diff --git a/daemon/dtls.c b/daemon/dtls.c
index e80a6f751..9ddabfe97 100644
--- a/daemon/dtls.c
+++ b/daemon/dtls.c
@@ -5,6 +5,8 @@
 #include <glib.h>
 #include <openssl/ssl.h>
 #include <openssl/x509.h>
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <openssl/err.h>
@@ -19,7 +21,10 @@
 #include "ice.h"
 
 
-
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L
+#define X509_getm_notBefore X509_get_notBefore
+#define X509_getm_notAfter X509_get_notAfter
+#endif
 
 
 #define DTLS_DEBUG 0
@@ -239,10 +244,10 @@ static int cert_init(void) {
 
 	/* cert lifetime */
 
-	if (!X509_gmtime_adj(X509_get_notBefore(x509), -60*60*24))
+	if (!X509_gmtime_adj(X509_getm_notBefore(x509), -60*60*24))
 		goto err;
 
-	if (!X509_gmtime_adj(X509_get_notAfter(x509), CERT_EXPIRY_TIME))
+	if (!X509_gmtime_adj(X509_getm_notAfter(x509), CERT_EXPIRY_TIME))
 		goto err;
 
 	/* sign it */
diff --git a/lib/ssllib.c b/lib/ssllib.c
index f5f1e2a8b..c355192c5 100644
--- a/lib/ssllib.c
+++ b/lib/ssllib.c
@@ -35,10 +35,6 @@ static void make_OpenSSL_thread_safe(void) {
 	CRYPTO_THREADID_set_callback(cb_openssl_threadid);
 	CRYPTO_set_locking_callback(cb_openssl_lock);
 }
-#else
-static void make_OpenSSL_thread_safe(void) {
-	;
-}
 #endif
 
 
@@ -46,7 +42,9 @@ void rtpe_ssl_init(void) {
 	struct timespec ts;
 	clock_gettime(CLOCK_REALTIME, &ts);
 	srandom(ts.tv_sec ^ ts.tv_nsec);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 	SSL_library_init();
 	SSL_load_error_strings();
 	make_OpenSSL_thread_safe();
+#endif
 }