--- ruby-2.4.2-orig/ext/openssl/ossl.c	2017-09-09 00:38:12.000000000 +1000
+++ ruby-2.4.2/ext/openssl/ossl.c	2017-10-15 01:21:20.676633787 +1100
@@ -1010,10 +1010,14 @@
      */
     /* CRYPTO_malloc_init(); */
     /* ENGINE_load_builtin_engines(); */
+#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+    OPENSSL_init_ssl(0, NULL);
+#else
     OpenSSL_add_ssl_algorithms();
     OpenSSL_add_all_algorithms();
     ERR_load_crypto_strings();
     SSL_load_error_strings();
+#endif
 
     /*
      * FIXME:
@@ -1048,7 +1052,11 @@
     /*
      * Version of OpenSSL the ruby OpenSSL extension is running with
      */
+#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+    rb_define_const(mOSSL, "OPENSSL_LIBRARY_VERSION", rb_str_new2(OpenSSL_version(OPENSSL_VERSION)));
+#else
     rb_define_const(mOSSL, "OPENSSL_LIBRARY_VERSION", rb_str_new2(SSLeay_version(SSLEAY_VERSION)));
+#endif
 
     /*
      * Version number of OpenSSL the ruby OpenSSL extension was built with
--- ruby-2.4.2-orig/ext/openssl/ossl.h	2016-12-01 01:41:46.000000000 +1100
+++ ruby-2.4.2/ext/openssl/ossl.h	2017-10-15 00:41:53.534456730 +1100
@@ -35,6 +35,13 @@
 #if !defined(OPENSSL_NO_OCSP)
 #  include <openssl/ocsp.h>
 #endif
+#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+#  include <openssl/bn.h>
+#  include <openssl/rsa.h>
+#  include <openssl/dsa.h>
+#  include <openssl/evp.h>
+#  include <openssl/dh.h>
+#endif
 
 /*
  * Common Module
--- ruby-2.4.2-orig/ext/openssl/ossl_cipher.c	2017-08-03 23:43:01.000000000 +1000
+++ ruby-2.4.2/ext/openssl/ossl_cipher.c	2017-10-15 00:27:10.919535389 +1100
@@ -513,7 +513,11 @@
     GetCipher(self, ctx);
 
 #if defined(HAVE_AUTHENTICATED_ENCRYPTION)
+#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+    if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER)
+#else
     if (EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER)
+#endif
 	iv_len = (int)(VALUE)EVP_CIPHER_CTX_get_app_data(ctx);
 #endif
     if (!iv_len)
@@ -542,7 +546,11 @@
     GetCipher(self, ctx);
 
 #if defined(HAVE_AUTHENTICATED_ENCRYPTION)
+#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+    return (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER) ? Qtrue : Qfalse;
+#else
     return (EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER) ? Qtrue : Qfalse;
+#endif
 #else
     return Qfalse;
 #endif
@@ -617,7 +625,11 @@
 
     GetCipher(self, ctx);
 
+#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+    if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER))
+#else
     if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER))
+#endif
 	ossl_raise(eCipherError, "authentication tag not supported by this cipher");
 
     ret = rb_str_new(NULL, tag_len);
@@ -654,7 +666,11 @@
     tag_len = RSTRING_LENINT(vtag);
 
     GetCipher(self, ctx);
+#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+    if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER))
+#else
     if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER))
+#endif
 	ossl_raise(eCipherError, "authentication tag not supported by this cipher");
 
     if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len, tag))
@@ -681,7 +697,11 @@
     EVP_CIPHER_CTX *ctx;
 
     GetCipher(self, ctx);
+#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+    if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER))
+#else
     if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER))
+#endif
 	ossl_raise(eCipherError, "AEAD not supported by this cipher");
 
     if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len, NULL))
@@ -708,7 +728,11 @@
     EVP_CIPHER_CTX *ctx;
 
     GetCipher(self, ctx);
+#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+    if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER))
+#else
     if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER))
+#endif
 	ossl_raise(eCipherError, "cipher does not support AEAD");
 
     if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, len, NULL))
@@ -807,7 +831,11 @@
 
     GetCipher(self, ctx);
 #if defined(HAVE_AUTHENTICATED_ENCRYPTION)
+#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+    if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER)
+#else
     if (EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER)
+#endif
 	len = (int)(VALUE)EVP_CIPHER_CTX_get_app_data(ctx);
 #endif
     if (!len)
--- ruby-2.4.2-orig/ext/openssl/ossl_engine.c	2016-12-10 19:12:02.000000000 +1100
+++ ruby-2.4.2/ext/openssl/ossl_engine.c	2017-10-15 00:50:01.341557004 +1100
@@ -50,6 +50,15 @@
 /*
  * Private
  */
+#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+#define OSSL_ENGINE_LOAD_IF_MATCH(x) \
+do{\
+  if(!strcmp(#x, RSTRING_PTR(name))){\
+    OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_##x, NULL); \
+    return Qtrue;\
+  }\
+}while(0)
+#else
 #define OSSL_ENGINE_LOAD_IF_MATCH(x) \
 do{\
   if(!strcmp(#x, RSTRING_PTR(name))){\
@@ -57,6 +66,7 @@
     return Qtrue;\
   }\
 }while(0)
+#endif
 
