Index: Mk/Scripts/qa.sh
===================================================================
--- Mk/Scripts/qa.sh
+++ Mk/Scripts/qa.sh
@@ -96,6 +96,7 @@
 
 baselibs() {
 	local rc
+	local found_ssl
 	[ "${PKGBASE}" = "pkg" -o "${PKGBASE}" = "pkg-devel" ] && return
 	while read f; do
 		case ${f} in
@@ -107,12 +108,20 @@
 			err "Bad linking on ${f##* } please add USES=libedit"
 			rc=1
 			;;
+		*NEEDED*\[libcrypto.so.*]|*NEEDED*\[libssl.so.*])
+			found_ssl=1
+			;;
 		esac
 	done <<-EOF
 	$(find ${STAGEDIR}${PREFIX}/bin ${STAGEDIR}${PREFIX}/sbin \
 		${STAGEDIR}${PREFIX}/lib ${STAGEDIR}${PREFIX}/libexec \
 		-type f -exec readelf -d {} + 2>/dev/null)
 	EOF
+	if [ -z "${USESOPENSSL}" -a -n "${found_ssl}" ]; then
+		warn "you need USES=openssl"
+	elif [ -n "${USESOPENSSL}" -a -z "${found_ssl}" ]; then
+		warn "you may not need USES=openssl"
+	fi
 	return ${rc}
 }
 
Index: Mk/Uses/openssl.mk
===================================================================
--- Mk/Uses/openssl.mk
+++ Mk/Uses/openssl.mk
@@ -1,35 +1,54 @@
 #
-# $FreeBSD: head/Mk/bsd.openssl.mk 407614 2016-01-31 11:51:36Z brnrd $
-# bsd.openssl.mk - Support for OpenSSL based ports.
+# $FreeBSD:  407614 2016-01-31 11:51:36Z brnrd $
 #
-# Use of 'USE_OPENSSL=yes' includes this Makefile after bsd.ports.pre.mk
+# Provide support for ports using OpenSSL libraries
 #
-# The user/port can now set these options in the Makefiles.
+# Feature:	openssl
+# Usage: 	USES=openssl or USES=openssl:ARGS
+# Valid ARGS:	rpath, base, port
 #
-# WITH_OPENSSL_BASE=yes	- Use the version in the base system.
-# WITH_OPENSSL_PORT=yes	- Use the OpenSSL port, even if base is up to date.
+# rpath		The port requires RFLAGS options in CFLAGS,
+#		for ports that don't support LDFLAGS
+# base:		The port needs openssl libraries in the base system
+# ports:	The port needs openssl libraries from ports
 #
-# USE_OPENSSL_RPATH=yes	- Pass RFLAGS options in CFLAGS,
-#			  needed for ports who don't use LDFLAGS.
+# The user can set these options in /etc/make.conf
+#
+# WITH_OPENSSL_BASE	- Use the version in the base system.
+# WITH_OPENSSL_PORT	- Use the OpenSSL port, even if base is up to date.
 #
 # Overrideable defaults:
 #
-# OPENSSL_SHLIBVER=	8
 # OPENSSL_PORT=		security/openssl
+# OPENSSL_SHLIBVER=	8
+#
+# Variables set after <bsd.port.pre.mk>
 #
-# The Makefile sets these variables:
-# OPENSSLBASE		- "/usr" or ${LOCALBASE}
-# OPENSSLDIR		- path to openssl
-# OPENSSLLIB		- path to the libs
-# OPENSSLINC		- path to the matching includes
-# OPENSSLRPATH		- rpath for dynamic linker
-#
-# MAKE_ENV		- extended with the variables above
-# CONFIGURE_ENV		- extended with LDFLAGS
-# BUILD_DEPENDS		- are added if needed
-# RUN_DEPENDS		- are added if needed
+# OPENSSLBASE:		"/usr" or ${LOCALBASE}
+# OPENSSLDIR:		path to openssl
+# OPENSSLLIB:		path to the libs
+# OPENSSLINC:		path to the matching includes
+# OPENSSLRPATH:		rpath for dynamic linker
+#
+# MAKE_ENV:		extended with the variables above
+# CONFIGURE_ENV:	extended with LDFLAGS
+# BUILD_DEPENDS:	added if needed
+# RUN_DEPENDS:		added if needed
+#
+# MAINTAINER:		dinoex@FreeBSD.org
+
+VALID_ARGS=	base ports libressl
 
-OpenSSL_Include_MAINTAINER=	dinoex@FreeBSD.org
+# Merge USES args with make.conf options
+.if ${openssl_ARGS:Mbase}
+WITH_OPENSSL_BASE=	yes
+.endif
+.if ${openssl_ARGS:Mport}
+WITH_OPENSSL_PORT=	yes
+.endif
+.if ${openssl_ARGS:Mrpath}
+USE_OPENSSL_RPATH=	yes
+.endif
 
