Release LuaSec 0.7.2

Fix unexported 'ssl.config' table (#149 )
Avoid duplicating variable 'ssl_options'.
2025-07-16 13:59:52 +02:00 · 2019-10-10 08:33:01 -03:00 · 2019-10-10 08:27:22 -03:00 · 2019-08-16 10:01:43 -03:00 · 2019-08-16 09:48:53 -03:00 · 2018-06-27 10:36:26 -03:00
96 changed files with 5399 additions and 1060 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,3 @@
 /src/*.o
 /src/luasocket/*.o
 /*.dll
--- a/126
+++ b/126
@ -1,3 +1,127 @@
 --------------------------------------------------------------------------------
 LuaSec 0.7.2
 ---------------
 This version includes:
 * Fix unexported 'ssl.config' table
 --------------------------------------------------------------------------------
 LuaSec 0.7.1
 ---------------
 This version includes:
 * Fix general_name leak in cert:extensions()
 --------------------------------------------------------------------------------
 LuaSec 0.7
 ---------------
 LuaSec depends  on OpenSSL, and  integrates with LuaSocket to  make it
 easy to add secure connections to any Lua applications or scripts.
 Documentation: https://github.com/brunoos/luasec/wiki
 This version includes:
 * Add support to OpenSSL 1.1.0
 * Add support to elliptic curves list
 * Add ssl.config that exports some OpenSSL information
 * Add integration with luaossl
 --------------------------------------------------------------------------------
 LuaSec 0.6
 ------------
 LuaSec depends  on OpenSSL, and  integrates with LuaSocket to  make it
 easy to add secure connections to any Lua applications or scripts.
 Documentation: https://github.com/brunoos/luasec/wiki
 This version includes:
 * Lua 5.2 and 5.3 compatibility
 * Context module:
  - Add ctx:checkkey()
 * SSL module:
  - Add conn:sni() and conn:getsniname()
 * Context options:
  - Add "any" protocol ("sslv23" is deprecated)
 * HTTPS module:
  - Using "any" protocol without SSLv2/SSLv3, by default
 * X509 module:
  - Human readable IP address
  - Add cert:issued()
  - Add cert:pubkey()
 * Some bug fixes
 => Thanks to everyone who collaborate with LuaSec <=
 --------------------------------------------------------------------------------
 LuaSec 0.5
 ------------
 LuaSec depends  on OpenSSL, and  integrates with LuaSocket to  make it
 easy to add secure connections to any Lua applications or scripts.
 This  version  includes:
  * A new certificate (X509) API, which supports:
    - Reading  the subject  (identity) and  issuer of the certificate.
    - Reading  various X509  extensions, including email  and dnsName.
    - Converting  certificates  to and  from  the  standard ASCII  PEM
      format.
    - Generating the fingerprint/digest of a certificate  (using SHA1,
      SHA256 or SHA512).
    - Reading the  certificate's expiration, serial number,  and other
      info.
  * The ability  to get more  detailed information from  OpenSSL about
    why a certificate failed verification, for each certificate in the
    chain.
  * Flags to  force acceptance of invalid certificates,  e.g. to allow
    the use of self-signed certificates in a Trust On First Use model.
  * Flags to control checking CRLs for certificate revocation status.
  * Support for ECDH cipher suites.
  * An API  to get the TLS  'finished' messages used  for SASL channel
    binding (e.g. the SCRAM PLUS mechanisms).
 The work in  this release was undertaken by  Kim Alvefur, Paul Aurich,
 Tobias Markmann, Bruno Silvestre and Matthew Wild.
 --------------------------------------------------------------------------------
 LuaSec 0.4.1
 ------------
 - SSL options updated --- based on OpenSSL 1.0.0d.
 - Activate SSL_MODE_RELEASE_BUFFERS by default if it is available.
  (thanks Prosody project)
 ---------------------------------------------------------------------------------
 LuaSec 0.4
 ------------
 - Add option 'no_ticket' (included in OpenSSL 0.9.8f).
 - Add HTTPS module. (thanks Tomas Guisasola and Pablo Musa)
 --------------------------------------------------------------------------------
 LuaSec 0.3.3
 ------------
 - BUG: Clear the error queue before call I/O functions (see SSL_get_error 
  manual).
  (thanks Matthew Wild)
 --------------------------------------------------------------------------------
 LuaSec 0.3.2
 ------------
 - BUG: Windows uses a different way to report socket error.
  (thanks Sebastien Perin)
 --------------------------------------------------------------------------------
 LuaSec 0.3.1
 ------------
@ -13,7 +137,7 @@ LuaSec 0.3
 --------------------------------------------------------------------------------
 LuaSec 0.2.1
 ------------
- 'key' and 'certificate' configurations become optional. (thanks Ren<EFBFBD> Rebe)
+- 'key' and 'certificate' configurations become optional. (thanks René Rebe)
 - Add '_VERSION' variable to module.
 --------------------------------------------------------------------------------
--- a/20
+++ b/20
@ -1,10 +1,22 @@
-LuaSec 0.3.1
+LuaSec 0.7.2
 ------------
 * OpenSSL options:
    By default, this version includes options for OpenSSL 1.1.1.
    If you need to generate the options for a different version of OpenSSL:
      $ cd src
      $ lua options.lua -g /usr/include/openssl/ssl.h > options.c
 --------------------------------------------------------------------------------
 * On Linux, BSD, and Mac OS X:
  - Edit 'Makefile'
-    * Inform the path to install the modules.
+    * Inform the path to where install the Lua modules (LUAPATH) and binaries 
      modules (LUACPATH)
    * If Lua or OpenSSL are not in the default path, set the 
      variables INCDIR and LIBDIR.
    * For Mac OS X, set the variable MACOSX_VERSION.
@ -14,6 +26,8 @@ LuaSec 0.3.1
  - Use 'make install' to install the modules.
 --------------------------------------------------------------------------------
 * On Windows:
  - Use the Visual C++ project to compile the library.
@ -21,3 +35,5 @@ LuaSec 0.3.1
  - Copy the 'ssl.lua' file to some place in your LUA_PATH.
  - Copy the 'ssl.dll' file to some place in your LUA_CPATH.
  - Create a directory 'ssl' in your LUA_PATH and copy 'https.lua' to it.
--- a/28
+++ b/28
@ -1,5 +1,5 @@
-LuaSec 0.3.1 license
+LuaSec 0.7.2 license
-Copyright (C) 2006-2009 Bruno Silvestre
+Copyright (C) 2006-2019 Bruno Silvestre, UFG
 Permission is hereby granted, free  of charge, to any person obtaining
 a  copy  of this  software  and  associated  documentation files  (the
@ -19,27 +19,3 @@ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
 LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
 OF CONTRACT, TORT OR OTHERWISE,  ARISING FROM, OUT OF OR IN CONNECTION
 WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 ----------------------------------------------------------------------
 LuaSocket 2.0.2 license
 Copyright <20> 2004-2007 Diego Nehab
 Permission is hereby granted, free  of charge, to any person obtaining
 a  copy  of this  software  and  associated documentation  files  (the
 "Software"), to  deal in  the Software without  restriction, including
 without limitation  the rights to  use, copy, modify,  merge, publish,
 distribute, sublicense,  and/or sell  copies of  the Software,  and to
 permit persons to whom the Software  is furnished to do so, subject to
 the following conditions:
 The  above  copyright  notice  and this  permission  notice  shall  be
 included in all copies or substantial portions of the Software.
 THE  SOFTWARE IS  PROVIDED  "AS  IS", WITHOUT  WARRANTY  OF ANY  KIND,
 EXPRESS OR  IMPLIED, INCLUDING  BUT NOT LIMITED  TO THE  WARRANTIES OF
 MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
 IN NO EVENT  SHALL THE AUTHORS OR COPYRIGHT HOLDERS  BE LIABLE FOR ANY
 CLAIM, DAMAGES OR  OTHER LIABILITY, WHETHER IN AN  ACTION OF CONTRACT,
 TORT OR  OTHERWISE, ARISING  FROM, OUT  OF OR  IN CONNECTION  WITH THE
 SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
--- a/36
+++ b/36
@ -1,16 +1,22 @@
-# Inform the location to intall the modules
+# Inform the location to install the modules
-LUAPATH=/usr/local/share/lua/5.1
+LUAPATH  ?= /usr/share/lua/5.1
-CPATH=/usr/local/lib/lua/5.1
+LUACPATH ?= /usr/lib/lua/5.1
-# Edit the lines below to inform new path, if necessary
+# Compile with build-in LuaSocket's help files.
-#
+# Comment this lines if you will link with non-internal LuaSocket's help files
-#INCDIR=-I/usr/local/lua-5.1/include -I/usr/local/openssl-0.9.8/include
+#  and edit INCDIR and LIBDIR properly.
-#LIBDIR=-L/usr/local/openssl-0.9.8/lib -R/usr/local/openssl-0.9.8/lib
+EXTRA = luasocket
 DEFS  = -DWITH_LUASOCKET
 # Edit the lines below to inform new path, if necessary.
 # Path below points to internal LuaSocket's help files.
 INC_PATH ?= -I/usr/include
 LIB_PATH ?= -L/usr/lib
 INCDIR    = -I. $(INC_PATH)
 LIBDIR    = -L./luasocket $(LIB_PATH)
 # For Mac OS X: set the system version
-MACOSX_VERSION=10.4
+MACOSX_VERSION=10.11
 DEFS=-DBUFFER_DEBUG
 #----------------------
 # Do not edit this part
@ -26,25 +32,25 @@ none:
 	@echo "  * macosx"
 install:
-	@cd src ; $(MAKE) CPATH="$(CPATH)" LUAPATH="$(LUAPATH)" install
+	@cd src && $(MAKE) LUACPATH="$(LUACPATH)" LUAPATH="$(LUAPATH)" install
 linux:
 	@echo "---------------------"
 	@echo "** Build for Linux **"
 	@echo "---------------------"
-	@cd src ; $(MAKE) INCDIR="$(INCDIR)" LIBDIR="$(LIBDIR)" DEFS="$(DEFS)" $@
+	@cd src && $(MAKE) INCDIR="$(INCDIR)" LIBDIR="$(LIBDIR)" DEFS="$(DEFS)" EXTRA="$(EXTRA)" $@
 bsd:
 	@echo "-------------------"
 	@echo "** Build for BSD **"
 	@echo "-------------------"
-	@cd src ; $(MAKE) INCDIR="$(INCDIR)" LIBDIR="$(LIBDIR)" DEFS="$(DEFS)" $@
+	@cd src && $(MAKE) INCDIR="$(INCDIR)" LIBDIR="$(LIBDIR)" DEFS="$(DEFS)" EXTRA="$(EXTRA)" $@
 macosx:
 	@echo "------------------------------"
 	@echo "** Build for Mac OS X $(MACOSX_VERSION) **"
 	@echo "------------------------------"
-	@cd src ; $(MAKE) INCDIR="$(INCDIR)" LIBDIR="$(LIBDIR)" DEFS="$(DEFS)" MACVER="$(MACOSX_VERSION)" $@
+	@cd src && $(MAKE) INCDIR="$(INCDIR)" LIBDIR="$(LIBDIR)" MACVER="$(MACOSX_VERSION)" DEFS="$(DEFS)" EXTRA="$(EXTRA)" $@
 clean:
-	@cd src ; $(MAKE) clean
+	@cd src && $(MAKE) clean
--- a/README.md
+++ b/README.md
@ -1,4 +1,6 @@
-luasec
+LuaSec 0.7.2
-======
+===============
 LuaSec depends  on OpenSSL, and  integrates with LuaSocket to  make it
 easy to add secure connections to any Lua applications or scripts.
-LuaSec
+Documentation: https://github.com/brunoos/luasec/wiki
--- a/luasec-0.7.2-1.rockspec
+++ b/luasec-0.7.2-1.rockspec
@ -0,0 +1,105 @@
 package = "LuaSec"
 version = "0.7.2-1"
 source = {
   url = "https://github.com/brunoos/luasec/archive/luasec-0.7.2.tar.gz",
   dir = "luasec-luasec-0.7.2"
 }
 description = {
   summary = "A binding for OpenSSL library to provide TLS/SSL communication over LuaSocket.",
   detailed = "This version delegates to LuaSocket the TCP connection establishment between the client and server. Then LuaSec uses this connection to start a secure TLS/SSL session.",
   homepage = "https://github.com/brunoos/luasec/wiki",
   license = "MIT"
 }
 dependencies = {
   "lua >= 5.1", "luasocket"
 }
 external_dependencies = {
   platforms = {
      unix = {
         OPENSSL = {
            header = "openssl/ssl.h",
            library = "ssl"
         }
      },
      windows = {
         OPENSSL = {
            header = "openssl/ssl.h",
         }
      },
   }
 }
 build = {
   type = "builtin",
   copy_directories = {
      "samples"
   },
   platforms = {
      unix = {
         install = {
            lib = {
               "ssl.so"
            },
            lua = {
               "src/ssl.lua", ['ssl.https'] = "src/https.lua"
            }
         },
         modules = {
            ssl = {
               defines = {
                  "WITH_LUASOCKET", "LUASOCKET_DEBUG",
               },
               incdirs = {
                  "$(OPENSSL_INCDIR)", "src/", "src/luasocket",
               },
               libdirs = {
                  "$(OPENSSL_LIBDIR)"
               },
               libraries = {
                  "ssl", "crypto"
               },
               sources = {
                  "src/options.c", "src/config.c", "src/ec.c", 
                  "src/x509.c", "src/context.c", "src/ssl.c", 
                  "src/luasocket/buffer.c", "src/luasocket/io.c",
                  "src/luasocket/timeout.c", "src/luasocket/usocket.c"
               }
            }
         }
      },
      windows = {
         install = {
            lib = {
               "ssl.dll"
            },
            lua = {
               "src/ssl.lua", ['ssl.https'] = "src/https.lua"
            }
         },
         modules = {
            ssl = {
               defines = {
                  "WIN32", "NDEBUG", "_WINDOWS", "_USRDLL", "LSEC_EXPORTS", "BUFFER_DEBUG", "LSEC_API=__declspec(dllexport)",
                  "WITH_LUASOCKET", "LUASOCKET_DEBUG",
                  "LUASEC_INET_NTOP", "WINVER=0x0501", "_WIN32_WINNT=0x0501", "NTDDI_VERSION=0x05010300"
               },
               libdirs = {
                  "$(OPENSSL_LIBDIR)",
                  "$(OPENSSL_BINDIR)",
               },
               libraries = {
                  "libssl32MD", "libcrypto32MD", "ws2_32"
               },
               incdirs = {
                  "$(OPENSSL_INCDIR)", "src/", "src/luasocket"
               },
               sources = {
                  "src/options.c", "src/config.c", "src/ec.c", 
                  "src/x509.c", "src/context.c", "src/ssl.c", 
                  "src/luasocket/buffer.c", "src/luasocket/io.c",
                  "src/luasocket/timeout.c", "src/luasocket/wsocket.c"
               }
            }
         }
      }
   }
 }
--- a/luasec.sln
+++ b/luasec.sln
@ -1,6 +1,6 @@
-Microsoft Visual Studio Solution File, Format Version 10.00
+Microsoft Visual Studio Solution File, Format Version 11.00
-# Visual C++ Express 2008
+# Visual C++ Express 2010
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "luasec", "luasec.vcproj", "{A629932F-8819-4C0B-8835-CBF1FEED6376}"
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "luasec", "luasec.vcxproj", "{A629932F-8819-4C0B-8835-CBF1FEED6376}"
 EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
--- a/luasec.suo
+++ b/luasec.suo
--- a/luasec.vcproj
+++ b/luasec.vcproj
@ -1,253 +0,0 @@
 <?xml version="1.0" encoding="Windows-1252"?>
 <VisualStudioProject
 	ProjectType="Visual C++"
 	Version="9,00"
 	Name="luasec"
 	ProjectGUID="{A629932F-8819-4C0B-8835-CBF1FEED6376}"
 	Keyword="Win32Proj"
 	TargetFrameworkVersion="131072"
 	>
 	<Platforms>
 		<Platform
 			Name="Win32"
 		/>
 	</Platforms>
 	<ToolFiles>
 	</ToolFiles>
 	<Configurations>
 		<Configuration
 			Name="Debug|Win32"
 			OutputDirectory="Debug"
 			IntermediateDirectory="Debug"
 			ConfigurationType="2"
 			InheritedPropertySheets="$(VCInstallDir)VCProjectDefaults\UpgradeFromVC71.vsprops"
 			CharacterSet="2"
 			>
 			<Tool
 				Name="VCPreBuildEventTool"
 			/>
 			<Tool
 				Name="VCCustomBuildTool"
 			/>
 			<Tool
 				Name="VCXMLDataGeneratorTool"
 			/>
 			<Tool
 				Name="VCWebServiceProxyGeneratorTool"
 			/>
 			<Tool
 				Name="VCMIDLTool"
 			/>
 			<Tool
 				Name="VCCLCompilerTool"
 				Optimization="0"
 				AdditionalIncludeDirectories="C:\devel\openssl\include;C:\devel\lua-dll9\include"
 				PreprocessorDefinitions="WIN32;_DEBUG;_WINDOWS;_USRDLL;LUASEC_EXPORTS"
 				MinimalRebuild="true"
 				BasicRuntimeChecks="3"
 				RuntimeLibrary="3"
 				UsePrecompiledHeader="0"
 				WarningLevel="3"
 				DebugInformationFormat="4"
 			/>
 			<Tool
 				Name="VCManagedResourceCompilerTool"
 			/>
 			<Tool
 				Name="VCResourceCompilerTool"
 			/>
 			<Tool
 				Name="VCPreLinkEventTool"
 			/>
 			<Tool
 				Name="VCLinkerTool"
 				AdditionalDependencies="ws2_32.lib  libeay32MDd.lib ssleay32MDd.lib lua5.1.lib"
 				OutputFile="$(OutDir)/ssl.dll"
 				LinkIncremental="2"
 				AdditionalLibraryDirectories="C:\devel\openssl\lib\VC;C:\devel\lua-dll9"
 				GenerateDebugInformation="true"
 				ProgramDatabaseFile="$(OutDir)/luasec.pdb"
 				SubSystem="2"
 				RandomizedBaseAddress="1"
 				DataExecutionPrevention="0"
 				ImportLibrary="$(OutDir)/ssl.lib"
 				TargetMachine="1"
 			/>
 			<Tool
 				Name="VCALinkTool"
 			/>
 			<Tool
 				Name="VCManifestTool"
 			/>
 			<Tool
 				Name="VCXDCMakeTool"
 			/>
 			<Tool
 				Name="VCBscMakeTool"
 			/>
 			<Tool
 				Name="VCFxCopTool"
 			/>
 			<Tool
 				Name="VCAppVerifierTool"
 			/>
 			<Tool
 				Name="VCPostBuildEventTool"
 			/>
 		</Configuration>
 		<Configuration
 			Name="Release|Win32"
 			OutputDirectory="Release"
 			IntermediateDirectory="Release"
 			ConfigurationType="2"
 			InheritedPropertySheets="$(VCInstallDir)VCProjectDefaults\UpgradeFromVC71.vsprops"
 			CharacterSet="2"
 			>
 			<Tool
 				Name="VCPreBuildEventTool"
 			/>
 			<Tool
 				Name="VCCustomBuildTool"
 			/>
 			<Tool
 				Name="VCXMLDataGeneratorTool"
 			/>
 			<Tool
 				Name="VCWebServiceProxyGeneratorTool"
 			/>
 			<Tool
 				Name="VCMIDLTool"
 			/>
 			<Tool
 				Name="VCCLCompilerTool"
 				AdditionalIncludeDirectories="C:\devel\openssl\include;C:\devel\lua-dll9\include"
 				PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;_USRDLL;LUASEC_EXPORTS;BUFFER_DEBUG;LUASEC_API=__declspec(dllexport)"
 				RuntimeLibrary="2"
 				UsePrecompiledHeader="0"
 				WarningLevel="3"
 				DebugInformationFormat="3"
 			/>
 			<Tool
 				Name="VCManagedResourceCompilerTool"
 			/>
 			<Tool
 				Name="VCResourceCompilerTool"
 			/>
 			<Tool
 				Name="VCPreLinkEventTool"
 			/>
 			<Tool
 				Name="VCLinkerTool"
 				AdditionalDependencies="ws2_32.lib libeay32MD.lib ssleay32MD.lib lua5.1.lib"
 				OutputFile="$(OutDir)/ssl.dll"
 				LinkIncremental="1"
 				AdditionalLibraryDirectories="C:\devel\openssl\lib\VC;C:\devel\lua-dll9"
 				GenerateDebugInformation="true"
 				SubSystem="2"
 				OptimizeReferences="2"
 				EnableCOMDATFolding="2"
 				RandomizedBaseAddress="1"
 				DataExecutionPrevention="0"
 				ImportLibrary="$(OutDir)/ssl.lib"
 				TargetMachine="1"
 			/>
 			<Tool
 				Name="VCALinkTool"
 			/>
 			<Tool
 				Name="VCManifestTool"
 			/>
 			<Tool
 				Name="VCXDCMakeTool"
 			/>
 			<Tool
 				Name="VCBscMakeTool"
 			/>
 			<Tool
 				Name="VCFxCopTool"
 			/>
 			<Tool
 				Name="VCAppVerifierTool"
 			/>
 			<Tool
 				Name="VCPostBuildEventTool"
 			/>
 		</Configuration>
 	</Configurations>
 	<References>
 	</References>
 	<Files>
 		<Filter
 			Name="Source Files"
 			Filter="cpp;c;cxx;def;odl;idl;hpj;bat;asm;asmx"
 			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
 			>
 			<File
 				RelativePath=".\src\buffer.c"
 				>
 			</File>
 			<File
 				RelativePath=".\src\context.c"
 				>
 			</File>
 			<File
 				RelativePath=".\src\io.c"
 				>
 			</File>
 			<File
 				RelativePath=".\src\ssl.c"
 				>
 			</File>
 			<File
 				RelativePath=".\src\timeout.c"
 				>
 			</File>
 			<File
 				RelativePath=".\src\wsocket.c"
 				>
 			</File>
 		</Filter>
 		<Filter
 			Name="Header Files"
 			Filter="h;hpp;hxx;hm;inl;inc;xsd"
 			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
 			>
 			<File
 				RelativePath=".\src\buffer.h"
 				>
 			</File>
 			<File
 				RelativePath=".\src\context.h"
 				>
 			</File>
 			<File
 				RelativePath=".\src\io.h"
 				>
 			</File>
 			<File
 				RelativePath=".\src\socket.h"
 				>
 			</File>
 			<File
 				RelativePath=".\src\ssl.h"
 				>
 			</File>
 			<File
 				RelativePath=".\src\timeout.h"
 				>
 			</File>
 			<File
 				RelativePath=".\src\wsocket.h"
 				>
 			</File>
 		</Filter>
 		<Filter
 			Name="Resource Files"
 			Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx"
 			UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"
 			>
 		</Filter>
 	</Files>
 	<Globals>
 	</Globals>
 </VisualStudioProject>
--- a/luasec.vcxproj
+++ b/luasec.vcxproj
@ -0,0 +1,131 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  <ItemGroup Label="ProjectConfigurations">
    <ProjectConfiguration Include="Debug|Win32">
      <Configuration>Debug</Configuration>
      <Platform>Win32</Platform>
    </ProjectConfiguration>
    <ProjectConfiguration Include="Release|Win32">
      <Configuration>Release</Configuration>
      <Platform>Win32</Platform>
    </ProjectConfiguration>
  </ItemGroup>
  <PropertyGroup Label="Globals">
    <ProjectGuid>{A629932F-8819-4C0B-8835-CBF1FEED6376}</ProjectGuid>
    <Keyword>Win32Proj</Keyword>
  </PropertyGroup>
  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
    <ConfigurationType>DynamicLibrary</ConfigurationType>
    <CharacterSet>MultiByte</CharacterSet>
    <PlatformToolset>v140</PlatformToolset>
  </PropertyGroup>
  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
    <ConfigurationType>DynamicLibrary</ConfigurationType>
    <CharacterSet>MultiByte</CharacterSet>
    <PlatformToolset>v140</PlatformToolset>
  </PropertyGroup>
  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
  <ImportGroup Label="ExtensionSettings">
  </ImportGroup>
  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
    <Import Project="$(VCTargetsPath)Microsoft.CPP.UpgradeFromVC71.props" />
  </ImportGroup>
  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
    <Import Project="$(VCTargetsPath)Microsoft.CPP.UpgradeFromVC71.props" />
  </ImportGroup>
  <PropertyGroup Label="UserMacros" />
  <PropertyGroup>
    <_ProjectFileVersion>10.0.30319.1</_ProjectFileVersion>
    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Debug\</OutDir>
    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Debug\</IntDir>
    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</LinkIncremental>
    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Release\</OutDir>
    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Release\</IntDir>
    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</LinkIncremental>
    <TargetName Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">ssl</TargetName>
  </PropertyGroup>
  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
    <ClCompile>
      <Optimization>Disabled</Optimization>
      <AdditionalIncludeDirectories>C:\devel\openssl\include;C:\devel\lua-dll9\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
      <PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;_USRDLL;LUASEC_EXPORTS;LUASEC_INET_NTOP;WINVER=0x0501;_WIN32_WINNT=0x0501;NTDDI_VERSION=0x05010300;%(PreprocessorDefinitions)</PreprocessorDefinitions>
      <MinimalRebuild>true</MinimalRebuild>
      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
      <PrecompiledHeader>
      </PrecompiledHeader>
      <WarningLevel>Level3</WarningLevel>
      <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
    </ClCompile>
    <Link>
      <AdditionalDependencies>ws2_32.lib;libeay32MDd.lib;ssleay32MDd.lib;lua5.1.lib;%(AdditionalDependencies)</AdditionalDependencies>
      <OutputFile>$(OutDir)ssl.dll</OutputFile>
      <AdditionalLibraryDirectories>C:\devel\openssl\lib\VC;C:\devel\lua-dll9;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
      <GenerateDebugInformation>true</GenerateDebugInformation>
      <ProgramDatabaseFile>$(OutDir)luasec.pdb</ProgramDatabaseFile>
      <SubSystem>Windows</SubSystem>
      <RandomizedBaseAddress>false</RandomizedBaseAddress>
      <DataExecutionPrevention>
      </DataExecutionPrevention>
      <ImportLibrary>$(OutDir)ssl.lib</ImportLibrary>
      <TargetMachine>MachineX86</TargetMachine>
    </Link>
  </ItemDefinitionGroup>
  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
    <ClCompile>
      <AdditionalIncludeDirectories>C:\devel\openssl-1.1.0\include;C:\devel\lua-5.1\include;.\src;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
      <PreprocessorDefinitions>WIN32;_WIN32;NDEBUG;_WINDOWS;_USRDLL;LUASOCKET_DEBUG;WITH_LUASOCKET;%(PreprocessorDefinitions)</PreprocessorDefinitions>
      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
      <PrecompiledHeader>
      </PrecompiledHeader>
      <WarningLevel>Level3</WarningLevel>
      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
    </ClCompile>
    <Link>
      <AdditionalDependencies>ws2_32.lib;libssl32MD.lib;libcrypto32MD.lib;lua5.1.lib;%(AdditionalDependencies)</AdditionalDependencies>
      <OutputFile>$(OutDir)$(TargetName)$(TargetExt)</OutputFile>
      <AdditionalLibraryDirectories>C:\devel\openssl-1.1.0\lib\VC;C:\devel\lua-5.1\lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
      <GenerateDebugInformation>true</GenerateDebugInformation>
      <SubSystem>Windows</SubSystem>
      <OptimizeReferences>true</OptimizeReferences>
      <EnableCOMDATFolding>true</EnableCOMDATFolding>
      <RandomizedBaseAddress>false</RandomizedBaseAddress>
      <DataExecutionPrevention>
      </DataExecutionPrevention>
      <ImportLibrary>$(OutDir)ssl.lib</ImportLibrary>
      <TargetMachine>MachineX86</TargetMachine>
    </Link>
  </ItemDefinitionGroup>
  <ItemGroup>
    <ClCompile Include="src\config.c" />
    <ClCompile Include="src\context.c" />
    <ClCompile Include="src\ec.c" />
    <ClCompile Include="src\luasocket\buffer.c" />
    <ClCompile Include="src\luasocket\io.c" />
    <ClCompile Include="src\luasocket\timeout.c" />
    <ClCompile Include="src\luasocket\wsocket.c" />
    <ClCompile Include="src\options.c" />
    <ClCompile Include="src\ssl.c" />
    <ClCompile Include="src\x509.c" />
  </ItemGroup>
  <ItemGroup>
    <ClInclude Include="src\compat.h" />
    <ClInclude Include="src\config.h" />
    <ClInclude Include="src\context.h" />
    <ClInclude Include="src\ec.h" />
    <ClInclude Include="src\luasocket\buffer.h" />
    <ClInclude Include="src\luasocket\io.h" />
    <ClInclude Include="src\luasocket\socket.h" />
    <ClInclude Include="src\luasocket\timeout.h" />
    <ClInclude Include="src\luasocket\wsocket.h" />
    <ClInclude Include="src\options.h" />
    <ClInclude Include="src\ssl.h" />
    <ClInclude Include="src\x509.h" />
  </ItemGroup>
  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
  <ImportGroup Label="ExtensionTargets">
  </ImportGroup>
 </Project>
--- a/samples/README
+++ b/samples/README
@ -1,17 +1,26 @@
 In all examples, the SSL/TLS  layer can be disable just commenting the
 wrap  section.   In this  case,  the  examples  work with  normal  TCP
 communication.
 Directories: 
 ------------
 * certs
- It  contains a set of  certificates used in the examples.  You can use
+ Contains scripts to generate the certificates used by the examples.
- the  scrits  to  recreate  them  if  necessary  (due  to  certificates
+ Generate Root CA 'A' and 'B' first, then the servers and clients.
 expiration  date,  for example).  First,  generate the Root CA 'A' and 
 'B', then the servers and clients.
-* oneshot
+* chain
- A simple connection example.
+ Example of certificate chain in handshake.
 * dhparam
 DH parameters for handshake.
 * digest
 Certificate digest.
 * ecdh
 Elliptic curve cipher.
 * info
 Information about the connection.
 * key
 Test encrypted private key.
 * loop
 Test successive connections between the server and the client 
@ -19,7 +28,16 @@ Directories:
 * loop-gc
 Same of above,  but the connection is not  explicit closed, the gabage
- collector is encharge of it.
+ collector is encharge of that.
 * oneshot
 A simple connection example.
 * verification
 Retrieve the certificate verification errors from the handshake.
 * verify
 Ignore handshake errors and proceed.
 * wantread
 Test timeout in handshake() and receive().
@ -28,7 +46,4 @@ Directories:
 Test timeout in send().
 * want
- Test want().
+ Test want() method.
 * key
 Test encrypted private key.
--- a/samples/certs/all.bat
+++ b/samples/certs/all.bat
@ -0,0 +1,14 @@
 REM make sure the 'openssl.exe' commandline tool is in your path before starting!
