnqKFuP/2+SE5WnNvM6SBG20HMNOR9+SM5
-tPETapeu7AFkJ03FY3OF+fllHnv8fyXXDkv7F1bX8P2q6wQSRK6DXq6DO1Qjqzmrrtk4Pq6Hne2x
-onN2Bx9yUR83tNn4bQWNDasbnQpdI3Fsgg6RS5+B7y9tw37nygyND9ME0NcCysDov5zIG84gsZHn
-3LDFQkP4M7iBscNCund18FNQomrqAmPvejos+OXMQlNd/la15UQgUqv33V91WIMNmDDt80eVdxp8
-0D4gCvIl3xPp0Lp1EwhXwQxmx7LS3Fj0yCaiBOVevqhp9uq0i5hhdPA4a/XyIAeuJCS07s21fAe3
-Ay3S7olg1DTtN9wSJL6C1wus3VDMicB82ZC4+wAbfheedseenA0ubMDj38JqHgUtb02jMb9Ff3QR
-Hj6qzv5nJIJjmCG+cBatMh775f/9y/7wuElZYjv/vPb9S4Oraxz3ZgLtkU15PVeLjFHsHWRnrhVC
-ORaDEdX42kXfTMTaDsqFPg10ZS4fb7kCqD+ef0U4nCB0pfKyDo3hyDxHxGMqEVwyhKrl2UKljmcz
-02AGKxf6SERGdApGX4ENSuEG8v37CJTnmf1Tvf+K3fcCwBWTVDjhCgyCYrqaR02r8ixjRCU47L7e
-fe0c6WcTIYcXwWPPwqk6lUm8jH/IFSohUxrGaLRsvtYMK5O1ss3fGnv5DysLoWRRHNsp9EqJ+nXP
-bC5KRS01M78twFHXyIVgML13sMwox3aMCADP4HAFisUTQjSq0LlrHHVSIdIz3dEC3jsIs2bRxaVE
-dGaMorvVhoCNucGtdXD778EHsPy6ierUd6LijOYGs+yxUKVdeSAHYiQqBB/0uwo5tqeUjc1xte4V
-7o68M0TnaeXZk6eJj8cy+Z7uvlKrEWG/d+yDp6ZrS/uuCUqlfakSUQVLwhpupRs6bOfbU9VWmuuW
-T/whDpJHkGRqz15d3K43wkF6gWx7tpnwps2boB3fjQVlQ20xJ+4QjYV6Yu/0dlhyU69/sZEHQXvL
-xdZsLwkjEHhGPoMkVSpSZF7mSgM4iI8nFkPbfNOSBGpW8GTYUQN+YI+GjQYwk2zGpB3Fhfc9lVuK
-QqlYUtGkj2UauO9diqS1rVOIQORJ49EmA0w0VJz6A3teklGRQvdfSiTdTmg+PcYtdllquni0MMJO
-3t7fpOnfmZRxvOx9J8WsLlz18uvq8+jDGs0InNFGxUf5v+iTBjY2ByzaMZDa84xqu6+cVuGcQGRu
-NJCpxWNOyfKrDnJ+TOg1/AV3dHiuBNeyOE6XkwzhfEH0TaAWvqtmqRFBIjhsMwkg9qooeJwWANUP
-fq+UxpR8M5UDMBEKcwk+paSLtzAL/Xznk2q9U2JKPrmcD79bSNafDZ33/5U05mGq3CmY5DVjoy+C
-qhbfIQssrNhWxN3yCtHDDOrXVwEb/DAKSIfVz07mRKP/9jW2aC3nmRSt8Gd+JYy4nNRFAcatIcoC
-IHB5rtEXdhHHfZsAaVPGPgfpeVGIK8FXZTSLYGSGHsjXAXG0xS9nXX/8mHyKP3SKd5/h1H9llYhh
-nXXBM7lY6W8A6wRmMmOTkHn5Ovi+mavWeCioKiGfqoUQDRow/PdfwVLUVhe1OTCx4G5F8mXLpIWp
-1wzrOqMfOGDKD+RCgz/5sqVzAvgj0LTttoRKGipJjVb5luaLZswKCtlemD9xRb8J/PRp/6YHvrxW
-2taIJyZPBmbiqXAIFCiwjnurnP9WK4h6ss+bwj8lY3fB8CPwRAyy2p7dpXeNFby0ZkWPlBqKEXgZ
-03uQ8mUGXrty5ha03z7Gzab3RqAUu7l21i4DBbZjcn8j5NPrc3cNVpbJMic/0NDvojI3pIqsQ3yv
-3JbYdkVzlmEmapHCgF/SGVkZMo28uoC1upZMHRvb4zIrRlj1CVlUxmQu00q8GudNBcPOrQVONt5+
-eBvxD/Dco26wHPusPieUMlkj9VP9FS24bdocKXOL7KHOnsZ5oLS1S4hA7l7wEtzfoRHt1M1x8UCQ
-hYcQEbZsOrxqmKlbgm0B6bBsdK0IxGNhgdtKHUCdxHYkpSEYLXwwggHZBgkqhkiG9w0BBwGgggHK
-BIIBxjCCAcIwggG+BgsqhkiG9w0BDAoBAqCCAYYwggGCMBwGCiqGSIb3DQEMAQMwDgQIZ+Y92Rjm
-N5cCAggABIIBYD2z0NOajj7NlnWDRO8hlRiDIo8UTZ3E2UjP4rSbKh7ZLGULHALuH+gcwD3814U7
-VukIkyhiE1VvqPMXb2m4VTCp9BE4oXda0S2Mao1nKxbeMTZ3GE3+C7HPIuTTNQnsnpspIctNAarC
-IIuhgSQmjdILrkmX0QjH5vrQFbdpcDDb/IRba13hws8FM2OrduM+MDEM6xkwiG3AGDgKEPYsd1Ai
-uP8EMX4dzZ9BvEJHaAynzSpUxWy13ntMxNfeIuOKAT9HNsHr0MQgDDpVEhRY26IAZhNFfjtWdAjI
-OiMxk3BjixMUof9i1Xh+4yQsrzLcBJazCyphtb6YvnorQQxWUnaQXWjmU4QS36ajuyOXgFf1Z3jk
-6CLztf6kq3rY4uQ7aQIUJjUcWP0dUGr6LLZRVYP4uL/N/QSasliQGhTxrjEHywyPqRQjKVgV9c6D
-ueHmII59hoZPA6a2cYpQnsuFoeAxJTAjBgkqhkiG9w0BCRUxFgQUVFyHPk/34xv0OdgMn18Sjffj
-7lcwMTAhMAkGBSsOAwIaBQAEFBxVa/flSZttaXvzg+oLJBqgUWuVBAh0s4gPVAEKHAICCAA=
-""".decode('base64')
-
 # Some PKCS#7 stuff.  Generated with the openssl command line:
 #
 #    openssl crl2pkcs7 -inform pem -outform pem -certfile s.pem -nocrl
@@ -915,6 +968,379 @@
 
 
 
