Merge branch 'master' into fernet

Conflicts:
	docs/index.rst

6 files changed, 78 insertions, 26 deletions

diff --git a/docs/architecture.rst b/docs/architecture.rst
deleted file mode 100644
index bacde1bb..00000000
--- a/docs/architecture.rst
+++ /dev/null
@@ -1,13 +0,0 @@
-Architecture
-============
-
-``cryptography`` has three different layers:
-
-* ``cryptography``: This package contains higher level recipes, for example
-  "encrypt and then MAC". This is implemented on top of
-  ``cryptography.hazmat.primitives``.
-* ``cryptography.hazmat.primitives``: This packages contains low level
-  algorithms, things like ``AES`` or ``SHA1``. This is implemented on top of
-  ``cryptography.hazmat.backends``.
-* ``cryptography.hazmat.backends``: This package contains bindings to low level
-  cryptographic libraries. Our initial target is OpenSSL.
diff --git a/docs/conf.py b/docs/conf.py
index 5092e4d3..5dbcdab8 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -54,7 +54,7 @@ master_doc = 'index'
 
 # General information about the project.
 project = 'Cryptography'
-copyright = '2013, Individual Contributors'
+copyright = '2013-2014, Individual Contributors'
 
 # The version info for the project you're documenting, acts as replacement for
 # |version| and |release|, also used in various other places throughout the
diff --git a/docs/hazmat/backends/openssl.rst b/docs/hazmat/backends/openssl.rst
index 5e51c75e..404573a3 100644
--- a/docs/hazmat/backends/openssl.rst
+++ b/docs/hazmat/backends/openssl.rst
@@ -3,23 +3,37 @@
 OpenSSL Backend
 ===============
 
-These are `CFFI`_ bindings to the `OpenSSL`_ C library.
+The `OpenSSL`_ C library.
 
 .. data:: cryptography.hazmat.backends.openssl.backend
 
-    This is the exposed API for the OpenSSL bindings. It has two public
-    attributes:
+    This is the exposed API for the OpenSSL backend. It has no public attributes.    
 
-    .. attribute:: ffi
+Using your own OpenSSL on Linux
+-------------------------------
 
-        This is a :class:`cffi.FFI` instance. It can be used to allocate and
-        otherwise manipulate OpenSSL structures.
+Python links to OpenSSL for its own purposes and this can sometimes cause
+problems when you wish to use a different version of OpenSSL with cryptography.
+If you want to use cryptography with your own build of OpenSSL you will need to
+make sure that the build is configured correctly so that your version of
+OpenSSL doesn't conflict with Python's.
 
-    .. attribute:: lib
+The options you need to add allow the linker to identify every symbol correctly
+even when multiple versions of the library are linked into the same program. If
+you are using your distribution's source packages these will probably be
+patched in for you already, otherwise you'll need to use options something like
+this when configuring OpenSSL::
 
-        This is a ``cffi`` library. It can be used to call OpenSSL functions,
-        and access constants.
+    ./config -Wl,--version-script=openssl.ld -Wl,-Bsymbolic-functions -fPIC shared
 
+You'll also need to generate your own ``openssl.ld`` file. For example::
+
+    OPENSSL_1.0.1F_CUSTOM {
+        global:
+            *;
+    };
+
+You should replace the version string on the first line as appropriate for your
+build.
 
-.. _`CFFI`: https://cffi.readthedocs.org/
 .. _`OpenSSL`: https://www.openssl.org/
diff --git a/docs/hazmat/bindings/index.rst b/docs/hazmat/bindings/index.rst
new file mode 100644
index 00000000..809eddfc
--- /dev/null
+++ b/docs/hazmat/bindings/index.rst
@@ -0,0 +1,22 @@
+.. hazmat::
+
+Bindings
+========
+
+.. currentmodule:: cryptography.hazmat.bindings
+
+``cryptography`` aims to provide low-level CFFI based bindings to multiple
+native C libraries. These provide no automatic initialisation of the library
+and may not provide complete wrappers for its API.
+
+Using these functions directly is likely to require you to be careful in
+managing memory allocation, locking and other resources.
+
+
+Individual Bindings
+-------------------
+
+.. toctree::
+    :maxdepth: 1
+
+    openssl
diff --git a/docs/hazmat/bindings/openssl.rst b/docs/hazmat/bindings/openssl.rst
new file mode 100644
index 00000000..373fe472
--- /dev/null
+++ b/docs/hazmat/bindings/openssl.rst
@@ -0,0 +1,27 @@
+.. hazmat::
+
+OpenSSL Binding
+===============
+
+.. currentmodule:: cryptography.hazmat.bindings.openssl.binding
+
+These are `CFFI`_ bindings to the `OpenSSL`_ C library.
+
+.. class:: cryptography.hazmat.bindings.openssl.binding.Binding()
+
+    This is the exposed API for the OpenSSL bindings. It has two public
+    attributes:
+
+    .. attribute:: ffi
+
+        This is a :class:`cffi.FFI` instance. It can be used to allocate and
+        otherwise manipulate OpenSSL structures.
+
+    .. attribute:: lib
+
+        This is a ``cffi`` library. It can be used to call OpenSSL functions,
+        and access constants.
+
+
+.. _`CFFI`: https://cffi.readthedocs.org/
+.. _`OpenSSL`: https://www.openssl.org/
diff --git a/docs/index.rst b/docs/index.rst
index 72711174..9682337c 100644
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -43,7 +43,9 @@ The other level is low-level cryptographic primitives. These are often
 dangerous and can be used incorrectly. They require making decisions and having
 an in-depth knowledge of the cryptographic concepts at work. Because of the
 potential danger in working at this level, this is referred to as the
-"hazardous materials" or "hazmat" layer.
+"hazardous materials" or "hazmat" layer. These live in the
+``cryptography.hazmat`` package, and their documentation will always contain an
+admonition at the top.
 
 We recommend using the recipes layer whenever possible, and falling back to the
 hazmat layer only when necessary.
@@ -55,7 +57,6 @@ The recipes layer
     :maxdepth: 2
 
     fernet
-    architecture
     exceptions
     glossary
 
@@ -67,6 +68,7 @@ The hazardous materials layer
 
     hazmat/primitives/index
     hazmat/backends/index
+    hazmat/bindings/index
 
 The ``cryptography`` open source project
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~