newer versions of openssl have started to be compatible across minor versions
too, so this sanity check fails.  since we already handle compatibility with
openssl via SONAME checks, we don't need this openssh check at all.

http://marc.info/?l=openssl-dev&m=133176786215023&w=2

--- a/entropy.c
+++ b/entropy.c
@@ -208,16 +208,7 @@ seed_rng(void)
 {
 #ifndef OPENSSL_PRNG_ONLY
 	unsigned char buf[RANDOM_SEED_SIZE];
-#endif
-	/*
-	 * OpenSSL version numbers: MNNFFPPS: major minor fix patch status
-	 * We match major, minor, fix and status (not patch)
-	 */
-	if ((SSLeay() ^ OPENSSL_VERSION_NUMBER) & ~0xff0L)
-		fatal("OpenSSL version mismatch. Built against %lx, you "
-		    "have %lx", (u_long)OPENSSL_VERSION_NUMBER, SSLeay());
 
-#ifndef OPENSSL_PRNG_ONLY
 	if (RAND_status() == 1) {
 		debug3("RNG is ready, skipping seeding");
 		return;