about summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--LIBTLS_VERSION1
-rw-r--r--Makefile.am38
-rw-r--r--Makefile.am.common3
-rw-r--r--VERSION2
-rw-r--r--compat/arc4random.c196
-rw-r--r--compat/arc4random.h38
-rw-r--r--compat/arc4random_aix.h81
-rw-r--r--compat/arc4random_freebsd.h87
-rw-r--r--compat/arc4random_hpux.h81
-rw-r--r--compat/arc4random_linux.h88
-rw-r--r--compat/arc4random_netbsd.h87
-rw-r--r--compat/arc4random_osx.h81
-rw-r--r--compat/arc4random_solaris.h81
-rw-r--r--compat/arc4random_uniform.c56
-rw-r--r--compat/arc4random_win.h78
-rw-r--r--compat/bsd-asprintf.c96
-rw-r--r--compat/chacha_private.h222
-rw-r--r--compat/explicit_bzero.c19
-rw-r--r--compat/explicit_bzero_win.c13
-rw-r--r--compat/freezero.c32
-rw-r--r--compat/ftruncate.c17
-rw-r--r--compat/getentropy_aix.c402
-rw-r--r--compat/getentropy_freebsd.c62
-rw-r--r--compat/getentropy_hpux.c396
-rw-r--r--compat/getentropy_linux.c525
-rw-r--r--compat/getentropy_netbsd.c64
-rw-r--r--compat/getentropy_osx.c417
-rw-r--r--compat/getentropy_solaris.c422
-rw-r--r--compat/getentropy_win.c59
-rw-r--r--compat/getpagesize.c18
-rw-r--r--compat/getprogname_linux.c23
-rw-r--r--compat/getprogname_unimpl.c7
-rw-r--r--compat/getprogname_windows.c13
-rw-r--r--compat/posix_win.c245
-rw-r--r--compat/pread.c29
-rw-r--r--compat/pwrite.c29
-rw-r--r--compat/reallocarray.c38
-rw-r--r--compat/strcasecmp.c105
-rw-r--r--compat/strlcpy.c50
-rw-r--r--compat/strsep.c70
-rw-r--r--compat/timegm.c220
-rw-r--r--compat/timingsafe_memcmp.c46
-rw-r--r--configure.ac165
-rw-r--r--include/Makefile.am45
-rw-r--r--include/compat/arpa/inet.h15
-rw-r--r--include/compat/fcntl.h32
-rw-r--r--include/compat/limits.h25
-rw-r--r--include/compat/netdb.h10
-rw-r--r--include/compat/netinet/in.h19
-rw-r--r--include/compat/netinet/ip.h47
-rw-r--r--include/compat/netinet/tcp.h10
-rw-r--r--include/compat/pthread.h86
-rw-r--r--include/compat/stdio.h51
-rw-r--r--include/compat/stdlib.h47
-rw-r--r--include/compat/string.h87
-rw-r--r--include/compat/sys/ioctl.h11
-rw-r--r--include/compat/sys/mman.h19
-rw-r--r--include/compat/sys/param.h15
-rw-r--r--include/compat/sys/socket.h17
-rw-r--r--include/compat/sys/stat.h121
-rw-r--r--include/compat/sys/time.h28
-rw-r--r--include/compat/sys/types.h81
-rw-r--r--include/compat/time.h60
-rw-r--r--include/compat/unistd.h78
-rw-r--r--include/compat/win32netcompat.h57
-rw-r--r--include/tls.h226
-rw-r--r--libtls.pc.in16
-rw-r--r--m4/check-hardening-options.m4109
-rw-r--r--m4/check-libc.m4169
-rw-r--r--m4/check-os-options.m4142
-rw-r--r--m4/disable-compiler-warnings.m429
-rw-r--r--man/Makefile.am5611
-rw-r--r--man/tls_accept_socket.3107
-rw-r--r--man/tls_client.3110
-rw-r--r--man/tls_config_ocsp_require_stapling.340
-rw-r--r--man/tls_config_set_protocols.3197
-rw-r--r--man/tls_config_set_session_id.3105
-rw-r--r--man/tls_config_verify.379
-rw-r--r--man/tls_conn_version.3214
-rw-r--r--man/tls_connect.3144
-rw-r--r--man/tls_init.3180
-rw-r--r--man/tls_load_file.3371
-rw-r--r--man/tls_ocsp_process_response.3167
-rw-r--r--man/tls_read.3245
-rw-r--r--tls.c828
-rw-r--r--tls.sym90
-rw-r--r--tls_bio_cb.c143
-rw-r--r--tls_client.c474
-rw-r--r--tls_config.c907
-rw-r--r--tls_conninfo.c346
-rw-r--r--tls_internal.h298
-rw-r--r--tls_keypair.c169
-rw-r--r--tls_ocsp.c453
-rw-r--r--tls_peer.c99
-rw-r--r--tls_server.c454
-rw-r--r--tls_util.c225
-rw-r--r--tls_verify.c280
97 files changed, 18790 insertions, 0 deletions
diff --git a/LIBTLS_VERSION b/LIBTLS_VERSION
new file mode 100644
index 0000000..77c98b5
--- /dev/null
+++ b/LIBTLS_VERSION
@@ -0,0 +1 @@
+20:1:0
diff --git a/Makefile.am b/Makefile.am
new file mode 100644
index 0000000..942abf9
--- /dev/null
+++ b/Makefile.am
@@ -0,0 +1,38 @@
+include $(top_srcdir)/Makefile.am.common
+
+lib_LTLIBRARIES = libtls.la
+
+EXTRA_DIST = VERSION
+EXTRA_DIST += CMakeLists.txt
+EXTRA_DIST += tls.sym
+
+libtls_la_LDFLAGS = -version-info @LIBTLS_VERSION@ -no-undefined -export-symbols $(top_srcdir)/tls/tls.sym
+libtls_la_LIBADD = $(abs_top_builddir)/ssl/libssl.la
+libtls_la_LIBADD += $(abs_top_builddir)/crypto/libcrypto.la
+libtls_la_LIBADD += $(PLATFORM_LDADD)
+
+libtls_la_CPPFLAGS = $(AM_CPPFLAGS)
+if OPENSSLDIR_DEFINED
+libtls_la_CPPFLAGS += -DTLS_DEFAULT_CA_FILE=\"@OPENSSLDIR@/cert.pem\"
+else
+libtls_la_CPPFLAGS += -DTLS_DEFAULT_CA_FILE=\"$(sysconfdir)/ssl/cert.pem\"
+endif
+
+libtls_la_SOURCES = tls.c
+libtls_la_SOURCES += tls_client.c
+libtls_la_SOURCES += tls_bio_cb.c
+libtls_la_SOURCES += tls_config.c
+libtls_la_SOURCES += tls_conninfo.c
+libtls_la_SOURCES += tls_keypair.c
+libtls_la_SOURCES += tls_server.c
+libtls_la_SOURCES += tls_ocsp.c
+libtls_la_SOURCES += tls_peer.c
+libtls_la_SOURCES += tls_util.c
+libtls_la_SOURCES += tls_verify.c
+noinst_HEADERS = tls_internal.h
+
+if HOST_WIN
+libtls_la_SOURCES += compat/ftruncate.c
+libtls_la_SOURCES += compat/pread.c
+libtls_la_SOURCES += compat/pwrite.c
+endif
diff --git a/Makefile.am.common b/Makefile.am.common
new file mode 100644
index 0000000..87aa807
--- /dev/null
+++ b/Makefile.am.common
@@ -0,0 +1,3 @@
+AM_CFLAGS =
+AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/include/compat -DLIBRESSL_INTERNAL
+AM_CPPFLAGS += -D__BEGIN_HIDDEN_DECLS= -D__END_HIDDEN_DECLS=
diff --git a/VERSION b/VERSION
new file mode 100644
index 0000000..252fb77
--- /dev/null
+++ b/VERSION
@@ -0,0 +1,2 @@
+3.2.0
+
diff --git a/compat/arc4random.c b/compat/arc4random.c
new file mode 100644
index 0000000..2bb4dbf
--- /dev/null
+++ b/compat/arc4random.c
@@ -0,0 +1,196 @@
+/*	$OpenBSD: arc4random.c,v 1.55 2019/03/24 17:56:54 deraadt Exp $	*/
+
+/*
+ * Copyright (c) 1996, David Mazieres <dm@uun.org>
+ * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
+ * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
+ * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * ChaCha based random number generator for OpenBSD.
+ */
+
+#include <fcntl.h>
+#include <limits.h>
+#include <signal.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/time.h>
+
+#define KEYSTREAM_ONLY
+#include "chacha_private.h"
+
+#define minimum(a, b) ((a) < (b) ? (a) : (b))
+
+#if defined(__GNUC__) || defined(_MSC_VER)
+#define inline __inline
+#else				/* __GNUC__ || _MSC_VER */
+#define inline
+#endif				/* !__GNUC__ && !_MSC_VER */
+
+#define KEYSZ	32
+#define IVSZ	8
+#define BLOCKSZ	64
+#define RSBUFSZ	(16*BLOCKSZ)
+
+/* Marked MAP_INHERIT_ZERO, so zero'd out in fork children. */
+static struct _rs {
+	size_t		rs_have;	/* valid bytes at end of rs_buf */
+	size_t		rs_count;	/* bytes till reseed */
+} *rs;
+
+/* Maybe be preserved in fork children, if _rs_allocate() decides. */
+static struct _rsx {
+	chacha_ctx	rs_chacha;	/* chacha context for random keystream */
+	u_char		rs_buf[RSBUFSZ];	/* keystream blocks */
+} *rsx;
+
+static inline int _rs_allocate(struct _rs **, struct _rsx **);
+static inline void _rs_forkdetect(void);
+#include "arc4random.h"
+
+static inline void _rs_rekey(u_char *dat, size_t datlen);
+
+static inline void
+_rs_init(u_char *buf, size_t n)
+{
+	if (n < KEYSZ + IVSZ)
+		return;
+
+	if (rs == NULL) {
+		if (_rs_allocate(&rs, &rsx) == -1)
+			_exit(1);
+	}
+
+	chacha_keysetup(&rsx->rs_chacha, buf, KEYSZ * 8, 0);
+	chacha_ivsetup(&rsx->rs_chacha, buf + KEYSZ);
+}
+
+static void
+_rs_stir(void)
+{
+	u_char rnd[KEYSZ + IVSZ];
+
+	if (getentropy(rnd, sizeof rnd) == -1)
+		_getentropy_fail();
+
+	if (!rs)
+		_rs_init(rnd, sizeof(rnd));
+	else
+		_rs_rekey(rnd, sizeof(rnd));
+	explicit_bzero(rnd, sizeof(rnd));	/* discard source seed */
+
+	/* invalidate rs_buf */
+	rs->rs_have = 0;
+	memset(rsx->rs_buf, 0, sizeof(rsx->rs_buf));
+
+	rs->rs_count = 1600000;
+}
+
+static inline void
+_rs_stir_if_needed(size_t len)
+{
+	_rs_forkdetect();
+	if (!rs || rs->rs_count <= len)
+		_rs_stir();
+	if (rs->rs_count <= len)
+		rs->rs_count = 0;
+	else
+		rs->rs_count -= len;
+}
+
+static inline void
+_rs_rekey(u_char *dat, size_t datlen)
+{
+#ifndef KEYSTREAM_ONLY
+	memset(rsx->rs_buf, 0, sizeof(rsx->rs_buf));
+#endif
+	/* fill rs_buf with the keystream */
+	chacha_encrypt_bytes(&rsx->rs_chacha, rsx->rs_buf,
+	    rsx->rs_buf, sizeof(rsx->rs_buf));
+	/* mix in optional user provided data */
+	if (dat) {
+		size_t i, m;
+
+		m = minimum(datlen, KEYSZ + IVSZ);
+		for (i = 0; i < m; i++)
+			rsx->rs_buf[i] ^= dat[i];
+	}
+	/* immediately reinit for backtracking resistance */
+	_rs_init(rsx->rs_buf, KEYSZ + IVSZ);
+	memset(rsx->rs_buf, 0, KEYSZ + IVSZ);
+	rs->rs_have = sizeof(rsx->rs_buf) - KEYSZ - IVSZ;
+}
+
+static inline void
+_rs_random_buf(void *_buf, size_t n)
+{
+	u_char *buf = (u_char *)_buf;
+	u_char *keystream;
+	size_t m;
+
+	_rs_stir_if_needed(n);
+	while (n > 0) {
+		if (rs->rs_have > 0) {
+			m = minimum(n, rs->rs_have);
+			keystream = rsx->rs_buf + sizeof(rsx->rs_buf)
+			    - rs->rs_have;
+			memcpy(buf, keystream, m);
+			memset(keystream, 0, m);
+			buf += m;
+			n -= m;
+			rs->rs_have -= m;
+		}
+		if (rs->rs_have == 0)
+			_rs_rekey(NULL, 0);
+	}
+}
+
+static inline void
+_rs_random_u32(uint32_t *val)
+{
+	u_char *keystream;
+
+	_rs_stir_if_needed(sizeof(*val));
+	if (rs->rs_have < sizeof(*val))
+		_rs_rekey(NULL, 0);
+	keystream = rsx->rs_buf + sizeof(rsx->rs_buf) - rs->rs_have;
+	memcpy(val, keystream, sizeof(*val));
+	memset(keystream, 0, sizeof(*val));
+	rs->rs_have -= sizeof(*val);
+}
+
+uint32_t
+arc4random(void)
+{
+	uint32_t val;
+
+	_ARC4_LOCK();
+	_rs_random_u32(&val);
+	_ARC4_UNLOCK();
+	return val;
+}
+
+void
+arc4random_buf(void *buf, size_t n)
+{
+	_ARC4_LOCK();
+	_rs_random_buf(buf, n);
+	_ARC4_UNLOCK();
+}
diff --git a/compat/arc4random.h b/compat/arc4random.h
new file mode 100644
index 0000000..ffa3239
--- /dev/null
+++ b/compat/arc4random.h
@@ -0,0 +1,38 @@
+#ifndef LIBCRYPTOCOMPAT_ARC4RANDOM_H
+#define LIBCRYPTOCOMPAT_ARC4RANDOM_H
+
+#include <sys/param.h>
+
+#if defined(_AIX)
+#include "arc4random_aix.h"
+
+#elif defined(__FreeBSD__)
+#include "arc4random_freebsd.h"
+
+#elif defined(__hpux)
+#include "arc4random_hpux.h"
+
+#elif defined(__linux__)
+#include "arc4random_linux.h"
+
+#elif defined(__midipix__)
+#include "arc4random_linux.h"
+
+#elif defined(__NetBSD__)
+#include "arc4random_netbsd.h"
+
+#elif defined(__APPLE__)
+#include "arc4random_osx.h"
+
+#elif defined(__sun)
+#include "arc4random_solaris.h"
+
+#elif defined(_WIN32)
+#include "arc4random_win.h"
+
+#else
+#error "No arc4random hooks defined for this platform."
+
+#endif
+
+#endif
diff --git a/compat/arc4random_aix.h b/compat/arc4random_aix.h
new file mode 100644
index 0000000..3142a1f
--- /dev/null
+++ b/compat/arc4random_aix.h
@@ -0,0 +1,81 @@
+/*	$OpenBSD: arc4random_aix.h,v 1.2 2016/06/30 12:19:51 bcook Exp $	*/
+
+/*
+ * Copyright (c) 1996, David Mazieres <dm@uun.org>
+ * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
+ * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
+ * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * Stub functions for portability.
+ */
+
+#include <sys/mman.h>
+
+#include <pthread.h>
+#include <signal.h>
+
+static pthread_mutex_t arc4random_mtx = PTHREAD_MUTEX_INITIALIZER;
+#define _ARC4_LOCK()   pthread_mutex_lock(&arc4random_mtx)
+#define _ARC4_UNLOCK() pthread_mutex_unlock(&arc4random_mtx)
+
+#define _ARC4_ATFORK(f) pthread_atfork(NULL, NULL, (f))
+
+static inline void
+_getentropy_fail(void)
+{
+	raise(SIGKILL);
+}
+
+static volatile sig_atomic_t _rs_forked;
+
+static inline void
+_rs_forkhandler(void)
+{
+	_rs_forked = 1;
+}
+
+static inline void
+_rs_forkdetect(void)
+{
+	static pid_t _rs_pid = 0;
+	pid_t pid = getpid();
+
+	if (_rs_pid == 0 || _rs_pid != pid || _rs_forked) {
+		_rs_pid = pid;
+		_rs_forked = 0;
+		if (rs)
+			memset(rs, 0, sizeof(*rs));
+	}
+}
+
+static inline int
+_rs_allocate(struct _rs **rsp, struct _rsx **rsxp)
+{
+	if ((*rsp = mmap(NULL, sizeof(**rsp), PROT_READ|PROT_WRITE,
+	    MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED)
+		return (-1);
+
+	if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE,
+	    MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) {
+		munmap(*rsp, sizeof(**rsp));
+		*rsp = NULL;
+		return (-1);
+	}
+
+	_ARC4_ATFORK(_rs_forkhandler);
+	return (0);
+}
diff --git a/compat/arc4random_freebsd.h b/compat/arc4random_freebsd.h
new file mode 100644
index 0000000..3faa5e4
--- /dev/null
+++ b/compat/arc4random_freebsd.h
@@ -0,0 +1,87 @@
+/*	$OpenBSD: arc4random_freebsd.h,v 1.4 2016/06/30 12:19:51 bcook Exp $	*/
+
+/*
+ * Copyright (c) 1996, David Mazieres <dm@uun.org>
+ * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
+ * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
+ * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * Stub functions for portability.
+ */
+
+#include <sys/mman.h>
+
+#include <pthread.h>
+#include <signal.h>
+
+static pthread_mutex_t arc4random_mtx = PTHREAD_MUTEX_INITIALIZER;
+#define _ARC4_LOCK()   pthread_mutex_lock(&arc4random_mtx)
+#define _ARC4_UNLOCK() pthread_mutex_unlock(&arc4random_mtx)
+
+/*
+ * Unfortunately, pthread_atfork() is broken on FreeBSD (at least 9 and 10) if
+ * a program does not link to -lthr. Callbacks registered with pthread_atfork()
+ * appear to fail silently. So, it is not always possible to detect a PID
+ * wraparound.
+ */
+#define _ARC4_ATFORK(f) pthread_atfork(NULL, NULL, (f))
+
+static inline void
+_getentropy_fail(void)
+{
+	raise(SIGKILL);
+}
+
+static volatile sig_atomic_t _rs_forked;
+
+static inline void
+_rs_forkhandler(void)
+{
+	_rs_forked = 1;
+}
+
+static inline void
+_rs_forkdetect(void)
+{
+	static pid_t _rs_pid = 0;
+	pid_t pid = getpid();
+
+	if (_rs_pid == 0 || _rs_pid != pid || _rs_forked) {
+		_rs_pid = pid;
+		_rs_forked = 0;
+		if (rs)
+			memset(rs, 0, sizeof(*rs));
+	}
+}
+
+static inline int
+_rs_allocate(struct _rs **rsp, struct _rsx **rsxp)
+{
+	if ((*rsp = mmap(NULL, sizeof(**rsp), PROT_READ|PROT_WRITE,
+	    MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED)
+		return (-1);
+
+	if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE,
+	    MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) {
+		munmap(*rsp, sizeof(**rsp));
+		*rsp = NULL;
+		return (-1);
+	}
+
+	_ARC4_ATFORK(_rs_forkhandler);
+	return (0);
+}
diff --git a/compat/arc4random_hpux.h b/compat/arc4random_hpux.h
new file mode 100644
index 0000000..2a3fe8c
--- /dev/null
+++ b/compat/arc4random_hpux.h
@@ -0,0 +1,81 @@
+/*	$OpenBSD: arc4random_hpux.h,v 1.3 2016/06/30 12:19:51 bcook Exp $	*/
+
+/*
+ * Copyright (c) 1996, David Mazieres <dm@uun.org>
+ * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
+ * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
+ * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * Stub functions for portability.
+ */
+
+#include <sys/mman.h>
+
+#include <pthread.h>
+#include <signal.h>
+
+static pthread_mutex_t arc4random_mtx = PTHREAD_MUTEX_INITIALIZER;
+#define _ARC4_LOCK()   pthread_mutex_lock(&arc4random_mtx)
+#define _ARC4_UNLOCK() pthread_mutex_unlock(&arc4random_mtx)
+
+#define _ARC4_ATFORK(f) pthread_atfork(NULL, NULL, (f))
+
+static inline void
+_getentropy_fail(void)
+{
+	raise(SIGKILL);
+}
+
+static volatile sig_atomic_t _rs_forked;
+
+static inline void
+_rs_forkhandler(void)
+{
+	_rs_forked = 1;
+}
+
+static inline void
+_rs_forkdetect(void)
+{
+	static pid_t _rs_pid = 0;
+	pid_t pid = getpid();
+
+	if (_rs_pid == 0 || _rs_pid != pid || _rs_forked) {
+		_rs_pid = pid;
+		_rs_forked = 0;
+		if (rs)
+			memset(rs, 0, sizeof(*rs));
+	}
+}
+
+static inline int
+_rs_allocate(struct _rs **rsp, struct _rsx **rsxp)
+{
+	if ((*rsp = mmap(NULL, sizeof(**rsp), PROT_READ|PROT_WRITE,
+	    MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED)
+		return (-1);
+
+	if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE,
+	    MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) {
+		munmap(*rsp, sizeof(**rsp));
+		*rsp = NULL;
+		return (-1);
+	}
+
+	_ARC4_ATFORK(_rs_forkhandler);
+	return (0);
+}
diff --git a/compat/arc4random_linux.h b/compat/arc4random_linux.h
new file mode 100644
index 0000000..5e1cf34
--- /dev/null
+++ b/compat/arc4random_linux.h
@@ -0,0 +1,88 @@
+/*	$OpenBSD: arc4random_linux.h,v 1.12 2019/07/11 10:37:28 inoguchi Exp $	*/
+
+/*
+ * Copyright (c) 1996, David Mazieres <dm@uun.org>
+ * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
+ * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
+ * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * Stub functions for portability.
+ */
+
+#include <sys/mman.h>
+
+#include <pthread.h>
+#include <signal.h>
+
+static pthread_mutex_t arc4random_mtx = PTHREAD_MUTEX_INITIALIZER;
+#define _ARC4_LOCK()   pthread_mutex_lock(&arc4random_mtx)
+#define _ARC4_UNLOCK() pthread_mutex_unlock(&arc4random_mtx)
+
+#if defined(__GLIBC__) && !(defined(__UCLIBC__) && !defined(__ARCH_USE_MMU__))
+extern void *__dso_handle;
+extern int __register_atfork(void (*)(void), void(*)(void), void (*)(void), void *);
+#define _ARC4_ATFORK(f) __register_atfork(NULL, NULL, (f), __dso_handle)
+#else
+#define _ARC4_ATFORK(f) pthread_atfork(NULL, NULL, (f))
+#endif
+
+static inline void
+_getentropy_fail(void)
+{
+	raise(SIGKILL);
+}
+
+static volatile sig_atomic_t _rs_forked;
+
+static inline void
+_rs_forkhandler(void)
+{
+	_rs_forked = 1;
+}
+
+static inline void
+_rs_forkdetect(void)
+{
+	static pid_t _rs_pid = 0;
+	pid_t pid = getpid();
+
+        /* XXX unusual calls to clone() can bypass checks */
+	if (_rs_pid == 0 || _rs_pid == 1 || _rs_pid != pid || _rs_forked) {
+		_rs_pid = pid;
+		_rs_forked = 0;
+		if (rs)
+			memset(rs, 0, sizeof(*rs));
+	}
+}
+
+static inline int
+_rs_allocate(struct _rs **rsp, struct _rsx **rsxp)
+{
+	if ((*rsp = mmap(NULL, sizeof(**rsp), PROT_READ|PROT_WRITE,
+	    MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED)
+		return (-1);
+
+	if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE,
+	    MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) {
+		munmap(*rsp, sizeof(**rsp));
+		*rsp = NULL;
+		return (-1);
+	}
+
+	_ARC4_ATFORK(_rs_forkhandler);
+	return (0);
+}
diff --git a/compat/arc4random_netbsd.h b/compat/arc4random_netbsd.h
new file mode 100644
index 0000000..611997d
--- /dev/null
+++ b/compat/arc4random_netbsd.h
@@ -0,0 +1,87 @@
+/*	$OpenBSD: arc4random_netbsd.h,v 1.3 2016/06/30 12:19:51 bcook Exp $	*/
+
+/*
+ * Copyright (c) 1996, David Mazieres <dm@uun.org>
+ * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
+ * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
+ * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * Stub functions for portability.
+ */
+
+#include <sys/mman.h>
+
+#include <pthread.h>
+#include <signal.h>
+
+static pthread_mutex_t arc4random_mtx = PTHREAD_MUTEX_INITIALIZER;
+#define _ARC4_LOCK()   pthread_mutex_lock(&arc4random_mtx)
+#define _ARC4_UNLOCK() pthread_mutex_unlock(&arc4random_mtx)
+
+/*
+ * Unfortunately, pthread_atfork() is broken on FreeBSD (at least 9 and 10) if
+ * a program does not link to -lthr. Callbacks registered with pthread_atfork()
+ * appear to fail silently. So, it is not always possible to detect a PID
+ * wraparound.
+ */
+#define _ARC4_ATFORK(f) pthread_atfork(NULL, NULL, (f))
+
+static inline void
+_getentropy_fail(void)
+{
+	raise(SIGKILL);
+}
+
+static volatile sig_atomic_t _rs_forked;
+
+static inline void
+_rs_forkhandler(void)
+{
+	_rs_forked = 1;
+}
+
+static inline void
+_rs_forkdetect(void)
+{
+	static pid_t _rs_pid = 0;
+	pid_t pid = getpid();
+
+	if (_rs_pid == 0 || _rs_pid != pid || _rs_forked) {
+		_rs_pid = pid;
+		_rs_forked = 0;
+		if (rs)
+			memset(rs, 0, sizeof(*rs));
+	}
+}
+
+static inline int
+_rs_allocate(struct _rs **rsp, struct _rsx **rsxp)
+{
+	if ((*rsp = mmap(NULL, sizeof(**rsp), PROT_READ|PROT_WRITE,
+	    MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED)
+		return (-1);
+
+	if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE,
+	    MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) {
+		munmap(*rsp, sizeof(**rsp));
+		*rsp = NULL;
+		return (-1);
+	}
+
+	_ARC4_ATFORK(_rs_forkhandler);
+	return (0);
+}
diff --git a/compat/arc4random_osx.h b/compat/arc4random_osx.h
new file mode 100644
index 0000000..818ae6b
--- /dev/null
+++ b/compat/arc4random_osx.h
@@ -0,0 +1,81 @@
+/*	$OpenBSD: arc4random_osx.h,v 1.11 2016/06/30 12:19:51 bcook Exp $	*/
+
+/*
+ * Copyright (c) 1996, David Mazieres <dm@uun.org>
+ * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
+ * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
+ * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * Stub functions for portability.
+ */
+
+#include <sys/mman.h>
+
+#include <pthread.h>
+#include <signal.h>
+
+static pthread_mutex_t arc4random_mtx = PTHREAD_MUTEX_INITIALIZER;
+#define _ARC4_LOCK()   pthread_mutex_lock(&arc4random_mtx)
+#define _ARC4_UNLOCK() pthread_mutex_unlock(&arc4random_mtx)
+
+#define _ARC4_ATFORK(f) pthread_atfork(NULL, NULL, (f))
+
+static inline void
+_getentropy_fail(void)
+{
+	raise(SIGKILL);
+}
+
+static volatile sig_atomic_t _rs_forked;
+
+static inline void
+_rs_forkhandler(void)
+{
+	_rs_forked = 1;
+}
+
+static inline void
+_rs_forkdetect(void)
+{
+	static pid_t _rs_pid = 0;
+	pid_t pid = getpid();
+
+	if (_rs_pid == 0 || _rs_pid != pid || _rs_forked) {
+		_rs_pid = pid;
+		_rs_forked = 0;
+		if (rs)
+			memset(rs, 0, sizeof(*rs));
+	}
+}
+
+static inline int
+_rs_allocate(struct _rs **rsp, struct _rsx **rsxp)
+{
+	if ((*rsp = mmap(NULL, sizeof(**rsp), PROT_READ|PROT_WRITE,
+	    MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED)
+		return (-1);
+
+	if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE,
+	    MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) {
+		munmap(*rsp, sizeof(**rsp));
+		*rsp = NULL;
+		return (-1);
+	}
+
+	_ARC4_ATFORK(_rs_forkhandler);
+	return (0);
+}
diff --git a/compat/arc4random_solaris.h b/compat/arc4random_solaris.h
new file mode 100644
index 0000000..b1084cd
--- /dev/null
+++ b/compat/arc4random_solaris.h
@@ -0,0 +1,81 @@
+/*	$OpenBSD: arc4random_solaris.h,v 1.10 2016/06/30 12:19:51 bcook Exp $	*/
+
+/*
+ * Copyright (c) 1996, David Mazieres <dm@uun.org>
+ * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
+ * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
+ * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * Stub functions for portability.
+ */
+
+#include <sys/mman.h>
+
+#include <pthread.h>
+#include <signal.h>
+
+static pthread_mutex_t arc4random_mtx = PTHREAD_MUTEX_INITIALIZER;
+#define _ARC4_LOCK()   pthread_mutex_lock(&arc4random_mtx)
+#define _ARC4_UNLOCK() pthread_mutex_unlock(&arc4random_mtx)
+
+#define _ARC4_ATFORK(f) pthread_atfork(NULL, NULL, (f))
+
+static inline void
+_getentropy_fail(void)
+{
+	raise(SIGKILL);
+}
+
+static volatile sig_atomic_t _rs_forked;
+
+static inline void
+_rs_forkhandler(void)
+{
+	_rs_forked = 1;
+}
+
+static inline void
+_rs_forkdetect(void)
+{
+	static pid_t _rs_pid = 0;
+	pid_t pid = getpid();
+
+	if (_rs_pid == 0 || _rs_pid != pid || _rs_forked) {
+		_rs_pid = pid;
+		_rs_forked = 0;
+		if (rs)
+			memset(rs, 0, sizeof(*rs));
+	}
+}
+
+static inline int
+_rs_allocate(struct _rs **rsp, struct _rsx **rsxp)
+{
+	if ((*rsp = mmap(NULL, sizeof(**rsp), PROT_READ|PROT_WRITE,
+	    MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED)
+		return (-1);
+
+	if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE,
+	    MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) {
+		munmap(*rsp, sizeof(**rsp));
+		*rsp = NULL;
+		return (-1);
+	}
+
+	_ARC4_ATFORK(_rs_forkhandler);
+	return (0);
+}
diff --git a/compat/arc4random_uniform.c b/compat/arc4random_uniform.c
new file mode 100644
index 0000000..06cd29c
--- /dev/null
+++ b/compat/arc4random_uniform.c
@@ -0,0 +1,56 @@
+/*	$OpenBSD: arc4random_uniform.c,v 1.3 2019/01/20 02:59:07 bcook Exp $	*/
+
+/*
+ * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <stdint.h>
+#include <stdlib.h>
+
+/*
+ * Calculate a uniformly distributed random number less than upper_bound
+ * avoiding "modulo bias".
+ *
+ * Uniformity is achieved by generating new random numbers until the one
+ * returned is outside the range [0, 2**32 % upper_bound).  This
+ * guarantees the selected random number will be inside
+ * [2**32 % upper_bound, 2**32) which maps back to [0, upper_bound)
+ * after reduction modulo upper_bound.
+ */
+uint32_t
+arc4random_uniform(uint32_t upper_bound)
+{
+	uint32_t r, min;
+
+	if (upper_bound < 2)
+		return 0;
+
+	/* 2**32 % x == (2**32 - x) % x */
+	min = -upper_bound % upper_bound;
+
+	/*
+	 * This could theoretically loop forever but each retry has
+	 * p > 0.5 (worst case, usually far better) of selecting a
+	 * number inside the range we need, so it should rarely need
+	 * to re-roll.
+	 */
+	for (;;) {
+		r = arc4random();
+		if (r >= min)
+			break;
+	}
+
+	return r % upper_bound;
+}
diff --git a/compat/arc4random_win.h b/compat/arc4random_win.h
new file mode 100644
index 0000000..deec8a1
--- /dev/null
+++ b/compat/arc4random_win.h
@@ -0,0 +1,78 @@
+/*	$OpenBSD: arc4random_win.h,v 1.6 2016/06/30 12:17:29 bcook Exp $	*/
+
+/*
+ * Copyright (c) 1996, David Mazieres <dm@uun.org>
+ * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
+ * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
+ * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * Stub functions for portability.
+ */
+
+#include <windows.h>
+
+static volatile HANDLE arc4random_mtx = NULL;
+
+/*
+ * Initialize the mutex on the first lock attempt. On collision, each thread
+ * will attempt to allocate a mutex and compare-and-swap it into place as the
+ * global mutex. On failure to swap in the global mutex, the mutex is closed.
+ */
+#define _ARC4_LOCK() { \
+	if (!arc4random_mtx) { \
+		HANDLE p = CreateMutex(NULL, FALSE, NULL); \
+		if (InterlockedCompareExchangePointer((void **)&arc4random_mtx, (void *)p, NULL)) \
+			CloseHandle(p); \
+	} \
+	WaitForSingleObject(arc4random_mtx, INFINITE); \
+} \
+
+#define _ARC4_UNLOCK() ReleaseMutex(arc4random_mtx)
+
+static inline void
+_getentropy_fail(void)
+{
+	TerminateProcess(GetCurrentProcess(), 0);
+}
+
+static inline int
+_rs_allocate(struct _rs **rsp, struct _rsx **rsxp)
+{
+	*rsp = VirtualAlloc(NULL, sizeof(**rsp),
+	    MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
+	if (*rsp == NULL)
+		return (-1);
+
+	*rsxp = VirtualAlloc(NULL, sizeof(**rsxp),
+	    MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
+	if (*rsxp == NULL) {
+		VirtualFree(*rsp, 0, MEM_RELEASE);
+		*rsp = NULL;
+		return (-1);
+	}
+	return (0);
+}
+
+static inline void
+_rs_forkhandler(void)
+{
+}
+
+static inline void
+_rs_forkdetect(void)
+{
+}
diff --git a/compat/bsd-asprintf.c b/compat/bsd-asprintf.c
new file mode 100644
index 0000000..3728bc5
--- /dev/null
+++ b/compat/bsd-asprintf.c
@@ -0,0 +1,96 @@
+/*
+ * Copyright (c) 2004 Darren Tucker.
+ *
+ * Based originally on asprintf.c from OpenBSD:
+ * Copyright (c) 1997 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef HAVE_ASPRINTF
+
+#include <errno.h>
+#include <limits.h> /* for INT_MAX */
+#include <stdarg.h>
+#include <stdio.h> /* for vsnprintf */
+#include <stdlib.h>
+
+#ifndef VA_COPY
+# ifdef HAVE_VA_COPY
+#  define VA_COPY(dest, src) va_copy(dest, src)
+# else
+#  ifdef HAVE___VA_COPY
+#   define VA_COPY(dest, src) __va_copy(dest, src)
+#  else
+#   define VA_COPY(dest, src) (dest) = (src)
+#  endif
+# endif
+#endif
+
+#define INIT_SZ	128
+
+int
+vasprintf(char **str, const char *fmt, va_list ap)
+{
+	int ret;
+	va_list ap2;
+	char *string, *newstr;
+	size_t len;
+
+	if ((string = malloc(INIT_SZ)) == NULL)
+		goto fail;
+
+	VA_COPY(ap2, ap);
+	ret = vsnprintf(string, INIT_SZ, fmt, ap2);
+	va_end(ap2);
+	if (ret >= 0 && ret < INIT_SZ) { /* succeeded with initial alloc */
+		*str = string;
+	} else if (ret == INT_MAX || ret < 0) { /* Bad length */
+		free(string);
+		goto fail;
+	} else {	/* bigger than initial, realloc allowing for nul */
+		len = (size_t)ret + 1;
+		if ((newstr = realloc(string, len)) == NULL) {
+			free(string);
+			goto fail;
+		}
+		VA_COPY(ap2, ap);
+		ret = vsnprintf(newstr, len, fmt, ap2);
+		va_end(ap2);
+		if (ret < 0 || (size_t)ret >= len) { /* failed with realloc'ed string */
+			free(newstr);
+			goto fail;
+		}
+		*str = newstr;
+	}
+	return (ret);
+
+fail:
+	*str = NULL;
+	errno = ENOMEM;
+	return (-1);
+}
+
+int asprintf(char **str, const char *fmt, ...)
+{
+	va_list ap;
+	int ret;
+	
+	*str = NULL;
+	va_start(ap, fmt);
+	ret = vasprintf(str, fmt, ap);
+	va_end(ap);
+
+	return ret;
+}
+#endif
diff --git a/compat/chacha_private.h b/compat/chacha_private.h
new file mode 100644
index 0000000..7c3680f
--- /dev/null
+++ b/compat/chacha_private.h
@@ -0,0 +1,222 @@
+/*
+chacha-merged.c version 20080118
+D. J. Bernstein
+Public domain.
+*/
+
+/* $OpenBSD: chacha_private.h,v 1.2 2013/10/04 07:02:27 djm Exp $ */
+
+typedef unsigned char u8;
+typedef unsigned int u32;
+
+typedef struct
+{
+  u32 input[16]; /* could be compressed */
+} chacha_ctx;
+
+#define U8C(v) (v##U)
+#define U32C(v) (v##U)
+
+#define U8V(v) ((u8)(v) & U8C(0xFF))
+#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF))
+
+#define ROTL32(v, n) \
+  (U32V((v) << (n)) | ((v) >> (32 - (n))))
+
+#define U8TO32_LITTLE(p) \
+  (((u32)((p)[0])      ) | \
+   ((u32)((p)[1]) <<  8) | \
+   ((u32)((p)[2]) << 16) | \
+   ((u32)((p)[3]) << 24))
+
+#define U32TO8_LITTLE(p, v) \
+  do { \
+    (p)[0] = U8V((v)      ); \
+    (p)[1] = U8V((v) >>  8); \
+    (p)[2] = U8V((v) >> 16); \
+    (p)[3] = U8V((v) >> 24); \
+  } while (0)
+
+#define ROTATE(v,c) (ROTL32(v,c))
+#define XOR(v,w) ((v) ^ (w))
+#define PLUS(v,w) (U32V((v) + (w)))
+#define PLUSONE(v) (PLUS((v),1))
+
+#define QUARTERROUND(a,b,c,d) \
+  a = PLUS(a,b); d = ROTATE(XOR(d,a),16); \
+  c = PLUS(c,d); b = ROTATE(XOR(b,c),12); \
+  a = PLUS(a,b); d = ROTATE(XOR(d,a), 8); \
+  c = PLUS(c,d); b = ROTATE(XOR(b,c), 7);
+
+static const char sigma[16] = "expand 32-byte k";
+static const char tau[16] = "expand 16-byte k";
+
+static void
+chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits,u32 ivbits)
+{
+  const char *constants;
+
+  x->input[4] = U8TO32_LITTLE(k + 0);
+  x->input[5] = U8TO32_LITTLE(k + 4);
+  x->input[6] = U8TO32_LITTLE(k + 8);
+  x->input[7] = U8TO32_LITTLE(k + 12);
+  if (kbits == 256) { /* recommended */
+    k += 16;
+    constants = sigma;
+  } else { /* kbits == 128 */
+    constants = tau;
+  }
+  x->input[8] = U8TO32_LITTLE(k + 0);
+  x->input[9] = U8TO32_LITTLE(k + 4);
+  x->input[10] = U8TO32_LITTLE(k + 8);
+  x->input[11] = U8TO32_LITTLE(k + 12);
+  x->input[0] = U8TO32_LITTLE(constants + 0);
+  x->input[1] = U8TO32_LITTLE(constants + 4);
+  x->input[2] = U8TO32_LITTLE(constants + 8);
+  x->input[3] = U8TO32_LITTLE(constants + 12);
+}
+
+static void
+chacha_ivsetup(chacha_ctx *x,const u8 *iv)
+{
+  x->input[12] = 0;
+  x->input[13] = 0;
+  x->input[14] = U8TO32_LITTLE(iv + 0);
+  x->input[15] = U8TO32_LITTLE(iv + 4);
+}
+
+static void
+chacha_encrypt_bytes(chacha_ctx *x,const u8 *m,u8 *c,u32 bytes)
+{
+  u32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15;
+  u32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15;
+  u8 *ctarget = NULL;
+  u8 tmp[64];
+  u_int i;
+
+  if (!bytes) return;
+
+  j0 = x->input[0];
+  j1 = x->input[1];
+  j2 = x->input[2];
+  j3 = x->input[3];
+  j4 = x->input[4];
+  j5 = x->input[5];
+  j6 = x->input[6];
+  j7 = x->input[7];
+  j8 = x->input[8];
+  j9 = x->input[9];
+  j10 = x->input[10];
+  j11 = x->input[11];
+  j12 = x->input[12];
+  j13 = x->input[13];
+  j14 = x->input[14];
+  j15 = x->input[15];
+
+  for (;;) {
+    if (bytes < 64) {
+      for (i = 0;i < bytes;++i) tmp[i] = m[i];
+      m = tmp;
+      ctarget = c;
+      c = tmp;
+    }
+    x0 = j0;
+    x1 = j1;
+    x2 = j2;
+    x3 = j3;
+    x4 = j4;
+    x5 = j5;
+    x6 = j6;
+    x7 = j7;
+    x8 = j8;
+    x9 = j9;
+    x10 = j10;
+    x11 = j11;
+    x12 = j12;
+    x13 = j13;
+    x14 = j14;
+    x15 = j15;
+    for (i = 20;i > 0;i -= 2) {
+      QUARTERROUND( x0, x4, x8,x12)
+      QUARTERROUND( x1, x5, x9,x13)
+      QUARTERROUND( x2, x6,x10,x14)
+      QUARTERROUND( x3, x7,x11,x15)
+      QUARTERROUND( x0, x5,x10,x15)
+      QUARTERROUND( x1, x6,x11,x12)
+      QUARTERROUND( x2, x7, x8,x13)
+      QUARTERROUND( x3, x4, x9,x14)
+    }
+    x0 = PLUS(x0,j0);
+    x1 = PLUS(x1,j1);
+    x2 = PLUS(x2,j2);
+    x3 = PLUS(x3,j3);
+    x4 = PLUS(x4,j4);
+    x5 = PLUS(x5,j5);
+    x6 = PLUS(x6,j6);
+    x7 = PLUS(x7,j7);
+    x8 = PLUS(x8,j8);
+    x9 = PLUS(x9,j9);
+    x10 = PLUS(x10,j10);
+    x11 = PLUS(x11,j11);
+    x12 = PLUS(x12,j12);
+    x13 = PLUS(x13,j13);
+    x14 = PLUS(x14,j14);
+    x15 = PLUS(x15,j15);
+
+#ifndef KEYSTREAM_ONLY
+    x0 = XOR(x0,U8TO32_LITTLE(m + 0));
+    x1 = XOR(x1,U8TO32_LITTLE(m + 4));
+    x2 = XOR(x2,U8TO32_LITTLE(m + 8));
+    x3 = XOR(x3,U8TO32_LITTLE(m + 12));
+    x4 = XOR(x4,U8TO32_LITTLE(m + 16));
+    x5 = XOR(x5,U8TO32_LITTLE(m + 20));
+    x6 = XOR(x6,U8TO32_LITTLE(m + 24));
+    x7 = XOR(x7,U8TO32_LITTLE(m + 28));
+    x8 = XOR(x8,U8TO32_LITTLE(m + 32));
+    x9 = XOR(x9,U8TO32_LITTLE(m + 36));
+    x10 = XOR(x10,U8TO32_LITTLE(m + 40));
+    x11 = XOR(x11,U8TO32_LITTLE(m + 44));
+    x12 = XOR(x12,U8TO32_LITTLE(m + 48));
+    x13 = XOR(x13,U8TO32_LITTLE(m + 52));
+    x14 = XOR(x14,U8TO32_LITTLE(m + 56));
+    x15 = XOR(x15,U8TO32_LITTLE(m + 60));
+#endif
+
+    j12 = PLUSONE(j12);
+    if (!j12) {
+      j13 = PLUSONE(j13);
+      /* stopping at 2^70 bytes per nonce is user's responsibility */
+    }
+
+    U32TO8_LITTLE(c + 0,x0);
+    U32TO8_LITTLE(c + 4,x1);
+    U32TO8_LITTLE(c + 8,x2);
+    U32TO8_LITTLE(c + 12,x3);
+    U32TO8_LITTLE(c + 16,x4);
+    U32TO8_LITTLE(c + 20,x5);
+    U32TO8_LITTLE(c + 24,x6);
+    U32TO8_LITTLE(c + 28,x7);
+    U32TO8_LITTLE(c + 32,x8);
+    U32TO8_LITTLE(c + 36,x9);
+    U32TO8_LITTLE(c + 40,x10);
+    U32TO8_LITTLE(c + 44,x11);
+    U32TO8_LITTLE(c + 48,x12);
+    U32TO8_LITTLE(c + 52,x13);
+    U32TO8_LITTLE(c + 56,x14);
+    U32TO8_LITTLE(c + 60,x15);
+
+    if (bytes <= 64) {
+      if (bytes < 64) {
+        for (i = 0;i < bytes;++i) ctarget[i] = c[i];
+      }
+      x->input[12] = j12;
+      x->input[13] = j13;
+      return;
+    }
+    bytes -= 64;
+    c += 64;
+#ifndef KEYSTREAM_ONLY
+    m += 64;
+#endif
+  }
+}
diff --git a/compat/explicit_bzero.c b/compat/explicit_bzero.c
new file mode 100644
index 0000000..5dd0103
--- /dev/null
+++ b/compat/explicit_bzero.c
@@ -0,0 +1,19 @@
+/*	$OpenBSD: explicit_bzero.c,v 1.4 2015/08/31 02:53:57 guenther Exp $ */
+/*
+ * Public domain.
+ * Written by Matthew Dempsky.
+ */
+
+#include <string.h>
+
+__attribute__((weak)) void
+__explicit_bzero_hook(void *buf, size_t len)
+{
+}
+
+void
+explicit_bzero(void *buf, size_t len)
+{
+	memset(buf, 0, len);
+	__explicit_bzero_hook(buf, len);
+}
diff --git a/compat/explicit_bzero_win.c b/compat/explicit_bzero_win.c
new file mode 100644
index 0000000..0d09d90
--- /dev/null
+++ b/compat/explicit_bzero_win.c
@@ -0,0 +1,13 @@
+/*
+ * Public domain.
+ * Win32 explicit_bzero compatibility shim.
+ */
+
+#include <windows.h>
+#include <string.h>
+
+void
+explicit_bzero(void *buf, size_t len)
+{
+	SecureZeroMemory(buf, len);
+}
diff --git a/compat/freezero.c b/compat/freezero.c
new file mode 100644
index 0000000..31face3
--- /dev/null
+++ b/compat/freezero.c
@@ -0,0 +1,32 @@
+/*
+ * Copyright (c) 2008, 2010, 2011, 2016 Otto Moerbeek <otto@drijf.net>
+ * Copyright (c) 2012 Matthew Dempsky <matthew@openbsd.org>
+ * Copyright (c) 2008 Damien Miller <djm@openbsd.org>
+ * Copyright (c) 2000 Poul-Henning Kamp <phk@FreeBSD.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <string.h>
+#include <stdlib.h>
+
+void
+freezero(void *ptr, size_t sz)
+{
+	/* This is legal. */
+	if (ptr == NULL)
+		return;
+
+	explicit_bzero(ptr, sz);
+	free(ptr);
+}
diff --git a/compat/ftruncate.c b/compat/ftruncate.c
new file mode 100644
index 0000000..e825e50
--- /dev/null
+++ b/compat/ftruncate.c
@@ -0,0 +1,17 @@
+/*
+ * Public domain
+ *
+ * Kinichiro Inoguchi <inoguchi@openbsd.org>
+ */
+
+#ifdef _WIN32
+
+#include <unistd.h>
+
+int
+ftruncate(int fd, off_t length)
+{
+	return _chsize(fd, length);
+}
+
+#endif
diff --git a/compat/getentropy_aix.c b/compat/getentropy_aix.c
new file mode 100644
index 0000000..422e685
--- /dev/null
+++ b/compat/getentropy_aix.c
@@ -0,0 +1,402 @@
+/*	$OpenBSD: getentropy_aix.c,v 1.7 2020/05/17 14:44:20 deraadt Exp $	*/
+
+/*
+ * Copyright (c) 2015 Michael Felt <aixtools@gmail.com>
+ * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
+ * Copyright (c) 2014 Bob Beck <beck@obtuse.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Emulation of getentropy(2) as documented at:
+ * http://man.openbsd.org/getentropy.2
+ */
+/*
+ * -lperfstat is needed for the psuedo entropy data
+ */
+
+#include <sys/mman.h>
+#include <sys/procfs.h>
+#include <sys/protosw.h>
+#include <sys/resource.h>
+#include <sys/socket.h>
+#include <sys/stat.h>
+#include <sys/statvfs.h>
+#include <sys/timers.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <signal.h>
+#include <stdio.h>
+#include <string.h>
+#include <termios.h>
+
+#include <openssl/sha.h>
+
+#include <libperfstat.h>
+
+#define REPEAT 5
+#define MINIMUM(a, b) (((a) < (b)) ? (a) : (b))
+
+#define HX(a, b) \
+	do { \
+		if ((a)) \
+			HD(errno); \
+		else \
+			HD(b); \
+	} while (0)
+
+#define HR(x, l) (SHA512_Update(&ctx, (char *)(x), (l)))
+#define HD(x)	 (SHA512_Update(&ctx, (char *)&(x), sizeof (x)))
+#define HF(x)    (SHA512_Update(&ctx, (char *)&(x), sizeof (void*)))
+
+int	getentropy(void *buf, size_t len);
+
+static int getentropy_urandom(void *buf, size_t len, const char *path,
+    int devfscheck);
+static int getentropy_fallback(void *buf, size_t len);
+
+int
+getentropy(void *buf, size_t len)
+{
+	int ret = -1;
+
+	if (len > 256) {
+		errno = EIO;
+		return (-1);
+	}
+
+	/*
+	 * Try to get entropy with /dev/urandom
+	 */
+	ret = getentropy_urandom(buf, len, "/dev/urandom", 0);
+	if (ret != -1)
+		return (ret);
+
+	/*
+	 * Entropy collection via /dev/urandom has failed.
+	 *
+	 * No other API exists for collecting entropy, and we have
+	 * no failsafe way to get it on AIX that is not sensitive
+	 * to resource exhaustion.
+	 *
+	 * We have very few options:
+	 *     - Even syslog_r is unsafe to call at this low level, so
+	 *	 there is no way to alert the user or program.
+	 *     - Cannot call abort() because some systems have unsafe
+	 *	 corefiles.
+	 *     - Could raise(SIGKILL) resulting in silent program termination.
+	 *     - Return EIO, to hint that arc4random's stir function
+	 *       should raise(SIGKILL)
+	 *     - Do the best under the circumstances....
+	 *
+	 * This code path exists to bring light to the issue that AIX
+	 * does not provide a failsafe API for entropy collection.
+	 *
+	 * We hope this demonstrates that AIX should consider
+	 * providing a new failsafe API which works in a chroot or
+	 * when file descriptors are exhausted.
+	 */
+#undef FAIL_INSTEAD_OF_TRYING_FALLBACK
+#ifdef FAIL_INSTEAD_OF_TRYING_FALLBACK
+	raise(SIGKILL);
+#endif
+	ret = getentropy_fallback(buf, len);
+	if (ret != -1)
+		return (ret);
+
+	errno = EIO;
+	return (ret);
+}
+
+static int
+getentropy_urandom(void *buf, size_t len, const char *path, int devfscheck)
+{
+	struct stat st;
+	size_t i;
+	int fd, flags;
+	int save_errno = errno;
+
+start:
+
+	flags = O_RDONLY;
+#ifdef O_NOFOLLOW
+	flags |= O_NOFOLLOW;
+#endif
+#ifdef O_CLOEXEC
+	flags |= O_CLOEXEC;
+#endif
+	fd = open(path, flags, 0);
+	if (fd == -1) {
+		if (errno == EINTR)
+			goto start;
+		goto nodevrandom;
+	}
+#ifndef O_CLOEXEC
+	fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC);
+#endif
+
+	/* Lightly verify that the device node looks sane */
+	if (fstat(fd, &st) == -1 || !S_ISCHR(st.st_mode)) {
+		close(fd);
+		goto nodevrandom;
+	}
+	for (i = 0; i < len; ) {
+		size_t wanted = len - i;
+		ssize_t ret = read(fd, (char *)buf + i, wanted);
+
+		if (ret == -1) {
+			if (errno == EAGAIN || errno == EINTR)
+				continue;
+			close(fd);
+			goto nodevrandom;
+		}
+		i += ret;
+	}
+	close(fd);
+	errno = save_errno;
+	return (0);		/* satisfied */
+nodevrandom:
+	errno = EIO;
+	return (-1);
+}
+
+static const int cl[] = {
+	CLOCK_REALTIME,
+#ifdef CLOCK_MONOTONIC
+	CLOCK_MONOTONIC,
+#endif
+#ifdef CLOCK_MONOTONIC_RAW
+	CLOCK_MONOTONIC_RAW,
+#endif
+#ifdef CLOCK_TAI
+	CLOCK_TAI,
+#endif
+#ifdef CLOCK_VIRTUAL
+	CLOCK_VIRTUAL,
+#endif
+#ifdef CLOCK_UPTIME
+	CLOCK_UPTIME,
+#endif
+#ifdef CLOCK_PROCESS_CPUTIME_ID
+	CLOCK_PROCESS_CPUTIME_ID,
+#endif
+#ifdef CLOCK_THREAD_CPUTIME_ID
+	CLOCK_THREAD_CPUTIME_ID,
+#endif
+};
+
+static int
+getentropy_fallback(void *buf, size_t len)
+{
+	uint8_t results[SHA512_DIGEST_LENGTH];
+	int save_errno = errno, e, pgs = sysconf(_SC_PAGESIZE), faster = 0, repeat;
+	static int cnt;
+	struct timespec ts;
+	struct timeval tv;
+	perfstat_cpu_total_t cpustats;
+#ifdef _AIX61
+	perfstat_cpu_total_wpar_t cpustats_wpar;
+#endif
+	perfstat_partition_total_t lparstats;
+	perfstat_disk_total_t diskinfo;
+	perfstat_netinterface_total_t netinfo;
+	struct rusage ru;
+	sigset_t sigset;
+	struct stat st;
+	SHA512_CTX ctx;
+	static pid_t lastpid;
+	pid_t pid;
+	size_t i, ii, m;
+	char *p;
+
+	pid = getpid();
+	if (lastpid == pid) {
+		faster = 1;
+		repeat = 2;
+	} else {
+		faster = 0;
+		lastpid = pid;
+		repeat = REPEAT;
+	}
+	for (i = 0; i < len; ) {
+		int j;
+		SHA512_Init(&ctx);
+		for (j = 0; j < repeat; j++) {
+			HX((e = gettimeofday(&tv, NULL)) == -1, tv);
+			if (e != -1) {
+				cnt += (int)tv.tv_sec;
+				cnt += (int)tv.tv_usec;
+			}
+
+			HX(perfstat_cpu_total(NULL, &cpustats,
+			    sizeof(cpustats), 1) == -1, cpustats);
+
+#ifdef _AIX61
+			HX(perfstat_cpu_total_wpar(NULL, &cpustats_wpar,
+			    sizeof(cpustats_wpar), 1) == -1, cpustats_wpar);
+#endif
+
+			HX(perfstat_partition_total(NULL, &lparstats,
+			    sizeof(lparstats), 1) == -1, lparstats);
+
+			HX(perfstat_disk_total(NULL, &diskinfo,
+			    sizeof(diskinfo), 1) == -1, diskinfo);
+
+			HX(perfstat_netinterface_total(NULL, &netinfo,
+			    sizeof(netinfo), 1) == -1, netinfo);
+
+			for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]); ii++)
+				HX(clock_gettime(cl[ii], &ts) == -1, ts);
+
+			HX((pid = getpid()) == -1, pid);
+			HX((pid = getsid(pid)) == -1, pid);
+			HX((pid = getppid()) == -1, pid);
+			HX((pid = getpgid(0)) == -1, pid);
+			HX((e = getpriority(0, 0)) == -1, e);
+
+			if (!faster) {
+				ts.tv_sec = 0;
+				ts.tv_nsec = 1;
+				(void) nanosleep(&ts, NULL);
+			}
+
+			HX(sigpending(&sigset) == -1, sigset);
+			HX(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1,
+			    sigset);
+
+			HF(getentropy);	/* an addr in this library */
+			HF(printf);		/* an addr in libc */
+			p = (char *)&p;
+			HD(p);		/* an addr on stack */
+			p = (char *)&errno;
+			HD(p);		/* the addr of errno */
+
+			if (i == 0) {
+				struct sockaddr_storage ss;
+				struct statvfs stvfs;
+				struct termios tios;
+				socklen_t ssl;
+				off_t off;
+
+				/*
+				 * Prime-sized mappings encourage fragmentation;
+				 * thus exposing some address entropy.
+				 */
+				struct mm {
+					size_t	npg;
+					void	*p;
+				} mm[] =	 {
+					{ 17, MAP_FAILED }, { 3, MAP_FAILED },
+					{ 11, MAP_FAILED }, { 2, MAP_FAILED },
+					{ 5, MAP_FAILED }, { 3, MAP_FAILED },
+					{ 7, MAP_FAILED }, { 1, MAP_FAILED },
+					{ 57, MAP_FAILED }, { 3, MAP_FAILED },
+					{ 131, MAP_FAILED }, { 1, MAP_FAILED },
+				};
+
+				for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
+					HX(mm[m].p = mmap(NULL,
+					    mm[m].npg * pgs,
+					    PROT_READ|PROT_WRITE,
+					    MAP_PRIVATE|MAP_ANON, -1,
+					    (off_t)0), mm[m].p);
+					if (mm[m].p != MAP_FAILED) {
+						size_t mo;
+
+						/* Touch some memory... */
+						p = mm[m].p;
+						mo = cnt %
+						    (mm[m].npg * pgs - 1);
+						p[mo] = 1;
+						cnt += (int)((long)(mm[m].p)
+						    / pgs);
+					}
+
+					/* Check cnts and times... */
+					for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]);
+					    ii++) {
+						HX((e = clock_gettime(cl[ii],
+						    &ts)) == -1, ts);
+						if (e != -1)
+							cnt += (int)ts.tv_nsec;
+					}
+
+					HX((e = getrusage(RUSAGE_SELF,
+					    &ru)) == -1, ru);
+					if (e != -1) {
+						cnt += (int)ru.ru_utime.tv_sec;
+						cnt += (int)ru.ru_utime.tv_usec;
+					}
+				}
+
+				for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
+					if (mm[m].p != MAP_FAILED)
+						munmap(mm[m].p, mm[m].npg * pgs);
+					mm[m].p = MAP_FAILED;
+				}
+
+				HX(stat(".", &st) == -1, st);
+				HX(statvfs(".", &stvfs) == -1, stvfs);
+
+				HX(stat("/", &st) == -1, st);
+				HX(statvfs("/", &stvfs) == -1, stvfs);
+
+				HX((e = fstat(0, &st)) == -1, st);
+				if (e == -1) {
+					if (S_ISREG(st.st_mode) ||
+					    S_ISFIFO(st.st_mode) ||
+					    S_ISSOCK(st.st_mode)) {
+						HX(fstatvfs(0, &stvfs) == -1,
+						    stvfs);
+						HX((off = lseek(0, (off_t)0,
+						    SEEK_CUR)) < 0, off);
+					}
+					if (S_ISCHR(st.st_mode)) {
+						HX(tcgetattr(0, &tios) == -1,
+						    tios);
+					} else if (S_ISSOCK(st.st_mode)) {
+						memset(&ss, 0, sizeof ss);
+						ssl = sizeof(ss);
+						HX(getpeername(0,
+						    (void *)&ss, &ssl) == -1,
+						    ss);
+					}
+				}
+
+				HX((e = getrusage(RUSAGE_CHILDREN,
+				    &ru)) == -1, ru);
+				if (e != -1) {
+					cnt += (int)ru.ru_utime.tv_sec;
+					cnt += (int)ru.ru_utime.tv_usec;
+				}
+			} else {
+				/* Subsequent hashes absorb previous result */
+				HD(results);
+			}
+
+			HX((e = gettimeofday(&tv, NULL)) == -1, tv);
+			if (e != -1) {
+				cnt += (int)tv.tv_sec;
+				cnt += (int)tv.tv_usec;
+			}
+
+			HD(cnt);
+		}
+		SHA512_Final(results, &ctx);
+		memcpy((char *)buf + i, results, MINIMUM(sizeof(results), len - i));
+		i += MINIMUM(sizeof(results), len - i);
+	}
+	explicit_bzero(&ctx, sizeof ctx);
+	explicit_bzero(results, sizeof results);
+	errno = save_errno;
+	return (0);		/* satisfied */
+}
diff --git a/compat/getentropy_freebsd.c b/compat/getentropy_freebsd.c
new file mode 100644
index 0000000..30cd68e
--- /dev/null
+++ b/compat/getentropy_freebsd.c
@@ -0,0 +1,62 @@
+/*	$OpenBSD: getentropy_freebsd.c,v 1.3 2016/08/07 03:27:21 tb Exp $	*/
+
+/*
+ * Copyright (c) 2014 Pawel Jakub Dawidek <pjd@FreeBSD.org>
+ * Copyright (c) 2014 Brent Cook <bcook@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Emulation of getentropy(2) as documented at:
+ * http://man.openbsd.org/getentropy.2
+ */
+
+#include <sys/types.h>
+#include <sys/sysctl.h>
+
+#include <errno.h>
+#include <stddef.h>
+
+/*
+ * Derived from lib/libc/gen/arc4random.c from FreeBSD.
+ */
+static size_t
+getentropy_sysctl(u_char *buf, size_t size)
+{
+	int mib[2];
+	size_t len, done;
+
+	mib[0] = CTL_KERN;
+	mib[1] = KERN_ARND;
+	done = 0;
+
+	do {
+		len = size;
+		if (sysctl(mib, 2, buf, &len, NULL, 0) == -1)
+			return (done);
+		done += len;
+		buf += len;
+		size -= len;
+	} while (size > 0);
+
+	return (done);
+}
+
+int
+getentropy(void *buf, size_t len)
+{
+	if (len <= 256 && getentropy_sysctl(buf, len) == len)
+		return (0);
+
+	errno = EIO;
+	return (-1);
+}
diff --git a/compat/getentropy_hpux.c b/compat/getentropy_hpux.c
new file mode 100644
index 0000000..c981880
--- /dev/null
+++ b/compat/getentropy_hpux.c
@@ -0,0 +1,396 @@
+/*	$OpenBSD: getentropy_hpux.c,v 1.7 2020/05/17 14:44:20 deraadt Exp $	*/
+
+/*
+ * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
+ * Copyright (c) 2014 Bob Beck <beck@obtuse.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Emulation of getentropy(2) as documented at:
+ * http://man.openbsd.org/getentropy.2
+ */
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/ioctl.h>
+#include <sys/resource.h>
+#include <sys/syscall.h>
+#include <sys/statvfs.h>
+#include <sys/socket.h>
+#include <sys/mount.h>
+#include <sys/mman.h>
+#include <sys/stat.h>
+#include <sys/time.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <termios.h>
+#include <fcntl.h>
+#include <signal.h>
+#include <string.h>
+#include <errno.h>
+#include <unistd.h>
+#include <time.h>
+#include <openssl/sha.h>
+
+#include <sys/vfs.h>
+
+#include <sys/pstat.h>
+
+#define REPEAT 5
+#define MINIMUM(a, b) (((a) < (b)) ? (a) : (b))
+
+#define HX(a, b) \
+	do { \
+		if ((a)) \
+			HD(errno); \
+		else \
+			HD(b); \
+	} while (0)
+
+#define HR(x, l) (SHA512_Update(&ctx, (char *)(x), (l)))
+#define HD(x)	 (SHA512_Update(&ctx, (char *)&(x), sizeof (x)))
+#define HF(x)    (SHA512_Update(&ctx, (char *)&(x), sizeof (void*)))
+
+int	getentropy(void *buf, size_t len);
+
+static int getentropy_urandom(void *buf, size_t len, const char *path,
+    int devfscheck);
+static int getentropy_fallback(void *buf, size_t len);
+
+int
+getentropy(void *buf, size_t len)
+{
+	int ret = -1;
+
+	if (len > 256) {
+		errno = EIO;
+		return (-1);
+	}
+
+	/*
+	 * Try to get entropy with /dev/urandom
+	 */
+	ret = getentropy_urandom(buf, len, "/dev/urandom", 0);
+	if (ret != -1)
+		return (ret);
+
+	/*
+	 * Entropy collection via /dev/urandom has failed.
+	 *
+	 * No other API exists for collecting entropy, and we have
+	 * no failsafe way to get it on hpux that is not sensitive
+	 * to resource exhaustion.
+	 *
+	 * We have very few options:
+	 *     - Even syslog_r is unsafe to call at this low level, so
+	 *	 there is no way to alert the user or program.
+	 *     - Cannot call abort() because some systems have unsafe
+	 *	 corefiles.
+	 *     - Could raise(SIGKILL) resulting in silent program termination.
+	 *     - Return EIO, to hint that arc4random's stir function
+	 *       should raise(SIGKILL)
+	 *     - Do the best under the circumstances....
+	 *
+	 * This code path exists to bring light to the issue that hpux 
+	 * does not provide a failsafe API for entropy collection.
+	 *
+	 * We hope this demonstrates that hpux should consider
+	 * providing a new failsafe API which works in a chroot or
+	 * when file descriptors are exhausted.
+	 */
+#undef FAIL_INSTEAD_OF_TRYING_FALLBACK
+#ifdef FAIL_INSTEAD_OF_TRYING_FALLBACK
+	raise(SIGKILL);
+#endif
+	ret = getentropy_fallback(buf, len);
+	if (ret != -1)
+		return (ret);
+
+	errno = EIO;
+	return (ret);
+}
+
+static int
+getentropy_urandom(void *buf, size_t len, const char *path, int devfscheck)
+{
+	struct stat st;
+	size_t i;
+	int fd, flags;
+	int save_errno = errno;
+
+start:
+
+	flags = O_RDONLY;
+#ifdef O_NOFOLLOW
+	flags |= O_NOFOLLOW;
+#endif
+#ifdef O_CLOEXEC
+	flags |= O_CLOEXEC;
+#endif
+	fd = open(path, flags, 0);
+	if (fd == -1) {
+		if (errno == EINTR)
+			goto start;
+		goto nodevrandom;
+	}
+#ifndef O_CLOEXEC
+	fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC);
+#endif
+
+	/* Lightly verify that the device node looks sane */
+	if (fstat(fd, &st) == -1 || !S_ISCHR(st.st_mode)) {
+		close(fd);
+		goto nodevrandom;
+	}
+	for (i = 0; i < len; ) {
+		size_t wanted = len - i;
+		ssize_t ret = read(fd, (char *)buf + i, wanted);
+
+		if (ret == -1) {
+			if (errno == EAGAIN || errno == EINTR)
+				continue;
+			close(fd);
+			goto nodevrandom;
+		}
+		i += ret;
+	}
+	close(fd);
+	errno = save_errno;
+	return (0);		/* satisfied */
+nodevrandom:
+	errno = EIO;
+	return (-1);
+}
+
+static const int cl[] = {
+	CLOCK_REALTIME,
+#ifdef CLOCK_MONOTONIC
+	CLOCK_MONOTONIC,
+#endif
+#ifdef CLOCK_MONOTONIC_RAW
+	CLOCK_MONOTONIC_RAW,
+#endif
+#ifdef CLOCK_TAI
+	CLOCK_TAI,
+#endif
+#ifdef CLOCK_VIRTUAL
+	CLOCK_VIRTUAL,
+#endif
+#ifdef CLOCK_UPTIME
+	CLOCK_UPTIME,
+#endif
+#ifdef CLOCK_PROCESS_CPUTIME_ID
+	CLOCK_PROCESS_CPUTIME_ID,
+#endif
+#ifdef CLOCK_THREAD_CPUTIME_ID
+	CLOCK_THREAD_CPUTIME_ID,
+#endif
+};
+
+static int
+getentropy_fallback(void *buf, size_t len)
+{
+	uint8_t results[SHA512_DIGEST_LENGTH];
+	int save_errno = errno, e, pgs = sysconf(_SC_PAGESIZE), faster = 0, repeat;
+	static int cnt;
+	struct timespec ts;
+	struct timeval tv;
+	struct pst_vminfo pvi;
+	struct pst_vm_status pvs;
+	struct pst_dynamic pdy;
+	struct rusage ru;
+	sigset_t sigset;
+	struct stat st;
+	SHA512_CTX ctx;
+	static pid_t lastpid;
+	pid_t pid;
+	size_t i, ii, m;
+	char *p;
+
+	pid = getpid();
+	if (lastpid == pid) {
+		faster = 1;
+		repeat = 2;
+	} else {
+		faster = 0;
+		lastpid = pid;
+		repeat = REPEAT;
+	}
+	for (i = 0; i < len; ) {
+		int j;
+		SHA512_Init(&ctx);
+		for (j = 0; j < repeat; j++) {
+			HX((e = gettimeofday(&tv, NULL)) == -1, tv);
+			if (e != -1) {
+				cnt += (int)tv.tv_sec;
+				cnt += (int)tv.tv_usec;
+			}
+
+			HX(pstat_getvminfo(&pvi, sizeof(pvi), 1, 0) != 1, pvi);
+			HX(pstat_getprocvm(&pvs, sizeof(pvs), 0, 0) != 1, pvs);
+
+			for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]); ii++)
+				HX(clock_gettime(cl[ii], &ts) == -1, ts);
+
+			HX((pid = getpid()) == -1, pid);
+			HX((pid = getsid(pid)) == -1, pid);
+			HX((pid = getppid()) == -1, pid);
+			HX((pid = getpgid(0)) == -1, pid);
+			HX((e = getpriority(0, 0)) == -1, e);
+
+			if(pstat_getdynamic(&pdy, sizeof(pdy), 1, 0) != 1) {
+				HD(errno);
+			} else {
+				HD(pdy.psd_avg_1_min);
+				HD(pdy.psd_avg_5_min);
+				HD(pdy.psd_avg_15_min);
+			}
+
+			if (!faster) {
+				ts.tv_sec = 0;
+				ts.tv_nsec = 1;
+				(void) nanosleep(&ts, NULL);
+			}
+
+			HX(sigpending(&sigset) == -1, sigset);
+			HX(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1,
+			    sigset);
+
+			HF(getentropy);	/* an addr in this library */
+			HF(printf);		/* an addr in libc */
+			p = (char *)&p;
+			HD(p);		/* an addr on stack */
+			p = (char *)&errno;
+			HD(p);		/* the addr of errno */
+
+			if (i == 0) {
+				struct sockaddr_storage ss;
+				struct statvfs stvfs;
+				struct termios tios;
+				socklen_t ssl;
+				off_t off;
+
+				/*
+				 * Prime-sized mappings encourage fragmentation;
+				 * thus exposing some address entropy.
+				 */
+				struct mm {
+					size_t	npg;
+					void	*p;
+				} mm[] =	 {
+					{ 17, MAP_FAILED }, { 3, MAP_FAILED },
+					{ 11, MAP_FAILED }, { 2, MAP_FAILED },
+					{ 5, MAP_FAILED }, { 3, MAP_FAILED },
+					{ 7, MAP_FAILED }, { 1, MAP_FAILED },
+					{ 57, MAP_FAILED }, { 3, MAP_FAILED },
+					{ 131, MAP_FAILED }, { 1, MAP_FAILED },
+				};
+
+				for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
+					HX(mm[m].p = mmap(NULL,
+					    mm[m].npg * pgs,
+					    PROT_READ|PROT_WRITE,
+					    MAP_PRIVATE|MAP_ANON, -1,
+					    (off_t)0), mm[m].p);
+					if (mm[m].p != MAP_FAILED) {
+						size_t mo;
+
+						/* Touch some memory... */
+						p = mm[m].p;
+						mo = cnt %
+						    (mm[m].npg * pgs - 1);
+						p[mo] = 1;
+						cnt += (int)((long)(mm[m].p)
+						    / pgs);
+					}
+
+					/* Check cnts and times... */
+					for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]);
+					    ii++) {
+						HX((e = clock_gettime(cl[ii],
+						    &ts)) == -1, ts);
+						if (e != -1)
+							cnt += (int)ts.tv_nsec;
+					}
+
+					HX((e = getrusage(RUSAGE_SELF,
+					    &ru)) == -1, ru);
+					if (e != -1) {
+						cnt += (int)ru.ru_utime.tv_sec;
+						cnt += (int)ru.ru_utime.tv_usec;
+					}
+				}
+
+				for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
+					if (mm[m].p != MAP_FAILED)
+						munmap(mm[m].p, mm[m].npg * pgs);
+					mm[m].p = MAP_FAILED;
+				}
+
+				HX(stat(".", &st) == -1, st);
+				HX(statvfs(".", &stvfs) == -1, stvfs);
+
+				HX(stat("/", &st) == -1, st);
+				HX(statvfs("/", &stvfs) == -1, stvfs);
+
+				HX((e = fstat(0, &st)) == -1, st);
+				if (e == -1) {
+					if (S_ISREG(st.st_mode) ||
+					    S_ISFIFO(st.st_mode) ||
+					    S_ISSOCK(st.st_mode)) {
+						HX(fstatvfs(0, &stvfs) == -1,
+						    stvfs);
+						HX((off = lseek(0, (off_t)0,
+						    SEEK_CUR)) < 0, off);
+					}
+					if (S_ISCHR(st.st_mode)) {
+						HX(tcgetattr(0, &tios) == -1,
+						    tios);
+					} else if (S_ISSOCK(st.st_mode)) {
+						memset(&ss, 0, sizeof ss);
+						ssl = sizeof(ss);
+						HX(getpeername(0,
+						    (void *)&ss, &ssl) == -1,
+						    ss);
+					}
+				}
+
+				HX((e = getrusage(RUSAGE_CHILDREN,
+				    &ru)) == -1, ru);
+				if (e != -1) {
+					cnt += (int)ru.ru_utime.tv_sec;
+					cnt += (int)ru.ru_utime.tv_usec;
+				}
+			} else {
+				/* Subsequent hashes absorb previous result */
+				HD(results);
+			}
+
+			HX((e = gettimeofday(&tv, NULL)) == -1, tv);
+			if (e != -1) {
+				cnt += (int)tv.tv_sec;
+				cnt += (int)tv.tv_usec;
+			}
+
+			HD(cnt);
+		}
+		SHA512_Final(results, &ctx);
+		memcpy((char *)buf + i, results, MINIMUM(sizeof(results), len - i));
+		i += MINIMUM(sizeof(results), len - i);
+	}
+	explicit_bzero(&ctx, sizeof ctx);
+	explicit_bzero(results, sizeof results);
+	errno = save_errno;
+	return (0);		/* satisfied */
+}
diff --git a/compat/getentropy_linux.c b/compat/getentropy_linux.c
new file mode 100644
index 0000000..bc7a6be
--- /dev/null
+++ b/compat/getentropy_linux.c
@@ -0,0 +1,525 @@
+/*	$OpenBSD: getentropy_linux.c,v 1.47 2020/05/17 14:44:20 deraadt Exp $	*/
+
+/*
+ * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
+ * Copyright (c) 2014 Bob Beck <beck@obtuse.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Emulation of getentropy(2) as documented at:
+ * http://man.openbsd.org/getentropy.2
+ */
+
+#define	_POSIX_C_SOURCE	199309L
+#define	_GNU_SOURCE	1
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/ioctl.h>
+#include <sys/resource.h>
+#include <sys/syscall.h>
+#ifdef SYS__sysctl
+#include <linux/sysctl.h>
+#endif
+#include <sys/statvfs.h>
+#include <sys/socket.h>
+#include <sys/mount.h>
+#include <sys/mman.h>
+#include <sys/stat.h>
+#include <sys/time.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <link.h>
+#include <termios.h>
+#include <fcntl.h>
+#include <signal.h>
+#include <string.h>
+#include <errno.h>
+#include <unistd.h>
+#include <time.h>
+#include <openssl/sha.h>
+
+#include <linux/types.h>
+#include <linux/random.h>
+#ifdef HAVE_GETAUXVAL
+#include <sys/auxv.h>
+#endif
+#include <sys/vfs.h>
+
+#define REPEAT 5
+#define MINIMUM(a, b) (((a) < (b)) ? (a) : (b))
+
+#define HX(a, b) \
+	do { \
+		if ((a)) \
+			HD(errno); \
+		else \
+			HD(b); \
+	} while (0)
+
+#define HR(x, l) (SHA512_Update(&ctx, (char *)(x), (l)))
+#define HD(x)	 (SHA512_Update(&ctx, (char *)&(x), sizeof (x)))
+#define HF(x)    (SHA512_Update(&ctx, (char *)&(x), sizeof (void*)))
+
+int	getentropy(void *buf, size_t len);
+
+#if defined(SYS_getrandom) && defined(GRND_NONBLOCK)
+static int getentropy_getrandom(void *buf, size_t len);
+#endif
+static int getentropy_urandom(void *buf, size_t len);
+#ifdef SYS__sysctl
+static int getentropy_sysctl(void *buf, size_t len);
+#endif
+static int getentropy_fallback(void *buf, size_t len);
+static int getentropy_phdr(struct dl_phdr_info *info, size_t size, void *data);
+
+int
+getentropy(void *buf, size_t len)
+{
+	int ret = -1;
+
+	if (len > 256) {
+		errno = EIO;
+		return (-1);
+	}
+
+#if defined(SYS_getrandom) && defined(GRND_NONBLOCK)
+	/*
+	 * Try descriptor-less getrandom(), in non-blocking mode.
+	 *
+	 * The design of Linux getrandom is broken.  It has an
+	 * uninitialized phase coupled with blocking behaviour, which
+	 * is unacceptable from within a library at boot time without
+	 * possible recovery. See http://bugs.python.org/issue26839#msg267745
+	 */
+	ret = getentropy_getrandom(buf, len);
+	if (ret != -1)
+		return (ret);
+#endif
+
+	/*
+	 * Try to get entropy with /dev/urandom
+	 *
+	 * This can fail if the process is inside a chroot or if file
+	 * descriptors are exhausted.
+	 */
+	ret = getentropy_urandom(buf, len);
+	if (ret != -1)
+		return (ret);
+
+#ifdef SYS__sysctl
+	/*
+	 * Try to use sysctl CTL_KERN, KERN_RANDOM, RANDOM_UUID.
+	 * sysctl is a failsafe API, so it guarantees a result.  This
+	 * should work inside a chroot, or when file descriptors are
+	 * exhausted.
+	 *
+	 * However this can fail if the Linux kernel removes support
+	 * for sysctl.  Starting in 2007, there have been efforts to
+	 * deprecate the sysctl API/ABI, and push callers towards use
+	 * of the chroot-unavailable fd-using /proc mechanism --
+	 * essentially the same problems as /dev/urandom.
+	 *
+	 * Numerous setbacks have been encountered in their deprecation
+	 * schedule, so as of June 2014 the kernel ABI still exists on
+	 * most Linux architectures. The sysctl() stub in libc is missing
+	 * on some systems.  There are also reports that some kernels
+	 * spew messages to the console.
+	 */
+	ret = getentropy_sysctl(buf, len);
+	if (ret != -1)
+		return (ret);
+#endif /* SYS__sysctl */
+
+	/*
+	 * Entropy collection via /dev/urandom and sysctl have failed.
+	 *
+	 * No other API exists for collecting entropy.  See the large
+	 * comment block above.
+	 *
+	 * We have very few options:
+	 *     - Even syslog_r is unsafe to call at this low level, so
+	 *	 there is no way to alert the user or program.
+	 *     - Cannot call abort() because some systems have unsafe
+	 *	 corefiles.
+	 *     - Could raise(SIGKILL) resulting in silent program termination.
+	 *     - Return EIO, to hint that arc4random's stir function
+	 *       should raise(SIGKILL)
+	 *     - Do the best under the circumstances....
+	 *
+	 * This code path exists to bring light to the issue that Linux
+	 * still does not provide a failsafe API for entropy collection.
+	 *
+	 * We hope this demonstrates that Linux should either retain their
+	 * sysctl ABI, or consider providing a new failsafe API which
+	 * works in a chroot or when file descriptors are exhausted.
+	 */
+#undef FAIL_INSTEAD_OF_TRYING_FALLBACK
+#ifdef FAIL_INSTEAD_OF_TRYING_FALLBACK
+	raise(SIGKILL);
+#endif
+	ret = getentropy_fallback(buf, len);
+	if (ret != -1)
+		return (ret);
+
+	errno = EIO;
+	return (ret);
+}
+
+#if defined(SYS_getrandom) && defined(GRND_NONBLOCK)
+static int
+getentropy_getrandom(void *buf, size_t len)
+{
+	int pre_errno = errno;
+	int ret;
+	if (len > 256)
+		return (-1);
+	do {
+		ret = syscall(SYS_getrandom, buf, len, GRND_NONBLOCK);
+	} while (ret == -1 && errno == EINTR);
+
+	if (ret != len)
+		return (-1);
+	errno = pre_errno;
+	return (0);
+}
+#endif
+
+static int
+getentropy_urandom(void *buf, size_t len)
+{
+	struct stat st;
+	size_t i;
+	int fd, cnt, flags;
+	int save_errno = errno;
+
+start:
+
+	flags = O_RDONLY;
+#ifdef O_NOFOLLOW
+	flags |= O_NOFOLLOW;
+#endif
+#ifdef O_CLOEXEC
+	flags |= O_CLOEXEC;
+#endif
+	fd = open("/dev/urandom", flags, 0);
+	if (fd == -1) {
+		if (errno == EINTR)
+			goto start;
+		goto nodevrandom;
+	}
+#ifndef O_CLOEXEC
+	fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC);
+#endif
+
+	/* Lightly verify that the device node looks sane */
+	if (fstat(fd, &st) == -1 || !S_ISCHR(st.st_mode)) {
+		close(fd);
+		goto nodevrandom;
+	}
+	if (ioctl(fd, RNDGETENTCNT, &cnt) == -1) {
+		close(fd);
+		goto nodevrandom;
+	}
+	for (i = 0; i < len; ) {
+		size_t wanted = len - i;
+		ssize_t ret = read(fd, (char *)buf + i, wanted);
+
+		if (ret == -1) {
+			if (errno == EAGAIN || errno == EINTR)
+				continue;
+			close(fd);
+			goto nodevrandom;
+		}
+		i += ret;
+	}
+	close(fd);
+	errno = save_errno;
+	return (0);		/* satisfied */
+nodevrandom:
+	errno = EIO;
+	return (-1);
+}
+
+#ifdef SYS__sysctl
+static int
+getentropy_sysctl(void *buf, size_t len)
+{
+	static int mib[] = { CTL_KERN, KERN_RANDOM, RANDOM_UUID };
+	size_t i;
+	int save_errno = errno;
+
+	for (i = 0; i < len; ) {
+		size_t chunk = MINIMUM(len - i, 16);
+
+		/* SYS__sysctl because some systems already removed sysctl() */
+		struct __sysctl_args args = {
+			.name = mib,
+			.nlen = 3,
+			.oldval = (char *)buf + i,
+			.oldlenp = &chunk,
+		};
+		if (syscall(SYS__sysctl, &args) != 0)
+			goto sysctlfailed;
+		i += chunk;
+	}
+	errno = save_errno;
+	return (0);			/* satisfied */
+sysctlfailed:
+	errno = EIO;
+	return (-1);
+}
+#endif /* SYS__sysctl */
+
+static const int cl[] = {
+	CLOCK_REALTIME,
+#ifdef CLOCK_MONOTONIC
+	CLOCK_MONOTONIC,
+#endif
+#ifdef CLOCK_MONOTONIC_RAW
+	CLOCK_MONOTONIC_RAW,
+#endif
+#ifdef CLOCK_TAI
+	CLOCK_TAI,
+#endif
+#ifdef CLOCK_VIRTUAL
+	CLOCK_VIRTUAL,
+#endif
+#ifdef CLOCK_UPTIME
+	CLOCK_UPTIME,
+#endif
+#ifdef CLOCK_PROCESS_CPUTIME_ID
+	CLOCK_PROCESS_CPUTIME_ID,
+#endif
+#ifdef CLOCK_THREAD_CPUTIME_ID
+	CLOCK_THREAD_CPUTIME_ID,
+#endif
+};
+
+static int
+getentropy_phdr(struct dl_phdr_info *info, size_t size, void *data)
+{
+	SHA512_CTX *ctx = data;
+
+	SHA512_Update(ctx, &info->dlpi_addr, sizeof (info->dlpi_addr));
+	return (0);
+}
+
+static int
+getentropy_fallback(void *buf, size_t len)
+{
+	uint8_t results[SHA512_DIGEST_LENGTH];
+	int save_errno = errno, e, pgs = getpagesize(), faster = 0, repeat;
+	static int cnt;
+	struct timespec ts;
+	struct timeval tv;
+	struct rusage ru;
+	sigset_t sigset;
+	struct stat st;
+	SHA512_CTX ctx;
+	static pid_t lastpid;
+	pid_t pid;
+	size_t i, ii, m;
+	char *p;
+
+	pid = getpid();
+	if (lastpid == pid) {
+		faster = 1;
+		repeat = 2;
+	} else {
+		faster = 0;
+		lastpid = pid;
+		repeat = REPEAT;
+	}
+	for (i = 0; i < len; ) {
+		int j;
+		SHA512_Init(&ctx);
+		for (j = 0; j < repeat; j++) {
+			HX((e = gettimeofday(&tv, NULL)) == -1, tv);
+			if (e != -1) {
+				cnt += (int)tv.tv_sec;
+				cnt += (int)tv.tv_usec;
+			}
+
+			dl_iterate_phdr(getentropy_phdr, &ctx);
+
+			for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]); ii++)
+				HX(clock_gettime(cl[ii], &ts) == -1, ts);
+
+			HX((pid = getpid()) == -1, pid);
+			HX((pid = getsid(pid)) == -1, pid);
+			HX((pid = getppid()) == -1, pid);
+			HX((pid = getpgid(0)) == -1, pid);
+			HX((e = getpriority(0, 0)) == -1, e);
+
+			if (!faster) {
+				ts.tv_sec = 0;
+				ts.tv_nsec = 1;
+				(void) nanosleep(&ts, NULL);
+			}
+
+			HX(sigpending(&sigset) == -1, sigset);
+			HX(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1,
+			    sigset);
+
+			HF(getentropy);	/* an addr in this library */
+			HF(printf);		/* an addr in libc */
+			p = (char *)&p;
+			HD(p);		/* an addr on stack */
+			p = (char *)&errno;
+			HD(p);		/* the addr of errno */
+
+			if (i == 0) {
+				struct sockaddr_storage ss;
+				struct statvfs stvfs;
+				struct termios tios;
+				struct statfs stfs;
+				socklen_t ssl;
+				off_t off;
+
+				/*
+				 * Prime-sized mappings encourage fragmentation;
+				 * thus exposing some address entropy.