 static void
 ossl_engine_free(void *engine)
@@ -99,8 +109,12 @@
     StringValueCStr(name);
 #ifndef OPENSSL_NO_STATIC_ENGINE
 #if HAVE_ENGINE_LOAD_DYNAMIC
+#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+    OSSL_ENGINE_LOAD_IF_MATCH(DYNAMIC);
+#else
     OSSL_ENGINE_LOAD_IF_MATCH(dynamic);
 #endif
+#endif
 #if HAVE_ENGINE_LOAD_4758CCA
     OSSL_ENGINE_LOAD_IF_MATCH(4758cca);
 #endif
@@ -126,11 +140,19 @@
     OSSL_ENGINE_LOAD_IF_MATCH(ubsec);
 #endif
 #if HAVE_ENGINE_LOAD_PADLOCK
+#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+    OSSL_ENGINE_LOAD_IF_MATCH(PADLOCK);
+#else
     OSSL_ENGINE_LOAD_IF_MATCH(padlock);
 #endif
+#endif
 #if HAVE_ENGINE_LOAD_CAPI
+#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+    OSSL_ENGINE_LOAD_IF_MATCH(CAPI);
+#else
     OSSL_ENGINE_LOAD_IF_MATCH(capi);
 #endif
+#endif
 #if HAVE_ENGINE_LOAD_GMP
     OSSL_ENGINE_LOAD_IF_MATCH(gmp);
 #endif
@@ -138,8 +160,12 @@
     OSSL_ENGINE_LOAD_IF_MATCH(gost);
 #endif
 #if HAVE_ENGINE_LOAD_CRYPTODEV
+#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+    OSSL_ENGINE_LOAD_IF_MATCH(CRYPTODEV);
+#else
     OSSL_ENGINE_LOAD_IF_MATCH(cryptodev);
 #endif
+#endif
 #if HAVE_ENGINE_LOAD_AESNI
     OSSL_ENGINE_LOAD_IF_MATCH(aesni);
 #endif
@@ -147,7 +173,11 @@
 #ifdef HAVE_ENGINE_LOAD_OPENBSD_DEV_CRYPTO
     OSSL_ENGINE_LOAD_IF_MATCH(openbsd_dev_crypto);
 #endif
+#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+    OSSL_ENGINE_LOAD_IF_MATCH(OPENSSL);
+#else
     OSSL_ENGINE_LOAD_IF_MATCH(openssl);
+#endif
     rb_warning("no such builtin loader for `%"PRIsVALUE"'", name);
     return Qnil;
 #endif /* HAVE_ENGINE_LOAD_BUILTIN_ENGINES */
@@ -165,7 +195,9 @@
 static VALUE
 ossl_engine_s_cleanup(VALUE self)
 {
+#if defined(LIBRESSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x10100000L)
     ENGINE_cleanup();
+#endif
     return Qnil;
 }
 
--- ruby-2.4.2-orig/ext/openssl/ossl_x509cert.c	2017-09-09 00:38:12.000000000 +1000
+++ ruby-2.4.2/ext/openssl/ossl_x509cert.c	2017-10-15 00:35:56.522867457 +1100
@@ -478,7 +478,11 @@
 
     GetX509(self, x509);
     asn1time = ossl_x509_time_adjust(NULL, time);
+#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+    if (!X509_set1_notBefore(x509, asn1time)) {
+#else
     if (!X509_set_notBefore(x509, asn1time)) {
+#endif
 	ASN1_TIME_free(asn1time);
 	ossl_raise(eX509CertError, "X509_set_notBefore");
     }
@@ -517,7 +521,11 @@
 
     GetX509(self, x509);
     asn1time = ossl_x509_time_adjust(NULL, time);
+#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+    if (!X509_set1_notAfter(x509, asn1time)) {
+#else
     if (!X509_set_notAfter(x509, asn1time)) {
+#endif
 	ASN1_TIME_free(asn1time);
 	ossl_raise(eX509CertError, "X509_set_notAfter");
     }
--- ruby-2.4.2-orig/ext/openssl/ossl_x509crl.c	2017-09-09 00:38:12.000000000 +1000
+++ ruby-2.4.2/ext/openssl/ossl_x509crl.c	2017-10-15 00:37:29.709286801 +1100
@@ -237,7 +237,11 @@
 
     GetX509CRL(self, crl);
     asn1time = ossl_x509_time_adjust(NULL, time);
+#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+    if (!X509_CRL_set1_lastUpdate(crl, asn1time)) {
+#else
     if (!X509_CRL_set_lastUpdate(crl, asn1time)) {
+#endif
 	ASN1_TIME_free(asn1time);
 	ossl_raise(eX509CRLError, "X509_CRL_set_lastUpdate");
     }
@@ -264,7 +268,11 @@
 
     GetX509CRL(self, crl);
     asn1time = ossl_x509_time_adjust(NULL, time);
+#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+    if (!X509_CRL_set1_nextUpdate(crl, asn1time)) {
+#else
     if (!X509_CRL_set_nextUpdate(crl, asn1time)) {
+#endif
 	ASN1_TIME_free(asn1time);
 	ossl_raise(eX509CRLError, "X509_CRL_set_nextUpdate");
     }