@@ -125,7 +125,8 @@ Context creation
125125A convenience function helps create:class: `SSLContext ` objects for common
126126purposes.
127127
128- ..function ::create_default_context(purpose=Purpose.SERVER_AUTH, cafile=None, capath=None, cadata=None)
128+ ..function ::create_default_context(purpose=Purpose.SERVER_AUTH, *,\
129+ cafile=None, capath=None, cadata=None)
129130
130131 Return a new:class: `SSLContext ` object with default settings for
131132 the given *purpose *. The settings are chosen by the:mod: `ssl ` module,
@@ -314,7 +315,7 @@ Exceptions
314315Random generation
315316^^^^^^^^^^^^^^^^^
316317
317- ..function ::RAND_bytes(num)
318+ ..function ::RAND_bytes(num, / )
318319
319320 Return *num * cryptographically strong pseudo-random bytes. Raises an
320321:class: `SSLError ` if the PRNG has not been seeded with enough data or if the
@@ -338,7 +339,7 @@ Random generation
338339:func: `ssl.RAND_egd ` and:func: `ssl.RAND_add ` to increase the randomness of
339340 the pseudo-random number generator.
340341
341- ..function ::RAND_add(bytes, entropy)
342+ ..function ::RAND_add(bytes, entropy, / )
342343
343344 Mix the given *bytes * into the SSL pseudo-random number generator. The
344345 parameter *entropy * (a float) is a lower bound on the entropy contained in
@@ -406,12 +407,12 @@ Certificate handling
406407 ..versionchanged ::3.10
407408 The *timeout * parameter was added.
408409
409- ..function ::DER_cert_to_PEM_cert(DER_cert_bytes )
410+ ..function ::DER_cert_to_PEM_cert(der_cert_bytes )
410411
411412 Given a certificate as a DER-encoded blob of bytes, returns a PEM-encoded
412413 string version of the same certificate.
413414
414- ..function ::PEM_cert_to_DER_cert(PEM_cert_string )
415+ ..function ::PEM_cert_to_DER_cert(pem_cert_string )
415416
416417 Given a certificate as an ASCII PEM string, returns a DER-encoded sequence of
417418 bytes for that same certificate.
@@ -1128,10 +1129,10 @@ SSL sockets also have the following additional methods and attributes:
11281129 ..deprecated ::3.6
11291130 Use:meth: `~SSLSocket.recv ` instead of:meth: `~SSLSocket.read `.
11301131
1131- ..method ::SSLSocket.write(buf )
1132+ ..method ::SSLSocket.write(data )
11321133
1133- Write *buf * to the SSL socket and return the number of bytes written. The
1134- *buf * argument must be an object supporting the buffer interface.
1134+ Write *data * to the SSL socket and return the number of bytes written. The
1135+ *data * argument must be an object supporting the buffer interface.
11351136
11361137 Raise:exc: `SSLWantReadError ` or:exc: `SSLWantWriteError ` if the socket is
11371138:ref: `non-blocking <ssl-nonblocking >` and the write would block.
@@ -1141,7 +1142,7 @@ SSL sockets also have the following additional methods and attributes:
11411142
11421143 ..versionchanged ::3.5
11431144 The socket timeout is no longer reset each time bytes are received or sent.
1144- The socket timeout is now the maximum total duration to write *buf *.
1145+ The socket timeout is now the maximum total duration to write *data *.
11451146
11461147 ..deprecated ::3.6
11471148 Use:meth: `~SSLSocket.send ` instead of:meth: `~SSLSocket.write `.
@@ -1158,12 +1159,15 @@ SSL sockets also have the following additional methods and attributes:
11581159:meth: `~socket.socket.recv ` and:meth: `~socket.socket.send ` instead of these
11591160 methods.
11601161
1161- ..method ::SSLSocket.do_handshake()
1162+ ..method ::SSLSocket.do_handshake(block=False )
11621163
11631164 Perform the SSL setup handshake.
11641165
1166+ If *block * is true and the timeout obtained by:meth: `~socket.socket.gettimeout `
1167+ is zero, the socket is set in blocking mode until the handshake is performed.
1168+
11651169 ..versionchanged ::3.4
1166- The handshake method also performs:func: `match_hostname ` when the
1170+ The handshake method also performs:func: `! match_hostname
11671171:attr: `~SSLContext.check_hostname ` attribute of the socket's
11681172:attr: `~SSLSocket.context ` is true.
