--- a/dist-files.mk	Wed Apr 23 20:13:10 2014 -0400
+++ b/dist-files.mk	Wed Apr 23 20:13:56 2014 -0400
@@ -453,8 +453,7 @@
   openexr-1-disable-zlib_winapi.patch \
   openexr.mk \
   openscenegraph.mk \
-  openssl-1-winsock2.patch \
-  openssl-2-pod.patch \
+  openssl-1-fixes.patch \
   openssl.mk \
   pango.mk \
   pangomm.mk \

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/openssl-1-fixes.patch	Wed Apr 23 20:13:56 2014 -0400
@@ -0,0 +1,633 @@
+This file is part of MXE.
+See index.html for further information.
+
+From bcc4a04e2289162279398e83567807fb1c63d2aa Mon Sep 17 00:00:00 2001
+From: Mark Brand <mabrand@mabrand.nl>
+Date: Wed, 8 Jan 2014 02:19:10 +0100
+Subject: [PATCH 1/2] winsock2
+
+-This patch has been taken from:
+-http://rt.openssl.org/Ticket/Display.html?id=2285&user=guest&pass=guest
+
+diff --git a/e_os.h b/e_os.h
+index 6a0aad1..4928713 100644
+--- a/e_os.h
++++ b/e_os.h
+@@ -499,7 +499,7 @@ static unsigned int _strlen31(const char *str)
+ #      endif
+ #      if !defined(IPPROTO_IP)
+          /* winsock[2].h was included already? */
+-#        include <winsock.h>
++#        include <winsock2.h>
+ #      endif
+ #      ifdef getservbyname
+ #        undef getservbyname
+diff --git a/ssl/dtls1.h b/ssl/dtls1.h
+index e65d501..7762089 100644
+--- a/ssl/dtls1.h
++++ b/ssl/dtls1.h
+@@ -68,7 +68,7 @@
+ #endif
+ #ifdef OPENSSL_SYS_WIN32
+ /* Needed for struct timeval */
+-#include <winsock.h>
++#include <winsock2.h>
+ #elif defined(OPENSSL_SYS_NETWARE) && !defined(_WINSOCK2API_)
+ #include <sys/timeval.h>
+ #else
+diff --git a/ssl/ssltest.c b/ssl/ssltest.c
+index 4f80be8..af5f1be 100644
+--- a/ssl/ssltest.c
++++ b/ssl/ssltest.c
+@@ -193,7 +193,7 @@
+ 				  */
+ 
+ #ifdef OPENSSL_SYS_WINDOWS
+-#include <winsock.h>
++#include <winsock2.h>
+ #else
+ #include OPENSSL_UNISTD
+ #endif
+-- 
+1.8.4.5
+
+
+From 9c0520aa6090f3734b34ccbfc55c3dabe0a61dc7 Mon Sep 17 00:00:00 2001
+From: Tom Molesworth <tom@entitymodel.com>
+Date: Wed, 8 Jan 2014 02:20:21 +0100
+Subject: [PATCH 2/2] Patch OpenSSL POD docs for perl-5.16+
+
+Stricter validation in recent Perl versions means the install
+stage fails without these applied.
+
+Should be harmless for earlier versions of perl.
+
+diff --git a/doc/apps/cms.pod b/doc/apps/cms.pod
+index a09588a..104b01f 100644
+--- a/doc/apps/cms.pod
++++ b/doc/apps/cms.pod
+@@ -450,28 +450,28 @@ remains DER.
+ 
+ =over 4
+ 
+-=item 0
++=item * 0
+ 
+ the operation was completely successfully.
+ 
+-=item 1 
++=item * 1
+ 
+ an error occurred parsing the command options.
+ 
+-=item 2
++=item * 2
+ 
+ one of the input files could not be read.
+ 
+-=item 3
++=item * 3
+ 
+ an error occurred creating the CMS file or when reading the MIME
+ message.
+ 
+-=item 4
++=item * 4
+ 
+ an error occurred decrypting or verifying the message.
+ 
+-=item 5
++=item * 5
+ 
+ the message was verified correctly but an error occurred writing out
+ the signers certificates.
+diff --git a/doc/apps/smime.pod b/doc/apps/smime.pod
+index e4e89af..0267358 100644
+--- a/doc/apps/smime.pod
++++ b/doc/apps/smime.pod
+@@ -308,28 +308,28 @@ remains DER.
+ 
+ =over 4
+ 
+-=item 0
++=item * 0
+ 
+ the operation was completely successfully.
+ 
+-=item 1 
++=item * 1
+ 
+ an error occurred parsing the command options.
+ 
+-=item 2
++=item * 2
+ 
+ one of the input files could not be read.
+ 
+-=item 3
++=item * 3
+ 
+ an error occurred creating the PKCS#7 file or when reading the MIME
+ message.
+ 
+-=item 4
++=item * 4
+ 
+ an error occurred decrypting or verifying the message.
+ 
+-=item 5
++=item * 5
+ 
+ the message was verified correctly but an error occurred writing out
+ the signers certificates.
+diff --git a/doc/crypto/rand.pod b/doc/crypto/rand.pod
+index 1c068c8..8477fda 100644
+--- a/doc/crypto/rand.pod
++++ b/doc/crypto/rand.pod
+@@ -74,16 +74,16 @@ First up I will state the things I believe I need for a good RNG.
+ 
+ =over 4
+ 
+-=item 1
++=item * 1
+ 
+ A good hashing algorithm to mix things up and to convert the RNG 'state'
+ to random numbers.
+ 
+-=item 2
++=item * 2
+ 
+ An initial source of random 'state'.
+ 
+-=item 3
++=item * 3
+ 
+ The state should be very large.  If the RNG is being used to generate
+ 4096 bit RSA keys, 2 2048 bit random strings are required (at a minimum).
