SSL: fixed compatibility with OpenSSL 3.0.
diff --git a/auto/openssl b/auto/openssl
index 1140c6f..8409f75 100644
--- a/auto/openssl
+++ b/auto/openssl
@@ -25,31 +25,7 @@
 
 
 if [ $njs_found = yes ]; then
-    njs_feature="OpenSSL HKDF"
-    njs_feature_name=NJS_HAVE_OPENSSL_HKDF
-    njs_feature_test="#include <openssl/evp.h>
-                      #include <openssl/kdf.h>
-
-                      int main(void) {
-                          EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
-
-                          EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256());
-                          EVP_PKEY_CTX_free(pctx);
-
-                          return 0;
-                      }"
-    . auto/feature
-
-    njs_feature="OpenSSL EVP_MD_CTX_new()"
-    njs_feature_name=NJS_HAVE_OPENSSL_EVP_MD_CTX_NEW
-    njs_feature_test="#include <openssl/evp.h>
-
-                      int main(void) {
-                          EVP_MD_CTX *ctx = EVP_MD_CTX_new();
-                          EVP_MD_CTX_free(ctx);
-                          return 0;
-                      }"
-    . auto/feature
+    echo " + OpenSSL version: `openssl version`"
 
     NJS_HAVE_OPENSSL=YES
     NJS_OPENSSL_LIB="$njs_feature_libs"
diff --git a/external/njs_openssl.h b/external/njs_openssl.h
new file mode 100644
index 0000000..dd2f34c
--- /dev/null
+++ b/external/njs_openssl.h
@@ -0,0 +1,53 @@
+
+/*
+ * Copyright (C) Dmitry Volyntsev
+ * Copyright (C) NGINX, Inc.
+ */
+
+
+#ifndef _NJS_EXTERNAL_OPENSSL_H_INCLUDED_
+#define _NJS_EXTERNAL_OPENSSL_H_INCLUDED_
+
+
+#define OPENSSL_SUPPRESS_DEPRECATED
+
+#include <openssl/bn.h>
+#include <openssl/bio.h>
+#include <openssl/x509.h>
+#include <openssl/evp.h>
+#include <openssl/aes.h>
+#include <openssl/rsa.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#include <openssl/crypto.h>
+
+#if EVP_PKEY_HKDF
+#include <openssl/kdf.h>
+#endif
+
+
+#if (defined LIBRESSL_VERSION_NUMBER && OPENSSL_VERSION_NUMBER == 0x20000000L)
+#undef OPENSSL_VERSION_NUMBER
+#if (LIBRESSL_VERSION_NUMBER >= 0x2080000fL)
+#define OPENSSL_VERSION_NUMBER  0x1010000fL
+#else
+#define OPENSSL_VERSION_NUMBER  0x1000107fL
+#endif
+#endif
+
+
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+#define njs_evp_md_ctx_new()  EVP_MD_CTX_new()
+#define njs_evp_md_ctx_free(_ctx)  EVP_MD_CTX_free(_ctx)
+#else
+#define njs_evp_md_ctx_new()  EVP_MD_CTX_create()
+#define njs_evp_md_ctx_free(_ctx)  EVP_MD_CTX_destroy(_ctx)
+#endif
+
+
+#if (OPENSSL_VERSION_NUMBER < 0x30000000L && !defined ERR_peek_error_data)
+#define ERR_peek_error_data(d, f)    ERR_peek_error_line_data(NULL, NULL, d, f)
+#endif
+
+
+#endif /* _NJS_EXTERNAL_OPENSSL_H_INCLUDED_ */
diff --git a/external/njs_webcrypto.c b/external/njs_webcrypto.c
index 00f9e63..bed7cef 100644
--- a/external/njs_webcrypto.c
+++ b/external/njs_webcrypto.c
@@ -7,29 +7,7 @@
 
 #include <njs_main.h>
 #include "njs_webcrypto.h"
-
-#include <openssl/bn.h>
-#include <openssl/bio.h>
-#include <openssl/x509.h>
-#include <openssl/evp.h>
-#include <openssl/aes.h>
-#include <openssl/rsa.h>
-#include <openssl/err.h>
-#include <openssl/rand.h>
-#include <openssl/crypto.h>
-
-#if NJS_HAVE_OPENSSL_HKDF
-#include <openssl/kdf.h>
-#endif
-
-#if NJS_HAVE_OPENSSL_EVP_MD_CTX_NEW
-#define njs_evp_md_ctx_new()  EVP_MD_CTX_new();
-#define njs_evp_md_ctx_free(_ctx)  EVP_MD_CTX_free(_ctx);
-#else
-#define njs_evp_md_ctx_new()  EVP_MD_CTX_create();
-#define njs_evp_md_ctx_free(_ctx)  EVP_MD_CTX_destroy(_ctx);
-#endif
-
+#include "njs_openssl.h"
 
 typedef enum {
     NJS_KEY_FORMAT_RAW          = 1 << 1,
@@ -1449,7 +1427,7 @@
         break;
 
     case NJS_ALGORITHM_HKDF:
-#ifdef NJS_HAVE_OPENSSL_HKDF
+#ifdef EVP_PKEY_HKDF
         ret = njs_algorithm_hash(vm, aobject, &hash);
         if (njs_slow_path(ret == NJS_ERROR)) {
             goto fail;
@@ -2588,7 +2566,7 @@
 
         for ( ;; ) {
 
-            n = ERR_peek_error_line_data(NULL, NULL, &data, &flags);
+            n = ERR_peek_error_data(&data, &flags);
 
             if (n == 0) {
                 break;