newer versions of openssl have started to be compatible across minor versions too, so this sanity check fails. since we already handle compatibility with openssl via SONAME checks, we don't need this openssh check at all. http://marc.info/?l=openssl-dev&m=133176786215023&w=2 --- a/entropy.c +++ b/entropy.c @@ -208,16 +208,7 @@ seed_rng(void) { #ifndef OPENSSL_PRNG_ONLY unsigned char buf[RANDOM_SEED_SIZE]; -#endif - /* - * OpenSSL version numbers: MNNFFPPS: major minor fix patch status - * We match major, minor, fix and status (not patch) - */ - if ((SSLeay() ^ OPENSSL_VERSION_NUMBER) & ~0xff0L) - fatal("OpenSSL version mismatch. Built against %lx, you " - "have %lx", (u_long)OPENSSL_VERSION_NUMBER, SSLeay()); -#ifndef OPENSSL_PRNG_ONLY if (RAND_status() == 1) { debug3("RNG is ready, skipping seeding"); return;