╬ї│h,  їW  чМД                   	  
                                               !  "  #  $  %  &  '  (  )  *  +  ,  -  .  /  0  1  2  3  4  5  6  7  8  9  :  ;  <  =  >  ?  @  A  B  C  D  E  F  G  H  I  J  K  L  M  N  O  P  Q  R  S  T  U  V  W  X  Y  Z  [  \  ]  ^  _  `  a  b  c  d  e  f  g  h  i  j  k  l  m  n  o  p  q  r  s  t  u  v  w  x  y  z  {  |  }  ~    А  Б  В  	Г  	Д  	Е  	Ж  	З  	И  	Й  	К  
Л  
М  
Н  
О  
П  
Р  
С  
Т  
У  
Ф  
Х  
Ц  
Ч  
Ш  
Щ  
Ъ  
Ы  
Ь  
Э  Ю  Я  а  б  в  г  д  е  ж  з  и  й  к  л  м  н  о  п  ░  ▒  ▓  │  ┤  ╡  ╢  ╖  ╕  ╣  ║  ╗  ╝  ╜  ╛  ┐  └  ┴  ┬  ├  ─  ┼  ╞  ╟  ╚  ╔  ╩  ╦  ╠  ═  ╬  ╧  ╨  ╤  ╥  ╙  ╘  ╒  ╓  ╫  ╪  ┘  ┌  █  ▄  ▌  ▐  ▀  р  с  т  у  ф  х  ц  ч  ш  щ  ъ  ы  ь  э  ю  я  Ё  ё  Є  є  Ї  ї  Ў  ў  °  ∙  ·  √  №  ¤  ■     А  Б  В  Г  Д  Е  Ж  З  И  Й  К  Л  М  Н  О  П  Р  С  Т  У  Ф  Х  Ц  Ч  Ш  Щ  Ъ  Ы  Ь  Э  Ю  Я  а  б  в  г  д  е  ж  з  и  й  к  л  м  н  о  п  ░  ▒  ▓  │  ┤  ╡  ╢  ╖  ╕  ╣  ║  ╗  ╝  ╜  ╛  ┐  └  ┴  ┬  ├  ─  ┼  ╞  ╟  ╚  ╔  ╩  ╦  ╠  ═  ╬  ╧  ╨  ╤  ╥  ╙  ╘  ╒  ╓  ╫  ╪  ┘  ┌  █  ▄  ▌  ▐  ▀  р  с  т  у  ф  х  ц  ч  ш  щ  ъ  ы  ь  э  ю  я  Ё  ё  Є  є  Ї  ї  Ў  ў  °  ∙  ·  √  №  ¤  ■     А  Б  В  Г  Д  Е  Ж  З  И  Й  К  Л  М  Н  О  П  Р  С  Т  У  Ф  Х  Ц  Ч  Ш  Щ  Ъ  Ы  Ь  Э  Ю  Я  а  б  в  г  д  е  ж  з  и  й  к  л  м  н  о  п  ░  ▒  ▓  │  ┤  ╡  ╢  ╖  ╕  ╣  ║  ╗  ╝  ╜  ╛  ┐  └  ┴  ┬  ├  ─  ┼  ╞  ╟  ╚  ╔  ╩  ╦  ╠  ═  ╬  ╧  ╨  ╤  ╥  ╙  ╘  ╒  ╓  ╫  ╪  ┘  ┌  █  ▄  ▌  ▐  ▀  р  с  т  у  ф  х  ц  ч  ш  щ  ъ  ы  ь  э  ю  я  Ё  ё  Є  є  Ї  ї  Ў  ў  °  ∙  ·  √  №  ¤  ■     А  Б  В  Г  0.11.7.7!         None     	HsOpenSSLComputation of    action= initializes the OpenSSL
 library as necessary, and computes action┌ . Every application that
 uses HsOpenSSL must wrap any operations involving OpenSSL with
   , or they might crash:╥ module Main where
import OpenSSL

main :: IO ()
main = withOpenSSL $
       do ...Since 0.10.3.5,   О is safe to be applied
 redundantly. Library authors may wish to wrap their functions not
 to force their users to think about initialization:╤ get :: URI -> IO Response
get uri = withOpenSSL $ internalImplementationOfGet uri               Safe-Inferred   >   ДЕЖЗИЙКЛМ            Safe-Inferred  {   НОП            None   Y 	HsOpenSSL  str╡ lazilly encodes a stream of data to
 Base64. The string doesn't have to be finite. Note that the string
 must not contain any letters which aren't in the range of U+0000 -
 U+00FF. 	HsOpenSSL  bs, strictly encodes a chunk of data to Base64. 	HsOpenSSL  lbs╙  lazilly encodes a stream of data to
 Base64. The string doesn't have to be finite. 	HsOpenSSL  str╒  lazilly decodes a stream of data from
 Base64. The string doesn't have to be finite. 	HsOpenSSL  bs/ strictly decodes a chunk of data from
 Base64. 	HsOpenSSL  lbs╒  lazilly decodes a stream of data from
 Base64. The string doesn't have to be finite.             Safe-Inferred  Н   РСТУФХ            Safe-Inferred7  "Р$	 	HsOpenSSL¤ The behaviour of the SSL library can be changed by setting
 several options. During a handshake, the option settings of the
   object are used. When a new
   object is created from a
  4, the current option setting is
 copied. Changes to    do not affect
 already created  	 objects.
 	HsOpenSSL.As of OpenSSL 1.0.0 this option has no effect. 	HsOpenSSL.As of OpenSSL 1.0.0 this option has no effect. 	HsOpenSSL;As of OpenSSL 0.9.8q and 1.0.0c, this option has no effect. 	HsOpenSSL:As of OpenSSL 1.0.1h and 1.0.2, this option has no effect. 	HsOpenSSL.As of OpenSSL 1.1.0 this option has no effect. 	HsOpenSSLОDon't prefer ECDHE-ECDSA ciphers when the client appears to
 be Safari on OS X. OS X 10.8..10.8.3 has broken support for
 ECDHE-ECDSA ciphers. 	HsOpenSSL.As of OpenSSL 1.1.0 this option has no effect. 	HsOpenSSL.As of OpenSSL 1.1.0 this option has no effect. 	HsOpenSSL.As of OpenSSL 1.1.0 this option has no effect. 	HsOpenSSL▀Disables a countermeasure against a SSL 3.0/TLS 1.0
 protocol vulnerability affecting CBC ciphers, which cannot be
 handled by some broken SSL implementations. This option has
 no effect for connections using other ciphers. 	HsOpenSSLаAdds a padding extension to ensure the ClientHello size is
 never between 256 and 511 bytes in length. This is needed as
 a workaround for some implementations. 	HsOpenSSLDefault set of options 	HsOpenSSL*Disable version rollback attack detection.ЙDuring the client key exchange, the client must send the same
 information about acceptable SSL/TLS protocol levels as
 during the first hello. Some clients violate this rule by
 adapting to the server's answer. (Example: the client sends a
 SSLv2 hello and accepts up to SSLv3.1=TLSv1, the server only
 understands up to SSLv3. In this case the client must still
 use the same SSLv3.1=TLSv1 announcement. Some clients step
 down to SSLv3 with respect to the server's answer and violate
 the version rollback protection.) 	HsOpenSSL.As of OpenSSL 1.1.0 this option has no effect. 	HsOpenSSL:As of OpenSSL 1.0.1k and 1.0.2, this option has no effect. 	HsOpenSSLЄWhen choosing a cipher, use the server's preferences
 instead of the client preferences. When not set, the SSL
 server will always follow the clients preferences. When set,
 the SSLv3/TLSv1 server will choose following its own
 preferences. Because of the different protocol, for SSLv2 the
 server will send its list of preferences to the client and
 the client chooses. 	HsOpenSSL.As of OpenSSL 1.0.1 this option has no effect. 	HsOpenSSL.As of OpenSSL 1.0.1 this option has no effect. 	HsOpenSSL.As of OpenSSL 1.1.0 this option has no effect. 	HsOpenSSL.As of OpenSSL 1.1.0 this option has no effect. 	HsOpenSSL.As of OpenSSL 1.1.0 this option has no effect. 	HsOpenSSL╬ Do not use the SSLv3 protocol.
 As of OpenSSL 1.1.0, this option is deprecated  	HsOpenSSL╬ Do not use the TLSv1 protocol.
 As of OpenSSL 1.1.0, this option is deprecated! 	HsOpenSSL╨ Do not use the TLSv1.1 protocol.
 As of OpenSSL 1.1.0, this option is deprecated" 	HsOpenSSL╨ Do not use the TLSv1.2 protocol.
 As of OpenSSL 1.1.0, this option is deprecated# 	HsOpenSSL╨ Do not use the TLSv1.3 protocol.
 As of OpenSSL 1.1.0, this option is deprecated$ 	HsOpenSSL╧ Do not use the DTLSv1 protocol.
 As of OpenSSL 1.1.0, this option is deprecated% 	HsOpenSSL╤ Do not use the DTLSv1.2 protocol.
 As of OpenSSL 1.1.0, this option is deprecated& 	HsOpenSSL┐When performing renegotiation as a server, always start a
 new session (i.e., session resumption requests are only
 accepted in the initial handshake). This option is not needed
 for clients.' 	HsOpenSSL╧ Normally clients and servers will, where possible,
 transparently make use of
 "http://tools.ietf.org/html/rfc4507RFC 4507+ tickets for
 stateless session resumption.щ If this option is set this functionality is disabled and
 tickets will not be used by clients or servers.( 	HsOpenSSL▄ Allow legacy insecure renegotiation between OpenSSL and
 unpatched clients or servers. See
 ╬ https://www.openssl.org/docs/ssl/SSL_CTX_set_options.html#secure_renegotiationSECURE RENEGOTIATION
 for more details.) 	HsOpenSSL╪ Allow legacy insecure renegotiation between OpenSSL and
 unpatched servers _only_. See
 ╬ https://www.openssl.org/docs/ssl/SSL_CTX_set_options.html#secure_renegotiationSECURE RENEGOTIATION
 for more details.* 	HsOpenSSL╦ Disable Extended master secret.
