Merge commit 'a7d4cc5bbaabf8683b3b5cc1f42f9bd145cf1aa8' as 'src/deps/src/luasec'

src/deps/src/luasec/.gitignore

@@ -0,0 +1,3 @@
+/src/*.o
+/src/luasocket/*.o
+/*.dll

src/deps/src/luasec/CHANGELOG

@@ -0,0 +1,248 @@
+--------------------------------------------------------------------------------
+LuaSec 1.3.1
+---------------
+This version includes:
+
+* Fix: check if PSK is available
+
+--------------------------------------------------------------------------------
+LuaSec 1.3.0
+---------------
+This version includes:
+
+* Add :getlocalchain() + :getlocalcertificate() to mirror the peer methods (@mwild1)
+* Add Pre-Shared Key (PSK) support (@jclab-joseph)
+
+--------------------------------------------------------------------------------
+LuaSec 1.2.0
+---------------
+This version includes:
+
+* Add key material export method
+* Backguard compat for openssl on providers, like LTS linuxes
+
+--------------------------------------------------------------------------------
+LuaSec 1.1.0
+---------------
+This version includes:
+
+* Fix missing DANE flag
+* Remove unused parameter in https.lua
+
+--------------------------------------------------------------------------------
+LuaSec 1.0.2
+---------------
+This version includes:
+
+* Fix handle SSL_send SYSCALL error without errno
+* Fix off by one in cert:validat(notafter)
+* Fix meth_get_{sinagure => signature}_name function name
+* Fix update the Lua state reference on the selected SSL context after SNI
+* Fix ignore SSL_OP_BIT(n) macro and update option.c
+
+--------------------------------------------------------------------------------
+LuaSec 1.0.1
+---------------
+This version includes:
+
+
+* Fix luaL_buffinit() can use the stack and broke buffer_meth_receive()
+
+--------------------------------------------------------------------------------
+LuaSec 1.0
+---------------
+This version includes:
+
+
+* Add cert:getsignaturename()
+
+--------------------------------------------------------------------------------
+LuaSec 0.9
+---------------
+This version includes:
+
+
+* Add DNS-based Authentication of Named Entities (DANE) support
+* Add __close() metamethod
+* Fix deprecation warnings with OpenSSL 1.1
+* Fix special case listing of TLS 1.3 EC curves
+* Fix general_name leak in cert:extensions()
+* Fix unexported 'ssl.config' table
+* Replace $(LD) with $(CCLD) variable
+* Remove multiple definitions of 'ssl_options' variable
+* Use tag in git format: v0.9
+
+--------------------------------------------------------------------------------
+LuaSec 0.8.2
+---------------
+This version includes:
+
+* Fix unexported 'ssl.config' table (backported)
+
+--------------------------------------------------------------------------------
+LuaSec 0.8.1
+---------------
+This version includes:
+
+* Fix general_name leak in cert:extensions() (backported)
+
+--------------------------------------------------------------------------------
+LuaSec 0.8
+---------------
+This version includes:
+
+* Add support to ALPN
+* Add support to TLS 1.3
+* Add support to multiple certificates
+* Add timeout to https module (https.TIMEOUT)
+* Drop support to SSL 3.0
+* Drop support to TLS 1.0 from https module
+* Fix invalid reference to Lua state
+* Fix memory leak when get certficate extensions
+
+--------------------------------------------------------------------------------
+LuaSec 0.7.2
+---------------
+This version includes:
+
+* Fix unexported 'ssl.config' table (backported)
+
+--------------------------------------------------------------------------------
+LuaSec 0.7.1
+---------------
+This version includes:
+
+* Fix general_name leak in cert:extensions() (backported)
+
+--------------------------------------------------------------------------------
+LuaSec 0.7
+---------------
+LuaSec depends  on OpenSSL, and  integrates with LuaSocket to  make it
+easy to add secure connections to any Lua applications or scripts.
+
+Documentation: https://github.com/brunoos/luasec/wiki
+
+This version includes:
+
+* Add support to OpenSSL 1.1.0
+* Add support to elliptic curves list
+* Add ssl.config that exports some OpenSSL information
+* Add integration with luaossl
+
+--------------------------------------------------------------------------------
+LuaSec 0.6
+------------
+LuaSec depends  on OpenSSL, and  integrates with LuaSocket to  make it
+easy to add secure connections to any Lua applications or scripts.
+
+Documentation: https://github.com/brunoos/luasec/wiki
+
+This version includes:
+
+* Lua 5.2 and 5.3 compatibility
+
+* Context module:
+  - Add ctx:checkkey()
+
+* SSL module:
+  - Add conn:sni() and conn:getsniname()
+
+* Context options:
+  - Add "any" protocol ("sslv23" is deprecated)
+
+* HTTPS module:
+  - Using "any" protocol without SSLv2/SSLv3, by default
+
+* X509 module:
+  - Human readable IP address
+  - Add cert:issued()
+  - Add cert:pubkey()
+
+* Some bug fixes
+
+
+=> Thanks to everyone who collaborate with LuaSec <=
+
+--------------------------------------------------------------------------------
+LuaSec 0.5
+------------
+LuaSec depends  on OpenSSL, and  integrates with LuaSocket to  make it
+easy to add secure connections to any Lua applications or scripts.
+
+This  version  includes:
+
+  * A new certificate (X509) API, which supports:
+    - Reading  the subject  (identity) and  issuer of the certificate.
+    - Reading  various X509  extensions, including email  and dnsName.
+    - Converting  certificates  to and  from  the  standard ASCII  PEM
+      format.
+    - Generating the fingerprint/digest of a certificate  (using SHA1,
+      SHA256 or SHA512).
+    - Reading the  certificate's expiration, serial number,  and other
+      info.
+
+  * The ability  to get more  detailed information from  OpenSSL about
+    why a certificate failed verification, for each certificate in the
+    chain.
+  
+  * Flags to  force acceptance of invalid certificates,  e.g. to allow
+    the use of self-signed certificates in a Trust On First Use model.
+
+  * Flags to control checking CRLs for certificate revocation status.
+  
+  * Support for ECDH cipher suites.
+  
+  * An API  to get the TLS  'finished' messages used  for SASL channel
+    binding (e.g. the SCRAM PLUS mechanisms).
+
+The work in  this release was undertaken by  Kim Alvefur, Paul Aurich,
+Tobias Markmann, Bruno Silvestre and Matthew Wild.
+
+--------------------------------------------------------------------------------
+LuaSec 0.4.1
+------------
+- SSL options updated --- based on OpenSSL 1.0.0d.
+- Activate SSL_MODE_RELEASE_BUFFERS by default if it is available.
+  (thanks Prosody project)
+
+---------------------------------------------------------------------------------
+LuaSec 0.4
+------------
+- Add option 'no_ticket' (included in OpenSSL 0.9.8f).
+- Add HTTPS module. (thanks Tomas Guisasola and Pablo Musa)
+
+--------------------------------------------------------------------------------
+LuaSec 0.3.3
+------------
+- BUG: Clear the error queue before call I/O functions (see SSL_get_error 
+  manual).
+  (thanks Matthew Wild)
+
+--------------------------------------------------------------------------------
+LuaSec 0.3.2
+------------
+- BUG: Windows uses a different way to report socket error.
+  (thanks Sebastien Perin)
+
+--------------------------------------------------------------------------------
+LuaSec 0.3.1
+------------
+- BUG: receive("a") returns 'closed' error instead of the content when the
+  SSL/TLS connection is shut down cleanly. (thanks Matthias Diener)
+
+--------------------------------------------------------------------------------
+LuaSec 0.3
+----------
+- Add functions ssl.rawcontext() and ssl.rawconnection()
+- Add support to encrypted key password. (thanks Norbert Kiesel)
+
+--------------------------------------------------------------------------------
+LuaSec 0.2.1
+------------
+- 'key' and 'certificate' configurations become optional. (thanks René Rebe)
+- Add '_VERSION' variable to module.
+
+--------------------------------------------------------------------------------
+LuaSec 0.2
+----------
+Initial version

src/deps/src/luasec/INSTALL

@@ -0,0 +1,39 @@
+LuaSec 1.3.1
+------------
+
+* OpenSSL options:
+
+    By default, this version includes options for OpenSSL 3.0.8
+
+    If you need to generate the options for a different version of OpenSSL:
+
+      $ cd src
+      $ lua options.lua -g /usr/include/openssl/ssl.h > options.c
+
+--------------------------------------------------------------------------------
+
+* On Linux, BSD, and Mac OS X:
+
+  - Edit 'Makefile'
+    * Inform the path to where install the Lua modules (LUAPATH) and binaries 
+      modules (LUACPATH)
+    * If Lua or OpenSSL are not in the default path, set the 
+      variables INCDIR and LIBDIR.
+    * For Mac OS X, set the variable MACOSX_VERSION.
+
+  - Use 'make <platform>' to compile
+    * Platforms: linux, bsd, or macosx
+
+  - Use 'make install' to install the modules.
+
+--------------------------------------------------------------------------------
+
+* On Windows:
+  
+  - Use the Visual C++ project to compile the library.
+
+  - Copy the 'ssl.lua' file to some place in your LUA_PATH.
+
+  - Copy the 'ssl.dll' file to some place in your LUA_CPATH.
+
+  - Create a directory 'ssl' in your LUA_PATH and copy 'https.lua' to it.

src/deps/src/luasec/LICENSE

@@ -0,0 +1,21 @@
+LuaSec 1.3.1 license
+Copyright (C) 2006-2023 Bruno Silvestre, UFG
+
+Permission is hereby granted, free  of charge, to any person obtaining
+a  copy  of this  software  and  associated  documentation files  (the
+"Software"), to  deal in  the Software without  restriction, including
+without limitation  the rights to  use, copy, modify,  merge, publish,
+distribute,  sublicense, and/or sell  copies of  the Software,  and to
+permit persons to whom the Software  is furnished to do so, subject to
+the following conditions:
+
+The  above  copyright  notice  and  this permission  notice  shall  be
+included in all copies or substantial portions of the Software.
+
+THE  SOFTWARE IS  PROVIDED  "AS  IS", WITHOUT  WARRANTY  OF ANY  KIND,
+EXPRESS OR  IMPLIED, INCLUDING  BUT NOT LIMITED  TO THE  WARRANTIES OF
+MERCHANTABILITY,    FITNESS    FOR    A   PARTICULAR    PURPOSE    AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE,  ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

src/deps/src/luasec/Makefile

@@ -0,0 +1,56 @@
+# Inform the location to install the modules
+LUAPATH  ?= /usr/share/lua/5.1
+LUACPATH ?= /usr/lib/lua/5.1
+
+# Compile with build-in LuaSocket's help files.
+# Comment this lines if you will link with non-internal LuaSocket's help files
+#  and edit INCDIR and LIBDIR properly.
+EXTRA = luasocket
+DEFS  = -DWITH_LUASOCKET
+
+# Edit the lines below to inform new path, if necessary.
+# Path below points to internal LuaSocket's help files.
+INC_PATH ?= -I/usr/include
+LIB_PATH ?= -L/usr/lib
+INCDIR    = -I. $(INC_PATH)
+LIBDIR    = -L./luasocket $(LIB_PATH)
+
+# For Mac OS X: set the system version
+MACOSX_VERSION=10.11
+
+#----------------------
+# Do not edit this part
+
+.PHONY: all clean install none linux bsd macosx
+
+all: none
+
+none:
+	@echo "Usage: $(MAKE) <platform>"
+	@echo "  * linux"
+	@echo "  * bsd"
+	@echo "  * macosx"
+
+install:
+	@cd src && $(MAKE) LUACPATH="$(LUACPATH)" LUAPATH="$(LUAPATH)" install
+
+linux:
+	@echo "---------------------"
+	@echo "** Build for Linux **"
+	@echo "---------------------"
+	@cd src && $(MAKE) INCDIR="$(INCDIR)" LIBDIR="$(LIBDIR)" DEFS="$(DEFS)" EXTRA="$(EXTRA)" $@
+
+bsd:
+	@echo "-------------------"
+	@echo "** Build for BSD **"
+	@echo "-------------------"
+	@cd src && $(MAKE) INCDIR="$(INCDIR)" LIBDIR="$(LIBDIR)" DEFS="$(DEFS)" EXTRA="$(EXTRA)" $@
+
+macosx:
+	@echo "------------------------------"
+	@echo "** Build for Mac OS X $(MACOSX_VERSION) **"
+	@echo "------------------------------"
+	@cd src && $(MAKE) INCDIR="$(INCDIR)" LIBDIR="$(LIBDIR)" MACVER="$(MACOSX_VERSION)" DEFS="$(DEFS)" EXTRA="$(EXTRA)" $@
+
+clean:
+	@cd src && $(MAKE) clean

src/deps/src/luasec/README.md

@@ -0,0 +1,6 @@
+LuaSec 1.3.1
+===============
+LuaSec depends  on OpenSSL, and  integrates with LuaSocket to  make it
+easy to add secure connections to any Lua applications or scripts.
+
+Documentation: https://github.com/brunoos/luasec/wiki

src/deps/src/luasec/luasec-1.3.1-1.rockspec

@@ -0,0 +1,105 @@
+package = "LuaSec"
+version = "1.3.1-1"
+source = {
+  url = "git+https://github.com/brunoos/luasec",
+  tag = "v1.3.1",
+}
+description = {
+   summary = "A binding for OpenSSL library to provide TLS/SSL communication over LuaSocket.",
+   detailed = "This version delegates to LuaSocket the TCP connection establishment between the client and server. Then LuaSec uses this connection to start a secure TLS/SSL session.",
+   homepage = "https://github.com/brunoos/luasec/wiki",
+   license = "MIT"
+}
+dependencies = {
+   "lua >= 5.1", "luasocket"
+}
+external_dependencies = {
+   platforms = {
+      unix = {
+         OPENSSL = {
+            header = "openssl/ssl.h",
+            library = "ssl"
+         }
+      },
+      windows = {
+         OPENSSL = {
+            header = "openssl/ssl.h",
+         }
+      },
+   }
+}
+build = {
+   type = "builtin",
+   copy_directories = {
+      "samples"
+   },
+   platforms = {
+      unix = {
+         install = {
+            lib = {
+               "ssl.so"
+            },
+            lua = {
+               "src/ssl.lua", ['ssl.https'] = "src/https.lua"
+            }
+         },
+         modules = {
+            ssl = {
+               defines = {
+                  "WITH_LUASOCKET", "LUASOCKET_DEBUG",
+               },
+               incdirs = {
+                  "$(OPENSSL_INCDIR)", "src/", "src/luasocket",
+               },
+               libdirs = {
+                  "$(OPENSSL_LIBDIR)"
+               },
+               libraries = {
+                  "ssl", "crypto"
+               },
+               sources = {
+                  "src/options.c", "src/config.c", "src/ec.c", 
+                  "src/x509.c", "src/context.c", "src/ssl.c", 
+                  "src/luasocket/buffer.c", "src/luasocket/io.c",
+                  "src/luasocket/timeout.c", "src/luasocket/usocket.c"
+               }
+            }
+         }
+      },
+      windows = {
+         install = {
+            lib = {
+               "ssl.dll"
+            },
+            lua = {
+               "src/ssl.lua", ['ssl.https'] = "src/https.lua"
+            }
+         },
+         modules = {
+            ssl = {
+               defines = {
+                  "WIN32", "NDEBUG", "_WINDOWS", "_USRDLL", "LSEC_EXPORTS", "BUFFER_DEBUG", "LSEC_API=__declspec(dllexport)",
+                  "WITH_LUASOCKET", "LUASOCKET_DEBUG",
+                  "LUASEC_INET_NTOP", "WINVER=0x0501", "_WIN32_WINNT=0x0501", "NTDDI_VERSION=0x05010300"
+               },
+               libdirs = {
+                  "$(OPENSSL_LIBDIR)",
+                  "$(OPENSSL_BINDIR)",
+               },
+               libraries = {
+                  "libssl", "libcrypto", "ws2_32"
+               },
+               incdirs = {
+                  "$(OPENSSL_INCDIR)", "src/", "src/luasocket"
+               },
+               sources = {
+                  "src/options.c", "src/config.c", "src/ec.c", 
+                  "src/x509.c", "src/context.c", "src/ssl.c", 
+                  "src/luasocket/buffer.c", "src/luasocket/io.c",
+                  "src/luasocket/timeout.c", "src/luasocket/wsocket.c"
+               }
+            }
+         }
+      }
+   }
+}

src/deps/src/luasec/luasec.sln

@@ -0,0 +1,19 @@
+Microsoft Visual Studio Solution File, Format Version 11.00
+# Visual C++ Express 2010
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "luasec", "luasec.vcxproj", "{A629932F-8819-4C0B-8835-CBF1FEED6376}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Win32 = Debug|Win32
+		Release|Win32 = Release|Win32
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{A629932F-8819-4C0B-8835-CBF1FEED6376}.Debug|Win32.ActiveCfg = Debug|Win32
+		{A629932F-8819-4C0B-8835-CBF1FEED6376}.Debug|Win32.Build.0 = Debug|Win32
+		{A629932F-8819-4C0B-8835-CBF1FEED6376}.Release|Win32.ActiveCfg = Release|Win32
+		{A629932F-8819-4C0B-8835-CBF1FEED6376}.Release|Win32.Build.0 = Release|Win32
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+EndGlobal

src/deps/src/luasec/luasec.vcxproj

@@ -0,0 +1,131 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{A629932F-8819-4C0B-8835-CBF1FEED6376}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v140</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <CharacterSet>MultiByte</CharacterSet>
+    <PlatformToolset>v140</PlatformToolset>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+    <Import Project="$(VCTargetsPath)Microsoft.CPP.UpgradeFromVC71.props" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+    <Import Project="$(VCTargetsPath)Microsoft.CPP.UpgradeFromVC71.props" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup>
+    <_ProjectFileVersion>10.0.30319.1</_ProjectFileVersion>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Debug\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Debug\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</LinkIncremental>
+    <OutDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Release\</OutDir>
+    <IntDir Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Release\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</LinkIncremental>
+    <TargetName Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">ssl</TargetName>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <Optimization>Disabled</Optimization>
+      <AdditionalIncludeDirectories>C:\devel\openssl\include;C:\devel\lua-dll9\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;_USRDLL;LUASEC_EXPORTS;LUASEC_INET_NTOP;WINVER=0x0501;_WIN32_WINNT=0x0501;NTDDI_VERSION=0x05010300;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <MinimalRebuild>true</MinimalRebuild>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ws2_32.lib;libssl.lib;libcrypto.lib;lua5.1.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)ssl.dll</OutputFile>
+      <AdditionalLibraryDirectories>C:\devel\openssl\lib\VC;C:\devel\lua-dll9;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ProgramDatabaseFile>$(OutDir)luasec.pdb</ProgramDatabaseFile>
+      <SubSystem>Windows</SubSystem>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <ImportLibrary>$(OutDir)ssl.lib</ImportLibrary>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <AdditionalIncludeDirectories>C:\devel\openssl-1.1.0\include;C:\devel\lua-5.1\include;.\src;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>WIN32;_WIN32;NDEBUG;_WINDOWS;_USRDLL;LUASOCKET_DEBUG;WITH_LUASOCKET;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>ws2_32.lib;libssl.lib;libcrypto.lib;lua5.1.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <OutputFile>$(OutDir)$(TargetName)$(TargetExt)</OutputFile>
+      <AdditionalLibraryDirectories>C:\devel\openssl-1.1.0\lib\VC;C:\devel\lua-5.1\lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <SubSystem>Windows</SubSystem>
+      <OptimizeReferences>true</OptimizeReferences>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <RandomizedBaseAddress>false</RandomizedBaseAddress>
+      <DataExecutionPrevention>
+      </DataExecutionPrevention>
+      <ImportLibrary>$(OutDir)ssl.lib</ImportLibrary>
+      <TargetMachine>MachineX86</TargetMachine>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="src\config.c" />
+    <ClCompile Include="src\context.c" />
+    <ClCompile Include="src\ec.c" />
+    <ClCompile Include="src\luasocket\buffer.c" />
+    <ClCompile Include="src\luasocket\io.c" />
+    <ClCompile Include="src\luasocket\timeout.c" />
+    <ClCompile Include="src\luasocket\wsocket.c" />
+    <ClCompile Include="src\options.c" />
+    <ClCompile Include="src\ssl.c" />
+    <ClCompile Include="src\x509.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="src\compat.h" />
+    <ClInclude Include="src\config.h" />
+    <ClInclude Include="src\context.h" />
+    <ClInclude Include="src\ec.h" />
+    <ClInclude Include="src\luasocket\buffer.h" />
+    <ClInclude Include="src\luasocket\io.h" />
+    <ClInclude Include="src\luasocket\socket.h" />
+    <ClInclude Include="src\luasocket\timeout.h" />
+    <ClInclude Include="src\luasocket\wsocket.h" />
+    <ClInclude Include="src\options.h" />
+    <ClInclude Include="src\ssl.h" />
+    <ClInclude Include="src\x509.h" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>

src/deps/src/luasec/samples/README

@@ -0,0 +1,67 @@
+Directories: 
+------------
+* alpn
+ Test ALPN (Application-Layer Protocol Negotiation) support.
+
+* certs
+ Contains scripts to generate the certificates used by the examples.
+ Generate Root CA 'A' and 'B' first, then the servers and clients.
+
+* chain
+ Example of certificate chain in handshake.
+
+* curve-negotiation
+ Elliptic curve negotiation.
+
+* dhparam
+ DH parameters for handshake.
+
+* digest
+ Certificate digest.
+
+* ecdh
+ Elliptic curve cipher.
+
+* info
+ Information about the connection.
+
+* key
+ Test encrypted private key.
+
+* loop
+ Test successive connections between the server and the client 
+ (to check memory leak).
+
+* loop-gc
+ Same of above,  but the connection is not  explicit closed, the gabage
+ collector is encharge of that.
+
+* luaossl
+ Integration with luaossl.
+
+* multicert
+ Support to multiple certificate for dual RSA/ECDSA.
+
+* oneshot
+ A simple connection example.
+
+* psk
+ PSK(Pre Shared Key) support.
+
+* sni
+ Support to SNI (Server Name Indication).
+
+* verification
+ Retrieve the certificate verification errors from the handshake.
+
+* verify
+ Ignore handshake errors and proceed.
+
+* want
+ Test want() method.
+
+* wantread
+ Test timeout in handshake() and receive().
+
+* wantwrite
+ Test timeout in send().

