Update version number.

typo: intall -> install.
update MacOSX version -> 10.11.
2025-07-16 22:09:45 +02:00 · 2015-11-20 19:39:32 -02:00 · 2015-11-20 19:20:07 -02:00 · 2015-11-20 19:16:16 -02:00 · 2015-11-20 19:12:19 -02:00 · 2015-11-20 18:54:57 -02:00
50 changed files with 241 additions and 847 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +0,0 @@
-/src/*.o
-/src/luasocket/*.o
-/*.dll
--- a/36
+++ b/36
@ -1,36 +1,10 @@
 --------------------------------------------------------------------------------
-LuaSec 0.6
+LuaSec 0.5.1
 ------------
-LuaSec depends  on OpenSSL, and  integrates with LuaSocket to  make it
-easy to add secure connections to any Lua applications or scripts.
-
-Documentation: https://github.com/brunoos/luasec/wiki
-
-This version includes:
-
-* Lua 5.2 and 5.3 compatibility
-
-* Context module:
-  - Add ctx:checkkey()
-
-* SSL module:
-  - Add conn:sni() and conn:getsniname()
-
-* Context options:
-  - Add "any" protocol ("sslv23" is deprecated)
-
-* HTTPS module:
-  - Using "any" protocol without SSLv2/SSLv3, by default
-
-* X509 module:
-  - Human readable IP address
-  - Add cert:issued()
-  - Add cert:pubkey()
-
-* Some bug fixes
-
-
-=> Thanks to everyone who collaborate with LuaSec <=
+- Check if SSLv3 protocol is available.
+- Fix push_asn1_string().
+- Update samples to use 'sslv23' and 'tlsv1_2'.
+- Update MACOSX_VERSION to 10.11 on Makefile.

 --------------------------------------------------------------------------------
 LuaSec 0.5
--- a/4
+++ b/4
@ -1,9 +1,9 @@
-LuaSec 0.6
+LuaSec 0.5.1
 ------------

 * OpenSSL options:

-    By default, LuaSec 0.6 includes options for OpenSSL 1.0.2f.
+    By default, LuaSec 0.5.1 includes options for OpenSSL 1.0.1e.

    If you need to generate the options for a different version of OpenSSL:

--- a/2
+++ b/2
@ -1,4 +1,4 @@
-LuaSec 0.6 license
+LuaSec 0.5.1 license
 Copyright (C) 2006-2015 Bruno Silvestre, UFG

 Permission is hereby granted, free  of charge, to any person obtaining
--- a/18
+++ b/18
@ -1,22 +1,22 @@
 # Inform the location to install the modules
-LUAPATH  ?= /usr/share/lua/5.1
-LUACPATH ?= /usr/lib/lua/5.1
+LUAPATH		?= /usr/share/lua/5.1
+LUACPATH	?= /usr/lib/lua/5.1

 # Compile with build-in LuaSocket's help files.
 # Comment this lines if you will link with non-internal LuaSocket's help files
 #  and edit INCDIR and LIBDIR properly.
-EXTRA = luasocket
-DEFS  = -DWITH_LUASOCKET
+EXTRA		 = luasocket
+DEFS		 = -DWITH_LUASOCKET

 # Edit the lines below to inform new path, if necessary.
 # Path below points to internal LuaSocket's help files.
-INC_PATH ?= -I/usr/include
-LIB_PATH ?= -L/usr/lib
-INCDIR    = -I. $(INC_PATH)
-LIBDIR    = -L./luasocket $(LIB_PATH)
+INC_PATH	?= -I/usr/include
+LIB_PATH	?= -L/usr/lib
+INCDIR		 = -I. $(INC_PATH)
+LIBDIR		 = -L./luasocket $(LIB_PATH)

 # For Mac OS X: set the system version
-MACOSX_VERSION=10.11
+MACOSX_VERSION?=10.11

 #----------------------
 # Do not edit this part
--- a/README.md
+++ b/README.md
@ -1,36 +1,41 @@
-LuaSec 0.6
+LuaSec 0.5.1
+============
+- Check if SSLv3 protocol is available.
+- Fix push_asn1_string().
+- Update samples to use 'sslv23' and 'tlsv1_2'.
+- Update MACOSX_VERSION to 10.11 on Makefile.
+
+LuaSec 0.5
 ==========
+
 LuaSec depends  on OpenSSL, and  integrates with LuaSocket to  make it
 easy to add secure connections to any Lua applications or scripts.

-Documentation: https://github.com/brunoos/luasec/wiki
+This  version  includes:

-This version includes:
+  * A new certificate (X509) API, which supports:
+    - Reading  the subject  (identity) and  issuer of the certificate.
+    - Reading  various X509  extensions, including email  and dnsName.
+    - Converting  certificates  to and  from  the  standard ASCII  PEM
+      format.
+    - Generating the fingerprint/digest of a certificate  (using SHA1,
+      SHA256 or SHA512).
+    - Reading the  certificate's expiration, serial number,  and other
+      info.

-* Lua 5.2 and 5.3 compatibility
+  * The ability  to get more  detailed information from  OpenSSL about
+    why a certificate failed verification, for each certificate in the
+    chain.
  
-* Context module:
-  - Add ctx:checkkey()
+  * Flags to  force acceptance of invalid certificates,  e.g. to allow
+    the use of self-signed certificates in a Trust On First Use model.

-* SSL module:
-  - Add conn:sni() and conn:getsniname()
+  * Flags to control checking CRLs for certificate revocation status.
 
-* Context options:
-  - Add "any" protocol ("sslv23" is deprecated)
+  * Support for ECDH cipher suites.
 
-* HTTPS module:
-  - Using "any" protocol without SSLv2/SSLv3, by default
+  * An API  to get the TLS  'finished' messages used  for SASL channel
+    binding (e.g. the SCRAM PLUS mechanisms).

