Commit 3adf8155 authored by Victor Seva's avatar Victor Seva

New upstream version 0.8

parent 6492908b
--------------------------------------------------------------------------------
LuaSec 0.8
---------------
This version includes:
* Add support to ALPN
* Add support to TLS 1.3
* Add support to multiple certificates
* Add timeout to https module (https.TIMEOUT)
* Drop support to SSL 3.0
* Drop support to TLS 1.0 from https module
* Fix invalid reference to Lua state
* Fix memory leak when get certficate extensions
--------------------------------------------------------------------------------
LuaSec 0.7
---------------
......
LuaSec 0.7
LuaSec 0.8
------------
* OpenSSL options:
By default, LuaSec 0.7 includes options for OpenSSL 1.1.0f.
By default, LuaSec 0.8 includes options for OpenSSL 1.1.0g.
If you need to generate the options for a different version of OpenSSL:
......
LuaSec 0.7 license
Copyright (C) 2006-2018 Bruno Silvestre, UFG
LuaSec 0.8 license
Copyright (C) 2006-2019 Bruno Silvestre, UFG
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
......
LuaSec 0.7
LuaSec 0.8
===============
LuaSec depends on OpenSSL, and integrates with LuaSocket to make it
easy to add secure connections to any Lua applications or scripts.
Important: This version requires at least OpenSSL 1.0.2.
For old versions of OpenSSL, use LuaSec 0.7.
Documentation: https://github.com/brunoos/luasec/wiki
package = "LuaSec"
version = "0.7-1"
version = "0.8-1"
source = {
url = "https://github.com/brunoos/luasec/archive/luasec-0.7.tar.gz",
dir = "luasec-luasec-0.7"
url = "https://github.com/brunoos/luasec/archive/luasec-0.8.tar.gz",
dir = "luasec-luasec-0.8"
}
description = {
summary = "A binding for OpenSSL library to provide TLS/SSL communication over LuaSocket.",
......
Directories:
------------
* alpn
Test ALPN (Application-Layer Protocol Negotiation) support.
* certs
Contains scripts to generate the certificates used by the examples.
Generate Root CA 'A' and 'B' first, then the servers and clients.
......@@ -7,6 +10,9 @@ Directories:
* chain
Example of certificate chain in handshake.
* curve-negotiation
Elliptic curve negotiation.
* dhparam
DH parameters for handshake.
......@@ -30,20 +36,29 @@ Directories:
Same of above, but the connection is not explicit closed, the gabage
collector is encharge of that.
* luaossl
Integration with luaossl.
* multicert
Support to multiple certificate for dual RSA/ECDSA.
* oneshot
A simple connection example.
* sni
Support to SNI (Server Name Indication).
* verification
Retrieve the certificate verification errors from the handshake.
* verify
Ignore handshake errors and proceed.
* want
Test want() method.
* wantread
Test timeout in handshake() and receive().
* wantwrite
Test timeout in send().
* want
Test want() method.
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local params = {
mode = "client",
protocol = "tlsv1_2",
key = "../certs/clientAkey.pem",
certificate = "../certs/clientA.pem",
cafile = "../certs/rootA.pem",
verify = {"peer", "fail_if_no_peer_cert"},
options = "all",
--alpn = {"foo","bar","baz"}
alpn = "foo"
}
local peer = socket.tcp()
peer:connect("127.0.0.1", 8888)
peer = assert( ssl.wrap(peer, params) )
assert(peer:dohandshake())
print("ALPN", peer:getalpn())
peer:close()
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
--
-- Callback that selects one protocol from client's list.
--
local function alpncb01(protocols)
print("--- ALPN protocols from client")
for k, v in ipairs(protocols) do
print(k, v)
end
print("--- Selecting:", protocols[1])
return protocols[1]
end
--
-- Callback that returns a fixed list, ignoring the client's list.
--
local function alpncb02(protocols)
print("--- ALPN protocols from client")
for k, v in ipairs(protocols) do
print(k, v)
end
print("--- Returning a fixed list")
return {"bar", "foo"}
end
--
-- Callback that generates a list as it whishes.
