Version bump. Removed old. Added "ssl2" USE flag (bug #510798)

Package-Manager: portage-2.2.15/cvs/Linux x86_64
Manifest-Sign-Key: 0x981CA6FC

7 files changed, 667 insertions, 665 deletions

diff --git a/dev-libs/openssl/ChangeLog b/dev-libs/openssl/ChangeLog
index 583b8cc3385f..0b406c2927e5 100644
--- a/dev-libs/openssl/ChangeLog
+++ b/dev-libs/openssl/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for dev-libs/openssl
 # Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/ChangeLog,v 1.625 2015/01/16 08:08:05 ago Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/ChangeLog,v 1.626 2015/01/23 11:19:23 polynomial-c Exp $
+
+*openssl-1.0.2 (23 Jan 2015)
+
+  23 Jan 2015; Lars Wendler <polynomial-c@gentoo.org>
+  -openssl-1.0.2_beta3.ebuild, +openssl-1.0.2.ebuild,
+  +files/openssl-1.0.2-ipv6.patch, +files/openssl-1.0.2-s_client-verify.patch,
+  -files/openssl-1.0.2_beta2-ipv6.patch, metadata.xml:
+  Version bump. Removed old. Added "ssl2" USE flag (bug #510798).
 
   16 Jan 2015; Agostino Sarubbo <ago@gentoo.org> openssl-1.0.1k.ebuild:
   Stable for ia64, wrt bug #536042
diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 33e1e280468c..eb73daf17464 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -17,8 +17,9 @@ AUX openssl-1.0.1-x32.patch 3273 SHA256 a4f05b8757e225a05a9c5a3ea485159066760d87
 AUX openssl-1.0.1e-s_client-verify.patch 592 SHA256 6f540fce663eefbe68cee16ad7d8d561d6c898eeb4180c2f4a4caa7e43c6d0c9 SHA512 117b1017e1259667078d3ccdcd9fd46357c6f85cf2702794f49c612b37acdc044fe88f871dbe46fcad9ed4cd8aaaaee800dddb5286203322802efd7549a43b68 WHIRLPOOL 70a4cc36b1dcb24d7e9bcef016684fb2394977f7f20aa332ebd0aa15e3f4c16c74563d2fc0ba8d70669f6cc9a13bf8a30cdb28ebafe2d102cd2859a4e32c38d7
 AUX openssl-1.0.1f-revert-alpha-perl-generation.patch 3102 SHA256 6e502275b32ac0eca80f28448ae1bb88506f9135258f420fd857ea0b9b485778 SHA512 c80439da3d268e70fd492d0ca73c0a17ddb088b9330610794a338d1921ee13dad9caca4c81ca103b82a7541c8712f77e51f352ec1b1b02789d9aed291acb0cdc WHIRLPOOL cb760366c8759b1c78c5307134bb48c4fc12b1556276c2ef55455ea54725d20cb433ade966a7453f512d2feb5ae89a9798078ab535e4605366633a8e003c7ac6
 AUX openssl-1.0.1h-ipv6.patch 17788 SHA256 7adeeb88cc544f8b210efbe2baff48fccf5029b582dff7010ae70e0e1f097d7b SHA512 0f0990d4294abcb5f3e51c84080883046a054c710b57a23f99b3323727d5e9aeb5ddeb6b6c2565b4be364f7c21419c90ce5288154e404cd663678f87e0d1c259 WHIRLPOOL cfe7a2e141a4a6252ffcfe215b16dd1082bc14a757dad7eb01bb9819de41ef0ee51a4b2dbf110c27b52e483341c337bf4d1f77f4f9f3172d2fee9e348c30af7e
+AUX openssl-1.0.2-ipv6.patch 18811 SHA256 9ff3150c75f3f3e6a9773ffe54d90994cbf68cc919134aea68e09e7ed921763d SHA512 58e293f8f19a3fad08729b842dd977b73fedb0c49208d87a056bfea857c0e2b79a310d7d098c04429b65564fce64defeda6d1dcc3068ad5a80ef276db6421e54 WHIRLPOOL 36a0fffc7238011b93077bed94c9507f2ffc1cf199e6c06e94d01589cdc84a6568b9122e1a120b8262bd0a1c43f25169a29796c92a78338dd9f03b4cc2cdf0b8
 AUX openssl-1.0.2-parallel-build.patch 10661 SHA256 bc5622150a964dc2d9909f41557140b696ce1bdfa4e2b12cc3e0e51029ead32b SHA512 a4957304a4424016cd8a1c6552c422cd042d737e12f96235ec54d1e601ccbe8cb79d931ac8777d1a599bd4a70eac4e6700a24362f14fb04eb273df82f2de0d01 WHIRLPOOL 5b34e45dcb0db6649e26d275925ca008f5201afbc22184e15c5324513bc0ed40ee271a70686e10a20bb219b3c4bd2148323b317ead97cdc27a3c897c0a07d228
-AUX openssl-1.0.2_beta2-ipv6.patch 18212 SHA256 92cd8a8713e26e569307a427d93572041d55b2cd862bd7384a9f16ca956580e8 SHA512 11949db52a9f9885b272cdfe3da7b5abb1307e1b047c9f54fa5bf0af98fe68c90cadccc8f856748d64abc446bbdbc1647465bd7cdb8baaa9967630d4e378a98d WHIRLPOOL bd47b347c66279c92a9a982cfffa296fdc8fd07f66f3befa722b5b847a1666e35edc4c37740f18a63379defcb1a6b7bb4db256717872c83901a4adace4d6398c
+AUX openssl-1.0.2-s_client-verify.patch 648 SHA256 b6ca2278dd9833f87a1d0037cb3cac8aee0f8326ff13ece1f08a536b8545eb77 SHA512 78b09ae700096205582785584a268776af46fc5bc94a0faa1ce6087ffcc945649e69269ff7fa88dedd5df1a5cdecc53e885de1e39506470f23b02028ca962104 WHIRLPOOL 8e7c90d37c1736b4b2f2c38d1c12dcfee4996a50a2a7dd07645a0c0b6616006d11232dd0f88ab735833e1c46aa171ceb5e1288c3d57296010bdda59295de7599
 DIST openssl-0.9.8za.tar.gz 3787508 SHA256 cdcb98d0fbc026ca798b17919334310271d3a593554ffd6a59659b9222fd4e48 SHA512 3e16cd427bb7da4c740fa56dbee3d3e77d59bc255a474be07521354ef1db507fbd3befd35e30eaabf1c84458602bfe0ec887167604a22ae832acdcb113edb753 WHIRLPOOL 6a8f9fead39dfeb0c4e702e8395dcb6554fac03c351d31693e08a613fba3be638dcd52c5feb583b68c7729efe5adc1f5bef8deae47590183b747462fe3873c3d
 DIST openssl-0.9.8zb.tar.gz 3727934 SHA256 950e2298237de1697168debd42860bf41ead618e0c03dc9a3a56e23258e435be SHA512 b563a7d9c7ae602aefb3ba8e5cd54d0460c805b7a4ef0b1b369907d6447f5b1977ebb1e261d37254a487d74d56f40bf825e2a279c6ae56ffcc9b7fd785dc7dbd WHIRLPOOL 60aeeb8171222d358c26361494c2d06f3cc6d66a385f3fcd58005e1220c3819add0e952cd4add16457191d8317b11efcdb7f6ae4696880d21a77c95df2c56a6a
 DIST openssl-0.9.8zc.tar.gz 3735406 SHA256 461cc694f29e72f59c22e7ea61bf44671a5fc2f8b3fc2eeac89714b7be915881 SHA512 e4a68857b509bbaa5c66bf43491541e309e37f136816a1380664488420805edc74dc7f94c6318e34e077b29d53d060f971ba69b9efcfa0da9605934b2be45ef4 WHIRLPOOL 5fef377db08b93dc67cda509beb7c366af10cca3dfab3ce9e9f89798169984691ddec784a02bc839e190ddc08641d337f3adf6b0ced3ed796a5ed4f247805e90
@@ -28,7 +29,7 @@ DIST openssl-1.0.0q.tar.gz 4004090 SHA256 230dc19ea33b87836c388c1117a71f8eb539cb
 DIST openssl-1.0.1j.tar.gz 4432964 SHA256 1b60ca8789ba6f03e8ef20da2293b8dc131c39d83814e775069f02d26354edf3 SHA512 a786bb99b68d88c1de79d3c5372767f091ebeefb5abc1d4883253fd3ab5a86af53389f5ff36fdd8faa27c5fb78be8bbff406392c373358697da80d250eadebb8 WHIRLPOOL 467aa3b02d04837e3281670401985e492d15b561c03b97246e3c8e61b0d3b1927332e3a226de4ed5bd02265a04fb31ce84c3501f4af9685633d00a9b43c56978
 DIST openssl-1.0.1k.tar.gz 4434910 SHA256 8f9faeaebad088e772f4ef5e38252d472be4d878c6b3a2718c10a4fcebe7a41c SHA512 8b000fbd1bf919d9913a314f99aedd48a69f6caa4ccf43237889e73e08cbe0d82bfc27e9c7c4cade09fc459f91d6c4a831a9b3fc8bca0344fb864eadd7d1e8e8 WHIRLPOOL 5236a966d610c971e473cfc30e5412a72eef116fd259ada9c50da08bcd4ca967f80bb19babf530b4e5b9f1f24e9275e00391eb2e12a26d4544f593e2b4ba20b8
 DIST openssl-1.0.1l.tar.gz 4429979 SHA256 b2cf4d48fe5d49f240c61c9e624193a6f232b5ed0baf010681e725963c40d1d4 SHA512 27fe42f33815a3aafff75f2b9a5604c328fe5945c5cecaca74e5d2c2a1e066d64ddcc1fdb14b54fc7523cc730ab8a57d7d56b2879c289e86673f91fee0cca65e WHIRLPOOL 79f5698585c68ba647fcdfc4b342a43d06d69230658ca1bc265dd10d8da939c3e27b9a4125bd2adfbf50002b1dddef18be086dfc23a5050e69fb77350131909f
-DIST openssl-1.0.2-beta3.tar.gz 5149260 SHA256 264d2d5114d3da3c0e1712312ad0c77bd41757f1cc12f543250063d1e57259e6 SHA512 d18ce87429d0addba11a02d121affd16ec63237a97474167ae1ed914dbc5d284b090d72443b0bfed1e0ad165a37655dd96d3be87053b792a871515e819ccfa72 WHIRLPOOL 26bbce30122106cb5f36d426fb1f50c0bca952caf6d7224e17a6252a5731e3b4ec9da1a96553f152631e7b0243332d3c0f7c8bc2e512b64f3a126955d4355a53
