From fed580b73acde119372183f85486fb7ce97521e5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim Rühsen?= <address@hidden>
Date: Mon, 10 Nov 2014 15:34:46 +0100
Subject: [PATCH] Fix OpenSSL compile-time check for TLSv1.1 and TLSv1.2

Reported-by: Velemas Vosak <address@hidden>
---
 src/ChangeLog | 6 ++++++
 src/openssl.c | 9 ++++++++-
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/src/ChangeLog b/src/ChangeLog
index 1e68d91..ab99451 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,9 @@
+2014-11-10  Tim Ruehsen  <address@hidden>
+
+	* openssl.c: Fix compile-time check for TLSv1.1 and TLSv1.2
+
+	Reported-by: Velemas Vosak <address@hidden>
+
 2014-11-06  Tim Ruehsen  <address@hidden>

 	* init.c, main.c, options.h: added new option --crl-file
diff --git a/src/openssl.c b/src/openssl.c
index edffe41..6685ee7 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -220,13 +220,20 @@ ssl_init (void)
     case secure_protocol_tlsv1:
       meth = TLSv1_client_method ();
       break;
-#if OPENSSL_VERSION_NUMBER >= 0x01001000
+#if OPENSSL_VERSION_NUMBER >= 0x10001000
     case secure_protocol_tlsv1_1:
       meth = TLSv1_1_client_method ();
       break;
     case secure_protocol_tlsv1_2:
       meth = TLSv1_2_client_method ();
       break;
+#else
+    case secure_protocol_tlsv1_1:
+		logprintf (LOG_NOTQUIET, _("Your OpenSSL version is too old to support TLSv1.1\n"));
+		goto error;
+    case secure_protocol_tlsv1_2:
+		logprintf (LOG_NOTQUIET, _("Your OpenSSL version is too old to support TLSv1.2\n"));
+		goto error;
 #endif
     default:
       abort ();
--
2.1.3