diff -ur -x cli-gaa.c -x cli-gaa.h -x gnutls.info -x stamp-vti gnutls13-1.7.7.old/doc/gnutls.texi gnutls13-1.7.7/doc/gnutls.texi
--- gnutls13-1.7.7.old/doc/gnutls.texi	2007-02-08 14:17:41.000000000 +0100
+++ gnutls13-1.7.7/doc/gnutls.texi	2007-05-28 19:07:59.000000000 +0200
@@ -2219,7 +2219,7 @@
      -r, --resume             Connect, establish a session. Connect
                               again and resume this session.
      -s, --starttls           Connect, establish a plain session and
-                              start TLS when EOF or a SIGALRM is
+                              start TLS when EOF or a SIGHUP is
                               received.
      --crlf                   Send CR LF instead of LF.
      --x509fmtder             Use DER format for certificates to read
diff -ur -x cli-gaa.c -x cli-gaa.h -x gnutls.info -x stamp-vti gnutls13-1.7.7.old/doc/manpages/gnutls-cli.1 gnutls13-1.7.7/doc/manpages/gnutls-cli.1
--- gnutls13-1.7.7.old/doc/manpages/gnutls-cli.1	2004-10-28 14:14:54.000000000 +0200
+++ gnutls13-1.7.7/doc/manpages/gnutls-cli.1	2007-05-28 19:07:59.000000000 +0200
@@ -20,7 +20,7 @@
 .IP "\-r, \-\-resume"
 Connect, establish a session.  Connect again and resume this session.
 .IP "\-s, \-\-starttls"
-Connect, establish a plain session and start TLS when EOF or a SIGALRM
+Connect, establish a plain session and start TLS when EOF or a SIGHUP
 is received.
 .IP "\-v, \-\-version"
 Prints the program's version number.
diff -ur -x cli-gaa.c -x cli-gaa.h -x gnutls.info -x stamp-vti gnutls13-1.7.7.old/src/cli.c gnutls13-1.7.7/src/cli.c
--- gnutls13-1.7.7.old/src/cli.c	2007-02-22 08:34:01.000000000 +0100
+++ gnutls13-1.7.7/src/cli.c	2007-05-30 11:52:38.000000000 +0200
@@ -82,6 +82,7 @@
 static int x509ctype;
 static int disable_extensions;
 static int debug;
+int io_timeout, io_timeout_count;
 
 char *psk_username = NULL;
 gnutls_datum psk_key = { NULL, 0 };
@@ -182,6 +183,9 @@
 static void init_global_tls_stuff (void);
 
 
+#undef MIN
+#define MIN(X,Y) (X >= Y ? Y : X);
+
 #undef MAX
 #define MAX(X,Y) (X >= Y ? X : Y);
 
@@ -619,12 +623,23 @@
   return ret;
 }
 
-int starttls_alarmed = 0;
+int starttls_sighuped = 0;
 
 void
-starttls_alarm (int signum)
+starttls_sighup (int signum)
 {
-  starttls_alarmed = 1;
+  starttls_sighuped = 1;
+}
+
+void
+starttls_sigalarm (int signum)
+{
+  if (--io_timeout_count == 0)
+    {
+      fprintf (stderr, "*** Timeout while waiting for data.\n");
+      exit (1);
+    }
+  alarm (1);
 }
 
 
@@ -662,13 +677,25 @@
   socket_open( &hd, hostname, service);
   socket_connect( &hd);
 
+  /* Start our time bomb right after we have a socket */
+#ifndef _WIN32
+  if (io_timeout)
+    {
+      io_timeout_count = io_timeout;
+      signal (SIGALRM, &starttls_sigalarm);
+      alarm (1);
+    }
+#endif
+
   hd.session = init_tls_session (hostname);
+
   if (starttls)
     goto after_handshake;
 
   for (i = 0; i < 2; i++)
     {
-
+      /* Reset the counter */
+      io_timeout_count = io_timeout;
 
       if (i == 1)
 	{
@@ -731,7 +758,7 @@
   printf ("\n- Simple Client Mode:\n\n");
 
 #ifndef _WIN32
-  signal (SIGALRM, &starttls_alarm);
+  signal (SIGHUP, &starttls_sighup);
 #endif
 
   /* do not buffer */
@@ -741,9 +768,12 @@
   setbuf (stdout, NULL);
   setbuf (stderr, NULL);
 
+  /* Reset the counter */
+  io_timeout_count = io_timeout;
+
   for (;;)
     {
-      if (starttls_alarmed && !hd.secure)
+      if (starttls_sighuped && !hd.secure)
 	{
 	  fprintf (stderr, "*** Starting TLS handshake\n");
 	  ret = do_handshake (&hd);
@@ -761,13 +791,17 @@
       FD_SET (hd.fd, &rset);
 
       maxfd = MAX (fileno (stdin), hd.fd);
-      tv.tv_sec = 3;
+      tv.tv_sec = MIN (3, io_timeout_count);
       tv.tv_usec = 0;
 
       err = select (maxfd + 1, &rset, NULL, NULL, &tv);
       if (err < 0)
 	continue;
 
+      if (err && FD_ISSET(sd, &rset))
+	/* Not stalled, reset the counter */
+	io_timeout_count = io_timeout;
+
       if (FD_ISSET (hd.fd, &rset))
 	{
 	  memset (buffer, 0, MAX_BUF + 1);
@@ -886,6 +920,7 @@
   service = info.port;
   record_max_size = info.record_size;
   fingerprint = info.fingerprint;
+  io_timeout = info.timeout;
 
   if (info.fmtder == 0)
     x509ctype = GNUTLS_X509_FMT_PEM;
diff -ur -x cli-gaa.c -x cli-gaa.h -x gnutls.info -x stamp-vti gnutls13-1.7.7.old/src/cli.gaa gnutls13-1.7.7/src/cli.gaa
--- gnutls13-1.7.7.old/src/cli.gaa	2007-02-22 08:17:34.000000000 +0100
+++ gnutls13-1.7.7/src/cli.gaa	2007-05-28 19:07:59.000000000 +0200
@@ -18,7 +18,7 @@
 option (r, resume) { $resume = 1 } "Connect, establish a session. Connect again and resume this session."
 
 #int starttls;
-option (s, starttls) { $starttls = 1 } "Connect, establish a plain session and start TLS when EOF or a SIGALRM is received."
+option (s, starttls) { $starttls = 1 } "Connect, establish a plain session and start TLS when EOF or a SIGHUP is received."
 
 #int crlf;
 option (crlf) { $crlf = 1 } "Send CR LF instead of LF."
@@ -44,6 +44,9 @@
 #int verbose;
 option (V, verbose) { $verbose = 1 } "More verbose output."
 
+#int timeout;
+option (t, timeout) INT "integer" { $timeout = $1 } "Set timeout (in seconds)."
+
 #int nciphers;
 #char **ciphers;
 option (ciphers) *STR "cipher1 cipher2..." { $ciphers = $1; $nciphers = @1 } "Ciphers to enable."