2025-04-20 23:46:44 +02:00
49 changed files with 382 additions and 1672 deletions
--- a/125
+++ b/125
@ -1,128 +1,3 @@
 --------------------------------------------------------------------------------
 LuaSec 1.3.2
 ---------------
 This version includes:
 * Fix: place EAI_OVERFLOW inside macro, unbreak build on <10.7 (Sergey Fedorov)
 * Fix: Expand workaround for zero errno to OpenSSL 3.0.x (Kim Alvefur)
 * Fix: reset block timeout at send or receive (MartinDahlberg)
 --------------------------------------------------------------------------------
 LuaSec 1.3.1
 ---------------
 This version includes:
 * Fix: check if PSK is available
 --------------------------------------------------------------------------------
 LuaSec 1.3.0
 ---------------
 This version includes:
 * Add :getlocalchain() + :getlocalcertificate() to mirror the peer methods (@mwild1)
 * Add Pre-Shared Key (PSK) support (@jclab-joseph)
 --------------------------------------------------------------------------------
 LuaSec 1.2.0
 ---------------
 This version includes:
 * Add key material export method
 * Backguard compat for openssl on providers, like LTS linuxes
 --------------------------------------------------------------------------------
 LuaSec 1.1.0
 ---------------
 This version includes:
 * Fix missing DANE flag
 * Remove unused parameter in https.lua
 --------------------------------------------------------------------------------
 LuaSec 1.0.2
 ---------------
 This version includes:
 * Fix handle SSL_send SYSCALL error without errno
 * Fix off by one in cert:validat(notafter)
 * Fix meth_get_{sinagure => signature}_name function name
 * Fix update the Lua state reference on the selected SSL context after SNI
 * Fix ignore SSL_OP_BIT(n) macro and update option.c
 --------------------------------------------------------------------------------
 LuaSec 1.0.1
 ---------------
 This version includes:
 * Fix luaL_buffinit() can use the stack and broke buffer_meth_receive()
 --------------------------------------------------------------------------------
 LuaSec 1.0
 ---------------
 This version includes:
 * Add cert:getsignaturename()
 --------------------------------------------------------------------------------
 LuaSec 0.9
 ---------------
 This version includes:
 * Add DNS-based Authentication of Named Entities (DANE) support
 * Add __close() metamethod
 * Fix deprecation warnings with OpenSSL 1.1
 * Fix special case listing of TLS 1.3 EC curves
 * Fix general_name leak in cert:extensions()
 * Fix unexported 'ssl.config' table
 * Replace $(LD) with $(CCLD) variable
 * Remove multiple definitions of 'ssl_options' variable
 * Use tag in git format: v0.9
 --------------------------------------------------------------------------------
 LuaSec 0.8.2
 ---------------
 This version includes:
 * Fix unexported 'ssl.config' table (backported)
 --------------------------------------------------------------------------------
 LuaSec 0.8.1
 ---------------
 This version includes:
 * Fix general_name leak in cert:extensions() (backported)
 --------------------------------------------------------------------------------
 LuaSec 0.8
 ---------------
 This version includes:
 * Add support to ALPN
 * Add support to TLS 1.3
 * Add support to multiple certificates
 * Add timeout to https module (https.TIMEOUT)
 * Drop support to SSL 3.0
 * Drop support to TLS 1.0 from https module
 * Fix invalid reference to Lua state
 * Fix memory leak when get certficate extensions
 --------------------------------------------------------------------------------
 LuaSec 0.7.2
 ---------------
 This version includes:
 * Fix unexported 'ssl.config' table (backported)
 --------------------------------------------------------------------------------
 LuaSec 0.7.1
 ---------------
 This version includes:
 * Fix general_name leak in cert:extensions() (backported)
 --------------------------------------------------------------------------------
 LuaSec 0.7
 ---------------
--- a/6
+++ b/6
@ -1,14 +1,14 @@
-LuaSec 1.3.2
+LuaSec 0.7
 ------------
 * OpenSSL options:
-    By default, this version includes options for OpenSSL 3.0.8
+    By default, LuaSec 0.7 includes options for OpenSSL 1.1.0f.
    If you need to generate the options for a different version of OpenSSL:
      $ cd src
-      $ lua options.lua -g /usr/include/openssl/ssl.h > options.c
+      $ lua options.lua -g /usr/include/openssl/ssl.h > options.h
 --------------------------------------------------------------------------------
--- a/4
+++ b/4
@ -1,5 +1,5 @@
-LuaSec 1.3.2 license
+LuaSec 0.7 license
-Copyright (C) 2006-2023 Bruno Silvestre, UFG
+Copyright (C) 2006-2018 Bruno Silvestre, UFG
 Permission is hereby granted, free  of charge, to any person obtaining
 a  copy  of this  software  and  associated  documentation files  (the
--- a/README.md
+++ b/README.md
@ -1,4 +1,4 @@
-LuaSec 1.3.2
+LuaSec 0.7
 ===============
 LuaSec depends  on OpenSSL, and  integrates with LuaSocket to  make it
 easy to add secure connections to any Lua applications or scripts.
--- a/luasec-1.3.2-1.rockspec
+++ b/luasec-1.3.2-1.rockspec
@ -1,8 +1,8 @@
 package = "LuaSec"
-version = "1.3.2-1"
+version = "0.7-1"
 source = {
-  url = "git+https://github.com/brunoos/luasec",
+   url = "https://github.com/brunoos/luasec/archive/luasec-0.7.tar.gz",
-  tag = "v1.3.2",
+   dir = "luasec-luasec-0.7"
 }
 description = {
   summary = "A binding for OpenSSL library to provide TLS/SSL communication over LuaSocket.",
@ -58,7 +58,7 @@ build = {
                  "ssl", "crypto"
               },
               sources = {
-                  "src/options.c", "src/config.c", "src/ec.c", 
+                  "src/config.c", "src/ec.c", 
                  "src/x509.c", "src/context.c", "src/ssl.c", 
                  "src/luasocket/buffer.c", "src/luasocket/io.c",
                  "src/luasocket/timeout.c", "src/luasocket/usocket.c"
@ -87,13 +87,13 @@ build = {
                  "$(OPENSSL_BINDIR)",
               },
               libraries = {
-                  "libssl", "libcrypto", "ws2_32"
+                  "libssl32MD", "libcrypto32MD", "ws2_32"
               },
               incdirs = {
                  "$(OPENSSL_INCDIR)", "src/", "src/luasocket"
               },
               sources = {
-                  "src/options.c", "src/config.c", "src/ec.c", 
+                  "src/config.c", "src/ec.c", 
                  "src/x509.c", "src/context.c", "src/ssl.c", 
                  "src/luasocket/buffer.c", "src/luasocket/io.c",
                  "src/luasocket/timeout.c", "src/luasocket/wsocket.c"
--- a/luasec.vcxproj
+++ b/luasec.vcxproj
@ -61,7 +61,7 @@
      <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
    </ClCompile>
    <Link>
-      <AdditionalDependencies>ws2_32.lib;libssl.lib;libcrypto.lib;lua5.1.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalDependencies>ws2_32.lib;libeay32MDd.lib;ssleay32MDd.lib;lua5.1.lib;%(AdditionalDependencies)</AdditionalDependencies>
      <OutputFile>$(OutDir)ssl.dll</OutputFile>
      <AdditionalLibraryDirectories>C:\devel\openssl\lib\VC;C:\devel\lua-dll9;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
      <GenerateDebugInformation>true</GenerateDebugInformation>
@ -85,7 +85,7 @@
      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
    </ClCompile>
    <Link>
-      <AdditionalDependencies>ws2_32.lib;libssl.lib;libcrypto.lib;lua5.1.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalDependencies>ws2_32.lib;libssl32MD.lib;libcrypto32MD.lib;lua5.1.lib;%(AdditionalDependencies)</AdditionalDependencies>
      <OutputFile>$(OutDir)$(TargetName)$(TargetExt)</OutputFile>
      <AdditionalLibraryDirectories>C:\devel\openssl-1.1.0\lib\VC;C:\devel\lua-5.1\lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
      <GenerateDebugInformation>true</GenerateDebugInformation>
@ -107,7 +107,6 @@
    <ClCompile Include="src\luasocket\io.c" />
    <ClCompile Include="src\luasocket\timeout.c" />
    <ClCompile Include="src\luasocket\wsocket.c" />
    <ClCompile Include="src\options.c" />
    <ClCompile Include="src\ssl.c" />
    <ClCompile Include="src\x509.c" />
  </ItemGroup>
@ -128,4 +127,4 @@
  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
  <ImportGroup Label="ExtensionTargets">
  </ImportGroup>
-</Project>
+</Project>
--- a/samples/README
+++ b/samples/README
@ -1,8 +1,5 @@
 Directories: 
 ------------
 * alpn
 Test ALPN (Application-Layer Protocol Negotiation) support.
 * certs
 Contains scripts to generate the certificates used by the examples.
 Generate Root CA 'A' and 'B' first, then the servers and clients.
@ -10,9 +7,6 @@ Directories:
 * chain
 Example of certificate chain in handshake.
 * curve-negotiation
 Elliptic curve negotiation.
 * dhparam
 DH parameters for handshake.
@ -36,32 +30,20 @@ Directories:
 Same of above,  but the connection is not  explicit closed, the gabage
 collector is encharge of that.
 * luaossl
 Integration with luaossl.
 * multicert
 Support to multiple certificate for dual RSA/ECDSA.
 * oneshot
 A simple connection example.
 * psk
 PSK(Pre Shared Key) support.
 * sni
 Support to SNI (Server Name Indication).
 * verification
 Retrieve the certificate verification errors from the handshake.
 * verify
 Ignore handshake errors and proceed.
 * want
 Test want() method.
 * wantread
 Test timeout in handshake() and receive().
 * wantwrite
 Test timeout in send().
 * want
 Test want() method.
--- a/samples/alpn/client.lua
+++ b/samples/alpn/client.lua
@ -1,27 +0,0 @@
 --
 -- Public domain
 --
 local socket = require("socket")
 local ssl    = require("ssl")
 local params = {
   mode = "client",
   protocol = "tlsv1_2",
   key = "../certs/clientAkey.pem",
   certificate = "../certs/clientA.pem",
   cafile = "../certs/rootA.pem",
   verify = {"peer", "fail_if_no_peer_cert"},
   options = "all",
   --alpn = {"foo","bar","baz"}
   alpn = "foo"
 }
 local peer = socket.tcp()
 peer:connect("127.0.0.1", 8888)
 peer = assert( ssl.wrap(peer, params) )
 assert(peer:dohandshake())
 print("ALPN", peer:getalpn())
 peer:close()
--- a/samples/alpn/server.lua
+++ b/samples/alpn/server.lua
@ -1,77 +0,0 @@
 --
 -- Public domain
 --
 local socket = require("socket")
 local ssl    = require("ssl")
 --
 -- Callback that selects one protocol from client's list.
 --
 local function alpncb01(protocols)
   print("--- ALPN protocols from client")
   for k, v in ipairs(protocols) do
      print(k, v)
   end
   print("--- Selecting:", protocols[1])
   return protocols[1]
 end
 --
 -- Callback that returns a fixed list, ignoring the client's list.
 --
 local function alpncb02(protocols)
   print("--- ALPN protocols from client")
   for k, v in ipairs(protocols) do
      print(k, v)
   end
   print("--- Returning a fixed list") 
   return {"bar", "foo"}
 end
 --
 -- Callback that generates a list as it whishes.
 --
 local function alpncb03(protocols)
   local resp = {}
   print("--- ALPN protocols from client")
   for k, v in ipairs(protocols) do
      print(k, v)
      if k%2 ~= 0 then resp[#resp+1] = v end
   end
   print("--- Returning an odd list")
   return resp
 end
 local params = {
   mode = "server",
   protocol = "any",
   key = "../certs/serverAkey.pem",
   certificate = "../certs/serverA.pem",
   cafile = "../certs/rootA.pem",
   verify = {"peer", "fail_if_no_peer_cert"},
   options = "all",
   --alpn = alpncb01,
   --alpn = alpncb02,
   --alpn = alpncb03,
   alpn = {"bar", "baz", "foo"},
 }
 -- [[ SSL context
 local ctx = assert(ssl.newcontext(params))
 --]]
 local server = socket.tcp()
 server:setoption('reuseaddr', true)
 assert( server:bind("127.0.0.1", 8888) )
 server:listen()
 local peer = server:accept()
 peer = assert( ssl.wrap(peer, ctx) )
 assert( peer:dohandshake() )
 print("ALPN", peer:getalpn())
 peer:close()
 server:close()
--- a/samples/certs/all.sh
+++ b/samples/certs/all.sh
@ -1,7 +0,0 @@
 #!/bin/sh
 ./rootA.sh
 ./rootB.sh
 ./clientA.sh
 ./clientB.sh
 ./serverA.sh
 ./serverB.sh
--- a/samples/certs/clientA.sh
+++ b/samples/certs/clientA.sh
@ -1,9 +1,9 @@
 #!/bin/sh
-openssl req -newkey rsa:2048 -sha256 -keyout clientAkey.pem -out clientAreq.pem \
+openssl req -newkey rsa:1024 -sha1 -keyout clientAkey.pem -out clientAreq.pem \
  -nodes -config ./clientA.cnf -days 365 -batch
-openssl x509 -req -in clientAreq.pem -sha256 -extfile ./clientA.cnf \
+openssl x509 -req -in clientAreq.pem -sha1 -extfile ./clientA.cnf \
  -extensions usr_cert -CA rootA.pem -CAkey rootAkey.pem -CAcreateserial \
  -out clientAcert.pem -days 365
--- a/samples/certs/clientB.sh
+++ b/samples/certs/clientB.sh
@ -1,9 +1,9 @@
 #!/bin/sh
-openssl req -newkey rsa:2048 -sha256 -keyout clientBkey.pem -out clientBreq.pem \
+openssl req -newkey rsa:1024 -sha1 -keyout clientBkey.pem -out clientBreq.pem \
  -nodes -config ./clientB.cnf -days 365 -batch
-openssl x509 -req -in clientBreq.pem -sha256 -extfile ./clientB.cnf \
+openssl x509 -req -in clientBreq.pem -sha1 -extfile ./clientB.cnf \
  -extensions usr_cert -CA rootB.pem -CAkey rootBkey.pem -CAcreateserial \
  -out clientBcert.pem -days 365
--- a/samples/certs/rootA.sh
+++ b/samples/certs/rootA.sh
@ -1,7 +1,7 @@
 #!/bin/sh
-openssl req -newkey rsa:2048 -sha256 -keyout rootAkey.pem -out rootAreq.pem -nodes -config ./rootA.cnf -days 365 -batch
+openssl req -newkey rsa:1024 -sha1 -keyout rootAkey.pem -out rootAreq.pem -nodes -config ./rootA.cnf -days 365 -batch
-openssl x509 -req -in rootAreq.pem -sha256 -extfile ./rootA.cnf -extensions v3_ca -signkey rootAkey.pem -out rootA.pem -days 365
+openssl x509 -req -in rootAreq.pem -sha1 -extfile ./rootA.cnf -extensions v3_ca -signkey rootAkey.pem -out rootA.pem -days 365
 openssl x509 -subject -issuer -noout -in rootA.pem
--- a/samples/certs/rootB.sh
+++ b/samples/certs/rootB.sh
@ -1,7 +1,7 @@
 #!/bin/sh
-openssl req -newkey rsa:2048 -sha256 -keyout rootBkey.pem -out rootBreq.pem -nodes -config ./rootB.cnf -days 365 -batch
+openssl req -newkey rsa:1024 -sha1 -keyout rootBkey.pem -out rootBreq.pem -nodes -config ./rootB.cnf -days 365 -batch
-openssl x509 -req -in rootBreq.pem -sha256 -extfile ./rootB.cnf -extensions v3_ca -signkey rootBkey.pem -out rootB.pem -days 365
+openssl x509 -req -in rootBreq.pem -sha1 -extfile ./rootB.cnf -extensions v3_ca -signkey rootBkey.pem -out rootB.pem -days 365
 openssl x509 -subject -issuer -noout -in rootB.pem
--- a/samples/certs/serverA.cnf
+++ b/samples/certs/serverA.cnf
@ -118,7 +118,7 @@ x509_extensions	= v3_ca	# The extensions to add to the self signed cert
