!( M      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijk l m n o p q r s t u v w x y z { | } ~        !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~!None  HsOpenSSLComputation of  action= initializes the OpenSSL library as necessary, and computes actionZ. Every application that uses HsOpenSSL must wrap any operations involving OpenSSL with , or they might crash: Rmodule Main where import OpenSSL main :: IO () main = withOpenSSL $ do ...Since 0.10.3.5,  is safe to be applied redundantly. Library authors may wish to wrap their functions not to force their users to think about initialization: Qget :: URI -> IO Response get uri = withOpenSSL $ internalImplementationOfGet uriSafe!; Safe!None+ HsOpenSSL str lazilly encodes a stream of data to Base64. The string doesn't have to be finite. Note that the string must not contain any letters which aren't in the range of U+0000 - U+00FF. HsOpenSSL bs, strictly encodes a chunk of data to Base64. HsOpenSSL lbsS lazilly encodes a stream of data to Base64. The string doesn't have to be finite. HsOpenSSL strU lazilly decodes a stream of data from Base64. The string doesn't have to be finite. HsOpenSSL bs/ strictly decodes a chunk of data from Base64. HsOpenSSL lbsU lazilly decodes a stream of data from Base64. The string doesn't have to be finite.Safe,+Safe1m  HsOpenSSL}The behaviour of the SSL library can be changed by setting several options. During a handshake, the option settings of the  object are used. When a new  object is created from a 4, the current option setting is copied. Changes to  do not affect already created  objects.  HsOpenSSL.As of OpenSSL 1.0.0 this option has no effect.  HsOpenSSL.As of OpenSSL 1.0.0 this option has no effect.  HsOpenSSL;As of OpenSSL 0.9.8q and 1.0.0c, this option has no effect. HsOpenSSLDon't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X. OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers. HsOpenSSLDisables a countermeasure against a SSL 3.0/TLS 1.0 protocol vulnerability affecting CBC ciphers, which cannot be handled by some broken SSL implementations. This option has no effect for connections using other ciphers. HsOpenSSL!All of the above bug workarounds. HsOpenSSL*Disable version rollback attack detection. During the client key exchange, the client must send the same information about acceptable SSL/TLS protocol levels as during the first hello. Some clients violate this rule by adapting to the server's answer. (Example: the client sends a SSLv2 hello and accepts up to SSLv3.1=TLSv1, the server only understands up to SSLv3. In this case the client must still use the same SSLv3.1=TLSv1 announcement. Some clients step down to SSLv3 with respect to the server's answer and violate the version rollback protection.) HsOpenSSLpAlways create a new key when using temporary/ephemeral DH parameters. This option must be used to prevent small subgroup attacks, when the DH parameters were not generated using "strong" primes (e.g. when using DSA-parameters). If "strong" primes were used, it is not strictly necessary to generate a new DH key during each handshake but it is also recommended. R should therefore be enabled whenever temporary/ephemeral DH parameters are used. HsOpenSSLAlways use ephemeral (temporary) RSA key when doing RSA operations. According to the specifications this is only done, when a RSA key can only be used for signature operations (namely under export ciphers with restricted RSA keylength). By setting this option, ephemeral RSA keys are always used. This option breaks compatibility with the SSL/TLS specifications and may lead to interoperability problems with clients and should therefore never be used. Ciphers with DHE (ephemeral Diffie-Hellman) key exchange should be used instead. HsOpenSSLrWhen choosing a cipher, use the server's preferences instead of the client preferences. When not set, the SSL server will always follow the clients preferences. When set, the SSLv3/TLSv1 server will choose following its own preferences. Because of the different protocol, for SSLv2 the server will send its list of preferences to the client and the client chooses. HsOpenSSLIf we accept a netscape connection, demand a client cert, have a non-self-signed CA which does not have its CA in netscape, and the browser has a cert, it will crash/hang. Works for 3.x and 4.xbeta HsOpenSSLDo not use the SSLv2 protocol. HsOpenSSLDo not use the SSLv3 protocol. HsOpenSSLDo not use the TLSv1 protocol.  HsOpenSSLWhen performing renegotiation as a server, always start a new session (i.e., session resumption requests are only accepted in the initial handshake). This option is not needed for clients.! HsOpenSSLONormally clients and servers will, where possible, transparently make use of  "http://tools.ietf.org/html/rfc4507RFC 4507+ tickets for stateless session resumption.iIf this option is set this functionality is disabled and tickets will not be used by clients or servers." HsOpenSSL\Allow legacy insecure renegotiation between OpenSSL and unpatched clients or servers. See  Nhttps://www.openssl.org/docs/ssl/SSL_CTX_set_options.html#secure_renegotiationSECURE RENEGOTIATION for more details.# HsOpenSSLXAllow legacy insecure renegotiation between OpenSSL and unpatched servers _only_. See  Nhttps://www.openssl.org/docs/ssl/SSL_CTX_set_options.html#secure_renegotiationSECURE RENEGOTIATION for more details.  !"#Safen6 Safeo HsOpenSSL"Convert an integer to a hex string HsOpenSSL"Convert a hex string to an integerSafex$ HsOpenSSLNReturn a bytestring consisting of the given number of strongly random bytes% HsOpenSSLLReturn a bytestring consisting of the given number of pseudo random bytes& HsOpenSSLAdd data to the entropy pool. It's safe to add sensitive information (e.g. user passwords etc) to the pool. Also, adding data with an entropy of 0 can never hurt.$ HsOpenSSLthe number of bytes requested% HsOpenSSLthe number of bytes requested& HsOpenSSL#random data to be added to the pool HsOpenSSL3the number of bits of entropy in the first argument$%&$%&None0 ' HsOpenSSLInstances of class '% can be converted back and forth to -.( HsOpenSSLWrap the key (i.g. RSA) into ,.) HsOpenSSL"Extract the concrete key from the , . Returns  if the type mismatches.* HsOpenSSLDo the same as EVP_PKEY_size().+ HsOpenSSL3Return the default digesting algorithm for the key.- HsOpenSSLVaguePKey is a  to ,P, that is either public key or a ker pair. We can't tell which at compile time.6 HsOpenSSLDigestE is an opaque object that represents an algorithm of message digest.8 HsOpenSSL CryptoMode represents instruction to cipher and such like.? HsOpenSSLCipherG is an opaque object that represents an algorithm of symmetric cipher.G HsOpenSSLkey HsOpenSSLIV6'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\6?