нУЁh$  Гв  ш1ч                   	  
                                               !  "  #  $  %  &  '  (  )  *  +  ,  -  .  /  0  1  2  3  4  5  6  7  8  9  :  ;  <  =  >  ?  @  A  B  C  D  E  F  G  H  I  J  K  L  M  N  O  P  Q  R  S  T  U  V  W  X  Y  Z  [  \  ]  ^  _  `  a  b  c  d  e  f  g  h  i  j  k  l  	m  	n  	o  	p  	q  	r  	s  	t  
u  
v  
w  
x  
y  
z  
{  
|  
}  
~  
  
─  
│  
┌  
┐  
└  
┘  
├  
┤  ┬  ┴  ┼  ▀  ▄  █  ▌  ▐  ░  ▒  ▓  ⌠  ■  ∙  √  ≈  ≤  ≥     ⌡  °  ²  ·  ÷  ═  ║  ╒  ё  є  ╔  і  ї  ╗  ╘  ╙  ╚  ╛  ґ  ў  ╞  ╟  ╠  ╡  Ё  Є  ╣  І  Ї  ╦  ╧  ╨  ╩  ╪  Ґ  Ў  ©  ю  а  б  ц  д  е  ф  г  х  и  й  к  л  м  н  о  п  я  р  с  т  у  ж  в  ь  ы  з  ш  э  щ  ч  ъ  Ю  А  Б  Ц  Д  Е  Ф  Г  Х  И  Й  К  Л  М  Н  О  П  Я  Р  С  Т  У  Ж  В  Ь  Ы  З  Ш  Э  Щ  Ч  Ъ  ─  │  ┌  ┐  └  ┘  ├  ┤  ┬  ┴  ┼  ▀  ▄  █  ▌  ▐  ░  ▒  ▓  ⌠  ■  ∙  √  ≈  ≤  ≥     ⌡  °  ²  ·  ÷  ═  ║  ╒  ё  є  ╔  і  ї  ╗  ╘  ╙  ╚  ╛  ґ  ў  ╞  ╟  ╠  ╡  Ё  Є  ╣  І  Ї  ╦  ╧  ╨  ╩  ╪  Ґ  Ў  ©  ю  а  б  ц  д  е  ф  г  х  и  й  к  л  м  н  о  п  я  р  с  т  у  ж  в  ь  ы  з  ш  э  щ  ч  ъ  Ю  А  Б  Ц  Д  Е  Ф  Г  Х  И  Й  К  Л  М  Н  О  П  Я  Р  С  Т  У  Ж  В  Ь  Ы  З  Ш  Э  Щ  Ч  Ъ  ─  │  ┌  ┐  └  ┘  ├  ┤  ┬  ┴  ┼  ▀  ▄  █  ▌  ▐  ░  ▒  ▓  ⌠  ■  ∙  √  ≈  ≤  ≥     ⌡  °  ²  ·  ÷  ═  ║  ╒  ё  є  ╔  і  ї  ╗  ╘  ╙  ╚  ╛  ґ  ў  ╞  ╟  ╠  ╡  Ё  Є  ╣  І  Ї  ╦  ╧  ╨  ╩  ╪  Ґ  Ў  ©  ю  а  б  ц  д  е  ф  г  х  и  й  к  л  м  н  о  п  я  р  с  т  у  ж  в  ь  ы  з  ш  э  щ  !         None   J  	HsOpenSSLComputation of    action= initializes the OpenSSL
 library as necessary, and computes actionз . Every application that
 uses HsOpenSSL must wrap any operations involving OpenSSL with
   , or they might crash:р module Main where
import OpenSSL

main :: IO ()
main = withOpenSSL $
       do ...Since 0.10.3.5,   ▌ is safe to be applied
 redundantly. Library authors may wish to wrap their functions not
 to force their users to think about initialization:я get :: URI -> IO Response
get uri = withOpenSSL $ internalImplementationOfGet uri              Safe-Inferred   s  чъЮАБЦДЕФ            Safe-Inferred   ў  ГХИ            None   ┼ 	HsOpenSSL  str╣ lazilly encodes a stream of data to
 Base64. The string doesn't have to be finite. Note that the string
 must not contain any letters which aren't in the range of U+0000 -
 U+00FF. 	HsOpenSSL  bs, strictly encodes a chunk of data to Base64. 	HsOpenSSL  lbsс  lazilly encodes a stream of data to
 Base64. The string doesn't have to be finite. 	HsOpenSSL  strу  lazilly decodes a stream of data from
 Base64. The string doesn't have to be finite. 	HsOpenSSL  bs/ strictly decodes a chunk of data from
 Base64. 	HsOpenSSL  lbsу  lazilly decodes a stream of data from
 Base64. The string doesn't have to be finite.            Safe-Inferred   ╪  ЙКЛМНО            Safe-Inferred3   │	 	HsOpenSSLЩ The behaviour of the SSL library can be changed by setting
 several options. During a handshake, the option settings of the
   object are used. When a new
   object is created from a
  4, the current option setting is
 copied. Changes to    do not affect
 already created  	 objects.
 	HsOpenSSL.As of OpenSSL 1.0.0 this option has no effect. 	HsOpenSSL.As of OpenSSL 1.0.0 this option has no effect. 	HsOpenSSL;As of OpenSSL 0.9.8q and 1.0.0c, this option has no effect. 	HsOpenSSL▌Don't prefer ECDHE-ECDSA ciphers when the client appears to
 be Safari on OS X. OS X 10.8..10.8.3 has broken support for
 ECDHE-ECDSA ciphers. 	HsOpenSSLъDisables a countermeasure against a SSL 3.0/TLS 1.0
 protocol vulnerability affecting CBC ciphers, which cannot be
 handled by some broken SSL implementations. This option has
 no effect for connections using other ciphers. 	HsOpenSSL═Adds a padding extension to ensure the ClientHello size is
 never between 256 and 511 bytes in length. This is needed as
 a workaround for some implementations. 	HsOpenSSL!All of the above bug workarounds. 	HsOpenSSL*Disable version rollback attack detection.┴During the client key exchange, the client must send the same
 information about acceptable SSL/TLS protocol levels as
 during the first hello. Some clients violate this rule by
 adapting to the server's answer. (Example: the client sends a
 SSLv2 hello and accepts up to SSLv3.1=TLSv1, the server only
 understands up to SSLv3. In this case the client must still
 use the same SSLv3.1=TLSv1 announcement. Some clients step
 down to SSLv3 with respect to the server's answer and violate
 the version rollback protection.) 	HsOpenSSLПAlways create a new key when using temporary/ephemeral DH
 parameters. This option must be used to prevent small
 subgroup attacks, when the DH parameters were not generated
 using "strong" primes (e.g. when using DSA-parameters). If
 "strong" primes were used, it is not strictly necessary to
 generate a new DH key during each handshake but it is also
 recommended.  р  should therefore be enabled
 whenever temporary/ephemeral DH parameters are used. 	HsOpenSSL·Always use ephemeral (temporary) RSA key when doing RSA
 operations. According to the specifications this is only
 done, when a RSA key can only be used for signature
 operations (namely under export ciphers with restricted RSA
 keylength). By setting this option, ephemeral RSA keys are
 always used. This option breaks compatibility with the
 SSL/TLS specifications and may lead to interoperability
 problems with clients and should therefore never be
 used. Ciphers with DHE (ephemeral Diffie-Hellman) key
 exchange should be used instead. 	HsOpenSSLРWhen choosing a cipher, use the server's preferences
 instead of the client preferences. When not set, the SSL
 server will always follow the clients preferences. When set,
 the SSLv3/TLSv1 server will choose following its own
 preferences. Because of the different protocol, for SSLv2 the
 server will send its list of preferences to the client and
 the client chooses. 	HsOpenSSLхIf we accept a netscape connection, demand a client cert,
 have a non-self-signed CA which does not have its CA in
 netscape, and the browser has a cert, it will
 crash/hang. Works for 3.x and 4.xbeta 	HsOpenSSLDo not use the SSLv2 protocol. 	HsOpenSSLDo not use the SSLv3 protocol.  	HsOpenSSLDo not use the TLSv1 protocol.! 	HsOpenSSL©When performing renegotiation as a server, always start a
 new session (i.e., session resumption requests are only
 accepted in the initial handshake). This option is not needed
 for clients." 	HsOpenSSLо Normally clients and servers will, where possible,
 transparently make use of
 "http://tools.ietf.org/html/rfc4507RFC 4507+ tickets for
 stateless session resumption.И If this option is set this functionality is disabled and
 tickets will not be used by clients or servers.# 	HsOpenSSLэ Allow legacy insecure renegotiation between OpenSSL and
 unpatched clients or servers. See
 н https://www.openssl.org/docs/ssl/SSL_CTX_set_options.html#secure_renegotiationSECURE RENEGOTIATION
 for more details.$ 	HsOpenSSLь Allow legacy insecure renegotiation between OpenSSL and
 unpatched servers _only_. See
 н https://www.openssl.org/docs/ssl/SSL_CTX_set_options.html#secure_renegotiationSECURE RENEGOTIATION
 for more details. 	
