From b62d008461c875daef5fbdb66e5967b9efd520e1 Mon Sep 17 00:00:00 2001
From: Viktor Dukhovni <postfix-users@dukhovni.org>
Date: Thu, 16 Aug 2018 10:52:22 -0400
Subject: [PATCH] Tolerate OpenSSL >= 1.1.0 run-time micro version bumps

---
 postfix/src/tls/tls_misc.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/postfix/src/tls/tls_misc.c b/postfix/src/tls/tls_misc.c
index aebe2889c..c131a5c97 100644
--- a/postfix/src/tls/tls_misc.c
+++ b/postfix/src/tls/tls_misc.c
@@ -1019,9 +1019,16 @@ void    tls_check_version(void)
     tls_version_split(OPENSSL_VERSION_NUMBER, &hdr_info);
     tls_version_split(OpenSSL_version_num(), &lib_info);
 
+    /*
+     * Warn if run-time library is different from compile-time library,
+     * allowing later run-time "micro" versions starting with 1.1.0.
+     */
     if (lib_info.major != hdr_info.major
 	|| lib_info.minor != hdr_info.minor
-	|| lib_info.micro != hdr_info.micro)
+	|| (lib_info.micro != hdr_info.micro
+	    && (lib_info.micro < hdr_info.micro
+		|| hdr_info.major == 0
+		|| (hdr_info.major == 1 && hdr_info.minor == 0))))
 	msg_warn("run-time library vs. compile-time header version mismatch: "
 	     "OpenSSL %d.%d.%d may not be compatible with OpenSSL %d.%d.%d",
 		 lib_info.major, lib_info.minor, lib_info.micro,