 # so use this option with caution!
 string_mask = nombstr
-# req_extensions = v3_ext # The extensions to add to a certificate request
+# req_extensions = v3_req # The extensions to add to a certificate request
 [ req_distinguished_name ]
 countryName			= Country Name (2 letter code)
@ -198,7 +198,7 @@ authorityKeyIdentifier=keyid,issuer
 # subjectAltName=email:copy
 # An alternative to produce certificates that aren't
 # deprecated according to PKIX.
-subjectAltName=DNS:foo.bar.example
+# subjectAltName=email:move
 # Copy subject details
 # issuerAltName=issuer:copy
--- a/samples/certs/serverA.sh
+++ b/samples/certs/serverA.sh
@ -1,9 +1,9 @@
 #!/bin/sh
-openssl req -newkey rsa:2048 -sha256 -keyout serverAkey.pem -out serverAreq.pem \
+openssl req -newkey rsa:1024 -keyout serverAkey.pem -out serverAreq.pem \
   -config ./serverA.cnf -nodes -days 365 -batch
-openssl x509 -req -in serverAreq.pem -sha256 -extfile ./serverA.cnf \
+openssl x509 -req -in serverAreq.pem -sha1 -extfile ./serverA.cnf \
   -extensions usr_cert -CA rootA.pem -CAkey rootAkey.pem -CAcreateserial \
   -out serverAcert.pem -days 365
--- a/samples/certs/serverB.cnf
+++ b/samples/certs/serverB.cnf
@ -195,7 +195,7 @@ authorityKeyIdentifier=keyid,issuer
 # This stuff is for subjectAltName and issuerAltname.
 # Import the email address.
-subjectAltName=DNS:fnord.bar.example
+# subjectAltName=email:copy
 # An alternative to produce certificates that aren't
 # deprecated according to PKIX.
 # subjectAltName=email:move
--- a/samples/certs/serverB.sh
+++ b/samples/certs/serverB.sh
@ -1,9 +1,9 @@
 #!/bin/sh
-openssl req -newkey rsa:2048 -sha256 -keyout serverBkey.pem -out serverBreq.pem \
+openssl req -newkey rsa:1024 -keyout serverBkey.pem -out serverBreq.pem \
   -config ./serverB.cnf -nodes -days 365 -batch
-openssl x509 -req -in serverBreq.pem -sha256 -extfile ./serverB.cnf \
+openssl x509 -req -in serverBreq.pem -sha1 -extfile ./serverB.cnf \
   -extensions usr_cert -CA rootB.pem -CAkey rootBkey.pem -CAcreateserial \
   -out serverBcert.pem -days 365
--- a/samples/chain/server.lua
+++ b/samples/chain/server.lua
@ -31,27 +31,8 @@ util.show( conn:getpeercertificate() )
 print("----------------------------------------------------------------------")
-local expectedpeerchain = { "../certs/clientAcert.pem", "../certs/rootA.pem" }
+for k, cert in ipairs( conn:getpeerchain() ) do
 local peerchain = conn:getpeerchain()
 assert(#peerchain == #expectedpeerchain)
 for k, cert in ipairs( peerchain ) do
  util.show(cert)
  local expectedpem = assert(io.open(expectedpeerchain[k])):read("*a")
  assert(cert:pem() == expectedpem, "peer chain mismatch @ "..tostring(k))
 end
 local expectedlocalchain = { "../certs/serverAcert.pem" }
 local localchain = assert(conn:getlocalchain())
 assert(#localchain == #expectedlocalchain)
 for k, cert in ipairs( localchain ) do
  util.show(cert)
  local expectedpem = assert(io.open(expectedlocalchain[k])):read("*a")
  assert(cert:pem() == expectedpem, "local chain mismatch @ "..tostring(k))
  if k == 1 then
    assert(cert:pem() == conn:getlocalcertificate():pem())
  end
 end
 local f = io.open(params.certificate)
--- a/samples/dane/client.lua
+++ b/samples/dane/client.lua
@ -1,40 +0,0 @@
 local socket = require "socket";
 local ssl = require "ssl";
 local dns = require "lunbound".new();
 local cfg = {
 	protocol = "tlsv1_2",
 	mode = "client",
 	ciphers = "DEFAULT",
 	capath = "/etc/ssl/certs",
 	verify = "peer",
 	dane = true,
 };
 local function daneconnect(host, port)
   port = port or "443";
 	local conn = ssl.wrap(socket.connect(host, port), cfg);
 	local tlsa = dns:resolve("_" .. port .. "._tcp." .. host, 52);
 	assert(tlsa.secure, "Insecure DNS");
 	assert(conn:setdane(host));
 	for i = 1, tlsa.n do
 		local usage, selector, mtype = tlsa[i] :byte(1, 3);
 		assert(conn:settlsa(usage, selector, mtype, tlsa[i] :sub(4, - 1)));
 	end
 	assert(conn:dohandshake());
 	return conn;
 end
 if not ... then
   print("Usage: client.lua example.com [port]");
   return os.exit(1);
 end
 local conn = daneconnect(...);
 print(conn:getpeerverification());
--- a/samples/dhparam/client.lua
+++ b/samples/dhparam/client.lua
@ -6,13 +6,12 @@ local ssl    = require("ssl")
 local params = {
   mode = "client",
-   protocol = "any",
+   protocol = "tlsv1_2",
   key = "../certs/clientAkey.pem",
   certificate = "../certs/clientA.pem",
   cafile = "../certs/rootA.pem",
   verify = {"peer", "fail_if_no_peer_cert"},
   options = "all",
   ciphers = "EDH+AESGCM"
 }
 local peer = socket.tcp()
--- a/samples/dhparam/params.sh
+++ b/samples/dhparam/params.sh
@ -1,4 +1,4 @@
-#!/usr/bin/env sh
+#!/bin/sh
 openssl dhparam -2 -out dh-512.pem  -outform PEM 512
 openssl dhparam -2 -out dh-1024.pem -outform PEM 1024
--- a/samples/dhparam/server.lua
+++ b/samples/dhparam/server.lua
@ -38,7 +38,6 @@ local params = {
   verify = {"peer", "fail_if_no_peer_cert"},
   options = "all",
   dhparam = dhparam_cb,
   ciphers = "EDH+AESGCM"
 }
--- a/samples/key/genkey.sh
+++ b/samples/key/genkey.sh
@ -1,3 +1,3 @@
-#!/usr/bin/env sh
+#!/bin/sh
 openssl genrsa -des3 -out key.pem -passout pass:foobar 2048
--- a/samples/loop/client.lua
+++ b/samples/loop/client.lua
@ -23,8 +23,6 @@ while true do
   assert( peer:dohandshake() )
   --]]
   peer:getpeercertificate():extensions()
   print(peer:receive("*l"))
   peer:close()
 end
--- a/samples/multicert/client-ecdsa.lua
+++ b/samples/multicert/client-ecdsa.lua
@ -1,29 +0,0 @@
 --
 -- Public domain
 --
 local socket = require("socket")
 local ssl    = require("ssl")
 local params = {
   mode        = "client",
   protocol    = "tlsv1_2",
   key         = "certs/clientECDSAkey.pem",
   certificate = "certs/clientECDSA.pem",
   verify      = "none",
   options     = "all",
   ciphers     = "ALL:!aRSA"
 }
 local peer = socket.tcp()
 peer:connect("127.0.0.1", 8888)
 -- [[ SSL wrapper
 peer = assert( ssl.wrap(peer, params) )
 assert(peer:dohandshake())
 --]]
 local i = peer:info()
 for k, v in pairs(i) do print(k, v) end
 print(peer:receive("*l"))
 peer:close()
--- a/samples/multicert/client-rsa.lua
+++ b/samples/multicert/client-rsa.lua
@ -1,29 +0,0 @@
 --
 -- Public domain
 --
 local socket = require("socket")
 local ssl    = require("ssl")
 local params = {
   mode        = "client",
   protocol    = "tlsv1_2",
   key         = "certs/clientRSAkey.pem",
   certificate = "certs/clientRSA.pem",
   verify      = "none",
   options     = "all",
   ciphers     = "ALL:!ECDSA"
 }
 local peer = socket.tcp()
 peer:connect("127.0.0.1", 8888)
 -- [[ SSL wrapper
 peer = assert( ssl.wrap(peer, params) )
 assert(peer:dohandshake())
 --]]
 local i = peer:info()
 for k, v in pairs(i) do print(k, v) end
 print(peer:receive("*l"))
 peer:close()
--- a/samples/multicert/gencerts.sh
+++ b/samples/multicert/gencerts.sh
@ -1,13 +0,0 @@
 #!/usr/bin/env sh
 mkdir -p certs
 openssl ecparam -name secp256r1 -genkey -out certs/serverECDSAkey.pem
 openssl req -new -config ../certs/serverA.cnf -extensions usr_cert -x509 -key certs/serverECDSAkey.pem -out certs/serverECDSA.pem -days 360 -batch
 openssl ecparam -name secp256r1 -genkey -out certs/clientECDSAkey.pem
 openssl req -config ../certs/clientA.cnf -extensions usr_cert -x509 -new -key certs/clientECDSAkey.pem -out certs/clientECDSA.pem -days 360 -batch
 openssl req -config ../certs/serverB.cnf -extensions usr_cert -x509 -new -newkey rsa:2048 -keyout certs/serverRSAkey.pem -out certs/serverRSA.pem -nodes -days 365 -batch
 openssl req -config ../certs/clientB.cnf -extensions usr_cert -x509 -new -newkey rsa:2048 -keyout certs/clientRSAkey.pem -out certs/clientRSA.pem -nodes -days 365 -batch
--- a/samples/multicert/server.lua
+++ b/samples/multicert/server.lua
@ -1,38 +0,0 @@
 --
 -- Public domain
 --
 local socket = require("socket")
 local ssl    = require("ssl")
 local params = {
   mode         = "server",
   protocol     = "any",
   certificates = { 
      -- Comment line below and 'client-rsa' stop working
      { certificate = "certs/serverRSA.pem",   key = "certs/serverRSAkey.pem"   },
      -- Comment line below and 'client-ecdsa' stop working
      { certificate = "certs/serverECDSA.pem", key = "certs/serverECDSAkey.pem" }
   },
   verify  = "none",
   options = "all"
 }
 -- [[ SSL context
 local ctx = assert(ssl.newcontext(params))
 --]]
 local server = socket.tcp()
 server:setoption('reuseaddr', true)
 assert( server:bind("127.0.0.1", 8888) )
 server:listen()
 local peer = server:accept()
 -- [[ SSL wrapper
 peer = assert( ssl.wrap(peer, ctx) )
 assert( peer:dohandshake() )
 --]]
 peer:send("oneshot test\n")
 peer:close()
--- a/samples/psk/client.lua
+++ b/samples/psk/client.lua
@ -1,41 +0,0 @@
 --
 -- Public domain
 --
 local socket = require("socket")
 local ssl    = require("ssl")
 if not ssl.config.capabilities.psk then
   print("[ERRO] PSK not available")
   os.exit(1)
 end
 -- @param hint (nil | string)
 -- @param max_identity_len (number)
 -- @param max_psk_len (number)
 -- @return identity (string)
 -- @return PSK (string)
 local function pskcb(hint, max_identity_len, max_psk_len)
   print(string.format("PSK Callback: hint=%q, max_identity_len=%d, max_psk_len=%d", hint, max_identity_len, max_psk_len))
   return "abcd", "1234"
 end
 local params = {
   mode = "client",
   protocol = "tlsv1_2",
   psk = pskcb,
 }
 local peer = socket.tcp()
 peer:connect("127.0.0.1", 8888)
 peer = assert( ssl.wrap(peer, params) )
 assert(peer:dohandshake())
 print("--- INFO ---")
 local info = peer:info()
 for k, v in pairs(info) do
   print(k, v)
 end
 print("---")
 peer:close()
--- a/samples/psk/server.lua
+++ b/samples/psk/server.lua
@ -1,60 +0,0 @@
 --
 -- Public domain
 --
 local socket = require("socket")
 local ssl    = require("ssl")
 if not ssl.config.capabilities.psk then
   print("[ERRO] PSK not available")
   os.exit(1)
 end
 -- @param identity (string)
 -- @param max_psk_len (number)
 -- @return psk (string)
