--- stunnel-4.21-orig/src/stunnel.c	2007-10-27 17:41:39.000000000 +0200
+++ stunnel-4.21/src/stunnel.c	2007-11-03 16:44:02.000000000 +0100
@@ -41,7 +41,7 @@
 static void accept_connection(LOCAL_OPTIONS *);
 static void get_limits(void); /* setup global max_clients and max_fds */
 #if !defined (USE_WIN32) && !defined (__vms)
-static void make_chroot(void);
+static void drop_privileges(void);
 static void daemonize(void);
 static void create_pid(void);
 static void delete_pid(void);
@@ -111,9 +111,6 @@
     } else { /* inetd mode */
 #if !defined (USE_WIN32) && !defined (__vms)&&!defined(USE_OS2)
         max_fds=FD_SETSIZE; /* just in case */
-#ifdef HAVE_CHROOT
-        make_chroot();
-#endif /* HAVE_CHROOT */
         drop_privileges();
 #endif
         num_clients=1;
@@ -171,9 +168,6 @@
 #if !defined (USE_WIN32) && !defined (__vms) && !defined(USE_OS2)
     if(!(options.option.foreground))
         daemonize();
-#ifdef HAVE_CHROOT
-        make_chroot();
-#endif /* HAVE_CHROOT */
     drop_privileges();
     create_pid();
 #endif /* !defined USE_WIN32 && !defined (__vms) */
@@ -299,24 +293,9 @@
 #endif
 }
 
-#ifdef HAVE_CHROOT
-static void make_chroot(void) {
-    if(options.chroot_dir) {
-        if(chroot(options.chroot_dir)) {
-            sockerror("chroot");
-            exit(1);
-        }
-        if(chdir("/")) {
-            sockerror("chdir");
-            exit(1);
-        }
-    }
-}
-#endif /* HAVE_CHROOT */
-
 #if !defined (USE_WIN32) && !defined (__vms)
-    /* set process user and group(s) id */
-void drop_privileges(void) {
+    /* chroot and set process user and group(s) id */
+static void drop_privileges(void) {
     int uid=0, gid=0;
     struct group *gr;
 #ifdef HAVE_SETGROUPS
@@ -350,6 +329,20 @@
         }
     }
 
+#ifdef HAVE_CHROOT
+    /* chroot */
+    if(options.chroot_dir) {
+        if(chroot(options.chroot_dir)) {
+            sockerror("chroot");
+            exit(1);
+        }
+        if(chdir("/")) {
+            sockerror("chdir");
+            exit(1);
+        }
+    }
+#endif /* HAVE_CHROOT */
+
     /* Set uid and gid */
     if(gid) {
         if(setgid(gid)) {
--- stunnel-4.21-orig/src/prototypes.h	2007-10-05 17:42:48.000000000 +0200
+++ stunnel-4.21/src/prototypes.h	2007-11-03 16:33:49.000000000 +0100
@@ -57,7 +57,6 @@
 void main_initialize(char *, char *);
 void main_execute(void);
 void stunnel_info(int);
-void drop_privileges(void);
 
 /**************************************** Prototypes for log.c */