renew cmake

2025-04-27 02:04:36 +00:00 · 2019-12-08 20:20:44 +01:00 · 2019-12-08 20:20:44 +01:00 · cfc6806d13
commit cfc6806d13
parent 7346ac238d
12 changed files with 1184 additions and 361 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -23,14 +23,16 @@
 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 # SOFTWARE.

-
+set( CMAKE_LEGACY_CYGWIN_WIN32 0 )
 project( openssl )
-cmake_minimum_required( VERSION 2.8.3 )
+cmake_minimum_required( VERSION 2.8.11 )

-set(CMAKE_DISABLE_SOURCE_CHANGES ON)
-set(CMAKE_DISABLE_IN_SOURCE_BUILD ON)
-set(CMAKE_MODULE_PATH "${PROJECT_SOURCE_DIR}/cmake")
-option(WITH_APPS "Build applications" OFF)
+set( CMAKE_DISABLE_SOURCE_CHANGES ON )
+set( CMAKE_DISABLE_IN_SOURCE_BUILD ON )
+
+set( CMAKE_MODULE_PATH "${PROJECT_SOURCE_DIR}/cmake" )
+
+option( WITH_APPS "Build applications" OFF )

 set( VERSION_MAJOR 1  )
 set( VERSION_MINOR 0  )
@ -47,16 +49,19 @@ include_directories ( BEFORE SYSTEM
    crypto . )

 add_definitions( -DOPENSSL_NO_ASM )
+add_definitions( -DOPENSSL_NO_STATIC_ENGINE )

-if(MSVC)
-  include(MSVCRuntime)
+if( MSVC )
+  include( MSVCRuntime )
  configure_msvc_runtime()
+  set( OPENSSLDIR "C:/ssl" )
+  set( ENGINESDIR "C:/engines-1.0" )
+else()
+  set( OPENSSLDIR "/usr/local/ssl" )
+  set( ENGINESDIR "/usr/local/engines-1.0" )
 endif()
-
-if(WIN32)
-  set(CMAKE_SHARED_LIBRARY_PREFIX "lib")
-  set(CMAKE_STATIC_LIBRARY_PREFIX "lib")
-endif()
+add_definitions( "-DOPENSSLDIR=\"${OPENSSLDIR}\"" )
+add_definitions( "-DENGINESDIR=\"${ENGINESDIR}\"" )

 if ( APPLE )
  set( CMAKE_MACOSX_RPATH ON )
@ -68,7 +73,7 @@ if( WIN32 AND NOT CYGWIN )
  add_definitions( -DWIN32_LEAN_AND_MEAN )
  add_definitions( -D_CRT_SECURE_NO_WARNINGS )

-  if (BUILD_SHARED_LIBS)
+  if(BUILD_SHARED_LIBS)
    # avoid conflict: ocsp.h and wincrypt.h
    add_definitions( -D_WINDLL )
  endif()
@ -78,35 +83,74 @@ if( MINGW )
  set( CMAKE_SHARED_LINKER_FLAGS "-Wl,--export-all" )
 endif()

-if ( ANDROID )
-  set ( BUILD_SHARED_LIBS ON )
-elseif ( IOS )
-  set ( BUILD_SHARED_LIBS OFF )
+include( CheckTypeSize )
+check_type_size( "long" LONG_INT )
+check_type_size( "long long" LONG_LONG_INT )
+check_type_size( "int" INT )
+if( HAVE_LONG_INT AND (${LONG_INT} EQUAL 8) )
+  set( SIXTY_FOUR_BIT_LONG ON )
+elseif( HAVE_LONG_LONG_INT AND (${LONG_LONG_INT} EQUAL 8) )
+  set( SIXTY_FOUR_BIT ON )
+else()
+  set( THIRTY_TWO_BIT ON )
 endif()

+if( MSVC OR ( WIN32 AND MINGW AND NOT CYGWIN ) )
+  set( OPENSSL_EXPORT_VAR_AS_FUNCTION 1 )
+endif()
+
+# Begin configure public headers
+file( READ ${PROJECT_SOURCE_DIR}/opensslconf.h.cmake CONF )
+set( CONF "
+#define OPENSSL_NO_GMP
+#define OPENSSL_NO_JPAKE
+#define OPENSSL_NO_KRB5
+#define OPENSSL_NO_MD2
+#define OPENSSL_NO_RC5
+#define OPENSSL_NO_RFC3779
+#define OPENSSL_NO_STORE
+#define OPENSSL_NO_DYNAMIC_ENGINE
+#define OPENSSL_NO_SCTP
+#define OPENSSL_NO_EC_NISTP_64_GCC_128
+${CONF}" )
+file( WRITE ${PROJECT_BINARY_DIR}/opensslconf.h.cmake "${CONF}" )
+
+configure_file( ${PROJECT_BINARY_DIR}/opensslconf.h.cmake
+  ${PROJECT_BINARY_DIR}/include/openssl/opensslconf.h )
+# End configure public headers
+
 add_subdirectory( crypto )
 add_subdirectory( ssl )

-if( WITH_APPS AND NOT ANDROID AND NOT IOS )
-  add_subdirectory( apps )
+if(WITH_APPS AND NOT ANDROID AND NOT IOS)
+  add_subdirectory(apps)
 endif()

 file ( COPY e_os2.h DESTINATION ${PROJECT_BINARY_DIR}/include/openssl )

-install( DIRECTORY ${PROJECT_BINARY_DIR}/include/openssl DESTINATION include )
+file( READ ${PROJECT_SOURCE_DIR}/c_rehash.cmake C_REHASH )
+string( REPLACE "%OPENSSLDIR%" "${OPENSSLDIR}" C_REHASH "${C_REHASH}" )
+string( REPLACE "%CMAKE_INSTALL_PREFIX%" "${CMAKE_INSTALL_PREFIX}" C_REHASH "${C_REHASH}" )
+file( WRITE ${PROJECT_BINARY_DIR}/c_rehash "${C_REHASH}" )

-#install( FILES tools/c_hash tools/c_info tools/c_issuer tools/c_name tools/#c_rehash
-#    FAQ LICENSE PROBLEMS README README.ASN1 README.ENGINE
-#    DESTINATION share/openssl )
+file( GLOB PUBLIC_HEADERS "${PROJECT_BINARY_DIR}/include/openssl/*.h" )
+install( FILES ${PUBLIC_HEADERS} DESTINATION include/openssl )
+
+install( FILES
+  ${PROJECT_BINARY_DIR}/c_rehash
+  FAQ LICENSE README README.ENGINE
+  DESTINATION share/openssl )
+install( DIRECTORY ${PROJECT_BINARY_DIR}/include/openssl DESTINATION include )

 install( DIRECTORY doc DESTINATION share )

 # Generate the package target
 set( CPACK_GENERATOR ZIP TGZ )
-set( CPACK_PACKAGE_NAME "openssl-cmake" )
+set( CPACK_PACKAGE_NAME "${CMAKE_PROJECT_NAME}" )
 set( CPACK_PACKAGE_VERSION_MAJOR ${VERSION_MAJOR} )
 set( CPACK_PACKAGE_VERSION_MINOR ${VERSION_MINOR} )
 set( CPACK_PACKAGE_VERSION_PATCH ${VERSION_PATCH} )
+set( CPACK_PACKAGE_FILE_NAME "${CMAKE_PROJECT_NAME}-${VERSION_STRING}" )

 include( CPack )

