A new user interface for you! Read more...

File kdelibs-3.5.10-ossl-1.1.x.patch of Package kdelibs3

diff -Naru kdelibs-3.5.10_orig/kcert/kcertpart.cc kdelibs-3.5.10/kcert/kcertpart.cc
--- kdelibs-3.5.10_orig/kcert/kcertpart.cc	2005-10-11 00:05:53.000000000 +0900
+++ kdelibs-3.5.10/kcert/kcertpart.cc	2019-07-20 20:46:11.993557957 +0900
@@ -429,7 +429,12 @@
 	if (certFile.endsWith("der") || certFile.endsWith("crt")) {
 		enc = _ca->toDer();
 	} else if (certFile.endsWith("netscape")) {
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+		KMessageBox::sorry(_frame, i18n("Netscape format is not supported anymore!"), i18n("Certificate Import"));
+		return false;
+#else
 		enc = _ca->toNetscape();
+#endif
 	} else {
 		enc = _ca->toPem();
 	}
diff -Naru kdelibs-3.5.10_orig/kio/Makefile.am kdelibs-3.5.10/kio/Makefile.am
--- kdelibs-3.5.10_orig/kio/Makefile.am	2005-10-11 00:05:44.000000000 +0900
+++ kdelibs-3.5.10/kio/Makefile.am	2019-07-20 20:46:11.993557957 +0900
@@ -32,7 +32,7 @@
 	kio/libksycoca.la bookmarks/libkbookmarks.la kfile/libkfile.la \
 	../kdeui/libkdeui.la ../kdesu/libkdesu.la \
 	../kwallet/client/libkwalletclient.la \
-	$(LIBZ) $(LIBFAM) $(LIBVOLMGT) $(ACL_LIBS)
+	$(LIBZ) $(LIBFAM) $(LIBVOLMGT) $(LIBSSL) $(ACL_LIBS)
 
 kde_mime_DATA = magic
 kde_servicetypes_DATA = application.desktop kurifilterplugin.desktop \
diff -Naru kdelibs-3.5.10_orig/kio/kssl/kopenssl.cc kdelibs-3.5.10/kio/kssl/kopenssl.cc
--- kdelibs-3.5.10_orig/kio/kssl/kopenssl.cc	2019-07-20 20:45:03.266115398 +0900
+++ kdelibs-3.5.10/kio/kssl/kopenssl.cc	2019-07-20 20:47:32.436905525 +0900
@@ -53,7 +53,7 @@
                          int (*)(int, X509_STORE_CTX *)) = 0L;
 static int (*K_SSL_use_certificate)(SSL *, X509 *) = 0L;
 static SSL_CIPHER *(*K_SSL_get_current_cipher)(SSL *) = 0L;
-static long (*K_SSL_ctrl)      (SSL *,int, long, char *) = 0L;
+static long (*K_SSL_ctrl)      (SSL *,int, long, void *) = 0L;
 static int (*K_RAND_egd)        (const char *) = 0L;
 static const char* (*K_RAND_file_name) (char *, size_t) = 0L;
 static int (*K_RAND_load_file)  (const char *, long) = 0L;
@@ -558,7 +558,7 @@
                                   _sslLib->symbol("SSL_CTX_use_certificate");
       K_SSL_get_current_cipher = (SSL_CIPHER *(*)(SSL *))
                                   _sslLib->symbol("SSL_get_current_cipher");
-      K_SSL_ctrl = (long (*)(SSL * ,int, long, char *))
+      K_SSL_ctrl = (long (*)(SSL * ,int, long, void *))
                                   _sslLib->symbol("SSL_ctrl");
       K_TLSv1_client_method = (SSL_METHOD *(*)()) _sslLib->symbol("TLSv1_client_method");
       K_SSLv2_client_method = (SSL_METHOD *(*)()) _sslLib->symbol("SSLv2_client_method");
@@ -747,7 +747,7 @@
 }
 
 
-long KOpenSSLProxy::SSL_ctrl(SSL *ssl,int cmd, long larg, char *parg) {
+long KOpenSSLProxy::SSL_ctrl(SSL *ssl,int cmd, long larg, void *parg) {
    if (K_SSL_ctrl) return (K_SSL_ctrl)(ssl, cmd, larg, parg);
    return -1;
 }
@@ -1082,6 +1082,7 @@
 }
 
