trojan: add package

2025-04-19 14:13:30 +00:00 · 2019-12-04 21:13:34 -08:00 · 2019-12-04 21:13:34 -08:00 · ce2db4d2c7
commit ce2db4d2c7
parent ece2c7cb9d
10 changed files with 507 additions and 0 deletions
--- a/package/lean/openssl1.1/Makefile
+++ b/package/lean/openssl1.1/Makefile
@ -0,0 +1,158 @@
+#
+# Copyright (C) 2006-2016 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+### Modified by wongsyrone to fit need of trojan-gfw/trojan
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=openssl1.1
+
+PKG_BASE:=1.1.1
+PKG_BUGFIX:=d
+PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX)
+PKG_HASH:=1e3a91bc1f9dfce01af26026f856e064eab4c8ee0a8f457b5ae30b40b8b711f2
+ENGINES_DIR=engines-1.1
+
+
+PKG_RELEASE:=1
+PKG_USE_MIPS16:=0
+PATCH_DIR=./patches/$(PKG_BASE)
+
+PKG_BUILD_PARALLEL:=0
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)/openssl-$(PKG_VERSION)
+
+PKG_SOURCE:=openssl-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:= \
+	http://www.openssl.org/source/ \
+	http://www.openssl.org/source/old/$(PKG_BASE)/
+
+PKG_LICENSE:=OpenSSL
+PKG_LICENSE_FILES:=LICENSE
+PKG_CPE_ID:=cpe:/a:openssl:openssl
+
+include $(INCLUDE_DIR)/package.mk
+
+ifneq ($(CONFIG_CCACHE),)
+HOSTCC=$(HOSTCC_NOCACHE)
+HOSTCXX=$(HOSTCXX_NOCACHE)
+endif
+
+define Package/$(PKG_NAME)/Default
+  TITLE:=Open source SSL toolkit
+  URL:=http://www.openssl.org/
+  SECTION:=libs
+  CATEGORY:=Libraries
+endef
+
+define Package/openssl1.1/Default/description
+The OpenSSL Project is a collaborative effort to develop a robust,
+commercial-grade, full-featured, and Open Source toolkit implementing the
+Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols as well
+as a full-strength general-purpose cryptography library.
+endef
+
+define Package/libopenssl1.1
+$(call Package/openssl1.1/Default)
+  SUBMENU:=SSL
+  TITLE+= (libraries)
+  ABI_VERSION:=$(PKG_VERSION)
+  MENU:=1
+endef
+
+define Package/libopenssl1.1/description
+$(call Package/openssl/Default/description)
+This package contains the OpenSSL shared libraries, needed by other programs.
+endef
+
+
+define Package/libopenssl1.1/conffiles
+/etc/ssl/openssl.cnf
+endef
+
+# do NOT interfere original openssl staging dir
+MY_PKG_STAGING_DIR:=$(BUILD_DIR)/openssl1.1_staging_dir
+
+OPENSSL_OPTIONS:= no-shared no-ssl3-method
+
+# https://github.com/openssl/openssl/issues/1607
+# it seems musl-libc doesn't support this
+OPENSSL_OPTIONS += no-async
+
+OPENSSL_OPTIONS += no-sm2 no-sm3 no-sm4
+
+OPENSSL_OPTIONS += no-idea
+
+OPENSSL_OPTIONS += no-seed
+
+OPENSSL_OPTIONS += no-whirlpool
+
+OPENSSL_OPTIONS += no-deprecated
+
+TARGET_CFLAGS := $(filter-out -O%,$(TARGET_CFLAGS)) -O3
+
+
+
+OPENSSL_TARGET:=linux-$(call qstrip,$(CONFIG_ARCH))-openwrt
+
+
+STAMP_CONFIGURED := $(STAMP_CONFIGURED)_$(shell echo $(OPENSSL_OPTIONS) | mkhash md5)
+
+define Build/Configure
+	[ -f $(STAMP_CONFIGURED) ] || { \
+		rm -f $(PKG_BUILD_DIR)/*.so.* $(PKG_BUILD_DIR)/*.a; \
+		find $(PKG_BUILD_DIR) -name \*.o | xargs rm -f; \
+		rm -rf $(MY_PKG_STAGING_DIR); \
