diff --git a/mail/sendmail/Makefile b/mail/sendmail/Makefile
index ec6658371210..affa1e33babb 100644
--- a/mail/sendmail/Makefile
+++ b/mail/sendmail/Makefile
@@ -2,7 +2,7 @@
 
 PORTNAME=	sendmail
 PORTVERSION=	8.15.2
-PORTREVISION=	19
+PORTREVISION=	20
 CATEGORIES=	mail
 MASTER_SITES=	ftp://ftp.sendmail.org/pub/sendmail/
 DISTNAME=	${PORTNAME}.${PORTVERSION}
diff --git a/mail/sendmail/files/patch-tls.c b/mail/sendmail/files/patch-tls.c
index d97a19cb3b2c..6622c51afe3a 100644
--- a/mail/sendmail/files/patch-tls.c
+++ b/mail/sendmail/files/patch-tls.c
@@ -1,6 +1,6 @@
 --- sendmail/tls.c.orig	2015-06-20 01:37:28 UTC
 +++ sendmail/tls.c
-@@ -16,6 +16,9 @@ SM_RCSID("@(#)$Id: tls.c,v 8.127 2013-11
+@@ -16,6 +16,9 @@ SM_RCSID("@(#)$Id: tls.c,v 8.127 2013-11-27 02:51:11 g
  # include <openssl/err.h>
  # include <openssl/bio.h>
  # include <openssl/pem.h>
@@ -10,7 +10,7 @@
  # ifndef HASURANDOMDEV
  #  include <openssl/rand.h>
  # endif /* ! HASURANDOMDEV */
-@@ -44,6 +47,23 @@ static bool	tls_safe_f __P((char *, long
+@@ -44,6 +47,23 @@ static bool	tls_safe_f __P((char *, long, bool));
  static int	tls_verify_log __P((int, X509_STORE_CTX *, const char *));
  
  # if !NO_DH
@@ -76,7 +76,7 @@
  	}
  	return(dh);
  }
-@@ -708,6 +733,30 @@ load_certkey(ssl, srv, certfile, keyfile
+@@ -708,6 +733,29 @@ load_certkey(ssl, srv, certfile, keyfile)
  
  static char server_session_id_context[] = "sendmail8";
  
@@ -97,7 +97,6 @@
 +			RSA_free(rsa);
 +			rsa = NULL;
 +		}
-+		return NULL;
 +	}
 +	BN_free(bn_rsa_r4);
 +	return rsa;
@@ -107,7 +106,7 @@
  /* 0.9.8a and b have a problem with SSL_OP_TLS_BLOCK_PADDING_BUG */
  #if (OPENSSL_VERSION_NUMBER >= 0x0090800fL)
  # define SM_SSL_OP_TLS_BLOCK_PADDING_BUG	1
-@@ -926,7 +975,7 @@ inittls(ctx, req, options, srv, certfile
+@@ -926,7 +974,7 @@ inittls(ctx, req, options, srv, certfile, keyfile, cac
  	{
  		/* get a pointer to the current certificate validation store */
  		store = SSL_CTX_get_cert_store(*ctx);	/* does not fail */
@@ -116,7 +115,7 @@
  		if (crl_file != NULL)
  		{
  			if (BIO_read_filename(crl_file, CRLFile) >= 0)
-@@ -1003,8 +1052,7 @@ inittls(ctx, req, options, srv, certfile
+@@ -1003,8 +1051,7 @@ inittls(ctx, req, options, srv, certfile, keyfile, cac
  	if (bitset(TLS_I_RSA_TMP, req)
  #  if SM_CONF_SHM
  	    && ShmId != SM_SHM_NO_ID &&
@@ -126,7 +125,7 @@
  #  else /* SM_CONF_SHM */
  	    && 0	/* no shared memory: no need to generate key now */
  #  endif /* SM_CONF_SHM */
-@@ -1209,9 +1257,10 @@ inittls(ctx, req, options, srv, certfile
+@@ -1209,9 +1256,10 @@ inittls(ctx, req, options, srv, certfile, keyfile, cac
  			if (tTd(96, 2))
  				sm_dprintf("inittls: Generating %d bit DH parameters\n", bits);
  
@@ -139,7 +138,7 @@
  			dh = DSA_dup_DH(dsa);
  			DSA_free(dsa);
  		}
-@@ -1744,7 +1793,7 @@ tmp_rsa_key(s, export, keylength)
+@@ -1744,7 +1792,7 @@ tmp_rsa_key(s, export, keylength)
  
  	if (rsa_tmp != NULL)
  		RSA_free(rsa_tmp);
@@ -148,7 +147,7 @@
  	if (rsa_tmp == NULL)
  	{
  		if (LogLevel > 0)
-@@ -1971,9 +2020,9 @@ x509_verify_cb(ok, ctx)
+@@ -1971,9 +2019,9 @@ x509_verify_cb(ok, ctx)
  	{
  		if (LogLevel > 13)
  			tls_verify_log(ok, ctx, "x509");