diff --git a/CHANGES b/CHANGES
index 4eb839823b5e76bfd8d5161d6e84f38c8d508a72..9cee7298e0a27d18349ca0de227a7c6719091769 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,14 @@
 
  Changes between 0.9.5a and 0.9.6  [xx XXX 2000]
 
+  *) The type-safe stack code has been rejigged. It is now only compiled
+     in when OpenSSL is configured with the DEBUG_SAFESTACK option and
+     by default all type-specific stack functions are "#define"d back to
+     standard stack functions. This results in more streamlined output
+     but retains the type-safety checking possibilities of the original
+     approach.
+     [Geoff Thorpe]
+
   *) The STACK code has been cleaned up, and certain type declarations
      that didn't make a lot of sense have been brought in line. This has
      also involved a cleanup of sorts in safestack.h to more correctly
diff --git a/Configure b/Configure
index 447e3d70b33071ee1fe2779aaf9eb96ae7153dd9..a4b9d3bd60475ceab326ca2e211bc0a4bac6b8f5 100755
--- a/Configure
+++ b/Configure
@@ -33,7 +33,10 @@ my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-
 # 386           generate 80386 code
 # no-<cipher>   build without specified algorithm (rsa, idea, rc5, ...)
 # -<xxx> +<xxx> compiler options are passed through 
-# 
+#
+# DEBUG_SAFESTACK use type-safe stacks to enforce type-safety on stack items
+#		provided to stack calls. Generates unique stack functions for
+#		each possible stack type.
 # DES_PTR	use pointer lookup vs arrays in the DES in crypto/des/des_locl.h
 # DES_RISC1	use different DES_ENCRYPT macro that helps reduce register
 #		dependancies but needs to more registers, good for RISC CPU's
diff --git a/Makefile.org b/Makefile.org
index cf98fb515e4b94e52ef4a56cf04bdc4e344f1779..dceea44b5031a56b8c9a2747465170f97a1a6682 100644
--- a/Makefile.org
+++ b/Makefile.org
@@ -299,6 +299,9 @@ tags:
 errors:
 	perl util/mkerr.pl -recurse -write
 
+stacks:
+	perl util/mkstack.pl -recurse
+
 util/libeay.num::
 	perl util/mkdef.pl crypto update
 
@@ -312,7 +315,7 @@ TABLE: Configure
 	(echo 'Output of `Configure TABLE'"':"; \
 	perl Configure TABLE) > TABLE
 
-update: depend errors util/libeay.num util/ssleay.num crypto/objects/obj_dat.h TABLE
+update: depend errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h TABLE
 
 tar:
 	@$(TAR) $(TARFLAGS) -cvf - \
diff --git a/crypto/stack/safestack.h b/crypto/stack/safestack.h
index 6a093201dccac0046dd56e7958b10acb13b3ae3d..228b4f8184d414876c5430fcb0803f79cdf48ee8 100644
--- a/crypto/stack/safestack.h
+++ b/crypto/stack/safestack.h
@@ -57,6 +57,8 @@
 
 #include <openssl/stack.h>
 
+#ifdef DEBUG_SAFESTACK
+
 #define STACK_OF(type) struct stack_st_##type
 #define PREDECLARE_STACK_OF(type) STACK_OF(type);
 
@@ -133,4 +135,13 @@ type *sk_##type##_pop(STACK_OF(type) *sk) \
 void sk_##type##_sort(STACK_OF(type) *sk) \
     { sk_sort((STACK *)sk); }
 
+#else
+
+#define STACK_OF(type) STACK
+#define PREDECLARE_STACK_OF(type) /* nada */
+#define DECLARE_STACK_OF(type)    /* nada */
+#define IMPLEMENT_STACK_OF(type)  /* nada */
+
+#endif
+
 #endif /* ndef HEADER_SAFESTACK_H */
diff --git a/util/mkdef.pl b/util/mkdef.pl
index 9f5fba91467831f6739a1b9e56c0e61b008fe887..1a51f677bd878ecabfb4cae2e7e837ad9136a0ec 100755
--- a/util/mkdef.pl
+++ b/util/mkdef.pl
@@ -18,7 +18,7 @@ my $rsaref = 0;
 my $W32=1;
 my $NT=0;
 # Set this to make typesafe STACK definitions appear in DEF
-my $safe_stack_def = 1;
+my $safe_stack_def = 0;
 
 my $options="";
 open(IN,"<Makefile.ssl") || die "unable to open Makefile.ssl!\n";
@@ -49,6 +49,7 @@ foreach (@ARGV, split(/ /, $options))
 	$do_update=1 if $_ eq "update";
 	$do_ctest=1 if $_ eq "ctest";
 	$rsaref=1 if $_ eq "rsaref";
+	$safe_stack_def=1 if $_ eq "-DDEBUG_SAFESTACK";
 
