--- configure
+++ configure
@@ -14030,13 +14030,25 @@
 done
 
     OLDLIBS="$LIBS"
-    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for BIO_f_base64 in -lcrypto" >&5
-$as_echo_n "checking for BIO_f_base64 in -lcrypto... " >&6; }
-if ${ac_cv_lib_crypto_BIO_f_base64+:} false; then :
+    if [ -n "$OPENSSL_ALTERNATIVE" ]; then
+	SSL_NEW_LIB="$OPENSSL_ALTERNATIVE"
+	SSL_NEW_FCT_PREFIX="$OPENSSL_ALTERNATIVE_FCT_PREFIX"
+	SSL_NEW_EXTRALIBS="$OPENSSL_ALTERNATIVE_EXTRALIBS"
+	CPPFLAGS="$CPPFLAGS -DUSE_OPENSSL_ALTERNATIVE=$OPENSSL_ALTERNATIVE"
+    else
+	SSL_NEW_LIB="ssl"
+	SSL_NEW_EXTRALIBS="-lcrypto"
+    fi
+# NB: Lighttpd doesn't call the BIO_f_base64 function at all. So the test for it is actually unnecessary.
+#     That's the reason we removed it. This also makes it possible to use alternative ssl implementations
+#     which do not provide this function.
+      { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_new in -l${SSL_NEW_LIB}" >&5
+$as_echo_n "checking for ${SSL_NEW_FCT_PREFIX}SSL_new in -l${SSL_NEW_LIB}... " >&6; }
+if test "$(eval echo \${ac_cv_lib_${SSL_NEW_LIB}_SSL_new+set})" = set; then :
   $as_echo_n "(cached) " >&6
 else
   ac_check_lib_save_LIBS=$LIBS
-LIBS="-lcrypto  $LIBS"
+LIBS="-l${SSL_NEW_LIB} ${SSL_NEW_EXTRALIBS} "$DL_LIB"  $LIBS"
 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
@@ -14046,73 +14058,34 @@
 #ifdef __cplusplus
 extern "C"
 #endif
-char BIO_f_base64 ();
+char ${SSL_NEW_FCT_PREFIX}SSL_new ();
 int
 main ()
 {
-return BIO_f_base64 ();
+return ${SSL_NEW_FCT_PREFIX}SSL_new ();
   ;
   return 0;
 }
 _ACEOF
 if ac_fn_c_try_link "$LINENO"; then :
-  ac_cv_lib_crypto_BIO_f_base64=yes
+  eval ac_cv_lib_${SSL_NEW_LIB}_SSL_new=yes
 else
-  ac_cv_lib_crypto_BIO_f_base64=no
+  eval ac_cv_lib_${SSL_NEW_LIB}_SSL_new=no
 fi
 rm -f core conftest.err conftest.$ac_objext \
     conftest$ac_exeext conftest.$ac_ext
 LIBS=$ac_check_lib_save_LIBS
 fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_BIO_f_base64" >&5
-$as_echo "$ac_cv_lib_crypto_BIO_f_base64" >&6; }
-if test "x$ac_cv_lib_crypto_BIO_f_base64" = xyes; then :
-
-      { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_new in -lssl" >&5
-$as_echo_n "checking for SSL_new in -lssl... " >&6; }
-if ${ac_cv_lib_ssl_SSL_new+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-lssl  -lcrypto "$DL_LIB"  $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char SSL_new ();
-int
-main ()
-{
-return SSL_new ();
-  ;
-  return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
-  ac_cv_lib_ssl_SSL_new=yes
-else
-  ac_cv_lib_ssl_SSL_new=no
-fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ssl_SSL_new" >&5
-$as_echo "$ac_cv_lib_ssl_SSL_new" >&6; }
-if test "x$ac_cv_lib_ssl_SSL_new" = xyes; then :
-   SSL_LIB="-lssl -lcrypto"
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $(eval echo \$ac_cv_lib_${SSL_NEW_LIB}_SSL_new)" >&5
+$as_echo "$(eval echo \$ac_cv_lib_${SSL_NEW_LIB}_SSL_new)" >&6; }
+if test "x$(eval echo \$ac_cv_lib_${SSL_NEW_LIB}_SSL_new)" = x""yes; then :
+   SSL_LIB="-l${SSL_NEW_LIB} ${SSL_NEW_EXTRALIBS}"
 
 $as_echo "#define HAVE_LIBSSL /**/" >>confdefs.h
 
 fi
 
 
-fi
 
     LIBS="$OLDLIBS"
 
--- src/network.c
+++ src/network.c
@@ -681,6 +681,15 @@
 #endif
 #endif
 
+#if (defined(USE_OPENSSL_ALTERNATIVE) && USE_OPENSSL_ALTERNATIVE==cyassl)
+#	warning client verification is not available when linking against cyassl
+		if (s->ssl_verifyclient) {
+			log_error_write(
+				srv, __FILE__, __LINE__, "s",
+				"SSL: ssl.verifyclient feature is not available when lighttpd is linked against cyassl"
+			);
+		}
+#else
 		if (!buffer_is_empty(s->ssl_ca_file)) {
 			if (1 != SSL_CTX_load_verify_locations(s->ssl_ctx, s->ssl_ca_file->ptr, NULL)) {
 				log_error_write(srv, __FILE__, __LINE__, "ssb", "SSL:",
@@ -712,6 +721,7 @@
 				"SSL: You specified ssl.verifyclient.activate but no ca_file"
 			);
 		}
+#endif
 
 		if (SSL_CTX_use_certificate_file(s->ssl_ctx, s->ssl_pemfile->ptr, SSL_FILETYPE_PEM) < 0) {
 			log_error_write(srv, __FILE__, __LINE__, "ssb", "SSL:",
--- src/response.c
+++ src/response.c
@@ -133,6 +133,9 @@
 
 #ifdef USE_OPENSSL
 static void https_add_ssl_entries(connection *con) {
+#if (defined(USE_OPENSSL_ALTERNATIVE) && USE_OPENSSL_ALTERNATIVE==cyassl)
+#	warning client verification is not available when linking against cyassl
+#else
 	X509 *xs;
 	X509_NAME *xn;
 	X509_NAME_ENTRY *xe;
@@ -200,6 +203,7 @@
 		}
 	}
 	X509_free(xs);
+#endif
 }
 #endif