From 0435f8f0e85d9a6187390daeaa57b4a360cf297ece3c06ddfd45f00641873901 Mon Sep 17 00:00:00 2001
From: OBS User mrdocs <null@suse.de>
Date: Mon, 13 Nov 2017 19:23:09 +0000
Subject: [PATCH] KDE Frameworks 5.40.0

OBS-URL: https://build.opensuse.org/package/show/KDE:Frameworks5/kdelibs4support?expand=0&rev=157
---
 ...e-kssl-compile-against-OpenSSL-1.1.0.patch | 1064 -----------------
 kdelibs4support-5.39.0.tar.xz                 |    3 -
 kdelibs4support-5.40.0.tar.xz                 |    3 +
 kdelibs4support.changes                       |   14 +
 kdelibs4support.spec                          |    7 +-
 5 files changed, 19 insertions(+), 1072 deletions(-)
 delete mode 100644 0001-Make-kssl-compile-against-OpenSSL-1.1.0.patch
 delete mode 100644 kdelibs4support-5.39.0.tar.xz
 create mode 100644 kdelibs4support-5.40.0.tar.xz

diff --git a/0001-Make-kssl-compile-against-OpenSSL-1.1.0.patch b/0001-Make-kssl-compile-against-OpenSSL-1.1.0.patch
deleted file mode 100644
index 62cfe7f..0000000
--- a/0001-Make-kssl-compile-against-OpenSSL-1.1.0.patch
+++ /dev/null
@@ -1,1064 +0,0 @@
-From 298fb77362a0fb24aa84f9b79030b95f88dc9ab6 Mon Sep 17 00:00:00 2001
-From: Fabian Vogt <fabian@ritter-vogt.de>
-Date: Thu, 24 Aug 2017 15:11:40 +0200
-Subject: [PATCH] Make kssl compile against OpenSSL 1.1.0
-
-Summary:
-OpenSSL 1.1.0 contains some source-incompatible changes, most notably making most of the
-structures opaque and introducing new getter/setter functions to modify the structures. This
-patch adds some of the newly introduced functions to the KOpenSSL class and modifies the code to call them. The implementation of those newly introduced methods contains both OpenSSL < 1.1 compatible code (direct structure member access) and calls to real functions resolved from OpenSSL>= 1.1 library. Which implementation is used is decided at compile time. Some of the existing methods were renamed to match the OpenSSL 1.1 naming and to avoid conflicts with backward-compatibility names provided by OpenSSL 1.1.
-
-KSSLCertificate::toNetscape() returns empty result when built against OpenSSL 1.1 since I wasn't able to find a proper equivalent in OpenSSL 1.1 API (and there does not seem to be any).
-
-BUG: 370223
-
-Test Plan: The code compiles under both OpenSSL 1.1 and OpenSSL 1.0.x. I did not test the actual functionality.
-
-Reviewers: #frameworks, dfaure
-
-Subscribers: fvogt, ltoscano, rdieter, #frameworks
-
-Tags: #frameworks
-
-Differential Revision: https://phabricator.kde.org/D6665
----
- src/kssl/kopenssl.cpp        | 306 ++++++++++++++++++++++++++++++++++++++-----
- src/kssl/kopenssl.h          |  76 +++++++++--
- src/kssl/kssl.cpp            |   4 -
- src/kssl/ksslcallback.c      |   4 +-
- src/kssl/ksslcertchain.cpp   |  51 +++-----
- src/kssl/ksslcertificate.cpp |  68 ++++++----
- 6 files changed, 391 insertions(+), 118 deletions(-)
-
-diff --git a/src/kssl/kopenssl.cpp b/src/kssl/kopenssl.cpp
-index 6b7a648b..c68a134a 100644
---- a/src/kssl/kopenssl.cpp
-+++ b/src/kssl/kopenssl.cpp
-@@ -69,18 +69,26 @@ extern "C" {
-     static int (*K_X509_verify_cert)(X509_STORE_CTX *) = nullptr;
-     static X509_STORE_CTX *(*K_X509_STORE_CTX_new)(void) = nullptr;
-     static void (*K_X509_STORE_free)(X509_STORE *) = nullptr;
-+    static void (*K_X509_STORE_set_verify_cb)(X509_STORE *, int (*)(int, X509_STORE_CTX *)) = nullptr;
-     static X509_STORE *(*K_X509_STORE_new)(void) = nullptr;
-     static void (*K_X509_free)(X509 *) = nullptr;
-     static char *(*K_X509_NAME_oneline)(X509_NAME *, char *, int) = nullptr;
-     static X509_NAME *(*K_X509_get_subject_name)(X509 *) = nullptr;
-     static X509_NAME *(*K_X509_get_issuer_name)(X509 *) = nullptr;
-+    static void (*K_X509_get0_signature)(const ASN1_BIT_STRING **psig, const X509_ALGOR **palg, const X509 *x) = nullptr;
-     static X509_LOOKUP *(*K_X509_STORE_add_lookup)(X509_STORE *, X509_LOOKUP_METHOD *) = nullptr;
-     static X509_LOOKUP_METHOD *(*K_X509_LOOKUP_file)(void) = nullptr;
-     static void (*K_X509_LOOKUP_free)(X509_LOOKUP *) = nullptr;
-     static int (*K_X509_LOOKUP_ctrl)(X509_LOOKUP *, int, const char *, long, char **) = nullptr;
-     static void (*K_X509_STORE_CTX_init)(X509_STORE_CTX *, X509_STORE *, X509 *, STACK_OF(X509) *) = nullptr;
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-     static void (*K_CRYPTO_free)(void *) = nullptr;
-+#else
-+    static void (*K_CRYPTO_free)(void *, const char *, int) = nullptr;
-+#endif
-     static X509 *(*K_X509_dup)(X509 *) = nullptr;
-+    static ASN1_TIME *(*K_X509_getm_notBefore)(const X509 *) = nullptr;
-+    static ASN1_TIME *(*K_X509_getm_notAfter)(const X509 *) = nullptr;
-     static BIO_METHOD *(*K_BIO_s_mem)(void) = nullptr;
-     static BIO *(*K_BIO_new)(BIO_METHOD *) = nullptr;
-     static BIO *(*K_BIO_new_fp)(FILE *, int) = nullptr;
-@@ -112,13 +120,16 @@ extern "C" {
-     static STACK_OF(X509) *(*K_SSL_get_peer_cert_chain)(SSL *) = nullptr;
-     static void (*K_X509_STORE_CTX_set_chain)(X509_STORE_CTX *, STACK_OF(X509) *) = nullptr;
-     static void (*K_X509_STORE_CTX_set_purpose)(X509_STORE_CTX *, int) = nullptr;
--    static void (*K_sk_free)(STACK *) = nullptr;
--    static int (*K_sk_num)(STACK *) = nullptr;
--    static char *(*K_sk_pop)(STACK *) = nullptr;
--    static char *(*K_sk_value)(STACK *, int) = nullptr;
--    static STACK *(*K_sk_new)(int (*)()) = nullptr;
--    static int (*K_sk_push)(STACK *, char *) = nullptr;
--    static STACK *(*K_sk_dup)(STACK *) = nullptr;
-+    static X509 *(*K_X509_STORE_CTX_get_current_cert)(X509_STORE_CTX *) = nullptr;
-+    static void (*K_X509_STORE_CTX_set_error)(X509_STORE_CTX *, int) = nullptr;