--- a/apps/CA.pl.cmake
+++ b/apps/CA.pl.cmake
@ -0,0 +1,188 @@
+#!/usr/bin/perl
+#
+# CA - wrapper around ca to make it easier to use ... basically ca requires
+#      some setup stuff to be done before you can use it and this makes
+#      things easier between now and when Eric is convinced to fix it :-)
+#
+# CA -newca ... will setup the right stuff
+# CA -newreq[-nodes] ... will generate a certificate request 
+# CA -sign ... will sign the generated request and output 
+#
+# At the end of that grab newreq.pem and newcert.pem (one has the key 
+# and the other the certificate) and cat them together and that is what
+# you want/need ... I'll make even this a little cleaner later.
+#
+#
+# 12-Jan-96 tjh    Added more things ... including CA -signcert which
+#                  converts a certificate to a request and then signs it.
+# 10-Jan-96 eay    Fixed a few more bugs and added the SSLEAY_CONFIG
+#		   environment variable so this can be driven from
+#		   a script.
+# 25-Jul-96 eay    Cleaned up filenames some more.
+# 11-Jun-96 eay    Fixed a few filename missmatches.
+# 03-May-96 eay    Modified to use 'ssleay cmd' instead of 'cmd'.
+# 18-Apr-96 tjh    Original hacking
+#
+# Tim Hudson
+# tjh@cryptsoft.com
+#
+
+# 27-Apr-98 snh    Translation into perl, fix existing CA bug.
+#
+#
+# Steve Henson
+# shenson@bigfoot.com
+
+# default openssl.cnf file has setup as per the following
+# demoCA ... where everything is stored
+
+my $openssl;
+if(defined $ENV{OPENSSL}) {
+	$openssl = $ENV{OPENSSL};
+} else {
+	$openssl = "openssl";
+	$ENV{OPENSSL} = $openssl;
+}
+
+$SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"};
+$DAYS="-days 365";	# 1 year
+$CADAYS="-days 1095";	# 3 years
+$REQ="$openssl req $SSLEAY_CONFIG";
+$CA="$openssl ca $SSLEAY_CONFIG";
+$VERIFY="$openssl verify";
+$X509="$openssl x509";
+$PKCS12="$openssl pkcs12";
+
+$CATOP="./demoCA";
+$CAKEY="cakey.pem";
+$CAREQ="careq.pem";
+$CACERT="cacert.pem";
+
+$DIRMODE = 0777;
+
+$RET = 0;
+
+foreach (@ARGV) {
+	if ( /^(-\?|-h|-help)$/ ) {
+	    print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-signcert|-verify\n";
+	    exit 0;
+	} elsif (/^-newcert$/) {
+	    # create a certificate
+	    system ("$REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS");
+	    $RET=$?;
+	    print "Certificate is in newcert.pem, private key is in newkey.pem\n"
+	} elsif (/^-newreq$/) {
+	    # create a certificate request
+	    system ("$REQ -new -keyout newkey.pem -out newreq.pem $DAYS");
+	    $RET=$?;
+	    print "Request is in newreq.pem, private key is in newkey.pem\n";
+	} elsif (/^-newreq-nodes$/) {
+	    # create a certificate request
+	    system ("$REQ -new -nodes -keyout newkey.pem -out newreq.pem $DAYS");
+	    $RET=$?;
+	    print "Request is in newreq.pem, private key is in newkey.pem\n";
+	} elsif (/^-newca$/) {
+		# if explicitly asked for or it doesn't exist then setup the
+		# directory structure that Eric likes to manage things 
+	    $NEW="1";
+	    if ( "$NEW" || ! -f "${CATOP}/serial" ) {
+		# create the directory hierarchy
+		mkdir $CATOP, $DIRMODE;
+		mkdir "${CATOP}/certs", $DIRMODE;
+		mkdir "${CATOP}/crl", $DIRMODE ;
+		mkdir "${CATOP}/newcerts", $DIRMODE;
+		mkdir "${CATOP}/private", $DIRMODE;
+		open OUT, ">${CATOP}/index.txt";
+		close OUT;
+		open OUT, ">${CATOP}/crlnumber";
+		print OUT "01\n";
+		close OUT;
+	    }
+	    if ( ! -f "${CATOP}/private/$CAKEY" ) {
+		print "CA certificate filename (or enter to create)\n";
+		$FILE = <STDIN>;
+
+		chop $FILE;
+
+		# ask user for existing CA certificate
+		if ($FILE) {
+		    cp_pem($FILE,"${CATOP}/private/$CAKEY", "PRIVATE");
+		    cp_pem($FILE,"${CATOP}/$CACERT", "CERTIFICATE");
+		    $RET=$?;
+		} else {
+		    print "Making CA certificate ...\n";
+		    system ("$REQ -new -keyout " .
+			"${CATOP}/private/$CAKEY -out ${CATOP}/$CAREQ");
+		    system ("$CA -create_serial " .
+			"-out ${CATOP}/$CACERT $CADAYS -batch " . 
+			"-keyfile ${CATOP}/private/$CAKEY -selfsign " .
+			"-extensions v3_ca " .
+			"-infiles ${CATOP}/$CAREQ ");
+		    $RET=$?;
+		}
+	    }
+	} elsif (/^-pkcs12$/) {
+	    my $cname = $ARGV[1];
+	    $cname = "My Certificate" unless defined $cname;
+	    system ("$PKCS12 -in newcert.pem -inkey newkey.pem " .
+			"-certfile ${CATOP}/$CACERT -out newcert.p12 " .
+			"-export -name \"$cname\"");
+	    $RET=$?;
+	    print "PKCS #12 file is in newcert.p12\n";
+	    exit $RET;
+	} elsif (/^-xsign$/) {
+	    system ("$CA -policy policy_anything -infiles newreq.pem");
+	    $RET=$?;
+	} elsif (/^(-sign|-signreq)$/) {
+	    system ("$CA -policy policy_anything -out newcert.pem " .
+							"-infiles newreq.pem");
+	    $RET=$?;
+	    print "Signed certificate is in newcert.pem\n";
+	} elsif (/^(-signCA)$/) {
+	    system ("$CA -policy policy_anything -out newcert.pem " .
+					"-extensions v3_ca -infiles newreq.pem");
+	    $RET=$?;
+	    print "Signed CA certificate is in newcert.pem\n";
+	} elsif (/^-signcert$/) {
+	    system ("$X509 -x509toreq -in newreq.pem -signkey newreq.pem " .
+								"-out tmp.pem");
+	    system ("$CA -policy policy_anything -out newcert.pem " .
+							"-infiles tmp.pem");
+	    $RET = $?;
+	    print "Signed certificate is in newcert.pem\n";
+	} elsif (/^-verify$/) {
+	    if (shift) {
+		foreach $j (@ARGV) {
+		    system ("$VERIFY -CAfile $CATOP/$CACERT $j");
+		    $RET=$? if ($? != 0);
+		}
+		exit $RET;
+	    } else {
+		    system ("$VERIFY -CAfile $CATOP/$CACERT newcert.pem");
+		    $RET=$?;
+	    	    exit 0;
+	    }
+	} else {
+	    print STDERR "Unknown arg $_\n";
+	    print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
+	    exit 1;
+	}
+}
+
+exit $RET;
+
+sub cp_pem {
+my ($infile, $outfile, $bound) = @_;
+open IN, $infile;
+open OUT, ">$outfile";
+my $flag = 0;
+while (<IN>) {
+	$flag = 1 if (/^-----BEGIN.*$bound/) ;
+	print OUT $_ if ($flag);
+	if (/^-----END.*$bound/) {
+		close IN;
+		close OUT;
+		return;
+	}
+}
+}
--- a/apps/CMakeLists.txt
+++ b/apps/CMakeLists.txt
@ -23,8 +23,15 @@
 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 # SOFTWARE.

+file( READ ${CMAKE_CURRENT_SOURCE_DIR}/CA.pl.cmake CA_PL )
+file( WRITE ${CMAKE_CURRENT_BINARY_DIR}/CA.pl "${CA_PL}" )
+
+file( READ ${CMAKE_CURRENT_SOURCE_DIR}/tsget.cmake TSGET )
+file( WRITE ${CMAKE_CURRENT_BINARY_DIR}/tsget "${TSGET}" )
+
+file( READ ${CMAKE_CURRENT_SOURCE_DIR}/progs.h.cmake PROGS_H )
+file( WRITE ${CMAKE_CURRENT_BINARY_DIR}/progs.h "${PROGS_H}" )

-include_directories ( .. ../include )
 add_definitions ( -DMONOLITH )

 set ( E_SRC openssl.c #
@ -35,6 +42,11 @@ set ( E_SRC openssl.c #
  pkeyparam.c pkeyutl.c spkac.c smime.c cms.c rand.c engine.c ocsp.c prime.c ts.c
  srp.c )

+include_directories( BEFORE SYSTEM
+  ${PROJECT_SOURCE_DIR}/ # e_os.h
+  ${CMAKE_CURRENT_BINARY_DIR}/ # progs.h
+)
+
 if ( WIN32 )
  if ( EXISTS "${CMAKE_CURRENT_SOURCE_DIR}/winrand.c" )
    list( APPEND E_SRC winrand.c )
@ -42,9 +54,17 @@ if ( WIN32 )
 endif()

 add_executable ( openssl ${E_SRC} )
+
 target_link_libraries ( openssl crypto ssl )

 install( TARGETS openssl
    RUNTIME DESTINATION bin )