--
local function alpncb03(protocols)
local resp = {}
print("--- ALPN protocols from client")
for k, v in ipairs(protocols) do
print(k, v)
if k%2 ~= 0 then resp[#resp+1] = v end
end
print("--- Returning an odd list")
return resp
end
local params = {
mode = "server",
protocol = "any",
key = "../certs/serverAkey.pem",
certificate = "../certs/serverA.pem",
cafile = "../certs/rootA.pem",
verify = {"peer", "fail_if_no_peer_cert"},
options = "all",
--alpn = alpncb01,
--alpn = alpncb02,
--alpn = alpncb03,
alpn = {"bar", "baz", "foo"},
}
-- [[ SSL context
local ctx = assert(ssl.newcontext(params))
--]]
local server = socket.tcp()
server:setoption('reuseaddr', true)
assert( server:bind("127.0.0.1", 8888) )
server:listen()
local peer = server:accept()
peer = assert( ssl.wrap(peer, ctx) )
assert( peer:dohandshake() )
print("ALPN", peer:getalpn())
peer:close()
server:close()
#!/bin/bash
./rootA.sh
./rootB.sh
./clientA.sh
./clientB.sh
./serverA.sh
./serverB.sh
#!/bin/sh
openssl req -newkey rsa:1024 -sha1 -keyout clientAkey.pem -out clientAreq.pem \
openssl req -newkey rsa:2048 -sha256 -keyout clientAkey.pem -out clientAreq.pem \
-nodes -config ./clientA.cnf -days 365 -batch
openssl x509 -req -in clientAreq.pem -sha1 -extfile ./clientA.cnf \
openssl x509 -req -in clientAreq.pem -sha256 -extfile ./clientA.cnf \
-extensions usr_cert -CA rootA.pem -CAkey rootAkey.pem -CAcreateserial \
-out clientAcert.pem -days 365
......
#!/bin/sh
openssl req -newkey rsa:1024 -sha1 -keyout clientBkey.pem -out clientBreq.pem \
openssl req -newkey rsa:2048 -sha256 -keyout clientBkey.pem -out clientBreq.pem \
-nodes -config ./clientB.cnf -days 365 -batch
openssl x509 -req -in clientBreq.pem -sha1 -extfile ./clientB.cnf \
openssl x509 -req -in clientBreq.pem -sha256 -extfile ./clientB.cnf \
-extensions usr_cert -CA rootB.pem -CAkey rootBkey.pem -CAcreateserial \
-out clientBcert.pem -days 365
......
#!/bin/sh
openssl req -newkey rsa:1024 -sha1 -keyout rootAkey.pem -out rootAreq.pem -nodes -config ./rootA.cnf -days 365 -batch
openssl req -newkey rsa:2048 -sha256 -keyout rootAkey.pem -out rootAreq.pem -nodes -config ./rootA.cnf -days 365 -batch
openssl x509 -req -in rootAreq.pem -sha1 -extfile ./rootA.cnf -extensions v3_ca -signkey rootAkey.pem -out rootA.pem -days 365
openssl x509 -req -in rootAreq.pem -sha256 -extfile ./rootA.cnf -extensions v3_ca -signkey rootAkey.pem -out rootA.pem -days 365
openssl x509 -subject -issuer -noout -in rootA.pem
#!/bin/sh
openssl req -newkey rsa:1024 -sha1 -keyout rootBkey.pem -out rootBreq.pem -nodes -config ./rootB.cnf -days 365 -batch
openssl req -newkey rsa:2048 -sha256 -keyout rootBkey.pem -out rootBreq.pem -nodes -config ./rootB.cnf -days 365 -batch
openssl x509 -req -in rootBreq.pem -sha1 -extfile ./rootB.cnf -extensions v3_ca -signkey rootBkey.pem -out rootB.pem -days 365
openssl x509 -req -in rootBreq.pem -sha256 -extfile ./rootB.cnf -extensions v3_ca -signkey rootBkey.pem -out rootB.pem -days 365
openssl x509 -subject -issuer -noout -in rootB.pem
......@@ -118,7 +118,7 @@ x509_extensions = v3_ca # The extensions to add to the self signed cert
# so use this option with caution!
string_mask = nombstr
# req_extensions = v3_req # The extensions to add to a certificate request
# req_extensions = v3_ext # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
......@@ -198,7 +198,7 @@ authorityKeyIdentifier=keyid,issuer
# subjectAltName=email:copy
# An alternative to produce certificates that aren't
# deprecated according to PKIX.
# subjectAltName=email:move
subjectAltName=DNS:foo.bar.example
# Copy subject details
# issuerAltName=issuer:copy
......