 Only available on OpenSSL 3.0.0 and later.+ 	HsOpenSSL═ Cleanse plaintext copies of data.
 Only available on OpenSSL 3.0.0 and later., 	HsOpenSSL╟ Enble support for Kernel TLS
 Only available on OpenSSL 3.0.0 and later  3Ц	.3(0+6:/,8-)
17$%4*59&' !"#2             Safe-Inferred  "э   ЧШЩЪ     !       Safe-Inferred   #ГЫ 	HsOpenSSL"Convert an integer to a hex stringЬ 	HsOpenSSL"Convert a hex string to an integer  	ЭЮЯабЬвгЫ            Safe-Inferred  &	; 	HsOpenSSL╬ Return a bytestring consisting of the given number of strongly random
   bytes< 	HsOpenSSL╠ Return a bytestring consisting of the given number of pseudo random
   bytes= 	HsOpenSSLиAdd data to the entropy pool. It's safe to add sensitive information
   (e.g. user passwords etc) to the pool. Also, adding data with an entropy
   of 0 can never hurt.;  	HsOpenSSLthe number of bytes requested<  	HsOpenSSLthe number of bytes requested=  	HsOpenSSL#random data to be added to the pool 	HsOpenSSL3the number of bits of entropy in the first argument =<;;<=           None  )Q	> 	HsOpenSSLInstances of class  >% can be converted back and forth to
  D.? 	HsOpenSSLWrap the key (i.g. RSA) into  C.@ 	HsOpenSSL"Extract the concrete key from the  C. Returns
  д if the type mismatches.A 	HsOpenSSLDo the same as EVP_PKEY_size().B 	HsOpenSSL3Return the default digesting algorithm for the key.D 	HsOpenSSLVaguePKey is a  е to  C╨ , that is either public
 key or a ker pair. We can't tell which at compile time.M 	HsOpenSSLDigest┼  is an opaque object that represents an algorithm of
 message digest.O 	HsOpenSSL
CryptoMode represents instruction to cipher and such like.V 	HsOpenSSLCipher╟  is an opaque object that represents an algorithm of
 symmetric cipher.^ 	HsOpenSSLkey 	HsOpenSSLIV 6`^Yb]a_ogfihelmkZsr[Xdjc\pqnVWSTOQPMNJKURLICFGH>@BA?DE6VWUXYSTRZ[\OPQ]^_`abMNLcJKIdefghiGHFjklmDEC>?@ABonpqrs           None   -|t 	HsOpenSSL t name3 returns a message digest algorithm whose
 name is name-. If no algorithms are found, the result is
 Nothing.u 	HsOpenSSL u6 returns a list of name of message digest
 algorithms.v 	HsOpenSSL vЄ  digests a stream of data. The string must
 not contain any letters which aren't in the range of U+0000 -
 U+00FF.w 	HsOpenSSL w digests a chunk of data.x 	HsOpenSSL x digests a stream of data.y 	HsOpenSSL╟ Perform a private key signing using the HMAC template with a given hash{ 	HsOpenSSL┴ Calculate a PKCS5-PBKDF2 SHA1-HMAC suitable for password hashing.y  	HsOpenSSL0the hash function to use in the HMAC calculation 	HsOpenSSLthe HMAC key 	HsOpenSSLthe data to be signed 	HsOpenSSLresulting HMAC{  	HsOpenSSLpassword 	HsOpenSSLsalt 	HsOpenSSL
iterations 	HsOpenSSLdestination key length 	HsOpenSSLdestination key 	vwxtuyz{M	Mtuvwxyz{           None   3=| 	HsOpenSSL | name5 returns a symmetric cipher algorithm
 whose name is name-. If no algorithms are found, the result is
 Nothing.} 	HsOpenSSL }8 returns a list of name of symmetric cipher
 algorithms.~ 	HsOpenSSL┼ Encrypt a lazy bytestring in a strict manner. Does not leak the keys. 	HsOpenSSL ш  lazilly encrypts or decrypts a stream of data. The
 input string doesn't necessarily have to be finite.А 	HsOpenSSL А/ strictly encrypts or decrypts a chunk of data.Б 	HsOpenSSL Бш  lazilly encrypts or decrypts a stream of data. The
 input string doesn't necessarily have to be finite.~  	HsOpenSSLCipher 	HsOpenSSLKey 	HsOpenSSLIV 	HsOpenSSLEncrypt/Decrypt 	HsOpenSSLInput  	HsOpenSSLalgorithm to use 	HsOpenSSLsymmetric key 	HsOpenSSLIV 	HsOpenSSL	operation 	HsOpenSSLМAn input string to encrypt/decrypt. Note
   that the string must not contain any letters
   which aren't in the range of U+0000 -
   U+00FF. 	HsOpenSSLthe result stringА  	HsOpenSSLalgorithm to use 	HsOpenSSLsymmetric key 	HsOpenSSLIV 	HsOpenSSL	operation 	HsOpenSSLinput string to encrypt/decrypt 	HsOpenSSLthe result stringБ  	HsOpenSSLalgorithm to use 	HsOpenSSLsymmetric key 	HsOpenSSLIV 	HsOpenSSL	operation 	HsOpenSSLinput string to encrypt/decrypt 	HsOpenSSLthe result string 
АБ~|}VOQP
V|}OPQАБ~    	       None  5'Ж 	HsOpenSSL<Construct a new context which holds the key schedule and IV.З 	HsOpenSSLя Encrypt some number of blocks using CBC. This is an IO function because
   the context is destructivly updated.Ж  	HsOpenSSL)For CTR mode, this must always be Encrypt 	HsOpenSSLKey: 128, 192 or 256 bits long 	HsOpenSSLIV: 16 bytes longЗ  	HsOpenSSLcontext 	HsOpenSSL0input, must be multiple of block size (16 bytes) ЗЖВГЕДГДЕВЖЗ    
       None  ;╝Л 	HsOpenSSL Л/ is an opaque object representing a big number.М 	HsOpenSSL М f allocates a  Л and computes f. Then it
 frees the  Л.П 	HsOpenSSLConvert a BIGNUM to an  ж.Р 	HsOpenSSLReturn a new, alloced BIGNUM.С 	HsOpenSSL С n f converts n to a  Л and computes f. Then it
 frees the  Л.Т 	HsOpenSSLThis is an alias to  П.У 	HsOpenSSLThis is an alias to  Р.з 	HsOpenSSLкConvert a BigNum to an MPI: a serialisation of large ints which has a
   4-byte, big endian length followed by the bytes of the number in
   most-significant-first order.и 	HsOpenSSL├ Convert an MPI into a BigNum. See bnToMPI for details of the formatФ 	HsOpenSSL8Convert an Integer to an MPI. See bnToMPI for the formatХ 	HsOpenSSL8Convert an MPI to an Integer. See bnToMPI for the formatЦ 	HsOpenSSL Ц a p m
 computes a to the p-th power modulo m.Ч 	HsOpenSSLш Return a strongly random number in the range 0 <= x < n where the given
   filter function returns true.Ш 	HsOpenSSL▀ Return a random number in the range 0 <= x < n where the given
   filter function returns true.Щ 	HsOpenSSL7Return a strongly random number in the range 0 <= x < nЪ 	HsOpenSSL6Return a strongly random number in the range 0 < x < nЫ 	HsOpenSSL.Return a random number in the range 0 <= x < nЬ 	HsOpenSSL-Return a random number in the range 0 < x < nЧ  	HsOpenSSLa filter function 	HsOpenSSLone plus the upper limitШ  	HsOpenSSLa filter function 	HsOpenSSLone plus the upper limit МПРФЦХУТЬШЫЪЧЩНСОКЛЛКМСУОНТРПФХЦЧШЩЫЪЬ          None7  EЭ 	HsOpenSSL Э╘  represents a callback function to get
 informed the progress of RSA key generation.callback 0 i  is called after generating the i-th potential
   prime number.0While the number is being tested for primality, callback 1 j is
   called after the j-th iteration (j = 0, 1, ...).	When the n╔ -th randomly generated prime is rejected as not
   suitable for the key, callback 2 n is called.When a random p has been found with p-1 relatively prime to
   e, it is called as callback 3 0.'The process is then repeated for prime q with callback 3 1.Ю 	HsOpenSSL Ю a is either  з or  ж.Я 	HsOpenSSL Я key returns the length of key.а 	HsOpenSSL а key' returns the public modulus of the key.б 	HsOpenSSL б key( returns the public exponent of the key.ж 	HsOpenSSL ж1 is an opaque object that represents RSA keypair.з 	HsOpenSSL з4 is an opaque object that represents RSA public key.и 	HsOpenSSL6Make a copy of the public parameters of the given key.к 	HsOpenSSL к generates an RSA keypair.л 	HsOpenSSLA simplified alternative to  км 	HsOpenSSL м privKey) returns the private exponent of the key.н 	HsOpenSSL н privkey! returns the secret prime factor p of the key.о 	HsOpenSSL о privkey! returns the secret prime factor q of the key.п 	HsOpenSSL п privkey	 returns d mod (p-1) of the key.░ 	HsOpenSSL ░ privkey	 returns d mod (q-1) of the key.▒ 	HsOpenSSL ▒ privkey	 returns 
q^-1 mod p of the key.к  	HsOpenSSL╠ The number of bits of the public modulus
   (i.e. key size). Key sizes with n <
   1024 should be considered insecure. 	HsOpenSSL╞ The public exponent. It is an odd
   number, typically 3, 17 or 65537. 	HsOpenSSLA callback function. 	HsOpenSSLThe generated keypair.л  	HsOpenSSL╠ The number of bits of the public modulus
   (i.e. key size). Key sizes with n <
   1024 should be considered insecure. 	HsOpenSSL╞ The public exponent. It is an odd
