Update version number.

typo: intall -> install.
update MacOSX version -> 10.11.
2025-07-16 22:09:45 +02:00 · 2015-11-20 19:39:32 -02:00 · 2015-11-20 19:20:07 -02:00 · 2015-11-20 19:16:16 -02:00 · 2015-11-20 19:12:19 -02:00 · 2015-11-20 18:54:57 -02:00
93 changed files with 968 additions and 2902 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +0,0 @@
 /src/*.o
 /src/luasocket/*.o
 /*.dll
--- a/155
+++ b/155
@ -1,156 +1,15 @@
 --------------------------------------------------------------------------------
-LuaSec 1.2.0
+LuaSec 0.5.1
 ---------------
 This version includes:
 * Add key material export method
 * Backguard compat for openssl on providers, like LTS linuxes
 --------------------------------------------------------------------------------
 LuaSec 1.1.0
 ---------------
 This version includes:
 * Fix missing DANE flag
 * Remove unused parameter in https.lua
 --------------------------------------------------------------------------------
 LuaSec 1.0.2
 ---------------
 This version includes:
 * Fix handle SSL_send SYSCALL error without errno
 * Fix off by one in cert:validat(notafter)
 * Fix meth_get_{sinagure => signature}_name function name
 * Fix update the Lua state reference on the selected SSL context after SNI
 * Fix ignore SSL_OP_BIT(n) macro and update option.c
 --------------------------------------------------------------------------------
 LuaSec 1.0.1
 ---------------
 This version includes:
 * Fix luaL_buffinit() can use the stack and broke buffer_meth_receive()
 --------------------------------------------------------------------------------
 LuaSec 1.0
 ---------------
 This version includes:
 * Add cert:getsignaturename()
 --------------------------------------------------------------------------------
 LuaSec 0.9
 ---------------
 This version includes:
 * Add DNS-based Authentication of Named Entities (DANE) support
 * Add __close() metamethod
 * Fix deprecation warnings with OpenSSL 1.1
 * Fix special case listing of TLS 1.3 EC curves
 * Fix general_name leak in cert:extensions()
 * Fix unexported 'ssl.config' table
 * Replace $(LD) with $(CCLD) variable
 * Remove multiple definitions of 'ssl_options' variable
 * Use tag in git format: v0.9
 --------------------------------------------------------------------------------
 LuaSec 0.8.2
 ---------------
 This version includes:
 * Fix unexported 'ssl.config' table (backported)
 --------------------------------------------------------------------------------
 LuaSec 0.8.1
 ---------------
 This version includes:
 * Fix general_name leak in cert:extensions() (backported)
 --------------------------------------------------------------------------------
 LuaSec 0.8
 ---------------
 This version includes:
 * Add support to ALPN
 * Add support to TLS 1.3
 * Add support to multiple certificates
 * Add timeout to https module (https.TIMEOUT)
 * Drop support to SSL 3.0
 * Drop support to TLS 1.0 from https module
 * Fix invalid reference to Lua state
 * Fix memory leak when get certficate extensions
 --------------------------------------------------------------------------------
 LuaSec 0.7.2
 ---------------
 This version includes:
 * Fix unexported 'ssl.config' table (backported)
 --------------------------------------------------------------------------------
 LuaSec 0.7.1
 ---------------
 This version includes:
 * Fix general_name leak in cert:extensions() (backported)
 --------------------------------------------------------------------------------
 LuaSec 0.7
 ---------------
 LuaSec depends  on OpenSSL, and  integrates with LuaSocket to  make it
 easy to add secure connections to any Lua applications or scripts.
 Documentation: https://github.com/brunoos/luasec/wiki
 This version includes:
 * Add support to OpenSSL 1.1.0
 * Add support to elliptic curves list
 * Add ssl.config that exports some OpenSSL information
 * Add integration with luaossl
 --------------------------------------------------------------------------------
 LuaSec 0.6
 ------------
-LuaSec depends  on OpenSSL, and  integrates with LuaSocket to  make it
+- Check if SSLv3 protocol is available.
-easy to add secure connections to any Lua applications or scripts.
+- Fix push_asn1_string().
-
+- Update samples to use 'sslv23' and 'tlsv1_2'.
-Documentation: https://github.com/brunoos/luasec/wiki
+- Update MACOSX_VERSION to 10.11 on Makefile.
 This version includes:
 * Lua 5.2 and 5.3 compatibility
 * Context module:
  - Add ctx:checkkey()
 * SSL module:
  - Add conn:sni() and conn:getsniname()
 * Context options:
  - Add "any" protocol ("sslv23" is deprecated)
 * HTTPS module:
  - Using "any" protocol without SSLv2/SSLv3, by default
 * X509 module:
  - Human readable IP address
  - Add cert:issued()
  - Add cert:pubkey()
 * Some bug fixes
 => Thanks to everyone who collaborate with LuaSec <=
 --------------------------------------------------------------------------------
 LuaSec 0.5
 ------------
 LuaSec depends  on OpenSSL, and  integrates with LuaSocket to  make it
 easy to add secure connections to any Lua applications or scripts.
@ -224,7 +83,7 @@ LuaSec 0.3
 --------------------------------------------------------------------------------
 LuaSec 0.2.1
 ------------
- 'key' and 'certificate' configurations become optional. (thanks René Rebe)
+- 'key' and 'certificate' configurations become optional. (thanks Ren<EFBFBD> Rebe)
 - Add '_VERSION' variable to module.
 --------------------------------------------------------------------------------
--- a/6
+++ b/6
@ -1,14 +1,14 @@
-LuaSec 1.2.0
+LuaSec 0.5.1
 ------------
 * OpenSSL options:
-    By default, this version includes options for OpenSSL 3.0.0 beta2
+    By default, LuaSec 0.5.1 includes options for OpenSSL 1.0.1e.
    If you need to generate the options for a different version of OpenSSL:
      $ cd src
-      $ lua options.lua -g /usr/include/openssl/ssl.h > options.c
+      $ lua options.lua -g /usr/include/openssl/ssl.h > options.h
 --------------------------------------------------------------------------------
--- a/4
+++ b/4
@ -1,5 +1,5 @@
-LuaSec 1.2.0 license
+LuaSec 0.5.1 license
-Copyright (C) 2006-2022 Bruno Silvestre, UFG
+Copyright (C) 2006-2015 Bruno Silvestre, UFG
 Permission is hereby granted, free  of charge, to any person obtaining
 a  copy  of this  software  and  associated  documentation files  (the
--- a/18
+++ b/18
@ -1,22 +1,22 @@
 # Inform the location to install the modules
-LUAPATH  ?= /usr/share/lua/5.1
+LUAPATH		?= /usr/share/lua/5.1
-LUACPATH ?= /usr/lib/lua/5.1
+LUACPATH	?= /usr/lib/lua/5.1
 # Compile with build-in LuaSocket's help files.
 # Comment this lines if you will link with non-internal LuaSocket's help files
 #  and edit INCDIR and LIBDIR properly.
-EXTRA = luasocket
+EXTRA		 = luasocket
-DEFS  = -DWITH_LUASOCKET
+DEFS		 = -DWITH_LUASOCKET
 # Edit the lines below to inform new path, if necessary.
 # Path below points to internal LuaSocket's help files.
-INC_PATH ?= -I/usr/include
+INC_PATH	?= -I/usr/include
-LIB_PATH ?= -L/usr/lib
+LIB_PATH	?= -L/usr/lib
-INCDIR    = -I. $(INC_PATH)
+INCDIR		 = -I. $(INC_PATH)
-LIBDIR    = -L./luasocket $(LIB_PATH)
+LIBDIR		 = -L./luasocket $(LIB_PATH)
 # For Mac OS X: set the system version
-MACOSX_VERSION=10.11
+MACOSX_VERSION?=10.11
 #----------------------
 # Do not edit this part
--- a/README.md
+++ b/README.md
@ -1,6 +1,41 @@
-LuaSec 1.2.0
+LuaSec 0.5.1
-===============
+============
 - Check if SSLv3 protocol is available.
 - Fix push_asn1_string().
 - Update samples to use 'sslv23' and 'tlsv1_2'.
 - Update MACOSX_VERSION to 10.11 on Makefile.
 LuaSec 0.5
 ==========
 LuaSec depends  on OpenSSL, and  integrates with LuaSocket to  make it
 easy to add secure connections to any Lua applications or scripts.
-Documentation: https://github.com/brunoos/luasec/wiki
+This  version  includes:
  * A new certificate (X509) API, which supports:
    - Reading  the subject  (identity) and  issuer of the certificate.
    - Reading  various X509  extensions, including email  and dnsName.
    - Converting  certificates  to and  from  the  standard ASCII  PEM
      format.
    - Generating the fingerprint/digest of a certificate  (using SHA1,
      SHA256 or SHA512).
    - Reading the  certificate's expiration, serial number,  and other
      info.
  * The ability  to get more  detailed information from  OpenSSL about
    why a certificate failed verification, for each certificate in the
    chain.
  * Flags to  force acceptance of invalid certificates,  e.g. to allow
    the use of self-signed certificates in a Trust On First Use model.
  * Flags to control checking CRLs for certificate revocation status.
  * Support for ECDH cipher suites.
  * An API  to get the TLS  'finished' messages used  for SASL channel
    binding (e.g. the SCRAM PLUS mechanisms).
 The work in  this release was undertaken by  Kim Alvefur, Paul Aurich,
 Tobias Markmann, Bruno Silvestre and Matthew Wild.
--- a/luasec-1.2.0-1.rockspec
+++ b/luasec-1.2.0-1.rockspec
@ -1,105 +0,0 @@
 package = "LuaSec"
 version = "1.2.0-1"
 source = {
  url = "git+https://github.com/brunoos/luasec",
  tag = "v1.2.0",
 }
 description = {
   summary = "A binding for OpenSSL library to provide TLS/SSL communication over LuaSocket.",
   detailed = "This version delegates to LuaSocket the TCP connection establishment between the client and server. Then LuaSec uses this connection to start a secure TLS/SSL session.",
   homepage = "https://github.com/brunoos/luasec/wiki",
   license = "MIT"
 }
 dependencies = {
   "lua >= 5.1", "luasocket"
 }
 external_dependencies = {
   platforms = {
      unix = {
         OPENSSL = {
            header = "openssl/ssl.h",
            library = "ssl"
         }
      },
      windows = {
         OPENSSL = {
            header = "openssl/ssl.h",
         }
      },
   }
 }
 build = {
   type = "builtin",
   copy_directories = {
      "samples"
   },
   platforms = {
      unix = {
         install = {
            lib = {
               "ssl.so"
            },
            lua = {
               "src/ssl.lua", ['ssl.https'] = "src/https.lua"
            }
         },
         modules = {
            ssl = {
               defines = {
                  "WITH_LUASOCKET", "LUASOCKET_DEBUG",
               },
               incdirs = {
                  "$(OPENSSL_INCDIR)", "src/", "src/luasocket",
               },
               libdirs = {
                  "$(OPENSSL_LIBDIR)"
               },
               libraries = {
                  "ssl", "crypto"
               },
               sources = {
                  "src/options.c", "src/config.c", "src/ec.c", 
                  "src/x509.c", "src/context.c", "src/ssl.c", 
                  "src/luasocket/buffer.c", "src/luasocket/io.c",
                  "src/luasocket/timeout.c", "src/luasocket/usocket.c"
               }
            }
         }
      },
      windows = {
         install = {
            lib = {
               "ssl.dll"
            },
            lua = {
               "src/ssl.lua", ['ssl.https'] = "src/https.lua"
            }
         },
         modules = {
            ssl = {
               defines = {
                  "WIN32", "NDEBUG", "_WINDOWS", "_USRDLL", "LSEC_EXPORTS", "BUFFER_DEBUG", "LSEC_API=__declspec(dllexport)",
                  "WITH_LUASOCKET", "LUASOCKET_DEBUG",
                  "LUASEC_INET_NTOP", "WINVER=0x0501", "_WIN32_WINNT=0x0501", "NTDDI_VERSION=0x05010300"
               },
               libdirs = {
                  "$(OPENSSL_LIBDIR)",
                  "$(OPENSSL_BINDIR)",
               },
               libraries = {
                  "libssl32MD", "libcrypto32MD", "ws2_32"
               },
               incdirs = {
                  "$(OPENSSL_INCDIR)", "src/", "src/luasocket"
               },
               sources = {
                  "src/options.c", "src/config.c", "src/ec.c", 
                  "src/x509.c", "src/context.c", "src/ssl.c", 
                  "src/luasocket/buffer.c", "src/luasocket/io.c",
                  "src/luasocket/timeout.c", "src/luasocket/wsocket.c"
               }
            }
         }
      }
   }
 }
--- a/luasec.suo
+++ b/luasec.suo
--- a/luasec.vcproj
+++ b/luasec.vcproj
@ -0,0 +1,253 @@
 <?xml version="1.0" encoding="Windows-1252"?>
 <VisualStudioProject
 	ProjectType="Visual C++"
 	Version="9,00"
 	Name="luasec"
 	ProjectGUID="{A629932F-8819-4C0B-8835-CBF1FEED6376}"
 	Keyword="Win32Proj"
 	TargetFrameworkVersion="131072"
 	>
 	<Platforms>
 		<Platform
 			Name="Win32"
 		/>
 	</Platforms>
 	<ToolFiles>
 	</ToolFiles>
 	<Configurations>
 		<Configuration
 			Name="Debug|Win32"
 			OutputDirectory="Debug"
 			IntermediateDirectory="Debug"
 			ConfigurationType="2"
 			InheritedPropertySheets="$(VCInstallDir)VCProjectDefaults\UpgradeFromVC71.vsprops"
 			CharacterSet="2"
 			>
 			<Tool
 				Name="VCPreBuildEventTool"
 			/>
 			<Tool
 				Name="VCCustomBuildTool"
 			/>
 			<Tool
 				Name="VCXMLDataGeneratorTool"
 			/>
 			<Tool
 				Name="VCWebServiceProxyGeneratorTool"
 			/>
 			<Tool
 				Name="VCMIDLTool"
 			/>
 			<Tool
 				Name="VCCLCompilerTool"
 				Optimization="0"
 				AdditionalIncludeDirectories="C:\devel\openssl\include;C:\devel\lua-dll9\include"
 				PreprocessorDefinitions="WIN32;_DEBUG;_WINDOWS;_USRDLL;LUASEC_EXPORTS"
 				MinimalRebuild="true"
 				BasicRuntimeChecks="3"
 				RuntimeLibrary="3"
 				UsePrecompiledHeader="0"
 				WarningLevel="3"
 				DebugInformationFormat="4"
 			/>
 			<Tool
 				Name="VCManagedResourceCompilerTool"
 			/>
 			<Tool
 				Name="VCResourceCompilerTool"
 			/>
 			<Tool
 				Name="VCPreLinkEventTool"
 			/>
 			<Tool
 				Name="VCLinkerTool"
 				AdditionalDependencies="ws2_32.lib  libeay32MDd.lib ssleay32MDd.lib lua5.1.lib"
 				OutputFile="$(OutDir)/ssl.dll"
 				LinkIncremental="2"
 				AdditionalLibraryDirectories="C:\devel\openssl\lib\VC;C:\devel\lua-dll9"
 				GenerateDebugInformation="true"
 				ProgramDatabaseFile="$(OutDir)/luasec.pdb"
 				SubSystem="2"
 				RandomizedBaseAddress="1"
 				DataExecutionPrevention="0"
 				ImportLibrary="$(OutDir)/ssl.lib"
 				TargetMachine="1"
 			/>
 			<Tool
 				Name="VCALinkTool"
 			/>
 			<Tool
 				Name="VCManifestTool"
 			/>
 			<Tool
 				Name="VCXDCMakeTool"
 			/>
 			<Tool
 				Name="VCBscMakeTool"
 			/>
 			<Tool
 				Name="VCFxCopTool"
 			/>
 			<Tool
 				Name="VCAppVerifierTool"
 			/>
 			<Tool
 				Name="VCPostBuildEventTool"
 			/>
 		</Configuration>
 		<Configuration
 			Name="Release|Win32"
 			OutputDirectory="Release"
 			IntermediateDirectory="Release"
 			ConfigurationType="2"
 			InheritedPropertySheets="$(VCInstallDir)VCProjectDefaults\UpgradeFromVC71.vsprops"
 			CharacterSet="2"
 			>
 			<Tool
 				Name="VCPreBuildEventTool"
 			/>
 			<Tool
 				Name="VCCustomBuildTool"
 			/>
 			<Tool
 				Name="VCXMLDataGeneratorTool"
 			/>
 			<Tool
 				Name="VCWebServiceProxyGeneratorTool"
 			/>
 			<Tool
 				Name="VCMIDLTool"
 			/>
 			<Tool
 				Name="VCCLCompilerTool"
 				AdditionalIncludeDirectories="C:\devel\openssl\include;C:\devel\lua-dll9\include"
 				PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;_USRDLL;BUFFER_DEBUG"
 				RuntimeLibrary="2"
 				UsePrecompiledHeader="0"
 				WarningLevel="3"
 				DebugInformationFormat="3"
 			/>
 			<Tool
 				Name="VCManagedResourceCompilerTool"
 			/>
 			<Tool
 				Name="VCResourceCompilerTool"
 			/>
 			<Tool
 				Name="VCPreLinkEventTool"
 			/>
 			<Tool
 				Name="VCLinkerTool"
 				AdditionalDependencies="ws2_32.lib libeay32MD.lib ssleay32MD.lib lua5.1.lib"
 				OutputFile="$(OutDir)/ssl.dll"
 				LinkIncremental="1"
 				AdditionalLibraryDirectories="C:\devel\openssl\lib\VC;C:\devel\lua-dll9\lib"
 				GenerateDebugInformation="true"
 				SubSystem="2"
 				OptimizeReferences="2"
 				EnableCOMDATFolding="2"
 				RandomizedBaseAddress="1"
 				DataExecutionPrevention="0"
 				ImportLibrary="$(OutDir)/ssl.lib"
 				TargetMachine="1"
 			/>
 			<Tool
 				Name="VCALinkTool"
 			/>
 			<Tool
 				Name="VCManifestTool"
 			/>
 			<Tool
 				Name="VCXDCMakeTool"
 			/>
 			<Tool
 				Name="VCBscMakeTool"
 			/>
 			<Tool
 				Name="VCFxCopTool"
 			/>
 			<Tool
 				Name="VCAppVerifierTool"
 			/>
 			<Tool
 				Name="VCPostBuildEventTool"
 			/>
 		</Configuration>
 	</Configurations>
 	<References>
 	</References>
 	<Files>
 		<Filter
 			Name="Source Files"
 			Filter="cpp;c;cxx;def;odl;idl;hpj;bat;asm;asmx"
 			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
 			>
 			<File
 				RelativePath=".\src\buffer.c"
 				>
 			</File>
 			<File
 				RelativePath=".\src\context.c"
 				>
 			</File>
 			<File
 				RelativePath=".\src\io.c"
 				>
 			</File>
 			<File
 				RelativePath=".\src\ssl.c"
 				>
 			</File>
 			<File
 				RelativePath=".\src\timeout.c"
 				>
 			</File>
 			<File
 				RelativePath=".\src\wsocket.c"
 				>
 			</File>
 		</Filter>
 		<Filter
 			Name="Header Files"
 			Filter="h;hpp;hxx;hm;inl;inc;xsd"
 			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
 			>
 			<File
 				RelativePath=".\src\buffer.h"
 				>
 			</File>
 			<File
 				RelativePath=".\src\context.h"
 				>
 			</File>
 			<File
 				RelativePath=".\src\io.h"
 				>
 			</File>
 			<File
 				RelativePath=".\src\socket.h"
 				>
 			</File>
 			<File
 				RelativePath=".\src\ssl.h"
 				>
 			</File>
 			<File
 				RelativePath=".\src\timeout.h"
 				>
 			</File>
 			<File
 				RelativePath=".\src\wsocket.h"
 				>
 			</File>
 		</Filter>
 		<Filter
 			Name="Resource Files"
 			Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx"
 			UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"
 			>
 		</Filter>
 	</Files>
 	<Globals>
 	</Globals>
 </VisualStudioProject>
--- a/luasec.vcxproj
+++ b/luasec.vcxproj
@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  <ItemGroup Label="ProjectConfigurations">
    <ProjectConfiguration Include="Debug|Win32">
      <Configuration>Debug</Configuration>
@ -18,12 +18,10 @@
  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
    <ConfigurationType>DynamicLibrary</ConfigurationType>
    <CharacterSet>MultiByte</CharacterSet>
    <PlatformToolset>v140</PlatformToolset>
  </PropertyGroup>
  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
    <ConfigurationType>DynamicLibrary</ConfigurationType>
    <CharacterSet>MultiByte</CharacterSet>
    <PlatformToolset>v140</PlatformToolset>
  </PropertyGroup>
  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
  <ImportGroup Label="ExtensionSettings">
@ -51,7 +49,7 @@
    <ClCompile>
      <Optimization>Disabled</Optimization>
      <AdditionalIncludeDirectories>C:\devel\openssl\include;C:\devel\lua-dll9\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;_USRDLL;LUASEC_EXPORTS;LUASEC_INET_NTOP;WINVER=0x0501;_WIN32_WINNT=0x0501;NTDDI_VERSION=0x05010300;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;_USRDLL;LUASEC_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
      <MinimalRebuild>true</MinimalRebuild>
      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
@ -76,7 +74,7 @@
  </ItemDefinitionGroup>
  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
    <ClCompile>
-      <AdditionalIncludeDirectories>C:\devel\openssl-1.1.0\include;C:\devel\lua-5.1\include;.\src;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <AdditionalIncludeDirectories>C:\devel\openssl\include;C:\devel\lua5.2\include;.\src;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
      <PreprocessorDefinitions>WIN32;_WIN32;NDEBUG;_WINDOWS;_USRDLL;LUASOCKET_DEBUG;WITH_LUASOCKET;%(PreprocessorDefinitions)</PreprocessorDefinitions>
      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
      <PrecompiledHeader>
@ -85,9 +83,9 @@
      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
    </ClCompile>
    <Link>
-      <AdditionalDependencies>ws2_32.lib;libssl32MD.lib;libcrypto32MD.lib;lua5.1.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalDependencies>ws2_32.lib;libeay32MD.lib;ssleay32MD.lib;lua52.lib;%(AdditionalDependencies)</AdditionalDependencies>
      <OutputFile>$(OutDir)$(TargetName)$(TargetExt)</OutputFile>
-      <AdditionalLibraryDirectories>C:\devel\openssl-1.1.0\lib\VC;C:\devel\lua-5.1\lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
+      <AdditionalLibraryDirectories>C:\devel\openssl\lib\VC;C:\devel\lua5.2\lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
      <GenerateDebugInformation>true</GenerateDebugInformation>
      <SubSystem>Windows</SubSystem>
      <OptimizeReferences>true</OptimizeReferences>
@ -100,19 +98,15 @@
    </Link>
  </ItemDefinitionGroup>
  <ItemGroup>
    <ClCompile Include="src\config.c" />
    <ClCompile Include="src\context.c" />
    <ClCompile Include="src\ec.c" />
    <ClCompile Include="src\luasocket\buffer.c" />
    <ClCompile Include="src\luasocket\io.c" />
    <ClCompile Include="src\luasocket\timeout.c" />
    <ClCompile Include="src\luasocket\wsocket.c" />
    <ClCompile Include="src\options.c" />
    <ClCompile Include="src\ssl.c" />
    <ClCompile Include="src\x509.c" />
  </ItemGroup>
  <ItemGroup>
    <ClInclude Include="src\compat.h" />
    <ClInclude Include="src\config.h" />
    <ClInclude Include="src\context.h" />
    <ClInclude Include="src\ec.h" />
@ -128,4 +122,4 @@
  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
  <ImportGroup Label="ExtensionTargets">
  </ImportGroup>
-</Project>
+</Project>
--- a/luasec.vcxproj.filters
+++ b/luasec.vcxproj.filters
@ -0,0 +1,75 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  <ItemGroup>
    <Filter Include="Source Files">
      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
      <Extensions>cpp;c;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
    </Filter>
    <Filter Include="Header Files">
      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
    </Filter>
    <Filter Include="Resource Files">
      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx</Extensions>
    </Filter>
  </ItemGroup>
  <ItemGroup>
    <ClCompile Include="src\x509.c">
      <Filter>Source Files</Filter>
    </ClCompile>
    <ClCompile Include="src\context.c">
      <Filter>Source Files</Filter>
    </ClCompile>
    <ClCompile Include="src\ssl.c">
      <Filter>Source Files</Filter>
    </ClCompile>
    <ClCompile Include="src\luasocket\wsocket.c">
      <Filter>Source Files</Filter>
    </ClCompile>
    <ClCompile Include="src\luasocket\buffer.c">
      <Filter>Source Files</Filter>
    </ClCompile>
    <ClCompile Include="src\luasocket\io.c">
      <Filter>Source Files</Filter>
    </ClCompile>
    <ClCompile Include="src\luasocket\timeout.c">
      <Filter>Source Files</Filter>
    </ClCompile>
  </ItemGroup>
  <ItemGroup>
    <ClInclude Include="src\x509.h">
      <Filter>Header Files</Filter>
    </ClInclude>
    <ClInclude Include="src\config.h">
      <Filter>Header Files</Filter>
    </ClInclude>
    <ClInclude Include="src\context.h">
      <Filter>Header Files</Filter>
    </ClInclude>
    <ClInclude Include="src\ec.h">
      <Filter>Header Files</Filter>
    </ClInclude>
    <ClInclude Include="src\options.h">
      <Filter>Header Files</Filter>
    </ClInclude>
    <ClInclude Include="src\ssl.h">
      <Filter>Header Files</Filter>
    </ClInclude>
    <ClInclude Include="src\luasocket\wsocket.h">
      <Filter>Header Files</Filter>
    </ClInclude>
    <ClInclude Include="src\luasocket\buffer.h">
      <Filter>Header Files</Filter>
    </ClInclude>
    <ClInclude Include="src\luasocket\io.h">
      <Filter>Header Files</Filter>
    </ClInclude>
    <ClInclude Include="src\luasocket\socket.h">
      <Filter>Header Files</Filter>
    </ClInclude>
    <ClInclude Include="src\luasocket\timeout.h">
      <Filter>Header Files</Filter>
    </ClInclude>
  </ItemGroup>
 </Project>
--- a/samples/README
+++ b/samples/README
@ -1,8 +1,5 @@
 Directories: 
 ------------
 * alpn
 Test ALPN (Application-Layer Protocol Negotiation) support.