+				 */
+				struct mm {
+					size_t	npg;
+					void	*p;
+				} mm[] =	 {
+					{ 17, MAP_FAILED }, { 3, MAP_FAILED },
+					{ 11, MAP_FAILED }, { 2, MAP_FAILED },
+					{ 5, MAP_FAILED }, { 3, MAP_FAILED },
+					{ 7, MAP_FAILED }, { 1, MAP_FAILED },
+					{ 57, MAP_FAILED }, { 3, MAP_FAILED },
+					{ 131, MAP_FAILED }, { 1, MAP_FAILED },
+				};
+
+				for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
+					HX(mm[m].p = mmap(NULL,
+					    mm[m].npg * pgs,
+					    PROT_READ|PROT_WRITE,
+					    MAP_PRIVATE|MAP_ANON, -1,
+					    (off_t)0), mm[m].p);
+					if (mm[m].p != MAP_FAILED) {
+						size_t mo;
+
+						/* Touch some memory... */
+						p = mm[m].p;
+						mo = cnt %
+						    (mm[m].npg * pgs - 1);
+						p[mo] = 1;
+						cnt += (int)((long)(mm[m].p)
+						    / pgs);
+					}
+
+					/* Check cnts and times... */
+					for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]);
+					    ii++) {
+						HX((e = clock_gettime(cl[ii],
+						    &ts)) == -1, ts);
+						if (e != -1)
+							cnt += (int)ts.tv_nsec;
+					}
+
+					HX((e = getrusage(RUSAGE_SELF,
+					    &ru)) == -1, ru);
+					if (e != -1) {
+						cnt += (int)ru.ru_utime.tv_sec;
+						cnt += (int)ru.ru_utime.tv_usec;
+					}
+				}
+
+				for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
+					if (mm[m].p != MAP_FAILED)
+						munmap(mm[m].p, mm[m].npg * pgs);
+					mm[m].p = MAP_FAILED;
+				}
+
+				HX(stat(".", &st) == -1, st);
+				HX(statvfs(".", &stvfs) == -1, stvfs);
+				HX(statfs(".", &stfs) == -1, stfs);
+
+				HX(stat("/", &st) == -1, st);
+				HX(statvfs("/", &stvfs) == -1, stvfs);
+				HX(statfs("/", &stfs) == -1, stfs);
+
+				HX((e = fstat(0, &st)) == -1, st);
+				if (e == -1) {
+					if (S_ISREG(st.st_mode) ||
+					    S_ISFIFO(st.st_mode) ||
+					    S_ISSOCK(st.st_mode)) {
+						HX(fstatvfs(0, &stvfs) == -1,
+						    stvfs);
+						HX(fstatfs(0, &stfs) == -1,
+						    stfs);
+						HX((off = lseek(0, (off_t)0,
+						    SEEK_CUR)) < 0, off);
+					}
+					if (S_ISCHR(st.st_mode)) {
+						HX(tcgetattr(0, &tios) == -1,
+						    tios);
+					} else if (S_ISSOCK(st.st_mode)) {
+						memset(&ss, 0, sizeof ss);
+						ssl = sizeof(ss);
+						HX(getpeername(0,
+						    (void *)&ss, &ssl) == -1,
+						    ss);
+					}
+				}
+
+				HX((e = getrusage(RUSAGE_CHILDREN,
+				    &ru)) == -1, ru);
+				if (e != -1) {
+					cnt += (int)ru.ru_utime.tv_sec;
+					cnt += (int)ru.ru_utime.tv_usec;
+				}
+			} else {
+				/* Subsequent hashes absorb previous result */
+				HD(results);
+			}
+
+			HX((e = gettimeofday(&tv, NULL)) == -1, tv);
+			if (e != -1) {
+				cnt += (int)tv.tv_sec;
+				cnt += (int)tv.tv_usec;
+			}
+
+			HD(cnt);
+		}
+#ifdef HAVE_GETAUXVAL
+#ifdef AT_RANDOM
+		/* Not as random as you think but we take what we are given */
+		p = (char *) getauxval(AT_RANDOM);
+		if (p)
+			HR(p, 16);
+#endif
+#ifdef AT_SYSINFO_EHDR
+		p = (char *) getauxval(AT_SYSINFO_EHDR);
+		if (p)
+			HR(p, pgs);
+#endif
+#ifdef AT_BASE
+		p = (char *) getauxval(AT_BASE);
+		if (p)
+			HD(p);
+#endif
+#endif
+
+		SHA512_Final(results, &ctx);
+		memcpy((char *)buf + i, results, MINIMUM(sizeof(results), len - i));
+		i += MINIMUM(sizeof(results), len - i);
+	}
+	explicit_bzero(&ctx, sizeof ctx);
+	explicit_bzero(results, sizeof results);
+	errno = save_errno;
+	return (0);		/* satisfied */
+}
diff --git a/compat/getentropy_netbsd.c b/compat/getentropy_netbsd.c
new file mode 100644
index 0000000..45d68c9
--- /dev/null
+++ b/compat/getentropy_netbsd.c
@@ -0,0 +1,64 @@
+/*	$OpenBSD: getentropy_netbsd.c,v 1.3 2016/08/07 03:27:21 tb Exp $	*/
+
+/*
+ * Copyright (c) 2014 Pawel Jakub Dawidek <pjd@FreeBSD.org>
+ * Copyright (c) 2014 Brent Cook <bcook@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Emulation of getentropy(2) as documented at:
+ * http://man.openbsd.org/getentropy.2
+ */
+
+#include <sys/types.h>
+#include <sys/sysctl.h>
+
+#include <errno.h>
+#include <stddef.h>
+
+/*
+ * Derived from lib/libc/gen/arc4random.c from FreeBSD.
+ */
+static size_t
+getentropy_sysctl(u_char *buf, size_t size)
+{
+	int mib[2];
+	size_t len, done;
+
+	mib[0] = CTL_KERN;
+	mib[1] = KERN_ARND;
+	done = 0;
+
+	do {
+		len = size;
+		if (sysctl(mib, 2, buf, &len, NULL, 0) == -1)
+			return (done);
+		done += len;
+		buf += len;
+		size -= len;
+	} while (size > 0);
+
+	return (done);
+}
+
+int
+getentropy(void *buf, size_t len)
+{
+	if (len <= 256 &&
+	    getentropy_sysctl(buf, len) == len) {
+		return (0);
+	}
+
+	errno = EIO;
+	return (-1);
+}
diff --git a/compat/getentropy_osx.c b/compat/getentropy_osx.c
new file mode 100644
index 0000000..5d4067b
--- /dev/null
+++ b/compat/getentropy_osx.c
@@ -0,0 +1,417 @@
+/*	$OpenBSD: getentropy_osx.c,v 1.13 2020/05/17 14:44:20 deraadt Exp $	*/
+
+/*
+ * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
+ * Copyright (c) 2014 Bob Beck <beck@obtuse.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Emulation of getentropy(2) as documented at:
+ * http://man.openbsd.org/getentropy.2
+ */
+
+#include <TargetConditionals.h>
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/ioctl.h>
+#include <sys/resource.h>
+#include <sys/syscall.h>
+#include <sys/sysctl.h>
+#include <sys/statvfs.h>
+#include <sys/socket.h>
+#include <sys/mount.h>
+#include <sys/mman.h>
+#include <sys/stat.h>
+#include <sys/time.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <termios.h>
+#include <fcntl.h>
+#include <signal.h>
+#include <string.h>
+#include <errno.h>
+#include <unistd.h>
+#include <time.h>
+#include <mach/mach_time.h>
+#include <mach/mach_host.h>
+#include <mach/host_info.h>
+#if TARGET_OS_OSX
+#include <sys/socketvar.h>
+#include <sys/vmmeter.h>
+#endif
+#include <netinet/in.h>
+#include <netinet/tcp.h>
+#if TARGET_OS_OSX
+#include <netinet/udp.h>
+#include <netinet/ip_var.h>
+#include <netinet/tcp_var.h>
+#include <netinet/udp_var.h>
+#endif
+#include <CommonCrypto/CommonDigest.h>
+#define SHA512_Update(a, b, c)	(CC_SHA512_Update((a), (b), (c)))
+#define SHA512_Init(xxx) (CC_SHA512_Init((xxx)))
+#define SHA512_Final(xxx, yyy) (CC_SHA512_Final((xxx), (yyy)))
+#define SHA512_CTX CC_SHA512_CTX
+#define SHA512_DIGEST_LENGTH CC_SHA512_DIGEST_LENGTH
+
+#define REPEAT 5
+#define MINIMUM(a, b) (((a) < (b)) ? (a) : (b))
+
+#define HX(a, b) \
+	do { \
+		if ((a)) \
+			HD(errno); \
+		else \
+			HD(b); \
+	} while (0)
+
+#define HR(x, l) (SHA512_Update(&ctx, (char *)(x), (l)))
+#define HD(x)	 (SHA512_Update(&ctx, (char *)&(x), sizeof (x)))
+#define HF(x)    (SHA512_Update(&ctx, (char *)&(x), sizeof (void*)))
+
+int	getentropy(void *buf, size_t len);
+
+static int getentropy_urandom(void *buf, size_t len);
+static int getentropy_fallback(void *buf, size_t len);
+
+int
+getentropy(void *buf, size_t len)
+{
+	int ret = -1;
+
+	if (len > 256) {
+		errno = EIO;
+		return (-1);
+	}
+
+	/*
+	 * Try to get entropy with /dev/urandom
+	 *
+	 * This can fail if the process is inside a chroot or if file
+	 * descriptors are exhausted.
+	 */
+	ret = getentropy_urandom(buf, len);
+	if (ret != -1)
+		return (ret);
+
+	/*
+	 * Entropy collection via /dev/urandom and sysctl have failed.
+	 *
+	 * No other API exists for collecting entropy, and we have
+	 * no failsafe way to get it on OSX that is not sensitive
+	 * to resource exhaustion.
+	 *
+	 * We have very few options:
+	 *     - Even syslog_r is unsafe to call at this low level, so
+	 *	 there is no way to alert the user or program.
+	 *     - Cannot call abort() because some systems have unsafe
+	 *	 corefiles.
+	 *     - Could raise(SIGKILL) resulting in silent program termination.
+	 *     - Return EIO, to hint that arc4random's stir function
+	 *       should raise(SIGKILL)
+	 *     - Do the best under the circumstances....
+	 *
+	 * This code path exists to bring light to the issue that OSX
+	 * does not provide a failsafe API for entropy collection.
+	 *
+	 * We hope this demonstrates that OSX should consider
+	 * providing a new failsafe API which works in a chroot or
+	 * when file descriptors are exhausted.
+	 */
+#undef FAIL_INSTEAD_OF_TRYING_FALLBACK
+#ifdef FAIL_INSTEAD_OF_TRYING_FALLBACK
+	raise(SIGKILL);
+#endif
+	ret = getentropy_fallback(buf, len);
+	if (ret != -1)
+		return (ret);
+
+	errno = EIO;
+	return (ret);
+}
+
+static int
+getentropy_urandom(void *buf, size_t len)
+{
+	struct stat st;
+	size_t i;
+	int fd, flags;
+	int save_errno = errno;
+
+start:
+
+	flags = O_RDONLY;
+#ifdef O_NOFOLLOW
+	flags |= O_NOFOLLOW;
+#endif
+#ifdef O_CLOEXEC
+	flags |= O_CLOEXEC;
+#endif
+	fd = open("/dev/urandom", flags, 0);
+	if (fd == -1) {
+		if (errno == EINTR)
+			goto start;
+		goto nodevrandom;
+	}
+#ifndef O_CLOEXEC
+	fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC);
+#endif
+
+	/* Lightly verify that the device node looks sane */
+	if (fstat(fd, &st) == -1 || !S_ISCHR(st.st_mode)) {
+		close(fd);
+		goto nodevrandom;
+	}
+	for (i = 0; i < len; ) {
+		size_t wanted = len - i;
+		ssize_t ret = read(fd, (char *)buf + i, wanted);
+
+		if (ret == -1) {
+			if (errno == EAGAIN || errno == EINTR)
+				continue;
+			close(fd);
+			goto nodevrandom;
+		}
+		i += ret;
+	}
+	close(fd);
+	errno = save_errno;
+	return (0);		/* satisfied */
+nodevrandom:
+	errno = EIO;
+	return (-1);
+}
+
+#if TARGET_OS_OSX
+static int tcpmib[] = { CTL_NET, AF_INET, IPPROTO_TCP, TCPCTL_STATS };
+static int udpmib[] = { CTL_NET, AF_INET, IPPROTO_UDP, UDPCTL_STATS };
+static int ipmib[] = { CTL_NET, AF_INET, IPPROTO_IP, IPCTL_STATS };
+#endif
+static int kmib[] = { CTL_KERN, KERN_USRSTACK };
+static int hwmib[] = { CTL_HW, HW_USERMEM };
+
+static int
+getentropy_fallback(void *buf, size_t len)
+{
+	uint8_t results[SHA512_DIGEST_LENGTH];
+	int save_errno = errno, e, pgs = getpagesize(), faster = 0, repeat;
+	static int cnt;
+	struct timespec ts;
+	struct timeval tv;
+	struct rusage ru;
+	sigset_t sigset;
+	struct stat st;
+	SHA512_CTX ctx;
+	static pid_t lastpid;
+	pid_t pid;
+	size_t i, ii, m;
+	char *p;
+#if TARGET_OS_OSX
+	struct tcpstat tcpstat;
+	struct udpstat udpstat;
+	struct ipstat ipstat;
+#endif
+	u_int64_t mach_time;
+	unsigned int idata;
+	void *addr;
+
+	pid = getpid();
+	if (lastpid == pid) {
+		faster = 1;
+		repeat = 2;
+	} else {
+		faster = 0;
+		lastpid = pid;
+		repeat = REPEAT;
+	}
+	for (i = 0; i < len; ) {
+		int j;
+		SHA512_Init(&ctx);
+		for (j = 0; j < repeat; j++) {
+			HX((e = gettimeofday(&tv, NULL)) == -1, tv);
+			if (e != -1) {
+				cnt += (int)tv.tv_sec;
+				cnt += (int)tv.tv_usec;
+			}
+
+			mach_time = mach_absolute_time();
+			HD(mach_time);
+
+			ii = sizeof(addr);
+			HX(sysctl(kmib, sizeof(kmib) / sizeof(kmib[0]),
+			    &addr, &ii, NULL, 0) == -1, addr);
+
+			ii = sizeof(idata);
+			HX(sysctl(hwmib, sizeof(hwmib) / sizeof(hwmib[0]),
+			    &idata, &ii, NULL, 0) == -1, idata);
+
+#if TARGET_OS_OSX
+			ii = sizeof(tcpstat);
+			HX(sysctl(tcpmib, sizeof(tcpmib) / sizeof(tcpmib[0]),
+			    &tcpstat, &ii, NULL, 0) == -1, tcpstat);
+
+			ii = sizeof(udpstat);
+			HX(sysctl(udpmib, sizeof(udpmib) / sizeof(udpmib[0]),
+			    &udpstat, &ii, NULL, 0) == -1, udpstat);
+
+			ii = sizeof(ipstat);
+			HX(sysctl(ipmib, sizeof(ipmib) / sizeof(ipmib[0]),
+			    &ipstat, &ii, NULL, 0) == -1, ipstat);
+#endif
+
+			HX((pid = getpid()) == -1, pid);
+			HX((pid = getsid(pid)) == -1, pid);
+			HX((pid = getppid()) == -1, pid);
+			HX((pid = getpgid(0)) == -1, pid);
+			HX((e = getpriority(0, 0)) == -1, e);
+
+			if (!faster) {
+				ts.tv_sec = 0;
+				ts.tv_nsec = 1;
+				(void) nanosleep(&ts, NULL);
+			}
+
+			HX(sigpending(&sigset) == -1, sigset);
+			HX(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1,
+			    sigset);
+
+			HF(getentropy);	/* an addr in this library */
+			HF(printf);		/* an addr in libc */
+			p = (char *)&p;
+			HD(p);		/* an addr on stack */
+			p = (char *)&errno;
+			HD(p);		/* the addr of errno */
+
+			if (i == 0) {
+				struct sockaddr_storage ss;
+				struct statvfs stvfs;
+				struct termios tios;
+				struct statfs stfs;
+				socklen_t ssl;
+				off_t off;
+
+				/*
+				 * Prime-sized mappings encourage fragmentation;
+				 * thus exposing some address entropy.
+				 */
+				struct mm {
+					size_t	npg;
+					void	*p;
+				} mm[] =	 {
+					{ 17, MAP_FAILED }, { 3, MAP_FAILED },
+					{ 11, MAP_FAILED }, { 2, MAP_FAILED },
+					{ 5, MAP_FAILED }, { 3, MAP_FAILED },
+					{ 7, MAP_FAILED }, { 1, MAP_FAILED },
+					{ 57, MAP_FAILED }, { 3, MAP_FAILED },
+					{ 131, MAP_FAILED }, { 1, MAP_FAILED },
+				};
+
+				for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
+					HX(mm[m].p = mmap(NULL,
+					    mm[m].npg * pgs,
+					    PROT_READ|PROT_WRITE,
+					    MAP_PRIVATE|MAP_ANON, -1,
+					    (off_t)0), mm[m].p);
+					if (mm[m].p != MAP_FAILED) {
+						size_t mo;
+
+						/* Touch some memory... */
+						p = mm[m].p;
+						mo = cnt %
+						    (mm[m].npg * pgs - 1);
+						p[mo] = 1;
+						cnt += (int)((long)(mm[m].p)
+						    / pgs);
+					}
+
+					/* Check cnts and times... */
+					mach_time = mach_absolute_time();
+					HD(mach_time);
+					cnt += (int)mach_time;
+
+					HX((e = getrusage(RUSAGE_SELF,
+					    &ru)) == -1, ru);
+					if (e != -1) {
+						cnt += (int)ru.ru_utime.tv_sec;
+						cnt += (int)ru.ru_utime.tv_usec;
+					}
+				}
+
+				for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
+					if (mm[m].p != MAP_FAILED)
+						munmap(mm[m].p, mm[m].npg * pgs);
+					mm[m].p = MAP_FAILED;
+				}
+
+				HX(stat(".", &st) == -1, st);
+				HX(statvfs(".", &stvfs) == -1, stvfs);
+				HX(statfs(".", &stfs) == -1, stfs);
+
+				HX(stat("/", &st) == -1, st);
+				HX(statvfs("/", &stvfs) == -1, stvfs);
+				HX(statfs("/", &stfs) == -1, stfs);
+
+				HX((e = fstat(0, &st)) == -1, st);
+				if (e == -1) {
+					if (S_ISREG(st.st_mode) ||
+					    S_ISFIFO(st.st_mode) ||
+					    S_ISSOCK(st.st_mode)) {
+						HX(fstatvfs(0, &stvfs) == -1,
+						    stvfs);
+						HX(fstatfs(0, &stfs) == -1,
+						    stfs);
+						HX((off = lseek(0, (off_t)0,
+						    SEEK_CUR)) < 0, off);
+					}
+					if (S_ISCHR(st.st_mode)) {
+						HX(tcgetattr(0, &tios) == -1,
+						    tios);
+					} else if (S_ISSOCK(st.st_mode)) {
+						memset(&ss, 0, sizeof ss);
+						ssl = sizeof(ss);
+						HX(getpeername(0,
+						    (void *)&ss, &ssl) == -1,
+						    ss);
+					}
+				}
+
+				HX((e = getrusage(RUSAGE_CHILDREN,
+				    &ru)) == -1, ru);
+				if (e != -1) {
+					cnt += (int)ru.ru_utime.tv_sec;
+					cnt += (int)ru.ru_utime.tv_usec;
+				}
+			} else {
+				/* Subsequent hashes absorb previous result */
+				HD(results);
+			}
+
+			HX((e = gettimeofday(&tv, NULL)) == -1, tv);
+			if (e != -1) {
+				cnt += (int)tv.tv_sec;
+				cnt += (int)tv.tv_usec;
+			}
+
+			HD(cnt);
+		}
+
+		SHA512_Final(results, &ctx);
+		memcpy((char *)buf + i, results, MINIMUM(sizeof(results), len - i));
+		i += MINIMUM(sizeof(results), len - i);
+	}
+	explicit_bzero(&ctx, sizeof ctx);
+	explicit_bzero(results, sizeof results);
+	errno = save_errno;
+	return (0);		/* satisfied */
+}
diff --git a/compat/getentropy_solaris.c b/compat/getentropy_solaris.c
new file mode 100644
index 0000000..cf5b9bf
--- /dev/null
+++ b/compat/getentropy_solaris.c
@@ -0,0 +1,422 @@
+/*	$OpenBSD: getentropy_solaris.c,v 1.14 2020/05/17 14:44:20 deraadt Exp $	*/
+
+/*
+ * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
+ * Copyright (c) 2014 Bob Beck <beck@obtuse.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Emulation of getentropy(2) as documented at:
+ * http://man.openbsd.org/getentropy.2
+ */
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/ioctl.h>
+#include <sys/resource.h>
+#include <sys/syscall.h>
+#include <sys/statvfs.h>
+#include <sys/socket.h>
+#include <sys/mount.h>
+#include <sys/mman.h>
+#include <sys/stat.h>
+#include <sys/time.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <link.h>
+#include <termios.h>
+#include <fcntl.h>
+#include <signal.h>
+#include <string.h>
+#include <errno.h>
+#include <unistd.h>
+#include <time.h>
+#include <sys/sha2.h>
+#define SHA512_Init SHA512Init
+#define SHA512_Update SHA512Update
+#define SHA512_Final SHA512Final
+
+#include <sys/vfs.h>
+#include <sys/statfs.h>
+#include <sys/loadavg.h>
+
+#define REPEAT 5
+#define MINIMUM(a, b) (((a) < (b)) ? (a) : (b))
+
+#define HX(a, b) \
+	do { \
+		if ((a)) \
+			HD(errno); \
+		else \
+			HD(b); \
+	} while (0)
+
+#define HR(x, l) (SHA512_Update(&ctx, (char *)(x), (l)))
+#define HD(x)	 (SHA512_Update(&ctx, (char *)&(x), sizeof (x)))
+#define HF(x)    (SHA512_Update(&ctx, (char *)&(x), sizeof (void*)))
+
+int	getentropy(void *buf, size_t len);
+
+static int getentropy_urandom(void *buf, size_t len, const char *path,
+    int devfscheck);
+static int getentropy_fallback(void *buf, size_t len);
+static int getentropy_phdr(struct dl_phdr_info *info, size_t size, void *data);
+
+int
+getentropy(void *buf, size_t len)
+{
+	int ret = -1;
+
+	if (len > 256) {
+		errno = EIO;
+		return (-1);
+	}
+
+	/*
+	 * Try to get entropy with /dev/urandom
+	 *
+	 * Solaris provides /dev/urandom as a symbolic link to
+	 * /devices/pseudo/random@0:urandom which is provided by
+	 * a devfs filesystem.  Best practice is to use O_NOFOLLOW,
+	 * so we must try the unpublished name directly.
+	 *
+	 * This can fail if the process is inside a chroot which lacks
+	 * the devfs mount, or if file descriptors are exhausted.
+	 */
+	ret = getentropy_urandom(buf, len,
+	    "/devices/pseudo/random@0:urandom", 1);
+	if (ret != -1)
+		return (ret);
+
+	/*
+	 * Unfortunately, chroot spaces on Solaris are sometimes setup
+	 * with direct device node of the well-known /dev/urandom name
+	 * (perhaps to avoid dragging all of devfs into the space).
+	 *
+	 * This can fail if the process is inside a chroot or if file
+	 * descriptors are exhausted.
+	 */
+	ret = getentropy_urandom(buf, len, "/dev/urandom", 0);
+	if (ret != -1)
+		return (ret);
+
+	/*
+	 * Entropy collection via /dev/urandom has failed.
+	 *
+	 * No other API exists for collecting entropy, and we have
+	 * no failsafe way to get it on Solaris that is not sensitive
+	 * to resource exhaustion.
+	 *
+	 * We have very few options:
+	 *     - Even syslog_r is unsafe to call at this low level, so
+	 *	 there is no way to alert the user or program.
+	 *     - Cannot call abort() because some systems have unsafe
+	 *	 corefiles.
+	 *     - Could raise(SIGKILL) resulting in silent program termination.
+	 *     - Return EIO, to hint that arc4random's stir function
+	 *       should raise(SIGKILL)
+	 *     - Do the best under the circumstances....
+	 *
+	 * This code path exists to bring light to the issue that Solaris
+	 * does not provide a failsafe API for entropy collection.
+	 *
+	 * We hope this demonstrates that Solaris should consider
+	 * providing a new failsafe API which works in a chroot or
+	 * when file descriptors are exhausted.
+	 */
+#undef FAIL_INSTEAD_OF_TRYING_FALLBACK
+#ifdef FAIL_INSTEAD_OF_TRYING_FALLBACK
+	raise(SIGKILL);
+#endif
+	ret = getentropy_fallback(buf, len);
+	if (ret != -1)
+		return (ret);
+
+	errno = EIO;
+	return (ret);
+}
+
+static int
+getentropy_urandom(void *buf, size_t len, const char *path, int devfscheck)
+{
+	struct stat st;
+	size_t i;
+	int fd, flags;
+	int save_errno = errno;
+
+start:
+
+	flags = O_RDONLY;
+#ifdef O_NOFOLLOW
+	flags |= O_NOFOLLOW;
+#endif
+#ifdef O_CLOEXEC
+	flags |= O_CLOEXEC;
+#endif
+	fd = open(path, flags, 0);
+	if (fd == -1) {
+		if (errno == EINTR)
+			goto start;
+		goto nodevrandom;
+	}
+#ifndef O_CLOEXEC
+	fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC);
+#endif
+
+	/* Lightly verify that the device node looks sane */
+	if (fstat(fd, &st) == -1 || !S_ISCHR(st.st_mode) ||
+	    (devfscheck && (strcmp(st.st_fstype, "devfs") != 0))) {
+		close(fd);
+		goto nodevrandom;
+	}
+	for (i = 0; i < len; ) {
+		size_t wanted = len - i;
+		ssize_t ret = read(fd, (char *)buf + i, wanted);
+
+		if (ret == -1) {
+			if (errno == EAGAIN || errno == EINTR)
+				continue;
+			close(fd);
+			goto nodevrandom;
+		}
+		i += ret;
+	}
+	close(fd);
+	errno = save_errno;
+	return (0);		/* satisfied */
+nodevrandom:
+	errno = EIO;
+	return (-1);
+}
+
+static const int cl[] = {
+	CLOCK_REALTIME,
+#ifdef CLOCK_MONOTONIC
+	CLOCK_MONOTONIC,
+#endif
+#ifdef CLOCK_MONOTONIC_RAW
+	CLOCK_MONOTONIC_RAW,
+#endif
+#ifdef CLOCK_TAI
+	CLOCK_TAI,
+#endif
+#ifdef CLOCK_VIRTUAL
+	CLOCK_VIRTUAL,
+#endif
+#ifdef CLOCK_UPTIME
+	CLOCK_UPTIME,
+#endif
+#ifdef CLOCK_PROCESS_CPUTIME_ID
+	CLOCK_PROCESS_CPUTIME_ID,
+#endif
+#ifdef CLOCK_THREAD_CPUTIME_ID
+	CLOCK_THREAD_CPUTIME_ID,
+#endif
+};
+
+static int
+getentropy_phdr(struct dl_phdr_info *info, size_t size, void *data)
+{
+	SHA512_CTX *ctx = data;
+
+	SHA512_Update(ctx, &info->dlpi_addr, sizeof (info->dlpi_addr));
+	return (0);
+}
+
+static int
+getentropy_fallback(void *buf, size_t len)
+{
+	uint8_t results[SHA512_DIGEST_LENGTH];
+	int save_errno = errno, e, pgs = getpagesize(), faster = 0, repeat;
+	static int cnt;
+	struct timespec ts;
+	struct timeval tv;
+	double loadavg[3];
+	struct rusage ru;
+	sigset_t sigset;
+	struct stat st;
+	SHA512_CTX ctx;
+	static pid_t lastpid;
+	pid_t pid;
+	size_t i, ii, m;
+	char *p;
+
+	pid = getpid();
+	if (lastpid == pid) {
+		faster = 1;
+		repeat = 2;
+	} else {
+		faster = 0;
+		lastpid = pid;
+		repeat = REPEAT;
+	}
+	for (i = 0; i < len; ) {
+		int j;
+		SHA512_Init(&ctx);
+		for (j = 0; j < repeat; j++) {
+			HX((e = gettimeofday(&tv, NULL)) == -1, tv);
+			if (e != -1) {
+				cnt += (int)tv.tv_sec;
+				cnt += (int)tv.tv_usec;
+			}
+
+			dl_iterate_phdr(getentropy_phdr, &ctx);
+
+			for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]); ii++)
+				HX(clock_gettime(cl[ii], &ts) == -1, ts);
+
+			HX((pid = getpid()) == -1, pid);
+			HX((pid = getsid(pid)) == -1, pid);
+			HX((pid = getppid()) == -1, pid);
+			HX((pid = getpgid(0)) == -1, pid);
+			HX((e = getpriority(0, 0)) == -1, e);
+			HX((getloadavg(loadavg, 3) == -1), loadavg);
+
+			if (!faster) {
+				ts.tv_sec = 0;
+				ts.tv_nsec = 1;
+				(void) nanosleep(&ts, NULL);
+			}
+
+			HX(sigpending(&sigset) == -1, sigset);
+			HX(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1,
+			    sigset);
+
+			HF(getentropy);	/* an addr in this library */
+			HF(printf);		/* an addr in libc */
+			p = (char *)&p;
+			HD(p);		/* an addr on stack */
+			p = (char *)&errno;
+			HD(p);		/* the addr of errno */
+
+			if (i == 0) {
+				struct sockaddr_storage ss;
+				struct statvfs stvfs;
+				struct termios tios;
+				socklen_t ssl;
+				off_t off;
+
+				/*
+				 * Prime-sized mappings encourage fragmentation;
+				 * thus exposing some address entropy.
+				 */
+				struct mm {
+					size_t	npg;
+					void	*p;
+				} mm[] =	 {
+					{ 17, MAP_FAILED }, { 3, MAP_FAILED },
+					{ 11, MAP_FAILED }, { 2, MAP_FAILED },
+					{ 5, MAP_FAILED }, { 3, MAP_FAILED },
+					{ 7, MAP_FAILED }, { 1, MAP_FAILED },
+					{ 57, MAP_FAILED }, { 3, MAP_FAILED },
+					{ 131, MAP_FAILED }, { 1, MAP_FAILED },
+				};
+
+				for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
+					HX(mm[m].p = mmap(NULL,
+					    mm[m].npg * pgs,
+					    PROT_READ|PROT_WRITE,
+					    MAP_PRIVATE|MAP_ANON, -1,
+					    (off_t)0), mm[m].p);
+					if (mm[m].p != MAP_FAILED) {
+						size_t mo;
+
+						/* Touch some memory... */
+						p = mm[m].p;
+						mo = cnt %
+						    (mm[m].npg * pgs - 1);
+						p[mo] = 1;
+						cnt += (int)((long)(mm[m].p)
+						    / pgs);
+					}
+
+					/* Check cnts and times... */
+					for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]);
+					    ii++) {
+						HX((e = clock_gettime(cl[ii],
+						    &ts)) == -1, ts);
+						if (e != -1)
+							cnt += (int)ts.tv_nsec;
+					}
+
+					HX((e = getrusage(RUSAGE_SELF,
+					    &ru)) == -1, ru);
+					if (e != -1) {
+						cnt += (int)ru.ru_utime.tv_sec;
+						cnt += (int)ru.ru_utime.tv_usec;
+					}
+				}
+
+				for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
+					if (mm[m].p != MAP_FAILED)
+						munmap(mm[m].p, mm[m].npg * pgs);
+					mm[m].p = MAP_FAILED;
+				}
+
+				HX(stat(".", &st) == -1, st);
+				HX(statvfs(".", &stvfs) == -1, stvfs);
+
+				HX(stat("/", &st) == -1, st);
+				HX(statvfs("/", &stvfs) == -1, stvfs);
+
+				HX((e = fstat(0, &st)) == -1, st);
+				if (e == -1) {
+					if (S_ISREG(st.st_mode) ||
+					    S_ISFIFO(st.st_mode) ||
+					    S_ISSOCK(st.st_mode)) {
+						HX(fstatvfs(0, &stvfs) == -1,
+						    stvfs);
+						HX((off = lseek(0, (off_t)0,
+						    SEEK_CUR)) < 0, off);
+					}
+					if (S_ISCHR(st.st_mode)) {
+						HX(tcgetattr(0, &tios) == -1,
+						    tios);
+					} else if (S_ISSOCK(st.st_mode)) {
+						memset(&ss, 0, sizeof ss);
+						ssl = sizeof(ss);
+						HX(getpeername(0,
+						    (void *)&ss, &ssl) == -1,
+						    ss);
+					}
+				}
+
+				HX((e = getrusage(RUSAGE_CHILDREN,
+				    &ru)) == -1, ru);
+				if (e != -1) {
+					cnt += (int)ru.ru_utime.tv_sec;
+					cnt += (int)ru.ru_utime.tv_usec;
+				}
+			} else {
+				/* Subsequent hashes absorb previous result */
+				HD(results);
+			}
+
+			HX((e = gettimeofday(&tv, NULL)) == -1, tv);
+			if (e != -1) {
+				cnt += (int)tv.tv_sec;
+				cnt += (int)tv.tv_usec;
+			}
+
+			HD(cnt);
+		}
+		SHA512_Final(results, &ctx);
+		memcpy((char *)buf + i, results, MINIMUM(sizeof(results), len - i));
+		i += MINIMUM(sizeof(results), len - i);
+	}
+	explicit_bzero(&ctx, sizeof ctx);
+	explicit_bzero(results, sizeof results);
+	errno = save_errno;
+	return (0);		/* satisfied */
+}
diff --git a/compat/getentropy_win.c b/compat/getentropy_win.c
new file mode 100644
index 0000000..2abeb27
--- /dev/null
+++ b/compat/getentropy_win.c
@@ -0,0 +1,59 @@
+/*	$OpenBSD: getentropy_win.c,v 1.5 2016/08/07 03:27:21 tb Exp $	*/
+
+/*
+ * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org> 
+ * Copyright (c) 2014, Bob Beck <beck@obtuse.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Emulation of getentropy(2) as documented at:
+ * http://man.openbsd.org/getentropy.2
+ */
+
+#include <windows.h>
+#include <errno.h>
+#include <stdint.h>
+#include <sys/types.h>
+#include <wincrypt.h>
+#include <process.h>
+
+int	getentropy(void *buf, size_t len);
+
+/*
+ * On Windows, CryptGenRandom is supposed to be a well-seeded
+ * cryptographically strong random number generator.
+ */
+int
+getentropy(void *buf, size_t len)
+{
+	HCRYPTPROV provider;
+
+	if (len > 256) {
+		errno = EIO;
+		return (-1);
+	}
+
+	if (CryptAcquireContext(&provider, NULL, NULL, PROV_RSA_FULL,
+	    CRYPT_VERIFYCONTEXT) == 0)
+		goto fail;
+	if (CryptGenRandom(provider, len, buf) == 0) {
+		CryptReleaseContext(provider, 0);
+		goto fail;
+	}
+	CryptReleaseContext(provider, 0);
+	return (0);
+
+fail:
+	errno = EIO;
+	return (-1);
+}
diff --git a/compat/getpagesize.c b/compat/getpagesize.c
new file mode 100644
index 0000000..cbaae92
--- /dev/null
+++ b/compat/getpagesize.c
@@ -0,0 +1,18 @@
+/* $OpenBSD$ */
+
+#include <unistd.h>
+
+#ifdef _WIN32
+#include <windows.h>
+#endif
+
+int
+getpagesize(void) {
+#ifdef _WIN32
+	SYSTEM_INFO system_info;
+	GetSystemInfo(&system_info);
+	return system_info.dwPageSize;
+#else
+	return sysconf(_SC_PAGESIZE);
+#endif
+}
diff --git a/compat/getprogname_linux.c b/compat/getprogname_linux.c
new file mode 100644
index 0000000..1850e86
--- /dev/null
+++ b/compat/getprogname_linux.c
@@ -0,0 +1,23 @@
+#include <stdlib.h>
+
+#include <errno.h>
+
+const char *
+getprogname(void)
+{
+#if defined(__ANDROID_API__) && __ANDROID_API__ < 21
+	/*
+	 * Android added getprogname with API 21, so we should not end up here
+	 * with APIs newer than 21.
+	 * https://github.com/aosp-mirror/platform_bionic/blob/1eb6d3/libc/include/stdlib.h#L160
+	 *
+	 * Since Android is using portions of OpenBSD libc, it should have
+	 * a symbol called __progname.
+	 * https://github.com/aosp-mirror/platform_bionic/commit/692207
+	 */
+	extern const char *__progname;
+	return __progname;
+#else
+	return program_invocation_short_name;
+#endif
+}
diff --git a/compat/getprogname_unimpl.c b/compat/getprogname_unimpl.c
new file mode 100644
index 0000000..339c54a
--- /dev/null
+++ b/compat/getprogname_unimpl.c
@@ -0,0 +1,7 @@
+#include <stdlib.h>
+
+const char *
+getprogname(void)
+{
+	return "?";
+}
diff --git a/compat/getprogname_windows.c b/compat/getprogname_windows.c
new file mode 100644
index 0000000..eb04ec0
--- /dev/null
+++ b/compat/getprogname_windows.c
@@ -0,0 +1,13 @@
+#include <stdlib.h>
+
+#include <windows.h>
+
+const char *
+getprogname(void)
+{
+	static char progname[MAX_PATH + 1];
+	DWORD length = GetModuleFileName(NULL, progname, sizeof (progname) - 1);
+	if (length < 0)
+		return "?";
+	return progname;
+}
diff --git a/compat/posix_win.c b/compat/posix_win.c
new file mode 100644
index 0000000..30c93cd
--- /dev/null
+++ b/compat/posix_win.c
@@ -0,0 +1,245 @@
+/*
+ * Public domain
+ *
+ * BSD socket emulation code for Winsock2
+ * File IO compatibility shims
+ * Brent Cook <bcook@openbsd.org>
+ * Kinichiro Inoguchi <inoguchi@openbsd.org>
+ */
+
+#define NO_REDEF_POSIX_FUNCTIONS
+
+#include <windows.h>
+#include <ws2tcpip.h>
+
+#include <errno.h>
+#include <fcntl.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+void
+posix_perror(const char *s)
+{
+	fprintf(stderr, "%s: %s\n", s, strerror(errno));
+}
+
+FILE *
+posix_fopen(const char *path, const char *mode)
+{
+	if (strchr(mode, 'b') == NULL) {
+		char *bin_mode = NULL;
+		if (asprintf(&bin_mode, "%sb", mode) == -1)
+			return NULL;
+		FILE *f = fopen(path, bin_mode);
+		free(bin_mode);
+		return f;
+	}
+
+	return fopen(path, mode);
+}
+
+int
+posix_open(const char *path, ...)
+{
+	va_list ap;
+	int mode = 0;
+	int flags;
+
+	va_start(ap, path);
+	flags = va_arg(ap, int);
+	if (flags & O_CREAT)
+		mode = va_arg(ap, int);
+	va_end(ap);
+
+	flags |= O_BINARY;
+	if (flags & O_CLOEXEC) {
+		flags &= ~O_CLOEXEC;
+		flags |= O_NOINHERIT;
+	}
+	flags &= ~O_NONBLOCK;
+	return open(path, flags, mode);
+}
+
+char *
+posix_fgets(char *s, int size, FILE *stream)
+{
+	char *ret = fgets(s, size, stream);
+	if (ret != NULL) {
+		size_t end = strlen(ret);
+		if (end >= 2 && ret[end - 2] == '\r' && ret[end - 1] == '\n') {
+			ret[end - 2] = '\n';
+			ret[end - 1] = '\0';
+		}
+	}
+	return ret;
+}
+
+int
+posix_rename(const char *oldpath, const char *newpath)
+{
+	return MoveFileEx(oldpath, newpath, MOVEFILE_REPLACE_EXISTING) ? 0 : -1;
+}
+
+static int
+wsa_errno(int err)
+{
+	switch (err) {
+	case WSAENOBUFS:
+		errno = ENOMEM;
+		break;
+	case WSAEACCES:
+		errno = EACCES;
+		break;
+	case WSANOTINITIALISED:
+		errno = EPERM;
+		break;
+	case WSAEHOSTUNREACH:
+	case WSAENETDOWN:
+		errno = EIO;
+		break;
+	case WSAEFAULT:
+		errno = EFAULT;
+		break;
+	case WSAEINTR:
+		errno = EINTR;
+		break;
+	case WSAEINVAL:
+		errno = EINVAL;
+		break;
+	case WSAEINPROGRESS:
+		errno = EINPROGRESS;
+		break;
+	case WSAEWOULDBLOCK:
+		errno = EAGAIN;
+		break;
+	case WSAEOPNOTSUPP:
+		errno = ENOTSUP;
+		break;
+	case WSAEMSGSIZE:
+		errno = EFBIG;
+		break;
+	case WSAENOTSOCK:
+		errno = ENOTSOCK;
+		break;
+	case WSAENOPROTOOPT:
+		errno = ENOPROTOOPT;
+		break;
+	case WSAECONNREFUSED:
+		errno = ECONNREFUSED;
+		break;
+	case WSAEAFNOSUPPORT:
+		errno = EAFNOSUPPORT;
+		break;
+	case WSAEBADF:
+		errno = EBADF;
+		break;
+	case WSAENETRESET:
+	case WSAENOTCONN:
+	case WSAECONNABORTED:
+	case WSAECONNRESET:
+	case WSAESHUTDOWN:
+	case WSAETIMEDOUT:
+		errno = EPIPE;
+		break;
+	}
+	return -1;
+}
+
+int
+posix_connect(int sockfd, const struct sockaddr *addr, socklen_t addrlen)
+{
+	int rc = connect(sockfd, addr, addrlen);
+	if (rc == SOCKET_ERROR)
+		return wsa_errno(WSAGetLastError());
+	return rc;
+}
+
+int
+posix_close(int fd)
+{
+	if (closesocket(fd) == SOCKET_ERROR) {
+		int err = WSAGetLastError();
+		return (err == WSAENOTSOCK || err == WSAEBADF ||
+		    err == WSANOTINITIALISED) ?
+			close(fd) : wsa_errno(err);
+	}
+	return 0;
+}
+
+ssize_t
+posix_read(int fd, void *buf, size_t count)
+{
+	ssize_t rc = recv(fd, buf, count, 0);
+	if (rc == SOCKET_ERROR) {
+		int err = WSAGetLastError();
+		return (err == WSAENOTSOCK || err == WSAEBADF ||
+		    err == WSANOTINITIALISED) ?
+			read(fd, buf, count) : wsa_errno(err);
+	}
+	return rc;
+}
+
+ssize_t
+posix_write(int fd, const void *buf, size_t count)
+{
+	ssize_t rc = send(fd, buf, count, 0);
+	if (rc == SOCKET_ERROR) {
+		int err = WSAGetLastError();
+		return (err == WSAENOTSOCK || err == WSAEBADF ||
+		    err == WSANOTINITIALISED) ?
+			write(fd, buf, count) : wsa_errno(err);
+	}
+	return rc;
+}
+
+int
+posix_getsockopt(int sockfd, int level, int optname,
+	void *optval, socklen_t *optlen)
+{
+	int rc = getsockopt(sockfd, level, optname, (char *)optval, optlen);
+	return rc == 0 ? 0 : wsa_errno(WSAGetLastError());
+
+}
+
+int
+posix_setsockopt(int sockfd, int level, int optname,
+	const void *optval, socklen_t optlen)
+{
+	int rc = setsockopt(sockfd, level, optname, (char *)optval, optlen);
+	return rc == 0 ? 0 : wsa_errno(WSAGetLastError());
+}
+
+uid_t getuid(void)
+{
+	/* Windows fstat sets 0 as st_uid */
+	return 0;
+}
+
+#ifdef _MSC_VER
+struct timezone;
+int gettimeofday(struct timeval * tp, struct timezone * tzp)
+{
+	/*
+	 * Note: some broken versions only have 8 trailing zero's, the correct
+	 * epoch has 9 trailing zero's
+	 */
+	static const uint64_t EPOCH = ((uint64_t) 116444736000000000ULL);
+
+	SYSTEMTIME  system_time;
+	FILETIME    file_time;
+	uint64_t    time;
+
+	GetSystemTime(&system_time);
+	SystemTimeToFileTime(&system_time, &file_time);
+	time = ((uint64_t)file_time.dwLowDateTime);
+	time += ((uint64_t)file_time.dwHighDateTime) << 32;
+
+	tp->tv_sec = (long)((time - EPOCH) / 10000000L);
+	tp->tv_usec = (long)(system_time.wMilliseconds * 1000);
+	return 0;
+}
+
+#endif
diff --git a/compat/pread.c b/compat/pread.c
new file mode 100644
index 0000000..b9d6b09
--- /dev/null
+++ b/compat/pread.c
@@ -0,0 +1,29 @@
+/*
+ * Public domain
+ *
+ * Kinichiro Inoguchi <inoguchi@openbsd.org>
+ */
+
+#ifdef _WIN32
+
+#define NO_REDEF_POSIX_FUNCTIONS
+
+#include <unistd.h>
+
+ssize_t
+pread(int d, void *buf, size_t nbytes, off_t offset)
+{
+	off_t cpos, opos, rpos;
+	ssize_t bytes;
+	if((cpos = lseek(d, 0, SEEK_CUR)) == -1)
+		return -1;
+	if((opos = lseek(d, offset, SEEK_SET)) == -1)
+		return -1;
+	if((bytes = read(d, buf, nbytes)) == -1)
+		return -1;
+	if((rpos = lseek(d, cpos, SEEK_SET)) == -1)
+		return -1;
+	return bytes;
+}
+
+#endif
diff --git a/compat/pwrite.c b/compat/pwrite.c
new file mode 100644
index 0000000..82f5f55
--- /dev/null
+++ b/compat/pwrite.c
@@ -0,0 +1,29 @@
+/*
+ * Public domain
+ *
+ * Kinichiro Inoguchi <inoguchi@openbsd.org>
+ */
+
+#ifdef _WIN32
+
+#define NO_REDEF_POSIX_FUNCTIONS
+
+#include <unistd.h>
+
+ssize_t
+pwrite(int d, const void *buf, size_t nbytes, off_t offset)
+{
+	off_t cpos, opos, rpos;
+	ssize_t bytes;
+	if((cpos = lseek(d, 0, SEEK_CUR)) == -1)
+		return -1;
+	if((opos = lseek(d, offset, SEEK_SET)) == -1)
+		return -1;
+	if((bytes = write(d, buf, nbytes)) == -1)
+		return -1;
+	if((rpos = lseek(d, cpos, SEEK_SET)) == -1)
+		return -1;
+	return bytes;
+}
+
+#endif
diff --git a/compat/reallocarray.c b/compat/reallocarray.c
new file mode 100644
index 0000000..43f0b69
--- /dev/null
+++ b/compat/reallocarray.c
@@ -0,0 +1,38 @@
+/*	$OpenBSD: reallocarray.c,v 1.3 2015/09/13 08:31:47 guenther Exp $	*/
+/*
+ * Copyright (c) 2008 Otto Moerbeek <otto@drijf.net>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <sys/types.h>
+#include <errno.h>
+#include <stdint.h>
+#include <stdlib.h>
+
+/*
+ * This is sqrt(SIZE_MAX+1), as s1*s2 <= SIZE_MAX
+ * if both s1 < MUL_NO_OVERFLOW and s2 < MUL_NO_OVERFLOW
+ */
+#define MUL_NO_OVERFLOW	((size_t)1 << (sizeof(size_t) * 4))
+
+void *
+reallocarray(void *optr, size_t nmemb, size_t size)
+{
+	if ((nmemb >= MUL_NO_OVERFLOW || size >= MUL_NO_OVERFLOW) &&
+	    nmemb > 0 && SIZE_MAX / nmemb < size) {
+		errno = ENOMEM;
+		return NULL;
+	}
+	return realloc(optr, size * nmemb);
+}
diff --git a/compat/strcasecmp.c b/compat/strcasecmp.c
new file mode 100644
index 0000000..e5da89c
--- /dev/null
+++ b/compat/strcasecmp.c
@@ -0,0 +1,105 @@
+/*	$OpenBSD: strcasecmp.c,v 1.7 2015/08/31 02:53:57 guenther Exp $	*/
+
+/*
+ * Copyright (c) 1987, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <string.h>
+
+typedef unsigned char u_char;
+
+/*
+ * This array is designed for mapping upper and lower case letter
+ * together for a case independent comparison.  The mappings are
+ * based upon ascii character sequences.
+ */
+static const u_char charmap[] = {
+	'\000', '\001', '\002', '\003', '\004', '\005', '\006', '\007',
+	'\010', '\011', '\012', '\013', '\014', '\015', '\016', '\017',
+	'\020', '\021', '\022', '\023', '\024', '\025', '\026', '\027',
+	'\030', '\031', '\032', '\033', '\034', '\035', '\036', '\037',
+	'\040', '\041', '\042', '\043', '\044', '\045', '\046', '\047',
+	'\050', '\051', '\052', '\053', '\054', '\055', '\056', '\057',
+	'\060', '\061', '\062', '\063', '\064', '\065', '\066', '\067',
+	'\070', '\071', '\072', '\073', '\074', '\075', '\076', '\077',
+	'\100', '\141', '\142', '\143', '\144', '\145', '\146', '\147',
+	'\150', '\151', '\152', '\153', '\154', '\155', '\156', '\157',
+	'\160', '\161', '\162', '\163', '\164', '\165', '\166', '\167',
+	'\170', '\171', '\172', '\133', '\134', '\135', '\136', '\137',
+	'\140', '\141', '\142', '\143', '\144', '\145', '\146', '\147',
+	'\150', '\151', '\152', '\153', '\154', '\155', '\156', '\157',
+	'\160', '\161', '\162', '\163', '\164', '\165', '\166', '\167',
+	'\170', '\171', '\172', '\173', '\174', '\175', '\176', '\177',
+	'\200', '\201', '\202', '\203', '\204', '\205', '\206', '\207',
+	'\210', '\211', '\212', '\213', '\214', '\215', '\216', '\217',
+	'\220', '\221', '\222', '\223', '\224', '\225', '\226', '\227',
+	'\230', '\231', '\232', '\233', '\234', '\235', '\236', '\237',
+	'\240', '\241', '\242', '\243', '\244', '\245', '\246', '\247',
+	'\250', '\251', '\252', '\253', '\254', '\255', '\256', '\257',
+	'\260', '\261', '\262', '\263', '\264', '\265', '\266', '\267',
+	'\270', '\271', '\272', '\273', '\274', '\275', '\276', '\277',
+	'\300', '\301', '\302', '\303', '\304', '\305', '\306', '\307',
+	'\310', '\311', '\312', '\313', '\314', '\315', '\316', '\317',
+	'\320', '\321', '\322', '\323', '\324', '\325', '\326', '\327',
+	'\330', '\331', '\332', '\333', '\334', '\335', '\336', '\337',
+	'\340', '\341', '\342', '\343', '\344', '\345', '\346', '\347',
+	'\350', '\351', '\352', '\353', '\354', '\355', '\356', '\357',
+	'\360', '\361', '\362', '\363', '\364', '\365', '\366', '\367',
+	'\370', '\371', '\372', '\373', '\374', '\375', '\376', '\377',
+};
+
+int
+strcasecmp(const char *s1, const char *s2)
+{
+	const u_char *cm = charmap;
+	const u_char *us1 = (const u_char *)s1;
+	const u_char *us2 = (const u_char *)s2;
+
+	while (cm[*us1] == cm[*us2++])
+		if (*us1++ == '\0')
+			return (0);
+	return (cm[*us1] - cm[*--us2]);
+}
+
+int
+strncasecmp(const char *s1, const char *s2, size_t n)
+{
+	if (n != 0) {
+		const u_char *cm = charmap;
+		const u_char *us1 = (const u_char *)s1;
+		const u_char *us2 = (const u_char *)s2;
+
+		do {
+			if (cm[*us1] != cm[*us2++])
+				return (cm[*us1] - cm[*--us2]);
+			if (*us1++ == '\0')
+				break;
+		} while (--n != 0);
+	}
+	return (0);
+}
diff --git a/compat/strlcpy.c b/compat/strlcpy.c
new file mode 100644
index 0000000..2fa498c
--- /dev/null
+++ b/compat/strlcpy.c
@@ -0,0 +1,50 @@
+/*	$OpenBSD: strlcpy.c,v 1.16 2019/01/25 00:19:25 millert Exp $	*/
+
+/*
+ * Copyright (c) 1998, 2015 Todd C. Miller <millert@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <sys/types.h>
+#include <string.h>
+
+/*
+ * Copy string src to buffer dst of size dsize.  At most dsize-1
+ * chars will be copied.  Always NUL terminates (unless dsize == 0).
+ * Returns strlen(src); if retval >= dsize, truncation occurred.
+ */
+size_t
+strlcpy(char *dst, const char *src, size_t dsize)
+{
+	const char *osrc = src;
+	size_t nleft = dsize;
+
+	/* Copy as many bytes as will fit. */
+	if (nleft != 0) {
+		while (--nleft != 0) {
+			if ((*dst++ = *src++) == '\0')
+				break;
+		}
+	}
+
+	/* Not enough room in dst, add NUL and traverse rest of src. */
+	if (nleft == 0) {
+		if (dsize != 0)
+			*dst = '\0';		/* NUL-terminate dst */
+		while (*src++)
+			;
+	}
+
+	return(src - osrc - 1);	/* count does not include NUL */
+}
diff --git a/compat/strsep.c b/compat/strsep.c
new file mode 100644
index 0000000..c5d6511
--- /dev/null
+++ b/compat/strsep.c
@@ -0,0 +1,70 @@
+/*	$OpenBSD: strsep.c,v 1.8 2015/08/31 02:53:57 guenther Exp $	*/
+
+/*-
+ * Copyright (c) 1990, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <string.h>
+
+/*
+ * Get next token from string *stringp, where tokens are possibly-empty
+ * strings separated by characters from delim.  
+ *
+ * Writes NULs into the string at *stringp to end tokens.
+ * delim need not remain constant from call to call.
+ * On return, *stringp points past the last NUL written (if there might
+ * be further tokens), or is NULL (if there are definitely no more tokens).
+ *
+ * If *stringp is NULL, strsep returns NULL.
+ */
+char *
+strsep(char **stringp, const char *delim)
+{
+	char *s;
+	const char *spanp;
+	int c, sc;
+	char *tok;
+
+	if ((s = *stringp) == NULL)
+		return (NULL);
+	for (tok = s;;) {
+		c = *s++;
+		spanp = delim;
+		do {
+			if ((sc = *spanp++) == c) {
+				if (c == 0)
+					s = NULL;
+				else
+					s[-1] = 0;
+				*stringp = s;
+				return (tok);
+			}
+		} while (sc != 0);
+	}
+	/* NOTREACHED */
+}
diff --git a/compat/timegm.c b/compat/timegm.c
new file mode 100644
index 0000000..2658445
--- /dev/null
+++ b/compat/timegm.c
@@ -0,0 +1,220 @@
+/*
+ * ----------------------------------------------------------------------
+ * Copyright © 2005-2014 Rich Felker, et al.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+ * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+ * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+ * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+ * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ * ----------------------------------------------------------------------
+ */
+
+#include <errno.h>
+#include <limits.h>
+#include <time.h>
+
+/* 2000-03-01 (mod 400 year, immediately after feb29 */
+#define LEAPOCH (946684800LL + 86400*(31+29))
+
+#define DAYS_PER_400Y (365*400 + 97)
+#define DAYS_PER_100Y (365*100 + 24)
+#define DAYS_PER_4Y   (365*4   + 1)
+
+static int __month_to_secs(int month, int is_leap)
+{
+	static const int secs_through_month[] = {
+		0, 31*86400, 59*86400, 90*86400,
+		120*86400, 151*86400, 181*86400, 212*86400,
+		243*86400, 273*86400, 304*86400, 334*86400 };
+	int t = secs_through_month[month];
+	if (is_leap && month >= 2) t+=86400;
+	return t;
+}
+
+static long long __year_to_secs(long long year, int *is_leap)
+{
+	if (year-2ULL <= 136) {
+		int y = year;
+		int leaps = (y-68)>>2;
+		if (!((y-68)&3)) {
+			leaps--;
+			if (is_leap) *is_leap = 1;
+		} else if (is_leap) *is_leap = 0;
+		return 31536000*(y-70) + 86400*leaps;
+	}
+
+	int cycles, centuries, leaps, rem;
+
+	if (!is_leap) is_leap = &(int){0};
+	cycles = (year-100) / 400;
+	rem = (year-100) % 400;
+	if (rem < 0) {
+		cycles--;
+		rem += 400;
+	}
+	if (!rem) {
+		*is_leap = 1;
+		centuries = 0;
+		leaps = 0;
+	} else {
+		if (rem >= 200) {
+			if (rem >= 300) centuries = 3, rem -= 300;
+			else centuries = 2, rem -= 200;
+		} else {
+			if (rem >= 100) centuries = 1, rem -= 100;
+			else centuries = 0;
+		}
+		if (!rem) {
+			*is_leap = 0;
+			leaps = 0;
+		} else {
+			leaps = rem / 4U;
+			rem %= 4U;
+			*is_leap = !rem;
+		}
+	}
+
+	leaps += 97*cycles + 24*centuries - *is_leap;
+
+	return (year-100) * 31536000LL + leaps * 86400LL + 946684800 + 86400;
+}
+
+static long long __tm_to_secs(const struct tm *tm)
+{
+	int is_leap;
+	long long year = tm->tm_year;
+	int month = tm->tm_mon;
+	if (month >= 12 || month < 0) {
+		int adj = month / 12;
+		month %= 12;
+		if (month < 0) {
+			adj--;
+			month += 12;
+		}
+		year += adj;
+	}
+	long long t = __year_to_secs(year, &is_leap);
+	t += __month_to_secs(month, is_leap);
+	t += 86400LL * (tm->tm_mday-1);
+	t += 3600LL * tm->tm_hour;
+	t += 60LL * tm->tm_min;
+	t += tm->tm_sec;
+	return t;
+}
+
+static int __secs_to_tm(long long t, struct tm *tm)
+{
+	long long days, secs;
+	int remdays, remsecs, remyears;
+	int qc_cycles, c_cycles, q_cycles;
+	int years, months;
+	int wday, yday, leap;
+	static const char days_in_month[] = {31,30,31,30,31,31,30,31,30,31,31,29};
+
+	/* Reject time_t values whose year would overflow int */
+	if (t < INT_MIN * 31622400LL || t > INT_MAX * 31622400LL)
+		return -1;
+
+	secs = t - LEAPOCH;
+	days = secs / 86400;
+	remsecs = secs % 86400;
+	if (remsecs < 0) {
+		remsecs += 86400;
+		days--;
+	}
+
+	wday = (3+days)%7;
+	if (wday < 0) wday += 7;
+
+	qc_cycles = days / DAYS_PER_400Y;
+	remdays = days % DAYS_PER_400Y;
+	if (remdays < 0) {
+		remdays += DAYS_PER_400Y;
+		qc_cycles--;
+	}
+
+	c_cycles = remdays / DAYS_PER_100Y;
+	if (c_cycles == 4) c_cycles--;
+	remdays -= c_cycles * DAYS_PER_100Y;
+
+	q_cycles = remdays / DAYS_PER_4Y;
+	if (q_cycles == 25) q_cycles--;
+	remdays -= q_cycles * DAYS_PER_4Y;
+
+	remyears = remdays / 365;
+	if (remyears == 4) remyears--;
+	remdays -= remyears * 365;
+
+	leap = !remyears && (q_cycles || !c_cycles);
+	yday = remdays + 31 + 28 + leap;
+	if (yday >= 365+leap) yday -= 365+leap;
+
+	years = remyears + 4*q_cycles + 100*c_cycles + 400*qc_cycles;
+
+	for (months=0; days_in_month[months] <= remdays; months++)
+		remdays -= days_in_month[months];
+
+	if (years+100 > INT_MAX || years+100 < INT_MIN)
+		return -1;
+
+	tm->tm_year = years + 100;
+	tm->tm_mon = months + 2;
+	if (tm->tm_mon >= 12) {
+		tm->tm_mon -=12;
+		tm->tm_year++;
+	}
+	tm->tm_mday = remdays + 1;
+	tm->tm_wday = wday;
+	tm->tm_yday = yday;
+
+	tm->tm_hour = remsecs / 3600;
+	tm->tm_min = remsecs / 60 % 60;
+	tm->tm_sec = remsecs % 60;
+
+	return 0;
+}
+
+#ifdef _WIN32
+struct tm *__gmtime_r(const time_t *t, struct tm *tm)
+{
+	if (__secs_to_tm(*t, tm) < 0) {
+		errno = EOVERFLOW;
+		return 0;
+	}
+	tm->tm_isdst = 0;
+	return tm;
+}
+#endif
+
+time_t timegm(struct tm *tm)
+{
+	struct tm new;
+	long long t = __tm_to_secs(tm);
+	if (__secs_to_tm(t, &new) < 0) {
+		errno = EOVERFLOW;
+		return -1;
+	}
+#if SIZEOF_TIME_T != 8
+	if (t > (long long)INT_MAX || t < (long long)INT_MIN) {
+		errno = EOVERFLOW;
+		return -1;
+	}
+#endif
+	*tm = new;
+	tm->tm_isdst = 0;
+	return t;
+}
diff --git a/compat/timingsafe_memcmp.c b/compat/timingsafe_memcmp.c
new file mode 100644
index 0000000..bb210a3
--- /dev/null
+++ b/compat/timingsafe_memcmp.c
@@ -0,0 +1,46 @@
+/*	$OpenBSD: timingsafe_memcmp.c,v 1.2 2015/08/31 02:53:57 guenther Exp $	*/
+/*
+ * Copyright (c) 2014 Google Inc.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <limits.h>
+#include <string.h>
+
+int
+timingsafe_memcmp(const void *b1, const void *b2, size_t len)
+{
+        const unsigned char *p1 = b1, *p2 = b2;
+        size_t i;
+        int res = 0, done = 0;
+
+        for (i = 0; i < len; i++) {
+                /* lt is -1 if p1[i] < p2[i]; else 0. */
+                int lt = (p1[i] - p2[i]) >> CHAR_BIT;
+
+                /* gt is -1 if p1[i] > p2[i]; else 0. */
+                int gt = (p2[i] - p1[i]) >> CHAR_BIT;
+
+                /* cmp is 1 if p1[i] > p2[i]; -1 if p1[i] < p2[i]; else 0. */
+                int cmp = lt - gt;
+
+                /* set res = cmp if !done. */
+                res |= cmp & ~done;
+
+                /* set done if p1[i] != p2[i]. */
+                done |= lt | gt;
+        }
+
+        return (res);
+}
diff --git a/configure.ac b/configure.ac
new file mode 100644
index 0000000..888ca19
--- /dev/null
+++ b/configure.ac
@@ -0,0 +1,165 @@
+# Copyright (c) 2014-2015 Brent Cook
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+AC_INIT([libressl], m4_esyscmd([tr -d '\n' < VERSION]))
+AC_SUBST([LIBCRYPTO_VERSION], m4_esyscmd([tr -d '\n' < crypto/VERSION]))
+AC_SUBST([LIBSSL_VERSION], m4_esyscmd([tr -d '\n' < ssl/VERSION]))
+AC_SUBST([LIBTLS_VERSION], m4_esyscmd([tr -d '\n' < tls/VERSION]))
+
+AC_CANONICAL_HOST
+AM_INIT_AUTOMAKE([subdir-objects foreign])
+AC_CONFIG_MACRO_DIR([m4])
+
+m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
+
+# This must be saved before AC_PROG_CC
+USER_CFLAGS="$CFLAGS"
+
+AC_PROG_CC([cc gcc])
+AC_PROG_CC_STDC
+AM_PROG_CC_C_O
+AC_PROG_LIBTOOL
+LT_INIT
+
+CHECK_OS_OPTIONS
+
+CHECK_C_HARDENING_OPTIONS
+
+DISABLE_AS_EXECUTABLE_STACK
+AM_PROG_AS
+
+DISABLE_COMPILER_WARNINGS
+
+# Check if the certhash command should be built
+AC_CHECK_FUNCS([symlink])
+AM_CONDITIONAL([BUILD_CERTHASH], [test "x$ac_cv_func_symlink" = xyes])
+
+# Check if funopen exists
+AC_CHECK_FUNC([funopen])
+
+CHECK_LIBC_COMPAT
+CHECK_SYSCALL_COMPAT
+CHECK_CRYPTO_COMPAT
+CHECK_VA_COPY
+CHECK_B64_NTOP
+
+AC_ARG_WITH([openssldir],
+	AS_HELP_STRING([--with-openssldir],
+		       [Set the default openssl directory]),
+	OPENSSLDIR="$withval"
+	AC_SUBST(OPENSSLDIR)
+)
+AM_CONDITIONAL([OPENSSLDIR_DEFINED], [test x$with_openssldir != x])
+
+AC_ARG_ENABLE([extratests],
+	AS_HELP_STRING([--enable-extratests], [Enable extra tests that may be unreliable on some platforms]))
+AM_CONDITIONAL([ENABLE_EXTRATESTS], [test "x$enable_extratests" = xyes])
+
+AC_ARG_ENABLE([tests],
+       [AS_HELP_STRING([--disable-tests], [Disable tests @<:@default=enabled@:>@])],
+       [
+        if ! test "x${enable_tests}" = "xyes"; then
+		enable_tests="no"
+	fi],
+       [enable_tests="yes"])
+AM_CONDITIONAL([ENABLE_TESTS], [test "x$enable_tests" = xyes])
+
+# Add CPU-specific alignment flags
+old_cflags=$CFLAGS
+CFLAGS="$CFLAGS -I$srcdir/include"
+AC_MSG_CHECKING([if BSWAP4 builds without __STRICT_ALIGNMENT])
+AC_TRY_COMPILE([#include "$srcdir/crypto/modes/modes_lcl.h"],
+	       [int a = 0; BSWAP4(a);],
+	       AC_MSG_RESULT([yes])
+	       BSWAP4=yes,
+	       AC_MSG_RESULT([no])
+	       BSWAP4=no)
+CFLAGS="$old_cflags"
+
+AS_CASE([$host_cpu],
+	[*sparc*], [CPPFLAGS="$CPPFLAGS -D__STRICT_ALIGNMENT"],
+	[*arm*], [host_cpu=arm],
+	[*amd64*], [host_cpu=x86_64 HOSTARCH=intel],
+	[i?86], [HOSTARCH=intel],
+	[x86_64], [HOSTARCH=intel]
+)
+AS_IF([test "x$BSWAP4" = "xyes" -a "$host_cpu" = "arm" ],,CPPFLAGS="$CPPFLAGS -D__STRICT_ALIGNMENT")
+AM_CONDITIONAL([HOST_CPU_IS_INTEL], [test "x$HOSTARCH" = "xintel"])
+
+AC_MSG_CHECKING([if .gnu.warning accepts long strings])
+AC_LINK_IFELSE([AC_LANG_SOURCE([[
+extern void SSLv3_method();
+__asm__(".section .gnu.warning.SSLv3_method\n\t.ascii \"SSLv3_method is insecure\"\n\t.text");
+int main() {return 0;}
+]])], [
+    AC_DEFINE(HAS_GNU_WARNING_LONG, 1, [Define if .gnu.warning accepts long strings.])
+    AC_MSG_RESULT(yes)
+], [
+   AC_MSG_RESULT(no)
+])
+
+AC_ARG_ENABLE([asm],
+	AS_HELP_STRING([--disable-asm], [Disable assembly]))
+AM_CONDITIONAL([OPENSSL_NO_ASM], [test "x$enable_asm" = "xno"])
+
+# Conditionally enable assembly by default
+AM_CONDITIONAL([HOST_ASM_ELF_ARM],
+    [test "x$HOST_ABI" = "xelf" -a "$host_cpu" = "arm" -a "x$enable_asm" != "xno"])
+AM_CONDITIONAL([HOST_ASM_ELF_X86_64],
+    [test "x$HOST_ABI" = "xelf" -a "$host_cpu" = "x86_64" -a "x$enable_asm" != "xno"])
+AM_CONDITIONAL([HOST_ASM_MACOSX_X86_64],
+    [test "x$HOST_ABI" = "xmacosx" -a "$host_cpu" = "x86_64" -a "x$enable_asm" != "xno"])
+AM_CONDITIONAL([HOST_ASM_MASM_X86_64],
+    [test "x$HOST_ABI" = "xmasm" -a "$host_cpu" = "x86_64" -a "x$enable_asm" != "xno"])
+AM_CONDITIONAL([HOST_ASM_MINGW64_X86_64],
+    [test "x$HOST_ABI" = "xmingw64" -a "$host_cpu" = "x86_64" -a "x$enable_asm" != "xno"])
+
+# Check if time_t is sized correctly
+AC_CHECK_SIZEOF([time_t], [time.h])
+
+AC_CONFIG_FILES([
+	Makefile
+	include/Makefile
+	include/openssl/Makefile
+	crypto/Makefile
+	ssl/Makefile
+	tls/Makefile
+	tests/Makefile
+	apps/Makefile
+	apps/ocspcheck/Makefile
+	apps/openssl/Makefile
+	apps/nc/Makefile
+	man/Makefile
+	libcrypto.pc
+	libssl.pc
+	libtls.pc
+	openssl.pc
+])
+
+AM_CONDITIONAL([SMALL_TIME_T], [test "$ac_cv_sizeof_time_t" = "4"])
+if test "$ac_cv_sizeof_time_t" = "4"; then
+    AC_DEFINE([SMALL_TIME_T])
+    echo " ** Warning, this system is unable to represent times past 2038"
+    echo " ** It will behave incorrectly when handling valid RFC5280 dates"
+
+    if test "$host_os" = "mingw32" ; then
+        echo " **"
+        echo " ** You can solve this by adjusting the build flags in your"
+        echo " ** mingw-w64 toolchain. Refer to README.windows for details."
+    fi
+fi
+
+AC_REQUIRE_AUX_FILE([tap-driver.sh])
+
+AC_OUTPUT
diff --git a/include/Makefile.am b/include/Makefile.am
new file mode 100644
index 0000000..6d808cc
--- /dev/null
+++ b/include/Makefile.am
@@ -0,0 +1,45 @@
+include $(top_srcdir)/Makefile.am.common
+
+EXTRA_DIST = CMakeLists.txt
+
+SUBDIRS = openssl
+
+noinst_HEADERS = pqueue.h
+noinst_HEADERS += compat/dirent.h
+noinst_HEADERS += compat/dirent_msvc.h
+noinst_HEADERS += compat/err.h
+noinst_HEADERS += compat/fcntl.h
+noinst_HEADERS += compat/limits.h
+noinst_HEADERS += compat/netdb.h
+noinst_HEADERS += compat/poll.h
+noinst_HEADERS += compat/pthread.h
+noinst_HEADERS += compat/readpassphrase.h
+noinst_HEADERS += compat/resolv.h
+noinst_HEADERS += compat/stdio.h
+noinst_HEADERS += compat/stdlib.h
+noinst_HEADERS += compat/string.h
+noinst_HEADERS += compat/syslog.h
+noinst_HEADERS += compat/time.h
+noinst_HEADERS += compat/unistd.h
+noinst_HEADERS += compat/win32netcompat.h
+
+noinst_HEADERS += compat/arpa/inet.h
+noinst_HEADERS += compat/arpa/nameser.h
+
+noinst_HEADERS += compat/machine/endian.h
+
+noinst_HEADERS += compat/netinet/in.h
+noinst_HEADERS += compat/netinet/ip.h
+noinst_HEADERS += compat/netinet/tcp.h
+
+noinst_HEADERS += compat/sys/ioctl.h
+noinst_HEADERS += compat/sys/mman.h
+noinst_HEADERS += compat/sys/param.h
+noinst_HEADERS += compat/sys/select.h
+noinst_HEADERS += compat/sys/socket.h
+noinst_HEADERS += compat/sys/stat.h
+noinst_HEADERS += compat/sys/time.h
+noinst_HEADERS += compat/sys/types.h
+noinst_HEADERS += compat/sys/uio.h
+
+include_HEADERS = tls.h
diff --git a/include/compat/arpa/inet.h b/include/compat/arpa/inet.h
new file mode 100644
index 0000000..4422f41
--- /dev/null
+++ b/include/compat/arpa/inet.h
@@ -0,0 +1,15 @@
+/*
+ * Public domain
+ * arpa/inet.h compatibility shim
+ */
+
+#ifndef _WIN32
+#include_next <arpa/inet.h>
+#else
+#include <win32netcompat.h>
+
+#ifndef AI_ADDRCONFIG
+#define AI_ADDRCONFIG               0x00000400
+#endif
+
+#endif
diff --git a/include/compat/fcntl.h b/include/compat/fcntl.h
new file mode 100644
index 0000000..7dfedc6
--- /dev/null
+++ b/include/compat/fcntl.h
@@ -0,0 +1,32 @@
+/*
+ * Public domain
+ * fcntl.h compatibility shim
+ */
+
+#ifndef _WIN32
+#include_next <fcntl.h>
+#else
+
+#ifdef _MSC_VER
+#if _MSC_VER >= 1900
+#include <../ucrt/fcntl.h>
+#else
+#include <../include/fcntl.h>
+#endif
+#else
+#include_next <fcntl.h>
+#endif
+
+#endif
+
+#ifndef O_NONBLOCK
+#define O_NONBLOCK      0x100000
+#endif
+
+#ifndef O_CLOEXEC
+#define O_CLOEXEC       0x200000
+#endif
+
+#ifndef FD_CLOEXEC
+#define FD_CLOEXEC      1
+#endif
diff --git a/include/compat/limits.h b/include/compat/limits.h
new file mode 100644
index 0000000..73cccfc
--- /dev/null
+++ b/include/compat/limits.h
@@ -0,0 +1,25 @@
+/*
+ * Public domain
+ * limits.h compatibility shim
+ */
+
+#ifdef _MSC_VER
+#include <../include/limits.h>
+#if _MSC_VER >= 1900
+#include <../ucrt/stdlib.h>
+#else
+#include <../include/stdlib.h>
+#endif
+#ifndef PATH_MAX
+#define PATH_MAX _MAX_PATH
+#endif
+#else
+#include_next <limits.h>
+#endif
+
+#ifdef __hpux
+#include <sys/param.h>
+#ifndef PATH_MAX
+#define PATH_MAX MAXPATHLEN
+#endif
+#endif
diff --git a/include/compat/netdb.h b/include/compat/netdb.h
new file mode 100644
index 0000000..d36b91d
--- /dev/null
+++ b/include/compat/netdb.h
@@ -0,0 +1,10 @@
+/*
+ * Public domain
+ * netdb.h compatibility shim
+ */
+
+#ifndef _WIN32
+#include_next <netdb.h>
+#else
+#include <win32netcompat.h>
+#endif
diff --git a/include/compat/netinet/in.h b/include/compat/netinet/in.h
new file mode 100644
index 0000000..d1afb27
--- /dev/null
+++ b/include/compat/netinet/in.h
@@ -0,0 +1,19 @@
+/*
+ * Public domain
+ * netinet/in.h compatibility shim
+ */
+
+#ifndef _WIN32
+#include_next <netinet/in.h>
+#else
+#include <win32netcompat.h>
+#endif
+
+#ifndef LIBCRYPTOCOMPAT_NETINET_IN_H
+#define LIBCRYPTOCOMPAT_NETINET_IN_H
+
+#ifdef __ANDROID__
+typedef uint16_t in_port_t;
+#endif
+
+#endif
diff --git a/include/compat/netinet/ip.h b/include/compat/netinet/ip.h
new file mode 100644
index 0000000..6019f7d
--- /dev/null
+++ b/include/compat/netinet/ip.h
@@ -0,0 +1,47 @@
+/*
+ * Public domain
+ * netinet/ip.h compatibility shim
+ */
+
+#if defined(__hpux)
+#include <netinet/in_systm.h>
+#endif
+
+#ifndef _WIN32
+#include_next <netinet/ip.h>
+#else
+#include <win32netcompat.h>
+#endif
+
+/*
+ * Definitions for DiffServ Codepoints as per RFC2474
+ */
+#ifndef IPTOS_DSCP_CS0
+#define	IPTOS_DSCP_CS0		0x00
+#define	IPTOS_DSCP_CS1		0x20
+#define	IPTOS_DSCP_CS2		0x40
+#define	IPTOS_DSCP_CS3		0x60
+#define	IPTOS_DSCP_CS4		0x80
+#define	IPTOS_DSCP_CS5		0xa0
+#define	IPTOS_DSCP_CS6		0xc0
+#define	IPTOS_DSCP_CS7		0xe0
+#endif
+
+#ifndef IPTOS_DSCP_AF11
+#define	IPTOS_DSCP_AF11		0x28
+#define	IPTOS_DSCP_AF12		0x30
+#define	IPTOS_DSCP_AF13		0x38
+#define	IPTOS_DSCP_AF21		0x48
+#define	IPTOS_DSCP_AF22		0x50
+#define	IPTOS_DSCP_AF23		0x58
+#define	IPTOS_DSCP_AF31		0x68
+#define	IPTOS_DSCP_AF32		0x70
+#define	IPTOS_DSCP_AF33		0x78
+#define	IPTOS_DSCP_AF41		0x88
+#define	IPTOS_DSCP_AF42		0x90
+#define	IPTOS_DSCP_AF43		0x98
+#endif
+
+#ifndef IPTOS_DSCP_EF
+#define	IPTOS_DSCP_EF		0xb8
+#endif
diff --git a/include/compat/netinet/tcp.h b/include/compat/netinet/tcp.h
new file mode 100644
index 0000000..c98cf74
--- /dev/null
+++ b/include/compat/netinet/tcp.h
@@ -0,0 +1,10 @@
+/*
+ * Public domain
+ * netinet/tcp.h compatibility shim
+ */
+
+#ifndef _WIN32
+#include_next <netinet/tcp.h>
+#else
+#include <win32netcompat.h>
+#endif
diff --git a/include/compat/pthread.h b/include/compat/pthread.h
new file mode 100644
index 0000000..8b8c3c6
--- /dev/null
+++ b/include/compat/pthread.h
@@ -0,0 +1,86 @@
+/*
+ * Public domain
+ * pthread.h compatibility shim
+ */
+
+#ifndef LIBCRYPTOCOMPAT_PTHREAD_H
+#define LIBCRYPTOCOMPAT_PTHREAD_H
+
+#ifdef _WIN32
+
+#include <windows.h>
+
+/*
+ * Static once initialization values.
+ */
+#define PTHREAD_ONCE_INIT   { INIT_ONCE_STATIC_INIT }
+
+/*
+ * Once definitions.
+ */
+struct pthread_once {
+	INIT_ONCE once;
+};
+typedef struct pthread_once pthread_once_t;
+
+static inline BOOL CALLBACK
+_pthread_once_win32_cb(PINIT_ONCE once, PVOID param, PVOID *context)
+{
+	void (*cb) (void) = param;
+	cb();
+	return TRUE;
+}
+
+static inline int
+pthread_once(pthread_once_t *once, void (*cb) (void))
+{
+	BOOL rc = InitOnceExecuteOnce(&once->once, _pthread_once_win32_cb, cb, NULL);
+	if (rc == 0)
+		return -1;
+	else
+		return 0;
+}
+
+typedef DWORD pthread_t;
+
+static inline pthread_t
+pthread_self(void)
+{
+	return GetCurrentThreadId();
+}
+
+static inline int
+pthread_equal(pthread_t t1, pthread_t t2)
+{
+	return t1 == t2;
+}
+
+typedef CRITICAL_SECTION pthread_mutex_t;
+typedef void pthread_mutexattr_t;
+
+static inline int
+pthread_mutex_init(pthread_mutex_t *mutex, const pthread_mutexattr_t *attr)
+{
+	InitializeCriticalSection(mutex);
+	return 0;
+}
+
+static inline int
+pthread_mutex_lock(pthread_mutex_t *mutex)
+{
+	EnterCriticalSection(mutex);
+	return 0;
+}
+
+static inline int
+pthread_mutex_unlock(pthread_mutex_t *mutex)
+{
+	LeaveCriticalSection(mutex);
+	return 0;
+}
+
+#else
+#include_next <pthread.h>
+#endif
+
+#endif
diff --git a/include/compat/stdio.h b/include/compat/stdio.h
new file mode 100644
index 0000000..d5725c9
--- /dev/null
+++ b/include/compat/stdio.h
@@ -0,0 +1,51 @@
+/*
+ * Public domain
+ * stdio.h compatibility shim
+ */
+
+#ifndef LIBCRYPTOCOMPAT_STDIO_H
+#define LIBCRYPTOCOMPAT_STDIO_H
+
+#ifdef _MSC_VER
+#if _MSC_VER >= 1900
+#include <../ucrt/stdlib.h>
+#include <../ucrt/corecrt_io.h>
+#include <../ucrt/stdio.h>
+#else
+#include <../include/stdio.h>
+#endif
+#else
+#include_next <stdio.h>
+#endif
+
+#ifndef HAVE_ASPRINTF
+#include <stdarg.h>
+int vasprintf(char **str, const char *fmt, va_list ap);
+int asprintf(char **str, const char *fmt, ...);
+#endif
+
+#ifdef _WIN32
+
+#if defined(_MSC_VER)
+#define __func__ __FUNCTION__
+#endif
+
+void posix_perror(const char *s);
+FILE * posix_fopen(const char *path, const char *mode);
+char * posix_fgets(char *s, int size, FILE *stream);
+int posix_rename(const char *oldpath, const char *newpath);
+
+#ifndef NO_REDEF_POSIX_FUNCTIONS
+#define perror(errnum) posix_perror(errnum)
+#define fopen(path, mode) posix_fopen(path, mode)
+#define fgets(s, size, stream) posix_fgets(s, size, stream)
+#define rename(oldpath, newpath) posix_rename(oldpath, newpath)
+#endif
+
+#ifdef _MSC_VER
+#define snprintf _snprintf
+#endif
+
+#endif
+
+#endif
diff --git a/include/compat/stdlib.h b/include/compat/stdlib.h
new file mode 100644
index 0000000..2eaea24
--- /dev/null
+++ b/include/compat/stdlib.h
@@ -0,0 +1,47 @@
+/*
+ * stdlib.h compatibility shim
+ * Public domain
+ */
+
+#ifdef _MSC_VER
+#if _MSC_VER >= 1900
+#include <../ucrt/stdlib.h>
+#else
+#include <../include/stdlib.h>
+#endif
+#else
+#include_next <stdlib.h>
+#endif
+
+#ifndef LIBCRYPTOCOMPAT_STDLIB_H
+#define LIBCRYPTOCOMPAT_STDLIB_H
+
+#include <sys/types.h>
+#include <stdint.h>
+
+#ifndef HAVE_ARC4RANDOM_BUF
+uint32_t arc4random(void);
+void arc4random_buf(void *_buf, size_t n);
+uint32_t arc4random_uniform(uint32_t upper_bound);
+#endif
+
+#ifndef HAVE_FREEZERO
+void freezero(void *ptr, size_t sz);
+#endif
+
+#ifndef HAVE_GETPROGNAME
+const char * getprogname(void);
+#endif
+
+void *reallocarray(void *, size_t, size_t);
+
+#ifndef HAVE_RECALLOCARRAY
+void *recallocarray(void *, size_t, size_t, size_t);
+#endif
+
+#ifndef HAVE_STRTONUM
+long long strtonum(const char *nptr, long long minval,
+		long long maxval, const char **errstr);
+#endif
+
+#endif
diff --git a/include/compat/string.h b/include/compat/string.h
new file mode 100644
index 0000000..4bf7519
--- /dev/null
+++ b/include/compat/string.h
@@ -0,0 +1,87 @@
+/*
+ * Public domain
+ * string.h compatibility shim
+ */
+
+#ifndef LIBCRYPTOCOMPAT_STRING_H
+#define LIBCRYPTOCOMPAT_STRING_H
+
+#ifdef _MSC_VER
+#if _MSC_VER >= 1900
+#include <../ucrt/string.h>
+#else
+#include <../include/string.h>
+#endif
+#else
+#include_next <string.h>
+#endif
+
+#include <sys/types.h>
+
+#if defined(__sun) || defined(_AIX) || defined(__hpux)
+/* Some functions historically defined in string.h were placed in strings.h by
+ * SUS. Use the same hack as OS X and FreeBSD use to work around on AIX,
+ * Solaris, and HPUX.
+ */
+#include <strings.h>
+#endif
+
+#ifndef HAVE_STRCASECMP
+int strcasecmp(const char *s1, const char *s2);
+int strncasecmp(const char *s1, const char *s2, size_t len);
+#endif
+
+#ifndef HAVE_STRLCPY
+size_t strlcpy(char *dst, const char *src, size_t siz);
+#endif
+
+#ifndef HAVE_STRLCAT
+size_t strlcat(char *dst, const char *src, size_t siz);
+#endif
+
+#ifndef HAVE_STRNDUP
+char * strndup(const char *str, size_t maxlen);
+/* the only user of strnlen is strndup, so only build it if needed */
+#ifndef HAVE_STRNLEN
+size_t strnlen(const char *str, size_t maxlen);
+#endif
+#endif
+
+#ifndef HAVE_STRSEP
+char *strsep(char **stringp, const char *delim);
+#endif
+
+#ifndef HAVE_EXPLICIT_BZERO
+void explicit_bzero(void *, size_t);
+#endif
+
+#ifndef HAVE_TIMINGSAFE_BCMP
+int timingsafe_bcmp(const void *b1, const void *b2, size_t n);
+#endif
+
+#ifndef HAVE_TIMINGSAFE_MEMCMP
+int timingsafe_memcmp(const void *b1, const void *b2, size_t len);
+#endif
+
+#ifndef HAVE_MEMMEM
+void * memmem(const void *big, size_t big_len, const void *little,
+	size_t little_len);
+#endif
+
+#ifdef _WIN32
+#include <errno.h>
+
+static inline char  *
+posix_strerror(int errnum)
+{
+	if (errnum == ECONNREFUSED) {
+		return "Connection refused";
+	}
+	return strerror(errnum);
+}
+
+#define strerror(errnum) posix_strerror(errnum)
+
+#endif
+
+#endif
diff --git a/include/compat/sys/ioctl.h b/include/compat/sys/ioctl.h
new file mode 100644
index 0000000..a255506
--- /dev/null
+++ b/include/compat/sys/ioctl.h
@@ -0,0 +1,11 @@
+/*
+ * Public domain
+ * sys/ioctl.h compatibility shim
+ */
+
+#ifndef _WIN32
+#include_next <sys/ioctl.h>
+#else
+#include <win32netcompat.h>
+#define ioctl(fd, type, arg) ioctlsocket(fd, type, arg)
+#endif
diff --git a/include/compat/sys/mman.h b/include/compat/sys/mman.h
new file mode 100644
index 0000000..d9eb6a9
--- /dev/null
+++ b/include/compat/sys/mman.h
@@ -0,0 +1,19 @@
+/*
+ * Public domain
+ * sys/mman.h compatibility shim
+ */
+
+#include_next <sys/mman.h>
+
+#ifndef LIBCRYPTOCOMPAT_MMAN_H
+#define LIBCRYPTOCOMPAT_MMAN_H
+
+#ifndef MAP_ANON
+#ifdef MAP_ANONYMOUS
+#define MAP_ANON MAP_ANONYMOUS
+#else
+#error "System does not support mapping anonymous pages?"
+#endif
+#endif
+
+#endif
diff --git a/include/compat/sys/param.h b/include/compat/sys/param.h
new file mode 100644
index 0000000..70488f8
--- /dev/null
+++ b/include/compat/sys/param.h
@@ -0,0 +1,15 @@
+/*
+ * Public domain
+ * sys/param.h compatibility shim
+ */
+
+#ifndef LIBCRYPTOCOMPAT_SYS_PARAM_H
+#define LIBCRYPTOCOMPAT_SYS_PARAM_H
+
+#ifdef _MSC_VER
+#include <winsock2.h>
+#else
+#include_next <sys/param.h>
+#endif
+
+#endif
diff --git a/include/compat/sys/socket.h b/include/compat/sys/socket.h
new file mode 100644
index 0000000..10eb05f
--- /dev/null
+++ b/include/compat/sys/socket.h
@@ -0,0 +1,17 @@
+/*
+ * Public domain
+ * sys/socket.h compatibility shim
+ */
+
+#ifndef _WIN32
+#include_next <sys/socket.h>
+#else
+#include <win32netcompat.h>
+#endif
+
+#if !defined(SOCK_NONBLOCK) || !defined(SOCK_CLOEXEC)
+#define SOCK_CLOEXEC            0x8000  /* set FD_CLOEXEC */
+#define SOCK_NONBLOCK           0x4000  /* set O_NONBLOCK */
+int bsd_socketpair(int domain, int type, int protocol, int socket_vector[2]);
+#define socketpair(d,t,p,sv) bsd_socketpair(d,t,p,sv)
+#endif
diff --git a/include/compat/sys/stat.h b/include/compat/sys/stat.h
new file mode 100644
index 0000000..b88da1d
--- /dev/null
+++ b/include/compat/sys/stat.h
@@ -0,0 +1,121 @@
+/*
+ * Public domain
+ * sys/stat.h compatibility shim
+ */
+
+#ifndef LIBCRYPTOCOMPAT_SYS_STAT_H
+#define LIBCRYPTOCOMPAT_SYS_STAT_H
+
+#ifndef _MSC_VER
+#include_next <sys/stat.h>
+
+/* for old MinGW */
+#ifndef S_IRWXU
+#define S_IRWXU         0
+#endif
+#ifndef S_IRWXG
+#define S_IRWXG         0
+#endif
+#ifndef S_IRGRP
+#define S_IRGRP         0
+#endif
+#ifndef S_IRWXO
+#define S_IRWXO         0
+#endif
+#ifndef S_IROTH
+#define S_IROTH         0
+#endif
+
+#else
+
+#include <windows.h>
+#if _MSC_VER >= 1900
+#include <../ucrt/sys/stat.h>
+#else
+#include <../include/sys/stat.h>
+#endif
+
+/* File type and permission flags for stat() */
+#if !defined(S_IFMT)
+#   define S_IFMT   _S_IFMT                     /* File type mask */
+#endif
+#if !defined(S_IFDIR)
+#   define S_IFDIR  _S_IFDIR                    /* Directory */
+#endif
+#if !defined(S_IFCHR)
+#   define S_IFCHR  _S_IFCHR                    /* Character device */
+#endif
+#if !defined(S_IFFIFO)
+#   define S_IFFIFO _S_IFFIFO                   /* Pipe */
+#endif
+#if !defined(S_IFREG)
+#   define S_IFREG  _S_IFREG                    /* Regular file */
+#endif
+#if !defined(S_IREAD)
+#   define S_IREAD  _S_IREAD                    /* Read permission */
+#endif
+#if !defined(S_IWRITE)
+#   define S_IWRITE _S_IWRITE                   /* Write permission */
+#endif
+#if !defined(S_IEXEC)
+#   define S_IEXEC  _S_IEXEC                    /* Execute permission */
+#endif
+#if !defined(S_IFIFO)
+#   define S_IFIFO _S_IFIFO                     /* Pipe */
+#endif
+#if !defined(S_IFBLK)
+#   define S_IFBLK   0                          /* Block device */
+#endif
+#if !defined(S_IFLNK)
+#   define S_IFLNK   0                          /* Link */
+#endif
+#if !defined(S_IFSOCK)
+#   define S_IFSOCK  0                          /* Socket */
+#endif
+
+#if defined(_MSC_VER)
+#   define S_IRWXU  0                           /* RWX user */
+#   define S_IRUSR  S_IREAD                     /* Read user */
+#   define S_IWUSR  S_IWRITE                    /* Write user */
+#   define S_IXUSR  0                           /* Execute user */
+#   define S_IRWXG  0                           /* RWX group */
+#   define S_IRGRP  0                           /* Read group */
+#   define S_IWGRP  0                           /* Write group */
+#   define S_IXGRP  0                           /* Execute group */
+#   define S_IRWXO  0                           /* RWX others */
+#   define S_IROTH  0                           /* Read others */
+#   define S_IWOTH  0                           /* Write others */
+#   define S_IXOTH  0                           /* Execute others */
+#endif
+
+/* File type flags for d_type */
+#define DT_UNKNOWN  0
+#define DT_REG      S_IFREG
+#define DT_DIR      S_IFDIR
+#define DT_FIFO     S_IFIFO
+#define DT_SOCK     S_IFSOCK
+#define DT_CHR      S_IFCHR
+#define DT_BLK      S_IFBLK
+#define DT_LNK      S_IFLNK
+
+/* Macros for converting between st_mode and d_type */
+#define IFTODT(mode) ((mode) & S_IFMT)
+#define DTTOIF(type) (type)
+
+/*
+ * File type macros.  Note that block devices, sockets and links cannot be
+ * distinguished on Windows and the macros S_ISBLK, S_ISSOCK and S_ISLNK are
+ * only defined for compatibility.  These macros should always return false
+ * on Windows.