 	if    (/^no-rc2$/)      { $no_rc2=1; }
 	elsif (/^no-rc4$/)      { $no_rc4=1; }
@@ -363,6 +364,7 @@ sub do_defs
 		foreach (split /;/, $def) {
 			s/^[\n\s]*//g;
 			s/[\n\s]*$//g;
+			next if(/#define/);
 			next if(/typedef\W/);
 			next if(/EVP_bf/ and $no_bf);
 			next if(/EVP_cast/ and $no_cast);
diff --git a/util/mkstack.pl b/util/mkstack.pl
new file mode 100755
index 0000000000000000000000000000000000000000..30f1722312fc92b29abbb9c8b5133f5bbc471b6d
--- /dev/null
+++ b/util/mkstack.pl
@@ -0,0 +1,112 @@
+#!/usr/local/bin/perl -w
+#
+# This is a utility that searches out "DECLARE_STACK_OF()"
+# declarations in header files, and updates/creates/replaces
+# the corresponding macro declarations that follow it. The
+# reason is that with "DEBUG_SAFESTACK" defined, each type
+# will generate 19 functions, all type-safe variants of the
+# base "sk_***" functions for the general STACK type. Without
+# DEBUG_SAFESTACK defined, we need to macro define all the
+# "type'd sk_##type##_***" functions as mapping directly to
+# the standard sk_*** equivalents. As it's not generally
+# possible to have macros that generate macros, we need to
+# control this from the "outside", here in this script.
+#
+# Geoff Thorpe, June, 2000 (with massive Perl-hacking
+#                           help from Steve Robb)
+
+my $type_thing;
+my $recurse = 0;
+my @files = @ARGV;
+
+while (@ARGV) {
+	my $arg = $ARGV[0];
+	if($arg eq "-recurse") {
+		$recurse = 1;
+		shift @ARGV;
+	} else {
+		last;
+	}
+}
+
+if($recurse) {
+	@source = (<crypto/*.[ch]>, <crypto/*/*.[ch]>, <rsaref/*.[ch]>, <ssl/*.[ch]>);
+} else {
+	@source = @ARGV;
+}
+
+foreach $file (@source) {
+	# After "Configure" has been run, we need to make sure we don't
+	# overwrite symbollic links with new header files!
+	next if -l $file;
+
+	# Open the .c/.h file for reading
+	open(IN, "< $file") || die "Can't open $file for reading: $!";
+	open(OUT, "> $file.tmp") || die "Can't open $file.tmp for writing: $!";
+
+	select(OUT);
+	process_the_file();
+
+	close(OUT);
+	close(IN);
+
+	unlink($file);
+	rename("$file.tmp", $file);
+}
+
+sub process_the_file {
+
+	my $inside_block = 0;
+	my $output_defines = 0;
+
+	while(<IN>) {
+		if (/^DECLARE_STACK_OF\(([^)]+)\)/) {
+			$type_thing = $1;
+			$output_defines = 1;
+		}
+		if (m|^/\* This block of defines is updated by a perl script, please do not touch! \*/|) {
+			$inside_block = 1;
+		}
+		if (m|^/\* End of perl script block, you may now edit :-\) \*/|) {
+			$inside_block = 0;
+		} elsif ($inside_block == 0) {
+			print;
+		}
+		if($output_defines == 1) {
+			print <<EOF;
+/* This block of defines is updated by a perl script, please do not touch! */
+#ifndef DEBUG_SAFESTACK
+	#define sk_${type_thing}_new(a) sk_new((int (*) \\
+		(const char * const *, const char * const *))(a))
+	#define sk_${type_thing}_new_null() sk_new_null()
+	#define sk_${type_thing}_free(a) sk_free(a)
+	#define sk_${type_thing}_num(a) sk_num(a)
+	#define sk_${type_thing}_value(a,b) ((${type_thing} *) \\
+		sk_value((a),(b)))
+	#define sk_${type_thing}_set(a,b,c) ((${type_thing} *) \\
+		sk_set((a),(b),(char *)(c)))
+	#define sk_${type_thing}_zero(a) sk_zero(a)
+	#define sk_${type_thing}_push(a,b) sk_push((a),(char *)(b))
+	#define sk_${type_thing}_unshift(a,b) sk_unshift((a),(b))
+	#define sk_${type_thing}_find(a,b) sk_find((a), (char *)(b))
+	#define sk_${type_thing}_delete(a,b) ((${type_thing} *) \\
+		sk_delete((a),(b)))
+	#define sk_${type_thing}_delete_ptr(a,b) ((${type_thing} *) \\
+		sk_delete_ptr((a),(char *)(b)))
+	#define sk_${type_thing}_insert(a,b,c) sk_insert((a),(char *)(b),(c))
+	#define sk_${type_thing}_set_cmp_func(a,b) ((int (*) \\
+		(const ${type_thing} * const *,const ${type_thing} * const *)) \\
+		sk_set_cmp_func((a),(int (*) \\
+		(const char * const *, const char * const *))(b)))
+	#define sk_${type_thing}_dup(a) sk_dup(a)
+	#define sk_${type_thing}_pop_free(a,b) sk_pop_free((a),(void (*)(void *))(b))
+	#define sk_${type_thing}_shift(a) ((${type_thing} *)sk_shift(a))
+	#define sk_${type_thing}_pop(a) ((${type_thing} *)sk_pop(a))
+	#define sk_${type_thing}_sort(a) sk_sort(a)
+#endif /* !DEBUG_SAFESTACK */
+/* End of perl script block, you may now edit :-) */
+EOF
+			$output_defines = 0;
+		}
+	}
+}