 local function pskcb(identity, max_psk_len)
   print(string.format("PSK Callback: identity=%q, max_psk_len=%d", identity, max_psk_len))
   if identity == "abcd" then
     return "1234"
  end
  return nil
 end
 local params = {
   mode = "server",
   protocol = "any",
   options = "all",
 -- PSK with just a callback
   psk = pskcb,
 -- PSK with identity hint
 --   psk = {
 --      hint = "hintpsksample",
 --      callback = pskcb,
 --   },
 }
 -- [[ SSL context
 local ctx = assert(ssl.newcontext(params))
 --]]
 local server = socket.tcp()
 server:setoption('reuseaddr', true)
 assert( server:bind("127.0.0.1", 8888) )
 server:listen()
 local peer = server:accept()
 peer = assert( ssl.wrap(peer, ctx) )
 assert( peer:dohandshake() )
 print("--- INFO ---")
 local info = peer:info()
 for k, v in pairs(info) do
   print(k, v)
 end
 print("---")
 peer:close()
 server:close()
--- a/src/Makefile
+++ b/src/Makefile
@ -2,7 +2,6 @@ CMOD=ssl.so
 LMOD=ssl.lua
 OBJS= \
 options.o \
 x509.o    \
 context.o \
 ssl.o     \
@ -25,7 +24,7 @@ MAC_LDFLAGS=-bundle -undefined dynamic_lookup $(LIBDIR)
 INSTALL  = install
 CC      ?= cc
-CCLD      ?= $(MYENV) $(CC)
+LD      ?= $(MYENV) cc
 CFLAGS  += $(MYCFLAGS)
 LDFLAGS += $(MYLDFLAGS)
@ -52,15 +51,14 @@ luasocket:
 	@cd luasocket && $(MAKE)
 $(CMOD): $(EXTRA) $(OBJS)
-	$(CCLD) $(LDFLAGS) -o $@ $(OBJS) $(LIBS)
+	$(LD) $(LDFLAGS) -o $@ $(OBJS) $(LIBS)
 clean:
 	cd luasocket && $(MAKE) clean
 	rm -f $(OBJS) $(CMOD)
 options.o: options.h options.c
 ec.o: ec.c ec.h
 x509.o: x509.c x509.h compat.h
-context.o: context.c context.h ec.h compat.h options.h
+context.o: context.c context.h ec.h compat.h
 ssl.o: ssl.c ssl.h context.h x509.h compat.h
 config.o: config.c ec.h options.h compat.h
--- a/src/compat.h
+++ b/src/compat.h
@ -1,25 +1,19 @@
 /*--------------------------------------------------------------------------
- * LuaSec 1.3.2
+ * LuaSec 0.7
 *
- * Copyright (C) 2006-2023 Bruno Silvestre
+ * Copyright (C) 2006-2018 Bruno Silvestre
 *
 *--------------------------------------------------------------------------*/
 #ifndef LSEC_COMPAT_H
 #define LSEC_COMPAT_H
 #include <openssl/ssl.h>
 //------------------------------------------------------------------------------
 #if defined(_WIN32)
 #define LSEC_API __declspec(dllexport) 
 #else
 #define LSEC_API extern
 #endif
 //------------------------------------------------------------------------------
 #if (LUA_VERSION_NUM == 501)
 #define luaL_testudata(L, ud, tname)  lsec_testudata(L, ud, tname)
@ -34,30 +28,4 @@
 #define setfuncs(L, R) luaL_setfuncs(L, R, 0)
 #endif
 //------------------------------------------------------------------------------
 #if (!defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x1010000fL))
 #define LSEC_ENABLE_DANE
 #endif
 //------------------------------------------------------------------------------
 #if !((defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x2070000fL)) || (OPENSSL_VERSION_NUMBER < 0x1010000fL))
 #define LSEC_API_OPENSSL_1_1_0
 #endif
 //------------------------------------------------------------------------------
 #if !defined(LIBRESSL_VERSION_NUMBER) && ((OPENSSL_VERSION_NUMBER & 0xFFFFF000L) == 0x10101000L || (OPENSSL_VERSION_NUMBER & 0xFFFFF000L) == 0x30000000L)
 #define LSEC_OPENSSL_ERRNO_BUG
 #endif
 //------------------------------------------------------------------------------
 #if !defined(LIBRESSL_VERSION_NUMBER) && !defined(OPENSSL_NO_PSK)
 #define LSEC_ENABLE_PSK
 #endif
 //------------------------------------------------------------------------------
 #endif
--- a/src/config.c
+++ b/src/config.c
@ -1,7 +1,7 @@
 /*--------------------------------------------------------------------------
- * LuaSec 1.3.2
+ * LuaSec 0.7
 *
- * Copyright (C) 2006-2023 Bruno Silvestre
+ * Copyright (C) 2006-2018 Bruno Silvestre.
 *
 *--------------------------------------------------------------------------*/
@ -14,14 +14,14 @@
 */
 LSEC_API int luaopen_ssl_config(lua_State *L)
 {
-  lsec_ssl_option_t *opt;
+  ssl_option_t *opt;
  lua_newtable(L);
  // Options
  lua_pushstring(L, "options");
  lua_newtable(L);
-  for (opt = lsec_get_ssl_options(); opt->name; opt++) {
+  for (opt = ssl_options; opt->name; opt++) {
    lua_pushstring(L, opt->name);
    lua_pushboolean(L, 1);
    lua_rawset(L, -3);
@ -32,21 +32,22 @@ LSEC_API int luaopen_ssl_config(lua_State *L)
  lua_pushstring(L, "protocols");
  lua_newtable(L);
 #ifndef OPENSSL_NO_SSL3
  lua_pushstring(L, "sslv3");
  lua_pushboolean(L, 1);
  lua_rawset(L, -3);
 #endif
  lua_pushstring(L, "tlsv1");
  lua_pushboolean(L, 1);
  lua_rawset(L, -3);
 #if (OPENSSL_VERSION_NUMBER >= 0x1000100fL)
  lua_pushstring(L, "tlsv1_1");
  lua_pushboolean(L, 1);
  lua_rawset(L, -3);
  lua_pushstring(L, "tlsv1_2");
  lua_pushboolean(L, 1);
  lua_rawset(L, -3);
 #ifdef TLS1_3_VERSION
  lua_pushstring(L, "tlsv1_3");
  lua_pushboolean(L, 1);
  lua_rawset(L, -3);
 #endif
  lua_rawset(L, -3);
  // Algorithms
@ -69,38 +70,17 @@ LSEC_API int luaopen_ssl_config(lua_State *L)
  lua_pushstring(L, "capabilities");
  lua_newtable(L);
  // ALPN
  lua_pushstring(L, "alpn");
  lua_pushboolean(L, 1);
  lua_rawset(L, -3);
 #ifdef LSEC_ENABLE_PSK
  lua_pushstring(L, "psk");
  lua_pushboolean(L, 1);
  lua_rawset(L, -3);
 #endif
 #ifdef LSEC_ENABLE_DANE
  // DANE
  lua_pushstring(L, "dane");
 #ifdef DANE_FLAG_NO_DANE_EE_NAMECHECKS
  lua_createtable(L, 0, 1);
  lua_pushstring(L, "no_ee_namechecks");
  lua_pushboolean(L, 1);
  lua_rawset(L, -3);
 #else
  lua_pushboolean(L, 1);
 #endif
  lua_rawset(L, -3);
 #endif
 #ifndef OPENSSL_NO_EC
 #if defined(SSL_CTRL_SET_ECDH_AUTO) || defined(SSL_CTRL_SET_CURVES_LIST) || defined(SSL_CTX_set1_curves_list)
  lua_pushstring(L, "curves_list");
  lua_pushboolean(L, 1);
  lua_rawset(L, -3);
 #ifdef SSL_CTRL_SET_ECDH_AUTO
  lua_pushstring(L, "ecdh_auto");
  lua_pushboolean(L, 1);
  lua_rawset(L, -3);
 #endif
 #endif
 #endif
  lua_rawset(L, -3);
--- a/src/context.c
+++ b/src/context.c
@ -1,8 +1,9 @@
 /*--------------------------------------------------------------------------
- * LuaSec 1.3.2
+ * LuaSec 0.7
 *
- * Copyright (C) 2014-2023 Kim Alvefur, Paul Aurich, Tobias Markmann, Matthew Wild
+ * Copyright (C) 2014-2018 Kim Alvefur, Paul Aurich, Tobias Markmann, 
- * Copyright (C) 2006-2023 Bruno Silvestre
+ *                         Matthew Wild.
 * Copyright (C) 2006-2018 Bruno Silvestre.
 *
 *--------------------------------------------------------------------------*/
@ -16,13 +17,10 @@
 #include <openssl/err.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 #include <openssl/x509_vfy.h>
 #include <openssl/dh.h>
 #include <lua.h>
 #include <lauxlib.h>
 #include "compat.h"
 #include "context.h"
 #include "options.h"
@ -31,6 +29,12 @@
 #include "ec.h"
 #endif
 #if (OPENSSL_VERSION_NUMBER >= 0x1000000fL)
 typedef const SSL_METHOD LSEC_SSL_METHOD;
 #else
 typedef       SSL_METHOD LSEC_SSL_METHOD;
 #endif
 /*--------------------------- Auxiliary Functions ----------------------------*/
 /**
@ -51,8 +55,8 @@ static p_context testctx(lua_State *L, int idx)
 */
 static int set_option_flag(const char *opt, unsigned long *flag)
 {
-  lsec_ssl_option_t *p;
+  ssl_option_t *p;
-  for (p = lsec_get_ssl_options(); p->name; p++) {
+  for (p = ssl_options; p->name; p++) {
    if (!strcmp(opt, p->name)) {
      *flag |= p->code;
      return 1;
@ -61,59 +65,23 @@ static int set_option_flag(const char *opt, unsigned long *flag)
  return 0;
 }
 #ifndef LSEC_API_OPENSSL_1_1_0
 /**
 * Find the protocol.
 */
-static const SSL_METHOD* str2method(const char *method, int *vmin, int *vmax)
+static LSEC_SSL_METHOD* str2method(const char *method)
 {
  (void)vmin;
  (void)vmax;
  if (!strcmp(method, "any"))     return SSLv23_method();
  if (!strcmp(method, "sslv23"))  return SSLv23_method();  // deprecated
 #ifndef OPENSSL_NO_SSL3
  if (!strcmp(method, "sslv3"))   return SSLv3_method();
 #endif
  if (!strcmp(method, "tlsv1"))   return TLSv1_method();
 #if (OPENSSL_VERSION_NUMBER >= 0x1000100fL)
  if (!strcmp(method, "tlsv1_1")) return TLSv1_1_method();
  if (!strcmp(method, "tlsv1_2")) return TLSv1_2_method();
  return NULL;
 }
 #else
 /**
 * Find the protocol.
 */
 static const SSL_METHOD* str2method(const char *method, int *vmin, int *vmax)
 {
  if (!strcmp(method, "any") || !strcmp(method, "sslv23")) { // 'sslv23' is deprecated
    *vmin = 0;
    *vmax = 0;
    return TLS_method();
  }
  else if (!strcmp(method, "tlsv1")) {
    *vmin = TLS1_VERSION;
    *vmax = TLS1_VERSION;
    return TLS_method();
  }
  else if (!strcmp(method, "tlsv1_1")) {
    *vmin = TLS1_1_VERSION;
    *vmax = TLS1_1_VERSION;
    return TLS_method();
  }
  else if (!strcmp(method, "tlsv1_2")) {
    *vmin = TLS1_2_VERSION;
    *vmax = TLS1_2_VERSION;
    return TLS_method();
  }
 #if defined(TLS1_3_VERSION)
  else if (!strcmp(method, "tlsv1_3")) {
    *vmin = TLS1_3_VERSION;
    *vmax = TLS1_3_VERSION;
    return TLS_method();
  }
 #endif
  return NULL;
 }
 #endif
 /**
 * Prepare the SSL handshake verify flag.
@ -200,6 +168,7 @@ static DH *dhparam_cb(SSL *ssl, int is_export, int keylength)
 {
  BIO *bio;
  lua_State *L;
  DH *dh_tmp = NULL;
  SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
  p_context pctx = (p_context)SSL_CTX_get_app_data(ctx);
@ -220,15 +189,24 @@ static DH *dhparam_cb(SSL *ssl, int is_export, int keylength)
    lua_pop(L, 2);  /* Remove values from stack */
    return NULL;
  }
-
+  bio = BIO_new_mem_buf((void*)lua_tostring(L, -1), 
-  bio = BIO_new_mem_buf((void*)lua_tostring(L, -1), lua_rawlen(L, -1));
+    lua_rawlen(L, -1));
  if (bio) {
-    pctx->dh_param = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
+    dh_tmp = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
    BIO_free(bio);
  }
  /*
   * OpenSSL exepcts the callback to maintain a reference to the DH*.  So,
   * cache it here, and clean up the previous set of parameters.  Any remaining
   * set is cleaned up when destroying the LuaSec context.