src/deps/src/luasec/samples/alpn/client.lua

@@ -0,0 +1,27 @@
+--
+-- Public domain
+--
+local socket = require("socket")
+local ssl    = require("ssl")
+
+local params = {
+   mode = "client",
+   protocol = "tlsv1_2",
+   key = "../certs/clientAkey.pem",
+   certificate = "../certs/clientA.pem",
+   cafile = "../certs/rootA.pem",
+   verify = {"peer", "fail_if_no_peer_cert"},
+   options = "all",
+   --alpn = {"foo","bar","baz"}
+   alpn = "foo"
+}
+
+local peer = socket.tcp()
+peer:connect("127.0.0.1", 8888)
+
+peer = assert( ssl.wrap(peer, params) )
+assert(peer:dohandshake())
+
+print("ALPN", peer:getalpn())
+
+peer:close()

src/deps/src/luasec/samples/alpn/server.lua

@@ -0,0 +1,77 @@
+--
+-- Public domain
+--
+local socket = require("socket")
+local ssl    = require("ssl")
+
+--
+-- Callback that selects one protocol from client's list.
+--
+local function alpncb01(protocols)
+   print("--- ALPN protocols from client")
+   for k, v in ipairs(protocols) do
+      print(k, v)
+   end
+   print("--- Selecting:", protocols[1])
+   return protocols[1]
+end
+
+--
+-- Callback that returns a fixed list, ignoring the client's list.
+--
+local function alpncb02(protocols)
+   print("--- ALPN protocols from client")
+   for k, v in ipairs(protocols) do
+      print(k, v)
+   end
+   print("--- Returning a fixed list") 
+   return {"bar", "foo"}
+end
+
+--
+-- Callback that generates a list as it whishes.
+--
+local function alpncb03(protocols)
+   local resp = {}
+   print("--- ALPN protocols from client")
+   for k, v in ipairs(protocols) do
+      print(k, v)
+      if k%2 ~= 0 then resp[#resp+1] = v end
+   end
+   print("--- Returning an odd list")
+   return resp
+end
+
+
+local params = {
+   mode = "server",
+   protocol = "any",
+   key = "../certs/serverAkey.pem",
+   certificate = "../certs/serverA.pem",
+   cafile = "../certs/rootA.pem",
+   verify = {"peer", "fail_if_no_peer_cert"},
+   options = "all",
+   --alpn = alpncb01,
+   --alpn = alpncb02,
+   --alpn = alpncb03,
+   alpn = {"bar", "baz", "foo"},
+}
+
+
+-- [[ SSL context
+local ctx = assert(ssl.newcontext(params))
+--]]
+
+local server = socket.tcp()
+server:setoption('reuseaddr', true)
+assert( server:bind("127.0.0.1", 8888) )
+server:listen()
+
+local peer = server:accept()
+peer = assert( ssl.wrap(peer, ctx) )
+assert( peer:dohandshake() )
+
+print("ALPN", peer:getalpn())
+
+peer:close()
+server:close()

src/deps/src/luasec/samples/certs/all.bat

@@ -0,0 +1,14 @@
+REM make sure the 'openssl.exe' commandline tool is in your path before starting!
+REM set the path below;
+set opensslpath=c:\program files (x86)\openssl-win32\bin
+
+
+
+setlocal
+set path=%opensslpath%;%path%
+call roota.bat
+call rootb.bat
+call servera.bat
+call serverb.bat
+call clienta.bat
+call clientb.bat

src/deps/src/luasec/samples/certs/all.sh

@@ -0,0 +1,7 @@
+#!/bin/sh
+./rootA.sh
+./rootB.sh
+./clientA.sh
+./clientB.sh
+./serverA.sh
+./serverB.sh

src/deps/src/luasec/samples/certs/clientA.bat

@@ -0,0 +1,9 @@
+rem #!/bin/sh
+
+openssl req -newkey rsa:1024 -sha1 -keyout clientAkey.pem -out clientAreq.pem -nodes -config ./clientA.cnf -days 365 -batch
+
+openssl x509 -req -in clientAreq.pem -sha1 -extfile ./clientA.cnf -extensions usr_cert -CA rootA.pem -CAkey rootAkey.pem -CAcreateserial -out clientAcert.pem -days 365
+
+copy clientAcert.pem + rootA.pem clientA.pem
+
+openssl x509 -subject -issuer -noout -in clientA.pem

src/deps/src/luasec/samples/certs/clientA.cnf

@@ -0,0 +1,316 @@
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= ./demoCA		# Where everything is kept
+certs		= $dir/certs		# Where the issued certs are kept
+crl_dir		= $dir/crl		# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+#unique_subject	= no			# Set to 'no' to allow creation of
+					# several ctificates with same subject.
+new_certs_dir	= $dir/newcerts		# default place for new certs.
+
+certificate	= $dir/cacert.pem 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crlnumber	= $dir/crlnumber	# the current crl number
+					# must be commented out to leave a V1 CRL
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/private/cakey.pem # The private key
+RANDFILE	= $dir/private/.rand	# private random number file
+
+x509_extensions	= usr_cert		# The extensions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt 	= ca_default		# Subject Name options
+cert_opt 	= ca_default		# Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 365			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha1			# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= 1024
+default_keyfile 	= privkey.pem
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extensions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options. 
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= BR
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= Some-State
+stateOrProvinceName_default	= Espirito Santo
+
+localityName			= Locality Name (eg, city)
+localityName_default		= Santo Antonio do Canaa
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= Sao Tonico Ltda
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+organizationalUnitName_default	= Department of Computer Science
+
+commonName			= Common Name (eg, YOUR name)
+commonName_default		= Client A
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_max		= 64
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo

src/deps/src/luasec/samples/certs/clientA.sh

@@ -0,0 +1,12 @@
+#!/bin/sh
+
+openssl req -newkey rsa:2048 -sha256 -keyout clientAkey.pem -out clientAreq.pem \
+  -nodes -config ./clientA.cnf -days 365 -batch
+
+openssl x509 -req -in clientAreq.pem -sha256 -extfile ./clientA.cnf \
+  -extensions usr_cert -CA rootA.pem -CAkey rootAkey.pem -CAcreateserial \
+  -out clientAcert.pem -days 365
+
+cat clientAcert.pem rootA.pem > clientA.pem
+
+openssl x509 -subject -issuer -noout -in clientA.pem

src/deps/src/luasec/samples/certs/clientB.bat

@@ -0,0 +1,9 @@
+rem #!/bin/sh
+
+openssl req -newkey rsa:1024 -sha1 -keyout clientBkey.pem -out clientBreq.pem -nodes -config ./clientB.cnf -days 365 -batch
+
+openssl x509 -req -in clientBreq.pem -sha1 -extfile ./clientB.cnf -extensions usr_cert -CA rootB.pem -CAkey rootBkey.pem -CAcreateserial -out clientBcert.pem -days 365
+
+copy clientBcert.pem + rootB.pem clientB.pem
+
+openssl x509 -subject -issuer -noout -in clientB.pem

src/deps/src/luasec/samples/certs/clientB.cnf

@@ -0,0 +1,316 @@
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= ./demoCA		# Where everything is kept
+certs		= $dir/certs		# Where the issued certs are kept
+crl_dir		= $dir/crl		# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+#unique_subject	= no			# Set to 'no' to allow creation of
+					# several ctificates with same subject.
+new_certs_dir	= $dir/newcerts		# default place for new certs.
+
+certificate	= $dir/cacert.pem 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crlnumber	= $dir/crlnumber	# the current crl number
+					# must be commented out to leave a V1 CRL
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/private/cakey.pem # The private key
+RANDFILE	= $dir/private/.rand	# private random number file
+
+x509_extensions	= usr_cert		# The extensions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt 	= ca_default		# Subject Name options
+cert_opt 	= ca_default		# Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 365			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha1			# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= 1024
+default_keyfile 	= privkey.pem
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extensions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options. 
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= BR
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= Some-State
+stateOrProvinceName_default	= Espirito Santo
+
+localityName			= Locality Name (eg, city)
+localityName_default		= Santo Antonio do Canaa
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= Sao Tonico Ltda
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+organizationalUnitName_default	= Department of Computer Science
+
+commonName			= Common Name (eg, YOUR name)
+commonName_default		= Client B
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_max		= 64
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo

src/deps/src/luasec/samples/certs/clientB.sh

@@ -0,0 +1,12 @@
+#!/bin/sh
+
+openssl req -newkey rsa:2048 -sha256 -keyout clientBkey.pem -out clientBreq.pem \
+  -nodes -config ./clientB.cnf -days 365 -batch
+
+openssl x509 -req -in clientBreq.pem -sha256 -extfile ./clientB.cnf \
+  -extensions usr_cert -CA rootB.pem -CAkey rootBkey.pem -CAcreateserial \
+  -out clientBcert.pem -days 365
+
+cat clientBcert.pem rootB.pem > clientB.pem
+
+openssl x509 -subject -issuer -noout -in clientB.pem

src/deps/src/luasec/samples/certs/rootA.bat

@@ -0,0 +1,7 @@
+REM #!/bin/sh
+
+openssl req -newkey rsa:1024 -sha1 -keyout rootAkey.pem -out rootAreq.pem -nodes -config ./rootA.cnf -days 365 -batch
+
+openssl x509 -req -in rootAreq.pem -sha1 -extfile ./rootA.cnf -extensions v3_ca -signkey rootAkey.pem -out rootA.pem -days 365
+
+openssl x509 -subject -issuer -noout -in rootA.pem

src/deps/src/luasec/samples/certs/rootA.cnf

@@ -0,0 +1,315 @@
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= ./demoCA		# Where everything is kept
+certs		= $dir/certs		# Where the issued certs are kept
+crl_dir		= $dir/crl		# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+#unique_subject	= no			# Set to 'no' to allow creation of
+					# several ctificates with same subject.
+new_certs_dir	= $dir/newcerts		# default place for new certs.
+
+certificate	= $dir/cacert.pem 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crlnumber	= $dir/crlnumber	# the current crl number
+					# must be commented out to leave a V1 CRL
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/private/cakey.pem # The private key
+RANDFILE	= $dir/private/.rand	# private random number file
+
+x509_extensions	= usr_cert		# The extensions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt 	= ca_default		# Subject Name options
+cert_opt 	= ca_default		# Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 365			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha1			# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= 1024
+default_keyfile 	= privkey.pem
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extensions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options. 
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= BR
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= Espirito Santo
+
+localityName			= Locality Name (eg, city)
+localityName_default		= Santo Antonio do Canaa
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= Santo Tonico Ltda
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+organizationalUnitName_default	= Department of Computer Science
+
+commonName			= Common Name (eg, YOUR name)
+commonName_max			= 64
+commonName_default		= Root A
+
+emailAddress			= Email Address
+emailAddress_max		= 64
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo

src/deps/src/luasec/samples/certs/rootA.sh

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+openssl req -newkey rsa:2048 -sha256 -keyout rootAkey.pem -out rootAreq.pem -nodes -config ./rootA.cnf -days 365 -batch
+
+openssl x509 -req -in rootAreq.pem -sha256 -extfile ./rootA.cnf -extensions v3_ca -signkey rootAkey.pem -out rootA.pem -days 365
+
+openssl x509 -subject -issuer -noout -in rootA.pem

src/deps/src/luasec/samples/certs/rootB.bat

@@ -0,0 +1,7 @@
+rem #!/bin/sh
+
+openssl req -newkey rsa:1024 -sha1 -keyout rootBkey.pem -out rootBreq.pem -nodes -config ./rootB.cnf -days 365 -batch
+
+openssl x509 -req -in rootBreq.pem -sha1 -extfile ./rootB.cnf -extensions v3_ca -signkey rootBkey.pem -out rootB.pem -days 365
+
+openssl x509 -subject -issuer -noout -in rootB.pem

src/deps/src/luasec/samples/certs/rootB.cnf

@@ -0,0 +1,315 @@
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= ./demoCA		# Where everything is kept
+certs		= $dir/certs		# Where the issued certs are kept
+crl_dir		= $dir/crl		# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+#unique_subject	= no			# Set to 'no' to allow creation of
+					# several ctificates with same subject.
+new_certs_dir	= $dir/newcerts		# default place for new certs.
+
+certificate	= $dir/cacert.pem 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crlnumber	= $dir/crlnumber	# the current crl number
+					# must be commented out to leave a V1 CRL
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/private/cakey.pem # The private key
+RANDFILE	= $dir/private/.rand	# private random number file
+
+x509_extensions	= usr_cert		# The extensions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt 	= ca_default		# Subject Name options
+cert_opt 	= ca_default		# Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 365			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha1			# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= 1024
+default_keyfile 	= privkey.pem
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extensions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options. 
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= BR
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= Espirito Santo
+
+localityName			= Locality Name (eg, city)
+localityName_default		= Santo Antonio do Canaa
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= Sao Tonico Ltda
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+organizationalUnitName_default	= Department of Computer Science
+
+commonName			= Common Name (eg, YOUR name)
+commonName_default		= Root B
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_max		= 64
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo

src/deps/src/luasec/samples/certs/rootB.sh

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+openssl req -newkey rsa:2048 -sha256 -keyout rootBkey.pem -out rootBreq.pem -nodes -config ./rootB.cnf -days 365 -batch
+
+openssl x509 -req -in rootBreq.pem -sha256 -extfile ./rootB.cnf -extensions v3_ca -signkey rootBkey.pem -out rootB.pem -days 365
+
+openssl x509 -subject -issuer -noout -in rootB.pem

src/deps/src/luasec/samples/certs/serverA.bat

@@ -0,0 +1,9 @@
+rem #!/bin/sh
+
+openssl req -newkey rsa:1024 -keyout serverAkey.pem -out serverAreq.pem -config ./serverA.cnf -nodes -days 365 -batch
+
+openssl x509 -req -in serverAreq.pem -sha1 -extfile ./serverA.cnf -extensions usr_cert -CA rootA.pem -CAkey rootAkey.pem -CAcreateserial -out serverAcert.pem -days 365
+
+copy serverAcert.pem + rootA.pem serverA.pem
+
+openssl x509 -subject -issuer -noout -in serverA.pem

src/deps/src/luasec/samples/certs/serverA.cnf

@@ -0,0 +1,316 @@
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= ./demoCA		# Where everything is kept
+certs		= $dir/certs		# Where the issued certs are kept
+crl_dir		= $dir/crl		# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+#unique_subject	= no			# Set to 'no' to allow creation of
+					# several ctificates with same subject.
+new_certs_dir	= $dir/newcerts		# default place for new certs.
+
+certificate	= $dir/cacert.pem 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crlnumber	= $dir/crlnumber	# the current crl number
+					# must be commented out to leave a V1 CRL
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/private/cakey.pem # The private key
+RANDFILE	= $dir/private/.rand	# private random number file
+
+x509_extensions	= usr_cert		# The extensions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt 	= ca_default		# Subject Name options
+cert_opt 	= ca_default		# Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 365			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha1			# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= 1024
+default_keyfile 	= privkey.pem
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extensions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options. 
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_ext # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= BR
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= Some-State
+stateOrProvinceName_default	= Espirito Santo
+
+localityName			= Locality Name (eg, city)
+localityName_default		= Santo Antonio do Canaa
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= Sao Tonico Ltda
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+organizationalUnitName_default	= Department of Computer Science
+
+commonName			= Common Name (eg, YOUR name)
+commonName_default		= Server A
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_max		= 64
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+subjectAltName=DNS:foo.bar.example
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo

src/deps/src/luasec/samples/certs/serverA.sh

@@ -0,0 +1,12 @@
+#!/bin/sh
+
+openssl req -newkey rsa:2048 -sha256 -keyout serverAkey.pem -out serverAreq.pem \
+   -config ./serverA.cnf -nodes -days 365 -batch
+
+openssl x509 -req -in serverAreq.pem -sha256 -extfile ./serverA.cnf \
+   -extensions usr_cert -CA rootA.pem -CAkey rootAkey.pem -CAcreateserial \
+   -out serverAcert.pem -days 365
+
+cat serverAcert.pem rootA.pem > serverA.pem
+
+openssl x509 -subject -issuer -noout -in serverA.pem

src/deps/src/luasec/samples/certs/serverB.bat

@@ -0,0 +1,9 @@
+rem #!/bin/sh
+
+openssl req -newkey rsa:1024 -keyout serverBkey.pem -out serverBreq.pem -config ./serverB.cnf -nodes -days 365 -batch
+
+openssl x509 -req -in serverBreq.pem -sha1 -extfile ./serverB.cnf -extensions usr_cert -CA rootB.pem -CAkey rootBkey.pem -CAcreateserial -out serverBcert.pem -days 365
+
+copy serverBcert.pem + rootB.pem serverB.pem
+
+openssl x509 -subject -issuer -noout -in serverB.pem

src/deps/src/luasec/samples/certs/serverB.cnf

@@ -0,0 +1,316 @@
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= ./demoCA		# Where everything is kept
+certs		= $dir/certs		# Where the issued certs are kept
+crl_dir		= $dir/crl		# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+#unique_subject	= no			# Set to 'no' to allow creation of
+					# several ctificates with same subject.
+new_certs_dir	= $dir/newcerts		# default place for new certs.
+
+certificate	= $dir/cacert.pem 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crlnumber	= $dir/crlnumber	# the current crl number
+					# must be commented out to leave a V1 CRL
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/private/cakey.pem # The private key
+RANDFILE	= $dir/private/.rand	# private random number file
+
+x509_extensions	= usr_cert		# The extensions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt 	= ca_default		# Subject Name options
+cert_opt 	= ca_default		# Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 365			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha1			# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= 1024
+default_keyfile 	= privkey.pem
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extensions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options. 
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= BR
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= Some-State
+stateOrProvinceName_default	= Espirito Santo
+
+localityName			= Locality Name (eg, city)
+localityName_default		= Santo Antonio do Canaa
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= Sao Tonico Ltda
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+organizationalUnitName_default	= Department of Computer Science
+
+commonName			= Common Name (eg, YOUR name)
+commonName_default		= Server B
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_max		= 64
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+subjectAltName=DNS:fnord.bar.example
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo

src/deps/src/luasec/samples/certs/serverB.sh

@@ -0,0 +1,12 @@
+#!/bin/sh
+
+openssl req -newkey rsa:2048 -sha256 -keyout serverBkey.pem -out serverBreq.pem \
+   -config ./serverB.cnf -nodes -days 365 -batch
+
+openssl x509 -req -in serverBreq.pem -sha256 -extfile ./serverB.cnf \
+   -extensions usr_cert -CA rootB.pem -CAkey rootBkey.pem -CAcreateserial \
+   -out serverBcert.pem -days 365
+
+cat serverBcert.pem rootB.pem > serverB.pem
+
+openssl x509 -subject -issuer -noout -in serverB.pem

src/deps/src/luasec/samples/chain/client.lua

@@ -0,0 +1,36 @@
+--
+-- Public domain
+--
+local socket = require("socket")
+local ssl    = require("ssl")
+local util   = require("util") 
+
+local params = {
+   mode = "client",
+   protocol = "tlsv1_2",
+   key = "../certs/clientAkey.pem",
+   certificate = "../certs/clientA.pem",
+   cafile = "../certs/rootA.pem",
+   verify = {"peer", "fail_if_no_peer_cert"},
+   options = "all",
+}
+
+local conn = socket.tcp()
+conn:connect("127.0.0.1", 8888)
+
+conn = assert( ssl.wrap(conn, params) )
+assert(conn:dohandshake())
+
+util.show( conn:getpeercertificate() )
+
+print("----------------------------------------------------------------------")
+
+for k, cert in ipairs( conn:getpeerchain() ) do
+  util.show(cert)
+end
+
+local cert = conn:getpeercertificate()
+print( cert )
+print( cert:pem() )
+
+conn:close()

src/deps/src/luasec/samples/chain/server.lua

@@ -0,0 +1,72 @@
+--
+-- Public domain
+--
+local socket = require("socket")
+local ssl    = require("ssl")
+local util   = require("util")
+
+local params = {
+   mode = "server",
+   protocol = "any",
+   key = "../certs/serverAkey.pem",
+   certificate = "../certs/serverA.pem",
+   cafile = "../certs/rootA.pem",
+   verify = {"peer", "fail_if_no_peer_cert"},
+   options = "all",
+}
+
+local ctx = assert(ssl.newcontext(params))
+
+local server = socket.tcp()
+server:setoption('reuseaddr', true)
+assert( server:bind("127.0.0.1", 8888) )
+server:listen()
+
+local conn = server:accept()
+
+conn = assert( ssl.wrap(conn, ctx) )
+assert( conn:dohandshake() )
+
+util.show( conn:getpeercertificate() )
+
+print("----------------------------------------------------------------------")
+
+local expectedpeerchain = { "../certs/clientAcert.pem", "../certs/rootA.pem" }
+
+local peerchain = conn:getpeerchain()
+assert(#peerchain == #expectedpeerchain)
+for k, cert in ipairs( peerchain ) do
+  util.show(cert)
+  local expectedpem = assert(io.open(expectedpeerchain[k])):read("*a")
+  assert(cert:pem() == expectedpem, "peer chain mismatch @ "..tostring(k))
+end
+
+local expectedlocalchain = { "../certs/serverAcert.pem" }
+
+local localchain = assert(conn:getlocalchain())
+assert(#localchain == #expectedlocalchain)
+for k, cert in ipairs( localchain ) do
+  util.show(cert)
+  local expectedpem = assert(io.open(expectedlocalchain[k])):read("*a")
+  assert(cert:pem() == expectedpem, "local chain mismatch @ "..tostring(k))
+  if k == 1 then
+    assert(cert:pem() == conn:getlocalcertificate():pem())
+  end
+end
+
+local f = io.open(params.certificate)
+local str = f:read("*a")
+f:close()
+
+util.show( ssl.loadcertificate(str) )
+
+print("----------------------------------------------------------------------")
+local cert = conn:getpeercertificate()
+print( cert )
+print( cert:digest() )
+print( cert:digest("sha1") )
+print( cert:digest("sha256") )
+print( cert:digest("sha512") )
+
+conn:close()
+server:close()

