diff --git a/openssl/android-arm64-v8a/PKGBUILD b/openssl/android-arm64-v8a/PKGBUILD
new file mode 100644
index 00000000..7b8be16e
--- /dev/null
+++ b/openssl/android-arm64-v8a/PKGBUILD
@@ -0,0 +1,69 @@
+# $Id$
+# Maintainer: Martchus <martchus@gmx.net>
+
+# export Android configuration
+export ANDROID_MINIMUM_PLATFORM=21 # https://developer.android.com/about/dashboards/
+export ANDROID_NDK_ROOT=${ANDROID_NDK_ROOT:-/opt/android-ndk}
+export ANDROID_SDK_ROOT=${ANDROID_SDK_ROOT:-/opt/android-sdk}
+export ANDROID_EABI=aarch64-linux-android-4.9
+export ANDROID_ARCH=arch-arm64
+
+_android_arch=arm64-v8a
+_pkgname=openssl
+_ver=1.1.0h
+_pref=/opt/android-$_pkgname/$_android_arch
+
+pkgname=android-$_pkgname-$_android_arch
+# use a pacman compatible version scheme
+pkgver=${_ver/[a-z]/.${_ver//[0-9.]/}}
+pkgrel=1
+pkgdesc="The Open Source toolkit for Secure Sockets Layer and Transport Layer Security (Android, $_android_arch)"
+arch=('any')
+url='https://www.openssl.org'
+license=('custom:BSD')
+options=('!strip' '!buildflags' 'staticlibs' '!emptydirs')
+depends=('perl' 'android-sdk' 'android-ndk')
+source=("https://www.openssl.org/source/${_pkgname}-${_ver}.tar.gz"
+        "https://www.openssl.org/source/${_pkgname}-${_ver}.tar.gz.asc"
+        'setenv-android.sh')
+sha256sums=('5835626cde9e99656585fc7aaa2302a73a7e1340bf8c14fd635a62c66802a517'
+            'SKIP'
+            '55e45fa922a5f114ea0d16e7dddc9cc36288ecc843697942171bb371c89c835e')
+validpgpkeys=('8657ABB260F056B1E5190839D9C4D26D0E604491')
+
+build() {
+	cd "$srcdir/$_pkgname-$_ver"
+	source "$srcdir/setenv-android.sh"
+
+	./Configure \
+		--prefix="$_pref" \
+		--openssldir="$_pref" \
+		-isystem"$ANDROID_NDK_ROOT/sysroot/usr/include" \
+		-isystem"$ANDROID_NDK_ROOT/sysroot/usr/include/${ANDROID_EABI%-*}" \
+		shared \
+		android
+	
+	# ensure the libraries are not versioned (setting CALC_VERSIONS doesn't work for some reason)
+        sed -i -e 's/\.\$(SHLIB_MAJOR)\.\$(SHLIB_MINOR)//g' Makefile
+
+	# build only libraries
+	make CALC_VERSIONS="SHLIB_COMPAT=; SHLIB_SOVER=" build_libs	
+}
+
+package() {
+	cd "$srcdir/$_pkgname-$_ver"
+	source "$srcdir/setenv-android.sh"
+
+	# install header files, libraries and license
+	for lib in libcrypto.{a,so} libssl.{a,so}; do
+		install -D -m0644 $lib "$pkgdir/$_pref/lib/$lib"
+	done
+	mkdir -p "$pkgdir/$_pref/include"
+	cp -r include/openssl "$pkgdir/$_pref/include"
+	install -D -m644 LICENSE $pkgdir/usr/share/licenses/$pkgname/LICENSE
+
+	# strip binaries
+        local strip_path=$ANDROID_TOOLCHAIN/${CROSS_COMPILE}strip
+	find "$pkgdir" -name 'lib*.so' -type f -exec "$strip_path" --strip-unneeded {} \;
+	find "$pkgdir" -name 'lib*.a' -type f -exec "$strip_path" -g {} \;
+}
diff --git a/openssl/android-arm64-v8a/setenv-android.sh b/openssl/android-arm64-v8a/setenv-android.sh
new file mode 100644
index 00000000..fc108153
--- /dev/null
+++ b/openssl/android-arm64-v8a/setenv-android.sh
@@ -0,0 +1,243 @@
+#!/bin/bash
+# Cross-compile environment for Android on ARMv7 and x86
+#
+# Contents licensed under the terms of the OpenSSL license
+# http://www.openssl.org/source/license.html
+#
+# See http://wiki.openssl.org/index.php/FIPS_Library_and_Android
+#   and http://wiki.openssl.org/index.php/Android
+
+#####################################################################
+
+# Set ANDROID_NDK_ROOT to you NDK location. For example,
+# /opt/android-ndk-r8e or /opt/android-ndk-r9. This can be done in a
+# login script. If ANDROID_NDK_ROOT is not specified, the script will
+# try to pick it up with the value of _ANDROID_NDK_ROOT below. If
+# ANDROID_NDK_ROOT is set, then the value is ignored.