-+    static int (*K_X509_STORE_CTX_get_error)(X509_STORE_CTX *) = nullptr;
-+    static void (*K_OPENSSL_sk_free)(STACK *) = nullptr;
-+    static int (*K_OPENSSL_sk_num)(STACK *) = nullptr;
-+    static char *(*K_OPENSSL_sk_pop)(STACK *) = nullptr;
-+    static char *(*K_OPENSSL_sk_value)(STACK *, int) = nullptr;
-+    static STACK *(*K_OPENSSL_sk_new)(int (*)()) = nullptr;
-+    static int (*K_OPENSSL_sk_push)(STACK *, char *) = nullptr;
-+    static STACK *(*K_OPENSSL_sk_dup)(STACK *) = nullptr;
-     static char *(*K_i2s_ASN1_INTEGER)(X509V3_EXT_METHOD *, ASN1_INTEGER *) = nullptr;
-     static ASN1_INTEGER *(*K_X509_get_serialNumber)(X509 *) = nullptr;
-     static EVP_PKEY *(*K_X509_get_pubkey)(X509 *) = nullptr;
-@@ -158,6 +169,12 @@ extern "C" {
-     static int (*K_X509_check_purpose)(X509 *, int, int) = nullptr;
-     static X509_PURPOSE *(*K_X509_PURPOSE_get0)(int) = nullptr;
-     static int (*K_EVP_PKEY_assign)(EVP_PKEY *, int, char *) = nullptr;
-+    static int (*K_EVP_PKEY_base_id)(EVP_PKEY *) = nullptr;
-+    static RSA *(*K_EVP_PKEY_get0_RSA)(EVP_PKEY *) = nullptr;
-+    static void (*K_RSA_get0_key)(RSA *, const BIGNUM **, const BIGNUM **, const BIGNUM **) = nullptr;
-+    static DSA *(*K_EVP_PKEY_get0_DSA)(EVP_PKEY *) = nullptr;
-+    static void (*K_DSA_get0_pqg)(DSA *, const BIGNUM **, const BIGNUM **, const BIGNUM **) = nullptr;
-+    static void (*K_DSA_get0_key)(DSA *, const BIGNUM **, const BIGNUM **) = nullptr;
-     static int (*K_X509_REQ_set_pubkey)(X509_REQ *, EVP_PKEY *) = nullptr;
-     static RSA *(*K_RSA_generate_key)(int, unsigned long, void (*)(int, int, void *), void *) = nullptr;
-     static int (*K_i2d_X509_REQ_fp)(FILE *, X509_REQ *) = nullptr;
-@@ -413,7 +430,11 @@ KOpenSSLProxy::KOpenSSLProxy()
-         K_RAND_load_file = (int (*)(const char *, long)) d->cryptoLib->resolve("RAND_load_file");
-         K_RAND_file_name = (const char *(*)(char *, size_t)) d->cryptoLib->resolve("RAND_file_name");
-         K_RAND_write_file = (int (*)(const char *)) d->cryptoLib->resolve("RAND_write_file");
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-         K_CRYPTO_free = (void (*)(void *)) d->cryptoLib->resolve("CRYPTO_free");
-+#else
-+        K_CRYPTO_free = (void (*)(void *, const char *, int)) d->cryptoLib->resolve("CRYPTO_free");
-+#endif
-         K_d2i_X509 = (X509 * (*)(X509 **, unsigned char **, long)) d->cryptoLib->resolve("d2i_X509");
-         K_i2d_X509 = (int (*)(X509 *, unsigned char **)) d->cryptoLib->resolve("i2d_X509");
-         K_X509_cmp = (int (*)(X509 *, X509 *)) d->cryptoLib->resolve("X509_cmp");
-@@ -422,15 +443,19 @@ KOpenSSLProxy::KOpenSSLProxy()
-         K_X509_verify_cert = (int (*)(X509_STORE_CTX *)) d->cryptoLib->resolve("X509_verify_cert");
-         K_X509_STORE_new = (X509_STORE * (*)(void)) d->cryptoLib->resolve("X509_STORE_new");
-         K_X509_STORE_free = (void (*)(X509_STORE *)) d->cryptoLib->resolve("X509_STORE_free");
-+        K_X509_STORE_set_verify_cb = (void (*)(X509_STORE *, int (*)(int, X509_STORE_CTX *))) d->cryptoLib->resolve("X509_STORE_set_verify_cb");
-         K_X509_NAME_oneline = (char *(*)(X509_NAME *, char *, int)) d->cryptoLib->resolve("X509_NAME_oneline");
-         K_X509_get_subject_name = (X509_NAME * (*)(X509 *)) d->cryptoLib->resolve("X509_get_subject_name");
-         K_X509_get_issuer_name = (X509_NAME * (*)(X509 *)) d->cryptoLib->resolve("X509_get_issuer_name");
-+        K_X509_get0_signature = (void (*)(const ASN1_BIT_STRING **, const X509_ALGOR **, const X509 *)) d->cryptoLib->resolve("X509_get0_signature");
-         K_X509_STORE_add_lookup = (X509_LOOKUP * (*)(X509_STORE *, X509_LOOKUP_METHOD *)) d->cryptoLib->resolve("X509_STORE_add_lookup");
-         K_X509_LOOKUP_file = (X509_LOOKUP_METHOD * (*)(void)) d->cryptoLib->resolve("X509_LOOKUP_file");
-         K_X509_LOOKUP_free = (void (*)(X509_LOOKUP *)) d->cryptoLib->resolve("X509_LOOKUP_free");
-         K_X509_LOOKUP_ctrl = (int (*)(X509_LOOKUP *, int, const char *, long, char **)) d->cryptoLib->resolve("X509_LOOKUP_ctrl");
-         K_X509_STORE_CTX_init = (void (*)(X509_STORE_CTX *, X509_STORE *, X509 *, STACK_OF(X509) *)) d->cryptoLib->resolve("X509_STORE_CTX_init");
-         K_X509_dup = (X509 * (*)(X509 *)) d->cryptoLib->resolve("X509_dup");
-+        K_X509_getm_notBefore = (ASN1_TIME *(*)(const X509 *)) d->cryptoLib->resolve("X509_getm_notBefore");
-+        K_X509_getm_notAfter = (ASN1_TIME *(*)(const X509 *)) d->cryptoLib->resolve("X509_getm_notAfter");
-         K_BIO_s_mem = (BIO_METHOD * (*)(void)) d->cryptoLib->resolve("BIO_s_mem");
-         K_BIO_new = (BIO * (*)(BIO_METHOD *)) d->cryptoLib->resolve("BIO_new");
-         K_BIO_new_fp = (BIO * (*)(FILE *, int)) d->cryptoLib->resolve("BIO_new_fp");
-@@ -457,13 +482,26 @@ KOpenSSLProxy::KOpenSSLProxy()
-         K_X509_REQ_new = (X509_REQ * (*)()) d->cryptoLib->resolve("X509_REQ_new");
-         K_X509_STORE_CTX_set_chain = (void (*)(X509_STORE_CTX *, STACK_OF(X509) *)) d->cryptoLib->resolve("X509_STORE_CTX_set_chain");
-         K_X509_STORE_CTX_set_purpose = (void (*)(X509_STORE_CTX *, int)) d->cryptoLib->resolve("X509_STORE_CTX_set_purpose");
--        K_sk_free = (void (*)(STACK *)) d->cryptoLib->resolve("sk_free");
--        K_sk_num = (int (*)(STACK *)) d->cryptoLib->resolve("sk_num");
--        K_sk_pop = (char *(*)(STACK *)) d->cryptoLib->resolve("sk_pop");
--        K_sk_value = (char *(*)(STACK *, int)) d->cryptoLib->resolve("sk_value");
--        K_sk_new = (STACK * (*)(int (*)())) d->cryptoLib->resolve("sk_new");