 * certs
 Contains scripts to generate the certificates used by the examples.
 Generate Root CA 'A' and 'B' first, then the servers and clients.
@ -10,9 +7,6 @@ Directories:
 * chain
 Example of certificate chain in handshake.
 * curve-negotiation
 Elliptic curve negotiation.
 * dhparam
 DH parameters for handshake.
@ -23,7 +17,7 @@ Directories:
 Elliptic curve cipher.
 * info
- Information about the connection.
+ Informations about the connection.
 * key
 Test encrypted private key.
@ -36,32 +30,20 @@ Directories:
 Same of above,  but the connection is not  explicit closed, the gabage
 collector is encharge of that.
 * luaossl
 Integration with luaossl.
 * multicert
 Support to multiple certificate for dual RSA/ECDSA.
 * oneshot
 A simple connection example.
 * psk
 PSK(Pre Shared Key) support.
 * sni
 Support to SNI (Server Name Indication).
 * verification
 Retrieve the certificate verification errors from the handshake.
 * verify
 Ignore handshake errors and proceed.
 * want
 Test want() method.
 * wantread
 Test timeout in handshake() and receive().
 * wantwrite
 Test timeout in send().
 * want
 Test want() method.
--- a/samples/alpn/client.lua
+++ b/samples/alpn/client.lua
@ -1,27 +0,0 @@
 --
 -- Public domain
 --
 local socket = require("socket")
 local ssl    = require("ssl")
 local params = {
   mode = "client",
   protocol = "tlsv1_2",
   key = "../certs/clientAkey.pem",
   certificate = "../certs/clientA.pem",
   cafile = "../certs/rootA.pem",
   verify = {"peer", "fail_if_no_peer_cert"},
   options = "all",
   --alpn = {"foo","bar","baz"}
   alpn = "foo"
 }
 local peer = socket.tcp()
 peer:connect("127.0.0.1", 8888)
 peer = assert( ssl.wrap(peer, params) )
 assert(peer:dohandshake())
 print("ALPN", peer:getalpn())
 peer:close()
--- a/samples/alpn/server.lua
+++ b/samples/alpn/server.lua
@ -1,77 +0,0 @@
 --
 -- Public domain
 --
 local socket = require("socket")
 local ssl    = require("ssl")
 --
 -- Callback that selects one protocol from client's list.
 --
 local function alpncb01(protocols)
   print("--- ALPN protocols from client")
   for k, v in ipairs(protocols) do
      print(k, v)
   end
   print("--- Selecting:", protocols[1])
   return protocols[1]
 end
 --
 -- Callback that returns a fixed list, ignoring the client's list.
 --
 local function alpncb02(protocols)
   print("--- ALPN protocols from client")
   for k, v in ipairs(protocols) do
      print(k, v)
   end
   print("--- Returning a fixed list") 
   return {"bar", "foo"}
 end
 --
 -- Callback that generates a list as it whishes.
 --
 local function alpncb03(protocols)
   local resp = {}
   print("--- ALPN protocols from client")
   for k, v in ipairs(protocols) do
      print(k, v)
      if k%2 ~= 0 then resp[#resp+1] = v end
   end
   print("--- Returning an odd list")
   return resp
 end
 local params = {
   mode = "server",
   protocol = "any",
   key = "../certs/serverAkey.pem",
   certificate = "../certs/serverA.pem",
   cafile = "../certs/rootA.pem",
   verify = {"peer", "fail_if_no_peer_cert"},
   options = "all",
   --alpn = alpncb01,
   --alpn = alpncb02,
   --alpn = alpncb03,
   alpn = {"bar", "baz", "foo"},
 }
 -- [[ SSL context
 local ctx = assert(ssl.newcontext(params))
 --]]
 local server = socket.tcp()
 server:setoption('reuseaddr', true)
 assert( server:bind("127.0.0.1", 8888) )
 server:listen()
 local peer = server:accept()
 peer = assert( ssl.wrap(peer, ctx) )
 assert( peer:dohandshake() )
 print("ALPN", peer:getalpn())
 peer:close()
 server:close()
--- a/samples/certs/all.bat
+++ b/samples/certs/all.bat
@ -1,14 +0,0 @@
 REM make sure the 'openssl.exe' commandline tool is in your path before starting!
 REM set the path below;
 set opensslpath=c:\program files (x86)\openssl-win32\bin
 setlocal
 set path=%opensslpath%;%path%
 call roota.bat
 call rootb.bat
 call servera.bat
 call serverb.bat
 call clienta.bat
 call clientb.bat
--- a/samples/certs/all.sh
+++ b/samples/certs/all.sh
@ -1,7 +0,0 @@
 #!/bin/sh
 ./rootA.sh
 ./rootB.sh
 ./clientA.sh
 ./clientB.sh
 ./serverA.sh
 ./serverB.sh
--- a/samples/certs/clientA.bat
+++ b/samples/certs/clientA.bat
@ -1,9 +0,0 @@
 rem #!/bin/sh
 openssl req -newkey rsa:1024 -sha1 -keyout clientAkey.pem -out clientAreq.pem -nodes -config ./clientA.cnf -days 365 -batch
 openssl x509 -req -in clientAreq.pem -sha1 -extfile ./clientA.cnf -extensions usr_cert -CA rootA.pem -CAkey rootAkey.pem -CAcreateserial -out clientAcert.pem -days 365
 copy clientAcert.pem + rootA.pem clientA.pem
 openssl x509 -subject -issuer -noout -in clientA.pem
--- a/samples/certs/clientA.cnf
+++ b/samples/certs/clientA.cnf
@ -50,7 +50,7 @@ crl		= $dir/crl.pem 		# The current CRL
 private_key	= $dir/private/cakey.pem # The private key
 RANDFILE	= $dir/private/.rand	# private random number file
-x509_extensions	= usr_cert		# The extensions to add to the cert
+x509_extensions	= usr_cert		# The extentions to add to the cert
 # Comment out the following two lines for the "traditional"
 # (and highly broken) format.
@ -102,7 +102,7 @@ default_bits		= 1024
 default_keyfile 	= privkey.pem
 distinguished_name	= req_distinguished_name
 attributes		= req_attributes
-x509_extensions	= v3_ca	# The extensions to add to the self signed cert
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
 # Passwords for private keys if not present they will be prompted for
 # input_password = secret
--- a/samples/certs/clientA.sh
+++ b/samples/certs/clientA.sh
@ -1,9 +1,9 @@
 #!/bin/sh
-openssl req -newkey rsa:2048 -sha256 -keyout clientAkey.pem -out clientAreq.pem \
+openssl req -newkey rsa:1024 -sha1 -keyout clientAkey.pem -out clientAreq.pem \
  -nodes -config ./clientA.cnf -days 365 -batch
-openssl x509 -req -in clientAreq.pem -sha256 -extfile ./clientA.cnf \
+openssl x509 -req -in clientAreq.pem -sha1 -extfile ./clientA.cnf \
  -extensions usr_cert -CA rootA.pem -CAkey rootAkey.pem -CAcreateserial \
  -out clientAcert.pem -days 365
--- a/samples/certs/clientB.bat
+++ b/samples/certs/clientB.bat
@ -1,9 +0,0 @@
 rem #!/bin/sh
 openssl req -newkey rsa:1024 -sha1 -keyout clientBkey.pem -out clientBreq.pem -nodes -config ./clientB.cnf -days 365 -batch
 openssl x509 -req -in clientBreq.pem -sha1 -extfile ./clientB.cnf -extensions usr_cert -CA rootB.pem -CAkey rootBkey.pem -CAcreateserial -out clientBcert.pem -days 365
 copy clientBcert.pem + rootB.pem clientB.pem
 openssl x509 -subject -issuer -noout -in clientB.pem
--- a/samples/certs/clientB.cnf
+++ b/samples/certs/clientB.cnf
@ -50,7 +50,7 @@ crl		= $dir/crl.pem 		# The current CRL
 private_key	= $dir/private/cakey.pem # The private key
 RANDFILE	= $dir/private/.rand	# private random number file
-x509_extensions	= usr_cert		# The extensions to add to the cert
+x509_extensions	= usr_cert		# The extentions to add to the cert
 # Comment out the following two lines for the "traditional"
 # (and highly broken) format.
@ -102,7 +102,7 @@ default_bits		= 1024
 default_keyfile 	= privkey.pem
 distinguished_name	= req_distinguished_name
 attributes		= req_attributes
-x509_extensions	= v3_ca	# The extensions to add to the self signed cert
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
 # Passwords for private keys if not present they will be prompted for
 # input_password = secret
--- a/samples/certs/clientB.sh
+++ b/samples/certs/clientB.sh
@ -1,9 +1,9 @@
 #!/bin/sh
-openssl req -newkey rsa:2048 -sha256 -keyout clientBkey.pem -out clientBreq.pem \
+openssl req -newkey rsa:1024 -sha1 -keyout clientBkey.pem -out clientBreq.pem \
  -nodes -config ./clientB.cnf -days 365 -batch
-openssl x509 -req -in clientBreq.pem -sha256 -extfile ./clientB.cnf \
+openssl x509 -req -in clientBreq.pem -sha1 -extfile ./clientB.cnf \
  -extensions usr_cert -CA rootB.pem -CAkey rootBkey.pem -CAcreateserial \
  -out clientBcert.pem -days 365
--- a/samples/certs/rootA.bat
+++ b/samples/certs/rootA.bat
@ -1,7 +0,0 @@
 REM #!/bin/sh
 openssl req -newkey rsa:1024 -sha1 -keyout rootAkey.pem -out rootAreq.pem -nodes -config ./rootA.cnf -days 365 -batch
 openssl x509 -req -in rootAreq.pem -sha1 -extfile ./rootA.cnf -extensions v3_ca -signkey rootAkey.pem -out rootA.pem -days 365
 openssl x509 -subject -issuer -noout -in rootA.pem
--- a/samples/certs/rootA.cnf
+++ b/samples/certs/rootA.cnf
@ -50,7 +50,7 @@ crl		= $dir/crl.pem 		# The current CRL
 private_key	= $dir/private/cakey.pem # The private key
 RANDFILE	= $dir/private/.rand	# private random number file
-x509_extensions	= usr_cert		# The extensions to add to the cert
+x509_extensions	= usr_cert		# The extentions to add to the cert
 # Comment out the following two lines for the "traditional"
 # (and highly broken) format.
@ -102,7 +102,7 @@ default_bits		= 1024
 default_keyfile 	= privkey.pem
 distinguished_name	= req_distinguished_name
 attributes		= req_attributes
-x509_extensions	= v3_ca	# The extensions to add to the self signed cert
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
 # Passwords for private keys if not present they will be prompted for
 # input_password = secret
--- a/samples/certs/rootA.sh
+++ b/samples/certs/rootA.sh
@ -1,7 +1,7 @@
 #!/bin/sh
-openssl req -newkey rsa:2048 -sha256 -keyout rootAkey.pem -out rootAreq.pem -nodes -config ./rootA.cnf -days 365 -batch
+openssl req -newkey rsa:1024 -sha1 -keyout rootAkey.pem -out rootAreq.pem -nodes -config ./rootA.cnf -days 365 -batch
-openssl x509 -req -in rootAreq.pem -sha256 -extfile ./rootA.cnf -extensions v3_ca -signkey rootAkey.pem -out rootA.pem -days 365
+openssl x509 -req -in rootAreq.pem -sha1 -extfile ./rootA.cnf -extensions v3_ca -signkey rootAkey.pem -out rootA.pem -days 365
 openssl x509 -subject -issuer -noout -in rootA.pem
--- a/samples/certs/rootB.bat
+++ b/samples/certs/rootB.bat
@ -1,7 +0,0 @@
 rem #!/bin/sh
 openssl req -newkey rsa:1024 -sha1 -keyout rootBkey.pem -out rootBreq.pem -nodes -config ./rootB.cnf -days 365 -batch
 openssl x509 -req -in rootBreq.pem -sha1 -extfile ./rootB.cnf -extensions v3_ca -signkey rootBkey.pem -out rootB.pem -days 365
 openssl x509 -subject -issuer -noout -in rootB.pem
--- a/samples/certs/rootB.cnf
+++ b/samples/certs/rootB.cnf
@ -50,7 +50,7 @@ crl		= $dir/crl.pem 		# The current CRL
 private_key	= $dir/private/cakey.pem # The private key
 RANDFILE	= $dir/private/.rand	# private random number file
-x509_extensions	= usr_cert		# The extensions to add to the cert
+x509_extensions	= usr_cert		# The extentions to add to the cert
 # Comment out the following two lines for the "traditional"
 # (and highly broken) format.
@ -102,7 +102,7 @@ default_bits		= 1024
 default_keyfile 	= privkey.pem
 distinguished_name	= req_distinguished_name
 attributes		= req_attributes
-x509_extensions	= v3_ca	# The extensions to add to the self signed cert
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
 # Passwords for private keys if not present they will be prompted for
 # input_password = secret
--- a/samples/certs/rootB.sh
+++ b/samples/certs/rootB.sh
@ -1,7 +1,7 @@
 #!/bin/sh
-openssl req -newkey rsa:2048 -sha256 -keyout rootBkey.pem -out rootBreq.pem -nodes -config ./rootB.cnf -days 365 -batch
+openssl req -newkey rsa:1024 -sha1 -keyout rootBkey.pem -out rootBreq.pem -nodes -config ./rootB.cnf -days 365 -batch
-openssl x509 -req -in rootBreq.pem -sha256 -extfile ./rootB.cnf -extensions v3_ca -signkey rootBkey.pem -out rootB.pem -days 365
+openssl x509 -req -in rootBreq.pem -sha1 -extfile ./rootB.cnf -extensions v3_ca -signkey rootBkey.pem -out rootB.pem -days 365
 openssl x509 -subject -issuer -noout -in rootB.pem
--- a/samples/certs/serverA.bat
+++ b/samples/certs/serverA.bat
@ -1,9 +0,0 @@
 rem #!/bin/sh
 openssl req -newkey rsa:1024 -keyout serverAkey.pem -out serverAreq.pem -config ./serverA.cnf -nodes -days 365 -batch
 openssl x509 -req -in serverAreq.pem -sha1 -extfile ./serverA.cnf -extensions usr_cert -CA rootA.pem -CAkey rootAkey.pem -CAcreateserial -out serverAcert.pem -days 365
 copy serverAcert.pem + rootA.pem serverA.pem
 openssl x509 -subject -issuer -noout -in serverA.pem
--- a/samples/certs/serverA.cnf
+++ b/samples/certs/serverA.cnf
@ -50,7 +50,7 @@ crl		= $dir/crl.pem 		# The current CRL
 private_key	= $dir/private/cakey.pem # The private key
 RANDFILE	= $dir/private/.rand	# private random number file
-x509_extensions	= usr_cert		# The extensions to add to the cert
+x509_extensions	= usr_cert		# The extentions to add to the cert
 # Comment out the following two lines for the "traditional"
 # (and highly broken) format.
@ -102,7 +102,7 @@ default_bits		= 1024
 default_keyfile 	= privkey.pem
 distinguished_name	= req_distinguished_name
 attributes		= req_attributes
-x509_extensions	= v3_ca	# The extensions to add to the self signed cert
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
 # Passwords for private keys if not present they will be prompted for
 # input_password = secret
@ -118,7 +118,7 @@ x509_extensions	= v3_ca	# The extensions to add to the self signed cert
 # so use this option with caution!
 string_mask = nombstr
-# req_extensions = v3_ext # The extensions to add to a certificate request
+# req_extensions = v3_req # The extensions to add to a certificate request
 [ req_distinguished_name ]
 countryName			= Country Name (2 letter code)
@ -198,7 +198,7 @@ authorityKeyIdentifier=keyid,issuer
 # subjectAltName=email:copy
 # An alternative to produce certificates that aren't
 # deprecated according to PKIX.
-subjectAltName=DNS:foo.bar.example
+# subjectAltName=email:move
 # Copy subject details
 # issuerAltName=issuer:copy
--- a/samples/certs/serverA.sh
+++ b/samples/certs/serverA.sh
@ -1,9 +1,9 @@
 #!/bin/sh
-openssl req -newkey rsa:2048 -sha256 -keyout serverAkey.pem -out serverAreq.pem \
+openssl req -newkey rsa:1024 -keyout serverAkey.pem -out serverAreq.pem \
   -config ./serverA.cnf -nodes -days 365 -batch
-openssl x509 -req -in serverAreq.pem -sha256 -extfile ./serverA.cnf \
+openssl x509 -req -in serverAreq.pem -sha1 -extfile ./serverA.cnf \
   -extensions usr_cert -CA rootA.pem -CAkey rootAkey.pem -CAcreateserial \
   -out serverAcert.pem -days 365
--- a/samples/certs/serverB.bat
+++ b/samples/certs/serverB.bat
@ -1,9 +0,0 @@
 rem #!/bin/sh
 openssl req -newkey rsa:1024 -keyout serverBkey.pem -out serverBreq.pem -config ./serverB.cnf -nodes -days 365 -batch
 openssl x509 -req -in serverBreq.pem -sha1 -extfile ./serverB.cnf -extensions usr_cert -CA rootB.pem -CAkey rootBkey.pem -CAcreateserial -out serverBcert.pem -days 365