 REM set the path below;
 set opensslpath=c:\program files (x86)\openssl-win32\bin
 setlocal
 set path=%opensslpath%;%path%
 call roota.bat
 call rootb.bat
 call servera.bat
 call serverb.bat
 call clienta.bat
 call clientb.bat
--- a/samples/certs/clientA.bat
+++ b/samples/certs/clientA.bat
@ -0,0 +1,9 @@
 rem #!/bin/sh
 openssl req -newkey rsa:1024 -sha1 -keyout clientAkey.pem -out clientAreq.pem -nodes -config ./clientA.cnf -days 365 -batch
 openssl x509 -req -in clientAreq.pem -sha1 -extfile ./clientA.cnf -extensions usr_cert -CA rootA.pem -CAkey rootAkey.pem -CAcreateserial -out clientAcert.pem -days 365
 copy clientAcert.pem + rootA.pem clientA.pem
 openssl x509 -subject -issuer -noout -in clientA.pem
--- a/samples/certs/clientA.cnf
+++ b/samples/certs/clientA.cnf
@ -50,7 +50,7 @@ crl		= $dir/crl.pem 		# The current CRL
 private_key	= $dir/private/cakey.pem # The private key
 RANDFILE	= $dir/private/.rand	# private random number file
-x509_extensions	= usr_cert		# The extentions to add to the cert
+x509_extensions	= usr_cert		# The extensions to add to the cert
 # Comment out the following two lines for the "traditional"
 # (and highly broken) format.
@ -102,7 +102,7 @@ default_bits		= 1024
 default_keyfile 	= privkey.pem
 distinguished_name	= req_distinguished_name
 attributes		= req_attributes
-x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+x509_extensions	= v3_ca	# The extensions to add to the self signed cert
 # Passwords for private keys if not present they will be prompted for
 # input_password = secret
--- a/samples/certs/clientB.bat
+++ b/samples/certs/clientB.bat
@ -0,0 +1,9 @@
 rem #!/bin/sh
 openssl req -newkey rsa:1024 -sha1 -keyout clientBkey.pem -out clientBreq.pem -nodes -config ./clientB.cnf -days 365 -batch
 openssl x509 -req -in clientBreq.pem -sha1 -extfile ./clientB.cnf -extensions usr_cert -CA rootB.pem -CAkey rootBkey.pem -CAcreateserial -out clientBcert.pem -days 365
 copy clientBcert.pem + rootB.pem clientB.pem
 openssl x509 -subject -issuer -noout -in clientB.pem
--- a/samples/certs/clientB.cnf
+++ b/samples/certs/clientB.cnf
@ -50,7 +50,7 @@ crl		= $dir/crl.pem 		# The current CRL
 private_key	= $dir/private/cakey.pem # The private key
 RANDFILE	= $dir/private/.rand	# private random number file
-x509_extensions	= usr_cert		# The extentions to add to the cert
+x509_extensions	= usr_cert		# The extensions to add to the cert
 # Comment out the following two lines for the "traditional"
 # (and highly broken) format.
@ -102,7 +102,7 @@ default_bits		= 1024
 default_keyfile 	= privkey.pem
 distinguished_name	= req_distinguished_name
 attributes		= req_attributes
-x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+x509_extensions	= v3_ca	# The extensions to add to the self signed cert
 # Passwords for private keys if not present they will be prompted for
 # input_password = secret
--- a/samples/certs/rootA.bat
+++ b/samples/certs/rootA.bat
@ -0,0 +1,7 @@
 REM #!/bin/sh
 openssl req -newkey rsa:1024 -sha1 -keyout rootAkey.pem -out rootAreq.pem -nodes -config ./rootA.cnf -days 365 -batch
 openssl x509 -req -in rootAreq.pem -sha1 -extfile ./rootA.cnf -extensions v3_ca -signkey rootAkey.pem -out rootA.pem -days 365
 openssl x509 -subject -issuer -noout -in rootA.pem
--- a/samples/certs/rootA.cnf
+++ b/samples/certs/rootA.cnf
@ -50,7 +50,7 @@ crl		= $dir/crl.pem 		# The current CRL
 private_key	= $dir/private/cakey.pem # The private key
 RANDFILE	= $dir/private/.rand	# private random number file
-x509_extensions	= usr_cert		# The extentions to add to the cert
+x509_extensions	= usr_cert		# The extensions to add to the cert
 # Comment out the following two lines for the "traditional"
 # (and highly broken) format.
@ -102,7 +102,7 @@ default_bits		= 1024
 default_keyfile 	= privkey.pem
 distinguished_name	= req_distinguished_name
 attributes		= req_attributes
-x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+x509_extensions	= v3_ca	# The extensions to add to the self signed cert
 # Passwords for private keys if not present they will be prompted for
 # input_password = secret
--- a/samples/certs/rootB.bat
+++ b/samples/certs/rootB.bat
@ -0,0 +1,7 @@
 rem #!/bin/sh
 openssl req -newkey rsa:1024 -sha1 -keyout rootBkey.pem -out rootBreq.pem -nodes -config ./rootB.cnf -days 365 -batch
 openssl x509 -req -in rootBreq.pem -sha1 -extfile ./rootB.cnf -extensions v3_ca -signkey rootBkey.pem -out rootB.pem -days 365
 openssl x509 -subject -issuer -noout -in rootB.pem
--- a/samples/certs/rootB.cnf
+++ b/samples/certs/rootB.cnf
@ -50,7 +50,7 @@ crl		= $dir/crl.pem 		# The current CRL
 private_key	= $dir/private/cakey.pem # The private key
 RANDFILE	= $dir/private/.rand	# private random number file
-x509_extensions	= usr_cert		# The extentions to add to the cert
+x509_extensions	= usr_cert		# The extensions to add to the cert
 # Comment out the following two lines for the "traditional"
 # (and highly broken) format.
@ -102,7 +102,7 @@ default_bits		= 1024
 default_keyfile 	= privkey.pem
 distinguished_name	= req_distinguished_name
 attributes		= req_attributes
-x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+x509_extensions	= v3_ca	# The extensions to add to the self signed cert
 # Passwords for private keys if not present they will be prompted for
 # input_password = secret
--- a/samples/certs/serverA.bat
+++ b/samples/certs/serverA.bat
@ -0,0 +1,9 @@
 rem #!/bin/sh
 openssl req -newkey rsa:1024 -keyout serverAkey.pem -out serverAreq.pem -config ./serverA.cnf -nodes -days 365 -batch
 openssl x509 -req -in serverAreq.pem -sha1 -extfile ./serverA.cnf -extensions usr_cert -CA rootA.pem -CAkey rootAkey.pem -CAcreateserial -out serverAcert.pem -days 365
 copy serverAcert.pem + rootA.pem serverA.pem
 openssl x509 -subject -issuer -noout -in serverA.pem
--- a/samples/certs/serverA.cnf
+++ b/samples/certs/serverA.cnf
@ -50,7 +50,7 @@ crl		= $dir/crl.pem 		# The current CRL
 private_key	= $dir/private/cakey.pem # The private key
 RANDFILE	= $dir/private/.rand	# private random number file
-x509_extensions	= usr_cert		# The extentions to add to the cert
+x509_extensions	= usr_cert		# The extensions to add to the cert
 # Comment out the following two lines for the "traditional"
 # (and highly broken) format.
@ -102,7 +102,7 @@ default_bits		= 1024
 default_keyfile 	= privkey.pem
 distinguished_name	= req_distinguished_name
 attributes		= req_attributes
-x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+x509_extensions	= v3_ca	# The extensions to add to the self signed cert
 # Passwords for private keys if not present they will be prompted for
 # input_password = secret
@ -172,7 +172,7 @@ basicConstraints=CA:FALSE
 # the certificate can be used for anything *except* object signing.
 # This is OK for an SSL server.
-# nsCertType			= server
+nsCertType			= server
 # For an object signing certificate this would be used.
 # nsCertType = objsign
--- a/samples/certs/serverB.bat
+++ b/samples/certs/serverB.bat
@ -0,0 +1,9 @@
 rem #!/bin/sh
 openssl req -newkey rsa:1024 -keyout serverBkey.pem -out serverBreq.pem -config ./serverB.cnf -nodes -days 365 -batch
 openssl x509 -req -in serverBreq.pem -sha1 -extfile ./serverB.cnf -extensions usr_cert -CA rootB.pem -CAkey rootBkey.pem -CAcreateserial -out serverBcert.pem -days 365
 copy serverBcert.pem + rootB.pem serverB.pem
 openssl x509 -subject -issuer -noout -in serverB.pem
--- a/samples/certs/serverB.cnf
+++ b/samples/certs/serverB.cnf
@ -50,7 +50,7 @@ crl		= $dir/crl.pem 		# The current CRL
 private_key	= $dir/private/cakey.pem # The private key
 RANDFILE	= $dir/private/.rand	# private random number file
-x509_extensions	= usr_cert		# The extentions to add to the cert
+x509_extensions	= usr_cert		# The extensions to add to the cert
 # Comment out the following two lines for the "traditional"
 # (and highly broken) format.
@ -102,7 +102,7 @@ default_bits		= 1024
 default_keyfile 	= privkey.pem
 distinguished_name	= req_distinguished_name
 attributes		= req_attributes
-x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+x509_extensions	= v3_ca	# The extensions to add to the self signed cert
 # Passwords for private keys if not present they will be prompted for
 # input_password = secret
@ -172,7 +172,7 @@ basicConstraints=CA:FALSE
 # the certificate can be used for anything *except* object signing.
 # This is OK for an SSL server.
-# nsCertType			= server
+nsCertType			= server
 # For an object signing certificate this would be used.
 # nsCertType = objsign
--- a/samples/chain/client.lua
+++ b/samples/chain/client.lua
@ -0,0 +1,36 @@
 --
 -- Public domain
 --
 local socket = require("socket")
 local ssl    = require("ssl")
 local util   = require("util") 
 local params = {
   mode = "client",
   protocol = "tlsv1_2",
   key = "../certs/clientAkey.pem",
   certificate = "../certs/clientA.pem",
   cafile = "../certs/rootA.pem",
   verify = {"peer", "fail_if_no_peer_cert"},
   options = "all",
 }
 local conn = socket.tcp()
 conn:connect("127.0.0.1", 8888)
 conn = assert( ssl.wrap(conn, params) )
 assert(conn:dohandshake())
 util.show( conn:getpeercertificate() )
 print("----------------------------------------------------------------------")
 for k, cert in ipairs( conn:getpeerchain() ) do
  util.show(cert)
 end
 local cert = conn:getpeercertificate()
 print( cert )
 print( cert:pem() )
 conn:close()
--- a/samples/chain/server.lua
+++ b/samples/chain/server.lua
@ -0,0 +1,53 @@
 --
 -- Public domain
 --
 local socket = require("socket")
 local ssl    = require("ssl")
 local util   = require("util")
 local params = {
   mode = "server",
   protocol = "any",
   key = "../certs/serverAkey.pem",
   certificate = "../certs/serverA.pem",
   cafile = "../certs/rootA.pem",
   verify = {"peer", "fail_if_no_peer_cert"},
   options = "all",
 }
 local ctx = assert(ssl.newcontext(params))
 local server = socket.tcp()
 server:setoption('reuseaddr', true)
 assert( server:bind("127.0.0.1", 8888) )
 server:listen()
 local conn = server:accept()
 conn = assert( ssl.wrap(conn, ctx) )
 assert( conn:dohandshake() )
 util.show( conn:getpeercertificate() )
 print("----------------------------------------------------------------------")
 for k, cert in ipairs( conn:getpeerchain() ) do
  util.show(cert)
 end
 local f = io.open(params.certificate)
 local str = f:read("*a")
 f:close()
 util.show( ssl.loadcertificate(str) )
 print("----------------------------------------------------------------------")
 local cert = conn:getpeercertificate()
 print( cert )
 print( cert:digest() )
 print( cert:digest("sha1") )
 print( cert:digest("sha256") )
 print( cert:digest("sha512") )
 conn:close()
 server:close()
--- a/samples/chain/util.lua
+++ b/samples/chain/util.lua
@ -0,0 +1,22 @@
 local print  = print
 local ipairs = ipairs
 local _ENV = {}
 function _ENV.show(cert)
  print("Serial:", cert:serial())
  print("NotBefore:", cert:notbefore())
  print("NotAfter:", cert:notafter())
  print("--- Issuer ---")
  for k, v in ipairs(cert:issuer()) do
    print(v.name .. " = " .. v.value)
  end
  print("--- Subject ---")
  for k, v in ipairs(cert:subject()) do
    print(v.name .. " = " .. v.value)
  end
  print("----------------------------------------------------------------------")
 end
 return _ENV
--- a/samples/curve-negotiation/client.lua
+++ b/samples/curve-negotiation/client.lua
@ -0,0 +1,28 @@
 --
 -- Public domain
 --
 local socket = require("socket")
 local ssl    = require("ssl")
 local params = {
   mode = "client",
   protocol = "any",
   key = "../certs/clientAkey.pem",
   certificate = "../certs/clientA.pem",
   cafile = "../certs/rootA.pem",
   verify = {"peer", "fail_if_no_peer_cert"},
   options = {"all"},
   --
   curve = "P-256:P-384",
 }
 local peer = socket.tcp()
 peer:connect("127.0.0.1", 8888)
 -- [[ SSL wrapper
 peer = assert( ssl.wrap(peer, params) )
 assert(peer:dohandshake())
 --]]
 print(peer:receive("*l"))
 peer:close()
--- a/samples/curve-negotiation/server.lua
+++ b/samples/curve-negotiation/server.lua
@ -0,0 +1,37 @@
 --
 -- Public domain
 --
 local socket = require("socket")
 local ssl    = require("ssl")
 local params = {
   mode = "server",
   protocol = "any",
   key = "../certs/serverAkey.pem",
   certificate = "../certs/serverA.pem",
   cafile = "../certs/rootA.pem",
   verify = {"peer", "fail_if_no_peer_cert"},
   options = {"all"},
   --
   curve = "P-384:P-256:P-521",
 }
 -- [[ SSL context
 local ctx = assert(ssl.newcontext(params))
 --]]
 local server = socket.tcp()
 server:setoption('reuseaddr', true)
 assert( server:bind("127.0.0.1", 8888) )
 server:listen()
 local peer = server:accept()
 -- [[ SSL wrapper
 peer = assert( ssl.wrap(peer, ctx) )
 assert( peer:dohandshake() )
 --]]
 peer:send("oneshot with curve negotiation test\n")
 peer:close()
--- a/samples/dhparam/client.lua
+++ b/samples/dhparam/client.lua
@ -0,0 +1,26 @@
 --
 -- Public domain
 --
 local socket = require("socket")
 local ssl    = require("ssl")
 local params = {
   mode = "client",
   protocol = "tlsv1_2",
   key = "../certs/clientAkey.pem",
   certificate = "../certs/clientA.pem",
   cafile = "../certs/rootA.pem",
   verify = {"peer", "fail_if_no_peer_cert"},
   options = "all",
 }
 local peer = socket.tcp()
 peer:connect("127.0.0.1", 8888)
 -- [[ SSL wrapper
 peer = assert( ssl.wrap(peer, params) )
 assert(peer:dohandshake())
 --]]
 print(peer:receive("*l"))
 peer:close()
--- a/samples/dhparam/params.sh
+++ b/samples/dhparam/params.sh
@ -0,0 +1,4 @@
 #!/bin/sh
 openssl dhparam -2 -out dh-512.pem  -outform PEM 512
 openssl dhparam -2 -out dh-1024.pem -outform PEM 1024
--- a/samples/dhparam/server.lua
+++ b/samples/dhparam/server.lua
@ -0,0 +1,61 @@
 --
 -- Public domain
 --
 local socket = require("socket")
 local ssl    = require("ssl")
 local function readfile(filename)
  local fd = assert(io.open(filename))
  local dh = fd:read("*a")
  fd:close()
  return dh
 end
 local function dhparam_cb(export, keylength)
  print("---")
  print("DH Callback")
  print("Export", export)
  print("Key length", keylength)
  print("---")
  local filename
  if keylength == 512 then
    filename = "dh-512.pem"
  elseif keylength == 1024 then
    filename = "dh-1024.pem"
  else
    -- No key
    return nil
  end
  return readfile(filename)
 end
 local params = {
   mode = "server",
   protocol = "any",
   key = "../certs/serverAkey.pem",
   certificate = "../certs/serverA.pem",
   cafile = "../certs/rootA.pem",
   verify = {"peer", "fail_if_no_peer_cert"},
   options = "all",
   dhparam = dhparam_cb,
 }
 -- [[ SSL context
 local ctx = assert(ssl.newcontext(params))
 --]]
 local server = socket.tcp()
 server:setoption('reuseaddr', true)
 assert( server:bind("127.0.0.1", 8888) )
 server:listen()
 local peer = server:accept()
 -- [[ SSL wrapper
 peer = assert( ssl.wrap(peer, ctx) )
 assert( peer:dohandshake() )
 --]]
 peer:send("oneshot test\n")
 peer:close()
--- a/samples/digest/client.lua
+++ b/samples/digest/client.lua
@ -0,0 +1,26 @@
 --
 -- Public domain
 --
 local socket = require("socket")
 local ssl    = require("ssl")
 local params = {
   mode = "client",
   protocol = "tlsv1_2",
   key = "../certs/clientAkey.pem",
   certificate = "../certs/clientA.pem",
   cafile = "../certs/rootA.pem",
   verify = {"peer", "fail_if_no_peer_cert"},
   options = "all",
 }
 local peer = socket.tcp()
 peer:connect("127.0.0.1", 8888)
 -- [[ SSL wrapper
 peer = assert( ssl.wrap(peer, params) )
 assert(peer:dohandshake())
 --]]
 print(peer:receive("*l"))
 peer:close()
--- a/samples/digest/server.lua
+++ b/samples/digest/server.lua
@ -0,0 +1,44 @@
 --
 -- Public domain
 --
 local socket = require("socket")
 local ssl    = require("ssl")
 local params = {
   mode = "server",
   protocol = "any",
   key = "../certs/serverAkey.pem",
   certificate = "../certs/serverA.pem",
   cafile = "../certs/rootA.pem",
   verify = {"peer", "fail_if_no_peer_cert"},
   options = "all",
 }
 -- [[ SSL context
 local ctx = assert(ssl.newcontext(params))
 --]]
 local server = socket.tcp()
 server:setoption('reuseaddr', true)
 assert( server:bind("127.0.0.1", 8888) )
 server:listen()
 local peer = server:accept()
 -- [[ SSL wrapper
 peer = assert( ssl.wrap(peer, ctx) )
 assert( peer:dohandshake() )
 --]]
 local cert = peer:getpeercertificate()
 local sha1   = cert:digest("sha1")
 local sha256 = cert:digest("sha256")
 local sha512 = cert:digest("sha512")
 print("SHA1",   sha1)
 print("SHA256", sha256)
 print("SHA512", sha512)
 peer:send("oneshot test\n")
 peer:close()
--- a/samples/ecdh/client.lua
+++ b/samples/ecdh/client.lua
@ -0,0 +1,33 @@
 --
 -- Public domain
 --
 local socket = require("socket")
 local ssl    = require("ssl")
 local params = {
   mode = "client",
   protocol = "tlsv1_2",
   key = "../certs/clientAkey.pem",
   certificate = "../certs/clientA.pem",
   cafile = "../certs/rootA.pem",
   verify = {"peer", "fail_if_no_peer_cert"},
   options = "all",
   --
   curve = "secp384r1",
 }
 --------------------------------------------------------------------------------
 local peer = socket.tcp()
 peer:connect("127.0.0.1", 8888)
 peer = assert( ssl.wrap(peer, params) )
 assert(peer:dohandshake())
 print("--- INFO  ---")
 local info = peer:info()
 for k, v in pairs(info) do
  print(k, v)
 end
 print("---")
 peer:close()
--- a/samples/ecdh/server.lua
+++ b/samples/ecdh/server.lua
@ -0,0 +1,40 @@
 --
 -- Public domain
 --
 local socket = require("socket")
 local ssl    = require("ssl")
 local params = {
   mode = "server",
   protocol = "any",
   key = "../certs/serverAkey.pem",
   certificate = "../certs/serverA.pem",
   cafile = "../certs/rootA.pem",
   verify = {"peer", "fail_if_no_peer_cert"},
   options = "all",
   --
   curve = "secp384r1",
 }
 ------------------------------------------------------------------------------
 local ctx = assert(ssl.newcontext(params))
 local server = socket.tcp()
 server:setoption('reuseaddr', true)
 assert( server:bind("127.0.0.1", 8888) )
 server:listen()
 local peer = server:accept()
 peer = assert( ssl.wrap(peer, ctx) )
 assert( peer:dohandshake() )
 print("--- INFO ---")
 local info = peer:info()
 for k, v in pairs(info) do
  print(k, v)
 end
 print("---")
 peer:close()
 server:close()
--- a/samples/info/client.lua
+++ b/samples/info/client.lua
@ -0,0 +1,26 @@
 --
 -- Public domain
 --
 local socket = require("socket")
 local ssl    = require("ssl")
 local params = {
   mode = "client",
   protocol = "tlsv1_2",
   key = "../certs/clientAkey.pem",
   certificate = "../certs/clientA.pem",
   cafile = "../certs/rootA.pem",
   verify = {"peer", "fail_if_no_peer_cert"},
   options = "all",
 }
 local peer = socket.tcp()
 peer:connect("127.0.0.1", 8888)
 -- [[ SSL wrapper
 peer = assert( ssl.wrap(peer, params) )
 assert(peer:dohandshake())
 --]]
 print(peer:receive("*l"))
 peer:close()
--- a/samples/info/server.lua
+++ b/samples/info/server.lua
@ -0,0 +1,48 @@
 --
 -- Public domain
 --
 local socket = require("socket")
 local ssl    = require("ssl")
 local params = {
   mode = "server",
   protocol = "any",
   key = "../certs/serverAkey.pem",
   certificate = "../certs/serverA.pem",
   cafile = "../certs/rootA.pem",
   verify = {"peer", "fail_if_no_peer_cert"},
   options = "all",
 }
 -- [[ SSL context
 local ctx = assert(ssl.newcontext(params))
 --]]
 local server = socket.tcp()
 server:setoption('reuseaddr', true)
 assert( server:bind("127.0.0.1", 8888) )
 server:listen()
 local peer = server:accept()
 -- [[ SSL wrapper
 peer = assert( ssl.wrap(peer, ctx) )
 -- Before handshake: nil
 print( peer:info() )
 assert( peer:dohandshake() )
 --]]
 print("---")
 local info = peer:info()
 for k, v in pairs(info) do
  print(k, v)
 end
 print("---")
 print("-> Compression", peer:info("compression"))
 peer:send("oneshot test\n")
 peer:close()
--- a/samples/key/loadkey.lua
+++ b/samples/key/loadkey.lua
@ -1,7 +1,7 @@
 --
 -- Public domain
 --
-require("ssl")
+local ssl = require("ssl")
 local pass = "foobar"
 local cfg = {
--- a/samples/loop-gc/client.lua
+++ b/samples/loop-gc/client.lua
@ -1,17 +1,17 @@
 --
 -- Public domain
 --
-require("socket")
+local socket = require("socket")
-require("ssl")
+local ssl    = require("ssl")
 local params = {
   mode = "client",
-   protocol = "sslv3",
+   protocol = "tlsv1_2",
   key = "../certs/clientAkey.pem",
   certificate = "../certs/clientA.pem",
   cafile = "../certs/rootA.pem",
   verify = {"peer", "fail_if_no_peer_cert"},
-   options = {"all", "no_sslv2"},
+   options = "all",
 }
 while true do
--- a/samples/loop-gc/server.lua
+++ b/samples/loop-gc/server.lua
@ -1,17 +1,17 @@
 --
 -- Public domain
 --
-require("socket")
+local socket = require("socket")
-require("ssl")
+local ssl    = require("ssl")
 local params = {
   mode = "server",
-   protocol = "sslv3",
+   protocol = "any",
   key = "../certs/serverAkey.pem",
   certificate = "../certs/serverA.pem",
   cafile = "../certs/rootA.pem",
   verify = {"peer", "fail_if_no_peer_cert"},
-   options = {"all", "no_sslv2"},
+   options = "all",
 }
 -- [[ SSL context 
--- a/samples/loop/client.lua
+++ b/samples/loop/client.lua
@ -1,17 +1,17 @@
 --
 -- Public domain
 --
-require("socket")
+local socket = require("socket")
-require("ssl")
+local ssl    = require("ssl")
 local params = {
   mode = "client",
-   protocol = "sslv3",
+   protocol = "tlsv1_2",
   key = "../certs/clientAkey.pem",
   certificate = "../certs/clientA.pem",
   cafile = "../certs/rootA.pem",
   verify = {"peer", "fail_if_no_peer_cert"},
-   options = {"all", "no_sslv2"},
+   options = "all",
 }
 while true do
--- a/samples/loop/server.lua
+++ b/samples/loop/server.lua
@ -1,17 +1,17 @@
 --
 -- Public domain
 --
-require("socket")
+local socket = require("socket")
-require("ssl")
+local ssl    = require("ssl")
 local params = {
   mode = "server",
-   protocol = "sslv3",
+   protocol = "any",
   key = "../certs/serverAkey.pem",
   certificate = "../certs/serverA.pem",
   cafile = "../certs/rootA.pem",
   verify = {"peer", "fail_if_no_peer_cert"},
-   options = {"all", "no_sslv2"},
+   options = "all",
 }
 -- [[ SSL context 
--- a/samples/luaossl/client.lua
+++ b/samples/luaossl/client.lua
@ -0,0 +1,40 @@
 --
 -- Public domain
 --
 local socket = require("socket")
 local ssl    = require("ssl")
 local pkey = require "openssl.pkey"
 local ssl_context = require "openssl.ssl.context"
 local x509 = require "openssl.x509"
 local x509_store = require "openssl.x509.store"
 local function read_file(path)
 	local file, err, errno = io.open(path, "rb")
 	if not file then
 		return nil, err, errno
 	end
 	local contents
 	contents, err, errno = file:read "*a"
 	file:close()
 	return contents, err, errno
 end
 local ctx = ssl_context.new("TLSv1_2", false)
 ctx:setPrivateKey(pkey.new(assert(read_file("../certs/clientAkey.pem"))))
 ctx:setCertificate(x509.new(assert(read_file("../certs/clientA.pem"))))
 local store = x509_store.new()
 store:add("../certs/rootA.pem")
 ctx:setStore(store)
 ctx:setVerify(ssl_context.VERIFY_FAIL_IF_NO_PEER_CERT)
 local peer = socket.tcp()
 peer:connect("127.0.0.1", 8888)
 -- [[ SSL wrapper
 peer = assert( ssl.wrap(peer, ctx) )
 assert(peer:dohandshake())
 --]]
 print(peer:receive("*l"))
 peer:close()
--- a/samples/luaossl/server.lua
+++ b/samples/luaossl/server.lua
@ -0,0 +1,58 @@
 --
 -- Public domain
 --
 local socket = require("socket")
 local ssl    = require("ssl")
 local pkey = require "openssl.pkey"
 local ssl_context = require "openssl.ssl.context"
 local x509 = require "openssl.x509"
 local x509_store = require "openssl.x509.store"
 local function read_file(path)
 	local file, err, errno = io.open(path, "rb")
 	if not file then
 		return nil, err, errno
 	end
 	local contents
 	contents, err, errno = file:read "*a"
 	file:close()
 	return contents, err, errno
 end
 local ctx = ssl_context.new("TLSv1_2", true)
 ctx:setPrivateKey(pkey.new(assert(read_file("../certs/serverAkey.pem"))))
 ctx:setCertificate(x509.new(assert(read_file("../certs/serverA.pem"))))
 local store = x509_store.new()
 store:add("../certs/rootA.pem")
 ctx:setStore(store)
 ctx:setVerify(ssl_context.VERIFY_FAIL_IF_NO_PEER_CERT)
 local server = socket.tcp()
 server:setoption('reuseaddr', true)
 assert( server:bind("127.0.0.1", 8888) )
 server:listen()
 local peer = server:accept()
 -- [[ SSL wrapper
 peer = assert( ssl.wrap(peer, ctx) )
 -- Before handshake: nil
 print( peer:info() )
 assert( peer:dohandshake() )
 --]]
 print("---")
 local info = peer:info()
 for k, v in pairs(info) do
  print(k, v)
 end
 print("---")
 print("-> Compression", peer:info("compression"))
 peer:send("oneshot test\n")
 peer:close()
--- a/samples/oneshot/client.lua
+++ b/samples/oneshot/client.lua
@ -1,17 +1,17 @@
 --
 -- Public domain
 --
-require("socket")
+local socket = require("socket")
-require("ssl")
+local ssl    = require("ssl")
 local params = {
   mode = "client",
-   protocol = "sslv3",
+   protocol = "tlsv1_2",
   key = "../certs/clientAkey.pem",
   certificate = "../certs/clientA.pem",
   cafile = "../certs/rootA.pem",
   verify = {"peer", "fail_if_no_peer_cert"},
-   options = {"all", "no_sslv2"},
+   options = "all",
 }
 local peer = socket.tcp()
--- a/samples/oneshot/server.lua
+++ b/samples/oneshot/server.lua
@ -1,17 +1,17 @@
 --
 -- Public domain
 --
-require("socket")
+local socket = require("socket")
-require("ssl")
+local ssl    = require("ssl")
 local params = {
   mode = "server",
-   protocol = "sslv3",
+   protocol = "any",
   key = "../certs/serverAkey.pem",
   certificate = "../certs/serverA.pem",
   cafile = "../certs/rootA.pem",
   verify = {"peer", "fail_if_no_peer_cert"},
-   options = {"all", "no_sslv2"},
+   options = "all",
 }
--- a/samples/sni/client.lua
+++ b/samples/sni/client.lua
@ -0,0 +1,35 @@
 local socket = require("socket")
 local ssl    = require("ssl")
 local params = {
  mode = "client",
  protocol = "tlsv1_2",
  key = "../certs/clientAkey.pem",
  certificate = "../certs/clientA.pem",
  cafile = "../certs/rootA.pem",
  verify = "peer",
  options = "all",
 }
 local conn = socket.tcp()
 conn:connect("127.0.0.1", 8888)
 -- TLS/SSL initialization
 conn = ssl.wrap(conn, params)
 -- Comment the lines to not send a name
 --conn:sni("servera.br")
 --conn:sni("serveraa.br")
 conn:sni("serverb.br")
 assert(conn:dohandshake())
 --
 local cert = conn:getpeercertificate()
 for k, v in pairs(cert:subject()) do
  for i, j in pairs(v) do
    print(i, j)
  end
 end
 --
 print(conn:receive("*l"))
 conn:close()
--- a/samples/sni/server.lua
+++ b/samples/sni/server.lua
@ -0,0 +1,52 @@
 local socket = require("socket")
 local ssl    = require("ssl")
 local params01 = {
  mode = "server",
  protocol = "any",
  key = "../certs/serverAkey.pem",
  certificate = "../certs/serverA.pem",
  cafile = "../certs/rootA.pem",
  verify = "none",
  options = "all",
  ciphers = "ALL:!ADH:@STRENGTH",
 }
 local params02 = {
  mode = "server",
  protocol = "any",
  key = "../certs/serverAAkey.pem",
  certificate = "../certs/serverAA.pem",
  cafile = "../certs/rootA.pem",
  verify = "none",
  options = "all",
  ciphers = "ALL:!ADH:@STRENGTH",
 }
 --
 local ctx01 = ssl.newcontext(params01)
 local ctx02 = ssl.newcontext(params02)
 --
 local server = socket.tcp()
 server:setoption('reuseaddr', true)
 server:bind("127.0.0.1", 8888)
 server:listen()
 local conn = server:accept()
 --
 -- Default context (when client does not send a name) is ctx01
 conn = ssl.wrap(conn, ctx01)
 -- Configure the name map
 local sni_map = {
  ["servera.br"]  = ctx01,
  ["serveraa.br"] = ctx02,
 }
 conn:sni(sni_map, true)
 assert(conn:dohandshake())
 --
 conn:send("one line\n")
 conn:close()
--- a/samples/verification/fail-string/client.lua
+++ b/samples/verification/fail-string/client.lua
@ -0,0 +1,29 @@
 --
 -- Public domain
 --
 local socket = require("socket")
 local ssl    = require("ssl")
 local params = {
   mode = "client",
   protocol = "tlsv1",
   key = "../../certs/clientBkey.pem",
   certificate = "../../certs/clientB.pem",
   cafile = "../../certs/rootB.pem",
   verify = "none",
   options = "all",
 }
 local peer = socket.tcp()
 peer:connect("127.0.0.1", 8888)
 -- [[ SSL wrapper
 peer = assert( ssl.wrap(peer, params) )
 assert(peer:dohandshake())
 --]]
 local err, msg = peer:getpeerverification()
 print(err, msg)
 print(peer:receive("*l"))
 peer:close()
--- a/samples/verification/fail-string/server.lua
+++ b/samples/verification/fail-string/server.lua
@ -0,0 +1,37 @@
 --
 -- Public domain
 --
 local socket = require("socket")
 local ssl    = require("ssl")
 local params = {
   mode = "server",
   protocol = "tlsv1",
   key = "../../certs/serverAkey.pem",
   certificate = "../../certs/serverA.pem",
   cafile = "../../certs/rootA.pem",
   verify = "none",
   options = "all",
 }
 -- [[ SSL context
 local ctx = assert(ssl.newcontext(params))
 --]]
 local server = socket.tcp()
 server:setoption('reuseaddr', true)
 assert( server:bind("127.0.0.1", 8888) )
 server:listen()
 local peer = server:accept()
 -- [[ SSL wrapper
 peer = assert( ssl.wrap(peer, ctx) )
 assert( peer:dohandshake() )
 --]]
 local err, msg = peer:getpeerverification()
 print(err, msg)
 peer:send("oneshot test\n")
 peer:close()
--- a/samples/verification/fail-table/client.lua
+++ b/samples/verification/fail-table/client.lua
@ -0,0 +1,39 @@
 --
 -- Public domain
 --
 local socket = require("socket")
 local ssl    = require("ssl")
 local params = {
   mode = "client",
   protocol = "tlsv1",
   key = "../../certs/clientBkey.pem",
   certificate = "../../certs/clientB.pem",
   cafile = "../../certs/rootB.pem",
   verify = {"peer", "fail_if_no_peer_cert"},
   options = "all",
   verifyext = "lsec_continue",
 }
 -- [[ SSL context
 local ctx = assert(ssl.newcontext(params))
 --]]
 local peer = socket.tcp()
 peer:connect("127.0.0.1", 8888)
 -- [[ SSL wrapper
 peer = assert( ssl.wrap(peer, ctx) )
 assert(peer:dohandshake())
 --]]
 local succ, errs = peer:getpeerverification()
 print(succ, errs)
 for i, err in pairs(errs) do
  for j, msg in ipairs(err) do
    print("depth = " .. i, "error = " .. msg)
  end
 end
 print(peer:receive("*l"))
 peer:close()
--- a/samples/verification/fail-table/server.lua
+++ b/samples/verification/fail-table/server.lua
@ -0,0 +1,43 @@
 --
 -- Public domain
 --
 local socket = require("socket")
 local ssl    = require("ssl")
 local params = {
   mode = "server",
   protocol = "tlsv1",
   key = "../../certs/serverAkey.pem",
   certificate = "../../certs/serverA.pem",
   cafile = "../../certs/rootA.pem",
   verify = {"peer", "fail_if_no_peer_cert"},
   options = "all",
   verifyext = {"lsec_continue", "crl_check", "crl_check_chain"},
 }
 -- [[ SSL context
 local ctx = assert(ssl.newcontext(params))
 --]]
 local server = socket.tcp()
 server:setoption('reuseaddr', true)
 assert( server:bind("127.0.0.1", 8888) )
 server:listen()
 local peer = server:accept()
 -- [[ SSL wrapper
 peer = assert( ssl.wrap(peer, ctx) )
 assert( peer:dohandshake() )
 --]]
 local succ, errs = peer:getpeerverification()
 print(succ, errs)
 for i, err in pairs(errs) do
  for j, msg in ipairs(err) do
    print("depth = " .. i, "error = " .. msg)
  end
 end
 peer:send("oneshot test\n")
 peer:close()
--- a/samples/verification/success/client.lua
+++ b/samples/verification/success/client.lua
@ -0,0 +1,29 @@
 --
 -- Public domain
 --
 local socket = require("socket")
 local ssl    = require("ssl")
 local params = {
   mode = "client",
   protocol = "tlsv1",
   key = "../../certs/clientAkey.pem",
   certificate = "../../certs/clientA.pem",
   cafile = "../../certs/rootA.pem",
   verify = {"peer", "fail_if_no_peer_cert"},
   options = "all",
 }
 local peer = socket.tcp()
 peer:connect("127.0.0.1", 8888)
 -- [[ SSL wrapper
 peer = assert( ssl.wrap(peer, params) )
 assert(peer:dohandshake())
 --]]
 local err, msg = peer:getpeerverification()
 print(err, msg)
 print(peer:receive("*l"))
 peer:close()
--- a/samples/verification/success/server.lua
+++ b/samples/verification/success/server.lua
@ -0,0 +1,38 @@
 --
 -- Public domain
 --
 local socket = require("socket")
 local ssl    = require("ssl")
 local params = {
   mode = "server",
   protocol = "tlsv1",
   key = "../../certs/serverAkey.pem",
   certificate = "../../certs/serverA.pem",
   cafile = "../../certs/rootA.pem",
   verify = {"peer", "fail_if_no_peer_cert"},
   options = "all",
 }
 -- [[ SSL context
 local ctx = assert(ssl.newcontext(params))
 --]]
 local server = socket.tcp()
 server:setoption('reuseaddr', true)
 assert( server:bind("127.0.0.1", 8888) )
 server:listen()
 local peer = server:accept()
 -- [[ SSL wrapper
 peer = assert( ssl.wrap(peer, ctx) )
 assert( peer:dohandshake() )
 --]]
 local err, msg = peer:getpeerverification()
 print(err, msg)
 peer:send("oneshot test\n")
 peer:close()
--- a/samples/verify/client.lua
+++ b/samples/verify/client.lua
@ -0,0 +1,35 @@
 --
 -- Public domain
 --
 local socket = require("socket")
 local ssl    = require("ssl")
 local params = {
   mode = "client",
   protocol = "tlsv1_2",
   key = "../certs/serverBkey.pem",
   certificate = "../certs/serverB.pem",
   cafile = "../certs/rootB.pem",
   verify = {"peer", "fail_if_no_peer_cert"},
   verifyext = {"lsec_continue", "lsec_ignore_purpose"},
   options = "all",
 }
 local ctx = assert(ssl.newcontext(params))
 local peer = socket.tcp()
 peer:connect("127.0.0.1", 8888)
 peer = assert( ssl.wrap(peer, ctx) )
 assert(peer:dohandshake())
 local succ, errs = peer:getpeerverification()
 print(succ, errs)
 for i, err in pairs(errs) do
  for j, msg in ipairs(err) do
    print("depth = " .. i, "error = " .. msg)
  end
 end
 print(peer:receive("*l"))
 peer:close()
--- a/samples/verify/server.lua
+++ b/samples/verify/server.lua
@ -0,0 +1,40 @@
 --
 -- Public domain
 --
 local socket = require("socket")
 local ssl    = require("ssl")
 local params = {
   mode = "server",
   protocol = "any",
   key = "../certs/serverAkey.pem",
   certificate = "../certs/serverA.pem",
   cafile = "../certs/rootA.pem",
   verify = {"peer", "fail_if_no_peer_cert"},
   verifyext = {"lsec_continue", "lsec_ignore_purpose"},
   options = "all",
 }
 local ctx = assert(ssl.newcontext(params))
 local server = socket.tcp()
 server:setoption('reuseaddr', true)
 assert( server:bind("127.0.0.1", 8888) )
 server:listen()
 local peer = server:accept()
 peer = assert( ssl.wrap(peer, ctx) )
 assert( peer:dohandshake() )
 local succ, errs = peer:getpeerverification()
 print(succ, errs)
 for i, err in pairs(errs) do
  for j, msg in ipairs(err) do
    print("depth = " .. i, "error = " .. msg)
  end
 end
 peer:send("oneshot test\n")
 peer:close()
--- a/samples/want/client.lua
+++ b/samples/want/client.lua
@ -3,17 +3,17 @@
 --
 -- Public domain
 --
-require("socket")
+local socket = require("socket")
-require("ssl")
+local ssl    = require("ssl")
 local params = {
   mode = "client",
-   protocol = "sslv3",
+   protocol = "tlsv1_2",
   key = "../certs/clientAkey.pem",
   certificate = "../certs/clientA.pem",
   cafile = "../certs/rootA.pem",
   verify = {"peer", "fail_if_no_peer_cert"},
-   options = {"all", "no_sslv2"},
+   options = "all",
 }
 -- Wait until socket is ready (for reading or writing)
--- a/samples/want/server.lua
+++ b/samples/want/server.lua
@ -1,17 +1,17 @@
 --
 -- Public domain
 --
-require("socket")
+local socket = require("socket")
-require("ssl")
+local ssl    = require("ssl")
 local params = {
   mode = "server",
-   protocol = "sslv3",
+   protocol = "any",
   key = "../certs/serverAkey.pem",
   certificate = "../certs/serverA.pem",
   cafile = "../certs/rootA.pem",
   verify = {"peer", "fail_if_no_peer_cert"},
-   options = {"all", "no_sslv2"},
+   options = "all",
 }
 -- [[ SSL context
--- a/samples/wantread/client.lua
+++ b/samples/wantread/client.lua
@ -1,17 +1,17 @@
 --
 -- Public domain
 --
-require("socket")
+local socket = require("socket")
-require("ssl")
+local ssl    = require("ssl")
 local params = {
   mode = "client",
-   protocol = "sslv3",
+   protocol = "tlsv1_2",
   key = "../certs/clientAkey.pem",
   certificate = "../certs/clientA.pem",
   cafile = "../certs/rootA.pem",
   verify = {"peer", "fail_if_no_peer_cert"},
-   options = {"all", "no_sslv2"},
+   options = "all",
 }
--- a/samples/wantread/server.lua
+++ b/samples/wantread/server.lua
@ -3,17 +3,17 @@
 --
 -- Public domain
 --
-require("socket")
+local socket = require("socket")
-require("ssl")
+local ssl    = require("ssl")
 local params = {
   mode = "server",
-   protocol = "sslv3",
+   protocol = "any",
   key = "../certs/serverAkey.pem",
   certificate = "../certs/serverA.pem",
   cafile = "../certs/rootA.pem",
   verify = {"peer", "fail_if_no_peer_cert"},
-   options = {"all", "no_sslv2"},
+   options = "all",
 }
 -- [[ SSL context
--- a/samples/wantwrite/client.lua
+++ b/samples/wantwrite/client.lua
@ -1,17 +1,17 @@
 --
 -- Public domain
 --
-require("socket")
+local socket = require("socket")
-require("ssl")
+local ssl    = require("ssl")
 local params = {
   mode = "client",
-   protocol = "sslv3",
+   protocol = "tlsv1_2",
   key = "../certs/clientAkey.pem",
   certificate = "../certs/clientA.pem",
   cafile = "../certs/rootA.pem",
   verify = {"peer", "fail_if_no_peer_cert"},
-   options = {"all", "no_sslv2"},
+   options = "all",
 }
 local function wait(peer, err)
--- a/samples/wantwrite/server.lua
+++ b/samples/wantwrite/server.lua
@ -1,19 +1,19 @@
 --
 -- Public domain
 --
-require("socket")
+local socket = require("socket")
-require("ssl")
+local ssl    = require("ssl")
 print("Use Ctrl+S and Ctrl+Q to suspend and resume the server.")