+ */
+#define	S_ISFIFO(mode) (((mode) & S_IFMT) == S_IFIFO)
+#define	S_ISDIR(mode)  (((mode) & S_IFMT) == S_IFDIR)
+#define	S_ISREG(mode)  (((mode) & S_IFMT) == S_IFREG)
+#define	S_ISLNK(mode)  (((mode) & S_IFMT) == S_IFLNK)
+#define	S_ISSOCK(mode) (((mode) & S_IFMT) == S_IFSOCK)
+#define	S_ISCHR(mode)  (((mode) & S_IFMT) == S_IFCHR)
+#define	S_ISBLK(mode)  (((mode) & S_IFMT) == S_IFBLK)
+
+#endif
+
+#endif
diff --git a/include/compat/sys/time.h b/include/compat/sys/time.h
new file mode 100644
index 0000000..76428c1
--- /dev/null
+++ b/include/compat/sys/time.h
@@ -0,0 +1,28 @@
+/*
+ * Public domain
+ * sys/time.h compatibility shim
+ */
+
+#ifndef LIBCRYPTOCOMPAT_SYS_TIME_H
+#define LIBCRYPTOCOMPAT_SYS_TIME_H
+
+#ifdef _MSC_VER
+#include <winsock2.h>
+int gettimeofday(struct timeval *tp, void *tzp);
+#else
+#include_next <sys/time.h>
+#endif
+
+#ifndef timersub
+#define timersub(tvp, uvp, vvp)                                         \
+	do {                                                            \
+		(vvp)->tv_sec = (tvp)->tv_sec - (uvp)->tv_sec;          \
+		(vvp)->tv_usec = (tvp)->tv_usec - (uvp)->tv_usec;       \
+		if ((vvp)->tv_usec < 0) {                               \
+			(vvp)->tv_sec--;                                \
+			(vvp)->tv_usec += 1000000;                      \
+		}                                                       \
+	} while (0)
+#endif
+
+#endif
diff --git a/include/compat/sys/types.h b/include/compat/sys/types.h
new file mode 100644
index 0000000..4967843
--- /dev/null
+++ b/include/compat/sys/types.h
@@ -0,0 +1,81 @@
+/*
+ * Public domain
+ * sys/types.h compatibility shim
+ */
+
+#ifdef _MSC_VER
+#if _MSC_VER >= 1900
+#include <../ucrt/sys/types.h>
+#else
+#include <../include/sys/types.h>
+#endif
+#else
+#include_next <sys/types.h>
+#endif
+
+#ifndef LIBCRYPTOCOMPAT_SYS_TYPES_H
+#define LIBCRYPTOCOMPAT_SYS_TYPES_H
+
+#include <stdint.h>
+
+#ifdef __MINGW32__
+#include <_bsd_types.h>
+typedef uint32_t        in_addr_t;
+typedef uint32_t        uid_t;
+#endif
+
+#ifdef _MSC_VER
+typedef unsigned char   u_char;
+typedef unsigned short  u_short;
+typedef unsigned int    u_int;
+typedef uint32_t        in_addr_t;
+typedef uint32_t        mode_t;
+typedef uint32_t        uid_t;
+
+#include <basetsd.h>
+typedef SSIZE_T ssize_t;
+
+#ifndef SSIZE_MAX
+#ifdef _WIN64
+#define SSIZE_MAX _I64_MAX
+#else
+#define SSIZE_MAX INT_MAX
+#endif
+#endif
+
+#endif
+
+#if !defined(HAVE_ATTRIBUTE__BOUNDED__) && !defined(__bounded__)
+# define __bounded__(x, y, z)
+#endif
+
+#if !defined(HAVE_ATTRIBUTE__DEAD) && !defined(__dead)
+#ifdef _MSC_VER
+#define __dead      __declspec(noreturn)
+#else
+#define __dead      __attribute__((__noreturn__))
+#endif
+#endif
+
+#ifdef _WIN32
+#define __warn_references(sym,msg)
+#else
+
+#ifndef __warn_references
+
+#ifndef __STRING
+#define __STRING(x) #x
+#endif
+
+#if defined(__GNUC__)  && defined (HAS_GNU_WARNING_LONG)
+#define __warn_references(sym,msg)          \
+  __asm__(".section .gnu.warning." __STRING(sym)  \
+         "\n\t.ascii \"" msg "\"\n\t.text");
+#else
+#define __warn_references(sym,msg)
+#endif
+
+#endif /* __warn_references */
+#endif /* _WIN32 */
+
+#endif
diff --git a/include/compat/time.h b/include/compat/time.h
new file mode 100644
index 0000000..540807d
--- /dev/null
+++ b/include/compat/time.h
@@ -0,0 +1,60 @@
+/*
+ * Public domain
+ * sys/time.h compatibility shim
+ */
+
+#ifdef _MSC_VER
+#if _MSC_VER >= 1900
+#include <../ucrt/time.h>
+#else
+#include <../include/time.h>
+#endif
+#else
+#include_next <time.h>
+#endif
+
+#ifndef LIBCRYPTOCOMPAT_TIME_H
+#define LIBCRYPTOCOMPAT_TIME_H
+
+#ifdef _WIN32
+struct tm *__gmtime_r(const time_t * t, struct tm * tm);
+#define gmtime_r(tp, tm) __gmtime_r(tp, tm)
+#endif
+
+#ifndef HAVE_TIMEGM
+time_t timegm(struct tm *tm);
+#endif
+
+#ifndef CLOCK_MONOTONIC
+#define CLOCK_MONOTONIC CLOCK_REALTIME
+#endif
+
+#ifndef CLOCK_REALTIME
+#define CLOCK_REALTIME 0
+#endif
+
+#ifndef _WIN32
+#ifndef HAVE_CLOCK_GETTIME
+typedef int clockid_t;
+int clock_gettime(clockid_t clock_id, struct timespec *tp);
+#endif
+
+#ifdef timespecsub
+#define HAVE_TIMESPECSUB
+#endif
+
+#ifndef HAVE_TIMESPECSUB
+#define timespecsub(tsp, usp, vsp)                                      \
+        do {                                                            \
+                (vsp)->tv_sec = (tsp)->tv_sec - (usp)->tv_sec;          \
+                (vsp)->tv_nsec = (tsp)->tv_nsec - (usp)->tv_nsec;       \
+                if ((vsp)->tv_nsec < 0) {                               \
+                        (vsp)->tv_sec--;                                \
+                        (vsp)->tv_nsec += 1000000000L;                  \
+                }                                                       \
+        } while (0)
+#endif
+
+#endif
+
+#endif
diff --git a/include/compat/unistd.h b/include/compat/unistd.h
new file mode 100644
index 0000000..5e6ab1d
--- /dev/null
+++ b/include/compat/unistd.h
@@ -0,0 +1,78 @@
+/*
+ * Public domain
+ * unistd.h compatibility shim
+ */
+
+#ifndef LIBCRYPTOCOMPAT_UNISTD_H
+#define LIBCRYPTOCOMPAT_UNISTD_H
+
+#ifndef _MSC_VER
+
+#include_next <unistd.h>
+
+#ifdef __MINGW32__
+int ftruncate(int fd, off_t length);
+uid_t getuid(void);
+ssize_t pread(int d, void *buf, size_t nbytes, off_t offset);
+ssize_t pwrite(int d, const void *buf, size_t nbytes, off_t offset);
+#endif
+
+#else
+
+#include <stdlib.h>
+#include <io.h>
+#include <process.h>
+
+#define STDOUT_FILENO   1
+#define STDERR_FILENO   2
+
+#define R_OK    4
+#define W_OK    2
+#define X_OK    0
+#define F_OK    0
+
+#define SEEK_SET        0
+#define SEEK_CUR        1
+#define SEEK_END        2
+
+#define access _access
+
+#ifdef _MSC_VER
+#include <windows.h>
+static inline unsigned int sleep(unsigned int seconds)
+{
+       Sleep(seconds * 1000);
+       return seconds;
+}
+#endif
+
+int ftruncate(int fd, off_t length);
+uid_t getuid(void);
+ssize_t pread(int d, void *buf, size_t nbytes, off_t offset);
+ssize_t pwrite(int d, const void *buf, size_t nbytes, off_t offset);
+
+#endif
+
+#ifndef HAVE_GETENTROPY
+int getentropy(void *buf, size_t buflen);
+#else
+/*
+ * Solaris 11.3 adds getentropy(2), but defines the function in sys/random.h
+ */
+#if defined(__sun)
+#include <sys/random.h>
+#endif
+#endif
+
+#ifndef HAVE_GETPAGESIZE
+int getpagesize(void);
+#endif
+
+#define pledge(request, paths) 0
+#define unveil(path, permissions) 0
+
+#ifndef HAVE_PIPE2
+int pipe2(int fildes[2], int flags);
+#endif
+
+#endif
diff --git a/include/compat/win32netcompat.h b/include/compat/win32netcompat.h
new file mode 100644
index 0000000..eabebe9
--- /dev/null
+++ b/include/compat/win32netcompat.h
@@ -0,0 +1,57 @@
+/*
+ * Public domain
+ *
+ * BSD socket emulation code for Winsock2
+ * Brent Cook <bcook@openbsd.org>
+ */
+
+#ifndef LIBCRYPTOCOMPAT_WIN32NETCOMPAT_H
+#define LIBCRYPTOCOMPAT_WIN32NETCOMPAT_H
+
+#ifdef _WIN32
+
+#include <ws2tcpip.h>
+#include <errno.h>
+#include <unistd.h>
+
+#ifndef SHUT_RDWR
+#define SHUT_RDWR SD_BOTH
+#endif
+#ifndef SHUT_RD
+#define SHUT_RD   SD_RECEIVE
+#endif
+#ifndef SHUT_WR
+#define SHUT_WR   SD_SEND
+#endif
+
+int posix_connect(int sockfd, const struct sockaddr *addr, socklen_t addrlen);
+
+int posix_open(const char *path, ...);
+
+int posix_close(int fd);
+
+ssize_t posix_read(int fd, void *buf, size_t count);
+
+ssize_t posix_write(int fd, const void *buf, size_t count);
+
+int posix_getsockopt(int sockfd, int level, int optname,
+	void *optval, socklen_t *optlen);
+
+int posix_setsockopt(int sockfd, int level, int optname,
+	const void *optval, socklen_t optlen);
+
+#ifndef NO_REDEF_POSIX_FUNCTIONS
+#define connect(sockfd, addr, addrlen) posix_connect(sockfd, addr, addrlen)
+#define open(path, ...) posix_open(path, __VA_ARGS__)
+#define close(fd) posix_close(fd)
+#define read(fd, buf, count) posix_read(fd, buf, count)
+#define write(fd, buf, count) posix_write(fd, buf, count)
+#define getsockopt(sockfd, level, optname, optval, optlen) \
+	posix_getsockopt(sockfd, level, optname, optval, optlen)
+#define setsockopt(sockfd, level, optname, optval, optlen) \
+	posix_setsockopt(sockfd, level, optname, optval, optlen)
+#endif
+
+#endif
+
+#endif
diff --git a/include/tls.h b/include/tls.h
new file mode 100644
index 0000000..de6d257
--- /dev/null
+++ b/include/tls.h
@@ -0,0 +1,226 @@
+/* $OpenBSD: tls.h,v 1.58 2020/01/22 06:44:02 beck Exp $ */
+/*
+ * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef HEADER_TLS_H
+#define HEADER_TLS_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifdef _MSC_VER
+#ifndef LIBRESSL_INTERNAL
+#include <basetsd.h>
+typedef SSIZE_T ssize_t;
+#endif
+#endif
+
+#include <sys/types.h>
+
+#include <stddef.h>
+#include <stdint.h>
+
+#define TLS_API	20200120
+
+#define TLS_PROTOCOL_TLSv1_0	(1 << 1)
+#define TLS_PROTOCOL_TLSv1_1	(1 << 2)
+#define TLS_PROTOCOL_TLSv1_2	(1 << 3)
+#define TLS_PROTOCOL_TLSv1_3	(1 << 4)
+
+#define TLS_PROTOCOL_TLSv1 \
+	(TLS_PROTOCOL_TLSv1_0|TLS_PROTOCOL_TLSv1_1|\
+	 TLS_PROTOCOL_TLSv1_2|TLS_PROTOCOL_TLSv1_3)
+
+#define TLS_PROTOCOLS_ALL TLS_PROTOCOL_TLSv1
+#define TLS_PROTOCOLS_DEFAULT (TLS_PROTOCOL_TLSv1_2|TLS_PROTOCOL_TLSv1_3)
+
+#define TLS_WANT_POLLIN		-2
+#define TLS_WANT_POLLOUT	-3
+
+/* RFC 6960 Section 2.3 */
+#define TLS_OCSP_RESPONSE_SUCCESSFUL		0
+#define TLS_OCSP_RESPONSE_MALFORMED		1
+#define TLS_OCSP_RESPONSE_INTERNALERROR		2
+#define TLS_OCSP_RESPONSE_TRYLATER		3
+#define TLS_OCSP_RESPONSE_SIGREQUIRED		4
+#define TLS_OCSP_RESPONSE_UNAUTHORIZED		5
+
+/* RFC 6960 Section 2.2 */
+#define TLS_OCSP_CERT_GOOD			0
+#define TLS_OCSP_CERT_REVOKED			1
+#define TLS_OCSP_CERT_UNKNOWN			2
+
+/* RFC 5280 Section 5.3.1 */
+#define TLS_CRL_REASON_UNSPECIFIED		0
+#define TLS_CRL_REASON_KEY_COMPROMISE		1
+#define TLS_CRL_REASON_CA_COMPROMISE		2
+#define TLS_CRL_REASON_AFFILIATION_CHANGED	3
+#define TLS_CRL_REASON_SUPERSEDED		4
+#define TLS_CRL_REASON_CESSATION_OF_OPERATION	5
+#define TLS_CRL_REASON_CERTIFICATE_HOLD		6
+#define TLS_CRL_REASON_REMOVE_FROM_CRL		8
+#define TLS_CRL_REASON_PRIVILEGE_WITHDRAWN	9
+#define TLS_CRL_REASON_AA_COMPROMISE		10
+
+#define TLS_MAX_SESSION_ID_LENGTH		32
+#define TLS_TICKET_KEY_SIZE			48
+
+struct tls;
+struct tls_config;
+
+typedef ssize_t (*tls_read_cb)(struct tls *_ctx, void *_buf, size_t _buflen,
+    void *_cb_arg);
+typedef ssize_t (*tls_write_cb)(struct tls *_ctx, const void *_buf,
+    size_t _buflen, void *_cb_arg);
+
+int tls_init(void);
+
+const char *tls_config_error(struct tls_config *_config);
+const char *tls_error(struct tls *_ctx);
+
+struct tls_config *tls_config_new(void);
+void tls_config_free(struct tls_config *_config);
+
+const char *tls_default_ca_cert_file(void);
+
+int tls_config_add_keypair_file(struct tls_config *_config,
+    const char *_cert_file, const char *_key_file);
+int tls_config_add_keypair_mem(struct tls_config *_config, const uint8_t *_cert,
+    size_t _cert_len, const uint8_t *_key, size_t _key_len);
+int tls_config_add_keypair_ocsp_file(struct tls_config *_config,
+    const char *_cert_file, const char *_key_file,
+    const char *_ocsp_staple_file);
+int tls_config_add_keypair_ocsp_mem(struct tls_config *_config, const uint8_t *_cert,
+    size_t _cert_len, const uint8_t *_key, size_t _key_len,
+    const uint8_t *_staple, size_t _staple_len);
+int tls_config_set_alpn(struct tls_config *_config, const char *_alpn);
+int tls_config_set_ca_file(struct tls_config *_config, const char *_ca_file);
+int tls_config_set_ca_path(struct tls_config *_config, const char *_ca_path);
+int tls_config_set_ca_mem(struct tls_config *_config, const uint8_t *_ca,
+    size_t _len);
+int tls_config_set_cert_file(struct tls_config *_config,
+    const char *_cert_file);
+int tls_config_set_cert_mem(struct tls_config *_config, const uint8_t *_cert,
+    size_t _len);
+int tls_config_set_ciphers(struct tls_config *_config, const char *_ciphers);
+int tls_config_set_crl_file(struct tls_config *_config, const char *_crl_file);
+int tls_config_set_crl_mem(struct tls_config *_config, const uint8_t *_crl,
+    size_t _len);
+int tls_config_set_dheparams(struct tls_config *_config, const char *_params);
+int tls_config_set_ecdhecurve(struct tls_config *_config, const char *_curve);
+int tls_config_set_ecdhecurves(struct tls_config *_config, const char *_curves);
+int tls_config_set_key_file(struct tls_config *_config, const char *_key_file);
+int tls_config_set_key_mem(struct tls_config *_config, const uint8_t *_key,
+    size_t _len);
+int tls_config_set_keypair_file(struct tls_config *_config,
+    const char *_cert_file, const char *_key_file);
+int tls_config_set_keypair_mem(struct tls_config *_config, const uint8_t *_cert,
+    size_t _cert_len, const uint8_t *_key, size_t _key_len);
+int tls_config_set_keypair_ocsp_file(struct tls_config *_config,
+    const char *_cert_file, const char *_key_file, const char *_staple_file);
+int tls_config_set_keypair_ocsp_mem(struct tls_config *_config, const uint8_t *_cert,
+    size_t _cert_len, const uint8_t *_key, size_t _key_len,
+    const uint8_t *_staple, size_t staple_len);
+int tls_config_set_ocsp_staple_mem(struct tls_config *_config,
+    const uint8_t *_staple, size_t _len);
+int tls_config_set_ocsp_staple_file(struct tls_config *_config,
+    const char *_staple_file);
+int tls_config_set_protocols(struct tls_config *_config, uint32_t _protocols);
+int tls_config_set_session_fd(struct tls_config *_config, int _session_fd);
+int tls_config_set_verify_depth(struct tls_config *_config, int _verify_depth);
+
+void tls_config_prefer_ciphers_client(struct tls_config *_config);
+void tls_config_prefer_ciphers_server(struct tls_config *_config);
+
+void tls_config_insecure_noverifycert(struct tls_config *_config);
+void tls_config_insecure_noverifyname(struct tls_config *_config);
+void tls_config_insecure_noverifytime(struct tls_config *_config);
+void tls_config_verify(struct tls_config *_config);
+
+void tls_config_ocsp_require_stapling(struct tls_config *_config);
+void tls_config_verify_client(struct tls_config *_config);
+void tls_config_verify_client_optional(struct tls_config *_config);
+
+void tls_config_clear_keys(struct tls_config *_config);
+int tls_config_parse_protocols(uint32_t *_protocols, const char *_protostr);
+
+int tls_config_set_session_id(struct tls_config *_config,
+    const unsigned char *_session_id, size_t _len);
+int tls_config_set_session_lifetime(struct tls_config *_config, int _lifetime);
+int tls_config_add_ticket_key(struct tls_config *_config, uint32_t _keyrev,
+    unsigned char *_key, size_t _keylen);
+
+struct tls *tls_client(void);
+struct tls *tls_server(void);
+int tls_configure(struct tls *_ctx, struct tls_config *_config);
+void tls_reset(struct tls *_ctx);
+void tls_free(struct tls *_ctx);
+
+int tls_accept_fds(struct tls *_ctx, struct tls **_cctx, int _fd_read,
+    int _fd_write);
+int tls_accept_socket(struct tls *_ctx, struct tls **_cctx, int _socket);
+int tls_accept_cbs(struct tls *_ctx, struct tls **_cctx,
+    tls_read_cb _read_cb, tls_write_cb _write_cb, void *_cb_arg);
+int tls_connect(struct tls *_ctx, const char *_host, const char *_port);
+int tls_connect_fds(struct tls *_ctx, int _fd_read, int _fd_write,
+    const char *_servername);
+int tls_connect_servername(struct tls *_ctx, const char *_host,
+    const char *_port, const char *_servername);
+int tls_connect_socket(struct tls *_ctx, int _s, const char *_servername);
+int tls_connect_cbs(struct tls *_ctx, tls_read_cb _read_cb,
+    tls_write_cb _write_cb, void *_cb_arg, const char *_servername);
+int tls_handshake(struct tls *_ctx);
+ssize_t tls_read(struct tls *_ctx, void *_buf, size_t _buflen);
+ssize_t tls_write(struct tls *_ctx, const void *_buf, size_t _buflen);
+int tls_close(struct tls *_ctx);
+
+int tls_peer_cert_provided(struct tls *_ctx);
+int tls_peer_cert_contains_name(struct tls *_ctx, const char *_name);
+
+const char *tls_peer_cert_hash(struct tls *_ctx);
+const char *tls_peer_cert_issuer(struct tls *_ctx);
+const char *tls_peer_cert_subject(struct tls *_ctx);
+time_t	tls_peer_cert_notbefore(struct tls *_ctx);
+time_t	tls_peer_cert_notafter(struct tls *_ctx);
+const uint8_t *tls_peer_cert_chain_pem(struct tls *_ctx, size_t *_len);
+
+const char *tls_conn_alpn_selected(struct tls *_ctx);
+const char *tls_conn_cipher(struct tls *_ctx);
+int tls_conn_cipher_strength(struct tls *_ctx);
+const char *tls_conn_servername(struct tls *_ctx);
+int tls_conn_session_resumed(struct tls *_ctx);
+const char *tls_conn_version(struct tls *_ctx);
+
+uint8_t *tls_load_file(const char *_file, size_t *_len, char *_password);
+void tls_unload_file(uint8_t *_buf, size_t len);
+
+int tls_ocsp_process_response(struct tls *_ctx, const unsigned char *_response,
+    size_t _size);
+int tls_peer_ocsp_cert_status(struct tls *_ctx);
+int tls_peer_ocsp_crl_reason(struct tls *_ctx);
+time_t tls_peer_ocsp_next_update(struct tls *_ctx);
+int tls_peer_ocsp_response_status(struct tls *_ctx);
+const char *tls_peer_ocsp_result(struct tls *_ctx);
+time_t tls_peer_ocsp_revocation_time(struct tls *_ctx);
+time_t tls_peer_ocsp_this_update(struct tls *_ctx);
+const char *tls_peer_ocsp_url(struct tls *_ctx);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* HEADER_TLS_H */
diff --git a/libtls.pc.in b/libtls.pc.in
new file mode 100644
index 0000000..82a6a71
--- /dev/null
+++ b/libtls.pc.in
@@ -0,0 +1,16 @@
+#libtls pkg-config source file
+
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+libdir=@libdir@
+includedir=@includedir@
+
+Name: LibreSSL-libtls
+Description: Secure communications using the TLS socket protocol.
+Version: @VERSION@
+Requires:
+Requires.private: libcrypto libssl
+Conflicts:
+Libs: -L${libdir} -ltls
+Libs.private: @LIBS@ -lcrypto -lssl @PLATFORM_LDADD@
+Cflags: -I${includedir}
diff --git a/m4/check-hardening-options.m4 b/m4/check-hardening-options.m4
new file mode 100644
index 0000000..3ffdb1a
--- /dev/null
+++ b/m4/check-hardening-options.m4
@@ -0,0 +1,109 @@
+
+AC_DEFUN([CHECK_CFLAG], [
+	 AC_LANG_ASSERT(C)
+	 AC_MSG_CHECKING([if $saved_CC supports "$1"])
+	 old_cflags="$CFLAGS"
+	 CFLAGS="$1 -Wall -Werror"
+	 AC_TRY_LINK([
+		      #include <stdio.h>
+		      ],
+		     [printf("Hello")],
+		     AC_MSG_RESULT([yes])
+		     CFLAGS=$old_cflags
+		     HARDEN_CFLAGS="$HARDEN_CFLAGS $1",
+		     AC_MSG_RESULT([no])
+		     CFLAGS=$old_cflags
+		     [$2])
+])
+
+AC_DEFUN([CHECK_LDFLAG], [
+	 AC_LANG_ASSERT(C)
+	 AC_MSG_CHECKING([if $saved_LD supports "$1"])
+	 old_ldflags="$LDFLAGS"
+	 LDFLAGS="$1 -Wall -Werror"
+	 AC_TRY_LINK([
+		      #include <stdio.h>
+		      ],
+		     [printf("Hello")],
+		     AC_MSG_RESULT([yes])
+		     LDFLAGS=$old_ldflags
+		     HARDEN_LDFLAGS="$HARDEN_LDFLAGS $1",
+		     AC_MSG_RESULT([no])
+		     LDFLAGS=$old_ldflags
+		     [$2])
+])
+
+AC_DEFUN([DISABLE_AS_EXECUTABLE_STACK], [
+	save_cflags="$CFLAGS"
+	CFLAGS=
+	AC_MSG_CHECKING([whether AS supports .note.GNU-stack])
+	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+	__asm__(".section .note.GNU-stack,\"\",@progbits");]])],
+		[AC_MSG_RESULT([yes])]
+		[AM_CFLAGS=-DHAVE_GNU_STACK],
+		[AC_MSG_RESULT([no])]
+	)
+	CFLAGS="$save_cflags $AM_CFLAGS"
+])
+
+
+AC_DEFUN([CHECK_C_HARDENING_OPTIONS], [
+
+	AC_ARG_ENABLE([hardening],
+		[AS_HELP_STRING([--disable-hardening],
+				[Disable options to frustrate memory corruption exploits])],
+		[], [enable_hardening=yes])
+
+	AC_ARG_ENABLE([windows-ssp],
+		[AS_HELP_STRING([--enable-windows-ssp],
+				[Enable building the stack smashing protection on
+				 Windows. This currently distributing libssp-0.dll.])])
+
+	# We want to check for compiler flag support. Prior to clang v5.1, there was no
+	# way to make clang's "argument unused" warning fatal.  So we invoke the
+	# compiler through a wrapper script that greps for this message.
+	saved_CC="$CC"
+	saved_LD="$LD"
+	flag_wrap="$srcdir/scripts/wrap-compiler-for-flag-check"
+	CC="$flag_wrap $CC"
+	LD="$flag_wrap $LD"
+
+	AS_IF([test "x$enable_hardening" = "xyes"], [
+		# Tell GCC to NOT optimize based on signed arithmetic overflow
+		CHECK_CFLAG([[-fno-strict-overflow]])
+
+		# _FORTIFY_SOURCE replaces builtin functions with safer versions.
+		CHECK_CFLAG([[-D_FORTIFY_SOURCE=2]])
+
+		# Enable read only relocations
+		CHECK_LDFLAG([[-Wl,-z,relro]])
+		CHECK_LDFLAG([[-Wl,-z,now]])
+
+		# Windows security flags
+		AS_IF([test "x$HOST_OS" = "xwin"], [
+			CHECK_LDFLAG([[-Wl,--nxcompat]])
+			CHECK_LDFLAG([[-Wl,--dynamicbase]])
+			CHECK_LDFLAG([[-Wl,--high-entropy-va]])
+		])
+
+		# Use stack-protector-strong if available; if not, fallback to
+		# stack-protector-all which is considered to be overkill
+		AS_IF([test "x$enable_windows_ssp" = "xyes" -o "x$HOST_OS" != "xwin"], [
+			CHECK_CFLAG([[-fstack-protector-strong]],
+				CHECK_CFLAG([[-fstack-protector-all]],
+					AC_MSG_WARN([compiler does not appear to support stack protection])
+				)
+			)
+			AS_IF([test "x$HOST_OS" = "xwin"], [
+				AC_SEARCH_LIBS([__stack_chk_guard],[ssp])
+			])
+		])
+	])
+
+	# Restore CC, LD
+	CC="$saved_CC"
+	LD="$saved_LD"
+
+	CFLAGS="$CFLAGS $HARDEN_CFLAGS"
+	LDFLAGS="$LDFLAGS $HARDEN_LDFLAGS"
+])
diff --git a/m4/check-libc.m4 b/m4/check-libc.m4
new file mode 100644
index 0000000..e511f6d
--- /dev/null
+++ b/m4/check-libc.m4
@@ -0,0 +1,169 @@
+AC_DEFUN([CHECK_LIBC_COMPAT], [
+# Check for libc headers
+AC_CHECK_HEADERS([err.h readpassphrase.h])
+# Check for general libc functions
+AC_CHECK_FUNCS([asprintf freezero memmem])
+AC_CHECK_FUNCS([readpassphrase reallocarray recallocarray])
+AC_CHECK_FUNCS([strlcat strlcpy strndup strnlen strsep strtonum])
+AC_CHECK_FUNCS([timegm _mkgmtime timespecsub])
+AC_CHECK_FUNCS([getprogname syslog syslog_r])
+AC_CACHE_CHECK([for getpagesize], ac_cv_func_getpagesize, [
+	AC_LINK_IFELSE([AC_LANG_PROGRAM([[
+// Since Android NDK v16 getpagesize is defined as inline inside unistd.h
+#ifdef __ANDROID__
+#	include <unistd.h>
+#endif
+		]], [[
+	getpagesize();
+]])],
+	[ ac_cv_func_getpagesize="yes" ],
+	[ ac_cv_func_getpagesize="no"
+	])
+])
+AM_CONDITIONAL([HAVE_ASPRINTF], [test "x$ac_cv_func_asprintf" = xyes])
+AM_CONDITIONAL([HAVE_FREEZERO], [test "x$ac_cv_func_freezero" = xyes])
+AM_CONDITIONAL([HAVE_GETPAGESIZE], [test "x$ac_cv_func_getpagesize" = xyes])
+AM_CONDITIONAL([HAVE_MEMMEM], [test "x$ac_cv_func_memmem" = xyes])
+AM_CONDITIONAL([HAVE_READPASSPHRASE], [test "x$ac_cv_func_readpassphrase" = xyes])
+AM_CONDITIONAL([HAVE_REALLOCARRAY], [test "x$ac_cv_func_reallocarray" = xyes])
+AM_CONDITIONAL([HAVE_RECALLOCARRAY], [test "x$ac_cv_func_recallocarray" = xyes])
+AM_CONDITIONAL([HAVE_STRLCAT], [test "x$ac_cv_func_strlcat" = xyes])
+AM_CONDITIONAL([HAVE_STRLCPY], [test "x$ac_cv_func_strlcpy" = xyes])
+AM_CONDITIONAL([HAVE_STRNDUP], [test "x$ac_cv_func_strndup" = xyes])
+AM_CONDITIONAL([HAVE_STRNLEN], [test "x$ac_cv_func_strnlen" = xyes])
+AM_CONDITIONAL([HAVE_STRSEP], [test "x$ac_cv_func_strsep" = xyes])
+AM_CONDITIONAL([HAVE_STRTONUM], [test "x$ac_cv_func_strtonum" = xyes])
+AM_CONDITIONAL([HAVE_TIMEGM], [test "x$ac_cv_func_timegm" = xyes])
+AM_CONDITIONAL([HAVE_GETPROGNAME], [test "x$ac_cv_func_getprogname" = xyes])
+AM_CONDITIONAL([HAVE_SYSLOG], [test "x$ac_cv_func_syslog" = xyes])
+AM_CONDITIONAL([HAVE_SYSLOG_R], [test "x$ac_cv_func_syslog_r" = xyes])
+])
+
+AC_DEFUN([CHECK_SYSCALL_COMPAT], [
+AC_CHECK_FUNCS([accept4 pipe2 pledge poll socketpair])
+AM_CONDITIONAL([HAVE_ACCEPT4], [test "x$ac_cv_func_accept4" = xyes])
+AM_CONDITIONAL([HAVE_PIPE2], [test "x$ac_cv_func_pipe2" = xyes])
+AM_CONDITIONAL([HAVE_PLEDGE], [test "x$ac_cv_func_pledge" = xyes])
+AM_CONDITIONAL([HAVE_POLL], [test "x$ac_cv_func_poll" = xyes])
+AM_CONDITIONAL([HAVE_SOCKETPAIR], [test "x$ac_cv_func_socketpair" = xyes])
+])
+
+AC_DEFUN([CHECK_B64_NTOP], [
+AC_SEARCH_LIBS([b64_ntop],[resolv])
+AC_SEARCH_LIBS([__b64_ntop],[resolv])
+AC_CACHE_CHECK([for b64_ntop], ac_cv_have_b64_ntop_arg, [
+	AC_LINK_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <resolv.h>
+		]], [[ b64_ntop(NULL, 0, NULL, 0); ]])],
+	[ ac_cv_have_b64_ntop_arg="yes" ],
+	[ ac_cv_have_b64_ntop_arg="no"
+	])
+])
+AM_CONDITIONAL([HAVE_B64_NTOP], [test "x$ac_cv_func_b64_ntop_arg" = xyes])
+])
+
+AC_DEFUN([CHECK_CRYPTO_COMPAT], [
+# Check crypto-related libc functions and syscalls
+AC_CHECK_FUNCS([arc4random arc4random_buf arc4random_uniform])
+AC_CHECK_FUNCS([explicit_bzero getauxval])
+
+AC_CACHE_CHECK([for getentropy], ac_cv_func_getentropy, [
+	AC_LINK_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#include <unistd.h>
+
+/*
+ * Explanation:
+ *
+ *   - iOS <= 10.1 fails because of missing sys/random.h
+ *
+ *   - in macOS 10.12 getentropy is not tagged as introduced in
+ *     10.12 so we cannot use it for target < 10.12
+ */
+#ifdef __APPLE__
+#  include <AvailabilityMacros.h>
+#  include <TargetConditionals.h>
+
+# if (TARGET_OS_IPHONE || TARGET_OS_SIMULATOR)
+#  include <sys/random.h> /* Not available as of iOS <= 10.1 */
+# else
+
+#  include <sys/random.h> /* Pre 10.12 systems should die here */
+
+/* Based on: https://gitweb.torproject.org/tor.git/commit/?id=16fcbd21 */
+#  ifndef MAC_OS_X_VERSION_10_12
+#    define MAC_OS_X_VERSION_10_12 101200 /* Robustness */
+#  endif
+#  if defined(MAC_OS_X_VERSION_MIN_REQUIRED)
+#    if MAC_OS_X_VERSION_MIN_REQUIRED < MAC_OS_X_VERSION_10_12
+#      error "Targeting on Mac OSX 10.11 or earlier"
+#    endif
+#  endif
+
+# endif
+#endif /* __APPLE__ */
+		]], [[
+	char buffer;
+	(void)getentropy(&buffer, sizeof (buffer));
+]])],
+	[ ac_cv_func_getentropy="yes" ],
+	[ ac_cv_func_getentropy="no"
+	])
+])
+
+AC_CHECK_FUNCS([timingsafe_bcmp timingsafe_memcmp])
+AM_CONDITIONAL([HAVE_ARC4RANDOM], [test "x$ac_cv_func_arc4random" = xyes])
+AM_CONDITIONAL([HAVE_ARC4RANDOM_BUF], [test "x$ac_cv_func_arc4random_buf" = xyes])
+AM_CONDITIONAL([HAVE_ARC4RANDOM_UNIFORM], [test "x$ac_cv_func_arc4random_uniform" = xyes])
+AM_CONDITIONAL([HAVE_EXPLICIT_BZERO], [test "x$ac_cv_func_explicit_bzero" = xyes])
+AM_CONDITIONAL([HAVE_GETENTROPY], [test "x$ac_cv_func_getentropy" = xyes])
+AM_CONDITIONAL([HAVE_TIMINGSAFE_BCMP], [test "x$ac_cv_func_timingsafe_bcmp" = xyes])
+AM_CONDITIONAL([HAVE_TIMINGSAFE_MEMCMP], [test "x$ac_cv_func_timingsafe_memcmp" = xyes])
+
+# Override arc4random_buf implementations with known issues
+AM_CONDITIONAL([HAVE_ARC4RANDOM_BUF],
+	[test "x$USE_BUILTIN_ARC4RANDOM" != xyes \
+	   -a "x$ac_cv_func_arc4random_buf" = xyes])
+
+# Check for getentropy fallback dependencies
+AC_CHECK_FUNCS([getauxval])
+AC_SEARCH_LIBS([dl_iterate_phdr],[dl])
+AC_CHECK_FUNCS([dl_iterate_phdr])
+
+AC_SEARCH_LIBS([pthread_once],[pthread])
+AC_SEARCH_LIBS([pthread_mutex_lock],[pthread])
+AC_SEARCH_LIBS([clock_gettime],[rt posix4])
+AC_CHECK_FUNCS([clock_gettime])
+AM_CONDITIONAL([HAVE_CLOCK_GETTIME], [test "x$ac_cv_func_clock_gettime" = xyes])
+])
+
+AC_DEFUN([CHECK_VA_COPY], [
+AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
+	AC_LINK_IFELSE([AC_LANG_PROGRAM([[
+#include <stdarg.h>
+va_list x,y;
+		]], [[ va_copy(x,y); ]])],
+	[ ac_cv_have_va_copy="yes" ],
+	[ ac_cv_have_va_copy="no"
+	])
+])
+if test "x$ac_cv_have_va_copy" = "xyes" ; then
+	AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists])
+fi
+
+AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
+	AC_LINK_IFELSE([AC_LANG_PROGRAM([[
+#include <stdarg.h>
+va_list x,y;
+		]], [[ __va_copy(x,y); ]])],
+	[ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no"
+	])
+])
+if test "x$ac_cv_have___va_copy" = "xyes" ; then
+	AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists])
+fi
+])
diff --git a/m4/check-os-options.m4 b/m4/check-os-options.m4
new file mode 100644
index 0000000..8241aee
--- /dev/null
+++ b/m4/check-os-options.m4
@@ -0,0 +1,142 @@
+AC_DEFUN([CHECK_OS_OPTIONS], [
+
+CFLAGS="$CFLAGS -Wall -std=gnu99 -fno-strict-aliasing"
+BUILD_NC=yes
+
+case $host_os in
+	*aix*)
+		HOST_OS=aix
+		if test "`echo $CC | cut -d ' ' -f 1`" != "gcc" ; then
+			CFLAGS="-qnoansialias $USER_CFLAGS"
+		fi
+		AC_SUBST([PLATFORM_LDADD], ['-lperfstat'])
+		;;
+	*cygwin*)
+		HOST_OS=cygwin
+		CPPFLAGS="$CPPFLAGS -D_GNU_SOURCE"
+		;;
+	*darwin*)
+		HOST_OS=darwin
+		HOST_ABI=macosx
+		#
+		# Don't use arc4random on systems before 10.12 because of
+		# weak seed on failure to open /dev/random, based on latest
+		# public source:
+		# http://www.opensource.apple.com/source/Libc/Libc-997.90.3/gen/FreeBSD/arc4random.c
+		#
+		# We use the presence of getentropy() to detect 10.12. The
+		# following check take into account that:
+ 		#
+		#   - iOS <= 10.1 fails because of missing getentropy and
+		#     hence they miss sys/random.h
+		#
+		#   - in macOS 10.12 getentropy is not tagged as introduced in
+		#     10.12 so we cannot use it for target < 10.12
+		#
+		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <AvailabilityMacros.h>
+#include <unistd.h>
+#include <sys/random.h>  /* Systems without getentropy() should die here */
+
+/* Based on: https://gitweb.torproject.org/tor.git/commit/?id=16fcbd21 */
+#ifndef MAC_OS_X_VERSION_10_12
+#  define MAC_OS_X_VERSION_10_12 101200
+#endif
+#if defined(MAC_OS_X_VERSION_MIN_REQUIRED)
+#  if MAC_OS_X_VERSION_MIN_REQUIRED < MAC_OS_X_VERSION_10_12
+#    error "Running on Mac OSX 10.11 or earlier"
+#  endif
+#endif
+                       ]], [[
+char buf[1]; getentropy(buf, 1);
+					   ]])],
+                       [ USE_BUILTIN_ARC4RANDOM=no ],
+                       [ USE_BUILTIN_ARC4RANDOM=yes ]
+		)
+		AC_MSG_CHECKING([whether to use builtin arc4random])
+		AC_MSG_RESULT([$USE_BUILTIN_ARC4RANDOM])
+		# Not available on iOS
+		AC_CHECK_HEADER([arpa/telnet.h], [], [BUILD_NC=no])
+		;;
+	*freebsd*)
+		HOST_OS=freebsd
+		HOST_ABI=elf
+		# fork detection missing, weak seed on failure
+		# https://svnweb.freebsd.org/base/head/lib/libc/gen/arc4random.c?revision=268642&view=markup
+		USE_BUILTIN_ARC4RANDOM=yes
+		AC_SUBST([PROG_LDADD], ['-lthr'])
+		;;
+	*hpux*)
+		HOST_OS=hpux;
+		if test "`echo $CC | cut -d ' ' -f 1`" = "gcc" ; then
+			CFLAGS="$CFLAGS -mlp64"
+		else
+			CFLAGS="-g -O2 +DD64 +Otype_safety=off $USER_CFLAGS"
+		fi
+		CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D__STRICT_ALIGNMENT"
+		;;
+	*linux*)
+		HOST_OS=linux
+		HOST_ABI=elf
+		CPPFLAGS="$CPPFLAGS -D_DEFAULT_SOURCE -D_BSD_SOURCE -D_POSIX_SOURCE -D_GNU_SOURCE"
+		;;
+	*midipix*)
+		HOST_OS=midipix
+		CPPFLAGS="$CPPFLAGS -D_DEFAULT_SOURCE -D_BSD_SOURCE -D_POSIX_SOURCE -D_GNU_SOURCE"
+		;;
+	*netbsd*)
+		HOST_OS=netbsd
+		HOST_ABI=elf
+		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/param.h>
+#if __NetBSD_Version__ < 700000001
+        undefined
+#endif
+                       ]], [[]])],
+                       [ USE_BUILTIN_ARC4RANDOM=no ],
+                       [ USE_BUILTIN_ARC4RANDOM=yes ]
+		)
+		CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE"
+		;;
+	*openbsd* | *bitrig*)
+		HOST_OS=openbsd
+		HOST_ABI=elf
+		AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD gcc has bounded])
+		AC_DEFINE([HAVE_ATTRIBUTE__DEAD], [1], [OpenBSD gcc has __dead])
+		;;
+	*mingw*)
+		HOST_OS=win
+		HOST_ABI=mingw64
+		BUILD_NC=no
+		CPPFLAGS="$CPPFLAGS -D_GNU_SOURCE -D_POSIX -D_POSIX_SOURCE -D__USE_MINGW_ANSI_STDIO"
+		CPPFLAGS="$CPPFLAGS -D_REENTRANT -D_POSIX_THREAD_SAFE_FUNCTIONS"
+		CPPFLAGS="$CPPFLAGS -DWIN32_LEAN_AND_MEAN -D_WIN32_WINNT=0x0600"
+		CPPFLAGS="$CPPFLAGS"
+		AC_SUBST([PLATFORM_LDADD], ['-lws2_32'])
+		;;
+	*solaris*)
+		HOST_OS=solaris
+		HOST_ABI=elf
+		CPPFLAGS="$CPPFLAGS -D__EXTENSIONS__ -D_XOPEN_SOURCE=600 -DBSD_COMP"
+		AC_SUBST([PLATFORM_LDADD], ['-ldl -lnsl -lsocket'])
+		;;
+	*) ;;
+esac
+
+AC_ARG_ENABLE([nc],
+	AS_HELP_STRING([--enable-nc], [Enable installing TLS-enabled nc(1)]))
+AM_CONDITIONAL([ENABLE_NC], [test "x$enable_nc" = xyes])
+AM_CONDITIONAL([BUILD_NC],  [test x$BUILD_NC = xyes -o "x$enable_nc" = xyes])
+
+AM_CONDITIONAL([HOST_AIX],     [test x$HOST_OS = xaix])
+AM_CONDITIONAL([HOST_CYGWIN],  [test x$HOST_OS = xcygwin])
+AM_CONDITIONAL([HOST_DARWIN],  [test x$HOST_OS = xdarwin])
+AM_CONDITIONAL([HOST_FREEBSD], [test x$HOST_OS = xfreebsd])
+AM_CONDITIONAL([HOST_HPUX],    [test x$HOST_OS = xhpux])
+AM_CONDITIONAL([HOST_LINUX],   [test x$HOST_OS = xlinux])
+AM_CONDITIONAL([HOST_MIDIPIX], [test x$HOST_OS = xmidipix])
+AM_CONDITIONAL([HOST_NETBSD],  [test x$HOST_OS = xnetbsd])
+AM_CONDITIONAL([HOST_OPENBSD], [test x$HOST_OS = xopenbsd])
+AM_CONDITIONAL([HOST_SOLARIS], [test x$HOST_OS = xsolaris])
+AM_CONDITIONAL([HOST_WIN],     [test x$HOST_OS = xwin])
+])
diff --git a/m4/disable-compiler-warnings.m4 b/m4/disable-compiler-warnings.m4
new file mode 100644
index 0000000..2792722
--- /dev/null
+++ b/m4/disable-compiler-warnings.m4
@@ -0,0 +1,29 @@
+AC_DEFUN([DISABLE_COMPILER_WARNINGS], [
+# Clang throws a lot of warnings when it does not understand a flag. Disable
+# this warning for now so other warnings are visible.
+AC_MSG_CHECKING([if compiling with clang])
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [[
+#ifndef __clang__
+	not clang
+#endif
+	]])],
+	[CLANG=yes],
+	[CLANG=no]
+)
+AC_MSG_RESULT([$CLANG])
+AS_IF([test "x$CLANG" = "xyes"], [CLANG_FLAGS=-Qunused-arguments])
+CFLAGS="$CFLAGS $CLANG_FLAGS"
+LDFLAGS="$LDFLAGS $CLANG_FLAGS"
+
+# Removing the dependency on -Wno-pointer-sign should be a goal. These are
+# largely unsigned char */char* mismatches in asn1 functions.
+save_cflags="$CFLAGS"
+CFLAGS=-Wno-pointer-sign
+AC_MSG_CHECKING([whether CC supports -Wno-pointer-sign])
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
+	[AC_MSG_RESULT([yes])]
+	[AM_CFLAGS=-Wno-pointer-sign],
+	[AC_MSG_RESULT([no])]
+)
+CFLAGS="$save_cflags $AM_CFLAGS"
+])
diff --git a/man/Makefile.am b/man/Makefile.am
new file mode 100644
index 0000000..e169064
--- /dev/null
+++ b/man/Makefile.am
@@ -0,0 +1,5611 @@
+EXTRA_DIST = CMakeLists.txt
+dist_man3_MANS =
+dist_man5_MANS =
+dist_man3_MANS += BIO_f_ssl.3
+dist_man3_MANS += DTLSv1_listen.3
+dist_man3_MANS += OPENSSL_init_ssl.3
+dist_man3_MANS += PEM_read_SSL_SESSION.3
+dist_man3_MANS += SSL_CIPHER_get_name.3
+dist_man3_MANS += SSL_COMP_add_compression_method.3
+dist_man3_MANS += SSL_CTX_add1_chain_cert.3
+dist_man3_MANS += SSL_CTX_add_extra_chain_cert.3
+dist_man3_MANS += SSL_CTX_add_session.3
+dist_man3_MANS += SSL_CTX_ctrl.3
+dist_man3_MANS += SSL_CTX_flush_sessions.3
+dist_man3_MANS += SSL_CTX_free.3
+dist_man3_MANS += SSL_CTX_get0_certificate.3
+dist_man3_MANS += SSL_CTX_get_ex_new_index.3
+dist_man3_MANS += SSL_CTX_get_verify_mode.3
+dist_man3_MANS += SSL_CTX_load_verify_locations.3
+dist_man3_MANS += SSL_CTX_new.3
+dist_man3_MANS += SSL_CTX_sess_number.3
+dist_man3_MANS += SSL_CTX_sess_set_cache_size.3
+dist_man3_MANS += SSL_CTX_sess_set_get_cb.3
+dist_man3_MANS += SSL_CTX_sessions.3
+dist_man3_MANS += SSL_CTX_set1_groups.3
+dist_man3_MANS += SSL_CTX_set_alpn_select_cb.3
+dist_man3_MANS += SSL_CTX_set_cert_store.3
+dist_man3_MANS += SSL_CTX_set_cert_verify_callback.3
+dist_man3_MANS += SSL_CTX_set_cipher_list.3
+dist_man3_MANS += SSL_CTX_set_client_CA_list.3
+dist_man3_MANS += SSL_CTX_set_client_cert_cb.3
+dist_man3_MANS += SSL_CTX_set_default_passwd_cb.3
+dist_man3_MANS += SSL_CTX_set_generate_session_id.3
+dist_man3_MANS += SSL_CTX_set_info_callback.3
+dist_man3_MANS += SSL_CTX_set_max_cert_list.3
+dist_man3_MANS += SSL_CTX_set_min_proto_version.3
+dist_man3_MANS += SSL_CTX_set_mode.3
+dist_man3_MANS += SSL_CTX_set_msg_callback.3
+dist_man3_MANS += SSL_CTX_set_options.3
+dist_man3_MANS += SSL_CTX_set_quiet_shutdown.3
+dist_man3_MANS += SSL_CTX_set_read_ahead.3
+dist_man3_MANS += SSL_CTX_set_session_cache_mode.3
+dist_man3_MANS += SSL_CTX_set_session_id_context.3
+dist_man3_MANS += SSL_CTX_set_ssl_version.3
+dist_man3_MANS += SSL_CTX_set_timeout.3
+dist_man3_MANS += SSL_CTX_set_tlsext_servername_callback.3
+dist_man3_MANS += SSL_CTX_set_tlsext_status_cb.3
+dist_man3_MANS += SSL_CTX_set_tlsext_ticket_key_cb.3
+dist_man3_MANS += SSL_CTX_set_tlsext_use_srtp.3
+dist_man3_MANS += SSL_CTX_set_tmp_dh_callback.3
+dist_man3_MANS += SSL_CTX_set_tmp_rsa_callback.3
+dist_man3_MANS += SSL_CTX_set_verify.3
+dist_man3_MANS += SSL_CTX_use_certificate.3
+dist_man3_MANS += SSL_SESSION_free.3
+dist_man3_MANS += SSL_SESSION_get0_peer.3
+dist_man3_MANS += SSL_SESSION_get_compress_id.3
+dist_man3_MANS += SSL_SESSION_get_ex_new_index.3
+dist_man3_MANS += SSL_SESSION_get_id.3
+dist_man3_MANS += SSL_SESSION_get_protocol_version.3
+dist_man3_MANS += SSL_SESSION_get_time.3
+dist_man3_MANS += SSL_SESSION_has_ticket.3
+dist_man3_MANS += SSL_SESSION_new.3
+dist_man3_MANS += SSL_SESSION_print.3
+dist_man3_MANS += SSL_SESSION_set1_id_context.3
+dist_man3_MANS += SSL_accept.3
+dist_man3_MANS += SSL_alert_type_string.3
+dist_man3_MANS += SSL_clear.3
+dist_man3_MANS += SSL_connect.3
+dist_man3_MANS += SSL_copy_session_id.3
+dist_man3_MANS += SSL_do_handshake.3
+dist_man3_MANS += SSL_dup.3
+dist_man3_MANS += SSL_dup_CA_list.3
+dist_man3_MANS += SSL_export_keying_material.3
+dist_man3_MANS += SSL_free.3
+dist_man3_MANS += SSL_get_SSL_CTX.3
+dist_man3_MANS += SSL_get_certificate.3
+dist_man3_MANS += SSL_get_ciphers.3
+dist_man3_MANS += SSL_get_client_CA_list.3
+dist_man3_MANS += SSL_get_client_random.3
+dist_man3_MANS += SSL_get_current_cipher.3
+dist_man3_MANS += SSL_get_default_timeout.3
+dist_man3_MANS += SSL_get_error.3
+dist_man3_MANS += SSL_get_ex_data_X509_STORE_CTX_idx.3
+dist_man3_MANS += SSL_get_ex_new_index.3
+dist_man3_MANS += SSL_get_fd.3
+dist_man3_MANS += SSL_get_peer_cert_chain.3
+dist_man3_MANS += SSL_get_peer_certificate.3
+dist_man3_MANS += SSL_get_rbio.3
+dist_man3_MANS += SSL_get_server_tmp_key.3
+dist_man3_MANS += SSL_get_session.3
+dist_man3_MANS += SSL_get_shared_ciphers.3
+dist_man3_MANS += SSL_get_state.3
+dist_man3_MANS += SSL_get_verify_result.3
+dist_man3_MANS += SSL_get_version.3
+dist_man3_MANS += SSL_library_init.3
+dist_man3_MANS += SSL_load_client_CA_file.3
+dist_man3_MANS += SSL_new.3
+dist_man3_MANS += SSL_num_renegotiations.3
+dist_man3_MANS += SSL_pending.3
+dist_man3_MANS += SSL_read.3
+dist_man3_MANS += SSL_renegotiate.3
+dist_man3_MANS += SSL_rstate_string.3
+dist_man3_MANS += SSL_session_reused.3
+dist_man3_MANS += SSL_set1_param.3
+dist_man3_MANS += SSL_set_bio.3
+dist_man3_MANS += SSL_set_connect_state.3
+dist_man3_MANS += SSL_set_fd.3
+dist_man3_MANS += SSL_set_max_send_fragment.3
+dist_man3_MANS += SSL_set_session.3
+dist_man3_MANS += SSL_set_shutdown.3
+dist_man3_MANS += SSL_set_tmp_ecdh.3
+dist_man3_MANS += SSL_set_verify_result.3
+dist_man3_MANS += SSL_shutdown.3
+dist_man3_MANS += SSL_state_string.3
+dist_man3_MANS += SSL_want.3
+dist_man3_MANS += SSL_write.3
+dist_man3_MANS += d2i_SSL_SESSION.3
+dist_man3_MANS += ssl.3
+dist_man3_MANS += ACCESS_DESCRIPTION_new.3
+dist_man3_MANS += AES_encrypt.3
+dist_man3_MANS += ASN1_INTEGER_get.3
+dist_man3_MANS += ASN1_OBJECT_new.3
+dist_man3_MANS += ASN1_STRING_TABLE_add.3
+dist_man3_MANS += ASN1_STRING_length.3
+dist_man3_MANS += ASN1_STRING_new.3
+dist_man3_MANS += ASN1_STRING_print_ex.3
+dist_man3_MANS += ASN1_TIME_set.3
+dist_man3_MANS += ASN1_TYPE_get.3
+dist_man3_MANS += ASN1_generate_nconf.3
+dist_man3_MANS += ASN1_item_d2i.3
+dist_man3_MANS += ASN1_item_new.3
+dist_man3_MANS += ASN1_put_object.3
+dist_man3_MANS += ASN1_time_parse.3
+dist_man3_MANS += AUTHORITY_KEYID_new.3
+dist_man3_MANS += BASIC_CONSTRAINTS_new.3
+dist_man3_MANS += BF_set_key.3
+dist_man3_MANS += BIO_ctrl.3
+dist_man3_MANS += BIO_f_base64.3
+dist_man3_MANS += BIO_f_buffer.3
+dist_man3_MANS += BIO_f_cipher.3
+dist_man3_MANS += BIO_f_md.3
+dist_man3_MANS += BIO_f_null.3
+dist_man3_MANS += BIO_find_type.3
+dist_man3_MANS += BIO_get_data.3
+dist_man3_MANS += BIO_get_ex_new_index.3
+dist_man3_MANS += BIO_meth_new.3
+dist_man3_MANS += BIO_new.3
+dist_man3_MANS += BIO_new_CMS.3
+dist_man3_MANS += BIO_printf.3
+dist_man3_MANS += BIO_push.3
+dist_man3_MANS += BIO_read.3
+dist_man3_MANS += BIO_s_accept.3
+dist_man3_MANS += BIO_s_bio.3
+dist_man3_MANS += BIO_s_connect.3
+dist_man3_MANS += BIO_s_fd.3
+dist_man3_MANS += BIO_s_file.3
+dist_man3_MANS += BIO_s_mem.3
+dist_man3_MANS += BIO_s_null.3
+dist_man3_MANS += BIO_s_socket.3
+dist_man3_MANS += BIO_set_callback.3
+dist_man3_MANS += BIO_should_retry.3
+dist_man3_MANS += BN_BLINDING_new.3
+dist_man3_MANS += BN_CTX_new.3
+dist_man3_MANS += BN_CTX_start.3
+dist_man3_MANS += BN_add.3
+dist_man3_MANS += BN_add_word.3
+dist_man3_MANS += BN_bn2bin.3
+dist_man3_MANS += BN_cmp.3
+dist_man3_MANS += BN_copy.3
+dist_man3_MANS += BN_generate_prime.3
+dist_man3_MANS += BN_get0_nist_prime_521.3
+dist_man3_MANS += BN_mod_inverse.3
+dist_man3_MANS += BN_mod_mul_montgomery.3
+dist_man3_MANS += BN_mod_mul_reciprocal.3
+dist_man3_MANS += BN_new.3
+dist_man3_MANS += BN_num_bytes.3
+dist_man3_MANS += BN_rand.3
+dist_man3_MANS += BN_set_bit.3
+dist_man3_MANS += BN_set_flags.3
+dist_man3_MANS += BN_set_negative.3
+dist_man3_MANS += BN_swap.3
+dist_man3_MANS += BN_zero.3
+dist_man3_MANS += BUF_MEM_new.3
+dist_man3_MANS += CMS_ContentInfo_new.3
+dist_man3_MANS += CMS_add0_cert.3
+dist_man3_MANS += CMS_add1_recipient_cert.3
+dist_man3_MANS += CMS_add1_signer.3
+dist_man3_MANS += CMS_compress.3
+dist_man3_MANS += CMS_decrypt.3
+dist_man3_MANS += CMS_encrypt.3
+dist_man3_MANS += CMS_final.3
+dist_man3_MANS += CMS_get0_RecipientInfos.3
+dist_man3_MANS += CMS_get0_SignerInfos.3
+dist_man3_MANS += CMS_get0_type.3
+dist_man3_MANS += CMS_get1_ReceiptRequest.3
+dist_man3_MANS += CMS_sign.3
+dist_man3_MANS += CMS_sign_receipt.3
+dist_man3_MANS += CMS_uncompress.3
+dist_man3_MANS += CMS_verify.3
+dist_man3_MANS += CMS_verify_receipt.3
+dist_man3_MANS += CONF_modules_free.3
+dist_man3_MANS += CONF_modules_load_file.3
+dist_man3_MANS += CRYPTO_get_mem_functions.3
+dist_man3_MANS += CRYPTO_lock.3
+dist_man3_MANS += CRYPTO_memcmp.3
+dist_man3_MANS += CRYPTO_set_ex_data.3
+dist_man3_MANS += DES_set_key.3
+dist_man3_MANS += DH_generate_key.3
+dist_man3_MANS += DH_generate_parameters.3
+dist_man3_MANS += DH_get0_pqg.3
+dist_man3_MANS += DH_get_ex_new_index.3
+dist_man3_MANS += DH_new.3
+dist_man3_MANS += DH_set_method.3
+dist_man3_MANS += DH_size.3
+dist_man3_MANS += DIST_POINT_new.3
+dist_man3_MANS += DSA_SIG_new.3
+dist_man3_MANS += DSA_do_sign.3
+dist_man3_MANS += DSA_dup_DH.3
+dist_man3_MANS += DSA_generate_key.3
+dist_man3_MANS += DSA_generate_parameters.3
+dist_man3_MANS += DSA_get0_pqg.3
+dist_man3_MANS += DSA_get_ex_new_index.3
+dist_man3_MANS += DSA_meth_new.3
+dist_man3_MANS += DSA_new.3
+dist_man3_MANS += DSA_set_method.3
+dist_man3_MANS += DSA_sign.3
+dist_man3_MANS += DSA_size.3
+dist_man3_MANS += ECDH_compute_key.3
+dist_man3_MANS += ECDSA_SIG_new.3
+dist_man3_MANS += EC_GFp_simple_method.3
+dist_man3_MANS += EC_GROUP_copy.3
+dist_man3_MANS += EC_GROUP_new.3
+dist_man3_MANS += EC_KEY_METHOD_new.3
+dist_man3_MANS += EC_KEY_new.3
+dist_man3_MANS += EC_POINT_add.3
+dist_man3_MANS += EC_POINT_new.3
+dist_man3_MANS += ENGINE_add.3
+dist_man3_MANS += ENGINE_ctrl.3
+dist_man3_MANS += ENGINE_get_default_RSA.3
+dist_man3_MANS += ENGINE_init.3
+dist_man3_MANS += ENGINE_new.3
+dist_man3_MANS += ENGINE_register_RSA.3
+dist_man3_MANS += ENGINE_register_all_RSA.3
+dist_man3_MANS += ENGINE_set_RSA.3
+dist_man3_MANS += ENGINE_set_default.3
+dist_man3_MANS += ENGINE_set_flags.3
+dist_man3_MANS += ENGINE_unregister_RSA.3
+dist_man3_MANS += ERR.3
+dist_man3_MANS += ERR_GET_LIB.3
+dist_man3_MANS += ERR_asprintf_error_data.3
+dist_man3_MANS += ERR_clear_error.3
+dist_man3_MANS += ERR_error_string.3
+dist_man3_MANS += ERR_get_error.3
+dist_man3_MANS += ERR_load_crypto_strings.3
+dist_man3_MANS += ERR_load_strings.3
+dist_man3_MANS += ERR_print_errors.3
+dist_man3_MANS += ERR_put_error.3
+dist_man3_MANS += ERR_remove_state.3
+dist_man3_MANS += ERR_set_mark.3
+dist_man3_MANS += ESS_SIGNING_CERT_new.3
+dist_man3_MANS += EVP_AEAD_CTX_init.3
+dist_man3_MANS += EVP_BytesToKey.3
+dist_man3_MANS += EVP_DigestInit.3
+dist_man3_MANS += EVP_DigestSignInit.3
+dist_man3_MANS += EVP_DigestVerifyInit.3
+dist_man3_MANS += EVP_EncodeInit.3
+dist_man3_MANS += EVP_EncryptInit.3
+dist_man3_MANS += EVP_OpenInit.3
+dist_man3_MANS += EVP_PKEY_CTX_ctrl.3
+dist_man3_MANS += EVP_PKEY_CTX_new.3
+dist_man3_MANS += EVP_PKEY_asn1_get_count.3
+dist_man3_MANS += EVP_PKEY_asn1_new.3
+dist_man3_MANS += EVP_PKEY_cmp.3
+dist_man3_MANS += EVP_PKEY_decrypt.3
+dist_man3_MANS += EVP_PKEY_derive.3
+dist_man3_MANS += EVP_PKEY_encrypt.3
+dist_man3_MANS += EVP_PKEY_get_default_digest_nid.3
+dist_man3_MANS += EVP_PKEY_keygen.3
+dist_man3_MANS += EVP_PKEY_meth_get0_info.3
+dist_man3_MANS += EVP_PKEY_meth_new.3
+dist_man3_MANS += EVP_PKEY_new.3
+dist_man3_MANS += EVP_PKEY_print_private.3
+dist_man3_MANS += EVP_PKEY_set1_RSA.3
+dist_man3_MANS += EVP_PKEY_sign.3
+dist_man3_MANS += EVP_PKEY_verify.3
+dist_man3_MANS += EVP_PKEY_verify_recover.3
+dist_man3_MANS += EVP_SealInit.3
+dist_man3_MANS += EVP_SignInit.3
+dist_man3_MANS += EVP_VerifyInit.3
+dist_man3_MANS += EVP_aes_128_cbc.3
+dist_man3_MANS += EVP_camellia_128_cbc.3
+dist_man3_MANS += EVP_des_cbc.3
+dist_man3_MANS += EVP_rc4.3
+dist_man3_MANS += EVP_sm3.3
+dist_man3_MANS += EVP_sm4_cbc.3
+dist_man3_MANS += EVP_whirlpool.3
+dist_man3_MANS += EXTENDED_KEY_USAGE_new.3
+dist_man3_MANS += GENERAL_NAME_new.3
+dist_man3_MANS += HMAC.3
+dist_man3_MANS += MD5.3
+dist_man3_MANS += NAME_CONSTRAINTS_new.3
+dist_man3_MANS += OBJ_nid2obj.3
+dist_man3_MANS += OCSP_CRLID_new.3
+dist_man3_MANS += OCSP_REQUEST_new.3
+dist_man3_MANS += OCSP_SERVICELOC_new.3
+dist_man3_MANS += OCSP_cert_to_id.3
+dist_man3_MANS += OCSP_request_add1_nonce.3
+dist_man3_MANS += OCSP_resp_find_status.3
+dist_man3_MANS += OCSP_response_status.3
+dist_man3_MANS += OCSP_sendreq_new.3
+dist_man3_MANS += OPENSSL_VERSION_NUMBER.3
+dist_man3_MANS += OPENSSL_cleanse.3
+dist_man3_MANS += OPENSSL_config.3
+dist_man3_MANS += OPENSSL_init_crypto.3
+dist_man3_MANS += OPENSSL_load_builtin_modules.3
+dist_man3_MANS += OPENSSL_malloc.3
+dist_man3_MANS += OPENSSL_sk_new.3
+dist_man3_MANS += OpenSSL_add_all_algorithms.3
+dist_man3_MANS += PEM_bytes_read_bio.3
+dist_man3_MANS += PEM_read.3
+dist_man3_MANS += PEM_read_bio_PrivateKey.3
+dist_man3_MANS += PEM_write_bio_CMS_stream.3
+dist_man3_MANS += PEM_write_bio_PKCS7_stream.3
+dist_man3_MANS += PKCS12_SAFEBAG_new.3
+dist_man3_MANS += PKCS12_create.3
+dist_man3_MANS += PKCS12_new.3
+dist_man3_MANS += PKCS12_newpass.3
+dist_man3_MANS += PKCS12_parse.3
+dist_man3_MANS += PKCS5_PBKDF2_HMAC.3
+dist_man3_MANS += PKCS7_dataFinal.3
+dist_man3_MANS += PKCS7_dataInit.3
+dist_man3_MANS += PKCS7_decrypt.3
+dist_man3_MANS += PKCS7_encrypt.3
+dist_man3_MANS += PKCS7_new.3
+dist_man3_MANS += PKCS7_set_content.3
+dist_man3_MANS += PKCS7_set_type.3
+dist_man3_MANS += PKCS7_sign.3
+dist_man3_MANS += PKCS7_sign_add_signer.3
+dist_man3_MANS += PKCS7_verify.3
+dist_man3_MANS += PKCS8_PRIV_KEY_INFO_new.3
+dist_man3_MANS += PKEY_USAGE_PERIOD_new.3
+dist_man3_MANS += POLICYINFO_new.3
+dist_man3_MANS += PROXY_POLICY_new.3
+dist_man3_MANS += RAND_add.3
+dist_man3_MANS += RAND_bytes.3
+dist_man3_MANS += RAND_load_file.3
+dist_man3_MANS += RAND_set_rand_method.3
+dist_man3_MANS += RC4.3
+dist_man3_MANS += RIPEMD160.3
+dist_man3_MANS += RSA_PSS_PARAMS_new.3
+dist_man3_MANS += RSA_blinding_on.3
+dist_man3_MANS += RSA_check_key.3
+dist_man3_MANS += RSA_generate_key.3
+dist_man3_MANS += RSA_get0_key.3
+dist_man3_MANS += RSA_get_ex_new_index.3
+dist_man3_MANS += RSA_meth_new.3
+dist_man3_MANS += RSA_new.3
+dist_man3_MANS += RSA_padding_add_PKCS1_type_1.3
+dist_man3_MANS += RSA_pkey_ctx_ctrl.3
+dist_man3_MANS += RSA_print.3
+dist_man3_MANS += RSA_private_encrypt.3
+dist_man3_MANS += RSA_public_encrypt.3
+dist_man3_MANS += RSA_set_method.3
+dist_man3_MANS += RSA_sign.3
+dist_man3_MANS += RSA_sign_ASN1_OCTET_STRING.3
+dist_man3_MANS += RSA_size.3
+dist_man3_MANS += SHA1.3
+dist_man3_MANS += SMIME_read_CMS.3
+dist_man3_MANS += SMIME_read_PKCS7.3
+dist_man3_MANS += SMIME_write_CMS.3
+dist_man3_MANS += SMIME_write_PKCS7.3
+dist_man3_MANS += STACK_OF.3
+dist_man3_MANS += SXNET_new.3
+dist_man3_MANS += TS_REQ_new.3
+dist_man3_MANS += UI_UTIL_read_pw.3
+dist_man3_MANS += UI_create_method.3
+dist_man3_MANS += UI_get_string_type.3
+dist_man3_MANS += UI_new.3
+dist_man3_MANS += X25519.3
+dist_man3_MANS += X509V3_get_d2i.3
+dist_man3_MANS += X509_ALGOR_dup.3
+dist_man3_MANS += X509_ATTRIBUTE_new.3
+dist_man3_MANS += X509_CINF_new.3
+dist_man3_MANS += X509_CRL_get0_by_serial.3
+dist_man3_MANS += X509_CRL_new.3
+dist_man3_MANS += X509_EXTENSION_set_object.3
+dist_man3_MANS += X509_INFO_new.3
+dist_man3_MANS += X509_LOOKUP_hash_dir.3
+dist_man3_MANS += X509_NAME_ENTRY_get_object.3
+dist_man3_MANS += X509_NAME_add_entry_by_txt.3
+dist_man3_MANS += X509_NAME_get_index_by_NID.3
+dist_man3_MANS += X509_NAME_new.3
+dist_man3_MANS += X509_NAME_print_ex.3
+dist_man3_MANS += X509_OBJECT_get0_X509.3
+dist_man3_MANS += X509_PUBKEY_new.3
+dist_man3_MANS += X509_REQ_new.3
+dist_man3_MANS += X509_REVOKED_new.3
+dist_man3_MANS += X509_SIG_new.3
+dist_man3_MANS += X509_STORE_CTX_get_error.3
+dist_man3_MANS += X509_STORE_CTX_get_ex_new_index.3
+dist_man3_MANS += X509_STORE_CTX_new.3
+dist_man3_MANS += X509_STORE_CTX_set_verify_cb.3
+dist_man3_MANS += X509_STORE_load_locations.3
+dist_man3_MANS += X509_STORE_new.3
+dist_man3_MANS += X509_STORE_set1_param.3
+dist_man3_MANS += X509_STORE_set_verify_cb_func.3
+dist_man3_MANS += X509_VERIFY_PARAM_set_flags.3
+dist_man3_MANS += X509_check_ca.3
+dist_man3_MANS += X509_check_host.3
+dist_man3_MANS += X509_check_issued.3
+dist_man3_MANS += X509_check_private_key.3
+dist_man3_MANS += X509_check_purpose.3
+dist_man3_MANS += X509_cmp.3
+dist_man3_MANS += X509_cmp_time.3
+dist_man3_MANS += X509_digest.3
+dist_man3_MANS += X509_get0_notBefore.3
+dist_man3_MANS += X509_get0_signature.3
+dist_man3_MANS += X509_get1_email.3
+dist_man3_MANS += X509_get_pubkey.3
+dist_man3_MANS += X509_get_serialNumber.3
+dist_man3_MANS += X509_get_subject_name.3
+dist_man3_MANS += X509_get_version.3
+dist_man3_MANS += X509_new.3
+dist_man3_MANS += X509_sign.3
+dist_man3_MANS += X509_verify_cert.3
+dist_man3_MANS += X509v3_get_ext_by_NID.3
+dist_man3_MANS += bn_dump.3
+dist_man3_MANS += crypto.3
+dist_man3_MANS += d2i_ASN1_NULL.3
+dist_man3_MANS += d2i_ASN1_OBJECT.3
+dist_man3_MANS += d2i_ASN1_OCTET_STRING.3
+dist_man3_MANS += d2i_ASN1_SEQUENCE_ANY.3
+dist_man3_MANS += d2i_AUTHORITY_KEYID.3
+dist_man3_MANS += d2i_BASIC_CONSTRAINTS.3
+dist_man3_MANS += d2i_CMS_ContentInfo.3
+dist_man3_MANS += d2i_DHparams.3
+dist_man3_MANS += d2i_DIST_POINT.3
+dist_man3_MANS += d2i_DSAPublicKey.3
+dist_man3_MANS += d2i_ECPKParameters.3
+dist_man3_MANS += d2i_ESS_SIGNING_CERT.3
+dist_man3_MANS += d2i_GENERAL_NAME.3
+dist_man3_MANS += d2i_OCSP_REQUEST.3
+dist_man3_MANS += d2i_OCSP_RESPONSE.3
+dist_man3_MANS += d2i_PKCS12.3
+dist_man3_MANS += d2i_PKCS7.3
+dist_man3_MANS += d2i_PKCS8PrivateKey_bio.3
+dist_man3_MANS += d2i_PKCS8_PRIV_KEY_INFO.3
+dist_man3_MANS += d2i_PKEY_USAGE_PERIOD.3
+dist_man3_MANS += d2i_POLICYINFO.3
+dist_man3_MANS += d2i_PROXY_POLICY.3
+dist_man3_MANS += d2i_PrivateKey.3
+dist_man3_MANS += d2i_RSAPublicKey.3
+dist_man3_MANS += d2i_TS_REQ.3
+dist_man3_MANS += d2i_X509.3
+dist_man3_MANS += d2i_X509_ALGOR.3
+dist_man3_MANS += d2i_X509_ATTRIBUTE.3
+dist_man3_MANS += d2i_X509_CRL.3
+dist_man3_MANS += d2i_X509_EXTENSION.3
+dist_man3_MANS += d2i_X509_NAME.3
+dist_man3_MANS += d2i_X509_REQ.3
+dist_man3_MANS += d2i_X509_SIG.3
+dist_man3_MANS += des_read_pw.3
+dist_man3_MANS += evp.3
+dist_man3_MANS += get_rfc3526_prime_8192.3
+dist_man3_MANS += i2d_CMS_bio_stream.3
+dist_man3_MANS += i2d_PKCS7_bio_stream.3
+dist_man3_MANS += lh_new.3
+dist_man3_MANS += lh_stats.3
+dist_man3_MANS += tls_accept_socket.3
+dist_man3_MANS += tls_client.3
+dist_man3_MANS += tls_config_ocsp_require_stapling.3
+dist_man3_MANS += tls_config_set_protocols.3
+dist_man3_MANS += tls_config_set_session_id.3
+dist_man3_MANS += tls_config_verify.3
+dist_man3_MANS += tls_conn_version.3
+dist_man3_MANS += tls_connect.3
+dist_man3_MANS += tls_init.3
+dist_man3_MANS += tls_load_file.3
+dist_man3_MANS += tls_ocsp_process_response.3
+dist_man3_MANS += tls_read.3
+dist_man5_MANS += openssl.cnf.5
+dist_man5_MANS += x509v3.cnf.5
+install-data-hook:
+	ln -sf "ACCESS_DESCRIPTION_new.3" "$(DESTDIR)$(mandir)/man3/ACCESS_DESCRIPTION_free.3"
+	ln -sf "ACCESS_DESCRIPTION_new.3" "$(DESTDIR)$(mandir)/man3/AUTHORITY_INFO_ACCESS_free.3"
+	ln -sf "ACCESS_DESCRIPTION_new.3" "$(DESTDIR)$(mandir)/man3/AUTHORITY_INFO_ACCESS_new.3"
+	ln -sf "AES_encrypt.3" "$(DESTDIR)$(mandir)/man3/AES_cbc_encrypt.3"
+	ln -sf "AES_encrypt.3" "$(DESTDIR)$(mandir)/man3/AES_decrypt.3"
+	ln -sf "AES_encrypt.3" "$(DESTDIR)$(mandir)/man3/AES_set_decrypt_key.3"
+	ln -sf "AES_encrypt.3" "$(DESTDIR)$(mandir)/man3/AES_set_encrypt_key.3"
+	ln -sf "ASN1_INTEGER_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_ENUMERATED_get.3"
+	ln -sf "ASN1_INTEGER_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_ENUMERATED_set.3"
+	ln -sf "ASN1_INTEGER_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_ENUMERATED_to_BN.3"
+	ln -sf "ASN1_INTEGER_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_INTEGER_set.3"
+	ln -sf "ASN1_INTEGER_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_INTEGER_to_BN.3"
+	ln -sf "ASN1_INTEGER_get.3" "$(DESTDIR)$(mandir)/man3/BN_to_ASN1_ENUMERATED.3"
+	ln -sf "ASN1_INTEGER_get.3" "$(DESTDIR)$(mandir)/man3/BN_to_ASN1_INTEGER.3"
+	ln -sf "ASN1_INTEGER_get.3" "$(DESTDIR)$(mandir)/man3/i2a_ASN1_INTEGER.3"
+	ln -sf "ASN1_OBJECT_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_OBJECT_free.3"
+	ln -sf "ASN1_STRING_TABLE_add.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_TABLE_cleanup.3"
+	ln -sf "ASN1_STRING_TABLE_add.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_TABLE_get.3"
+	ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_OCTET_STRING_cmp.3"
+	ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_OCTET_STRING_dup.3"
+	ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_OCTET_STRING_set.3"
+	ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_cmp.3"
+	ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_data.3"
+	ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_dup.3"
+	ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_get0_data.3"
+	ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_length_set.3"
+	ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_set.3"
+	ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_to_UTF8.3"
+	ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_type.3"
+	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_BIT_STRING_free.3"
+	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_BIT_STRING_new.3"
+	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_BMPSTRING_free.3"
+	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_BMPSTRING_new.3"
+	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_ENUMERATED_free.3"
+	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_ENUMERATED_new.3"
+	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_GENERALIZEDTIME_free.3"
+	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_GENERALIZEDTIME_new.3"
+	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_GENERALSTRING_free.3"
+	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_GENERALSTRING_new.3"
+	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_IA5STRING_free.3"
+	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_IA5STRING_new.3"
+	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_INTEGER_free.3"
+	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_INTEGER_new.3"
+	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_OCTET_STRING_free.3"
+	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_OCTET_STRING_new.3"
+	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_PRINTABLESTRING_free.3"
+	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_PRINTABLESTRING_new.3"
+	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_PRINTABLE_free.3"
+	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_PRINTABLE_new.3"
+	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_free.3"
+	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_type_new.3"
+	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_T61STRING_free.3"
+	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_T61STRING_new.3"
+	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_TIME_free.3"
+	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_TIME_new.3"
+	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_UNIVERSALSTRING_free.3"
+	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_UNIVERSALSTRING_new.3"
+	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_UTCTIME_free.3"
+	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_UTCTIME_new.3"
+	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_UTF8STRING_free.3"
+	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_UTF8STRING_new.3"
+	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_VISIBLESTRING_free.3"
+	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_VISIBLESTRING_new.3"
+	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/DIRECTORYSTRING_free.3"
+	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/DIRECTORYSTRING_new.3"
+	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/DISPLAYTEXT_free.3"
+	ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/DISPLAYTEXT_new.3"
+	ln -sf "ASN1_STRING_print_ex.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_print.3"
+	ln -sf "ASN1_STRING_print_ex.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_print_ex_fp.3"
+	ln -sf "ASN1_STRING_print_ex.3" "$(DESTDIR)$(mandir)/man3/ASN1_tag2str.3"
+	ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_GENERALIZEDTIME_adj.3"
+	ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_GENERALIZEDTIME_check.3"
+	ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_GENERALIZEDTIME_print.3"
+	ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_GENERALIZEDTIME_set.3"
+	ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_GENERALIZEDTIME_set_string.3"
+	ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_TIME_adj.3"
+	ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_TIME_check.3"
+	ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_TIME_print.3"
+	ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_TIME_set_string.3"
+	ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_TIME_to_generalizedtime.3"
+	ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_UTCTIME_adj.3"
+	ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_UTCTIME_check.3"
+	ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_UTCTIME_cmp_time_t.3"
+	ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_UTCTIME_print.3"
+	ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_UTCTIME_set.3"
+	ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_UTCTIME_set_string.3"
+	ln -sf "ASN1_TYPE_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_cmp.3"
+	ln -sf "ASN1_TYPE_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_free.3"
+	ln -sf "ASN1_TYPE_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_new.3"
+	ln -sf "ASN1_TYPE_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_set.3"
+	ln -sf "ASN1_TYPE_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_set1.3"
+	ln -sf "ASN1_generate_nconf.3" "$(DESTDIR)$(mandir)/man3/ASN1_generate_v3.3"
+	ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/ASN1_item_d2i_bio.3"
+	ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/ASN1_item_d2i_fp.3"
+	ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/ASN1_item_dup.3"
+	ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/ASN1_item_i2d.3"
+	ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/ASN1_item_i2d_bio.3"
+	ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/ASN1_item_i2d_fp.3"
+	ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/ASN1_item_print.3"
+	ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_TYPE.3"
+	ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_TYPE.3"
+	ln -sf "ASN1_item_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_item_free.3"
+	ln -sf "ASN1_put_object.3" "$(DESTDIR)$(mandir)/man3/ASN1_put_eoc.3"
+	ln -sf "ASN1_time_parse.3" "$(DESTDIR)$(mandir)/man3/ASN1_TIME_set_tm.3"
+	ln -sf "ASN1_time_parse.3" "$(DESTDIR)$(mandir)/man3/ASN1_time_tm_cmp.3"
+	ln -sf "AUTHORITY_KEYID_new.3" "$(DESTDIR)$(mandir)/man3/AUTHORITY_KEYID_free.3"
+	ln -sf "BASIC_CONSTRAINTS_new.3" "$(DESTDIR)$(mandir)/man3/BASIC_CONSTRAINTS_free.3"
+	ln -sf "BF_set_key.3" "$(DESTDIR)$(mandir)/man3/BF_cbc_encrypt.3"
+	ln -sf "BF_set_key.3" "$(DESTDIR)$(mandir)/man3/BF_cfb64_encrypt.3"
+	ln -sf "BF_set_key.3" "$(DESTDIR)$(mandir)/man3/BF_decrypt.3"
+	ln -sf "BF_set_key.3" "$(DESTDIR)$(mandir)/man3/BF_ecb_encrypt.3"
+	ln -sf "BF_set_key.3" "$(DESTDIR)$(mandir)/man3/BF_encrypt.3"
+	ln -sf "BF_set_key.3" "$(DESTDIR)$(mandir)/man3/BF_ofb64_encrypt.3"
+	ln -sf "BF_set_key.3" "$(DESTDIR)$(mandir)/man3/BF_options.3"
+	ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_callback_ctrl.3"
+	ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_ctrl_pending.3"
+	ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_ctrl_wpending.3"
+	ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_eof.3"
+	ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_flush.3"
+	ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_get_close.3"
+	ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_get_info_callback.3"
+	ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_int_ctrl.3"
+	ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_pending.3"
+	ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_ptr_ctrl.3"
+	ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_reset.3"
+	ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_seek.3"
+	ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_set_close.3"
+	ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_set_info_callback.3"
+	ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_tell.3"
+	ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_wpending.3"
+	ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/bio_info_cb.3"
+	ln -sf "BIO_f_buffer.3" "$(DESTDIR)$(mandir)/man3/BIO_get_buffer_num_lines.3"
+	ln -sf "BIO_f_buffer.3" "$(DESTDIR)$(mandir)/man3/BIO_set_buffer_read_data.3"
+	ln -sf "BIO_f_buffer.3" "$(DESTDIR)$(mandir)/man3/BIO_set_buffer_size.3"
+	ln -sf "BIO_f_buffer.3" "$(DESTDIR)$(mandir)/man3/BIO_set_read_buffer_size.3"
+	ln -sf "BIO_f_buffer.3" "$(DESTDIR)$(mandir)/man3/BIO_set_write_buffer_size.3"
+	ln -sf "BIO_f_cipher.3" "$(DESTDIR)$(mandir)/man3/BIO_get_cipher_ctx.3"
+	ln -sf "BIO_f_cipher.3" "$(DESTDIR)$(mandir)/man3/BIO_get_cipher_status.3"
+	ln -sf "BIO_f_cipher.3" "$(DESTDIR)$(mandir)/man3/BIO_set_cipher.3"
+	ln -sf "BIO_f_md.3" "$(DESTDIR)$(mandir)/man3/BIO_get_md.3"
+	ln -sf "BIO_f_md.3" "$(DESTDIR)$(mandir)/man3/BIO_get_md_ctx.3"
+	ln -sf "BIO_f_md.3" "$(DESTDIR)$(mandir)/man3/BIO_set_md.3"
+	ln -sf "BIO_f_ssl.3" "$(DESTDIR)$(mandir)/man3/BIO_do_handshake.3"
+	ln -sf "BIO_f_ssl.3" "$(DESTDIR)$(mandir)/man3/BIO_get_num_renegotiates.3"
+	ln -sf "BIO_f_ssl.3" "$(DESTDIR)$(mandir)/man3/BIO_get_ssl.3"
+	ln -sf "BIO_f_ssl.3" "$(DESTDIR)$(mandir)/man3/BIO_new_buffer_ssl_connect.3"
+	ln -sf "BIO_f_ssl.3" "$(DESTDIR)$(mandir)/man3/BIO_new_ssl.3"
+	ln -sf "BIO_f_ssl.3" "$(DESTDIR)$(mandir)/man3/BIO_new_ssl_connect.3"
+	ln -sf "BIO_f_ssl.3" "$(DESTDIR)$(mandir)/man3/BIO_set_ssl.3"
+	ln -sf "BIO_f_ssl.3" "$(DESTDIR)$(mandir)/man3/BIO_set_ssl_mode.3"
+	ln -sf "BIO_f_ssl.3" "$(DESTDIR)$(mandir)/man3/BIO_set_ssl_renegotiate_bytes.3"
+	ln -sf "BIO_f_ssl.3" "$(DESTDIR)$(mandir)/man3/BIO_set_ssl_renegotiate_timeout.3"
+	ln -sf "BIO_f_ssl.3" "$(DESTDIR)$(mandir)/man3/BIO_ssl_copy_session_id.3"
+	ln -sf "BIO_f_ssl.3" "$(DESTDIR)$(mandir)/man3/BIO_ssl_shutdown.3"
+	ln -sf "BIO_find_type.3" "$(DESTDIR)$(mandir)/man3/BIO_method_type.3"
+	ln -sf "BIO_find_type.3" "$(DESTDIR)$(mandir)/man3/BIO_next.3"
+	ln -sf "BIO_get_data.3" "$(DESTDIR)$(mandir)/man3/BIO_get_shutdown.3"
+	ln -sf "BIO_get_data.3" "$(DESTDIR)$(mandir)/man3/BIO_set_data.3"
+	ln -sf "BIO_get_data.3" "$(DESTDIR)$(mandir)/man3/BIO_set_init.3"
+	ln -sf "BIO_get_data.3" "$(DESTDIR)$(mandir)/man3/BIO_set_shutdown.3"
+	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/BIO_get_ex_data.3"
+	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/BIO_set_ex_data.3"
+	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/ECDH_get_ex_data.3"
+	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/ECDH_get_ex_new_index.3"
+	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/ECDH_set_ex_data.3"
+	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/ECDSA_get_ex_data.3"
+	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/ECDSA_get_ex_new_index.3"
+	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/ECDSA_set_ex_data.3"
+	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_get_ex_data.3"
+	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_get_ex_new_index.3"
+	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_set_ex_data.3"
+	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_ex_data.3"
+	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_ex_new_index.3"
+	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_ex_data.3"
+	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/TYPE_get_ex_data.3"
+	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/TYPE_get_ex_new_index.3"
+	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/TYPE_set_ex_data.3"
+	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/UI_get_ex_data.3"
+	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/UI_get_ex_new_index.3"
+	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/UI_set_ex_data.3"
+	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/X509_get_ex_data.3"
+	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/X509_get_ex_new_index.3"
+	ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/X509_set_ex_data.3"
+	ln -sf "BIO_meth_new.3" "$(DESTDIR)$(mandir)/man3/BIO_get_new_index.3"
+	ln -sf "BIO_meth_new.3" "$(DESTDIR)$(mandir)/man3/BIO_meth_free.3"
+	ln -sf "BIO_meth_new.3" "$(DESTDIR)$(mandir)/man3/BIO_meth_get_callback_ctrl.3"
+	ln -sf "BIO_meth_new.3" "$(DESTDIR)$(mandir)/man3/BIO_meth_get_create.3"
+	ln -sf "BIO_meth_new.3" "$(DESTDIR)$(mandir)/man3/BIO_meth_get_ctrl.3"
+	ln -sf "BIO_meth_new.3" "$(DESTDIR)$(mandir)/man3/BIO_meth_get_destroy.3"
+	ln -sf "BIO_meth_new.3" "$(DESTDIR)$(mandir)/man3/BIO_meth_get_gets.3"
+	ln -sf "BIO_meth_new.3" "$(DESTDIR)$(mandir)/man3/BIO_meth_get_puts.3"
+	ln -sf "BIO_meth_new.3" "$(DESTDIR)$(mandir)/man3/BIO_meth_get_read.3"
+	ln -sf "BIO_meth_new.3" "$(DESTDIR)$(mandir)/man3/BIO_meth_get_write.3"
+	ln -sf "BIO_meth_new.3" "$(DESTDIR)$(mandir)/man3/BIO_meth_set_callback_ctrl.3"
+	ln -sf "BIO_meth_new.3" "$(DESTDIR)$(mandir)/man3/BIO_meth_set_create.3"
+	ln -sf "BIO_meth_new.3" "$(DESTDIR)$(mandir)/man3/BIO_meth_set_ctrl.3"
+	ln -sf "BIO_meth_new.3" "$(DESTDIR)$(mandir)/man3/BIO_meth_set_destroy.3"
+	ln -sf "BIO_meth_new.3" "$(DESTDIR)$(mandir)/man3/BIO_meth_set_gets.3"
+	ln -sf "BIO_meth_new.3" "$(DESTDIR)$(mandir)/man3/BIO_meth_set_puts.3"
+	ln -sf "BIO_meth_new.3" "$(DESTDIR)$(mandir)/man3/BIO_meth_set_read.3"
+	ln -sf "BIO_meth_new.3" "$(DESTDIR)$(mandir)/man3/BIO_meth_set_write.3"
+	ln -sf "BIO_new.3" "$(DESTDIR)$(mandir)/man3/BIO_free.3"
+	ln -sf "BIO_new.3" "$(DESTDIR)$(mandir)/man3/BIO_free_all.3"
+	ln -sf "BIO_new.3" "$(DESTDIR)$(mandir)/man3/BIO_set.3"
+	ln -sf "BIO_new.3" "$(DESTDIR)$(mandir)/man3/BIO_up_ref.3"
+	ln -sf "BIO_new.3" "$(DESTDIR)$(mandir)/man3/BIO_vfree.3"
+	ln -sf "BIO_printf.3" "$(DESTDIR)$(mandir)/man3/BIO_snprintf.3"
+	ln -sf "BIO_printf.3" "$(DESTDIR)$(mandir)/man3/BIO_vprintf.3"
+	ln -sf "BIO_printf.3" "$(DESTDIR)$(mandir)/man3/BIO_vsnprintf.3"
+	ln -sf "BIO_push.3" "$(DESTDIR)$(mandir)/man3/BIO_pop.3"
+	ln -sf "BIO_read.3" "$(DESTDIR)$(mandir)/man3/BIO_gets.3"
+	ln -sf "BIO_read.3" "$(DESTDIR)$(mandir)/man3/BIO_puts.3"
+	ln -sf "BIO_read.3" "$(DESTDIR)$(mandir)/man3/BIO_write.3"
+	ln -sf "BIO_s_accept.3" "$(DESTDIR)$(mandir)/man3/BIO_do_accept.3"
+	ln -sf "BIO_s_accept.3" "$(DESTDIR)$(mandir)/man3/BIO_get_accept_port.3"
+	ln -sf "BIO_s_accept.3" "$(DESTDIR)$(mandir)/man3/BIO_get_bind_mode.3"
+	ln -sf "BIO_s_accept.3" "$(DESTDIR)$(mandir)/man3/BIO_new_accept.3"
+	ln -sf "BIO_s_accept.3" "$(DESTDIR)$(mandir)/man3/BIO_set_accept_bios.3"
+	ln -sf "BIO_s_accept.3" "$(DESTDIR)$(mandir)/man3/BIO_set_accept_port.3"
+	ln -sf "BIO_s_accept.3" "$(DESTDIR)$(mandir)/man3/BIO_set_bind_mode.3"
+	ln -sf "BIO_s_accept.3" "$(DESTDIR)$(mandir)/man3/BIO_set_nbio_accept.3"
+	ln -sf "BIO_s_bio.3" "$(DESTDIR)$(mandir)/man3/BIO_ctrl_get_read_request.3"
+	ln -sf "BIO_s_bio.3" "$(DESTDIR)$(mandir)/man3/BIO_ctrl_get_write_guarantee.3"
+	ln -sf "BIO_s_bio.3" "$(DESTDIR)$(mandir)/man3/BIO_ctrl_reset_read_request.3"
+	ln -sf "BIO_s_bio.3" "$(DESTDIR)$(mandir)/man3/BIO_destroy_bio_pair.3"
+	ln -sf "BIO_s_bio.3" "$(DESTDIR)$(mandir)/man3/BIO_get_read_request.3"
+	ln -sf "BIO_s_bio.3" "$(DESTDIR)$(mandir)/man3/BIO_get_write_buf_size.3"
+	ln -sf "BIO_s_bio.3" "$(DESTDIR)$(mandir)/man3/BIO_get_write_guarantee.3"
+	ln -sf "BIO_s_bio.3" "$(DESTDIR)$(mandir)/man3/BIO_make_bio_pair.3"
+	ln -sf "BIO_s_bio.3" "$(DESTDIR)$(mandir)/man3/BIO_new_bio_pair.3"
+	ln -sf "BIO_s_bio.3" "$(DESTDIR)$(mandir)/man3/BIO_set_write_buf_size.3"
+	ln -sf "BIO_s_bio.3" "$(DESTDIR)$(mandir)/man3/BIO_shutdown_wr.3"
+	ln -sf "BIO_s_connect.3" "$(DESTDIR)$(mandir)/man3/BIO_do_connect.3"
+	ln -sf "BIO_s_connect.3" "$(DESTDIR)$(mandir)/man3/BIO_get_conn_hostname.3"
+	ln -sf "BIO_s_connect.3" "$(DESTDIR)$(mandir)/man3/BIO_get_conn_int_port.3"
+	ln -sf "BIO_s_connect.3" "$(DESTDIR)$(mandir)/man3/BIO_get_conn_ip.3"
+	ln -sf "BIO_s_connect.3" "$(DESTDIR)$(mandir)/man3/BIO_get_conn_port.3"
+	ln -sf "BIO_s_connect.3" "$(DESTDIR)$(mandir)/man3/BIO_new_connect.3"
+	ln -sf "BIO_s_connect.3" "$(DESTDIR)$(mandir)/man3/BIO_set_conn_hostname.3"
+	ln -sf "BIO_s_connect.3" "$(DESTDIR)$(mandir)/man3/BIO_set_conn_int_port.3"
+	ln -sf "BIO_s_connect.3" "$(DESTDIR)$(mandir)/man3/BIO_set_conn_ip.3"
+	ln -sf "BIO_s_connect.3" "$(DESTDIR)$(mandir)/man3/BIO_set_conn_port.3"
+	ln -sf "BIO_s_connect.3" "$(DESTDIR)$(mandir)/man3/BIO_set_nbio.3"
+	ln -sf "BIO_s_fd.3" "$(DESTDIR)$(mandir)/man3/BIO_get_fd.3"
+	ln -sf "BIO_s_fd.3" "$(DESTDIR)$(mandir)/man3/BIO_new_fd.3"
+	ln -sf "BIO_s_fd.3" "$(DESTDIR)$(mandir)/man3/BIO_set_fd.3"
+	ln -sf "BIO_s_file.3" "$(DESTDIR)$(mandir)/man3/BIO_append_filename.3"
+	ln -sf "BIO_s_file.3" "$(DESTDIR)$(mandir)/man3/BIO_get_fp.3"
+	ln -sf "BIO_s_file.3" "$(DESTDIR)$(mandir)/man3/BIO_new_file.3"
+	ln -sf "BIO_s_file.3" "$(DESTDIR)$(mandir)/man3/BIO_new_fp.3"
+	ln -sf "BIO_s_file.3" "$(DESTDIR)$(mandir)/man3/BIO_read_filename.3"
+	ln -sf "BIO_s_file.3" "$(DESTDIR)$(mandir)/man3/BIO_rw_filename.3"
+	ln -sf "BIO_s_file.3" "$(DESTDIR)$(mandir)/man3/BIO_set_fp.3"
+	ln -sf "BIO_s_file.3" "$(DESTDIR)$(mandir)/man3/BIO_write_filename.3"
+	ln -sf "BIO_s_mem.3" "$(DESTDIR)$(mandir)/man3/BIO_get_mem_data.3"
+	ln -sf "BIO_s_mem.3" "$(DESTDIR)$(mandir)/man3/BIO_get_mem_ptr.3"
+	ln -sf "BIO_s_mem.3" "$(DESTDIR)$(mandir)/man3/BIO_new_mem_buf.3"
+	ln -sf "BIO_s_mem.3" "$(DESTDIR)$(mandir)/man3/BIO_set_mem_buf.3"
+	ln -sf "BIO_s_mem.3" "$(DESTDIR)$(mandir)/man3/BIO_set_mem_eof_return.3"
+	ln -sf "BIO_s_socket.3" "$(DESTDIR)$(mandir)/man3/BIO_new_socket.3"
+	ln -sf "BIO_set_callback.3" "$(DESTDIR)$(mandir)/man3/BIO_callback_fn.3"
+	ln -sf "BIO_set_callback.3" "$(DESTDIR)$(mandir)/man3/BIO_debug_callback.3"
+	ln -sf "BIO_set_callback.3" "$(DESTDIR)$(mandir)/man3/BIO_get_callback.3"
+	ln -sf "BIO_set_callback.3" "$(DESTDIR)$(mandir)/man3/BIO_get_callback_arg.3"
+	ln -sf "BIO_set_callback.3" "$(DESTDIR)$(mandir)/man3/BIO_set_callback_arg.3"
+	ln -sf "BIO_should_retry.3" "$(DESTDIR)$(mandir)/man3/BIO_get_retry_BIO.3"
+	ln -sf "BIO_should_retry.3" "$(DESTDIR)$(mandir)/man3/BIO_get_retry_reason.3"
+	ln -sf "BIO_should_retry.3" "$(DESTDIR)$(mandir)/man3/BIO_retry_type.3"
+	ln -sf "BIO_should_retry.3" "$(DESTDIR)$(mandir)/man3/BIO_should_io_special.3"
+	ln -sf "BIO_should_retry.3" "$(DESTDIR)$(mandir)/man3/BIO_should_read.3"
+	ln -sf "BIO_should_retry.3" "$(DESTDIR)$(mandir)/man3/BIO_should_write.3"
+	ln -sf "BN_BLINDING_new.3" "$(DESTDIR)$(mandir)/man3/BN_BLINDING_convert.3"
+	ln -sf "BN_BLINDING_new.3" "$(DESTDIR)$(mandir)/man3/BN_BLINDING_convert_ex.3"
+	ln -sf "BN_BLINDING_new.3" "$(DESTDIR)$(mandir)/man3/BN_BLINDING_create_param.3"
+	ln -sf "BN_BLINDING_new.3" "$(DESTDIR)$(mandir)/man3/BN_BLINDING_free.3"
+	ln -sf "BN_BLINDING_new.3" "$(DESTDIR)$(mandir)/man3/BN_BLINDING_get_flags.3"
+	ln -sf "BN_BLINDING_new.3" "$(DESTDIR)$(mandir)/man3/BN_BLINDING_get_thread_id.3"
+	ln -sf "BN_BLINDING_new.3" "$(DESTDIR)$(mandir)/man3/BN_BLINDING_invert.3"
+	ln -sf "BN_BLINDING_new.3" "$(DESTDIR)$(mandir)/man3/BN_BLINDING_invert_ex.3"
+	ln -sf "BN_BLINDING_new.3" "$(DESTDIR)$(mandir)/man3/BN_BLINDING_set_flags.3"
+	ln -sf "BN_BLINDING_new.3" "$(DESTDIR)$(mandir)/man3/BN_BLINDING_set_thread_id.3"
+	ln -sf "BN_BLINDING_new.3" "$(DESTDIR)$(mandir)/man3/BN_BLINDING_thread_id.3"
+	ln -sf "BN_BLINDING_new.3" "$(DESTDIR)$(mandir)/man3/BN_BLINDING_update.3"
+	ln -sf "BN_CTX_new.3" "$(DESTDIR)$(mandir)/man3/BN_CTX_free.3"
+	ln -sf "BN_CTX_new.3" "$(DESTDIR)$(mandir)/man3/BN_CTX_init.3"
+	ln -sf "BN_CTX_start.3" "$(DESTDIR)$(mandir)/man3/BN_CTX_end.3"
+	ln -sf "BN_CTX_start.3" "$(DESTDIR)$(mandir)/man3/BN_CTX_get.3"
+	ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_div.3"
+	ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_exp.3"
+	ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_gcd.3"
+	ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_mod.3"
+	ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_mod_add.3"
+	ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_mod_exp.3"
+	ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_mod_mul.3"
+	ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_mod_sqr.3"
+	ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_mod_sub.3"
+	ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_mul.3"
+	ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_nnmod.3"
+	ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_sqr.3"
+	ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_sub.3"
+	ln -sf "BN_add_word.3" "$(DESTDIR)$(mandir)/man3/BN_div_word.3"
+	ln -sf "BN_add_word.3" "$(DESTDIR)$(mandir)/man3/BN_mod_word.3"
+	ln -sf "BN_add_word.3" "$(DESTDIR)$(mandir)/man3/BN_mul_word.3"
+	ln -sf "BN_add_word.3" "$(DESTDIR)$(mandir)/man3/BN_sub_word.3"
+	ln -sf "BN_bn2bin.3" "$(DESTDIR)$(mandir)/man3/BN_asc2bn.3"
+	ln -sf "BN_bn2bin.3" "$(DESTDIR)$(mandir)/man3/BN_bin2bn.3"
+	ln -sf "BN_bn2bin.3" "$(DESTDIR)$(mandir)/man3/BN_bn2dec.3"
+	ln -sf "BN_bn2bin.3" "$(DESTDIR)$(mandir)/man3/BN_bn2hex.3"
+	ln -sf "BN_bn2bin.3" "$(DESTDIR)$(mandir)/man3/BN_bn2mpi.3"
+	ln -sf "BN_bn2bin.3" "$(DESTDIR)$(mandir)/man3/BN_dec2bn.3"
+	ln -sf "BN_bn2bin.3" "$(DESTDIR)$(mandir)/man3/BN_hex2bn.3"
+	ln -sf "BN_bn2bin.3" "$(DESTDIR)$(mandir)/man3/BN_mpi2bn.3"
+	ln -sf "BN_bn2bin.3" "$(DESTDIR)$(mandir)/man3/BN_print.3"
+	ln -sf "BN_bn2bin.3" "$(DESTDIR)$(mandir)/man3/BN_print_fp.3"
+	ln -sf "BN_cmp.3" "$(DESTDIR)$(mandir)/man3/BN_is_odd.3"
+	ln -sf "BN_cmp.3" "$(DESTDIR)$(mandir)/man3/BN_is_one.3"
+	ln -sf "BN_cmp.3" "$(DESTDIR)$(mandir)/man3/BN_is_word.3"
+	ln -sf "BN_cmp.3" "$(DESTDIR)$(mandir)/man3/BN_is_zero.3"
+	ln -sf "BN_cmp.3" "$(DESTDIR)$(mandir)/man3/BN_ucmp.3"
+	ln -sf "BN_copy.3" "$(DESTDIR)$(mandir)/man3/BN_dup.3"
+	ln -sf "BN_copy.3" "$(DESTDIR)$(mandir)/man3/BN_with_flags.3"
+	ln -sf "BN_generate_prime.3" "$(DESTDIR)$(mandir)/man3/BN_GENCB_call.3"
+	ln -sf "BN_generate_prime.3" "$(DESTDIR)$(mandir)/man3/BN_GENCB_free.3"
+	ln -sf "BN_generate_prime.3" "$(DESTDIR)$(mandir)/man3/BN_GENCB_get_arg.3"
+	ln -sf "BN_generate_prime.3" "$(DESTDIR)$(mandir)/man3/BN_GENCB_new.3"
+	ln -sf "BN_generate_prime.3" "$(DESTDIR)$(mandir)/man3/BN_GENCB_set.3"
+	ln -sf "BN_generate_prime.3" "$(DESTDIR)$(mandir)/man3/BN_GENCB_set_old.3"
+	ln -sf "BN_generate_prime.3" "$(DESTDIR)$(mandir)/man3/BN_generate_prime_ex.3"
+	ln -sf "BN_generate_prime.3" "$(DESTDIR)$(mandir)/man3/BN_is_prime.3"
+	ln -sf "BN_generate_prime.3" "$(DESTDIR)$(mandir)/man3/BN_is_prime_ex.3"
+	ln -sf "BN_generate_prime.3" "$(DESTDIR)$(mandir)/man3/BN_is_prime_fasttest.3"
+	ln -sf "BN_generate_prime.3" "$(DESTDIR)$(mandir)/man3/BN_is_prime_fasttest_ex.3"
+	ln -sf "BN_get0_nist_prime_521.3" "$(DESTDIR)$(mandir)/man3/BN_get0_nist_prime_192.3"
+	ln -sf "BN_get0_nist_prime_521.3" "$(DESTDIR)$(mandir)/man3/BN_get0_nist_prime_224.3"
+	ln -sf "BN_get0_nist_prime_521.3" "$(DESTDIR)$(mandir)/man3/BN_get0_nist_prime_256.3"
+	ln -sf "BN_get0_nist_prime_521.3" "$(DESTDIR)$(mandir)/man3/BN_get0_nist_prime_384.3"
+	ln -sf "BN_mod_mul_montgomery.3" "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_copy.3"
+	ln -sf "BN_mod_mul_montgomery.3" "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_free.3"
+	ln -sf "BN_mod_mul_montgomery.3" "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_init.3"
+	ln -sf "BN_mod_mul_montgomery.3" "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_new.3"
+	ln -sf "BN_mod_mul_montgomery.3" "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_set.3"
+	ln -sf "BN_mod_mul_montgomery.3" "$(DESTDIR)$(mandir)/man3/BN_from_montgomery.3"
+	ln -sf "BN_mod_mul_montgomery.3" "$(DESTDIR)$(mandir)/man3/BN_to_montgomery.3"
+	ln -sf "BN_mod_mul_reciprocal.3" "$(DESTDIR)$(mandir)/man3/BN_RECP_CTX_free.3"
+	ln -sf "BN_mod_mul_reciprocal.3" "$(DESTDIR)$(mandir)/man3/BN_RECP_CTX_init.3"
+	ln -sf "BN_mod_mul_reciprocal.3" "$(DESTDIR)$(mandir)/man3/BN_RECP_CTX_new.3"
+	ln -sf "BN_mod_mul_reciprocal.3" "$(DESTDIR)$(mandir)/man3/BN_RECP_CTX_set.3"
+	ln -sf "BN_mod_mul_reciprocal.3" "$(DESTDIR)$(mandir)/man3/BN_div_recp.3"
+	ln -sf "BN_new.3" "$(DESTDIR)$(mandir)/man3/BN_clear.3"
+	ln -sf "BN_new.3" "$(DESTDIR)$(mandir)/man3/BN_clear_free.3"
+	ln -sf "BN_new.3" "$(DESTDIR)$(mandir)/man3/BN_free.3"
+	ln -sf "BN_new.3" "$(DESTDIR)$(mandir)/man3/BN_init.3"
+	ln -sf "BN_num_bytes.3" "$(DESTDIR)$(mandir)/man3/BN_num_bits.3"
+	ln -sf "BN_num_bytes.3" "$(DESTDIR)$(mandir)/man3/BN_num_bits_word.3"
+	ln -sf "BN_rand.3" "$(DESTDIR)$(mandir)/man3/BN_pseudo_rand.3"
+	ln -sf "BN_rand.3" "$(DESTDIR)$(mandir)/man3/BN_pseudo_rand_range.3"
+	ln -sf "BN_rand.3" "$(DESTDIR)$(mandir)/man3/BN_rand_range.3"
+	ln -sf "BN_set_bit.3" "$(DESTDIR)$(mandir)/man3/BN_clear_bit.3"
+	ln -sf "BN_set_bit.3" "$(DESTDIR)$(mandir)/man3/BN_is_bit_set.3"
+	ln -sf "BN_set_bit.3" "$(DESTDIR)$(mandir)/man3/BN_lshift.3"
+	ln -sf "BN_set_bit.3" "$(DESTDIR)$(mandir)/man3/BN_lshift1.3"
+	ln -sf "BN_set_bit.3" "$(DESTDIR)$(mandir)/man3/BN_mask_bits.3"
+	ln -sf "BN_set_bit.3" "$(DESTDIR)$(mandir)/man3/BN_rshift.3"
+	ln -sf "BN_set_bit.3" "$(DESTDIR)$(mandir)/man3/BN_rshift1.3"
+	ln -sf "BN_set_flags.3" "$(DESTDIR)$(mandir)/man3/BN_get_flags.3"
+	ln -sf "BN_set_negative.3" "$(DESTDIR)$(mandir)/man3/BN_is_negative.3"
+	ln -sf "BN_zero.3" "$(DESTDIR)$(mandir)/man3/BN_get_word.3"
+	ln -sf "BN_zero.3" "$(DESTDIR)$(mandir)/man3/BN_one.3"
+	ln -sf "BN_zero.3" "$(DESTDIR)$(mandir)/man3/BN_set_word.3"
+	ln -sf "BN_zero.3" "$(DESTDIR)$(mandir)/man3/BN_value_one.3"
+	ln -sf "BUF_MEM_new.3" "$(DESTDIR)$(mandir)/man3/BUF_MEM_free.3"
+	ln -sf "BUF_MEM_new.3" "$(DESTDIR)$(mandir)/man3/BUF_MEM_grow.3"
+	ln -sf "BUF_MEM_new.3" "$(DESTDIR)$(mandir)/man3/BUF_MEM_grow_clean.3"
+	ln -sf "BUF_MEM_new.3" "$(DESTDIR)$(mandir)/man3/BUF_reverse.3"
+	ln -sf "BUF_MEM_new.3" "$(DESTDIR)$(mandir)/man3/BUF_strdup.3"
+	ln -sf "CMS_ContentInfo_new.3" "$(DESTDIR)$(mandir)/man3/CMS_ContentInfo_free.3"
+	ln -sf "CMS_ContentInfo_new.3" "$(DESTDIR)$(mandir)/man3/CMS_ContentInfo_print_ctx.3"
+	ln -sf "CMS_ContentInfo_new.3" "$(DESTDIR)$(mandir)/man3/CMS_ReceiptRequest_free.3"
+	ln -sf "CMS_ContentInfo_new.3" "$(DESTDIR)$(mandir)/man3/CMS_ReceiptRequest_new.3"
+	ln -sf "CMS_add0_cert.3" "$(DESTDIR)$(mandir)/man3/CMS_add0_crl.3"
+	ln -sf "CMS_add0_cert.3" "$(DESTDIR)$(mandir)/man3/CMS_add1_cert.3"
+	ln -sf "CMS_add0_cert.3" "$(DESTDIR)$(mandir)/man3/CMS_add1_crl.3"
+	ln -sf "CMS_add0_cert.3" "$(DESTDIR)$(mandir)/man3/CMS_get1_certs.3"
+	ln -sf "CMS_add0_cert.3" "$(DESTDIR)$(mandir)/man3/CMS_get1_crls.3"
+	ln -sf "CMS_add1_recipient_cert.3" "$(DESTDIR)$(mandir)/man3/CMS_add0_recipient_key.3"
+	ln -sf "CMS_add1_signer.3" "$(DESTDIR)$(mandir)/man3/CMS_SignerInfo_sign.3"
+	ln -sf "CMS_decrypt.3" "$(DESTDIR)$(mandir)/man3/CMS_decrypt_set1_key.3"
+	ln -sf "CMS_decrypt.3" "$(DESTDIR)$(mandir)/man3/CMS_decrypt_set1_pkey.3"
+	ln -sf "CMS_get0_RecipientInfos.3" "$(DESTDIR)$(mandir)/man3/CMS_RecipientInfo_decrypt.3"
+	ln -sf "CMS_get0_RecipientInfos.3" "$(DESTDIR)$(mandir)/man3/CMS_RecipientInfo_encrypt.3"
+	ln -sf "CMS_get0_RecipientInfos.3" "$(DESTDIR)$(mandir)/man3/CMS_RecipientInfo_kekri_get0_id.3"
+	ln -sf "CMS_get0_RecipientInfos.3" "$(DESTDIR)$(mandir)/man3/CMS_RecipientInfo_kekri_id_cmp.3"
+	ln -sf "CMS_get0_RecipientInfos.3" "$(DESTDIR)$(mandir)/man3/CMS_RecipientInfo_ktri_cert_cmp.3"
+	ln -sf "CMS_get0_RecipientInfos.3" "$(DESTDIR)$(mandir)/man3/CMS_RecipientInfo_ktri_get0_signer_id.3"
+	ln -sf "CMS_get0_RecipientInfos.3" "$(DESTDIR)$(mandir)/man3/CMS_RecipientInfo_set0_key.3"
+	ln -sf "CMS_get0_RecipientInfos.3" "$(DESTDIR)$(mandir)/man3/CMS_RecipientInfo_set0_pkey.3"
+	ln -sf "CMS_get0_RecipientInfos.3" "$(DESTDIR)$(mandir)/man3/CMS_RecipientInfo_type.3"
+	ln -sf "CMS_get0_SignerInfos.3" "$(DESTDIR)$(mandir)/man3/CMS_SignerInfo_cert_cmp.3"
+	ln -sf "CMS_get0_SignerInfos.3" "$(DESTDIR)$(mandir)/man3/CMS_SignerInfo_get0_signature.3"
+	ln -sf "CMS_get0_SignerInfos.3" "$(DESTDIR)$(mandir)/man3/CMS_SignerInfo_get0_signer_id.3"
+	ln -sf "CMS_get0_SignerInfos.3" "$(DESTDIR)$(mandir)/man3/CMS_SignerInfo_set1_signer_cert.3"
+	ln -sf "CMS_get0_type.3" "$(DESTDIR)$(mandir)/man3/CMS_get0_content.3"
+	ln -sf "CMS_get0_type.3" "$(DESTDIR)$(mandir)/man3/CMS_get0_eContentType.3"
+	ln -sf "CMS_get0_type.3" "$(DESTDIR)$(mandir)/man3/CMS_set1_eContentType.3"
+	ln -sf "CMS_get1_ReceiptRequest.3" "$(DESTDIR)$(mandir)/man3/CMS_ReceiptRequest_create0.3"
+	ln -sf "CMS_get1_ReceiptRequest.3" "$(DESTDIR)$(mandir)/man3/CMS_ReceiptRequest_get0_values.3"
+	ln -sf "CMS_get1_ReceiptRequest.3" "$(DESTDIR)$(mandir)/man3/CMS_add1_ReceiptRequest.3"
+	ln -sf "CMS_verify.3" "$(DESTDIR)$(mandir)/man3/CMS_get0_signers.3"
+	ln -sf "CONF_modules_free.3" "$(DESTDIR)$(mandir)/man3/CONF_modules_finish.3"
+	ln -sf "CONF_modules_free.3" "$(DESTDIR)$(mandir)/man3/CONF_modules_unload.3"
+	ln -sf "CONF_modules_load_file.3" "$(DESTDIR)$(mandir)/man3/CONF_modules_load.3"
+	ln -sf "CRYPTO_get_mem_functions.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_MEM_LEAK_CB.3"
+	ln -sf "CRYPTO_get_mem_functions.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_mem_ctrl.3"
+	ln -sf "CRYPTO_get_mem_functions.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_mem_leaks.3"
+	ln -sf "CRYPTO_get_mem_functions.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_mem_leaks_cb.3"
+	ln -sf "CRYPTO_get_mem_functions.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_mem_leaks_fp.3"
+	ln -sf "CRYPTO_get_mem_functions.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_set_mem_functions.3"
+	ln -sf "CRYPTO_lock.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_cmp.3"
+	ln -sf "CRYPTO_lock.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_cpy.3"
+	ln -sf "CRYPTO_lock.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_current.3"
+	ln -sf "CRYPTO_lock.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_hash.3"
+	ln -sf "CRYPTO_lock.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_add.3"
+	ln -sf "CRYPTO_lock.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_r_lock.3"
+	ln -sf "CRYPTO_lock.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_r_unlock.3"
+	ln -sf "CRYPTO_lock.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_w_lock.3"
+	ln -sf "CRYPTO_lock.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_w_unlock.3"
+	ln -sf "CRYPTO_set_ex_data.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_EX_dup.3"
+	ln -sf "CRYPTO_set_ex_data.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_EX_free.3"
+	ln -sf "CRYPTO_set_ex_data.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_EX_new.3"
+	ln -sf "CRYPTO_set_ex_data.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_free_ex_data.3"
+	ln -sf "CRYPTO_set_ex_data.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_get_ex_data.3"
+	ln -sf "CRYPTO_set_ex_data.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_get_ex_new_index.3"
+	ln -sf "CRYPTO_set_ex_data.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_new_ex_data.3"
+	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_cbc_cksum.3"
+	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_cfb64_encrypt.3"
+	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_cfb_encrypt.3"
+	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_crypt.3"
+	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_ecb2_encrypt.3"
+	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_ecb3_encrypt.3"
+	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_ecb_encrypt.3"
+	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_ede2_cbc_encrypt.3"
+	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_ede2_cfb64_encrypt.3"
+	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_ede2_ofb64_encrypt.3"
+	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_ede3_cbc_encrypt.3"
+	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_ede3_cbcm_encrypt.3"
+	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_ede3_cfb64_encrypt.3"
+	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_ede3_ofb64_encrypt.3"
+	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_enc_read.3"
+	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_enc_write.3"
+	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_fcrypt.3"
+	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_is_weak_key.3"
+	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_key_sched.3"
+	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_ncbc_encrypt.3"
+	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_ofb64_encrypt.3"
+	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_ofb_encrypt.3"
+	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_pcbc_encrypt.3"
+	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_quad_cksum.3"
+	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_random_key.3"
+	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_set_key_checked.3"
+	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_set_key_unchecked.3"
+	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_set_odd_parity.3"
+	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_string_to_2keys.3"
+	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_string_to_key.3"
+	ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_xcbc_encrypt.3"
+	ln -sf "DH_generate_key.3" "$(DESTDIR)$(mandir)/man3/DH_compute_key.3"
+	ln -sf "DH_generate_parameters.3" "$(DESTDIR)$(mandir)/man3/DH_check.3"
+	ln -sf "DH_generate_parameters.3" "$(DESTDIR)$(mandir)/man3/DH_generate_parameters_ex.3"
+	ln -sf "DH_get0_pqg.3" "$(DESTDIR)$(mandir)/man3/DH_clear_flags.3"
+	ln -sf "DH_get0_pqg.3" "$(DESTDIR)$(mandir)/man3/DH_get0_engine.3"
+	ln -sf "DH_get0_pqg.3" "$(DESTDIR)$(mandir)/man3/DH_get0_key.3"
+	ln -sf "DH_get0_pqg.3" "$(DESTDIR)$(mandir)/man3/DH_set0_key.3"
+	ln -sf "DH_get0_pqg.3" "$(DESTDIR)$(mandir)/man3/DH_set0_pqg.3"
+	ln -sf "DH_get0_pqg.3" "$(DESTDIR)$(mandir)/man3/DH_set_flags.3"
+	ln -sf "DH_get0_pqg.3" "$(DESTDIR)$(mandir)/man3/DH_set_length.3"
+	ln -sf "DH_get0_pqg.3" "$(DESTDIR)$(mandir)/man3/DH_test_flags.3"
+	ln -sf "DH_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/DH_get_ex_data.3"
+	ln -sf "DH_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/DH_set_ex_data.3"
+	ln -sf "DH_new.3" "$(DESTDIR)$(mandir)/man3/DH_free.3"
+	ln -sf "DH_new.3" "$(DESTDIR)$(mandir)/man3/DH_up_ref.3"
+	ln -sf "DH_set_method.3" "$(DESTDIR)$(mandir)/man3/DH_OpenSSL.3"
+	ln -sf "DH_set_method.3" "$(DESTDIR)$(mandir)/man3/DH_get_default_method.3"
+	ln -sf "DH_set_method.3" "$(DESTDIR)$(mandir)/man3/DH_new_method.3"
+	ln -sf "DH_set_method.3" "$(DESTDIR)$(mandir)/man3/DH_set_default_method.3"
+	ln -sf "DH_size.3" "$(DESTDIR)$(mandir)/man3/DH_bits.3"
+	ln -sf "DIST_POINT_new.3" "$(DESTDIR)$(mandir)/man3/CRL_DIST_POINTS_free.3"
+	ln -sf "DIST_POINT_new.3" "$(DESTDIR)$(mandir)/man3/CRL_DIST_POINTS_new.3"
+	ln -sf "DIST_POINT_new.3" "$(DESTDIR)$(mandir)/man3/DIST_POINT_NAME_free.3"
+	ln -sf "DIST_POINT_new.3" "$(DESTDIR)$(mandir)/man3/DIST_POINT_NAME_new.3"
+	ln -sf "DIST_POINT_new.3" "$(DESTDIR)$(mandir)/man3/DIST_POINT_free.3"
+	ln -sf "DIST_POINT_new.3" "$(DESTDIR)$(mandir)/man3/ISSUING_DIST_POINT_free.3"
+	ln -sf "DIST_POINT_new.3" "$(DESTDIR)$(mandir)/man3/ISSUING_DIST_POINT_new.3"
+	ln -sf "DSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/DSA_SIG_free.3"
+	ln -sf "DSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/DSA_SIG_get0.3"
+	ln -sf "DSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/DSA_SIG_set0.3"
+	ln -sf "DSA_do_sign.3" "$(DESTDIR)$(mandir)/man3/DSA_do_verify.3"
+	ln -sf "DSA_generate_parameters.3" "$(DESTDIR)$(mandir)/man3/DSA_generate_parameters_ex.3"
+	ln -sf "DSA_get0_pqg.3" "$(DESTDIR)$(mandir)/man3/DSA_clear_flags.3"
+	ln -sf "DSA_get0_pqg.3" "$(DESTDIR)$(mandir)/man3/DSA_get0_engine.3"
+	ln -sf "DSA_get0_pqg.3" "$(DESTDIR)$(mandir)/man3/DSA_get0_key.3"
+	ln -sf "DSA_get0_pqg.3" "$(DESTDIR)$(mandir)/man3/DSA_set0_key.3"
+	ln -sf "DSA_get0_pqg.3" "$(DESTDIR)$(mandir)/man3/DSA_set0_pqg.3"
+	ln -sf "DSA_get0_pqg.3" "$(DESTDIR)$(mandir)/man3/DSA_set_flags.3"
+	ln -sf "DSA_get0_pqg.3" "$(DESTDIR)$(mandir)/man3/DSA_test_flags.3"
+	ln -sf "DSA_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/DSA_get_ex_data.3"
+	ln -sf "DSA_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/DSA_set_ex_data.3"
+	ln -sf "DSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/DSA_meth_dup.3"
+	ln -sf "DSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/DSA_meth_free.3"
+	ln -sf "DSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/DSA_meth_set_finish.3"
+	ln -sf "DSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/DSA_meth_set_sign.3"
+	ln -sf "DSA_new.3" "$(DESTDIR)$(mandir)/man3/DSA_free.3"
+	ln -sf "DSA_new.3" "$(DESTDIR)$(mandir)/man3/DSA_up_ref.3"
+	ln -sf "DSA_set_method.3" "$(DESTDIR)$(mandir)/man3/DSA_OpenSSL.3"
+	ln -sf "DSA_set_method.3" "$(DESTDIR)$(mandir)/man3/DSA_get_default_method.3"
+	ln -sf "DSA_set_method.3" "$(DESTDIR)$(mandir)/man3/DSA_new_method.3"
+	ln -sf "DSA_set_method.3" "$(DESTDIR)$(mandir)/man3/DSA_set_default_method.3"
+	ln -sf "DSA_sign.3" "$(DESTDIR)$(mandir)/man3/DSA_sign_setup.3"
+	ln -sf "DSA_sign.3" "$(DESTDIR)$(mandir)/man3/DSA_verify.3"
+	ln -sf "ECDH_compute_key.3" "$(DESTDIR)$(mandir)/man3/ECDH_size.3"
+	ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_OpenSSL.3"
+	ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_SIG_free.3"
+	ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_SIG_get0.3"
+	ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_SIG_set0.3"
+	ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_do_sign.3"
+	ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_do_sign_ex.3"
+	ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_do_verify.3"
+	ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_get_default_method.3"
+	ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_set_default_method.3"
+	ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_set_method.3"
+	ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_sign.3"
+	ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_sign_ex.3"
+	ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_sign_setup.3"
+	ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_size.3"
+	ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_verify.3"
+	ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/d2i_ECDSA_SIG.3"
+	ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/i2d_ECDSA_SIG.3"
+	ln -sf "EC_GFp_simple_method.3" "$(DESTDIR)$(mandir)/man3/EC_GF2m_simple_method.3"
+	ln -sf "EC_GFp_simple_method.3" "$(DESTDIR)$(mandir)/man3/EC_GFp_mont_method.3"
+	ln -sf "EC_GFp_simple_method.3" "$(DESTDIR)$(mandir)/man3/EC_GFp_nist_method.3"
+	ln -sf "EC_GFp_simple_method.3" "$(DESTDIR)$(mandir)/man3/EC_GFp_nistp224_method.3"
+	ln -sf "EC_GFp_simple_method.3" "$(DESTDIR)$(mandir)/man3/EC_GFp_nistp256_method.3"
+	ln -sf "EC_GFp_simple_method.3" "$(DESTDIR)$(mandir)/man3/EC_GFp_nistp521_method.3"
+	ln -sf "EC_GFp_simple_method.3" "$(DESTDIR)$(mandir)/man3/EC_METHOD_get_field_type.3"
+	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_check.3"
+	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_check_discriminant.3"
+	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_cmp.3"
+	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_dup.3"
+	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_get0_generator.3"
+	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_get0_seed.3"
+	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_asn1_flag.3"
+	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_basis_type.3"
+	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_cofactor.3"
+	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_curve_name.3"
+	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_degree.3"
+	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_order.3"
+	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_pentanomial_basis.3"
+	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_point_conversion_form.3"
+	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_seed_len.3"
+	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_trinomial_basis.3"
+	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_method_of.3"
+	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_asn1_flag.3"
+	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_curve_name.3"
+	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_generator.3"
+	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_point_conversion_form.3"
+	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_seed.3"
+	ln -sf "EC_GROUP_new.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_clear_free.3"
+	ln -sf "EC_GROUP_new.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_free.3"
+	ln -sf "EC_GROUP_new.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_curve_GF2m.3"
+	ln -sf "EC_GROUP_new.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_curve_GFp.3"
+	ln -sf "EC_GROUP_new.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_new_by_curve_name.3"
+	ln -sf "EC_GROUP_new.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_new_curve_GF2m.3"
+	ln -sf "EC_GROUP_new.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_new_curve_GFp.3"
+	ln -sf "EC_GROUP_new.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_curve_GF2m.3"
+	ln -sf "EC_GROUP_new.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_curve_GFp.3"
+	ln -sf "EC_GROUP_new.3" "$(DESTDIR)$(mandir)/man3/EC_get_builtin_curves.3"
+	ln -sf "EC_KEY_METHOD_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_METHOD_free.3"
+	ln -sf "EC_KEY_METHOD_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_METHOD_get_compute_key.3"
+	ln -sf "EC_KEY_METHOD_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_METHOD_get_init.3"
+	ln -sf "EC_KEY_METHOD_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_METHOD_get_keygen.3"
+	ln -sf "EC_KEY_METHOD_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_METHOD_get_sign.3"
+	ln -sf "EC_KEY_METHOD_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_METHOD_get_verify.3"
+	ln -sf "EC_KEY_METHOD_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_METHOD_set_compute_key.3"
+	ln -sf "EC_KEY_METHOD_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_METHOD_set_init.3"
+	ln -sf "EC_KEY_METHOD_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_METHOD_set_keygen.3"
+	ln -sf "EC_KEY_METHOD_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_METHOD_set_sign.3"
+	ln -sf "EC_KEY_METHOD_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_METHOD_set_verify.3"
+	ln -sf "EC_KEY_METHOD_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_OpenSSL.3"
+	ln -sf "EC_KEY_METHOD_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_get_default_method.3"
+	ln -sf "EC_KEY_METHOD_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_get_method.3"
+	ln -sf "EC_KEY_METHOD_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_new_method.3"
+	ln -sf "EC_KEY_METHOD_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_set_default_method.3"
+	ln -sf "EC_KEY_METHOD_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_set_method.3"
+	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_check_key.3"
+	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_clear_flags.3"
+	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_copy.3"
+	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_dup.3"
+	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_free.3"
+	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_generate_key.3"
+	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_get0_group.3"
+	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_get0_private_key.3"
+	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_get0_public_key.3"
+	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_get_conv_form.3"
+	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_get_enc_flags.3"
+	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_get_flags.3"
+	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_get_key_method_data.3"
+	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_insert_key_method_data.3"
+	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_new_by_curve_name.3"
+	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_precompute_mult.3"
+	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_print.3"
+	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_print_fp.3"
+	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_set_asn1_flag.3"
+	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_set_conv_form.3"
+	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_set_enc_flags.3"
+	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_set_flags.3"
+	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_set_group.3"
+	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_set_private_key.3"
+	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_set_public_key.3"
+	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_set_public_key_affine_coordinates.3"
+	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_up_ref.3"
+	ln -sf "EC_POINT_add.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_have_precompute_mult.3"
+	ln -sf "EC_POINT_add.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_precompute_mult.3"
+	ln -sf "EC_POINT_add.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_cmp.3"
+	ln -sf "EC_POINT_add.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_dbl.3"
+	ln -sf "EC_POINT_add.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_invert.3"
+	ln -sf "EC_POINT_add.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_is_at_infinity.3"
+	ln -sf "EC_POINT_add.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_is_on_curve.3"
+	ln -sf "EC_POINT_add.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_make_affine.3"
+	ln -sf "EC_POINT_add.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_mul.3"
+	ln -sf "EC_POINT_add.3" "$(DESTDIR)$(mandir)/man3/EC_POINTs_make_affine.3"
+	ln -sf "EC_POINT_add.3" "$(DESTDIR)$(mandir)/man3/EC_POINTs_mul.3"
+	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_bn2point.3"
+	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_clear_free.3"
+	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_copy.3"
+	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_dup.3"
+	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_free.3"
+	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_get_Jprojective_coordinates_GFp.3"
+	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_get_affine_coordinates_GF2m.3"
+	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_get_affine_coordinates_GFp.3"
+	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_hex2point.3"
+	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_method_of.3"
+	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_oct2point.3"
+	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_point2bn.3"
+	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_point2hex.3"
+	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_point2oct.3"
+	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_set_Jprojective_coordinates_GFp.3"
+	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_set_affine_coordinates_GF2m.3"
+	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_set_affine_coordinates_GFp.3"
+	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_set_compressed_coordinates_GF2m.3"
+	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_set_compressed_coordinates_GFp.3"
+	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_set_to_infinity.3"
+	ln -sf "ENGINE_add.3" "$(DESTDIR)$(mandir)/man3/ENGINE_by_id.3"
+	ln -sf "ENGINE_add.3" "$(DESTDIR)$(mandir)/man3/ENGINE_cleanup.3"
+	ln -sf "ENGINE_add.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_first.3"
+	ln -sf "ENGINE_add.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_id.3"
+	ln -sf "ENGINE_add.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_last.3"
+	ln -sf "ENGINE_add.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_name.3"
+	ln -sf "ENGINE_add.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_next.3"
+	ln -sf "ENGINE_add.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_prev.3"
+	ln -sf "ENGINE_add.3" "$(DESTDIR)$(mandir)/man3/ENGINE_remove.3"
+	ln -sf "ENGINE_add.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_id.3"
+	ln -sf "ENGINE_add.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_name.3"
+	ln -sf "ENGINE_ctrl.3" "$(DESTDIR)$(mandir)/man3/ENGINE_CTRL_FUNC_PTR.3"
+	ln -sf "ENGINE_ctrl.3" "$(DESTDIR)$(mandir)/man3/ENGINE_cmd_is_executable.3"
+	ln -sf "ENGINE_ctrl.3" "$(DESTDIR)$(mandir)/man3/ENGINE_ctrl_cmd.3"
+	ln -sf "ENGINE_ctrl.3" "$(DESTDIR)$(mandir)/man3/ENGINE_ctrl_cmd_string.3"
+	ln -sf "ENGINE_ctrl.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_cmd_defns.3"
+	ln -sf "ENGINE_ctrl.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_ctrl_function.3"
+	ln -sf "ENGINE_ctrl.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_cmd_defns.3"
+	ln -sf "ENGINE_ctrl.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_ctrl_function.3"
+	ln -sf "ENGINE_get_default_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_cipher_engine.3"
+	ln -sf "ENGINE_get_default_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_DH.3"
+	ln -sf "ENGINE_get_default_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_DSA.3"
+	ln -sf "ENGINE_get_default_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_ECDH.3"
+	ln -sf "ENGINE_get_default_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_ECDSA.3"
+	ln -sf "ENGINE_get_default_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_RAND.3"
+	ln -sf "ENGINE_get_default_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_digest_engine.3"
+	ln -sf "ENGINE_get_default_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_table_flags.3"
+	ln -sf "ENGINE_get_default_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_table_flags.3"
+	ln -sf "ENGINE_init.3" "$(DESTDIR)$(mandir)/man3/ENGINE_GEN_INT_FUNC_PTR.3"
+	ln -sf "ENGINE_init.3" "$(DESTDIR)$(mandir)/man3/ENGINE_finish.3"
+	ln -sf "ENGINE_init.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_finish_function.3"
+	ln -sf "ENGINE_init.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_init_function.3"
+	ln -sf "ENGINE_init.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_finish_function.3"
+	ln -sf "ENGINE_init.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_init_function.3"
+	ln -sf "ENGINE_new.3" "$(DESTDIR)$(mandir)/man3/ENGINE_GEN_INT_FUNC_PTR.3"
+	ln -sf "ENGINE_new.3" "$(DESTDIR)$(mandir)/man3/ENGINE_free.3"
+	ln -sf "ENGINE_new.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_destroy_function.3"
+	ln -sf "ENGINE_new.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_destroy_function.3"
+	ln -sf "ENGINE_new.3" "$(DESTDIR)$(mandir)/man3/ENGINE_up_ref.3"
+	ln -sf "ENGINE_register_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_DH.3"
+	ln -sf "ENGINE_register_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_DSA.3"
+	ln -sf "ENGINE_register_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_ECDH.3"
+	ln -sf "ENGINE_register_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_ECDSA.3"
+	ln -sf "ENGINE_register_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_RAND.3"
+	ln -sf "ENGINE_register_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_STORE.3"
+	ln -sf "ENGINE_register_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_ciphers.3"
+	ln -sf "ENGINE_register_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_complete.3"
+	ln -sf "ENGINE_register_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_digests.3"
+	ln -sf "ENGINE_register_all_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_load_builtin_engines.3"
+	ln -sf "ENGINE_register_all_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_load_dynamic.3"
+	ln -sf "ENGINE_register_all_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_DH.3"
+	ln -sf "ENGINE_register_all_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_DSA.3"
+	ln -sf "ENGINE_register_all_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_ECDH.3"
+	ln -sf "ENGINE_register_all_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_ECDSA.3"
+	ln -sf "ENGINE_register_all_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_RAND.3"
+	ln -sf "ENGINE_register_all_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_STORE.3"
+	ln -sf "ENGINE_register_all_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_ciphers.3"
+	ln -sf "ENGINE_register_all_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_complete.3"
+	ln -sf "ENGINE_register_all_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_digests.3"
+	ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_CIPHERS_PTR.3"
+	ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_DIGESTS_PTR.3"
+	ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_DH.3"
+	ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_DSA.3"
+	ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_ECDH.3"
+	ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_ECDSA.3"
+	ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_RAND.3"
+	ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_RSA.3"
+	ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_STORE.3"
+	ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_cipher.3"
+	ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_ciphers.3"
+	ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_digest.3"
+	ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_digests.3"
+	ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_DH.3"
+	ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_DSA.3"
+	ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_ECDH.3"
+	ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_ECDSA.3"
+	ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_RAND.3"
+	ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_STORE.3"
+	ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_ciphers.3"
+	ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_digests.3"
+	ln -sf "ENGINE_set_default.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_DH.3"
+	ln -sf "ENGINE_set_default.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_DSA.3"
+	ln -sf "ENGINE_set_default.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_ECDH.3"
+	ln -sf "ENGINE_set_default.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_ECDSA.3"
+	ln -sf "ENGINE_set_default.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_RAND.3"
+	ln -sf "ENGINE_set_default.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_RSA.3"
+	ln -sf "ENGINE_set_default.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_ciphers.3"
+	ln -sf "ENGINE_set_default.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_digests.3"
+	ln -sf "ENGINE_set_default.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_string.3"
+	ln -sf "ENGINE_set_flags.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_flags.3"
+	ln -sf "ENGINE_unregister_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_DH.3"
+	ln -sf "ENGINE_unregister_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_DSA.3"
+	ln -sf "ENGINE_unregister_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_ECDH.3"
+	ln -sf "ENGINE_unregister_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_ECDSA.3"
+	ln -sf "ENGINE_unregister_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_RAND.3"
+	ln -sf "ENGINE_unregister_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_STORE.3"
+	ln -sf "ENGINE_unregister_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_ciphers.3"
+	ln -sf "ENGINE_unregister_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_digests.3"
+	ln -sf "ERR_GET_LIB.3" "$(DESTDIR)$(mandir)/man3/ERR_FATAL_ERROR.3"
+	ln -sf "ERR_GET_LIB.3" "$(DESTDIR)$(mandir)/man3/ERR_GET_FUNC.3"
+	ln -sf "ERR_GET_LIB.3" "$(DESTDIR)$(mandir)/man3/ERR_GET_REASON.3"
+	ln -sf "ERR_error_string.3" "$(DESTDIR)$(mandir)/man3/ERR_error_string_n.3"
+	ln -sf "ERR_error_string.3" "$(DESTDIR)$(mandir)/man3/ERR_func_error_string.3"
+	ln -sf "ERR_error_string.3" "$(DESTDIR)$(mandir)/man3/ERR_lib_error_string.3"
+	ln -sf "ERR_error_string.3" "$(DESTDIR)$(mandir)/man3/ERR_reason_error_string.3"
+	ln -sf "ERR_get_error.3" "$(DESTDIR)$(mandir)/man3/ERR_get_error_line.3"
+	ln -sf "ERR_get_error.3" "$(DESTDIR)$(mandir)/man3/ERR_get_error_line_data.3"
+	ln -sf "ERR_get_error.3" "$(DESTDIR)$(mandir)/man3/ERR_peek_error.3"
+	ln -sf "ERR_get_error.3" "$(DESTDIR)$(mandir)/man3/ERR_peek_error_line.3"
