…rate_key_ex() and DSA_generate_parameters_ex() instead of their deprecated counterpats (to use the new version you need to define DONT_USE_OPENSSL_DEPRECATED_FUNCTIONS, otherwise you still get the original one)
In luvit we were encountering a problem where crypto.verify was leaving an openssl error lying around and that was causing our TLS code to freak out since it found an error in SSL_get_error(). So, make sure we check for all cases and in the case of VerifyFinal that if the verify fails we clear the crypto errors too.
Detect what type of key we are dealing with and use the right to_pem function. This way we match the enconding that the openssl dsa|rsa apps use for certificates.
With this patch we can now do things like verify a x509 cert against a x509_ca then extract its pubkey and test a message signature. cert = crypto.x509_cert() cert:from_pem(server_cert) kpub = cert:pubkey() message = 'Hello world' verified = crypto.verify('md5', message, signature, kpub)