 !"#$П            Safe-Inferred    ф  ЯРСТ             Safe-Inferred   ![У 	HsOpenSSL"Convert an integer to a hex stringЖ 	HsOpenSSL"Convert a hex string to an integer ВЬЫЗШУЖЭ            Safe-Inferred   #щ% 	HsOpenSSLн Return a bytestring consisting of the given number of strongly random
   bytes& 	HsOpenSSLл Return a bytestring consisting of the given number of pseudo random
   bytes' 	HsOpenSSL╗Add data to the entropy pool. It's safe to add sensitive information
   (e.g. user passwords etc) to the pool. Also, adding data with an entropy
   of 0 can never hurt.%  	HsOpenSSLthe number of bytes requested&  	HsOpenSSLthe number of bytes requested'  	HsOpenSSL#random data to be added to the pool 	HsOpenSSL3the number of bits of entropy in the first argument%&'%&'           None   '#	( 	HsOpenSSLInstances of class  (% can be converted back and forth to
  ..) 	HsOpenSSLWrap the key (i.g. RSA) into  -.* 	HsOpenSSL"Extract the concrete key from the  -. Returns
  Щ if the type mismatches.+ 	HsOpenSSLDo the same as EVP_PKEY_size()., 	HsOpenSSL3Return the default digesting algorithm for the key.. 	HsOpenSSLVaguePKey is a  Ч to  -п , that is either public
 key or a ker pair. We can't tell which at compile time.7 	HsOpenSSLDigestе  is an opaque object that represents an algorithm of
 message digest.9 	HsOpenSSL
CryptoMode represents instruction to cipher and such like.@ 	HsOpenSSLCipherг  is an opaque object that represents an algorithm of
 symmetric cipher.H 	HsOpenSSLkey 	HsOpenSSLIV6()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]6@A?BC=><DEF9:;GHIJKL786M453NOPQRS120TUVW./-()*+,YXZ[\]           None   +L^ 	HsOpenSSL ^ name3 returns a message digest algorithm whose
 name is name-. If no algorithms are found, the result is
 Nothing._ 	HsOpenSSL _6 returns a list of name of message digest
 algorithms.` 	HsOpenSSL `Р  digests a stream of data. The string must
 not contain any letters which aren't in the range of U+0000 -
 U+00FF.a 	HsOpenSSL a digests a chunk of data.b 	HsOpenSSL b digests a stream of data.c 	HsOpenSSLг Perform a private key signing using the HMAC template with a given hashe 	HsOpenSSLа Calculate a PKCS5-PBKDF2 SHA1-HMAC suitable for password hashing.c  	HsOpenSSL0the hash function to use in the HMAC calculation 	HsOpenSSLthe HMAC key 	HsOpenSSLthe data to be signed 	HsOpenSSLresulting HMACe  	HsOpenSSLpassword 	HsOpenSSLsalt 	HsOpenSSL
iterations 	HsOpenSSLdestination key length 	HsOpenSSLdestination key	7^_`abcde	7^_`abcde           None   1f 	HsOpenSSL f name5 returns a symmetric cipher algorithm
 whose name is name-. If no algorithms are found, the result is
 Nothing.g 	HsOpenSSL g8 returns a list of name of symmetric cipher
 algorithms.h 	HsOpenSSLе Encrypt a lazy bytestring in a strict manner. Does not leak the keys.i 	HsOpenSSL iХ  lazilly encrypts or decrypts a stream of data. The
 input string doesn't necessarily have to be finite.j 	HsOpenSSL j/ strictly encrypts or decrypts a chunk of data.k 	HsOpenSSL kХ  lazilly encrypts or decrypts a stream of data. The
 input string doesn't necessarily have to be finite.h  	HsOpenSSLCipher 	HsOpenSSLKey 	HsOpenSSLIV 	HsOpenSSLEncrypt/Decrypt 	HsOpenSSLInputi  	HsOpenSSLalgorithm to use 	HsOpenSSLsymmetric key 	HsOpenSSLIV 	HsOpenSSL	operation 	HsOpenSSL▄An input string to encrypt/decrypt. Note
   that the string must not contain any letters
   which aren't in the range of U+0000 -
   U+00FF. 	HsOpenSSLthe result stringj  	HsOpenSSLalgorithm to use 	HsOpenSSLsymmetric key 	HsOpenSSLIV 	HsOpenSSL	operation 	HsOpenSSLinput string to encrypt/decrypt 	HsOpenSSLthe result stringk  	HsOpenSSLalgorithm to use 	HsOpenSSLsymmetric key 	HsOpenSSLIV 	HsOpenSSL	operation 	HsOpenSSLinput string to encrypt/decrypt 	HsOpenSSLthe result string
9:;@fghijk
@fg9:;ijkh    	       None   2Еp 	HsOpenSSL<Construct a new context which holds the key schedule and IV.q 	HsOpenSSLО Encrypt some number of blocks using CBC. This is an IO function because
   the context is destructivly updated.p  	HsOpenSSL)For CTR mode, this must always be Encrypt 	HsOpenSSLKey: 128, 192 or 256 bits long 	HsOpenSSLIV: 16 bytes longq  	HsOpenSSLcontext 	HsOpenSSL0input, must be multiple of block size (16 bytes)lmnopqmnolpq    
       None   8Iu 	HsOpenSSL u/ is an opaque object representing a big number.v 	HsOpenSSL v f allocates a  u and computes f. Then it
 frees the  u.y 	HsOpenSSLConvert a BIGNUM to an  Ъ.z 	HsOpenSSLReturn a new, alloced BIGNUM.{ 	HsOpenSSL { n f converts n to a  u and computes f. Then it
 frees the  u.| 	HsOpenSSLThis is an alias to  y.} 	HsOpenSSLThis is an alias to  z.~ 	HsOpenSSL8Convert an Integer to an MPI. See bnToMPI for the format 	HsOpenSSL8Convert an MPI to an Integer. See bnToMPI for the format─ 	HsOpenSSL ─ a p m
 computes a to the p-th power modulo m.│ 	HsOpenSSLХ Return a strongly random number in the range 0 <= x < n where the given
   filter function returns true.┌ 	HsOpenSSLъ Return a random number in the range 0 <= x < n where the given
   filter function returns true.┐ 	HsOpenSSL7Return a strongly random number in the range 0 <= x < n└ 	HsOpenSSL6Return a strongly random number in the range 0 < x < n┘ 	HsOpenSSL.Return a random number in the range 0 <= x < n├ 	HsOpenSSL-Return a random number in the range 0 < x < n│  	HsOpenSSLa filter function 	HsOpenSSLone plus the upper limit┌  	HsOpenSSLa filter function 	HsOpenSSLone plus the upper limittuvwxyz{|}~─│┌┐└┘├utv{}xw|zy~─│┌┐┘└├          None3  A~┤ 	HsOpenSSL ┤т  represents a callback function to get
 informed the progress of RSA key generation.callback 0 i  is called after generating the i-th potential
   prime number.0While the number is being tested for primality, callback 1 j is
   called after the j-th iteration (j = 0, 1, ...).	When the nи -th randomly generated prime is rejected as not
   suitable for the key, callback 2 n is called.When a random p has been found with p-1 relatively prime to
   e, it is called as callback 3 0.'The process is then repeated for prime q with callback 3 1.┬ 	HsOpenSSL ┬ a is either  ▒ or  ░.┴ 	HsOpenSSL ┴ key returns the length of key.┼ 	HsOpenSSL ┼ key' returns the public modulus of the key.▀ 	HsOpenSSL ▀ key( returns the public exponent of the key.░ 	HsOpenSSL ░1 is an opaque object that represents RSA keypair.▒ 	HsOpenSSL ▒4 is an opaque object that represents RSA public key.▓ 	HsOpenSSL6Make a copy of the public parameters of the given key.■ 	HsOpenSSL ■ generates an RSA keypair.∙ 	HsOpenSSLA simplified alternative to  ■√ 	HsOpenSSL √ privKey) returns the private exponent of the key.≈ 	HsOpenSSL ≈ privkey! returns the secret prime factor p of the key.≤ 	HsOpenSSL ≤ privkey! returns the secret prime factor q of the key.≥ 	HsOpenSSL ≥ privkey	 returns d mod (p-1) of the key.  	HsOpenSSL   privkey	 returns d mod (q-1) of the key.⌡ 	HsOpenSSL ⌡ privkey	 returns 
q^-1 mod p of the key.■  	HsOpenSSLл The number of bits of the public modulus
   (i.e. key size). Key sizes with n <
   1024 should be considered insecure. 	HsOpenSSLф The public exponent. It is an odd
   number, typically 3, 17 or 65537. 	HsOpenSSLA callback function. 	HsOpenSSLThe generated keypair.∙  	HsOpenSSLл The number of bits of the public modulus
   (i.e. key size). Key sizes with n <
   1024 should be considered insecure. 	HsOpenSSLф The public exponent. It is an odd
   number, typically 3, 17 or 65537. 	HsOpenSSLThe generated keypair.┤┬▌▄┴┼▀█▐░▒▓⌠■∙√≈≤≥ ⌡┬▌▄┴┼▀█▒░▐┤■∙√≈≤≥ ⌡▓⌠          None   D3є 	HsOpenSSL%Dump a public key to ASN.1 DER format╔ 	HsOpenSSL(Parse a public key from ASN.1 DER formatі 	HsOpenSSL&Dump a private key to ASN.1 DER formatї 	HsOpenSSL)Parse a private key from ASN.1 DER formatє  	HsOpenSSLYou can pass either  ▒ or  ░3