+DIST openssl-1.0.2.tar.gz 5265809 SHA256 8c48baf3babe0d505d16cfc0cf272589c66d3624264098213db0fb00034728e9 SHA512 dea46225a5445edc4986b02b99fbc90153819374b9a9bfdd892b60cd18ac7fefaf21a7e9d2bb05d0e3bfa4d2704e0ee24b06cc8e7081a542d7598cc9e73c67c5 WHIRLPOOL fe628a38125390deb75728b31427c308efbf65637a569fd1f139f6313fea533514ef05bf3d01bbdc793f77eb259400c95c53074a294d32d73576939d16f22e25
 DIST openssl-c_rehash.sh.1.7 4167 SHA256 4999ee79892f52bd6a4a7baba9fac62262454d573bbffd72685d3aae9e48cee0 SHA512 55e8c2e827750a4f375cb83c86bfe2d166c01ffa5d7e9b16657b72b38b747c8985dd2c98f854c911dfbbee2ff3e92aff39fdf089d979b2e3534b7685ee8b80da WHIRLPOOL c88f06a3b8651f76b6289552cccceb64e13f6697c5f0ce3ff114c781ce1c218912b8ee308af9d087cd76a9600fdacda1953175bff07d7d3eb21b0c0b7f4f1ce1
 EBUILD openssl-0.9.8z_p1-r2.ebuild 4538 SHA256 f66c582eae2dd464bd42393c675d1452a7693681af7d479d346cd5e896fca697 SHA512 fd93cb629f8853964922547a8e8ff04f840eeedeacdd266e8bb75b96d12853c83a325ee45058a3f07265c1ac143f2be73616677465e1eeea95bde57d62093223 WHIRLPOOL b3b42ae1ef384ef220a5503d302674608578bd015b7041f33b782aa3cb79d69e35d51fb4f1b38d499187864fae755cf09fe7b71e81ebf86829e72f8f7e45f86c
 EBUILD openssl-0.9.8z_p2.ebuild 4981 SHA256 2e5abcc57ef84f093dfea05047746af19b364a885c72febf2d82e9b7fedac6e3 SHA512 fcf9fe7e968c89e74c905a5d21b75cbee92157cde55cfd7b345c37a26cf0c4e632c4883276bcc7fe6053e9c1eedb08d462034f8742f32964920a24ae498137f5 WHIRLPOOL 1d4e415755a4f6cb5f531c0e043b5aa3ffccc6f3b0e42e29708335dbcbee8f79076cb6602e190cefa649e2a1213fd8735935711fedfd29deee2c5f70985c4d97
@@ -39,23 +40,23 @@ EBUILD openssl-1.0.0q.ebuild 7053 SHA256 88a36b82d5ab5b248435fbbf6b9c9e2ac4c3d1a
 EBUILD openssl-1.0.1j.ebuild 8753 SHA256 d8d6837da8e3e74531d752a181836087d214de18ce57ca985317badb1e4a8b97 SHA512 02a154b3aeb6ec4e51f872ae811c83ed27c0caac2ca25450f1ec54b4ce82367042e09600ddfc9e4fd4bcd439e24c8a5a0d787f74ba0d148e0d6fe44e0d6eb6d2 WHIRLPOOL b36cdf732b11cb9d36b4a328d67d000a99c3ab50a9372937e988734e705787ec2f68c195dfed1047df8b746abf6de6ea0a8961401c309af141531847a3e9eb9c
 EBUILD openssl-1.0.1k.ebuild 8754 SHA256 20b872f77cb2a0c0a29b8b903f20857f398f90bb6e8927fdc7555371a2c1f0e6 SHA512 6623906dba49a5a3e4fa340dd8475df6056cd7abac3adef8b166332549afc03c0d99d88936fd7869f3d72cf77e1e960dd482736645a474e0c6b245f663cf449c WHIRLPOOL a60e3d87a2ff6e8faecacd5b672cee919e0120af17a90b4d26bb3948d04428dde3efe81cad367e627a357527f49c7e1560d61eea83b50717087193e0f23c0537
 EBUILD openssl-1.0.1l.ebuild 8771 SHA256 7c16b419102480fecd2482374e2503a6726e5e37b9eb187a2ce5b498bea531e5 SHA512 d1eb045844db5e13f177bf7f5977e90e2b6dd412185276b16aab271d8b051e1019d06a48a1f7f7fe09ebb7ba6a7fb72e3648f79bcf34675dbb0673c223e22787 WHIRLPOOL 8d213d74d57fb8394e34128ad3a0bb8f40de216d867a5dd83d5baa5caf486ac77e0145bdce98b3aae8802b86b260180efaf491b86c770bd25075ae518ab4859a
-EBUILD openssl-1.0.2_beta3.ebuild 8651 SHA256 f0a4eece15dd48460b0a3e7fcb2bdadd087d049ec0f5ff67194e4ce78dffa540 SHA512 a6c915f4c03d638470c8edb8f57a09b01d9709feb09c65a8fc4562088f28f94898946dcbbe800b4ecd8a523a100ac7e90a7003163c9159ef1c188711f7f36ce0 WHIRLPOOL 3624424fe3435d492035964b8c7bce134bce13b27cd3e508673aefe31477b42231cd3957e6bf0236ca2352a39e236db5939b4ece2709eecbafb2881117637b73
-MISC ChangeLog 95405 SHA256 3754c6ee2eacd3cf68207ba0dda89e2fb7d6c9dceb92c11e389e08a7bccb5c0e SHA512 61baf6fda5f7772b86ff5c28a724ce1d99b27278e23b12465f86ef6994b7bca5761f6eeb4d847db1112f19af76ee80d4e6dc42ded2cdbf1f8772c6d5b7e8f00d WHIRLPOOL cf63a5dd924247adca8f47be0a5141f208e149663f846c9956c0212e577d284454a619c8e08a3af7db74cb47a20d25d17b9f07841c34db1e924c76bc80fd8ee7
-MISC metadata.xml 562 SHA256 5c61e2a07ffdb4ba157e0add7f84ff74458c890092d5e6980fd936dfdb457c34 SHA512 f83769af7ffd223923b72a62db27cbc80ca31925b95b720845b6bedd2a9b52837f70f9da93ee43e272ceb3c8424a8c9f35a31ebd5274bc04c91cd63ace1af844 WHIRLPOOL d98f2af2cf3e13c09ad526a2fe06fe8ef02e1db20fd4e3843f1793a97c9ae6a2897308c84038a9a37d6d68fadc7af6d913b980f4f079dac36ea3860a33aca8c2
+EBUILD openssl-1.0.2.ebuild 8745 SHA256 c74cdec7cbde4de754dfeb594c94826d4cde61a9a9a350c4fc8267efc811f60a SHA512 e9064059aab6a6c4fe1b5cc9595fa44c5850a52a572598051290e113d3e9c8cf092d911e0c0a679b7f260c8e76d9d3ad138fa90ef7f2f938397830ffe40fa764 WHIRLPOOL 47584669ef648b3da05715a1a0020db63fd263135ff8045840e37773812b3b2542bebf0c178e39e6799520bd3bea85a45283c682a6b3d2378bed8f3488b4c8e2
+MISC ChangeLog 95753 SHA256 cb40581f9aa4f0b00a782a33a650b0191ce0075cd6637617320a1bc1b5cb4fd4 SHA512 7302fb6f1b0cd33c7af0bbae81a6808c3d1621b98bc8cd03eaf0dc77792af01b6c245ffab7b93f1391d07a60ee3c8c8192e669c3f80b37ddc455f14cb80b06d1 WHIRLPOOL e8273c5bc2b22439dabc937cbd93ed4de6a1d8efebdfc1a2bda7a4050060cf1b96dcbcd3c0b205db87825af39ba4629436b78bf2bb93dd85945363e995634654
+MISC metadata.xml 714 SHA256 fa5c91eb85b49d06c1ed530bbca51a8a905498bdac0a68785a046ec7039fc710 SHA512 90275e498057448399932d664ec6d5a531ff87cda06460a9f5c78f780a017d03c8ee23409a906995ca0234dc978a72ea3465ebabd9386e625af184a38abc75e1 WHIRLPOOL 668a77c92ebb4fce5aa4358795bbc126e05bee144ff59f7c676e4af9d8ba51adfedf0b3433ac8a8913e49afa7f7d180a34c64e6cbb080c0328f31f72c2e69ccc
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
-iQIcBAEBCAAGBQJUuMbmAAoJELp701BxlEWf5WEQAIo8pyyyvaC+2ZFbrTPJ5gE7
-2X1Px5yDiD2XGx11gyoRUMMldy/zY2AfUZOnwNz4vQOCA75TV/ngNliCddCNoNDb
-Tgesvdb29x6VsmVjZ/1xDuZ7KTn3cVJw2B2yrJUfdXNBlSx1cjnpNYkGP8WgZeeK
-d6xJT6IDT93ZDZ00yqD1QQeAtMcYwbqS4deWid7QAeg500HP097Bd91kdJ8Ul1Bv
-agX8401pL4tSyrcR8tRFhzF6phIuUrZ4szlXEDDkwBEP0db7YldSnUdQ74hul1qO
-ln1tP6uCaXSH9PZnfA0EVA9mSQvhfPKOmEQPfdEKnbwxBMDhSFle1jlBpybl5u9v
-XdVliY04VbZNzMV9Tua/gplxE4P+kpBatZmZhyjbWeU7SzilvpwMMWB5JZ1U1Yx+
-ahPgds+gJgCzi9EFk7WnJ/2hr/ehCRwhJ+AvoPDBOsk68vUzmGlbgQexBUl4gVuy
-HZrcLxFB7up+oTrQbNF3jQ93hdBoylcv+l8W4Hfrwggr+mPMudRk+podNVu2ThiU
-mkYmaGZ90SNV0ZI2Y8cko0RjPrF5eV+esVmluuzgKr5OpL/KK9FeIAyBrilElvwI
-oUk4NgaEhGHWmT0SyjoE+Elyt1pFOFDHtJLm6WKuUGsWEoNl01PjjGO1p4eboZpx
-aA8N95/nuR7hvykd3cGU
-=uy9P
+iQIcBAEBCAAGBQJUwi48AAoJEPiazRVxLXTFsE8QAMnotnxfcdTNK5OE/zeALj0G
+oRGzRqUF6spgVhrUvakjQ9DJ7PP4cIXL4uXCEFI6s1w7D/boDYbH3ZsTfpPkkkMA
+d+uF/EDGjwf8cSHzEUykUDN2qJ1WH2EbcYAZ8G7sG4JY6CzsI7/zKnjU3lz7Rj3v
+PBiAzgYablsvsAntvZE84z9/awGrGkzLOZ0ohz15vsiYBw5EytkmWtgHe0nXA8oj
+MJ/yn8RXnpc9+zATSlEevXSMG0M/k2A4vSBrZilqfvhMI9aTWAhPMZwOp71vqo+f
+s8FRSJjUkdT/gRA8eoyZV9Bsg6Pa7rtj+58GfPC4tnA4lGrT5tk8uxUscoSH6ARR
+4sJ90yBj5TBavKMsSdRRtciRyFtwdrE/Nmen4G+tteqCqNEbKaQe12AyxA6Xc212
+0qLkcU32pbPkkbx7QwNOmrBXWIUnnJ8cbJ2cx80JsaZLNE0BoAREs+C+lkQis6Z+
+BecZOzidsFAI6D67la73paLtQ7VbatVgoMct0nkY2H3eRlMgNVP/YB4dJ9y9Nmkr
+HVCZshgDSxt0UfLutMi6QvlgLBUoDQ212LCGVvpaDtxcilw0x5da5yfdn/pQmjMq
+/2aCB5EWcxWqlPHbAJXUFSphhFv1lpUkhB589Hyepg0ofZW8EjuwAmGXNTvfi5o9
