Version 7.14.0

warnings like:
  'x' may be used uninitialized in this function.

COPYING

@@ -1,6 +1,6 @@
 COPYRIGHT AND PERMISSION NOTICE
 
-Copyright (c) 1996 - 2004, Daniel Stenberg, <daniel@haxx.se>.
+Copyright (c) 1996 - 2005, Daniel Stenberg, <daniel@haxx.se>.
 
 All rights reserved.
 

Makefile.am

@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2004, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -48,6 +48,15 @@ pdf:
 
 check: test
 
+if CROSSCOMPILING
+test-full: test
+test-torture: test
+
+test:
+	@echo "NOTICE: we can't run the tests when cross-compiling!"
+
+else
+
 test:
 	@(cd tests; $(MAKE) all quiet-test)
 
@@ -57,6 +66,8 @@ test-full:
 test-torture:
 	@(cd tests; $(MAKE) all torture-test)
 
+endif
+
 #
 # Build source and binary rpms. For rpm-3.0 and above, the ~/.rpmmacros
 # must contain the following line:

Makefile.dist

@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2004, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -174,6 +174,12 @@ vc-zlib-dll:
 	cd ..\src
 	nmake /f Makefile.vc6 cfg=release-zlib-dll
 
+vc-sspi:
+	cd lib
+	nmake /f Makefile.vc6 cfg=release WINDOWS_SSPI=1
+	cd ..\src
+	nmake /f Makefile.vc6 cfg=release WINDOWS_SSPI=1
+
 djgpp:
 	$(MAKE) -C lib -f Makefile.dj
 	$(MAKE) -C src -f Makefile.dj

RELEASE-NOTES

@@ -1,27 +1,58 @@
-Curl and libcurl 7.13.1
+Curl and libcurl 7.14.0
 
- Public curl release number:               86
+ Public curl release number:               88
- Releases counted from the very beginning: 113
+ Releases counted from the very beginning: 115
- Available command line options:           104
+ Available command line options:           107
  Available curl_easy_setopt() options:     122
  Number of public functions in libcurl:    46
- Amount of public web site mirrors:        15
+ Amount of public web site mirrors:        23
- Number of known libcurl bindings:         29
+ Number of known libcurl bindings:         31
+ Number of contributors:                   437
 
 This release includes the following changes:
 
- o
+ o modified default HTTP request headers
+ o curl --trace-time added for time stamping trace logs
+ o curl now respects the SSL_CERT_DIR and SSL_CERT_PATH environment variables
+ o more search paths for curl's default .curlrc config file check
+ o GnuTLS support, use configure --with-gnutls. Work on this was sponsored
+   by The Written Word.
 
 This release includes the following bugfixes:
 
- o 
+ o uses select() instead of poll() even on Mac OS X 10.4
+ o reconnected proxy use with NTLM auth on the same handle
+ o warns about bad -z date syntax
+ o docs/THANKS now contains all known contributors
+ o builds out-of-the-box on (presumably ipv6-enabled) AIX 4.3 hosts
+ o curl --head could wrongly complain on bad chunked-encoding
+ o --interface SIGSEGVed on a bad address
+ o kill the HTTPS server better when stopping the test suite
+ o builds fine with VS2005 on x64
+ o auth fix for HTTP redirects and .netrc usage
+ o FTP uploads show the progress meter easier
+ o MSVC makefile fixes for static libcurl builds
+ o configure fix for static libcurl build on Windows
+ o --retry-delay
+ o POST with read callback now uses Expect: 100-continue
+ o CURLOPT_PORT didn't actually use the set port number
+ o HTTP 304 response with Content-Length: header
+ o time-conditioned FTP uploads
 
 Other curl-related news since the previous public release:
 
- o 
+ o http://curl.mirroring.de/ is a new german curl mirror
+ o pycurl 7.13.2: http://pycurl.sf.net/
+ o TclCurl 0.13.2: http://personal1.iddeo.es/andresgarci/tclcurl/english/
+ o http://curl.webhosting76.com/ is a new US curl mirror
+ o http://curl.meulie.net/ is a new Canadian curl mirror
 
 This release would not have looked like this without help, code, reports and
 advice from friends like these:
 
+ Christophe Legry, Cory Nelson, Gisle Vanem, Dan Fandrich, Toshiyuki Maezawa,
+ Olivier, Andres Garcia, Dave Dribin, Alex Suykov, Cory Nelson, Fred New,
+ Paul Moore, Alexander Zhuravlev, Bryan Henderson, Jeremy Brown, Allan,
+ Grigory Entin
 
         Thanks! (and sorry if I forgot to mention someone)

TODO-RELEASE

@@ -1,22 +1,21 @@
 Issues not sorted in any particular order.
 
-To get fixed in 7.13.1 (planned release: April 2005)
+To get fixed in 7.14.0 (planned release: May/June 2005)
+======================
+
+   - Make the tests run better on more platforms.
+
+To get fixed in 7.14.1 (planned release: June 2005)
 ======================
 
 58 - Fix KNOWN_BUGS #19: "FTP 3rd party transfers with the multi interface
      doesn't work"
 
-59 - Figure out a fix for David Byron's SSL problems:
-     http://curl.haxx.se/mail/lib-2005-01/0240.html
-
 47 - Peter Sylvester's patch for SRP on the TLS layer
      Awaits OpenSSL support for this, no need to support this in libcurl before
      there's an OpenSSL release that does it.
 
-54 - Turn the FTP code into a state machine to support the multi interface
+To get fixed in 7.15.0
-     100% non-blocking.
-
-To get fixed in 7.14.0
 ======================
 
 55 - Add a function to the multi interface that gets file descriptors, as an
@@ -30,7 +29,12 @@ To get fixed in 7.14.0
      internally use and assume the multi interface. The select()-loop should
      use the new function from (55).
 
+To get fixed in 7.16.0
+======================
+
 57 - Add an interface to libcurl for getting and setting cookies from an easy
      handle. One idea: http://curl.haxx.se/mail/lib-2004-12/0195.html the
      older idea: http://curl.haxx.se/dev/COOKIES. We need to settle on some
      middle ground I guess.
+
+60 - 

acinclude.m4

@@ -122,6 +122,30 @@ dnl end of non-blocking try-compile test
   fi
 ])
 
+dnl Check for struct sockaddr_storage. Most IPv6-enabled hosts have it, but
+dnl AIX 4.3 is one known exception.
+AC_DEFUN([TYPE_SOCKADDR_STORAGE],
+[
+   AC_CHECK_TYPE([struct sockaddr_storage],
+        AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1,
+                  [if struct sockaddr_storage is defined]), ,
+   [
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+   ])
+
+])
+
 dnl Check for socklen_t: historically on BSD it is an int, and in
 dnl POSIX 1g it is a type of its own, but some platforms use different
 dnl types for the argument to getsockopt, getpeername, etc.  So we
@@ -234,7 +258,7 @@ exit (h == NULL ? 1 : 0); }],[
 ])
 
 dnl ************************************************************
-dnl check for working getaddrinfo()
+dnl check for working getaddrinfo() that works with AI_NUMERICHOST
 dnl
 AC_DEFUN([CURL_CHECK_WORKING_GETADDRINFO],[
   AC_CACHE_CHECK(for working getaddrinfo, ac_cv_working_getaddrinfo,[
@@ -249,6 +273,7 @@ int main(void)
     int error;
 
     memset(&hints, 0, sizeof(hints));
+    hints.ai_flags = AI_NUMERICHOST;
     hints.ai_family = AF_UNSPEC;
     hints.ai_socktype = SOCK_STREAM;
     error = getaddrinfo("127.0.0.1", "8080", &hints, &ai);
@@ -322,8 +347,24 @@ dnl program worked:
 [ ac_cv_working_ni_withscopeid="yes" ],
 dnl program failed:
 [ ac_cv_working_ni_withscopeid="no" ],
-dnl we cross-compile:
+dnl we cross-compile, check the headers using the preprocessor
-[ ac_cv_working_ni_withscopeid="yes" ]
+[
+
+ AC_EGREP_CPP(WORKS,
+[
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netdb.h>
+
+#ifdef NI_WITHSCOPEID
+WORKS
+#endif
+],
+  ac_cv_working_ni_withscopeid="yes",
+  ac_cv_working_ni_withscopeid="no" )
+
+ ]
 ) dnl end of AC_RUN_IFELSE
 
 ]) dnl end of AC_CACHE_CHECK
@@ -766,3 +807,72 @@ AC_DEFUN([CURL_CC_DEBUG_OPTS],
 
 ]) dnl end of AC_DEFUN()
 
+
+dnl Determine the name of the library to pass to dlopen() based on the name
+dnl that would normally be given to AC_CHECK_LIB.  The preprocessor symbol
+dnl given is set to the quoted library file name. 
+dnl The standard dynamic library file name is first generated, based on the
+dnl current system type, then a search is performed for that file on the
+dnl standard dynamic library path.  If it is a symbolic link, the destination
+dnl of the link is used as the file name, after stripping off any minor
+dnl version numbers. If a library file can't be found, a guess is made.
+dnl This macro assumes AC_PROG_LIBTOOL has been called and requires perl
+dnl to be available in the PATH, or $PERL to be set to its location.
+dnl
+dnl CURL_DLLIB_NAME(VARIABLE, library_name)
+dnl e.g. CURL_DLLIB_NAME(LDAP_NAME, ldap) on a Linux system might result
+dnl in LDAP_NAME holding the string "libldap.so.2".
+
+AC_DEFUN([CURL_DLLIB_NAME],
+[
+AC_MSG_CHECKING([name of dynamic library $2])
+dnl The shared library extension variable name changes from version to
+dnl version of libtool.  Try a few names then just set one statically.
+test -z "$shared_ext" && shared_ext="$shrext_cmds"
+test -z "$shared_ext" && shared_ext="$shrext"
+test -z "$shared_ext" && shared_ext=".so"
+
+dnl Create the library link name of the correct form for this platform
+LIBNAME_LINK_SPEC=`echo "$library_names_spec" | $SED 's/^.* //'`
+DLGUESSLIB=`name=$2 eval echo "$libname_spec"`
+DLGUESSFILE=`libname="$DLGUESSLIB" release="" major="" versuffix="" eval echo "$LIBNAME_LINK_SPEC"`
+
+dnl Synthesize a likely dynamic library name in case we can't find an actual one
+SO_NAME_SPEC="$soname_spec"
+dnl soname_spec undefined when identical to the 1st entry in library_names_spec
+test -z "$SO_NAME_SPEC" && SO_NAME_SPEC=`echo "$library_names_spec" | $SED 's/ .*$//'`
+DLGUESSSOFILE=`libname="$DLGUESSLIB" release="" major="" versuffix="" eval echo "$SO_NAME_SPEC"`
+
+if test "$cross_compiling" = yes; then
+  dnl Can't look at filesystem when cross-compiling
+  AC_DEFINE_UNQUOTED($1, "$DLGUESSSOFILE", [$2 dynamic library file])
+  AC_MSG_RESULT([$DLGUESSSOFILE (guess while cross-compiling)])
+else
+
+  DLFOUNDFILE=""
+  if test "$sys_lib_dlsearch_path_spec" ; then
+    dnl Search for the link library name and see what it points to.
+    for direc in $sys_lib_dlsearch_path_spec ; do
+      DLTRYFILE="$direc/$DLGUESSFILE"
+      dnl Find where the symbolic link for this name points
+      changequote(<<, >>)dnl
+      <<
+      DLFOUNDFILE=`${PERL:-perl} -e 'use File::Basename; (basename(readlink($ARGV[0])) =~ /^(.*[^\d]\.\d+)[\d\.]*$/ && print ${1}) || exit 1;' "$DLTRYFILE" 2>&5`
+      >>
+      changequote([, ])dnl
+      if test "$?" -eq "0"; then
+        dnl Found the file link
+        break
+      fi
+    done
+  fi
+
+  if test -z "$DLFOUNDFILE" ; then
+    dnl Couldn't find a link library, so guess at a name.
+    DLFOUNDFILE="$DLGUESSSOFILE"
+  fi
+
+  AC_DEFINE_UNQUOTED($1, "$DLFOUNDFILE", [$2 dynamic library file])
+  AC_MSG_RESULT($DLFOUNDFILE)
+fi
+])

ares/AUTHORS

@@ -0,0 +1,13 @@
+c-ares is based on ares, and these are the people that have worked on it since
+the fork was made:
+
+Daniel Stenberg
+Dominick Meglio
+liren at vivisimo.com
+James Bursa
+Duncan Wilcox
+Dirk Manske
+Dan Fandrich
+Gisle Vanem
+Gunter Knauf
+Henrik Stoerner

ares/CHANGES

@@ -1,5 +1,41 @@
   Changelog for the c-ares project
 
+* May 14
+
+- Added an inet_ntop function from BIND for systems that do not have it.
+
+* April 9
+
+- Made sortlist support IPv6 (this can probably use some testing).
+
+- Made sortlist support CIDR matching for IPv4.
+
+* April 8
+
+- Added preliminary IPv6 support to ares_gethostbyname. Currently, sortlist
+  does not work with IPv6. Also provided an implementation of bitncmp from
+  BIND for systems that do not supply this function. This will be used to add
+  IPv6 support to sortlist.
+
+- Made ares_gethostbyaddr support IPv6 by specifying AF_INET6 as the family.
+  The function can lookup IPv6 addresses both from files (/etc/hosts) and
+  DNS lookups.
+
+* April 7
+
+- Tupone Alfredo fixed includes of arpa/nameser_compat.h to build fine on Mac
+  OS X.
+
+* April 5
+
+- Dominick Meglio: Provided implementations of inet_net_pton and inet_pton
+  from BIND for systems that do not include these functions.
+
+* March 11, 2005
+
+- Dominick Meglio added ares_parse_aaaa_reply.c and did various
+  adjustments. The first little steps towards IPv6 support!
+
 * November 7
 
 - Fixed the VC project and makefile to use ares_cancel and ares_version

ares/Makefile.am

@@ -12,7 +12,7 @@ MSVCFILES = vc/adig/adig.dep vc/adig/adig.dsp vc/adig/adig.mak	\
 # adig and ahost are just sample programs and thus not mentioned with the
 # regular sources and headers
 EXTRA_DIST = CHANGES README.cares Makefile.inc adig.c ahost.c $(man_MANS) \
- $(MSVCFILES)
+ $(MSVCFILES) AUTHORS
 
 
 VER=-version-info 0:0:0

ares/Makefile.inc

@@ -3,13 +3,15 @@ ares__close_sockets.c ares_free_string.c ares_search.c ares__get_hostent.c \
 ares_gethostbyaddr.c ares_send.c ares__read_line.c ares_gethostbyname.c	   \
 ares_strerror.c ares_cancel.c ares_init.c ares_timeout.c ares_destroy.c	   \
 ares_mkquery.c ares_version.c ares_expand_name.c ares_parse_a_reply.c	   \
-windows_port.c ares_expand_string.c ares_parse_ptr_reply.c
+windows_port.c ares_expand_string.c ares_parse_ptr_reply.c                 \
+ares_parse_aaaa_reply.c inet_net_pton.c bitncmp.c inet_ntop.c
 
-HHEADERS = ares.h ares_private.h setup.h ares_dns.h ares_version.h nameser.h
+HHEADERS = ares.h ares_private.h setup.h ares_dns.h ares_version.h nameser.h \
+           inet_net_pton.h ares_ipv6.h bitncmp.h
 
 MANPAGES= ares_destroy.3 ares_expand_name.3 ares_expand_string.3 ares_fds.3 \
  ares_free_hostent.3 ares_free_string.3 ares_gethostbyaddr.3		    \
  ares_gethostbyname.3 ares_init.3 ares_init_options.3 ares_mkquery.3	    \
  ares_parse_a_reply.3 ares_parse_ptr_reply.3 ares_process.3		    \
  ares_query.3 ares_search.3 ares_send.3 ares_strerror.3 ares_timeout.3	    \
- ares_version.3 ares_cancel.3
+ ares_version.3 ares_cancel.3 ares_parse_aaaa_reply.3

ares/Makefile.netware

@@ -20,7 +20,7 @@ endif
 TARGETS = adig.nlm ahost.nlm
 LTARGET = libcares.lib
 VERSION	= $(LIBCARES_VERSION)
-COPYR	= Copyright (c) 1996 - 2004, Daniel Stenberg, <daniel@haxx.se>
+COPYR	= Copyright (C) 1996 - 2005, Daniel Stenberg, <daniel@haxx.se>
 DESCR	= cURL $(subst .def,,$(notdir $@)) $(LIBCARES_VERSION_STR) - http://curl.haxx.se
 MTSAFE	= YES
 STACK	= 64000
@@ -126,7 +126,10 @@ DL	= '
 #-include $(NDKBASE)/nlmconv/ncpfs.inc
 endif
 
-OBJS	:= $(patsubst %.c,$(OBJDIR)/%.o,$(wildcard ares_*.c))
+# Makefile.inc provides the CSOURCES and HHEADERS defines
+include Makefile.inc
+
+OBJS	:= $(patsubst %.c,$(OBJDIR)/%.o,$(strip $(CSOURCES)))
 
 .PHONY: lib nlm prebuild dist install clean
 
@@ -256,6 +259,7 @@ config.h: Makefile.netware
 	@echo $(DL)#define VERSION "$(LIBCURL_VERSION_STR)"$(DL) >> $@
 	@echo $(DL)#define PACKAGE_BUGREPORT "curl-bug@haxx.se"$(DL) >> $@
 	@echo $(DL)#define HAVE_ARPA_INET_H 1$(DL) >> $@
+	@echo $(DL)#define HAVE_ARPA_NAMESER_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_ASSERT_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_DLFCN_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_DLOPEN 1$(DL) >> $@
@@ -297,6 +301,11 @@ config.h: Makefile.netware
 	@echo $(DL)#define SIZEOF_CURL_OFF_T 4$(DL) >> $@
 	@echo $(DL)#define STDC_HEADERS 1$(DL) >> $@
 	@echo $(DL)#define TIME_WITH_SYS_TIME 1$(DL) >> $@
+	@echo $(DL)#define HAVE_AF_INET6 1$(DL) >> $@
+	@echo $(DL)#define HAVE_PF_INET6 1$(DL) >> $@
+	@echo $(DL)#define HAVE_STRUCT_IN6_ADDR 1$(DL) >> $@
+	@echo $(DL)#define SIZEOF_STRUCT_IN6_ADDR 16$(DL) >> $@
+	@echo $(DL)#define SIZEOF_STRUCT_IN_ADDR 4$(DL) >> $@
 ifdef NW_WINSOCK
 	@echo $(DL)#define HAVE_CLOSESOCKET 1$(DL) >> $@
 else

ares/acinclude.m4

@@ -99,3 +99,50 @@ AC_DEFUN([CURL_CC_DEBUG_OPTS],
 
 ]) dnl end of AC_DEFUN()
 