   */
  if (pctx->dh_param)
    DH_free(pctx->dh_param);
  pctx->dh_param = dh_tmp;
  lua_pop(L, 2);    /* Remove values from stack */
-  return pctx->dh_param;
+  return dh_tmp;
 }
 /**
@ -309,11 +287,10 @@ static int create(lua_State *L)
 {
  p_context ctx;
  const char *str_method;
-  const SSL_METHOD *method;
+  LSEC_SSL_METHOD *method;
  int vmin, vmax;
  str_method = luaL_checkstring(L, 1);
-  method = str2method(str_method, &vmin, &vmax);
+  method = str2method(str_method);
  if (!method) {
    lua_pushnil(L);
    lua_pushfstring(L, "invalid protocol (%s)", str_method);
@ -333,10 +310,6 @@ static int create(lua_State *L)
      ERR_reason_error_string(ERR_get_error()));
    return 2;
  }
 #ifdef LSEC_API_OPENSSL_1_1_0
  SSL_CTX_set_min_proto_version(ctx->context, vmin);
  SSL_CTX_set_max_proto_version(ctx->context, vmax);
 #endif
  ctx->mode = LSEC_MODE_INVALID;
  ctx->L = L;
  luaL_getmetatable(L, "SSL:Context");
@ -438,31 +411,14 @@ static int set_cipher(lua_State *L)
  const char *list = luaL_checkstring(L, 2);
  if (SSL_CTX_set_cipher_list(ctx, list) != 1) {
    lua_pushboolean(L, 0);
-    lua_pushfstring(L, "error setting cipher list (%s)", ERR_reason_error_string(ERR_get_error()));
+    lua_pushfstring(L, "error setting cipher list (%s)",
      ERR_reason_error_string(ERR_get_error()));
    return 2;
  }
  lua_pushboolean(L, 1);
  return 1;
 }
 /**
 * Set the cipher suites.
 */
 static int set_ciphersuites(lua_State *L)
 {
 #if defined(TLS1_3_VERSION)
  SSL_CTX *ctx = lsec_checkcontext(L, 1);
  const char *list = luaL_checkstring(L, 2);
  if (SSL_CTX_set_ciphersuites(ctx, list) != 1) {
    lua_pushboolean(L, 0);
    lua_pushfstring(L, "error setting cipher list (%s)", ERR_reason_error_string(ERR_get_error()));
    return 2;
  }
 #endif
  lua_pushboolean(L, 1);
  return 1;
 }
 /**
 * Set the depth for certificate checking.
 */
@ -511,6 +467,12 @@ static int set_options(lua_State *L)
  if (max > 1) {
    for (i = 2; i <= max; i++) {
      str = luaL_checkstring(L, i);
 #if !defined(SSL_OP_NO_COMPRESSION) && (OPENSSL_VERSION_NUMBER >= 0x0090800f) && (OPENSSL_VERSION_NUMBER < 0x1000000fL)
      /* Version 0.9.8 has a different way to disable compression */
      if (!strcmp(str, "no_compression"))
        ctx->comp_methods = NULL;
      else
 #endif
      if (!set_option_flag(str, &flag)) {
        lua_pushboolean(L, 0);
        lua_pushfstring(L, "invalid option (%s)", str);
@ -569,13 +531,12 @@ static int set_dhparam(lua_State *L)
 static int set_curve(lua_State *L)
 {
  long ret;
  EC_KEY *key = NULL;
  SSL_CTX *ctx = lsec_checkcontext(L, 1);
  const char *str = luaL_checkstring(L, 2);
  SSL_CTX_set_options(ctx, SSL_OP_SINGLE_ECDH_USE);
-  key = lsec_find_ec_key(L, str);
+  EC_KEY *key = lsec_find_ec_key(L, str);
  if (!key) {
    lua_pushboolean(L, 0);
@ -597,7 +558,9 @@ static int set_curve(lua_State *L)
  lua_pushboolean(L, 1);
  return 1;
 }
 #endif
 #if !defined(OPENSSL_NO_EC) && (defined(SSL_CTRL_SET_CURVES_LIST) || defined(SSL_CTX_set1_curves_list) || defined(SSL_CTRL_SET_ECDH_AUTO))
 /**
 * Set elliptic curves list.
 */
@ -614,8 +577,8 @@ static int set_curves_list(lua_State *L)
    return 2;
  }
-#if defined(LIBRESSL_VERSION_NUMBER) || !defined(LSEC_API_OPENSSL_1_1_0)
+#ifdef SSL_CTRL_SET_ECDH_AUTO
-  (void)SSL_CTX_set_ecdh_auto(ctx, 1);
+  SSL_CTX_set_ecdh_auto(ctx, 1);
 #endif
  lua_pushboolean(L, 1);
@ -623,291 +586,30 @@ static int set_curves_list(lua_State *L)
 }
 #endif
 /**
 * Set the protocols a client should send for ALPN.
 */
 static int set_alpn(lua_State *L)
 {
  long ret;
  size_t len;
  p_context ctx = checkctx(L, 1);
  const char *str = luaL_checklstring(L, 2, &len);
  ret = SSL_CTX_set_alpn_protos(ctx->context, (const unsigned char*)str, len);
  if (ret) {
    lua_pushboolean(L, 0);
    lua_pushfstring(L, "error setting ALPN (%s)", ERR_reason_error_string(ERR_get_error()));
    return 2;
  }
  lua_pushboolean(L, 1);
  return 1;
 }
 /**
 * This standard callback calls the server's callback in Lua sapce.
 * The server has to return a list in wire-format strings.
 * This function uses a helper function to match server and client lists.
 */
 static int alpn_cb(SSL *s, const unsigned char **out, unsigned char *outlen,
                   const unsigned char *in, unsigned int inlen, void *arg)
 {
  int ret;
  size_t server_len;
  const char *server;
  p_context ctx = (p_context)arg;
  lua_State *L = ctx->L;
  luaL_getmetatable(L, "SSL:ALPN:Registry");
  lua_pushlightuserdata(L, (void*)ctx->context);
  lua_gettable(L, -2);
  lua_pushlstring(L, (const char*)in, inlen);
  lua_call(L, 1, 1);
  if (!lua_isstring(L, -1)) {
    lua_pop(L, 2);
    return SSL_TLSEXT_ERR_NOACK;
  }
  // Protocol list from server in wire-format string
  server = luaL_checklstring(L, -1, &server_len);
  ret  = SSL_select_next_proto((unsigned char**)out, outlen, (const unsigned char*)server,
                               server_len, in, inlen);
  if (ret != OPENSSL_NPN_NEGOTIATED) {
    lua_pop(L, 2);
    return SSL_TLSEXT_ERR_NOACK;
  } 
  // Copy the result because lua_pop() can collect the pointer
  ctx->alpn = malloc(*outlen);
  memcpy(ctx->alpn, (void*)*out, *outlen);
  *out = (const unsigned char*)ctx->alpn;
  lua_pop(L, 2);
  return SSL_TLSEXT_ERR_OK;
 }
 /**
 * Set a callback a server can use to select the next protocol with ALPN.
 */
 static int set_alpn_cb(lua_State *L)
 {
  p_context ctx = checkctx(L, 1);
  luaL_getmetatable(L, "SSL:ALPN:Registry");
  lua_pushlightuserdata(L, (void*)ctx->context);
  lua_pushvalue(L, 2);
  lua_settable(L, -3);
  SSL_CTX_set_alpn_select_cb(ctx->context, alpn_cb, ctx);
  lua_pushboolean(L, 1);
  return 1;
 }
 #if defined(LSEC_ENABLE_PSK)
 /**
 * Callback to select the PSK.
 */
 static unsigned int server_psk_cb(SSL *ssl, const char *identity, unsigned char *psk,
  unsigned int max_psk_len)
 {
  size_t psk_len;
  const char *ret_psk;
  SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
  p_context pctx = (p_context)SSL_CTX_get_app_data(ctx);
  lua_State *L = pctx->L;
  luaL_getmetatable(L, "SSL:PSK:Registry");
  lua_pushlightuserdata(L, (void*)pctx->context);
  lua_gettable(L, -2);
  lua_pushstring(L, identity);
  lua_pushinteger(L, max_psk_len);
  lua_call(L, 2, 1);
  if (!lua_isstring(L, -1)) {
    lua_pop(L, 2);
    return 0;
  }
  ret_psk = lua_tolstring(L, -1, &psk_len);
  if (psk_len == 0 || psk_len > max_psk_len)
    psk_len = 0;
  else
    memcpy(psk, ret_psk, psk_len);
  lua_pop(L, 2);
  return psk_len;
 }
 /**
 * Set a PSK callback for server.
 */
 static int set_server_psk_cb(lua_State *L)
 {
  p_context ctx = checkctx(L, 1);
  luaL_getmetatable(L, "SSL:PSK:Registry");
  lua_pushlightuserdata(L, (void*)ctx->context);
  lua_pushvalue(L, 2);
  lua_settable(L, -3);
  SSL_CTX_set_psk_server_callback(ctx->context, server_psk_cb);
  lua_pushboolean(L, 1);
  return 1;
 }
 /*
 * Set the PSK indentity hint.
 */
 static int set_psk_identity_hint(lua_State *L)
 {
  p_context ctx = checkctx(L, 1);
  const char *hint = luaL_checkstring(L, 2);
  int ret = SSL_CTX_use_psk_identity_hint(ctx->context, hint);
  lua_pushboolean(L, ret);
  return 1;
 }
 /*
 * Client callback to PSK.
 */
 static unsigned int client_psk_cb(SSL *ssl, const char *hint, char *identity,
  unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len)
 {
  size_t psk_len;
  size_t identity_len;
  const char *ret_psk;
  const char *ret_identity;
  SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
  p_context pctx = (p_context)SSL_CTX_get_app_data(ctx);
  lua_State *L = pctx->L;
  luaL_getmetatable(L, "SSL:PSK:Registry");
  lua_pushlightuserdata(L, (void*)pctx->context);
  lua_gettable(L, -2);
  if (hint)
    lua_pushstring(L, hint);
  else
    lua_pushnil(L);
  // Leave space to '\0'
  lua_pushinteger(L, max_identity_len-1);
  lua_pushinteger(L, max_psk_len);
  lua_call(L, 3, 2);
  if (!lua_isstring(L, -1) || !lua_isstring(L, -2)) {
    lua_pop(L, 3);
    return 0;
  }
  ret_identity = lua_tolstring(L, -2, &identity_len);
  ret_psk = lua_tolstring(L, -1, &psk_len);
  if (identity_len >= max_identity_len || psk_len > max_psk_len)
    psk_len = 0;
  else {
    memcpy(identity, ret_identity, identity_len);
    identity[identity_len] = 0;
    memcpy(psk, ret_psk, psk_len);
  }
  lua_pop(L, 3);
  return psk_len;
 }
 /**
 * Set a PSK callback for client.
 */
 static int set_client_psk_cb(lua_State *L) {
  p_context ctx = checkctx(L, 1);
  luaL_getmetatable(L, "SSL:PSK:Registry");
  lua_pushlightuserdata(L, (void*)ctx->context);
  lua_pushvalue(L, 2);
  lua_settable(L, -3);
  SSL_CTX_set_psk_client_callback(ctx->context, client_psk_cb);
  lua_pushboolean(L, 1);
  return 1;
 }
 #endif
 #if defined(LSEC_ENABLE_DANE)
 /*
 * DANE
 */
 static int dane_options[] = {
  /* TODO move into options.c
   * however this symbol is not from openssl/ssl.h but rather from
   * openssl/x509_vfy.h
   * */
 #ifdef DANE_FLAG_NO_DANE_EE_NAMECHECKS
  DANE_FLAG_NO_DANE_EE_NAMECHECKS,
 #endif
  0
 };
 static const char *dane_option_names[] = {
 #ifdef DANE_FLAG_NO_DANE_EE_NAMECHECKS
  "no_ee_namechecks",
 #endif
  NULL
 };
 static int set_dane(lua_State *L)
 {
  int ret, i;
  SSL_CTX *ctx = lsec_checkcontext(L, 1);
  ret = SSL_CTX_dane_enable(ctx);
  for (i = 2; ret > 0 && i <= lua_gettop(L); i++) {
    ret = SSL_CTX_dane_set_flags(ctx, dane_options[luaL_checkoption(L, i, NULL, dane_option_names)]);
  }
  lua_pushboolean(L, (ret > 0));
  return 1;
 }
 #endif
 /**
 * Package functions
 */
 static luaL_Reg funcs[] = {
-  {"create",          create},
+  {"create",       create},
-  {"locations",       load_locations},
+  {"locations",    load_locations},
-  {"loadcert",        load_cert},
+  {"loadcert",     load_cert},
-  {"loadkey",         load_key},
+  {"loadkey",      load_key},
-  {"checkkey",        check_key},
+  {"checkkey",     check_key},
-  {"setalpn",         set_alpn},
+  {"setcipher",    set_cipher},
-  {"setalpncb",       set_alpn_cb},
+  {"setdepth",     set_depth},
-  {"setcipher",       set_cipher},
+  {"setdhparam",   set_dhparam},
-  {"setciphersuites", set_ciphersuites},
+  {"setverify",    set_verify},
-  {"setdepth",        set_depth},
+  {"setoptions",   set_options},
-  {"setdhparam",      set_dhparam},
+  {"setmode",      set_mode},
-  {"setverify",       set_verify},
+
  {"setoptions",      set_options},
 #if defined(LSEC_ENABLE_PSK)
  {"setpskhint",      set_psk_identity_hint},
  {"setserverpskcb",  set_server_psk_cb},
  {"setclientpskcb",  set_client_psk_cb},
 #endif
  {"setmode",         set_mode},
 #if !defined(OPENSSL_NO_EC)
-  {"setcurve",        set_curve},
+  {"setcurve",     set_curve},
  {"setcurveslist",   set_curves_list},
 #endif
-#if defined(LSEC_ENABLE_DANE)
+
-  {"setdane",         set_dane},
+#if !defined(OPENSSL_NO_EC) && (defined(SSL_CTRL_SET_CURVES_LIST) || defined(SSL_CTX_set1_curves_list) || defined(SSL_CTRL_SET_ECDH_AUTO))
  {"setcurveslist", set_curves_list},
 #endif
  {NULL, NULL}
 };
@ -929,18 +631,15 @@ static int meth_destroy(lua_State *L)
    lua_pushlightuserdata(L, (void*)ctx->context);
    lua_pushnil(L);
    lua_settable(L, -3);
    luaL_getmetatable(L, "SSL:ALPN:Registry");
    lua_pushlightuserdata(L, (void*)ctx->context);
    lua_pushnil(L);
    lua_settable(L, -3);
    luaL_getmetatable(L, "SSL:PSK:Registry");
    lua_pushlightuserdata(L, (void*)ctx->context);
    lua_pushnil(L);
    lua_settable(L, -3);
    SSL_CTX_free(ctx->context);
    ctx->context = NULL;
  }
  if (ctx->dh_param) {
    DH_free(ctx->dh_param);
    ctx->dh_param = NULL;
  }
  return 0;
 }
@ -1012,7 +711,6 @@ static int meth_set_verify_ext(lua_State *L)
 * Context metamethods.