+t4nlnOMYPFM8rReQIMkE
+=Oozs
 -----END PGP SIGNATURE-----
diff --git a/dev-libs/openssl/files/openssl-1.0.2-ipv6.patch b/dev-libs/openssl/files/openssl-1.0.2-ipv6.patch
new file mode 100644
index 000000000000..27574ea616de
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.0.2-ipv6.patch
@@ -0,0 +1,611 @@
+http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest
+
+--- openssl-1.0.2/apps/s_apps.h
++++ openssl-1.0.2/apps/s_apps.h
+@@ -154,7 +154,7 @@
+ int do_server(int port, int type, int *ret,
+               int (*cb) (char *hostname, int s, int stype,
+                          unsigned char *context), unsigned char *context,
+-              int naccept);
++              int naccept, int use_ipv4, int use_ipv6);
+ #ifdef HEADER_X509_H
+ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
+ #endif
+@@ -167,7 +167,8 @@
+ int ssl_print_curves(BIO *out, SSL *s, int noshared);
+ #endif
+ int ssl_print_tmp_key(BIO *out, SSL *s);
+-int init_client(int *sock, char *server, int port, int type);
++int init_client(int *sock, char *server, int port, int type,
++		int use_ipv4, int use_ipv6);
+ int should_retry(int i);
+ int extract_port(char *str, short *port_ptr);
+ int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
+--- openssl-1.0.2/apps/s_client.c
++++ openssl-1.0.2/apps/s_client.c
+@@ -302,6 +302,10 @@
+ {
+     BIO_printf(bio_err, "usage: s_client args\n");
+     BIO_printf(bio_err, "\n");
++    BIO_printf(bio_err, " -4             - use IPv4 only\n");
++#if OPENSSL_USE_IPV6
++    BIO_printf(bio_err, " -6             - use IPv6 only\n");
++#endif
+     BIO_printf(bio_err, " -host host     - use -connect instead\n");
+     BIO_printf(bio_err, " -port port     - use -connect instead\n");
+     BIO_printf(bio_err,
+@@ -658,6 +662,7 @@
+     int sbuf_len, sbuf_off;
+     fd_set readfds, writefds;
+     short port = PORT;
++    int use_ipv4, use_ipv6;
+     int full_log = 1;
+     char *host = SSL_HOST_NAME;
+     char *cert_file = NULL, *key_file = NULL, *chain_file = NULL;
+@@ -709,7 +714,11 @@
+ #endif
+     char *sess_in = NULL;
+     char *sess_out = NULL;
+-    struct sockaddr peer;
++#if OPENSSL_USE_IPV6
++    struct sockaddr_storage peer;
++#else
++    struct sockaddr_in peer;
++#endif
+     int peerlen = sizeof(peer);
+     int fallback_scsv = 0;
+     int enable_timeouts = 0;
+@@ -737,6 +746,12 @@
+ 
+     meth = SSLv23_client_method();
+ 
++    use_ipv4 = 1;
++#if OPENSSL_USE_IPV6
++    use_ipv6 = 1;
++#else
++    use_ipv6 = 0;
++#endif
+     apps_startup();
+     c_Pause = 0;
+     c_quiet = 0;
+@@ -1096,6 +1111,16 @@
+             jpake_secret = *++argv;
+         }
+ #endif
++	else if (strcmp(*argv,"-4") == 0) {
++	    use_ipv4 = 1;
++	    use_ipv6 = 0;
++	}
++#if OPENSSL_USE_IPV6
++	else if (strcmp(*argv,"-6") == 0) {
++	    use_ipv4 = 0;
++	    use_ipv6 = 1;
++	}
++#endif
+ #ifndef OPENSSL_NO_SRTP
+         else if (strcmp(*argv, "-use_srtp") == 0) {
+             if (--argc < 1)
+@@ -1421,7 +1446,7 @@
+ 
+  re_start:
+ 
+-    if (init_client(&s, host, port, socket_type) == 0) {
++    if (init_client(&s, host, port, socket_type, use_ipv4, use_ipv6) == 0) {
+         BIO_printf(bio_err, "connect:errno=%d\n", get_last_socket_error());
+         SHUTDOWN(s);
+         goto end;
+@@ -1444,7 +1469,7 @@
+     if (socket_type == SOCK_DGRAM) {
+ 
+         sbio = BIO_new_dgram(s, BIO_NOCLOSE);
+-        if (getsockname(s, &peer, (void *)&peerlen) < 0) {
++        if (getsockname(s, (struct sockaddr *)&peer, (void *)&peerlen) < 0) {
+             BIO_printf(bio_err, "getsockname:errno=%d\n",
+                        get_last_socket_error());
+             SHUTDOWN(s);
+--- openssl-1.0.2/apps/s_server.c
++++ openssl-1.0.2/apps/s_server.c
+@@ -643,6 +643,10 @@
+     BIO_printf(bio_err,
+                " -alpn arg  - set the advertised protocols for the ALPN extension (comma-separated list)\n");
+ #endif
++    BIO_printf(bio_err, " -4            - use IPv4 only\n");
++#if OPENSSL_USE_IPV6
++    BIO_printf(bio_err, " -6            - use IPv6 only\n");
++#endif
+     BIO_printf(bio_err,
+                " -keymatexport label   - Export keying material using label\n");
+     BIO_printf(bio_err,
+@@ -1070,6 +1074,7 @@
+     int state = 0;
+     const SSL_METHOD *meth = NULL;
+     int socket_type = SOCK_STREAM;
++    int use_ipv4, use_ipv6;
+     ENGINE *e = NULL;
+     char *inrand = NULL;
+     int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
+@@ -1111,6 +1116,12 @@
+ 
+     meth = SSLv23_server_method();
+ 
++    use_ipv4 = 1;
++#if OPENSSL_USE_IPV6
++    use_ipv6 = 1;
++#else
++    use_ipv6 = 0;
++#endif
+     local_argc = argc;
+     local_argv = argv;
+ 
+@@ -1503,6 +1514,16 @@
+             jpake_secret = *(++argv);
+         }
+ #endif
++	else if (strcmp(*argv,"-4") == 0) {
++	    use_ipv4 = 1;
++	    use_ipv6 = 0;
++	}
++#if OPENSSL_USE_IPV6
++	else if (strcmp(*argv,"-6") == 0) {
++	    use_ipv4 = 0;
++	    use_ipv6 = 1;
++	}
++#endif
+ #ifndef OPENSSL_NO_SRTP
+         else if (strcmp(*argv, "-use_srtp") == 0) {
+             if (--argc < 1)
+@@ -2023,13 +2044,13 @@
+     (void)BIO_flush(bio_s_out);
+     if (rev)
+         do_server(port, socket_type, &accept_socket, rev_body, context,
+-                  naccept);
++                  naccept, use_ipv4, use_ipv6);
+     else if (www)
+         do_server(port, socket_type, &accept_socket, www_body, context,
+-                  naccept);
++                  naccept, use_ipv4, use_ipv6);
+     else
+         do_server(port, socket_type, &accept_socket, sv_body, context,
+-                  naccept);
++                  naccept, use_ipv4, use_ipv6);
+     print_stats(bio_s_out, ctx);
+     ret = 0;
+  end:
+--- openssl-1.0.2/apps/s_socket.c
++++ openssl-1.0.2/apps/s_socket.c
+@@ -101,16 +101,16 @@
+ #  include "netdb.h"
+ # endif
+ 
+-static struct hostent *GetHostByName(char *name);
++static struct hostent *GetHostByName(char *name, int domain);
+ # if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
+ static void ssl_sock_cleanup(void);
+ # endif
+ static int ssl_sock_init(void);
+-static int init_client_ip(int *sock, unsigned char ip[4], int port, int type);
+-static int init_server(int *sock, int port, int type);
+-static int init_server_long(int *sock, int port, char *ip, int type);
++static int init_client_ip(int *sock, unsigned char *ip, int port, int type, int domain);
++static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6);
++static int init_server_long(int *sock, int port, char *ip, int type, int use_ipv4, int use_ipv6);
+ static int do_accept(int acc_sock, int *sock, char **host);
+-static int host_ip(char *str, unsigned char ip[4]);
++static int host_ip(char *str, unsigned char *ip, int domain);