+	}
+	(cd $(PKG_BUILD_DIR); \
+		./Configure $(OPENSSL_TARGET) \
+			--prefix=/usr \
+			--openssldir=/etc/ssl \
+			--libdir=lib \
+			$(TARGET_CPPFLAGS) \
+			$(TARGET_LDFLAGS) \
+			$(OPENSSL_OPTIONS) && \
+		{ [ -f $(STAMP_CONFIGURED) ] || make clean; } \
+	)
+
+endef
+
+TARGET_CFLAGS += $(FPIC) -ffunction-sections -fdata-sections
+TARGET_LDFLAGS += -Wl,--gc-sections
+
+define Build/Compile
+	+$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
+		CROSS_COMPILE="$(TARGET_CROSS)" \
+		CC="$(TARGET_CC)" \
+		SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH) \
+		OPENWRT_OPTIMIZATION_FLAGS="$(TARGET_CFLAGS)" \
+		$(OPENSSL_MAKEFLAGS) \
+		all
+	$(MAKE) -C $(PKG_BUILD_DIR) \
+		CROSS_COMPILE="$(TARGET_CROSS)" \
+		CC="$(TARGET_CC)" \
+		DESTDIR="$(PKG_INSTALL_DIR)" \
+		$(OPENSSL_MAKEFLAGS) \
+		install_sw install_ssldirs
+endef
+
+define Build/InstallDev
+	$(INSTALL_DIR) $(MY_PKG_STAGING_DIR)/usr/include
+	$(CP) $(PKG_INSTALL_DIR)/usr/include/openssl $(MY_PKG_STAGING_DIR)/usr/include/
+	$(INSTALL_DIR) $(MY_PKG_STAGING_DIR)/usr/lib/
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/lib{crypto,ssl}.a $(MY_PKG_STAGING_DIR)/usr/lib/
+endef
+
+define Build/Clean
+	rm -rf $(MY_PKG_STAGING_DIR)
+	$(call Build/Clean/Default)
+endef
+
+define Package/libopenssl1.1/install
+true
+endef
+
+$(eval $(call BuildPackage,libopenssl1.1))
--- a/package/lean/openssl1.1/patches/1.1.1/100-Configure-afalg-support.patch
+++ b/package/lean/openssl1.1/patches/1.1.1/100-Configure-afalg-support.patch
@ -0,0 +1,23 @@
+From bf4f3a5696c65b4a48935599ccba43311c114c95 Mon Sep 17 00:00:00 2001
+From: Eneas U de Queiroz <cote2004-github@yahoo.com>
+Date: Thu, 27 Sep 2018 08:29:21 -0300
+Subject: Do not use host kernel version to disable AFALG
+
+This patch prevents the Configure script from using the host kernel
+version to disable building the AFALG engine on openwrt targets.
+
+Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
+
+--- a/Configure
+++ b/Configure
+@@ -1532,7 +1532,9 @@ unless ($disabled{"crypto-mdebug-backtra
+ 
+ unless ($disabled{afalgeng}) {
+     $config{afalgeng}="";
+-    if (grep { $_ eq 'afalgeng' } @{$target{enable}}) {
+    if ($target =~ m/openwrt$/) {
+        push @{$config{engdirs}}, "afalg";
+    } elsif (grep { $_ eq 'afalgeng' } @{$target{enable}}) {
+         my $minver = 4*10000 + 1*100 + 0;
+         if ($config{CROSS_COMPILE} eq "") {
+             my $verstr = `uname -r`;
--- a/package/lean/openssl1.1/patches/1.1.1/110-openwrt_targets.patch
+++ b/package/lean/openssl1.1/patches/1.1.1/110-openwrt_targets.patch
@ -0,0 +1,60 @@
+From 9a83f8fb7c46215dfb8d6dc2e2cc612bc2a0fd01 Mon Sep 17 00:00:00 2001
+From: Eneas U de Queiroz <cote2004-github@yahoo.com>
+Date: Thu, 27 Sep 2018 08:30:24 -0300
+Subject: Add openwrt targets
+
+Targets are named: linux-$(CONFIG_ARCH)-openwrt
+
+Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
+
+--- /dev/null
+++ b/Configurations/25-openwrt.conf
+@@ -0,0 +1,48 @@
+## Openwrt "CONFIG_ARCH" matching targets.
