From 6aa6b669efbef62f60471c18e7fdef0206f92337 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>
Date: Sun, 26 Nov 2017 18:59:47 +0100
Subject: [PATCH] Support building with OpenSSL 1.1 w/o deprecated features

* src/openssl.c (ssl_init): Fix code for the subject's issue

Reported-by: Matthew Thode
---
 src/openssl.c | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/src/openssl.c b/src/openssl.c
index 0404d2d0..6f4dc1f1 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -174,11 +174,16 @@ ssl_init (void)
 {
   SSL_METHOD const *meth;
   long ssl_options = 0;
+#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+  int ssl_proto_version = 0;
+#endif
 
 #if OPENSSL_VERSION_NUMBER >= 0x00907000
   if (ssl_true_initialized == 0)
     {
+#if OPENSSL_API_COMPAT < 0x10100000L
       OPENSSL_config (NULL);
+#endif
       ssl_true_initialized = 1;
     }
 #endif
@@ -202,8 +207,12 @@ ssl_init (void)
   CONF_modules_load_file(NULL, NULL,
       CONF_MFLAGS_DEFAULT_SECTION|CONF_MFLAGS_IGNORE_MISSING_FILE);
 #endif
+#if OPENSSL_API_COMPAT >= 0x10100000L
+  OPENSSL_init_ssl(0, NULL);
+#else
   SSL_library_init ();
   SSL_load_error_strings ();
+#endif
 #if OPENSSL_VERSION_NUMBER < 0x10100000L
   SSLeay_add_all_algorithms ();
   SSLeay_add_ssl_algorithms ();
@@ -229,16 +238,31 @@ ssl_init (void)
       ssl_options |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
       break;
     case secure_protocol_tlsv1:
+#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+      meth = TLS_client_method();
+      ssl_proto_version = TLS1_VERSION;
+#else
       meth = TLSv1_client_method ();
+#endif
       break;
 
 #if OPENSSL_VERSION_NUMBER >= 0x10001000
     case secure_protocol_tlsv1_1:
+#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+      meth = TLS_client_method();
+      ssl_proto_version = TLS1_1_VERSION;
+#else
       meth = TLSv1_1_client_method ();
+#endif
       break;
 
     case secure_protocol_tlsv1_2:
+#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+      meth = TLS_client_method();
+      ssl_proto_version = TLS1_2_VERSION;
+#else
       meth = TLSv1_2_client_method ();
+#endif
       break;
 #else
     case secure_protocol_tlsv1_1:
@@ -265,6 +289,11 @@ ssl_init (void)
   if (ssl_options)
     SSL_CTX_set_options (ssl_ctx, ssl_options);
 
+#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+  if (ssl_proto_version)
+    SSL_CTX_set_min_proto_version(ssl_ctx, ssl_proto_version);
+#endif
+
   /* OpenSSL ciphers: https://www.openssl.org/docs/apps/ciphers.html
    * Since we want a good protection, we also use HIGH (that excludes MD4 ciphers and some more)
    */