+@@ -93,13 +93,13 @@ carried away on this last point but it does indicate that it may not be
+ a bad idea to keep quite a lot of RNG state.  It should be easier to
+ break a cipher than guess the RNG seed data.
+ 
+-=item 4
++=item * 4
+ 
+ Any RNG seed data should influence all subsequent random numbers
+ generated.  This implies that any random seed data entered will have
+ an influence on all subsequent random numbers generated.
+ 
+-=item 5
++=item * 5
+ 
+ When using data to seed the RNG state, the data used should not be
+ extractable from the RNG state.  I believe this should be a
+@@ -108,12 +108,12 @@ data would be a private key or a password.  This data must
+ not be disclosed by either subsequent random numbers or a
+ 'core' dump left by a program crash.
+ 
+-=item 6
++=item * 6
+ 
+ Given the same initial 'state', 2 systems should deviate in their RNG state
+ (and hence the random numbers generated) over time if at all possible.
+ 
+-=item 7
++=item * 7
+ 
+ Given the random number output stream, it should not be possible to determine
+ the RNG state or the next random number.
+diff --git a/doc/ssl/SSL_COMP_add_compression_method.pod b/doc/ssl/SSL_COMP_add_compression_method.pod
+index 42fa66b..d531299 100644
+--- a/doc/ssl/SSL_COMP_add_compression_method.pod
++++ b/doc/ssl/SSL_COMP_add_compression_method.pod
+@@ -53,11 +53,11 @@ SSL_COMP_add_compression_method() may return the following values:
+ 
+ =over 4
+ 
+-=item 0
++=item * 0
+ 
+ The operation succeeded.
+ 
+-=item 1
++=item * 1
+ 
+ The operation failed. Check the error queue to find out the reason.
+ 
+diff --git a/doc/ssl/SSL_CTX_add_session.pod b/doc/ssl/SSL_CTX_add_session.pod
+index 82676b2..88ee952 100644
+--- a/doc/ssl/SSL_CTX_add_session.pod
++++ b/doc/ssl/SSL_CTX_add_session.pod
+@@ -52,13 +52,13 @@ The following values are returned by all functions:
+ 
+ =over 4
+ 
+-=item 0
++=item * 0
+ 
+  The operation failed. In case of the add operation, it was tried to add
+  the same (identical) session twice. In case of the remove operation, the
+  session was not found in the cache.
+ 
+-=item 1
++=item * 1
+  
+  The operation succeeded.
+ 
+diff --git a/doc/ssl/SSL_CTX_load_verify_locations.pod b/doc/ssl/SSL_CTX_load_verify_locations.pod
+index 84a799f..66031d4 100644
+--- a/doc/ssl/SSL_CTX_load_verify_locations.pod
++++ b/doc/ssl/SSL_CTX_load_verify_locations.pod
+@@ -100,13 +100,13 @@ The following return values can occur:
+ 
+ =over 4
+ 
+-=item 0
++=item * 0
+ 
+ The operation failed because B<CAfile> and B<CApath> are NULL or the
+ processing at one of the locations specified failed. Check the error
+ stack to find out the reason.
+ 
+-=item 1
++=item * 1
+ 
+ The operation succeeded.
+ 
+diff --git a/doc/ssl/SSL_CTX_set_client_CA_list.pod b/doc/ssl/SSL_CTX_set_client_CA_list.pod
+index 5e66133..2874fb8 100644
+--- a/doc/ssl/SSL_CTX_set_client_CA_list.pod
++++ b/doc/ssl/SSL_CTX_set_client_CA_list.pod
+@@ -66,13 +66,13 @@ values:
+ 
+ =over 4
+ 
+-=item 0
++=item * 0
+ 
+ A failure while manipulating the STACK_OF(X509_NAME) object occurred or
+ the X509_NAME could not be extracted from B<cacert>. Check the error stack
+ to find out the reason.
+ 
+-=item 1
++=item * 1
+ 
+ The operation succeeded.
+ 
+diff --git a/doc/ssl/SSL_CTX_set_session_id_context.pod b/doc/ssl/SSL_CTX_set_session_id_context.pod
+index 58fc685..a2a8932 100644
+--- a/doc/ssl/SSL_CTX_set_session_id_context.pod
++++ b/doc/ssl/SSL_CTX_set_session_id_context.pod
+@@ -64,13 +64,13 @@ return the following values:
+ 
+ =over 4
+ 
+-=item 0
++=item * 0
+ 
+ The length B<sid_ctx_len> of the session id context B<sid_ctx> exceeded
+ the maximum allowed length of B<SSL_MAX_SSL_SESSION_ID_LENGTH>. The error
+ is logged to the error stack.
+ 
+-=item 1
++=item * 1
+ 
+ The operation succeeded.
+ 
+diff --git a/doc/ssl/SSL_CTX_set_ssl_version.pod b/doc/ssl/SSL_CTX_set_ssl_version.pod
+index 254f2b4..4714cfd 100644
+--- a/doc/ssl/SSL_CTX_set_ssl_version.pod
++++ b/doc/ssl/SSL_CTX_set_ssl_version.pod
+@@ -42,11 +42,11 @@ and SSL_set_ssl_method():
+ 
+ =over 4
+ 
+-=item 0
++=item * 0
+ 
+ The new choice failed, check the error stack to find out the reason.
+ 
+-=item 1
++=item * 1
+ 
+ The operation succeeded.