-install( FILES CA.sh CA.pl tsget DESTINATION share/openssl )
+install( FILES
+  ${CMAKE_CURRENT_SOURCE_DIR}/openssl.cnf
+  DESTINATION "${OPENSSLDIR}" )
+
+install( FILES
+  ${CMAKE_CURRENT_BINARY_DIR}/CA.pl
+  ${CMAKE_CURRENT_BINARY_DIR}/tsget
+  DESTINATION share/openssl )
--- a/apps/progs.h.cmake
+++ b/apps/progs.h.cmake
@ -0,0 +1,366 @@
+/* apps/progs.h */
+/* automatically generated by progs.pl for openssl.c */
+
+extern int verify_main(int argc, char *argv[]);
+extern int asn1parse_main(int argc, char *argv[]);
+extern int req_main(int argc, char *argv[]);
+extern int dgst_main(int argc, char *argv[]);
+extern int dh_main(int argc, char *argv[]);
+extern int dhparam_main(int argc, char *argv[]);
+extern int enc_main(int argc, char *argv[]);
+extern int passwd_main(int argc, char *argv[]);
+extern int gendh_main(int argc, char *argv[]);
+extern int errstr_main(int argc, char *argv[]);
+extern int ca_main(int argc, char *argv[]);
+extern int crl_main(int argc, char *argv[]);
+extern int rsa_main(int argc, char *argv[]);
+extern int rsautl_main(int argc, char *argv[]);
+extern int dsa_main(int argc, char *argv[]);
+extern int dsaparam_main(int argc, char *argv[]);
+extern int ec_main(int argc, char *argv[]);
+extern int ecparam_main(int argc, char *argv[]);
+extern int x509_main(int argc, char *argv[]);
+extern int genrsa_main(int argc, char *argv[]);
+extern int gendsa_main(int argc, char *argv[]);
+extern int genpkey_main(int argc, char *argv[]);
+extern int s_server_main(int argc, char *argv[]);
+extern int s_client_main(int argc, char *argv[]);
+extern int speed_main(int argc, char *argv[]);
+extern int s_time_main(int argc, char *argv[]);
+extern int version_main(int argc, char *argv[]);
+extern int pkcs7_main(int argc, char *argv[]);
+extern int cms_main(int argc, char *argv[]);
+extern int crl2pkcs7_main(int argc, char *argv[]);
+extern int sess_id_main(int argc, char *argv[]);
+extern int ciphers_main(int argc, char *argv[]);
+extern int nseq_main(int argc, char *argv[]);
+extern int pkcs12_main(int argc, char *argv[]);
+extern int pkcs8_main(int argc, char *argv[]);
+extern int pkey_main(int argc, char *argv[]);
+extern int pkeyparam_main(int argc, char *argv[]);
+extern int pkeyutl_main(int argc, char *argv[]);
+extern int spkac_main(int argc, char *argv[]);
+extern int smime_main(int argc, char *argv[]);
+extern int rand_main(int argc, char *argv[]);
+extern int engine_main(int argc, char *argv[]);
+extern int ocsp_main(int argc, char *argv[]);
+extern int prime_main(int argc, char *argv[]);
+extern int ts_main(int argc, char *argv[]);
+extern int srp_main(int argc, char *argv[]);
+
+#define FUNC_TYPE_GENERAL       1
+#define FUNC_TYPE_MD            2
+#define FUNC_TYPE_CIPHER        3
+#define FUNC_TYPE_PKEY          4
+#define FUNC_TYPE_MD_ALG        5
+#define FUNC_TYPE_CIPHER_ALG    6
+
+typedef struct {
+    int type;
+    const char *name;
+    int (*func)(int argc, char *argv[]);
+} FUNCTION;
+DECLARE_LHASH_OF(FUNCTION);
+
+FUNCTION functions[] = {
+    {FUNC_TYPE_GENERAL, "verify", verify_main},
+    {FUNC_TYPE_GENERAL, "asn1parse", asn1parse_main},
+    {FUNC_TYPE_GENERAL, "req", req_main},
+    {FUNC_TYPE_GENERAL, "dgst", dgst_main},
+#ifndef OPENSSL_NO_DH
+    {FUNC_TYPE_GENERAL, "dh", dh_main},
+#endif
+#ifndef OPENSSL_NO_DH
+    {FUNC_TYPE_GENERAL, "dhparam", dhparam_main},
+#endif
+    {FUNC_TYPE_GENERAL, "enc", enc_main},
+    {FUNC_TYPE_GENERAL, "passwd", passwd_main},
+#ifndef OPENSSL_NO_DH
+    {FUNC_TYPE_GENERAL, "gendh", gendh_main},
+#endif
+    {FUNC_TYPE_GENERAL, "errstr", errstr_main},
+    {FUNC_TYPE_GENERAL, "ca", ca_main},
+    {FUNC_TYPE_GENERAL, "crl", crl_main},
+#ifndef OPENSSL_NO_RSA
+    {FUNC_TYPE_GENERAL, "rsa", rsa_main},
+#endif
+#ifndef OPENSSL_NO_RSA
+    {FUNC_TYPE_GENERAL, "rsautl", rsautl_main},
+#endif
+#ifndef OPENSSL_NO_DSA
+    {FUNC_TYPE_GENERAL, "dsa", dsa_main},
+#endif
+#ifndef OPENSSL_NO_DSA
+    {FUNC_TYPE_GENERAL, "dsaparam", dsaparam_main},
+#endif
+#ifndef OPENSSL_NO_EC
+    {FUNC_TYPE_GENERAL, "ec", ec_main},
+#endif
+#ifndef OPENSSL_NO_EC
+    {FUNC_TYPE_GENERAL, "ecparam", ecparam_main},
+#endif
+    {FUNC_TYPE_GENERAL, "x509", x509_main},
+#ifndef OPENSSL_NO_RSA
+    {FUNC_TYPE_GENERAL, "genrsa", genrsa_main},
+#endif
+#ifndef OPENSSL_NO_DSA
+    {FUNC_TYPE_GENERAL, "gendsa", gendsa_main},
+#endif
+    {FUNC_TYPE_GENERAL, "genpkey", genpkey_main},
+#if !defined(OPENSSL_NO_SOCK)
+    {FUNC_TYPE_GENERAL, "s_server", s_server_main},
+#endif
+#if !defined(OPENSSL_NO_SOCK)
+    {FUNC_TYPE_GENERAL, "s_client", s_client_main},
+#endif
+#ifndef OPENSSL_NO_SPEED
+    {FUNC_TYPE_GENERAL, "speed", speed_main},
+#endif
+#if !defined(OPENSSL_NO_SOCK)
+    {FUNC_TYPE_GENERAL, "s_time", s_time_main},
+#endif
+    {FUNC_TYPE_GENERAL, "version", version_main},
+    {FUNC_TYPE_GENERAL, "pkcs7", pkcs7_main},
+#ifndef OPENSSL_NO_CMS
+    {FUNC_TYPE_GENERAL, "cms", cms_main},
+#endif
+    {FUNC_TYPE_GENERAL, "crl2pkcs7", crl2pkcs7_main},
+    {FUNC_TYPE_GENERAL, "sess_id", sess_id_main},
+#if !defined(OPENSSL_NO_SOCK)
+    {FUNC_TYPE_GENERAL, "ciphers", ciphers_main},
+#endif
+    {FUNC_TYPE_GENERAL, "nseq", nseq_main},
+#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)
+    {FUNC_TYPE_GENERAL, "pkcs12", pkcs12_main},
+#endif
+    {FUNC_TYPE_GENERAL, "pkcs8", pkcs8_main},
+    {FUNC_TYPE_GENERAL, "pkey", pkey_main},
+    {FUNC_TYPE_GENERAL, "pkeyparam", pkeyparam_main},
+    {FUNC_TYPE_GENERAL, "pkeyutl", pkeyutl_main},
+    {FUNC_TYPE_GENERAL, "spkac", spkac_main},
+    {FUNC_TYPE_GENERAL, "smime", smime_main},
+    {FUNC_TYPE_GENERAL, "rand", rand_main},
+#ifndef OPENSSL_NO_ENGINE
+    {FUNC_TYPE_GENERAL, "engine", engine_main},
+#endif
+#ifndef OPENSSL_NO_OCSP
+    {FUNC_TYPE_GENERAL, "ocsp", ocsp_main},
+#endif
+    {FUNC_TYPE_GENERAL, "prime", prime_main},
+    {FUNC_TYPE_GENERAL, "ts", ts_main},
+#ifndef OPENSSL_NO_SRP
+    {FUNC_TYPE_GENERAL, "srp", srp_main},
+#endif
+#ifndef OPENSSL_NO_MD2
+    {FUNC_TYPE_MD, "md2", dgst_main},
+#endif
+#ifndef OPENSSL_NO_MD4
+    {FUNC_TYPE_MD, "md4", dgst_main},
+#endif
+#ifndef OPENSSL_NO_MD5
+    {FUNC_TYPE_MD, "md5", dgst_main},
+#endif
+#ifndef OPENSSL_NO_SHA
+    {FUNC_TYPE_MD, "sha", dgst_main},
+#endif
+#ifndef OPENSSL_NO_SHA1
+    {FUNC_TYPE_MD, "sha1", dgst_main},
+#endif
+#ifndef OPENSSL_NO_MDC2
+    {FUNC_TYPE_MD, "mdc2", dgst_main},
+#endif
+#ifndef OPENSSL_NO_RMD160
+    {FUNC_TYPE_MD, "rmd160", dgst_main},
+#endif
+#ifndef OPENSSL_NO_AES
+    {FUNC_TYPE_CIPHER, "aes-128-cbc", enc_main},
+#endif
+#ifndef OPENSSL_NO_AES
+    {FUNC_TYPE_CIPHER, "aes-128-ecb", enc_main},
+#endif
+#ifndef OPENSSL_NO_AES
+    {FUNC_TYPE_CIPHER, "aes-192-cbc", enc_main},
+#endif
+#ifndef OPENSSL_NO_AES
+    {FUNC_TYPE_CIPHER, "aes-192-ecb", enc_main},
+#endif
+#ifndef OPENSSL_NO_AES
+    {FUNC_TYPE_CIPHER, "aes-256-cbc", enc_main},
+#endif
+#ifndef OPENSSL_NO_AES
+    {FUNC_TYPE_CIPHER, "aes-256-ecb", enc_main},
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+    {FUNC_TYPE_CIPHER, "camellia-128-cbc", enc_main},
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+    {FUNC_TYPE_CIPHER, "camellia-128-ecb", enc_main},
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+    {FUNC_TYPE_CIPHER, "camellia-192-cbc", enc_main},
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+    {FUNC_TYPE_CIPHER, "camellia-192-ecb", enc_main},
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+    {FUNC_TYPE_CIPHER, "camellia-256-cbc", enc_main},
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+    {FUNC_TYPE_CIPHER, "camellia-256-ecb", enc_main},
+#endif
+    {FUNC_TYPE_CIPHER, "base64", enc_main},
+#ifdef ZLIB
+    {FUNC_TYPE_CIPHER, "zlib", enc_main},
+#endif
+#ifndef OPENSSL_NO_DES
+    {FUNC_TYPE_CIPHER, "des", enc_main},
+#endif
+#ifndef OPENSSL_NO_DES
+    {FUNC_TYPE_CIPHER, "des3", enc_main},
+#endif
+#ifndef OPENSSL_NO_DES
+    {FUNC_TYPE_CIPHER, "desx", enc_main},
+#endif
+#ifndef OPENSSL_NO_IDEA
+    {FUNC_TYPE_CIPHER, "idea", enc_main},
+#endif
+#ifndef OPENSSL_NO_SEED
+    {FUNC_TYPE_CIPHER, "seed", enc_main},
+#endif
+#ifndef OPENSSL_NO_RC4
+    {FUNC_TYPE_CIPHER, "rc4", enc_main},
+#endif
+#ifndef OPENSSL_NO_RC4
+    {FUNC_TYPE_CIPHER, "rc4-40", enc_main},
+#endif
+#ifndef OPENSSL_NO_RC2
+    {FUNC_TYPE_CIPHER, "rc2", enc_main},
+#endif
+#ifndef OPENSSL_NO_BF
+    {FUNC_TYPE_CIPHER, "bf", enc_main},
+#endif
+#ifndef OPENSSL_NO_CAST
+    {FUNC_TYPE_CIPHER, "cast", enc_main},
+#endif
+#ifndef OPENSSL_NO_RC5
+    {FUNC_TYPE_CIPHER, "rc5", enc_main},
+#endif
+#ifndef OPENSSL_NO_DES
+    {FUNC_TYPE_CIPHER, "des-ecb", enc_main},
+#endif
+#ifndef OPENSSL_NO_DES
+    {FUNC_TYPE_CIPHER, "des-ede", enc_main},
+#endif
+#ifndef OPENSSL_NO_DES
+    {FUNC_TYPE_CIPHER, "des-ede3", enc_main},
+#endif
+#ifndef OPENSSL_NO_DES
+    {FUNC_TYPE_CIPHER, "des-cbc", enc_main},
+#endif
+#ifndef OPENSSL_NO_DES
+    {FUNC_TYPE_CIPHER, "des-ede-cbc", enc_main},
+#endif
+#ifndef OPENSSL_NO_DES
+    {FUNC_TYPE_CIPHER, "des-ede3-cbc", enc_main},
+#endif
+#ifndef OPENSSL_NO_DES
+    {FUNC_TYPE_CIPHER, "des-cfb", enc_main},
+#endif
+#ifndef OPENSSL_NO_DES
+    {FUNC_TYPE_CIPHER, "des-ede-cfb", enc_main},
+#endif
+#ifndef OPENSSL_NO_DES
+    {FUNC_TYPE_CIPHER, "des-ede3-cfb", enc_main},
+#endif
+#ifndef OPENSSL_NO_DES
+    {FUNC_TYPE_CIPHER, "des-ofb", enc_main},
+#endif
+#ifndef OPENSSL_NO_DES
+    {FUNC_TYPE_CIPHER, "des-ede-ofb", enc_main},
+#endif
+#ifndef OPENSSL_NO_DES
+    {FUNC_TYPE_CIPHER, "des-ede3-ofb", enc_main},
+#endif
+#ifndef OPENSSL_NO_IDEA
+    {FUNC_TYPE_CIPHER, "idea-cbc", enc_main},
+#endif
+#ifndef OPENSSL_NO_IDEA
+    {FUNC_TYPE_CIPHER, "idea-ecb", enc_main},
+#endif
+#ifndef OPENSSL_NO_IDEA
+    {FUNC_TYPE_CIPHER, "idea-cfb", enc_main},
+#endif
+#ifndef OPENSSL_NO_IDEA
+    {FUNC_TYPE_CIPHER, "idea-ofb", enc_main},
+#endif
+#ifndef OPENSSL_NO_SEED
+    {FUNC_TYPE_CIPHER, "seed-cbc", enc_main},
+#endif
+#ifndef OPENSSL_NO_SEED
+    {FUNC_TYPE_CIPHER, "seed-ecb", enc_main},
+#endif
+#ifndef OPENSSL_NO_SEED
+    {FUNC_TYPE_CIPHER, "seed-cfb", enc_main},
+#endif
+#ifndef OPENSSL_NO_SEED
+    {FUNC_TYPE_CIPHER, "seed-ofb", enc_main},
+#endif
+#ifndef OPENSSL_NO_RC2
+    {FUNC_TYPE_CIPHER, "rc2-cbc", enc_main},
+#endif
+#ifndef OPENSSL_NO_RC2
+    {FUNC_TYPE_CIPHER, "rc2-ecb", enc_main},
+#endif
+#ifndef OPENSSL_NO_RC2
+    {FUNC_TYPE_CIPHER, "rc2-cfb", enc_main},
+#endif
+#ifndef OPENSSL_NO_RC2
+    {FUNC_TYPE_CIPHER, "rc2-ofb", enc_main},
+#endif
+#ifndef OPENSSL_NO_RC2
+    {FUNC_TYPE_CIPHER, "rc2-64-cbc", enc_main},
+#endif
+#ifndef OPENSSL_NO_RC2
+    {FUNC_TYPE_CIPHER, "rc2-40-cbc", enc_main},
+#endif
+#ifndef OPENSSL_NO_BF
+    {FUNC_TYPE_CIPHER, "bf-cbc", enc_main},
+#endif
+#ifndef OPENSSL_NO_BF
+    {FUNC_TYPE_CIPHER, "bf-ecb", enc_main},
+#endif
+#ifndef OPENSSL_NO_BF
+    {FUNC_TYPE_CIPHER, "bf-cfb", enc_main},
+#endif
+#ifndef OPENSSL_NO_BF
+    {FUNC_TYPE_CIPHER, "bf-ofb", enc_main},
+#endif
+#ifndef OPENSSL_NO_CAST
+    {FUNC_TYPE_CIPHER, "cast5-cbc", enc_main},
+#endif
+#ifndef OPENSSL_NO_CAST
+    {FUNC_TYPE_CIPHER, "cast5-ecb", enc_main},
+#endif
+#ifndef OPENSSL_NO_CAST
+    {FUNC_TYPE_CIPHER, "cast5-cfb", enc_main},
+#endif
+#ifndef OPENSSL_NO_CAST
+    {FUNC_TYPE_CIPHER, "cast5-ofb", enc_main},
+#endif
+#ifndef OPENSSL_NO_CAST
+    {FUNC_TYPE_CIPHER, "cast-cbc", enc_main},
+#endif
+#ifndef OPENSSL_NO_RC5
+    {FUNC_TYPE_CIPHER, "rc5-cbc", enc_main},
+#endif
+#ifndef OPENSSL_NO_RC5
+    {FUNC_TYPE_CIPHER, "rc5-ecb", enc_main},
+#endif
+#ifndef OPENSSL_NO_RC5
+    {FUNC_TYPE_CIPHER, "rc5-cfb", enc_main},
+#endif
+#ifndef OPENSSL_NO_RC5
+    {FUNC_TYPE_CIPHER, "rc5-ofb", enc_main},
+#endif
+    {0, NULL, NULL}
+};
--- a/apps/tsget.cmake
+++ b/apps/tsget.cmake
@ -0,0 +1,195 @@
+#!/usr/bin/perl -w
+# Written by Zoltan Glozik <zglozik@stones.com>.
+# Copyright (c) 2002 The OpenTSA Project.  All rights reserved.
+$::version = '$Id: tsget,v 1.1.2.2 2009/09/07 17:57:02 steve Exp $';
+
+use strict;
+use IO::Handle;
+use Getopt::Std;
+use File::Basename;
+use WWW::Curl::Easy;
+
