diff --git a/security/stunnel/Makefile b/security/stunnel/Makefile
index dcf88a4b70db..93a3c34c8ac5 100644
--- a/security/stunnel/Makefile
+++ b/security/stunnel/Makefile
@@ -1,117 +1,106 @@
 PORTNAME=	stunnel
 DISTVERSION=	5.76
 PORTEPOCH=	1
 CATEGORIES=	security
 MASTER_SITES=	https://www.stunnel.org/downloads/archive/5.x/ \
 		https://ftp.nluug.nl/pub/networking/stunnel/archive/5.x/ \
 		http://www.usenix.org.uk/mirrors/stunnel/archive/5.x/
 
 MAINTAINER=	zi@FreeBSD.org
 COMMENT=	SSL encryption wrapper for standard network daemons
 WWW=		https://www.stunnel.org/
 
 LICENSE=	GPLv2+
+LICENSE_FILE=	${WRKSRC}/COPYING.md
 
 BROKEN_SSL=	libressl libressl-devel
 BROKEN_SSL_REASON=	missing upstream support
 
 USES=		cpe libtool perl5 shebangfix ssl
+SHEBANG_FILES=	src/stunnel3.in
 USE_PERL5=	build
 USE_LDCONFIG=	yes
+
 USE_RC_SUBR=	stunnel
 
 GNU_CONFIGURE=	yes
-GNU_CONFIGURE_MANPREFIX=${PREFIX}/share
-CONFIGURE_ARGS=	--localstatedir=/var/tmp --enable-static --disable-systemd \
-		--with-ssl="${OPENSSLBASE}"
-SHEBANG_FILES=	src/stunnel3.in
+
+STUNNEL_USER?=	stunnel
+STUNNEL_GROUP?=	stunnel
+STUNNEL_PIDFILE=/var/run/stunnel/stunnel.pid
+
+USERS=		${STUNNEL_USER}
+GROUPS=		${STUNNEL_GROUP}
+
 SUB_FILES=	daemon.conf
 SUB_LIST=	STUNNEL_PIDFILE=${STUNNEL_PIDFILE} \
 		STUNNEL_USER=${STUNNEL_USER} \
 		STUNNEL_GROUP=${STUNNEL_GROUP}
 
-OPTIONS_DEFINE=			DOCS EXAMPLES FIPS IPV6 LIBWRAP
-OPTIONS_SINGLE=			THREAD
-OPTIONS_SINGLE_THREAD=		FORK PTHREAD UCONTEXT
-OPTIONS_DEFAULT=		PTHREAD
+CONFIGURE_ARGS=	--localstatedir=/var/tmp \
+		--enable-static \
+		--disable-systemd \
+		--with-ssl="${OPENSSLBASE}"
 
-FIPS_CONFIGURE_ENABLE=		fips
-IPV6_CONFIGURE_ENABLE=		ipv6
-LIBWRAP_CONFIGURE_ENABLE=	libwrap
+OPTIONS_DEFINE=		DOCS EXAMPLES FIPS IPV6 LIBWRAP
+OPTIONS_SINGLE=		THREAD
+OPTIONS_SINGLE_THREAD=	FORK PTHREAD UCONTEXT
+OPTIONS_DEFAULT=	PTHREAD
 
-FIPS_DESC=			Enable OpenSSL FIPS mode
-FORK_DESC=			Use the fork(3) threading model
-PTHREAD_DESC=			Use the pthread(3) threading model
-UCONTEXT_DESC=			Use the ucontext(3) threading model
+FIPS_DESC=		Enable OpenSSL FIPS mode
+FORK_DESC=		Use the fork(3) threading model
+PTHREAD_DESC=		Use the pthread(3) threading model
+UCONTEXT_DESC=		Use the ucontext(3) threading model
 
-STUNNEL_PIDFILE=/var/run/stunnel/stunnel.pid
-STUNNEL_USER?=	stunnel
-STUNNEL_GROUP?=	stunnel
+FIPS_CONFIGURE_ENABLE=	fips
 
-USERS=		${STUNNEL_USER}
-GROUPS=		${STUNNEL_GROUP}
-
-.include <bsd.port.options.mk>
+FORK_CONFIGURE_ON=	--with-threads=fork
 