--        K_sk_push = (int (*)(STACK *, char *)) d->cryptoLib->resolve("sk_push");
--        K_sk_dup = (STACK * (*)(STACK *)) d->cryptoLib->resolve("sk_dup");
-+        K_X509_STORE_CTX_get_current_cert = (X509 * (*)(X509_STORE_CTX *)) d->cryptoLib->resolve("X509_STORE_CTX_get_current_cert");
-+        K_X509_STORE_CTX_set_error = (void (*)(X509_STORE_CTX *, int)) d->cryptoLib->resolve("X509_STORE_CTX_set_error");
-+        K_X509_STORE_CTX_get_error = (int (*)(X509_STORE_CTX *)) d->cryptoLib->resolve("X509_STORE_CTX_get_error");
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+        K_OPENSSL_sk_free = (void (*)(STACK *)) d->cryptoLib->resolve("OPENSSL_sk_free");
-+        K_OPENSSL_sk_num = (int (*)(STACK *)) d->cryptoLib->resolve("OPENSSL_sk_num");
-+        K_OPENSSL_sk_pop = (char *(*)(STACK *)) d->cryptoLib->resolve("OPENSSL_sk_pop");
-+        K_OPENSSL_sk_value = (char *(*)(STACK *, int)) d->cryptoLib->resolve("OPENSSL_sk_value");
-+        K_OPENSSL_sk_new = (STACK * (*)(int (*)())) d->cryptoLib->resolve("OPENSSL_sk_new");
-+        K_OPENSSL_sk_push = (int (*)(STACK *, char *)) d->cryptoLib->resolve("OPENSSL_sk_push");
-+        K_OPENSSL_sk_dup = (STACK * (*)(STACK *)) d->cryptoLib->resolve("OPENSSL_sk_dup");
-+#else
-+        K_OPENSSL_sk_free = (void (*)(STACK *)) d->cryptoLib->resolve("sk_free");
-+        K_OPENSSL_sk_num = (int (*)(STACK *)) d->cryptoLib->resolve("sk_num");
-+        K_OPENSSL_sk_pop = (char *(*)(STACK *)) d->cryptoLib->resolve("sk_pop");
-+        K_OPENSSL_sk_value = (char *(*)(STACK *, int)) d->cryptoLib->resolve("sk_value");
-+        K_OPENSSL_sk_new = (STACK * (*)(int (*)())) d->cryptoLib->resolve("sk_new");
-+        K_OPENSSL_sk_push = (int (*)(STACK *, char *)) d->cryptoLib->resolve("sk_push");
-+        K_OPENSSL_sk_dup = (STACK * (*)(STACK *)) d->cryptoLib->resolve("sk_dup");
-+#endif
-         K_i2s_ASN1_INTEGER = (char *(*)(X509V3_EXT_METHOD *, ASN1_INTEGER *)) d->cryptoLib->resolve("i2s_ASN1_INTEGER");
-         K_X509_get_serialNumber = (ASN1_INTEGER * (*)(X509 *)) d->cryptoLib->resolve("X509_get_serialNumber");
-         K_X509_get_pubkey = (EVP_PKEY * (*)(X509 *)) d->cryptoLib->resolve("X509_get_pubkey");
-@@ -507,6 +545,12 @@ KOpenSSLProxy::KOpenSSLProxy()
-         K_X509_check_purpose = (int (*)(X509 *, int, int)) d->cryptoLib->resolve("X509_check_purpose");
-         K_X509_PURPOSE_get0 = (X509_PURPOSE * (*)(int)) d->cryptoLib->resolve("X509_PURPOSE_get0");
-         K_EVP_PKEY_assign = (int (*)(EVP_PKEY *, int, char *)) d->cryptoLib->resolve("EVP_PKEY_assign");
-+        K_EVP_PKEY_base_id = (int (*)(EVP_PKEY *)) d->cryptoLib->resolve("EVP_PKEY_base_id");
-+        K_EVP_PKEY_get0_RSA = (RSA *(*)(EVP_PKEY *)) d->cryptoLib->resolve("EVP_PKEY_get0_RSA");
-+        K_RSA_get0_key = (void (*)(RSA *, const BIGNUM **, const BIGNUM **, const BIGNUM **)) d->cryptoLib->resolve("ESA_get0_key");
-+        K_EVP_PKEY_get0_DSA = (DSA *(*)(EVP_PKEY *)) d->cryptoLib->resolve("EVP_PKEY_get0_DSA");
-+        K_DSA_get0_pqg = (void (*)(DSA *, const BIGNUM **, const BIGNUM **, const BIGNUM **)) d->cryptoLib->resolve("DSA_get0_pqg");
-+        K_DSA_get0_key = (void (*)(DSA *, const BIGNUM **, const BIGNUM **)) d->cryptoLib->resolve("DSA_get0_key");
-         K_X509_REQ_set_pubkey = (int (*)(X509_REQ *, EVP_PKEY *)) d->cryptoLib->resolve("X509_REQ_set_pubkey");
-         K_RSA_generate_key = (RSA * (*)(int, unsigned long, void (*)(int, int, void *), void *)) d->cryptoLib->resolve("RSA_generate_key");
-         K_i2d_X509_REQ_fp = (int (*)(FILE *, X509_REQ *)) d->cryptoLib->resolve("i2d_X509_REQ_fp");
-@@ -933,6 +977,17 @@ void KOpenSSLProxy::X509_STORE_free(X509_STORE *v)
-     }
- }
- 
-+void KOpenSSLProxy::X509_STORE_set_verify_cb(X509_STORE *store, int (*verify_cb)(int, X509_STORE_CTX *))
-+{
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+    X509_STORE_set_verify_cb_func(store, verify_cb);
-+#else
-+    if (K_X509_STORE_set_verify_cb) {
-+        (K_X509_STORE_set_verify_cb)(store, verify_cb);
-+    }
-+#endif
-+}
-+
- X509_STORE_CTX *KOpenSSLProxy::X509_STORE_CTX_new(void)
- {
-     if (K_X509_STORE_CTX_new) {
-@@ -987,6 +1042,22 @@ X509_NAME *KOpenSSLProxy::X509_get_issuer_name(X509 *a)
-     return nullptr;
- }
- 
-+void KOpenSSLProxy::X509_get0_signature(const ASN1_BIT_STRING **psig, const X509_ALGOR **algor, const X509 *x)
-+{
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+    if (psig) {
-+        *psig = x->signature;
-+    }
-+    if (algor) {
-+        *algor = x->sig_alg;
-+    }
-+#else
-+    if (K_X509_get0_signature) {
-+        return (K_X509_get0_signature)(psig, algor, x);
-+    }
-+#endif
-+}
-+
- X509_LOOKUP *KOpenSSLProxy::X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m)
- {
-     if (K_X509_STORE_add_lookup) {
-@@ -1025,12 +1096,21 @@ void KOpenSSLProxy::X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
-     }
- }
- 
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
- void KOpenSSLProxy::CRYPTO_free(void *x)
- {
-     if (K_CRYPTO_free) {
-         (K_CRYPTO_free)(x);
-     }
- }
-+#else
-+void KOpenSSLProxy::CRYPTO_free(void *x, const char *file, int line)
-+{
-+    if (K_CRYPTO_free) {
-+        K_CRYPTO_free(x, file, line);
-+    }
-+}
-+#endif
- 
- X509 *KOpenSSLProxy::X509_dup(X509 *x509)
- {
-@@ -1040,6 +1120,32 @@ X509 *KOpenSSLProxy::X509_dup(X509 *x509)
-     return nullptr;
- }
- 
-+ASN1_TIME *KOpenSSLProxy::X509_getm_notBefore(const X509 *x)
-+{
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+    return X509_get_notBefore(x);
-+#else
-+    if (K_X509_getm_notBefore) {
-+        return (K_X509_getm_notBefore)(x);
-+    } else {
-+        return nullptr;
