diff -u -r stunnel-3.14/Makefile.in stunnel-3.14k/Makefile.in
--- stunnel-3.14/Makefile.in	Wed Jan 24 15:54:19 2001
+++ stunnel-3.14k/Makefile.in	Thu Jul 12 19:19:30 2001
@@ -29,7 +29,7 @@
 
 # standard external rules
 
-all: stunnel stunnel.8 stunnel.html stunnel.so stunnel.pem
+all: stunnel stunnel.8 stunnel.html stunnel.so
 
 install: all installdirs $(DESTFILES)
 
diff -u -r stunnel-3.14/common.h stunnel-3.14k/common.h
--- stunnel-3.14/common.h	Wed Feb 21 10:08:31 2001
+++ stunnel-3.14k/common.h	Thu Jul 12 19:05:19 2001
@@ -214,7 +214,7 @@
 
 void context_init();
 void context_free();
-void client(int);
+void client(int, int);
 
 /* Prototypes for protocol.c */
 
@@ -234,7 +234,7 @@
 void sthreads_init(void);
 unsigned long process_id(void);
 unsigned long thread_id(void);
-int create_client(int, int, void (*)(int));
+int create_client(int, int, void (*)(int, int));
 
 /* Prototypes for pty.c */
 /* Based on Public Domain code by Tatu Ylonen <ylo@cs.hut.fi> */
diff -u -r stunnel-3.14/ssl.c stunnel-3.14k/ssl.c
--- stunnel-3.14/ssl.c	Mon Feb  5 06:08:15 2001
+++ stunnel-3.14k/ssl.c	Thu Jul 12 18:53:24 2001
@@ -121,11 +121,11 @@
     /* SSL functions */
 void context_init();
 void context_free();
-void client(int);
+void client(int, int);
 int  prng_seeded(int);
 int  add_rand_file(char *);
 void initialize_prng();
-static int transfer(SSL *, int);
+static int transfer(SSL *, int, int);
 #ifndef NO_RSA
 static RSA *tmp_rsa_cb(SSL *, int, int);
 #endif /* NO_RSA */
@@ -433,7 +433,7 @@
     SSL_CTX_free(ctx);
 }
 
-void client(int local)
+void client(int local_rd, int local_wr)
 {
     struct sockaddr_in addr;
     int addrlen;
@@ -450,7 +450,7 @@
     l.l_onoff=1;
     l.l_linger=0;
     addrlen=sizeof(addr);
-    if(getpeername(local, (struct sockaddr *)&addr, &addrlen)<0) {
+    if(getpeername(local_rd, (struct sockaddr *)&addr, &addrlen)<0) {
         if(options.option&OPT_TRANSPARENT || errno!=ENOTSOCK) {
             sockerror("getpeerbyname");
             goto cleanup_local;
@@ -460,14 +460,14 @@
         /* It's a socket - lets setup options */
 #ifdef SO_OOBINLINE
         on= 1;
-        if(setsockopt(local, SOL_SOCKET, SO_OOBINLINE, (void *)&on, sizeof(on))<0) {
+        if(setsockopt(local_rd, SOL_SOCKET, SO_OOBINLINE, (void *)&on, sizeof(on))<0) {
             sockerror("setsockopt (SO_OOBINLINE)");
             goto cleanup_local;
         }
 #endif
 
 #ifdef USE_LIBWRAP
-        request_init(&request, RQ_DAEMON, options.servname, RQ_FILE, local, 0);
+        request_init(&request, RQ_DAEMON, options.servname, RQ_FILE, local_rd, 0);
         fromhost(&request);
         if (!hosts_access(&request)) {
             log(LOG_WARNING, "Connection from %s:%d REFUSED by libwrap",
@@ -507,7 +507,7 @@
 