-* X509 module:
-  - Human readable IP address
-  - Add cert:issued()
-  - Add cert:pubkey()
-
-* Some bug fixes
-
-
-********************************************************************************
-
-PS: 10th anniversary! Thanks to everyone who collaborate with LuaSec.
-
-********************************************************************************
+The work in  this release was undertaken by  Kim Alvefur, Paul Aurich,
+Tobias Markmann, Bruno Silvestre and Matthew Wild.
--- a/luasec-0.6-1.rockspec
+++ b/luasec-0.6-1.rockspec
@ -1,114 +0,0 @@
-package = "LuaSec"
-version = "0.6-1"
-source = {
-   url = "git://github.com/brunoos/luasec.git",
-   tag = "luasec-0.6"
-}
-description = {
-   summary = "A binding for OpenSSL library to provide TLS/SSL communication over LuaSocket.",
-   detailed = "This version delegates to LuaSocket the TCP connection establishment between the client and server. Then LuaSec uses this connection to start a secure TLS/SSL session.",
-   homepage = "https://github.com/brunoos/luasec/wiki",
-   license = "MIT"
-}
-dependencies = {
-   "lua >= 5.1", "luasocket"
-}
-external_dependencies = {
-   platforms = {
-      unix = {
-         OPENSSL = {
-            header = "openssl/ssl.h",
-            library = "ssl"
-         }
-      },
-      windows = {
-         OPENSSL = {
-            header = "openssl/ssl.h",
-         }
-      },
-   }
-}
-build = {
-   type = "builtin",
-   copy_directories = {
-      "samples"
-   },
-   platforms = {
-      unix = {
-         install = {
-            lib = {
-               "ssl.so"
-            },
-            lua = {
-               "src/ssl.lua", ['ssl.https'] = "src/https.lua"
-            }
-         },
-         modules = {
-            ssl = {
-               incdirs = {
-                  "$(OPENSSL_INCDIR)", "src/", "src/luasocket",
-               },
-               libdirs = {
-                  "$(OPENSSL_LIBDIR)"
-               },
-               libraries = {
-                  "ssl", "crypto"
-               },
-               sources = {
-                  "src/x509.c", "src/context.c", "src/ssl.c", 
-                  "src/luasocket/buffer.c", "src/luasocket/io.c",
-                  "src/luasocket/timeout.c", "src/luasocket/usocket.c"
-               }
-            }
-         }
-      },
-      windows = {
-         install = {
-            lib = {
-               "ssl.dll"
-            },
-            lua = {
-               "src/ssl.lua", ['ssl.https'] = "src/https.lua"
-            }
-         },
-         modules = {
-            ssl = {
-               defines = {
-                  "WIN32", "NDEBUG", "_WINDOWS", "_USRDLL", "LSEC_EXPORTS", "BUFFER_DEBUG", "LSEC_API=__declspec(dllexport)",
-                  "LUASEC_INET_NTOP", "WINVER=0x0501", "_WIN32_WINNT=0x0501", "NTDDI_VERSION=0x05010300"
-               },
-               libdirs = {
-                  "$(OPENSSL_LIBDIR)",
-                  "$(OPENSSL_BINDIR)",
-               },
-               libraries = {
-                  "libeay32", "ssleay32", "ws2_32"
-               },
-               incdirs = {
-                  "$(OPENSSL_INCDIR)", "src/", "src/luasocket"
-               },
-               sources = {
-                  "src/x509.c", "src/context.c", "src/ssl.c", 
-                  "src/luasocket/buffer.c", "src/luasocket/io.c",
-                  "src/luasocket/timeout.c", "src/luasocket/wsocket.c"
-               }
-            }
-         },
-         patches = {
-            ["luarocks_vs_compiler.patch"] = [[
--- a/src/ssl.c.orig
-+++ b/src/ssl.c
-@@ -844,3 +844,8 @@ LSEC_API int luaopen_ssl_core(lua_State *L)
-
-   return 1;
- }
-+
-+#if defined(_MSC_VER)
-+/* Empty implementation to allow building with LuaRocks and MS compilers */
-+LSEC_API int luaopen_ssl(lua_State *L) { return 0; }
-+#endif
-]]
-         }
-      }
-   }
-}
--- a/luasec.vcxproj
+++ b/luasec.vcxproj
@ -49,7 +49,7 @@
    <ClCompile>
      <Optimization>Disabled</Optimization>
      <AdditionalIncludeDirectories>C:\devel\openssl\include;C:\devel\lua-dll9\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;_USRDLL;LUASEC_EXPORTS;LUASEC_INET_NTOP;WINVER=0x0501;_WIN32_WINNT=0x0501;NTDDI_VERSION=0x05010300;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;_USRDLL;LUASEC_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
      <MinimalRebuild>true</MinimalRebuild>
      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
--- a/samples/certs/all.bat
+++ b/samples/certs/all.bat
@ -1,14 +0,0 @@
-REM make sure the 'openssl.exe' commandline tool is in your path before starting!
-REM set the path below;
-set opensslpath=c:\program files (x86)\openssl-win32\bin
-
-
-
-setlocal
-set path=%opensslpath%;%path%
-call roota.bat
-call rootb.bat
-call servera.bat
-call serverb.bat
-call clienta.bat
-call clientb.bat
--- a/samples/certs/clientA.bat
+++ b/samples/certs/clientA.bat
@ -1,9 +0,0 @@
-rem #!/bin/sh
-
-openssl req -newkey rsa:1024 -sha1 -keyout clientAkey.pem -out clientAreq.pem -nodes -config ./clientA.cnf -days 365 -batch
-
-openssl x509 -req -in clientAreq.pem -sha1 -extfile ./clientA.cnf -extensions usr_cert -CA rootA.pem -CAkey rootAkey.pem -CAcreateserial -out clientAcert.pem -days 365
-
-copy clientAcert.pem + rootA.pem clientA.pem
-
-openssl x509 -subject -issuer -noout -in clientA.pem
--- a/samples/certs/clientB.bat
+++ b/samples/certs/clientB.bat
@ -1,9 +0,0 @@
-rem #!/bin/sh
-
-openssl req -newkey rsa:1024 -sha1 -keyout clientBkey.pem -out clientBreq.pem -nodes -config ./clientB.cnf -days 365 -batch
-
-openssl x509 -req -in clientBreq.pem -sha1 -extfile ./clientB.cnf -extensions usr_cert -CA rootB.pem -CAkey rootBkey.pem -CAcreateserial -out clientBcert.pem -days 365
-
-copy clientBcert.pem + rootB.pem clientB.pem
-
-openssl x509 -subject -issuer -noout -in clientB.pem
--- a/samples/certs/rootA.bat
+++ b/samples/certs/rootA.bat
@ -1,7 +0,0 @@
-REM #!/bin/sh
-
-openssl req -newkey rsa:1024 -sha1 -keyout rootAkey.pem -out rootAreq.pem -nodes -config ./rootA.cnf -days 365 -batch
-
-openssl x509 -req -in rootAreq.pem -sha1 -extfile ./rootA.cnf -extensions v3_ca -signkey rootAkey.pem -out rootA.pem -days 365
-
-openssl x509 -subject -issuer -noout -in rootA.pem
--- a/samples/certs/rootB.bat
+++ b/samples/certs/rootB.bat
@ -1,7 +0,0 @@
-rem #!/bin/sh
-
-openssl req -newkey rsa:1024 -sha1 -keyout rootBkey.pem -out rootBreq.pem -nodes -config ./rootB.cnf -days 365 -batch
-
-openssl x509 -req -in rootBreq.pem -sha1 -extfile ./rootB.cnf -extensions v3_ca -signkey rootBkey.pem -out rootB.pem -days 365
-
-openssl x509 -subject -issuer -noout -in rootB.pem
--- a/samples/certs/serverA.bat
+++ b/samples/certs/serverA.bat
@ -1,9 +0,0 @@
-rem #!/bin/sh
-
-openssl req -newkey rsa:1024 -keyout serverAkey.pem -out serverAreq.pem -config ./serverA.cnf -nodes -days 365 -batch
-
-openssl x509 -req -in serverAreq.pem -sha1 -extfile ./serverA.cnf -extensions usr_cert -CA rootA.pem -CAkey rootAkey.pem -CAcreateserial -out serverAcert.pem -days 365
-
-copy serverAcert.pem + rootA.pem serverA.pem
-
-openssl x509 -subject -issuer -noout -in serverA.pem
--- a/samples/certs/serverB.bat
+++ b/samples/certs/serverB.bat
@ -1,9 +0,0 @@
-rem #!/bin/sh
-
-openssl req -newkey rsa:1024 -keyout serverBkey.pem -out serverBreq.pem -config ./serverB.cnf -nodes -days 365 -batch
-
-openssl x509 -req -in serverBreq.pem -sha1 -extfile ./serverB.cnf -extensions usr_cert -CA rootB.pem -CAkey rootBkey.pem -CAcreateserial -out serverBcert.pem -days 365
-
-copy serverBcert.pem + rootB.pem serverB.pem
-
-openssl x509 -subject -issuer -noout -in serverB.pem
--- a/samples/chain/server.lua
+++ b/samples/chain/server.lua
@ -7,7 +7,7 @@ local util   = require("util")

 local params = {
   mode = "server",
-   protocol = "any",
+   protocol = "sslv23",
   key = "../certs/serverAkey.pem",
   certificate = "../certs/serverA.pem",
   cafile = "../certs/rootA.pem",
--- a/samples/dhparam/server.lua
+++ b/samples/dhparam/server.lua
@ -31,7 +31,7 @@ end

 local params = {
   mode = "server",
-   protocol = "any",
+   protocol = "sslv23",
   key = "../certs/serverAkey.pem",
   certificate = "../certs/serverA.pem",
   cafile = "../certs/rootA.pem",
--- a/samples/digest/server.lua
+++ b/samples/digest/server.lua
@ -6,7 +6,7 @@ local ssl    = require("ssl")

 local params = {
   mode = "server",
-   protocol = "any",
+   protocol = "sslv23",
   key = "../certs/serverAkey.pem",
   certificate = "../certs/serverA.pem",
   cafile = "../certs/rootA.pem",
--- a/samples/ecdh/server.lua
+++ b/samples/ecdh/server.lua
@ -6,7 +6,7 @@ local ssl    = require("ssl")

 local params = {
   mode = "server",
-   protocol = "any",
+   protocol = "sslv23",
   key = "../certs/serverAkey.pem",
   certificate = "../certs/serverA.pem",
   cafile = "../certs/rootA.pem",
--- a/samples/info/server.lua
+++ b/samples/info/server.lua
@ -6,7 +6,7 @@ local ssl    = require("ssl")

