--- /dev/null
+From 39e4ac0cf8d415b41dc2ff1fc329de0522b135ca Mon Sep 17 00:00:00 2001
+From: Stefan Strogin <stefan.strogin@gmail.com>
+Date: Wed, 24 Apr 2019 09:16:12 +0300
+Subject: [PATCH] Fix build to LibreSSL
+
+Upstream-Status: Inappropriate
+[https://github.com/FreeRADIUS/freeradius-server/commit/9652affe38f41ba2484e013cf9d2c0bcb8c80d67]
+Signed-off-by: Stefan Strogin <stefan.strogin@gmail.com>
+---
+ src/main/tls.c | 9 ++++++---
+ src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.c | 3 ++-
+ 2 files changed, 8 insertions(+), 4 deletions(-)
+
+diff --git a/src/main/tls.c b/src/main/tls.c
+index 9726953234..840724bf61 100644
+--- a/src/main/tls.c
++++ b/src/main/tls.c
+@@ -1579,7 +1579,8 @@ done:
+ return 0;
+ }
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
++ (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2090100fL)
+ static SSL_SESSION *cbtls_get_session(SSL *ssl, unsigned char *data, int len, int *copy)
+ #else
+ static SSL_SESSION *cbtls_get_session(SSL *ssl, const unsigned char *data, int len, int *copy)
+@@ -3379,14 +3380,16 @@ post_ca:
+ */
+ SSL_CTX_sess_set_cache_size(ctx, conf->session_cache_size);
+
+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
++/* Not implemented in LibreSSL 2.9.1 */
++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
+ SSL_CTX_set_num_tickets(ctx, 1);
+ #endif
+
+ } else {
+ SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
+
+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
++/* Not implemented in LibreSSL 2.9.1 */
++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
+ /*
+ * This controls the number of stateful or stateless tickets
+ * generated with TLS 1.3. In OpenSSL 1.1.1 it's also
+diff --git a/src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.c b/src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.c
+index fa9c58f3c3..a53341fc20 100644
+--- a/src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.c
++++ b/src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.c
+@@ -44,7 +44,8 @@ static int openssl_get_keyblock_size(REQUEST *request, SSL *ssl)
+ {
+ const EVP_CIPHER *c;
+ const EVP_MD *h;
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
++ (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2090100fL)
+ int md_size;
+
+ if (ssl->enc_read_ctx == NULL || ssl->enc_read_ctx->cipher == NULL ||
+--
+2.21.0
+