   number, typically 3, 17 or 65537. 	HsOpenSSLThe generated keypair. "┤ #│ $▓климп░▒йноеЭЮдгбаЯвжзЮдвЯабг▓│┤зжеЭклмноп░▒ий          None  Hlй 	HsOpenSSL<Generate a function that decodes a key from ASN.1 DER formatк 	HsOpenSSL:Generate a function that encodes a key in ASN.1 DER format╜ 	HsOpenSSL%Dump a public key to ASN.1 DER format╛ 	HsOpenSSL(Parse a public key from ASN.1 DER format┐ 	HsOpenSSL&Dump a private key to ASN.1 DER format└ 	HsOpenSSL)Parse a private key from ASN.1 DER format╜  	HsOpenSSLYou can pass either  з or  ж3
   because both contain the necessary information. 	HsOpenSSL/The public key information encoded in ASN.1 DER└  	HsOpenSSL0The private key information encoded in ASN.1 DER 	HsOpenSSLThis can return either  з or
    ж4 because thereЩ@s sufficient
   information for both. └╛┐╜╜╛┐└           None7  P═┴ 	HsOpenSSL ┴ a is either  ╠ or  ╦.┬ 	HsOpenSSLReturn the length of key.├ 	HsOpenSSL*Return the public prime number of the key.─ 	HsOpenSSL$Return the public 160-bit subprime, 	q | p - 1 of the key.┼ 	HsOpenSSL3Return the public generator of subgroup of the key.╞ 	HsOpenSSLReturn the public key y = g^x.╦ 	HsOpenSSL╦ The type of a DSA keypair, includes parameters p, q, g, public and private.╠ 	HsOpenSSL┼ The type of a DSA public key, includes parameters p, q, g and public.═ 	HsOpenSSL╛Generate DSA parameters (*not* a key, but required for a key). This is a
   compute intensive operation. See FIPS 186-2, app 2. This agrees with the
   test vectors given in FIP 186-2, app 5╬ 	HsOpenSSL2Generate a new DSA keypair, given valid parameters╧ 	HsOpenSSLReturn the private key x.╨ 	HsOpenSSL┘ Convert a DSAPubKey object to a tuple of its members in the
   order p, q, g, and public.╤ 	HsOpenSSLт Convert a DSAKeyPair object to a tuple of its members in the
   order p, q, g, public and private.╥ 	HsOpenSSL:Convert a tuple of members (in the same format as from
    ╨) into a DSAPubKey object╙ 	HsOpenSSL:Convert a tuple of members (in the same format as from
    ╨) into a DSAPubKey object╘ 	HsOpenSSLПA utility function to generate both the parameters and the key pair at the
   same time. Saves serialising and deserialising the parameters too╒ 	HsOpenSSLжSign pre-digested data. The DSA specs call for SHA1 to be used so, if you
   use anything else, YMMV. Returns a pair of Integers which, together, are
   the signature╓ 	HsOpenSSL+Verify pre-digested data given a signature.═  	HsOpenSSL;The number of bits in the generated prime: 512 <= x <= 1024 	HsOpenSSL*optional seed, its length must be 20 bytes 	HsOpenSSL+(iteration count, generator count, p, q, g)╬  	HsOpenSSLp 	HsOpenSSLq 	HsOpenSSLg╘  	HsOpenSSL;The number of bits in the generated prime: 512 <= x <= 1024 	HsOpenSSL*optional seed, its length must be 20 bytes %┌ &╪ '█ (┘ )╫╤╧╨╬═╘╒╙╥╓╩┴╔┼├╞─┬╚╟╦╠┴┬╟├─┼╞╚╔╫╪┘┌█╠╦╩═╬╘╒╓╧╨╤╥╙          None7╩ ╪ ▌   T╙ф 	HsOpenSSLё This is an opaque type to hold an arbitrary keypair in it. The
 actual key type can be safelly type-casted using  ш.х 	HsOpenSSLЇ This is an opaque type to hold an arbitrary public key in it. The
 actual key type can be safelly type-casted using  ы.ц 	HsOpenSSL╬ Instances of this class has both of public and private portions of
 a keypair.ч 	HsOpenSSL0Wrap an arbitrary keypair into polymorphic type  ф.ш 	HsOpenSSLCast from the polymorphic type  ф to the concrete
 type. Return  д if failed.щ 	HsOpenSSLЁ Instances of this class has at least public portion of a
 keypair. They might or might not have the private key.ъ 	HsOpenSSL4Wrap an arbitrary public key into polymorphic type
  х.ы 	HsOpenSSLCast from the polymorphic type  х to the concrete
 type. Return  д if failed.  *∙ +Ё ,· -ёцчшщъыфхщъыЁёцчш∙·хф           None7  YБ 	HsOpenSSL Б% represents a result of verification.Д 	HsOpenSSL ДГ verifies a signature and a stream of data. The string
 must not contain any letters which aren't in the range of U+0000 -
 U+00FF.Е 	HsOpenSSL Е* verifies a signature and a chunk of data.Ж 	HsOpenSSL Ж* verifies a signature of a stream of data.Д  	HsOpenSSLmessage digest algorithm to use 	HsOpenSSLmessage signature 	HsOpenSSL"public key to verify the signature 	HsOpenSSLinput string to verify 	HsOpenSSLthe result of verificationЕ  	HsOpenSSLmessage digest algorithm to use 	HsOpenSSLmessage signature 	HsOpenSSL"public key to verify the signature 	HsOpenSSLinput string to verify 	HsOpenSSLthe result of verificationЖ  	HsOpenSSLmessage digest algorithm to use 	HsOpenSSLmessage signature 	HsOpenSSL"public key to verify the signature 	HsOpenSSLinput string to verify 	HsOpenSSLthe result of verification ДЕЖБГВБВГДЕЖ           None   \WЙ 	HsOpenSSL ЙЕ generates a signature from a stream of data. The string
 must not contain any letters which aren't in the range of U+0000 -
 U+00FF.К 	HsOpenSSL К, generates a signature from a chunk of data.Л 	HsOpenSSL Л- generates a signature from a stream of data.Й  	HsOpenSSLmessage digest algorithm to use 	HsOpenSSL&private key to sign the message digest 	HsOpenSSLinput string 	HsOpenSSLthe result signatureК  	HsOpenSSLmessage digest algorithm to use 	HsOpenSSL&private key to sign the message digest 	HsOpenSSLinput string 	HsOpenSSLthe result signatureЛ  	HsOpenSSLmessage digest algorithm to use 	HsOpenSSL&private key to sign the message digest 	HsOpenSSLinput string 	HsOpenSSLthe result signature ЙКЛЙКЛ           None  a-М 	HsOpenSSL М▄  lazilly encrypts a stream of data. The input string
 doesn't necessarily have to be finite.Н 	HsOpenSSL Н# strictly encrypts a chunk of data.О 	HsOpenSSL О▄  lazilly encrypts a stream of data. The input string
 doesn't necessarily have to be finite.М  	HsOpenSSL!symmetric cipher algorithm to use 	HsOpenSSLЗA list of public keys to encrypt a
   symmetric key. At least one public key
   must be supplied. If two or more keys are
   given, the symmetric key are encrypted by
   each public keys so that any of the
   corresponding private keys can decrypt
   the message. 	HsOpenSSLinput string to encrypt 	HsOpenSSL:(encrypted string, list of encrypted asymmetric
 keys, IV)Н  	HsOpenSSL!symmetric cipher algorithm to use 	HsOpenSSL1list of public keys to encrypt a
   symmetric key 	HsOpenSSLinput string to encrypt 	HsOpenSSL:(encrypted string, list of encrypted asymmetric
 keys, IV)О  	HsOpenSSL!symmetric cipher algorithm to use 	HsOpenSSL1list of public keys to encrypt a
   symmetric key 	HsOpenSSLinput string to encrypt 	HsOpenSSL:(encrypted string, list of encrypted asymmetric
 keys, IV) МНОМНО           None   eКП 	HsOpenSSL П▄  lazilly decrypts a stream of data. The input string
 doesn't necessarily have to be finite.Р 	HsOpenSSL Р decrypts a chunk of data.С 	HsOpenSSL С▄  lazilly decrypts a stream of data. The input string
 doesn't necessarily have to be finite.П  	HsOpenSSL!symmetric cipher algorithm to use 	HsOpenSSL3encrypted symmetric key to decrypt the input string 	HsOpenSSLIV 	HsOpenSSL(private key to decrypt the symmetric key 	HsOpenSSLinput string to decrypt 	HsOpenSSLdecrypted stringР  	HsOpenSSL!symmetric cipher algorithm to use 	HsOpenSSL3encrypted symmetric key to decrypt the input string 	HsOpenSSLIV 	HsOpenSSL(private key to decrypt the symmetric key 	HsOpenSSLinput string to decrypt 	HsOpenSSLdecrypted stringС  	HsOpenSSL!symmetric cipher algorithm to use 	HsOpenSSL3encrypted symmetric key to decrypt the input string 	HsOpenSSLIV 	HsOpenSSL(private key to decrypt the symmetric key 	HsOpenSSLinput string to decrypt 	HsOpenSSLdecrypted string ПРСПРС           None   ggХ 	HsOpenSSL Х gen n generates n-bit long DH parameters.Ц 	HsOpenSSL#Get DH parameters length (in bits).Ч 	HsOpenSSL&Check that DH parameters are coherent.Ш 	HsOpenSSL╚ The first step of a key exchange. Public and private keys are generated.Щ 	HsOpenSSL!Get parameters of a key exchange.Ъ 	HsOpenSSLGet the public key.Ы 	HsOpenSSL:Compute the shared key using the other party's public key.  ЧЫШХЦЩЪТУФТУФХЦЧШЩЪЫ    .       None  {╫л 	HsOpenSSLBIO is a 
ForeignPtr= to an opaque BIO object. They are created by newXXX actions.м 	HsOpenSSLComputation of  м a b
 connects b behind a.Example: do b64 <- newBase64 True
   mem <- newMem
   bioPush b64 mem

   -- Encode some text in Base64 and write the result to the
   -- memory buffer.
   bioWrite b64 "Hello, world!"
   bioFlush b64

   -- Then dump the memory buffer.
