Index: head/mail/cclient/Makefile
===================================================================
--- head/mail/cclient/Makefile	(revision 527990)
+++ head/mail/cclient/Makefile	(revision 527991)
@@ -1,114 +1,114 @@
 # Created by: Kelly Yancey <kbyanc@FreeBSD.org>
 # $FreeBSD$
 
 PORTNAME=	cclient
 PORTVERSION=	2007f
-PORTREVISION=	3
+PORTREVISION=	4
 PORTEPOCH=	1
 CATEGORIES=	mail devel
 MASTER_SITES=	ftp://ftp.cac.washington.edu/imap/%SUBDIR%/ \
 		http://atreides.freenix.no/~anders/%SUBDIR%/ \
 		ftp://ftp.funet.fi/pub/mirrors/ftp.cac.washington.edu/imap/%SUBDIR%/ \
 		ftp://ftp.nuug.no/pub/anders/distfiles/%SUBDIR%/
 MASTER_SITE_SUBDIR=	. old
 DISTNAME=	imap-${PORTVERSION}
 
 MAINTAINER=	ports@FreeBSD.org
 COMMENT=	C-client mail access routines by Mark Crispin
 
 LICENSE=	APACHE20
 LICENSE_FILE=	${WRKSRC}/LICENSE.txt
 
 CONFLICTS_INSTALL=	panda-cclient-20*
 
 OPTIONS_DEFINE=	SSL SSL_AND_PLAINTEXT IPV6 MBX_DEFAULT
 OPTIONS_DEFAULT=	SSL
 SSL_AND_PLAINTEXT_DESC=	Allow plain text passwords and SSL
 MBX_DEFAULT_DESC=	Use MBX as default mailbox format
 
 ALL_TARGET=	bsf
 MAKE_JOBS_UNSAFE=	yes
 USE_LDCONFIG=	yes
 
 SSL_USES=		ssl
 
 .include <bsd.port.options.mk>
 
 .if ${PORT_OPTIONS:MSSL}
 PKGMESSAGE=	pkg-message-ssl
 .endif
 
 .if ! ${PORT_OPTIONS:MSSL}
 MAKE_ARGS+=	SSLTYPE=none SSLDIR=${OPENSSLBASE}
 .else
 .if ${PORT_OPTIONS:MSSL_AND_PLAINTEXT}
 MAKE_ARGS+=	SSLTYPE=unix SSLDIR=${OPENSSLDIR}
 .else
 MAKE_ARGS+=	SSLTYPE=unix.nopwd SSLDIR=${OPENSSLDIR}
 .endif
 .endif
 
 WRKSRC=		${WRKDIR}/${DISTNAME}
 MAKE_ARGS+=	EXTRACFLAGS="${CFLAGS}"
 
 SHLIBBASE=	c-client4
 SHLIBMAJ=	9
 SHLIBNAME=	lib${SHLIBBASE}.so.${SHLIBMAJ}
 MAKE_ENV+=	SHLIBNAME=${SHLIBNAME} SHLIBBASE=${SHLIBBASE}
 PLIST_SUB+=	SHLIBNAME=${SHLIBNAME} SHLIBBASE=${SHLIBBASE}
 