 copy serverBcert.pem + rootB.pem serverB.pem
 openssl x509 -subject -issuer -noout -in serverB.pem
--- a/samples/certs/serverB.cnf
+++ b/samples/certs/serverB.cnf
@ -50,7 +50,7 @@ crl		= $dir/crl.pem 		# The current CRL
 private_key	= $dir/private/cakey.pem # The private key
 RANDFILE	= $dir/private/.rand	# private random number file
-x509_extensions	= usr_cert		# The extensions to add to the cert
+x509_extensions	= usr_cert		# The extentions to add to the cert
 # Comment out the following two lines for the "traditional"
 # (and highly broken) format.
@ -102,7 +102,7 @@ default_bits		= 1024
 default_keyfile 	= privkey.pem
 distinguished_name	= req_distinguished_name
 attributes		= req_attributes
-x509_extensions	= v3_ca	# The extensions to add to the self signed cert
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
 # Passwords for private keys if not present they will be prompted for
 # input_password = secret
@ -195,7 +195,7 @@ authorityKeyIdentifier=keyid,issuer
 # This stuff is for subjectAltName and issuerAltname.
 # Import the email address.
-subjectAltName=DNS:fnord.bar.example
+# subjectAltName=email:copy
 # An alternative to produce certificates that aren't
 # deprecated according to PKIX.
 # subjectAltName=email:move
--- a/samples/certs/serverB.sh
+++ b/samples/certs/serverB.sh
@ -1,9 +1,9 @@
 #!/bin/sh
-openssl req -newkey rsa:2048 -sha256 -keyout serverBkey.pem -out serverBreq.pem \
+openssl req -newkey rsa:1024 -keyout serverBkey.pem -out serverBreq.pem \
   -config ./serverB.cnf -nodes -days 365 -batch
-openssl x509 -req -in serverBreq.pem -sha256 -extfile ./serverB.cnf \
+openssl x509 -req -in serverBreq.pem -sha1 -extfile ./serverB.cnf \
   -extensions usr_cert -CA rootB.pem -CAkey rootBkey.pem -CAcreateserial \
   -out serverBcert.pem -days 365
--- a/samples/chain/server.lua
+++ b/samples/chain/server.lua
@ -7,7 +7,7 @@ local util   = require("util")
 local params = {
   mode = "server",
-   protocol = "any",
+   protocol = "sslv23",
   key = "../certs/serverAkey.pem",
   certificate = "../certs/serverA.pem",
   cafile = "../certs/rootA.pem",
@ -31,27 +31,8 @@ util.show( conn:getpeercertificate() )
 print("----------------------------------------------------------------------")
-local expectedpeerchain = { "../certs/clientAcert.pem", "../certs/rootA.pem" }
+for k, cert in ipairs( conn:getpeerchain() ) do
 local peerchain = conn:getpeerchain()
 assert(#peerchain == #expectedpeerchain)
 for k, cert in ipairs( peerchain ) do
  util.show(cert)
  local expectedpem = assert(io.open(expectedpeerchain[k])):read("*a")
  assert(cert:pem() == expectedpem, "peer chain mismatch @ "..tostring(k))
 end
 local expectedlocalchain = { "../certs/serverAcert.pem" }
 local localchain = assert(conn:getlocalchain())
 assert(#localchain == #expectedlocalchain)
 for k, cert in ipairs( localchain ) do
  util.show(cert)
  local expectedpem = assert(io.open(expectedlocalchain[k])):read("*a")
  assert(cert:pem() == expectedpem, "local chain mismatch @ "..tostring(k))
  if k == 1 then
    assert(cert:pem() == conn:getlocalcertificate():pem())
  end
 end
 local f = io.open(params.certificate)
--- a/samples/curve-negotiation/client.lua
+++ b/samples/curve-negotiation/client.lua
@ -1,28 +0,0 @@
 --
 -- Public domain
 --
 local socket = require("socket")
 local ssl    = require("ssl")
 local params = {
   mode = "client",
   protocol = "any",
   key = "../certs/clientAkey.pem",
   certificate = "../certs/clientA.pem",
   cafile = "../certs/rootA.pem",
   verify = {"peer", "fail_if_no_peer_cert"},
   options = {"all"},
   --
   curve = "P-256:P-384",
 }
 local peer = socket.tcp()
 peer:connect("127.0.0.1", 8888)
 -- [[ SSL wrapper
 peer = assert( ssl.wrap(peer, params) )
 assert(peer:dohandshake())
 --]]
 print(peer:receive("*l"))
 peer:close()
--- a/samples/curve-negotiation/server.lua
+++ b/samples/curve-negotiation/server.lua
@ -1,37 +0,0 @@
 --
 -- Public domain
 --
 local socket = require("socket")
 local ssl    = require("ssl")
 local params = {
   mode = "server",
   protocol = "any",
   key = "../certs/serverAkey.pem",
   certificate = "../certs/serverA.pem",
   cafile = "../certs/rootA.pem",
   verify = {"peer", "fail_if_no_peer_cert"},
   options = {"all"},
   --
   curve = "P-384:P-256:P-521",
 }
 -- [[ SSL context
 local ctx = assert(ssl.newcontext(params))
 --]]
 local server = socket.tcp()
 server:setoption('reuseaddr', true)
 assert( server:bind("127.0.0.1", 8888) )
 server:listen()
 local peer = server:accept()
 -- [[ SSL wrapper
 peer = assert( ssl.wrap(peer, ctx) )
 assert( peer:dohandshake() )
 --]]
 peer:send("oneshot with curve negotiation test\n")
 peer:close()
--- a/samples/dane/client.lua
+++ b/samples/dane/client.lua
@ -1,40 +0,0 @@
 local socket = require "socket";
 local ssl = require "ssl";
 local dns = require "lunbound".new();
 local cfg = {
 	protocol = "tlsv1_2",
 	mode = "client",
 	ciphers = "DEFAULT",
 	capath = "/etc/ssl/certs",
 	verify = "peer",
 	dane = true,
 };
 local function daneconnect(host, port)
   port = port or "443";
 	local conn = ssl.wrap(socket.connect(host, port), cfg);
 	local tlsa = dns:resolve("_" .. port .. "._tcp." .. host, 52);
 	assert(tlsa.secure, "Insecure DNS");
 	assert(conn:setdane(host));
 	for i = 1, tlsa.n do
 		local usage, selector, mtype = tlsa[i] :byte(1, 3);
 		assert(conn:settlsa(usage, selector, mtype, tlsa[i] :sub(4, - 1)));
 	end
 	assert(conn:dohandshake());
 	return conn;
 end
 if not ... then
   print("Usage: client.lua example.com [port]");
   return os.exit(1);
 end
 local conn = daneconnect(...);
 print(conn:getpeerverification());
--- a/samples/dhparam/client.lua
+++ b/samples/dhparam/client.lua
@ -6,13 +6,12 @@ local ssl    = require("ssl")
 local params = {
   mode = "client",
-   protocol = "any",
+   protocol = "tlsv1_2",
   key = "../certs/clientAkey.pem",
   certificate = "../certs/clientA.pem",
   cafile = "../certs/rootA.pem",
   verify = {"peer", "fail_if_no_peer_cert"},
   options = "all",
   ciphers = "EDH+AESGCM"
 }
 local peer = socket.tcp()
--- a/samples/dhparam/params.sh
+++ b/samples/dhparam/params.sh
@ -1,4 +1,4 @@
-#!/usr/bin/env sh
+#!/bin/sh
 openssl dhparam -2 -out dh-512.pem  -outform PEM 512
 openssl dhparam -2 -out dh-1024.pem -outform PEM 1024
--- a/samples/dhparam/server.lua
+++ b/samples/dhparam/server.lua
@ -31,14 +31,13 @@ end
 local params = {
   mode = "server",
-   protocol = "any",
+   protocol = "sslv23",
   key = "../certs/serverAkey.pem",
   certificate = "../certs/serverA.pem",
   cafile = "../certs/rootA.pem",
   verify = {"peer", "fail_if_no_peer_cert"},
   options = "all",
   dhparam = dhparam_cb,
   ciphers = "EDH+AESGCM"
 }
--- a/samples/digest/server.lua
+++ b/samples/digest/server.lua
@ -6,7 +6,7 @@ local ssl    = require("ssl")
 local params = {
   mode = "server",
-   protocol = "any",
+   protocol = "sslv23",
   key = "../certs/serverAkey.pem",
   certificate = "../certs/serverA.pem",
   cafile = "../certs/rootA.pem",
--- a/samples/ecdh/server.lua
+++ b/samples/ecdh/server.lua
@ -6,7 +6,7 @@ local ssl    = require("ssl")
 local params = {
   mode = "server",
-   protocol = "any",
+   protocol = "sslv23",
   key = "../certs/serverAkey.pem",
   certificate = "../certs/serverA.pem",
   cafile = "../certs/rootA.pem",
--- a/samples/info/server.lua
+++ b/samples/info/server.lua
@ -6,7 +6,7 @@ local ssl    = require("ssl")
 local params = {
   mode = "server",
-   protocol = "any",
+   protocol = "sslv23",
   key = "../certs/serverAkey.pem",
   certificate = "../certs/serverA.pem",
   cafile = "../certs/rootA.pem",
--- a/samples/key/genkey.sh
+++ b/samples/key/genkey.sh
@ -1,3 +1,3 @@
-#!/usr/bin/env sh
+#!/bin/sh
 openssl genrsa -des3 -out key.pem -passout pass:foobar 2048
--- a/samples/key/loadkey.lua
+++ b/samples/key/loadkey.lua
@ -5,7 +5,7 @@ local ssl = require("ssl")
 local pass = "foobar"
 local cfg = {
-  protocol = "tlsv1",
+  protocol = "tlsv1_2",
  mode = "client",
  key = "key.pem",
 }
--- a/samples/loop-gc/server.lua
+++ b/samples/loop-gc/server.lua
@ -6,7 +6,7 @@ local ssl    = require("ssl")
 local params = {
   mode = "server",
-   protocol = "any",
+   protocol = "sslv23",
   key = "../certs/serverAkey.pem",
   certificate = "../certs/serverA.pem",
   cafile = "../certs/rootA.pem",
--- a/samples/loop/client.lua
+++ b/samples/loop/client.lua
@ -23,8 +23,6 @@ while true do
   assert( peer:dohandshake() )
   --]]
   peer:getpeercertificate():extensions()
   print(peer:receive("*l"))
   peer:close()
 end
--- a/samples/loop/server.lua
+++ b/samples/loop/server.lua
@ -6,7 +6,7 @@ local ssl    = require("ssl")
 local params = {
   mode = "server",
-   protocol = "any",
+   protocol = "sslv23",
   key = "../certs/serverAkey.pem",
   certificate = "../certs/serverA.pem",
   cafile = "../certs/rootA.pem",
--- a/samples/luaossl/client.lua
+++ b/samples/luaossl/client.lua
@ -1,40 +0,0 @@
 --
 -- Public domain
 --
 local socket = require("socket")
 local ssl    = require("ssl")
 local pkey = require "openssl.pkey"
 local ssl_context = require "openssl.ssl.context"
 local x509 = require "openssl.x509"
 local x509_store = require "openssl.x509.store"
 local function read_file(path)
 	local file, err, errno = io.open(path, "rb")
 	if not file then
 		return nil, err, errno
 	end
 	local contents
 	contents, err, errno = file:read "*a"
 	file:close()
 	return contents, err, errno
 end
 local ctx = ssl_context.new("TLSv1_2", false)
 ctx:setPrivateKey(pkey.new(assert(read_file("../certs/clientAkey.pem"))))
 ctx:setCertificate(x509.new(assert(read_file("../certs/clientA.pem"))))
 local store = x509_store.new()
 store:add("../certs/rootA.pem")
 ctx:setStore(store)
 ctx:setVerify(ssl_context.VERIFY_FAIL_IF_NO_PEER_CERT)
 local peer = socket.tcp()
 peer:connect("127.0.0.1", 8888)
 -- [[ SSL wrapper
 peer = assert( ssl.wrap(peer, ctx) )
 assert(peer:dohandshake())
 --]]
 print(peer:receive("*l"))
 peer:close()
--- a/samples/luaossl/server.lua
+++ b/samples/luaossl/server.lua
@ -1,58 +0,0 @@
 --
 -- Public domain
 --
 local socket = require("socket")
 local ssl    = require("ssl")
 local pkey = require "openssl.pkey"
 local ssl_context = require "openssl.ssl.context"
 local x509 = require "openssl.x509"
 local x509_store = require "openssl.x509.store"
 local function read_file(path)
 	local file, err, errno = io.open(path, "rb")
 	if not file then
 		return nil, err, errno
 	end
 	local contents
 	contents, err, errno = file:read "*a"
 	file:close()
 	return contents, err, errno
 end
 local ctx = ssl_context.new("TLSv1_2", true)
 ctx:setPrivateKey(pkey.new(assert(read_file("../certs/serverAkey.pem"))))
 ctx:setCertificate(x509.new(assert(read_file("../certs/serverA.pem"))))
 local store = x509_store.new()
 store:add("../certs/rootA.pem")
 ctx:setStore(store)
 ctx:setVerify(ssl_context.VERIFY_FAIL_IF_NO_PEER_CERT)
 local server = socket.tcp()
 server:setoption('reuseaddr', true)
 assert( server:bind("127.0.0.1", 8888) )
 server:listen()
 local peer = server:accept()
 -- [[ SSL wrapper
 peer = assert( ssl.wrap(peer, ctx) )
 -- Before handshake: nil
 print( peer:info() )
 assert( peer:dohandshake() )
 --]]
 print("---")
 local info = peer:info()
 for k, v in pairs(info) do
  print(k, v)
 end
 print("---")
 print("-> Compression", peer:info("compression"))
 peer:send("oneshot test\n")
 peer:close()
--- a/samples/multicert/client-ecdsa.lua
+++ b/samples/multicert/client-ecdsa.lua
@ -1,29 +0,0 @@
 --
 -- Public domain
 --
 local socket = require("socket")
 local ssl    = require("ssl")
 local params = {
   mode        = "client",
   protocol    = "tlsv1_2",
   key         = "certs/clientECDSAkey.pem",
   certificate = "certs/clientECDSA.pem",
   verify      = "none",
   options     = "all",
   ciphers     = "ALL:!aRSA"
 }
 local peer = socket.tcp()
 peer:connect("127.0.0.1", 8888)
 -- [[ SSL wrapper
 peer = assert( ssl.wrap(peer, params) )
 assert(peer:dohandshake())
 --]]
 local i = peer:info()
 for k, v in pairs(i) do print(k, v) end
 print(peer:receive("*l"))
 peer:close()
--- a/samples/multicert/client-rsa.lua
+++ b/samples/multicert/client-rsa.lua
@ -1,29 +0,0 @@
 --
 -- Public domain
 --
 local socket = require("socket")
 local ssl    = require("ssl")
 local params = {
   mode        = "client",
   protocol    = "tlsv1_2",
   key         = "certs/clientRSAkey.pem",
   certificate = "certs/clientRSA.pem",
   verify      = "none",
   options     = "all",
   ciphers     = "ALL:!ECDSA"
 }
 local peer = socket.tcp()
 peer:connect("127.0.0.1", 8888)
 -- [[ SSL wrapper
 peer = assert( ssl.wrap(peer, params) )
 assert(peer:dohandshake())
 --]]
 local i = peer:info()
 for k, v in pairs(i) do print(k, v) end
 print(peer:receive("*l"))
 peer:close()
--- a/samples/multicert/gencerts.sh
+++ b/samples/multicert/gencerts.sh
@ -1,13 +0,0 @@
 #!/usr/bin/env sh
 mkdir -p certs
 openssl ecparam -name secp256r1 -genkey -out certs/serverECDSAkey.pem
 openssl req -new -config ../certs/serverA.cnf -extensions usr_cert -x509 -key certs/serverECDSAkey.pem -out certs/serverECDSA.pem -days 360 -batch
 openssl ecparam -name secp256r1 -genkey -out certs/clientECDSAkey.pem
 openssl req -config ../certs/clientA.cnf -extensions usr_cert -x509 -new -key certs/clientECDSAkey.pem -out certs/clientECDSA.pem -days 360 -batch
 openssl req -config ../certs/serverB.cnf -extensions usr_cert -x509 -new -newkey rsa:2048 -keyout certs/serverRSAkey.pem -out certs/serverRSA.pem -nodes -days 365 -batch
 openssl req -config ../certs/clientB.cnf -extensions usr_cert -x509 -new -newkey rsa:2048 -keyout certs/clientRSAkey.pem -out certs/clientRSA.pem -nodes -days 365 -batch
--- a/samples/multicert/server.lua
+++ b/samples/multicert/server.lua
@ -1,38 +0,0 @@
 --
 -- Public domain
 --
 local socket = require("socket")
 local ssl    = require("ssl")
 local params = {
   mode         = "server",
   protocol     = "any",
   certificates = { 
      -- Comment line below and 'client-rsa' stop working
      { certificate = "certs/serverRSA.pem",   key = "certs/serverRSAkey.pem"   },
      -- Comment line below and 'client-ecdsa' stop working
      { certificate = "certs/serverECDSA.pem", key = "certs/serverECDSAkey.pem" }
   },
   verify  = "none",
   options = "all"
 }
 -- [[ SSL context
 local ctx = assert(ssl.newcontext(params))
 --]]
 local server = socket.tcp()
 server:setoption('reuseaddr', true)
 assert( server:bind("127.0.0.1", 8888) )
 server:listen()
 local peer = server:accept()
 -- [[ SSL wrapper
 peer = assert( ssl.wrap(peer, ctx) )
 assert( peer:dohandshake() )
 --]]
 peer:send("oneshot test\n")
 peer:close()
--- a/samples/oneshot/server.lua
+++ b/samples/oneshot/server.lua
@ -6,7 +6,7 @@ local ssl    = require("ssl")
 local params = {
   mode = "server",
-   protocol = "any",
+   protocol = "sslv23",
   key = "../certs/serverAkey.pem",
   certificate = "../certs/serverA.pem",
   cafile = "../certs/rootA.pem",
--- a/samples/psk/client.lua
+++ b/samples/psk/client.lua
@ -1,36 +0,0 @@
 --
 -- Public domain
 --
 local socket = require("socket")
 local ssl    = require("ssl")
 -- @param hint (nil | string)
 -- @param max_identity_len (number)
 -- @param max_psk_len (number)
 -- @return identity (string)
 -- @return PSK (string)
 local function pskcb(hint, max_identity_len, max_psk_len)
   print(string.format("PSK Callback: hint=%q, max_identity_len=%d, max_psk_len=%d", hint, max_identity_len, max_psk_len))
   return "abcd", "1234"
 end
 local params = {
   mode = "client",
   protocol = "tlsv1_2",
   psk = pskcb,
 }
 local peer = socket.tcp()
 peer:connect("127.0.0.1", 8888)
 peer = assert( ssl.wrap(peer, params) )
 assert(peer:dohandshake())
 print("--- INFO ---")
 local info = peer:info()
 for k, v in pairs(info) do
   print(k, v)
 end
 print("---")
 peer:close()
--- a/samples/psk/server.lua
+++ b/samples/psk/server.lua
@ -1,55 +0,0 @@
 --
 -- Public domain
 --
 local socket = require("socket")
 local ssl    = require("ssl")
 -- @param identity (string)
 -- @param max_psk_len (number)
 -- @return psk (string)
 local function pskcb(identity, max_psk_len)
   print(string.format("PSK Callback: identity=%q, max_psk_len=%d", identity, max_psk_len))
   if identity == "abcd" then
     return "1234"
  end
  return nil
 end
 local params = {
   mode = "server",
   protocol = "any",
   options = "all",
 -- PSK with just a callback
   psk = pskcb,
 -- PSK with identity hint
 --   psk = {
 --      hint = "hintpsksample",
 --      callback = pskcb,
 --   },
 }
 -- [[ SSL context
 local ctx = assert(ssl.newcontext(params))
 --]]
 local server = socket.tcp()
 server:setoption('reuseaddr', true)
 assert( server:bind("127.0.0.1", 8888) )
 server:listen()
 local peer = server:accept()
 peer = assert( ssl.wrap(peer, ctx) )
 assert( peer:dohandshake() )
 print("--- INFO ---")
 local info = peer:info()
 for k, v in pairs(info) do
   print(k, v)
 end
 print("---")
 peer:close()
 server:close()
--- a/samples/sni/client.lua
+++ b/samples/sni/client.lua
@ -1,35 +0,0 @@
 local socket = require("socket")
 local ssl    = require("ssl")
 local params = {
  mode = "client",
  protocol = "tlsv1_2",
  key = "../certs/clientAkey.pem",
  certificate = "../certs/clientA.pem",
  cafile = "../certs/rootA.pem",
  verify = "peer",
  options = "all",
 }
 local conn = socket.tcp()
 conn:connect("127.0.0.1", 8888)
 -- TLS/SSL initialization
 conn = ssl.wrap(conn, params)
 -- Comment the lines to not send a name
 --conn:sni("servera.br")
 --conn:sni("serveraa.br")
 conn:sni("serverb.br")
 assert(conn:dohandshake())
 --
 local cert = conn:getpeercertificate()
 for k, v in pairs(cert:subject()) do
  for i, j in pairs(v) do
    print(i, j)
  end
 end
 --
 print(conn:receive("*l"))
 conn:close()
--- a/samples/sni/server.lua
+++ b/samples/sni/server.lua
@ -1,52 +0,0 @@
 local socket = require("socket")
 local ssl    = require("ssl")
 local params01 = {
  mode = "server",
  protocol = "any",
  key = "../certs/serverAkey.pem",
  certificate = "../certs/serverA.pem",
  cafile = "../certs/rootA.pem",
  verify = "none",
  options = "all",
  ciphers = "ALL:!ADH:@STRENGTH",
 }
 local params02 = {
  mode = "server",
  protocol = "any",
  key = "../certs/serverAAkey.pem",
  certificate = "../certs/serverAA.pem",
  cafile = "../certs/rootA.pem",
  verify = "none",
  options = "all",
  ciphers = "ALL:!ADH:@STRENGTH",
 }
 --
 local ctx01 = ssl.newcontext(params01)
 local ctx02 = ssl.newcontext(params02)
 --
 local server = socket.tcp()
 server:setoption('reuseaddr', true)
 server:bind("127.0.0.1", 8888)
 server:listen()
 local conn = server:accept()
 --
 -- Default context (when client does not send a name) is ctx01
 conn = ssl.wrap(conn, ctx01)
 -- Configure the name map
 local sni_map = {
  ["servera.br"]  = ctx01,
  ["serveraa.br"] = ctx02,
 }
 conn:sni(sni_map, true)
 assert(conn:dohandshake())
 --
 conn:send("one line\n")
 conn:close()
--- a/samples/verification/fail-string/client.lua
+++ b/samples/verification/fail-string/client.lua
@ -6,7 +6,7 @@ local ssl    = require("ssl")
 local params = {
   mode = "client",
-   protocol = "tlsv1",
+   protocol = "tlsv1_2",
   key = "../../certs/clientBkey.pem",
   certificate = "../../certs/clientB.pem",
   cafile = "../../certs/rootB.pem",
--- a/samples/verification/fail-string/server.lua
+++ b/samples/verification/fail-string/server.lua
@ -6,7 +6,7 @@ local ssl    = require("ssl")
 local params = {
   mode = "server",
-   protocol = "tlsv1",
+   protocol = "sslv23",
   key = "../../certs/serverAkey.pem",
   certificate = "../../certs/serverA.pem",
   cafile = "../../certs/rootA.pem",
--- a/samples/verification/fail-table/client.lua
+++ b/samples/verification/fail-table/client.lua
@ -6,12 +6,12 @@ local ssl    = require("ssl")
 local params = {
   mode = "client",
-   protocol = "tlsv1",
+   protocol = "tlsv1_2",
   key = "../../certs/clientBkey.pem",
   certificate = "../../certs/clientB.pem",
   cafile = "../../certs/rootB.pem",
   verify = {"peer", "fail_if_no_peer_cert"},
-   options = "all",
+   options = "all", ,
   verifyext = "lsec_continue",
 }
--- a/samples/verification/fail-table/server.lua
+++ b/samples/verification/fail-table/server.lua
@ -6,7 +6,7 @@ local ssl    = require("ssl")
 local params = {
   mode = "server",
-   protocol = "tlsv1",
+   protocol = "sslv23",
   key = "../../certs/serverAkey.pem",
   certificate = "../../certs/serverA.pem",
   cafile = "../../certs/rootA.pem",
--- a/samples/verification/success/client.lua
+++ b/samples/verification/success/client.lua
@ -6,7 +6,7 @@ local ssl    = require("ssl")
 local params = {
   mode = "client",
-   protocol = "tlsv1",
+   protocol = "tlsv1_2",
   key = "../../certs/clientAkey.pem",
   certificate = "../../certs/clientA.pem",
   cafile = "../../certs/rootA.pem",
--- a/samples/verification/success/server.lua
+++ b/samples/verification/success/server.lua
@ -6,7 +6,7 @@ local ssl    = require("ssl")
 local params = {
   mode = "server",
-   protocol = "tlsv1",
+   protocol = "sslv23",
   key = "../../certs/serverAkey.pem",
   certificate = "../../certs/serverA.pem",
   cafile = "../../certs/rootA.pem",
--- a/samples/verify/server.lua
+++ b/samples/verify/server.lua
@ -6,7 +6,7 @@ local ssl    = require("ssl")
 local params = {
   mode = "server",
-   protocol = "any",
+   protocol = "sslv23",
   key = "../certs/serverAkey.pem",
   certificate = "../certs/serverA.pem",
   cafile = "../certs/rootA.pem",
--- a/samples/want/server.lua
+++ b/samples/want/server.lua
@ -6,7 +6,7 @@ local ssl    = require("ssl")
 local params = {
   mode = "server",
-   protocol = "any",
+   protocol = "sslv23",
   key = "../certs/serverAkey.pem",
   certificate = "../certs/serverA.pem",
   cafile = "../certs/rootA.pem",
--- a/samples/wantread/server.lua
+++ b/samples/wantread/server.lua
@ -8,7 +8,7 @@ local ssl    = require("ssl")
 local params = {
   mode = "server",
-   protocol = "any",
+   protocol = "sslv23",
   key = "../certs/serverAkey.pem",
   certificate = "../certs/serverA.pem",
   cafile = "../certs/rootA.pem",
--- a/samples/wantwrite/server.lua
+++ b/samples/wantwrite/server.lua
@ -8,7 +8,7 @@ print("Use Ctrl+S and Ctrl+Q to suspend and resume the server.")
