diff --git a/ncat/ncat_ssl.c b/ncat/ncat_ssl.c
index 3db40d480..700896ab7 100644
--- a/ncat/ncat_ssl.c
+++ b/ncat/ncat_ssl.c
@@ -315,7 +315,12 @@ static int cert_match_dnsname(X509 *cert, const char *hostname,
 
     /* We must copy this address into a temporary variable because ASN1_item_d2i
        increments it. We don't want it to corrupt ext->value->data. */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
     data = ext->value->data;
+#else
+    ASN1_OCTET_STRING* asn1_str = X509_EXTENSION_get_data(ext);
+    data = asn1_str->data;
+#endif
     /* Here we rely on the fact that the internal representation (the "i" in
        "i2d") for NID_subject_alt_name is STACK_OF(GENERAL_NAME). Converting it
        to a stack of CONF_VALUE with a i2v method is not satisfactory, because a
@@ -323,13 +328,27 @@ static int cert_match_dnsname(X509 *cert, const char *hostname,
        presence of null bytes. */
 #if (OPENSSL_VERSION_NUMBER > 0x00907000L)
     if (method->it != NULL) {
+    #if OPENSSL_VERSION_NUMBER < 0x10100000L
         gen_names = (STACK_OF(GENERAL_NAME) *) ASN1_item_d2i(NULL,
             (const unsigned char **) &data,
             ext->value->length, ASN1_ITEM_ptr(method->it));
+    #else
+        ASN1_OCTET_STRING* asn1_str_a = X509_EXTENSION_get_data(ext);
+        gen_names = (STACK_OF(GENERAL_NAME) *) ASN1_item_d2i(NULL,
+            (const unsigned char **) &data,
+            asn1_str_a->length, ASN1_ITEM_ptr(method->it));
+    #endif
     } else {
+    #if OPENSSL_VERSION_NUMBER < 0x10100000L
         gen_names = (STACK_OF(GENERAL_NAME) *) method->d2i(NULL,
             (const unsigned char **) &data,
             ext->value->length);
+    #else
+        ASN1_OCTET_STRING* asn1_str_b = X509_EXTENSION_get_data(ext);
+        gen_names = (STACK_OF(GENERAL_NAME) *) method->d2i(NULL,
+            (const unsigned char **) &data,
+            asn1_str_b->length);
+    #endif
     }
 #else
     gen_names = (STACK_OF(GENERAL_NAME) *) method->d2i(NULL,
diff --git a/ncat/test/test-wildcard.c b/ncat/test/test-wildcard.c
index 6865b8827..25157ec2b 100644
--- a/ncat/test/test-wildcard.c
+++ b/ncat/test/test-wildcard.c
@@ -253,7 +253,11 @@ static int set_dNSNames(X509 *cert, const struct lstr dNSNames[])
         if (gen_name == NULL)
             goto stack_err;
         gen_name->type = GEN_DNS;
+    #if OPENSSL_VERSION_NUMBER < 0x10100000L
         gen_name->d.dNSName = M_ASN1_IA5STRING_new();
+    #else
+        gen_name->d.dNSName = ASN1_IA5STRING_new();
+    #endif
         if (gen_name->d.dNSName == NULL)
             goto name_err;
         if (ASN1_STRING_set(gen_name->d.dNSName, name->s, name->len) == 0)
diff --git a/nping/Crypto.cc b/nping/Crypto.cc
index 0524652f6..e747d40b3 100644
--- a/nping/Crypto.cc
+++ b/nping/Crypto.cc
@@ -178,21 +178,39 @@ int Crypto::aes128_cbc_encrypt(u8 *inbuff, size_t inlen, u8 *dst_buff, u8 *key,
   #ifdef HAVE_OPENSSL
     if( o.doCrypto() ){
         int flen=0, flen2=0;
-        EVP_CIPHER_CTX ctx;
-        EVP_CIPHER_CTX_init(&ctx);
-        EVP_CIPHER_CTX_set_padding(&ctx, 0);
-        int result=OP_SUCCESS;
-        if( EVP_EncryptInit(&ctx, EVP_aes_128_cbc(), key, iv)==0 ){
-            nping_print(DBG_4, "EVP_EncryptInit() failed");
-            result=OP_FAILURE;
-        }else if( EVP_EncryptUpdate(&ctx, dst_buff, &flen, inbuff, (int)inlen)==0 ){
-            nping_print(DBG_4, "EVP_EncryptUpdate() failed");
-            result=OP_FAILURE;
-        }else if( EVP_EncryptFinal(&ctx, dst_buff+flen, &flen2)==0 ){
-            nping_print(DBG_4, "EVP_EncryptFinal() failed");
-            result=OP_FAILURE;
-        }
-        EVP_CIPHER_CTX_cleanup(&ctx);
+        #if OPENSSL_VERSION_NUMBER < 0x10100000L
+          EVP_CIPHER_CTX ctx;
+          EVP_CIPHER_CTX_init(&ctx);
+          EVP_CIPHER_CTX_set_padding(&ctx, 0);
+          int result=OP_SUCCESS;
+          if( EVP_EncryptInit(&ctx, EVP_aes_128_cbc(), key, iv)==0 ){
+              nping_print(DBG_4, "EVP_EncryptInit() failed");
+              result=OP_FAILURE;
+          }else if( EVP_EncryptUpdate(&ctx, dst_buff, &flen, inbuff, (int)inlen)==0 ){
+              nping_print(DBG_4, "EVP_EncryptUpdate() failed");
+              result=OP_FAILURE;
+          }else if( EVP_EncryptFinal(&ctx, dst_buff+flen, &flen2)==0 ){
+              nping_print(DBG_4, "EVP_EncryptFinal() failed");
+              result=OP_FAILURE;
+          }