+
+dnl This macro determines if the specified struct exists in the specified file
+dnl Syntax:
+dnl CARES_CHECK_STRUCT(headers, struct name, if found, [if not found])
+
+AC_DEFUN([CARES_CHECK_STRUCT], [
+  AC_MSG_CHECKING([for struct $2])
+  AC_TRY_COMPILE([$1], 
+    [
+      struct $2 struct_instance;
+    ], ac_struct="yes", ac_found="no")
+  if test "$ac_struct" = "yes" ; then
+    AC_MSG_RESULT(yes)
+    $3
+  else
+    AC_MSG_RESULT(no)
+    $4
+  fi
+])
+
+dnl This macro determines if the specified constant exists in the specified file
+dnl Syntax:
+dnl CARES_CHECK_CONSTANT(headers, constant name, if found, [if not found])
+
+AC_DEFUN([CARES_CHECK_CONSTANT], [
+  AC_MSG_CHECKING([for $2])
+  AC_EGREP_CPP(VARIABLEWASDEFINED,
+   [
+      $1
+
+      #ifdef $2
+        VARIABLEWASDEFINED
+      #else
+        NJET
+      #endif
+    ], ac_constant="yes", ac_constant="no"
+  )
+  if test "$ac_constant" = "yes" ; then
+    AC_MSG_RESULT(yes)
+    $3
+  else
+    AC_MSG_RESULT(no)
+    $4
+  fi
+])
+
+

ares/ares.h

@@ -137,12 +137,13 @@ int ares_expand_string(const unsigned char *encoded, const unsigned char *abuf,
                      int alen, unsigned char **s, long *enclen);
 int ares_parse_a_reply(const unsigned char *abuf, int alen,
                        struct hostent **host);
+int ares_parse_aaaa_reply(const unsigned char *abuf, int alen,
+                       struct hostent **host);
 int ares_parse_ptr_reply(const unsigned char *abuf, int alen, const void *addr,
                          int addrlen, int family, struct hostent **host);
 void ares_free_string(void *str);
 void ares_free_hostent(struct hostent *host);
 const char *ares_strerror(int code);
-void ares_free_errmem(char *mem);
 
 #ifdef  __cplusplus
 }

ares/ares__get_hostent.c

@@ -30,12 +30,15 @@
 
 #include "ares.h"
 #include "ares_private.h"
+#include "inet_net_pton.h"
 
-int ares__get_hostent(FILE *fp, struct hostent **host)
+int ares__get_hostent(FILE *fp, int family, struct hostent **host)
 {
   char *line = NULL, *p, *q, *canonical, **alias;
   int status, linesize, end_at_hostname, naliases;
   struct in_addr addr;
+  struct in6_addr addr6;
+  int addrlen = sizeof(struct in_addr);
   struct hostent *hostent = NULL;
 
   while ((status = ares__read_line(fp, &line, &linesize)) == ARES_SUCCESS)
@@ -56,6 +59,17 @@ int ares__get_hostent(FILE *fp, struct hostent **host)
       *p = 0;
       addr.s_addr = inet_addr(line);
       if (addr.s_addr == INADDR_NONE)
+       {
+          if (ares_inet_pton(AF_INET6, line, &addr6) > 0)
+            {
+              if (family != AF_INET6)
+                continue;
+              addrlen = sizeof(struct in6_addr);
+            }
+          else
+            continue;
+       }
+      else if (family != AF_INET)
         continue;
 
       /* Get the canonical hostname. */
@@ -100,7 +114,7 @@ int ares__get_hostent(FILE *fp, struct hostent **host)
       hostent->h_addr_list = malloc(2 * sizeof(char *));
       if (!hostent->h_addr_list)
         break;
-      hostent->h_addr_list[0] = malloc(sizeof(struct in_addr));
+      hostent->h_addr_list[0] = malloc(addrlen);
       if (!hostent->h_addr_list[0])
         break;
       hostent->h_aliases = malloc((naliases + 1) * sizeof(char *));
@@ -134,9 +148,12 @@ int ares__get_hostent(FILE *fp, struct hostent **host)
         }
       hostent->h_aliases[naliases] = NULL;
 
-      hostent->h_addrtype = AF_INET;
+      hostent->h_addrtype = family;
-      hostent->h_length = sizeof(struct in_addr);
+      hostent->h_length = addrlen;
-      memcpy(hostent->h_addr_list[0], &addr, sizeof(struct in_addr));
+      if (family == AF_INET)
+        memcpy(hostent->h_addr_list[0], &addr, addrlen);
+      else if (family == AF_INET6)
+        memcpy(hostent->h_addr_list[0], &addr6, addrlen);
       hostent->h_addr_list[1] = NULL;
       *host = hostent;
       free(line);

ares/ares_expand_name.c

@@ -21,6 +21,9 @@
 #else
 #include <netinet/in.h>
 #include <arpa/nameser.h>
+#ifdef HAVE_ARPA_NAMESER_COMPAT_H
+#include <arpa/nameser_compat.h>
+#endif
 #endif
 
 #include <stdlib.h>

ares/ares_gethostbyaddr.c

@@ -12,7 +12,6 @@
  * this software for any purpose.  It is provided "as is"
  * without express or implied warranty.
  */
-
 #include "setup.h"
 #include <sys/types.h>
 
@@ -23,6 +22,9 @@
 #include <netinet/in.h>
 #include <netdb.h>
 #include <arpa/nameser.h>
+#ifdef HAVE_ARPA_NAMESER_COMPAT_H
+#include <arpa/nameser_compat.h>
+#endif
 #endif
 
 #include <stdio.h>
@@ -31,6 +33,7 @@
 
 #include "ares.h"
 #include "ares_private.h"
+#include "inet_net_pton.h"
 
 #ifdef WATT32
 #undef WIN32
@@ -39,7 +42,8 @@
 struct addr_query {
   /* Arguments passed to ares_gethostbyaddr() */
   ares_channel channel;
-  struct in_addr addr;
+  union ares_addr addr;
+  int family;
   ares_host_callback callback;
   void *arg;
 
@@ -51,14 +55,21 @@ static void addr_callback(void *arg, int status, unsigned char *abuf,
                           int alen);
 static void end_aquery(struct addr_query *aquery, int status,
                        struct hostent *host);
-static int file_lookup(struct in_addr *addr, struct hostent **host);
+static int file_lookup(union ares_addr *addr, int family, struct hostent **host);
 
 void ares_gethostbyaddr(ares_channel channel, const void *addr, int addrlen,
                         int family, ares_host_callback callback, void *arg)
 {
   struct addr_query *aquery;
 
-  if (family != AF_INET || addrlen != sizeof(struct in_addr))
+  if (family != AF_INET && family != AF_INET6)
+    {
+      callback(arg, ARES_ENOTIMP, NULL);
+      return;
+    }
+
+  if ((family == AF_INET && addrlen != sizeof(struct in_addr)) || 
+      (family == AF_INET6 && addrlen != sizeof(struct in6_addr)))
     {
       callback(arg, ARES_ENOTIMP, NULL);
       return;
@@ -71,7 +82,11 @@ void ares_gethostbyaddr(ares_channel channel, const void *addr, int addrlen,
       return;
     }
   aquery->channel = channel;
-  memcpy(&aquery->addr, addr, sizeof(aquery->addr));
+  if (family == AF_INET)
+    memcpy(&aquery->addr.addr4, addr, sizeof(struct in_addr));
+  else
+    memcpy(&aquery->addr.addr6, addr, sizeof(struct in6_addr));
+  aquery->family = family;
   aquery->callback = callback;
   aquery->arg = arg;
   aquery->remaining_lookups = channel->lookups;
@@ -82,7 +97,7 @@ void ares_gethostbyaddr(ares_channel channel, const void *addr, int addrlen,
 static void next_lookup(struct addr_query *aquery)
 {
   const char *p;
-  char name[64];
+  char name[128];
   int a1, a2, a3, a4, status;
   struct hostent *host;
   unsigned long addr;
@@ -92,7 +107,9 @@ static void next_lookup(struct addr_query *aquery)
       switch (*p)
         {
         case 'b':
-          addr = ntohl(aquery->addr.s_addr);
+	  if (aquery->family == AF_INET)
+            {
+              addr = ntohl(aquery->addr.addr4.s_addr);
               a1 = (int)((addr >> 24) & 0xff);
               a2 = (int)((addr >> 16) & 0xff);
               a3 = (int)((addr >> 8) & 0xff);
@@ -101,9 +118,27 @@ static void next_lookup(struct addr_query *aquery)
               aquery->remaining_lookups = p + 1;
               ares_query(aquery->channel, name, C_IN, T_PTR, addr_callback,
                          aquery);
+            }
+          else
+            {
+              unsigned char *bytes;
+              bytes = (unsigned char *)&aquery->addr.addr6.s6_addr;
+              sprintf(name, "%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.ip6.arpa",
+                      bytes[15]&0xf, bytes[15] >> 4, bytes[14]&0xf, bytes[14] >> 4,
+                      bytes[13]&0xf, bytes[13] >> 4, bytes[12]&0xf, bytes[12] >> 4,
+                      bytes[11]&0xf, bytes[11] >> 4, bytes[10]&0xf, bytes[10] >> 4,
+                      bytes[9]&0xf, bytes[9] >> 4, bytes[8]&0xf, bytes[8] >> 4,
+                      bytes[7]&0xf, bytes[7] >> 4, bytes[6]&0xf, bytes[6] >> 4,
+                      bytes[5]&0xf, bytes[5] >> 4, bytes[4]&0xf, bytes[4] >> 4,
+                      bytes[3]&0xf, bytes[3] >> 4, bytes[2]&0xf, bytes[2] >> 4,
+                      bytes[1]&0xf, bytes[1] >> 4, bytes[0]&0xf, bytes[0] >> 4);
+              aquery->remaining_lookups = p + 1;
+              ares_query(aquery->channel, name, C_IN, T_PTR, addr_callback,
+                         aquery);
+            }
           return;
         case 'f':
-          status = file_lookup(&aquery->addr, &host);
+          status = file_lookup(&aquery->addr, aquery->family, &host);
           if (status != ARES_ENOTFOUND)
             {
               end_aquery(aquery, status, host);
@@ -122,8 +157,12 @@ static void addr_callback(void *arg, int status, unsigned char *abuf, int alen)
 
   if (status == ARES_SUCCESS)
     {
-      status = ares_parse_ptr_reply(abuf, alen, &aquery->addr,
+      if (aquery->family == AF_INET)
+        status = ares_parse_ptr_reply(abuf, alen, &aquery->addr.addr4,
                                       sizeof(struct in_addr), AF_INET, &host);
+      else
+        status = ares_parse_ptr_reply(abuf, alen, &aquery->addr.addr6,
+                                      sizeof(struct in6_addr), AF_INET6, &host);
       end_aquery(aquery, status, host);
     }
   else if (status == ARES_EDESTRUCTION)
@@ -141,13 +180,12 @@ static void end_aquery(struct addr_query *aquery, int status,
   free(aquery);
 }
 
-static int file_lookup(struct in_addr *addr, struct hostent **host)
+static int file_lookup(union ares_addr *addr, int family, struct hostent **host)
 {
   FILE *fp;
   int status;
 
 #ifdef WIN32
-
   char PATH_HOSTS[MAX_PATH];
   if (IS_NT()) {
     char tmp[MAX_PATH];
@@ -157,7 +195,7 @@ static int file_lookup(struct in_addr *addr, struct hostent **host)
         == ERROR_SUCCESS)
     {
       DWORD dwLength = MAX_PATH;
-                RegQueryValueEx(hkeyHosts, DATABASEPATH, NULL, NULL, tmp,
+      RegQueryValueEx(hkeyHosts, DATABASEPATH, NULL, NULL, (LPBYTE)tmp,
                       &dwLength);
       ExpandEnvironmentStrings(tmp, PATH_HOSTS, MAX_PATH);
       RegCloseKey(hkeyHosts);
@@ -179,11 +217,23 @@ static int file_lookup(struct in_addr *addr, struct hostent **host)
   fp = fopen(PATH_HOSTS, "r");
   if (!fp)
     return ARES_ENOTFOUND;
-
+  while ((status = ares__get_hostent(fp, family, host)) == ARES_SUCCESS)
-  while ((status = ares__get_hostent(fp, host)) == ARES_SUCCESS)
     {
-      if (memcmp((*host)->h_addr, addr, sizeof(struct in_addr)) == 0)
+      if (family != (*host)->h_addrtype)
+        {
+          ares_free_hostent(*host);
+          continue;
+        }
+      if (family == AF_INET)
+        {
+          if (memcmp((*host)->h_addr, &addr->addr4, sizeof(struct in_addr)) == 0)
             break;
+        }
+      else if (family == AF_INET6)
+        {
+          if (memcmp((*host)->h_addr, &addr->addr6, sizeof(struct in6_addr)) == 0)
+            break;
+        }
       ares_free_hostent(*host);
     }
   fclose(fp);

ares/ares_gethostbyname.c

@@ -23,8 +23,13 @@
 #include <netinet/in.h>
 #include <arpa/inet.h>
 #include <netdb.h>
+#ifdef HAVE_ARPA_NAMESER_H
 #include <arpa/nameser.h>
 #endif
+#ifdef HAVE_ARPA_NAMESER_COMPAT_H
+#include <arpa/nameser_compat.h>
+#endif
+#endif
 
 #include <stdio.h>
 #include <stdlib.h>
@@ -33,6 +38,8 @@
 
 #include "ares.h"
 #include "ares_private.h"
+#include "inet_net_pton.h"
+#include "bitncmp.h"
 
 #ifdef WATT32
 #undef WIN32
@@ -44,7 +51,7 @@ struct host_query {
   char *name;
   ares_host_callback callback;
   void *arg;
-
+  int family;
   const char *remaining_lookups;
 };
 
@@ -53,13 +60,17 @@ static void host_callback(void *arg, int status, unsigned char *abuf,
                           int alen);
 static void end_hquery(struct host_query *hquery, int status,
                        struct hostent *host);
-static int fake_hostent(const char *name, ares_host_callback callback,
+static int fake_hostent(const char *name, int family, ares_host_callback callback,
                         void *arg);
-static int file_lookup(const char *name, struct hostent **host);
+static int file_lookup(const char *name, int family, struct hostent **host);
 static void sort_addresses(struct hostent *host, struct apattern *sortlist,
                            int nsort);
+static void sort6_addresses(struct hostent *host, struct apattern *sortlist,
+                           int nsort);
 static int get_address_index(struct in_addr *addr, struct apattern *sortlist,
                              int nsort);
+static int get6_address_index(struct in6_addr *addr, struct apattern *sortlist,
+                             int nsort);
 
 void ares_gethostbyname(ares_channel channel, const char *name, int family,
                         ares_host_callback callback, void *arg)
@@ -67,13 +78,13 @@ void ares_gethostbyname(ares_channel channel, const char *name, int family,
   struct host_query *hquery;
 
   /* Right now we only know how to look up Internet addresses. */
-  if (family != AF_INET)
+  if (family != AF_INET && family != AF_INET6)
     {
       callback(arg, ARES_ENOTIMP, NULL);
       return;
     }
 
-  if (fake_hostent(name, callback, arg))
+  if (fake_hostent(name, family, callback, arg))
     return;
 
   /* Allocate and fill in the host query structure. */
@@ -85,6 +96,7 @@ void ares_gethostbyname(ares_channel channel, const char *name, int family,
     }
   hquery->channel = channel;
   hquery->name = strdup(name);
+  hquery->family = family;
   if (!hquery->name)
     {
       free(hquery);
@@ -112,13 +124,17 @@ static void next_lookup(struct host_query *hquery)
         case 'b':
           /* DNS lookup */
           hquery->remaining_lookups = p + 1;
+	  if (hquery->family == AF_INET6)
+	    ares_search(hquery->channel, hquery->name, C_IN, T_AAAA, host_callback,
+	                hquery);
+	  else
             ares_search(hquery->channel, hquery->name, C_IN, T_A, host_callback,
                         hquery);
           return;
 
         case 'f':
           /* Host file lookup */
-          status = file_lookup(hquery->name, &host);
+          status = file_lookup(hquery->name, hquery->family, &host);
           if (status != ARES_ENOTFOUND)
             {
               end_hquery(hquery, status, host);
@@ -137,12 +153,28 @@ static void host_callback(void *arg, int status, unsigned char *abuf, int alen)
   struct hostent *host;
 
   if (status == ARES_SUCCESS)
+    {
+      if (hquery->family == AF_INET)
         {
           status = ares_parse_a_reply(abuf, alen, &host);
           if (host && channel->nsort)
             sort_addresses(host, channel->sortlist, channel->nsort);
+        }
+      else if (hquery->family == AF_INET6)
+        {
+          status = ares_parse_aaaa_reply(abuf, alen, &host);
+          if (host && channel->nsort)
+            sort6_addresses(host, channel->sortlist, channel->nsort);
+        }
       end_hquery(hquery, status, host);
     }
+  else if (status == ARES_ENODATA && hquery->family == AF_INET6)
+    {
+      /* There was no AAAA now lookup an A */
+      hquery->family = AF_INET;
+      ares_search(hquery->channel, hquery->name, C_IN, T_A, host_callback,
+                  hquery);
+    }      
   else if (status == ARES_EDESTRUCTION)
     end_hquery(hquery, status, NULL);
   else
@@ -162,36 +194,34 @@ static void end_hquery(struct host_query *hquery, int status,
 /* If the name looks like an IP address, fake up a host entry, end the
  * query immediately, and return true.  Otherwise return false.
  */
-static int fake_hostent(const char *name, ares_host_callback callback,
+static int fake_hostent(const char *name, int family, ares_host_callback callback,
                         void *arg)
 {
-  struct in_addr addr;
   struct hostent hostent;
-  const char *p;
   char *aliases[1] = { NULL };
   char *addrs[2];
+  int result = 0;
+  struct in_addr in;
+  struct in6_addr in6;
 
-  /* It only looks like an IP address if it's all numbers and dots. */
+  if (family == AF_INET)
-  for (p = name; *p; p++)
+    result = ((in.s_addr = inet_addr(name)) == INADDR_NONE ? 0 : 1);
-    {
+  else if (family == AF_INET6)
-      if (!isdigit((unsigned char)*p) && *p != '.')
+    result = (ares_inet_pton(AF_INET6, name, &in6) < 1 ? 0 : 1);
-        return 0;
-    }
 
-  /* It also only looks like an IP address if it's non-zero-length and
+  if (!result)
-   * doesn't end with a dot.
-   */
-  if (p == name || *(p - 1) == '.')
     return 0;
 
-  /* It looks like an IP address.  Figure out what IP address it is. */
+  if (family == AF_INET)
-  addr.s_addr = inet_addr(name);
-  if (addr.s_addr == INADDR_NONE)
     {
-      callback(arg, ARES_EBADNAME, NULL);
+      hostent.h_length = sizeof(struct in_addr);
-      return 1;
+      addrs[0] = (char *)&in;
+    }
+  else if (family == AF_INET6)
+    {
+      hostent.h_length = sizeof(struct in6_addr);
+      addrs[0] = (char *)&in6;
     }
-
   /* Duplicate the name, to avoid a constness violation. */
   hostent.h_name = strdup(name);
   if (!hostent.h_name)
@@ -201,11 +231,9 @@ static int fake_hostent(const char *name, ares_host_callback callback,
     }
 
   /* Fill in the rest of the host structure and terminate the query. */
-  addrs[0] = (char *) &addr;
   addrs[1] = NULL;
   hostent.h_aliases = aliases;
-  hostent.h_addrtype = AF_INET;
+  hostent.h_addrtype = family;
-  hostent.h_length = sizeof(struct in_addr);
   hostent.h_addr_list = addrs;
   callback(arg, ARES_SUCCESS, &hostent);
 
@@ -213,7 +241,7 @@ static int fake_hostent(const char *name, ares_host_callback callback,
   return 1;
 }
 
