diff --git a/pkgs/development/libraries/openssl/1.0.2.x.nix b/pkgs/development/libraries/openssl/1.0.2.x.nix
index 637f5d30cb2f..2320d7c8a45c 100644
--- a/pkgs/development/libraries/openssl/1.0.2.x.nix
+++ b/pkgs/development/libraries/openssl/1.0.2.x.nix
@@ -1,32 +1,27 @@
 { stdenv, fetchurl, perl
 , withCryptodev ? false, cryptodevHeaders }:
 
+with stdenv.lib;
 let
-  name = "openssl-1.0.2c";
-
-  opensslCrossSystem = stdenv.lib.attrByPath [ "openssl" "system" ]
+  opensslCrossSystem = attrByPath [ "openssl" "system" ]
     (throw "openssl needs its platform name cross building" null)
     stdenv.cross;
-
-  extraPatches = stdenv.lib.optional stdenv.isCygwin ./1.0.1-cygwin64.patch;
 in
-
-stdenv.mkDerivation {
-  inherit name;
+stdenv.mkDerivation rec {
+  name = "openssl-1.0.2c";
 
   src = fetchurl {
     urls = [
       "http://www.openssl.org/source/${name}.tar.gz"
       "http://openssl.linux-mirror.org/source/${name}.tar.gz"
     ];
-    sha256 = "10vasdg52qiyqvgbp14n9z7ghglmhzvag9qpiz2nfqssycvvlf00";
+    sha1 = "6e4a5e91159eb32383296c7c83ac0e59b83a0a44";
   };
 
-  patches = extraPatches;
-
-  buildInputs = stdenv.lib.optional withCryptodev cryptodevHeaders;
+  patches = optional stdenv.isCygwin ./1.0.1-cygwin64.patch;
 
   nativeBuildInputs = [ perl ];
+  buildInputs = stdenv.lib.optional withCryptodev cryptodevHeaders;
 
   # On x86_64-darwin, "./config" misdetects the system as
   # "darwin-i386-cc".  So specify the system type explicitly.
@@ -35,44 +30,48 @@ stdenv.mkDerivation {
     else if stdenv.system == "x86_64-solaris" then "./Configure solaris64-x86_64-gcc"
     else "./config";
 
-  configureFlags = "shared --libdir=lib --openssldir=etc/ssl" +
-    stdenv.lib.optionalString withCryptodev " -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS";
+  configureFlags = [
+    "shared"
+    "--libdir=lib"
+    "--openssldir=etc/ssl"
+  ] ++ stdenv.lib.optionals withCryptodev [
+    "-DHAVE_CRYPTODEV"
+    "-DUSE_CRYPTODEV_DIGESTS"
+  ];
 
-  # CYGXXX: used to be set for cygwin with optionalString. Not needed
-  # anymore but kept to prevent rebuild.
-  preBuild = "";
-
-  makeFlags = "MANDIR=$(out)/share/man";
+  makeFlags = [
+    "MANDIR=$(out)/share/man"
+  ];
 
   # Parallel building is broken in OpenSSL.
   enableParallelBuilding = false;
 
-  postInstall =
-    ''
-      # If we're building dynamic libraries, then don't install static
-      # libraries.
-      if [ -n "$(echo $out/lib/*.so $out/lib/*.dylib)" ]; then
-          rm $out/lib/*.a
-      fi
-    ''; # */
+  postInstall = ''
+    # If we're building dynamic libraries, then don't install static
+    # libraries.
+    if [ -n "$(echo $out/lib/*.so $out/lib/*.dylib $out/lib/*.dll)" ]; then
+        rm "$out/lib/"*.a
+    fi
+
+    # remove dependency on Perl at runtime
+    rm -r $out/etc/ssl/misc $out/bin/c_rehash
+  '';
+
+  postFixup = ''
+    # Check to make sure we don't depend on perl
+    if grep -r '${perl}' $out; then
+      echo "Found an erroneous dependency on perl ^^^" >&2
+      exit 1
+    fi
+  '';
 
   crossAttrs = {
     preConfigure=''
       # It's configure does not like --build or --host
-      export configureFlags="--libdir=lib --cross-compile-prefix=${stdenv.cross.config}- shared ${opensslCrossSystem}"
+      export configureFlags="${concatStringsSep " " (configureFlags ++ [ opensslCrossSystem ])}"
     '';
 
-    postInstall = ''
-      # Openssl installs readonly files, which otherwise we can't strip.
-      # This could at some stdenv hash change be put out of crossAttrs, too
-      chmod -R +w $out
-
-      # Remove references to perl, to avoid depending on it at runtime
-      rm $out/bin/c_rehash $out/ssl/misc/CA.pl $out/ssl/misc/tsget
-    '';
     configureScript = "./Configure";
-  } // stdenv.lib.optionalAttrs (opensslCrossSystem == "darwin64-x86_64-cc") {
-    CC = "gcc";
   };
 
   meta = {