+          EVP_CIPHER_CTX_cleanup(&ctx);
+        #else
+          EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
+          EVP_CIPHER_CTX_reset(ctx);
+          EVP_CIPHER_CTX_set_padding(ctx, 0);
+          int result=OP_SUCCESS;
+          if( EVP_EncryptInit(ctx, EVP_aes_128_cbc(), key, iv)==0 ){
+              nping_print(DBG_4, "EVP_EncryptInit() failed");
+              result=OP_FAILURE;
+          }else if( EVP_EncryptUpdate(ctx, dst_buff, &flen, inbuff, (int)inlen)==0 ){
+              nping_print(DBG_4, "EVP_EncryptUpdate() failed");
+              result=OP_FAILURE;
+          }else if( EVP_EncryptFinal(ctx, dst_buff+flen, &flen2)==0 ){
+              nping_print(DBG_4, "EVP_EncryptFinal() failed");
+              result=OP_FAILURE;
+          }
+          EVP_CIPHER_CTX_cleanup(ctx);
+        #endif
         return result;
     }
   #endif
@@ -213,19 +231,35 @@ int Crypto::aes128_cbc_decrypt(u8 *inbuff, size_t inlen, u8 *dst_buff, u8 *key,
   #ifdef HAVE_OPENSSL
     if( o.doCrypto() ){
         int flen1=0, flen2=0;
-        EVP_CIPHER_CTX ctx;
-        EVP_CIPHER_CTX_init(&ctx);
-        EVP_CIPHER_CTX_set_padding(&ctx, 0);
-        int result=OP_SUCCESS;
-        if( EVP_DecryptInit(&ctx, EVP_aes_128_cbc(), key, iv)==0 ){
-            nping_print(DBG_4, "EVP_DecryptInit() failed");
-            result=OP_FAILURE;
-        }else if( EVP_DecryptUpdate(&ctx, dst_buff, &flen1, inbuff, (int)inlen)==0 ){
-            nping_print(DBG_4, "EVP_DecryptUpdate() failed");
-            result=OP_FAILURE;
-        }else  if( EVP_DecryptFinal(&ctx, dst_buff+flen1, &flen2)==0 ){
-            nping_print(DBG_4, "OpenSSL bug: it says EVP_DecryptFinal() failed when it didn't (%s).",
-                    ERR_error_string(ERR_peek_last_error(), NULL));
+        #if OPENSSL_VERSION_NUMBER < 0x10100000L
+          EVP_CIPHER_CTX ctx;
+          EVP_CIPHER_CTX_init(&ctx);
+          EVP_CIPHER_CTX_set_padding(&ctx, 0);
+          int result=OP_SUCCESS;
+          if( EVP_DecryptInit(&ctx, EVP_aes_128_cbc(), key, iv)==0 ){
+              nping_print(DBG_4, "EVP_DecryptInit() failed");
+              result=OP_FAILURE;
+          }else if( EVP_DecryptUpdate(&ctx, dst_buff, &flen1, inbuff, (int)inlen)==0 ){
+              nping_print(DBG_4, "EVP_DecryptUpdate() failed");
+              result=OP_FAILURE;
+          }else  if( EVP_DecryptFinal(&ctx, dst_buff+flen1, &flen2)==0 ){
+              nping_print(DBG_4, "OpenSSL bug: it says EVP_DecryptFinal() failed when it didn't (%s).",
+                      ERR_error_string(ERR_peek_last_error(), NULL));
+        #else
+          EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
+          EVP_CIPHER_CTX_reset(ctx);
+          EVP_CIPHER_CTX_set_padding(ctx, 0);
+          int result=OP_SUCCESS;
+          if( EVP_DecryptInit(ctx, EVP_aes_128_cbc(), key, iv)==0 ){
+              nping_print(DBG_4, "EVP_DecryptInit() failed");
+              result=OP_FAILURE;
+          }else if( EVP_DecryptUpdate(ctx, dst_buff, &flen1, inbuff, (int)inlen)==0 ){
+              nping_print(DBG_4, "EVP_DecryptUpdate() failed");
+              result=OP_FAILURE;
+          }else  if( EVP_DecryptFinal(ctx, dst_buff+flen1, &flen2)==0 ){
+              nping_print(DBG_4, "OpenSSL bug: it says EVP_DecryptFinal() failed when it didn't (%s).",
+                      ERR_error_string(ERR_peek_last_error(), NULL));
+        #endif
             /* We do not return OP_FAILURE in this case because the
              * EVP_DecryptFinal() function seems to be buggy and fails when it shouldn't.
              * We are passing a buffer whose length is multiple of the AES block
@@ -252,7 +286,11 @@ int Crypto::aes128_cbc_decrypt(u8 *inbuff, size_t inlen, u8 *dst_buff, u8 *key,
             //ERR_free_strings();
             //ERR_pop_to_mark();
         }
-        EVP_CIPHER_CTX_cleanup(&ctx);
+        #if OPENSSL_VERSION_NUMBER < 0x10100000L
+          EVP_CIPHER_CTX_cleanup(&ctx);
+        #else
+          EVP_CIPHER_CTX_reset(ctx);
+        #endif
         return result;
     }
   #endif
@@ -289,6 +327,7 @@ u8 *Crypto::deriveKey(const u8 *from, size_t fromlen, size_t *final_len){
         static u8 hash[MAX(SHA256_HASH_LEN, EVP_MAX_MD_SIZE)];
         static u8 next[MAX(SHA256_HASH_LEN, EVP_MAX_MD_SIZE)];
         unsigned int lastlen;
+      #if OPENSSL_VERSION_NUMBER < 0x10100000L
         EVP_MD_CTX ctx;
         EVP_MD_CTX_init(&ctx);
 