   because both contain the necessary information. 	HsOpenSSL/The public key information encoded in ASN.1 DERї  	HsOpenSSL0The private key information encoded in ASN.1 DER 	HsOpenSSLThis can return either  ▒ or
    ░4 because there≥@s sufficient
   information for both.є╔іїє╔ії           None3  L▓╗ 	HsOpenSSL ╗ a is either  Ё or  ╡.╘ 	HsOpenSSLReturn the length of key.╙ 	HsOpenSSL*Return the public prime number of the key.╚ 	HsOpenSSL$Return the public 160-bit subprime, 	q | p - 1 of the key.╛ 	HsOpenSSL3Return the public generator of subgroup of the key.ґ 	HsOpenSSLReturn the public key y = g^x.╡ 	HsOpenSSLк The type of a DSA keypair, includes parameters p, q, g, public and private.Ё 	HsOpenSSLе The type of a DSA public key, includes parameters p, q, g and public.Є 	HsOpenSSLЎGenerate DSA parameters (*not* a key, but required for a key). This is a
   compute intensive operation. See FIPS 186-2, app 2. This agrees with the
   test vectors given in FIP 186-2, app 5╣ 	HsOpenSSL2Generate a new DSA keypair, given valid parametersІ 	HsOpenSSLReturn the private key x.Ї 	HsOpenSSLы Convert a DSAPubKey object to a tuple of its members in the
   order p, q, g, and public.╦ 	HsOpenSSLБ Convert a DSAKeyPair object to a tuple of its members in the
   order p, q, g, public and private.╧ 	HsOpenSSL:Convert a tuple of members (in the same format as from
    Ї) into a DSAPubKey object╨ 	HsOpenSSL:Convert a tuple of members (in the same format as from
    Ї) into a DSAPubKey object╩ 	HsOpenSSL▐A utility function to generate both the parameters and the key pair at the
   same time. Saves serialising and deserialising the parameters too╪ 	HsOpenSSLіSign pre-digested data. The DSA specs call for SHA1 to be used so, if you
   use anything else, YMMV. Returns a pair of Integers which, together, are
   the signatureҐ 	HsOpenSSL+Verify pre-digested data given a signature.Є  	HsOpenSSL;The number of bits in the generated prime: 512 <= x <= 1024 	HsOpenSSL*optional seed, its length must be 20 bytes 	HsOpenSSL+(iteration count, generator count, p, q, g)╣  	HsOpenSSLp 	HsOpenSSLq 	HsOpenSSLg╩  	HsOpenSSL;The number of bits in the generated prime: 512 <= x <= 1024 	HsOpenSSL*optional seed, its length must be 20 bytes╗╘ў╙╚╛ґ╞╟╠╡ЁЄ╣ІЇ╦╧╨╩╪Ґ╗╘ў╙╚╛ґ╞╟Ё╡╠Є╣╩╪ҐІЇ╦╧╨          None3ф т ы   Pxф 	HsOpenSSLЯ This is an opaque type to hold an arbitrary keypair in it. The
 actual key type can be safelly type-casted using  й.г 	HsOpenSSLТ This is an opaque type to hold an arbitrary public key in it. The
 actual key type can be safelly type-casted using  м.х 	HsOpenSSLн Instances of this class has both of public and private portions of
 a keypair.и 	HsOpenSSL0Wrap an arbitrary keypair into polymorphic type  ф.й 	HsOpenSSLCast from the polymorphic type  ф to the concrete
 type. Return  Щ if failed.к 	HsOpenSSLП Instances of this class has at least public portion of a
 keypair. They might or might not have the private key.л 	HsOpenSSL4Wrap an arbitrary public key into polymorphic type
  г.м 	HsOpenSSLCast from the polymorphic type  г to the concrete
 type. Return  Щ if failed. фгхийклмклмхийгф           None3  T▌ъ 	HsOpenSSL ъ% represents a result of verification.Б 	HsOpenSSL Б┐ verifies a signature and a stream of data. The string
 must not contain any letters which aren't in the range of U+0000 -
 U+00FF.Ц 	HsOpenSSL Ц* verifies a signature and a chunk of data.Д 	HsOpenSSL Д* verifies a signature of a stream of data.Б  	HsOpenSSLmessage digest algorithm to use 	HsOpenSSLmessage signature 	HsOpenSSL"public key to verify the signature 	HsOpenSSLinput string to verify 	HsOpenSSLthe result of verificationЦ  	HsOpenSSLmessage digest algorithm to use 	HsOpenSSLmessage signature 	HsOpenSSL"public key to verify the signature 	HsOpenSSLinput string to verify 	HsOpenSSLthe result of verificationД  	HsOpenSSLmessage digest algorithm to use 	HsOpenSSLmessage signature 	HsOpenSSL"public key to verify the signature 	HsOpenSSLinput string to verify 	HsOpenSSLthe result of verificationъЮАБЦДъЮАБЦД           None   WЮГ 	HsOpenSSL Г┘ generates a signature from a stream of data. The string
 must not contain any letters which aren't in the range of U+0000 -
 U+00FF.Х 	HsOpenSSL Х, generates a signature from a chunk of data.И 	HsOpenSSL И- generates a signature from a stream of data.Г  	HsOpenSSLmessage digest algorithm to use 	HsOpenSSL&private key to sign the message digest 	HsOpenSSLinput string 	HsOpenSSLthe result signatureХ  	HsOpenSSLmessage digest algorithm to use 	HsOpenSSL&private key to sign the message digest 	HsOpenSSLinput string 	HsOpenSSLthe result signatureИ  	HsOpenSSLmessage digest algorithm to use 	HsOpenSSL&private key to sign the message digest 	HsOpenSSLinput string 	HsOpenSSLthe result signatureГХИГХИ           None   \ЄЙ 	HsOpenSSL Йэ  lazilly encrypts a stream of data. The input string
 doesn't necessarily have to be finite.К 	HsOpenSSL К# strictly encrypts a chunk of data.Л 	HsOpenSSL Лэ  lazilly encrypts a stream of data. The input string
 doesn't necessarily have to be finite.Й  	HsOpenSSL!symmetric cipher algorithm to use 	HsOpenSSL┤A list of public keys to encrypt a
   symmetric key. At least one public key
   must be supplied. If two or more keys are
   given, the symmetric key are encrypted by
   each public keys so that any of the
   corresponding private keys can decrypt
   the message. 	HsOpenSSLinput string to encrypt 	HsOpenSSL:(encrypted string, list of encrypted asymmetric
 keys, IV)К  	HsOpenSSL!symmetric cipher algorithm to use 	HsOpenSSL1list of public keys to encrypt a
   symmetric key 	HsOpenSSLinput string to encrypt 	HsOpenSSL:(encrypted string, list of encrypted asymmetric
 keys, IV)Л  	HsOpenSSL!symmetric cipher algorithm to use 	HsOpenSSL1list of public keys to encrypt a
   symmetric key 	HsOpenSSLinput string to encrypt 	HsOpenSSL:(encrypted string, list of encrypted asymmetric
 keys, IV)ЙКЛЙКЛ           None   aМ 	HsOpenSSL Мэ  lazilly decrypts a stream of data. The input string
 doesn't necessarily have to be finite.Н 	HsOpenSSL Н decrypts a chunk of data.О 	HsOpenSSL Оэ  lazilly decrypts a stream of data. The input string
 doesn't necessarily have to be finite.М  	HsOpenSSL!symmetric cipher algorithm to use 	HsOpenSSL3encrypted symmetric key to decrypt the input string 	HsOpenSSLIV 	HsOpenSSL(private key to decrypt the symmetric key 	HsOpenSSLinput string to decrypt 	HsOpenSSLdecrypted stringН  	HsOpenSSL!symmetric cipher algorithm to use 	HsOpenSSL3encrypted symmetric key to decrypt the input string 	HsOpenSSLIV 	HsOpenSSL(private key to decrypt the symmetric key 	HsOpenSSLinput string to decrypt 	HsOpenSSLdecrypted stringО  	HsOpenSSL!symmetric cipher algorithm to use 	HsOpenSSL3encrypted symmetric key to decrypt the input string 	HsOpenSSLIV 	HsOpenSSL(private key to decrypt the symmetric key 	HsOpenSSLinput string to decrypt 	HsOpenSSLdecrypted stringМНОМНО           None   bЙС 	HsOpenSSL С gen n generates n-bit long DH parameters.Т 	HsOpenSSL#Get DH parameters length (in bits).У 	HsOpenSSL&Check that DH parameters are coherent.Ж 	HsOpenSSLх The first step of a key exchange. Public and private keys are generated.В 	HsOpenSSL!Get parameters of a key exchange.Ь 	HsOpenSSLGet the public key.Ы 	HsOpenSSL:Compute the shared key using the other party's public key. ПЯРСТУЖВЬЫПЯРСТУЖВЬЫ    !       None   wX─ 	HsOpenSSLBIO is a 
ForeignPtr= to an opaque BIO object. They are created by newXXX actions.│ 	HsOpenSSLComputation of  │ a b
 connects b behind a.Example:Ъdo b64 <- newBase64 True
   mem <- newMem
   bioPush b64 mem

   -- Encode some text in Base64 and write the result to the
   -- memory buffer.
   bioWrite b64 "Hello, world!"
   bioFlush b64

   -- Then dump the memory buffer.
