Index: head/security/hitch/Makefile
===================================================================
--- head/security/hitch/Makefile	(revision 487921)
+++ head/security/hitch/Makefile	(revision 487922)
@@ -1,37 +1,40 @@
 # Created by: Ryan Steinmetz <zi@FreeBSD.org>
 # $FreeBSD$
 
 PORTNAME=		hitch
-PORTVERSION=		1.4.8
-PORTREVISION=		2
+PORTVERSION=		1.5.0
 CATEGORIES=		security
 MASTER_SITES=		http://hitch-tls.org/source/ \
 			ZI
 
 MAINTAINER=		zi@FreeBSD.org
 COMMENT=		TLS proxy to forward connections to an unencrypted backend
 
 LICENSE=		BSD2CLAUSE
 
 BUILD_DEPENDS=		rst2man:textproc/py-docutils
 LIB_DEPENDS=		libev.so:devel/libev
 
 USERS=			hitch
 GROUPS=			hitch
 
 USES=			pkgconfig ssl
 GNU_CONFIGURE=		yes
 CONFIGURE_ARGS=		--localstatedir=/var/run
 CONFIGURE_ENV=		CRYPTO_CFLAGS="-I${OPENSSLINC}" CRYPTO_LIBS="-L${OPENSSLLIB}" \
 			SSL_CFLAGS="-I${OPENSSLINC}" SSL_LIBS="-L${OPENSSLLIB}"
 USE_RC_SUBR=		${PORTNAME}
 CPPFLAGS+=		-I${LOCALBASE}/include
 LDFLAGS+=		-L${LOCALBASE}/lib -lcrypto -lssl
+CACHE_DIR?=		/var/cache/hitch
+PLIST_SUB=		CACHE_DIR=${CACHE_DIR}
+SUB_LIST+=		CACHE_DIR="${CACHE_DIR}"
+SUB_FILES=		${PORTNAME}.conf.sample
 
 OPTIONS_DEFINE=	DOCS
 
 post-install:
-	${MKDIR} ${STAGEDIR}${PREFIX}/etc
-	${INSTALL_DATA} ${FILESDIR}/${PORTNAME}.conf.sample ${STAGEDIR}${PREFIX}/etc/
+	${MKDIR} ${STAGEDIR}${PREFIX}/etc ${STAGEDIR}${CACHE_DIR}
+	${INSTALL_DATA} ${WRKDIR}/${PORTNAME}.conf.sample ${STAGEDIR}${PREFIX}/etc/
 
 .include <bsd.port.mk>
Index: head/security/hitch/distinfo
===================================================================
--- head/security/hitch/distinfo	(revision 487921)
+++ head/security/hitch/distinfo	(revision 487922)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1526906812
-SHA256 (hitch-1.4.8.tar.gz) = d52ba690d90c25bbfca73f5e0ed427738366dac12faf46fb5834e497cc2d1ac3
-SIZE (hitch-1.4.8.tar.gz) = 297107
+TIMESTAMP = 1545338657
+SHA256 (hitch-1.5.0.tar.gz) = 0ec254699292f73e419ff279d2834db31026192ef373a91badd82e2dc7154d0b
+SIZE (hitch-1.5.0.tar.gz) = 304169
Index: head/security/hitch/files/hitch.conf.sample
===================================================================
--- head/security/hitch/files/hitch.conf.sample	(revision 487921)
+++ head/security/hitch/files/hitch.conf.sample	(nonexistent)
@@ -1,130 +0,0 @@
-#
-# stud(8), The Scalable TLS Unwrapping Daemon's configuration
-#
-
-# NOTE: all config file parameters can be overriden
-#       from command line!
-
-# Listening address. REQUIRED.
-#
-# type: string
-# syntax: [HOST]:PORT
-frontend = "[*]:8443"
-
-# Upstream server address. REQUIRED.
-#
-# type: string
-# syntax: [HOST]:PORT.
-backend = "[127.0.0.1]:8000"
-
-# SSL x509 certificate file. REQUIRED.
-# List multiple certs to use SNI. Certs are used in the order they
-# are listed; the last cert listed will be used if none of the others match
-#
-# type: string
-pem-file = ""
-
-# SSL protocol.
-#
-# tls = on
-# ssl = off
-
-# List of allowed SSL ciphers.
-#
-# Run openssl ciphers for list of available ciphers.
-# type: string
-ciphers = ""
-
-# Enforce server cipher list order
-#
-# type: boolean
-prefer-server-ciphers = off
-
-# Use specified SSL engine
-#
-# type: string
-ssl-engine = ""
-
-# Number of worker processes
-#
-# type: integer
-workers = 1
-
-# Listen backlog size
-#
-# type: integer
-backlog = 100
-
-# TCP socket keepalive interval in seconds
-#
-# type: integer
-keepalive = 3600
-
-# Chroot directory
-#
-# type: string
-chroot = ""
-
-# Set uid after binding a socket
-#
-# type: string
-user = "hitch"
-
-# Set gid after binding a socket
-#
-# type: string
-group = "hitch"
-
-# Quiet execution, report only error messages
-#
-# type: boolean
-quiet = off
-
-# Use syslog for logging
-#
-# type: boolean
-syslog = on
-
-# Syslog facility to use
-#
-# type: string
-syslog-facility = "daemon"
-
-# Run as daemon
-#
-# type: boolean
-daemon = on
-
-# Report client address by writing IP before sending data
-#
-# NOTE: This option is mutually exclusive with option write-proxy-v2, write-proxy and proxy-proxy.
-#
-# type: boolean
-write-ip = off
-
-# Report client address using SENDPROXY protocol, see
-# http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt
-# for details.
-#
-# NOTE: This option is mutually exclusive with option write-proxy-v2, write-ip and proxy-proxy.
-#
-# type: boolean
-write-proxy = off
-
-# Report client address using SENDPROXY v2 binary protocol, see
-# http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt
-# for details.
-#
-# NOTE: This option is mutually exclusive with option write-ip, write-proxy and proxy-proxy.
-#
-# type: boolean
-write-proxy-v2 = off
-
-# Proxy an existing SENDPROXY protocol header through this request.
-#
-# NOTE: This option is mutually exclusive with option write-proxy-v2, write-ip and write-proxy.
-#
-# type: boolean
-proxy-proxy = off
-
-# EOF