+# _ANDROID_NDK="android-ndk-r8e"
+_ANDROID_NDK="android-ndk-r9"
+# _ANDROID_NDK="android-ndk-r10"
+
+# Set _ANDROID_EABI to the EABI you want to use. You can find the
+# list in $ANDROID_NDK_ROOT/toolchains. This value is always used.
+# _ANDROID_EABI="x86-4.6"
+# _ANDROID_EABI="arm-linux-androideabi-4.6"
+_ANDROID_EABI="${ANDROID_EABI:-arm-linux-androideabi-4.8}"
+
+# Set _ANDROID_ARCH to the architecture you are building for.
+# This value is always used.
+# _ANDROID_ARCH=arch-x86
+_ANDROID_ARCH=${ANDROID_ARCH:-arch-arm}
+
+# Set _ANDROID_API to the API you want to use. You should set it
+# to one of: android-14, android-9, android-8, android-14, android-5
+# android-4, or android-3. You can't set it to the latest (for
+# example, API-17) because the NDK does not supply the platform. At
+# Android 5.0, there will likely be another platform added (android-22?).
+# This value is always used.
+_ANDROID_API="android-${ANDROID_MINIMUM_PLATFORM:-21}"
+
+#####################################################################
+
+# If the user did not specify the NDK location, try and pick it up.
+# We expect something like ANDROID_NDK_ROOT=/opt/android-ndk-r8e
+# or ANDROID_NDK_ROOT=/usr/local/android-ndk-r8e.
+
+if [ -z "$ANDROID_NDK_ROOT" ]; then
+
+  _ANDROID_NDK_ROOT=""
+  if [ -z "$_ANDROID_NDK_ROOT" ] && [ -d "/usr/local/$_ANDROID_NDK" ]; then
+    _ANDROID_NDK_ROOT="/usr/local/$_ANDROID_NDK"
+  fi
+
+  if [ -z "$_ANDROID_NDK_ROOT" ] && [ -d "/opt/$_ANDROID_NDK" ]; then
+    _ANDROID_NDK_ROOT="/opt/$_ANDROID_NDK"
+  fi
+
+  if [ -z "$_ANDROID_NDK_ROOT" ] && [ -d "$HOME/$_ANDROID_NDK" ]; then
+    _ANDROID_NDK_ROOT="$HOME/$_ANDROID_NDK"
+  fi
+
+  if [ -z "$_ANDROID_NDK_ROOT" ] && [ -d "$PWD/$_ANDROID_NDK" ]; then
+    _ANDROID_NDK_ROOT="$PWD/$_ANDROID_NDK"
+  fi
+
+  # If a path was set, then export it
+  if [ ! -z "$_ANDROID_NDK_ROOT" ] && [ -d "$_ANDROID_NDK_ROOT" ]; then
+    export ANDROID_NDK_ROOT="$_ANDROID_NDK_ROOT"
+  fi
+fi
+
+# Error checking
+# ANDROID_NDK_ROOT should always be set by the user (even when not running this script)
+# http://groups.google.com/group/android-ndk/browse_thread/thread/a998e139aca71d77
+if [ -z "$ANDROID_NDK_ROOT" ] || [ ! -d "$ANDROID_NDK_ROOT" ]; then
+  echo "Error: ANDROID_NDK_ROOT is not a valid path. Please edit this script."