-static int file_lookup(const char *name, struct hostent **host)
+static int file_lookup(const char *name, int family, struct hostent **host)
 {
   FILE *fp;
   char **alias;
@@ -229,7 +257,7 @@ static int file_lookup(const char *name, struct hostent **host)
         == ERROR_SUCCESS)
     {
       DWORD dwLength = MAX_PATH;
-                RegQueryValueEx(hkeyHosts, DATABASEPATH, NULL, NULL, tmp,
+      RegQueryValueEx(hkeyHosts, DATABASEPATH, NULL, NULL, (LPBYTE)tmp,
                       &dwLength);
       ExpandEnvironmentStrings(tmp, PATH_HOSTS, MAX_PATH);
       RegCloseKey(hkeyHosts);
@@ -252,7 +280,7 @@ static int file_lookup(const char *name, struct hostent **host)
   if (!fp)
     return ARES_ENOTFOUND;
 
-  while ((status = ares__get_hostent(fp, host)) == ARES_SUCCESS)
+  while ((status = ares__get_hostent(fp, family, host)) == ARES_SUCCESS)
     {
       if (strcasecmp((*host)->h_name, name) == 0)
         break;
@@ -310,8 +338,66 @@ static int get_address_index(struct in_addr *addr, struct apattern *sortlist,
 
   for (i = 0; i < nsort; i++)
     {
-      if ((addr->s_addr & sortlist[i].mask.s_addr) == sortlist[i].addr.s_addr)
+      if (sortlist[i].family != AF_INET)
+        continue;
+      if (sortlist[i].type == PATTERN_MASK)
+        {
+          if ((addr->s_addr & sortlist[i].mask.addr.addr4.s_addr) 
+              == sortlist[i].addr.addr4.s_addr)
+            break;
+        }
+      else
+        {
+          if (!ares_bitncmp(&addr->s_addr, &sortlist[i].addr.addr4.s_addr, 
+                            sortlist[i].mask.bits))
+            break;
+        }
+    }
+  return i;
+}
+
+static void sort6_addresses(struct hostent *host, struct apattern *sortlist,
+                           int nsort)
+{
+  struct in6_addr a1, a2;
+  int i1, i2, ind1, ind2;
+
+  /* This is a simple insertion sort, not optimized at all.  i1 walks
+   * through the address list, with the loop invariant that everything
+   * to the left of i1 is sorted.  In the loop body, the value at i1 is moved
+   * back through the list (via i2) until it is in sorted order.
+   */
+  for (i1 = 0; host->h_addr_list[i1]; i1++)
+    {
+      memcpy(&a1, host->h_addr_list[i1], sizeof(struct in6_addr));
+      ind1 = get6_address_index(&a1, sortlist, nsort);
+      for (i2 = i1 - 1; i2 >= 0; i2--)
+        {
+          memcpy(&a2, host->h_addr_list[i2], sizeof(struct in6_addr));
+          ind2 = get6_address_index(&a2, sortlist, nsort);
+          if (ind2 <= ind1)
+            break;
+          memcpy(host->h_addr_list[i2 + 1], &a2, sizeof(struct in6_addr));
+        }
+      memcpy(host->h_addr_list[i2 + 1], &a1, sizeof(struct in6_addr));
+    }
+}
+
+/* Find the first entry in sortlist which matches addr.  Return nsort
+ * if none of them match.
+ */
+static int get6_address_index(struct in6_addr *addr, struct apattern *sortlist,
+                             int nsort)
+{
+  int i;
+
+  for (i = 0; i < nsort; i++)
+    {
+      if (sortlist[i].family != AF_INET6)
+        continue;
+        if (!ares_bitncmp(&addr->s6_addr, &sortlist[i].addr.addr6.s6_addr, sortlist[i].mask.bits))
           break;
     }
   return i;
 }
+

ares/ares_init.c

@@ -27,10 +27,17 @@
 #include <sys/time.h>
 #endif
 
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+
 #include <netinet/in.h>
 #include <arpa/inet.h>
 #include <netdb.h>
 #include <arpa/nameser.h>
+#ifdef HAVE_ARPA_NAMESER_COMPAT_H
+#include <arpa/nameser_compat.h>
+#endif
 #ifdef HAVE_UNISTD_H
 #include <unistd.h>
 #endif
@@ -44,6 +51,7 @@
 #include <errno.h>
 #include "ares.h"
 #include "ares_private.h"
+#include "inet_net_pton.h"
 
 #ifdef WATT32
 #undef WIN32  /* Redefined in MingW/MSVC headers */
@@ -54,19 +62,23 @@ static int init_by_options(ares_channel channel, struct ares_options *options,
 static int init_by_environment(ares_channel channel);
 static int init_by_resolv_conf(ares_channel channel);
 static int init_by_defaults(ares_channel channel);
+
+static int config_nameserver(struct server_state **servers, int *nservers,
+                             char *str);
+static int set_search(ares_channel channel, const char *str);
+static int set_options(ares_channel channel, const char *str);
+static const char *try_option(const char *p, const char *q, const char *opt);
+#ifndef WIN32
+static int sortlist_alloc(struct apattern **sortlist, int *nsort, struct apattern *pat);
+static int ip_addr(const char *s, int len, struct in_addr *addr);
+static void natural_mask(struct apattern *pat);
 static int config_domain(ares_channel channel, char *str);
 static int config_lookup(ares_channel channel, const char *str,
                          const char *bindch, const char *filech);
-static int config_nameserver(struct server_state **servers, int *nservers,
-                             char *str);
 static int config_sortlist(struct apattern **sortlist, int *nsort,
                            const char *str);
-static int set_search(ares_channel channel, const char *str);
-static int set_options(ares_channel channel, const char *str);
 static char *try_config(char *s, const char *opt);
-static const char *try_option(const char *p, const char *q, const char *opt);
+#endif
-static int ip_addr(const char *s, int len, struct in_addr *addr);
-static void natural_mask(struct apattern *pat);
 
 int ares_init(ares_channel *channelptr)
 {
@@ -264,7 +276,8 @@ static int get_res_nt(HKEY hKey, const char *subkey, char **obuf)
   if (!*obuf)
     return 0;
 
-  if (RegQueryValueEx(hKey, subkey, 0, NULL, *obuf, &size) != ERROR_SUCCESS)
+  if (RegQueryValueEx(hKey, subkey, 0, NULL,
+                      (LPBYTE)*obuf, &size) != ERROR_SUCCESS)
   {
     free(*obuf);
     return 0;
@@ -709,6 +722,7 @@ static int init_by_defaults(ares_channel channel)
   return ARES_SUCCESS;
 }
 
+#ifndef WIN32
 static int config_domain(ares_channel channel, char *str)
 {
   char *q;
@@ -749,6 +763,8 @@ static int config_lookup(ares_channel channel, const char *str,
   return (channel->lookups) ? ARES_SUCCESS : ARES_ENOMEM;
 }
 
+#endif
+
 static int config_nameserver(struct server_state **servers, int *nservers,
                              char *str)
 {
@@ -810,39 +826,73 @@ static int config_nameserver(struct server_state **servers, int *nservers,
   return ARES_SUCCESS;
 }
 
+#ifndef WIN32
 static int config_sortlist(struct apattern **sortlist, int *nsort,
                            const char *str)
 {
-  struct apattern pat, *newsort;
+  struct apattern pat;
   const char *q;
 
   /* Add sortlist entries. */
   while (*str && *str != ';')
     {
+      int bits;
+      char ipbuf[16], ipbufpfx[32];
+      /* Find just the IP */
       q = str;
       while (*q && *q != '/' && *q != ';' && !isspace((unsigned char)*q))
         q++;
-      if (ip_addr(str, (int)(q - str), &pat.addr) == 0)
+      memcpy(ipbuf, str, (int)(q-str));
-        {
+      ipbuf[(int)(q-str)] = 0;      
-          /* We have a pattern address; now determine the mask. */
+      /* Find the prefix */
       if (*q == '/')
         {
-              str = q + 1;
+          const char *str2 = q+1;
           while (*q && *q != ';' && !isspace((unsigned char)*q))
             q++;
-              if (ip_addr(str, (int)(q - str), &pat.mask) != 0)
+          memcpy(ipbufpfx, str, (int)(q-str));
+          ipbufpfx[(int)(q-str)] = 0;
+          str = str2;
+        }
+      else
+        ipbufpfx[0] = 0;
+      /* Lets see if it is CIDR */
+      /* First we'll try IPv6 */
+      if ((bits = ares_inet_net_pton(AF_INET6, ipbufpfx ? ipbufpfx : ipbuf, &pat.addr.addr6, 
+                                     sizeof(pat.addr.addr6))) > 0)
+        {
+          pat.type = PATTERN_CIDR;
+          pat.mask.bits = bits;
+          pat.family = AF_INET6;
+          if (!sortlist_alloc(sortlist, nsort, &pat))
+            return ARES_ENOMEM;
+        }
+      if (ipbufpfx && 
+          (bits = ares_inet_net_pton(AF_INET, ipbufpfx, &pat.addr.addr4, 
+                                     sizeof(pat.addr.addr4))) > 0)
+        {
+          pat.type = PATTERN_CIDR;
+          pat.mask.bits = bits;
+          pat.family = AF_INET;
+          if (!sortlist_alloc(sortlist, nsort, &pat))
+            return ARES_ENOMEM;
+        }
+      /* See if it is just a regular IP */
+      else if (ip_addr(ipbuf, (int)(q-str), &pat.addr.addr4) == 0)
+        {
+          if (ipbufpfx)
+            {
+              memcpy(ipbuf, str, (int)(q-str));
+              ipbuf[(int)(q-str)] = 0;
+              if (ip_addr(ipbuf, (int)(q - str), &pat.mask.addr.addr4) != 0)
                 natural_mask(&pat);
             }
           else
             natural_mask(&pat);
-
+          pat.family = AF_INET;
-          /* Add this pattern to our list. */
+	  pat.type = PATTERN_MASK;
-          newsort = realloc(*sortlist, (*nsort + 1) * sizeof(struct apattern));
+          if (!sortlist_alloc(sortlist, nsort, &pat))
-          if (!newsort)
             return ARES_ENOMEM;
-          newsort[*nsort] = pat;
-          *sortlist = newsort;
-          (*nsort)++;
         }
       else
         {
@@ -856,6 +906,7 @@ static int config_sortlist(struct apattern **sortlist, int *nsort,
 
   return ARES_SUCCESS;
 }
+#endif
 
 static int set_search(ares_channel channel, const char *str)
 {
@@ -937,6 +988,7 @@ static int set_options(ares_channel channel, const char *str)
   return ARES_SUCCESS;
 }
 
+#ifndef WIN32
 static char *try_config(char *s, const char *opt)
 {
   size_t len;
@@ -950,21 +1002,33 @@ static char *try_config(char *s, const char *opt)
   return s;
 }
 
+#endif
+
 static const char *try_option(const char *p, const char *q, const char *opt)
 {
   size_t len = strlen(opt);
   return ((size_t)(q - p) > len && !strncmp(p, opt, len)) ? &p[len] : NULL;
 }
 
-static int ip_addr(const char *s, int len, struct in_addr *addr)
+#ifndef WIN32
+static int sortlist_alloc(struct apattern **sortlist, int *nsort, struct apattern *pat)
+{
+  struct apattern *newsort;
+  newsort = realloc(*sortlist, (*nsort + 1) * sizeof(struct apattern));
+  if (!newsort)
+    return 0;
+  newsort[*nsort] = *pat;
+  *sortlist = newsort;
+  (*nsort)++;
+  return 1;
+}
+
+static int ip_addr(const char *ipbuf, int len, struct in_addr *addr)
 {
-  char ipbuf[16];
 
   /* Four octets and three periods yields at most 15 characters. */
   if (len > 15)
     return -1;
-  memcpy(ipbuf, s, len);
-  ipbuf[len] = 0;
 
   addr->s_addr = inet_addr(ipbuf);
   if (addr->s_addr == INADDR_NONE && strcmp(ipbuf, "255.255.255.255") != 0)
@@ -979,15 +1043,16 @@ static void natural_mask(struct apattern *pat)
   /* Store a host-byte-order copy of pat in a struct in_addr.  Icky,
    * but portable.
    */
-  addr.s_addr = ntohl(pat->addr.s_addr);
+  addr.s_addr = ntohl(pat->addr.addr4.s_addr);
 
   /* This is out of date in the CIDR world, but some people might
    * still rely on it.
    */
   if (IN_CLASSA(addr.s_addr))
-    pat->mask.s_addr = htonl(IN_CLASSA_NET);
+    pat->mask.addr.addr4.s_addr = htonl(IN_CLASSA_NET);
   else if (IN_CLASSB(addr.s_addr))
-    pat->mask.s_addr = htonl(IN_CLASSB_NET);
+    pat->mask.addr.addr4.s_addr = htonl(IN_CLASSB_NET);
   else
-    pat->mask.s_addr = htonl(IN_CLASSC_NET);
+    pat->mask.addr.addr4.s_addr = htonl(IN_CLASSC_NET);
 }
+#endif

ares/ares_ipv6.h

@@ -0,0 +1,48 @@
+/* $Id$ */
+
+/*
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#ifndef ARES_IPV6_H
+#define ARES_IPV6_H
+
+#ifndef HAVE_PF_INET6
+#define PF_INET6 AF_INET6
+#endif
+
+#ifndef HAVE_STRUCT_IN6_ADDR
+struct in6_addr
+{
+  unsigned char s6_addr[16];
+};
+#endif
+
+#ifndef NS_IN6ADDRSZ
+#if SIZEOF_STRUCT_IN6_ADDR == 0
+/* We cannot have it set to zero, so we pick a fixed value here */
+#define NS_IN6ADDRSZ 16
+#else
+#define NS_IN6ADDRSZ SIZEOF_STRUCT_IN6_ADDR
+#endif
+#endif
+
+#ifndef NS_INADDRSZ
+#define NS_INADDRSZ SIZEOF_STRUCT_IN_ADDR
+#endif
+
+#ifndef NS_INT16SZ
+#define NS_INT16SZ 2
+#endif
+
+#endif /* ARES_IPV6_H */

ares/ares_mkquery.c

@@ -21,6 +21,9 @@
 #else
 #include <netinet/in.h>
 #include <arpa/nameser.h>
+#ifdef HAVE_ARPA_NAMESER_COMPAT_H
+#include <arpa/nameser_compat.h>
+#endif
 #endif
 
 #include <stdlib.h>

ares/ares_parse_a_reply.c

@@ -24,6 +24,9 @@
 #include <arpa/inet.h>
 #include <netdb.h>
 #include <arpa/nameser.h>
+#ifdef HAVE_ARPA_NAMESER_COMPAT_H
+#include <arpa/nameser_compat.h>
+#endif
 #endif
 
 #include <stdlib.h>

ares/ares_parse_aaaa_reply.3

@@ -0,0 +1,64 @@
+.\" $Id$
+.\"
+.\" Copyright 2005 by Dominick Meglio.
+.\"
+.\" Permission to use, copy, modify, and distribute this
+.\" software and its documentation for any purpose and without
+.\" fee is hereby granted, provided that the above copyright
+.\" notice appear in all copies and that both that copyright
+.\" notice and this permission notice appear in supporting
+.\" documentation, and that the name of M.I.T. not be used in
+.\" advertising or publicity pertaining to distribution of the
+.\" software without specific, written prior permission.
+.\" M.I.T. makes no representations about the suitability of
+.\" this software for any purpose.  It is provided "as is"
+.\" without express or implied warranty.
+.\"
+.TH ARES_PARSE_AAAA_REPLY 3 "10 March 2005"
+.SH NAME
+ares_parse_aaaa_reply \- Parse a reply to a DNS query of type AAAA into a hostent
+.SH SYNOPSIS
+.nf
+.B #include <ares.h>
+.PP
+.B int ares_parse_aaaa_reply(const unsigned char *\fIabuf\fP, int \fIalen\fP,
+.B 	struct hostent **\fIhost\fP);
+.fi
+.SH DESCRIPTION
+The
+.B ares_parse_aaaa_reply
+function parses the response to a query of type AAAA into a
+.BR "struct hostent" .
+The parameters
+.I abuf
+and
+.I alen
+give the contents of the response.  The result is stored in allocated
+memory and a pointer to it stored into the variable pointed to by
+.IR host .
+It is the caller's responsibility to free the resulting host structure
+using
+.BR ares_free_hostent (3)
+when it is no longer needed.
+.SH RETURN VALUES
+.B ares_parse_aaaa_reply
+can return any of the following values:
+.TP 15
+.B ARES_SUCCESS
+The response was successfully parsed.
+.TP 15
+.B ARES_EBADRESP
+The response was malformatted.
+.TP 15
+.B ARES_ENODATA
+The response did not contain an answer to the query.
+.TP 15
+.B ARES_ENOMEM
+Memory was exhausted.
+.SH SEE ALSO
+.BR ares_gethostbyname (3),
+.BR ares_free_hostent (3)
+.SH AUTHOR
+Dominick Meglio
+.br
+Copyright 2005 by Dominick Meglio.

