1 files changed, 245 insertions, 0 deletions
diff --git a/src/openssl.c b/src/openssl.c
index fa7dd79..59bcf1e 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -69,6 +69,7 @@
 #include <openssl/hmac.h>
 #include <openssl/rand.h>
 #include <openssl/des.h>
+#include <openssl/ocsp.h>
 #include <lua.h>
 #include <lualib.h>
@@ -274,6 +275,14 @@
 #define HAVE_SSL_CTX_CERT_STORE (!OPENSSL_PREREQ(1,1,0))
 #endif
+#ifndef HAVE_SSL_CTX_SET_TLSEXT_STATUS_TYPE
+#define HAVE_SSL_CTX_SET_TLSEXT_STATUS_TYPE OPENSSL_PREREQ(1,1,0)
+#endif
+#ifndef HAVE_SSL_CTX_GET_TLSEXT_STATUS_TYPE
+#define HAVE_SSL_CTX_GET_TLSEXT_STATUS_TYPE OPENSSL_PREREQ(1,1,0)
+#endif
 #ifndef HAVE_SSL_GET0_ALPN_SELECTED
 #define HAVE_SSL_GET0_ALPN_SELECTED HAVE_SSL_CTX_SET_ALPN_PROTOS
 #endif
@@ -290,6 +299,10 @@
 #define HAVE_SSL_SET1_PARAM OPENSSL_PREREQ(1,0,2)
 #endif
+#ifndef HAVE_SSL_GET_TLSEXT_STATUS_TYPE
+#define HAVE_SSL_GET_TLSEXT_STATUS_TYPE OPENSSL_PREREQ(1,1,0)
+#endif
 #ifndef HAVE_SSL_UP_REF
 #define HAVE_SSL_UP_REF OPENSSL_PREREQ(1,1,0)
 #endif
@@ -380,6 +393,8 @@
 #define DIGEST_CLASS     "EVP_MD_CTX*"
 #define HMAC_CLASS       "HMAC_CTX*"
 #define CIPHER_CLASS     "EVP_CIPHER_CTX*"
+#define OCSP_RESPONSE_CLASS "OCSP_RESPONSE*"
+#define OCSP_BASICRESP_CLASS "OCSP_BASICRESP*"
 #if __GNUC__
@@ -7916,6 +7931,48 @@ static int sx_setAlpnSelect(lua_State *L) {
 #endif
+int TLSEXT_STATUSTYPEs[] = { TLSEXT_STATUSTYPE_ocsp };
+const char *TLSEXT_STATUSTYPEs_names[] = { "ocsp", NULL };
+#define checkTLSEXT_STATUSTYPE(L, idx) \
+        (TLSEXT_STATUSTYPEs[luaL_checkoption((L), (idx), NULL, TLSEXT_STATUSTYPEs_names)])
+#if HAVE_SSL_CTX_SET_TLSEXT_STATUS_TYPE
+static int sx_setTLSextStatusType(lua_State *L) {
+        SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS);
+        int type = checkTLSEXT_STATUSTYPE(L, 2);
+        if(!SSL_CTX_set_tlsext_status_type(ctx, type))
+                return auxL_error(L, auxL_EOPENSSL, "ssl:setTLSextStatusType");
+        lua_pushboolean(L, 1);
+        return 1;
+} /* sx_setTLSextStatusType() */
+#endif
+#if HAVE_SSL_CTX_GET_TLSEXT_STATUS_TYPE
+static int sx_getTLSextStatusType(lua_State *L) {
+        SSL_CTX *ctx = checksimple(L, 1, SSL_CLASS);
+        int type = SSL_CTX_get_tlsext_status_type(ctx);
+        switch(type) {
+        case -1:
+                lua_pushnil(L);
+                break;
+        case TLSEXT_STATUSTYPE_ocsp:
+                lua_pushliteral(L, "ocsp");
+                break;
+        default:
+                luaL_error(L, "unknown TLS extension %d", type);
+        }
+        return 1;
+} /* sx_getTLSextStatusType() */
+#endif
 static int sx__gc(lua_State *L) {
        SSL_CTX **ud = luaL_checkudata(L, 1, SSL_CTX_CLASS);
@@ -7948,6 +8005,12 @@ static const auxL_Reg sx_methods[] = {
 #if HAVE_SSL_CTX_SET_ALPN_SELECT_CB
        { "setAlpnSelect",    &sx_setAlpnSelect },