 local params = {
   mode = "server",
-   protocol = "any",
+   protocol = "sslv23",
   key = "../certs/serverAkey.pem",
   certificate = "../certs/serverA.pem",
   cafile = "../certs/rootA.pem",
--- a/samples/key/loadkey.lua
+++ b/samples/key/loadkey.lua
@ -5,7 +5,7 @@ local ssl = require("ssl")

 local pass = "foobar"
 local cfg = {
-  protocol = "tlsv1",
+  protocol = "tlsv1_2",
  mode = "client",
  key = "key.pem",
 }
--- a/samples/loop-gc/server.lua
+++ b/samples/loop-gc/server.lua
@ -6,7 +6,7 @@ local ssl    = require("ssl")

 local params = {
   mode = "server",
-   protocol = "any",
+   protocol = "sslv23",
   key = "../certs/serverAkey.pem",
   certificate = "../certs/serverA.pem",
   cafile = "../certs/rootA.pem",
--- a/samples/loop/server.lua
+++ b/samples/loop/server.lua
@ -6,7 +6,7 @@ local ssl    = require("ssl")

 local params = {
   mode = "server",
-   protocol = "any",
+   protocol = "sslv23",
   key = "../certs/serverAkey.pem",
   certificate = "../certs/serverA.pem",
   cafile = "../certs/rootA.pem",
--- a/samples/oneshot/server.lua
+++ b/samples/oneshot/server.lua
@ -6,7 +6,7 @@ local ssl    = require("ssl")

 local params = {
   mode = "server",
-   protocol = "any",
+   protocol = "sslv23",
   key = "../certs/serverAkey.pem",
   certificate = "../certs/serverA.pem",
   cafile = "../certs/rootA.pem",
--- a/samples/sni/client.lua
+++ b/samples/sni/client.lua
@ -1,35 +0,0 @@
-local socket = require("socket")
-local ssl    = require("ssl")
-
-local params = {
-  mode = "client",
-  protocol = "tlsv1_2",
-  key = "../certs/clientAkey.pem",
-  certificate = "../certs/clientA.pem",
-  cafile = "../certs/rootA.pem",
-  verify = "peer",
-  options = "all",
-}
-
-local conn = socket.tcp()
-conn:connect("127.0.0.1", 8888)
-
-- TLS/SSL initialization
-conn = ssl.wrap(conn, params)
-
-- Comment the lines to not send a name
--conn:sni("servera.br")
--conn:sni("serveraa.br")
-conn:sni("serverb.br")
-
-assert(conn:dohandshake())
--
-local cert = conn:getpeercertificate()
-for k, v in pairs(cert:subject()) do
-  for i, j in pairs(v) do
-    print(i, j)
-  end
-end
--
-print(conn:receive("*l"))
-conn:close()
--- a/samples/sni/server.lua
+++ b/samples/sni/server.lua
@ -1,52 +0,0 @@
-local socket = require("socket")
-local ssl    = require("ssl")
-
-local params01 = {
-  mode = "server",
-  protocol = "any",
-  key = "../certs/serverAkey.pem",
-  certificate = "../certs/serverA.pem",
-  cafile = "../certs/rootA.pem",
-  verify = "none",
-  options = "all",
-  ciphers = "ALL:!ADH:@STRENGTH",
-}
-
-local params02 = {
-  mode = "server",
-  protocol = "any",
-  key = "../certs/serverAAkey.pem",
-  certificate = "../certs/serverAA.pem",
-  cafile = "../certs/rootA.pem",
-  verify = "none",
-  options = "all",
-  ciphers = "ALL:!ADH:@STRENGTH",
-}
-
--
-local ctx01 = ssl.newcontext(params01)
-local ctx02 = ssl.newcontext(params02)
-
--
-local server = socket.tcp()
-server:setoption('reuseaddr', true)
-server:bind("127.0.0.1", 8888)
-server:listen()
-local conn = server:accept()
--
-
-- Default context (when client does not send a name) is ctx01
-conn = ssl.wrap(conn, ctx01)
-
-- Configure the name map
-local sni_map = {
-  ["servera.br"]  = ctx01,
-  ["serveraa.br"] = ctx02,
-}
-
-conn:sni(sni_map, true)
-
-assert(conn:dohandshake())
--
-conn:send("one line\n")
-conn:close()
--- a/samples/verification/fail-string/client.lua
+++ b/samples/verification/fail-string/client.lua
@ -6,7 +6,7 @@ local ssl    = require("ssl")

 local params = {
   mode = "client",
-   protocol = "tlsv1",
+   protocol = "tlsv1_2",
   key = "../../certs/clientBkey.pem",
   certificate = "../../certs/clientB.pem",
   cafile = "../../certs/rootB.pem",
--- a/samples/verification/fail-string/server.lua
+++ b/samples/verification/fail-string/server.lua
@ -6,7 +6,7 @@ local ssl    = require("ssl")

 local params = {
   mode = "server",
-   protocol = "tlsv1",
+   protocol = "sslv23",
   key = "../../certs/serverAkey.pem",
   certificate = "../../certs/serverA.pem",
   cafile = "../../certs/rootA.pem",
--- a/samples/verification/fail-table/client.lua
+++ b/samples/verification/fail-table/client.lua
@ -6,12 +6,12 @@ local ssl    = require("ssl")

 local params = {
   mode = "client",
-   protocol = "tlsv1",
+   protocol = "tlsv1_2",
   key = "../../certs/clientBkey.pem",
   certificate = "../../certs/clientB.pem",
   cafile = "../../certs/rootB.pem",
   verify = {"peer", "fail_if_no_peer_cert"},
-   options = "all",
+   options = "all", ,
   verifyext = "lsec_continue",
 }

--- a/samples/verification/fail-table/server.lua
+++ b/samples/verification/fail-table/server.lua
@ -6,7 +6,7 @@ local ssl    = require("ssl")

 local params = {
   mode = "server",
-   protocol = "tlsv1",
+   protocol = "sslv23",
   key = "../../certs/serverAkey.pem",
   certificate = "../../certs/serverA.pem",
   cafile = "../../certs/rootA.pem",
--- a/samples/verification/success/client.lua
+++ b/samples/verification/success/client.lua
@ -6,7 +6,7 @@ local ssl    = require("ssl")

 local params = {
   mode = "client",
-   protocol = "tlsv1",
+   protocol = "tlsv1_2",
   key = "../../certs/clientAkey.pem",
   certificate = "../../certs/clientA.pem",
   cafile = "../../certs/rootA.pem",
--- a/samples/verification/success/server.lua
+++ b/samples/verification/success/server.lua
@ -6,7 +6,7 @@ local ssl    = require("ssl")

 local params = {
   mode = "server",
-   protocol = "tlsv1",
+   protocol = "sslv23",
   key = "../../certs/serverAkey.pem",
   certificate = "../../certs/serverA.pem",
   cafile = "../../certs/rootA.pem",
--- a/samples/verify/server.lua
+++ b/samples/verify/server.lua
@ -6,7 +6,7 @@ local ssl    = require("ssl")

 local params = {
   mode = "server",
-   protocol = "any",
+   protocol = "sslv23",
   key = "../certs/serverAkey.pem",
   certificate = "../certs/serverA.pem",
   cafile = "../certs/rootA.pem",
--- a/samples/want/server.lua
+++ b/samples/want/server.lua
@ -6,7 +6,7 @@ local ssl    = require("ssl")

 local params = {
   mode = "server",
-   protocol = "any",
+   protocol = "sslv23",
   key = "../certs/serverAkey.pem",
   certificate = "../certs/serverA.pem",
   cafile = "../certs/rootA.pem",
--- a/samples/wantread/server.lua
+++ b/samples/wantread/server.lua
@ -8,7 +8,7 @@ local ssl    = require("ssl")

 local params = {
   mode = "server",
-   protocol = "any",
+   protocol = "sslv23",
   key = "../certs/serverAkey.pem",
   certificate = "../certs/serverA.pem",
   cafile = "../certs/rootA.pem",
--- a/samples/wantwrite/server.lua
+++ b/samples/wantwrite/server.lua
@ -8,7 +8,7 @@ print("Use Ctrl+S and Ctrl+Q to suspend and resume the server.")