ares/ares_parse_aaaa_reply.c

@@ -0,0 +1,179 @@
+/* Copyright 2005 Dominick Meglio
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#include "setup.h"
+#include <sys/types.h>
+
+#if defined(WIN32) && !defined(WATT32)
+#include "nameser.h"
+#else
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <netdb.h>
+#ifdef HAVE_ARPA_NAMESER_H
+#include <arpa/nameser.h>
+#endif
+#ifdef HAVE_ARPA_NAMESER_COMPAT_H
+#include <arpa/nameser_compat.h>
+#endif
+#endif
+
+#include <stdlib.h>
+#include <string.h>
+#include "ares.h"
+#include "ares_dns.h"
+#include "inet_net_pton.h"
+#include "ares_private.h"
+
+int ares_parse_aaaa_reply(const unsigned char *abuf, int alen,
+                       struct hostent **host)
+{
+  unsigned int qdcount, ancount;
+  int status, i, rr_type, rr_class, rr_len, naddrs;
+  int naliases;
+  long len;
+  const unsigned char *aptr;
+  char *hostname, *rr_name, *rr_data, **aliases;
+  struct in6_addr *addrs;
+  struct hostent *hostent;
+
+  /* Set *host to NULL for all failure cases. */
+  *host = NULL;
+
+  /* Give up if abuf doesn't have room for a header. */
+  if (alen < HFIXEDSZ)
+    return ARES_EBADRESP;
+
+  /* Fetch the question and answer count from the header. */
+  qdcount = DNS_HEADER_QDCOUNT(abuf);
+  ancount = DNS_HEADER_ANCOUNT(abuf);
+  if (qdcount != 1)
+    return ARES_EBADRESP;
+
+  /* Expand the name from the question, and skip past the question. */
+  aptr = abuf + HFIXEDSZ;
+  status = ares_expand_name(aptr, abuf, alen, &hostname, &len);
+  if (status != ARES_SUCCESS)
+    return status;
+  if (aptr + len + QFIXEDSZ > abuf + alen)
+    {
+      free(hostname);
+      return ARES_EBADRESP;
+    }
+  aptr += len + QFIXEDSZ;
+
+  /* Allocate addresses and aliases; ancount gives an upper bound for both. */
+  addrs = malloc(ancount * sizeof(struct in6_addr));
+  if (!addrs)
+    {
+      free(hostname);
+      return ARES_ENOMEM;
+    }
+  aliases = malloc((ancount + 1) * sizeof(char *));
+  if (!aliases)
+    {
+      free(hostname);
+      free(addrs);
+      return ARES_ENOMEM;
+    }
+  naddrs = 0;
+  naliases = 0;
+
+  /* Examine each answer resource record (RR) in turn. */
+  for (i = 0; i < (int)ancount; i++)
+    {
+      /* Decode the RR up to the data field. */
+      status = ares_expand_name(aptr, abuf, alen, &rr_name, &len);
+      if (status != ARES_SUCCESS)
+        break;
+      aptr += len;
+      if (aptr + RRFIXEDSZ > abuf + alen)
+        {
+          status = ARES_EBADRESP;
+          break;
+        }
+      rr_type = DNS_RR_TYPE(aptr);
+      rr_class = DNS_RR_CLASS(aptr);
+      rr_len = DNS_RR_LEN(aptr);
+      aptr += RRFIXEDSZ;
+
+      if (rr_class == C_IN && rr_type == T_AAAA
+          && rr_len == sizeof(struct in6_addr)
+          && strcasecmp(rr_name, hostname) == 0)
+        {
+          memcpy(&addrs[naddrs], aptr, sizeof(struct in6_addr));
+          naddrs++;
+          status = ARES_SUCCESS;
+        }
+
+      if (rr_class == C_IN && rr_type == T_CNAME)
+        {
+          /* Record the RR name as an alias. */
+          aliases[naliases] = rr_name;
+          naliases++;
+
+          /* Decode the RR data and replace the hostname with it. */
+          status = ares_expand_name(aptr, abuf, alen, &rr_data, &len);
+          if (status != ARES_SUCCESS)
+            break;
+          free(hostname);
+          hostname = rr_data;
+        }
+      else
+        free(rr_name);
+
+      aptr += rr_len;
+      if (aptr > abuf + alen)
+        {
+          status = ARES_EBADRESP;
+          break;
+        }
+    }
+
+  if (status == ARES_SUCCESS && naddrs == 0)
+    status = ARES_ENODATA;
+  if (status == ARES_SUCCESS)
+    {
+      /* We got our answer.  Allocate memory to build the host entry. */
+      aliases[naliases] = NULL;
+      hostent = malloc(sizeof(struct hostent));
+      if (hostent)
+        {
+          hostent->h_addr_list = malloc((naddrs + 1) * sizeof(char *));
+          if (hostent->h_addr_list)
+            {
+              /* Fill in the hostent and return successfully. */
+              hostent->h_name = hostname;
+              hostent->h_aliases = aliases;
+              hostent->h_addrtype = AF_INET6;
+              hostent->h_length = sizeof(struct in6_addr);
+              for (i = 0; i < naddrs; i++)
+                hostent->h_addr_list[i] = (char *) &addrs[i];
+              hostent->h_addr_list[naddrs] = NULL;
+              *host = hostent;
+              return ARES_SUCCESS;
+            }
+          free(hostent);
+        }
+      status = ARES_ENOMEM;
+    }
+  for (i = 0; i < naliases; i++)
+    free(aliases[i]);
+  free(aliases);
+  free(addrs);
+  free(hostname);
+  return status;
+}

ares/ares_parse_ptr_reply.c

@@ -23,6 +23,9 @@
 #include <netinet/in.h>
 #include <netdb.h>
 #include <arpa/nameser.h>
+#ifdef HAVE_ARPA_NAMESER_COMPAT_H
+#include <arpa/nameser_compat.h>
+#endif
 #endif
 
 #include <stdlib.h>

ares/ares_private.h

@@ -69,6 +69,8 @@
 
 #endif
 
+#include "ares_ipv6.h"
+
 struct send_request {
   /* Remaining data to send */
   const unsigned char *data;
@@ -124,9 +126,23 @@ struct query {
 };
 
 /* An IP address pattern; matches an IP address X if X & mask == addr */
+#define PATTERN_MASK 0x1
+#define PATTERN_CIDR 0x2
+
+union ares_addr {
+  struct in_addr addr4;
+  struct in6_addr addr6;
+};
+
 struct apattern {
-  struct in_addr addr;
+  union ares_addr addr;
-  struct in_addr mask;
+  union
+  {
+    union ares_addr addr;
+    unsigned short bits;
+  } mask;
+  int family;
+  unsigned short type;
 };
 
 struct ares_channeldata {
@@ -156,7 +172,7 @@ struct ares_channeldata {
 
 void ares__send_query(ares_channel channel, struct query *query, time_t now);
 void ares__close_sockets(struct server_state *server);
-int ares__get_hostent(FILE *fp, struct hostent **host);
+int ares__get_hostent(FILE *fp, int family, struct hostent **host);
 int ares__read_line(FILE *fp, char **buf, int *bufsize);
 
 #ifdef CURLDEBUG
@@ -164,9 +180,5 @@ int ares__read_line(FILE *fp, char **buf, int *bufsize);
    libcurl lowlevel code from within library is ugly and only works when
    c-ares is built and linked with a similarly debug-build libcurl, but we do
    this anyway for convenience. */
-#ifndef CURL_EXTERN
-/* ugly hack to make this compile */
-#define CURL_EXTERN
-#endif
 #include "../lib/memdebug.h"
 #endif

ares/ares_process.c

@@ -27,6 +27,9 @@
 #include <netinet/in.h>
 #include <netdb.h>
 #include <arpa/nameser.h>
+#ifdef HAVE_ARPA_NAMESER_COMPAT_H
+#include <arpa/nameser_compat.h>
+#endif
 #ifdef HAVE_UNISTD_H
 #include <unistd.h>
 #endif
@@ -465,8 +468,12 @@ void ares__send_query(ares_channel channel, struct query *query, time_t now)
 
 static int open_tcp_socket(ares_channel channel, struct server_state *server)
 {
-  ares_socket_t s;
+#if defined(WIN32)
+  u_long flags;
+#else
   int flags;
+#endif
+  ares_socket_t s;
   struct sockaddr_in sockin;
 
   /* Acquire a socket. */

ares/ares_query.c

@@ -21,6 +21,9 @@
 #else
 #include <netinet/in.h>
 #include <arpa/nameser.h>
+#ifdef HAVE_ARPA_NAMESER_COMPAT_H
+#include <arpa/nameser_compat.h>
+#endif
 #endif
 
 #include <stdlib.h>

ares/ares_send.c

@@ -21,6 +21,9 @@
 #else
 #include <netinet/in.h>
 #include <arpa/nameser.h>
+#ifdef HAVE_ARPA_NAMESER_COMPAT_H
+#include <arpa/nameser_compat.h>
+#endif
 #endif
 
 #include <stdlib.h>

ares/ares_version.h

@@ -4,12 +4,12 @@
 #define ARES__VERSION_H
 
 #define ARES_VERSION_MAJOR 1
-#define ARES_VERSION_MINOR 2
+#define ARES_VERSION_MINOR 3
 #define ARES_VERSION_PATCH 0
 #define ARES_VERSION ((ARES_VERSION_MAJOR<<16)|\
                        (ARES_VERSION_MINOR<<8)|\
                        (ARES_VERSION_PATCH))
-#define ARES_VERSION_STR "1.2.0"
+#define ARES_VERSION_STR "1.3.0"
 
 const char *ares_version(int *version);
 

ares/bitncmp.c

@@ -0,0 +1,60 @@
+/*
+ * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (c) 1996,1999 by Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
+ * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef HAVE_BITNCMP
+
+#include <sys/types.h>
+#include <string.h>
+#include <stdlib.h>
+#include "bitncmp.h"
+
+/*
+ * int
+ * bitncmp(l, r, n)
+ *	compare bit masks l and r, for n bits.
+ * return:
+ *	-1, 1, or 0 in the libc tradition.
+ * note:
+ *	network byte order assumed.  this means 192.5.5.240/28 has
+ *	0x11110000 in its fourth octet.
+ * author:
+ *	Paul Vixie (ISC), June 1996
+ */
+int
+ares_bitncmp(const void *l, const void *r, int n) {
+	unsigned int lb, rb;
+	int x, b;
+
+	b = n / 8;
+	x = memcmp(l, r, b);
+	if (x)
+		return (x);
+
+	lb = ((const unsigned char *)l)[b];
+	rb = ((const unsigned char *)r)[b];
+	for (b = n % 8; b > 0; b--) {
+		if ((lb & 0x80) != (rb & 0x80)) {
+			if (lb & 0x80)
+				return (1);
+			return (-1);
+		}
+		lb <<= 1;
+		rb <<= 1;
+	}
+	return (0);
+}
+#endif

ares/bitncmp.h

@@ -0,0 +1,26 @@
+/* $Id$ */
+
+/*
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#ifndef BITNCMP_H
+#define BITNCMP_H
+
+#ifndef HAVE_BITNCMP
+int ares_bitncmp(const void *l, const void *r, int n);
+#else
+#define ares_bitncmp(x,y,z) bitncmp(x,y,z)
+#endif
+
+#endif /* BITNCMP_H */

ares/buildconf

@@ -1,7 +1,7 @@
 #!/bin/sh
 
-libtoolize --copy --automake --force
+${LIBTOOLIZE:-libtoolize} --copy --automake --force
-aclocal
+${ACLOCAL:-aclocal}
-autoheader
+${AUTOHEADER:-autoheader}
-autoconf
+${AUTOCONF:-autoconf}
-automake --add-missing
+${AUTOMAKE:-automake} --add-missing

ares/configure.ac

@@ -41,6 +41,10 @@ AC_HELP_STRING([--disable-debug],[Disable debug options]),
     dnl Checks for standard header files, to make memdebug.h inclusions bettter
     AC_HEADER_STDC
 
+    dnl the entire --enable-debug is a hack that lives and runs on top of
+    dnl libcurl stuff so this BUILDING_LIBCURL is not THAT much uglier
+    AC_DEFINE(BUILDING_LIBCURL, 1, [when building as static part of libcurl])
+
     CPPFLAGS="$CPPFLAGS -DCURLDEBUG -I$srcdir/../include"
     CFLAGS="$CFLAGS -g" 
 
@@ -61,6 +65,210 @@ AC_CHECK_HEADERS(
        sys/time.h \
        sys/select.h \
        sys/socket.h \
+       winsock.h \
+       netinet/in.h \
+       arpa/nameser.h \
+       arpa/nameser_compat.h \
+       arpa/inet.h, , ,
+[
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+dnl We do this default-include simply to make sure that the nameser_compat.h
+dnl header *REALLY* can be include after the new nameser.h. It seems AIX 5.1
+dnl (and others?) is not designed to allow this.
+#ifdef HAVE_ARPA_NAMESER_H
+#include <arpa/nameser.h>
+#endif
+]
   )
 
+dnl check for AF_INET6
+CARES_CHECK_CONSTANT(
+  [
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_WINSOCK_H
+#include <winsock.h>
+#endif
+
+  ], [PF_INET6], 
+     AC_DEFINE_UNQUOTED(HAVE_PF_INET6,1,[Define to 1 if you have PF_INET6.])
+)
+
+dnl check for PF_INET6
+CARES_CHECK_CONSTANT(
+  [
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_WINSOCK_H
+#include <winsock.h>
+#endif
+
+  ], [AF_INET6], 
+     AC_DEFINE_UNQUOTED(HAVE_AF_INET6,1,[Define to 1 if you have AF_INET6.])
+)
+
+
+dnl check for the in6_addr structure
+CARES_CHECK_STRUCT(
+  [
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_WINSOCK_H
+#include <winsock.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+  ], [in6_addr], 
+     AC_DEFINE_UNQUOTED(HAVE_STRUCT_IN6_ADDR,1,[Define to 1 if you have struct in6_addr.])
+)
+
+dnl check for inet_pton
+AC_CHECK_FUNCS(inet_pton)
+dnl Some systems have it, but not IPv6
+if test "$ac_cv_func_inet_pton" = "yes" ; then
+AC_MSG_CHECKING(if inet_pton supports IPv6)
+AC_TRY_RUN(
+  [
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_WINSOCK_H
+#include <winsock.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+int main()
+  {
+    struct in6_addr addr6;
+    if (inet_pton(AF_INET6, "::1", &addr6) < 1)
+      exit(1);
+    else
+      exit(0);
+  }
+  ], [
+       AC_MSG_RESULT(yes)
+       AC_DEFINE_UNQUOTED(HAVE_INET_PTON_IPV6,1,[Define to 1 if inet_pton supports IPv6.])
+     ], AC_MSG_RESULT(no),AC_MSG_RESULT(no))
+fi
+dnl Check for inet_net_pton
+AC_CHECK_FUNCS(inet_net_pton)
+dnl Again, some systems have it, but not IPv6
+if test "$ac_cv_func_inet_net_pton" = "yes" ; then
+AC_MSG_CHECKING(if inet_net_pton supports IPv6)
+AC_TRY_RUN(
+  [
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_WINSOCK_H
+#include <winsock.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+int main()
+  {
+    struct in6_addr addr6;
+    if (inet_net_pton(AF_INET6, "::1", &addr6, sizeof(addr6)) < 1)
+      exit(1);
+    else
+      exit(0);
+  }
+  ], [
+       AC_MSG_RESULT(yes)
+       AC_DEFINE_UNQUOTED(HAVE_INET_NET_PTON_IPV6,1,[Define to 1 if inet_net_pton supports IPv6.])
+     ], AC_MSG_RESULT(no),AC_MSG_RESULT(no))
+fi
+
+
+dnl Check for inet_ntop
+AC_CHECK_FUNCS(inet_ntop)
+dnl Again, some systems have it, but not IPv6
+if test "$ac_cv_func_inet_ntop" = "yes" ; then
+AC_MSG_CHECKING(if inet_ntop supports IPv6)
+AC_TRY_RUN(
+  [
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_WINSOCK_H
+#include <winsock.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#include <errno.h>
+int main()
+  {
+    struct in6_addr addr6;
+    char buf[128];
+    if (inet_ntop(AF_INET6, &addr6, buf, 128) == 0 && errno == EAFNOSUPPORT)
+      exit(1);
+    else
+      exit(0);
+  }
+  ], [
+       AC_MSG_RESULT(yes)
+       AC_DEFINE_UNQUOTED(HAVE_INET_NTOP_IPV6,1,[Define to 1 if inet_ntop supports IPv6.])
+     ], AC_MSG_RESULT(no),AC_MSG_RESULT(no))
+fi
+
+AC_CHECK_SIZEOF(struct in6_addr, ,
+[
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_WINSOCK_H
+#include <winsock.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+]
+)
+AC_CHECK_SIZEOF(struct in_addr, ,
+[
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_WINSOCK_H
+#include <winsock.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+]
+)
+
+AC_CHECK_FUNCS(bitncmp)
+
+
 AC_OUTPUT(Makefile)

