--- /dev/null
+diff -Nur a/configure.ac b/configure.ac
+--- a/configure.ac 2012-05-04 12:13:23.000000000 +0200
++++ b/configure.ac 2012-10-13 17:10:49.686258971 +0200
+@@ -162,6 +162,32 @@
+ fi
+ AC_MSG_RESULT($enable_verbose_logging)
+
++AC_MSG_CHECKING(whether we will try to link in system PolarSSL)
++AC_ARG_WITH([system-polarssl],
++ [AC_HELP_STRING([--without-system-polarssl], [Do not use system PolarSSL])],
++ [system_polarssl=$withval],
++ [system_polarssl=yes])
++AC_MSG_RESULT($system_polarssl)
++AM_CONDITIONAL(HAVE_LIBPOLARSSL, false)
++if test x$system_polarssl = xyes; then
++ AC_MSG_CHECKING([PolarSSL version >= 1.1])
++ AC_COMPILE_IFELSE(
++ [AC_LANG_PROGRAM(
++ [[
++#include <polarssl/version.h>
++ ]],
++ [[
++#if POLARSSL_VERSION_MAJOR < 1 || (POLARSSL_VERSION_MAJOR == 1 && POLARSSL_VERSION_MINOR < 1)
++#error invalid version
++#endif
++ ]]
++ )], [use_system_polarssl=yes], [use_system_polarssl=no])
++ AC_MSG_RESULT($use_system_polarssl)
++fi
++if test x$use_system_polarssl = xyes; then
++ AC_CHECK_LIB([polarssl], [sha1_hmac])
++fi
++
+ AC_MSG_CHECKING(whether we will be linking in Botan 1.10)
+ AC_ARG_ENABLE(botan1.10,
+ [ --enable-botan1.10 Use Botan 1.10],enable_botan110=yes, enable_botan110=no)
+diff -Nur a/pdns/Makefile.am b/pdns/Makefile.am
+--- a/pdns/Makefile.am 2012-05-04 12:13:23.000000000 +0200
++++ b/pdns/Makefile.am 2012-10-13 17:11:56.293629151 +0200
+@@ -1,4 +1,8 @@
+-AM_CXXFLAGS=-DSYSCONFDIR=\"@sysconfdir@\" -DLIBDIR=\"@libdir@\" -DLOCALSTATEDIR=\"@socketdir@\" -Ibackends/bind @THREADFLAGS@ $(LUA_CFLAGS) $(SQLITE3_CFLAGS) -Iext/polarssl-1.1.2/include
++if HAVE_LIBPOLARSSL
++AM_CXXFLAGS=-DSYSCONFDIR=\"@sysconfdir@\" -DLIBDIR=\"@libdir@\" -DLOCALSTATEDIR=\"@socketdir@\" -Ibackends/bind @THREADFLAGS@ $(LUA_CFLAGS) $(SQLITE3_CFLAGS) -DPDNS_ENABLE_LUA
++else
++AM_CXXFLAGS=-DSYSCONFDIR=\"@sysconfdir@\" -DLIBDIR=\"@libdir@\" -DLOCALSTATEDIR=\"@socketdir@\" -Ibackends/bind @THREADFLAGS@ $(LUA_CFLAGS) $(SQLITE3_CFLAGS) -Iext/polarssl-1.1.2/include -DPDNS_ENABLE_LUA
++endif
+ AM_CPPFLAGS=-Ibackends/bind $(BOOST_CPPFLAGS) @THREADFLAGS@
+
+ EXTRA_DIST = dnslabeltext.rl dnslabeltext.cc mtasker.cc inflighter.cc docs/pdns_control.8 \
+@@ -7,7 +11,11 @@
+ no-dnssec.schema.mysql.sql no-dnssec.schema.pgsql.sql no-dnssec.schema.sqlite3.sql \
+ bind-dnssec.schema.sqlite3.sql
+
++if HAVE_LIBPOLARSSL
++SUBDIRS= backends
++else
+ SUBDIRS= ext/polarssl-1.1.2 backends
++endif
+
+ BUILT_SOURCES=bind-dnssec.schema.sqlite3.sql.h
+
+@@ -130,7 +138,11 @@
