diff -Nru ddclient-3.10.0/debian/changelog ddclient-3.10.0/debian/changelog
--- ddclient-3.10.0/debian/changelog	2022-11-29 18:30:24.000000000 +0000
+++ ddclient-3.10.0/debian/changelog	2023-01-16 02:47:24.000000000 +0000
@@ -1,3 +1,10 @@
+ddclient (3.10.0-2) unstable; urgency=medium
+
+  * Fix SSL certificate verification with IPv6 address literals
+    (Closes: #1028849)
+
+ -- Richard Hansen <rhansen@rhansen.org>  Sun, 15 Jan 2023 21:47:24 -0500
+
 ddclient (3.10.0-1) unstable; urgency=medium
 
   [ Debian Janitor ]
diff -Nru ddclient-3.10.0/debian/copyright ddclient-3.10.0/debian/copyright
--- ddclient-3.10.0/debian/copyright	2022-11-29 18:30:24.000000000 +0000
+++ ddclient-3.10.0/debian/copyright	2023-01-16 02:47:24.000000000 +0000
@@ -10,7 +10,7 @@
 
 Files: debian/*
 Copyright:
- 2020-2022  Richard Hansen <rhansen@rhansen.org>
+ 2020-2023  Richard Hansen <rhansen@rhansen.org>
  2005-2016  Torsten Landschoff <torsten@debian.org>
  2014  Tong Sun <suntong@cpan.org>
  2013  Teemu Ikonen <tpikonen@gmail.com>
diff -Nru ddclient-3.10.0/debian/patches/series ddclient-3.10.0/debian/patches/series
--- ddclient-3.10.0/debian/patches/series	2022-11-29 18:30:24.000000000 +0000
+++ ddclient-3.10.0/debian/patches/series	2023-01-16 02:47:24.000000000 +0000
@@ -2,3 +2,4 @@
 maxinterval.diff
 fix-version.diff
 fix-default-interface-tests.diff
+ssl-hostname-verification.patch
diff -Nru ddclient-3.10.0/debian/patches/ssl-hostname-verification.patch ddclient-3.10.0/debian/patches/ssl-hostname-verification.patch
--- ddclient-3.10.0/debian/patches/ssl-hostname-verification.patch	1970-01-01 00:00:00.000000000 +0000
+++ ddclient-3.10.0/debian/patches/ssl-hostname-verification.patch	2023-01-16 02:47:24.000000000 +0000
@@ -0,0 +1,156 @@
+From: Richard Hansen <rhansen@rhansen.org>
+Date: Sun, 15 Jan 2023 20:15:07 -0500
+Subject: Set `SSL_verifycn_scheme` and `SSL_verifycn_name` on SSL connection
+
+IO::Socket::SSL recently changed hostname verification of literal IP
+addresses; see <https://github.com/noxxi/p5-io-socket-ssl/issues/121>.
+Literal IP addresses are unlikely to be used by users, but they are
+used in unit tests, so the tests started failing.  To fix the tests,
+and to fix any rare non-test usages, unconditionally set
+`SSL_verify_name` to the peer hostname or IP address literal.
+
+While we're here, set `SSL_verifycn_scheme` to `"http"` as encouraged
+by the IO::Socket::SSL documentation.
+
+Bug: https://github.com/noxxi/p5-io-socket-ssl/issues/123
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1028849
+Forwarded: no
+---
+ ddclient.in     |  2 ++
+ t/geturl_ssl.pl | 26 ++++++++++++++++++++++++++
+ 2 files changed, 28 insertions(+)
+
+diff --git a/ddclient.in b/ddclient.in
+index 28e2330..13a1a05 100755
+--- a/ddclient.in
++++ b/ddclient.in
+@@ -2497,6 +2497,8 @@ sub fetch_via_socket_io {
+         $socket_args{SSL_verify_mode} = ($params{ssl_validate} // 1)
+                                         ? IO::Socket::SSL->SSL_VERIFY_PEER
+                                         : IO::Socket::SSL->SSL_VERIFY_NONE;
++        $socket_args{SSL_verifycn_scheme} = 'http';
++        $socket_args{SSL_verifycn_name} = $peer;
+     } elsif ($globals{'ipv6'} || $ipversion eq '6') {
+         load_ipv6_support;
+         $socket_class = 'IO::Socket::INET6';
+diff --git a/t/geturl_ssl.pl b/t/geturl_ssl.pl
+index c070def..d034c4b 100644
+--- a/t/geturl_ssl.pl
++++ b/t/geturl_ssl.pl
+@@ -59,6 +59,8 @@ my @test_cases = (
+             PeerAddr => 'hostname',
+             PeerPort => '443',
+             SSL_verify_mode => IO::Socket::SSL->SSL_VERIFY_PEER,
++            SSL_verifycn_scheme => 'http',
++            SSL_verifycn_name => 'hostname',
+         },
+         want_req_uri => '/',
+     },
+@@ -72,6 +74,8 @@ my @test_cases = (
+             PeerAddr => 'hostname',
+             PeerPort => '443',