ares/inet_net_pton.c

@@ -0,0 +1,439 @@
+/*
+ * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (c) 1996,1999 by Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
+ * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "setup.h"
+
+
+#include <sys/types.h>
+
+#if defined(WIN32) && !defined(WATT32)
+#include "nameser.h"
+#else
+
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_NAMESER_H
+#include <arpa/nameser.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+
+#endif
+
+#include <ctype.h>
+#include <errno.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include "ares_ipv6.h"
+#include "inet_net_pton.h"
+
+#if !defined(HAVE_INET_NET_PTON) || !defined(HAVE_INET_NET_PTON_IPV6) || \
+    !defined(HAVE_INET_PTON) || !defined(HAVE_INET_PTON_IPV6)
+
+/*
+ * static int
+ * inet_net_pton_ipv4(src, dst, size)
+ *      convert IPv4 network number from presentation to network format.
+ *      accepts hex octets, hex strings, decimal octets, and /CIDR.
+ *      "size" is in bytes and describes "dst".
+ * return:
+ *      number of bits, either imputed classfully or specified with /CIDR,
+ *      or -1 if some failure occurred (check errno).  ENOENT means it was
+ *      not an IPv4 network specification.
+ * note:
+ *      network byte order assumed.  this means 192.5.5.240/28 has
+ *      0b11110000 in its fourth octet.
+ * author:
+ *      Paul Vixie (ISC), June 1996
+ */
+static int
+inet_net_pton_ipv4(const char *src, unsigned char *dst, size_t size)
+{
+  static const char xdigits[] = "0123456789abcdef";
+  static const char digits[] = "0123456789";
+  int n, ch, tmp = 0, dirty, bits;
+  const unsigned char *odst = dst;
+
+  ch = *src++;
+  if (ch == '0' && (src[0] == 'x' || src[0] == 'X')
+      && isascii((unsigned char)(src[1]))
+      && isxdigit((unsigned char)(src[1]))) {
+    /* Hexadecimal: Eat nybble string. */
+    if (size <= 0U)
+      goto emsgsize;
+    dirty = 0;
+    src++;  /* skip x or X. */
+    while ((ch = *src++) != '\0' && isascii(ch) && isxdigit(ch)) {
+      if (isupper(ch))
+        ch = tolower(ch);
+      n = (int)(strchr(xdigits, ch) - xdigits);
+      if (dirty == 0)
+        tmp = n;
+      else
+        tmp = (tmp << 4) | n;
+      if (++dirty == 2) {
+        if (size-- <= 0U)
+          goto emsgsize;
+        *dst++ = (unsigned char) tmp;
+        dirty = 0;
+      }
+    }
+    if (dirty) {  /* Odd trailing nybble? */
+      if (size-- <= 0U)
+        goto emsgsize;
+      *dst++ = (unsigned char) (tmp << 4);
+    }
+  } else if (isascii(ch) && isdigit(ch)) {
+    /* Decimal: eat dotted digit string. */
+    for (;;) {
+      tmp = 0;
+      do {
+        n = (int)(strchr(digits, ch) - digits);
+        tmp *= 10;
+        tmp += n;
+        if (tmp > 255)
+          goto enoent;
+      } while ((ch = *src++) != '\0' &&
+               isascii(ch) && isdigit(ch));
+      if (size-- <= 0U)
+        goto emsgsize;
+      *dst++ = (unsigned char) tmp;
+      if (ch == '\0' || ch == '/')
+        break;
+      if (ch != '.')
+        goto enoent;
+      ch = *src++;
+      if (!isascii(ch) || !isdigit(ch))
+        goto enoent;
+    }
+  } else
+    goto enoent;
+
+  bits = -1;
+  if (ch == '/' && isascii((unsigned char)(src[0])) &&
+      isdigit((unsigned char)(src[0])) && dst > odst) {
+    /* CIDR width specifier.  Nothing can follow it. */
+    ch = *src++;    /* Skip over the /. */
+    bits = 0;
+    do {
+      n = (int)(strchr(digits, ch) - digits);
+      bits *= 10;
+      bits += n;
+    } while ((ch = *src++) != '\0' && isascii(ch) && isdigit(ch));
+    if (ch != '\0')
+      goto enoent;
+    if (bits > 32)
+      goto emsgsize;
+  }
+
+  /* Firey death and destruction unless we prefetched EOS. */
+  if (ch != '\0')
+    goto enoent;
+
+  /* If nothing was written to the destination, we found no address. */
+  if (dst == odst)
+    goto enoent;
+  /* If no CIDR spec was given, infer width from net class. */
+  if (bits == -1) {
+    if (*odst >= 240)       /* Class E */
+      bits = 32;
+    else if (*odst >= 224)  /* Class D */
+      bits = 8;
+    else if (*odst >= 192)  /* Class C */
+      bits = 24;
+    else if (*odst >= 128)  /* Class B */
+      bits = 16;
+    else                    /* Class A */
+      bits = 8;
+    /* If imputed mask is narrower than specified octets, widen. */
+    if (bits < ((dst - odst) * 8))
+      bits = (int)(dst - odst) * 8;
+    /*
+     * If there are no additional bits specified for a class D
+     * address adjust bits to 4.
+     */
+    if (bits == 8 && *odst == 224)
+      bits = 4;
+  }
+  /* Extend network to cover the actual mask. */
+  while (bits > ((dst - odst) * 8)) {
+    if (size-- <= 0U)
+      goto emsgsize;
+    *dst++ = '\0';
+  }
+  return (bits);
+
+  enoent:
+  errno = ENOENT;
+  return (-1);
+
+  emsgsize:
+  errno = EMSGSIZE;
+  return (-1);
+}
+
+static int
+getbits(const char *src, int *bitsp)
+{
+  static const char digits[] = "0123456789";
+  int n;
+  int val;
+  char ch;
+
+  val = 0;
+  n = 0;
+  while ((ch = *src++) != '\0') {
+    const char *pch;
+
+    pch = strchr(digits, ch);
+    if (pch != NULL) {
+      if (n++ != 0 && val == 0)       /* no leading zeros */
+        return (0);
+      val *= 10;
+      val += (pch - digits);
+      if (val > 128)                  /* range */
+        return (0);
+      continue;
+    }
+    return (0);
+  }
+  if (n == 0)
+    return (0);
+  *bitsp = val;
+  return (1);
+}
+
+static int
+getv4(const char *src, unsigned char *dst, int *bitsp)
+{
+  static const char digits[] = "0123456789";
+  unsigned char *odst = dst;
+  int n;
+  unsigned int val;
+  char ch;
+
+  val = 0;
+  n = 0;
+  while ((ch = *src++) != '\0') {
+    const char *pch;
+
+    pch = strchr(digits, ch);
+    if (pch != NULL) {
+      if (n++ != 0 && val == 0)       /* no leading zeros */
+        return (0);
+      val *= 10;
+      val += (pch - digits);
+      if (val > 255)                  /* range */
+        return (0);
+      continue;
+    }
+    if (ch == '.' || ch == '/') {
+      if (dst - odst > 3)             /* too many octets? */
+        return (0);
+      *dst++ = val;
+      if (ch == '/')
+        return (getbits(src, bitsp));
+      val = 0;
+      n = 0;
+      continue;
+    }
+    return (0);
+  }
+  if (n == 0)
+    return (0);
+  if (dst - odst > 3)             /* too many octets? */
+    return (0);
+  *dst++ = val;
+  return (1);
+}
+
+static int
+inet_net_pton_ipv6(const char *src, unsigned char *dst, size_t size)
+{
+  static const char xdigits_l[] = "0123456789abcdef",
+    xdigits_u[] = "0123456789ABCDEF";
+  unsigned char tmp[NS_IN6ADDRSZ], *tp, *endp, *colonp;
+  const char *xdigits, *curtok;
+  int ch, saw_xdigit;
+  unsigned int val;
+  int digits;
+  int bits;
+  size_t bytes;
+  int words;
+  int ipv4;
+
+  memset((tp = tmp), '\0', NS_IN6ADDRSZ);
+  endp = tp + NS_IN6ADDRSZ;
+  colonp = NULL;
+  /* Leading :: requires some special handling. */
+  if (*src == ':')
+    if (*++src != ':')
+      goto enoent;
+  curtok = src;
+  saw_xdigit = 0;
+  val = 0;
+  digits = 0;
+  bits = -1;
+  ipv4 = 0;
+  while ((ch = *src++) != '\0') {
+    const char *pch;
+
+    if ((pch = strchr((xdigits = xdigits_l), ch)) == NULL)
+      pch = strchr((xdigits = xdigits_u), ch);
+    if (pch != NULL) {
+      val <<= 4;
+      val |= (pch - xdigits);
+      if (++digits > 4)
+        goto enoent;
+      saw_xdigit = 1;
+      continue;
+    }
+    if (ch == ':') {
+      curtok = src;
+      if (!saw_xdigit) {
+        if (colonp)
+          goto enoent;
+        colonp = tp;
+        continue;
+      } else if (*src == '\0')
+        goto enoent;
+      if (tp + NS_INT16SZ > endp)
+        return (0);
+      *tp++ = (unsigned char) (val >> 8) & 0xff;
+      *tp++ = (unsigned char) val & 0xff;
+      saw_xdigit = 0;
+      digits = 0;
+      val = 0;
+      continue;
+    }
+    if (ch == '.' && ((tp + NS_INADDRSZ) <= endp) &&
+        getv4(curtok, tp, &bits) > 0) {
+      tp += NS_INADDRSZ;
+      saw_xdigit = 0;
+      ipv4 = 1;
+      break;  /* '\0' was seen by inet_pton4(). */
+    }
+    if (ch == '/' && getbits(src, &bits) > 0)
+      break;
+    goto enoent;
+  }
+  if (saw_xdigit) {
+    if (tp + NS_INT16SZ > endp)
+      goto enoent;
+    *tp++ = (unsigned char) (val >> 8) & 0xff;
+    *tp++ = (unsigned char) val & 0xff;
+  }
+  if (bits == -1)
+    bits = 128;
+
+  words = (bits + 15) / 16;
+  if (words < 2)
+    words = 2;
+  if (ipv4)
+    words = 8;
+  endp =  tmp + 2 * words;
+
+  if (colonp != NULL) {
+    /*
+     * Since some memmove()'s erroneously fail to handle
+     * overlapping regions, we'll do the shift by hand.
+     */
+    const int n = (int)(tp - colonp);
+    int i;
+
+    if (tp == endp)
+      goto enoent;
+    for (i = 1; i <= n; i++) {
+      endp[- i] = colonp[n - i];
+      colonp[n - i] = 0;
+    }
+    tp = endp;
+  }
+  if (tp != endp)
+    goto enoent;
+
+  bytes = (bits + 7) / 8;
+  if (bytes > size)
+    goto emsgsize;
+  memcpy(dst, tmp, bytes);
+  return (bits);
+
+  enoent:
+  errno = ENOENT;
+  return (-1);
+
+  emsgsize:
+  errno = EMSGSIZE;
+  return (-1);
+}
+
+/*
+ * int
+ * inet_net_pton(af, src, dst, size)
+ *      convert network number from presentation to network format.
+ *      accepts hex octets, hex strings, decimal octets, and /CIDR.
+ *      "size" is in bytes and describes "dst".
+ * return:
+ *      number of bits, either imputed classfully or specified with /CIDR,
+ *      or -1 if some failure occurred (check errno).  ENOENT means it was
+ *      not a valid network specification.
+ * author:
+ *      Paul Vixie (ISC), June 1996
+ */
+int
+ares_inet_net_pton(int af, const char *src, void *dst, size_t size)
+{
+  switch (af) {
+  case AF_INET:
+    return (inet_net_pton_ipv4(src, dst, size));
+  case AF_INET6:
+    return (inet_net_pton_ipv6(src, dst, size));
+  default:
+    errno = EAFNOSUPPORT;
+    return (-1);
+  }
+}
+
+#endif
+
+#if !defined(HAVE_INET_PTON) || !defined(HAVE_INET_PTON_IPV6)
+int ares_inet_pton(int af, const char *src, void *dst)
+{
+  int size, result;
+
+  if (af == AF_INET)
+    size = sizeof(struct in_addr);
+  else if (af == AF_INET6)
+    size = sizeof(struct in6_addr);
+  else
+  {
+    errno = EAFNOSUPPORT;
+    return -1;
+  }
+  result = ares_inet_net_pton(af, src, dst, size);
+  if (result == -1 && errno == ENOENT)
+    return 0;
+  return (result > -1 ? 1 : -1);
+}
+#endif

ares/inet_net_pton.h

@@ -0,0 +1,31 @@
+/* $Id$ */
+
+/*
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#ifndef INET_NET_PTON_H
+#define INET_NET_PTON_H
+
+#if defined(HAVE_INET_PTON) && defined(HAVE_INET_PTON_IPV6)
+#define ares_inet_pton(x,y,z) inet_pton(x,y,z)
+#else
+int ares_inet_pton(int af, const char *src, void *dst);
+#endif
+#if defined(HAVE_INET_NET_PTON) && defined(HAVE_INET_NET_PTON_IPV6)
+#define ares_inet_net_pton(w,x,y,z) inet_net_pton(w,x,y,z)
+#else
+int ares_inet_net_pton(int af, const char *src, void *dst, size_t size);
+#endif
+
+#endif /* INET_NET_PTON_H */

ares/inet_ntop.c

@@ -0,0 +1,206 @@
+/* Copyright (c) 1996 by Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ */
+
+#include "setup.h"
+
+#include <sys/types.h>
+
+#if defined(WIN32) && !defined(WATT32)
+#include "nameser.h"
+#else
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_NAMESER_H
+#include <arpa/nameser.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#endif
+
+#include <ctype.h>
+#include <errno.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include "ares_ipv6.h"
+#include "inet_ntop.h"
+
+
+#if !defined(HAVE_INET_NTOP) || !defined(HAVE_INET_NTOP_IPV6)
+
+#ifdef SPRINTF_CHAR
+# define SPRINTF(x) strlen(sprintf/**/x)
+#else
+# define SPRINTF(x) ((size_t)sprintf x)
+#endif
+
+/*
+ * WARNING: Don't even consider trying to compile this on a system where
+ * sizeof(int) < 4.  sizeof(int) > 4 is fine; all the world's not a VAX.
+ */
+
+static const char *inet_ntop4(const unsigned char *src, char *dst, size_t size);
+static const char *inet_ntop6(const unsigned char *src, char *dst, size_t size);
+
+/* char *
+ * inet_ntop(af, src, dst, size)
+ *	convert a network format address to presentation format.
+ * return:
+ *	pointer to presentation format address (`dst'), or NULL (see errno).
+ * author:
+ *	Paul Vixie, 1996.
+ */
+const char *
+ares_inet_ntop(int af, const void *src, char *dst, size_t size)
+{
+
+	switch (af) {
+	case AF_INET:
+		return (inet_ntop4(src, dst, size));
+	case AF_INET6:
+		return (inet_ntop6(src, dst, size));
+	default:
+		errno = EAFNOSUPPORT;
+		return (NULL);
+	}
+	/* NOTREACHED */
+}
+
+/* const char *
+ * inet_ntop4(src, dst, size)
+ *	format an IPv4 address, more or less like inet_ntoa()
+ * return:
+ *	`dst' (as a const)
+ * notes:
+ *	(1) uses no statics
+ *	(2) takes a unsigned char* not an in_addr as input
+ * author:
+ *	Paul Vixie, 1996.
+ */
+static const char *
+inet_ntop4(const unsigned char *src, char *dst, size_t size)
+{
+	static const char fmt[] = "%u.%u.%u.%u";
+	char tmp[sizeof "255.255.255.255"];
+
+	if (SPRINTF((tmp, fmt, src[0], src[1], src[2], src[3])) > size) {
+		errno = ENOSPC;
+		return (NULL);
+	}
+	strcpy(dst, tmp);
+	return (dst);
+}
+
+/* const char *
+ * inet_ntop6(src, dst, size)
+ *	convert IPv6 binary address into presentation (printable) format
+ * author:
+ *	Paul Vixie, 1996.
+ */
+static const char *
+inet_ntop6(const unsigned char *src, char *dst, size_t size)
+{
+	/*
+	 * Note that int32_t and int16_t need only be "at least" large enough
+	 * to contain a value of the specified size.  On some systems, like
+	 * Crays, there is no such thing as an integer variable with 16 bits.
+	 * Keep this in mind if you think this function should have been coded
+	 * to use pointer overlays.  All the world's not a VAX.
+	 */
+	char tmp[sizeof "ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255"], *tp;
+	struct { int base, len; } best, cur;
+	unsigned int words[NS_IN6ADDRSZ / NS_INT16SZ];
+	int i;
+
+	/*
+	 * Preprocess:
+	 *	Copy the input (bytewise) array into a wordwise array.
+	 *	Find the longest run of 0x00's in src[] for :: shorthanding.
+	 */
+	memset(words, '\0', sizeof words);
+	for (i = 0; i < NS_IN6ADDRSZ; i++)
+		words[i / 2] |= (src[i] << ((1 - (i % 2)) << 3));
+	best.base = -1;
+	cur.base = -1;
+	for (i = 0; i < (NS_IN6ADDRSZ / NS_INT16SZ); i++) {
+		if (words[i] == 0) {
+			if (cur.base == -1)
+				cur.base = i, cur.len = 1;
+			else
+				cur.len++;
+		} else {
+			if (cur.base != -1) {
+				if (best.base == -1 || cur.len > best.len)
+					best = cur;
+				cur.base = -1;
+			}
+		}
+	}
+	if (cur.base != -1) {
+		if (best.base == -1 || cur.len > best.len)
+			best = cur;
+	}
+	if (best.base != -1 && best.len < 2)
+		best.base = -1;
+
+	/*
+	 * Format the result.
+	 */
+	tp = tmp;
+	for (i = 0; i < (NS_IN6ADDRSZ / NS_INT16SZ); i++) {
+		/* Are we inside the best run of 0x00's? */
+		if (best.base != -1 && i >= best.base &&
+		    i < (best.base + best.len)) {
+			if (i == best.base)
+				*tp++ = ':';
+			continue;
+		}
+		/* Are we following an initial run of 0x00s or any real hex? */
+		if (i != 0)
+			*tp++ = ':';
+		/* Is this address an encapsulated IPv4? */
+		if (i == 6 && best.base == 0 &&
+		    (best.len == 6 || (best.len == 5 && words[5] == 0xffff))) {
+			if (!inet_ntop4(src+12, tp, sizeof tmp - (tp - tmp)))
+				return (NULL);
+			tp += strlen(tp);
+			break;
+		}
+		tp += SPRINTF((tp, "%x", words[i]));
+	}
+	/* Was it a trailing run of 0x00's? */
+	if (best.base != -1 && (best.base + best.len) == (NS_IN6ADDRSZ / NS_INT16SZ))
+		*tp++ = ':';
+	*tp++ = '\0';
+
+	/*
+	 * Check for overflow, copy, and we're done.
+	 */
+	if ((size_t)(tp - tmp) > size) {
+		errno = ENOSPC;
+		return (NULL);
+	}
+	strcpy(dst, tmp);
+	return (dst);
+}
+
+#endif

ares/inet_ntop.h

@@ -0,0 +1,26 @@
+/* $Id$ */
+
+/*
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#ifndef INET_NTOP_H
+#define INET_NTOP_H
+
+#ifdef HAVE_INET_NTOP
+#define ares_inet_ntop(w,x,y,z) inet_ntop(w,x,y,z)
+#else
+const char *ares_inet_ntop(int af, const void *src, char *dst, size_t size);
+#endif
+
+#endif /* INET_NET_NTOP_H */

ares/nameser.h

@@ -16,6 +16,8 @@
 
 #define EINPROGRESS WSAEINPROGRESS
 #define EWOULDBLOCK WSAEWOULDBLOCK
+#define EMSGSIZE WSAEMSGSIZE
+#define EAFNOSUPPORT WSAEAFNOSUPPORT
 
 /* Structure for scatter/gather I/O.  */
 struct iovec
@@ -37,7 +39,9 @@ int ares_gettimeofday(struct timeval *tv, struct timezone *tz);
 #endif  /* !NETWARE */
 
 #define NS_CMPRSFLGS  0xc0
-
+#define NS_IN6ADDRSZ  16
+#define NS_INT16SZ    2
+#define NS_INADDRSZ   4
 
   /* Flag bits indicating name compression. */
 #define INDIR_MASK    NS_CMPRSFLGS

ares/setup.h

@@ -1,7 +1,7 @@
 #ifndef ARES_SETUP_H
 #define ARES_SETUP_H
 
-/* Copyright (C) 2004 by Daniel Stenberg et al
+/* Copyright (C) 2004 - 2005 by Daniel Stenberg et al
  *
  * Permission to use, copy, modify, and distribute this software and its
  * documentation for any purpose and without fee is hereby granted, provided
@@ -49,7 +49,7 @@ typedef int ares_socket_t;
 #endif
 
 #if !defined(HAVE_UNISTD_H) && !defined(_MSC_VER)
-#define HAVE_UNISTD_H 
+#define HAVE_UNISTD_H 1
 #endif
 
 #if !defined(HAVE_SYS_UIO_H) && !defined(WIN32) && !defined(MSDOS)
@@ -69,4 +69,13 @@ int ares_strcasecmp(const char *s1, const char *s2);
 #define strcasecmp(a,b) ares_strcasecmp(a,b)
 #endif
 
+/* IPv6 compatibility */
+#if !defined(HAVE_AF_INET6)
+#if defined(HAVE_PF_INET6)
+#define AF_INET6 PF_INET6
+#else
+#define AF_INET6 AF_MAX+1
+#endif
+#endif
+
 #endif /* ARES_SETUP_H */

ares/vc/adig/adig.mak

@@ -185,24 +185,24 @@ SOURCE=..\..\getopt.c
 !IF  "$(CFG)" == "adig - Win32 Release"
 
 "areslib - Win32 Release" : 
-   cd "\ARES-1.1.1\vc\areslib"
+   cd "..\areslib"
    $(MAKE) /$(MAKEFLAGS) /F ".\areslib.mak" CFG="areslib - Win32 Release" 
    cd "..\adig"
 
 "areslib - Win32 ReleaseCLEAN" : 
-   cd "\ARES-1.1.1\vc\areslib"
+   cd "..\areslib"
    $(MAKE) /$(MAKEFLAGS) /F ".\areslib.mak" CFG="areslib - Win32 Release" RECURSE=1 CLEAN 
    cd "..\adig"
 
 !ELSEIF  "$(CFG)" == "adig - Win32 Debug"
 
 "areslib - Win32 Debug" : 
-   cd "\ARES-1.1.1\vc\areslib"
+   cd "..\areslib"
    $(MAKE) /$(MAKEFLAGS) /F ".\areslib.mak" CFG="areslib - Win32 Debug" 
    cd "..\adig"
 
 "areslib - Win32 DebugCLEAN" : 
-   cd "\ARES-1.1.1\vc\areslib"
+   cd "..\areslib"
    $(MAKE) /$(MAKEFLAGS) /F ".\areslib.mak" CFG="areslib - Win32 Debug" RECURSE=1 CLEAN 
    cd "..\adig"
 

ares/vc/ahost/ahost.mak

@@ -195,24 +195,24 @@ SOURCE=..\..\ahost.c
 !IF  "$(CFG)" == "ahost - Win32 Release"
 
 "areslib - Win32 Release" : 
-   cd "\ARES-1.1.1\vc\areslib"
+   cd "..\areslib"
    $(MAKE) /$(MAKEFLAGS) /F ".\areslib.mak" CFG="areslib - Win32 Release" 
    cd "..\ahost"
 
 "areslib - Win32 ReleaseCLEAN" : 
-   cd "\ARES-1.1.1\vc\areslib"
+   cd "..\areslib"
    $(MAKE) /$(MAKEFLAGS) /F ".\areslib.mak" CFG="areslib - Win32 Release" RECURSE=1 CLEAN 
    cd "..\ahost"
 
 !ELSEIF  "$(CFG)" == "ahost - Win32 Debug"
 