+use vars qw(%options);
+
+# Callback for reading the body.
+sub read_body {
+    my ($maxlength, $state) = @_;
+    my $return_data = "";
+    my $data_len = length ${$state->{data}};
+    if ($state->{bytes} < $data_len) {
+	$data_len = $data_len - $state->{bytes};
+	$data_len = $maxlength if $data_len > $maxlength;
+	$return_data = substr ${$state->{data}}, $state->{bytes}, $data_len;
+	$state->{bytes} += $data_len;
+    }
+    return $return_data;
+}
+
+# Callback for writing the body into a variable.
+sub write_body {
+    my ($data, $pointer) = @_;
+    ${$pointer} .= $data;
+    return length($data);
+}
+
+# Initialise a new Curl object.
+sub create_curl {
+    my $url = shift;
+
+    # Create Curl object.
+    my $curl = WWW::Curl::Easy::new();
+
+    # Error-handling related options.
+    $curl->setopt(CURLOPT_VERBOSE, 1) if $options{d};
+    $curl->setopt(CURLOPT_FAILONERROR, 1);
+    $curl->setopt(CURLOPT_USERAGENT, "OpenTSA tsget.pl/" . (split / /, $::version)[2]);
+
+    # Options for POST method.
+    $curl->setopt(CURLOPT_UPLOAD, 1);
+    $curl->setopt(CURLOPT_CUSTOMREQUEST, "POST");
+    $curl->setopt(CURLOPT_HTTPHEADER,
+		["Content-Type: application/timestamp-query",
+		"Accept: application/timestamp-reply,application/timestamp-response"]);
+    $curl->setopt(CURLOPT_READFUNCTION, \&read_body);
+    $curl->setopt(CURLOPT_HEADERFUNCTION, sub { return length($_[0]); });
+
+    # Options for getting the result.
+    $curl->setopt(CURLOPT_WRITEFUNCTION, \&write_body);
+
+    # SSL related options.
+    $curl->setopt(CURLOPT_SSLKEYTYPE, "PEM");
+    $curl->setopt(CURLOPT_SSL_VERIFYPEER, 1);	# Verify server's certificate.
+    $curl->setopt(CURLOPT_SSL_VERIFYHOST, 2);	# Check server's CN.
+    $curl->setopt(CURLOPT_SSLKEY, $options{k}) if defined($options{k});
+    $curl->setopt(CURLOPT_SSLKEYPASSWD, $options{p}) if defined($options{p});
+    $curl->setopt(CURLOPT_SSLCERT, $options{c}) if defined($options{c});
+    $curl->setopt(CURLOPT_CAINFO, $options{C}) if defined($options{C});
+    $curl->setopt(CURLOPT_CAPATH, $options{P}) if defined($options{P});
+    $curl->setopt(CURLOPT_RANDOM_FILE, $options{r}) if defined($options{r});
+    $curl->setopt(CURLOPT_EGDSOCKET, $options{g}) if defined($options{g});
+
+    # Setting destination.
+    $curl->setopt(CURLOPT_URL, $url);
+
+    return $curl;
+}
+
+# Send a request and returns the body back.
+sub get_timestamp {
+    my $curl = shift;
+    my $body = shift;
+    my $ts_body;
+    local $::error_buf;
+
+    # Error-handling related options.
+    $curl->setopt(CURLOPT_ERRORBUFFER, "::error_buf");
+
+    # Options for POST method.
+    $curl->setopt(CURLOPT_INFILE, {data => $body, bytes => 0});
+    $curl->setopt(CURLOPT_INFILESIZE, length(${$body}));
+
+    # Options for getting the result.
+    $curl->setopt(CURLOPT_FILE, \$ts_body);
+
+    # Send the request...
+    my $error_code = $curl->perform();
+    my $error_string;
+    if ($error_code != 0) {
+        my $http_code = $curl->getinfo(CURLINFO_HTTP_CODE);
+	$error_string = "could not get timestamp";
+	$error_string .= ", http code: $http_code" unless $http_code == 0;
+	$error_string .= ", curl code: $error_code";
+	$error_string .= " ($::error_buf)" if defined($::error_buf);
+    } else {
+        my $ct = $curl->getinfo(CURLINFO_CONTENT_TYPE);
+	if (lc($ct) ne "application/timestamp-reply"
+	    && lc($ct) ne "application/timestamp-response") {
+	    $error_string = "unexpected content type returned: $ct";
+        }
+    }
+    return ($ts_body, $error_string);
+
+}
+
+# Print usage information and exists.
+sub usage {
+
+    print STDERR "usage: $0 -h <server_url> [-e <extension>] [-o <output>] ";
+    print STDERR "[-v] [-d] [-k <private_key.pem>] [-p <key_password>] ";
+    print STDERR "[-c <client_cert.pem>] [-C <CA_certs.pem>] [-P <CA_path>] ";
+    print STDERR "[-r <file:file...>] [-g <EGD_socket>] [<request>]...\n";
+    exit 1;
+}
+
+# ----------------------------------------------------------------------
+#   Main program
+# ----------------------------------------------------------------------
+
+# Getting command-line options (default comes from TSGET environment variable).
+my $getopt_arg =  "h:e:o:vdk:p:c:C:P:r:g:";
+if (exists $ENV{TSGET}) {
+    my @old_argv = @ARGV;
+    @ARGV = split /\s+/, $ENV{TSGET};
+    getopts($getopt_arg, \%options) or usage;
+    @ARGV = @old_argv;
+}
+getopts($getopt_arg, \%options) or usage;
+
+# Checking argument consistency.
+if (!exists($options{h}) || (@ARGV == 0 && !exists($options{o}))
+    || (@ARGV > 1 && exists($options{o}))) {
+    print STDERR "Inconsistent command line options.\n";
+    usage;
+}
+# Setting defaults.
+@ARGV = ("-") unless @ARGV != 0;
+$options{e} = ".tsr" unless defined($options{e});
+
+# Processing requests.
+my $curl = create_curl $options{h};
+undef $/;   # For reading whole files.
+REQUEST: foreach (@ARGV) {
+    my $input = $_;
+    my ($base, $path) = fileparse($input, '\.[^.]*');
+    my $output_base = $base . $options{e};
+    my $output = defined($options{o}) ? $options{o} : $path . $output_base;
+
+    STDERR->printflush("$input: ") if $options{v};
+    # Read request.
+    my $body;
+    if ($input eq "-") {
+	# Read the request from STDIN;
+	$body = <STDIN>;
+    } else {
+	# Read the request from file.
+        open INPUT, "<" . $input
+	    or warn("$input: could not open input file: $!\n"), next REQUEST;
+        $body = <INPUT>;
+        close INPUT
+	    or warn("$input: could not close input file: $!\n"), next REQUEST;
+    }
+
+    # Send request.
+    STDERR->printflush("sending request") if $options{v};
+
+    my ($ts_body, $error) = get_timestamp $curl, \$body;
+    if (defined($error)) {
+	die "$input: fatal error: $error\n";
+    }
+    STDERR->printflush(", reply received") if $options{v};
+
+    # Write response.
+    if ($output eq "-") {
+	# Write to STDOUT.
+        print $ts_body;
+    } else {
+	# Write to file.
+        open OUTPUT, ">", $output
+	    or warn("$output: could not open output file: $!\n"), next REQUEST;
+        print OUTPUT $ts_body;
+        close OUTPUT
+	    or warn("$output: could not close output file: $!\n"), next REQUEST;
+    }
+    STDERR->printflush(", $output written.\n") if $options{v};
+}
+$curl->cleanup();
--- a/c_rehash.cmake
+++ b/c_rehash.cmake
@ -0,0 +1,210 @@
+#!/usr/bin/perl
+
+# Perl c_rehash script, scan all files in a directory
+# and add symbolic links to their hash values.
+
+my $dir = "%OPENSSLDIR%";
+my $prefix = "%CMAKE_INSTALL_PREFIX%";
+
+my $openssl = $ENV{OPENSSL} || "openssl";
+my $pwd;
+my $x509hash = "-subject_hash";
+my $crlhash = "-hash";
+my $verbose = 0;
+my $symlink_exists=eval {symlink("",""); 1};
+my $removelinks = 1;
+
+##  Parse flags.
+while ( $ARGV[0] =~ /^-/ ) {
+    my $flag = shift @ARGV;
+    last if ( $flag eq '--');
+    if ( $flag eq '-old') {
+	    $x509hash = "-subject_hash_old";
+	    $crlhash = "-hash_old";
+    } elsif ( $flag eq '-h') {
+	    help();
+    } elsif ( $flag eq '-n' ) {
+	    $removelinks = 0;
+    } elsif ( $flag eq '-v' ) {
+	    $verbose++;
+    }
+    else {
+	    print STDERR "Usage error; try -help.\n";
+	    exit 1;
+    }
+}
+
+sub help {
+	print "Usage: c_rehash [-old] [-h] [-v] [dirs...]\n";
+	print "   -old use old-style digest\n";
+	print "   -h print this help text\n";
+	print "   -v print files removed and linked\n";
+	exit 0;
+}
+
+eval "require Cwd";
+if (defined(&Cwd::getcwd)) {
+	$pwd=Cwd::getcwd();
+} else {
+	$pwd=`pwd`;
+	chomp($pwd);
+}
+
+# DOS/Win32 or Unix delimiter?  Prefix our installdir, then search.
+my $path_delim = ($pwd =~ /^[a-z]\:/i) ? ';' : ':';
+$ENV{PATH} = "$prefix/bin" . ($ENV{PATH} ? $path_delim . $ENV{PATH} : "");
+
+if(! -x $openssl) {
+	my $found = 0;
+	foreach (split /$path_delim/, $ENV{PATH}) {
+		if(-x "$_/$openssl") {
+			$found = 1;
+			$openssl = "$_/$openssl";
+			last;
+		}	
+	}
+	if($found == 0) {
+		print STDERR "c_rehash: rehashing skipped ('openssl' program not available)\n";
+		exit 0;
+	}
+}
+
+if(@ARGV) {
+	@dirlist = @ARGV;
+} elsif($ENV{SSL_CERT_DIR}) {
+	@dirlist = split /$path_delim/, $ENV{SSL_CERT_DIR};
+} else {
+	$dirlist[0] = "$dir/certs";
+}
+
+if (-d $dirlist[0]) {
+	chdir $dirlist[0];
+	$openssl="$pwd/$openssl" if (!-x $openssl);
+	chdir $pwd;
+}
+
+foreach (@dirlist) {
+	if(-d $_ and -w $_) {
+		hash_dir($_);
+	}
+}
+
+sub hash_dir {
+	my %hashlist;
+	print "Doing $_[0]\n";
+	chdir $_[0];
+	opendir(DIR, ".");
+	my @flist = readdir(DIR);
+	closedir DIR;
+	if ( $removelinks ) {
+		# Delete any existing symbolic links
+		foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) {
+			if(-l $_) {
+				unlink $_;
+				print "unlink $_" if $verbose;
+			}
+		}
+	}
+	FILE: foreach $fname (grep {/\.(pem)|(crt)|(cer)|(crl)$/} @flist) {
+		# Check to see if certificates and/or CRLs present.
+		my ($cert, $crl) = check_file($fname);
+		if(!$cert && !$crl) {
+			print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n";
+			next;
+		}
+		link_hash_cert($fname) if($cert);
+		link_hash_crl($fname) if($crl);
+	}
+}
+
+sub check_file {
+	my ($is_cert, $is_crl) = (0,0);
+	my $fname = $_[0];
+	open IN, $fname;
+	while(<IN>) {
+		if(/^-----BEGIN (.*)-----/) {
+			my $hdr = $1;
+			if($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) {
+				$is_cert = 1;
+				last if($is_crl);
+			} elsif($hdr eq "X509 CRL") {
+				$is_crl = 1;
+				last if($is_cert);
+			}
+		}
+	}
+	close IN;
+	return ($is_cert, $is_crl);
+}
+
+
+# Link a certificate to its subject name hash value, each hash is of
+# the form <hash>.<n> where n is an integer. If the hash value already exists
+# then we need to up the value of n, unless its a duplicate in which
+# case we skip the link. We check for duplicates by comparing the
+# certificate fingerprints
+
+sub link_hash_cert {
+		my $fname = $_[0];
+		$fname =~ s/'/'\\''/g;
+		my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`;
+		chomp $hash;
+		chomp $fprint;
+		$fprint =~ s/^.*=//;
+		$fprint =~ tr/://d;
+		my $suffix = 0;
+		# Search for an unused hash filename
+		while(exists $hashlist{"$hash.$suffix"}) {
+			# Hash matches: if fingerprint matches its a duplicate cert
+			if($hashlist{"$hash.$suffix"} eq $fprint) {
+				print STDERR "WARNING: Skipping duplicate certificate $fname\n";
+				return;
+			}
+			$suffix++;
+		}
+		$hash .= ".$suffix";
+		if ($symlink_exists) {
+			symlink $fname, $hash;
+			print "link $fname -> $hash\n" if $verbose;
+		} else {
+			open IN,"<$fname" or die "can't open $fname for read";
+			open OUT,">$hash" or die "can't open $hash for write";
+			print OUT <IN>;	# does the job for small text files
+			close OUT;
+			close IN;
+			print "copy $fname -> $hash\n" if $verbose;
+		}
+		$hashlist{$hash} = $fprint;
+}
+
+# Same as above except for a CRL. CRL links are of the form <hash>.r<n>
+
+sub link_hash_crl {
+		my $fname = $_[0];
+		$fname =~ s/'/'\\''/g;
+		my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`;
+		chomp $hash;
+		chomp $fprint;
+		$fprint =~ s/^.*=//;
+		$fprint =~ tr/://d;
+		my $suffix = 0;
+		# Search for an unused hash filename
+		while(exists $hashlist{"$hash.r$suffix"}) {
+			# Hash matches: if fingerprint matches its a duplicate cert
+			if($hashlist{"$hash.r$suffix"} eq $fprint) {
+				print STDERR "WARNING: Skipping duplicate CRL $fname\n";
+				return;
+			}
+			$suffix++;
+		}
+		$hash .= ".r$suffix";
+		if ($symlink_exists) {
+			symlink $fname, $hash;
+			print "link $fname -> $hash\n" if $verbose;
+		} else {
+			system ("cp", $fname, $hash);
+			print "cp $fname -> $hash\n" if $verbose;
+		}
+		$hashlist{$hash} = $fprint;
+}
+
--- a/cmake/MSVCRuntime.cmake
+++ b/cmake/MSVCRuntime.cmake
@ -1,11 +1,5 @@
-
 macro(configure_msvc_runtime)
 	if(MSVC)
-		# Default to statically-linked runtime.
-		if("${MSVC_RUNTIME}" STREQUAL "")
-			set(MSVC_RUNTIME "static")
-		endif()
-
 		# Set compiler options.
 		set(variables
 			CMAKE_C_FLAGS
@ -19,20 +13,17 @@ macro(configure_msvc_runtime)
 			CMAKE_CXX_FLAGS_RELEASE
 			CMAKE_CXX_FLAGS_RELWITHDEBINFO)