-+    }
-+#endif
-+}
-+
-+ASN1_TIME *KOpenSSLProxy::X509_getm_notAfter(const X509 *x)
-+{
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+    return X509_get_notAfter(x);
-+#else
-+    if (K_X509_getm_notAfter) {
-+        return (K_X509_getm_notAfter)(x);
-+    } else {
-+        return nullptr;
-+    }
-+#endif
-+}
-+
- BIO *KOpenSSLProxy::BIO_new(BIO_METHOD *type)
- {
-     if (K_BIO_new) {
-@@ -1257,35 +1363,35 @@ STACK_OF(X509) *KOpenSSLProxy::SSL_get_peer_cert_chain(SSL *s)
-     }
- }
- 
--void KOpenSSLProxy::sk_free(STACK *s)
-+void KOpenSSLProxy::OPENSSL_sk_free(STACK *s)
- {
--    if (K_sk_free) {
--        (K_sk_free)(s);
-+    if (K_OPENSSL_sk_free) {
-+        (K_OPENSSL_sk_free)(s);
-     }
- }
- 
--int KOpenSSLProxy::sk_num(STACK *s)
-+int KOpenSSLProxy::OPENSSL_sk_num(STACK *s)
- {
--    if (K_sk_num) {
--        return (K_sk_num)(s);
-+    if (K_OPENSSL_sk_num) {
-+        return (K_OPENSSL_sk_num)(s);
-     } else {
-         return -1;
-     }
- }
- 
--char *KOpenSSLProxy::sk_pop(STACK *s)
-+char *KOpenSSLProxy::OPENSSL_sk_pop(STACK *s)
- {
--    if (K_sk_pop) {
--        return (K_sk_pop)(s);
-+    if (K_OPENSSL_sk_pop) {
-+        return (K_OPENSSL_sk_pop)(s);
-     } else {
-         return nullptr;
-     }
- }
- 
--char *KOpenSSLProxy::sk_value(STACK *s, int n)
-+char *KOpenSSLProxy::OPENSSL_sk_value(STACK *s, int n)
- {
--    if (K_sk_value) {
--        return (K_sk_value)(s, n);
-+    if (K_OPENSSL_sk_value) {
-+        return (K_OPENSSL_sk_value)(s, n);
-     } else {
-         return nullptr;
-     }
-@@ -1305,28 +1411,65 @@ void KOpenSSLProxy::X509_STORE_CTX_set_purpose(X509_STORE_CTX *v, int purpose)
-     }
- }
- 
--STACK *KOpenSSLProxy::sk_dup(STACK *s)
-+X509 *KOpenSSLProxy::X509_STORE_CTX_get_current_cert(X509_STORE_CTX *v)
-+{
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+    return v->current_cert;
-+#else
-+    if (K_X509_STORE_CTX_get_current_cert) {
-+        return (K_X509_STORE_CTX_get_current_cert)(v);
-+    } else {
-+        return nullptr;
-+    }
-+#endif
-+}
-+
-+void KOpenSSLProxy::X509_STORE_CTX_set_error(X509_STORE_CTX *v, int error)
-+{
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+    v->error = error;
-+#else
-+    if (K_X509_STORE_CTX_set_error) {
-+        (K_X509_STORE_CTX_set_error)(v, error);
-+    }
-+#endif
-+}
-+
-+int KOpenSSLProxy::X509_STORE_CTX_get_error(X509_STORE_CTX *v)
-+{
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+    return v->error;
-+#else
-+    if (K_X509_STORE_CTX_get_error) {
-+        return (K_X509_STORE_CTX_get_error)(v);
-+    } else {
-+        return 0;
-+    }
-+#endif
-+}
-+
-+STACK *KOpenSSLProxy::OPENSSL_sk_dup(STACK *s)
- {
--    if (K_sk_dup) {
--        return (K_sk_dup)(s);
-+    if (K_OPENSSL_sk_dup) {
-+        return (K_OPENSSL_sk_dup)(s);
-     } else {
-         return nullptr;
-     }
- }
- 
--STACK *KOpenSSLProxy::sk_new(int (*cmp)())
-+STACK *KOpenSSLProxy::OPENSSL_sk_new(int (*cmp)())
- {
--    if (K_sk_new) {
--        return (K_sk_new)(cmp);
-+    if (K_OPENSSL_sk_new) {
-+        return (K_OPENSSL_sk_new)(cmp);
-     } else {
-         return nullptr;
-     }
- }
- 
--int KOpenSSLProxy::sk_push(STACK *s, char *d)
-+int KOpenSSLProxy::OPENSSL_sk_push(STACK *s, char *d)
- {
--    if (K_sk_push) {
--        return (K_sk_push)(s, d);
-+    if (K_OPENSSL_sk_push) {
-+        return (K_OPENSSL_sk_push)(s, d);
-     } else {
-         return -1;
-     }
-@@ -1749,6 +1892,99 @@ int KOpenSSLProxy::EVP_PKEY_assign(EVP_PKEY *pkey, int type, char *key)
-     }
- }
- 
-+int KOpenSSLProxy::EVP_PKEY_base_id(EVP_PKEY *pkey)
-+{
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+    return pkey->type;
-+#else
-+    if (K_EVP_PKEY_base_id) {
-+        return (K_EVP_PKEY_base_id)(pkey);
-+    } else {
-+        return 0;
-+    }
-+#endif
-+}
-+
-+RSA *KOpenSSLProxy::EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
-+{
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+    return pkey->pkey.rsa;
-+#else
-+    if (K_EVP_PKEY_get0_RSA) {
-+        return (K_EVP_PKEY_get0_RSA)(pkey);
-+    } else {
-+        return nullptr;
-+    }
-+#endif
-+}
-+
-+void KOpenSSLProxy::RSA_get0_key(RSA *rsa, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
-+{
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+    if (n) {
-+        *n = rsa->n;
-+    }
-+    if (e) {
-+        *e = rsa->e;
-+    }
-+    if (d) {
-+        *d = rsa->d;
-+    }
-+#else
-+    if (K_RSA_get0_key) {
-+        (K_RSA_get0_key)(rsa, n, e, d);
-+    }
-+#endif
-+}
-+
-+DSA *KOpenSSLProxy::EVP_PKEY_get0_DSA(EVP_PKEY *pkey)
-+{
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+    return pkey->pkey.dsa;
-+#else
-+    if (K_EVP_PKEY_get0_DSA) {
-+        return (K_EVP_PKEY_get0_DSA)(pkey);
-+    } else {
-+        return nullptr;
-+    }
-+#endif
-+}
-+
-+void KOpenSSLProxy::DSA_get0_pqg(DSA *dsa, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
-+{
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+    if (p) {
-+        *p = dsa->p;
-+    }
-+    if (q) {
-+        *q = dsa->q;
-+    }
-+    if (g) {
-+        *g = dsa->g;
-+    }
-+#else
-+    if (K_DSA_get0_pqg) {
-+        (K_DSA_get0_pqg)(dsa, p, q, g);
-+    }
-+#endif
-+}
-+
-+void KOpenSSLProxy::DSA_get0_key(DSA *dsa, const BIGNUM **pub_key, const BIGNUM **priv_key)
-+{
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+    if (pub_key) {
-+        *pub_key = dsa->pub_key;
-+    }
-+    if (priv_key) {
-+        *priv_key = dsa->priv_key;
-+    }
-+#else
-+    if (K_DSA_get0_key) {
-+        (K_DSA_get0_key)(dsa, pub_key, priv_key);
-+    }
-+#endif
-+}
-+