+class PKCS12Tests(TestCase):
+    """
+    Test for L{OpenSSL.crypto.PKCS12} and L{OpenSSL.crypto.load_pkcs12}.
+    """
+    pemData = cleartextCertificatePEM + cleartextPrivateKeyPEM
+
+    def test_type(self):
+        """
+        L{PKCS12Type} is a type object.
+        """
+        self.assertIdentical(PKCS12, PKCS12Type)
+        self.assertConsistentType(PKCS12, 'PKCS12')
+
+
+    def test_empty_construction(self):
+        """
+        L{PKCS12} returns a new instance of L{PKCS12} with no certificate,
+        private key, CA certificates, or friendly name.
+        """
+        p12 = PKCS12()
+        self.assertEqual(None, p12.get_certificate())
+        self.assertEqual(None, p12.get_privatekey())
+        self.assertEqual(None, p12.get_ca_certificates())
+        self.assertEqual(None, p12.get_friendlyname())
+
+
+    def test_type_errors(self):
+        """
+        The L{PKCS12} setter functions (C{set_certificate}, C{set_privatekey},
+        C{set_ca_certificates}, and C{set_friendlyname}) raise L{TypeError}
+        when passed objects of types other than those expected.
+        """
+        p12 = PKCS12()
+        self.assertRaises(TypeError, p12.set_certificate, 3)
+        self.assertRaises(TypeError, p12.set_certificate, PKey())
+        self.assertRaises(TypeError, p12.set_certificate, X509)
+        self.assertRaises(TypeError, p12.set_privatekey, 3)
+        self.assertRaises(TypeError, p12.set_privatekey, 'legbone')
+        self.assertRaises(TypeError, p12.set_privatekey, X509())
+        self.assertRaises(TypeError, p12.set_ca_certificates, 3)
+        self.assertRaises(TypeError, p12.set_ca_certificates, X509())
+        self.assertRaises(TypeError, p12.set_ca_certificates, (3, 4))
+        self.assertRaises(TypeError, p12.set_ca_certificates, ( PKey(), ))
+        self.assertRaises(TypeError, p12.set_friendlyname, 6)
+        self.assertRaises(TypeError, p12.set_friendlyname, ('foo', 'bar'))
+
+
+    def test_key_only(self):
+        """
+        A L{PKCS12} with only a private key can be exported using
+        L{PKCS12.export} and loaded again using L{load_pkcs12}.
+        """
+        passwd = 'blah'
+        p12 = PKCS12()
+        pkey = load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM)
+        p12.set_privatekey(pkey)
+        self.assertEqual(None, p12.get_certificate())
+        self.assertEqual(pkey, p12.get_privatekey())
+        try:
+            dumped_p12 = p12.export(passphrase=passwd, iter=2, maciter=3)
+        except Error:
+            # Some versions of OpenSSL will throw an exception
+            # for this nearly useless PKCS12 we tried to generate:
+            # [('PKCS12 routines', 'PKCS12_create', 'invalid null argument')]
+            return
+        p12 = load_pkcs12(dumped_p12, passwd)
+        self.assertEqual(None, p12.get_ca_certificates())
+        self.assertEqual(None, p12.get_certificate())
+
+        # OpenSSL fails to bring the key back to us.  So sad.  Perhaps in the
+        # future this will be improved.
+        self.assertTrue(isinstance(p12.get_privatekey(), (PKey, type(None))))
+
+
+    def test_cert_only(self):
+        """
+        A L{PKCS12} with only a certificate can be exported using
+        L{PKCS12.export} and loaded again using L{load_pkcs12}.
+        """
+        passwd = 'blah'
+        p12 = PKCS12()
+        cert = load_certificate(FILETYPE_PEM, cleartextCertificatePEM)
+        p12.set_certificate(cert)
+        self.assertEqual(cert, p12.get_certificate())
+        self.assertEqual(None, p12.get_privatekey())
+        try:
+            dumped_p12 = p12.export(passphrase=passwd, iter=2, maciter=3)
+        except Error:
+            # Some versions of OpenSSL will throw an exception
+            # for this nearly useless PKCS12 we tried to generate:
+            # [('PKCS12 routines', 'PKCS12_create', 'invalid null argument')]
+            return
+        p12 = load_pkcs12(dumped_p12, passwd)
+        self.assertEqual(None, p12.get_privatekey())
+
+        # OpenSSL fails to bring the cert back to us.  Groany mcgroan.
+        self.assertTrue(isinstance(p12.get_certificate(), (X509, type(None))))
+
+        # Oh ho.  It puts the certificate into the ca certificates list, in
+        # fact.  Totally bogus, I would think.  Nevertheless, let's exploit
+        # that to check to see if it reconstructed the certificate we expected
+        # it to.  At some point, hopefully this will change so that
+        # p12.get_certificate() is actually what returns the loaded
+        # certificate.
+        self.assertEqual(
+            cleartextCertificatePEM,
+            dump_certificate(FILETYPE_PEM, p12.get_ca_certificates()[0]))
+
+
+    def gen_pkcs12(self, cert_pem=None, key_pem=None, ca_pem=None, friendly_name=None):
+        """
+        Generate a PKCS12 object with components from PEM.  Verify that the set
+        functions return None.
+        """
+        p12 = PKCS12()
+        if cert_pem:
+            ret = p12.set_certificate(load_certificate(FILETYPE_PEM, cert_pem))
+            self.assertEqual(ret, None)
+        if key_pem:
+            ret = p12.set_privatekey(load_privatekey(FILETYPE_PEM, key_pem))
+            self.assertEqual(ret, None)
+        if ca_pem:
+            ret = p12.set_ca_certificates((load_certificate(FILETYPE_PEM, ca_pem),))
+            self.assertEqual(ret, None)
+        if friendly_name:
+            ret = p12.set_friendlyname(friendly_name)
+            self.assertEqual(ret, None)
+        return p12
+
+
+    def check_recovery(self, p12_str, key=None, cert=None, ca=None, passwd='',
+                       extra=()):
+        """
+        Use openssl program to confirm three components are recoverable from a
+        PKCS12 string.
+        """
+        if key:
+            recovered_key = _runopenssl(
+                p12_str, "pkcs12", '-nocerts', '-nodes', '-passin',
+                'pass:' + passwd, *extra)
+            self.assertEqual(recovered_key[-len(key):], key)
+        if cert:
+            recovered_cert = _runopenssl(
+                p12_str, "pkcs12", '-clcerts', '-nodes', '-passin',
+                'pass:' + passwd, '-nokeys', *extra)
+            self.assertEqual(recovered_cert[-len(cert):], cert)
+        if ca:
+            recovered_cert = _runopenssl(
+                p12_str, "pkcs12", '-cacerts', '-nodes', '-passin',
+                'pass:' + passwd, '-nokeys', *extra)
+            self.assertEqual(recovered_cert[-len(ca):], ca)
+
+
+    def test_load_pkcs12(self):
+        """
+        A PKCS12 string generated using the openssl command line can be loaded
+        with L{load_pkcs12} and its components extracted and examined.
+        """
+        passwd = 'whatever'
+        pem = client_key_pem + client_cert_pem
+        p12_str = _runopenssl(
+            pem, "pkcs12", '-export', '-clcerts', '-passout', 'pass:' + passwd)
+        p12 = load_pkcs12(p12_str, passwd)
+        # verify
+        self.assertTrue(isinstance(p12, PKCS12))
+        cert_pem = dump_certificate(FILETYPE_PEM, p12.get_certificate())
+        self.assertEqual(cert_pem, client_cert_pem)
+        key_pem = dump_privatekey(FILETYPE_PEM, p12.get_privatekey())
+        self.assertEqual(key_pem, client_key_pem)
+        self.assertEqual(None, p12.get_ca_certificates())
+
+
+    def test_load_pkcs12_garbage(self):
+        """
+        L{load_pkcs12} raises L{OpenSSL.crypto.Error} when passed a string
+        which is not a PKCS12 dump.
+        """
+        passwd = 'whatever'
+        e = self.assertRaises(Error, load_pkcs12, 'fruit loops', passwd)
+        self.assertEqual( e[0][0][0], 'asn1 encoding routines')
+        self.assertEqual( len(e[0][0]), 3)
+
+
+    def test_replace(self):
