--- /dev/null
+From 214736dce643ce3ee257da017373e88cc19d2d3b Mon Sep 17 00:00:00 2001
+From: Frediano Ziglio <fziglio@redhat.com>
+Date: Thu, 20 Jun 2019 13:26:11 +0100
+Subject: [PATCH] reds: Fix SSL_CTX_set_ecdh_auto call for some old OpenSSL
+
+SSL_CTX_set_ecdh_auto is not defined in some old versions of OpenSSL
+
+Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
+Acked-by: Jeremy White <jwhite@codeweavers.com>
+---
+ configure.ac | 9 +++++++++
+ server/reds.c | 2 ++
+ 2 files changed, 11 insertions(+)
+
+diff --git a/configure.ac b/configure.ac
+index e12d7e85..49c009d4 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -209,6 +209,15 @@ AC_SUBST(SSL_CFLAGS)
+ AC_SUBST(SSL_LIBS)
+ AS_VAR_APPEND([SPICE_REQUIRES], [" openssl"])
+
++save_CFLAGS="$CFLAGS"
++CFLAGS="$CFLAGS $SSL_CFLAGS"
++AC_CHECK_DECLS([SSL_CTX_set_ecdh_auto], [], [], [
++AC_INCLUDES_DEFAULT
++#include <openssl/err.h>
++#include <openssl/ssl.h>
++])
++CFLAGS="$save_CFLAGS"
++
+ AC_CHECK_LIB(jpeg, jpeg_destroy_decompress,
+ AC_MSG_CHECKING([for jpeglib.h])
+ AC_TRY_CPP(
+diff --git a/server/reds.c b/server/reds.c
+index 792e9838..b4061fbc 100644
+--- a/server/reds.c
++++ b/server/reds.c
+@@ -2937,7 +2937,9 @@ static int reds_init_ssl(RedsState *reds)
+ }
+
+ SSL_CTX_set_options(reds->ctx, ssl_options);
++#if HAVE_DECL_SSL_CTX_SET_ECDH_AUTO || defined(SSL_CTX_set_ecdh_auto)
+ SSL_CTX_set_ecdh_auto(reds->ctx, 1);
++#endif
+
+ /* Load our keys and certificates*/
+ return_code = SSL_CTX_use_certificate_chain_file(reds->ctx, reds->config->ssl_parameters.certs_file);
--- /dev/null
+From 5bc932f7a71ede7d8ecd9d88804af95a2eb955c0 Mon Sep 17 00:00:00 2001
+From: Rosen Penev <rosenp@gmail.com>
+Date: Sun, 3 Nov 2019 15:34:33 -0800
+Subject: [PATCH] reds: Fix compilation without deprecated OpenSSL 1.1 APIs
+
+Missing headers for BN_ and RSA_ functions.
+
+Initialization is deprecated with 1.1.
+
+Signed-off-by: Rosen Penev <rosenp@gmail.com>
+Acked-by: Frediano Ziglio <fziglio@redhat.com>
+---
+AUTHORS hunk removed as it does not apply (with 0.14.2 at least)
+
+ AUTHORS | 1 +
+ server/reds.c | 24 ++++++++++++++++--------
+ 2 files changed, 17 insertions(+), 8 deletions(-)
+
+diff --git a/server/reds.c b/server/reds.c
+index c55aa3f8..dc03ef3a 100644
+--- a/server/reds.c
++++ b/server/reds.c
+@@ -36,7 +36,9 @@
+ #include <ws2tcpip.h>
+ #endif
+
++#include <openssl/bn.h>
+ #include <openssl/err.h>
++#include <openssl/rsa.h>
+
+ #if HAVE_SASL
+ #include <sasl/sasl.h>
+@@ -2838,13 +2840,8 @@ static void openssl_thread_setup(void)
+ CRYPTO_set_id_callback(pthreads_thread_id);
+ CRYPTO_set_locking_callback(pthreads_locking_callback);
+ }
+-#else
+-static inline void openssl_thread_setup(void)
+-{
+-}
+-#endif
+
+-static gpointer openssl_global_init(gpointer arg)
++static gpointer openssl_global_init_once(gpointer arg)
+ {
+ SSL_library_init();
+ SSL_load_error_strings();
+@@ -2854,9 +2851,20 @@ static gpointer openssl_global_init(gpointer arg)
+ return NULL;
+ }
+
+-static int reds_init_ssl(RedsState *reds)
++static inline void openssl_global_init(void)
+ {
+ static GOnce openssl_once = G_ONCE_INIT;
++ g_once(&openssl_once, openssl_global_init_once, NULL);
++}
++
++#else
++static inline void openssl_global_init(void)
++{
++}
++#endif
++
++static int reds_init_ssl(RedsState *reds)
++{
+ const SSL_METHOD *ssl_method;
+ int return_code;
+ /* Limit connection to TLSv1.1 or newer.
+@@ -2865,7 +2873,7 @@ static int reds_init_ssl(RedsState *reds)
+ long ssl_options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION | SSL_OP_NO_TLSv1;
+
+ /* Global system initialization*/
+- g_once(&openssl_once, openssl_global_init, NULL);
++ openssl_global_init();
+
+ /* Create our context*/
+ /* SSLv23_method() handles TLSv1.x in addition to SSLv2/v3 */