   bioRead mem >>= putStrLnн 	HsOpenSSLa  н b is an alias to  м a b.о 	HsOpenSSLa  о b is an alias to  м b a.п 	HsOpenSSL п [bio1, bio2, ..] connects many BIOs at once.░ 	HsOpenSSL ░ bioВ normally writes out any internally buffered data,
 in some cases it is used to signal EOF and that no more data will
 be written.▒ 	HsOpenSSL ▒ bio. typically resets a BIO to some initial state.▓ 	HsOpenSSL ▓ bio returns 1 if bio╠  has read EOF, the precise
 meaning of EOF varies according to the BIO type.│ 	HsOpenSSL │ bio lazily reads all data in bio.┤ 	HsOpenSSL ┤ bio len attempts to read len bytes from bio╦ ,
 then return a ByteString. The actual length of result may be less
 than len.╡ 	HsOpenSSL ╡ bio lazily reads all data in bio , then return a
 LazyByteString.╢ 	HsOpenSSL ╢ bio len2 normally attempts to read one line of data
 from bio of maximum length len5. There are exceptions to this
 however, for example  ╢╓  on a digest BIO will calculate and
 return the digest and other BIOs may not support  ╢ at all.╖ 	HsOpenSSL ╖ does the same as  ╢ but returns ByteString.╕ 	HsOpenSSL ╕ does the same as  ╢ but returns
 LazyByteString.╣ 	HsOpenSSL ╣ bio str lazily writes entire str to bio4. The
 string doesn't necessarily have to be finite.║ 	HsOpenSSL ║ bio bs writes bs to bio.╗ 	HsOpenSSL ╗ bio lbs lazily writes entire lbs to bio4. The
 string doesn't necessarily have to be finite.╝ 	HsOpenSSL ╝ noNLК creates a Base64 BIO filter. This is a filter
 bio that base64 encodes any data written through it and decodes any
 data read through it.If noNLц  flag is True, the filter encodes the data all on one line
 or expects the data to be all on one line.Base64 BIOs do not support  ╢. ░Э on a Base64 BIO that is being written through is used to
 signal that no more data is to be encoded: this is used to flush
 the final block through the BIO.╜ 	HsOpenSSL ╜	 mBufSize╦ creates a buffering BIO filter. Data
 written to a buffering BIO is buffered and periodically written to
 the next BIO in the chain. Data read from a buffering BIO comes
 from the next BIO in the chain.Buffering BIOs support  ╢.Calling  ▒- on a buffering BIO clears any buffered data.№Question: When I created a BIO chain like this and attempted to
 read from the buf, the buffering BIO weirdly behaved: BIO_read()
 returned nothing, but both BIO_eof() and BIO_should_retry()
 returned zero. I tried to examine the source code of
 crypto/bio/bf_buff.c but it was too complicated to
 understand. Does anyone know why this happens? The version of
 OpenSSL was 0.9.7l.╢main = withOpenSSL $
       do mem <- newConstMem "Hello, world!"
          buf <- newBuffer Nothing
          mem ==> buf

          bioRead buf >>= putStrLn -- This fails, but why?4I am being depressed for this unaccountable failure.╛ 	HsOpenSSL ╛╗ creates a memory BIO sink/source. Any data written to
 a memory BIO can be recalled by reading from it. Unless the memory
 BIO is read only any data read from it is deleted from the BIO.Memory BIOs support  ╢.Calling  ▒Ы on a read write memory BIO clears any data in
 it. On a read only BIO it restores the BIO to its original state
 and the read only data can be read again. ▓" is true if no data is in the BIO.╛Every read from a read write memory BIO will remove the data just
 read with an internal copy operation, if a BIO contains a lots of
 data and it is read in small chunks the operation can be very
 slow. The use of a read only memory BIO avoids this problem. If the
 BIO must be read write then adding a buffering BIO ( ╜*) to
 the chain will speed up the process.┐ 	HsOpenSSL ┐ str' creates a read-only memory BIO source.└ 	HsOpenSSL └ bs	 is like  ┐ but takes a ByteString.┴ 	HsOpenSSL ┴ lbs	 is like  ┐ but takes a
 LazyByteString.┬ 	HsOpenSSL ┬▀  creates a null BIO sink/source. Data written to
 the null sink is discarded, reads return EOF.ЯA null sink is useful if, for example, an application wishes to
 digest some data by writing through a digest bio but not send the
 digested data anywhere. Since a BIO chain must normally include a
 source/sink BIO this can be achieved by adding a null sink BIO to
 the end of the chain.╜  	HsOpenSSLExplicit buffer size (Just n) or the
 default size (Nothing). он▓░╢╖╕пм│┤╡▒╣║╗╝╜┐└┴╛┬├─┼л╞     /       None   |0   ╟╚╔╩╦╠═╬╧╨╤╥     0       None  |h   ╙╘╒╓            None  З├а 	HsOpenSSL а7 is an opaque object that represents X.509 certificate.в 	HsOpenSSL в┌  creates an empty certificate. You must set the
 following properties to and sign it (see  л#) to actually
 use the certificate.
VersionSee  п.Serial numberSee  ▒.Issuer nameSee  │.Subject nameSee  ╡.ValiditySee  ╖ and  ╣.
Public KeySee  ╗.и 	HsOpenSSL и cert+ writes an X.509 certificate to DER string.й 	HsOpenSSL й der reads in a certificate.к 	HsOpenSSL к cert1 cert2 compares two certificates.л 	HsOpenSSL л0 signs a certificate with an issuer private key.м 	HsOpenSSL м└  verifies a signature of certificate with an issuer
 public key.н 	HsOpenSSL н cert6 translates a certificate into human-readable
 format.о 	HsOpenSSL о certч  returns the version number of certificate. It
 seems the number is 0-origin: version 2 means X.509 v3.п 	HsOpenSSL п	 cert ver+ updates the version number of certificate.░ 	HsOpenSSL ░ cert* returns the serial number of certificate.▒ 	HsOpenSSL ▒	 cert num+ updates the serial number of
 certificate.▓ 	HsOpenSSL ▓( returns the issuer name of certificate.│ 	HsOpenSSL │
 cert nameь  updates the issuer name of
 certificate. Keys of each parts may be of either long form or short
 form. See  ▓.┤ 	HsOpenSSL ┤ cert wantLongName/ returns the subject name of
 certificate. See  ▓.╡ 	HsOpenSSL ╡
 cert name/ updates the subject name of
 certificate. See  │.╢ 	HsOpenSSL ╢ cert; returns the time when the certificate begins
 to be valid.╖ 	HsOpenSSL ╖	 cert utc; updates the time when the certificate
 begins to be valid.╕ 	HsOpenSSL ╕ cert0 returns the time when the certificate
 expires.╣ 	HsOpenSSL ╣	 cert utc0 updates the time when the certificate
 expires.║ 	HsOpenSSL ║ cert7 returns the public key of the subject of
 certificate.╗ 	HsOpenSSL ╗ cert pubkey7 updates the public key of the subject
 of certificate.╝ 	HsOpenSSL ╝ cert; returns every subject email addresses in
 the certificate.л  	HsOpenSSLThe certificate to be signed. 	HsOpenSSLThe private key to sign with. 	HsOpenSSLA hashing algorithm to use. If Nothing┼ 
   the most suitable algorithm for the key
   is automatically used.м  	HsOpenSSLThe certificate to be verified. 	HsOpenSSLThe public key to verify with.▓  	HsOpenSSLThe certificate to examine. 	HsOpenSSLTrue╒  if you want the keys of each parts
   to be of long form (e.g. "commonName"),
   or False if you don't (e.g. "CN"). 	HsOpenSSL%Pairs of key and value,
 for example 0(\"C\",
 \"JP\"), (\"ST\",
 \"Some-State\"), .... к▓╕╢║░╝┤овнй│╣╖╗▒╡плзжмдегиабЯабЯвгдежзийклмноп░▒▓│┤╡╢╖╕╣║╗╝          None  У>╛ 	HsOpenSSL ╛┬  is an opaque object that represents PKCS#10
 certificate request.┐ 	HsOpenSSL ┐т  creates an empty certificate request. You must set
 the following properties to and sign it (see  ┬+) to
 actually use the certificate request.
VersionSee  ╟.Subject NameSee  ╔.
Public KeySee  ╦.┬ 	HsOpenSSL ┬9 signs a certificate request with a subject private
 key.├ 	HsOpenSSL ├╚  verifies a signature of certificate request with
 a subject public key.─ 	HsOpenSSL ─ req> translates a certificate request into
 human-readable format.┼ 	HsOpenSSL ┼ req4 writes a PKCS#10 certificate request to DER string.╞ 	HsOpenSSL ╞ req4 returns the version number of certificate
 request.╟ 	HsOpenSSL ╟ req ver4 updates the version number of certificate
 request.╚ 	HsOpenSSL ╚ req wantLongName7 returns the subject name of
 certificate request. See   1 of
 OpenSSL.X509 .╔ 	HsOpenSSL ╔	 req name7 updates the subject name of
 certificate request. See   2 of
 OpenSSL.X509 .╩ 	HsOpenSSL ╩ req? returns the public key of the subject of
 certificate request.╦ 	HsOpenSSL ╦ req? updates the public key of the subject of
 certificate request.╠ 	HsOpenSSL ╠ req [(nid, str)]E.g., nid 85 = subjectAltName ┴ http://osxr.org:8080/openssl/source/crypto/objects/objects.h#0476 (TODO: more docs; NID type)═ 	HsOpenSSL ═	 req cert╓ creates an empty X.509 certificate
 and copies as much data from the request as possible. The resulting
 certificate doesn't have the following data and it isn't signed so
 you must fill them and sign it yourself.Serial number#Validity (Not Before and Not After)Example:Эimport Data.Time.Clock

genCert :: X509 -> EvpPKey -> Integer -> Int -> X509Req -> IO X509
genCert caCert caKey serial days req
    = do cert <- makeX509FromReq req caCert
         now  <- getCurrentTime
         setSerialNumber cert serial
         setNotBefore cert $ addUTCTime (-1) now
         setNotAfter  cert $ addUTCTime (days * 24 * 60 * 60) now
         signX509 cert caKey Nothing
         return cert╬ 	HsOpenSSL╘ Add Extensions to a certificate (when the Server accepting certs requires it)
 E.g.:НaddExtensionToX509 cert1 87 "CA:FALSE"
addExtensionToX509 cert1 85 "critical,serverAuth, clientAuth" -- when this extension field is critical┬  	HsOpenSSLThe request to be signed. 	HsOpenSSLThe private key to sign with. 	HsOpenSSL"A hashing algorithm to use. If
   Nothing┬  the most suitable algorithm
   for the key is automatically used.├  	HsOpenSSLThe request to be verified. 	HsOpenSSLThe public key to verify with. ╬╠╩╚╞═┐─╦╔╟┬├┴└┼╛╜╛╜┐└┴┬├─┼═╞╟╚╔╩╦╠╬          None7  ЬЦ╧ 	HsOpenSSL ╧╞ represents a revoked certificate in a
 list. Each certificates are supposed to be distinguishable by
 issuer name and serial number, so it is sufficient to have only
 serial number on each entries.╘ 	HsOpenSSL ╘┬  is an opaque object that represents Certificate Revocation
 List.╒ 	HsOpenSSL ╒▐  creates an empty revocation list. You must set the
 following properties to and sign it (see  ╪ї ) to actually use
 the revocation list. If you have any certificates to be listed, you
 must of course add them (see  ф) before signing the list.