 */
 static luaL_Reg meta[] = {
  {"__close",    meth_destroy},
  {"__gc",       meth_destroy},
  {"__tostring", meth_tostring},
  {NULL, NULL}
@ -1079,10 +777,8 @@ void *lsec_testudata (lua_State *L, int ud, const char *tname) {
 */
 LSEC_API int luaopen_ssl_context(lua_State *L)
 {
-  luaL_newmetatable(L, "SSL:DH:Registry");        /* Keep all DH callbacks   */
+  luaL_newmetatable(L, "SSL:DH:Registry");      /* Keep all DH callbacks */
-  luaL_newmetatable(L, "SSL:ALPN:Registry");      /* Keep all ALPN callbacks */
+  luaL_newmetatable(L, "SSL:Verify:Registry");  /* Keep all verify flags */
  luaL_newmetatable(L, "SSL:PSK:Registry");       /* Keep all PSK callbacks */
  luaL_newmetatable(L, "SSL:Verify:Registry");    /* Keep all verify flags   */
  luaL_newmetatable(L, "SSL:Context");
  setfuncs(L, meta);
--- a/src/context.h
+++ b/src/context.h
@ -2,9 +2,9 @@
 #define LSEC_CONTEXT_H
 /*--------------------------------------------------------------------------
- * LuaSec 1.3.2
+ * LuaSec 0.7
 *
- * Copyright (C) 2006-2023 Bruno Silvestre
+ * Copyright (C) 2006-2017 Bruno Silvestre
 *
 *--------------------------------------------------------------------------*/
@ -24,7 +24,6 @@ typedef struct t_context_ {
  SSL_CTX *context;
  lua_State *L;
  DH *dh_param;
  void *alpn;
  int mode;
 } t_context;
 typedef t_context* p_context;
--- a/src/ec.c
+++ b/src/ec.c
@ -1,15 +1,8 @@
 /*--------------------------------------------------------------------------
 * LuaSec 1.3.2
 *
 * Copyright (C) 2006-2023 Bruno Silvestre
 *
 *--------------------------------------------------------------------------*/
 #include <openssl/objects.h>
 #include "ec.h"
-#ifndef OPENSSL_NO_EC
+#ifndef OPENSSL_NO_ECDH
 EC_KEY *lsec_find_ec_key(lua_State *L, const char *str)
 {
@ -63,24 +56,25 @@ void lsec_load_curves(lua_State *L)
        lua_pushnumber(L, curves[i].nid);
        lua_rawset(L, -3);
        break;
 #ifdef NID_X25519
     case NID_X25519:
        lua_pushstring(L, "X25519");
        lua_pushnumber(L, curves[i].nid);
        lua_rawset(L, -3);
        break;
 #endif
 #ifdef NID_X448
     case NID_X448:
        lua_pushstring(L, "X448");
        lua_pushnumber(L, curves[i].nid);
        lua_rawset(L, -3);
        break;
 #endif
      }
    }
    free(curves);
  }
  /* These are special so are manually added here */
 #ifdef NID_X25519
  lua_pushstring(L, "X25519");
  lua_pushnumber(L, NID_X25519);
  lua_rawset(L, -3);
 #endif
 #ifdef NID_X448
  lua_pushstring(L, "X448");
  lua_pushnumber(L, NID_X448);
  lua_rawset(L, -3);
 #endif
  lua_rawset(L,  LUA_REGISTRYINDEX);
 }
--- a/src/ec.h
+++ b/src/ec.h
@ -1,7 +1,7 @@
 /*--------------------------------------------------------------------------
- * LuaSec 1.3.2
+ * LuaSec 0.7
 *
- * Copyright (C) 2006-2023 Bruno Silvestre
+ * Copyright (C) 2006-2018 Bruno Silvestre
 *
 *--------------------------------------------------------------------------*/
@ -10,7 +10,7 @@
 #include <lua.h>
-#ifndef OPENSSL_NO_EC
+#ifndef OPENSSL_NO_ECDH
 #include <openssl/ec.h>
 EC_KEY *lsec_find_ec_key(lua_State *L, const char *str);
--- a/src/https.lua
+++ b/src/https.lua
@ -1,7 +1,6 @@
 ----------------------------------------------------------------------------
-- LuaSec 1.3.2
+-- LuaSec 0.7
--
+-- Copyright (C) 2009-2018 PUC-Rio
 -- Copyright (C) 2009-2023 PUC-Rio
 --
 -- Author: Pablo Musa
 -- Author: Tomas Guisasola
@ -19,16 +18,15 @@ local try    = socket.try
 -- Module
 --
 local _M = {
-  _VERSION   = "1.3.2",
+  _VERSION   = "0.7",
-  _COPYRIGHT = "LuaSec 1.3.2 - Copyright (C) 2009-2023 PUC-Rio",
+  _COPYRIGHT = "LuaSec 0.7 - Copyright (C) 2009-2018 PUC-Rio",
  PORT       = 443,
  TIMEOUT    = 60
 }
 -- TLS configuration
 local cfg = {
  protocol = "any",
-  options  = {"all", "no_sslv2", "no_sslv3", "no_tlsv1"},
+  options  = {"all", "no_sslv2", "no_sslv3"},
  verify   = "none",
 }
@ -85,16 +83,15 @@ local function tcp(params)
      conn.sock = try(socket.tcp())
      local st = getmetatable(conn.sock).__index.settimeout
      function conn:settimeout(...)
-         return st(self.sock, _M.TIMEOUT)
+         return st(self.sock, ...)
      end
      -- Replace TCP's connection function
      function conn:connect(host, port)
         try(self.sock:connect(host, port))
         self.sock = try(ssl.wrap(self.sock, params))
         self.sock:sni(host)
         self.sock:settimeout(_M.TIMEOUT)
         try(self.sock:dohandshake())
-         reg(self)
+         reg(self, getmetatable(self.sock))
         return 1
      end
      return conn
@ -142,6 +139,5 @@ end
 --
 _M.request = request
 _M.tcp = tcp
 return _M
--- a/src/luasocket/buffer.c
+++ b/src/luasocket/buffer.c
@ -78,7 +78,9 @@ int buffer_meth_send(lua_State *L, p_buffer buf) {
    const char *data = luaL_checklstring(L, 2, &size);
    long start = (long) luaL_optnumber(L, 3, 1);
    long end = (long) luaL_optnumber(L, 4, -1);
-    timeout_markstart(buf->tm);
+#ifdef LUASOCKET_DEBUG
    p_timeout tm = timeout_markstart(buf->tm);
 #endif
    if (start < 0) start = (long) (size+start+1);
    if (end < 0) end = (long) (size+end+1);
    if (start < 1) start = (long) 1;
@ -96,7 +98,7 @@ int buffer_meth_send(lua_State *L, p_buffer buf) {
    }
 #ifdef LUASOCKET_DEBUG
    /* push time elapsed during operation as the last return value */
-    lua_pushnumber(L, timeout_gettime() - timeout_getstart(buf->tm));
+    lua_pushnumber(L, timeout_gettime() - timeout_getstart(tm));
 #endif
    return lua_gettop(L) - top;
 }
@ -105,17 +107,13 @@ int buffer_meth_send(lua_State *L, p_buffer buf) {
 * object:receive() interface
 \*-------------------------------------------------------------------------*/
 int buffer_meth_receive(lua_State *L, p_buffer buf) {
    int err = IO_DONE, top = lua_gettop(L);
    luaL_Buffer b;
    size_t size;
-    const char *part;
+    const char *part = luaL_optlstring(L, 3, "", &size);
-    int err = IO_DONE;
+#ifdef LUASOCKET_DEBUG
-    int top = lua_gettop(L);
+    p_timeout tm = timeout_markstart(buf->tm);
-    if (top < 3) {
+#endif
        lua_settop(L, 3);
        top = 3;
    }
    part = luaL_optlstring(L, 3, "", &size);
    timeout_markstart(buf->tm);
    /* initialize buffer with optional extra prefix 
     * (useful for concatenating previous partial results) */
    luaL_buffinit(L, &b);
@ -151,7 +149,7 @@ int buffer_meth_receive(lua_State *L, p_buffer buf) {
    }
 #ifdef LUASOCKET_DEBUG
    /* push time elapsed during operation as the last return value */
-    lua_pushnumber(L, timeout_gettime() - timeout_getstart(buf->tm));
+    lua_pushnumber(L, timeout_gettime() - timeout_getstart(tm));
 #endif
    return lua_gettop(L) - top;
 }
--- a/src/luasocket/usocket.c
+++ b/src/luasocket/usocket.c
@ -426,9 +426,7 @@ const char *socket_gaistrerror(int err) {
        case EAI_MEMORY: return "memory allocation failure";
        case EAI_NONAME: 
            return "host or service not provided, or not known";
 #ifdef EAI_OVERFLOW
        case EAI_OVERFLOW: return "argument buffer overflow";
 #endif
 #ifdef EAI_PROTOCOL
        case EAI_PROTOCOL: return "resolved protocol is unknown";
 #endif
--- a/src/options.c
+++ b/src/options.c
@ -1,185 +0,0 @@
 /*--------------------------------------------------------------------------
 * LuaSec 1.3.2
 *
 * Copyright (C) 2006-2023 Bruno Silvestre
 *
 *--------------------------------------------------------------------------*/
 #include <openssl/ssl.h>
 #include "options.h"
 /* If you need to generate these options again, see options.lua */
 /* 
  OpenSSL version: OpenSSL 3.0.8
 */
 static lsec_ssl_option_t ssl_options[] = {
 #if defined(SSL_OP_ALL)
  {"all", SSL_OP_ALL},
 #endif
 #if defined(SSL_OP_ALLOW_CLIENT_RENEGOTIATION)
  {"allow_client_renegotiation", SSL_OP_ALLOW_CLIENT_RENEGOTIATION},
 #endif
 #if defined(SSL_OP_ALLOW_NO_DHE_KEX)
  {"allow_no_dhe_kex", SSL_OP_ALLOW_NO_DHE_KEX},
 #endif
 #if defined(SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)
  {"allow_unsafe_legacy_renegotiation", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION},
 #endif
 #if defined(SSL_OP_CIPHER_SERVER_PREFERENCE)
  {"cipher_server_preference", SSL_OP_CIPHER_SERVER_PREFERENCE},
 #endif
 #if defined(SSL_OP_CISCO_ANYCONNECT)
  {"cisco_anyconnect", SSL_OP_CISCO_ANYCONNECT},
 #endif
 #if defined(SSL_OP_CLEANSE_PLAINTEXT)
  {"cleanse_plaintext", SSL_OP_CLEANSE_PLAINTEXT},
 #endif
 #if defined(SSL_OP_COOKIE_EXCHANGE)
  {"cookie_exchange", SSL_OP_COOKIE_EXCHANGE},
 #endif
 #if defined(SSL_OP_CRYPTOPRO_TLSEXT_BUG)
  {"cryptopro_tlsext_bug", SSL_OP_CRYPTOPRO_TLSEXT_BUG},
 #endif
 #if defined(SSL_OP_DISABLE_TLSEXT_CA_NAMES)
  {"disable_tlsext_ca_names", SSL_OP_DISABLE_TLSEXT_CA_NAMES},
 #endif
 #if defined(SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)
  {"dont_insert_empty_fragments", SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS},
 #endif
 #if defined(SSL_OP_ENABLE_KTLS)
  {"enable_ktls", SSL_OP_ENABLE_KTLS},
 #endif
 #if defined(SSL_OP_ENABLE_MIDDLEBOX_COMPAT)
  {"enable_middlebox_compat", SSL_OP_ENABLE_MIDDLEBOX_COMPAT},
 #endif
 #if defined(SSL_OP_EPHEMERAL_RSA)
  {"ephemeral_rsa", SSL_OP_EPHEMERAL_RSA},
 #endif
 #if defined(SSL_OP_IGNORE_UNEXPECTED_EOF)
  {"ignore_unexpected_eof", SSL_OP_IGNORE_UNEXPECTED_EOF},
 #endif
 #if defined(SSL_OP_LEGACY_SERVER_CONNECT)
  {"legacy_server_connect", SSL_OP_LEGACY_SERVER_CONNECT},
 #endif
 #if defined(SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
  {"microsoft_big_sslv3_buffer", SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER},
 #endif
 #if defined(SSL_OP_MICROSOFT_SESS_ID_BUG)
  {"microsoft_sess_id_bug", SSL_OP_MICROSOFT_SESS_ID_BUG},
 #endif
 #if defined(SSL_OP_MSIE_SSLV2_RSA_PADDING)
  {"msie_sslv2_rsa_padding", SSL_OP_MSIE_SSLV2_RSA_PADDING},
 #endif
 #if defined(SSL_OP_NETSCAPE_CA_DN_BUG)
  {"netscape_ca_dn_bug", SSL_OP_NETSCAPE_CA_DN_BUG},
 #endif
 #if defined(SSL_OP_NETSCAPE_CHALLENGE_BUG)
  {"netscape_challenge_bug", SSL_OP_NETSCAPE_CHALLENGE_BUG},
 #endif
 #if defined(SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG)
  {"netscape_demo_cipher_change_bug", SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG},
 #endif
 #if defined(SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG)
  {"netscape_reuse_cipher_change_bug", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG},
 #endif
 #if defined(SSL_OP_NO_ANTI_REPLAY)
  {"no_anti_replay", SSL_OP_NO_ANTI_REPLAY},
 #endif
 #if defined(SSL_OP_NO_COMPRESSION)
  {"no_compression", SSL_OP_NO_COMPRESSION},
 #endif
 #if defined(SSL_OP_NO_DTLS_MASK)
  {"no_dtls_mask", SSL_OP_NO_DTLS_MASK},
 #endif
 #if defined(SSL_OP_NO_DTLSv1)
