From a46bb3bb92178884616e2b645241ee3fe0d962f7 Mon Sep 17 00:00:00 2001
From: daurnimator <quae@daurnimator.com>
Date: Mon, 3 Apr 2017 18:09:37 +1000
Subject: Allow unsetting ocsp response

---
 src/openssl.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/src/openssl.c b/src/openssl.c
index 59d4783..0de4f82 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -8434,14 +8434,18 @@ static int ssl_getTLSextStatusType(lua_State *L) {
 
 static int ssl_setTLSextStatusOCSPResp(lua_State *L) {
 	SSL *ssl = checksimple(L, 1, SSL_CLASS);
-	OCSP_RESPONSE *or = checksimple(L, 2, OCSP_RESPONSE_CLASS);
+	OCSP_RESPONSE *or = testsimple(L, 2, OCSP_RESPONSE_CLASS);
 
 	unsigned char *resp = NULL;
 	long resp_len;
 
-	resp_len = i2d_OCSP_RESPONSE(or, &resp);
-	if (resp_len <= 0)
-		return auxL_error(L, auxL_EOPENSSL, "ssl:setTLSextStatusOCSPResp");
+	if (or) {
+		resp_len = i2d_OCSP_RESPONSE(or, &resp);
+		if (resp_len <= 0)
+			return auxL_error(L, auxL_EOPENSSL, "ssl:setTLSextStatusOCSPResp");
+	} else {
+		resp_len = 0;
+	}
 
 	if (!SSL_set_tlsext_status_ocsp_resp(ssl, resp, resp_len))
 		return auxL_error(L, auxL_EOPENSSL, "ssl:setTLSextStatusOCSPResp");
-- 
cgit v1.2.3-59-g8ed1b