--- a/lib/ext/wocky/wocky/wocky-openssl.c	2018-10-26 14:18:52.346235811 +0200
+++ b/lib/ext/wocky/wocky/wocky-openssl.c	2018-10-26 14:35:36.646231980 +0200
@@ -885,7 +885,11 @@
   int i;
   gboolean rval = FALSE;
   X509_NAME *subject = X509_get_subject_name (cert);
-  X509_CINF *ci = cert->cert_info;
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+  const STACK_OF(X509_EXTENSION)* extensions = X509_get0_extensions(cert);
+#else
+  const STACK_OF(X509_EXTENSION)* extensions = cert->cert_info->extensions;
+#endif
   static const long nid[] = { NID_commonName, NID_subject_alt_name, NID_undef };

   /* first, see if the x509 name contains the info we want: */
@@ -906,16 +910,21 @@
    * and extract the subject_alt_name from the x509 v3 extensions: if that   *
    * extension is present, and a string, use that. If it is present, and     *
    * a multi-value stack, trawl it for the "DNS" entry and use that          */
-  if (!rval && (ci->extensions != NULL))
-    for (i = 0; i < sk_X509_EXTENSION_num(ci->extensions) && !rval; i++)
+  if (!rval && (extensions != NULL))
+    for (i = 0; i < sk_X509_EXTENSION_num(extensions) && !rval; i++)
       {
-        X509_EXTENSION *ext = sk_X509_EXTENSION_value (ci->extensions, i);
+        X509_EXTENSION *ext = sk_X509_EXTENSION_value (extensions, i);
         ASN1_OBJECT *obj = X509_EXTENSION_get_object (ext);
         X509V3_EXT_METHOD *convert = NULL;
         long ni = OBJ_obj2nid (obj);
         const guchar *p;
         char *value = NULL;
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+        const ASN1_OCTET_STRING* ext_value = X509_EXTENSION_get_data(ext);
+        int len = ASN1_STRING_length(ext_value);
+#else
         int len = ext->value->length;
+#endif
         void *ext_str = NULL;

         if (ni != NID_subject_alt_name)
@@ -927,7 +936,11 @@
         if ((convert = (X509V3_EXT_METHOD *) X509V3_EXT_get (ext)) == NULL)
           continue;

+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+        p = ASN1_STRING_get0_data(ext_value);
+#else
         p = ext->value->data;
+#endif
         ext_str = ((convert->it != NULL) ?
                    ASN1_item_d2i (NULL, &p, len, ASN1_ITEM_ptr(convert->it)) :
                    convert->d2i (NULL, &p, len) );
@@ -1119,13 +1132,22 @@
           X509_STORE *store = SSL_CTX_get_cert_store(session->ctx);
           X509 *cert = SSL_get_peer_certificate (session->ssl);
           STACK_OF(X509) *chain = SSL_get_peer_cert_chain (session->ssl);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+          X509_VERIFY_PARAM* param = X509_STORE_get0_param(store);
+          long old_flags = X509_VERIFY_PARAM_get_flags(param);
+#else
           long old_flags = store->param->flags;
+#endif
           long new_flags = old_flags;
           DEBUG("No CRL available, but not in strict mode - re-verifying");

           new_flags &= ~(X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);

+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+          X509_VERIFY_PARAM_set_flags(param, new_flags);
+#else
           store->param->flags = new_flags;
+#endif
           X509_STORE_CTX_init (xctx, store, cert, chain);
           X509_STORE_CTX_set_flags (xctx, new_flags);

@@ -1135,7 +1157,11 @@
               status = _cert_status (session, new_code, level, ssl_code);
             }

+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+          X509_VERIFY_PARAM_set_flags(param, old_flags);
+#else
           store->param->flags = old_flags;
+#endif
           X509_STORE_CTX_free (xctx);
           X509_free (cert);

