--- src/common.h.orig	2016-06-27 07:29:32 UTC
+++ src/common.h.orig	
@@ -448,7 +448,7 @@ extern char *sys_errlist[];
 #define OPENSSL_NO_TLS1_2
 #endif /* OpenSSL older than 1.0.1 || defined(OPENSSL_NO_TLS1) */
 
-#if OPENSSL_VERSION_NUMBER>=0x10100000L
+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
 #ifndef OPENSSL_NO_SSL2
 #define OPENSSL_NO_SSL2
 #endif /* !defined(OPENSSL_NO_SSL2) */
@@ -474,7 +474,7 @@ extern char *sys_errlist[];
 #include <openssl/des.h>
 #ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
-#if OPENSSL_VERSION_NUMBER<0x10100000L
+#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
 #endif /* OpenSSL older than 1.1.0 */
 #endif /* !defined(OPENSSL_NO_DH) */
--- src/ctx.c.orig	2016-06-21 15:06:14 UTC
+++ src/ctx.c.orig	
@@ -366,7 +366,7 @@ NOEXPORT int ecdh_init(SERVICE_OPTIONS *
 /**************************************** initialize OpenSSL CONF */
 
 NOEXPORT int conf_init(SERVICE_OPTIONS *section) {
-#if OPENSSL_VERSION_NUMBER>=0x10002000L
+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
     SSL_CONF_CTX *cctx;
     NAME_LIST *curr;
     char *cmd, *param;
--- src/prototypes.h.orig	2016-07-05 21:27:57 UTC
+++ src/prototypes.h.orig	
@@ -650,13 +650,13 @@ typedef enum {
 #endif /* OPENSSL_NO_DH */
     STUNNEL_LOCKS                           /* number of locks */
 } LOCK_TYPE;
-#if OPENSSL_VERSION_NUMBER < 0x10100004L
+#if OPENSSL_VERSION_NUMBER < 0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
 typedef int STUNNEL_RWLOCK;
 #else
 typedef CRYPTO_RWLOCK *STUNNEL_RWLOCK;
 #endif
 extern STUNNEL_RWLOCK stunnel_locks[STUNNEL_LOCKS];
-#if OPENSSL_VERSION_NUMBER>=0x10100004L
+#if OPENSSL_VERSION_NUMBER>=0x10100004L && !defined(LIBRESSL_VERSION_NUMBER)
 #define CRYPTO_THREAD_read_unlock(type) CRYPTO_THREAD_unlock(type)
 #define CRYPTO_THREAD_write_unlock(type) CRYPTO_THREAD_unlock(type)
 #else
--- src/ssl.c.orig	2016-06-02 13:43:49 UTC
+++ src/ssl.c.orig	
@@ -78,7 +78,7 @@ int ssl_init(void) { /* init SSL before 
 }
 
 #ifndef OPENSSL_NO_DH
-#if OPENSSL_VERSION_NUMBER<0x10100000L
+#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 /* this is needed for dhparam.c generated with OpenSSL >= 1.1.0
  * to be linked against the older versions */
 int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) {
--- src/sthreads.c.orig	2016-05-03 18:35:03 UTC
+++ src/sthreads.c.orig	
@@ -45,7 +45,7 @@ 
 
 STUNNEL_RWLOCK stunnel_locks[STUNNEL_LOCKS];
 
-#if OPENSSL_VERSION_NUMBER<0x10100004L
+#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
 #define CRYPTO_THREAD_lock_new() CRYPTO_get_new_dynlockid()
 #endif
 
@@ -203,7 +203,7 @@ int create_client(SOCKET ls, SOCKET s, C
 
 #ifdef USE_PTHREAD
 
-#if OPENSSL_VERSION_NUMBER<0x10100004L
+#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
 
 struct CRYPTO_dynlock_value {
     pthread_rwlock_t rwlock;
@@ -263,16 +263,18 @@ unsigned long stunnel_thread_id(void) {
 #endif
 }
 
-#if OPENSSL_VERSION_NUMBER>=0x10000000L && OPENSSL_VERSION_NUMBER<0x10100004L
+#if OPENSSL_VERSION_NUMBER>=0x10000000L
+#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
 NOEXPORT void threadid_func(CRYPTO_THREADID *tid) {
     CRYPTO_THREADID_set_numeric(tid, stunnel_thread_id());
 }
 #endif
+#endif
 
 int sthreads_init(void) {
     int i;
 
