Retrieve session ID via accessors instead of reaching inside the struct.
Fix verify callback with opaque X509 structs.
Allow building against OpenSSL without SSLv2/v3 support.

Index: src/myssl_openssl.c
--- src/myssl_openssl.c.orig
+++ src/myssl_openssl.c
@@ -48,16 +48,18 @@ static int cmp_sockaddr(struct sockaddr_in *a, struct 
 
 static void dump_session_id(SSL_SESSION * s)
 {
-  int i;
+  const unsigned char *session_id;
+  unsigned int i, session_id_length;
   if(!s)
   {
     DEBUG_SSL("No session ID to dump?\n");
     return;
   }
-  DEBUG_SSL("ssl_session_id(%d) = [", s->session_id_length);
-  for(i = 0; i < s->session_id_length; i++)
+  session_id = SSL_SESSION_get_id(s, &session_id_length);
+  DEBUG_SSL("ssl_session_id(%u) = [", session_id_length);
+  for(i = 0; i < session_id_length; i++)
   {
-    DEBUG_SSL(" %02x", s->session_id[i]);
+    DEBUG_SSL(" %02x", session_id[i]);
   }
   DEBUG_SSL("]\n");
   return;
@@ -394,10 +396,10 @@ static int my_ssl_verify_callback(int ok, X509_STORE_C
     else
       ok = 0;
   }
-  switch (ctx->error)
+  switch (err)
   {
   case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
-    X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf, 256);
+    X509_NAME_oneline(X509_get_issuer_name(err_cert), buf, 256);
     DEBUG_SSL("Issuer: %s\n", buf);
     break;
   case X509_V_ERR_CERT_NOT_YET_VALID:
@@ -543,12 +545,16 @@ bufio *my_ssl_do_connect(doc * docp, bufio * socket,
 
   switch (cfg.ssl_version)
   {
+#ifndef OPENSSL_NO_SSL2
   case 2:
     method = SSLv2_client_method();
     break;
+#endif
+#ifndef OPENSSL_NO_SSL3
   case 3:
     method = SSLv3_client_method();
     break;
+#endif
 #ifdef WITH_SSL_TLS1
   case 4:
     method = TLSv1_client_method();