diff --git a/.gitignore b/.gitignore
index fb3efdf..ba27fed 100644
--- a/.gitignore
+++ b/.gitignore
@@ -126,6 +126,7 @@ include/openssl/*.h
 /apps/ocspcheck/*.c
 /apps/ocspcheck/ocspcheck*
 /apps/ocspcheck/compat/memmem.c
+/apps/ocspcheck/compat/inet_ntop.c
 
 /apps/nc/*.h
 /apps/nc/*.c
diff --git a/patches/aeadtest.c.patch b/patches/aeadtest.c.patch
index 09838bc..a7b3fca 100644
--- a/patches/aeadtest.c.patch
+++ b/patches/aeadtest.c.patch
@@ -1,9 +1,9 @@
---- tests/aeadtest.c.orig	2016-10-18 17:03:33.845870889 +0900
-+++ tests/aeadtest.c	2016-10-18 17:11:19.880841283 +0900
+--- tests/aeadtest.c.orig	2018-07-24 21:59:17.000000000 -0500
++++ tests/aeadtest.c	2018-11-07 18:44:43.000000000 -0600
 @@ -76,6 +76,12 @@
- 
+
  #define BUF_MAX 1024
- 
+
 +#ifdef _MSC_VER
 +#ifdef IN
 +#undef IN
diff --git a/patches/bio.h.patch b/patches/bio.h.patch
index 9bfd43a..e726e20 100644
--- a/patches/bio.h.patch
+++ b/patches/bio.h.patch
@@ -1,12 +1,12 @@
---- include/openssl/bio.h.orig	Mon Oct  3 06:09:28 2016
-+++ include/openssl/bio.h	Sun Nov  6 04:24:57 2016
-@@ -713,8 +713,24 @@
+--- include/openssl/bio.h.orig	2018-07-24 21:59:17.000000000 -0500
++++ include/openssl/bio.h	2018-11-07 18:44:43.000000000 -0600
+@@ -713,6 +713,22 @@
 