+ 
+diff --git a/doc/ssl/SSL_CTX_use_psk_identity_hint.pod b/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
+index 7e60df5..77e2139 100644
+--- a/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
++++ b/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
+@@ -83,7 +83,7 @@ Return values from the server callback are interpreted as follows:
+ 
+ =over 4
+ 
+-=item > 0
++=item * > 0
+ 
+ PSK identity was found and the server callback has provided the PSK
+ successfully in parameter B<psk>. Return value is the length of
+@@ -96,7 +96,7 @@ data to B<psk> and return the length of the random data, so the
+ connection will fail with decryption_error before it will be finished
+ completely.
+ 
+-=item 0
++=item * 0
+ 
+ PSK identity was not found. An "unknown_psk_identity" alert message
+ will be sent and the connection setup fails.
+diff --git a/doc/ssl/SSL_accept.pod b/doc/ssl/SSL_accept.pod
+index b1c34d1..b8a2c17 100644
+--- a/doc/ssl/SSL_accept.pod
++++ b/doc/ssl/SSL_accept.pod
+@@ -44,18 +44,18 @@ The following return values can occur:
+ 
+ =over 4
+ 
+-=item 0
++=item * 0
+ 
+ The TLS/SSL handshake was not successful but was shut down controlled and
+ by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
+ return value B<ret> to find out the reason.
+ 
+-=item 1
++=item * 1
+ 
+ The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
+ established.
+ 
+-=item E<lt>0
++=item * E<lt>0
+ 
+ The TLS/SSL handshake was not successful because a fatal error occurred either
+ at the protocol level or a connection failure occurred. The shutdown was
+diff --git a/doc/ssl/SSL_clear.pod b/doc/ssl/SSL_clear.pod
+index d4df1bf..d2830ad 100644
+--- a/doc/ssl/SSL_clear.pod
++++ b/doc/ssl/SSL_clear.pod
+@@ -56,12 +56,12 @@ The following return values can occur:
+ 
+ =over 4
+ 
+-=item 0
++=item * 0
+ 
+ The SSL_clear() operation could not be performed. Check the error stack to
+ find out the reason.
+ 
+-=item 1
++=item * 1
+ 
+ The SSL_clear() operation was successful.
+ 
+diff --git a/doc/ssl/SSL_connect.pod b/doc/ssl/SSL_connect.pod
+index 946ca89..792821e 100644
+--- a/doc/ssl/SSL_connect.pod
++++ b/doc/ssl/SSL_connect.pod
+@@ -41,18 +41,18 @@ The following return values can occur:
+ 
+ =over 4
+ 
+-=item 0
++=item * 0
+ 
+ The TLS/SSL handshake was not successful but was shut down controlled and
+ by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
+ return value B<ret> to find out the reason.
+ 
+-=item 1
++=item * 1
+ 
+ The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
+ established.
+ 
+-=item E<lt>0
++=item * E<lt>0
+ 
+ The TLS/SSL handshake was not successful, because a fatal error occurred either
+ at the protocol level or a connection failure occurred. The shutdown was
+diff --git a/doc/ssl/SSL_do_handshake.pod b/doc/ssl/SSL_do_handshake.pod
+index 7f8cf24..c46d18d 100644
+--- a/doc/ssl/SSL_do_handshake.pod
++++ b/doc/ssl/SSL_do_handshake.pod
+@@ -45,18 +45,18 @@ The following return values can occur:
+ 
+ =over 4
+ 
+-=item 0
++=item * 0
+ 
+ The TLS/SSL handshake was not successful but was shut down controlled and
+ by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
+ return value B<ret> to find out the reason.
+ 
+-=item 1
++=item * 1
+ 
+ The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
+ established.
+ 
+-=item E<lt>0
++=item * E<lt>0
+ 
+ The TLS/SSL handshake was not successful because a fatal error occurred either
+ at the protocol level or a connection failure occurred. The shutdown was
+diff --git a/doc/ssl/SSL_get_ex_data_X509_STORE_CTX_idx.pod b/doc/ssl/SSL_get_ex_data_X509_STORE_CTX_idx.pod
+index 165c6a5..073e99c 100644
+--- a/doc/ssl/SSL_get_ex_data_X509_STORE_CTX_idx.pod
++++ b/doc/ssl/SSL_get_ex_data_X509_STORE_CTX_idx.pod
+@@ -36,11 +36,11 @@ before the SSL index is created.
+ 
+ =over 4
+ 
+-=item E<gt>=0
++=item * E<gt>=0
+ 
+ The index value to access the pointer.
+ 
+-=item E<lt>0
++=item * E<lt>0
+ 
+ An error occurred, check the error stack for a detailed error message.
+ 
+diff --git a/doc/ssl/SSL_get_fd.pod b/doc/ssl/SSL_get_fd.pod
+index 89260b5..1207658 100644
+--- a/doc/ssl/SSL_get_fd.pod
++++ b/doc/ssl/SSL_get_fd.pod
+@@ -26,12 +26,12 @@ The following return values can occur:
+ 
+ =over 4
+ 
+-=item -1
++=item * -1
+ 
+ The operation failed, because the underlying BIO is not of the correct type
+ (suitable for file descriptors).
+ 
+-=item E<gt>=0
++=item * E<gt>=0
+ 
+ The file descriptor linked to B<ssl>.
+ 
+diff --git a/doc/ssl/SSL_read.pod b/doc/ssl/SSL_read.pod
+index 7038cd2..2f5a638 100644
+--- a/doc/ssl/SSL_read.pod
++++ b/doc/ssl/SSL_read.pod
+@@ -81,12 +81,12 @@ The following return values can occur:
+ 
+ =over 4
+ 
+-=item E<gt>0
++=item * E<gt>0
+ 
+ The read operation was successful; the return value is the number of
+ bytes actually read from the TLS/SSL connection.