+             SSL_verify_mode => IO::Socket::SSL->SSL_VERIFY_PEER,
++            SSL_verifycn_scheme => 'http',
++            SSL_verifycn_name => 'hostname',
+         },
+         want_req_uri => '/',
+     },
+@@ -84,6 +88,8 @@ my @test_cases = (
+             PeerAddr => 'hostname',
+             PeerPort => '123',
+             SSL_verify_mode => IO::Socket::SSL->SSL_VERIFY_PEER,
++            SSL_verifycn_scheme => 'http',
++            SSL_verifycn_name => 'hostname',
+         },
+         want_req_uri => '/',
+     },
+@@ -97,6 +103,8 @@ my @test_cases = (
+             PeerAddr => 'hostname',
+             PeerPort => '123',
+             SSL_verify_mode => IO::Socket::SSL->SSL_VERIFY_PEER,
++            SSL_verifycn_scheme => 'http',
++            SSL_verifycn_name => 'hostname',
+         },
+         want_req_uri => '/',
+     },
+@@ -110,6 +118,8 @@ my @test_cases = (
+             PeerAddr => 'proxy',
+             PeerPort => '443',
+             SSL_verify_mode => IO::Socket::SSL->SSL_VERIFY_PEER,
++            SSL_verifycn_scheme => 'http',
++            SSL_verifycn_name => 'proxy',
+         },
+         want_req_uri => 'http://hostname/',
+         todo => "broken",
+@@ -124,6 +134,8 @@ my @test_cases = (
+             PeerAddr => 'proxy',
+             PeerPort => '80',
+             SSL_startHandshake => 0,
++            SSL_verifycn_scheme => 'http',
++            SSL_verifycn_name => 'proxy',
+         },
+         want_req_method => 'CONNECT',
+         want_req_uri => 'hostname:443',
+@@ -139,6 +151,8 @@ my @test_cases = (
+             PeerAddr => 'proxy',
+             PeerPort => '443',
+             SSL_verify_mode => IO::Socket::SSL->SSL_VERIFY_PEER,
++            SSL_verifycn_scheme => 'http',
++            SSL_verifycn_name => 'proxy',
+         },
+         want_req_method => 'CONNECT',
+         want_req_uri => 'hostname:443',
+@@ -155,6 +169,8 @@ my @test_cases = (
+             PeerAddr => 'proxy',
+             PeerPort => '443',
+             SSL_verify_mode => IO::Socket::SSL->SSL_VERIFY_PEER,
++            SSL_verifycn_scheme => 'http',
++            SSL_verifycn_name => 'proxy',
+         },
+         want_req_method => 'CONNECT',
+         want_req_uri => 'hostname:443',
+@@ -169,6 +185,8 @@ my @test_cases = (
+         want_args => {
+             PeerAddr => 'proxy',
+             PeerPort => '123',
++            SSL_verifycn_scheme => 'http',
++            SSL_verifycn_name => 'proxy',
+         },
+         want_req_uri => 'http://hostname:456/',
+         todo => "broken",
+@@ -183,6 +201,8 @@ my @test_cases = (
+             PeerAddr => 'proxy',
+             PeerPort => '123',
+             SSL_startHandshake => 0,
++            SSL_verifycn_scheme => 'http',
++            SSL_verifycn_name => 'proxy',
+         },
+         want_req_method => 'CONNECT',
+         want_req_uri => 'hostname:456',
+@@ -199,6 +219,8 @@ my @test_cases = (
+             PeerPort => '443',
+             SSL_ca_path => '/ca/dir',
+             SSL_verify_mode => IO::Socket::SSL->SSL_VERIFY_PEER,
++            SSL_verifycn_scheme => 'http',
++            SSL_verifycn_name => 'hostname',
+         },
+         want_req_uri => '/',
+     },
+@@ -213,6 +235,8 @@ my @test_cases = (
+             PeerPort => '443',
+             SSL_ca_file => '/ca/file',
+             SSL_verify_mode => IO::Socket::SSL->SSL_VERIFY_PEER,
++            SSL_verifycn_scheme => 'http',
++            SSL_verifycn_name => 'hostname',
+         },
+         want_req_uri => '/',
+     },
+@@ -229,6 +253,8 @@ my @test_cases = (
+             SSL_ca_file => '/ca/file',
+             SSL_ca_path => '/ca/dir',
+             SSL_verify_mode => IO::Socket::SSL->SSL_VERIFY_PEER,
++            SSL_verifycn_scheme => 'http',
++            SSL_verifycn_name => 'hostname',
+         },
+         want_req_uri => '/',
+     },