 local params = {
   mode = "server",
-   protocol = "sslv3",
+   protocol = "any",
   key = "../certs/serverAkey.pem",
   certificate = "../certs/serverA.pem",
   cafile = "../certs/rootA.pem",
   verify = {"peer", "fail_if_no_peer_cert"},
-   options = {"all", "no_sslv2"},
+   options = "all",
 }
--- a/src/Makefile
+++ b/src/Makefile
@ -2,60 +2,65 @@ CMOD=ssl.so
 LMOD=ssl.lua
 OBJS= \
- timeout.o \
+ options.o \
- buffer.o \
+ x509.o    \
 io.o \
 usocket.o \
 context.o \
- ssl.o
+ ssl.o     \
 config.o  \
 ec.o
-LIBS=-lssl -lcrypto
+LIBS=-lssl -lcrypto -lluasocket
 WARN=-Wall -pedantic
-BSD_CFLAGS=-O2 -fpic $(WARN) $(INCDIR) $(DEFS)
+BSD_CFLAGS=-O2 -fPIC $(WARN) $(INCDIR) $(DEFS)
-BSD_LDFLAGS=-O -shared -fpic $(LIBDIR)
+BSD_LDFLAGS=-O -fPIC -shared $(LIBDIR)
-LNX_CFLAGS=-O2 -fpic $(WARN) $(INCDIR) $(DEFS)
+LNX_CFLAGS=-O2 -fPIC $(WARN) $(INCDIR) $(DEFS)
-LNX_LDFLAGS=-O -shared -fpic $(LIBDIR)
+LNX_LDFLAGS=-O -fPIC -shared $(LIBDIR)
 MAC_ENV=env MACOSX_DEPLOYMENT_TARGET='$(MACVER)'
 MAC_CFLAGS=-O2 -fno-common $(WARN) $(INCDIR) $(DEFS)
 MAC_LDFLAGS=-bundle -undefined dynamic_lookup $(LIBDIR)
-CP=cp
+INSTALL  = install
-CC=gcc
+CC      ?= cc
-LD=$(MYENV) gcc
+LD      ?= $(MYENV) cc
-CFLAGS=$(MYCFLAGS)
+CFLAGS  += $(MYCFLAGS)
-LDFLAGS=$(MYLDFLAGS)
+LDFLAGS += $(MYLDFLAGS)
-.PHONY: all clean install none linux bsd macosx
+.PHONY: all clean install none linux bsd macosx luasocket
 all:
 install: $(CMOD) $(LMOD)
-	$(CP) $(CMOD) $(CPATH)
+	$(INSTALL) -d $(DESTDIR)$(LUAPATH)/ssl $(DESTDIR)$(LUACPATH)
-	$(CP) $(LMOD) $(LUAPATH)
+	$(INSTALL) $(CMOD) $(DESTDIR)$(LUACPATH)
 	$(INSTALL) -m644 $(LMOD) $(DESTDIR)$(LUAPATH)
 	$(INSTALL) -m644 https.lua $(DESTDIR)$(LUAPATH)/ssl
 linux:
-	@$(MAKE) $(CMOD) MYCFLAGS="$(LNX_CFLAGS)" MYLDFLAGS="$(LNX_LDFLAGS)"
+	@$(MAKE) $(CMOD) MYCFLAGS="$(LNX_CFLAGS)" MYLDFLAGS="$(LNX_LDFLAGS)" EXTRA="$(EXTRA)"
 bsd:
-	@$(MAKE) $(CMOD) MYCFLAGS="$(BSD_CFLAGS)" MYLDFLAGS="$(BSD_LDFLAGS)"
+	@$(MAKE) $(CMOD) MYCFLAGS="$(BSD_CFLAGS)" MYLDFLAGS="$(BSD_LDFLAGS)" EXTRA="$(EXTRA)"
 macosx:
-	@$(MAKE) $(CMOD) MYCFLAGS="$(MAC_CFLAGS)" MYLDFLAGS="$(MAC_LDFLAGS)" MYENV="$(MAC_ENV)"
+	@$(MAKE) $(CMOD) MYCFLAGS="$(MAC_CFLAGS)" MYLDFLAGS="$(MAC_LDFLAGS)" MYENV="$(MAC_ENV)" EXTRA="$(EXTRA)"
 luasocket:
 	@cd luasocket && $(MAKE)
-$(CMOD): $(OBJS)
+$(CMOD): $(EXTRA) $(OBJS)
 	$(LD) $(LDFLAGS) -o $@ $(OBJS) $(LIBS)
 clean:
 	cd luasocket && $(MAKE) clean
 	rm -f $(OBJS) $(CMOD)
-buffer.o: buffer.c buffer.h io.h timeout.h
+options.o: options.h options.c
-io.o: io.c io.h timeout.h
+ec.o: ec.c ec.h
-timeout.o: timeout.c timeout.h
+x509.o: x509.c x509.h compat.h
-usocket.o: usocket.c socket.h io.h timeout.h usocket.h
+context.o: context.c context.h ec.h compat.h
-context.o: context.c context.h
+ssl.o: ssl.c ssl.h context.h x509.h compat.h
-ssl.o: ssl.c socket.h io.h timeout.h usocket.h buffer.h context.h context.c
+config.o: config.c ec.h options.h compat.h
--- a/src/compat.h
+++ b/src/compat.h
@ -0,0 +1,31 @@
 /*--------------------------------------------------------------------------
 * LuaSec 0.7.2
 *
 * Copyright (C) 2006-2019 Bruno Silvestre
 *
 *--------------------------------------------------------------------------*/
 #ifndef LSEC_COMPAT_H
 #define LSEC_COMPAT_H
 #if defined(_WIN32)
 #define LSEC_API __declspec(dllexport) 
 #else
 #define LSEC_API extern
 #endif
 #if (LUA_VERSION_NUM == 501)
 #define luaL_testudata(L, ud, tname)  lsec_testudata(L, ud, tname)
 #define setfuncs(L, R)    luaL_register(L, NULL, R)
 #define lua_rawlen(L, i)  lua_objlen(L, i)
 #ifndef luaL_newlib
 #define luaL_newlib(L, R) do { lua_newtable(L); luaL_register(L, NULL, R); } while(0)
 #endif
 #else
 #define setfuncs(L, R) luaL_setfuncs(L, R, 0)
 #endif
 #endif
--- a/src/config.c
+++ b/src/config.c
@ -0,0 +1,88 @@
 /*--------------------------------------------------------------------------
 * LuaSec 0.7.2
 *
 * Copyright (C) 2006-2019 Bruno Silvestre.
 *
 *--------------------------------------------------------------------------*/
 #include "compat.h"
 #include "options.h"
 #include "ec.h"
 /**
 * Registre the module.
 */
 LSEC_API int luaopen_ssl_config(lua_State *L)
 {
  lsec_ssl_option_t *opt;
  lua_newtable(L);
  // Options
  lua_pushstring(L, "options");
  lua_newtable(L);
  for (opt = lsec_get_ssl_options(); opt->name; opt++) {
    lua_pushstring(L, opt->name);
    lua_pushboolean(L, 1);
    lua_rawset(L, -3);
  }
  lua_rawset(L, -3);
  // Protocols
  lua_pushstring(L, "protocols");
  lua_newtable(L);
 #ifndef OPENSSL_NO_SSL3
  lua_pushstring(L, "sslv3");
  lua_pushboolean(L, 1);
  lua_rawset(L, -3);
 #endif
  lua_pushstring(L, "tlsv1");
  lua_pushboolean(L, 1);
  lua_rawset(L, -3);
 #if (OPENSSL_VERSION_NUMBER >= 0x1000100fL)
  lua_pushstring(L, "tlsv1_1");
  lua_pushboolean(L, 1);
  lua_rawset(L, -3);
  lua_pushstring(L, "tlsv1_2");
  lua_pushboolean(L, 1);
  lua_rawset(L, -3);
 #endif
  lua_rawset(L, -3);
  // Algorithms
  lua_pushstring(L, "algorithms");
  lua_newtable(L);
 #ifndef OPENSSL_NO_EC
  lua_pushstring(L, "ec");
  lua_pushboolean(L, 1);
  lua_rawset(L, -3);
 #endif
  lua_rawset(L, -3);
  // Curves
  lua_pushstring(L, "curves");
  lsec_get_curves(L);
  lua_rawset(L, -3);
  // Capabilities
  lua_pushstring(L, "capabilities");
  lua_newtable(L);
 #ifndef OPENSSL_NO_EC
 #if defined(SSL_CTRL_SET_ECDH_AUTO) || defined(SSL_CTRL_SET_CURVES_LIST) || defined(SSL_CTX_set1_curves_list)
  lua_pushstring(L, "curves_list");
  lua_pushboolean(L, 1);
  lua_rawset(L, -3);
 #ifdef SSL_CTRL_SET_ECDH_AUTO
  lua_pushstring(L, "ecdh_auto");
  lua_pushboolean(L, 1);
  lua_rawset(L, -3);
 #endif
 #endif
 #endif
  lua_rawset(L, -3);
  return 1;
 }
--- a/src/context.c
+++ b/src/context.c
@ -1,59 +1,39 @@
 /*--------------------------------------------------------------------------
- * LuaSec 0.3.1
+ * LuaSec 0.7.2
- * Copyright (C) 2006-2009 Bruno Silvestre
+ *
 * Copyright (C) 2014-2019 Kim Alvefur, Paul Aurich, Tobias Markmann, 
 *                         Matthew Wild.
 * Copyright (C) 2006-2019 Bruno Silvestre.
 *
 *--------------------------------------------------------------------------*/
 #include <string.h>
 #if defined(WIN32)
 #include <windows.h>
 #endif
 #include <openssl/ssl.h>
 #include <openssl/err.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 #include <lua.h>
 #include <lauxlib.h>
 #include "context.h"
 #include "options.h"
-struct ssl_option_s {
+#ifndef OPENSSL_NO_EC
-  const char *name;
+#include <openssl/ec.h>
-  unsigned long code;
+#include "ec.h"
-};
+#endif
-typedef struct ssl_option_s ssl_option_t;
+
-
+#if (OPENSSL_VERSION_NUMBER >= 0x1000000fL)
-
+typedef const SSL_METHOD LSEC_SSL_METHOD;
-static ssl_option_t ssl_options[] = {
+#else
-  /* OpenSSL 0.9.7 and 0.9.8 */
+typedef       SSL_METHOD LSEC_SSL_METHOD;
  {"all",                              SSL_OP_ALL},
  {"cipher_server_preference",         SSL_OP_CIPHER_SERVER_PREFERENCE},
  {"dont_insert_empty_fragments",      SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS},
  {"ephemeral_rsa",                    SSL_OP_EPHEMERAL_RSA},
  {"netscape_ca_dn_bug",               SSL_OP_NETSCAPE_CA_DN_BUG},
  {"netscape_challenge_bug",           SSL_OP_NETSCAPE_CHALLENGE_BUG},
  {"microsoft_big_sslv3_buffer",       SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER},
  {"microsoft_sess_id_bug",            SSL_OP_MICROSOFT_SESS_ID_BUG},
  {"msie_sslv2_rsa_padding",           SSL_OP_MSIE_SSLV2_RSA_PADDING},
  {"netscape_demo_cipher_change_bug",  SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG},
  {"netscape_reuse_cipher_change_bug", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG},
  {"no_session_resumption_on_renegotiation", 
      SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION},
  {"no_sslv2",                         SSL_OP_NO_SSLv2},
  {"no_sslv3",                         SSL_OP_NO_SSLv3},
  {"no_tlsv1",                         SSL_OP_NO_TLSv1},
  {"pkcs1_check_1",                    SSL_OP_PKCS1_CHECK_1},
  {"pkcs1_check_2",                    SSL_OP_PKCS1_CHECK_2},
  {"single_dh_use",                    SSL_OP_SINGLE_DH_USE},
  {"ssleay_080_client_dh_bug",         SSL_OP_SSLEAY_080_CLIENT_DH_BUG},
  {"sslref2_reuse_cert_type_bug",      SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG},
  {"tls_block_padding_bug",            SSL_OP_TLS_BLOCK_PADDING_BUG},
  {"tls_d5_bug",                       SSL_OP_TLS_D5_BUG},
  {"tls_rollback_bug",                 SSL_OP_TLS_ROLLBACK_BUG},
  /* OpenSSL 0.9.8 only */
 #if OPENSSL_VERSION_NUMBER > 0x00908000L
  {"cookie_exchange",                  SSL_OP_COOKIE_EXCHANGE},
  {"no_query_mtu",                     SSL_OP_NO_QUERY_MTU},
  {"single_ecdh_use",                  SSL_OP_SINGLE_ECDH_USE},
 #endif
  {NULL, 0L}
 };
 /*--------------------------- Auxiliary Functions ----------------------------*/
@ -65,13 +45,18 @@ static p_context checkctx(lua_State *L, int idx)
  return (p_context)luaL_checkudata(L, idx, "SSL:Context");
 }
 static p_context testctx(lua_State *L, int idx)
 {
  return (p_context)luaL_testudata(L, idx, "SSL:Context");
 }
 /**
 * Prepare the SSL options flag.
 */
 static int set_option_flag(const char *opt, unsigned long *flag)
 {
-  ssl_option_t *p;
+  lsec_ssl_option_t *p;
-  for (p = ssl_options; p->name; p++) {
+  for (p = lsec_get_ssl_options(); p->name; p++) {
    if (!strcmp(opt, p->name)) {
      *flag |= p->code;
      return 1;
@ -83,11 +68,18 @@ static int set_option_flag(const char *opt, unsigned long *flag)
 /**
 * Find the protocol.
 */
-static SSL_METHOD* str2method(const char *method)
+static LSEC_SSL_METHOD* str2method(const char *method)
 {
-  if (!strcmp(method, "sslv3"))  return SSLv3_method();
+  if (!strcmp(method, "any"))     return SSLv23_method();
-  if (!strcmp(method, "tlsv1"))  return TLSv1_method();
+  if (!strcmp(method, "sslv23"))  return SSLv23_method();  // deprecated
-  if (!strcmp(method, "sslv23")) return SSLv23_method();
+#ifndef OPENSSL_NO_SSL3
  if (!strcmp(method, "sslv3"))   return SSLv3_method();
 #endif
  if (!strcmp(method, "tlsv1"))   return TLSv1_method();
 #if (OPENSSL_VERSION_NUMBER >= 0x1000100fL)
  if (!strcmp(method, "tlsv1_1")) return TLSv1_1_method();
  if (!strcmp(method, "tlsv1_2")) return TLSv1_2_method();
 #endif
  return NULL;
 }
@ -125,17 +117,167 @@ static int passwd_cb(char *buf, int size, int flag, void *udata)
  case LUA_TFUNCTION:
    lua_pushvalue(L, 3);
    lua_call(L, 0, 1);
-    if (lua_type(L, -1) != LUA_TSTRING)
+    if (lua_type(L, -1) != LUA_TSTRING) {
       lua_pop(L, 1);  /* Remove the result from the stack */
       return 0;
    }
    /* fallback */
  case LUA_TSTRING:
    strncpy(buf, lua_tostring(L, -1), size);
    lua_pop(L, 1);  /* Remove the result from the stack */
    buf[size-1] = '\0';
    return (int)strlen(buf);
  }
  return 0;
 }
 /**
 * Add an error related to a depth certificate of the chain.
 */
 static void add_cert_error(lua_State *L, SSL *ssl, int err, int depth)
 {
  luaL_getmetatable(L, "SSL:Verify:Registry");
  lua_pushlightuserdata(L, (void*)ssl);
  lua_gettable(L, -2);
  if (lua_isnil(L, -1)) {
    lua_pop(L, 1);
    /* Create an error table for this connection */
    lua_newtable(L);
    lua_pushlightuserdata(L, (void*)ssl);
    lua_pushvalue(L, -2);  /* keep the table on stack */
    lua_settable(L, -4);
  }
  lua_rawgeti(L, -1, depth+1);
  /* If the table doesn't exist, create it */
  if (lua_isnil(L, -1)) {
    lua_pop(L, 1);               /* remove 'nil' from stack */
    lua_newtable(L);
    lua_pushvalue(L, -1);        /* keep the table on stack */
    lua_rawseti(L, -3, depth+1);
  }
  lua_pushstring(L, X509_verify_cert_error_string(err));
  lua_rawseti(L, -2, lua_rawlen(L, -2) + 1);
  /* Clear the stack */
  lua_pop(L, 3);
 }
 /**
 * Call Lua user function to get the DH key.
 */
 static DH *dhparam_cb(SSL *ssl, int is_export, int keylength)
 {
  BIO *bio;
  lua_State *L;
  DH *dh_tmp = NULL;
  SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
  p_context pctx = (p_context)SSL_CTX_get_app_data(ctx);
  L = pctx->L;
  /* Get the callback */
  luaL_getmetatable(L, "SSL:DH:Registry");
  lua_pushlightuserdata(L, (void*)ctx);
  lua_gettable(L, -2);
  /* Invoke the callback */
  lua_pushboolean(L, is_export);
  lua_pushnumber(L, keylength);
  lua_call(L, 2, 1);
  /* Load parameters from returned value */
  if (lua_type(L, -1) != LUA_TSTRING) {
    lua_pop(L, 2);  /* Remove values from stack */
    return NULL;
  }
  bio = BIO_new_mem_buf((void*)lua_tostring(L, -1), 
    lua_rawlen(L, -1));
  if (bio) {
    dh_tmp = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
    BIO_free(bio);
  }
  /*
   * OpenSSL exepcts the callback to maintain a reference to the DH*.  So,
   * cache it here, and clean up the previous set of parameters.  Any remaining
   * set is cleaned up when destroying the LuaSec context.
   */
  if (pctx->dh_param)
    DH_free(pctx->dh_param);
  pctx->dh_param = dh_tmp;
  lua_pop(L, 2);    /* Remove values from stack */
  return dh_tmp;
 }
 /**
 * Set the "ignore purpose" before to start verifing the certificate chain.
 */
 static int cert_verify_cb(X509_STORE_CTX *x509_ctx, void *ptr)
 {
  int verify;
  lua_State *L;
  SSL_CTX *ctx = (SSL_CTX*)ptr;
  p_context pctx = (p_context)SSL_CTX_get_app_data(ctx);
  L = pctx->L;
  /* Get verify flags */
  luaL_getmetatable(L, "SSL:Verify:Registry");
  lua_pushlightuserdata(L, (void*)ctx);
  lua_gettable(L, -2);
  verify = (int)lua_tonumber(L, -1);
  lua_pop(L, 2); /* Remove values from stack */
  if (verify & LSEC_VERIFY_IGNORE_PURPOSE) {
    /* Set parameters to ignore the server purpose */
    X509_VERIFY_PARAM *param = X509_STORE_CTX_get0_param(x509_ctx);
    if (param) {
      X509_VERIFY_PARAM_set_purpose(param, X509_PURPOSE_SSL_SERVER);
      X509_VERIFY_PARAM_set_trust(param, X509_TRUST_SSL_SERVER);
    }
  }
  /* Call OpenSSL standard verification function */
  return X509_verify_cert(x509_ctx);
 }
 /**
 * This callback implements the "continue on error" flag and log the errors.
 */
 static int verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
 {
  int err;
  int verify;
  SSL *ssl;
  SSL_CTX *ctx;
  p_context pctx;
  lua_State *L;
  /* Short-circuit optimization */
  if (preverify_ok)
    return 1;
  ssl = X509_STORE_CTX_get_ex_data(x509_ctx,
    SSL_get_ex_data_X509_STORE_CTX_idx());
  ctx = SSL_get_SSL_CTX(ssl);
  pctx = (p_context)SSL_CTX_get_app_data(ctx);
  L = pctx->L;
  /* Get verify flags */
  luaL_getmetatable(L, "SSL:Verify:Registry");
  lua_pushlightuserdata(L, (void*)ctx);
  lua_gettable(L, -2);
  verify = (int)lua_tonumber(L, -1);
  lua_pop(L, 2); /* Remove values from stack */
  err = X509_STORE_CTX_get_error(x509_ctx);
  if (err != X509_V_OK)
    add_cert_error(L, ssl, err, X509_STORE_CTX_get_error_depth(x509_ctx));
  return (verify & LSEC_VERIFY_CONTINUE ? 1 : preverify_ok);
 }
 /*------------------------------ Lua Functions -------------------------------*/
 /**
@ -144,12 +286,14 @@ static int passwd_cb(char *buf, int size, int flag, void *udata)
 static int create(lua_State *L)
 {
  p_context ctx;
-  SSL_METHOD *method;
+  const char *str_method;
  LSEC_SSL_METHOD *method;
-  method = str2method(luaL_checkstring(L, 1));
+  str_method = luaL_checkstring(L, 1);
  method = str2method(str_method);
  if (!method) {
    lua_pushnil(L);
-    lua_pushstring(L, "invalid protocol");
+    lua_pushfstring(L, "invalid protocol (%s)", str_method);
    return 2;
  }
  ctx = (p_context) lua_newuserdata(L, sizeof(t_context));
@ -157,18 +301,25 @@ static int create(lua_State *L)
    lua_pushnil(L);
    lua_pushstring(L, "error creating context");
    return 2;
-  }  
+  }
  memset(ctx, 0, sizeof(t_context));
  ctx->context = SSL_CTX_new(method);
  if (!ctx->context) {
    lua_pushnil(L);
-    lua_pushstring(L, "error creating context");
+    lua_pushfstring(L, "error creating context (%s)",
      ERR_reason_error_string(ERR_get_error()));
    return 2;
  }
-  ctx->mode = MD_CTX_INVALID;
+  ctx->mode = LSEC_MODE_INVALID;
-  /* No session support */
+  ctx->L = L;
  SSL_CTX_set_session_cache_mode(ctx->context, SSL_SESS_CACHE_OFF);
  luaL_getmetatable(L, "SSL:Context");
  lua_setmetatable(L, -2);
  /* No session support */
  SSL_CTX_set_session_cache_mode(ctx->context, SSL_SESS_CACHE_OFF);
  /* Link LuaSec context with the OpenSSL context */
  SSL_CTX_set_app_data(ctx->context, ctx);
  return 1;
 }
@ -177,7 +328,7 @@ static int create(lua_State *L)
 */
 static int load_locations(lua_State *L)
 {
-  SSL_CTX *ctx = ctx_getcontext(L, 1);
+  SSL_CTX *ctx = lsec_checkcontext(L, 1);
  const char *cafile = luaL_optstring(L, 2, NULL);
  const char *capath = luaL_optstring(L, 3, NULL);
  if (SSL_CTX_load_verify_locations(ctx, cafile, capath) != 1) {
@ -195,7 +346,7 @@ static int load_locations(lua_State *L)
 */
 static int load_cert(lua_State *L)
 {
-  SSL_CTX *ctx = ctx_getcontext(L, 1);
+  SSL_CTX *ctx = lsec_checkcontext(L, 1);
  const char *filename = luaL_checkstring(L, 2);
  if (SSL_CTX_use_certificate_chain_file(ctx, filename) != 1) {
    lua_pushboolean(L, 0);
@ -213,7 +364,7 @@ static int load_cert(lua_State *L)
 static int load_key(lua_State *L)
 {
  int ret = 1;
-  SSL_CTX *ctx = ctx_getcontext(L, 1);
+  SSL_CTX *ctx = lsec_checkcontext(L, 1);
  const char *filename = luaL_checkstring(L, 2);
  switch (lua_type(L, 3)) {
  case LUA_TSTRING:
@ -240,12 +391,23 @@ static int load_key(lua_State *L)
  return ret;
 }
 /**
 * Check that the certificate public key matches the private key
 */
 static int check_key(lua_State *L)
 {
  SSL_CTX *ctx = lsec_checkcontext(L, 1);
  lua_pushboolean(L, SSL_CTX_check_private_key(ctx));
  return 1;
 }
 /**
 * Set the cipher list.
 */
 static int set_cipher(lua_State *L)
 {
-  SSL_CTX *ctx = ctx_getcontext(L, 1);
+  SSL_CTX *ctx = lsec_checkcontext(L, 1);
  const char *list = luaL_checkstring(L, 2);
  if (SSL_CTX_set_cipher_list(ctx, list) != 1) {
    lua_pushboolean(L, 0);
@ -262,8 +424,8 @@ static int set_cipher(lua_State *L)
 */
 static int set_depth(lua_State *L)
 {
-  SSL_CTX *ctx = ctx_getcontext(L, 1);
+  SSL_CTX *ctx = lsec_checkcontext(L, 1);
-  SSL_CTX_set_verify_depth(ctx, luaL_checkint(L, 2));
+  SSL_CTX_set_verify_depth(ctx, (int)luaL_checkinteger(L, 2));
  lua_pushboolean(L, 1);
  return 1;
 }
@ -274,20 +436,19 @@ static int set_depth(lua_State *L)
 static int set_verify(lua_State *L)
 {
  int i;
  const char *str;
  int flag = 0;
-  SSL_CTX *ctx = ctx_getcontext(L, 1);
+  SSL_CTX *ctx = lsec_checkcontext(L, 1);
  int max = lua_gettop(L);
-  /* any flag? */
+  for (i = 2; i <= max; i++) {
-  if (max > 1) {
+    str = luaL_checkstring(L, i);
-    for (i = 2; i <= max; i++) {
+    if (!set_verify_flag(str, &flag)) {
-      if (!set_verify_flag(luaL_checkstring(L, i), &flag)) {
+      lua_pushboolean(L, 0);
-        lua_pushboolean(L, 0);
+      lua_pushfstring(L, "invalid verify option (%s)", str);
-        lua_pushstring(L, "invalid verify option");
+      return 2;
        return 2;
      }
    }
    SSL_CTX_set_verify(ctx, flag, NULL);
  }
  if (flag) SSL_CTX_set_verify(ctx, flag, NULL);
  lua_pushboolean(L, 1);
  return 1;
 }
@ -298,15 +459,23 @@ static int set_verify(lua_State *L)
 static int set_options(lua_State *L)
 {
  int i;
  const char *str;
  unsigned long flag = 0L;
-  SSL_CTX *ctx = ctx_getcontext(L, 1);
+  SSL_CTX *ctx = lsec_checkcontext(L, 1);
  int max = lua_gettop(L);
  /* any option? */
  if (max > 1) {
    for (i = 2; i <= max; i++) {
-      if (!set_option_flag(luaL_checkstring(L, i), &flag)) {
+      str = luaL_checkstring(L, i);
 #if !defined(SSL_OP_NO_COMPRESSION) && (OPENSSL_VERSION_NUMBER >= 0x0090800f) && (OPENSSL_VERSION_NUMBER < 0x1000000fL)
      /* Version 0.9.8 has a different way to disable compression */
      if (!strcmp(str, "no_compression"))
        ctx->comp_methods = NULL;
      else
 #endif
      if (!set_option_flag(str, &flag)) {
        lua_pushboolean(L, 0);
-        lua_pushstring(L, "invalid option");
+        lua_pushfstring(L, "invalid option (%s)", str);
        return 2;
      }
    }
@ -324,44 +493,123 @@ static int set_mode(lua_State *L)
  p_context ctx = checkctx(L, 1);
  const char *str = luaL_checkstring(L, 2);
  if (!strcmp("server", str)) {
-    ctx->mode = MD_CTX_SERVER;
+    ctx->mode = LSEC_MODE_SERVER;
    lua_pushboolean(L, 1);
    return 1;
  }
-  if(!strcmp("client", str)) {
+  if (!strcmp("client", str)) {
-    ctx->mode = MD_CTX_CLIENT;
+    ctx->mode = LSEC_MODE_CLIENT;
    lua_pushboolean(L, 1);
    return 1;
  }
  lua_pushboolean(L, 0);
-  lua_pushstring(L, "invalid mode");
+  lua_pushfstring(L, "invalid mode (%s)", str);
  return 1;
 }   
 /**
- * Return a pointer to SSL_CTX structure.
+ * Configure DH parameters.
 */
-static int raw_ctx(lua_State *L)
+static int set_dhparam(lua_State *L)
 {
-  p_context ctx = checkctx(L, 1);
+  SSL_CTX *ctx = lsec_checkcontext(L, 1);
-  lua_pushlightuserdata(L, (void*)ctx->context);
+  SSL_CTX_set_tmp_dh_callback(ctx, dhparam_cb);
  /* Save callback */
  luaL_getmetatable(L, "SSL:DH:Registry");
  lua_pushlightuserdata(L, (void*)ctx);
  lua_pushvalue(L, 2);
  lua_settable(L, -3);
  return 0;
 }
 #if !defined(OPENSSL_NO_EC)
 /**
 * Set elliptic curve.
 */
 static int set_curve(lua_State *L)
 {
  long ret;
  SSL_CTX *ctx = lsec_checkcontext(L, 1);
  const char *str = luaL_checkstring(L, 2);
  SSL_CTX_set_options(ctx, SSL_OP_SINGLE_ECDH_USE);
  EC_KEY *key = lsec_find_ec_key(L, str);
  if (!key) {
    lua_pushboolean(L, 0);
    lua_pushfstring(L, "elliptic curve '%s' not supported", str);
    return 2;
  }
  ret = SSL_CTX_set_tmp_ecdh(ctx, key);
  /* SSL_CTX_set_tmp_ecdh takes its own reference */
  EC_KEY_free(key);
  if (!ret) {
    lua_pushboolean(L, 0);
    lua_pushfstring(L, "error setting elliptic curve (%s)",
      ERR_reason_error_string(ERR_get_error()));
    return 2;
  }
  lua_pushboolean(L, 1);
  return 1;
 }
 #endif
 #if !defined(OPENSSL_NO_EC) && (defined(SSL_CTRL_SET_CURVES_LIST) || defined(SSL_CTX_set1_curves_list) || defined(SSL_CTRL_SET_ECDH_AUTO))
 /**
 * Set elliptic curves list.
 */
 static int set_curves_list(lua_State *L)
 {
  SSL_CTX *ctx = lsec_checkcontext(L, 1);
  const char *str = luaL_checkstring(L, 2);
  SSL_CTX_set_options(ctx, SSL_OP_SINGLE_ECDH_USE);
  if (SSL_CTX_set1_curves_list(ctx, str) != 1) {
    lua_pushboolean(L, 0);
    lua_pushfstring(L, "unknown elliptic curve in \"%s\"", str);
    return 2;
  }
 #ifdef SSL_CTRL_SET_ECDH_AUTO
  SSL_CTX_set_ecdh_auto(ctx, 1);
 #endif
  lua_pushboolean(L, 1);
  return 1;
 }
 #endif
 /**
 * Package functions
 */
 static luaL_Reg funcs[] = {
-  {"create",     create},
+  {"create",       create},
-  {"locations",  load_locations},
+  {"locations",    load_locations},
-  {"loadcert",   load_cert},
+  {"loadcert",     load_cert},
-  {"loadkey",    load_key},
+  {"loadkey",      load_key},
-  {"setcipher",  set_cipher},
+  {"checkkey",     check_key},
-  {"setdepth",   set_depth},
+  {"setcipher",    set_cipher},
-  {"setverify",  set_verify},
+  {"setdepth",     set_depth},
-  {"setoptions", set_options},
+  {"setdhparam",   set_dhparam},
-  {"setmode",    set_mode},
+  {"setverify",    set_verify},
-  {"rawcontext", raw_ctx},
+  {"setoptions",   set_options},
  {"setmode",      set_mode},
 #if !defined(OPENSSL_NO_EC)
  {"setcurve",     set_curve},
 #endif
 #if !defined(OPENSSL_NO_EC) && (defined(SSL_CTRL_SET_CURVES_LIST) || defined(SSL_CTX_set1_curves_list) || defined(SSL_CTRL_SET_ECDH_AUTO))
  {"setcurveslist", set_curves_list},
 #endif
  {NULL, NULL}
 };
@ -374,9 +622,24 @@ static int meth_destroy(lua_State *L)
 {
  p_context ctx = checkctx(L, 1);
  if (ctx->context) {
    /* Clear registries */
    luaL_getmetatable(L, "SSL:DH:Registry");
    lua_pushlightuserdata(L, (void*)ctx->context);
    lua_pushnil(L);
    lua_settable(L, -3);
    luaL_getmetatable(L, "SSL:Verify:Registry");
    lua_pushlightuserdata(L, (void*)ctx->context);
    lua_pushnil(L);
    lua_settable(L, -3);
    SSL_CTX_free(ctx->context);
    ctx->context = NULL;
  }
  if (ctx->dh_param) {
    DH_free(ctx->dh_param);
    ctx->dh_param = NULL;
  }
  return 0;
 }
@ -390,6 +653,60 @@ static int meth_tostring(lua_State *L)
  return 1;
 }
 /**
 * Set extra flags for handshake verification.