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 void KOpenSSLProxy::sk_free(STACK *s) {
    if (K_sk_free) (K_sk_free)(s);
 }
@@ -1103,6 +1104,7 @@
    if (K_sk_value) return (K_sk_value)(s, n);
    else return 0L;
 }
+#endif
 
 
 void KOpenSSLProxy::X509_STORE_CTX_set_chain(X509_STORE_CTX *v, STACK_OF(X509)* x) {
@@ -1114,6 +1116,7 @@
 }
 
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 STACK* KOpenSSLProxy::sk_dup(STACK *s) {
    if (K_sk_dup) return (K_sk_dup)(s);
    else return 0L;
@@ -1130,6 +1133,7 @@
    if (K_sk_push) return (K_sk_push)(s,d);
    else return -1;
 }
+#endif
 
 
 char *KOpenSSLProxy::i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint) {
diff -Naru kdelibs-3.5.10_orig/kio/kssl/kopenssl.h kdelibs-3.5.10/kio/kssl/kopenssl.h
--- kdelibs-3.5.10_orig/kio/kssl/kopenssl.h	2019-07-20 20:45:03.266115398 +0900
+++ kdelibs-3.5.10/kio/kssl/kopenssl.h	2019-07-20 20:47:07.465108058 +0900
@@ -188,7 +188,7 @@
    /* long SSL_set_options(SSL *ssl, long options); */
    /*   Returns 0 if not reused, 1 if session id is reused */
    /*   int SSL_session_reused(SSL *ssl); */
-   long    SSL_ctrl(SSL *ssl,int cmd, long larg, char *parg);
+   long    SSL_ctrl(SSL *ssl,int cmd, long larg, void *parg);
 
    /*
     *   RAND_egd - set the path to the EGD
diff -Naru kdelibs-3.5.10_orig/kio/kssl/ksmimecrypto.cc kdelibs-3.5.10/kio/kssl/ksmimecrypto.cc
--- kdelibs-3.5.10_orig/kio/kssl/ksmimecrypto.cc	2019-07-20 20:45:03.254115494 +0900
+++ kdelibs-3.5.10/kio/kssl/ksmimecrypto.cc	2019-07-20 20:46:11.993557957 +0900
@@ -38,6 +38,7 @@
 #endif
 
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 // forward included macros to KOpenSSLProxy
 #define sk_new kossl->sk_new
 #define sk_free kossl->sk_free
@@ -45,6 +46,7 @@
 #define sk_value kossl->sk_value
 #define sk_num kossl->sk_num
 #define BIO_ctrl kossl->BIO_ctrl
+#endif
 
 
 #ifdef KSSL_HAVE_SSL
@@ -87,7 +89,11 @@
 
 
 STACK_OF(X509) *KSMIMECryptoPrivate::certsToX509(QPtrList<KSSLCertificate> &certs) {
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+    STACK_OF(X509) *x509 = reinterpret_cast<STACK_OF(X509)*>(OPENSSL_sk_new(NULL));
+#else
     STACK_OF(X509) *x509 = reinterpret_cast<STACK_OF(X509)*>(sk_new(NULL));
+#endif
     KSSLCertificate *cert = certs.first();
     while(cert) {
 	sk_X509_push(x509, cert->getCert());
@@ -242,7 +248,11 @@
        We assume that openssl uses malloc() (it does in
        default config) and rip out the buffer.
     */
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+    reinterpret_cast<BUF_MEM *>(BIO_get_data(src))->data = NULL;
+#else
     reinterpret_cast<BUF_MEM *>(src->ptr)->data = NULL;
+#endif
 }
 
     
diff -Naru kdelibs-3.5.10_orig/kio/kssl/kssl.cc kdelibs-3.5.10/kio/kssl/kssl.cc
--- kdelibs-3.5.10_orig/kio/kssl/kssl.cc	2006-10-02 02:33:33.000000000 +0900
+++ kdelibs-3.5.10/kio/kssl/kssl.cc	2019-07-20 20:46:11.993557957 +0900
@@ -215,8 +215,13 @@
 		return true;
 	}
 
