From 25a76d78767f64b7f9c6423d0a1f4e145e6f1ea1 Mon Sep 17 00:00:00 2001
From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Wed, 25 Feb 2026 20:43:12 +0000
Subject: [PATCH] Fix compilation with OpenSSL 1.0.1

---
 ncat/ncat_connect.c   | 2 ++
 ncat/ncat_listen.c    | 3 +++
 ncat/ncat_main.c      | 4 ++++
 nsock/src/nsock_ssl.c | 5 +++++
 4 files changed, 14 insertions(+)

diff --git a/ncat/ncat_connect.c b/ncat/ncat_connect.c
index cdb06110b..ee04695fc 100644
--- a/ncat/ncat_connect.c
+++ b/ncat/ncat_connect.c
@@ -194,6 +194,7 @@ static void set_ssl_ctx_options(SSL_CTX *ctx)
         bye("Unable to set OpenSSL cipher list: %s", ERR_error_string(ERR_get_error(), NULL));
     }
 
+#if OPENSSL_VERSION_NUMBER >= 0x010002000L
     if (o.sslalpn) {
         size_t alpn_len;
         unsigned char *alpn = next_protos_parse(&alpn_len, o.sslalpn);
@@ -212,6 +213,7 @@ static void set_ssl_ctx_options(SSL_CTX *ctx)
 
         free(alpn);
     }
+#endif
 
 }
 #endif
diff --git a/ncat/ncat_listen.c b/ncat/ncat_listen.c
index 835cad5cc..644555963 100644
--- a/ncat/ncat_listen.c
+++ b/ncat/ncat_listen.c
@@ -84,6 +84,9 @@
 #ifdef HAVE_OPENSSL
 #include <openssl/ssl.h>
 #include <openssl/err.h>
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#define DTLS_server_method DTLSv1_server_method
+#endif
 #endif
 
 #ifdef WIN32
diff --git a/ncat/ncat_main.c b/ncat/ncat_main.c
index f0b7442b2..4972a1eec 100644
--- a/ncat/ncat_main.c
+++ b/ncat/ncat_main.c
@@ -519,7 +519,11 @@ int main(int argc, char *argv[])
             }
             else if (strcmp(long_options[option_index].name, "ssl-alpn") == 0) {
                 o.ssl = 1;
+#if OPENSSL_VERSION_NUMBER >= 0x010002000L
                 o.sslalpn = Strdup(optarg);
+#else
+		bye("This version of OpenSSL does not support ALPN.");
+#endif
             }
 #else
             else if (strcmp(long_options[option_index].name, "ssl-cert") == 0) {
diff --git a/nsock/src/nsock_ssl.c b/nsock/src/nsock_ssl.c
index 12aa028c7..c1ff6082d 100644
--- a/nsock/src/nsock_ssl.c
+++ b/nsock/src/nsock_ssl.c
@@ -64,6 +64,9 @@
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
 #include <openssl/provider.h>
 #endif
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#define DTLS_client_method DTLSv1_client_method
+#endif
 
 /* Disallow anonymous ciphers (Diffie-Hellman key agreement), low bit-strength
  * ciphers, export-crippled ciphers, and MD5. Prefer ciphers in decreasing order
@@ -214,8 +217,10 @@ nsock_ssl_ctx nsock_pool_dtls_init(nsock_pool ms_pool, int flags) {
     ms->dtlsctx = dtls_init_common();
   dtls_ctx = (SSL_CTX *) nsock_pool_ssl_init_helper(ms->dtlsctx, flags);
 
+#ifdef SSL_OP_TLSEXT_PADDING
   /* Don't add padding or the ClientHello will fragment and not connect properly. */
   SSL_CTX_clear_options(dtls_ctx, SSL_OP_TLSEXT_PADDING);
+#endif
 
   if (!SSL_CTX_set_cipher_list(dtls_ctx, "DEFAULT"))
     fatal("Unable to set OpenSSL cipher list: %s",