enable TLS hostname checks

www/c-icap/c-icap/Makefile

@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.19 2018/01/11 19:27:11 rpe Exp $
+# $OpenBSD: Makefile,v 1.20 2018/02/17 12:29:40 sthen Exp $
 
 MULTI_PACKAGES=	-main -db -ldap
 COMMENT-main=	ICAP server for use with web proxies
@@ -10,7 +10,7 @@ DISTNAME=	c_icap-$V
 PKGNAME-main=	c-icap-$V
 PKGNAME-db=	c-icap-db-$V
 PKGNAME-ldap=	c-icap-ldap-$V
-REVISION-main=	0
+REVISION-main=	1
 
 SHARED_LIBS +=	icapapi                   2.0 # 5.2
 

www/c-icap/c-icap/patches/patch-openssl_net_io_ssl_c

@@ -1,14 +1,15 @@
-$OpenBSD: patch-openssl_net_io_ssl_c,v 1.1 2017/07/04 11:06:27 sthen Exp $
+$OpenBSD: patch-openssl_net_io_ssl_c,v 1.2 2018/02/17 12:29:40 sthen Exp $
 
 Index: openssl/net_io_ssl.c
 --- openssl/net_io_ssl.c.orig
 +++ openssl/net_io_ssl.c
-@@ -731,7 +731,7 @@ int ci_tls_connect_nonblock(ci_connection_t *connectio
+@@ -731,7 +731,8 @@ int ci_tls_connect_nonblock(ci_connection_t *connectio
          /*SSL_new increases the reference count for ctx*/
          ssl = SSL_new(ctx);
  
 -#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x1000201fL
-+#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x1000201fL && !defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER >= 0x1000201fL && \
++    (!defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER < 0x2070000fL)
          if (SSL_CTX_get_verify_mode(ctx) & SSL_VERIFY_PEER) {
              X509_VERIFY_PARAM *param = SSL_get0_param(ssl);
              /* Enable automatic hostname checks */