- int KOpenSSLProxy::X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey)
- {
-     if (K_X509_REQ_set_pubkey) {
-diff --git a/src/kssl/kopenssl.h b/src/kssl/kopenssl.h
-index 68de672a..518cd5b7 100644
---- a/src/kssl/kopenssl.h
-+++ b/src/kssl/kopenssl.h
-@@ -278,6 +278,16 @@ public:
-     X509 *X509_dup(X509 *x509);
- 
-     /*
-+     *   X509_getm_notBefore - get validity start
-+     */
-+    ASN1_TIME *X509_getm_notBefore(const X509 *x);
-+
-+    /*
-+     *   X509_getm_notAfter - get validity end
-+     */
-+    ASN1_TIME *X509_getm_notAfter(const X509 *x);
-+
-+    /*
-      *   X509_STORE_CTX_new - create an X509 store context
-      */
-     X509_STORE_CTX *X509_STORE_CTX_new(void);
-@@ -297,6 +307,21 @@ public:
-      */
-     void X509_STORE_CTX_set_purpose(X509_STORE_CTX *v, int purpose);
- 
-+    /**
-+     *   X509_STORE_CTX_get_current_cert - get the current certificate
-+     */
-+    X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *v);
-+
-+    /**
-+     *   X509_STORE_CTX_set_error - set certificate error
-+     */
-+    void X509_STORE_CTX_set_error(X509_STORE_CTX *v, int error);
-+
-+    /**
-+     *   X509_STORE_CTX_get_error - get certificate error
-+     */
-+    int X509_STORE_CTX_get_error(X509_STORE_CTX *v);
-+
-     /*
-      *   X509_verify_cert - verify the certificate
-      */
-@@ -313,6 +338,11 @@ public:
-     void X509_STORE_free(X509_STORE *v);
- 
-     /*
-+     *   X509_STORE_set_verify_cb - set verify callback
-+     */
-+    void X509_STORE_set_verify_cb(X509_STORE *v, int (*verify_cb)(int, X509_STORE_CTX *));
-+
-+    /*
-      *   X509_free - free up an X509
-      */
-     void X509_free(X509 *v);
-@@ -333,6 +363,11 @@ public:
-     X509_NAME *X509_get_issuer_name(X509 *a);
- 
-     /*
-+     *   X509_get0_signature - return X509 signature and signature algorithm
-+     */
-+    void X509_get0_signature(const ASN1_BIT_STRING **psig, const X509_ALGOR **palg, const X509 *x);
-+
-+    /*
-      *   X509_STORE_add_lookup - add a lookup file/method to an X509 store
-      */
-     X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
-@@ -360,7 +395,11 @@ public:
-     /*
-      *   CRYPTO_free - free up an internally allocated object
-      */
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-     void CRYPTO_free(void *x);
-+#else
-+    void CRYPTO_free(void *x, const char *file, int line);
-+#endif
- 
-     /*
-      *   BIO_new - create new BIO
-@@ -461,58 +500,58 @@ public:
-     /*
-      *   Pop off the stack
-      */
--    char *sk_pop(STACK *s);
-+    char *OPENSSL_sk_pop(STACK *s);
- 
-     /*
-      *   Free the stack
-      */
--    void sk_free(STACK *s);
-+    void OPENSSL_sk_free(STACK *s);
- 
- #if OPENSSL_VERSION_NUMBER >= 0x10000000L
--    void sk_free(void *s)
-+    void OPENSSL_sk_free(void *s)
-     {
--        return sk_free(reinterpret_cast<STACK *>(s));
-+        return OPENSSL_sk_free(reinterpret_cast<STACK *>(s));
-     }
- #endif
- 
-     /*
-      *  Number of elements in the stack
-      */
--    int sk_num(STACK *s);
-+    int OPENSSL_sk_num(STACK *s);
- 
-     /*
-      *  Value of element n in the stack
-      */
--    char *sk_value(STACK *s, int n);
-+    char *OPENSSL_sk_value(STACK *s, int n);
- 
- #if OPENSSL_VERSION_NUMBER >= 0x10000000L
--    char *sk_value(void *s, int n)
-+    char *OPENSSL_sk_value(void *s, int n)
-     {
--        return sk_value(reinterpret_cast<STACK *>(s), n);
-+        return OPENSSL_sk_value(reinterpret_cast<STACK *>(s), n);
-     }
- #endif
- 
-     /*
-      *  Create a new stack
-      */
--    STACK *sk_new(int (*cmp)());
-+    STACK *OPENSSL_sk_new(int (*cmp)());
- 
-     /*
-      *  Add an element to the stack
-      */
--    int sk_push(STACK *s, char *d);
-+    int OPENSSL_sk_push(STACK *s, char *d);
- 
- #if OPENSSL_VERSION_NUMBER >= 0x10000000L
--    int sk_push(void *s, void *d)
-+    int OPENSSL_sk_push(void *s, void *d)
-     {
--        return sk_push(reinterpret_cast<STACK *>(s), reinterpret_cast<char *>(d));
-+        return OPENSSL_sk_push(reinterpret_cast<STACK *>(s), reinterpret_cast<char *>(d));
-     }
- #endif
- 
-     /*
-      *  Duplicate the stack
-      */
--    STACK *sk_dup(STACK *s);
-+    STACK *OPENSSL_sk_dup(STACK *s);
- 
-     /*
-      *  Convert an ASN1_INTEGER to its text form
-@@ -744,6 +783,17 @@ public:
-     int EVP_PKEY_assign(EVP_PKEY *pkey, int type, char *key);
- 
-     /*
-+     * Get key type
-+     */
-+    int EVP_PKEY_base_id(EVP_PKEY *pkey);
-+
-+    RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey);
-+    void RSA_get0_key(RSA *rsa, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d);
-+    DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey);
-+    void DSA_get0_pqg(DSA *dsa, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
-+    void DSA_get0_key(DSA *dsa, const BIGNUM **pub_key, const BIGNUM **priv_key);
-+
-+    /*
-      * Generate a RSA key
-      */
-     RSA *RSA_generate_key(int bits, unsigned long e, void
-diff --git a/src/kssl/kssl.cpp b/src/kssl/kssl.cpp
-index a35f8164..4dc008ab 100644
---- a/src/kssl/kssl.cpp
-+++ b/src/kssl/kssl.cpp
-@@ -46,8 +46,6 @@
- #warning "kssl.cpp needs to be ported to QSslSocket"
- #endif
- 
--#define sk_dup d->kossl->sk_dup
--
- class KSSLPrivate
- {
- public:
-@@ -210,5 +208,3 @@ bool KSSL::doesSSLWork()
-     return m_bSSLWorks;
- }
- 
--#undef sk_dup
--
-diff --git a/src/kssl/ksslcallback.c b/src/kssl/ksslcallback.c
-index 8afc33a4..086d8b25 100644
---- a/src/kssl/ksslcallback.c
-+++ b/src/kssl/ksslcallback.c
-@@ -39,7 +39,7 @@ extern "C" {
-         // back will not be threadsafe ofcourse.
