Added the ability to select OpenSSL 1.1.1n if desired. (#4045)

* Added ability to switch to OpenSSL 1.1.1n * Fixed OpenSSL compilation challenges - the CRL stuff works now * Added instructions on using OpenSSL 1.1.1 to README * Added vcpkg args to handle openssl variants
2022-10-28 15:57:51 -07:00 · 2022-10-28 15:57:51 -07:00 · bb95a22e3f
commit bb95a22e3f
parent 214f4a364e
23 changed files with 1252 additions and 4 deletions
--- a/.vscode/cspell.json
+++ b/.vscode/cspell.json
@ -16,6 +16,7 @@
    ".github/CODEOWNERS",
    ".gitignore",
    ".vscode/cspell.json",
    "vcpkg-custom-ports",
    "ci.yml",
    "squid.conf*",
    "eng/common/**/*",
@ -54,6 +55,7 @@
    "Deserializes",
    "DFETCH",
    "DMSVC",
    "DVCPKG",
    "docfx",
    "DPAPI",
    "DRUN",
--- a/CMakeSettings.json
+++ b/CMakeSettings.json
@ -20,6 +20,64 @@
          "name": "MSVC_USE_STATIC_CRT",
          "value": "True",
          "type": "BOOL"
        },
        {
          "name": "VCPKG_MANIFEST_MODE",
          "value": "True",
          "type": "BOOL"
        }
      ]
    },
    {
      "name": "x64-DebugWithTests-OpenSSL111",
      "generator": "Ninja",
      "configurationType": "Debug",
      "inheritEnvironments": [ "msvc_x64_x64" ],
      "buildRoot": "${projectDir}\\out\\build\\${name}",
      "installRoot": "${projectDir}\\out\\install\\${name}",
      "cmakeCommandArgs": "",
      "buildCommandArgs": "-v",
      "ctestCommandArgs": "",
      "variables": [
        {
          "name": "VCPKG_TARGET_TRIPLET",
          "value": "x64-windows-static",
          "type": "STRING"
        },
        {
          "name": "MSVC_USE_STATIC_CRT",
          "value": "True",
          "type": "BOOL"
        },
        {
          "name": "VCPKG_MANIFEST_MODE",
          "value": "True",
          "type": "BOOL"
        },
        {
          "name": "VCPKG_OVERLAY_PORTS",
          "value": "${projectDir}\\vcpkg-custom-ports",
          "type": "STRING"
        },
        {
          "name": "INSTALL_GTEST",
          "value": "False",
          "type": "BOOL"
        },
        {
          "name": "BUILD_TESTING",
          "value": "True",
          "type": "BOOL"
        },
        {
          "name": "BUILD_TRANSPORT_CURL",
          "value": "True",
          "type": "BOOL"
        },
        {
          "name": "BUILD_SAMPLES",
          "value": "True",
          "type": "BOOL"
        }
      ]
    },
--- a/README.md
+++ b/README.md
@ -324,6 +324,41 @@ The following SDK library releases are available on [vcpkg](https://github.com/m
 > NOTE: In case of getting linker errors when consuming the SDK on Windows, make sure that [vcpkg triplet](https://vcpkg.readthedocs.io/en/latest/users/triplets/) being consumed matches the [CRT link flags](https://docs.microsoft.com/cpp/build/reference/md-mt-ld-use-run-time-library?view=msvc-160) being set for your app or library build. See also `MSVC_USE_STATIC_CRT` build flag.
 ## OpenSSL Version
 Several packages within the Azure SDK for C++ use the OpenSSL library. By default, the Azure SDK will use whatever the most recent version of OpenSSL is within the VCPKG repository.
 If you need to use a specific version of OpenSSL, you can use the vcpkg custom ports feature to specify the version of OpenSSL to use. 
 For example, if you want to use OpenSSL 1.1.1, you should create a folder named `vcpkg-custom-ports` next to to your vcpkg.json file.
 Navigate to your clone of the vcpkg vcpkg repo and execute "git checkout 3b3bd424827a1f7f4813216f6b32b6c61e386b2e" - this will reset your repo to the last version of OpenSSL 1.1.1
 in vcpkg. Then, copy the contents of the `ports/openssl` folder from the vcpkg repo to the `vcpkg-custom-ports` folder you created earlier:
 ```sh
 cd <your vcpkg repo>
 git checkout 3b3bd424827a1f7f4813216f6b32b6c61e386b2e
 cd ports
 cp -r openssl <the location of the vcpkg-custom-ports directory listed above>
 ```
 This will copy the port information for OpenSSL 1.1.1n to your vcpkg-custom-ports directory.
 Once that is done, you can install the custom port of OpenSSL 1.1.1n using the vcpkg tool:
 ```sh
 vcpkg install --overlay-ports=<path to the vcpkg-custom-ports above>
 ```
 If you are building using CMAKE, you can instruct CMAKE to apply the overlay ports using the following command line switches:
 ```sh
 vcpkg -DVCPKG_MANIFEST_MODE=ON -DVCPKG_OVERLAY_PORTS=<path to the vcpkg-custom-ports above> -DVCPKG_MANIFEST_DIR=<path to the directory containing the vcpkg.json file>
 ```
 In addition, if you need to consume OpenSSL from a dynamic linked library/shared object, you can set the VCPKG triplet to reflect that you want to build the library with dynamic 
 entries.Set the VCPKG_you can set the environment variable to `x64-windows-static` or `x64-windows-dynamic` depending on whether you want to use the static or dynamic version of OpenSSL. 
 Similarly you can use the x64-linux-dynamic and x64-linux-static triplet to specify consumption of libraries as a shared object or dynamic.
 ## Need help
 - For reference documentation visit the [Azure SDK for C++ documentation](https://azure.github.io/azure-sdk-for-cpp).
--- a/eng/pipelines/templates/jobs/ci.tests.yml
+++ b/eng/pipelines/templates/jobs/ci.tests.yml
@ -76,6 +76,8 @@ jobs:
      value: ""
    - name: CmakeArgs
      value: ""
    - name: VcpkgArgs
      value: ""
 # Apply to all services running public pipeline
    - name: AZURE_TEST_MODE
      value: "PLAYBACK"
@ -142,6 +144,7 @@ jobs:
          ServiceDirectory: ${{ parameters.ServiceDirectory }}
          GenerateArgs: "$(CmakeArgs)"
          BuildArgs: "$(BuildArgs)"
          VcpkgArgs: "$(VcpkgArgs)"
          Env: "$(CmakeEnvArg)"
      - ${{ parameters.PreTestSteps }}
@ -223,6 +226,7 @@ jobs:
            -OsVMImage '$(OSVmImage)'
            -CmakeEnvArg '$(CmakeEnvArg)'
            -BuildArgs '$(BuildArgs)'
            -VcpkgArgs '$(VcpkgArgs)'
            -Job '$(Agent.JobName)'
            -BuildReason '$(Build.Reason)'
            -SourceBranch '$(Build.SourceBranch)'
--- a/eng/pipelines/templates/jobs/live.tests.yml
+++ b/eng/pipelines/templates/jobs/live.tests.yml
@ -62,6 +62,7 @@ jobs:
    CMOCKA_MESSAGE_OUTPUT: "xml"
    AZURE_ENABLE_STATIC_ANALYSIS: 1
    BuildArgs: ""
    VcpkgArgs: ""
    WindowsCtestConfig: ""
    CmakeEnvArg: ""
    CmakeArgs: ""
@ -119,6 +120,7 @@ jobs:
    parameters:
      ServiceDirectory: ${{ parameters.ServiceDirectory }}
      GenerateArgs: $(CmakeArgs)
      VcpkgArgs: "$(VcpkgArgs)"
      BuildArgs: "$(BuildArgs)"
      Env: "$(CmakeEnvArg)"
--- a/eng/pipelines/templates/stages/platform-matrix.json
+++ b/eng/pipelines/templates/stages/platform-matrix.json
@ -179,6 +179,10 @@
        },
        "included_release": {
          "CMAKE_BUILD_TYPE": "Release"
        },
        "openssl_111n": {
          "CMAKE_BUILD_TYPE": "Release",
          "VcpkgArgs": " -DVCPKG_MANIFEST_MODE=ON -DVCPKG_OVERLAY_PORTS=$(Build.SourcesDirectory)/vcpkg-custom-ports -DVCPKG_MANIFEST_DIR=$(Build.SourcesDirectory)"
        }
      }
    }
--- a/eng/pipelines/templates/steps/cmake-build.yml
+++ b/eng/pipelines/templates/steps/cmake-build.yml
@ -3,6 +3,7 @@ parameters:
  GenerateArgs: ''
  Build: true
  BuildArgs: ''
  VcpkgArgs: ''
  ServiceDirectory: ''
@ -15,7 +16,7 @@ steps:
    displayName: cmake --version
  - script: |
-      ${{ parameters.Env }} cmake ${{ parameters.GenerateArgs }} ..
+      ${{ parameters.Env }} cmake ${{ parameters.VcpkgArgs }} ${{ parameters.GenerateArgs }} ..
    workingDirectory: build
    displayName: cmake generate
    env:
--- a/eng/scripts/Get-BinarySizes.ps1
+++ b/eng/scripts/Get-BinarySizes.ps1
@ -18,6 +18,9 @@ param(
    [Parameter()]
    [string] $BuildArgs,
    [Parameter()]
 	[string] $VcpkgArgs,
    [Parameter()]
    [string] $Job,
--- a/sdk/core/azure-core/CHANGELOG.md
+++ b/sdk/core/azure-core/CHANGELOG.md
@ -10,6 +10,7 @@
 ### Other Changes
 - Added the ability to consume version 1.1.1n of OpenSSL.
