5 files changed, 52 insertions, 6 deletions

diff --git a/src/cryptography/hazmat/backends/__init__.py b/src/cryptography/hazmat/backends/__init__.py
index 24c029f6..256fee39 100644
--- a/src/cryptography/hazmat/backends/__init__.py
+++ b/src/cryptography/hazmat/backends/__init__.py
@@ -17,8 +17,13 @@ def _available_backends():
 
     if _available_backends_list is None:
         _available_backends_list = [
-            backend.load(require=False)
-            for backend in pkg_resources.iter_entry_points(
+            # setuptools 11.3 deprecated support for the require parameter to
+            # load(), and introduced the new resolve() method instead.
+            # This can be removed if/when we can assume setuptools>=11.3. At
+            # some point we may wish to add a warning, to push people along,
+            # but at present this would result in too many warnings.
+            ep.resolve() if hasattr(ep, "resolve") else ep.load(require=False)
+            for ep in pkg_resources.iter_entry_points(
                 "cryptography.backends"
             )
         ]
diff --git a/src/cryptography/hazmat/bindings/openssl/evp.py b/src/cryptography/hazmat/bindings/openssl/evp.py
index f00c2f0d..780ce900 100644
--- a/src/cryptography/hazmat/bindings/openssl/evp.py
+++ b/src/cryptography/hazmat/bindings/openssl/evp.py
@@ -119,6 +119,8 @@ int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *, const char *, int,
                               const unsigned char *, int);
 
 int EVP_PKEY_cmp(const EVP_PKEY *, const EVP_PKEY *);
+
+EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *);
 """
 
 MACROS = """
diff --git a/src/cryptography/hazmat/bindings/openssl/ssl.py b/src/cryptography/hazmat/bindings/openssl/ssl.py
index 91ae36ac..bf627139 100644
--- a/src/cryptography/hazmat/bindings/openssl/ssl.py
+++ b/src/cryptography/hazmat/bindings/openssl/ssl.py
@@ -302,6 +302,7 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *);
 long SSL_CTX_get_timeout(const SSL_CTX *);
 
 const SSL_CIPHER *SSL_get_current_cipher(const SSL *);
+int SSL_version(const SSL *);
 
 /* SNI APIs were introduced in OpenSSL 1.0.0.  To continue to support
  * earlier versions some special handling of these is necessary.
diff --git a/src/cryptography/hazmat/bindings/openssl/x509.py b/src/cryptography/hazmat/bindings/openssl/x509.py
index f51b0e59..e30d23b7 100644
--- a/src/cryptography/hazmat/bindings/openssl/x509.py
+++ b/src/cryptography/hazmat/bindings/openssl/x509.py
@@ -71,6 +71,8 @@ typedef struct {
 
 typedef ... NETSCAPE_SPKI;
 
+typedef ... PKCS8_PRIV_KEY_INFO;
+
 static const int X509_FLAG_COMPAT;
 static const int X509_FLAG_NO_HEADER;
 static const int X509_FLAG_NO_VERSION;
@@ -224,6 +226,9 @@ DSA *d2i_DSA_PUBKEY_bio(BIO *, DSA **);
 int i2d_DSA_PUBKEY_bio(BIO *, DSA *);
 DSA *d2i_DSAPrivateKey_bio(BIO *, DSA **);
 int i2d_DSAPrivateKey_bio(BIO *, DSA *);
+
+PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *,
+                                                 PKCS8_PRIV_KEY_INFO **);
 """
 
 MACROS = """
diff --git a/src/cryptography/utils.py b/src/cryptography/utils.py
index ac2f787d..72f9a347 100644
--- a/src/cryptography/utils.py
+++ b/src/cryptography/utils.py
@@ -7,12 +7,17 @@ from __future__ import absolute_import, division, print_function
 import abc
 import inspect
 import sys
+import warnings
 
 
 # DeprecatedIn07 objects exist. This comment exists to remind developers to
 # look for them when it's time for the ninth release cycle deprecation dance.
 
 
+def read_only_property(name):
+    return property(lambda self: getattr(self, name))
+
+
 def register_interface(iface):
     def register_decorator(klass):
         verify_interface(iface, klass)
@@ -21,10 +26,6 @@ def register_interface(iface):
     return register_decorator
 
 
-def read_only_property(name):
-    return property(lambda self: getattr(self, name))
-
-
 class InterfaceNotImplemented(Exception):
     pass
 
@@ -55,3 +56,35 @@ if sys.version_info >= (2, 7):
 else:
     def bit_length(x):
         return len(bin(x)) - (2 + (x <= 0))
+
+
+class _DeprecatedValue(object):
+    def __init__(self, value, message, warning_class):
+        self.value = value
+        self.message = message
+        self.warning_class = warning_class
+
+
+class _ModuleWithDeprecations(object):
+    def __init__(self, module):
+        self.__dict__["_module"] = module
+
+    def __getattr__(self, attr):
+        obj = getattr(self._module, attr)
+        if isinstance(obj, _DeprecatedValue):
+            warnings.warn(obj.message, obj.warning_class, stacklevel=2)
+            obj = obj.value
+        return obj
+
+    def __setattr__(self, attr, value):
+        setattr(self._module, attr, value)
+
+    def __dir__(self):
+        return ["_module"] + dir(self._module)
+
+
+def deprecated(value, module_name, message, warning_class):
+    module = sys.modules[module_name]
+    if not isinstance(module, _ModuleWithDeprecations):
+        sys.modules[module_name] = module = _ModuleWithDeprecations(module)
+    return _DeprecatedValue(value, message, warning_class)