=== modified file 'Makefile'
--- Makefile	2014-03-05 21:47:03 +0000
+++ Makefile	2014-03-10 06:55:54 +0000
@@ -19,7 +19,7 @@
 LINK_FORTIFY += -pie
 endif
 #COVERAGE=--coverage
-OPTIMIZE=-Os
+OPTIMIZE=-Os -fno-strict-aliasing
 LANGUAGE=-std=gnu99
 htmldir=man
 version=1.6.4

=== modified file 'TODO'
--- TODO	2014-03-10 06:34:36 +0000
+++ TODO	2014-03-10 06:55:54 +0000
@@ -21,7 +21,6 @@
 
 * mandos-client
 ** TODO [#B] Use capabilities instead of seteuid().
-** TODO [#B] Use struct sockaddr_storage instead of a union
 ** TODO [#B] Use getaddrinfo(hints=AI_NUMERICHOST) instead of inet_pton()
 ** TODO [#B] Prefer /run/tmp over /tmp, if it exists
 ** TODO [#C] Make start_mandos_communication() take "struct server".

=== modified file 'plugins.d/mandos-client.c'
--- plugins.d/mandos-client.c	2014-03-10 06:34:36 +0000
+++ plugins.d/mandos-client.c	2014-03-10 06:55:54 +0000
@@ -634,10 +634,7 @@
 				      int af, mandos_context *mc){
   int ret, tcp_sd = -1;
   ssize_t sret;
-  union {
-    struct sockaddr_in in;
-    struct sockaddr_in6 in6;
-  } to;
+  struct sockaddr_storage to;
   char *buffer = NULL;
   char *decrypted_buffer = NULL;
   size_t buffer_length = 0;
@@ -724,11 +721,11 @@
   
   memset(&to, 0, sizeof(to));
   if(af == AF_INET6){
-    to.in6.sin6_family = (sa_family_t)af;
-    ret = inet_pton(af, ip, &to.in6.sin6_addr);
+    ((struct sockaddr_in6 *)&to)->sin6_family = (sa_family_t)af;
+    ret = inet_pton(af, ip, &((struct sockaddr_in6 *)&to)->sin6_addr);
   } else {			/* IPv4 */
-    to.in.sin_family = (sa_family_t)af;
-    ret = inet_pton(af, ip, &to.in.sin_addr);
+    ((struct sockaddr_in *)&to)->sin_family = (sa_family_t)af;
+    ret = inet_pton(af, ip, &((struct sockaddr_in *)&to)->sin_addr);
   }
   if(ret < 0 ){
     int e = errno;
@@ -743,16 +740,9 @@
     goto mandos_end;
   }
   if(af == AF_INET6){
-    to.in6.sin6_port = htons(port);    
-#ifdef __GNUC__
-#pragma GCC diagnostic push
-#pragma GCC diagnostic ignored "-Wstrict-aliasing"
-#endif
-    if(IN6_IS_ADDR_LINKLOCAL /* Spurious warnings from */
-       (&to.in6.sin6_addr)){ /* -Wstrict-aliasing=2 or lower */
-#ifdef __GNUC__
-#pragma GCC diagnostic pop
-#endif
+    ((struct sockaddr_in6 *)&to)->sin6_port = htons(port);    
+    if(IN6_IS_ADDR_LINKLOCAL
+       (&((struct sockaddr_in6 *)&to)->sin6_addr)){
       if(if_index == AVAHI_IF_UNSPEC){
 	fprintf_plus(stderr, "An IPv6 link-local address is"
 		     " incomplete without a network interface\n");
@@ -760,10 +750,10 @@
 	goto mandos_end;
       }
       /* Set the network interface number as scope */
-      to.in6.sin6_scope_id = (uint32_t)if_index;
+      ((struct sockaddr_in6 *)&to)->sin6_scope_id = (uint32_t)if_index;
     }
   } else {
-    to.in.sin_port = htons(port);
+    ((struct sockaddr_in *)&to)->sin_port = htons(port);
   }
   
   if(quit_now){
@@ -787,11 +777,13 @@
     char addrstr[(INET_ADDRSTRLEN > INET6_ADDRSTRLEN) ?
 		 INET_ADDRSTRLEN : INET6_ADDRSTRLEN] = "";
     if(af == AF_INET6){
-      ret = getnameinfo((struct sockaddr *)&(to.in6), sizeof(to.in6),
+      ret = getnameinfo((struct sockaddr *)&to,
+			sizeof(struct sockaddr_in6),
 			addrstr, sizeof(addrstr), NULL, 0,
 			NI_NUMERICHOST);
     } else {
-      ret = getnameinfo((struct sockaddr *)&(to.in), sizeof(to.in),
+      ret = getnameinfo((struct sockaddr *)&to,
+			sizeof(struct sockaddr_in),
 			addrstr, sizeof(addrstr), NULL, 0,
 			NI_NUMERICHOST);
     }
@@ -810,9 +802,11 @@
   }
   
   if(af == AF_INET6){
-    ret = connect(tcp_sd, &to.in6, sizeof(to));
+    ret = connect(tcp_sd, (struct sockaddr *)&to,
+		  sizeof(struct sockaddr_in6));
   } else {
-    ret = connect(tcp_sd, &to.in, sizeof(to)); /* IPv4 */
+    ret = connect(tcp_sd, (struct sockaddr *)&to, /* IPv4 */
+		  sizeof(struct sockaddr_in));
   }
   if(ret < 0){
     if ((errno != ECONNREFUSED and errno != ENETUNREACH) or debug){