 local params = {
   mode = "server",
-   protocol = "any",
+   protocol = "sslv23",
   key = "../certs/serverAkey.pem",
   certificate = "../certs/serverA.pem",
   cafile = "../certs/rootA.pem",
--- a/src/Makefile
+++ b/src/Makefile
@ -20,21 +20,22 @@ MAC_ENV=env MACOSX_DEPLOYMENT_TARGET='$(MACVER)'
 MAC_CFLAGS=-O2 -fno-common $(WARN) $(INCDIR) $(DEFS)
 MAC_LDFLAGS=-bundle -undefined dynamic_lookup $(LIBDIR)

-INSTALL  = install
-CC       = cc
-LD       = $(MYENV) cc
-CFLAGS  += $(MYCFLAGS)
-LDFLAGS += $(MYLDFLAGS)
+INSTALL	?= install
+CC	?= cc
+LD	?= $(MYENV) cc
+CFLAGS	+= $(MYCFLAGS)
+LDFLAGS	+= $(MYLDFLAGS)
+DESTDIR	?= /

 .PHONY: all clean install none linux bsd macosx luasocket

 all:

 install: $(CMOD) $(LMOD)
-	$(INSTALL) -d $(LUAPATH)/ssl $(LUACPATH)
-	$(INSTALL) $(CMOD) $(LUACPATH)
-	$(INSTALL) -m644 $(LMOD) $(LUAPATH)
-	$(INSTALL) -m644 https.lua $(LUAPATH)/ssl
+	$(INSTALL) -d $(DESTDIR)$(LUAPATH)/ssl $(DESTDIR)$(LUACPATH)
+	$(INSTALL) -D $(CMOD) $(DESTDIR)$(LUACPATH)
+	$(INSTALL) -m644 -D $(LMOD) $(DESTDIR)$(LUAPATH)
+	$(INSTALL) -m644 -D https.lua $(DESTDIR)$(LUAPATH)/ssl

 linux:
 	@$(MAKE) $(CMOD) MYCFLAGS="$(LNX_CFLAGS)" MYLDFLAGS="$(LNX_LDFLAGS)" EXTRA="$(EXTRA)"
--- a/src/config.h
+++ b/src/config.h
@ -1,6 +1,6 @@
 /*--------------------------------------------------------------------------
- * LuaSec 0.6
- * Copyright (C) 2006-2016 Bruno Silvestre
+ * LuaSec 0.5.1
+ * Copyright (C) 2006-2015 Bruno Silvestre
 *
 *--------------------------------------------------------------------------*/

@ -14,11 +14,7 @@
 #endif

 #if (LUA_VERSION_NUM == 501)
-#define setfuncs(L, R)    luaL_register(L, NULL, R)
-#define lua_rawlen(L, i)  lua_objlen(L, i)
-#define luaL_newlib(L, R) do { lua_newtable(L); luaL_register(L, NULL, R); } while(0)
-#else
-#define setfuncs(L, R) luaL_setfuncs(L, R, 0)
+#define lua_rawlen(L, i) lua_objlen(L, i)
 #endif

 #endif
--- a/src/context.c
+++ b/src/context.c
@ -1,9 +1,9 @@
 /*--------------------------------------------------------------------------
- * LuaSec 0.6
+ * LuaSec 0.5.1
 *
- * Copyright (C) 2014-2016 Kim Alvefur, Paul Aurich, Tobias Markmann, 
+ * Copyright (C) 2014-2015 Kim Alvefur, Paul Aurich, Tobias Markmann, 
 *                         Matthew Wild.
- * Copyright (C) 2006-2016 Bruno Silvestre.
+ * Copyright (C) 2006-2015 Bruno Silvestre.
 *
 *--------------------------------------------------------------------------*/

@ -39,28 +39,6 @@ typedef       SSL_METHOD LSEC_SSL_METHOD;
 #define SSLv23_method() TLS_method()
 #endif

-/*-- Compat - Lua 5.1 --------------------------------------------------------*/
-
-#if (LUA_VERSION_NUM == 501)
-
-#define luaL_testudata(L, ud, tname)  testudata(L, ud, tname)
-
-static void *testudata (lua_State *L, int ud, const char *tname) {
-  void *p = lua_touserdata(L, ud);
-  if (p != NULL) {  /* value is a userdata? */
-    if (lua_getmetatable(L, ud)) {  /* does it have a metatable? */
-      luaL_getmetatable(L, tname);  /* get correct metatable */
-      if (!lua_rawequal(L, -1, -2))  /* not the same? */
-        p = NULL;  /* value is a userdata with wrong metatable */
-      lua_pop(L, 2);  /* remove both metatables */
-      return p;
-    }
-  }
-  return NULL;  /* value is not a userdata with a metatable */
-}
-
-#endif
-
 /*--------------------------- Auxiliary Functions ----------------------------*/

 /**
@ -71,11 +49,6 @@ static p_context checkctx(lua_State *L, int idx)
  return (p_context)luaL_checkudata(L, idx, "SSL:Context");
 }

-static p_context testctx(lua_State *L, int idx)
-{
-  return (p_context)luaL_testudata(L, idx, "SSL:Context");
-}
-
 /**
 * Prepare the SSL options flag.
 */
@ -96,8 +69,7 @@ static int set_option_flag(const char *opt, unsigned long *flag)
 */
 static LSEC_SSL_METHOD* str2method(const char *method)
 {
-  if (!strcmp(method, "any"))     return SSLv23_method();
-  if (!strcmp(method, "sslv23"))  return SSLv23_method();  // deprecated
+  if (!strcmp(method, "sslv23"))  return SSLv23_method();
 #ifndef OPENSSL_NO_SSL3
  if (!strcmp(method, "sslv3"))   return SSLv3_method();
 #endif
@ -429,17 +401,6 @@ static int load_key(lua_State *L)
  return ret;
 }

-/**
- * Check that the certificate public key matches the private key
- */
-
-static int check_key(lua_State *L)
-{
-  SSL_CTX *ctx = lsec_checkcontext(L, 1);
-  lua_pushboolean(L, SSL_CTX_check_private_key(ctx));
-  return 1;
-}
-
 /**
 * Set the cipher list.
 */
@ -463,7 +424,7 @@ static int set_cipher(lua_State *L)
 static int set_depth(lua_State *L)
 {
  SSL_CTX *ctx = lsec_checkcontext(L, 1);
-  SSL_CTX_set_verify_depth(ctx, (int)luaL_checkinteger(L, 2));
+  SSL_CTX_set_verify_depth(ctx, luaL_checkint(L, 2));
  lua_pushboolean(L, 1);
  return 1;
 }
@ -609,7 +570,6 @@ static luaL_Reg funcs[] = {
  {"locations",    load_locations},
  {"loadcert",     load_cert},
  {"loadkey",      load_key},
-  {"checkkey",     check_key},
  {"setcipher",    set_cipher},
  {"setdepth",     set_depth},
  {"setdhparam",   set_dhparam},
@ -743,12 +703,6 @@ SSL_CTX* lsec_checkcontext(lua_State *L, int idx)
  return ctx->context;
 }

-SSL_CTX* lsec_testcontext(lua_State *L, int idx)
-{
-  p_context ctx = testctx(L, idx);
-  return (ctx) ? ctx->context : NULL;
-}
-
 /**
 * Retrieve the mode from the context in the Lua stack.
 */
@ -763,19 +717,39 @@ int lsec_getmode(lua_State *L, int idx)
 /**
 * Registre the module.
 */
+#if (LUA_VERSION_NUM == 501)
 LSEC_API int luaopen_ssl_context(lua_State *L)
 {
  luaL_newmetatable(L, "SSL:DH:Registry");      /* Keep all DH callbacks */
  luaL_newmetatable(L, "SSL:Verify:Registry");  /* Keep all verify flags */
  luaL_newmetatable(L, "SSL:Context");
-  setfuncs(L, meta);
+  luaL_register(L, NULL, meta);