+ 
+-=item 0
++=item * 0
+ 
+ The read operation was not successful. The reason may either be a clean
+ shutdown due to a "close notify" alert sent by the peer (in which case
+@@ -103,7 +103,7 @@ only be detected, whether the underlying connection was closed. It cannot
+ be checked, whether the closure was initiated by the peer or by something
+ else.
+ 
+-=item E<lt>0
++=item * E<lt>0
+ 
+ The read operation was not successful, because either an error occurred
+ or action must be taken by the calling process. Call SSL_get_error() with the
+diff --git a/doc/ssl/SSL_session_reused.pod b/doc/ssl/SSL_session_reused.pod
+index da7d062..e124630 100644
+--- a/doc/ssl/SSL_session_reused.pod
++++ b/doc/ssl/SSL_session_reused.pod
+@@ -27,11 +27,11 @@ The following return values can occur:
+ 
+ =over 4
+ 
+-=item 0
++=item * 0
+ 
+ A new session was negotiated.
+ 
+-=item 1
++=item * 1
+ 
+ A session was reused.
+ 
+diff --git a/doc/ssl/SSL_set_fd.pod b/doc/ssl/SSL_set_fd.pod
+index 7029112..0baafed 100644
+--- a/doc/ssl/SSL_set_fd.pod
++++ b/doc/ssl/SSL_set_fd.pod
+@@ -35,11 +35,11 @@ The following return values can occur:
+ 
+ =over 4
+ 
+-=item 0
++=item * 0
+ 
+ The operation failed. Check the error stack to find out why.
+ 
+-=item 1
++=item * 1
+ 
+ The operation succeeded.
+ 
+diff --git a/doc/ssl/SSL_set_session.pod b/doc/ssl/SSL_set_session.pod
+index 5f54714..3b2d850 100644
+--- a/doc/ssl/SSL_set_session.pod
++++ b/doc/ssl/SSL_set_session.pod
+@@ -37,11 +37,11 @@ The following return values can occur:
+ 
+ =over 4
+ 
+-=item 0
++=item * 0
+ 
+ The operation failed; check the error stack to find out the reason.
+ 
+-=item 1
++=item * 1
+ 
+ The operation succeeded.
+ 
+diff --git a/doc/ssl/SSL_set_shutdown.pod b/doc/ssl/SSL_set_shutdown.pod
+index fe01308..879a33a 100644
+--- a/doc/ssl/SSL_set_shutdown.pod
++++ b/doc/ssl/SSL_set_shutdown.pod
+@@ -24,16 +24,16 @@ The shutdown state of an ssl connection is a bitmask of:
+ 
+ =over 4
+ 
+-=item Z<>0
++=item * Z<>0
+ 
+ No shutdown setting, yet.
+ 
+-=item SSL_SENT_SHUTDOWN
++=item * SSL_SENT_SHUTDOWN
+ 
+ A "close notify" shutdown alert was sent to the peer, the connection is being
+ considered closed and the session is closed and correct.
+ 
+-=item SSL_RECEIVED_SHUTDOWN
++=item * SSL_RECEIVED_SHUTDOWN
+ 
+ A shutdown alert was received form the peer, either a normal "close notify"
+ or a fatal error.
+diff --git a/doc/ssl/SSL_shutdown.pod b/doc/ssl/SSL_shutdown.pod
+index 42a89b7..2853e65 100644
+--- a/doc/ssl/SSL_shutdown.pod
++++ b/doc/ssl/SSL_shutdown.pod
+@@ -92,19 +92,19 @@ The following return values can occur:
+ 
+ =over 4
+ 
+-=item 0
++=item * 0
+ 
+ The shutdown is not yet finished. Call SSL_shutdown() for a second time,
+ if a bidirectional shutdown shall be performed.
+ The output of L<SSL_get_error(3)|SSL_get_error(3)> may be misleading, as an
+ erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred.
+ 
+-=item 1
++=item * 1
+ 
+ The shutdown was successfully completed. The "close notify" alert was sent
+ and the peer's "close notify" alert was received.
+ 
+-=item -1
++=item * -1
+ 
+ The shutdown was not successful because a fatal error occurred either
+ at the protocol level or a connection failure occurred. It can also occur if
+diff --git a/doc/ssl/SSL_write.pod b/doc/ssl/SSL_write.pod
+index e013c12..a10e46f 100644
+--- a/doc/ssl/SSL_write.pod
++++ b/doc/ssl/SSL_write.pod
+@@ -74,12 +74,12 @@ The following return values can occur:
+ 
+ =over 4
+ 
+-=item E<gt>0
++=item * E<gt>0
+ 
+ The write operation was successful, the return value is the number of
+ bytes actually written to the TLS/SSL connection.
+ 
+-=item 0
++=item * 0
+ 
+ The write operation was not successful. Probably the underlying connection
+ was closed. Call SSL_get_error() with the return value B<ret> to find out,
+@@ -90,7 +90,7 @@ SSLv2 (deprecated) does not support a shutdown alert protocol, so it can
+ only be detected, whether the underlying connection was closed. It cannot
+ be checked, why the closure happened.
+ 
+-=item E<lt>0
++=item * E<lt>0
+ 
+ The write operation was not successful, because either an error occurred
+ or action must be taken by the calling process. Call SSL_get_error() with the
+-- 
+1.8.4.5
+

--- a/src/openssl-1-winsock2.patch	Wed Apr 23 20:13:10 2014 -0400
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,42 +0,0 @@
-This file is part of MXE.
-See index.html for further information.
