it seems between 5.02 and 5.06 a "SSL directory scan" was introduced.
for main_dir in /usr/local /usr/lib /usr/pkg /opt/local /opt /usr; do for sub_dir in /ssl /openssl /; do check_ssl_dir "$main_dir$sub_dir" && break 2
this ofc breaks cross-compilation.
the concept of searching for a library directory is completely broken.
if just adding -lssl -lcrypto to LDFLAGS doesnt find the openssl libraries at link time, the user's compiler toolchain is wrongly set up, and its not the job of a package to work around that by searching through a number of directories. it's the user's job to fix his toolchain by supplying the right -L paths in case he's got his library installed in a non-standard location.
also, there's pkg-config (which supports crosscompilation via a PKG_CONFIG_SYSROOT_DIR env var) in case a library needs elaborate CFLAGS.
--JS