   bioRead mem >>= putStrLn┌ 	HsOpenSSLa  ┌ b is an alias to  │ a b.┐ 	HsOpenSSLa  ┐ b is an alias to  │ b a.└ 	HsOpenSSL └ [bio1, bio2, ..] connects many BIOs at once.┘ 	HsOpenSSL ┘ bio┌ normally writes out any internally buffered data,
 in some cases it is used to signal EOF and that no more data will
 be written.├ 	HsOpenSSL ├ bio. typically resets a BIO to some initial state.┤ 	HsOpenSSL ┤ bio returns 1 if bioл  has read EOF, the precise
 meaning of EOF varies according to the BIO type.┬ 	HsOpenSSL ┬ bio lazily reads all data in bio.┴ 	HsOpenSSL ┴ bio len attempts to read len bytes from bioк ,
 then return a ByteString. The actual length of result may be less
 than len.┼ 	HsOpenSSL ┼ bio lazily reads all data in bio , then return a
 LazyByteString.▀ 	HsOpenSSL ▀ bio len2 normally attempts to read one line of data
 from bio of maximum length len5. There are exceptions to this
 however, for example  ▀ж  on a digest BIO will calculate and
 return the digest and other BIOs may not support  ▀ at all.▄ 	HsOpenSSL ▄ does the same as  ▀ but returns ByteString.█ 	HsOpenSSL █ does the same as  ▀ but returns
 LazyByteString.▌ 	HsOpenSSL ▌ bio str lazily writes entire str to bio4. The
 string doesn't necessarily have to be finite.▐ 	HsOpenSSL ▐ bio bs writes bs to bio.░ 	HsOpenSSL ░ bio lbs lazily writes entire lbs to bio4. The
 string doesn't necessarily have to be finite.▒ 	HsOpenSSL ▒ noNL┼ creates a Base64 BIO filter. This is a filter
 bio that base64 encodes any data written through it and decodes any
 data read through it.If noNLФ  flag is True, the filter encodes the data all on one line
 or expects the data to be all on one line.Base64 BIOs do not support  ▀. ┘² on a Base64 BIO that is being written through is used to
 signal that no more data is to be encoded: this is used to flush
 the final block through the BIO.▓ 	HsOpenSSL ▓	 mBufSizeк creates a buffering BIO filter. Data
 written to a buffering BIO is buffered and periodically written to
 the next BIO in the chain. Data read from a buffering BIO comes
 from the next BIO in the chain.Buffering BIOs support  ▀.Calling  ├- on a buffering BIO clears any buffered data.ЭQuestion: When I created a BIO chain like this and attempted to
 read from the buf, the buffering BIO weirdly behaved: BIO_read()
 returned nothing, but both BIO_eof() and BIO_should_retry()
 returned zero. I tried to examine the source code of
 crypto/bio/bf_buff.c but it was too complicated to
 understand. Does anyone know why this happens? The version of
 OpenSSL was 0.9.7l.Іmain = withOpenSSL $
       do mem <- newConstMem "Hello, world!"
          buf <- newBuffer Nothing
          mem ==> buf

          bioRead buf >>= putStrLn -- This fails, but why?4I am being depressed for this unaccountable failure.⌠ 	HsOpenSSL ⌠╩ creates a memory BIO sink/source. Any data written to
 a memory BIO can be recalled by reading from it. Unless the memory
 BIO is read only any data read from it is deleted from the BIO.Memory BIOs support  ▀.Calling  ├⌡ on a read write memory BIO clears any data in
 it. On a read only BIO it restores the BIO to its original state
 and the read only data can be read again. ┤" is true if no data is in the BIO.ЎEvery read from a read write memory BIO will remove the data just
 read with an internal copy operation, if a BIO contains a lots of
 data and it is read in small chunks the operation can be very
 slow. The use of a read only memory BIO avoids this problem. If the
 BIO must be read write then adding a buffering BIO ( ▓*) to
 the chain will speed up the process.■ 	HsOpenSSL ■ str' creates a read-only memory BIO source.∙ 	HsOpenSSL ∙ bs	 is like  ■ but takes a ByteString.√ 	HsOpenSSL √ lbs	 is like  ■ but takes a
 LazyByteString.≈ 	HsOpenSSL ≈ъ  creates a null BIO sink/source. Data written to
 the null sink is discarded, reads return EOF.÷A null sink is useful if, for example, an application wishes to
 digest some data by writing through a digest bio but not send the
 digested data anywhere. Since a BIO chain must normally include a
 source/sink BIO this can be achieved by adding a null sink BIO to
 the end of the chain.▓  	HsOpenSSLExplicit buffer size (Just n) or the
 default size (Nothing).≤─≥ ⌡│┌┐└┘├┤┬┴┼▀▄█▌▐░▒▓⌠■∙√≈     "       None   w╞  °²·÷═║╒ёє╔ії     #       None   wЕ  ╗╘╙╚            None   ┐>Ч 	HsOpenSSL Ч7 is an opaque object that represents X.509 certificate.Ъ 	HsOpenSSL Ъз  creates an empty certificate. You must set the
 following properties to and sign it (see  ┬#) to actually
 use the certificate.
VersionSee  ▄.Serial numberSee  ▌.Issuer nameSee  ░.Subject nameSee  ▓.ValiditySee  ■ and  √.
Public KeySee  ≤.┘ 	HsOpenSSL ┘ cert+ writes an X.509 certificate to DER string.├ 	HsOpenSSL ├ der reads in a certificate.┤ 	HsOpenSSL ┤ cert1 cert2 compares two certificates.┬ 	HsOpenSSL ┬0 signs a certificate with an issuer private key.┴ 	HsOpenSSL ┴ю  verifies a signature of certificate with an issuer
 public key.┼ 	HsOpenSSL ┼ cert6 translates a certificate into human-readable
 format.▀ 	HsOpenSSL ▀ certГ  returns the version number of certificate. It
 seems the number is 0-origin: version 2 means X.509 v3.▄ 	HsOpenSSL ▄	 cert ver+ updates the version number of certificate.█ 	HsOpenSSL █ cert* returns the serial number of certificate.▌ 	HsOpenSSL ▌	 cert num+ updates the serial number of
 certificate.▐ 	HsOpenSSL ▐( returns the issuer name of certificate.░ 	HsOpenSSL ░
 cert nameЛ  updates the issuer name of
 certificate. Keys of each parts may be of either long form or short
 form. See  ▐.▒ 	HsOpenSSL ▒ cert wantLongName/ returns the subject name of
 certificate. See  ▐.▓ 	HsOpenSSL ▓
 cert name/ updates the subject name of
 certificate. See  ░.⌠ 	HsOpenSSL ⌠ cert; returns the time when the certificate begins
 to be valid.■ 	HsOpenSSL ■	 cert utc; updates the time when the certificate
 begins to be valid.∙ 	HsOpenSSL ∙ cert0 returns the time when the certificate
 expires.√ 	HsOpenSSL √	 cert utc0 updates the time when the certificate
 expires.≈ 	HsOpenSSL ≈ cert7 returns the public key of the subject of
 certificate.≤ 	HsOpenSSL ≤ cert pubkey7 updates the public key of the subject
 of certificate.≥ 	HsOpenSSL ≥ cert; returns every subject email addresses in
 the certificate.┬  	HsOpenSSLThe certificate to be signed. 	HsOpenSSLThe private key to sign with. 	HsOpenSSLA hashing algorithm to use. If Nothingе 
   the most suitable algorithm for the key
   is automatically used.┴  	HsOpenSSLThe certificate to be verified. 	HsOpenSSLThe public key to verify with.▐  	HsOpenSSLThe certificate to examine. 	HsOpenSSLTrueу  if you want the keys of each parts
   to be of long form (e.g. "commonName"),
   or False if you don't (e.g. "CN"). 	HsOpenSSL%Pairs of key and value,
 for example 0(\"C\",
 \"JP\"), (\"ST\",
 \"Some-State\"), ....ЩЧЪ─│┌┐└┘├┤┬┴┼▀▄█▌▐░▒▓⌠■∙√≈≤≥ЧЩЪ─│┌┐└┘├┤┬┴┼▀▄█▌▐░▒▓⌠■∙√≈≤≥          None   █╧⌡ 	HsOpenSSL ⌡б  is an opaque object that represents PKCS#10
 certificate request.° 	HsOpenSSL °Б  creates an empty certificate request. You must set
 the following properties to and sign it (see  ÷+) to
 actually use the certificate request.
VersionSee  є.Subject NameSee  і.