 - Added support for Identity token caching, and for configuring token refresh offset in `BearerTokenAuthenticationPolicy`.
 ## 1.8.0-beta.1 (2022-10-06)
--- a/sdk/core/azure-core/src/http/curl/curl.cpp
+++ b/sdk/core/azure-core/src/http/curl/curl.cpp
@ -37,24 +37,39 @@
 #include "curl_session_private.hpp"
 #if defined(AZ_PLATFORM_POSIX)
 #include <openssl/opensslv.h>
 #if OPENSSL_VERSION_NUMBER < 0x30000000L
 #define USE_OPENSSL_1
 #else
 #define USE_OPENSSL_3
 #endif // OPENSSL_VERSION_NUMBER < 0x30000000L
 #include <openssl/asn1t.h>
 #include <openssl/err.h>
 // For OpenSSL > 3.0, we can use the new API to get the certificate's OCSP URL.
 #if defined(USE_OPENSSL_3)
 #include <openssl/http.h>
 #endif
 #if defined(USE_OPENSSL_1)
 #include <openssl/ocsp.h>
 #endif // defined(USE_OPENSSL_1)
 #include <openssl/safestack.h>
 #include <openssl/ssl.h>
 #include <openssl/x509.h>
 #include <openssl/x509_vfy.h>
 #include <openssl/x509v3.h>
 #endif // AZ_PLATFORM_POSIX
 #if defined(AZ_PLATFORM_POSIX)
 #include <poll.h> // for poll()
 #include <sys/socket.h> // for socket shutdown
 #elif defined(AZ_PLATFORM_WINDOWS)
 #include <winsock2.h> // for WSAPoll();
-#endif
+#endif // AZ_PLATFORM_POSIX/AZ_PLATFORM_WINDOWS
 #include <algorithm>
 #include <chrono>
 #include <iomanip>
 #include <openssl/ssl.h>
 #include <sstream>
 #include <string>
 #include <thread>
@ -1383,6 +1398,12 @@ namespace Azure { namespace Core {
    {
      using type = BasicUniqueHandle<BIO, BIO_free_all>;
    };
 #if defined(USE_OPENSSL_1)
    template <> struct UniqueHandleHelper<OCSP_REQ_CTX>
    {
      using type = BasicUniqueHandle<OCSP_REQ_CTX, OCSP_REQ_CTX_free>;
    };
 #endif // USE_OPENSSL_1
    template <> struct UniqueHandleHelper<STACK_OF(X509_CRL)>
    {
@ -1445,8 +1466,105 @@ namespace Azure { namespace Core {
      Azure::Core::_internal::UniqueHandle<X509_CRL> LoadCrlFromUrl(std::string const& url)
      {
        Log::Write(Logger::Level::Informational, "Load CRL from Url: " + url);
-        auto crl = Azure::Core::_internal::MakeUniqueHandle(
+        Azure::Core::_internal::UniqueHandle<X509_CRL> crl;
 #if defined(USE_OPENSSL_3)
        crl = Azure::Core::_internal::MakeUniqueHandle(
            X509_CRL_load_http, url.c_str(), nullptr, nullptr, 5);
 #else
        std::string host, port, path;
        int use_ssl;
        {
          char *host_ptr, *port_ptr, *path_ptr;
          if (!OCSP_parse_url(url.c_str(), &host_ptr, &port_ptr, &path_ptr, &use_ssl))
          {
            Log::Write(Logger::Level::Error, "Failure parsing URL");
            return nullptr;
          }
          host = host_ptr;
          port = port_ptr;
          path = path_ptr;
        }
        if (use_ssl)
        {
          Log::Write(Logger::Level::Error, "CRL HTTPS not supported");
          return nullptr;
        }
        Azure::Core::_internal::UniqueHandle<BIO> bio{
            Azure::Core::_internal::MakeUniqueHandle(BIO_new_connect, host.c_str())};
        if (!bio)
        {
          Log::Write(
              Logger::Level::Error,
              "BIO_new_connect failed" + _detail::GetOpenSSLError("Load CRL"));
          return nullptr;
        }
        if (!BIO_set_conn_port(bio.get(), const_cast<char*>(port.c_str())))
        {
          Log::Write(
              Logger::Level::Error,
              "BIO_set_conn_port failed" + _detail::GetOpenSSLError("Load CRL"));
          return nullptr;
        }
        auto requestContext
            = Azure::Core::_internal::MakeUniqueHandle(OCSP_REQ_CTX_new, bio.get(), 1024 * 1024);
        if (!requestContext)
        {
          Log::Write(
              Logger::Level::Error,
              "OCSP_REQ_CTX_new failed" + _detail::GetOpenSSLError("Load CRL"));
          return nullptr;
        }
        // By default the OCSP APIs limit the CRL length to 1M, that isn't sufficient
        // for many web sites, so increase it to 10M.
        OCSP_set_max_response_length(requestContext.get(), 10 * 1024 * 1024);
        if (!OCSP_REQ_CTX_http(requestContext.get(), "GET", url.c_str()))
        {
          Log::Write(
              Logger::Level::Error,
              "OCSP_REQ_CTX_http failed" + _detail::GetOpenSSLError("Load CRL"));
          return nullptr;
        }
        if (!OCSP_REQ_CTX_add1_header(requestContext.get(), "Host", host.c_str()))
        {
          Log::Write(
              Logger::Level::Error,
              "OCSP_REQ_add1_header failed" + _detail::GetOpenSSLError("Load CRL"));
          return nullptr;
        }
        {
          X509_CRL* crl_ptr = nullptr;
          int rv;
          do
          {
            rv = X509_CRL_http_nbio(requestContext.get(), &crl_ptr);
          } while (rv == -1);
          if (rv != 1)
          {
            if (ERR_peek_error() == 0)
            {
              Log::Write(
                  Logger::Level::Error,
                  "X509_CRL_http_nbio failed, possible because CRL is too long.");
            }
            else
            {
              Log::Write(
                  Logger::Level::Error,
                  "X509_CRL_http_nbio failed" + _detail::GetOpenSSLError("Load CRL"));
            }
            return nullptr;
          }
          crl.reset(crl_ptr);
        }
 #endif
        if (!crl)
        {
          Log::Write(Logger::Level::Error, _detail::GetOpenSSLError("Load CRL"));
@ -1692,7 +1810,11 @@ namespace Azure { namespace Core {
       * @brief Retrieve the CRL associated with the provided store context, if available.
       *
       */
 #if defined(USE_OPENSSL_3)
      STACK_OF(X509_CRL) * CrlHttpCallback(const X509_STORE_CTX* context, const X509_NAME*)
 #else
      STACK_OF(X509_CRL) * CrlHttpCallback(X509_STORE_CTX* context, X509_NAME*)
 #endif
      {
        Azure::Core::_internal::UniqueHandle<X509_CRL> crl;
        STACK_OF(DIST_POINT) * crlDistributionPoint;
--- a/vcpkg-custom-ports/openssl/install-pc-files.cmake
+++ b/vcpkg-custom-ports/openssl/install-pc-files.cmake
@ -0,0 +1,32 @@
 function(install_pc_file name pc_data)
    if(NOT DEFINED VCPKG_BUILD_TYPE OR VCPKG_BUILD_TYPE STREQUAL "release")
        configure_file("${CMAKE_CURRENT_LIST_DIR}/openssl.pc.in" "${CURRENT_PACKAGES_DIR}/lib/pkgconfig/${name}.pc" @ONLY)
    endif()
    if(NOT DEFINED VCPKG_BUILD_TYPE OR VCPKG_BUILD_TYPE STREQUAL "debug")
        configure_file("${CMAKE_CURRENT_LIST_DIR}/openssl.pc.in" "${CURRENT_PACKAGES_DIR}/debug/lib/pkgconfig/${name}.pc" @ONLY)
    endif()
 endfunction()
 install_pc_file(openssl [[
 Name: OpenSSL
 Description: Secure Sockets Layer and cryptography libraries and tools
 Requires: libssl libcrypto
 ]])
 install_pc_file(libssl [[
 Name: OpenSSL-libssl
 Description: Secure Sockets Layer and cryptography libraries
 Libs: -L"${libdir}" -llibssl
 Requires: libcrypto
 Cflags: -I"${includedir}"
 ]])
 install_pc_file(libcrypto [[
 Name: OpenSSL-libcrypto
 Description: OpenSSL cryptography library
 Libs: -L"${libdir}" -llibcrypto
 Libs.private: -lcrypt32 -lws2_32
 Cflags: -I"${includedir}"
 ]])
 vcpkg_fixup_pkgconfig()
--- a/vcpkg-custom-ports/openssl/openssl.pc.in
+++ b/vcpkg-custom-ports/openssl/openssl.pc.in
@ -0,0 +1,6 @@
 prefix=${pcfiledir}/../..