@>AB<=;CDE89:FGHIJK675L342MNOPQR01/STUV-.,'()*+XWYZ[\None] HsOpenSSL] name3 returns a message digest algorithm whose name is name-. If no algorithms are found, the result is Nothing.^ HsOpenSSL^6 returns a list of name of message digest algorithms._ HsOpenSSL_r digests a stream of data. The string must not contain any letters which aren't in the range of U+0000 - U+00FF.` HsOpenSSL` digests a chunk of data.a HsOpenSSLa digests a stream of data.b HsOpenSSLGPerform a private key signing using the HMAC template with a given hashd HsOpenSSLACalculate a PKCS5-PBKDF2 SHA1-HMAC suitable for password hashing.b HsOpenSSL0the hash function to use in the HMAC calculation HsOpenSSL the HMAC key HsOpenSSLthe data to be signed HsOpenSSLresulting HMACd HsOpenSSLpassword HsOpenSSLsalt HsOpenSSL iterations HsOpenSSLdestination key length HsOpenSSLdestination key 6]^_`abcd 6]^_`abcdNonee HsOpenSSLe name5 returns a symmetric cipher algorithm whose name is name-. If no algorithms are found, the result is Nothing.f HsOpenSSLf8 returns a list of name of symmetric cipher algorithms.g HsOpenSSLEEncrypt a lazy bytestring in a strict manner. Does not leak the keys.h HsOpenSSLhh lazilly encrypts or decrypts a stream of data. The input string doesn't necessarily have to be finite.i HsOpenSSLi/ strictly encrypts or decrypts a chunk of data.j HsOpenSSLjh lazilly encrypts or decrypts a stream of data. The input string doesn't necessarily have to be finite.g HsOpenSSLCipher HsOpenSSLKey HsOpenSSLIV HsOpenSSLEncrypt/Decrypt HsOpenSSLInputh HsOpenSSLalgorithm to use HsOpenSSL symmetric key HsOpenSSLIV HsOpenSSL operation HsOpenSSLAn input string to encrypt/decrypt. Note that the string must not contain any letters which aren't in the range of U+0000 - U+00FF. HsOpenSSLthe result stringi HsOpenSSLalgorithm to use HsOpenSSL symmetric key HsOpenSSLIV HsOpenSSL operation HsOpenSSLinput string to encrypt/decrypt HsOpenSSLthe result stringj HsOpenSSLalgorithm to use HsOpenSSL symmetric key HsOpenSSLIV HsOpenSSL operation HsOpenSSLinput string to encrypt/decrypt HsOpenSSLthe result string 89:?efghij ?ef89:hijg None9o HsOpenSSL<Construct a new context which holds the key schedule and IV.p HsOpenSSLoEncrypt some number of blocks using CBC. This is an IO function because the context is destructivly updated.q HsOpenSSLsEncrypt some number of bytes using CTR mode. This is an IO function because the context is destructivly updated.o HsOpenSSL)For CTR mode, this must always be Encrypt HsOpenSSLKey: 128, 192 or 256 bits long HsOpenSSLIV: 16 bytes longp HsOpenSSLcontext HsOpenSSL0input, must be multiple of block size (16 bytes)q HsOpenSSLcontext HsOpenSSLinput, any number of bytesklmnopqlmnkopq Noneu HsOpenSSLu/ is an opaque object representing a big number.v HsOpenSSLv f allocates a u and computes f. Then it frees the u.y HsOpenSSLConvert a BIGNUM to an .z HsOpenSSLReturn a new, alloced BIGNUM.{ HsOpenSSL{ n f converts n to a u and computes f. Then it frees the u.| HsOpenSSLThis is an alias to y.} HsOpenSSLThis is an alias to z. HsOpenSSLConvert a BigNum to an MPI: a serialisation of large ints which has a 4-byte, big endian length followed by the bytes of the number in most-significant-first order. HsOpenSSLCConvert an MPI into a BigNum. See bnToMPI for details of the format~ HsOpenSSL8Convert an Integer to an MPI. See bnToMPI for the format HsOpenSSL8Convert an MPI to an Integer. See bnToMPI for the format HsOpenSSL a p m computes a to the p-th power modulo m. HsOpenSSLhReturn a strongly random number in the range 0 <= x < n where the given filter function returns true. HsOpenSSL_Return a random number in the range 0 <= x < n where the given filter function returns true. HsOpenSSL7Return a strongly random number in the range 0 <= x < n HsOpenSSL6Return a strongly random number in the range 0 < x < n HsOpenSSL.Return a random number in the range 0 <= x < n HsOpenSSL-Return a random number in the range 0 < x < n HsOpenSSLa filter function HsOpenSSLone plus the upper limit HsOpenSSLa filter function HsOpenSSLone plus the upper limittuvwxyz{|}~utv{}xw|zy~ None1 HsOpenSSLT represents a callback function to get informed the progress of RSA key generation. callback 0 i is called after generating the i-th potential prime number.0While the number is being tested for primality,  callback 1 j is called after the j-th iteration (j = 0, 1, ...). When the nI-th randomly generated prime is rejected as not suitable for the key,  callback 2 n is called.When a random p has been found with p-1 relatively prime to e, it is called as  callback 3 0.'The process is then repeated for prime q with  callback 3 1. HsOpenSSL a is either  or . HsOpenSSL key returns the length of key. HsOpenSSL key' returns the public modulus of the key. HsOpenSSL key( returns the public exponent of the key. HsOpenSSL1 is an opaque object that represents RSA keypair. HsOpenSSL4 is an opaque object that represents RSA public key. HsOpenSSL6Make a copy of the public parameters of the given key. HsOpenSSL generates an RSA keypair. HsOpenSSLA simplified alternative to  HsOpenSSL privKey) returns the private exponent of the key. HsOpenSSL privkey! returns the secret prime factor p of the key. HsOpenSSL privkey! returns the secret prime factor q of the key. HsOpenSSL privkey returns  d mod (p-1) of the key. HsOpenSSL privkey returns  d mod (q-1) of the key. HsOpenSSL privkey returns  q^-1 mod p of the key. HsOpenSSLLThe number of bits of the public modulus (i.e. key size). Key sizes with  n < 1024 should be considered insecure. HsOpenSSLFThe public exponent. It is an odd number, typically 3, 17 or 65537. HsOpenSSLA callback function. HsOpenSSLThe generated keypair. HsOpenSSLLThe number of bits of the public modulus (i.e. key size). Key sizes with  n < 1024 should be considered insecure. HsOpenSSLFThe public exponent. It is an odd number, typically 3, 17 or 65537. HsOpenSSLThe generated keypair. None/ HsOpenSSL<Generate a function that decodes a key from ASN.1 DER format HsOpenSSL:Generate a function that encodes a key in ASN.1 DER format HsOpenSSL%Dump a public key to ASN.1 DER format HsOpenSSL(Parse a public key from ASN.1 DER format HsOpenSSL&Dump a private key to ASN.1 DER format HsOpenSSL)Parse a private key from ASN.1 DER format HsOpenSSLYou can pass either  or 3 because both contain the necessary information. HsOpenSSL/The public key information encoded in ASN.1 DER HsOpenSSL0The private key information encoded in ASN.1 DER HsOpenSSLThis can return either  or 4 because there s sufficient information for both. None1o HsOpenSSL a is either  