From 1be93c4098902daf182267e32bdbddd545f25062 Mon Sep 17 00:00:00 2001
From: Peter van Dijk <peter.van.dijk@powerdns.com>
Date: Wed, 30 Dec 2015 00:20:22 +0100
Subject: [PATCH 1/2] respect OPENSSL_LDFLAGS

---
 pdns/Makefile.am | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pdns/Makefile.am b/pdns/Makefile.am
index 662e71534aad..e6bc96752ed0 100644
--- a/pdns/Makefile.am
+++ b/pdns/Makefile.am
@@ -226,6 +226,7 @@ endif
 
 if OPENSSL
 pdns_server_SOURCES += opensslsigners.cc opensslsigners.hh
+pdns_server_LDFLAGS += $(OPENSSL_LDFLAGS)
 pdns_server_LDADD += $(OPENSSL_LIBS)
 endif
 
@@ -326,6 +327,7 @@ endif
 
 if OPENSSL
 pdnsutil_SOURCES += opensslsigners.cc
+pdnsutil_LDFLAGS += $(OPENSSL_LDFLAGS)
 pdnsutil_LDADD += $(OPENSSL_LIBS)
 endif
 

From 793f83f47811aa58c2b6ee3733044bb959c93fb2 Mon Sep 17 00:00:00 2001
From: Kees Monshouwer <mind04@monshouwer.org>
Date: Wed, 30 Dec 2015 20:41:39 +0100
Subject: [PATCH 2/2] improve openssl m4 file and some cleanup

---
 m4/ax_check_openssl.m4 | 17 ++++++++---------
 pdns/Makefile.am       |  2 +-
 pdns/opensslsigners.hh | 11 +++++++----
 pdns/version.cc        |  3 +++
 4 files changed, 19 insertions(+), 14 deletions(-)

diff --git a/m4/ax_check_openssl.m4 b/m4/ax_check_openssl.m4
index c52fe43fdc04..7dd4cc1a02b6 100644
--- a/m4/ax_check_openssl.m4
+++ b/m4/ax_check_openssl.m4
@@ -32,7 +32,7 @@
 #   and this notice are preserved. This file is offered as-is, without any
 #   warranty.
 
-#serial 8
+#serial 8 (PowerDNS modified)
 
 AU_ALIAS([CHECK_SSL], [AX_CHECK_OPENSSL])
 AC_DEFUN([AX_CHECK_OPENSSL], [
@@ -53,10 +53,10 @@ AC_DEFUN([AX_CHECK_OPENSSL], [
             # then use that information and don't search ssldirs
             AC_PATH_PROG([PKG_CONFIG], [pkg-config])
             if test x"$PKG_CONFIG" != x""; then
-                OPENSSL_LDFLAGS=`$PKG_CONFIG openssl --libs-only-L 2>/dev/null`
+                OPENSSL_LDFLAGS=`$PKG_CONFIG libcryptol --libs-only-L 2>/dev/null`
                 if test $? = 0; then
-                    OPENSSL_LIBS=`$PKG_CONFIG openssl --libs-only-l 2>/dev/null`
-                    OPENSSL_INCLUDES=`$PKG_CONFIG openssl --cflags-only-I 2>/dev/null`
+                    OPENSSL_LIBS=`$PKG_CONFIG libcrypto --libs-only-l 2>/dev/null`
+                    OPENSSL_INCLUDES=`$PKG_CONFIG libcrypto --cflags-only-I 2>/dev/null`
                     found=true
                 fi
             fi
@@ -75,11 +75,11 @@ AC_DEFUN([AX_CHECK_OPENSSL], [
     if ! $found; then
         OPENSSL_INCLUDES=
         for ssldir in $ssldirs; do
-            AC_MSG_CHECKING([for openssl/ssl.h in $ssldir])
-            if test -f "$ssldir/include/openssl/ssl.h"; then
+            AC_MSG_CHECKING([for openssl/crypto.h in $ssldir])
+            if test -f "$ssldir/include/openssl/crypto.h"; then
                 OPENSSL_INCLUDES="-I$ssldir/include"
                 OPENSSL_LDFLAGS="-L$ssldir/lib"
-                OPENSSL_LIBS="-lssl -lcrypto"
+                OPENSSL_LIBS="-lcrypto"
                 found=true
                 AC_MSG_RESULT([yes])
                 break
@@ -106,7 +106,7 @@ AC_DEFUN([AX_CHECK_OPENSSL], [
     LIBS="$OPENSSL_LIBS $LIBS"
     CPPFLAGS="$OPENSSL_INCLUDES $CPPFLAGS"
     AC_LINK_IFELSE(
-        [AC_LANG_PROGRAM([#include <openssl/ssl.h>], [SSL_new(NULL)])],
+        [AC_LANG_PROGRAM([#include <openssl/crypto.h>], [CRYPTO_free(NULL)])],
         [
             AC_MSG_RESULT([yes])
             $1
@@ -122,4 +122,3 @@ AC_DEFUN([AX_CHECK_OPENSSL], [
     AC_SUBST([OPENSSL_LIBS])
     AC_SUBST([OPENSSL_LDFLAGS])
 ])
-
diff --git a/pdns/Makefile.am b/pdns/Makefile.am
index e6bc96752ed0..c7f3e406a853 100644
--- a/pdns/Makefile.am
+++ b/pdns/Makefile.am
@@ -326,7 +326,7 @@ pdnsutil_LDADD += $(LIBSODIUM_LIBS)
 endif
 
 if OPENSSL
-pdnsutil_SOURCES += opensslsigners.cc
+pdnsutil_SOURCES += opensslsigners.cc opensslsigners.hh
 pdnsutil_LDFLAGS += $(OPENSSL_LDFLAGS)
 pdnsutil_LDADD += $(OPENSSL_LIBS)
 endif
diff --git a/pdns/opensslsigners.hh b/pdns/opensslsigners.hh
index 241de4af7509..92ce2c074d84 100644
--- a/pdns/opensslsigners.hh
+++ b/pdns/opensslsigners.hh
@@ -5,7 +5,7 @@
 
 #include "dns_random.hh"
 
-/* pthread OpemSSL locking */
+/* pthread locking */
 
 static pthread_mutex_t *locks;
 
@@ -43,16 +43,19 @@ void openssl_thread_cleanup()
   OPENSSL_free(locks);
 }
 
+
+/* seeding PRNG */
+
 void openssl_seed()
-{ 
+{
   std::string entropy;
   entropy.reserve(1024);
-  
+
   unsigned int r;
   for(int i=0; i<1024; i+=4) {
     r=dns_random(0xffffffff);
     entropy.append((const char*)&r, 4);
   }
-  
+
   RAND_seed((const unsigned char*)entropy.c_str(), 1024);
 }
diff --git a/pdns/version.cc b/pdns/version.cc
index 2c503d98945a..63aec3fffa47 100644
--- a/pdns/version.cc
+++ b/pdns/version.cc
@@ -99,6 +99,9 @@ void showBuildConfiguration()
 #ifdef HAVE_LIBSODIUM
     "sodium " <<
 #endif
+#ifdef HAVE_OPENSSL
+    "openssl " <<
+#endif
 #ifdef HAVE_LIBDL
     "libdl " <<
 #endif