86     unknown experimental#Vincent Hanquez <vincent@snarc.org> Safe-Inferredunknown experimental#Vincent Hanquez <vincent@snarc.org>None'read one X509 certificate from a file. 9the certificate must be in the usual PEM format with the . TRUSTED CERTIFICATE or CERTIFICATE pem name. 9If no valid PEM encoded certificate is found in the file $ this function will raise an error. "read one private key from a file. Gthe private key must be in the usual PEM format and at the moment only  RSA PRIVATE KEY are supported. 9If no valid PEM encoded private key is found in the file $ this function will raise an error. unknown experimental#Vincent Hanquez <vincent@snarc.org>None$connectionClient host port param rng opens a TCP client connection B to a destination host and port description (number or name). For  example:    import Network.TLS.Extra  import Crypto.Random.AESCtr  ...  conn  - makeSystem3>= connectionClient 192.168.2.2 7777 defaultParams Dwill make a new RNG (using cprng-aes) and connect to IP 192.168.2.2  on port 7777. unknown experimental#Vincent Hanquez <vincent@snarc.org>NoneReturns & if all the checks pass, or the first  failure. Everify a certificates chain using the system certificates available. Meach certificate of the list is verified against the next certificate, until ^ it can be verified against a system certificate (system certificates are assumed as trusted) [This helper only check that the chain of certificate is valid, which means that each items \ received are signed by the next one, or by a system certificate. Some extra checks need to ] be done at the user level so that the certificate chain received make sense in the context. ]for example for HTTP, the user should typically verify the certificate subject match the URL  of connection. VTODO: verify validity, check revocation list if any, add optional user output to know  the rejection reason. *verify a certificate against another one. Y the first certificate need to be signed by the second one for this function to succeed. !Is this certificate self signed? _Verify that the given certificate chain is application to the given fully qualified host name. WVerify certificate validity period that need to between the bounds of the certificate. ( TODO: maybe should verify whole chain. Dhash the certificate signing data using the supplied hash function.     unknown experimental#Vincent Hanquez <vincent@snarc.org>None =all encrypted ciphers supported ordered from strong to weak. < this choice of ciphersuite should satisfy most normal need list of medium ciphers. !the strongest ciphers supported. 9all unencrypted ciphers, do not use on insecure network. Aunencrypted cipher using RSA for key exchange and MD5 for digest Bunencrypted cipher using RSA for key exchange and SHA1 for digest 0RC4 cipher, RSA key exchange and MD5 for digest 1RC4 cipher, RSA key exchange and SHA1 for digest ?AES cipher (128 bit key), RSA key exchange and SHA1 for digest ?AES cipher (256 bit key), RSA key exchange and SHA1 for digest AAES cipher (128 bit key), RSA key exchange and SHA256 for digest AAES cipher (256 bit key), RSA key exchange and SHA256 for digest  !"#$% &'()*+,  !"#$% &'()*+,unknown experimental#Vincent Hanquez <vincent@snarc.org>None   -      !"#$%&'()*+,-./0123456tls-extra-0.6.5Network.TLS.ExtraNetwork.TLS.Extra.CompressionNetwork.TLS.Extra.FileNetwork.TLS.Extra.ConnectionNetwork.TLS.Extra.CertificateNetwork.TLS.Extra.CipherfileReadCertificatefileReadPrivateKeyconnectionClientcertificateCheckscertificateVerifyChaincertificateVerifyAgainstcertificateSelfSignedcertificateVerifyDomaincertificateVerifyValiditycertificateFingerprintciphersuite_allciphersuite_mediumciphersuite_strongciphersuite_unencryptedcipher_null_MD5cipher_null_SHA1cipher_RC4_128_MD5cipher_RC4_128_SHA1cipher_AES128_SHA1cipher_AES256_SHA1cipher_AES128_SHA256cipher_AES256_SHA256 tls-1.1.5Network.TLS.ContextCertificateUsageAcceptcertificateVerifyChain_ certMatchDNverifyF dsaSHA1Verifyaes_cbc_encryptaes_cbc_decryptaes128_cbc_encryptaes128_cbc_decryptaes256_cbc_encryptaes256_cbc_decrypttoIVtoCtx initF_rc4 encryptF_rc4 decryptF_rc4 bulk_nullbulk_rc4 bulk_aes128 bulk_aes256hash_md5 hash_sha1 hash_sha256