+        """
+        L{PKCS12.set_certificate} replaces the certificate in a PKCS12 cluster.
+        L{PKCS12.set_privatekey} replaces the private key.
+        L{PKCS12.set_ca_certificates} replaces the CA certificates.
+        """
+        p12 = self.gen_pkcs12(client_cert_pem, client_key_pem, root_cert_pem)
+        p12.set_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))
+        p12.set_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))
+        root_cert = load_certificate(FILETYPE_PEM, root_cert_pem)
+        client_cert = load_certificate(FILETYPE_PEM, client_cert_pem)
+        p12.set_ca_certificates([root_cert]) # not a tuple
+        self.assertEqual(1, len(p12.get_ca_certificates()))
+        self.assertEqual(root_cert, p12.get_ca_certificates()[0])
+        p12.set_ca_certificates([client_cert, root_cert])
+        self.assertEqual(2, len(p12.get_ca_certificates()))
+        self.assertEqual(client_cert, p12.get_ca_certificates()[0])
+        self.assertEqual(root_cert, p12.get_ca_certificates()[1])
+
+
+    def test_friendly_name(self):
+        """
+        The I{friendlyName} of a PKCS12 can be set and retrieved via
+        L{PKCS12.get_friendlyname} and L{PKCS12_set_friendlyname}, and a
+        L{PKCS12} with a friendly name set can be dumped with L{PKCS12.export}.
+        """
+        passwd = 'Dogmeat[]{}!@#$%^&*()~`?/.,<>-_+=";:'
+        p12 = self.gen_pkcs12(server_cert_pem, server_key_pem, root_cert_pem)
+        for friendly_name in ['Serverlicious', None, '###']:
+            p12.set_friendlyname(friendly_name)
+            self.assertEqual(p12.get_friendlyname(), friendly_name)
+            dumped_p12 = p12.export(passphrase=passwd, iter=2, maciter=3)
+            reloaded_p12 = load_pkcs12(dumped_p12, passwd)
+            self.assertEqual(
+                p12.get_friendlyname(),reloaded_p12.get_friendlyname())
+            # We would use the openssl program to confirm the friendly
+            # name, but it is not possible.  The pkcs12 command
+            # does not store the friendly name in the cert's
+            # alias, which we could then extract.
+            self.check_recovery(
+                dumped_p12, key=server_key_pem, cert=server_cert_pem,
+                ca=root_cert_pem, passwd=passwd)
+
+
+    def test_various_empty_passphrases(self):
+        """
+        Test that missing, None, and '' passphrases are identical for PKCS12
+        export.
+        """
+        p12 = self.gen_pkcs12(client_cert_pem, client_key_pem, root_cert_pem)
+        passwd = ''
+        dumped_p12_empty = p12.export(iter=2, maciter=0, passphrase=passwd)
+        dumped_p12_none = p12.export(iter=3, maciter=2, passphrase=None)
+        dumped_p12_nopw = p12.export(iter=9, maciter=4)
+        for dumped_p12 in [dumped_p12_empty, dumped_p12_none, dumped_p12_nopw]:
+            self.check_recovery(
+                dumped_p12, key=client_key_pem, cert=client_cert_pem,
+                ca=root_cert_pem, passwd=passwd)
+
+
+    def test_removing_ca_cert(self):
+        """
+        Passing C{None} to L{PKCS12.set_ca_certificates} removes all CA
+        certificates.
+        """
+        p12 = self.gen_pkcs12(server_cert_pem, server_key_pem, root_cert_pem)
+        p12.set_ca_certificates(None)
+        self.assertEqual(None, p12.get_ca_certificates())
+
+
+    def test_export_without_mac(self):
+        """
+        Exporting a PKCS12 with a C{maciter} of C{-1} excludes the MAC
+        entirely.
+        """
+        passwd = 'Lake Michigan'
+        p12 = self.gen_pkcs12(server_cert_pem, server_key_pem, root_cert_pem)
+        dumped_p12 = p12.export(maciter=-1, passphrase=passwd, iter=2)
+        self.check_recovery(
+            dumped_p12, key=server_key_pem, cert=server_cert_pem,
+            passwd=passwd, extra=('-nomacver',))
+
+
+    def test_load_without_mac(self):
+        """
+        Loading a PKCS12 without a MAC does something other than crash.
+        """
+        passwd = 'Lake Michigan'
+        p12 = self.gen_pkcs12(server_cert_pem, server_key_pem, root_cert_pem)
+        dumped_p12 = p12.export(maciter=-1, passphrase=passwd, iter=2)
+        try:
+            recovered_p12 = load_pkcs12(dumped_p12, passwd)
+            # The person who generated this PCKS12 should be flogged,
+            # or better yet we should have a means to determine
+            # whether a PCKS12 had a MAC that was verified.
+            # Anyway, libopenssl chooses to allow it, so the
+            # pyopenssl binding does as well.
+            self.assertTrue(isinstance(recovered_p12, PKCS12))
+        except Error:
+            # Failing here with an exception is preferred as some openssl
+            # versions do.
+            pass
+
+
+    def test_zero_len_list_for_ca(self):
+        """
+        A PKCS12 with an empty CA certificates list can be exported.
+        """
+        passwd = 'Hobie 18'
+        p12 = self.gen_pkcs12(server_cert_pem, server_key_pem)
+        p12.set_ca_certificates([])
+        self.assertEqual((), p12.get_ca_certificates())
+        dumped_p12 = p12.export(passphrase=passwd, iter=3)
+        self.check_recovery(
+            dumped_p12, key=server_key_pem, cert=server_cert_pem,
+            passwd=passwd)
+
+
+    def test_export_without_args(self):
+        """
+        All the arguments to L{PKCS12.export} are optional.
+        """
+        p12 = self.gen_pkcs12(server_cert_pem, server_key_pem, root_cert_pem)
+        dumped_p12 = p12.export()  # no args
+        self.check_recovery(
+            dumped_p12, key=server_key_pem, cert=server_cert_pem, passwd='')
+
+
+    def test_key_cert_mismatch(self):
+        """
+        L{PKCS12.export} raises an exception when a key and certificate
+        mismatch.
+        """
+        p12 = self.gen_pkcs12(server_cert_pem, client_key_pem, root_cert_pem)
+        self.assertRaises(Error, p12.export)
+
+
+
+# These quoting functions taken directly from Twisted's twisted.python.win32.
+_cmdLineQuoteRe = re.compile(r'(\\*)"')
+_cmdLineQuoteRe2 = re.compile(r'(\\+)\Z')
+def cmdLineQuote(s):
+    """
+    Internal method for quoting a single command-line argument.
+
+    @type: C{str}
+    @param s: A single unquoted string to quote for something that is expecting
+        cmd.exe-style quoting
+
+    @rtype: C{str}
+    @return: A cmd.exe-style quoted string
+
+    @see: U{http://www.perlmonks.org/?node_id=764004}
+    """
+    s = _cmdLineQuoteRe2.sub(r"\1\1", _cmdLineQuoteRe.sub(r'\1\1\\"', s))
+    return '"%s"' % s
+
+
+
+def quoteArguments(arguments):
+    """
+    Quote an iterable of command-line arguments for passing to CreateProcess or
+    a similar API.  This allows the list passed to C{reactor.spawnProcess} to
+    match the child process's C{sys.argv} properly.
+
+    @type arguments: C{iterable} of C{str}
+    @param arguments: An iterable of unquoted arguments to quote
+
+    @rtype: C{str}
+    @return: A space-delimited string containing quoted versions of L{arguments}
+    """
+    return ' '.join(map(cmdLineQuote, arguments))
+
+
+def _runopenssl(pem, *args):
+    """
+    Run the command line openssl tool with the given arguments and write
+    the given PEM to its stdin.  Not safe for quotes.
+    """
+    if os.name == 'posix':
+        command = "openssl " + " ".join(["'%s'" % (arg.replace("'", "'\\''"),) for arg in args])
+    else:
+        command = "openssl " + quoteArguments(args)
+    write, read = popen2(command, "b")
+    write.write(pem)
+    write.close()
+    return read.read()
+
+
+
 class FunctionTests(TestCase):
     """
     Tests for free-functions in the L{OpenSSL.crypto} module.
@@ -984,17 +1410,6 @@
         self.assertEqual(loadedKey.bits(), key.bits())
 
