I prepared a PR to upgrade LibreSSL to 2.7.2 https://github.com/macports/macports-ports/pull/1626
Three changes that seem most relevant to me (quoting directly from the release notes): * Fixed builds macOS 10.11 and older. * Added support for many OpenSSL 1.0.2 and 1.1 APIs, based on observations of real-world usage in applications. These are implemented in parallel with existing OpenSSL 1.0.1 APIs - visibility changes have not been made to existing structs, allowing code written for older OpenSSL APIs to continue working. * Extensive corrections, improvements, and additions to the API documentation, including new public APIs from OpenSSL that had no pre-existing documentation. There is goodness; I have tested with a couple of ports, and some ports can actually drop their patches. I am writing here to give it a wider audience; can maintainers/users of SSL-dependent ports please test with this branch? In particular, can people on MacOS 10.11 please describe what exactly the probem is/was and please confirm it disappears with 2.7.2? Given the extended compatibility with OpenSSL 1.0.2 and 1.1 API, I suspect more ports will get easier, possibly dropping the patch altogether (like e.g. libevent). In particular, there is kerberos5; the libressl.patch must get easier now, because we have EVP_MD_CTX_new() and EVP_MD_CTX_free(). I have not looked at it in detail - Rainer, could you please look at it? For completeness sake, Jeremy (maintainer) has reservations to upgrading at all: https://trac.macports.org/ticket/55264 Jan