+	ln -sf "ERR_get_error.3" "$(DESTDIR)$(mandir)/man3/ERR_peek_error_line_data.3"
+	ln -sf "ERR_get_error.3" "$(DESTDIR)$(mandir)/man3/ERR_peek_last_error.3"
+	ln -sf "ERR_get_error.3" "$(DESTDIR)$(mandir)/man3/ERR_peek_last_error_line.3"
+	ln -sf "ERR_get_error.3" "$(DESTDIR)$(mandir)/man3/ERR_peek_last_error_line_data.3"
+	ln -sf "ERR_load_crypto_strings.3" "$(DESTDIR)$(mandir)/man3/ERR_free_strings.3"
+	ln -sf "ERR_load_crypto_strings.3" "$(DESTDIR)$(mandir)/man3/SSL_load_error_strings.3"
+	ln -sf "ERR_load_strings.3" "$(DESTDIR)$(mandir)/man3/ERR_PACK.3"
+	ln -sf "ERR_load_strings.3" "$(DESTDIR)$(mandir)/man3/ERR_get_next_error_library.3"
+	ln -sf "ERR_print_errors.3" "$(DESTDIR)$(mandir)/man3/ERR_print_errors_cb.3"
+	ln -sf "ERR_print_errors.3" "$(DESTDIR)$(mandir)/man3/ERR_print_errors_fp.3"
+	ln -sf "ERR_put_error.3" "$(DESTDIR)$(mandir)/man3/ERR_add_error_data.3"
+	ln -sf "ERR_put_error.3" "$(DESTDIR)$(mandir)/man3/ERR_add_error_vdata.3"
+	ln -sf "ERR_remove_state.3" "$(DESTDIR)$(mandir)/man3/ERR_remove_thread_state.3"
+	ln -sf "ERR_set_mark.3" "$(DESTDIR)$(mandir)/man3/ERR_pop_to_mark.3"
+	ln -sf "ESS_SIGNING_CERT_new.3" "$(DESTDIR)$(mandir)/man3/ESS_CERT_ID_free.3"
+	ln -sf "ESS_SIGNING_CERT_new.3" "$(DESTDIR)$(mandir)/man3/ESS_CERT_ID_new.3"
+	ln -sf "ESS_SIGNING_CERT_new.3" "$(DESTDIR)$(mandir)/man3/ESS_ISSUER_SERIAL_free.3"
+	ln -sf "ESS_SIGNING_CERT_new.3" "$(DESTDIR)$(mandir)/man3/ESS_ISSUER_SERIAL_new.3"
+	ln -sf "ESS_SIGNING_CERT_new.3" "$(DESTDIR)$(mandir)/man3/ESS_SIGNING_CERT_free.3"
+	ln -sf "EVP_AEAD_CTX_init.3" "$(DESTDIR)$(mandir)/man3/EVP_AEAD_CTX_cleanup.3"
+	ln -sf "EVP_AEAD_CTX_init.3" "$(DESTDIR)$(mandir)/man3/EVP_AEAD_CTX_open.3"
+	ln -sf "EVP_AEAD_CTX_init.3" "$(DESTDIR)$(mandir)/man3/EVP_AEAD_CTX_seal.3"
+	ln -sf "EVP_AEAD_CTX_init.3" "$(DESTDIR)$(mandir)/man3/EVP_AEAD_key_length.3"
+	ln -sf "EVP_AEAD_CTX_init.3" "$(DESTDIR)$(mandir)/man3/EVP_AEAD_max_overhead.3"
+	ln -sf "EVP_AEAD_CTX_init.3" "$(DESTDIR)$(mandir)/man3/EVP_AEAD_max_tag_len.3"
+	ln -sf "EVP_AEAD_CTX_init.3" "$(DESTDIR)$(mandir)/man3/EVP_AEAD_nonce_length.3"
+	ln -sf "EVP_AEAD_CTX_init.3" "$(DESTDIR)$(mandir)/man3/EVP_aead_aes_128_gcm.3"
+	ln -sf "EVP_AEAD_CTX_init.3" "$(DESTDIR)$(mandir)/man3/EVP_aead_aes_256_gcm.3"
+	ln -sf "EVP_AEAD_CTX_init.3" "$(DESTDIR)$(mandir)/man3/EVP_aead_chacha20_poly1305.3"
+	ln -sf "EVP_AEAD_CTX_init.3" "$(DESTDIR)$(mandir)/man3/EVP_aead_xchacha20_poly1305.3"
+	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_Digest.3"
+	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DigestFinal.3"
+	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DigestFinal_ex.3"
+	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DigestInit_ex.3"
+	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DigestUpdate.3"
+	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MAX_MD_SIZE.3"
+	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_block_size.3"
+	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_cleanup.3"
+	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_copy.3"
+	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_copy_ex.3"
+	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_create.3"
+	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_ctrl.3"
+	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_destroy.3"
+	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_free.3"
+	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_init.3"
+	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_md.3"
+	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_new.3"
+	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_reset.3"
+	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_size.3"
+	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_type.3"
+	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_block_size.3"
+	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_pkey_type.3"
+	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_size.3"
+	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_type.3"
+	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_dss.3"
+	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_dss1.3"
+	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_get_digestbyname.3"
+	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_get_digestbynid.3"
+	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_get_digestbyobj.3"
+	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_md5.3"
+	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_md5_sha1.3"
+	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_md_null.3"
+	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_ripemd160.3"
+	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_sha1.3"
+	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_sha224.3"
+	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_sha256.3"
+	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_sha384.3"
+	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_sha512.3"
+	ln -sf "EVP_DigestSignInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DigestSignFinal.3"
+	ln -sf "EVP_DigestSignInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DigestSignUpdate.3"
+	ln -sf "EVP_DigestVerifyInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DigestVerifyFinal.3"
+	ln -sf "EVP_DigestVerifyInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DigestVerifyUpdate.3"
+	ln -sf "EVP_EncodeInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DecodeBlock.3"
+	ln -sf "EVP_EncodeInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DecodeFinal.3"
+	ln -sf "EVP_EncodeInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DecodeInit.3"
+	ln -sf "EVP_EncodeInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DecodeUpdate.3"
+	ln -sf "EVP_EncodeInit.3" "$(DESTDIR)$(mandir)/man3/EVP_ENCODE_CTX_free.3"
+	ln -sf "EVP_EncodeInit.3" "$(DESTDIR)$(mandir)/man3/EVP_ENCODE_CTX_new.3"
+	ln -sf "EVP_EncodeInit.3" "$(DESTDIR)$(mandir)/man3/EVP_EncodeBlock.3"
+	ln -sf "EVP_EncodeInit.3" "$(DESTDIR)$(mandir)/man3/EVP_EncodeFinal.3"
+	ln -sf "EVP_EncodeInit.3" "$(DESTDIR)$(mandir)/man3/EVP_EncodeUpdate.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_block_size.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_cipher.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_cleanup.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_clear_flags.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_ctrl.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_flags.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_free.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_get_app_data.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_get_iv.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_init.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_iv_length.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_key_length.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_mode.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_new.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_nid.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_rand_key.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_reset.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_set_app_data.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_set_flags.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_set_iv.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_set_key_length.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_set_padding.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_test_flags.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_type.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_asn1_to_param.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_block_size.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_flags.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_iv_length.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_key_length.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_mode.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_nid.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_param_to_asn1.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_type.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_Cipher.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CipherFinal.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CipherFinal_ex.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CipherInit.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CipherInit_ex.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CipherUpdate.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DecryptFinal.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DecryptFinal_ex.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DecryptInit.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DecryptInit_ex.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DecryptUpdate.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_EncryptFinal.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_EncryptFinal_ex.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_EncryptInit_ex.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_EncryptUpdate.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_bf_cbc.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_bf_cfb.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_bf_cfb64.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_bf_ecb.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_bf_ofb.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_cast5_cbc.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_cast5_cfb.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_cast5_cfb64.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_cast5_ecb.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_cast5_ofb.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_chacha20.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_enc_null.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_get_cipherbyname.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_get_cipherbynid.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_get_cipherbyobj.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_idea_cbc.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_idea_cfb.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_idea_cfb64.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_idea_ecb.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_idea_ofb.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_rc2_40_cbc.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_rc2_64_cbc.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_rc2_cbc.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_rc2_cfb.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_rc2_cfb64.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_rc2_ecb.3"
+	ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_rc2_ofb.3"
+	ln -sf "EVP_OpenInit.3" "$(DESTDIR)$(mandir)/man3/EVP_OpenFinal.3"
+	ln -sf "EVP_OpenInit.3" "$(DESTDIR)$(mandir)/man3/EVP_OpenUpdate.3"
+	ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_ctrl_str.3"
+	ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get0_ecdh_kdf_ukm.3"
+	ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get1_id.3"
+	ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get1_id_len.3"
+	ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_ecdh_cofactor_mode.3"
+	ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_ecdh_kdf_md.3"
+	ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_ecdh_kdf_outlen.3"
+	ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_ecdh_kdf_type.3"
+	ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_signature_md.3"
+	ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set0_ecdh_kdf_ukm.3"
+	ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set1_id.3"
+	ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_dh_paramgen_generator.3"
+	ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_dh_paramgen_prime_len.3"
+	ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_dsa_paramgen_bits.3"
+	ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_ec_param_enc.3"
+	ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_ec_paramgen_curve_nid.3"
+	ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_ecdh_cofactor_mode.3"
+	ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_ecdh_kdf_md.3"
+	ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_ecdh_kdf_outlen.3"
+	ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_ecdh_kdf_type.3"
+	ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_signature_md.3"
+	ln -sf "EVP_PKEY_CTX_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_dup.3"
+	ln -sf "EVP_PKEY_CTX_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_free.3"
+	ln -sf "EVP_PKEY_CTX_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_new_id.3"
+	ln -sf "EVP_PKEY_asn1_get_count.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_find.3"
+	ln -sf "EVP_PKEY_asn1_get_count.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_find_str.3"
+	ln -sf "EVP_PKEY_asn1_get_count.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_get0.3"
+	ln -sf "EVP_PKEY_asn1_get_count.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_get0_info.3"
+	ln -sf "EVP_PKEY_asn1_get_count.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get0_asn1.3"
+	ln -sf "EVP_PKEY_asn1_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_add0.3"
+	ln -sf "EVP_PKEY_asn1_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_add_alias.3"
+	ln -sf "EVP_PKEY_asn1_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_copy.3"
+	ln -sf "EVP_PKEY_asn1_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_free.3"
+	ln -sf "EVP_PKEY_asn1_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_set_ctrl.3"
+	ln -sf "EVP_PKEY_asn1_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_set_free.3"
+	ln -sf "EVP_PKEY_asn1_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_set_param.3"
+	ln -sf "EVP_PKEY_asn1_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_set_private.3"
+	ln -sf "EVP_PKEY_asn1_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_set_public.3"
+	ln -sf "EVP_PKEY_cmp.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_cmp_parameters.3"
+	ln -sf "EVP_PKEY_cmp.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_copy_parameters.3"
+	ln -sf "EVP_PKEY_cmp.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_missing_parameters.3"
+	ln -sf "EVP_PKEY_decrypt.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_decrypt_init.3"
+	ln -sf "EVP_PKEY_derive.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_derive_init.3"
+	ln -sf "EVP_PKEY_derive.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_derive_set_peer.3"
+	ln -sf "EVP_PKEY_encrypt.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_encrypt_init.3"
+	ln -sf "EVP_PKEY_keygen.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_app_data.3"
+	ln -sf "EVP_PKEY_keygen.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_cb.3"
+	ln -sf "EVP_PKEY_keygen.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_keygen_info.3"
+	ln -sf "EVP_PKEY_keygen.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_app_data.3"
+	ln -sf "EVP_PKEY_keygen.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_cb.3"
+	ln -sf "EVP_PKEY_keygen.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_gen_cb.3"
+	ln -sf "EVP_PKEY_keygen.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_keygen_init.3"
+	ln -sf "EVP_PKEY_keygen.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_paramgen.3"
+	ln -sf "EVP_PKEY_keygen.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_paramgen_init.3"
+	ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_add0.3"
+	ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_copy.3"
+	ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_find.3"
+	ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_free.3"
+	ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_cleanup.3"
+	ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_copy.3"
+	ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_ctrl.3"
+	ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_decrypt.3"
+	ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_derive.3"
+	ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_encrypt.3"
+	ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_init.3"
+	ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_keygen.3"
+	ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_paramgen.3"
+	ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_sign.3"
+	ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_signctx.3"
+	ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_verify.3"
+	ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_verify_recover.3"
+	ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_verifyctx.3"
+	ln -sf "EVP_PKEY_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_free.3"
+	ln -sf "EVP_PKEY_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_new_mac_key.3"
+	ln -sf "EVP_PKEY_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_up_ref.3"
+	ln -sf "EVP_PKEY_print_private.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_print_params.3"
+	ln -sf "EVP_PKEY_print_private.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_print_public.3"
+	ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_assign.3"
+	ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_DH.3"
+	ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_DSA.3"
+	ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_EC_KEY.3"
+	ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_GOST.3"
+	ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_RSA.3"
+	ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_base_id.3"
+	ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get0.3"
+	ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get0_DH.3"
+	ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get0_DSA.3"
+	ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get0_EC_KEY.3"
+	ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get0_RSA.3"
+	ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get0_hmac.3"
+	ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get1_DH.3"
+	ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get1_DSA.3"
+	ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get1_EC_KEY.3"
+	ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get1_RSA.3"
+	ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_id.3"
+	ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_set1_DH.3"
+	ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_set1_DSA.3"
+	ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_set1_EC_KEY.3"
+	ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_set_type.3"
+	ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_type.3"
+	ln -sf "EVP_PKEY_sign.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_sign_init.3"
+	ln -sf "EVP_PKEY_verify.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_verify_init.3"
+	ln -sf "EVP_PKEY_verify_recover.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_verify_recover_init.3"
+	ln -sf "EVP_SealInit.3" "$(DESTDIR)$(mandir)/man3/EVP_SealFinal.3"
+	ln -sf "EVP_SealInit.3" "$(DESTDIR)$(mandir)/man3/EVP_SealUpdate.3"
+	ln -sf "EVP_SignInit.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_bits.3"
+	ln -sf "EVP_SignInit.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_size.3"
+	ln -sf "EVP_SignInit.3" "$(DESTDIR)$(mandir)/man3/EVP_SignFinal.3"
+	ln -sf "EVP_SignInit.3" "$(DESTDIR)$(mandir)/man3/EVP_SignInit_ex.3"
+	ln -sf "EVP_SignInit.3" "$(DESTDIR)$(mandir)/man3/EVP_SignUpdate.3"
+	ln -sf "EVP_VerifyInit.3" "$(DESTDIR)$(mandir)/man3/EVP_VerifyFinal.3"
+	ln -sf "EVP_VerifyInit.3" "$(DESTDIR)$(mandir)/man3/EVP_VerifyInit_ex.3"
+	ln -sf "EVP_VerifyInit.3" "$(DESTDIR)$(mandir)/man3/EVP_VerifyUpdate.3"
+	ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_128_cbc_hmac_sha1.3"
+	ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_128_ccm.3"
+	ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_128_cfb.3"
+	ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_128_cfb1.3"
+	ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_128_cfb128.3"
+	ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_128_cfb8.3"
+	ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_128_ctr.3"
+	ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_128_ecb.3"
+	ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_128_gcm.3"
+	ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_128_ofb.3"
+	ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_128_wrap.3"
+	ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_128_xts.3"
+	ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_192_cbc.3"
+	ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_192_ccm.3"
+	ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_192_cfb.3"
+	ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_192_cfb1.3"
+	ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_192_cfb128.3"
+	ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_192_cfb8.3"
+	ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_192_ctr.3"
+	ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_192_ecb.3"
+	ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_192_gcm.3"
+	ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_192_ofb.3"
+	ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_192_wrap.3"
+	ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_256_cbc.3"
+	ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_256_cbc_hmac_sha1.3"
+	ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_256_ccm.3"
+	ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_256_cfb.3"
+	ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_256_cfb1.3"
+	ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_256_cfb128.3"
+	ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_256_cfb8.3"
+	ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_256_ctr.3"
+	ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_256_ecb.3"
+	ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_256_gcm.3"
+	ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_256_ofb.3"
+	ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_256_wrap.3"
+	ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_256_xts.3"
+	ln -sf "EVP_camellia_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_camellia_128_cfb.3"
+	ln -sf "EVP_camellia_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_camellia_128_cfb1.3"
+	ln -sf "EVP_camellia_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_camellia_128_cfb128.3"
+	ln -sf "EVP_camellia_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_camellia_128_cfb8.3"
+	ln -sf "EVP_camellia_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_camellia_128_ecb.3"
+	ln -sf "EVP_camellia_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_camellia_128_ofb.3"
+	ln -sf "EVP_camellia_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_camellia_192_cbc.3"
+	ln -sf "EVP_camellia_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_camellia_192_cfb.3"
+	ln -sf "EVP_camellia_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_camellia_192_cfb1.3"
+	ln -sf "EVP_camellia_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_camellia_192_cfb128.3"
+	ln -sf "EVP_camellia_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_camellia_192_cfb8.3"
+	ln -sf "EVP_camellia_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_camellia_192_ecb.3"
+	ln -sf "EVP_camellia_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_camellia_192_ofb.3"
+	ln -sf "EVP_camellia_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_camellia_256_cbc.3"
+	ln -sf "EVP_camellia_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_camellia_256_cfb.3"
+	ln -sf "EVP_camellia_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_camellia_256_cfb1.3"
+	ln -sf "EVP_camellia_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_camellia_256_cfb128.3"
+	ln -sf "EVP_camellia_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_camellia_256_cfb8.3"
+	ln -sf "EVP_camellia_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_camellia_256_ecb.3"
+	ln -sf "EVP_camellia_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_camellia_256_ofb.3"
+	ln -sf "EVP_des_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_des_cfb.3"
+	ln -sf "EVP_des_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_des_cfb1.3"
+	ln -sf "EVP_des_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_des_cfb64.3"
+	ln -sf "EVP_des_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_des_cfb8.3"
+	ln -sf "EVP_des_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_des_ecb.3"
+	ln -sf "EVP_des_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_des_ede.3"
+	ln -sf "EVP_des_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_des_ede3.3"
+	ln -sf "EVP_des_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_des_ede3_cbc.3"
+	ln -sf "EVP_des_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_des_ede3_cfb.3"
+	ln -sf "EVP_des_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_des_ede3_cfb1.3"
+	ln -sf "EVP_des_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_des_ede3_cfb64.3"
+	ln -sf "EVP_des_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_des_ede3_cfb8.3"
+	ln -sf "EVP_des_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_des_ede3_ecb.3"
+	ln -sf "EVP_des_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_des_ede3_ofb.3"
+	ln -sf "EVP_des_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_des_ede_cbc.3"
+	ln -sf "EVP_des_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_des_ede_cfb.3"
+	ln -sf "EVP_des_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_des_ede_cfb64.3"
+	ln -sf "EVP_des_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_des_ede_ecb.3"
+	ln -sf "EVP_des_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_des_ede_ofb.3"
+	ln -sf "EVP_des_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_des_ofb.3"
+	ln -sf "EVP_des_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_desx_cbc.3"
+	ln -sf "EVP_rc4.3" "$(DESTDIR)$(mandir)/man3/EVP_rc4_40.3"
+	ln -sf "EVP_rc4.3" "$(DESTDIR)$(mandir)/man3/EVP_rc4_hmac_md5.3"
+	ln -sf "EVP_sm4_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_sm4_cfb.3"
+	ln -sf "EVP_sm4_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_sm4_cfb128.3"
+	ln -sf "EVP_sm4_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_sm4_ctr.3"
+	ln -sf "EVP_sm4_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_sm4_ecb.3"
+	ln -sf "EVP_sm4_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_sm4_ofb.3"
+	ln -sf "EXTENDED_KEY_USAGE_new.3" "$(DESTDIR)$(mandir)/man3/EXTENDED_KEY_USAGE_free.3"
+	ln -sf "GENERAL_NAME_new.3" "$(DESTDIR)$(mandir)/man3/EDIPARTYNAME_free.3"
+	ln -sf "GENERAL_NAME_new.3" "$(DESTDIR)$(mandir)/man3/EDIPARTYNAME_new.3"
+	ln -sf "GENERAL_NAME_new.3" "$(DESTDIR)$(mandir)/man3/GENERAL_NAMES_free.3"
+	ln -sf "GENERAL_NAME_new.3" "$(DESTDIR)$(mandir)/man3/GENERAL_NAMES_new.3"
+	ln -sf "GENERAL_NAME_new.3" "$(DESTDIR)$(mandir)/man3/GENERAL_NAME_free.3"
+	ln -sf "GENERAL_NAME_new.3" "$(DESTDIR)$(mandir)/man3/OTHERNAME_free.3"
+	ln -sf "GENERAL_NAME_new.3" "$(DESTDIR)$(mandir)/man3/OTHERNAME_new.3"
+	ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_CTX_cleanup.3"
+	ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_CTX_copy.3"
+	ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_CTX_free.3"
+	ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_CTX_get_md.3"
+	ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_CTX_init.3"
+	ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_CTX_new.3"
+	ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_CTX_reset.3"
+	ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_CTX_set_flags.3"
+	ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_Final.3"
+	ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_Init.3"
+	ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_Init_ex.3"
+	ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_Update.3"
+	ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_cleanup.3"
+	ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_size.3"
+	ln -sf "MD5.3" "$(DESTDIR)$(mandir)/man3/MD4.3"
+	ln -sf "MD5.3" "$(DESTDIR)$(mandir)/man3/MD4_Final.3"
+	ln -sf "MD5.3" "$(DESTDIR)$(mandir)/man3/MD4_Init.3"
+	ln -sf "MD5.3" "$(DESTDIR)$(mandir)/man3/MD4_Update.3"
+	ln -sf "MD5.3" "$(DESTDIR)$(mandir)/man3/MD5_Final.3"
+	ln -sf "MD5.3" "$(DESTDIR)$(mandir)/man3/MD5_Init.3"
+	ln -sf "MD5.3" "$(DESTDIR)$(mandir)/man3/MD5_Update.3"
+	ln -sf "NAME_CONSTRAINTS_new.3" "$(DESTDIR)$(mandir)/man3/GENERAL_SUBTREE_free.3"
+	ln -sf "NAME_CONSTRAINTS_new.3" "$(DESTDIR)$(mandir)/man3/GENERAL_SUBTREE_new.3"
+	ln -sf "NAME_CONSTRAINTS_new.3" "$(DESTDIR)$(mandir)/man3/NAME_CONSTRAINTS_free.3"
+	ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_cleanup.3"
+	ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_cmp.3"
+	ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_create.3"
+	ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_dup.3"
+	ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_ln2nid.3"
+	ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_nid2ln.3"
+	ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_nid2sn.3"
+	ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_obj2nid.3"
+	ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_obj2txt.3"
+	ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_sn2nid.3"
+	ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_txt2nid.3"
+	ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_txt2obj.3"
+	ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/i2t_ASN1_OBJECT.3"
+	ln -sf "OCSP_CRLID_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_CRLID_free.3"
+	ln -sf "OCSP_REQUEST_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_ONEREQ_free.3"
+	ln -sf "OCSP_REQUEST_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_ONEREQ_new.3"
+	ln -sf "OCSP_REQUEST_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_REQINFO_free.3"
+	ln -sf "OCSP_REQUEST_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_REQINFO_new.3"
+	ln -sf "OCSP_REQUEST_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_REQUEST_free.3"
+	ln -sf "OCSP_REQUEST_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_SIGNATURE_free.3"
+	ln -sf "OCSP_REQUEST_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_SIGNATURE_new.3"
+	ln -sf "OCSP_REQUEST_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_request_add0_id.3"
+	ln -sf "OCSP_REQUEST_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_request_add1_cert.3"
+	ln -sf "OCSP_REQUEST_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_request_onereq_count.3"
+	ln -sf "OCSP_REQUEST_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_request_onereq_get0.3"
+	ln -sf "OCSP_REQUEST_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_request_sign.3"
+	ln -sf "OCSP_SERVICELOC_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_SERVICELOC_free.3"
+	ln -sf "OCSP_SERVICELOC_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_url_svcloc_new.3"
+	ln -sf "OCSP_cert_to_id.3" "$(DESTDIR)$(mandir)/man3/OCSP_CERTID_free.3"
+	ln -sf "OCSP_cert_to_id.3" "$(DESTDIR)$(mandir)/man3/OCSP_CERTID_new.3"
+	ln -sf "OCSP_cert_to_id.3" "$(DESTDIR)$(mandir)/man3/OCSP_cert_id_new.3"
+	ln -sf "OCSP_cert_to_id.3" "$(DESTDIR)$(mandir)/man3/OCSP_id_cmp.3"
+	ln -sf "OCSP_cert_to_id.3" "$(DESTDIR)$(mandir)/man3/OCSP_id_get0_info.3"
+	ln -sf "OCSP_cert_to_id.3" "$(DESTDIR)$(mandir)/man3/OCSP_id_issuer_cmp.3"
+	ln -sf "OCSP_request_add1_nonce.3" "$(DESTDIR)$(mandir)/man3/OCSP_basic_add1_nonce.3"
+	ln -sf "OCSP_request_add1_nonce.3" "$(DESTDIR)$(mandir)/man3/OCSP_check_nonce.3"
+	ln -sf "OCSP_request_add1_nonce.3" "$(DESTDIR)$(mandir)/man3/OCSP_copy_nonce.3"
+	ln -sf "OCSP_resp_find_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_CERTSTATUS_free.3"
+	ln -sf "OCSP_resp_find_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_CERTSTATUS_new.3"
+	ln -sf "OCSP_resp_find_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_REVOKEDINFO_free.3"
+	ln -sf "OCSP_resp_find_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_REVOKEDINFO_new.3"
+	ln -sf "OCSP_resp_find_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_SINGLERESP_free.3"
+	ln -sf "OCSP_resp_find_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_SINGLERESP_get0_id.3"
+	ln -sf "OCSP_resp_find_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_SINGLERESP_new.3"
+	ln -sf "OCSP_resp_find_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_basic_verify.3"
+	ln -sf "OCSP_resp_find_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_cert_status_str.3"
+	ln -sf "OCSP_resp_find_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_check_validity.3"
+	ln -sf "OCSP_resp_find_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_resp_count.3"
+	ln -sf "OCSP_resp_find_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_resp_find.3"
+	ln -sf "OCSP_resp_find_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_resp_get0.3"
+	ln -sf "OCSP_resp_find_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_single_get0_status.3"
+	ln -sf "OCSP_response_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_BASICRESP_free.3"
+	ln -sf "OCSP_response_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_BASICRESP_new.3"
+	ln -sf "OCSP_response_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_RESPBYTES_free.3"
+	ln -sf "OCSP_response_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_RESPBYTES_new.3"
+	ln -sf "OCSP_response_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_RESPDATA_free.3"
+	ln -sf "OCSP_response_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_RESPDATA_new.3"
+	ln -sf "OCSP_response_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_RESPID_free.3"
+	ln -sf "OCSP_response_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_RESPID_new.3"
+	ln -sf "OCSP_response_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_RESPONSE_free.3"
+	ln -sf "OCSP_response_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_RESPONSE_new.3"
+	ln -sf "OCSP_response_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_basic_sign.3"
+	ln -sf "OCSP_response_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_response_create.3"
+	ln -sf "OCSP_response_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_response_get1_basic.3"
+	ln -sf "OCSP_response_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_response_status_str.3"
+	ln -sf "OCSP_sendreq_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_REQ_CTX_add1_header.3"
+	ln -sf "OCSP_sendreq_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_REQ_CTX_free.3"
+	ln -sf "OCSP_sendreq_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_REQ_CTX_set1_req.3"
+	ln -sf "OCSP_sendreq_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_parse_url.3"
+	ln -sf "OCSP_sendreq_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_sendreq_bio.3"
+	ln -sf "OCSP_sendreq_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_sendreq_nbio.3"
+	ln -sf "OPENSSL_VERSION_NUMBER.3" "$(DESTDIR)$(mandir)/man3/LIBRESSL_VERSION_NUMBER.3"
+	ln -sf "OPENSSL_VERSION_NUMBER.3" "$(DESTDIR)$(mandir)/man3/LIBRESSL_VERSION_TEXT.3"
+	ln -sf "OPENSSL_VERSION_NUMBER.3" "$(DESTDIR)$(mandir)/man3/OPENSSL_VERSION_TEXT.3"
+	ln -sf "OPENSSL_VERSION_NUMBER.3" "$(DESTDIR)$(mandir)/man3/OpenSSL_version.3"
+	ln -sf "OPENSSL_VERSION_NUMBER.3" "$(DESTDIR)$(mandir)/man3/OpenSSL_version_num.3"
+	ln -sf "OPENSSL_VERSION_NUMBER.3" "$(DESTDIR)$(mandir)/man3/SSLeay.3"
+	ln -sf "OPENSSL_VERSION_NUMBER.3" "$(DESTDIR)$(mandir)/man3/SSLeay_version.3"
+	ln -sf "OPENSSL_config.3" "$(DESTDIR)$(mandir)/man3/OPENSSL_no_config.3"
+	ln -sf "OPENSSL_init_crypto.3" "$(DESTDIR)$(mandir)/man3/OPENSSL_init.3"
+	ln -sf "OPENSSL_load_builtin_modules.3" "$(DESTDIR)$(mandir)/man3/ASN1_add_oid_module.3"
+	ln -sf "OPENSSL_load_builtin_modules.3" "$(DESTDIR)$(mandir)/man3/ENGINE_add_conf_module.3"
+	ln -sf "OPENSSL_malloc.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_free.3"
+	ln -sf "OPENSSL_malloc.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_malloc.3"
+	ln -sf "OPENSSL_malloc.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_realloc.3"
+	ln -sf "OPENSSL_malloc.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_strdup.3"
+	ln -sf "OPENSSL_malloc.3" "$(DESTDIR)$(mandir)/man3/OPENSSL_free.3"
+	ln -sf "OPENSSL_malloc.3" "$(DESTDIR)$(mandir)/man3/OPENSSL_realloc.3"
+	ln -sf "OPENSSL_malloc.3" "$(DESTDIR)$(mandir)/man3/OPENSSL_strdup.3"
+	ln -sf "OPENSSL_sk_new.3" "$(DESTDIR)$(mandir)/man3/sk_delete.3"
+	ln -sf "OPENSSL_sk_new.3" "$(DESTDIR)$(mandir)/man3/sk_delete_ptr.3"
+	ln -sf "OPENSSL_sk_new.3" "$(DESTDIR)$(mandir)/man3/sk_dup.3"
+	ln -sf "OPENSSL_sk_new.3" "$(DESTDIR)$(mandir)/man3/sk_find.3"
+	ln -sf "OPENSSL_sk_new.3" "$(DESTDIR)$(mandir)/man3/sk_find_ex.3"
+	ln -sf "OPENSSL_sk_new.3" "$(DESTDIR)$(mandir)/man3/sk_free.3"
+	ln -sf "OPENSSL_sk_new.3" "$(DESTDIR)$(mandir)/man3/sk_insert.3"
+	ln -sf "OPENSSL_sk_new.3" "$(DESTDIR)$(mandir)/man3/sk_is_sorted.3"
+	ln -sf "OPENSSL_sk_new.3" "$(DESTDIR)$(mandir)/man3/sk_new.3"
+	ln -sf "OPENSSL_sk_new.3" "$(DESTDIR)$(mandir)/man3/sk_new_null.3"
+	ln -sf "OPENSSL_sk_new.3" "$(DESTDIR)$(mandir)/man3/sk_num.3"
+	ln -sf "OPENSSL_sk_new.3" "$(DESTDIR)$(mandir)/man3/sk_pop.3"
+	ln -sf "OPENSSL_sk_new.3" "$(DESTDIR)$(mandir)/man3/sk_pop_free.3"
+	ln -sf "OPENSSL_sk_new.3" "$(DESTDIR)$(mandir)/man3/sk_push.3"
+	ln -sf "OPENSSL_sk_new.3" "$(DESTDIR)$(mandir)/man3/sk_set.3"
+	ln -sf "OPENSSL_sk_new.3" "$(DESTDIR)$(mandir)/man3/sk_set_cmp_func.3"
+	ln -sf "OPENSSL_sk_new.3" "$(DESTDIR)$(mandir)/man3/sk_shift.3"
+	ln -sf "OPENSSL_sk_new.3" "$(DESTDIR)$(mandir)/man3/sk_sort.3"
+	ln -sf "OPENSSL_sk_new.3" "$(DESTDIR)$(mandir)/man3/sk_unshift.3"
+	ln -sf "OPENSSL_sk_new.3" "$(DESTDIR)$(mandir)/man3/sk_value.3"
+	ln -sf "OPENSSL_sk_new.3" "$(DESTDIR)$(mandir)/man3/sk_zero.3"
+	ln -sf "OpenSSL_add_all_algorithms.3" "$(DESTDIR)$(mandir)/man3/EVP_cleanup.3"
+	ln -sf "OpenSSL_add_all_algorithms.3" "$(DESTDIR)$(mandir)/man3/OpenSSL_add_all_ciphers.3"
+	ln -sf "OpenSSL_add_all_algorithms.3" "$(DESTDIR)$(mandir)/man3/OpenSSL_add_all_digests.3"
+	ln -sf "PEM_read.3" "$(DESTDIR)$(mandir)/man3/PEM_do_header.3"
+	ln -sf "PEM_read.3" "$(DESTDIR)$(mandir)/man3/PEM_get_EVP_CIPHER_INFO.3"
+	ln -sf "PEM_read.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio.3"
+	ln -sf "PEM_read.3" "$(DESTDIR)$(mandir)/man3/PEM_write.3"
+	ln -sf "PEM_read.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio.3"
+	ln -sf "PEM_read_SSL_SESSION.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_SSL_SESSION.3"
+	ln -sf "PEM_read_SSL_SESSION.3" "$(DESTDIR)$(mandir)/man3/PEM_write_SSL_SESSION.3"
+	ln -sf "PEM_read_SSL_SESSION.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_SSL_SESSION.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_CMS.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_DHparams.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_DSAPrivateKey.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_DSA_PUBKEY.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_DSAparams.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_ECPKParameters.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_ECPrivateKey.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_EC_PUBKEY.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_NETSCAPE_CERT_SEQUENCE.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_PKCS7.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_PKCS8.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_PKCS8_PRIV_KEY_INFO.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_PUBKEY.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_PrivateKey.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_RSAPrivateKey.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_RSAPublicKey.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_RSA_PUBKEY.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_X509.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_X509_AUX.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_X509_CRL.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_X509_REQ.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_CMS.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DHparams.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DSAPrivateKey.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DSA_PUBKEY.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DSAparams.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_ECPKParameters.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_ECPrivateKey.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_EC_PUBKEY.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_NETSCAPE_CERT_SEQUENCE.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PKCS7.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PKCS8.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PKCS8_PRIV_KEY_INFO.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PUBKEY.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_RSAPrivateKey.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_RSAPublicKey.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_RSA_PUBKEY.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509_AUX.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509_CRL.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509_REQ.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_CMS.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_DHparams.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_DSAPrivateKey.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_DSA_PUBKEY.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_DSAparams.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_ECPKParameters.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_ECPrivateKey.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_EC_PUBKEY.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_NETSCAPE_CERT_SEQUENCE.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_PKCS7.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_PKCS8.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_PKCS8PrivateKey.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_PKCS8PrivateKey_nid.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_PKCS8_PRIV_KEY_INFO.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_PUBKEY.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_PrivateKey.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_RSAPrivateKey.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_RSAPublicKey.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_RSA_PUBKEY.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_X509.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_X509_AUX.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_X509_CRL.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_X509_REQ.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_X509_REQ_NEW.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_CMS.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DHparams.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DSAPrivateKey.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DSA_PUBKEY.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DSAparams.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_ECPKParameters.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_ECPrivateKey.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_EC_PUBKEY.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_NETSCAPE_CERT_SEQUENCE.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PKCS7.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PKCS8.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PKCS8PrivateKey.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PKCS8PrivateKey_nid.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PKCS8_PRIV_KEY_INFO.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PUBKEY.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PrivateKey.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_RSAPrivateKey.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_RSAPublicKey.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_RSA_PUBKEY.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_X509.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_X509_AUX.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_X509_CRL.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_X509_REQ.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_X509_REQ_NEW.3"
+	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/pem_password_cb.3"
+	ln -sf "PKCS12_SAFEBAG_new.3" "$(DESTDIR)$(mandir)/man3/PKCS12_BAGS_free.3"
+	ln -sf "PKCS12_SAFEBAG_new.3" "$(DESTDIR)$(mandir)/man3/PKCS12_BAGS_new.3"
+	ln -sf "PKCS12_SAFEBAG_new.3" "$(DESTDIR)$(mandir)/man3/PKCS12_SAFEBAG_free.3"
+	ln -sf "PKCS12_new.3" "$(DESTDIR)$(mandir)/man3/PKCS12_MAC_DATA_free.3"
+	ln -sf "PKCS12_new.3" "$(DESTDIR)$(mandir)/man3/PKCS12_MAC_DATA_new.3"
+	ln -sf "PKCS12_new.3" "$(DESTDIR)$(mandir)/man3/PKCS12_free.3"
+	ln -sf "PKCS5_PBKDF2_HMAC.3" "$(DESTDIR)$(mandir)/man3/PKCS5_PBKDF2_HMAC_SHA1.3"
+	ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_DIGEST_free.3"
+	ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_DIGEST_new.3"
+	ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_ENCRYPT_free.3"
+	ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_ENCRYPT_new.3"
+	ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_ENC_CONTENT_free.3"
+	ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_ENC_CONTENT_new.3"
+	ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_ENVELOPE_free.3"
+	ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_ENVELOPE_new.3"
+	ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_ISSUER_AND_SERIAL_free.3"
+	ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_ISSUER_AND_SERIAL_new.3"
+	ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_RECIP_INFO_free.3"
+	ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_RECIP_INFO_new.3"
+	ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_SIGNED_free.3"
+	ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_SIGNED_new.3"
+	ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_SIGNER_INFO_free.3"
+	ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_SIGNER_INFO_new.3"
+	ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_SIGN_ENVELOPE_free.3"
+	ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_SIGN_ENVELOPE_new.3"
+	ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_free.3"
+	ln -sf "PKCS7_set_content.3" "$(DESTDIR)$(mandir)/man3/PKCS7_content_new.3"
+	ln -sf "PKCS7_set_type.3" "$(DESTDIR)$(mandir)/man3/PKCS7_set0_type_other.3"
+	ln -sf "PKCS7_verify.3" "$(DESTDIR)$(mandir)/man3/PKCS7_get0_signers.3"
+	ln -sf "PKCS8_PRIV_KEY_INFO_new.3" "$(DESTDIR)$(mandir)/man3/PKCS8_PRIV_KEY_INFO_free.3"
+	ln -sf "PKEY_USAGE_PERIOD_new.3" "$(DESTDIR)$(mandir)/man3/PKEY_USAGE_PERIOD_free.3"
+	ln -sf "POLICYINFO_new.3" "$(DESTDIR)$(mandir)/man3/CERTIFICATEPOLICIES_free.3"
+	ln -sf "POLICYINFO_new.3" "$(DESTDIR)$(mandir)/man3/CERTIFICATEPOLICIES_new.3"
+	ln -sf "POLICYINFO_new.3" "$(DESTDIR)$(mandir)/man3/NOTICEREF_free.3"
+	ln -sf "POLICYINFO_new.3" "$(DESTDIR)$(mandir)/man3/NOTICEREF_new.3"
+	ln -sf "POLICYINFO_new.3" "$(DESTDIR)$(mandir)/man3/POLICYINFO_free.3"
+	ln -sf "POLICYINFO_new.3" "$(DESTDIR)$(mandir)/man3/POLICYQUALINFO_free.3"
+	ln -sf "POLICYINFO_new.3" "$(DESTDIR)$(mandir)/man3/POLICYQUALINFO_new.3"
+	ln -sf "POLICYINFO_new.3" "$(DESTDIR)$(mandir)/man3/POLICY_CONSTRAINTS_free.3"
+	ln -sf "POLICYINFO_new.3" "$(DESTDIR)$(mandir)/man3/POLICY_CONSTRAINTS_new.3"
+	ln -sf "POLICYINFO_new.3" "$(DESTDIR)$(mandir)/man3/POLICY_MAPPING_free.3"
+	ln -sf "POLICYINFO_new.3" "$(DESTDIR)$(mandir)/man3/POLICY_MAPPING_new.3"
+	ln -sf "POLICYINFO_new.3" "$(DESTDIR)$(mandir)/man3/USERNOTICE_free.3"
+	ln -sf "POLICYINFO_new.3" "$(DESTDIR)$(mandir)/man3/USERNOTICE_new.3"
+	ln -sf "PROXY_POLICY_new.3" "$(DESTDIR)$(mandir)/man3/PROXY_CERT_INFO_EXTENSION_free.3"
+	ln -sf "PROXY_POLICY_new.3" "$(DESTDIR)$(mandir)/man3/PROXY_CERT_INFO_EXTENSION_new.3"
+	ln -sf "PROXY_POLICY_new.3" "$(DESTDIR)$(mandir)/man3/PROXY_POLICY_free.3"
+	ln -sf "RAND_add.3" "$(DESTDIR)$(mandir)/man3/RAND_cleanup.3"
+	ln -sf "RAND_add.3" "$(DESTDIR)$(mandir)/man3/RAND_poll.3"
+	ln -sf "RAND_add.3" "$(DESTDIR)$(mandir)/man3/RAND_seed.3"
+	ln -sf "RAND_add.3" "$(DESTDIR)$(mandir)/man3/RAND_status.3"
+	ln -sf "RAND_bytes.3" "$(DESTDIR)$(mandir)/man3/RAND_pseudo_bytes.3"
+	ln -sf "RAND_load_file.3" "$(DESTDIR)$(mandir)/man3/RAND_file_name.3"
+	ln -sf "RAND_load_file.3" "$(DESTDIR)$(mandir)/man3/RAND_write_file.3"
+	ln -sf "RAND_set_rand_method.3" "$(DESTDIR)$(mandir)/man3/RAND_SSLeay.3"
+	ln -sf "RAND_set_rand_method.3" "$(DESTDIR)$(mandir)/man3/RAND_get_rand_method.3"
+	ln -sf "RC4.3" "$(DESTDIR)$(mandir)/man3/RC4_set_key.3"
+	ln -sf "RIPEMD160.3" "$(DESTDIR)$(mandir)/man3/RIPEMD160_Final.3"
+	ln -sf "RIPEMD160.3" "$(DESTDIR)$(mandir)/man3/RIPEMD160_Init.3"
+	ln -sf "RIPEMD160.3" "$(DESTDIR)$(mandir)/man3/RIPEMD160_Update.3"
+	ln -sf "RSA_PSS_PARAMS_new.3" "$(DESTDIR)$(mandir)/man3/RSA_PSS_PARAMS_free.3"
+	ln -sf "RSA_blinding_on.3" "$(DESTDIR)$(mandir)/man3/RSA_blinding_off.3"
+	ln -sf "RSA_generate_key.3" "$(DESTDIR)$(mandir)/man3/RSA_generate_key_ex.3"
+	ln -sf "RSA_get0_key.3" "$(DESTDIR)$(mandir)/man3/RSA_clear_flags.3"
+	ln -sf "RSA_get0_key.3" "$(DESTDIR)$(mandir)/man3/RSA_get0_crt_params.3"
+	ln -sf "RSA_get0_key.3" "$(DESTDIR)$(mandir)/man3/RSA_get0_factors.3"
+	ln -sf "RSA_get0_key.3" "$(DESTDIR)$(mandir)/man3/RSA_set0_crt_params.3"
+	ln -sf "RSA_get0_key.3" "$(DESTDIR)$(mandir)/man3/RSA_set0_factors.3"
+	ln -sf "RSA_get0_key.3" "$(DESTDIR)$(mandir)/man3/RSA_set0_key.3"
+	ln -sf "RSA_get0_key.3" "$(DESTDIR)$(mandir)/man3/RSA_set_flags.3"
+	ln -sf "RSA_get0_key.3" "$(DESTDIR)$(mandir)/man3/RSA_test_flags.3"
+	ln -sf "RSA_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_EX_dup.3"
+	ln -sf "RSA_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_EX_free.3"
+	ln -sf "RSA_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_EX_new.3"
+	ln -sf "RSA_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/RSA_get_ex_data.3"
+	ln -sf "RSA_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/RSA_set_ex_data.3"
+	ln -sf "RSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/RSA_meth_dup.3"
+	ln -sf "RSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/RSA_meth_free.3"
+	ln -sf "RSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/RSA_meth_get0_app_data.3"
+	ln -sf "RSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/RSA_meth_get0_name.3"
+	ln -sf "RSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/RSA_meth_get_bn_mod_exp.3"
+	ln -sf "RSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/RSA_meth_get_finish.3"
+	ln -sf "RSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/RSA_meth_get_flags.3"
+	ln -sf "RSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/RSA_meth_get_init.3"
+	ln -sf "RSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/RSA_meth_get_keygen.3"
+	ln -sf "RSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/RSA_meth_get_mod_exp.3"
+	ln -sf "RSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/RSA_meth_get_priv_dec.3"
+	ln -sf "RSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/RSA_meth_get_priv_enc.3"
+	ln -sf "RSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/RSA_meth_get_pub_dec.3"
+	ln -sf "RSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/RSA_meth_get_pub_enc.3"
+	ln -sf "RSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/RSA_meth_get_sign.3"
+	ln -sf "RSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/RSA_meth_get_verify.3"
+	ln -sf "RSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/RSA_meth_set0_app_data.3"
+	ln -sf "RSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/RSA_meth_set1_name.3"
+	ln -sf "RSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/RSA_meth_set_bn_mod_exp.3"
+	ln -sf "RSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/RSA_meth_set_finish.3"
+	ln -sf "RSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/RSA_meth_set_flags.3"
+	ln -sf "RSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/RSA_meth_set_init.3"
+	ln -sf "RSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/RSA_meth_set_keygen.3"
+	ln -sf "RSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/RSA_meth_set_mod_exp.3"
+	ln -sf "RSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/RSA_meth_set_priv_dec.3"
+	ln -sf "RSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/RSA_meth_set_priv_enc.3"
+	ln -sf "RSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/RSA_meth_set_pub_dec.3"
+	ln -sf "RSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/RSA_meth_set_pub_enc.3"
+	ln -sf "RSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/RSA_meth_set_sign.3"
+	ln -sf "RSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/RSA_meth_set_verify.3"
+	ln -sf "RSA_new.3" "$(DESTDIR)$(mandir)/man3/RSAPrivateKey_dup.3"
+	ln -sf "RSA_new.3" "$(DESTDIR)$(mandir)/man3/RSAPublicKey_dup.3"
+	ln -sf "RSA_new.3" "$(DESTDIR)$(mandir)/man3/RSA_free.3"
+	ln -sf "RSA_new.3" "$(DESTDIR)$(mandir)/man3/RSA_up_ref.3"
+	ln -sf "RSA_padding_add_PKCS1_type_1.3" "$(DESTDIR)$(mandir)/man3/RSA_padding_add_PKCS1_OAEP.3"
+	ln -sf "RSA_padding_add_PKCS1_type_1.3" "$(DESTDIR)$(mandir)/man3/RSA_padding_add_PKCS1_type_2.3"
+	ln -sf "RSA_padding_add_PKCS1_type_1.3" "$(DESTDIR)$(mandir)/man3/RSA_padding_add_none.3"
+	ln -sf "RSA_padding_add_PKCS1_type_1.3" "$(DESTDIR)$(mandir)/man3/RSA_padding_check_PKCS1_OAEP.3"
+	ln -sf "RSA_padding_add_PKCS1_type_1.3" "$(DESTDIR)$(mandir)/man3/RSA_padding_check_PKCS1_type_1.3"
+	ln -sf "RSA_padding_add_PKCS1_type_1.3" "$(DESTDIR)$(mandir)/man3/RSA_padding_check_PKCS1_type_2.3"
+	ln -sf "RSA_padding_add_PKCS1_type_1.3" "$(DESTDIR)$(mandir)/man3/RSA_padding_check_none.3"
+	ln -sf "RSA_pkey_ctx_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get0_rsa_oaep_label.3"
+	ln -sf "RSA_pkey_ctx_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_rsa_mgf1_md.3"
+	ln -sf "RSA_pkey_ctx_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_rsa_oaep_md.3"
+	ln -sf "RSA_pkey_ctx_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_rsa_padding.3"
+	ln -sf "RSA_pkey_ctx_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_rsa_pss_saltlen.3"
+	ln -sf "RSA_pkey_ctx_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set0_rsa_oaep_label.3"
+	ln -sf "RSA_pkey_ctx_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_keygen_bits.3"
+	ln -sf "RSA_pkey_ctx_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_keygen_pubexp.3"
+	ln -sf "RSA_pkey_ctx_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_mgf1_md.3"
+	ln -sf "RSA_pkey_ctx_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_oaep_md.3"
+	ln -sf "RSA_pkey_ctx_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_padding.3"
+	ln -sf "RSA_pkey_ctx_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3"
+	ln -sf "RSA_pkey_ctx_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md.3"
+	ln -sf "RSA_pkey_ctx_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen.3"
+	ln -sf "RSA_pkey_ctx_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_pss_saltlen.3"
+	ln -sf "RSA_print.3" "$(DESTDIR)$(mandir)/man3/DHparams_print.3"
+	ln -sf "RSA_print.3" "$(DESTDIR)$(mandir)/man3/DHparams_print_fp.3"
+	ln -sf "RSA_print.3" "$(DESTDIR)$(mandir)/man3/DSA_print.3"
+	ln -sf "RSA_print.3" "$(DESTDIR)$(mandir)/man3/DSA_print_fp.3"
+	ln -sf "RSA_print.3" "$(DESTDIR)$(mandir)/man3/DSAparams_print.3"
+	ln -sf "RSA_print.3" "$(DESTDIR)$(mandir)/man3/DSAparams_print_fp.3"
+	ln -sf "RSA_print.3" "$(DESTDIR)$(mandir)/man3/RSA_print_fp.3"
+	ln -sf "RSA_private_encrypt.3" "$(DESTDIR)$(mandir)/man3/RSA_public_decrypt.3"
+	ln -sf "RSA_public_encrypt.3" "$(DESTDIR)$(mandir)/man3/RSA_private_decrypt.3"
+	ln -sf "RSA_set_method.3" "$(DESTDIR)$(mandir)/man3/RSA_PKCS1_SSLeay.3"
+	ln -sf "RSA_set_method.3" "$(DESTDIR)$(mandir)/man3/RSA_flags.3"
+	ln -sf "RSA_set_method.3" "$(DESTDIR)$(mandir)/man3/RSA_get_default_method.3"
+	ln -sf "RSA_set_method.3" "$(DESTDIR)$(mandir)/man3/RSA_get_method.3"
+	ln -sf "RSA_set_method.3" "$(DESTDIR)$(mandir)/man3/RSA_new_method.3"
+	ln -sf "RSA_set_method.3" "$(DESTDIR)$(mandir)/man3/RSA_set_default_method.3"
+	ln -sf "RSA_sign.3" "$(DESTDIR)$(mandir)/man3/RSA_verify.3"
+	ln -sf "RSA_sign_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/RSA_verify_ASN1_OCTET_STRING.3"
+	ln -sf "RSA_size.3" "$(DESTDIR)$(mandir)/man3/RSA_bits.3"
+	ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA1_Final.3"
+	ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA1_Init.3"
+	ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA1_Update.3"
+	ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA224.3"
+	ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA224_Final.3"
+	ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA224_Init.3"
+	ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA224_Update.3"
+	ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA256.3"
+	ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA256_Final.3"
+	ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA256_Init.3"
+	ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA256_Update.3"
+	ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA384.3"
+	ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA384_Final.3"
+	ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA384_Init.3"
+	ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA384_Update.3"
+	ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA512.3"
+	ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA512_Final.3"
+	ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA512_Init.3"
+	ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA512_Update.3"
+	ln -sf "SSL_CIPHER_get_name.3" "$(DESTDIR)$(mandir)/man3/SSL_CIPHER_description.3"
+	ln -sf "SSL_CIPHER_get_name.3" "$(DESTDIR)$(mandir)/man3/SSL_CIPHER_get_auth_nid.3"
+	ln -sf "SSL_CIPHER_get_name.3" "$(DESTDIR)$(mandir)/man3/SSL_CIPHER_get_bits.3"
+	ln -sf "SSL_CIPHER_get_name.3" "$(DESTDIR)$(mandir)/man3/SSL_CIPHER_get_cipher_nid.3"
+	ln -sf "SSL_CIPHER_get_name.3" "$(DESTDIR)$(mandir)/man3/SSL_CIPHER_get_digest_nid.3"
+	ln -sf "SSL_CIPHER_get_name.3" "$(DESTDIR)$(mandir)/man3/SSL_CIPHER_get_id.3"
+	ln -sf "SSL_CIPHER_get_name.3" "$(DESTDIR)$(mandir)/man3/SSL_CIPHER_get_kx_nid.3"
+	ln -sf "SSL_CIPHER_get_name.3" "$(DESTDIR)$(mandir)/man3/SSL_CIPHER_get_version.3"
+	ln -sf "SSL_CIPHER_get_name.3" "$(DESTDIR)$(mandir)/man3/SSL_CIPHER_is_aead.3"
+	ln -sf "SSL_COMP_add_compression_method.3" "$(DESTDIR)$(mandir)/man3/SSL_COMP_get_compression_methods.3"
+	ln -sf "SSL_CTX_add1_chain_cert.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_add0_chain_cert.3"
+	ln -sf "SSL_CTX_add1_chain_cert.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_clear_chain_certs.3"
+	ln -sf "SSL_CTX_add1_chain_cert.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get0_chain_certs.3"
+	ln -sf "SSL_CTX_add1_chain_cert.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set0_chain.3"
+	ln -sf "SSL_CTX_add1_chain_cert.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set1_chain.3"
+	ln -sf "SSL_CTX_add1_chain_cert.3" "$(DESTDIR)$(mandir)/man3/SSL_add0_chain_cert.3"
+	ln -sf "SSL_CTX_add1_chain_cert.3" "$(DESTDIR)$(mandir)/man3/SSL_add1_chain_cert.3"
+	ln -sf "SSL_CTX_add1_chain_cert.3" "$(DESTDIR)$(mandir)/man3/SSL_clear_chain_certs.3"
+	ln -sf "SSL_CTX_add1_chain_cert.3" "$(DESTDIR)$(mandir)/man3/SSL_get0_chain_certs.3"
+	ln -sf "SSL_CTX_add1_chain_cert.3" "$(DESTDIR)$(mandir)/man3/SSL_set0_chain.3"
+	ln -sf "SSL_CTX_add1_chain_cert.3" "$(DESTDIR)$(mandir)/man3/SSL_set1_chain.3"
+	ln -sf "SSL_CTX_add_extra_chain_cert.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_clear_extra_chain_certs.3"
+	ln -sf "SSL_CTX_add_extra_chain_cert.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_extra_chain_certs.3"
+	ln -sf "SSL_CTX_add_extra_chain_cert.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_extra_chain_certs_only.3"
+	ln -sf "SSL_CTX_add_session.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_remove_session.3"
+	ln -sf "SSL_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_callback_ctrl.3"
+	ln -sf "SSL_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/SSL_callback_ctrl.3"
+	ln -sf "SSL_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/SSL_ctrl.3"
+	ln -sf "SSL_CTX_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_ex_data.3"
+	ln -sf "SSL_CTX_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_ex_data.3"
+	ln -sf "SSL_CTX_get_verify_mode.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_verify_callback.3"
+	ln -sf "SSL_CTX_get_verify_mode.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_verify_depth.3"
+	ln -sf "SSL_CTX_get_verify_mode.3" "$(DESTDIR)$(mandir)/man3/SSL_get_verify_callback.3"
+	ln -sf "SSL_CTX_get_verify_mode.3" "$(DESTDIR)$(mandir)/man3/SSL_get_verify_depth.3"
+	ln -sf "SSL_CTX_get_verify_mode.3" "$(DESTDIR)$(mandir)/man3/SSL_get_verify_mode.3"
+	ln -sf "SSL_CTX_load_verify_locations.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_default_verify_paths.3"
+	ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/DTLS_client_method.3"
+	ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/DTLS_method.3"
+	ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/DTLS_server_method.3"
+	ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/DTLSv1_client_method.3"
+	ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/DTLSv1_method.3"
+	ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/DTLSv1_server_method.3"
+	ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_up_ref.3"
+	ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/SSLv23_client_method.3"
+	ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/SSLv23_method.3"
+	ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/SSLv23_server_method.3"
+	ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/TLS_client_method.3"
+	ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/TLS_method.3"
+	ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/TLS_server_method.3"
+	ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/TLSv1_1_client_method.3"
+	ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/TLSv1_1_method.3"
+	ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/TLSv1_1_server_method.3"
+	ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/TLSv1_2_client_method.3"
+	ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/TLSv1_2_method.3"
+	ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/TLSv1_2_server_method.3"
+	ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/TLSv1_client_method.3"
+	ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/TLSv1_method.3"
+	ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/TLSv1_server_method.3"
+	ln -sf "SSL_CTX_sess_number.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_accept.3"
+	ln -sf "SSL_CTX_sess_number.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_accept_good.3"
+	ln -sf "SSL_CTX_sess_number.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_accept_renegotiate.3"
+	ln -sf "SSL_CTX_sess_number.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_cache_full.3"
+	ln -sf "SSL_CTX_sess_number.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_cb_hits.3"
+	ln -sf "SSL_CTX_sess_number.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_connect.3"
+	ln -sf "SSL_CTX_sess_number.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_connect_good.3"
+	ln -sf "SSL_CTX_sess_number.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_connect_renegotiate.3"
+	ln -sf "SSL_CTX_sess_number.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_hits.3"
+	ln -sf "SSL_CTX_sess_number.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_misses.3"
+	ln -sf "SSL_CTX_sess_number.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_timeouts.3"
+	ln -sf "SSL_CTX_sess_set_cache_size.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_get_cache_size.3"
+	ln -sf "SSL_CTX_sess_set_get_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_get_get_cb.3"
+	ln -sf "SSL_CTX_sess_set_get_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_get_new_cb.3"
+	ln -sf "SSL_CTX_sess_set_get_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_get_remove_cb.3"
+	ln -sf "SSL_CTX_sess_set_get_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_set_new_cb.3"
+	ln -sf "SSL_CTX_sess_set_get_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_set_remove_cb.3"
+	ln -sf "SSL_CTX_sess_set_get_cb.3" "$(DESTDIR)$(mandir)/man3/get_session_cb.3"
+	ln -sf "SSL_CTX_sess_set_get_cb.3" "$(DESTDIR)$(mandir)/man3/new_session_cb.3"
+	ln -sf "SSL_CTX_sess_set_get_cb.3" "$(DESTDIR)$(mandir)/man3/remove_session_cb.3"
+	ln -sf "SSL_CTX_set1_groups.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set1_curves.3"
+	ln -sf "SSL_CTX_set1_groups.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set1_curves_list.3"
+	ln -sf "SSL_CTX_set1_groups.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set1_groups_list.3"
+	ln -sf "SSL_CTX_set1_groups.3" "$(DESTDIR)$(mandir)/man3/SSL_set1_curves.3"
+	ln -sf "SSL_CTX_set1_groups.3" "$(DESTDIR)$(mandir)/man3/SSL_set1_curves_list.3"
+	ln -sf "SSL_CTX_set1_groups.3" "$(DESTDIR)$(mandir)/man3/SSL_set1_groups.3"
+	ln -sf "SSL_CTX_set1_groups.3" "$(DESTDIR)$(mandir)/man3/SSL_set1_groups_list.3"
+	ln -sf "SSL_CTX_set_alpn_select_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_alpn_protos.3"
+	ln -sf "SSL_CTX_set_alpn_select_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_get0_alpn_selected.3"
+	ln -sf "SSL_CTX_set_alpn_select_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_select_next_proto.3"
+	ln -sf "SSL_CTX_set_alpn_select_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_set_alpn_protos.3"
+	ln -sf "SSL_CTX_set_cert_store.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_cert_store.3"
+	ln -sf "SSL_CTX_set_cipher_list.3" "$(DESTDIR)$(mandir)/man3/SSL_set_cipher_list.3"
+	ln -sf "SSL_CTX_set_client_CA_list.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_add_client_CA.3"
+	ln -sf "SSL_CTX_set_client_CA_list.3" "$(DESTDIR)$(mandir)/man3/SSL_add_client_CA.3"
+	ln -sf "SSL_CTX_set_client_CA_list.3" "$(DESTDIR)$(mandir)/man3/SSL_set_client_CA_list.3"
+	ln -sf "SSL_CTX_set_client_cert_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_client_cert_cb.3"
+	ln -sf "SSL_CTX_set_client_cert_cb.3" "$(DESTDIR)$(mandir)/man3/client_cert_cb.3"
+	ln -sf "SSL_CTX_set_default_passwd_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_default_passwd_cb.3"
+	ln -sf "SSL_CTX_set_default_passwd_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_default_passwd_cb_userdata.3"
+	ln -sf "SSL_CTX_set_default_passwd_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_default_passwd_cb_userdata.3"
+	ln -sf "SSL_CTX_set_default_passwd_cb.3" "$(DESTDIR)$(mandir)/man3/pem_password_cb.3"
+	ln -sf "SSL_CTX_set_generate_session_id.3" "$(DESTDIR)$(mandir)/man3/GEN_SESSION_CB.3"
+	ln -sf "SSL_CTX_set_generate_session_id.3" "$(DESTDIR)$(mandir)/man3/SSL_has_matching_session_id.3"
+	ln -sf "SSL_CTX_set_generate_session_id.3" "$(DESTDIR)$(mandir)/man3/SSL_set_generate_session_id.3"
+	ln -sf "SSL_CTX_set_info_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_info_callback.3"
+	ln -sf "SSL_CTX_set_info_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_get_info_callback.3"
+	ln -sf "SSL_CTX_set_info_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_set_info_callback.3"
+	ln -sf "SSL_CTX_set_max_cert_list.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_max_cert_list.3"
+	ln -sf "SSL_CTX_set_max_cert_list.3" "$(DESTDIR)$(mandir)/man3/SSL_get_max_cert_list.3"
+	ln -sf "SSL_CTX_set_max_cert_list.3" "$(DESTDIR)$(mandir)/man3/SSL_set_max_cert_list.3"
+	ln -sf "SSL_CTX_set_min_proto_version.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_max_proto_version.3"
+	ln -sf "SSL_CTX_set_min_proto_version.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_min_proto_version.3"
+	ln -sf "SSL_CTX_set_min_proto_version.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_max_proto_version.3"
+	ln -sf "SSL_CTX_set_min_proto_version.3" "$(DESTDIR)$(mandir)/man3/SSL_get_max_proto_version.3"
+	ln -sf "SSL_CTX_set_min_proto_version.3" "$(DESTDIR)$(mandir)/man3/SSL_get_min_proto_version.3"
+	ln -sf "SSL_CTX_set_min_proto_version.3" "$(DESTDIR)$(mandir)/man3/SSL_set_max_proto_version.3"
+	ln -sf "SSL_CTX_set_min_proto_version.3" "$(DESTDIR)$(mandir)/man3/SSL_set_min_proto_version.3"
+	ln -sf "SSL_CTX_set_mode.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_clear_mode.3"
+	ln -sf "SSL_CTX_set_mode.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_mode.3"
+	ln -sf "SSL_CTX_set_mode.3" "$(DESTDIR)$(mandir)/man3/SSL_clear_mode.3"
+	ln -sf "SSL_CTX_set_mode.3" "$(DESTDIR)$(mandir)/man3/SSL_get_mode.3"
+	ln -sf "SSL_CTX_set_mode.3" "$(DESTDIR)$(mandir)/man3/SSL_set_mode.3"
+	ln -sf "SSL_CTX_set_msg_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_msg_callback_arg.3"
+	ln -sf "SSL_CTX_set_msg_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_set_msg_callback.3"
+	ln -sf "SSL_CTX_set_msg_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_set_msg_callback_arg.3"
+	ln -sf "SSL_CTX_set_options.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_clear_options.3"
+	ln -sf "SSL_CTX_set_options.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_options.3"
+	ln -sf "SSL_CTX_set_options.3" "$(DESTDIR)$(mandir)/man3/SSL_clear_options.3"
+	ln -sf "SSL_CTX_set_options.3" "$(DESTDIR)$(mandir)/man3/SSL_get_options.3"
+	ln -sf "SSL_CTX_set_options.3" "$(DESTDIR)$(mandir)/man3/SSL_get_secure_renegotiation_support.3"
+	ln -sf "SSL_CTX_set_options.3" "$(DESTDIR)$(mandir)/man3/SSL_set_options.3"
+	ln -sf "SSL_CTX_set_quiet_shutdown.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_quiet_shutdown.3"
+	ln -sf "SSL_CTX_set_quiet_shutdown.3" "$(DESTDIR)$(mandir)/man3/SSL_get_quiet_shutdown.3"
+	ln -sf "SSL_CTX_set_quiet_shutdown.3" "$(DESTDIR)$(mandir)/man3/SSL_set_quiet_shutdown.3"
+	ln -sf "SSL_CTX_set_read_ahead.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_default_read_ahead.3"
+	ln -sf "SSL_CTX_set_read_ahead.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_read_ahead.3"
+	ln -sf "SSL_CTX_set_read_ahead.3" "$(DESTDIR)$(mandir)/man3/SSL_get_read_ahead.3"
+	ln -sf "SSL_CTX_set_read_ahead.3" "$(DESTDIR)$(mandir)/man3/SSL_set_read_ahead.3"
+	ln -sf "SSL_CTX_set_session_cache_mode.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_session_cache_mode.3"
+	ln -sf "SSL_CTX_set_session_id_context.3" "$(DESTDIR)$(mandir)/man3/SSL_set_session_id_context.3"
+	ln -sf "SSL_CTX_set_ssl_version.3" "$(DESTDIR)$(mandir)/man3/SSL_get_ssl_method.3"
+	ln -sf "SSL_CTX_set_ssl_version.3" "$(DESTDIR)$(mandir)/man3/SSL_set_ssl_method.3"
+	ln -sf "SSL_CTX_set_timeout.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_timeout.3"
+	ln -sf "SSL_CTX_set_tlsext_servername_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_tlsext_servername_arg.3"
+	ln -sf "SSL_CTX_set_tlsext_servername_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_get_servername.3"
+	ln -sf "SSL_CTX_set_tlsext_servername_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_get_servername_type.3"
+	ln -sf "SSL_CTX_set_tlsext_servername_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_set_tlsext_host_name.3"
+	ln -sf "SSL_CTX_set_tlsext_status_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_tlsext_status_arg.3"
+	ln -sf "SSL_CTX_set_tlsext_status_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_tlsext_status_cb.3"
+	ln -sf "SSL_CTX_set_tlsext_status_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_tlsext_status_arg.3"
+	ln -sf "SSL_CTX_set_tlsext_status_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_get_tlsext_status_ocsp_resp.3"
+	ln -sf "SSL_CTX_set_tlsext_status_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_set_tlsext_status_ocsp_resp.3"
+	ln -sf "SSL_CTX_set_tlsext_status_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_set_tlsext_status_type.3"
+	ln -sf "SSL_CTX_set_tlsext_use_srtp.3" "$(DESTDIR)$(mandir)/man3/SSL_get_selected_srtp_profile.3"
+	ln -sf "SSL_CTX_set_tlsext_use_srtp.3" "$(DESTDIR)$(mandir)/man3/SSL_get_srtp_profiles.3"
+	ln -sf "SSL_CTX_set_tlsext_use_srtp.3" "$(DESTDIR)$(mandir)/man3/SSL_set_tlsext_use_srtp.3"
+	ln -sf "SSL_CTX_set_tmp_dh_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_tmp_dh.3"
+	ln -sf "SSL_CTX_set_tmp_dh_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_set_tmp_dh.3"
+	ln -sf "SSL_CTX_set_tmp_dh_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_set_tmp_dh_callback.3"
+	ln -sf "SSL_CTX_set_tmp_rsa_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_need_tmp_RSA.3"
+	ln -sf "SSL_CTX_set_tmp_rsa_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_tmp_rsa.3"
+	ln -sf "SSL_CTX_set_tmp_rsa_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_need_tmp_RSA.3"
+	ln -sf "SSL_CTX_set_tmp_rsa_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_set_tmp_rsa.3"
+	ln -sf "SSL_CTX_set_tmp_rsa_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_set_tmp_rsa_callback.3"
+	ln -sf "SSL_CTX_set_verify.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_verify_depth.3"
+	ln -sf "SSL_CTX_set_verify.3" "$(DESTDIR)$(mandir)/man3/SSL_set_verify.3"
+	ln -sf "SSL_CTX_set_verify.3" "$(DESTDIR)$(mandir)/man3/SSL_set_verify_depth.3"
+	ln -sf "SSL_CTX_set_verify.3" "$(DESTDIR)$(mandir)/man3/verify_callback.3"
+	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_check_private_key.3"
+	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_PrivateKey.3"
+	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_PrivateKey_ASN1.3"
+	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_PrivateKey_file.3"
+	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_RSAPrivateKey.3"
+	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_RSAPrivateKey_ASN1.3"
+	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_RSAPrivateKey_file.3"
+	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_certificate_ASN1.3"
+	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_certificate_chain_file.3"
+	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_certificate_chain_mem.3"
+	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_certificate_file.3"
+	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_check_private_key.3"
+	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_use_PrivateKey.3"
+	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_use_PrivateKey_ASN1.3"
+	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_use_PrivateKey_file.3"
+	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_use_RSAPrivateKey.3"
+	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_use_RSAPrivateKey_ASN1.3"
+	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_use_RSAPrivateKey_file.3"
+	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_use_certificate.3"
+	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_use_certificate_ASN1.3"
+	ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_use_certificate_file.3"
+	ln -sf "SSL_SESSION_free.3" "$(DESTDIR)$(mandir)/man3/SSL_SESSION_up_ref.3"
+	ln -sf "SSL_SESSION_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/SSL_SESSION_get_ex_data.3"
+	ln -sf "SSL_SESSION_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/SSL_SESSION_set_ex_data.3"
+	ln -sf "SSL_SESSION_get_id.3" "$(DESTDIR)$(mandir)/man3/SSL_SESSION_set1_id.3"
+	ln -sf "SSL_SESSION_get_time.3" "$(DESTDIR)$(mandir)/man3/SSL_SESSION_get_timeout.3"
+	ln -sf "SSL_SESSION_get_time.3" "$(DESTDIR)$(mandir)/man3/SSL_SESSION_set_time.3"
+	ln -sf "SSL_SESSION_get_time.3" "$(DESTDIR)$(mandir)/man3/SSL_SESSION_set_timeout.3"
+	ln -sf "SSL_SESSION_get_time.3" "$(DESTDIR)$(mandir)/man3/SSL_get_time.3"
+	ln -sf "SSL_SESSION_get_time.3" "$(DESTDIR)$(mandir)/man3/SSL_get_timeout.3"
+	ln -sf "SSL_SESSION_get_time.3" "$(DESTDIR)$(mandir)/man3/SSL_set_time.3"
+	ln -sf "SSL_SESSION_get_time.3" "$(DESTDIR)$(mandir)/man3/SSL_set_timeout.3"
+	ln -sf "SSL_SESSION_has_ticket.3" "$(DESTDIR)$(mandir)/man3/SSL_SESSION_get_ticket_lifetime_hint.3"
+	ln -sf "SSL_SESSION_print.3" "$(DESTDIR)$(mandir)/man3/SSL_SESSION_print_fp.3"
+	ln -sf "SSL_SESSION_set1_id_context.3" "$(DESTDIR)$(mandir)/man3/SSL_SESSION_get0_id_context.3"
+	ln -sf "SSL_alert_type_string.3" "$(DESTDIR)$(mandir)/man3/SSL_alert_desc_string.3"
+	ln -sf "SSL_alert_type_string.3" "$(DESTDIR)$(mandir)/man3/SSL_alert_desc_string_long.3"
+	ln -sf "SSL_alert_type_string.3" "$(DESTDIR)$(mandir)/man3/SSL_alert_type_string_long.3"
+	ln -sf "SSL_get_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_get_privatekey.3"
+	ln -sf "SSL_get_ciphers.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_ciphers.3"
+	ln -sf "SSL_get_ciphers.3" "$(DESTDIR)$(mandir)/man3/SSL_get1_supported_ciphers.3"
+	ln -sf "SSL_get_ciphers.3" "$(DESTDIR)$(mandir)/man3/SSL_get_cipher_list.3"
+	ln -sf "SSL_get_ciphers.3" "$(DESTDIR)$(mandir)/man3/SSL_get_client_ciphers.3"
+	ln -sf "SSL_get_client_CA_list.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_client_CA_list.3"
+	ln -sf "SSL_get_client_random.3" "$(DESTDIR)$(mandir)/man3/SSL_SESSION_get_master_key.3"
+	ln -sf "SSL_get_client_random.3" "$(DESTDIR)$(mandir)/man3/SSL_get_server_random.3"
+	ln -sf "SSL_get_current_cipher.3" "$(DESTDIR)$(mandir)/man3/SSL_get_cipher.3"
+	ln -sf "SSL_get_current_cipher.3" "$(DESTDIR)$(mandir)/man3/SSL_get_cipher_bits.3"
+	ln -sf "SSL_get_current_cipher.3" "$(DESTDIR)$(mandir)/man3/SSL_get_cipher_name.3"
+	ln -sf "SSL_get_current_cipher.3" "$(DESTDIR)$(mandir)/man3/SSL_get_cipher_version.3"
+	ln -sf "SSL_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/SSL_get_ex_data.3"
+	ln -sf "SSL_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/SSL_set_ex_data.3"
+	ln -sf "SSL_get_fd.3" "$(DESTDIR)$(mandir)/man3/SSL_get_rfd.3"
+	ln -sf "SSL_get_fd.3" "$(DESTDIR)$(mandir)/man3/SSL_get_wfd.3"
+	ln -sf "SSL_get_rbio.3" "$(DESTDIR)$(mandir)/man3/SSL_get_wbio.3"
+	ln -sf "SSL_get_session.3" "$(DESTDIR)$(mandir)/man3/SSL_get0_session.3"
+	ln -sf "SSL_get_session.3" "$(DESTDIR)$(mandir)/man3/SSL_get1_session.3"
+	ln -sf "SSL_get_state.3" "$(DESTDIR)$(mandir)/man3/SSL_in_accept_init.3"
+	ln -sf "SSL_get_state.3" "$(DESTDIR)$(mandir)/man3/SSL_in_before.3"
+	ln -sf "SSL_get_state.3" "$(DESTDIR)$(mandir)/man3/SSL_in_connect_init.3"
+	ln -sf "SSL_get_state.3" "$(DESTDIR)$(mandir)/man3/SSL_in_init.3"
+	ln -sf "SSL_get_state.3" "$(DESTDIR)$(mandir)/man3/SSL_is_init_finished.3"
+	ln -sf "SSL_get_state.3" "$(DESTDIR)$(mandir)/man3/SSL_state.3"
+	ln -sf "SSL_get_version.3" "$(DESTDIR)$(mandir)/man3/SSL_version.3"
+	ln -sf "SSL_library_init.3" "$(DESTDIR)$(mandir)/man3/OpenSSL_add_ssl_algorithms.3"
+	ln -sf "SSL_library_init.3" "$(DESTDIR)$(mandir)/man3/SSLeay_add_ssl_algorithms.3"
+	ln -sf "SSL_load_client_CA_file.3" "$(DESTDIR)$(mandir)/man3/SSL_add_dir_cert_subjects_to_stack.3"
+	ln -sf "SSL_load_client_CA_file.3" "$(DESTDIR)$(mandir)/man3/SSL_add_file_cert_subjects_to_stack.3"
+	ln -sf "SSL_new.3" "$(DESTDIR)$(mandir)/man3/SSL_up_ref.3"
+	ln -sf "SSL_num_renegotiations.3" "$(DESTDIR)$(mandir)/man3/SSL_clear_num_renegotiations.3"
+	ln -sf "SSL_num_renegotiations.3" "$(DESTDIR)$(mandir)/man3/SSL_total_renegotiations.3"
+	ln -sf "SSL_read.3" "$(DESTDIR)$(mandir)/man3/SSL_peek.3"
+	ln -sf "SSL_renegotiate.3" "$(DESTDIR)$(mandir)/man3/SSL_renegotiate_abbreviated.3"
+	ln -sf "SSL_renegotiate.3" "$(DESTDIR)$(mandir)/man3/SSL_renegotiate_pending.3"
+	ln -sf "SSL_rstate_string.3" "$(DESTDIR)$(mandir)/man3/SSL_rstate_string_long.3"
+	ln -sf "SSL_set1_param.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get0_param.3"
+	ln -sf "SSL_set1_param.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set1_param.3"
+	ln -sf "SSL_set1_param.3" "$(DESTDIR)$(mandir)/man3/SSL_get0_param.3"
+	ln -sf "SSL_set_connect_state.3" "$(DESTDIR)$(mandir)/man3/SSL_is_server.3"
+	ln -sf "SSL_set_connect_state.3" "$(DESTDIR)$(mandir)/man3/SSL_set_accept_state.3"
+	ln -sf "SSL_set_fd.3" "$(DESTDIR)$(mandir)/man3/SSL_set_rfd.3"
+	ln -sf "SSL_set_fd.3" "$(DESTDIR)$(mandir)/man3/SSL_set_wfd.3"
+	ln -sf "SSL_set_max_send_fragment.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_max_send_fragment.3"
+	ln -sf "SSL_set_shutdown.3" "$(DESTDIR)$(mandir)/man3/SSL_get_shutdown.3"
+	ln -sf "SSL_set_tmp_ecdh.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_ecdh_auto.3"
+	ln -sf "SSL_set_tmp_ecdh.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_tmp_ecdh.3"
+	ln -sf "SSL_set_tmp_ecdh.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_tmp_ecdh_callback.3"
+	ln -sf "SSL_set_tmp_ecdh.3" "$(DESTDIR)$(mandir)/man3/SSL_set_ecdh_auto.3"
+	ln -sf "SSL_set_tmp_ecdh.3" "$(DESTDIR)$(mandir)/man3/SSL_set_tmp_ecdh_callback.3"
+	ln -sf "SSL_state_string.3" "$(DESTDIR)$(mandir)/man3/SSL_state_string_long.3"
+	ln -sf "SSL_want.3" "$(DESTDIR)$(mandir)/man3/SSL_want_nothing.3"
+	ln -sf "SSL_want.3" "$(DESTDIR)$(mandir)/man3/SSL_want_read.3"
+	ln -sf "SSL_want.3" "$(DESTDIR)$(mandir)/man3/SSL_want_write.3"
+	ln -sf "SSL_want.3" "$(DESTDIR)$(mandir)/man3/SSL_want_x509_lookup.3"
+	ln -sf "SXNET_new.3" "$(DESTDIR)$(mandir)/man3/SXNETID_free.3"
+	ln -sf "SXNET_new.3" "$(DESTDIR)$(mandir)/man3/SXNETID_new.3"
+	ln -sf "SXNET_new.3" "$(DESTDIR)$(mandir)/man3/SXNET_free.3"
+	ln -sf "SXNET_new.3" "$(DESTDIR)$(mandir)/man3/d2i_SXNET.3"
+	ln -sf "SXNET_new.3" "$(DESTDIR)$(mandir)/man3/d2i_SXNETID.3"
+	ln -sf "SXNET_new.3" "$(DESTDIR)$(mandir)/man3/i2d_SXNET.3"
+	ln -sf "SXNET_new.3" "$(DESTDIR)$(mandir)/man3/i2d_SXNETID.3"
+	ln -sf "TS_REQ_new.3" "$(DESTDIR)$(mandir)/man3/TS_ACCURACY_free.3"
+	ln -sf "TS_REQ_new.3" "$(DESTDIR)$(mandir)/man3/TS_ACCURACY_new.3"
+	ln -sf "TS_REQ_new.3" "$(DESTDIR)$(mandir)/man3/TS_MSG_IMPRINT_free.3"
+	ln -sf "TS_REQ_new.3" "$(DESTDIR)$(mandir)/man3/TS_MSG_IMPRINT_new.3"
+	ln -sf "TS_REQ_new.3" "$(DESTDIR)$(mandir)/man3/TS_REQ_free.3"
+	ln -sf "TS_REQ_new.3" "$(DESTDIR)$(mandir)/man3/TS_RESP_free.3"
+	ln -sf "TS_REQ_new.3" "$(DESTDIR)$(mandir)/man3/TS_RESP_new.3"
+	ln -sf "TS_REQ_new.3" "$(DESTDIR)$(mandir)/man3/TS_STATUS_INFO_free.3"
+	ln -sf "TS_REQ_new.3" "$(DESTDIR)$(mandir)/man3/TS_STATUS_INFO_new.3"
+	ln -sf "TS_REQ_new.3" "$(DESTDIR)$(mandir)/man3/TS_TST_INFO_free.3"
+	ln -sf "TS_REQ_new.3" "$(DESTDIR)$(mandir)/man3/TS_TST_INFO_new.3"
+	ln -sf "UI_UTIL_read_pw.3" "$(DESTDIR)$(mandir)/man3/UI_UTIL_read_pw_string.3"
+	ln -sf "UI_create_method.3" "$(DESTDIR)$(mandir)/man3/UI_destroy_method.3"
+	ln -sf "UI_create_method.3" "$(DESTDIR)$(mandir)/man3/UI_method_get_closer.3"
+	ln -sf "UI_create_method.3" "$(DESTDIR)$(mandir)/man3/UI_method_get_flusher.3"
+	ln -sf "UI_create_method.3" "$(DESTDIR)$(mandir)/man3/UI_method_get_opener.3"
+	ln -sf "UI_create_method.3" "$(DESTDIR)$(mandir)/man3/UI_method_get_prompt_constructor.3"
+	ln -sf "UI_create_method.3" "$(DESTDIR)$(mandir)/man3/UI_method_get_reader.3"
+	ln -sf "UI_create_method.3" "$(DESTDIR)$(mandir)/man3/UI_method_get_writer.3"
+	ln -sf "UI_create_method.3" "$(DESTDIR)$(mandir)/man3/UI_method_set_closer.3"
+	ln -sf "UI_create_method.3" "$(DESTDIR)$(mandir)/man3/UI_method_set_flusher.3"
+	ln -sf "UI_create_method.3" "$(DESTDIR)$(mandir)/man3/UI_method_set_opener.3"
+	ln -sf "UI_create_method.3" "$(DESTDIR)$(mandir)/man3/UI_method_set_prompt_constructor.3"
+	ln -sf "UI_create_method.3" "$(DESTDIR)$(mandir)/man3/UI_method_set_reader.3"
+	ln -sf "UI_create_method.3" "$(DESTDIR)$(mandir)/man3/UI_method_set_writer.3"
+	ln -sf "UI_get_string_type.3" "$(DESTDIR)$(mandir)/man3/UI_get0_action_string.3"
+	ln -sf "UI_get_string_type.3" "$(DESTDIR)$(mandir)/man3/UI_get0_output_string.3"
+	ln -sf "UI_get_string_type.3" "$(DESTDIR)$(mandir)/man3/UI_get0_result_string.3"
+	ln -sf "UI_get_string_type.3" "$(DESTDIR)$(mandir)/man3/UI_get0_test_string.3"
+	ln -sf "UI_get_string_type.3" "$(DESTDIR)$(mandir)/man3/UI_get_input_flags.3"
+	ln -sf "UI_get_string_type.3" "$(DESTDIR)$(mandir)/man3/UI_get_result_maxsize.3"
+	ln -sf "UI_get_string_type.3" "$(DESTDIR)$(mandir)/man3/UI_get_result_minsize.3"
+	ln -sf "UI_get_string_type.3" "$(DESTDIR)$(mandir)/man3/UI_set_result.3"
+	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_OpenSSL.3"
+	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_add_error_string.3"
+	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_add_info_string.3"
+	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_add_input_boolean.3"
+	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_add_input_string.3"
+	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_add_user_data.3"
+	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_add_verify_string.3"
+	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_construct_prompt.3"
+	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_ctrl.3"
+	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_dup_error_string.3"
+	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_dup_info_string.3"
+	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_dup_input_boolean.3"
+	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_dup_input_string.3"
+	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_dup_verify_string.3"
+	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_free.3"
+	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_get0_result.3"
+	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_get0_user_data.3"
+	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_get_default_method.3"
+	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_get_method.3"
+	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_new_method.3"
+	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_process.3"
+	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_set_default_method.3"
+	ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_set_method.3"
+	ln -sf "X25519.3" "$(DESTDIR)$(mandir)/man3/X25519_keypair.3"
+	ln -sf "X509V3_get_d2i.3" "$(DESTDIR)$(mandir)/man3/X509V3_EXT_d2i.3"
+	ln -sf "X509V3_get_d2i.3" "$(DESTDIR)$(mandir)/man3/X509V3_EXT_i2d.3"
+	ln -sf "X509V3_get_d2i.3" "$(DESTDIR)$(mandir)/man3/X509V3_add1_i2d.3"
+	ln -sf "X509V3_get_d2i.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_add1_ext_i2d.3"
+	ln -sf "X509V3_get_d2i.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get0_extensions.3"
+	ln -sf "X509V3_get_d2i.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get_ext_d2i.3"
+	ln -sf "X509V3_get_d2i.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_add1_ext_i2d.3"
+	ln -sf "X509V3_get_d2i.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get0_extensions.3"
+	ln -sf "X509V3_get_d2i.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get_ext_d2i.3"
+	ln -sf "X509V3_get_d2i.3" "$(DESTDIR)$(mandir)/man3/X509_add1_ext_i2d.3"
+	ln -sf "X509V3_get_d2i.3" "$(DESTDIR)$(mandir)/man3/X509_get0_extensions.3"
+	ln -sf "X509V3_get_d2i.3" "$(DESTDIR)$(mandir)/man3/X509_get_ext_d2i.3"
+	ln -sf "X509_ALGOR_dup.3" "$(DESTDIR)$(mandir)/man3/X509_ALGOR_cmp.3"
+	ln -sf "X509_ALGOR_dup.3" "$(DESTDIR)$(mandir)/man3/X509_ALGOR_free.3"
+	ln -sf "X509_ALGOR_dup.3" "$(DESTDIR)$(mandir)/man3/X509_ALGOR_get0.3"
+	ln -sf "X509_ALGOR_dup.3" "$(DESTDIR)$(mandir)/man3/X509_ALGOR_new.3"
+	ln -sf "X509_ALGOR_dup.3" "$(DESTDIR)$(mandir)/man3/X509_ALGOR_set0.3"
+	ln -sf "X509_ALGOR_dup.3" "$(DESTDIR)$(mandir)/man3/X509_ALGOR_set_md.3"
+	ln -sf "X509_ATTRIBUTE_new.3" "$(DESTDIR)$(mandir)/man3/X509_ATTRIBUTE_free.3"
+	ln -sf "X509_CINF_new.3" "$(DESTDIR)$(mandir)/man3/X509_CERT_AUX_free.3"
+	ln -sf "X509_CINF_new.3" "$(DESTDIR)$(mandir)/man3/X509_CERT_AUX_new.3"
+	ln -sf "X509_CINF_new.3" "$(DESTDIR)$(mandir)/man3/X509_CINF_free.3"
+	ln -sf "X509_CINF_new.3" "$(DESTDIR)$(mandir)/man3/X509_VAL_free.3"
+	ln -sf "X509_CINF_new.3" "$(DESTDIR)$(mandir)/man3/X509_VAL_new.3"
+	ln -sf "X509_CRL_get0_by_serial.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_add0_revoked.3"
+	ln -sf "X509_CRL_get0_by_serial.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get0_by_cert.3"
+	ln -sf "X509_CRL_get0_by_serial.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get_REVOKED.3"
+	ln -sf "X509_CRL_get0_by_serial.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_sort.3"
+	ln -sf "X509_CRL_new.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_INFO_free.3"
+	ln -sf "X509_CRL_new.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_INFO_new.3"
+	ln -sf "X509_CRL_new.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_dup.3"
+	ln -sf "X509_CRL_new.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_free.3"
+	ln -sf "X509_CRL_new.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_up_ref.3"
+	ln -sf "X509_EXTENSION_set_object.3" "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_create_by_NID.3"
+	ln -sf "X509_EXTENSION_set_object.3" "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_create_by_OBJ.3"
+	ln -sf "X509_EXTENSION_set_object.3" "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_free.3"
+	ln -sf "X509_EXTENSION_set_object.3" "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_get_critical.3"
+	ln -sf "X509_EXTENSION_set_object.3" "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_get_data.3"
+	ln -sf "X509_EXTENSION_set_object.3" "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_get_object.3"
+	ln -sf "X509_EXTENSION_set_object.3" "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_new.3"
+	ln -sf "X509_EXTENSION_set_object.3" "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_set_critical.3"
+	ln -sf "X509_EXTENSION_set_object.3" "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_set_data.3"
+	ln -sf "X509_INFO_new.3" "$(DESTDIR)$(mandir)/man3/X509_INFO_free.3"
+	ln -sf "X509_LOOKUP_hash_dir.3" "$(DESTDIR)$(mandir)/man3/X509_LOOKUP_file.3"
+	ln -sf "X509_LOOKUP_hash_dir.3" "$(DESTDIR)$(mandir)/man3/X509_load_cert_crl_file.3"
+	ln -sf "X509_LOOKUP_hash_dir.3" "$(DESTDIR)$(mandir)/man3/X509_load_cert_file.3"
+	ln -sf "X509_LOOKUP_hash_dir.3" "$(DESTDIR)$(mandir)/man3/X509_load_crl_file.3"
+	ln -sf "X509_NAME_ENTRY_get_object.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_create_by_NID.3"
+	ln -sf "X509_NAME_ENTRY_get_object.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_create_by_OBJ.3"
+	ln -sf "X509_NAME_ENTRY_get_object.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_create_by_txt.3"
+	ln -sf "X509_NAME_ENTRY_get_object.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_free.3"
+	ln -sf "X509_NAME_ENTRY_get_object.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_get_data.3"
+	ln -sf "X509_NAME_ENTRY_get_object.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_new.3"
+	ln -sf "X509_NAME_ENTRY_get_object.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_set_data.3"
+	ln -sf "X509_NAME_ENTRY_get_object.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_set_object.3"
+	ln -sf "X509_NAME_add_entry_by_txt.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_add_entry.3"
+	ln -sf "X509_NAME_add_entry_by_txt.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_add_entry_by_NID.3"
+	ln -sf "X509_NAME_add_entry_by_txt.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_add_entry_by_OBJ.3"
+	ln -sf "X509_NAME_add_entry_by_txt.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_delete_entry.3"
+	ln -sf "X509_NAME_get_index_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_entry_count.3"
+	ln -sf "X509_NAME_get_index_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_get_entry.3"
+	ln -sf "X509_NAME_get_index_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_get_index_by_OBJ.3"
+	ln -sf "X509_NAME_get_index_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_get_text_by_NID.3"
+	ln -sf "X509_NAME_get_index_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_get_text_by_OBJ.3"
+	ln -sf "X509_NAME_new.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_free.3"
+	ln -sf "X509_NAME_print_ex.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_oneline.3"
+	ln -sf "X509_NAME_print_ex.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_print.3"
+	ln -sf "X509_NAME_print_ex.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_print_ex_fp.3"
+	ln -sf "X509_OBJECT_get0_X509.3" "$(DESTDIR)$(mandir)/man3/X509_OBJECT_free_contents.3"
+	ln -sf "X509_OBJECT_get0_X509.3" "$(DESTDIR)$(mandir)/man3/X509_OBJECT_get0_X509_CRL.3"
+	ln -sf "X509_OBJECT_get0_X509.3" "$(DESTDIR)$(mandir)/man3/X509_OBJECT_get_type.3"
+	ln -sf "X509_OBJECT_get0_X509.3" "$(DESTDIR)$(mandir)/man3/X509_OBJECT_idx_by_subject.3"
+	ln -sf "X509_OBJECT_get0_X509.3" "$(DESTDIR)$(mandir)/man3/X509_OBJECT_retrieve_by_subject.3"
+	ln -sf "X509_OBJECT_get0_X509.3" "$(DESTDIR)$(mandir)/man3/X509_OBJECT_retrieve_match.3"
+	ln -sf "X509_OBJECT_get0_X509.3" "$(DESTDIR)$(mandir)/man3/X509_OBJECT_up_ref_count.3"
+	ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/X509_PUBKEY_free.3"
+	ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/X509_PUBKEY_get.3"
+	ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/X509_PUBKEY_get0.3"
+	ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/X509_PUBKEY_get0_param.3"
+	ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/X509_PUBKEY_set.3"
+	ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/X509_PUBKEY_set0_param.3"
+	ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/d2i_PUBKEY.3"
+	ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/d2i_PUBKEY_bio.3"
+	ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/d2i_PUBKEY_fp.3"
+	ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/i2d_PUBKEY.3"
+	ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/i2d_PUBKEY_bio.3"
+	ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/i2d_PUBKEY_fp.3"
+	ln -sf "X509_REQ_new.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_INFO_free.3"
+	ln -sf "X509_REQ_new.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_INFO_new.3"
+	ln -sf "X509_REQ_new.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_free.3"
+	ln -sf "X509_REVOKED_new.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_dup.3"
+	ln -sf "X509_REVOKED_new.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_free.3"
+	ln -sf "X509_REVOKED_new.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get0_revocationDate.3"
+	ln -sf "X509_REVOKED_new.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get0_serialNumber.3"
+	ln -sf "X509_REVOKED_new.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_set_revocationDate.3"
+	ln -sf "X509_REVOKED_new.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_set_serialNumber.3"
+	ln -sf "X509_SIG_new.3" "$(DESTDIR)$(mandir)/man3/X509_SIG_free.3"
+	ln -sf "X509_STORE_CTX_get_error.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get0_cert.3"
+	ln -sf "X509_STORE_CTX_get_error.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get0_chain.3"
+	ln -sf "X509_STORE_CTX_get_error.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get1_chain.3"
+	ln -sf "X509_STORE_CTX_get_error.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_current_cert.3"
+	ln -sf "X509_STORE_CTX_get_error.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_error_depth.3"
+	ln -sf "X509_STORE_CTX_get_error.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_error.3"
+	ln -sf "X509_STORE_CTX_get_error.3" "$(DESTDIR)$(mandir)/man3/X509_verify_cert_error_string.3"
+	ln -sf "X509_STORE_CTX_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_ex_data.3"
+	ln -sf "X509_STORE_CTX_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_ex_data.3"
+	ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_cleanup.3"
+	ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_free.3"
+	ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get0_param.3"
+	ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get0_store.3"
+	ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get0_untrusted.3"
+	ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_init.3"
+	ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_crls.3"
+	ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_param.3"
+	ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_trusted_stack.3"
+	ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_untrusted.3"
+	ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_cert.3"
+	ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_chain.3"
+	ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_default.3"
+	ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_flags.3"
+	ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_trusted_stack.3"
+	ln -sf "X509_STORE_load_locations.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_set_default_paths.3"
+	ln -sf "X509_STORE_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_free.3"
+	ln -sf "X509_STORE_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_up_ref.3"
+	ln -sf "X509_STORE_set1_param.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_add_cert.3"
+	ln -sf "X509_STORE_set1_param.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_add_crl.3"
+	ln -sf "X509_STORE_set1_param.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_get0_objects.3"
+	ln -sf "X509_STORE_set1_param.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_get0_param.3"
+	ln -sf "X509_STORE_set1_param.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_get_ex_data.3"
+	ln -sf "X509_STORE_set1_param.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_get_ex_new_index.3"
+	ln -sf "X509_STORE_set1_param.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_set_depth.3"
+	ln -sf "X509_STORE_set1_param.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_set_ex_data.3"
+	ln -sf "X509_STORE_set1_param.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_set_flags.3"
+	ln -sf "X509_STORE_set1_param.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_set_purpose.3"
+	ln -sf "X509_STORE_set1_param.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_set_trust.3"
+	ln -sf "X509_STORE_set_verify_cb_func.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_set_verify_cb.3"
+	ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_add0_policy.3"
+	ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_add0_table.3"
+	ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_add1_host.3"
+	ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_clear_flags.3"
+	ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_free.3"
+	ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get0.3"
+	ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get0_name.3"
+	ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get0_peername.3"
+	ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get_count.3"
+	ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get_depth.3"
+	ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get_flags.3"
+	ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_lookup.3"
+	ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_new.3"
+	ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set1_email.3"
+	ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set1_host.3"
+	ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set1_ip.3"
+	ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set1_ip_asc.3"
+	ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set1_name.3"
+	ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set1_policies.3"
+	ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_depth.3"
+	ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_hostflags.3"
+	ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_purpose.3"
+	ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_time.3"
+	ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_trust.3"
+	ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_table_cleanup.3"
+	ln -sf "X509_check_host.3" "$(DESTDIR)$(mandir)/man3/X509_check_email.3"
+	ln -sf "X509_check_host.3" "$(DESTDIR)$(mandir)/man3/X509_check_ip.3"
+	ln -sf "X509_check_host.3" "$(DESTDIR)$(mandir)/man3/X509_check_ip_asc.3"
+	ln -sf "X509_check_private_key.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_check_private_key.3"
+	ln -sf "X509_cmp.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_cmp.3"
+	ln -sf "X509_cmp.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_match.3"
+	ln -sf "X509_cmp.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_cmp.3"
+	ln -sf "X509_cmp.3" "$(DESTDIR)$(mandir)/man3/X509_issuer_and_serial_cmp.3"
+	ln -sf "X509_cmp.3" "$(DESTDIR)$(mandir)/man3/X509_issuer_name_cmp.3"
+	ln -sf "X509_cmp.3" "$(DESTDIR)$(mandir)/man3/X509_subject_name_cmp.3"
+	ln -sf "X509_cmp_time.3" "$(DESTDIR)$(mandir)/man3/X509_cmp_current_time.3"
+	ln -sf "X509_cmp_time.3" "$(DESTDIR)$(mandir)/man3/X509_time_adj.3"
+	ln -sf "X509_cmp_time.3" "$(DESTDIR)$(mandir)/man3/X509_time_adj_ex.3"
+	ln -sf "X509_digest.3" "$(DESTDIR)$(mandir)/man3/PKCS7_ISSUER_AND_SERIAL_digest.3"
+	ln -sf "X509_digest.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_digest.3"
+	ln -sf "X509_digest.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_digest.3"
+	ln -sf "X509_digest.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_digest.3"
+	ln -sf "X509_digest.3" "$(DESTDIR)$(mandir)/man3/X509_pubkey_digest.3"
+	ln -sf "X509_get0_notBefore.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get0_lastUpdate.3"
+	ln -sf "X509_get0_notBefore.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get0_nextUpdate.3"
+	ln -sf "X509_get0_notBefore.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_set1_lastUpdate.3"
+	ln -sf "X509_get0_notBefore.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_set1_nextUpdate.3"
+	ln -sf "X509_get0_notBefore.3" "$(DESTDIR)$(mandir)/man3/X509_get0_notAfter.3"
+	ln -sf "X509_get0_notBefore.3" "$(DESTDIR)$(mandir)/man3/X509_getm_notAfter.3"
+	ln -sf "X509_get0_notBefore.3" "$(DESTDIR)$(mandir)/man3/X509_getm_notBefore.3"
+	ln -sf "X509_get0_notBefore.3" "$(DESTDIR)$(mandir)/man3/X509_set1_notAfter.3"
+	ln -sf "X509_get0_notBefore.3" "$(DESTDIR)$(mandir)/man3/X509_set1_notBefore.3"
+	ln -sf "X509_get0_signature.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get0_signature.3"
+	ln -sf "X509_get0_signature.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get_signature_nid.3"
+	ln -sf "X509_get0_signature.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_get0_signature.3"
+	ln -sf "X509_get0_signature.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_get_signature_nid.3"
+	ln -sf "X509_get0_signature.3" "$(DESTDIR)$(mandir)/man3/X509_get0_tbs_sigalg.3"
+	ln -sf "X509_get0_signature.3" "$(DESTDIR)$(mandir)/man3/X509_get_signature_nid.3"
+	ln -sf "X509_get1_email.3" "$(DESTDIR)$(mandir)/man3/X509_email_free.3"
+	ln -sf "X509_get1_email.3" "$(DESTDIR)$(mandir)/man3/X509_get1_ocsp.3"
+	ln -sf "X509_get_pubkey.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_get_pubkey.3"
+	ln -sf "X509_get_pubkey.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_set_pubkey.3"
+	ln -sf "X509_get_pubkey.3" "$(DESTDIR)$(mandir)/man3/X509_get0_pubkey.3"
+	ln -sf "X509_get_pubkey.3" "$(DESTDIR)$(mandir)/man3/X509_get_X509_PUBKEY.3"
+	ln -sf "X509_get_pubkey.3" "$(DESTDIR)$(mandir)/man3/X509_set_pubkey.3"
+	ln -sf "X509_get_serialNumber.3" "$(DESTDIR)$(mandir)/man3/X509_set_serialNumber.3"
+	ln -sf "X509_get_subject_name.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get_issuer.3"
+	ln -sf "X509_get_subject_name.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_set_issuer_name.3"
+	ln -sf "X509_get_subject_name.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_get_subject_name.3"
+	ln -sf "X509_get_subject_name.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_set_subject_name.3"
+	ln -sf "X509_get_subject_name.3" "$(DESTDIR)$(mandir)/man3/X509_get_issuer_name.3"
+	ln -sf "X509_get_subject_name.3" "$(DESTDIR)$(mandir)/man3/X509_set_issuer_name.3"
+	ln -sf "X509_get_subject_name.3" "$(DESTDIR)$(mandir)/man3/X509_set_subject_name.3"
+	ln -sf "X509_get_version.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get_version.3"
+	ln -sf "X509_get_version.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_set_version.3"
+	ln -sf "X509_get_version.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_get_version.3"
+	ln -sf "X509_get_version.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_set_version.3"
+	ln -sf "X509_get_version.3" "$(DESTDIR)$(mandir)/man3/X509_set_version.3"
+	ln -sf "X509_new.3" "$(DESTDIR)$(mandir)/man3/X509_chain_up_ref.3"
+	ln -sf "X509_new.3" "$(DESTDIR)$(mandir)/man3/X509_dup.3"
+	ln -sf "X509_new.3" "$(DESTDIR)$(mandir)/man3/X509_free.3"
+	ln -sf "X509_new.3" "$(DESTDIR)$(mandir)/man3/X509_up_ref.3"
+	ln -sf "X509_sign.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_sign.3"
+	ln -sf "X509_sign.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_sign_ctx.3"
+	ln -sf "X509_sign.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_verify.3"
+	ln -sf "X509_sign.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_sign.3"
+	ln -sf "X509_sign.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_sign_ctx.3"
+	ln -sf "X509_sign.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_verify.3"
+	ln -sf "X509_sign.3" "$(DESTDIR)$(mandir)/man3/X509_sign_ctx.3"
+	ln -sf "X509_sign.3" "$(DESTDIR)$(mandir)/man3/X509_verify.3"
+	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_add_ext.3"
+	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_delete_ext.3"
+	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get_ext.3"
+	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get_ext_by_NID.3"
+	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get_ext_by_OBJ.3"
+	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get_ext_by_critical.3"
+	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get_ext_count.3"
+	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_add_ext.3"
+	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_delete_ext.3"
+	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get_ext.3"
+	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get_ext_by_NID.3"
+	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get_ext_by_OBJ.3"
+	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get_ext_by_critical.3"
+	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get_ext_count.3"
+	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_add_ext.3"
+	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_delete_ext.3"
+	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_get_ext.3"
+	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_get_ext_by_NID.3"
+	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_get_ext_by_OBJ.3"
+	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_get_ext_by_critical.3"
+	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_get_ext_count.3"
+	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509v3_add_ext.3"
+	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509v3_delete_ext.3"
+	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509v3_get_ext.3"
+	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509v3_get_ext_by_OBJ.3"
+	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509v3_get_ext_by_critical.3"
+	ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509v3_get_ext_count.3"
+	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_add_words.3"
+	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_check_top.3"
+	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_cmp_words.3"
+	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_div_words.3"
+	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_expand.3"
+	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_expand2.3"
+	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_fix_top.3"
+	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_mul_add_words.3"
+	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_mul_comba4.3"
+	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_mul_comba8.3"
+	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_mul_high.3"
+	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_mul_low_normal.3"
+	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_mul_low_recursive.3"
+	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_mul_normal.3"
+	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_mul_part_recursive.3"
+	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_mul_recursive.3"
+	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_mul_words.3"
+	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_set_high.3"
+	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_set_low.3"
+	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_set_max.3"
+	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_sqr_comba4.3"
+	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_sqr_comba8.3"
+	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_sqr_normal.3"
+	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_sqr_recursive.3"
+	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_sqr_words.3"
+	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_sub_words.3"
+	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_wexpand.3"
+	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/mul.3"
+	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/mul_add.3"
+	ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/sqr.3"
+	ln -sf "d2i_ASN1_NULL.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_NULL.3"
+	ln -sf "d2i_ASN1_OBJECT.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_OBJECT.3"
+	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_BIT_STRING.3"
+	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_BMPSTRING.3"
+	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_ENUMERATED.3"
+	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_GENERALIZEDTIME.3"
+	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_GENERALSTRING.3"
+	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_IA5STRING.3"
+	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_INTEGER.3"