 
-    def _runopenssl(self, pem, *args):
-        """
-        Run the command line openssl tool with the given arguments and write
-        the given PEM to its stdin.
-        """
-        write, read = popen2(" ".join(("openssl",) + args), "b")
-        write.write(pem)
-        write.close()
-        return read.read()
-
-
     def test_dump_certificate(self):
         """
         L{dump_certificate} writes PEM, DER, and text.
@@ -1004,13 +1419,13 @@
         dumped_pem = dump_certificate(FILETYPE_PEM, cert)
         self.assertEqual(dumped_pem, cleartextCertificatePEM)
         dumped_der = dump_certificate(FILETYPE_ASN1, cert)
-        good_der = self._runopenssl(dumped_pem, "x509", "-outform", "DER")
+        good_der = _runopenssl(dumped_pem, "x509", "-outform", "DER")
         self.assertEqual(dumped_der, good_der)
         cert2 = load_certificate(FILETYPE_ASN1, dumped_der)
         dumped_pem2 = dump_certificate(FILETYPE_PEM, cert2)
         self.assertEqual(dumped_pem2, cleartextCertificatePEM)
         dumped_text = dump_certificate(FILETYPE_TEXT, cert)
-        good_text = self._runopenssl(dumped_pem, "x509", "-noout", "-text")
+        good_text = _runopenssl(dumped_pem, "x509", "-noout", "-text")
         self.assertEqual(dumped_text, good_text)
 