  {"no_dtlsv1", SSL_OP_NO_DTLSv1},
 #endif
 #if defined(SSL_OP_NO_DTLSv1_2)
  {"no_dtlsv1_2", SSL_OP_NO_DTLSv1_2},
 #endif
 #if defined(SSL_OP_NO_ENCRYPT_THEN_MAC)
  {"no_encrypt_then_mac", SSL_OP_NO_ENCRYPT_THEN_MAC},
 #endif
 #if defined(SSL_OP_NO_EXTENDED_MASTER_SECRET)
  {"no_extended_master_secret", SSL_OP_NO_EXTENDED_MASTER_SECRET},
 #endif
 #if defined(SSL_OP_NO_QUERY_MTU)
  {"no_query_mtu", SSL_OP_NO_QUERY_MTU},
 #endif
 #if defined(SSL_OP_NO_RENEGOTIATION)
  {"no_renegotiation", SSL_OP_NO_RENEGOTIATION},
 #endif
 #if defined(SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)
  {"no_session_resumption_on_renegotiation", SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION},
 #endif
 #if defined(SSL_OP_NO_SSL_MASK)
  {"no_ssl_mask", SSL_OP_NO_SSL_MASK},
 #endif
 #if defined(SSL_OP_NO_SSLv2)
  {"no_sslv2", SSL_OP_NO_SSLv2},
 #endif
 #if defined(SSL_OP_NO_SSLv3)
  {"no_sslv3", SSL_OP_NO_SSLv3},
 #endif
 #if defined(SSL_OP_NO_TICKET)
  {"no_ticket", SSL_OP_NO_TICKET},
 #endif
 #if defined(SSL_OP_NO_TLSv1)
  {"no_tlsv1", SSL_OP_NO_TLSv1},
 #endif
 #if defined(SSL_OP_NO_TLSv1_1)
  {"no_tlsv1_1", SSL_OP_NO_TLSv1_1},
 #endif
 #if defined(SSL_OP_NO_TLSv1_2)
  {"no_tlsv1_2", SSL_OP_NO_TLSv1_2},
 #endif
 #if defined(SSL_OP_NO_TLSv1_3)
  {"no_tlsv1_3", SSL_OP_NO_TLSv1_3},
 #endif
 #if defined(SSL_OP_PKCS1_CHECK_1)
  {"pkcs1_check_1", SSL_OP_PKCS1_CHECK_1},
 #endif
 #if defined(SSL_OP_PKCS1_CHECK_2)
  {"pkcs1_check_2", SSL_OP_PKCS1_CHECK_2},
 #endif
 #if defined(SSL_OP_PRIORITIZE_CHACHA)
  {"prioritize_chacha", SSL_OP_PRIORITIZE_CHACHA},
 #endif
 #if defined(SSL_OP_SAFARI_ECDHE_ECDSA_BUG)
  {"safari_ecdhe_ecdsa_bug", SSL_OP_SAFARI_ECDHE_ECDSA_BUG},
 #endif
 #if defined(SSL_OP_SINGLE_DH_USE)
  {"single_dh_use", SSL_OP_SINGLE_DH_USE},
 #endif
 #if defined(SSL_OP_SINGLE_ECDH_USE)
  {"single_ecdh_use", SSL_OP_SINGLE_ECDH_USE},
 #endif
 #if defined(SSL_OP_SSLEAY_080_CLIENT_DH_BUG)
  {"ssleay_080_client_dh_bug", SSL_OP_SSLEAY_080_CLIENT_DH_BUG},
 #endif
 #if defined(SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG)
  {"sslref2_reuse_cert_type_bug", SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG},
 #endif
 #if defined(SSL_OP_TLSEXT_PADDING)
  {"tlsext_padding", SSL_OP_TLSEXT_PADDING},
 #endif
 #if defined(SSL_OP_TLS_BLOCK_PADDING_BUG)
  {"tls_block_padding_bug", SSL_OP_TLS_BLOCK_PADDING_BUG},
 #endif
 #if defined(SSL_OP_TLS_D5_BUG)
  {"tls_d5_bug", SSL_OP_TLS_D5_BUG},
 #endif
 #if defined(SSL_OP_TLS_ROLLBACK_BUG)
  {"tls_rollback_bug", SSL_OP_TLS_ROLLBACK_BUG},
 #endif
  {NULL, 0L}
 };
 LSEC_API lsec_ssl_option_t* lsec_get_ssl_options() {
  return ssl_options;
 }
--- a/src/options.h
+++ b/src/options.h
@ -2,21 +2,155 @@
 #define LSEC_OPTIONS_H
 /*--------------------------------------------------------------------------
- * LuaSec 1.3.2
+ * LuaSec 0.7
 *
- * Copyright (C) 2006-2023 Bruno Silvestre
+ * Copyright (C) 2006-2018 Bruno Silvestre
 *
 *--------------------------------------------------------------------------*/
-#include "compat.h"
+#include <openssl/ssl.h>
-struct lsec_ssl_option_s {
+/* If you need to generate these options again, see options.lua */
 /* 
  OpenSSL version: OpenSSL 1.1.0h
 */
 struct ssl_option_s {
  const char *name;
  unsigned long code;
 };
 typedef struct ssl_option_s ssl_option_t;
-typedef struct lsec_ssl_option_s lsec_ssl_option_t;
+static ssl_option_t ssl_options[] = {
-
+#if defined(SSL_OP_ALL)
-LSEC_API lsec_ssl_option_t* lsec_get_ssl_options();
+  {"all", SSL_OP_ALL},
 #endif
 #if defined(SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)
  {"allow_unsafe_legacy_renegotiation", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION},
 #endif
 #if defined(SSL_OP_CIPHER_SERVER_PREFERENCE)
  {"cipher_server_preference", SSL_OP_CIPHER_SERVER_PREFERENCE},
 #endif
 #if defined(SSL_OP_CISCO_ANYCONNECT)
  {"cisco_anyconnect", SSL_OP_CISCO_ANYCONNECT},
 #endif
 #if defined(SSL_OP_COOKIE_EXCHANGE)
  {"cookie_exchange", SSL_OP_COOKIE_EXCHANGE},
 #endif
 #if defined(SSL_OP_CRYPTOPRO_TLSEXT_BUG)
  {"cryptopro_tlsext_bug", SSL_OP_CRYPTOPRO_TLSEXT_BUG},
 #endif
 #if defined(SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)
  {"dont_insert_empty_fragments", SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS},
 #endif
 #if defined(SSL_OP_EPHEMERAL_RSA)
  {"ephemeral_rsa", SSL_OP_EPHEMERAL_RSA},
 #endif
 #if defined(SSL_OP_LEGACY_SERVER_CONNECT)
  {"legacy_server_connect", SSL_OP_LEGACY_SERVER_CONNECT},
 #endif
 #if defined(SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
  {"microsoft_big_sslv3_buffer", SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER},
 #endif
 #if defined(SSL_OP_MICROSOFT_SESS_ID_BUG)
  {"microsoft_sess_id_bug", SSL_OP_MICROSOFT_SESS_ID_BUG},
 #endif
 #if defined(SSL_OP_MSIE_SSLV2_RSA_PADDING)
  {"msie_sslv2_rsa_padding", SSL_OP_MSIE_SSLV2_RSA_PADDING},
 #endif
 #if defined(SSL_OP_NETSCAPE_CA_DN_BUG)
  {"netscape_ca_dn_bug", SSL_OP_NETSCAPE_CA_DN_BUG},
 #endif
 #if defined(SSL_OP_NETSCAPE_CHALLENGE_BUG)
  {"netscape_challenge_bug", SSL_OP_NETSCAPE_CHALLENGE_BUG},
 #endif
 #if defined(SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG)
  {"netscape_demo_cipher_change_bug", SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG},
 #endif
 #if defined(SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG)
  {"netscape_reuse_cipher_change_bug", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG},
 #endif
 #if defined(SSL_OP_NO_COMPRESSION)
  {"no_compression", SSL_OP_NO_COMPRESSION},
 #endif
 #if defined(SSL_OP_NO_DTLS_MASK)
  {"no_dtls_mask", SSL_OP_NO_DTLS_MASK},
 #endif
 #if defined(SSL_OP_NO_DTLSv1)
  {"no_dtlsv1", SSL_OP_NO_DTLSv1},
 #endif
 #if defined(SSL_OP_NO_DTLSv1_2)
  {"no_dtlsv1_2", SSL_OP_NO_DTLSv1_2},
 #endif
 #if defined(SSL_OP_NO_ENCRYPT_THEN_MAC)
  {"no_encrypt_then_mac", SSL_OP_NO_ENCRYPT_THEN_MAC},
 #endif
 #if defined(SSL_OP_NO_QUERY_MTU)
  {"no_query_mtu", SSL_OP_NO_QUERY_MTU},
 #endif
 #if defined(SSL_OP_NO_RENEGOTIATION)
  {"no_renegotiation", SSL_OP_NO_RENEGOTIATION},
 #endif
 #if defined(SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)
  {"no_session_resumption_on_renegotiation", SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION},
 #endif
 #if defined(SSL_OP_NO_SSL_MASK)
  {"no_ssl_mask", SSL_OP_NO_SSL_MASK},
 #endif
 #if defined(SSL_OP_NO_SSLv2)
  {"no_sslv2", SSL_OP_NO_SSLv2},
 #endif
 #if defined(SSL_OP_NO_SSLv3)
  {"no_sslv3", SSL_OP_NO_SSLv3},
 #endif
 #if defined(SSL_OP_NO_TICKET)
  {"no_ticket", SSL_OP_NO_TICKET},
 #endif
 #if defined(SSL_OP_NO_TLSv1)
  {"no_tlsv1", SSL_OP_NO_TLSv1},
 #endif
 #if defined(SSL_OP_NO_TLSv1_1)
  {"no_tlsv1_1", SSL_OP_NO_TLSv1_1},
 #endif
 #if defined(SSL_OP_NO_TLSv1_2)
  {"no_tlsv1_2", SSL_OP_NO_TLSv1_2},
 #endif
 #if defined(SSL_OP_PKCS1_CHECK_1)
  {"pkcs1_check_1", SSL_OP_PKCS1_CHECK_1},
 #endif
 #if defined(SSL_OP_PKCS1_CHECK_2)
  {"pkcs1_check_2", SSL_OP_PKCS1_CHECK_2},
 #endif
 #if defined(SSL_OP_SAFARI_ECDHE_ECDSA_BUG)
  {"safari_ecdhe_ecdsa_bug", SSL_OP_SAFARI_ECDHE_ECDSA_BUG},
 #endif
 #if defined(SSL_OP_SINGLE_DH_USE)
  {"single_dh_use", SSL_OP_SINGLE_DH_USE},
 #endif
 #if defined(SSL_OP_SINGLE_ECDH_USE)
  {"single_ecdh_use", SSL_OP_SINGLE_ECDH_USE},
 #endif
 #if defined(SSL_OP_SSLEAY_080_CLIENT_DH_BUG)
  {"ssleay_080_client_dh_bug", SSL_OP_SSLEAY_080_CLIENT_DH_BUG},
 #endif
 #if defined(SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG)
  {"sslref2_reuse_cert_type_bug", SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG},
 #endif
 #if defined(SSL_OP_TLSEXT_PADDING)
  {"tlsext_padding", SSL_OP_TLSEXT_PADDING},
 #endif
 #if defined(SSL_OP_TLS_BLOCK_PADDING_BUG)
  {"tls_block_padding_bug", SSL_OP_TLS_BLOCK_PADDING_BUG},
 #endif
 #if defined(SSL_OP_TLS_D5_BUG)
  {"tls_d5_bug", SSL_OP_TLS_D5_BUG},
 #endif
 #if defined(SSL_OP_TLS_ROLLBACK_BUG)
  {"tls_rollback_bug", SSL_OP_TLS_ROLLBACK_BUG},
 #endif
  {NULL, 0L}
 };
 #endif
--- a/src/options.lua
+++ b/src/options.lua
@ -1,10 +1,10 @@
 local function usage()
  print("Usage:")
  print("* Generate options of your system:")
-  print("  lua options.lua -g /path/to/ssl.h [version] > options.c")
+  print("  lua options.lua -g /path/to/ssl.h [version] > options.h")
  print("* Examples:")
-  print("  lua options.lua -g /usr/include/openssl/ssl.h > options.c\n")
+  print("  lua options.lua -g /usr/include/openssl/ssl.h > options.h\n")
-  print("  lua options.lua -g /usr/include/openssl/ssl.h \"OpenSSL 1.1.1f\" > options.c\n")
+  print("  lua options.lua -g /usr/include/openssl/ssl.h \"OpenSSL 1.0.1 14\" > options.h\n")
  print("* List options of your system:")
  print("  lua options.lua -l /path/to/ssl.h\n")
@ -17,28 +17,34 @@ end
 local function generate(options, version)
  print([[
 #ifndef LSEC_OPTIONS_H
 #define LSEC_OPTIONS_H
 /*--------------------------------------------------------------------------
- * LuaSec 1.3.2
+ * LuaSec 0.7
 *
- * Copyright (C) 2006-2023 Bruno Silvestre
+ * Copyright (C) 2006-2018 Bruno Silvestre
 *
 *--------------------------------------------------------------------------*/
 #include <openssl/ssl.h>
 #include "options.h"
 /* If you need to generate these options again, see options.lua */
 ]])
  printf([[
 /* 
  OpenSSL version: %s
 */
 ]], version)
  print([[
 struct ssl_option_s {
  const char *name;
  unsigned long code;
 };
 typedef struct ssl_option_s ssl_option_t;
 ]])
-  print([[static lsec_ssl_option_t ssl_options[] = {]])
+  print([[static ssl_option_t ssl_options[] = {]])
  for k, option in ipairs(options) do
    local name = string.lower(string.sub(option, 8))
@ -50,9 +56,7 @@ local function generate(options, version)
  print([[
 };
-LSEC_API lsec_ssl_option_t* lsec_get_ssl_options() {
+#endif
  return ssl_options;
 }
 ]])
 end
@ -60,12 +64,9 @@ local function loadoptions(file)
  local options = {}
  local f = assert(io.open(file, "r"))
  for line in f:lines() do
-    local op = string.match(line, "define%s+(SSL_OP_BIT%()")
+    local op = string.match(line, "define%s+(SSL_OP_%S+)")
-    if not op then
+    if op then
-      op = string.match(line, "define%s+(SSL_OP_%S+)")
+      table.insert(options, op)
      if op then
        table.insert(options, op)
      end
    end
  end
  table.sort(options, function(a,b) return a<b end)
--- a/src/ssl.c
+++ b/src/ssl.c
@ -1,8 +1,9 @@
 /*--------------------------------------------------------------------------
- * LuaSec 1.3.2
+ * LuaSec 0.7
 *
- * Copyright (C) 2014-2023 Kim Alvefur, Paul Aurich, Tobias Markmann, Matthew Wild
+ * Copyright (C) 2014-2018 Kim Alvefur, Paul Aurich, Tobias Markmann, 
- * Copyright (C) 2006-2023 Bruno Silvestre
+ *                         Matthew Wild.