+	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_PRINTABLE.3"
+	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_PRINTABLESTRING.3"
+	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_T61STRING.3"
+	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_TIME.3"
+	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_UINTEGER.3"
+	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_UNIVERSALSTRING.3"
+	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_UTCTIME.3"
+	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_UTF8STRING.3"
+	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_VISIBLESTRING.3"
+	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_DIRECTORYSTRING.3"
+	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_DISPLAYTEXT.3"
+	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_BIT_STRING.3"
+	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_BMPSTRING.3"
+	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_ENUMERATED.3"
+	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_GENERALIZEDTIME.3"
+	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_GENERALSTRING.3"
+	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_IA5STRING.3"
+	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_INTEGER.3"
+	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_OCTET_STRING.3"
+	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_PRINTABLE.3"
+	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_PRINTABLESTRING.3"
+	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_T61STRING.3"
+	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_TIME.3"
+	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_UNIVERSALSTRING.3"
+	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_UTCTIME.3"
+	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_UTF8STRING.3"
+	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_VISIBLESTRING.3"
+	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_DIRECTORYSTRING.3"
+	ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_DISPLAYTEXT.3"
+	ln -sf "d2i_ASN1_SEQUENCE_ANY.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_SET_ANY.3"
+	ln -sf "d2i_ASN1_SEQUENCE_ANY.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_SEQUENCE_ANY.3"
+	ln -sf "d2i_ASN1_SEQUENCE_ANY.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_SET_ANY.3"
+	ln -sf "d2i_AUTHORITY_KEYID.3" "$(DESTDIR)$(mandir)/man3/i2d_AUTHORITY_KEYID.3"
+	ln -sf "d2i_BASIC_CONSTRAINTS.3" "$(DESTDIR)$(mandir)/man3/d2i_EXTENDED_KEY_USAGE.3"
+	ln -sf "d2i_BASIC_CONSTRAINTS.3" "$(DESTDIR)$(mandir)/man3/i2d_BASIC_CONSTRAINTS.3"
+	ln -sf "d2i_BASIC_CONSTRAINTS.3" "$(DESTDIR)$(mandir)/man3/i2d_EXTENDED_KEY_USAGE.3"
+	ln -sf "d2i_CMS_ContentInfo.3" "$(DESTDIR)$(mandir)/man3/d2i_CMS_ReceiptRequest.3"
+	ln -sf "d2i_CMS_ContentInfo.3" "$(DESTDIR)$(mandir)/man3/d2i_CMS_bio.3"
+	ln -sf "d2i_CMS_ContentInfo.3" "$(DESTDIR)$(mandir)/man3/i2d_CMS_ContentInfo.3"
+	ln -sf "d2i_CMS_ContentInfo.3" "$(DESTDIR)$(mandir)/man3/i2d_CMS_ReceiptRequest.3"
+	ln -sf "d2i_CMS_ContentInfo.3" "$(DESTDIR)$(mandir)/man3/i2d_CMS_bio.3"
+	ln -sf "d2i_DHparams.3" "$(DESTDIR)$(mandir)/man3/i2d_DHparams.3"
+	ln -sf "d2i_DIST_POINT.3" "$(DESTDIR)$(mandir)/man3/d2i_ACCESS_DESCRIPTION.3"
+	ln -sf "d2i_DIST_POINT.3" "$(DESTDIR)$(mandir)/man3/d2i_AUTHORITY_INFO_ACCESS.3"
+	ln -sf "d2i_DIST_POINT.3" "$(DESTDIR)$(mandir)/man3/d2i_CRL_DIST_POINTS.3"
+	ln -sf "d2i_DIST_POINT.3" "$(DESTDIR)$(mandir)/man3/d2i_DIST_POINT_NAME.3"
+	ln -sf "d2i_DIST_POINT.3" "$(DESTDIR)$(mandir)/man3/d2i_ISSUING_DIST_POINT.3"
+	ln -sf "d2i_DIST_POINT.3" "$(DESTDIR)$(mandir)/man3/i2d_ACCESS_DESCRIPTION.3"
+	ln -sf "d2i_DIST_POINT.3" "$(DESTDIR)$(mandir)/man3/i2d_AUTHORITY_INFO_ACCESS.3"
+	ln -sf "d2i_DIST_POINT.3" "$(DESTDIR)$(mandir)/man3/i2d_CRL_DIST_POINTS.3"
+	ln -sf "d2i_DIST_POINT.3" "$(DESTDIR)$(mandir)/man3/i2d_DIST_POINT.3"
+	ln -sf "d2i_DIST_POINT.3" "$(DESTDIR)$(mandir)/man3/i2d_DIST_POINT_NAME.3"
+	ln -sf "d2i_DIST_POINT.3" "$(DESTDIR)$(mandir)/man3/i2d_ISSUING_DIST_POINT.3"
+	ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/DSAparams_dup.3"
+	ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_DSAPrivateKey.3"
+	ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_DSAPrivateKey_bio.3"
+	ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_DSAPrivateKey_fp.3"
+	ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_DSA_PUBKEY.3"
+	ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_DSA_PUBKEY_bio.3"
+	ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_DSA_PUBKEY_fp.3"
+	ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_DSA_SIG.3"
+	ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_DSAparams.3"
+	ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_DSAparams_bio.3"
+	ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_DSAparams_fp.3"
+	ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_DSAPrivateKey.3"
+	ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_DSAPrivateKey_bio.3"
+	ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_DSAPrivateKey_fp.3"
+	ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_DSAPublicKey.3"
+	ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_DSA_PUBKEY.3"
+	ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_DSA_PUBKEY_bio.3"
+	ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_DSA_PUBKEY_fp.3"
+	ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_DSA_SIG.3"
+	ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_DSAparams.3"
+	ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_DSAparams_bio.3"
+	ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_DSAparams_fp.3"
+	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/ECPKParameters_print.3"
+	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/ECPKParameters_print_fp.3"
+	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/ECParameters_dup.3"
+	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/ECParameters_print.3"
+	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/ECParameters_print_fp.3"
+	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/d2i_ECPKParameters_bio.3"
+	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/d2i_ECPKParameters_fp.3"
+	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/d2i_ECParameters.3"
+	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/d2i_ECPrivateKey.3"
+	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/d2i_ECPrivateKey_bio.3"
+	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/d2i_ECPrivateKey_fp.3"
+	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/d2i_EC_PUBKEY.3"
+	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/d2i_EC_PUBKEY_bio.3"
+	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/d2i_EC_PUBKEY_fp.3"
+	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/i2d_ECPKParameters.3"
+	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/i2d_ECPKParameters_bio.3"
+	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/i2d_ECPKParameters_fp.3"
+	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/i2d_ECParameters.3"
+	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/i2d_ECPrivateKey.3"
+	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/i2d_ECPrivateKey_bio.3"
+	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/i2d_ECPrivateKey_fp.3"
+	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/i2d_EC_PUBKEY.3"
+	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/i2d_EC_PUBKEY_bio.3"
+	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/i2d_EC_PUBKEY_fp.3"
+	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/i2o_ECPublicKey.3"
+	ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/o2i_ECPublicKey.3"
+	ln -sf "d2i_ESS_SIGNING_CERT.3" "$(DESTDIR)$(mandir)/man3/d2i_ESS_CERT_ID.3"
+	ln -sf "d2i_ESS_SIGNING_CERT.3" "$(DESTDIR)$(mandir)/man3/d2i_ESS_ISSUER_SERIAL.3"
+	ln -sf "d2i_ESS_SIGNING_CERT.3" "$(DESTDIR)$(mandir)/man3/i2d_ESS_CERT_ID.3"
+	ln -sf "d2i_ESS_SIGNING_CERT.3" "$(DESTDIR)$(mandir)/man3/i2d_ESS_ISSUER_SERIAL.3"
+	ln -sf "d2i_ESS_SIGNING_CERT.3" "$(DESTDIR)$(mandir)/man3/i2d_ESS_SIGNING_CERT.3"
+	ln -sf "d2i_GENERAL_NAME.3" "$(DESTDIR)$(mandir)/man3/d2i_EDIPARTYNAME.3"
+	ln -sf "d2i_GENERAL_NAME.3" "$(DESTDIR)$(mandir)/man3/d2i_GENERAL_NAMES.3"
+	ln -sf "d2i_GENERAL_NAME.3" "$(DESTDIR)$(mandir)/man3/d2i_OTHERNAME.3"
+	ln -sf "d2i_GENERAL_NAME.3" "$(DESTDIR)$(mandir)/man3/i2d_EDIPARTYNAME.3"
+	ln -sf "d2i_GENERAL_NAME.3" "$(DESTDIR)$(mandir)/man3/i2d_GENERAL_NAME.3"
+	ln -sf "d2i_GENERAL_NAME.3" "$(DESTDIR)$(mandir)/man3/i2d_GENERAL_NAMES.3"
+	ln -sf "d2i_GENERAL_NAME.3" "$(DESTDIR)$(mandir)/man3/i2d_OTHERNAME.3"
+	ln -sf "d2i_OCSP_REQUEST.3" "$(DESTDIR)$(mandir)/man3/d2i_OCSP_CERTID.3"
+	ln -sf "d2i_OCSP_REQUEST.3" "$(DESTDIR)$(mandir)/man3/d2i_OCSP_ONEREQ.3"
+	ln -sf "d2i_OCSP_REQUEST.3" "$(DESTDIR)$(mandir)/man3/d2i_OCSP_REQINFO.3"
+	ln -sf "d2i_OCSP_REQUEST.3" "$(DESTDIR)$(mandir)/man3/d2i_OCSP_SERVICELOC.3"
+	ln -sf "d2i_OCSP_REQUEST.3" "$(DESTDIR)$(mandir)/man3/d2i_OCSP_SIGNATURE.3"
+	ln -sf "d2i_OCSP_REQUEST.3" "$(DESTDIR)$(mandir)/man3/i2d_OCSP_CERTID.3"
+	ln -sf "d2i_OCSP_REQUEST.3" "$(DESTDIR)$(mandir)/man3/i2d_OCSP_ONEREQ.3"
+	ln -sf "d2i_OCSP_REQUEST.3" "$(DESTDIR)$(mandir)/man3/i2d_OCSP_REQINFO.3"
+	ln -sf "d2i_OCSP_REQUEST.3" "$(DESTDIR)$(mandir)/man3/i2d_OCSP_REQUEST.3"
+	ln -sf "d2i_OCSP_REQUEST.3" "$(DESTDIR)$(mandir)/man3/i2d_OCSP_SERVICELOC.3"
+	ln -sf "d2i_OCSP_REQUEST.3" "$(DESTDIR)$(mandir)/man3/i2d_OCSP_SIGNATURE.3"
+	ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/d2i_OCSP_BASICRESP.3"
+	ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/d2i_OCSP_CERTSTATUS.3"
+	ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/d2i_OCSP_CRLID.3"
+	ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/d2i_OCSP_RESPBYTES.3"
+	ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/d2i_OCSP_RESPDATA.3"
+	ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/d2i_OCSP_RESPID.3"
+	ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/d2i_OCSP_REVOKEDINFO.3"
+	ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/d2i_OCSP_SINGLERESP.3"
+	ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/i2d_OCSP_BASICRESP.3"
+	ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/i2d_OCSP_CERTSTATUS.3"
+	ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/i2d_OCSP_CRLID.3"
+	ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/i2d_OCSP_RESPBYTES.3"
+	ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/i2d_OCSP_RESPDATA.3"
+	ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/i2d_OCSP_RESPID.3"
+	ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/i2d_OCSP_RESPONSE.3"
+	ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/i2d_OCSP_REVOKEDINFO.3"
+	ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/i2d_OCSP_SINGLERESP.3"
+	ln -sf "d2i_PKCS12.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS12_BAGS.3"
+	ln -sf "d2i_PKCS12.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS12_MAC_DATA.3"
+	ln -sf "d2i_PKCS12.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS12_SAFEBAG.3"
+	ln -sf "d2i_PKCS12.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS12_bio.3"
+	ln -sf "d2i_PKCS12.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS12_fp.3"
+	ln -sf "d2i_PKCS12.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS12.3"
+	ln -sf "d2i_PKCS12.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS12_BAGS.3"
+	ln -sf "d2i_PKCS12.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS12_MAC_DATA.3"
+	ln -sf "d2i_PKCS12.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS12_SAFEBAG.3"
+	ln -sf "d2i_PKCS12.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS12_bio.3"
+	ln -sf "d2i_PKCS12.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS12_fp.3"
+	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_DIGEST.3"
+	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_ENCRYPT.3"
+	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_ENC_CONTENT.3"
+	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_ENVELOPE.3"
+	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_ISSUER_AND_SERIAL.3"
+	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_RECIP_INFO.3"
+	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_SIGNED.3"
+	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_SIGNER_INFO.3"
+	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_SIGN_ENVELOPE.3"
+	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_bio.3"
+	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_fp.3"
+	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS7.3"
+	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_DIGEST.3"
+	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_ENCRYPT.3"
+	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_ENC_CONTENT.3"
+	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_ENVELOPE.3"
+	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_ISSUER_AND_SERIAL.3"
+	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_NDEF.3"
+	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_RECIP_INFO.3"
+	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_SIGNED.3"
+	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_SIGNER_INFO.3"
+	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_SIGN_ENVELOPE.3"
+	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_bio.3"
+	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_fp.3"
+	ln -sf "d2i_PKCS8PrivateKey_bio.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS8PrivateKey_fp.3"
+	ln -sf "d2i_PKCS8PrivateKey_bio.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKey_bio.3"
+	ln -sf "d2i_PKCS8PrivateKey_bio.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKey_fp.3"
+	ln -sf "d2i_PKCS8PrivateKey_bio.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKey_nid_bio.3"
+	ln -sf "d2i_PKCS8PrivateKey_bio.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKey_nid_fp.3"
+	ln -sf "d2i_PKCS8_PRIV_KEY_INFO.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS8_PRIV_KEY_INFO_bio.3"
+	ln -sf "d2i_PKCS8_PRIV_KEY_INFO.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS8_PRIV_KEY_INFO_fp.3"
+	ln -sf "d2i_PKCS8_PRIV_KEY_INFO.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS8_PRIV_KEY_INFO.3"
+	ln -sf "d2i_PKCS8_PRIV_KEY_INFO.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS8_PRIV_KEY_INFO_bio.3"
+	ln -sf "d2i_PKCS8_PRIV_KEY_INFO.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS8_PRIV_KEY_INFO_fp.3"
+	ln -sf "d2i_PKEY_USAGE_PERIOD.3" "$(DESTDIR)$(mandir)/man3/i2d_PKEY_USAGE_PERIOD.3"
+	ln -sf "d2i_POLICYINFO.3" "$(DESTDIR)$(mandir)/man3/d2i_CERTIFICATEPOLICIES.3"
+	ln -sf "d2i_POLICYINFO.3" "$(DESTDIR)$(mandir)/man3/d2i_NOTICEREF.3"
+	ln -sf "d2i_POLICYINFO.3" "$(DESTDIR)$(mandir)/man3/d2i_POLICYQUALINFO.3"
+	ln -sf "d2i_POLICYINFO.3" "$(DESTDIR)$(mandir)/man3/d2i_USERNOTICE.3"
+	ln -sf "d2i_POLICYINFO.3" "$(DESTDIR)$(mandir)/man3/i2d_CERTIFICATEPOLICIES.3"
+	ln -sf "d2i_POLICYINFO.3" "$(DESTDIR)$(mandir)/man3/i2d_NOTICEREF.3"
+	ln -sf "d2i_POLICYINFO.3" "$(DESTDIR)$(mandir)/man3/i2d_POLICYINFO.3"
+	ln -sf "d2i_POLICYINFO.3" "$(DESTDIR)$(mandir)/man3/i2d_POLICYQUALINFO.3"
+	ln -sf "d2i_POLICYINFO.3" "$(DESTDIR)$(mandir)/man3/i2d_USERNOTICE.3"
+	ln -sf "d2i_PROXY_POLICY.3" "$(DESTDIR)$(mandir)/man3/d2i_PROXY_CERT_INFO_EXTENSION.3"
+	ln -sf "d2i_PROXY_POLICY.3" "$(DESTDIR)$(mandir)/man3/i2d_PROXY_CERT_INFO_EXTENSION.3"
+	ln -sf "d2i_PROXY_POLICY.3" "$(DESTDIR)$(mandir)/man3/i2d_PROXY_POLICY.3"
+	ln -sf "d2i_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/d2i_AutoPrivateKey.3"
+	ln -sf "d2i_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/d2i_PrivateKey_bio.3"
+	ln -sf "d2i_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/d2i_PrivateKey_fp.3"
+	ln -sf "d2i_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/d2i_PublicKey.3"
+	ln -sf "d2i_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKeyInfo_bio.3"
+	ln -sf "d2i_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKeyInfo_fp.3"
+	ln -sf "d2i_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/i2d_PrivateKey.3"
+	ln -sf "d2i_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/i2d_PublicKey.3"
+	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_Netscape_RSA.3"
+	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_RSAPrivateKey.3"
+	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_RSAPrivateKey_bio.3"
+	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_RSAPrivateKey_fp.3"
+	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_RSAPublicKey_bio.3"
+	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_RSAPublicKey_fp.3"
+	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_RSA_PSS_PARAMS.3"
+	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_RSA_PUBKEY.3"
+	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_RSA_PUBKEY_bio.3"
+	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_RSA_PUBKEY_fp.3"
+	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_Netscape_RSA.3"
+	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_RSAPrivateKey.3"
+	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_RSAPrivateKey_bio.3"
+	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_RSAPrivateKey_fp.3"
+	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_RSAPublicKey.3"
+	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_RSAPublicKey_bio.3"
+	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_RSAPublicKey_fp.3"
+	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_RSA_PSS_PARAMS.3"
+	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_RSA_PUBKEY.3"
+	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_RSA_PUBKEY_bio.3"
+	ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_RSA_PUBKEY_fp.3"
+	ln -sf "d2i_SSL_SESSION.3" "$(DESTDIR)$(mandir)/man3/i2d_SSL_SESSION.3"
+	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_TS_ACCURACY.3"
+	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_TS_MSG_IMPRINT.3"
+	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_TS_MSG_IMPRINT_bio.3"
+	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_TS_MSG_IMPRINT_fp.3"
+	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_TS_REQ_bio.3"
+	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_TS_REQ_fp.3"
+	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_TS_RESP.3"
+	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_TS_RESP_bio.3"
+	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_TS_RESP_fp.3"
+	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_TS_STATUS_INFO.3"
+	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_TS_TST_INFO.3"
+	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_TS_TST_INFO_bio.3"
+	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_TS_TST_INFO_fp.3"
+	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_TS_ACCURACY.3"
+	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_TS_MSG_IMPRINT.3"
+	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_TS_MSG_IMPRINT_bio.3"
+	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_TS_MSG_IMPRINT_fp.3"
+	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_TS_REQ.3"
+	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_TS_REQ_bio.3"
+	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_TS_REQ_fp.3"
+	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_TS_RESP.3"
+	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_TS_RESP_bio.3"
+	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_TS_RESP_fp.3"
+	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_TS_STATUS_INFO.3"
+	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_TS_TST_INFO.3"
+	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_TS_TST_INFO_bio.3"
+	ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_TS_TST_INFO_fp.3"
+	ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_AUX.3"
+	ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_CERT_AUX.3"
+	ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_CINF.3"
+	ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_VAL.3"
+	ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_bio.3"
+	ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_fp.3"
+	ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/i2d_X509.3"
+	ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_AUX.3"
+	ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_CERT_AUX.3"
+	ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_CINF.3"
+	ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_VAL.3"
+	ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_bio.3"
+	ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_fp.3"
+	ln -sf "d2i_X509_ALGOR.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_ALGOR.3"
+	ln -sf "d2i_X509_ATTRIBUTE.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_ATTRIBUTE.3"
+	ln -sf "d2i_X509_CRL.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_CRL_INFO.3"
+	ln -sf "d2i_X509_CRL.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_CRL_bio.3"
+	ln -sf "d2i_X509_CRL.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_CRL_fp.3"
+	ln -sf "d2i_X509_CRL.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_REVOKED.3"
+	ln -sf "d2i_X509_CRL.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_CRL.3"
+	ln -sf "d2i_X509_CRL.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_CRL_INFO.3"
+	ln -sf "d2i_X509_CRL.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_CRL_bio.3"
+	ln -sf "d2i_X509_CRL.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_CRL_fp.3"
+	ln -sf "d2i_X509_CRL.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_REVOKED.3"
+	ln -sf "d2i_X509_EXTENSION.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_EXTENSIONS.3"
+	ln -sf "d2i_X509_EXTENSION.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_EXTENSION.3"
+	ln -sf "d2i_X509_EXTENSION.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_EXTENSIONS.3"
+	ln -sf "d2i_X509_NAME.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_dup.3"
+	ln -sf "d2i_X509_NAME.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_dup.3"
+	ln -sf "d2i_X509_NAME.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_get0_der.3"
+	ln -sf "d2i_X509_NAME.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_hash.3"
+	ln -sf "d2i_X509_NAME.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_NAME_ENTRY.3"
+	ln -sf "d2i_X509_NAME.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_NAME.3"
+	ln -sf "d2i_X509_NAME.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_NAME_ENTRY.3"
+	ln -sf "d2i_X509_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_REQ_INFO.3"
+	ln -sf "d2i_X509_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_REQ_bio.3"
+	ln -sf "d2i_X509_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_REQ_fp.3"
+	ln -sf "d2i_X509_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_REQ.3"
+	ln -sf "d2i_X509_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_REQ_INFO.3"
+	ln -sf "d2i_X509_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_REQ_bio.3"
+	ln -sf "d2i_X509_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_REQ_fp.3"
+	ln -sf "d2i_X509_SIG.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS8_bio.3"
+	ln -sf "d2i_X509_SIG.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS8_fp.3"
+	ln -sf "d2i_X509_SIG.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS8_bio.3"
+	ln -sf "d2i_X509_SIG.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS8_fp.3"
+	ln -sf "d2i_X509_SIG.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_SIG.3"
+	ln -sf "des_read_pw.3" "$(DESTDIR)$(mandir)/man3/EVP_read_pw_string.3"
+	ln -sf "des_read_pw.3" "$(DESTDIR)$(mandir)/man3/des_read_pw_string.3"
+	ln -sf "get_rfc3526_prime_8192.3" "$(DESTDIR)$(mandir)/man3/BN_get_rfc2409_prime_1024.3"
+	ln -sf "get_rfc3526_prime_8192.3" "$(DESTDIR)$(mandir)/man3/BN_get_rfc2409_prime_768.3"
+	ln -sf "get_rfc3526_prime_8192.3" "$(DESTDIR)$(mandir)/man3/BN_get_rfc3526_prime_1536.3"
+	ln -sf "get_rfc3526_prime_8192.3" "$(DESTDIR)$(mandir)/man3/BN_get_rfc3526_prime_2048.3"
+	ln -sf "get_rfc3526_prime_8192.3" "$(DESTDIR)$(mandir)/man3/BN_get_rfc3526_prime_3072.3"
+	ln -sf "get_rfc3526_prime_8192.3" "$(DESTDIR)$(mandir)/man3/BN_get_rfc3526_prime_4096.3"
+	ln -sf "get_rfc3526_prime_8192.3" "$(DESTDIR)$(mandir)/man3/BN_get_rfc3526_prime_6144.3"
+	ln -sf "get_rfc3526_prime_8192.3" "$(DESTDIR)$(mandir)/man3/BN_get_rfc3526_prime_8192.3"
+	ln -sf "get_rfc3526_prime_8192.3" "$(DESTDIR)$(mandir)/man3/get_rfc2409_prime_1024.3"
+	ln -sf "get_rfc3526_prime_8192.3" "$(DESTDIR)$(mandir)/man3/get_rfc2409_prime_768.3"
+	ln -sf "get_rfc3526_prime_8192.3" "$(DESTDIR)$(mandir)/man3/get_rfc3526_prime_1536.3"
+	ln -sf "get_rfc3526_prime_8192.3" "$(DESTDIR)$(mandir)/man3/get_rfc3526_prime_2048.3"
+	ln -sf "get_rfc3526_prime_8192.3" "$(DESTDIR)$(mandir)/man3/get_rfc3526_prime_3072.3"
+	ln -sf "get_rfc3526_prime_8192.3" "$(DESTDIR)$(mandir)/man3/get_rfc3526_prime_4096.3"
+	ln -sf "get_rfc3526_prime_8192.3" "$(DESTDIR)$(mandir)/man3/get_rfc3526_prime_6144.3"
+	ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/DECLARE_LHASH_OF.3"
+	ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/LHASH_COMP_FN_TYPE.3"
+	ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/LHASH_DOALL_ARG_FN_TYPE.3"
+	ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/LHASH_DOALL_FN_TYPE.3"
+	ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/LHASH_HASH_FN_TYPE.3"
+	ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_<type>_delete.3"
+	ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_<type>_doall.3"
+	ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_<type>_doall_arg.3"
+	ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_<type>_error.3"
+	ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_<type>_free.3"
+	ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_<type>_insert.3"
+	ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_<type>_new.3"
+	ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_<type>_retrieve.3"
+	ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_delete.3"
+	ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_doall.3"
+	ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_doall_arg.3"
+	ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_error.3"
+	ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_free.3"
+	ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_insert.3"
+	ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_retrieve.3"
+	ln -sf "lh_stats.3" "$(DESTDIR)$(mandir)/man3/lh_node_stats.3"
+	ln -sf "lh_stats.3" "$(DESTDIR)$(mandir)/man3/lh_node_stats_bio.3"
+	ln -sf "lh_stats.3" "$(DESTDIR)$(mandir)/man3/lh_node_usage_stats.3"
+	ln -sf "lh_stats.3" "$(DESTDIR)$(mandir)/man3/lh_node_usage_stats_bio.3"
+	ln -sf "lh_stats.3" "$(DESTDIR)$(mandir)/man3/lh_stats_bio.3"
+	ln -sf "tls_accept_socket.3" "$(DESTDIR)$(mandir)/man3/tls_accept_cbs.3"
+	ln -sf "tls_accept_socket.3" "$(DESTDIR)$(mandir)/man3/tls_accept_fds.3"
+	ln -sf "tls_client.3" "$(DESTDIR)$(mandir)/man3/tls_configure.3"
+	ln -sf "tls_client.3" "$(DESTDIR)$(mandir)/man3/tls_free.3"
+	ln -sf "tls_client.3" "$(DESTDIR)$(mandir)/man3/tls_reset.3"
+	ln -sf "tls_client.3" "$(DESTDIR)$(mandir)/man3/tls_server.3"
+	ln -sf "tls_config_set_protocols.3" "$(DESTDIR)$(mandir)/man3/tls_config_parse_protocols.3"
+	ln -sf "tls_config_set_protocols.3" "$(DESTDIR)$(mandir)/man3/tls_config_prefer_ciphers_client.3"
+	ln -sf "tls_config_set_protocols.3" "$(DESTDIR)$(mandir)/man3/tls_config_prefer_ciphers_server.3"
+	ln -sf "tls_config_set_protocols.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_alpn.3"
+	ln -sf "tls_config_set_protocols.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_ciphers.3"
+	ln -sf "tls_config_set_protocols.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_dheparams.3"
+	ln -sf "tls_config_set_protocols.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_ecdhecurves.3"
+	ln -sf "tls_config_set_session_id.3" "$(DESTDIR)$(mandir)/man3/tls_config_add_ticket_key.3"
+	ln -sf "tls_config_set_session_id.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_session_fd.3"
+	ln -sf "tls_config_set_session_id.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_session_lifetime.3"
+	ln -sf "tls_config_verify.3" "$(DESTDIR)$(mandir)/man3/tls_config_insecure_noverifycert.3"
+	ln -sf "tls_config_verify.3" "$(DESTDIR)$(mandir)/man3/tls_config_insecure_noverifyname.3"
+	ln -sf "tls_config_verify.3" "$(DESTDIR)$(mandir)/man3/tls_config_insecure_noverifytime.3"
+	ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_conn_alpn_selected.3"
+	ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_conn_cipher.3"
+	ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_conn_cipher_strength.3"
+	ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_conn_servername.3"
+	ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_conn_session_resumed.3"
+	ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_peer_cert_chain_pem.3"
+	ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_peer_cert_contains_name.3"
+	ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_peer_cert_hash.3"
+	ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_peer_cert_issuer.3"
+	ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_peer_cert_notafter.3"
+	ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_peer_cert_notbefore.3"
+	ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_peer_cert_provided.3"
+	ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_peer_cert_subject.3"
+	ln -sf "tls_connect.3" "$(DESTDIR)$(mandir)/man3/tls_connect_cbs.3"
+	ln -sf "tls_connect.3" "$(DESTDIR)$(mandir)/man3/tls_connect_fds.3"
+	ln -sf "tls_connect.3" "$(DESTDIR)$(mandir)/man3/tls_connect_servername.3"
+	ln -sf "tls_connect.3" "$(DESTDIR)$(mandir)/man3/tls_connect_socket.3"
+	ln -sf "tls_init.3" "$(DESTDIR)$(mandir)/man3/tls_config_error.3"
+	ln -sf "tls_init.3" "$(DESTDIR)$(mandir)/man3/tls_config_free.3"
+	ln -sf "tls_init.3" "$(DESTDIR)$(mandir)/man3/tls_config_new.3"
+	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_add_keypair_file.3"
+	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_add_keypair_mem.3"
+	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_add_keypair_ocsp_file.3"
+	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_add_keypair_ocsp_mem.3"
+	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_clear_keys.3"
+	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_ca_file.3"
+	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_ca_mem.3"
+	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_ca_path.3"
+	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_cert_file.3"
+	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_cert_mem.3"
+	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_crl_file.3"
+	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_crl_mem.3"
+	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_key_file.3"
+	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_key_mem.3"
+	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_keypair_file.3"
+	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_keypair_mem.3"
+	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_keypair_ocsp_file.3"
+	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_keypair_ocsp_mem.3"
+	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_ocsp_staple_file.3"
+	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_ocsp_staple_mem.3"
+	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_verify_depth.3"
+	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_verify_client.3"
+	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_verify_client_optional.3"
+	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_default_ca_cert_file.3"
+	ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_unload_file.3"
+	ln -sf "tls_ocsp_process_response.3" "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_cert_status.3"
+	ln -sf "tls_ocsp_process_response.3" "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_crl_reason.3"
+	ln -sf "tls_ocsp_process_response.3" "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_next_update.3"
+	ln -sf "tls_ocsp_process_response.3" "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_response_status.3"
+	ln -sf "tls_ocsp_process_response.3" "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_result.3"
+	ln -sf "tls_ocsp_process_response.3" "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_revocation_time.3"
+	ln -sf "tls_ocsp_process_response.3" "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_this_update.3"
+	ln -sf "tls_ocsp_process_response.3" "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_url.3"
+	ln -sf "tls_read.3" "$(DESTDIR)$(mandir)/man3/tls_close.3"
+	ln -sf "tls_read.3" "$(DESTDIR)$(mandir)/man3/tls_error.3"
+	ln -sf "tls_read.3" "$(DESTDIR)$(mandir)/man3/tls_handshake.3"
+	ln -sf "tls_read.3" "$(DESTDIR)$(mandir)/man3/tls_reset.3"
+	ln -sf "tls_read.3" "$(DESTDIR)$(mandir)/man3/tls_write.3"
+
+uninstall-local:
+	-rm -f "$(DESTDIR)$(mandir)/man3/ACCESS_DESCRIPTION_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/AUTHORITY_INFO_ACCESS_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/AUTHORITY_INFO_ACCESS_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/AES_cbc_encrypt.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/AES_decrypt.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/AES_set_decrypt_key.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/AES_set_encrypt_key.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_ENUMERATED_get.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_ENUMERATED_set.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_ENUMERATED_to_BN.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_INTEGER_set.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_INTEGER_to_BN.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_to_ASN1_ENUMERATED.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_to_ASN1_INTEGER.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2a_ASN1_INTEGER.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_OBJECT_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_TABLE_cleanup.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_TABLE_get.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_OCTET_STRING_cmp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_OCTET_STRING_dup.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_OCTET_STRING_set.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_cmp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_dup.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_get0_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_length_set.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_set.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_to_UTF8.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_type.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_BIT_STRING_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_BIT_STRING_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_BMPSTRING_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_BMPSTRING_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_ENUMERATED_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_ENUMERATED_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_GENERALIZEDTIME_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_GENERALIZEDTIME_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_GENERALSTRING_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_GENERALSTRING_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_IA5STRING_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_IA5STRING_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_INTEGER_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_INTEGER_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_OCTET_STRING_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_OCTET_STRING_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_PRINTABLESTRING_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_PRINTABLESTRING_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_PRINTABLE_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_PRINTABLE_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_type_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_T61STRING_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_T61STRING_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TIME_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TIME_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_UNIVERSALSTRING_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_UNIVERSALSTRING_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_UTCTIME_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_UTCTIME_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_UTF8STRING_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_UTF8STRING_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_VISIBLESTRING_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_VISIBLESTRING_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DIRECTORYSTRING_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DIRECTORYSTRING_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DISPLAYTEXT_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DISPLAYTEXT_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_print.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_print_ex_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_tag2str.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_GENERALIZEDTIME_adj.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_GENERALIZEDTIME_check.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_GENERALIZEDTIME_print.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_GENERALIZEDTIME_set.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_GENERALIZEDTIME_set_string.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TIME_adj.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TIME_check.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TIME_print.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TIME_set_string.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TIME_to_generalizedtime.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_UTCTIME_adj.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_UTCTIME_check.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_UTCTIME_cmp_time_t.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_UTCTIME_print.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_UTCTIME_set.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_UTCTIME_set_string.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_cmp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_set.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_set1.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_generate_v3.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_item_d2i_bio.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_item_d2i_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_item_dup.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_item_i2d.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_item_i2d_bio.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_item_i2d_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_item_print.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_TYPE.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_TYPE.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_item_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_put_eoc.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TIME_set_tm.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_time_tm_cmp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/AUTHORITY_KEYID_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BASIC_CONSTRAINTS_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BF_cbc_encrypt.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BF_cfb64_encrypt.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BF_decrypt.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BF_ecb_encrypt.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BF_encrypt.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BF_ofb64_encrypt.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BF_options.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_callback_ctrl.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_ctrl_pending.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_ctrl_wpending.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_eof.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_flush.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_close.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_info_callback.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_int_ctrl.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_pending.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_ptr_ctrl.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_reset.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_seek.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_close.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_info_callback.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_tell.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_wpending.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/bio_info_cb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_buffer_num_lines.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_buffer_read_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_buffer_size.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_read_buffer_size.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_write_buffer_size.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_cipher_ctx.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_cipher_status.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_cipher.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_md.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_md_ctx.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_md.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_do_handshake.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_num_renegotiates.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_ssl.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_new_buffer_ssl_connect.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_new_ssl.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_new_ssl_connect.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_ssl.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_ssl_mode.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_ssl_renegotiate_bytes.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_ssl_renegotiate_timeout.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_ssl_copy_session_id.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_ssl_shutdown.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_method_type.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_next.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_shutdown.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_init.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_shutdown.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_ex_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_ex_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ECDH_get_ex_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ECDH_get_ex_new_index.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ECDH_set_ex_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_get_ex_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_get_ex_new_index.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_set_ex_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_get_ex_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_get_ex_new_index.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_set_ex_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_ex_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_ex_new_index.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_ex_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/TYPE_get_ex_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/TYPE_get_ex_new_index.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/TYPE_set_ex_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/UI_get_ex_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/UI_get_ex_new_index.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/UI_set_ex_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_get_ex_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_get_ex_new_index.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_set_ex_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_new_index.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_meth_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_meth_get_callback_ctrl.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_meth_get_create.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_meth_get_ctrl.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_meth_get_destroy.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_meth_get_gets.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_meth_get_puts.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_meth_get_read.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_meth_get_write.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_meth_set_callback_ctrl.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_meth_set_create.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_meth_set_ctrl.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_meth_set_destroy.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_meth_set_gets.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_meth_set_puts.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_meth_set_read.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_meth_set_write.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_free_all.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_up_ref.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_vfree.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_snprintf.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_vprintf.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_vsnprintf.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_pop.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_gets.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_puts.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_write.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_do_accept.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_accept_port.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_bind_mode.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_new_accept.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_accept_bios.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_accept_port.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_bind_mode.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_nbio_accept.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_ctrl_get_read_request.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_ctrl_get_write_guarantee.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_ctrl_reset_read_request.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_destroy_bio_pair.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_read_request.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_write_buf_size.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_write_guarantee.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_make_bio_pair.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_new_bio_pair.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_write_buf_size.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_shutdown_wr.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_do_connect.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_conn_hostname.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_conn_int_port.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_conn_ip.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_conn_port.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_new_connect.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_conn_hostname.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_conn_int_port.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_conn_ip.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_conn_port.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_nbio.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_fd.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_new_fd.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_fd.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_append_filename.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_new_file.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_new_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_read_filename.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_rw_filename.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_write_filename.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_mem_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_mem_ptr.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_new_mem_buf.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_mem_buf.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_mem_eof_return.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_new_socket.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_callback_fn.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_debug_callback.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_callback.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_callback_arg.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_callback_arg.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_retry_BIO.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_retry_reason.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_retry_type.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_should_io_special.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_should_read.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_should_write.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_BLINDING_convert.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_BLINDING_convert_ex.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_BLINDING_create_param.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_BLINDING_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_BLINDING_get_flags.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_BLINDING_get_thread_id.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_BLINDING_invert.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_BLINDING_invert_ex.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_BLINDING_set_flags.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_BLINDING_set_thread_id.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_BLINDING_thread_id.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_BLINDING_update.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_CTX_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_CTX_init.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_CTX_end.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_CTX_get.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_div.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_exp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_gcd.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_mod.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_mod_add.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_mod_exp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_mod_mul.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_mod_sqr.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_mod_sub.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_mul.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_nnmod.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_sqr.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_sub.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_div_word.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_mod_word.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_mul_word.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_sub_word.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_asc2bn.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_bin2bn.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_bn2dec.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_bn2hex.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_bn2mpi.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_dec2bn.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_hex2bn.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_mpi2bn.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_print.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_print_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_is_odd.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_is_one.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_is_word.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_is_zero.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_ucmp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_dup.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_with_flags.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_GENCB_call.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_GENCB_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_GENCB_get_arg.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_GENCB_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_GENCB_set.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_GENCB_set_old.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_generate_prime_ex.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_is_prime.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_is_prime_ex.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_is_prime_fasttest.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_is_prime_fasttest_ex.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_get0_nist_prime_192.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_get0_nist_prime_224.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_get0_nist_prime_256.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_get0_nist_prime_384.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_copy.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_init.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_set.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_from_montgomery.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_to_montgomery.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_RECP_CTX_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_RECP_CTX_init.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_RECP_CTX_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_RECP_CTX_set.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_div_recp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_clear.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_clear_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_init.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_num_bits.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_num_bits_word.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_pseudo_rand.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_pseudo_rand_range.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_rand_range.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_clear_bit.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_is_bit_set.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_lshift.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_lshift1.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_mask_bits.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_rshift.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_rshift1.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_get_flags.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_is_negative.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_get_word.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_one.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_set_word.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_value_one.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BUF_MEM_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BUF_MEM_grow.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BUF_MEM_grow_clean.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BUF_reverse.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BUF_strdup.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CMS_ContentInfo_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CMS_ContentInfo_print_ctx.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CMS_ReceiptRequest_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CMS_ReceiptRequest_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CMS_add0_crl.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CMS_add1_cert.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CMS_add1_crl.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CMS_get1_certs.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CMS_get1_crls.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CMS_add0_recipient_key.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CMS_SignerInfo_sign.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CMS_decrypt_set1_key.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CMS_decrypt_set1_pkey.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CMS_RecipientInfo_decrypt.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CMS_RecipientInfo_encrypt.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CMS_RecipientInfo_kekri_get0_id.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CMS_RecipientInfo_kekri_id_cmp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CMS_RecipientInfo_ktri_cert_cmp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CMS_RecipientInfo_ktri_get0_signer_id.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CMS_RecipientInfo_set0_key.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CMS_RecipientInfo_set0_pkey.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CMS_RecipientInfo_type.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CMS_SignerInfo_cert_cmp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CMS_SignerInfo_get0_signature.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CMS_SignerInfo_get0_signer_id.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CMS_SignerInfo_set1_signer_cert.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CMS_get0_content.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CMS_get0_eContentType.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CMS_set1_eContentType.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CMS_ReceiptRequest_create0.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CMS_ReceiptRequest_get0_values.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CMS_add1_ReceiptRequest.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CMS_get0_signers.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CONF_modules_finish.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CONF_modules_unload.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CONF_modules_load.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_MEM_LEAK_CB.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_mem_ctrl.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_mem_leaks.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_mem_leaks_cb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_mem_leaks_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_set_mem_functions.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_cmp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_cpy.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_current.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_hash.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_add.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_r_lock.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_r_unlock.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_w_lock.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_w_unlock.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_EX_dup.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_EX_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_EX_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_free_ex_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_get_ex_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_get_ex_new_index.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_new_ex_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DES_cbc_cksum.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DES_cfb64_encrypt.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DES_cfb_encrypt.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DES_crypt.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DES_ecb2_encrypt.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DES_ecb3_encrypt.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DES_ecb_encrypt.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DES_ede2_cbc_encrypt.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DES_ede2_cfb64_encrypt.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DES_ede2_ofb64_encrypt.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DES_ede3_cbc_encrypt.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DES_ede3_cbcm_encrypt.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DES_ede3_cfb64_encrypt.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DES_ede3_ofb64_encrypt.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DES_enc_read.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DES_enc_write.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DES_fcrypt.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DES_is_weak_key.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DES_key_sched.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DES_ncbc_encrypt.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DES_ofb64_encrypt.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DES_ofb_encrypt.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DES_pcbc_encrypt.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DES_quad_cksum.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DES_random_key.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DES_set_key_checked.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DES_set_key_unchecked.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DES_set_odd_parity.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DES_string_to_2keys.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DES_string_to_key.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DES_xcbc_encrypt.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DH_compute_key.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DH_check.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DH_generate_parameters_ex.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DH_clear_flags.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DH_get0_engine.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DH_get0_key.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DH_set0_key.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DH_set0_pqg.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DH_set_flags.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DH_set_length.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DH_test_flags.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DH_get_ex_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DH_set_ex_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DH_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DH_up_ref.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DH_OpenSSL.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DH_get_default_method.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DH_new_method.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DH_set_default_method.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DH_bits.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CRL_DIST_POINTS_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CRL_DIST_POINTS_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DIST_POINT_NAME_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DIST_POINT_NAME_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DIST_POINT_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ISSUING_DIST_POINT_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ISSUING_DIST_POINT_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DSA_SIG_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DSA_SIG_get0.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DSA_SIG_set0.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DSA_do_verify.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DSA_generate_parameters_ex.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DSA_clear_flags.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DSA_get0_engine.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DSA_get0_key.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DSA_set0_key.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DSA_set0_pqg.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DSA_set_flags.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DSA_test_flags.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DSA_get_ex_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DSA_set_ex_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DSA_meth_dup.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DSA_meth_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DSA_meth_set_finish.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DSA_meth_set_sign.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DSA_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DSA_up_ref.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DSA_OpenSSL.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DSA_get_default_method.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DSA_new_method.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DSA_set_default_method.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DSA_sign_setup.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DSA_verify.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ECDH_size.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_OpenSSL.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_SIG_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_SIG_get0.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_SIG_set0.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_do_sign.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_do_sign_ex.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_do_verify.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_get_default_method.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_set_default_method.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_set_method.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_sign.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_sign_ex.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_sign_setup.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_size.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_verify.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ECDSA_SIG.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ECDSA_SIG.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GF2m_simple_method.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GFp_mont_method.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GFp_nist_method.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GFp_nistp224_method.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GFp_nistp256_method.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GFp_nistp521_method.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_METHOD_get_field_type.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_check.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_check_discriminant.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_cmp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_dup.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_get0_generator.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_get0_seed.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_asn1_flag.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_basis_type.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_cofactor.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_curve_name.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_degree.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_order.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_pentanomial_basis.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_point_conversion_form.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_seed_len.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_trinomial_basis.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_method_of.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_asn1_flag.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_curve_name.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_generator.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_point_conversion_form.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_seed.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_clear_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_curve_GF2m.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_curve_GFp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_new_by_curve_name.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_new_curve_GF2m.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_new_curve_GFp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_curve_GF2m.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_curve_GFp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_get_builtin_curves.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_METHOD_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_METHOD_get_compute_key.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_METHOD_get_init.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_METHOD_get_keygen.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_METHOD_get_sign.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_METHOD_get_verify.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_METHOD_set_compute_key.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_METHOD_set_init.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_METHOD_set_keygen.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_METHOD_set_sign.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_METHOD_set_verify.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_OpenSSL.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_get_default_method.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_get_method.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_new_method.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_set_default_method.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_set_method.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_check_key.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_clear_flags.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_copy.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_dup.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_generate_key.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_get0_group.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_get0_private_key.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_get0_public_key.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_get_conv_form.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_get_enc_flags.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_get_flags.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_get_key_method_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_insert_key_method_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_new_by_curve_name.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_precompute_mult.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_print.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_print_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_set_asn1_flag.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_set_conv_form.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_set_enc_flags.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_set_flags.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_set_group.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_set_private_key.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_set_public_key.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_set_public_key_affine_coordinates.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_up_ref.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_have_precompute_mult.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_precompute_mult.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_cmp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_dbl.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_invert.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_is_at_infinity.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_is_on_curve.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_make_affine.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_mul.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINTs_make_affine.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINTs_mul.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_bn2point.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_clear_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_copy.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_dup.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_get_Jprojective_coordinates_GFp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_get_affine_coordinates_GF2m.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_get_affine_coordinates_GFp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_hex2point.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_method_of.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_oct2point.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_point2bn.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_point2hex.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_point2oct.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_set_Jprojective_coordinates_GFp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_set_affine_coordinates_GF2m.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_set_affine_coordinates_GFp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_set_compressed_coordinates_GF2m.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_set_compressed_coordinates_GFp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_set_to_infinity.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_by_id.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_cleanup.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_first.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_id.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_last.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_name.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_next.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_prev.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_remove.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_id.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_name.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_CTRL_FUNC_PTR.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_cmd_is_executable.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_ctrl_cmd.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_ctrl_cmd_string.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_cmd_defns.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_ctrl_function.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_cmd_defns.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_ctrl_function.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_cipher_engine.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_DH.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_DSA.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_ECDH.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_ECDSA.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_RAND.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_digest_engine.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_table_flags.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_table_flags.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_GEN_INT_FUNC_PTR.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_finish.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_finish_function.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_init_function.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_finish_function.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_init_function.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_GEN_INT_FUNC_PTR.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_destroy_function.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_destroy_function.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_up_ref.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_DH.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_DSA.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_ECDH.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_ECDSA.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_RAND.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_STORE.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_ciphers.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_complete.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_digests.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_load_builtin_engines.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_load_dynamic.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_DH.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_DSA.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_ECDH.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_ECDSA.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_RAND.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_STORE.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_ciphers.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_complete.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_digests.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_CIPHERS_PTR.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_DIGESTS_PTR.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_DH.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_DSA.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_ECDH.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_ECDSA.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_RAND.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_RSA.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_STORE.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_cipher.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_ciphers.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_digest.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_digests.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_DH.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_DSA.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_ECDH.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_ECDSA.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_RAND.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_STORE.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_ciphers.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_digests.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_DH.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_DSA.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_ECDH.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_ECDSA.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_RAND.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_RSA.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_ciphers.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_digests.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_string.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_flags.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_DH.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_DSA.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_ECDH.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_ECDSA.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_RAND.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_STORE.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_ciphers.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_digests.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_FATAL_ERROR.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_GET_FUNC.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_GET_REASON.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_error_string_n.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_func_error_string.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_lib_error_string.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_reason_error_string.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_get_error_line.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_get_error_line_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_peek_error.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_peek_error_line.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_peek_error_line_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_peek_last_error.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_peek_last_error_line.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_peek_last_error_line_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_free_strings.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_load_error_strings.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_PACK.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_get_next_error_library.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_print_errors_cb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_print_errors_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_add_error_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_add_error_vdata.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_remove_thread_state.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ERR_pop_to_mark.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ESS_CERT_ID_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ESS_CERT_ID_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ESS_ISSUER_SERIAL_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ESS_ISSUER_SERIAL_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ESS_SIGNING_CERT_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_AEAD_CTX_cleanup.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_AEAD_CTX_open.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_AEAD_CTX_seal.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_AEAD_key_length.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_AEAD_max_overhead.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_AEAD_max_tag_len.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_AEAD_nonce_length.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aead_aes_128_gcm.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aead_aes_256_gcm.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aead_chacha20_poly1305.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aead_xchacha20_poly1305.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_Digest.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_DigestFinal.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_DigestFinal_ex.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_DigestInit_ex.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_DigestUpdate.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_MAX_MD_SIZE.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_block_size.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_cleanup.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_copy.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_copy_ex.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_create.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_ctrl.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_destroy.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_init.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_md.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_reset.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_size.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_type.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_block_size.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_pkey_type.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_size.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_type.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_dss.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_dss1.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_get_digestbyname.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_get_digestbynid.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_get_digestbyobj.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_md5.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_md5_sha1.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_md_null.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_ripemd160.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_sha1.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_sha224.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_sha256.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_sha384.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_sha512.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_DigestSignFinal.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_DigestSignUpdate.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_DigestVerifyFinal.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_DigestVerifyUpdate.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_DecodeBlock.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_DecodeFinal.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_DecodeInit.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_DecodeUpdate.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_ENCODE_CTX_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_ENCODE_CTX_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_EncodeBlock.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_EncodeFinal.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_EncodeUpdate.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_block_size.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_cipher.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_cleanup.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_clear_flags.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_ctrl.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_flags.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_get_app_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_get_iv.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_init.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_iv_length.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_key_length.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_mode.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_nid.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_rand_key.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_reset.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_set_app_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_set_flags.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_set_iv.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_set_key_length.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_set_padding.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_test_flags.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_type.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_asn1_to_param.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_block_size.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_flags.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_iv_length.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_key_length.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_mode.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_nid.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_param_to_asn1.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_type.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_Cipher.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CipherFinal.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CipherFinal_ex.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CipherInit.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CipherInit_ex.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_CipherUpdate.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_DecryptFinal.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_DecryptFinal_ex.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_DecryptInit.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_DecryptInit_ex.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_DecryptUpdate.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_EncryptFinal.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_EncryptFinal_ex.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_EncryptInit_ex.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_EncryptUpdate.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_bf_cbc.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_bf_cfb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_bf_cfb64.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_bf_ecb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_bf_ofb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_cast5_cbc.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_cast5_cfb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_cast5_cfb64.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_cast5_ecb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_cast5_ofb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_chacha20.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_enc_null.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_get_cipherbyname.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_get_cipherbynid.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_get_cipherbyobj.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_idea_cbc.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_idea_cfb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_idea_cfb64.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_idea_ecb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_idea_ofb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_rc2_40_cbc.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_rc2_64_cbc.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_rc2_cbc.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_rc2_cfb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_rc2_cfb64.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_rc2_ecb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_rc2_ofb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_OpenFinal.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_OpenUpdate.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_ctrl_str.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get0_ecdh_kdf_ukm.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get1_id.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get1_id_len.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_ecdh_cofactor_mode.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_ecdh_kdf_md.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_ecdh_kdf_outlen.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_ecdh_kdf_type.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_signature_md.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set0_ecdh_kdf_ukm.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set1_id.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_dh_paramgen_generator.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_dh_paramgen_prime_len.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_dsa_paramgen_bits.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_ec_param_enc.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_ec_paramgen_curve_nid.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_ecdh_cofactor_mode.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_ecdh_kdf_md.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_ecdh_kdf_outlen.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_ecdh_kdf_type.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_signature_md.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_dup.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_new_id.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_find.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_find_str.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_get0.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_get0_info.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get0_asn1.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_add0.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_add_alias.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_copy.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_set_ctrl.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_set_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_set_param.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_set_private.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_set_public.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_cmp_parameters.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_copy_parameters.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_missing_parameters.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_decrypt_init.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_derive_init.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_derive_set_peer.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_encrypt_init.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_app_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_cb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_keygen_info.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_app_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_cb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_gen_cb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_keygen_init.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_paramgen.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_paramgen_init.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_add0.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_copy.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_find.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_cleanup.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_copy.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_ctrl.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_decrypt.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_derive.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_encrypt.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_init.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_keygen.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_paramgen.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_sign.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_signctx.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_verify.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_verify_recover.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_verifyctx.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_new_mac_key.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_up_ref.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_print_params.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_print_public.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_assign.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_DH.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_DSA.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_EC_KEY.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_GOST.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_RSA.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_base_id.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get0.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get0_DH.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get0_DSA.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get0_EC_KEY.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get0_RSA.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get0_hmac.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get1_DH.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get1_DSA.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get1_EC_KEY.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get1_RSA.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_id.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_set1_DH.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_set1_DSA.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_set1_EC_KEY.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_set_type.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_type.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_sign_init.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_verify_init.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_verify_recover_init.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_SealFinal.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_SealUpdate.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_bits.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_size.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_SignFinal.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_SignInit_ex.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_SignUpdate.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_VerifyFinal.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_VerifyInit_ex.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_VerifyUpdate.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_128_cbc_hmac_sha1.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_128_ccm.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_128_cfb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_128_cfb1.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_128_cfb128.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_128_cfb8.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_128_ctr.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_128_ecb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_128_gcm.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_128_ofb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_128_wrap.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_128_xts.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_192_cbc.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_192_ccm.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_192_cfb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_192_cfb1.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_192_cfb128.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_192_cfb8.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_192_ctr.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_192_ecb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_192_gcm.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_192_ofb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_192_wrap.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_256_cbc.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_256_cbc_hmac_sha1.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_256_ccm.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_256_cfb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_256_cfb1.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_256_cfb128.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_256_cfb8.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_256_ctr.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_256_ecb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_256_gcm.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_256_ofb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_256_wrap.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_256_xts.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_camellia_128_cfb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_camellia_128_cfb1.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_camellia_128_cfb128.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_camellia_128_cfb8.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_camellia_128_ecb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_camellia_128_ofb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_camellia_192_cbc.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_camellia_192_cfb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_camellia_192_cfb1.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_camellia_192_cfb128.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_camellia_192_cfb8.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_camellia_192_ecb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_camellia_192_ofb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_camellia_256_cbc.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_camellia_256_cfb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_camellia_256_cfb1.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_camellia_256_cfb128.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_camellia_256_cfb8.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_camellia_256_ecb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_camellia_256_ofb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_cfb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_cfb1.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_cfb64.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_cfb8.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_ecb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_ede.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_ede3.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_ede3_cbc.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_ede3_cfb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_ede3_cfb1.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_ede3_cfb64.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_ede3_cfb8.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_ede3_ecb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_ede3_ofb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_ede_cbc.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_ede_cfb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_ede_cfb64.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_ede_ecb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_ede_ofb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_ofb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_desx_cbc.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_rc4_40.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_rc4_hmac_md5.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_sm4_cfb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_sm4_cfb128.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_sm4_ctr.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_sm4_ecb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_sm4_ofb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EXTENDED_KEY_USAGE_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EDIPARTYNAME_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EDIPARTYNAME_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/GENERAL_NAMES_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/GENERAL_NAMES_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/GENERAL_NAME_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OTHERNAME_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OTHERNAME_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/HMAC_CTX_cleanup.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/HMAC_CTX_copy.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/HMAC_CTX_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/HMAC_CTX_get_md.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/HMAC_CTX_init.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/HMAC_CTX_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/HMAC_CTX_reset.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/HMAC_CTX_set_flags.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/HMAC_Final.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/HMAC_Init.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/HMAC_Init_ex.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/HMAC_Update.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/HMAC_cleanup.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/HMAC_size.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/MD4.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/MD4_Final.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/MD4_Init.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/MD4_Update.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/MD5_Final.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/MD5_Init.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/MD5_Update.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/GENERAL_SUBTREE_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/GENERAL_SUBTREE_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/NAME_CONSTRAINTS_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OBJ_cleanup.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OBJ_cmp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OBJ_create.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OBJ_dup.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OBJ_ln2nid.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OBJ_nid2ln.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OBJ_nid2sn.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OBJ_obj2nid.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OBJ_obj2txt.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OBJ_sn2nid.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OBJ_txt2nid.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OBJ_txt2obj.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2t_ASN1_OBJECT.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_CRLID_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_ONEREQ_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_ONEREQ_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_REQINFO_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_REQINFO_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_REQUEST_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_SIGNATURE_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_SIGNATURE_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_request_add0_id.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_request_add1_cert.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_request_onereq_count.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_request_onereq_get0.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_request_sign.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_SERVICELOC_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_url_svcloc_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_CERTID_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_CERTID_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_cert_id_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_id_cmp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_id_get0_info.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_id_issuer_cmp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_basic_add1_nonce.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_check_nonce.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_copy_nonce.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_CERTSTATUS_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_CERTSTATUS_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_REVOKEDINFO_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_REVOKEDINFO_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_SINGLERESP_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_SINGLERESP_get0_id.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_SINGLERESP_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_basic_verify.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_cert_status_str.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_check_validity.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_resp_count.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_resp_find.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_resp_get0.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_single_get0_status.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_BASICRESP_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_BASICRESP_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_RESPBYTES_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_RESPBYTES_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_RESPDATA_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_RESPDATA_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_RESPID_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_RESPID_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_RESPONSE_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_RESPONSE_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_basic_sign.