 "areslib - Win32 Debug" : 
-   cd "\ARES-1.1.1\vc\areslib"
+   cd "..\areslib"
    $(MAKE) /$(MAKEFLAGS) /F ".\areslib.mak" CFG="areslib - Win32 Debug" 
    cd "..\ahost"
 
 "areslib - Win32 DebugCLEAN" : 
-   cd "\ARES-1.1.1\vc\areslib"
+   cd "..\areslib"
    $(MAKE) /$(MAKEFLAGS) /F ".\areslib.mak" CFG="areslib - Win32 Debug" RECURSE=1 CLEAN 
    cd "..\ahost"
 

buildconf

@@ -85,6 +85,14 @@ fi
 
 echo "buildconf: automake version $am_version (ok)"
 
+ac=`findtool aclocal`
+
+if test -z "$ac"; then
+  echo "buildconf: aclocal not found. Weird automake installation!"
+  exit 1
+else
+  echo "buildconf: aclocal found"
+fi
 
 #--------------------------------------------------------------------------
 # libtool check
@@ -142,6 +150,13 @@ fi
 
 echo "buildconf: libtool version $lt_version (ok)"
 
+if test -f "$LIBTOOLIZE"; then
+  echo "buildconf: libtoolize found"
+else
+  echo "buildconf: libtoolize not found. Weird libtool installation!"
+  exit 1
+fi
+
 #--------------------------------------------------------------------------
 # m4 check
 #
@@ -155,6 +170,10 @@ else
   exit 1
 fi
 
+#--------------------------------------------------------------------------
+# perl check
+#
+PERL=`findtool perl`
 
 # ------------------------------------------------------------
 
@@ -164,8 +183,13 @@ echo "buildconf: running libtoolize"
 ${LIBTOOLIZE:-libtoolize} --copy --automake --force || die "The libtool command failed"
 echo "buildconf: running aclocal"
 ${ACLOCAL:-aclocal} $ACLOCAL_FLAGS || die "The aclocal command line failed"
-echo "buildconf: running aclocal hack to convert all mv to mv -f"
+if test -n "$PERL"; then
-perl -i.bak -pe 's/\bmv +([^-\s])/mv -f $1/g' aclocal.m4
+  echo "buildconf: running aclocal hack to convert all mv to mv -f"
+  $PERL -i.bak -pe 's/\bmv +([^-\s])/mv -f $1/g' aclocal.m4
+else
+  echo "buildconf: perl not found"
+  exit 1
+fi
 echo "buildconf: running autoheader"
 ${AUTOHEADER:-autoheader} || die "The autoheader command failed"
 echo "buildconf: cp lib/config.h.in src/config.h.in"

configure.ac

@@ -7,7 +7,7 @@ dnl We don't know the version number "staticly" so we use a dash here
 AC_INIT(curl, [-], [a suitable curl mailing list => http://curl.haxx.se/mail/])
 
 dnl configure script copyright
-AC_COPYRIGHT([Copyright (c) 1998 - 2004 Daniel Stenberg, <daniel@haxx.se>
+AC_COPYRIGHT([Copyright (c) 1998 - 2005 Daniel Stenberg, <daniel@haxx.se>
 This configure script may be copied, distributed and modified under the 
 terms of the curl license; see COPYING for more details])
 
@@ -56,7 +56,7 @@ AC_SUBST(PKGADD_VENDOR)
 
 dnl
 dnl initialize all the info variables
-    curl_ssl_msg="no      (--with-ssl)"
+    curl_ssl_msg="no      (--with-ssl / --with-gnutls)"
    curl_zlib_msg="no      (--with-zlib)"
    curl_krb4_msg="no      (--with-krb4*)"
     curl_gss_msg="no      (--with-gssapi)"
@@ -66,6 +66,7 @@ dnl initialize all the info variables
     curl_idn_msg="no      (--with-libidn)"
  curl_manual_msg="no      (--enable-manual)"
 curl_verbose_msg="enabled (--disable-verbose)"
+   curl_sspi_msg="no      (--enable-sspi)"
 
 dnl
 dnl Detect the canonical host and target build environment
@@ -116,6 +117,25 @@ esac
 AC_MSG_RESULT($mimpure)
 AM_CONDITIONAL(MIMPURE, test x$mimpure = xyes)
 
+AC_MSG_CHECKING([if we need BUILDING_LIBCURL])
+case $host in
+  *-*-mingw*)
+    AC_DEFINE(BUILDING_LIBCURL, 1, [when building libcurl itself])
+    AC_MSG_RESULT(yes)
+ <20> <20>AC_MSG_CHECKING([if we need CURL_STATICLIB])
+    if test "X$enable_shared" = "Xno"
+    then
+      AC_DEFINE(CURL_STATICLIB, 1, [when not building a shared library])
+      AC_MSG_RESULT(yes)
+ <20> <20>else
+ <20> <20> <20>AC_MSG_RESULT(no)
+    fi
+    ;;
+  *)
+    AC_MSG_RESULT(no)
+    ;;
+esac
+
 dnl The install stuff has already been taken care of by the automake stuff
 dnl AC_PROG_INSTALL
 AC_PROG_MAKE_SET
@@ -306,6 +326,7 @@ then
   AC_TRY_LINK([#include <winsock2.h>],
                [gethostbyname("www.dummysite.com");],
                [ dnl worked!
+               ws2="yes"
                AC_MSG_RESULT([yes])
                HAVE_GETHOSTBYNAME="1"],
                [ dnl failed, restore LIBS
@@ -360,6 +381,55 @@ AC_HELP_STRING([--enable-libgcc],[use libgcc when linking]),
        AC_MSG_RESULT(no)
 )
 
+dnl **********************************************************************
+dnl Check for the name of dynamic OpenLDAP libraries
+dnl **********************************************************************
+
+LDAPLIBNAME=""
+AC_ARG_WITH(ldap-lib,
+AC_HELP_STRING([--with-ldap-lib=libname],[Specify name of dynamic ldap lib file]),
+ [LDAPLIBNAME="$withval"])
+
+LBERLIBNAME=""
+AC_ARG_WITH(lber-lib,
+AC_HELP_STRING([--with-lber-lib=libname],[Specify name of dynamic lber lib file]),
+ [LBERLIBNAME="$withval"])
+
+if test x$CURL_DISABLE_LDAP != x1 ; then
+
+  if test -z "$LDAPLIBNAME" ; then
+    case $host in
+      *-*-cygwin | *-*-mingw* | *-*-pw32*)
+        dnl Windows uses a single and unique OpenLDAP DLL name
+        LDAPLIBNAME="wldap32.dll"
+        LBERLIBNAME="no"
+        ;;
+    esac
+  fi
+
+  if test "$LDAPLIBNAME" ; then
+    AC_DEFINE_UNQUOTED(DL_LDAP_FILE, "$LDAPLIBNAME")
+    AC_MSG_CHECKING([name of dynamic library ldap])
+    AC_MSG_RESULT($LDAPLIBNAME)
+  else
+    dnl Try to find the right ldap library name for this system
+    CURL_DLLIB_NAME(DL_LDAP_FILE, ldap)
+  fi
+
+  if test "$LBERLIBNAME" ; then
+    dnl If name is "no" then don't define this variable at all
+    dnl (it's only needed if libldap.so's dependencies are broken).
+    if test "$LBERLIBNAME" != "no" ; then 
+      AC_DEFINE_UNQUOTED(DL_LBER_FILE, "$LBERLIBNAME")
+    fi
+    AC_MSG_CHECKING([name of dynamic library lber])
+    AC_MSG_RESULT($LBERLIBNAME)
+  else
+    dnl Try to find the right lber library name for this system
+    CURL_DLLIB_NAME(DL_LBER_FILE, lber)
+  fi
+fi
+
 dnl **********************************************************************
 dnl Check for the presence of the winmm library.
 dnl **********************************************************************
@@ -685,11 +755,7 @@ AC_HELP_STRING([--with-ssl=PATH],[where to look for SSL, PATH points to the SSL
 AC_HELP_STRING([--without-ssl], [disable SSL]),
   OPT_SSL=$withval)
 
-if test X"$OPT_SSL" = Xno
+if test X"$OPT_SSL" != Xno; then
-then
-  AC_MSG_WARN([SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more])  
-else
-
   dnl backup the pre-ssl variables
   CLEANLDFLAGS="$LDFLAGS"
   CLEANCPPFLAGS="$CPPFLAGS"
@@ -748,27 +814,6 @@ else
     fi
   fi
 
-  AC_CHECK_LIB(crypto, CRYPTO_lock,[
-     HAVECRYPTO="yes"
-     ],[
-     LDFLAGS="$CLEANLDFLAGS -L$EXTRA_SSL/lib$libsuff"
-     CPPFLAGS="$CLEANCPPFLAGS -I$EXTRA_SSL/include/openssl -I$EXTRA_SSL/include"
-     AC_CHECK_LIB(crypto, CRYPTO_add_lock,[
-       HAVECRYPTO="yes" ], [
-       LDFLAGS="$CLEANLDFLAGS"
-       CPPFLAGS="$CLEANCPPFLAGS"
-       LIBS="$CLEANLIBS"
-       ])
-    ])
-
-
-  if test X"$HAVECRYPTO" != X"yes"; then
-      AC_MSG_WARN([crypto lib was not found; SSL will be disabled])
-
-  else
-    dnl This is only reasonable to do if crypto actually is there: check for
-    dnl SSL libs NOTE: it is important to do this AFTER the crypto lib
-
   dnl This is for Msys/Mingw
   AC_MSG_CHECKING([for gdi32])
   my_ac_save_LIBS=$LIBS
@@ -783,7 +828,26 @@ else
                AC_MSG_RESULT(no)]
               )
 
-    AC_CHECK_LIB(crypto, CRYPTO_add_lock)
+  AC_CHECK_LIB(crypto, CRYPTO_lock,[
+     HAVECRYPTO="yes"
+     LIBS="-lcrypto $LIBS"
+     ],[
+     LDFLAGS="$CLEANLDFLAGS -L$EXTRA_SSL/lib$libsuff"
+     CPPFLAGS="$CLEANCPPFLAGS -I$EXTRA_SSL/include/openssl -I$EXTRA_SSL/include"
+     AC_CHECK_LIB(crypto, CRYPTO_add_lock,[
+       HAVECRYPTO="yes"
+       LIBS="-lcrypto $LIBS"], [
+       LDFLAGS="$CLEANLDFLAGS"
+       CPPFLAGS="$CLEANCPPFLAGS"
+       LIBS="$CLEANLIBS"
+       ])
+    ])
+
+
+  if test X"$HAVECRYPTO" = X"yes"; then
+    dnl This is only reasonable to do if crypto actually is there: check for
+    dnl SSL libs NOTE: it is important to do this AFTER the crypto lib
+
     AC_CHECK_LIB(ssl, SSL_connect)
 
     if test "$ac_cv_lib_ssl_SSL_connect" != yes; then
@@ -805,13 +869,13 @@ else
       dnl Have the libraries--check for SSLeay/OpenSSL headers
       AC_CHECK_HEADERS(openssl/x509.h openssl/rsa.h openssl/crypto.h \
                        openssl/pem.h openssl/ssl.h openssl/err.h,
-        curl_ssl_msg="enabled"
+        curl_ssl_msg="enabled (OpenSSL)"
         OPENSSL_ENABLED=1
         AC_DEFINE(USE_OPENSSL, 1, [if OpenSSL is in use]))
 
       if test $ac_cv_header_openssl_x509_h = no; then
         AC_CHECK_HEADERS(x509.h rsa.h crypto.h pem.h ssl.h err.h,
-          curl_ssl_msg="enabled"
+          curl_ssl_msg="enabled (OpenSSL)"
           OPENSSL_ENABLED=1)
       fi
     fi
@@ -821,7 +885,11 @@ else
 
        dnl is there a pkcs12.h header present?
        AC_CHECK_HEADERS(openssl/pkcs12.h)
+    else
+       LIBS="$CLEANLIBS"
     fi
+    dnl USE_SSLEAY is the historical name for what configure calls
+    dnl OPENSSL_ENABLED; the names should really be unified
     USE_SSLEAY="$OPENSSL_ENABLED"
     AC_SUBST(USE_SSLEAY)
 
@@ -831,39 +899,14 @@ else
     fi
   fi
 
-
-dnl **********************************************************************
-dnl Check for the CA bundle
-dnl **********************************************************************
-
   if test X"$OPENSSL_ENABLED" = X"1"; then
     dnl If the ENGINE library seems to be around, check for the OpenSSL engine
-    dnl header, it is kind of "separated" from the main SSL check
+    dnl stuff, it is kind of "separated" from the main SSL check
-    AC_CHECK_FUNC(ENGINE_init, [ AC_CHECK_HEADERS(openssl/engine.h) ])
+    AC_CHECK_FUNC(ENGINE_init,
-
-    AC_MSG_CHECKING([CA cert bundle install path])
-
-    AC_ARG_WITH(ca-bundle,
-AC_HELP_STRING([--with-ca-bundle=FILE], [File name to install the CA bundle as])
-AC_HELP_STRING([--without-ca-bundle], [Don't install the CA bundle]),
-    [ ca="$withval" ],
               [
-      if test "x$prefix" != xNONE; then
+                AC_CHECK_HEADERS(openssl/engine.h)
-        ca="\${prefix}/share/curl/curl-ca-bundle.crt"
+                AC_CHECK_FUNCS( ENGINE_load_builtin_engines )
-      else
+              ])
-        ca="$ac_default_prefix/share/curl/curl-ca-bundle.crt"
-      fi
-    ] )
-
-    if test X"$OPT_SSL" = Xno; then
-      ca="no"
-    fi
-
-    if test "x$ca" != "xno"; then
-      CURL_CA_BUNDLE='"'$ca'"'
-      AC_SUBST(CURL_CA_BUNDLE)  
-    fi
-    AC_MSG_RESULT([$ca])
 
     dnl these can only exist if openssl exists
 
@@ -884,8 +927,6 @@ AC_HELP_STRING([--without-ca-bundle], [Don't install the CA bundle]),
 
 fi
 
-AM_CONDITIONAL(CABUNDLE, test x$ca != xno)
-
 dnl **********************************************************************
 dnl Check for the random seed preferences 
 dnl **********************************************************************
@@ -918,6 +959,115 @@ if test X"$OPENSSL_ENABLED" = X"1"; then
   fi
 fi
 
+dnl ----------------------------------------------------
+dnl FIX: only check for GnuTLS if OpenSSL is not enabled
+dnl ----------------------------------------------------
+
+dnl Default to compiler & linker defaults for GnuTLS files & libraries.
+OPT_GNUTLS=off
+
+AC_ARG_WITH(gnutls,dnl
+AC_HELP_STRING([--with-gnutls=PATH],[where to look for GnuTLS, PATH points to the installation root (default: /usr/local/)])
+AC_HELP_STRING([--without-gnutls], [disable GnuTLS detection]),
+  OPT_GNUTLS=$withval)
+
+if test "$OPENSSL_ENABLED" != "1"; then
+
+  if test X"$OPT_GNUTLS" != Xoff; then
+    if test "x$OPT_GNUTLS" = "xyes"; then
+     check=`libgnutls-config --version 2>/dev/null`
+     if test -n "$check"; then
+       addlib=`libgnutls-config --libs`
+       addcflags=`libgnutls-config --cflags`
+       version=`libgnutls-config --version`
+       gtlsprefix=`libgnutls-config --prefix`
+     fi
+    else
+      addlib=`$OPT_GNUTLS/bin/libgnutls-config --libs`
+      addcflags=`$OPT_GNUTLS/bin/libgnutls-config --cflags`
+      version=`$OPT_GNUTLS/bin/libgnutls-config --version 2>/dev/null`
+      gtlsprefix=$OPT_GNUTLS
+      if test -z "$version"; then
+        version="unknown"
+      fi
+    fi
+    if test -n "$addlib"; then
+
+      CLEANLDFLAGS="$LDFLAGS"
+      CLEANCPPFLAGS="$CPPFLAGS"
+  
+      LDFLAGS="$LDFLAGS $addlib"
+      if test "$addcflags" != "-I/usr/include"; then
+         CPPFLAGS="$CPPFLAGS $addcflags"
+      fi
+  
+      AC_CHECK_LIB(gnutls, gnutls_check_version,
+       [
+       AC_DEFINE(USE_GNUTLS, 1, [if GnuTLS is enabled])
+       AC_SUBST(USE_GNUTLS, [1])
+       USE_GNUTLS="yes"
+       curl_ssl_msg="enabled (GnuTLS)"
+       ],
+       [
+         LDFLAGS="$CLEANLDFLAGS"
+         CPPFLAGS="$CLEANCPPFLAGS"
+       ])
+  
+      if test "x$USE_GNUTLS" = "xyes"; then
+        AC_MSG_NOTICE([detected GnuTLS version $version])
+
+        dnl when shared libs were found in a path that the run-time
+        dnl linker doesn't search through, we need to add it to
+        dnl LD_LIBRARY_PATH to prevent further configure tests to fail
+        dnl due to this
+
+        LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$gtlsprefix/lib$libsuff"
+        export LD_LIBRARY_PATH
+      fi
+
+    fi
+
+  fi dnl GNUTLS not disabled
+
+  if test X"$USE_GNUTLS" != "Xyes"; then
+    AC_MSG_WARN([SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more.])
+    AC_MSG_WARN([Use --with-ssl or --with-gnutls to address this.])
+  fi
+
+fi dnl OPENSSL != 1
+
+dnl **********************************************************************
+dnl Check for the CA bundle
+dnl **********************************************************************
+
+if test X"$USE_GNUTLS$OPENSSL_ENABLED" != "X"; then
+
+  AC_MSG_CHECKING([CA cert bundle install path])
+
+  AC_ARG_WITH(ca-bundle,
+AC_HELP_STRING([--with-ca-bundle=FILE], [File name to install the CA bundle as])
+AC_HELP_STRING([--without-ca-bundle], [Don't install the CA bundle]),
+    [ ca="$withval" ],
+    [
+      if test "x$prefix" != xNONE; then
+        ca="\${prefix}/share/curl/curl-ca-bundle.crt"
+      else
+        ca="$ac_default_prefix/share/curl/curl-ca-bundle.crt"
+      fi
+    ] )
+
+    if test "x$ca" != "xno"; then
+      CURL_CA_BUNDLE='"'$ca'"'
+      AC_SUBST(CURL_CA_BUNDLE)  
+    fi
+    AC_MSG_RESULT([$ca])
+fi dnl only done if some kind of SSL was enabled
+
+AM_CONDITIONAL(CABUNDLE, test x$ca != xno)
+
+
+
+  
 dnl **********************************************************************
 dnl Check for the presence of ZLIB libraries and headers
 dnl **********************************************************************
@@ -926,27 +1076,35 @@ dnl Check for & handle argument to --with-zlib.
 
