Update to openvpn-2.4.7

Adds TLSv1.3 support, not supported by LibreSSL yet.
#ifdef OPENSSL_DEFINES_MAZE proofread by and ok tb@

net/openvpn/Makefile

@@ -1,10 +1,9 @@
-# $OpenBSD: Makefile,v 1.92 2018/12/07 18:31:33 danj Exp $
+# $OpenBSD: Makefile,v 1.93 2019/02/21 23:32:23 jca Exp $
 
 COMMENT=	easy-to-use, robust, and highly configurable VPN
 
-DISTNAME=	openvpn-2.4.6
+DISTNAME=	openvpn-2.4.7
 CATEGORIES=	net security
-REVISION=	1
 
 HOMEPAGE=	https://openvpn.net/index.php/open-source/
 

net/openvpn/distinfo

@@ -1,2 +1,2 @@
-SHA256 (openvpn-2.4.6.tar.gz) = c429N/z465OCxTYo2yIljEG6lVAWVRnZIA6L6670y+I=
-SIZE (openvpn-2.4.6.tar.gz) = 1431971
+SHA256 (openvpn-2.4.7.tar.gz) = c9zlQu09bwVTZ09JAl373/GDSOuKJeYhUTXWhrFlQjw=
+SIZE (openvpn-2.4.7.tar.gz) = 1457784

net/openvpn/patches/patch-configure

@@ -1,8 +1,8 @@
-$OpenBSD: patch-configure,v 1.19 2018/03/04 19:03:00 jca Exp $
+$OpenBSD: patch-configure,v 1.20 2019/02/21 23:32:23 jca Exp $
 Index: configure
 --- configure.orig
 +++ configure
-@@ -18057,7 +18057,7 @@ else
+@@ -18033,7 +18033,7 @@ else
  fi
  
  

net/openvpn/patches/patch-src_openvpn_ssl_c

@@ -0,0 +1,14 @@
+$OpenBSD: patch-src_openvpn_ssl_c,v 1.1 2019/02/21 23:32:23 jca Exp $
+
+Index: src/openvpn/ssl.c
+--- src/openvpn/ssl.c.orig
++++ src/openvpn/ssl.c
+@@ -4146,7 +4146,7 @@ show_available_tls_ciphers(const char *cipher_list,
+ {
+     printf("Available TLS Ciphers, listed in order of preference:\n");
+ 
+-#if (ENABLE_CRYPTO_OPENSSL && OPENSSL_VERSION_NUMBER >= 0x1010100fL)
++#if (ENABLE_CRYPTO_OPENSSL && OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(OPENSSL_NO_TLS1_3))
+     printf("\nFor TLS 1.3 and newer (--tls-ciphersuites):\n\n");
+     show_available_tls_ciphers_list(cipher_list_tls13, tls_cert_profile, true);
+ #else

net/openvpn/patches/patch-src_openvpn_ssl_openssl_c

@@ -0,0 +1,41 @@
+$OpenBSD: patch-src_openvpn_ssl_openssl_c,v 1.5 2019/02/21 23:32:23 jca Exp $
+
+Index: src/openvpn/ssl_openssl.c
+--- src/openvpn/ssl_openssl.c.orig
++++ src/openvpn/ssl_openssl.c
+@@ -206,7 +206,7 @@ info_callback(INFO_CALLBACK_SSL_CONST SSL *s, int wher
+ int
+ tls_version_max(void)
+ {
+-#if defined(TLS1_3_VERSION)
++#if defined(TLS1_3_VERSION) && !defined(OPENSSL_NO_TLS1_3)
+     return TLS_VER_1_3;
+ #elif defined(TLS1_2_VERSION) || defined(SSL_OP_NO_TLSv1_2)
+     return TLS_VER_1_2;
+@@ -233,7 +233,7 @@ openssl_tls_version(int ver)
+     {
+         return TLS1_2_VERSION;
+     }
+-#if defined(TLS1_3_VERSION)
++#if defined(TLS1_3_VERSION) && !defined(OPENSSL_NO_TLS1_3)
+     else if (ver == TLS_VER_1_3)
+     {
+         return TLS1_3_VERSION;
+@@ -459,7 +459,7 @@ tls_ctx_restrict_ciphers_tls13(struct tls_root_ctx *ct
+         return;
+     }
+ 
+-#if (OPENSSL_VERSION_NUMBER < 0x1010100fL)
++#if (OPENSSL_VERSION_NUMBER < 0x1010100fL) || defined(OPENSSL_NO_TLS1_3)
+         crypto_msg(M_WARN, "Not compiled with OpenSSL 1.1.1 or higher. "
+                        "Ignoring TLS 1.3 only tls-ciphersuites '%s' setting.",
+                         ciphers);
+@@ -1846,7 +1846,7 @@ show_available_tls_ciphers_list(const char *cipher_lis
+         crypto_msg(M_FATAL, "Cannot create SSL_CTX object");
+     }
+ 
+-#if (OPENSSL_VERSION_NUMBER >= 0x1010100fL)
++#if (OPENSSL_VERSION_NUMBER >= 0x1010100fL) && !defined(OPENSSL_NO_TLS1_3)
+     if (tls13)
+     {
+         SSL_CTX_set_min_proto_version(tls_ctx.ctx, TLS1_3_VERSION);

net/openvpn/pkg/PLIST

@@ -1,6 +1,7 @@
-@comment $OpenBSD: PLIST,v 1.24 2018/09/04 12:46:18 espie Exp $
+@comment $OpenBSD: PLIST,v 1.25 2019/02/21 23:32:23 jca Exp $
 @newgroup _openvpn:577
 @newuser _openvpn:577:_openvpn:daemon:OpenVPN Daemon:/nonexistent:/sbin/nologin
+@rcscript ${RCDIR}/openvpn
 include/openvpn/
 include/openvpn/openvpn-msg.h
 include/openvpn/openvpn-plugin.h
@@ -63,4 +64,3 @@ share/examples/openvpn/sample-scripts/bridge-start
 share/examples/openvpn/sample-scripts/bridge-stop
 share/examples/openvpn/sample-scripts/ucn.pl
 share/examples/openvpn/sample-scripts/verify-cn
-@rcscript ${RCDIR}/openvpn