From a886a5ae7970d3967a3941c34e27707461ff8cfc Mon Sep 17 00:00:00 2001
From: Viktor Dukhovni <postfix-users@dukhovni.org>
Date: Sat, 11 Jul 2015 02:20:26 -0400
Subject: [PATCH] OpenSSL 1.1.0-dev bitrot: SSLv23_method deprecated

---
 postfix/src/tls/tls_client.c | 11 ++++++++++-
 postfix/src/tls/tls_server.c | 11 ++++++++++-
 2 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/postfix/src/tls/tls_client.c b/postfix/src/tls/tls_client.c
index f50936aac..4584a37d6 100644
--- a/postfix/src/tls/tls_client.c
+++ b/postfix/src/tls/tls_client.c
@@ -347,9 +347,18 @@ TLS_APPL_STATE *tls_client_init(const TLS_CLIENT_INIT_PROPS *props)
      * we want to be as compatible as possible, so we will start off with a
      * SSLv2 greeting allowing the best we can offer: TLSv1. We can restrict
      * this with the options setting later, anyhow.
+     *
+     * OpenSSL 1.1.0-dev deprecates SSLv23_client_method() in favour of
+     * TLS_client_method(), with the change in question signalled via a new
+     * TLS_ANY_VERSION macro.
      */
     ERR_clear_error();
-    if ((client_ctx = SSL_CTX_new(SSLv23_client_method())) == 0) {
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && defined(TLS_ANY_VERSION)
+    client_ctx = SSL_CTX_new(TLS_client_method());
+#else
+    client_ctx = SSL_CTX_new(SSLv23_client_method());
+#endif
+    if (client_ctx == 0) {
 	msg_warn("cannot allocate client SSL_CTX: disabling TLS support");
 	tls_print_errors();
 	return (0);
diff --git a/postfix/src/tls/tls_server.c b/postfix/src/tls/tls_server.c
index b74c32736..190a132cc 100644
--- a/postfix/src/tls/tls_server.c
+++ b/postfix/src/tls/tls_server.c
@@ -429,9 +429,18 @@ TLS_APPL_STATE *tls_server_init(const TLS_SERVER_INIT_PROPS *props)
      * SSLv2), so we need to have the SSLv23 server here. If we want to limit
      * the protocol level, we can add an option to not use SSLv2/v3/TLSv1
      * later.
+     *
+     * OpenSSL 1.1.0-dev deprecates SSLv23_server_method() in favour of
+     * TLS_client_method(), with the change in question signalled via a new
+     * TLS_ANY_VERSION macro.
      */
     ERR_clear_error();
-    if ((server_ctx = SSL_CTX_new(SSLv23_server_method())) == 0) {
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && defined(TLS_ANY_VERSION)
+    server_ctx = SSL_CTX_new(TLS_server_method());
+#else
+    server_ctx = SSL_CTX_new(SSLv23_server_method());
+#endif
+    if (server_ctx == 0) {
 	msg_warn("cannot allocate server SSL_CTX: disabling TLS support");
 	tls_print_errors();
 	return (0);
-- 
2.47.3