 * Copyright (C) 2006-2018 Bruno Silvestre.
 *
 *--------------------------------------------------------------------------*/
@ -10,14 +11,13 @@
 #include <string.h>
 #if defined(WIN32)
-#include <winsock2.h>
+#include <Winsock2.h>
 #endif
 #include <openssl/ssl.h>
 #include <openssl/x509v3.h>
 #include <openssl/x509_vfy.h>
 #include <openssl/err.h>
 #include <openssl/dh.h>
 #include <lua.h>
 #include <lauxlib.h>
@ -32,7 +32,7 @@
 #include "ssl.h"
-#ifndef LSEC_API_OPENSSL_1_1_0
+#if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER<0x10100000L
 #define SSL_is_server(s) (s->server)
 #define SSL_up_ref(ssl)  CRYPTO_add(&(ssl)->references, 1, CRYPTO_LOCK_SSL)
 #define X509_up_ref(c)   CRYPTO_add(&c->references, 1, CRYPTO_LOCK_X509)
@ -47,11 +47,6 @@ static int lsec_socket_error()
 #if defined(WIN32)
  return WSAGetLastError();
 #else
 #if defined(LSEC_OPENSSL_ERRNO_BUG)
  // Bug in OpenSSL
  if (errno == 0)
    return LSEC_IO_SSL;
 #endif
  return errno;
 #endif
 }
@ -307,7 +302,9 @@ static int meth_create(lua_State *L)
  SSL_set_fd(ssl->ssl, (int)SOCKET_INVALID);
  SSL_set_mode(ssl->ssl, SSL_MODE_ENABLE_PARTIAL_WRITE | 
    SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
 #if defined(SSL_MODE_RELEASE_BUFFERS)
  SSL_set_mode(ssl->ssl, SSL_MODE_RELEASE_BUFFERS);
 #endif
  if (mode == LSEC_MODE_SERVER)
    SSL_set_accept_state(ssl->ssl);
  else
@ -385,19 +382,8 @@ static int meth_setfd(lua_State *L)
 */
 static int meth_handshake(lua_State *L)
 {
  int err;
  p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
-  p_context ctx = (p_context)SSL_CTX_get_app_data(SSL_get_SSL_CTX(ssl->ssl));
+  int err = handshake(ssl);
  ctx->L = L;
  err = handshake(ssl);
  if (ctx->dh_param) {
    DH_free(ctx->dh_param);
    ctx->dh_param = NULL;
  }
  if (ctx->alpn) {
    free(ctx->alpn);
    ctx->alpn = NULL;
  }
  if (err == IO_DONE) {
    lua_pushboolean(L, 1);
    return 1;
@ -529,58 +515,6 @@ static int meth_getpeercertificate(lua_State *L)
  return 1;
 }
 /**
 * Return the nth certificate of the chain sent to our peer.
 */
 static int meth_getlocalcertificate(lua_State *L)
 {
  int n;
  X509 *cert;
  STACK_OF(X509) *certs;
  p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
  if (ssl->state != LSEC_STATE_CONNECTED) {
    lua_pushnil(L);
    lua_pushstring(L, "closed");
    return 2;
  }
  /* Default to the first cert */
  n = (int)luaL_optinteger(L, 2, 1);
  /* This function is 1-based, but OpenSSL is 0-based */
  --n;
  if (n < 0) {
    lua_pushnil(L);
    lua_pushliteral(L, "invalid certificate index");
    return 2;
  }
  if (n == 0) {
    cert = SSL_get_certificate(ssl->ssl);
    if (cert)
      lsec_pushx509(L, cert);
    else
      lua_pushnil(L);
    return 1;
  }
  /* In a server-context, the stack doesn't contain the peer cert,
   * so adjust accordingly.
   */
  if (SSL_is_server(ssl->ssl))
    --n;
  if(SSL_get0_chain_certs(ssl->ssl, &certs) != 1) {
    lua_pushnil(L);
  } else {
    if (n >= sk_X509_num(certs)) {
      lua_pushnil(L);
      return 1;
    }
    cert = sk_X509_value(certs, n);
    /* Increment the reference counting of the object. */
    /* See SSL_get_peer_certificate() source code.     */
    X509_up_ref(cert);
    lsec_pushx509(L, cert);
  }
  return 1;
 }
 /**
 * Return the chain of certificate of the peer.
 */
@ -615,41 +549,6 @@ static int meth_getpeerchain(lua_State *L)
  return 1;
 }
 /**
 * Return the chain of certificates sent to the peer.
 */
 static int meth_getlocalchain(lua_State *L)
 {
  int i;
  int idx = 1;
  int n_certs;
  X509 *cert;
  STACK_OF(X509) *certs;
  p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
  if (ssl->state != LSEC_STATE_CONNECTED) {
    lua_pushnil(L);
    lua_pushstring(L, "closed");
    return 2;
  }
  lua_newtable(L);
  if (SSL_is_server(ssl->ssl)) {
    lsec_pushx509(L, SSL_get_certificate(ssl->ssl));
    lua_rawseti(L, -2, idx++);
  }
  if(SSL_get0_chain_certs(ssl->ssl, &certs)) {
    n_certs = sk_X509_num(certs);
    for (i = 0; i < n_certs; i++) {
      cert = sk_X509_value(certs, i);
      /* Increment the reference counting of the object. */
      /* See SSL_get_peer_certificate() source code.     */
      X509_up_ref(cert);
      lsec_pushx509(L, cert);
      lua_rawseti(L, -2, idx++);
    }
  }
  return 1;
 }
 /**
 * Copy the table src to the table dst.
 */
@ -757,41 +656,6 @@ static int meth_getpeerfinished(lua_State *L)
  return 1;
 }
 /**
 * Get some shared keying material
 */
 static int meth_exportkeyingmaterial(lua_State *L)
 {
  p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
  if(ssl->state != LSEC_STATE_CONNECTED) {
    lua_pushnil(L);
    lua_pushstring(L, "closed");
    return 0;
  }
  size_t llen = 0;
  size_t contextlen = 0;
  const unsigned char *context = NULL;
  const char *label = (const char*)luaL_checklstring(L, 2, &llen);
  size_t olen = (size_t)luaL_checkinteger(L, 3);
  if (!lua_isnoneornil(L, 4))
    context = (const unsigned char*)luaL_checklstring(L, 4, &contextlen);
  /* Temporary buffer memory-managed by Lua itself */
  unsigned char *out = (unsigned char*)lua_newuserdata(L, olen);
  if(SSL_export_keying_material(ssl->ssl, out, olen, label, llen, context, contextlen, context != NULL) != 1) {
    lua_pushnil(L);
    lua_pushstring(L, "error exporting keying material");
    return 2;
  }
  lua_pushlstring(L, (char*)out, olen);
  return 1;
 }
 /**
 * Object information -- tostring metamethod
 */
@ -868,8 +732,6 @@ static int sni_cb(SSL *ssl, int *ad, void *arg)
  lua_pop(L, 4);
  /* Found, use this context */
  if (newctx) {
    p_context pctx = (p_context)SSL_CTX_get_app_data(newctx);
    pctx->L = L;
    SSL_set_SSL_CTX(ssl, newctx);
    return SSL_TLSEXT_ERR_OK;
  }
@ -932,22 +794,9 @@ static int meth_getsniname(lua_State *L)
  return 1;
 }
 static int meth_getalpn(lua_State *L)
 {
  unsigned len;
  const unsigned char *data;
  p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
  SSL_get0_alpn_selected(ssl->ssl, &data, &len);
  if (data == NULL && len == 0)
    lua_pushnil(L);
  else
    lua_pushlstring(L, (const char*)data, len);
  return 1;
 }
 static int meth_copyright(lua_State *L)
 {
-  lua_pushstring(L, "LuaSec 1.3.2 - Copyright (C) 2006-2023 Bruno Silvestre, UFG"
+  lua_pushstring(L, "LuaSec 0.7 - Copyright (C) 2006-2018 Bruno Silvestre, UFG"
 #if defined(WITH_LUASOCKET)
                    "\nLuaSocket 3.0-RC1 - Copyright (C) 2004-2013 Diego Nehab"
 #endif
@ -955,34 +804,6 @@ static int meth_copyright(lua_State *L)
  return 1;
 }
 #if defined(LSEC_ENABLE_DANE)
 static int meth_dane(lua_State *L)
 {
  int ret;
  p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
  ret = SSL_dane_enable(ssl->ssl, luaL_checkstring(L, 2));
  lua_pushboolean(L, (ret > 0));
  return 1;
 }
 static int meth_tlsa(lua_State *L)
 {
  int ret;
  size_t len;
  p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
  uint8_t usage = (uint8_t)luaL_checkinteger(L, 2);
  uint8_t selector = (uint8_t)luaL_checkinteger(L, 3);
  uint8_t mtype = (uint8_t)luaL_checkinteger(L, 4);
  unsigned char *data = (unsigned char*)luaL_checklstring(L, 5, &len);
  ERR_clear_error();
  ret = SSL_dane_tlsa_add(ssl->ssl, usage, selector, mtype, data, len);
  lua_pushboolean(L, (ret > 0));
  return 1;
 }
 #endif
 /*---------------------------------------------------------------------------*/
 /**
@ -990,16 +811,12 @@ static int meth_tlsa(lua_State *L)
 */
 static luaL_Reg methods[] = {
  {"close",               meth_close},
  {"getalpn",             meth_getalpn},
  {"getfd",               meth_getfd},
  {"getfinished",         meth_getfinished},
  {"getpeercertificate",  meth_getpeercertificate},
  {"getlocalcertificate", meth_getlocalcertificate},
  {"getpeerchain",        meth_getpeerchain},
  {"getlocalchain",       meth_getlocalchain},
  {"getpeerverification", meth_getpeerverification},
  {"getpeerfinished",     meth_getpeerfinished},
  {"exportkeyingmaterial",meth_exportkeyingmaterial},
  {"getsniname",          meth_getsniname},
  {"getstats",            meth_getstats},
  {"setstats",            meth_setstats},
@ -1010,10 +827,6 @@ static luaL_Reg methods[] = {
  {"settimeout",          meth_settimeout},
  {"sni",                 meth_sni},
  {"want",                meth_want},
 #if defined(LSEC_ENABLE_DANE)
  {"setdane",             meth_dane},
  {"settlsa",             meth_tlsa},
 #endif
  {NULL,                  NULL}
 };
@ -1021,7 +834,6 @@ static luaL_Reg methods[] = {
 * SSL metamethods.