 
@@ -1023,13 +1438,13 @@
         self.assertEqual(dumped_pem, cleartextPrivateKeyPEM)
         dumped_der = dump_privatekey(FILETYPE_ASN1, key)
         # XXX This OpenSSL call writes "writing RSA key" to standard out.  Sad.
-        good_der = self._runopenssl(dumped_pem, "rsa", "-outform", "DER")
+        good_der = _runopenssl(dumped_pem, "rsa", "-outform", "DER")
         self.assertEqual(dumped_der, good_der)
         key2 = load_privatekey(FILETYPE_ASN1, dumped_der)
         dumped_pem2 = dump_privatekey(FILETYPE_PEM, key2)
         self.assertEqual(dumped_pem2, cleartextPrivateKeyPEM)
         dumped_text = dump_privatekey(FILETYPE_TEXT, key)
-        good_text = self._runopenssl(dumped_pem, "rsa", "-noout", "-text")
+        good_text = _runopenssl(dumped_pem, "rsa", "-noout", "-text")
         self.assertEqual(dumped_text, good_text)
 
 
@@ -1041,13 +1456,13 @@
         dumped_pem = dump_certificate_request(FILETYPE_PEM, req)
         self.assertEqual(dumped_pem, cleartextCertificateRequestPEM)
         dumped_der = dump_certificate_request(FILETYPE_ASN1, req)
-        good_der = self._runopenssl(dumped_pem, "req", "-outform", "DER")
+        good_der = _runopenssl(dumped_pem, "req", "-outform", "DER")
         self.assertEqual(dumped_der, good_der)
         req2 = load_certificate_request(FILETYPE_ASN1, dumped_der)
         dumped_pem2 = dump_certificate_request(FILETYPE_PEM, req2)
         self.assertEqual(dumped_pem2, cleartextCertificateRequestPEM)
         dumped_text = dump_certificate_request(FILETYPE_TEXT, req)
-        good_text = self._runopenssl(dumped_pem, "req", "-noout", "-text")
+        good_text = _runopenssl(dumped_pem, "req", "-noout", "-text")
         self.assertEqual(dumped_text, good_text)
 
 
@@ -1080,15 +1495,6 @@
         self.assertTrue(isinstance(pkcs7, PKCS7Type))
 
 
-    def test_load_pkcs12(self):
-        """
-        L{load_pkcs12} accepts a PKCS#12 string and returns an instance of
-        L{PKCS12Type}.
-        """
-        pkcs12 = load_pkcs12(pkcs12Data)
-        self.assertTrue(isinstance(pkcs12, PKCS12Type))
-
-
 
 class PKCS7Tests(TestCase):
     """
@@ -1106,22 +1512,6 @@
 
 
 