 local params = {
   mode = "server",
-   protocol = "any",
+   protocol = "sslv23",
   key = "../certs/serverAkey.pem",
   certificate = "../certs/serverA.pem",
   cafile = "../certs/rootA.pem",
--- a/src/Makefile
+++ b/src/Makefile
@ -2,12 +2,9 @@ CMOD=ssl.so
 LMOD=ssl.lua
 OBJS= \
- options.o \
+ x509.o \
 x509.o    \
 context.o \
- ssl.o     \
+ ssl.o
 config.o  \
 ec.o
 LIBS=-lssl -lcrypto -lluasocket
@ -23,11 +20,12 @@ MAC_ENV=env MACOSX_DEPLOYMENT_TARGET='$(MACVER)'
 MAC_CFLAGS=-O2 -fno-common $(WARN) $(INCDIR) $(DEFS)
 MAC_LDFLAGS=-bundle -undefined dynamic_lookup $(LIBDIR)
-INSTALL  = install
+INSTALL	?= install
-CC      ?= cc
+CC	?= cc
-CCLD      ?= $(MYENV) $(CC)
+LD	?= $(MYENV) cc
-CFLAGS  += $(MYCFLAGS)
+CFLAGS	+= $(MYCFLAGS)
-LDFLAGS += $(MYLDFLAGS)
+LDFLAGS	+= $(MYLDFLAGS)
 DESTDIR	?= /
 .PHONY: all clean install none linux bsd macosx luasocket
@ -35,9 +33,9 @@ all:
 install: $(CMOD) $(LMOD)
 	$(INSTALL) -d $(DESTDIR)$(LUAPATH)/ssl $(DESTDIR)$(LUACPATH)
-	$(INSTALL) $(CMOD) $(DESTDIR)$(LUACPATH)
+	$(INSTALL) -D $(CMOD) $(DESTDIR)$(LUACPATH)
-	$(INSTALL) -m644 $(LMOD) $(DESTDIR)$(LUAPATH)
+	$(INSTALL) -m644 -D $(LMOD) $(DESTDIR)$(LUAPATH)
-	$(INSTALL) -m644 https.lua $(DESTDIR)$(LUAPATH)/ssl
+	$(INSTALL) -m644 -D https.lua $(DESTDIR)$(LUAPATH)/ssl
 linux:
 	@$(MAKE) $(CMOD) MYCFLAGS="$(LNX_CFLAGS)" MYLDFLAGS="$(LNX_LDFLAGS)" EXTRA="$(EXTRA)"
@ -52,15 +50,12 @@ luasocket:
 	@cd luasocket && $(MAKE)
 $(CMOD): $(EXTRA) $(OBJS)
-	$(CCLD) $(LDFLAGS) -o $@ $(OBJS) $(LIBS)
+	$(LD) $(LDFLAGS) -o $@ $(OBJS) $(LIBS)
 clean:
 	cd luasocket && $(MAKE) clean
 	rm -f $(OBJS) $(CMOD)
-options.o: options.h options.c
+x509.o: x509.c x509.h config.h
-ec.o: ec.c ec.h
+context.o: context.c context.h ec.h config.h
-x509.o: x509.c x509.h compat.h
+ssl.o: ssl.c ssl.h context.h x509.h config.h
 context.o: context.c context.h ec.h compat.h options.h
 ssl.o: ssl.c ssl.h context.h x509.h compat.h
 config.o: config.c ec.h options.h compat.h
--- a/src/compat.h
+++ b/src/compat.h
@ -1,57 +0,0 @@
 /*--------------------------------------------------------------------------
 * LuaSec 1.2.0
 *
 * Copyright (C) 2006-2022 Bruno Silvestre
 *
 *--------------------------------------------------------------------------*/
 #ifndef LSEC_COMPAT_H
 #define LSEC_COMPAT_H
 #include <openssl/ssl.h>
 //------------------------------------------------------------------------------
 #if defined(_WIN32)
 #define LSEC_API __declspec(dllexport) 
 #else
 #define LSEC_API extern
 #endif
 //------------------------------------------------------------------------------
 #if (LUA_VERSION_NUM == 501)
 #define luaL_testudata(L, ud, tname)  lsec_testudata(L, ud, tname)
 #define setfuncs(L, R)    luaL_register(L, NULL, R)
 #define lua_rawlen(L, i)  lua_objlen(L, i)
 #ifndef luaL_newlib
 #define luaL_newlib(L, R) do { lua_newtable(L); luaL_register(L, NULL, R); } while(0)
 #endif
 #else
 #define setfuncs(L, R) luaL_setfuncs(L, R, 0)
 #endif
 //------------------------------------------------------------------------------
 #if (!defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x1010000fL))
 #define LSEC_ENABLE_DANE
 #endif
 //------------------------------------------------------------------------------
 #if !((defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x2070000fL)) || (OPENSSL_VERSION_NUMBER < 0x1010000fL))
 #define LSEC_API_OPENSSL_1_1_0
 #endif
 //------------------------------------------------------------------------------
 #if !defined(LIBRESSL_VERSION_NUMBER) && ((OPENSSL_VERSION_NUMBER & 0xFFFFF000L) == 0x10101000L)
 #define LSEC_OPENSSL_1_1_1
 #endif
 //------------------------------------------------------------------------------
 #endif
--- a/src/config.c
+++ b/src/config.c
@ -1,102 +0,0 @@
 /*--------------------------------------------------------------------------
 * LuaSec 1.2.0
 *
 * Copyright (C) 2006-2022 Bruno Silvestre.
 *
 *--------------------------------------------------------------------------*/
 #include "compat.h"
 #include "options.h"
 #include "ec.h"
 /**
 * Registre the module.
 */
 LSEC_API int luaopen_ssl_config(lua_State *L)
 {
  lsec_ssl_option_t *opt;
  lua_newtable(L);
  // Options
  lua_pushstring(L, "options");
  lua_newtable(L);
  for (opt = lsec_get_ssl_options(); opt->name; opt++) {
    lua_pushstring(L, opt->name);
    lua_pushboolean(L, 1);
    lua_rawset(L, -3);
  }
  lua_rawset(L, -3);
  // Protocols
  lua_pushstring(L, "protocols");
  lua_newtable(L);
  lua_pushstring(L, "tlsv1");
  lua_pushboolean(L, 1);
  lua_rawset(L, -3);
  lua_pushstring(L, "tlsv1_1");
  lua_pushboolean(L, 1);
  lua_rawset(L, -3);
  lua_pushstring(L, "tlsv1_2");
  lua_pushboolean(L, 1);
  lua_rawset(L, -3);
 #ifdef TLS1_3_VERSION
  lua_pushstring(L, "tlsv1_3");
  lua_pushboolean(L, 1);
  lua_rawset(L, -3);
 #endif
  lua_rawset(L, -3);
  // Algorithms
  lua_pushstring(L, "algorithms");
  lua_newtable(L);
 #ifndef OPENSSL_NO_EC
  lua_pushstring(L, "ec");
  lua_pushboolean(L, 1);
  lua_rawset(L, -3);
 #endif
  lua_rawset(L, -3);
  // Curves
  lua_pushstring(L, "curves");
  lsec_get_curves(L);
  lua_rawset(L, -3);
  // Capabilities
  lua_pushstring(L, "capabilities");
  lua_newtable(L);
  // ALPN
  lua_pushstring(L, "alpn");
  lua_pushboolean(L, 1);
  lua_rawset(L, -3);
 #ifdef LSEC_ENABLE_DANE
  // DANE
  lua_pushstring(L, "dane");
 #ifdef DANE_FLAG_NO_DANE_EE_NAMECHECKS
  lua_createtable(L, 0, 1);
  lua_pushstring(L, "no_ee_namechecks");
  lua_pushboolean(L, 1);
  lua_rawset(L, -3);
 #else
  lua_pushboolean(L, 1);
 #endif
  lua_rawset(L, -3);
 #endif
 #ifndef OPENSSL_NO_EC
  lua_pushstring(L, "curves_list");
  lua_pushboolean(L, 1);
  lua_rawset(L, -3);
  lua_pushstring(L, "ecdh_auto");
  lua_pushboolean(L, 1);
  lua_rawset(L, -3);
 #endif
  lua_rawset(L, -3);
  return 1;
 }
--- a/src/config.h
+++ b/src/config.h
@ -0,0 +1,20 @@
 /*--------------------------------------------------------------------------
 * LuaSec 0.5.1
 * Copyright (C) 2006-2015 Bruno Silvestre
 *
 *--------------------------------------------------------------------------*/
 #ifndef LSEC_CONFIG_H
 #define LSEC_CONFIG_H
 #if defined(_WIN32)
 #define LSEC_API __declspec(dllexport) 
 #else
 #define LSEC_API extern
 #endif
 #if (LUA_VERSION_NUM == 501)
 #define lua_rawlen(L, i) lua_objlen(L, i)
 #endif
 #endif
--- a/src/context.c
+++ b/src/context.c
@ -1,9 +1,9 @@
 /*--------------------------------------------------------------------------
- * LuaSec 1.2.0
+ * LuaSec 0.5.1
 *
- * Copyright (C) 2014-2022 Kim Alvefur, Paul Aurich, Tobias Markmann, 
+ * Copyright (C) 2014-2015 Kim Alvefur, Paul Aurich, Tobias Markmann, 
 *                         Matthew Wild.
- * Copyright (C) 2006-2022 Bruno Silvestre.
+ * Copyright (C) 2006-2015 Bruno Silvestre.
 *
 *--------------------------------------------------------------------------*/
@ -17,21 +17,28 @@
 #include <openssl/err.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 #include <openssl/x509_vfy.h>
 #include <openssl/dh.h>
 #include <lua.h>
 #include <lauxlib.h>
 #include "compat.h"
 #include "context.h"
 #include "options.h"
-#ifndef OPENSSL_NO_EC
+#ifndef OPENSSL_NO_ECDH
 #include <openssl/ec.h>
 #include "ec.h"
 #endif
 #if (OPENSSL_VERSION_NUMBER >= 0x1000000fL)
 typedef const SSL_METHOD LSEC_SSL_METHOD;
 #else
 typedef       SSL_METHOD LSEC_SSL_METHOD;
 #endif
 #if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
 #define SSLv23_method() TLS_method()
 #endif
 /*--------------------------- Auxiliary Functions ----------------------------*/
 /**
@ -42,18 +49,13 @@ static p_context checkctx(lua_State *L, int idx)
  return (p_context)luaL_checkudata(L, idx, "SSL:Context");
 }
 static p_context testctx(lua_State *L, int idx)
 {
  return (p_context)luaL_testudata(L, idx, "SSL:Context");
 }
 /**
 * Prepare the SSL options flag.
 */
 static int set_option_flag(const char *opt, unsigned long *flag)
 {
-  lsec_ssl_option_t *p;
+  ssl_option_t *p;
-  for (p = lsec_get_ssl_options(); p->name; p++) {
+  for (p = ssl_options; p->name; p++) {
    if (!strcmp(opt, p->name)) {
      *flag |= p->code;
      return 1;
@ -62,59 +64,22 @@ static int set_option_flag(const char *opt, unsigned long *flag)
  return 0;
 }
 #ifndef LSEC_API_OPENSSL_1_1_0
 /**
 * Find the protocol.
 */
-static const SSL_METHOD* str2method(const char *method, int *vmin, int *vmax)
+static LSEC_SSL_METHOD* str2method(const char *method)
 {
-  (void)vmin;
+  if (!strcmp(method, "sslv23"))  return SSLv23_method();
-  (void)vmax;
+#ifndef OPENSSL_NO_SSL3
-  if (!strcmp(method, "any"))     return SSLv23_method();
+  if (!strcmp(method, "sslv3"))   return SSLv3_method();
-  if (!strcmp(method, "sslv23"))  return SSLv23_method();  // deprecated
+#endif
  if (!strcmp(method, "tlsv1"))   return TLSv1_method();
 #if (OPENSSL_VERSION_NUMBER >= 0x1000100fL)
  if (!strcmp(method, "tlsv1_1")) return TLSv1_1_method();
  if (!strcmp(method, "tlsv1_2")) return TLSv1_2_method();
  return NULL;
 }
 #else
 /**
 * Find the protocol.
 */
 static const SSL_METHOD* str2method(const char *method, int *vmin, int *vmax)
 {
  if (!strcmp(method, "any") || !strcmp(method, "sslv23")) { // 'sslv23' is deprecated
    *vmin = 0;
    *vmax = 0;
    return TLS_method();
  }
  else if (!strcmp(method, "tlsv1")) {
    *vmin = TLS1_VERSION;
    *vmax = TLS1_VERSION;
    return TLS_method();
  }
  else if (!strcmp(method, "tlsv1_1")) {
    *vmin = TLS1_1_VERSION;
    *vmax = TLS1_1_VERSION;
    return TLS_method();
  }
  else if (!strcmp(method, "tlsv1_2")) {
    *vmin = TLS1_2_VERSION;
    *vmax = TLS1_2_VERSION;
    return TLS_method();
  }
 #if defined(TLS1_3_VERSION)
  else if (!strcmp(method, "tlsv1_3")) {
    *vmin = TLS1_3_VERSION;
    *vmax = TLS1_3_VERSION;
    return TLS_method();
  }
 #endif
  return NULL;
 }
 #endif
 /**
 * Prepare the SSL handshake verify flag.
@ -201,6 +166,7 @@ static DH *dhparam_cb(SSL *ssl, int is_export, int keylength)
 {
  BIO *bio;
  lua_State *L;
  DH *dh_tmp = NULL;
  SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
  p_context pctx = (p_context)SSL_CTX_get_app_data(ctx);
@ -221,15 +187,24 @@ static DH *dhparam_cb(SSL *ssl, int is_export, int keylength)
    lua_pop(L, 2);  /* Remove values from stack */
    return NULL;
  }
-
+  bio = BIO_new_mem_buf((void*)lua_tostring(L, -1), 
-  bio = BIO_new_mem_buf((void*)lua_tostring(L, -1), lua_rawlen(L, -1));
+    lua_rawlen(L, -1));
  if (bio) {
-    pctx->dh_param = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
+    dh_tmp = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
    BIO_free(bio);
  }
  /*
   * OpenSSL exepcts the callback to maintain a reference to the DH*.  So,
   * cache it here, and clean up the previous set of parameters.  Any remaining
   * set is cleaned up when destroying the LuaSec context.
   */
  if (pctx->dh_param)
    DH_free(pctx->dh_param);
  pctx->dh_param = dh_tmp;
  lua_pop(L, 2);    /* Remove values from stack */
-  return pctx->dh_param;
+  return dh_tmp;
 }
 /**
@ -301,6 +276,18 @@ static int verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
  return (verify & LSEC_VERIFY_CONTINUE ? 1 : preverify_ok);
 }
 #ifndef OPENSSL_NO_ECDH
 static EC_KEY *find_ec_key(const char *str)
 {
  p_ec ptr;
  for (ptr = curves; ptr->name; ptr++) {
    if (!strcmp(str, ptr->name))
      return EC_KEY_new_by_curve_name(ptr->nid);
  }
  return NULL;
 }
 #endif
 /*------------------------------ Lua Functions -------------------------------*/
 /**
@ -310,11 +297,10 @@ static int create(lua_State *L)
 {
  p_context ctx;
  const char *str_method;
-  const SSL_METHOD *method;
+  LSEC_SSL_METHOD *method;
  int vmin, vmax;
  str_method = luaL_checkstring(L, 1);
-  method = str2method(str_method, &vmin, &vmax);
+  method = str2method(str_method);
  if (!method) {
    lua_pushnil(L);
    lua_pushfstring(L, "invalid protocol (%s)", str_method);
@ -334,10 +320,6 @@ static int create(lua_State *L)
      ERR_reason_error_string(ERR_get_error()));
    return 2;
  }
 #ifdef LSEC_API_OPENSSL_1_1_0
  SSL_CTX_set_min_proto_version(ctx->context, vmin);
  SSL_CTX_set_max_proto_version(ctx->context, vmax);
 #endif
  ctx->mode = LSEC_MODE_INVALID;
  ctx->L = L;
  luaL_getmetatable(L, "SSL:Context");
@ -419,17 +401,6 @@ static int load_key(lua_State *L)
  return ret;
 }
 /**
 * Check that the certificate public key matches the private key
 */
 static int check_key(lua_State *L)
 {
  SSL_CTX *ctx = lsec_checkcontext(L, 1);
  lua_pushboolean(L, SSL_CTX_check_private_key(ctx));
  return 1;
 }
 /**
 * Set the cipher list.
 */
@ -439,38 +410,21 @@ static int set_cipher(lua_State *L)
  const char *list = luaL_checkstring(L, 2);
  if (SSL_CTX_set_cipher_list(ctx, list) != 1) {
    lua_pushboolean(L, 0);
-    lua_pushfstring(L, "error setting cipher list (%s)", ERR_reason_error_string(ERR_get_error()));
+    lua_pushfstring(L, "error setting cipher list (%s)",
      ERR_reason_error_string(ERR_get_error()));
    return 2;
  }
  lua_pushboolean(L, 1);
  return 1;
 }
 /**
 * Set the cipher suites.
 */
 static int set_ciphersuites(lua_State *L)
 {
 #if defined(TLS1_3_VERSION)
  SSL_CTX *ctx = lsec_checkcontext(L, 1);
  const char *list = luaL_checkstring(L, 2);
  if (SSL_CTX_set_ciphersuites(ctx, list) != 1) {
    lua_pushboolean(L, 0);
    lua_pushfstring(L, "error setting cipher list (%s)", ERR_reason_error_string(ERR_get_error()));
    return 2;
  }
 #endif
  lua_pushboolean(L, 1);
  return 1;
 }
 /**
 * Set the depth for certificate checking.
 */
 static int set_depth(lua_State *L)
 {
  SSL_CTX *ctx = lsec_checkcontext(L, 1);
-  SSL_CTX_set_verify_depth(ctx, (int)luaL_checkinteger(L, 2));
+  SSL_CTX_set_verify_depth(ctx, luaL_checkint(L, 2));
  lua_pushboolean(L, 1);
  return 1;
 }
@ -512,6 +466,12 @@ static int set_options(lua_State *L)
  if (max > 1) {
    for (i = 2; i <= max; i++) {
      str = luaL_checkstring(L, i);
 #if !defined(SSL_OP_NO_COMPRESSION) && (OPENSSL_VERSION_NUMBER >= 0x0090800f) && (OPENSSL_VERSION_NUMBER < 0x1000000fL)
      /* Version 0.9.8 has a different way to disable compression */
      if (!strcmp(str, "no_compression"))
        ctx->comp_methods = NULL;
      else
 #endif
      if (!set_option_flag(str, &flag)) {
        lua_pushboolean(L, 0);
        lua_pushfstring(L, "invalid option (%s)", str);
@ -563,24 +523,27 @@ static int set_dhparam(lua_State *L)
  return 0;
 }
 #if !defined(OPENSSL_NO_EC)
 /**
 * Set elliptic curve.
 */
 #ifdef OPENSSL_NO_ECDH
 static int set_curve(lua_State *L)
 {
  lua_pushboolean(L, 0);
  lua_pushstring(L, "OpenSSL does not support ECDH");
  return 2;
 }
 #else
 static int set_curve(lua_State *L)
 {
  long ret;
  EC_KEY *key = NULL;
  SSL_CTX *ctx = lsec_checkcontext(L, 1);
  const char *str = luaL_checkstring(L, 2);
-
+  EC_KEY *key = find_ec_key(str);
  SSL_CTX_set_options(ctx, SSL_OP_SINGLE_ECDH_USE);
  key = lsec_find_ec_key(L, str);
  if (!key) {
    lua_pushboolean(L, 0);
-    lua_pushfstring(L, "elliptic curve '%s' not supported", str);
+    lua_pushfstring(L, "elliptic curve %s not supported", str);
    return 2;
  }
@ -594,317 +557,26 @@ static int set_curve(lua_State *L)
      ERR_reason_error_string(ERR_get_error()));
    return 2;
  }
  lua_pushboolean(L, 1);
  return 1;
 }
 /**
 * Set elliptic curves list.
 */
 static int set_curves_list(lua_State *L)
 {
  SSL_CTX *ctx = lsec_checkcontext(L, 1);
  const char *str = luaL_checkstring(L, 2);
  SSL_CTX_set_options(ctx, SSL_OP_SINGLE_ECDH_USE);
  if (SSL_CTX_set1_curves_list(ctx, str) != 1) {
    lua_pushboolean(L, 0);
    lua_pushfstring(L, "unknown elliptic curve in \"%s\"", str);
    return 2;
  }
 #if defined(LIBRESSL_VERSION_NUMBER) || !defined(LSEC_API_OPENSSL_1_1_0)
  (void)SSL_CTX_set_ecdh_auto(ctx, 1);
 #endif
  lua_pushboolean(L, 1);
  return 1;
 }
 #endif
 /**
 * Set the protocols a client should send for ALPN.
 */
 static int set_alpn(lua_State *L)
 {
  long ret;
  size_t len;
  p_context ctx = checkctx(L, 1);
  const char *str = luaL_checklstring(L, 2, &len);
  ret = SSL_CTX_set_alpn_protos(ctx->context, (const unsigned char*)str, len);
  if (ret) {
    lua_pushboolean(L, 0);
    lua_pushfstring(L, "error setting ALPN (%s)", ERR_reason_error_string(ERR_get_error()));
    return 2;
  }
  lua_pushboolean(L, 1);
  return 1;
 }
 /**
 * This standard callback calls the server's callback in Lua sapce.
 * The server has to return a list in wire-format strings.
 * This function uses a helper function to match server and client lists.
 */
 static int alpn_cb(SSL *s, const unsigned char **out, unsigned char *outlen,
                   const unsigned char *in, unsigned int inlen, void *arg)
 {
  int ret;
  size_t server_len;
  const char *server;
  p_context ctx = (p_context)arg;
  lua_State *L = ctx->L;
  luaL_getmetatable(L, "SSL:ALPN:Registry");
  lua_pushlightuserdata(L, (void*)ctx->context);
  lua_gettable(L, -2);
  lua_pushlstring(L, (const char*)in, inlen);
  lua_call(L, 1, 1);
  if (!lua_isstring(L, -1)) {
    lua_pop(L, 2);
    return SSL_TLSEXT_ERR_NOACK;
  }
  // Protocol list from server in wire-format string
  server = luaL_checklstring(L, -1, &server_len);
  ret  = SSL_select_next_proto((unsigned char**)out, outlen, (const unsigned char*)server,
                               server_len, in, inlen);
  if (ret != OPENSSL_NPN_NEGOTIATED) {
    lua_pop(L, 2);
    return SSL_TLSEXT_ERR_NOACK;
  } 
  // Copy the result because lua_pop() can collect the pointer
  ctx->alpn = malloc(*outlen);
  memcpy(ctx->alpn, (void*)*out, *outlen);
  *out = (const unsigned char*)ctx->alpn;
  lua_pop(L, 2);
  return SSL_TLSEXT_ERR_OK;
 }
 /**
 * Set a callback a server can use to select the next protocol with ALPN.