 */
 static int meth_set_verify_ext(lua_State *L)
 {
  int i;
  const char *str;
  int crl_flag = 0;
  int lsec_flag = 0;
  SSL_CTX *ctx = lsec_checkcontext(L, 1);
  int max = lua_gettop(L);
  for (i = 2; i <= max; i++) {
    str = luaL_checkstring(L, i);
    if (!strcmp(str, "lsec_continue")) {
      lsec_flag |= LSEC_VERIFY_CONTINUE;
    } else if (!strcmp(str, "lsec_ignore_purpose")) {
      lsec_flag |= LSEC_VERIFY_IGNORE_PURPOSE;
    } else if (!strcmp(str, "crl_check")) {
      crl_flag |= X509_V_FLAG_CRL_CHECK;
    } else if (!strcmp(str, "crl_check_chain")) {
      crl_flag |= X509_V_FLAG_CRL_CHECK_ALL;
    } else {
      lua_pushboolean(L, 0);
      lua_pushfstring(L, "invalid verify option (%s)", str);
      return 2;
    }
  }
  /* Set callback? */
  if (lsec_flag) {
    SSL_CTX_set_verify(ctx, SSL_CTX_get_verify_mode(ctx), verify_cb);
    SSL_CTX_set_cert_verify_callback(ctx, cert_verify_cb, (void*)ctx);
    /* Save flag */
    luaL_getmetatable(L, "SSL:Verify:Registry");
    lua_pushlightuserdata(L, (void*)ctx);
    lua_pushnumber(L, lsec_flag);
    lua_settable(L, -3);
  } else {
    SSL_CTX_set_verify(ctx, SSL_CTX_get_verify_mode(ctx), NULL);
    SSL_CTX_set_cert_verify_callback(ctx, NULL, NULL);
    /* Remove flag */
    luaL_getmetatable(L, "SSL:Verify:Registry");
    lua_pushlightuserdata(L, (void*)ctx);
    lua_pushnil(L);
    lua_settable(L, -3);
  }
  /* X509 flag */
  X509_STORE_set_flags(SSL_CTX_get_cert_store(ctx), crl_flag);
  /* Ok */
  lua_pushboolean(L, 1);
  return 1;
 }
 /**
 * Context metamethods.
 */
@ -399,36 +716,80 @@ static luaL_Reg meta[] = {
  {NULL, NULL}
 };
 /**
 * Index metamethods.
 */
 static luaL_Reg meta_index[] = {
  {"setverifyext", meth_set_verify_ext},
  {NULL, NULL}
 };
 /*----------------------------- Public Functions  ---------------------------*/
 /**
 * Retrieve the SSL context from the Lua stack.
 */
-SSL_CTX* ctx_getcontext(lua_State *L, int idx)
+SSL_CTX* lsec_checkcontext(lua_State *L, int idx)
 {
  p_context ctx = checkctx(L, idx);
  return ctx->context;
 }
 SSL_CTX* lsec_testcontext(lua_State *L, int idx)
 {
  p_context ctx = testctx(L, idx);
  return (ctx) ? ctx->context : NULL;
 }
 /**
 * Retrieve the mode from the context in the Lua stack.
 */
-char ctx_getmode(lua_State *L, int idx)
+int lsec_getmode(lua_State *L, int idx)
 {
  p_context ctx = checkctx(L, idx);
  return ctx->mode;
 }
 /*-- Compat - Lua 5.1 --*/
 #if (LUA_VERSION_NUM == 501)
 void *lsec_testudata (lua_State *L, int ud, const char *tname) {
  void *p = lua_touserdata(L, ud);
  if (p != NULL) {  /* value is a userdata? */
    if (lua_getmetatable(L, ud)) {  /* does it have a metatable? */
      luaL_getmetatable(L, tname);  /* get correct metatable */
      if (!lua_rawequal(L, -1, -2))  /* not the same? */
        p = NULL;  /* value is a userdata with wrong metatable */
      lua_pop(L, 2);  /* remove both metatables */
      return p;
    }
  }
  return NULL;  /* value is not a userdata with a metatable */
 }
 #endif
 /*------------------------------ Initialization ------------------------------*/
 /**
 * Registre the module.
 */
-int luaopen_ssl_context(lua_State *L)
+LSEC_API int luaopen_ssl_context(lua_State *L)
 {
  luaL_newmetatable(L, "SSL:DH:Registry");      /* Keep all DH callbacks */
  luaL_newmetatable(L, "SSL:Verify:Registry");  /* Keep all verify flags */
  luaL_newmetatable(L, "SSL:Context");
-  luaL_register(L, NULL, meta);
+  setfuncs(L, meta);
-  luaL_register(L, "ssl.context", funcs);
+
  /* Create __index metamethods for context */
  luaL_newlib(L, meta_index);
  lua_setfield(L, -2, "__index");
  lsec_load_curves(L);
  /* Return the module */
  luaL_newlib(L, funcs);
  return 1;
 }
--- a/src/context.h
+++ b/src/context.h
@ -1,35 +1,46 @@
-#ifndef __CONTEXT_H__
+#ifndef LSEC_CONTEXT_H
-#define __CONTEXT_H__
+#define LSEC_CONTEXT_H
 /*--------------------------------------------------------------------------
- * LuaSec 0.3.1
+ * LuaSec 0.7.2
- * Copyright (C) 2006-2009 Bruno Silvestre
+ *
 * Copyright (C) 2006-2019 Bruno Silvestre
 *
 *--------------------------------------------------------------------------*/
 #include <lua.h>
 #include <openssl/ssl.h>
-#ifndef LUASEC_API
+#include "compat.h"
 #define LUASEC_API extern
 #endif
-#define MD_CTX_INVALID 0
+#define LSEC_MODE_INVALID 0
-#define MD_CTX_SERVER 1
+#define LSEC_MODE_SERVER  1
-#define MD_CTX_CLIENT 2
+#define LSEC_MODE_CLIENT  2
 #define LSEC_VERIFY_CONTINUE        1
 #define LSEC_VERIFY_IGNORE_PURPOSE  2
 typedef struct t_context_ {
  SSL_CTX *context;
-  char mode;
+  lua_State *L;
  DH *dh_param;
  int mode;
 } t_context;
 typedef t_context* p_context;
 /* Retrieve the SSL context from the Lua stack */
-SSL_CTX *ctx_getcontext(lua_State *L, int idx);
+SSL_CTX *lsec_checkcontext(lua_State *L, int idx);
 SSL_CTX *lsec_testcontext(lua_State *L, int idx);
 /* Retrieve the mode from the context in the Lua stack */
-char ctx_getmode(lua_State *L, int idx);
+int lsec_getmode(lua_State *L, int idx);
 /* Registre the module. */
-LUASEC_API int luaopen_ssl_context(lua_State *L);
+LSEC_API int luaopen_ssl_context(lua_State *L);
 /* Compat - Lua 5.1 */
 #if (LUA_VERSION_NUM == 501)
 void *lsec_testudata (lua_State *L, int ud, const char *tname);
 #endif
 #endif
--- a/src/ec.c
+++ b/src/ec.c
@ -0,0 +1,110 @@
 #include <openssl/objects.h>
 #include "ec.h"
 #ifndef OPENSSL_NO_ECDH
 EC_KEY *lsec_find_ec_key(lua_State *L, const char *str)
 {
  int nid;
  lua_pushstring(L, "SSL:EC:CURVES");
  lua_rawget(L, LUA_REGISTRYINDEX);
  lua_pushstring(L, str);
  lua_rawget(L, -2);
  if (!lua_isnumber(L, -1))
    return NULL;
  nid = (int)lua_tonumber(L, -1);
  return EC_KEY_new_by_curve_name(nid);
 }
 void lsec_load_curves(lua_State *L)
 {
  size_t i;
  size_t size;
  const char *name;
  EC_builtin_curve *curves = NULL;
  lua_pushstring(L, "SSL:EC:CURVES");
  lua_newtable(L);
  size = EC_get_builtin_curves(NULL, 0);
  if (size > 0) {
    curves = (EC_builtin_curve*)malloc(sizeof(EC_builtin_curve) * size);
    EC_get_builtin_curves(curves, size);
    for (i = 0; i < size; i++) {
      name = OBJ_nid2sn(curves[i].nid);
      if (name != NULL) {
        lua_pushstring(L, name);
        lua_pushnumber(L, curves[i].nid);
        lua_rawset(L, -3);
      }
      switch (curves[i].nid) {
      case NID_X9_62_prime256v1:
        lua_pushstring(L, "P-256");
        lua_pushnumber(L, curves[i].nid);
        lua_rawset(L, -3);
        break;
      case NID_secp384r1:
        lua_pushstring(L, "P-384");
        lua_pushnumber(L, curves[i].nid);
        lua_rawset(L, -3);
        break;
      case NID_secp521r1:
        lua_pushstring(L, "P-521");
        lua_pushnumber(L, curves[i].nid);
        lua_rawset(L, -3);
        break;
 #ifdef NID_X25519
     case NID_X25519:
        lua_pushstring(L, "X25519");
        lua_pushnumber(L, curves[i].nid);
        lua_rawset(L, -3);
        break;
 #endif
 #ifdef NID_X448
     case NID_X448:
        lua_pushstring(L, "X448");
        lua_pushnumber(L, curves[i].nid);
        lua_rawset(L, -3);
        break;
 #endif
      }
    }
    free(curves);
  }
  lua_rawset(L,  LUA_REGISTRYINDEX);
 }
 void lsec_get_curves(lua_State *L)
 {
  lua_newtable(L);
  lua_pushstring(L, "SSL:EC:CURVES");
  lua_rawget(L, LUA_REGISTRYINDEX);
  lua_pushnil(L);
  while (lua_next(L, -2) != 0) {
    lua_pop(L, 1);
    lua_pushvalue(L, -1);
    lua_pushboolean(L, 1);
    lua_rawset(L, -5);
  }
  lua_pop(L, 1);
 }
 #else
 void lsec_load_curves(lua_State *L)
 {
  // do nothing
 }
 void lsec_get_curves(lua_State *L)
 {
  lua_newtable(L);
 }
 #endif
--- a/src/ec.h
+++ b/src/ec.h
@ -0,0 +1,22 @@
 /*--------------------------------------------------------------------------
 * LuaSec 0.7.2
 *
 * Copyright (C) 2006-2019 Bruno Silvestre
 *
 *--------------------------------------------------------------------------*/
 #ifndef LSEC_EC_H
 #define LSEC_EC_H
 #include <lua.h>
 #ifndef OPENSSL_NO_ECDH
 #include <openssl/ec.h>
 EC_KEY *lsec_find_ec_key(lua_State *L, const char *str);
 #endif
 void lsec_get_curves(lua_State *L);
 void lsec_load_curves(lua_State *L);
 #endif
--- a/src/https.lua
+++ b/src/https.lua
@ -0,0 +1,143 @@
 ----------------------------------------------------------------------------
 -- LuaSec 0.7.2
 -- Copyright (C) 2009-2019 PUC-Rio
 --
 -- Author: Pablo Musa
 -- Author: Tomas Guisasola
 ---------------------------------------------------------------------------
 local socket = require("socket")
 local ssl    = require("ssl")
 local ltn12  = require("ltn12")
 local http   = require("socket.http")
 local url    = require("socket.url")
 local try    = socket.try
 --
 -- Module
 --
 local _M = {
  _VERSION   = "0.7.2",
  _COPYRIGHT = "LuaSec 0.7.2 - Copyright (C) 2009-2019 PUC-Rio",
  PORT       = 443,
 }
 -- TLS configuration
 local cfg = {
  protocol = "any",
  options  = {"all", "no_sslv2", "no_sslv3"},
  verify   = "none",
 }
 --------------------------------------------------------------------
 -- Auxiliar Functions
 --------------------------------------------------------------------
 -- Insert default HTTPS port.
 local function default_https_port(u)
   return url.build(url.parse(u, {port = _M.PORT}))
 end
 -- Convert an URL to a table according to Luasocket needs.
 local function urlstring_totable(url, body, result_table)
   url = {
      url = default_https_port(url),
      method = body and "POST" or "GET",
      sink = ltn12.sink.table(result_table)
   }
   if body then
      url.source = ltn12.source.string(body)
      url.headers = {
         ["content-length"] = #body,
         ["content-type"] = "application/x-www-form-urlencoded",
      }
   end
   return url
 end
 -- Forward calls to the real connection object.
 local function reg(conn)
   local mt = getmetatable(conn.sock).__index
   for name, method in pairs(mt) do
      if type(method) == "function" then
         conn[name] = function (self, ...)
                         return method(self.sock, ...)
                      end
      end
   end
 end
 -- Return a function which performs the SSL/TLS connection.
 local function tcp(params)
   params = params or {}
   -- Default settings
   for k, v in pairs(cfg) do 
      params[k] = params[k] or v
   end
   -- Force client mode
   params.mode = "client"
   -- 'create' function for LuaSocket
   return function ()
      local conn = {}
      conn.sock = try(socket.tcp())
      local st = getmetatable(conn.sock).__index.settimeout
      function conn:settimeout(...)
         return st(self.sock, ...)
      end
      -- Replace TCP's connection function
      function conn:connect(host, port)
         try(self.sock:connect(host, port))
         self.sock = try(ssl.wrap(self.sock, params))
         self.sock:sni(host)
         try(self.sock:dohandshake())
         reg(self, getmetatable(self.sock))
         return 1
      end
      return conn
  end
 end
 --------------------------------------------------------------------
 -- Main Function
 --------------------------------------------------------------------
 -- Make a HTTP request over secure connection.  This function receives
 --  the same parameters of LuaSocket's HTTP module (except 'proxy' and
 --  'redirect') plus LuaSec parameters.
 --
 -- @param url mandatory (string or table)
 -- @param body optional (string)
 -- @return (string if url == string or 1), code, headers, status
 --
 local function request(url, body)
  local result_table = {}
  local stringrequest = type(url) == "string"
  if stringrequest then
    url = urlstring_totable(url, body, result_table)
  else
    url.url = default_https_port(url.url)
  end
  if http.PROXY or url.proxy then
    return nil, "proxy not supported"
  elseif url.redirect then
    return nil, "redirect not supported"
  elseif url.create then
    return nil, "create function not permitted"
  end
  -- New 'create' function to establish a secure connection
  url.create = tcp(url)
  local res, code, headers, status = http.request(url)
  if res and stringrequest then
    return table.concat(result_table), code, headers, status
  end
  return res, code, headers, status
 end
 --------------------------------------------------------------------------------
 -- Export module
 --
 _M.request = request
 return _M
--- a/src/luasocket/LICENSE
+++ b/src/luasocket/LICENSE
@ -0,0 +1,21 @@
 LuaSocket 3.0-RC1 license
 Copyright (C) 2004-2013 Diego Nehab
 Permission is hereby granted, free  of charge, to any person obtaining
 a  copy  of this  software  and  associated documentation  files  (the
 "Software"), to  deal in  the Software without  restriction, including
 without limitation  the rights to  use, copy, modify,  merge, publish,
 distribute, sublicense,  and/or sell  copies of  the Software,  and to
 permit persons to whom the Software  is furnished to do so, subject to
 the following conditions:
 The  above  copyright  notice  and this  permission  notice  shall  be
 included in all copies or substantial portions of the Software.
 THE  SOFTWARE IS  PROVIDED  "AS  IS", WITHOUT  WARRANTY  OF ANY  KIND,
 EXPRESS OR  IMPLIED, INCLUDING  BUT NOT LIMITED  TO THE  WARRANTIES OF
 MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
 IN NO EVENT  SHALL THE AUTHORS OR COPYRIGHT HOLDERS  BE LIABLE FOR ANY
 CLAIM, DAMAGES OR  OTHER LIABILITY, WHETHER IN AN  ACTION OF CONTRACT,
 TORT OR  OTHERWISE, ARISING  FROM, OUT  OF OR  IN CONNECTION  WITH THE
 SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
--- a/src/luasocket/Makefile
+++ b/src/luasocket/Makefile
@ -0,0 +1,26 @@
 OBJS= \
 io.o \
 buffer.o \
 timeout.o \
 usocket.o
 CC	?= cc
 CFLAGS	+= $(MYCFLAGS) -DLUASOCKET_DEBUG
 AR	?= ar
 RANLIB	?= ranlib
 .PHONY: all clean
 all: libluasocket.a
 libluasocket.a: $(OBJS)
 	$(AR) rcu $@ $(OBJS)
 	$(RANLIB) $@
 clean:
 	rm -f $(OBJS) libluasocket.a
 buffer.o: buffer.c buffer.h io.h timeout.h
 io.o: io.c io.h timeout.h
 timeout.o: timeout.c timeout.h
 usocket.o: usocket.c socket.h io.h timeout.h usocket.h
--- a/src/luasocket/buffer.c
+++ b/src/luasocket/buffer.c
@ -1,10 +1,6 @@
 /*=========================================================================*\
 * LuaSocket 2.0.2
 * Copyright (C) 2004-2007 Diego Nehab
 *
 * Input/Output interface for Lua programs
-*
+* LuaSocket toolkit
 * RCS ID: $Id: buffer.c,v 1.28 2007/06/11 23:44:54 diego Exp $
 \*=========================================================================*/
 #include "lua.h"
 #include "lauxlib.h"
@ -32,6 +28,14 @@ static int sendraw(p_buffer buf, const char *data, size_t count, size_t *sent);
 /*=========================================================================*\
 * Exported functions
 \*=========================================================================*/
 /*-------------------------------------------------------------------------*\
 * Initializes module
 \*-------------------------------------------------------------------------*/
 int buffer_open(lua_State *L) {
    (void) L;
    return 0;
 }
 /*-------------------------------------------------------------------------*\
 * Initializes C structure 
 \*-------------------------------------------------------------------------*/
@ -39,6 +43,29 @@ void buffer_init(p_buffer buf, p_io io, p_timeout tm) {
    buf->first = buf->last = 0;
    buf->io = io;
    buf->tm = tm;
    buf->received = buf->sent = 0;
    buf->birthday = timeout_gettime();
 }
 /*-------------------------------------------------------------------------*\
 * object:getstats() interface
 \*-------------------------------------------------------------------------*/
 int buffer_meth_getstats(lua_State *L, p_buffer buf) {
    lua_pushnumber(L, (lua_Number) buf->received);
    lua_pushnumber(L, (lua_Number) buf->sent);
    lua_pushnumber(L, timeout_gettime() - buf->birthday);
    return 3;
 }
 /*-------------------------------------------------------------------------*\
 * object:setstats() interface
 \*-------------------------------------------------------------------------*/
 int buffer_meth_setstats(lua_State *L, p_buffer buf) {
    buf->received = (long) luaL_optnumber(L, 2, (lua_Number) buf->received); 
    buf->sent = (long) luaL_optnumber(L, 3, (lua_Number) buf->sent); 
    if (lua_isnumber(L, 4)) buf->birthday = timeout_gettime() - lua_tonumber(L, 4);
    lua_pushnumber(L, 1);
    return 1;
 }
 /*-------------------------------------------------------------------------*\
@ -51,7 +78,9 @@ int buffer_meth_send(lua_State *L, p_buffer buf) {
    const char *data = luaL_checklstring(L, 2, &size);
    long start = (long) luaL_optnumber(L, 3, 1);
    long end = (long) luaL_optnumber(L, 4, -1);
 #ifdef LUASOCKET_DEBUG
    p_timeout tm = timeout_markstart(buf->tm);
 #endif
    if (start < 0) start = (long) (size+start+1);
    if (end < 0) end = (long) (size+end+1);
    if (start < 1) start = (long) 1;
@ -61,13 +90,13 @@ int buffer_meth_send(lua_State *L, p_buffer buf) {
    if (err != IO_DONE) {
        lua_pushnil(L);
        lua_pushstring(L, buf->io->error(buf->io->ctx, err)); 
-        lua_pushnumber(L, sent+start-1);
+        lua_pushnumber(L, (lua_Number) (sent+start-1));
    } else {
-        lua_pushnumber(L, sent+start-1);
+        lua_pushnumber(L, (lua_Number) (sent+start-1));
        lua_pushnil(L);
        lua_pushnil(L);
    }
-#ifdef BUFFER_DEBUG
+#ifdef LUASOCKET_DEBUG
    /* push time elapsed during operation as the last return value */
    lua_pushnumber(L, timeout_gettime() - timeout_getstart(tm));
 #endif
@ -82,7 +111,9 @@ int buffer_meth_receive(lua_State *L, p_buffer buf) {
    luaL_Buffer b;
    size_t size;
    const char *part = luaL_optlstring(L, 3, "", &size);
 #ifdef LUASOCKET_DEBUG
    p_timeout tm = timeout_markstart(buf->tm);
 #endif
    /* initialize buffer with optional extra prefix 
     * (useful for concatenating previous partial results) */
    luaL_buffinit(L, &b);
@ -93,12 +124,18 @@ int buffer_meth_receive(lua_State *L, p_buffer buf) {
        if (p[0] == '*' && p[1] == 'l') err = recvline(buf, &b);
        else if (p[0] == '*' && p[1] == 'a') err = recvall(buf, &b); 
        else luaL_argcheck(L, 0, 2, "invalid receive pattern");
-        /* get a fixed number of bytes (minus what was already partially 
+    /* get a fixed number of bytes (minus what was already partially 
-         * received) */
+     * received) */
-    } else err = recvraw(buf, (size_t) lua_tonumber(L, 2)-size, &b);
+    } else {
        double n = lua_tonumber(L, 2); 
        size_t wanted = (size_t) n;
        luaL_argcheck(L, n >= 0, 2, "invalid receive pattern");
        if (size == 0 || wanted > size)
            err = recvraw(buf, wanted-size, &b);
    }
    /* check if there was an error */
    if (err != IO_DONE) {
-        /* we can't push anyting in the stack before pushing the
+        /* we can't push anything in the stack before pushing the
         * contents of the buffer. this is the reason for the complication */
        luaL_pushresult(&b);
        lua_pushstring(L, buf->io->error(buf->io->ctx, err)); 
@ -110,7 +147,7 @@ int buffer_meth_receive(lua_State *L, p_buffer buf) {
        lua_pushnil(L);
        lua_pushnil(L);
    }
-#ifdef BUFFER_DEBUG 
+#ifdef LUASOCKET_DEBUG
    /* push time elapsed during operation as the last return value */
    lua_pushnumber(L, timeout_gettime() - timeout_getstart(tm));
 #endif
@ -137,12 +174,13 @@ static int sendraw(p_buffer buf, const char *data, size_t count, size_t *sent) {
    size_t total = 0;
    int err = IO_DONE;
    while (total < count && err == IO_DONE) {
-        size_t done;
+        size_t done = 0;
        size_t step = (count-total <= STEPSIZE)? count-total: STEPSIZE;
        err = io->send(io->ctx, data+total, step, &done, tm);
        total += done;
    }
    *sent = total;
    buf->sent += total;
    return err;
 }
@ -195,7 +233,7 @@ static int recvline(p_buffer buf, luaL_Buffer *b) {
        pos = 0;
        while (pos < count && data[pos] != '\n') {
            /* we ignore all \r's */
-            if (data[pos] != '\r') luaL_putchar(b, data[pos]);
+            if (data[pos] != '\r') luaL_addchar(b, data[pos]);
            pos++;
        }
        if (pos < count) { /* found '\n' */
@ -212,6 +250,7 @@ static int recvline(p_buffer buf, luaL_Buffer *b) {
 * transport layer
 \*-------------------------------------------------------------------------*/
 static void buffer_skip(p_buffer buf, size_t count) {
    buf->received += count;
    buf->first += count;
    if (buffer_isempty(buf)) 
        buf->first = buf->last = 0;
--- a/src/luasocket/buffer.h
+++ b/src/luasocket/buffer.h
@ -1,10 +1,8 @@
 #ifndef BUF_H
 #define BUF_H 
 /*=========================================================================*\
 * LuaSocket 2.0.2
 * Copyright (C) 2004-2007 Diego Nehab
 *
 * Input/Output interface for Lua programs
 * LuaSocket toolkit
 *
 * Line patterns require buffering. Reading one character at a time involves
 * too many system calls and is very slow. This module implements the
@ -16,11 +14,8 @@
 *
 * The module is built on top of the I/O abstraction defined in io.h and the
 * timeout management is done with the timeout.h interface.
 *
 *
 * RCS ID: $Id: buffer.h,v 1.12 2005/10/07 04:40:59 diego Exp $
 \*=========================================================================*/
-#include <lua.h>
+#include "lua.h"
 #include "io.h"
 #include "timeout.h"
@ -30,6 +25,8 @@
 /* buffer control structure */
 typedef struct t_buffer_ {
    double birthday;        /* throttle support info: creation time, */
    size_t sent, received;  /* bytes sent, and bytes received */
    p_io io;                /* IO driver used for this buffer */
    p_timeout tm;           /* timeout management for this buffer */
    size_t first, last;     /* index of first and last bytes of stored data */
@ -37,9 +34,12 @@ typedef struct t_buffer_ {
 } t_buffer;
 typedef t_buffer *p_buffer;
 int buffer_open(lua_State *L);
 void buffer_init(p_buffer buf, p_io io, p_timeout tm);
 int buffer_meth_send(lua_State *L, p_buffer buf);
 int buffer_meth_receive(lua_State *L, p_buffer buf);
 int buffer_meth_getstats(lua_State *L, p_buffer buf);
 int buffer_meth_setstats(lua_State *L, p_buffer buf);
 int buffer_isempty(p_buffer buf);
 #endif /* BUF_H */
--- a/src/luasocket/io.c
+++ b/src/luasocket/io.c
@ -1,10 +1,6 @@
 /*=========================================================================*\
 * LuaSocket 2.0.2
 * Copyright (C) 2004-2007 Diego Nehab
 * 
 * Input/Output abstraction
-*
+* LuaSocket toolkit
 * RCS ID: $Id: io.c 2 2006-04-30 19:30:47Z brunoos $
 \*=========================================================================*/
 #include "io.h"
--- a/src/luasocket/io.h
+++ b/src/luasocket/io.h
@ -1,10 +1,8 @@
 #ifndef IO_H
 #define IO_H
 /*=========================================================================*\
 * LuaSocket 2.0.2
 * Copyright (C) 2004-2007 Diego Nehab
 *
 * Input/Output abstraction
 * LuaSocket toolkit
 *
 * This module defines the interface that LuaSocket expects from the
 * transport layer for streamed input/output. The idea is that if any
@ -13,21 +11,18 @@
 *
 * The module socket.h implements this interface, and thus the module tcp.h
 * is very simple.
 *
 * RCS ID: $Id: io.h 6 2006-04-30 20:33:05Z brunoos $
 \*=========================================================================*/
 #include <stdio.h>
-#include <lua.h>
+#include "lua.h"
 #include "timeout.h"
 /* IO error codes */
 enum {
-    IO_DONE = 0,      /* operation completed successfully */
+    IO_DONE = 0,        /* operation completed successfully */
-    IO_TIMEOUT = -1,  /* operation timed out */
+    IO_TIMEOUT = -1,    /* operation timed out */
-    IO_CLOSED = -2,   /* the connection has been closed */
+    IO_CLOSED = -2,     /* the connection has been closed */
-    IO_UNKNOWN = -3,  /* Unknown error */
+	IO_UNKNOWN = -3     
    IO_SSL = -4       /* SSL error */
 };
 /* interface to error message function */
@ -48,7 +43,7 @@ typedef int (*p_send) (
 /* interface to recv function */
 typedef int (*p_recv) (
    void *ctx,          /* context needed by recv */
-    char *data,         /* pointer to buffer where data will be writen */
+    char *data,         /* pointer to buffer where data will be written */
    size_t count,       /* number of bytes to receive into buffer */
    size_t *got,        /* number of bytes received uppon return */
    p_timeout tm        /* timeout control */
--- a/src/luasocket/socket.h
+++ b/src/luasocket/socket.h
@ -1,17 +1,13 @@
 #ifndef SOCKET_H
 #define SOCKET_H
 /*=========================================================================*\
 * LuaSocket 2.0.2
 * Copyright (C) 2004-2007 Diego Nehab
 *
 * Socket compatibilization module
 * LuaSocket toolkit
 *
 * BSD Sockets and WinSock are similar, but there are a few irritating
 * differences. Also, not all *nix platforms behave the same. This module
 * (and the associated usocket.h and wsocket.h) factor these differences and
 * creates a interface compatible with the io.h module.
 *
 * RCS ID: $Id: socket.h 2 2006-04-30 19:30:47Z brunoos $
 \*=========================================================================*/
 #include "io.h"
@ -32,16 +28,51 @@
 \*=========================================================================*/
 #include "timeout.h"
 /* we are lazy... */
 typedef struct sockaddr SA;
 /*=========================================================================*\
-* Functions bellow implement a comfortable platform independent 
+* Functions below implement a comfortable platform independent 
 * interface to sockets
 \*=========================================================================*/
 int socket_open(void);
 int socket_close(void);
 void socket_destroy(p_socket ps);
 void socket_shutdown(p_socket ps, int how); 
 int socket_sendto(p_socket ps, const char *data, size_t count, 
        size_t *sent, SA *addr, socklen_t addr_len, p_timeout tm);
 int socket_recvfrom(p_socket ps, char *data, size_t count, 
        size_t *got, SA *addr, socklen_t *addr_len, p_timeout tm);
 void socket_setnonblocking(p_socket ps);
 void socket_setblocking(p_socket ps);
 int socket_waitfd(p_socket ps, int sw, p_timeout tm);
 int socket_select(t_socket n, fd_set *rfds, fd_set *wfds, fd_set *efds, 
        p_timeout tm);
 int socket_connect(p_socket ps, SA *addr, socklen_t addr_len, p_timeout tm); 
 int socket_create(p_socket ps, int domain, int type, int protocol);
 int socket_bind(p_socket ps, SA *addr, socklen_t addr_len); 
 int socket_listen(p_socket ps, int backlog);
 int socket_accept(p_socket ps, p_socket pa, SA *addr, 
        socklen_t *addr_len, p_timeout tm);
 const char *socket_hoststrerror(int err);
 const char *socket_gaistrerror(int err);
 const char *socket_strerror(int err);
 /* these are perfect to use with the io abstraction module 
   and the buffered input module */
 int socket_send(p_socket ps, const char *data, size_t count, 
        size_t *sent, p_timeout tm);
 int socket_recv(p_socket ps, char *data, size_t count, size_t *got, p_timeout tm);
 int socket_write(p_socket ps, const char *data, size_t count, 
        size_t *sent, p_timeout tm);
 int socket_read(p_socket ps, char *data, size_t count, size_t *got, p_timeout tm);
 const char *socket_ioerror(p_socket ps, int err);
 int socket_gethostbyaddr(const char *addr, socklen_t len, struct hostent **hp);
 int socket_gethostbyname(const char *addr, struct hostent **hp);
 #endif /* SOCKET_H */
--- a/src/luasocket/timeout.c
+++ b/src/luasocket/timeout.c
@ -1,12 +1,15 @@
 /*=========================================================================*\
 * LuaSocket 2.0.2
 * Copyright (C) 2004-2007 Diego Nehab
 *
 * Timeout management functions
-*
+* LuaSocket toolkit
 * RCS ID: $Id: timeout.c,v 1.30 2005/10/07 04:40:59 diego Exp $
 \*=========================================================================*/
 #include <stdio.h>
 #include <limits.h>
 #include <float.h>
 #include "lua.h"
 #include "lauxlib.h"
 #include "timeout.h"
 #ifdef _WIN32
 #include <windows.h>
@ -15,11 +18,6 @@
 #include <sys/time.h>
 #endif
 #include <lua.h>
 #include <lauxlib.h>
 #include "timeout.h"
 /* min and max macros */
 #ifndef MIN
 #define MIN(x, y) ((x) < (y) ? x : y)
@ -28,6 +26,18 @@
 #define MAX(x, y) ((x) > (y) ? x : y)
 #endif
 /*=========================================================================*\
 * Internal function prototypes
 \*=========================================================================*/
 static int timeout_lua_gettime(lua_State *L);
 static int timeout_lua_sleep(lua_State *L);
 static luaL_Reg func[] = {
    { "gettime", timeout_lua_gettime },
    { "sleep", timeout_lua_sleep },
    { NULL, NULL }
 };
 /*=========================================================================*\
 * Exported functions.
 \*=========================================================================*/
@ -129,6 +139,18 @@ double timeout_gettime(void) {
 }
 #endif
 /*-------------------------------------------------------------------------*\
 * Initializes module
 \*-------------------------------------------------------------------------*/
 int timeout_open(lua_State *L) {
 #if LUA_VERSION_NUM > 501 && !defined(LUA_COMPAT_MODULE)
    luaL_setfuncs(L, func, 0);
 #else
    luaL_openlib(L, NULL, func, 0);
 #endif
    return 0;
 }
 /*-------------------------------------------------------------------------*\
 * Sets timeout values for IO operations
 * Lua Input: base, time [, mode]
@ -153,3 +175,46 @@ int timeout_meth_settimeout(lua_State *L, p_timeout tm) {
    return 1;
 }
 /*=========================================================================*\
 * Test support functions
 \*=========================================================================*/
 /*-------------------------------------------------------------------------*\
 * Returns the time the system has been up, in secconds.
 \*-------------------------------------------------------------------------*/
 static int timeout_lua_gettime(lua_State *L)
 {
    lua_pushnumber(L, timeout_gettime());
    return 1;
 }
 /*-------------------------------------------------------------------------*\
 * Sleep for n seconds.
 \*-------------------------------------------------------------------------*/
 #ifdef _WIN32
 int timeout_lua_sleep(lua_State *L)
 {
    double n = luaL_checknumber(L, 1);
    if (n < 0.0) n = 0.0;
    if (n < DBL_MAX/1000.0) n *= 1000.0;
    if (n > INT_MAX) n = INT_MAX;
    Sleep((int)n);
    return 0;
 }
 #else
 int timeout_lua_sleep(lua_State *L)
 {
    double n = luaL_checknumber(L, 1);
    struct timespec t, r;
    if (n < 0.0) n = 0.0;
    if (n > INT_MAX) n = INT_MAX;
    t.tv_sec = (int) n;
    n -= t.tv_sec;
    t.tv_nsec = (int) (n * 1000000000);
    if (t.tv_nsec >= 1000000000) t.tv_nsec = 999999999;
    while (nanosleep(&t, &r) != 0) {
        t.tv_sec = r.tv_sec;
        t.tv_nsec = r.tv_nsec;
    }
    return 0;
 }
 #endif
--- a/src/luasocket/timeout.h
+++ b/src/luasocket/timeout.h
@ -1,19 +1,15 @@
 #ifndef TIMEOUT_H
 #define TIMEOUT_H
 /*=========================================================================*\
 * LuaSocket 2.0.2
 * Copyright (C) 2004-2007 Diego Nehab
 *
 * Timeout management functions
-*
+* LuaSocket toolkit
 * RCS ID: $Id: timeout.h 2 2006-04-30 19:30:47Z brunoos $
 \*=========================================================================*/
-#include <lua.h>
+#include "lua.h"
 /* timeout control structure */
 typedef struct t_timeout_ {
    double block;          /* maximum time for blocking calls */
-    double total;          /* total number of miliseconds for operation */
+    double total;          /* total number of milliseconds for operation */
    double start;          /* time of start of operation */
 } t_timeout;
 typedef t_timeout *p_timeout;
--- a/src/luasocket/usocket.c
+++ b/src/luasocket/usocket.c
@ -0,0 +1,439 @@
 /*=========================================================================*\
 * Socket compatibilization module for Unix
 * LuaSocket toolkit
 *
 * The code is now interrupt-safe.
 * The penalty of calling select to avoid busy-wait is only paid when
 * the I/O call fail in the first place. 