  /* Create __index metamethods for context */
-  luaL_newlib(L, meta_index);
+  lua_newtable(L);
+  luaL_register(L, NULL, meta_index);
+  lua_setfield(L, -2, "__index");
+
+  /* Register the module */
+  luaL_register(L, "ssl.context", funcs);
+  return 1;
+}
+#else
+LSEC_API int luaopen_ssl_context(lua_State *L)
+{
+  luaL_newmetatable(L, "SSL:DH:Registry");      /* Keep all DH callbacks */
+  luaL_newmetatable(L, "SSL:Verify:Registry");  /* Keep all verify flags */
+  luaL_newmetatable(L, "SSL:Context");
+  luaL_setfuncs(L, meta, 0);
+
+  /* Create __index metamethods for context */
+  lua_newtable(L);
+  luaL_setfuncs(L, meta_index, 0);
  lua_setfield(L, -2, "__index");

  /* Return the module */
-  luaL_newlib(L, funcs);
-
+  lua_newtable(L);
+  luaL_setfuncs(L, funcs, 0);
  return 1;
 }
+#endif
--- a/src/context.h
+++ b/src/context.h
@ -2,8 +2,8 @@
 #define LSEC_CONTEXT_H

 /*--------------------------------------------------------------------------
- * LuaSec 0.6
- * Copyright (C) 2006-2016 Bruno Silvestre
+ * LuaSec 0.5.1
+ * Copyright (C) 2006-2015 Bruno Silvestre
 *
 *--------------------------------------------------------------------------*/

@ -29,7 +29,6 @@ typedef t_context* p_context;

 /* Retrieve the SSL context from the Lua stack */
 SSL_CTX *lsec_checkcontext(lua_State *L, int idx);
-SSL_CTX *lsec_testcontext(lua_State *L, int idx);

 /* Retrieve the mode from the context in the Lua stack */
 int lsec_getmode(lua_State *L, int idx);
--- a/src/ec.h
+++ b/src/ec.h
@ -1,6 +1,6 @@
 /*--------------------------------------------------------------------------
- * LuaSec 0.6
- * Copyright (C) 2006-2016 Bruno Silvestre
+ * LuaSec 0.5.1
+ * Copyright (C) 2006-2015 Bruno Silvestre
 *
 *--------------------------------------------------------------------------*/

--- a/src/https.lua
+++ b/src/https.lua
@ -1,6 +1,6 @@
 ----------------------------------------------------------------------------
-- LuaSec 0.6
-- Copyright (C) 2009-2016 PUC-Rio
+-- LuaSec 0.5.1
+-- Copyright (C) 2009-2015 PUC-Rio
 --
 -- Author: Pablo Musa
 -- Author: Tomas Guisasola
@ -12,21 +12,25 @@ local ltn12  = require("ltn12")
 local http   = require("socket.http")
 local url    = require("socket.url")

-local try    = socket.try
+local table  = require("table")
+local string = require("string")

--
-- Module
--
-local _M = {
-  _VERSION   = "0.6",
-  _COPYRIGHT = "LuaSec 0.6 - Copyright (C) 2009-2016 PUC-Rio",
-  PORT       = 443,
-}
+local try          = socket.try
+local type         = type
+local pairs        = pairs
+local getmetatable = getmetatable
+
+module("ssl.https")
+
+_VERSION   = "0.5.1"
+_COPYRIGHT = "LuaSec 0.5.1 - Copyright (C) 2009-2015 PUC-Rio"
+
+-- Default settings
+PORT = 443

-- TLS configuration
 local cfg = {
-  protocol = "any",
-  options  = {"all", "no_sslv2", "no_sslv3"},
+  protocol = "tlsv1",
+  options  = "all",
  verify   = "none",
 }

@ -36,7 +40,7 @@ local cfg = {

 -- Insert default HTTPS port.
 local function default_https_port(u)
-   return url.build(url.parse(u, {port = _M.PORT}))
+   return url.build(url.parse(u, {port = PORT}))
 end

 -- Convert an URL to a table according to Luasocket needs.
@ -109,7 +113,7 @@ end
 -- @param body optional (string)
 -- @return (string if url == string or 1), code, headers, status
 --
-local function request(url, body)
+function request(url, body)
  local result_table = {}
  local stringrequest = type(url) == "string"
  if stringrequest then
@ -132,11 +136,3 @@ local function request(url, body)
  end
  return res, code, headers, status
 end
-
--------------------------------------------------------------------------------
-- Export module
--
-
-_M.request = request
-
-return _M
--- a/src/luasocket/Makefile
+++ b/src/luasocket/Makefile
@ -6,7 +6,7 @@ OBJS= \

 CC	?= cc
 CFLAGS	+= $(MYCFLAGS) -DLUASOCKET_DEBUG
-AR	?= ar
+AR	:= ar rcu
 RANLIB	?= ranlib

 .PHONY: all clean
@ -14,7 +14,7 @@ RANLIB	?= ranlib
 all: libluasocket.a

 libluasocket.a: $(OBJS)
-	$(AR) rcu $@ $(OBJS)
+	$(AR) $@ $(OBJS)
 	$(RANLIB) $@

 clean:
--- a/src/options.h
+++ b/src/options.h
@ -2,8 +2,8 @@
 #define LSEC_OPTIONS_H

 /*--------------------------------------------------------------------------
- * LuaSec 0.6
- * Copyright (C) 2006-2016 Bruno Silvestre
+ * LuaSec 0.5.1
+ * Copyright (C) 2006-2015 Bruno Silvestre
 *
 *--------------------------------------------------------------------------*/

@ -12,7 +12,7 @@
 /* If you need to generate these options again, see options.lua */

 /* 
-  OpenSSL version: OpenSSL 1.0.2f
+  OpenSSL version: OpenSSL 1.0.1e 2013-06-12
 */

 struct ssl_option_s {
@ -73,21 +73,12 @@ static ssl_option_t ssl_options[] = {
 #if defined(SSL_OP_NO_COMPRESSION)
  {"no_compression", SSL_OP_NO_COMPRESSION},
 #endif
-#if defined(SSL_OP_NO_DTLSv1)
-  {"no_dtlsv1", SSL_OP_NO_DTLSv1},
-#endif
-#if defined(SSL_OP_NO_DTLSv1_2)
-  {"no_dtlsv1_2", SSL_OP_NO_DTLSv1_2},
-#endif
 #if defined(SSL_OP_NO_QUERY_MTU)
  {"no_query_mtu", SSL_OP_NO_QUERY_MTU},
 #endif
 #if defined(SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)
  {"no_session_resumption_on_renegotiation", SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION},
 #endif
-#if defined(SSL_OP_NO_SSL_MASK)
-  {"no_ssl_mask", SSL_OP_NO_SSL_MASK},
-#endif
 #if defined(SSL_OP_NO_SSLv2)
  {"no_sslv2", SSL_OP_NO_SSLv2},
 #endif
@ -112,9 +103,6 @@ static ssl_option_t ssl_options[] = {
 #if defined(SSL_OP_PKCS1_CHECK_2)
  {"pkcs1_check_2", SSL_OP_PKCS1_CHECK_2},
 #endif
-#if defined(SSL_OP_SAFARI_ECDHE_ECDSA_BUG)
-  {"safari_ecdhe_ecdsa_bug", SSL_OP_SAFARI_ECDHE_ECDSA_BUG},
-#endif
 #if defined(SSL_OP_SINGLE_DH_USE)
  {"single_dh_use", SSL_OP_SINGLE_DH_USE},
 #endif
@ -127,9 +115,6 @@ static ssl_option_t ssl_options[] = {
 #if defined(SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG)
  {"sslref2_reuse_cert_type_bug", SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG},
 #endif
-#if defined(SSL_OP_TLSEXT_PADDING)
-  {"tlsext_padding", SSL_OP_TLSEXT_PADDING},
-#endif
 #if defined(SSL_OP_TLS_BLOCK_PADDING_BUG)
  {"tls_block_padding_bug", SSL_OP_TLS_BLOCK_PADDING_BUG},
 #endif
--- a/src/options.lua
+++ b/src/options.lua
@ -21,8 +21,8 @@ local function generate(options, version)
 #define LSEC_OPTIONS_H

