--- /dev/null
+--- a/dnssec.c
++++ b/dnssec.c
+@@ -23,6 +23,9 @@
+ #include <openssl/rand.h>
+ #include <openssl/err.h>
+ #include <openssl/md5.h>
++#include <openssl/bn.h>
++#include <openssl/rsa.h>
++#include <openssl/dsa.h>
+ #endif
+
+ ldns_rr *
+--- a/dnssec_sign.c
++++ b/dnssec_sign.c
+@@ -17,6 +17,9 @@
+ #include <openssl/rand.h>
+ #include <openssl/err.h>
+ #include <openssl/md5.h>
++#include <openssl/bn.h>
++#include <openssl/rsa.h>
++#include <openssl/dsa.h>
+ #endif /* HAVE_SSL */
+
+ ldns_rr *
+--- a/dnssec_verify.c
++++ b/dnssec_verify.c
+@@ -594,7 +594,9 @@ ldns_dnssec_trust_tree_print_sm_fmt(FILE
+ if (tree->parent_status[i]
+ == LDNS_STATUS_SSL_ERR) {
+ printf("; SSL Error: ");
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ ERR_load_crypto_strings();
++#endif
+ ERR_print_errors_fp(stdout);
+ printf("\n");
+ }
+--- a/drill/drill.c
++++ b/drill/drill.c
+@@ -1013,7 +1013,7 @@ main(int argc, char *argv[])
+ xfree(tsig_data);
+ xfree(tsig_algorithm);
+
+-#ifdef HAVE_SSL
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ CRYPTO_cleanup_all_ex_data();
+ ERR_free_strings();
+ EVP_cleanup();
+--- a/host2str.c
++++ b/host2str.c
+@@ -28,6 +28,12 @@
+ #include <time.h>
+ #include <sys/time.h>
+
++#ifdef HAVE_SSL
++#include <openssl/bn.h>
++#include <openssl/rsa.h>
++#include <openssl/dsa.h>
++#endif
++
+ #ifndef INET_ADDRSTRLEN
+ #define INET_ADDRSTRLEN 16
+ #endif
+--- a/keys.c
++++ b/keys.c
+@@ -16,8 +16,12 @@
+
+ #ifdef HAVE_SSL
+ #include <openssl/ssl.h>
+-#include <openssl/engine.h>
+ #include <openssl/rand.h>
++#include <openssl/bn.h>
++#include <openssl/rsa.h>
++#include <openssl/dsa.h>
++#include <openssl/engine.h>
++#include <openssl/ui.h>
+ #endif /* HAVE_SSL */
+
+ ldns_lookup_table ldns_signing_algorithms[] = {