  /*long BIO_ghbn_ctrl(int cmd,int iarg,char *parg);*/
 
 +#ifdef __MINGW_PRINTF_FORMAT
- int
- BIO_printf(BIO *bio, const char *format, ...)
++int
++BIO_printf(BIO *bio, const char *format, ...)
 +	__attribute__((__format__(__MINGW_PRINTF_FORMAT, 2, 3), __nonnull__(2)));
 +int
 +BIO_vprintf(BIO *bio, const char *format, va_list args)
@@ -20,11 +20,9 @@
 +	__attribute__((__deprecated__, __format__(__MINGW_PRINTF_FORMAT, 3, 0),
 +	    __nonnull__(3)));
 +#else
-+int
-+BIO_printf(BIO *bio, const char *format, ...)
- 	__attribute__((__format__(__printf__, 2, 3), __nonnull__(2)));
  int
- BIO_vprintf(BIO *bio, const char *format, va_list args)
+ BIO_printf(BIO *bio, const char *format, ...)
+ 	__attribute__((__format__(__printf__, 2, 3), __nonnull__(2)));
 @@ -727,6 +743,8 @@
  BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
  	__attribute__((__deprecated__, __format__(__printf__, 3, 0),
diff --git a/patches/netcat.c.patch b/patches/netcat.c.patch
index 2965ea7..07205ec 100644
--- a/patches/netcat.c.patch
+++ b/patches/netcat.c.patch
@@ -1,5 +1,5 @@
---- apps/nc/netcat.c.orig	Mon Jul 17 06:06:51 2017
-+++ apps/nc/netcat.c	Mon Jul 17 06:11:24 2017
+--- apps/nc/netcat.c.orig	2018-11-07 17:01:38.000000000 -0600
++++ apps/nc/netcat.c	2018-11-07 17:37:57.000000000 -0600
 @@ -92,9 +92,13 @@
  int	Dflag;					/* sodebug */
  int	Iflag;					/* TCP receive buffer size */
@@ -11,7 +11,7 @@
 +#ifdef SO_RTABLE
  int	rtableid = -1;
 +#endif
- 
+
  int	usetls;					/* use TLS */
  char    *Cflag;					/* Public cert file */
 @@ -266,12 +270,14 @@
@@ -44,13 +44,13 @@
 @@ -344,9 +352,11 @@
  	argc -= optind;
  	argv += optind;
- 
+
 +#ifdef SO_RTABLE
  	if (rtableid >= 0)
  		if (setrtable(rtableid) == -1)
  			err(1, "setrtable");
 +#endif
- 
+
  	/* Cruft to make sure options are clean, and used properly. */
  	if (argv[0] && !argv[1] && family == AF_UNIX) {
 @@ -909,7 +919,10 @@
@@ -62,13 +62,13 @@
 +#ifdef SO_BINDANY
 +	int on = 1;
 +#endif
- 
+
  	if ((error = getaddrinfo(host, port, &hints, &res0)))
  		errx(1, "getaddrinfo for host \"%s\" port %s: %s", host,
 @@ -924,8 +937,10 @@
  		if (sflag || pflag) {
  			struct addrinfo ahints, *ares;
- 
+
 +#ifdef SO_BINDANY
  			/* try SO_BINDANY, but don't insist */
  			setsockopt(s, SOL_SOCKET, SO_BINDANY, &on, sizeof(on));
@@ -86,24 +86,24 @@
 +	int ret, x = 1;
 +#endif
  	int error;
- 
+
  	/* Allow nodename to be null. */
 @@ -1017,9 +1035,11 @@
  		    res->ai_protocol)) < 0)
  			continue;
- 
+
 +#ifdef SO_REUSEPORT
  		ret = setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &x, sizeof(x));
  		if (ret == -1)
  			err(1, NULL);
 +#endif
- 
+
  		set_common_sockopts(s, res->ai_family);
- 
+
 @@ -1475,11 +1495,13 @@
  {
  	int x = 1;
- 
+
 +#ifdef TCP_MD5SIG
  	if (Sflag) {
  		if (setsockopt(s, IPPROTO_TCP, TCP_MD5SIG,
@@ -117,7 +117,7 @@
 @@ -1490,9 +1512,16 @@
  		    IP_TOS, &Tflag, sizeof(Tflag)) == -1)
  			err(1, "set IP ToS");
- 
+
 +#ifdef IPV6_TCLASS
  		else if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6,
  		    IPV6_TCLASS, &Tflag, sizeof(Tflag)) == -1)
@@ -133,14 +133,14 @@
  		if (setsockopt(s, SOL_SOCKET, SO_RCVBUF,
 @@ -1516,13 +1545,17 @@
  	}
- 
+
  	if (minttl != -1) {
 +#ifdef IP_MINTTL
  		if (af == AF_INET && setsockopt(s, IPPROTO_IP,
  		    IP_MINTTL, &minttl, sizeof(minttl)))
  			err(1, "set IP min TTL");
 +#endif
- 
+
 -		else if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6,
 +#ifdef IPV6_MINHOPCOUNT
 +		if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6,
@@ -149,7 +149,7 @@
 +#endif
  	}
  }
- 
+
 @@ -1748,14 +1781,22 @@
  	\t-P proxyuser\tUsername for proxy authentication\n\
  	\t-p port\t	Specify local port for remote connects\n\
diff --git a/patches/ocsp_test.c.patch b/patches/ocsp_test.c.patch
index 03e02ac..39f1326 100644
--- a/patches/ocsp_test.c.patch
+++ b/patches/ocsp_test.c.patch
@@ -1,9 +1,9 @@
---- tests/ocsp_test.c.orig	2016-10-18 18:12:39.854607509 +0900
-+++ tests/ocsp_test.c	2016-10-18 18:14:29.261600559 +0900
+--- tests/ocsp_test.c.orig	2018-07-24 21:59:17.000000000 -0500
++++ tests/ocsp_test.c	2018-11-07 18:44:43.000000000 -0600
 @@ -35,6 +35,11 @@
  	hints.ai_family = AF_INET;
  	hints.ai_socktype = SOCK_STREAM;
- 
+
 +#ifdef _MSC_VER
 +	if (BIO_sock_init() != 1)
 +		exit(-1);
diff --git a/patches/tlsexttest.c.patch b/patches/tlsexttest.c.patch
index 6a4184d..cdec053 100644
--- a/patches/tlsexttest.c.patch
+++ b/patches/tlsexttest.c.patch
@@ -1,5 +1,5 @@
---- tests/tlsexttest.c.orig	2017-12-30 20:03:09.279079726 +0900
-+++ tests/tlsexttest.c	2017-12-30 20:07:21.849939140 +0900
+--- tests/tlsexttest.c.orig	Wed Nov  7 20:01:26 2018
++++ tests/tlsexttest.c	Wed Nov  7 20:01:35 2018
 @@ -1676,7 +1676,9 @@
  };
  
@@ -10,7 +10,7 @@
  
  static int
  test_tlsext_sni_clienthello(void)
-@@ -1841,9 +1843,9 @@
+@@ -1839,9 +1841,9 @@
  	if (!CBB_finish(&cbb, &data, &dlen))
  		errx(1, "failed to finish CBB");
  
@@ -22,7 +22,7 @@
  		goto err;
  	}
  
-@@ -1852,14 +1854,14 @@
+@@ -1850,14 +1852,14 @@
  		fprintf(stderr, "received:\n");
  		hexdump(data, dlen);
  		fprintf(stderr, "test data:\n");
@@ -39,7 +39,7 @@
  	if (!tlsext_sni_serverhello_parse(ssl, &cbs, &alert)) {
  		FAIL("failed to parse serverhello SNI\n");
  		goto err;
-@@ -2744,7 +2746,10 @@
+@@ -2741,7 +2743,10 @@
  	0x03, 0x01, 0x03, 0x03, 0x02, 0x01, 0x02, 0x03,
  };
  
@@ -51,7 +51,7 @@
  
  static int
  test_tlsext_clienthello_build(void)
-@@ -2811,18 +2816,18 @@
+@@ -2806,18 +2811,18 @@
  	if (!CBB_finish(&cbb, &data, &dlen))
  		errx(1, "failed to finish CBB");
  
@@ -74,7 +74,7 @@
  		goto err;
  	}
  
-@@ -2837,7 +2842,10 @@
+@@ -2832,7 +2837,10 @@
  	return (failure);
  }
  
@@ -86,7 +86,7 @@
  
  unsigned char tlsext_serverhello_enabled[] = {
  	0x00, 0x13, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00,
-@@ -2877,18 +2885,18 @@
+@@ -2872,18 +2880,18 @@
  	if (!CBB_finish(&cbb, &data, &dlen))
  		errx(1, "failed to finish CBB");