diff --git a/misc/open62541/Makefile b/misc/open62541/Makefile
index 663b8c5f3a4..6b1e70bdaee 100644
--- a/misc/open62541/Makefile
+++ b/misc/open62541/Makefile
@@ -1,6 +1,7 @@
 COMMENT =	library implementation of OPC UA
 
 VERSION =	1.3.8
+REVISION =	0
 DISTNAME =	open62541-${VERSION}
 PKGNAME =	open62541-${VERSION}
 
diff --git a/misc/open62541/patches/patch-plugins_crypto_openssl_ua_pki_openssl_c b/misc/open62541/patches/patch-plugins_crypto_openssl_ua_pki_openssl_c
index 475259de335..960fb339ecc 100644
--- a/misc/open62541/patches/patch-plugins_crypto_openssl_ua_pki_openssl_c
+++ b/misc/open62541/patches/patch-plugins_crypto_openssl_ua_pki_openssl_c
@@ -2,14 +2,10 @@ Replace X509_STORE_CTX_get_check_issued with X509_check_issued.
 https://github.com/libressl-portable/portable/issues/748
 https://github.com/open62541/open62541/commit/35939a5b688d9647dbc96db88df5df27ebcced7a
 
-Workaround libressl validation issues with self signed certificates
-by using the legacy verifier.
-https://marc.info/?l=libressl&m=169307453205178&w=2
-
 Index: plugins/crypto/openssl/ua_pki_openssl.c
 --- plugins/crypto/openssl/ua_pki_openssl.c.orig
 +++ plugins/crypto/openssl/ua_pki_openssl.c
-@@ -485,10 +485,15 @@ UA_CertificateVerification_Verify (void *             
+@@ -485,7 +485,7 @@ UA_CertificateVerification_Verify (void *             
      /* Set flag to check if the certificate has an invalid signature */
      X509_STORE_CTX_set_flags (storeCtx, X509_V_FLAG_CHECK_SS_SIGNATURE);
  
@@ -18,15 +14,7 @@ Index: plugins/crypto/openssl/ua_pki_openssl.c
          X509_STORE_CTX_set_flags (storeCtx, X509_V_FLAG_CRL_CHECK);
      }
  
-+    /* use the libressl legacy verifier if available */
-+#ifdef X509_V_FLAG_LEGACY_VERIFY
-+    X509_STORE_CTX_set_flags(storeCtx, X509_V_FLAG_LEGACY_VERIFY);
-+#endif
-+
-     /* This condition will check whether the certificate is a User certificate or a CA certificate.
-      * If the KU_KEY_CERT_SIGN and KU_CRL_SIGN of key_usage are set, then the certificate shall be
-      * condidered as CA Certificate and cannot be used to establish a connection. Refer the test case
-@@ -505,7 +510,7 @@ UA_CertificateVerification_Verify (void *             
+@@ -505,7 +505,7 @@ UA_CertificateVerification_Verify (void *             
          /* Check if the not trusted certificate has a CRL file. If there is no CRL file available for the corresponding
           * parent certificate then return status code UA_STATUSCODE_BADCERTIFICATEISSUERREVOCATIONUNKNOWN. Refer the test
           * case CTT/Security/Security Certificate Validation/002.js */
@@ -35,13 +23,3 @@ Index: plugins/crypto/openssl/ua_pki_openssl.c
              /* Free X509_STORE_CTX and reuse it for certification verification */
              if (storeCtx != NULL) {
                 X509_STORE_CTX_free(storeCtx);
-@@ -527,6 +532,9 @@ UA_CertificateVerification_Verify (void *             
-             /* Set flags for CRL check */
-             X509_STORE_CTX_set_flags (storeCtx, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
- 
-+#ifdef X509_V_FLAG_LEGACY_VERIFY
-+            X509_STORE_CTX_set_flags(storeCtx, X509_V_FLAG_LEGACY_VERIFY);
-+#endif
-             opensslRet = X509_verify_cert (storeCtx);
-             if (opensslRet != 1) {
-                 opensslRet = X509_STORE_CTX_get_error (storeCtx);