Property changes on: head/security/hitch/files/hitch.conf.sample
___________________________________________________________________
Deleted: fbsd:nokeywords
## -1 +0,0 ##
-yes
\ No newline at end of property
Deleted: svn:eol-style
## -1 +0,0 ##
-native
\ No newline at end of property
Deleted: svn:mime-type
## -1 +0,0 ##
-text/plain
\ No newline at end of property
Index: head/security/hitch/files/hitch.conf.sample.in
===================================================================
--- head/security/hitch/files/hitch.conf.sample.in	(nonexistent)
+++ head/security/hitch/files/hitch.conf.sample.in	(revision 487922)
@@ -0,0 +1,135 @@
+#
+# stud(8), The Scalable TLS Unwrapping Daemon's configuration
+#
+
+# NOTE: all config file parameters can be overriden
+#       from command line!
+
+# Listening address. REQUIRED.
+#
+# type: string
+# syntax: [HOST]:PORT
+frontend = "[*]:8443"
+
+# Upstream server address. REQUIRED.
+#
+# type: string
+# syntax: [HOST]:PORT.
+backend = "[127.0.0.1]:8000"
+
+# SSL x509 certificate file. REQUIRED.
+# List multiple certs to use SNI. Certs are used in the order they
+# are listed; the last cert listed will be used if none of the others match
+#
+# type: string
+pem-file = ""
+
+# SSL protocol.
+#
+# tls = on
+# ssl = off
+
+# List of allowed SSL ciphers.
+#
+# Run openssl ciphers for list of available ciphers.
+# type: string
+ciphers = ""
+
+# Enforce server cipher list order
+#
+# type: boolean
+prefer-server-ciphers = off
+
+# Use specified SSL engine
+#
+# type: string
+ssl-engine = ""
+
+# Directory for OCSP staple retrieval
+#
+# type: string
+ocsp-dir = "%%CACHE_DIR%%"
+
+# Number of worker processes
+#
+# type: integer
+workers = 1
+
+# Listen backlog size
+#
+# type: integer
+backlog = 100
+
+# TCP socket keepalive interval in seconds
+#
+# type: integer
+keepalive = 3600
+
+# Chroot directory
+#
+# type: string
+chroot = ""
+
+# Set uid after binding a socket
+#
+# type: string
+user = "hitch"
+
+# Set gid after binding a socket
+#
+# type: string
+group = "hitch"
+
+# Quiet execution, report only error messages
+#
+# type: boolean
+quiet = off
+
+# Use syslog for logging
+#
+# type: boolean
+syslog = on
+
+# Syslog facility to use
+#
+# type: string
+syslog-facility = "daemon"
+
+# Run as daemon
+#
+# type: boolean
+daemon = on
+
+# Report client address by writing IP before sending data
+#
+# NOTE: This option is mutually exclusive with option write-proxy-v2, write-proxy and proxy-proxy.
+#
+# type: boolean
+write-ip = off
+
+# Report client address using SENDPROXY protocol, see
+# http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt
+# for details.
+#
+# NOTE: This option is mutually exclusive with option write-proxy-v2, write-ip and proxy-proxy.
+#
+# type: boolean
+write-proxy = off
+
+# Report client address using SENDPROXY v2 binary protocol, see
+# http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt
+# for details.
+#
+# NOTE: This option is mutually exclusive with option write-ip, write-proxy and proxy-proxy.
+#
+# type: boolean
+write-proxy-v2 = off
+
+# Proxy an existing SENDPROXY protocol header through this request.
+#
+# NOTE: This option is mutually exclusive with option write-proxy-v2, write-ip and write-proxy.
+#
+# type: boolean
+proxy-proxy = off
+
+# EOF

Property changes on: head/security/hitch/files/hitch.conf.sample.in
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/security/hitch/pkg-message
===================================================================
--- head/security/hitch/pkg-message	(revision 487921)
+++ head/security/hitch/pkg-message	(revision 487922)
@@ -1,2 +1,2 @@
 Don't forget to append DH params to your pem file using:
-openssl dhparam -rand - 1024 >> /path/to/cert.pem
+openssl dhparam -rand - 2048 >> /path/to/cert.pem
Index: head/security/hitch/pkg-plist
===================================================================
--- head/security/hitch/pkg-plist	(revision 487921)
+++ head/security/hitch/pkg-plist	(revision 487922)
@@ -1,7 +1,8 @@
 man/man5/hitch.conf.5.gz
 man/man8/hitch.8.gz
 sbin/hitch
 %%PORTDOCS%%%%DOCSDIR%%/CHANGES.rst
 %%PORTDOCS%%%%DOCSDIR%%/README.md
 %%PORTDOCS%%%%DOCSDIR%%/hitch.conf.example
 @sample etc/hitch.conf.sample
+@dir(hitch,hitch,) %%CACHE_DIR%%