 */
 static luaL_Reg meta[] = {
  {"__close",    meth_destroy},
  {"__gc",       meth_destroy},
  {"__tostring", meth_tostring},
  {NULL, NULL}
@ -1045,7 +857,6 @@ static luaL_Reg funcs[] = {
 */
 LSEC_API int luaopen_ssl_core(lua_State *L)
 {
 #ifndef LSEC_API_OPENSSL_1_1_0
  /* Initialize SSL */
  if (!SSL_library_init()) {
    lua_pushstring(L, "unable to initialize SSL library");
@ -1053,7 +864,6 @@ LSEC_API int luaopen_ssl_core(lua_State *L)
  }
  OpenSSL_add_all_algorithms();
  SSL_load_error_strings();
 #endif
 #if defined(WITH_LUASOCKET)
  /* Initialize internal library */
@ -1072,7 +882,7 @@ LSEC_API int luaopen_ssl_core(lua_State *L)
  luaL_newlib(L, funcs);
  lua_pushstring(L, "SOCKET_INVALID");
-  lua_pushinteger(L, SOCKET_INVALID);
+  lua_pushnumber(L, SOCKET_INVALID);
  lua_rawset(L, -3);
  return 1;
--- a/src/ssl.h
+++ b/src/ssl.h
@ -2,9 +2,9 @@
 #define LSEC_SSL_H
 /*--------------------------------------------------------------------------
- * LuaSec 1.3.2
+ * LuaSec 0.7
 *
- * Copyright (C) 2006-2023 Bruno Silvestre
+ * Copyright (C) 2006-2018 Bruno Silvestre
 *
 *--------------------------------------------------------------------------*/
--- a/src/ssl.lua
+++ b/src/ssl.lua
@ -1,7 +1,7 @@
 ------------------------------------------------------------------------------
-- LuaSec 1.3.2
+-- LuaSec 0.7
 --
-- Copyright (C) 2006-2023 Bruno Silvestre
+-- Copyright (C) 2006-2018 Bruno Silvestre
 --
 ------------------------------------------------------------------------------
@ -30,39 +30,6 @@ local function optexec(func, param, ctx)
  return true
 end
 --
 -- Convert an array of strings to wire-format
 --
 local function array2wireformat(array)
   local str = ""
   for k, v in ipairs(array) do
      if type(v) ~= "string" then return nil end
      local len = #v
      if len == 0 then
        return nil, "invalid ALPN name (empty string)"
      elseif len > 255 then
        return nil, "invalid ALPN name (length > 255)"
      end
      str = str .. string.char(len) .. v
   end
   if str == "" then return nil, "invalid ALPN list (empty)" end
   return str
 end
 --
 -- Convert wire-string format to array
 --
 local function wireformat2array(str)
   local i = 1
   local array = {}
   while i < #str do
      local len = str:byte(i)
      array[#array + 1] = str:sub(i + 1, i + len)
      i = i + len + 1
   end
   return array
 end
 --
 --
 --
@ -74,33 +41,25 @@ local function newcontext(cfg)
   -- Mode
   succ, msg = context.setmode(ctx, cfg.mode)
   if not succ then return nil, msg end
-   local certificates = cfg.certificates
+   -- Load the key
-   if not certificates then
+   if cfg.key then
-      certificates = {
+      if cfg.password and
-         { certificate = cfg.certificate, key = cfg.key, password = cfg.password }
+         type(cfg.password) ~= "function" and
-      }
+         type(cfg.password) ~= "string"
      then
         return nil, "invalid password type"
      end
      succ, msg = context.loadkey(ctx, cfg.key, cfg.password)
      if not succ then return nil, msg end
   end
-   for _, certificate in ipairs(certificates) do
+   -- Load the certificate
-      -- Load the key
+   if cfg.certificate then
-      if certificate.key then
+     succ, msg = context.loadcert(ctx, cfg.certificate)
-         if certificate.password and
+     if not succ then return nil, msg end
-            type(certificate.password) ~= "function" and
+     if cfg.key and context.checkkey then
-            type(certificate.password) ~= "string"
+       succ = context.checkkey(ctx)
-         then
+       if not succ then return nil, "private key does not match public key" end
-            return nil, "invalid password type"
+     end
         end
         succ, msg = context.loadkey(ctx, certificate.key, certificate.password)
         if not succ then return nil, msg end
      end
      -- Load the certificate(s)
      if certificate.certificate then
        succ, msg = context.loadcert(ctx, certificate.certificate)
        if not succ then return nil, msg end
        if certificate.key and context.checkkey then
          succ = context.checkkey(ctx)
          if not succ then return nil, "private key does not match public key" end
        end
      end
   end
   -- Load the CA certificates
   if cfg.cafile or cfg.capath then
@ -112,12 +71,7 @@ local function newcontext(cfg)
      succ, msg = context.setcipher(ctx, cfg.ciphers)
      if not succ then return nil, msg end
   end
-   -- Set SSL cipher suites
+   -- Set the verification options
   if cfg.ciphersuites then
      succ, msg = context.setciphersuites(ctx, cfg.ciphersuites)
      if not succ then return nil, msg end
   end
    -- Set the verification options
   succ, msg = optexec(context.setverify, cfg.verify, ctx)
   if not succ then return nil, msg end
   -- Set SSL options
@ -159,83 +113,6 @@ local function newcontext(cfg)
      if not succ then return nil, msg end
   end
   -- ALPN
   if cfg.mode == "server" and cfg.alpn then
      if type(cfg.alpn) == "function" then
         local alpncb = cfg.alpn
         -- This callback function has to return one value only
         succ, msg = context.setalpncb(ctx, function(str)
            local protocols = alpncb(wireformat2array(str))
            if type(protocols) == "string" then
               protocols = { protocols }
            elseif type(protocols) ~= "table" then
               return nil
            end
            return (array2wireformat(protocols))    -- use "()" to drop error message
         end)
         if not succ then return nil, msg end
      elseif type(cfg.alpn) == "table" then
         local protocols = cfg.alpn
         -- check if array is valid before use it
         succ, msg = array2wireformat(protocols)
         if not succ then return nil, msg end
         -- This callback function has to return one value only
         succ, msg = context.setalpncb(ctx, function()
            return (array2wireformat(protocols))    -- use "()" to drop error message
         end)
         if not succ then return nil, msg end
      else
         return nil, "invalid ALPN parameter"
      end
   elseif cfg.mode == "client" and cfg.alpn then
      local alpn
      if type(cfg.alpn) == "string" then
         alpn, msg = array2wireformat({ cfg.alpn })
      elseif type(cfg.alpn) == "table" then
         alpn, msg = array2wireformat(cfg.alpn)
      else
         return nil, "invalid ALPN parameter"
      end
      if not alpn then return nil, msg end
      succ, msg = context.setalpn(ctx, alpn)
      if not succ then return nil, msg end
   end
   -- PSK
   if config.capabilities.psk and cfg.psk then
      if cfg.mode == "client" then
         if type(cfg.psk) ~= "function" then
            return nil, "invalid PSK configuration"
         end
         succ = context.setclientpskcb(ctx, cfg.psk)
         if not succ then return nil, msg end
      elseif cfg.mode == "server" then
         if type(cfg.psk) == "function" then
            succ, msg = context.setserverpskcb(ctx, cfg.psk)
            if not succ then return nil, msg end
         elseif type(cfg.psk) == "table" then
            if type(cfg.psk.hint) == "string" and type(cfg.psk.callback) == "function" then
               succ, msg = context.setpskhint(ctx, cfg.psk.hint)
               if not succ then return succ, msg end
               succ = context.setserverpskcb(ctx, cfg.psk.callback)
               if not succ then return succ, msg end
            else
               return nil, "invalid PSK configuration"
            end
         else
            return nil, "invalid PSK configuration"
         end
      end
   end
   if config.capabilities.dane and cfg.dane then
      if type(cfg.dane) == "table" then
         context.setdane(ctx, unpack(cfg.dane))
      else
         context.setdane(ctx)
      end
   end
   return ctx
 end
@ -302,9 +179,8 @@ core.setmethod("info", info)
 --
 local _M = {
-  _VERSION        = "1.3.2",
+  _VERSION        = "0.7",
  _COPYRIGHT      = core.copyright(),
  config          = config,
  loadcertificate = x509.load,
  newcontext      = newcontext,
  wrap            = wrap,
--- a/src/x509.c
+++ b/src/x509.c
@ -1,8 +1,8 @@
 /*--------------------------------------------------------------------------
- * LuaSec 1.3.2
+ * LuaSec 0.7
 *
- * Copyright (C) 2014-2023 Kim Alvefur, Paul Aurich, Tobias Markmann, Matthew Wild
+ * Copyright (C) 2014-2018 Kim Alvefur, Paul Aurich, Tobias Markmann
- * Copyright (C) 2014-2023 Bruno Silvestre
+ *                         Matthew Wild, Bruno Silvestre.
 *
 *--------------------------------------------------------------------------*/
@ -33,12 +33,16 @@
 #include "x509.h"
-#ifndef LSEC_API_OPENSSL_1_1_0
+/*
-#define X509_get0_notBefore   X509_get_notBefore
+ * ASN1_STRING_data is deprecated in OpenSSL 1.1.0
-#define X509_get0_notAfter    X509_get_notAfter
+ */
-#define ASN1_STRING_get0_data ASN1_STRING_data
+#if OPENSSL_VERSION_NUMBER>=0x1010000fL && !defined(LIBRESSL_VERSION_NUMBER)
 #define LSEC_ASN1_STRING_data(x) ASN1_STRING_get0_data(x)
 #else
 #define LSEC_ASN1_STRING_data(x) ASN1_STRING_data(x)
 #endif
 static const char* hex_tab = "0123456789abcdef";
 /**
@ -153,7 +157,8 @@ static void push_asn1_string(lua_State* L, ASN1_STRING *string, int encode)
  }
  switch (encode) {
  case LSEC_AI5_STRING:
-    lua_pushlstring(L, (char*)ASN1_STRING_get0_data(string), ASN1_STRING_length(string));
+    lua_pushlstring(L, (char*)LSEC_ASN1_STRING_data(string),
                       ASN1_STRING_length(string));
    break;
  case LSEC_UTF8_STRING:
    len = ASN1_STRING_to_UTF8(&data, string);
@ -169,7 +174,7 @@ static void push_asn1_string(lua_State* L, ASN1_STRING *string, int encode)
 /**
 * Return a human readable time.
 */
-static int push_asn1_time(lua_State *L, const ASN1_UTCTIME *tm)
+static int push_asn1_time(lua_State *L, ASN1_UTCTIME *tm)
 {
  char *tmp;
  long size;
@ -188,7 +193,7 @@ static void push_asn1_ip(lua_State *L, ASN1_STRING *string)
 {
  int af;
  char dst[INET6_ADDRSTRLEN];
-  unsigned char *ip = (unsigned char*)ASN1_STRING_get0_data(string);
+  unsigned char *ip = (unsigned char*)LSEC_ASN1_STRING_data(string);
  switch(ASN1_STRING_length(string)) {
  case 4:
    af = AF_INET;
@ -366,9 +371,7 @@ int meth_extensions(lua_State* L)
        /* not supported */
        break;
      }
      GENERAL_NAME_free(general_name);
    }
    sk_GENERAL_NAME_free(values);
    lua_pop(L, 1); /* ret[oid] */
    i++;           /* Next extension */
  }
@ -485,13 +488,10 @@ static int meth_digest(lua_State* L)
 */
 static int meth_valid_at(lua_State* L)
 {
  int nb, na;
  X509* cert = lsec_checkx509(L, 1);
  time_t time = luaL_checkinteger(L, 2);
-  nb = X509_cmp_time(X509_get0_notBefore(cert), &time);
+  lua_pushboolean(L, (X509_cmp_time(X509_get_notAfter(cert), &time)     >= 0
-  time -= 1;
+                      && X509_cmp_time(X509_get_notBefore(cert), &time) <= 0));
  na = X509_cmp_time(X509_get0_notAfter(cert),  &time);
  lua_pushboolean(L, nb == -1 && na == 1);
  return 1;
 }
@ -519,7 +519,7 @@ static int meth_serial(lua_State *L)
 static int meth_notbefore(lua_State *L)
 {
  X509* cert = lsec_checkx509(L, 1);
-  return push_asn1_time(L, X509_get0_notBefore(cert));
+  return push_asn1_time(L, X509_get_notBefore(cert));
 }
 /**
@ -528,7 +528,7 @@ static int meth_notbefore(lua_State *L)
 static int meth_notafter(lua_State *L)
 {
  X509* cert = lsec_checkx509(L, 1);
-  return push_asn1_time(L, X509_get0_notAfter(cert));
+  return push_asn1_time(L, X509_get_notAfter(cert));
 }
 /**
@ -621,11 +621,7 @@ cleanup:
 */
 static int meth_destroy(lua_State* L)
 {
-  p_x509 px = lsec_checkp_x509(L, 1);
+  X509_free(lsec_checkx509(L, 1));
  if (px->cert) {
    X509_free(px->cert);
    px->cert = NULL;
  }
  return 0;
 }
@ -655,23 +651,6 @@ static int meth_set_encode(lua_State* L)
  return 1;
 }
 #if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
 /**
 * Get signature name.
 */
 static int meth_get_signature_name(lua_State* L)
 {
  p_x509 px = lsec_checkp_x509(L, 1);
  int nid = X509_get_signature_nid(px->cert);
  const char *name = OBJ_nid2sn(nid);
  if (!name)
    lua_pushnil(L);
  else
    lua_pushstring(L, name);
  return 1;
 }
 #endif
 /*---------------------------------------------------------------------------*/
 static int load_cert(lua_State* L)
@ -700,9 +679,6 @@ static luaL_Reg methods[] = {
  {"digest",     meth_digest},
  {"setencode",  meth_set_encode},
  {"extensions", meth_extensions},
 #if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
  {"getsignaturename", meth_get_signature_name},
 #endif
  {"issuer",     meth_issuer},
  {"notbefore",  meth_notbefore},
  {"notafter",   meth_notafter},
@ -719,7 +695,6 @@ static luaL_Reg methods[] = {
 * X509 metamethods.
 */
 static luaL_Reg meta[] = {
  {"__close",    meth_destroy},
  {"__gc",       meth_destroy},
  {"__tostring", meth_tostring},
  {NULL, NULL}
--- a/src/x509.h
+++ b/src/x509.h
@ -1,8 +1,8 @@
 /*--------------------------------------------------------------------------
- * LuaSec 1.3.2
+ * LuaSec 0.7
 *
- * Copyright (C) 2014-2023 Kim Alvefur, Paul Aurich, Tobias Markmann, Matthew Wild
+ * Copyright (C) 2014-2018 Kim Alvefur, Paul Aurich, Tobias Markmann
- * Copyright (C) 2013-2023 Bruno Silvestre
+ *                         Matthew Wild, Bruno Silvestre.
 *
 *--------------------------------------------------------------------------*/
`@ -1,3 +1,3 @@`
	`#!/usr/bin/env sh`	`#!/bin/sh`

	`openssl genrsa -des3 -out key.pem -passout pass:foobar 2048`	`openssl genrsa -des3 -out key.pem -passout pass:foobar 2048`