VersionSee  ▄.Last UpdateSee  ▐.Next UpdateSee  р.Issuer NameSee  т.╪ 	HsOpenSSL ╪4 signs a revocation list with an issuer private key.┘ 	HsOpenSSL ┘─  verifies a signature of revocation list with an
 issuer public key.┌ 	HsOpenSSL ┌: translates a revocation list into human-readable
 format.█ 	HsOpenSSL █ crl/ returns the version number of revocation list.▄ 	HsOpenSSL ▄ crl ver0 updates the version number of revocation
 list.▌ 	HsOpenSSL ▌ crl┬  returns the time when the revocation list
 has last been updated.▐ 	HsOpenSSL ▐ crl utc┬  updates the time when the revocation
 list has last been updated.▀ 	HsOpenSSL ▀ crl┴  returns the time when the revocation list
 will next be updated.р 	HsOpenSSL р crl utc┴  updates the time when the revocation
 list will next be updated.с 	HsOpenSSL с crl wantLongName2 returns the issuer name of
 revocation list. See   3 of
 OpenSSL.X509 .т 	HsOpenSSL т	 crl name2 updates the issuer name of revocation
 list. See   4 of OpenSSL.X509 .у 	HsOpenSSL у crl* returns the list of revoked certificates.ф 	HsOpenSSL ф crl revoked- add the certificate to the revocation
 list.х 	HsOpenSSL х crl serial' looks up the corresponding revocation.ц 	HsOpenSSL ц crl/ sorts the certificates in the revocation list.╪  	HsOpenSSL!The revocation list to be signed. 	HsOpenSSLThe private key to sign with. 	HsOpenSSLA hashing algorithm to use. If Nothing┼ 
   the most suitable algorithm for the key
   is automatically used. фс▌▀ху█╒┌т▐р▄╪ц┘╫╓╘╧╨╤╥╙╘╙╧╨╥╤╒╓╫╪┘┌ц█▄▌▐▀рстуфх          None  Юsь 	HsOpenSSL ь¤  is an opaque object that represents X.509
 certificate store. The certificate store is usually used for chain
 verification.э 	HsOpenSSL э* creates an empty X.509 certificate store.Ё 	HsOpenSSL Ё store cert adds a certificate to store.ё 	HsOpenSSL ё
 store crl! adds a revocation list to store.  ёЁЎЇўїэЄяюєьщыъьыэюяЁёщъЄєЇїЎў          None'79:;╩ ▌   ┼Y?° 	HsOpenSSL┴ A failure in the SSL library occurred, usually a protocol
 error.· 	HsOpenSSL╫ The peer uncleanly terminated the connection without sending the
 "close notify" alert.√ 	HsOpenSSL/The root exception type for all SSL exceptions.¤ 	HsOpenSSL"wait for the peer to also shutdown■ 	HsOpenSSLonly send our shutdown  	HsOpenSSL┐This is the type of an SSL IO operation. Errors are handled by
 exceptions while everything else is one of these. Note that reading
 from an SSL socket can result in WantWrite and vice versa.А 	HsOpenSSLoperation finished successfullyБ 	HsOpenSSL needs more data from the networkВ 	HsOpenSSL needs more outgoing buffer spaceГ 	HsOpenSSL%This is the type of an SSL connectionКIO with SSL objects is non-blocking and many SSL functions return a error
   code which signifies that it needs to read or write more data. We handle
   these calls and call threadWaitRead and threadWaitWrite at the correct
   times. Thus multiple OS threads can be blockedЩ inside IO in the same SSL
   object at a time, because they aren't really in the SSL object, they are
   waiting for the RTS to wake the Haskell thread.Д 	HsOpenSSL+Get the socket underlying an SSL connectionЕ 	HsOpenSSLGet the underlying socket FdЗ 	HsOpenSSLSee 7http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html К 	HsOpenSSLoptional callbackЛ 	HsOpenSSL only request once per connectionМ 	HsOpenSSLis a certificate requiredН 	HsOpenSSLтAn SSL context. Contexts carry configuration such as a server's private
   key, root CA certiifcates etc. Contexts are stateful IO objects; they
   start empty and various options are set on them by the functions in this
   module. Note that an empty context will pretty much cause any operation to
   fail since it doesn't even have any ciphers enabled.П 	HsOpenSSLCreate a new SSL context.Р 	HsOpenSSL╪ Run the given action with the raw context pointer and obtain the lock
   while doing so.С 	HsOpenSSL%Add a protocol option to the context.Т 	HsOpenSSL*Remove a protocol option from the context.У 	HsOpenSSL%Install a private key into a context.Ф 	HsOpenSSL2Install a certificate (public key) into a context.Х 	HsOpenSSL╨Install a private key file in a context. The key is given as a path to the
   file which contains the key. The file is parsed first as PEM and, if that
   fails, as ASN1. If both fail, an exception is raised.Ц 	HsOpenSSL▌Install a certificate (public key) file in a context. The key is given as
   a path to the file which contains the key. The file is parsed first as PEM
   and, if that fails, as ASN1. If both fail, an exception is raised.Ч 	HsOpenSSLШInstall a certificate chain in a context. The certificates must be in PEM
 format and must be sorted starting with the subject's certificate (actual
 client or server certificate), followed by intermediate CA certificates if
 applicable, and ending at the highest level (root) CA.Ш 	HsOpenSSL■ Set the ciphers to be used by the given context. The string argument is a
   list of ciphers, comma separated, as given at
   └ https://www.openssl.org/docs/manmaster/man1/openssl-ciphers.html .ш Unrecognised ciphers are ignored. If no ciphers from the list are
   recognised, an exception is raised.Щ 	HsOpenSSLSet the ciphers to DEFAULT .Ъ 	HsOpenSSLщ Return true iff the private key installed in the given context matches the
   certificate also installed.Ь 	HsOpenSSLРSpecifies that the default locations from which CA certificates are loaded
 should be used. There is one default directory and one default file.╣The default CA certificates directory is called "certs" in the default OpenSSL
 directory. Alternatively the SSL_CERT_DIR environment variable can be defined
 to override this location.╕The default CA certificates file is called "cert.pem" in the default OpenSSL
 directory. Alternatively the SSL_CERT_FILE environment
 variable can be defined to override this location.See ╤ https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_default_verify_paths.html  for
 more information.Э 	HsOpenSSLэ Set the location of a PEM encoded list of CA certificates to be used when
   verifying a server's certificateЮ 	HsOpenSSLю Set the path to a directory which contains the PEM encoded CA root
   certificates. This is an alternative to  Э	. See
   ┬ http://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html ) for
   details of the file naming schemeЯ 	HsOpenSSL╫ Get a reference to, not a copy of, the X.509 certificate storage
   in the SSL context.а 	HsOpenSSL┬ Set context within which session can be reused (server side only).РIf client certificates are used and the session id context is not set,
 attempts by the clients to reuse a session will make the handshake fail.в 	HsOpenSSLЖThe key logging callback is called with a String "line". The line is a
 string containing the key material in the format used by NSS for its
 SSLKEYLOGFILE debugging output. To recreate that file, the key logging
 callback should log line, followed by a newline.╓ FIXME: Not re-entrant (ignores previous callback and resets it to
 nullFunPtr on exit)г 	HsOpenSSLТWrap a Socket in an SSL connection. Reading and writing to the Socket
   after this will cause weird errors in the SSL code. The SSL object
   carries a handle to the Socket so you need not worry about the garbage
   collector closing the file descriptor out from under you.д 	HsOpenSSL&Wrap a socket Fd in an SSL connection.е 	HsOpenSSL─ Run continuation with exclusive access to the underlying SSL object.ж 	HsOpenSSL,Add a protocol option to the SSL connection.з 	HsOpenSSL1Remove a protocol option from the SSL connection.и 	HsOpenSSL.Set host name for Server Name Indication (SNI)й 	HsOpenSSL%Enable hostname validation. Also see  и.╒ This uses the built-in mechanism introduced in 1.0.2/1.1.0, and will
 fail otherwise.╫ 	HsOpenSSL&Block until the operation is finished.╪ 	HsOpenSSLбPerform an SSL operation which can return non-blocking error codes, thus
   requesting that the operation be performed when data or buffer space is
   availible.к 	HsOpenSSLPerform an SSL server handshakeл 	HsOpenSSL7Try to perform an SSL server handshake without blockingм 	HsOpenSSLPerform an SSL client handshakeн 	HsOpenSSL7Try to perform an SSL client handshake without blocking┘ 	HsOpenSSL║Perform an SSL operation which operates of a buffer and can return
   non-blocking error codes, thus requesting that it be performed again when
   more data or buffer space is available.┘Note that these SSL functions generally require that the arguments to the
   repeated call be exactly the same. This presents an issue because multiple
   threads could try writing at the same time (with different buffers) so the
   calling function should probably hold the lock on the SSL object over the
   whole time (include repeated calls)о 	HsOpenSSL╗Try to read the given number of bytes from an SSL connection. On EOF an
   empty ByteString is returned. If the connection dies without a graceful
   SSL shutdown, an exception is raised.╬ NOTE: The returned bytestring could be shorter than the size requested, see:
 6https://www.openssl.org/docs/man3.0/man3/SSL_read.html п 	HsOpenSSL╤ Try to read the given number of bytes from an SSL connection
   without blocking.╬ NOTE: The returned bytestring could be shorter than the size requested, see:
 6https://www.openssl.org/docs/man3.0/man3/SSL_read.html ░ 	HsOpenSSL╦ Read some data into a raw pointer buffer.
