--- openssl.c.orig	2016-08-31 17:46:02 UTC
+++ openssl.c
@@ -36,7 +36,7 @@
 #include <openssl/ui.h>
 #include <openssl/rsa.h>
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 #define X509_up_ref(x) 	CRYPTO_add(&(x)->references, 1, CRYPTO_LOCK_X509)
 #define X509_get0_notAfter(x) X509_get_notAfter(x)
 #define EVP_MD_CTX_new EVP_MD_CTX_create
@@ -1069,7 +1069,7 @@ static int set_peer_cert_hash(struct ope
 	return 0;
 }
 
-#if OPENSSL_VERSION_NUMBER < 0x10002000L
+#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER)
 static int match_hostname_elem(const char *hostname, int helem_len,
 			       const char *match, int melem_len)
 {
@@ -1605,7 +1605,7 @@ int openconnect_open_https(struct openco
 		return ssl_sock;
 
 	if (!vpninfo->https_ctx) {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 		vpninfo->https_ctx = SSL_CTX_new(TLSv1_client_method());
 #else
 		vpninfo->https_ctx = SSL_CTX_new(TLS_client_method());
@@ -1744,7 +1744,7 @@ int openconnect_open_https(struct openco
 	 * 4fcdd66fff5fea0cfa1055c6680a76a4303f28a2
 	 * cd6bd5ffda616822b52104fee0c4c7d623fd4f53
 	 */
-#if OPENSSL_VERSION_NUMBER >= 0x10001070
+#if OPENSSL_VERSION_NUMBER >= 0x10001070 && !defined(LIBRESSL_VERSION_NUMBER)
 	if (string_is_hostname(vpninfo->hostname))
 		SSL_set_tlsext_host_name(https_ssl, vpninfo->hostname);
 #endif