src/deps/src/luasec/samples/chain/util.lua

@@ -0,0 +1,22 @@
+local print  = print
+local ipairs = ipairs
+
+local _ENV = {}
+
+function _ENV.show(cert)
+  print("Serial:", cert:serial())
+  print("NotBefore:", cert:notbefore())
+  print("NotAfter:", cert:notafter())
+  print("--- Issuer ---")
+  for k, v in ipairs(cert:issuer()) do
+    print(v.name .. " = " .. v.value)
+  end
+
+  print("--- Subject ---")
+  for k, v in ipairs(cert:subject()) do
+    print(v.name .. " = " .. v.value)
+  end
+  print("----------------------------------------------------------------------")
+end
+
+return _ENV

src/deps/src/luasec/samples/curve-negotiation/client.lua

@@ -0,0 +1,28 @@
+--
+-- Public domain
+--
+local socket = require("socket")
+local ssl    = require("ssl")
+
+local params = {
+   mode = "client",
+   protocol = "any",
+   key = "../certs/clientAkey.pem",
+   certificate = "../certs/clientA.pem",
+   cafile = "../certs/rootA.pem",
+   verify = {"peer", "fail_if_no_peer_cert"},
+   options = {"all"},
+   --
+   curve = "P-256:P-384",
+}
+
+local peer = socket.tcp()
+peer:connect("127.0.0.1", 8888)
+
+-- [[ SSL wrapper
+peer = assert( ssl.wrap(peer, params) )
+assert(peer:dohandshake())
+--]]
+
+print(peer:receive("*l"))
+peer:close()

src/deps/src/luasec/samples/curve-negotiation/server.lua

@@ -0,0 +1,37 @@
+--
+-- Public domain
+--
+local socket = require("socket")
+local ssl    = require("ssl")
+
+local params = {
+   mode = "server",
+   protocol = "any",
+   key = "../certs/serverAkey.pem",
+   certificate = "../certs/serverA.pem",
+   cafile = "../certs/rootA.pem",
+   verify = {"peer", "fail_if_no_peer_cert"},
+   options = {"all"},
+   --
+   curve = "P-384:P-256:P-521",
+}
+
+
+-- [[ SSL context
+local ctx = assert(ssl.newcontext(params))
+--]]
+
+local server = socket.tcp()
+server:setoption('reuseaddr', true)
+assert( server:bind("127.0.0.1", 8888) )
+server:listen()
+
+local peer = server:accept()
+
+-- [[ SSL wrapper
+peer = assert( ssl.wrap(peer, ctx) )
+assert( peer:dohandshake() )
+--]]
+
+peer:send("oneshot with curve negotiation test\n")
+peer:close()

src/deps/src/luasec/samples/dane/client.lua

@@ -0,0 +1,40 @@
+
+local socket = require "socket";
+local ssl = require "ssl";
+
+local dns = require "lunbound".new();
+
+
+local cfg = {
+	protocol = "tlsv1_2",
+	mode = "client",
+	ciphers = "DEFAULT",
+	capath = "/etc/ssl/certs",
+	verify = "peer",
+	dane = true,
+};
+
+local function daneconnect(host, port)
+   port = port or "443";
+	local conn = ssl.wrap(socket.connect(host, port), cfg);
+
+	local tlsa = dns:resolve("_" .. port .. "._tcp." .. host, 52);
+	assert(tlsa.secure, "Insecure DNS");
+
+	assert(conn:setdane(host));
+	for i = 1, tlsa.n do
+		local usage, selector, mtype = tlsa[i] :byte(1, 3);
+		assert(conn:settlsa(usage, selector, mtype, tlsa[i] :sub(4, - 1)));
+	end
+
+	assert(conn:dohandshake());
+	return conn;
+end
+
+if not ... then
+   print("Usage: client.lua example.com [port]");
+   return os.exit(1);
+end
+local conn = daneconnect(...);
+
+print(conn:getpeerverification());

src/deps/src/luasec/samples/dhparam/client.lua

@@ -0,0 +1,27 @@
+--
+-- Public domain
+--
+local socket = require("socket")
+local ssl    = require("ssl")
+
+local params = {
+   mode = "client",
+   protocol = "any",
+   key = "../certs/clientAkey.pem",
+   certificate = "../certs/clientA.pem",
+   cafile = "../certs/rootA.pem",
+   verify = {"peer", "fail_if_no_peer_cert"},
+   options = "all",
+   ciphers = "EDH+AESGCM"
+}
+
+local peer = socket.tcp()
+peer:connect("127.0.0.1", 8888)
+
+-- [[ SSL wrapper
+peer = assert( ssl.wrap(peer, params) )
+assert(peer:dohandshake())
+--]]
+
+print(peer:receive("*l"))
+peer:close()

src/deps/src/luasec/samples/dhparam/params.sh

@@ -0,0 +1,4 @@
+#!/usr/bin/env sh
+
+openssl dhparam -2 -out dh-512.pem  -outform PEM 512
+openssl dhparam -2 -out dh-1024.pem -outform PEM 1024

src/deps/src/luasec/samples/dhparam/server.lua

@@ -0,0 +1,62 @@
+--
+-- Public domain
+--
+local socket = require("socket")
+local ssl    = require("ssl")
+
+local function readfile(filename)
+  local fd = assert(io.open(filename))
+  local dh = fd:read("*a")
+  fd:close()
+  return dh
+end
+
+local function dhparam_cb(export, keylength)
+  print("---")
+  print("DH Callback")
+  print("Export", export)
+  print("Key length", keylength)
+  print("---")
+  local filename
+  if keylength == 512 then
+    filename = "dh-512.pem"
+  elseif keylength == 1024 then
+    filename = "dh-1024.pem"
+  else
+    -- No key
+    return nil
+  end
+  return readfile(filename)
+end
+
+local params = {
+   mode = "server",
+   protocol = "any",
+   key = "../certs/serverAkey.pem",
+   certificate = "../certs/serverA.pem",
+   cafile = "../certs/rootA.pem",
+   verify = {"peer", "fail_if_no_peer_cert"},
+   options = "all",
+   dhparam = dhparam_cb,
+   ciphers = "EDH+AESGCM"
+}
+
+
+-- [[ SSL context
+local ctx = assert(ssl.newcontext(params))
+--]]
+
+local server = socket.tcp()
+server:setoption('reuseaddr', true)
+assert( server:bind("127.0.0.1", 8888) )
+server:listen()
+
+local peer = server:accept()
+
+-- [[ SSL wrapper
+peer = assert( ssl.wrap(peer, ctx) )
+assert( peer:dohandshake() )
+--]]
+
+peer:send("oneshot test\n")
+peer:close()

src/deps/src/luasec/samples/digest/client.lua

@@ -0,0 +1,26 @@
+--
+-- Public domain
+--
+local socket = require("socket")
+local ssl    = require("ssl")
+
+local params = {
+   mode = "client",
+   protocol = "tlsv1_2",
+   key = "../certs/clientAkey.pem",
+   certificate = "../certs/clientA.pem",
+   cafile = "../certs/rootA.pem",
+   verify = {"peer", "fail_if_no_peer_cert"},
+   options = "all",
+}
+
+local peer = socket.tcp()
+peer:connect("127.0.0.1", 8888)
+
+-- [[ SSL wrapper
+peer = assert( ssl.wrap(peer, params) )
+assert(peer:dohandshake())
+--]]
+
+print(peer:receive("*l"))
+peer:close()

src/deps/src/luasec/samples/digest/server.lua

@@ -0,0 +1,44 @@
+--
+-- Public domain
+--
+local socket = require("socket")
+local ssl    = require("ssl")
+
+local params = {
+   mode = "server",
+   protocol = "any",
+   key = "../certs/serverAkey.pem",
+   certificate = "../certs/serverA.pem",
+   cafile = "../certs/rootA.pem",
+   verify = {"peer", "fail_if_no_peer_cert"},
+   options = "all",
+}
+
+
+-- [[ SSL context
+local ctx = assert(ssl.newcontext(params))
+--]]
+
+local server = socket.tcp()
+server:setoption('reuseaddr', true)
+assert( server:bind("127.0.0.1", 8888) )
+server:listen()
+
+local peer = server:accept()
+
+-- [[ SSL wrapper
+peer = assert( ssl.wrap(peer, ctx) )
+assert( peer:dohandshake() )
+--]]
+
+local cert = peer:getpeercertificate()
+local sha1   = cert:digest("sha1")
+local sha256 = cert:digest("sha256")
+local sha512 = cert:digest("sha512")
+
+print("SHA1",   sha1)
+print("SHA256", sha256)
+print("SHA512", sha512)
+
+peer:send("oneshot test\n")
+peer:close()

src/deps/src/luasec/samples/ecdh/client.lua

@@ -0,0 +1,33 @@
+--
+-- Public domain
+--
+local socket = require("socket")
+local ssl    = require("ssl")
+
+local params = {
+   mode = "client",
+   protocol = "tlsv1_2",
+   key = "../certs/clientAkey.pem",
+   certificate = "../certs/clientA.pem",
+   cafile = "../certs/rootA.pem",
+   verify = {"peer", "fail_if_no_peer_cert"},
+   options = "all",
+   --
+   curve = "secp384r1",
+}
+
+--------------------------------------------------------------------------------
+local peer = socket.tcp()
+peer:connect("127.0.0.1", 8888)
+
+peer = assert( ssl.wrap(peer, params) )
+assert(peer:dohandshake())
+
+print("--- INFO  ---")
+local info = peer:info()
+for k, v in pairs(info) do
+  print(k, v)
+end
+print("---")
+
+peer:close()

src/deps/src/luasec/samples/ecdh/server.lua

@@ -0,0 +1,40 @@
+--
+-- Public domain
+--
+local socket = require("socket")
+local ssl    = require("ssl")
+
+local params = {
+   mode = "server",
+   protocol = "any",
+   key = "../certs/serverAkey.pem",
+   certificate = "../certs/serverA.pem",
+   cafile = "../certs/rootA.pem",
+   verify = {"peer", "fail_if_no_peer_cert"},
+   options = "all",
+   --
+   curve = "secp384r1",
+}
+
+------------------------------------------------------------------------------
+local ctx = assert(ssl.newcontext(params))
+
+local server = socket.tcp()
+server:setoption('reuseaddr', true)
+assert( server:bind("127.0.0.1", 8888) )
+server:listen()
+
+local peer = server:accept()
+
+peer = assert( ssl.wrap(peer, ctx) )
+assert( peer:dohandshake() )
+
+print("--- INFO ---")
+local info = peer:info()
+for k, v in pairs(info) do
+  print(k, v)
+end
+print("---")
+
+peer:close()
+server:close()

src/deps/src/luasec/samples/info/client.lua

@@ -0,0 +1,26 @@
+--
+-- Public domain
+--
+local socket = require("socket")
+local ssl    = require("ssl")
+
+local params = {
+   mode = "client",
+   protocol = "tlsv1_2",
+   key = "../certs/clientAkey.pem",
+   certificate = "../certs/clientA.pem",
+   cafile = "../certs/rootA.pem",
+   verify = {"peer", "fail_if_no_peer_cert"},
+   options = "all",
+}
+
+local peer = socket.tcp()
+peer:connect("127.0.0.1", 8888)
+
+-- [[ SSL wrapper
+peer = assert( ssl.wrap(peer, params) )
+assert(peer:dohandshake())
+--]]
+
+print(peer:receive("*l"))
+peer:close()

src/deps/src/luasec/samples/info/server.lua

@@ -0,0 +1,48 @@
+--
+-- Public domain
+--
+local socket = require("socket")
+local ssl    = require("ssl")
+
+local params = {
+   mode = "server",
+   protocol = "any",
+   key = "../certs/serverAkey.pem",
+   certificate = "../certs/serverA.pem",
+   cafile = "../certs/rootA.pem",
+   verify = {"peer", "fail_if_no_peer_cert"},
+   options = "all",
+}
+
+
+-- [[ SSL context
+local ctx = assert(ssl.newcontext(params))
+--]]
+
+local server = socket.tcp()
+server:setoption('reuseaddr', true)
+assert( server:bind("127.0.0.1", 8888) )
+server:listen()
+
+local peer = server:accept()
+
+-- [[ SSL wrapper
+peer = assert( ssl.wrap(peer, ctx) )
+
+-- Before handshake: nil
+print( peer:info() )
+
+assert( peer:dohandshake() )
+--]]
+
+print("---")
+local info = peer:info()
+for k, v in pairs(info) do
+  print(k, v)
+end
+
+print("---")
+print("-> Compression", peer:info("compression"))
+
+peer:send("oneshot test\n")
+peer:close()

src/deps/src/luasec/samples/key/genkey.sh

@@ -0,0 +1,3 @@
+#!/usr/bin/env sh
+
+openssl genrsa -des3 -out key.pem -passout pass:foobar 2048

src/deps/src/luasec/samples/key/loadkey.lua

@@ -0,0 +1,29 @@
+--
+-- Public domain
+--
+local ssl = require("ssl")
+
+local pass = "foobar"
+local cfg = {
+  protocol = "tlsv1",
+  mode = "client",
+  key = "key.pem",
+}
+
+-- Shell
+print(string.format("*** Hint: password is '%s' ***", pass))
+ctx, err = ssl.newcontext(cfg)
+assert(ctx, err)
+print("Shell: ok")
+
+-- Text password
+cfg.password = pass
+ctx, err = ssl.newcontext(cfg)
+assert(ctx, err)
+print("Text: ok")
+
+-- Callback
+cfg.password = function() return pass end
+ctx, err = ssl.newcontext(cfg)
+assert(ctx, err)
+print("Callback: ok")

src/deps/src/luasec/samples/loop-gc/client.lua

@@ -0,0 +1,27 @@
+--
+-- Public domain
+--
+local socket = require("socket")
+local ssl    = require("ssl")
+
+local params = {
+   mode = "client",
+   protocol = "tlsv1_2",
+   key = "../certs/clientAkey.pem",
+   certificate = "../certs/clientA.pem",
+   cafile = "../certs/rootA.pem",
+   verify = {"peer", "fail_if_no_peer_cert"},
+   options = "all",
+}
+
+while true do
+   local peer = socket.tcp()
+   assert( peer:connect("127.0.0.1", 8888) )
+
+   -- [[ SSL wrapper
+   peer = assert( ssl.wrap(peer, params) )
+   assert( peer:dohandshake() )
+   --]]
+
+   print(peer:receive("*l"))
+end

src/deps/src/luasec/samples/loop-gc/server.lua

@@ -0,0 +1,35 @@
+--
+-- Public domain
+--
+local socket = require("socket")
+local ssl    = require("ssl")
+
+local params = {
+   mode = "server",
+   protocol = "any",
+   key = "../certs/serverAkey.pem",
+   certificate = "../certs/serverA.pem",
+   cafile = "../certs/rootA.pem",
+   verify = {"peer", "fail_if_no_peer_cert"},
+   options = "all",
+}
+
+-- [[ SSL context 
+local ctx = assert( ssl.newcontext(params) )
+--]]
+
+local server = socket.tcp()
+server:setoption('reuseaddr', true)
+assert( server:bind("127.0.0.1", 8888) )
+server:listen()
+
+while true do
+   local peer = server:accept()
+ 
+   -- [[ SSL wrapper
+   peer = assert( ssl.wrap(peer, ctx) )
+   assert( peer:dohandshake() )
+   --]]
+
+   peer:send("loop test\n")
+end

src/deps/src/luasec/samples/loop/client.lua

@@ -0,0 +1,30 @@
+--
+-- Public domain
+--
+local socket = require("socket")
+local ssl    = require("ssl")
+
+local params = {
+   mode = "client",
+   protocol = "tlsv1_2",
+   key = "../certs/clientAkey.pem",
+   certificate = "../certs/clientA.pem",
+   cafile = "../certs/rootA.pem",
+   verify = {"peer", "fail_if_no_peer_cert"},
+   options = "all",
+}
+
+while true do
+   local peer = socket.tcp()
+   assert( peer:connect("127.0.0.1", 8888) )
+
+   -- [[ SSL wrapper
+   peer = assert( ssl.wrap(peer, params) )
+   assert( peer:dohandshake() )
+   --]]
+
+   peer:getpeercertificate():extensions()
+
+   print(peer:receive("*l"))
+   peer:close()
+end

src/deps/src/luasec/samples/loop/server.lua

@@ -0,0 +1,36 @@
+--
+-- Public domain
+--
+local socket = require("socket")
+local ssl    = require("ssl")
+
+local params = {
+   mode = "server",
+   protocol = "any",
+   key = "../certs/serverAkey.pem",
+   certificate = "../certs/serverA.pem",
+   cafile = "../certs/rootA.pem",
+   verify = {"peer", "fail_if_no_peer_cert"},
+   options = "all",
+}
+
+-- [[ SSL context 
+local ctx = assert( ssl.newcontext(params) )
+--]]
+
+local server = socket.tcp()
+server:setoption('reuseaddr', true)
+assert( server:bind("127.0.0.1", 8888) )
+server:listen()
+
+while true do
+   local peer = server:accept()
+ 
+   -- [[ SSL wrapper
+   peer = assert( ssl.wrap(peer, ctx) )
+   assert( peer:dohandshake() )
+   --]]
+
+   peer:send("loop test\n")
+   peer:close()
+end

src/deps/src/luasec/samples/luaossl/client.lua

@@ -0,0 +1,40 @@
+--
+-- Public domain
+--
+local socket = require("socket")
+local ssl    = require("ssl")
+
+local pkey = require "openssl.pkey"
+local ssl_context = require "openssl.ssl.context"
+local x509 = require "openssl.x509"
+local x509_store = require "openssl.x509.store"
+
+local function read_file(path)
+	local file, err, errno = io.open(path, "rb")
+	if not file then
+		return nil, err, errno
+	end
+	local contents
+	contents, err, errno = file:read "*a"
+	file:close()
+	return contents, err, errno
+end
+
+local ctx = ssl_context.new("TLSv1_2", false)
+ctx:setPrivateKey(pkey.new(assert(read_file("../certs/clientAkey.pem"))))
+ctx:setCertificate(x509.new(assert(read_file("../certs/clientA.pem"))))
+local store = x509_store.new()
+store:add("../certs/rootA.pem")
+ctx:setStore(store)
+ctx:setVerify(ssl_context.VERIFY_FAIL_IF_NO_PEER_CERT)
+
+local peer = socket.tcp()
+peer:connect("127.0.0.1", 8888)
+
+-- [[ SSL wrapper
+peer = assert( ssl.wrap(peer, ctx) )
+assert(peer:dohandshake())
+--]]
+
+print(peer:receive("*l"))
+peer:close()

src/deps/src/luasec/samples/luaossl/server.lua

@@ -0,0 +1,58 @@
+--
+-- Public domain
+--
+local socket = require("socket")
+local ssl    = require("ssl")
+
+local pkey = require "openssl.pkey"
+local ssl_context = require "openssl.ssl.context"
+local x509 = require "openssl.x509"
+local x509_store = require "openssl.x509.store"
+
+local function read_file(path)
+	local file, err, errno = io.open(path, "rb")
+	if not file then
+		return nil, err, errno
+	end
+	local contents
+	contents, err, errno = file:read "*a"
+	file:close()
+	return contents, err, errno
+end
+
+local ctx = ssl_context.new("TLSv1_2", true)
+ctx:setPrivateKey(pkey.new(assert(read_file("../certs/serverAkey.pem"))))
+ctx:setCertificate(x509.new(assert(read_file("../certs/serverA.pem"))))
+local store = x509_store.new()
+store:add("../certs/rootA.pem")
+ctx:setStore(store)
+ctx:setVerify(ssl_context.VERIFY_FAIL_IF_NO_PEER_CERT)
+
+
+local server = socket.tcp()
+server:setoption('reuseaddr', true)
+assert( server:bind("127.0.0.1", 8888) )
+server:listen()
+
+local peer = server:accept()
+
+-- [[ SSL wrapper
+peer = assert( ssl.wrap(peer, ctx) )
+
+-- Before handshake: nil
+print( peer:info() )
+
+assert( peer:dohandshake() )
+--]]
+
+print("---")
+local info = peer:info()
+for k, v in pairs(info) do
+  print(k, v)
+end
+
+print("---")
+print("-> Compression", peer:info("compression"))
+
+peer:send("oneshot test\n")
+peer:close()

src/deps/src/luasec/samples/multicert/client-ecdsa.lua

@@ -0,0 +1,29 @@
+--
+-- Public domain
+--
+local socket = require("socket")
+local ssl    = require("ssl")
+
+local params = {
+   mode        = "client",
+   protocol    = "tlsv1_2",
+   key         = "certs/clientECDSAkey.pem",
+   certificate = "certs/clientECDSA.pem",
+   verify      = "none",
+   options     = "all",
+   ciphers     = "ALL:!aRSA"
+}
+
+local peer = socket.tcp()
+peer:connect("127.0.0.1", 8888)
+
+-- [[ SSL wrapper
+peer = assert( ssl.wrap(peer, params) )
+assert(peer:dohandshake())
+--]]
+
+local i = peer:info()
+for k, v in pairs(i) do print(k, v) end
+
+print(peer:receive("*l"))
+peer:close()

src/deps/src/luasec/samples/multicert/client-rsa.lua

@@ -0,0 +1,29 @@
+--
+-- Public domain
+--
+local socket = require("socket")
+local ssl    = require("ssl")
+
+local params = {
+   mode        = "client",
+   protocol    = "tlsv1_2",
+   key         = "certs/clientRSAkey.pem",
+   certificate = "certs/clientRSA.pem",
+   verify      = "none",
+   options     = "all",
+   ciphers     = "ALL:!ECDSA"
+}
+
+local peer = socket.tcp()
+peer:connect("127.0.0.1", 8888)
+
+-- [[ SSL wrapper
+peer = assert( ssl.wrap(peer, params) )
+assert(peer:dohandshake())
+--]]
+
+local i = peer:info()
+for k, v in pairs(i) do print(k, v) end
+
+print(peer:receive("*l"))
+peer:close()

src/deps/src/luasec/samples/multicert/gencerts.sh

@@ -0,0 +1,13 @@
+#!/usr/bin/env sh
+
+mkdir -p certs
+
+openssl ecparam -name secp256r1 -genkey -out certs/serverECDSAkey.pem
+openssl req -new -config ../certs/serverA.cnf -extensions usr_cert -x509 -key certs/serverECDSAkey.pem -out certs/serverECDSA.pem -days 360 -batch
+
+openssl ecparam -name secp256r1 -genkey -out certs/clientECDSAkey.pem
+openssl req -config ../certs/clientA.cnf -extensions usr_cert -x509 -new -key certs/clientECDSAkey.pem -out certs/clientECDSA.pem -days 360 -batch
+
+openssl req -config ../certs/serverB.cnf -extensions usr_cert -x509 -new -newkey rsa:2048 -keyout certs/serverRSAkey.pem -out certs/serverRSA.pem -nodes -days 365 -batch
+
+openssl req -config ../certs/clientB.cnf -extensions usr_cert -x509 -new -newkey rsa:2048 -keyout certs/clientRSAkey.pem -out certs/clientRSA.pem -nodes -days 365 -batch