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+	// reference count must be incremented via function.
+	SSL_SESSION_up_ref(static_cast<SSL_SESSION*>(session->_session));
+#else
 	// Obtain a reference by incrementing the reference count.  Yuck.
 	static_cast<SSL_SESSION*>(session->_session)->references++;
+#endif
 
 	d->session = new KSSLSession;
 	d->session->_session = session->_session;
@@ -284,6 +289,11 @@
 		return -1;
 
 	if (d->session) {
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+		kdDebug(7029) << "Can't reuse session because openssl is 1.1 or later." << endl;
+		delete d->session;
+		d->session = 0;
+#else
 		if (static_cast<SSL_SESSION*>(d->session->_session)->sess_cert == 0)
 		{
 			kdDebug(7029) << "Can't reuse session, no certificate." << endl;
@@ -297,6 +307,7 @@
 			delete d->session;
 			d->session = 0;
 		}
+#endif
 	}
 
 /*
@@ -316,7 +327,8 @@
 	if (!m_cfg->sslv2())
 		off |= SSL_OP_NO_SSLv2;
 
-	d->kossl->SSL_set_options(d->m_ssl, off);
+	// d->kossl->SSL_set_options(d->m_ssl, off);
+	SSL_set_options(d->m_ssl, off);
 
 	rc = d->kossl->SSL_set_fd(d->m_ssl, sock);
 	if (rc == 0) {
@@ -341,7 +353,8 @@
 		return -1;
 	}
 
-	if (!d->kossl->SSL_session_reused(d->m_ssl)) {
+	// if (!d->kossl->SSL_session_reused(d->m_ssl)) {
+	if (!SSL_session_reused(d->m_ssl)) {
 		if (d->session) {
 			kdDebug(7029) << "Session reuse failed.  New session used instead." << endl;
 			delete d->session;
@@ -375,6 +388,12 @@
 		return -1;
 
 	if (d->session) {
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+		kdDebug(7029) << "Can't reuse session because openssl is 1.1 or later." << endl;
+		delete d->session;
+		d->session = 0;
+#else
+
 		if (static_cast<SSL_SESSION*>(d->session->_session)->sess_cert == 0)
 		{
 			kdDebug(7029) << "Can't reuse session, no certificate." << endl;
@@ -388,6 +407,7 @@
 			delete d->session;
 			d->session = 0;
 		}
+#endif
 	}
 
 /*
@@ -407,7 +427,8 @@
 	if (!m_cfg->sslv2())
 		off |= SSL_OP_NO_SSLv2;
 
-	d->kossl->SSL_set_options(d->m_ssl, off);
+	// d->kossl->SSL_set_options(d->m_ssl, off);
+	SSL_set_options(d->m_ssl, off);
 
 	rc = d->kossl->SSL_set_fd(d->m_ssl, sock);
 	if (rc == 0) {
@@ -441,7 +462,8 @@
 		}
 	}
 
-	if (!d->kossl->SSL_session_reused(d->m_ssl)) {
+	// if (!d->kossl->SSL_session_reused(d->m_ssl)) {
+	if (!SSL_session_reused(d->m_ssl)) {
 		if (d->session) {
 			kdDebug(7029) << "Session reuse failed.  New session used instead." << endl;
 			delete d->session;
@@ -679,7 +701,8 @@
 
 bool KSSL::reusingSession() const {
 #ifdef KSSL_HAVE_SSL
-	return (d->m_ssl && d->kossl->SSL_session_reused(d->m_ssl));
+	// return (d->m_ssl && d->kossl->SSL_session_reused(d->m_ssl));
+	return (d->m_ssl && SSL_session_reused(d->m_ssl));
 #else
 	return false;
 #endif
diff -Naru kdelibs-3.5.10_orig/kio/kssl/ksslcallback.c kdelibs-3.5.10/kio/kssl/ksslcallback.c
--- kdelibs-3.5.10_orig/kio/kssl/ksslcallback.c	2005-10-11 00:05:44.000000000 +0900
+++ kdelibs-3.5.10/kio/kssl/ksslcallback.c	2019-07-20 20:46:11.997557925 +0900
@@ -28,7 +28,7 @@
 extern "C" {
 static int X509Callback(int ok, X509_STORE_CTX *ctx) {
  