 \*=========================================================================*/
 #include <string.h> 
 #include <signal.h>
 #include "socket.h"
 /*-------------------------------------------------------------------------*\
 * Wait for readable/writable/connected socket with timeout
 \*-------------------------------------------------------------------------*/
 #ifndef SOCKET_SELECT
 int socket_waitfd(p_socket ps, int sw, p_timeout tm) {
    int ret;
    struct pollfd pfd;
    pfd.fd = *ps;
    pfd.events = sw;
    pfd.revents = 0;
    if (timeout_iszero(tm)) return IO_TIMEOUT;  /* optimize timeout == 0 case */
    do {
        int t = (int)(timeout_getretry(tm)*1e3);
        ret = poll(&pfd, 1, t >= 0? t: -1);
    } while (ret == -1 && errno == EINTR);
    if (ret == -1) return errno;
    if (ret == 0) return IO_TIMEOUT;
    if (sw == WAITFD_C && (pfd.revents & (POLLIN|POLLERR))) return IO_CLOSED;
    return IO_DONE;
 }
 #else
 int socket_waitfd(p_socket ps, int sw, p_timeout tm) {
    int ret;
    fd_set rfds, wfds, *rp, *wp;
    struct timeval tv, *tp;
    double t;
    if (*ps >= FD_SETSIZE) return EINVAL;
    if (timeout_iszero(tm)) return IO_TIMEOUT;  /* optimize timeout == 0 case */
    do {
        /* must set bits within loop, because select may have modified them */
        rp = wp = NULL;
        if (sw & WAITFD_R) { FD_ZERO(&rfds); FD_SET(*ps, &rfds); rp = &rfds; }
        if (sw & WAITFD_W) { FD_ZERO(&wfds); FD_SET(*ps, &wfds); wp = &wfds; }
        t = timeout_getretry(tm);
        tp = NULL;
        if (t >= 0.0) {
            tv.tv_sec = (int)t;
            tv.tv_usec = (int)((t-tv.tv_sec)*1.0e6);
            tp = &tv;
        }
        ret = select(*ps+1, rp, wp, NULL, tp);
    } while (ret == -1 && errno == EINTR);
    if (ret == -1) return errno;
    if (ret == 0) return IO_TIMEOUT;
    if (sw == WAITFD_C && FD_ISSET(*ps, &rfds)) return IO_CLOSED;
    return IO_DONE;
 }
 #endif
 /*-------------------------------------------------------------------------*\
 * Initializes module 
 \*-------------------------------------------------------------------------*/
 int socket_open(void) {
    /* instals a handler to ignore sigpipe or it will crash us */
    signal(SIGPIPE, SIG_IGN);
    return 1;
 }
 /*-------------------------------------------------------------------------*\
 * Close module 
 \*-------------------------------------------------------------------------*/
 int socket_close(void) {
    return 1;
 }
 /*-------------------------------------------------------------------------*\
 * Close and inutilize socket
 \*-------------------------------------------------------------------------*/
 void socket_destroy(p_socket ps) {
    if (*ps != SOCKET_INVALID) {
        socket_setblocking(ps);
        close(*ps);
        *ps = SOCKET_INVALID;
    }
 }
 /*-------------------------------------------------------------------------*\
 * Select with timeout control
 \*-------------------------------------------------------------------------*/
 int socket_select(t_socket n, fd_set *rfds, fd_set *wfds, fd_set *efds, 
        p_timeout tm) {
    int ret;
    do {
        struct timeval tv;
        double t = timeout_getretry(tm);
        tv.tv_sec = (int) t;
        tv.tv_usec = (int) ((t - tv.tv_sec) * 1.0e6);
        /* timeout = 0 means no wait */
        ret = select(n, rfds, wfds, efds, t >= 0.0 ? &tv: NULL);
    } while (ret < 0 && errno == EINTR);
    return ret;
 }
 /*-------------------------------------------------------------------------*\
 * Creates and sets up a socket
 \*-------------------------------------------------------------------------*/
 int socket_create(p_socket ps, int domain, int type, int protocol) {
    *ps = socket(domain, type, protocol);
    if (*ps != SOCKET_INVALID) return IO_DONE; 
    else return errno; 
 }
 /*-------------------------------------------------------------------------*\
 * Binds or returns error message
 \*-------------------------------------------------------------------------*/
 int socket_bind(p_socket ps, SA *addr, socklen_t len) {
    int err = IO_DONE;
    socket_setblocking(ps);
    if (bind(*ps, addr, len) < 0) err = errno; 
    socket_setnonblocking(ps);
    return err;
 }
 /*-------------------------------------------------------------------------*\
 * 
 \*-------------------------------------------------------------------------*/
 int socket_listen(p_socket ps, int backlog) {
    int err = IO_DONE; 
    socket_setblocking(ps);
    if (listen(*ps, backlog)) err = errno; 
    socket_setnonblocking(ps);
    return err;
 }
 /*-------------------------------------------------------------------------*\
 * 
 \*-------------------------------------------------------------------------*/
 void socket_shutdown(p_socket ps, int how) {
    socket_setblocking(ps);
    shutdown(*ps, how);
    socket_setnonblocking(ps);
 }
 /*-------------------------------------------------------------------------*\
 * Connects or returns error message
 \*-------------------------------------------------------------------------*/
 int socket_connect(p_socket ps, SA *addr, socklen_t len, p_timeout tm) {
    int err;
    /* avoid calling on closed sockets */
    if (*ps == SOCKET_INVALID) return IO_CLOSED;
    /* call connect until done or failed without being interrupted */
    do if (connect(*ps, addr, len) == 0) return IO_DONE;
    while ((err = errno) == EINTR);
    /* if connection failed immediately, return error code */
    if (err != EINPROGRESS && err != EAGAIN) return err; 
    /* zero timeout case optimization */
    if (timeout_iszero(tm)) return IO_TIMEOUT;
    /* wait until we have the result of the connection attempt or timeout */
    err = socket_waitfd(ps, WAITFD_C, tm);
    if (err == IO_CLOSED) {
        if (recv(*ps, (char *) &err, 0, 0) == 0) return IO_DONE;
        else return errno;
    } else return err;
 }
 /*-------------------------------------------------------------------------*\
 * Accept with timeout
 \*-------------------------------------------------------------------------*/
 int socket_accept(p_socket ps, p_socket pa, SA *addr, socklen_t *len, p_timeout tm) {
    if (*ps == SOCKET_INVALID) return IO_CLOSED; 
    for ( ;; ) {
        int err;
        if ((*pa = accept(*ps, addr, len)) != SOCKET_INVALID) return IO_DONE;
        err = errno;
        if (err == EINTR) continue;
        if (err != EAGAIN && err != ECONNABORTED) return err;
        if ((err = socket_waitfd(ps, WAITFD_R, tm)) != IO_DONE) return err;
    }
    /* can't reach here */
    return IO_UNKNOWN;
 }
 /*-------------------------------------------------------------------------*\
 * Send with timeout
 \*-------------------------------------------------------------------------*/
 int socket_send(p_socket ps, const char *data, size_t count, 
        size_t *sent, p_timeout tm)
 {
    int err;
    *sent = 0;
    /* avoid making system calls on closed sockets */
    if (*ps == SOCKET_INVALID) return IO_CLOSED;
    /* loop until we send something or we give up on error */
    for ( ;; ) {
        long put = (long) send(*ps, data, count, 0);
        /* if we sent anything, we are done */
        if (put >= 0) {
            *sent = put;
            return IO_DONE;
        }
        err = errno;
        /* EPIPE means the connection was closed */
        if (err == EPIPE) return IO_CLOSED;
        /* we call was interrupted, just try again */
        if (err == EINTR) continue;
        /* if failed fatal reason, report error */
        if (err != EAGAIN) return err;
        /* wait until we can send something or we timeout */
        if ((err = socket_waitfd(ps, WAITFD_W, tm)) != IO_DONE) return err;
    }
    /* can't reach here */
    return IO_UNKNOWN;
 }
 /*-------------------------------------------------------------------------*\
 * Sendto with timeout
 \*-------------------------------------------------------------------------*/
 int socket_sendto(p_socket ps, const char *data, size_t count, size_t *sent, 
        SA *addr, socklen_t len, p_timeout tm)
 {
    int err;
    *sent = 0;
    if (*ps == SOCKET_INVALID) return IO_CLOSED;
    for ( ;; ) {
        long put = (long) sendto(*ps, data, count, 0, addr, len);  
        if (put >= 0) {
            *sent = put;
            return IO_DONE;
        }
        err = errno;
        if (err == EPIPE) return IO_CLOSED;
        if (err == EINTR) continue;
        if (err != EAGAIN) return err;
        if ((err = socket_waitfd(ps, WAITFD_W, tm)) != IO_DONE) return err;
    }
    return IO_UNKNOWN;
 }
 /*-------------------------------------------------------------------------*\
 * Receive with timeout
 \*-------------------------------------------------------------------------*/
 int socket_recv(p_socket ps, char *data, size_t count, size_t *got, p_timeout tm) {
    int err;
    *got = 0;
    if (*ps == SOCKET_INVALID) return IO_CLOSED;
    for ( ;; ) {
        long taken = (long) recv(*ps, data, count, 0);
        if (taken > 0) {
            *got = taken;
            return IO_DONE;
        }
        err = errno;
        if (taken == 0) return IO_CLOSED;
        if (err == EINTR) continue;
        if (err != EAGAIN) return err; 
        if ((err = socket_waitfd(ps, WAITFD_R, tm)) != IO_DONE) return err; 
    }
    return IO_UNKNOWN;
 }
 /*-------------------------------------------------------------------------*\
 * Recvfrom with timeout
 \*-------------------------------------------------------------------------*/
 int socket_recvfrom(p_socket ps, char *data, size_t count, size_t *got, 
        SA *addr, socklen_t *len, p_timeout tm) {
    int err;
    *got = 0;
    if (*ps == SOCKET_INVALID) return IO_CLOSED;
    for ( ;; ) {
        long taken = (long) recvfrom(*ps, data, count, 0, addr, len);
        if (taken > 0) {
            *got = taken;
            return IO_DONE;
        }
        err = errno;
        if (taken == 0) return IO_CLOSED;
        if (err == EINTR) continue;
        if (err != EAGAIN) return err; 
        if ((err = socket_waitfd(ps, WAITFD_R, tm)) != IO_DONE) return err; 
    }
    return IO_UNKNOWN;
 }
 /*-------------------------------------------------------------------------*\
 * Write with timeout
 *
 * socket_read and socket_write are cut-n-paste of socket_send and socket_recv,
 * with send/recv replaced with write/read. We can't just use write/read
 * in the socket version, because behaviour when size is zero is different.
 \*-------------------------------------------------------------------------*/
 int socket_write(p_socket ps, const char *data, size_t count, 
        size_t *sent, p_timeout tm)
 {
    int err;
    *sent = 0;
    /* avoid making system calls on closed sockets */
    if (*ps == SOCKET_INVALID) return IO_CLOSED;
    /* loop until we send something or we give up on error */
    for ( ;; ) {
        long put = (long) write(*ps, data, count);
        /* if we sent anything, we are done */
        if (put >= 0) {
            *sent = put;
            return IO_DONE;
        }
        err = errno;
        /* EPIPE means the connection was closed */
        if (err == EPIPE) return IO_CLOSED;
        /* we call was interrupted, just try again */
        if (err == EINTR) continue;
        /* if failed fatal reason, report error */
        if (err != EAGAIN) return err;
        /* wait until we can send something or we timeout */
        if ((err = socket_waitfd(ps, WAITFD_W, tm)) != IO_DONE) return err;
    }
    /* can't reach here */
    return IO_UNKNOWN;
 }
 /*-------------------------------------------------------------------------*\
 * Read with timeout
 * See note for socket_write
 \*-------------------------------------------------------------------------*/
 int socket_read(p_socket ps, char *data, size_t count, size_t *got, p_timeout tm) {
    int err;
    *got = 0;
    if (*ps == SOCKET_INVALID) return IO_CLOSED;
    for ( ;; ) {
        long taken = (long) read(*ps, data, count);
        if (taken > 0) {
            *got = taken;
            return IO_DONE;
        }
        err = errno;
        if (taken == 0) return IO_CLOSED;
        if (err == EINTR) continue;
        if (err != EAGAIN) return err; 
        if ((err = socket_waitfd(ps, WAITFD_R, tm)) != IO_DONE) return err; 
    }
    return IO_UNKNOWN;
 }
 /*-------------------------------------------------------------------------*\
 * Put socket into blocking mode
 \*-------------------------------------------------------------------------*/
 void socket_setblocking(p_socket ps) {
    int flags = fcntl(*ps, F_GETFL, 0);
    flags &= (~(O_NONBLOCK));
    fcntl(*ps, F_SETFL, flags);
 }
 /*-------------------------------------------------------------------------*\
 * Put socket into non-blocking mode
 \*-------------------------------------------------------------------------*/
 void socket_setnonblocking(p_socket ps) {
    int flags = fcntl(*ps, F_GETFL, 0);
    flags |= O_NONBLOCK;
    fcntl(*ps, F_SETFL, flags);
 }
 /*-------------------------------------------------------------------------*\
 * DNS helpers 
 \*-------------------------------------------------------------------------*/
 int socket_gethostbyaddr(const char *addr, socklen_t len, struct hostent **hp) {
    *hp = gethostbyaddr(addr, len, AF_INET);
    if (*hp) return IO_DONE;
    else if (h_errno) return h_errno;
    else if (errno) return errno;
    else return IO_UNKNOWN;
 }
 int socket_gethostbyname(const char *addr, struct hostent **hp) {
    *hp = gethostbyname(addr);
    if (*hp) return IO_DONE;
    else if (h_errno) return h_errno;
    else if (errno) return errno;
    else return IO_UNKNOWN;
 }
 /*-------------------------------------------------------------------------*\
 * Error translation functions
 * Make sure important error messages are standard
 \*-------------------------------------------------------------------------*/
 const char *socket_hoststrerror(int err) {
    if (err <= 0) return io_strerror(err);
    switch (err) {
        case HOST_NOT_FOUND: return "host not found";
        default: return hstrerror(err);
    }
 }
 const char *socket_strerror(int err) {
    if (err <= 0) return io_strerror(err);
    switch (err) {
        case EADDRINUSE: return "address already in use";
        case EISCONN: return "already connected";
        case EACCES: return "permission denied";
        case ECONNREFUSED: return "connection refused";
        case ECONNABORTED: return "closed";
        case ECONNRESET: return "closed";
        case ETIMEDOUT: return "timeout";
        default: return strerror(err);
    }
 }
 const char *socket_ioerror(p_socket ps, int err) {
    (void) ps;
    return socket_strerror(err);
 } 
 const char *socket_gaistrerror(int err) {
    if (err == 0) return NULL; 
    switch (err) {
        case EAI_AGAIN: return "temporary failure in name resolution";
        case EAI_BADFLAGS: return "invalid value for ai_flags";
 #ifdef EAI_BADHINTS
        case EAI_BADHINTS: return "invalid value for hints";
 #endif
        case EAI_FAIL: return "non-recoverable failure in name resolution";
        case EAI_FAMILY: return "ai_family not supported";
        case EAI_MEMORY: return "memory allocation failure";
        case EAI_NONAME: 
            return "host or service not provided, or not known";
        case EAI_OVERFLOW: return "argument buffer overflow";
 #ifdef EAI_PROTOCOL
        case EAI_PROTOCOL: return "resolved protocol is unknown";
 #endif
        case EAI_SERVICE: return "service not supported for socket type";
        case EAI_SOCKTYPE: return "ai_socktype not supported";
        case EAI_SYSTEM: return strerror(errno); 
        default: return gai_strerror(err);
    }
 }
--- a/src/luasocket/usocket.h
+++ b/src/luasocket/usocket.h
@ -0,0 +1,70 @@
 #ifndef USOCKET_H
 #define USOCKET_H
 /*=========================================================================*\
 * Socket compatibilization module for Unix
 * LuaSocket toolkit
 \*=========================================================================*/
 /*=========================================================================*\
 * BSD include files
 \*=========================================================================*/
 /* error codes */
 #include <errno.h>
 /* close function */
 #include <unistd.h>
 /* fnctnl function and associated constants */
 #include <fcntl.h>
 /* struct sockaddr */
 #include <sys/types.h>
 /* socket function */
 #include <sys/socket.h>
 /* struct timeval */
 #include <sys/time.h>
 /* gethostbyname and gethostbyaddr functions */
 #include <netdb.h>
 /* sigpipe handling */
 #include <signal.h>
 /* IP stuff*/
 #include <netinet/in.h>
 #include <arpa/inet.h>
 /* TCP options (nagle algorithm disable) */
 #include <netinet/tcp.h>
 #include <net/if.h>
 #ifndef SOCKET_SELECT
 #include <sys/poll.h>
 #define WAITFD_R        POLLIN
 #define WAITFD_W        POLLOUT
 #define WAITFD_C        (POLLIN|POLLOUT)
 #else
 #define WAITFD_R        1
 #define WAITFD_W        2
 #define WAITFD_C        (WAITFD_R|WAITFD_W)
 #endif
 #ifndef SO_REUSEPORT
 #define SO_REUSEPORT SO_REUSEADDR
 #endif
 /* Some platforms use IPV6_JOIN_GROUP instead if
 * IPV6_ADD_MEMBERSHIP. The semantics are same, though. */
 #ifndef IPV6_ADD_MEMBERSHIP
 #ifdef IPV6_JOIN_GROUP
 #define IPV6_ADD_MEMBERSHIP IPV6_JOIN_GROUP
 #endif /* IPV6_JOIN_GROUP */
 #endif /* !IPV6_ADD_MEMBERSHIP */
 /* Same with IPV6_DROP_MEMBERSHIP / IPV6_LEAVE_GROUP. */
 #ifndef IPV6_DROP_MEMBERSHIP
 #ifdef IPV6_LEAVE_GROUP
 #define IPV6_DROP_MEMBERSHIP IPV6_LEAVE_GROUP
 #endif /* IPV6_LEAVE_GROUP */
 #endif /* !IPV6_DROP_MEMBERSHIP */
 typedef int t_socket;
 typedef t_socket *p_socket;
 typedef struct sockaddr_storage t_sockaddr_storage;
 #define SOCKET_INVALID (-1)
 #endif /* USOCKET_H */
--- a/src/luasocket/wsocket.c
+++ b/src/luasocket/wsocket.c
@ -0,0 +1,429 @@
 /*=========================================================================*\
 * Socket compatibilization module for Win32
 * LuaSocket toolkit
 *
 * The penalty of calling select to avoid busy-wait is only paid when
 * the I/O call fail in the first place. 
 \*=========================================================================*/
 #include <string.h>
 #include "socket.h"
 /* WinSock doesn't have a strerror... */
 static const char *wstrerror(int err);
 /*-------------------------------------------------------------------------*\
 * Initializes module 
 \*-------------------------------------------------------------------------*/
 int socket_open(void) {
    WSADATA wsaData;
    WORD wVersionRequested = MAKEWORD(2, 0); 
    int err = WSAStartup(wVersionRequested, &wsaData );
    if (err != 0) return 0;
    if ((LOBYTE(wsaData.wVersion) != 2 || HIBYTE(wsaData.wVersion) != 0) &&
        (LOBYTE(wsaData.wVersion) != 1 || HIBYTE(wsaData.wVersion) != 1)) {
        WSACleanup();
        return 0; 
    }
    return 1;
 }
 /*-------------------------------------------------------------------------*\
 * Close module 
 \*-------------------------------------------------------------------------*/
 int socket_close(void) {
    WSACleanup();
    return 1;
 }
 /*-------------------------------------------------------------------------*\
 * Wait for readable/writable/connected socket with timeout
 \*-------------------------------------------------------------------------*/
 int socket_waitfd(p_socket ps, int sw, p_timeout tm) {
    int ret;
    fd_set rfds, wfds, efds, *rp = NULL, *wp = NULL, *ep = NULL;
    struct timeval tv, *tp = NULL;
    double t;
    if (timeout_iszero(tm)) return IO_TIMEOUT;  /* optimize timeout == 0 case */
    if (sw & WAITFD_R) { 
        FD_ZERO(&rfds); 
        FD_SET(*ps, &rfds);
        rp = &rfds; 
    }
    if (sw & WAITFD_W) { FD_ZERO(&wfds); FD_SET(*ps, &wfds); wp = &wfds; }
    if (sw & WAITFD_C) { FD_ZERO(&efds); FD_SET(*ps, &efds); ep = &efds; }
    if ((t = timeout_get(tm)) >= 0.0) {
        tv.tv_sec = (int) t;
        tv.tv_usec = (int) ((t-tv.tv_sec)*1.0e6);
        tp = &tv;
    }
    ret = select(0, rp, wp, ep, tp);
    if (ret == -1) return WSAGetLastError();
    if (ret == 0) return IO_TIMEOUT;
    if (sw == WAITFD_C && FD_ISSET(*ps, &efds)) return IO_CLOSED;
    return IO_DONE;
 }
 /*-------------------------------------------------------------------------*\
 * Select with int timeout in ms
 \*-------------------------------------------------------------------------*/
 int socket_select(t_socket n, fd_set *rfds, fd_set *wfds, fd_set *efds, 
        p_timeout tm) {
    struct timeval tv; 
    double t = timeout_get(tm);
    tv.tv_sec = (int) t;
    tv.tv_usec = (int) ((t - tv.tv_sec) * 1.0e6);
    if (n <= 0) {
        Sleep((DWORD) (1000*t));
        return 0;
    } else return select(0, rfds, wfds, efds, t >= 0.0? &tv: NULL);
 }
 /*-------------------------------------------------------------------------*\
 * Close and inutilize socket
 \*-------------------------------------------------------------------------*/
 void socket_destroy(p_socket ps) {
    if (*ps != SOCKET_INVALID) {
        socket_setblocking(ps); /* close can take a long time on WIN32 */
        closesocket(*ps);
        *ps = SOCKET_INVALID;
    }
 }
 /*-------------------------------------------------------------------------*\
 * 
 \*-------------------------------------------------------------------------*/
 void socket_shutdown(p_socket ps, int how) {
    socket_setblocking(ps);
    shutdown(*ps, how);
    socket_setnonblocking(ps);
 }
 /*-------------------------------------------------------------------------*\
 * Creates and sets up a socket
 \*-------------------------------------------------------------------------*/
 int socket_create(p_socket ps, int domain, int type, int protocol) {
    *ps = socket(domain, type, protocol);
    if (*ps != SOCKET_INVALID) return IO_DONE;
    else return WSAGetLastError();
 }
 /*-------------------------------------------------------------------------*\
 * Connects or returns error message
 \*-------------------------------------------------------------------------*/
 int socket_connect(p_socket ps, SA *addr, socklen_t len, p_timeout tm) {
    int err;
    /* don't call on closed socket */
    if (*ps == SOCKET_INVALID) return IO_CLOSED;
    /* ask system to connect */
    if (connect(*ps, addr, len) == 0) return IO_DONE;
    /* make sure the system is trying to connect */
    err = WSAGetLastError();
    if (err != WSAEWOULDBLOCK && err != WSAEINPROGRESS) return err;
    /* zero timeout case optimization */
    if (timeout_iszero(tm)) return IO_TIMEOUT;
    /* we wait until something happens */
    err = socket_waitfd(ps, WAITFD_C, tm);
    if (err == IO_CLOSED) {
        int len = sizeof(err);
        /* give windows time to set the error (yes, disgusting) */
        Sleep(10);
        /* find out why we failed */
        getsockopt(*ps, SOL_SOCKET, SO_ERROR, (char *)&err, &len); 
        /* we KNOW there was an error. if 'why' is 0, we will return
        * "unknown error", but it's not really our fault */
        return err > 0? err: IO_UNKNOWN; 
    } else return err;
 }
 /*-------------------------------------------------------------------------*\
 * Binds or returns error message
 \*-------------------------------------------------------------------------*/
 int socket_bind(p_socket ps, SA *addr, socklen_t len) {
    int err = IO_DONE;
    socket_setblocking(ps);
    if (bind(*ps, addr, len) < 0) err = WSAGetLastError();
    socket_setnonblocking(ps);
    return err;
 }
 /*-------------------------------------------------------------------------*\
 * 
 \*-------------------------------------------------------------------------*/
 int socket_listen(p_socket ps, int backlog) {
    int err = IO_DONE;
    socket_setblocking(ps);
    if (listen(*ps, backlog) < 0) err = WSAGetLastError();
    socket_setnonblocking(ps);
    return err;
 }
 /*-------------------------------------------------------------------------*\
 * Accept with timeout
 \*-------------------------------------------------------------------------*/
 int socket_accept(p_socket ps, p_socket pa, SA *addr, socklen_t *len, 
        p_timeout tm) {
    if (*ps == SOCKET_INVALID) return IO_CLOSED;
    for ( ;; ) {
        int err;
        /* try to get client socket */
        if ((*pa = accept(*ps, addr, len)) != SOCKET_INVALID) return IO_DONE;
        /* find out why we failed */
        err = WSAGetLastError(); 
        /* if we failed because there was no connectoin, keep trying */
        if (err != WSAEWOULDBLOCK && err != WSAECONNABORTED) return err;
        /* call select to avoid busy wait */
        if ((err = socket_waitfd(ps, WAITFD_R, tm)) != IO_DONE) return err;
    } 
 }
 /*-------------------------------------------------------------------------*\
 * Send with timeout
 * On windows, if you try to send 10MB, the OS will buffer EVERYTHING 
 * this can take an awful lot of time and we will end up blocked. 
 * Therefore, whoever calls this function should not pass a huge buffer.
 \*-------------------------------------------------------------------------*/
 int socket_send(p_socket ps, const char *data, size_t count, 
        size_t *sent, p_timeout tm)
 {
    int err;
    *sent = 0;
    /* avoid making system calls on closed sockets */
    if (*ps == SOCKET_INVALID) return IO_CLOSED;
    /* loop until we send something or we give up on error */
    for ( ;; ) {
        /* try to send something */
        int put = send(*ps, data, (int) count, 0);
        /* if we sent something, we are done */
        if (put > 0) {
            *sent = put;
            return IO_DONE;
        }
        /* deal with failure */
        err = WSAGetLastError(); 
        /* we can only proceed if there was no serious error */
        if (err != WSAEWOULDBLOCK) return err;
        /* avoid busy wait */
        if ((err = socket_waitfd(ps, WAITFD_W, tm)) != IO_DONE) return err;
    } 
 }
 /*-------------------------------------------------------------------------*\
 * Sendto with timeout
 \*-------------------------------------------------------------------------*/
 int socket_sendto(p_socket ps, const char *data, size_t count, size_t *sent, 
        SA *addr, socklen_t len, p_timeout tm)
 {
    int err;
    *sent = 0;
    if (*ps == SOCKET_INVALID) return IO_CLOSED;
    for ( ;; ) {
        int put = sendto(*ps, data, (int) count, 0, addr, len);
        if (put > 0) {
            *sent = put;
            return IO_DONE;
        }
        err = WSAGetLastError(); 
        if (err != WSAEWOULDBLOCK) return err;
        if ((err = socket_waitfd(ps, WAITFD_W, tm)) != IO_DONE) return err;
    } 
 }
 /*-------------------------------------------------------------------------*\
 * Receive with timeout
 \*-------------------------------------------------------------------------*/
 int socket_recv(p_socket ps, char *data, size_t count, size_t *got, 
        p_timeout tm) 
 {
    int err, prev = IO_DONE;
    *got = 0;
    if (*ps == SOCKET_INVALID) return IO_CLOSED;
    for ( ;; ) {
        int taken = recv(*ps, data, (int) count, 0);
        if (taken > 0) {
            *got = taken;
            return IO_DONE;
        }
        if (taken == 0) return IO_CLOSED;
        err = WSAGetLastError();
        /* On UDP, a connreset simply means the previous send failed. 
         * So we try again. 
         * On TCP, it means our socket is now useless, so the error passes. 
         * (We will loop again, exiting because the same error will happen) */
        if (err != WSAEWOULDBLOCK) {
            if (err != WSAECONNRESET || prev == WSAECONNRESET) return err;
            prev = err;
        }
        if ((err = socket_waitfd(ps, WAITFD_R, tm)) != IO_DONE) return err;
    }
 }
 /*-------------------------------------------------------------------------*\
 * Recvfrom with timeout
 \*-------------------------------------------------------------------------*/
 int socket_recvfrom(p_socket ps, char *data, size_t count, size_t *got, 
        SA *addr, socklen_t *len, p_timeout tm) 
 {
    int err, prev = IO_DONE;
    *got = 0;
    if (*ps == SOCKET_INVALID) return IO_CLOSED;
    for ( ;; ) {
        int taken = recvfrom(*ps, data, (int) count, 0, addr, len);
        if (taken > 0) {
            *got = taken;
            return IO_DONE;
        }
        if (taken == 0) return IO_CLOSED;
        err = WSAGetLastError();
        /* On UDP, a connreset simply means the previous send failed. 
         * So we try again. 
         * On TCP, it means our socket is now useless, so the error passes.
         * (We will loop again, exiting because the same error will happen) */
        if (err != WSAEWOULDBLOCK) {
            if (err != WSAECONNRESET || prev == WSAECONNRESET) return err;
            prev = err;
        }
        if ((err = socket_waitfd(ps, WAITFD_R, tm)) != IO_DONE) return err;
    }
 }
 /*-------------------------------------------------------------------------*\
 * Put socket into blocking mode
 \*-------------------------------------------------------------------------*/
 void socket_setblocking(p_socket ps) {
    u_long argp = 0;
    ioctlsocket(*ps, FIONBIO, &argp);
 }
 /*-------------------------------------------------------------------------*\
 * Put socket into non-blocking mode
 \*-------------------------------------------------------------------------*/
 void socket_setnonblocking(p_socket ps) {
    u_long argp = 1;
    ioctlsocket(*ps, FIONBIO, &argp);
 }
 /*-------------------------------------------------------------------------*\
 * DNS helpers 
 \*-------------------------------------------------------------------------*/
 int socket_gethostbyaddr(const char *addr, socklen_t len, struct hostent **hp) {
    *hp = gethostbyaddr(addr, len, AF_INET);
    if (*hp) return IO_DONE;
    else return WSAGetLastError();
 }
 int socket_gethostbyname(const char *addr, struct hostent **hp) {
    *hp = gethostbyname(addr);
    if (*hp) return IO_DONE;
    else return  WSAGetLastError();
 }
 /*-------------------------------------------------------------------------*\
 * Error translation functions
 \*-------------------------------------------------------------------------*/
 const char *socket_hoststrerror(int err) {
    if (err <= 0) return io_strerror(err);
    switch (err) {
        case WSAHOST_NOT_FOUND: return "host not found";
        default: return wstrerror(err); 
    }
 }
 const char *socket_strerror(int err) {
    if (err <= 0) return io_strerror(err);
    switch (err) {
        case WSAEADDRINUSE: return "address already in use";
        case WSAECONNREFUSED: return "connection refused";
        case WSAEISCONN: return "already connected";
        case WSAEACCES: return "permission denied";
        case WSAECONNABORTED: return "closed";
        case WSAECONNRESET: return "closed";
        case WSAETIMEDOUT: return "timeout";
        default: return wstrerror(err);
    }
 }
 const char *socket_ioerror(p_socket ps, int err) {
    (void) ps;
    return socket_strerror(err);
 }
 static const char *wstrerror(int err) {
    switch (err) {
        case WSAEINTR: return "Interrupted function call";
        case WSAEACCES: return "Permission denied";
        case WSAEFAULT: return "Bad address";
        case WSAEINVAL: return "Invalid argument";
        case WSAEMFILE: return "Too many open files";
        case WSAEWOULDBLOCK: return "Resource temporarily unavailable";
        case WSAEINPROGRESS: return "Operation now in progress";
        case WSAEALREADY: return "Operation already in progress";
        case WSAENOTSOCK: return "Socket operation on nonsocket";
        case WSAEDESTADDRREQ: return "Destination address required";
        case WSAEMSGSIZE: return "Message too long";
        case WSAEPROTOTYPE: return "Protocol wrong type for socket";
        case WSAENOPROTOOPT: return "Bad protocol option";
        case WSAEPROTONOSUPPORT: return "Protocol not supported";
        case WSAESOCKTNOSUPPORT: return "Socket type not supported";
        case WSAEOPNOTSUPP: return "Operation not supported";
        case WSAEPFNOSUPPORT: return "Protocol family not supported";
        case WSAEAFNOSUPPORT: 
            return "Address family not supported by protocol family"; 
        case WSAEADDRINUSE: return "Address already in use";
        case WSAEADDRNOTAVAIL: return "Cannot assign requested address";
        case WSAENETDOWN: return "Network is down";
        case WSAENETUNREACH: return "Network is unreachable";
        case WSAENETRESET: return "Network dropped connection on reset";
        case WSAECONNABORTED: return "Software caused connection abort";
        case WSAECONNRESET: return "Connection reset by peer";
        case WSAENOBUFS: return "No buffer space available";
        case WSAEISCONN: return "Socket is already connected";
        case WSAENOTCONN: return "Socket is not connected";
        case WSAESHUTDOWN: return "Cannot send after socket shutdown";
        case WSAETIMEDOUT: return "Connection timed out";
        case WSAECONNREFUSED: return "Connection refused";
        case WSAEHOSTDOWN: return "Host is down";
        case WSAEHOSTUNREACH: return "No route to host";
        case WSAEPROCLIM: return "Too many processes";
        case WSASYSNOTREADY: return "Network subsystem is unavailable";
        case WSAVERNOTSUPPORTED: return "Winsock.dll version out of range";
        case WSANOTINITIALISED: 
            return "Successful WSAStartup not yet performed";
        case WSAEDISCON: return "Graceful shutdown in progress";
        case WSAHOST_NOT_FOUND: return "Host not found";
        case WSATRY_AGAIN: return "Nonauthoritative host not found";
        case WSANO_RECOVERY: return "Nonrecoverable name lookup error"; 
        case WSANO_DATA: return "Valid name, no data record of requested type";
        default: return "Unknown error";
    }
 }
 const char *socket_gaistrerror(int err) {
    if (err == 0) return NULL; 
    switch (err) {
        case EAI_AGAIN: return "temporary failure in name resolution";
        case EAI_BADFLAGS: return "invalid value for ai_flags";
 #ifdef EAI_BADHINTS
        case EAI_BADHINTS: return "invalid value for hints";
 #endif
        case EAI_FAIL: return "non-recoverable failure in name resolution";
        case EAI_FAMILY: return "ai_family not supported";
        case EAI_MEMORY: return "memory allocation failure";
        case EAI_NONAME: 
            return "host or service not provided, or not known";
 #ifdef EAI_OVERFLOW
        case EAI_OVERFLOW: return "argument buffer overflow";
 #endif
 #ifdef EAI_PROTOCOL
        case EAI_PROTOCOL: return "resolved protocol is unknown";
 #endif
        case EAI_SERVICE: return "service not supported for socket type";
        case EAI_SOCKTYPE: return "ai_socktype not supported";
 #ifdef EAI_SYSTEM
        case EAI_SYSTEM: return strerror(errno); 
 #endif
        default: return gai_strerror(err);
    }
 }
--- a/src/luasocket/wsocket.h
+++ b/src/luasocket/wsocket.h
@ -1,28 +1,38 @@
 #ifndef WSOCKET_H
 #define WSOCKET_H
 /*=========================================================================*\
 * LuaSocket 2.0.2
 * Copyright (C) 2004-2007 Diego Nehab
 *
 * Socket compatibilization module for Win32
-*
+* LuaSocket toolkit
 * RCS ID: $Id: wsocket.h 2 2006-04-30 19:30:47Z brunoos $
 \*=========================================================================*/
 /*=========================================================================*\
 * WinSock include files
 \*=========================================================================*/
-#include <winsock.h>
+#include <winsock2.h>
 #include <ws2tcpip.h>
 typedef int socklen_t;
 typedef SOCKADDR_STORAGE t_sockaddr_storage;
 typedef SOCKET t_socket;
 typedef t_socket *p_socket;
 #define WAITFD_R        1
 #define WAITFD_W        2
 #define WAITFD_E        4
 #define WAITFD_C        (WAITFD_E|WAITFD_W)
 #ifndef IPV6_V6ONLY
 #define IPV6_V6ONLY 27
 #endif
 #define SOCKET_INVALID (INVALID_SOCKET)
-typedef int socklen_t;
+#ifndef SO_REUSEPORT
-typedef SOCKET t_socket;
+#define SO_REUSEPORT SO_REUSEADDR
-typedef t_socket *p_socket;
+#endif
 #ifndef AI_NUMERICSERV
 #define AI_NUMERICSERV (0)
 #endif
 #endif /* WSOCKET_H */
--- a/src/options.c
+++ b/src/options.c
@ -0,0 +1,167 @@
 /*--------------------------------------------------------------------------
 * LuaSec 0.7.2
 *
 * Copyright (C) 2006-2019 Bruno Silvestre
 *
 *--------------------------------------------------------------------------*/
 #include <openssl/ssl.h>
 #include "options.h"
 /* If you need to generate these options again, see options.lua */
 /* 
  OpenSSL version: OpenSSL 1.1.1
 */
 static lsec_ssl_option_t ssl_options[] = {
 #if defined(SSL_OP_ALL)
  {"all", SSL_OP_ALL},
 #endif
 #if defined(SSL_OP_ALLOW_NO_DHE_KEX)
  {"allow_no_dhe_kex", SSL_OP_ALLOW_NO_DHE_KEX},
 #endif
 #if defined(SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)
  {"allow_unsafe_legacy_renegotiation", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION},
 #endif
 #if defined(SSL_OP_CIPHER_SERVER_PREFERENCE)
  {"cipher_server_preference", SSL_OP_CIPHER_SERVER_PREFERENCE},
 #endif
 #if defined(SSL_OP_CISCO_ANYCONNECT)
  {"cisco_anyconnect", SSL_OP_CISCO_ANYCONNECT},
 #endif
 #if defined(SSL_OP_COOKIE_EXCHANGE)
  {"cookie_exchange", SSL_OP_COOKIE_EXCHANGE},
 #endif
 #if defined(SSL_OP_CRYPTOPRO_TLSEXT_BUG)
  {"cryptopro_tlsext_bug", SSL_OP_CRYPTOPRO_TLSEXT_BUG},
 #endif
 #if defined(SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)
  {"dont_insert_empty_fragments", SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS},
 #endif
 #if defined(SSL_OP_ENABLE_MIDDLEBOX_COMPAT)
  {"enable_middlebox_compat", SSL_OP_ENABLE_MIDDLEBOX_COMPAT},
 #endif
 #if defined(SSL_OP_EPHEMERAL_RSA)
  {"ephemeral_rsa", SSL_OP_EPHEMERAL_RSA},
 #endif
 #if defined(SSL_OP_LEGACY_SERVER_CONNECT)
  {"legacy_server_connect", SSL_OP_LEGACY_SERVER_CONNECT},
 #endif
 #if defined(SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
  {"microsoft_big_sslv3_buffer", SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER},
 #endif
 #if defined(SSL_OP_MICROSOFT_SESS_ID_BUG)
  {"microsoft_sess_id_bug", SSL_OP_MICROSOFT_SESS_ID_BUG},
 #endif
 #if defined(SSL_OP_MSIE_SSLV2_RSA_PADDING)
  {"msie_sslv2_rsa_padding", SSL_OP_MSIE_SSLV2_RSA_PADDING},
 #endif
 #if defined(SSL_OP_NETSCAPE_CA_DN_BUG)
  {"netscape_ca_dn_bug", SSL_OP_NETSCAPE_CA_DN_BUG},
 #endif
 #if defined(SSL_OP_NETSCAPE_CHALLENGE_BUG)
  {"netscape_challenge_bug", SSL_OP_NETSCAPE_CHALLENGE_BUG},
 #endif
 #if defined(SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG)
  {"netscape_demo_cipher_change_bug", SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG},
 #endif
 #if defined(SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG)
  {"netscape_reuse_cipher_change_bug", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG},
 #endif
 #if defined(SSL_OP_NO_ANTI_REPLAY)
  {"no_anti_replay", SSL_OP_NO_ANTI_REPLAY},
 #endif
 #if defined(SSL_OP_NO_COMPRESSION)
  {"no_compression", SSL_OP_NO_COMPRESSION},
 #endif
 #if defined(SSL_OP_NO_DTLS_MASK)
  {"no_dtls_mask", SSL_OP_NO_DTLS_MASK},
 #endif
 #if defined(SSL_OP_NO_DTLSv1)
  {"no_dtlsv1", SSL_OP_NO_DTLSv1},
 #endif
 #if defined(SSL_OP_NO_DTLSv1_2)
  {"no_dtlsv1_2", SSL_OP_NO_DTLSv1_2},
 #endif
 #if defined(SSL_OP_NO_ENCRYPT_THEN_MAC)
  {"no_encrypt_then_mac", SSL_OP_NO_ENCRYPT_THEN_MAC},
 #endif
 #if defined(SSL_OP_NO_QUERY_MTU)
  {"no_query_mtu", SSL_OP_NO_QUERY_MTU},
 #endif
 #if defined(SSL_OP_NO_RENEGOTIATION)
  {"no_renegotiation", SSL_OP_NO_RENEGOTIATION},
 #endif
 #if defined(SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)
  {"no_session_resumption_on_renegotiation", SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION},
 #endif
 #if defined(SSL_OP_NO_SSL_MASK)
  {"no_ssl_mask", SSL_OP_NO_SSL_MASK},
 #endif
 #if defined(SSL_OP_NO_SSLv2)
  {"no_sslv2", SSL_OP_NO_SSLv2},
 #endif
 #if defined(SSL_OP_NO_SSLv3)
  {"no_sslv3", SSL_OP_NO_SSLv3},
 #endif
 #if defined(SSL_OP_NO_TICKET)
  {"no_ticket", SSL_OP_NO_TICKET},
 #endif
 #if defined(SSL_OP_NO_TLSv1)
  {"no_tlsv1", SSL_OP_NO_TLSv1},
 #endif
 #if defined(SSL_OP_NO_TLSv1_1)
  {"no_tlsv1_1", SSL_OP_NO_TLSv1_1},
 #endif
 #if defined(SSL_OP_NO_TLSv1_2)
  {"no_tlsv1_2", SSL_OP_NO_TLSv1_2},
 #endif
 #if defined(SSL_OP_NO_TLSv1_3)
  {"no_tlsv1_3", SSL_OP_NO_TLSv1_3},
 #endif
 #if defined(SSL_OP_PKCS1_CHECK_1)
  {"pkcs1_check_1", SSL_OP_PKCS1_CHECK_1},
 #endif
 #if defined(SSL_OP_PKCS1_CHECK_2)
  {"pkcs1_check_2", SSL_OP_PKCS1_CHECK_2},
 #endif
 #if defined(SSL_OP_PRIORITIZE_CHACHA)
  {"prioritize_chacha", SSL_OP_PRIORITIZE_CHACHA},
 #endif
 #if defined(SSL_OP_SAFARI_ECDHE_ECDSA_BUG)
  {"safari_ecdhe_ecdsa_bug", SSL_OP_SAFARI_ECDHE_ECDSA_BUG},
 #endif
 #if defined(SSL_OP_SINGLE_DH_USE)
  {"single_dh_use", SSL_OP_SINGLE_DH_USE},
 #endif
 #if defined(SSL_OP_SINGLE_ECDH_USE)
  {"single_ecdh_use", SSL_OP_SINGLE_ECDH_USE},
 #endif
 #if defined(SSL_OP_SSLEAY_080_CLIENT_DH_BUG)
  {"ssleay_080_client_dh_bug", SSL_OP_SSLEAY_080_CLIENT_DH_BUG},
 #endif
 #if defined(SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG)
  {"sslref2_reuse_cert_type_bug", SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG},
 #endif
 #if defined(SSL_OP_TLSEXT_PADDING)
  {"tlsext_padding", SSL_OP_TLSEXT_PADDING},
 #endif
 #if defined(SSL_OP_TLS_BLOCK_PADDING_BUG)
  {"tls_block_padding_bug", SSL_OP_TLS_BLOCK_PADDING_BUG},
 #endif
 #if defined(SSL_OP_TLS_D5_BUG)
  {"tls_d5_bug", SSL_OP_TLS_D5_BUG},
 #endif
 #if defined(SSL_OP_TLS_ROLLBACK_BUG)
  {"tls_rollback_bug", SSL_OP_TLS_ROLLBACK_BUG},
 #endif
  {NULL, 0L}
 };
 LSEC_API lsec_ssl_option_t* lsec_get_ssl_options() {
  return ssl_options;
 }
--- a/src/options.h
+++ b/src/options.h
@ -0,0 +1,22 @@
 #ifndef LSEC_OPTIONS_H
 #define LSEC_OPTIONS_H
 /*--------------------------------------------------------------------------
 * LuaSec 0.7.2
 *
 * Copyright (C) 2006-2019 Bruno Silvestre
 *
 *--------------------------------------------------------------------------*/
 #include "compat.h"
 struct lsec_ssl_option_s {
  const char *name;
  unsigned long code;
 };
 typedef struct lsec_ssl_option_s lsec_ssl_option_t;
 LSEC_API lsec_ssl_option_t* lsec_get_ssl_options();
 #endif
--- a/src/options.lua
+++ b/src/options.lua
@ -0,0 +1,90 @@
 local function usage()
  print("Usage:")
  print("* Generate options of your system:")
  print("  lua options.lua -g /path/to/ssl.h [version] > options.c")
  print("* Examples:")
  print("  lua options.lua -g /usr/include/openssl/ssl.h > options.c\n")
  print("  lua options.lua -g /usr/include/openssl/ssl.h \"OpenSSL 1.0.1 14\" > options.c\n")
  print("* List options of your system:")
  print("  lua options.lua -l /path/to/ssl.h\n")
 end
 --
 local function printf(str, ...)
