diff --git a/pkgs/development/libraries/openssl/cert-file-path-max.patch b/pkgs/development/libraries/openssl/cert-file-path-max.patch
new file mode 100644
index 00000000000..50621c5cb82
--- /dev/null
+++ b/pkgs/development/libraries/openssl/cert-file-path-max.patch
@@ -0,0 +1,34 @@
+This patch, to be applied after `cert-file.patch', fixes compilation
+on GNU/Hurd where `PATH_MAX' is not defined.
+
+diff -ubB --show-c-function openssl-1.0.0e/crypto/x509/x509_def.c.orig openssl-1.0.0e/crypto/x509/x509_def.c
+--- openssl-1.0.0e/crypto/x509/x509_def.c.orig	2012-01-06 00:08:48.000000000 +0100
++++ openssl-1.0.0e/crypto/x509/x509_def.c	2012-01-06 00:11:29.000000000 +0100
+@@ -58,6 +58,7 @@
+ 
+ #include <stdio.h>
+ #include <stdlib.h>
++#include <string.h>
+ #include <limits.h>
+ #include <unistd.h>
+ #include <sys/types.h>
+@@ -76,14 +77,16 @@ const char *X509_get_default_cert_dir(vo
+ 
+ const char *X509_get_default_cert_file(void)
+ 	{
+-	static char buf[PATH_MAX] = X509_CERT_FILE;
++	static char *buf;
+ 	static int init = 0;
+ 	if (!init) {
+ 	    init = 1;
+ 	    char * s = getenv("OPENSSL_X509_CERT_FILE");
+ 	    if (s && getuid() == geteuid()) {
+-		strncpy(buf, s, sizeof(buf));
+-		buf[sizeof(buf) - 1] = 0;
++	         buf = strdup(s);
++	    }
++	    if (!s) {
++	         buf = strdup(X509_CERT_FILE);
+ 	    }
+ 	}
+ 	return buf;
diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix
index dd5e03c33f9..4b34c3500ec 100644
--- a/pkgs/development/libraries/openssl/default.nix
+++ b/pkgs/development/libraries/openssl/default.nix
@@ -26,7 +26,13 @@ stdenv.mkDerivation {
       # environment variable is ignored for setuid binaries.
       ./cert-file.patch
     ]
-    ++ stdenv.lib.optional stdenv.isDarwin ./darwin-arch.patch;
+
+    ++ (stdenv.lib.optionals (stdenv ? cross && opensslCrossSystem == "hurd-x86")
+         [ ./cert-file-path-max.patch # merge with `cert-file.patch' eventually
+           ./gnu.patch                # submitted upstream
+         ])
+
+    ++ (stdenv.lib.optional stdenv.isDarwin ./darwin-arch.patch);
 
   buildNativeInputs = [ perl ];
 
diff --git a/pkgs/development/libraries/openssl/gnu.patch b/pkgs/development/libraries/openssl/gnu.patch
new file mode 100644
index 00000000000..b82496cf878
--- /dev/null
+++ b/pkgs/development/libraries/openssl/gnu.patch
@@ -0,0 +1,25 @@
+Patch to fix compilation on GNU/Hurd and GNU/kFreeBSD.
+
+--- openssl-1.0.0e/Configure	2012-01-06 00:39:49.000000000 +0100
++++ openssl-1.0.0e/Configure	2012-01-06 00:39:51.000000000 +0100
+@@ -563,7 +563,7 @@ my %table=(
+ "newsos4-gcc","gcc:-O -DB_ENDIAN::(unknown):NEWS4:-lmld -liberty:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::",
+ 
+ ##### GNU Hurd
+-"hurd-x86",  "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC",
++"hurd-x86",  "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so",
+ 
+ ##### OS/2 EMX
+ "OS2-EMX", "gcc::::::::",
+
+--- openssl-1.0.0e/crypto/dso/dso_dlfcn.c	2012-01-06 00:05:47.000000000 +0100
++++ openssl-1.0.0e/crypto/dso/dso_dlfcn.c	2012-01-06 00:21:05.000000000 +0100
+@@ -60,7 +60,7 @@
+    that handle _GNU_SOURCE and other similar macros.  Defining it later
+    is simply too late, because those headers are protected from re-
+    inclusion.  */
+-#ifdef __linux
++#if defined __linux || defined __GNU__ || defined __GLIBC__
+ # ifndef _GNU_SOURCE
+ #  define _GNU_SOURCE	/* make sure dladdr is declared */
+ # endif