-  kdDebug(7029) << "X509Callback: ok = " << ok << " error = " << ctx->error << " depth = " << ctx->error_depth << endl;
+  // kdDebug(7029) << "X509Callback: ok = " << ok << " error = " << ctx->error << " depth = " << ctx->error_depth << endl;
   // Here is how this works.  We put "ok = 1;" in any case that we
   // don't consider to be an error.  In that case, it will return OK
   // for the certificate check as long as there are no other critical
@@ -39,14 +39,22 @@
 
   if (KSSL_X509CallBack_ca)
   {
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+     if (KOSSL::self()->X509_cmp(X509_STORE_CTX_get_current_cert(ctx), KSSL_X509CallBack_ca) != 0)
+#else
      if (KOSSL::self()->X509_cmp(ctx->current_cert, KSSL_X509CallBack_ca) != 0)
+#endif
         return 1; // Ignore errors for this certificate
 
      KSSL_X509CallBack_ca_found = true;
   }
  
   if (!ok) {
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+    switch (X509_STORE_CTX_get_error(ctx)) {
+#else
     switch (ctx->error) {
+#endif
       case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
       case X509_V_ERR_UNABLE_TO_GET_CRL:
       case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
diff -Naru kdelibs-3.5.10_orig/kio/kssl/ksslcertchain.cc kdelibs-3.5.10/kio/kssl/ksslcertchain.cc
--- kdelibs-3.5.10_orig/kio/kssl/ksslcertchain.cc	2005-10-11 00:05:44.000000000 +0900
+++ kdelibs-3.5.10/kio/kssl/ksslcertchain.cc	2019-07-20 20:46:11.997557925 +0900
@@ -45,6 +45,7 @@
 
 
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 #ifdef KSSL_HAVE_SSL
 #define sk_new d->kossl->sk_new
 #define sk_push d->kossl->sk_push
@@ -54,6 +55,7 @@
 #define sk_dup d->kossl->sk_dup
 #define sk_pop d->kossl->sk_pop
 #endif
+#endif
 
 class KSSLCertChainPrivate {
 public:
@@ -147,7 +149,11 @@
 }
 
   if (chain.count() == 0) return;
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+  _chain = (void *)OPENSSL_sk_new(NULL);
+#else
   _chain = (void *)sk_new(NULL);
+#endif
   for (KSSLCertificate *x = chain.first(); x != 0; x = chain.next()) {
     sk_X509_push((STACK_OF(X509)*)_chain, d->kossl->X509_dup(x->getCert()));
   }
@@ -172,7 +178,11 @@
 
 if (!stack_of_x509) return;
 
-_chain = (void *)sk_new(NULL);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+  _chain = (void *)OPENSSL_sk_new(NULL);
+#else
+  _chain = (void *)sk_new(NULL);
+#endif
 STACK_OF(X509) *x = (STACK_OF(X509) *)stack_of_x509;
 
    for (int i = 0; i < sk_X509_num(x); i++) {
diff -Naru kdelibs-3.5.10_orig/kio/kssl/ksslcertificate.cc kdelibs-3.5.10/kio/kssl/ksslcertificate.cc
--- kdelibs-3.5.10_orig/kio/kssl/ksslcertificate.cc	2019-07-20 20:45:03.266115398 +0900
+++ kdelibs-3.5.10/kio/kssl/ksslcertificate.cc	2019-07-20 20:46:11.997557925 +0900
@@ -171,7 +171,7 @@
 	if (!t)
 		return rc;
 	rc = t;
-	d->kossl->OPENSSL_free(t);
+	OPENSSL_free(t);
 #endif
 return rc;
 }
@@ -198,14 +198,28 @@
 char *s;
 int n, i;
 