-
-This patch has been taken from:
-http://rt.openssl.org/Ticket/Display.html?id=2285&user=guest&pass=guest
-
-diff -urN a/e_os.h b/e_os.h
---- a/e_os.h	2010-05-31 15:18:08.000000000 +0200
-+++ b/e_os.h	2010-06-04 17:43:44.370181869 +0200
-@@ -492,7 +492,7 @@
- #      endif
- #      if !defined(IPPROTO_IP)
-          /* winsock[2].h was included already? */
--#        include <winsock.h>
-+#        include <winsock2.h>
- #      endif
- #      ifdef getservbyname
- #        undef getservbyname
-diff -urN a/ssl/dtls1.h b/ssl/dtls1.h
---- a/ssl/dtls1.h	2010-04-14 02:17:29.000000000 +0200
-+++ b/ssl/dtls1.h	2010-06-04 17:44:27.318182412 +0200
-@@ -68,7 +68,7 @@
- #endif
- #ifdef OPENSSL_SYS_WIN32
- /* Needed for struct timeval */
--#include <winsock.h>
-+#include <winsock2.h>
- #elif defined(OPENSSL_SYS_NETWARE) && !defined(_WINSOCK2API_)
- #include <sys/timeval.h>
- #else
-diff -urN a/ssl/ssltest.c b/ssl/ssltest.c
---- a/ssl/ssltest.c	2010-01-24 17:57:38.000000000 +0100
-+++ b/ssl/ssltest.c	2010-06-04 17:44:26.134181765 +0200
-@@ -193,7 +193,7 @@
- 				  */
- 
- #ifdef OPENSSL_SYS_WINDOWS
--#include <winsock.h>
-+#include <winsock2.h>
- #else
- #include OPENSSL_UNISTD
- #endif

--- a/src/openssl-2-pod.patch	Wed Apr 23 20:13:10 2014 -0400
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,580 +0,0 @@
-This file is part of MXE.
-See index.html for further information.
-
-diff -uNPr a/doc/apps/cms.pod b/doc/apps/cms.pod
---- a/doc/apps/cms.pod	2013-02-11 15:26:04.000000000 +0000
-+++ b/doc/apps/cms.pod	2013-06-01 22:08:31.005787054 +0100
-@@ -450,28 +450,28 @@
- 
- =over 4
- 
--=item 0
-+=item * 0
- 
- the operation was completely successfully.
- 
--=item 1 
-+=item * 1 
- 
- an error occurred parsing the command options.
- 
--=item 2
-+=item * 2
- 
- one of the input files could not be read.
- 
--=item 3
-+=item * 3
- 
- an error occurred creating the CMS file or when reading the MIME
- message.
- 
--=item 4
-+=item * 4
- 
- an error occurred decrypting or verifying the message.
- 
--=item 5
-+=item * 5
- 
- the message was verified correctly but an error occurred writing out
- the signers certificates.
-diff -uNPr a/doc/apps/smime.pod b/doc/apps/smime.pod
---- a/doc/apps/smime.pod	2013-02-11 15:26:04.000000000 +0000
-+++ b/doc/apps/smime.pod	2013-06-01 22:09:26.732719037 +0100
-@@ -308,28 +308,28 @@
- 
- =over 4
- 
--=item 0
-+=item * 0
- 
- the operation was completely successfully.
- 
--=item 1 
-+=item * 1 
- 
- an error occurred parsing the command options.
- 
--=item 2
-+=item * 2
- 
- one of the input files could not be read.
- 
--=item 3
-+=item * 3
- 
- an error occurred creating the PKCS#7 file or when reading the MIME
- message.
- 
--=item 4
-+=item * 4
- 
- an error occurred decrypting or verifying the message.
- 
--=item 5
-+=item * 5
- 
- the message was verified correctly but an error occurred writing out
- the signers certificates.
-diff -uNPr a/doc/crypto/rand.pod b/doc/crypto/rand.pod
---- a/doc/crypto/rand.pod	2013-02-11 15:02:48.000000000 +0000
-+++ b/doc/crypto/rand.pod	2013-06-01 22:15:07.474188667 +0100
-@@ -74,17 +74,14 @@
- 
- =over 4
- 
--=item 1
--
-+=item * 1
- A good hashing algorithm to mix things up and to convert the RNG 'state'
- to random numbers.
- 
--=item 2
--
-+=item * 2
- An initial source of random 'state'.
- 
--=item 3
--
-+=item * 3
- The state should be very large.  If the RNG is being used to generate
- 4096 bit RSA keys, 2 2048 bit random strings are required (at a minimum).
- If your RNG state only has 128 bits, you are obviously limiting the
-@@ -93,14 +90,12 @@
- a bad idea to keep quite a lot of RNG state.  It should be easier to
- break a cipher than guess the RNG seed data.
- 
--=item 4
--
-+=item * 4
- Any RNG seed data should influence all subsequent random numbers
- generated.  This implies that any random seed data entered will have
- an influence on all subsequent random numbers generated.
- 
--=item 5
--
-+=item * 5
- When using data to seed the RNG state, the data used should not be
- extractable from the RNG state.  I believe this should be a
- requirement because one possible source of 'secret' semi random
-@@ -108,13 +103,11 @@
- not be disclosed by either subsequent random numbers or a
- 'core' dump left by a program crash.
- 
--=item 6
--
-+=item * 6
- Given the same initial 'state', 2 systems should deviate in their RNG state
- (and hence the random numbers generated) over time if at all possible.
- 
--=item 7
--
-+=item * 7
- Given the random number output stream, it should not be possible to determine
- the RNG state or the next random number.
- 
-diff -uNPr a/doc/crypto/X509_STORE_CTX_get_error.pod b/doc/crypto/X509_STORE_CTX_get_error.pod
---- a/doc/crypto/X509_STORE_CTX_get_error.pod	2013-02-11 15:26:04.000000000 +0000
-+++ b/doc/crypto/X509_STORE_CTX_get_error.pod	2013-06-01 22:11:00.014931266 +0100
-@@ -278,6 +278,8 @@
- an application specific error. This will never be returned unless explicitly
- set by an application.
