--- /dev/null
+From e64a7d229fdcb5c190064b7860ade50124dcc735 Mon Sep 17 00:00:00 2001
+From: Aurelien David <aurelien.david@telecom-paristech.fr>
+Date: Fri, 6 Oct 2017 16:46:18 +0200
+Subject: [PATCH] compatibility with OpenSSL 1.1.x (#616)
+
+---
+ src/utils/downloader.c | 40 +++++++++++++++++++++++++++++-----------
+ 1 file changed, 29 insertions(+), 11 deletions(-)
+
+diff --git a/src/utils/downloader.c b/src/utils/downloader.c
+index b8c923b88..3b7d37b41 100644
+--- a/src/utils/downloader.c
++++ b/src/utils/downloader.c
+@@ -204,7 +204,7 @@ struct __gf_download_manager
+ u32 limit_data_rate, read_buf_size;
+ u64 max_cache_size;
+ Bool allow_broken_certificate;
+-
++
+ GF_List *skip_proxy_servers;
+ GF_List *credentials;
+ GF_List *cache_entries;
+@@ -392,10 +392,18 @@ static Bool init_ssl_lib() {
+ GF_LOG(GF_LOG_ERROR, GF_LOG_NETWORK, ("[HTTPS] Error while initializing Random Number generator, failed to init SSL !\n"));
+ return GF_TRUE;
+ }
++
++ /* per https://www.openssl.org/docs/man1.1.0/ssl/OPENSSL_init_ssl.html
++ ** As of version 1.1.0 OpenSSL will automatically allocate all resources that it needs so no explicit initialisation is required.
++ ** Similarly it will also automatically deinitialise as required.
++ */
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ SSL_library_init();
+ SSL_load_error_strings();
+ SSLeay_add_all_algorithms();
+ SSLeay_add_ssl_algorithms();
++#endif
++
+ _ssl_is_initialized = GF_TRUE;
+ GF_LOG(GF_LOG_DEBUG, GF_LOG_NETWORK, ("[HTTPS] Initalization of SSL library complete.\n"));
+ return GF_FALSE;
+@@ -422,6 +430,7 @@ static int ssl_init(GF_DownloadManager *dm, u32 mode)
+ }
+
+ switch (mode) {
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ case 0:
+ meth = SSLv23_client_method();
+ break;
+@@ -436,6 +445,11 @@ static int ssl_init(GF_DownloadManager *dm, u32 mode)
+ case 3:
+ meth = TLSv1_client_method();
+ break;
++#else /* for openssl 1.1+ this is the prefered method */
++ case 0:
++ meth = TLS_client_method();
++ break;
++#endif
+ default:
+ goto error;
+ }
+@@ -1225,7 +1239,7 @@ static GF_Err gf_dm_read_data(GF_DownloadSession *sess, char *data, u32 data_siz
+ gf_mx_v(sess->mx);
+ return GF_IP_CONNECTION_CLOSED;
+ }
+-
++
+ #ifdef GPAC_HAS_SSL
+ if (sess->ssl) {
+ s32 size;
+@@ -1451,7 +1465,11 @@ static void gf_dm_connect(GF_DownloadSession *sess)
+ const GENERAL_NAME *altname = sk_GENERAL_NAME_value(altnames, i);
+ if (altname->type == GEN_DNS)
+ {
+- unsigned char *altname_str = ASN1_STRING_data(altname->d.ia5);
++ #if OPENSSL_VERSION_NUMBER < 0x10100000L
++ unsigned char *altname_str = ASN1_STRING_data(altname->d.ia5);
++ #else
++ unsigned char *altname_str = (unsigned char *)ASN1_STRING_get0_data(altname->d.ia5);
++ #endif
+ gf_list_add(valid_names, altname_str);
+ }
+ }
+