SRC_FETCH_PATH="http://www.openssl.org/source/openssl-${PKGVER}.tar.gz"
SRC_FETCH_METHOD="http"

PATCH_LIST="
0001-no-wbuf-during-handshake.diff
0002-release-rbuf-during-handshake.diff

1001-Sort-sstacklst-correctly.patch
1002-Exit-on-error-in-ecparam.patch
1013-Fix-SSL_set_session_ticket_ext-when-used-with-SSLv23.patch
1015-RT3774-double-free-in-DSA.patch
1016-use-X9.31-keygen-by-default-in-FIPS-mode.patch
1017-Clear-BN-mont-values-when-free-ing-it.patch
1018-GH336-Return-an-exit-code-if-report-fails.patch
1019-Fix-warning-when-compiling-with-no-ec2m.patch
1020-Fix-seg-fault-with-0-p-val-in-SKE.patch
1021-Check-for-0-modulus-in-BN_MONT_CTX_set.patch
1022-Fix-missing-return-value-checks-in-SCTP.patch
1023-Fix-make-test-seg-fault-with-SCTP-enabled.patch
1024-Err-isn-t-always-malloc-failure.patch
1025-Fix-memory-leak-if-setup-fails.patch
1026-Return-error-for-unsupported-modes.patch
1032-Fix-DTLS-session-ticket-renewal.patch
1034-Fixed-problem-with-multiple-load-unload-of-comp-zlib.patch
1036-bntest-don-t-dereference-the-d-array-for-a-zero-BIGN.patch
1040-BN_mod_exp_mont_consttime-check-for-zero-modulus.patch
1042-check-bn_new-return-value.patch
1044-RT-3493-fix-RSA-test.patch
1045-RT4002-check-for-NULL-cipher-in-p12_crpt.c.patch
1048-Fix-building-with-OPENSSL_NO_TLSEXT.patch
1049-Fix-session-resumption.patch
1050-RT3754-check-for-NULL-pointer.patch
1051-Use-default-field-separator.patch
1052-Check-for-FIPS-mode-after-loading-config.patch
1053-d2i-don-t-update-input-pointer-on-failure.patch
1056-Make-no-psk-compile-without-warnings.patch
1057-RT3757-base64-encoding-bugs.patch
1058-base64-decode-check-for-high-bit.patch
1059-Make-sure-OPENSSL_cleanse-checks-for-NULL.patch
1062-Handle-SSL_ERROR_WANT_X509_LOOKUP.patch
1063-Make-SRP-work-with-www.patch
1064-Fix-SRP-memory-leaks.patch
1065-RT3823-Improve-the-robustness-of-event-logging.patch
1066-RT3479-Add-UTF8-support-to-BIO_read_filename.patch
1068-Make-BUF_strndup-read-safe-on-arbitrary-inputs.patch
1069-BUF_strndup-tidy.patch
1073-SRP-memory-leak-fix.patch
1074-RT2772-accept-empty-SessionTicket.patch
1076-GH367-use-random-data-if-seed-too-short.patch
1078-Fix-more-d2i-cases-to-properly-update-the-input-poin.patch
1079-Validate-ClientHello-extension-field-length.patch
1080-Change-functions-to-pass-in-a-limit-rather-than-calc.patch
1081-Don-t-try-and-parse-boolean-type.patch
1082-Set-flags-to-0-before-calling-BN_with_flags.patch
1083-Move-BN_CTX_start-call-so-the-error-case-can-always-.patch
1084-When-ENGINE_add-finds-that-id-or-name-is-missing-act.patch
1085-Don-t-treat-a-bare-OCTETSTRING-as-DigestInfo-in-int_.patch
1087-Avoid-SHA1-weakness.patch
1088-Typo.patch
1090-Do-not-treat-0-return-value-from-BIO_get_fd-as-error.patch
1091-Replace-malloc-strlcpy-with-strdup.patch
1092-Fix-memory-leaks-and-other-mistakes-on-errors.patch
1093-Set-salt-length-after-the-malloc-has-succeeded.patch
1096-Check-memory-allocation.patch

bn_wexpand.patch
openssl-1.0.1p-ssl_new-error-handling.diff
openssl-1.0.1p-ssl3_free-null-deref.diff
fix-md-init-return-not-checked-cause-null-deref.diff
default_ciphers.patch 
small-records-1.0.1m.patch
"

function do_config {
        # To find these options, try "./Configure LIST" then "./Configure TABLE".
	# The colons are just delimiters and all words are allowed on the line.
	# Please read the Configure script in openssl to fin the relevant keywords,
	# as most of them are already implied by the OS target definition and the
	# default compiler !

	if [ "$FLXARCH" == "x86_64" ]; then
		os="linux-x86_64"
		#os="debug-linux-x86_64"
		# Note: enable-ec_nistp_64_gcc_128 must be disabled on 1.0.2 to use asm code
		opt=( -g $GCC_ARCH_CURRENT $GCC_CPU_CURRENT $GCC_OPT_FASTEST enable-ec_nistp_64_gcc_128 )
	elif [ "$FLX_ARCH_SMALL" == "i386" ]; then
		os="linux-elf"
		opt=( $GCC_ARCH_CURRENT $GCC_CPU_CURRENT $GCC_OPT_FASTEST )
	elif [ -n "$FLXARCH" -a -z "${FLXARCH##arm*}" ]; then
		os="linux-armv4"
		opt=( $GCC_ARCH_CURRENT $GCC_CPU_CURRENT $GCC_OPT_FASTEST )
	elif [ "$FLXARCH" == "sparc" ]; then
		os="linux-sparcv9"
		opt=""
	elif [ "$FLXARCH" == "sparc64" ]; then
		os="linux64-sparcv9"
		opt=""
	elif [ "$FLX_BITS" == "64" ]; then
		os="linux-generic64"
		opt=""
	elif [ "$FLX_BITS" == "32" ]; then
		os="linux-generic32"
		opt=""
	else
		echo "Error: cannot find a suitable OS configuration or this platform."
		echo "Please check instructions in do_config() using 'pkg cat'."
		exit 1
	fi

	opt=( "${opt[@]}" )

	CC="$CC" ./Configure --prefix=/usr --openssldir=/usr/share/openssl threads shared "${opt[@]}" "$os"
}

function do_compile_only {
   # emits lots of warnings and errors despite being suggested. Doesn't seem
   # to be designed for cross-compilation.
   #$FLXMAKE CC=$CC  AR='${FLXCROSS}ar r' RANLIB='${FLXCROSS}ranlib' depend || exit $?
   $FLXMAKE CC=$CC  AR='${FLXCROSS}ar r' RANLIB='${FLXCROSS}ranlib' || exit $?
   $FLXMAKE build-shared CC=$CC AR='${FLXCROSS}ar r' RANLIB='${FLXCROSS}ranlib' || exit $?
   $FLXMAKE -C apps CC=$CC DLIBCRYPTO=../libcrypto.so AR='${FLXCROSS}ar r' RANLIB='${FLXCROSS}ranlib' || exit $?
}

function do_prepack {
    $FLXMAKE install LIBDIR=/lib INSTALL_PREFIX=$ROOTDIR || exit $?
    set_default_perm $ROOTDIR
}