  print(string.format(str, ...))
 end
 local function generate(options, version)
  print([[
 /*--------------------------------------------------------------------------
 * LuaSec 0.7.2
 *
 * Copyright (C) 2006-2019 Bruno Silvestre
 *
 *--------------------------------------------------------------------------*/
 #include <openssl/ssl.h>
 #include "options.h"
 /* If you need to generate these options again, see options.lua */
 ]])
  printf([[
 /* 
  OpenSSL version: %s
 */
 ]], version)
  print([[static lsec_ssl_option_t ssl_options[] = {]])
  for k, option in ipairs(options) do
    local name = string.lower(string.sub(option, 8))
    print(string.format([[#if defined(%s)]], option))
    print(string.format([[  {"%s", %s},]], name, option))
    print([[#endif]])
  end
  print([[  {NULL, 0L}]])
  print([[
 };
 LSEC_API lsec_ssl_option_t* lsec_get_ssl_options() {
  return ssl_options;
 }
 ]])
 end
 local function loadoptions(file)
  local options = {}
  local f = assert(io.open(file, "r"))
  for line in f:lines() do
    local op = string.match(line, "define%s+(SSL_OP_%S+)")
    if op then
      table.insert(options, op)
    end
  end
  table.sort(options, function(a,b) return a<b end)
  return options
 end
 --
 local options
 local flag, file, version = ...
 version = version or "Unknown"
 if not file then
  usage()
 elseif flag == "-g" then
  options = loadoptions(file)
  generate(options, version)
 elseif flag == "-l" then
  options = loadoptions(file)
  for k, option in ipairs(options) do
    print(option)
  end
 else
  usage()
 end
--- a/src/ssl.c
+++ b/src/ssl.c
@ -1,31 +1,62 @@
 /*--------------------------------------------------------------------------
- * LuaSec 0.3.1
+ * LuaSec 0.7.2
- * Copyright (C) 2006-2009 Bruno Silvestre
+ *
 * Copyright (C) 2014-2019 Kim Alvefur, Paul Aurich, Tobias Markmann, 
 *                         Matthew Wild.
 * Copyright (C) 2006-2019 Bruno Silvestre.
 *
 *--------------------------------------------------------------------------*/
 #include <errno.h>
 #include <string.h>
 #if defined(WIN32)
 #include <Winsock2.h>
 #endif
 #include <openssl/ssl.h>
 #include <openssl/x509v3.h>
 #include <openssl/x509_vfy.h>
 #include <openssl/err.h>
 #include <lua.h>
 #include <lauxlib.h>
-#include "io.h"
+#include <luasocket/io.h>
-#include "buffer.h"
+#include <luasocket/buffer.h>
-#include "timeout.h"
+#include <luasocket/timeout.h>
-#include "socket.h"
+#include <luasocket/socket.h>
 #include "x509.h"
 #include "context.h"
 #include "ssl.h"
 #if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER<0x10100000L
 #define SSL_is_server(s) (s->server)
 #define SSL_up_ref(ssl)  CRYPTO_add(&(ssl)->references, 1, CRYPTO_LOCK_SSL)
 #define X509_up_ref(c)   CRYPTO_add(&c->references, 1, CRYPTO_LOCK_X509)
 #endif
 /**
 * Underline socket error.
 */
 static int lsec_socket_error()
 {
 #if defined(WIN32)
  return WSAGetLastError();
 #else
  return errno;
 #endif
 }
 /**
 * Map error code into string.
 */
 static const char *ssl_ioerror(void *ctx, int err)
 {
-  if (err == IO_SSL) {
+  if (err == LSEC_IO_SSL) {
    p_ssl ssl = (p_ssl) ctx;
    switch(ssl->error) {
    case SSL_ERROR_NONE: return "No error";
@ -48,11 +79,26 @@ static const char *ssl_ioerror(void *ctx, int err)
 */
 static int meth_destroy(lua_State *L)
 {
-  p_ssl ssl = (p_ssl) lua_touserdata(L, 1);
+  p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
-  if (ssl->ssl) {
+  if (ssl->state == LSEC_STATE_CONNECTED) {
    socket_setblocking(&ssl->sock);
    SSL_shutdown(ssl->ssl);
  }
  if (ssl->sock != SOCKET_INVALID) {
    socket_destroy(&ssl->sock);
  }
  ssl->state = LSEC_STATE_CLOSED;
  if (ssl->ssl) {
    /* Clear the registries */
    luaL_getmetatable(L, "SSL:Verify:Registry");
    lua_pushlightuserdata(L, (void*)ssl->ssl);
    lua_pushnil(L);
    lua_settable(L, -3);
    luaL_getmetatable(L, "SSL:SNI:Registry");
    lua_pushlightuserdata(L, (void*)ssl->ssl);
    lua_pushnil(L);
    lua_settable(L, -3);
    /* Destroy the object */
    SSL_free(ssl->ssl);
    ssl->ssl = NULL;
  }
@ -64,36 +110,38 @@ static int meth_destroy(lua_State *L)
 */
 static int handshake(p_ssl ssl)
 {
  int err;
  p_timeout tm = timeout_markstart(&ssl->tm);
-  if (ssl->state == ST_SSL_CLOSED)
+  if (ssl->state == LSEC_STATE_CLOSED)
    return IO_CLOSED;
  for ( ; ; ) {
-    int err = SSL_do_handshake(ssl->ssl);
+    ERR_clear_error();
    err = SSL_do_handshake(ssl->ssl);
    ssl->error = SSL_get_error(ssl->ssl, err);
-    switch(ssl->error) {
+    switch (ssl->error) {
    case SSL_ERROR_NONE:
-      ssl->state = ST_SSL_CONNECTED;
+      ssl->state = LSEC_STATE_CONNECTED;
      return IO_DONE;
    case SSL_ERROR_WANT_READ:
      err = socket_waitfd(&ssl->sock, WAITFD_R, tm);
-      if (err == IO_TIMEOUT) return IO_SSL;
+      if (err == IO_TIMEOUT) return LSEC_IO_SSL;
      if (err != IO_DONE)    return err;
      break;
    case SSL_ERROR_WANT_WRITE:
      err = socket_waitfd(&ssl->sock, WAITFD_W, tm);
-      if (err == IO_TIMEOUT) return IO_SSL;
+      if (err == IO_TIMEOUT) return LSEC_IO_SSL;
      if (err != IO_DONE)    return err;
      break;
    case SSL_ERROR_SYSCALL:
      if (ERR_peek_error())  {
        ssl->error = SSL_ERROR_SSL;
-        return IO_SSL;
+        return LSEC_IO_SSL;
      }
      if (err == 0)
        return IO_CLOSED;
-      return errno;
+      return lsec_socket_error();
    default:
-      return IO_SSL;
+      return LSEC_IO_SSL;
    }
  }
  return IO_UNKNOWN;
@ -105,37 +153,39 @@ static int handshake(p_ssl ssl)
 static int ssl_send(void *ctx, const char *data, size_t count, size_t *sent,
   p_timeout tm)
 {
-  p_ssl ssl = (p_ssl) ctx;
+  int err;
-  if (ssl->state == ST_SSL_CLOSED)
+  p_ssl ssl = (p_ssl)ctx;
  if (ssl->state != LSEC_STATE_CONNECTED)
    return IO_CLOSED;
  *sent = 0;
  for ( ; ; ) {
-    int err = SSL_write(ssl->ssl, data, (int) count);
+    ERR_clear_error();
    err = SSL_write(ssl->ssl, data, (int)count);
    ssl->error = SSL_get_error(ssl->ssl, err);
-    switch(ssl->error) {
+    switch (ssl->error) {
    case SSL_ERROR_NONE:
      *sent = err;
      return IO_DONE;
    case SSL_ERROR_WANT_READ: 
      err = socket_waitfd(&ssl->sock, WAITFD_R, tm);
-      if (err == IO_TIMEOUT) return IO_SSL;
+      if (err == IO_TIMEOUT) return LSEC_IO_SSL;
      if (err != IO_DONE)    return err;
      break;
    case SSL_ERROR_WANT_WRITE:
      err = socket_waitfd(&ssl->sock, WAITFD_W, tm);
-      if (err == IO_TIMEOUT) return IO_SSL;
+      if (err == IO_TIMEOUT) return LSEC_IO_SSL;
      if (err != IO_DONE)    return err;
      break;
    case SSL_ERROR_SYSCALL:
      if (ERR_peek_error())  {
        ssl->error = SSL_ERROR_SSL;
-        return IO_SSL;
+        return LSEC_IO_SSL;
      }
      if (err == 0)
        return IO_CLOSED;
-      return errno;
+      return lsec_socket_error();
    default:
-      return IO_SSL;
+      return LSEC_IO_SSL;
    }
  }
  return IO_UNKNOWN;
@ -147,81 +197,120 @@ static int ssl_send(void *ctx, const char *data, size_t count, size_t *sent,
 static int ssl_recv(void *ctx, char *data, size_t count, size_t *got,
  p_timeout tm)
 {
-  p_ssl ssl = (p_ssl) ctx;
+  int err;
-  if (ssl->state == ST_SSL_CLOSED)
+  p_ssl ssl = (p_ssl)ctx;
    return IO_CLOSED;
  *got = 0;
  if (ssl->state != LSEC_STATE_CONNECTED)
    return IO_CLOSED;
  for ( ; ; ) {
-    int err = SSL_read(ssl->ssl, data, (int) count);
+    ERR_clear_error();
    err = SSL_read(ssl->ssl, data, (int)count);
    ssl->error = SSL_get_error(ssl->ssl, err);
-    switch(ssl->error) {
+    switch (ssl->error) {
    case SSL_ERROR_NONE:
      *got = err;
      return IO_DONE;
    case SSL_ERROR_ZERO_RETURN:
      *got = err;
      return IO_CLOSED;
    case SSL_ERROR_WANT_READ:
      err = socket_waitfd(&ssl->sock, WAITFD_R, tm);
-      if (err == IO_TIMEOUT) return IO_SSL;
+      if (err == IO_TIMEOUT) return LSEC_IO_SSL;
      if (err != IO_DONE)    return err;
      break;
    case SSL_ERROR_WANT_WRITE:
      err = socket_waitfd(&ssl->sock, WAITFD_W, tm);
-      if (err == IO_TIMEOUT) return IO_SSL;
+      if (err == IO_TIMEOUT) return LSEC_IO_SSL;
      if (err != IO_DONE)    return err;
      break;
    case SSL_ERROR_SYSCALL:
      if (ERR_peek_error())  {
        ssl->error = SSL_ERROR_SSL;
-        return IO_SSL;
+        return LSEC_IO_SSL;
      }
      if (err == 0)
        return IO_CLOSED;
-      return errno;
+      return lsec_socket_error();
    default:
-      return IO_SSL;
+      return LSEC_IO_SSL;
    }
  }
  return IO_UNKNOWN;
 }
 static SSL_CTX* luaossl_testcontext(lua_State *L, int arg) {
  SSL_CTX **ctx = luaL_testudata(L, arg, "SSL_CTX*");
  if (ctx)
    return *ctx;
  return NULL;
 }
 static SSL* luaossl_testssl(lua_State *L, int arg) {
  SSL **ssl = luaL_testudata(L, arg, "SSL*");
  if (ssl)
    return *ssl;
  return NULL;
 }
 /**
 * Create a new TLS/SSL object and mark it as new.
 */
 static int meth_create(lua_State *L)
 {
  p_ssl ssl;
-  int mode = ctx_getmode(L, 1);
+  int mode;
-  SSL_CTX *ctx = ctx_getcontext(L, 1);
+  SSL_CTX *ctx;
-  if (mode == MD_CTX_INVALID) {
+  lua_settop(L, 1);
-    lua_pushnil(L);
+
-    lua_pushstring(L, "invalid mode");
+  ssl = (p_ssl)lua_newuserdata(L, sizeof(t_ssl));
    return 2;
  }
  ssl = (p_ssl) lua_newuserdata(L, sizeof(t_ssl));
  if (!ssl) {
    lua_pushnil(L);
    lua_pushstring(L, "error creating SSL object");
    return 2;
  }
-  ssl->ssl = SSL_new(ctx);
+
-  if (!ssl->ssl) {
+  if ((ctx = lsec_testcontext(L, 1))) {
-    lua_pushnil(L);
+    mode = lsec_getmode(L, 1);
-    lua_pushstring(L, "error creating SSL object");
+    if (mode == LSEC_MODE_INVALID) {
-    return 2;;
+      lua_pushnil(L);
      lua_pushstring(L, "invalid mode");
      return 2;
    }
    ssl->ssl = SSL_new(ctx);
    if (!ssl->ssl) {
      lua_pushnil(L);
      lua_pushfstring(L, "error creating SSL object (%s)",
        ERR_reason_error_string(ERR_get_error()));
      return 2;
    }
  } else if ((ctx = luaossl_testcontext(L, 1))) {
    ssl->ssl = SSL_new(ctx);
    if (!ssl->ssl) {
      lua_pushnil(L);
      lua_pushfstring(L, "error creating SSL object (%s)",
        ERR_reason_error_string(ERR_get_error()));
      return 2;
    }
    mode = SSL_is_server(ssl->ssl) ? LSEC_MODE_SERVER : LSEC_MODE_CLIENT;
  } else if ((ssl->ssl = luaossl_testssl(L, 1))) {
    SSL_up_ref(ssl->ssl);
    mode = SSL_is_server(ssl->ssl) ? LSEC_MODE_SERVER : LSEC_MODE_CLIENT;
  } else {
    return luaL_argerror(L, 1, "invalid context");
  }
-  ssl->state = ST_SSL_NEW;
+  ssl->state = LSEC_STATE_NEW;
-  SSL_set_fd(ssl->ssl, (int) SOCKET_INVALID);
+  SSL_set_fd(ssl->ssl, (int)SOCKET_INVALID);
  SSL_set_mode(ssl->ssl, SSL_MODE_ENABLE_PARTIAL_WRITE | 
    SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
-  if (mode == MD_CTX_SERVER)
+#if defined(SSL_MODE_RELEASE_BUFFERS)
  SSL_set_mode(ssl->ssl, SSL_MODE_RELEASE_BUFFERS);
 #endif
  if (mode == LSEC_MODE_SERVER)
    SSL_set_accept_state(ssl->ssl);
  else
    SSL_set_connect_state(ssl->ssl);
-  io_init(&ssl->io, (p_send) ssl_send, (p_recv) ssl_recv, 
+  io_init(&ssl->io, (p_send)ssl_send, (p_recv)ssl_recv, 
    (p_error) ssl_ioerror, ssl);
  timeout_init(&ssl->tm, -1, -1);
  buffer_init(&ssl->buf, &ssl->io, &ssl->tm);
@ -235,7 +324,7 @@ static int meth_create(lua_State *L)
 * Buffer send function
 */
 static int meth_send(lua_State *L) {
-  p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection");
+  p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
  return buffer_meth_send(L, &ssl->buf);
 }
@ -243,30 +332,46 @@ static int meth_send(lua_State *L) {
 * Buffer receive function
 */
 static int meth_receive(lua_State *L) {
-  p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection");
+  p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
  return buffer_meth_receive(L, &ssl->buf);
 }
 /**
 * Get the buffer's statistics.
 */
 static int meth_getstats(lua_State *L) {
  p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
  return buffer_meth_getstats(L, &ssl->buf);
 }
 /**
 * Set the buffer's statistics.
 */
 static int meth_setstats(lua_State *L) {
  p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
  return buffer_meth_setstats(L, &ssl->buf);
 }
 /**
 * Select support methods
 */
 static int meth_getfd(lua_State *L)
 {
-  p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection");
+  p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
  lua_pushnumber(L, ssl->sock);
  return 1;
 }
 /**
 * Set the TLS/SSL file descriptor.
- * This is done *before* the handshake.
+ * Call it *before* the handshake.
 */
 static int meth_setfd(lua_State *L)
 {
-  p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection");
+  p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
-  if (ssl->state != ST_SSL_NEW)
+  if (ssl->state != LSEC_STATE_NEW)
    luaL_argerror(L, 1, "invalid SSL object state");
-  ssl->sock = luaL_checkint(L, 2);
+  ssl->sock = (t_socket)luaL_checkinteger(L, 2);
  socket_setnonblocking(&ssl->sock);
  SSL_set_fd(ssl->ssl, (int)ssl->sock);
  return 0;
@ -277,7 +382,7 @@ static int meth_setfd(lua_State *L)
 */
 static int meth_handshake(lua_State *L)
 {
-  p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection");
+  p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
  int err = handshake(ssl);
  if (err == IO_DONE) {
    lua_pushboolean(L, 1);
@ -293,9 +398,7 @@ static int meth_handshake(lua_State *L)
 */
 static int meth_close(lua_State *L)
 {
  p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection");
  meth_destroy(L);
  ssl->state = ST_SSL_CLOSED;
  return 0;
 }
@ -304,7 +407,7 @@ static int meth_close(lua_State *L)
 */
 static int meth_settimeout(lua_State *L)
 {
-  p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection");
+  p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
  return timeout_meth_settimeout(L, &ssl->tm);
 }
@ -314,8 +417,8 @@ static int meth_settimeout(lua_State *L)
 static int meth_dirty(lua_State *L)
 {
  int res = 0;
-  p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection");
+  p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
-  if (ssl->state != ST_SSL_CLOSED)
+  if (ssl->state != LSEC_STATE_CLOSED)
    res = !buffer_isempty(&ssl->buf) || SSL_pending(ssl->ssl);
  lua_pushboolean(L, res);
  return 1;
@ -326,8 +429,10 @@ static int meth_dirty(lua_State *L)
 */
 static int meth_want(lua_State *L)
 {
-  p_ssl ssl = (p_ssl) luaL_checkudata(L, 1, "SSL:Connection");
+  p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
-  int code = (ssl->state == ST_SSL_CLOSED) ? SSL_NOTHING : SSL_want(ssl->ssl);
+  int code = (ssl->state == LSEC_STATE_CLOSED)
             ? SSL_NOTHING
             : SSL_want(ssl->ssl);
  switch(code) {
  case SSL_NOTHING: lua_pushstring(L, "nothing"); break;
  case SSL_READING: lua_pushstring(L, "read"); break;
@ -336,72 +441,462 @@ static int meth_want(lua_State *L)
  }
  return 1;
 }
-  
+
 /**
- * Return a pointer to SSL structure.
+ * Return the compression method used.
 */
-static int meth_rawconn(lua_State *L)
+static int meth_compression(lua_State *L)
 {
 #ifdef OPENSSL_NO_COMP
  const void *comp;
 #else
  const COMP_METHOD *comp;
 #endif
  p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
  if (ssl->state != LSEC_STATE_CONNECTED) {
    lua_pushnil(L);
    lua_pushstring(L, "closed");
    return 2;
  }
  comp = SSL_get_current_compression(ssl->ssl);
  if (comp)
    lua_pushstring(L, SSL_COMP_get_name(comp));
  else
    lua_pushnil(L);
  return 1;
 }
 /**
 * Return the nth certificate of the peer's chain.
 */
 static int meth_getpeercertificate(lua_State *L)
 {
  int n;
  X509 *cert;
  STACK_OF(X509) *certs;
  p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
  if (ssl->state != LSEC_STATE_CONNECTED) {
    lua_pushnil(L);
    lua_pushstring(L, "closed");
    return 2;
  }
  /* Default to the first cert */ 
  n = (int)luaL_optinteger(L, 2, 1);                           
  /* This function is 1-based, but OpenSSL is 0-based */
  --n;
  if (n < 0) {
    lua_pushnil(L);
    lua_pushliteral(L, "invalid certificate index");
    return 2;
  }
  if (n == 0) {
    cert = SSL_get_peer_certificate(ssl->ssl);
    if (cert)
      lsec_pushx509(L, cert);
    else
      lua_pushnil(L);
    return 1;
  }
  /* In a server-context, the stack doesn't contain the peer cert,
   * so adjust accordingly.
   */
  if (SSL_is_server(ssl->ssl))
    --n;
  certs = SSL_get_peer_cert_chain(ssl->ssl);
  if (n >= sk_X509_num(certs)) {
    lua_pushnil(L);
    return 1;
  }
  cert = sk_X509_value(certs, n);
  /* Increment the reference counting of the object. */
  /* See SSL_get_peer_certificate() source code.     */
  X509_up_ref(cert);
  lsec_pushx509(L, cert);
  return 1;
 }
 /**
 * Return the chain of certificate of the peer.
 */
 static int meth_getpeerchain(lua_State *L)
 {
  int i;
  int idx = 1;
  int n_certs;
  X509 *cert;
  STACK_OF(X509) *certs;
  p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
  if (ssl->state != LSEC_STATE_CONNECTED) {
    lua_pushnil(L);
    lua_pushstring(L, "closed");
    return 2;
  }
  lua_newtable(L);
  if (SSL_is_server(ssl->ssl)) {
    lsec_pushx509(L, SSL_get_peer_certificate(ssl->ssl));
    lua_rawseti(L, -2, idx++);
  }
  certs = SSL_get_peer_cert_chain(ssl->ssl);
  n_certs = sk_X509_num(certs);
  for (i = 0; i < n_certs; i++) {
    cert = sk_X509_value(certs, i);
    /* Increment the reference counting of the object. */
    /* See SSL_get_peer_certificate() source code.     */
    X509_up_ref(cert);
    lsec_pushx509(L, cert);
    lua_rawseti(L, -2, idx++);
  }
  return 1;
 }
 /**
 * Copy the table src to the table dst.
 */
 static void copy_error_table(lua_State *L, int src, int dst)
 {
  lua_pushnil(L); 
  while (lua_next(L, src) != 0) {
    if (lua_istable(L, -1)) {
      /* Replace the table with its copy */
      lua_newtable(L);
      copy_error_table(L, dst+2, dst+3);
      lua_remove(L, dst+2);
    }
    lua_pushvalue(L, -2);
    lua_pushvalue(L, -2);
    lua_rawset(L, dst);
    /* Remove the value and leave the key */
    lua_pop(L, 1);
  }
 }
 /**
 * Return the verification state of the peer chain.
 */
 static int meth_getpeerverification(lua_State *L)
 {
  long err;
  p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
  if (ssl->state != LSEC_STATE_CONNECTED) {
    lua_pushboolean(L, 0);
    lua_pushstring(L, "closed");
    return 2;
  }
  err = SSL_get_verify_result(ssl->ssl);
  if (err == X509_V_OK) {
    lua_pushboolean(L, 1);
    return 1;
  }
  luaL_getmetatable(L, "SSL:Verify:Registry");
  lua_pushlightuserdata(L, (void*)ssl->ssl);
  lua_gettable(L, -2);
  if (lua_isnil(L, -1))
    lua_pushstring(L, X509_verify_cert_error_string(err));
  else {
    /* Copy the table of errors to avoid modifications */
    lua_newtable(L);
    copy_error_table(L, lua_gettop(L)-1, lua_gettop(L));
  }
  lua_pushboolean(L, 0);
  lua_pushvalue(L, -2);
  return 2;
 }
 /**
 * Get the latest "Finished" message sent out.
 */
 static int meth_getfinished(lua_State *L)
 {
  size_t len = 0;
  char *buffer = NULL;
  p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
  if (ssl->state != LSEC_STATE_CONNECTED) {
    lua_pushnil(L);
    lua_pushstring(L, "closed");
    return 2;
  }
  if ((len = SSL_get_finished(ssl->ssl, NULL, 0)) == 0)
    return 0;
  buffer = (char*)malloc(len);
  if (!buffer) {
    lua_pushnil(L);
    lua_pushstring(L, "out of memory");
    return 2;
  }
  SSL_get_finished(ssl->ssl, buffer, len);
  lua_pushlstring(L, buffer, len);
  free(buffer);
  return 1;
 }
 /**
 * Gets the latest "Finished" message received.
 */
 static int meth_getpeerfinished(lua_State *L)
 {
  size_t len = 0;
  char *buffer = NULL;
  p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
  if (ssl->state != LSEC_STATE_CONNECTED) {
    lua_pushnil(L);
    lua_pushstring(L, "closed");
    return 0;
  }
  if ((len = SSL_get_peer_finished(ssl->ssl, NULL, 0)) == 0)
    return 0;
  buffer = (char*)malloc(len);
  if (!buffer) {
    lua_pushnil(L);
    lua_pushstring(L, "out of memory");
    return 2;
  }
  SSL_get_peer_finished(ssl->ssl, buffer, len);
  lua_pushlstring(L, buffer, len);
  free(buffer);
  return 1;
 }
 /**
 * Object information -- tostring metamethod
 */
 static int meth_tostring(lua_State *L)
 {
  p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
-  lua_pushlightuserdata(L, (void*)ssl->ssl);
+  lua_pushfstring(L, "SSL connection: %p%s", ssl,
    ssl->state == LSEC_STATE_CLOSED ? " (closed)" : "");
  return 1;
 }
 /**
 * Add a method in the SSL metatable.
 */
 static int meth_setmethod(lua_State *L)
 {
  luaL_getmetatable(L, "SSL:Connection");
  lua_pushstring(L, "__index");
  lua_gettable(L, -2);
  lua_pushvalue(L, 1);
  lua_pushvalue(L, 2);
  lua_settable(L, -3);
  return 0;
 }
 /**
 * Return information about the connection.
 */
 static int meth_info(lua_State *L)
 {
  int bits = 0;
  int algbits = 0;
  char buf[256] = {0};
  const SSL_CIPHER *cipher;
  p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
  cipher = SSL_get_current_cipher(ssl->ssl);
  if (!cipher)
    return 0;
  SSL_CIPHER_description(cipher, buf, sizeof(buf));
  bits = SSL_CIPHER_get_bits(cipher, &algbits);
  lua_pushstring(L, buf);
  lua_pushnumber(L, bits);
  lua_pushnumber(L, algbits);
  lua_pushstring(L, SSL_get_version(ssl->ssl));
  return 4;
 }
 static int sni_cb(SSL *ssl, int *ad, void *arg)
 {
  int strict;
  SSL_CTX *newctx = NULL;
  SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
  lua_State *L = ((p_context)SSL_CTX_get_app_data(ctx))->L;
  const char *name = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
  /* No name, use default context */
  if (!name)
    return SSL_TLSEXT_ERR_NOACK;
  /* Retrieve struct from registry */
  luaL_getmetatable(L, "SSL:SNI:Registry");
  lua_pushlightuserdata(L, (void*)ssl);
  lua_gettable(L, -2);
  /* Strict search? */
  lua_pushstring(L, "strict");
  lua_gettable(L, -2);
  strict = lua_toboolean(L, -1);
  lua_pop(L, 1);
  /* Search for the name in the map */
  lua_pushstring(L, "map");
  lua_gettable(L, -2);
  lua_pushstring(L, name);
  lua_gettable(L, -2);
  if (lua_isuserdata(L, -1))
    newctx = lsec_checkcontext(L, -1);
  lua_pop(L, 4);
  /* Found, use this context */
  if (newctx) {
    SSL_set_SSL_CTX(ssl, newctx);
    return SSL_TLSEXT_ERR_OK;
  }
  /* Not found, but use initial context */
  if (!strict)
    return SSL_TLSEXT_ERR_OK;
  return SSL_TLSEXT_ERR_ALERT_FATAL;
 }
 static int meth_sni(lua_State *L)
 {
  int strict;
  SSL_CTX *aux;
  const char *name;
  p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
  SSL_CTX *ctx = SSL_get_SSL_CTX(ssl->ssl);
  p_context pctx = (p_context)SSL_CTX_get_app_data(ctx);
  if (pctx->mode == LSEC_MODE_CLIENT) {
    name = luaL_checkstring(L, 2);
    SSL_set_tlsext_host_name(ssl->ssl, name);
    return 0;
  } else if (pctx->mode == LSEC_MODE_SERVER) {
    luaL_checktype(L, 2, LUA_TTABLE);
    strict = lua_toboolean(L, 3);
    /* Check if the table contains only (string -> context) */
    lua_pushnil(L);
    while (lua_next(L, 2)) {
      luaL_checkstring(L, -2);
      aux = lsec_checkcontext(L, -1);
      /* Set callback in every context */
      SSL_CTX_set_tlsext_servername_callback(aux, sni_cb);
      /* leave the next key on the stack */
      lua_pop(L, 1);
    }
    /* Save table in the register */
    luaL_getmetatable(L, "SSL:SNI:Registry");
    lua_pushlightuserdata(L, (void*)ssl->ssl);
    lua_newtable(L);
    lua_pushstring(L, "map");
    lua_pushvalue(L, 2);
    lua_settable(L, -3);
    lua_pushstring(L, "strict");
    lua_pushboolean(L, strict);
    lua_settable(L, -3);
    lua_settable(L, -3);
    /* Set callback in the default context */
    SSL_CTX_set_tlsext_servername_callback(ctx, sni_cb);
  }
  return 0;
 }
 static int meth_getsniname(lua_State *L)
 {
  p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
  const char *name = SSL_get_servername(ssl->ssl, TLSEXT_NAMETYPE_host_name);
  if (name)
    lua_pushstring(L, name);
  else
    lua_pushnil(L);
  return 1;
 }
 static int meth_copyright(lua_State *L)
 {
  lua_pushstring(L, "LuaSec 0.7.2 - Copyright (C) 2006-2019 Bruno Silvestre, UFG"
 #if defined(WITH_LUASOCKET)
                    "\nLuaSocket 3.0-RC1 - Copyright (C) 2004-2013 Diego Nehab"
 #endif
  );
  return 1;
 }
 /*---------------------------------------------------------------------------*/
 /**
 * SSL methods 
 */
 static luaL_Reg methods[] = {
  {"close",               meth_close},
  {"getfd",               meth_getfd},
  {"getfinished",         meth_getfinished},
  {"getpeercertificate",  meth_getpeercertificate},
  {"getpeerchain",        meth_getpeerchain},
  {"getpeerverification", meth_getpeerverification},
  {"getpeerfinished",     meth_getpeerfinished},
  {"getsniname",          meth_getsniname},
  {"getstats",            meth_getstats},
  {"setstats",            meth_setstats},
  {"dirty",               meth_dirty},
  {"dohandshake",         meth_handshake},
  {"receive",             meth_receive},
  {"send",                meth_send},
  {"settimeout",          meth_settimeout},
  {"sni",                 meth_sni},
  {"want",                meth_want},
  {NULL,                  NULL}
 };
 /**
- * SSL metamethods 
+ * SSL metamethods.