 /*--------------------------------------------------------------------------
- * LuaSec 0.6
- * Copyright (C) 2006-2016 Bruno Silvestre
+ * LuaSec 0.5.1
+ * Copyright (C) 2006-2015 Bruno Silvestre
 *
 *--------------------------------------------------------------------------*/

--- a/src/ssl.c
+++ b/src/ssl.c
@ -1,9 +1,9 @@
 /*--------------------------------------------------------------------------
- * LuaSec 0.6
+ * LuaSec 0.5.1
 *
- * Copyright (C) 2014-2016 Kim Alvefur, Paul Aurich, Tobias Markmann, 
+ * Copyright (C) 2014-2015 Kim Alvefur, Paul Aurich, Tobias Markmann, 
 *                         Matthew Wild.
- * Copyright (C) 2006-2016 Bruno Silvestre.
+ * Copyright (C) 2006-2014 Bruno Silvestre.
 *
 *--------------------------------------------------------------------------*/

@ -28,7 +28,6 @@
 #include <luasocket/socket.h>

 #include "x509.h"
-#include "context.h"
 #include "ssl.h"

 /**
@ -81,15 +80,11 @@ static int meth_destroy(lua_State *L)
  }
  ssl->state = LSEC_STATE_CLOSED;
  if (ssl->ssl) {
-    /* Clear the registries */
+    /* Clear the registry */
    luaL_getmetatable(L, "SSL:Verify:Registry");
    lua_pushlightuserdata(L, (void*)ssl->ssl);
    lua_pushnil(L);
    lua_settable(L, -3);
-    luaL_getmetatable(L, "SSL:SNI:Registry");
-    lua_pushlightuserdata(L, (void*)ssl->ssl);
-    lua_pushnil(L);
-    lua_settable(L, -3);
    /* Destroy the object */
    SSL_free(ssl->ssl);
    ssl->ssl = NULL;
@ -330,7 +325,7 @@ static int meth_setfd(lua_State *L)
  p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
  if (ssl->state != LSEC_STATE_NEW)
    luaL_argerror(L, 1, "invalid SSL object state");
-  ssl->sock = (t_socket)luaL_checkinteger(L, 2);
+  ssl->sock = luaL_checkint(L, 2);
  socket_setnonblocking(&ssl->sock);
  SSL_set_fd(ssl->ssl, (int)ssl->sock);
  return 0;
@ -406,24 +401,18 @@ static int meth_want(lua_State *L)
 */
 static int meth_compression(lua_State *L)
 {
-#if !defined(OPENSSL_NO_COMP)
  const COMP_METHOD *comp;
-#endif
  p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
  if (ssl->state != LSEC_STATE_CONNECTED) {
    lua_pushnil(L);
    lua_pushstring(L, "closed");
    return 2;
  }
-#if !defined(OPENSSL_NO_COMP)
  comp = SSL_get_current_compression(ssl->ssl);
  if (comp)
    lua_pushstring(L, SSL_COMP_get_name(comp));
  else
    lua_pushnil(L);
-#else
-  lua_pushnil(L);
-#endif
  return 1;
 }

@ -442,7 +431,7 @@ static int meth_getpeercertificate(lua_State *L)
    return 2;
  }
  /* Default to the first cert */ 
-  n = (int)luaL_optinteger(L, 2, 1);                           
+  n = luaL_optint(L, 2, 1);                           
  /* This function is 1-based, but OpenSSL is 0-based */
  --n;
  if (n < 0) {
@ -664,100 +653,9 @@ static int meth_info(lua_State *L)
  return 4;
 }

-static int sni_cb(SSL *ssl, int *ad, void *arg)
-{
-  int strict;
-  SSL_CTX *newctx = NULL;
-  SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
-  lua_State *L = ((p_context)SSL_CTX_get_app_data(ctx))->L;
-  const char *name = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
-  /* No name, use default context */
-  if (!name)
-    return SSL_TLSEXT_ERR_NOACK;
-  /* Retrieve struct from registry */
-  luaL_getmetatable(L, "SSL:SNI:Registry");
-  lua_pushlightuserdata(L, (void*)ssl);
-  lua_gettable(L, -2);
-  /* Strict search? */
-  lua_pushstring(L, "strict");
-  lua_gettable(L, -2);
-  strict = lua_toboolean(L, -1);
-  lua_pop(L, 1);
-  /* Search for the name in the map */
-  lua_pushstring(L, "map");
-  lua_gettable(L, -2);
-  lua_pushstring(L, name);
-  lua_gettable(L, -2);
-  if (lua_isuserdata(L, -1))
-    newctx = lsec_checkcontext(L, -1);
-  lua_pop(L, 4);
-  /* Found, use this context */
-  if (newctx) {
-    SSL_set_SSL_CTX(ssl, newctx);
-    return SSL_TLSEXT_ERR_OK;
-  }
-  /* Not found, but use initial context */
-  if (!strict)
-    return SSL_TLSEXT_ERR_OK;
-  return SSL_TLSEXT_ERR_ALERT_FATAL;
-}
-
-static int meth_sni(lua_State *L)
-{
-  int strict;
-  SSL_CTX *aux;
-  const char *name;
-  p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
-  SSL_CTX *ctx = SSL_get_SSL_CTX(ssl->ssl);
-  p_context pctx = (p_context)SSL_CTX_get_app_data(ctx);
-  if (pctx->mode == LSEC_MODE_CLIENT) {
-    name = luaL_checkstring(L, 2);
-    SSL_set_tlsext_host_name(ssl->ssl, name);
-    return 0;
-  } else if (pctx->mode == LSEC_MODE_SERVER) {
-    luaL_checktype(L, 2, LUA_TTABLE);
-    strict = lua_toboolean(L, 3);
-    /* Check if the table contains only (string -> context) */
-    lua_pushnil(L);
-    while (lua_next(L, 2)) {
-      luaL_checkstring(L, -2);
-      aux = lsec_checkcontext(L, -1);
-      /* Set callback in every context */
-      SSL_CTX_set_tlsext_servername_callback(aux, sni_cb);
-      /* leave the next key on the stack */
-      lua_pop(L, 1);
-    }
-    /* Save table in the register */
-    luaL_getmetatable(L, "SSL:SNI:Registry");
-    lua_pushlightuserdata(L, (void*)ssl->ssl);
-    lua_newtable(L);
-    lua_pushstring(L, "map");
-    lua_pushvalue(L, 2);
-    lua_settable(L, -3);
-    lua_pushstring(L, "strict");
-    lua_pushboolean(L, strict);
-    lua_settable(L, -3);
-    lua_settable(L, -3);
-    /* Set callback in the default context */
-    SSL_CTX_set_tlsext_servername_callback(ctx, sni_cb);
-  }
-  return 0;
-}
-
-static int meth_getsniname(lua_State *L)
-{
-  p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
-  const char *name = SSL_get_servername(ssl->ssl, TLSEXT_NAMETYPE_host_name);
-  if (name)
-    lua_pushstring(L, name);
-  else
-    lua_pushnil(L);
-  return 1;
-}
-
 static int meth_copyright(lua_State *L)
 {
-  lua_pushstring(L, "LuaSec 0.6 - Copyright (C) 2006-2016 Bruno Silvestre, UFG"
+  lua_pushstring(L, "LuaSec 0.5.1 - Copyright (C) 2006-2015 Bruno Silvestre"
 #if defined(WITH_LUASOCKET)
                    "\nLuaSocket 3.0-RC1 - Copyright (C) 2004-2013 Diego Nehab"
 #endif
@ -778,7 +676,6 @@ static luaL_Reg methods[] = {
  {"getpeerchain",        meth_getpeerchain},
  {"getpeerverification", meth_getpeerverification},
  {"getpeerfinished",     meth_getpeerfinished},
-  {"getsniname",          meth_getsniname},
  {"getstats",            meth_getstats},
  {"setstats",            meth_setstats},
  {"dirty",               meth_dirty},
@ -786,7 +683,6 @@ static luaL_Reg methods[] = {
  {"receive",             meth_receive},
  {"send",                meth_send},
  {"settimeout",          meth_settimeout},
-  {"sni",                 meth_sni},
  {"want",                meth_want},
  {NULL,                  NULL}
 };
@ -816,6 +712,7 @@ static luaL_Reg funcs[] = {
 /**
 * Initialize modules.
 */
+#if (LUA_VERSION_NUM == 501)
 LSEC_API int luaopen_ssl_core(lua_State *L)
 {
  /* Initialize SSL */
@ -831,16 +728,49 @@ LSEC_API int luaopen_ssl_core(lua_State *L)
  socket_open();
 #endif
   