-#if OPENSSL_VERSION_NUMBER<0x10100004L
+#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
     /* initialize the OpenSSL dynamic locking */
     CRYPTO_set_dynlock_create_callback(dyn_create_function);
     CRYPTO_set_dynlock_lock_callback(dyn_lock_function);
@@ -345,7 +347,7 @@ int create_client(SOCKET ls, SOCKET s, C
  * but it is unsupported on Windows XP (and earlier versions of Windows):
  * https://msdn.microsoft.com/en-us/library/windows/desktop/aa904937%28v=vs.85%29.aspx */
 
-#if OPENSSL_VERSION_NUMBER<0x10100004L
+#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
 
 struct CRYPTO_dynlock_value {
     CRITICAL_SECTION mutex;
@@ -398,7 +400,7 @@ unsigned long stunnel_thread_id(void) {
 int sthreads_init(void) {
     int i;
 
-#if OPENSSL_VERSION_NUMBER<0x10100004L
+#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
     /* initialize the OpenSSL dynamic locking */
     CRYPTO_set_dynlock_create_callback(dyn_create_function);
     CRYPTO_set_dynlock_lock_callback(dyn_lock_function);
--- src/verify.c.orig	2016-07-05 21:27:57 UTC
+++ src/verify.c.orig	
@@ -178,14 +178,14 @@ NOEXPORT void auth_warnings(SERVICE_OPTI
     if(section->option.verify_peer) /* verify_peer does not depend on PKI */
         return;
     if(section->option.verify_chain) {
-#if OPENSSL_VERSION_NUMBER>=0x10002000L
+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
         if(section->check_email || section->check_host || section->check_ip)
             return;
 #endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */
         s_log(LOG_WARNING,
             "Service [%s] uses \"verify = 2\" without subject checks",
             section->servname);
-#if OPENSSL_VERSION_NUMBER<0x10002000L
+#if OPENSSL_VERSION_NUMBER<0x10002000L || defined(LIBRESSL_VERSION_NUMBER)
         s_log(LOG_WARNING,
             "Rebuild your stunnel against OpenSSL version 1.0.2 or higher");
 #endif /* OPENSSL_VERSION_NUMBER<0x10002000L */
@@ -277,7 +277,7 @@ NOEXPORT int cert_check(CLI *c, X509_STO
     }
 
     if(depth==0) { /* additional peer certificate checks */
-#if OPENSSL_VERSION_NUMBER>=0x10002000L
+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
         if(!cert_check_subject(c, callback_ctx))
             return 0; /* reject */
 #endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */
@@ -288,7 +288,7 @@ NOEXPORT int cert_check(CLI *c, X509_STO
     return 1; /* accept */
 }
 
-#if OPENSSL_VERSION_NUMBER>=0x10002000L
+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
 NOEXPORT int cert_check_subject(CLI *c, X509_STORE_CTX *callback_ctx) {
     X509 *cert=X509_STORE_CTX_get_current_cert(callback_ctx);
     NAME_LIST *ptr;
@@ -340,7 +340,7 @@ NOEXPORT int cert_check_local(X509_STORE
     STACK_OF(X509) *sk;
     int i;
 #endif
-#if OPENSSL_VERSION_NUMBER<0x10100000L
+#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
     X509_OBJECT obj;
     int success;
 #endif
@@ -349,7 +349,7 @@ NOEXPORT int cert_check_local(X509_STORE
     subject=X509_get_subject_name(cert);
 
 #if OPENSSL_VERSION_NUMBER>=0x10000000L
-#if OPENSSL_VERSION_NUMBER<0x10100006L
+#if OPENSSL_VERSION_NUMBER<0x10100006L || defined(LIBRESSL_VERSION_NUMBER)
 #define X509_STORE_CTX_get1_certs X509_STORE_get1_certs
 #endif
     /* modern API allows retrieving multiple matching certificates */
@@ -364,7 +364,7 @@ NOEXPORT int cert_check_local(X509_STORE
     }
 #endif
 
-#if OPENSSL_VERSION_NUMBER<0x10100000L
+#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
     /* pre-1.0.0 API only returns a single matching certificate */
     /* we also invoke it for other OpenSSL versions before 1.1.0 */
     memset((char *)&obj, 0, sizeof obj);