 */
 static luaL_Reg meta[] = {
-  {"close",       meth_close},
+  {"__gc",       meth_destroy},
-  {"getfd",       meth_getfd},
+  {"__tostring", meth_tostring},
-  {"dirty",       meth_dirty},
+  {NULL, NULL}
-  {"dohandshake", meth_handshake},
+};
-  {"receive",     meth_receive},
+
-  {"send",        meth_send},
+/**
-  {"settimeout",  meth_settimeout},
+ * SSL functions. 
-  {"want",        meth_want},
+ */
 static luaL_Reg funcs[] = {
  {"compression", meth_compression},
  {"create",      meth_create},
  {"info",        meth_info},
  {"setfd",       meth_setfd},
  {"setmethod",   meth_setmethod},
  {"copyright",   meth_copyright},
  {NULL,          NULL}
 };
 /**
- * SSL functions 
+ * Initialize modules.
 */
-static luaL_Reg funcs[] = {
+LSEC_API int luaopen_ssl_core(lua_State *L)
  {"create",        meth_create},
  {"setfd",         meth_setfd},
  {"rawconnection", meth_rawconn},
  {NULL,            NULL}
 };
 /**
 * Initialize modules
 */
 LUASEC_API int luaopen_ssl_core(lua_State *L)
 {
  /* Initialize SSL */
  if (!SSL_library_init()) {
    lua_pushstring(L, "unable to initialize SSL library");
    lua_error(L);
  }
  OpenSSL_add_all_algorithms();
  SSL_load_error_strings();
 #if defined(WITH_LUASOCKET)
  /* Initialize internal library */
  socket_open();
-   
+#endif
  /* Registre the functions and tables */
  luaL_newmetatable(L, "SSL:Connection");
  lua_newtable(L);
  luaL_register(L, NULL, meta);
  lua_setfield(L, -2, "__index");
  lua_pushcfunction(L, meth_destroy);
  lua_setfield(L, -2, "__gc");
-  luaL_register(L, "ssl.core", funcs);
+  luaL_newmetatable(L, "SSL:SNI:Registry");
  /* Register the functions and tables */
  luaL_newmetatable(L, "SSL:Connection");
  setfuncs(L, meta);
  luaL_newlib(L, methods);
  lua_setfield(L, -2, "__index");
  luaL_newlib(L, funcs);
  lua_pushstring(L, "SOCKET_INVALID");
  lua_pushnumber(L, SOCKET_INVALID);
-  lua_setfield(L, -2, "invalidfd");
+  lua_rawset(L, -3);
  return 1;
 }
 //------------------------------------------------------------------------------
 #if defined(_MSC_VER)
 /* Empty implementation to allow building with LuaRocks and MS compilers */
 LSEC_API int luaopen_ssl(lua_State *L) {
  lua_pushstring(L, "you should not call this function");
  lua_error(L);
  return 0;
 }
 #endif
--- a/src/ssl.h
+++ b/src/ssl.h
@ -1,26 +1,29 @@
-#ifndef __SSL_H__
+#ifndef LSEC_SSL_H
-#define __SSL_H__
+#define LSEC_SSL_H
 /*--------------------------------------------------------------------------
- * LuaSec 0.3.1
+ * LuaSec 0.7.2
- * Copyright (C) 2006-2009 Bruno Silvestre
+ *
 * Copyright (C) 2006-2019 Bruno Silvestre
 *
 *--------------------------------------------------------------------------*/
 #include <openssl/ssl.h>
 #include <lua.h>
-#include "io.h"
+#include <luasocket/io.h>
-#include "buffer.h"
+#include <luasocket/buffer.h>
-#include "timeout.h"
+#include <luasocket/timeout.h>
 #include <luasocket/socket.h>
-#ifndef LUASEC_API
+#include "compat.h"
-#define LUASEC_API extern
+#include "context.h"
 #endif
-#define ST_SSL_NEW       1
+#define LSEC_STATE_NEW       1
-#define ST_SSL_CONNECTED 2
+#define LSEC_STATE_CONNECTED 2
-#define ST_SSL_CLOSED    3
+#define LSEC_STATE_CLOSED    3
 #define LSEC_IO_SSL          -100
 typedef struct t_ssl_ {
  t_socket sock;
@ -28,11 +31,11 @@ typedef struct t_ssl_ {
  t_buffer buf;
  t_timeout tm;
  SSL *ssl;
-  char state;
+  int state;
  int error;
 } t_ssl;
 typedef t_ssl* p_ssl;
-LUASEC_API int luaopen_ssl_core(lua_State *L);
+LSEC_API int luaopen_ssl_core(lua_State *L);
 #endif
--- a/src/ssl.lua
+++ b/src/ssl.lua
@ -1,22 +1,20 @@
 ------------------------------------------------------------------------------
-- LuaSec 0.3.1
+-- LuaSec 0.7.2
-- Copyright (C) 2006-2008 Bruno Silvestre
+--
 -- Copyright (C) 2006-2019 Bruno Silvestre
 --
 ------------------------------------------------------------------------------
-module("ssl", package.seeall)
+local core    = require("ssl.core")
 local context = require("ssl.context")
 local x509    = require("ssl.x509")
 local config  = require("ssl.config")
-require("ssl.core")
+local unpack  = table.unpack or unpack
 require("ssl.context")
-
+-- We must prevent the contexts to be collected before the connections,
-_VERSION   = "0.3.1"
+-- otherwise the C registry will be cleared.
-_COPYRIGHT = "LuaSec 0.3.1 - Copyright (C) 2006-2009 Bruno Silvestre\n" .. 
+local registry = setmetatable({}, {__mode="k"})
             "LuaSocket 2.0.2 - Copyright (C) 2004-2007 Diego Nehab"
 -- Export functions
 rawconnection = core.rawconnection
 rawcontext    = context.rawcontext
 --
 --
@ -35,7 +33,7 @@ end
 --
 --
 --
-function newcontext(cfg)
+local function newcontext(cfg)
   local succ, msg, ctx
   -- Create the context
   ctx, msg = context.create(cfg.protocol)
@ -45,19 +43,34 @@ function newcontext(cfg)
   if not succ then return nil, msg end
   -- Load the key
   if cfg.key then
      if cfg.password and
         type(cfg.password) ~= "function" and
         type(cfg.password) ~= "string"
      then
         return nil, "invalid password type"
      end
      succ, msg = context.loadkey(ctx, cfg.key, cfg.password)
      if not succ then return nil, msg end
   end
   -- Load the certificate
   if cfg.certificate then
-      succ, msg = context.loadcert(ctx, cfg.certificate)
+     succ, msg = context.loadcert(ctx, cfg.certificate)
-      if not succ then return nil, msg end
+     if not succ then return nil, msg end
     if cfg.key and context.checkkey then
       succ = context.checkkey(ctx)
       if not succ then return nil, "private key does not match public key" end
     end
   end
   -- Load the CA certificates
   if cfg.cafile or cfg.capath then
      succ, msg = context.locations(ctx, cfg.cafile, cfg.capath)
      if not succ then return nil, msg end
   end
   -- Set SSL ciphers
   if cfg.ciphers then
      succ, msg = context.setcipher(ctx, cfg.ciphers)
      if not succ then return nil, msg end
   end
   -- Set the verification options
   succ, msg = optexec(context.setverify, cfg.verify, ctx)
   if not succ then return nil, msg end
@ -69,13 +82,44 @@ function newcontext(cfg)
      succ, msg = context.setdepth(ctx, cfg.depth)
      if not succ then return nil, msg end
   end
   -- NOTE: Setting DH parameters and elliptic curves needs to come after
   -- setoptions(), in case the user has specified the single_{dh,ecdh}_use
   -- options.
   -- Set DH parameters
   if cfg.dhparam then
      if type(cfg.dhparam) ~= "function" then
         return nil, "invalid DH parameter type"
      end
      context.setdhparam(ctx, cfg.dhparam)
   end
   -- Set elliptic curves
   if (not config.algorithms.ec) and (cfg.curve or cfg.curveslist) then
     return false, "elliptic curves not supported"
   end
   if config.capabilities.curves_list and cfg.curveslist then
     succ, msg = context.setcurveslist(ctx, cfg.curveslist)
     if not succ then return nil, msg end
   elseif cfg.curve then
     succ, msg = context.setcurve(ctx, cfg.curve)
     if not succ then return nil, msg end
   end
   -- Set extra verification options
   if cfg.verifyext and ctx.setverifyext then
      succ, msg = optexec(ctx.setverifyext, cfg.verifyext, ctx)
      if not succ then return nil, msg end
   end
   return ctx
 end
 --
 --
 --
-function wrap(sock, cfg)
+local function wrap(sock, cfg)
   local ctx, msg
   if type(cfg) == "table" then
      ctx, msg = newcontext(cfg)
@ -86,8 +130,61 @@ function wrap(sock, cfg)
   local s, msg = core.create(ctx)
   if s then
      core.setfd(s, sock:getfd())
-      sock:setfd(core.invalidfd)
+      sock:setfd(core.SOCKET_INVALID)
      registry[s] = ctx
      return s
   end
   return nil, msg 
 end
 --
 -- Extract connection information.
 --
 local function info(ssl, field)
  local str, comp, err, protocol
  comp, err = core.compression(ssl)
  if err then
    return comp, err
  end
  -- Avoid parser
  if field == "compression" then
    return comp
  end
  local info = {compression = comp}
  str, info.bits, info.algbits, protocol = core.info(ssl)
  if str then
    info.cipher, info.protocol, info.key,
    info.authentication, info.encryption, info.mac =
        string.match(str, 
          "^(%S+)%s+(%S+)%s+Kx=(%S+)%s+Au=(%S+)%s+Enc=(%S+)%s+Mac=(%S+)")
    info.export = (string.match(str, "%sexport%s*$") ~= nil)
  end
  if protocol then
    info.protocol = protocol
  end
  if field then
    return info[field]
  end
  -- Empty?
  return ( (next(info)) and info )
 end
 --
 -- Set method for SSL connections.
 --
 core.setmethod("info", info)
 --------------------------------------------------------------------------------
 -- Export module
 --
 local _M = {
  _VERSION        = "0.7.2",
  _COPYRIGHT      = core.copyright(),
  config          = config,
  loadcertificate = x509.load,
  newcontext      = newcontext,
  wrap            = wrap,
 }
 return _M
--- a/src/usocket.c
+++ b/src/usocket.c
@ -1,137 +0,0 @@
 /*=========================================================================*\
 * LuaSocket 2.0.2
 * Copyright (C) 2004-2007 Diego Nehab
 *
 * Socket compatibilization module for Unix
 *
 * The code is now interrupt-safe.
 * The penalty of calling select to avoid busy-wait is only paid when
 * the I/O call fail in the first place. 
 *
 * RCS ID: $Id: usocket.c,v 1.38 2007/10/13 23:55:20 diego Exp $
 \*=========================================================================*/
 #include <errno.h>
 #include <sys/types.h>
 #include <sys/time.h>
 #include <sys/socket.h>
 #include <string.h> 
 #include <signal.h>
 #include <unistd.h>
 #include <fcntl.h>
 #include "socket.h"
 #include "usocket.h"
 /*-------------------------------------------------------------------------*\
 * Wait for readable/writable/connected socket with timeout
 \*-------------------------------------------------------------------------*/
 #ifdef SOCKET_POLL
 int socket_waitfd(p_socket ps, int sw, p_timeout tm) {
    int ret;
    struct pollfd pfd;
    pfd.fd = *ps;
    pfd.events = sw;
    pfd.revents = 0;
    if (timeout_iszero(tm)) return IO_TIMEOUT;  /* optimize timeout == 0 case */
    do {
        int t = (int)(timeout_getretry(tm)*1e3);
        ret = poll(&pfd, 1, t >= 0? t: -1);
    } while (ret == -1 && errno == EINTR);
    if (ret == -1) return errno;
    if (ret == 0) return IO_TIMEOUT;
    if (sw == WAITFD_C && (pfd.revents & (POLLIN|POLLERR))) return IO_CLOSED;
    return IO_DONE;
 }
 #else
 int socket_waitfd(p_socket ps, int sw, p_timeout tm) {
    int ret;
    fd_set rfds, wfds, *rp, *wp;
    struct timeval tv, *tp;
    double t;
    if (timeout_iszero(tm)) return IO_TIMEOUT;  /* optimize timeout == 0 case */
    do {
        /* must set bits within loop, because select may have modifed them */
        rp = wp = NULL;
        if (sw & WAITFD_R) { FD_ZERO(&rfds); FD_SET(*ps, &rfds); rp = &rfds; }
        if (sw & WAITFD_W) { FD_ZERO(&wfds); FD_SET(*ps, &wfds); wp = &wfds; }
        t = timeout_getretry(tm);
        tp = NULL;
        if (t >= 0.0) {
            tv.tv_sec = (int)t;
            tv.tv_usec = (int)((t-tv.tv_sec)*1.0e6);
            tp = &tv;
        }
        ret = select(*ps+1, rp, wp, NULL, tp);
    } while (ret == -1 && errno == EINTR);
    if (ret == -1) return errno;
    if (ret == 0) return IO_TIMEOUT;
    if (sw == WAITFD_C && FD_ISSET(*ps, &rfds)) return IO_CLOSED;
    return IO_DONE;
 }
 #endif
 /*-------------------------------------------------------------------------*\
 * Initializes module 
 \*-------------------------------------------------------------------------*/
 int socket_open(void) {
    /* instals a handler to ignore sigpipe or it will crash us */
    signal(SIGPIPE, SIG_IGN);
    return 1;
 }
 /*-------------------------------------------------------------------------*\
 * Close module 
 \*-------------------------------------------------------------------------*/
 int socket_close(void) {
    return 1;
 }
 /*-------------------------------------------------------------------------*\
 * Close and inutilize socket
 \*-------------------------------------------------------------------------*/
 void socket_destroy(p_socket ps) {
    if (*ps != SOCKET_INVALID) {
        socket_setblocking(ps);
        close(*ps);
        *ps = SOCKET_INVALID;
    }
 }
 /*-------------------------------------------------------------------------*\
 * Put socket into blocking mode
 \*-------------------------------------------------------------------------*/
 void socket_setblocking(p_socket ps) {
    int flags = fcntl(*ps, F_GETFL, 0);
    flags &= (~(O_NONBLOCK));
    fcntl(*ps, F_SETFL, flags);
 }
 /*-------------------------------------------------------------------------*\
 * Put socket into non-blocking mode
 \*-------------------------------------------------------------------------*/
 void socket_setnonblocking(p_socket ps) {
    int flags = fcntl(*ps, F_GETFL, 0);
    flags |= O_NONBLOCK;
    fcntl(*ps, F_SETFL, flags);
 }
 /*-------------------------------------------------------------------------*\
 * Error translation functions
 * Make sure important error messages are standard
 \*-------------------------------------------------------------------------*/
 const char *socket_strerror(int err) {
    if (err <= 0) return io_strerror(err);
    switch (err) {
        case EADDRINUSE: return "address already in use";
        case EISCONN: return "already connected";
        case EACCES: return "permission denied";
        case ECONNREFUSED: return "connection refused";
        case ECONNABORTED: return "closed";
        case ECONNRESET: return "closed";
 	case EPIPE: return "closed";
        case ETIMEDOUT: return "timeout";
        default: return strerror(errno);
    }
 }
--- a/src/usocket.h
+++ b/src/usocket.h
@ -1,28 +0,0 @@
 #ifndef USOCKET_H
 #define USOCKET_H
 /*=========================================================================*\
 * LuaSocket 2.0.2
 * Copyright (C) 2004-2007 Diego Nehab
 *
 * Socket compatibilization module for Unix
 *
 * RCS ID: $Id: usocket.h 6 2006-04-30 20:33:05Z brunoos $
 \*=========================================================================*/
 #ifdef SOCKET_POLL
 #include <sys/poll.h>
 #define WAITFD_R        POLLIN
 #define WAITFD_W        POLLOUT
 #define WAITFD_C        (POLLIN|POLLOUT)
 #else
 #define WAITFD_R        1
 #define WAITFD_W        2
 #define WAITFD_C        (WAITFD_R|WAITFD_W)
 #endif
 typedef int t_socket;
 typedef t_socket *p_socket;
 #define SOCKET_INVALID (-1)
 #endif /* USOCKET_H */
--- a/src/wsocket.c
+++ b/src/wsocket.c
@ -1,164 +0,0 @@
 /*=========================================================================*\
 * LuaSocket 2.0.2
 * Copyright (C) 2004-2007 Diego Nehab
 *
 * Socket compatibilization module for Win32
 *
 * The penalty of calling select to avoid busy-wait is only paid when
 * the I/O call fail in the first place. 
 *
 * RCS ID: $Id: wsocket.c,v 1.36 2007/06/11 23:44:54 diego Exp $
 \*=========================================================================*/
 #include <string.h>
 #include "socket.h"
 /*-------------------------------------------------------------------------*\
 * Initializes module 
 \*-------------------------------------------------------------------------*/
 int socket_open(void) {
    WSADATA wsaData;
    WORD wVersionRequested = MAKEWORD(2, 0); 
    int err = WSAStartup(wVersionRequested, &wsaData );
    if (err != 0) return 0;
    if ((LOBYTE(wsaData.wVersion) != 2 || HIBYTE(wsaData.wVersion) != 0) &&
        (LOBYTE(wsaData.wVersion) != 1 || HIBYTE(wsaData.wVersion) != 1)) {
        WSACleanup();
        return 0; 
    }
    return 1;
 }
 /*-------------------------------------------------------------------------*\
 * Close module 
 \*-------------------------------------------------------------------------*/
 int socket_close(void) {
    WSACleanup();
    return 1;
 }
 /*-------------------------------------------------------------------------*\
 * Wait for readable/writable/connected socket with timeout
 \*-------------------------------------------------------------------------*/
 int socket_waitfd(p_socket ps, int sw, p_timeout tm) {
    int ret;
    fd_set rfds, wfds, efds, *rp = NULL, *wp = NULL, *ep = NULL;
    struct timeval tv, *tp = NULL;
    double t;
    if (timeout_iszero(tm)) return IO_TIMEOUT;  /* optimize timeout == 0 case */
    if (sw & WAITFD_R) { 
        FD_ZERO(&rfds); 
 		FD_SET(*ps, &rfds);
        rp = &rfds; 
    }
    if (sw & WAITFD_W) { FD_ZERO(&wfds); FD_SET(*ps, &wfds); wp = &wfds; }
    if (sw & WAITFD_C) { FD_ZERO(&efds); FD_SET(*ps, &efds); ep = &efds; }
    if ((t = timeout_get(tm)) >= 0.0) {
        tv.tv_sec = (int) t;
        tv.tv_usec = (int) ((t-tv.tv_sec)*1.0e6);
        tp = &tv;
    }
    ret = select(0, rp, wp, ep, tp);
    if (ret == -1) return WSAGetLastError();
    if (ret == 0) return IO_TIMEOUT;
    if (sw == WAITFD_C && FD_ISSET(*ps, &efds)) return IO_CLOSED;
    return IO_DONE;
 }
 /*-------------------------------------------------------------------------*\
 * Close and inutilize socket
 \*-------------------------------------------------------------------------*/
 void socket_destroy(p_socket ps) {
    if (*ps != SOCKET_INVALID) {
        socket_setblocking(ps); /* close can take a long time on WIN32 */
        closesocket(*ps);
        *ps = SOCKET_INVALID;
    }
 }
 /*-------------------------------------------------------------------------*\
 * Put socket into blocking mode
 \*-------------------------------------------------------------------------*/
 void socket_setblocking(p_socket ps) {
    u_long argp = 0;
    ioctlsocket(*ps, FIONBIO, &argp);
 }
 /*-------------------------------------------------------------------------*\
 * Put socket into non-blocking mode
 \*-------------------------------------------------------------------------*/
 void socket_setnonblocking(p_socket ps) {
    u_long argp = 1;
    ioctlsocket(*ps, FIONBIO, &argp);
 }
 /*-------------------------------------------------------------------------*\
 * Error translation functions
 \*-------------------------------------------------------------------------*/
 /* WinSock doesn't have a strerror... */
 static const char *wstrerror(int err) {
    switch (err) {
        case WSAEINTR: return "Interrupted function call";
        case WSAEACCES: return "Permission denied";
        case WSAEFAULT: return "Bad address";
        case WSAEINVAL: return "Invalid argument";
        case WSAEMFILE: return "Too many open files";
        case WSAEWOULDBLOCK: return "Resource temporarily unavailable";
        case WSAEINPROGRESS: return "Operation now in progress";
        case WSAEALREADY: return "Operation already in progress";
        case WSAENOTSOCK: return "Socket operation on nonsocket";
        case WSAEDESTADDRREQ: return "Destination address required";
        case WSAEMSGSIZE: return "Message too long";
        case WSAEPROTOTYPE: return "Protocol wrong type for socket";
        case WSAENOPROTOOPT: return "Bad protocol option";
        case WSAEPROTONOSUPPORT: return "Protocol not supported";
        case WSAESOCKTNOSUPPORT: return "Socket type not supported";
        case WSAEOPNOTSUPP: return "Operation not supported";
        case WSAEPFNOSUPPORT: return "Protocol family not supported";
        case WSAEAFNOSUPPORT: 
            return "Address family not supported by protocol family"; 
        case WSAEADDRINUSE: return "Address already in use";
        case WSAEADDRNOTAVAIL: return "Cannot assign requested address";
        case WSAENETDOWN: return "Network is down";
        case WSAENETUNREACH: return "Network is unreachable";
        case WSAENETRESET: return "Network dropped connection on reset";
        case WSAECONNABORTED: return "Software caused connection abort";
        case WSAECONNRESET: return "Connection reset by peer";
        case WSAENOBUFS: return "No buffer space available";
        case WSAEISCONN: return "Socket is already connected";
        case WSAENOTCONN: return "Socket is not connected";
        case WSAESHUTDOWN: return "Cannot send after socket shutdown";
        case WSAETIMEDOUT: return "Connection timed out";
        case WSAECONNREFUSED: return "Connection refused";
        case WSAEHOSTDOWN: return "Host is down";
        case WSAEHOSTUNREACH: return "No route to host";
        case WSAEPROCLIM: return "Too many processes";
        case WSASYSNOTREADY: return "Network subsystem is unavailable";
        case WSAVERNOTSUPPORTED: return "Winsock.dll version out of range";
        case WSANOTINITIALISED: 
            return "Successful WSAStartup not yet performed";
        case WSAEDISCON: return "Graceful shutdown in progress";
        case WSAHOST_NOT_FOUND: return "Host not found";
        case WSATRY_AGAIN: return "Nonauthoritative host not found";
        case WSANO_RECOVERY: return "Nonrecoverable name lookup error"; 
        case WSANO_DATA: return "Valid name, no data record of requested type";
        default: return "Unknown error";
    }
 }
 const char *socket_strerror(int err) {
    if (err <= 0) return io_strerror(err);
    switch (err) {
        case ERROR_FILE_NOT_FOUND: return "closed";
        case WSAEADDRINUSE: return "address already in use";
        case WSAECONNREFUSED: return "connection refused";
        case WSAEISCONN: return "already connected";
        case WSAEACCES: return "permission denied";
        case WSAECONNABORTED: return "closed";
        case WSAECONNRESET: return "closed";
        case WSAETIMEDOUT: return "timeout";
        default: return wstrerror(err);
    }
 }
--- a/src/x509.c
+++ b/src/x509.c
@ -0,0 +1,727 @@
 /*--------------------------------------------------------------------------
 * LuaSec 0.7.2
 *
 * Copyright (C) 2014-2019 Kim Alvefur, Paul Aurich, Tobias Markmann
 *                         Matthew Wild, Bruno Silvestre.
 *
 *--------------------------------------------------------------------------*/
 #include <stdio.h>
 #include <string.h>
 #if defined(WIN32)
 #include <ws2tcpip.h>
 #include <windows.h>
 #else
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <netinet/in.h>
 #include <arpa/inet.h>
 #endif
 #include <openssl/ssl.h>
 #include <openssl/x509v3.h>
 #include <openssl/evp.h>
 #include <openssl/err.h>
 #include <openssl/asn1.h>
 #include <openssl/bio.h>
 #include <openssl/bn.h>
 #include <lua.h>
 #include <lauxlib.h>
 #include "x509.h"
 /*
 * ASN1_STRING_data is deprecated in OpenSSL 1.1.0
 */
 #if OPENSSL_VERSION_NUMBER>=0x1010000fL && !defined(LIBRESSL_VERSION_NUMBER)
 #define LSEC_ASN1_STRING_data(x) ASN1_STRING_get0_data(x)
 #else
 #define LSEC_ASN1_STRING_data(x) ASN1_STRING_data(x)
 #endif
 static const char* hex_tab = "0123456789abcdef";
 /**
 * Push the certificate on the stack.
 */
 void lsec_pushx509(lua_State* L, X509 *cert)
 {
  p_x509 cert_obj = (p_x509)lua_newuserdata(L, sizeof(t_x509));
  cert_obj->cert = cert;
  cert_obj->encode = LSEC_AI5_STRING;
  luaL_getmetatable(L, "SSL:Certificate");
  lua_setmetatable(L, -2);
 }
 /**
 * Return the OpenSSL certificate X509.
 */
 X509* lsec_checkx509(lua_State* L, int idx)
 {
  return ((p_x509)luaL_checkudata(L, idx, "SSL:Certificate"))->cert;
 }
 /**
 * Return LuaSec certificate X509 representation.
 */
 p_x509 lsec_checkp_x509(lua_State* L, int idx)
 {
  return (p_x509)luaL_checkudata(L, idx, "SSL:Certificate");
 }
 /*---------------------------------------------------------------------------*/
 #if defined(LUASEC_INET_NTOP)
 /*
 * For WinXP (SP3), set the following preprocessor macros:
 *     LUASEC_INET_NTOP
 *     WINVER=0x0501
 *     _WIN32_WINNT=0x0501
 *     NTDDI_VERSION=0x05010300
 *
 * For IPv6 addresses, you need to add IPv6 Protocol to your interface.
 *
 */
 static const char *inet_ntop(int af, const char *src, char *dst, socklen_t size)
 {
  int addrsize;
  struct sockaddr    *addr;
  struct sockaddr_in  addr4;
  struct sockaddr_in6 addr6;
  switch (af) {
  case AF_INET:
    memset((void*)&addr4, 0, sizeof(addr4));
    addr4.sin_family = AF_INET;
    memcpy((void*)&addr4.sin_addr, src, sizeof(struct in_addr));
    addr = (struct sockaddr*)&addr4;
    addrsize = sizeof(struct sockaddr_in);
    break;
  case AF_INET6:
    memset((void*)&addr6, 0, sizeof(addr6));
    addr6.sin6_family = AF_INET6;
    memcpy((void*)&addr6.sin6_addr, src, sizeof(struct in6_addr));
    addr = (struct sockaddr*)&addr6;
    addrsize = sizeof(struct sockaddr_in6);
    break;
  default:
    return NULL;
  }
  if(getnameinfo(addr, addrsize, dst, size, NULL, 0, NI_NUMERICHOST) != 0)
    return NULL;
  return dst;
 }
 #endif
 /*---------------------------------------------------------------------------*/
 /**
 * Convert the buffer 'in' to hexadecimal.
 */
 static void to_hex(const char* in, int length, char* out)
 {
  int i;
  for (i = 0; i < length; i++) {
    out[i*2] = hex_tab[(in[i] >> 4) & 0xF];
    out[i*2+1] = hex_tab[(in[i]) & 0xF];
  }
 }
 /**
 * Converts the ASN1_OBJECT into a textual representation and put it
 * on the Lua stack.
 */
 static void push_asn1_objname(lua_State* L, ASN1_OBJECT *object, int no_name)
 {
  char buffer[256];
  int len = OBJ_obj2txt(buffer, sizeof(buffer), object, no_name);
  len = (len < sizeof(buffer)) ? len : sizeof(buffer);
  lua_pushlstring(L, buffer, len);
 }
 /**
 * Push the ASN1 string on the stack.
 */
 static void push_asn1_string(lua_State* L, ASN1_STRING *string, int encode)
 {
  int len;
  unsigned char *data;
  if (!string) {
    lua_pushnil(L);
    return;
  }
  switch (encode) {
  case LSEC_AI5_STRING:
    lua_pushlstring(L, (char*)LSEC_ASN1_STRING_data(string),
                       ASN1_STRING_length(string));
    break;
  case LSEC_UTF8_STRING:
    len = ASN1_STRING_to_UTF8(&data, string);
    if (len >= 0) {
      lua_pushlstring(L, (char*)data, len);
      OPENSSL_free(data);
    }
    else
      lua_pushnil(L);
  }
 }
 /**
 * Return a human readable time.
 */
 static int push_asn1_time(lua_State *L, ASN1_UTCTIME *tm)
 {
  char *tmp;
  long size;
  BIO *out = BIO_new(BIO_s_mem());
  ASN1_TIME_print(out, tm);
  size = BIO_get_mem_data(out, &tmp);
  lua_pushlstring(L, tmp, size);
  BIO_free(out);
  return 1;
 }
 /**
 * Return a human readable IP address.
 */
 static void push_asn1_ip(lua_State *L, ASN1_STRING *string)
 {
  int af;
  char dst[INET6_ADDRSTRLEN];
  unsigned char *ip = (unsigned char*)LSEC_ASN1_STRING_data(string);
  switch(ASN1_STRING_length(string)) {
  case 4:
    af = AF_INET;
    break;
  case 16:
    af = AF_INET6;
    break;
  default:
    lua_pushnil(L);
    return;
  }
  if(inet_ntop(af, ip, dst, INET6_ADDRSTRLEN))
    lua_pushstring(L, dst);
  else
    lua_pushnil(L);
 }
 /**
 * 
 */
 static int push_subtable(lua_State* L, int idx)
 {
  lua_pushvalue(L, -1);
  lua_gettable(L, idx-1);
  if (lua_isnil(L, -1)) {
    lua_pop(L, 1);
    lua_newtable(L);
    lua_pushvalue(L, -2);
    lua_pushvalue(L, -2);
    lua_settable(L, idx-3);
    lua_replace(L, -2); /* Replace key with table */
    return 1;
  }
  lua_replace(L, -2); /* Replace key with table */
  return 0;
 }
 /**
 * Retrieve the general names from the object.
 */
 static int push_x509_name(lua_State* L, X509_NAME *name, int encode)
 {
  int i;
  int n_entries;
  ASN1_OBJECT *object;
  X509_NAME_ENTRY *entry;
  lua_newtable(L);
  n_entries = X509_NAME_entry_count(name);
  for (i = 0; i < n_entries; i++) {
    entry = X509_NAME_get_entry(name, i);
    object = X509_NAME_ENTRY_get_object(entry);
    lua_newtable(L);
    push_asn1_objname(L, object, 1);
    lua_setfield(L, -2, "oid");
    push_asn1_objname(L, object, 0);
    lua_setfield(L, -2, "name");
    push_asn1_string(L, X509_NAME_ENTRY_get_data(entry), encode);
    lua_setfield(L, -2, "value");
    lua_rawseti(L, -2, i+1);
  }
  return 1;
 }
 /*---------------------------------------------------------------------------*/
 /**
 * Retrieve the Subject from the certificate.
 */
 static int meth_subject(lua_State* L)
 {
  p_x509 px = lsec_checkp_x509(L, 1);
  return push_x509_name(L, X509_get_subject_name(px->cert), px->encode);
 }
 /**
 * Retrieve the Issuer from the certificate.
 */
 static int meth_issuer(lua_State* L)
 {
  p_x509 px = lsec_checkp_x509(L, 1);
  return push_x509_name(L, X509_get_issuer_name(px->cert), px->encode);
 }
 /**
 * Retrieve the extensions from the certificate.
 */
 int meth_extensions(lua_State* L)
 {
  int j;
  int i = -1;
  int n_general_names;
  OTHERNAME *otherName;
  X509_EXTENSION *extension;
  GENERAL_NAME *general_name;
  STACK_OF(GENERAL_NAME) *values;
  p_x509 px  = lsec_checkp_x509(L, 1);
  X509 *peer = px->cert;
  /* Return (ret) */
  lua_newtable(L);
  while ((i = X509_get_ext_by_NID(peer, NID_subject_alt_name, i)) != -1) {
    extension = X509_get_ext(peer, i);
    if (extension == NULL)
      break;
    values = X509V3_EXT_d2i(extension);
    if (values == NULL)
      break;
    /* Push ret[oid] */
    push_asn1_objname(L, X509_EXTENSION_get_object(extension), 1);
    push_subtable(L, -2);
    /* Set ret[oid].name = name */
    push_asn1_objname(L, X509_EXTENSION_get_object(extension), 0);
    lua_setfield(L, -2, "name");
    n_general_names = sk_GENERAL_NAME_num(values);
    for (j = 0; j < n_general_names; j++) {
      general_name = sk_GENERAL_NAME_value(values, j);
      switch (general_name->type) {
      case GEN_OTHERNAME:
        otherName = general_name->d.otherName;
        push_asn1_objname(L, otherName->type_id, 1);
        if (push_subtable(L, -2)) {
          push_asn1_objname(L, otherName->type_id, 0);
          lua_setfield(L, -2, "name");
        }
        push_asn1_string(L, otherName->value->value.asn1_string, px->encode);
        lua_rawseti(L, -2, lua_rawlen(L, -2) + 1);
        lua_pop(L, 1);
        break;
      case GEN_DNS:
        lua_pushstring(L, "dNSName");
        push_subtable(L, -2);
        push_asn1_string(L, general_name->d.dNSName, px->encode);
        lua_rawseti(L, -2, lua_rawlen(L, -2) + 1);
        lua_pop(L, 1);
        break;
      case GEN_EMAIL:
        lua_pushstring(L, "rfc822Name");
        push_subtable(L, -2);
        push_asn1_string(L, general_name->d.rfc822Name, px->encode);
        lua_rawseti(L, -2, lua_rawlen(L, -2) + 1);
        lua_pop(L, 1);
        break;
      case GEN_URI:
        lua_pushstring(L, "uniformResourceIdentifier");
        push_subtable(L, -2);
        push_asn1_string(L, general_name->d.uniformResourceIdentifier, px->encode);
        lua_rawseti(L, -2, lua_rawlen(L, -2)+1);
        lua_pop(L, 1);
        break;
      case GEN_IPADD:
        lua_pushstring(L, "iPAddress");
        push_subtable(L, -2);
        push_asn1_ip(L, general_name->d.iPAddress);
        lua_rawseti(L, -2, lua_rawlen(L, -2)+1);
        lua_pop(L, 1);
        break;
      case GEN_X400:
        /* x400Address   */
        /* not supported */
        break;
      case GEN_DIRNAME:
        /* directoryName */
        /* not supported */
        break;
      case GEN_EDIPARTY:
        /* ediPartyName */
        /* not supported */
        break;
      case GEN_RID:
        /* registeredID  */
        /* not supported */
        break;
      }
      GENERAL_NAME_free(general_name);
    }
    sk_GENERAL_NAME_free(values);
    lua_pop(L, 1); /* ret[oid] */
    i++;           /* Next extension */
  }
  return 1;
 }
 /**
 * Convert the certificate to PEM format.