+  # echo "$ANDROID_NDK_ROOT"
+  # exit 1
+fi
+
+# Error checking
+if [ ! -d "$ANDROID_NDK_ROOT/toolchains" ]; then
+  echo "Error: ANDROID_NDK_ROOT/toolchains is not a valid path. Please edit this script."
+  # echo "$ANDROID_NDK_ROOT/toolchains"
+  # exit 1
+fi
+
+# Error checking
+if [ ! -d "$ANDROID_NDK_ROOT/toolchains/$_ANDROID_EABI" ]; then
+  echo "Error: ANDROID_EABI is not a valid path. Please edit this script."
+  # echo "$ANDROID_NDK_ROOT/toolchains/$_ANDROID_EABI"
+  # exit 1
+fi
+
+#####################################################################
+
+# Based on ANDROID_NDK_ROOT, try and pick up the required toolchain. We expect something like:
+# /opt/android-ndk-r83/toolchains/arm-linux-androideabi-4.7/prebuilt/linux-x86_64/bin
+# Once we locate the toolchain, we add it to the PATH. Note: this is the 'hard way' of
+# doing things according to the NDK documentation for Ice Cream Sandwich.
+# https://android.googlesource.com/platform/ndk/+/ics-mr0/docs/STANDALONE-TOOLCHAIN.html
+
+ANDROID_TOOLCHAIN=""
+for host in "linux-x86_64" "linux-x86" "darwin-x86_64" "darwin-x86"
+do
+  if [ -d "$ANDROID_NDK_ROOT/toolchains/$_ANDROID_EABI/prebuilt/$host/bin" ]; then
+    ANDROID_TOOLCHAIN="$ANDROID_NDK_ROOT/toolchains/$_ANDROID_EABI/prebuilt/$host/bin"
+    break
+  fi
+done
+
+# Error checking
+if [ -z "$ANDROID_TOOLCHAIN" ] || [ ! -d "$ANDROID_TOOLCHAIN" ]; then
+  echo "Error: ANDROID_TOOLCHAIN is not valid. Please edit this script."
+  # echo "$ANDROID_TOOLCHAIN"
+  # exit 1
+fi
+
+case $_ANDROID_ARCH in
+	arch-arm)	  
+      ANDROID_TOOLS="arm-linux-androideabi-gcc arm-linux-androideabi-ranlib arm-linux-androideabi-ld"
+	  ;;
+	arch-arm64)
+      ANDROID_TOOLS="aarch64-linux-android-gcc aarch64-linux-android-ranlib aarch64-linux-android-ld"
+	  ;;
+	arch-x86)	  
+      ANDROID_TOOLS="i686-linux-android-gcc i686-linux-android-ranlib i686-linux-android-ld"
+	  ;;	  
+	*)
+	  echo "ERROR ERROR ERROR"
+	  ;;
+esac
+
+for tool in $ANDROID_TOOLS
+do
+  # Error checking
+  if [ ! -e "$ANDROID_TOOLCHAIN/$tool" ]; then
+    echo "Error: Failed to find $tool. Please edit this script."
+    # echo "$ANDROID_TOOLCHAIN/$tool"
+    # exit 1
+  fi
+done
+
+# Only modify/export PATH if ANDROID_TOOLCHAIN good
+if [ ! -z "$ANDROID_TOOLCHAIN" ]; then
+  export ANDROID_TOOLCHAIN="$ANDROID_TOOLCHAIN"
+  export PATH="$ANDROID_TOOLCHAIN":"$PATH"
+fi
+
+#####################################################################
+
+# For the Android SYSROOT. Can be used on the command line with --sysroot
+# https://android.googlesource.com/platform/ndk/+/ics-mr0/docs/STANDALONE-TOOLCHAIN.html
+export ANDROID_SYSROOT="$ANDROID_NDK_ROOT/platforms/$_ANDROID_API/$_ANDROID_ARCH"
+#export ANDROID_SYSROOT="$ANDROID_NDK_ROOT/sysroot"
+export CROSS_SYSROOT="$ANDROID_SYSROOT"
+export NDK_SYSROOT="$ANDROID_SYSROOT"
+
+# Error checking
+if [ -z "$ANDROID_SYSROOT" ] || [ ! -d "$ANDROID_SYSROOT" ]; then
+  echo "Error: ANDROID_SYSROOT is not valid. Please edit this script."