 exec_prefix=${prefix}
 libdir=${exec_prefix}/lib
 includedir=${prefix}/include
 Version: @OPENSSL_VERSION@
@pc_data@
--- a/vcpkg-custom-ports/openssl/portfile.cmake
+++ b/vcpkg-custom-ports/openssl/portfile.cmake
@ -0,0 +1,28 @@
 if(EXISTS "${CURRENT_INSTALLED_DIR}/include/openssl/ssl.h")
    message(FATAL_ERROR "Can't build openssl if libressl/boringssl is installed. Please remove libressl/boringssl, and try install openssl again if you need it.")
 endif()
 set(OPENSSL_VERSION 1.1.1n)
 vcpkg_download_distfile(
    ARCHIVE
    URLS "https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz" "https://www.openssl.org/source/old/1.1.1/openssl-${OPENSSL_VERSION}.tar.gz"
    FILENAME "openssl-${OPENSSL_VERSION}.tar.gz"
    SHA512 1937796736613dcf4105a54e42ecb61f95a1cea74677156f9459aea0f2c95159359e766089632bf364ee6b0d28d661eb9957bce8fecc9d2436378d8d79e8d0a4
 )
 vcpkg_find_acquire_program(PERL)
 get_filename_component(PERL_EXE_PATH ${PERL} DIRECTORY)
 vcpkg_add_to_path("${PERL_EXE_PATH}")
 if(VCPKG_TARGET_IS_UWP)
    include("${CMAKE_CURRENT_LIST_DIR}/uwp/portfile.cmake")
    include("${CMAKE_CURRENT_LIST_DIR}/install-pc-files.cmake")
 elseif(VCPKG_TARGET_IS_WINDOWS AND NOT VCPKG_TARGET_IS_MINGW)
    include("${CMAKE_CURRENT_LIST_DIR}/windows/portfile.cmake")
    include("${CMAKE_CURRENT_LIST_DIR}/install-pc-files.cmake")
 else()
    include("${CMAKE_CURRENT_LIST_DIR}/unix/portfile.cmake")
 endif()
 configure_file("${CMAKE_CURRENT_LIST_DIR}/vcpkg-cmake-wrapper.cmake.in" "${CURRENT_PACKAGES_DIR}/share/${PORT}/vcpkg-cmake-wrapper.cmake" @ONLY)
 file(INSTALL "${CMAKE_CURRENT_LIST_DIR}/usage" DESTINATION "${CURRENT_PACKAGES_DIR}/share/${PORT}")
--- a/vcpkg-custom-ports/openssl/unix/CMakeLists.txt
+++ b/vcpkg-custom-ports/openssl/unix/CMakeLists.txt
@ -0,0 +1,284 @@
 cmake_minimum_required(VERSION 3.9)
 project(openssl C)
 if(NOT SOURCE_PATH)
    message(FATAL_ERROR "Requires SOURCE_PATH")
 endif()
 if(CMAKE_SYSTEM_NAME STREQUAL "Android" OR CMAKE_SYSTEM_NAME STREQUAL "Linux")
    if(CMAKE_SYSTEM_PROCESSOR STREQUAL "x86_64")
        set(PLATFORM linux-x86_64)
    else()
        set(PLATFORM linux-generic32)
    endif()
 elseif(CMAKE_SYSTEM_NAME STREQUAL "iOS")
    if(VCPKG_TARGET_ARCHITECTURE MATCHES "arm64")
        set(PLATFORM ios64-xcrun)
    elseif(VCPKG_TARGET_ARCHITECTURE MATCHES "arm")
        set(PLATFORM ios-xcrun)
    elseif(VCPKG_TARGET_ARCHITECTURE MATCHES "x86" OR
           VCPKG_TARGET_ARCHITECTURE MATCHES "x64")
        set(PLATFORM iossimulator-xcrun)
    else()
        message(FATAL_ERROR "Unknown iOS target architecture: ${VCPKG_TARGET_ARCHITECTURE}")
    endif()
    # disable that makes linkage error (e.g. require stderr usage)
    list(APPEND DISABLES no-stdio no-ui no-asm)
 elseif(CMAKE_SYSTEM_NAME STREQUAL "Darwin")
    if(VCPKG_TARGET_ARCHITECTURE MATCHES "arm64")
        set(PLATFORM darwin64-arm64-cc)
    else()
        set(PLATFORM darwin64-x86_64-cc)
    endif()
 elseif(CMAKE_SYSTEM_NAME STREQUAL "FreeBSD")
    set(PLATFORM BSD-generic64)
 elseif(CMAKE_SYSTEM_NAME STREQUAL "OpenBSD")
    set(PLATFORM BSD-generic64)
 elseif(MINGW)
    if(CMAKE_SYSTEM_PROCESSOR STREQUAL "x86_64")
        set(PLATFORM mingw64)
    else()
        set(PLATFORM mingw)
    endif()
 elseif(EMSCRIPTEN)
    set(MAKE $ENV{EMSDK}/upstream/emscripten/emmake)
    set(ENV{MAKE} $ENV{EMSDK}/upstream/emscripten/emmake)
 else()
    message(FATAL_ERROR "Unknown platform")
 endif()
 get_filename_component(COMPILER_ROOT "${CMAKE_C_COMPILER}" DIRECTORY)
 message("CMAKE_C_COMPILER=${CMAKE_C_COMPILER}")
 message("COMPILER_ROOT=${COMPILER_ROOT}")
 message("CMAKE_SYSROOT=${CMAKE_SYSROOT}")
 message("CMAKE_OSX_SYSROOT=${CMAKE_OSX_SYSROOT}")
 message("CMAKE_OSX_DEPLOYMENT_TARGET=${CMAKE_OSX_DEPLOYMENT_TARGET}")
 message("CMAKE_C_FLAGS=${CMAKE_C_FLAGS}")
 message("CMAKE_C_FLAGS_RELEASE=${CMAKE_C_FLAGS_RELEASE}")
 message("CMAKE_C_FLAGS_DEBUG=${CMAKE_C_FLAGS_DEBUG}")
 message("CMAKE_INCLUDE_SYSTEM_FLAG_C=${CMAKE_INCLUDE_SYSTEM_FLAG_C}")
 message("CMAKE_C_OSX_DEPLOYMENT_TARGET_FLAG=${CMAKE_C_OSX_DEPLOYMENT_TARGET_FLAG}")
 string(TOUPPER "${CMAKE_BUILD_TYPE}" BUILD_TYPE)
 set(CFLAGS "${CMAKE_C_FLAGS} ${CMAKE_C_FLAGS_${BUILD_TYPE}}")
 if(CMAKE_C_COMPILER_ID STREQUAL "Clang")
    set(CFLAGS "${CFLAGS} -Wno-error=unused-command-line-argument")
 endif()
 if(CMAKE_C_COMPILER_TARGET AND CMAKE_C_COMPILE_OPTIONS_TARGET)
    set(CFLAGS "${CFLAGS} ${CMAKE_C_COMPILE_OPTIONS_TARGET}${CMAKE_C_COMPILER_TARGET}")
 endif()
 if(CMAKE_C_COMPILER_EXTERNAL_TOOLCHAIN AND CMAKE_C_COMPILE_OPTIONS_EXTERNAL_TOOLCHAIN)
    set(CFLAGS "${CFLAGS} ${CMAKE_C_COMPILE_OPTIONS_EXTERNAL_TOOLCHAIN}${CMAKE_C_COMPILER_EXTERNAL_TOOLCHAIN}")
 endif()
 if(CMAKE_SYSROOT AND CMAKE_C_COMPILE_OPTIONS_SYSROOT)
    set(CFLAGS "${CFLAGS} ${CMAKE_C_COMPILE_OPTIONS_SYSROOT}${CMAKE_SYSROOT}")
 elseif(CMAKE_OSX_SYSROOT AND CMAKE_C_COMPILE_OPTIONS_SYSROOT)
    set(CFLAGS "${CFLAGS} ${CMAKE_C_COMPILE_OPTIONS_SYSROOT}${CMAKE_OSX_SYSROOT}")
 endif()
 if (CMAKE_OSX_DEPLOYMENT_TARGET AND CMAKE_C_OSX_DEPLOYMENT_TARGET_FLAG)
  set(CFLAGS "${CFLAGS} ${CMAKE_C_OSX_DEPLOYMENT_TARGET_FLAG}${CMAKE_OSX_DEPLOYMENT_TARGET}")
 elseif((CMAKE_SYSTEM_NAME STREQUAL "Darwin") AND (VCPKG_TARGET_ARCHITECTURE MATCHES "arm64"))
  set(CFLAGS "${CFLAGS} -mmacosx-version-min=11.0")
 endif()
 string(REGEX REPLACE "^ " "" CFLAGS "${CFLAGS}")
 if(CMAKE_HOST_WIN32)
    file(TO_NATIVE_PATH ENV_PATH "${COMPILER_ROOT};$ENV{PATH}")
 else()
    file(TO_NATIVE_PATH ENV_PATH "${COMPILER_ROOT}:$ENV{PATH}")
 endif()
 set(ENV{ANDROID_DEV} "${CMAKE_SYSROOT}/usr")
 if(NOT IOS)
    set(ENV{CC} "${CMAKE_C_COMPILER}")
 endif()
 message("ENV{ANDROID_DEV}=$ENV{ANDROID_DEV}")
 get_filename_component(SOURCE_PATH_NAME "${SOURCE_PATH}" NAME)
 set(BUILDDIR "${CMAKE_CURRENT_BINARY_DIR}/${SOURCE_PATH_NAME}")
 if(NOT EXISTS "${BUILDDIR}")
    file(COPY ${SOURCE_PATH} DESTINATION ${CMAKE_CURRENT_BINARY_DIR})
 endif()
 get_filename_component(MSYS_BIN_DIR "${MAKE}" DIRECTORY)
 if(BUILD_SHARED_LIBS)
    set(SHARED shared)
    file(STRINGS "${BUILDDIR}/include/openssl/opensslv.h" SHLIB_VERSION
        REGEX "^#[\t ]*define[\t ]+SHLIB_VERSION_NUMBER[\t ]+\".*\".*")
