Require OpenSSL 1.1.x series 1.1.0g or greaterV_7_9_P1

Previous versions have a bug with EVP_CipherInit() when passed a NULL EVP_CIPHER, per https://github.com/openssl/openssl/pull/4613 ok dtucker@
author: Damien Miller <djm@mindrot.org> 2018-10-17 11:01:20 +1100
committer: Damien Miller <djm@mindrot.org> 2018-10-17 11:01:20 +1100
commit: aede1c34243a6f7feae2fb2cb686ade5f9be6f3d (patch)
tree: 421f34ba50ad884ee25802ff73c527a2724d39fa
parent: 08300c211409c212e010fe2e2f2883e573a04ce2 (diff)
1 files changed, 13 insertions, 9 deletions
diff --git a/configure.ac b/configure.ac
index 099ecdaa..7379ab35 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2612,15 +2612,19 @@ if test "x$openssl" = "xyes" ; then
 			ssl_library_ver=`cat conftest.ssllibver`
 			# Check version is supported.
 			case "$ssl_library_ver" in
-				10000*|0*)
-					AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")])
-			                ;;
-				100*)   ;; # 1.0.x
-				101*)   ;; # 1.1.x
-				200*)   ;; # LibreSSL
-			        *)
-					AC_MSG_ERROR([OpenSSL > 1.1.x is not yet supported (have "$ssl_library_ver")])
-			                ;;
+			10000*|0*)
+				AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")])
+		                ;;
+			100*)   ;; # 1.0.x
+			101000[0123456]*)
+				# https://github.com/openssl/openssl/pull/4613
+				AC_MSG_ERROR([OpenSSL 1.1.x versions prior to 1.1.0g have a bug that breaks their use with OpenSSH (have "$ssl_library_ver")])
+				;;
+			101*)   ;; # 1.1.x
+			200*)   ;; # LibreSSL
+		        *)
+				AC_MSG_ERROR([OpenSSL > 1.1.x is not yet supported (have "$ssl_library_ver")])
+		                ;;
 			esac
 			AC_MSG_RESULT([$ssl_library_ver])
 		],
author	Damien Miller <djm@mindrot.org>	2018-10-17 11:01:20 +1100
committer	Damien Miller <djm@mindrot.org>	2018-10-17 11:01:20 +1100
commit	aede1c34243a6f7feae2fb2cb686ade5f9be6f3d (patch)
tree	421f34ba50ad884ee25802ff73c527a2724d39fa
parent	08300c211409c212e010fe2e2f2883e573a04ce2 (diff)