src/deps/src/luasec/samples/multicert/server.lua

@@ -0,0 +1,38 @@
+--
+-- Public domain
+--
+local socket = require("socket")
+local ssl    = require("ssl")
+
+local params = {
+   mode         = "server",
+   protocol     = "any",
+   certificates = { 
+      -- Comment line below and 'client-rsa' stop working
+      { certificate = "certs/serverRSA.pem",   key = "certs/serverRSAkey.pem"   },
+      -- Comment line below and 'client-ecdsa' stop working
+      { certificate = "certs/serverECDSA.pem", key = "certs/serverECDSAkey.pem" }
+   },
+   verify  = "none",
+   options = "all"
+}
+
+
+-- [[ SSL context
+local ctx = assert(ssl.newcontext(params))
+--]]
+
+local server = socket.tcp()
+server:setoption('reuseaddr', true)
+assert( server:bind("127.0.0.1", 8888) )
+server:listen()
+
+local peer = server:accept()
+
+-- [[ SSL wrapper
+peer = assert( ssl.wrap(peer, ctx) )
+assert( peer:dohandshake() )
+--]]
+
+peer:send("oneshot test\n")
+peer:close()

src/deps/src/luasec/samples/oneshot/client.lua

@@ -0,0 +1,26 @@
+--
+-- Public domain
+--
+local socket = require("socket")
+local ssl    = require("ssl")
+
+local params = {
+   mode = "client",
+   protocol = "tlsv1_2",
+   key = "../certs/clientAkey.pem",
+   certificate = "../certs/clientA.pem",
+   cafile = "../certs/rootA.pem",
+   verify = {"peer", "fail_if_no_peer_cert"},
+   options = "all",
+}
+
+local peer = socket.tcp()
+peer:connect("127.0.0.1", 8888)
+
+-- [[ SSL wrapper
+peer = assert( ssl.wrap(peer, params) )
+assert(peer:dohandshake())
+--]]
+
+print(peer:receive("*l"))
+peer:close()

src/deps/src/luasec/samples/oneshot/server.lua

@@ -0,0 +1,35 @@
+--
+-- Public domain
+--
+local socket = require("socket")
+local ssl    = require("ssl")
+
+local params = {
+   mode = "server",
+   protocol = "any",
+   key = "../certs/serverAkey.pem",
+   certificate = "../certs/serverA.pem",
+   cafile = "../certs/rootA.pem",
+   verify = {"peer", "fail_if_no_peer_cert"},
+   options = "all",
+}
+
+
+-- [[ SSL context
+local ctx = assert(ssl.newcontext(params))
+--]]
+
+local server = socket.tcp()
+server:setoption('reuseaddr', true)
+assert( server:bind("127.0.0.1", 8888) )
+server:listen()
+
+local peer = server:accept()
+
+-- [[ SSL wrapper
+peer = assert( ssl.wrap(peer, ctx) )
+assert( peer:dohandshake() )
+--]]
+
+peer:send("oneshot test\n")
+peer:close()

src/deps/src/luasec/samples/psk/client.lua

@@ -0,0 +1,41 @@
+--
+-- Public domain
+--
+local socket = require("socket")
+local ssl    = require("ssl")
+
+if not ssl.config.capabilities.psk then
+   print("[ERRO] PSK not available")
+   os.exit(1)
+end
+
+-- @param hint (nil | string)
+-- @param max_identity_len (number)
+-- @param max_psk_len (number)
+-- @return identity (string)
+-- @return PSK (string)
+local function pskcb(hint, max_identity_len, max_psk_len)
+   print(string.format("PSK Callback: hint=%q, max_identity_len=%d, max_psk_len=%d", hint, max_identity_len, max_psk_len))
+   return "abcd", "1234"
+end
+
+local params = {
+   mode = "client",
+   protocol = "tlsv1_2",
+   psk = pskcb,
+}
+
+local peer = socket.tcp()
+peer:connect("127.0.0.1", 8888)
+
+peer = assert( ssl.wrap(peer, params) )
+assert(peer:dohandshake())
+
+print("--- INFO ---")
+local info = peer:info()
+for k, v in pairs(info) do
+   print(k, v)
+end
+print("---")
+
+peer:close()

src/deps/src/luasec/samples/psk/server.lua

@@ -0,0 +1,60 @@
+--
+-- Public domain
+--
+local socket = require("socket")
+local ssl    = require("ssl")
+
+if not ssl.config.capabilities.psk then
+   print("[ERRO] PSK not available")
+   os.exit(1)
+end
+
+-- @param identity (string)
+-- @param max_psk_len (number)
+-- @return psk (string)
+local function pskcb(identity, max_psk_len)
+   print(string.format("PSK Callback: identity=%q, max_psk_len=%d", identity, max_psk_len))
+   if identity == "abcd" then
+     return "1234"
+  end
+  return nil
+end
+
+local params = {
+   mode = "server",
+   protocol = "any",
+   options = "all",
+
+-- PSK with just a callback
+   psk = pskcb,
+
+-- PSK with identity hint
+--   psk = {
+--      hint = "hintpsksample",
+--      callback = pskcb,
+--   },
+}
+
+
+-- [[ SSL context
+local ctx = assert(ssl.newcontext(params))
+--]]
+
+local server = socket.tcp()
+server:setoption('reuseaddr', true)
+assert( server:bind("127.0.0.1", 8888) )
+server:listen()
+
+local peer = server:accept()
+peer = assert( ssl.wrap(peer, ctx) )
+assert( peer:dohandshake() )
+
+print("--- INFO ---")
+local info = peer:info()
+for k, v in pairs(info) do
+   print(k, v)
+end
+print("---")
+
+peer:close()
+server:close()

src/deps/src/luasec/samples/sni/client.lua

@@ -0,0 +1,35 @@
+local socket = require("socket")
+local ssl    = require("ssl")
+
+local params = {
+  mode = "client",
+  protocol = "tlsv1_2",
+  key = "../certs/clientAkey.pem",
+  certificate = "../certs/clientA.pem",
+  cafile = "../certs/rootA.pem",
+  verify = "peer",
+  options = "all",
+}
+
+local conn = socket.tcp()
+conn:connect("127.0.0.1", 8888)
+
+-- TLS/SSL initialization
+conn = ssl.wrap(conn, params)
+
+-- Comment the lines to not send a name
+--conn:sni("servera.br")
+--conn:sni("serveraa.br")
+conn:sni("serverb.br")
+
+assert(conn:dohandshake())
+--
+local cert = conn:getpeercertificate()
+for k, v in pairs(cert:subject()) do
+  for i, j in pairs(v) do
+    print(i, j)
+  end
+end
+--
+print(conn:receive("*l"))
+conn:close()

src/deps/src/luasec/samples/sni/server.lua

@@ -0,0 +1,52 @@
+local socket = require("socket")
+local ssl    = require("ssl")
+
+local params01 = {
+  mode = "server",
+  protocol = "any",
+  key = "../certs/serverAkey.pem",
+  certificate = "../certs/serverA.pem",
+  cafile = "../certs/rootA.pem",
+  verify = "none",
+  options = "all",
+  ciphers = "ALL:!ADH:@STRENGTH",
+}
+
+local params02 = {
+  mode = "server",
+  protocol = "any",
+  key = "../certs/serverAAkey.pem",
+  certificate = "../certs/serverAA.pem",
+  cafile = "../certs/rootA.pem",
+  verify = "none",
+  options = "all",
+  ciphers = "ALL:!ADH:@STRENGTH",
+}
+
+--
+local ctx01 = ssl.newcontext(params01)
+local ctx02 = ssl.newcontext(params02)
+
+--
+local server = socket.tcp()
+server:setoption('reuseaddr', true)
+server:bind("127.0.0.1", 8888)
+server:listen()
+local conn = server:accept()
+--
+
+-- Default context (when client does not send a name) is ctx01
+conn = ssl.wrap(conn, ctx01)
+
+-- Configure the name map
+local sni_map = {
+  ["servera.br"]  = ctx01,
+  ["serveraa.br"] = ctx02,
+}
+
+conn:sni(sni_map, true)
+
+assert(conn:dohandshake())
+--
+conn:send("one line\n")
+conn:close()

src/deps/src/luasec/samples/verification/fail-string/client.lua

@@ -0,0 +1,29 @@
+--
+-- Public domain
+--
+local socket = require("socket")
+local ssl    = require("ssl")
+
+local params = {
+   mode = "client",
+   protocol = "tlsv1",
+   key = "../../certs/clientBkey.pem",
+   certificate = "../../certs/clientB.pem",
+   cafile = "../../certs/rootB.pem",
+   verify = "none",
+   options = "all",
+}
+
+local peer = socket.tcp()
+peer:connect("127.0.0.1", 8888)
+
+-- [[ SSL wrapper
+peer = assert( ssl.wrap(peer, params) )
+assert(peer:dohandshake())
+--]]
+
+local err, msg = peer:getpeerverification()
+print(err, msg)
+
+print(peer:receive("*l"))
+peer:close()

src/deps/src/luasec/samples/verification/fail-string/server.lua

@@ -0,0 +1,37 @@
+--
+-- Public domain
+--
+local socket = require("socket")
+local ssl    = require("ssl")
+
+local params = {
+   mode = "server",
+   protocol = "tlsv1",
+   key = "../../certs/serverAkey.pem",
+   certificate = "../../certs/serverA.pem",
+   cafile = "../../certs/rootA.pem",
+   verify = "none",
+   options = "all",
+}
+
+-- [[ SSL context
+local ctx = assert(ssl.newcontext(params))
+--]]
+
+local server = socket.tcp()
+server:setoption('reuseaddr', true)
+assert( server:bind("127.0.0.1", 8888) )
+server:listen()
+
+local peer = server:accept()
+
+-- [[ SSL wrapper
+peer = assert( ssl.wrap(peer, ctx) )
+assert( peer:dohandshake() )
+--]]
+
+local err, msg = peer:getpeerverification()
+print(err, msg)
+
+peer:send("oneshot test\n")
+peer:close()

src/deps/src/luasec/samples/verification/fail-table/client.lua

@@ -0,0 +1,39 @@
+--
+-- Public domain
+--
+local socket = require("socket")
+local ssl    = require("ssl")
+
+local params = {
+   mode = "client",
+   protocol = "tlsv1",
+   key = "../../certs/clientBkey.pem",
+   certificate = "../../certs/clientB.pem",
+   cafile = "../../certs/rootB.pem",
+   verify = {"peer", "fail_if_no_peer_cert"},
+   options = "all",
+   verifyext = "lsec_continue",
+}
+
+-- [[ SSL context
+local ctx = assert(ssl.newcontext(params))
+--]]
+
+local peer = socket.tcp()
+peer:connect("127.0.0.1", 8888)
+
+-- [[ SSL wrapper
+peer = assert( ssl.wrap(peer, ctx) )
+assert(peer:dohandshake())
+--]]
+
+local succ, errs = peer:getpeerverification()
+print(succ, errs)
+for i, err in pairs(errs) do
+  for j, msg in ipairs(err) do
+    print("depth = " .. i, "error = " .. msg)
+  end
+end
+
+print(peer:receive("*l"))
+peer:close()

src/deps/src/luasec/samples/verification/fail-table/server.lua

@@ -0,0 +1,43 @@
+--
+-- Public domain
+--
+local socket = require("socket")
+local ssl    = require("ssl")
+
+local params = {
+   mode = "server",
+   protocol = "tlsv1",
+   key = "../../certs/serverAkey.pem",
+   certificate = "../../certs/serverA.pem",
+   cafile = "../../certs/rootA.pem",
+   verify = {"peer", "fail_if_no_peer_cert"},
+   options = "all",
+   verifyext = {"lsec_continue", "crl_check", "crl_check_chain"},
+}
+
+-- [[ SSL context
+local ctx = assert(ssl.newcontext(params))
+--]]
+
+local server = socket.tcp()
+server:setoption('reuseaddr', true)
+assert( server:bind("127.0.0.1", 8888) )
+server:listen()
+
+local peer = server:accept()
+
+-- [[ SSL wrapper
+peer = assert( ssl.wrap(peer, ctx) )
+assert( peer:dohandshake() )
+--]]
+
+local succ, errs = peer:getpeerverification()
+print(succ, errs)
+for i, err in pairs(errs) do
+  for j, msg in ipairs(err) do
+    print("depth = " .. i, "error = " .. msg)
+  end
+end
+
+peer:send("oneshot test\n")
+peer:close()

src/deps/src/luasec/samples/verification/success/client.lua

@@ -0,0 +1,29 @@
+--
+-- Public domain
+--
+local socket = require("socket")
+local ssl    = require("ssl")
+
+local params = {
+   mode = "client",
+   protocol = "tlsv1",
+   key = "../../certs/clientAkey.pem",
+   certificate = "../../certs/clientA.pem",
+   cafile = "../../certs/rootA.pem",
+   verify = {"peer", "fail_if_no_peer_cert"},
+   options = "all",
+}
+
+local peer = socket.tcp()
+peer:connect("127.0.0.1", 8888)
+
+-- [[ SSL wrapper
+peer = assert( ssl.wrap(peer, params) )
+assert(peer:dohandshake())
+--]]
+
+local err, msg = peer:getpeerverification()
+print(err, msg)
+
+print(peer:receive("*l"))
+peer:close()

src/deps/src/luasec/samples/verification/success/server.lua

@@ -0,0 +1,38 @@
+--
+-- Public domain
+--
+local socket = require("socket")
+local ssl    = require("ssl")
+
+local params = {
+   mode = "server",
+   protocol = "tlsv1",
+   key = "../../certs/serverAkey.pem",
+   certificate = "../../certs/serverA.pem",
+   cafile = "../../certs/rootA.pem",
+   verify = {"peer", "fail_if_no_peer_cert"},
+   options = "all",
+}
+
+
+-- [[ SSL context
+local ctx = assert(ssl.newcontext(params))
+--]]
+
+local server = socket.tcp()
+server:setoption('reuseaddr', true)
+assert( server:bind("127.0.0.1", 8888) )
+server:listen()
+
+local peer = server:accept()
+
+-- [[ SSL wrapper
+peer = assert( ssl.wrap(peer, ctx) )
+assert( peer:dohandshake() )
+--]]
+
+local err, msg = peer:getpeerverification()
+print(err, msg)
+
+peer:send("oneshot test\n")
+peer:close()

src/deps/src/luasec/samples/verify/client.lua

@@ -0,0 +1,35 @@
+--
+-- Public domain
+--
+local socket = require("socket")
+local ssl    = require("ssl")
+
+local params = {
+   mode = "client",
+   protocol = "tlsv1_2",
+   key = "../certs/serverBkey.pem",
+   certificate = "../certs/serverB.pem",
+   cafile = "../certs/rootB.pem",
+   verify = {"peer", "fail_if_no_peer_cert"},
+   verifyext = {"lsec_continue", "lsec_ignore_purpose"},
+   options = "all",
+}
+
+local ctx = assert(ssl.newcontext(params))
+
+local peer = socket.tcp()
+peer:connect("127.0.0.1", 8888)
+
+peer = assert( ssl.wrap(peer, ctx) )
+assert(peer:dohandshake())
+
+local succ, errs = peer:getpeerverification()
+print(succ, errs)
+for i, err in pairs(errs) do
+  for j, msg in ipairs(err) do
+    print("depth = " .. i, "error = " .. msg)
+  end
+end
+
+print(peer:receive("*l"))
+peer:close()

src/deps/src/luasec/samples/verify/server.lua

@@ -0,0 +1,40 @@
+--
+-- Public domain
+--
+local socket = require("socket")
+local ssl    = require("ssl")
+
+local params = {
+   mode = "server",
+   protocol = "any",
+   key = "../certs/serverAkey.pem",
+   certificate = "../certs/serverA.pem",
+   cafile = "../certs/rootA.pem",
+   verify = {"peer", "fail_if_no_peer_cert"},
+   verifyext = {"lsec_continue", "lsec_ignore_purpose"},
+   options = "all",
+}
+
+
+local ctx = assert(ssl.newcontext(params))
+
+local server = socket.tcp()
+server:setoption('reuseaddr', true)
+assert( server:bind("127.0.0.1", 8888) )
+server:listen()
+
+local peer = server:accept()
+
+peer = assert( ssl.wrap(peer, ctx) )
+assert( peer:dohandshake() )
+
+local succ, errs = peer:getpeerverification()
+print(succ, errs)
+for i, err in pairs(errs) do
+  for j, msg in ipairs(err) do
+    print("depth = " .. i, "error = " .. msg)
+  end
+end
+
+peer:send("oneshot test\n")
+peer:close()

src/deps/src/luasec/samples/want/client.lua

@@ -0,0 +1,66 @@
+--
+-- Test the conn:want() function
+--
+-- Public domain
+--
+local socket = require("socket")
+local ssl    = require("ssl")
+
+local params = {
+   mode = "client",
+   protocol = "tlsv1_2",
+   key = "../certs/clientAkey.pem",
+   certificate = "../certs/clientA.pem",
+   cafile = "../certs/rootA.pem",
+   verify = {"peer", "fail_if_no_peer_cert"},
+   options = "all",
+}
+
+-- Wait until socket is ready (for reading or writing)
+local function wait(peer)
+   -- What event blocked us?
+   local err
+   if peer.want then  -- Is it an SSL connection?
+     err = peer:want()
+     print("Want? ", err)
+   else
+     -- No, it's a normal TCP connection...
+     err = "timeout"
+   end
+
+   if err == "read" or err == "timeout" then
+      socket.select({peer}, nil)
+   elseif err == "write" then
+      socket.select(nil, {peer})
+   else
+      peer:close()
+      os.exit(1)
+   end
+end
+
+-- Start the TCP connection
+local peer = socket.tcp()
+assert( peer:connect("127.0.0.1", 8888) )
+
+-- [[ SSL wrapper
+peer = assert( ssl.wrap(peer, params) )
+peer:settimeout(0.3)
+local succ = peer:dohandshake()
+while not succ do
+   wait(peer)
+   succ = peer:dohandshake()
+end
+print("** Handshake done")
+--]]
+
+-- If the section above is commented, the timeout is not set.
+-- We set it again for safetiness.
+peer:settimeout(0.3)
+
+-- Try to receive a line
+local str = peer:receive("*l")
+while not str do
+   wait(peer)
+   str = peer:receive("*l")
+end
+peer:close()

src/deps/src/luasec/samples/want/server.lua

@@ -0,0 +1,43 @@
+--
+-- Public domain
+--
+local socket = require("socket")
+local ssl    = require("ssl")
+
+local params = {
+   mode = "server",
+   protocol = "any",
+   key = "../certs/serverAkey.pem",
+   certificate = "../certs/serverA.pem",
+   cafile = "../certs/rootA.pem",
+   verify = {"peer", "fail_if_no_peer_cert"},
+   options = "all",
+}
+
+-- [[ SSL context
+local ctx = assert(ssl.newcontext(params))
+--]]
+
+local server = socket.tcp()
+server:setoption('reuseaddr', true)
+assert( server:bind("127.0.0.1", 8888) )
+server:listen()
+
+local peer = server:accept()
+
+-- [[ SSL wrapper
+peer = assert( ssl.wrap(peer, ctx) )
+socket.sleep(2) -- force the timeout in the client dohandshake()
+assert( peer:dohandshake() )
+--]]
+
+for i = 1, 10 do
+   local v = tostring(i)
+   io.write(v)
+   io.flush()
+   peer:send(v)
+   socket.sleep(1) -- force the timeout in the client receive()
+end
+io.write("\n")
+peer:send("\n")
+peer:close()

src/deps/src/luasec/samples/wantread/client.lua

@@ -0,0 +1,55 @@
+--
+-- Public domain
+--
+local socket = require("socket")
+local ssl    = require("ssl")
+
+local params = {
+   mode = "client",
+   protocol = "tlsv1_2",
+   key = "../certs/clientAkey.pem",
+   certificate = "../certs/clientA.pem",
+   cafile = "../certs/rootA.pem",
+   verify = {"peer", "fail_if_no_peer_cert"},
+   options = "all",
+}
+
+
+local function wait(peer, err)
+   if err == "timeout" or err == "wantread" then
+      socket.select({peer}, nil)
+   elseif err == "wantwrite" then
+      socket.select(nil, {peer})
+   else
+      peer:close()
+      os.exit(1)
+   end
+end
+
+
+local peer = socket.tcp()
+assert( peer:connect("127.0.0.1", 8888) )
+
+-- [[ SSL wrapper
+peer = assert( ssl.wrap(peer, params) )
+peer:settimeout(0.3)
+local succ, err = peer:dohandshake()
+while not succ do
+   print("handshake", err)
+   wait(peer, err)
+   succ, err = peer:dohandshake()
+end
+print("** Handshake done")
+--]]
+
+-- If the section above is commented, the timeout is not set.
+-- We set it again for safetiness.
+peer:settimeout(0.3)  
+
+local str, err, part = peer:receive("*l")
+while not str do
+   print(part, err)
+   wait(peer, err)
+   str, err, part = peer:receive("*l")
+end
+peer:close()

src/deps/src/luasec/samples/wantread/server.lua

@@ -0,0 +1,45 @@
+-- 
+-- Test the conn:want() function.
+--
+-- Public domain
+--
+local socket = require("socket")
+local ssl    = require("ssl")
+
+local params = {
+   mode = "server",
+   protocol = "any",
+   key = "../certs/serverAkey.pem",
+   certificate = "../certs/serverA.pem",
+   cafile = "../certs/rootA.pem",
+   verify = {"peer", "fail_if_no_peer_cert"},
+   options = "all",
+}
+
+-- [[ SSL context
+local ctx = assert(ssl.newcontext(params))
+--]]
+
+local server = socket.tcp()
+server:setoption('reuseaddr', true)
+assert( server:bind("127.0.0.1", 8888) )
+server:listen()
+
+local peer = server:accept()
+
+-- [[ SSL wrapper
+peer = assert( ssl.wrap(peer, ctx) )
+socket.sleep(2) -- force the timeout in the client dohandshake()
+assert( peer:dohandshake() )
+--]]
+
+for i = 1, 10 do
+   local v = tostring(i)
+   io.write(v)
+   io.flush()
+   peer:send(v)
+   socket.sleep(1) -- force the timeout in the client receive()
+end
+io.write("\n")
+peer:send("\n")
+peer:close()