-		if(${MSVC_RUNTIME} STREQUAL "static")
-			message(STATUS "MSVC: using statically-linked runtime (/MT and /MTd).")
-			foreach(variable ${variables})
-				if(${variable} MATCHES "/MD")
-					string(REGEX REPLACE "/MD" "/MT" ${variable} "${${variable}}")
-				endif()
-			endforeach()
+		if(BUILD_SHARED_LIBS)
+			set(CMAKE_WINDOWS_EXPORT_ALL_SYMBOLS ON)
 		else()
-			message(STATUS "MSVC: using dynamically-linked runtime (/MD and /MDd).")
-			foreach(variable ${variables})
-				if(${variable} MATCHES "/MT")
-					string(REGEX REPLACE "/MT" "/MD" ${variable} "${${variable}}")
-				endif()
-			endforeach()
+			if(NOT MSVC_DYNAMIC_RUNTIME)
+				message(STATUS "MSVC: using statically-linked runtime (/MT and /MTd).")
+				foreach(variable ${variables})
+					if(${variable} MATCHES "/MD")
+						string(REGEX REPLACE "/MD" "/MT" ${variable} "${${variable}}")
+					endif()
+				endforeach()
+			endif()
 		endif()

 		foreach(variable ${variables})
--- a/crypto/CMakeLists.txt
+++ b/crypto/CMakeLists.txt
@ -26,49 +26,38 @@

 include( CMakeParseArguments )

