In src/lib-ssl-iostream/iostream-openssl-params.c a call is made to DH_generate_parameters. This function has been deprecated since OpenSSL 0.9.8. With OpenSSL 1.1 compilation will throw an error. Not sure how to send patches, I don't even know if the patch I wrote actually works (I don't program in C, but gave it a shot anyway) but below is the patch. --- a/src/lib-ssl-iostream/iostream-openssl-params.c +++ b/src/lib-ssl-iostream/iostream-openssl-params.c @@ -13,13 +13,21 @@ generate_dh_parameters(int bitsize, buffer_t *output, const char **error_r) { DH *dh; unsigned char *p; - int len, len2; + int len, len2, success; +#if OPENSSL_VERSION_NUMBER >= 0x00908000L + success = DH_generate_parameters_ex(dh, bitsize, DH_GENERATOR, NULL); +#else dh = DH_generate_parameters(bitsize, DH_GENERATOR, NULL, NULL); if (dh == NULL) { + success = 0; + } +#endif + + if (success == 0) { *error_r = t_strdup_printf( - "DH_generate_parameters(bits=%d, gen=%d) failed: %s", - bitsize, DH_GENERATOR, openssl_iostream_error()); + "DH_generate_parameters(bits=%d, gen=%d) failed: %s", + bitsize, DH_GENERATOR, openssl_iostream_error()); return -1; } -- If anybody knows the instruction on how to send patches, please let me know and I follow those instructions. Regards, Peter van der Does