src/deps/src/luasec/samples/wantwrite/client.lua

@@ -0,0 +1,49 @@
+--
+-- Public domain
+--
+local socket = require("socket")
+local ssl    = require("ssl")
+
+local params = {
+   mode = "client",
+   protocol = "tlsv1_2",
+   key = "../certs/clientAkey.pem",
+   certificate = "../certs/clientA.pem",
+   cafile = "../certs/rootA.pem",
+   verify = {"peer", "fail_if_no_peer_cert"},
+   options = "all",
+}
+
+local function wait(peer, err)
+   if err == "wantread" then
+      socket.select({peer}, nil)
+   elseif err == "timeout" or err == "wantwrite" then
+      socket.select(nil, {peer})
+   else
+      peer:close()
+      os.exit(1)
+   end
+end
+
+
+local peer = socket.tcp()
+assert( peer:connect("127.0.0.1", 8888) )
+
+-- [[ SSL wrapper
+peer = assert( ssl.wrap(peer, params) )
+assert( peer:dohandshake() )
+--]]
+
+peer:settimeout(0.3)
+
+local str = "a rose is a rose is a rose is a...\n"
+while true do
+   print("Sending...")
+   local succ, err = peer:send(str)
+   while succ do
+      succ, err = peer:send(str)
+   end
+   print("Waiting...", err)
+   wait(peer, err)
+end
+peer:close()

src/deps/src/luasec/samples/wantwrite/server.lua

@@ -0,0 +1,40 @@
+--
+-- Public domain
+--
+local socket = require("socket")
+local ssl    = require("ssl")
+
+print("Use Ctrl+S and Ctrl+Q to suspend and resume the server.")
+
+local params = {
+   mode = "server",
+   protocol = "any",
+   key = "../certs/serverAkey.pem",
+   certificate = "../certs/serverA.pem",
+   cafile = "../certs/rootA.pem",
+   verify = {"peer", "fail_if_no_peer_cert"},
+   options = "all",
+}
+
+
+-- [[ SSL context
+local ctx = assert(ssl.newcontext(params))
+--]]
+
+local server = socket.tcp()
+server:setoption('reuseaddr', true)
+assert( server:bind("127.0.0.1", 8888) )
+server:listen()
+
+local peer = server:accept()
+
+-- [[ SSL wrapper
+   peer = assert( ssl.wrap(peer, ctx) )
+   assert( peer:dohandshake() )
+--]]
+
+while true do
+   local str = peer:receive("*l")
+   print(str)
+end
+peer:close()

src/deps/src/luasec/src/Makefile

@@ -0,0 +1,66 @@
+CMOD=ssl.so
+LMOD=ssl.lua
+
+OBJS= \
+ options.o \
+ x509.o    \
+ context.o \
+ ssl.o     \
+ config.o  \
+ ec.o
+
+LIBS=-lssl -lcrypto -lluasocket
+
+WARN=-Wall -pedantic
+
+BSD_CFLAGS=-O2 -fPIC $(WARN) $(INCDIR) $(DEFS)
+BSD_LDFLAGS=-O -fPIC -shared $(LIBDIR)
+
+LNX_CFLAGS=-O2 -fPIC $(WARN) $(INCDIR) $(DEFS)
+LNX_LDFLAGS=-O -fPIC -shared $(LIBDIR)
+
+MAC_ENV=env MACOSX_DEPLOYMENT_TARGET='$(MACVER)'
+MAC_CFLAGS=-O2 -fno-common $(WARN) $(INCDIR) $(DEFS)
+MAC_LDFLAGS=-bundle -undefined dynamic_lookup $(LIBDIR)
+
+INSTALL  = install
+CC      ?= cc
+CCLD      ?= $(MYENV) $(CC)
+CFLAGS  += $(MYCFLAGS)
+LDFLAGS += $(MYLDFLAGS)
+
+.PHONY: all clean install none linux bsd macosx luasocket
+
+all:
+
+install: $(CMOD) $(LMOD)
+	$(INSTALL) -d $(DESTDIR)$(LUAPATH)/ssl $(DESTDIR)$(LUACPATH)
+	$(INSTALL) $(CMOD) $(DESTDIR)$(LUACPATH)
+	$(INSTALL) -m644 $(LMOD) $(DESTDIR)$(LUAPATH)
+	$(INSTALL) -m644 https.lua $(DESTDIR)$(LUAPATH)/ssl
+
+linux:
+	@$(MAKE) $(CMOD) MYCFLAGS="$(LNX_CFLAGS)" MYLDFLAGS="$(LNX_LDFLAGS)" EXTRA="$(EXTRA)"
+
+bsd:
+	@$(MAKE) $(CMOD) MYCFLAGS="$(BSD_CFLAGS)" MYLDFLAGS="$(BSD_LDFLAGS)" EXTRA="$(EXTRA)"
+
+macosx:
+	@$(MAKE) $(CMOD) MYCFLAGS="$(MAC_CFLAGS)" MYLDFLAGS="$(MAC_LDFLAGS)" MYENV="$(MAC_ENV)" EXTRA="$(EXTRA)"
+
+luasocket:
+	@cd luasocket && $(MAKE)
+
+$(CMOD): $(EXTRA) $(OBJS)
+	$(CCLD) $(LDFLAGS) -o $@ $(OBJS) $(LIBS)
+
+clean:
+	cd luasocket && $(MAKE) clean
+	rm -f $(OBJS) $(CMOD)
+
+options.o: options.h options.c
+ec.o: ec.c ec.h
+x509.o: x509.c x509.h compat.h
+context.o: context.c context.h ec.h compat.h options.h
+ssl.o: ssl.c ssl.h context.h x509.h compat.h
+config.o: config.c ec.h options.h compat.h

src/deps/src/luasec/src/compat.h

@@ -0,0 +1,63 @@
+/*--------------------------------------------------------------------------
+ * LuaSec 1.3.1
+ *
+ * Copyright (C) 2006-2023 Bruno Silvestre
+ *
+ *--------------------------------------------------------------------------*/
+
+#ifndef LSEC_COMPAT_H
+#define LSEC_COMPAT_H
+
+#include <openssl/ssl.h>
+
+//------------------------------------------------------------------------------
+
+#if defined(_WIN32)
+#define LSEC_API __declspec(dllexport) 
+#else
+#define LSEC_API extern
+#endif
+
+//------------------------------------------------------------------------------
+
+#if (LUA_VERSION_NUM == 501)
+
+#define luaL_testudata(L, ud, tname)  lsec_testudata(L, ud, tname)
+#define setfuncs(L, R)    luaL_register(L, NULL, R)
+#define lua_rawlen(L, i)  lua_objlen(L, i)
+
+#ifndef luaL_newlib
+#define luaL_newlib(L, R) do { lua_newtable(L); luaL_register(L, NULL, R); } while(0)
+#endif
+
+#else
+#define setfuncs(L, R) luaL_setfuncs(L, R, 0)
+#endif
+
+//------------------------------------------------------------------------------
+
+#if (!defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x1010000fL))
+#define LSEC_ENABLE_DANE
+#endif
+
+//------------------------------------------------------------------------------
+
+#if !((defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x2070000fL)) || (OPENSSL_VERSION_NUMBER < 0x1010000fL))
+#define LSEC_API_OPENSSL_1_1_0
+#endif
+
+//------------------------------------------------------------------------------
+
+#if !defined(LIBRESSL_VERSION_NUMBER) && ((OPENSSL_VERSION_NUMBER & 0xFFFFF000L) == 0x10101000L)
+#define LSEC_OPENSSL_1_1_1
+#endif
+
+//------------------------------------------------------------------------------
+
+#if !defined(LIBRESSL_VERSION_NUMBER) && !defined(OPENSSL_NO_PSK)
+#define LSEC_ENABLE_PSK
+#endif
+
+//------------------------------------------------------------------------------
+
+#endif

src/deps/src/luasec/src/config.c

@@ -0,0 +1,108 @@
+/*--------------------------------------------------------------------------
+ * LuaSec 1.3.1
+ *
+ * Copyright (C) 2006-2023 Bruno Silvestre
+ *
+ *--------------------------------------------------------------------------*/
+
+#include "compat.h"
+#include "options.h"
+#include "ec.h"
+
+/**
+ * Registre the module.
+ */
+LSEC_API int luaopen_ssl_config(lua_State *L)
+{
+  lsec_ssl_option_t *opt;
+
+  lua_newtable(L);
+
+  // Options
+  lua_pushstring(L, "options");
+  lua_newtable(L);
+  for (opt = lsec_get_ssl_options(); opt->name; opt++) {
+    lua_pushstring(L, opt->name);
+    lua_pushboolean(L, 1);
+    lua_rawset(L, -3);
+  }
+  lua_rawset(L, -3);
+
+  // Protocols
+  lua_pushstring(L, "protocols");
+  lua_newtable(L);
+
+  lua_pushstring(L, "tlsv1");
+  lua_pushboolean(L, 1);
+  lua_rawset(L, -3);
+  lua_pushstring(L, "tlsv1_1");
+  lua_pushboolean(L, 1);
+  lua_rawset(L, -3);
+  lua_pushstring(L, "tlsv1_2");
+  lua_pushboolean(L, 1);
+  lua_rawset(L, -3);
+#ifdef TLS1_3_VERSION
+  lua_pushstring(L, "tlsv1_3");
+  lua_pushboolean(L, 1);
+  lua_rawset(L, -3);
+#endif
+
+  lua_rawset(L, -3);
+
+  // Algorithms
+  lua_pushstring(L, "algorithms");
+  lua_newtable(L);
+
+#ifndef OPENSSL_NO_EC
+  lua_pushstring(L, "ec");
+  lua_pushboolean(L, 1);
+  lua_rawset(L, -3);
+#endif
+  lua_rawset(L, -3);
+ 
+  // Curves
+  lua_pushstring(L, "curves");
+  lsec_get_curves(L);
+  lua_rawset(L, -3);
+
+  // Capabilities
+  lua_pushstring(L, "capabilities");
+  lua_newtable(L);
+
+  // ALPN
+  lua_pushstring(L, "alpn");
+  lua_pushboolean(L, 1);
+  lua_rawset(L, -3);
+
+#ifdef LSEC_ENABLE_PSK
+  lua_pushstring(L, "psk");
+  lua_pushboolean(L, 1);
+  lua_rawset(L, -3);
+#endif
+
+#ifdef LSEC_ENABLE_DANE
+  // DANE
+  lua_pushstring(L, "dane");
+#ifdef DANE_FLAG_NO_DANE_EE_NAMECHECKS
+  lua_createtable(L, 0, 1);
+  lua_pushstring(L, "no_ee_namechecks");
+  lua_pushboolean(L, 1);
+  lua_rawset(L, -3);
+#else
+  lua_pushboolean(L, 1);
+#endif
+  lua_rawset(L, -3);
+#endif
+
+#ifndef OPENSSL_NO_EC
+  lua_pushstring(L, "curves_list");
+  lua_pushboolean(L, 1);
+  lua_rawset(L, -3);
+  lua_pushstring(L, "ecdh_auto");
+  lua_pushboolean(L, 1);
+  lua_rawset(L, -3);
+#endif
+  lua_rawset(L, -3);
+
+  return 1;
+}

src/deps/src/luasec/src/context.h

@@ -0,0 +1,47 @@
+#ifndef LSEC_CONTEXT_H
+#define LSEC_CONTEXT_H
+
+/*--------------------------------------------------------------------------
+ * LuaSec 1.3.1
+ *
+ * Copyright (C) 2006-2023 Bruno Silvestre
+ *
+ *--------------------------------------------------------------------------*/
+
+#include <lua.h>
+#include <openssl/ssl.h>
+
+#include "compat.h"
+
+#define LSEC_MODE_INVALID 0
+#define LSEC_MODE_SERVER  1
+#define LSEC_MODE_CLIENT  2
+
+#define LSEC_VERIFY_CONTINUE        1
+#define LSEC_VERIFY_IGNORE_PURPOSE  2
+
+typedef struct t_context_ {
+  SSL_CTX *context;
+  lua_State *L;
+  DH *dh_param;
+  void *alpn;
+  int mode;
+} t_context;
+typedef t_context* p_context;
+
+/* Retrieve the SSL context from the Lua stack */
+SSL_CTX *lsec_checkcontext(lua_State *L, int idx);
+SSL_CTX *lsec_testcontext(lua_State *L, int idx);
+
+/* Retrieve the mode from the context in the Lua stack */
+int lsec_getmode(lua_State *L, int idx);
+
+/* Registre the module. */
+LSEC_API int luaopen_ssl_context(lua_State *L);
+
+/* Compat - Lua 5.1 */
+#if (LUA_VERSION_NUM == 501)
+void *lsec_testudata (lua_State *L, int ud, const char *tname);
+#endif
+
+#endif

src/deps/src/luasec/src/ec.c

@@ -0,0 +1,116 @@
+/*--------------------------------------------------------------------------
+ * LuaSec 1.3.1
+ *
+ * Copyright (C) 2006-2023 Bruno Silvestre
+ *
+ *--------------------------------------------------------------------------*/
+
+#include <openssl/objects.h>
+
+#include "ec.h"
+
+#ifndef OPENSSL_NO_EC
+
+EC_KEY *lsec_find_ec_key(lua_State *L, const char *str)
+{
+  int nid;
+  lua_pushstring(L, "SSL:EC:CURVES");
+  lua_rawget(L, LUA_REGISTRYINDEX);
+  lua_pushstring(L, str);
+  lua_rawget(L, -2);
+
+  if (!lua_isnumber(L, -1))
+    return NULL;
+
+  nid = (int)lua_tonumber(L, -1);
+  return EC_KEY_new_by_curve_name(nid);
+}
+
+void lsec_load_curves(lua_State *L)
+{
+  size_t i;
+  size_t size;
+  const char *name;
+  EC_builtin_curve *curves = NULL;
+
+  lua_pushstring(L, "SSL:EC:CURVES");
+  lua_newtable(L);
+
+  size = EC_get_builtin_curves(NULL, 0);
+  if (size > 0) {
+    curves = (EC_builtin_curve*)malloc(sizeof(EC_builtin_curve) * size);
+    EC_get_builtin_curves(curves, size);
+    for (i = 0; i < size; i++) {
+      name = OBJ_nid2sn(curves[i].nid);
+      if (name != NULL) {
+        lua_pushstring(L, name);
+        lua_pushnumber(L, curves[i].nid);
+        lua_rawset(L, -3);
+      }
+      switch (curves[i].nid) {
+      case NID_X9_62_prime256v1:
+        lua_pushstring(L, "P-256");
+        lua_pushnumber(L, curves[i].nid);
+        lua_rawset(L, -3);
+        break;
+      case NID_secp384r1:
+        lua_pushstring(L, "P-384");
+        lua_pushnumber(L, curves[i].nid);
+        lua_rawset(L, -3);
+        break;
+      case NID_secp521r1:
+        lua_pushstring(L, "P-521");
+        lua_pushnumber(L, curves[i].nid);
+        lua_rawset(L, -3);
+        break;
+      }
+    }
+    free(curves);
+  }
+
+  /* These are special so are manually added here */
+#ifdef NID_X25519
+  lua_pushstring(L, "X25519");
+  lua_pushnumber(L, NID_X25519);
+  lua_rawset(L, -3);
+#endif
+
+#ifdef NID_X448
+  lua_pushstring(L, "X448");
+  lua_pushnumber(L, NID_X448);
+  lua_rawset(L, -3);
+#endif
+
+  lua_rawset(L,  LUA_REGISTRYINDEX);
+}
+
+void lsec_get_curves(lua_State *L)
+{
+  lua_newtable(L);
+
+  lua_pushstring(L, "SSL:EC:CURVES");
+  lua_rawget(L, LUA_REGISTRYINDEX);
+
+  lua_pushnil(L);
+  while (lua_next(L, -2) != 0) {
+    lua_pop(L, 1);
+    lua_pushvalue(L, -1);
+    lua_pushboolean(L, 1);
+    lua_rawset(L, -5);
+  }
+  lua_pop(L, 1);
+}
+
+#else
+
+void lsec_load_curves(lua_State *L)
+{
+  // do nothing
+}
+
+void lsec_get_curves(lua_State *L)
+{
+  lua_newtable(L);
+}
+
+#endif

src/deps/src/luasec/src/ec.h

@@ -0,0 +1,22 @@
+/*--------------------------------------------------------------------------
+ * LuaSec 1.3.1
+ *
+ * Copyright (C) 2006-2023 Bruno Silvestre
+ *
+ *--------------------------------------------------------------------------*/
+
+#ifndef LSEC_EC_H
+#define LSEC_EC_H
+
+#include <lua.h>
+
+#ifndef OPENSSL_NO_EC
+#include <openssl/ec.h>
+
+EC_KEY *lsec_find_ec_key(lua_State *L, const char *str);
+#endif
+
+void lsec_get_curves(lua_State *L);
+void lsec_load_curves(lua_State *L);
+
+#endif

src/deps/src/luasec/src/https.lua

@@ -0,0 +1,147 @@
+----------------------------------------------------------------------------
+-- LuaSec 1.3.1
+--
+-- Copyright (C) 2009-2023 PUC-Rio
+--
+-- Author: Pablo Musa
+-- Author: Tomas Guisasola
+---------------------------------------------------------------------------
+
+local socket = require("socket")
+local ssl    = require("ssl")
+local ltn12  = require("ltn12")
+local http   = require("socket.http")
+local url    = require("socket.url")
+
+local try    = socket.try
+
+--
+-- Module
+--
+local _M = {
+  _VERSION   = "1.3.1",
+  _COPYRIGHT = "LuaSec 1.3.1 - Copyright (C) 2009-2023 PUC-Rio",
+  PORT       = 443,
+  TIMEOUT    = 60
+}
+
+-- TLS configuration
+local cfg = {
+  protocol = "any",
+  options  = {"all", "no_sslv2", "no_sslv3", "no_tlsv1"},
+  verify   = "none",
+}
+
+--------------------------------------------------------------------
+-- Auxiliar Functions
+--------------------------------------------------------------------
+
+-- Insert default HTTPS port.
+local function default_https_port(u)
+   return url.build(url.parse(u, {port = _M.PORT}))
+end
+
+-- Convert an URL to a table according to Luasocket needs.
+local function urlstring_totable(url, body, result_table)
+   url = {
+      url = default_https_port(url),
+      method = body and "POST" or "GET",
+      sink = ltn12.sink.table(result_table)
+   }
+   if body then
+      url.source = ltn12.source.string(body)
+      url.headers = {
+         ["content-length"] = #body,
+         ["content-type"] = "application/x-www-form-urlencoded",
+      }
+   end
+   return url
+end
+
+-- Forward calls to the real connection object.
+local function reg(conn)
+   local mt = getmetatable(conn.sock).__index
+   for name, method in pairs(mt) do
+      if type(method) == "function" then
+         conn[name] = function (self, ...)
+                         return method(self.sock, ...)
+                      end
+      end
+   end
+end
+
+-- Return a function which performs the SSL/TLS connection.
+local function tcp(params)
+   params = params or {}
+   -- Default settings
+   for k, v in pairs(cfg) do 
+      params[k] = params[k] or v
+   end
+   -- Force client mode
+   params.mode = "client"
+   -- 'create' function for LuaSocket
+   return function ()
+      local conn = {}
+      conn.sock = try(socket.tcp())
+      local st = getmetatable(conn.sock).__index.settimeout
+      function conn:settimeout(...)
+         return st(self.sock, _M.TIMEOUT)
+      end
+      -- Replace TCP's connection function
+      function conn:connect(host, port)
+         try(self.sock:connect(host, port))
+         self.sock = try(ssl.wrap(self.sock, params))
+         self.sock:sni(host)
+         self.sock:settimeout(_M.TIMEOUT)
+         try(self.sock:dohandshake())
+         reg(self)
+         return 1
+      end
+      return conn
+  end
+end
+
+--------------------------------------------------------------------
+-- Main Function
+--------------------------------------------------------------------
+
+-- Make a HTTP request over secure connection.  This function receives
+--  the same parameters of LuaSocket's HTTP module (except 'proxy' and
+--  'redirect') plus LuaSec parameters.
+--
+-- @param url mandatory (string or table)
+-- @param body optional (string)
+-- @return (string if url == string or 1), code, headers, status
+--
+local function request(url, body)
+  local result_table = {}
+  local stringrequest = type(url) == "string"
+  if stringrequest then
+    url = urlstring_totable(url, body, result_table)
+  else
+    url.url = default_https_port(url.url)
+  end
+  if http.PROXY or url.proxy then
+    return nil, "proxy not supported"
+  elseif url.redirect then
+    return nil, "redirect not supported"
+  elseif url.create then
+    return nil, "create function not permitted"
+  end
+  -- New 'create' function to establish a secure connection
+  url.create = tcp(url)
+  local res, code, headers, status = http.request(url)
+  if res and stringrequest then
+    return table.concat(result_table), code, headers, status
+  end
+  return res, code, headers, status
+end
+
+--------------------------------------------------------------------------------
+-- Export module
+--
+
+_M.request = request
+_M.tcp = tcp
+
+return _M

src/deps/src/luasec/src/luasocket/LICENSE

@@ -0,0 +1,21 @@
+LuaSocket 3.0-RC1 license
+Copyright (C) 2004-2013 Diego Nehab
+
+Permission is hereby granted, free  of charge, to any person obtaining
+a  copy  of this  software  and  associated documentation  files  (the
+"Software"), to  deal in  the Software without  restriction, including
+without limitation  the rights to  use, copy, modify,  merge, publish,
+distribute, sublicense,  and/or sell  copies of  the Software,  and to
+permit persons to whom the Software  is furnished to do so, subject to
+the following conditions:
+
+The  above  copyright  notice  and this  permission  notice  shall  be
+included in all copies or substantial portions of the Software.
+
+THE  SOFTWARE IS  PROVIDED  "AS  IS", WITHOUT  WARRANTY  OF ANY  KIND,
+EXPRESS OR  IMPLIED, INCLUDING  BUT NOT LIMITED  TO THE  WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT  SHALL THE AUTHORS OR COPYRIGHT HOLDERS  BE LIABLE FOR ANY
+CLAIM, DAMAGES OR  OTHER LIABILITY, WHETHER IN AN  ACTION OF CONTRACT,
+TORT OR  OTHERWISE, ARISING  FROM, OUT  OF OR  IN CONNECTION  WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

