This patch is a diff between stunnel version 3.8 and version 3.8p1. Numerous folks have been asking for a single stunnel tarball with all the patches I've supplied over the last half year, and this is it. Man page fixes: The man page and '-h' output is up to date with the actual stunnel invocation, with longer descriptions of the arguments. Client session-ID patch: Allows stunnel in client mode to use session-ID caching to speed up handshake between client and server. Pid patch: Allow users to select a pid file/directory, and remove a security hole where malicious users could cause others to overwrite files. PRNG seeding: Allow users to seed the PRNG s.t. they are not using crypto without entropy. Specifically, it looks for random data from the following sources, in order: The file specified with the new -R flag. The file specified by the RANDFILE environment variable, if set. The file .rnd in your home directory, iff RANDFILE not set. The file specified with '--with-random' at compile time The contents of the screen if running on Windows. The egd socket specified with the -E flag. The egd socket specified with '--with-egd-sock' at compile time. The /dev/urandom device. Seeding stops when sufficient entropy is gathered. 'Sufficient' is determined differently depending on the version of your SSL library. Read the man page. Note that the PRNG seeding patch here is more complete than the previous one written, and now includes the ability to output new random data to existing seed files, such that you do not need to manually update the files yourself. This feature can, of course, be turned off. Tcpwrapper service name flag: Add a '-N servicename' flag that will allow you to select your own service name, rather than getting the one stunnel picks. Although clear-cut and logical, stunnel's method of creating a service name has confused many before. This also outputs a line telling you the service name in use verbosely in the debug output to make it clearer.