 #	If no preference was set, check for an installed base version
 #	but give an installed port preference over it.
@@ -97,7 +116,6 @@
 OPENSSL_INSTALLED!=	${PKG_BIN} ${PKGARGS} which -qo ${LOCALBASE}/lib/libcrypto.so || :
 .endif
 .if defined(OPENSSL_INSTALLED) && ${OPENSSL_INSTALLED} != ""
-OPENSSL_PORT=		${OPENSSL_INSTALLED}
 OPENSSL_SHLIBFILE!=	${PKG_INFO} -ql ${OPENSSL_INSTALLED} | ${GREP} "^`${PKG_QUERY} "%p" ${OPENSSL_INSTALLED}`/lib/libcrypto.so.[0-9]*$$"
 OPENSSL_SHLIBVER?=	${OPENSSL_SHLIBFILE:E}
 .else
@@ -105,11 +123,20 @@
 .endif
 .endif
 
-# LibreSSL specific SHLIBVER
+.if ${OPENSSL_PORT:Mlibressl} && ${OPENSSL_INSTALLED:Mopenssl}
+check-depends::
+	@${ECHO_CMD} "Dependency error: This port requires the LibreSSL libraries but the"
+	@${ECHO_CMD} "OpenSSL port is installed on this system. These two ports conflict,"
+	@${ECHO_CMD} "you must uninstall the OpenSSL port prior to building this port."
+	@${FALSE}
+.endif
+
 .if   defined(OPENSSL_PORT) && ${OPENSSL_PORT} == security/libressl
 OPENSSL_SHLIBVER?=	35
 .elif defined(OPENSSL_PORT) && ${OPENSSL_PORT} == security/libressl-devel
 OPENSSL_SHLIBVER?=	37
+.elif defined(OPENSSL_INSTALLED) && !defined(OPENSSL_PORT)
+OPENSSL_PORT=	${OPENSSL_INSTALLED}
 .endif
 
 # default
Index: Mk/bsd.openssl.mk
===================================================================
--- Mk/bsd.openssl.mk
+++ Mk/bsd.openssl.mk
@@ -31,115 +31,21 @@
 
 OpenSSL_Include_MAINTAINER=	dinoex@FreeBSD.org
 
-#	If no preference was set, check for an installed base version
-#	but give an installed port preference over it.
-.if	!defined(WITH_OPENSSL_BASE) && \
-	!defined(WITH_OPENSSL_PORT) && \
-	!exists(${DESTDIR}/${LOCALBASE}/lib/libcrypto.so) && \
-	exists(${DESTDIR}/usr/include/openssl/opensslv.h)
-WITH_OPENSSL_BASE=yes
-.endif
-
 .if defined(WITH_OPENSSL_BASE)
-OPENSSLBASE=		/usr
-OPENSSLDIR?=		/etc/ssl
-
-.if !exists(${DESTDIR}/usr/lib/libcrypto.so)
-check-depends::
-	@${ECHO_CMD} "Dependency error: This port requires the OpenSSL library, which is part of"
-	@${ECHO_CMD} "the FreeBSD crypto distribution, but not installed on your"
-	@${ECHO_CMD} "machine. Please see the \"OpenSSL\" section in the handbook"
-	@${ECHO_CMD} "(at \"http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/openssl.html\", for instance)"
-	@${ECHO_CMD} "for instructions on how to obtain and install the FreeBSD"
-	@${ECHO_CMD} "OpenSSL distribution."
-	@${FALSE}
-.endif
-.if exists(${LOCALBASE}/lib/libcrypto.so)
-check-depends::
-	@${ECHO_CMD} "Dependency error: This port wants the OpenSSL library from the FreeBSD"
-	@${ECHO_CMD} "base system. You can't build against it, while a newer"
-	@${ECHO_CMD} "version is installed by a port."
-	@${ECHO_CMD} "Please deinstall the port or undefine WITH_OPENSSL_BASE."
-	@${FALSE}
+USES_ARGS=	base
 .endif
-
-# OpenSSL in the base system may not include IDEA for patent licensing reasons.
-.if defined(MAKE_IDEA) && !defined(OPENSSL_IDEA)
-OPENSSL_IDEA=		${MAKE_IDEA}
-.else
-OPENSSL_IDEA?=		NO
+.if defined(WITH_OPENSSL_PORT)
+USES_ARGS=	port
 .endif
-
-.if ${OPENSSL_IDEA} == "NO"
-# XXX This is a hack to work around the fact that /etc/make.conf clobbers
-#     our CFLAGS. It might not be enough for all future ports.
-.if defined(HAS_CONFIGURE)
-CFLAGS+=		-DNO_IDEA
-.else
-OPENSSL_CFLAGS+=	-DNO_IDEA
+.if defined(USE_OPENSSL_RPATH)
+.if defined(USES_ARGS)
+USES_ARGS+=	,
 .endif
-MAKE_ARGS+=		OPENSSL_CFLAGS="${OPENSSL_CFLAGS}"
+USES_ARGS+=	rpath
 .endif
 
