diff --git a/CMakeLists.txt b/CMakeLists.txt
index 820e4f8f9..175a9cf27 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -429,6 +429,11 @@ if (NOT LWS_WITH_SSL)
 	set(LWS_WITHOUT_BUILTIN_SHA1 OFF)
 endif()
 
+if (LWS_WITH_BORINGSSL)
+	# boringssl deprecated EVP_PKEY
+	set (LWS_WITH_GENHASH OFF)
+endif()
+
 if (LWS_WITH_SSL AND NOT LWS_WITH_WOLFSSL AND NOT LWS_WITH_MBEDTLS)
 	if ("${LWS_OPENSSL_LIBRARIES}" STREQUAL "" OR "${LWS_OPENSSL_INCLUDE_DIRS}" STREQUAL "")
 	else()
@@ -1887,7 +1892,7 @@ if ((LWS_ROLE_H1 OR LWS_ROLE_H2) AND NOT LWS_WITHOUT_TESTAPPS)
 			"${PROJECT_SOURCE_DIR}/test-apps/favicon.ico"
 			"${PROJECT_SOURCE_DIR}/test-apps/leaf.jpg"
 			"${PROJECT_SOURCE_DIR}/test-apps/candide.zip"
-			"${PROJECT_SOURCE_DIR}/test-apps/libwebsockets.org-logo.png"
+			"${PROJECT_SOURCE_DIR}/test-apps/libwebsockets.org-logo.svg"
 			"${PROJECT_SOURCE_DIR}/test-apps/http2.png"
 			"${PROJECT_SOURCE_DIR}/test-apps/wss-over-h2.png"
 			"${PROJECT_SOURCE_DIR}/test-apps/lws-common.js"
diff --git a/READMEs/README.build.md b/READMEs/README.build.md
index f06628def..755801043 100644
--- a/READMEs/README.build.md
+++ b/READMEs/README.build.md
@@ -116,6 +116,37 @@ and libnsl, and only builds in 64bit mode.
     $ cmake .. -DCMAKE_C_FLAGS=-m64 -DCMAKE_EXE_LINKER_FLAGS="-lsocket -lnsl"
 ```
 
+**NOTE7**
+
+Build and test flow against boringssl.  Notice `LWS_WITH_GENHASH` is currently
+unavailable with boringssl due to their removing the necessary apis.
+
+Build current HEAD boringssl
+
+```
+ $ cd /projects
+ $ git clone https://boringssl.googlesource.com/boringssl
+ $ cd boringssl
+ $ mkdir build
+ $ cd build
+ $ cmake ..  -DBUILD_SHARED_LIBS=1
+ $ make -j8
+```
+
+Build and test lws against it
+
+```
+ $ cd /projects/libwebsockets/build
+ $ cmake .. -DOPENSSL_LIBRARIES="/projects/boringssl/build/ssl/libssl.so;\
+   /projects/boringssl/build/crypto/libcrypto.so" \
+   -DOPENSSL_INCLUDE_DIRS=/projects/boringssl/include \
+   -DLWS_WITH_BORINGSSL=1 -DCMAKE_BUILD_TYPE=DEBUG
+ $ make -j8 && sudo make install
+ $ LD_PRELOAD="/projects/boringssl/build/ssl/libssl.so \
+   /projects/boringssl/build/crypto/libcrypto.so" \
+   /usr/local/bin/libwebsockets-test-server -s
+```
+
 4. Finally you can build using the generated Makefile:
 
 ```bash
diff --git a/lib/tls/openssl/openssl-server.c b/lib/tls/openssl/openssl-server.c
index 95dd96ebb..4def4dd31 100644
--- a/lib/tls/openssl/openssl-server.c
+++ b/lib/tls/openssl/openssl-server.c
@@ -149,7 +149,7 @@ lws_tls_server_certs_load(struct lws_vhost *vhost, struct lws *wsi,
 {
 #if defined(LWS_HAVE_OPENSSL_ECDH_H)
 	const char *ecdh_curve = "prime256v1";
-#if defined(LWS_HAVE_SSL_EXTRA_CHAIN_CERTS)
+#if !defined(LWS_WITH_BORINGSSL) && defined(LWS_HAVE_SSL_EXTRA_CHAIN_CERTS)
 	STACK_OF(X509) *extra_certs = NULL;
 #endif
 	EC_KEY *ecdh, *EC_key = NULL;
@@ -304,7 +304,7 @@ check_key:
 		goto post_ecdh;
 	}
 #else
-	return 1;
+	return 0;
 #endif
 	/* Get the public key from certificate */
 	pkey = X509_get_pubkey(x);