    string(REGEX REPLACE "^.*SHLIB_VERSION_NUMBER[\t ]+\"([^\"]*)\".*$" "\\1"
        SHLIB_VERSION "${SHLIB_VERSION}")
    if(CMAKE_SYSTEM_NAME STREQUAL "Darwin" OR CMAKE_SYSTEM_NAME STREQUAL "iOS")
        set(LIB_EXT dylib)
        set(LIB_EXTS ${SHLIB_VERSION}.${LIB_EXT})
    elseif(MINGW)
        string(REPLACE "." "_" SHLIB_VERSION "${SHLIB_VERSION}")
        set(BIN_EXT dll)
        set(LIB_EXT dll.a)
    else()
        set(LIB_EXT so)
        set(LIB_EXTS ${LIB_EXT}.${SHLIB_VERSION})
    endif()
    list(APPEND BIN_EXTS ${BIN_EXT})
    list(APPEND LIB_EXTS ${LIB_EXT})
 else()
    set(SHARED no-shared)
    set(LIB_EXTS a)
 endif()
 set(INSTALL_PKG_CONFIGS "${BUILDDIR}/openssl.pc")
 foreach(lib ssl crypto)
    foreach(ext ${LIB_EXTS})
        list(APPEND INSTALL_LIBS "${BUILDDIR}/lib${lib}.${ext}")
        list(APPEND INSTALL_PKG_CONFIGS "${BUILDDIR}/lib${lib}.pc")
    endforeach()
    foreach(ext ${BIN_EXTS})
    # This might be wrong for targets which don't follow this naming scheme, but I'm not aware of any
        if(CMAKE_SYSTEM_PROCESSOR STREQUAL "x86_64")
            list(APPEND INSTALL_BINS "${BUILDDIR}/lib${lib}-${SHLIB_VERSION}-x64.${ext}")
        else()
            list(APPEND INSTALL_BINS "${BUILDDIR}/lib${lib}-${SHLIB_VERSION}.${ext}")
        endif()
    endforeach()
 endforeach()
 if(CMAKE_HOST_WIN32)
    set(ENV_COMMAND set)
    set(PATH_VAR ";%PATH%")
 else()
    set(ENV_COMMAND export)
    set(PATH_VAR ":$ENV{PATH}")
 endif()
 add_custom_command(
        OUTPUT "${BUILDDIR}/Makefile"
        COMMAND ${ENV_COMMAND} "PATH=${MSYS_BIN_DIR}${PATH_VAR}"
        VERBATIM
        WORKING_DIRECTORY "${BUILDDIR}"
 )
 if(NOT IOS)
    add_custom_command(
        OUTPUT "${BUILDDIR}/Makefile"
        COMMAND ${ENV_COMMAND} CC=${CMAKE_C_COMPILER}
        COMMAND ${ENV_COMMAND} AR=${CMAKE_AR}
        COMMAND ${ENV_COMMAND} LD=${CMAKE_LINKER}
        COMMAND ${ENV_COMMAND} RANLIB=${CMAKE_RANLIB}
        COMMAND ${ENV_COMMAND} MAKE=${MAKE}
        COMMAND ${ENV_COMMAND} MAKEDEPPROG=${CMAKE_C_COMPILER}
        COMMAND ${ENV_COMMAND} WINDRES=${CMAKE_RC_COMPILER}
        VERBATIM
        APPEND
    )
    if(EMSCRIPTEN)
        list(APPEND DISABLES
                threads
                no-engine
                no-dso
                no-asm
                no-shared
                no-sse2
                no-srtp
                )
    else()
        list(APPEND DISABLES
                enable-static-engine
                no-zlib
                no-ssl2
                no-idea
                no-cast
                no-seed
                no-md2
                no-tests)
    endif()
 endif()
 if(EMSCRIPTEN)
    add_custom_command(
            OUTPUT "${BUILDDIR}/Makefile"
            COMMAND "$ENV{EMSDK}/upstream/emscripten/emconfigure" ./config
            ${SHARED}
            ${DISABLES}
            "--prefix=${CMAKE_INSTALL_PREFIX}"
            "--openssldir=/etc/ssl"
            "--cross-compile-prefix=\"/\""
            VERBATIM
            APPEND
    )
    add_custom_target(build_libs ALL
            COMMAND ${ENV_COMMAND} "PATH=${MSYS_BIN_DIR}${PATH_VAR}"
            COMMAND "${CMAKE_COMMAND}" -E touch "${BUILDDIR}/krb5.h"
            COMMAND "${MAKE}" make build_libs
            VERBATIM
            WORKING_DIRECTORY "${BUILDDIR}"
            DEPENDS "${BUILDDIR}/Makefile"
            BYPRODUCTS ${INSTALL_LIBS}
            )
 else()
    add_custom_command(
            OUTPUT "${BUILDDIR}/Makefile"
            COMMAND "${PERL}" Configure
            ${SHARED}
            ${DISABLES}
            ${PLATFORM}
            "--prefix=${CMAKE_INSTALL_PREFIX}"
            "--openssldir=/etc/ssl"
            ${CFLAGS}
            VERBATIM
            APPEND
    )
    add_custom_target(build_libs ALL
            COMMAND ${ENV_COMMAND} "PATH=${MSYS_BIN_DIR}${PATH_VAR}"
            COMMAND "${CMAKE_COMMAND}" -E touch "${BUILDDIR}/krb5.h"
            COMMAND "${MAKE}" -j ${VCPKG_CONCURRENCY} build_libs
            VERBATIM
            WORKING_DIRECTORY "${BUILDDIR}"
            DEPENDS "${BUILDDIR}/Makefile"
            BYPRODUCTS ${INSTALL_LIBS}
            )
 endif()
 add_custom_command(
        OUTPUT "${BUILDDIR}/Makefile"
        COMMAND "${CMAKE_COMMAND}" "-DDIR=${BUILDDIR}" -P "${CMAKE_CURRENT_LIST_DIR}/remove-deps.cmake"
        VERBATIM
        APPEND
 )
 if((CMAKE_SYSTEM_NAME STREQUAL "Darwin" OR CMAKE_SYSTEM_NAME STREQUAL "iOS") AND BUILD_SHARED_LIBS)
    if(DEFINED CMAKE_INSTALL_NAME_DIR)
        set(ID_PREFIX "${CMAKE_INSTALL_NAME_DIR}")
    else()
        set(ID_PREFIX "@rpath")
    endif()
    add_custom_command(
        TARGET build_libs
        COMMAND /usr/bin/install_name_tool -id "${ID_PREFIX}/libssl.${SHLIB_VERSION}.dylib"
                                               "${BUILDDIR}/libssl.${SHLIB_VERSION}.dylib"
        COMMAND /usr/bin/install_name_tool -id "${ID_PREFIX}/libcrypto.${SHLIB_VERSION}.dylib"
                                               "${BUILDDIR}/libcrypto.1.1.dylib"
        COMMAND /usr/bin/install_name_tool -change "${CMAKE_INSTALL_PREFIX}/lib/libcrypto.${SHLIB_VERSION}.dylib"
                                                   "${ID_PREFIX}/libcrypto.${SHLIB_VERSION}.dylib"
                                                   "${BUILDDIR}/libssl.${SHLIB_VERSION}.dylib"
        VERBATIM
    )
 endif()
 install(
    FILES ${INSTALL_LIBS}
    DESTINATION lib
 )
 install(
    FILES ${INSTALL_BINS}
    DESTINATION bin
 )
 install(
    FILES ${INSTALL_PKG_CONFIGS}
    DESTINATION lib/pkgconfig
 )
--- a/vcpkg-custom-ports/openssl/unix/portfile.cmake
+++ b/vcpkg-custom-ports/openssl/unix/portfile.cmake
@ -0,0 +1,38 @@
 vcpkg_extract_source_archive_ex(
    OUT_SOURCE_PATH MASTER_COPY_SOURCE_PATH
    ARCHIVE "${ARCHIVE}"
    REF ${OPENSSL_VERSION}
 )
 if(CMAKE_HOST_WIN32)
    vcpkg_acquire_msys(MSYS_ROOT PACKAGES make perl)
    set(MAKE ${MSYS_ROOT}/usr/bin/make.exe)
    set(PERL ${MSYS_ROOT}/usr/bin/perl.exe)
 else()
    find_program(MAKE make)
    if(NOT MAKE)
        message(FATAL_ERROR "Could not find make. Please install it through your package manager.")
