diff -urN x11vnc-0.9.16.orig/src/enc.h x11vnc-0.9.16/src/enc.h
--- x11vnc-0.9.16.orig/src/enc.h	2019-01-05 16:22:11.000000000 +0300
+++ x11vnc-0.9.16/src/enc.h	2019-05-20 21:35:56.020459342 +0300
@@ -454,7 +454,7 @@
 		p++;
 		if (strstr(p, "md5+") == p) {
 			Digest = EVP_md5();        p += strlen("md5+");
-#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined OPENSSL_NO_SHA0
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)) && !defined OPENSSL_NO_SHA0
 		} else if (strstr(p, "sha+") == p) {
 			Digest = EVP_sha();        p += strlen("sha+");
 #endif
@@ -698,7 +698,7 @@
 	 */
 	unsigned char E_keystr[EVP_MAX_KEY_LENGTH];
 	unsigned char D_keystr[EVP_MAX_KEY_LENGTH];
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
 	EVP_CIPHER_CTX *E_ctx, *D_ctx;
 #else
 	EVP_CIPHER_CTX E_ctx, D_ctx;
@@ -745,7 +745,7 @@
 	encsym = encrypt ? "+" : "-";
 
 	/* use the encryption/decryption context variables below */
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
 	E_ctx = EVP_CIPHER_CTX_new();
 	D_ctx = EVP_CIPHER_CTX_new();
 	ctx = encrypt ? E_ctx : D_ctx;
@@ -1044,7 +1044,7 @@
 	fprintf(stderr,   "%s: %s - close sock_fr\n", prog, encstr);
 	close(sock_fr);
 
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
 	EVP_CIPHER_CTX_free(E_ctx);
 	EVP_CIPHER_CTX_free(D_ctx);
 #endif
@@ -1122,7 +1122,7 @@
 	char md5str[EVP_MAX_MD_SIZE * 8];
 	unsigned int i, size = 0;
 
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
 	md = EVP_MD_CTX_new();
 #else
 	md = EVP_MD_CTX_create();
@@ -1130,7 +1130,7 @@
 	EVP_DigestInit(md, EVP_md5());
 	EVP_DigestUpdate(md, rsabuf, SECUREVNC_RSA_PUBKEY_SIZE);
 	EVP_DigestFinal(md, (unsigned char *)digest, &size);
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
 	EVP_MD_CTX_free(md);
 #else
 	EVP_MD_CTX_destroy(md);
@@ -1390,7 +1390,7 @@
 	/*
 	 * Back to the work involving the tmp obscuring key:
 	 */
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
 	init_ctx = EVP_CIPHER_CTX_new();
 #else
 
@@ -1407,7 +1407,7 @@
 	n = read(server, (char *) buf, BSIZE);
 	fprintf(stderr, "securevnc_setup: data read: %d\n", n);
 	if (n < 0) {
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
 	EVP_CIPHER_CTX_free(init_ctx);
 #endif
 		exit(1);
@@ -1419,7 +1419,7 @@
 		memset(to_viewer, 0, sizeof(to_viewer));
 		if (EVP_CipherUpdate(init_ctx, to_viewer, &len, buf, n) == 0) {
 			sslexit("securevnc_setup: EVP_CipherUpdate(init_ctx) failed");
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
 			EVP_CIPHER_CTX_free(init_ctx);
 #endif
 			exit(1);
@@ -1427,7 +1427,7 @@
 		to_viewer_len = len;
 	}
 	EVP_CIPHER_CTX_cleanup(init_ctx);
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
 	EVP_CIPHER_CTX_free(init_ctx);
 #endif
 	free(initkey);
@@ -1504,7 +1504,7 @@
 			exit(1);
 		}
 