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_response_create.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_response_get1_basic.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_response_status_str.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_REQ_CTX_add1_header.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_REQ_CTX_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_REQ_CTX_set1_req.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_parse_url.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_sendreq_bio.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OCSP_sendreq_nbio.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/LIBRESSL_VERSION_NUMBER.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/LIBRESSL_VERSION_TEXT.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OPENSSL_VERSION_TEXT.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OpenSSL_version.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OpenSSL_version_num.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSLeay.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSLeay_version.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OPENSSL_no_config.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OPENSSL_init.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_add_oid_module.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_add_conf_module.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_malloc.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_realloc.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_strdup.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OPENSSL_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OPENSSL_realloc.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OPENSSL_strdup.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/sk_delete.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/sk_delete_ptr.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/sk_dup.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/sk_find.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/sk_find_ex.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/sk_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/sk_insert.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/sk_is_sorted.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/sk_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/sk_new_null.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/sk_num.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/sk_pop.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/sk_pop_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/sk_push.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/sk_set.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/sk_set_cmp_func.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/sk_shift.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/sk_sort.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/sk_unshift.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/sk_value.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/sk_zero.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_cleanup.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OpenSSL_add_all_ciphers.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OpenSSL_add_all_digests.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_do_header.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_get_EVP_CIPHER_INFO.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_SSL_SESSION.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_SSL_SESSION.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_SSL_SESSION.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_CMS.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_DHparams.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_DSAPrivateKey.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_DSA_PUBKEY.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_DSAparams.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_ECPKParameters.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_ECPrivateKey.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_EC_PUBKEY.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_NETSCAPE_CERT_SEQUENCE.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_PKCS7.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_PKCS8.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_PKCS8_PRIV_KEY_INFO.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_PUBKEY.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_PrivateKey.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_RSAPrivateKey.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_RSAPublicKey.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_RSA_PUBKEY.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_X509.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_X509_AUX.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_X509_CRL.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_X509_REQ.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_CMS.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DHparams.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DSAPrivateKey.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DSA_PUBKEY.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DSAparams.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_ECPKParameters.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_ECPrivateKey.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_EC_PUBKEY.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_NETSCAPE_CERT_SEQUENCE.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PKCS7.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PKCS8.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PKCS8_PRIV_KEY_INFO.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PUBKEY.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_RSAPrivateKey.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_RSAPublicKey.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_RSA_PUBKEY.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509_AUX.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509_CRL.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509_REQ.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_CMS.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_DHparams.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_DSAPrivateKey.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_DSA_PUBKEY.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_DSAparams.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_ECPKParameters.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_ECPrivateKey.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_EC_PUBKEY.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_NETSCAPE_CERT_SEQUENCE.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_PKCS7.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_PKCS8.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_PKCS8PrivateKey.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_PKCS8PrivateKey_nid.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_PKCS8_PRIV_KEY_INFO.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_PUBKEY.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_PrivateKey.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_RSAPrivateKey.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_RSAPublicKey.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_RSA_PUBKEY.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_X509.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_X509_AUX.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_X509_CRL.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_X509_REQ.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_X509_REQ_NEW.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_CMS.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DHparams.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DSAPrivateKey.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DSA_PUBKEY.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DSAparams.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_ECPKParameters.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_ECPrivateKey.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_EC_PUBKEY.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_NETSCAPE_CERT_SEQUENCE.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PKCS7.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PKCS8.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PKCS8PrivateKey.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PKCS8PrivateKey_nid.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PKCS8_PRIV_KEY_INFO.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PUBKEY.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PrivateKey.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_RSAPrivateKey.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_RSAPublicKey.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_RSA_PUBKEY.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_X509.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_X509_AUX.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_X509_CRL.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_X509_REQ.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_X509_REQ_NEW.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/pem_password_cb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS12_BAGS_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS12_BAGS_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS12_SAFEBAG_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS12_MAC_DATA_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS12_MAC_DATA_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS12_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS5_PBKDF2_HMAC_SHA1.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_DIGEST_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_DIGEST_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_ENCRYPT_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_ENCRYPT_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_ENC_CONTENT_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_ENC_CONTENT_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_ENVELOPE_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_ENVELOPE_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_ISSUER_AND_SERIAL_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_ISSUER_AND_SERIAL_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_RECIP_INFO_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_RECIP_INFO_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_SIGNED_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_SIGNED_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_SIGNER_INFO_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_SIGNER_INFO_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_SIGN_ENVELOPE_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_SIGN_ENVELOPE_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_content_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_set0_type_other.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_get0_signers.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS8_PRIV_KEY_INFO_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PKEY_USAGE_PERIOD_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CERTIFICATEPOLICIES_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CERTIFICATEPOLICIES_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/NOTICEREF_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/NOTICEREF_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/POLICYINFO_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/POLICYQUALINFO_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/POLICYQUALINFO_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/POLICY_CONSTRAINTS_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/POLICY_CONSTRAINTS_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/POLICY_MAPPING_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/POLICY_MAPPING_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/USERNOTICE_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/USERNOTICE_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PROXY_CERT_INFO_EXTENSION_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PROXY_CERT_INFO_EXTENSION_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PROXY_POLICY_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RAND_cleanup.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RAND_poll.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RAND_seed.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RAND_status.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RAND_pseudo_bytes.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RAND_file_name.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RAND_write_file.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RAND_SSLeay.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RAND_get_rand_method.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RC4_set_key.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RIPEMD160_Final.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RIPEMD160_Init.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RIPEMD160_Update.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_PSS_PARAMS_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_blinding_off.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_generate_key_ex.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_clear_flags.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_get0_crt_params.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_get0_factors.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_set0_crt_params.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_set0_factors.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_set0_key.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_set_flags.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_test_flags.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_EX_dup.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_EX_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_EX_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_get_ex_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_set_ex_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_meth_dup.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_meth_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_meth_get0_app_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_meth_get0_name.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_meth_get_bn_mod_exp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_meth_get_finish.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_meth_get_flags.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_meth_get_init.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_meth_get_keygen.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_meth_get_mod_exp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_meth_get_priv_dec.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_meth_get_priv_enc.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_meth_get_pub_dec.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_meth_get_pub_enc.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_meth_get_sign.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_meth_get_verify.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_meth_set0_app_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_meth_set1_name.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_meth_set_bn_mod_exp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_meth_set_finish.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_meth_set_flags.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_meth_set_init.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_meth_set_keygen.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_meth_set_mod_exp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_meth_set_priv_dec.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_meth_set_priv_enc.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_meth_set_pub_dec.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_meth_set_pub_enc.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_meth_set_sign.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_meth_set_verify.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSAPrivateKey_dup.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSAPublicKey_dup.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_up_ref.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_padding_add_PKCS1_OAEP.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_padding_add_PKCS1_type_2.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_padding_add_none.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_padding_check_PKCS1_OAEP.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_padding_check_PKCS1_type_1.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_padding_check_PKCS1_type_2.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_padding_check_none.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get0_rsa_oaep_label.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_rsa_mgf1_md.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_rsa_oaep_md.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_rsa_padding.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_rsa_pss_saltlen.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set0_rsa_oaep_label.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_keygen_bits.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_keygen_pubexp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_mgf1_md.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_oaep_md.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_padding.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_pss_saltlen.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DHparams_print.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DHparams_print_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DSA_print.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DSA_print_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DSAparams_print.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DSAparams_print_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_print_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_public_decrypt.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_private_decrypt.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_PKCS1_SSLeay.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_flags.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_get_default_method.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_get_method.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_new_method.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_set_default_method.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_verify.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_verify_ASN1_OCTET_STRING.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/RSA_bits.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SHA1_Final.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SHA1_Init.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SHA1_Update.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SHA224.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SHA224_Final.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SHA224_Init.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SHA224_Update.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SHA256.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SHA256_Final.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SHA256_Init.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SHA256_Update.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SHA384.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SHA384_Final.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SHA384_Init.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SHA384_Update.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SHA512.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SHA512_Final.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SHA512_Init.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SHA512_Update.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CIPHER_description.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CIPHER_get_auth_nid.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CIPHER_get_bits.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CIPHER_get_cipher_nid.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CIPHER_get_digest_nid.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CIPHER_get_id.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CIPHER_get_kx_nid.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CIPHER_get_version.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CIPHER_is_aead.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_COMP_get_compression_methods.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_add0_chain_cert.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_clear_chain_certs.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get0_chain_certs.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set0_chain.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set1_chain.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_add0_chain_cert.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_add1_chain_cert.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_clear_chain_certs.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get0_chain_certs.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set0_chain.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set1_chain.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_clear_extra_chain_certs.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_extra_chain_certs.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_extra_chain_certs_only.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_remove_session.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_callback_ctrl.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_callback_ctrl.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_ctrl.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_ex_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_ex_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_verify_callback.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_verify_depth.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_verify_callback.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_verify_depth.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_verify_mode.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_default_verify_paths.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DTLS_client_method.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DTLS_method.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DTLS_server_method.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DTLSv1_client_method.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DTLSv1_method.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DTLSv1_server_method.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_up_ref.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSLv23_client_method.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSLv23_method.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSLv23_server_method.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/TLS_client_method.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/TLS_method.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/TLS_server_method.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/TLSv1_1_client_method.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/TLSv1_1_method.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/TLSv1_1_server_method.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/TLSv1_2_client_method.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/TLSv1_2_method.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/TLSv1_2_server_method.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/TLSv1_client_method.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/TLSv1_method.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/TLSv1_server_method.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_accept.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_accept_good.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_accept_renegotiate.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_cache_full.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_cb_hits.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_connect.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_connect_good.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_connect_renegotiate.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_hits.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_misses.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_timeouts.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_get_cache_size.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_get_get_cb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_get_new_cb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_get_remove_cb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_set_new_cb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_set_remove_cb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/get_session_cb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/new_session_cb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/remove_session_cb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set1_curves.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set1_curves_list.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set1_groups_list.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set1_curves.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set1_curves_list.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set1_groups.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set1_groups_list.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_alpn_protos.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get0_alpn_selected.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_select_next_proto.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_alpn_protos.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_cert_store.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_cipher_list.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_add_client_CA.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_add_client_CA.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_client_CA_list.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_client_cert_cb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/client_cert_cb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_default_passwd_cb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_default_passwd_cb_userdata.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_default_passwd_cb_userdata.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/pem_password_cb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/GEN_SESSION_CB.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_has_matching_session_id.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_generate_session_id.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_info_callback.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_info_callback.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_info_callback.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_max_cert_list.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_max_cert_list.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_max_cert_list.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_max_proto_version.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_min_proto_version.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_max_proto_version.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_max_proto_version.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_min_proto_version.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_max_proto_version.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_min_proto_version.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_clear_mode.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_mode.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_clear_mode.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_mode.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_mode.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_msg_callback_arg.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_msg_callback.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_msg_callback_arg.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_clear_options.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_options.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_clear_options.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_options.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_secure_renegotiation_support.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_options.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_quiet_shutdown.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_quiet_shutdown.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_quiet_shutdown.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_default_read_ahead.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_read_ahead.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_read_ahead.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_read_ahead.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_session_cache_mode.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_session_id_context.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_ssl_method.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_ssl_method.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_timeout.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_tlsext_servername_arg.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_servername.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_servername_type.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_tlsext_host_name.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_tlsext_status_arg.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_tlsext_status_cb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_tlsext_status_arg.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_tlsext_status_ocsp_resp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_tlsext_status_ocsp_resp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_tlsext_status_type.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_selected_srtp_profile.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_srtp_profiles.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_tlsext_use_srtp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_tmp_dh.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_tmp_dh.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_tmp_dh_callback.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_need_tmp_RSA.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_tmp_rsa.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_need_tmp_RSA.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_tmp_rsa.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_tmp_rsa_callback.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_verify_depth.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_verify.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_verify_depth.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/verify_callback.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_check_private_key.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_PrivateKey.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_PrivateKey_ASN1.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_PrivateKey_file.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_RSAPrivateKey.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_RSAPrivateKey_ASN1.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_RSAPrivateKey_file.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_certificate_ASN1.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_certificate_chain_file.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_certificate_chain_mem.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_certificate_file.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_check_private_key.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_use_PrivateKey.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_use_PrivateKey_ASN1.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_use_PrivateKey_file.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_use_RSAPrivateKey.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_use_RSAPrivateKey_ASN1.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_use_RSAPrivateKey_file.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_use_certificate.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_use_certificate_ASN1.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_use_certificate_file.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_SESSION_up_ref.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_SESSION_get_ex_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_SESSION_set_ex_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_SESSION_set1_id.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_SESSION_get_timeout.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_SESSION_set_time.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_SESSION_set_timeout.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_time.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_timeout.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_time.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_timeout.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_SESSION_get_ticket_lifetime_hint.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_SESSION_print_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_SESSION_get0_id_context.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_alert_desc_string.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_alert_desc_string_long.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_alert_type_string_long.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_privatekey.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_ciphers.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get1_supported_ciphers.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_cipher_list.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_client_ciphers.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_client_CA_list.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_SESSION_get_master_key.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_server_random.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_cipher.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_cipher_bits.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_cipher_name.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_cipher_version.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_ex_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_ex_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_rfd.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_wfd.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_wbio.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get0_session.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get1_session.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_in_accept_init.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_in_before.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_in_connect_init.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_in_init.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_is_init_finished.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_state.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_version.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/OpenSSL_add_ssl_algorithms.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSLeay_add_ssl_algorithms.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_add_dir_cert_subjects_to_stack.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_add_file_cert_subjects_to_stack.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_up_ref.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_clear_num_renegotiations.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_total_renegotiations.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_peek.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_renegotiate_abbreviated.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_renegotiate_pending.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_rstate_string_long.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get0_param.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set1_param.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get0_param.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_is_server.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_accept_state.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_rfd.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_wfd.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_max_send_fragment.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_shutdown.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_ecdh_auto.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_tmp_ecdh.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_tmp_ecdh_callback.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_ecdh_auto.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_tmp_ecdh_callback.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_state_string_long.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_want_nothing.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_want_read.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_want_write.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_want_x509_lookup.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SXNETID_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SXNETID_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SXNET_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_SXNET.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_SXNETID.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_SXNET.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_SXNETID.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/TS_ACCURACY_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/TS_ACCURACY_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/TS_MSG_IMPRINT_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/TS_MSG_IMPRINT_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/TS_REQ_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/TS_RESP_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/TS_RESP_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/TS_STATUS_INFO_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/TS_STATUS_INFO_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/TS_TST_INFO_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/TS_TST_INFO_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/UI_UTIL_read_pw_string.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/UI_destroy_method.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/UI_method_get_closer.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/UI_method_get_flusher.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/UI_method_get_opener.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/UI_method_get_prompt_constructor.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/UI_method_get_reader.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/UI_method_get_writer.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/UI_method_set_closer.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/UI_method_set_flusher.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/UI_method_set_opener.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/UI_method_set_prompt_constructor.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/UI_method_set_reader.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/UI_method_set_writer.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/UI_get0_action_string.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/UI_get0_output_string.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/UI_get0_result_string.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/UI_get0_test_string.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/UI_get_input_flags.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/UI_get_result_maxsize.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/UI_get_result_minsize.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/UI_set_result.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/UI_OpenSSL.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/UI_add_error_string.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/UI_add_info_string.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/UI_add_input_boolean.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/UI_add_input_string.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/UI_add_user_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/UI_add_verify_string.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/UI_construct_prompt.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/UI_ctrl.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/UI_dup_error_string.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/UI_dup_info_string.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/UI_dup_input_boolean.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/UI_dup_input_string.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/UI_dup_verify_string.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/UI_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/UI_get0_result.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/UI_get0_user_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/UI_get_default_method.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/UI_get_method.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/UI_new_method.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/UI_process.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/UI_set_default_method.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/UI_set_method.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X25519_keypair.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509V3_EXT_d2i.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509V3_EXT_i2d.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509V3_add1_i2d.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_add1_ext_i2d.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get0_extensions.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get_ext_d2i.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_add1_ext_i2d.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get0_extensions.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get_ext_d2i.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_add1_ext_i2d.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_get0_extensions.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_get_ext_d2i.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_ALGOR_cmp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_ALGOR_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_ALGOR_get0.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_ALGOR_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_ALGOR_set0.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_ALGOR_set_md.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_ATTRIBUTE_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CERT_AUX_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CERT_AUX_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CINF_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_VAL_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_VAL_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_add0_revoked.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get0_by_cert.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get_REVOKED.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_sort.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_INFO_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_INFO_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_dup.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_up_ref.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_create_by_NID.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_create_by_OBJ.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_get_critical.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_get_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_get_object.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_set_critical.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_set_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_INFO_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_LOOKUP_file.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_load_cert_crl_file.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_load_cert_file.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_load_crl_file.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_create_by_NID.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_create_by_OBJ.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_create_by_txt.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_get_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_set_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_set_object.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_add_entry.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_add_entry_by_NID.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_add_entry_by_OBJ.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_delete_entry.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_entry_count.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_get_entry.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_get_index_by_OBJ.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_get_text_by_NID.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_get_text_by_OBJ.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_oneline.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_print.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_print_ex_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_OBJECT_free_contents.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_OBJECT_get0_X509_CRL.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_OBJECT_get_type.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_OBJECT_idx_by_subject.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_OBJECT_retrieve_by_subject.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_OBJECT_retrieve_match.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_OBJECT_up_ref_count.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_PUBKEY_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_PUBKEY_get.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_PUBKEY_get0.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_PUBKEY_get0_param.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_PUBKEY_set.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_PUBKEY_set0_param.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PUBKEY.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PUBKEY_bio.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PUBKEY_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PUBKEY.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PUBKEY_bio.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PUBKEY_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_INFO_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_INFO_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_dup.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get0_revocationDate.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get0_serialNumber.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_set_revocationDate.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_set_serialNumber.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_SIG_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get0_cert.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get0_chain.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get1_chain.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_current_cert.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_error_depth.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_error.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_verify_cert_error_string.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_ex_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_ex_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_cleanup.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get0_param.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get0_store.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get0_untrusted.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_init.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_crls.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_param.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_trusted_stack.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_untrusted.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_cert.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_chain.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_default.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_flags.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_trusted_stack.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_set_default_paths.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_up_ref.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_add_cert.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_add_crl.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_get0_objects.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_get0_param.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_get_ex_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_get_ex_new_index.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_set_depth.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_set_ex_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_set_flags.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_set_purpose.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_set_trust.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_set_verify_cb.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_add0_policy.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_add0_table.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_add1_host.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_clear_flags.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get0.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get0_name.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get0_peername.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get_count.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get_depth.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get_flags.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_lookup.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set1_email.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set1_host.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set1_ip.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set1_ip_asc.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set1_name.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set1_policies.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_depth.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_hostflags.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_purpose.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_time.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_trust.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_table_cleanup.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_check_email.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_check_ip.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_check_ip_asc.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_check_private_key.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_cmp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_match.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_cmp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_issuer_and_serial_cmp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_issuer_name_cmp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_subject_name_cmp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_cmp_current_time.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_time_adj.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_time_adj_ex.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_ISSUER_AND_SERIAL_digest.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_digest.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_digest.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_digest.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_pubkey_digest.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get0_lastUpdate.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get0_nextUpdate.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_set1_lastUpdate.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_set1_nextUpdate.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_get0_notAfter.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_getm_notAfter.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_getm_notBefore.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_set1_notAfter.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_set1_notBefore.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get0_signature.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get_signature_nid.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_get0_signature.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_get_signature_nid.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_get0_tbs_sigalg.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_get_signature_nid.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_email_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_get1_ocsp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_get_pubkey.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_set_pubkey.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_get0_pubkey.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_get_X509_PUBKEY.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_set_pubkey.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_set_serialNumber.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get_issuer.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_set_issuer_name.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_get_subject_name.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_set_subject_name.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_get_issuer_name.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_set_issuer_name.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_set_subject_name.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get_version.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_set_version.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_get_version.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_set_version.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_set_version.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_chain_up_ref.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_dup.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_up_ref.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_sign.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_sign_ctx.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_verify.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_sign.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_sign_ctx.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_verify.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_sign_ctx.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_verify.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_add_ext.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_delete_ext.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get_ext.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get_ext_by_NID.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get_ext_by_OBJ.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get_ext_by_critical.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get_ext_count.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_add_ext.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_delete_ext.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get_ext.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get_ext_by_NID.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get_ext_by_OBJ.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get_ext_by_critical.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get_ext_count.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_add_ext.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_delete_ext.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_get_ext.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_get_ext_by_NID.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_get_ext_by_OBJ.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_get_ext_by_critical.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_get_ext_count.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509v3_add_ext.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509v3_delete_ext.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509v3_get_ext.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509v3_get_ext_by_OBJ.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509v3_get_ext_by_critical.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509v3_get_ext_count.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/bn_add_words.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/bn_check_top.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/bn_cmp_words.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/bn_div_words.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/bn_expand.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/bn_expand2.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/bn_fix_top.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/bn_mul_add_words.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/bn_mul_comba4.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/bn_mul_comba8.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/bn_mul_high.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/bn_mul_low_normal.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/bn_mul_low_recursive.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/bn_mul_normal.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/bn_mul_part_recursive.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/bn_mul_recursive.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/bn_mul_words.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/bn_set_high.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/bn_set_low.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/bn_set_max.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/bn_sqr_comba4.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/bn_sqr_comba8.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/bn_sqr_normal.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/bn_sqr_recursive.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/bn_sqr_words.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/bn_sub_words.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/bn_wexpand.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/mul.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/mul_add.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/sqr.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_NULL.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_OBJECT.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_BIT_STRING.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_BMPSTRING.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_ENUMERATED.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_GENERALIZEDTIME.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_GENERALSTRING.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_IA5STRING.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_INTEGER.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_PRINTABLE.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_PRINTABLESTRING.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_T61STRING.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_TIME.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_UINTEGER.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_UNIVERSALSTRING.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_UTCTIME.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_UTF8STRING.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_VISIBLESTRING.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_DIRECTORYSTRING.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_DISPLAYTEXT.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_BIT_STRING.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_BMPSTRING.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_ENUMERATED.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_GENERALIZEDTIME.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_GENERALSTRING.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_IA5STRING.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_INTEGER.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_OCTET_STRING.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_PRINTABLE.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_PRINTABLESTRING.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_T61STRING.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_TIME.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_UNIVERSALSTRING.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_UTCTIME.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_UTF8STRING.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_VISIBLESTRING.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_DIRECTORYSTRING.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_DISPLAYTEXT.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_SET_ANY.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_SEQUENCE_ANY.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_SET_ANY.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_AUTHORITY_KEYID.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_EXTENDED_KEY_USAGE.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_BASIC_CONSTRAINTS.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_EXTENDED_KEY_USAGE.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_CMS_ReceiptRequest.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_CMS_bio.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_CMS_ContentInfo.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_CMS_ReceiptRequest.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_CMS_bio.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_DHparams.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ACCESS_DESCRIPTION.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_AUTHORITY_INFO_ACCESS.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_CRL_DIST_POINTS.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_DIST_POINT_NAME.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ISSUING_DIST_POINT.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ACCESS_DESCRIPTION.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_AUTHORITY_INFO_ACCESS.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_CRL_DIST_POINTS.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_DIST_POINT.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_DIST_POINT_NAME.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ISSUING_DIST_POINT.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DSAparams_dup.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_DSAPrivateKey.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_DSAPrivateKey_bio.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_DSAPrivateKey_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_DSA_PUBKEY.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_DSA_PUBKEY_bio.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_DSA_PUBKEY_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_DSA_SIG.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_DSAparams.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_DSAparams_bio.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_DSAparams_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_DSAPrivateKey.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_DSAPrivateKey_bio.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_DSAPrivateKey_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_DSAPublicKey.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_DSA_PUBKEY.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_DSA_PUBKEY_bio.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_DSA_PUBKEY_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_DSA_SIG.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_DSAparams.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_DSAparams_bio.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_DSAparams_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ECPKParameters_print.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ECPKParameters_print_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ECParameters_dup.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ECParameters_print.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/ECParameters_print_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ECPKParameters_bio.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ECPKParameters_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ECParameters.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ECPrivateKey.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ECPrivateKey_bio.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ECPrivateKey_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_EC_PUBKEY.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_EC_PUBKEY_bio.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_EC_PUBKEY_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ECPKParameters.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ECPKParameters_bio.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ECPKParameters_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ECParameters.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ECPrivateKey.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ECPrivateKey_bio.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ECPrivateKey_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_EC_PUBKEY.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_EC_PUBKEY_bio.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_EC_PUBKEY_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2o_ECPublicKey.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/o2i_ECPublicKey.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ESS_CERT_ID.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ESS_ISSUER_SERIAL.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ESS_CERT_ID.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ESS_ISSUER_SERIAL.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ESS_SIGNING_CERT.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_EDIPARTYNAME.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_GENERAL_NAMES.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_OTHERNAME.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_EDIPARTYNAME.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_GENERAL_NAME.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_GENERAL_NAMES.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_OTHERNAME.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_OCSP_CERTID.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_OCSP_ONEREQ.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_OCSP_REQINFO.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_OCSP_SERVICELOC.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_OCSP_SIGNATURE.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_OCSP_CERTID.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_OCSP_ONEREQ.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_OCSP_REQINFO.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_OCSP_REQUEST.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_OCSP_SERVICELOC.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_OCSP_SIGNATURE.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_OCSP_BASICRESP.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_OCSP_CERTSTATUS.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_OCSP_CRLID.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_OCSP_RESPBYTES.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_OCSP_RESPDATA.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_OCSP_RESPID.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_OCSP_REVOKEDINFO.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_OCSP_SINGLERESP.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_OCSP_BASICRESP.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_OCSP_CERTSTATUS.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_OCSP_CRLID.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_OCSP_RESPBYTES.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_OCSP_RESPDATA.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_OCSP_RESPID.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_OCSP_RESPONSE.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_OCSP_REVOKEDINFO.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_OCSP_SINGLERESP.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS12_BAGS.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS12_MAC_DATA.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS12_SAFEBAG.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS12_bio.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS12_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS12.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS12_BAGS.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS12_MAC_DATA.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS12_SAFEBAG.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS12_bio.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS12_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_DIGEST.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_ENCRYPT.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_ENC_CONTENT.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_ENVELOPE.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_ISSUER_AND_SERIAL.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_RECIP_INFO.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_SIGNED.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_SIGNER_INFO.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_SIGN_ENVELOPE.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_bio.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS7.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_DIGEST.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_ENCRYPT.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_ENC_CONTENT.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_ENVELOPE.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_ISSUER_AND_SERIAL.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_NDEF.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_RECIP_INFO.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_SIGNED.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_SIGNER_INFO.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_SIGN_ENVELOPE.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_bio.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS8PrivateKey_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKey_bio.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKey_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKey_nid_bio.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKey_nid_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS8_PRIV_KEY_INFO_bio.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS8_PRIV_KEY_INFO_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS8_PRIV_KEY_INFO.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS8_PRIV_KEY_INFO_bio.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS8_PRIV_KEY_INFO_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKEY_USAGE_PERIOD.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_CERTIFICATEPOLICIES.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_NOTICEREF.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_POLICYQUALINFO.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_USERNOTICE.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_CERTIFICATEPOLICIES.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_NOTICEREF.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_POLICYINFO.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_POLICYQUALINFO.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_USERNOTICE.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PROXY_CERT_INFO_EXTENSION.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PROXY_CERT_INFO_EXTENSION.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PROXY_POLICY.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_AutoPrivateKey.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PrivateKey_bio.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PrivateKey_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PublicKey.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKeyInfo_bio.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKeyInfo_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PrivateKey.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PublicKey.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_Netscape_RSA.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_RSAPrivateKey.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_RSAPrivateKey_bio.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_RSAPrivateKey_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_RSAPublicKey_bio.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_RSAPublicKey_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_RSA_PSS_PARAMS.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_RSA_PUBKEY.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_RSA_PUBKEY_bio.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_RSA_PUBKEY_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_Netscape_RSA.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_RSAPrivateKey.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_RSAPrivateKey_bio.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_RSAPrivateKey_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_RSAPublicKey.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_RSAPublicKey_bio.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_RSAPublicKey_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_RSA_PSS_PARAMS.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_RSA_PUBKEY.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_RSA_PUBKEY_bio.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_RSA_PUBKEY_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_SSL_SESSION.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_TS_ACCURACY.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_TS_MSG_IMPRINT.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_TS_MSG_IMPRINT_bio.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_TS_MSG_IMPRINT_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_TS_REQ_bio.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_TS_REQ_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_TS_RESP.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_TS_RESP_bio.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_TS_RESP_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_TS_STATUS_INFO.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_TS_TST_INFO.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_TS_TST_INFO_bio.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_TS_TST_INFO_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_TS_ACCURACY.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_TS_MSG_IMPRINT.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_TS_MSG_IMPRINT_bio.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_TS_MSG_IMPRINT_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_TS_REQ.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_TS_REQ_bio.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_TS_REQ_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_TS_RESP.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_TS_RESP_bio.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_TS_RESP_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_TS_STATUS_INFO.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_TS_TST_INFO.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_TS_TST_INFO_bio.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_TS_TST_INFO_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_AUX.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_CERT_AUX.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_CINF.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_VAL.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_bio.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_AUX.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_CERT_AUX.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_CINF.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_VAL.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_bio.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_ALGOR.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_ATTRIBUTE.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_CRL_INFO.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_CRL_bio.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_CRL_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_REVOKED.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_CRL.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_CRL_INFO.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_CRL_bio.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_CRL_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_REVOKED.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_EXTENSIONS.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_EXTENSION.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_EXTENSIONS.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_dup.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_dup.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_get0_der.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_hash.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_NAME_ENTRY.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_NAME.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_NAME_ENTRY.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_REQ_INFO.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_REQ_bio.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_REQ_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_REQ.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_REQ_INFO.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_REQ_bio.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_REQ_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS8_bio.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS8_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS8_bio.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS8_fp.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_SIG.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_read_pw_string.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/des_read_pw_string.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_get_rfc2409_prime_1024.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_get_rfc2409_prime_768.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_get_rfc3526_prime_1536.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_get_rfc3526_prime_2048.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_get_rfc3526_prime_3072.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_get_rfc3526_prime_4096.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_get_rfc3526_prime_6144.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BN_get_rfc3526_prime_8192.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/get_rfc2409_prime_1024.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/get_rfc2409_prime_768.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/get_rfc3526_prime_1536.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/get_rfc3526_prime_2048.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/get_rfc3526_prime_3072.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/get_rfc3526_prime_4096.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/get_rfc3526_prime_6144.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/DECLARE_LHASH_OF.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/LHASH_COMP_FN_TYPE.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/LHASH_DOALL_ARG_FN_TYPE.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/LHASH_DOALL_FN_TYPE.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/LHASH_HASH_FN_TYPE.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/lh_<type>_delete.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/lh_<type>_doall.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/lh_<type>_doall_arg.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/lh_<type>_error.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/lh_<type>_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/lh_<type>_insert.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/lh_<type>_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/lh_<type>_retrieve.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/lh_delete.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/lh_doall.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/lh_doall_arg.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/lh_error.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/lh_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/lh_insert.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/lh_retrieve.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/lh_node_stats.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/lh_node_stats_bio.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/lh_node_usage_stats.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/lh_node_usage_stats_bio.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/lh_stats_bio.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_accept_cbs.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_accept_fds.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_configure.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_reset.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_server.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_parse_protocols.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_prefer_ciphers_client.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_prefer_ciphers_server.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_alpn.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_ciphers.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_dheparams.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_ecdhecurves.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_add_ticket_key.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_session_fd.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_session_lifetime.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_insecure_noverifycert.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_insecure_noverifyname.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_insecure_noverifytime.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_conn_alpn_selected.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_conn_cipher.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_conn_cipher_strength.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_conn_servername.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_conn_session_resumed.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_cert_chain_pem.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_cert_contains_name.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_cert_hash.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_cert_issuer.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_cert_notafter.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_cert_notbefore.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_cert_provided.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_cert_subject.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_connect_cbs.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_connect_fds.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_connect_servername.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_connect_socket.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_error.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_add_keypair_file.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_add_keypair_mem.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_add_keypair_ocsp_file.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_add_keypair_ocsp_mem.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_clear_keys.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_ca_file.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_ca_mem.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_ca_path.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_cert_file.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_cert_mem.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_crl_file.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_crl_mem.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_key_file.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_key_mem.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_keypair_file.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_keypair_mem.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_keypair_ocsp_file.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_keypair_ocsp_mem.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_ocsp_staple_file.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_ocsp_staple_mem.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_verify_depth.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_verify_client.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_config_verify_client_optional.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_default_ca_cert_file.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_unload_file.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_cert_status.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_crl_reason.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_next_update.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_response_status.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_result.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_revocation_time.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_this_update.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_url.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_close.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_error.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_handshake.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_reset.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/tls_write.3"
diff --git a/man/tls_accept_socket.3 b/man/tls_accept_socket.3
new file mode 100644
index 0000000..931b934
--- /dev/null
+++ b/man/tls_accept_socket.3
@@ -0,0 +1,107 @@
+.\" $OpenBSD: tls_accept_socket.3,v 1.4 2018/05/26 12:35:26 schwarze Exp $
+.\"
+.\" Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
+.\" Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
+.\" Copyright (c) 2016 Brent Cook <bcook@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: May 26 2018 $
+.Dt TLS_ACCEPT_SOCKET 3
+.Os
+.Sh NAME
+.Nm tls_accept_socket ,
+.Nm tls_accept_fds ,
+.Nm tls_accept_cbs
+.Nd accept an incoming client connection in a TLS server
+.Sh SYNOPSIS
+.In tls.h
+.Ft int
+.Fo tls_accept_socket
+.Fa "struct tls *tls"
+.Fa "struct tls **cctx"
+.Fa "int socket"
+.Fc
+.Ft int
+.Fo tls_accept_fds
+.Fa "struct tls *tls"
+.Fa "struct tls **cctx"
+.Fa "int fd_read"
+.Fa "int fd_write"
+.Fc
+.Ft int
+.Fo tls_accept_cbs
+.Fa "struct tls *tls"
+.Fa "struct tls **cctx"
+.Fa "ssize_t (*tls_read_cb)(struct tls *ctx,\
+ void *buf, size_t buflen, void *cb_arg)"
+.Fa "ssize_t (*tls_write_cb)(struct tls *ctx,\
+ const void *buf, size_t buflen, void *cb_arg)"
+.Fa "void *cb_arg"
+.Fc
+.Sh DESCRIPTION
+After creating a TLS server context
+.Fa tls
+with
+.Xr tls_server 3
+and configuring it with
+.Xr tls_configure 3 ,
+a server can accept a new client connection by calling
+.Fn tls_accept_socket
+on an already established socket connection.
+.Pp
+Alternatively, a new client connection can be accepted over a pair of existing
+file descriptors by calling
+.Fn tls_accept_fds .
+.Pp
+Calling
+.Fn tls_accept_cbs
+allows read and write callback functions to handle data transfers.
+The specified
+.Fa cb_arg
+parameter is passed back to the functions,
+and can contain a pointer to any caller-specified data.
+.Pp
+All these functions create a new context suitable for reading and writing
+and return it in
+.Pf * Fa cctx .
+.Sh RETURN VALUES
+These functions return 0 on success or -1 on error.
+.Sh SEE ALSO
+.Xr tls_close 3 ,
+.Xr tls_config_set_session_id 3 ,
+.Xr tls_configure 3 ,
+.Xr tls_connect 3 ,
+.Xr tls_init 3 ,
+.Xr tls_server 3
+.Sh HISTORY
+.Fn tls_accept_socket
+appeared in
+.Ox 5.6
+and got its final name in
+.Ox 5.7 .
+.Pp
+.Fn tls_accept_fds
+appeared in
+.Ox 5.8
+and
+.Fn tls_accept_cbs
+in
+.Ox 6.1 .
+.Sh AUTHORS
+.An Joel Sing Aq Mt jsing@openbsd.org
+.Pp
+.An -nosplit
+.Fn tls_accept_cbs
+was written by
+.An Tobias Pape Aq Mt tobias@netshed.de .
diff --git a/man/tls_client.3 b/man/tls_client.3
new file mode 100644
index 0000000..98f58d4
--- /dev/null
+++ b/man/tls_client.3
@@ -0,0 +1,110 @@
+.\" $OpenBSD: tls_client.3,v 1.4 2017/08/12 03:41:48 jsing Exp $
+.\"
+.\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: August 12 2017 $
+.Dt TLS_CLIENT 3
+.Os
+.Sh NAME
+.Nm tls_client ,
+.Nm tls_server ,
+.Nm tls_configure ,
+.Nm tls_reset ,
+.Nm tls_free
+.Nd configure a TLS connection
+.Sh SYNOPSIS
+.In tls.h
+.Ft struct tls *
+.Fn tls_client void
+.Ft struct tls *
+.Fn tls_server void
+.Ft int
+.Fo tls_configure
+.Fa "struct tls *ctx"
+.Fa "struct tls_config *config"
+.Fc
+.Ft void
+.Fn tls_free "struct tls *ctx"
+.Ft void
+.Fn tls_reset "struct tls *ctx"
+.Sh DESCRIPTION
+A TLS connection is represented as a
+.Vt struct tls
+object called a
+.Dq context .
+A new context is created by either the
+.Fn tls_client
+or
+.Fn tls_server
+functions.
+.Fn tls_client
+is used in TLS client programs,
+.Fn tls_server
+in TLS server programs.
+.Pp
+The context can then be configured with the function
+.Fn tls_configure .
+The same
+.Vt tls_config
+object can be used to configure multiple contexts.
+.Pp
+After configuration,
+.Xr tls_connect 3
+can be called on objects created with
+.Fn tls_client ,
+and
+.Xr tls_accept_socket 3
+on objects created with
+.Fn tls_server .
+.Pp
+After use, a TLS context should be closed with
+.Xr tls_close 3 ,
+and then freed by calling
+.Fn tls_free .
+If
+.Fn tls_free
+is called with an argument of
+.Dv NULL ,
+no action occurs.
+.Pp
+A TLS context can be reset by calling
+.Fn tls_reset ,
+allowing for it to be reused.
+This is essentially equivalent to calling
+.Fn tls_free ,
+followed by a call to the same function that was used to originally allocate
+the TLS context.
+.Sh RETURN VALUES
+.Fn tls_client
+and
+.Fn tls_server
+return
+.Dv NULL
+on error or an out of memory condition.
+.Pp
+.Fn tls_configure
+returns 0 on success or -1 on error.
+.Sh SEE ALSO
+.Xr tls_accept_socket 3 ,
+.Xr tls_config_new 3 ,
+.Xr tls_connect 3 ,
+.Xr tls_init 3
+.Sh HISTORY
+These functions appeared in
+.Ox 5.6
+and got their final names in
+.Ox 5.7 .
+.Sh AUTHORS
+.An Joel Sing Aq Mt jsing@openbsd.org
diff --git a/man/tls_config_ocsp_require_stapling.3 b/man/tls_config_ocsp_require_stapling.3
new file mode 100644
index 0000000..a0694d3
--- /dev/null
+++ b/man/tls_config_ocsp_require_stapling.3
@@ -0,0 +1,40 @@
+.\" $OpenBSD: tls_config_ocsp_require_stapling.3,v 1.5 2017/01/31 20:53:50 jmc Exp $
+.\"
+.\" Copyright (c) 2016 Bob Beck <beck@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: January 31 2017 $
+.Dt TLS_CONFIG_OCSP_REQUIRE_STAPLING 3
+.Os
+.Sh NAME
+.Nm tls_config_ocsp_require_stapling
+.Nd OCSP configuration for libtls
+.Sh SYNOPSIS
+.In tls.h
+.Ft void
+.Fn tls_config_ocsp_require_stapling "struct tls_config *config"
+.Sh DESCRIPTION
+.Fn tls_config_ocsp_require_stapling
+requires that a valid stapled OCSP response be provided
+during the TLS handshake.
+.Sh SEE ALSO
+.Xr tls_config_add_keypair_file 3 ,
+.Xr tls_handshake 3 ,
+.Xr tls_init 3 ,
+.Xr tls_ocsp_process_response 3
+.Sh HISTORY
+These functions appeared in
+.Ox 6.1 .
+.Sh AUTHORS
+.An Bob Beck Aq Mt beck@openbsd.org
diff --git a/man/tls_config_set_protocols.3 b/man/tls_config_set_protocols.3
new file mode 100644
index 0000000..0aed5b9
--- /dev/null
+++ b/man/tls_config_set_protocols.3
@@ -0,0 +1,197 @@
+.\" $OpenBSD: tls_config_set_protocols.3,v 1.8 2020/01/22 06:46:34 beck Exp $
+.\"
+.\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
+.\" Copyright (c) 2015, 2016 Joel Sing <jsing@openbsd.org>
+.\" Copyright (c) 2015 Bob Beck <beck@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: January 22 2020 $
+.Dt TLS_CONFIG_SET_PROTOCOLS 3
+.Os
+.Sh NAME
+.Nm tls_config_set_protocols ,
+.Nm tls_config_parse_protocols ,
+.Nm tls_config_set_alpn ,
+.Nm tls_config_set_ciphers ,
+.Nm tls_config_set_dheparams ,
+.Nm tls_config_set_ecdhecurves ,
+.Nm tls_config_prefer_ciphers_client ,
+.Nm tls_config_prefer_ciphers_server
+.Nd TLS protocol and cipher selection
+.Sh SYNOPSIS
+.In tls.h
+.Ft int
+.Fo tls_config_set_protocols
+.Fa "struct tls_config *config"
+.Fa "uint32_t protocols"
+.Fc
+.Ft int
+.Fo tls_config_parse_protocols
+.Fa "uint32_t *protocols"
+.Fa "const char *protostr"
+.Fc
+.Ft int
+.Fo tls_config_set_alpn
+.Fa "struct tls_config *config"
+.Fa "const char *alpn"
+.Fc
+.Ft int
+.Fo tls_config_set_ciphers
+.Fa "struct tls_config *config"
+.Fa "const char *ciphers"
+.Fc
+.Ft int
+.Fo tls_config_set_dheparams
+.Fa "struct tls_config *config"
+.Fa "const char *params"
+.Fc
+.Ft int
+.Fo tls_config_set_ecdhecurves
+.Fa "struct tls_config *config"
+.Fa "const char *curves"
+.Fc
+.Ft void
+.Fn tls_config_prefer_ciphers_client "struct tls_config *config"
+.Ft void
+.Fn tls_config_prefer_ciphers_server "struct tls_config *config"
+.Sh DESCRIPTION
+These functions modify a configuration by setting parameters.
+The configuration options apply to both clients and servers, unless noted
+otherwise.
+.Pp
+.Fn tls_config_set_protocols
+specifies which versions of the TLS protocol may be used.
+Possible values are the bitwise OR of:
+.Pp
+.Bl -tag -width "TLS_PROTOCOL_TLSv1_2" -offset indent -compact
+.It Dv TLS_PROTOCOL_TLSv1_0
+.It Dv TLS_PROTOCOL_TLSv1_1
+.It Dv TLS_PROTOCOL_TLSv1_2
+.It Dv TLS_PROTOCOL_TLSv1_3
+.El
+.Pp
+Additionally, the values
+.Dv TLS_PROTOCOL_TLSv1
+(TLSv1.0, TLSv1.1, TLSv1.2, TLSv1.3),
+.Dv TLS_PROTOCOLS_ALL
+(all supported protocols) and
+.Dv TLS_PROTOCOLS_DEFAULT
+(TLSv1.2 and TLSv1.3) may be used.
+.Pp
+The
+.Fn tls_config_parse_protocols
+utility function parses a protocol string and returns the corresponding
+value via the
+.Ar protocols
+argument.
+This value can then be passed to the
+.Fn tls_config_set_protocols
+function.
+The protocol string is a comma or colon separated list of keywords.
+Valid keywords are tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3, all (all supported
+protocols), default (an alias for secure), legacy (an alias for all) and
+secure (currently TLSv1.2 and TLSv1.3).
+If a value has a negative prefix (in the form of a leading exclamation mark)
+then it is removed from the list of available protocols, rather than being
+added to it.
+.Pp
+.Fn tls_config_set_alpn
+sets the ALPN protocols that are supported.
+The alpn string is a comma separated list of protocols, in order of preference.
+.Pp
+.Fn tls_config_set_ciphers
+sets the list of ciphers that may be used.
+Lists of ciphers are specified by name, and the
+permitted names are:
+.Pp
+.Bl -tag -width "insecure" -offset indent -compact
+.It Dv "secure" (or alias "default")
+.It Dv "compat"
+.It Dv "legacy"
+.It Dv "insecure" (or alias "all")
+.El
+.Pp
+Alternatively, libssl cipher strings can be specified.
+See the CIPHERS section of
+.Xr openssl 1
+for further information.
+.Pp
+.Fn tls_config_set_dheparams
+specifies the parameters that will be used during Diffie-Hellman Ephemeral
+(DHE) key exchange.
+Possible values are "none", "auto" and "legacy".
+In "auto" mode, the key size for the ephemeral key is automatically selected
+based on the size of the private key being used for signing.
+In "legacy" mode, 1024 bit ephemeral keys are used.
+The default value is "none", which disables DHE key exchange.
+.Pp
+.Fn tls_config_set_ecdhecurves
+specifies the names of the elliptic curves that may be used during Elliptic
+Curve Diffie-Hellman Ephemeral (ECDHE) key exchange.
+This is a comma separated list, given in order of preference.
+The special value of "default" will use the default curves (currently X25519,
+P-256 and P-384).
+This function replaces
+.Fn tls_config_set_ecdhecurve ,
+which is deprecated.
+.Pp
+.Fn tls_config_prefer_ciphers_client
+prefers ciphers in the client's cipher list when selecting a cipher suite
+(server only).
+This is considered to be less secure than preferring the server's list.
+.Pp
+.Fn tls_config_prefer_ciphers_server
+prefers ciphers in the server's cipher list when selecting a cipher suite
+(server only).
+This is considered to be more secure than preferring the client's list and is
+the default.
+.Sh RETURN VALUES
+These functions return 0 on success or -1 on error.
+.Sh SEE ALSO
+.Xr tls_config_ocsp_require_stapling 3 ,
+.Xr tls_config_set_session_id 3 ,
+.Xr tls_config_verify 3 ,
+.Xr tls_init 3 ,
+.Xr tls_load_file 3
+.Sh HISTORY
+.Fn tls_config_set_ciphers
+appeared in
+.Ox 5.6
+and got its final name in
+.Ox 5.7 .
+.Pp
+.Fn tls_config_set_protocols ,
+.Fn tls_config_parse_protocols ,
+.Fn tls_config_set_dheparams ,
+and
+.Fn tls_config_set_ecdhecurve
+appeared in
+.Ox 5.7 ,
+.Fn tls_config_prefer_ciphers_client
+and
+.Fn tls_config_prefer_ciphers_server
+in
+.Ox 5.9 ,
+and
+.Fn tls_config_set_alpn
+in
+.Ox 6.1 .
+.Sh AUTHORS
+.An Joel Sing Aq Mt jsing@openbsd.org
+with contributions from
+.An Ted Unangst Aq Mt tedu@openbsd.org
+.Pq Fn tls_config_set_ciphers
+and
+.An Reyk Floeter Aq Mt reyk@openbsd.org
+.Pq Fn tls_config_set_ecdhecurve
diff --git a/man/tls_config_set_session_id.3 b/man/tls_config_set_session_id.3
new file mode 100644
index 0000000..d969e01
--- /dev/null
+++ b/man/tls_config_set_session_id.3
@@ -0,0 +1,105 @@
+.\" $OpenBSD: tls_config_set_session_id.3,v 1.5 2018/02/10 06:07:43 jsing Exp $
+.\"
+.\" Copyright (c) 2017 Claudio Jeker <claudio@openbsd.org>
+.\" Copyright (c) 2018 Joel Sing <jsing@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: February 10 2018 $
+.Dt TLS_CONFIG_SET_SESSION_ID 3
+.Os
+.Sh NAME
+.Nm tls_config_set_session_fd ,
+.Nm tls_config_set_session_id ,
+.Nm tls_config_set_session_lifetime ,
+.Nm tls_config_add_ticket_key
+.Nd configure resuming of TLS handshakes
+.Sh SYNOPSIS
+.In tls.h
+.Ft int
+.Fo tls_config_set_session_fd
+.Fa "struct tls_config *config"
+.Fa "int session_fd"
+.Fc
+.Ft int
+.Fo tls_config_set_session_id
+.Fa "struct tls_config *config"
+.Fa "const unsigned char *session_id"
+.Fa "size_t len"
+.Fc
+.Ft int
+.Fo tls_config_set_session_lifetime
+.Fa "struct tls_config *config"
+.Fa "int lifetime"
+.Fc
+.Ft int
+.Fo tls_config_add_ticket_key
+.Fa "struct tls_config *config"
+.Fa "uint32_t keyrev"
+.Fa "unsigned char *key"
+.Fa "size_t keylen"
+.Fc
+.Sh DESCRIPTION
+.Fn tls_config_set_session_fd
+sets a file descriptor to be used to manage data for TLS sessions (client only).
+The given file descriptor must be a regular file and be owned by the current
+user, with permissions being restricted to only allow the owner to read and
+write the file (0600).
+If the file has a non-zero length, the client will attempt to read session
+data from this file and resume the previous TLS session with the server.
+Upon a successful handshake the file will be updated with current session
+data, if available.
+The caller is responsible for closing this file descriptor, after all TLS
+contexts that have been configured to use it have been freed via
+.Fn tls_free .
+.Pp
+.Fn tls_config_set_session_id
+sets the session identifier that will be used by the TLS server when
+sessions are enabled (server only).
+By default a random value is used.
+.Pp
+.Fn tls_config_set_session_lifetime
+sets the lifetime to be used for TLS sessions (server only).
+Session support is disabled if a lifetime of zero is specified, which is the
+default.
+.Pp
+.Fn tls_config_add_ticket_key
+adds a key used for the encryption and authentication of TLS tickets
+(server only).
+By default keys are generated and rotated automatically based on their lifetime.
+This function should only be used to synchronise ticket encryption key across
+multiple processes.
+Re-adding a known key will result in an error, unless it is the most recently
+added key.
+.Sh RETURN VALUES
+These functions return 0 on success or -1 on error.
+.Sh SEE ALSO
+.Xr tls_accept_socket 3 ,
+.Xr tls_config_set_protocols 3 ,
+.Xr tls_init 3 ,
+.Xr tls_load_file 3 ,
+.Xr tls_server 3
+.Sh HISTORY
+.Fn tls_config_set_session_id ,
+.Fn tls_config_set_session_lifetime
+and
+.Fn tls_config_add_ticket_key
+appeared in
+.Ox 6.1 .
+.Pp
+.Fn tls_config_set_session_fd
+appeared in
+.Ox 6.3 .
+.Sh AUTHORS
+.An Claudio Jeker Aq Mt claudio@openbsd.org
+.An Joel Sing Aq Mt jsing@openbsd.org
diff --git a/man/tls_config_verify.3 b/man/tls_config_verify.3
new file mode 100644
index 0000000..4a43c83
--- /dev/null
+++ b/man/tls_config_verify.3
@@ -0,0 +1,79 @@
+.\" $OpenBSD: tls_config_verify.3,v 1.4 2017/03/02 11:05:50 jmc Exp $
+.\"
+.\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
+.\" Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: March 2 2017 $
+.Dt TLS_CONFIG_VERIFY 3
+.Os
+.Sh NAME
+.Nm tls_config_verify ,
+.Nm tls_config_insecure_noverifycert ,
+.Nm tls_config_insecure_noverifyname ,
+.Nm tls_config_insecure_noverifytime
+.Nd insecure TLS configuration
+.Sh SYNOPSIS
+.In tls.h
+.Ft void
+.Fn tls_config_verify "struct tls_config *config"
+.Ft void
+.Fn tls_config_insecure_noverifycert "struct tls_config *config"
+.Ft void
+.Fn tls_config_insecure_noverifyname "struct tls_config *config"
+.Ft void
+.Fn tls_config_insecure_noverifytime "struct tls_config *config"
+.Sh DESCRIPTION
+These functions disable parts of the normal certificate verification
+process, resulting in insecure configurations.
+Be very careful when using them.
+.Pp
+.Fn tls_config_insecure_noverifycert
+disables certificate verification and OCSP validation.
+.Pp
+.Fn tls_config_insecure_noverifyname
+disables server name verification (client only).
+.Pp
+.Fn tls_config_insecure_noverifytime
+disables validity checking of certificates and OCSP validation.
+.Pp
+.Fn tls_config_verify
+reenables server name and certificate verification.
+.Sh SEE ALSO
+.Xr tls_client 3 ,
+.Xr tls_config_ocsp_require_stapling 3 ,
+.Xr tls_config_set_protocols 3 ,
+.Xr tls_conn_version 3 ,
+.Xr tls_connect 3 ,
+.Xr tls_handshake 3 ,
+.Xr tls_init 3
+.Sh HISTORY
+.Fn tls_config_verify
+appeared in
+.Ox 5.6
+and got its final name in
+.Ox 5.7 .
+.Pp
+.Fn tls_config_insecure_noverifycert
+and
+.Fn tls_config_insecure_noverifyname
+appeared in
+.Ox 5.7
+and
+.Nm tls_config_insecure_noverifytime
+in
+.Ox 5.9 .
+.Sh AUTHORS
+.An Joel Sing Aq Mt jsing@openbsd.org
+.An Ted Unangst Aq Mt tedu@openbsd.org
diff --git a/man/tls_conn_version.3 b/man/tls_conn_version.3
new file mode 100644
index 0000000..9ab6932
--- /dev/null
+++ b/man/tls_conn_version.3
@@ -0,0 +1,214 @@
+.\" $OpenBSD: tls_conn_version.3,v 1.10 2019/11/02 13:43:14 jsing Exp $
+.\"
+.\" Copyright (c) 2015 Bob Beck <beck@openbsd.org>
+.\" Copyright (c) 2016, 2018 Joel Sing <jsing@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: November 2 2019 $
+.Dt TLS_CONN_VERSION 3
+.Os
+.Sh NAME
+.Nm tls_conn_version ,
+.Nm tls_conn_cipher ,
+.Nm tls_conn_cipher_strength ,
+.Nm tls_conn_alpn_selected ,
+.Nm tls_conn_servername ,
+.Nm tls_conn_session_resumed ,
+.Nm tls_peer_cert_provided ,
+.Nm tls_peer_cert_contains_name ,
+.Nm tls_peer_cert_chain_pem ,
+.Nm tls_peer_cert_issuer ,
+.Nm tls_peer_cert_subject ,
+.Nm tls_peer_cert_hash ,
+.Nm tls_peer_cert_notbefore ,
+.Nm tls_peer_cert_notafter
+.Nd inspect an established TLS connection
+.Sh SYNOPSIS
+.In tls.h
+.Ft const char *
+.Fn tls_conn_version "struct tls *ctx"
+.Ft const char *
+.Fn tls_conn_cipher "struct tls *ctx"
+.Ft int
+.Fn tls_conn_cipher_strength "struct tls *ctx"
+.Ft const char *
+.Fn tls_conn_alpn_selected "struct tls *ctx"
+.Ft const char *
+.Fn tls_conn_servername "struct tls *ctx"
+.Ft int
+.Fn tls_conn_session_resumed "struct tls *ctx"
+.Ft int
+.Fn tls_peer_cert_provided "struct tls *ctx"
+.Ft int
+.Fo tls_peer_cert_contains_name
+.Fa "struct tls *ctx"
+.Fa "const char *name"
+.Fc
+.Ft const uint8_t *
+.Fo tls_peer_cert_chain_pem
+.Fa "struct tls *ctx"
+.Fa "size_t *size"
+.Fc
+.Ft const char *
+.Fn tls_peer_cert_issuer "struct tls *ctx"
+.Ft const char *
+.Fn tls_peer_cert_subject "struct tls *ctx"
+.Ft const char *
+.Fn tls_peer_cert_hash "struct tls *ctx"
+.Ft time_t
+.Fn tls_peer_cert_notbefore "struct tls *ctx"
+.Ft time_t
+.Fn tls_peer_cert_notafter "struct tls *ctx"
+.Sh DESCRIPTION
+These functions return information about a TLS connection and will only
+succeed after the handshake is complete (the connection information applies
+to both clients and servers, unless noted otherwise):
+.Pp
+.Fn tls_conn_version
+returns a string corresponding to a TLS version negotiated with the peer
+connected to
+.Ar ctx .
+.Pp
+.Fn tls_conn_cipher
+returns a string corresponding to the cipher suite negotiated with the peer
+connected to
+.Ar ctx .
+.Pp
+.Fn tls_conn_cipher_strength
+returns the strength in bits for the symmetric cipher that is being
+used with the peer connected to
+.Ar ctx .
+.Pp
+.Fn tls_conn_alpn_selected
+returns a string that specifies the ALPN protocol selected for use with the peer
+connected to
+.Ar ctx .
+If no protocol was selected then NULL is returned.
+.Pp
+.Fn tls_conn_servername
+returns a string corresponding to the servername that the client connected to
+.Ar ctx
+requested by sending a TLS Server Name Indication extension (server only).
+.Pp
+.Fn tls_conn_session_resumed
+indicates whether a TLS session has been resumed during the handshake with
+the server connected to
+.Ar ctx
+(client only).
+.Pp
+.Fn tls_peer_cert_provided
+checks if the peer of
+.Ar ctx
+has provided a certificate.
+.Pp
+.Fn tls_peer_cert_contains_name
+checks if the peer of a TLS
+.Ar ctx
+has provided a certificate that contains a
+SAN or CN that matches
+.Ar name .
+.Pp
+.Fn tls_peer_cert_chain_pem
+returns a pointer to memory containing a PEM-encoded certificate chain for the
+peer certificate from
+.Ar ctx .
+.Pp
+.Fn tls_peer_cert_subject
+returns a string
+corresponding to the subject of the peer certificate from
+.Ar ctx .
+.Pp
+.Fn tls_peer_cert_issuer
+returns a string
+corresponding to the issuer of the peer certificate from
+.Ar ctx .
+.Pp
+.Fn tls_peer_cert_hash
+returns a string
+corresponding to a hash of the raw peer certificate from
+.Ar ctx
+prefixed by a hash name followed by a colon.
+The hash currently used is SHA256, though this
+could change in the future.
+The hash string for a certificate in file
+.Ar mycert.crt
+can be generated using the commands:
+.Bd -literal -offset indent
+h=$(openssl x509 -outform der -in mycert.crt | sha256)
+printf "SHA256:${h}\\n"
+.Ed
+.Pp
+.Fn tls_peer_cert_notbefore
+returns the time corresponding to the start of the validity period of
+the peer certificate from
+.Ar ctx .