    endif()
 endif()
 vcpkg_cmake_configure(
    SOURCE_PATH ${CMAKE_CURRENT_LIST_DIR}
    OPTIONS
        -DSOURCE_PATH=${MASTER_COPY_SOURCE_PATH}
        -DPERL=${PERL}
        -DMAKE=${MAKE}
        -DVCPKG_CONCURRENCY=${VCPKG_CONCURRENCY}
 )
 vcpkg_cmake_install()
 vcpkg_fixup_pkgconfig()
 file(GLOB HEADERS ${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-rel/*/include/openssl/*.h)
 set(RESOLVED_HEADERS)
 foreach(HEADER ${HEADERS})
    get_filename_component(X "${HEADER}" REALPATH)
    list(APPEND RESOLVED_HEADERS "${X}")
 endforeach()
 file(INSTALL ${RESOLVED_HEADERS} DESTINATION ${CURRENT_PACKAGES_DIR}/include/openssl)
 file(INSTALL ${MASTER_COPY_SOURCE_PATH}/LICENSE DESTINATION ${CURRENT_PACKAGES_DIR}/share/${PORT} RENAME copyright)
--- a/vcpkg-custom-ports/openssl/unix/remove-deps.cmake
+++ b/vcpkg-custom-ports/openssl/unix/remove-deps.cmake
@ -0,0 +1,7 @@
 file(GLOB_RECURSE MAKEFILES ${DIR}/*/Makefile)
 foreach(MAKEFILE ${MAKEFILES})
    message("removing deps from ${MAKEFILE}")
    file(READ "${MAKEFILE}" _contents)
    string(REGEX REPLACE "\n# DO NOT DELETE THIS LINE.*" "" _contents "${_contents}")
    file(WRITE "${MAKEFILE}" "${_contents}")
 endforeach()
--- a/vcpkg-custom-ports/openssl/usage
+++ b/vcpkg-custom-ports/openssl/usage
@ -0,0 +1,4 @@
 The package openssl is compatible with built-in CMake targets:
    find_package(OpenSSL REQUIRED)
    target_link_libraries(main PRIVATE OpenSSL::SSL OpenSSL::Crypto)
--- a/vcpkg-custom-ports/openssl/uwp/EnableUWPSupport.patch
+++ b/vcpkg-custom-ports/openssl/uwp/EnableUWPSupport.patch
@ -0,0 +1,170 @@
 diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf
 index 3c4299d264..99fcb1f713 100644
 --- a/Configurations/10-main.conf
 +++ b/Configurations/10-main.conf
@@ -1287,7 +1287,7 @@ my %targets = (
     },
     "VC-WIN64I" => {
         inherit_from     => [ "VC-WIN64-common", asm("ia64_asm"),
 -                              sub { $disabled{shared} ? () : "ia64_uplink" } ],
 +                              sub { $disabled{uplink} ? () : "ia64_uplink" } ],
         AS               => "ias",
         ASFLAGS          => "-d debug",
         asoutflag        => "-o ",
@@ -1299,7 +1299,7 @@ my %targets = (
     },
     "VC-WIN64A" => {
         inherit_from     => [ "VC-WIN64-common", asm("x86_64_asm"),
 -                              sub { $disabled{shared} ? () : "x86_64_uplink" } ],
 +                              sub { $disabled{uplink} ? () : "x86_64_uplink" } ],
         AS               => sub { vc_win64a_info()->{AS} },
         ASFLAGS          => sub { vc_win64a_info()->{ASFLAGS} },
         asoutflag        => sub { vc_win64a_info()->{asoutflag} },
@@ -1312,7 +1312,7 @@ my %targets = (
     },
     "VC-WIN32" => {
         inherit_from     => [ "VC-noCE-common", asm("x86_asm"),
 -                              sub { $disabled{shared} ? () : "uplink_common" } ],
 +                              sub { $disabled{uplink} ? () : "uplink_common" } ],
         AS               => sub { vc_win32_info()->{AS} },
         ASFLAGS          => sub { vc_win32_info()->{ASFLAGS} },
         asoutflag        => sub { vc_win32_info()->{asoutflag} },
@@ -1374,7 +1374,7 @@ my %targets = (
 #### MinGW
     "mingw" => {
         inherit_from     => [ "BASE_unix", asm("x86_asm"),
 -                              sub { $disabled{shared} ? () : "x86_uplink" } ],
 +                              sub { $disabled{uplink} ? () : "x86_uplink" } ],
         CC               => "gcc",
         CFLAGS           => picker(default => "-Wall",
                                    debug   => "-g -O0",
 diff --git a/Configurations/50-win-onecore.conf b/Configurations/50-win-onecore.conf
 index d478f42b0f..e0fb70daca 100644
 --- a/Configurations/50-win-onecore.conf
 +++ b/Configurations/50-win-onecore.conf
@@ -1,3 +1,4 @@
 +## -*- mode: perl; -*-
 # Windows OneCore targets.
 #
 # OneCore is new API stability "contract" that transcends Desktop, IoT and
@@ -10,6 +11,25 @@
 # TODO: extend error handling to use ETW based eventing
 # (Or rework whole error messaging)
 +my $UWP_info = {};
 +sub UWP_info {
 +    unless (%$UWP_info) {
 +        my $SDKver = `pwsh.exe -Command  \"& {\$(Get-Item \\\"hklm:\\SOFTWARE\\WOW6432Node\\Microsoft\\Microsoft SDKs\\Windows\\\").GetValue(\\\"CurrentVersion\\\")}\"`;
 +        $SDKver =~ s|\R$||;
 +        my @SDKver_split = split(/\./, $SDKver);
 +        # SDK version older than 10.0.17763 don't support our ASM builds
 +        if ($SDKver_split[0] < 10
 +            || ($SDKver_split[0] == 10
 +                && $SDKver_split[1] == 0
 +                && $SDKver_split[2] < 17763)) {
 +            $UWP_info->{disable} = [ 'asm' ];
 +        } else {
 +            $UWP_info->{disable} = [ ];
 +        }
 +    }
 +    return $UWP_info;
 +}
 +
 my %targets = (
     "VC-WIN32-ONECORE" => {
         inherit_from    => [ "VC-WIN32" ],
@@ -61,4 +81,57 @@ my %targets = (
         ex_libs         => "onecore.lib",
         multilib        => "-arm64",
     },
 +
 +    # Universal Windows Platform (UWP) App Support
 +
 +    # TODO
 +    #
 +    # The 'disable' attribute should have 'uplink'.
 +    # however, these are checked in some 'inherit_from', which is processed
 +    # very early, before the 'disable' attributes are seen.
 +    # This is a problem that needs to be resolved in Configure first.
 +    #
 +    # But if you want to build library with Windows 10 Version 1809 SDK or
 +    # earlier, the 'disable' attribute should also have 'asm'.
 +
 +    "VC-WIN32-UWP" => {
 +        inherit_from    => [ "VC-WIN32-ONECORE" ],
 +        lflags          => add("/APPCONTAINER"),
 +        defines         => add("WINAPI_FAMILY=WINAPI_FAMILY_APP",
 +                               "_WIN32_WINNT=0x0A00"),
 +        dso_scheme      => "",
 +        disable         => sub { [ 'ui-console', 'stdio', 'async', 'uplink',
 +                                   @{ UWP_info()->{disable} } ] },
 +        ex_libs         => "WindowsApp.lib",
 +    },
 +     "VC-WIN64A-UWP" => {
 +        inherit_from    => [ "VC-WIN64A-ONECORE" ],
 +        lflags          => add("/APPCONTAINER"),
 +        defines         => add("WINAPI_FAMILY=WINAPI_FAMILY_APP",
 +                               "_WIN32_WINNT=0x0A00"),
 +        dso_scheme      => "",
 +        disable         => sub { [ 'ui-console', 'stdio', 'async', 'uplink',
 +                                   @{ UWP_info()->{disable} } ] },
 +        ex_libs         => "WindowsApp.lib",
 +    },
 +    "VC-WIN32-ARM-UWP" => {
 +        inherit_from    => [ "VC-WIN32-ARM" ],
 +        lflags          => add("/APPCONTAINER"),
 +        defines         => add("WINAPI_FAMILY=WINAPI_FAMILY_APP",
 +                               "_WIN32_WINNT=0x0A00"),
 +        dso_scheme      => "",
 +        disable         => sub { [ 'ui-console', 'stdio', 'async', 'uplink',
 +                                   @{ UWP_info()->{disable} } ] },
 +        ex_libs         => "WindowsApp.lib",
 +    },
 +     "VC-WIN64-ARM-UWP" => {
 +        inherit_from    => [ "VC-WIN64-ARM" ],
 +        lflags          => add("/APPCONTAINER"),
 +        defines         => add("WINAPI_FAMILY=WINAPI_FAMILY_APP",
 +                               "_WIN32_WINNT=0x0A00"),
 +        dso_scheme      => "",
 +        disable         => sub { [ 'ui-console', 'stdio', 'async', 'uplink',
 +                                   @{ UWP_info()->{disable} } ] },
 +        ex_libs         => "WindowsApp.lib",
 +    },
 );
 diff --git a/Configure b/Configure
 index 5a699836f3..de45f1e299 100755
 --- a/Configure
 +++ b/Configure
@@ -407,6 +408,7 @@ my @disablables = (
     "ubsan",
     "ui-console",
     "unit-test",
 +    "uplink",
     "whirlpool",
     "weak-ssl-ciphers",
     "zlib",
@@ -491,8 +493,8 @@ my @disable_cascades = (
     # Without position independent code, there can be no shared libraries or DSOs
     "pic"               => [ "shared" ],
 -    "shared"            => [ "dynamic-engine" ],
 +    "shared"            => [ "dynamic-engine", "uplink" ],
     "dso"               => [ "dynamic-engine" ],
     "engine"            => [ "afalgeng", "devcryptoeng" ],
     # no-autoalginit is only useful when building non-shared
 diff --git a/INSTALL b/INSTALL
 index 2119cbae9e..ee54e8c215 100644
 --- a/INSTALL
 +++ b/INSTALL
@@ -560,6 +560,10 @@
                    likely to complement configuration command line with
                    suitable compiler-specific option.