 #endif
+#if HAVE_SSL_CTX_SET_TLSEXT_STATUS_TYPE
+        { "setTLSextStatusType", &sx_setTLSextStatusType },
+#endif
+#if HAVE_SSL_CTX_GET_TLSEXT_STATUS_TYPE
+        { "getTLSextStatusType", &sx_getTLSextStatusType },
+#endif
        { NULL, NULL },
 };
@@ -8300,6 +8363,63 @@ static int ssl_setAlpnProtos(lua_State *L) {
 #endif
+static int ssl_setTLSextStatusType(lua_State *L) {
+        SSL *ssl = checksimple(L, 1, SSL_CLASS);
+        int type = checkTLSEXT_STATUSTYPE(L, 2);
+        if(!SSL_set_tlsext_status_type(ssl, type))
+                return auxL_error(L, auxL_EOPENSSL, "ssl:setTLSextStatusType");
+        lua_pushboolean(L, 1);
+        return 1;
+} /* ssl_setTLSextStatusType() */
+#if HAVE_SSL_GET_TLSEXT_STATUS_TYPE
+static int ssl_getTLSextStatusType(lua_State *L) {
+        SSL *ssl = checksimple(L, 1, SSL_CLASS);
+        int type = SSL_get_tlsext_status_type(ssl);
+        switch(type) {
+        case -1:
+                lua_pushnil(L);
+                break;
+        case TLSEXT_STATUSTYPE_ocsp:
+                lua_pushliteral(L, "ocsp");
+                break;
+        default:
+                luaL_error(L, "unknown TLS extension %d", type);
+        }
+        return 1;
+} /* ssl_getTLSextStatusType() */
+#endif
+static int ssl_getTLSextStatusOCSPResp(lua_State *L) {
+        SSL *ssl = checksimple(L, 1, SSL_CLASS);
+        OCSP_RESPONSE **ud = prepsimple(L, OCSP_RESPONSE_CLASS);
+        const unsigned char *resp;
+        long resp_len;
+        resp_len = SSL_get_tlsext_status_ocsp_resp(ssl, &resp);
+        if (resp == NULL) {
+                lua_pushnil(L);
+                return 1;
+        }
+        if (resp_len == -1)
+                return auxL_error(L, auxL_EOPENSSL, "ssl:getTLSextStatusOCSPResp");
+        *ud = d2i_OCSP_RESPONSE(NULL, &resp, resp_len);
+        if(*ud == NULL)
+                return auxL_error(L, auxL_EOPENSSL, "ssl:getTLSextStatusOCSPResp");
+        return 1;
+} /* ssl_getTLSextStatusOCSPResp() */
 static int ssl__gc(lua_State *L) {
        SSL **ud = luaL_checkudata(L, 1, SSL_CLASS);
@@ -8332,6 +8452,11 @@ static const auxL_Reg ssl_methods[] = {
 #if HAVE_SSL_SET_ALPN_PROTOS
        { "setAlpnProtos",    &ssl_setAlpnProtos },
 #endif
+        { "setTLSextStatusType", &ssl_setTLSextStatusType },
+#if HAVE_SSL_GET_TLSEXT_STATUS_TYPE
+        { "getTLSextStatusType", &ssl_getTLSextStatusType },
+#endif
+        { "getTLSextStatusOCSPResp", &ssl_getTLSextStatusOCSPResp },
        { NULL,            NULL },
 };
@@ -9069,6 +9194,124 @@ int luaopen__openssl_cipher(lua_State *L) {
 /*
+ * OCSP
+ *
+ * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
+static int or_tostring(lua_State *L) {
+        OCSP_RESPONSE *resp = checksimple(L, 1, OCSP_RESPONSE_CLASS);
+        BIO *bio = getbio(L);
+        size_t len;
+        char *bytes;