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+        i = X509_get_signature_nid(d->m_cert);
+#else
 	i = d->kossl->OBJ_obj2nid(d->m_cert->sig_alg->algorithm);
+#endif
 	rc = i18n("Signature Algorithm: ");
 	rc += (i == NID_undef)?i18n("Unknown"):QString(d->kossl->OBJ_nid2ln(i));
 
 	rc += "\n";
 	rc += i18n("Signature Contents:");
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+	const ASN1_BIT_STRING *psig;
+	const X509_ALGOR *palg;
+
+        X509_get0_signature(&psig, &palg, d->m_cert);
+
+	n = ASN1_STRING_length(psig);
+	s = (char *)ASN1_STRING_get0_data(psig);
+#else
 	n = d->m_cert->signature->length;
 	s = (char *)d->m_cert->signature->data;
+#endif
 	for (i = 0; i < n; i++) {
 		if (i%20 != 0) rc += ":";
 		else rc += "\n";
@@ -227,8 +241,13 @@
 	
 	STACK *s = d->kossl->X509_get1_email(d->m_cert);
 	if (s) {
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+		for(int n=0; n < OPENSSL_sk_num(s); n++) {
+			to.append((const char*)(OPENSSL_sk_value(s,n)));
+#else
 		for(int n=0; n < s->num; n++) {
 			to.append(d->kossl->sk_value(s,n));
+#endif
 		}
 		d->kossl->X509_email_free(s);
 	}
@@ -309,12 +328,20 @@
 	EVP_PKEY *pkey = d->kossl->X509_get_pubkey(d->m_cert);
 	if (pkey) {
 		#ifndef NO_RSA
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+			if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA)
+#else
 			if (pkey->type == EVP_PKEY_RSA)
+#endif
 				rc = "RSA";
 			else
 		#endif
 		#ifndef NO_DSA
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+			if (EVP_PKEY_id(pkey) == EVP_PKEY_DSA)
+#else
 			if (pkey->type == EVP_PKEY_DSA)
+#endif
 				rc = "DSA";
 			else
 		#endif
@@ -337,10 +364,21 @@
 	if (pkey) {
 		rc = i18n("Unknown", "Unknown key algorithm");
 		#ifndef NO_RSA
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+			if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA) {
+#else
 			if (pkey->type == EVP_PKEY_RSA) {
+#endif
 				rc = i18n("Key type: RSA (%1 bit)") + "\n";
 
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+				const BIGNUM *n, *e;
+
+				RSA_get0_key(EVP_PKEY_get0_RSA(pkey), &n, &e, NULL);
+				x = d->kossl->BN_bn2hex(n);
+#else
 				x = d->kossl->BN_bn2hex(pkey->pkey.rsa->n);
+#endif
 				rc += i18n("Modulus: ");
 				rc = rc.arg(strlen(x)*4);
 				for (unsigned int i = 0; i < strlen(x); i++) {
@@ -351,18 +389,33 @@
 					rc += x[i];
 				}
 				rc += "\n";
-				d->kossl->OPENSSL_free(x);
+				OPENSSL_free(x);
 
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+				x = d->kossl->BN_bn2hex(e);
+#else
 				x = d->kossl->BN_bn2hex(pkey->pkey.rsa->e);
+#endif
 				rc += i18n("Exponent: 0x") + x + "\n";
-				d->kossl->OPENSSL_free(x);
+				OPENSSL_free(x);
 			}
 		#endif
 		#ifndef NO_DSA
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L	
+			if (EVP_PKEY_id(pkey) == EVP_PKEY_DSA) {
+#else
 			if (pkey->type == EVP_PKEY_DSA) {
+#endif
 				rc = i18n("Key type: DSA (%1 bit)") + "\n";
 
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+                                const BIGNUM *p, *q, *g;
+
+                                DSA_get0_pqg(EVP_PKEY_get0_DSA(pkey), &p, &q, &g);
+                                x = d->kossl->BN_bn2hex(p);
+#else
 				x = d->kossl->BN_bn2hex(pkey->pkey.dsa->p);
+#endif
 				rc += i18n("Prime: ");
 				// hack - this may not be always accurate
 				rc = rc.arg(strlen(x)*4) ;
@@ -374,9 +427,13 @@
 					rc += x[i];
 				}
 				rc += "\n";
-				d->kossl->OPENSSL_free(x);
+				OPENSSL_free(x);
 