-file( READ opensslconf.h.cmake CONF )
+string(TIMESTAMP BUILDINF_DATE "%Y-%m-%d %H:%M:%S UTC" UTC)
+configure_file( buildinf.h.cmake buildinf.h )

-set( CONF "
-#define OPENSSL_NO_GMP
-#define OPENSSL_NO_JPAKE
-#define OPENSSL_NO_KRB5
-#define OPENSSL_NO_MD2
-#define OPENSSL_NO_RC5
-#define OPENSSL_NO_RFC3779
-#define OPENSSL_NO_STORE
-#define OPENSSL_NO_DYNAMIC_ENGINE
-#define OPENSSL_NO_SCTP
-#define OPENSSL_NO_EC_NISTP_64_GCC_128
-${CONF}" )
-file( WRITE ${CMAKE_CURRENT_BINARY_DIR}/opensslconf.h.cmake "${CONF}" )
-
-#~2DO: set BUILDINF_DATE to `date LC_ALL=C LC_TIME=C`
-configure_file ( buildinf.h.cmake buildinf.h )
-
-include(CheckTypeSize)
-check_type_size( "long" LONG_INT )
-check_type_size( "long long" LONG_LONG_INT )
-check_type_size( "int" INT )
-if ( HAVE_LONG_INT AND (${LONG_INT} EQUAL 8) )
-  set ( SIXTY_FOUR_BIT_LONG ON )
-elseif ( HAVE_LONG_LONG_INT AND (${LONG_LONG_INT} EQUAL 8) )
-  set ( SIXTY_FOUR_BIT ON )
-else()
-  set ( THIRTY_TWO_BIT ON )
+include( CheckIncludeFile )
+CHECK_INCLUDE_FILE( fcntl.h CHK_DLFCN )
+if( CHK_DLFCN )
+  set( HAVE_DLFCN_H ON )
+  add_definitions( -DHAVE_DLFCN_H )
 endif()

-if ( WIN32 AND MINGW AND NOT CYGWIN )
-  set( OPENSSL_EXPORT_VAR_AS_FUNCTION true )
+if( APPLE )
+  add_definitions( -DDSO_DLFCN )
+elseif( WIN32 AND NOT CYGWIN )
+  add_definitions( -DDSO_WIN32 )
+elseif( CYGWIN )
+  add_definitions( -DDSO_DLFCN )
+elseif( CHK_DLFCN )
+  add_definitions( -DDSO_DLFCN )
 endif()

-configure_file( ${CMAKE_CURRENT_BINARY_DIR}/opensslconf.h.cmake ${CMAKE_CURRENT_BINARY_DIR}/openssl/opensslconf.h )
-
 set( LIBSRC
  cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c cpt_err.c
  ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fips.c o_init.c fips_ers.c
  )

-include_directories( BEFORE SYSTEM ${CMAKE_CURRENT_BINARY_DIR} asn1 evp modes )
+include_directories( BEFORE SYSTEM
+  asn1 evp modes
+  ${CMAKE_CURRENT_SOURCE_DIR}/ # IMPORTANT: opensslconf.h must be removed from sources
+  ${CMAKE_CURRENT_BINARY_DIR}/ # buildconf.h
+  ${PROJECT_SOURCE_DIR}/ # e_os.h
+  ${PROJECT_BINARY_DIR}/include # public
+)

 if( BUILD_SHARED_LIBS )
  add_definitions( -DOPENSSL_BUILD_SHLIBCRYPTO )
@ -95,7 +84,7 @@ endmacro( add_submodule )

 add_submodule ( ../engines e_4758cca.c e_aep.c e_atalla.c e_cswift.c e_gmp.c e_chil.c
  e_nuron.c e_sureware.c e_ubsec.c e_padlock.c e_capi.c )
-#~2DO: ok?
+
 add_submodule ( ../engines/ccgost e_gost_err.c gost2001.c gost2001_keyx.c gost89.c
  gost94_keyx.c gost_ameth.c gost_asn1.c gost_crypt.c gost_ctl.c gost_eng.c gosthash.c
  gost_keywrap.c gost_md.c gost_params.c gost_pmeth.c gost_sign.c )
@ -109,6 +98,7 @@ endif( WIN32 AND NOT CYGWIN )