+        if (!OCSP_RESPONSE_print(bio, resp, 0))
+                return auxL_error(L, auxL_EOPENSSL, "OCSP_RESPONSE:tostring");
+        len = BIO_get_mem_data(bio, &bytes);
+        lua_pushlstring(L, bytes, len);
+        return 1;
+} /* or__tostring() */
+static int or_toPEM(lua_State *L) {
+        OCSP_RESPONSE *resp = checksimple(L, 1, OCSP_RESPONSE_CLASS);
+        BIO *bio = getbio(L);
+        size_t len;
+        char *bytes;
+        if (!PEM_write_bio_OCSP_RESPONSE(bio, resp))
+                return auxL_error(L, auxL_EOPENSSL, "OCSP_RESPONSE:toPEM");
+        len = BIO_get_mem_data(bio, &bytes);
+        lua_pushlstring(L, bytes, len);
+        return 1;
+} /* or_toPEM() */
+static int or_getBasic(lua_State *L) {
+        OCSP_RESPONSE *resp = checksimple(L, 1, OCSP_RESPONSE_CLASS);
+        OCSP_BASICRESP **basic = prepsimple(L, OCSP_BASICRESP_CLASS);
+        *basic = OCSP_response_get1_basic(resp);
+        if (!*basic)
+                return auxL_error(L, auxL_EOPENSSL, "OCSP_RESPONSE:getBasic");
+        return 1;
+} /* or_getBasic() */
+static int or__gc(lua_State *L) {
+        OCSP_RESPONSE **ud = luaL_checkudata(L, 1, OCSP_RESPONSE_CLASS);
+        if (*ud) {
+                OCSP_RESPONSE_free(*ud);
+                *ud = NULL;
+        }
+        return 0;
+} /* or__gc() */
+static const auxL_Reg or_methods[] = {
+        { "tostring", &or_tostring },
+        { "toPEM",    &or_toPEM },
+        { "getBasic", &or_getBasic },
+        { NULL,       NULL },
+};
+static const auxL_Reg or_metatable[] = {
+        { "__tostring", &or_tostring },
+        { "__gc",       &or__gc },
+        { NULL,         NULL },
+};
+static int ob_verify(lua_State *L) {
+        OCSP_BASICRESP *basic = checksimple(L, 1, OCSP_BASICRESP_CLASS);
+        STACK_OF(X509) *certs = testsimple(L, 2, X509_CHAIN_CLASS);
+        X509_STORE *store = testsimple(L, 3, X509_STORE_CLASS);
+        unsigned long flags = luaL_optinteger(L, 4, 0);
+        int res = OCSP_basic_verify(basic, certs, store, flags);
+        if (res == -1)
+                return auxL_error(L, auxL_EOPENSSL, "OCSP_BASICRESP:verify");
+        lua_pushboolean(L, res);
+        if (res) {
+                return 1;
+        } else {
+                auxL_pusherror(L, auxL_EOPENSSL, NULL);
+                return 2;
+        }
+} /* ob_verify() */
+static int ob__gc(lua_State *L) {
+        OCSP_BASICRESP **ud = luaL_checkudata(L, 1, OCSP_BASICRESP_CLASS);
+        if (*ud) {
+                OCSP_BASICRESP_free(*ud);
+                *ud = NULL;
+        }
+        return 0;
+} /* or__gc() */
+static const auxL_Reg ob_methods[] = {
+        { "verify", &ob_verify },
+        { NULL, NULL },
+};
+static const auxL_Reg ob_metatable[] = {
+        { "__gc", &ob__gc },
+        { NULL,   NULL },
+};
+/*
 * Rand - openssl.rand
 *