-class PKCS12Tests(TestCase):
-    """
-    Tests for L{PKCS12Type}.
-    """
-    def test_type(self):
-        """
-        L{PKCS12Type} is a type object.
-        """
-        self.assertTrue(isinstance(PKCS12Type, type))
-        self.assertEqual(PKCS12Type.__name__, 'PKCS12')
-
-        # XXX This doesn't currently work.
-        # self.assertIdentical(PKCS12, PKCS12Type)
-
-
-
 class NetscapeSPKITests(TestCase):
     """
     Tests for L{OpenSSL.crypto.NetscapeSPKI}.
diff --git a/test/test_ssl.py b/test/test_ssl.py
index bf28ca3..d7e04da 100644
--- a/test/test_ssl.py
+++ b/test/test_ssl.py
@@ -6,7 +6,7 @@
 
 from sys import platform
 from socket import socket
-from os import makedirs, symlink
+from os import makedirs
 from os.path import join
 from unittest import main
 
@@ -17,6 +17,7 @@
 from OpenSSL.SSL import VERIFY_PEER, VERIFY_FAIL_IF_NO_PEER_CERT, VERIFY_CLIENT_ONCE
 from OpenSSL.test.util import TestCase
 from OpenSSL.test.test_crypto import cleartextCertificatePEM, cleartextPrivateKeyPEM
+from OpenSSL.test.test_crypto import client_cert_pem, client_key_pem, server_cert_pem, server_key_pem, root_cert_pem
 try:
     from OpenSSL.SSL import OP_NO_QUERY_MTU
 except ImportError:
@@ -41,7 +42,7 @@
     port.listen(1)
     client = socket()
     client.setblocking(False)
-    client.connect_ex(port.getsockname())
+    client.connect_ex(("127.0.0.1", port.getsockname()[1]))
     client.setblocking(True)
     server = port.accept()[0]
 
@@ -193,6 +194,7 @@
         cert = clientSSL.get_peer_certificate()
         self.assertEqual(cert.get_subject().CN, 'Testing Root CA')
 
+
     def test_load_verify_file(self):
         """
         L{Context.load_verify_locations} accepts a file name and uses the
@@ -223,49 +225,47 @@
         """
         capath = self.mktemp()
         makedirs(capath)
-        cafile = join(capath, 'cert.pem')
+        # Hash value computed manually with c_rehash to avoid depending on
+        # c_rehash in the test suite.
+        cafile = join(capath, 'c7adac82.0')
         fObj = file(cafile, 'w')
         fObj.write(cleartextCertificatePEM)
         fObj.close()
 
-        # Hash value computed manually with c_rehash to avoid depending on
-        # c_rehash in the test suite.
-        symlink('cert.pem', join(capath, 'c7adac82.0'))
-
         self._load_verify_locations_test(None, capath)
 
 
-    def test_set_default_verify_paths(self):
-        """
-        L{Context.set_default_verify_paths} causes the platform-specific CA
-        certificate locations to be used for verification purposes.
-        """
-        # Testing this requires a server with a certificate signed by one of
-        # the CAs in the platform CA location.  Getting one of those costs
-        # money.  Fortunately (or unfortunately, depending on your
-        # perspective), it's easy to think of a public server on the
-        # internet which has such a certificate.  Connecting to the network
-        # in a unit test is bad, but it's the only way I can think of to
-        # really test this. -exarkun
+    if platform in ("darwin", "win32"):
+        "set_default_verify_paths appears not to work on OS X or Windows"
+        "See LP#404343 and LP#404344."
+    else:
+        def test_set_default_verify_paths(self):
+            """
+            L{Context.set_default_verify_paths} causes the platform-specific CA
+            certificate locations to be used for verification purposes.
+            """
+            # Testing this requires a server with a certificate signed by one of
+            # the CAs in the platform CA location.  Getting one of those costs
+            # money.  Fortunately (or unfortunately, depending on your
+            # perspective), it's easy to think of a public server on the
+            # internet which has such a certificate.  Connecting to the network
+            # in a unit test is bad, but it's the only way I can think of to
+            # really test this. -exarkun
 
-        # Arg, verisign.com doesn't speak TLSv1
-        context = Context(SSLv3_METHOD)
-        context.set_default_verify_paths()
-        context.set_verify(
-            VERIFY_PEER, 
-            lambda conn, cert, errno, depth, preverify_ok: preverify_ok)
+            # Arg, verisign.com doesn't speak TLSv1
+            context = Context(SSLv3_METHOD)
+            context.set_default_verify_paths()
+            context.set_verify(
+                VERIFY_PEER,
+                lambda conn, cert, errno, depth, preverify_ok: preverify_ok)
 
-        client = socket()
-        client.connect(('verisign.com', 443))
-        clientSSL = Connection(context, client)
-        clientSSL.set_connect_state()
-        clientSSL.do_handshake()
-        clientSSL.send('GET / HTTP/1.0\r\n\r\n')
-        self.assertTrue(clientSSL.recv(1024))
-    if platform == "darwin":
-        test_set_default_verify_paths.todo = (
-            "set_default_verify_paths appears not to work on OS X - a "
-            "problem with the supplied OpenSSL, perhaps?")
+            client = socket()
+            client.connect(('verisign.com', 443))
+            clientSSL = Connection(context, client)
+            clientSSL.set_connect_state()
+            clientSSL.do_handshake()
+            clientSSL.send('GET / HTTP/1.0\r\n\r\n')
+            self.assertTrue(clientSSL.recv(1024))
 
 
     def test_set_default_verify_paths_signature(self):
@@ -278,6 +278,28 @@
         self.assertRaises(TypeError, context.set_default_verify_paths, 1)
         self.assertRaises(TypeError, context.set_default_verify_paths, "")
 
+    def test_add_extra_chain_cert_invalid_cert(self):
+        """
+        L{Context.add_extra_chain_cert} raises L{TypeError} if called with
+        other than one argument or if called with an object which is not an
+        instance of L{X509}.
+        """
+        context = Context(TLSv1_METHOD)
+        self.assertRaises(TypeError, context.add_extra_chain_cert)
+        self.assertRaises(TypeError, context.add_extra_chain_cert, object())
+        self.assertRaises(TypeError, context.add_extra_chain_cert, object(), object())
+
+
+    def test_add_extra_chain_cert(self):
+        """
+        L{Context.add_extra_chain_cert} accepts an L{X509} instance to add to
+        the certificate chain.
+        """
+        context = Context(TLSv1_METHOD)
+        context.add_extra_chain_cert(load_certificate(FILETYPE_PEM, cleartextCertificatePEM))
+        # XXX Oh no, actually asserting something about its behavior would be really hard.
+        # See #477521.
+
 
 
 class ConnectionTests(TestCase):
@@ -294,6 +316,25 @@
         self.assertConsistentType(Connection, 'Connection', ctx, None)
 
 
+    def test_get_context(self):
+        """
+        L{Connection.get_context} returns the L{Context} instance used to
+        construct the L{Connection} instance.
+        """
+        context = Context(TLSv1_METHOD)
+        connection = Connection(context, None)
+        self.assertIdentical(connection.get_context(), context)
+
+
+    def test_get_context_wrong_args(self):
+        """
+        L{Connection.get_context} raises L{TypeError} if called with any
+        arguments.
+        """
+        connection = Connection(Context(TLSv1_METHOD), None)
+        self.assertRaises(TypeError, connection.get_context, None)
+
+
 
 class ErrorTests(TestCase):
     """
@@ -351,109 +392,6 @@
 
 
 