#!/bin/sh
openssl req -newkey rsa:1024 -keyout serverAkey.pem -out serverAreq.pem \
openssl req -newkey rsa:2048 -keyout serverAkey.pem -out serverAreq.pem \
-config ./serverA.cnf -nodes -days 365 -batch
openssl x509 -req -in serverAreq.pem -sha1 -extfile ./serverA.cnf \
openssl x509 -req -in serverAreq.pem -sha256 -extfile ./serverA.cnf \
-extensions usr_cert -CA rootA.pem -CAkey rootAkey.pem -CAcreateserial \
-out serverAcert.pem -days 365
......
......@@ -195,7 +195,7 @@ authorityKeyIdentifier=keyid,issuer
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
subjectAltName=DNS:fnord.bar.example
# An alternative to produce certificates that aren't
# deprecated according to PKIX.
# subjectAltName=email:move
......
#!/bin/sh
openssl req -newkey rsa:1024 -keyout serverBkey.pem -out serverBreq.pem \
openssl req -newkey rsa:2048 -keyout serverBkey.pem -out serverBreq.pem \
-config ./serverB.cnf -nodes -days 365 -batch
openssl x509 -req -in serverBreq.pem -sha1 -extfile ./serverB.cnf \
openssl x509 -req -in serverBreq.pem -sha256 -extfile ./serverB.cnf \
-extensions usr_cert -CA rootB.pem -CAkey rootBkey.pem -CAcreateserial \
-out serverBcert.pem -days 365
......
......@@ -6,12 +6,13 @@ local ssl = require("ssl")
local params = {
mode = "client",
protocol = "tlsv1_2",
protocol = "any",
key = "../certs/clientAkey.pem",
certificate = "../certs/clientA.pem",
cafile = "../certs/rootA.pem",
verify = {"peer", "fail_if_no_peer_cert"},
options = "all",
ciphers = "EDH+AESGCM"
}
local peer = socket.tcp()
......
......@@ -38,6 +38,7 @@ local params = {
verify = {"peer", "fail_if_no_peer_cert"},
options = "all",
dhparam = dhparam_cb,
ciphers = "EDH+AESGCM"
}
......
......@@ -23,6 +23,8 @@ while true do
assert( peer:dohandshake() )
--]]
peer:getpeercertificate():extensions()
print(peer:receive("*l"))
peer:close()
end
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local params = {
mode = "client",
protocol = "tlsv1_2",
key = "certs/clientECDSAkey.pem",
certificate = "certs/clientECDSA.pem",
verify = "none",
options = "all",
ciphers = "ALL:!aRSA"
}
local peer = socket.tcp()
peer:connect("127.0.0.1", 8888)
-- [[ SSL wrapper
peer = assert( ssl.wrap(peer, params) )
assert(peer:dohandshake())
--]]
local i = peer:info()
for k, v in pairs(i) do print(k, v) end
print(peer:receive("*l"))
peer:close()
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local params = {
mode = "client",
protocol = "tlsv1_2",
key = "certs/clientRSAkey.pem",
certificate = "certs/clientRSA.pem",
verify = "none",
options = "all",
ciphers = "ALL:!ECDSA"
}
local peer = socket.tcp()
peer:connect("127.0.0.1", 8888)
-- [[ SSL wrapper
peer = assert( ssl.wrap(peer, params) )
assert(peer:dohandshake())
--]]
local i = peer:info()
for k, v in pairs(i) do print(k, v) end
print(peer:receive("*l"))
peer:close()
#!/bin/sh
mkdir -p certs
openssl ecparam -name secp256r1 -genkey -out certs/serverECDSAkey.pem
openssl req -new -config ../certs/serverA.cnf -extensions usr_cert -x509 -key certs/serverECDSAkey.pem -out certs/serverECDSA.pem -days 360 -batch