 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
@@ -9633,5 +9876,7 @@ static void initall(lua_State *L) {
        auxL_addclass(L, DIGEST_CLASS, md_methods, md_metatable, 0);
        auxL_addclass(L, HMAC_CLASS, hmac_methods, hmac_metatable, 0);
        auxL_addclass(L, CIPHER_CLASS, cipher_methods, cipher_metatable, 0);
+        auxL_addclass(L, OCSP_RESPONSE_CLASS, or_methods, or_metatable, 0);
+        auxL_addclass(L, OCSP_BASICRESP_CLASS, ob_methods, ob_metatable, 0);
 } /* initall() */

diff --git a/src/openssl.c b/src/openssl.c index fa7dd79..59bcf1e 100644 --- a/src/openssl.c +++ b/src/openssl.c
@@ -69,6 +69,7 @@
69	#include <openssl/hmac.h>	69	#include <openssl/hmac.h>
70	#include <openssl/rand.h>	70	#include <openssl/rand.h>
71	#include <openssl/des.h>	71	#include <openssl/des.h>
		72	#include <openssl/ocsp.h>
72		73
73	#include <lua.h>	74	#include <lua.h>
74	#include <lualib.h>	75	#include <lualib.h>
@@ -274,6 +275,14 @@
274	#define HAVE_SSL_CTX_CERT_STORE (!OPENSSL_PREREQ(1,1,0))	275	#define HAVE_SSL_CTX_CERT_STORE (!OPENSSL_PREREQ(1,1,0))
275	#endif	276	#endif
276		277
		278	#ifndef HAVE_SSL_CTX_SET_TLSEXT_STATUS_TYPE
		279	#define HAVE_SSL_CTX_SET_TLSEXT_STATUS_TYPE OPENSSL_PREREQ(1,1,0)
		280	#endif
		281
		282	#ifndef HAVE_SSL_CTX_GET_TLSEXT_STATUS_TYPE
		283	#define HAVE_SSL_CTX_GET_TLSEXT_STATUS_TYPE OPENSSL_PREREQ(1,1,0)
		284	#endif
		285
277	#ifndef HAVE_SSL_GET0_ALPN_SELECTED	286	#ifndef HAVE_SSL_GET0_ALPN_SELECTED
278	#define HAVE_SSL_GET0_ALPN_SELECTED HAVE_SSL_CTX_SET_ALPN_PROTOS	287	#define HAVE_SSL_GET0_ALPN_SELECTED HAVE_SSL_CTX_SET_ALPN_PROTOS
279	#endif	288	#endif
@@ -290,6 +299,10 @@
290	#define HAVE_SSL_SET1_PARAM OPENSSL_PREREQ(1,0,2)	299	#define HAVE_SSL_SET1_PARAM OPENSSL_PREREQ(1,0,2)
291	#endif	300	#endif
292		301
		302	#ifndef HAVE_SSL_GET_TLSEXT_STATUS_TYPE
		303	#define HAVE_SSL_GET_TLSEXT_STATUS_TYPE OPENSSL_PREREQ(1,1,0)
		304	#endif
		305
293	#ifndef HAVE_SSL_UP_REF	306	#ifndef HAVE_SSL_UP_REF
294	#define HAVE_SSL_UP_REF OPENSSL_PREREQ(1,1,0)	307	#define HAVE_SSL_UP_REF OPENSSL_PREREQ(1,1,0)
295	#endif	308	#endif
@@ -380,6 +393,8 @@
380	#define DIGEST_CLASS "EVP_MD_CTX*"	393	#define DIGEST_CLASS "EVP_MD_CTX*"
381	#define HMAC_CLASS "HMAC_CTX*"	394	#define HMAC_CLASS "HMAC_CTX*"
382	#define CIPHER_CLASS "EVP_CIPHER_CTX*"	395	#define CIPHER_CLASS "EVP_CIPHER_CTX*"
		396	#define OCSP_RESPONSE_CLASS "OCSP_RESPONSE*"
		397	#define OCSP_BASICRESP_CLASS "OCSP_BASICRESP*"
383		398
384		399
385	#if __GNUC__	400	#if __GNUC__
@@ -7916,6 +7931,48 @@ static int sx_setAlpnSelect(lua_State *L) {
7916	#endif	7931	#endif
7917		7932
7918		7933
		7934	int TLSEXT_STATUSTYPEs[] = { TLSEXT_STATUSTYPE_ocsp };
		7935	const char *TLSEXT_STATUSTYPEs_names[] = { "ocsp", NULL };
		7936	#define checkTLSEXT_STATUSTYPE(L, idx) \
		7937	(TLSEXT_STATUSTYPEs[luaL_checkoption((L), (idx), NULL, TLSEXT_STATUSTYPEs_names)])