11691173
@@ -1173,7 +1177,7 @@ SSL sockets also have the following additional methods and attributes:
11731177
11741178 ..versionchanged ::3.7
11751179 Hostname or IP address is matched by OpenSSL during handshake. The
1176- function:func: `match_hostname ` is no longer used. In case OpenSSL
1180+ function:func: `! match_hostname
11771181 refuses a hostname or IP address, the handshake is aborted early and
11781182 a TLS alert message is sent to the peer.
11791183
@@ -1643,7 +1647,7 @@ to speed up repeated connections from the same clients.
16431647 provided as part of the operating system, though, it is likely to be
16441648 configured properly.
16451649
1646- ..method ::SSLContext.set_ciphers(ciphers)
1650+ ..method ::SSLContext.set_ciphers(ciphers, / )
16471651
16481652 Set the available ciphers for sockets created with this context.
16491653 It should be a string in the `OpenSSL cipher list format
@@ -1659,7 +1663,7 @@ to speed up repeated connections from the same clients.
16591663 TLS 1.3 cipher suites cannot be disabled with
16601664:meth: `~SSLContext.set_ciphers `.
16611665
1662- ..method ::SSLContext.set_alpn_protocols(protocols )
1666+ ..method ::SSLContext.set_alpn_protocols(alpn_protocols )
16631667
16641668 Specify which protocols the socket should advertise during the SSL/TLS
16651669 handshake. It should be a list of ASCII strings, like ``['http/1.1',
@@ -1673,7 +1677,7 @@ to speed up repeated connections from the same clients.
16731677
16741678 ..versionadded ::3.5
16751679
1676- ..method ::SSLContext.set_npn_protocols(protocols )
1680+ ..method ::SSLContext.set_npn_protocols(npn_protocols )
16771681
16781682 Specify which protocols the socket should advertise during the SSL/TLS
16791683 handshake. It should be a list of strings, like ``['http/1.1', 'spdy/2'] ``,
@@ -1740,7 +1744,7 @@ to speed up repeated connections from the same clients.
17401744
17411745 ..versionadded ::3.7
17421746
1743- ..attribute ::SSLContext.set_servername_callback(server_name_callback)
1747+ ..method ::SSLContext.set_servername_callback(server_name_callback)
17441748
17451749 This is a legacy API retained for backwards compatibility. When possible,
17461750 you should use:attr: `sni_callback ` instead. The given *server_name_callback *
@@ -1754,7 +1758,7 @@ to speed up repeated connections from the same clients.
17541758
17551759 ..versionadded ::3.4
17561760
1757- ..method ::SSLContext.load_dh_params(dhfile)
1761+ ..method ::SSLContext.load_dh_params(dhfile, / )
17581762
17591763 Load the key generation parameters for Diffie-Hellman (DH) key exchange.
17601764 Using DH key exchange improves forward secrecy at the expense of
@@ -1767,7 +1771,7 @@ to speed up repeated connections from the same clients.
17671771
17681772 ..versionadded ::3.3
17691773
1770- ..method ::SSLContext.set_ecdh_curve(curve_name)
1774+ ..method ::SSLContext.set_ecdh_curve(curve_name, / )
17711775
17721776 Set the curve name for Elliptic Curve-based Diffie-Hellman (ECDH) key
17731777 exchange. ECDH is significantly faster than regular DH while arguably
@@ -2641,12 +2645,12 @@ purpose. It wraps an OpenSSL memory BIO (Basic IO) object:
26412645 A boolean indicating whether the memory BIO is current at the end-of-file
26422646 position.
26432647
2644- ..method ::MemoryBIO.read(n=-1)
2648+ ..method ::MemoryBIO.read(n=-1, / )
26452649
26462650 Read up to *n * bytes from the memory buffer. If *n * is not specified or
26472651 negative, all bytes are returned.
26482652
2649- ..method ::MemoryBIO.write(buf)
2653+ ..method ::MemoryBIO.write(buf, / )
26502654
26512655 Write the bytes from *buf * to the memory BIO. The *buf * argument must be an
26522656 object supporting the buffer protocol.
@@ -2729,7 +2733,7 @@ This common check is automatically performed when
27292733
27302734..versionchanged ::3.7
27312735 Hostname matchings is now performed by OpenSSL. Python no longer uses
2732- :func: `match_hostname `.
2736+ :func: `! match_hostname
27332737
27342738In server mode, if you want to authenticate your clients using the SSL layer
27352739(rather than using a higher-level authentication mechanism), you'll also have