 */
 static int set_alpn_cb(lua_State *L)
 {
  p_context ctx = checkctx(L, 1);
  luaL_getmetatable(L, "SSL:ALPN:Registry");
  lua_pushlightuserdata(L, (void*)ctx->context);
  lua_pushvalue(L, 2);
  lua_settable(L, -3);
  SSL_CTX_set_alpn_select_cb(ctx->context, alpn_cb, ctx);
  lua_pushboolean(L, 1);
  return 1;
 }
 /**
 * Callback to select the PSK.
 */
 static unsigned int server_psk_cb(SSL *ssl, const char *identity, unsigned char *psk,
  unsigned int max_psk_len)
 {
  size_t psk_len;
  const char *ret_psk;
  SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
  p_context pctx = (p_context)SSL_CTX_get_app_data(ctx);
  lua_State *L = pctx->L;
  luaL_getmetatable(L, "SSL:PSK:Registry");
  lua_pushlightuserdata(L, (void*)pctx->context);
  lua_gettable(L, -2);
  lua_pushstring(L, identity);
  lua_pushinteger(L, max_psk_len);
  lua_call(L, 2, 1);
  if (!lua_isstring(L, -1)) {
    lua_pop(L, 2);
    return 0;
  }
  ret_psk = lua_tolstring(L, -1, &psk_len);
  if (psk_len == 0 || psk_len > max_psk_len)
    psk_len = 0;
  else
    memcpy(psk, ret_psk, psk_len);
  lua_pop(L, 2);
  return psk_len;
 }
 /**
 * Set a PSK callback for server.
 */
 static int set_server_psk_cb(lua_State *L)
 {
  p_context ctx = checkctx(L, 1);
  luaL_getmetatable(L, "SSL:PSK:Registry");
  lua_pushlightuserdata(L, (void*)ctx->context);
  lua_pushvalue(L, 2);
  lua_settable(L, -3);
  SSL_CTX_set_psk_server_callback(ctx->context, server_psk_cb);
  lua_pushboolean(L, 1);
  return 1;
 }
 /*
 * Set the PSK indentity hint.
 */
 static int set_psk_identity_hint(lua_State *L)
 {
  p_context ctx = checkctx(L, 1);
  const char *hint = luaL_checkstring(L, 2);
  int ret = SSL_CTX_use_psk_identity_hint(ctx->context, hint);
  lua_pushboolean(L, ret);
  return 1;
 }
 /*
 * Client callback to PSK.
 */
 static unsigned int client_psk_cb(SSL *ssl, const char *hint, char *identity,
  unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len)
 {
  size_t psk_len;
  size_t identity_len;
  const char *ret_psk;
  const char *ret_identity;
  SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
  p_context pctx = (p_context)SSL_CTX_get_app_data(ctx);
  lua_State *L = pctx->L;
  luaL_getmetatable(L, "SSL:PSK:Registry");
  lua_pushlightuserdata(L, (void*)pctx->context);
  lua_gettable(L, -2);
  if (hint)
    lua_pushstring(L, hint);
  else
    lua_pushnil(L);
  // Leave space to '\0'
  lua_pushinteger(L, max_identity_len-1);
  lua_pushinteger(L, max_psk_len);
  lua_call(L, 3, 2);
  if (!lua_isstring(L, -1) || !lua_isstring(L, -2)) {
    lua_pop(L, 3);
    return 0;
  }
  ret_identity = lua_tolstring(L, -2, &identity_len);
  ret_psk = lua_tolstring(L, -1, &psk_len);
  if (identity_len >= max_identity_len || psk_len > max_psk_len)
    psk_len = 0;
  else {
    memcpy(identity, ret_identity, identity_len);
    identity[identity_len] = 0;
    memcpy(psk, ret_psk, psk_len);
  }
  lua_pop(L, 3);
  return psk_len;
 }
 /**
 * Set a PSK callback for client.
 */
 static int set_client_psk_cb(lua_State *L) {
  p_context ctx = checkctx(L, 1);
  luaL_getmetatable(L, "SSL:PSK:Registry");
  lua_pushlightuserdata(L, (void*)ctx->context);
  lua_pushvalue(L, 2);
  lua_settable(L, -3);
  SSL_CTX_set_psk_client_callback(ctx->context, client_psk_cb);
  lua_pushboolean(L, 1);
  return 1;
 }
 #if defined(LSEC_ENABLE_DANE)
 /*
 * DANE
 */
 static int dane_options[] = {
  /* TODO move into options.c
   * however this symbol is not from openssl/ssl.h but rather from
   * openssl/x509_vfy.h
   * */
 #ifdef DANE_FLAG_NO_DANE_EE_NAMECHECKS
  DANE_FLAG_NO_DANE_EE_NAMECHECKS,
 #endif
  0
 };
 static const char *dane_option_names[] = {
 #ifdef DANE_FLAG_NO_DANE_EE_NAMECHECKS
  "no_ee_namechecks",
 #endif
  NULL
 };
 static int set_dane(lua_State *L)
 {
  int ret, i;
  SSL_CTX *ctx = lsec_checkcontext(L, 1);
  ret = SSL_CTX_dane_enable(ctx);
  for (i = 2; ret > 0 && i <= lua_gettop(L); i++) {
    ret = SSL_CTX_dane_set_flags(ctx, dane_options[luaL_checkoption(L, i, NULL, dane_option_names)]);
  }
  lua_pushboolean(L, (ret > 0));
  return 1;
 }
 #endif
 /**
 * Package functions
 */
 static luaL_Reg funcs[] = {
-  {"create",          create},
+  {"create",       create},
-  {"locations",       load_locations},
+  {"locations",    load_locations},
-  {"loadcert",        load_cert},
+  {"loadcert",     load_cert},
-  {"loadkey",         load_key},
+  {"loadkey",      load_key},
-  {"checkkey",        check_key},
+  {"setcipher",    set_cipher},
-  {"setalpn",         set_alpn},
+  {"setdepth",     set_depth},
-  {"setalpncb",       set_alpn_cb},
+  {"setdhparam",   set_dhparam},
-  {"setcipher",       set_cipher},
+  {"setcurve",     set_curve},
-  {"setciphersuites", set_ciphersuites},
+  {"setverify",    set_verify},
-  {"setdepth",        set_depth},
+  {"setoptions",   set_options},
-  {"setdhparam",      set_dhparam},
+  {"setmode",      set_mode},
  {"setverify",       set_verify},
  {"setoptions",      set_options},
  {"setpskhint",      set_psk_identity_hint},
  {"setserverpskcb",  set_server_psk_cb},
  {"setclientpskcb",  set_client_psk_cb},
  {"setmode",         set_mode},
 #if !defined(OPENSSL_NO_EC)
  {"setcurve",        set_curve},
  {"setcurveslist",   set_curves_list},
 #endif
 #if defined(LSEC_ENABLE_DANE)
  {"setdane",         set_dane},
 #endif
  {NULL, NULL}
 };
@ -926,18 +598,15 @@ static int meth_destroy(lua_State *L)
    lua_pushlightuserdata(L, (void*)ctx->context);
    lua_pushnil(L);
    lua_settable(L, -3);
    luaL_getmetatable(L, "SSL:ALPN:Registry");
    lua_pushlightuserdata(L, (void*)ctx->context);
    lua_pushnil(L);
    lua_settable(L, -3);
    luaL_getmetatable(L, "SSL:PSK:Registry");
    lua_pushlightuserdata(L, (void*)ctx->context);
    lua_pushnil(L);
    lua_settable(L, -3);
    SSL_CTX_free(ctx->context);
    ctx->context = NULL;
  }
  if (ctx->dh_param) {
    DH_free(ctx->dh_param);
    ctx->dh_param = NULL;
  }
  return 0;
 }
@ -1009,7 +678,6 @@ static int meth_set_verify_ext(lua_State *L)
 * Context metamethods.
 */
 static luaL_Reg meta[] = {
  {"__close",    meth_destroy},
  {"__gc",       meth_destroy},
  {"__tostring", meth_tostring},
  {NULL, NULL}
@ -1035,12 +703,6 @@ SSL_CTX* lsec_checkcontext(lua_State *L, int idx)
  return ctx->context;
 }
 SSL_CTX* lsec_testcontext(lua_State *L, int idx)
 {
  p_context ctx = testctx(L, idx);
  return (ctx) ? ctx->context : NULL;
 }
 /**
 * Retrieve the mode from the context in the Lua stack.
 */
@ -1050,47 +712,44 @@ int lsec_getmode(lua_State *L, int idx)
  return ctx->mode;
 }
 /*-- Compat - Lua 5.1 --*/
 #if (LUA_VERSION_NUM == 501)
 void *lsec_testudata (lua_State *L, int ud, const char *tname) {
  void *p = lua_touserdata(L, ud);
  if (p != NULL) {  /* value is a userdata? */
    if (lua_getmetatable(L, ud)) {  /* does it have a metatable? */
      luaL_getmetatable(L, tname);  /* get correct metatable */
      if (!lua_rawequal(L, -1, -2))  /* not the same? */
        p = NULL;  /* value is a userdata with wrong metatable */
      lua_pop(L, 2);  /* remove both metatables */
      return p;
    }
  }
  return NULL;  /* value is not a userdata with a metatable */
 }
 #endif
 /*------------------------------ Initialization ------------------------------*/
 /**
 * Registre the module.
 */
 #if (LUA_VERSION_NUM == 501)
 LSEC_API int luaopen_ssl_context(lua_State *L)
 {
-  luaL_newmetatable(L, "SSL:DH:Registry");        /* Keep all DH callbacks   */
+  luaL_newmetatable(L, "SSL:DH:Registry");      /* Keep all DH callbacks */
-  luaL_newmetatable(L, "SSL:ALPN:Registry");      /* Keep all ALPN callbacks */
+  luaL_newmetatable(L, "SSL:Verify:Registry");  /* Keep all verify flags */
  luaL_newmetatable(L, "SSL:PSK:Registry");       /* Keep all PSK callbacks */
  luaL_newmetatable(L, "SSL:Verify:Registry");    /* Keep all verify flags   */
  luaL_newmetatable(L, "SSL:Context");
-  setfuncs(L, meta);
+  luaL_register(L, NULL, meta);
  /* Create __index metamethods for context */
-  luaL_newlib(L, meta_index);
+  lua_newtable(L);
  luaL_register(L, NULL, meta_index);
  lua_setfield(L, -2, "__index");
-  lsec_load_curves(L);
+  /* Register the module */
-
+  luaL_register(L, "ssl.context", funcs);
  /* Return the module */
  luaL_newlib(L, funcs);
  return 1;
 }
 #else
 LSEC_API int luaopen_ssl_context(lua_State *L)
 {
  luaL_newmetatable(L, "SSL:DH:Registry");      /* Keep all DH callbacks */
  luaL_newmetatable(L, "SSL:Verify:Registry");  /* Keep all verify flags */
  luaL_newmetatable(L, "SSL:Context");
  luaL_setfuncs(L, meta, 0);
  /* Create __index metamethods for context */
  lua_newtable(L);
  luaL_setfuncs(L, meta_index, 0);
  lua_setfield(L, -2, "__index");
  /* Return the module */
  lua_newtable(L);
  luaL_setfuncs(L, funcs, 0);
  return 1;
 }
 #endif
--- a/src/context.h
+++ b/src/context.h
@ -2,16 +2,15 @@
 #define LSEC_CONTEXT_H
 /*--------------------------------------------------------------------------
- * LuaSec 1.2.0
+ * LuaSec 0.5.1
- *
+ * Copyright (C) 2006-2015 Bruno Silvestre
 * Copyright (C) 2006-2022 Bruno Silvestre
 *
 *--------------------------------------------------------------------------*/
 #include <lua.h>
 #include <openssl/ssl.h>
-#include "compat.h"
+#include "config.h"
 #define LSEC_MODE_INVALID 0
 #define LSEC_MODE_SERVER  1
@ -24,14 +23,12 @@ typedef struct t_context_ {
  SSL_CTX *context;
  lua_State *L;
  DH *dh_param;
  void *alpn;
  int mode;
 } t_context;
 typedef t_context* p_context;
 /* Retrieve the SSL context from the Lua stack */
 SSL_CTX *lsec_checkcontext(lua_State *L, int idx);
 SSL_CTX *lsec_testcontext(lua_State *L, int idx);
 /* Retrieve the mode from the context in the Lua stack */
 int lsec_getmode(lua_State *L, int idx);
@ -39,9 +36,4 @@ int lsec_getmode(lua_State *L, int idx);
 /* Registre the module. */
 LSEC_API int luaopen_ssl_context(lua_State *L);
 /* Compat - Lua 5.1 */
 #if (LUA_VERSION_NUM == 501)
 void *lsec_testudata (lua_State *L, int ud, const char *tname);
 #endif
 #endif
--- a/src/ec.c
+++ b/src/ec.c
@ -1,109 +0,0 @@
 #include <openssl/objects.h>
 #include "ec.h"
 #ifndef OPENSSL_NO_EC
 EC_KEY *lsec_find_ec_key(lua_State *L, const char *str)
 {
  int nid;
  lua_pushstring(L, "SSL:EC:CURVES");
  lua_rawget(L, LUA_REGISTRYINDEX);
  lua_pushstring(L, str);
  lua_rawget(L, -2);
  if (!lua_isnumber(L, -1))
    return NULL;
  nid = (int)lua_tonumber(L, -1);
  return EC_KEY_new_by_curve_name(nid);
 }
 void lsec_load_curves(lua_State *L)
 {
  size_t i;
  size_t size;
  const char *name;
  EC_builtin_curve *curves = NULL;
  lua_pushstring(L, "SSL:EC:CURVES");
  lua_newtable(L);
  size = EC_get_builtin_curves(NULL, 0);
  if (size > 0) {
    curves = (EC_builtin_curve*)malloc(sizeof(EC_builtin_curve) * size);
    EC_get_builtin_curves(curves, size);
    for (i = 0; i < size; i++) {
      name = OBJ_nid2sn(curves[i].nid);
      if (name != NULL) {
        lua_pushstring(L, name);
        lua_pushnumber(L, curves[i].nid);
        lua_rawset(L, -3);
      }
      switch (curves[i].nid) {
      case NID_X9_62_prime256v1:
        lua_pushstring(L, "P-256");
        lua_pushnumber(L, curves[i].nid);
        lua_rawset(L, -3);
        break;
      case NID_secp384r1:
        lua_pushstring(L, "P-384");
        lua_pushnumber(L, curves[i].nid);
        lua_rawset(L, -3);
        break;
      case NID_secp521r1:
        lua_pushstring(L, "P-521");
        lua_pushnumber(L, curves[i].nid);
        lua_rawset(L, -3);
        break;
      }
    }
    free(curves);
  }
  /* These are special so are manually added here */
 #ifdef NID_X25519
  lua_pushstring(L, "X25519");
  lua_pushnumber(L, NID_X25519);
  lua_rawset(L, -3);
 #endif
 #ifdef NID_X448
  lua_pushstring(L, "X448");
  lua_pushnumber(L, NID_X448);
  lua_rawset(L, -3);
 #endif
  lua_rawset(L,  LUA_REGISTRYINDEX);
 }
 void lsec_get_curves(lua_State *L)
 {
  lua_newtable(L);
  lua_pushstring(L, "SSL:EC:CURVES");
  lua_rawget(L, LUA_REGISTRYINDEX);
  lua_pushnil(L);
  while (lua_next(L, -2) != 0) {
    lua_pop(L, 1);
    lua_pushvalue(L, -1);
    lua_pushboolean(L, 1);
    lua_rawset(L, -5);
  }
  lua_pop(L, 1);
 }
 #else
 void lsec_load_curves(lua_State *L)
 {
  // do nothing
 }
 void lsec_get_curves(lua_State *L)
 {
  lua_newtable(L);
 }
 #endif
--- a/src/ec.h
+++ b/src/ec.h
@ -1,22 +1,64 @@
 /*--------------------------------------------------------------------------
- * LuaSec 1.2.0
+ * LuaSec 0.5.1
- *
+ * Copyright (C) 2006-2015 Bruno Silvestre
 * Copyright (C) 2006-2022 Bruno Silvestre
 *
 *--------------------------------------------------------------------------*/
 #ifndef LSEC_EC_H
 #define LSEC_EC_H
-#include <lua.h>
+#include <openssl/objects.h>
-#ifndef OPENSSL_NO_EC
+typedef struct t_ec_ {
-#include <openssl/ec.h>
+  char *name;
  int nid;
 } t_ec;
 typedef t_ec* p_ec;
-EC_KEY *lsec_find_ec_key(lua_State *L, const char *str);
+/* Elliptic curves supported */
-#endif
+static t_ec curves[] = {
-
+  /* SECG */
-void lsec_get_curves(lua_State *L);
+  {"secp112r1", NID_secp112r1},
-void lsec_load_curves(lua_State *L);
+  {"secp112r2", NID_secp112r2},
  {"secp128r1", NID_secp128r1},
  {"secp128r2", NID_secp128r2},
  {"secp160k1", NID_secp160k1},
  {"secp160r1", NID_secp160r1},
  {"secp160r2", NID_secp160r2},
  {"secp192k1", NID_secp192k1},
  {"secp224k1", NID_secp224k1},
  {"secp224r1", NID_secp224r1},
  {"secp256k1", NID_secp256k1},
  {"secp384r1", NID_secp384r1},
  {"secp521r1", NID_secp521r1},
  {"sect113r1", NID_sect113r1},
  {"sect113r2", NID_sect113r2},
  {"sect131r1", NID_sect131r1},
  {"sect131r2", NID_sect131r2},
  {"sect163k1", NID_sect163k1},
  {"sect163r1", NID_sect163r1},
  {"sect163r2", NID_sect163r2},
  {"sect193r1", NID_sect193r1},
  {"sect193r2", NID_sect193r2},
  {"sect233k1", NID_sect233k1},
  {"sect233r1", NID_sect233r1},
  {"sect239k1", NID_sect239k1},
  {"sect283k1", NID_sect283k1},
  {"sect283r1", NID_sect283r1},
  {"sect409k1", NID_sect409k1},
  {"sect409r1", NID_sect409r1},
  {"sect571k1", NID_sect571k1},
  {"sect571r1", NID_sect571r1},
  /* ANSI X9.62 */
  {"prime192v1", NID_X9_62_prime192v1},
  {"prime192v2", NID_X9_62_prime192v2},
  {"prime192v3", NID_X9_62_prime192v3},
  {"prime239v1", NID_X9_62_prime239v1},
  {"prime239v2", NID_X9_62_prime239v2},
  {"prime239v3", NID_X9_62_prime239v3},
  {"prime256v1", NID_X9_62_prime256v1},
  /* End */
  {NULL,        0U}
 };
 #endif
--- a/src/https.lua
+++ b/src/https.lua
@ -1,6 +1,6 @@
 ----------------------------------------------------------------------------
-- LuaSec 1.2.0
+-- LuaSec 0.5.1
-- Copyright (C) 2009-2022 PUC-Rio
+-- Copyright (C) 2009-2015 PUC-Rio
 --
 -- Author: Pablo Musa
 -- Author: Tomas Guisasola
@ -12,22 +12,25 @@ local ltn12  = require("ltn12")
 local http   = require("socket.http")
 local url    = require("socket.url")
-local try    = socket.try
+local table  = require("table")
 local string = require("string")
--
+local try          = socket.try
-- Module
+local type         = type
--
+local pairs        = pairs
-local _M = {
+local getmetatable = getmetatable
-  _VERSION   = "1.2.0",
+
-  _COPYRIGHT = "LuaSec 1.2.0 - Copyright (C) 2009-2022 PUC-Rio",
+module("ssl.https")
-  PORT       = 443,
+
-  TIMEOUT    = 60
+_VERSION   = "0.5.1"
-}
+_COPYRIGHT = "LuaSec 0.5.1 - Copyright (C) 2009-2015 PUC-Rio"
 -- Default settings
 PORT = 443
 -- TLS configuration
 local cfg = {
-  protocol = "any",
+  protocol = "tlsv1",
-  options  = {"all", "no_sslv2", "no_sslv3", "no_tlsv1"},
+  options  = "all",
  verify   = "none",
 }
@ -37,7 +40,7 @@ local cfg = {
 -- Insert default HTTPS port.
 local function default_https_port(u)
-   return url.build(url.parse(u, {port = _M.PORT}))
+   return url.build(url.parse(u, {port = PORT}))
 end
 -- Convert an URL to a table according to Luasocket needs.
@ -84,16 +87,14 @@ local function tcp(params)
      conn.sock = try(socket.tcp())
      local st = getmetatable(conn.sock).__index.settimeout
      function conn:settimeout(...)