+
+# The targets need to end in '-openwrt' for the AFALG patch to work
+
+my %targets = (
+    "openwrt" => {
+	template	=> 1,
+	CFLAGS		=> add("\$(OPENWRT_OPTIMIZATION_FLAGS)"),
+    },
+    "linux-aarch64-openwrt" => {
+        inherit_from    => [ "linux-aarch64", "openwrt" ],
+    },
+    "linux-arc-openwrt" => {
+        inherit_from    => [ "linux-generic32", "openwrt" ],
+    },
+    "linux-arm-openwrt" => {
+        inherit_from    => [ "linux-armv4", "openwrt" ],
+    },
+    "linux-armeb-openwrt" => {
+        inherit_from    => [ "linux-armv4", "openwrt" ],
+    },
+    "linux-i386-openwrt" => {
+        inherit_from    => [ "linux-x86", "openwrt" ],
+    },
+    "linux-mips-openwrt" => {
+        inherit_from    => [ "linux-mips32", "openwrt" ],
+    },
+    "linux-mips64-openwrt" => {
+        inherit_from    => [ "linux64-mips64", "openwrt" ],
+    },
+    "linux-mips64el-openwrt" => {
+        inherit_from    => [ "linux64-mips64", "openwrt" ],
+    },
+    "linux-mipsel-openwrt" => {
+        inherit_from    => [ "linux-mips32", "openwrt" ],
+    },
+    "linux-powerpc-openwrt" => {
+        inherit_from    => [ "linux-ppc", "openwrt" ],
+    },
+    "linux-x86_64-openwrt" => {
+        inherit_from    => [ "linux-x86_64", "openwrt" ],
+    },
+
+### Basic default option
+    "linux-generic32-openwrt" => {
+        inherit_from    => [ "linux-generic32", "openwrt" ],
+    },
+);
--- a/package/lean/openssl1.1/patches/1.1.1/120-strip-cflags-from-binary.patch
+++ b/package/lean/openssl1.1/patches/1.1.1/120-strip-cflags-from-binary.patch
@ -0,0 +1,21 @@
+From f453f3eccb852740e37e9436dac5670d311c13b0 Mon Sep 17 00:00:00 2001
+From: Eneas U de Queiroz <cote2004-github@yahoo.com>
+Date: Thu, 27 Sep 2018 08:31:38 -0300
+Subject: void exposing build directories
+
+The CFLAGS contain the build directories, and are shown by calling
+OpenSSL_version(OPENSSL_CFLAGS), or running openssl version -a
+
+Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
+
+--- a/crypto/build.info
+++ b/crypto/build.info
+@@ -10,7 +10,7 @@ EXTRA=  ../ms/uplink-x86.pl ../ms/uplink
+         ppccpuid.pl pariscid.pl alphacpuid.pl arm64cpuid.pl armv4cpuid.pl
+ 
+ DEPEND[cversion.o]=buildinf.h
+-GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q)" "$(PLATFORM)"
+GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(filter-out -I% -iremap% -fmacro-prefix-map%,$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q))" "$(PLATFORM)"
+ DEPEND[buildinf.h]=../configdata.pm
+ 
+ GENERATE[uplink-x86.s]=../ms/uplink-x86.pl $(PERLASM_SCHEME)
--- a/package/lean/openssl1.1/patches/1.1.1/130-dont-build-tests-fuzz.patch
+++ b/package/lean/openssl1.1/patches/1.1.1/130-dont-build-tests-fuzz.patch
@ -0,0 +1,29 @@
+From e2339aa9c68837089d17cf309022cee497fe2412 Mon Sep 17 00:00:00 2001
+From: Eneas U de Queiroz <cote2004-github@yahoo.com>
+Date: Thu, 27 Sep 2018 08:34:38 -0300
+Subject: Do not build tests and fuzz directories
+
+This shortens build time.
+
+Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
+
+--- a/Configure
+++ b/Configure
+@@ -296,7 +296,7 @@ my $auto_threads=1;    # enable threads
+ my $default_ranlib;
+ 
+ # Top level directories to build
+-$config{dirs} = [ "crypto", "ssl", "engines", "apps", "test", "util", "tools", "fuzz" ];
+$config{dirs} = [ "crypto", "ssl", "engines", "apps", "util", "tools" ];
+ # crypto/ subdirectories to build
+ $config{sdirs} = [
+     "objects",
+@@ -308,7 +308,7 @@ $config{sdirs} = [
+     "cms", "ts", "srp", "cmac", "ct", "async", "kdf", "store"
+     ];
+ # test/ subdirectories to build
+-$config{tdirs} = [ "ossl_shim" ];
+$config{tdirs} = [];
+ 
+ # Known TLS and DTLS protocols
+ my @tls = qw(ssl3 tls1 tls1_1 tls1_2 tls1_3);
--- a/package/lean/openssl1.1/patches/1.1.1/140-allow-prefer-chacha20.patch
+++ b/package/lean/openssl1.1/patches/1.1.1/140-allow-prefer-chacha20.patch
@ -0,0 +1,78 @@
+From 286e015bf0d30530707a5e7b3b871509f2ab50d7 Mon Sep 17 00:00:00 2001
+From: Eneas U de Queiroz <cote2004-github@yahoo.com>
+Date: Thu, 27 Sep 2018 08:44:39 -0300
+Subject: Add OPENSSL_PREFER_CHACHA_OVER_GCM option
+
+This enables a compile-time option to prefer ChaCha20-Poly1305 over
+AES-GCM in the openssl default ciphersuite, which is useful in systems
+without AES specific CPU instructions.
+OPENSSL_PREFER_CHACHA_OVER_GCM must be defined to enable it.
+
+Note that this does not have the same effect as the
+SL_OP_PRIORITIZE_CHACHA option, which prioritizes ChaCha20-Poly1305 only
+when the client has it on top of its ciphersuite preference.
+
+Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
+
+--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
+@@ -173,9 +173,15 @@ extern "C" {
+ # define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL"
+ /* This is the default set of TLSv1.3 ciphersuites */
+ # if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
+-#  define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
+-                                   "TLS_CHACHA20_POLY1305_SHA256:" \
+-                                   "TLS_AES_128_GCM_SHA256"
+#  ifdef OPENSSL_PREFER_CHACHA_OVER_GCM
+#   define TLS_DEFAULT_CIPHERSUITES "TLS_CHACHA20_POLY1305_SHA256:" \
+                                    "TLS_AES_256_GCM_SHA384:" \
+                                    "TLS_AES_128_GCM_SHA256"
+#  else
+#   define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
+                                    "TLS_CHACHA20_POLY1305_SHA256:" \
+                                    "TLS_AES_128_GCM_SHA256"
+#  endif
+ # else
+ #  define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
+                                    "TLS_AES_128_GCM_SHA256"
+--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
+@@ -1467,11 +1467,29 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
+     ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head,
+                           &tail);
+ 
+    /*
+     * If OPENSSL_PREFER_CHACHA_OVER_GCM is defined, ChaCha20_Poly1305
+     * will be placed before AES-256.  Otherwise, the default behavior of
+     * preferring GCM over CHACHA is used.
+     * This is useful for systems that do not have AES-specific CPU
+     * instructions, where ChaCha20-Poly1305 is 3 times faster than AES.
+     * Note that this does not have the same effect as the SSL_OP_PRIORITIZE_CHACHA
+     * option, which prioritizes ChaCha20-Poly1305 only when the client has it on top
+     * of its ciphersuite preference.
+     */
+
+#ifdef OPENSSL_PREFER_CHACHA_OVER_GCM
+    ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20, 0, 0, 0, CIPHER_ADD, -1,
+                          &head, &tail);
+    ssl_cipher_apply_rule(0, 0, 0, SSL_AESGCM, 0, 0, 0, CIPHER_ADD, -1,
+                          &head, &tail);
+#else
+     /* Within each strength group, we prefer GCM over CHACHA... */
+     ssl_cipher_apply_rule(0, 0, 0, SSL_AESGCM, 0, 0, 0, CIPHER_ADD, -1,
+                           &head, &tail);
+     ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20, 0, 0, 0, CIPHER_ADD, -1,
+                           &head, &tail);
+#endif
+ 
+     /*
+      * ...and generally, our preferred cipher is AES.
+@@ -1527,7 +1545,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
+      * Within each group, ciphers remain sorted by strength and previous
+      * preference, i.e.,
+      * 1) ECDHE > DHE
+-     * 2) GCM > CHACHA
+     * 2) GCM > CHACHA, reversed if OPENSSL_PREFER_CHACHA_OVER_GCM is defined
+      * 3) AES > rest
+      * 4) TLS 1.2 > legacy
+      *
--- a/package/lean/trojan/Makefile
+++ b/package/lean/trojan/Makefile
@ -0,0 +1,86 @@
+#
+# Copyright (C) 2018-2019 wongsyrone
+#
+# This is free software, licensed under the GNU General Public License v3.
+# See /LICENSE for more information.
