+ ~jNE a0t$^RIHt^RIt^RIt^RIt^RIt^RIt^RIt^RI t ^RI H t ^RI H t Ht^RIHtHtRtRtRtRtR.t]]]]]]3,tR-UUu/uFwrV]!]VR4bK upptRR lt]P<'d ^R IH t ^R IH!t!^R I"Ht#!R R]!RR7t$/t%R]&R&^RIt^RIH't'HtH(t(H)t)H*t*H+t+H,t,H-t-H.t.H/t/H0t0HtH1t1]+t2]'d]!]*4'gRtR.Ft3]!]1]34]%]!]R]3 24&K ^R I"Ht]PlR]7R3,t8RRlt9RRlt:RRlt;R/RR llt<]PzR0R!R"ll4t>]PzR0R#R$ll4t>R1R%R&llt>R'R(lt?R)R*lt@R2R+R,lltAR#uuppi ]4dKi;i ]5dRt(Rt)Rt/Rt0^;t2t+^t,Rt-^ t.Li;i)3) annotationsN) unhexlify)ProxySchemeUnsupportedSSLError)_BRACELESS_IPV6_ADDRZ_RE_IPV4_REFzhttp/1.1c V^8dQhRRRR/#)openssl_versionstrreturnbool)formats"f/Users/mitch_tango/dev/rabbit-r1-livekit/agent/.venv/lib/python3.14/site-packages/urllib3/util/ssl_.py __annotate__rs c(VPR4pV#)zOpenSSL ) startswith)r is_openssls& r(_is_has_never_check_common_name_reliablers !++J7J r) VerifyMode) TypedDict) SSLTransportc6]tRt^.t$R]R&R]R&R]R&RtR#) _TYPE_PEER_CERT_RET_DICTztuple[tuple[str, str], ...]subjectAltNamez'tuple[tuple[tuple[str, str], ...], ...]subjectr serialNumberrN)__name__ __module__ __qualname____firstlineno____annotations____static_attributes__rrrrr.s3388rr)totalzdict[int, int]_SSL_VERSION_TO_TLS_VERSION) CERT_REQUIREDHAS_NEVER_CHECK_COMMON_NAMEOP_NO_COMPRESSION OP_NO_TICKETOPENSSL_VERSION PROTOCOL_TLSPROTOCOL_TLS_CLIENTVERIFY_X509_PARTIAL_CHAINVERIFY_X509_STRICT OP_NO_SSLv2 OP_NO_SSLv3 SSLContext TLSVersion PROTOCOL_ii@iiic$V^8dQhRRRRRR/#)r certz bytes | None fingerprintr r Noner)rs"rrrks!  \   rcVf \R4hVPRR4P4p\V4pV\9d\RV 24h\P V4pVf\RV 24h\ VP44pV!V4P4p\P!WT4'g!\RV RVP4 R 24hR#) z Checks if given fingerprint matches the supplied certificate. :param cert: Certificate as bytes object. :param fingerprint: Fingerprint as string of hexdigits, can be interspersed by colons. NzNo certificate for the peer.:zFingerprint of invalid length: zAHash function implementation unavailable for fingerprint length: z&Fingerprints did not match. Expected "z", got "") rreplacelowerlen HASHFUNC_MAPgetrencodedigesthmaccompare_digesthex)r7r8 digest_lengthhashfuncfingerprint_bytes cert_digests&& rassert_fingerprintrLks |566%%c2.446K $ML(8 FGG .HOP] _  "+"4"4"674.'')K   { > >4[M+//J[I\\] ^   ?rc V^8dQhRRRR/#)r candidateNone | int | strr rr)rs"rrrs!1jrcVf\#\V\4'd/\\VR4pVf\\RV,4pV#V#)a Resolves the argument to a numeric constant, which can be passed to the wrap_socket function/method from the ssl module. Defaults to :data:`ssl.CERT_REQUIRED`. If given a string it is assumed to be the name of the constant in the :mod:`ssl` module or its abbreviation. (So you can specify `REQUIRED` instead of `CERT_REQUIRED`. If it's neither `None` nor a string we assume it is already the numeric constant which can directly be passed to wrap_socket. NCERT_)r( isinstancer getattrsslrNress& rresolve_cert_reqsrWsL)S!!c9d+ ;#w23C rc V^8dQhRRRR/#)r rNrOr intr)rs"rrrs  #3  rcVf\#\V\4'dH\\VR4pVf\\RV,4p\ P !