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
 		dctx = EVP_MD_CTX_new();
 #else
 		dctx = EVP_MD_CTX_create();
@@ -1545,7 +1545,7 @@
 			}
 		}
 		EVP_DigestFinal(dctx, (unsigned char *)digest, &ndig);
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
 		EVP_MD_CTX_free(dctx);
 #else
 		EVP_MD_CTX_destroy(dctx);
diff -urN x11vnc-0.9.16.orig/src/sslhelper.c x11vnc-0.9.16/src/sslhelper.c
--- x11vnc-0.9.16.orig/src/sslhelper.c	2019-01-05 16:22:11.000000000 +0300
+++ x11vnc-0.9.16/src/sslhelper.c	2019-05-20 21:37:18.904918507 +0300
@@ -803,7 +803,7 @@
 static int crl_callback(X509_STORE_CTX *callback_ctx) {
 	const ASN1_INTEGER *revoked_serial;
 	X509_STORE_CTX *store_ctx;
-#if OPENSSL_VERSION_NUMBER > 0x10100000L
+#if OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
 	X509_OBJECT *obj;
 #else
 	X509_OBJECT obj;
@@ -829,7 +829,7 @@
 	* the current certificate in order to verify it's integrity. */
 	store_ctx = X509_STORE_CTX_new();
 	X509_STORE_CTX_init(store_ctx, revocation_store, NULL, NULL);
-#if OPENSSL_VERSION_NUMBER > 0x10100000L
+#if OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
 	obj = X509_OBJECT_new();
 	rc=X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, subject, obj);
 	crl = X509_OBJECT_get0_X509_CRL(obj);
@@ -865,7 +865,7 @@
 			rfbLog("Invalid signature on CRL\n");
 			X509_STORE_CTX_set_error(callback_ctx,
 				X509_V_ERR_CRL_SIGNATURE_FAILURE);
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
 			X509_OBJECT_free(obj);
 #else
 			X509_OBJECT_free_contents(&obj);
@@ -883,7 +883,7 @@
 			rfbLog("Found CRL has invalid nextUpdate field\n");
 			X509_STORE_CTX_set_error(callback_ctx,
 				X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD);
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
 			X509_OBJECT_free(obj);
 #else
 			X509_OBJECT_free_contents(&obj);
@@ -894,14 +894,14 @@
 			rfbLog("Found CRL is expired - "
 				"revoking all certificates until you get updated CRL\n");
 			X509_STORE_CTX_set_error(callback_ctx, X509_V_ERR_CRL_HAS_EXPIRED);
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
 			X509_OBJECT_free(obj);
 #else
 			X509_OBJECT_free_contents(&obj);
 #endif
 			return 0; /* Reject connection */
 		}
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
 			X509_OBJECT_free(obj);
 #else
 			X509_OBJECT_free_contents(&obj);
@@ -912,7 +912,7 @@
 	 * the current certificate in order to check for revocation. */
 	store_ctx = X509_STORE_CTX_new();
 	X509_STORE_CTX_init(store_ctx, revocation_store, NULL, NULL);
-#if OPENSSL_VERSION_NUMBER > 0x10100000L
+#if OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
 	obj = X509_OBJECT_new();
 	rc=X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, issuer, obj);
 	crl = X509_OBJECT_get0_X509_CRL(obj);
@@ -929,7 +929,7 @@
 		n=sk_X509_REVOKED_num(X509_CRL_get_REVOKED(crl));
 		for(i=0; i<n; i++) {
 			revoked=sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i);
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
 			revoked_serial = X509_REVOKED_get0_serialNumber(revoked);
 #else
 			revoked_serial = revoked->serialNumber;
@@ -942,7 +942,7 @@
 					"revoked per CRL from issuer %s\n", serial, serial, cp);
 				OPENSSL_free(cp);
 				X509_STORE_CTX_set_error(callback_ctx, X509_V_ERR_CERT_REVOKED);
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
 				X509_OBJECT_free(obj);
 #else
 				X509_OBJECT_free_contents(&obj);
@@ -950,7 +950,7 @@
 				return 0; /* Reject connection */
 			}
 		}
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
 			X509_OBJECT_free(obj);
 #else
 			X509_OBJECT_free_contents(&obj);
@@ -1046,7 +1046,7 @@
 		ssl_client_mode = 0;
 	}
 
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
 	method = ssl_client_mode ? TLS_client_method() : TLS_server_method();
 	if (db)
 		method_name = ssl_client_mode ? "TLS_client_method()" : "TLS_server_method()";
@@ -1584,7 +1584,7 @@
 	rfbLog("Using Anonymous Diffie-Hellman mode.\n");
 	rfbLog("WARNING: Anonymous Diffie-Hellman uses encryption but is\n");
 	rfbLog("WARNING: susceptible to a Man-In-The-Middle attack.\n");
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
 	method = ssl_client_mode ? TLS_client_method() : TLS_server_method();
 #else
 	method = ssl_client_mode ? SSLv23_client_method() : SSLv23_server_method();
@@ -1967,7 +1967,7 @@
 	s = SSL_get_session(ssl);
 
 	if (s) {
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
 		ssl_version = SSL_SESSION_get_protocol_version(s);
 #else
 		ssl_version = s->ssl_version;