+  # echo "$ANDROID_SYSROOT"
+  # exit 1
+fi
+
+#####################################################################
+
+# If the user did not specify the FIPS_SIG location, try and pick it up
+# If the user specified a bad location, then try and pick it up too.
+if [ -z "$FIPS_SIG" ] || [ ! -e "$FIPS_SIG" ]; then
+
+  # Try and locate it
+  _FIPS_SIG=""
+  if [ -d "/usr/local/ssl/$_ANDROID_API" ]; then
+    _FIPS_SIG=`find "/usr/local/ssl/$_ANDROID_API" -name incore`
+  fi
+
+  if [ ! -e "$_FIPS_SIG" ]; then
+    _FIPS_SIG=`find $PWD -name incore`
+  fi
+
+  # If a path was set, then export it
+  if [ ! -z "$_FIPS_SIG" ] && [ -e "$_FIPS_SIG" ]; then
+    export FIPS_SIG="$_FIPS_SIG"
+  fi
+fi
+
+# Error checking. Its OK to ignore this if you are *not* building for FIPS
+if [ -z "$FIPS_SIG" ] || [ ! -e "$FIPS_SIG" ]; then
+  echo "Error: FIPS_SIG does not specify incore module. Please edit this script."
+  # echo "$FIPS_SIG"
+  # exit 1
+fi
+
+#####################################################################
+
+# Most of these should be OK (MACHINE, SYSTEM, ARCH). RELEASE is ignored.
+export MACHINE=armv7
+export RELEASE=2.6.37
+export SYSTEM=android
+export ARCH=arm
+export CROSS_COMPILE="arm-linux-androideabi-"
+
+if [ "$_ANDROID_ARCH" == "arch-x86" ]; then
+	export MACHINE=i686
+	export RELEASE=2.6.37
+	export SYSTEM=android
+	export ARCH=x86
+	export CROSS_COMPILE="i686-linux-android-"
+fi
+
+if [ "$_ANDROID_ARCH" == "arch-arm64" ]; then
+        export MACHINE=armv8
+        export RELEASE=2.6.37
+        export SYSTEM=android64
+        export ARCH=arm
+        export CROSS_COMPILE="aarch64-linux-android-"
+fi
+
+# For the Android toolchain
+# https://android.googlesource.com/platform/ndk/+/ics-mr0/docs/STANDALONE-TOOLCHAIN.html
+export ANDROID_SYSROOT="$ANDROID_NDK_ROOT/platforms/$_ANDROID_API/$_ANDROID_ARCH"
+export SYSROOT="$ANDROID_SYSROOT"
+export NDK_SYSROOT="$ANDROID_SYSROOT"
+export ANDROID_NDK_SYSROOT="$ANDROID_SYSROOT"
+export ANDROID_API="$_ANDROID_API"
+
+# CROSS_COMPILE and ANDROID_DEV are DFW (Don't Fiddle With). Its used by OpenSSL build system.
