--- src/ctx.c	2015-11-26 13:32:51.458101892 +0100
+++ src/ctx.c	2015-11-26 13:36:05.918181575 +0100
@@ -349,7 +349,7 @@
 /**************************************** initialize OpenSSL CONF */
 
 NOEXPORT int conf_init(SERVICE_OPTIONS *section) {
-#if OPENSSL_VERSION_NUMBER>=0x10002000L
+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
     SSL_CONF_CTX *cctx;
     NAME_LIST *curr;
     char *cmd, *param;
--- src/options.c	2015-11-26 13:32:51.457101897 +0100
+++ src/options.c	2015-11-26 13:39:04.422336822 +0100
@@ -1261,7 +1261,7 @@
         break;
     }
 
-#if OPENSSL_VERSION_NUMBER>=0x10002000L
+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
 
     /* checkEmail */
     switch(cmd) {
@@ -1398,7 +1398,7 @@
         break;
     }
 
-#if OPENSSL_VERSION_NUMBER>=0x10002000L
+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
 
     /* config */
     switch(cmd) {
@@ -2539,7 +2539,7 @@
     /* sslVersion */
     switch(cmd) {
     case CMD_BEGIN:
-#if OPENSSL_VERSION_NUMBER>=0x10100000L
+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
         section->client_method=(SSL_METHOD *)TLS_client_method();
         section->server_method=(SSL_METHOD *)TLS_server_method();
 #else
@@ -2551,7 +2551,7 @@
         if(strcasecmp(opt, "sslVersion"))
             break;
         if(!strcasecmp(arg, "all")) {
-#if OPENSSL_VERSION_NUMBER>=0x10100000L
+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
             section->client_method=(SSL_METHOD *)TLS_client_method();
             section->server_method=(SSL_METHOD *)TLS_server_method();
 #else
--- src/prototypes.h	2015-11-26 13:32:51.459101887 +0100
+++ src/prototypes.h	2015-11-26 13:38:04.814618905 +0100
@@ -207,7 +207,7 @@
     char *ocsp_url;
     unsigned long ocsp_flags;
 #endif /* !defined(OPENSSL_NO_OCSP) */
-#if OPENSSL_VERSION_NUMBER>=0x10002000L
+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
     NAME_LIST *check_host, *check_email, *check_ip;   /* cert subject checks */
     NAME_LIST *config;                               /* OpenSSL CONF options */
 #endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */
--- src/verify.c	2015-11-26 13:32:51.458101892 +0100
+++ src/verify.c	2015-11-26 13:37:51.442682192 +0100
@@ -51,7 +51,7 @@
 NOEXPORT int verify_callback(int, X509_STORE_CTX *);
 NOEXPORT int verify_checks(CLI *, int, X509_STORE_CTX *);
 NOEXPORT int cert_check(CLI *, X509_STORE_CTX *, int);
-#if OPENSSL_VERSION_NUMBER>=0x10002000L
+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
 NOEXPORT int cert_check_subject(CLI *, X509_STORE_CTX *);
 #endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */
 NOEXPORT int cert_check_local(X509_STORE_CTX *);
@@ -185,7 +185,7 @@
     }
     if(section->verify_level>=3) /* levels>=3 don't rely on PKI */
         return;
-#if OPENSSL_VERSION_NUMBER>=0x10002000L
+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
     if(section->check_email || section->check_host || section->check_ip)
         return;
 #endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */
@@ -280,7 +280,7 @@
     }
 
     if(depth==0) { /* additional peer certificate checks */
-#if OPENSSL_VERSION_NUMBER>=0x10002000L
+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
         if(!cert_check_subject(c, callback_ctx))
             return 0; /* reject */
 #endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */
@@ -291,7 +291,7 @@
     return 1; /* accept */
 }
 
-#if OPENSSL_VERSION_NUMBER>=0x10002000L
+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
 NOEXPORT int cert_check_subject(CLI *c, X509_STORE_CTX *callback_ctx) {
     X509 *cert=X509_STORE_CTX_get_current_cert(callback_ctx);
     NAME_LIST *ptr;