-  luaL_newmetatable(L, "SSL:SNI:Registry");
-
  /* Register the functions and tables */
  luaL_newmetatable(L, "SSL:Connection");
-  setfuncs(L, meta);
+  luaL_register(L, NULL, meta);

-  luaL_newlib(L, methods);
+  lua_newtable(L);
+  luaL_register(L, NULL, methods);
  lua_setfield(L, -2, "__index");

-  luaL_newlib(L, funcs);
+  luaL_register(L, "ssl.core", funcs);
+  lua_pushnumber(L, SOCKET_INVALID);
+  lua_setfield(L, -2, "invalidfd");

  return 1;
 }
+#else
+LSEC_API int luaopen_ssl_core(lua_State *L)
+{
+  /* Initialize SSL */
+  if (!SSL_library_init()) {
+    lua_pushstring(L, "unable to initialize SSL library");
+    lua_error(L);
+  }
+  OpenSSL_add_all_algorithms();
+  SSL_load_error_strings();
+
+#if defined(WITH_LUASOCKET)
+  /* Initialize internal library */
+  socket_open();
+#endif
+
+  /* Register the functions and tables */
+  luaL_newmetatable(L, "SSL:Connection");
+  luaL_setfuncs(L, meta, 0);
+
+  lua_newtable(L);
+  luaL_setfuncs(L, methods, 0);
+  lua_setfield(L, -2, "__index");
+
+  lua_newtable(L);
+  luaL_setfuncs(L, funcs, 0);
+  lua_pushnumber(L, SOCKET_INVALID);
+  lua_setfield(L, -2, "invalidfd");
+
+  return 1;
+}
+#endif
--- a/src/ssl.h
+++ b/src/ssl.h
@ -2,8 +2,8 @@
 #define LSEC_SSL_H

 /*--------------------------------------------------------------------------
- * LuaSec 0.6
- * Copyright (C) 2006-2016 Bruno Silvestre
+ * LuaSec 0.5.1
+ * Copyright (C) 2006-2015 Bruno Silvestre
 *
 *--------------------------------------------------------------------------*/

--- a/src/ssl.lua
+++ b/src/ssl.lua
@ -1,6 +1,6 @@
 ------------------------------------------------------------------------------
-- LuaSec 0.6
-- Copyright (C) 2006-2016 Bruno Silvestre
+-- LuaSec 0.5.1
+-- Copyright (C) 2006-2015 Bruno Silvestre
 --
 ------------------------------------------------------------------------------

@ -8,7 +8,13 @@ local core    = require("ssl.core")
 local context = require("ssl.context")
 local x509    = require("ssl.x509")

-local unpack  = table.unpack or unpack
+module("ssl", package.seeall)
+
+_VERSION   = "0.5.1"
+_COPYRIGHT = core.copyright()
+
+-- Export
+loadcertificate = x509.load

 -- We must prevent the contexts to be collected before the connections,
 -- otherwise the C registry will be cleared.
@ -31,7 +37,7 @@ end
 --
 --
 --
-local function newcontext(cfg)
+function newcontext(cfg)
   local succ, msg, ctx
   -- Create the context
   ctx, msg = context.create(cfg.protocol)
@ -52,12 +58,8 @@ local function newcontext(cfg)
   end
   -- Load the certificate
   if cfg.certificate then
-     succ, msg = context.loadcert(ctx, cfg.certificate)
-     if not succ then return nil, msg end
-     if cfg.key and context.checkkey then
-       succ = context.checkkey(ctx)
-       if not succ then return nil, "private key does not match public key" end
-     end
+      succ, msg = context.loadcert(ctx, cfg.certificate)
+      if not succ then return nil, msg end
   end
   -- Load the CA certificates
   if cfg.cafile or cfg.capath then
@ -109,7 +111,7 @@ end
 --
 --
 --
-local function wrap(sock, cfg)
+function wrap(sock, cfg)
   local ctx, msg
   if type(cfg) == "table" then
      ctx, msg = newcontext(cfg)
@ -120,7 +122,7 @@ local function wrap(sock, cfg)
   local s, msg = core.create(ctx)
   if s then
      core.setfd(s, sock:getfd())
-      sock:setfd(-1)
+      sock:setfd(core.invalidfd)
      registry[s] = ctx
      return s
   end
@ -164,16 +166,3 @@ end
 --
 core.setmethod("info", info)

--------------------------------------------------------------------------------
-- Export module
--
-
-local _M = {
-  _VERSION        = "0.6",
-  _COPYRIGHT      = core.copyright(),
-  loadcertificate = x509.load,
-  newcontext      = newcontext,
-  wrap            = wrap,
-}
-
-return _M
--- a/src/x509.c
+++ b/src/x509.c
@ -1,22 +1,15 @@
 /*--------------------------------------------------------------------------
- * LuaSec 0.6
+ * LuaSec 0.5.1
 *
- * Copyright (C) 2014-2016 Kim Alvefur, Paul Aurich, Tobias Markmann
+ * Copyright (C) 2014-2015 Kim Alvefur, Paul Aurich, Tobias Markmann
 *                         Matthew Wild, Bruno Silvestre.
 *
 *--------------------------------------------------------------------------*/

-#include <stdio.h>
 #include <string.h>

 #if defined(WIN32)
-#include <ws2tcpip.h>
 #include <windows.h>
-#else
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
 #endif

 #include <openssl/ssl.h>
@ -64,51 +57,6 @@ p_x509 lsec_checkp_x509(lua_State* L, int idx)

 /*---------------------------------------------------------------------------*/

-#if defined(LUASEC_INET_NTOP)
-/*
- * For WinXP (SP3), set the following preprocessor macros:
- *     LUASEC_INET_NTOP
- *     WINVER=0x0501
- *     _WIN32_WINNT=0x0501
- *     NTDDI_VERSION=0x05010300
- *
- * For IPv6 addresses, you need to add IPv6 Protocol to your interface.
- *
- */
-static const char *inet_ntop(int af, const char *src, char *dst, socklen_t size)
-{
-  int addrsize;
-  struct sockaddr    *addr;
-  struct sockaddr_in  addr4;
-  struct sockaddr_in6 addr6;
-
-  switch (af) {
-  case AF_INET:
-    memset((void*)&addr4, 0, sizeof(addr4));
-    addr4.sin_family = AF_INET;
-    memcpy((void*)&addr4.sin_addr, src, sizeof(struct in_addr));
-    addr = (struct sockaddr*)&addr4;
-    addrsize = sizeof(struct sockaddr_in);
-    break;
-  case AF_INET6:
-    memset((void*)&addr6, 0, sizeof(addr6));
-    addr6.sin6_family = AF_INET6;
-    memcpy((void*)&addr6.sin6_addr, src, sizeof(struct in6_addr));
-    addr = (struct sockaddr*)&addr6;
-    addrsize = sizeof(struct sockaddr_in6);
-    break;
-  default:
-    return NULL;
-  }
-
-  if(getnameinfo(addr, addrsize, dst, size, NULL, 0, NI_NUMERICHOST) != 0)
-    return NULL;
-  return dst;
-}
-#endif
-
-/*---------------------------------------------------------------------------*/
-
 /**
 * Convert the buffer 'in' to hexadecimal.
 */
@ -175,31 +123,6 @@ static int push_asn1_time(lua_State *L, ASN1_UTCTIME *tm)
  return 1;
 }