+.if defined(USES_ARGS)
+USES+=	openssl:${USES_ARGS}
 .else
-
-OPENSSLBASE=		${LOCALBASE}
-.if	!defined(OPENSSL_PORT) && \
-	exists(${DESTDIR}/${LOCALBASE}/lib/libcrypto.so)
-# find installed port and use it for dependency
-PKG_DBDIR?=		${DESTDIR}/var/db/pkg
-.if !defined(OPENSSL_INSTALLED)
-.if defined(DESTDIR)
-PKGARGS=	-c ${DESTDIR}
-.else
-PKGARGS=
-.endif
-OPENSSL_INSTALLED!=	${PKG_BIN} ${PKGARGS} which -qo ${LOCALBASE}/lib/libcrypto.so || :
-.endif
-.if defined(OPENSSL_INSTALLED) && ${OPENSSL_INSTALLED} != ""
-OPENSSL_PORT=		${OPENSSL_INSTALLED}
-OPENSSL_SHLIBFILE!=	${PKG_INFO} -ql ${OPENSSL_INSTALLED} | ${GREP} "^`${PKG_QUERY} "%p" ${OPENSSL_INSTALLED}`/lib/libcrypto.so.[0-9]*$$"
-OPENSSL_SHLIBVER?=	${OPENSSL_SHLIBFILE:E}
-.else
-# PKG_DBDIR was not found
-.endif
+USES+=	openssl
 .endif
-
-# LibreSSL specific SHLIBVER
-.if   defined(OPENSSL_PORT) && ${OPENSSL_PORT} == security/libressl
-OPENSSL_SHLIBVER?=	35
-.elif defined(OPENSSL_PORT) && ${OPENSSL_PORT} == security/libressl-devel
-OPENSSL_SHLIBVER?=	37
-.endif
-
-# default
-OPENSSL_PORT?=		security/openssl
-OPENSSL_SHLIBVER?=	8
-
-OPENSSLDIR?=		${OPENSSLBASE}/openssl
-BUILD_DEPENDS+=		${LOCALBASE}/lib/libcrypto.so.${OPENSSL_SHLIBVER}:${PORTSDIR}/${OPENSSL_PORT}
-RUN_DEPENDS+=		${LOCALBASE}/lib/libcrypto.so.${OPENSSL_SHLIBVER}:${PORTSDIR}/${OPENSSL_PORT}
-OPENSSLRPATH=		${LOCALBASE}/lib
-
-.endif
-
-OPENSSLLIB=		${OPENSSLBASE}/lib
-OPENSSLINC=		${OPENSSLBASE}/include
-
-MAKE_ENV+=		OPENSSLBASE=${OPENSSLBASE}
-MAKE_ENV+=		OPENSSLDIR=${OPENSSLDIR}
-MAKE_ENV+=		OPENSSLINC=${OPENSSLINC}
-MAKE_ENV+=		OPENSSLLIB=${OPENSSLLIB}
-
-.if defined(OPENSSLRPATH)
-.if defined(USE_OPENSSL_RPATH)
-CFLAGS+=		-Wl,-rpath,${OPENSSLRPATH}
-.endif
-MAKE_ENV+=		OPENSSLRPATH=${OPENSSLRPATH}
-OPENSSL_LDFLAGS+=	-Wl,-rpath,${OPENSSLRPATH}
-.endif
-
-LDFLAGS+=		${OPENSSL_LDFLAGS}
-
-### crypto
-#RESTRICTED=		"Contains cryptography."
Index: Mk/bsd.sanity.mk
===================================================================
--- Mk/bsd.sanity.mk
+++ Mk/bsd.sanity.mk
@@ -166,7 +166,7 @@
 		USE_PYTHON_PREFIX USE_BZIP2 USE_XZ USE_PGSQL NEED_ROOT \
 		UNIQUENAME LATEST_LINK
 SANITY_DEPRECATED=	PYTHON_PKGNAMESUFFIX USE_AUTOTOOLS PLIST_DIRSTRY USE_SQLITE \
-			USE_FIREBIRD
+			USE_FIREBIRD USE_OPENSSL
 SANITY_NOTNEEDED=	WX_UNICODE
 
 USE_AUTOTOOLS_ALT=	USES=autoreconf and GNU_CONFIGURE=yes
@@ -207,6 +207,7 @@
 PLIST_DIRSTRY_ALT=	PLIST_DIRS
 USE_SQLITE_ALT=		USES=sqlite
 USE_FIREBIRD_ALT=	USES=firebird
+USE_OPENSSL_ALT=	USES=openssl
 
 .for a in ${SANITY_DEPRECATED}
 .if defined(${a})