or . HsOpenSSLReturn the length of key. HsOpenSSL*Return the public prime number of the key. HsOpenSSL$Return the public 160-bit subprime,  q | p - 1 of the key. HsOpenSSL3Return the public generator of subgroup of the key. HsOpenSSLReturn the public key y = g^x. HsOpenSSLKThe type of a DSA keypair, includes parameters p, q, g, public and private. HsOpenSSLEThe type of a DSA public key, includes parameters p, q, g and public. HsOpenSSLGenerate DSA parameters (*not* a key, but required for a key). This is a compute intensive operation. See FIPS 186-2, app 2. This agrees with the test vectors given in FIP 186-2, app 5 HsOpenSSL2Generate a new DSA keypair, given valid parameters HsOpenSSLReturn the private key x. HsOpenSSLYConvert a DSAPubKey object to a tuple of its members in the order p, q, g, and public. HsOpenSSLbConvert a DSAKeyPair object to a tuple of its members in the order p, q, g, public and private. HsOpenSSL:Convert a tuple of members (in the same format as from ) into a DSAPubKey object HsOpenSSL:Convert a tuple of members (in the same format as from ) into a DSAPubKey object HsOpenSSLA utility function to generate both the parameters and the key pair at the same time. Saves serialising and deserialising the parameters too HsOpenSSLSign pre-digested data. The DSA specs call for SHA1 to be used so, if you use anything else, YMMV. Returns a pair of Integers which, together, are the signature HsOpenSSL+Verify pre-digested data given a signature. HsOpenSSL;The number of bits in the generated prime: 512 <= x <= 1024 HsOpenSSL*optional seed, its length must be 20 bytes HsOpenSSL+(iteration count, generator count, p, q, g) HsOpenSSLp HsOpenSSLq HsOpenSSLg HsOpenSSL;The number of bits in the generated prime: 512 <= x <= 1024 HsOpenSSL*optional seed, its length must be 20 bytesNone1CQV HsOpenSSLqThis is an opaque type to hold an arbitrary keypair in it. The actual key type can be safelly type-casted using . HsOpenSSLtThis is an opaque type to hold an arbitrary public key in it. The actual key type can be safelly type-casted using . HsOpenSSLNInstances of this class has both of public and private portions of a keypair. HsOpenSSL0Wrap an arbitrary keypair into polymorphic type . HsOpenSSLCast from the polymorphic type  to the concrete type. Return  if failed. HsOpenSSLpInstances of this class has at least public portion of a keypair. They might or might not have the private key. HsOpenSSL4Wrap an arbitrary public key into polymorphic type . HsOpenSSLCast from the polymorphic type  to the concrete type. Return  if failed.None1+ HsOpenSSL% represents a result of verification. HsOpenSSL verifies a signature and a stream of data. The string must not contain any letters which aren't in the range of U+0000 - U+00FF. HsOpenSSL* verifies a signature and a chunk of data. HsOpenSSL* verifies a signature of a stream of data. HsOpenSSLmessage digest algorithm to use HsOpenSSLmessage signature HsOpenSSL"public key to verify the signature HsOpenSSLinput string to verify HsOpenSSLthe result of verification HsOpenSSLmessage digest algorithm to use HsOpenSSLmessage signature HsOpenSSL"public key to verify the signature HsOpenSSLinput string to verify HsOpenSSLthe result of verification HsOpenSSLmessage digest algorithm to use HsOpenSSLmessage signature HsOpenSSL"public key to verify the signature HsOpenSSLinput string to verify HsOpenSSLthe result of verificationNone7 HsOpenSSL generates a signature from a stream of data. The string must not contain any letters which aren't in the range of U+0000 - U+00FF. HsOpenSSL, generates a signature from a chunk of data. HsOpenSSL- generates a signature from a stream of data. HsOpenSSLmessage digest algorithm to use HsOpenSSL&private key to sign the message digest HsOpenSSL input string HsOpenSSLthe result signature HsOpenSSLmessage digest algorithm to use HsOpenSSL&private key to sign the message digest HsOpenSSL input string HsOpenSSLthe result signature HsOpenSSLmessage digest algorithm to use HsOpenSSL&private key to sign the message digest HsOpenSSL input string HsOpenSSLthe result signatureNoneIa HsOpenSSL\ lazilly encrypts a stream of data. The input string doesn't necessarily have to be finite. HsOpenSSL# strictly encrypts a chunk of data. HsOpenSSL\ lazilly encrypts a stream of data. The input string doesn't necessarily have to be finite. HsOpenSSL!symmetric cipher algorithm to use HsOpenSSLA list of public keys to encrypt a symmetric key. At least one public key must be supplied. If two or more keys are given, the symmetric key are encrypted by each public keys so that any of the corresponding private keys can decrypt the message. HsOpenSSLinput string to encrypt HsOpenSSL:(encrypted string, list of encrypted asymmetric keys, IV) HsOpenSSL!symmetric cipher algorithm to use HsOpenSSL1list of public keys to encrypt a symmetric key HsOpenSSLinput string to encrypt HsOpenSSL:(encrypted string, list of encrypted asymmetric keys, IV) HsOpenSSL!symmetric cipher algorithm to use HsOpenSSL1list of public keys to encrypt a symmetric key HsOpenSSLinput string to encrypt HsOpenSSL:(encrypted string, list of encrypted asymmetric keys, IV)NoneX HsOpenSSL\ lazilly decrypts a stream of data. The input string doesn't necessarily have to be finite. HsOpenSSL decrypts a chunk of data. HsOpenSSL\ lazilly decrypts a stream of data. The input string doesn't necessarily have to be finite. HsOpenSSL!symmetric cipher algorithm to use HsOpenSSL3encrypted symmetric key to decrypt the input string HsOpenSSLIV HsOpenSSL(private key to decrypt the symmetric key HsOpenSSLinput string to decrypt HsOpenSSLdecrypted string HsOpenSSL!symmetric cipher algorithm to use HsOpenSSL3encrypted symmetric key to decrypt the input string HsOpenSSLIV HsOpenSSL(private key to decrypt the symmetric key HsOpenSSLinput string to decrypt HsOpenSSLdecrypted string HsOpenSSL!symmetric cipher algorithm to use HsOpenSSL3encrypted symmetric key to decrypt the input string HsOpenSSLIV HsOpenSSL(private key to decrypt the symmetric key HsOpenSSLinput string to decrypt HsOpenSSLdecrypted stringNone_: HsOpenSSL gen n generates n-bit long DH parameters. HsOpenSSL#Get DH parameters length (in bits). HsOpenSSL&Check that DH parameters are coherent. HsOpenSSLHThe first step of a key exchange. Public and private keys are generated. HsOpenSSL!Get parameters of a key exchange. HsOpenSSLGet the public key. HsOpenSSL:Compute the shared key using the other party's public key.  !None HsOpenSSLBIO is a  ForeignPtr= to an opaque BIO object. They are created by newXXX actions. HsOpenSSLComputation of  a b connects b behind a.Example: do b64 <- newBase64 True mem <- newMem bioPush b64 mem -- Encode some text in Base64 and write the result to the -- memory buffer. bioWrite b64 "Hello, world!" bioFlush b64 -- Then dump the memory buffer. bioRead mem >>= putStrLn HsOpenSSLa  b is an alias to  a b. HsOpenSSLa  b is an alias to  b a. HsOpenSSL [bio1, bio2, ..] connects many BIOs at once. HsOpenSSL bio normally writes out any internally buffered data, in some cases it is used to signal EOF and that no more data will be written. HsOpenSSL bio. typically resets a BIO to some initial state. HsOpenSSL bio returns 1 if bioL has read EOF, the precise meaning of EOF varies according to the BIO type.  HsOpenSSL  bio lazily reads all data in bio.  HsOpenSSL  bio len attempts to read len bytes from bioK, then return a ByteString. The actual length of result may be less than len.  HsOpenSSL  bio lazily reads all data in bio , then return a LazyByteString.  HsOpenSSL  bio len2 normally attempts to read one line of data from bio of maximum length len5. There are exceptions to this however, for example  V on a digest BIO will calculate and return the digest and other BIOs may not support   at all.  HsOpenSSL  does the same as   but returns ByteString. HsOpenSSL does the same as   but returns LazyByteString. HsOpenSSL bio str lazily writes entire str to bio4. The string doesn't necessarily have to be finite. HsOpenSSL bio bs writes bs to bio. HsOpenSSL bio lbs lazily writes entire lbs to bio4. The string doesn't necessarily have to be finite. HsOpenSSL noNL creates a Base64 BIO filter. This is a filter bio that base64 encodes any data written through it and decodes any data read through it.If noNLf flag is True, the filter encodes the data all on one line or expects the data to be all on one line.Base64 BIOs do not support  . on a Base64 BIO that is being written through is used to signal that no more data is to be encoded: this is used to flush the final block through the BIO. HsOpenSSL mBufSize creates a buffering BIO filter. Data written to a buffering BIO is buffered and periodically written to the next BIO in the chain. Data read from a buffering BIO comes from the next BIO in the chain.Buffering BIOs support  .Calling - on a buffering BIO clears any buffered data.|Question: When I created a BIO chain like this and attempted to read from the buf, the buffering BIO weirdly behaved: BIO_read() returned nothing, but both BIO_eof() and BIO_should_retry() returned zero. I tried to examine the source code of crypto/bio/bf_buff.c but it was too complicated to understand. Does anyone know why this happens? The version of OpenSSL was 0.9.7l. main = withOpenSSL $ do mem <- newConstMem "Hello, world!" buf <- newBuffer Nothing mem ==> buf bioRead buf >>= putStrLn -- This fails, but why?4I am being depressed for this unaccountable failure. HsOpenSSL creates a memory BIO sink/source. Any data written to a memory BIO can be recalled by reading from it. Unless the memory BIO is read only any data read from it is deleted from the BIO.Memory BIOs support  .Calling  on a read write memory BIO clears any data in it. On a read only BIO it restores the BIO to its original state and the read only data can be read again." is true if no data is in the BIO.>Every read from a read write memory BIO will remove the data just read with an internal copy operation, if a BIO contains a lots of data and it is read in small chunks the operation can be very slow. The use of a read only memory BIO avoids this problem. If the BIO must be read write then adding a buffering BIO (*) to the chain will speed up the process. HsOpenSSL str' creates a read-only memory BIO source. HsOpenSSL bs is like  but takes a ByteString. HsOpenSSL lbs is like  but takes a LazyByteString. HsOpenSSL_ creates a null BIO sink/source. Data written to the null sink is discarded, reads return EOF.A null sink is useful if, for example, an application wishes to digest some data by writing through a digest bio but not send the digested data anywhere. Since a BIO chain must normally include a source/sink BIO this can be achieved by adding a null sink BIO to the end of the chain. HsOpenSSLExplicit buffer size (Just n) or the default size (Nothing).     "None  !"#$%&'(#None)*+,Noneϧ HsOpenSSL7 is an opaque object that represents X.509 certificate. HsOpenSSLZ creates an empty certificate. You must set the following properties to and sign it (see #) to actually use the certificate. VersionSee  . Serial numberSee . Issuer nameSee . Subject nameSee .ValiditySee  and . Public KeySee . HsOpenSSL cert+ writes an X.509 certificate to DER string. HsOpenSSL der reads in a certificate. HsOpenSSL cert1 cert2 compares two certificates. HsOpenSSL0 signs a certificate with an issuer private key.  HsOpenSSL @ verifies a signature of certificate with an issuer public key.  HsOpenSSL  cert6 translates a certificate into human-readable format.  HsOpenSSL  certg returns the version number of certificate. It seems the number is 0-origin: version 2 means X.509 v3.  HsOpenSSL  cert ver+ updates the version number of certificate.  HsOpenSSL  cert* returns the serial number of certificate. HsOpenSSL cert num+ updates the serial number of certificate. HsOpenSSL( returns the issuer name of certificate. HsOpenSSL cert namel updates the issuer name of certificate. Keys of each parts may be of either long form or short form. See . HsOpenSSL cert wantLongName/ returns the subject name of certificate. See . HsOpenSSL cert name/ updates the subject name of certificate. See . HsOpenSSL cert; returns the time when the certificate begins to be valid. HsOpenSSL cert utc; updates the time when the certificate begins to be valid. HsOpenSSL cert0 returns the time when the certificate expires. HsOpenSSL cert utc0 updates the time when the certificate expires. HsOpenSSL cert7 returns the public key of the subject of certificate. HsOpenSSL cert pubkey7 updates the public key of the subject of certificate. HsOpenSSL cert; returns every subject email addresses in the certificate. HsOpenSSLThe certificate to be signed. HsOpenSSLThe private key to sign with. HsOpenSSLA hashing algorithm to use. If NothingE the most suitable algorithm for the key is automatically used.  HsOpenSSLThe certificate to be verified. HsOpenSSLThe public key to verify with. HsOpenSSLThe certificate to examine. HsOpenSSLTrueU if you want the keys of each parts to be of long form (e.g. "commonName"), or False if you don't (e.g. "CN"). HsOpenSSL%Pairs of key and value, for example 0(\"C\", \"JP\"), (\"ST\", \"Some-State\"), ....          