 _cppflags=$CPPFLAGS
 _ldflags=$LDFLAGS
-OPT_ZLIB="/usr/local"
 AC_ARG_WITH(zlib,
 AC_HELP_STRING([--with-zlib=PATH],[search for zlib in PATH])
 AC_HELP_STRING([--without-zlib],[disable use of zlib]),
                [OPT_ZLIB="$withval"])
 
-case "$OPT_ZLIB" in
+if test "$OPT_ZLIB" = "no" ; then
-  no)
+    AC_MSG_WARN([zlib disabled])
-    AC_MSG_WARN([zlib disabled]) ;;
+else
-  *)
+  if test "$OPT_ZLIB" = "yes" ; then
+     OPT_ZLIB=""
+  fi
+
+  if test -z "$OPT_ZLIB" ; then
     dnl check for the lib first without setting any new path, since many
     dnl people have it in the default path
 
     AC_CHECK_LIB(z, inflateEnd,
                    dnl libz found, set the variable
                    [HAVE_LIBZ="1"],
-                   dnl if no lib found, try to add the given library
+                   dnl if no lib found, try /usr/local
-                   [if test -d "$OPT_ZLIB"; then
+                   [OPT_ZLIB="/usr/local"])
+
+  fi
+
+  dnl Add a nonempty path to the compiler flags
+  if test -n "$OPT_ZLIB"; then
      CPPFLAGS="$CPPFLAGS -I$OPT_ZLIB/include"
      LDFLAGS="$LDFLAGS -L$OPT_ZLIB/lib$libsuff"
-                   fi])
+  fi
 
   AC_CHECK_HEADER(zlib.h,
     [
@@ -989,8 +1147,7 @@ case "$OPT_ZLIB" in
     AC_MSG_NOTICE([found both libz and libz.h header])
     curl_zlib_msg="enabled"
   fi
-    ;;
+fi
-esac
 
 dnl set variable for use in automakefile(s)
 AM_CONDITIONAL(HAVE_LIBZ, test x"$AMFIXLIB" = x1)
@@ -1033,6 +1190,7 @@ case "$LIBIDN" in
 
        if test "x$idn" = "xyes"; then
          curl_idn_msg="enabled"
+         AC_SUBST(IDN_ENABLED, [1])
          dnl different versions of libidn have different setups of these:
          AC_CHECK_FUNCS( idn_free idna_strerror tld_strerror)
          AC_CHECK_HEADERS( idn-free.h tld.h )
@@ -1242,6 +1400,8 @@ AC_CHECK_TYPE(ssize_t, ,
 TYPE_SOCKLEN_T
 TYPE_IN_ADDR_T
 
+TYPE_SOCKADDR_STORAGE
+
 AC_FUNC_SELECT_ARGTYPES
 
 dnl Checks for library functions.
@@ -1254,7 +1414,6 @@ AC_CHECK_FUNCS( strtoll \
                 strdup \
                 strstr \
                 strtok_r \
-                strftime \
                 uname \
                 strcasecmp \
                 stricmp \
@@ -1336,9 +1495,22 @@ AC_CHECK_DECL(basename, ,
 #endif
 )
 
-dnl poll() might be badly emulated, as in Mac OS X 10.3 (and other BSDs?) and
+AC_MSG_CHECKING([if we are Mac OS X (to disable poll)])
-dnl to find out we make an extra check here!
+disable_poll=no
-if test "$ac_cv_func_poll" = "yes"; then
+case $host in
+  *-*-darwin*)
+    disable_poll="yes";
+    ;;
+  *)
+    ;;
+esac
+AC_MSG_RESULT($disable_poll)
+
+if test "$disable_poll" = "no"; then
+
+  dnl poll() might be badly emulated, as in Mac OS X 10.3 (and other BSDs?) and
+  dnl to find out we make an extra check here!
+  if test "$ac_cv_func_poll" = "yes"; then
     AC_MSG_CHECKING([if poll works with NULL inputs])
     AC_RUN_IFELSE([
 #ifdef HAVE_SYS_POLL_H
@@ -1357,8 +1529,8 @@ if test "$ac_cv_func_poll" = "yes"; then
     AC_MSG_RESULT(cross-compiling assumes yes)
     AC_DEFINE(HAVE_POLL_FINE, 1, [If you have a fine poll])
     ) dnl end of AC_RUN_IFELSE
-fi
+  fi dnl poll() was found
-
+fi dnl poll()-check is not disabled
 
 
 AC_PATH_PROG( PERL, perl, , 
@@ -1504,6 +1676,28 @@ AC_HELP_STRING([--disable-verbose],[Disable verbose strings]),
        AC_MSG_RESULT(yes)
 )
 
+dnl ************************************************************
+dnl enable SSPI support
+dnl
+AC_MSG_CHECKING([whether to enable SSPI support (win32 builds only)])
+AC_ARG_ENABLE(sspi,
+AC_HELP_STRING([--enable-sspi],[Enable SSPI])
+AC_HELP_STRING([--disable-sspi],[Disable SSPI]),
+[ case "$enableval" in
+  yes)
+       AC_MSG_RESULT(yes)
+       AC_DEFINE(USE_WINDOWS_SSPI, 1, [to enable SSPI support])
+       AC_SUBST(USE_WINDOWS_SSPI)
+       LIBS="$LIBS -lsecur32"
+       curl_sspi_msg="yes"
+       ;;
+  *)
+       AC_MSG_RESULT(no)
+       ;;
+  esac ],
+       AC_MSG_RESULT(no)
+)
+
 dnl ************************************************************
 dnl lame option to switch on debug options
 dnl
@@ -1567,6 +1761,17 @@ AC_HELP_STRING([--disable-cookies],[Disable cookies support]),
        AC_MSG_RESULT(yes)
 )
 
+if test "x$ws2" = "xyes"; then
+
+  dnl If ws2_32 is wanted, make sure it is the _last_ lib in LIBS (makes
+  dnl things work when built with c-ares). But we can't just move it last
+  dnl since then other stuff (SSL) won't build. So we simply append it to the
+  dnl end.
+
+  LIBS="$LIBS -lws2_32"
+
+fi
+
 AM_CONDITIONAL(CROSSCOMPILING, test x$cross_compiling = xyes)
 
 AC_CONFIG_FILES([Makefile \
@@ -1615,4 +1820,6 @@ AC_MSG_NOTICE([Configured to build curl/libcurl:
   Build libcurl:   Shared=${enable_shared}, Static=${enable_static} 
   Built-in manual: ${curl_manual_msg}
   Verbose errors:  ${curl_verbose_msg}
+  SSPI support:    ${curl_sspi_msg}
+  ca cert path:    ${ca}
 ])

curl-config.in

@@ -60,6 +60,7 @@ while test $# -gt 0; do
     --feature|--features)
 	if test "@USE_SSLEAY@" = "1"; then
           echo "SSL"
+          NTLM=1
         fi
 	if test "@KRB4_ENABLED@" = "1"; then
           echo "KRB4"
@@ -73,6 +74,16 @@ while test $# -gt 0; do
 	if test "@HAVE_ARES@" = "1"; then
           echo "AsynchDNS"
         fi
+	if test "@IDN_ENABLED@" = "1"; then
+          echo "IDN"
+        fi
+	if test "@USE_WINDOWS_SSPI@" = "1"; then
+          echo "SSPI"
+          NTLM=1
+        fi
+	if test "$NTLM" = "1"; then
+          echo "NTLM"
+        fi
 	;;
 
     --protocols)

docs/BINDINGS

@@ -75,6 +75,11 @@ Java
   Maintained by Vic Hanson
   http://curl.haxx.se/libcurl/java/
 
+Lisp
+
+  Written by Liam Healy
+  http://common-lisp.net/project/cl-curl/
+
 Lua
 
   Written by Steve Dekorte
@@ -87,8 +92,8 @@ Mono
 
 .NET
 
-  Written by Jeffrey Phillips
+  libcurl-net Written by Jeffrey Phillips
-  http://www.seasideresearch.com/downloads.html
+  http://sourceforge.net/projects/libcurl-net/
 
 Object-Pascal
 
@@ -150,6 +155,11 @@ Tcl
   Tclcurl is written by Andr<64>s Garc<72>a
   http://personal1.iddeo.es/andresgarci/tclcurl/english/docs.html
 
+Visual Basic
+
+  libcurl-vb is written by Jeffrey Phillips
+  http://sourceforge.net/projects/libcurl-vb/
+
 Q
 
   http://q-lang.sourceforge.net/

docs/FAQ

@@ -1,4 +1,4 @@
-Updated: December 21, 2004 (http://curl.haxx.se/docs/faq.html)
+Updated: April 13, 2005 (http://curl.haxx.se/docs/faq.html)
                                   _   _ ____  _
                               ___| | | |  _ \| |
                              / __| | | | |_) | |
@@ -43,6 +43,7 @@ FAQ
   3.15 Can I do recursive fetches with curl?
   3.16 What certificates do I need when I use SSL?
   3.17 How do I list the root dir of an FTP server?
+  3.18 Can I use curl to send a POST/PUT and not wait for a response?
 
  4. Running Problems
   4.1 Problems connecting to SSL servers.
@@ -74,6 +75,9 @@ FAQ
   5.7 Link errors when building libcurl on Windows!
   5.8 libcurl.so.3: open failed: No such file or directory
   5.9 How does libcurl resolve host names?
+  5.10 How do I prevent libcurl from writing the response to stdout?
+  5.11 How do I make libcurl not receive the whole HTTP response?
+  5.12 Can I make libcurl fake or hide my real IP address?
 
  6. License Issues
   6.1 I have a GPL program, can I use the libcurl library?
@@ -97,7 +101,7 @@ FAQ
   cURL is the name of the project. The name is a play on 'Client for URLs',
   originally with URL spelled in uppercase to make it obvious it deals with
   URLs. The fact it can also be pronounced 'see URL' also helped, it works as
-  an abbrivation for "Client URL Request Library" or why not the recursive
+  an abbreviation for "Client URL Request Library" or why not the recursive
   version: "Curl URL Request Library".
 
   The cURL project produces two products:
@@ -296,8 +300,8 @@ FAQ
 
   2.2 Does curl work/build with other SSL libraries?
 
-  Curl has been written to use OpenSSL, although there should not be much
+  Curl has been written to use OpenSSL or GnuTLS, although there should not be
-  problems using a different library. If anyone does "port" curl to use a
+  many problems using a different library. If anyone does "port" curl to use a
   different SSL library, we are of course very interested in getting the
   patch!
 
@@ -503,9 +507,9 @@ FAQ
     If the server doesn't require this, you don't need a client certificate.
 
   - Server certificate. The server you communicate with has a server
-    certificate. You can and should verify this certficate to make sure that
+    certificate. You can and should verify this certificate to make sure that
     you are truly talking to the real server and not a server impersonating
-    it. The server certificate verifaction process is made by using a
+    it. The server certificate verification process is made by using a
     Certificate Authority certificate ("CA cert") that was used to sign the
     server certificate. Server certificate verification is enabled by default
     in curl and libcurl and is often the reason for problems as explained in
@@ -533,6 +537,10 @@ FAQ
 
      curl ftp://ftp.sunet.se//tmp/
 
+  3.18 Can I use curl to send a POST/PUT and not wait for a response?
+ 
+  No.
+
 
 4. Running Problems
 
@@ -733,12 +741,20 @@ FAQ
 
   Yes.
 
-  We have written the libcurl code specificly adjusted for multi-threaded
+  We have written the libcurl code specifically adjusted for multi-threaded
   programs. libcurl will use thread-safe functions instead of non-safe ones if
   your system has such.
 
-  We would appreciate some kind of report or README file from those who have
+  If you use a OpenSSL-powered libcurl in a multi-threaded environment, you
-  used libcurl in a threaded environment.
+  need to provide one or two locking functions:
+
+    http://www.openssl.org/docs/crypto/threads.html#DESCRIPTION
+
+  If you use a GnuTLS-powered libcurl in a multi-threaded environment, you
+  need to provide locking function(s) for libgcrypt (which is used by GnuTLS
+  for the crypto functions).
+
+    [informative link missing]
 
   5.2 How can I receive all data into a large memory chunk?
 
@@ -877,6 +893,35 @@ FAQ
     A - gethostbyname() on plain ipv4 windows hosts
     B - getaddrinfo() on ipv6-enabled windows hosts
 
+  Also note that libcurl never resolves or reverse-lookups addresses given as
+  pure numbers, such as 127.0.0.1 or ::1.
+
+  5.10 How do I prevent libcurl from writing the response to stdout?
+
+  libcurl provides a default built-in write function that writes received data
+  to stdout. Set a WRITEFUNCTION to receive the data, or possibly set
+  WRITEDATA to a different FILE * handle.
+
+  5.11 How do I make libcurl not receive the whole HTTP response?
+
+  You make the write callback (or progress callback) return an error and
+  libcurl will then abort the transfer.
+
+  5.12 Can I make libcurl fake or hide my real IP address?
+
+  No. libcurl operates on a higher level than so. Besides, faking IP address
+  would imply sending IP packages with a made-up source address, and then you
+  normally get a problem with intercepting the packages sent back as they
+  would then not be routed to you!
+
+  If you use a proxy to access remote sites, the sites will not see your local
+  IP address but instead the address of the proxy.
+
+  Also note that on many networks NATs or other IP-munging techniques are used
+  that makes you see and use a different IP address locally than what the
+  remote server will see you coming from.
+
+
 6. License Issues
 
   Curl and libcurl are released under a MIT/X derivate license. The license is

docs/HISTORY

@@ -114,6 +114,8 @@ distributions and otherwise retrieved as part of other software.
 September 2002, with the release of curl 7.10 it is released under the MIT
 license only.
 
+January 2003. Started working on the distributed curl tests. The autobuilds.
+
 February 2003, the curl site averages at 20000 visits weekly. At any given
 moment, there's an average of 3 people browsing the curl.haxx.se site.
 
@@ -139,3 +141,7 @@ August 2004:
  Number of public functions in libcurl:    36
  Amount of public web site mirrors:        12
  Number of known libcurl bindings:         26
+
+April 2005:
+
+GnuTLS can now optionally be used for the secure layer when curl is built.

docs/INSTALL

@@ -578,14 +578,14 @@ PORTS
         - MIPS IRIX 6.2, 6.5
         - MIPS Linux
         - Pocket PC/Win CE 3.0
-        - Power AIX 3.2.5, 4.2, 4.3.1, 4.3.2, 5.1
+        - Power AIX 3.2.5, 4.2, 4.3.1, 4.3.2, 5.1, 5.2
         - PowerPC Darwin 1.0
         - PowerPC Linux
         - PowerPC Mac OS 9
         - PowerPC Mac OS X
         - SINIX-Z v5
         - Sparc Linux
-        - Sparc Solaris 2.4, 2.5, 2.5.1, 2.6, 7, 8
+        - Sparc Solaris 2.4, 2.5, 2.5.1, 2.6, 7, 8, 9, 10
         - Sparc SunOS 4.1.X
         - StrongARM (and other ARM) RISC OS 3.1, 4.02
         - StrongARM Linux 2.4
@@ -596,14 +596,14 @@ PORTS
         - i386 Esix 4.1
         - i386 FreeBSD
         - i386 HURD
-        - i386 Linux 1.3, 2.0, 2.2, 2.3, 2.4
+        - i386 Linux 1.3, 2.0, 2.2, 2.3, 2.4, 2.6
         - i386 NetBSD
         - i386 Novell NetWare
         - i386 OS/2
         - i386 OpenBSD
         - i386 SCO unix
         - i386 Solaris 2.7
-        - i386 Windows 95, 98, ME, NT, 2000
+        - i386 Windows 95, 98, ME, NT, 2000, XP, 2003
         - i386 QNX 6
         - i486 ncr-sysv4.3.03 (NCR MP-RAS)
         - ia64 Linux 2.3.99

docs/KNOWN_BUGS

@@ -3,6 +3,21 @@ join in and help us correct one or more of these! Also be sure to check the
 changelog of the current development status, as one or more of these problems
 may have been fixed since this was written!
 
+22. Sending files to a FTP server using curl on VMS, might lead to curl
+  complaining on "unaligned file size" on completion. The problem is related
+  to VMS file structures and the perceived file sizes stat() returns. A
+  possible fix would involve sending a "STRU VMS" command.
+  http://sourceforge.net/support/tracker.php?aid=1156287
+  
+21. FTP ASCII transfers do not follow RFC959. They don't convert the data
+   accordingly (not for sending nor for receiving). RFC 959 section 3.1.1.1
+   clearly describes how this should be done:
+
+     The sender converts the data from an internal character representation to
+     the standard 8-bit NVT-ASCII representation (see the Telnet
+     specification).  The receiver will convert the data from the standard
+     form to his own internal form.
+
 20. valgrind errors occur too often when 'make test' is used. It is because
   too many third-party libs and tools have problems. When curl is built
   without --disable-shared, the testing is done with a front-end script which
@@ -77,9 +92,6 @@ may have been fixed since this was written!
   libcurl thinks of it as the *compressed* length. Some explanations are here:
   http://curl.haxx.se/mail/lib-2003-06/0146.html
 
-4. IPv6 support on AIX 4.3.3 doesn't work due to a missing sockaddr_storage
-  struct. It has been reported to work on AIX 5.1 though.
-
 3. GOPHER transfers seem broken
 
 2. If a HTTP server responds to a HEAD request and includes a body (thus
@@ -91,7 +103,3 @@ may have been fixed since this was written!
   and havoc is what happens.
   More details on this is found in this libcurl mailing list thread:
   http://curl.haxx.se/mail/lib-2002-08/0000.html
-
-1. LDAP support requires that not only the OpenLDAP shared libraries be
-   present at run time, but the development libraries (liblber.so and
-   libldap.so) as well (not applicable to Windows).

docs/LICENSE-MIXING

@@ -32,7 +32,15 @@ OpenSSL http://www.openssl.org/source/license.html
         makes it "incompatible" with GPL. You are not allowed to ship binaries
         that link with OpenSSL that includes GPL code (unless that specific
         GPL code includes an exception for OpenSSL - a habit that is growing
-        more and more common).
+        more and more common). If OpenSSL's licensing is a problem for you,
+        consider using GnuTLS instead.
+
+GnuTLS  http://www.gnutls.org/
+
+        Uses the LGPL[3] license. If this is a problem for you, consider using
+        OpenSSL instead. Also note that GnuTLS itself depends on and uses
+        other libs (libgcrypt and libgpg-error) and they too are LGPL- or
+        GPL-licensed.
 
 c-ares  http://daniel.haxx.se/projects/c-ares/license.html
 
@@ -84,3 +92,5 @@ OpenLDAP http://www.openldap.org/software/release/license.html
 [1] = GPL - GNU General Public License: http://www.gnu.org/licenses/gpl.html
 [2] = http://www.fsf.org/licenses/gpl-faq.html#GPLIncompatibleLibs details on
       how to write such an exception to the GPL
+[3] = LGPL - GNU Lesser General Public License:
+      http://www.gnu.org/licenses/lgpl.html

docs/MANUAL

@@ -299,6 +299,13 @@ POST (HTTP)
 
         curl -F "docpicture=@dog.gif" -F "catpicture=@cat.gif" 
 
+  To send a field value literally without interpreting a leading '@'
+  or '<', or an embedded ';type=', use --form-string instead of
+  -F. This is recommended when the value is obtained from a user or
+  some other unpredictable source. Under these circumstances, using
+  -F instead of --form-string would allow a user to trick curl into
+  uploading a file.
+
 REFERRER
 
   A HTTP request has the option to include information about which address

docs/THANKS

@@ -1,110 +1,94 @@
- This project has been alive for several years. Countless people have provided
+ This project has been alive for many years. Countless people have provided
- feedback that have improved curl. Here follows a (incomplete) list of people
+ feedback that have improved curl. Here follows a list of people that have
- that have contributed with non-trivial parts:
+ contributed (a-z order).
 