+ 
+ # ifdef OPENSSL_SYS_WIN16
+ #  define SOCKET_PROTOCOL 0     /* more microsoft stupidity */
+@@ -231,38 +231,68 @@
+     return (1);
+ }
+ 
+-int init_client(int *sock, char *host, int port, int type)
++int init_client(int *sock, char *host, int port, int type, int use_ipv4, int use_ipv6)
+ {
++# if OPENSSL_USE_IPV6
++    unsigned char ip[16];
++# else
+     unsigned char ip[4];
++# endif
+ 
+-    memset(ip, '\0', sizeof ip);
+-    if (!host_ip(host, &(ip[0])))
+-        return 0;
+-    return init_client_ip(sock, ip, port, type);
+-}
+-
+-static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
+-{
+-    unsigned long addr;
++    if (use_ipv4)
++	if (host_ip(host, ip, AF_INET))
++	    return(init_client_ip(sock, ip, port, type, AF_INET));
++# if OPENSSL_USE_IPV6
++    if (use_ipv6)
++	if (host_ip(host, ip, AF_INET6))
++	    return(init_client_ip(sock, ip, port, type, AF_INET6));
++# endif
++    return 0;
++}
++
++static int init_client_ip(int *sock, unsigned char ip[4], int port, int type, int domain)
++{
++# if OPENSSL_USE_IPV6
++    struct sockaddr_storage them;
++    struct sockaddr_in *them_in = (struct sockaddr_in *)&them;
++    struct sockaddr_in6 *them_in6 = (struct sockaddr_in6 *)&them;
++# else
+     struct sockaddr_in them;
++    struct sockaddr_in *them_in = &them;
++# endif
++    socklen_t addr_len;
+     int s, i;
+ 
+     if (!ssl_sock_init())
+         return (0);
+ 
+     memset((char *)&them, 0, sizeof(them));
+-    them.sin_family = AF_INET;
+-    them.sin_port = htons((unsigned short)port);
+-    addr = (unsigned long)
+-        ((unsigned long)ip[0] << 24L) |
+-        ((unsigned long)ip[1] << 16L) |
+-        ((unsigned long)ip[2] << 8L) | ((unsigned long)ip[3]);
+-    them.sin_addr.s_addr = htonl(addr);
++    if (domain == AF_INET) {
++	addr_len = (socklen_t)sizeof(struct sockaddr_in);
++	them_in->sin_family=AF_INET;
++	them_in->sin_port=htons((unsigned short)port);
++# ifndef BIT_FIELD_LIMITS
++	memcpy(&them_in->sin_addr.s_addr, ip, 4);
++# else
++	memcpy(&them_in->sin_addr, ip, 4);
++# endif
++    }
++    else
++# if OPENSSL_USE_IPV6
++    {
++	addr_len = (socklen_t)sizeof(struct sockaddr_in6);
++	them_in6->sin6_family=AF_INET6;
++	them_in6->sin6_port=htons((unsigned short)port);
++	memcpy(&(them_in6->sin6_addr), ip, sizeof(struct in6_addr));
++    }
++# else
++	return(0);
++# endif
+ 
+     if (type == SOCK_STREAM)
+-        s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL);
++        s = socket(domain, SOCK_STREAM, SOCKET_PROTOCOL);
+     else                        /* ( type == SOCK_DGRAM) */
+-        s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
++        s = socket(domain, SOCK_DGRAM, IPPROTO_UDP);
+ 
+     if (s == INVALID_SOCKET) {
+         perror("socket");
+@@ -280,7 +310,7 @@
+     }
+ # endif
+ 
+-    if (connect(s, (struct sockaddr *)&them, sizeof(them)) == -1) {
++    if (connect(s, (struct sockaddr *)&them, addr_len) == -1) {
+         closesocket(s);
+         perror("connect");
+         return (0);
+@@ -292,14 +322,14 @@
+ int do_server(int port, int type, int *ret,
+               int (*cb) (char *hostname, int s, int stype,
+                          unsigned char *context), unsigned char *context,
+-              int naccept)
++              int naccept, int use_ipv4, int use_ipv6)
+ {
+     int sock;
+     char *name = NULL;
+     int accept_socket = 0;
+     int i;
+ 
+-    if (!init_server(&accept_socket, port, type))
++    if (!init_server(&accept_socket, port, type, use_ipv4, use_ipv6))
+         return (0);
+ 
+     if (ret != NULL) {
+@@ -328,32 +358,41 @@
+     }
+ }
+ 
+-static int init_server_long(int *sock, int port, char *ip, int type)
++static int init_server_long(int *sock, int port, char *ip, int type, int use_ipv4, int use_ipv6)
+ {
+     int ret = 0;
++    int domain;
++# if OPENSSL_USE_IPV6
++    struct sockaddr_storage server;
++    struct sockaddr_in *server_in = (struct sockaddr_in *)&server;
++    struct sockaddr_in6 *server_in6 = (struct sockaddr_in6 *)&server;
++# else
+     struct sockaddr_in server;
++    struct sockaddr_in *server_in = &server;
++# endif
++    socklen_t addr_len;
+     int s = -1;
+ 
++    if (!use_ipv4 && !use_ipv6)
++	goto err;
++# if OPENSSL_USE_IPV6
++    /* we are fine here */
++# else
++    if (use_ipv6)
++	goto err;
++# endif
+     if (!ssl_sock_init())
+         return (0);
+ 
+-    memset((char *)&server, 0, sizeof(server));
+-    server.sin_family = AF_INET;
+-    server.sin_port = htons((unsigned short)port);
+-    if (ip == NULL)
+-        server.sin_addr.s_addr = INADDR_ANY;
+-    else
+-/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
+-# ifndef BIT_FIELD_LIMITS
+-        memcpy(&server.sin_addr.s_addr, ip, 4);
++#if OPENSSL_USE_IPV6
++    domain = use_ipv6 ? AF_INET6 : AF_INET;
+ # else
+-        memcpy(&server.sin_addr, ip, 4);
++    domain = AF_INET;
+ # endif
+-
+     if (type == SOCK_STREAM)
+-        s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL);
+-    else                        /* type == SOCK_DGRAM */
+-        s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
++	s=socket(domain, SOCK_STREAM, SOCKET_PROTOCOL);
++    else /* type == SOCK_DGRAM */
++	s=socket(domain, SOCK_DGRAM, IPPROTO_UDP);
+ 
+     if (s == INVALID_SOCKET)
+         goto err;
+@@ -363,7 +402,42 @@
+         setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof j);
+     }
+ # endif
+-    if (bind(s, (struct sockaddr *)&server, sizeof(server)) == -1) {
++# if OPENSSL_USE_IPV6
++    if ((use_ipv4 == 0) && (use_ipv6 == 1)) {
++	const int on = 1;
++
++	setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY,
++		    (const void *) &on, sizeof(int));
++    }
++# endif
++    if (domain == AF_INET) {
++	addr_len = (socklen_t)sizeof(struct sockaddr_in);
++	memset(server_in, 0, sizeof(struct sockaddr_in));
++	server_in->sin_family=AF_INET;
++	server_in->sin_port = htons((unsigned short)port);
++	if (ip == NULL)
++	    server_in->sin_addr.s_addr = htonl(INADDR_ANY);
++	else
++/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
++# ifndef BIT_FIELD_LIMITS
++	    memcpy(&server_in->sin_addr.s_addr, ip, 4);
++# else
++	    memcpy(&server_in->sin_addr, ip, 4);
++# endif
++    }
++# if OPENSSL_USE_IPV6
++    else {
++	addr_len = (socklen_t)sizeof(struct sockaddr_in6);
++	memset(server_in6, 0, sizeof(struct sockaddr_in6));
++	server_in6->sin6_family = AF_INET6;
++	server_in6->sin6_port = htons((unsigned short)port);
++	if (ip == NULL)
++	    server_in6->sin6_addr = in6addr_any;
++	else
++	    memcpy(&server_in6->sin6_addr, ip, sizeof(struct in6_addr));
++    }
++# endif
++    if (bind(s, (struct sockaddr *)&server, addr_len) == -1) {
+ # ifndef OPENSSL_SYS_WINDOWS