-/**
- * Return a human readable IP address.
- */
-static void push_asn1_ip(lua_State *L, ASN1_STRING *string)
-{
-  int af;
-  char dst[INET6_ADDRSTRLEN];
-  unsigned char *ip = ASN1_STRING_data(string);
-  switch(ASN1_STRING_length(string)) {
-  case 4:
-    af = AF_INET;
-    break;
-  case 16:
-    af = AF_INET6;
-    break;
-  default:
-    lua_pushnil(L);
-    return;
-  }
-  if(inet_ntop(af, ip, dst, INET6_ADDRSTRLEN))
-    lua_pushstring(L, dst);
-  else
-    lua_pushnil(L);
-}
-
 /**
 * 
 */
@ -317,7 +240,7 @@ int meth_extensions(lua_State* L)
        break;
      case GEN_DNS:
        lua_pushstring(L, "dNSName");
-        push_subtable(L, -2);
+	push_subtable(L, -2);
        push_asn1_string(L, general_name->d.dNSName, px->encode);
        lua_rawseti(L, -2, lua_rawlen(L, -2) + 1);
        lua_pop(L, 1);
@ -339,7 +262,7 @@ int meth_extensions(lua_State* L)
      case GEN_IPADD:
        lua_pushstring(L, "iPAddress");
        push_subtable(L, -2);
-        push_asn1_ip(L, general_name->d.iPAddress);
+        push_asn1_string(L, general_name->d.iPAddress, px->encode);
        lua_rawseti(L, -2, lua_rawlen(L, -2)+1);
        lua_pop(L, 1);
        break;
@ -389,52 +312,6 @@ static int meth_pem(lua_State* L)
  return 1;
 }

-/**
- * Extract public key in PEM format.
- */
-static int meth_pubkey(lua_State* L)
-{
-  char* data;
-  long bytes;
-  int ret = 1;
-  X509* cert = lsec_checkx509(L, 1);
-  BIO *bio = BIO_new(BIO_s_mem());
-  EVP_PKEY *pkey = X509_get_pubkey(cert);
-  if(PEM_write_bio_PUBKEY(bio, pkey)) {
-    bytes = BIO_get_mem_data(bio, &data);
-    if (bytes > 0) {
-      lua_pushlstring(L, data, bytes);
-      switch(EVP_PKEY_type(pkey->type)) {
-        case EVP_PKEY_RSA:
-          lua_pushstring(L, "RSA");
-          break;
-        case EVP_PKEY_DSA:
-          lua_pushstring(L, "DSA");
-          break;
-        case EVP_PKEY_DH:
-          lua_pushstring(L, "DH");
-          break;
-        case EVP_PKEY_EC:
-          lua_pushstring(L, "EC");
-          break;
-        default:
-          lua_pushstring(L, "Unknown");
-          break;
-      }
-      lua_pushinteger(L, EVP_PKEY_bits(pkey));
-      ret = 3;
-    }
-    else
-      lua_pushnil(L);
-  }
-  else
-    lua_pushnil(L);
-  /* Cleanup */
-  BIO_free(bio);
-  EVP_PKEY_free(pkey);
-  return ret;
-}
-
 /**
 * Compute the fingerprint.
 */
@ -520,91 +397,6 @@ static int meth_notafter(lua_State *L)
  return push_asn1_time(L, X509_get_notAfter(cert));
 }

-/**
- * Check if this certificate issued some other certificate
- */
-static int meth_issued(lua_State* L)
-{
-  int ret, i, len;
-
-  X509_STORE_CTX* ctx = NULL;
-  X509_STORE* root = NULL;
-  STACK_OF(X509)* chain = NULL;
-
-  X509* issuer = lsec_checkx509(L, 1);
-  X509* subject = lsec_checkx509(L, 2);
-  X509* cert = NULL;
-
-  len = lua_gettop(L);
-
-  /* Check that all arguments are certificates */
-
-  for (i = 3; i <= len; i++) {
-    lsec_checkx509(L, i);
-  }
-
-  /* Before allocating things that require freeing afterwards */
-
-  chain = sk_X509_new_null();
-  ctx = X509_STORE_CTX_new();
-  root = X509_STORE_new();
-
-  if (ctx == NULL || root == NULL) {
-    lua_pushnil(L);
-    lua_pushstring(L, "X509_STORE_new() or X509_STORE_CTX_new() error");
-    ret = 2;
-    goto cleanup;
-  }
-
-  ret = X509_STORE_add_cert(root, issuer);
-
-  if(!ret) {
-    lua_pushnil(L);
-    lua_pushstring(L, "X509_STORE_add_cert() error");
-    ret = 2;
-    goto cleanup;
-  }
-
-  for (i = 3; i <= len && lua_isuserdata(L, i); i++) {
-    cert = lsec_checkx509(L, i);
-    sk_X509_push(chain, cert);
-  }
-
-  ret = X509_STORE_CTX_init(ctx, root, subject, chain);
-
-  if(!ret) {
-    lua_pushnil(L);
-    lua_pushstring(L, "X509_STORE_CTX_init() error");
-    ret = 2;
-    goto cleanup;
-  }
-
-  /* Actual verification */
-  if (X509_verify_cert(ctx) <= 0) {
-    ret = X509_STORE_CTX_get_error(ctx);
-    lua_pushnil(L);
-    lua_pushstring(L, X509_verify_cert_error_string(ret));
-    ret = 2;
-  } else {
-    lua_pushboolean(L, 1);
-    ret = 1;
-  }
-
-cleanup:
-
-  if (ctx != NULL) {
-    X509_STORE_CTX_free(ctx);
-  }
-
-  if (chain != NULL) {
-    X509_STORE_free(root);
-  }
-
-  sk_X509_free(chain);
-
-  return ret;
-}
-
 /**
 * Collect X509 objects.
 */
@ -671,9 +463,7 @@ static luaL_Reg methods[] = {
  {"issuer",     meth_issuer},
  {"notbefore",  meth_notbefore},
  {"notafter",   meth_notafter},
-  {"issued",     meth_issued},
  {"pem",        meth_pem},
-  {"pubkey",     meth_pubkey},
  {"serial",     meth_serial},
  {"subject",    meth_subject},
  {"validat",    meth_valid_at},
@ -699,16 +489,39 @@ static luaL_Reg funcs[] = {

 /*--------------------------------------------------------------------------*/

+#if (LUA_VERSION_NUM == 501)
+
 LSEC_API int luaopen_ssl_x509(lua_State *L)
 {
  /* Register the functions and tables */
  luaL_newmetatable(L, "SSL:Certificate");
-  setfuncs(L, meta);
+  luaL_register(L, NULL, meta);

-  luaL_newlib(L, methods);
+  lua_newtable(L);
+  luaL_register(L, NULL, methods);
  lua_setfield(L, -2, "__index");

-  luaL_newlib(L, funcs);
+  luaL_register(L, "ssl.x509", funcs);

  return 1;
 }
+
+#else
+
+LSEC_API int luaopen_ssl_x509(lua_State *L)
+{
+  /* Register the functions and tables */
+  luaL_newmetatable(L, "SSL:Certificate");
+  luaL_setfuncs(L, meta, 0);
+
+  lua_newtable(L);
+  luaL_setfuncs(L, methods, 0);
+  lua_setfield(L, -2, "__index");
+
+  lua_newtable(L);
+  luaL_setfuncs(L, funcs, 0);
+
+  return 1;
+}
+
+#endif
--- a/src/x509.h
+++ b/src/x509.h
@ -1,7 +1,7 @@
 /*--------------------------------------------------------------------------
- * LuaSec 0.6
+ * LuaSec 0.5.1
 *
- * Copyright (C) 2014-2016 Kim Alvefur, Paul Aurich, Tobias Markmann
+ * Copyright (C) 2014-2015 Kim Alvefur, Paul Aurich, Tobias Markmann
 *                         Matthew Wild, Bruno Silvestre.
 *
 *--------------------------------------------------------------------------*/
Author	SHA1	Message	Date
Bruno Silvestre	47cc914e69	Update version number.	2015-11-20 19:39:32 -02:00
Bruno Silvestre	90d4f2d95c	typo: intall -> install. update MacOSX version -> 10.11.	2015-11-20 19:20:07 -02:00
Bruno Silvestre	172d324243	Fix push_asn1_string().	2015-11-20 19:16:16 -02:00
Bruno Silvestre	6cc8e951d4	Update samples.	2015-11-20 19:12:19 -02:00
Bruno Silvestre	d36e156fac	Guard SSLv3_method() with #ifndef OPENSSL_NO_SSL3. Use TLS_method() instead of SSLv32_method(), when it is the case.	2015-11-20 18:54:57 -02:00