-         return st(self.sock, _M.TIMEOUT)
+         return st(self.sock, ...)
      end
      -- Replace TCP's connection function
      function conn:connect(host, port)
         try(self.sock:connect(host, port))
         self.sock = try(ssl.wrap(self.sock, params))
         self.sock:sni(host)
         self.sock:settimeout(_M.TIMEOUT)
         try(self.sock:dohandshake())
-         reg(self)
+         reg(self, getmetatable(self.sock))
         return 1
      end
      return conn
@ -112,7 +113,7 @@ end
 -- @param body optional (string)
 -- @return (string if url == string or 1), code, headers, status
 --
-local function request(url, body)
+function request(url, body)
  local result_table = {}
  local stringrequest = type(url) == "string"
  if stringrequest then
@ -135,12 +136,3 @@ local function request(url, body)
  end
  return res, code, headers, status
 end
 --------------------------------------------------------------------------------
 -- Export module
 --
 _M.request = request
 _M.tcp = tcp
 return _M
--- a/src/luasocket/Makefile
+++ b/src/luasocket/Makefile
@ -6,7 +6,7 @@ OBJS= \
 CC	?= cc
 CFLAGS	+= $(MYCFLAGS) -DLUASOCKET_DEBUG
-AR	?= ar
+AR	:= ar rcu
 RANLIB	?= ranlib
 .PHONY: all clean
@ -14,7 +14,7 @@ RANLIB	?= ranlib
 all: libluasocket.a
 libluasocket.a: $(OBJS)
-	$(AR) rcu $@ $(OBJS)
+	$(AR) $@ $(OBJS)
 	$(RANLIB) $@
 clean:
--- a/src/luasocket/buffer.c
+++ b/src/luasocket/buffer.c
@ -107,16 +107,10 @@ int buffer_meth_send(lua_State *L, p_buffer buf) {
 * object:receive() interface
 \*-------------------------------------------------------------------------*/
 int buffer_meth_receive(lua_State *L, p_buffer buf) {
    int err = IO_DONE, top = lua_gettop(L);
    luaL_Buffer b;
    size_t size;
-    const char *part;
+    const char *part = luaL_optlstring(L, 3, "", &size);
    int err = IO_DONE;
    int top = lua_gettop(L);
    if (top < 3) {
        lua_settop(L, 3);
        top = 3;
    }
    part = luaL_optlstring(L, 3, "", &size);
 #ifdef LUASOCKET_DEBUG
    p_timeout tm = timeout_markstart(buf->tm);
 #endif
@ -141,7 +135,7 @@ int buffer_meth_receive(lua_State *L, p_buffer buf) {
    }
    /* check if there was an error */
    if (err != IO_DONE) {
-        /* we can't push anything in the stack before pushing the
+        /* we can't push anyting in the stack before pushing the
         * contents of the buffer. this is the reason for the complication */
        luaL_pushresult(&b);
        lua_pushstring(L, buf->io->error(buf->io->ctx, err)); 
--- a/src/luasocket/io.h
+++ b/src/luasocket/io.h
@ -43,7 +43,7 @@ typedef int (*p_send) (
 /* interface to recv function */
 typedef int (*p_recv) (
    void *ctx,          /* context needed by recv */
-    char *data,         /* pointer to buffer where data will be written */
+    char *data,         /* pointer to buffer where data will be writen */
    size_t count,       /* number of bytes to receive into buffer */
    size_t *got,        /* number of bytes received uppon return */
    p_timeout tm        /* timeout control */
--- a/src/luasocket/socket.h
+++ b/src/luasocket/socket.h
@ -32,7 +32,7 @@
 typedef struct sockaddr SA;
 /*=========================================================================*\
-* Functions below implement a comfortable platform independent 
+* Functions bellow implement a comfortable platform independent 
 * interface to sockets
 \*=========================================================================*/
 int socket_open(void);
--- a/src/luasocket/timeout.h
+++ b/src/luasocket/timeout.h
@ -9,7 +9,7 @@
 /* timeout control structure */
 typedef struct t_timeout_ {
    double block;          /* maximum time for blocking calls */
-    double total;          /* total number of milliseconds for operation */
+    double total;          /* total number of miliseconds for operation */
    double start;          /* time of start of operation */
 } t_timeout;
 typedef t_timeout *p_timeout;
--- a/src/luasocket/usocket.c
+++ b/src/luasocket/usocket.c
@ -40,7 +40,7 @@ int socket_waitfd(p_socket ps, int sw, p_timeout tm) {
    if (*ps >= FD_SETSIZE) return EINVAL;
    if (timeout_iszero(tm)) return IO_TIMEOUT;  /* optimize timeout == 0 case */
    do {
-        /* must set bits within loop, because select may have modified them */
+        /* must set bits within loop, because select may have modifed them */
        rp = wp = NULL;
        if (sw & WAITFD_R) { FD_ZERO(&rfds); FD_SET(*ps, &rfds); rp = &rfds; }
        if (sw & WAITFD_W) { FD_ZERO(&wfds); FD_SET(*ps, &wfds); wp = &wfds; }
--- a/src/options.c
+++ b/src/options.c
@ -1,185 +0,0 @@
 /*--------------------------------------------------------------------------
 * LuaSec 1.2.0
 *
 * Copyright (C) 2006-2022 Bruno Silvestre
 *
 *--------------------------------------------------------------------------*/
 #include <openssl/ssl.h>
 #include "options.h"
 /* If you need to generate these options again, see options.lua */
 /* 
  OpenSSL version: OpenSSL 3.0.0-beta2
 */
 static lsec_ssl_option_t ssl_options[] = {
 #if defined(SSL_OP_ALL)
  {"all", SSL_OP_ALL},
 #endif
 #if defined(SSL_OP_ALLOW_CLIENT_RENEGOTIATION)
  {"allow_client_renegotiation", SSL_OP_ALLOW_CLIENT_RENEGOTIATION},
 #endif
 #if defined(SSL_OP_ALLOW_NO_DHE_KEX)
  {"allow_no_dhe_kex", SSL_OP_ALLOW_NO_DHE_KEX},
 #endif
 #if defined(SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)
  {"allow_unsafe_legacy_renegotiation", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION},
 #endif
 #if defined(SSL_OP_CIPHER_SERVER_PREFERENCE)
  {"cipher_server_preference", SSL_OP_CIPHER_SERVER_PREFERENCE},
 #endif
 #if defined(SSL_OP_CISCO_ANYCONNECT)
  {"cisco_anyconnect", SSL_OP_CISCO_ANYCONNECT},
 #endif
 #if defined(SSL_OP_CLEANSE_PLAINTEXT)
  {"cleanse_plaintext", SSL_OP_CLEANSE_PLAINTEXT},
 #endif
 #if defined(SSL_OP_COOKIE_EXCHANGE)
  {"cookie_exchange", SSL_OP_COOKIE_EXCHANGE},
 #endif
 #if defined(SSL_OP_CRYPTOPRO_TLSEXT_BUG)
  {"cryptopro_tlsext_bug", SSL_OP_CRYPTOPRO_TLSEXT_BUG},
 #endif
 #if defined(SSL_OP_DISABLE_TLSEXT_CA_NAMES)
  {"disable_tlsext_ca_names", SSL_OP_DISABLE_TLSEXT_CA_NAMES},
 #endif
 #if defined(SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)
  {"dont_insert_empty_fragments", SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS},
 #endif
 #if defined(SSL_OP_ENABLE_KTLS)
  {"enable_ktls", SSL_OP_ENABLE_KTLS},
 #endif
 #if defined(SSL_OP_ENABLE_MIDDLEBOX_COMPAT)
  {"enable_middlebox_compat", SSL_OP_ENABLE_MIDDLEBOX_COMPAT},
 #endif
 #if defined(SSL_OP_EPHEMERAL_RSA)
  {"ephemeral_rsa", SSL_OP_EPHEMERAL_RSA},
 #endif
 #if defined(SSL_OP_IGNORE_UNEXPECTED_EOF)
  {"ignore_unexpected_eof", SSL_OP_IGNORE_UNEXPECTED_EOF},
 #endif
 #if defined(SSL_OP_LEGACY_SERVER_CONNECT)
  {"legacy_server_connect", SSL_OP_LEGACY_SERVER_CONNECT},
 #endif
 #if defined(SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
  {"microsoft_big_sslv3_buffer", SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER},
 #endif
 #if defined(SSL_OP_MICROSOFT_SESS_ID_BUG)
  {"microsoft_sess_id_bug", SSL_OP_MICROSOFT_SESS_ID_BUG},
 #endif
 #if defined(SSL_OP_MSIE_SSLV2_RSA_PADDING)
  {"msie_sslv2_rsa_padding", SSL_OP_MSIE_SSLV2_RSA_PADDING},
 #endif
 #if defined(SSL_OP_NETSCAPE_CA_DN_BUG)
  {"netscape_ca_dn_bug", SSL_OP_NETSCAPE_CA_DN_BUG},
 #endif
 #if defined(SSL_OP_NETSCAPE_CHALLENGE_BUG)
  {"netscape_challenge_bug", SSL_OP_NETSCAPE_CHALLENGE_BUG},
 #endif
 #if defined(SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG)
  {"netscape_demo_cipher_change_bug", SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG},
 #endif
 #if defined(SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG)
  {"netscape_reuse_cipher_change_bug", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG},
 #endif
 #if defined(SSL_OP_NO_ANTI_REPLAY)
  {"no_anti_replay", SSL_OP_NO_ANTI_REPLAY},
 #endif
 #if defined(SSL_OP_NO_COMPRESSION)
  {"no_compression", SSL_OP_NO_COMPRESSION},
 #endif
 #if defined(SSL_OP_NO_DTLS_MASK)
  {"no_dtls_mask", SSL_OP_NO_DTLS_MASK},
 #endif
 #if defined(SSL_OP_NO_DTLSv1)
  {"no_dtlsv1", SSL_OP_NO_DTLSv1},
 #endif
 #if defined(SSL_OP_NO_DTLSv1_2)
  {"no_dtlsv1_2", SSL_OP_NO_DTLSv1_2},
 #endif
 #if defined(SSL_OP_NO_ENCRYPT_THEN_MAC)
  {"no_encrypt_then_mac", SSL_OP_NO_ENCRYPT_THEN_MAC},
 #endif
 #if defined(SSL_OP_NO_EXTENDED_MASTER_SECRET)
  {"no_extended_master_secret", SSL_OP_NO_EXTENDED_MASTER_SECRET},
 #endif
 #if defined(SSL_OP_NO_QUERY_MTU)
  {"no_query_mtu", SSL_OP_NO_QUERY_MTU},
 #endif
 #if defined(SSL_OP_NO_RENEGOTIATION)
  {"no_renegotiation", SSL_OP_NO_RENEGOTIATION},
 #endif
 #if defined(SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)
  {"no_session_resumption_on_renegotiation", SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION},
 #endif
 #if defined(SSL_OP_NO_SSL_MASK)
  {"no_ssl_mask", SSL_OP_NO_SSL_MASK},
 #endif
 #if defined(SSL_OP_NO_SSLv2)
  {"no_sslv2", SSL_OP_NO_SSLv2},
 #endif
 #if defined(SSL_OP_NO_SSLv3)
  {"no_sslv3", SSL_OP_NO_SSLv3},
 #endif
 #if defined(SSL_OP_NO_TICKET)
  {"no_ticket", SSL_OP_NO_TICKET},
 #endif
 #if defined(SSL_OP_NO_TLSv1)
  {"no_tlsv1", SSL_OP_NO_TLSv1},
 #endif
 #if defined(SSL_OP_NO_TLSv1_1)
  {"no_tlsv1_1", SSL_OP_NO_TLSv1_1},
 #endif
 #if defined(SSL_OP_NO_TLSv1_2)
  {"no_tlsv1_2", SSL_OP_NO_TLSv1_2},
 #endif
 #if defined(SSL_OP_NO_TLSv1_3)
  {"no_tlsv1_3", SSL_OP_NO_TLSv1_3},
 #endif
 #if defined(SSL_OP_PKCS1_CHECK_1)
  {"pkcs1_check_1", SSL_OP_PKCS1_CHECK_1},
 #endif
 #if defined(SSL_OP_PKCS1_CHECK_2)
  {"pkcs1_check_2", SSL_OP_PKCS1_CHECK_2},
 #endif
 #if defined(SSL_OP_PRIORITIZE_CHACHA)
  {"prioritize_chacha", SSL_OP_PRIORITIZE_CHACHA},
 #endif
 #if defined(SSL_OP_SAFARI_ECDHE_ECDSA_BUG)
  {"safari_ecdhe_ecdsa_bug", SSL_OP_SAFARI_ECDHE_ECDSA_BUG},
 #endif
 #if defined(SSL_OP_SINGLE_DH_USE)
  {"single_dh_use", SSL_OP_SINGLE_DH_USE},
 #endif
 #if defined(SSL_OP_SINGLE_ECDH_USE)
  {"single_ecdh_use", SSL_OP_SINGLE_ECDH_USE},
 #endif
 #if defined(SSL_OP_SSLEAY_080_CLIENT_DH_BUG)
  {"ssleay_080_client_dh_bug", SSL_OP_SSLEAY_080_CLIENT_DH_BUG},
 #endif
 #if defined(SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG)
  {"sslref2_reuse_cert_type_bug", SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG},
 #endif
 #if defined(SSL_OP_TLSEXT_PADDING)
  {"tlsext_padding", SSL_OP_TLSEXT_PADDING},
 #endif
 #if defined(SSL_OP_TLS_BLOCK_PADDING_BUG)
  {"tls_block_padding_bug", SSL_OP_TLS_BLOCK_PADDING_BUG},
 #endif
 #if defined(SSL_OP_TLS_D5_BUG)
  {"tls_d5_bug", SSL_OP_TLS_D5_BUG},
 #endif
 #if defined(SSL_OP_TLS_ROLLBACK_BUG)
  {"tls_rollback_bug", SSL_OP_TLS_ROLLBACK_BUG},
 #endif
  {NULL, 0L}
 };
 LSEC_API lsec_ssl_option_t* lsec_get_ssl_options() {
  return ssl_options;
 }
--- a/src/options.h
+++ b/src/options.h
@ -2,21 +2,130 @@
 #define LSEC_OPTIONS_H
 /*--------------------------------------------------------------------------
- * LuaSec 1.2.0
+ * LuaSec 0.5.1
- *
+ * Copyright (C) 2006-2015 Bruno Silvestre
 * Copyright (C) 2006-2022 Bruno Silvestre
 *
 *--------------------------------------------------------------------------*/
-#include "compat.h"
+#include <openssl/ssl.h>
-struct lsec_ssl_option_s {
+/* If you need to generate these options again, see options.lua */
 /* 
  OpenSSL version: OpenSSL 1.0.1e 2013-06-12
 */
 struct ssl_option_s {
  const char *name;
  unsigned long code;
 };
 typedef struct ssl_option_s ssl_option_t;
-typedef struct lsec_ssl_option_s lsec_ssl_option_t;
+static ssl_option_t ssl_options[] = {
-
+#if defined(SSL_OP_ALL)
-LSEC_API lsec_ssl_option_t* lsec_get_ssl_options();
+  {"all", SSL_OP_ALL},
 #endif
 #if defined(SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)
  {"allow_unsafe_legacy_renegotiation", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION},
 #endif
 #if defined(SSL_OP_CIPHER_SERVER_PREFERENCE)
  {"cipher_server_preference", SSL_OP_CIPHER_SERVER_PREFERENCE},
 #endif
 #if defined(SSL_OP_CISCO_ANYCONNECT)
  {"cisco_anyconnect", SSL_OP_CISCO_ANYCONNECT},
 #endif
 #if defined(SSL_OP_COOKIE_EXCHANGE)
  {"cookie_exchange", SSL_OP_COOKIE_EXCHANGE},
 #endif
 #if defined(SSL_OP_CRYPTOPRO_TLSEXT_BUG)
  {"cryptopro_tlsext_bug", SSL_OP_CRYPTOPRO_TLSEXT_BUG},
 #endif
 #if defined(SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)
  {"dont_insert_empty_fragments", SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS},
 #endif
 #if defined(SSL_OP_EPHEMERAL_RSA)
  {"ephemeral_rsa", SSL_OP_EPHEMERAL_RSA},
 #endif
 #if defined(SSL_OP_LEGACY_SERVER_CONNECT)
  {"legacy_server_connect", SSL_OP_LEGACY_SERVER_CONNECT},
 #endif
 #if defined(SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
  {"microsoft_big_sslv3_buffer", SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER},
 #endif
 #if defined(SSL_OP_MICROSOFT_SESS_ID_BUG)
  {"microsoft_sess_id_bug", SSL_OP_MICROSOFT_SESS_ID_BUG},
 #endif
 #if defined(SSL_OP_MSIE_SSLV2_RSA_PADDING)
  {"msie_sslv2_rsa_padding", SSL_OP_MSIE_SSLV2_RSA_PADDING},
 #endif
 #if defined(SSL_OP_NETSCAPE_CA_DN_BUG)
  {"netscape_ca_dn_bug", SSL_OP_NETSCAPE_CA_DN_BUG},
 #endif
 #if defined(SSL_OP_NETSCAPE_CHALLENGE_BUG)
  {"netscape_challenge_bug", SSL_OP_NETSCAPE_CHALLENGE_BUG},
 #endif
 #if defined(SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG)
  {"netscape_demo_cipher_change_bug", SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG},
 #endif
 #if defined(SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG)
  {"netscape_reuse_cipher_change_bug", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG},
 #endif
 #if defined(SSL_OP_NO_COMPRESSION)
  {"no_compression", SSL_OP_NO_COMPRESSION},
 #endif
 #if defined(SSL_OP_NO_QUERY_MTU)
  {"no_query_mtu", SSL_OP_NO_QUERY_MTU},
 #endif
 #if defined(SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)
  {"no_session_resumption_on_renegotiation", SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION},
 #endif
 #if defined(SSL_OP_NO_SSLv2)
  {"no_sslv2", SSL_OP_NO_SSLv2},
 #endif
 #if defined(SSL_OP_NO_SSLv3)
  {"no_sslv3", SSL_OP_NO_SSLv3},
 #endif
 #if defined(SSL_OP_NO_TICKET)
  {"no_ticket", SSL_OP_NO_TICKET},
 #endif
 #if defined(SSL_OP_NO_TLSv1)
  {"no_tlsv1", SSL_OP_NO_TLSv1},
 #endif
 #if defined(SSL_OP_NO_TLSv1_1)
  {"no_tlsv1_1", SSL_OP_NO_TLSv1_1},
 #endif
 #if defined(SSL_OP_NO_TLSv1_2)
  {"no_tlsv1_2", SSL_OP_NO_TLSv1_2},
 #endif
 #if defined(SSL_OP_PKCS1_CHECK_1)
  {"pkcs1_check_1", SSL_OP_PKCS1_CHECK_1},
 #endif
 #if defined(SSL_OP_PKCS1_CHECK_2)
  {"pkcs1_check_2", SSL_OP_PKCS1_CHECK_2},
 #endif
 #if defined(SSL_OP_SINGLE_DH_USE)
  {"single_dh_use", SSL_OP_SINGLE_DH_USE},
 #endif
 #if defined(SSL_OP_SINGLE_ECDH_USE)
  {"single_ecdh_use", SSL_OP_SINGLE_ECDH_USE},
 #endif
 #if defined(SSL_OP_SSLEAY_080_CLIENT_DH_BUG)
  {"ssleay_080_client_dh_bug", SSL_OP_SSLEAY_080_CLIENT_DH_BUG},
 #endif
 #if defined(SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG)
  {"sslref2_reuse_cert_type_bug", SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG},
 #endif
 #if defined(SSL_OP_TLS_BLOCK_PADDING_BUG)
  {"tls_block_padding_bug", SSL_OP_TLS_BLOCK_PADDING_BUG},
 #endif
 #if defined(SSL_OP_TLS_D5_BUG)
  {"tls_d5_bug", SSL_OP_TLS_D5_BUG},
 #endif
 #if defined(SSL_OP_TLS_ROLLBACK_BUG)
  {"tls_rollback_bug", SSL_OP_TLS_ROLLBACK_BUG},
 #endif
  {NULL, 0L}
 };
 #endif
--- a/src/options.lua
+++ b/src/options.lua
@ -1,10 +1,10 @@
 local function usage()
  print("Usage:")
  print("* Generate options of your system:")
-  print("  lua options.lua -g /path/to/ssl.h [version] > options.c")
+  print("  lua options.lua -g /path/to/ssl.h [verion] > options.h")
  print("* Examples:")
-  print("  lua options.lua -g /usr/include/openssl/ssl.h > options.c\n")
+  print("  lua options.lua -g /usr/include/openssl/ssl.h > options.h\n")
-  print("  lua options.lua -g /usr/include/openssl/ssl.h \"OpenSSL 1.1.1f\" > options.c\n")
+  print("  lua options.lua -g /usr/include/openssl/ssl.h \"OpenSSL 1.0.1 14\" > options.h\n")
  print("* List options of your system:")
  print("  lua options.lua -l /path/to/ssl.h\n")
@ -17,28 +17,33 @@ end
 local function generate(options, version)
  print([[
 #ifndef LSEC_OPTIONS_H
 #define LSEC_OPTIONS_H
 /*--------------------------------------------------------------------------
- * LuaSec 1.2.0
+ * LuaSec 0.5.1
- *
+ * Copyright (C) 2006-2015 Bruno Silvestre
 * Copyright (C) 2006-2022 Bruno Silvestre
 *
 *--------------------------------------------------------------------------*/
 #include <openssl/ssl.h>
 #include "options.h"
 /* If you need to generate these options again, see options.lua */
 ]])
  printf([[
 /* 
  OpenSSL version: %s
 */
 ]], version)
  print([[
 struct ssl_option_s {
  const char *name;
  unsigned long code;
 };
 typedef struct ssl_option_s ssl_option_t;
 ]])
-  print([[static lsec_ssl_option_t ssl_options[] = {]])
+  print([[static ssl_option_t ssl_options[] = {]])
  for k, option in ipairs(options) do
    local name = string.lower(string.sub(option, 8))
@ -50,9 +55,7 @@ local function generate(options, version)
  print([[
 };
-LSEC_API lsec_ssl_option_t* lsec_get_ssl_options() {
+#endif
  return ssl_options;
 }
 ]])
 end
@ -60,12 +63,9 @@ local function loadoptions(file)
  local options = {}
  local f = assert(io.open(file, "r"))
  for line in f:lines() do
-    local op = string.match(line, "define%s+(SSL_OP_BIT%()")
+    local op = string.match(line, "define%s+(SSL_OP_%S+)")
-    if not op then
+    if op then
-      op = string.match(line, "define%s+(SSL_OP_%S+)")
+      table.insert(options, op)
      if op then
        table.insert(options, op)
      end
    end
  end
  table.sort(options, function(a,b) return a<b end)
--- a/src/ssl.c
+++ b/src/ssl.c
@ -1,9 +1,9 @@
 /*--------------------------------------------------------------------------
- * LuaSec 1.2.0
+ * LuaSec 0.5.1
 *
- * Copyright (C) 2014-2022 Kim Alvefur, Paul Aurich, Tobias Markmann, 
+ * Copyright (C) 2014-2015 Kim Alvefur, Paul Aurich, Tobias Markmann, 
 *                         Matthew Wild.
- * Copyright (C) 2006-2022 Bruno Silvestre.
+ * Copyright (C) 2006-2014 Bruno Silvestre.
 *
 *--------------------------------------------------------------------------*/
@ -11,14 +11,13 @@
 #include <string.h>
 #if defined(WIN32)
-#include <winsock2.h>
+#include <Winsock2.h>
 #endif
 #include <openssl/ssl.h>
 #include <openssl/x509v3.h>
 #include <openssl/x509_vfy.h>
 #include <openssl/err.h>
 #include <openssl/dh.h>
 #include <lua.h>
 #include <lauxlib.h>
@ -29,17 +28,8 @@
 #include <luasocket/socket.h>
 #include "x509.h"
 #include "context.h"
 #include "ssl.h"
 #ifndef LSEC_API_OPENSSL_1_1_0
 #define SSL_is_server(s) (s->server)
 #define SSL_up_ref(ssl)  CRYPTO_add(&(ssl)->references, 1, CRYPTO_LOCK_SSL)
 #define X509_up_ref(c)   CRYPTO_add(&c->references, 1, CRYPTO_LOCK_X509)
 #endif
 /**
 * Underline socket error.
 */
@ -48,11 +38,6 @@ static int lsec_socket_error()
 #if defined(WIN32)
  return WSAGetLastError();
 #else
 #if defined(LSEC_OPENSSL_1_1_1)
  // Bug in OpenSSL 1.1.1
  if (errno == 0)
    return LSEC_IO_SSL;
 #endif
  return errno;
 #endif
 }
@ -95,15 +80,11 @@ static int meth_destroy(lua_State *L)
  }
  ssl->state = LSEC_STATE_CLOSED;
  if (ssl->ssl) {
-    /* Clear the registries */
+    /* Clear the registry */
    luaL_getmetatable(L, "SSL:Verify:Registry");
    lua_pushlightuserdata(L, (void*)ssl->ssl);
    lua_pushnil(L);
    lua_settable(L, -3);
    luaL_getmetatable(L, "SSL:SNI:Registry");
    lua_pushlightuserdata(L, (void*)ssl->ssl);
    lua_pushnil(L);
    lua_settable(L, -3);
    /* Destroy the object */
    SSL_free(ssl->ssl);
    ssl->ssl = NULL;
@ -205,9 +186,9 @@ static int ssl_recv(void *ctx, char *data, size_t count, size_t *got,
 {
  int err;
  p_ssl ssl = (p_ssl)ctx;
  *got = 0;
  if (ssl->state != LSEC_STATE_CONNECTED)
    return IO_CLOSED;
  *got = 0;
  for ( ; ; ) {
    ERR_clear_error();
    err = SSL_read(ssl->ssl, data, (int)count);
@ -217,6 +198,7 @@ static int ssl_recv(void *ctx, char *data, size_t count, size_t *got,
      *got = err;
      return IO_DONE;
    case SSL_ERROR_ZERO_RETURN:
      *got = err;
      return IO_CLOSED;
    case SSL_ERROR_WANT_READ:
      err = socket_waitfd(&ssl->sock, WAITFD_R, tm);
@ -243,72 +225,40 @@ static int ssl_recv(void *ctx, char *data, size_t count, size_t *got,
  return IO_UNKNOWN;
 }
 static SSL_CTX* luaossl_testcontext(lua_State *L, int arg) {
  SSL_CTX **ctx = luaL_testudata(L, arg, "SSL_CTX*");
  if (ctx)
    return *ctx;
  return NULL;
 }
 static SSL* luaossl_testssl(lua_State *L, int arg) {
  SSL **ssl = luaL_testudata(L, arg, "SSL*");
  if (ssl)
    return *ssl;
  return NULL;
 }
 /**
 * Create a new TLS/SSL object and mark it as new.