Public KeySee  ╗.÷ 	HsOpenSSL ÷9 signs a certificate request with a subject private
 key.═ 	HsOpenSSL ═х  verifies a signature of certificate request with
 a subject public key.║ 	HsOpenSSL ║ req> translates a certificate request into
 human-readable format.╒ 	HsOpenSSL ╒ req4 writes a PKCS#10 certificate request to DER string.ё 	HsOpenSSL ё req4 returns the version number of certificate
 request.є 	HsOpenSSL є req ver4 updates the version number of certificate
 request.╔ 	HsOpenSSL ╔ req wantLongName7 returns the subject name of
 certificate request. See   $ of
 OpenSSL.X509.і 	HsOpenSSL і	 req name7 updates the subject name of
 certificate request. See   % of
 OpenSSL.X509.ї 	HsOpenSSL ї req? returns the public key of the subject of
 certificate request.╗ 	HsOpenSSL ╗ req? updates the public key of the subject of
 certificate request.╘ 	HsOpenSSL ╘ req [(nid, str)]E.g., nid 85 = subjectAltName а http://osxr.org:8080/openssl/source/crypto/objects/objects.h#0476 (TODO: more docs; NID type)╙ 	HsOpenSSL ╙	 req certж creates an empty X.509 certificate
 and copies as much data from the request as possible. The resulting
 certificate doesn't have the following data and it isn't signed so
 you must fill them and sign it yourself.Serial number#Validity (Not Before and Not After)Example:²import Data.Time.Clock

genCert :: X509 -> EvpPKey -> Integer -> Int -> X509Req -> IO X509
genCert caCert caKey serial days req
    = do cert <- makeX509FromReq req caCert
         now  <- getCurrentTime
         setSerialNumber cert serial
         setNotBefore cert $ addUTCTime (-1) now
         setNotAfter  cert $ addUTCTime (days * 24 * 60 * 60) now
         signX509 cert caKey Nothing
         return cert÷  	HsOpenSSLThe request to be signed. 	HsOpenSSLThe private key to sign with. 	HsOpenSSL"A hashing algorithm to use. If
   Nothingб  the most suitable algorithm
   for the key is automatically used.═  	HsOpenSSLThe request to be verified. 	HsOpenSSLThe public key to verify with. ⌡°²·÷═║╒ёє╔ії╗╘╙⌡ °²·÷═║╒╙ёє╔ії╗╘          None3  ≈	╚ 	HsOpenSSL ╚ф represents a revoked certificate in a
 list. Each certificates are supposed to be distinguishable by
 issuer name and serial number, so it is sufficient to have only
 serial number on each entries.╟ 	HsOpenSSL ╟б  is an opaque object that represents Certificate Revocation
 List.╠ 	HsOpenSSL ╠ч  creates an empty revocation list. You must set the
 following properties to and sign it (see  ЄУ ) to actually use
 the revocation list. If you have any certificates to be listed, you
 must of course add them (see  ю) before signing the list.
VersionSee  ╦.Last UpdateSee  ╨.Next UpdateSee  ╪.Issuer NameSee  Ў.Є 	HsOpenSSL Є4 signs a revocation list with an issuer private key.╣ 	HsOpenSSL ╣д  verifies a signature of revocation list with an
 issuer public key.І 	HsOpenSSL І: translates a revocation list into human-readable
 format.Ї 	HsOpenSSL Ї crl/ returns the version number of revocation list.╦ 	HsOpenSSL ╦ crl ver0 updates the version number of revocation
 list.╧ 	HsOpenSSL ╧ crlб  returns the time when the revocation list
 has last been updated.╨ 	HsOpenSSL ╨ crl utcб  updates the time when the revocation
 list has last been updated.╩ 	HsOpenSSL ╩ crlа  returns the time when the revocation list
 will next be updated.╪ 	HsOpenSSL ╪ crl utcа  updates the time when the revocation
 list will next be updated.Ґ 	HsOpenSSL Ґ crl wantLongName2 returns the issuer name of
 revocation list. See   & of
 OpenSSL.X509.Ў 	HsOpenSSL Ў	 crl name2 updates the issuer name of revocation
 list. See   ' of OpenSSL.X509.© 	HsOpenSSL © crl* returns the list of revoked certificates.ю 	HsOpenSSL ю crl revoked- add the certificate to the revocation
 list.а 	HsOpenSSL а crl serial' looks up the corresponding revocation.б 	HsOpenSSL б crl/ sorts the certificates in the revocation list.Є  	HsOpenSSL!The revocation list to be signed. 	HsOpenSSLThe private key to sign with. 	HsOpenSSLA hashing algorithm to use. If Nothingе 
   the most suitable algorithm for the key
   is automatically used.╚╛ґў╞╟╠╡ЁЄ╣ІЇ╦╧╨╩╪ҐЎ©юаб╟╞╚╛ґў╠╡ЁЄ╣ІбЇ╦╧╨╩╪ҐЎ©юа          None   ≤Дх 	HsOpenSSL хЩ  is an opaque object that represents X.509
 certificate store. The certificate store is usually used for chain
 verification.и 	HsOpenSSL и* creates an empty X.509 certificate store.л 	HsOpenSSL л store cert adds a certificate to store.м 	HsOpenSSL м
 store crl! adds a revocation list to store. ефгхийклмнопярсхгийклмефнопярс          None%3567ф ы   ╧7:т 	HsOpenSSLа A failure in the SSL library occurred, usually a protocol
 error.ж 	HsOpenSSLв The peer uncleanly terminated the connection without sending the
 "close notify" alert.в 	HsOpenSSL/The root exception type for all SSL exceptions.ы 	HsOpenSSL"wait for the peer to also shutdownз 	HsOpenSSLonly send our shutdownш 	HsOpenSSL©This is the type of an SSL IO operation. Errors are handled by
 exceptions while everything else is one of these. Note that reading
 from an SSL socket can result in WantWrite and vice versa.э 	HsOpenSSLoperation finished successfullyщ 	HsOpenSSL needs more data from the networkч 	HsOpenSSL needs more outgoing buffer spaceъ 	HsOpenSSL%This is the type of an SSL connection┼IO with SSL objects is non-blocking and many SSL functions return a error
   code which signifies that it needs to read or write more data. We handle
   these calls and call threadWaitRead and threadWaitWrite at the correct
   times. Thus multiple OS threads can be blocked≥ inside IO in the same SSL
   object at a time, because they aren't really in the SSL object, they are
   waiting for the RTS to wake the Haskell thread.Ю 	HsOpenSSLGet the underlying socket FdА 	HsOpenSSL+Get the socket underlying an SSL connectionЦ 	HsOpenSSLSee 7http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html Ф 	HsOpenSSLis a certificate requiredГ 	HsOpenSSL only request once per connectionХ 	HsOpenSSLoptional callbackИ 	HsOpenSSLБAn SSL context. Contexts carry configuration such as a server's private
   key, root CA certiifcates etc. Contexts are stateful IO objects; they
   start empty and various options are set on them by the functions in this
   module. Note that an empty context will pretty much cause any operation to
   fail since it doesn't even have any ciphers enabled.К 	HsOpenSSLCreate a new SSL context.Л 	HsOpenSSLь Run the given action with the raw context pointer and obtain the lock
   while doing so.М 	HsOpenSSL%Add a protocol option to the context.Н 	HsOpenSSL*Remove a protocol option from the context.О 	HsOpenSSL%Install a private key into a context.П 	HsOpenSSL2Install a certificate (public key) into a context.Я 	HsOpenSSLпInstall a private key file in a context. The key is given as a path to the
   file which contains the key. The file is parsed first as PEM and, if that
   fails, as ASN1. If both fail, an exception is raised.Р 	HsOpenSSLщInstall a certificate (public key) file in a context. The key is given as
   a path to the file which contains the key. The file is parsed first as PEM
   and, if that fails, as ASN1. If both fail, an exception is raised.С 	HsOpenSSL≤Install a certificate chain in a context. The certificates must be in PEM
 format and must be sorted starting with the subject's certificate (actual
 client or server certificate), followed by intermediate CA certificates if
 applicable, and ending at the highest level (root) CA.Т 	HsOpenSSLЧ Set the ciphers to be used by the given context. The string argument is a
   list of ciphers, comma separated, as given at
   -http://www.openssl.org/docs/apps/ciphers.html Х Unrecognised ciphers are ignored. If no ciphers from the list are
   recognised, an exception is raised.Ж 	HsOpenSSLИ Return true iff the private key installed in the given context matches the
   certificate also installed.Ь 	HsOpenSSL░Specifies that the default locations from which CA certificates are loaded
 should be used. There is one default directory and one default file.╧The default CA certificates directory is called "certs" in the default OpenSSL
 directory. Alternatively the SSL_CERT_DIR environment variable can be defined
 to override this location.╦The default CA certificates file is called "cert.pem" in the default OpenSSL
 directory. Alternatively the SSL_CERT_FILE environment
 variable can be defined to override this location.See я https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_default_verify_paths.html  for
 more information.Ы 	HsOpenSSLМ Set the location of a PEM encoded list of CA certificates to be used when
   verifying a server's certificateЗ 	HsOpenSSLН Set the path to a directory which contains the PEM encoded CA root
   certificates. This is an alternative to  Ы	. See
   б http://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html ) for
   details of the file naming schemeШ 	HsOpenSSLв Get a reference to, not a copy of, the X.509 certificate storage
   in the SSL context.Э 	HsOpenSSLб Set context within which session can be reused (server side only).░If client certificates are used and the session id context is not set,
 attempts by the clients to reuse a session will make the handshake fail.Щ 	HsOpenSSL▓Wrap a Socket in an SSL connection. Reading and writing to the Socket
   after this will cause weird errors in the SSL code. The SSL object
   carries a handle to the Socket so you need not worry about the garbage
   collector closing the file descriptor out from under you.Ч 	HsOpenSSL&Wrap a socket Fd in an SSL connection.Ъ 	HsOpenSSLд Run continuation with exclusive access to the underlying SSL object.─ 	HsOpenSSL,Add a protocol option to the SSL connection.│ 	HsOpenSSL1Remove a protocol option from the SSL connection.┌ 	HsOpenSSL.Set host name for Server Name Indication (SNI)┐ 	HsOpenSSL%Enable hostname validation. Also see  ┌.у This uses the built-in mechanism introduced in 1.0.2/1.1.0, and will
 fail otherwise.└ 	HsOpenSSLPerform an SSL server handshake┘ 	HsOpenSSL7Try to perform an SSL server handshake without blocking├ 	HsOpenSSLPerform an SSL client handshake┤ 	HsOpenSSL7Try to perform an SSL client handshake without blocking┬ 	HsOpenSSL╩Try to read the given number of bytes from an SSL connection. On EOF an
   empty ByteString is returned. If the connection dies without a graceful
   SSL shutdown, an exception is raised.┴ 	HsOpenSSLя Try to read the given number of bytes from an SSL connection
   without blocking.┼ 	HsOpenSSLк Read some data into a raw pointer buffer.
