From c3c5731a58e3ed3a436de8574c27d3a3bd82a328 Mon Sep 17 00:00:00 2001
From: deepend <deepend@tilde.club>
Date: Thu, 19 Feb 2026 11:22:36 -0700
Subject: [PATCH]     Updated _SSL_socket to stop accessing SSL_CTX internals
 (ctx->method) on OpenSSL 1.1+/3, where SSL_CTX is opaque, and instead use
 SSL_is_server(ssl) to choose connect vs accept state on modern OpenSSL.
 Legacy pre-1.1 behavior is preserved behind version guards.

    This directly addresses the reported build error at method = ctx->method; while keeping backward compatibility for older OpenSSL versions.
---
 src/common/ssl.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/common/ssl.c b/src/common/ssl.c
index 2d073306..f2c3cdea 100644
--- a/src/common/ssl.c
+++ b/src/common/ssl.c
@@ -307,7 +307,10 @@ SSL *
 _SSL_socket (SSL_CTX *ctx, int sd)
 {
 	SSL *ssl;
+	
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	const SSL_METHOD *method;
+#endif
 
 	if (!(ssl = SSL_new (ctx)))
 		/* FATAL */
@@ -315,6 +318,12 @@ _SSL_socket (SSL_CTX *ctx, int sd)
 
 	SSL_set_fd (ssl, sd);
 
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+	if (SSL_is_server (ssl))
+		SSL_set_accept_state (ssl);
+	else
+		SSL_set_connect_state (ssl);
+#else
 #ifndef HAVE_SSL_CTX_GET_SSL_METHOD
 	method = ctx->method;
 #else
@@ -323,7 +332,8 @@ _SSL_socket (SSL_CTX *ctx, int sd)
 	if (method == SSLv23_client_method())
 		SSL_set_connect_state (ssl);
 	else
-	        SSL_set_accept_state(ssl);
+		SSL_set_accept_state (ssl);
+#endif
 
 	return (ssl);
 }