-.if ${PORT_OPTIONS:MLIBWRAP}
-LDFLAGS+=		-lwrap
-.endif
+IPV6_CONFIGURE_ENABLE=	ipv6
 
-.if ${PORT_OPTIONS:MUCONTEXT}
-CONFIGURE_ARGS+=--with-threads=ucontext
-LDFLAGS+=	-lpthread
-.elif ${PORT_OPTIONS:MFORK}
-CONFIGURE_ARGS+=--with-threads=fork
-.else
-CONFIGURE_ARGS+=--with-threads=pthread
-LDFLAGS+=	-lpthread
-.endif
+PTHREAD_CONFIGURE_ON=	--with-threads=pthread
 
-.include <bsd.port.pre.mk>
-
-.if ${PORT_OPTIONS:MFIPS} && ${SSL_DEFAULT:Mlibressl*}
-IGNORE=		LibreSSL does not support FIPS standard
-.endif
+LIBWRAP_CONFIGURE_ENABLE=	libwrap
 
-.if ${SSL_DEFAULT:Mlibressl*}
-NO_PACKAGE=	The stunnel license restricts distribution when linked to non-OpenSSL non-base SSL-libraries
-.endif
+UCONTEXT_CONFIGURE_ON=	--with-threads=ucontext
 
 post-patch:
-# place files under /var/tmp so that this can be run by an unprivileged
-# user stunnel and group stunnel
-	@${REINPLACE_CMD} -E -e 's|\@prefix\@/var/lib/stunnel/|/var/tmp/stunnel|; \
-		s|nobody|stunnel|;s|nogroup|stunnel|;s|;include |include |' \
-		${WRKSRC}/tools/stunnel.conf-sample.in
-	@${REINPLACE_CMD} -E -e 's|\$$\(prefix\)/var/run/stunnel/stunnel.pid|$$(localstatedir)/stunnel.pid|' \
-		${WRKSRC}/src/Makefile.in
-	@${FIND} ${WRKSRC} -type f -name Makefile.in | ${XARGS} ${REINPLACE_CMD} -E -e 's,@(ACLOCAL|AUTO(MAKE|CONF|HEADER))@,/usr/bin/true,'
-	@${REINPLACE_CMD} -E -e 's|install-confDATA install-data-local|install-confDATA|g' \
-		${WRKSRC}/tools/Makefile.in
-.if empty(PORT_OPTIONS:MDOCS)
-	@${REINPLACE_CMD} -E -e 's/ install-docDATA/ /' ${WRKSRC}/Makefile.in
-	@${REINPLACE_CMD} -E -e '/install-data-am/s,install-docDATA,,' ${WRKSRC}/doc/Makefile.in
-.endif
-.if empty(PORT_OPTIONS:MEXAMPLES)
-	@${REINPLACE_CMD} -E -e 's/([^n])install-examplesDATA/\1/' \
-		${WRKSRC}/tools/Makefile.in
-.else
-	@${REINPLACE_CMD} -E -e 's|\$$\(docdir\)/examples|${EXAMPLESDIR}|g' ${WRKSRC}/tools/Makefile.in
-.endif
-
-post-build:
-	@${STRIP_CMD} ${WRKSRC}/src/.libs/libstunnel.so
+	@${REINPLACE_CMD} -e '\
+	    s|nobody|${STUNNEL_USER}|g; \
+	    s|;include |include |g' \
+	    ${PATCH_WRKSRC}/tools/stunnel.conf-sample.in
+	@${REINPLACE_CMD} -e 's|@DEFAULT_GROUP@|${STUNNEL_GROUP}|g' \
+	    ${PATCH_WRKSRC}/Makefile.in
+	@${REINPLACE_CMD} -e '\
+	    s|@DEFAULT_GROUP@|${STUNNEL_GROUP}|g; \
+	    s|install-confDATA install-data-local|install-confDATA|g; \
+	    s|stunnel.logrotate||g; \
+	    s|stunnel.rh.init||g' \
+	    ${PATCH_WRKSRC}/tools/Makefile.in
+
+post-patch-DOCS-off:
+	@${REINPLACE_CMD} -e 's|install-data-am: install-docDATA|install-data-am:|g' \
+	    ${PATCH_WRKSRC}/Makefile.in
+
+post-patch-EXAMPLES-off:
+	@${REINPLACE_CMD} -e 's|install-dist_bashcompDATA install-examplesDATA|install-dist_bashcompDATA|g' \
+	    ${PATCH_WRKSRC}/tools/Makefile.in
+
+post-patch-EXAMPLES-on:
+	@${REINPLACE_CMD} -e 's|$$(docdir)/examples|${EXAMPLESDIR}|g' \
+	    ${PATCH_WRKSRC}/tools/Makefile.in
 
