diff --git a/Net-SSLeay-1.90-openssl3.0.0-39_pkcs12.patch b/Net-SSLeay-1.90-openssl3.0.0-39_pkcs12.patch
index 67cc775..ec41b7e 100644
--- a/Net-SSLeay-1.90-openssl3.0.0-39_pkcs12.patch
+++ b/Net-SSLeay-1.90-openssl3.0.0-39_pkcs12.patch
@@ -1,38 +1,60 @@
-diff -ru Net-SSLeay-1.90.orig/t/local/39_pkcs12.t Net-SSLeay-1.90/t/local/39_pkcs12.t
---- Net-SSLeay-1.90.orig/t/local/39_pkcs12.t	2020-11-18 10:12:44.000000000 +0100
-+++ Net-SSLeay-1.90/t/local/39_pkcs12.t	2021-06-04 10:34:00.190276286 +0200
-@@ -3,7 +3,7 @@
+commit 327550f61f5e1e932ea911e59ccc496ebb307030
+Author: Chris Novakovic <chris@chrisn.me.uk>
+Date:   Tue Jun 8 21:49:40 2021 +0100
+
+    39_pkcs12.t: validate CA certificate CNs with all libssl versions
+    
+    When verifying common names in the PKCS#12 certificate chain, account
+    for the fact that PKCS12_parse() returns the CA certificate chain in a
+    different order in different versions of libssl.
+    
+    Since the CA certificate chain tests now cover all versions of OpenSSL
+    and LibreSSL, don't skip the order check for versions of OpenSSL before
+    1.0.0, and remove the generic tests that ensure X509_NAME_oneline()
+    returns a valid-looking common name for each of the CA certificates
+    (since they're now redundant).
+
+diff --git a/t/local/39_pkcs12.t b/t/local/39_pkcs12.t
+index 5c7fb8b..5083331 100644
+--- a/t/local/39_pkcs12.t
++++ b/t/local/39_pkcs12.t
+@@ -3,7 +3,7 @@ use lib 'inc';
  use Net::SSLeay;
  use Test::Net::SSLeay qw( data_file_path initialise_libssl );
  
 -plan tests => 19;
-+plan tests => 18;
++plan tests => 17;
  
  initialise_libssl();
  
-@@ -38,11 +38,20 @@
+@@ -36,12 +36,24 @@ my $filename3 = data_file_path('simple-cert.p12');
+   my $ca1_subj_name = Net::SSLeay::X509_get_subject_name($cachain[0]);
+   my $ca2_subj_name = Net::SSLeay::X509_get_subject_name($cachain[1]);
    is(Net::SSLeay::X509_NAME_oneline($subj_name), '/C=PL/O=Net-SSLeay/OU=Test Suite/CN=simple-cert.net-ssleay.example', "X509_NAME_oneline [2/1]");
-   like(Net::SSLeay::X509_NAME_oneline($ca1_subj_name), qr/C=.*CN=.*/, "X509_NAME_oneline [2/2]");
-   like(Net::SSLeay::X509_NAME_oneline($ca2_subj_name), qr/C=.*CN=.*/, "X509_NAME_oneline [2/3]");
+-  like(Net::SSLeay::X509_NAME_oneline($ca1_subj_name), qr/C=.*CN=.*/, "X509_NAME_oneline [2/2]");
+-  like(Net::SSLeay::X509_NAME_oneline($ca2_subj_name), qr/C=.*CN=.*/, "X509_NAME_oneline [2/3]");
 -  SKIP: {
 -    skip("cert order in CA chain is different in openssl pre-1.0.0", 2) unless Net::SSLeay::SSLeay >= 0x01000000;
 -    is(Net::SSLeay::X509_NAME_oneline($ca1_subj_name), '/C=PL/O=Net-SSLeay/OU=Test Suite/CN=Root CA', "X509_NAME_oneline [2/4]");
 -    is(Net::SSLeay::X509_NAME_oneline($ca2_subj_name), '/C=PL/O=Net-SSLeay/OU=Test Suite/CN=Intermediate CA', "X509_NAME_oneline [2/5]");
--  }
-+
-+  # Different order in CA chain in some versions (e.g. openssl pre-1.0.0, openssl 3.0.0 alpha17)
-+  my @x509_ascii_names = sort { $a cmp $b } (
-+    Net::SSLeay::X509_NAME_oneline($ca1_subj_name),
-+    Net::SSLeay::X509_NAME_oneline($ca2_subj_name),
-+  );
-+  is_deeply(
-+    \@x509_ascii_names,
-+    [
-+      '/C=PL/O=Net-SSLeay/OU=Test Suite/CN=Intermediate CA',
-+      '/C=PL/O=Net-SSLeay/OU=Test Suite/CN=Root CA',
-+    ],
-+    'X509_NAME_oneline [2/4]',
-+  );
++  # OpenSSL versions 1.0.0-beta2 to 3.0.0-alpha6 inclusive and all versions of
++  # LibreSSL return the CA certificate chain with the root CA certificate at the
++  # end; all other versions return the certificate chain with the root CA
++  # certificate at the start
++  if (
++         Net::SSLeay::SSLeay < 0x10000002
++      || (
++                Net::SSLeay::SSLeay == 0x30000000
++             && Net::SSLeay::SSLeay_version( Net::SSLeay::SSLEAY_VERSION() ) !~ /-alpha[1-6] /
++         )
++      || Net::SSLeay::SSLeay > 0x30000000
++  ) {
++      is(Net::SSLeay::X509_NAME_oneline($ca1_subj_name), '/C=PL/O=Net-SSLeay/OU=Test Suite/CN=Intermediate CA', "X509_NAME_oneline [2/3]");
++      is(Net::SSLeay::X509_NAME_oneline($ca2_subj_name), '/C=PL/O=Net-SSLeay/OU=Test Suite/CN=Root CA', "X509_NAME_oneline [2/4]");
++  }
++  else {
++      is(Net::SSLeay::X509_NAME_oneline($ca1_subj_name), '/C=PL/O=Net-SSLeay/OU=Test Suite/CN=Root CA', "X509_NAME_oneline [2/3]");
++      is(Net::SSLeay::X509_NAME_oneline($ca2_subj_name), '/C=PL/O=Net-SSLeay/OU=Test Suite/CN=Intermediate CA', "X509_NAME_oneline [2/4]");
+   }
  }
  
- {
diff --git a/perl-Net-SSLeay.spec b/perl-Net-SSLeay.spec
index d679b0e..136564f 100644
--- a/perl-Net-SSLeay.spec
+++ b/perl-Net-SSLeay.spec
@@ -6,7 +6,7 @@
 
 Name:		perl-Net-SSLeay
 Version:	1.90
-Release:	5%{?dist}
+Release:	6%{?dist}
 Summary:	Perl extension for using OpenSSL
 License:	Artistic 2.0
 URL:		https://metacpan.org/release/Net-SSLeay
@@ -137,6 +137,9 @@ make test
 %{_mandir}/man3/Net::SSLeay::Handle.3*
 
 %changelog
+* Fri Jul 23 2021 Michal Josef Špaček <mspacek@redhat.com> - 1.90-6
+- Update Net-SSLeay-1.90-openssl3.0.0-39_pkcs12.patch patch to upstream version
+
 * Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.90-5
 - Rebuilt for RHEL 9 BETA for openssl 3.0
   Related: rhbz#1971065