diff --git a/www/mod_gnutls/Makefile b/www/mod_gnutls/Makefile
index 7848ff8ecb00..a99cd4871ca6 100644
--- a/www/mod_gnutls/Makefile
+++ b/www/mod_gnutls/Makefile
@@ -1,31 +1,36 @@
 PORTNAME=	mod_gnutls
-PORTVERSION=	0.8.4
-PORTREVISION=	2
+PORTVERSION=	0.12.0
 CATEGORIES=	www security
 MASTER_SITES=	https://mod.gnutls.org/downloads/
 PKGNAMEPREFIX=	${APACHE_PKGNAMEPREFIX}
 
 MAINTAINER=	joneum@FreeBSD.org
 COMMENT=	Extension for Apache httpd using GnuTLS library to provide HTTPS
 
 LICENSE=	APACHE20
 LICENSE_FILE=	${WRKSRC}/LICENSE
 
+BUILD_DEPENDS=	${RUN_DEPENDS}
+RUN_DEPENDS=	${PYTHON_PKGNAMEPREFIX}yaml>=3.13:devel/py-yaml@${PY_FLAVOR}
 LIB_DEPENDS=	libgnutls.so:security/gnutls
 
 GNU_CONFIGURE=	yes
-USES=		apache:2.4 compiler:c++11-lang cpe libtool pkgconfig tar:bzip2
+USES=		apache:2.4 compiler:c++11-lang cpe libtool pkgconfig python:3.7+ tar:bzip2
 CPE_VENDOR=	${PORTNAME}_project
 
+BINARY_ALIAS=	python3=${PYTHON_CMD} python=${PYTHON_CMD}
+
 DBDIR=		${PREFIX}/var/db/${PORTNAME}
 PLIST_SUB=	SED="${SED}" WWWGRP=${WWWGRP} WWWOWN=${WWWOWN}
 SUB_FILES=	pkg-message
 SUB_LIST=	DBDIR="${DBDIR}"
 
-CFLAGS+=	-Wno-deprecated-declarations
+CFLAGS+=	-Wno-deprecated-declarations -Wno-null-pointer-subtraction
 CONFIGURE_ARGS=	--with-apxs="${APXS}"
 
+INSTALL_TARGET=	install-strip
+
 post-install:
 	${MKDIR} "${STAGEDIR}${DBDIR}"
 
 .include <bsd.port.mk>
diff --git a/www/mod_gnutls/distinfo b/www/mod_gnutls/distinfo
index 427c8963aaf4..a9daa1ff7b24 100644
--- a/www/mod_gnutls/distinfo
+++ b/www/mod_gnutls/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1524324472
-SHA256 (mod_gnutls-0.8.4.tar.bz2) = f2dbd0d9a329568a166a1fc1eafc81ab955bdebd36b9546a9466f248c3adcdf7
-SIZE (mod_gnutls-0.8.4.tar.bz2) = 422811
+TIMESTAMP = 1661878634
+SHA256 (mod_gnutls-0.12.0.tar.bz2) = d986ff68de94b80e505f8b6bd68bd1ba146bf234b40d1f519695fe15592e995b
+SIZE (mod_gnutls-0.12.0.tar.bz2) = 461643
diff --git a/www/mod_gnutls/files/patch-src_gnutls__io.c b/www/mod_gnutls/files/patch-src_gnutls__io.c
index 2d3441f460b0..c0ed339dc410 100644
--- a/www/mod_gnutls/files/patch-src_gnutls__io.c
+++ b/www/mod_gnutls/files/patch-src_gnutls__io.c
@@ -1,36 +1,36 @@
---- src/gnutls_io.c.orig	2016-12-25 18:36:37 UTC
+--- src/gnutls_io.c.orig	2021-08-13 20:27:17 UTC
 +++ src/gnutls_io.c
-@@ -23,7 +23,8 @@
+@@ -25,7 +25,8 @@ APLOG_USE_MODULE(gnutls);
  APLOG_USE_MODULE(gnutls);
  #endif
  
 -#if defined(__GNUC__) && __GNUC__ < 5 && !defined(__clang__)
 +#if defined(__GNUC__) && __GNUC__ < 5 && \
 +    !(defined(__clang__) && __has_builtin(__builtin_add_overflow))
  #include <inttypes.h>
  #endif
  