- 
-         if (KSSL_X509CallBack_ca) {
--            if (KOSSL::self()->X509_cmp(ctx->current_cert, KSSL_X509CallBack_ca) != 0) {
-+            if (KOSSL::self()->X509_cmp(KOSSL::self()->X509_STORE_CTX_get_current_cert(ctx), KSSL_X509CallBack_ca) != 0) {
-                 return 1;    // Ignore errors for this certificate
-             }
- 
-@@ -47,7 +47,7 @@ extern "C" {
-         }
- 
-         if (!ok) {
--            switch (ctx->error) {
-+            switch (KOSSL::self()->X509_STORE_CTX_get_error(ctx)) {
-             case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
-             case X509_V_ERR_UNABLE_TO_GET_CRL:
-             case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
-diff --git a/src/kssl/ksslcertchain.cpp b/src/kssl/ksslcertchain.cpp
-index 6b5a8b23..16bb5d0b 100644
---- a/src/kssl/ksslcertchain.cpp
-+++ b/src/kssl/ksslcertchain.cpp
-@@ -41,16 +41,6 @@
- #include <kopenssl.h>
- #include <QtCore/QStringList>
- 
--#if KSSL_HAVE_SSL
--#define sk_new d->kossl->sk_new
--#define sk_push d->kossl->sk_push
--#define sk_free d->kossl->sk_free
--#define sk_value d->kossl->sk_value
--#define sk_num d->kossl->sk_num
--#define sk_dup d->kossl->sk_dup
--#define sk_pop d->kossl->sk_pop
--#endif
--
- class KSSLCertChainPrivate
- {
- public:
-@@ -79,13 +69,13 @@ KSSLCertChain::~KSSLCertChain()
-         STACK_OF(X509) *x = (STACK_OF(X509) *)_chain;
- 
-         for (;;) {
--            X509 *x5 = sk_X509_pop(x);
-+            X509 *x5 = reinterpret_cast<X509*>(d->kossl->OPENSSL_sk_pop(reinterpret_cast<STACK *>(x)));
-             if (!x5) {
-                 break;
-             }
-             d->kossl->X509_free(x5);
-         }
--        sk_X509_free(x);
-+        d->kossl->OPENSSL_sk_free(reinterpret_cast<STACK *>(x));
-     }
- #endif
-     delete d;
-@@ -108,7 +98,7 @@ KSSLCertChain *KSSLCertChain::replicate()
- int KSSLCertChain::depth()
- {
- #if KSSL_HAVE_SSL
--    return sk_X509_num((STACK_OF(X509) *)_chain);
-+    return d->kossl->OPENSSL_sk_num(static_cast<STACK *>(_chain));
- #endif
-     return 0;
- }
-@@ -127,8 +117,8 @@ QList<KSSLCertificate *> KSSLCertChain::getChain() const
- #if KSSL_HAVE_SSL
-     STACK_OF(X509) *x = (STACK_OF(X509) *)_chain;
- 
--    for (int i = 0; i < sk_X509_num(x); i++) {
--        X509 *x5 = sk_X509_value(x, i);
-+    for (int i = 0; i < d->kossl->OPENSSL_sk_num(reinterpret_cast<STACK *>(x)); i++) {
-+        X509 *x5 =  reinterpret_cast<X509*>(d->kossl->OPENSSL_sk_value(reinterpret_cast<STACK *>(x), i));
-         if (!x5) {
-             continue;
-         }
-@@ -148,22 +138,22 @@ void KSSLCertChain::setChain(const QList<KSSLCertificate *> &chain)
-         STACK_OF(X509) *x = (STACK_OF(X509) *)_chain;
- 
-         for (;;) {
--            X509 *x5 = sk_X509_pop(x);
-+            X509 *x5 = reinterpret_cast<X509*>(d->kossl->OPENSSL_sk_pop(reinterpret_cast<STACK*>(x)));
-             if (!x5) {
-                 break;
-             }
-             d->kossl->X509_free(x5);
-         }
--        sk_X509_free(x);
-+        d->kossl->OPENSSL_sk_free(reinterpret_cast<STACK*>(x));
-         _chain = nullptr;
-     }
- 
-     if (chain.isEmpty()) {
-         return;
-     }
--    _chain = (void *)sk_new(nullptr);
-+    _chain = (void *)d->kossl->OPENSSL_sk_new(nullptr);
-     foreach (KSSLCertificate *x, chain) {
--        sk_X509_push((STACK_OF(X509) *)_chain, d->kossl->X509_dup(x->getCert()));
-+        d->kossl->OPENSSL_sk_push(static_cast<STACK*>(_chain), d->kossl->X509_dup(x->getCert()));
-     }
- 
- #endif
-@@ -176,13 +166,13 @@ void KSSLCertChain::setChain(void *stack_of_x509)
-         STACK_OF(X509) *x = (STACK_OF(X509) *)_chain;
- 
-         for (;;) {
--            X509 *x5 = sk_X509_pop(x);
-+            X509 *x5 = reinterpret_cast<X509 *>(d->kossl->OPENSSL_sk_pop(reinterpret_cast<STACK *>(x)));
-             if (!x5) {
-                 break;
-             }
-             d->kossl->X509_free(x5);
-         }
--        sk_X509_free(x);
-+        d->kossl->OPENSSL_sk_free(reinterpret_cast<STACK *>(x));
-         _chain = nullptr;
-     }
- 
-@@ -190,15 +180,15 @@ void KSSLCertChain::setChain(void *stack_of_x509)
-         return;
-     }
- 
--    _chain = (void *)sk_new(nullptr);
-+    _chain = (void *)d->kossl->OPENSSL_sk_new(nullptr);
-     STACK_OF(X509) *x = (STACK_OF(X509) *)stack_of_x509;
- 
--    for (int i = 0; i < sk_X509_num(x); i++) {
--        X509 *x5 = sk_X509_value(x, i);
-+    for (int i = 0; i < d->kossl->OPENSSL_sk_num(reinterpret_cast<STACK *>(x)); i++) {
-+        X509 *x5 = reinterpret_cast<X509*>(d->kossl->OPENSSL_sk_value(reinterpret_cast<STACK *>(x), i));
-         if (!x5) {
-             continue;
-         }
--        sk_X509_push((STACK_OF(X509) *)_chain, d->kossl->X509_dup(x5));
-+        d->kossl->OPENSSL_sk_push(reinterpret_cast<STACK *>(_chain), d->kossl->X509_dup(x5));
-     }
- 
- #else
-@@ -217,14 +207,3 @@ void KSSLCertChain::setCertChain(const QStringList &chain)
-     }
-     setChain(cl);
- }
--
--#if KSSL_HAVE_SSL
--#undef sk_new
--#undef sk_push
--#undef sk_free
--#undef sk_value
--#undef sk_num
--#undef sk_dup
--#undef sk_pop
--#endif
--
-diff --git a/src/kssl/ksslcertificate.cpp b/src/kssl/ksslcertificate.cpp
-index 2fbe5751..4c96e4b0 100644
---- a/src/kssl/ksslcertificate.cpp
-+++ b/src/kssl/ksslcertificate.cpp
-@@ -195,14 +195,17 @@ QString KSSLCertificate::getSignatureText() const
-     char *s;
-     int n, i;
- 
--    i = d->kossl->OBJ_obj2nid(d->m_cert->sig_alg->algorithm);
-+    const X509_ALGOR *algor;
-+    const ASN1_BIT_STRING *sig;