     /* negotiate protocol */
     if(negotiate(options.protocol, options.option&OPT_CLIENT,
-            local, remote) <0) {
+            local_rd, remote) <0) {
         log(LOG_ERR, "Protocol negotiations failed");
         goto cleanup_remote;
     }
@@ -532,17 +532,17 @@
             goto cleanup_ssl;
         }
         print_cipher(ssl);
-        if(transfer(ssl, local)<0)
+        if(transfer(ssl, local_rd, local_wr)<0)
             goto cleanup_ssl;
     } else {
-        SSL_set_fd(ssl, local);
+        SSL_set_fd(ssl, local_rd);
         SSL_set_accept_state(ssl);
         if(SSL_accept(ssl)<=0) {
             sslerror("SSL_accept");
             goto cleanup_ssl;
         }
         print_cipher(ssl);
-        if(transfer(ssl, remote)<0)
+        if(transfer(ssl, remote, remote)<0)
             goto cleanup_ssl;
     }
     /* No error - normal shutdown */
@@ -550,7 +550,7 @@
     SSL_free(ssl);
     ERR_remove_state(0);
     closesocket(remote);
-    closesocket(local);
+    closesocket(local_rd);
     goto done;
 cleanup_ssl: /* close SSL and reset sockets */
     SSL_set_shutdown(ssl, SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
@@ -564,10 +564,10 @@
     closesocket(remote);
 cleanup_local: /* reset local socket */
     if (!((options.option & OPT_CLIENT) && (options.option & OPT_PROGRAM)) &&
-        setsockopt(local, SOL_SOCKET, SO_LINGER, (char *)&l, sizeof(l)) < 0 &&
+        setsockopt(local_rd, SOL_SOCKET, SO_LINGER, (char *)&l, sizeof(l)) < 0 &&
         errno != ENOTSOCK)
         sockerror("linger (local)");
-    closesocket(local);
+    closesocket(local_rd);
 done:
 #ifndef USE_FORK
     enter_critical_section(2); /* for multi-cpu machines */
@@ -578,12 +578,12 @@
     ; /* ANSI C compiler needs it */
 }
 
-static int transfer(SSL *ssl, int sock_fd) /* transfer data */
+static int transfer(SSL *ssl, int sock_rd, int sock_wr) /* transfer data */
 {
     fd_set rd_set, wr_set;
     int num, fdno, ssl_fd, ssl_bytes, sock_bytes, retval;
     char sock_buff[BUFFSIZE], ssl_buff[BUFFSIZE];
-    int sock_ptr, ssl_ptr, sock_open, ssl_open;
+    int sock_ptr, ssl_ptr, sock_rd_open, sock_wr_open, ssl_open;
 #if defined FIONBIO && defined USE_NBIO
     unsigned long l;
 #endif
@@ -591,29 +591,33 @@
     int check_SSL_pending;
 
     ssl_fd=SSL_get_fd(ssl);
-    fdno=(ssl_fd>sock_fd ? ssl_fd : sock_fd)+1;
+    fdno=sock_wr > sock_rd ? sock_wr : sock_rd;
+    fdno=(ssl_fd>fdno ? ssl_fd : fdno)+1;
     sock_ptr=0;
     ssl_ptr=0;
-    sock_open=1;
+    sock_rd_open=1;
+    sock_wr_open=1;
     ssl_open=1;
     sock_bytes=0;
     ssl_bytes=0;
 
 #if defined FIONBIO && defined USE_NBIO
     l=1; /* ON */
-    if(ioctlsocket(sock_fd, FIONBIO, &l)<0)
-        sockerror("ioctlsocket (sock)"); /* non-critical */
+    if(ioctlsocket(sock_rd, FIONBIO, &l)<0)
+        sockerror("ioctlsocket (sock rd)"); /* non-critical */
+    if(sock_wr != sock_rd && ioctlsocket(sock_wr, FIONBIO, &l)<0)
+        sockerror("ioctlsocket (sock wr)"); /* non-critical */
     if(ioctlsocket(ssl_fd, FIONBIO, &l)<0)
         sockerror("ioctlsocket (ssl)"); /* non-critical */
     log(LOG_DEBUG, "Sockets set to non-blocking mode");
 #endif
 
-    while((sock_open||sock_ptr) && (ssl_open||ssl_ptr)) {
+    while((sock_rd_open||sock_wr_open||sock_ptr) && (ssl_open||ssl_ptr)) {
 
         FD_ZERO(&rd_set);
 
-        if(sock_open && sock_ptr<BUFFSIZE) /* can read from socket */
-            FD_SET(sock_fd, &rd_set);
+        if(sock_rd_open && sock_ptr<BUFFSIZE) /* can read from socket */
+            FD_SET(sock_rd, &rd_set);
 
         if (   ssl_open
             && (    (ssl_ptr<BUFFSIZE) /* I want to read from SSL */
@@ -627,8 +631,8 @@
 
         FD_ZERO(&wr_set);
 