 +  no-uplink
 +                   Don't build support for UPLINK interface.
 +
 +
   no-<prot>
                    Don't build support for negotiating the specified SSL/TLS
                    protocol (one of ssl, ssl3, tls, tls1, tls1_1, tls1_2,
--- a/vcpkg-custom-ports/openssl/uwp/make-openssl.bat
+++ b/vcpkg-custom-ports/openssl/uwp/make-openssl.bat
@ -0,0 +1,16 @@
 set build=%1
 perl Configure no-asm no-hw no-dso VC-WINUNIVERSAL -FS -FIWindows.h
 for /D %%f in ("%WindowsSdkDir%References\%WindowsSDKLibVersion%Windows.Foundation.FoundationContract\*") do set LibPath=%LibPath%;%%f\
 for /D %%f in ("%WindowsSdkDir%References\%WindowsSDKLibVersion%Windows.Foundation.UniversalApiContract\*") do set LibPath=%LibPath%;%%f\
 for /D %%f in ("%WindowsSdkDir%References\Windows.Foundation.FoundationContract\*") do set LibPath=%LibPath%;%%f\
 for /D %%f in ("%WindowsSdkDir%References\Windows.Foundation.UniversalApiContract\*") do set LibPath=%LibPath%;%%f\
 call ms\do_winuniversal.bat
 mkdir inc32\openssl
 jom -j %NUMBER_OF_PROCESSORS% -k -f ms\ntdll.mak
 REM due to a race condition in the build, we need to have a second single-threaded pass.
 nmake -f ms\ntdll.mak
--- a/vcpkg-custom-ports/openssl/uwp/portfile.cmake
+++ b/vcpkg-custom-ports/openssl/uwp/portfile.cmake
@ -0,0 +1,163 @@
 vcpkg_find_acquire_program(JOM)
 get_filename_component(JOM_EXE_PATH ${JOM} DIRECTORY)
 vcpkg_add_to_path("${PERL_EXE_PATH}")
 set(OPENSSL_SHARED no-shared)
 if(VCPKG_LIBRARY_LINKAGE STREQUAL "dynamic")
    set(OPENSSL_SHARED shared)
 endif()
 vcpkg_extract_source_archive_ex(
  OUT_SOURCE_PATH SOURCE_PATH
  ARCHIVE ${ARCHIVE}
  PATCHES
    uwp/EnableUWPSupport.patch
 )
 vcpkg_find_acquire_program(NASM)
 get_filename_component(NASM_EXE_PATH ${NASM} DIRECTORY)
 vcpkg_add_to_path(PREPEND "${NASM_EXE_PATH}")
 set(CONFIGURE_COMMAND ${PERL} Configure
    enable-static-engine
    enable-capieng
    no-unit-test
    no-ssl2
    no-asm
    no-uplink
    no-tests
    -utf-8
    ${OPENSSL_SHARED}
 )
 if(VCPKG_TARGET_ARCHITECTURE STREQUAL "x86")
    set(OPENSSL_ARCH VC-WIN32-UWP)
 elseif(VCPKG_TARGET_ARCHITECTURE STREQUAL "x64")
    set(OPENSSL_ARCH VC-WIN64A-UWP)
 elseif(VCPKG_TARGET_ARCHITECTURE STREQUAL "arm")
    set(OPENSSL_ARCH VC-WIN32-ARM-UWP)
 elseif(VCPKG_TARGET_ARCHITECTURE STREQUAL "arm64")
    set(OPENSSL_ARCH VC-WIN64-ARM-UWP)
 else()
    message(FATAL_ERROR "Unsupported target architecture: ${VCPKG_TARGET_ARCHITECTURE}")
 endif()
 set(OPENSSL_MAKEFILE "makefile")
 file(REMOVE_RECURSE ${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-rel ${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-dbg)
 if(NOT DEFINED VCPKG_BUILD_TYPE OR VCPKG_BUILD_TYPE STREQUAL "release")
    # Copy openssl sources.
    message(STATUS "Copying openssl release source files...")
    file(GLOB OPENSSL_SOURCE_FILES "${SOURCE_PATH}/*")
    foreach(SOURCE_FILE ${OPENSSL_SOURCE_FILES})
        file(COPY ${SOURCE_FILE} DESTINATION "${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-rel")
    endforeach()
    message(STATUS "Copying openssl release source files... done")
    set(SOURCE_PATH_RELEASE "${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-rel")
    set(OPENSSLDIR_RELEASE "${CURRENT_PACKAGES_DIR}")
    message(STATUS "Configure ${TARGET_TRIPLET}-rel")
    vcpkg_execute_required_process(
        COMMAND ${CONFIGURE_COMMAND} ${OPENSSL_ARCH} "--prefix=${OPENSSLDIR_RELEASE}" "--openssldir=${OPENSSLDIR_RELEASE}" -FS
        WORKING_DIRECTORY "${SOURCE_PATH_RELEASE}"
        LOGNAME configure-perl-${TARGET_TRIPLET}-${VCPKG_BUILD_TYPE}-rel
    )
    message(STATUS "Configure ${TARGET_TRIPLET}-rel done")
    message(STATUS "Build ${TARGET_TRIPLET}-rel")
    # Openssl's buildsystem has a race condition which will cause JOM to fail at some point.
    # This is ok; we just do as much work as we can in parallel first, then follow up with a single-threaded build.
    make_directory(${SOURCE_PATH_RELEASE}/inc32/openssl)
    execute_process(
        COMMAND "${JOM}" -k -j ${VCPKG_CONCURRENCY} -f "${OPENSSL_MAKEFILE}" build_libs
        WORKING_DIRECTORY "${SOURCE_PATH_RELEASE}"
        OUTPUT_FILE "${CURRENT_BUILDTREES_DIR}/build-${TARGET_TRIPLET}-rel-0-out.log"
        ERROR_FILE "${CURRENT_BUILDTREES_DIR}/build-${TARGET_TRIPLET}-rel-0-err.log"
    )
    vcpkg_execute_required_process(
        COMMAND nmake -f "${OPENSSL_MAKEFILE}" install_dev
        WORKING_DIRECTORY "${SOURCE_PATH_RELEASE}"
        LOGNAME build-${TARGET_TRIPLET}-rel-1)
    message(STATUS "Build ${TARGET_TRIPLET}-rel done")
 endif()
 if(NOT DEFINED VCPKG_BUILD_TYPE OR VCPKG_BUILD_TYPE STREQUAL "debug")
    # Copy openssl sources.
    message(STATUS "Copying openssl debug source files...")