-+    d->kossl->X509_get0_signature(&sig, &algor, d->m_cert);
-+    i = d->kossl->OBJ_obj2nid(algor->algorithm);
-     rc = i18n("Signature Algorithm: ");
-     rc += (i == NID_undef) ? i18n("Unknown") : QString(d->kossl->OBJ_nid2ln(i));
- 
-     rc += '\n';
-     rc += i18n("Signature Contents:");
--    n = d->m_cert->signature->length;
--    s = (char *)d->m_cert->signature->data;
-+    n = sig->length;
-+    s = (char *)sig->data;
-     for (i = 0; i < n; ++i) {
-         if (i % 20 != 0) {
-             rc += ':';
-@@ -227,9 +230,10 @@ void KSSLCertificate::getEmails(QStringList &to) const
-     }
- 
-     STACK *s = d->kossl->X509_get1_email(d->m_cert);
-+    const int size = d->kossl->OPENSSL_sk_num(s);
-     if (s) {
--        for (int n = 0; n < s->num; n++) {
--            to.append(d->kossl->sk_value(s, n));
-+        for (int n = 0; n < size; n++) {
-+            to.append(d->kossl->OPENSSL_sk_value(s, n));
-         }
-         d->kossl->X509_email_free(s);
-     }
-@@ -309,12 +313,12 @@ QString KSSLCertificate::getKeyType() const
-     EVP_PKEY *pkey = d->kossl->X509_get_pubkey(d->m_cert);
-     if (pkey) {
- #ifndef NO_RSA
--        if (pkey->type == EVP_PKEY_RSA) {
-+        if (d->kossl->EVP_PKEY_base_id(pkey) == EVP_PKEY_RSA) {
-             rc = "RSA";
-         } else
- #endif
- #ifndef NO_DSA
--            if (pkey->type == EVP_PKEY_DSA) {
-+            if (d->kossl->EVP_PKEY_base_id(pkey) == EVP_PKEY_DSA) {
-                 rc = "DSA";
-             } else
- #endif
-@@ -336,8 +340,10 @@ QString KSSLCertificate::getPublicKeyText() const
-     if (pkey) {
-         rc = i18nc("Unknown", "Unknown key algorithm");
- #ifndef NO_RSA
--        if (pkey->type == EVP_PKEY_RSA) {
--            x = d->kossl->BN_bn2hex(pkey->pkey.rsa->n);
-+        if (d->kossl->EVP_PKEY_base_id(pkey) == EVP_PKEY_RSA) {
-+            const BIGNUM *n, *e;
-+            d->kossl->RSA_get0_key(d->kossl->EVP_PKEY_get0_RSA(pkey), &n, &e, nullptr);
-+            x = d->kossl->BN_bn2hex(n);
-             rc = i18n("Key type: RSA (%1 bit)", strlen(x) * 4) + '\n';
- 
-             rc += i18n("Modulus: ");
-@@ -352,15 +358,18 @@ QString KSSLCertificate::getPublicKeyText() const
-             rc += '\n';
-             d->kossl->OPENSSL_free(x);
- 
--            x = d->kossl->BN_bn2hex(pkey->pkey.rsa->e);
-+            x = d->kossl->BN_bn2hex(e);
-             rc += i18n("Exponent: 0x") + QLatin1String(x) +
-                   QLatin1String("\n");
-             d->kossl->OPENSSL_free(x);
-         }
- #endif
- #ifndef NO_DSA
--        if (pkey->type == EVP_PKEY_DSA) {
--            x = d->kossl->BN_bn2hex(pkey->pkey.dsa->p);
-+        if (d->kossl->EVP_PKEY_base_id(pkey) == EVP_PKEY_DSA) {
-+            auto dsa = d->kossl->EVP_PKEY_get0_DSA(pkey);
-+            const BIGNUM *p, *q, *g;
-+            d->kossl->DSA_get0_pqg(dsa, &p, &q, &g);
-+            x = d->kossl->BN_bn2hex(p);
-             // hack - this may not be always accurate
-             rc = i18n("Key type: DSA (%1 bit)", strlen(x) * 4) + '\n';
- 
-@@ -376,7 +385,7 @@ QString KSSLCertificate::getPublicKeyText() const
-             rc += '\n';
-             d->kossl->OPENSSL_free(x);
- 
--            x = d->kossl->BN_bn2hex(pkey->pkey.dsa->q);
-+            x = d->kossl->BN_bn2hex(q);
-             rc += i18n("160 bit prime factor: ");
-             for (unsigned int i = 0; i < strlen(x); i++) {
-                 if (i % 40 != 0 && i % 2 == 0) {
-@@ -389,7 +398,7 @@ QString KSSLCertificate::getPublicKeyText() const
-             rc += '\n';
-             d->kossl->OPENSSL_free(x);
- 
--            x = d->kossl->BN_bn2hex(pkey->pkey.dsa->g);
-+            x = d->kossl->BN_bn2hex(g);
-             rc += QString("g: ");
-             for (unsigned int i = 0; i < strlen(x); i++) {
-                 if (i % 40 != 0 && i % 2 == 0) {
-@@ -402,7 +411,9 @@ QString KSSLCertificate::getPublicKeyText() const
-             rc += '\n';
-             d->kossl->OPENSSL_free(x);
- 
--            x = d->kossl->BN_bn2hex(pkey->pkey.dsa->pub_key);
-+            const BIGNUM *pub_key;
-+            d->kossl->DSA_get0_key(dsa, &pub_key, nullptr);
-+            x = d->kossl->BN_bn2hex(pub_key);
-             rc += i18n("Public key: ");
-             for (unsigned int i = 0; i < strlen(x); i++) {
-                 if (i % 40 != 0 && i % 2 == 0) {
-@@ -692,7 +703,7 @@ KSSLCertificate::KSSLValidationList KSSLCertificate::validateVerbose(KSSLCertifi
-             return errors;
-         }
- 
--        X509_STORE_set_verify_cb_func(certStore, X509Callback);
-+        d->kossl->X509_STORE_set_verify_cb(certStore, X509Callback);
- 
-         certLookup = d->kossl->X509_STORE_add_lookup(certStore, d->kossl->X509_LOOKUP_file());
-         if (!certLookup) {
-@@ -733,9 +744,9 @@ KSSLCertificate::KSSLValidationList KSSLCertificate::validateVerbose(KSSLCertifi
-         KSSL_X509CallBack_ca = ca ? ca->d->m_cert : nullptr;
-         KSSL_X509CallBack_ca_found = false;
- 
--        certStoreCTX->error = X509_V_OK;
-+        d->kossl->X509_STORE_CTX_set_error(certStoreCTX, X509_V_OK);
-         rc = d->kossl->X509_verify_cert(certStoreCTX);
--        int errcode = certStoreCTX->error;
-+        int errcode = d->kossl->X509_STORE_CTX_get_error(certStoreCTX);
-         if (ca && !KSSL_X509CallBack_ca_found) {
-             ksslv = KSSLCertificate::Irrelevant;
-         } else {
-@@ -748,9 +759,9 @@ KSSLCertificate::KSSLValidationList KSSLCertificate::validateVerbose(KSSLCertifi
-             d->kossl->X509_STORE_CTX_set_purpose(certStoreCTX,
-                                                  X509_PURPOSE_NS_SSL_SERVER);
