Index: head/www/squid-devel/Makefile
===================================================================
--- head/www/squid-devel/Makefile
+++ head/www/squid-devel/Makefile
@@ -1,7 +1,7 @@
 # $FreeBSD$
 
 PORTNAME=	squid
-PORTVERSION=	4.0.19
+PORTVERSION=	4.0.20
 CATEGORIES=	www ipv6
 MASTER_SITES=	http://www.squid-cache.org/Versions/v4/ \
 		http://www2.us.squid-cache.org/Versions/v4/ \
Index: head/www/squid-devel/distinfo
===================================================================
--- head/www/squid-devel/distinfo
+++ head/www/squid-devel/distinfo
@@ -1,3 +1,3 @@
 TIMESTAMP = 1467941699
-SHA256 (squid4.0/squid-4.0.19.tar.xz) = 355a7f816afd8b9b5d0d785e9c80c28a7e4c6edb8832ac865ad267d5e3360050
-SIZE (squid4.0/squid-4.0.19.tar.xz) = 2414764
+SHA256 (squid4.0/squid-4.0.20.tar.xz) = 31e5c368fe033e575dfcb309dc3425879e6eb42855a0a6dc08653b7d4d22ebaa
+SIZE (squid4.0/squid-4.0.20.tar.xz) = 2425936
Index: head/www/squid-devel/files/patch-src_ssl_bio.h
===================================================================
--- head/www/squid-devel/files/patch-src_ssl_bio.h
+++ head/www/squid-devel/files/patch-src_ssl_bio.h
@@ -1,11 +0,0 @@
---- src/ssl/bio.h.orig	2017-02-05 21:15:41 UTC
-+++ src/ssl/bio.h
-@@ -205,7 +205,7 @@ private:
- void
- applyTlsDetailsToSSL(SSL *ssl, Security::TlsDetails::Pointer const &details, Ssl::BumpMode bumpMode);
- 
--#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER))
- // OpenSSL v1.0 bio compatibility functions
- inline void *BIO_get_data(BIO *table) { return table->ptr; }
- inline void BIO_set_data(BIO *table, void *data) { table->ptr = data; }
Index: head/www/squid-devel/files/patch-src_ssl_bio.cc
===================================================================
--- head/www/squid-devel/files/patch-src_ssl_bio.cc
+++ head/www/squid-devel/files/patch-src_ssl_bio.cc
@@ -1,38 +0,0 @@
---- src/ssl/bio.cc.orig	2017-02-05 21:15:41 UTC
-+++ src/ssl/bio.cc
-@@ -43,7 +43,7 @@ static int squid_bio_destroy(BIO *data);
- /* SSL callbacks */
- static void squid_ssl_info(const SSL *ssl, int where, int ret);
- 
--#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER))
- /// Initialization structure for the BIO table with
- /// Squid-specific methods and BIO method wrappers.
- static BIO_METHOD SquidMethods = {
-@@ -65,7 +65,7 @@ static BIO_METHOD *SquidMethods = NULL;
- BIO *
- Ssl::Bio::Create(const int fd, Ssl::Bio::Type type)
- {
--#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER))
-     BIO_METHOD *useMethod = &SquidMethods;
- #else
-     if (!SquidMethods) {
-@@ -562,7 +562,7 @@ Ssl::ServerBio::resumingSession()
- static int
- squid_bio_create(BIO *bi)
- {
--#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER))
-     bi->init = 0; // set when we store Bio object and socket fd (BIO_C_SET_FD)
-     bi->num = 0;
-     bi->flags = 0;
-@@ -706,7 +706,7 @@ applyTlsDetailsToSSL(SSL *ssl, Security:
-             cbytes[0] = (cipherId >> 8) & 0xFF;
-             cbytes[1] = cipherId & 0xFF;
-             cbytes[2] = 0;
--#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER))
-             const SSL_METHOD *method = SSLv23_method();
-             const SSL_CIPHER *c = method->get_cipher_by_char(cbytes);
- #else
Index: head/www/squid-devel/files/patch-src_ssl_gadgets.cc
===================================================================
--- head/www/squid-devel/files/patch-src_ssl_gadgets.cc
+++ head/www/squid-devel/files/patch-src_ssl_gadgets.cc
@@ -1,11 +0,0 @@
---- src/ssl/gadgets.cc.orig	2017-02-05 21:15:41 UTC
-+++ src/ssl/gadgets.cc
-@@ -387,7 +387,7 @@ mimicExtensions(Security::CertPointer & 
-         DecipherOnly
-     };
- 
--#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER))
-     const int mimicAlgo = OBJ_obj2nid(mimicCert.get()->cert_info->key->algor->algorithm);
-     const bool rsaPkey = (mimicAlgo == NID_rsaEncryption);
- #else
Index: head/www/squid-devel/files/patch-src_ssl_support.cc
===================================================================
--- head/www/squid-devel/files/patch-src_ssl_support.cc
+++ head/www/squid-devel/files/patch-src_ssl_support.cc
@@ -1,56 +0,0 @@
---- src/ssl/support.cc.orig	2017-02-12 21:14:36 UTC
-+++ src/ssl/support.cc
-@@ -235,7 +235,7 @@ bool Ssl::checkX509ServerValidity(X509 *
-     return matchX509CommonNames(cert, (void *)server, check_domain);
- }
- 
--#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER))
- static inline X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx)
- {
-     return ctx->cert;
-@@ -379,7 +379,7 @@ ssl_verify_cb(int ok, X509_STORE_CTX * c
- }
- 
- // "dup" function for SSL_get_ex_new_index("cert_err_check")
--#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
-+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER))
- static int
- ssl_dupAclChecklist(CRYPTO_EX_DATA *, const CRYPTO_EX_DATA *, void *,
-                     int, long, void *)
-@@ -1116,7 +1116,7 @@ hasAuthorityInfoAccessCaIssuers(X509 *ce
-             if (ad->location->type == GEN_URI) {
-                 xstrncpy(uri,
-                          reinterpret_cast<const char *>(
--#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER))
-                              ASN1_STRING_data(ad->location->d.uniformResourceIdentifier)
- #else
-                              ASN1_STRING_get0_data(ad->location->d.uniformResourceIdentifier)
-@@ -1291,7 +1291,7 @@ untrustedToStoreCtx_cb(X509_STORE_CTX *c
-     // OpenSSL already maintains ctx->untrusted but we cannot modify
-     // internal OpenSSL list directly. We have to give OpenSSL our own
-     // list, but it must include certificates on the OpenSSL ctx->untrusted
--#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER))
-     STACK_OF(X509) *oldUntrusted = ctx->untrusted;
- #else
-     STACK_OF(X509) *oldUntrusted = X509_STORE_CTX_get0_untrusted(ctx);
-@@ -1310,7 +1310,7 @@ untrustedToStoreCtx_cb(X509_STORE_CTX *c
- 
-     X509_STORE_CTX_set_chain(ctx, sk); // No locking/unlocking, just sets ctx->untrusted
-     int ret = X509_verify_cert(ctx);
--#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER))
-     X509_STORE_CTX_set_chain(ctx, oldUntrusted); // Set back the old untrusted list
- #else
-     X509_STORE_CTX_set0_untrusted(ctx, oldUntrusted);
-@@ -1535,7 +1535,7 @@ remove_session_cb(SSL_CTX *, SSL_SESSION
- }
- 
- static SSL_SESSION *
--#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER))
- get_session_cb(SSL *, unsigned char *sessionID, int len, int *copy)
- #else
- get_session_cb(SSL *, const unsigned char *sessionID, int len, int *copy)