 post-patch:
 .for file in Makefile src/osdep/unix/Makefile src/osdep/unix/Makefile.gss
 	@${REINPLACE_CMD} -e "s|/usr/local|${PREFIX}|g" ${WRKSRC}/${file}
 .endfor
 	@${REINPLACE_CMD} -e "s:/etc/ssl/certs:${PREFIX}/certs:g; \
 		s:/etc/ssl/private:${PREFIX}/certs:g" ${WRKSRC}/Makefile
 	@${REINPLACE_CMD} -e "s:/etc/c-client.cf:${PREFIX}/etc/c-client.cf:" \
 		${WRKSRC}/src/osdep/unix/env_unix.h
 .if ${PORT_OPTIONS:MSSL}
 	@${REINPLACE_CMD} -e " \
 		s:SSLINCLUDE=/usr/include/openssl SSLLIB=/usr/lib:SSLINCLUDE=${OPENSSLINC} SSLLIB=${OPENSSLLIB}: \
 		" ${WRKSRC}/Makefile
 .endif
 .if ${PORT_OPTIONS:MIPV6}
 	@${REINPLACE_CMD} -e "s|^IP=4|IP=6|" ${WRKSRC}/Makefile \
 		${WRKSRC}/src/osdep/unix/Makefile
 .endif
 .if ${PORT_OPTIONS:MMBX_DEFAULT}
 	@${REINPLACE_CMD} -e "s|^CREATEPROTO=unixproto|CREATEPROTO=mbxproto|" \
 		${WRKSRC}/src/osdep/unix/Makefile
 .endif
 
 post-configure:
 	@${ECHO_MSG} ">> The c-client shared library will be named ${SHLIBNAME}"
 
 HEADERS=	c-client.h dummy.h env.h env_unix.h fdstring.h flockcyg.h \
 		flocksim.h flstring.h fs.h ftl.h imap4r1.h linkage.c linkage.h \
 		mail.h misc.h netmsg.h newsrc.h nl.h nntp.h osdep.h pseudo.h \
 		rfc822.h smtp.h sslio.h tcp.h tcp_unix.h unix.h utf8.h \
 		utf8aux.h
 PORTREV_H=	${WRKDIR}/portrevision.h
 
 post-build:
 	@${ECHO_CMD} "#define CCLIENT_PORTVERSION \"${PORTVERSION}\"" >${PORTREV_H}
 .if ${PORT_OPTIONS:MSSL}
 	@${ECHO_CMD} "#define CCLIENT_SSLENABLED \"yes\"" >>${PORTREV_H}
 .else
 	@${ECHO_CMD} "#define CCLIENT_SSLENABLED \"no\"" >>${PORTREV_H}
 .endif
 
 do-install:
 	${MKDIR} ${STAGEDIR}${PREFIX}/include/c-client
 .for f in ${HEADERS}
 	${INSTALL_DATA} ${WRKSRC}/c-client/${f} ${STAGEDIR}${PREFIX}/include/c-client
 .endfor
 	${INSTALL_LIB} ${WRKSRC}/c-client/${SHLIBNAME} ${STAGEDIR}${PREFIX}/lib
 	${LN} -sf ${SHLIBNAME} ${STAGEDIR}${PREFIX}/lib/lib${SHLIBBASE}.so
 	${INSTALL_DATA} ${WRKSRC}/c-client/c-client.a \
 		${STAGEDIR}${PREFIX}/lib/lib${SHLIBBASE}.a
 	${INSTALL_DATA} ${WRKSRC}/c-client/CFLAGS ${STAGEDIR}${PREFIX}/include/c-client
 	${INSTALL_DATA} ${WRKSRC}/c-client/LDFLAGS ${STAGEDIR}${PREFIX}/include/c-client
 	${INSTALL_DATA} ${WRKSRC}/c-client/OSCFLAGS ${STAGEDIR}${PREFIX}/include/c-client
 	${INSTALL_DATA} ${PORTREV_H} ${STAGEDIR}${PREFIX}/include/c-client
 