- 
--            certStoreCTX->error = X509_V_OK;
-+            d->kossl->X509_STORE_CTX_set_error(certStoreCTX, X509_V_OK);
-             rc = d->kossl->X509_verify_cert(certStoreCTX);
--            errcode = certStoreCTX->error;
-+            errcode = d->kossl->X509_STORE_CTX_get_error(certStoreCTX);
-             ksslv = processError(errcode);
-         }
-         d->kossl->X509_STORE_CTX_free(certStoreCTX);
-@@ -982,7 +993,7 @@ KSSLCertificate::KSSLValidation KSSLCertificate::processError(int ec)
- QString KSSLCertificate::getNotBefore() const
- {
- #if KSSL_HAVE_SSL
--    return ASN1_UTCTIME_QString(X509_get_notBefore(d->m_cert));
-+    return ASN1_UTCTIME_QString(d->kossl->X509_getm_notBefore(d->m_cert));
- #else
-     return QString();
- #endif
-@@ -991,7 +1002,7 @@ QString KSSLCertificate::getNotBefore() const
- QString KSSLCertificate::getNotAfter() const
- {
- #if KSSL_HAVE_SSL
--    return ASN1_UTCTIME_QString(X509_get_notAfter(d->m_cert));
-+    return ASN1_UTCTIME_QString(d->kossl->X509_getm_notAfter(d->m_cert));
- #else
-     return QString();
- #endif
-@@ -1000,7 +1011,7 @@ QString KSSLCertificate::getNotAfter() const
- QDateTime KSSLCertificate::getQDTNotBefore() const
- {
- #if KSSL_HAVE_SSL
--    return ASN1_UTCTIME_QDateTime(X509_get_notBefore(d->m_cert), nullptr);
-+    return ASN1_UTCTIME_QDateTime(d->kossl->X509_getm_notBefore(d->m_cert), nullptr);
- #else
-     return QDateTime::currentDateTime();
- #endif
-@@ -1009,7 +1020,7 @@ QDateTime KSSLCertificate::getQDTNotBefore() const
- QDateTime KSSLCertificate::getQDTNotAfter() const
- {
- #if KSSL_HAVE_SSL
--    return ASN1_UTCTIME_QDateTime(X509_get_notAfter(d->m_cert), nullptr);
-+    return ASN1_UTCTIME_QDateTime(d->kossl->X509_getm_notAfter(d->m_cert), nullptr);
- #else
-     return QDateTime::currentDateTime();
- #endif
-@@ -1210,7 +1221,8 @@ typedef struct NETSCAPE_X509_st {
- QByteArray KSSLCertificate::toNetscape()
- {
-     QByteArray qba;
--#if KSSL_HAVE_SSL
-+     // no equivalent in OpenSSL 1.1.0 (?), so behave as if we had no OpenSSL at all
-+#if KSSL_HAVE_SSL && OPENSSL_VERSION_NUMBER < 0x10100000L
-     NETSCAPE_X509 nx;
-     ASN1_OCTET_STRING hdr;
-     QTemporaryFile ktf;
-@@ -1294,10 +1306,10 @@ QStringList KSSLCertificate::subjAltNames() const
-         return rc;
-     }
- 
--    int cnt = d->kossl->sk_GENERAL_NAME_num(names);
-+    int cnt = d->kossl->OPENSSL_sk_num((STACK *)names);
- 
-     for (int i = 0; i < cnt; i++) {
--        const GENERAL_NAME *val = (const GENERAL_NAME *)d->kossl->sk_value(names, i);
-+        const GENERAL_NAME *val = (const GENERAL_NAME *)d->kossl->OPENSSL_sk_value(names, i);
-         if (val->type != GEN_DNS) {
-             continue;
-         }
-@@ -1309,7 +1321,7 @@ QStringList KSSLCertificate::subjAltNames() const
-             rc += s;
-         }
-     }
--    d->kossl->sk_free(names);
-+    d->kossl->OPENSSL_sk_free(names);
- #endif
-     return rc;
- }
--- 
-2.13.2
-
diff --git a/kdelibs4support-5.39.0.tar.xz b/kdelibs4support-5.39.0.tar.xz
deleted file mode 100644
index 0f071ba..0000000
--- a/kdelibs4support-5.39.0.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:d735000260d8565e812b96c81d510acef14f7b66e9fcbbd2d42711bd1bfcb20f
-size 3340204
diff --git a/kdelibs4support-5.40.0.tar.xz b/kdelibs4support-5.40.0.tar.xz
new file mode 100644
index 0000000..ddf84f6
--- /dev/null
+++ b/kdelibs4support-5.40.0.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f9d7508aa6a72a186ba7d922e82ca49a5ac5d76e1fa02af995d17208128995df
+size 3341884
diff --git a/kdelibs4support.changes b/kdelibs4support.changes
index 702a740..06d0906 100644
--- a/kdelibs4support.changes
+++ b/kdelibs4support.changes
@@ -1,3 +1,17 @@
+-------------------------------------------------------------------
+Mon Nov 13 07:01:14 CET 2017 - lbeltrame@kde.org
+
+- Update to 5.40.0
+  * New feature release
+  * For more details please see:
+  * https://www.kde.org/announcements/kde-frameworks-5.40.0.php
+- Changes since 5.39.0:
+  * full docu for disableSessionManagement() replacement
+  * Make kssl compile against OpenSSL 1.1.0 (kde#370223)
+  * Add .arcconfig
+- Remove patches, now upstream:
+  * 0001-Make-kssl-compile-against-OpenSSL-1.1.0.patch
+
 -------------------------------------------------------------------
 Mon Oct 23 06:41:39 CEST 2017 - lbeltrame@kde.org
 
diff --git a/kdelibs4support.spec b/kdelibs4support.spec
index 45c7d32..c314340 100644
--- a/kdelibs4support.spec
+++ b/kdelibs4support.spec
@@ -18,13 +18,13 @@
 
 %bcond_without lang
 %define lname   libKF5KDELibs4Support5
-%define _tar_path 5.39
+%define _tar_path 5.40
 # Full KF5 version (e.g. 5.33.0)
 %{!?_kf5_version: %global _kf5_version %{version}}
 # Last major and minor KF5 version (e.g. 5.33)
 %{!?_kf5_bugfix_version: %global _kf5_bugfix_version %(echo %{_kf5_version} | awk -F. '{print $1"."$2}')}
 Name:           kdelibs4support
-Version:        5.39.0
+Version:        5.40.0
 Release:        0
 %define kf5_version %{version}
 BuildRequires:  NetworkManager-devel
@@ -79,8 +79,6 @@ Group:          System/GUI/KDE
 Url:            http://www.kde.org
 Source:         http://download.kde.org/stable/frameworks/%{_tar_path}/portingAids/%{name}-%{version}.tar.xz
 Source1:        baselibs.conf
-# PATCH-FIX-UPSTREAM
-Patch1:         0001-Make-kssl-compile-against-OpenSSL-1.1.0.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
@@ -193,7 +191,6 @@ KDEDIRS environment variable correctly. Development files.
 %lang_package
 %prep
 %setup -q
-%patch1 -p1
 
 %build
   %cmake_kf5 -d build