ssl: correct version detection

lib/ssl.c

@@ -237,13 +237,15 @@ lws_ssl_destroy(struct lws_vhost *vhost)
 	if (!vhost->user_supplied_ssl_ctx && vhost->ssl_client_ctx)
 		SSL_CTX_free(vhost->ssl_client_ctx);
 
-#if (OPENSSL_VERSION_NUMBER < 0x10100006L)
-#if (OPENSSL_VERSION_NUMBER < 0x01000000) || defined(USE_WOLFSSL)
+// after 1.1.0 no need
+#if (OPENSSL_VERSION_NUMBER <  0x10100000)
+// <= 1.0.1f = old api, 1.0.1g+ = new api
+#if (OPENSSL_VERSION_NUMBER <= 0x1000106f) || defined(USE_WOLFSSL)
 	ERR_remove_state(0);
 #else
-#if (OPENSSL_VERSION_NUMBER >= 0x10100005L) && \
-	!defined(LIBRESSL_VERSION_NUMBER) && \
-	!defined(OPENSSL_IS_BORINGSSL)
+#if OPENSSL_VERSION_NUMBER >= 0x1010005f && \
+    !defined(LIBRESSL_VERSION_NUMBER) && \
+    !defined(OPENSSL_IS_BORINGSSL)
 	ERR_remove_thread_state();
 #else
 	ERR_remove_thread_state(NULL);
@@ -253,6 +255,7 @@ lws_ssl_destroy(struct lws_vhost *vhost)
 	EVP_cleanup();
 	CRYPTO_cleanup_all_ex_data();
 #endif
+
 #endif
 #endif
 }
@@ -733,13 +736,16 @@ lws_ssl_context_destroy(struct lws_context *context)
 #else
 #if defined(LWS_USE_MBEDTLS)
 #else
-#if (OPENSSL_VERSION_NUMBER < 0x10100006L)
-#if (OPENSSL_VERSION_NUMBER < 0x01000000) || defined(USE_WOLFSSL)
+
+// after 1.1.0 no need
+#if (OPENSSL_VERSION_NUMBER <  0x10100000)
+// <= 1.0.1f = old api, 1.0.1g+ = new api
+#if (OPENSSL_VERSION_NUMBER <= 0x1000106f) || defined(USE_WOLFSSL)
 	ERR_remove_state(0);
 #else
-#if (OPENSSL_VERSION_NUMBER >= 0x10100005L) && \
-	!defined(LIBRESSL_VERSION_NUMBER) && \
-	!defined(OPENSSL_IS_BORINGSSL)
+#if OPENSSL_VERSION_NUMBER >= 0x1010005f && \
+    !defined(LIBRESSL_VERSION_NUMBER) && \
+    !defined(OPENSSL_IS_BORINGSSL)
 	ERR_remove_thread_state();
 #else
 	ERR_remove_thread_state(NULL);
@@ -749,6 +755,7 @@ lws_ssl_context_destroy(struct lws_context *context)
 	EVP_cleanup();
 	CRYPTO_cleanup_all_ex_data();
 #endif
+
 #endif
 #endif
 }