- 
-+=back
-+
- =head1 NOTES
- 
- The above functions should be used instead of directly referencing the fields
-diff -uNPr a/doc/ssl/SSL_accept.pod b/doc/ssl/SSL_accept.pod
---- a/doc/ssl/SSL_accept.pod	2013-02-11 15:02:48.000000000 +0000
-+++ b/doc/ssl/SSL_accept.pod	2013-06-01 22:21:46.302545052 +0100
-@@ -44,18 +44,16 @@
- 
- =over 4
- 
--=item 1
--
-+=item * 1
- The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
- established.
- 
--=item 0
--
-+=item * 0
- The TLS/SSL handshake was not successful but was shut down controlled and
- by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
- return value B<ret> to find out the reason.
- 
--=item E<lt>0
-+=item * E<lt>0
- 
- The TLS/SSL handshake was not successful because a fatal error occurred either
- at the protocol level or a connection failure occurred. The shutdown was
-diff -uNPr a/doc/ssl/SSL_clear.pod b/doc/ssl/SSL_clear.pod
---- a/doc/ssl/SSL_clear.pod	2013-02-11 15:02:48.000000000 +0000
-+++ b/doc/ssl/SSL_clear.pod	2013-06-01 22:15:07.474188667 +0100
-@@ -56,13 +56,11 @@
- 
- =over 4
- 
--=item 0
--
-+=item * 0
- The SSL_clear() operation could not be performed. Check the error stack to
- find out the reason.
- 
--=item 1
--
-+=item * 1
- The SSL_clear() operation was successful.
- 
- =back
-diff -uNPr a/doc/ssl/SSL_COMP_add_compression_method.pod b/doc/ssl/SSL_COMP_add_compression_method.pod
---- a/doc/ssl/SSL_COMP_add_compression_method.pod	2013-02-11 15:02:48.000000000 +0000
-+++ b/doc/ssl/SSL_COMP_add_compression_method.pod	2013-06-01 22:12:10.753575547 +0100
-@@ -53,11 +53,11 @@
- 
- =over 4
- 
--=item 0
-+=item * 0
- 
- The operation succeeded.
- 
--=item 1
-+=item * 1
- 
- The operation failed. Check the error queue to find out the reason.
- 
-diff -uNPr a/doc/ssl/SSL_connect.pod b/doc/ssl/SSL_connect.pod
---- a/doc/ssl/SSL_connect.pod	2013-02-11 15:02:48.000000000 +0000
-+++ b/doc/ssl/SSL_connect.pod	2013-06-01 22:22:44.109437174 +0100
-@@ -41,18 +41,16 @@
- 
- =over 4
- 
--=item 1
--
-+=item * 1
- The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
- established.
- 
--=item 0
--
-+=item * 0
- The TLS/SSL handshake was not successful but was shut down controlled and
- by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
- return value B<ret> to find out the reason.
- 
--=item E<lt>0
-+=item * E<lt>0
- 
- The TLS/SSL handshake was not successful, because a fatal error occurred either
- at the protocol level or a connection failure occurred. The shutdown was
-diff -uNPr a/doc/ssl/SSL_CTX_add_session.pod b/doc/ssl/SSL_CTX_add_session.pod
---- a/doc/ssl/SSL_CTX_add_session.pod	2013-02-11 15:02:48.000000000 +0000
-+++ b/doc/ssl/SSL_CTX_add_session.pod	2013-06-01 22:13:06.396509142 +0100
-@@ -52,15 +52,15 @@
- 
- =over 4
- 
--=item 0
-+=item * 0
- 
-- The operation failed. In case of the add operation, it was tried to add
-- the same (identical) session twice. In case of the remove operation, the
-- session was not found in the cache.
-+The operation failed. In case of the add operation, it was tried to add
-+the same (identical) session twice. In case of the remove operation, the
-+session was not found in the cache.
- 
--=item 1
-+=item * 1
-  
-- The operation succeeded.
-+The operation succeeded.
- 
- =back
- 
-diff -uNPr a/doc/ssl/SSL_CTX_load_verify_locations.pod b/doc/ssl/SSL_CTX_load_verify_locations.pod
---- a/doc/ssl/SSL_CTX_load_verify_locations.pod	2013-02-11 15:02:48.000000000 +0000
-+++ b/doc/ssl/SSL_CTX_load_verify_locations.pod	2013-06-01 22:13:55.759563092 +0100
-@@ -100,13 +100,13 @@
- 
- =over 4
- 
--=item 0
-+=item * 0
- 
- The operation failed because B<CAfile> and B<CApath> are NULL or the
- processing at one of the locations specified failed. Check the error
- stack to find out the reason.
- 
--=item 1
-+=item * 1
- 
- The operation succeeded.
- 
-diff -uNPr a/doc/ssl/SSL_CTX_set_client_CA_list.pod b/doc/ssl/SSL_CTX_set_client_CA_list.pod
---- a/doc/ssl/SSL_CTX_set_client_CA_list.pod	2013-02-11 15:02:48.000000000 +0000
-+++ b/doc/ssl/SSL_CTX_set_client_CA_list.pod	2013-06-01 22:15:07.470188744 +0100
-@@ -66,12 +66,10 @@
- 
- =over 4
- 
--=item 1
--
-+=item * 1
- The operation succeeded.
- 
--=item 0
--
-+=item * 0
- A failure while manipulating the STACK_OF(X509_NAME) object occurred or
- the X509_NAME could not be extracted from B<cacert>. Check the error stack
- to find out the reason.