@@ -310,7 +349,33 @@ u8 *Crypto::deriveKey(const u8 *from, size_t fromlen, size_t *final_len){
         }
         if(final_len!=NULL)
           *final_len=SHA256_HASH_LEN;
+
         EVP_MD_CTX_cleanup(&ctx);
+      #else
+        EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+        EVP_MD_CTX_init(ctx);
+
+        if( EVP_MD_size(EVP_sha256()) != SHA256_HASH_LEN )
+          nping_fatal(QT_2, "OpenSSL is broken. SHA256 len is %d\n", EVP_MD_size(EVP_sha256()) );
+
+        /* Compute the SHA256 hash of the supplied buffer */
+        EVP_DigestInit(ctx, EVP_sha256());
+        EVP_DigestUpdate(ctx, from, fromlen);
+        EVP_DigestFinal(ctx, hash, &lastlen);
+
+        /* Now compute the 1000th hash of that hash */
+        for(int i=0; i<TIMES_KEY_DERIVATION; i++){
+        EVP_MD_CTX_init(ctx);
+        EVP_DigestInit(ctx, EVP_sha256());
+        EVP_DigestUpdate(ctx, hash, SHA256_HASH_LEN);
+        EVP_DigestFinal(ctx, next, &lastlen);
+        memcpy(hash, next, SHA256_HASH_LEN);
+        }
+        if(final_len!=NULL)
+          *final_len=SHA256_HASH_LEN;
+
+        EVP_MD_CTX_free(ctx);
+      #endif
         return hash;
     }
   #endif
diff --git a/nse_openssl.cc b/nse_openssl.cc
index a85443171..74f198a68 100644
--- a/nse_openssl.cc
+++ b/nse_openssl.cc
@@ -281,12 +281,17 @@ static int l_digest(lua_State *L)     /** digest(string algorithm, string messag
   const unsigned char *msg = (unsigned char *) luaL_checklstring( L, 2, &msg_len );
   unsigned char digest[EVP_MAX_MD_SIZE];
   const EVP_MD * evp_md;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
   EVP_MD_CTX mdctx;
+#else
+  EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
+#endif
 