-root_cert_pem = """-----BEGIN CERTIFICATE-----
-MIIC7TCCAlagAwIBAgIIPQzE4MbeufQwDQYJKoZIhvcNAQEFBQAwWDELMAkGA1UE
-BhMCVVMxCzAJBgNVBAgTAklMMRAwDgYDVQQHEwdDaGljYWdvMRAwDgYDVQQKEwdU
-ZXN0aW5nMRgwFgYDVQQDEw9UZXN0aW5nIFJvb3QgQ0EwIhgPMjAwOTAzMjUxMjM2
-NThaGA8yMDE3MDYxMTEyMzY1OFowWDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAklM
-MRAwDgYDVQQHEwdDaGljYWdvMRAwDgYDVQQKEwdUZXN0aW5nMRgwFgYDVQQDEw9U
-ZXN0aW5nIFJvb3QgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPmaQumL
-urpE527uSEHdL1pqcDRmWzu+98Y6YHzT/J7KWEamyMCNZ6fRW1JCR782UQ8a07fy
-2xXsKy4WdKaxyG8CcatwmXvpvRQ44dSANMihHELpANTdyVp6DCysED6wkQFurHlF
-1dshEaJw8b/ypDhmbVIo6Ci1xvCJqivbLFnbAgMBAAGjgbswgbgwHQYDVR0OBBYE
-FINVdy1eIfFJDAkk51QJEo3IfgSuMIGIBgNVHSMEgYAwfoAUg1V3LV4h8UkMCSTn
-VAkSjch+BK6hXKRaMFgxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJJTDEQMA4GA1UE
-BxMHQ2hpY2FnbzEQMA4GA1UEChMHVGVzdGluZzEYMBYGA1UEAxMPVGVzdGluZyBS
-b290IENBggg9DMTgxt659DAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GB
-AGGCDazMJGoWNBpc03u6+smc95dEead2KlZXBATOdFT1VesY3+nUOqZhEhTGlDMi
-hkgaZnzoIq/Uamidegk4hirsCT/R+6vsKAAxNTcBjUeZjlykCJWy5ojShGftXIKY
-w/njVbKMXrvc83qmTdGl3TAM0fxQIpqgcglFLveEBgzn
------END CERTIFICATE-----
-"""
-
-root_key_pem = """-----BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQD5mkLpi7q6ROdu7khB3S9aanA0Zls7vvfGOmB80/yeylhGpsjA
-jWen0VtSQke/NlEPGtO38tsV7CsuFnSmschvAnGrcJl76b0UOOHUgDTIoRxC6QDU
-3claegwsrBA+sJEBbqx5RdXbIRGicPG/8qQ4Zm1SKOgotcbwiaor2yxZ2wIDAQAB
-AoGBAPCgMpmLxzwDaUmcFbTJUvlLW1hoxNNYSu2jIZm1k/hRAcE60JYwvBkgz3UB
-yMEh0AtLxYe0bFk6EHah11tMUPgscbCq73snJ++8koUw+csk22G65hOs51bVb7Aa
-6JBe67oLzdtvgCUFAA2qfrKzWRZzAdhUirQUZgySZk+Xq1pBAkEA/kZG0A6roTSM
-BVnx7LnPfsycKUsTumorpXiylZJjTi9XtmzxhrYN6wgZlDOOwOLgSQhszGpxVoMD
-u3gByT1b2QJBAPtL3mSKdvwRu/+40zaZLwvSJRxaj0mcE4BJOS6Oqs/hS1xRlrNk
-PpQ7WJ4yM6ZOLnXzm2mKyxm50Mv64109FtMCQQDOqS2KkjHaLowTGVxwC0DijMfr
-I9Lf8sSQk32J5VWCySWf5gGTfEnpmUa41gKTMJIbqZZLucNuDcOtzUaeWZlZAkA8
-ttXigLnCqR486JDPTi9ZscoZkZ+w7y6e/hH8t6d5Vjt48JVyfjPIaJY+km58LcN3
-6AWSeGAdtRFHVzR7oHjVAkB4hutvxiOeiIVQNBhM6RSI9aBPMI21DoX2JRoxvNW2
-cbvAhow217X9V0dVerEOKxnNYspXRrh36h7k4mQA+sDq
------END RSA PRIVATE KEY-----
-"""
-
-server_cert_pem = """-----BEGIN CERTIFICATE-----
-MIICKDCCAZGgAwIBAgIJAJn/HpR21r/8MA0GCSqGSIb3DQEBBQUAMFgxCzAJBgNV
-BAYTAlVTMQswCQYDVQQIEwJJTDEQMA4GA1UEBxMHQ2hpY2FnbzEQMA4GA1UEChMH
-VGVzdGluZzEYMBYGA1UEAxMPVGVzdGluZyBSb290IENBMCIYDzIwMDkwMzI1MTIz
-NzUzWhgPMjAxNzA2MTExMjM3NTNaMBgxFjAUBgNVBAMTDWxvdmVseSBzZXJ2ZXIw
-gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL6m+G653V0tpBC/OKl22VxOi2Cv
-lK4TYu9LHSDP9uDVTe7V5D5Tl6qzFoRRx5pfmnkqT5B+W9byp2NU3FC5hLm5zSAr
-b45meUhjEJ/ifkZgbNUjHdBIGP9MAQUHZa5WKdkGIJvGAvs8UzUqlr4TBWQIB24+
-lJ+Ukk/CRgasrYwdAgMBAAGjNjA0MB0GA1UdDgQWBBS4kC7Ij0W1TZXZqXQFAM2e
-gKEG2DATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQUFAAOBgQBh30Li
-dJ+NlxIOx5343WqIBka3UbsOb2kxWrbkVCrvRapCMLCASO4FqiKWM+L0VDBprqIp
-2mgpFQ6FHpoIENGvJhdEKpptQ5i7KaGhnDNTfdy3x1+h852G99f1iyj0RmbuFcM8
-uzujnS8YXWvM7DM1Ilozk4MzPug8jzFp5uhKCQ==
------END CERTIFICATE-----
-"""
-
-server_key_pem = """-----BEGIN RSA PRIVATE KEY-----
-MIICWwIBAAKBgQC+pvhuud1dLaQQvzipdtlcTotgr5SuE2LvSx0gz/bg1U3u1eQ+
-U5eqsxaEUceaX5p5Kk+QflvW8qdjVNxQuYS5uc0gK2+OZnlIYxCf4n5GYGzVIx3Q
-SBj/TAEFB2WuVinZBiCbxgL7PFM1Kpa+EwVkCAduPpSflJJPwkYGrK2MHQIDAQAB
-AoGAbwuZ0AR6JveahBaczjfnSpiFHf+mve2UxoQdpyr6ROJ4zg/PLW5K/KXrC48G
-j6f3tXMrfKHcpEoZrQWUfYBRCUsGD5DCazEhD8zlxEHahIsqpwA0WWssJA2VOLEN
-j6DuV2pCFbw67rfTBkTSo32ahfXxEKev5KswZk0JIzH3ooECQQDgzS9AI89h0gs8
-Dt+1m11Rzqo3vZML7ZIyGApUzVan+a7hbc33nbGRkAXjHaUBJO31it/H6dTO+uwX
-msWwNG5ZAkEA2RyFKs5xR5USTFaKLWCgpH/ydV96KPOpBND7TKQx62snDenFNNbn
-FwwOhpahld+vqhYk+pfuWWUpQciE+Bu7ZQJASjfT4sQv4qbbKK/scePicnDdx9th
-4e1EeB9xwb+tXXXUo/6Bor/AcUNwfiQ6Zt9PZOK9sR3lMZSsP7rMi7kzuQJABie6
-1sXXjFH7nNJvRG4S39cIxq8YRYTy68II/dlB2QzGpKxV/POCxbJ/zu0CU79tuYK7
-NaeNCFfH3aeTrX0LyQJAMBWjWmeKM2G2sCExheeQK0ROnaBC8itCECD4Jsve4nqf
-r50+LF74iLXFwqysVCebPKMOpDWp/qQ1BbJQIPs7/A==
------END RSA PRIVATE KEY-----
-"""
-
-client_cert_pem = """-----BEGIN CERTIFICATE-----
-MIICJjCCAY+gAwIBAgIJAKxpFI5lODkjMA0GCSqGSIb3DQEBBQUAMFgxCzAJBgNV
-BAYTAlVTMQswCQYDVQQIEwJJTDEQMA4GA1UEBxMHQ2hpY2FnbzEQMA4GA1UEChMH
-VGVzdGluZzEYMBYGA1UEAxMPVGVzdGluZyBSb290IENBMCIYDzIwMDkwMzI1MTIz
-ODA1WhgPMjAxNzA2MTExMjM4MDVaMBYxFDASBgNVBAMTC3VnbHkgY2xpZW50MIGf
-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDAZh/SRtNm5ntMT4qb6YzEpTroMlq2
-rn+GrRHRiZ+xkCw/CGNhbtPir7/QxaUj26BSmQrHw1bGKEbPsWiW7bdXSespl+xK
-iku4G/KvnnmWdeJHqsiXeUZtqurMELcPQAw9xPHEuhqqUJvvEoMTsnCEqGM+7Dtb
-oCRajYyHfluARQIDAQABozYwNDAdBgNVHQ4EFgQUNQB+qkaOaEVecf1J3TTUtAff
-0fAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADgYEAyv/Jh7gM
-Q3OHvmsFEEvRI+hsW8y66zK4K5de239Y44iZrFYkt7Q5nBPMEWDj4F2hLYWL/qtI
-9Zdr0U4UDCU9SmmGYh4o7R4TZ5pGFvBYvjhHbkSFYFQXZxKUi+WUxplP6I0wr2KJ
-PSTJCjJOn3xo2NTKRgV1gaoTf2EhL+RG8TQ=
------END CERTIFICATE-----
-"""
-
-client_key_pem = """-----BEGIN RSA PRIVATE KEY-----
-MIICXgIBAAKBgQDAZh/SRtNm5ntMT4qb6YzEpTroMlq2rn+GrRHRiZ+xkCw/CGNh
-btPir7/QxaUj26BSmQrHw1bGKEbPsWiW7bdXSespl+xKiku4G/KvnnmWdeJHqsiX
-eUZtqurMELcPQAw9xPHEuhqqUJvvEoMTsnCEqGM+7DtboCRajYyHfluARQIDAQAB
-AoGATkZ+NceY5Glqyl4mD06SdcKfV65814vg2EL7V9t8+/mi9rYL8KztSXGlQWPX
-zuHgtRoMl78yQ4ZJYOBVo+nsx8KZNRCEBlE19bamSbQLCeQMenWnpeYyQUZ908gF
-h6L9qsFVJepgA9RDgAjyDoS5CaWCdCCPCH2lDkdcqC54SVUCQQDseuduc4wi8h4t
-V8AahUn9fn9gYfhoNuM0gdguTA0nPLVWz4hy1yJiWYQe0H7NLNNTmCKiLQaJpAbb
-TC6vE8C7AkEA0Ee8CMJUc20BnGEmxwgWcVuqFWaKCo8jTH1X38FlATUsyR3krjW2
-dL3yDD9NwHxsYP7nTKp/U8MV7U9IBn4y/wJBAJl7H0/BcLeRmuJk7IqJ7b635iYB
-D/9beFUw3MUXmQXZUfyYz39xf6CDZsu1GEdEC5haykeln3Of4M9d/4Kj+FcCQQCY
-si6xwT7GzMDkk/ko684AV3KPc/h6G0yGtFIrMg7J3uExpR/VdH2KgwMkZXisSMvw
-JJEQjOMCVsEJlRk54WWjAkEAzoZNH6UhDdBK5F38rVt/y4SEHgbSfJHIAmPS32Kq
-f6GGcfNpip0Uk7q7udTKuX7Q/buZi/C4YW7u3VKAquv9NA==
------END RSA PRIVATE KEY-----
-"""
-
 def verify_cb(conn, cert, errnum, depth, ok):
     return ok
 