    file(GLOB OPENSSL_SOURCE_FILES ${SOURCE_PATH}/*)
    foreach(SOURCE_FILE ${OPENSSL_SOURCE_FILES})
        file(COPY "${SOURCE_FILE}" DESTINATION "${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-dbg")
    endforeach()
    message(STATUS "Copying openssl debug source files... done")
    set(SOURCE_PATH_DEBUG "${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-dbg")
    set(OPENSSLDIR_DEBUG "${CURRENT_PACKAGES_DIR}/debug")
    message(STATUS "Configure ${TARGET_TRIPLET}-dbg")
    vcpkg_execute_required_process(
        COMMAND ${CONFIGURE_COMMAND} debug-${OPENSSL_ARCH} "--prefix=${OPENSSLDIR_DEBUG}" "--openssldir=${OPENSSLDIR_DEBUG}" -FS
        WORKING_DIRECTORY "${SOURCE_PATH_DEBUG}"
        LOGNAME configure-perl-${TARGET_TRIPLET}-${VCPKG_BUILD_TYPE}-dbg
    )
    message(STATUS "Configure ${TARGET_TRIPLET}-dbg done")
    message(STATUS "Build ${TARGET_TRIPLET}-dbg")
    make_directory("${SOURCE_PATH_DEBUG}/inc32/openssl")
    execute_process(
        COMMAND "${JOM}" -k -j ${VCPKG_CONCURRENCY} -f "${OPENSSL_MAKEFILE}" build_libs
        WORKING_DIRECTORY "${SOURCE_PATH_DEBUG}"
        OUTPUT_FILE "${CURRENT_BUILDTREES_DIR}/build-${TARGET_TRIPLET}-dbg-0-out.log"
        ERROR_FILE "${CURRENT_BUILDTREES_DIR}/build-${TARGET_TRIPLET}-dbg-0-err.log"
    )
    vcpkg_execute_required_process(
        COMMAND nmake -f "${OPENSSL_MAKEFILE}" install_dev
        WORKING_DIRECTORY "${SOURCE_PATH_DEBUG}"
        LOGNAME build-${TARGET_TRIPLET}-dbg-1)
    message(STATUS "Build ${TARGET_TRIPLET}-dbg done")
 endif()
 file(REMOVE_RECURSE "${CURRENT_PACKAGES_DIR}/certs")
 file(REMOVE_RECURSE "${CURRENT_PACKAGES_DIR}/private")
 file(REMOVE_RECURSE "${CURRENT_PACKAGES_DIR}/lib/engines-1_1")
 file(REMOVE_RECURSE "${CURRENT_PACKAGES_DIR}/debug/certs")
 file(REMOVE_RECURSE "${CURRENT_PACKAGES_DIR}/debug/lib/engines-1_1")
 file(REMOVE_RECURSE "${CURRENT_PACKAGES_DIR}/debug/private")
 file(REMOVE_RECURSE "${CURRENT_PACKAGES_DIR}/debug/include")
 file(REMOVE
    "${CURRENT_PACKAGES_DIR}/bin/openssl.exe"
    "${CURRENT_PACKAGES_DIR}/debug/bin/openssl.exe"
    "${CURRENT_PACKAGES_DIR}/debug/openssl.cnf"
    "${CURRENT_PACKAGES_DIR}/openssl.cnf"
    "${CURRENT_PACKAGES_DIR}/ct_log_list.cnf"
    "${CURRENT_PACKAGES_DIR}/ct_log_list.cnf.dist"
    "${CURRENT_PACKAGES_DIR}/openssl.cnf.dist"
    "${CURRENT_PACKAGES_DIR}/debug/ct_log_list.cnf"
    "${CURRENT_PACKAGES_DIR}/debug/ct_log_list.cnf.dist"
    "${CURRENT_PACKAGES_DIR}/debug/openssl.cnf.dist"
 )
 if(VCPKG_LIBRARY_LINKAGE STREQUAL static)
    # They should be empty, only the exes deleted above were in these directories
    file(REMOVE_RECURSE "${CURRENT_PACKAGES_DIR}/debug/bin/")
    file(REMOVE_RECURSE "${CURRENT_PACKAGES_DIR}/bin/")
 endif()
 file(READ "${CURRENT_PACKAGES_DIR}/include/openssl/dtls1.h" _contents)
 string(REPLACE "<winsock.h>" "<winsock2.h>" _contents "${_contents}")
 file(WRITE "${CURRENT_PACKAGES_DIR}/include/openssl/dtls1.h" "${_contents}")
 file(READ "${CURRENT_PACKAGES_DIR}/include/openssl/rand.h" _contents)
 string(REPLACE "#  include <windows.h>" "#ifndef _WINSOCKAPI_\n#define _WINSOCKAPI_\n#endif\n#  include <windows.h>" _contents "${_contents}")
 file(WRITE "${CURRENT_PACKAGES_DIR}/include/openssl/rand.h" "${_contents}")
 vcpkg_copy_pdbs()
 file(INSTALL "${SOURCE_PATH}/LICENSE" DESTINATION "${CURRENT_PACKAGES_DIR}/share/${PORT}" RENAME copyright)
--- a/vcpkg-custom-ports/openssl/vcpkg-cmake-wrapper.cmake.in
+++ b/vcpkg-custom-ports/openssl/vcpkg-cmake-wrapper.cmake.in
@ -0,0 +1,78 @@
 cmake_policy(PUSH)
 cmake_policy(SET CMP0012 NEW)
 cmake_policy(SET CMP0054 NEW)
 cmake_policy(SET CMP0057 NEW)
 if(OPENSSL_USE_STATIC_LIBS)
    if("@VCPKG_LIBRARY_LINKAGE@" STREQUAL "dynamic")
        message(WARNING "OPENSSL_USE_STATIC_LIBS is set, but vcpkg port openssl was built with dynamic linkage")
    endif()
    set(OPENSSL_USE_STATIC_LIBS_BAK "${OPENSSL_USE_STATIC_LIBS}")
    set(OPENSSL_USE_STATIC_LIBS FALSE)
 endif()
 if(DEFINED OPENSSL_ROOT_DIR)
    set(OPENSSL_ROOT_DIR_BAK "${OPENSSL_ROOT_DIR}")
 endif()
 get_filename_component(OPENSSL_ROOT_DIR "${CMAKE_CURRENT_LIST_DIR}" DIRECTORY)
 get_filename_component(OPENSSL_ROOT_DIR "${OPENSSL_ROOT_DIR}" DIRECTORY)
 find_path(OPENSSL_INCLUDE_DIR NAMES openssl/ssl.h PATH "${OPENSSL_ROOT_DIR}/include" NO_DEFAULT_PATH)
 if(MSVC)
    find_library(LIB_EAY_DEBUG NAMES libcrypto PATHS "${OPENSSL_ROOT_DIR}/debug/lib" NO_DEFAULT_PATH)
    find_library(LIB_EAY_RELEASE NAMES libcrypto PATHS "${OPENSSL_ROOT_DIR}/lib" NO_DEFAULT_PATH)
    find_library(SSL_EAY_DEBUG NAMES libssl PATHS "${OPENSSL_ROOT_DIR}/debug/lib" NO_DEFAULT_PATH)
    find_library(SSL_EAY_RELEASE NAMES libssl PATHS "${OPENSSL_ROOT_DIR}/lib" NO_DEFAULT_PATH)
 elseif(WIN32)
    find_library(LIB_EAY NAMES libcrypto crypto NAMES_PER_DIR)
    find_library(SSL_EAY NAMES libssl ssl NAMES_PER_DIR)
 else()
    find_library(OPENSSL_CRYPTO_LIBRARY NAMES crypto)
    find_library(OPENSSL_SSL_LIBRARY NAMES ssl)
 endif()
 _find_package(${ARGS})
 unset(OPENSSL_ROOT_DIR)
 if(DEFINED OPENSSL_ROOT_DIR_BAK)
    set(OPENSSL_ROOT_DIR "${OPENSSL_ROOT_DIR_BAK}")
    unset(OPENSSL_ROOT_DIR_BAK)
 endif()
 if(DEFINED OPENSSL_USE_STATIC_LIBS_BAK)
    set(OPENSSL_USE_STATIC_LIBS "${OPENSSL_USE_STATIC_LIBS_BAK}")
    unset(OPENSSL_USE_STATIC_LIBS_BAK)
 endif()
 if(OPENSSL_FOUND AND "@VCPKG_LIBRARY_LINKAGE@" STREQUAL "static")
    if(WIN32)
        list(APPEND OPENSSL_LIBRARIES crypt32 ws2_32)
        if(TARGET OpenSSL::Crypto)
            set_property(TARGET OpenSSL::Crypto APPEND PROPERTY INTERFACE_LINK_LIBRARIES "crypt32;ws2_32")
        endif()
        if(TARGET OpenSSL::SSL)
            set_property(TARGET OpenSSL::SSL APPEND PROPERTY INTERFACE_LINK_LIBRARIES "crypt32;ws2_32")
        endif()
    else()
        find_library(OPENSSL_DL_LIBRARY NAMES dl)
        if(OPENSSL_DL_LIBRARY)
            list(APPEND OPENSSL_LIBRARIES "dl")
            if(TARGET OpenSSL::Crypto)
                set_property(TARGET OpenSSL::Crypto APPEND PROPERTY INTERFACE_LINK_LIBRARIES "dl")
            endif()
        endif()
        if("REQUIRED" IN_LIST ARGS)
           find_package(Threads REQUIRED)
        else()
           find_package(Threads)
        endif()
        list(APPEND OPENSSL_LIBRARIES ${CMAKE_THREAD_LIBS_INIT})
        if(TARGET OpenSSL::Crypto)
            set_property(TARGET OpenSSL::Crypto APPEND PROPERTY INTERFACE_LINK_LIBRARIES "Threads::Threads")
        endif()
        if(TARGET OpenSSL::SSL)
            set_property(TARGET OpenSSL::SSL APPEND PROPERTY INTERFACE_LINK_LIBRARIES "Threads::Threads")
        endif()
    endif()
 endif()
 cmake_policy(POP)
--- a/vcpkg-custom-ports/openssl/vcpkg.json
+++ b/vcpkg-custom-ports/openssl/vcpkg.json
@ -0,0 +1,18 @@
 {
  "name": "openssl",
  "version-string": "1.1.1n",
  "port-version": 1,
  "description": "OpenSSL is an open source project that provides a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is also a general-purpose cryptography library.",
  "homepage": "https://www.openssl.org",
  "license": "OpenSSL",
  "dependencies": [
    {
      "name": "vcpkg-cmake",
      "host": true
    },
    {
      "name": "vcpkg-cmake-config",
      "host": true
    }
  ]
 }
--- a/vcpkg-custom-ports/openssl/windows/portfile.cmake
+++ b/vcpkg-custom-ports/openssl/windows/portfile.cmake
@ -0,0 +1,172 @@
 vcpkg_extract_source_archive_ex(
    OUT_SOURCE_PATH SOURCE_PATH
    ARCHIVE ${ARCHIVE}
 )
 vcpkg_find_acquire_program(NASM)
 get_filename_component(NASM_EXE_PATH "${NASM}" DIRECTORY)
 vcpkg_add_to_path(PREPEND "${NASM_EXE_PATH}")
 vcpkg_find_acquire_program(JOM)
 set(OPENSSL_SHARED no-shared)
 if(VCPKG_LIBRARY_LINKAGE STREQUAL dynamic)
    set(OPENSSL_SHARED shared)
 endif()
 set(CONFIGURE_OPTIONS
    enable-static-engine
    enable-capieng
    no-ssl2
    no-tests
    -utf-8
    ${OPENSSL_SHARED}
 )
 if(DEFINED OPENSSL_USE_NOPINSHARED)
    set(CONFIGURE_OPTIONS ${CONFIGURE_OPTIONS} no-pinshared)
 endif()
 if(OPENSSL_NO_AUTOLOAD_CONFIG)
    set(CONFIGURE_OPTIONS ${CONFIGURE_OPTIONS} no-autoload-config)
 endif()
 set(CONFIGURE_COMMAND "${PERL}" Configure ${CONFIGURE_OPTIONS})
 if(VCPKG_TARGET_ARCHITECTURE STREQUAL "x86")
    set(OPENSSL_ARCH VC-WIN32)
 elseif(VCPKG_TARGET_ARCHITECTURE STREQUAL "x64")
    set(OPENSSL_ARCH VC-WIN64A)
 elseif(VCPKG_TARGET_ARCHITECTURE STREQUAL "arm")
    set(OPENSSL_ARCH VC-WIN32-ARM)
 elseif(VCPKG_TARGET_ARCHITECTURE STREQUAL "arm64")
    set(OPENSSL_ARCH VC-WIN64-ARM)
 else()
    message(FATAL_ERROR "Unsupported target architecture: ${VCPKG_TARGET_ARCHITECTURE}")
 endif()
 set(OPENSSL_MAKEFILE "makefile")
 file(REMOVE_RECURSE "${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-rel"
                    "${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-dbg")
 if(NOT DEFINED VCPKG_BUILD_TYPE OR VCPKG_BUILD_TYPE STREQUAL "release")