None+ HsOpenSSLB is an opaque object that represents PKCS#10 certificate request. HsOpenSSLb creates an empty certificate request. You must set the following properties to and sign it (see +) to actually use the certificate request. VersionSee $. Subject NameSee &. Public KeySee (. HsOpenSSL9 signs a certificate request with a subject private key.  HsOpenSSL H verifies a signature of certificate request with a subject public key.! HsOpenSSL! req> translates a certificate request into human-readable format." HsOpenSSL" req4 writes a PKCS#10 certificate request to DER string.# HsOpenSSL# req4 returns the version number of certificate request.$ HsOpenSSL$ req ver4 updates the version number of certificate request.% HsOpenSSL% req wantLongName7 returns the subject name of certificate request. See $ of  OpenSSL.X509.& HsOpenSSL& req name7 updates the subject name of certificate request. See % of  OpenSSL.X509.' HsOpenSSL' req? returns the public key of the subject of certificate request.( HsOpenSSL( req? updates the public key of the subject of certificate request.) HsOpenSSL ) req [(nid, str)]E.g., nid 85 = subjectAltName Ahttp://osxr.org:8080/openssl/source/crypto/objects/objects.h#0476(TODO: more docs; NID type)* HsOpenSSL* req cert creates an empty X.509 certificate and copies as much data from the request as possible. The resulting certificate doesn't have the following data and it isn't signed so you must fill them and sign it yourself. Serial number#Validity (Not Before and Not After)Example: import Data.Time.Clock genCert :: X509 -> EvpPKey -> Integer -> Int -> X509Req -> IO X509 genCert caCert caKey serial days req = do cert <- makeX509FromReq req caCert now <- getCurrentTime setSerialNumber cert serial setNotBefore cert $ addUTCTime (-1) now setNotAfter cert $ addUTCTime (days * 24 * 60 * 60) now signX509 cert caKey Nothing return cert HsOpenSSLThe request to be signed. HsOpenSSLThe private key to sign with. HsOpenSSL"A hashing algorithm to use. If NothingB the most suitable algorithm for the key is automatically used.  HsOpenSSLThe request to be verified. HsOpenSSLThe public key to verify with. !"#$%&'()* !"*#$%&'()None1+ HsOpenSSL+ represents a revoked certificate in a list. Each certificates are supposed to be distinguishable by issuer name and serial number, so it is sufficient to have only serial number on each entries.0 HsOpenSSL0B is an opaque object that represents Certificate Revocation List.1 HsOpenSSL1^ creates an empty revocation list. You must set the following properties to and sign it (see 4u) to actually use the revocation list. If you have any certificates to be listed, you must of course add them (see @) before signing the list. VersionSee 8. Last UpdateSee :. Next UpdateSee <. Issuer NameSee >.4 HsOpenSSL44 signs a revocation list with an issuer private key.5 HsOpenSSL5D verifies a signature of revocation list with an issuer public key.6 HsOpenSSL6: translates a revocation list into human-readable format.7 HsOpenSSL7 crl/ returns the version number of revocation list.8 HsOpenSSL8 crl ver0 updates the version number of revocation list.9 HsOpenSSL9 crlB returns the time when the revocation list has last been updated.: HsOpenSSL: crl utcB updates the time when the revocation list has last been updated.; HsOpenSSL; crlA returns the time when the revocation list will next be updated.< HsOpenSSL< crl utcA updates the time when the revocation list will next be updated.= HsOpenSSL= crl wantLongName2 returns the issuer name of revocation list. See & of  OpenSSL.X509.> HsOpenSSL> crl name2 updates the issuer name of revocation list. See ' of  OpenSSL.X509.? HsOpenSSL? crl* returns the list of revoked certificates.@ HsOpenSSL@ crl revoked- add the certificate to the revocation list.A HsOpenSSLA crl serial' looks up the corresponding revocation.B HsOpenSSLB crl/ sorts the certificates in the revocation list.4 HsOpenSSL!The revocation list to be signed. HsOpenSSLThe private key to sign with. HsOpenSSLA hashing algorithm to use. If NothingE the most suitable algorithm for the key is automatically used.+,-./0123456789:;<=>?@AB0/+,-.123456B789:;<=>?@ANoneH HsOpenSSLH} is an opaque object that represents X.509 certificate store. The certificate store is usually used for chain verification.I HsOpenSSLI* creates an empty X.509 certificate store.L HsOpenSSLL store cert adds a certificate to store.M HsOpenSSLM store crl! adds a revocation list to store.EFGHIJKLMNOPQRSHGIJKLMEFNOPQRSNone$1345CVt:T HsOpenSSLAA failure in the SSL library occurred, usually a protocol error.V HsOpenSSLWThe peer uncleanly terminated the connection without sending the "close notify" alert.W HsOpenSSL/The root exception type for all SSL exceptions.Y HsOpenSSL"wait for the peer to also shutdownZ HsOpenSSLonly send our shutdown[ HsOpenSSLThis is the type of an SSL IO operation. Errors are handled by exceptions while everything else is one of these. Note that reading from an SSL socket can result in WantWrite and vice versa.\ HsOpenSSLoperation finished successfully] HsOpenSSL needs more data from the network^ HsOpenSSL needs more outgoing buffer space_ HsOpenSSL%This is the type of an SSL connection IO with SSL objects is non-blocking and many SSL functions return a error code which signifies that it needs to read or write more data. We handle these calls and call threadWaitRead and threadWaitWrite at the correct times. Thus multiple OS threads can be blocked inside IO in the same SSL object at a time, because they aren't really in the SSL object, they are waiting for the RTS to wake the Haskell thread.` HsOpenSSLGet the underlying socket Fda HsOpenSSL+Get the socket underlying an SSL connectionc HsOpenSSLSee 7http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.htmlf HsOpenSSLis a certificate requiredg HsOpenSSL only request once per connectionh HsOpenSSLoptional callbacki HsOpenSSLbAn SSL context. Contexts carry configuration such as a server's private key, root CA certiifcates etc. Contexts are stateful IO objects; they start empty and various options are set on them by the functions in this module. Note that an empty context will pretty much cause any operation to fail since it doesn't even have any ciphers enabled.k HsOpenSSLCreate a new SSL context.l HsOpenSSLXRun the given action with the raw context pointer and obtain the lock while doing so.m HsOpenSSL%Add a protocol option to the context.n HsOpenSSL*Remove a protocol option from the context.o HsOpenSSL%Install a private key into a context.p HsOpenSSL2Install a certificate (public key) into a context.q HsOpenSSLInstall a private key file in a context. The key is given as a path to the file which contains the key. The file is parsed first as PEM and, if that fails, as ASN1. If both fail, an exception is raised.r HsOpenSSLInstall a certificate (public key) file in