Get rid of some top-level code, remove the code that reflects a weird edge case (but the weird edge case is still there inside OpenSSL), and add a bit of docs.
diff --git a/OpenSSL/SSL.py b/OpenSSL/SSL.py
index 86410c0..e5ae085 100644
--- a/OpenSSL/SSL.py
+++ b/OpenSSL/SSL.py
@@ -124,18 +124,29 @@
SSL_CB_HANDSHAKE_START = _lib.SSL_CB_HANDSHAKE_START
SSL_CB_HANDSHAKE_DONE = _lib.SSL_CB_HANDSHAKE_DONE
-_Cryptography_HAS_EC = _lib.Cryptography_HAS_EC
-ELLIPTIC_CURVE_DESCRIPTIONS = {} # In case there's no EC support
-if _Cryptography_HAS_EC:
- _num_curves = _lib.EC_get_builtin_curves(_ffi.NULL, 0)
- _curves = _ffi.new('EC_builtin_curve[]', _num_curves)
- if _lib.EC_get_builtin_curves(_curves, _num_curves) == _num_curves:
- ELLIPTIC_CURVE_DESCRIPTIONS = dict(
- (_ffi.string(_lib.OBJ_nid2sn(c.nid)).decode('ascii'),
- _ffi.string(c.comment).decode('utf-8'))
- for c in _curves)
- del _num_curves
- del _curves
+def _get_elliptic_curves(lib):
+ """
+ Load the names of the supported elliptic curves from OpenSSL.
+
+ :param lib: The OpenSSL library binding object.
+ :return: A set of :py:obj:`unicode` giving the names of the elliptic curves
+ the underlying library supports.
+ """
+ if lib.Cryptography_HAS_EC:
+ num_curves = lib.EC_get_builtin_curves(_ffi.NULL, 0)
+ builtin_curves = _ffi.new('EC_builtin_curve[]', num_curves)
+ # The return value on this call should be num_curves again. We could
+ # check it to make sure but if it *isn't* then.. what could we do?
+ # Abort the whole process, I suppose...? -exarkun
+ lib.EC_get_builtin_curves(builtin_curves, num_curves)
+ return set(
+ _ffi.string(lib.OBJ_nid2sn(c.nid)).decode("ascii")
+ for c in builtin_curves)
+ else:
+ return set()
+
+ELLIPTIC_CURVES = _get_elliptic_curves()
+
class Error(Exception):