src/deps/src/luasec/src/luasocket/Makefile

@@ -0,0 +1,26 @@
+OBJS= \
+ io.o \
+ buffer.o \
+ timeout.o \
+ usocket.o
+
+CC	?= cc
+CFLAGS	+= $(MYCFLAGS) -DLUASOCKET_DEBUG
+AR	?= ar
+RANLIB	?= ranlib
+
+.PHONY: all clean
+
+all: libluasocket.a
+
+libluasocket.a: $(OBJS)
+	$(AR) rcu $@ $(OBJS)
+	$(RANLIB) $@
+
+clean:
+	rm -f $(OBJS) libluasocket.a
+
+buffer.o: buffer.c buffer.h io.h timeout.h
+io.o: io.c io.h timeout.h
+timeout.o: timeout.c timeout.h
+usocket.o: usocket.c socket.h io.h timeout.h usocket.h

src/deps/src/luasec/src/luasocket/buffer.c

@@ -0,0 +1,282 @@
+/*=========================================================================*\
+* Input/Output interface for Lua programs
+* LuaSocket toolkit
+\*=========================================================================*/
+#include "lua.h"
+#include "lauxlib.h"
+
+#include "buffer.h"
+
+/*=========================================================================*\
+* Internal function prototypes
+\*=========================================================================*/
+static int recvraw(p_buffer buf, size_t wanted, luaL_Buffer *b);
+static int recvline(p_buffer buf, luaL_Buffer *b);
+static int recvall(p_buffer buf, luaL_Buffer *b);
+static int buffer_get(p_buffer buf, const char **data, size_t *count);
+static void buffer_skip(p_buffer buf, size_t count);
+static int sendraw(p_buffer buf, const char *data, size_t count, size_t *sent);
+
+/* min and max macros */
+#ifndef MIN
+#define MIN(x, y) ((x) < (y) ? x : y)
+#endif
+#ifndef MAX
+#define MAX(x, y) ((x) > (y) ? x : y)
+#endif
+
+/*=========================================================================*\
+* Exported functions
+\*=========================================================================*/
+/*-------------------------------------------------------------------------*\
+* Initializes module
+\*-------------------------------------------------------------------------*/
+int buffer_open(lua_State *L) {
+    (void) L;
+    return 0;
+}
+
+/*-------------------------------------------------------------------------*\
+* Initializes C structure 
+\*-------------------------------------------------------------------------*/
+void buffer_init(p_buffer buf, p_io io, p_timeout tm) {
+    buf->first = buf->last = 0;
+    buf->io = io;
+    buf->tm = tm;
+    buf->received = buf->sent = 0;
+    buf->birthday = timeout_gettime();
+}
+
+/*-------------------------------------------------------------------------*\
+* object:getstats() interface
+\*-------------------------------------------------------------------------*/
+int buffer_meth_getstats(lua_State *L, p_buffer buf) {
+    lua_pushnumber(L, (lua_Number) buf->received);
+    lua_pushnumber(L, (lua_Number) buf->sent);
+    lua_pushnumber(L, timeout_gettime() - buf->birthday);
+    return 3;
+}
+
+/*-------------------------------------------------------------------------*\
+* object:setstats() interface
+\*-------------------------------------------------------------------------*/
+int buffer_meth_setstats(lua_State *L, p_buffer buf) {
+    buf->received = (long) luaL_optnumber(L, 2, (lua_Number) buf->received); 
+    buf->sent = (long) luaL_optnumber(L, 3, (lua_Number) buf->sent); 
+    if (lua_isnumber(L, 4)) buf->birthday = timeout_gettime() - lua_tonumber(L, 4);
+    lua_pushnumber(L, 1);
+    return 1;
+}
+
+/*-------------------------------------------------------------------------*\
+* object:send() interface
+\*-------------------------------------------------------------------------*/
+int buffer_meth_send(lua_State *L, p_buffer buf) {
+    int top = lua_gettop(L);
+    int err = IO_DONE;
+    size_t size = 0, sent = 0;
+    const char *data = luaL_checklstring(L, 2, &size);
+    long start = (long) luaL_optnumber(L, 3, 1);
+    long end = (long) luaL_optnumber(L, 4, -1);
+#ifdef LUASOCKET_DEBUG
+    p_timeout tm = timeout_markstart(buf->tm);
+#endif
+    if (start < 0) start = (long) (size+start+1);
+    if (end < 0) end = (long) (size+end+1);
+    if (start < 1) start = (long) 1;
+    if (end > (long) size) end = (long) size;
+    if (start <= end) err = sendraw(buf, data+start-1, end-start+1, &sent);
+    /* check if there was an error */
+    if (err != IO_DONE) {
+        lua_pushnil(L);
+        lua_pushstring(L, buf->io->error(buf->io->ctx, err)); 
+        lua_pushnumber(L, (lua_Number) (sent+start-1));
+    } else {
+        lua_pushnumber(L, (lua_Number) (sent+start-1));
+        lua_pushnil(L);
+        lua_pushnil(L);
+    }
+#ifdef LUASOCKET_DEBUG
+    /* push time elapsed during operation as the last return value */
+    lua_pushnumber(L, timeout_gettime() - timeout_getstart(tm));
+#endif
+    return lua_gettop(L) - top;
+}
+
+/*-------------------------------------------------------------------------*\
+* object:receive() interface
+\*-------------------------------------------------------------------------*/
+int buffer_meth_receive(lua_State *L, p_buffer buf) {
+    luaL_Buffer b;
+    size_t size;
+    const char *part;
+    int err = IO_DONE;
+    int top = lua_gettop(L);
+    if (top < 3) {
+        lua_settop(L, 3);
+        top = 3;
+    }
+    part = luaL_optlstring(L, 3, "", &size);
+#ifdef LUASOCKET_DEBUG
+    p_timeout tm = timeout_markstart(buf->tm);
+#endif
+    /* initialize buffer with optional extra prefix 
+     * (useful for concatenating previous partial results) */
+    luaL_buffinit(L, &b);
+    luaL_addlstring(&b, part, size);
+    /* receive new patterns */
+    if (!lua_isnumber(L, 2)) {
+        const char *p= luaL_optstring(L, 2, "*l");
+        if (p[0] == '*' && p[1] == 'l') err = recvline(buf, &b);
+        else if (p[0] == '*' && p[1] == 'a') err = recvall(buf, &b); 
+        else luaL_argcheck(L, 0, 2, "invalid receive pattern");
+    /* get a fixed number of bytes (minus what was already partially 
+     * received) */
+    } else {
+        double n = lua_tonumber(L, 2); 
+        size_t wanted = (size_t) n;
+        luaL_argcheck(L, n >= 0, 2, "invalid receive pattern");
+        if (size == 0 || wanted > size)
+            err = recvraw(buf, wanted-size, &b);
+    }
+    /* check if there was an error */
+    if (err != IO_DONE) {
+        /* we can't push anything in the stack before pushing the
+         * contents of the buffer. this is the reason for the complication */
+        luaL_pushresult(&b);
+        lua_pushstring(L, buf->io->error(buf->io->ctx, err)); 
+        lua_pushvalue(L, -2); 
+        lua_pushnil(L);
+        lua_replace(L, -4);
+    } else {
+        luaL_pushresult(&b);
+        lua_pushnil(L);
+        lua_pushnil(L);
+    }
+#ifdef LUASOCKET_DEBUG
+    /* push time elapsed during operation as the last return value */
+    lua_pushnumber(L, timeout_gettime() - timeout_getstart(tm));
+#endif
+    return lua_gettop(L) - top;
+}
+
+/*-------------------------------------------------------------------------*\
+* Determines if there is any data in the read buffer
+\*-------------------------------------------------------------------------*/
+int buffer_isempty(p_buffer buf) {
+    return buf->first >= buf->last;
+}
+
+/*=========================================================================*\
+* Internal functions
+\*=========================================================================*/
+/*-------------------------------------------------------------------------*\
+* Sends a block of data (unbuffered)
+\*-------------------------------------------------------------------------*/
+#define STEPSIZE 8192
+static int sendraw(p_buffer buf, const char *data, size_t count, size_t *sent) {
+    p_io io = buf->io;
+    p_timeout tm = buf->tm;
+    size_t total = 0;
+    int err = IO_DONE;
+    while (total < count && err == IO_DONE) {
+        size_t done = 0;
+        size_t step = (count-total <= STEPSIZE)? count-total: STEPSIZE;
+        err = io->send(io->ctx, data+total, step, &done, tm);
+        total += done;
+    }
+    *sent = total;
+    buf->sent += total;
+    return err;
+}
+
+/*-------------------------------------------------------------------------*\
+* Reads a fixed number of bytes (buffered)
+\*-------------------------------------------------------------------------*/
+static int recvraw(p_buffer buf, size_t wanted, luaL_Buffer *b) {
+    int err = IO_DONE;
+    size_t total = 0;
+    while (err == IO_DONE) {
+        size_t count; const char *data;
+        err = buffer_get(buf, &data, &count);
+        count = MIN(count, wanted - total);
+        luaL_addlstring(b, data, count);
+        buffer_skip(buf, count);
+        total += count;
+        if (total >= wanted) break;
+    }
+    return err;
+}
+
+/*-------------------------------------------------------------------------*\
+* Reads everything until the connection is closed (buffered)
+\*-------------------------------------------------------------------------*/
+static int recvall(p_buffer buf, luaL_Buffer *b) {
+    int err = IO_DONE;
+    size_t total = 0;
+    while (err == IO_DONE) {
+        const char *data; size_t count;
+        err = buffer_get(buf, &data, &count);
+        total += count;
+        luaL_addlstring(b, data, count);
+        buffer_skip(buf, count);
+    }
+    if (err == IO_CLOSED) {
+        if (total > 0) return IO_DONE;
+        else return IO_CLOSED;
+    } else return err;
+}
+
+/*-------------------------------------------------------------------------*\
+* Reads a line terminated by a CR LF pair or just by a LF. The CR and LF 
+* are not returned by the function and are discarded from the buffer
+\*-------------------------------------------------------------------------*/
+static int recvline(p_buffer buf, luaL_Buffer *b) {
+    int err = IO_DONE;
+    while (err == IO_DONE) {
+        size_t count, pos; const char *data;
+        err = buffer_get(buf, &data, &count);
+        pos = 0;
+        while (pos < count && data[pos] != '\n') {
+            /* we ignore all \r's */
+            if (data[pos] != '\r') luaL_addchar(b, data[pos]);
+            pos++;
+        }
+        if (pos < count) { /* found '\n' */
+            buffer_skip(buf, pos+1); /* skip '\n' too */
+            break; /* we are done */
+        } else /* reached the end of the buffer */
+            buffer_skip(buf, pos);
+    }
+    return err;
+}
+
+/*-------------------------------------------------------------------------*\
+* Skips a given number of bytes from read buffer. No data is read from the
+* transport layer
+\*-------------------------------------------------------------------------*/
+static void buffer_skip(p_buffer buf, size_t count) {
+    buf->received += count;
+    buf->first += count;
+    if (buffer_isempty(buf)) 
+        buf->first = buf->last = 0;
+}
+
+/*-------------------------------------------------------------------------*\
+* Return any data available in buffer, or get more data from transport layer
+* if buffer is empty
+\*-------------------------------------------------------------------------*/
+static int buffer_get(p_buffer buf, const char **data, size_t *count) {
+    int err = IO_DONE;
+    p_io io = buf->io;
+    p_timeout tm = buf->tm;
+    if (buffer_isempty(buf)) {
+        size_t got;
+        err = io->recv(io->ctx, buf->data, BUF_SIZE, &got, tm);
+        buf->first = 0;
+        buf->last = got;
+    }
+    *count = buf->last - buf->first;
+    *data = buf->data + buf->first;
+    return err;
+}

src/deps/src/luasec/src/luasocket/buffer.h

@@ -0,0 +1,45 @@
+#ifndef BUF_H
+#define BUF_H 
+/*=========================================================================*\
+* Input/Output interface for Lua programs
+* LuaSocket toolkit
+*
+* Line patterns require buffering. Reading one character at a time involves
+* too many system calls and is very slow. This module implements the
+* LuaSocket interface for input/output on connected objects, as seen by 
+* Lua programs. 
+*
+* Input is buffered. Output is *not* buffered because there was no simple
+* way of making sure the buffered output data would ever be sent.
+*
+* The module is built on top of the I/O abstraction defined in io.h and the
+* timeout management is done with the timeout.h interface.
+\*=========================================================================*/
+#include "lua.h"
+
+#include "io.h"
+#include "timeout.h"
+
+/* buffer size in bytes */
+#define BUF_SIZE 8192
+
+/* buffer control structure */
+typedef struct t_buffer_ {
+    double birthday;        /* throttle support info: creation time, */
+    size_t sent, received;  /* bytes sent, and bytes received */
+    p_io io;                /* IO driver used for this buffer */
+    p_timeout tm;           /* timeout management for this buffer */
+    size_t first, last;     /* index of first and last bytes of stored data */
+    char data[BUF_SIZE];    /* storage space for buffer data */
+} t_buffer;
+typedef t_buffer *p_buffer;
+
+int buffer_open(lua_State *L);
+void buffer_init(p_buffer buf, p_io io, p_timeout tm);
+int buffer_meth_send(lua_State *L, p_buffer buf);
+int buffer_meth_receive(lua_State *L, p_buffer buf);
+int buffer_meth_getstats(lua_State *L, p_buffer buf);
+int buffer_meth_setstats(lua_State *L, p_buffer buf);
+int buffer_isempty(p_buffer buf);
+
+#endif /* BUF_H */

src/deps/src/luasec/src/luasocket/io.c

@@ -0,0 +1,30 @@
+/*=========================================================================*\
+* Input/Output abstraction
+* LuaSocket toolkit
+\*=========================================================================*/
+#include "io.h"
+
+/*=========================================================================*\
+* Exported functions
+\*=========================================================================*/
+/*-------------------------------------------------------------------------*\
+* Initializes C structure
+\*-------------------------------------------------------------------------*/
+void io_init(p_io io, p_send send, p_recv recv, p_error error, void *ctx) {
+    io->send = send;
+    io->recv = recv;
+    io->error = error;
+    io->ctx = ctx;
+}
+
+/*-------------------------------------------------------------------------*\
+* I/O error strings
+\*-------------------------------------------------------------------------*/
+const char *io_strerror(int err) {
+    switch (err) {
+        case IO_DONE: return NULL;
+        case IO_CLOSED: return "closed";
+        case IO_TIMEOUT: return "timeout";
+        default: return "unknown error"; 
+    }
+}

src/deps/src/luasec/src/luasocket/io.h

@@ -0,0 +1,65 @@
+#ifndef IO_H
+#define IO_H
+/*=========================================================================*\
+* Input/Output abstraction
+* LuaSocket toolkit
+*
+* This module defines the interface that LuaSocket expects from the
+* transport layer for streamed input/output. The idea is that if any
+* transport implements this interface, then the buffer.c functions
+* automatically work on it.
+*
+* The module socket.h implements this interface, and thus the module tcp.h
+* is very simple.
+\*=========================================================================*/
+#include <stdio.h>
+#include "lua.h"
+
+#include "timeout.h"
+
+/* IO error codes */
+enum {
+    IO_DONE = 0,        /* operation completed successfully */
+    IO_TIMEOUT = -1,    /* operation timed out */
+    IO_CLOSED = -2,     /* the connection has been closed */
+	IO_UNKNOWN = -3     
+};
+
+/* interface to error message function */
+typedef const char *(*p_error) (
+    void *ctx,          /* context needed by send */
+    int err             /* error code */
+);
+
+/* interface to send function */
+typedef int (*p_send) (
+    void *ctx,          /* context needed by send */
+    const char *data,   /* pointer to buffer with data to send */
+    size_t count,       /* number of bytes to send from buffer */
+    size_t *sent,       /* number of bytes sent uppon return */
+    p_timeout tm        /* timeout control */
+);
+
+/* interface to recv function */
+typedef int (*p_recv) (
+    void *ctx,          /* context needed by recv */
+    char *data,         /* pointer to buffer where data will be written */
+    size_t count,       /* number of bytes to receive into buffer */
+    size_t *got,        /* number of bytes received uppon return */
+    p_timeout tm        /* timeout control */
+);
+
+/* IO driver definition */
+typedef struct t_io_ {
+    void *ctx;          /* context needed by send/recv */
+    p_send send;        /* send function pointer */
+    p_recv recv;        /* receive function pointer */
+    p_error error;      /* strerror function */
+} t_io;
+typedef t_io *p_io;
+
+void io_init(p_io io, p_send send, p_recv recv, p_error error, void *ctx);
+const char *io_strerror(int err);
+
+#endif /* IO_H */
+

src/deps/src/luasec/src/luasocket/socket.h

@@ -0,0 +1,78 @@
+#ifndef SOCKET_H
+#define SOCKET_H
+/*=========================================================================*\
+* Socket compatibilization module
+* LuaSocket toolkit
+*
+* BSD Sockets and WinSock are similar, but there are a few irritating
+* differences. Also, not all *nix platforms behave the same. This module
+* (and the associated usocket.h and wsocket.h) factor these differences and
+* creates a interface compatible with the io.h module.
+\*=========================================================================*/
+#include "io.h"
+
+/*=========================================================================*\
+* Platform specific compatibilization
+\*=========================================================================*/
+#ifdef _WIN32
+#include "wsocket.h"
+#else
+#include "usocket.h"
+#endif
+
+/*=========================================================================*\
+* The connect and accept functions accept a timeout and their
+* implementations are somewhat complicated. We chose to move
+* the timeout control into this module for these functions in
+* order to simplify the modules that use them. 
+\*=========================================================================*/
+#include "timeout.h"
+
+/* we are lazy... */
+typedef struct sockaddr SA;
+
+/*=========================================================================*\
+* Functions below implement a comfortable platform independent 
+* interface to sockets
+\*=========================================================================*/
+int socket_open(void);
+int socket_close(void);
+void socket_destroy(p_socket ps);
+void socket_shutdown(p_socket ps, int how); 
+int socket_sendto(p_socket ps, const char *data, size_t count, 
+        size_t *sent, SA *addr, socklen_t addr_len, p_timeout tm);
+int socket_recvfrom(p_socket ps, char *data, size_t count, 
+        size_t *got, SA *addr, socklen_t *addr_len, p_timeout tm);
+
+void socket_setnonblocking(p_socket ps);
+void socket_setblocking(p_socket ps);
+
+int socket_waitfd(p_socket ps, int sw, p_timeout tm);
+int socket_select(t_socket n, fd_set *rfds, fd_set *wfds, fd_set *efds, 
+        p_timeout tm);
+
+int socket_connect(p_socket ps, SA *addr, socklen_t addr_len, p_timeout tm); 
+int socket_create(p_socket ps, int domain, int type, int protocol);
+int socket_bind(p_socket ps, SA *addr, socklen_t addr_len); 
+int socket_listen(p_socket ps, int backlog);
+int socket_accept(p_socket ps, p_socket pa, SA *addr, 
+        socklen_t *addr_len, p_timeout tm);
+
+const char *socket_hoststrerror(int err);
+const char *socket_gaistrerror(int err);
+const char *socket_strerror(int err);
+
+/* these are perfect to use with the io abstraction module 
+   and the buffered input module */
+int socket_send(p_socket ps, const char *data, size_t count, 
+        size_t *sent, p_timeout tm);
+int socket_recv(p_socket ps, char *data, size_t count, size_t *got, p_timeout tm);
+int socket_write(p_socket ps, const char *data, size_t count, 
+        size_t *sent, p_timeout tm);
+int socket_read(p_socket ps, char *data, size_t count, size_t *got, p_timeout tm);
+const char *socket_ioerror(p_socket ps, int err);
+
+int socket_gethostbyaddr(const char *addr, socklen_t len, struct hostent **hp);
+int socket_gethostbyname(const char *addr, struct hostent **hp);
+
+#endif /* SOCKET_H */