 Retrns the number of bytes read.▀ 	HsOpenSSLб Try to read some data into a raw pointer buffer, without blocking.▄ 	HsOpenSSL─Write a given ByteString to the SSL connection. Either all the data is
   written or an exception is raised because of an error.█ 	HsOpenSSLг Try to write a given ByteString to the SSL connection without blocking.▌ 	HsOpenSSL)Send some data from a raw pointer buffer.▐ 	HsOpenSSL;Send some data from a raw pointer buffer, without blocking.░ 	HsOpenSSLШ Lazily read all data until reaching EOF. If the connection dies
   without a graceful SSL shutdown, an exception is raised.▒ 	HsOpenSSLа Write a lazy ByteString to the SSL connection. In contrast to
    ▄°, there is a chance that the string is written partway and
   then an exception is raised for an error. The string doesn't
   necessarily have to be finite.▓ 	HsOpenSSLлCleanly shutdown an SSL connection. Note that SSL has a concept of a
   secure shutdown, which is distinct from just closing the TCP connection.
   This performs the former and should always be preferred.ч This can either just send a shutdown, or can send and wait for the peer's
   shutdown message.⌠ 	HsOpenSSL;Try to cleanly shutdown an SSL connection without blocking.■ 	HsOpenSSLиAfter a successful connection, get the certificate of the other party. If
   this is a server connection, you probably won't get a certificate unless
   you asked for it with contextSetVerificationMode∙ 	HsOpenSSLТGet the result of verifing the peer's certificate. This is mostly for
   clients to verify the certificate of the server that they have connected
   it. You must set a list of root CA certificates with contextSetCA... for
   this to make sense.рNote that this returns True iff the peer's certificate has a valid chain
   to a root CA. You also need to check that the certificate is correct (i.e.
   has the correct hostname in it) with getPeerCertificate. ч 	
 !"#$тужвьызшэщчъАЮБЦДЕФГХИЙКЛМНОПЯРСТУЖВЬЫЗШЭЩЧЪ─│┌┐└┘├┤┬┴┼▀▄█▌▐░▒▓⌠■∙ч ИКМНОПЯРСТУЖЦДЕФГХВЬЫЗШЭъшэщчЩЧ─│┌┐└┘├┤┬┴┼▀▄█▌▐░▒▓⌠ьыз■∙АЮ	
 !"#$вжтуЙЛБЪ           None3  пл
╔ 	HsOpenSSL ╔2 represents a result of PKCS#7
 verification. See  ╨.і 	HsOpenSSLд Nothing if the PKCS#7
   signature was a detached
   signature, and Just content
   if it wasn't.╗ 	HsOpenSSL ╗г  is a set of flags that are used in many operations
 related to PKCS#7.І 	HsOpenSSL Ін represents an abstract PKCS#7 structure. The concrete
 type of structure is hidden in the object: such polymorphism isn't
 very haskellish but please get it out of your mind since OpenSSL is
 written in C.╧ 	HsOpenSSL ╧' creates a PKCS#7 signedData structure.╨ 	HsOpenSSL ╨( verifies a PKCS#7 signedData structure.╩ 	HsOpenSSL ╩* creates a PKCS#7 envelopedData structure.╪ 	HsOpenSSL ╪7 decrypts content from PKCS#7 envelopedData
 structure.Ґ 	HsOpenSSL Ґ+ writes PKCS#7 structure to S/MIME message.Ў 	HsOpenSSL Ў parses S/MIME message.╧  	HsOpenSSLcertificate to sign with 	HsOpenSSLcorresponding private key 	HsOpenSSL┐optional additional set of certificates
   to include in the PKCS#7 structure (for
   example any intermediate CAs in the
   chain) 	HsOpenSSLdata to be signed 	HsOpenSSLAn optional set of flags:
 ╘з Many S/MIME clients
   expect the signed content to include
   valid MIME headers. If the  ╘с 
   flag is set MIME headers for type
   "text/plain" are prepended to the
   data. ╙If  ╙Ў is
   set the signer's certificate will not be
   included in the PKCS#7 structure, the
   signer's certificate must still be
   supplied in the parameter though. This
   can reduce the size of the signature if
   the signer's certificate can be obtained
   by other means: for example a previously
   signed message. ╞х The data being signed
   is included in the PKCS#7 structure,
   unless  ╞⌡ is set in which
   case it is ommited. This is used for
   PKCS#7 detached signatures which are
   used in S/MIME plaintext signed message
   for example. ╟┘Normally the supplied
   content is translated into MIME
   canonical format (as required by the
   S/MIME specifications) but if
    ╟≥ is set no translation
   occurs. This option should be uesd if
   the supplied data is in binary format
   otherwise the translation will corrupt
   it. ╠  ╡вThe signedData
   structure includes several PKCS#7
   authenticatedAttributes including the
   signing time, the PKCS#7 content type
   and the supported list of ciphers in an
   SMIMECapabilities attribute. If
    ╠┘ is set then no
   authenticatedAttributes will be used. If
   Pkcs7NoSmimeCap is set then just the
   SMIMECapabilities are omitted.╨  	HsOpenSSLA PKCS#7 structure to verify. 	HsOpenSSLй Set of certificates in which to
   search for the signer's
   certificate. 	HsOpenSSL;Trusted certificate store (used
   for chain verification). 	HsOpenSSLА Signed data if the content is not
   present in the PKCS#7 structure
   (that is it is detached). 	HsOpenSSLAn optional set of flags:
 ґIf
    ґх is set the
   certificates in the message itself
   are not searched when locating the
   signer's certificate. This means
   that all the signers certificates
   must be in the second argument
   ([ Ч]). ╘If the  ╘╒
   flag is set MIME headers for type
   "text/plain" are deleted from
   the content. If the content is not
   of type "text/plain" then an
   error is returned. ўIf
    ў? is set the
   signer's certificates are not
   chain verified. ╛If  ╛ъ
   is set then the certificates
   contained in the message are not
   used as untrusted CAs. This means
   that the whole verify chain (apart
   from the signer's certificate)
   must be contained in the trusted
   store. ╚If  ╚>
   is set then the signatures on the
   data are not checked.╩  	HsOpenSSL!A list of recipient certificates. 	HsOpenSSLThe content to be encrypted. 	HsOpenSSLThe symmetric cipher to use. 	HsOpenSSLAn optional set of flags:
 ╘If the  ╘с  flag
   is set MIME headers for type
   "text/plain" are prepended to the
   data. ╟│Normally the supplied
   content is translated into MIME
   canonical format (as required by the
   S/MIME specifications) if
    ╟² is set no translation
   occurs. This option should be used if
   the supplied data is in binary format
   otherwise the translation will
   corrupt it. If  ╟ is set
   then  ╘ is ignored.╪  	HsOpenSSL The PKCS#7 structure to decrypt. 	HsOpenSSL!The private key of the recipient. 	HsOpenSSLThe recipient's certificate. 	HsOpenSSLAn optional set of flags:
 ╘If the  ╘═ flag
   is set MIME headers for type
   "text/plain" are deleted from the
   content. If the content is not of
   type "text/plain" then an error is
   thrown. 	HsOpenSSLThe decrypted content.Ґ  	HsOpenSSL!A PKCS#7 structure to be written. 	HsOpenSSLГ If cleartext signing
   (multipart/signed) is being used then
   the signed data must be supplied here. 	HsOpenSSLAn optional set of flags:
 ╞If  ╞Х 
   is set then cleartext signing will be
   used, this option only makes sense for
   signedData where  ╞ is
   also set when  ╧ is also
   called. ╘If the  ╘О  flag
   is set MIME headers for type
   "text/plain" are added to the
   content, this only makes sense if
    ╞ is also set. 	HsOpenSSLThe result S/MIME message.Ў  	HsOpenSSLThe message to be read. 	HsOpenSSL!(The result PKCS#7
   structure, Just contentю 
   if the PKCS#7 structure was
   a cleartext signature and
   Nothing if it wasn't.)╔ії╗╘╙╚╛ґў╞╟╠╡ЁЄ╣ІЇ╦╧╨╩╪ҐЎІ╣╗╘╙╚╛ґў╞╟╠╡ЁЄ╔іїЇ╦╧╨╩╪ҐЎ          None   зац 	HsOpenSSL ц3 represents format of PKCS#10 certificate
 request.д 	HsOpenSSL=The new format, whose header is "NEW
   CERTIFICATE REQUEST".е 	HsOpenSSL9The old format, whose header is "CERTIFICATE
   REQUEST".ф 	HsOpenSSL ф% represents a way to supply password.Ъ FIXME: using PwTTY causes an error but I don't know why:
 "error:0906406D:PEM routines:DEF_CALLBACK:problems getting
 password"г 	HsOpenSSLno passwordх 	HsOpenSSLpassword in a static stringи 	HsOpenSSL password in a static bytestring.й 	HsOpenSSL%get a
   password
   by a
   callbackк 	HsOpenSSLread a password from TTYл 	HsOpenSSL л represents a context of
  о.м 	HsOpenSSLл The callback was called to get
   a password to read something
   encrypted.н 	HsOpenSSLе The callback was called to get
   a password to encrypt
   something.о 	HsOpenSSL о6 represents a callback function to supply a
 password.
