From aede1c34243a6f7feae2fb2cb686ade5f9be6f3d Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Wed, 17 Oct 2018 11:01:20 +1100
Subject: Require OpenSSL 1.1.x series 1.1.0g or greater

Previous versions have a bug with EVP_CipherInit() when passed a
NULL EVP_CIPHER, per https://github.com/openssl/openssl/pull/4613

ok dtucker@
---
 configure.ac | 22 +++++++++++++---------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/configure.ac b/configure.ac
index 099ecdaa..7379ab35 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2612,15 +2612,19 @@ if test "x$openssl" = "xyes" ; then
 			ssl_library_ver=`cat conftest.ssllibver`
 			# Check version is supported.
 			case "$ssl_library_ver" in
-				10000*|0*)
-					AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")])
-			                ;;
-				100*)   ;; # 1.0.x
-				101*)   ;; # 1.1.x
-				200*)   ;; # LibreSSL
-			        *)
-					AC_MSG_ERROR([OpenSSL > 1.1.x is not yet supported (have "$ssl_library_ver")])
-			                ;;
+			10000*|0*)
+				AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")])
+		                ;;
+			100*)   ;; # 1.0.x
+			101000[0123456]*)
+				# https://github.com/openssl/openssl/pull/4613
+				AC_MSG_ERROR([OpenSSL 1.1.x versions prior to 1.1.0g have a bug that breaks their use with OpenSSH (have "$ssl_library_ver")])
+				;;
+			101*)   ;; # 1.1.x
+			200*)   ;; # LibreSSL
+		        *)
+				AC_MSG_ERROR([OpenSSL > 1.1.x is not yet supported (have "$ssl_library_ver")])
+		                ;;
 			esac
 			AC_MSG_RESULT([$ssl_library_ver])
 		],
-- 
cgit v1.2.3