src/deps/src/luasec/src/luasocket/timeout.c

@@ -0,0 +1,220 @@
+/*=========================================================================*\
+* Timeout management functions
+* LuaSocket toolkit
+\*=========================================================================*/
+#include <stdio.h>
+#include <limits.h>
+#include <float.h>
+
+#include "lua.h"
+#include "lauxlib.h"
+
+#include "timeout.h"
+
+#ifdef _WIN32
+#include <windows.h>
+#else
+#include <time.h>
+#include <sys/time.h>
+#endif
+
+/* min and max macros */
+#ifndef MIN
+#define MIN(x, y) ((x) < (y) ? x : y)
+#endif
+#ifndef MAX
+#define MAX(x, y) ((x) > (y) ? x : y)
+#endif
+
+/*=========================================================================*\
+* Internal function prototypes
+\*=========================================================================*/
+static int timeout_lua_gettime(lua_State *L);
+static int timeout_lua_sleep(lua_State *L);
+
+static luaL_Reg func[] = {
+    { "gettime", timeout_lua_gettime },
+    { "sleep", timeout_lua_sleep },
+    { NULL, NULL }
+};
+
+/*=========================================================================*\
+* Exported functions.
+\*=========================================================================*/
+/*-------------------------------------------------------------------------*\
+* Initialize structure
+\*-------------------------------------------------------------------------*/
+void timeout_init(p_timeout tm, double block, double total) {
+    tm->block = block;
+    tm->total = total;
+}
+
+/*-------------------------------------------------------------------------*\
+* Determines how much time we have left for the next system call,
+* if the previous call was successful 
+* Input
+*   tm: timeout control structure
+* Returns
+*   the number of ms left or -1 if there is no time limit
+\*-------------------------------------------------------------------------*/
+double timeout_get(p_timeout tm) {
+    if (tm->block < 0.0 && tm->total < 0.0) {
+        return -1;
+    } else if (tm->block < 0.0) {
+        double t = tm->total - timeout_gettime() + tm->start;
+        return MAX(t, 0.0);
+    } else if (tm->total < 0.0) {
+        return tm->block;
+    } else {
+        double t = tm->total - timeout_gettime() + tm->start;
+        return MIN(tm->block, MAX(t, 0.0));
+    }
+}
+
+/*-------------------------------------------------------------------------*\
+* Returns time since start of operation
+* Input
+*   tm: timeout control structure
+* Returns
+*   start field of structure
+\*-------------------------------------------------------------------------*/
+double timeout_getstart(p_timeout tm) {
+    return tm->start;
+}
+
+/*-------------------------------------------------------------------------*\
+* Determines how much time we have left for the next system call,
+* if the previous call was a failure
+* Input
+*   tm: timeout control structure
+* Returns
+*   the number of ms left or -1 if there is no time limit
+\*-------------------------------------------------------------------------*/
+double timeout_getretry(p_timeout tm) {
+    if (tm->block < 0.0 && tm->total < 0.0) {
+        return -1;
+    } else if (tm->block < 0.0) {
+        double t = tm->total - timeout_gettime() + tm->start;
+        return MAX(t, 0.0);
+    } else if (tm->total < 0.0) {
+        double t = tm->block - timeout_gettime() + tm->start;
+        return MAX(t, 0.0);
+    } else {
+        double t = tm->total - timeout_gettime() + tm->start;
+        return MIN(tm->block, MAX(t, 0.0));
+    }
+}
+
+/*-------------------------------------------------------------------------*\
+* Marks the operation start time in structure 
+* Input
+*   tm: timeout control structure
+\*-------------------------------------------------------------------------*/
+p_timeout timeout_markstart(p_timeout tm) {
+    tm->start = timeout_gettime();
+    return tm;
+}
+
+/*-------------------------------------------------------------------------*\
+* Gets time in s, relative to January 1, 1970 (UTC) 
+* Returns
+*   time in s.
+\*-------------------------------------------------------------------------*/
+#ifdef _WIN32
+double timeout_gettime(void) {
+    FILETIME ft;
+    double t;
+    GetSystemTimeAsFileTime(&ft);
+    /* Windows file time (time since January 1, 1601 (UTC)) */
+    t  = ft.dwLowDateTime/1.0e7 + ft.dwHighDateTime*(4294967296.0/1.0e7);
+    /* convert to Unix Epoch time (time since January 1, 1970 (UTC)) */
+    return (t - 11644473600.0);
+}
+#else
+double timeout_gettime(void) {
+    struct timeval v;
+    gettimeofday(&v, (struct timezone *) NULL);
+    /* Unix Epoch time (time since January 1, 1970 (UTC)) */
+    return v.tv_sec + v.tv_usec/1.0e6;
+}
+#endif
+
+/*-------------------------------------------------------------------------*\
+* Initializes module
+\*-------------------------------------------------------------------------*/
+int timeout_open(lua_State *L) {
+#if LUA_VERSION_NUM > 501 && !defined(LUA_COMPAT_MODULE)
+    luaL_setfuncs(L, func, 0);
+#else
+    luaL_openlib(L, NULL, func, 0);
+#endif
+    return 0;
+}
+
+/*-------------------------------------------------------------------------*\
+* Sets timeout values for IO operations
+* Lua Input: base, time [, mode]
+*   time: time out value in seconds
+*   mode: "b" for block timeout, "t" for total timeout. (default: b)
+\*-------------------------------------------------------------------------*/
+int timeout_meth_settimeout(lua_State *L, p_timeout tm) {
+    double t = luaL_optnumber(L, 2, -1);
+    const char *mode = luaL_optstring(L, 3, "b");
+    switch (*mode) {
+        case 'b':
+            tm->block = t; 
+            break;
+        case 'r': case 't':
+            tm->total = t;
+            break;
+        default:
+            luaL_argcheck(L, 0, 3, "invalid timeout mode");
+            break;
+    }
+    lua_pushnumber(L, 1);
+    return 1;
+}
+
+/*=========================================================================*\
+* Test support functions
+\*=========================================================================*/
+/*-------------------------------------------------------------------------*\
+* Returns the time the system has been up, in secconds.
+\*-------------------------------------------------------------------------*/
+static int timeout_lua_gettime(lua_State *L)
+{
+    lua_pushnumber(L, timeout_gettime());
+    return 1;
+}
+
+/*-------------------------------------------------------------------------*\
+* Sleep for n seconds.
+\*-------------------------------------------------------------------------*/
+#ifdef _WIN32
+int timeout_lua_sleep(lua_State *L)
+{
+    double n = luaL_checknumber(L, 1);
+    if (n < 0.0) n = 0.0;
+    if (n < DBL_MAX/1000.0) n *= 1000.0;
+    if (n > INT_MAX) n = INT_MAX;
+    Sleep((int)n);
+    return 0;
+}
+#else
+int timeout_lua_sleep(lua_State *L)
+{
+    double n = luaL_checknumber(L, 1);
+    struct timespec t, r;
+    if (n < 0.0) n = 0.0;
+    if (n > INT_MAX) n = INT_MAX;
+    t.tv_sec = (int) n;
+    n -= t.tv_sec;
+    t.tv_nsec = (int) (n * 1000000000);
+    if (t.tv_nsec >= 1000000000) t.tv_nsec = 999999999;
+    while (nanosleep(&t, &r) != 0) {
+        t.tv_sec = r.tv_sec;
+        t.tv_nsec = r.tv_nsec;
+    }
+    return 0;
+}
+#endif

src/deps/src/luasec/src/luasocket/timeout.h

@@ -0,0 +1,28 @@
+#ifndef TIMEOUT_H
+#define TIMEOUT_H
+/*=========================================================================*\
+* Timeout management functions
+* LuaSocket toolkit
+\*=========================================================================*/
+#include "lua.h"
+
+/* timeout control structure */
+typedef struct t_timeout_ {
+    double block;          /* maximum time for blocking calls */
+    double total;          /* total number of milliseconds for operation */
+    double start;          /* time of start of operation */
+} t_timeout;
+typedef t_timeout *p_timeout;
+
+int timeout_open(lua_State *L);
+void timeout_init(p_timeout tm, double block, double total);
+double timeout_get(p_timeout tm);
+double timeout_getretry(p_timeout tm);
+p_timeout timeout_markstart(p_timeout tm);
+double timeout_getstart(p_timeout tm);
+double timeout_gettime(void);
+int timeout_meth_settimeout(lua_State *L, p_timeout tm);
+
+#define timeout_iszero(tm)   ((tm)->block == 0.0)
+
+#endif /* TIMEOUT_H */

src/deps/src/luasec/src/luasocket/usocket.c

@@ -0,0 +1,439 @@
+/*=========================================================================*\
+* Socket compatibilization module for Unix
+* LuaSocket toolkit
+*
+* The code is now interrupt-safe.
+* The penalty of calling select to avoid busy-wait is only paid when
+* the I/O call fail in the first place. 
+\*=========================================================================*/
+#include <string.h> 
+#include <signal.h>
+
+#include "socket.h"
+
+/*-------------------------------------------------------------------------*\
+* Wait for readable/writable/connected socket with timeout
+\*-------------------------------------------------------------------------*/
+#ifndef SOCKET_SELECT
+int socket_waitfd(p_socket ps, int sw, p_timeout tm) {
+    int ret;
+    struct pollfd pfd;
+    pfd.fd = *ps;
+    pfd.events = sw;
+    pfd.revents = 0;
+    if (timeout_iszero(tm)) return IO_TIMEOUT;  /* optimize timeout == 0 case */
+    do {
+        int t = (int)(timeout_getretry(tm)*1e3);
+        ret = poll(&pfd, 1, t >= 0? t: -1);
+    } while (ret == -1 && errno == EINTR);
+    if (ret == -1) return errno;
+    if (ret == 0) return IO_TIMEOUT;
+    if (sw == WAITFD_C && (pfd.revents & (POLLIN|POLLERR))) return IO_CLOSED;
+    return IO_DONE;
+}
+#else
+int socket_waitfd(p_socket ps, int sw, p_timeout tm) {
+    int ret;
+    fd_set rfds, wfds, *rp, *wp;
+    struct timeval tv, *tp;
+    double t;
+    if (*ps >= FD_SETSIZE) return EINVAL;
+    if (timeout_iszero(tm)) return IO_TIMEOUT;  /* optimize timeout == 0 case */
+    do {
+        /* must set bits within loop, because select may have modified them */
+        rp = wp = NULL;
+        if (sw & WAITFD_R) { FD_ZERO(&rfds); FD_SET(*ps, &rfds); rp = &rfds; }
+        if (sw & WAITFD_W) { FD_ZERO(&wfds); FD_SET(*ps, &wfds); wp = &wfds; }
+        t = timeout_getretry(tm);
+        tp = NULL;
+        if (t >= 0.0) {
+            tv.tv_sec = (int)t;
+            tv.tv_usec = (int)((t-tv.tv_sec)*1.0e6);
+            tp = &tv;
+        }
+        ret = select(*ps+1, rp, wp, NULL, tp);
+    } while (ret == -1 && errno == EINTR);
+    if (ret == -1) return errno;
+    if (ret == 0) return IO_TIMEOUT;
+    if (sw == WAITFD_C && FD_ISSET(*ps, &rfds)) return IO_CLOSED;
+    return IO_DONE;
+}
+#endif
+
+
+/*-------------------------------------------------------------------------*\
+* Initializes module 
+\*-------------------------------------------------------------------------*/
+int socket_open(void) {
+    /* instals a handler to ignore sigpipe or it will crash us */
+    signal(SIGPIPE, SIG_IGN);
+    return 1;
+}
+
+/*-------------------------------------------------------------------------*\
+* Close module 
+\*-------------------------------------------------------------------------*/
+int socket_close(void) {
+    return 1;
+}
+
+/*-------------------------------------------------------------------------*\
+* Close and inutilize socket
+\*-------------------------------------------------------------------------*/
+void socket_destroy(p_socket ps) {
+    if (*ps != SOCKET_INVALID) {
+        socket_setblocking(ps);
+        close(*ps);
+        *ps = SOCKET_INVALID;
+    }
+}
+
+/*-------------------------------------------------------------------------*\
+* Select with timeout control
+\*-------------------------------------------------------------------------*/
+int socket_select(t_socket n, fd_set *rfds, fd_set *wfds, fd_set *efds, 
+        p_timeout tm) {
+    int ret;
+    do {
+        struct timeval tv;
+        double t = timeout_getretry(tm);
+        tv.tv_sec = (int) t;
+        tv.tv_usec = (int) ((t - tv.tv_sec) * 1.0e6);
+        /* timeout = 0 means no wait */
+        ret = select(n, rfds, wfds, efds, t >= 0.0 ? &tv: NULL);
+    } while (ret < 0 && errno == EINTR);
+    return ret;
+}
+
+/*-------------------------------------------------------------------------*\
+* Creates and sets up a socket
+\*-------------------------------------------------------------------------*/
+int socket_create(p_socket ps, int domain, int type, int protocol) {
+    *ps = socket(domain, type, protocol);
+    if (*ps != SOCKET_INVALID) return IO_DONE; 
+    else return errno; 
+}
+
+/*-------------------------------------------------------------------------*\
+* Binds or returns error message
+\*-------------------------------------------------------------------------*/
+int socket_bind(p_socket ps, SA *addr, socklen_t len) {
+    int err = IO_DONE;
+    socket_setblocking(ps);
+    if (bind(*ps, addr, len) < 0) err = errno; 
+    socket_setnonblocking(ps);
+    return err;
+}
+
+/*-------------------------------------------------------------------------*\
+* 
+\*-------------------------------------------------------------------------*/
+int socket_listen(p_socket ps, int backlog) {
+    int err = IO_DONE; 
+    socket_setblocking(ps);
+    if (listen(*ps, backlog)) err = errno; 
+    socket_setnonblocking(ps);
+    return err;
+}
+
+/*-------------------------------------------------------------------------*\
+* 
+\*-------------------------------------------------------------------------*/
+void socket_shutdown(p_socket ps, int how) {
+    socket_setblocking(ps);
+    shutdown(*ps, how);
+    socket_setnonblocking(ps);
+}
+
+/*-------------------------------------------------------------------------*\
+* Connects or returns error message
+\*-------------------------------------------------------------------------*/
+int socket_connect(p_socket ps, SA *addr, socklen_t len, p_timeout tm) {
+    int err;
+    /* avoid calling on closed sockets */
+    if (*ps == SOCKET_INVALID) return IO_CLOSED;
+    /* call connect until done or failed without being interrupted */
+    do if (connect(*ps, addr, len) == 0) return IO_DONE;
+    while ((err = errno) == EINTR);
+    /* if connection failed immediately, return error code */
+    if (err != EINPROGRESS && err != EAGAIN) return err; 
+    /* zero timeout case optimization */
+    if (timeout_iszero(tm)) return IO_TIMEOUT;
+    /* wait until we have the result of the connection attempt or timeout */
+    err = socket_waitfd(ps, WAITFD_C, tm);
+    if (err == IO_CLOSED) {
+        if (recv(*ps, (char *) &err, 0, 0) == 0) return IO_DONE;
+        else return errno;
+    } else return err;
+}
+
+/*-------------------------------------------------------------------------*\
+* Accept with timeout
+\*-------------------------------------------------------------------------*/
+int socket_accept(p_socket ps, p_socket pa, SA *addr, socklen_t *len, p_timeout tm) {
+    if (*ps == SOCKET_INVALID) return IO_CLOSED; 
+    for ( ;; ) {
+        int err;
+        if ((*pa = accept(*ps, addr, len)) != SOCKET_INVALID) return IO_DONE;
+        err = errno;
+        if (err == EINTR) continue;
+        if (err != EAGAIN && err != ECONNABORTED) return err;
+        if ((err = socket_waitfd(ps, WAITFD_R, tm)) != IO_DONE) return err;
+    }
+    /* can't reach here */
+    return IO_UNKNOWN;
+}
+
+/*-------------------------------------------------------------------------*\
+* Send with timeout
+\*-------------------------------------------------------------------------*/
+int socket_send(p_socket ps, const char *data, size_t count, 
+        size_t *sent, p_timeout tm)
+{
+    int err;
+    *sent = 0;
+    /* avoid making system calls on closed sockets */
+    if (*ps == SOCKET_INVALID) return IO_CLOSED;
+    /* loop until we send something or we give up on error */
+    for ( ;; ) {
+        long put = (long) send(*ps, data, count, 0);
+        /* if we sent anything, we are done */
+        if (put >= 0) {
+            *sent = put;
+            return IO_DONE;
+        }
+        err = errno;
+        /* EPIPE means the connection was closed */
+        if (err == EPIPE) return IO_CLOSED;
+        /* we call was interrupted, just try again */
+        if (err == EINTR) continue;
+        /* if failed fatal reason, report error */
+        if (err != EAGAIN) return err;
+        /* wait until we can send something or we timeout */
+        if ((err = socket_waitfd(ps, WAITFD_W, tm)) != IO_DONE) return err;
+    }
+    /* can't reach here */
+    return IO_UNKNOWN;
+}
+
+/*-------------------------------------------------------------------------*\
+* Sendto with timeout
+\*-------------------------------------------------------------------------*/
+int socket_sendto(p_socket ps, const char *data, size_t count, size_t *sent, 
+        SA *addr, socklen_t len, p_timeout tm)
+{
+    int err;
+    *sent = 0;
+    if (*ps == SOCKET_INVALID) return IO_CLOSED;
+    for ( ;; ) {
+        long put = (long) sendto(*ps, data, count, 0, addr, len);  
+        if (put >= 0) {
+            *sent = put;
+            return IO_DONE;
+        }
+        err = errno;
+        if (err == EPIPE) return IO_CLOSED;
+        if (err == EINTR) continue;
+        if (err != EAGAIN) return err;
+        if ((err = socket_waitfd(ps, WAITFD_W, tm)) != IO_DONE) return err;
+    }
+    return IO_UNKNOWN;
+}
+
+/*-------------------------------------------------------------------------*\
+* Receive with timeout
+\*-------------------------------------------------------------------------*/
+int socket_recv(p_socket ps, char *data, size_t count, size_t *got, p_timeout tm) {
+    int err;
+    *got = 0;
+    if (*ps == SOCKET_INVALID) return IO_CLOSED;
+    for ( ;; ) {
+        long taken = (long) recv(*ps, data, count, 0);
+        if (taken > 0) {
+            *got = taken;
+            return IO_DONE;
+        }
+        err = errno;
+        if (taken == 0) return IO_CLOSED;
+        if (err == EINTR) continue;
+        if (err != EAGAIN) return err; 
+        if ((err = socket_waitfd(ps, WAITFD_R, tm)) != IO_DONE) return err; 
+    }
+    return IO_UNKNOWN;
+}
+
+/*-------------------------------------------------------------------------*\
+* Recvfrom with timeout
+\*-------------------------------------------------------------------------*/
+int socket_recvfrom(p_socket ps, char *data, size_t count, size_t *got, 
+        SA *addr, socklen_t *len, p_timeout tm) {
+    int err;
+    *got = 0;
+    if (*ps == SOCKET_INVALID) return IO_CLOSED;
+    for ( ;; ) {
+        long taken = (long) recvfrom(*ps, data, count, 0, addr, len);
+        if (taken > 0) {
+            *got = taken;
+            return IO_DONE;
+        }
+        err = errno;
+        if (taken == 0) return IO_CLOSED;
+        if (err == EINTR) continue;
+        if (err != EAGAIN) return err; 
+        if ((err = socket_waitfd(ps, WAITFD_R, tm)) != IO_DONE) return err; 
+    }
+    return IO_UNKNOWN;
+}
+
+
+/*-------------------------------------------------------------------------*\
+* Write with timeout
+*
+* socket_read and socket_write are cut-n-paste of socket_send and socket_recv,
+* with send/recv replaced with write/read. We can't just use write/read
+* in the socket version, because behaviour when size is zero is different.
+\*-------------------------------------------------------------------------*/
+int socket_write(p_socket ps, const char *data, size_t count, 
+        size_t *sent, p_timeout tm)
+{
+    int err;
+    *sent = 0;
+    /* avoid making system calls on closed sockets */
+    if (*ps == SOCKET_INVALID) return IO_CLOSED;
+    /* loop until we send something or we give up on error */
+    for ( ;; ) {
+        long put = (long) write(*ps, data, count);
+        /* if we sent anything, we are done */
+        if (put >= 0) {
+            *sent = put;
+            return IO_DONE;
+        }
+        err = errno;
+        /* EPIPE means the connection was closed */
+        if (err == EPIPE) return IO_CLOSED;
+        /* we call was interrupted, just try again */
+        if (err == EINTR) continue;
+        /* if failed fatal reason, report error */
+        if (err != EAGAIN) return err;
+        /* wait until we can send something or we timeout */
+        if ((err = socket_waitfd(ps, WAITFD_W, tm)) != IO_DONE) return err;
+    }
+    /* can't reach here */
+    return IO_UNKNOWN;
+}
+
+/*-------------------------------------------------------------------------*\
+* Read with timeout
+* See note for socket_write
+\*-------------------------------------------------------------------------*/
+int socket_read(p_socket ps, char *data, size_t count, size_t *got, p_timeout tm) {
+    int err;
+    *got = 0;
+    if (*ps == SOCKET_INVALID) return IO_CLOSED;
+    for ( ;; ) {
+        long taken = (long) read(*ps, data, count);
+        if (taken > 0) {
+            *got = taken;
+            return IO_DONE;
+        }
+        err = errno;
+        if (taken == 0) return IO_CLOSED;
+        if (err == EINTR) continue;
+        if (err != EAGAIN) return err; 
+        if ((err = socket_waitfd(ps, WAITFD_R, tm)) != IO_DONE) return err; 
+    }
+    return IO_UNKNOWN;
+}
+
+/*-------------------------------------------------------------------------*\
+* Put socket into blocking mode
+\*-------------------------------------------------------------------------*/
+void socket_setblocking(p_socket ps) {
+    int flags = fcntl(*ps, F_GETFL, 0);
+    flags &= (~(O_NONBLOCK));
+    fcntl(*ps, F_SETFL, flags);
+}
+
+/*-------------------------------------------------------------------------*\
+* Put socket into non-blocking mode
+\*-------------------------------------------------------------------------*/
+void socket_setnonblocking(p_socket ps) {
+    int flags = fcntl(*ps, F_GETFL, 0);
+    flags |= O_NONBLOCK;
+    fcntl(*ps, F_SETFL, flags);
+}
+
+/*-------------------------------------------------------------------------*\
+* DNS helpers 
+\*-------------------------------------------------------------------------*/
+int socket_gethostbyaddr(const char *addr, socklen_t len, struct hostent **hp) {
+    *hp = gethostbyaddr(addr, len, AF_INET);
+    if (*hp) return IO_DONE;
+    else if (h_errno) return h_errno;
+    else if (errno) return errno;
+    else return IO_UNKNOWN;
+}
+
+int socket_gethostbyname(const char *addr, struct hostent **hp) {
+    *hp = gethostbyname(addr);
+    if (*hp) return IO_DONE;
+    else if (h_errno) return h_errno;
+    else if (errno) return errno;
+    else return IO_UNKNOWN;
+}
+
+/*-------------------------------------------------------------------------*\
+* Error translation functions
+* Make sure important error messages are standard
+\*-------------------------------------------------------------------------*/
+const char *socket_hoststrerror(int err) {
+    if (err <= 0) return io_strerror(err);
+    switch (err) {
+        case HOST_NOT_FOUND: return "host not found";
+        default: return hstrerror(err);
+    }
+}
+
+const char *socket_strerror(int err) {
+    if (err <= 0) return io_strerror(err);
+    switch (err) {
+        case EADDRINUSE: return "address already in use";
+        case EISCONN: return "already connected";
+        case EACCES: return "permission denied";
+        case ECONNREFUSED: return "connection refused";
+        case ECONNABORTED: return "closed";
+        case ECONNRESET: return "closed";
+        case ETIMEDOUT: return "timeout";
+        default: return strerror(err);
+    }
+}
+
+const char *socket_ioerror(p_socket ps, int err) {
+    (void) ps;
+    return socket_strerror(err);
+} 
+
+const char *socket_gaistrerror(int err) {
+    if (err == 0) return NULL; 
+    switch (err) {
+        case EAI_AGAIN: return "temporary failure in name resolution";
+        case EAI_BADFLAGS: return "invalid value for ai_flags";
+#ifdef EAI_BADHINTS
+        case EAI_BADHINTS: return "invalid value for hints";
+#endif
+        case EAI_FAIL: return "non-recoverable failure in name resolution";
+        case EAI_FAMILY: return "ai_family not supported";
+        case EAI_MEMORY: return "memory allocation failure";
+        case EAI_NONAME: 
+            return "host or service not provided, or not known";
+        case EAI_OVERFLOW: return "argument buffer overflow";
+#ifdef EAI_PROTOCOL
+        case EAI_PROTOCOL: return "resolved protocol is unknown";
+#endif
+        case EAI_SERVICE: return "service not supported for socket type";
+        case EAI_SOCKTYPE: return "ai_socktype not supported";
+        case EAI_SYSTEM: return strerror(errno); 
+        default: return gai_strerror(err);
+    }
+}
+