 add_submodule ( aes aes_core.c aes_misc.c aes_ecb.c aes_cbc.c aes_cfb.c aes_ofb.c
  aes_ctr.c aes_ige.c aes_wrap.c EXHEADERS aes.h )
+
 add_submodule ( asn1 a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c
  a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c a_enum.c a_utf8.c a_sign.c
  a_digest.c a_verify.c a_mbstr.c a_strex.c x_algor.c x_val.c x_pubkey.c x_sig.c
@ -119,47 +109,67 @@ add_submodule ( asn1 a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c
  f_enum.c x_pkey.c a_bool.c x_exten.c bio_asn1.c bio_ndef.c asn_mime.c asn1_gen.c
  asn1_par.c asn1_lib.c asn1_err.c a_bytes.c a_strnid.c evp_asn1.c asn_pack.c p5_pbe.c
  p5_pbev2.c p8_pkey.c asn_moid.c EXHEADERS asn1.h asn1_mac.h asn1t.h )
+
 add_submodule ( bf bf_skey.c bf_ecb.c bf_enc.c bf_cfb64.c bf_ofb64.c EXHEADERS blowfish.h )
+
 add_submodule ( bio bio_lib.c bio_cb.c bio_err.c bss_mem.c bss_null.c bss_fd.c bss_file.c
  bss_sock.c bss_conn.c bf_null.c bf_buff.c b_print.c b_dump.c b_sock.c bss_acpt.c
  bf_nbio.c bss_log.c bss_bio.c bss_dgram.c # bf_lbuf.c
  EXHEADERS bio.h )
+
 add_submodule ( bn bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c bn_mod.c
  bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c bn_kron.c bn_sqrt.c bn_gcd.c
  bn_prime.c bn_err.c bn_sqr.c bn_asm.c bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c
  bn_nist.c bn_depr.c bn_const.c EXHEADERS bn.h )
+
 add_submodule ( buffer buffer.c buf_err.c buf_str.c EXHEADERS buffer.h )
+
 add_submodule ( camellia camellia.c cmll_misc.c cmll_ecb.c cmll_cbc.c cmll_ofb.c
  cmll_cfb.c cmll_ctr.c cmll_utl.c EXHEADERS camellia.h )
+
 add_submodule ( cast c_skey.c c_ecb.c c_enc.c c_cfb64.c c_ofb64.c EXHEADERS cast.h )
+
 add_submodule ( cmac cm_ameth.c cm_pmeth.c cmac.c EXHEADERS cmac.h )
+
 add_submodule ( cms cms_lib.c cms_asn1.c cms_att.c cms_io.c cms_smime.c cms_err.c
  cms_sd.c cms_dd.c cms_cd.c cms_env.c cms_enc.c cms_ess.c cms_pwri.c cms_kari.c
  EXHEADERS cms.h )
+
 add_submodule ( comp comp_lib.c comp_err.c c_rle.c c_zlib.c EXHEADERS comp.h )
+
 add_submodule ( conf conf_err.c conf_lib.c conf_api.c conf_def.c conf_mod.c conf_mall.c
  conf_sap.c EXHEADERS conf.h conf_api.h )
+
 add_submodule ( des cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c ecb3_enc.c ecb_enc.c
  enc_read.c enc_writ.c fcrypt.c ofb64enc.c ofb_enc.c pcbc_enc.c qud_cksm.c rand_key.c
  rpc_enc.c set_key.c des_enc.c fcrypt_b.c xcbc_enc.c str2key.c cfb64ede.c ofb64ede.c
  ede_cbcm_enc.c des_old.c des_old2.c read2pwd.c EXHEADERS des.h des_old.h )
+
 add_submodule ( dh dh_asn1.c dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c dh_depr.c
  dh_ameth.c dh_pmeth.c dh_prn.c dh_rfc5114.c dh_kdf.c EXHEADERS dh.h )
+
 add_submodule ( dsa dsa_gen.c dsa_key.c dsa_lib.c dsa_asn1.c dsa_vrf.c dsa_sign.c
  dsa_err.c dsa_ossl.c dsa_depr.c dsa_ameth.c dsa_pmeth.c dsa_prn.c EXHEADERS dsa.h )
+
 add_submodule ( dso dso_dl.c dso_dlfcn.c dso_err.c dso_lib.c dso_null.c dso_openssl.c
  dso_win32.c dso_vms.c dso_beos.c EXHEADERS dso.h )
+
 add_submodule ( ec ec_lib.c ecp_smpl.c ecp_mont.c ecp_nist.c ec_cvt.c ec_mult.c ec_err.c
  ec_curve.c ec_check.c ec_print.c ec_asn1.c ec_key.c ec2_smpl.c ec2_mult.c ec_ameth.c
  ec_oct.c ec_pmeth.c eck_prn.c ecp_oct.c ec2_oct.c EXHEADERS ec.h )
+
 add_submodule ( ecdh ech_lib.c ech_ossl.c ech_key.c ech_err.c ech_kdf.c EXHEADERS ecdh.h )
+
 add_submodule ( ecdsa ecs_lib.c ecs_asn1.c ecs_ossl.c ecs_sign.c ecs_vrf.c ecs_err.c
  EXHEADERS ecdsa.h )
+
 add_submodule ( engine eng_err.c eng_lib.c eng_list.c eng_init.c eng_ctrl.c eng_table.c
  eng_pkey.c eng_fat.c eng_all.c tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_ecdh.c tb_rand.c
  tb_store.c tb_cipher.c tb_digest.c tb_pkmeth.c tb_asnmth.c eng_openssl.c eng_cnf.c
  eng_dyn.c eng_cryptodev.c eng_rdrand.c EXHEADERS engine.h )
+
 add_submodule ( err err.c err_all.c err_prn.c EXHEADERS err.h )
+
 add_submodule ( evp encode.c digest.c evp_enc.c evp_key.c evp_acnf.c evp_cnf.c e_des.c
  e_bf.c e_idea.c e_des3.c e_camellia.c e_rc4.c e_aes.c names.c e_seed.c e_xcbc_d.c e_rc2.c
  e_cast.c e_rc5.c m_null.c m_md2.c m_md4.c m_md5.c m_sha.c m_sha1.c m_wp.c m_dss.c
@ -168,59 +178,92 @@ add_submodule ( evp encode.c digest.c evp_enc.c evp_key.c evp_acnf.c evp_cnf.c e
  c_alld.c evp_lib.c bio_ok.c evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c e_old.c pmeth_lib.c
  pmeth_fn.c pmeth_gn.c m_sigver.c e_aes_cbc_hmac_sha1.c e_aes_cbc_hmac_sha256.c
  e_rc4_hmac_md5.c EXHEADERS evp.h )
+
 add_submodule ( hmac hmac.c hm_ameth.c hm_pmeth.c EXHEADERS hmac.h )
+
 add_submodule ( idea i_cbc.c i_cfb64.c i_ofb64.c i_ecb.c i_skey.c EXHEADERS idea.h )
+
 # add_submodule(jpake jpake.c jpake_err.c EXHEADERS jpake.h)
+
 add_submodule ( krb5 krb5_asn.c EXHEADERS krb5_asn.h )
+
 add_submodule ( lhash lhash.c lh_stats.c EXHEADERS lhash.h )
+
 # add_submodule(md2 md2_dgst.c md2_one.c EXHEADERS md2.h )
+
 add_submodule ( md4 md4_dgst.c md4_one.c EXHEADERS md4.h )
+
 add_submodule ( md5 md5_dgst.c md5_one.c EXHEADERS md5.h )
+
 add_submodule ( mdc2 mdc2dgst.c mdc2_one.c EXHEADERS mdc2.h )
+
 add_submodule ( modes cbc128.c ccm128.c ctr128.c cts128.c cfb128.c gcm128.c ofb128.c
  xts128.c wrap128.c EXHEADERS modes.h )
+
 add_submodule ( objects o_names.c obj_dat.c obj_lib.c obj_err.c obj_xref.c EXHEADERS
  objects.h obj_mac.h )
+
 add_submodule ( ocsp ocsp_asn.c ocsp_ext.c ocsp_ht.c ocsp_lib.c ocsp_cl.c ocsp_srv.c
  ocsp_prn.c ocsp_vfy.c ocsp_err.c EXHEADERS ocsp.h )
+
 add_submodule ( pem pem_sign.c pem_seal.c pem_info.c pem_lib.c pem_all.c pem_err.c
  pem_x509.c pem_xaux.c pem_oth.c pem_pk8.c pem_pkey.c pvkfmt.c EXHEADERS pem.h pem2.h )
+
 add_submodule ( pkcs12 p12_add.c p12_asn.c p12_attr.c p12_crpt.c p12_crt.c p12_decr.c
  p12_init.c p12_key.c p12_kiss.c p12_mutl.c p12_utl.c p12_npas.c pk12err.c p12_p8d.c
  p12_p8e.c EXHEADERS pkcs12.h )
+
 add_submodule ( pkcs7 pk7_asn1.c pk7_lib.c pkcs7err.c pk7_doit.c pk7_smime.c pk7_attr.c
  pk7_mime.c bio_pk7.c EXHEADERS pkcs7.h )
+
 add_submodule ( pqueue pqueue.c EXHEADERS pqueue.h )
+
 add_submodule ( rand md_rand.c randfile.c rand_lib.c rand_err.c rand_egd.c rand_win.c
  rand_unix.c rand_os2.c rand_nw.c EXHEADERS rand.h )
+
 add_submodule ( rc2 rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c rc2ofb64.c EXHEADERS
  rc2.h )
+
 add_submodule ( rc4 rc4_skey.c rc4_enc.c rc4_utl.c EXHEADERS rc4.h )
+
 #add_submodule(rc5 rc5_skey.c rc5_ecb.c rc5_enc.c rc5cfb64.c rc5ofb64.c
 #   EXHEADERS rc5.h )
+
 add_submodule ( ripemd rmd_dgst.c rmd_one.c EXHEADERS ripemd.h )
+
 add_submodule ( rsa rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c
  rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c rsa_null.c rsa_pss.c rsa_x931.c
  rsa_asn1.c rsa_depr.c rsa_ameth.c rsa_prn.c rsa_pmeth.c rsa_crpt.c EXHEADERS rsa.h )
+
 add_submodule ( seed seed.c seed_ecb.c seed_cbc.c seed_cfb.c seed_ofb.c EXHEADERS
  seed.h )
+
 add_submodule ( sha sha_dgst.c sha1dgst.c sha_one.c sha1_one.c sha256.c sha512.c
  EXHEADERS sha.h )
+
 add_submodule ( srp srp_lib.c srp_vfy.c EXHEADERS srp.h srp_grps.h srp_lcl.h )
+
 add_submodule ( stack stack.c EXHEADERS stack.h safestack.h )
+
 #add_submodule(store str_err.c str_lib.c str_meth.c str_mem.c
 #   EXHEADERS store.h )
+
 add_submodule ( ts ts_err.c ts_req_utils.c ts_req_print.c ts_rsp_utils.c ts_rsp_print.c
  ts_rsp_sign.c ts_rsp_verify.c ts_verify_ctx.c ts_lib.c ts_conf.c ts_asn1.c EXHEADERS
  ts.h )
+
 add_submodule ( txt_db txt_db.c EXHEADERS txt_db.h )
+
 add_submodule ( ui ui_err.c ui_lib.c ui_openssl.c ui_util.c ui_compat.c EXHEADERS
  ui.h ui_compat.h )
+
 add_submodule ( whrlpool wp_dgst.c wp_block.c EXHEADERS whrlpool.h )
+
 add_submodule ( x509 x509_def.c x509_d2.c x509_r2x.c x509_cmp.c x509_obj.c x509_req.c
  x509spki.c x509_vfy.c x509_set.c x509cset.c x509rset.c x509_err.c x509name.c x509_v3.c
  x509_ext.c x509_att.c x509type.c x509_lu.c x_all.c x509_txt.c x509_trs.c by_file.c
  by_dir.c x509_vpm.c EXHEADERS x509.h x509_vfy.h )
+
 add_submodule ( x509v3 v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c v3_lib.c
  v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c v3_pku.c v3_int.c
  v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c v3_info.c v3_ocsp.c v3_akeya.c
@ -231,20 +274,36 @@ add_submodule ( x509v3 v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c v3_li
 add_submodule ( . EXHEADERS crypto.h opensslv.h ebcdic.h symhacks.h
  ossl_typ.h )

+foreach( header ${EXHEADERS} )
+    file ( COPY ${header} DESTINATION ${PROJECT_BINARY_DIR}/include/openssl )
+endforeach( header )
+
 add_library( crypto ${LIBSRC} ${OBJECTS_SRC} )

+target_include_directories( crypto PUBLIC ${PROJECT_BINARY_DIR}/include )
+
 if( WIN32 AND NOT CYGWIN )
  target_link_libraries( crypto ws2_32 crypt32 )
+else()
+  if( CHK_DLFCN AND HAVE_DLFCN_H )
+    target_link_libraries( crypto dl )
+  endif()
 endif()

 set_target_properties( crypto PROPERTIES
  VERSION "${LIB_VERSION}" SOVERSION "${LIB_SOVERSION}" )

-foreach( header ${EXHEADERS} )
-    file ( COPY ${header} DESTINATION ${PROJECT_BINARY_DIR}/include/openssl )
-endforeach( header )
+if( ANDROID )
+  set_target_properties( crypto PROPERTIES OUTPUT_NAME "crypto" )
+endif()

-configure_file( opensslconf.h.cmake ${PROJECT_BINARY_DIR}/include/openssl/opensslconf.h )
+if( MSVC )
+  if( CMAKE_SIZEOF_VOID_P EQUAL 8 )
+    set_target_properties( crypto PROPERTIES OUTPUT_NAME "libeay32" )
+  elseif( CMAKE_SIZEOF_VOID_P EQUAL 4 )
+    set_target_properties( crypto PROPERTIES OUTPUT_NAME "libeay32" )
+  endif()
+endif()

 install( TARGETS crypto
    RUNTIME DESTINATION bin
--- a/crypto/buildinf.h.cmake
+++ b/crypto/buildinf.h.cmake
@ -1,10 +1,7 @@
 #ifndef MK1MF_BUILD
  /* auto-generated by crypto/Makefile for crypto/cversion.c */
-  #define CFLAGS "@CMAKE_C_COMPILER@ @CMAKE_C_FLAGS@"
-  #define PLATFORM "@CMAKE_SYSTEM_NAME@"
-  #define DATE "@BUILDINF_DATE@"
+  #define CFLAGS "compiler: @CMAKE_C_COMPILER@ @CMAKE_C_FLAGS@"
+  #define PLATFORM "platform: @CMAKE_SYSTEM_NAME@"
+  #define DATE "built on: @BUILDINF_DATE@"
 #endif
-/* ~2DO: is the above ok? */
-
-