Int2The maximum length of the password to be accepted.PemPasswordRWStateThe context.	IO StringThe resulting password.п 	HsOpenSSL п6 writes a private key to PEM string in
 PKCS#8 format.я 	HsOpenSSL я pem supply# reads a private key in PEM string.р 	HsOpenSSL р pubkey writes a public to PEM string.с 	HsOpenSSL с pem" reads a public key in PEM string.т 	HsOpenSSL т cert+ writes an X.509 certificate to PEM string.у 	HsOpenSSL у pem* reads an X.509 certificate in PEM string.ж 	HsOpenSSL ж5 writes a PKCS#10 certificate request to PEM
 string.в 	HsOpenSSL в3 reads a PKCS#10 certificate request in PEM string.ь 	HsOpenSSL ь crl5 writes a Certificate Revocation List to PEM
 string.ы 	HsOpenSSL ы pem3 reads a Certificate Revocation List in PEM string.з 	HsOpenSSL з p7) writes a PKCS#7 structure to PEM string.ш 	HsOpenSSL ш pem( reads a PKCS#7 structure in PEM string.э 	HsOpenSSL э dh$ writes DH parameters to PEM string.щ 	HsOpenSSL щ pem# reads DH parameters in PEM string.п  	HsOpenSSLprivate key to write 	HsOpenSSL>Either (symmetric cipher
   algorithm, password
   supply) or Nothing. If
   Nothing1 is given the
   private key is not
   encrypted. 	HsOpenSSLthe result PEM stringж  	HsOpenSSLrequest 	HsOpenSSLformat 	HsOpenSSLthe result PEM stringцдефгхийклмнопярстужвьызшэщолмнфгхийкпярстуцдежвьызшэщ  ╛   (  )  *   +   ,   -   .   /   0  1  2  3  4  5  6  7  8  9  :  ;  <  =  >  ?  @  A  B  C  D  E  F  G  H  I  J  K  L   M   N   O  P   Q   R   S   T  U  V  V  W  X  X  Y  Z  Z  [  \  \  ]  ^  _  `  a  a  b  c  c   d   e   f   g   h   i   j   k   l   m   n   o   p   q   r   s   t   u   v   w   x   y   z   {   |   }   ~      ─   │   ┌   ┐   └   ┘   ├   ┤   ┬   ┴   ┼   ▀   ▄   █  	▌  	▐  	^  	_  	 ░  	 ▒  	 ▓  	 ⌠  
■  
∙  
 √  
 ≈  
 ≤  
 ≥  
    
 ⌡  
 °  
 ²  
 ·  
 ÷  
 ═  
 ║  
 ╒  
 ё  
 є  
 ╔  
 і  ї  ╗   ╘   ╙   ╚   ╛   ґ   ў  ╞  ╟  ╠   ╡   Ё   Є   ╣   І   Ї   ╦   ╧   ╨   ╩   ╪   Ґ   Ў   ©   ю   а   б   ц   д   е   ф   г  х   и   й   к   л   м   н   о   п  я  р  с   т   у   ж   в   ь   ы   з   ш   э   щ   ч   ъ   Ю   А   Б   Ц   Д   Е  Ф  Г  Х   И   Й  К   Л   М   Н   О   П   Я   Р   С   Т   У   Ж   В   Ь   Ы   З   Ш   Э   Щ   Ч  Ъ  ─  │   ┌   ┐   └   ┘   ├   ┤   ┬   ┴   ┼   ▀   ▄   █   ▌   ▐  ░  ▒  ▓   ⌠   ■   ∙   √   ≈   ≤   ≥       ⌡   °  ²  ·   ÷   ═   ║   ╒   ё   є   ╔   і   ї   ╗   ╘   ╙   ╚   ╛   ґ   ў   &   '   $   %   ╞   ╟   ╠   ╡   Ё   Є   ╣  І  Ї   ╦   ╧   ╨   ╩   ╪   Ґ   Ў   ╚   ╛   $   %   Ё   Є   ©   ю  а  а   б   ц  д  е   ф   г   х   и   й   к   ╚   ╛   л   м   н   о   &   '   п   я   р   с   т   у  ж  в  ь  ы   з   ш   э   щ   ч   ъ   Ю   А   Б   Ц   Д  Е  Е  Ф  Г  Х  И  Й  К  Л  М  Н     О   П  Я  Р  С  Т   У   Ж   В    Ь   Ы   З   Ш   Э   Щ   Ч   Ъ   ─   │   ┌   ┐   └   ┘   ├   ┤   ┬   ┴   ┼   ▀   ▄   █   ▌   ▐   ░   ▒   ▓   ⌠   ■   ∙   √   ≈   ≤   ≥       ⌡   °   ²   ·   ÷   ═   ║   ╒   ё   є   ╔   і   ї   ╗   ╘   ╙   ╚   ╛   ґ   ў   ╞   ╟   ╠   ╡  Ё  Є  ╣  І  Ї  ╦  ╧  ╨  ╩  ╪  Ґ  Ў  ©  ю  а  б  ц  д   е   ф   г   х   и   й   к   л   м   н   о   п  я  р  с  т  у  ж  в  ь  ы  з  ш  э  щ   ч   ъ   Ю   А   Б   Ц   Д   Е   Ф   Г   Х   И   Й   К  Л   М   Н   О   П   Я   Р   С   Т   У   Ж   В  Ь  Ы  З  Ш  Э   Щ   Ч  Ъ   ─   │   ┌    ┐    └    ┘    ├    ┤    ┬    ┴    ┼ ▀▄█ ▀▌▐ ░▒▓  !⌠  ! ■  ! ∙  ! √  ! ≈  ! ≤  ! ≥  !    ! ⌡  ! °  ! ²  ! ·  ! ÷  ! ═  ! ║  ! ╒  ! ё  ! є  ! ╔  ! і  ! ї  ! ╗  ! ╘  ! ╙  !╚  ! ╛  ! ґ  ! ў  "╞  "╟  "╠  "╡  " Ё  " Є  " ╣  " І  " Ї  " ╦  " ╧  " ╨  #╩  # ╪  # Ґ  # Ў©)HsOpenSSL-0.11.7.2-8rSye6KuBAnJeqb2LVFp48OpenSSL
OpenSSL.DHOpenSSL.EVP.Base64OpenSSL.SessionOpenSSL.RandomOpenSSL.EVP.InternalOpenSSL.EVP.DigestOpenSSL.EVP.CipherOpenSSL.Cipher
OpenSSL.BNOpenSSL.RSAOpenSSL.DEROpenSSL.DSAOpenSSL.EVP.PKeyOpenSSL.EVP.VerifyOpenSSL.EVP.SignOpenSSL.EVP.SealOpenSSL.EVP.OpenOpenSSL.X509OpenSSL.X509.RequestOpenSSL.X509.RevocationOpenSSL.X509.StoreOpenSSL.PKCS7OpenSSL.PEMOpenSSL.DH.InternalOpenSSL.ERROpenSSL.ObjectsOpenSSL.SSL.OptionSSL
SSLContextOpenSSL.StackOpenSSL.UtilsOpenSSL.BIOOpenSSL.ASN1OpenSSL.X509.NamegetSubjectNamesetSubjectNamegetIssuerNamesetIssuerNamewithOpenSSLDHDHPencodeBase64encodeBase64BSencodeBase64LBSdecodeBase64decodeBase64BSdecodeBase64LBS	SSLOptionSSL_OP_MICROSOFT_SESS_ID_BUGSSL_OP_NETSCAPE_CHALLENGE_BUG'SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG"SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG!SSL_OP_MICROSOFT_BIG_SSLV3_BUFFERSSL_OP_SAFARI_ECDHE_ECDSA_BUGSSL_OP_SSLEAY_080_CLIENT_DH_BUGSSL_OP_TLS_D5_BUGSSL_OP_TLS_BLOCK_PADDING_BUG"SSL_OP_DONT_INSERT_EMPTY_FRAGMENTSSSL_OP_TLSEXT_PADDING
SSL_OP_ALLSSL_OP_TLS_ROLLBACK_BUGSSL_OP_SINGLE_DH_USESSL_OP_EPHEMERAL_RSASSL_OP_CIPHER_SERVER_PREFERENCESSL_OP_PKCS1_CHECK_1SSL_OP_PKCS1_CHECK_2SSL_OP_NETSCAPE_CA_DN_BUG&SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUGSSL_OP_NO_SSLv2SSL_OP_NO_SSLv3SSL_OP_NO_TLSv1-SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATIONSSL_OP_NO_TICKET(SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATIONSSL_OP_LEGACY_SERVER_CONNECT	randBytes
prandBytesaddPKeytoPKeyfromPKeypkeySizepkeyDefaultMDEVP_PKEY	VaguePKeyHMAC_CTXHmacCtx
EVP_MD_CTX	DigestCtxEVP_MDDigest
CryptoModeEncryptDecryptEVP_CIPHER_CTX	CipherCtx
EVP_CIPHERCipherwithCipherPtrcipherIvLengthnewCipherCtxwithCipherCtxPtrwithNewCipherCtxPtrcipherSetPaddingcipherInitBScipherUpdateBScipherFinalBScipherStrictlycipherLazily	withMDPtrwithDigestCtxPtrdigestUpdateBSdigestFinalBSdigestFinaldigestStrictlydigestLazilywithHmacCtxPtrhmacUpdateBShmacFinalBS
hmacLazilywrapPKeyPtr