openssl ecparam -name secp256r1 -genkey -out certs/clientECDSAkey.pem
openssl req -config ../certs/clientA.cnf -extensions usr_cert -x509 -new -key certs/clientECDSAkey.pem -out certs/clientECDSA.pem -days 360 -batch
openssl req -config ../certs/serverB.cnf -extensions usr_cert -x509 -new -newkey rsa:2048 -keyout certs/serverRSAkey.pem -out certs/serverRSA.pem -nodes -days 365 -batch
openssl req -config ../certs/clientB.cnf -extensions usr_cert -x509 -new -newkey rsa:2048 -keyout certs/clientRSAkey.pem -out certs/clientRSA.pem -nodes -days 365 -batch
--
-- Public domain
--
local socket = require("socket")
local ssl = require("ssl")
local params = {
mode = "server",
protocol = "any",
certificates = {
-- Comment line below and 'client-rsa' stop working
{ certificate = "certs/serverRSA.pem", key = "certs/serverRSAkey.pem" },
-- Comment line below and 'client-ecdsa' stop working
{ certificate = "certs/serverECDSA.pem", key = "certs/serverECDSAkey.pem" }
},
verify = "none",
options = "all"
}
-- [[ SSL context
local ctx = assert(ssl.newcontext(params))
--]]
local server = socket.tcp()
server:setoption('reuseaddr', true)
assert( server:bind("127.0.0.1", 8888) )
server:listen()
local peer = server:accept()
-- [[ SSL wrapper
peer = assert( ssl.wrap(peer, ctx) )
assert( peer:dohandshake() )
--]]
peer:send("oneshot test\n")
peer:close()
/*--------------------------------------------------------------------------
* LuaSec 0.7
* LuaSec 0.8
*
* Copyright (C) 2006-2018 Bruno Silvestre
* Copyright (C) 2006-2019 Bruno Silvestre
*
*--------------------------------------------------------------------------*/
......
/*--------------------------------------------------------------------------
* LuaSec 0.7
* LuaSec 0.8
*
* Copyright (C) 2006-2018 Bruno Silvestre.
* Copyright (C) 2006-2019 Bruno Silvestre.
*
*--------------------------------------------------------------------------*/
......@@ -32,22 +32,21 @@ LSEC_API int luaopen_ssl_config(lua_State *L)
lua_pushstring(L, "protocols");
lua_newtable(L);
#ifndef OPENSSL_NO_SSL3
lua_pushstring(L, "sslv3");
lua_pushboolean(L, 1);
lua_rawset(L, -3);
#endif
lua_pushstring(L, "tlsv1");
lua_pushboolean(L, 1);
lua_rawset(L, -3);
#if (OPENSSL_VERSION_NUMBER >= 0x1000100fL)
lua_pushstring(L, "tlsv1_1");
lua_pushboolean(L, 1);
lua_rawset(L, -3);
lua_pushstring(L, "tlsv1_2");
lua_pushboolean(L, 1);
lua_rawset(L, -3);
#if defined(TLS1_3_VERSION)
lua_pushstring(L, "tlsv1_3");
lua_pushboolean(L, 1);
lua_rawset(L, -3);
#endif
lua_rawset(L, -3);
// Algorithms
......@@ -70,17 +69,18 @@ LSEC_API int luaopen_ssl_config(lua_State *L)
lua_pushstring(L, "capabilities");
lua_newtable(L);
// ALPN
lua_pushstring(L, "alpn");
lua_pushboolean(L, 1);
lua_rawset(L, -3);
#ifndef OPENSSL_NO_EC
#if defined(SSL_CTRL_SET_ECDH_AUTO) || defined(SSL_CTRL_SET_CURVES_LIST) || defined(SSL_CTX_set1_curves_list)
lua_pushstring(L, "curves_list");
lua_pushboolean(L, 1);
lua_rawset(L, -3);
#ifdef SSL_CTRL_SET_ECDH_AUTO
lua_pushstring(L, "ecdh_auto");
lua_pushboolean(L, 1);
lua_rawset(L, -3);
#endif
#endif
#endif
lua_rawset(L, -3);
......
