From 72100c1f600b59385bd70982ad8b2a5ec32991ce Mon Sep 17 00:00:00 2001
From: eroen <elinks@occam.eroen.eu>
Date: Sun, 8 Jan 2017 23:20:29 +0100
Subject: [PATCH 2/2] Support openssl-1.1.0 without compat modes

These changes fix build failures when openssl 1.1.0 was built with `--api=1.1
disable-deprecated`.

- Various initialization functions, also used to check for openssl in
  configure, are deprecated. Added OpenSSL_version_num as fallback in
  configure.
- Use get and set functions for opaque structures

X-Gentoo-Bug: 605026
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=605026
---
 configure.in             | 5 +++++
 src/network/ssl/socket.c | 8 ++++++++
 src/network/ssl/ssl.c    | 3 +++
 3 files changed, 16 insertions(+)

diff --git a/configure.in b/configure.in
index 0e534dbf..d130344b 100644
--- a/configure.in
+++ b/configure.in
@@ -1006,6 +1006,9 @@ else
 			if test "$cf_result" != yes; then
 				AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <openssl/ssl.h>]], [[SSLeay_add_ssl_algorithms()]])],[cf_result=yes],[cf_result=no])
 			fi
+			if test "$cf_result" != yes; then
+				AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <openssl/crypto.h>]], [[OpenSSL_version_num()]])],[cf_result=yes],[cf_result=no])
+			fi
 		fi
 	done
 
@@ -1020,6 +1023,8 @@ else
 
 		CFLAGS="$CFLAGS_X"
 		AC_SUBST(OPENSSL_CFLAGS)
+
+		AC_CHECK_FUNCS([SSL_set_options] [SSL_get_SSL_CTX])
 	fi
 fi
 
diff --git a/src/network/ssl/socket.c b/src/network/ssl/socket.c
index 45b4b4a8..46929f43 100644
--- a/src/network/ssl/socket.c
+++ b/src/network/ssl/socket.c
@@ -67,7 +67,11 @@ static void
 ssl_set_no_tls(struct socket *socket)
 {
 #ifdef CONFIG_OPENSSL
+#ifdef HAVE_SSL_SET_OPTIONS
+	SSL_set_options((ssl_t *) socket->ssl, SSL_OP_NO_TLSv1);
+#else
 	((ssl_t *) socket->ssl)->options |= SSL_OP_NO_TLSv1;
+#endif /* HAVE_SSL_SET_OPTIONS */
 #elif defined(CONFIG_GNUTLS)
 	{
 		/* GnuTLS does not support SSLv2 because it is "insecure".
@@ -145,7 +149,11 @@ ssl_connect(struct socket *socket)
 		}
 
 		if (client_cert) {
+#ifdef HAVE_SSL_GET_SSL_CTX
+			SSL_CTX *ctx = SSL_get_SSL_CTX(socket->ssl);
+#else
 			SSL_CTX *ctx = ((SSL *) socket->ssl)->ctx;
+#endif /* HAVE_SSL_GET_SSL_CTX */
 
 			SSL_CTX_use_certificate_chain_file(ctx, client_cert);
 			SSL_CTX_use_PrivateKey_file(ctx, client_cert,
diff --git a/src/network/ssl/ssl.c b/src/network/ssl/ssl.c
index c06a80a7..392166c8 100644
--- a/src/network/ssl/ssl.c
+++ b/src/network/ssl/ssl.c
@@ -7,6 +7,7 @@
 #ifdef CONFIG_OPENSSL
 #include <openssl/ssl.h>
 #include <openssl/rand.h>
+#include <openssl/opensslv.h>
 #elif defined(CONFIG_GNUTLS)
 #include <gnutls/gnutls.h>
 #include <gnutls/x509.h>
@@ -61,7 +62,9 @@ init_openssl(struct module *module)
 	}
 #endif
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	SSLeay_add_ssl_algorithms();
+#endif
 	context = SSL_CTX_new(SSLv23_client_method());
 	SSL_CTX_set_options(context, SSL_OP_ALL);
 	SSL_CTX_set_default_verify_paths(context);
-- 
2.11.0