+.Pp
+.Fn tls_peer_cert_notafter
+returns the time corresponding to the end of the validity period of
+the peer certificate from
+.Ar ctx .
+.Sh RETURN VALUES
+The
+.Fn tls_conn_session_resumed
+function returns 1 if a TLS session was resumed or 0 if it was not.
+.Pp
+The
+.Fn tls_peer_cert_provided
+and
+.Fn tls_peer_cert_contains_name
+functions return 1 if the check succeeds or 0 if it does not.
+.Pp
+.Fn tls_peer_cert_notbefore
+and
+.Fn tls_peer_cert_notafter
+return a time in epoch-seconds on success or -1 on error.
+.Pp
+The functions that return a pointer return
+.Dv NULL
+on error or an out of memory condition.
+.Sh SEE ALSO
+.Xr tls_configure 3 ,
+.Xr tls_handshake 3 ,
+.Xr tls_init 3 ,
+.Xr tls_ocsp_process_response 3
+.Sh HISTORY
+.Fn tls_conn_version ,
+.Fn tls_conn_cipher ,
+.Fn tls_peer_cert_provided ,
+.Fn tls_peer_cert_contains_name ,
+.Fn tls_peer_cert_issuer ,
+.Fn tls_peer_cert_subject ,
+.Fn tls_peer_cert_hash ,
+.Fn tls_peer_cert_notbefore ,
+and
+.Fn tls_peer_cert_notafter
+appeared in
+.Ox 5.9 .
+.Pp
+.Fn tls_conn_servername
+and
+.Fn tls_conn_alpn_selected
+appeared in
+.Ox 6.1 .
+.Pp
+.Fn tls_conn_session_resumed
+appeared in
+.Ox 6.3 .
+.Pp
+.Fn tls_conn_cipher_strength
+appeared in
+.Ox 6.7 .
+.Sh AUTHORS
+.An Bob Beck Aq Mt beck@openbsd.org
+.An Joel Sing Aq Mt jsing@openbsd.org
diff --git a/man/tls_connect.3 b/man/tls_connect.3
new file mode 100644
index 0000000..4c4f01c
--- /dev/null
+++ b/man/tls_connect.3
@@ -0,0 +1,144 @@
+.\" $OpenBSD: tls_connect.3,v 1.4 2018/07/09 19:51:18 tb Exp $
+.\"
+.\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
+.\" Copyright (c) 2014, 2015 Joel Sing <jsing@openbsd.org>
+.\" Copyright (c) 2016 Brent Cook <bcook@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: July 9 2018 $
+.Dt TLS_CONNECT 3
+.Os
+.Sh NAME
+.Nm tls_connect ,
+.Nm tls_connect_fds ,
+.Nm tls_connect_servername ,
+.Nm tls_connect_socket ,
+.Nm tls_connect_cbs
+.Nd instruct a TLS client to establish a connection
+.Sh SYNOPSIS
+.In tls.h
+.Ft int
+.Fo tls_connect
+.Fa "struct tls *ctx"
+.Fa "const char *host"
+.Fa "const char *port"
+.Fc
+.Ft int
+.Fo tls_connect_fds
+.Fa "struct tls *ctx"
+.Fa "int fd_read"
+.Fa "int fd_write"
+.Fa "const char *servername"
+.Fc
+.Ft int
+.Fo tls_connect_servername
+.Fa "struct tls *ctx"
+.Fa "const char *host"
+.Fa "const char *port"
+.Fa "const char *servername"
+.Fc
+.Ft int
+.Fo tls_connect_socket
+.Fa "struct tls *ctx"
+.Fa "int s"
+.Fa "const char *servername"
+.Fc
+.Ft int
+.Fo tls_connect_cbs
+.Fa "struct tls *ctx"
+.Fa "ssize_t (*tls_read_cb)(struct tls *ctx,\
+ void *buf, size_t buflen, void *cb_arg)"
+.Fa "ssize_t (*tls_write_cb)(struct tls *ctx,\
+ const void *buf, size_t buflen, void *cb_arg)"
+.Fa "void *cb_arg"
+.Fa "const char *servername"
+.Fc
+.Sh DESCRIPTION
+After creating a TLS client context with
+.Xr tls_client 3
+and configuring it with
+.Xr tls_configure 3 ,
+a client connection is initiated by calling
+.Fn tls_connect .
+This function will create a new socket, connect to the specified
+.Fa host
+and
+.Fa port ,
+and then establish a secure connection.
+The
+.Fa port
+may be numeric or a service name.
+If it is
+.Dv NULL ,
+then a
+.Fa host
+of the format "hostname:port" is permitted.
+The name to use for verification is inferred from the
+.Ar host
+value.
+.Pp
+The
+.Fn tls_connect_servername
+function has the same behaviour, however the name to use for verification is
+explicitly provided, for the case where the TLS server name differs from the
+DNS name.
+.Pp
+An already existing socket can be upgraded to a secure connection by calling
+.Fn tls_connect_socket .
+.Pp
+Alternatively, a secure connection can be established over a pair of existing
+file descriptors by calling
+.Fn tls_connect_fds .
+.Pp
+Calling
+.Fn tls_connect_cbs
+allows read and write callback functions to handle data transfers.
+The specified cb_arg parameter is passed back to the functions,
+and can contain a pointer to any caller-specified data.
+.Sh RETURN VALUES
+These functions return 0 on success or -1 on error.
+.Sh SEE ALSO
+.Xr tls_accept_socket 3 ,
+.Xr tls_client 3 ,
+.Xr tls_close 3 ,
+.Xr tls_config_ocsp_require_stapling 3 ,
+.Xr tls_configure 3 ,
+.Xr tls_handshake 3 ,
+.Xr tls_init 3
+.Sh HISTORY
+.Fn tls_connect
+and
+.Fn tls_connect_socket
+appeared in
+.Ox 5.6
+and got their final names in
+.Ox 5.7 .
+.Pp
+.Fn tls_connect_fds
+and
+.Fn tls_connect_servername
+appeared in
+.Ox 5.7
+and
+.Fn tls_connect_cbs
+in
+.Ox 6.1 .
+.Sh AUTHORS
+.An Joel Sing Aq Mt jsing@openbsd.org
+.An Reyk Floeter Aq Mt reyk@openbsd.org
+.Pp
+.An -nosplit
+.Fn tls_connect_cbs
+was written by
+.An Tobias Pape Aq Mt tobias@netshed.de .
diff --git a/man/tls_init.3 b/man/tls_init.3
new file mode 100644
index 0000000..5579981
--- /dev/null
+++ b/man/tls_init.3
@@ -0,0 +1,180 @@
+.\" $OpenBSD: tls_init.3,v 1.13 2018/07/09 19:47:20 tb Exp $
+.\"
+.\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
+.\" Copyright (c) 2016 Joel Sing <jsing@openbsd.org>
+.\" Copyright (c) 2017 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: July 9 2018 $
+.Dt TLS_INIT 3
+.Os
+.Sh NAME
+.Nm tls_init ,
+.Nm tls_config_new ,
+.Nm tls_config_free ,
+.Nm tls_config_error
+.Nd initialize TLS client and server API
+.Sh SYNOPSIS
+.In tls.h
+.Ft int
+.Fn tls_init void
+.Ft struct tls_config *
+.Fn tls_config_new void
+.Ft void
+.Fn tls_config_free "struct tls_config *config"
+.Ft const char *
+.Fn tls_config_error "struct tls_config *config"
+.Sh DESCRIPTION
+The
+.Nm tls
+family of functions establishes a secure communications channel
+using the TLS socket protocol.
+Both clients and servers are supported.
+.Pp
+The
+.Fn tls_init
+function initializes global data structures.
+It is no longer necessary to call this function directly,
+since it is invoked internally when needed.
+It may be called more than once, and may be called concurrently.
+.Pp
+Before a connection is created, a configuration must be created.
+The
+.Fn tls_config_new
+function allocates, initializes, and returns a new default configuration
+object that can be used for future connections.
+Several functions exist to change the options of the configuration; see
+.Xr tls_config_set_protocols 3 ,
+.Xr tls_load_file 3 ,
+.Xr tls_config_ocsp_require_stapling 3 ,
+and
+.Xr tls_config_verify 3 .
+.Pp
+The
+.Fn tls_config_error
+function may be used to retrieve a string containing more information
+about the most recent error relating to a configuration.
+.Pp
+A TLS connection object is created by
+.Xr tls_client 3
+or
+.Xr tls_server 3
+and configured with
+.Xr tls_configure 3 .
+.Pp
+A client connection is initiated after configuration by calling
+.Xr tls_connect 3 .
+A server can accept a new client connection by calling
+.Xr tls_accept_socket 3
+on an already established socket connection.
+.Pp
+Two functions are provided for input and output,
+.Xr tls_read 3
+and
+.Xr tls_write 3 .
+Both automatically perform the
+.Xr tls_handshake 3
+when needed.
+.Pp
+The properties of established TLS connections
+can be inspected with the functions described in
+.Xr tls_conn_version 3
+and
+.Xr tls_ocsp_process_response 3 .
+.Pp
+After use, a TLS connection should be closed with
+.Xr tls_close 3
+and then freed by calling
+.Xr tls_free 3 .
+.Pp
+When no more contexts are to be configured,
+the configuration object should be freed by calling
+.Fn tls_config_free .
+It is safe to call
+.Fn tls_config_free
+as soon as the final call to
+.Fn tls_configure
+has been made.
+If
+.Fa config
+is
+.Dv NULL ,
+no action occurs.
+.Sh RETURN VALUES
+.Fn tls_init
+returns 0 on success or -1 on error.
+.Pp
+.Fn tls_config_new
+returns
+.Dv NULL
+on error or an out of memory condition.
+.Pp
+.Fn tls_config_error
+returns
+.Dv NULL
+if no error occurred with
+.Fa config
+at all, or if memory allocation failed while trying to assemble the
+string describing the most recent error related to
+.Fa config .
+.Sh SEE ALSO
+.Xr tls_accept_socket 3 ,
+.Xr tls_client 3 ,
+.Xr tls_config_ocsp_require_stapling 3 ,
+.Xr tls_config_set_protocols 3 ,
+.Xr tls_config_verify 3 ,
+.Xr tls_conn_version 3 ,
+.Xr tls_connect 3 ,
+.Xr tls_load_file 3 ,
+.Xr tls_ocsp_process_response 3 ,
+.Xr tls_read 3
+.Sh HISTORY
+The
+.Nm tls
+API first appeared in
+.Ox 5.6
+as a response to the unnecessary challenges other APIs present in
+order to use them safely.
+.Pp
+All functions were renamed from
+.Fn ressl_*
+to
+.Fn tls_*
+for
+.Ox 5.7 .
+.Pp
+.Fn tls_config_error
+appeared in
+.Ox 6.0 .
+.Sh AUTHORS
+.An Joel Sing Aq Mt jsing@openbsd.org
+.An Ted Unangst Aq Mt tedu@openbsd.org
+.Pp
+Many others contributed to various parts of the library; see the
+individual manual pages for more information.
+.Sh CAVEATS
+The function
+.Fn tls_config_error
+returns an internal pointer.
+It must not be freed by the application, or a double free error
+will occur.
+The pointer will become invalid when the next error occurs with
+.Fa config .
+Consequently, if the application may need the message at a later
+time, it has to copy the string before calling the next
+.Sy libtls
+function involving
+.Fa config ,
+or a segmentation fault or read access to unintended data is the
+likely result.
diff --git a/man/tls_load_file.3 b/man/tls_load_file.3
new file mode 100644
index 0000000..d836a04
--- /dev/null
+++ b/man/tls_load_file.3
@@ -0,0 +1,371 @@
+.\" $OpenBSD: tls_load_file.3,v 1.11 2018/11/29 14:24:23 tedu Exp $
+.\"
+.\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
+.\" Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org>
+.\" Copyright (c) 2015 Bob Beck <beck@openbsd.org>
+.\" Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: November 29 2018 $
+.Dt TLS_LOAD_FILE 3
+.Os
+.Sh NAME
+.Nm tls_load_file ,
+.Nm tls_unload_file ,
+.Nm tls_config_set_ca_file ,
+.Nm tls_config_set_ca_path ,
+.Nm tls_config_set_ca_mem ,
+.Nm tls_config_set_cert_file ,
+.Nm tls_config_set_cert_mem ,
+.Nm tls_config_set_crl_file ,
+.Nm tls_config_set_crl_mem ,
+.Nm tls_config_set_key_file ,
+.Nm tls_config_set_key_mem ,
+.Nm tls_config_set_ocsp_staple_mem ,
+.Nm tls_config_set_ocsp_staple_file ,
+.Nm tls_config_set_keypair_file ,
+.Nm tls_config_set_keypair_mem ,
+.Nm tls_config_set_keypair_ocsp_file ,
+.Nm tls_config_set_keypair_ocsp_mem ,
+.Nm tls_config_add_keypair_file ,
+.Nm tls_config_add_keypair_ocsp_mem ,
+.Nm tls_config_add_keypair_ocsp_file ,
+.Nm tls_config_add_keypair_mem ,
+.Nm tls_config_clear_keys ,
+.Nm tls_config_set_verify_depth ,
+.Nm tls_config_verify_client ,
+.Nm tls_config_verify_client_optional ,
+.Nm tls_default_ca_cert_file
+.Nd TLS certificate and key configuration
+.Sh SYNOPSIS
+.In tls.h
+.Ft uint8_t *
+.Fo tls_load_file
+.Fa "const char *file"
+.Fa "size_t *len"
+.Fa "char *password"
+.Fc
+.Ft void
+.Fo tls_unload_file
+.Fa "uint8_t *buf"
+.Fa "size_t len"
+.Fc
+.Ft int
+.Fo tls_config_set_ca_file
+.Fa "struct tls_config *config"
+.Fa "const char *ca_file"
+.Fc
+.Ft int
+.Fo tls_config_set_ca_path
+.Fa "struct tls_config *config"
+.Fa "const char *ca_path"
+.Fc
+.Ft int
+.Fo tls_config_set_ca_mem
+.Fa "struct tls_config *config"
+.Fa "const uint8_t *cert"
+.Fa "size_t len"
+.Fc
+.Ft int
+.Fo tls_config_set_cert_file
+.Fa "struct tls_config *config"
+.Fa "const char *cert_file"
+.Fc
+.Ft int
+.Fo tls_config_set_cert_mem
+.Fa "struct tls_config *config"
+.Fa "const uint8_t *cert"
+.Fa "size_t len"
+.Fc
+.Ft int
+.Fo tls_config_set_crl_file
+.Fa "struct tls_config *config"
+.Fa "const char *crl_file"
+.Fc
+.Ft int
+.Fo tls_config_set_crl_mem
+.Fa "struct tls_config *config"
+.Fa "const uint8_t *crl"
+.Fa "size_t len"
+.Fc
+.Ft int
+.Fo tls_config_set_key_file
+.Fa "struct tls_config *config"
+.Fa "const char *key_file"
+.Fc
+.Ft int
+.Fo tls_config_set_key_mem
+.Fa "struct tls_config *config"
+.Fa "const uint8_t *key"
+.Fa "size_t len"
+.Fc
+.Ft int
+.Fo tls_config_set_ocsp_staple_mem
+.Fa "struct tls_config *config"
+.Fa "const uint8_t *staple"
+.Fa "size_t len"
+.Fc
+.Ft int
+.Fo tls_config_set_ocsp_staple_file
+.Fa "struct tls_config *config"
+.Fa "const char *staple_file"
+.Fc
+.Ft int
+.Fo tls_config_set_keypair_file
+.Fa "struct tls_config *config"
+.Fa "const char *cert_file"
+.Fa "const char *key_file"
+.Fc
+.Ft int
+.Fo tls_config_set_keypair_mem
+.Fa "struct tls_config *config"
+.Fa "const uint8_t *cert"
+.Fa "size_t cert_len"
+.Fa "const uint8_t *key"
+.Fa "size_t key_len"
+.Fc
+.Ft int
+.Fo tls_config_set_keypair_ocsp_file
+.Fa "struct tls_config *config"
+.Fa "const char *cert_file"
+.Fa "const char *key_file"
+.Fa "const char *staple_file"
+.Fc
+.Ft int
+.Fo tls_config_set_keypair_ocsp_mem
+.Fa "struct tls_config *config"
+.Fa "const uint8_t *cert"
+.Fa "size_t cert_len"
+.Fa "const uint8_t *key"
+.Fa "size_t key_len"
+.Fa "const uint8_t *staple"
+.Fa "size_t staple_len"
+.Fc
+.Ft int
+.Fo tls_config_add_keypair_file
+.Fa "struct tls_config *config"
+.Fa "const char *cert_file"
+.Fa "const char *key_file"
+.Fc
+.Ft int
+.Fo tls_config_add_keypair_mem
+.Fa "struct tls_config *config"
+.Fa "const uint8_t *cert"
+.Fa "size_t cert_len"
+.Fa "const uint8_t *key"
+.Fa "size_t key_len"
+.Fc
+.Ft int
+.Fo tls_config_add_keypair_ocsp_file
+.Fa "struct tls_config *config"
+.Fa "const char *cert_file"
+.Fa "const char *key_file"
+.Fa "const char *staple_file"
+.Fc
+.Ft int
+.Fo tls_config_add_keypair_ocsp_mem
+.Fa "struct tls_config *config"
+.Fa "const uint8_t *cert"
+.Fa "size_t cert_len"
+.Fa "const uint8_t *key"
+.Fa "size_t key_len"
+.Fa "const uint8_t *staple"
+.Fa "size_t staple_len"
+.Fc
+.Ft void
+.Fn tls_config_clear_keys "struct tls_config *config"
+.Ft int
+.Fo tls_config_set_verify_depth
+.Fa "struct tls_config *config"
+.Fa "int verify_depth"
+.Fc
+.Ft void
+.Fn tls_config_verify_client "struct tls_config *config"
+.Ft void
+.Fn tls_config_verify_client_optional "struct tls_config *config"
+.Ft const char *
+.Fn tls_default_ca_cert_file "void"
+.Sh DESCRIPTION
+.Fn tls_load_file
+loads a certificate or key from disk into memory to be used with
+.Fn tls_config_set_ca_mem ,
+.Fn tls_config_set_cert_mem ,
+.Fn tls_config_set_crl_mem
+or
+.Fn tls_config_set_key_mem .
+A private key will be decrypted if the optional
+.Ar password
+argument is specified.
+.Pp
+.Fn tls_unload_file
+unloads the memory that was returned from an earlier
+.Fn tls_load_file
+call, ensuring that the memory contents is discarded.
+.Pp
+.Fn tls_default_ca_cert_file
+returns the path of the file that contains the default root certificates.
+.Pp
+.Fn tls_config_set_ca_file
+sets the filename used to load a file
+containing the root certificates.
+.Pp
+.Fn tls_config_set_ca_path
+sets the path (directory) which should be searched for root
+certificates.
+.Pp
+.Fn tls_config_set_ca_mem
+sets the root certificates directly from memory.
+.Pp
+.Fn tls_config_set_cert_file
+sets file from which the public certificate will be read.
+.Pp
+.Fn tls_config_set_cert_mem
+sets the public certificate directly from memory.
+.Pp
+.Fn tls_config_set_crl_file
+sets the filename used to load a file containing the
+Certificate Revocation List (CRL).
+.Pp
+.Fn tls_config_set_crl_mem
+sets the CRL directly from memory.
+.Pp
+.Fn tls_config_set_key_file
+sets the file from which the private key will be read.
+.Pp
+.Fn tls_config_set_key_mem
+directly sets the private key from memory.
+.Pp
+.Fn tls_config_set_ocsp_staple_file
+sets a DER-encoded OCSP response to be stapled during the TLS handshake from
+the specified file.
+.Pp
+.Fn tls_config_set_ocsp_staple_mem
+sets a DER-encoded OCSP response to be stapled during the TLS handshake from
+memory.
+.Pp
+.Fn tls_config_set_keypair_file
+sets the files from which the public certificate, and private key will be read.
+.Pp
+.Fn tls_config_set_keypair_mem
+directly sets the public certificate, and private key from memory.
+.Pp
+.Fn tls_config_set_keypair_ocsp_file
+sets the files from which the public certificate, private key, and DER-encoded
+OCSP staple will be read.
+.Pp
+.Fn tls_config_set_keypair_ocsp_mem
+directly sets the public certificate, private key, and DER-encoded OCSP staple
+from memory.
+.Pp
+.Fn tls_config_add_keypair_file
+adds an additional public certificate, and private key from the specified files,
+used as an alternative certificate for Server Name Indication (server only).
+.Pp
+.Fn tls_config_add_keypair_mem
+adds an additional public certificate, and private key from memory, used as an
+alternative certificate for Server Name Indication (server only).
+.Pp
+.Fn tls_config_add_keypair_ocsp_file
+adds an additional public certificate, private key, and DER-encoded OCSP staple
+from the specified files, used as an alternative certificate for Server Name
+Indication (server only).
+.Pp
+.Fn tls_config_add_keypair_ocsp_mem
+adds an additional public certificate, private key, and DER-encoded OCSP staple
+from memory, used as an alternative certificate for Server Name Indication
+(server only).
+.Pp
+.Fn tls_config_clear_keys
+clears any secret keys from memory.
+.Pp
+.Fn tls_config_set_verify_depth
+limits the number of intermediate certificates that will be followed during
+certificate validation.
+.Pp
+.Fn tls_config_verify_client
+enables client certificate verification, requiring the client to send
+a certificate (server only).
+.Pp
+.Fn tls_config_verify_client_optional
+enables client certificate verification, without requiring the client
+to send a certificate (server only).
+.Sh RETURN VALUES
+.Fn tls_load_file
+returns
+.Dv NULL
+on error or an out of memory condition.
+.Pp
+The other functions return 0 on success or -1 on error.
+.Sh SEE ALSO
+.Xr tls_config_ocsp_require_stapling 3 ,
+.Xr tls_config_set_protocols 3 ,
+.Xr tls_config_set_session_id 3 ,
+.Xr tls_configure 3 ,
+.Xr tls_init 3
+.Sh HISTORY
+.Fn tls_config_set_ca_file ,
+.Fn tls_config_set_ca_path ,
+.Fn tls_config_set_cert_file ,
+.Fn tls_config_set_cert_mem ,
+.Fn tls_config_set_key_file ,
+.Fn tls_config_set_key_mem ,
+and
+.Fn tls_config_set_verify_depth
+appeared in
+.Ox 5.6
+and got their final names in
+.Ox 5.7 .
+.Pp
+.Fn tls_load_file ,
+.Fn tls_config_set_ca_mem ,
+and
+.Fn tls_config_clear_keys
+appeared in
+.Ox 5.7 .
+.Pp
+.Fn tls_config_verify_client
+and
+.Fn tls_config_verify_client_optional
+appeared in
+.Ox 5.9 .
+.Pp
+.Fn tls_config_set_keypair_file
+and
+.Fn tls_config_set_keypair_mem
+appeared in
+.Ox 6.0 ,
+and
+.Fn tls_config_add_keypair_file
+and
+.Fn tls_config_add_keypair_mem
+in
+.Ox 6.1 .
+.Pp
+.Fn tls_config_set_crl_file
+and
+.Fn tls_config_set_crl_mem
+appeared in
+.Ox 6.2 .
+.Sh AUTHORS
+.An Joel Sing Aq Mt jsing@openbsd.org
+with contibutions from
+.An Ted Unangst Aq Mt tedu@openbsd.org
+and
+.An Bob Beck Aq Mt beck@openbsd.org .
+.Pp
+.Fn tls_load_file
+and
+.Fn tls_config_set_ca_mem
+were written by
+.An Reyk Floeter Aq Mt reyk@openbsd.org .
diff --git a/man/tls_ocsp_process_response.3 b/man/tls_ocsp_process_response.3
new file mode 100644
index 0000000..6e3aa4a
--- /dev/null
+++ b/man/tls_ocsp_process_response.3
@@ -0,0 +1,167 @@
+.\" $OpenBSD: tls_ocsp_process_response.3,v 1.6 2018/07/24 02:01:34 tb Exp $
+.\"
+.\" Copyright (c) 2016 Bob Beck <beck@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: July 24 2018 $
+.Dt TLS_OCSP_PROCESS_RESPONSE 3
+.Os
+.Sh NAME
+.Nm tls_ocsp_process_response ,
+.Nm tls_peer_ocsp_url ,
+.Nm tls_peer_ocsp_response_status ,
+.Nm tls_peer_ocsp_cert_status ,
+.Nm tls_peer_ocsp_crl_reason ,
+.Nm tls_peer_ocsp_result ,
+.Nm tls_peer_ocsp_revocation_time ,
+.Nm tls_peer_ocsp_this_update ,
+.Nm tls_peer_ocsp_next_update
+.Nd inspect an OCSP response
+.Sh SYNOPSIS
+.In tls.h
+.Ft int
+.Fo tls_ocsp_process_response
+.Fa "struct tls *ctx"
+.Fa "const unsigned char *response"
+.Fa "size_t size"
+.Fc
+.Ft const char *
+.Fn tls_peer_ocsp_url "struct tls *ctx"
+.Ft int
+.Fn tls_peer_ocsp_response_status "struct tls *ctx"
+.Ft int
+.Fn tls_peer_ocsp_cert_status "struct tls *ctx"
+.Ft int
+.Fn tls_peer_ocsp_crl_reason "struct tls *ctx"
+.Ft const char *
+.Fn tls_peer_ocsp_result "struct tls *ctx"
+.Ft time_t
+.Fn tls_peer_ocsp_revocation_time "struct tls *ctx"
+.Ft time_t
+.Fn tls_peer_ocsp_this_update "struct tls *ctx"
+.Ft time_t
+.Fn tls_peer_ocsp_next_update "struct tls *ctx"
+.Sh DESCRIPTION
+.Fn tls_ocsp_process_response
+processes a raw OCSP response in
+.Ar response
+of size
+.Ar size
+to check the revocation status of the peer certificate from
+.Ar ctx .
+A successful return code of 0 indicates that the certificate
+has not been revoked.
+.Pp
+.Fn tls_peer_ocsp_url
+returns the URL for OCSP validation of the peer certificate from
+.Ar ctx .
+.Pp
+The following functions return information about the peer certificate from
+.Ar ctx
+that was obtained by validating a stapled OCSP response during the handshake,
+or via a previous call to
+.Fn tls_ocsp_process_response .
+.Pp
+.Fn tls_peer_ocsp_response_status
+returns the OCSP response status as per RFC 6960 section 2.3.
+.Pp
+.Fn tls_peer_ocsp_cert_status
+returns the OCSP certificate status code as per RFC 6960 section 2.2.
+.Pp
+.Fn tls_peer_ocsp_crl_reason
+returns the OCSP certificate revocation reason status code as per RFC 5280
+section 5.3.1.
+.Pp
+.Fn tls_peer_ocsp_result
+returns a textual representation of the OCSP status code
+returned by one of the previous three functions.
+If the OCSP response was valid and the certificate was not
+revoked, the string indicates the OCSP certificate status.
+Otherwise, the string indicates
+the OCSP certificate revocation reason or the OCSP error.
+.Pp
+.Fn tls_peer_ocsp_revocation_time
+returns the OCSP revocation time.
+.Pp
+.Fn tls_peer_ocsp_this_update
+returns the OCSP this update time.
+.Pp
+.Fn tls_peer_ocsp_next_update
+returns the OCSP next update time.
+.Sh RETURN VALUES
+.Fn tls_ocsp_process_response
+returns 0 on success or -1 on error.
+.Pp
+.Fn tls_peer_ocsp_url
+and
+.Fn tls_peer_ocsp_result
+return
+.Dv NULL
+on error or an out of memory condition.
+.Pp
+The
+.Fn tls_peer_ocsp_response_status
+function returns one of
+.Dv TLS_OCSP_RESPONSE_SUCCESSFUL ,
+.Dv TLS_OCSP_RESPONSE_MALFORMED ,
+.Dv TLS_OCSP_RESPONSE_INTERNALERROR ,
+.Dv TLS_OCSP_RESPONSE_TRYLATER ,
+.Dv TLS_OCSP_RESPONSE_SIGREQUIRED ,
+or
+.Dv TLS_OCSP_RESPONSE_UNAUTHORIZED
+on success or -1 on error.
+.Pp
+The
+.Fn tls_peer_ocsp_cert_status
+function returns one of
+.Dv TLS_OCSP_CERT_GOOD ,
+.Dv TLS_OCSP_CERT_REVOKED ,
+or
+.Dv TLS_OCSP_CERT_UNKNOWN
+on success, and -1 on error.
+.Pp
+The
+.Fn tls_peer_ocsp_crl_reason
+function returns one of
+.Dv TLS_CRL_REASON_UNSPECIFIED ,
+.Dv TLS_CRL_REASON_KEY_COMPROMISE ,
+.Dv TLS_CRL_REASON_CA_COMPROMISE ,
+.Dv TLS_CRL_REASON_AFFILIATION_CHANGED ,
+.Dv TLS_CRL_REASON_SUPERSEDED ,
+.Dv TLS_CRL_REASON_CESSATION_OF_OPERATION ,
+.Dv TLS_CRL_REASON_CERTIFICATE_HOLD ,
+.Dv TLS_CRL_REASON_REMOVE_FROM_CRL ,
+.Dv TLS_CRL_REASON_PRIVILEGE_WITHDRAWN ,
+or
+.Dv  TLS_CRL_REASON_AA_COMPROMISE
+on success or -1 on error.
+.Pp
+.Fn tls_peer_ocsp_revocation_time ,
+.Fn tls_peer_ocsp_this_update ,
+and
+.Fn tls_peer_ocsp_next_update
+return a time in epoch-seconds on success or -1 on error.
+.Sh SEE ALSO
+.Xr tls_client 3 ,
+.Xr tls_config_ocsp_require_stapling 3 ,
+.Xr tls_conn_version 3 ,
+.Xr tls_connect 3 ,
+.Xr tls_handshake 3 ,
+.Xr tls_init 3
+.Sh HISTORY
+These functions appeared in
+.Ox 6.1 .
+.Sh AUTHORS
+.An Bob Beck Aq Mt beck@openbsd.org
+.An Marko Kreen Aq Mt markokr@gmail.com
diff --git a/man/tls_read.3 b/man/tls_read.3
new file mode 100644
index 0000000..d928975
--- /dev/null
+++ b/man/tls_read.3
@@ -0,0 +1,245 @@
+.\" $OpenBSD: tls_read.3,v 1.7 2019/07/09 17:58:33 jsing Exp $
+.\"
+.\" Copyright (c) 2014, 2015 Ted Unangst <tedu@openbsd.org>
+.\" Copyright (c) 2015 Doug Hogan <doug@openbsd.org>
+.\" Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
+.\" Copyright (c) 2015 Bob Beck <beck@openbsd.org>
+.\" Copyright (c) 2017 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: July 9 2019 $
+.Dt TLS_READ 3
+.Os
+.Sh NAME
+.Nm tls_read ,
+.Nm tls_write ,
+.Nm tls_handshake ,
+.Nm tls_error ,
+.Nm tls_close ,
+.Nm tls_reset
+.Nd use a TLS connection
+.Sh SYNOPSIS
+.In tls.h
+.Ft ssize_t
+.Fo tls_read
+.Fa "struct tls *ctx"
+.Fa "void *buf"
+.Fa "size_t buflen"
+.Fc
+.Ft ssize_t
+.Fo tls_write
+.Fa "struct tls *ctx"
+.Fa "const void *buf"
+.Fa "size_t buflen"
+.Fc
+.Ft int
+.Fn tls_handshake "struct tls *ctx"
+.Ft const char *
+.Fn tls_error "struct tls *ctx"
+.Ft int
+.Fn tls_close "struct tls *ctx"
+.Ft void
+.Fn tls_reset "struct tls *ctx"
+.Sh DESCRIPTION
+.Fn tls_read
+reads
+.Fa buflen
+bytes of data from the socket into
+.Fa buf .
+It returns the amount of data read.
+.Pp
+.Fn tls_write
+writes
+.Fa buflen
+bytes of data from
+.Fa buf
+to the socket.
+It returns the amount of data written.
+.Pp
+.Fn tls_handshake
+explicitly performs the TLS handshake.
+It is only necessary to call this function if you need to guarantee that the
+handshake has completed, as both
+.Fn tls_read
+and
+.Fn tls_write
+automatically perform the TLS handshake when necessary.
+.Pp
+The
+.Fn tls_error
+function may be used to retrieve a string containing more information
+about the most recent error relating to a context.
+.Pp
+.Fn tls_close
+closes a connection after use.
+Only the TLS layer will be shut down and the caller is responsible for closing
+the file descriptors, unless the connection was established using
+.Xr tls_connect 3
+or
+.Xr tls_connect_servername 3 .
+After closing the connection,
+.Fa ctx
+can be passed to
+.Xr tls_free 3 .
+.\" XXX Fn tls_reset does what?
+.Sh RETURN VALUES
+.Fn tls_read
+and
+.Fn tls_write
+return a size on success or -1 on error.
+.Pp
+.Fn tls_handshake
+and
+.Fn tls_close
+return 0 on success or -1 on error.
+.Pp
+The
+.Fn tls_read ,
+.Fn tls_write ,
+.Fn tls_handshake ,
+and
+.Fn tls_close
+functions also have two special return values:
+.Pp
+.Bl -tag -width "TLS_WANT_POLLOUT" -offset indent -compact
+.It Dv TLS_WANT_POLLIN
+The underlying read file descriptor needs to be readable in order to continue.
+.It Dv TLS_WANT_POLLOUT
+The underlying write file descriptor needs to be writeable in order to continue.
+.El
+.Pp
+In the case of blocking file descriptors, the same function call should be
+repeated immediately.
+In the case of non-blocking file descriptors, the same function call should be
+repeated when the required condition has been met.
+.Pp
+Callers of these functions cannot rely on the value of the global
+.Ar errno .
+To prevent mishandling of error conditions,
+.Fn tls_read ,
+.Fn tls_write ,
+.Fn tls_handshake ,
+and
+.Fn tls_close
+all explicitly clear
+.Ar errno .
+.Pp
+.Fn tls_error
+returns
+.Dv NULL
+if no error occurred with
+.Fa ctx
+during or since the last call to
+.Fn tls_handshake ,
+.Fn tls_read ,
+.Fn tls_write ,
+.Fn tls_close ,
+or
+.Fn tls_reset
+involving
+.Fa ctx ,
+or if memory allocation failed while trying to assemble the string
+describing the most recent error related to
+.Fa ctx .
+.Sh EXAMPLES
+The following example demonstrates how to handle TLS writes on a blocking
+file descriptor:
+.Bd -literal -offset indent
+\&...
+while (len > 0) {
+	ssize_t ret;
+
+	ret = tls_write(ctx, buf, len);
+	if (ret == TLS_WANT_POLLIN || ret == TLS_WANT_POLLOUT)
+		continue;
+	if (ret == -1)
+		errx(1, "tls_write: %s", tls_error(ctx));
+	buf += ret;
+	len -= ret;
+}
+\&...
+.Ed
+.Pp
+The following example demonstrates how to handle TLS writes on a
+non-blocking file descriptor using
+.Xr poll 2 :
+.Bd -literal -offset indent
+\&...
+pfd[0].fd = fd;
+pfd[0].events = POLLIN|POLLOUT;
+while (len > 0) {
+	nready = poll(pfd, 1, 0);
+	if (nready == -1)
+		err(1, "poll");
+	if ((pfd[0].revents & (POLLERR|POLLNVAL)))
+		errx(1, "bad fd %d", pfd[0].fd);
+	if ((pfd[0].revents & (pfd[0].events|POLLHUP))) {
+		ssize_t ret;
+
+		ret = tls_write(ctx, buf, len);
+		if (ret == TLS_WANT_POLLIN)
+			pfd[0].events = POLLIN;
+		else if (ret == TLS_WANT_POLLOUT)
+			pfd[0].events = POLLOUT;
+		else if (ret == -1)
+			errx(1, "tls_write: %s", tls_error(ctx));
+		else {
+			buf += ret;
+			len -= ret;
+		}
+	}
+}
+\&...
+.Ed
+.Sh SEE ALSO
+.Xr tls_accept_socket 3 ,
+.Xr tls_configure 3 ,
+.Xr tls_conn_version 3 ,
+.Xr tls_connect 3 ,
+.Xr tls_init 3 ,
+.Xr tls_ocsp_process_response 3
+.Sh HISTORY
+.Fn tls_read ,
+.Fn tls_write ,
+.Fn tls_error ,
+.Fn tls_close ,
+and
+.Fn tls_reset
+appeared in
+.Ox 5.6
+and got their final names in
+.Ox 5.7 .
+.Pp
+.Fn tls_handshake
+appeared in
+.Ox 5.9 .
+.Sh AUTHORS
+.An Joel Sing Aq Mt jsing@openbsd.org
+with contributions from
+.An Bob Beck Aq Mt beck@openbsd.org
+.Sh CAVEATS
+The function
+.Fn tls_error
+returns an internal pointer.
+It must not be freed by the application, or a double free error
+will occur.
+The pointer will become invalid when the next error occurs with
+.Fa ctx .
+Consequently, if the application may need the message at a later
+time, it has to copy the string before calling the next
+.Sy libtls
+function involving
+.Fa ctx ,
+or a segmentation fault or read access to unintended data is the
+likely result.
diff --git a/tls.c b/tls.c
new file mode 100644
index 0000000..3d6723b
--- /dev/null
+++ b/tls.c
@@ -0,0 +1,828 @@
+/* $OpenBSD: tls.c,v 1.85 2020/05/24 15:12:54 jsing Exp $ */
+/*
+ * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <sys/socket.h>
+
+#include <errno.h>
+#include <limits.h>
+#include <pthread.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/pem.h>
+#include <openssl/safestack.h>
+#include <openssl/ssl.h>
+#include <openssl/x509.h>
+
+#include <tls.h>
+#include "tls_internal.h"
+
+static struct tls_config *tls_config_default;
+
+static int tls_init_rv = -1;
+
+static void
+tls_do_init(void)
+{
+	OPENSSL_init_ssl(OPENSSL_INIT_NO_LOAD_CONFIG, NULL);
+
+	if (BIO_sock_init() != 1)
+		return;
+
+	if ((tls_config_default = tls_config_new_internal()) == NULL)
+		return;
+
+	tls_config_default->refcount++;
+
+	tls_init_rv = 0;
+}
+
+int
+tls_init(void)
+{
+	static pthread_once_t once = PTHREAD_ONCE_INIT;
+
+	if (pthread_once(&once, tls_do_init) != 0)
+		return -1;
+
+	return tls_init_rv;
+}
+
+const char *
+tls_error(struct tls *ctx)
+{
+	return ctx->error.msg;
+}
+
+void
+tls_error_clear(struct tls_error *error)
+{
+	free(error->msg);
+	error->msg = NULL;
+	error->num = 0;
+	error->tls = 0;
+}
+
+static int
+tls_error_vset(struct tls_error *error, int errnum, const char *fmt, va_list ap)
+{
+	char *errmsg = NULL;
+	int rv = -1;
+
+	tls_error_clear(error);
+
+	error->num = errnum;
+	error->tls = 1;
+
+	if (vasprintf(&errmsg, fmt, ap) == -1) {
+		errmsg = NULL;
+		goto err;
+	}
+
+	if (errnum == -1) {
+		error->msg = errmsg;
+		return (0);
+	}
+
+	if (asprintf(&error->msg, "%s: %s", errmsg, strerror(errnum)) == -1) {
+		error->msg = NULL;
+		goto err;
+	}
+	rv = 0;
+
+ err:
+	free(errmsg);
+
+	return (rv);
+}
+
+int
+tls_error_set(struct tls_error *error, const char *fmt, ...)
+{
+	va_list ap;
+	int errnum, rv;
+
+	errnum = errno;
+
+	va_start(ap, fmt);
+	rv = tls_error_vset(error, errnum, fmt, ap);
+	va_end(ap);
+
+	return (rv);
+}
+
+int
+tls_error_setx(struct tls_error *error, const char *fmt, ...)
+{
+	va_list ap;
+	int rv;
+
+	va_start(ap, fmt);
+	rv = tls_error_vset(error, -1, fmt, ap);
+	va_end(ap);
+
+	return (rv);
+}
+
+int
+tls_config_set_error(struct tls_config *config, const char *fmt, ...)
+{
+	va_list ap;
+	int errnum, rv;
+
+	errnum = errno;
+
+	va_start(ap, fmt);
+	rv = tls_error_vset(&config->error, errnum, fmt, ap);
+	va_end(ap);
+
+	return (rv);
+}
+
+int
+tls_config_set_errorx(struct tls_config *config, const char *fmt, ...)
+{
+	va_list ap;
+	int rv;
+
+	va_start(ap, fmt);
+	rv = tls_error_vset(&config->error, -1, fmt, ap);
+	va_end(ap);
+
+	return (rv);
+}
+
+int
+tls_set_error(struct tls *ctx, const char *fmt, ...)
+{
+	va_list ap;
+	int errnum, rv;
+
+	errnum = errno;
+
+	va_start(ap, fmt);
+	rv = tls_error_vset(&ctx->error, errnum, fmt, ap);
+	va_end(ap);
+
+	return (rv);
+}
+
+int
+tls_set_errorx(struct tls *ctx, const char *fmt, ...)
+{
+	va_list ap;
+	int rv;
+
+	va_start(ap, fmt);
+	rv = tls_error_vset(&ctx->error, -1, fmt, ap);
+	va_end(ap);
+
+	return (rv);
+}
+
+int
+tls_set_ssl_errorx(struct tls *ctx, const char *fmt, ...)
+{
+	va_list ap;
+	int rv;
+
+	/* Only set an error if a more specific one does not already exist. */
+	if (ctx->error.tls != 0)
+		return (0);
+
+	va_start(ap, fmt);
+	rv = tls_error_vset(&ctx->error, -1, fmt, ap);
+	va_end(ap);
+
+	return (rv);
+}
+
+struct tls_sni_ctx *
+tls_sni_ctx_new(void)
+{
+	return (calloc(1, sizeof(struct tls_sni_ctx)));
+}
+
+void
+tls_sni_ctx_free(struct tls_sni_ctx *sni_ctx)
+{
+	if (sni_ctx == NULL)
+		return;
+
+	SSL_CTX_free(sni_ctx->ssl_ctx);
+	X509_free(sni_ctx->ssl_cert);
+
+	free(sni_ctx);
+}
+
+struct tls *
+tls_new(void)
+{
+	struct tls *ctx;
+
+	if ((ctx = calloc(1, sizeof(*ctx))) == NULL)
+		return (NULL);
+
+	tls_reset(ctx);
+
+	if (tls_configure(ctx, tls_config_default) == -1) {
+		free(ctx);
+		return NULL;
+	}
+
+	return (ctx);
+}
+
+int
+tls_configure(struct tls *ctx, struct tls_config *config)
+{
+	if (config == NULL)
+		config = tls_config_default;
+
+	pthread_mutex_lock(&config->mutex);
+	config->refcount++;
+	pthread_mutex_unlock(&config->mutex);
+
+	tls_config_free(ctx->config);
+
+	ctx->config = config;
+	ctx->keypair = config->keypair;
+
+	if ((ctx->flags & TLS_SERVER) != 0)
+		return (tls_configure_server(ctx));
+
+	return (0);
+}
+
+int
+tls_cert_hash(X509 *cert, char **hash)
+{
+	char d[EVP_MAX_MD_SIZE], *dhex = NULL;
+	int dlen, rv = -1;
+
+	free(*hash);
+	*hash = NULL;
+
+	if (X509_digest(cert, EVP_sha256(), d, &dlen) != 1)
+		goto err;
+
+	if (tls_hex_string(d, dlen, &dhex, NULL) != 0)
+		goto err;
+
+	if (asprintf(hash, "SHA256:%s", dhex) == -1) {
+		*hash = NULL;
+		goto err;
+	}
+
+	rv = 0;
+ err:
+	free(dhex);
+
+	return (rv);
+}
+
+int
+tls_cert_pubkey_hash(X509 *cert, char **hash)
+{
+	char d[EVP_MAX_MD_SIZE], *dhex = NULL;
+	int dlen, rv = -1;
+
+	free(*hash);
+	*hash = NULL;
+
+	if (X509_pubkey_digest(cert, EVP_sha256(), d, &dlen) != 1)
+		goto err;
+
+	if (tls_hex_string(d, dlen, &dhex, NULL) != 0)
+		goto err;
+
+	if (asprintf(hash, "SHA256:%s", dhex) == -1) {
+		*hash = NULL;
+		goto err;
+	}
+
+	rv = 0;
+
+ err:
+	free(dhex);
+
+	return (rv);
+}
+
+int
+tls_configure_ssl_keypair(struct tls *ctx, SSL_CTX *ssl_ctx,
+    struct tls_keypair *keypair, int required)
+{
+	EVP_PKEY *pkey = NULL;
+	BIO *bio = NULL;
+
+	if (!required &&
+	    keypair->cert_mem == NULL &&
+	    keypair->key_mem == NULL)
+		return(0);
+
+	if (keypair->cert_mem != NULL) {
+		if (keypair->cert_len > INT_MAX) {
+			tls_set_errorx(ctx, "certificate too long");
+			goto err;
+		}
+
+		if (SSL_CTX_use_certificate_chain_mem(ssl_ctx,
+		    keypair->cert_mem, keypair->cert_len) != 1) {
+			tls_set_errorx(ctx, "failed to load certificate");
+			goto err;
+		}
+	}
+
+	if (keypair->key_mem != NULL) {
+		if (keypair->key_len > INT_MAX) {
+			tls_set_errorx(ctx, "key too long");
+			goto err;
+		}
+
+		if ((bio = BIO_new_mem_buf(keypair->key_mem,
+		    keypair->key_len)) == NULL) {
+			tls_set_errorx(ctx, "failed to create buffer");
+			goto err;
+		}
+		if ((pkey = PEM_read_bio_PrivateKey(bio, NULL, tls_password_cb,
+		    NULL)) == NULL) {
+			tls_set_errorx(ctx, "failed to read private key");
+			goto err;
+		}
+
+		if (keypair->pubkey_hash != NULL) {
+			RSA *rsa;
+			/* XXX only RSA for now for relayd privsep */
+			if ((rsa = EVP_PKEY_get1_RSA(pkey)) != NULL) {
+				RSA_set_ex_data(rsa, 0, keypair->pubkey_hash);
+				RSA_free(rsa);
+			}
+		}
+
+		if (SSL_CTX_use_PrivateKey(ssl_ctx, pkey) != 1) {
+			tls_set_errorx(ctx, "failed to load private key");
+			goto err;
+		}
+		BIO_free(bio);
+		bio = NULL;
+		EVP_PKEY_free(pkey);
+		pkey = NULL;
+	}
+
+	if (!ctx->config->skip_private_key_check &&
+	    SSL_CTX_check_private_key(ssl_ctx) != 1) {
+		tls_set_errorx(ctx, "private/public key mismatch");
+		goto err;
+	}
+
+	return (0);
+
+ err:
+	EVP_PKEY_free(pkey);
+	BIO_free(bio);
+
+	return (1);
+}
+
+int
+tls_configure_ssl(struct tls *ctx, SSL_CTX *ssl_ctx)
+{
+	SSL_CTX_clear_mode(ssl_ctx, SSL_MODE_AUTO_RETRY);
+
+	SSL_CTX_set_mode(ssl_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
+	SSL_CTX_set_mode(ssl_ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
+
+	SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2);
+	SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv3);
+
+	SSL_CTX_clear_options(ssl_ctx, SSL_OP_NO_TLSv1);
+	SSL_CTX_clear_options(ssl_ctx, SSL_OP_NO_TLSv1_1);
+	SSL_CTX_clear_options(ssl_ctx, SSL_OP_NO_TLSv1_2);
+	SSL_CTX_clear_options(ssl_ctx, SSL_OP_NO_TLSv1_3);
+
+	if ((ctx->config->protocols & TLS_PROTOCOL_TLSv1_0) == 0)
+		SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1);
+	if ((ctx->config->protocols & TLS_PROTOCOL_TLSv1_1) == 0)
+		SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_1);
+	if ((ctx->config->protocols & TLS_PROTOCOL_TLSv1_2) == 0)
+		SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_2);
+	if ((ctx->config->protocols & TLS_PROTOCOL_TLSv1_3) == 0)
+		SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_3);
+
+	if (ctx->config->alpn != NULL) {
+		if (SSL_CTX_set_alpn_protos(ssl_ctx, ctx->config->alpn,
+		    ctx->config->alpn_len) != 0) {
+			tls_set_errorx(ctx, "failed to set alpn");
+			goto err;
+		}
+	}
+
+	if (ctx->config->ciphers != NULL) {
+		if (SSL_CTX_set_cipher_list(ssl_ctx,
+		    ctx->config->ciphers) != 1) {
+			tls_set_errorx(ctx, "failed to set ciphers");
+			goto err;
+		}
+	}
+
+	if (ctx->config->verify_time == 0) {
+		X509_VERIFY_PARAM_set_flags(ssl_ctx->param,
+		    X509_V_FLAG_NO_CHECK_TIME);
+	}
+
+	/* Disable any form of session caching by default */
+	SSL_CTX_set_session_cache_mode(ssl_ctx, SSL_SESS_CACHE_OFF);
+	SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TICKET);
+
+	return (0);
+
+ err:
+	return (-1);
+}
+
+static int
+tls_ssl_cert_verify_cb(X509_STORE_CTX *x509_ctx, void *arg)
+{
+	struct tls *ctx = arg;
+	int x509_err;
+
+	if (ctx->config->verify_cert == 0)
+		return (1);
+
+	if ((X509_verify_cert(x509_ctx)) < 0) {
+		tls_set_errorx(ctx, "X509 verify cert failed");
+		return (0);
+	}
+
+	x509_err = X509_STORE_CTX_get_error(x509_ctx);
+	if (x509_err == X509_V_OK)
+		return (1);
+
+	tls_set_errorx(ctx, "certificate verification failed: %s",
+	    X509_verify_cert_error_string(x509_err));
+
+	return (0);
+}
+
+int
+tls_configure_ssl_verify(struct tls *ctx, SSL_CTX *ssl_ctx, int verify)
+{
+	size_t ca_len = ctx->config->ca_len;
+	char *ca_mem = ctx->config->ca_mem;
+	char *crl_mem = ctx->config->crl_mem;
+	size_t crl_len = ctx->config->crl_len;
+	char *ca_free = NULL;
+	STACK_OF(X509_INFO) *xis = NULL;
+	X509_STORE *store;
+	X509_INFO *xi;
+	BIO *bio = NULL;
+	int rv = -1;
+	int i;
+
+	SSL_CTX_set_verify(ssl_ctx, verify, NULL);
+	SSL_CTX_set_cert_verify_callback(ssl_ctx, tls_ssl_cert_verify_cb, ctx);
+
+	if (ctx->config->verify_depth >= 0)
+		SSL_CTX_set_verify_depth(ssl_ctx, ctx->config->verify_depth);
+
+	if (ctx->config->verify_cert == 0)
+		goto done;
+
+	/* If no CA has been specified, attempt to load the default. */
+	if (ctx->config->ca_mem == NULL && ctx->config->ca_path == NULL) {
+		if (tls_config_load_file(&ctx->error, "CA", tls_default_ca_cert_file(),
+		    &ca_mem, &ca_len) != 0)
+			goto err;
+		ca_free = ca_mem;
+	}
+
+	if (ca_mem != NULL) {
+		if (ca_len > INT_MAX) {
+			tls_set_errorx(ctx, "ca too long");
+			goto err;
+		}
+		if (SSL_CTX_load_verify_mem(ssl_ctx, ca_mem, ca_len) != 1) {
+			tls_set_errorx(ctx, "ssl verify memory setup failure");
+			goto err;
+		}
+	} else if (SSL_CTX_load_verify_locations(ssl_ctx, NULL,
+	    ctx->config->ca_path) != 1) {
+		tls_set_errorx(ctx, "ssl verify locations failure");
+		goto err;
+	}
+
+	if (crl_mem != NULL) {
+		if (crl_len > INT_MAX) {
+			tls_set_errorx(ctx, "crl too long");
+			goto err;
+		}
+		if ((bio = BIO_new_mem_buf(crl_mem, crl_len)) == NULL) {
+			tls_set_errorx(ctx, "failed to create buffer");
+			goto err;
+		}
+		if ((xis = PEM_X509_INFO_read_bio(bio, NULL, tls_password_cb,
+		    NULL)) == NULL) {
+			tls_set_errorx(ctx, "failed to parse crl");
+			goto err;
+		}
+		store = SSL_CTX_get_cert_store(ssl_ctx);
+		for (i = 0; i < sk_X509_INFO_num(xis); i++) {
+			xi = sk_X509_INFO_value(xis, i);
+			if (xi->crl == NULL)
+				continue;
+			if (!X509_STORE_add_crl(store, xi->crl)) {
+				tls_set_error(ctx, "failed to add crl");
+				goto err;
+			}
+			xi->crl = NULL;
+		}
+		X509_VERIFY_PARAM_set_flags(store->param,
+		    X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
+	}
+
+ done:
+	rv = 0;
+
+ err:
+	sk_X509_INFO_pop_free(xis, X509_INFO_free);
+	BIO_free(bio);
+	free(ca_free);
+
+	return (rv);
+}
+
+void
+tls_free(struct tls *ctx)
+{
+	if (ctx == NULL)
+		return;
+
+	tls_reset(ctx);
+
+	free(ctx);
+}
+
+void
+tls_reset(struct tls *ctx)
+{
+	struct tls_sni_ctx *sni, *nsni;
+
+	tls_config_free(ctx->config);
+	ctx->config = NULL;
+
+	SSL_CTX_free(ctx->ssl_ctx);
+	SSL_free(ctx->ssl_conn);
+	X509_free(ctx->ssl_peer_cert);
+
+	ctx->ssl_conn = NULL;
+	ctx->ssl_ctx = NULL;
+	ctx->ssl_peer_cert = NULL;
+	/* X509 objects in chain are freed with the SSL */
+	ctx->ssl_peer_chain = NULL;
+
+	ctx->socket = -1;
+	ctx->state = 0;
+
+	free(ctx->servername);
+	ctx->servername = NULL;
+
+	free(ctx->error.msg);
+	ctx->error.msg = NULL;
+	ctx->error.num = -1;
+
+	tls_conninfo_free(ctx->conninfo);
+	ctx->conninfo = NULL;
+
+	tls_ocsp_free(ctx->ocsp);
+	ctx->ocsp = NULL;
+
+	for (sni = ctx->sni_ctx; sni != NULL; sni = nsni) {
+		nsni = sni->next;
+		tls_sni_ctx_free(sni);
+	}
+	ctx->sni_ctx = NULL;
+
+	ctx->read_cb = NULL;
+	ctx->write_cb = NULL;
+	ctx->cb_arg = NULL;
+}
+
+int
+tls_ssl_error(struct tls *ctx, SSL *ssl_conn, int ssl_ret, const char *prefix)
+{
+	const char *errstr = "unknown error";
+	unsigned long err;
+	int ssl_err;
+
+	ssl_err = SSL_get_error(ssl_conn, ssl_ret);
+	switch (ssl_err) {
+	case SSL_ERROR_NONE:
+	case SSL_ERROR_ZERO_RETURN:
+		return (0);
+
+	case SSL_ERROR_WANT_READ:
+		return (TLS_WANT_POLLIN);
+
+	case SSL_ERROR_WANT_WRITE:
+		return (TLS_WANT_POLLOUT);
+
+	case SSL_ERROR_SYSCALL:
+		if ((err = ERR_peek_error()) != 0) {
+			errstr = ERR_error_string(err, NULL);
+		} else if (ssl_ret == 0) {
+			if ((ctx->state & TLS_HANDSHAKE_COMPLETE) != 0) {
+				ctx->state |= TLS_EOF_NO_CLOSE_NOTIFY;
+				return (0);
+			}
+			errstr = "unexpected EOF";
+		} else if (ssl_ret == -1) {
+			errstr = strerror(errno);
+		}
+		tls_set_ssl_errorx(ctx, "%s failed: %s", prefix, errstr);
+		return (-1);
+
+	case SSL_ERROR_SSL:
+		if ((err = ERR_peek_error()) != 0) {
+			errstr = ERR_error_string(err, NULL);
+		}
+		tls_set_ssl_errorx(ctx, "%s failed: %s", prefix, errstr);
+		return (-1);
+
+	case SSL_ERROR_WANT_CONNECT:
+	case SSL_ERROR_WANT_ACCEPT:
+	case SSL_ERROR_WANT_X509_LOOKUP:
+	default:
+		tls_set_ssl_errorx(ctx, "%s failed (%i)", prefix, ssl_err);
+		return (-1);
+	}
+}
+
+int
+tls_handshake(struct tls *ctx)
+{
+	int rv = -1;
+
+	tls_error_clear(&ctx->error);
+
+	if ((ctx->flags & (TLS_CLIENT | TLS_SERVER_CONN)) == 0) {
+		tls_set_errorx(ctx, "invalid operation for context");
+		goto out;
+	}
+
+	if ((ctx->state & TLS_HANDSHAKE_COMPLETE) != 0) {
+		tls_set_errorx(ctx, "handshake already completed");
+		goto out;
+	}
+
+	if ((ctx->flags & TLS_CLIENT) != 0)
+		rv = tls_handshake_client(ctx);
+	else if ((ctx->flags & TLS_SERVER_CONN) != 0)
+		rv = tls_handshake_server(ctx);
+
+	if (rv == 0) {
+		ctx->ssl_peer_cert = SSL_get_peer_certificate(ctx->ssl_conn);
+		ctx->ssl_peer_chain = SSL_get_peer_cert_chain(ctx->ssl_conn);
+		if (tls_conninfo_populate(ctx) == -1)
+			rv = -1;
+		if (ctx->ocsp == NULL)
+			ctx->ocsp = tls_ocsp_setup_from_peer(ctx);
+	}
+ out:
+	/* Prevent callers from performing incorrect error handling */
+	errno = 0;
+	return (rv);
+}
+
+ssize_t
+tls_read(struct tls *ctx, void *buf, size_t buflen)
+{
+	ssize_t rv = -1;
+	int ssl_ret;
+
+	tls_error_clear(&ctx->error);
+
+	if ((ctx->state & TLS_HANDSHAKE_COMPLETE) == 0) {
+		if ((rv = tls_handshake(ctx)) != 0)
+			goto out;
+	}
+
+	if (buflen > INT_MAX) {
+		tls_set_errorx(ctx, "buflen too long");
+		goto out;
+	}
+
+	ERR_clear_error();
+	if ((ssl_ret = SSL_read(ctx->ssl_conn, buf, buflen)) > 0) {
+		rv = (ssize_t)ssl_ret;
+		goto out;
+	}
+	rv = (ssize_t)tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "read");
+
+ out:
+	/* Prevent callers from performing incorrect error handling */
+	errno = 0;
+	return (rv);
+}
+
+ssize_t
+tls_write(struct tls *ctx, const void *buf, size_t buflen)
+{
+	ssize_t rv = -1;
+	int ssl_ret;
+
+	tls_error_clear(&ctx->error);
+
+	if ((ctx->state & TLS_HANDSHAKE_COMPLETE) == 0) {
+		if ((rv = tls_handshake(ctx)) != 0)
+			goto out;
+	}
+
+	if (buflen > INT_MAX) {
+		tls_set_errorx(ctx, "buflen too long");
+		goto out;
+	}
+
+	ERR_clear_error();
+	if ((ssl_ret = SSL_write(ctx->ssl_conn, buf, buflen)) > 0) {
+		rv = (ssize_t)ssl_ret;
+		goto out;
+	}
+	rv = (ssize_t)tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "write");
+
+ out:
+	/* Prevent callers from performing incorrect error handling */
+	errno = 0;
+	return (rv);
+}
+
+int
+tls_close(struct tls *ctx)
+{
+	int ssl_ret;
+	int rv = 0;
+
+	tls_error_clear(&ctx->error);
+
+	if ((ctx->flags & (TLS_CLIENT | TLS_SERVER_CONN)) == 0) {
+		tls_set_errorx(ctx, "invalid operation for context");
+		rv = -1;
+		goto out;
+	}
+
+	if (ctx->state & TLS_SSL_NEEDS_SHUTDOWN) {
+		ERR_clear_error();
+		ssl_ret = SSL_shutdown(ctx->ssl_conn);
+		if (ssl_ret < 0) {
+			rv = tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret,
+			    "shutdown");
+			if (rv == TLS_WANT_POLLIN || rv == TLS_WANT_POLLOUT)
+				goto out;
+		}
+		ctx->state &= ~TLS_SSL_NEEDS_SHUTDOWN;
+	}
+
+	if (ctx->socket != -1) {
+		if (shutdown(ctx->socket, SHUT_RDWR) != 0) {
+			if (rv == 0 &&
+			    errno != ENOTCONN && errno != ECONNRESET) {
+				tls_set_error(ctx, "shutdown");
+				rv = -1;
+			}
+		}
+		if (close(ctx->socket) != 0) {
+			if (rv == 0) {
+				tls_set_error(ctx, "close");
+				rv = -1;
+			}
+		}
+		ctx->socket = -1;
+	}
+
+	if ((ctx->state & TLS_EOF_NO_CLOSE_NOTIFY) != 0) {
+		tls_set_errorx(ctx, "EOF without close notify");
+		rv = -1;
+	}
+
+ out:
+	/* Prevent callers from performing incorrect error handling */
+	errno = 0;
+	return (rv);
+}
diff --git a/tls.sym b/tls.sym
new file mode 100644
index 0000000..e3fcb67
--- /dev/null
+++ b/tls.sym
@@ -0,0 +1,90 @@
+tls_accept_cbs
+tls_accept_fds
+tls_accept_socket
+tls_client
+tls_close
+tls_config_add_keypair_file
+tls_config_add_keypair_mem
+tls_config_add_keypair_ocsp_file
+tls_config_add_keypair_ocsp_mem
+tls_config_add_ticket_key
+tls_config_clear_keys
+tls_config_error
+tls_config_free
+tls_config_insecure_noverifycert
+tls_config_insecure_noverifyname
+tls_config_insecure_noverifytime
+tls_config_new
+tls_config_ocsp_require_stapling
+tls_config_parse_protocols
+tls_config_prefer_ciphers_client
+tls_config_prefer_ciphers_server
+tls_config_set_alpn
+tls_config_set_ca_file
+tls_config_set_ca_mem
+tls_config_set_ca_path
+tls_config_set_cert_file
+tls_config_set_cert_mem
+tls_config_set_ciphers
+tls_config_set_crl_file
+tls_config_set_crl_mem
+tls_config_set_dheparams
+tls_config_set_ecdhecurve
+tls_config_set_ecdhecurves
+tls_config_set_key_file
+tls_config_set_key_mem
+tls_config_set_keypair_file
+tls_config_set_keypair_mem
+tls_config_set_keypair_ocsp_file
+tls_config_set_keypair_ocsp_mem
+tls_config_set_ocsp_staple_mem
+tls_config_set_ocsp_staple_file
+tls_config_set_protocols
+tls_config_set_session_id
+tls_config_set_session_lifetime
+tls_config_set_session_fd
+tls_config_set_verify_depth
+tls_config_skip_private_key_check
+tls_config_verify
+tls_config_verify_client
+tls_config_verify_client_optional
+tls_configure
+tls_conn_alpn_selected
+tls_conn_cipher
+tls_conn_cipher_strength
+tls_conn_servername
+tls_conn_session_resumed
+tls_conn_version
+tls_connect
+tls_connect_cbs
+tls_connect_fds
+tls_connect_servername
+tls_connect_socket
+tls_default_ca_cert_file
+tls_error
+tls_free
+tls_handshake
+tls_init
+tls_load_file
+tls_ocsp_process_response
+tls_peer_cert_chain_pem
+tls_peer_cert_contains_name
+tls_peer_cert_hash
+tls_peer_cert_issuer
+tls_peer_cert_notafter
+tls_peer_cert_notbefore
+tls_peer_cert_provided
+tls_peer_cert_subject
+tls_peer_ocsp_cert_status
+tls_peer_ocsp_crl_reason
+tls_peer_ocsp_next_update
+tls_peer_ocsp_response_status
+tls_peer_ocsp_result
+tls_peer_ocsp_revocation_time
+tls_peer_ocsp_this_update
+tls_peer_ocsp_url
+tls_read
+tls_reset
+tls_server
+tls_unload_file
+tls_write
diff --git a/tls_bio_cb.c b/tls_bio_cb.c
new file mode 100644
index 0000000..0091808
--- /dev/null
+++ b/tls_bio_cb.c
@@ -0,0 +1,143 @@
+/* $OpenBSD: tls_bio_cb.c,v 1.19 2017/01/12 16:18:39 jsing Exp $ */
+/*
+ * Copyright (c) 2016 Tobias Pape <tobias@netshed.de>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <fcntl.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#include <openssl/bio.h>
+
+#include <tls.h>
+#include "tls_internal.h"
+
+static int bio_cb_write(BIO *bio, const char *buf, int num);
+static int bio_cb_read(BIO *bio, char *buf, int size);
+static int bio_cb_puts(BIO *bio, const char *str);
+static long bio_cb_ctrl(BIO *bio, int cmd, long num, void *ptr);
+
+static BIO_METHOD bio_cb_method = {
+	.type = BIO_TYPE_MEM,
+	.name = "libtls_callbacks",
+	.bwrite = bio_cb_write,
+	.bread = bio_cb_read,
+	.bputs = bio_cb_puts,
+	.ctrl = bio_cb_ctrl,
+};
+
+static BIO_METHOD *
+bio_s_cb(void)
+{
+	return (&bio_cb_method);
+}
+
+static int
+bio_cb_puts(BIO *bio, const char *str)
+{
+	return (bio_cb_write(bio, str, strlen(str)));
+}
+
+static long
+bio_cb_ctrl(BIO *bio, int cmd, long num, void *ptr)
+{
+	long ret = 1;
+
+	switch (cmd) {
+	case BIO_CTRL_GET_CLOSE:
+		ret = (long)bio->shutdown;
+		break;
+	case BIO_CTRL_SET_CLOSE:
+		bio->shutdown = (int)num;
+		break;
+	case BIO_CTRL_DUP:
+	case BIO_CTRL_FLUSH:
+		break;
+	case BIO_CTRL_INFO:
+	case BIO_CTRL_GET:
+	case BIO_CTRL_SET:
+	default:
+		ret = BIO_ctrl(bio->next_bio, cmd, num, ptr);
+	}
+
+	return (ret);
+}
+
+static int
+bio_cb_write(BIO *bio, const char *buf, int num)
+{
+	struct tls *ctx = bio->ptr;
+	int rv;
+
+	BIO_clear_retry_flags(bio);
+	rv = (ctx->write_cb)(ctx, buf, num, ctx->cb_arg);
+	if (rv == TLS_WANT_POLLIN) {
+		BIO_set_retry_read(bio);
+		rv = -1;
+	} else if (rv == TLS_WANT_POLLOUT) {
+		BIO_set_retry_write(bio);
+		rv = -1;
+	}
+	return (rv);
+}
+
+static int
+bio_cb_read(BIO *bio, char *buf, int size)
+{
+	struct tls *ctx = bio->ptr;
+	int rv;
+
+	BIO_clear_retry_flags(bio);
+	rv = (ctx->read_cb)(ctx, buf, size, ctx->cb_arg);
+	if (rv == TLS_WANT_POLLIN) {
+		BIO_set_retry_read(bio);
+		rv = -1;
+	} else if (rv == TLS_WANT_POLLOUT) {
+		BIO_set_retry_write(bio);
+		rv = -1;
+	}
+	return (rv);
+}
+
+int
+tls_set_cbs(struct tls *ctx, tls_read_cb read_cb, tls_write_cb write_cb,
+    void *cb_arg)
+{
+	int rv = -1;
+	BIO *bio;
+
+	if (read_cb == NULL || write_cb == NULL) {
+		tls_set_errorx(ctx, "no callbacks provided");
+		goto err;
+	}
+
+	ctx->read_cb = read_cb;
+	ctx->write_cb = write_cb;
+	ctx->cb_arg = cb_arg;
+
+	if ((bio = BIO_new(bio_s_cb())) == NULL) {
+		tls_set_errorx(ctx, "failed to create callback i/o");
+		goto err;
+	}
+	bio->ptr = ctx;
+	bio->init = 1;
+
+	SSL_set_bio(ctx->ssl_conn, bio, bio);
+
+	rv = 0;
+
+ err:
+	return (rv);
+}
diff --git a/tls_client.c b/tls_client.c
new file mode 100644
index 0000000..04e4402
--- /dev/null
+++ b/tls_client.c
@@ -0,0 +1,474 @@
+/* $OpenBSD: tls_client.c,v 1.45 2018/03/19 16:34:47 jsing Exp $ */
+/*
+ * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/stat.h>
+
+#include <arpa/inet.h>
+#include <netinet/in.h>
+
+#include <limits.h>
+#include <netdb.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#include <openssl/err.h>
+#include <openssl/x509.h>
+
+#include <tls.h>
+#include "tls_internal.h"
+
+struct tls *
+tls_client(void)
+{
+	struct tls *ctx;
+
+	if (tls_init() == -1)
+		return (NULL);
+
+	if ((ctx = tls_new()) == NULL)
+		return (NULL);
+
+	ctx->flags |= TLS_CLIENT;
+
+	return (ctx);
+}
+
+int
+tls_connect(struct tls *ctx, const char *host, const char *port)
+{
+	return tls_connect_servername(ctx, host, port, NULL);
+}
+
+int
+tls_connect_servername(struct tls *ctx, const char *host, const char *port,
+    const char *servername)
+{
+	struct addrinfo hints, *res, *res0;
+	const char *h = NULL, *p = NULL;
+	char *hs = NULL, *ps = NULL;
+	int rv = -1, s = -1, ret;
+
+	if ((ctx->flags & TLS_CLIENT) == 0) {
+		tls_set_errorx(ctx, "not a client context");
+		goto err;
+	}
+
+	if (host == NULL) {
+		tls_set_errorx(ctx, "host not specified");
+		goto err;
+	}
+
+	/*
+	 * If port is NULL try to extract a port from the specified host,
+	 * otherwise use the default.
+	 */
+	if ((p = (char *)port) == NULL) {
+		ret = tls_host_port(host, &hs, &ps);
+		if (ret == -1) {
+			tls_set_errorx(ctx, "memory allocation failure");
+			goto err;
+		}
+		if (ret != 0) {
+			tls_set_errorx(ctx, "no port provided");
+			goto err;
+		}
+	}
+
+	h = (hs != NULL) ? hs : host;
+	p = (ps != NULL) ? ps : port;
+
+	/*
+	 * First check if the host is specified as a numeric IP address,
+	 * either IPv4 or IPv6, before trying to resolve the host.
+	 * The AI_ADDRCONFIG resolver option will not return IPv4 or IPv6
+	 * records if it is not configured on an interface;  not considering
+	 * loopback addresses.  Checking the numeric addresses first makes
+	 * sure that connection attempts to numeric addresses and especially
+	 * 127.0.0.1 or ::1 loopback addresses are always possible.
+	 */
+	memset(&hints, 0, sizeof(hints));
+	hints.ai_socktype = SOCK_STREAM;
+
+	/* try as an IPv4 literal */
+	hints.ai_family = AF_INET;
+	hints.ai_flags = AI_NUMERICHOST;
+	if (getaddrinfo(h, p, &hints, &res0) != 0) {
+		/* try again as an IPv6 literal */
+		hints.ai_family = AF_INET6;
+		if (getaddrinfo(h, p, &hints, &res0) != 0) {
+			/* last try, with name resolution and save the error */
+			hints.ai_family = AF_UNSPEC;
+			hints.ai_flags = AI_ADDRCONFIG;
+			if ((s = getaddrinfo(h, p, &hints, &res0)) != 0) {
+				tls_set_error(ctx, "%s", gai_strerror(s));
+				goto err;
+			}
+		}
+	}
+
+	/* It was resolved somehow; now try connecting to what we got */
+	s = -1;
+	for (res = res0; res; res = res->ai_next) {
+		s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
+		if (s == -1) {
+			tls_set_error(ctx, "socket");
+			continue;
+		}
+		if (connect(s, res->ai_addr, res->ai_addrlen) == -1) {
+			tls_set_error(ctx, "connect");
+			close(s);
+			s = -1;
+			continue;
+		}
+
+		break;  /* Connected. */
+	}
+	freeaddrinfo(res0);
+
+	if (s == -1)
+		goto err;
+
+	if (servername == NULL)
+		servername = h;
+
+	if (tls_connect_socket(ctx, s, servername) != 0) {
+		close(s);
+		goto err;
+	}
+
+	ctx->socket = s;
+
+	rv = 0;
+
+ err:
+	free(hs);
+	free(ps);
+
+	return (rv);
+}
+
+static int
+tls_client_read_session(struct tls *ctx)
+{
+	int sfd = ctx->config->session_fd;
+	uint8_t *session = NULL;
+	size_t session_len = 0;
+	SSL_SESSION *ss = NULL;
+	BIO *bio = NULL;
+	struct stat sb;
+	ssize_t n;
+	int rv = -1;
+
+	if (fstat(sfd, &sb) == -1) {
+		tls_set_error(ctx, "failed to stat session file");
+		goto err;
+	}
+	if (sb.st_size < 0 || sb.st_size > INT_MAX) {
+		tls_set_errorx(ctx, "invalid session file size");
+		goto err;
+	}
+	session_len = (size_t)sb.st_size;
+
+	/* A zero size file means that we do not yet have a valid session. */
+	if (session_len == 0)
+		goto done;
+
+	if ((session = malloc(session_len)) == NULL)
+		goto err;
+
+	n = pread(sfd, session, session_len, 0);
+	if (n < 0 || (size_t)n != session_len) {
+		tls_set_error(ctx, "failed to read session file");
+		goto err;
+	}
+	if ((bio = BIO_new_mem_buf(session, session_len)) == NULL)
+		goto err;
+	if ((ss = PEM_read_bio_SSL_SESSION(bio, NULL, tls_password_cb,
+	    NULL)) == NULL) {
+		tls_set_errorx(ctx, "failed to parse session");
+		goto err;
+	}
+
+	if (SSL_set_session(ctx->ssl_conn, ss) != 1) {
+		tls_set_errorx(ctx, "failed to set session");
+		goto err;
+	}
+
+ done:
+	rv = 0;
+
+ err:
+	freezero(session, session_len);
+	SSL_SESSION_free(ss);
+	BIO_free(bio);
+
+	return rv;
+}
+
+static int
+tls_client_write_session(struct tls *ctx)
+{
+	int sfd = ctx->config->session_fd;
+	SSL_SESSION *ss = NULL;
+	BIO *bio = NULL;
+	long data_len;
+	char *data;
+	off_t offset;
+	size_t len;
+	ssize_t n;
+	int rv = -1;
+
+	if ((ss = SSL_get1_session(ctx->ssl_conn)) == NULL) {
+		if (ftruncate(sfd, 0) == -1) {
+			tls_set_error(ctx, "failed to truncate session file");
+			goto err;
+		}
+		goto done;
+	}
+
+	if ((bio = BIO_new(BIO_s_mem())) == NULL)
+		goto err;
+	if (PEM_write_bio_SSL_SESSION(bio, ss) == 0)
+		goto err;
+	if ((data_len = BIO_get_mem_data(bio, &data)) <= 0)
+		goto err;
+
+	len = (size_t)data_len;
+	offset = 0;
+
+	if (ftruncate(sfd, len) == -1) {
+		tls_set_error(ctx, "failed to truncate session file");
+		goto err;
+	}
+	while (len > 0) {
+		if ((n = pwrite(sfd, data + offset, len, offset)) == -1) {
+			tls_set_error(ctx, "failed to write session file");
+			goto err;
+		}
+		offset += n;
+		len -= n;
+	}
+
+ done:
+	rv = 0;
+
+ err:
+	SSL_SESSION_free(ss);
+	BIO_free_all(bio);
+
+	return (rv);
+}
+
+static int
+tls_connect_common(struct tls *ctx, const char *servername)
+{
+	union tls_addr addrbuf;
+	int rv = -1;
+
+	if ((ctx->flags & TLS_CLIENT) == 0) {
+		tls_set_errorx(ctx, "not a client context");
+		goto err;
+	}
+
+	if (servername != NULL) {
+		if ((ctx->servername = strdup(servername)) == NULL) {
+			tls_set_errorx(ctx, "out of memory");
+			goto err;
+		}
+	}
+
+	if ((ctx->ssl_ctx = SSL_CTX_new(SSLv23_client_method())) == NULL) {
+		tls_set_errorx(ctx, "ssl context failure");
+		goto err;
+	}
+
+	if (tls_configure_ssl(ctx, ctx->ssl_ctx) != 0)
+		goto err;
+
+	if (tls_configure_ssl_keypair(ctx, ctx->ssl_ctx,
+	    ctx->config->keypair, 0) != 0)
+		goto err;
+
+	if (ctx->config->verify_name) {
+		if (servername == NULL) {
+			tls_set_errorx(ctx, "server name not specified");
+			goto err;
+		}
+	}
+
+	if (tls_configure_ssl_verify(ctx, ctx->ssl_ctx, SSL_VERIFY_PEER) == -1)
+		goto err;
+
+	if (ctx->config->ecdhecurves != NULL) {
+		if (SSL_CTX_set1_groups(ctx->ssl_ctx, ctx->config->ecdhecurves,
+		    ctx->config->ecdhecurves_len) != 1) {
+			tls_set_errorx(ctx, "failed to set ecdhe curves");
+			goto err;
+		}
+	}
+
+	if (SSL_CTX_set_tlsext_status_cb(ctx->ssl_ctx, tls_ocsp_verify_cb) != 1) {
+		tls_set_errorx(ctx, "ssl OCSP verification setup failure");
+		goto err;
+	}
+
+	if ((ctx->ssl_conn = SSL_new(ctx->ssl_ctx)) == NULL) {
+		tls_set_errorx(ctx, "ssl connection failure");
+		goto err;
+	}
+
+	if (SSL_set_app_data(ctx->ssl_conn, ctx) != 1) {
+		tls_set_errorx(ctx, "ssl application data failure");
+		goto err;
+	}
+
+	if (ctx->config->session_fd != -1) {
+		SSL_clear_options(ctx->ssl_conn, SSL_OP_NO_TICKET);
+		if (tls_client_read_session(ctx) == -1)
+			goto err;
+	}
+
+	if (SSL_set_tlsext_status_type(ctx->ssl_conn, TLSEXT_STATUSTYPE_ocsp) != 1) {
+		tls_set_errorx(ctx, "ssl OCSP extension setup failure");
+		goto err;
+	}
+
+	/*
+	 * RFC4366 (SNI): Literal IPv4 and IPv6 addresses are not
+	 * permitted in "HostName".
+	 */
+	if (servername != NULL &&
+	    inet_pton(AF_INET, servername, &addrbuf) != 1 &&
+	    inet_pton(AF_INET6, servername, &addrbuf) != 1) {
+		if (SSL_set_tlsext_host_name(ctx->ssl_conn, servername) == 0) {
+			tls_set_errorx(ctx, "server name indication failure");
+			goto err;
+		}
+	}
+
+	ctx->state |= TLS_CONNECTED;
+	rv = 0;
+
+ err:
+	return (rv);
+}
+
+int
+tls_connect_socket(struct tls *ctx, int s, const char *servername)
+{
+	return tls_connect_fds(ctx, s, s, servername);
+}
+
+int
+tls_connect_fds(struct tls *ctx, int fd_read, int fd_write,
+    const char *servername)
+{
+	int rv = -1;
+
+	if (fd_read < 0 || fd_write < 0) {
+		tls_set_errorx(ctx, "invalid file descriptors");
+		goto err;
+	}
+
+	if (tls_connect_common(ctx, servername) != 0)
+		goto err;
+
+	if (SSL_set_rfd(ctx->ssl_conn, fd_read) != 1 ||
+	    SSL_set_wfd(ctx->ssl_conn, fd_write) != 1) {
+		tls_set_errorx(ctx, "ssl file descriptor failure");
+		goto err;
+	}
+
+	rv = 0;
+ err:
+	return (rv);
+}
+
+int
+tls_connect_cbs(struct tls *ctx, tls_read_cb read_cb,
+    tls_write_cb write_cb, void *cb_arg, const char *servername)
+{
+	int rv = -1;
+
+	if (tls_connect_common(ctx, servername) != 0)
+		goto err;
+
+	if (tls_set_cbs(ctx, read_cb, write_cb, cb_arg) != 0)
+		goto err;
+
+	rv = 0;
+
+ err:
+	return (rv);
+}
+
+int
+tls_handshake_client(struct tls *ctx)
+{
+	X509 *cert = NULL;
+	int match, ssl_ret;
+	int rv = -1;
+
+	if ((ctx->flags & TLS_CLIENT) == 0) {
+		tls_set_errorx(ctx, "not a client context");
+		goto err;
+	}
+
+	if ((ctx->state & TLS_CONNECTED) == 0) {
+		tls_set_errorx(ctx, "context not connected");
+		goto err;
+	}
+
+	ctx->state |= TLS_SSL_NEEDS_SHUTDOWN;
+
+	ERR_clear_error();
+	if ((ssl_ret = SSL_connect(ctx->ssl_conn)) != 1) {
+		rv = tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "handshake");
+		goto err;
+	}
+
+	if (ctx->config->verify_name) {
+		cert = SSL_get_peer_certificate(ctx->ssl_conn);
+		if (cert == NULL) {
+			tls_set_errorx(ctx, "no server certificate");
+			goto err;
+		}
+		if (tls_check_name(ctx, cert, ctx->servername, &match) == -1)
+			goto err;
+		if (!match) {
+			tls_set_errorx(ctx, "name `%s' not present in"
+			    " server certificate", ctx->servername);
+			goto err;
+		}
+	}
+
+	ctx->state |= TLS_HANDSHAKE_COMPLETE;
+
+	if (ctx->config->session_fd != -1) {
+		if (tls_client_write_session(ctx) == -1)
+			goto err;
+	}
+
+	rv = 0;
+
+ err:
+	X509_free(cert);
+
+	return (rv);
+}
diff --git a/tls_config.c b/tls_config.c
new file mode 100644
index 0000000..ed47170
--- /dev/null
+++ b/tls_config.c
@@ -0,0 +1,907 @@
+/* $OpenBSD: tls_config.c,v 1.58 2020/01/20 08:39:21 jsing Exp $ */
+/*
+ * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <sys/stat.h>
+
+#include <ctype.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <pthread.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#include <tls.h>
+
+#include "tls_internal.h"
+
+static const char default_ca_file[] = TLS_DEFAULT_CA_FILE;
+
+const char *
+tls_default_ca_cert_file(void)
+{
+	return default_ca_file;
+}
+
+int
+tls_config_load_file(struct tls_error *error, const char *filetype,
+    const char *filename, char **buf, size_t *len)
+{
+	struct stat st;
+	int fd = -1;
+	ssize_t n;
+
+	free(*buf);
+	*buf = NULL;
+	*len = 0;
+
+	if ((fd = open(filename, O_RDONLY)) == -1) {
+		tls_error_set(error, "failed to open %s file '%s'",
+		    filetype, filename);
+		goto err;
+	}
+	if (fstat(fd, &st) != 0) {
+		tls_error_set(error, "failed to stat %s file '%s'",
+		    filetype, filename);
+		goto err;
+	}
+	if (st.st_size < 0)
+		goto err;
+	*len = (size_t)st.st_size;
+	if ((*buf = malloc(*len)) == NULL) {
+		tls_error_set(error, "failed to allocate buffer for "
+		    "%s file", filetype);
+		goto err;
+	}
+	n = read(fd, *buf, *len);
+	if (n < 0 || (size_t)n != *len) {
+		tls_error_set(error, "failed to read %s file '%s'",
+		    filetype, filename);
+		goto err;
+	}
+	close(fd);
+	return 0;
+
+ err:
+	if (fd != -1)
+		close(fd);
+	freezero(*buf, *len);
+	*buf = NULL;
+	*len = 0;
+
+	return -1;
+}
+
+struct tls_config *
+tls_config_new_internal(void)
+{
+	struct tls_config *config;
+	unsigned char sid[TLS_MAX_SESSION_ID_LENGTH];
+
+	if ((config = calloc(1, sizeof(*config))) == NULL)
+		return (NULL);
+
+	if (pthread_mutex_init(&config->mutex, NULL) != 0)
+		goto err;
+
+	config->refcount = 1;
+	config->session_fd = -1;
+
+	if ((config->keypair = tls_keypair_new()) == NULL)
+		goto err;
+
+	/*
+	 * Default configuration.
+	 */
+	if (tls_config_set_dheparams(config, "none") != 0)
+		goto err;
+	if (tls_config_set_ecdhecurves(config, "default") != 0)
+		goto err;
+	if (tls_config_set_ciphers(config, "secure") != 0)
+		goto err;
+
+	if (tls_config_set_protocols(config, TLS_PROTOCOLS_DEFAULT) != 0)
+		goto err;
+	if (tls_config_set_verify_depth(config, 6) != 0)
+		goto err;
+
+	/*
+	 * Set session ID context to a random value.  For the simple case
+	 * of a single process server this is good enough. For multiprocess
+	 * servers the session ID needs to be set by the caller.