a context. The key is given as a path to the file which contains the key. The file is parsed first as PEM and, if that fails, as ASN1. If both fail, an exception is raised.s HsOpenSSLInstall a certificate chain in a context. The certificates must be in PEM format and must be sorted starting with the subject's certificate (actual client or server certificate), followed by intermediate CA certificates if applicable, and ending at the highest level (root) CA.t HsOpenSSL~Set the ciphers to be used by the given context. The string argument is a list of ciphers, comma separated, as given at -http://www.openssl.org/docs/apps/ciphers.htmlhUnrecognised ciphers are ignored. If no ciphers from the list are recognised, an exception is raised.v HsOpenSSLiReturn true iff the private key installed in the given context matches the certificate also installed.x HsOpenSSLmSet the location of a PEM encoded list of CA certificates to be used when verifying a server's certificatey HsOpenSSLnSet the path to a directory which contains the PEM encoded CA root certificates. This is an alternative to x . See  Bhttp://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html) for details of the file naming schemez HsOpenSSLWGet a reference to, not a copy of, the X.509 certificate storage in the SSL context.{ HsOpenSSLWrap a Socket in an SSL connection. Reading and writing to the Socket after this will cause weird errors in the SSL code. The SSL object carries a handle to the Socket so you need not worry about the garbage collector closing the file descriptor out from under you.| HsOpenSSL&Wrap a socket Fd in an SSL connection.} HsOpenSSLDRun continuation with exclusive access to the underlying SSL object.~ HsOpenSSL,Add a protocol option to the SSL connection. HsOpenSSL1Remove a protocol option from the SSL connection. HsOpenSSL.Set host name for Server Name Indication (SNI)- HsOpenSSL&Block until the operation is finished.. HsOpenSSLPerform an SSL operation which can return non-blocking error codes, thus requesting that the operation be performed when data or buffer space is availible. HsOpenSSLPerform an SSL server handshake HsOpenSSL7Try to perform an SSL server handshake without blocking HsOpenSSLPerform an SSL client handshake HsOpenSSL7Try to perform an SSL client handshake without blocking/ HsOpenSSLPerform an SSL operation which operates of a buffer and can return non-blocking error codes, thus requesting that it be performed again when more data or buffer space is available.YNote that these SSL functions generally require that the arguments to the repeated call be exactly the same. This presents an issue because multiple threads could try writing at the same time (with different buffers) so the calling function should probably hold the lock on the SSL object over the whole time (include repeated calls) HsOpenSSLTry to read the given number of bytes from an SSL connection. On EOF an empty ByteString is returned. If the connection dies without a graceful SSL shutdown, an exception is raised. HsOpenSSLQTry to read the given number of bytes from an SSL connection without blocking. HsOpenSSLKRead some data into a raw pointer buffer. Retrns the number of bytes read. HsOpenSSLBTry to read some data into a raw pointer buffer, without blocking. HsOpenSSLWrite a given ByteString to the SSL connection. Either all the data is written or an exception is raised because of an error. HsOpenSSLGTry to write a given ByteString to the SSL connection without blocking. HsOpenSSL)Send some data from a raw pointer buffer. HsOpenSSL;Send some data from a raw pointer buffer, without blocking. HsOpenSSL{Lazily read all data until reaching EOF. If the connection dies without a graceful SSL shutdown, an exception is raised. HsOpenSSLAWrite a lazy ByteString to the SSL connection. In contrast to , there is a chance that the string is written partway and then an exception is raised for an error. The string doesn't necessarily have to be finite. HsOpenSSLCleanly shutdown an SSL connection. Note that SSL has a concept of a secure shutdown, which is distinct from just closing the TCP connection. This performs the former and should always be preferred.^This can either just send a shutdown, or can send and wait for the peer's shutdown message. HsOpenSSL;Try to cleanly shutdown an SSL connection without blocking. HsOpenSSLAfter a successful connection, get the certificate of the other party. If this is a server connection, you probably won't get a certificate unless you asked for it with contextSetVerificationMode HsOpenSSLGet the result of verifing the peer's certificate. This is mostly for clients to verify the certificate of the server that they have connected it. You must set a list of root CA certificates with contextSetCA... for this to make sense.Note that this returns True iff the peer's certificate has a valid chain to a root CA. You also need to check that the certificate is correct (i.e. has the correct hostname in it) with getPeerCertificate./ HsOpenSSL#the name of SSL IO function to call HsOpenSSLthe SSL IO function to call HsOpenSSLthe buffer to pass HsOpenSSLthe length to passZ  !"#TUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~Zikmnopqrstuvcdefghwxyz_[\]^{|~XYZa`  !"#WVTUjlb}None1  HsOpenSSL2 represents a result of PKCS#7 verification. See . HsOpenSSLDNothing if the PKCS#7 signature was a detached signature, and  Just content if it wasn't. HsOpenSSLG is a set of flags that are used in many operations related to PKCS#7. HsOpenSSL represents an abstract PKCS#7 structure. The concrete type of structure is hidden in the object: such polymorphism isn't very haskellish but please get it out of your mind since OpenSSL is written in C. HsOpenSSL' creates a PKCS#7 signedData structure. HsOpenSSL( verifies a PKCS#7 signedData structure. HsOpenSSL* creates a PKCS#7 envelopedData structure. HsOpenSSL7 decrypts content from PKCS#7 envelopedData structure. HsOpenSSL+ writes PKCS#7 structure to S/MIME message. HsOpenSSL parses S/MIME message. HsOpenSSLcertificate to sign with HsOpenSSLcorresponding private key HsOpenSSLoptional additional set of certificates to include in the PKCS#7 structure (for example any intermediate CAs in the chain) HsOpenSSLdata to be signed HsOpenSSLAn optional set of flags: ZMany S/MIME clients expect the signed content to include valid MIME headers. If the S flag is set MIME headers for type "text/plain" are prepended to the data.If > is set the signer's certificate will not be included in the PKCS#7 structure, the signer's certificate must still be supplied in the parameter though. This can reduce the size of the signature if the signer's certificate can be obtained