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+				x = d->kossl->BN_bn2hex(q);
+#else
 				x = d->kossl->BN_bn2hex(pkey->pkey.dsa->q);
+#endif
 				rc += i18n("160 bit prime factor: ");
 				for (unsigned int i = 0; i < strlen(x); i++) {
 					if (i%40 != 0 && i%2 == 0)
@@ -386,9 +443,13 @@
 					rc += x[i];
 				}
 				rc += "\n";
-				d->kossl->OPENSSL_free(x);
-	
+				OPENSSL_free(x);
+
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+				x = d->kossl->BN_bn2hex(g);
+#else	
 				x = d->kossl->BN_bn2hex(pkey->pkey.dsa->g);
+#endif
 				rc += QString("g: ");
 				for (unsigned int i = 0; i < strlen(x); i++) {
 					if (i%40 != 0 && i%2 == 0)
@@ -398,9 +459,16 @@
 					rc += x[i];
 				}
 				rc += "\n";
-				d->kossl->OPENSSL_free(x);
-	
+				OPENSSL_free(x);
+
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+				const BIGNUM *pub_key;
+
+				DSA_get0_key(EVP_PKEY_get0_DSA(pkey), &pub_key, NULL);
+				x = d->kossl->BN_bn2hex(pub_key);
+#else	
 				x = d->kossl->BN_bn2hex(pkey->pkey.dsa->pub_key);
+#endif
 				rc += i18n("Public key: ");
 				for (unsigned int i = 0; i < strlen(x); i++) {
 					if (i%40 != 0 && i%2 == 0)
@@ -410,7 +478,7 @@
 					rc += x[i];
 				}
 				rc += "\n";
-				d->kossl->OPENSSL_free(x);
+				OPENSSL_free(x);
 			}
 		#endif
 		d->kossl->EVP_PKEY_free(pkey);
@@ -432,7 +500,7 @@
 		return rc;
 
 	rc = t;
-	d->kossl->OPENSSL_free(t);
+	OPENSSL_free(t);
 #endif
 
 return rc;
@@ -701,9 +769,17 @@
 		KSSL_X509CallBack_ca = ca ? ca->d->m_cert : 0;
 		KSSL_X509CallBack_ca_found = false;
 
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+		X509_STORE_CTX_set_error(certStoreCTX, X509_V_OK);
+#else
 		certStoreCTX->error = X509_V_OK;
+#endif
 		rc = d->kossl->X509_verify_cert(certStoreCTX);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+		int errcode = X509_STORE_CTX_get_error(certStoreCTX);
+#else
 		int errcode = certStoreCTX->error;
+#endif
 		if (ca && !KSSL_X509CallBack_ca_found) {
 			ksslv = KSSLCertificate::Irrelevant;
 		} else {
@@ -716,9 +792,17 @@
 			d->kossl->X509_STORE_CTX_set_purpose(certStoreCTX,
 						X509_PURPOSE_NS_SSL_SERVER);
 
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+                        X509_STORE_CTX_set_error(certStoreCTX, X509_V_OK);
+#else
 			certStoreCTX->error = X509_V_OK;
+#endif
 			rc = d->kossl->X509_verify_cert(certStoreCTX);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+			errcode = X509_STORE_CTX_get_error(certStoreCTX);
+#else
 			errcode = certStoreCTX->error;
+#endif
 			ksslv = processError(errcode);
 		}
 		d->kossl->X509_STORE_CTX_free(certStoreCTX);
@@ -999,6 +1083,7 @@
 
 #define NETSCAPE_CERT_HDR     "certificate"
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 // what a piece of crap this is
 QByteArray KSSLCertificate::toNetscape() {
 QByteArray qba;
@@ -1044,6 +1129,7 @@
 #endif
 return qba;
 }
+#endif
 
 
 