+         perror("bind");
+ # endif
+@@ -381,16 +455,23 @@
+     return (ret);
+ }
+ 
+-static int init_server(int *sock, int port, int type)
++static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6)
+ {
+-    return (init_server_long(sock, port, NULL, type));
++    return (init_server_long(sock, port, NULL, type, use_ipv4, use_ipv6));
+ }
+ 
+ static int do_accept(int acc_sock, int *sock, char **host)
+ {
+     int ret;
+     struct hostent *h1, *h2;
+-    static struct sockaddr_in from;
++#if OPENSSL_USE_IPV6
++    struct sockaddr_storage from;
++    struct sockaddr_in *from_in = (struct sockaddr_in *)&from;
++    struct sockaddr_in6 *from_in6 = (struct sockaddr_in6 *)&from;
++#else
++    struct sockaddr_in from;
++    struct sockaddr_in *from_in = &from;
++#endif
+     int len;
+ /*      struct linger ling; */
+ 
+@@ -440,14 +521,25 @@
+ 
+     if (host == NULL)
+         goto end;
++# if OPENSSL_USE_IPV6
++    if (from.ss_family == AF_INET)
++# else
++    if (from.sin_family == AF_INET)
++# endif
+ # ifndef BIT_FIELD_LIMITS
+-    /* I should use WSAAsyncGetHostByName() under windows */
+-    h1 = gethostbyaddr((char *)&from.sin_addr.s_addr,
+-                       sizeof(from.sin_addr.s_addr), AF_INET);
++	/* I should use WSAAsyncGetHostByName() under windows */
++	h1 = gethostbyaddr((char *)&from_in->sin_addr.s_addr,
++                	    sizeof(from_in->sin_addr.s_addr), AF_INET);
+ # else
+-    h1 = gethostbyaddr((char *)&from.sin_addr,
+-                       sizeof(struct in_addr), AF_INET);
++	h1 = gethostbyaddr((char *)&from_in->sin_addr,
++            		    sizeof(struct in_addr), AF_INET);
++# endif
++# if OPENSSL_USE_IPV6
++    else
++	h1 = gethostbyaddr((char *)&from_in6->sin6_addr,
++			    sizeof(struct in6_addr), AF_INET6);
+ # endif
++	    
+     if (h1 == NULL) {
+         BIO_printf(bio_err, "bad gethostbyaddr\n");
+         *host = NULL;
+@@ -460,14 +552,22 @@
+         }
+         BUF_strlcpy(*host, h1->h_name, strlen(h1->h_name) + 1);
+ 
+-        h2 = GetHostByName(*host);
++# if OPENSSL_USE_IPV6
++	h2=GetHostByName(*host, from.ss_family);
++# else
++	h2=GetHostByName(*host, from.sin_family);
++# endif
+         if (h2 == NULL) {
+             BIO_printf(bio_err, "gethostbyname failure\n");
+             closesocket(ret);
+             return (0);
+         }
+-        if (h2->h_addrtype != AF_INET) {
+-            BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n");
++# if OPENSSL_USE_IPV6
++	if (h2->h_addrtype != from.ss_family) {
++# else
++	if (h2->h_addrtype != from.sin_family) {
++# endif
++            BIO_printf(bio_err, "gethostbyname addr is not correct\n");
+             closesocket(ret);
+             return (0);
+         }
+@@ -483,14 +583,14 @@
+     char *h, *p;
+ 
+     h = str;
+-    p = strchr(str, ':');
++    p = strrchr(str, ':');
+     if (p == NULL) {
+         BIO_printf(bio_err, "no port defined\n");
+         return (0);
+     }
+     *(p++) = '\0';
+ 
+-    if ((ip != NULL) && !host_ip(str, ip))
++    if ((ip != NULL) && !host_ip(str, ip, AF_INET))
+         goto err;
+     if (host_ptr != NULL)
+         *host_ptr = h;
+@@ -502,44 +602,51 @@
+     return (0);
+ }
+ 
+-static int host_ip(char *str, unsigned char ip[4])
++static int host_ip(char *str, unsigned char *ip, int domain)
+ {
+     unsigned int in[4];
++    unsigned long l;
+     int i;
+ 
+-    if (sscanf(str, "%u.%u.%u.%u", &(in[0]), &(in[1]), &(in[2]), &(in[3])) ==
+-        4) {
++    if ((domain == AF_INET) && (sscanf(str, "%u.%u.%u.%u", &(in[0]), &(in[1]), &(in[2]), &(in[3])) == 4)) {
+         for (i = 0; i < 4; i++)
+             if (in[i] > 255) {
+                 BIO_printf(bio_err, "invalid IP address\n");
+                 goto err;
+             }
+-        ip[0] = in[0];
+-        ip[1] = in[1];
+-        ip[2] = in[2];
+-        ip[3] = in[3];
+-    } else {                    /* do a gethostbyname */
++	l=htonl((in[0]<<24L)|(in[1]<<16L)|(in[2]<<8L)|in[3]);
++	memcpy(ip, &l, 4);
++	return 1;
++    }
++# if OPENSSL_USE_IPV6
++    else if ((domain == AF_INET6) && (inet_pton(AF_INET6, str, ip) == 1))
++	return 1;
++# endif
++    else {                    /* do a gethostbyname */
+         struct hostent *he;
+ 
+         if (!ssl_sock_init())
+             return (0);
+ 
+-        he = GetHostByName(str);
++        he = GetHostByName(str, domain);
+         if (he == NULL) {
+             BIO_printf(bio_err, "gethostbyname failure\n");
+             goto err;
+         }
+         /* cast to short because of win16 winsock definition */
+-        if ((short)he->h_addrtype != AF_INET) {
+-            BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n");
++        if ((short)he->h_addrtype != domain) {
++            BIO_printf(bio_err, "gethostbyname addr is not correct\n");
+             return (0);
+         }
+-        ip[0] = he->h_addr_list[0][0];
+-        ip[1] = he->h_addr_list[0][1];
+-        ip[2] = he->h_addr_list[0][2];
+-        ip[3] = he->h_addr_list[0][3];
++	if (domain == AF_INET)
++	    memset(ip, 0, 4);
++# if OPENSSL_USE_IPV6
++	else
++	    memset(ip, 0, 16);
++# endif
++	memcpy(ip, he->h_addr_list[0], he->h_length);
++	return 1;
+     }
+-    return (1);
+  err:
+     return (0);
+ }
+@@ -573,7 +680,7 @@
+ static unsigned long ghbn_hits = 0L;
+ static unsigned long ghbn_miss = 0L;
+ 
+-static struct hostent *GetHostByName(char *name)
++static struct hostent *GetHostByName(char *name, int domain)
+ {
+     struct hostent *ret;
+     int i, lowi = 0;
+@@ -585,13 +692,18 @@
+             lowi = i;
+         }
+         if (ghbn_cache[i].order > 0) {
+-            if (strncmp(name, ghbn_cache[i].name, 128) == 0)
++            if ((strncmp(name, ghbn_cache[i].name, 128) == 0) && (ghbn_cache[i].ent.h_addrtype == domain))
+                 break;
+         }
+     }
+     if (i == GHBN_NUM) {        /* no hit */
+         ghbn_miss++;
+-        ret = gethostbyname(name);
++        if (domain == AF_INET)
++    	    ret = gethostbyname(name);
++# if OPENSSL_USE_IPV6
++	else
++	    ret = gethostbyname2(name, AF_INET6);
++# endif
+         if (ret == NULL)
+             return (NULL);
+         /* else add to cache */
diff --git a/dev-libs/openssl/files/openssl-1.0.2-s_client-verify.patch b/dev-libs/openssl/files/openssl-1.0.2-s_client-verify.patch
new file mode 100644
index 000000000000..803a91dde99c
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.0.2-s_client-verify.patch
@@ -0,0 +1,17 @@
+https://bugs.gentoo.org/472584
+http://rt.openssl.org/Ticket/Display.html?id=2387&user=guest&pass=guest
+
+fix verification handling in s_client.  when loading paths, make sure
+we properly fallback to setting the default paths.
