Switch to an explicit curve object.
Happily, this eliminates just about all of the error cases.
diff --git a/doc/api/crypto.rst b/doc/api/crypto.rst
index ee93cfb..974e516 100644
--- a/doc/api/crypto.rst
+++ b/doc/api/crypto.rst
@@ -119,6 +119,28 @@
Generic exception used in the :py:mod:`.crypto` module.
+.. py:function:: get_elliptic_curves
+
+ Return a set of objects representing the elliptic curves supported in the
+ OpenSSL build in use.
+
+ The curve objects have a :py:class:`unicode` ``name`` attribute by which
+ they identifying themselves.
+
+ The curve objects are useful as values for the argument accepted by
+ :py:meth:`Context.set_tmp_ecdh_curve` to specify which elliptical curve
+ should be used for ECDHE key exchange.
+
+
+.. py:function:: get_elliptic_curve
+
+ Return a single curve object selected by name.
+
+ See :py:func:`get_elliptic_curves` for information about curve objects.
+
+ If the named curve is not supported then :py:class:`ValueError` is raised.
+
+
.. py:function:: dump_certificate(type, cert)
Dump the certificate *cert* into a buffer string encoded with the type
diff --git a/doc/api/ssl.rst b/doc/api/ssl.rst
index b7eca70..9016e98 100644
--- a/doc/api/ssl.rst
+++ b/doc/api/ssl.rst
@@ -110,17 +110,6 @@
.. versionadded:: 0.14
-.. py:data:: ELLIPTIC_CURVE_DESCRIPTIONS
-
- A dictionary mapping short names of elliptic curves to textual
- descriptions. This dictionary contains exactly the set of curves
- supported by the OpenSSL build in use.
-
- The keys are the curve names that can be passed into
- Constants used with :py:meth:`Context.set_tmp_ecdh_curve` to
- specify which elliptical curve should be used for ECDHE key exchange.
-
-
.. py:data:: OPENSSL_VERSION_NUMBER
An integer giving the version number of the OpenSSL library used to build this
@@ -327,21 +316,15 @@
Load parameters for Ephemeral Diffie-Hellman from *dhfile*.
-.. py:method:: Context.set_tmp_ecdh_curve(curve_name)
+
+.. py:method:: Context.set_tmp_ecdh_curve(curve)
Select a curve to use for ECDHE key exchange.
- The valid values of *curve_name* are the keys in
- :py:data:`ELLIPTIC_CURVE_DESCRIPTIONS`.
+ The valid values of *curve* are the objects returned by
+ :py:func:`OpenSSL.crypto.get_elliptic_curves` or
+ :py:func:`OpenSSL.crypto.get_elliptic_curve`.
- Raises a subclass of ``ValueError`` if the linked OpenSSL was not
- compiled with elliptical curve support or the specified curve is
- not available. You can check the specific subclass, but, in
- general, you should just handle ``ValueError``.
-
- :param curve_name: The 'short name' of a curve, e.g. 'prime256v1'
- :type curve_name: str
- :return: None
.. py:method:: Context.set_app_data(data)