-diff -uNPr a/doc/ssl/SSL_CTX_set_session_id_context.pod b/doc/ssl/SSL_CTX_set_session_id_context.pod
---- a/doc/ssl/SSL_CTX_set_session_id_context.pod	2013-02-11 15:02:48.000000000 +0000
-+++ b/doc/ssl/SSL_CTX_set_session_id_context.pod	2013-06-01 22:15:07.470188744 +0100
-@@ -64,14 +64,12 @@
- 
- =over 4
- 
--=item 0
--
-+=item * 0
- The length B<sid_ctx_len> of the session id context B<sid_ctx> exceeded
- the maximum allowed length of B<SSL_MAX_SSL_SESSION_ID_LENGTH>. The error
- is logged to the error stack.
- 
--=item 1
--
-+=item * 1
- The operation succeeded.
- 
- =back
-diff -uNPr a/doc/ssl/SSL_CTX_set_ssl_version.pod b/doc/ssl/SSL_CTX_set_ssl_version.pod
---- a/doc/ssl/SSL_CTX_set_ssl_version.pod	2013-02-11 15:26:04.000000000 +0000
-+++ b/doc/ssl/SSL_CTX_set_ssl_version.pod	2013-06-01 22:15:07.470188744 +0100
-@@ -42,12 +42,10 @@
- 
- =over 4
- 
--=item 0
--
-+=item * 0
- The new choice failed, check the error stack to find out the reason.
- 
--=item 1
--
-+=item * 1
- The operation succeeded.
- 
- =back
-diff -uNPr a/doc/ssl/SSL_CTX_use_psk_identity_hint.pod b/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
---- a/doc/ssl/SSL_CTX_use_psk_identity_hint.pod	2013-02-11 15:26:04.000000000 +0000
-+++ b/doc/ssl/SSL_CTX_use_psk_identity_hint.pod	2013-06-01 22:16:32.156565713 +0100
-@@ -81,7 +81,9 @@
- 
- Return values from the server callback are interpreted as follows:
- 
--=item > 0
-+=over 4
-+
-+=item * > 0
- 
- PSK identity was found and the server callback has provided the PSK
- successfully in parameter B<psk>. Return value is the length of
-@@ -94,9 +96,11 @@
- connection will fail with decryption_error before it will be finished
- completely.
- 
--=item 0
-+=item * 0
- 
- PSK identity was not found. An "unknown_psk_identity" alert message
- will be sent and the connection setup fails.
- 
-+=back
-+
- =cut
-diff -uNPr a/doc/ssl/SSL_do_handshake.pod b/doc/ssl/SSL_do_handshake.pod
---- a/doc/ssl/SSL_do_handshake.pod	2013-02-11 15:02:48.000000000 +0000
-+++ b/doc/ssl/SSL_do_handshake.pod	2013-06-01 22:23:52.496126530 +0100
-@@ -45,18 +45,16 @@
- 
- =over 4
- 
--=item 1
--
-+=item * 1
- The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
- established.
- 
--=item 0
--
-+=item * 0
- The TLS/SSL handshake was not successful but was shut down controlled and
- by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
- return value B<ret> to find out the reason.
- 
--=item E<lt>0
-+=item * E<lt>0
- 
- The TLS/SSL handshake was not successful because a fatal error occurred either
- at the protocol level or a connection failure occurred. The shutdown was
-diff -uNPr a/doc/ssl/SSL_get_ex_data_X509_STORE_CTX_idx.pod b/doc/ssl/SSL_get_ex_data_X509_STORE_CTX_idx.pod
---- a/doc/ssl/SSL_get_ex_data_X509_STORE_CTX_idx.pod	2013-02-11 15:02:48.000000000 +0000
-+++ b/doc/ssl/SSL_get_ex_data_X509_STORE_CTX_idx.pod	2013-06-01 22:23:52.496126530 +0100
-@@ -36,11 +36,11 @@
- 
- =over 4
- 
--=item E<gt>=0
-+=item * E<gt>=0
- 
- The index value to access the pointer.
- 
--=item E<lt>0
-+=item * E<lt>0
- 
- An error occurred, check the error stack for a detailed error message.
- 
-diff -uNPr a/doc/ssl/SSL_get_fd.pod b/doc/ssl/SSL_get_fd.pod
---- a/doc/ssl/SSL_get_fd.pod	2013-02-11 15:02:48.000000000 +0000
-+++ b/doc/ssl/SSL_get_fd.pod	2013-06-01 22:26:15.961376995 +0100
-@@ -26,12 +26,12 @@
- 
- =over 4
- 
--=item -1
-+=item * -1
- 
- The operation failed, because the underlying BIO is not of the correct type
- (suitable for file descriptors).
- 
--=item E<gt>=0
-+=item * E<gt>=0
- 
- The file descriptor linked to B<ssl>.
- 
-diff -uNPr a/doc/ssl/SSL_read.pod b/doc/ssl/SSL_read.pod
---- a/doc/ssl/SSL_read.pod	2013-02-11 15:02:48.000000000 +0000
-+++ b/doc/ssl/SSL_read.pod	2013-06-01 22:23:52.496126530 +0100
-@@ -81,13 +81,12 @@
- 
- =over 4
- 
--=item E<gt>0
-+=item * E<gt>0
- 
- The read operation was successful; the return value is the number of
- bytes actually read from the TLS/SSL connection.
- 
--=item 0
--
-+=item * 0
- The read operation was not successful. The reason may either be a clean
- shutdown due to a "close notify" alert sent by the peer (in which case
- the SSL_RECEIVED_SHUTDOWN flag in the ssl shutdown state is set
-@@ -103,7 +102,7 @@
- be checked, whether the closure was initiated by the peer or by something
- else.