+# export CROSS_COMPILE="arm-linux-androideabi-"
+export ANDROID_DEV="$ANDROID_NDK_ROOT/platforms/$_ANDROID_API/$_ANDROID_ARCH/usr"
+export HOSTCC=gcc
+
+VERBOSE=1
+if [ ! -z "$VERBOSE" ] && [ "$VERBOSE" != "0" ]; then
+  echo "ANDROID_NDK_ROOT: $ANDROID_NDK_ROOT"
+  echo "ANDROID_ARCH: $_ANDROID_ARCH"
+  echo "ANDROID_EABI: $_ANDROID_EABI"
+  echo "ANDROID_API: $ANDROID_API"
+  echo "ANDROID_SYSROOT: $ANDROID_SYSROOT"
+  echo "ANDROID_TOOLCHAIN: $ANDROID_TOOLCHAIN"
+  echo "FIPS_SIG: $FIPS_SIG"
+  echo "CROSS_COMPILE: $CROSS_COMPILE"
+  echo "ANDROID_DEV: $ANDROID_DEV"
+fi
diff --git a/openssl/default/PKGBUILD b/openssl/default/PKGBUILD
new file mode 100644
index 00000000..2bb9512e
--- /dev/null
+++ b/openssl/default/PKGBUILD
@@ -0,0 +1,66 @@
+# $Id$
+# Maintainer: Pierre Schmitz <pierre@archlinux.de>
+
+pkgname=openssl
+_ver=1.1.0h
+# use a pacman compatible version scheme
+pkgver=${_ver/[a-z]/.${_ver//[0-9.]/}}
+#pkgver=$_ver
+pkgrel=1
+pkgdesc='The Open Source toolkit for Secure Sockets Layer and Transport Layer Security'
+arch=('x86_64')
+url='https://www.openssl.org'
+license=('custom:BSD')
+depends=('perl')
+optdepends=('ca-certificates')
+backup=('etc/ssl/openssl.cnf')
+source=("https://www.openssl.org/source/${pkgname}-${_ver}.tar.gz"
+        "https://www.openssl.org/source/${pkgname}-${_ver}.tar.gz.asc"
+        'ca-dir.patch')
+sha256sums=('5835626cde9e99656585fc7aaa2302a73a7e1340bf8c14fd635a62c66802a517'
+            'SKIP'
+            '90c7411fed0157116f2df8f4be755aaf5a26e8484351b4e6a79492805d5f2790')
+validpgpkeys=('8657ABB260F056B1E5190839D9C4D26D0E604491')
+
+prepare() {
+	cd "$srcdir/$pkgname-$_ver"
+
+	# set ca dir to /etc/ssl by default
+	patch -p0 -i "$srcdir/ca-dir.patch"
+}
+
+build() {
+	cd "$srcdir/$pkgname-$_ver"
+
+	if [ "${CARCH}" == 'x86_64' ]; then
+		openssltarget='linux-x86_64'
+		optflags='enable-ec_nistp_64_gcc_128'
+	elif [ "${CARCH}" == 'i686' ]; then
+		openssltarget='linux-elf'
+		optflags=''
+	fi
+
+	# mark stack as non-executable: http://bugs.archlinux.org/task/12434
+	./Configure --prefix=/usr --openssldir=/etc/ssl --libdir=lib \
+		shared no-ssl3-method ${optflags} \
+		"${openssltarget}" \
+		"-Wa,--noexecstack ${CPPFLAGS} ${CFLAGS} ${LDFLAGS}"
+
+	make depend
+	make
+}
+
+check() {
+	cd "$srcdir/$pkgname-$_ver"
+	# the test fails due to missing write permissions in /etc/ssl
+	# revert this patch for make test
+	patch -p0 -R -i "$srcdir/ca-dir.patch"
+	make test
+	patch -p0 -i "$srcdir/ca-dir.patch"
+}
+
+package() {
+	cd "$srcdir/$pkgname-$_ver"
+	make DESTDIR=$pkgdir MANDIR=/usr/share/man MANSUFFIX=ssl install_sw install_ssldirs install_man_docs
+	install -D -m644 LICENSE $pkgdir/usr/share/licenses/$pkgname/LICENSE
+}
diff --git a/openssl/default/ca-dir.patch b/openssl/default/ca-dir.patch
new file mode 100644
index 00000000..767b61df
--- /dev/null
+++ b/openssl/default/ca-dir.patch
@@ -0,0 +1,127 @@
+<!DOCTYPE html>
+<html lang='en'>
+<head>
+<title>ca-dir.patch\trunk - svntogit/packages.git - Git clone of the 'packages' repository
+</title>
+<meta name='generator' content='cgit v0.12'/>
+<meta name='robots' content='index, nofollow'/>
+<link rel='stylesheet' type='text/css' href='/cgit.css'/>
+<link rel='shortcut icon' href='/favicon.ico'/>
+<link rel='alternate' title='Atom feed' href='https://git.archlinux.org/svntogit/packages.git/atom/trunk/ca-dir.patch?h=packages/openssl' type='application/atom+xml'/>
