1 diff --git a/configure.ac b/configure.ac
2 index 556f220..2c0693d 100644
3 --- a/configure.ac
4 +++ b/configure.ac
5 @@ -303,7 +303,7 @@ if test x$with_openssl != xno ; then
6 )
7 fi
8 if test x$with_openssl != xno ; then
9 - AC_CHECK_LIB(ssl, SSL_library_init, [
10 + AC_CHECK_LIB(ssl, SSL_new, [
11 with_openssl=yes
12 LIBS="-lssl -lcrypto $LIBS"
13 ], [
14 diff --git a/smtp-tls.c b/smtp-tls.c
15 index 9a66806..cfc6589 100644
16 --- a/smtp-tls.c
17 +++ b/smtp-tls.c
18 @@ -57,6 +57,7 @@ static void *ctx_password_cb_arg;
19 #ifdef USE_PTHREADS
20 #include <pthread.h>
21 static pthread_mutex_t starttls_mutex = PTHREAD_MUTEX_INITIALIZER;
22 +#if OPENSSL_VERSION_NUMBER < 0x10100000
23 static pthread_mutex_t *openssl_mutex;
24
25 static void
26 @@ -70,6 +71,7 @@ openssl_mutexcb (int mode, int n,
27 pthread_mutex_unlock (&openssl_mutex[n]);
28 }
29 #endif
30 +#endif
31
32 static int
33 starttls_init (void)
34 @@ -77,6 +79,10 @@ starttls_init (void)
35 if (tls_init)
36 return 1;
37
38 +#if OPENSSL_VERSION_NUMBER < 0x10100000
39 + /* starting from OpenSSL 1.1.0, OpenSSL uses a new threading API and does its own locking */
40 + /* also initialization has been reworked and is done automatically */
41 + /* so there's not much to do here any more */
42 #ifdef USE_PTHREADS
43 /* Set up mutexes for the OpenSSL library */
44 if (openssl_mutex == NULL)
45 @@ -94,9 +100,10 @@ starttls_init (void)
46 CRYPTO_set_locking_callback (openssl_mutexcb);
47 }
48 #endif
49 - tls_init = 1;
50 SSL_load_error_strings ();
51 SSL_library_init ();
52 +#endif
53 + tls_init = 1;
54 return 1;
55 }
56
57 @@ -201,7 +208,15 @@ starttls_create_ctx (smtp_session_t session)
58 3207. Servers typically support SSL as well as TLS because some
59 versions of Netscape do not support TLS. I am assuming that all
60 currently deployed servers correctly support TLS. */
61 +#if OPENSSL_VERSION_NUMBER < 0x10100000
62 ctx = SSL_CTX_new (TLSv1_client_method ());
63 +#else
64 + ctx = SSL_CTX_new (TLS_client_method ());
65 + if (!SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION)) {
66 + /* FIXME: set an error code AND free the allocated ctx */
67 + return NULL;
68 + }
69 +#endif
70
71 /* Load our keys and certificates. To avoid messing with configuration
72 variables etc, use fixed paths for the certificate store. These are
|