    # Copy openssl sources.
    message(STATUS "Copying openssl release source files...")
    file(GLOB OPENSSL_SOURCE_FILES ${SOURCE_PATH}/*)
    foreach(SOURCE_FILE ${OPENSSL_SOURCE_FILES})
        file(COPY ${SOURCE_FILE} DESTINATION "${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-rel")
    endforeach()
    message(STATUS "Copying openssl release source files... done")
    set(SOURCE_PATH_RELEASE "${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-rel")
    set(OPENSSLDIR_RELEASE ${CURRENT_PACKAGES_DIR})
    message(STATUS "Configure ${TARGET_TRIPLET}-rel")
    vcpkg_execute_required_process(
        COMMAND ${CONFIGURE_COMMAND} ${OPENSSL_ARCH} "--prefix=${OPENSSLDIR_RELEASE}" "--openssldir=${OPENSSLDIR_RELEASE}" -FS
        WORKING_DIRECTORY ${SOURCE_PATH_RELEASE}
        LOGNAME configure-perl-${TARGET_TRIPLET}-rel
    )
    message(STATUS "Configure ${TARGET_TRIPLET}-rel done")
    message(STATUS "Build ${TARGET_TRIPLET}-rel")
    # Openssl's buildsystem has a race condition which will cause JOM to fail at some point.
    # This is ok; we just do as much work as we can in parallel first, then follow up with a single-threaded build.
    make_directory(${SOURCE_PATH_RELEASE}/inc32/openssl)
    execute_process(
        COMMAND "${JOM}" -k -j "${VCPKG_CONCURRENCY}" -f "${OPENSSL_MAKEFILE}"
        WORKING_DIRECTORY ${SOURCE_PATH_RELEASE}
        OUTPUT_FILE ${CURRENT_BUILDTREES_DIR}/build-${TARGET_TRIPLET}-rel-0-out.log
        ERROR_FILE ${CURRENT_BUILDTREES_DIR}/build-${TARGET_TRIPLET}-rel-0-err.log
    )
    vcpkg_execute_required_process(
        COMMAND "${JOM}" -j 1 -f "${OPENSSL_MAKEFILE}" install_sw install_ssldirs
        WORKING_DIRECTORY ${SOURCE_PATH_RELEASE}
        LOGNAME build-${TARGET_TRIPLET}-rel-1)
    message(STATUS "Build ${TARGET_TRIPLET}-rel done")
 endif()
 if(NOT DEFINED VCPKG_BUILD_TYPE OR VCPKG_BUILD_TYPE STREQUAL "debug")
    # Copy openssl sources.
    message(STATUS "Copying openssl debug source files...")
    file(GLOB OPENSSL_SOURCE_FILES ${SOURCE_PATH}/*)
    foreach(SOURCE_FILE ${OPENSSL_SOURCE_FILES})
        file(COPY ${SOURCE_FILE} DESTINATION "${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-dbg")
    endforeach()
    message(STATUS "Copying openssl debug source files... done")
    set(SOURCE_PATH_DEBUG "${CURRENT_BUILDTREES_DIR}/${TARGET_TRIPLET}-dbg")
    set(OPENSSLDIR_DEBUG ${CURRENT_PACKAGES_DIR}/debug)
    message(STATUS "Configure ${TARGET_TRIPLET}-dbg")
    vcpkg_execute_required_process(
        COMMAND ${CONFIGURE_COMMAND} debug-${OPENSSL_ARCH} "--prefix=${OPENSSLDIR_DEBUG}" "--openssldir=${OPENSSLDIR_DEBUG}" -FS
        WORKING_DIRECTORY ${SOURCE_PATH_DEBUG}
        LOGNAME configure-perl-${TARGET_TRIPLET}-dbg
    )
    message(STATUS "Configure ${TARGET_TRIPLET}-dbg done")
    message(STATUS "Build ${TARGET_TRIPLET}-dbg")
    make_directory(${SOURCE_PATH_DEBUG}/inc32/openssl)
    execute_process(
        COMMAND "${JOM}" -k -j "${VCPKG_CONCURRENCY}" -f "${OPENSSL_MAKEFILE}"
        WORKING_DIRECTORY ${SOURCE_PATH_DEBUG}
        OUTPUT_FILE ${CURRENT_BUILDTREES_DIR}/build-${TARGET_TRIPLET}-dbg-0-out.log
        ERROR_FILE ${CURRENT_BUILDTREES_DIR}/build-${TARGET_TRIPLET}-dbg-0-err.log
    )
    vcpkg_execute_required_process(
        COMMAND "${JOM}" -j 1 -f "${OPENSSL_MAKEFILE}" install_sw install_ssldirs
        WORKING_DIRECTORY ${SOURCE_PATH_DEBUG}
        LOGNAME build-${TARGET_TRIPLET}-dbg-1)
    message(STATUS "Build ${TARGET_TRIPLET}-dbg done")
 endif()
 file(REMOVE_RECURSE "${CURRENT_PACKAGES_DIR}/certs")
 file(REMOVE_RECURSE "${CURRENT_PACKAGES_DIR}/private")
 file(REMOVE_RECURSE "${CURRENT_PACKAGES_DIR}/lib/engines-1_1")
 file(REMOVE_RECURSE "${CURRENT_PACKAGES_DIR}/debug/certs")
 file(REMOVE_RECURSE "${CURRENT_PACKAGES_DIR}/debug/lib/engines-1_1")
 file(REMOVE_RECURSE "${CURRENT_PACKAGES_DIR}/debug/private")
 file(REMOVE_RECURSE "${CURRENT_PACKAGES_DIR}/debug/include")
 file(REMOVE
    "${CURRENT_PACKAGES_DIR}/ct_log_list.cnf"
    "${CURRENT_PACKAGES_DIR}/ct_log_list.cnf.dist"
    "${CURRENT_PACKAGES_DIR}/openssl.cnf.dist"
    "${CURRENT_PACKAGES_DIR}/debug/bin/openssl.exe"
    "${CURRENT_PACKAGES_DIR}/debug/ct_log_list.cnf"
    "${CURRENT_PACKAGES_DIR}/debug/ct_log_list.cnf.dist"
    "${CURRENT_PACKAGES_DIR}/debug/openssl.cnf"
    "${CURRENT_PACKAGES_DIR}/debug/openssl.cnf.dist"
 )
 file(MAKE_DIRECTORY "${CURRENT_PACKAGES_DIR}/tools/openssl/")
 file(RENAME "${CURRENT_PACKAGES_DIR}/bin/openssl.exe" "${CURRENT_PACKAGES_DIR}/tools/openssl/openssl.exe")
 file(RENAME "${CURRENT_PACKAGES_DIR}/openssl.cnf" "${CURRENT_PACKAGES_DIR}/tools/openssl/openssl.cnf")
 vcpkg_copy_tool_dependencies("${CURRENT_PACKAGES_DIR}/tools/openssl")
 if(VCPKG_LIBRARY_LINKAGE STREQUAL static)
    # They should be empty, only the exes deleted above were in these directories
    file(REMOVE_RECURSE "${CURRENT_PACKAGES_DIR}/debug/bin/")
    file(REMOVE_RECURSE "${CURRENT_PACKAGES_DIR}/bin/")
 endif()
 vcpkg_replace_string("${CURRENT_PACKAGES_DIR}/include/openssl/dtls1.h"
    "<winsock.h>"
    "<winsock2.h>"
 )
 vcpkg_replace_string("${CURRENT_PACKAGES_DIR}/include/openssl/rand.h"
    "#  include <windows.h>"
    "#ifndef _WINSOCKAPI_\n#define _WINSOCKAPI_\n#endif\n#  include <windows.h>"
 )
 vcpkg_copy_pdbs()
 file(INSTALL "${SOURCE_PATH}/LICENSE" DESTINATION "${CURRENT_PACKAGES_DIR}/share/${PORT}" RENAME copyright)