		7938
		7939
		7940	#if HAVE_SSL_CTX_SET_TLSEXT_STATUS_TYPE
		7941	static int sx_setTLSextStatusType(lua_State *L) {
		7942	SSL_CTX *ctx = checksimple(L, 1, SSL_CTX_CLASS);
		7943	int type = checkTLSEXT_STATUSTYPE(L, 2);
		7944
		7945	if(!SSL_CTX_set_tlsext_status_type(ctx, type))
		7946	return auxL_error(L, auxL_EOPENSSL, "ssl:setTLSextStatusType");
		7947
		7948	lua_pushboolean(L, 1);
		7949
		7950	return 1;
		7951	} /* sx_setTLSextStatusType() */
		7952	#endif
		7953
		7954
		7955	#if HAVE_SSL_CTX_GET_TLSEXT_STATUS_TYPE
		7956	static int sx_getTLSextStatusType(lua_State *L) {
		7957	SSL_CTX *ctx = checksimple(L, 1, SSL_CLASS);
		7958
		7959	int type = SSL_CTX_get_tlsext_status_type(ctx);
		7960	switch(type) {
		7961	case -1:
		7962	lua_pushnil(L);
		7963	break;
		7964	case TLSEXT_STATUSTYPE_ocsp:
		7965	lua_pushliteral(L, "ocsp");
		7966	break;
		7967	default:
		7968	luaL_error(L, "unknown TLS extension %d", type);
		7969	}
		7970
		7971	return 1;
		7972	} /* sx_getTLSextStatusType() */
		7973	#endif
		7974
		7975
7919	static int sx__gc(lua_State *L) {	7976	static int sx__gc(lua_State *L) {
7920	SSL_CTX **ud = luaL_checkudata(L, 1, SSL_CTX_CLASS);	7977	SSL_CTX **ud = luaL_checkudata(L, 1, SSL_CTX_CLASS);
7921		7978
@@ -7948,6 +8005,12 @@ static const auxL_Reg sx_methods[] = {
7948	#if HAVE_SSL_CTX_SET_ALPN_SELECT_CB	8005	#if HAVE_SSL_CTX_SET_ALPN_SELECT_CB
7949	{ "setAlpnSelect", &sx_setAlpnSelect },	8006	{ "setAlpnSelect", &sx_setAlpnSelect },
7950	#endif	8007	#endif
		8008	#if HAVE_SSL_CTX_SET_TLSEXT_STATUS_TYPE
		8009	{ "setTLSextStatusType", &sx_setTLSextStatusType },
		8010	#endif
		8011	#if HAVE_SSL_CTX_GET_TLSEXT_STATUS_TYPE
		8012	{ "getTLSextStatusType", &sx_getTLSextStatusType },
		8013	#endif
7951	{ NULL, NULL },	8014	{ NULL, NULL },
7952	};	8015	};
7953		8016
@@ -8300,6 +8363,63 @@ static int ssl_setAlpnProtos(lua_State *L) {
8300	#endif	8363	#endif
8301		8364
8302		8365
		8366	static int ssl_setTLSextStatusType(lua_State *L) {
		8367	SSL *ssl = checksimple(L, 1, SSL_CLASS);
		8368	int type = checkTLSEXT_STATUSTYPE(L, 2);
		8369
		8370	if(!SSL_set_tlsext_status_type(ssl, type))
		8371	return auxL_error(L, auxL_EOPENSSL, "ssl:setTLSextStatusType");
		8372
		8373	lua_pushboolean(L, 1);
		8374
		8375	return 1;
		8376	} /* ssl_setTLSextStatusType() */
		8377
		8378
		8379	#if HAVE_SSL_GET_TLSEXT_STATUS_TYPE
		8380	static int ssl_getTLSextStatusType(lua_State *L) {
		8381	SSL *ssl = checksimple(L, 1, SSL_CLASS);
		8382
		8383	int type = SSL_get_tlsext_status_type(ssl);
		8384	switch(type) {
		8385	case -1:
		8386	lua_pushnil(L);
		8387	break;
		8388	case TLSEXT_STATUSTYPE_ocsp:
		8389	lua_pushliteral(L, "ocsp");
		8390	break;
		8391	default:
		8392	luaL_error(L, "unknown TLS extension %d", type);
		8393	}
		8394
		8395	return 1;
		8396	} /* ssl_getTLSextStatusType() */