@@ -1674,12 +1700,14 @@

   if G_UNLIKELY (g_once_init_enter (&initialised))
     {
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+      DEBUG ("initialising SSL library and error strings");
+#else
       gint malloc_init_succeeded;
-
       DEBUG ("initialising SSL library and error strings");
-
       malloc_init_succeeded = CRYPTO_malloc_init ();
       g_warn_if_fail (malloc_init_succeeded);
+#endif

       SSL_library_init ();
       SSL_load_error_strings ();
--- a/lib/ext/wocky/wocky/wocky-openssl-dh2048.c	2018-10-26 14:17:23.356236151 +0200
+++ b/lib/ext/wocky/wocky/wocky-openssl-dh2048.c	2018-10-26 14:41:17.896230678 +0200
@@ -36,11 +36,21 @@
 		0x02,
 		};
 	DH *dh;
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+	int r = 0;
+#endif

 	if ((dh=DH_new()) == NULL) return(NULL);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+	r = DH_set0_pqg(dh, BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL),
+						NULL, BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL));
+	if (!r)
+		{ DH_free(dh); return(NULL); }
+#else
 	dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
 	dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
 	if ((dh->p == NULL) || (dh->g == NULL))
 		{ DH_free(dh); return(NULL); }
+#endif
 	return(dh);
 	}
--- a/lib/ext/wocky/wocky/wocky-openssl-dh4096.c	2018-10-26 14:17:02.266236231 +0200
+++ b/lib/ext/wocky/wocky/wocky-openssl-dh4096.c	2018-10-26 14:41:37.746230603 +0200
@@ -57,11 +57,21 @@
 		0x02,
 		};
 	DH *dh;
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+	int r = 0;
+#endif

 	if ((dh=DH_new()) == NULL) return(NULL);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+	r = DH_set0_pqg(dh, BN_bin2bn(dh4096_p,sizeof(dh4096_p),NULL),
+						NULL, BN_bin2bn(dh4096_g,sizeof(dh4096_g),NULL));
+	if (!r)
+		{ DH_free(dh); return(NULL); }
+#else
 	dh->p=BN_bin2bn(dh4096_p,sizeof(dh4096_p),NULL);
 	dh->g=BN_bin2bn(dh4096_g,sizeof(dh4096_g),NULL);
 	if ((dh->p == NULL) || (dh->g == NULL))
 		{ DH_free(dh); return(NULL); }
+#endif
 	return(dh);
 	}
--- a/lib/ext/wocky/wocky/wocky-openssl-dh1024.c	2018-10-26 14:17:53.146236037 +0200
+++ b/lib/ext/wocky/wocky/wocky-openssl-dh1024.c	2018-10-26 14:40:40.986230819 +0200
@@ -25,11 +25,21 @@
 		0x02,
 		};
 	DH *dh;
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+	int r = 0;
+#endif

 	if ((dh=DH_new()) == NULL) return(NULL);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+	r = DH_set0_pqg(dh, BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL),
+					NULL, BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL));
+	if (!r)
+		{ DH_free(dh); return(NULL); }
+#else
 	dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
 	dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
 	if ((dh->p == NULL) || (dh->g == NULL))
 		{ DH_free(dh); return(NULL); }
+#endif
 	return(dh);
 	}
--- a/lib/ext/wocky/wocky/wocky-openssl-dh512.c	2018-10-26 14:18:14.356235956 +0200
+++ b/lib/ext/wocky/wocky/wocky-openssl-dh512.c	2018-10-26 14:38:56.266231219 +0200
@@ -20,11 +20,21 @@
 		0x02,
 		};
 	DH *dh;
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+	int r = 0;
+#endif

 	if ((dh=DH_new()) == NULL) return(NULL);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+	r = DH_set0_pqg(dh, BN_bin2bn(dh512_p,sizeof(dh512_p),NULL),
+					NULL, BN_bin2bn(dh512_g,sizeof(dh512_g),NULL));
+	if (!r)
+	   { DH_free(dh); return(NULL); }
+#else
 	dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
 	dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
 	if ((dh->p == NULL) || (dh->g == NULL))
 		{ DH_free(dh); return(NULL); }
+#endif
 	return(dh);
 	}