diff -r 85d59ac3328b -r e26f1f91118a src/ssl.c
--- a/src/ssl.c	Sun Jul 03 13:13:36 2011 -0700
+++ b/src/ssl.c	Sun Jul 03 13:13:36 2011 -0700
@@ -23,7 +23,7 @@
 /* index into the SSL storage where the t_ssl is.
  * see SSL_get_ex_data().
  */
- static int luasec_ssl_idx;
+ int luasec_ssl_idx;
 
 /**
  * Map error code into string.
@@ -61,6 +61,8 @@
     SSL_free(ssl->ssl);
     ssl->ssl = NULL;
   }
+  luaL_unref(L, LUA_REGISTRYINDEX, ssl->t_cert_errors);
+  ssl->t_cert_errors = LUA_NOREF;
   return 0;
 }
 
@@ -251,6 +253,7 @@
 #endif
 
   SSL_set_ex_data(ssl->ssl, luasec_ssl_idx, ssl);
+  ssl->t_cert_errors = LUA_NOREF;
 
   if (mode == MD_CTX_SERVER)
     SSL_set_accept_state(ssl->ssl);
@@ -403,18 +406,12 @@
 /**
  * Return the validation state of the peer chain
  */
-static int meth_getpeerchainvalid(lua_State *L)
+static int meth_getpeerverification(lua_State *L)
 {
   p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
-  long result = SSL_get_verify_result(ssl->ssl);
 
-  if (result == X509_V_OK) {
-    lua_pushboolean(L, 1);
-    return 1;
-  }
-
-  lua_pushboolean(L, 0);
-  lua_pushstring(L, X509_verify_cert_error_string(result));
+  lua_pushboolean(L, SSL_get_verify_result(ssl->ssl) == X509_V_OK);
+  lua_rawgeti(L, LUA_REGISTRYINDEX, ssl->t_cert_errors);
   return 2;
 }
 
@@ -552,7 +549,7 @@
   {"compression",       meth_compression},
   {"getpeercertificate",meth_getpeercertificate},
   {"getpeerchain",      meth_getpeerchain},
-  {"getpeerchainvalid", meth_getpeerchainvalid},
+  {"getpeerverification", meth_getpeerverification},
   {"getfinished",       meth_getfinished},
   {"getpeerfinished",   meth_getpeerfinished},
   {NULL,                NULL}