		8397	#endif
		8398
		8399
		8400	static int ssl_getTLSextStatusOCSPResp(lua_State *L) {
		8401	SSL *ssl = checksimple(L, 1, SSL_CLASS);
		8402
		8403	OCSP_RESPONSE **ud = prepsimple(L, OCSP_RESPONSE_CLASS);
		8404	const unsigned char *resp;
		8405	long resp_len;
		8406
		8407	resp_len = SSL_get_tlsext_status_ocsp_resp(ssl, &resp);
		8408	if (resp == NULL) {
		8409	lua_pushnil(L);
		8410	return 1;
		8411	}
		8412	if (resp_len == -1)
		8413	return auxL_error(L, auxL_EOPENSSL, "ssl:getTLSextStatusOCSPResp");
		8414
		8415	*ud = d2i_OCSP_RESPONSE(NULL, &resp, resp_len);
		8416	if(*ud == NULL)
		8417	return auxL_error(L, auxL_EOPENSSL, "ssl:getTLSextStatusOCSPResp");
		8418
		8419	return 1;
		8420	} /* ssl_getTLSextStatusOCSPResp() */
		8421
		8422
8303	static int ssl__gc(lua_State *L) {	8423	static int ssl__gc(lua_State *L) {
8304	SSL **ud = luaL_checkudata(L, 1, SSL_CLASS);	8424	SSL **ud = luaL_checkudata(L, 1, SSL_CLASS);
8305		8425
@@ -8332,6 +8452,11 @@ static const auxL_Reg ssl_methods[] = {
8332	#if HAVE_SSL_SET_ALPN_PROTOS	8452	#if HAVE_SSL_SET_ALPN_PROTOS
8333	{ "setAlpnProtos", &ssl_setAlpnProtos },	8453	{ "setAlpnProtos", &ssl_setAlpnProtos },
8334	#endif	8454	#endif
		8455	{ "setTLSextStatusType", &ssl_setTLSextStatusType },
		8456	#if HAVE_SSL_GET_TLSEXT_STATUS_TYPE
		8457	{ "getTLSextStatusType", &ssl_getTLSextStatusType },
		8458	#endif
		8459	{ "getTLSextStatusOCSPResp", &ssl_getTLSextStatusOCSPResp },
8335	{ NULL, NULL },	8460	{ NULL, NULL },
8336	};	8461	};
8337		8462
@@ -9069,6 +9194,124 @@ int luaopen__openssl_cipher(lua_State *L) {
9069		9194
9070		9195
9071	/*	9196	/*
		9197	* OCSP
		9198	*
		9199	* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
		9200
		9201
		9202	static int or_tostring(lua_State *L) {
		9203	OCSP_RESPONSE *resp = checksimple(L, 1, OCSP_RESPONSE_CLASS);
		9204	BIO *bio = getbio(L);
		9205	size_t len;
		9206	char *bytes;
		9207
		9208	if (!OCSP_RESPONSE_print(bio, resp, 0))
		9209	return auxL_error(L, auxL_EOPENSSL, "OCSP_RESPONSE:tostring");
		9210
		9211	len = BIO_get_mem_data(bio, &bytes);
		9212	lua_pushlstring(L, bytes, len);
		9213
		9214	return 1;
		9215	} /* or__tostring() */
		9216
		9217
		9218	static int or_toPEM(lua_State *L) {
		9219	OCSP_RESPONSE *resp = checksimple(L, 1, OCSP_RESPONSE_CLASS);
		9220	BIO *bio = getbio(L);
		9221	size_t len;
		9222	char *bytes;
		9223
		9224	if (!PEM_write_bio_OCSP_RESPONSE(bio, resp))
		9225	return auxL_error(L, auxL_EOPENSSL, "OCSP_RESPONSE:toPEM");
		9226
		9227	len = BIO_get_mem_data(bio, &bytes);
		9228	lua_pushlstring(L, bytes, len);
		9229
		9230	return 1;
		9231	} /* or_toPEM() */
		9232
		9233
		9234	static int or_getBasic(lua_State *L) {
		9235	OCSP_RESPONSE *resp = checksimple(L, 1, OCSP_RESPONSE_CLASS);
		9236
		9237	OCSP_BASICRESP **basic = prepsimple(L, OCSP_BASICRESP_CLASS);
		9238
