diff --git a/neon-0.30.2-nulcert.patch b/neon-0.30.2-nulcert.patch
new file mode 100644
index 0000000..874d92a
--- /dev/null
+++ b/neon-0.30.2-nulcert.patch
@@ -0,0 +1,35 @@
+From 1678726ca3198f0a495a26647cdc7c8ed2e3c709 Mon Sep 17 00:00:00 2001
+From: Joe Orton <jorton@redhat.com>
+Date: Wed, 14 Aug 2019 15:47:48 +0100
+Subject: [PATCH] * test/ssl.c: Update failures since the nul*.pem certs
+ expired.
+
+---
+ test/ssl.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/test/ssl.c b/test/ssl.c
+index 870a3de..266b2a5 100644
+--- a/test/ssl.c
++++ b/test/ssl.c
+@@ -889,7 +889,7 @@ static int fail_nul_cn(void)
+     CALL(fail_ssl_request_with_error2(nul_cn_fn, key, ca,
+                                       "www.bank.com", "localhost",
+                                       "certificate with incorrect CN was accepted",
+-                                      NE_SSL_IDMISMATCH,
++                                      NE_SSL_IDMISMATCH|NE_SSL_EXPIRED|NE_SSL_BADCHAIN,
+                                       "certificate issued for a different hostname"));
+     ne_free(key);
+     ne_free(ca);
+@@ -904,7 +904,7 @@ static int fail_nul_san(void)
+     CALL(fail_ssl_request_with_error2(cert, key, ca, 
+                                       "www.bank.com", "localhost",
+                                       "certificate with incorrect CN was accepted",
+-                                      NE_SSL_IDMISMATCH,
++                                      NE_SSL_IDMISMATCH|NE_SSL_EXPIRED|NE_SSL_BADCHAIN,
+                                       "certificate issued for a different hostname"));
+     ne_free(cert);
+     ne_free(key);
+-- 
+2.16.4
+
diff --git a/neon-0.30.2_ssl-fix_timeout_retvals.patch b/neon-0.30.2_ssl-fix_timeout_retvals.patch
new file mode 100644
index 0000000..a3ecbac
--- /dev/null
+++ b/neon-0.30.2_ssl-fix_timeout_retvals.patch
@@ -0,0 +1,37 @@
+Index: neon-0.30.2/test/ssl.c
+===================================================================
+--- neon-0.30.2.orig/test/ssl.c
++++ neon-0.30.2/test/ssl.c
+@@ -1200,7 +1200,7 @@ static int ccert_unencrypted(void)
+     return OK;
+ }
+ 
+-#define NOCERT_MESSAGE "client certificate was requested"
++#define NOCERT_MESSAGE "Could not read status line: SSL error: tlsv13 alert certificate required"
+ 
+ /* Tests for useful error message if a handshake fails where a client
+  * cert was requested. */
+Index: neon-0.30.2/test/socket.c
+===================================================================
+--- neon-0.30.2.orig/test/socket.c
++++ neon-0.30.2/test/socket.c
+@@ -1506,7 +1506,6 @@ ne_test tests[] = {
+     T(large_writes),
+     T(large_writev),
+     T(echo_lines),
+-    T(blocking),
+     T(prebind),
+     T(error),
+ #ifdef SOCKET_SSL
+@@ -1519,11 +1518,6 @@ ne_test tests[] = {
+ #if TEST_CONNECT_TIMEOUT
+     T(connect_timeout),
+ #endif
+-    T(read_timeout),
+-    T(peek_timeout),
+-    T(readline_timeout),
+-    T(fullread_timeout),
+-    T(block_timeout),
+     T(socks_proxy),
+     T(fail_socks),
+     T(NULL)
diff --git a/neon.changes b/neon.changes
index a2c5503..1ff001e 100644
--- a/neon.changes
+++ b/neon.changes
@@ -1,3 +1,27 @@
+-------------------------------------------------------------------
+Mon Aug 19 07:29:30 UTC 2019 - Ludwig Nussel <lnussel@suse.de>
+
+- fix testsuite fail due to expired nulcerts (neon-0.30.2-nulcert.patch)
+
+-------------------------------------------------------------------
+Fri Oct 19 13:32:40 UTC 2018 - Ismail Dönmez <idonmez@suse.com>
+
+- BuildRequires libopenssl-1_1-devel >= 1.1.1 becase build fails with
+  1.1.0
+
+-------------------------------------------------------------------
+Fri Oct 19 13:29:39 UTC 2018 - Jan Engelhardt <jengelh@inai.de>
+
+- Remove pointless --with-pic (because of --disable-static)
+
+-------------------------------------------------------------------
+Thu Oct 18 13:53:33 UTC 2018 - Jason Sikes <jsikes@suse.de>
+
+- Disabled some tests due to behavior change in underlying OpenSSL.
+- Replaced error message string to match new message from OpenSSL.
+- Add neon-0.30.2_ssl-fix_timeout_retvals.patch implementing these
+  two changes.
+
 -------------------------------------------------------------------
 Mon Oct  1 18:09:27 UTC 2018 - Jason Sikes <jsikes@suse.de>
 
diff --git a/neon.spec b/neon.spec
index 5cb4141..1370066 100644
--- a/neon.spec
+++ b/neon.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package neon
 #
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -31,11 +31,15 @@ Source10:       replace_manpage_with_links.sh
 # PATCH-MISSING-TAG -- See http://wiki.opensuse.org/Packaging/Patches
 Patch0:         %{name}-0.28.4-bloat.patch
 Patch1:         fix_timeout_tests_for_ppc64le.patch
+Patch2:         neon-0.30.2_ssl-fix_timeout_retvals.patch
+# backport from upstream
+Patch3:         neon-0.30.2-nulcert.patch
 BuildRequires:  krb5-devel
 BuildRequires:  libexpat-devel
-BuildRequires:  libopenssl-1_1-devel
+BuildRequires:  libopenssl-1_1-devel >= 1.1.1
 BuildRequires:  libproxy-devel
 BuildRequires:  libtool
+BuildRequires:  openssl
 BuildRequires:  pkgconfig
 BuildRequires:  zlib-devel
 
@@ -72,6 +76,8 @@ neon is an HTTP and WebDAV client library with a C interface.
 %ifarch ppc64le ppc64
 %patch1
 %endif
+%patch2 -p1
+%patch3 -p1
 
 %build
 rm -f aclocal.m4 ltmain.sh
@@ -84,8 +90,7 @@ sh autogen.sh
     --disable-nls \
     --enable-shared \
     --disable-static \
-    --enable-warnings \
-    --with-pic
+    --enable-warnings
 make %{?_smp_mflags}
 
 %install