84d17f
diff -up openwsman-2.6.5/src/lib/wsman-curl-client-transport.c.orig openwsman-2.6.5/src/lib/wsman-curl-client-transport.c
84d17f
--- openwsman-2.6.5/src/lib/wsman-curl-client-transport.c.orig	2017-11-28 09:32:15.000000000 +0100
84d17f
+++ openwsman-2.6.5/src/lib/wsman-curl-client-transport.c	2018-01-23 13:14:59.357153453 +0100
2b4772
@@ -241,12 +241,20 @@ write_handler( void *ptr, size_t size, s
c4e009
 static int ssl_certificate_thumbprint_verify_callback(X509_STORE_CTX *ctx, void *arg)
c4e009
 {
c4e009
 	unsigned char *thumbprint = (unsigned char *)arg;
c4e009
-	X509 *cert = ctx->cert;
c4e009
 	EVP_MD                                  *tempDigest;
c4e009
 
c4e009
 	unsigned char   tempFingerprint[EVP_MAX_MD_SIZE];
c4e009
 	unsigned int      tempFingerprintLen;
c4e009
 	tempDigest = (EVP_MD*)EVP_sha1( );
c4e009
+
2b4772
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
c4e009
+	X509 *cert = X509_STORE_CTX_get_current_cert(ctx);
2b4772
+#else
2b4772
+	X509 *cert = ctx->cert;
2b4772
+#endif
c4e009
+	if(!cert)
c4e009
+		return 0;
c4e009
+
c4e009
 	if ( X509_digest(cert, tempDigest, tempFingerprint, &tempFingerprintLen ) <= 0)
c4e009
 		return 0;
c4e009
 	if(!memcmp(tempFingerprint, thumbprint, tempFingerprintLen))
84d17f
diff -up openwsman-2.6.5/src/server/shttpd/compat_unix.h.orig openwsman-2.6.5/src/server/shttpd/compat_unix.h
84d17f
--- openwsman-2.6.5/src/server/shttpd/compat_unix.h.orig	2017-11-28 09:32:15.000000000 +0100
84d17f
+++ openwsman-2.6.5/src/server/shttpd/compat_unix.h	2018-01-23 13:14:59.357153453 +0100
84d17f
@@ -27,10 +27,6 @@
39db6f
 	pthread_create(&tid, NULL, (void *(*)(void *))a, c); } while (0)
39db6f
 #endif /* !NO_THREADS */
c4e009
 
84d17f
-#ifndef SSL_LIB
39db6f
-#define	SSL_LIB				"libssl.so"
84d17f
-#endif
84d17f
-
39db6f
 #define	DIRSEP				'/'
39db6f
 #define	IS_DIRSEP_CHAR(c)		((c) == '/')
39db6f
 #define	O_BINARY			0
84d17f
diff -up openwsman-2.6.5/src/server/shttpd/io_ssl.c.orig openwsman-2.6.5/src/server/shttpd/io_ssl.c
84d17f
--- openwsman-2.6.5/src/server/shttpd/io_ssl.c.orig	2017-11-28 09:32:15.000000000 +0100
84d17f
+++ openwsman-2.6.5/src/server/shttpd/io_ssl.c	2018-01-23 13:14:59.357153453 +0100
39db6f
@@ -11,23 +11,6 @@
39db6f
 #include "defs.h"
c4e009
 
c4e009
 #if !defined(NO_SSL)
c4e009
-struct ssl_func	ssl_sw[] = {
c4e009
-	{"SSL_free",			{0}},
c4e009
-	{"SSL_accept",			{0}},
c4e009
-	{"SSL_connect",			{0}},
c4e009
-	{"SSL_read",			{0}},
c4e009
-	{"SSL_write",			{0}},
c4e009
-	{"SSL_get_error",		{0}},
c4e009
-	{"SSL_set_fd",			{0}},
c4e009
-	{"SSL_new",			{0}},
c4e009
-	{"SSL_CTX_new",			{0}},
c4e009
-	{"SSLv23_server_method",	{0}},
c4e009
-	{"SSL_library_init",		{0}},
c4e009
-	{"SSL_CTX_use_PrivateKey_file",	{0}},
c4e009
-	{"SSL_CTX_use_certificate_file",{0}},
c4e009
-	{NULL,				{0}}
c4e009
-};
39db6f
-
c4e009
 void
39db6f
 _shttpd_ssl_handshake(struct stream *stream)
39db6f
 {
84d17f
diff -up openwsman-2.6.5/src/server/shttpd/shttpd.c.orig openwsman-2.6.5/src/server/shttpd/shttpd.c
84d17f
--- openwsman-2.6.5/src/server/shttpd/shttpd.c.orig	2017-11-28 09:32:15.000000000 +0100
84d17f
+++ openwsman-2.6.5/src/server/shttpd/shttpd.c	2018-01-23 13:16:13.738228773 +0100
84d17f
@@ -1476,20 +1476,14 @@ set_ssl(struct shttpd_ctx *ctx, const ch
39db6f
 	int		retval = FALSE;
84d17f
 	EC_KEY*		key;
39db6f
 