		9239	*basic = OCSP_response_get1_basic(resp);
		9240	if (!*basic)
		9241	return auxL_error(L, auxL_EOPENSSL, "OCSP_RESPONSE:getBasic");
		9242
		9243	return 1;
		9244	} /* or_getBasic() */
		9245
		9246
		9247	static int or__gc(lua_State *L) {
		9248	OCSP_RESPONSE **ud = luaL_checkudata(L, 1, OCSP_RESPONSE_CLASS);
		9249
		9250	if (*ud) {
		9251	OCSP_RESPONSE_free(*ud);
		9252	*ud = NULL;
		9253	}
		9254
		9255	return 0;
		9256	} /* or__gc() */
		9257
		9258	static const auxL_Reg or_methods[] = {
		9259	{ "tostring", &or_tostring },
		9260	{ "toPEM", &or_toPEM },
		9261	{ "getBasic", &or_getBasic },
		9262	{ NULL, NULL },
		9263	};
		9264
		9265	static const auxL_Reg or_metatable[] = {
		9266	{ "__tostring", &or_tostring },
		9267	{ "__gc", &or__gc },
		9268	{ NULL, NULL },
		9269	};
		9270
		9271
		9272	static int ob_verify(lua_State *L) {
		9273	OCSP_BASICRESP *basic = checksimple(L, 1, OCSP_BASICRESP_CLASS);
		9274	STACK_OF(X509) *certs = testsimple(L, 2, X509_CHAIN_CLASS);
		9275	X509_STORE *store = testsimple(L, 3, X509_STORE_CLASS);
		9276	unsigned long flags = luaL_optinteger(L, 4, 0);
		9277
		9278	int res = OCSP_basic_verify(basic, certs, store, flags);
		9279	if (res == -1)
		9280	return auxL_error(L, auxL_EOPENSSL, "OCSP_BASICRESP:verify");
		9281
		9282	lua_pushboolean(L, res);
		9283	if (res) {
		9284	return 1;
		9285	} else {
		9286	auxL_pusherror(L, auxL_EOPENSSL, NULL);
		9287	return 2;
		9288	}
		9289	} /* ob_verify() */
		9290
		9291
		9292	static int ob__gc(lua_State *L) {
		9293	OCSP_BASICRESP **ud = luaL_checkudata(L, 1, OCSP_BASICRESP_CLASS);
		9294
		9295	if (*ud) {
		9296	OCSP_BASICRESP_free(*ud);
		9297	*ud = NULL;
		9298	}
		9299
		9300	return 0;
		9301	} /* or__gc() */
		9302
		9303
		9304	static const auxL_Reg ob_methods[] = {
		9305	{ "verify", &ob_verify },
		9306	{ NULL, NULL },
		9307	};
		9308
		9309	static const auxL_Reg ob_metatable[] = {
		9310	{ "__gc", &ob__gc },
		9311	{ NULL, NULL },
		9312	};
		9313
		9314	/*
9072	* Rand - openssl.rand	9315	* Rand - openssl.rand
9073	*	9316	*
9074	* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */	9317	* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
@@ -9633,5 +9876,7 @@ static void initall(lua_State *L) {
9633	auxL_addclass(L, DIGEST_CLASS, md_methods, md_metatable, 0);	9876	auxL_addclass(L, DIGEST_CLASS, md_methods, md_metatable, 0);
9634	auxL_addclass(L, HMAC_CLASS, hmac_methods, hmac_metatable, 0);	9877	auxL_addclass(L, HMAC_CLASS, hmac_methods, hmac_metatable, 0);
9635	auxL_addclass(L, CIPHER_CLASS, cipher_methods, cipher_metatable, 0);	9878	auxL_addclass(L, CIPHER_CLASS, cipher_methods, cipher_metatable, 0);
		9879	auxL_addclass(L, OCSP_RESPONSE_CLASS, or_methods, or_metatable, 0);
		9880	auxL_addclass(L, OCSP_BASICRESP_CLASS, ob_methods, ob_metatable, 0);
9636	} /* initall() */	9881	} /* initall() */
9637		9882