+
+--- openssl-1.0.2/apps/s_client.c
++++ openssl-1.0.2/apps/s_client.c
+@@ -1337,7 +1337,7 @@
+ 
+     SSL_CTX_set_verify(ctx, verify, verify_callback);
+ 
+-    if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ||
++    if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) &&
+         (!SSL_CTX_set_default_verify_paths(ctx))) {
+         /*
+          * BIO_printf(bio_err,"error setting default verify locations\n");
diff --git a/dev-libs/openssl/files/openssl-1.0.2_beta2-ipv6.patch b/dev-libs/openssl/files/openssl-1.0.2_beta2-ipv6.patch
deleted file mode 100644
index 8683d2829f04..000000000000
--- a/dev-libs/openssl/files/openssl-1.0.2_beta2-ipv6.patch
+++ /dev/null
@@ -1,640 +0,0 @@
-http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest
-
---- openssl-1.0.2-beta2/apps/s_apps.h
-+++ openssl-1.0.2-beta2/apps/s_apps.h
-@@ -148,7 +148,7 @@
- #define PORT_STR        "4433"
- #define PROTOCOL        "tcp"
- 
--int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, int stype, unsigned char *context), unsigned char *context, int naccept);
-+int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, int stype, unsigned char *context), unsigned char *context, int naccept, int use_ipv4, int use_ipv6);
- #ifdef HEADER_X509_H
- int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
- #endif
-@@ -161,7 +161,7 @@
- int ssl_print_curves(BIO *out, SSL *s, int noshared);
- #endif
- int ssl_print_tmp_key(BIO *out, SSL *s);
--int init_client(int *sock, char *server, int port, int type);
-+int init_client(int *sock, char *server, int port, int type, int use_ipv4, int use_ipv6);
- int should_retry(int i);
- int extract_port(char *str, short *port_ptr);
- int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p);
---- openssl-1.0.2-beta2/apps/s_client.c
-+++ openssl-1.0.2-beta2/apps/s_client.c
-@@ -288,6 +288,10 @@
- 	{
- 	BIO_printf(bio_err,"usage: s_client args\n");
- 	BIO_printf(bio_err,"\n");
-+	BIO_printf(bio_err," -4             - use IPv4 only\n");
-+#if OPENSSL_USE_IPV6
-+	BIO_printf(bio_err," -6             - use IPv6 only\n");
-+#endif
- 	BIO_printf(bio_err," -host host     - use -connect instead\n");
- 	BIO_printf(bio_err," -port port     - use -connect instead\n");
- 	BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);
-@@ -595,6 +599,7 @@
- 	int sbuf_len,sbuf_off;
- 	fd_set readfds,writefds;
- 	short port=PORT;
-+	int use_ipv4, use_ipv6;
- 	int full_log=1;
- 	char *host=SSL_HOST_NAME;
- 	char *cert_file=NULL,*key_file=NULL,*chain_file=NULL;
-@@ -647,7 +652,11 @@
- #endif
- 	char *sess_in = NULL;
- 	char *sess_out = NULL;
--	struct sockaddr peer;
-+#if OPENSSL_USE_IPV6
-+	struct sockaddr_storage peer;
-+#else
-+	struct sockaddr_in peer;
-+#endif
- 	int peerlen = sizeof(peer);
- 	int enable_timeouts = 0 ;
- 	long socket_mtu = 0;
-@@ -674,6 +683,12 @@
- 
- 	meth=SSLv23_client_method();
- 
-+	use_ipv4 = 1;
-+#if OPENSSL_USE_IPV6
-+	use_ipv6 = 1;
-+#else
-+	use_ipv6 = 0;
-+#endif
- 	apps_startup();
- 	c_Pause=0;
- 	c_quiet=0;
-@@ -1079,6 +1094,18 @@
- 			jpake_secret = *++argv;
- 			}
- #endif
-+		else if (strcmp(*argv,"-4") == 0)
-+			{
-+			use_ipv4 = 1;
-+			use_ipv6 = 0;
-+			}
-+#if OPENSSL_USE_IPV6
-+		else if (strcmp(*argv,"-6") == 0)
-+			{
-+			use_ipv4 = 0;
-+			use_ipv6 = 1;
-+			}
-+#endif
- 		else if (strcmp(*argv,"-use_srtp") == 0)
- 			{
- 			if (--argc < 1) goto bad;
-@@ -1445,7 +1472,7 @@
- 
- re_start:
- 
--	if (init_client(&s,host,port,socket_type) == 0)
-+	if (init_client(&s,host,port,socket_type,use_ipv4,use_ipv6) == 0)
- 		{
- 		BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
- 		SHUTDOWN(s);
-@@ -1471,7 +1498,7 @@
- 		{
- 
- 		sbio=BIO_new_dgram(s,BIO_NOCLOSE);
--		if (getsockname(s, &peer, (void *)&peerlen) < 0)
-+		if (getsockname(s, (struct sockaddr *)&peer, (void *)&peerlen) < 0)
- 			{
- 			BIO_printf(bio_err, "getsockname:errno=%d\n",
- 				get_last_socket_error());
---- openssl-1.0.2-beta2/apps/s_server.c
-+++ openssl-1.0.2-beta2/apps/s_server.c
-@@ -584,6 +584,10 @@
-         BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
- 	BIO_printf(bio_err," -alpn arg  - set the advertised protocols for the ALPN extension (comma-separated list)\n");
- #endif
-+	BIO_printf(bio_err," -4            - use IPv4 only\n");
-+#if OPENSSL_USE_IPV6
-+	BIO_printf(bio_err," -6            - use IPv6 only\n");
-+#endif
- 	BIO_printf(bio_err," -keymatexport label   - Export keying material using label\n");
- 	BIO_printf(bio_err," -keymatexportlen len  - Export len bytes of keying material (default 20)\n");
- 	BIO_printf(bio_err," -status           - respond to certificate status requests\n");
-@@ -1014,6 +1018,7 @@
- 	int state=0;
- 	const SSL_METHOD *meth=NULL;
- 	int socket_type=SOCK_STREAM;
-+	int use_ipv4, use_ipv6;
- 	ENGINE *e=NULL;
- 	char *inrand=NULL;
- 	int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
-@@ -1055,6 +1060,12 @@
- 
- 	meth=SSLv23_server_method();
- 
-+	use_ipv4 = 1;
-+#if OPENSSL_USE_IPV6
-+	use_ipv6 = 1;
-+#else
-+	use_ipv6 = 0;
-+#endif
- 	local_argc=argc;
- 	local_argv=argv;
- 
-@@ -1493,6 +1504,18 @@
- 			jpake_secret = *(++argv);
- 			}
- #endif
-+		else if (strcmp(*argv,"-4") == 0)
-+			{
-+			use_ipv4 = 1;
-+			use_ipv6 = 0;
-+			}
-+#if OPENSSL_USE_IPV6
-+		else if (strcmp(*argv,"-6") == 0)
-+			{
-+			use_ipv4 = 0;
-+			use_ipv6 = 1;
-+			}
-+#endif
- 		else if (strcmp(*argv,"-use_srtp") == 0)
- 			{
- 			if (--argc < 1) goto bad;
-@@ -2063,11 +2086,11 @@
- 	BIO_printf(bio_s_out,"ACCEPT\n");
- 	(void)BIO_flush(bio_s_out);
- 	if (rev)
--		do_server(port,socket_type,&accept_socket,rev_body, context, naccept);
-+		do_server(port,socket_type,&accept_socket,rev_body, context, naccept, use_ipv4, use_ipv6);
- 	else if (www)
--		do_server(port,socket_type,&accept_socket,www_body, context, naccept);
-+		do_server(port,socket_type,&accept_socket,www_body, context, naccept, use_ipv4, use_ipv6);
- 	else
--		do_server(port,socket_type,&accept_socket,sv_body, context, naccept);
-+		do_server(port,socket_type,&accept_socket,sv_body, context, naccept, use_ipv4, use_ipv6);
- 	print_stats(bio_s_out,ctx);
- 	ret=0;
- end:
---- openssl-1.0.2-beta2/apps/s_socket.c
-+++ openssl-1.0.2-beta2/apps/s_socket.c
-@@ -97,16 +97,16 @@
- #include "netdb.h"
- #endif
- 
--static struct hostent *GetHostByName(char *name);
-+static struct hostent *GetHostByName(char *name, int domain);
- #if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
- static void ssl_sock_cleanup(void);
- #endif
- static int ssl_sock_init(void);
--static int init_client_ip(int *sock,unsigned char ip[4], int port, int type);
--static int init_server(int *sock, int port, int type);
--static int init_server_long(int *sock, int port,char *ip, int type);
-+static int init_client_ip(int *sock,unsigned char *ip, int port, int type, int domain);
-+static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6);
-+static int init_server_long(int *sock, int port,char *ip, int type, int use_ipv4, int use_ipv6);
- static int do_accept(int acc_sock, int *sock, char **host);
--static int host_ip(char *str, unsigned char ip[4]);
-+static int host_ip(char *str, unsigned char *ip, int domain);
- 
- #ifdef OPENSSL_SYS_WIN16
- #define SOCKET_PROTOCOL	0 /* more microsoft stupidity */
-@@ -234,38 +234,68 @@
- 	return(1);
- 	}
- 
--int init_client(int *sock, char *host, int port, int type)
