--- src/stunnel.c	2011/06/18 04:05:08	1.1
+++ src/stunnel.c	2011/06/18 04:09:42
@@ -496,11 +496,9 @@
 #endif
 
 static int setup_fd(int fd, int nonblock, char *msg) {
-#ifdef USE_WIN32
-    unsigned long l;
-#else /* USE_WIN32 */
-    int err, flags;
-#endif /* USE_WIN32 */
+#ifdef FD_CLOEXEC
+    int err;
+#endif /* FD_CLOEXEC */
 
     if(fd<0) {
         sockerror(msg);
@@ -512,11 +510,33 @@
         closesocket(fd);
         return -1;
     }
+
 #ifndef USE_NEW_LINUX_API
-#if defined F_GETFL && defined F_SETFL && defined O_NONBLOCK && !defined __INNOTEK_LIBC__
+    set_nonblock(fd, nonblock);
+#ifdef FD_CLOEXEC
+    do {
+        err=fcntl(fd, F_SETFD, FD_CLOEXEC);
+    } while(err<0 && get_last_socket_error()==EINTR);
+    if(err<0)
+        sockerror("fcntl SETFD"); /* non-critical */
+#endif /* FD_CLOEXEC */
+#endif /* USE_NEW_LINUX_API */
+    s_log(LOG_DEBUG, "%s: FD=%d allocated (%sblocking mode)",
+        msg, fd, nonblock?"non-":"");
+    return fd;
+}
+
+void set_nonblock(int fd, unsigned long nonblock) {
+#if defined F_GETFL && defined F_SETFL && defined O_NONBLOCK && !defined __INNOTEK_LIBC__
+    int err, flags;
+
     do {
         flags=fcntl(fd, F_GETFL, 0);
     } while(flags<0 && get_last_socket_error()==EINTR);
+    if(flags<0) {
+        sockerror("fcntl GETFL"); /* non-critical */
+        return;
+    }
     if(nonblock)
         flags|=O_NONBLOCK;
     else
--- src/prototypes.h	2011-06-18 12:14:22.883741503 +0200
+++ src/prototypes.h	2011-06-17 15:14:24.000000000 +0200
@@ -154,6 +154,7 @@
     SOCKADDR_LIST local_addr, remote_addr, source_addr;
     char *username;
     char *remote_address;
+    char *host_name;
     int timeout_busy; /* maximum waiting for data time */
     int timeout_close; /* maximum close_notify time */
     int timeout_connect; /* maximum connect() time */
@@ -322,7 +323,6 @@
 void child_status(void);  /* dead libwrap or 'exec' process detected */
 #endif
 int set_socket_options(int, int);
-void set_nonblock(int, unsigned long);
 int get_socket_error(const int);
 
 /**************************************** prototypes for client.c */
@@ -333,24 +333,26 @@
 } FD;
 
 typedef struct {
+    SSL *ssl; /* SSL connnection */
     SERVICE_OPTIONS *opt;
-    char accepted_address[IPLEN]; /* text */
+    jmp_buf err; /* exception handler */
+
+    char accepted_address[IPLEN]; /* IP address as text for logging */
     SOCKADDR_LIST peer_addr; /* peer address */
     FD local_rfd, local_wfd; /* read and write local descriptors */
     FD remote_fd; /* remote file descriptor */
-    SSL *ssl; /* SSL Connection */
     SOCKADDR_LIST bind_addr;
         /* IP for explicit local bind or transparent proxy */
-    unsigned long pid; /* PID of local process */
+    unsigned long pid; /* PID of the local process */
     int fd; /* temporary file descriptor */
-    jmp_buf err;
 
+    /* data for transfer() function */
     char sock_buff[BUFFSIZE]; /* socket read buffer */
     char ssl_buff[BUFFSIZE]; /* SSL read buffer */
     int sock_ptr, ssl_ptr; /* index of first unused byte in buffer */
     FD *sock_rfd, *sock_wfd; /* read and write socket descriptors */
     FD *ssl_rfd, *ssl_wfd; /* read and write SSL descriptors */
-    int sock_bytes, ssl_bytes; /* bytes written to socket and ssl */
+    int sock_bytes, ssl_bytes; /* bytes written to socket and SSL */
     s_poll_set fds; /* file descriptors */
 } CLI;
 
@@ -408,6 +410,7 @@
     int ready; /* number of ready file descriptors */
     time_t finish; /* when to finish poll() for this context */
     struct CONTEXT_STRUCTURE *next; /* next context on a list */
+    void *tls; /* thread local storage for str.c */
 } CONTEXT;
 extern CONTEXT *ready_head, *ready_tail;
 extern CONTEXT *waiting_head, *waiting_tail;