\V4#V#)z like resolve_cert_reqs Nr5)r-rRr rSrTtypingcastrYrUs& rresolve_ssl_versionr]sX)S!!c9d+ ;#{Y67C{{3$$ rc8V^8dQhRRRRRRRRRRRRR RR R /#) r ssl_version int | None cert_reqsoptionsciphers str | Nonessl_minimum_versionssl_maximum_version verify_flagsr ssl.SSLContextr)rs"rrrsbPPPPP P $ P $ PPPrc\f \R4hVR\\39dyVfVe \ R4h\ P V\P4p\ P V\P4p\P!R\^R7\\4pVeWGn M\PVn VeWWnV'dVP!V4Vf\"P$MTpVf7^pV\&,pV\(,pV\*,pV\,,pV;P.V,unVf2^p\0P2R 8dV\4,pV\6,pV;P8V,un\;VRR4eRVnV\"P$8Xd\>'gWn RVn!M RVn!Wn RVn"R \FPH9d>\FPJPM\FPHP R 44pMRpV'dWn'V#) aCreates and configures an :class:`ssl.SSLContext` instance for use with urllib3. :param ssl_version: The desired protocol version to use. This will default to PROTOCOL_SSLv23 which will negotiate the highest protocol that both the server and your installation of OpenSSL support. This parameter is deprecated instead use 'ssl_minimum_version'. :param ssl_minimum_version: The minimum version of TLS to be used. Use the 'ssl.TLSVersion' enum for specifying the value. :param ssl_maximum_version: The maximum version of TLS to be used. Use the 'ssl.TLSVersion' enum for specifying the value. Not recommended to set to anything other than 'ssl.TLSVersion.MAXIMUM_SUPPORTED' which is the default value. :param cert_reqs: Whether to require the certificate verification. This defaults to ``ssl.CERT_REQUIRED``. :param options: Specific OpenSSL options. These default to ``ssl.OP_NO_SSLv2``, ``ssl.OP_NO_SSLv3``, ``ssl.OP_NO_COMPRESSION``, and ``ssl.OP_NO_TICKET``. :param ciphers: Which cipher suites to allow the server to select. Defaults to either system configured ciphers if OpenSSL 1.1.1+, otherwise uses a secure default set of ciphers. :param verify_flags: The flags for certificate verification operations. These default to ``ssl.VERIFY_X509_PARTIAL_CHAIN`` and ``ssl.VERIFY_X509_STRICT`` for Python 3.13+. :returns: Constructed SSLContext object with specified options :rtype: SSLContext Nz7Can't create an SSLContext object without an ssl modulezZCan't specify both 'ssl_version' and either 'ssl_minimum_version' or 'ssl_maximum_version'zi'ssl_version' option is deprecated and will be removed in urllib3 v3.0. Instead use 'ssl_minimum_version')category stacklevelpost_handshake_authTF SSLKEYLOGFILE) )(r3 TypeErrorr-r. ValueErrorr'rBr4MINIMUM_SUPPORTEDMAXIMUM_SUPPORTEDwarningswarn FutureWarningminimum_versionTLSv1_2maximum_version set_ciphersrTr(r1r2r*r+rbsys version_infor/r0rgrSrl IS_PYOPENSSL verify_modecheck_hostnamehostname_checks_common_nameosenvironpath expandvarskeylog_filename) r_rarbrcrerfrgcontext sslkeylogfiles &&&&&&& rcreate_urllib3_contextrsNQRR4/BCC  *.A.MA #>"A"AZ99# #>"A"AZ99#  MMM&  ,-G&"5","4"4&"5G$&/%6!!II;; $$ < OOwO    w & 5 5L . .L L( w-t4@&*#C%%%ll'!%!&'*/G'"**$**2::>>/+JK  "/ NrcPV^8dQhRRRRRRRRRRR RR RR RR R RRRRRRRRRR/#)r sock socket.socketkeyfilerdcertfilerar`ca_certsserver_hostnamer_rc ssl_contextssl.SSLContext | None ca_cert_dir key_password ca_cert_dataNone | str | bytes tls_in_tlsztyping.Literal[False]r z ssl.SSLSocketr)rs"rrrHs       '%&rc R#Nr rrrrarrr_rcrrrrrs &&&&&&&&&&&&&rssl_wrap_socketrGsrcPV^8dQhRRRRRRRRRRR RR RR RR R RRRRRRRRRR/#r rrrrdrrar`rrr_rcrrrrrrrrr ssl.SSLSocket | SSLTransportTyper)rs"rrrZs++ + ++ +  +  +++'+++%++&+rc R#rrrs &&&&&&&&&&&&&rrrYs(+rcPV^8dQhRRRRRRRRRRR RR RR RR R RRRRRRRRRR/#rr)rs"rrrksGG G GG G  G  GGG'GGG%GG&Grc Tp V f\WcVR7p V'gV 'g V 'dV PWIV 4M&Vf#\ V R4'dV P 4V'd!V f\ V4'd \R4hV'd)V fV PW!4MV PW!V 4V P\4\W W4pV# \dp\T4ThRp?ii;i)aX All arguments except for server_hostname, ssl_context, tls_in_tls, ca_cert_data and ca_cert_dir have the same meaning as they do when using :func:`ssl.create_default_context`, :meth:`ssl.SSLContext.load_cert_chain`, :meth:`ssl.SSLContext.set_ciphers` and :meth:`ssl.SSLContext.wrap_socket`. :param server_hostname: When SNI is supported, the expected hostname of the certificate :param ssl_context: A pre-made :class:`SSLContext` object. If none is provided, one will be created using :func:`create_urllib3_context`. :param ciphers: A string of ciphers we wish the client to support. :param ca_cert_dir: A directory containing CA certificates in multiple separate files, as supported by OpenSSL's -CApath flag or the capath argument to SSLContext.load_verify_locations(). :param key_password: Optional password if the keyfile is encrypted. :param ca_cert_data: Optional string containing CA certificates in PEM format suitable for passing as the cadata parameter to SSLContext.load_verify_locations() :param tls_in_tls: Use SSLTransport to wrap the existing socket. N)rcload_default_certsz5Client private key is encrypted, password is required) rload_verify_locationsOSErrorrhasattrr_is_key_file_encryptedload_cert_chainset_alpn_protocolsALPN_PROTOCOLS_ssl_wrap_socket_impl)rrrrarrr_rcrrrrrressl_socks&&&&&&&&&&&&& rrrksPG)Q;, %  ) )( N  2F!G!G""$ <',B7,K,KNOO    # #H 6  # #H| D ~.$TJPH O- %1+1 $ %sC!! C=, C88C=c V^8dQhRRRR/#)r hostnamez str | bytesr rr)rs"rrrs V V; V4 Vrc\V\4'dVPR4p\\P !V4;'g\ P !V44#)zDetects whether the hostname given is an IPv4 or IPv6 address. Also detects IPv6 addresses with Zone IDs. :param str hostname: Hostname to examine. :return: True if the hostname is an IP address, False otherwise. ascii)rRbytesdecoderrmatchr)rs&r is_ipaddressrsG(E""??7+ x(TT,D,J,J8,T UUrc V^8dQhRRRR/#)r key_filer r rr)rs"rrrsSTrc\V4;_uu_4pVFpRV9gK RRR4R# RRR4R# +'giR#;i)z*Detects if a key file is encrypted or not. ENCRYPTEDNTF)open)rflines& rrrs> h1Dd"     s ::: A c ,V^8dQhRRRRRRRRR R /#) r rrrrhrrrrdr rr)rs"rrrsAJJ JJJ J & JrcV'd:\'g \R4h\P!V4\WV4#VPWR7#)z0TLS in TLS requires support for the 'ssl' module)r)rr$_validate_ssl_context_for_tls_in_tls wrap_socket)rrrrs&&&&rrrsM |(B  99+FD??  " "4 " IIr)) md5)(sha1)@sha256)TLSv1TLSv1_1rx)NNNNNNN) ............) NNNNNNNNNNNFr)B__conditional_annotations__ __future__rhashlibrErsocketr{r[rtbinasciir exceptionsrrurlrrr3rr)r}rtuplerYr _TYPE_VERSION_INFOrSrAr TYPE_CHECKINGrTrr ssltransportSSLTransportTyperr'r$r(r*r+r,r-r.r/r0r1r2r4PROTOCOL_SSLv23attrAttributeError ImportErrorUnionr_TYPE_PEER_CERT_RETrLrWr]roverloadrrrr)length algorithmrs00@rrs"" 93   # 3S#s23 IH GGY --H   >9E/1^0. #O#+S,,',#0 LSDM 'y5G(H I0+ll#=ud#JK D.  Pf"++"GT VJJk B   LKK%&&Ol 'sHF4+F& F&.F&6F F&F#F&"F##F&&GG