This diff is collapsed.
......@@ -2,9 +2,9 @@
#define LSEC_CONTEXT_H
/*--------------------------------------------------------------------------
* LuaSec 0.7
* LuaSec 0.8
*
* Copyright (C) 2006-2017 Bruno Silvestre
* Copyright (C) 2006-2019 Bruno Silvestre
*
*--------------------------------------------------------------------------*/
......@@ -24,6 +24,7 @@ typedef struct t_context_ {
SSL_CTX *context;
lua_State *L;
DH *dh_param;
void *alpn;
int mode;
} t_context;
typedef t_context* p_context;
......
......@@ -2,7 +2,7 @@
#include "ec.h"
#ifndef OPENSSL_NO_ECDH
#ifndef OPENSSL_NO_EC
EC_KEY *lsec_find_ec_key(lua_State *L, const char *str)
{
......
/*--------------------------------------------------------------------------
* LuaSec 0.7
* LuaSec 0.8
*
* Copyright (C) 2006-2018 Bruno Silvestre
* Copyright (C) 2006-2019 Bruno Silvestre
*
*--------------------------------------------------------------------------*/
......@@ -10,7 +10,7 @@
#include <lua.h>
#ifndef OPENSSL_NO_ECDH
#ifndef OPENSSL_NO_EC
#include <openssl/ec.h>
EC_KEY *lsec_find_ec_key(lua_State *L, const char *str);
......
----------------------------------------------------------------------------
-- LuaSec 0.7
-- Copyright (C) 2009-2018 PUC-Rio
-- LuaSec 0.8
-- Copyright (C) 2009-2019 PUC-Rio
--
-- Author: Pablo Musa
-- Author: Tomas Guisasola
......@@ -18,15 +18,16 @@ local try = socket.try
-- Module
--
local _M = {
_VERSION = "0.7",
_COPYRIGHT = "LuaSec 0.7 - Copyright (C) 2009-2018 PUC-Rio",
_VERSION = "0.8",
_COPYRIGHT = "LuaSec 0.8 - Copyright (C) 2009-2019 PUC-Rio",
PORT = 443,
TIMEOUT = 60
}
-- TLS configuration
local cfg = {
protocol = "any",
options = {"all", "no_sslv2", "no_sslv3"},
options = {"all", "no_sslv2", "no_sslv3", "no_tlsv1"},
verify = "none",
}
......@@ -83,13 +84,14 @@ local function tcp(params)
conn.sock = try(socket.tcp())
local st = getmetatable(conn.sock).__index.settimeout
function conn:settimeout(...)
return st(self.sock, ...)
return st(self.sock, _M.TIMEOUT)
end
-- Replace TCP's connection function
function conn:connect(host, port)
try(self.sock:connect(host, port))
self.sock = try(ssl.wrap(self.sock, params))
self.sock:sni(host)
self.sock:settimeout(_M.TIMEOUT)
try(self.sock:dohandshake())
reg(self, getmetatable(self.sock))
return 1
......@@ -139,5 +141,6 @@ end
--
_M.request = request
_M.tcp = tcp
return _M
......@@ -2,9 +2,9 @@
#define LSEC_OPTIONS_H
/*--------------------------------------------------------------------------
* LuaSec 0.7
* LuaSec 0.8
*
* Copyright (C) 2006-2018 Bruno Silvestre
* Copyright (C) 2006-2019 Bruno Silvestre
*
*--------------------------------------------------------------------------*/
......@@ -13,7 +13,7 @@
/* If you need to generate these options again, see options.lua */
/*
OpenSSL version: OpenSSL 1.1.0h
OpenSSL version: OpenSSL 1.1.1b
*/
struct ssl_option_s {
......@@ -26,6 +26,9 @@ static ssl_option_t ssl_options[] = {
#if defined(SSL_OP_ALL)
{"all", SSL_OP_ALL},
#endif
#if defined(SSL_OP_ALLOW_NO_DHE_KEX)
{"allow_no_dhe_kex", SSL_OP_ALLOW_NO_DHE_KEX},