39db6f
-	/* Load SSL library dynamically */
39db6f
-	if ((lib = dlopen(SSL_LIB, RTLD_LAZY)) == NULL) {
39db6f
-		_shttpd_elog(E_LOG, NULL, "set_ssl: cannot load %s", SSL_LIB);
39db6f
-		return (FALSE);
39db6f
-	}
39db6f
-
39db6f
-	for (fp = ssl_sw; fp->name != NULL; fp++)
39db6f
-		if ((fp->ptr.v_void = dlsym(lib, fp->name)) == NULL) {
39db6f
-			_shttpd_elog(E_LOG, NULL,"set_ssl: cannot find %s", fp->name);
39db6f
-			return (FALSE);
39db6f
-		}
39db6f
-
39db6f
 	/* Initialize SSL crap */
39db6f
+	debug("Initialize SSL");
39db6f
+	SSL_load_error_strings();
2b4772
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
39db6f
+	OPENSSL_init_ssl(0, NULL);
2b4772
+#else
2b4772
 	SSL_library_init();
2b4772
+#endif
39db6f
 
39db6f
 	if ((CTX = SSL_CTX_new(SSLv23_server_method())) == NULL)
39db6f
 		_shttpd_elog(E_LOG, NULL, "SSL_CTX_new error");
84d17f
@@ -1532,7 +1526,11 @@ set_ssl(struct shttpd_ctx *ctx, const ch
39db6f
 			if (strncasecmp(protocols[idx].name, ssl_disabled_protocols, blank_ptr-ssl_disabled_protocols) == 0) {
39db6f
 				//_shttpd_elog(E_LOG, NULL, "SSL: disable %s protocol", protocols[idx].name);
39db6f
 				debug("SSL: disable %s protocol", protocols[idx].name);
2b4772
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
39db6f
+				SSL_CTX_set_options(CTX, protocols[idx].opt);
2b4772
+#else
2b4772
 				SSL_CTX_ctrl(CTX, SSL_CTRL_OPTIONS, protocols[idx].opt, NULL);
2b4772
+#endif
39db6f
 				break;
39db6f
 			}
39db6f
 		}
84d17f
diff -up openwsman-2.6.5/src/server/shttpd/ssl.h.orig openwsman-2.6.5/src/server/shttpd/ssl.h
84d17f
--- openwsman-2.6.5/src/server/shttpd/ssl.h.orig	2017-11-28 09:32:15.000000000 +0100
84d17f
+++ openwsman-2.6.5/src/server/shttpd/ssl.h	2018-01-23 13:14:59.358153454 +0100
39db6f
@@ -12,50 +12,4 @@
c4e009
 
39db6f
 #include <openssl/ssl.h>
c4e009
 
c4e009
-#else
c4e009
-
c4e009
-/*
c4e009
- * Snatched from OpenSSL includes. I put the prototypes here to be independent
c4e009
- * from the OpenSSL source installation. Having this, shttpd + SSL can be
c4e009
- * built on any system with binary SSL libraries installed.
c4e009
- */
c4e009
-
c4e009
-typedef struct ssl_st SSL;
c4e009
-typedef struct ssl_method_st SSL_METHOD;
c4e009
-typedef struct ssl_ctx_st SSL_CTX;
c4e009
-
c4e009
-#define	SSL_ERROR_WANT_READ	2
c4e009
-#define	SSL_ERROR_WANT_WRITE	3
39db6f
-#define	SSL_ERROR_SYSCALL	5
39db6f
-#define	SSL_FILETYPE_PEM	1
c4e009
-
c4e009
 #endif
c4e009
-
c4e009
-/*
c4e009
- * Dynamically loaded SSL functionality
c4e009
- */
c4e009
-struct ssl_func {
c4e009
-	const char	*name;		/* SSL function name	*/
c4e009
-	union variant	ptr;		/* Function pointer	*/
c4e009
-};
c4e009
-
c4e009
-extern struct ssl_func	ssl_sw[];
c4e009
-
c4e009
-#define	FUNC(x)	ssl_sw[x].ptr.v_func
c4e009
-
c4e009
-#define	SSL_free(x)	(* (void (*)(SSL *)) FUNC(0))(x)
c4e009
-#define	SSL_accept(x)	(* (int (*)(SSL *)) FUNC(1))(x)
c4e009
-#define	SSL_connect(x)	(* (int (*)(SSL *)) FUNC(2))(x)
c4e009
-#define	SSL_read(x,y,z)	(* (int (*)(SSL *, void *, int)) FUNC(3))((x),(y),(z))
c4e009
-#define	SSL_write(x,y,z) \
c4e009
-	(* (int (*)(SSL *, const void *,int)) FUNC(4))((x), (y), (z))
c4e009
-#define	SSL_get_error(x,y)(* (int (*)(SSL *, int)) FUNC(5))((x), (y))
c4e009
-#define	SSL_set_fd(x,y)	(* (int (*)(SSL *, int)) FUNC(6))((x), (y))
c4e009
-#define	SSL_new(x)	(* (SSL * (*)(SSL_CTX *)) FUNC(7))(x)
c4e009
-#define	SSL_CTX_new(x)	(* (SSL_CTX * (*)(SSL_METHOD *)) FUNC(8))(x)
c4e009
-#define	SSLv23_server_method()	(* (SSL_METHOD * (*)(void)) FUNC(9))()
c4e009
-#define	SSL_library_init() (* (int (*)(void)) FUNC(10))()
c4e009
-#define	SSL_CTX_use_PrivateKey_file(x,y,z)	(* (int (*)(SSL_CTX *, \
c4e009
-		const char *, int)) FUNC(11))((x), (y), (z))
c4e009
-#define	SSL_CTX_use_certificate_file(x,y,z)	(* (int (*)(SSL_CTX *, \
c4e009
-		const char *, int)) FUNC(12))((x), (y), (z))