+#
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=trojan
+PKG_VERSION:=1.13.0
+PKG_RELEASE:=1
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://github.com/trojan-gfw/trojan.git
+PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
+PKG_SOURCE_VERSION:=842ad5bb07eb8bce035fb274571e586629a97c99
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
+CMAKE_INSTALL:=1
+PKG_BUILD_PARALLEL:=0
+
+PKG_BUILD_DEPENDS:=openssl1.1
+
+PKG_LICENSE:=GPL-3.0
+
+PKG_MAINTAINER:=GreaterFire
+
+include $(INCLUDE_DIR)/package.mk
+include $(INCLUDE_DIR)/cmake.mk
+
+TARGET_CXXFLAGS += -Wall -Wextra
+TARGET_CXXFLAGS += $(FPIC)
+
+# LTO
+TARGET_CXXFLAGS += -flto
+TARGET_LDFLAGS += -flto
+
+# CXX standard
+TARGET_CXXFLAGS += -std=c++11
+
+TARGET_CXXFLAGS := $(filter-out -O%,$(TARGET_CXXFLAGS)) -O3
+MY_OPENSSL_DIR:=$(BUILD_DIR)/openssl1.1_staging_dir/usr
+
+TARGET_CXXFLAGS += -ffunction-sections -fdata-sections
+TARGET_LDFLAGS += -Wl,--gc-sections
+
+CMAKE_FIND_ROOT_PATH := $(MY_OPENSSL_DIR);$(CMAKE_FIND_ROOT_PATH)
+TARGET_CXXFLAGS := -I$(MY_OPENSSL_DIR)/include $(TARGET_CXXFLAGS)
+TARGET_LDFLAGS := -L$(MY_OPENSSL_DIR)/lib $(TARGET_LDFLAGS)
+
+
+
+CMAKE_OPTIONS += \
+	-DENABLE_MYSQL=OFF \
+	-DENABLE_SSL_KEYLOG=ON \
+	-DENABLE_NAT=ON \
+	-DFORCE_TCP_FASTOPEN=OFF \
+	-DSYSTEMD_SERVICE=OFF \
+	-DOPENSSL_USE_STATIC_LIBS=TRUE \
+	-DBoost_DEBUG=ON \
+	-DBoost_NO_BOOST_CMAKE=ON
+
+
+
+define Package/trojan
+	SECTION:=net
+	CATEGORY:=Network
+	TITLE:=An unidentifiable mechanism that helps you bypass GFW
+	URL:=https://github.com/trojan-gfw/trojan
+	DEPENDS:=+libpthread +libstdcpp \
+		+boost +boost-system +boost-program_options +boost-date_time
+endef
+
+
+
+define Package/trojan/install
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/trojan $(1)/usr/sbin/trojan
+	$(INSTALL_DIR) $(1)/etc/config
+	$(INSTALL_DATA) ./files/trojan.config $(1)/etc/config/trojan
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_BIN) ./files/trojan.init $(1)/etc/init.d/trojan
+	$(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/trojan/config.json $(1)/etc/trojan.json
+endef
+
+
+$(eval $(call BuildPackage,trojan))
--- a/package/lean/trojan/files/trojan.config
+++ b/package/lean/trojan/files/trojan.config
@ -0,0 +1,4 @@
+
+config trojan
+	option enabled     '0'
+
--- a/package/lean/trojan/files/trojan.init
+++ b/package/lean/trojan/files/trojan.init
@ -0,0 +1,37 @@
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2018 wongsyrone
+
+. /lib/functions.sh
+
+START=95
+USE_PROCD=1
+#PROCD_DEBUG=1
+
+PROG=/usr/sbin/trojan
+CONF=/etc/trojan.json
+
+config_load "trojan"
+
+parse_trojan() {
+	config_get ENABLED "$section" "enabled"
+}
+
+config_foreach parse_trojan 'trojan'
+
+
+start_service() {
+	if [ "1" = "$ENABLED" ] || [ "on" = "$ENABLED" ] || [ "true" = "$ENABLED" ]; then
+		procd_open_instance
+		procd_set_param command $PROG --config $CONF
+		procd_set_param user root # run service as user root
+		procd_set_param stdout 1 # forward stdout of the command to logd
+		procd_set_param stderr 1 # same for stderr
+		procd_set_param limits nofile="1048576 1048576" # max allowed value can be fetched via /proc/sys/fs/nr_open
+		[ -e /proc/sys/kernel/core_pattern ] && {
+			procd_append_param limits core="unlimited"
+		}
+		procd_close_instance
+	else
+		echo "trojan is disabled"
+	fi
+}
--- a/package/lean/trojan/patches/001-force-openssl-version.patch
+++ b/package/lean/trojan/patches/001-force-openssl-version.patch
@ -0,0 +1,11 @@
+--- a/CMakeLists.txt
+++ b/CMakeLists.txt
+@@ -43,7 +43,7 @@ if(MSVC)
+     add_definitions(-DBOOST_DATE_TIME_NO_LIB)
+ endif()
+ 
+-find_package(OpenSSL 1.0.2 REQUIRED)
+find_package(OpenSSL 1.1.1 REQUIRED)
+ include_directories(${OPENSSL_INCLUDE_DIR})
+ target_link_libraries(trojan ${OPENSSL_LIBRARIES})
+ if(OPENSSL_VERSION VERSION_GREATER_EQUAL 1.1.1)