-        if(sock_open && ssl_ptr) /* can write to socket */
-            FD_SET(sock_fd, &wr_set);
+        if(sock_wr_open && ssl_ptr) /* can write to socket */
+            FD_SET(sock_wr, &wr_set);
 
         if (   ssl_open
             && (   (sock_ptr) /* can write to SSL */
@@ -650,8 +654,8 @@
 
         check_SSL_pending = 0;
 
-        if(sock_open && FD_ISSET(sock_fd, &wr_set)) {
-            num=writesocket(sock_fd, ssl_buff, ssl_ptr);
+        if(sock_wr_open && FD_ISSET(sock_wr, &wr_set)) {
+            num=writesocket(sock_wr, ssl_buff, ssl_ptr);
             if(num<0) {
                 sockerror("write");
                 goto error;
@@ -665,7 +669,7 @@
                 sock_bytes+=num;
             } else { /* close */
                 log(LOG_DEBUG, "Socket closed on write");
-                sock_open=0;
+                sock_wr_open=0;
             }
         }
 
@@ -709,8 +713,8 @@
             }
         }
 
-        if(sock_open && FD_ISSET(sock_fd, &rd_set)) {
-            num=readsocket(sock_fd, sock_buff+sock_ptr, BUFFSIZE-sock_ptr);
+        if(sock_rd_open && FD_ISSET(sock_rd, &rd_set)) {
+            num=readsocket(sock_rd, sock_buff+sock_ptr, BUFFSIZE-sock_ptr);
 
             if(num<0 && errno==ECONNRESET) {
                 log(LOG_NOTICE, "IPC reset (child died)");
@@ -723,7 +727,7 @@
                 sock_ptr += num;
             } else { /* close */
                 log(LOG_DEBUG, "Socket closed on read");
-                sock_open = 0;
+                sock_rd_open = 0;
             }
         }
 
@@ -777,8 +781,10 @@
 
 #if defined FIONBIO && defined USE_NBIO
     l=0; /* OFF */
-    if(ioctlsocket(sock_fd, FIONBIO, &l)<0)
-        sockerror("ioctlsocket (sock)"); /* non-critical */
+    if(ioctlsocket(sock_rd, FIONBIO, &l)<0)
+        sockerror("ioctlsocket (sock rd)"); /* non-critical */
+    if(sock_wr != sock_rd && ioctlsocket(sock_wr, FIONBIO, &l)<0)
+        sockerror("ioctlsocket (sock wr)"); /* non-critical */
     if(ioctlsocket(ssl_fd, FIONBIO, &l)<0)
         sockerror("ioctlsocket (ssl)"); /* non-critical */
 #endif
diff -u -r stunnel-3.14/sthreads.c stunnel-3.14k/sthreads.c
--- stunnel-3.14/sthreads.c	Thu Jan 25 03:11:59 2001
+++ stunnel-3.14k/sthreads.c	Thu Jul 12 19:06:00 2001
@@ -85,7 +85,7 @@
     return (unsigned long)pthread_self();
 }
 
-int create_client(int ls, int s, void (*cli)(int)) {
+int create_client(int ls, int s, void (*cli)(int, int)) {
      pthread_t thread;
      sigset_t mask, oldmask;
 
@@ -133,7 +133,7 @@
     return GetCurrentThreadId();
 }
 
-int create_client(int ls, int s, void (*cli)(int)) {
+int create_client(int ls, int s, void (*cli)(int, int)) {
     DWORD iID;
 
     CloseHandle(CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)cli,
@@ -168,7 +168,7 @@
     return 0L;
 }
 
-int create_client(int ls, int s, void (*cli)(int)) {
+int create_client(int ls, int s, void (*cli)(int, int)) {
     switch(fork()) {
     case -1:    /* error */
         closesocket(s);
diff -u -r stunnel-3.14/stunnel.c stunnel-3.14k/stunnel.c
--- stunnel-3.14/stunnel.c	Wed Feb 21 09:55:28 2001
+++ stunnel-3.14k/stunnel.c	Thu Jul 12 19:02:58 2001
@@ -202,12 +202,12 @@
         u32 ip = 0; /* local program or stdin/stdout */
         if ((local = connect_local(ip)) >= 0) {
             options.clients = 1;
-            client(local);
+            client(local, local);
         }
     } else {
         /* client or server, inetd mode */
         options.clients = 1;
-        client(0); /* connection from fd 0 - stdin */
+        client(fileno(stdin), fileno(stdout)); /* connection with stdin, stdout */
     }
     /* close SSL */
     context_free(); /* free global SSL context */