--- a/crypto/opensslconf.h
+++ b/crypto/opensslconf.h
@ -1,265 +0,0 @@
-/* opensslconf.h */
-/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-/* OpenSSL was configured with the following options: */
-#ifndef OPENSSL_DOING_MAKEDEPEND
-
-
-#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
-# define OPENSSL_NO_EC_NISTP_64_GCC_128
-#endif
-#ifndef OPENSSL_NO_GMP
-# define OPENSSL_NO_GMP
-#endif
-#ifndef OPENSSL_NO_JPAKE
-# define OPENSSL_NO_JPAKE
-#endif
-#ifndef OPENSSL_NO_KRB5
-# define OPENSSL_NO_KRB5
-#endif
-#ifndef OPENSSL_NO_LIBUNBOUND
-# define OPENSSL_NO_LIBUNBOUND
-#endif
-#ifndef OPENSSL_NO_MD2
-# define OPENSSL_NO_MD2
-#endif
-#ifndef OPENSSL_NO_RC5
-# define OPENSSL_NO_RC5
-#endif
-#ifndef OPENSSL_NO_RFC3779
-# define OPENSSL_NO_RFC3779
-#endif
-#ifndef OPENSSL_NO_SCTP
-# define OPENSSL_NO_SCTP
-#endif
-#ifndef OPENSSL_NO_SSL_TRACE
-# define OPENSSL_NO_SSL_TRACE
-#endif
-#ifndef OPENSSL_NO_SSL2
-# define OPENSSL_NO_SSL2
-#endif
-#ifndef OPENSSL_NO_STORE
-# define OPENSSL_NO_STORE
-#endif
-#ifndef OPENSSL_NO_UNIT_TEST
-# define OPENSSL_NO_UNIT_TEST
-#endif
-#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
-# define OPENSSL_NO_WEAK_SSL_CIPHERS
-#endif
-
-#endif /* OPENSSL_DOING_MAKEDEPEND */
-
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
-# define OPENSSL_NO_DYNAMIC_ENGINE
-#endif
-
-/* The OPENSSL_NO_* macros are also defined as NO_* if the application
-   asks for it.  This is a transient feature that is provided for those
-   who haven't had the time to do the appropriate changes in their
-   applications.  */
-#ifdef OPENSSL_ALGORITHM_DEFINES
-# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128)
-#  define NO_EC_NISTP_64_GCC_128
-# endif
-# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
-#  define NO_GMP
-# endif
-# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE)
-#  define NO_JPAKE
-# endif
-# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
-#  define NO_KRB5
-# endif
-# if defined(OPENSSL_NO_LIBUNBOUND) && !defined(NO_LIBUNBOUND)
-#  define NO_LIBUNBOUND
-# endif
-# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2)
-#  define NO_MD2
-# endif
-# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
-#  define NO_RC5
-# endif
-# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
-#  define NO_RFC3779
-# endif
-# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
-#  define NO_SCTP
-# endif
-# if defined(OPENSSL_NO_SSL_TRACE) && !defined(NO_SSL_TRACE)
-#  define NO_SSL_TRACE
-# endif
-# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2)
-#  define NO_SSL2
-# endif
-# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
-#  define NO_STORE
-# endif
-# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST)
-#  define NO_UNIT_TEST
-# endif
-# if defined(OPENSSL_NO_WEAK_SSL_CIPHERS) && !defined(NO_WEAK_SSL_CIPHERS)
-#  define NO_WEAK_SSL_CIPHERS
-# endif
-#endif
-
-/* crypto/opensslconf.h.in */
-
-/* Generate 80386 code? */
-#undef I386_ONLY
-
-#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
-#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define ENGINESDIR "/usr/local/ssl/lib/engines"
-#define OPENSSLDIR "/usr/local/ssl"
-#endif
-#endif
-
-#undef OPENSSL_UNISTD
-#define OPENSSL_UNISTD <unistd.h>
-
-#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
-
-#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
-#define IDEA_INT unsigned int
-#endif
-
-#if defined(HEADER_MD2_H) && !defined(MD2_INT)
-#define MD2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC2_H) && !defined(RC2_INT)
-/* I need to put in a mod for the alpha - eay */
-#define RC2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC4_H)
-#if !defined(RC4_INT)
-/* using int types make the structure larger but make the code faster
- * on most boxes I have tested - up to %20 faster. */
-/*
- * I don't know what does "most" mean, but declaring "int" is a must on:
- * - Intel P6 because partial register stalls are very expensive;
- * - elder Alpha because it lacks byte load/store instructions;
- */
-#define RC4_INT unsigned int
-#endif
-#if !defined(RC4_CHUNK)
-/*
- * This enables code handling data aligned at natural CPU word
- * boundary. See crypto/rc4/rc4_enc.c for further details.
- */
-#undef RC4_CHUNK
-#endif
-#endif
-
-#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
-/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
- * %20 speed up (longs are 8 bytes, int's are 4). */
-#ifndef DES_LONG
-#define DES_LONG unsigned long
-#endif
-#endif
-
-#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
-#define CONFIG_HEADER_BN_H
-#undef BN_LLONG
-
-/* Should we define BN_DIV2W here? */
-
-/* Only one for the following should be defined */
-#undef SIXTY_FOUR_BIT_LONG
-#undef SIXTY_FOUR_BIT
-#define THIRTY_TWO_BIT
-#endif
-
-#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
-#define CONFIG_HEADER_RC4_LOCL_H
-/* if this is defined data[i] is used instead of *data, this is a %20
- * speedup on x86 */
-#undef RC4_INDEX
-#endif
-
-#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
-#define CONFIG_HEADER_BF_LOCL_H
-#undef BF_PTR
-#endif /* HEADER_BF_LOCL_H */
-
-#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
-#define CONFIG_HEADER_DES_LOCL_H
-#ifndef DES_DEFAULT_OPTIONS
-/* the following is tweaked from a config script, that is why it is a
- * protected undef/define */
-#ifndef DES_PTR
-#undef DES_PTR
-#endif
-
-/* This helps C compiler generate the correct code for multiple functional
- * units.  It reduces register dependancies at the expense of 2 more
- * registers */
-#ifndef DES_RISC1
-#undef DES_RISC1
-#endif
-
-#ifndef DES_RISC2
-#undef DES_RISC2
-#endif
-
-#if defined(DES_RISC1) && defined(DES_RISC2)
-#error YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
-#endif
-
-/* Unroll the inner loop, this sometimes helps, sometimes hinders.
- * Very mucy CPU dependant */
-#ifndef DES_UNROLL
-#undef DES_UNROLL
-#endif
-
-/* These default values were supplied by
- * Peter Gutman <pgut001@cs.auckland.ac.nz>
- * They are only used if nothing else has been defined */
-#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
-/* Special defines which change the way the code is built depending on the
-   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
-   even newer MIPS CPU's, but at the moment one size fits all for
-   optimization options.  Older Sparc's work better with only UNROLL, but
-   there's no way to tell at compile time what it is you're running on */
- 
-#if defined( __sun ) || defined ( sun )		/* Newer Sparc's */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#elif defined( __ultrix )	/* Older MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined( __osf1__ )	/* Alpha */
-#  define DES_PTR
-#  define DES_RISC2
-#elif defined ( _AIX )		/* RS6000 */
-  /* Unknown */
-#elif defined( __hpux )		/* HP-PA */
-  /* Unknown */
-#elif defined( __aux )		/* 68K */
-  /* Unknown */
-#elif defined( __dgux )		/* 88K (but P6 in latest boxes) */
-#  define DES_UNROLL
-#elif defined( __sgi )		/* Newer MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined(i386) || defined(__i386__)	/* x86 boxes, should be gcc */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#endif /* Systems-specific speed defines */
-#endif
-
-#endif /* DES_DEFAULT_OPTIONS */
-#endif /* HEADER_DES_LOCL_H */
-#ifdef  __cplusplus
-}
-#endif
--- a/crypto/opensslconf.h.cmake
+++ b/crypto/opensslconf.h.cmake
--- a/ssl/CMakeLists.txt
+++ b/ssl/CMakeLists.txt
@ -39,18 +39,36 @@ set ( LIBSRC
  bio_ssl.c ssl_err.c kssl.c t1_reneg.c tls_srp.c t1_trce.c ssl_utst.c
  )

-add_library ( ssl ${LIBSRC} )
-
-target_link_libraries ( ssl crypto )
-
-set_target_properties( ssl PROPERTIES
-  VERSION "${LIB_VERSION}" SOVERSION "${LIB_SOVERSION}" )
+include_directories( BEFORE SYSTEM
+  ${PROJECT_SOURCE_DIR}/ # e_os.h
+)

 set( EXHEADERS ssl.h ssl2.h ssl3.h ssl23.h tls1.h dtls1.h kssl.h srtp.h )
 foreach( file ${EXHEADERS} )
    file ( COPY ${file} DESTINATION ${PROJECT_BINARY_DIR}/include/openssl )
 endforeach( file )

+add_library ( ssl ${LIBSRC} )
+
+target_include_directories( ssl PUBLIC ${PROJECT_BINARY_DIR}/include )
+
+target_link_libraries ( ssl crypto )
+
+set_target_properties( ssl PROPERTIES
+  VERSION "${LIB_VERSION}" SOVERSION "${LIB_SOVERSION}" )
+
+if( ANDROID )
+  set_target_properties( ssl PROPERTIES OUTPUT_NAME "ssl" )
+endif()
+
+if( MSVC )
+  if( CMAKE_SIZEOF_VOID_P EQUAL 8 )
+    set_target_properties( ssl PROPERTIES OUTPUT_NAME "ssleay32" )
+  elseif( CMAKE_SIZEOF_VOID_P EQUAL 4 )
+    set_target_properties( ssl PROPERTIES OUTPUT_NAME "ssleay32" )
+  endif()
+endif()
+
 install( TARGETS ssl
    RUNTIME DESTINATION bin
    LIBRARY DESTINATION lib