+<link rel='vcs-git' href='https://git.archlinux.org/svntogit/packages.git' title='svntogit/packages.git Git repository'/>
+<link rel='vcs-git' href='git://git.archlinux.org/svntogit/packages.git' title='svntogit/packages.git Git repository'/>
+<link rel='vcs-git' href='ssh://git.archlinux.org/srv/git/svntogit/packages.git' title='svntogit/packages.git Git repository'/>
+</head>
+<body>
+	<div id="archnavbar"><!-- Arch Linux global navigation bar -->
+		<div id="archnavbarlogo">
+			<p><a href="http://www.archlinux.org/" title="Arch news, packages, projects and more"></a></p>
+		</div>
+		<div id="archnavbarmenu">
+			<ul id="archnavbarlist">
+				<li id="anb-home"><a href="http://www.archlinux.org/" title="Arch news, packages, projects and more">Home</a></li>
+				<li id="anb-packages"><a href="http://www.archlinux.org/packages/" title="Arch Package Database">Packages</a></li>
+				<li id="anb-forums"><a href="https://bbs.archlinux.org/" title="Community forums">Forums</a></li>
+				<li id="anb-wiki"><a href="https://wiki.archlinux.org/" title="Community documentation">Wiki</a></li>
+				<li id="anb-bugs"><a href="https://bugs.archlinux.org/" title="Report and follow bugs">Bugs</a></li>
+				<li id="anb-sec"><a href="https://security.archlinux.org/" title="Security Tracker">Security</a></li>
+				<li id="anb-aur"><a href="https://aur.archlinux.org/" title="Arch Linux User Repository">AUR</a></li>
+				<li id="anb-download"><a href="http://www.archlinux.org/download/" title="Get Arch Linux">Download</a></li>
+			</ul>
+		</div>
+	</div><!-- #archnavbar -->
+<div id='cgit'><table id='header'>
+<tr>
+<td class='main'><a href='/'>index</a> : <a title='svntogit/packages.git' href='/svntogit/packages.git/'>svntogit/packages.git</a></td></tr>
+<tr><td class='sub'>Git clone of the 'packages' repository
+</td><td class='sub right'></td></tr></table>
+<table class='tabs'><tr><td>
+<a href='/svntogit/packages.git/?h=packages/openssl'>summary</a><a href='/svntogit/packages.git/refs/?h=packages/openssl'>refs</a><a href='/svntogit/packages.git/log/trunk/ca-dir.patch?h=packages/openssl'>log</a><a class='active' href='/svntogit/packages.git/tree/trunk/ca-dir.patch?h=packages/openssl'>tree</a><a href='/svntogit/packages.git/commit/trunk/ca-dir.patch?h=packages/openssl'>commit</a><a href='/svntogit/packages.git/diff/trunk/ca-dir.patch?h=packages/openssl'>diff</a><a href='/svntogit/packages.git/stats/trunk/ca-dir.patch?h=packages/openssl'>stats</a></td><td class='form'><form class='right' method='get' action='/svntogit/packages.git/log/trunk/ca-dir.patch'>
+<input type='hidden' name='h' value='packages/openssl'/><select name='qt'>
+<option value='grep'>log msg</option>
+<option value='author'>author</option>
+<option value='committer'>committer</option>
+<option value='range'>range</option>
+</select>
+<input class='txt' type='text' size='10' name='q' value=''/>
+<input type='submit' value='search'/>
+</form>
+</td></tr></table>
+<div class='path'>path: <a href='/svntogit/packages.git/tree/?h=packages/openssl'>root</a>/<a href='/svntogit/packages.git/tree/trunk?h=packages/openssl'>trunk</a>/<a href='/svntogit/packages.git/tree/trunk/ca-dir.patch?h=packages/openssl'>ca-dir.patch</a></div><div class='content'>blob: 1daba849b4ca1f222158a8a70dcd8edb98ed57a2 (<a href='/svntogit/packages.git/plain/trunk/ca-dir.patch?h=packages/openssl'>plain</a>)