   evp_md = EVP_get_digestbyname( algorithm );
 
   if (!evp_md) return luaL_error( L, "Unknown digest algorithm: %s", algorithm );
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
   EVP_MD_CTX_init(&mdctx);
   if (!(
       EVP_DigestInit_ex( &mdctx, evp_md, NULL ) &&
@@ -298,6 +303,22 @@ static int l_digest(lua_State *L)     /** digest(string algorithm, string messag
                        ERR_func_error_string(e), ERR_reason_error_string(e));
   }
   EVP_MD_CTX_cleanup( &mdctx );
+#else
+  EVP_MD_CTX_reset(mdctx);
+  if (!(
+      EVP_DigestInit_ex( mdctx, evp_md, NULL ) &&
+      EVP_DigestUpdate( mdctx, msg, msg_len ) &&
+      EVP_DigestFinal_ex( mdctx, digest, &digest_len ))) {
+    /* EVP_MD_CTX_cleanup deprecated in OpenSSL 1.1 _ EVP_MD_CTX_reset() 
+    should be called instead to reinitialise an already created structure. */
+    EVP_MD_CTX_reset( mdctx );
+    unsigned long e = ERR_get_error();
+    return luaL_error( L, "OpenSSL error %d in %s: function %s: %s", e, ERR_lib_error_string(e),
+                       ERR_func_error_string(e), ERR_reason_error_string(e));
+  }
+  /* EVP_MD_CTX_cleanup deprecated in OpenSSL 1.1 */
+  EVP_MD_CTX_reset( mdctx );
+#endif
 
   lua_pushlstring( L, (char *) digest, digest_len );
   return 1;
@@ -373,6 +394,7 @@ static int l_encrypt(lua_State *L) /** encrypt( string algorithm, string key, st
   if (iv[0] == '\0')
     iv = NULL;
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
   EVP_CIPHER_CTX cipher_ctx;
   EVP_CIPHER_CTX_init( &cipher_ctx );
 
@@ -410,6 +432,51 @@ static int l_encrypt(lua_State *L) /** encrypt( string algorithm, string key, st
   lua_pushlstring( L, (char *) out, out_len + final_len );
 