 Retrns the number of bytes read.▒ 	HsOpenSSL┬ Try to read some data into a raw pointer buffer, without blocking.▓ 	HsOpenSSLАWrite a given ByteString to the SSL connection. Either all the data is
   written or an exception is raised because of an error.│ 	HsOpenSSL╟ Try to write a given ByteString to the SSL connection without blocking.┤ 	HsOpenSSL)Send some data from a raw pointer buffer.╡ 	HsOpenSSL;Send some data from a raw pointer buffer, without blocking.╢ 	HsOpenSSL√ Lazily read all data until reaching EOF. If the connection dies
   without a graceful SSL shutdown, an exception is raised.╖ 	HsOpenSSL┴ Write a lazy ByteString to the SSL connection. In contrast to
    ▓Ь, there is a chance that the string is written partway and
   then an exception is raised for an error. The string doesn't
   necessarily have to be finite.╕ 	HsOpenSSL╠Cleanly shutdown an SSL connection. Note that SSL has a concept of a
   secure shutdown, which is distinct from just closing the TCP connection.
   This performs the former and should always be preferred.▐ This can either just send a shutdown, or can send and wait for the peer's
   shutdown message.╣ 	HsOpenSSL;Try to cleanly shutdown an SSL connection without blocking.║ 	HsOpenSSL╔After a successful connection, get the certificate of the other party. If
   this is a server connection, you probably won't get a certificate unless
   you asked for it with contextSetVerificationMode╗ 	HsOpenSSLЇGet the result of verifing the peer's certificate. This is mostly for
   clients to verify the certificate of the server that they have connected
   it. You must set a list of root CA certificates with contextSetCA... for
   this to make sense.╥Note that this returns True iff the peer's certificate has a valid chain
   to a root CA. You also need to check that the certificate is correct (i.e.
   has the correct hostname in it) with getPeerCertificate.┘  	HsOpenSSL#the name of SSL IO function to call 	HsOpenSSLthe SSL IO function to call 	HsOpenSSLthe buffer to pass 	HsOpenSSLthe length to pass Ў кжмгПСЪЯТбЮЭФЧЦШЩЬУХаЫйд║╗╢╖о░зи╕лнп▒╣│╡Рве▓┤	.3(0+6:/,8-)
17$%4*59&' !"#2·°∙ГЕДНО АБВЖ№¤■√ЗИЙКЛМЎ НПСТУФХЦЧШЩЪЗИЙМЛКЫЬЭЮЯабвГ АБВгджзийклмноп░▒▓│┤╡╢╖╕╣№¤■║╗ДЕ	
 !"#$%&'()*+,-./0123456789:√·°∙ОРЖе           None7  ▌$
╦ 	HsOpenSSL ╦2 represents a result of PKCS#7
 verification. See  р.╠ 	HsOpenSSL─ Nothing if the PKCS#7
   signature was a detached
   signature, and Just content
   if it wasn't.╬ 	HsOpenSSL ╬╟  is a set of flags that are used in many operations
 related to PKCS#7.▄ 	HsOpenSSL ▄╬ represents an abstract PKCS#7 structure. The concrete
 type of structure is hidden in the object: such polymorphism isn't
 very haskellish but please get it out of your mind since OpenSSL is
 written in C.▀ 	HsOpenSSL ▀' creates a PKCS#7 signedData structure.р 	HsOpenSSL р( verifies a PKCS#7 signedData structure.с 	HsOpenSSL с* creates a PKCS#7 envelopedData structure.т 	HsOpenSSL т7 decrypts content from PKCS#7 envelopedData
 structure.у 	HsOpenSSL у+ writes PKCS#7 structure to S/MIME message.ф 	HsOpenSSL ф parses S/MIME message.▀  	HsOpenSSLcertificate to sign with 	HsOpenSSLcorresponding private key 	HsOpenSSLГoptional additional set of certificates
   to include in the PKCS#7 structure (for
   example any intermediate CAs in the
   chain) 	HsOpenSSLdata to be signed 	HsOpenSSLAn optional set of flags:
 ╧┌ Many S/MIME clients
   expect the signed content to include
   valid MIME headers. If the  ╧╙ 
   flag is set MIME headers for type
   "text/plain" are prepended to the
   data. ╨If  ╨╛ is
   set the signer's certificate will not be
   included in the PKCS#7 structure, the
   signer's certificate must still be
   supplied in the parameter though. This
   can reduce the size of the signature if
   the signer's certificate can be obtained
   by other means: for example a previously
   signed message. ╒╚ The data being signed
   is included in the PKCS#7 structure,
   unless  ╒Ы is set in which
   case it is ommited. This is used for
   PKCS#7 detached signatures which are
   used in S/MIME plaintext signed message
   for example. ╓ЕNormally the supplied
   content is translated into MIME
   canonical format (as required by the
   S/MIME specifications) but if
    ╓Щ is set no translation
   occurs. This option should be uesd if
   the supplied data is in binary format
   otherwise the translation will corrupt
   it. ╫  ╪╫The signedData
   structure includes several PKCS#7
   authenticatedAttributes including the
   signing time, the PKCS#7 content type
   and the supported list of ciphers in an
   SMIMECapabilities attribute. If
    ╫Е is set then no
   authenticatedAttributes will be used. If
   Pkcs7NoSmimeCap is set then just the
   SMIMECapabilities are omitted.р  	HsOpenSSLA PKCS#7 structure to verify. 	HsOpenSSL╩ Set of certificates in which to
   search for the signer's
   certificate. 	HsOpenSSL;Trusted certificate store (used
   for chain verification). 	HsOpenSSLс Signed data if the content is not
   present in the PKCS#7 structure
   (that is it is detached). 	HsOpenSSLAn optional set of flags:
 ╙If
    ╙╚ is set the
   certificates in the message itself
   are not searched when locating the
   signer's certificate. This means
   that all the signers certificates
   must be in the second argument
   ([ а]). ╧If the  ╧в
   flag is set MIME headers for type
   "text/plain" are deleted from
   the content. If the content is not
   of type "text/plain" then an
   error is returned. ╘If
    ╘? is set the
   signer's certificates are not
   chain verified. ╥If  ╥▀
   is set then the certificates
   contained in the message are not
   used as untrusted CAs. This means
   that the whole verify chain (apart
   from the signer's certificate)
   must be contained in the trusted
   store. ╤If  ╤>
   is set then the signatures on the
   data are not checked.с  	HsOpenSSL!A list of recipient certificates. 	HsOpenSSLThe content to be encrypted. 	HsOpenSSLThe symmetric cipher to use. 	HsOpenSSLAn optional set of flags:
 ╧If the  ╧╙  flag
   is set MIME headers for type
   "text/plain" are prepended to the
   data. ╓БNormally the supplied
   content is translated into MIME
   canonical format (as required by the
   S/MIME specifications) if
    ╓Э is set no translation
   occurs. This option should be used if
   the supplied data is in binary format
   otherwise the translation will
   corrupt it. If  ╓ is set
   then  ╧ is ignored.т  	HsOpenSSL The PKCS#7 structure to decrypt. 	HsOpenSSL!The private key of the recipient. 	HsOpenSSLThe recipient's certificate. 	HsOpenSSLAn optional set of flags:
 ╧If the  ╧а flag
   is set MIME headers for type
   "text/plain" are deleted from the
   content. If the content is not of
   type "text/plain" then an error is
   thrown. 	HsOpenSSLThe decrypted content.у  	HsOpenSSL!A PKCS#7 structure to be written. 	HsOpenSSLч If cleartext signing
   (multipart/signed) is being used then
   the signed data must be supplied here. 	HsOpenSSLAn optional set of flags:
 ╒If  ╒ш 
   is set then cleartext signing will be
   used, this option only makes sense for
   signedData where  ╒ is
   also set when  ▀ is also
   called. ╧If the  ╧я  flag
   is set MIME headers for type
   "text/plain" are added to the
   content, this only makes sense if
    ╒ is also set. 	HsOpenSSLThe result S/MIME message.ф  	HsOpenSSLThe message to be read. 	HsOpenSSL!(The result PKCS#7
   structure, Just content└ 
   if the PKCS#7 structure was
   a cleartext signature and
   Nothing if it wasn't.) тс▀рф▐▌у█▄╬╓┌╒╫╨╥╙┘╤╪╘╧╦═╠▄█╬╧╨╤╥╙╘╒╓╫╪┘┌╦╠═▌▐▀рстуф          None   чщ 	HsOpenSSL щ3 represents format of PKCS#10 certificate
 request.ъ 	HsOpenSSL=The new format, whose header is "NEW
   CERTIFICATE REQUEST".ы 	HsOpenSSL9The old format, whose header is "CERTIFICATE
   REQUEST".ь 	HsOpenSSL ь% represents a way to supply password.  FIXME: using PwTTY causes an error but I don't know why:
 "error:0906406D:PEM routines:DEF_CALLBACK:problems getting
 password"э 	HsOpenSSLno passwordю 	HsOpenSSLpassword in a static stringя 	HsOpenSSL password in a static bytestring.Ё 	HsOpenSSL%get a
   password
   by a
   callbackё 	HsOpenSSLread a password from TTYЄ 	HsOpenSSL Є represents a context of
  ї.є 	HsOpenSSL╠ The callback was called to get
   a password to read something
   encrypted.Ї 	HsOpenSSL┼ The callback was called to get
   a password to encrypt
   something.ї 	HsOpenSSL ї6 represents a callback function to supply a
 password.