@@ -1104,10 +1190,18 @@
 		return rc;
 	}
 
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+	int cnt = sk_GENERAL_NAME_num(names);
+#else
 	int cnt = d->kossl->sk_GENERAL_NAME_num(names);
+#endif
 
 	for (int i = 0; i < cnt; i++) {
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+		const GENERAL_NAME *val = (const GENERAL_NAME *)OPENSSL_sk_value((const OPENSSL_STACK *)names, i);
+#else
 		const GENERAL_NAME *val = (const GENERAL_NAME *)d->kossl->sk_value(names, i);
+#endif
 		if (val->type != GEN_DNS) {
 			continue;
 		}
@@ -1119,8 +1213,12 @@
 			rc += s;
 		}
 	}
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+	OPENSSL_sk_free((OPENSSL_STACK *)names);
+#else
 	d->kossl->sk_free(names);
 #endif
+#endif
 	return rc;
 }
 
diff -Naru kdelibs-3.5.10_orig/kio/kssl/ksslcertificate.h kdelibs-3.5.10/kio/kssl/ksslcertificate.h
--- kdelibs-3.5.10_orig/kio/kssl/ksslcertificate.h	2005-10-11 00:05:44.000000000 +0900
+++ kdelibs-3.5.10/kio/kssl/ksslcertificate.h	2019-07-20 20:46:11.997557925 +0900
@@ -181,7 +181,9 @@
 	 *  Convert the certificate to Netscape format.
 	 *  @return the binary data of the Netscape encoding
 	 */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	QByteArray toNetscape();
+#endif
 
 	/**
 	 *  Convert the certificate to OpenSSL plain text format.
diff -Naru kdelibs-3.5.10_orig/kio/kssl/ksslsettings.cc kdelibs-3.5.10/kio/kssl/ksslsettings.cc
--- kdelibs-3.5.10_orig/kio/kssl/ksslsettings.cc	2006-07-22 17:16:39.000000000 +0900
+++ kdelibs-3.5.10/kio/kssl/ksslsettings.cc	2019-07-20 20:46:11.997557925 +0900
@@ -156,19 +156,28 @@
 	STACK_OF(SSL_CIPHER)* sk = d->kossl->SSL_get_ciphers(ssl);
 	int cnt = sk_SSL_CIPHER_num(sk);
 	for (int i=0; i< cnt; i++) {
-		SSL_CIPHER *sc = sk_SSL_CIPHER_value(sk,i);
+		const SSL_CIPHER *sc = sk_SSL_CIPHER_value(sk,i);
 		if (!sc)
 			break;
 
-		if(!strcmp("SSLv2", d->kossl->SSL_CIPHER_get_version(sc)))
+		if(!strcmp("SSLv2", d->kossl->SSL_CIPHER_get_version(const_cast<SSL_CIPHER*>(sc))))
 			m_cfg->setGroup("SSLv2");
 		else
 			m_cfg->setGroup("SSLv3");
 
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+		tcipher.sprintf("cipher_%s", SSL_CIPHER_get_name(sc));
+#else
 		tcipher.sprintf("cipher_%s", sc->name);
-		int bits = d->kossl->SSL_CIPHER_get_bits(sc, NULL);
+#endif
+		// int bits = d->kossl->SSL_CIPHER_get_bits(sc, NULL);
+		int bits = SSL_CIPHER_get_bits(sc, NULL);
 		if (m_cfg->readBoolEntry(tcipher, bits >= 56)) {
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+			CipherNode *xx = new CipherNode(SSL_CIPHER_get_name(sc),bits);
+#else
 			CipherNode *xx = new CipherNode(sc->name,bits);
+#endif
 			if (!cipherList.contains(xx))
 				cipherList.prepend(xx);
 			else
diff -Naru kdelibs-3.5.10_orig/kio/kssl/ksslutils.cc kdelibs-3.5.10/kio/kssl/ksslutils.cc
--- kdelibs-3.5.10_orig/kio/kssl/ksslutils.cc	2005-10-11 00:05:44.000000000 +0900
+++ kdelibs-3.5.10/kio/kssl/ksslutils.cc	2019-07-20 20:46:11.997557925 +0900
@@ -85,7 +85,11 @@
 QString ASN1_INTEGER_QString(ASN1_INTEGER *aint) {
 char *rep = KOSSL::self()->i2s_ASN1_INTEGER(NULL, aint);
 QString yy = rep;
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+OPENSSL_free(rep);
+#else
 KOSSL::self()->OPENSSL_free(rep);
+#endif
 return yy;
 }