$OpenBSD: patch-src_verify_c,v 1.5 2016/11/10 10:10:50 gsoares Exp $
--- src/verify.c.orig   2017-04-04 20:02:57.168123782 -0400
+++ src/verify.c        2017-04-04 20:51:08.931284080 -0400
@@ -352,7 +352,7 @@
     cert=X509_STORE_CTX_get_current_cert(callback_ctx);
     subject=X509_get_subject_name(cert);

-#if OPENSSL_VERSION_NUMBER<0x10100006L
+#if OPENSSL_VERSION_NUMBER<0x10100006L || defined(LIBRESSL_VERSION_NUMBER)
 #define X509_STORE_CTX_get1_certs X509_STORE_get1_certs
 #endif
     /* modern API allows retrieving multiple matching certificates */

$OpenBSD: patch-src_sthreads_c,v 1.2 2016/11/10 10:10:50 gsoares Exp $
--- src/sthreads.c.orig	Sat Oct 29 05:25:37 2016
+++ src/sthreads.c	Wed Nov  9 20:22:39 2016
@@ -47,7 +47,7 @@
 STUNNEL_RWLOCK stunnel_locks[STUNNEL_LOCKS];
 #endif
 
-#if OPENSSL_VERSION_NUMBER<0x10100004L
+#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
 #define CRYPTO_THREAD_lock_new() CRYPTO_get_new_dynlockid()
 #endif


$OpenBSD: patch-src_ssl_c,v 1.4 2016/11/09 23:14:31 gsoares Exp $
--- src/ssl.c.orig	Fri Aug  5 06:39:57 2016
+++ src/ssl.c	Thu Nov  3 23:50:50 2016
@@ -83,7 +83,7 @@ int ssl_init(void) { /* init SSL before parsing config
 }
 
 #ifndef OPENSSL_NO_DH
-#if OPENSSL_VERSION_NUMBER<0x10100000L
+#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 /* this is needed for dhparam.c generated with OpenSSL >= 1.1.0
  * to be linked against the older versions */
 int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) {

$OpenBSD: patch-src_prototypes_h,v 1.2 2016/11/10 10:10:50 gsoares Exp $
--- src/prototypes.h.orig	Sat Oct 29 05:25:37 2016
+++ src/prototypes.h	Wed Nov  9 20:22:39 2016
@@ -660,13 +660,13 @@ typedef enum {
 #endif /* OPENSSL_NO_DH */
     STUNNEL_LOCKS                           /* number of locks */
 } LOCK_TYPE;
-#if OPENSSL_VERSION_NUMBER < 0x10100004L
+#if OPENSSL_VERSION_NUMBER < 0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
 typedef int STUNNEL_RWLOCK;
 #else
 typedef CRYPTO_RWLOCK *STUNNEL_RWLOCK;
 #endif
 extern STUNNEL_RWLOCK stunnel_locks[STUNNEL_LOCKS];
-#if OPENSSL_VERSION_NUMBER>=0x10100004L
+#if OPENSSL_VERSION_NUMBER>=0x10100004L && !defined(LIBRESSL_VERSION_NUMBER)
 #define CRYPTO_THREAD_read_unlock(type) CRYPTO_THREAD_unlock(type)
 #define CRYPTO_THREAD_write_unlock(type) CRYPTO_THREAD_unlock(type)
 #else

$OpenBSD: patch-src_options_c,v 1.7 2016/11/09 23:14:31 gsoares Exp $

use SSLv23_client_method() required to build with libressl since that it haven't
TLS_client_method()  for now.

--- src/options.c.orig	Fri Aug  5 06:39:57 2016
+++ src/options.c	Thu Nov  3 23:13:15 2016
@@ -2617,7 +2617,7 @@ NOEXPORT char *parse_service_option(CMD cmd, SERVICE_O
     /* sslVersion */
     switch(cmd) {
     case CMD_BEGIN:
-#if OPENSSL_VERSION_NUMBER>=0x10100000L
+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
         section->client_method=(SSL_METHOD *)TLS_client_method();
         section->server_method=(SSL_METHOD *)TLS_server_method();
 #else
@@ -2629,7 +2629,7 @@ NOEXPORT char *parse_service_option(CMD cmd, SERVICE_O
         if(strcasecmp(opt, "sslVersion"))
             break;
         if(!strcasecmp(arg, "all")) {
-#if OPENSSL_VERSION_NUMBER>=0x10100000L
+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
             section->client_method=(SSL_METHOD *)TLS_client_method();
             section->server_method=(SSL_METHOD *)TLS_server_method();
 #else

$OpenBSD: patch-src_ctx_c,v 1.4 2016/11/09 23:14:31 gsoares Exp $
--- src/ctx.c.orig	Tue Jun 21 12:06:14 2016
+++ src/ctx.c	Thu Nov  3 23:13:15 2016
@@ -366,7 +366,7 @@ NOEXPORT int ecdh_init(SERVICE_OPTIONS *section) {
 /**************************************** initialize OpenSSL CONF */
 
 NOEXPORT int conf_init(SERVICE_OPTIONS *section) {
-#if OPENSSL_VERSION_NUMBER>=0x10002000L
+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
     SSL_CONF_CTX *cctx;
     NAME_LIST *curr;
     char *cmd, *param;

$OpenBSD: patch-src_common_h,v 1.1 2016/11/09 23:14:31 gsoares Exp $
--- src/common.h.orig	Mon Jun 27 04:29:32 2016
+++ src/common.h	Thu Nov  3 23:57:29 2016
@@ -448,7 +448,7 @@ extern char *sys_errlist[];
 #define OPENSSL_NO_TLS1_2
 #endif /* OpenSSL older than 1.0.1 || defined(OPENSSL_NO_TLS1) */
 
-#if OPENSSL_VERSION_NUMBER>=0x10100000L
+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
 #ifndef OPENSSL_NO_SSL2
 #define OPENSSL_NO_SSL2
 #endif /* !defined(OPENSSL_NO_SSL2) */
@@ -474,7 +474,7 @@ extern char *sys_errlist[];
 #include <openssl/des.h>
 #ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
-#if OPENSSL_VERSION_NUMBER<0x10100000L
+#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
 #endif /* OpenSSL older than 1.1.0 */
 #endif /* !defined(OPENSSL_NO_DH) */