by other means: for example a previously signed message.HThe data being signed is included in the PKCS#7 structure, unless  is set in which case it is ommited. This is used for PKCS#7 detached signatures which are used in S/MIME plaintext signed message for example.Normally the supplied content is translated into MIME canonical format (as required by the S/MIME specifications) but if  is set no translation occurs. This option should be uesd if the supplied data is in binary format otherwise the translation will corrupt it.The signedData structure includes several PKCS#7 authenticatedAttributes including the signing time, the PKCS#7 content type and the supported list of ciphers in an SMIMECapabilities attribute. If  is set then no authenticatedAttributes will be used. If Pkcs7NoSmimeCap is set then just the SMIMECapabilities are omitted. HsOpenSSLA PKCS#7 structure to verify. HsOpenSSLJSet of certificates in which to search for the signer's certificate. HsOpenSSL;Trusted certificate store (used for chain verification). HsOpenSSLaSigned data if the content is not present in the PKCS#7 structure (that is it is detached). HsOpenSSLAn optional set of flags: If  is set the certificates in the message itself are not searched when locating the signer's certificate. This means that all the signers certificates must be in the second argument ([]).If the  flag is set MIME headers for type "text/plain" are deleted from the content. If the content is not of type "text/plain" then an error is returned.If ? is set the signer's certificates are not chain verified.If  is set then the certificates contained in the message are not used as untrusted CAs. This means that the whole verify chain (apart from the signer's certificate) must be contained in the trusted store.If > is set then the signatures on the data are not checked. HsOpenSSL!A list of recipient certificates. HsOpenSSLThe content to be encrypted. HsOpenSSLThe symmetric cipher to use. HsOpenSSLAn optional set of flags: If the S flag is set MIME headers for type "text/plain" are prepended to the data.Normally the supplied content is translated into MIME canonical format (as required by the S/MIME specifications) if  is set no translation occurs. This option should be used if the supplied data is in binary format otherwise the translation will corrupt it. If  is set then  is ignored. HsOpenSSL The PKCS#7 structure to decrypt. HsOpenSSL!The private key of the recipient. HsOpenSSLThe recipient's certificate. HsOpenSSLAn optional set of flags: If the  flag is set MIME headers for type "text/plain" are deleted from the content. If the content is not of type "text/plain" then an error is thrown. HsOpenSSLThe decrypted content. HsOpenSSL!A PKCS#7 structure to be written. HsOpenSSLgIf cleartext signing (multipart/signed) is being used then the signed data must be supplied here. HsOpenSSLAn optional set of flags: If h is set then cleartext signing will be used, this option only makes sense for signedData where  is also set when  is also called.If the o flag is set MIME headers for type "text/plain" are added to the content, this only makes sense if  is also set. HsOpenSSLThe result S/MIME message. HsOpenSSLThe message to be read. HsOpenSSL!(The result PKCS#7 structure,  Just content@ if the PKCS#7 structure was a cleartext signature and Nothing if it wasn't.)None q HsOpenSSL3 represents format of PKCS#10 certificate request. HsOpenSSL=The new format, whose header is "NEW CERTIFICATE REQUEST". HsOpenSSL9The old format, whose header is "CERTIFICATE REQUEST". HsOpenSSL% represents a way to supply password.FIXME: using PwTTY causes an error but I don't know why: "error:0906406D:PEM routines:DEF_CALLBACK:problems getting password" HsOpenSSL no password HsOpenSSLpassword in a static string HsOpenSSL password in a static bytestring. HsOpenSSL%get a password by a callback HsOpenSSLread a password from TTY HsOpenSSL represents a context of . HsOpenSSLLThe callback was called to get a password to read something encrypted. HsOpenSSLEThe callback was called to get a password to encrypt something. HsOpenSSL6 represents a callback function to supply a password. Int2The maximum length of the password to be accepted.PemPasswordRWState The context. IO StringThe resulting password. HsOpenSSL6 writes a private key to PEM string in PKCS#8 format. HsOpenSSL pem supply# reads a private key in PEM string. HsOpenSSL pubkey writes a public to PEM string. HsOpenSSL pem" reads a public key in PEM string. HsOpenSSL cert+ writes an X.509 certificate to PEM string. HsOpenSSL pem* reads an X.509 certificate in PEM string. HsOpenSSL5 writes a PKCS#10 certificate request to PEM string. HsOpenSSL3 reads a PKCS#10 certificate request in PEM string. HsOpenSSL crl5 writes a Certificate Revocation List to PEM string. HsOpenSSL pem3 reads a Certificate Revocation List in PEM string. HsOpenSSL p7) writes a PKCS#7 structure to PEM string. HsOpenSSL pem( reads a PKCS#7 structure in PEM string. HsOpenSSL dh$ writes DH parameters to PEM string. HsOpenSSL pem# reads DH parameters in PEM string. HsOpenSSLprivate key to write HsOpenSSL>Either (symmetric cipher algorithm, password supply) or Nothing. If Nothing1 is given the private key is not encrypted. HsOpenSSLthe result PEM string HsOpenSSLrequest HsOpenSSLformat HsOpenSSLthe result PEM string0()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUUVWWXYYZ[[\]^_``abbcdefghijklmnopqrstuvwxyz{|}~   ] ^                  !"#$%&'()*+,-.&'$%/0123456789:;<=>+,$%34?@AABCDEFGHIJK+,LMNO&'PQRSTUVWXYZ[\]^_`abcdeefghijklmnopqrstuvwxyz{|}~                 !!!!!!!!!!!!! !!!"!#!$!%!&!'!(!)!*!+!,!-!.!/"0"1"2"3"4"5"6"7"8"9":";#<#=#>#?@ABC*HsOpenSSL-0.11.4.15-HcyqnNBOpW2CExFETheKJhOpenSSL OpenSSL.DHOpenSSL.EVP.Base64OpenSSL.SessionOpenSSL.RandomOpenSSL.EVP.InternalOpenSSL.EVP.DigestOpenSSL.EVP.CipherOpenSSL.Cipher OpenSSL.BN OpenSSL.RSA OpenSSL.DER OpenSSL.DSAOpenSSL.EVP.PKeyOpenSSL.EVP.VerifyOpenSSL.EVP.SignOpenSSL.EVP.SealOpenSSL.EVP.Open OpenSSL.X509OpenSSL.X509.RequestOpenSSL.X509.RevocationOpenSSL.X509.Store OpenSSL.PKCS7 OpenSSL.PEMOpenSSL.DH.Internal OpenSSL.ERROpenSSL.ObjectsOpenSSL.SSL.OptionSSL SSLContext OpenSSL.Stack OpenSSL.Utils OpenSSL.BIO OpenSSL.ASN1OpenSSL.X509.NamegetSubjectNamesetSubjectName getIssuerName setIssuerName withOpenSSLDHDHP encodeBase64encodeBase64BSencodeBase64LBS decodeBase64decodeBase64BSdecodeBase64LBS SSLOptionSSL_OP_MICROSOFT_SESS_ID_BUGSSL_OP_NETSCAPE_CHALLENGE_BUG'SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG"SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG!SSL_OP_MICROSOFT_BIG_SSLV3_BUFFERSSL_OP_SAFARI_ECDHE_ECDSA_BUGSSL_OP_SSLEAY_080_CLIENT_DH_BUGSSL_OP_TLS_D5_BUGSSL_OP_TLS_BLOCK_PADDING_BUG"SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS SSL_OP_ALLSSL_OP_TLS_ROLLBACK_BUGSSL_OP_SINGLE_DH_USESSL_OP_EPHEMERAL_RSASSL_OP_CIPHER_SERVER_PREFERENCESSL_OP_PKCS1_CHECK_1SSL_OP_PKCS1_CHECK_2SSL_OP_NETSCAPE_CA_DN_BUG&SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUGSSL_OP_NO_SSLv2SSL_OP_NO_SSLv3SSL_OP_NO_TLSv1-SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATIONSSL_OP_NO_TICKET(SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATIONSSL_OP_LEGACY_SERVER_CONNECT randBytes prandBytesaddPKeytoPKeyfromPKeypkeySize pkeyDefaultMDEVP_PKEY VaguePKeyHMAC_CTXHmacCtx EVP_MD_CTX DigestCtxEVP_MDDigest CryptoModeEncryptDecryptEVP_CIPHER_CTX CipherCtx EVP_CIPHERCipher withCipherPtrcipherIvLength newCipherCtxwithCipherCtxPtrwithNewCipherCtxPtrcipherSetPadding cipherInitBScipherUpdateBS cipherFinalBScipherStrictly cipherLazily withMDPtrwithDigestCtxPtrdigestUpdateBS digestFinalBS digestFinaldigestStrictly digestLazilywithHmacCtxPtr hmacUpdateBS hmacFinalBS hmacLazily wrapPKeyPtr createPKey withPKeyPtr withPKeyPtr'unsafePKeyToPtr touchPKeygetDigestByNamegetDigestNamesdigestdigestBS digestLBShmacBShmacLBSpkcs5_pbkdf2_hmac_sha1getCipherByNamegetCipherNamescipherStrictLBSciphercipherBS cipherLBSAESCtxMode newAESCtxaesCBCaesCTR$fEqMode $fShowModeBIGNUMBigNumallocaBNunwrapBNwrapBN bnToInteger integerToBNwithBNpeekBNnewBN integerToMPI mpiToIntegermodexp randIntegerUptoNMinusOneSuchThat!prandIntegerUptoNMinusOneSuchThatrandIntegerZeroToNMinusOnerandIntegerOneToNMinusOneprandIntegerZeroToNMinusOneprandIntegerOneToNMinusOneRSAGenKeyCallbackRSAKeyrsaSizersaNrsaE withRSAPtr peekRSAPtr absorbRSAPtrRSA RSAKeyPair RSAPubKey rsaCopyPublicrsaKeyPairFinalizegenerateRSAKeygenerateRSAKey'rsaDrsaPrsaQrsaDMP1rsaDMQ1rsaIQMP$fShowRSAKeyPair$fShowRSAPubKey$fOrdRSAKeyPair$fOrdRSAPubKey$fEqRSAKeyPair $fEqRSAPubKey$fRSAKeyRSAKeyPair$fRSAKeyRSAPubKeytoDERPub fromDERPub toDERPriv fromDERPrivDSAKeydsaSizedsaPdsaQdsaG dsaPublic withDSAPtr peekDSAPtr absorbDSAPtrDSA DSAKeyPair DSAPubKeygenerateDSAParametersgenerateDSAKey dsaPrivatedsaPubKeyToTupledsaKeyPairToTupletupleToDSAPubKeytupleToDSAKeyPairgenerateDSAParametersAndKeysignDigestedDataWithDSAverifyDigestedDataWithDSA$fShowDSAKeyPair$fShowDSAPubKey$fOrdDSAKeyPair$fOrdDSAPubKey$fEqDSAKeyPair $fEqDSAPubKey$fDSAKeyDSAKeyPair$fDSAKeyDSAPubKey SomeKeyPair SomePublicKeyKeyPair fromKeyPair toKeyPair PublicKey fromPublicKey toPublicKey$fPKeyDSAKeyPair$fPKeyDSAPubKey$fPKeyRSAKeyPair$fPKeyRSAPubKey$fPublicKeyDSAKeyPair$fPublicKeyDSAPubKey$fPublicKeyRSAKeyPair$fPublicKeyRSAPubKey$fPKeySomePublicKey$fPublicKeySomePublicKey$fEqSomePublicKey$fKeyPairDSAKeyPair$fKeyPairRSAKeyPair$fPKeySomeKeyPair$fKeyPairSomeKeyPair$fPublicKeySomeKeyPair$fEqSomeKeyPair VerifyStatus VerifySuccess VerifyFailureverifyverifyBS verifyLBS$fShowVerifyStatus$fEqVerifyStatussignsignBSsignLBSsealsealBSsealLBSopenopenBSopenLBSDHGenDHGen2DHGen5 genDHParams getDHLength checkDHParamsgenDH getDHParamsgetDHPublicKey computeDHKey $fEqDHGen $fOrdDHGen $fShowDHGenX509_X509newX509wrapX509 withX509Ptr withX509StackunsafeX509ToPtr touchX509 writeDerX509 readDerX509 compareX509signX509 verifyX509 printX509 getVersion setVersiongetSerialNumbersetSerialNumber getNotBefore setNotBefore getNotAfter setNotAfter getPublicKey setPublicKeygetSubjectEmailX509_REQX509Req newX509Req wrapX509ReqwithX509ReqPtr signX509Req verifyX509Req printX509ReqwriteX509ReqDER addExtensionsmakeX509FromReqRevokedCertificaterevSerialNumberrevRevocationDateX509_CRLCRLnewCRLwrapCRL withCRLPtrsignCRL verifyCRLprintCRL getLastUpdate setLastUpdate getNextUpdate setNextUpdategetRevokedList addRevoked getRevokedsortCRL$fShowRevokedCertificate$fEqRevokedCertificate X509StoreCtxX509_STORE_CTX X509_STORE X509Store newX509Store wrapX509StorewithX509StorePtraddCertToStore addCRLToStorewithX509StoreCtxPtrwrapX509StoreCtxgetStoreCtxCertgetStoreCtxIssuergetStoreCtxCRLgetStoreCtxChain ProtocolErrorConnectionAbruptlyTerminatedSomeSSLException ShutdownType BidirectionalUnidirectional SSLResultSSLDoneWantRead WantWritesslFd sslSocketSSL_VerificationMode VerifyNone VerifyPeervpFailIfNoPeerCert vpClientOnce vpCallback SSLContext_context withContextcontextAddOptioncontextRemoveOptioncontextSetPrivateKeycontextSetCertificatecontextSetPrivateKeyFilecontextSetCertificateFilecontextSetCertificateChainFilecontextSetCipherscontextSetDefaultCipherscontextCheckPrivateKeycontextSetVerificationModecontextSetCAFilecontextSetCADirectorycontextGetCAStore connection fdConnectionwithSSL addOption removeOptionsetTlsextHostNameaccept tryAcceptconnect tryConnectreadtryReadreadPtr tryReadPtrwritetryWritewritePtr tryWritePtrlazyRead lazyWriteshutdown tryShutdowngetPeerCertificategetVerifyResult$fExceptionSomeSSLException$fShowSomeSSLException'$fExceptionConnectionAbruptlyTerminated$fExceptionProtocolError $fEqSSLResult$fShowSSLResult$fFunctorSSLResult$fFoldableSSLResult$fTraversableSSLResult$fEqShutdownType$fShowShutdownType"$fShowConnectionAbruptlyTerminated $fEqConnectionAbruptlyTerminated$fShowProtocolError$fEqProtocolErrorPkcs7VerifyStatusPkcs7VerifySuccessPkcs7VerifyFailure Pkcs7Flag Pkcs7Text Pkcs7NoCerts Pkcs7NoSigs Pkcs7NoChain Pkcs7NoIntern Pkcs7NoVerify Pkcs7Detached Pkcs7Binary Pkcs7NoAttrPkcs7NoSmimeCapPkcs7NoOldMimeType Pkcs7CRLFEOLPKCS7Pkcs7 wrapPkcs7Ptr withPkcs7Ptr pkcs7Sign pkcs7Verify pkcs7Encrypt pkcs7Decrypt writeSmime readSmime$fShowPkcs7Flag $fEqPkcs7Flag$fShowPkcs7VerifyStatus$fEqPkcs7VerifyStatusPemX509ReqFormat ReqNewFormat ReqOldFormatPemPasswordSupplyPwNonePwStrPwBS PwCallbackPwTTYPemPasswordRWStatePwReadPwWritePemPasswordCallbackwritePKCS8PrivateKeyreadPrivateKeywritePublicKey readPublicKey writeX509readX509 writeX509Req readX509ReqwriteCRLreadCRL writePkcs7 readPkcs7 writeDHParams readDHParamsDH_ withDHPPtrwrapDHPPtrWith wrapDHPPtr withDHPtr wrapDHPtrWith wrapDHPtrasDHasDHP peekErrorgetError errorString ObjNameType MDMethodTypeCipherMethodTypePKeyMethodTypeCompMethodType getObjNamesoptionToIntegralSTACKmapStack withStackwithForeignStacktoHexfromHex failIfNull failIfNull_failIffailIf_raiseOpenSSLErrorpeekCStringCLenbaseGHC.BaseNothingGHC.ForeignPtr ForeignPtr integer-gmpGHC.Integer.TypeIntegerbnToMPImpiToBN makeDecodeFun makeEncodeFunBIObioPush==><==bioJoinbioFlushbioResetbioEOFbioRead bioReadBS bioReadLBSbioGets bioGetsBS bioGetsLBSbioWrite bioWriteBS bioWriteLBS newBase64 newBuffernewMem newConstMem newConstMemBSnewConstMemLBS newNullBIOBIO_ wrapBioPtr withBioPtr withBioPtr' ASN1_TIME ASN1_INTEGER ASN1_STRING ASN1_OBJECTobj2nidnid2snnid2lnpeekASN1StringpeekASN1IntegerwithASN1Integer peekASN1Time withASN1Time X509_NAMEallocaX509Name withX509Name peekX509NamesslBlocksslTryHandshake sslIOInner