+<table summary='blob content' class='blob'>
+<tr><td class='linenumbers'><pre><a id='n1' href='#n1'>1</a>
+<a id='n2' href='#n2'>2</a>
+<a id='n3' href='#n3'>3</a>
+<a id='n4' href='#n4'>4</a>
+<a id='n5' href='#n5'>5</a>
+<a id='n6' href='#n6'>6</a>
+<a id='n7' href='#n7'>7</a>
+<a id='n8' href='#n8'>8</a>
+<a id='n9' href='#n9'>9</a>
+<a id='n10' href='#n10'>10</a>
+<a id='n11' href='#n11'>11</a>
+<a id='n12' href='#n12'>12</a>
+<a id='n13' href='#n13'>13</a>
+<a id='n14' href='#n14'>14</a>
+<a id='n15' href='#n15'>15</a>
+<a id='n16' href='#n16'>16</a>
+<a id='n17' href='#n17'>17</a>
+<a id='n18' href='#n18'>18</a>
+<a id='n19' href='#n19'>19</a>
+<a id='n20' href='#n20'>20</a>
+<a id='n21' href='#n21'>21</a>
+<a id='n22' href='#n22'>22</a>
+<a id='n23' href='#n23'>23</a>
+<a id='n24' href='#n24'>24</a>
+<a id='n25' href='#n25'>25</a>
+<a id='n26' href='#n26'>26</a>
+<a id='n27' href='#n27'>27</a>
+<a id='n28' href='#n28'>28</a>
+<a id='n29' href='#n29'>29</a>
+<a id='n30' href='#n30'>30</a>
+<a id='n31' href='#n31'>31</a>
+</pre></td>
+<td class='lines'><pre><code><span class="hl kwb">--- apps/CA.pl.in	2016-09-26 11:46:04.000000000 +0200</span>
+<span class="hl kwa">+++ apps/CA.pl.in	2016-11-01 16:02:16.709616823 +0100</span>
+<span class="hl kwd">&#64;&#64; -33,7 +33,7 &#64;&#64;</span>
+ my $PKCS12 = &quot;$openssl pkcs12&quot;;
+ 
+ # default openssl.cnf file has setup as per the following
+<span class="hl kwb">-my $CATOP = &quot;./demoCA&quot;;</span>
+<span class="hl kwa">+my $CATOP = &quot;/etc/ssl&quot;;</span>
+ my $CAKEY = &quot;cakey.pem&quot;;
+ my $CAREQ = &quot;careq.pem&quot;;
+ my $CACERT = &quot;cacert.pem&quot;;
+<span class="hl kwb">--- apps/openssl.cnf	2016-09-26 11:46:04.000000000 +0200</span>
+<span class="hl kwa">+++ apps/openssl.cnf	2016-11-01 16:02:48.378503427 +0100</span>
+<span class="hl kwd">&#64;&#64; -39,7 +39,7 &#64;&#64;</span>
+ ####################################################################
+ [ CA_default ]
+ 
+<span class="hl kwb">-dir		= ./demoCA		# Where everything is kept</span>
+<span class="hl kwa">+dir		= /etc/ssl		# Where everything is kept</span>
+ certs		= $dir/certs		# Where the issued certs are kept
+ crl_dir		= $dir/crl		# Where the issued crl are kept
+ database	= $dir/index.txt	# database index file.
+<span class="hl kwd">&#64;&#64; -323,7 +323,7 &#64;&#64;</span>
+ [ tsa_config1 ]
+ 
+ # These are used by the TSA reply generation only.
+<span class="hl kwb">-dir		= ./demoCA		# TSA root directory</span>
+<span class="hl kwa">+dir		= /etc/ssl		# TSA root directory</span>
+ serial		= $dir/tsaserial	# The current serial number (mandatory)
+ crypto_device	= builtin		# OpenSSL engine to use for signing
+ signer_cert	= $dir/tsacert.pem 	# The TSA signing certificate
+</code></pre></td></tr></table>
+</div> <!-- class=content -->
+<div class="foot" style="padding-left:1em;padding-right:1em;">
+<p>Copyright &copy; 2002-2017 <a href="mailto:jvinet@zeroflux.org"
+title="contact Judd Vinet">Judd Vinet</a> and <a href="mailto:aaron@archlinux.org"
+title="contact Aaron Griffin">Aaron Griffin</a>. The Arch Linux name and logo
+are recognized trademarks. Some rights reserved. The registered trademark
+Linux&reg; is used pursuant to a sublicense from LMI, the exclusive licensee
+of Linus Torvalds, owner of the mark on a world-wide basis.</p>
+</div>
+</div> <!-- id=cgit -->
+</body>
+</html>