diff -up ./programs/pluto/ikev2_ipseckey.c.openssl3 ./programs/pluto/ikev2_ipseckey.c
--- ./programs/pluto/ikev2_ipseckey.c.openssl3 2021-02-03 02:36:01.000000000 +0100
+++ ./programs/pluto/ikev2_ipseckey.c 2021-06-24 17:55:04.863636517 +0200
@@ -25,13 +25,25 @@
#include <arpa/nameser.h>
#include <ldns/ldns.h> /* from ldns-devel */
#include <ldns/rr.h>
+/*
+ * avoid name clash between OpenSSL headers (included through
+ * <ldns/ldns.h>) and NSS headers (included below through <pk11pub.h>)
+ */
+#undef KU_DIGITAL_SIGNATURE
+#undef KU_NON_REPUDIATION
+#undef KU_KEY_ENCIPHERMENT
+#undef KU_DATA_ENCIPHERMENT
+#undef KU_KEY_AGREEMENT
+#undef KU_KEY_CERT_SIGN
+#undef KU_CRL_SIGN
+#undef KU_ENCIPHER_ONLY
#include <unbound.h>
#include "unbound-event.h"
#include "defs.h"
#include "log.h"
+#include "state.h"
#include "constants.h" /* for demux.h */
#include "demux.h" /* to get struct msg_digest */
-#include "state.h"
#include "connections.h"
#include "dnssec.h" /* includes unbound.h */
#include "id.h"
diff -up ./programs/pluto/ikev2_rsa.c.openssl3 ./programs/pluto/ikev2_rsa.c