 */
 static int meth_create(lua_State *L)
 {
  p_ssl ssl;
-  int mode;
+  int mode = lsec_getmode(L, 1);
-  SSL_CTX *ctx;
+  SSL_CTX *ctx = lsec_checkcontext(L, 1);
  lua_settop(L, 1);
  if (mode == LSEC_MODE_INVALID) {
    lua_pushnil(L);
    lua_pushstring(L, "invalid mode");
    return 2;
  }
  ssl = (p_ssl)lua_newuserdata(L, sizeof(t_ssl));
  if (!ssl) {
    lua_pushnil(L);
    lua_pushstring(L, "error creating SSL object");
    return 2;
  }
-
+  ssl->ssl = SSL_new(ctx);
-  if ((ctx = lsec_testcontext(L, 1))) {
+  if (!ssl->ssl) {
-    mode = lsec_getmode(L, 1);
+    lua_pushnil(L);
-    if (mode == LSEC_MODE_INVALID) {
+    lua_pushfstring(L, "error creating SSL object (%s)",
-      lua_pushnil(L);
+      ERR_reason_error_string(ERR_get_error()));
-      lua_pushstring(L, "invalid mode");
+    return 2;
      return 2;
    }
    ssl->ssl = SSL_new(ctx);
    if (!ssl->ssl) {
      lua_pushnil(L);
      lua_pushfstring(L, "error creating SSL object (%s)",
        ERR_reason_error_string(ERR_get_error()));
      return 2;
    }
  } else if ((ctx = luaossl_testcontext(L, 1))) {
    ssl->ssl = SSL_new(ctx);
    if (!ssl->ssl) {
      lua_pushnil(L);
      lua_pushfstring(L, "error creating SSL object (%s)",
        ERR_reason_error_string(ERR_get_error()));
      return 2;
    }
    mode = SSL_is_server(ssl->ssl) ? LSEC_MODE_SERVER : LSEC_MODE_CLIENT;
  } else if ((ssl->ssl = luaossl_testssl(L, 1))) {
    SSL_up_ref(ssl->ssl);
    mode = SSL_is_server(ssl->ssl) ? LSEC_MODE_SERVER : LSEC_MODE_CLIENT;
  } else {
    return luaL_argerror(L, 1, "invalid context");
  }
  ssl->state = LSEC_STATE_NEW;
  SSL_set_fd(ssl->ssl, (int)SOCKET_INVALID);
  SSL_set_mode(ssl->ssl, SSL_MODE_ENABLE_PARTIAL_WRITE | 
    SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
 #if defined(SSL_MODE_RELEASE_BUFFERS)
  SSL_set_mode(ssl->ssl, SSL_MODE_RELEASE_BUFFERS);
 #endif
  if (mode == LSEC_MODE_SERVER)
    SSL_set_accept_state(ssl->ssl);
  else
@ -375,7 +325,7 @@ static int meth_setfd(lua_State *L)
  p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
  if (ssl->state != LSEC_STATE_NEW)
    luaL_argerror(L, 1, "invalid SSL object state");
-  ssl->sock = (t_socket)luaL_checkinteger(L, 2);
+  ssl->sock = luaL_checkint(L, 2);
  socket_setnonblocking(&ssl->sock);
  SSL_set_fd(ssl->ssl, (int)ssl->sock);
  return 0;
@ -386,19 +336,8 @@ static int meth_setfd(lua_State *L)
 */
 static int meth_handshake(lua_State *L)
 {
  int err;
  p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
-  p_context ctx = (p_context)SSL_CTX_get_app_data(SSL_get_SSL_CTX(ssl->ssl));
+  int err = handshake(ssl);
  ctx->L = L;
  err = handshake(ssl);
  if (ctx->dh_param) {
    DH_free(ctx->dh_param);
    ctx->dh_param = NULL;
  }
  if (ctx->alpn) {
    free(ctx->alpn);
    ctx->alpn = NULL;
  }
  if (err == IO_DONE) {
    lua_pushboolean(L, 1);
    return 1;
@ -456,17 +395,13 @@ static int meth_want(lua_State *L)
  }
  return 1;
 }
-
+  
 /**
 * Return the compression method used.
 */
 static int meth_compression(lua_State *L)
 {
 #ifdef OPENSSL_NO_COMP
  const void *comp;
 #else
  const COMP_METHOD *comp;
 #endif
  p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
  if (ssl->state != LSEC_STATE_CONNECTED) {
    lua_pushnil(L);
@ -496,7 +431,7 @@ static int meth_getpeercertificate(lua_State *L)
    return 2;
  }
  /* Default to the first cert */ 
-  n = (int)luaL_optinteger(L, 2, 1);                           
+  n = luaL_optint(L, 2, 1);                           
  /* This function is 1-based, but OpenSSL is 0-based */
  --n;
  if (n < 0) {
@ -515,7 +450,7 @@ static int meth_getpeercertificate(lua_State *L)
  /* In a server-context, the stack doesn't contain the peer cert,
   * so adjust accordingly.
   */
-  if (SSL_is_server(ssl->ssl))
+  if (ssl->ssl->server)
    --n;
  certs = SSL_get_peer_cert_chain(ssl->ssl);
  if (n >= sk_X509_num(certs)) {
@ -525,63 +460,11 @@ static int meth_getpeercertificate(lua_State *L)
  cert = sk_X509_value(certs, n);
  /* Increment the reference counting of the object. */
  /* See SSL_get_peer_certificate() source code.     */
-  X509_up_ref(cert);
+  CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
  lsec_pushx509(L, cert);
  return 1;
 }
 /**
 * Return the nth certificate of the chain sent to our peer.
 */
 static int meth_getlocalcertificate(lua_State *L)
 {
  int n;
  X509 *cert;
  STACK_OF(X509) *certs;
  p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
  if (ssl->state != LSEC_STATE_CONNECTED) {
    lua_pushnil(L);
    lua_pushstring(L, "closed");
    return 2;
  }
  /* Default to the first cert */
  n = (int)luaL_optinteger(L, 2, 1);
  /* This function is 1-based, but OpenSSL is 0-based */
  --n;
  if (n < 0) {
    lua_pushnil(L);
    lua_pushliteral(L, "invalid certificate index");
    return 2;
  }
  if (n == 0) {
    cert = SSL_get_certificate(ssl->ssl);
    if (cert)
      lsec_pushx509(L, cert);
    else
      lua_pushnil(L);
    return 1;
  }
  /* In a server-context, the stack doesn't contain the peer cert,
   * so adjust accordingly.
   */
  if (SSL_is_server(ssl->ssl))
    --n;
  if(SSL_get0_chain_certs(ssl->ssl, &certs) != 1) {
    lua_pushnil(L);
  } else {
    if (n >= sk_X509_num(certs)) {
      lua_pushnil(L);
      return 1;
    }
    cert = sk_X509_value(certs, n);
    /* Increment the reference counting of the object. */
    /* See SSL_get_peer_certificate() source code.     */
    X509_up_ref(cert);
    lsec_pushx509(L, cert);
  }
  return 1;
 }
 /**
 * Return the chain of certificate of the peer.
 */
@ -599,7 +482,7 @@ static int meth_getpeerchain(lua_State *L)
    return 2;
  }
  lua_newtable(L);
-  if (SSL_is_server(ssl->ssl)) {
+  if (ssl->ssl->server) {
    lsec_pushx509(L, SSL_get_peer_certificate(ssl->ssl));
    lua_rawseti(L, -2, idx++);
  }
@ -609,48 +492,13 @@ static int meth_getpeerchain(lua_State *L)
    cert = sk_X509_value(certs, i);
    /* Increment the reference counting of the object. */
    /* See SSL_get_peer_certificate() source code.     */
-    X509_up_ref(cert);
+    CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
    lsec_pushx509(L, cert);
    lua_rawseti(L, -2, idx++);
  }
  return 1;
 }
 /**
 * Return the chain of certificates sent to the peer.
 */
 static int meth_getlocalchain(lua_State *L)
 {
  int i;
  int idx = 1;
  int n_certs;
  X509 *cert;
  STACK_OF(X509) *certs;
  p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
  if (ssl->state != LSEC_STATE_CONNECTED) {
    lua_pushnil(L);
    lua_pushstring(L, "closed");
    return 2;
  }
  lua_newtable(L);
  if (SSL_is_server(ssl->ssl)) {
    lsec_pushx509(L, SSL_get_certificate(ssl->ssl));
    lua_rawseti(L, -2, idx++);
  }
  if(SSL_get0_chain_certs(ssl->ssl, &certs)) {
    n_certs = sk_X509_num(certs);
    for (i = 0; i < n_certs; i++) {
      cert = sk_X509_value(certs, i);
      /* Increment the reference counting of the object. */
      /* See SSL_get_peer_certificate() source code.     */
      X509_up_ref(cert);
      lsec_pushx509(L, cert);
      lua_rawseti(L, -2, idx++);
    }
  }
  return 1;
 }
 /**
 * Copy the table src to the table dst.
 */
@ -758,41 +606,6 @@ static int meth_getpeerfinished(lua_State *L)
  return 1;
 }
 /**
 * Get some shared keying material
 */
 static int meth_exportkeyingmaterial(lua_State *L)
 {
  p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
  if(ssl->state != LSEC_STATE_CONNECTED) {
    lua_pushnil(L);
    lua_pushstring(L, "closed");
    return 0;
  }
  size_t llen = 0;
  size_t contextlen = 0;
  const unsigned char *context = NULL;
  const char *label = (const char*)luaL_checklstring(L, 2, &llen);
  size_t olen = (size_t)luaL_checkinteger(L, 3);
  if (!lua_isnoneornil(L, 4))
    context = (const unsigned char*)luaL_checklstring(L, 4, &contextlen);
  /* Temporary buffer memory-managed by Lua itself */
  unsigned char *out = (unsigned char*)lua_newuserdata(L, olen);
  if(SSL_export_keying_material(ssl->ssl, out, olen, label, llen, context, contextlen, context != NULL) != 1) {
    lua_pushnil(L);
    lua_pushstring(L, "error exporting keying material");
    return 2;
  }
  lua_pushlstring(L, (char*)out, olen);
  return 1;
 }
 /**
 * Object information -- tostring metamethod
 */
@ -840,115 +653,9 @@ static int meth_info(lua_State *L)
  return 4;
 }
 static int sni_cb(SSL *ssl, int *ad, void *arg)
 {
  int strict;
  SSL_CTX *newctx = NULL;
  SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
  lua_State *L = ((p_context)SSL_CTX_get_app_data(ctx))->L;
  const char *name = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
  /* No name, use default context */
  if (!name)
    return SSL_TLSEXT_ERR_NOACK;
  /* Retrieve struct from registry */
  luaL_getmetatable(L, "SSL:SNI:Registry");
  lua_pushlightuserdata(L, (void*)ssl);
  lua_gettable(L, -2);
  /* Strict search? */
  lua_pushstring(L, "strict");
  lua_gettable(L, -2);
  strict = lua_toboolean(L, -1);
  lua_pop(L, 1);
  /* Search for the name in the map */
  lua_pushstring(L, "map");
  lua_gettable(L, -2);
  lua_pushstring(L, name);
  lua_gettable(L, -2);
  if (lua_isuserdata(L, -1))
    newctx = lsec_checkcontext(L, -1);
  lua_pop(L, 4);
  /* Found, use this context */
  if (newctx) {
    p_context pctx = (p_context)SSL_CTX_get_app_data(newctx);
    pctx->L = L;
    SSL_set_SSL_CTX(ssl, newctx);
    return SSL_TLSEXT_ERR_OK;
  }
  /* Not found, but use initial context */
  if (!strict)
    return SSL_TLSEXT_ERR_OK;
  return SSL_TLSEXT_ERR_ALERT_FATAL;
 }
 static int meth_sni(lua_State *L)
 {
  int strict;
  SSL_CTX *aux;
  const char *name;
  p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
  SSL_CTX *ctx = SSL_get_SSL_CTX(ssl->ssl);
  p_context pctx = (p_context)SSL_CTX_get_app_data(ctx);
  if (pctx->mode == LSEC_MODE_CLIENT) {
    name = luaL_checkstring(L, 2);
    SSL_set_tlsext_host_name(ssl->ssl, name);
    return 0;
  } else if (pctx->mode == LSEC_MODE_SERVER) {
    luaL_checktype(L, 2, LUA_TTABLE);
    strict = lua_toboolean(L, 3);
    /* Check if the table contains only (string -> context) */
    lua_pushnil(L);
    while (lua_next(L, 2)) {
      luaL_checkstring(L, -2);
      aux = lsec_checkcontext(L, -1);
      /* Set callback in every context */
      SSL_CTX_set_tlsext_servername_callback(aux, sni_cb);
      /* leave the next key on the stack */
      lua_pop(L, 1);
    }
    /* Save table in the register */
    luaL_getmetatable(L, "SSL:SNI:Registry");
    lua_pushlightuserdata(L, (void*)ssl->ssl);
    lua_newtable(L);
    lua_pushstring(L, "map");
    lua_pushvalue(L, 2);
    lua_settable(L, -3);
    lua_pushstring(L, "strict");
    lua_pushboolean(L, strict);
    lua_settable(L, -3);
    lua_settable(L, -3);
    /* Set callback in the default context */
    SSL_CTX_set_tlsext_servername_callback(ctx, sni_cb);
  }
  return 0;
 }
 static int meth_getsniname(lua_State *L)
 {
  p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
  const char *name = SSL_get_servername(ssl->ssl, TLSEXT_NAMETYPE_host_name);
  if (name)
    lua_pushstring(L, name);
  else
    lua_pushnil(L);
  return 1;
 }
 static int meth_getalpn(lua_State *L)
 {
  unsigned len;
  const unsigned char *data;
  p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
  SSL_get0_alpn_selected(ssl->ssl, &data, &len);
  if (data == NULL && len == 0)
    lua_pushnil(L);
  else
    lua_pushlstring(L, (const char*)data, len);
  return 1;
 }
 static int meth_copyright(lua_State *L)
 {
-  lua_pushstring(L, "LuaSec 1.2.0 - Copyright (C) 2006-2022 Bruno Silvestre, UFG"
+  lua_pushstring(L, "LuaSec 0.5.1 - Copyright (C) 2006-2015 Bruno Silvestre"
 #if defined(WITH_LUASOCKET)
                    "\nLuaSocket 3.0-RC1 - Copyright (C) 2004-2013 Diego Nehab"
 #endif
@ -956,34 +663,6 @@ static int meth_copyright(lua_State *L)
  return 1;
 }
 #if defined(LSEC_ENABLE_DANE)
 static int meth_dane(lua_State *L)
 {
  int ret;
  p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
  ret = SSL_dane_enable(ssl->ssl, luaL_checkstring(L, 2));
  lua_pushboolean(L, (ret > 0));
  return 1;
 }
 static int meth_tlsa(lua_State *L)
 {
  int ret;
  size_t len;
  p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
  uint8_t usage = (uint8_t)luaL_checkinteger(L, 2);
  uint8_t selector = (uint8_t)luaL_checkinteger(L, 3);
  uint8_t mtype = (uint8_t)luaL_checkinteger(L, 4);
  unsigned char *data = (unsigned char*)luaL_checklstring(L, 5, &len);
  ERR_clear_error();
  ret = SSL_dane_tlsa_add(ssl->ssl, usage, selector, mtype, data, len);
  lua_pushboolean(L, (ret > 0));
  return 1;
 }
 #endif
 /*---------------------------------------------------------------------------*/
 /**
@ -991,17 +670,12 @@ static int meth_tlsa(lua_State *L)
 */
 static luaL_Reg methods[] = {
  {"close",               meth_close},
  {"getalpn",             meth_getalpn},
  {"getfd",               meth_getfd},
  {"getfinished",         meth_getfinished},
  {"getpeercertificate",  meth_getpeercertificate},
  {"getlocalcertificate", meth_getlocalcertificate},
  {"getpeerchain",        meth_getpeerchain},
  {"getlocalchain",       meth_getlocalchain},
  {"getpeerverification", meth_getpeerverification},
  {"getpeerfinished",     meth_getpeerfinished},
  {"exportkeyingmaterial",meth_exportkeyingmaterial},
  {"getsniname",          meth_getsniname},
  {"getstats",            meth_getstats},
  {"setstats",            meth_setstats},
  {"dirty",               meth_dirty},
@ -1009,12 +683,7 @@ static luaL_Reg methods[] = {
  {"receive",             meth_receive},
  {"send",                meth_send},
  {"settimeout",          meth_settimeout},
  {"sni",                 meth_sni},
  {"want",                meth_want},
 #if defined(LSEC_ENABLE_DANE)
  {"setdane",             meth_dane},
  {"settlsa",             meth_tlsa},
 #endif
  {NULL,                  NULL}
 };
@ -1022,7 +691,6 @@ static luaL_Reg methods[] = {
 * SSL metamethods.
 */
 static luaL_Reg meta[] = {
  {"__close",    meth_destroy},
  {"__gc",       meth_destroy},
  {"__tostring", meth_tostring},
  {NULL, NULL}
@ -1044,9 +712,9 @@ static luaL_Reg funcs[] = {
 /**
 * Initialize modules.
 */
 #if (LUA_VERSION_NUM == 501)
 LSEC_API int luaopen_ssl_core(lua_State *L)
 {
 #ifndef LSEC_API_OPENSSL_1_1_0
  /* Initialize SSL */
  if (!SSL_library_init()) {
    lua_pushstring(L, "unable to initialize SSL library");
@ -1054,40 +722,55 @@ LSEC_API int luaopen_ssl_core(lua_State *L)
  }
  OpenSSL_add_all_algorithms();
  SSL_load_error_strings();
 #if defined(WITH_LUASOCKET)
  /* Initialize internal library */
  socket_open();
 #endif
  /* Register the functions and tables */
  luaL_newmetatable(L, "SSL:Connection");
  luaL_register(L, NULL, meta);
  lua_newtable(L);
  luaL_register(L, NULL, methods);
  lua_setfield(L, -2, "__index");
  luaL_register(L, "ssl.core", funcs);
  lua_pushnumber(L, SOCKET_INVALID);
  lua_setfield(L, -2, "invalidfd");
  return 1;
 }
 #else
 LSEC_API int luaopen_ssl_core(lua_State *L)
 {
  /* Initialize SSL */
  if (!SSL_library_init()) {
    lua_pushstring(L, "unable to initialize SSL library");
    lua_error(L);
  }
  OpenSSL_add_all_algorithms();
  SSL_load_error_strings();
 #if defined(WITH_LUASOCKET)
  /* Initialize internal library */
  socket_open();
 #endif
  luaL_newmetatable(L, "SSL:SNI:Registry");
  /* Register the functions and tables */
  luaL_newmetatable(L, "SSL:Connection");
-  setfuncs(L, meta);
+  luaL_setfuncs(L, meta, 0);
-  luaL_newlib(L, methods);
+  lua_newtable(L);
  luaL_setfuncs(L, methods, 0);
  lua_setfield(L, -2, "__index");
-  luaL_newlib(L, funcs);
+  lua_newtable(L);
-
+  luaL_setfuncs(L, funcs, 0);
-  lua_pushstring(L, "SOCKET_INVALID");
+  lua_pushnumber(L, SOCKET_INVALID);
-  lua_pushinteger(L, SOCKET_INVALID);
+  lua_setfield(L, -2, "invalidfd");
  lua_rawset(L, -3);
  return 1;
 }
 //------------------------------------------------------------------------------
 #if defined(_MSC_VER)
 /* Empty implementation to allow building with LuaRocks and MS compilers */
 LSEC_API int luaopen_ssl(lua_State *L) {
  lua_pushstring(L, "you should not call this function");
  lua_error(L);
  return 0;
 }
 #endif
--- a/src/ssl.h
+++ b/src/ssl.h
@ -2,9 +2,8 @@
 #define LSEC_SSL_H
 /*--------------------------------------------------------------------------
- * LuaSec 1.2.0
+ * LuaSec 0.5.1
- *
+ * Copyright (C) 2006-2015 Bruno Silvestre
 * Copyright (C) 2006-2022 Bruno Silvestre
 *
 *--------------------------------------------------------------------------*/
@ -16,7 +15,7 @@
 #include <luasocket/timeout.h>
 #include <luasocket/socket.h>
-#include "compat.h"
+#include "config.h"
 #include "context.h"
 #define LSEC_STATE_NEW       1
--- a/src/ssl.lua
+++ b/src/ssl.lua
@ -1,16 +1,20 @@
 ------------------------------------------------------------------------------
-- LuaSec 1.2.0
+-- LuaSec 0.5.1
--
+-- Copyright (C) 2006-2015 Bruno Silvestre
 -- Copyright (C) 2006-2022 Bruno Silvestre
 --
 ------------------------------------------------------------------------------
 local core    = require("ssl.core")
 local context = require("ssl.context")
 local x509    = require("ssl.x509")
 local config  = require("ssl.config")
-local unpack  = table.unpack or unpack
+module("ssl", package.seeall)
 _VERSION   = "0.5.1"
 _COPYRIGHT = core.copyright()
 -- Export
 loadcertificate = x509.load
 -- We must prevent the contexts to be collected before the connections,
 -- otherwise the C registry will be cleared.
@ -31,42 +35,9 @@ local function optexec(func, param, ctx)
 end
 --
 -- Convert an array of strings to wire-format
 --
 local function array2wireformat(array)
   local str = ""
   for k, v in ipairs(array) do
      if type(v) ~= "string" then return nil end
      local len = #v
      if len == 0 then
        return nil, "invalid ALPN name (empty string)"
      elseif len > 255 then
        return nil, "invalid ALPN name (length > 255)"
      end
      str = str .. string.char(len) .. v
   end
   if str == "" then return nil, "invalid ALPN list (empty)" end
   return str
 end
 --
 -- Convert wire-string format to array
 --
 local function wireformat2array(str)
   local i = 1
   local array = {}
   while i < #str do
      local len = str:byte(i)
      array[#array + 1] = str:sub(i + 1, i + len)
      i = i + len + 1
   end
   return array
 end
 --
 --
--
+function newcontext(cfg)
 local function newcontext(cfg)
   local succ, msg, ctx
   -- Create the context
   ctx, msg = context.create(cfg.protocol)
@ -74,33 +45,21 @@ local function newcontext(cfg)
   -- Mode
   succ, msg = context.setmode(ctx, cfg.mode)
   if not succ then return nil, msg end
-   local certificates = cfg.certificates
+   -- Load the key
-   if not certificates then
+   if cfg.key then
-      certificates = {
+      if cfg.password and
-         { certificate = cfg.certificate, key = cfg.key, password = cfg.password }
+         type(cfg.password) ~= "function" and
-      }
+         type(cfg.password) ~= "string"
      then
         return nil, "invalid password type"
      end
      succ, msg = context.loadkey(ctx, cfg.key, cfg.password)
      if not succ then return nil, msg end
   end
-   for _, certificate in ipairs(certificates) do
+   -- Load the certificate
-      -- Load the key
+   if cfg.certificate then
-      if certificate.key then
+      succ, msg = context.loadcert(ctx, cfg.certificate)
-         if certificate.password and
+      if not succ then return nil, msg end
            type(certificate.password) ~= "function" and
            type(certificate.password) ~= "string"
         then
            return nil, "invalid password type"
         end
         succ, msg = context.loadkey(ctx, certificate.key, certificate.password)
         if not succ then return nil, msg end
      end
      -- Load the certificate(s)
      if certificate.certificate then
        succ, msg = context.loadcert(ctx, certificate.certificate)
        if not succ then return nil, msg end
        if certificate.key and context.checkkey then
          succ = context.checkkey(ctx)
          if not succ then return nil, "private key does not match public key" end
        end
      end
   end
   -- Load the CA certificates
   if cfg.cafile or cfg.capath then
@ -112,12 +71,7 @@ local function newcontext(cfg)
      succ, msg = context.setcipher(ctx, cfg.ciphers)
      if not succ then return nil, msg end
   end
-   -- Set SSL cipher suites
+   -- Set the verification options
   if cfg.ciphersuites then
      succ, msg = context.setciphersuites(ctx, cfg.ciphersuites)
      if not succ then return nil, msg end
   end
    -- Set the verification options
   succ, msg = optexec(context.setverify, cfg.verify, ctx)
   if not succ then return nil, msg end
   -- Set SSL options
@ -140,109 +94,24 @@ local function newcontext(cfg)
      end
      context.setdhparam(ctx, cfg.dhparam)
   end
-   
+   -- Set elliptic curve
-   -- Set elliptic curves
+   if cfg.curve then
-   if (not config.algorithms.ec) and (cfg.curve or cfg.curveslist) then
+      succ, msg = context.setcurve(ctx, cfg.curve)
-     return false, "elliptic curves not supported"
+      if not succ then return nil, msg end
   end
   if config.capabilities.curves_list and cfg.curveslist then
     succ, msg = context.setcurveslist(ctx, cfg.curveslist)
     if not succ then return nil, msg end
   elseif cfg.curve then
     succ, msg = context.setcurve(ctx, cfg.curve)
     if not succ then return nil, msg end
   end
   -- Set extra verification options
   if cfg.verifyext and ctx.setverifyext then
      succ, msg = optexec(ctx.setverifyext, cfg.verifyext, ctx)
      if not succ then return nil, msg end
   end
   -- ALPN
   if cfg.mode == "server" and cfg.alpn then
      if type(cfg.alpn) == "function" then
         local alpncb = cfg.alpn
         -- This callback function has to return one value only
         succ, msg = context.setalpncb(ctx, function(str)
            local protocols = alpncb(wireformat2array(str))
            if type(protocols) == "string" then
               protocols = { protocols }
            elseif type(protocols) ~= "table" then
               return nil
            end
            return (array2wireformat(protocols))    -- use "()" to drop error message
         end)
         if not succ then return nil, msg end
      elseif type(cfg.alpn) == "table" then
         local protocols = cfg.alpn
         -- check if array is valid before use it
         succ, msg = array2wireformat(protocols)
         if not succ then return nil, msg end
         -- This callback function has to return one value only
         succ, msg = context.setalpncb(ctx, function()
            return (array2wireformat(protocols))    -- use "()" to drop error message
         end)
         if not succ then return nil, msg end
      else
         return nil, "invalid ALPN parameter"
      end
   elseif cfg.mode == "client" and cfg.alpn then
      local alpn
      if type(cfg.alpn) == "string" then
         alpn, msg = array2wireformat({ cfg.alpn })
      elseif type(cfg.alpn) == "table" then
         alpn, msg = array2wireformat(cfg.alpn)
      else
         return nil, "invalid ALPN parameter"
      end
      if not alpn then return nil, msg end
      succ, msg = context.setalpn(ctx, alpn)
      if not succ then return nil, msg end
   end
   -- PSK
   if cfg.psk then
      if cfg.mode == "client" then
         if type(cfg.psk) ~= "function" then
            return nil, "invalid PSK configuration"
         end
         succ = context.setclientpskcb(ctx, cfg.psk)
         if not succ then return nil, msg end
      elseif cfg.mode == "server" then
         if type(cfg.psk) == "function" then
            succ, msg = context.setserverpskcb(ctx, cfg.psk)
            if not succ then return nil, msg end
         elseif type(cfg.psk) == "table" then
            if type(cfg.psk.hint) == "string" and type(cfg.psk.callback) == "function" then
               succ, msg = context.setpskhint(ctx, cfg.psk.hint)
               if not succ then return succ, msg end
               succ = context.setserverpskcb(ctx, cfg.psk.callback)
               if not succ then return succ, msg end
            else
               return nil, "invalid PSK configuration"
            end
         else
            return nil, "invalid PSK configuration"
         end
      end
   end
   if config.capabilities.dane and cfg.dane then
      if type(cfg.dane) == "table" then
         context.setdane(ctx, unpack(cfg.dane))
      else
         context.setdane(ctx)
      end
   end
   return ctx
 end
 --
 --
 --
-local function wrap(sock, cfg)
+function wrap(sock, cfg)
   local ctx, msg
   if type(cfg) == "table" then
      ctx, msg = newcontext(cfg)
@ -253,7 +122,7 @@ local function wrap(sock, cfg)
   local s, msg = core.create(ctx)
   if s then
      core.setfd(s, sock:getfd())
-      sock:setfd(core.SOCKET_INVALID)
+      sock:setfd(core.invalidfd)
      registry[s] = ctx
      return s
   end
@ -297,17 +166,3 @@ end
 --
 core.setmethod("info", info)
 --------------------------------------------------------------------------------
 -- Export module
 --
 local _M = {
  _VERSION        = "1.2.0",
  _COPYRIGHT      = core.copyright(),
  config          = config,
  loadcertificate = x509.load,
  newcontext      = newcontext,
  wrap            = wrap,
 }
 return _M
--- a/src/x509.c
+++ b/src/x509.c
@ -1,22 +1,15 @@
 /*--------------------------------------------------------------------------
- * LuaSec 1.2.0
+ * LuaSec 0.5.1
 *
- * Copyright (C) 2014-2022 Kim Alvefur, Paul Aurich, Tobias Markmann
+ * Copyright (C) 2014-2015 Kim Alvefur, Paul Aurich, Tobias Markmann
 *                         Matthew Wild, Bruno Silvestre.
 *
 *--------------------------------------------------------------------------*/
 #include <stdio.h>
 #include <string.h>
 #if defined(WIN32)
 #include <ws2tcpip.h>
 #include <windows.h>
 #else
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <netinet/in.h>
 #include <arpa/inet.h>
 #endif
 #include <openssl/ssl.h>
@ -32,13 +25,6 @@
 #include "x509.h"
 #ifndef LSEC_API_OPENSSL_1_1_0
 #define X509_get0_notBefore   X509_get_notBefore
 #define X509_get0_notAfter    X509_get_notAfter
 #define ASN1_STRING_get0_data ASN1_STRING_data
 #endif
 static const char* hex_tab = "0123456789abcdef";
 /**
@ -71,51 +57,6 @@ p_x509 lsec_checkp_x509(lua_State* L, int idx)
 /*---------------------------------------------------------------------------*/
 #if defined(LUASEC_INET_NTOP)
 /*
 * For WinXP (SP3), set the following preprocessor macros:
 *     LUASEC_INET_NTOP
 *     WINVER=0x0501
 *     _WIN32_WINNT=0x0501
 *     NTDDI_VERSION=0x05010300
 *
 * For IPv6 addresses, you need to add IPv6 Protocol to your interface.
 *
 */
 static const char *inet_ntop(int af, const char *src, char *dst, socklen_t size)
 {
  int addrsize;
  struct sockaddr    *addr;
  struct sockaddr_in  addr4;
  struct sockaddr_in6 addr6;
  switch (af) {
  case AF_INET:
    memset((void*)&addr4, 0, sizeof(addr4));
    addr4.sin_family = AF_INET;
    memcpy((void*)&addr4.sin_addr, src, sizeof(struct in_addr));
    addr = (struct sockaddr*)&addr4;
    addrsize = sizeof(struct sockaddr_in);
    break;
  case AF_INET6:
    memset((void*)&addr6, 0, sizeof(addr6));
    addr6.sin6_family = AF_INET6;
    memcpy((void*)&addr6.sin6_addr, src, sizeof(struct in6_addr));
    addr = (struct sockaddr*)&addr6;
    addrsize = sizeof(struct sockaddr_in6);
    break;
  default:
    return NULL;
  }
  if(getnameinfo(addr, addrsize, dst, size, NULL, 0, NI_NUMERICHOST) != 0)
    return NULL;
  return dst;
 }
 #endif
 /*---------------------------------------------------------------------------*/
 /**
 * Convert the buffer 'in' to hexadecimal.
 */
@ -145,7 +86,7 @@ static void push_asn1_objname(lua_State* L, ASN1_OBJECT *object, int no_name)
 */
 static void push_asn1_string(lua_State* L, ASN1_STRING *string, int encode)
 {
-  int len;
+  int len; 
  unsigned char *data;
  if (!string) {
    lua_pushnil(L);
@ -153,7 +94,8 @@ static void push_asn1_string(lua_State* L, ASN1_STRING *string, int encode)
  }
  switch (encode) {
  case LSEC_AI5_STRING:
-    lua_pushlstring(L, (char*)ASN1_STRING_get0_data(string), ASN1_STRING_length(string));
+    lua_pushlstring(L, (char*)ASN1_STRING_data(string),
                       ASN1_STRING_length(string));
    break;
  case LSEC_UTF8_STRING:
    len = ASN1_STRING_to_UTF8(&data, string);
@ -169,7 +111,7 @@ static void push_asn1_string(lua_State* L, ASN1_STRING *string, int encode)
 /**
 * Return a human readable time.
 */
-static int push_asn1_time(lua_State *L, const ASN1_UTCTIME *tm)
+static int push_asn1_time(lua_State *L, ASN1_UTCTIME *tm)
 {
  char *tmp;
  long size;
@ -181,31 +123,6 @@ static int push_asn1_time(lua_State *L, const ASN1_UTCTIME *tm)
  return 1;
 }
 /**
 * Return a human readable IP address.
 */
 static void push_asn1_ip(lua_State *L, ASN1_STRING *string)
 {
  int af;
  char dst[INET6_ADDRSTRLEN];
  unsigned char *ip = (unsigned char*)ASN1_STRING_get0_data(string);
  switch(ASN1_STRING_length(string)) {
  case 4:
    af = AF_INET;
    break;
  case 16:
    af = AF_INET6;
    break;
  default:
    lua_pushnil(L);
    return;
  }
  if(inet_ntop(af, ip, dst, INET6_ADDRSTRLEN))
    lua_pushstring(L, dst);
  else
    lua_pushnil(L);
 }
 /**
 * 
 */
@ -227,7 +144,7 @@ static int push_subtable(lua_State* L, int idx)
 }
 /**
- * Retrieve the general names from the object.
+ * Retrive the general names from the object.
 */
 static int push_x509_name(lua_State* L, X509_NAME *name, int encode)
 {
@ -255,7 +172,7 @@ static int push_x509_name(lua_State* L, X509_NAME *name, int encode)
 /*---------------------------------------------------------------------------*/
 /**
- * Retrieve the Subject from the certificate.
+ * Retrive the Subject from the certificate.
 */
 static int meth_subject(lua_State* L)
 {
@ -264,7 +181,7 @@ static int meth_subject(lua_State* L)
 }
 /**
- * Retrieve the Issuer from the certificate.
+ * Retrive the Issuer from the certificate.
 */
 static int meth_issuer(lua_State* L)
 {
@ -299,11 +216,11 @@ int meth_extensions(lua_State* L)
      break;
    /* Push ret[oid] */
-    push_asn1_objname(L, X509_EXTENSION_get_object(extension), 1);
+    push_asn1_objname(L, extension->object, 1);
    push_subtable(L, -2);
    /* Set ret[oid].name = name */
-    push_asn1_objname(L, X509_EXTENSION_get_object(extension), 0);
+    push_asn1_objname(L, extension->object, 0);
    lua_setfield(L, -2, "name");
    n_general_names = sk_GENERAL_NAME_num(values);
@ -323,7 +240,7 @@ int meth_extensions(lua_State* L)
        break;
      case GEN_DNS:
        lua_pushstring(L, "dNSName");
-        push_subtable(L, -2);
+	push_subtable(L, -2);
        push_asn1_string(L, general_name->d.dNSName, px->encode);
        lua_rawseti(L, -2, lua_rawlen(L, -2) + 1);
        lua_pop(L, 1);
@ -345,7 +262,7 @@ int meth_extensions(lua_State* L)
      case GEN_IPADD:
        lua_pushstring(L, "iPAddress");
        push_subtable(L, -2);
-        push_asn1_ip(L, general_name->d.iPAddress);
+        push_asn1_string(L, general_name->d.iPAddress, px->encode);
        lua_rawseti(L, -2, lua_rawlen(L, -2)+1);
        lua_pop(L, 1);
        break;
@ -366,9 +283,7 @@ int meth_extensions(lua_State* L)
        /* not supported */
        break;
      }
      GENERAL_NAME_free(general_name);
    }
    sk_GENERAL_NAME_free(values);
    lua_pop(L, 1); /* ret[oid] */
    i++;           /* Next extension */
  }
@ -397,52 +312,6 @@ static int meth_pem(lua_State* L)
  return 1;
 }
 /**
 * Extract public key in PEM format.
 */
 static int meth_pubkey(lua_State* L)
 {
  char* data;
  long bytes;
  int ret = 1;
  X509* cert = lsec_checkx509(L, 1);
  BIO *bio = BIO_new(BIO_s_mem());
  EVP_PKEY *pkey = X509_get_pubkey(cert);
  if(PEM_write_bio_PUBKEY(bio, pkey)) {
    bytes = BIO_get_mem_data(bio, &data);
    if (bytes > 0) {
      lua_pushlstring(L, data, bytes);
      switch(EVP_PKEY_base_id(pkey)) {
        case EVP_PKEY_RSA:
          lua_pushstring(L, "RSA");
          break;
        case EVP_PKEY_DSA:
          lua_pushstring(L, "DSA");
          break;
        case EVP_PKEY_DH:
          lua_pushstring(L, "DH");
          break;
        case EVP_PKEY_EC:
          lua_pushstring(L, "EC");
          break;
        default:
          lua_pushstring(L, "Unknown");
          break;
      }
      lua_pushinteger(L, EVP_PKEY_bits(pkey));
      ret = 3;
    }
    else
      lua_pushnil(L);
  }
  else
    lua_pushnil(L);
  /* Cleanup */
  BIO_free(bio);
  EVP_PKEY_free(pkey);
  return ret;
 }
 /**
 * Compute the fingerprint.
 */
@ -485,13 +354,10 @@ static int meth_digest(lua_State* L)
 */
 static int meth_valid_at(lua_State* L)
 {
  int nb, na;
  X509* cert = lsec_checkx509(L, 1);
  time_t time = luaL_checkinteger(L, 2);
-  nb = X509_cmp_time(X509_get0_notBefore(cert), &time);
+  lua_pushboolean(L, (X509_cmp_time(X509_get_notAfter(cert), &time)     >= 0
-  time -= 1;
+                      && X509_cmp_time(X509_get_notBefore(cert), &time) <= 0));
  na = X509_cmp_time(X509_get0_notAfter(cert),  &time);
  lua_pushboolean(L, nb == -1 && na == 1);
  return 1;
 }
@ -519,7 +385,7 @@ static int meth_serial(lua_State *L)
 static int meth_notbefore(lua_State *L)
 {
  X509* cert = lsec_checkx509(L, 1);
-  return push_asn1_time(L, X509_get0_notBefore(cert));
+  return push_asn1_time(L, X509_get_notBefore(cert));
 }
 /**
@ -528,92 +394,7 @@ static int meth_notbefore(lua_State *L)
 static int meth_notafter(lua_State *L)
 {
  X509* cert = lsec_checkx509(L, 1);
-  return push_asn1_time(L, X509_get0_notAfter(cert));
+  return push_asn1_time(L, X509_get_notAfter(cert));
 }
 /**
 * Check if this certificate issued some other certificate
 */
 static int meth_issued(lua_State* L)
 {
  int ret, i, len;
  X509_STORE_CTX* ctx = NULL;
  X509_STORE* root = NULL;
  STACK_OF(X509)* chain = NULL;
  X509* issuer = lsec_checkx509(L, 1);
  X509* subject = lsec_checkx509(L, 2);
  X509* cert = NULL;
  len = lua_gettop(L);
  /* Check that all arguments are certificates */
  for (i = 3; i <= len; i++) {
    lsec_checkx509(L, i);
  }
  /* Before allocating things that require freeing afterwards */
  chain = sk_X509_new_null();
  ctx = X509_STORE_CTX_new();
  root = X509_STORE_new();
  if (ctx == NULL || root == NULL) {
    lua_pushnil(L);
    lua_pushstring(L, "X509_STORE_new() or X509_STORE_CTX_new() error");
    ret = 2;
    goto cleanup;
  }
  ret = X509_STORE_add_cert(root, issuer);
  if(!ret) {
    lua_pushnil(L);
    lua_pushstring(L, "X509_STORE_add_cert() error");
    ret = 2;
    goto cleanup;
  }
  for (i = 3; i <= len && lua_isuserdata(L, i); i++) {
    cert = lsec_checkx509(L, i);
    sk_X509_push(chain, cert);
  }
  ret = X509_STORE_CTX_init(ctx, root, subject, chain);
  if(!ret) {
    lua_pushnil(L);
    lua_pushstring(L, "X509_STORE_CTX_init() error");
    ret = 2;
    goto cleanup;
  }
  /* Actual verification */
  if (X509_verify_cert(ctx) <= 0) {
    ret = X509_STORE_CTX_get_error(ctx);
    lua_pushnil(L);
    lua_pushstring(L, X509_verify_cert_error_string(ret));
    ret = 2;
  } else {
    lua_pushboolean(L, 1);
    ret = 1;
  }
 cleanup:
  if (ctx != NULL) {
    X509_STORE_CTX_free(ctx);
  }
  if (chain != NULL) {
    X509_STORE_free(root);
  }
  sk_X509_free(chain);
  return ret;
 }
 /**
@ -621,11 +402,7 @@ cleanup:
 */
 static int meth_destroy(lua_State* L)
 {
-  p_x509 px = lsec_checkp_x509(L, 1);
+  X509_free(lsec_checkx509(L, 1));
  if (px->cert) {
    X509_free(px->cert);
    px->cert = NULL;
  }
  return 0;
 }
@ -655,23 +432,6 @@ static int meth_set_encode(lua_State* L)
  return 1;
 }
 #if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
 /**
 * Get signature name.
 */
 static int meth_get_signature_name(lua_State* L)
 {
  p_x509 px = lsec_checkp_x509(L, 1);
  int nid = X509_get_signature_nid(px->cert);
  const char *name = OBJ_nid2sn(nid);
  if (!name)
    lua_pushnil(L);
  else
    lua_pushstring(L, name);
  return 1;
 }
 #endif
 /*---------------------------------------------------------------------------*/
 static int load_cert(lua_State* L)
@ -700,15 +460,10 @@ static luaL_Reg methods[] = {
  {"digest",     meth_digest},
  {"setencode",  meth_set_encode},
  {"extensions", meth_extensions},
 #if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
  {"getsignaturename", meth_get_signature_name},
 #endif
  {"issuer",     meth_issuer},
  {"notbefore",  meth_notbefore},
  {"notafter",   meth_notafter},
  {"issued",     meth_issued},
  {"pem",        meth_pem},
  {"pubkey",     meth_pubkey},
  {"serial",     meth_serial},
  {"subject",    meth_subject},
  {"validat",    meth_valid_at},
@ -719,7 +474,6 @@ static luaL_Reg methods[] = {
 * X509 metamethods.
 */
 static luaL_Reg meta[] = {
  {"__close",    meth_destroy},
  {"__gc",       meth_destroy},
  {"__tostring", meth_tostring},
  {NULL, NULL}
@ -735,16 +489,39 @@ static luaL_Reg funcs[] = {
 /*--------------------------------------------------------------------------*/
 #if (LUA_VERSION_NUM == 501)
 LSEC_API int luaopen_ssl_x509(lua_State *L)
 {
  /* Register the functions and tables */
  luaL_newmetatable(L, "SSL:Certificate");
-  setfuncs(L, meta);
+  luaL_register(L, NULL, meta);
-  luaL_newlib(L, methods);
+  lua_newtable(L);
  luaL_register(L, NULL, methods);
  lua_setfield(L, -2, "__index");
-  luaL_newlib(L, funcs);
+  luaL_register(L, "ssl.x509", funcs);
  return 1;
 }
 #else
 LSEC_API int luaopen_ssl_x509(lua_State *L)
 {
  /* Register the functions and tables */
  luaL_newmetatable(L, "SSL:Certificate");
  luaL_setfuncs(L, meta, 0);
  lua_newtable(L);
  luaL_setfuncs(L, methods, 0);
  lua_setfield(L, -2, "__index");
  lua_newtable(L);
  luaL_setfuncs(L, funcs, 0);
  return 1;
 }
 #endif
--- a/src/x509.h
+++ b/src/x509.h
@ -1,7 +1,7 @@
 /*--------------------------------------------------------------------------
- * LuaSec 1.2.0
+ * LuaSec 0.5.1
 *
- * Copyright (C) 2014-2022 Kim Alvefur, Paul Aurich, Tobias Markmann
+ * Copyright (C) 2014-2015 Kim Alvefur, Paul Aurich, Tobias Markmann
 *                         Matthew Wild, Bruno Silvestre.
 *
 *--------------------------------------------------------------------------*/
@ -12,7 +12,7 @@
 #include <openssl/x509v3.h>
 #include <lua.h>
-#include "compat.h"
+#include "config.h"
 /* We do not support UniversalString nor BMPString as ASN.1 String types */
 enum { LSEC_AI5_STRING, LSEC_UTF8_STRING };
Author	SHA1	Message	Date
Bruno Silvestre	47cc914e69	Update version number.	2015-11-20 19:39:32 -02:00
Bruno Silvestre	90d4f2d95c	typo: intall -> install. update MacOSX version -> 10.11.	2015-11-20 19:20:07 -02:00
Bruno Silvestre	172d324243	Fix push_asn1_string().	2015-11-20 19:16:16 -02:00
Bruno Silvestre	6cc8e951d4	Update samples.	2015-11-20 19:12:19 -02:00
Bruno Silvestre	d36e156fac	Guard SSLv3_method() with #ifndef OPENSSL_NO_SSL3. Use TLS_method() instead of SSLv32_method(), when it is the case.	2015-11-20 18:54:57 -02:00
`@ -1,3 +1,3 @@`
	`#!/usr/bin/env sh`	`#!/bin/sh`

	`openssl genrsa -des3 -out key.pem -passout pass:foobar 2048`	`openssl genrsa -des3 -out key.pem -passout pass:foobar 2048`