If SSL_CTX_set_min_proto_version is found, Dovecot enables some code to

convert ssl_protocols strings to min/max values. Patch to neuter the autoconf
check because this code doesn't work correctly (in particular it doesn't
handle strings with !SSLv2) and fallback to the old working code instead.

No reply to https://www.dovecot.org/pipermail/dovecot/2018-March/111260.html
but the code is different in Dovecot master/2.3 (it looks like they did it
this way in 2.2 so they could use the 1.1-api functions without config
changes, but it backfired).

ok Brad

mail/dovecot/Makefile

@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.264 2018/03/10 21:54:30 sthen Exp $
+# $OpenBSD: Makefile,v 1.265 2018/03/15 22:20:54 sthen Exp $
 
 COMMENT-server=	compact IMAP/POP3 server
 COMMENT-ldap=	LDAP authentication / dictionary support for Dovecot
@@ -7,6 +7,7 @@ COMMENT-postgresql= PostgreSQL authentication / dictionary support for Dovecot
 
 V_MAJOR=	2.2
 V_DOVECOT=	2.2.34
+REVISION-server=0
 
 DISTNAME=	dovecot-${V_DOVECOT}
 PKGNAME=	dovecot-${V_DOVECOT}

mail/dovecot/patches/patch-configure

@@ -0,0 +1,21 @@
+$OpenBSD: patch-configure,v 1.17 2018/03/15 22:20:54 sthen Exp $
+
+https://www.dovecot.org/pipermail/dovecot/2018-March/111260.html
+
+If this function is found, ssl_protocols_to_min_protocol is used to
+convert ssl_protocols strings to min/max values, however that function
+can't cope with strings containing "!SSLv2". Until fixed, just revert to
+the traditional method which actually works.
+
+Index: configure
+--- configure.orig
++++ configure
+@@ -22982,7 +22982,7 @@ fi
+ $as_echo "$i_cv_have_ssl_ctx_set_min_proto_version" >&6; }
+     if test $i_cv_have_ssl_ctx_set_min_proto_version = yes; then
+ 
+-$as_echo "#define HAVE_SSL_CTX_SET_MIN_PROTO_VERSION /**/" >>confdefs.h
++$as_echo "/* #define HAVE_SSL_CTX_SET_MIN_PROTO_VERSION */" >>confdefs.h
+ 
+     fi
+