 post-install:
+	${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/stunnel/libstunnel.so
 	${MKDIR} ${STAGEDIR}${ETCDIR}/conf.d/
 	${INSTALL_DATA} ${WRKDIR}/daemon.conf ${STAGEDIR}${ETCDIR}/conf.d/00-daemon.conf
 
 cert:
 	@${ECHO} ""
 	@${ECHO} "**************************************************************************"
 	@${ECHO} "The new certificate will be saved into ${ETCDIR}/stunnel.pem"
 	@${ECHO} "**************************************************************************"
 	@${ECHO} ""
 	@(cd ${WRKSRC}/tools/; make cert)
 
-.include <bsd.port.post.mk>
+.include <bsd.port.mk>
diff --git a/security/stunnel/pkg-plist b/security/stunnel/pkg-plist
index fe3c917d76e2..ba82bb748ceb 100644
--- a/security/stunnel/pkg-plist
+++ b/security/stunnel/pkg-plist
@@ -1,39 +1,36 @@
 bin/stunnel
 bin/stunnel3
 %%ETCDIR%%/stunnel.conf-sample
 %%ETCDIR%%/conf.d/00-daemon.conf
 lib/stunnel/libstunnel.a
 lib/stunnel/libstunnel.so
 share/man/man8/stunnel.8.gz
 share/man/man8/stunnel.pl.8.gz
 %%PORTDOCS%%%%DOCSDIR%%/stunnel.html
 %%PORTDOCS%%%%DOCSDIR%%/stunnel.pl.html
 %%PORTEXAMPLES%%%%EXAMPLESDIR%%/ca.html
 %%PORTEXAMPLES%%%%EXAMPLESDIR%%/ca.pl
 %%PORTEXAMPLES%%%%EXAMPLESDIR%%/importCA.html
 %%PORTEXAMPLES%%%%EXAMPLESDIR%%/importCA.sh
 %%PORTEXAMPLES%%%%EXAMPLESDIR%%/script.sh
 %%PORTEXAMPLES%%%%EXAMPLESDIR%%/stunnel.init
 %%PORTEXAMPLES%%%%EXAMPLESDIR%%/stunnel.service
 %%PORTEXAMPLES%%%%EXAMPLESDIR%%/stunnel.spec
-@comment %%PORTEXAMPLES%%%%EXAMPLESDIR%%/stunnel.logrotate
-@comment %%PORTEXAMPLES%%%%EXAMPLESDIR%%/stunnel.rh.init
 %%PORTEXAMPLES%%@dir %%EXAMPLESDIR%%
 %%PORTDOCS%%%%DOCSDIR%%/AUTHORS.md
 %%PORTDOCS%%%%DOCSDIR%%/BUGS.md
 %%PORTDOCS%%%%DOCSDIR%%/COPYING.md
 %%PORTDOCS%%%%DOCSDIR%%/COPYRIGHT.md
 %%PORTDOCS%%%%DOCSDIR%%/CREDITS.md
 %%PORTDOCS%%%%DOCSDIR%%/INSTALL.FIPS.md
 %%PORTDOCS%%%%DOCSDIR%%/INSTALL.W32.md
 %%PORTDOCS%%%%DOCSDIR%%/INSTALL.WCE.md
 %%PORTDOCS%%%%DOCSDIR%%/NEWS.md
 %%PORTDOCS%%%%DOCSDIR%%/PORTS.md
 %%PORTDOCS%%%%DOCSDIR%%/README.md
 %%PORTDOCS%%%%DOCSDIR%%/TODO.md
 %%PORTDOCS%%@dir %%DOCSDIR%%
-@comment share/bash-completion/completions/stunnel.bash
 @dir lib/stunnel
 @dir etc/stunnel
 @dir etc/stunnel/conf.d
 @preunexec if [ -d %D/etc/stunnel ]; then echo "If you are permanently removing this port, you should run ``rm -rf %D/etc/stunnel`` to remove any configuration files left."; fi