-@@ -572,18 +573,21 @@ apr_status_t mgs_filter_input(ap_filter_t * f,
+@@ -576,18 +577,21 @@ apr_status_t mgs_filter_input(ap_filter_t * f,
           * might have different lengths. Read sizes should be too
           * small for 32 or 64 bit to matter, but we have to make
           * sure. */
 -#if defined(__GNUC__) && __GNUC__ < 5 && !defined(__clang__)
 +#if defined(__GNUC__) && __GNUC__ < 5 && \
 +    !(defined(__clang__) && __has_builtin(__builtin_add_overflow))
          if ((apr_size_t) readbytes < len)
          {
 +#if INTMAX_MAX > SIZE_MAX
              /* If readbytes is negative the function fails in the
               * check above, but the compiler doesn't get that. */
 -            if (__builtin_expect(imaxabs(readbytes) > SIZE_MAX, 0))
 +            if (__builtin_expect(imaxabs(readbytes) > (intmax_t) SIZE_MAX, 0))
              {
                  ap_log_cerror(APLOG_MARK, APLOG_CRIT, APR_EINVAL, ctxt->c,
                                "%s: prevented buffer length overflow",
                                __func__);
                  return APR_EINVAL;
              }
 +#endif
              len = (apr_size_t) readbytes;
          }
  #else
diff --git a/www/mod_gnutls/files/patch-src_gnutls__ocsp.c b/www/mod_gnutls/files/patch-src_gnutls__ocsp.c
index 458b418a08fd..fa04fa311575 100644
--- a/www/mod_gnutls/files/patch-src_gnutls__ocsp.c
+++ b/www/mod_gnutls/files/patch-src_gnutls__ocsp.c
@@ -1,32 +1,32 @@
---- src/gnutls_ocsp.c.orig	2017-01-08 14:16:07 UTC
+--- src/gnutls_ocsp.c.orig	2021-07-29 19:47:39 UTC
 +++ src/gnutls_ocsp.c
-@@ -414,7 +414,8 @@ static gnutls_datum_t mgs_get_cert_fingerprint(apr_poo
+@@ -446,7 +446,8 @@ static gnutls_datum_t mgs_get_cert_fingerprint(apr_poo
      /* Safe integer type conversion: The types of fingerprint.size
       * (unsigned int) and fplen (size_t) may have different
       * lengths. */
 -#if defined(__GNUC__) && __GNUC__ < 5 && !defined(__clang__)
 +#if defined(__GNUC__) && __GNUC__ < 5 && \
 +    !(defined(__clang__) && __has_builtin(__builtin_add_overflow))
      if (__builtin_expect(fplen <= UINT_MAX, 1))
      {
          fingerprint.size = (unsigned int) fplen;
-@@ -569,7 +570,8 @@ static apr_status_t do_ocsp_request(apr_pool_t *p, ser
+@@ -603,7 +604,8 @@ static apr_status_t do_ocsp_request(apr_pool_t *p, ser
      }
  
      /* With the length restriction this really should not overflow. */
 -#if defined(__GNUC__) && __GNUC__ < 5 && !defined(__clang__)
 +#if defined(__GNUC__) && __GNUC__ < 5 && \
 +    !(defined(__clang__) && __has_builtin(__builtin_add_overflow))
      if (__builtin_expect(len > UINT_MAX, 0))
  #else
      if (__builtin_add_overflow(len, 0, &response->size))
-@@ -580,7 +582,8 @@ static apr_status_t do_ocsp_request(apr_pool_t *p, ser
+@@ -614,7 +616,8 @@ static apr_status_t do_ocsp_request(apr_pool_t *p, ser
      }
      else
      {
 -#if defined(__GNUC__) && __GNUC__ < 5 && !defined(__clang__)
 +#if defined(__GNUC__) && __GNUC__ < 5 && \
 +    !(defined(__clang__) && __has_builtin(__builtin_add_overflow))
          response->size = (unsigned int) len;
  #endif
          response->data = apr_pmemdup(p, buf, len);
diff --git a/www/mod_gnutls/files/patch-src_gnutls__sni.c b/www/mod_gnutls/files/patch-src_gnutls__sni.c
new file mode 100644
index 000000000000..ec30d7ae220e
--- /dev/null
+++ b/www/mod_gnutls/files/patch-src_gnutls__sni.c
@@ -0,0 +1,15 @@
+--- src/gnutls_sni.c.orig	2019-01-28 19:50:38 UTC
++++ src/gnutls_sni.c
+@@ -18,7 +18,12 @@
+ 
+ #include <apr_lib.h>
+ #include <apr_strings.h>
++#if defined(__FreeBSD__)
++#include <sys/endian.h>
++#define bswap_16(x) bswap16(x)
++#else
+ #include <byteswap.h>
++#endif
+ #include <gnutls/gnutls.h>
+ #include <inttypes.h>
+ 
diff --git a/www/mod_gnutls/files/patch-src_gnutls__util.c b/www/mod_gnutls/files/patch-src_gnutls__util.c
index 138353bcfc0a..da9e96b993ed 100644
--- a/www/mod_gnutls/files/patch-src_gnutls__util.c
+++ b/www/mod_gnutls/files/patch-src_gnutls__util.c
@@ -1,12 +1,12 @@
---- src/gnutls_util.c.orig	2016-12-25 18:36:37 UTC
+--- src/gnutls_util.c.orig	2021-07-11 11:33:26 UTC
 +++ src/gnutls_util.c
-@@ -113,7 +113,8 @@ apr_status_t datum_from_file(apr_pool_t *p, const char
+@@ -121,7 +121,8 @@ apr_status_t datum_from_file(apr_pool_t *p, const char
  
      /* safe integer type conversion: unsigned int and apr_size_t might
       * have different sizes */
 -#if defined(__GNUC__) && __GNUC__ < 5 && !defined(__clang__)
 +#if defined(__GNUC__) && __GNUC__ < 5 && \
 +    !(defined(__clang__) && __has_builtin(__builtin_add_overflow))
      if (__builtin_expect(br > UINT_MAX, 0))
          return APR_EINVAL;
      else