   EVP_CIPHER_CTX_cleanup( &cipher_ctx );
+#else
+  EVP_CIPHER_CTX *cipher_ctx = EVP_CIPHER_CTX_new();
+  /* EVP_CIPHER_CTX_init remains as an alias for EVP_CIPHER_CTX_reset() 
+  in OpenSSL 1.1.0. As this symbol was missing in the static library,
+  I replaced it with EVP_CIPHER_CTX_reset */
+  EVP_CIPHER_CTX_reset( cipher_ctx );
+
+  /* First create the cipher context, then set the key length and padding, and
+     check the iv length. Below we set the key and iv. */
+  if (!(
+      EVP_EncryptInit_ex( cipher_ctx, evp_cipher, NULL, NULL, NULL ) &&
+      EVP_CIPHER_CTX_set_key_length( cipher_ctx, key_len ) &&
+      EVP_CIPHER_CTX_set_padding( cipher_ctx, padding ))) {
+    unsigned long e = ERR_get_error();
+    return luaL_error( L, "OpenSSL error %d in %s: function %s: %s", e, ERR_lib_error_string(e),
+                       ERR_func_error_string(e), ERR_reason_error_string(e));
+  }
+
+  if (iv != NULL && (int) iv_len != EVP_CIPHER_CTX_iv_length( cipher_ctx )) {
+    return luaL_error( L, "Length of iv is %d; should be %d",
+      (int) iv_len, EVP_CIPHER_CTX_iv_length( cipher_ctx ));
+  }
+
+  int out_len, final_len;
+  unsigned char * out = (unsigned char *) malloc( data_len + EVP_MAX_BLOCK_LENGTH );
+  if (!out) return luaL_error( L, "Couldn't allocate memory.");
+
+  if (!(
+      EVP_EncryptInit_ex( cipher_ctx, NULL, NULL, key, iv ) &&
+      EVP_EncryptUpdate( cipher_ctx, out, &out_len, data, data_len ) &&
+      EVP_EncryptFinal_ex( cipher_ctx, out + out_len, &final_len ) )) {
+    /* EVP_CIPHER_CTX_cleanup is now deprecated in OpenSSL 1.1 _ replaced by 
+      EVP_CIPHER_CTX_reset (same args & return value) */
+    EVP_CIPHER_CTX_reset( cipher_ctx );
+    free( out );
+    unsigned long e = ERR_get_error();
+    return luaL_error( L, "OpenSSL error %d in %s: function %s: %s", e, ERR_lib_error_string(e),
+                       ERR_func_error_string(e), ERR_reason_error_string(e));
+  }
+
+  lua_pushlstring( L, (char *) out, out_len + final_len );
+
+  /* EVP_CIPHER_CTX_cleanup deprecated in OpenSSL 1.1 */
+  EVP_CIPHER_CTX_reset( cipher_ctx );
+#endif
   free( out );
 
   return 1;
@@ -429,6 +496,7 @@ static int l_decrypt(lua_State *L) /** decrypt( string algorithm, string key, st
   if (iv[0] == '\0')
     iv = NULL;
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
   EVP_CIPHER_CTX cipher_ctx;
   EVP_CIPHER_CTX_init( &cipher_ctx );
 
@@ -464,6 +532,48 @@ static int l_decrypt(lua_State *L) /** decrypt( string algorithm, string key, st
   lua_pushlstring( L, (char *) out, out_len + final_len );
 
   EVP_CIPHER_CTX_cleanup( &cipher_ctx );
+#else
+  EVP_CIPHER_CTX *cipher_ctx = EVP_CIPHER_CTX_new();
+  /* EVP_CIPHER_CTX_init remains as an alias for EVP_CIPHER_CTX_reset() 
+  in OpenSSL 1.1.0. As this symbol was missing in the static library,
+  I replaced it with EVP_CIPHER_CTX_reset */
+  EVP_CIPHER_CTX_reset( cipher_ctx );
+
+  if (!(
+      EVP_DecryptInit_ex( cipher_ctx, evp_cipher, NULL, NULL, NULL ) &&
+      EVP_CIPHER_CTX_set_key_length( cipher_ctx, key_len ) &&
+      EVP_CIPHER_CTX_set_padding( cipher_ctx, padding ))) {
+    unsigned long e = ERR_get_error();
+    return luaL_error( L, "OpenSSL error %d in %s: function %s: %s", e, ERR_lib_error_string(e),
+                       ERR_func_error_string(e), ERR_reason_error_string(e));
+  }
+
+  if (iv != NULL && (int) iv_len != EVP_CIPHER_CTX_iv_length( cipher_ctx )) {
+    return luaL_error( L, "Length of iv is %d; should be %d",
+      (int) iv_len, EVP_CIPHER_CTX_iv_length( cipher_ctx ));
+  }
+
+  int out_len, final_len;
+  unsigned char * out = (unsigned char *) malloc( data_len );
+  if (!out) return luaL_error( L, "Couldn't allocate memory.");
+
+  if (!(
+      EVP_DecryptInit_ex( cipher_ctx, NULL, NULL, key, iv ) &&
+      EVP_DecryptUpdate( cipher_ctx, out, &out_len, data, data_len ) &&
+      EVP_DecryptFinal_ex( cipher_ctx, out + out_len, &final_len ) )) {
+    /* EVP_CIPHER_CTX_cleanup deprecated in OpenSSL 1.1 */
+    EVP_CIPHER_CTX_reset( cipher_ctx );
+    free( out );
+    unsigned long e = ERR_get_error();
+    return luaL_error( L, "OpenSSL error %d in %s: function %s: %s", e, ERR_lib_error_string(e),
+                       ERR_func_error_string(e), ERR_reason_error_string(e));
+  }
+
+  lua_pushlstring( L, (char *) out, out_len + final_len );
+
+  /* EVP_CIPHER_CTX_cleanup deprecated in OpenSSL 1.1 */
+  EVP_CIPHER_CTX_reset( cipher_ctx );
+#endif
   free( out );
 
