diff --git a/config/env.ini b/config/env.ini
index 7448cc37..b989f5c3 100644
--- a/config/env.ini
+++ b/config/env.ini
@@ -115,6 +115,10 @@ SPC_CMD_VAR_PHP_MAKE_EXTRA_CFLAGS="-g -fstack-protector-strong -fno-ident -fPIE
 ; EXTRA_LDFLAGS for `make` php, can use -release to set a soname for libphp.so
 SPC_CMD_VAR_PHP_MAKE_EXTRA_LDFLAGS=""
 
+; optional, path to openssl conf. This affects where openssl will look for the default CA.
+; default on Debian/Alpine: /etc/ssl, default on RHEL: /etc/pki/tls
+OPENSSLDIR=""
+
 [macos]
 ; build target: macho or macho (possibly we could support macho-universal in the future)
 ; Currently we do not support universal and cross-compilation for macOS.
diff --git a/config/ext.json b/config/ext.json
index 419be5a9..c5bbb45d 100644
--- a/config/ext.json
+++ b/config/ext.json
@@ -499,7 +499,9 @@
             "mysqlnd"
         ],
         "lib-depends": [
-            "libsodium",
+            "libsodium"
+        ],
+        "lib-suggests": [
             "openssl"
         ]
     },
@@ -514,7 +516,9 @@
             "mysqlnd"
         ],
         "lib-depends": [
-            "libsodium",
+            "libsodium"
+        ],
+        "lib-suggests": [
             "openssl"
         ]
     },
diff --git a/src/SPC/builder/Extension.php b/src/SPC/builder/Extension.php
index 816ea811..925a4c8e 100644
--- a/src/SPC/builder/Extension.php
+++ b/src/SPC/builder/Extension.php
@@ -398,9 +398,6 @@ class Extension
                     $dependency->buildShared([...$visited, $this->getName()]);
                 }
             }
-            if (Config::getExt($this->getName(), 'type') === 'addon') {
-                return;
-            }
             $this->builder->emitPatchPoint('before-shared-ext[' . $this->getName() . ']-build');
             match (PHP_OS_FAMILY) {
                 'Darwin', 'Linux' => $this->buildUnixShared(),
diff --git a/src/SPC/builder/linux/library/openssl.php b/src/SPC/builder/linux/library/openssl.php
index 8d071f2d..bfc3936b 100644
--- a/src/SPC/builder/linux/library/openssl.php
+++ b/src/SPC/builder/linux/library/openssl.php
@@ -21,6 +21,7 @@ declare(strict_types=1);
 
 namespace SPC\builder\linux\library;
 
+use SPC\builder\linux\SystemUtil;
 use SPC\store\FileSystem;
 
 class openssl extends LinuxLibraryBase
@@ -51,8 +52,9 @@ class openssl extends LinuxLibraryBase
             $zlib_extra = '';
         }
 
-        $openssl_conf = getenv('OPENSSL_CONF');
-        $openssl_dir = $openssl_conf ? dirname($openssl_conf) : '/etc/ssl';
+        $openssl_dir = getenv('OPENSSLDIR') ?: null;
+        // TODO: in v3 use the following: $openssl_dir ??= SystemUtil::getOSRelease()['dist'] === 'redhat' ? '/etc/pki/tls' : '/etc/ssl';
+        $openssl_dir ??= '/etc/ssl';
         $ex_lib = trim($ex_lib);
 
         shell()->cd($this->source_dir)->initializeEnv($this)