diff --git a/pegasus-2.14.1-openssl-1.1-fix.patch b/pegasus-2.14.1-openssl-1.1-fix.patch
new file mode 100644
index 0000000..c96934f
--- /dev/null
+++ b/pegasus-2.14.1-openssl-1.1-fix.patch
@@ -0,0 +1,96 @@
+diff -up pegasus/src/Pegasus/Common/SSLContext.cpp.orig pegasus/src/Pegasus/Common/SSLContext.cpp
+--- pegasus/src/Pegasus/Common/SSLContext.cpp.orig	2017-02-28 14:39:49.497066327 +0100
++++ pegasus/src/Pegasus/Common/SSLContext.cpp	2017-03-01 10:56:06.726453475 +0100
+@@ -225,27 +225,31 @@ int SSLCallback::verificationCRLCallback
+     PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, buf);
+ 
+     //initialize the CRL store
+-    X509_STORE_CTX crlStoreCtx;
+-    X509_STORE_CTX_init(&crlStoreCtx, sslCRLStore, NULL, NULL);
++    X509_STORE_CTX* crlStoreCtx;
++    crlStoreCtx = X509_STORE_CTX_new();
++    X509_STORE_CTX_init(crlStoreCtx, sslCRLStore, NULL, NULL);
+ 
+     PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4,
+         "---> SSL: Initialized CRL store");
+ 
+     //attempt to get a CRL issued by the certificate's issuer
+-    X509_OBJECT obj;
++    X509_OBJECT* obj;
++    obj = X509_OBJECT_new();
+     if (X509_STORE_get_by_subject(
+-            &crlStoreCtx, X509_LU_CRL, issuerName, &obj) <= 0)
++            crlStoreCtx, X509_LU_CRL, issuerName, obj) <= 0)
+     {
+-        X509_STORE_CTX_cleanup(&crlStoreCtx);
++        X509_OBJECT_free(obj);
++        X509_STORE_CTX_cleanup(crlStoreCtx);
+         PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL3,
+             "---> SSL: No CRL by that issuer");
+         PEG_METHOD_EXIT();
+         return 0;
+     }
+-    X509_STORE_CTX_cleanup(&crlStoreCtx);
++    X509_STORE_CTX_cleanup(crlStoreCtx);
+ 
+     //get CRL
+-    X509_CRL* crl = obj.data.crl;
++    X509_CRL* crl;
++    crl = X509_OBJECT_get0_X509_CRL(obj);
+     if (crl == NULL)
+     {
+         PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, "---> SSL: CRL is null");
+@@ -272,18 +276,18 @@ int SSLCallback::verificationCRLCallback
+     {
+         revokedCert = sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i);
+         //a matching serial number indicates revocation
+-        if (ASN1_INTEGER_cmp(revokedCert->serialNumber, serialNumber) == 0)
++        if (ASN1_INTEGER_cmp(X509_REVOKED_get0_serialNumber(revokedCert), serialNumber) == 0)
+         {
+             PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL2,
+                 "---> SSL: Certificate is revoked");
+             X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REVOKED);
+-            X509_CRL_free(crl);
++            X509_OBJECT_free(obj);
+             PEG_METHOD_EXIT();
+             return 1;
+         }
+     }
+ 
+-    X509_CRL_free(crl);
++    X509_OBJECT_free(obj);
+ 
+     PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4,
+         "---> SSL: Certificate is not revoked at this level");
+diff -up pegasus/src/Pegasus/Common/SSLContextRep.h.orig pegasus/src/Pegasus/Common/SSLContextRep.h
+--- pegasus/src/Pegasus/Common/SSLContextRep.h.orig	2017-02-28 14:32:44.379013979 +0100
++++ pegasus/src/Pegasus/Common/SSLContextRep.h	2017-02-28 14:36:38.088039077 +0100
+@@ -104,7 +104,11 @@ public:
+ 
+             //important as per following site for 
+             //http://www.openssl.org/support/faq.html#PROG
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+             CRYPTO_malloc_init();
++#else
++            OPENSSL_malloc_init();
++#endif
+             SSL_library_init();
+             SSL_load_error_strings();
+         }
+diff -up pegasus/src/Pegasus/ControlProviders/CertificateProvider/CertificateProvider.cpp.orig pegasus/src/Pegasus/ControlProviders/CertificateProvider/CertificateProvider.cpp
+--- pegasus/src/Pegasus/ControlProviders/CertificateProvider/CertificateProvider.cpp.orig	2017-03-01 10:34:19.367952613 +0100
++++ pegasus/src/Pegasus/ControlProviders/CertificateProvider/CertificateProvider.cpp	2017-03-01 10:36:18.003931270 +0100
+@@ -531,11 +531,11 @@ inline CIMInstance _getCRLInstance(X509_
+     for (int i = 0; i < numRevoked; i++)
+     {
+         r = sk_X509_REVOKED_value(revoked, i);
+-        rawSerialNumber = ASN1_INTEGER_get(r->serialNumber);
++        rawSerialNumber = ASN1_INTEGER_get(X509_REVOKED_get0_serialNumber(r));
+         sprintf(serial, "%lu", (unsigned long)rawSerialNumber);
+         revokedSerialNumbers.append(String(serial));
+ 
+-        revocationDate = getDateTime(r->revocationDate);
++        revocationDate = getDateTime(X509_REVOKED_get0_revocationDate(r));
+         revocationDates.append(revocationDate);
+     }
+ 
diff --git a/tog-pegasus.spec b/tog-pegasus.spec
index e7d4434..fff6a0a 100644
--- a/tog-pegasus.spec
+++ b/tog-pegasus.spec
@@ -8,7 +8,7 @@
 
 Name:           tog-pegasus
 Version:        %{major_ver}.1
-Release:        38%{?dist}
+Release:        39%{?dist}
 Epoch:          2
 Summary:        OpenPegasus WBEM Services for Linux
 
@@ -96,6 +96,8 @@ Patch39:        pegasus-2.14.1-fix-setup-sdk-ppc64le.patch
 Patch40:        pegasus-2.14.1-tesid.patch
 # 41: moves SSL certificates to /etc/pki/Pegasus
 Patch41:        pegasus-2.14.1-ssl-cert-path.patch
+# 42: port to openssl-1.1
+Patch42:        pegasus-2.14.1-openssl-1.1-fix.patch
 
 BuildRequires:  procps, libstdc++, pam-devel
 BuildRequires:  openssl, openssl-devel
@@ -248,6 +250,7 @@ yes | mak/CreateDmtfSchema 238 %{SOURCE9} cim_schema_2.38.0
 %patch39 -p1 -b .fix-setup-sdk-ppc64le
 %patch40 -p1 -b .testid
 %patch41 -p1 -b .ssl-cert-path
+%patch42 -p1 -b .openssl-1.1-fix
 
 
 %build
@@ -543,6 +546,10 @@ fi
 
 
 %changelog
+* Wed Mar 01 2017 Vitezslav Crhonek <vcrhonek@redhat.com> - 2:2.14.1-39
+- Fix FTBFS because of openssl-1.1
+  Resolves: #1424141
+
 * Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2:2.14.1-38
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild