diff -urN /usr/ports/net/ocserv.old/Makefile /usr/ports/net/ocserv/Makefile
--- /usr/ports/net/ocserv.old/Makefile	2015-08-16 23:48:15.000000000 +0200
+++ /usr/ports/net/ocserv/Makefile	2015-09-06 20:53:33.902955000 +0200
@@ -2,7 +2,7 @@
 # $FreeBSD: head/net/ocserv/Makefile 394422 2015-08-16 21:48:15Z pi $
 
 PORTNAME=	ocserv
-PORTVERSION=	0.10.7
+PORTVERSION=	0.10.8
 CATEGORIES=	net security
 MASTER_SITES=	ftp://ftp.infradead.org/pub/ocserv/
 
@@ -18,7 +18,8 @@
 		libiconv.so:${PORTSDIR}/converters/libiconv \
 		libtalloc.so:${PORTSDIR}/devel/talloc \
 		libprotobuf-c.so:${PORTSDIR}/devel/protobuf-c \
-		libgnutls.so:${PORTSDIR}/security/gnutls
+		libgnutls.so:${PORTSDIR}/security/gnutls \
+		libtasn1.so:${PORTSDIR}/security/libtasn1
 
 USES=	autoreconf cpe gmake gperf libtool ncurses pathfix pkgconfig readline tar:xz
 CPE_VENDOR=	infradead
@@ -43,14 +44,11 @@
 PORTDOCS=	AUTHORS ChangeLog INSTALL NEWS README TODO
 PORTEXAMPLES=	profile.xml sample.config sample.passwd
 
-.include <bsd.port.options.mk>
+GSSAPI_USES=		gssapi:mit
+GSSAPI_LIB_DEPENDS=	libkrb5support.so:${PORTSDIR}/security/krb5
+GSSAPI_CONFIGURE_OFF=	--without-gssapi
 
-.if ${PORT_OPTIONS:MGSSAPI}
-USES+=	gssapi:mit
-LIB_DEPENDS+=	libkrb5support.so:${PORTSDIR}/security/krb5
-.else
-CONFIGURE_ARGS+=	--without-gssapi
-.endif
+.include <bsd.port.options.mk>
 
 post-patch:
 	${RM} ${WRKSRC}/doc/occtl.8
diff -urN /usr/ports/net/ocserv.old/distinfo /usr/ports/net/ocserv/distinfo
--- /usr/ports/net/ocserv.old/distinfo	2015-08-16 23:48:15.000000000 +0200
+++ /usr/ports/net/ocserv/distinfo	2015-09-06 19:42:46.619661000 +0200
@@ -1,2 +1,2 @@
-SHA256 (ocserv-0.10.7.tar.xz) = 222212baae53e7f74273245e1459d4132cda41ad255a21f1e42ab4cd240f431d
-SIZE (ocserv-0.10.7.tar.xz) = 712232
+SHA256 (ocserv-0.10.8.tar.xz) = af989f27585d3567221ffc40babbb383bcd0ca6879e52bbcdee6ac3a90608454
+SIZE (ocserv-0.10.8.tar.xz) = 714404
diff -urN /usr/ports/net/ocserv.old/files/patch-configure.ac /usr/ports/net/ocserv/files/patch-configure.ac
--- /usr/ports/net/ocserv.old/files/patch-configure.ac	2015-08-16 23:48:15.000000000 +0200
+++ /usr/ports/net/ocserv/files/patch-configure.ac	2015-09-06 19:42:46.620387000 +0200
@@ -1,22 +1,15 @@
---- configure.ac.orig	2015-08-06 16:43:09 UTC
+--- configure.ac.orig	2015-09-04 19:27:22 UTC
 +++ configure.ac
-@@ -16,11 +16,11 @@ AM_PROG_CC_C_O
- if [ test "$GCC" = "yes" ];then
- 	CFLAGS="$CFLAGS -Wall"
+@@ -19,7 +19,7 @@ if [ test "$GCC" = "yes" ];then
  fi
--AC_PATH_PROG(CTAGS, ctags, /bin/true)
--AC_PATH_PROG(CSCOPE, cscope, /bin/true)
--AC_CHECK_PROG([AUTOGEN], [autogen], [autogen], [/bin/true])
-+AC_PATH_PROG(CTAGS, ctags, /usr/bin/true)
-+AC_PATH_PROG(CSCOPE, cscope, /usr/bin/true)
+ AC_PATH_PROG(CTAGS, ctags, [:])
+ AC_PATH_PROG(CSCOPE, cscope, [:])
+-AC_CHECK_PROG([AUTOGEN], [autogen], [autogen], [:])
 +AC_CHECK_PROG([AUTOGEN], [autogen], [autogen], [autogen])
  
--if test x"$AUTOGEN" = "x/bin/true"; then
-+if test x"$AUTOGEN" = "x:"; then
+ if test x"$AUTOGEN" = "x:"; then
  	AC_MSG_WARN([[
- ***
- *** autogen not found. Will not link against libopts.
-@@ -124,7 +124,7 @@ if test "$test_for_libnl" = yes;then
+@@ -125,7 +125,7 @@ if test "$test_for_libnl" = yes;then
  fi
  
  have_readline=no
@@ -25,11 +18,11 @@
  #include <stdio.h>
  #include <readline/readline.h>], [rl_replace_line(0,0);])
    if test x$ac_cv_libreadline = xyes; then
-@@ -441,7 +441,7 @@ if test "$NEED_LIBOPTS_DIR" = "true";the
+@@ -442,7 +442,7 @@ if test "$NEED_LIBOPTS_DIR" = "true";the
  			cp -f $i $nam
  		fi
  	done
--	AC_SUBST([AUTOGEN], [/bin/true])
+-	AC_SUBST([AUTOGEN], [:])
 +	AC_SUBST([AUTOGEN], [autogen])
  	enable_local_libopts=yes
  else
diff -urN /usr/ports/net/ocserv.old/files/patch-doc_Makefile.am /usr/ports/net/ocserv/files/patch-doc_Makefile.am
--- /usr/ports/net/ocserv.old/files/patch-doc_Makefile.am	2015-08-16 23:48:15.000000000 +0200
+++ /usr/ports/net/ocserv/files/patch-doc_Makefile.am	2015-09-06 19:42:46.621136000 +0200
@@ -1,11 +1,11 @@
---- doc/Makefile.am.orig	2015-05-26 16:33:38 UTC
+--- doc/Makefile.am.orig	2015-08-18 19:48:03 UTC
 +++ doc/Makefile.am
 @@ -5,18 +5,27 @@ EXTRA_DIST = design.dia sample.config sc
  
  dist_man_MANS = ocserv.8 ocpasswd.8 occtl.8
  
 -ocserv.8: ../src/ocserv-args.def
--	-sed 's/@subheading \(.*\)/@*\n@var{\1}\n@*/' $< > "$<".tmp && \
+-	-$(SED) 's/@subheading \(.*\)/@*\n@var{\1}\n@*/' $< > "$<".tmp && \
 -	@AUTOGEN@ -L../src -DMAN_SECTION=8 -Tagman-cmd.tpl "$<".tmp && \
 -	rm -f "$<".tmp
 +ocserv.8:
@@ -17,7 +17,7 @@
 +	sed -I -e 's/^\.NOP //' $@
  
 -occtl.8: ../src/occtl-args.def
--	-sed 's/@subheading \(.*\)/@*\n@var{\1}\n@*/' $< > "$<".tmp && \
+-	-$(SED) 's/@subheading \(.*\)/@*\n@var{\1}\n@*/' $< > "$<".tmp && \
 -	@AUTOGEN@ -L../src -DMAN_SECTION=8 -Tagman-cmd.tpl "$<".tmp && \
 -	rm -f "$<".tmp
 +occtl.8:
@@ -29,7 +29,7 @@
 +	sed -I -e 's/^\.NOP //' $@
  
 -ocpasswd.8: ../src/ocpasswd-args.def
--	-sed 's/@subheading \(.*\)/@*\n@var{\1}\n@*/' $< > "$<".tmp && \
+-	-$(SED) 's/@subheading \(.*\)/@*\n@var{\1}\n@*/' $< > "$<".tmp && \
 -	@AUTOGEN@ -L../src -DMAN_SECTION=8 -Tagman-cmd.tpl "$<".tmp && \
 -	rm -f "$<".tmp
 +ocpasswd.8:
diff -urN /usr/ports/net/ocserv.old/files/patch-src_config.c /usr/ports/net/ocserv/files/patch-src_config.c
--- /usr/ports/net/ocserv.old/files/patch-src_config.c	2015-08-16 23:48:15.000000000 +0200
+++ /usr/ports/net/ocserv/files/patch-src_config.c	2015-09-06 19:42:46.621841000 +0200
@@ -1,6 +1,6 @@
---- src/config.c.orig	2015-07-18 10:35:29 UTC
+--- src/config.c.orig	2015-09-04 19:27:22 UTC
 +++ src/config.c
-@@ -52,8 +52,7 @@
+@@ -51,8 +51,7 @@
  #include <tlslib.h>
  #include "common-config.h"
  
@@ -9,8 +9,8 @@
 +#define DEFAULT_CFG_FILE "/usr/local/etc/ocserv/conf"
  
  static char pid_file[_POSIX_PATH_MAX] = "";
- static const char* cfg_file = DEFAULT_CFG_FILE;
-@@ -414,7 +413,7 @@ static void figure_auth_funcs(struct per
+ static char cfg_file[_POSIX_PATH_MAX] = DEFAULT_CFG_FILE;
+@@ -416,7 +415,7 @@ static void figure_auth_funcs(struct per
  			}
  			talloc_free(auth[j]);
  		}
@@ -19,7 +19,7 @@
  	} else {
  		unsigned x = config->auth_methods;
  		/* Append authentication methods (alternative options) */
-@@ -583,9 +582,6 @@ size_t urlfw_size = 0;
+@@ -586,9 +585,6 @@ size_t urlfw_size = 0;
  #endif
  
  	pov = configFileLoad(file);
diff -urN /usr/ports/net/ocserv.old/files/patch-src_main-ctl-unix.c /usr/ports/net/ocserv/files/patch-src_main-ctl-unix.c
--- /usr/ports/net/ocserv.old/files/patch-src_main-ctl-unix.c	2015-08-16 23:48:15.000000000 +0200
+++ /usr/ports/net/ocserv/files/patch-src_main-ctl-unix.c	2015-09-06 19:42:46.622667000 +0200
@@ -1,24 +1,26 @@
---- src/main-ctl-unix.c.orig	2015-05-26 16:33:38 UTC
+--- src/main-ctl-unix.c.orig	2015-08-28 19:13:38 UTC
 +++ src/main-ctl-unix.c
-@@ -110,10 +110,15 @@ int ctl_handler_init(main_server_st * s)
+@@ -110,12 +110,15 @@ int ctl_handler_init(main_server_st * s)
  	struct sockaddr_un sa;
  	int sd, e;
  
--	if (s->config->use_occtl == 0 || s->perm_config->occtl_socket_file == NULL)
-+	mslog(s, NULL, LOG_INFO, "using control unix socket: %s", s->perm_config->occtl_socket_file);
+-	if (s->config->use_occtl == 0 || s->perm_config->occtl_socket_file == NULL) {
+-		mslog(s, NULL, LOG_INFO, "not using control unix socket");
+-		return 0;
++       mslog(s, NULL, LOG_INFO, "using control unix socket: %s", s->perm_config->occtl_socket_file);
 +
-+	if (s->config->use_occtl == 0 ||
-+		s->perm_config->occtl_socket_file == NULL) {
-+		mslog(s, NULL, LOG_INFO, "not using control unix socket");
- 		return 0;
-+	}
++       if (s->config->use_occtl == 0 ||
++               s->perm_config->occtl_socket_file == NULL) {
++               mslog(s, NULL, LOG_INFO, "not using control unix socket");
++	       return 0;
+ 	}
  
 -	mslog(s, NULL, LOG_DEBUG, "initializing control unix socket: %s", s->perm_config->occtl_socket_file);
 +	mslog(s, NULL, LOG_INFO, "initializing control unix socket: %s", s->perm_config->occtl_socket_file);
  	memset(&sa, 0, sizeof(sa));
  	sa.sun_family = AF_UNIX;
  	strlcpy(sa.sun_path, s->perm_config->occtl_socket_file, sizeof(sa.sun_path));
-@@ -122,7 +127,7 @@ int ctl_handler_init(main_server_st * s)
+@@ -124,7 +127,7 @@ int ctl_handler_init(main_server_st * s)
  	sd = socket(AF_UNIX, SOCK_STREAM, 0);
  	if (sd == -1) {
  		e = errno;
@@ -27,7 +29,7 @@
  		      s->perm_config->occtl_socket_file, strerror(e));
  		return -1;
  	}
-@@ -131,7 +136,7 @@ int ctl_handler_init(main_server_st * s)
+@@ -133,7 +136,7 @@ int ctl_handler_init(main_server_st * s)
  	ret = bind(sd, (struct sockaddr *)&sa, SUN_LEN(&sa));
  	if (ret == -1) {
  		e = errno;
@@ -36,7 +38,7 @@
  		      s->perm_config->occtl_socket_file, strerror(e));
  		return -1;
  	}
-@@ -139,14 +144,14 @@ int ctl_handler_init(main_server_st * s)
+@@ -141,14 +144,14 @@ int ctl_handler_init(main_server_st * s)
  	ret = chown(s->perm_config->occtl_socket_file, s->perm_config->uid, s->perm_config->gid);
  	if (ret == -1) {
  		e = errno;
diff -urN /usr/ports/net/ocserv.old/files/patch-src_main.c /usr/ports/net/ocserv/files/patch-src_main.c
--- /usr/ports/net/ocserv.old/files/patch-src_main.c	2015-08-16 23:48:15.000000000 +0200
+++ /usr/ports/net/ocserv/files/patch-src_main.c	2015-09-06 19:42:46.623296000 +0200
@@ -1,14 +1,14 @@
---- src/main.c.orig	2015-07-01 18:41:01 UTC
+--- src/main.c.orig	2015-08-31 19:19:45 UTC
 +++ src/main.c
-@@ -131,8 +131,9 @@ int y;
- 		perror("setsockopt(IP_PKTINFO) failed");
+@@ -135,8 +135,9 @@ int y;
  #elif defined(IP_RECVDSTADDR) /* *BSD */
- 	y = 1;
--	if (setsockopt(fd, IPPROTO_IP, IP_RECVDSTADDR,
--		       (const void *)&y, sizeof(y)) < 0)
-+	if (family == AF_INET &&
-+	    setsockopt(fd, IPPROTO_IP, IP_RECVDSTADDR,
-+		(const void *)&y, sizeof(y)) < 0)
- 		perror("setsockopt(IP_RECVDSTADDR) failed");
+ 	if (family == AF_INET) {
+ 		y = 1;
+-		if (setsockopt(fd, IPPROTO_IP, IP_RECVDSTADDR,
+-			       (const void *)&y, sizeof(y)) < 0)
++        if (family == AF_INET &&
++            setsockopt(fd, IPPROTO_IP, IP_RECVDSTADDR,
++                (const void *)&y, sizeof(y)) < 0)
+ 			perror("setsockopt(IP_RECVDSTADDR) failed");
+ 	}
  #endif
- #if defined(IPV6_RECVPKTINFO)
diff -urN /usr/ports/net/ocserv.old/files/patch-src_ocserv-args.def /usr/ports/net/ocserv/files/patch-src_ocserv-args.def
--- /usr/ports/net/ocserv.old/files/patch-src_ocserv-args.def	2015-08-16 23:48:15.000000000 +0200
+++ /usr/ports/net/ocserv/files/patch-src_ocserv-args.def	2015-09-06 19:42:46.626994000 +0200
@@ -1,4 +1,4 @@
---- src/ocserv-args.def.orig	2015-07-15 17:17:22 UTC
+--- src/ocserv-args.def.orig	2015-08-31 19:19:45 UTC
 +++ src/ocserv-args.def
 @@ -68,7 +68,7 @@ doc-section = {
    ds-format = 'texi';
@@ -23,11 +23,11 @@
  #auth = "pam"
  #auth = "pam[gid-min=1000]"
 -#auth = "plain[passwd=/etc/ocserv/ocpasswd]"
-+#auth = "plain[passwd=/usr/local/etc/ocserv/passwd]"
++#auth = "plain[passwd=/usr/local/etc/ocserv/ocpasswd]"
  #auth = "radius[config=/etc/radiusclient/radiusclient.conf,groupconfig=true]"
  
  # Specify alternative authentication methods that are sufficient
-@@ -431,7 +431,7 @@ rekey-method = ssl
+@@ -429,7 +429,7 @@ rekey-method = ssl
  use-occtl = true
  
  # PID file. It can be overriden in the command line.
@@ -36,7 +36,7 @@
  
  # Set the protocol-defined priority (SO_PRIORITY) for packets to
  # be sent. That is a number from 0 to 6 with 0 being the lowest
-@@ -555,13 +555,13 @@ no-route = 192.168.5.0/255.255.255.0
+@@ -553,13 +553,13 @@ no-route = 192.168.5.0/255.255.255.0
  # Also explicit addresses, are only allowed when they are odd. In that
  # case the next even address will be used as the remote address (in PtP).