   return 1;
@@ -574,7 +684,13 @@ static const struct luaL_Reg openssllib[] = {
 LUALIB_API int luaopen_openssl(lua_State *L) {
 
   OpenSSL_add_all_algorithms();
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
   ERR_load_crypto_strings();
+#else
+  /* This is now deprecated in OpenSSL 1.1.0 _ No explicit initialisation 
+    or de-initialisation is necessary */
+  // ERR_load_crypto_strings(); 
+#endif
 
   luaL_newlib(L, openssllib);
 
diff --git a/nse_ssl_cert.cc b/nse_ssl_cert.cc
index 4b439ee58..3867a88f1 100644
--- a/nse_ssl_cert.cc
+++ b/nse_ssl_cert.cc
@@ -133,6 +133,7 @@
 #include <openssl/pem.h>
 #include <openssl/ssl.h>
 #include <openssl/x509.h>
+#include <openssl/evp.h>
 
 extern "C"
 {
@@ -384,7 +385,7 @@ static void asn1_time_to_obj(lua_State *L, const ASN1_TIME *s)
 /* This is a helper function for x509_validity_to_table. It builds a table with
    the two members "notBefore" and "notAfter", whose values are what is returned
    from asn1_time_to_obj. */
-static void x509_validity_to_table(lua_State *L, const X509 *cert)
+static void x509_validity_to_table(lua_State *L, X509 *cert)
 {
   lua_newtable(L);
 
@@ -527,7 +528,11 @@ static int parse_ssl_cert(lua_State *L, X509 *cert)
     lua_setfield(L, -2, "subject");
   }
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
   const char *sig_algo = OBJ_nid2ln(OBJ_obj2nid(cert->sig_alg->algorithm));
+#else
+  const char *sig_algo = OBJ_nid2ln(X509_get_signature_nid(cert));
+#endif
   lua_pushstring(L, sig_algo);
   lua_setfield(L, -2, "sig_algorithm");
 
@@ -545,7 +550,11 @@ static int parse_ssl_cert(lua_State *L, X509 *cert)
 
   pubkey = X509_get_pubkey(cert);
   lua_newtable(L);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
   pkey_type = EVP_PKEY_type(pubkey->type);
+#else
+  pkey_type = EVP_PKEY_base_id(pubkey);
+#endif
 #ifdef EVP_PKEY_EC
   if (pkey_type == EVP_PKEY_EC) {
     lua_push_ecdhparams(L, pubkey);
@@ -558,7 +567,13 @@ static int parse_ssl_cert(lua_State *L, X509 *cert)
     bignum_data_t * data = (bignum_data_t *) lua_newuserdata( L, sizeof(bignum_data_t));
     luaL_getmetatable( L, "BIGNUM" );
     lua_setmetatable( L, -2 );
+  #if OPENSSL_VERSION_NUMBER < 0x10100000L
     data->bn = rsa->e;
+  #else
+    BIGNUM *n, *e, *d;
+    RSA_get0_key(rsa, &n, &e, &d);
+    data->bn = e;
+  #endif
     lua_setfield(L, -2, "exponent");
   }
   lua_pushstring(L, pkey_type_to_string(pkey_type));