+ aes/aescrypt.c aes/aes.h aes/aeskey.c aes/aes_modes.c aes/aesopt.h \
+ aes/aestab.c aes/aestab.h aes/brg_endian.h aes/brg_types.h aes/dns_random.cc \
+ randomhelper.cc dns.cc
++if HAVE_LIBPOLARSSL
++tsig_tests_LDFLAGS=
++else
+ tsig_tests_LDFLAGS= -Lext/polarssl-1.1.2/library
++endif
+ tsig_tests_LDADD= -lpolarssl
+
+
+diff -Nur a/pdns/backends/bind/Makefile.am b/pdns/backends/bind/Makefile.am
+--- a/pdns/backends/bind/Makefile.am 2012-05-04 12:13:23.000000000 +0200
++++ b/pdns/backends/bind/Makefile.am 2012-10-13 17:10:49.691259001 +0200
+@@ -34,10 +34,18 @@
+ ../../nsecrecords.cc ../../dnssecinfra.cc ../../base32.cc ../../md5.cc # ../../dbdnsseckeeper.cc
+
+ zone2ldap_LDFLAGS=@THREADFLAGS@
++if HAVE_LIBPOLARSSL
++zone2ldap_LDADD=
++else
+ zone2ldap_LDADD= ../../ext/polarssl-1.1.2/library/libpolarssl.a
++endif
+
+ zone2sql_LDFLAGS=@THREADFLAGS@
++if HAVE_LIBPOLARSSL
++zone2sql_LDADD=
++else
+ zone2sql_LDADD= ../../ext/polarssl-1.1.2/library/libpolarssl.a
++endif
+
+ AM_LFLAGS = -s -i
+ AM_YFLAGS = -d --verbose --debug
+diff -Nur a/pdns/dnssecinfra.cc b/pdns/dnssecinfra.cc
+--- a/pdns/dnssecinfra.cc 2012-05-04 12:13:23.000000000 +0200
++++ b/pdns/dnssecinfra.cc 2012-10-13 17:10:49.690258995 +0200
+@@ -9,7 +9,11 @@
+ #include <boost/algorithm/string.hpp>
+ #include "dnssecinfra.hh"
+ #include "dnsseckeeper.hh"
++#ifdef HAVE_LIBPOLARSSL
++#include <polarssl/sha1.h>
++#else
+ #include "ext/polarssl-1.1.2/include/polarssl/sha1.h"
++#endif
+ #include <boost/assign/std/vector.hpp> // for 'operator+=()'
+ #include <boost/assign/list_inserter.hpp>
+ #include "base64.hh"
+diff -Nur a/pdns/polarrsakeyinfra.cc b/pdns/polarrsakeyinfra.cc
+--- a/pdns/polarrsakeyinfra.cc 2012-05-04 12:13:23.000000000 +0200
++++ b/pdns/polarrsakeyinfra.cc 2012-10-13 17:10:49.689258989 +0200
+@@ -1,9 +1,18 @@
++#ifdef HAVE_LIBPOLARSSLSSL
++#include <polarssl/rsa.h>
++#include <polarssl/base64.h>
++#include <polarssl/sha1.h>
++#include <polarssl/sha2.h>
++#include <polarssl/sha4.h>
++#include <polarssl/havege.h>
++#else
+ #include "ext/polarssl-1.1.2/include/polarssl/rsa.h"
+ #include "ext/polarssl-1.1.2/include/polarssl/base64.h"
+ #include "ext/polarssl-1.1.2/include/polarssl/sha1.h"
+ #include "ext/polarssl-1.1.2/include/polarssl/sha2.h"
+ #include "ext/polarssl-1.1.2/include/polarssl/sha4.h"
+ #include "ext/polarssl-1.1.2/include/polarssl/havege.h"
++#endif
+ #include <boost/assign/std/vector.hpp> // for 'operator+=()'
+ #include <boost/foreach.hpp>
+ #include "dnssecinfra.hh"