From 498d54258851fcbb499921ef22b04ce55d129786 Mon Sep 17 00:00:00 2001
From: Eli Schwartz <eschwartz@archlinux.org>
Date: Tue, 26 Dec 2017 09:19:31 -0500
Subject: [PATCH 1/2] README.md: document the required version of openssl

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 349d6cc1..0d47bd6b 100644
--- a/README.md
+++ b/README.md
@@ -39,7 +39,7 @@ To build this you'll need:
   - [GNU make](http://www.gnu.org/software/make/)
   - [pkg-config](http://www.freedesktop.org/wiki/Software/pkg-config/)
   - [zlib](http://www.zlib.net)
-  - [openssl](http://www.openssl.org)
+  - [openssl < 1.1](http://www.openssl.org) or [libressl](https://www.libressl.org/)
   - [libarchive >= 3.2.0](http://www.libarchive.org)
 
 and optionally:

From 861617a708622d1411d88a45e1c5c644d497c086 Mon Sep 17 00:00:00 2001
From: Eli Schwartz <eschwartz@archlinux.org>
Date: Tue, 26 Dec 2017 09:28:16 -0500
Subject: [PATCH 2/2] configure: correctly detect libssl using pkg-config

This allows the openssl version to be easily overridden using standard
PKG_CONFIG_PATH overrides, which is required for modern distros that use
openssl 1.1 by default.

Also print diagnostics for the libssl flavor in use, and constrain the
version when using openssl to < 1.1.
---
 configure | 46 ++++++++++++----------------------------------
 1 file changed, 12 insertions(+), 34 deletions(-)

diff --git a/configure b/configure
index 39cade15..9bff5d5a 100755
--- a/configure
+++ b/configure
@@ -675,43 +675,21 @@ else
 fi
 
 #
-# OpenSSL libssl with pkg-config support is required when building
-# the static binaries.
+# libssl with pkg-config support is required.
 #
-if [ "$BUILD_STATIC" = "yes" ]; then
-	printf "Checking for OpenSSL via pkg-config ... "
-	if ! $PKGCONFIG_BIN --exists libssl; then
-		echo "libssl.pc file not found, exiting."
-		exit 1
-	else
-		echo "found version $($PKGCONFIG_BIN --modversion libssl)."
-		echo "CFLAGS += $($PKGCONFIG_BIN --cflags libssl)" >>$CONFIG_MK
-		echo "LDFLAGS +=        $($PKGCONFIG_BIN --libs libssl)" >>$CONFIG_MK
-		echo "STATIC_LIBS +=    $($PKGCONFIG_BIN --libs --static libssl)" \
-			>>$CONFIG_MK
-	fi
+printf "Checking for libssl via pkg-config ... "
+if $PKGCONFIG_BIN --exists 'libssl < 1.1' && ! $PKGCONFIG_BIN --exists libtls ; then
+	echo "found OpenSSL version $($PKGCONFIG_BIN --modversion libssl)."
+elif $PKGCONFIG_BIN --exists libssl libtls; then
+	echo "found LibreSSL version $($PKGCONFIG_BIN --modversion libssl)."
 else
-	func=SHA256
-	printf "Checking for OpenSSL $func() ... "
-cat <<EOF > _$func.c
-#include <openssl/sha.h>
-int main(void) {
-	SHA256(NULL, NULL, 0);
-	return 0;
-}
-EOF
-	if $XCC _$func.c -lcrypto -o _$func 2>/dev/null; then
-		echo yes.
-		echo "LDFLAGS +=	-lcrypto" >>$CONFIG_MK
-	else
-		CRYPTO_SHA256=no
-	fi
-	rm -f _$func.c _$func
-	if [ "$CRYPTO_SHA256" = "no" ]; then
-		echo "Failed to link with your system's OpenSSL library, can't continue..."
-		exit 1
-	fi
+	echo "libssl.pc file not found or incompatible version detected, exiting."
+	exit 1
 fi
+echo "CFLAGS += $($PKGCONFIG_BIN --cflags libssl)" >>$CONFIG_MK
+echo "LDFLAGS +=        $($PKGCONFIG_BIN --libs libssl)" >>$CONFIG_MK
+echo "STATIC_LIBS +=    $($PKGCONFIG_BIN --libs --static libssl)" \
+	>>$CONFIG_MK
 
 #
 # If --enable-static enabled, build static binaries.