- 
--=item E<lt>0
-+=item * E<lt>0
- 
- The read operation was not successful, because either an error occurred
- or action must be taken by the calling process. Call SSL_get_error() with the
-diff -uNPr a/doc/ssl/SSL_session_reused.pod b/doc/ssl/SSL_session_reused.pod
---- a/doc/ssl/SSL_session_reused.pod	2013-02-11 15:02:48.000000000 +0000
-+++ b/doc/ssl/SSL_session_reused.pod	2013-06-01 22:15:07.474188667 +0100
-@@ -27,12 +27,10 @@
- 
- =over 4
- 
--=item 0
--
-+=item * 0
- A new session was negotiated.
- 
--=item 1
--
-+=item * 1
- A session was reused.
- 
- =back
-diff -uNPr a/doc/ssl/SSL_set_fd.pod b/doc/ssl/SSL_set_fd.pod
---- a/doc/ssl/SSL_set_fd.pod	2013-02-11 15:02:48.000000000 +0000
-+++ b/doc/ssl/SSL_set_fd.pod	2013-06-01 22:15:07.470188744 +0100
-@@ -35,12 +35,10 @@
- 
- =over 4
- 
--=item 0
--
-+=item * 0
- The operation failed. Check the error stack to find out why.
- 
--=item 1
--
-+=item * 1
- The operation succeeded.
- 
- =back
-diff -uNPr a/doc/ssl/SSL_set_session.pod b/doc/ssl/SSL_set_session.pod
---- a/doc/ssl/SSL_set_session.pod	2013-02-11 15:02:48.000000000 +0000
-+++ b/doc/ssl/SSL_set_session.pod	2013-06-01 22:15:07.470188744 +0100
-@@ -37,12 +37,10 @@
- 
- =over 4
- 
--=item 0
--
-+=item * 0
- The operation failed; check the error stack to find out the reason.
- 
--=item 1
--
-+=item * 1
- The operation succeeded.
- 
- =back
-diff -uNPr a/doc/ssl/SSL_set_shutdown.pod b/doc/ssl/SSL_set_shutdown.pod
---- a/doc/ssl/SSL_set_shutdown.pod	2013-02-11 15:02:48.000000000 +0000
-+++ b/doc/ssl/SSL_set_shutdown.pod	2013-06-01 22:29:14.361957917 +0100
-@@ -24,16 +24,16 @@
- 
- =over 4
- 
--=item 0
-+=item * 0
- 
- No shutdown setting, yet.
- 
--=item SSL_SENT_SHUTDOWN
-+=item * SSL_SENT_SHUTDOWN
- 
- A "close notify" shutdown alert was sent to the peer, the connection is being
- considered closed and the session is closed and correct.
- 
--=item SSL_RECEIVED_SHUTDOWN
-+=item * SSL_RECEIVED_SHUTDOWN
- 
- A shutdown alert was received form the peer, either a normal "close notify"
- or a fatal error.
-diff -uNPr a/doc/ssl/SSL_shutdown.pod b/doc/ssl/SSL_shutdown.pod
---- a/doc/ssl/SSL_shutdown.pod	2013-02-11 15:02:48.000000000 +0000
-+++ b/doc/ssl/SSL_shutdown.pod	2013-06-02 01:49:05.023205397 +0100
-@@ -92,19 +92,17 @@
- 
- =over 4
- 
--=item 1
--
-+=item * 1
- The shutdown was successfully completed. The "close notify" alert was sent
- and the peer's "close notify" alert was received.
- 
--=item 0
--
-+=item * 0
- The shutdown is not yet finished. Call SSL_shutdown() for a second time,
- if a bidirectional shutdown shall be performed.
- The output of L<SSL_get_error(3)|SSL_get_error(3)> may be misleading, as an
- erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred.
- 
--=item -1
-+=item * -1
- 
- The shutdown was not successful because a fatal error occurred either
- at the protocol level or a connection failure occurred. It can also occur if
-diff -uNPr a/doc/ssl/SSL_write.pod b/doc/ssl/SSL_write.pod
---- a/doc/ssl/SSL_write.pod	2013-02-11 15:02:48.000000000 +0000
-+++ b/doc/ssl/SSL_write.pod	2013-06-01 22:23:52.496126530 +0100
-@@ -74,13 +74,12 @@
- 
- =over 4
- 
--=item E<gt>0
-+=item * E<gt>0
- 
- The write operation was successful, the return value is the number of
- bytes actually written to the TLS/SSL connection.
- 
--=item 0
--
-+=item * 0
- The write operation was not successful. Probably the underlying connection
- was closed. Call SSL_get_error() with the return value B<ret> to find out,
- whether an error occurred or the connection was shut down cleanly
-@@ -90,7 +89,7 @@
- only be detected, whether the underlying connection was closed. It cannot
- be checked, why the closure happened.
- 
--=item E<lt>0
-+=item * E<lt>0
- 
- The write operation was not successful, because either an error occurred
- or action must be taken by the calling process. Call SSL_get_error() with the

--- a/src/openssl.mk	Wed Apr 23 20:13:10 2014 -0400
+++ b/src/openssl.mk	Wed Apr 23 20:13:56 2014 -0400
@@ -3,8 +3,8 @@
 
 PKG             := openssl
 $(PKG)_IGNORE   :=
-$(PKG)_VERSION  := 1.0.1e
-$(PKG)_CHECKSUM := 3f1b1223c9e8189bfe4e186d86449775bd903460
+$(PKG)_VERSION  := 1.0.1g
+$(PKG)_CHECKSUM := b28b3bcb1dc3ee7b55024c9f795be60eb3183e3c
 $(PKG)_SUBDIR   := openssl-$($(PKG)_VERSION)
 $(PKG)_FILE     := openssl-$($(PKG)_VERSION).tar.gz
 $(PKG)_URL      := http://www.openssl.org/source/$($(PKG)_FILE)