From 8553ecfb3a4975318c0e6af2cc3d9afcf97f1704 Mon Sep 17 00:00:00 2001
From: Andy Green <andy@warmcat.com>
Date: Thu, 6 Apr 2017 09:02:58 +0800
Subject: [PATCH] ssl: OpenSSL v1.1 deprecated TLSv1_2_client_method

---
 CMakeLists.txt   |  4 ++++
 lib/ssl-client.c | 10 +++++++++-
 lws_config.h.in  |  5 +++++
 3 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index edd52360..2c35ddb5 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -463,6 +463,10 @@ CHECK_FUNCTION_EXISTS(_snprintf LWS_HAVE__SNPRINTF)
 CHECK_FUNCTION_EXISTS(_vsnprintf LWS_HAVE__VSNPRINTF)
 CHECK_FUNCTION_EXISTS(getloadavg LWS_HAVE_GETLOADAVG)
 
+CHECK_FUNCTION_EXISTS(TLS_client_method LWS_HAVE_TLS_CLIENT_METHOD)
+CHECK_FUNCTION_EXISTS(TLSv1_2_client_method LWS_HAVE_TLSV1_2_CLIENT_METHOD)
+
+
 if (NOT LWS_HAVE_GETIFADDRS)
 	if (LWS_WITHOUT_BUILTIN_GETIFADDRS)
 		message(FATAL_ERROR "No getifaddrs was found on the system. Turn off the LWS_WITHOUT_BUILTIN_GETIFADDRS compile option to use the supplied BSD version.")
diff --git a/lib/ssl-client.c b/lib/ssl-client.c
index 56676b24..a13877a8 100644
--- a/lib/ssl-client.c
+++ b/lib/ssl-client.c
@@ -337,7 +337,7 @@ int lws_context_init_client_ssl(struct lws_context_creation_info *info,
 #else
 #if defined(LWS_USE_MBEDTLS)
 #else
-	SSL_METHOD *method;
+	SSL_METHOD *method = NULL;
 	struct lws wsi;
 	unsigned long error;
 	int n;
@@ -359,7 +359,15 @@ int lws_context_init_client_ssl(struct lws_context_creation_info *info,
 
 	/* basic openssl init already happened in context init */
 
+	/* choose the most recent spin of the api */
+#if defined(LWS_HAVE_TLS_CLIENT_METHOD)
+	method = (SSL_METHOD *)TLS_client_method();
+#if defined(LWS_HAVE_TLSV1_2_CLIENT_METHOD)
+	method = (SSL_METHOD *)TLSv1_2_client_method();
+#else
 	method = (SSL_METHOD *)SSLv23_client_method();
+#endif
+#endif
 	if (!method) {
 		error = ERR_get_error();
 		lwsl_err("problem creating ssl method %lu: %s\n",
diff --git a/lws_config.h.in b/lws_config.h.in
index 7cce17ed..c3b1324f 100644
--- a/lws_config.h.in
+++ b/lws_config.h.in
@@ -114,4 +114,9 @@
 /* SMTP */
 #cmakedefine LWS_WITH_SMTP
 
+/* OpenSSL various APIs */
+
+#cmakedefine LWS_HAVE_TLS_CLIENT_METHOD
+#cmakedefine LWS_HAVE_TLSV1_2_CLIENT_METHOD
+
 ${LWS_SIZEOFPTR_CODE}