src/deps/src/luasec/src/luasocket/usocket.h

@@ -0,0 +1,70 @@
+#ifndef USOCKET_H
+#define USOCKET_H
+/*=========================================================================*\
+* Socket compatibilization module for Unix
+* LuaSocket toolkit
+\*=========================================================================*/
+
+/*=========================================================================*\
+* BSD include files
+\*=========================================================================*/
+/* error codes */
+#include <errno.h>
+/* close function */
+#include <unistd.h>
+/* fnctnl function and associated constants */
+#include <fcntl.h>
+/* struct sockaddr */
+#include <sys/types.h>
+/* socket function */
+#include <sys/socket.h>
+/* struct timeval */
+#include <sys/time.h>
+/* gethostbyname and gethostbyaddr functions */
+#include <netdb.h>
+/* sigpipe handling */
+#include <signal.h>
+/* IP stuff*/
+#include <netinet/in.h>
+#include <arpa/inet.h>
+/* TCP options (nagle algorithm disable) */
+#include <netinet/tcp.h>
+#include <net/if.h>
+
+#ifndef SOCKET_SELECT
+#include <sys/poll.h>
+#define WAITFD_R        POLLIN
+#define WAITFD_W        POLLOUT
+#define WAITFD_C        (POLLIN|POLLOUT)
+#else
+#define WAITFD_R        1
+#define WAITFD_W        2
+#define WAITFD_C        (WAITFD_R|WAITFD_W)
+#endif
+
+#ifndef SO_REUSEPORT
+#define SO_REUSEPORT SO_REUSEADDR
+#endif
+
+/* Some platforms use IPV6_JOIN_GROUP instead if
+ * IPV6_ADD_MEMBERSHIP. The semantics are same, though. */
+#ifndef IPV6_ADD_MEMBERSHIP
+#ifdef IPV6_JOIN_GROUP
+#define IPV6_ADD_MEMBERSHIP IPV6_JOIN_GROUP
+#endif /* IPV6_JOIN_GROUP */
+#endif /* !IPV6_ADD_MEMBERSHIP */
+
+/* Same with IPV6_DROP_MEMBERSHIP / IPV6_LEAVE_GROUP. */
+#ifndef IPV6_DROP_MEMBERSHIP
+#ifdef IPV6_LEAVE_GROUP
+#define IPV6_DROP_MEMBERSHIP IPV6_LEAVE_GROUP
+#endif /* IPV6_LEAVE_GROUP */
+#endif /* !IPV6_DROP_MEMBERSHIP */
+
+typedef int t_socket;
+typedef t_socket *p_socket;
+typedef struct sockaddr_storage t_sockaddr_storage;
+
+#define SOCKET_INVALID (-1)
+
+#endif /* USOCKET_H */

src/deps/src/luasec/src/luasocket/wsocket.c

@@ -0,0 +1,429 @@
+/*=========================================================================*\
+* Socket compatibilization module for Win32
+* LuaSocket toolkit
+*
+* The penalty of calling select to avoid busy-wait is only paid when
+* the I/O call fail in the first place. 
+\*=========================================================================*/
+#include <string.h>
+
+#include "socket.h"
+
+/* WinSock doesn't have a strerror... */
+static const char *wstrerror(int err);
+
+/*-------------------------------------------------------------------------*\
+* Initializes module 
+\*-------------------------------------------------------------------------*/
+int socket_open(void) {
+    WSADATA wsaData;
+    WORD wVersionRequested = MAKEWORD(2, 0); 
+    int err = WSAStartup(wVersionRequested, &wsaData );
+    if (err != 0) return 0;
+    if ((LOBYTE(wsaData.wVersion) != 2 || HIBYTE(wsaData.wVersion) != 0) &&
+        (LOBYTE(wsaData.wVersion) != 1 || HIBYTE(wsaData.wVersion) != 1)) {
+        WSACleanup();
+        return 0; 
+    }
+    return 1;
+}
+
+/*-------------------------------------------------------------------------*\
+* Close module 
+\*-------------------------------------------------------------------------*/
+int socket_close(void) {
+    WSACleanup();
+    return 1;
+}
+
+/*-------------------------------------------------------------------------*\
+* Wait for readable/writable/connected socket with timeout
+\*-------------------------------------------------------------------------*/
+int socket_waitfd(p_socket ps, int sw, p_timeout tm) {
+    int ret;
+    fd_set rfds, wfds, efds, *rp = NULL, *wp = NULL, *ep = NULL;
+    struct timeval tv, *tp = NULL;
+    double t;
+    if (timeout_iszero(tm)) return IO_TIMEOUT;  /* optimize timeout == 0 case */
+    if (sw & WAITFD_R) { 
+        FD_ZERO(&rfds); 
+        FD_SET(*ps, &rfds);
+        rp = &rfds; 
+    }
+    if (sw & WAITFD_W) { FD_ZERO(&wfds); FD_SET(*ps, &wfds); wp = &wfds; }
+    if (sw & WAITFD_C) { FD_ZERO(&efds); FD_SET(*ps, &efds); ep = &efds; }
+    if ((t = timeout_get(tm)) >= 0.0) {
+        tv.tv_sec = (int) t;
+        tv.tv_usec = (int) ((t-tv.tv_sec)*1.0e6);
+        tp = &tv;
+    }
+    ret = select(0, rp, wp, ep, tp);
+    if (ret == -1) return WSAGetLastError();
+    if (ret == 0) return IO_TIMEOUT;
+    if (sw == WAITFD_C && FD_ISSET(*ps, &efds)) return IO_CLOSED;
+    return IO_DONE;
+}
+
+/*-------------------------------------------------------------------------*\
+* Select with int timeout in ms
+\*-------------------------------------------------------------------------*/
+int socket_select(t_socket n, fd_set *rfds, fd_set *wfds, fd_set *efds, 
+        p_timeout tm) {
+    struct timeval tv; 
+    double t = timeout_get(tm);
+    tv.tv_sec = (int) t;
+    tv.tv_usec = (int) ((t - tv.tv_sec) * 1.0e6);
+    if (n <= 0) {
+        Sleep((DWORD) (1000*t));
+        return 0;
+    } else return select(0, rfds, wfds, efds, t >= 0.0? &tv: NULL);
+}
+
+/*-------------------------------------------------------------------------*\
+* Close and inutilize socket
+\*-------------------------------------------------------------------------*/
+void socket_destroy(p_socket ps) {
+    if (*ps != SOCKET_INVALID) {
+        socket_setblocking(ps); /* close can take a long time on WIN32 */
+        closesocket(*ps);
+        *ps = SOCKET_INVALID;
+    }
+}
+
+/*-------------------------------------------------------------------------*\
+* 
+\*-------------------------------------------------------------------------*/
+void socket_shutdown(p_socket ps, int how) {
+    socket_setblocking(ps);
+    shutdown(*ps, how);
+    socket_setnonblocking(ps);
+}
+
+/*-------------------------------------------------------------------------*\
+* Creates and sets up a socket
+\*-------------------------------------------------------------------------*/
+int socket_create(p_socket ps, int domain, int type, int protocol) {
+    *ps = socket(domain, type, protocol);
+    if (*ps != SOCKET_INVALID) return IO_DONE;
+    else return WSAGetLastError();
+}
+
+/*-------------------------------------------------------------------------*\
+* Connects or returns error message
+\*-------------------------------------------------------------------------*/
+int socket_connect(p_socket ps, SA *addr, socklen_t len, p_timeout tm) {
+    int err;
+    /* don't call on closed socket */
+    if (*ps == SOCKET_INVALID) return IO_CLOSED;
+    /* ask system to connect */
+    if (connect(*ps, addr, len) == 0) return IO_DONE;
+    /* make sure the system is trying to connect */
+    err = WSAGetLastError();
+    if (err != WSAEWOULDBLOCK && err != WSAEINPROGRESS) return err;
+    /* zero timeout case optimization */
+    if (timeout_iszero(tm)) return IO_TIMEOUT;
+    /* we wait until something happens */
+    err = socket_waitfd(ps, WAITFD_C, tm);
+    if (err == IO_CLOSED) {
+        int len = sizeof(err);
+        /* give windows time to set the error (yes, disgusting) */
+        Sleep(10);
+        /* find out why we failed */
+        getsockopt(*ps, SOL_SOCKET, SO_ERROR, (char *)&err, &len); 
+        /* we KNOW there was an error. if 'why' is 0, we will return
+        * "unknown error", but it's not really our fault */
+        return err > 0? err: IO_UNKNOWN; 
+    } else return err;
+
+}
+
+/*-------------------------------------------------------------------------*\
+* Binds or returns error message
+\*-------------------------------------------------------------------------*/
+int socket_bind(p_socket ps, SA *addr, socklen_t len) {
+    int err = IO_DONE;
+    socket_setblocking(ps);
+    if (bind(*ps, addr, len) < 0) err = WSAGetLastError();
+    socket_setnonblocking(ps);
+    return err;
+}
+
+/*-------------------------------------------------------------------------*\
+* 
+\*-------------------------------------------------------------------------*/
+int socket_listen(p_socket ps, int backlog) {
+    int err = IO_DONE;
+    socket_setblocking(ps);
+    if (listen(*ps, backlog) < 0) err = WSAGetLastError();
+    socket_setnonblocking(ps);
+    return err;
+}
+
+/*-------------------------------------------------------------------------*\
+* Accept with timeout
+\*-------------------------------------------------------------------------*/
+int socket_accept(p_socket ps, p_socket pa, SA *addr, socklen_t *len, 
+        p_timeout tm) {
+    if (*ps == SOCKET_INVALID) return IO_CLOSED;
+    for ( ;; ) {
+        int err;
+        /* try to get client socket */
+        if ((*pa = accept(*ps, addr, len)) != SOCKET_INVALID) return IO_DONE;
+        /* find out why we failed */
+        err = WSAGetLastError(); 
+        /* if we failed because there was no connectoin, keep trying */
+        if (err != WSAEWOULDBLOCK && err != WSAECONNABORTED) return err;
+        /* call select to avoid busy wait */
+        if ((err = socket_waitfd(ps, WAITFD_R, tm)) != IO_DONE) return err;
+    } 
+}
+
+/*-------------------------------------------------------------------------*\
+* Send with timeout
+* On windows, if you try to send 10MB, the OS will buffer EVERYTHING 
+* this can take an awful lot of time and we will end up blocked. 
+* Therefore, whoever calls this function should not pass a huge buffer.
+\*-------------------------------------------------------------------------*/
+int socket_send(p_socket ps, const char *data, size_t count, 
+        size_t *sent, p_timeout tm)
+{
+    int err;
+    *sent = 0;
+    /* avoid making system calls on closed sockets */
+    if (*ps == SOCKET_INVALID) return IO_CLOSED;
+    /* loop until we send something or we give up on error */
+    for ( ;; ) {
+        /* try to send something */
+        int put = send(*ps, data, (int) count, 0);
+        /* if we sent something, we are done */
+        if (put > 0) {
+            *sent = put;
+            return IO_DONE;
+        }
+        /* deal with failure */
+        err = WSAGetLastError(); 
+        /* we can only proceed if there was no serious error */
+        if (err != WSAEWOULDBLOCK) return err;
+        /* avoid busy wait */
+        if ((err = socket_waitfd(ps, WAITFD_W, tm)) != IO_DONE) return err;
+    } 
+}
+
+/*-------------------------------------------------------------------------*\
+* Sendto with timeout
+\*-------------------------------------------------------------------------*/
+int socket_sendto(p_socket ps, const char *data, size_t count, size_t *sent, 
+        SA *addr, socklen_t len, p_timeout tm)
+{
+    int err;
+    *sent = 0;
+    if (*ps == SOCKET_INVALID) return IO_CLOSED;
+    for ( ;; ) {
+        int put = sendto(*ps, data, (int) count, 0, addr, len);
+        if (put > 0) {
+            *sent = put;
+            return IO_DONE;
+        }
+        err = WSAGetLastError(); 
+        if (err != WSAEWOULDBLOCK) return err;
+        if ((err = socket_waitfd(ps, WAITFD_W, tm)) != IO_DONE) return err;
+    } 
+}
+
+/*-------------------------------------------------------------------------*\
+* Receive with timeout
+\*-------------------------------------------------------------------------*/
+int socket_recv(p_socket ps, char *data, size_t count, size_t *got, 
+        p_timeout tm) 
+{
+    int err, prev = IO_DONE;
+    *got = 0;
+    if (*ps == SOCKET_INVALID) return IO_CLOSED;
+    for ( ;; ) {
+        int taken = recv(*ps, data, (int) count, 0);
+        if (taken > 0) {
+            *got = taken;
+            return IO_DONE;
+        }
+        if (taken == 0) return IO_CLOSED;
+        err = WSAGetLastError();
+        /* On UDP, a connreset simply means the previous send failed. 
+         * So we try again. 
+         * On TCP, it means our socket is now useless, so the error passes. 
+         * (We will loop again, exiting because the same error will happen) */
+        if (err != WSAEWOULDBLOCK) {
+            if (err != WSAECONNRESET || prev == WSAECONNRESET) return err;
+            prev = err;
+        }
+        if ((err = socket_waitfd(ps, WAITFD_R, tm)) != IO_DONE) return err;
+    }
+}
+
+/*-------------------------------------------------------------------------*\
+* Recvfrom with timeout
+\*-------------------------------------------------------------------------*/
+int socket_recvfrom(p_socket ps, char *data, size_t count, size_t *got, 
+        SA *addr, socklen_t *len, p_timeout tm) 
+{
+    int err, prev = IO_DONE;
+    *got = 0;
+    if (*ps == SOCKET_INVALID) return IO_CLOSED;
+    for ( ;; ) {
+        int taken = recvfrom(*ps, data, (int) count, 0, addr, len);
+        if (taken > 0) {
+            *got = taken;
+            return IO_DONE;
+        }
+        if (taken == 0) return IO_CLOSED;
+        err = WSAGetLastError();
+        /* On UDP, a connreset simply means the previous send failed. 
+         * So we try again. 
+         * On TCP, it means our socket is now useless, so the error passes.
+         * (We will loop again, exiting because the same error will happen) */
+        if (err != WSAEWOULDBLOCK) {
+            if (err != WSAECONNRESET || prev == WSAECONNRESET) return err;
+            prev = err;
+        }
+        if ((err = socket_waitfd(ps, WAITFD_R, tm)) != IO_DONE) return err;
+    }
+}
+
+/*-------------------------------------------------------------------------*\
+* Put socket into blocking mode
+\*-------------------------------------------------------------------------*/
+void socket_setblocking(p_socket ps) {
+    u_long argp = 0;
+    ioctlsocket(*ps, FIONBIO, &argp);
+}
+
+/*-------------------------------------------------------------------------*\
+* Put socket into non-blocking mode
+\*-------------------------------------------------------------------------*/
+void socket_setnonblocking(p_socket ps) {
+    u_long argp = 1;
+    ioctlsocket(*ps, FIONBIO, &argp);
+}
+
+/*-------------------------------------------------------------------------*\
+* DNS helpers 
+\*-------------------------------------------------------------------------*/
+int socket_gethostbyaddr(const char *addr, socklen_t len, struct hostent **hp) {
+    *hp = gethostbyaddr(addr, len, AF_INET);
+    if (*hp) return IO_DONE;
+    else return WSAGetLastError();
+}
+
+int socket_gethostbyname(const char *addr, struct hostent **hp) {
+    *hp = gethostbyname(addr);
+    if (*hp) return IO_DONE;
+    else return  WSAGetLastError();
+}
+
+/*-------------------------------------------------------------------------*\
+* Error translation functions
+\*-------------------------------------------------------------------------*/
+const char *socket_hoststrerror(int err) {
+    if (err <= 0) return io_strerror(err);
+    switch (err) {
+        case WSAHOST_NOT_FOUND: return "host not found";
+        default: return wstrerror(err); 
+    }
+}
+
+const char *socket_strerror(int err) {
+    if (err <= 0) return io_strerror(err);
+    switch (err) {
+        case WSAEADDRINUSE: return "address already in use";
+        case WSAECONNREFUSED: return "connection refused";
+        case WSAEISCONN: return "already connected";
+        case WSAEACCES: return "permission denied";
+        case WSAECONNABORTED: return "closed";
+        case WSAECONNRESET: return "closed";
+        case WSAETIMEDOUT: return "timeout";
+        default: return wstrerror(err);
+    }
+}
+
+const char *socket_ioerror(p_socket ps, int err) {
+    (void) ps;
+    return socket_strerror(err);
+}
+
+static const char *wstrerror(int err) {
+    switch (err) {
+        case WSAEINTR: return "Interrupted function call";
+        case WSAEACCES: return "Permission denied";
+        case WSAEFAULT: return "Bad address";
+        case WSAEINVAL: return "Invalid argument";
+        case WSAEMFILE: return "Too many open files";
+        case WSAEWOULDBLOCK: return "Resource temporarily unavailable";
+        case WSAEINPROGRESS: return "Operation now in progress";
+        case WSAEALREADY: return "Operation already in progress";
+        case WSAENOTSOCK: return "Socket operation on nonsocket";
+        case WSAEDESTADDRREQ: return "Destination address required";
+        case WSAEMSGSIZE: return "Message too long";
+        case WSAEPROTOTYPE: return "Protocol wrong type for socket";
+        case WSAENOPROTOOPT: return "Bad protocol option";
+        case WSAEPROTONOSUPPORT: return "Protocol not supported";
+        case WSAESOCKTNOSUPPORT: return "Socket type not supported";
+        case WSAEOPNOTSUPP: return "Operation not supported";
+        case WSAEPFNOSUPPORT: return "Protocol family not supported";
+        case WSAEAFNOSUPPORT: 
+            return "Address family not supported by protocol family"; 
+        case WSAEADDRINUSE: return "Address already in use";
+        case WSAEADDRNOTAVAIL: return "Cannot assign requested address";
+        case WSAENETDOWN: return "Network is down";
+        case WSAENETUNREACH: return "Network is unreachable";
+        case WSAENETRESET: return "Network dropped connection on reset";
+        case WSAECONNABORTED: return "Software caused connection abort";
+        case WSAECONNRESET: return "Connection reset by peer";
+        case WSAENOBUFS: return "No buffer space available";
+        case WSAEISCONN: return "Socket is already connected";
+        case WSAENOTCONN: return "Socket is not connected";
+        case WSAESHUTDOWN: return "Cannot send after socket shutdown";
+        case WSAETIMEDOUT: return "Connection timed out";
+        case WSAECONNREFUSED: return "Connection refused";
+        case WSAEHOSTDOWN: return "Host is down";
+        case WSAEHOSTUNREACH: return "No route to host";
+        case WSAEPROCLIM: return "Too many processes";
+        case WSASYSNOTREADY: return "Network subsystem is unavailable";
+        case WSAVERNOTSUPPORTED: return "Winsock.dll version out of range";
+        case WSANOTINITIALISED: 
+            return "Successful WSAStartup not yet performed";
+        case WSAEDISCON: return "Graceful shutdown in progress";
+        case WSAHOST_NOT_FOUND: return "Host not found";
+        case WSATRY_AGAIN: return "Nonauthoritative host not found";
+        case WSANO_RECOVERY: return "Nonrecoverable name lookup error"; 
+        case WSANO_DATA: return "Valid name, no data record of requested type";
+        default: return "Unknown error";
+    }
+}
+
+const char *socket_gaistrerror(int err) {
+    if (err == 0) return NULL; 
+    switch (err) {
+        case EAI_AGAIN: return "temporary failure in name resolution";
+        case EAI_BADFLAGS: return "invalid value for ai_flags";
+#ifdef EAI_BADHINTS
+        case EAI_BADHINTS: return "invalid value for hints";
+#endif
+        case EAI_FAIL: return "non-recoverable failure in name resolution";
+        case EAI_FAMILY: return "ai_family not supported";
+        case EAI_MEMORY: return "memory allocation failure";
+        case EAI_NONAME: 
+            return "host or service not provided, or not known";
+#ifdef EAI_OVERFLOW
+        case EAI_OVERFLOW: return "argument buffer overflow";
+#endif
+#ifdef EAI_PROTOCOL
+        case EAI_PROTOCOL: return "resolved protocol is unknown";
+#endif
+        case EAI_SERVICE: return "service not supported for socket type";
+        case EAI_SOCKTYPE: return "ai_socktype not supported";
+#ifdef EAI_SYSTEM
+        case EAI_SYSTEM: return strerror(errno); 
+#endif
+        default: return gai_strerror(err);
+    }
+}
+

src/deps/src/luasec/src/luasocket/wsocket.h

@@ -0,0 +1,38 @@
+#ifndef WSOCKET_H
+#define WSOCKET_H
+/*=========================================================================*\
+* Socket compatibilization module for Win32
+* LuaSocket toolkit
+\*=========================================================================*/
+
+/*=========================================================================*\
+* WinSock include files
+\*=========================================================================*/
+#include <winsock2.h>
+#include <ws2tcpip.h>
+
+typedef int socklen_t;
+typedef SOCKADDR_STORAGE t_sockaddr_storage;
+typedef SOCKET t_socket;
+typedef t_socket *p_socket;
+
+#define WAITFD_R        1
+#define WAITFD_W        2
+#define WAITFD_E        4
+#define WAITFD_C        (WAITFD_E|WAITFD_W)
+
+#ifndef IPV6_V6ONLY
+#define IPV6_V6ONLY 27
+#endif
+
+#define SOCKET_INVALID (INVALID_SOCKET)
+
+#ifndef SO_REUSEPORT
+#define SO_REUSEPORT SO_REUSEADDR
+#endif
+
+#ifndef AI_NUMERICSERV
+#define AI_NUMERICSERV (0)
+#endif
+
+#endif /* WSOCKET_H */