@@ -615,8 +553,8 @@
             established = True  # assume the best
             for ssl in client_conn, server_conn:
                 try:
-                    # Generally a recv() or send() could also work instead 
-                    # of do_handshake(), and we would stop on the first 
+                    # Generally a recv() or send() could also work instead
+                    # of do_handshake(), and we would stop on the first
                     # non-exception.
                     ssl.do_handshake()
                 except WantReadError:
@@ -687,6 +625,218 @@
         self.assertEquals(e.__class__, Error)
 
 
+    def _check_client_ca_list(self, func):
+        """
+        Verify the return value of the C{get_client_ca_list} method for server and client connections.
+
+        @param func: A function which will be called with the server context
+            before the client and server are connected to each other.  This
+            function should specify a list of CAs for the server to send to the
+            client and return that same list.  The list will be used to verify
+            that C{get_client_ca_list} returns the proper value at various
+            times.
+        """
+        server = self._server(None)
+        client = self._client(None)
+        self.assertEqual(client.get_client_ca_list(), [])
+        self.assertEqual(server.get_client_ca_list(), [])
+        ctx = server.get_context()
+        expected = func(ctx)
+        self.assertEqual(client.get_client_ca_list(), [])
+        self.assertEqual(server.get_client_ca_list(), expected)
+        self._loopback(client, server)
+        self.assertEqual(client.get_client_ca_list(), expected)
+        self.assertEqual(server.get_client_ca_list(), expected)
+
+
+    def test_set_client_ca_list_errors(self):
+        """
+        L{Context.set_client_ca_list} raises a L{TypeError} if called with a
+        non-list or a list that contains objects other than X509Names.
+        """
+        ctx = Context(TLSv1_METHOD)
+        self.assertRaises(TypeError, ctx.set_client_ca_list, "spam")
+        self.assertRaises(TypeError, ctx.set_client_ca_list, ["spam"])
+        self.assertIdentical(ctx.set_client_ca_list([]), None)
+
+
+    def test_set_empty_ca_list(self):
+        """
+        If passed an empty list, L{Context.set_client_ca_list} configures the
+        context to send no CA names to the client and, on both the server and
+        client sides, L{Connection.get_client_ca_list} returns an empty list
+        after the connection is set up.
+        """
+        def no_ca(ctx):
+            ctx.set_client_ca_list([])
+            return []
+        self._check_client_ca_list(no_ca)
+
+
+    def test_set_one_ca_list(self):
+        """
+        If passed a list containing a single X509Name,
+        L{Context.set_client_ca_list} configures the context to send that CA
+        name to the client and, on both the server and client sides,
+        L{Connection.get_client_ca_list} returns a list containing that
+        X509Name after the connection is set up.
+        """
+        cacert = load_certificate(FILETYPE_PEM, root_cert_pem)
+        cadesc = cacert.get_subject()
+        def single_ca(ctx):
+            ctx.set_client_ca_list([cadesc])
+            return [cadesc]
+        self._check_client_ca_list(single_ca)
+
+
+    def test_set_multiple_ca_list(self):
+        """
+        If passed a list containing multiple X509Name objects,
+        L{Context.set_client_ca_list} configures the context to send those CA
+        names to the client and, on both the server and client sides,
+        L{Connection.get_client_ca_list} returns a list containing those
+        X509Names after the connection is set up.
+        """
+        secert = load_certificate(FILETYPE_PEM, server_cert_pem)
+        clcert = load_certificate(FILETYPE_PEM, server_cert_pem)
+
+        sedesc = secert.get_subject()
+        cldesc = clcert.get_subject()
+
+        def multiple_ca(ctx):
+            L = [sedesc, cldesc]
+            ctx.set_client_ca_list(L)
+            return L
+        self._check_client_ca_list(multiple_ca)
+
+
+    def test_reset_ca_list(self):
+        """
+        If called multiple times, only the X509Names passed to the final call
+        of L{Context.set_client_ca_list} are used to configure the CA names
+        sent to the client.
+        """
+        cacert = load_certificate(FILETYPE_PEM, root_cert_pem)
+        secert = load_certificate(FILETYPE_PEM, server_cert_pem)
+        clcert = load_certificate(FILETYPE_PEM, server_cert_pem)
+
+        cadesc = cacert.get_subject()
+        sedesc = secert.get_subject()
+        cldesc = clcert.get_subject()
+
+        def changed_ca(ctx):
+            ctx.set_client_ca_list([sedesc, cldesc])
+            ctx.set_client_ca_list([cadesc])
+            return [cadesc]
+        self._check_client_ca_list(changed_ca)
+
+
+    def test_mutated_ca_list(self):
+        """
+        If the list passed to L{Context.set_client_ca_list} is mutated
+        afterwards, this does not affect the list of CA names sent to the
+        client.
+        """
+        cacert = load_certificate(FILETYPE_PEM, root_cert_pem)
+        secert = load_certificate(FILETYPE_PEM, server_cert_pem)
+
+        cadesc = cacert.get_subject()
+        sedesc = secert.get_subject()
+
+        def mutated_ca(ctx):
+            L = [cadesc]
+            ctx.set_client_ca_list([cadesc])
+            L.append(sedesc)
+            return [cadesc]
+        self._check_client_ca_list(mutated_ca)
+
+
+    def test_add_client_ca_errors(self):
+        """
+        L{Context.add_client_ca} raises L{TypeError} if called with a non-X509
+        object or with a number of arguments other than one.
+        """
+        ctx = Context(TLSv1_METHOD)
+        cacert = load_certificate(FILETYPE_PEM, root_cert_pem)
+        self.assertRaises(TypeError, ctx.add_client_ca)
+        self.assertRaises(TypeError, ctx.add_client_ca, "spam")
+        self.assertRaises(TypeError, ctx.add_client_ca, cacert, cacert)
+
+
+    def test_one_add_client_ca(self):
+        """
+        A certificate's subject can be added as a CA to be sent to the client
+        with L{Context.add_client_ca}.
+        """
+        cacert = load_certificate(FILETYPE_PEM, root_cert_pem)
+        cadesc = cacert.get_subject()
+        def single_ca(ctx):
+            ctx.add_client_ca(cacert)
+            return [cadesc]
+        self._check_client_ca_list(single_ca)
+
+
+    def test_multiple_add_client_ca(self):
+        """
+        Multiple CA names can be sent to the client by calling
+        L{Context.add_client_ca} with multiple X509 objects.
+        """
+        cacert = load_certificate(FILETYPE_PEM, root_cert_pem)
+        secert = load_certificate(FILETYPE_PEM, server_cert_pem)
+
+        cadesc = cacert.get_subject()
+        sedesc = secert.get_subject()
+
+        def multiple_ca(ctx):
+            ctx.add_client_ca(cacert)
+            ctx.add_client_ca(secert)
+            return [cadesc, sedesc]
+        self._check_client_ca_list(multiple_ca)
+
+
+    def test_set_and_add_client_ca(self):
+        """
+        A call to L{Context.set_client_ca_list} followed by a call to
+        L{Context.add_client_ca} results in using the CA names from the first
+        call and the CA name from the second call.
+        """
+        cacert = load_certificate(FILETYPE_PEM, root_cert_pem)
+        secert = load_certificate(FILETYPE_PEM, server_cert_pem)
+        clcert = load_certificate(FILETYPE_PEM, server_cert_pem)
+
+        cadesc = cacert.get_subject()
+        sedesc = secert.get_subject()
+        cldesc = clcert.get_subject()
+
+        def mixed_set_add_ca(ctx):
+            ctx.set_client_ca_list([cadesc, sedesc])
+            ctx.add_client_ca(clcert)
+            return [cadesc, sedesc, cldesc]
+        self._check_client_ca_list(mixed_set_add_ca)
+
+
+    def test_set_after_add_client_ca(self):
+        """
+        A call to L{Context.set_client_ca_list} after a call to
+        L{Context.add_client_ca} replaces the CA name specified by the former
+        call with the names specified by the latter cal.
+        """
+        cacert = load_certificate(FILETYPE_PEM, root_cert_pem)
+        secert = load_certificate(FILETYPE_PEM, server_cert_pem)
+        clcert = load_certificate(FILETYPE_PEM, server_cert_pem)
+
+        cadesc = cacert.get_subject()
+        sedesc = secert.get_subject()
+        cldesc = clcert.get_subject()
+
+        def set_replaces_add_ca(ctx):
+            ctx.add_client_ca(clcert)
+            ctx.set_client_ca_list([cadesc])
+            ctx.add_client_ca(secert)
+            return [cadesc, sedesc]
+        self._check_client_ca_list(set_replaces_add_ca)
+
+
 
 if __name__ == '__main__':
     main()
diff --git a/version.py b/version.py
index 11e32f1..35a79cf 100644
--- a/version.py
+++ b/version.py
@@ -5,4 +5,4 @@
 pyOpenSSL - A simple wrapper around the OpenSSL library
 """
 
-__version__ = '0.9'
+__version__ = '0.10'