 */
 static int meth_pem(lua_State* L)
 {
  char* data;
  long bytes;
  X509* cert = lsec_checkx509(L, 1);
  BIO *bio = BIO_new(BIO_s_mem());
  if (!PEM_write_bio_X509(bio, cert)) {
    lua_pushnil(L);
    return 1;
  }
  bytes = BIO_get_mem_data(bio, &data);
  if (bytes > 0)
    lua_pushlstring(L, data, bytes);
  else
    lua_pushnil(L);
  BIO_free(bio);
  return 1;
 }
 /**
 * Extract public key in PEM format.
 */
 static int meth_pubkey(lua_State* L)
 {
  char* data;
  long bytes;
  int ret = 1;
  X509* cert = lsec_checkx509(L, 1);
  BIO *bio = BIO_new(BIO_s_mem());
  EVP_PKEY *pkey = X509_get_pubkey(cert);
  if(PEM_write_bio_PUBKEY(bio, pkey)) {
    bytes = BIO_get_mem_data(bio, &data);
    if (bytes > 0) {
      lua_pushlstring(L, data, bytes);
      switch(EVP_PKEY_base_id(pkey)) {
        case EVP_PKEY_RSA:
          lua_pushstring(L, "RSA");
          break;
        case EVP_PKEY_DSA:
          lua_pushstring(L, "DSA");
          break;
        case EVP_PKEY_DH:
          lua_pushstring(L, "DH");
          break;
        case EVP_PKEY_EC:
          lua_pushstring(L, "EC");
          break;
        default:
          lua_pushstring(L, "Unknown");
          break;
      }
      lua_pushinteger(L, EVP_PKEY_bits(pkey));
      ret = 3;
    }
    else
      lua_pushnil(L);
  }
  else
    lua_pushnil(L);
  /* Cleanup */
  BIO_free(bio);
  EVP_PKEY_free(pkey);
  return ret;
 }
 /**
 * Compute the fingerprint.
 */
 static int meth_digest(lua_State* L)
 {
  unsigned int bytes;
  const EVP_MD *digest = NULL;
  unsigned char buffer[EVP_MAX_MD_SIZE];
  char hex_buffer[EVP_MAX_MD_SIZE*2];
  X509 *cert = lsec_checkx509(L, 1);
  const char *str = luaL_optstring(L, 2, NULL);
  if (!str)
    digest = EVP_sha1();
  else {
    if (!strcmp(str, "sha1"))
      digest = EVP_sha1();
    else if (!strcmp(str, "sha256"))
      digest = EVP_sha256();
    else if (!strcmp(str, "sha512"))
      digest = EVP_sha512();
  }
  if (!digest) {
    lua_pushnil(L);
    lua_pushfstring(L, "digest algorithm not supported (%s)", str);
    return 2;
  }
  if (!X509_digest(cert, digest, buffer, &bytes)) {
    lua_pushnil(L);
    lua_pushfstring(L, "error processing the certificate (%s)",
      ERR_reason_error_string(ERR_get_error()));
    return 2;
  }
  to_hex((char*)buffer, bytes, hex_buffer);
  lua_pushlstring(L, hex_buffer, bytes*2);
  return 1;
 }
 /**
 * Check if the certificate is valid in a given time.
 */
 static int meth_valid_at(lua_State* L)
 {
  X509* cert = lsec_checkx509(L, 1);
  time_t time = luaL_checkinteger(L, 2);
  lua_pushboolean(L, (X509_cmp_time(X509_get_notAfter(cert), &time)     >= 0
                      && X509_cmp_time(X509_get_notBefore(cert), &time) <= 0));
  return 1;
 }
 /**
 * Return the serial number.
 */
 static int meth_serial(lua_State *L)
 {
  char *tmp;
  BIGNUM *bn;
  ASN1_INTEGER *serial;
  X509* cert = lsec_checkx509(L, 1);
  serial = X509_get_serialNumber(cert);
  bn = ASN1_INTEGER_to_BN(serial, NULL);
  tmp = BN_bn2hex(bn);
  lua_pushstring(L, tmp);
  BN_free(bn);
  OPENSSL_free(tmp);
  return 1;
 }
 /**
 * Return not before date.
 */
 static int meth_notbefore(lua_State *L)
 {
  X509* cert = lsec_checkx509(L, 1);
  return push_asn1_time(L, X509_get_notBefore(cert));
 }
 /**
 * Return not after date.
 */
 static int meth_notafter(lua_State *L)
 {
  X509* cert = lsec_checkx509(L, 1);
  return push_asn1_time(L, X509_get_notAfter(cert));
 }
 /**
 * Check if this certificate issued some other certificate
 */
 static int meth_issued(lua_State* L)
 {
  int ret, i, len;
  X509_STORE_CTX* ctx = NULL;
  X509_STORE* root = NULL;
  STACK_OF(X509)* chain = NULL;
  X509* issuer = lsec_checkx509(L, 1);
  X509* subject = lsec_checkx509(L, 2);
  X509* cert = NULL;
  len = lua_gettop(L);
  /* Check that all arguments are certificates */
  for (i = 3; i <= len; i++) {
    lsec_checkx509(L, i);
  }
  /* Before allocating things that require freeing afterwards */
  chain = sk_X509_new_null();
  ctx = X509_STORE_CTX_new();
  root = X509_STORE_new();
  if (ctx == NULL || root == NULL) {
    lua_pushnil(L);
    lua_pushstring(L, "X509_STORE_new() or X509_STORE_CTX_new() error");
    ret = 2;
    goto cleanup;
  }
  ret = X509_STORE_add_cert(root, issuer);
  if(!ret) {
    lua_pushnil(L);
    lua_pushstring(L, "X509_STORE_add_cert() error");
    ret = 2;
    goto cleanup;
  }
  for (i = 3; i <= len && lua_isuserdata(L, i); i++) {
    cert = lsec_checkx509(L, i);
    sk_X509_push(chain, cert);
  }
  ret = X509_STORE_CTX_init(ctx, root, subject, chain);
  if(!ret) {
    lua_pushnil(L);
    lua_pushstring(L, "X509_STORE_CTX_init() error");
    ret = 2;
    goto cleanup;
  }
  /* Actual verification */
  if (X509_verify_cert(ctx) <= 0) {
    ret = X509_STORE_CTX_get_error(ctx);
    lua_pushnil(L);
    lua_pushstring(L, X509_verify_cert_error_string(ret));
    ret = 2;
  } else {
    lua_pushboolean(L, 1);
    ret = 1;
  }
 cleanup:
  if (ctx != NULL) {
    X509_STORE_CTX_free(ctx);
  }
  if (chain != NULL) {
    X509_STORE_free(root);
  }
  sk_X509_free(chain);
  return ret;
 }
 /**
 * Collect X509 objects.
 */
 static int meth_destroy(lua_State* L)
 {
  X509_free(lsec_checkx509(L, 1));
  return 0;
 }
 static int meth_tostring(lua_State *L)
 {
  X509* cert = lsec_checkx509(L, 1);
  lua_pushfstring(L, "X509 certificate: %p", cert);
  return 1;
 }
 /**
 * Set the encode for ASN.1 string.
 */
 static int meth_set_encode(lua_State* L)
 {
  int succ = 0;
  p_x509 px = lsec_checkp_x509(L, 1);
  const char *enc = luaL_checkstring(L, 2);
  if (strncmp(enc, "ai5", 3) == 0) {
    succ = 1;
    px->encode = LSEC_AI5_STRING;
  } else if (strncmp(enc, "utf8", 4) == 0) {
    succ = 1;
    px->encode = LSEC_UTF8_STRING;
  }
  lua_pushboolean(L, succ);
  return 1;
 }
 /*---------------------------------------------------------------------------*/
 static int load_cert(lua_State* L)
 {
  X509 *cert;
  size_t bytes;
  const char* data;
  BIO *bio = BIO_new(BIO_s_mem());
  data = luaL_checklstring(L, 1, &bytes);
  BIO_write(bio, data, bytes);
  cert = PEM_read_bio_X509(bio, NULL, NULL, NULL);
  if (cert)
    lsec_pushx509(L, cert);
  else
    lua_pushnil(L);
  BIO_free(bio);
  return 1;
 }
 /*---------------------------------------------------------------------------*/
 /**
 * Certificate methods.
 */
 static luaL_Reg methods[] = {
  {"digest",     meth_digest},
  {"setencode",  meth_set_encode},
  {"extensions", meth_extensions},
  {"issuer",     meth_issuer},
  {"notbefore",  meth_notbefore},
  {"notafter",   meth_notafter},
  {"issued",     meth_issued},
  {"pem",        meth_pem},
  {"pubkey",     meth_pubkey},
  {"serial",     meth_serial},
  {"subject",    meth_subject},
  {"validat",    meth_valid_at},
  {NULL,         NULL}
 };
 /**
 * X509 metamethods.
 */
 static luaL_Reg meta[] = {
  {"__gc",       meth_destroy},
  {"__tostring", meth_tostring},
  {NULL, NULL}
 };
 /**
 * X509 functions.
 */
 static luaL_Reg funcs[] = {
  {"load", load_cert},
  {NULL,   NULL}
 };
 /*--------------------------------------------------------------------------*/
 LSEC_API int luaopen_ssl_x509(lua_State *L)
 {
  /* Register the functions and tables */
  luaL_newmetatable(L, "SSL:Certificate");
  setfuncs(L, meta);
  luaL_newlib(L, methods);
  lua_setfield(L, -2, "__index");
  luaL_newlib(L, funcs);
  return 1;
 }
--- a/src/x509.h
+++ b/src/x509.h
@ -0,0 +1,31 @@
 /*--------------------------------------------------------------------------
 * LuaSec 0.7.2
 *
 * Copyright (C) 2014-2019 Kim Alvefur, Paul Aurich, Tobias Markmann
 *                         Matthew Wild, Bruno Silvestre.
 *
 *--------------------------------------------------------------------------*/
 #ifndef LSEC_X509_H
 #define LSEC_X509_H
 #include <openssl/x509v3.h>
 #include <lua.h>
 #include "compat.h"
 /* We do not support UniversalString nor BMPString as ASN.1 String types */
 enum { LSEC_AI5_STRING, LSEC_UTF8_STRING };
 typedef struct t_x509_ {
  X509 *cert;
  int  encode;
 } t_x509;
 typedef t_x509* p_x509;
 void  lsec_pushx509(lua_State* L, X509* cert);
 X509* lsec_checkx509(lua_State* L, int idx);
 LSEC_API int luaopen_ssl_x509(lua_State *L);
 #endif
Author	SHA1	Message	Date
Bruno Silvestre	3a5a3f6959	Release LuaSec 0.7.2	2019-10-10 08:33:01 -03:00
Bruno Silvestre	3c1af04dfa	Fix unexported 'ssl.config' table (#149 ) Avoid duplicating variable 'ssl_options'.	2019-10-10 08:27:22 -03:00
Bruno Silvestre	866e55f1ee	Update version number: 0.7 -> 0.7.1	2019-08-16 10:01:43 -03:00
Bruno Silvestre	8dafea410f	Fix memory leak	2019-08-16 09:48:53 -03:00
Bruno Silvestre	de63f21f63	Change version number to 0.7	2018-06-27 10:36:26 -03:00
Bruno Silvestre	fbbaa866c3	Missing defines in rockspec	2017-12-21 12:33:47 -02:00
Bruno Silvestre	bd87aafaaf	Using https instead of git protocol	2017-10-28 10:44:51 -02:00
Bruno Silvestre	be3c6d67e0	Make luaL_testudata() compat function visible for all files	2017-10-28 09:53:28 -02:00
Bruno Silvestre	2f562e1399	Put an error check back	2017-10-28 09:31:40 -02:00
Bruno Silvestre	7934e58b4b	Merge pull request #99 from daurnimator/luaossl-integration Allow passing a luaossl context for socket creation/wrapping	2017-10-28 09:23:07 -02:00
Bruno Silvestre	3a8d6e71c4	Removing some VC files	2017-10-11 20:42:54 -03:00
Bruno Silvestre	3d170e9f9d	Add new source files to VC project, new libs name	2017-10-11 20:29:15 -03:00
Bruno Silvestre	ea6a65de84	Rockspec for LuaSec 0.7alpha	2017-09-26 18:24:16 -03:00
Bruno Silvestre	0d01b53461	Version number to 0.7alpha	2017-09-26 18:22:49 -03:00
Bruno Silvestre	8762441cd2	Add popular aliases for commonly used curves	2017-09-26 17:43:00 -03:00
Bruno Silvestre	60f02f7701	LuaJIT 2.1.0 added luaL_newlib() as extension	2017-09-26 17:39:32 -03:00
Bruno Silvestre	fe1fb0b350	Adding 'curveslist' parameter LuaSec will try to set 'curveslist' parameter first. If the parameter is not present or not supported, LuaSec will try 'curve' parameter.	2017-08-04 17:00:12 -03:00
Bruno Silvestre	db42a5084a	Export configuration (protocols, options, curves, algorithms, capabilities)	2017-06-16 22:53:59 -03:00
Bruno Silvestre	0b99832ec7	Export configuration (protocols, options, curves, algorithms, capabilities)	2017-06-16 22:50:27 -03:00
Bruno Silvestre	fc757e1fd0	Discover curves dynamically	2017-06-16 21:03:10 -03:00
daurnimator	64f11f515d	Add example of luaossl integration Based on 'info' sample	2017-04-04 13:07:48 +10:00
daurnimator	e90a264c93	Allow passing luaossl objects to meth_create()	2017-04-04 13:06:12 +10:00
Bruno Silvestre	5299803bef	Merge pull request #77 from kekstee/master Make CC and LD configurable	2017-03-31 15:11:17 -03:00
Bruno Silvestre	9c41eaf09a	Merge pull request #74 from ka7/spelling spelling fixes, as seen on lintian.debian.org	2017-03-31 14:50:19 -03:00
Bruno Silvestre	31b7a4744b	Merge pull request #63 from gleydsonsoares/tweak-OPENSSL_NO_COMP simplify OPENSSL_NO_COMP guard	2017-03-31 14:48:19 -03:00
Bruno Silvestre	d9e7c5d466	Merge pull request #92 from robert-scheck/utf8 Convert CHANGELOG from ISO-8859-1 to UTF-8	2017-03-31 14:46:22 -03:00
Bruno Silvestre	6b82fa6104	LuaRocks workaround	2017-03-31 14:40:09 -03:00
Bruno Silvestre	9f6d623ccb	proper socket invalidation #70	2017-03-31 14:32:35 -03:00
Bruno Silvestre	67a2133e7d	Merge pull request #47 from wmark/curve-negotiation Add TLS curve negotiation. (closes #42)	2017-03-31 14:14:54 -03:00
W-Mark Kubacki	622ef3d6a6	Enable curve negotiation with #ifdef SSL_CTX_set1_curves_list One of currently three definitions in the wild that indicate support for SSL_CTX_set1_curves_list().	2017-02-26 00:16:25 +01:00
Mark Kubacki	231563682a	Add support for the new curve selection API. Signed-off-by: W-Mark Kubacki <wmark@hurrikane.de>	2017-02-26 00:16:24 +01:00
Robert Scheck	3ec117667d	Convert CHANGELOG from ISO-8859-1 to UTF-8	2017-02-18 13:26:40 +01:00
Bruno Silvestre	98f8872743	Merge pull request #89 from greatwolf/sni_host Fix for sni host issue #88 and #44. Thanks to @TomasB	2016-12-22 16:21:40 -02:00
Greatwolf	77b88e0b0d	Fix for sni host issue #88 and #44 . Thanks to @TomasB	2016-12-15 16:46:59 -08:00
Bruno Silvestre	4889830d53	Compatibility with OpenSSL 1.1.0 Defining macros X509_up_ref() and SSL_is_server to use the same API of OpenSSL 1.1.0.	2016-09-14 17:47:09 -03:00
Bruno Silvestre	80a527d630	Use EVP_PKEY_base_id() to recover the key's type	2016-09-13 13:30:44 -03:00
Bruno Silvestre	53db804b9d	Use X509_EXTENSION_get_object() to get the 'object' field from extension	2016-09-13 13:22:25 -03:00
Bruno Silvestre	22e6652d88	ASN1_STRING_data() is deprecated in OpenSSL 1.1.0 ASN1_STRING_get0_data() must be used instead.	2016-09-13 13:09:18 -03:00
Alexander Scheuermann	6bb007b75f	Make CC and LD configurable	2016-08-13 23:24:11 +02:00
Bruno Silvestre	3cfdb878dd	Merge pull request #76 from msva/patch-1 Return of DESTDIR support	2016-08-03 15:10:06 -03:00
Bruno Silvestre	4101af103e	Return the number of data read and remove a useless line.	2016-08-03 14:56:07 -03:00
Bruno Silvestre	9efa963e35	Merge pull request #73 from perry-clarke/master Fix crash after dohandshake() fails (need some adjusts yet)	2016-08-03 14:53:53 -03:00
Vadim A. Misbakh-Soloviov	4aa9ec3b60	Return of DESTDIR support	2016-07-24 02:01:21 +07:00
klemens	d45c03a1ad	spelling fixes, as seen on lintian.debian.org	2016-07-11 21:57:50 +02:00
Perry Clarke	0f4eaf06e4	Merge pull request #1 from perry-clarke/perry-clarke-patch-1 Fix crash related to incorrect buffer size	2016-05-03 16:45:06 -07:00
Perry Clarke	5a98bb6adb	Fix crash related to incorrect buffer size The number of bytes received by ssl_recv() is being passed to luaL_addlstring() (in recvall()) but it was being left either uninitialized or being set to an error code. The crashing case I found was when the state was not LSEC_STATE_CONNECTED (e.g. when dohandshake() has failed) and ssl_recv() returned immediately without setting "got".	2016-05-03 16:37:47 -07:00
Bruno Silvestre	20443861eb	Update version number and rock file.	2016-03-03 16:11:46 -03:00
Bruno Silvestre	f09ce9fb44	Changelog	2016-02-16 10:49:19 -02:00
Bruno Silvestre	3b5f4b0dc1	Options from OpenSSL 1.0.2f	2016-02-16 10:48:19 -02:00
Bruno Silvestre	407ff6133c	Use "any" protocol, but SSL.	2016-02-16 09:35:47 -02:00
Bruno Silvestre	72e159149b	Merge pull request #20 from Zash/zash/checkissued Method for checking if one certificate issued another	2016-02-16 09:34:31 -02:00
Bruno Silvestre	2c0497e39a	Merge pull request #68 from ignacio/master Enables building with LuaRocks and MS compilers	2016-02-01 17:06:57 -02:00
Ignacio Burgueño	8eb48c2d8b	Enables building with LuaRocks and MS compilers A patch is added to the rockspec to fix an issue in the interaction between LuaRocks and Microsoft compilers. LuaRocks build backend assumes the library being built will allways export a symbol called "luaopen_<library name>". This is not the case with LuaSec so it fails to link. The patch just adds an empty implementation of that, so it will properly link.	2016-01-31 15:35:19 -03:00
Gleydson	27fbd70424	tweak OPENSSL_NO_COMP	2015-11-20 13:22:00 -03:00
Bruno Silvestre	73a2c4ceda	Merge pull request #56 from gleydsonsoares/Makefile-tweaks Makefile tweaks	2015-11-19 12:39:51 -02:00
Bruno Silvestre	6a7a6f7f67	Keep 'sslv23' for compability, but deprected. (it will be removed in the next version)	2015-11-19 12:33:06 -02:00
Bruno Silvestre	8be458ff8a	Merge pull request #62 from gleydsonsoares/update_protocol_samples add TLS_method / rename "sslv23" to "any" / update protocol samples.	2015-11-19 12:18:49 -02:00
Gleydson Soares	5561ddfa3c	update protocol samples(bring "tlsv1_2" to clients and "any" to servers)	2015-11-17 20:39:05 -03:00
Gleydson Soares	63f7d46d00	for consistency and readability, rename "sslv23" to "any" since that it is related to {TLS, SSLv23}methods that handles all supported protocols.	2015-11-17 20:05:06 -03:00
Gleydson Soares	ef28f7d20d	add TLS_method(). for now, keep SSLv23_method() for compatibility.	2015-11-17 19:36:58 -03:00
Bruno Silvestre	64faf6322e	Update samples (using 'tlsv1').	2015-11-12 19:04:37 -02:00
Bruno Silvestre	49ea6b8ba6	Merge pull request #55 from gleydsonsoares/ifndef-OPENSSL_NO_SSL3 guard SSLv3_method() with #ifndef OPENSSL_NO_SSL3	2015-11-12 18:47:56 -02:00
Bruno Silvestre	96401bdf67	Add lsec_testcontext().	2015-10-28 00:05:30 -02:00
Gleydson Soares	e9393e9891	bump MACOSX_VERSION	2015-10-15 08:19:29 -03:00
Gleydson Soares	bf1de60f00	fix typo; s,intall,install,	2015-10-15 08:19:29 -03:00
Gleydson Soares	67f0867277	guard SSLv3_method() with #ifndef OPENSSL_NO_SSL3	2015-10-12 08:35:35 -03:00
Bruno Silvestre	9340ce0916	Set flags to compile with internal inet_ntop() by default.	2015-08-28 19:21:50 -03:00
Bruno Silvestre	9514c751fa	Tag "alpha" explicit.	2015-08-28 16:30:26 -03:00
Bruno Silvestre	3f751d786b	MinGW progress.	2015-08-28 16:13:44 -03:00
Bruno Silvestre	a89903535b	Merge pull request #53 from hishamhm/master Rename 0.6a to 0.6alpha	2015-08-25 13:40:45 -03:00
Hisham Muhammad	008590ad28	Reuse tag in the LuaSec upstream repository. For merge simplicity.	2015-08-25 13:29:27 -03:00
Hisham Muhammad	4dd953e6f1	Rename 0.6 to 0.6alpha. For the LuaRocks versioning algorithm, 0.6a > 0.6, but 0.6alpha < 0.6. It recognizes "alpha" < "beta" < "rc", but other letter suffixes are recognized as greater than numbers (e.g. 1.0k > 1.0g > 1.0).	2015-08-25 13:28:41 -03:00
Bruno Silvestre	f17bee5371	Description.	2015-08-21 11:31:51 -03:00
Bruno Silvestre	d1fb889547	Version number -> 0.6 alpha	2015-08-21 11:21:16 -03:00
Bruno Silvestre	24e5ec13f3	Merge pull request #46 from olesalscheider/master Do not hardcode ar	2015-08-03 20:37:00 -03:00
Bruno Silvestre	0bdc3f1f32	Merge pull request #26 from Tieske/master Update rockspec to fix Windows build	2015-08-03 20:30:29 -03:00
Bruno Silvestre	8e9910cb15	Format.	2015-08-01 01:14:16 -03:00
Bruno Silvestre	2c2c9cf16f	Alternative implementation to inet_ntop() for old versions of Windows.	2015-08-01 01:07:04 -03:00
Niels Ole Salscheider	580d9b7ed8	Do not hardcode ar On Exherbo, ar is prefixed by the target triple.	2015-05-23 19:51:58 +02:00
Bruno Silvestre	dd9688cf12	Merge pull request #39 from Tieske/win-certs added batch files to generate sample certs on Windows	2015-04-17 09:51:35 -03:00
Thijs Schreijer	7c02208590	added batch files to generate sample certs on Windows	2015-04-03 23:51:16 +02:00
Kim Alvefur	4e59c719df	Perform all validation before allocating structures Check that all arguments are certificates before allocating OpenSSL structures that require cleanup afterwards. API of issued() changes (again) to root:issued(cert, [chain]*)	2015-03-31 17:48:44 +02:00
Kim Alvefur	aa0c7ea1e5	Validate signatures too. API changes to root:issued([intermediate]*, cert)	2015-03-20 16:36:05 +01:00
Bruno Silvestre	3862e76df9	Fix inet_ntop() on Windows.	2015-03-12 17:05:53 -03:00
Thijs Schreijer	9e93748671	Merge branch 'master' of https://github.com/brunoos/luasec	2015-03-08 16:24:44 +01:00
Thijs Schreijer	148a56f26c	Merge branch 'moteus_rock'	2015-03-02 13:26:20 +01:00
Thijs Schreijer	9183cb724f	added bindir to lib section, as mingw links against dll's to be found in bindir	2015-03-02 13:25:49 +01:00
Thijs Schreijer	b6327b95b4	updated defines in rockspec	2015-03-02 11:43:40 +01:00
Thijs Schreijer	a334f11abf	Merge branch 'master' of github.com:Tieske/luasec into moteus_rock Conflicts: luasec-0.5-3.rockspec	2015-03-02 11:37:51 +01:00
Thijs Schreijer	932465c66a	gitignore build artifacts	2015-03-02 11:33:37 +01:00
Thijs Schreijer	474b105087	use winsock 2	2015-03-02 11:21:48 +01:00
Thijs Schreijer	65da178ca3	alternative rockspec	2015-03-02 11:11:25 +01:00
Bruno Silvestre	1ab6fac919	Don't set globals from C.	2015-02-12 16:32:54 -02:00
Bruno Silvestre	91d378a86e	Fix unpack().	2015-02-12 16:29:02 -02:00
Bruno Silvestre	356e03a64d	Stop using module().	2015-02-06 18:07:29 -02:00
Bruno Silvestre	97b1974039	Change to luaL_newlib().	2015-02-06 17:44:08 -02:00
Bruno Silvestre	9cb5220759	Remove luaL_optint() and luaL_checkint().	2015-02-06 16:53:34 -02:00
Bruno Silvestre	acbf575420	BSD headers.	2015-01-28 16:38:00 -02:00
Bruno Silvestre	a9b81b1c10	Merge pull request #21 from Zash/zash/iPAddress-fix iPAddress encoding	2015-01-28 16:24:02 -02:00
Bruno Silvestre	ab42d4ec86	Stop if we don't have a string.	2015-01-28 16:19:19 -02:00
Bruno Silvestre	12e1b1f1d9	Merge pull request #30 from lluixhi/master Fix for LibreSSL/OPENSSL_NO_COMP	2015-01-28 15:07:07 -02:00
Lluixhi Scura	5240c02f3d	Changed for strict compiles.	2015-01-16 09:12:14 -08:00
Lluixhi Scura	4c7339cace	Fix for LibreSSL/OPENSSL_NO_COMP	2015-01-16 08:55:22 -08:00
Bruno Silvestre	f514e9fb1b	Problem on Win64, since double does not represent SOCKET_INVALID exactly.	2014-09-10 14:41:09 -03:00
Bruno Silvestre	84cb83b92f	- Add a parameter to server:sni(), so that we can accept an unknown name, using the initial context. - Add the method :getsniname() to retrieve the SNI hostname used.	2014-09-09 21:48:26 -03:00
Thijs Schreijer	0c58a8f9b8	Updated (and renamed) rockspec Windows Added several missing entries for the windows platform	2014-08-24 09:21:27 +02:00
Thijs Schreijer	3770f928d8	Create luasec-scm-1.rockspec	2014-08-23 11:26:01 +02:00
Kim Alvefur	f13aee5dac	Encode iPAddress fields in human readable form	2014-06-08 13:20:47 +02:00
Kim Alvefur	b83d2c6a91	Don't try to encode IP addresses as UTF-8	2014-06-08 12:47:58 +02:00
Kim Alvefur	c276e9ff60	Return early if ASN1 string is invalid	2014-06-08 12:41:20 +02:00
Kim Alvefur	1ade1542d7	Push nil if unable to encode ASN1 string as UTF-8	2014-06-08 12:38:52 +02:00
Kim Alvefur	97e836696b	Return human readable error message from cert:issued()	2014-04-22 01:17:34 +02:00
Bruno Silvestre	903efaf3b1	SNI support.	2014-04-21 13:20:17 -03:00
Bruno Silvestre	cc2fb8ee75	SNI support.	2014-04-21 13:18:20 -03:00
brunoos	77637e9d3c	Merge pull request #17 from Zash/zash/checkkey Verify that certificate and key belong together	2014-04-21 13:07:38 -03:00
brunoos	a481015217	Merge pull request #19 from Zash/zash/pubkey Zash/pubkey	2014-04-21 11:52:40 -03:00
Kim Alvefur	11eaec6520	Add cert:pubkey() to methods registry	2014-04-19 23:11:32 +02:00
Kim Alvefur	d2c87d71f7	Add cert:issued(leafcert) for checking chains	2014-04-19 22:58:28 +02:00
Bruno Silvestre	8fd31f3ad2	Wrong type.	2014-04-18 22:50:40 -03:00
Kim Alvefur	55d45f0542	Check if private key matches cert only if both key and cert are set	2014-02-05 16:51:30 +01:00
Kim Alvefur	8e5bcefbb6	Check that certificate matches private key	2014-02-05 01:48:58 +01:00
Kim Alvefur	eb8cb33160	Add method for extracting public key, type and size from x509 objects	2014-02-05 01:39:30 +01:00
Bruno Silvestre	21aefcf67d	Version number -> 0.5.	2014-01-29 18:43:33 -02:00
Bruno Silvestre	89375f495a	Examples update.	2014-01-29 17:47:27 -02:00
Bruno Silvestre	46d6078e82	Merge branch 'master' of https://github.com/brunoos/luasec	2013-10-23 13:53:43 -02:00
Bruno Silvestre	ce504d3554	Add x509:setencode() function to change the encode of ASN.1 string.	2013-10-23 13:42:34 -02:00
brunoos	4a95102cc8	Merge pull request #8 from xnyhps/protocol_version Report the actual TLS version used, not the version the cipher belongs to.	2013-09-16 09:25:39 -07:00
brunoos	fe782fde14	Merge pull request #10 from darkrain42/master Various minor fixes (build on Fedora/RH, memory leaks)	2013-09-16 09:17:58 -07:00
Paul Aurich	1d920fc13c	context: Don't leak DH* in dhparam_cb ==1429== 336 (144 direct, 192 indirect) bytes in 1 blocks are definitely lost in loss record 567 of 611 ... ==1429== by 0x5ECCBC7: PEM_ASN1_read_bio (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0) ==1429== by 0x4E39D8F: dhparam_cb (context.c:184) ==1429== by 0x5B679D3: ??? (in /lib/x86_64-linux-gnu/libssl.so.1.0.0) ==1429== by 0x5B6A6EE: ??? (in /lib/x86_64-linux-gnu/libssl.so.1.0.0) ==1429== by 0x4E3C00D: meth_handshake (ssl.c:103) ...	2013-09-11 21:55:25 -07:00
Paul Aurich	0dab860770	context: Link SSL_CTX to p_context (not lua_State) This is needed because the p_context is going to cache DH (and eventually EC_KEY) objects, to plug a leak in the dhparam callback.	2013-09-11 21:55:25 -07:00
Paul Aurich	8cf7eb2d78	context: for dhparam_cb, pass is_export as boolean The integer value that's actually returned for this flag is 2, which is fine for C (it is defined as true), but it's sufficiently surprising (because it's not 1), that this is worth fixing -- even if export ciphers aren't common. It should be a boolean anyway.	2013-09-11 21:55:25 -07:00
Paul Aurich	9c7c96f2a0	Add useful context to various error messages	2013-09-11 21:55:25 -07:00
Paul Aurich	9262f9e7de	ssl.lua: Comment subtle DH/ECDH ordering caveat	2013-09-11 21:55:25 -07:00
Paul Aurich	3fb33cdc4e	context: Don't leak EC_KEY in set_curve() SSL_CTX_set_tmp_ecdh() takes a reference to the provided key. ==8323== 1,044 (56 direct, 988 indirect) bytes in 1 blocks are definitely lost in loss record 611 of 631 ==8323== at 0x4C2935B: malloc (vg_replace_malloc.c:270) ==8323== by 0x5E05D9F: CRYPTO_malloc (mem.c:308) ==8323== by 0x5E59859: EC_KEY_new (ec_key.c:75) ==8323== by 0x5E59974: EC_KEY_new_by_curve_name (ec_key.c:96) ==8323== by 0x4E395A7: set_curve (context.c:261) ...	2013-09-11 21:55:25 -07:00
Paul Aurich	a344f58b20	context: Wrap find_ec_key in #ifndef OPENSSL_NO_ECDH "#ifndef OPENSSL_NO_ECDH" is a ridiculous conditional, by the way.	2013-09-11 21:55:25 -07:00
Thijs Alkemade	1a75704ff0	Report the actual TLS version used, not the version the cipher belongs to.	2013-09-08 15:00:07 +02:00
Bruno Silvestre	063e8a8a5c	- using buffer from luasocket 3.0. - adding getstats() and setstats().	2013-06-20 13:03:58 -03:00
Matthew Wild	9f16c6fb11	Merge pull request #4 from darkrain42/master no_compression fix for OpenSSL 0.9.8	2013-06-13 15:04:54 -07:00
Paul Aurich	7532f3b729	context: Support explicit selection of TLS v1.1 and v1.2	2013-06-12 19:06:16 -07:00
Paul Aurich	2dae14877e	options: Remove dead code The workaround for 'no_compression' on older OpenSSL is handled in context.c; set_option_flag (which uses ssl_options) is never called, so this shouldn't exist.	2013-06-12 18:38:44 -07:00
Paul Aurich	4c5ce1b177	context: Incidental cleanup	2013-06-12 18:36:35 -07:00
Paul Aurich	9bda3322fb	context: no_compression is options, not verify The OpenSSL 0.9.8 compat needs to be handled as part of the options, not the verification flags.	2013-06-12 18:33:19 -07:00
Matthew Wild	f77fb40033	Merge pull request #3 from msva/master DESTDIR compatibility + *FLAGs/utils configurability + ld -fpic error fix + #1 fix	2013-05-15 04:02:47 -07:00
Vadim A. Misbakh-Soloviov	fceef56dce	DESTDIR compatibility + *FLAGs/utils configurability + ld -fpic error fix. Also fixes #1 Signed-off-by: Vadim A. Misbakh-Soloviov <mva@mva.name>	2013-05-14 08:13:57 +07:00
Matthew Wild	4aecd53dc1	Update README with version explanation	2013-03-30 13:12:57 +00:00
Matthew Wild	1b899afd38	Remove duplicate files (now in luasocket/)	2013-03-30 12:49:55 +00:00
Matthew Wild	77ac210283	LuaSec 20120616 (unofficial) + patches	2013-03-30 12:21:40 +00:00
Bruno Silvestre	908fc346d2	LuaSec 0.4.1	2012-09-02 11:40:59 -03:00
Bruno Silvestre	67e5176b6b	LuaSec 0.4	2012-09-02 11:32:26 -03:00
Bruno Silvestre	29c6bd65d2	LuaSec 0.3.3	2012-09-02 11:31:22 -03:00
Bruno Silvestre	d28c5e4f9e	LuaSec 0.3.2	2012-09-02 11:30:04 -03:00