-+int init_client(int *sock, char *host, int port, int type, int use_ipv4, int use_ipv6)
- 	{
-+#if OPENSSL_USE_IPV6
-+	unsigned char ip[16];
-+#else
- 	unsigned char ip[4];
-+#endif
- 
--	memset(ip, '\0', sizeof ip);
--	if (!host_ip(host,&(ip[0])))
--		return 0;
--	return init_client_ip(sock,ip,port,type);
--	}
--
--static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
--	{
--	unsigned long addr;
-+	if (use_ipv4)
-+		if (host_ip(host,ip,AF_INET))
-+			return(init_client_ip(sock,ip,port,type,AF_INET));
-+#if OPENSSL_USE_IPV6
-+	if (use_ipv6)
-+		if (host_ip(host,ip,AF_INET6))
-+			return(init_client_ip(sock,ip,port,type,AF_INET6));
-+#endif
-+	return 0;
-+	}
-+
-+static int init_client_ip(int *sock, unsigned char ip[4], int port, int type, int domain)
-+	{
-+#if OPENSSL_USE_IPV6
-+	struct sockaddr_storage them;
-+	struct sockaddr_in *them_in = (struct sockaddr_in *)&them;
-+	struct sockaddr_in6 *them_in6 = (struct sockaddr_in6 *)&them;
-+#else
- 	struct sockaddr_in them;
-+	struct sockaddr_in *them_in = &them;
-+#endif
-+	socklen_t addr_len;
- 	int s,i;
- 
- 	if (!ssl_sock_init()) return(0);
- 
- 	memset((char *)&them,0,sizeof(them));
--	them.sin_family=AF_INET;
--	them.sin_port=htons((unsigned short)port);
--	addr=(unsigned long)
--		((unsigned long)ip[0]<<24L)|
--		((unsigned long)ip[1]<<16L)|
--		((unsigned long)ip[2]<< 8L)|
--		((unsigned long)ip[3]);
--	them.sin_addr.s_addr=htonl(addr);
-+	if (domain == AF_INET)
-+		{
-+		addr_len = (socklen_t)sizeof(struct sockaddr_in);
-+		them_in->sin_family=AF_INET;
-+		them_in->sin_port=htons((unsigned short)port);
-+#ifndef BIT_FIELD_LIMITS
-+		memcpy(&them_in->sin_addr.s_addr, ip, 4);
-+#else
-+		memcpy(&them_in->sin_addr, ip, 4);
-+#endif
-+		}
-+	else
-+#if OPENSSL_USE_IPV6
-+		{
-+		addr_len = (socklen_t)sizeof(struct sockaddr_in6);
-+		them_in6->sin6_family=AF_INET6;
-+		them_in6->sin6_port=htons((unsigned short)port);
-+		memcpy(&(them_in6->sin6_addr), ip, sizeof(struct in6_addr));
-+		}
-+#else
-+		return(0);
-+#endif
- 
- 	if (type == SOCK_STREAM)
--		s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
-+		s=socket(domain,SOCK_STREAM,SOCKET_PROTOCOL);
- 	else /* ( type == SOCK_DGRAM) */
--		s=socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP);
-+		s=socket(domain,SOCK_DGRAM,IPPROTO_UDP);
- 			
- 	if (s == INVALID_SOCKET) { perror("socket"); return(0); }
- 
-@@ -277,29 +307,27 @@
- 		if (i < 0) { closesocket(s); perror("keepalive"); return(0); }
- 		}
- #endif
--
--	if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1)
-+	if (connect(s,(struct sockaddr *)&them,addr_len) == -1)
- 		{ closesocket(s); perror("connect"); return(0); }
- 	*sock=s;
- 	return(1);
- 	}
- 
--int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, int stype, unsigned char *context), unsigned char *context, int naccept)
-+int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, int stype, unsigned char *context), unsigned char *context, int naccept, int use_ipv4, int use_ipv6)
- 	{
- 	int sock;
- 	char *name = NULL;
- 	int accept_socket = 0;
- 	int i;
- 
--	if (!init_server(&accept_socket,port,type)) return(0);
--
-+	if (!init_server(&accept_socket,port,type, use_ipv4, use_ipv6)) return(0);
- 	if (ret != NULL)
- 		{
- 		*ret=accept_socket;
- 		/* return(1);*/
- 		}
--  	for (;;)
--  		{
-+	for (;;)
-+		{
- 		if (type==SOCK_STREAM)
- 			{
- 			if (do_accept(accept_socket,&sock,&name) == 0)
-@@ -324,41 +352,88 @@
- 		}
- 	}
- 
--static int init_server_long(int *sock, int port, char *ip, int type)
-+static int init_server_long(int *sock, int port, char *ip, int type, int use_ipv4, int use_ipv6)
- 	{
- 	int ret=0;
-+	int domain;
-+#if OPENSSL_USE_IPV6
-+	struct sockaddr_storage server;
-+	struct sockaddr_in *server_in = (struct sockaddr_in *)&server;
-+	struct sockaddr_in6 *server_in6 = (struct sockaddr_in6 *)&server;
-+#else
- 	struct sockaddr_in server;
-+	struct sockaddr_in *server_in = &server;
-+#endif
-+	socklen_t addr_len;
- 	int s= -1;
- 
-+	if (!use_ipv4 && !use_ipv6)
-+		goto err;
-+#if OPENSSL_USE_IPV6
-+	/* we are fine here */
-+#else
-+	if (use_ipv6)
-+		goto err;
-+#endif
- 	if (!ssl_sock_init()) return(0);
- 
--	memset((char *)&server,0,sizeof(server));
--	server.sin_family=AF_INET;
--	server.sin_port=htons((unsigned short)port);
--	if (ip == NULL)
--		server.sin_addr.s_addr=INADDR_ANY;
--	else
--/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
--#ifndef BIT_FIELD_LIMITS
--		memcpy(&server.sin_addr.s_addr,ip,4);
-+#if OPENSSL_USE_IPV6
-+	domain = use_ipv6 ? AF_INET6 : AF_INET;
- #else
--		memcpy(&server.sin_addr,ip,4);
-+	domain = AF_INET;
- #endif
--	
--		if (type == SOCK_STREAM)
--			s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
--		else /* type == SOCK_DGRAM */
--			s=socket(AF_INET, SOCK_DGRAM,IPPROTO_UDP);
-+	if (type == SOCK_STREAM)
-+		s=socket(domain,SOCK_STREAM,SOCKET_PROTOCOL);
-+	else /* type == SOCK_DGRAM */
-+		s=socket(domain, SOCK_DGRAM,IPPROTO_UDP);
- 
- 	if (s == INVALID_SOCKET) goto err;
- #if defined SOL_SOCKET && defined SO_REUSEADDR
-+	{
-+	int j = 1;
-+	setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
-+		   (void *) &j, sizeof j);
-+	}
-+#endif
-+#if OPENSSL_USE_IPV6
-+	if ((use_ipv4 == 0) && (use_ipv6 == 1))
-+		{
-+		const int on = 1;
-+
-+		setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY,
-+		           (const void *) &on, sizeof(int));
-+		}
-+#endif
-+	if (domain == AF_INET)
-+		{
-+		addr_len = (socklen_t)sizeof(struct sockaddr_in);
-+		memset(server_in, 0, sizeof(struct sockaddr_in));
-+		server_in->sin_family=AF_INET;
-+		server_in->sin_port = htons((unsigned short)port);
-+		if (ip == NULL)
-+			server_in->sin_addr.s_addr = htonl(INADDR_ANY);
-+		else
-+/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
-+#ifndef BIT_FIELD_LIMITS
-+			memcpy(&server_in->sin_addr.s_addr, ip, 4);
-+#else
-+			memcpy(&server_in->sin_addr, ip, 4);
-+#endif
-+		}
-+#if OPENSSL_USE_IPV6
-+	else
- 		{
--		int j = 1;
--		setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
--			   (void *) &j, sizeof j);
-+		addr_len = (socklen_t)sizeof(struct sockaddr_in6);
-+		memset(server_in6, 0, sizeof(struct sockaddr_in6));
-+		server_in6->sin6_family = AF_INET6;
-+		server_in6->sin6_port = htons((unsigned short)port);
-+		if (ip == NULL)
-+			server_in6->sin6_addr = in6addr_any;
-+		else
-+			memcpy(&server_in6->sin6_addr, ip, sizeof(struct in6_addr));
- 		}
- #endif
--	if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)
-+	if (bind(s, (struct sockaddr *)&server, addr_len) == -1)
- 		{
- #ifndef OPENSSL_SYS_WINDOWS
- 		perror("bind");
-@@ -377,16 +452,23 @@
- 	return(ret);
- 	}
- 
--static int init_server(int *sock, int port, int type)
-+static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6)
- 	{
--	return(init_server_long(sock, port, NULL, type));
-+	return(init_server_long(sock, port, NULL, type, use_ipv4, use_ipv6));
- 	}
- 
- static int do_accept(int acc_sock, int *sock, char **host)
- 	{
- 	int ret;
- 	struct hostent *h1,*h2;
--	static struct sockaddr_in from;
-+#if OPENSSL_USE_IPV6
-+	struct sockaddr_storage from;
-+	struct sockaddr_in *from_in = (struct sockaddr_in *)&from;
-+	struct sockaddr_in6 *from_in6 = (struct sockaddr_in6 *)&from;
-+#else
-+	struct sockaddr_in from;
-+	struct sockaddr_in *from_in = &from;
-+#endif
- 	int len;
- /*	struct linger ling; */
- 
-@@ -433,13 +515,23 @@