Int2The maximum length of the password to be accepted.PemPasswordRWStateThe context.	IO StringThe resulting password.Ў 	HsOpenSSL Ў6 writes a private key to PEM string in
 PKCS#8 format.ў 	HsOpenSSL ў pem supply# reads a private key in PEM string.° 	HsOpenSSL ° pubkey writes a public to PEM string.∙ 	HsOpenSSL ∙ pem" reads a public key in PEM string.· 	HsOpenSSL · cert+ writes an X.509 certificate to PEM string.√ 	HsOpenSSL √ pem* reads an X.509 certificate in PEM string.№ 	HsOpenSSL №5 writes a PKCS#10 certificate request to PEM
 string.¤ 	HsOpenSSL ¤3 reads a PKCS#10 certificate request in PEM string.■ 	HsOpenSSL ■ crl5 writes a Certificate Revocation List to PEM
 string.  	HsOpenSSL   pem3 reads a Certificate Revocation List in PEM string.А 	HsOpenSSL А p7) writes a PKCS#7 structure to PEM string.Б 	HsOpenSSL Б pem( reads a PKCS#7 structure in PEM string.В 	HsOpenSSL В dh$ writes DH parameters to PEM string.Г 	HsOpenSSL Г pem# reads DH parameters in PEM string.Ў  	HsOpenSSLprivate key to write 	HsOpenSSL>Either (symmetric cipher
   algorithm, password
   supply) or Nothing. If
   Nothing1 is given the
   private key is not
   encrypted. 	HsOpenSSLthe result PEM string№  	HsOpenSSLrequest 	HsOpenSSLformat 	HsOpenSSLthe result PEM string  ГБў∙√¤■ВЎА°·№їЄєЇьяЁэюёщъыїЄєЇьэюяЁёЎў°∙·√щъы№¤■ АБВГ  ┌   5  6  7   8   9   :   ;   <   =  >  ?  @  A  B  C  D  E  F  G  H  I  J  K  L  M  N  O  P  Q  R  S  T  U  V  W  X  Y  Z  [  \  ]  ^  _  `  a  b  c  d  e  f  g  h  i  j  k  l  m  n  o   p   q   r  s   t   u   v   w  x  y  y  z  {  {  |  }  }  ~      А  Б  В  Г  Д  Д  Е  Ж  Ж   З   И   Й   К   Л   М   Н   О   П   Р   С   Т   У   Ф   Х   Ц   Ч   Ш   Щ   Ъ   Ы   Ь   Э   Ю   Я   а   б   в   г   д   е   ж   з   и   й   к   л   м   н   о   п   ░  	▒  	▓  	Б  	В  	 │  	 ┤  	 ╡  	 ╢  
╖  
╕  
 ╣  
 ║  
 ╗  
 ╝  
 ╜  
 ╛  
 ┐  
 └  
 ┴  
 ┬  
 ├  
 ─  
 ┼  
 ╞  
 ╟  
 ╚  
 ╔  ╩  ╦   ╠   ═   ╬   ╧   ╨   ╤  ╥  ╙  ╘   ╒   ╓   ╫   ╪   ┘   ┌   █   ▄   ▌   ▐   $   #   "   ▀   р   с   т   у   ф   х   ц   ч   ш   щ   ъ  ы   ь   э   ю   я   Ё   ё   Є   є  Ї  ї  Ў   ў   °   ∙   ·   √   №   ¤   ■       А   )   &   (   %   '   Б   В   Г   Д   Е   Ж   З   И  Й  К  Л   М   Н  О   П   Р   С   Т   У   Ф   +   -   Х   Ц   Ч   Ш   Щ   Ъ   Ы   *   ,   Ь   Э   Ю   Я   а   б  в  г  д   е   ж   з   и   й   к   л   м   н   о   п   ░   ▒   ▓  │  ┤  ╡   ╢   ╖   ╕   ╣   ║   ╗   ╝   ╜   ╛   ┐  └  ┴  ┴   ┬   ├   ─   ┼   ╞   ╟   ╚   ╔   ╩   ╦   ╠   ═   ╬   ╧   ╨   ╤   3   4   1   2   ╥   ╙   ╘   ╒   ╓   ╫   ╪  ┘  ┌   █   ▄   ▌   ▐   ▀   р   с   ╬   ╧   1   2   ╓   ╫   т   у   ф  х  х  хц  хч  ш  щ   ъ   ы   ь   э   ю   я   ╬   ╧   Ё   ё   Є   є   3   4   Ї   ї   Ў   ў   °   ∙  ·  √  №  ¤   ■       А   Б   В   Г   Д   Е   Ж   З   И  Й  Й  К  Л  М  Н  О  П  Р  С  Т    У  Ф  Х  Ц  Ч  Ш  ЧЩ  ЧЪ  ЧЫ    Ь   Э   Ю   Я   а   б   в   г   д   е   ж   з   и   й   к   л   м   н   о   п   ░   ▒   ▓   │   ┤   ╡   ╢   ╖   ╕   ╣   ║   ╗   ╝   ╜   ╛   ┐   └   ┴   ┬   ├   ─   ┼   ╞   ╟   ╚   ╔   ╩   ╦   ╠   ═   ╬   ╧   ╨   ╤   ╥   ╙   ╘   ╒   ╓   ╫   ╪  ┘  ┌  █  ▄  ▌  ▐  ▀  р  с  т  у  ф  х  ц  ч  ш  щ  ъ   ы   ь   э   ю   я   Ё   ё   Є   є   Ї   ї   Ў  ў  °  ∙  ·  √  №  ¤  ■     А  Б  В  Г   Д   Е   Ж   З   И   Й   К   Л   М   Н   О   П   Р   С   Т   У   Ф   Х   Ц   Ч   Ш   Щ  Ъ   Ы   Ь   Э   Ю  Я  а  б  в  г   д    е    ж    з   и  ! й  ! к  ! л  ! м  ! н  ! о  ! п  ! ░  ! ▒ ▓│┤ ▓╡╢ ╖╕╣  
 ║  
 ╗   ╝   ╜  .╛  . ┐  . └  . ┴  . ┬  . ├  . ─  . ┼  . ╞  . ╟  . ╚  . ╔  . ╩  . ╦  . ╠  . ═  . ╬  . ╧  . ╨  . ╤  . ╥  . ╙  . ╘  . ╒  . ╓  . ╫  . ╪  .┘  / ┌  / █  / ▄  / ▌  / ▐  / ▀  / р  / с  /т  /у  /ф  /х  0 ц  0 ч  0 ш  0щ   ъ   ы   ьэHsOpenSSL-0.11.7.7-inplaceOpenSSL
OpenSSL.DHOpenSSL.EVP.Base64OpenSSL.SessionOpenSSL.RandomOpenSSL.EVP.InternalOpenSSL.EVP.DigestOpenSSL.EVP.CipherOpenSSL.Cipher
OpenSSL.BNOpenSSL.RSAOpenSSL.DEROpenSSL.DSAOpenSSL.EVP.PKeyOpenSSL.EVP.VerifyOpenSSL.EVP.SignOpenSSL.EVP.SealOpenSSL.EVP.OpenOpenSSL.X509OpenSSL.X509.RequestOpenSSL.X509.RevocationOpenSSL.X509.StoreOpenSSL.PKCS7OpenSSL.PEM	HsOpenSSLOpenSSL.DH.InternalOpenSSL.ERROpenSSL.ObjectsOpenSSL.SSL.OptionSSL
SSLContextOpenSSL.StackOpenSSL.Utils$dmrsaE$dmrsaN
$dmrsaSize$dmdsaG$dmdsaP$dmdsaPublic$dmdsaQ
$dmdsaSize$dmfromKeyPair$dmfromPublicKey$dmtoKeyPair$dmtoPublicKeyOpenSSL.BIOOpenSSL.ASN1OpenSSL.X509.NamegetSubjectNamesetSubjectNamegetIssuerNamesetIssuerNamewithOpenSSLDHDHPencodeBase64encodeBase64BSencodeBase64LBSdecodeBase64decodeBase64BSdecodeBase64LBS	SSLOptionSSL_OP_MICROSOFT_SESS_ID_BUGSSL_OP_NETSCAPE_CHALLENGE_BUG'SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG"SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG!SSL_OP_MICROSOFT_BIG_SSLV3_BUFFERSSL_OP_SAFARI_ECDHE_ECDSA_BUGSSL_OP_SSLEAY_080_CLIENT_DH_BUGSSL_OP_TLS_D5_BUGSSL_OP_TLS_BLOCK_PADDING_BUG"SSL_OP_DONT_INSERT_EMPTY_FRAGMENTSSSL_OP_TLSEXT_PADDING
SSL_OP_ALLSSL_OP_TLS_ROLLBACK_BUGSSL_OP_SINGLE_DH_USESSL_OP_EPHEMERAL_RSASSL_OP_CIPHER_SERVER_PREFERENCESSL_OP_PKCS1_CHECK_1SSL_OP_PKCS1_CHECK_2SSL_OP_NETSCAPE_CA_DN_BUG&SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUGSSL_OP_NO_SSLv2SSL_OP_NO_SSLv3SSL_OP_NO_TLSv1SSL_OP_NO_TLSv1_1SSL_OP_NO_TLSv1_2SSL_OP_NO_TLSv1_3SSL_OP_NO_DTLSv1SSL_OP_NO_DTLSv1_2-SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATIONSSL_OP_NO_TICKET(SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATIONSSL_OP_LEGACY_SERVER_CONNECT SSL_OP_NO_EXTENDED_MASTER_SECRETSSL_OP_CLEANSE_PLAINTEXTSSL_OP_ENABLE_KTLSSSL_OP_IGNORE_UNEXPECTED_EOF!SSL_OP_ALLOW_CLIENT_RENEGOTIATIONSSL_OP_DISABLE_TLSEXT_CA_NAMESSSL_OP_CISCO_ANYCONNECTSSL_OP_NO_ANTI_REPLAYSSL_OP_PRIORITIZE_CHACHASSL_OP_ALLOW_NO_DHE_KEXSSL_OP_NO_ENCRYPT_THEN_MACSSL_OP_NO_QUERY_MTUSSL_OP_COOKIE_EXCHANGESSL_OP_NO_COMPRESSIONSSL_OP_ENABLE_MIDDLEBOX_COMPATSSL_OP_NO_RENEGOTIATIONSSL_OP_CRYPTOPRO_TLSEXT_BUG	randBytes
prandBytesaddPKeytoPKeyfromPKeypkeySizepkeyDefaultMDEVP_PKEY	VaguePKeyHMAC_CTXHmacCtx
EVP_MD_CTX	DigestCtxEVP_MDDigest
CryptoModeEncryptDecryptEVP_CIPHER_CTX	CipherCtx