#endif
#if defined(SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)
{"allow_unsafe_legacy_renegotiation", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION},
#endif
......@@ -44,6 +47,9 @@ static ssl_option_t ssl_options[] = {
#if defined(SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)
{"dont_insert_empty_fragments", SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS},
#endif
#if defined(SSL_OP_ENABLE_MIDDLEBOX_COMPAT)
{"enable_middlebox_compat", SSL_OP_ENABLE_MIDDLEBOX_COMPAT},
#endif
#if defined(SSL_OP_EPHEMERAL_RSA)
{"ephemeral_rsa", SSL_OP_EPHEMERAL_RSA},
#endif
......@@ -71,6 +77,9 @@ static ssl_option_t ssl_options[] = {
#if defined(SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG)
{"netscape_reuse_cipher_change_bug", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG},
#endif
#if defined(SSL_OP_NO_ANTI_REPLAY)
{"no_anti_replay", SSL_OP_NO_ANTI_REPLAY},
#endif
#if defined(SSL_OP_NO_COMPRESSION)
{"no_compression", SSL_OP_NO_COMPRESSION},
#endif
......@@ -116,12 +125,18 @@ static ssl_option_t ssl_options[] = {
#if defined(SSL_OP_NO_TLSv1_2)
{"no_tlsv1_2", SSL_OP_NO_TLSv1_2},
#endif
#if defined(SSL_OP_NO_TLSv1_3)
{"no_tlsv1_3", SSL_OP_NO_TLSv1_3},
#endif
#if defined(SSL_OP_PKCS1_CHECK_1)
{"pkcs1_check_1", SSL_OP_PKCS1_CHECK_1},
#endif
#if defined(SSL_OP_PKCS1_CHECK_2)
{"pkcs1_check_2", SSL_OP_PKCS1_CHECK_2},
#endif
#if defined(SSL_OP_PRIORITIZE_CHACHA)
{"prioritize_chacha", SSL_OP_PRIORITIZE_CHACHA},
#endif
#if defined(SSL_OP_SAFARI_ECDHE_ECDSA_BUG)
{"safari_ecdhe_ecdsa_bug", SSL_OP_SAFARI_ECDHE_ECDSA_BUG},
#endif
......
......@@ -21,9 +21,9 @@ local function generate(options, version)
#define LSEC_OPTIONS_H
/*--------------------------------------------------------------------------
* LuaSec 0.7
* LuaSec 0.8
*
* Copyright (C) 2006-2018 Bruno Silvestre
* Copyright (C) 2006-2019 Bruno Silvestre
*
*--------------------------------------------------------------------------*/
......
/*--------------------------------------------------------------------------
* LuaSec 0.7
* LuaSec 0.8
*
* Copyright (C) 2014-2018 Kim Alvefur, Paul Aurich, Tobias Markmann,
* Copyright (C) 2014-2019 Kim Alvefur, Paul Aurich, Tobias Markmann,
* Matthew Wild.
* Copyright (C) 2006-2018 Bruno Silvestre.
* Copyright (C) 2006-2019 Bruno Silvestre.
*
*--------------------------------------------------------------------------*/
......@@ -11,7 +11,7 @@
#include <string.h>
#if defined(WIN32)
#include <Winsock2.h>
#include <winsock2.h>
#endif
#include <openssl/ssl.h>
......@@ -32,7 +32,7 @@
#include "ssl.h"
#if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER<0x10100000L
#if (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL) || (OPENSSL_VERSION_NUMBER < 0x1010000fL)
#define SSL_is_server(s) (s->server)
#define SSL_up_ref(ssl) CRYPTO_add(&(ssl)->references, 1, CRYPTO_LOCK_SSL)
#define X509_up_ref(c) CRYPTO_add(&c->references, 1, CRYPTO_LOCK_X509)
......@@ -302,9 +302,7 @@ static int meth_create(lua_State *L)
SSL_set_fd(ssl->ssl, (int)SOCKET_INVALID);