- */
- 
- 	if (host == NULL) goto end;
-+#if OPENSSL_USE_IPV6
-+	if (from.ss_family == AF_INET)
-+#else
-+	if (from.sin_family == AF_INET)
-+#endif
- #ifndef BIT_FIELD_LIMITS
--	/* I should use WSAAsyncGetHostByName() under windows */
--	h1=gethostbyaddr((char *)&from.sin_addr.s_addr,
--		sizeof(from.sin_addr.s_addr),AF_INET);
-+		/* I should use WSAAsyncGetHostByName() under windows */
-+		h1=gethostbyaddr((char *)&from_in->sin_addr.s_addr,
-+		                 sizeof(from_in->sin_addr.s_addr), AF_INET);
- #else
--	h1=gethostbyaddr((char *)&from.sin_addr,
--		sizeof(struct in_addr),AF_INET);
-+		h1=gethostbyaddr((char *)&from_in->sin_addr,
-+		                 sizeof(struct in_addr), AF_INET);
-+#endif
-+#if OPENSSL_USE_IPV6
-+	else
-+		h1=gethostbyaddr((char *)&from_in6->sin6_addr,
-+		                 sizeof(struct in6_addr), AF_INET6);
- #endif
- 	if (h1 == NULL)
- 		{
-@@ -457,16 +549,24 @@
- 			}
- 		BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1);
- 
--		h2=GetHostByName(*host);
-+#if OPENSSL_USE_IPV6
-+		h2=GetHostByName(*host, from.ss_family);
-+#else
-+		h2=GetHostByName(*host, from.sin_family);
-+#endif
- 		if (h2 == NULL)
- 			{
- 			BIO_printf(bio_err,"gethostbyname failure\n");
- 			closesocket(ret);
- 			return(0);
- 			}
--		if (h2->h_addrtype != AF_INET)
-+#if OPENSSL_USE_IPV6
-+		if (h2->h_addrtype != from.ss_family)
-+#else
-+		if (h2->h_addrtype != from.sin_family)
-+#endif
- 			{
--			BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
-+			BIO_printf(bio_err,"gethostbyname addr is not correct\n");
- 			closesocket(ret);
- 			return(0);
- 			}
-@@ -482,7 +582,7 @@
- 	char *h,*p;
- 
- 	h=str;
--	p=strchr(str,':');
-+	p=strrchr(str,':');
- 	if (p == NULL)
- 		{
- 		BIO_printf(bio_err,"no port defined\n");
-@@ -490,7 +590,7 @@
- 		}
- 	*(p++)='\0';
- 
--	if ((ip != NULL) && !host_ip(str,ip))
-+	if ((ip != NULL) && !host_ip(str,ip,AF_INET))
- 		goto err;
- 	if (host_ptr != NULL) *host_ptr=h;
- 
-@@ -501,48 +601,58 @@
- 	return(0);
- 	}
- 
--static int host_ip(char *str, unsigned char ip[4])
-+static int host_ip(char *str, unsigned char *ip, int domain)
- 	{
--	unsigned int in[4]; 
-+	unsigned int in[4];
-+	unsigned long l;
- 	int i;
- 
--	if (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4)
-+	if ((domain == AF_INET) &&
-+	    (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4))
- 		{
-+		
- 		for (i=0; i<4; i++)
- 			if (in[i] > 255)
- 				{
- 				BIO_printf(bio_err,"invalid IP address\n");
- 				goto err;
- 				}
--		ip[0]=in[0];
--		ip[1]=in[1];
--		ip[2]=in[2];
--		ip[3]=in[3];
--		}
-+		l=htonl((in[0]<<24L)|(in[1]<<16L)|(in[2]<<8L)|in[3]);
-+		memcpy(ip, &l, 4);
-+		return 1;
-+		}
-+#if OPENSSL_USE_IPV6
-+	else if ((domain == AF_INET6) &&
-+	         (inet_pton(AF_INET6, str, ip) == 1))
-+	         return 1;
-+#endif
- 	else
- 		{ /* do a gethostbyname */
- 		struct hostent *he;
- 
- 		if (!ssl_sock_init()) return(0);
- 
--		he=GetHostByName(str);
-+		he=GetHostByName(str,domain);
- 		if (he == NULL)
- 			{
- 			BIO_printf(bio_err,"gethostbyname failure\n");
- 			goto err;
- 			}
- 		/* cast to short because of win16 winsock definition */
--		if ((short)he->h_addrtype != AF_INET)
-+		if ((short)he->h_addrtype != domain)
- 			{
--			BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
-+			BIO_printf(bio_err,"gethostbyname addr family is not correct\n");
- 			return(0);
- 			}
--		ip[0]=he->h_addr_list[0][0];
--		ip[1]=he->h_addr_list[0][1];
--		ip[2]=he->h_addr_list[0][2];
--		ip[3]=he->h_addr_list[0][3];
-+		if (domain == AF_INET)
-+			memset(ip, 0, 4);
-+#if OPENSSL_USE_IPV6
-+		else
-+			memset(ip, 0, 16);
-+#endif
-+		memcpy(ip, he->h_addr_list[0], he->h_length);
-+		return 1;
- 		}
--	return(1);
- err:
- 	return(0);
- 	}
-@@ -579,7 +689,7 @@
- static unsigned long ghbn_hits=0L;
- static unsigned long ghbn_miss=0L;
- 
--static struct hostent *GetHostByName(char *name)
-+static struct hostent *GetHostByName(char *name, int domain)
- 	{
- 	struct hostent *ret;
- 	int i,lowi=0;
-@@ -594,14 +704,20 @@
- 			}
- 		if (ghbn_cache[i].order > 0)
- 			{
--			if (strncmp(name,ghbn_cache[i].name,128) == 0)
-+			if ((strncmp(name,ghbn_cache[i].name,128) == 0) &&
-+			    (ghbn_cache[i].ent.h_addrtype == domain))
- 				break;
- 			}
- 		}
- 	if (i == GHBN_NUM) /* no hit*/
- 		{
- 		ghbn_miss++;
--		ret=gethostbyname(name);
-+		if (domain == AF_INET)
-+			ret=gethostbyname(name);
-+#if OPENSSL_USE_IPV6
-+		else
-+			ret=gethostbyname2(name, AF_INET6);
-+#endif
- 		if (ret == NULL) return(NULL);
- 		/* else add to cache */
- 		if(strlen(name) < sizeof ghbn_cache[0].name)
diff --git a/dev-libs/openssl/metadata.xml b/dev-libs/openssl/metadata.xml
index d6bf0bcf4a41..d5ef6de3c554 100644
--- a/dev-libs/openssl/metadata.xml
+++ b/dev-libs/openssl/metadata.xml
@@ -4,6 +4,8 @@
 <herd>base-system</herd>
 <use>
  <flag name='bindist'>Disable EC/RC5 algorithms (as they seem to be patented) -- note: changes the ABI</flag>
+ <flag name='sctp'>Support for Stream Control Transmission Protocol</flag>
+ <flag name='ssl2'>Support for deprecated (and broken) SSLv2 protocol</flag>
  <flag name='rfc3779'>Enable support for RFC 3779 (X.509 Extensions for IP Addresses and AS Identifiers)</flag>
  <flag name='tls-heartbeat'>Enable the Heartbeat Extension in TLS and DTLS</flag>
 </use>
diff --git a/dev-libs/openssl/openssl-1.0.2_beta3.ebuild b/dev-libs/openssl/openssl-1.0.2.ebuild
index a715b3125195..3ec7bfa81fb6 100644
--- a/dev-libs/openssl/openssl-1.0.2_beta3.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2.ebuild
@@ -1,6 +1,6 @@
-# Copyright 1999-2014 Gentoo Foundation
+# Copyright 1999-2015 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-1.0.2_beta3.ebuild,v 1.1 2014/09/26 06:05:53 polynomial-c Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-1.0.2.ebuild,v 1.1 2015/01/23 11:19:23 polynomial-c Exp $
 
 EAPI="4"
 
@@ -15,8 +15,8 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-#KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
-IUSE="bindist gmp kerberos rfc3779 sse2 static-libs test +tls-heartbeat vanilla zlib"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+IUSE="bindist gmp kerberos rfc3779 sctp sse2 ssl2 static-libs test +tls-heartbeat vanilla zlib"
 
 # The blocks are temporary just to make sure people upgrade to a
 # version that lack runtime version checking.  We'll drop them in
@@ -33,6 +33,7 @@ RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
 DEPEND="${RDEPEND}
 	sys-apps/diffutils
 	>=dev-lang/perl-5
+	sctp? ( net-misc/lksctp-tools )
 	test? ( sys-devel/bc )"
 PDEPEND="app-misc/ca-certificates"
 
@@ -58,8 +59,8 @@ src_prepare() {
 		epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421
 		epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743
 		epatch "${FILESDIR}"/${PN}-1.0.2-parallel-build.patch
-		epatch "${FILESDIR}"/${PN}-1.0.2_beta2-ipv6.patch
-		epatch "${FILESDIR}"/${PN}-1.0.1e-s_client-verify.patch #472584
+		epatch "${FILESDIR}"/${PN}-1.0.2-ipv6.patch
+		epatch "${FILESDIR}"/${PN}-1.0.2-s_client-verify.patch #472584
 
 		epatch_user #332661
 	fi
@@ -143,7 +144,9 @@ multilib_src_configure() {
 	echoit \
 	./${config} \
 		${sslout} \
+		$(use sctp && echo "sctp") \
 		$(use sse2 || echo "no-sse2") \
+		$(use ssl2 || echo "no-ssl2") \
 		enable-camellia \
 		$(use_ssl !bindist ec) \
 		${ec_nistp_64_gcc_128} \