Index: security/stunnel/Makefile
===================================================================
--- security/stunnel/Makefile	(revision 396204)
+++ security/stunnel/Makefile	(working copy)
@@ -36,19 +36,19 @@
 		--with-ssl="${OPENSSLBASE}"
 SHEBANG_FILES=	src/stunnel3.in
 
-OPTIONS_DEFINE=			IPV6 LIBWRAP FIPS DOCS EXAMPLES
+OPTIONS_DEFINE=			DOCS EXAMPLES FIPS IPV6 LIBWRAP
 OPTIONS_SINGLE=			THREAD
 OPTIONS_SINGLE_THREAD=		FORK PTHREAD UCONTEXT
 OPTIONS_DEFAULT=		PTHREAD
 
+FIPS_CONFIGURE_ENABLE=		fips
 IPV6_CONFIGURE_ENABLE=		ipv6
 LIBWRAP_CONFIGURE_ENABLE=	libwrap
-FIPS_CONFIGURE_ENABLE=		fips
 
+FIPS_DESC=			Enable OpenSSL FIPS mode
 FORK_DESC=			Use the fork(3) threading model
 PTHREAD_DESC=			Use the pthread(3) threading model
 UCONTEXT_DESC=			Use the ucontext(3) threading model
-FIPS_DESC=			Enable OpenSSL FIPS mode
 
 STUNNEL_USER?=	stunnel
 STUNNEL_GROUP?=	stunnel
@@ -72,6 +72,14 @@
 LDFLAGS+=	-lpthread
 .endif
 
+.if ${PORT_OPTIONS:MFIPS} && "${OPENSSL_PORT}" == "security/libressl"
+IGNORE=		LibreSSL does not support FIPS standard
+.endif
+
+.if "${OPENSSL_PORT}" == "security/libressl"
+NO_PACKAGE=	The stunnel license restricts distribution when linked to non-OpenSSL non-base SSL-libraries
+.endif
+
 post-patch:
 # place files under /var/tmp so that this can be run by an unprivileged
 # user stunnel and group stunnel
Index: security/stunnel/files/patch-src_ssl.c
===================================================================
--- security/stunnel/files/patch-src_ssl.c	(revision 0)
+++ security/stunnel/files/patch-src_ssl.c	(working copy)
@@ -0,0 +1,18 @@
+--- src/ssl.c.orig	2015-09-02 07:45:43 UTC
++++ src/ssl.c
+@@ -208,6 +208,7 @@ NOEXPORT int prng_init(GLOBAL_OPTIONS *g
+     }
+     s_log(LOG_DEBUG, "RAND_screen failed to sufficiently seed PRNG");
+ #else
++#ifndef OPENSSL_NO_EGD
+     if(global->egd_sock) {
+         if((bytes=RAND_egd(global->egd_sock))==-1) {
+             s_log(LOG_WARNING, "EGD Socket %s failed", global->egd_sock);
+@@ -220,6 +221,7 @@ NOEXPORT int prng_init(GLOBAL_OPTIONS *g
+                          so no need to check if seeded sufficiently */
+         }
+     }
++#endif
+     /* try the good-old default /dev/urandom, if available  */
+     totbytes+=add_rand_file(global, "/dev/urandom");
+     if(RAND_status())

Property changes on: security/stunnel/files/patch-src_ssl.c
___________________________________________________________________
Added: svn:keywords
## -0,0 +1 ##
+FreeBSD=%H
\ No newline at end of property
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property