+	 */
+	arc4random_buf(sid, sizeof(sid));
+	if (tls_config_set_session_id(config, sid, sizeof(sid)) != 0)
+		goto err;
+	config->ticket_keyrev = arc4random();
+	config->ticket_autorekey = 1;
+
+	tls_config_prefer_ciphers_server(config);
+
+	tls_config_verify(config);
+
+	return (config);
+
+ err:
+	tls_config_free(config);
+	return (NULL);
+}
+
+struct tls_config *
+tls_config_new(void)
+{
+	if (tls_init() == -1)
+		return (NULL);
+
+	return tls_config_new_internal();
+}
+
+void
+tls_config_free(struct tls_config *config)
+{
+	struct tls_keypair *kp, *nkp;
+	int refcount;
+
+	if (config == NULL)
+		return;
+
+	pthread_mutex_lock(&config->mutex);
+	refcount = --config->refcount;
+	pthread_mutex_unlock(&config->mutex);
+
+	if (refcount > 0)
+		return;
+
+	for (kp = config->keypair; kp != NULL; kp = nkp) {
+		nkp = kp->next;
+		tls_keypair_free(kp);
+	}
+
+	free(config->error.msg);
+
+	free(config->alpn);
+	free((char *)config->ca_mem);
+	free((char *)config->ca_path);
+	free((char *)config->ciphers);
+	free((char *)config->crl_mem);
+	free(config->ecdhecurves);
+
+	free(config);
+}
+
+static void
+tls_config_keypair_add(struct tls_config *config, struct tls_keypair *keypair)
+{
+	struct tls_keypair *kp;
+
+	kp = config->keypair;
+	while (kp->next != NULL)
+		kp = kp->next;
+
+	kp->next = keypair;
+}
+
+const char *
+tls_config_error(struct tls_config *config)
+{
+	return config->error.msg;
+}
+
+void
+tls_config_clear_keys(struct tls_config *config)
+{
+	struct tls_keypair *kp;
+
+	for (kp = config->keypair; kp != NULL; kp = kp->next)
+		tls_keypair_clear_key(kp);
+}
+
+int
+tls_config_parse_protocols(uint32_t *protocols, const char *protostr)
+{
+	uint32_t proto, protos = 0;
+	char *s, *p, *q;
+	int negate;
+
+	if (protostr == NULL) {
+		*protocols = TLS_PROTOCOLS_DEFAULT;
+		return (0);
+	}
+
+	if ((s = strdup(protostr)) == NULL)
+		return (-1);
+
+	q = s;
+	while ((p = strsep(&q, ",:")) != NULL) {
+		while (*p == ' ' || *p == '\t')
+			p++;
+
+		negate = 0;
+		if (*p == '!') {
+			negate = 1;
+			p++;
+		}
+
+		if (negate && protos == 0)
+			protos = TLS_PROTOCOLS_ALL;
+
+		proto = 0;
+		if (strcasecmp(p, "all") == 0 ||
+		    strcasecmp(p, "legacy") == 0)
+			proto = TLS_PROTOCOLS_ALL;
+		else if (strcasecmp(p, "default") == 0 ||
+		    strcasecmp(p, "secure") == 0)
+			proto = TLS_PROTOCOLS_DEFAULT;
+		if (strcasecmp(p, "tlsv1") == 0)
+			proto = TLS_PROTOCOL_TLSv1;
+		else if (strcasecmp(p, "tlsv1.0") == 0)
+			proto = TLS_PROTOCOL_TLSv1_0;
+		else if (strcasecmp(p, "tlsv1.1") == 0)
+			proto = TLS_PROTOCOL_TLSv1_1;
+		else if (strcasecmp(p, "tlsv1.2") == 0)
+			proto = TLS_PROTOCOL_TLSv1_2;
+		else if (strcasecmp(p, "tlsv1.3") == 0)
+			proto = TLS_PROTOCOL_TLSv1_3;
+
+		if (proto == 0) {
+			free(s);
+			return (-1);
+		}
+
+		if (negate)
+			protos &= ~proto;
+		else
+			protos |= proto;
+	}
+
+	*protocols = protos;
+
+	free(s);
+
+	return (0);
+}
+
+static int
+tls_config_parse_alpn(struct tls_config *config, const char *alpn,
+    char **alpn_data, size_t *alpn_len)
+{
+	size_t buf_len, i, len;
+	char *buf = NULL;
+	char *s = NULL;
+	char *p, *q;
+
+	free(*alpn_data);
+	*alpn_data = NULL;
+	*alpn_len = 0;
+
+	if ((buf_len = strlen(alpn) + 1) > 65535) {
+		tls_config_set_errorx(config, "alpn too large");
+		goto err;
+	}
+
+	if ((buf = malloc(buf_len)) == NULL) {
+		tls_config_set_errorx(config, "out of memory");
+		goto err;
+	}
+
+	if ((s = strdup(alpn)) == NULL) {
+		tls_config_set_errorx(config, "out of memory");
+		goto err;
+	}
+
+	i = 0;
+	q = s;
+	while ((p = strsep(&q, ",")) != NULL) {
+		if ((len = strlen(p)) == 0) {
+			tls_config_set_errorx(config,
+			    "alpn protocol with zero length");
+			goto err;
+		}
+		if (len > 255) {
+			tls_config_set_errorx(config,
+			    "alpn protocol too long");
+			goto err;
+		}
+		buf[i++] = len & 0xff;
+		memcpy(&buf[i], p, len);
+		i += len;
+	}
+
+	free(s);
+
+	*alpn_data = buf;
+	*alpn_len = buf_len;
+
+	return (0);
+
+ err:
+	free(buf);
+	free(s);
+
+	return (-1);
+}
+
+int
+tls_config_set_alpn(struct tls_config *config, const char *alpn)
+{
+	return tls_config_parse_alpn(config, alpn, &config->alpn,
+	    &config->alpn_len);
+}
+
+static int
+tls_config_add_keypair_file_internal(struct tls_config *config,
+    const char *cert_file, const char *key_file, const char *ocsp_file)
+{
+	struct tls_keypair *keypair;
+
+	if ((keypair = tls_keypair_new()) == NULL)
+		return (-1);
+	if (tls_keypair_set_cert_file(keypair, &config->error, cert_file) != 0)
+		goto err;
+	if (tls_keypair_set_key_file(keypair, &config->error, key_file) != 0)
+		goto err;
+	if (ocsp_file != NULL &&
+	    tls_keypair_set_ocsp_staple_file(keypair, &config->error,
+		ocsp_file) != 0)
+		goto err;
+
+	tls_config_keypair_add(config, keypair);
+
+	return (0);
+
+ err:
+	tls_keypair_free(keypair);
+	return (-1);
+}
+
+static int
+tls_config_add_keypair_mem_internal(struct tls_config *config, const uint8_t *cert,
+    size_t cert_len, const uint8_t *key, size_t key_len,
+    const uint8_t *staple, size_t staple_len)
+{
+	struct tls_keypair *keypair;
+
+	if ((keypair = tls_keypair_new()) == NULL)
+		return (-1);
+	if (tls_keypair_set_cert_mem(keypair, &config->error, cert, cert_len) != 0)
+		goto err;
+	if (tls_keypair_set_key_mem(keypair, &config->error, key, key_len) != 0)
+		goto err;
+	if (staple != NULL &&
+	    tls_keypair_set_ocsp_staple_mem(keypair, &config->error, staple,
+		staple_len) != 0)
+		goto err;
+
+	tls_config_keypair_add(config, keypair);
+
+	return (0);
+
+ err:
+	tls_keypair_free(keypair);
+	return (-1);
+}
+
+int
+tls_config_add_keypair_mem(struct tls_config *config, const uint8_t *cert,
+    size_t cert_len, const uint8_t *key, size_t key_len)
+{
+	return tls_config_add_keypair_mem_internal(config, cert, cert_len, key,
+	    key_len, NULL, 0);
+}
+
+int
+tls_config_add_keypair_file(struct tls_config *config,
+    const char *cert_file, const char *key_file)
+{
+	return tls_config_add_keypair_file_internal(config, cert_file,
+	    key_file, NULL);
+}
+
+int
+tls_config_add_keypair_ocsp_mem(struct tls_config *config, const uint8_t *cert,
+    size_t cert_len, const uint8_t *key, size_t key_len, const uint8_t *staple,
+    size_t staple_len)
+{
+	return tls_config_add_keypair_mem_internal(config, cert, cert_len, key,
+	    key_len, staple, staple_len);
+}
+
+int
+tls_config_add_keypair_ocsp_file(struct tls_config *config,
+    const char *cert_file, const char *key_file, const char *ocsp_file)
+{
+	return tls_config_add_keypair_file_internal(config, cert_file,
+	    key_file, ocsp_file);
+}
+
+int
+tls_config_set_ca_file(struct tls_config *config, const char *ca_file)
+{
+	return tls_config_load_file(&config->error, "CA", ca_file,
+	    &config->ca_mem, &config->ca_len);
+}
+
+int
+tls_config_set_ca_path(struct tls_config *config, const char *ca_path)
+{
+	return tls_set_string(&config->ca_path, ca_path);
+}
+
+int
+tls_config_set_ca_mem(struct tls_config *config, const uint8_t *ca, size_t len)
+{
+	return tls_set_mem(&config->ca_mem, &config->ca_len, ca, len);
+}
+
+int
+tls_config_set_cert_file(struct tls_config *config, const char *cert_file)
+{
+	return tls_keypair_set_cert_file(config->keypair, &config->error,
+	    cert_file);
+}
+
+int
+tls_config_set_cert_mem(struct tls_config *config, const uint8_t *cert,
+    size_t len)
+{
+	return tls_keypair_set_cert_mem(config->keypair, &config->error,
+	    cert, len);
+}
+
+int
+tls_config_set_ciphers(struct tls_config *config, const char *ciphers)
+{
+	SSL_CTX *ssl_ctx = NULL;
+
+	if (ciphers == NULL ||
+	    strcasecmp(ciphers, "default") == 0 ||
+	    strcasecmp(ciphers, "secure") == 0)
+		ciphers = TLS_CIPHERS_DEFAULT;
+	else if (strcasecmp(ciphers, "compat") == 0)
+		ciphers = TLS_CIPHERS_COMPAT;
+	else if (strcasecmp(ciphers, "legacy") == 0)
+		ciphers = TLS_CIPHERS_LEGACY;
+	else if (strcasecmp(ciphers, "all") == 0 ||
+	    strcasecmp(ciphers, "insecure") == 0)
+		ciphers = TLS_CIPHERS_ALL;
+
+	if ((ssl_ctx = SSL_CTX_new(SSLv23_method())) == NULL) {
+		tls_config_set_errorx(config, "out of memory");
+		goto err;
+	}
+	if (SSL_CTX_set_cipher_list(ssl_ctx, ciphers) != 1) {
+		tls_config_set_errorx(config, "no ciphers for '%s'", ciphers);
+		goto err;
+	}
+
+	SSL_CTX_free(ssl_ctx);
+	return tls_set_string(&config->ciphers, ciphers);
+
+ err:
+	SSL_CTX_free(ssl_ctx);
+	return -1;
+}
+
+int
+tls_config_set_crl_file(struct tls_config *config, const char *crl_file)
+{
+	return tls_config_load_file(&config->error, "CRL", crl_file,
+	    &config->crl_mem, &config->crl_len);
+}
+
+int
+tls_config_set_crl_mem(struct tls_config *config, const uint8_t *crl,
+    size_t len)
+{
+	return tls_set_mem(&config->crl_mem, &config->crl_len, crl, len);
+}
+
+int
+tls_config_set_dheparams(struct tls_config *config, const char *params)
+{
+	int keylen;
+
+	if (params == NULL || strcasecmp(params, "none") == 0)
+		keylen = 0;
+	else if (strcasecmp(params, "auto") == 0)
+		keylen = -1;
+	else if (strcasecmp(params, "legacy") == 0)
+		keylen = 1024;
+	else {
+		tls_config_set_errorx(config, "invalid dhe param '%s'", params);
+		return (-1);
+	}
+
+	config->dheparams = keylen;
+
+	return (0);
+}
+
+int
+tls_config_set_ecdhecurve(struct tls_config *config, const char *curve)
+{
+	if (curve == NULL ||
+	    strcasecmp(curve, "none") == 0 ||
+	    strcasecmp(curve, "auto") == 0) {
+		curve = TLS_ECDHE_CURVES;
+	} else if (strchr(curve, ',') != NULL || strchr(curve, ':') != NULL) {
+		tls_config_set_errorx(config, "invalid ecdhe curve '%s'",
+		    curve);
+		return (-1);
+	}
+
+	return tls_config_set_ecdhecurves(config, curve);
+}
+
+int
+tls_config_set_ecdhecurves(struct tls_config *config, const char *curves)
+{
+	int *curves_list = NULL, *curves_new;
+	size_t curves_num = 0;
+	char *cs = NULL;
+	char *p, *q;
+	int rv = -1;
+	int nid;
+
+	free(config->ecdhecurves);
+	config->ecdhecurves = NULL;
+	config->ecdhecurves_len = 0;
+
+	if (curves == NULL || strcasecmp(curves, "default") == 0)
+		curves = TLS_ECDHE_CURVES;
+
+	if ((cs = strdup(curves)) == NULL) {
+		tls_config_set_errorx(config, "out of memory");
+		goto err;
+	}
+
+	q = cs;
+	while ((p = strsep(&q, ",:")) != NULL) {
+		while (*p == ' ' || *p == '\t')
+			p++;
+
+		nid = OBJ_sn2nid(p);
+		if (nid == NID_undef)
+			nid = OBJ_ln2nid(p);
+		if (nid == NID_undef)
+			nid = EC_curve_nist2nid(p);
+		if (nid == NID_undef) {
+			tls_config_set_errorx(config,
+			    "invalid ecdhe curve '%s'", p);
+			goto err;
+		}
+
+		if ((curves_new = reallocarray(curves_list, curves_num + 1,
+		    sizeof(int))) == NULL) {
+			tls_config_set_errorx(config, "out of memory");
+			goto err;
+		}
+		curves_list = curves_new;
+		curves_list[curves_num] = nid;
+		curves_num++;
+	}
+
+	config->ecdhecurves = curves_list;
+	config->ecdhecurves_len = curves_num;
+	curves_list = NULL;
+
+	rv = 0;
+
+ err:
+	free(cs);
+	free(curves_list);
+
+	return (rv);
+}
+
+int
+tls_config_set_key_file(struct tls_config *config, const char *key_file)
+{
+	return tls_keypair_set_key_file(config->keypair, &config->error,
+	    key_file);
+}
+
+int
+tls_config_set_key_mem(struct tls_config *config, const uint8_t *key,
+    size_t len)
+{
+	return tls_keypair_set_key_mem(config->keypair, &config->error,
+	    key, len);
+}
+
+static int
+tls_config_set_keypair_file_internal(struct tls_config *config,
+    const char *cert_file, const char *key_file, const char *ocsp_file)
+{
+	if (tls_config_set_cert_file(config, cert_file) != 0)
+		return (-1);
+	if (tls_config_set_key_file(config, key_file) != 0)
+		return (-1);
+	if (ocsp_file != NULL &&
+	    tls_config_set_ocsp_staple_file(config, ocsp_file) != 0)
+		return (-1);
+
+	return (0);
+}
+
+static int
+tls_config_set_keypair_mem_internal(struct tls_config *config, const uint8_t *cert,
+    size_t cert_len, const uint8_t *key, size_t key_len,
+    const uint8_t *staple, size_t staple_len)
+{
+	if (tls_config_set_cert_mem(config, cert, cert_len) != 0)
+		return (-1);
+	if (tls_config_set_key_mem(config, key, key_len) != 0)
+		return (-1);
+	if ((staple != NULL) &&
+	    (tls_config_set_ocsp_staple_mem(config, staple, staple_len) != 0))
+		return (-1);
+
+	return (0);
+}
+
+int
+tls_config_set_keypair_file(struct tls_config *config,
+    const char *cert_file, const char *key_file)
+{
+	return tls_config_set_keypair_file_internal(config, cert_file, key_file,
+	    NULL);
+}
+
+int
+tls_config_set_keypair_mem(struct tls_config *config, const uint8_t *cert,
+    size_t cert_len, const uint8_t *key, size_t key_len)
+{
+	return tls_config_set_keypair_mem_internal(config, cert, cert_len,
+	    key, key_len, NULL, 0);
+}
+
+int
+tls_config_set_keypair_ocsp_file(struct tls_config *config,
+    const char *cert_file, const char *key_file, const char *ocsp_file)
+{
+	return tls_config_set_keypair_file_internal(config, cert_file, key_file,
+	    ocsp_file);
+}
+
+int
+tls_config_set_keypair_ocsp_mem(struct tls_config *config, const uint8_t *cert,
+    size_t cert_len, const uint8_t *key, size_t key_len,
+    const uint8_t *staple, size_t staple_len)
+{
+	return tls_config_set_keypair_mem_internal(config, cert, cert_len,
+	    key, key_len, staple, staple_len);
+}
+
+
+int
+tls_config_set_protocols(struct tls_config *config, uint32_t protocols)
+{
+	config->protocols = protocols;
+
+	return (0);
+}
+
+int
+tls_config_set_session_fd(struct tls_config *config, int session_fd)
+{
+	struct stat sb;
+	mode_t mugo;
+
+	if (session_fd == -1) {
+		config->session_fd = session_fd;
+		return (0);
+	}
+
+	if (fstat(session_fd, &sb) == -1) {
+		tls_config_set_error(config, "failed to stat session file");
+		return (-1);
+	}
+	if (!S_ISREG(sb.st_mode)) {
+		tls_config_set_errorx(config,
+		    "session file is not a regular file");
+		return (-1);
+	}
+
+	if (sb.st_uid != getuid()) {
+		tls_config_set_errorx(config, "session file has incorrect "
+		    "owner (uid %i != %i)", sb.st_uid, getuid());
+		return (-1);
+	}
+	mugo = sb.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO);
+	if (mugo != (S_IRUSR|S_IWUSR)) {
+		tls_config_set_errorx(config, "session file has incorrect "
+		    "permissions (%o != 600)", mugo);
+		return (-1);
+	}
+
+	config->session_fd = session_fd;
+
+	return (0);
+}
+
+int
+tls_config_set_verify_depth(struct tls_config *config, int verify_depth)
+{
+	config->verify_depth = verify_depth;
+
+	return (0);
+}
+
+void
+tls_config_prefer_ciphers_client(struct tls_config *config)
+{
+	config->ciphers_server = 0;
+}
+
+void
+tls_config_prefer_ciphers_server(struct tls_config *config)
+{
+	config->ciphers_server = 1;
+}
+
+void
+tls_config_insecure_noverifycert(struct tls_config *config)
+{
+	config->verify_cert = 0;
+}
+
+void
+tls_config_insecure_noverifyname(struct tls_config *config)
+{
+	config->verify_name = 0;
+}
+
+void
+tls_config_insecure_noverifytime(struct tls_config *config)
+{
+	config->verify_time = 0;
+}
+
+void
+tls_config_verify(struct tls_config *config)
+{
+	config->verify_cert = 1;
+	config->verify_name = 1;
+	config->verify_time = 1;
+}
+
+void
+tls_config_ocsp_require_stapling(struct tls_config *config)
+{
+	config->ocsp_require_stapling = 1;
+}
+
+void
+tls_config_verify_client(struct tls_config *config)
+{
+	config->verify_client = 1;
+}
+
+void
+tls_config_verify_client_optional(struct tls_config *config)
+{
+	config->verify_client = 2;
+}
+
+void
+tls_config_skip_private_key_check(struct tls_config *config)
+{
+	config->skip_private_key_check = 1;
+}
+
+int
+tls_config_set_ocsp_staple_file(struct tls_config *config, const char *staple_file)
+{
+	return tls_keypair_set_ocsp_staple_file(config->keypair, &config->error,
+	    staple_file);
+}
+
+int
+tls_config_set_ocsp_staple_mem(struct tls_config *config, const uint8_t *staple,
+    size_t len)
+{
+	return tls_keypair_set_ocsp_staple_mem(config->keypair, &config->error,
+	    staple, len);
+}
+
+int
+tls_config_set_session_id(struct tls_config *config,
+    const unsigned char *session_id, size_t len)
+{
+	if (len > TLS_MAX_SESSION_ID_LENGTH) {
+		tls_config_set_errorx(config, "session ID too large");
+		return (-1);
+	}
+	memset(config->session_id, 0, sizeof(config->session_id));
+	memcpy(config->session_id, session_id, len);
+	return (0);
+}
+
+int
+tls_config_set_session_lifetime(struct tls_config *config, int lifetime)
+{
+	if (lifetime > TLS_MAX_SESSION_TIMEOUT) {
+		tls_config_set_errorx(config, "session lifetime too large");
+		return (-1);
+	}
+	if (lifetime != 0 && lifetime < TLS_MIN_SESSION_TIMEOUT) {
+		tls_config_set_errorx(config, "session lifetime too small");
+		return (-1);
+	}
+
+	config->session_lifetime = lifetime;
+	return (0);
+}
+
+int
+tls_config_add_ticket_key(struct tls_config *config, uint32_t keyrev,
+    unsigned char *key, size_t keylen)
+{
+	struct tls_ticket_key newkey;
+	int i;
+
+	if (TLS_TICKET_KEY_SIZE != keylen ||
+	    sizeof(newkey.aes_key) + sizeof(newkey.hmac_key) > keylen) {
+		tls_config_set_errorx(config,
+		    "wrong amount of ticket key data");
+		return (-1);
+	}
+
+	keyrev = htonl(keyrev);
+	memset(&newkey, 0, sizeof(newkey));
+	memcpy(newkey.key_name, &keyrev, sizeof(keyrev));
+	memcpy(newkey.aes_key, key, sizeof(newkey.aes_key));
+	memcpy(newkey.hmac_key, key + sizeof(newkey.aes_key),
+	    sizeof(newkey.hmac_key));
+	newkey.time = time(NULL);
+
+	for (i = 0; i < TLS_NUM_TICKETS; i++) {
+		struct tls_ticket_key *tk = &config->ticket_keys[i];
+		if (memcmp(newkey.key_name, tk->key_name,
+		    sizeof(tk->key_name)) != 0)
+			continue;
+
+		/* allow re-entry of most recent key */
+		if (i == 0 && memcmp(newkey.aes_key, tk->aes_key,
+		    sizeof(tk->aes_key)) == 0 && memcmp(newkey.hmac_key,
+		    tk->hmac_key, sizeof(tk->hmac_key)) == 0)
+			return (0);
+		tls_config_set_errorx(config, "ticket key already present");
+		return (-1);
+	}
+
+	memmove(&config->ticket_keys[1], &config->ticket_keys[0],
+	    sizeof(config->ticket_keys) - sizeof(config->ticket_keys[0]));
+	config->ticket_keys[0] = newkey;
+
+	config->ticket_autorekey = 0;
+
+	return (0);
+}
+
+int
+tls_config_ticket_autorekey(struct tls_config *config)
+{
+	unsigned char key[TLS_TICKET_KEY_SIZE];
+	int rv;
+
+	arc4random_buf(key, sizeof(key));
+	rv = tls_config_add_ticket_key(config, config->ticket_keyrev++, key,
+	    sizeof(key));
+	config->ticket_autorekey = 1;
+	return (rv);
+}
diff --git a/tls_conninfo.c b/tls_conninfo.c
new file mode 100644
index 0000000..d44dc84
--- /dev/null
+++ b/tls_conninfo.c
@@ -0,0 +1,346 @@
+/* $OpenBSD: tls_conninfo.c,v 1.21 2019/11/02 13:37:59 jsing Exp $ */
+/*
+ * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
+ * Copyright (c) 2015 Bob Beck <beck@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <stdio.h>
+
+#include <openssl/x509.h>
+
+#include <tls.h>
+#include "tls_internal.h"
+
+int ASN1_time_tm_clamp_notafter(struct tm *tm);
+
+int
+tls_hex_string(const unsigned char *in, size_t inlen, char **out,
+    size_t *outlen)
+{
+	static const char hex[] = "0123456789abcdef";
+	size_t i, len;
+	char *p;
+
+	if (outlen != NULL)
+		*outlen = 0;
+
+	if (inlen >= SIZE_MAX)
+		return (-1);
+	if ((*out = reallocarray(NULL, inlen + 1, 2)) == NULL)
+		return (-1);
+
+	p = *out;
+	len = 0;
+	for (i = 0; i < inlen; i++) {
+		p[len++] = hex[(in[i] >> 4) & 0x0f];
+		p[len++] = hex[in[i] & 0x0f];
+	}
+	p[len++] = 0;
+
+	if (outlen != NULL)
+		*outlen = len;
+
+	return (0);
+}
+
+static int
+tls_get_peer_cert_hash(struct tls *ctx, char **hash)
+{
+	*hash = NULL;
+	if (ctx->ssl_peer_cert == NULL)
+		return (0);
+
+	if (tls_cert_hash(ctx->ssl_peer_cert, hash) == -1) {
+		tls_set_errorx(ctx, "unable to compute peer certificate hash - out of memory");
+		*hash = NULL;
+		return -1;
+	}
+	return 0;
+}
+
+static int
+tls_get_peer_cert_issuer(struct tls *ctx,  char **issuer)
+{
+	X509_NAME *name = NULL;
+
+	*issuer = NULL;
+	if (ctx->ssl_peer_cert == NULL)
+		return (-1);
+	if ((name = X509_get_issuer_name(ctx->ssl_peer_cert)) == NULL)
+		return (-1);
+	*issuer = X509_NAME_oneline(name, 0, 0);
+	if (*issuer == NULL)
+		return (-1);
+	return (0);
+}
+
+static int
+tls_get_peer_cert_subject(struct tls *ctx, char **subject)
+{
+	X509_NAME *name = NULL;
+
+	*subject = NULL;
+	if (ctx->ssl_peer_cert == NULL)
+		return (-1);
+	if ((name = X509_get_subject_name(ctx->ssl_peer_cert)) == NULL)
+		return (-1);
+	*subject = X509_NAME_oneline(name, 0, 0);
+	if (*subject == NULL)
+		return (-1);
+	return (0);
+}
+
+static int
+tls_get_peer_cert_times(struct tls *ctx, time_t *notbefore,
+    time_t *notafter)
+{
+	struct tm before_tm, after_tm;
+	ASN1_TIME *before, *after;
+
+	if (ctx->ssl_peer_cert == NULL)
+		return (-1);
+
+	memset(&before_tm, 0, sizeof(before_tm));
+	memset(&after_tm, 0, sizeof(after_tm));
+
+	if ((before = X509_get_notBefore(ctx->ssl_peer_cert)) == NULL)
+		goto err;
+	if ((after = X509_get_notAfter(ctx->ssl_peer_cert)) == NULL)
+		goto err;
+	if (ASN1_time_parse(before->data, before->length, &before_tm, 0) == -1)
+		goto err;
+	if (ASN1_time_parse(after->data, after->length, &after_tm, 0) == -1)
+		goto err;
+	if (!ASN1_time_tm_clamp_notafter(&after_tm))
+		goto err;
+	if ((*notbefore = timegm(&before_tm)) == -1)
+		goto err;
+	if ((*notafter = timegm(&after_tm)) == -1)
+		goto err;
+
+	return (0);
+
+ err:
+	return (-1);
+}
+
+static int
+tls_get_peer_cert_info(struct tls *ctx)
+{
+	if (ctx->ssl_peer_cert == NULL)
+		return (0);
+
+	if (tls_get_peer_cert_hash(ctx, &ctx->conninfo->hash) == -1)
+		goto err;
+	if (tls_get_peer_cert_subject(ctx, &ctx->conninfo->subject) == -1)
+		goto err;
+	if (tls_get_peer_cert_issuer(ctx, &ctx->conninfo->issuer) == -1)
+		goto err;
+	if (tls_get_peer_cert_times(ctx, &ctx->conninfo->notbefore,
+	    &ctx->conninfo->notafter) == -1)
+		goto err;
+
+	return (0);
+
+ err:
+	return (-1);
+}
+
+static int
+tls_conninfo_alpn_proto(struct tls *ctx)
+{
+	const unsigned char *p;
+	unsigned int len;
+
+	free(ctx->conninfo->alpn);
+	ctx->conninfo->alpn = NULL;
+
+	SSL_get0_alpn_selected(ctx->ssl_conn, &p, &len);
+	if (len > 0) {
+		if ((ctx->conninfo->alpn = malloc(len + 1)) == NULL)
+			return (-1);
+		memcpy(ctx->conninfo->alpn, p, len);
+		ctx->conninfo->alpn[len] = '\0';
+	}
+
+	return (0);
+}
+
+static int
+tls_conninfo_cert_pem(struct tls *ctx)
+{
+	int i, rv = -1;
+	BIO *membio = NULL;
+	BUF_MEM *bptr = NULL;
+
+	if (ctx->ssl_peer_cert == NULL)
+		return 0;
+	if ((membio = BIO_new(BIO_s_mem()))== NULL)
+		goto err;
+
+	/*
+	 * We have to write the peer cert out separately, because
+	 * the certificate chain may or may not contain it.
+	 */
+	if (!PEM_write_bio_X509(membio, ctx->ssl_peer_cert))
+		goto err;
+	for (i = 0; i < sk_X509_num(ctx->ssl_peer_chain); i++) {
+		X509 *chaincert = sk_X509_value(ctx->ssl_peer_chain, i);
+		if (chaincert != ctx->ssl_peer_cert &&
+		    !PEM_write_bio_X509(membio, chaincert))
+			goto err;
+	}
+
+	BIO_get_mem_ptr(membio, &bptr);
+	free(ctx->conninfo->peer_cert);
+	ctx->conninfo->peer_cert_len = 0;
+	if ((ctx->conninfo->peer_cert = malloc(bptr->length)) == NULL)
+		goto err;
+	ctx->conninfo->peer_cert_len = bptr->length;
+	memcpy(ctx->conninfo->peer_cert, bptr->data,
+	    ctx->conninfo->peer_cert_len);
+
+	/* BIO_free() will kill BUF_MEM - because we have not set BIO_NOCLOSE */
+	rv = 0;
+ err:
+	BIO_free(membio);
+	return rv;
+}
+
+static int
+tls_conninfo_session(struct tls *ctx)
+{
+	ctx->conninfo->session_resumed = SSL_session_reused(ctx->ssl_conn);
+
+	return 0;
+}
+
+int
+tls_conninfo_populate(struct tls *ctx)
+{
+	const char *tmp;
+
+	tls_conninfo_free(ctx->conninfo);
+
+	if ((ctx->conninfo = calloc(1, sizeof(struct tls_conninfo))) == NULL) {
+		tls_set_errorx(ctx, "out of memory");
+		goto err;
+	}
+
+	if (tls_conninfo_alpn_proto(ctx) == -1)
+		goto err;
+
+	if ((tmp = SSL_get_cipher(ctx->ssl_conn)) == NULL)
+		goto err;
+	if ((ctx->conninfo->cipher = strdup(tmp)) == NULL)
+		goto err;
+	ctx->conninfo->cipher_strength = SSL_get_cipher_bits(ctx->ssl_conn, NULL);
+
+	if (ctx->servername != NULL) {
+		if ((ctx->conninfo->servername =
+		    strdup(ctx->servername)) == NULL)
+			goto err;
+	}
+
+	if ((tmp = SSL_get_version(ctx->ssl_conn)) == NULL)
+		goto err;
+	if ((ctx->conninfo->version = strdup(tmp)) == NULL)
+		goto err;
+
+	if (tls_get_peer_cert_info(ctx) == -1)
+		goto err;
+
+	if (tls_conninfo_cert_pem(ctx) == -1)
+		goto err;
+
+	if (tls_conninfo_session(ctx) == -1)
+		goto err;
+
+	return (0);
+
+ err:
+	tls_conninfo_free(ctx->conninfo);
+	ctx->conninfo = NULL;
+
+	return (-1);
+}
+
+void
+tls_conninfo_free(struct tls_conninfo *conninfo)
+{
+	if (conninfo == NULL)
+		return;
+
+	free(conninfo->alpn);
+	free(conninfo->cipher);
+	free(conninfo->servername);
+	free(conninfo->version);
+
+	free(conninfo->hash);
+	free(conninfo->issuer);
+	free(conninfo->subject);
+
+	free(conninfo->peer_cert);
+
+	free(conninfo);
+}
+
+const char *
+tls_conn_alpn_selected(struct tls *ctx)
+{
+	if (ctx->conninfo == NULL)
+		return (NULL);
+	return (ctx->conninfo->alpn);
+}
+
+const char *
+tls_conn_cipher(struct tls *ctx)
+{
+	if (ctx->conninfo == NULL)
+		return (NULL);
+	return (ctx->conninfo->cipher);
+}
+
+int
+tls_conn_cipher_strength(struct tls *ctx)
+{
+	if (ctx->conninfo == NULL)
+		return (0);
+	return (ctx->conninfo->cipher_strength);
+}
+
+const char *
+tls_conn_servername(struct tls *ctx)
+{
+	if (ctx->conninfo == NULL)
+		return (NULL);
+	return (ctx->conninfo->servername);
+}
+
+int
+tls_conn_session_resumed(struct tls *ctx)
+{
+	if (ctx->conninfo == NULL)
+		return (0);
+	return (ctx->conninfo->session_resumed);
+}
+
+const char *
+tls_conn_version(struct tls *ctx)
+{
+	if (ctx->conninfo == NULL)
+		return (NULL);
+	return (ctx->conninfo->version);
+}
diff --git a/tls_internal.h b/tls_internal.h
new file mode 100644
index 0000000..1dd5f45
--- /dev/null
+++ b/tls_internal.h
@@ -0,0 +1,298 @@
+/* $OpenBSD: tls_internal.h,v 1.77 2019/11/16 21:39:52 beck Exp $ */
+/*
+ * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
+ * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef HEADER_TLS_INTERNAL_H
+#define HEADER_TLS_INTERNAL_H
+
+#include <pthread.h>
+
+#include <arpa/inet.h>
+#include <netinet/in.h>
+
+#include <openssl/ssl.h>
+
+__BEGIN_HIDDEN_DECLS
+
+#ifndef TLS_DEFAULT_CA_FILE
+#define TLS_DEFAULT_CA_FILE 	"/etc/ssl/cert.pem"
+#endif
+
+#define TLS_CIPHERS_DEFAULT	"TLSv1.3:TLSv1.2+AEAD+ECDHE:TLSv1.2+AEAD+DHE"
+#define TLS_CIPHERS_COMPAT	"HIGH:!aNULL"
+#define TLS_CIPHERS_LEGACY	"HIGH:MEDIUM:!aNULL"
+#define TLS_CIPHERS_ALL		"ALL:!aNULL:!eNULL"
+
+#define TLS_ECDHE_CURVES	"X25519,P-256,P-384"
+
+union tls_addr {
+	struct in_addr ip4;
+	struct in6_addr ip6;
+};
+
+struct tls_error {
+	char *msg;
+	int num;
+	int tls;
+};
+
+struct tls_keypair {
+	struct tls_keypair *next;
+
+	char *cert_mem;
+	size_t cert_len;
+	char *key_mem;
+	size_t key_len;
+	char *ocsp_staple;
+	size_t ocsp_staple_len;
+	char *pubkey_hash;
+};
+
+#define TLS_MIN_SESSION_TIMEOUT (4)
+#define TLS_MAX_SESSION_TIMEOUT (24 * 60 * 60)
+
+#define TLS_NUM_TICKETS				4
+#define TLS_TICKET_NAME_SIZE			16
+#define TLS_TICKET_AES_SIZE			32
+#define TLS_TICKET_HMAC_SIZE			16
+
+struct tls_ticket_key {
+	/* The key_name must be 16 bytes according to -lssl */
+	unsigned char	key_name[TLS_TICKET_NAME_SIZE];
+	unsigned char	aes_key[TLS_TICKET_AES_SIZE];
+	unsigned char	hmac_key[TLS_TICKET_HMAC_SIZE];
+	time_t		time;
+};
+
+struct tls_config {
+	struct tls_error error;
+
+	pthread_mutex_t mutex;
+	int refcount;
+
+	char *alpn;
+	size_t alpn_len;
+	const char *ca_path;
+	char *ca_mem;
+	size_t ca_len;
+	const char *ciphers;
+	int ciphers_server;
+	char *crl_mem;
+	size_t crl_len;
+	int dheparams;
+	int *ecdhecurves;
+	size_t ecdhecurves_len;
+	struct tls_keypair *keypair;
+	int ocsp_require_stapling;
+	uint32_t protocols;
+	unsigned char session_id[TLS_MAX_SESSION_ID_LENGTH];
+	int session_fd;
+	int session_lifetime;
+	struct tls_ticket_key ticket_keys[TLS_NUM_TICKETS];
+	uint32_t ticket_keyrev;
+	int ticket_autorekey;
+	int verify_cert;
+	int verify_client;
+	int verify_depth;
+	int verify_name;
+	int verify_time;
+	int skip_private_key_check;
+};
+
+struct tls_conninfo {
+	char *alpn;
+	char *cipher;
+	int cipher_strength;
+	char *servername;
+	int session_resumed;
+	char *version;
+
+	char *hash;
+	char *issuer;
+	char *subject;
+
+	uint8_t *peer_cert;
+	size_t peer_cert_len;
+
+	time_t notbefore;
+	time_t notafter;
+};
+
+#define TLS_CLIENT		(1 << 0)
+#define TLS_SERVER		(1 << 1)
+#define TLS_SERVER_CONN		(1 << 2)
+
+#define TLS_EOF_NO_CLOSE_NOTIFY	(1 << 0)
+#define TLS_CONNECTED		(1 << 1)
+#define TLS_HANDSHAKE_COMPLETE	(1 << 2)
+#define TLS_SSL_NEEDS_SHUTDOWN	(1 << 3)
+
+struct tls_ocsp_result {
+	const char *result_msg;
+	int response_status;
+	int cert_status;
+	int crl_reason;
+	time_t this_update;
+	time_t next_update;
+	time_t revocation_time;
+};
+
+struct tls_ocsp {
+	/* responder location */
+	char *ocsp_url;
+
+	/* cert data, this struct does not own these */
+	X509 *main_cert;
+	STACK_OF(X509) *extra_certs;
+
+	struct tls_ocsp_result *ocsp_result;
+};
+
+struct tls_sni_ctx {
+	struct tls_sni_ctx *next;
+
+	struct tls_keypair *keypair;
+
+	SSL_CTX *ssl_ctx;
+	X509 *ssl_cert;
+};
+
+struct tls {
+	struct tls_config *config;
+	struct tls_keypair *keypair;
+
+	struct tls_error error;
+
+	uint32_t flags;
+	uint32_t state;
+
+	char *servername;
+	int socket;
+
+	SSL *ssl_conn;
+	SSL_CTX *ssl_ctx;
+
+	struct tls_sni_ctx *sni_ctx;
+
+	X509 *ssl_peer_cert;
+	STACK_OF(X509) *ssl_peer_chain;
+
+	struct tls_conninfo *conninfo;
+
+	struct tls_ocsp *ocsp;
+
+	tls_read_cb read_cb;
+	tls_write_cb write_cb;
+	void *cb_arg;
+};
+
+int tls_set_mem(char **_dest, size_t *_destlen, const void *_src,
+    size_t _srclen);
+int tls_set_string(const char **_dest, const char *_src);
+
+struct tls_keypair *tls_keypair_new(void);
+void tls_keypair_clear_key(struct tls_keypair *_keypair);
+void tls_keypair_free(struct tls_keypair *_keypair);
+int tls_keypair_set_cert_file(struct tls_keypair *_keypair,
+    struct tls_error *_error, const char *_cert_file);
+int tls_keypair_set_cert_mem(struct tls_keypair *_keypair,
+    struct tls_error *_error, const uint8_t *_cert, size_t _len);
+int tls_keypair_set_key_file(struct tls_keypair *_keypair,
+    struct tls_error *_error, const char *_key_file);
+int tls_keypair_set_key_mem(struct tls_keypair *_keypair,
+    struct tls_error *_error, const uint8_t *_key, size_t _len);
+int tls_keypair_set_ocsp_staple_file(struct tls_keypair *_keypair,
+    struct tls_error *_error, const char *_ocsp_file);
+int tls_keypair_set_ocsp_staple_mem(struct tls_keypair *_keypair,
+    struct tls_error *_error, const uint8_t *_staple, size_t _len);
+int tls_keypair_load_cert(struct tls_keypair *_keypair,
+    struct tls_error *_error, X509 **_cert);
+
+struct tls_sni_ctx *tls_sni_ctx_new(void);
+void tls_sni_ctx_free(struct tls_sni_ctx *sni_ctx);
+
+struct tls_config *tls_config_new_internal(void);
+
+struct tls *tls_new(void);
+struct tls *tls_server_conn(struct tls *ctx);
+
+int tls_check_name(struct tls *ctx, X509 *cert, const char *servername,
+    int *match);
+int tls_configure_server(struct tls *ctx);
+
+int tls_configure_ssl(struct tls *ctx, SSL_CTX *ssl_ctx);
+int tls_configure_ssl_keypair(struct tls *ctx, SSL_CTX *ssl_ctx,
+    struct tls_keypair *keypair, int required);
+int tls_configure_ssl_verify(struct tls *ctx, SSL_CTX *ssl_ctx, int verify);
+
+int tls_handshake_client(struct tls *ctx);
+int tls_handshake_server(struct tls *ctx);
+
+int tls_config_load_file(struct tls_error *error, const char *filetype,
+    const char *filename, char **buf, size_t *len);
+int tls_config_ticket_autorekey(struct tls_config *config);
+int tls_host_port(const char *hostport, char **host, char **port);
+
+int tls_set_cbs(struct tls *ctx,
+    tls_read_cb read_cb, tls_write_cb write_cb, void *cb_arg);
+
+void tls_error_clear(struct tls_error *error);
+int tls_error_set(struct tls_error *error, const char *fmt, ...)
+    __attribute__((__format__ (printf, 2, 3)))
+    __attribute__((__nonnull__ (2)));
+int tls_error_setx(struct tls_error *error, const char *fmt, ...)
+    __attribute__((__format__ (printf, 2, 3)))
+    __attribute__((__nonnull__ (2)));
+int tls_config_set_error(struct tls_config *cfg, const char *fmt, ...)
+    __attribute__((__format__ (printf, 2, 3)))
+    __attribute__((__nonnull__ (2)));
+int tls_config_set_errorx(struct tls_config *cfg, const char *fmt, ...)
+    __attribute__((__format__ (printf, 2, 3)))
+    __attribute__((__nonnull__ (2)));
+int tls_set_error(struct tls *ctx, const char *fmt, ...)
+    __attribute__((__format__ (printf, 2, 3)))
+    __attribute__((__nonnull__ (2)));
+int tls_set_errorx(struct tls *ctx, const char *fmt, ...)
+    __attribute__((__format__ (printf, 2, 3)))
+    __attribute__((__nonnull__ (2)));
+int tls_set_ssl_errorx(struct tls *ctx, const char *fmt, ...)
+    __attribute__((__format__ (printf, 2, 3)))
+    __attribute__((__nonnull__ (2)));
+
+int tls_ssl_error(struct tls *ctx, SSL *ssl_conn, int ssl_ret,
+    const char *prefix);
+
+int tls_conninfo_populate(struct tls *ctx);
+void tls_conninfo_free(struct tls_conninfo *conninfo);
+
+int tls_ocsp_verify_cb(SSL *ssl, void *arg);
+int tls_ocsp_stapling_cb(SSL *ssl, void *arg);
+void tls_ocsp_free(struct tls_ocsp *ctx);
+struct tls_ocsp *tls_ocsp_setup_from_peer(struct tls *ctx);
+int tls_hex_string(const unsigned char *_in, size_t _inlen, char **_out,
+    size_t *_outlen);
+int tls_cert_hash(X509 *_cert, char **_hash);
+int tls_cert_pubkey_hash(X509 *_cert, char **_hash);
+
+int tls_password_cb(char *_buf, int _size, int _rwflag, void *_u);
+
+__END_HIDDEN_DECLS
+
+/* XXX this function is not fully hidden so relayd can use it */
+void tls_config_skip_private_key_check(struct tls_config *config);
+
+#endif /* HEADER_TLS_INTERNAL_H */
diff --git a/tls_keypair.c b/tls_keypair.c
new file mode 100644
index 0000000..a98e5c2
--- /dev/null
+++ b/tls_keypair.c
@@ -0,0 +1,169 @@
+/* $OpenBSD: tls_keypair.c,v 1.6 2018/04/07 16:35:34 jsing Exp $ */
+/*
+ * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+
+#include <tls.h>
+
+#include "tls_internal.h"
+
+struct tls_keypair *
+tls_keypair_new(void)
+{
+	return calloc(1, sizeof(struct tls_keypair));
+}
+
+static int
+tls_keypair_pubkey_hash(struct tls_keypair *keypair, struct tls_error *error)
+{
+	X509 *cert = NULL;
+	int rv = -1;
+
+	free(keypair->pubkey_hash);
+	keypair->pubkey_hash = NULL;
+
+	if (keypair->cert_mem == NULL) {
+		rv = 0;
+		goto done;
+	}
+
+	if (tls_keypair_load_cert(keypair, error, &cert) == -1)
+		goto err;
+	if (tls_cert_pubkey_hash(cert, &keypair->pubkey_hash) == -1)
+		goto err;
+
+	rv = 0;
+
+ err:
+	X509_free(cert);
+ done:
+	return (rv);
+}
+
+void
+tls_keypair_clear_key(struct tls_keypair *keypair)
+{
+	freezero(keypair->key_mem, keypair->key_len);
+	keypair->key_mem = NULL;
+	keypair->key_len = 0;
+}
+
+int
+tls_keypair_set_cert_file(struct tls_keypair *keypair, struct tls_error *error,
+    const char *cert_file)
+{
+	if (tls_config_load_file(error, "certificate", cert_file,
+	    &keypair->cert_mem, &keypair->cert_len) == -1)
+		return -1;
+	return tls_keypair_pubkey_hash(keypair, error);
+}
+
+int
+tls_keypair_set_cert_mem(struct tls_keypair *keypair, struct tls_error *error,
+    const uint8_t *cert, size_t len)
+{
+	if (tls_set_mem(&keypair->cert_mem, &keypair->cert_len, cert, len) == -1)
+		return -1;
+	return tls_keypair_pubkey_hash(keypair, error);
+}
+
+int
+tls_keypair_set_key_file(struct tls_keypair *keypair, struct tls_error *error,
+    const char *key_file)
+{
+	tls_keypair_clear_key(keypair);
+	return tls_config_load_file(error, "key", key_file,
+	    &keypair->key_mem, &keypair->key_len);
+}
+
+int
+tls_keypair_set_key_mem(struct tls_keypair *keypair, struct tls_error *error,
+    const uint8_t *key, size_t len)
+{
+	tls_keypair_clear_key(keypair);
+	return tls_set_mem(&keypair->key_mem, &keypair->key_len, key, len);
+}
+
+int
+tls_keypair_set_ocsp_staple_file(struct tls_keypair *keypair,
+    struct tls_error *error, const char *ocsp_file)
+{
+	return tls_config_load_file(error, "ocsp", ocsp_file,
+	    &keypair->ocsp_staple, &keypair->ocsp_staple_len);
+}
+
+int
+tls_keypair_set_ocsp_staple_mem(struct tls_keypair *keypair,
+    struct tls_error *error, const uint8_t *staple, size_t len)
+{
+	return tls_set_mem(&keypair->ocsp_staple, &keypair->ocsp_staple_len,
+	    staple, len);
+}
+
+void
+tls_keypair_free(struct tls_keypair *keypair)
+{
+	if (keypair == NULL)
+		return;
+
+	tls_keypair_clear_key(keypair);
+
+	free(keypair->cert_mem);
+	free(keypair->ocsp_staple);
+	free(keypair->pubkey_hash);
+
+	free(keypair);
+}
+
+int
+tls_keypair_load_cert(struct tls_keypair *keypair, struct tls_error *error,
+    X509 **cert)
+{
+	char *errstr = "unknown";
+	BIO *cert_bio = NULL;
+	int ssl_err;
+	int rv = -1;
+
+	X509_free(*cert);
+	*cert = NULL;
+
+	if (keypair->cert_mem == NULL) {
+		tls_error_set(error, "keypair has no certificate");
+		goto err;
+	}
+	if ((cert_bio = BIO_new_mem_buf(keypair->cert_mem,
+	    keypair->cert_len)) == NULL) {
+		tls_error_set(error, "failed to create certificate bio");
+		goto err;
+	}
+	if ((*cert = PEM_read_bio_X509(cert_bio, NULL, tls_password_cb,
+	    NULL)) == NULL) {
+		if ((ssl_err = ERR_peek_error()) != 0)
+		    errstr = ERR_error_string(ssl_err, NULL);
+		tls_error_set(error, "failed to load certificate: %s", errstr);
+		goto err;
+	}
+
+	rv = 0;
+
+ err:
+	BIO_free(cert_bio);
+
+	return (rv);
+}
diff --git a/tls_ocsp.c b/tls_ocsp.c
new file mode 100644
index 0000000..32c372e
--- /dev/null
+++ b/tls_ocsp.c
@@ -0,0 +1,453 @@
+/*	$OpenBSD: tls_ocsp.c,v 1.19 2019/12/03 14:56:42 tb Exp $ */
+/*
+ * Copyright (c) 2015 Marko Kreen <markokr@gmail.com>
+ * Copyright (c) 2016 Bob Beck <beck@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <sys/types.h>
+
+#include <arpa/inet.h>
+#include <netinet/in.h>
+
+#include <openssl/err.h>
+#include <openssl/ocsp.h>
+#include <openssl/x509.h>
+
+#include <tls.h>
+#include "tls_internal.h"
+
+#define MAXAGE_SEC (14*24*60*60)
+#define JITTER_SEC (60)
+
+/*
+ * State for request.
+ */
+
+static struct tls_ocsp *
+tls_ocsp_new(void)
+{
+	return (calloc(1, sizeof(struct tls_ocsp)));
+}
+
+void
+tls_ocsp_free(struct tls_ocsp *ocsp)
+{
+	if (ocsp == NULL)
+		return;
+
+	X509_free(ocsp->main_cert);
+	free(ocsp->ocsp_result);
+	free(ocsp->ocsp_url);
+
+	free(ocsp);
+}
+
+static int
+tls_ocsp_asn1_parse_time(struct tls *ctx, ASN1_GENERALIZEDTIME *gt, time_t *gt_time)
+{
+	struct tm tm;
+
+	if (gt == NULL)
+		return -1;
+	/* RFC 6960 specifies that all times in OCSP must be GENERALIZEDTIME */
+	if (ASN1_time_parse(gt->data, gt->length, &tm,
+		V_ASN1_GENERALIZEDTIME) == -1)
+		return -1;
+	if ((*gt_time = timegm(&tm)) == -1)
+		return -1;
+	return 0;
+}
+
+static int
+tls_ocsp_fill_info(struct tls *ctx, int response_status, int cert_status,
+    int crl_reason, ASN1_GENERALIZEDTIME *revtime,
+    ASN1_GENERALIZEDTIME *thisupd, ASN1_GENERALIZEDTIME *nextupd)
+{
+	struct tls_ocsp_result *info = NULL;
+
+	free(ctx->ocsp->ocsp_result);
+	ctx->ocsp->ocsp_result = NULL;
+
+	if ((info = calloc(1, sizeof (struct tls_ocsp_result))) == NULL) {
+		tls_set_error(ctx, "calloc");
+		return -1;
+	}
+	info->response_status = response_status;
+	info->cert_status = cert_status;
+	info->crl_reason = crl_reason;
+	if (info->response_status != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
+		info->result_msg =
+		    OCSP_response_status_str(info->response_status);
+	} else if (info->cert_status != V_OCSP_CERTSTATUS_REVOKED) {
+		info->result_msg = OCSP_cert_status_str(info->cert_status);
+	} else {
+		info->result_msg = OCSP_crl_reason_str(info->crl_reason);
+	}
+	info->revocation_time = info->this_update = info->next_update = -1;
+	if (revtime != NULL &&
+	    tls_ocsp_asn1_parse_time(ctx, revtime, &info->revocation_time) != 0) {
+		tls_set_error(ctx,
+		    "unable to parse revocation time in OCSP reply");
+		goto err;
+	}
+	if (thisupd != NULL &&
+	    tls_ocsp_asn1_parse_time(ctx, thisupd, &info->this_update) != 0) {
+		tls_set_error(ctx,
+		    "unable to parse this update time in OCSP reply");
+		goto err;
+	}
+	if (nextupd != NULL &&
+	    tls_ocsp_asn1_parse_time(ctx, nextupd, &info->next_update) != 0) {
+		tls_set_error(ctx,
+		    "unable to parse next update time in OCSP reply");
+		goto err;
+	}
+	ctx->ocsp->ocsp_result = info;
+	return 0;
+
+ err:
+	free(info);
+	return -1;
+}
+
+static OCSP_CERTID *
+tls_ocsp_get_certid(X509 *main_cert, STACK_OF(X509) *extra_certs,
+    SSL_CTX *ssl_ctx)
+{
+	X509_NAME *issuer_name;
+	X509 *issuer;
+	X509_STORE_CTX storectx;
+	X509_OBJECT tmpobj;
+	OCSP_CERTID *cid = NULL;
+	X509_STORE *store;
+
+	if ((issuer_name = X509_get_issuer_name(main_cert)) == NULL)
+		return NULL;
+
+	if (extra_certs != NULL) {
+		issuer = X509_find_by_subject(extra_certs, issuer_name);
+		if (issuer != NULL)
+			return OCSP_cert_to_id(NULL, main_cert, issuer);
+	}
+
+	if ((store = SSL_CTX_get_cert_store(ssl_ctx)) == NULL)
+		return NULL;
+	if (X509_STORE_CTX_init(&storectx, store, main_cert, extra_certs) != 1)
+		return NULL;
+	if (X509_STORE_get_by_subject(&storectx, X509_LU_X509, issuer_name,
+		&tmpobj) == 1) {
+		cid = OCSP_cert_to_id(NULL, main_cert, tmpobj.data.x509);
+		X509_OBJECT_free_contents(&tmpobj);
+	}
+	X509_STORE_CTX_cleanup(&storectx);
+	return cid;
+}
+
+struct tls_ocsp *
+tls_ocsp_setup_from_peer(struct tls *ctx)
+{
+	struct tls_ocsp *ocsp = NULL;
+	STACK_OF(OPENSSL_STRING) *ocsp_urls = NULL;
+
+	if ((ocsp = tls_ocsp_new()) == NULL)
+		goto err;
+
+	/* steal state from ctx struct */
+	ocsp->main_cert = SSL_get_peer_certificate(ctx->ssl_conn);
+	ocsp->extra_certs = SSL_get_peer_cert_chain(ctx->ssl_conn);
+	if (ocsp->main_cert == NULL) {
+		tls_set_errorx(ctx, "no peer certificate for OCSP");
+		goto err;
+	}
+
+	ocsp_urls = X509_get1_ocsp(ocsp->main_cert);
+	if (ocsp_urls == NULL) {
+		tls_set_errorx(ctx, "no OCSP URLs in peer certificate");
+		goto err;
+	}
+
+	ocsp->ocsp_url = strdup(sk_OPENSSL_STRING_value(ocsp_urls, 0));
+	if (ocsp->ocsp_url == NULL) {
+		tls_set_errorx(ctx, "out of memory");
+		goto err;
+	}
+
+	X509_email_free(ocsp_urls);
+	return ocsp;
+
+ err:
+	tls_ocsp_free(ocsp);
+	X509_email_free(ocsp_urls);
+	return NULL;
+}
+
+static int
+tls_ocsp_verify_response(struct tls *ctx, OCSP_RESPONSE *resp)
+{
+	OCSP_BASICRESP *br = NULL;
+	ASN1_GENERALIZEDTIME *revtime = NULL, *thisupd = NULL, *nextupd = NULL;
+	OCSP_CERTID *cid = NULL;
+	STACK_OF(X509) *combined = NULL;
+	int response_status=0, cert_status=0, crl_reason=0;
+	int ret = -1;
+	unsigned long flags;
+
+	if ((br = OCSP_response_get1_basic(resp)) == NULL) {
+		tls_set_errorx(ctx, "cannot load ocsp reply");
+		goto err;
+	}
+
+	/*
+	 * Skip validation of 'extra_certs' as this should be done
+	 * already as part of main handshake.
+	 */
+	flags = OCSP_TRUSTOTHER;
+
+	/* now verify */
+	if (OCSP_basic_verify(br, ctx->ocsp->extra_certs,
+		SSL_CTX_get_cert_store(ctx->ssl_ctx), flags) != 1) {
+		tls_set_error(ctx, "ocsp verify failed");
+		goto err;
+	}
+
+	/* signature OK, look inside */
+	response_status = OCSP_response_status(resp);
+	if (response_status != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
+		tls_set_errorx(ctx, "ocsp verify failed: response - %s",
+		    OCSP_response_status_str(response_status));
+		goto err;
+	}
+
+	cid = tls_ocsp_get_certid(ctx->ocsp->main_cert,
+	    ctx->ocsp->extra_certs, ctx->ssl_ctx);
+	if (cid == NULL) {
+		tls_set_errorx(ctx, "ocsp verify failed: no issuer cert");
+		goto err;
+	}
+
+	if (OCSP_resp_find_status(br, cid, &cert_status, &crl_reason,
+	    &revtime, &thisupd, &nextupd) != 1) {
+		tls_set_errorx(ctx, "ocsp verify failed: no result for cert");
+		goto err;
+	}
+
+	if (OCSP_check_validity(thisupd, nextupd, JITTER_SEC,
+	    MAXAGE_SEC) != 1) {
+		tls_set_errorx(ctx,
+		    "ocsp verify failed: ocsp response not current");
+		goto err;
+	}
+
+	if (tls_ocsp_fill_info(ctx, response_status, cert_status,
+	    crl_reason, revtime, thisupd, nextupd) != 0)
+		goto err;
+
+	/* finally can look at status */
+	if (cert_status != V_OCSP_CERTSTATUS_GOOD && cert_status !=
+	    V_OCSP_CERTSTATUS_UNKNOWN) {
+		tls_set_errorx(ctx, "ocsp verify failed: revoked cert - %s",
+			       OCSP_crl_reason_str(crl_reason));
+		goto err;
+	}
+	ret = 0;
+
+ err:
+	sk_X509_free(combined);
+	OCSP_CERTID_free(cid);
+	OCSP_BASICRESP_free(br);
+	return ret;
+}
+
+/*
+ * Process a raw OCSP response from an OCSP server request.
+ * OCSP details can then be retrieved with tls_peer_ocsp_* functions.
+ * returns 0 if certificate ok, -1 otherwise.
+ */
+static int
+tls_ocsp_process_response_internal(struct tls *ctx, const unsigned char *response,
+    size_t size)
+{
+	int ret;
+	OCSP_RESPONSE *resp;
+
+	resp = d2i_OCSP_RESPONSE(NULL, &response, size);
+	if (resp == NULL) {
+		tls_ocsp_free(ctx->ocsp);
+		ctx->ocsp = NULL;
+		tls_set_error(ctx, "unable to parse OCSP response");
+		return -1;
+	}
+	ret = tls_ocsp_verify_response(ctx, resp);
+	OCSP_RESPONSE_free(resp);
+	return ret;
+}
+
+/* TLS handshake verification callback for stapled requests */
+int
+tls_ocsp_verify_cb(SSL *ssl, void *arg)
+{
+	const unsigned char *raw = NULL;
+	int size, res = -1;
+	struct tls *ctx;
+
+	if ((ctx = SSL_get_app_data(ssl)) == NULL)
+		return -1;
+
+	size = SSL_get_tlsext_status_ocsp_resp(ssl, &raw);
+	if (size <= 0) {
+		if (ctx->config->ocsp_require_stapling) {
+			tls_set_errorx(ctx, "no stapled OCSP response provided");
+			return 0;
+		}
+		return 1;
+	}
+
+	tls_ocsp_free(ctx->ocsp);
+	if ((ctx->ocsp = tls_ocsp_setup_from_peer(ctx)) == NULL)
+		return 0;
+
+	if (ctx->config->verify_cert == 0 || ctx->config->verify_time == 0)
+		return 1;
+
+	res = tls_ocsp_process_response_internal(ctx, raw, size);
+
+	return (res == 0) ? 1 : 0;
+}
+
+
+/* Staple the OCSP information in ctx->ocsp to the server handshake. */
+int
+tls_ocsp_stapling_cb(SSL *ssl, void *arg)
+{
+	int ret = SSL_TLSEXT_ERR_ALERT_FATAL;
+	unsigned char *ocsp_staple = NULL;
+	struct tls *ctx;
+
+	if ((ctx = SSL_get_app_data(ssl)) == NULL)
+		goto err;
+
+	if (ctx->keypair == NULL || ctx->keypair->ocsp_staple == NULL ||
+	    ctx->keypair->ocsp_staple_len == 0)
+		return SSL_TLSEXT_ERR_NOACK;
+
+	if ((ocsp_staple = malloc(ctx->keypair->ocsp_staple_len)) == NULL)
+		goto err;
+
+	memcpy(ocsp_staple, ctx->keypair->ocsp_staple,
+	    ctx->keypair->ocsp_staple_len);
+
+	if (SSL_set_tlsext_status_ocsp_resp(ctx->ssl_conn, ocsp_staple,
+	    ctx->keypair->ocsp_staple_len) != 1)
+		goto err;
+
+	ret = SSL_TLSEXT_ERR_OK;
+ err:
+	if (ret != SSL_TLSEXT_ERR_OK)
+		free(ocsp_staple);
+
+	return ret;
+}
+
+/*
+ * Public API
+ */
+
+/* Retrieve OCSP URL from peer certificate, if present. */
+const char *
+tls_peer_ocsp_url(struct tls *ctx)
+{
+	if (ctx->ocsp == NULL)
+		return NULL;
+	return ctx->ocsp->ocsp_url;
+}
+
+const char *
+tls_peer_ocsp_result(struct tls *ctx)
+{
+	if (ctx->ocsp == NULL)
+		return NULL;
+	if (ctx->ocsp->ocsp_result == NULL)
+		return NULL;
+	return ctx->ocsp->ocsp_result->result_msg;
+}
+
+int
+tls_peer_ocsp_response_status(struct tls *ctx)
+{
+	if (ctx->ocsp == NULL)
+		return -1;
+	if (ctx->ocsp->ocsp_result == NULL)
+		return -1;
+	return ctx->ocsp->ocsp_result->response_status;
+}
+
+int
+tls_peer_ocsp_cert_status(struct tls *ctx)
+{
+	if (ctx->ocsp == NULL)
+		return -1;
+	if (ctx->ocsp->ocsp_result == NULL)
+		return -1;
+	return ctx->ocsp->ocsp_result->cert_status;
+}
+
+int
+tls_peer_ocsp_crl_reason(struct tls *ctx)
+{
+	if (ctx->ocsp == NULL)
+		return -1;
+	if (ctx->ocsp->ocsp_result == NULL)
+		return -1;
+	return ctx->ocsp->ocsp_result->crl_reason;
+}
+
+time_t
+tls_peer_ocsp_this_update(struct tls *ctx)
+{
+	if (ctx->ocsp == NULL)
+		return -1;
+	if (ctx->ocsp->ocsp_result == NULL)
+		return -1;
+	return ctx->ocsp->ocsp_result->this_update;
+}
+
+time_t
+tls_peer_ocsp_next_update(struct tls *ctx)
+{
+	if (ctx->ocsp == NULL)
+		return -1;
+	if (ctx->ocsp->ocsp_result == NULL)
+		return -1;
+	return ctx->ocsp->ocsp_result->next_update;
+}
+
+time_t
+tls_peer_ocsp_revocation_time(struct tls *ctx)
+{
+	if (ctx->ocsp == NULL)
+		return -1;
+	if (ctx->ocsp->ocsp_result == NULL)
+		return -1;
+	return ctx->ocsp->ocsp_result->revocation_time;
+}
+
+int
+tls_ocsp_process_response(struct tls *ctx, const unsigned char *response,
+    size_t size)
+{
+	if ((ctx->state & TLS_HANDSHAKE_COMPLETE) == 0)
+		return -1;
+	return tls_ocsp_process_response_internal(ctx, response, size);
+}
diff --git a/tls_peer.c b/tls_peer.c
new file mode 100644
index 0000000..ec97a30
--- /dev/null
+++ b/tls_peer.c
@@ -0,0 +1,99 @@
+/* $OpenBSD: tls_peer.c,v 1.8 2017/04/10 17:11:13 jsing Exp $ */
+/*
+ * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
+ * Copyright (c) 2015 Bob Beck <beck@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <stdio.h>
+
+#include <openssl/x509.h>
+
+#include <tls.h>
+#include "tls_internal.h"
+
+const char *
+tls_peer_cert_hash(struct tls *ctx)
+{
+	if (ctx->conninfo == NULL)
+		return (NULL);
+	return (ctx->conninfo->hash);
+}
+const char *
+tls_peer_cert_issuer(struct tls *ctx)
+{
+	if (ctx->conninfo == NULL)
+		return (NULL);
+	return (ctx->conninfo->issuer);
+}
+
+const char *
+tls_peer_cert_subject(struct tls *ctx)
+{
+	if (ctx->conninfo == NULL)
+		return (NULL);
+	return (ctx->conninfo->subject);
+}
+
+int
+tls_peer_cert_provided(struct tls *ctx)
+{
+	return (ctx->ssl_peer_cert != NULL);
+}
+
+int
+tls_peer_cert_contains_name(struct tls *ctx, const char *name)
+{
+	int match;
+
+	if (ctx->ssl_peer_cert == NULL)
+		return (0);
+
+	if (tls_check_name(ctx, ctx->ssl_peer_cert, name, &match) == -1)
+		return (0);
+
+	return (match);
+}
+
+time_t
+tls_peer_cert_notbefore(struct tls *ctx)
+{
+	if (ctx->ssl_peer_cert == NULL)
+		return (-1);
+	if (ctx->conninfo == NULL)
+		return (-1);
+	return (ctx->conninfo->notbefore);
+}
+
+time_t
+tls_peer_cert_notafter(struct tls *ctx)
+{
+	if (ctx->ssl_peer_cert == NULL)
+		return (-1);
+	if (ctx->conninfo == NULL)
+		return (-1);
+	return (ctx->conninfo->notafter);
+}
+
+const uint8_t *
+tls_peer_cert_chain_pem(struct tls *ctx, size_t *size)
+{
+	if (ctx->ssl_peer_cert == NULL)
+		return (NULL);
+	if (ctx->conninfo == NULL)
+		return (NULL);
+	*size = ctx->conninfo->peer_cert_len;
+	return (ctx->conninfo->peer_cert);
+}
+
diff --git a/tls_server.c b/tls_server.c
new file mode 100644
index 0000000..a709a2b
--- /dev/null
+++ b/tls_server.c
@@ -0,0 +1,454 @@
+/* $OpenBSD: tls_server.c,v 1.45 2019/05/13 22:36:01 bcook Exp $ */
+/*
+ * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <sys/socket.h>
+
+#include <arpa/inet.h>
+
+#include <openssl/ec.h>
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+
+#include <tls.h>
+#include "tls_internal.h"
+
+struct tls *
+tls_server(void)
+{
+	struct tls *ctx;
+
+	if (tls_init() == -1)
+		return (NULL);
+
+	if ((ctx = tls_new()) == NULL)
+		return (NULL);
+
+	ctx->flags |= TLS_SERVER;
+
+	return (ctx);
+}
+
+struct tls *
+tls_server_conn(struct tls *ctx)
+{
+	struct tls *conn_ctx;
+
+	if ((conn_ctx = tls_new()) == NULL)
+		return (NULL);
+
+	conn_ctx->flags |= TLS_SERVER_CONN;
+
+	pthread_mutex_lock(&ctx->config->mutex);
+	ctx->config->refcount++;
+	pthread_mutex_unlock(&ctx->config->mutex);
+
+	conn_ctx->config = ctx->config;
+	conn_ctx->keypair = ctx->config->keypair;
+
+	return (conn_ctx);
+}
+
+static int
+tls_server_alpn_cb(SSL *ssl, const unsigned char **out, unsigned char *outlen,
+    const unsigned char *in, unsigned int inlen, void *arg)
+{
+	struct tls *ctx = arg;
+
+	if (SSL_select_next_proto((unsigned char**)out, outlen,
+	    ctx->config->alpn, ctx->config->alpn_len, in, inlen) ==
+	    OPENSSL_NPN_NEGOTIATED)
+		return (SSL_TLSEXT_ERR_OK);
+
+	return (SSL_TLSEXT_ERR_NOACK);
+}
+
+static int
+tls_servername_cb(SSL *ssl, int *al, void *arg)
+{
+	struct tls *ctx = (struct tls *)arg;
+	struct tls_sni_ctx *sni_ctx;
+	union tls_addr addrbuf;
+	struct tls *conn_ctx;
+	const char *name;
+	int match;
+
+	if ((conn_ctx = SSL_get_app_data(ssl)) == NULL)
+		goto err;
+
+	if ((name = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name)) ==
+	    NULL) {
+		/*
+		 * The servername callback gets called even when there is no
+		 * TLS servername extension provided by the client. Sigh!
+		 */
+		return (SSL_TLSEXT_ERR_NOACK);
+	}
+
+	/*
+	 * Per RFC 6066 section 3: ensure that name is not an IP literal.
+	 *
+	 * While we should treat this as an error, a number of clients
+	 * (Python, Ruby and Safari) are not RFC compliant. To avoid handshake
+	 * failures, pretend that we did not receive the extension.
+	 */
+	if (inet_pton(AF_INET, name, &addrbuf) == 1 ||
+            inet_pton(AF_INET6, name, &addrbuf) == 1)
+		return (SSL_TLSEXT_ERR_NOACK);
+
+	free((char *)conn_ctx->servername);
+	if ((conn_ctx->servername = strdup(name)) == NULL)
+		goto err;
+
+	/* Find appropriate SSL context for requested servername. */
+	for (sni_ctx = ctx->sni_ctx; sni_ctx != NULL; sni_ctx = sni_ctx->next) {
+		if (tls_check_name(ctx, sni_ctx->ssl_cert, name,
+		    &match) == -1)
+			goto err;
+		if (match) {
+			conn_ctx->keypair = sni_ctx->keypair;
+			SSL_set_SSL_CTX(conn_ctx->ssl_conn, sni_ctx->ssl_ctx);
+			return (SSL_TLSEXT_ERR_OK);
+		}
+	}
+
+	/* No match, use the existing context/certificate. */
+	return (SSL_TLSEXT_ERR_OK);
+
+ err:
+	/*
+	 * There is no way to tell libssl that an internal failure occurred.
+	 * The only option we have is to return a fatal alert.
+	 */
+	*al = TLS1_AD_INTERNAL_ERROR;
+	return (SSL_TLSEXT_ERR_ALERT_FATAL);
+}
+
+static struct tls_ticket_key *
+tls_server_ticket_key(struct tls_config *config, unsigned char *keyname)
+{
+	struct tls_ticket_key *key = NULL;
+	time_t now;
+	int i;
+
+	now = time(NULL);
+	if (config->ticket_autorekey == 1) {
+		if (now - 3 * (config->session_lifetime / 4) >
+		    config->ticket_keys[0].time) {
+			if (tls_config_ticket_autorekey(config) == -1)
+				return (NULL);
+		}
+	}
+	for (i = 0; i < TLS_NUM_TICKETS; i++) {
+		struct tls_ticket_key *tk = &config->ticket_keys[i];
+		if (now - config->session_lifetime > tk->time)
+			continue;
+		if (keyname == NULL || timingsafe_memcmp(keyname,
+		    tk->key_name, sizeof(tk->key_name)) == 0) {
+			key = tk;
+			break;
+		}
+	}
+	return (key);
+}
+
+static int
+tls_server_ticket_cb(SSL *ssl, unsigned char *keyname, unsigned char *iv,
+    EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int mode)
+{
+	struct tls_ticket_key *key;
+	struct tls *tls_ctx;
+
+	if ((tls_ctx = SSL_get_app_data(ssl)) == NULL)
+		return (-1);
+
+	if (mode == 1) {
+		/* create new session */
+		key = tls_server_ticket_key(tls_ctx->config, NULL);
+		if (key == NULL) {
+			tls_set_errorx(tls_ctx, "no valid ticket key found");
+			return (-1);
+		}
+
+		memcpy(keyname, key->key_name, sizeof(key->key_name));
+		arc4random_buf(iv, EVP_MAX_IV_LENGTH);
+		EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL,
+		    key->aes_key, iv);
+		HMAC_Init_ex(hctx, key->hmac_key, sizeof(key->hmac_key),
+		    EVP_sha256(), NULL);
+		return (0);
+	} else {
+		/* get key by name */
+		key = tls_server_ticket_key(tls_ctx->config, keyname);
+		if (key == NULL)
+			return (0);
+
+		EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL,
+		    key->aes_key, iv);
+		HMAC_Init_ex(hctx, key->hmac_key, sizeof(key->hmac_key),
+		    EVP_sha256(), NULL);
+
+		/* time to renew the ticket? is it the primary key? */
+		if (key != &tls_ctx->config->ticket_keys[0])
+			return (2);
+		return (1);
+	}
+}
+
+static int
+tls_configure_server_ssl(struct tls *ctx, SSL_CTX **ssl_ctx,
+    struct tls_keypair *keypair)
+{
+	SSL_CTX_free(*ssl_ctx);
+
+	if ((*ssl_ctx = SSL_CTX_new(SSLv23_server_method())) == NULL) {
+		tls_set_errorx(ctx, "ssl context failure");
+		goto err;
+	}
+
+	SSL_CTX_set_options(*ssl_ctx, SSL_OP_NO_CLIENT_RENEGOTIATION);
+
+	if (SSL_CTX_set_tlsext_servername_callback(*ssl_ctx,
+	    tls_servername_cb) != 1) {
+		tls_set_error(ctx, "failed to set servername callback");
+		goto err;
+	}
+	if (SSL_CTX_set_tlsext_servername_arg(*ssl_ctx, ctx) != 1) {
+		tls_set_error(ctx, "failed to set servername callback arg");
+		goto err;
+	}
+
+	if (tls_configure_ssl(ctx, *ssl_ctx) != 0)
+		goto err;
+	if (tls_configure_ssl_keypair(ctx, *ssl_ctx, keypair, 1) != 0)
+		goto err;
+	if (ctx->config->verify_client != 0) {
+		int verify = SSL_VERIFY_PEER;
+		if (ctx->config->verify_client == 1)
+			verify |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
+		if (tls_configure_ssl_verify(ctx, *ssl_ctx, verify) == -1)
+			goto err;
+	}
+
+	if (ctx->config->alpn != NULL)
+		SSL_CTX_set_alpn_select_cb(*ssl_ctx, tls_server_alpn_cb,
+		    ctx);
+
+	if (ctx->config->dheparams == -1)
+		SSL_CTX_set_dh_auto(*ssl_ctx, 1);
+	else if (ctx->config->dheparams == 1024)
+		SSL_CTX_set_dh_auto(*ssl_ctx, 2);
+
+	if (ctx->config->ecdhecurves != NULL) {
+		SSL_CTX_set_ecdh_auto(*ssl_ctx, 1);
+		if (SSL_CTX_set1_groups(*ssl_ctx, ctx->config->ecdhecurves,
+		    ctx->config->ecdhecurves_len) != 1) {
+			tls_set_errorx(ctx, "failed to set ecdhe curves");
+			goto err;
+		}
+	}
+
+	if (ctx->config->ciphers_server == 1)
+		SSL_CTX_set_options(*ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
+
+	if (SSL_CTX_set_tlsext_status_cb(*ssl_ctx, tls_ocsp_stapling_cb) != 1) {
+		tls_set_errorx(ctx, "failed to add OCSP stapling callback");
+		goto err;
+	}
+
+	if (ctx->config->session_lifetime > 0) {
+		/* set the session lifetime and enable tickets */
+		SSL_CTX_set_timeout(*ssl_ctx, ctx->config->session_lifetime);
+		SSL_CTX_clear_options(*ssl_ctx, SSL_OP_NO_TICKET);
+		if (!SSL_CTX_set_tlsext_ticket_key_cb(*ssl_ctx,
+		    tls_server_ticket_cb)) {
+			tls_set_error(ctx,
+			    "failed to set the TLS ticket callback");
+			goto err;
+		}
+	}
+
+	if (SSL_CTX_set_session_id_context(*ssl_ctx, ctx->config->session_id,
+	    sizeof(ctx->config->session_id)) != 1) {
+		tls_set_error(ctx, "failed to set session id context");
+		goto err;
+	}
+
+	return (0);
+
+  err:
+	SSL_CTX_free(*ssl_ctx);
+	*ssl_ctx = NULL;
+
+	return (-1);
+}
+
+static int
+tls_configure_server_sni(struct tls *ctx)
+{
+	struct tls_sni_ctx **sni_ctx;
+	struct tls_keypair *kp;
+
+	if (ctx->config->keypair->next == NULL)
+		return (0);
+
+	/* Set up additional SSL contexts for SNI. */
+	sni_ctx = &ctx->sni_ctx;
+	for (kp = ctx->config->keypair->next; kp != NULL; kp = kp->next) {
+		if ((*sni_ctx = tls_sni_ctx_new()) == NULL) {
+			tls_set_errorx(ctx, "out of memory");
+			goto err;
+		}
+		(*sni_ctx)->keypair = kp;
+		if (tls_configure_server_ssl(ctx, &(*sni_ctx)->ssl_ctx, kp) == -1)
+			goto err;
+		if (tls_keypair_load_cert(kp, &ctx->error,
+		    &(*sni_ctx)->ssl_cert) == -1)
+			goto err;
+		sni_ctx = &(*sni_ctx)->next;
+	}
+
+	return (0);
+
+ err:
+	return (-1);
+}
+
+int
+tls_configure_server(struct tls *ctx)
+{
+	if (tls_configure_server_ssl(ctx, &ctx->ssl_ctx,
+	    ctx->config->keypair) == -1)
+		goto err;
+	if (tls_configure_server_sni(ctx) == -1)
+		goto err;
+
+	return (0);
+
+ err:
+	return (-1);
+}
+
+static struct tls *
+tls_accept_common(struct tls *ctx)
+{
+	struct tls *conn_ctx = NULL;
+
+	if ((ctx->flags & TLS_SERVER) == 0) {
+		tls_set_errorx(ctx, "not a server context");
+		goto err;
+	}
+
+	if ((conn_ctx = tls_server_conn(ctx)) == NULL) {
+		tls_set_errorx(ctx, "connection context failure");
+		goto err;
+	}
+
+	if ((conn_ctx->ssl_conn = SSL_new(ctx->ssl_ctx)) == NULL) {
+		tls_set_errorx(ctx, "ssl failure");
+		goto err;
+	}
+
+	if (SSL_set_app_data(conn_ctx->ssl_conn, conn_ctx) != 1) {
+		tls_set_errorx(ctx, "ssl application data failure");
+		goto err;
+	}
+
+	return conn_ctx;
+
+ err:
+	tls_free(conn_ctx);
+
+	return (NULL);
+}
+
+int
+tls_accept_socket(struct tls *ctx, struct tls **cctx, int s)
+{
+	return (tls_accept_fds(ctx, cctx, s, s));
+}
+
+int
+tls_accept_fds(struct tls *ctx, struct tls **cctx, int fd_read, int fd_write)
+{
+	struct tls *conn_ctx;
+
+	if ((conn_ctx = tls_accept_common(ctx)) == NULL)
+		goto err;
+
+	if (SSL_set_rfd(conn_ctx->ssl_conn, fd_read) != 1 ||
+	    SSL_set_wfd(conn_ctx->ssl_conn, fd_write) != 1) {
+		tls_set_errorx(ctx, "ssl file descriptor failure");
+		goto err;
+	}
+
+	*cctx = conn_ctx;
+
+	return (0);
+ err:
+	tls_free(conn_ctx);
+	*cctx = NULL;
+
+	return (-1);
+}
+
+int
+tls_accept_cbs(struct tls *ctx, struct tls **cctx,
+    tls_read_cb read_cb, tls_write_cb write_cb, void *cb_arg)
+{
+	struct tls *conn_ctx;
+
+	if ((conn_ctx = tls_accept_common(ctx)) == NULL)
+		goto err;
+
+	if (tls_set_cbs(conn_ctx, read_cb, write_cb, cb_arg) != 0)
+		goto err;
+
+	*cctx = conn_ctx;
+
+	return (0);
+ err:
+	tls_free(conn_ctx);
+	*cctx = NULL;
+
+	return (-1);
+}
+
+int
+tls_handshake_server(struct tls *ctx)
+{
+	int ssl_ret;
+	int rv = -1;
+
+	if ((ctx->flags & TLS_SERVER_CONN) == 0) {
+		tls_set_errorx(ctx, "not a server connection context");
+		goto err;
+	}
+
+	ctx->state |= TLS_SSL_NEEDS_SHUTDOWN;
+
+	ERR_clear_error();
+	if ((ssl_ret = SSL_accept(ctx->ssl_conn)) != 1) {
+		rv = tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "handshake");
+		goto err;
+	}
+
+	ctx->state |= TLS_HANDSHAKE_COMPLETE;
+	rv = 0;
+
+ err:
+	return (rv);
+}
diff --git a/tls_util.c b/tls_util.c
new file mode 100644
index 0000000..b144fb1
--- /dev/null
+++ b/tls_util.c
@@ -0,0 +1,225 @@
+/* $OpenBSD: tls_util.c,v 1.14 2019/04/13 18:47:58 tb Exp $ */
+/*
+ * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
+ * Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
+ * Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <sys/stat.h>
+
+#include <stdlib.h>
+#include <unistd.h>
+#include <fcntl.h>
+
+#include "tls.h"
+#include "tls_internal.h"
+
+static void *
+memdup(const void *in, size_t len)
+{
+	void *out;
+
+	if ((out = malloc(len)) == NULL)
+		return NULL;
+	memcpy(out, in, len);
+	return out;
+}
+
+int
+tls_set_mem(char **dest, size_t *destlen, const void *src, size_t srclen)
+{
+	free(*dest);
+	*dest = NULL;
+	*destlen = 0;
+	if (src != NULL) {
+		if ((*dest = memdup(src, srclen)) == NULL)
+			return -1;
+		*destlen = srclen;
+	}
+	return 0;
+}
+
+int
+tls_set_string(const char **dest, const char *src)
+{
+	free((char *)*dest);
+	*dest = NULL;
+	if (src != NULL)
+		if ((*dest = strdup(src)) == NULL)
+			return -1;
+	return 0;
+}
+
+/*
+ * Extract the host and port from a colon separated value. For a literal IPv6
+ * address the address must be contained with square braces. If a host and
+ * port are successfully extracted, the function will return 0 and the
+ * caller is responsible for freeing the host and port. If no port is found
+ * then the function will return 1, with both host and port being NULL.
+ * On memory allocation failure -1 will be returned.
+ */
+int
+tls_host_port(const char *hostport, char **host, char **port)
+{
+	char *h, *p, *s;
+	int rv = 1;
+
+	*host = NULL;
+	*port = NULL;
+
+	if ((s = strdup(hostport)) == NULL)
+		goto err;
+
+	h = p = s;
+
+	/* See if this is an IPv6 literal with square braces. */
+	if (p[0] == '[') {
+		h++;
+		if ((p = strchr(s, ']')) == NULL)
+			goto done;
+		*p++ = '\0';
+	}
+
+	/* Find the port seperator. */
+	if ((p = strchr(p, ':')) == NULL)
+		goto done;
+
+	/* If there is another separator then we have issues. */
+	if (strchr(p + 1, ':') != NULL)
+		goto done;
+
+	*p++ = '\0';
+
+	if (asprintf(host, "%s", h) == -1) {
+		*host = NULL;
+		goto err;
+	}
+	if (asprintf(port, "%s", p) == -1) {
+		*port = NULL;
+		goto err;
+	}
+
+	rv = 0;
+	goto done;
+
+ err:
+	free(*host);
+	*host = NULL;
+	free(*port);
+	*port = NULL;
+	rv = -1;
+
+ done:
+	free(s);
+
+	return (rv);
+}
+
+int
+tls_password_cb(char *buf, int size, int rwflag, void *u)
+{
+	size_t len;
+
+	if (size < 0)
+		return (0);
+
+	if (u == NULL) {
+		memset(buf, 0, size);
+		return (0);
+	}
+
+	if ((len = strlcpy(buf, u, size)) >= (size_t)size)
+		return (0);
+
+	return (len);
+}
+
+uint8_t *
+tls_load_file(const char *name, size_t *len, char *password)
+{
+	FILE *fp;
+	EVP_PKEY *key = NULL;
+	BIO *bio = NULL;
+	char *data;
+	uint8_t *buf = NULL;
+	struct stat st;
+	size_t size = 0;
+	int fd = -1;
+	ssize_t n;
+
+	*len = 0;
+
+	if ((fd = open(name, O_RDONLY)) == -1)
+		return (NULL);
+
+	/* Just load the file into memory without decryption */
+	if (password == NULL) {
+		if (fstat(fd, &st) != 0)
+			goto err;
+		if (st.st_size < 0)
+			goto err;
+		size = (size_t)st.st_size;
+		if ((buf = malloc(size)) == NULL)
+			goto err;
+		n = read(fd, buf, size);
+		if (n < 0 || (size_t)n != size)
+			goto err;
+		close(fd);
+		goto done;
+	}
+
+	/* Or read the (possibly) encrypted key from file */
+	if ((fp = fdopen(fd, "r")) == NULL)
+		goto err;
+	fd = -1;
+
+	key = PEM_read_PrivateKey(fp, NULL, tls_password_cb, password);
+	fclose(fp);
+	if (key == NULL)
+		goto err;
+
+	/* Write unencrypted key to memory buffer */
+	if ((bio = BIO_new(BIO_s_mem())) == NULL)
+		goto err;
+	if (!PEM_write_bio_PrivateKey(bio, key, NULL, NULL, 0, NULL, NULL))
+		goto err;
+	if ((size = BIO_get_mem_data(bio, &data)) <= 0)
+		goto err;
+	if ((buf = malloc(size)) == NULL)
+		goto err;
+	memcpy(buf, data, size);
+
+	BIO_free_all(bio);
+	EVP_PKEY_free(key);
+
+ done:
+	*len = size;
+	return (buf);
+
+ err:
+	if (fd != -1)
+		close(fd);
+	freezero(buf, size);
+	BIO_free_all(bio);
+	EVP_PKEY_free(key);
+
+	return (NULL);
+}
+
+void
+tls_unload_file(uint8_t *buf, size_t len)
+{
+	freezero(buf, len);
+}
diff --git a/tls_verify.c b/tls_verify.c
new file mode 100644
index 0000000..acbe163
--- /dev/null
+++ b/tls_verify.c
@@ -0,0 +1,280 @@
+/* $OpenBSD: tls_verify.c,v 1.20 2018/02/05 00:52:24 jsing Exp $ */
+/*
+ * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <sys/socket.h>
+
+#include <arpa/inet.h>
+#include <netinet/in.h>
+
+#include <string.h>
+
+#include <openssl/x509v3.h>
+
+#include <tls.h>
+#include "tls_internal.h"
+
+static int
+tls_match_name(const char *cert_name, const char *name)
+{
+	const char *cert_domain, *domain, *next_dot;
+
+	if (strcasecmp(cert_name, name) == 0)
+		return 0;
+
+	/* Wildcard match? */
+	if (cert_name[0] == '*') {
+		/*
+		 * Valid wildcards:
+		 * - "*.domain.tld"
+		 * - "*.sub.domain.tld"
+		 * - etc.
+		 * Reject "*.tld".
+		 * No attempt to prevent the use of eg. "*.co.uk".
+		 */
+		cert_domain = &cert_name[1];
+		/* Disallow "*"  */
+		if (cert_domain[0] == '\0')
+			return -1;
+		/* Disallow "*foo" */
+		if (cert_domain[0] != '.')
+			return -1;
+		/* Disallow "*.." */
+		if (cert_domain[1] == '.')
+			return -1;
+		next_dot = strchr(&cert_domain[1], '.');
+		/* Disallow "*.bar" */
+		if (next_dot == NULL)
+			return -1;
+		/* Disallow "*.bar.." */
+		if (next_dot[1] == '.')
+			return -1;
+
+		domain = strchr(name, '.');
+
+		/* No wildcard match against a name with no host part. */
+		if (name[0] == '.')
+			return -1;
+		/* No wildcard match against a name with no domain part. */
+		if (domain == NULL || strlen(domain) == 1)
+			return -1;
+
+		if (strcasecmp(cert_domain, domain) == 0)
+			return 0;
+	}
+
+	return -1;
+}
+
+/*
+ * See RFC 5280 section 4.2.1.6 for SubjectAltName details.
+ * alt_match is set to 1 if a matching alternate name is found.
+ * alt_exists is set to 1 if any known alternate name exists in the certificate.
+ */
+static int
+tls_check_subject_altname(struct tls *ctx, X509 *cert, const char *name,
+    int *alt_match, int *alt_exists)
+{
+	STACK_OF(GENERAL_NAME) *altname_stack = NULL;
+	union tls_addr addrbuf;
+	int addrlen, type;
+	int count, i;
+	int rv = 0;
+
+	*alt_match = 0;
+	*alt_exists = 0;
+
+	altname_stack = X509_get_ext_d2i(cert, NID_subject_alt_name,
+	    NULL, NULL);
+	if (altname_stack == NULL)
+		return 0;
+
+	if (inet_pton(AF_INET, name, &addrbuf) == 1) {
+		type = GEN_IPADD;
+		addrlen = 4;
+	} else if (inet_pton(AF_INET6, name, &addrbuf) == 1) {
+		type = GEN_IPADD;
+		addrlen = 16;
+	} else {
+		type = GEN_DNS;
+		addrlen = 0;
+	}
+
+	count = sk_GENERAL_NAME_num(altname_stack);
+	for (i = 0; i < count; i++) {
+		GENERAL_NAME	*altname;
+
+		altname = sk_GENERAL_NAME_value(altname_stack, i);
+
+		if (altname->type == GEN_DNS || altname->type == GEN_IPADD)
+			*alt_exists = 1;
+
+		if (altname->type != type)
+			continue;
+
+		if (type == GEN_DNS) {
+			unsigned char	*data;
+			int		 format, len;
+
+			format = ASN1_STRING_type(altname->d.dNSName);
+			if (format == V_ASN1_IA5STRING) {
+				data = ASN1_STRING_data(altname->d.dNSName);
+				len = ASN1_STRING_length(altname->d.dNSName);
+
+				if (len < 0 || (size_t)len != strlen(data)) {
+					tls_set_errorx(ctx,
+					    "error verifying name '%s': "
+					    "NUL byte in subjectAltName, "
+					    "probably a malicious certificate",
+					    name);
+					rv = -1;
+					break;
+				}
+
+				/*
+				 * Per RFC 5280 section 4.2.1.6:
+				 * " " is a legal domain name, but that
+				 * dNSName must be rejected.
+				 */
+				if (strcmp(data, " ") == 0) {
+					tls_set_errorx(ctx,
+					    "error verifying name '%s': "
+					    "a dNSName of \" \" must not be "
+					    "used", name);
+					rv = -1;
+					break;
+				}
+
+				if (tls_match_name(data, name) == 0) {
+					*alt_match = 1;
+					break;
+				}
+			} else {
+#ifdef DEBUG
+				fprintf(stdout, "%s: unhandled subjectAltName "
+				    "dNSName encoding (%d)\n", getprogname(),
+				    format);
+#endif
+			}
+
+		} else if (type == GEN_IPADD) {
+			unsigned char	*data;
+			int		 datalen;
+
+			datalen = ASN1_STRING_length(altname->d.iPAddress);
+			data = ASN1_STRING_data(altname->d.iPAddress);
+
+			if (datalen < 0) {
+				tls_set_errorx(ctx,
+				    "Unexpected negative length for an "
+				    "IP address: %d", datalen);
+				rv = -1;
+				break;
+			}
+
+			/*
+			 * Per RFC 5280 section 4.2.1.6:
+			 * IPv4 must use 4 octets and IPv6 must use 16 octets.
+			 */
+			if (datalen == addrlen &&
+			    memcmp(data, &addrbuf, addrlen) == 0) {
+				*alt_match = 1;
+				break;
+			}
+		}
+	}
+
+	sk_GENERAL_NAME_pop_free(altname_stack, GENERAL_NAME_free);
+	return rv;
+}
+
+static int
+tls_check_common_name(struct tls *ctx, X509 *cert, const char *name,
+    int *cn_match)
+{
+	X509_NAME *subject_name;
+	char *common_name = NULL;
+	union tls_addr addrbuf;
+	int common_name_len;
+	int rv = 0;
+
+	*cn_match = 0;
+
+	subject_name = X509_get_subject_name(cert);
+	if (subject_name == NULL)
+		goto done;
+
+	common_name_len = X509_NAME_get_text_by_NID(subject_name,
+	    NID_commonName, NULL, 0);
+	if (common_name_len < 0)
+		goto done;
+
+	common_name = calloc(common_name_len + 1, 1);
+	if (common_name == NULL)
+		goto done;
+
+	X509_NAME_get_text_by_NID(subject_name, NID_commonName, common_name,
+	    common_name_len + 1);
+
+	/* NUL bytes in CN? */
+	if (common_name_len < 0 ||
+	    (size_t)common_name_len != strlen(common_name)) {
+		tls_set_errorx(ctx, "error verifying name '%s': "
+		    "NUL byte in Common Name field, "
+		    "probably a malicious certificate", name);
+		rv = -1;
+		goto done;
+	}
+
+	/*
+	 * We don't want to attempt wildcard matching against IP addresses,
+	 * so perform a simple comparison here.
+	 */
+	if (inet_pton(AF_INET,  name, &addrbuf) == 1 ||
+	    inet_pton(AF_INET6, name, &addrbuf) == 1) {
+		if (strcmp(common_name, name) == 0)
+			*cn_match = 1;
+		goto done;
+	}
+
+	if (tls_match_name(common_name, name) == 0)
+		*cn_match = 1;
+
+ done:
+	free(common_name);
+	return rv;
+}
+
+int
+tls_check_name(struct tls *ctx, X509 *cert, const char *name, int *match)
+{
+	int alt_exists;
+
+	*match = 0;
+
+	if (tls_check_subject_altname(ctx, cert, name, match,
+	    &alt_exists) == -1)
+		return -1;
+
+	/*
+	 * As per RFC 6125 section 6.4.4, if any known alternate name existed
+	 * in the certificate, we do not attempt to match on the CN.
+	 */
+	if (*match || alt_exists)
+		return 0;
+
+	return tls_check_common_name(ctx, cert, name, match);
+}