SRC_FETCH_PATH="https://www.openssl.org/source/${PKGRADIX}-${PKGVER%-quic*}.tar.gz"

# for direct retrieval from quictls
#SRC_FETCH_PATH="https://github.com/quictls/openssl/archive/refs/tags/OpenSSL_${PKGVER//./_}.tar.gz"

SRC_FETCH_METHOD="http"

# The QUIC patches below are those in the QuicTLS repo, except 15,16,23,34,35
# which rename the library to -81, rename README to README.md and update some
# references to the exact version number in the README (that we don't need to
# update here).

PATCH_LIST="
patch-add-syscall-getrandom.diff

0001-QUIC-Add-support-for-BoringSSL-QUIC-APIs.patch
0002-QUIC-Fix-resumption-secret.patch
0003-QUIC-Handle-EndOfEarlyData-and-MaxEarlyData.patch
0004-QUIC-Increase-HKDF_MAXBUF-to-2048.patch
0005-QUIC-Fall-through-for-0RTT.patch
0006-QUIC-Some-cleanup-for-the-main-QUIC-changes.patch
0007-QUIC-Prevent-KeyUpdate-for-QUIC.patch
0008-QUIC-Test-KeyUpdate-rejection.patch
0009-QUIC-Test-HKDF-with-empty-IKM.patch
0010-QUIC-Allow-zero-length-HKDF-keys.patch
0011-QUIC-Buffer-all-provided-quic-data.patch
0012-QUIC-enforce-consistent-encryption-level-for-handsha.patch
0013-QUIC-add-v1-quic_transport_parameters.patch
0014-QUIC-return-success-when-no-post-handshake-data.patch
0017-QUIC-Fix-1.1.1-GitHub-CI.patch
0018-QUIC-Add-compile-run-time-checking-for-QUIC.patch
0019-QUIC-Add-early-data-support-8.patch
0020-QUIC-Make-SSL_provide_quic_data-accept-0-length-data.patch
0021-QUIC-Process-multiple-post-handshake-messages-in-a-s.patch
0022-QUIC-Tighten-up-some-language-in-SSL_CTX_set_quic_me.patch
0024-QUIC-Add-SSL_new_session_ticket-API.patch
0025-QUIC-Add-test-for-SSL_new_session_ticket.patch
0026-QUIC-make-update-for-SSL_new_session_ticket.patch
0027-QUIC-Fix-up-whitespace-nits-introduced-by-PR-11416.patch
0028-QUIC-SSL_new_session_ticket-support-26.patch
0029-QUIC-Fix-no-quic-builds.patch
0030-QUIC-Error-when-non-empty-session_id-in-CH-fixes-29.patch
0031-QUIC-Update-SSL_clear-to-clear-quic-data.patch
0032-QUIC-Better-SSL_clear.patch
"

function do_config {
        # To find these options, try "./Configure LIST" then "./Configure TABLE".
	# The colons are just delimiters and all words are allowed on the line.
	# Please read the Configure script in openssl to fin the relevant keywords,
	# as most of them are already implied by the OS target definition and the
	# default compiler !

	if [ "$FLXARCH" == "x86_64" ]; then
		os="linux-x86_64"
		opt=( $GCC_ARCH_CURRENT $GCC_CPU_CURRENT $GCC_OPT_FASTEST )
	elif [ "$FLX_ARCH_SMALL" == "i386" ]; then
		os="linux-elf"
		opt=( $GCC_ARCH_CURRENT $GCC_CPU_CURRENT $GCC_OPT_FASTEST )
	elif [ -n "$FLXARCH" -a -z "${FLXARCH##aarch64*}" ]; then
		os="linux-aarch64"
	elif [ -n "$FLXARCH" -a -z "${FLXARCH##armv7*}" ]; then
		os="linux-armv4"
		opt=( $GCC_ARCH_CURRENT $GCC_CPU_CURRENT $GCC_OPT_FASTEST -march=armv7-a -D__ARM_MAX_ARCH__=7 )
	elif [ -n "$FLXARCH" -a -z "${FLXARCH##arm*}" ]; then
		os="linux-armv4"
		opt=( $GCC_ARCH_CURRENT $GCC_CPU_CURRENT $GCC_OPT_FASTEST -march=armv5te -D__ARM_MAX_ARCH__=5 )
	elif [ "$FLXARCH" == "sparc" ]; then
		os="linux-sparcv9"
		opt=""
	elif [ "$FLXARCH" == "sparc64" ]; then
		os="linux64-sparcv9"
		opt=""
	elif [ -n "$FLX_GNU_ARCH" -a "$FLX_BITS" == "64" ]; then
		os="linux-generic64"
		opt=""
	elif [ -n "$FLX_GNU_ARCH" -a "$FLX_BITS" == "32" ]; then
		os="linux-generic32"
		opt=""
	else
		echo "Error: cannot find a suitable OS configuration or this platform."
		echo "FLXARCH=$FLXARCH is not handled by this script."
		echo "Please check instructions in do_config() using 'pkg cat'."
		exit 1
	fi

	# Do not enable cryptodev digests (-DUSE_CRYPTODEV_DIGESTS), as indicated in
	# the README, they significantly lower performance due to the high latency of
	# the ioctl required for cryptodev. Only enable HAVE_CRYPTODEV.

	# disable this if the crypto patch is not applied
	#opt=( "${opt[@]}" -DHAVE_CRYPTODEV )

	CC="$CC" ./Configure --prefix=/usr --openssldir=/usr/share/openssl --with-rand-seed=getrandom enable-tls1_3 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers threads shared "${opt[@]}" "$os"
}

function do_compile_only {
   local MK=$FLXMAKE

#   if grep -q ^install_dirs Makefile; then
       # parallel build supported
#       MK=$FLXPMAKE
#   fi

   $MK CC=$CC  AR='${FLXCROSS}ar' RANLIB='${FLXCROSS}ranlib' || exit $?
#   $MK build-shared CC=$CC AR='${FLXCROSS}ar r' RANLIB='${FLXCROSS}ranlib' || exit $?
#  $MK -C apps CC=$CC DLIBCRYPTO=../libcrypto.so AR='${FLXCROSS}ar r' RANLIB='${FLXCROSS}ranlib' || exit $?
}

function do_prepack {
    $FLXMAKE install_sw LIBDIR=/lib INSTALL_PREFIX=$ROOTDIR DESTDIR=$ROOTDIR || exit $?
	(mkdir -p ${ROOTDIR}/usr/share/openssl && \
	 cp apps/openssl.cnf ${ROOTDIR}/usr/share/openssl) || exit $?

    set_default_perm $ROOTDIR
}