 .include <bsd.port.mk>
Index: head/mail/cclient/files/patch-src_osdep_unix_ssl__unix.c
===================================================================
--- head/mail/cclient/files/patch-src_osdep_unix_ssl__unix.c	(revision 527990)
+++ head/mail/cclient/files/patch-src_osdep_unix_ssl__unix.c	(revision 527991)
@@ -1,26 +1,59 @@
---- src/osdep/unix/ssl_unix.c.orig	2011-07-23 00:20:10 UTC
+Description: Support OpenSSL 1.1
+ When building with OpenSSL 1.1 and newer, use the new built-in
+ hostname verification instead of code that doesn't compile due to
+ structs having been made opaque.
+Bug-Debian: https://bugs.debian.org/828589
+
+Obtained from: https://sources.debian.org/data/main/u/uw-imap/8:2007f~dfsg-5/debian/patches/1006_openssl1.1_autoverify.patch
+--- src/osdep/unix/ssl_unix.c.orig
 +++ src/osdep/unix/ssl_unix.c
-@@ -270,9 +270,9 @@ static char *ssl_start_work (SSLSTREAM *
+@@ -227,8 +227,16 @@ static char *ssl_start_work (SSLSTREAM *
+ 				/* disable certificate validation? */
+   if (flags & NET_NOVALIDATECERT)
+     SSL_CTX_set_verify (stream->context,SSL_VERIFY_NONE,NIL);
+-  else SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify);
++  else {
++#if OPENSSL_VERSION_NUMBER >= 0x10100000      
++      X509_VERIFY_PARAM *param = SSL_CTX_get0_param(stream->context);
++      X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
++      X509_VERIFY_PARAM_set1_host(param, host, 0);
++#endif
++
++      SSL_CTX_set_verify (stream->context,SSL_VERIFY_PEER,ssl_open_verify);
+ 				/* set default paths to CAs... */
++  }
+   SSL_CTX_set_default_verify_paths (stream->context);
+ 				/* ...unless a non-standard path desired */
+   if (s = (char *) mail_parameters (NIL,GET_SSLCAPATH,NIL))
+@@ -266,6 +274,7 @@ static char *ssl_start_work (SSLSTREAM *
+   if (SSL_write (stream->con,"",0) < 0)
+     return ssl_last_error ? ssl_last_error : "SSL negotiation failed";
+ 				/* need to validate host names? */
++#if OPENSSL_VERSION_NUMBER < 0x10100000
+   if (!(flags & NET_NOVALIDATECERT) &&
        (err = ssl_validate_cert (cert = SSL_get_peer_certificate (stream->con),
  				host))) {
- 				/* application callback */
--    if (scq) return (*scq) (err,host,cert ? cert->name : "???") ? NIL : "";
-+    if (scq) return (*scq) (err,host,cert ? X509_get_subject_name(cert) : "???") ? NIL : "";
- 				/* error message to return via mm_log() */
--    sprintf (tmp,"*%.128s: %.255s",err,cert ? cert->name : "???");
-+    sprintf (tmp,"*%.128s: %.255s",err,cert ? X509_get_subject_name(cert) : "???");
+@@ -275,6 +284,7 @@ static char *ssl_start_work (SSLSTREAM *
+     sprintf (tmp,"*%.128s: %.255s",err,cert ? cert->name : "???");
      return ssl_last_error = cpystr (tmp);
    }
++#endif
    return NIL;
-@@ -322,9 +322,9 @@ static char *ssl_validate_cert (X509 *ce
- 				/* make sure have a certificate */
-   if (!cert) ret = "No certificate from server";
- 				/* and that it has a name */
--  else if (!cert->name) ret = "No name in certificate";
-+  else if (!X509_get_subject_name(cert)) ret = "No name in certificate";
- 				/* locate CN */
--  else if (s = strstr (cert->name,"/CN=")) {
-+  else if (s = strstr (X509_get_subject_name(cert),"/CN=")) {
-     if (t = strchr (s += 4,'/')) *t = '\0';
- 				/* host name matches pattern? */
-     ret = ssl_compare_hostnames (host,s) ? NIL :
+ }
+ 
+@@ -313,6 +323,7 @@ static int ssl_open_verify (int ok,X509_
+  * Returns: NIL if validated, else string of error message
+  */
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100000
+ static char *ssl_validate_cert (X509 *cert,char *host)
+ {
+   int i,n;
+@@ -342,6 +353,7 @@ static char *ssl_validate_cert (X509 *ce
+   else ret = "Unable to locate common name in certificate";
+   return ret;
+ }
++#endif
+ 
+ /* Case-independent wildcard pattern match
+  * Accepts: base string