createPKeywithPKeyPtrwithPKeyPtr'unsafePKeyToPtr	touchPKeygetDigestByNamegetDigestNamesdigestdigestBS	digestLBShmacBShmacLBSpkcs5_pbkdf2_hmac_sha1getCipherByNamegetCipherNamescipherStrictLBSciphercipherBS	cipherLBSAESCtxMode	newAESCtxaesCBC$fEqMode
$fShowModeBIGNUMBigNumallocaBNunwrapBNwrapBNbnToIntegerintegerToBNwithBNpeekBNnewBNintegerToMPImpiToIntegermodexp randIntegerUptoNMinusOneSuchThat!prandIntegerUptoNMinusOneSuchThatrandIntegerZeroToNMinusOnerandIntegerOneToNMinusOneprandIntegerZeroToNMinusOneprandIntegerOneToNMinusOneRSAGenKeyCallbackRSAKeyrsaSizersaNrsaE
withRSAPtr
peekRSAPtrabsorbRSAPtrRSA
RSAKeyPair	RSAPubKeyrsaCopyPublicrsaKeyPairFinalizegenerateRSAKeygenerateRSAKey'rsaDrsaPrsaQrsaDMP1rsaDMQ1rsaIQMP$fShowRSAKeyPair$fShowRSAPubKey$fOrdRSAKeyPair$fOrdRSAPubKey$fEqRSAKeyPair$fEqRSAPubKey$fRSAKeyRSAKeyPair$fRSAKeyRSAPubKeytoDERPub
fromDERPub	toDERPrivfromDERPrivDSAKeydsaSizedsaPdsaQdsaG	dsaPublic
withDSAPtr
peekDSAPtrabsorbDSAPtrDSA
DSAKeyPair	DSAPubKeygenerateDSAParametersgenerateDSAKey
dsaPrivatedsaPubKeyToTupledsaKeyPairToTupletupleToDSAPubKeytupleToDSAKeyPairgenerateDSAParametersAndKeysignDigestedDataWithDSAverifyDigestedDataWithDSA$fShowDSAKeyPair$fShowDSAPubKey$fOrdDSAKeyPair$fOrdDSAPubKey$fEqDSAKeyPair$fEqDSAPubKey$fDSAKeyDSAKeyPair$fDSAKeyDSAPubKeySomeKeyPairSomePublicKeyKeyPairfromKeyPair	toKeyPair	PublicKeyfromPublicKeytoPublicKey$fPKeyDSAKeyPair$fPKeyDSAPubKey$fPKeyRSAKeyPair$fPKeyRSAPubKey$fPublicKeyDSAKeyPair$fPublicKeyDSAPubKey$fPublicKeyRSAKeyPair$fPublicKeyRSAPubKey$fPKeySomePublicKey$fPublicKeySomePublicKey$fEqSomePublicKey$fKeyPairDSAKeyPair$fKeyPairRSAKeyPair$fPKeySomeKeyPair$fKeyPairSomeKeyPair$fPublicKeySomeKeyPair$fEqSomeKeyPairVerifyStatusVerifySuccessVerifyFailureverifyverifyBS	verifyLBS$fShowVerifyStatus$fEqVerifyStatussignsignBSsignLBSsealsealBSsealLBSopenopenBSopenLBSDHGenDHGen2DHGen5genDHParamsgetDHLengthcheckDHParamsgenDHgetDHParamsgetDHPublicKeycomputeDHKey	$fEqDHGen
$fOrdDHGen$fShowDHGenX509_X509newX509wrapX509withX509PtrwithX509StackunsafeX509ToPtr	touchX509writeDerX509readDerX509compareX509signX509
verifyX509	printX509
getVersion
setVersiongetSerialNumbersetSerialNumbergetNotBeforesetNotBeforegetNotAftersetNotAftergetPublicKeysetPublicKeygetSubjectEmailX509_REQX509Req
newX509ReqwrapX509ReqwithX509ReqPtrsignX509ReqverifyX509ReqprintX509ReqwriteX509ReqDERaddExtensionsmakeX509FromReqRevokedCertificaterevSerialNumberrevRevocationDateX509_CRLCRLnewCRLwrapCRL
withCRLPtrsignCRL	verifyCRLprintCRLgetLastUpdatesetLastUpdategetNextUpdatesetNextUpdategetRevokedList
addRevoked
getRevokedsortCRL$fShowRevokedCertificate$fEqRevokedCertificateX509StoreCtxX509_STORE_CTX
X509_STORE	X509StorenewX509StorewrapX509StorewithX509StorePtraddCertToStoreaddCRLToStorewithX509StoreCtxPtrwrapX509StoreCtxgetStoreCtxCertgetStoreCtxIssuergetStoreCtxCRLgetStoreCtxChainProtocolErrorConnectionAbruptlyTerminatedSomeSSLExceptionShutdownTypeBidirectionalUnidirectional	SSLResultSSLDoneWantRead	WantWritesslFd	sslSocketSSL_VerificationMode
VerifyNone
VerifyPeervpFailIfNoPeerCertvpClientOnce
vpCallbackSSLContext_contextwithContextcontextAddOptioncontextRemoveOptioncontextSetPrivateKeycontextSetCertificatecontextSetPrivateKeyFilecontextSetCertificateFilecontextSetCertificateChainFilecontextSetCipherscontextSetDefaultCipherscontextCheckPrivateKeycontextSetVerificationModecontextSetDefaultVerifyPathscontextSetCAFilecontextSetCADirectorycontextGetCAStorecontextSetSessionIdContext
connectionfdConnectionwithSSL	addOptionremoveOptionsetTlsextHostNameenableHostnameValidationaccept	tryAcceptconnect
tryConnectreadtryReadreadPtr
tryReadPtrwritetryWritewritePtrtryWritePtrlazyRead	lazyWriteshutdowntryShutdowngetPeerCertificategetVerifyResult$fExceptionSomeSSLException$fShowSomeSSLException'$fExceptionConnectionAbruptlyTerminated$fExceptionProtocolError$fShowProtocolError$fEqProtocolError"$fShowConnectionAbruptlyTerminated $fEqConnectionAbruptlyTerminated$fEqShutdownType$fShowShutdownType$fEqSSLResult$fShowSSLResult$fFunctorSSLResult$fFoldableSSLResult$fTraversableSSLResultPkcs7VerifyStatusPkcs7VerifySuccessPkcs7VerifyFailure	Pkcs7Flag	Pkcs7TextPkcs7NoCertsPkcs7NoSigsPkcs7NoChainPkcs7NoInternPkcs7NoVerifyPkcs7DetachedPkcs7BinaryPkcs7NoAttrPkcs7NoSmimeCapPkcs7NoOldMimeTypePkcs7CRLFEOLPKCS7Pkcs7wrapPkcs7PtrwithPkcs7Ptr	pkcs7Signpkcs7Verifypkcs7Encryptpkcs7Decrypt
writeSmime	readSmime$fShowPkcs7VerifyStatus$fEqPkcs7VerifyStatus$fShowPkcs7Flag$fEqPkcs7FlagPemX509ReqFormatReqNewFormatReqOldFormatPemPasswordSupplyPwNonePwStrPwBS
PwCallbackPwTTYPemPasswordRWStatePwReadPwWritePemPasswordCallbackwritePKCS8PrivateKeyreadPrivateKeywritePublicKeyreadPublicKey	writeX509readX509writeX509ReqreadX509ReqwriteCRLreadCRL
writePkcs7	readPkcs7writeDHParamsreadDHParamsDH_
withDHPPtrwrapDHPPtrWith
wrapDHPPtr	withDHPtrwrapDHPtrWith	wrapDHPtrasDHasDHP	peekErrorgetErrorerrorStringObjNameTypeMDMethodTypeCipherMethodTypePKeyMethodTypeCompMethodTypegetObjNamesoptionToIntegralSTACKmapStack	withStackwithForeignStacktoHexfromHex
failIfNullfailIfNull_failIffailIf_raiseOpenSSLErrorpeekCStringCLenbase	GHC.MaybeNothingGHC.ForeignPtr
ForeignPtrinteger-wired-inGHC.Integer.TypeIntegerBIObioPush==><==bioJoinbioFlushbioResetbioEOFbioRead	bioReadBS
bioReadLBSbioGets	bioGetsBS
bioGetsLBSbioWrite
bioWriteBSbioWriteLBS	newBase64	newBuffernewMemnewConstMemnewConstMemBSnewConstMemLBS
newNullBIOBIO_
wrapBioPtr
withBioPtrwithBioPtr'	ASN1_TIMEASN1_INTEGERASN1_STRINGASN1_OBJECTobj2nidnid2snnid2lnpeekASN1StringpeekASN1IntegerwithASN1IntegerpeekASN1TimewithASN1Time	X509_NAMEallocaX509NamewithX509NamepeekX509Name