EVP_CIPHERCipherwithCipherPtrcipherIvLengthnewCipherCtxwithCipherCtxPtrwithNewCipherCtxPtrcipherSetPaddingcipherInitBScipherUpdateBScipherFinalBScipherStrictlycipherLazily	withMDPtrwithDigestCtxPtrdigestUpdateBSdigestFinalBSdigestFinaldigestStrictlydigestLazilywithHmacCtxPtrhmacUpdateBShmacFinalBS
hmacLazilywrapPKeyPtr
createPKeywithPKeyPtrwithPKeyPtr'unsafePKeyToPtr	touchPKeygetDigestByNamegetDigestNamesdigestdigestBS	digestLBShmacBShmacLBSpkcs5_pbkdf2_hmac_sha1getCipherByNamegetCipherNamescipherStrictLBSciphercipherBS	cipherLBSAESCtxMode	newAESCtxaesCBC$fEqMode
$fShowModeBIGNUMBigNumallocaBNunwrapBNwrapBNbnToIntegerintegerToBNwithBNpeekBNnewBNintegerToMPImpiToIntegermodexp randIntegerUptoNMinusOneSuchThat!prandIntegerUptoNMinusOneSuchThatrandIntegerZeroToNMinusOnerandIntegerOneToNMinusOneprandIntegerZeroToNMinusOneprandIntegerOneToNMinusOneRSAGenKeyCallbackRSAKeyrsaSizersaNrsaE
withRSAPtr
peekRSAPtrabsorbRSAPtrRSA
RSAKeyPair	RSAPubKeyrsaCopyPublicrsaKeyPairFinalizegenerateRSAKeygenerateRSAKey'rsaDrsaPrsaQrsaDMP1rsaDMQ1rsaIQMP$fShowRSAKeyPair$fShowRSAPubKey$fOrdRSAKeyPair$fOrdRSAPubKey$fEqRSAKeyPair$fEqRSAPubKey$fRSAKeyRSAKeyPair$fRSAKeyRSAPubKeytoDERPub
fromDERPub	toDERPrivfromDERPrivDSAKeydsaSizedsaPdsaQdsaG	dsaPublic
withDSAPtr
peekDSAPtrabsorbDSAPtrDSA
DSAKeyPair	DSAPubKeygenerateDSAParametersgenerateDSAKey
dsaPrivatedsaPubKeyToTupledsaKeyPairToTupletupleToDSAPubKeytupleToDSAKeyPairgenerateDSAParametersAndKeysignDigestedDataWithDSAverifyDigestedDataWithDSA$fShowDSAKeyPair$fShowDSAPubKey$fOrdDSAKeyPair$fOrdDSAPubKey$fEqDSAKeyPair$fEqDSAPubKey$fDSAKeyDSAKeyPair$fDSAKeyDSAPubKeySomeKeyPairSomePublicKeyKeyPairfromKeyPair	toKeyPair	PublicKeyfromPublicKeytoPublicKey$fPKeyDSAKeyPair$fPKeyDSAPubKey$fPKeyRSAKeyPair$fPKeyRSAPubKey$fPublicKeyDSAKeyPair$fPublicKeyDSAPubKey$fPublicKeyRSAKeyPair$fPublicKeyRSAPubKey$fPKeySomePublicKey$fPublicKeySomePublicKey$fEqSomePublicKey$fKeyPairDSAKeyPair$fKeyPairRSAKeyPair$fPKeySomeKeyPair$fKeyPairSomeKeyPair$fPublicKeySomeKeyPair$fEqSomeKeyPairVerifyStatusVerifySuccessVerifyFailureverifyverifyBS	verifyLBS$fShowVerifyStatus$fEqVerifyStatussignsignBSsignLBSsealsealBSsealLBSopenopenBSopenLBSDHGenDHGen2DHGen5genDHParamsgetDHLengthcheckDHParamsgenDHgetDHParamsgetDHPublicKeycomputeDHKey	$fEqDHGen
$fOrdDHGen$fShowDHGenX509_X509newX509wrapX509withX509PtrwithX509StackunsafeX509ToPtr	touchX509writeDerX509readDerX509compareX509signX509
verifyX509	printX509
getVersion
setVersiongetSerialNumbersetSerialNumbergetNotBeforesetNotBeforegetNotAftersetNotAftergetPublicKeysetPublicKeygetSubjectEmailX509_REQX509Req
newX509ReqwrapX509ReqwithX509ReqPtrsignX509ReqverifyX509ReqprintX509ReqwriteX509ReqDERaddExtensionsmakeX509FromReqaddExtensionToX509RevokedCertificaterevRevocationDaterevSerialNumberX509_CRLCRLnewCRLwrapCRL
withCRLPtrsignCRL	verifyCRLprintCRLgetLastUpdatesetLastUpdategetNextUpdatesetNextUpdategetRevokedList
addRevoked
getRevokedsortCRL$fShowRevokedCertificate$fEqRevokedCertificateX509StoreCtxX509_STORE_CTX
X509_STORE	X509StorenewX509StorewrapX509StorewithX509StorePtraddCertToStoreaddCRLToStorewithX509StoreCtxPtrwrapX509StoreCtxgetStoreCtxCertgetStoreCtxIssuergetStoreCtxCRLgetStoreCtxChainProtocolErrorConnectionAbruptlyTerminatedSomeSSLExceptionShutdownTypeBidirectionalUnidirectional	SSLResultSSLDoneWantRead	WantWrite	sslSocketsslFdSSL_VerificationMode
VerifyNone
VerifyPeer
vpCallbackvpClientOncevpFailIfNoPeerCertSSLContext_contextwithContextcontextAddOptioncontextRemoveOptioncontextSetPrivateKeycontextSetCertificatecontextSetPrivateKeyFilecontextSetCertificateFilecontextSetCertificateChainFilecontextSetCipherscontextSetDefaultCipherscontextCheckPrivateKeycontextSetVerificationModecontextSetDefaultVerifyPathscontextSetCAFilecontextSetCADirectorycontextGetCAStorecontextSetSessionIdContextcontextSetALPNProtoswithContextSetKeylogCallback
connectionfdConnectionwithSSL	addOptionremoveOptionsetTlsextHostNameenableHostnameValidationaccept	tryAcceptconnect
tryConnectreadtryReadreadPtr
tryReadPtrwritetryWritewritePtrtryWritePtrlazyRead	lazyWriteshutdowntryShutdowngetPeerCertificategetVerifyResult$fExceptionSomeSSLException$fShowSomeSSLException'$fExceptionConnectionAbruptlyTerminated$fExceptionProtocolError$fShowProtocolError$fEqProtocolError"$fShowConnectionAbruptlyTerminated $fEqConnectionAbruptlyTerminated$fEqShutdownType$fShowShutdownType$fEqSSLResult$fShowSSLResult$fFunctorSSLResult$fFoldableSSLResult$fTraversableSSLResultPkcs7VerifyStatusPkcs7VerifySuccessPkcs7VerifyFailure	Pkcs7Flag	Pkcs7TextPkcs7NoCertsPkcs7NoSigsPkcs7NoChainPkcs7NoInternPkcs7NoVerifyPkcs7DetachedPkcs7BinaryPkcs7NoAttrPkcs7NoSmimeCapPkcs7NoOldMimeTypePkcs7CRLFEOLPKCS7Pkcs7wrapPkcs7PtrwithPkcs7Ptr	pkcs7Signpkcs7Verifypkcs7Encryptpkcs7Decrypt
writeSmime	readSmime$fShowPkcs7VerifyStatus$fEqPkcs7VerifyStatus$fShowPkcs7Flag$fEqPkcs7FlagPemX509ReqFormatReqNewFormatReqOldFormatPemPasswordSupplyPwNonePwStrPwBS
PwCallbackPwTTYPemPasswordRWStatePwReadPwWritePemPasswordCallbackwritePKCS8PrivateKeyreadPrivateKeywritePublicKeyreadPublicKey	writeX509readX509writeX509ReqreadX509ReqwriteCRLreadCRL
writePkcs7	readPkcs7writeDHParamsreadDHParamsasDHasDHP
withDHPPtr	withDHPtr
wrapDHPPtrwrapDHPPtrWith	wrapDHPtrwrapDHPtrWithDH_errorStringgetError	peekErrorgetObjNamesObjNameTypeCipherMethodTypeCompMethodTypeMDMethodTypePKeyMethodTypeoptionToIntegralmapStackwithForeignStack	withStackSTACKtoHexfromHexclearErrorStackfailIf
failIfNullfailIfNull_failIf_peekCStringCLenraiseOpenSSLErrorbase	GHC.MaybeNothingGHC.ForeignPtr
ForeignPtr
ghc-bignumGHC.Num.IntegerIntegerbnToMPImpiToBNmakeDecodeFunmakeEncodeFunBIObioPush==><==bioJoinbioFlushbioResetbioEOFbioRead	bioReadBS
bioReadLBSbioGets	bioGetsBS
bioGetsLBSbioWrite
bioWriteBSbioWriteLBS	newBase64	newBuffernewMemnewConstMemnewConstMemBSnewConstMemLBS
newNullBIO
withBioPtrwithBioPtr'
wrapBioPtrBIO_nid2lnnid2snobj2nidpeekASN1IntegerpeekASN1StringpeekASN1TimewithASN1IntegerwithASN1TimeASN1_INTEGERASN1_OBJECTASN1_STRING	ASN1_TIMEallocaX509NamepeekX509NamewithX509Name	X509_NAMEsslBlocksslTryHandshake
sslIOInner