-Daniel Stenberg <daniel@haxx.se>
+ If you have contributed but are missing here, please let us know!
-Rafael Sagula <sagula@inf.ufrgs.br>
+
-Sampo Kellomaki <sampo@iki.fi>
+Alan Pinstein, Albert Chin-A-Young, Albert Choy, Aleksandar Milivojevic, Alex
-Linas Vepstas <linas@linas.org>
+aka WindEagle, Alex Neblett, Alex Suykov, Alexander Kourakos, Alexander
-Bjorn Reese <breese@mail1.stofanet.dk>
+Krasnostavsky, Alexander Zhuravlev, Alexis Carvalho, Andi Jahja, Andreas Damm,
-Johan Anderson <johan@homemail.com>
+Andreas Olsson, Andreas Rieke, Andrew Francis, Andrew Fuller, Andr<64>s Garc<72>a,
-Kjell Ericson <Kjell.Ericson@haxx.se>
+Andy Cedilnik, Andy Serpa, Angus Mackay, Antoine Calando, Anton Kalmykov,
-Troy Engel <tengel@sonic.net>
+Arkadiusz Miskiewicz, Augustus Saunders, Avery Fay, Ben Greear, Benjamin
-Ryan Nelson <ryan@inch.com>
+Gerard, Bertrand Demiddelaer, Bjorn Reese, Bj<42>rn Stenberg, Bob Schader, Brad
-Bj<EFBFBD>rn Stenberg <bjorn@haxx.se>
+Burdick, Brent Beardsley, Brian Akins, Brian R Duffy, Bruce Mitchener, Bryan
-Angus Mackay <amackay@gus.ml.org>
+Henderson, Bryan Henderson , Bryan Kemp, Caolan McNamara, Casey O'Donnell,
-Eric Young <eay@cryptsoft.com>
+Chih-Chung Chang, Chris "Bob Bob", Chris Combes, Chris Gaukroger, Chris
-Simon Dick <simond@totally.irrelevant.org>
+Maltby, Christian Kurz, Christian Robottom Reis, Christophe Demory, Christophe
-Oren Tirosh <oren@monty.hishome.net>
+Legry, Christopher R. Palmer, Clarence Gardner, Clifford Wolf, Cody Jones,
-Steven G. Johnson <stevenj@alum.mit.edu>
+Colin Watson, Colm Buckley, Cory Nelson, Craig Davison, Craig Markwardt, Cris
-Gilbert Ramirez Jr. <gram@verdict.uthscsa.edu>
+Bailiff, Cyrill Osterwalder, Damien Adant, Dan Becker, Dan C, Dan Fandrich,
-Andr<EFBFBD>s Garc<72>a <ornalux@redestb.es>
+Dan Torop, Dan Zitter, Daniel at touchtunes, Daniel Stenberg, Dave Dribin,
-Douglas E. Wegscheid <wegscd@whirlpool.com>
+Dave Halbakken, Dave Hamilton, Dave May, David Byron, David Cohen, David
-Mark Butler <butlerm@xmission.com>
+Eriksson, David Houlder, David Hull, David J Meyer, David James, David Kimdon,
-Eric Thelin <eric@generation-i.com>
+David LeBlanc, David Odin, David Phillips, David Shaw, David Tarendash, David
-Marc Boucher <marc@mbsi.ca>
+Thiel, Detlef Schmier, Diego Casorran, Dimitris Sarris, Dinar, Dirk
-Greg Onufer <Greg.Onufer@Eng.Sun.COM>
+Eddelbuettel, Dirk Manske, Dolbneff A.V, Domenico Andreoli, Dominick Meglio,
-Doug Kaufman <dkaufman@rahul.net>
+Doug Kaufman, Doug Porter, Douglas E. Wegscheid, Douglas R. Horner, Dustin
-David Eriksson <david@2good.com>
+Boswell, Dylan Ellicott, Dylan Salisbury, Early Ehlinger, Edin Kadribasic,
-Ralph Beckmann <rabe@uni-paderborn.de>
+Ellis Pritchard, Emiliano Ida, Enrico Scholz, Enrik Berkhan, Eric Lavigne,
-T. Yamada <tai@imasy.or.jp>
+Eric Melville, Eric Rautman, Eric Thelin, Eric Vergnaud, Eric Young, Erick
-Lars J. Aas <larsa@sim.no>
+Nuwendam, Erwan Legrand, Erwin Authried, Evan Jordan, Fabrizio Ammollo, Fedor
-J<EFBFBD>rn Hartroth <Joern.Hartroth@computer.org>
+Karpelevitch, Felix von Leitner, Florian Schoppmann, Forrest Cahoon, Frank
-Matthew Clarke <clamat@van.maves.ca>
+Keeney, Frank Ticheler, Fred New, Fred Noz, Frederic Lepied, Gautam Mani, Gaz
-Linus Nielsen Feltzing <linus@haxx.se>
+Iqbal, Georg Horn, Georg Huettenegger, Gerd v. Egidy, Gerhard Herre, Giaslas
-Felix von Leitner <felix@convergence.de>
+Georgios, Gilad, Gilbert Ramirez Jr., Gisle Vanem, Giuseppe Attardi, Giuseppe
-Dan Zitter <dzitter@zitter.net>
+D'Ambrosio, Glen Nakamura, Glen Scott, Greg Hewgill, Greg Onufer, Grigory
-Jongki Suwandi <Jongki.Suwandi@eng.sun.com>
+Entin, Guenole Bescon, Guillaume Arluison, Gustaf Hui, Gwenole Beauchesne,
-Chris Maltby <chris@aurema.com>
+G<EFBFBD>tz Babin-Ebell, G<>nter Knauf, Hamish Mackenzie, Hanno Kranzhoff, Hans
-Ron Zapp <rzapper@yahoo.com>
+Steegers, Hardeep Singh, Harshal Pradhan, Heikki Korpela, Henrik Storner,
-Paul Marquis <pmarquis@iname.com>
+Hzhijun, Ian Ford, Ian Gulliver, Ian Wilkes, Ignacio Vazquez-Abrams, Ilguiz
-Ellis Pritchard <ellis@citria.com>
+Latypov, Ingo Ralf Blum, Ingo Wilken, Jacky Lam, Jacob Meuser, James Bursa,
-Damien Adant <dams@usa.net>
+James Clancy, James Cone, James Gallagher, James Griffiths, James MacMillan,
-Chris <cbayliss@csc.come>
+Jamie Lokier, Jamie Wilkinson, Jason S. Priebe, Jean-Claude Chauve, Jean-Louis
-Marco G. Salvagno <mgs@whiz.cjb.net>
+Lemaire, Jean-Marc Ranger, Jean-Philippe Barrette-LaPierre, Jeff Lawson, Jeff
-Paul Marquis <pmarquis@iname.com>
+Phillips, Jeffrey Pohlmeyer, Jeremy Friesner, Jesper Jensen, Jesse Noller, Jim
-David LeBlanc <dleblanc@qnx.com>
+Drash, Joe Halpin, Joel Chen, Johan Anderson, Johan Nilsson, John Crow, John
-Rich Gray at Plus Technologies
+Janssen, John Lask, John McGowan, Jon Travis, Jon Turner, Jonas Forsman,
-Luong Dinh Dung <u8luong@lhsystems.hu>
+Jonatan Lander, Jonathan Hseu, Jongki Suwandi, Josh Kapell, Juan F. Codagnone,
-Torsten Foertsch <torsten.foertsch@gmx.net>
+Juan Ignacio Herv<72>s, Juergen Wilke, Jukka Pihl, Julian Noble, Jun-ichiro
-Kristian K<>hntopp <kris@koehntopp.de>
+itojun Hagino, Jurij Smakov, J<>rg Mueller-Tolk, J<>rn Hartroth, Kai Sommerfeld,
-Fred Noz <FNoz@siac.com>
+Kai-Uwe Rommel, Kang-Jin Lee, Karol Pietrzak, Keith MacDonald, Keith McGuigan,
-Caolan McNamara <caolan@csn.ul.ie>
+Ken Hirsch, Ken Rastatter, Kevin Fisk, Kevin Roth, Kimmo Kinnunen, Kjell
-Albert Chin-A-Young <china@thewrittenword.com>
+Ericson, Kjetil Jacobsen, Klevtsov Vadim, Kris Kennaway, Krishnendu Majumdar,
-Stephen Kick <skick@epicrealm.com>
+Kristian K<>hntopp, Kyle Sallee, Lachlan O'Dea, Larry Campbell, Larry Fahnoe,
-Martin Hedenfalk <mhe@stacken.kth.se>
+Lars Gustafsson, Lars J. Aas, Lars Nilsson, Lars Torben Wilson, Legoff
-Richard Prescott <rip at step.polymtl.ca>
+Vincent, Lehel Bernadt, Len Krause, Linas Vepstas, Ling Thio, Linus Nielsen
-Jason S. Priebe <priebe@wral-tv.com>
+Feltzing, Loic Dachary, Loren Kirkby, Luca Altea, Luca Alteas, Lucas Adamski,
-T. Bharath <TBharath@responsenetworks.com>
+Lukasz Czekierda, Luke Call, Luong Dinh Dung, Maciej W. Rozycki, Marc Boucher,
-Alexander Kourakos <awk@users.sourceforge.net>
+Marcelo Juchem , Marcin Konicki, Marco G. Salvagno, Marcus Webster, Mark
-James Griffiths <griffiths_james@yahoo.com>
+Butler, Markus Moeller, Markus Oberhumer, Martijn Koster, Martin C. Martin,
-Loic Dachary <loic@senga.org>
+Martin Hedenfalk, Marty Kuhrt, Maruko, Massimiliano Ziccardi, Mathias
-Robert Weaver <robert.weaver@sabre.com>
+Axelsson, Mats Lidell, Matt Veenstra, Matthew Blain, Matthew Clarke, Maurice
-Ingo Ralf Blum <ingoralfblum@ingoralfblum.com>
+Barnum, Mekonikum, Mettgut Jamalla, Michael Benedict, Michael Curtis, Michael
-Jun-ichiro itojun Hagino <itojun@iijlab.net>
+Mealling, Michal Bonino, Mihai Ionescu, Mike Bytnar, Mike Dobbs, Miklos
-Frederic Lepied <flepied@mandrakesoft.com>
+Nemeth, Mitz Wark, Mohamed Lrhazi, Mohun Biswas, Moonesamy, Nathan O'Sullivan,
-Georg Horn <horn@koblenz-net.de>
+Naveen Noel, Neil Dunbar, Neil Spring, Nic Roets, Nick Gimbrone, Nick Humfrey,
-Cris Bailiff <c.bailiff@awayweb.com>
+Nico Baggus, Nicolas Berloquin, Nicolas Croiset, Niels van Tongeren, Nikita
-Sterling Hughes <sterling@designmultimedia.com>
+Schmidt, nk, Nodak Sodak, Oren Tirosh, P R Schaffner, Patrick Bihan-Faou,
-S. Moonesamy
+Patrick Smith, Paul Harrington, Paul Marquis, Paul Moore, Paul Nolan, Pavel
-Ingo Wilken <iw@WWW.Ecce-Terram.DE>
+Cenek, Pavel Orehov, Pawel A. Gajda, Pedro Neves, Pete Su, Peter Bray, Peter
-Pawel A. Gajda <mis@k2.net.pl>
+Forret, Peter Pentchev, Peter Sylvester, Peter Todd, Peter Verhas, Peter
-Patrick Bihan-Faou
+Wullinger, Phil Karn, Philip Gladstone, Philippe Hameau, Philippe Raoult,
-Nico Baggus <Nico.Baggus@mail.ing.nl>
+Pierre, Puneet Pawaia, Rafael Sagula, Ralph Beckmann, Ralph Mitchell, Ramana
-Sergio Ballestrero
+Mokkapati, Randy McMurchy, Reinout van Schouwen, Renaud Chaillat, Renaud
-Andrew Francis <locust@familyhealth.com.au>
+Duhaut, Rene Bernhardt, Rene Rebe, Ricardo Cadime, Rich Gray, Richard Archer,
-Tomasz Lacki <Tomasz.Lacki@primark.pl>
+Richard Atterer, Richard Bramante, Richard Cooper, Richard Gorton, Richard
-Georg Huettenegger <georg@ist.org>
+Prescott, Rick Jones, Rick Richardson, Rob Stanzel, Robert D. Young, Robert
-John Lask <johnlask@hotmail.com>
+Olson, Robert Weaver, Robin Kay, Rodney Simmons, Roland Krikava, Roland
-Eric Lavigne <erlavigne@wanadoo.fr>
+Zimmermann, Roman Koifman, Ron Zapp, Rosimildo da Silva, Roy Shan, Rune
-Marcus Webster <marcus.webster@phocis.com>
+Kleveland, Ryan Nelson, S. Moonesamy, Salvador D<>vila, Salvatore Sorrentino,
-G<EFBFBD>tz Babin-Ebell <babin<69>ebell@trustcenter.de>
+Sampo Kellomaki, Samuel D<>az Garc<72>a, Samuel Listopad, Sander Gates, Saul good,
-Andreas Damm <andreas-sourceforge@radab.org>
+Sebastien Willemijns, Sergio Ballestrero, Seshubabu Pasam, Shard, Shawn
-Jacky Lam <sylam@emsoftltd.com>
+Poulson, Siddhartha Prakash Jain, Simon Dick, Simon Liu, Spiridonoff A.V,
-James Gallagher <jgallagher@gso.uri.edu>
+Stadler Stephan, Stefan Ulrich, Stephan Bergmann, Stephen Kick, Stephen More,
-Kjetil Jacobsen <kjetilja@cs.uit.no>
+Sterling Hughes, Steve Green, Steve Lhomme, Steve Marx, Steve Oliphant, Steven
-Markus F.X.J. Oberhumer <markus@oberhumer.com>
+Bazyl, Steven G. Johnson, Stoned Elipot, Sven Neuhaus, swalkaus at yahoo.com,
-Miklos Nemeth <mnemeth@kfkisystems.com>
+S<EFBFBD>bastien Willemijns, T. Bharath, T. Yamada, Thomas Schwinge, Thomas Tonino,
-Kevin Roth <kproth@users.sourceforge.net>
+Tim Baker, Tim Bartley, Tim Costello, Tim Sneddon, Toby Peterson, Tom Benoist,
-Ralph Mitchell <rmitchell@eds.com>
+Tom Lee, Tom Mattison, Tom Moers, Tom Zerucha, Tomas Pospisek, Tomas Szepe,
-Dan Fandrich <dan@coneharvesters.com>
+Tomasz Lacki, Tommy Tam, Ton Voon, Tor Arntsen, Torsten Foertsch, Toshiyuki
-Jean-Philippe Barrette-LaPierre <jpb@rrette.com>
+Maezawa, Traian Nicolescu, Troels Walsted Hansen, Troy Engel, Ulrich Zadow,
-Richard Bramante <RBramante@on.com>
+Vincent Bronner, Vincent Penquerc'h, Vincent Sanders, Vojtech Janota, Vojtech
-Daniel Kouril <kouril@ics.muni.cz>
+Minarik, Walter J. Mack, Wayne Haigh, Werner Koch, Wesley Laxton, Wez Furlong,
-Dirk Manske <dm@nettraffic.de>
+Wilfredo Sanchez, Wojciech Zwiefka, Yarram Sunil, Zvi Har'El
-David Meyer <meyer@paracel.com>
-Dominick Meglio <codemstr@ptd.net>
-Gisle Vanem <gvanem@broadpark.no>
-Giuseppe Attardi <attardi@di.unipi.it>
-Tor Arntsen <tor@spacetec.no>
-David Byron <DByron@everdreamcorp.com>
-David Phillips
-Alexander Krasnostavsky
-G<EFBFBD>nter Knauf
-Bertrand Demiddelaer
-Peter Sylvester
-Alexis S. L. Carvalho
-Casey O'Donnell
-Marty Kuhrt
-James Bursa
-Greg Hewgill

docs/TODO

@@ -26,7 +26,7 @@ TODO
 
  * More data sharing. curl_share_* functions already exist and work, and they
    can be extended to share more. For example, enable sharing of the ares
-   channel.
+   channel and the connection cache.
 
  * Introduce a new error code indicating authentication problems (for proxy
    CONNECT error 407 for example). This cannot be an error code, we must not
@@ -35,16 +35,15 @@ TODO
 
  * Use 'struct lifreq' and SIOCGLIFADDR instead of 'struct ifreq' and
    SIOCGIFADDR on newer Solaris versions as they claim the latter is obsolete.
+   To support ipv6 interface addresses properly.
 
  * Add the following to curl_easy_getinfo(): GET_HTTP_IP, GET_FTP_IP and
    GET_FTP_DATA_IP. Return a string with the used IP. Suggested by Alan.
 
  LIBCURL - multi interface
 
- * Add a curl_multi_fdset() alternative that returns only two arrays with file
+ * Add a curl_multi_fdset() alternative. this allows apps to avoid the
-   desrciptors for reading and writing to allow the app to use whatever
+   FD_SETSIZE problem with select().
-   function it prefers. Plus, this allows apps to avoid the FD_SETSIZE problem
-   with select().
 
  * Add curl_multi_timeout() to make libcurl's ares-functionality better.
 
@@ -68,9 +67,6 @@ TODO
  * Make the detection of (bad) %0d and %0a codes in FTP url parts earlier in
    the process to avoid doing a resolve and connect in vain.
 
- * Code overhaul to make it more state-machine like and to _never_ block on
-   waiting for server responses when used with the multi interface.
-
  * Support GSS/Kerberos 5 for ftp file transfer. This will allow user
    authentication and file encryption.  Possible libraries and example clients
    are available from MIT or Heimdal. Requsted by Markus Moeller.
@@ -146,14 +142,12 @@ TODO
    it be? There's so much that could be done if it were! (brought by Chris
    Clark)
 
- * Make curl's SSL layer option capable of using other free SSL libraries.
+ * Make curl's SSL layer capable of using other free SSL libraries.  Such as
-   Such as the Mozilla Security Services
+   Mozilla Security Services
-   (http://www.mozilla.org/projects/security/pki/nss/) and GnuTLS
+   (http://www.mozilla.org/projects/security/pki/nss/), MatrixSSL
-   (http://www.gnu.org/software/gnutls/) This subject has been brought up
+   (http://www.matrixssl.org/) or yaSSL (http://yassl.com/). At least the
-   again recently since GPL-licensed applications that link with libcurl MAY
+   latter two could be alternatives for those looking to reduce the footprint
-   NOT distribute binaries that use OpenSSL without adding an exception clause
+   of libcurl built with OpenSSL or GnuTLS.
-   to the GPL license. See the LICENSE-MIXING document and this:
-   http://www.gnome.org/~markmc/openssl-and-the-gpl.html
 
  LDAP
 

docs/VERSIONS

@@ -20,7 +20,7 @@ Version Numbers and Releases
    N is pre-release number
 
  One of these numbers will get bumped in each new release. The numbers to the
- right of a bumped number will be reset to zero. If Z is zero, it is not
+ right of a bumped number will be reset to zero. If Z is zero, it may not be
  included in the version number. The pre release number is only included in
  pre releases (they're never used in public, official, releases).
 
@@ -49,7 +49,7 @@ Version Numbers and Releases
 
  As a service to any application that might want to support new libcurl
  features while still being able to build with older versions, all releases
- have the libcurl version stored in the curl/curl.h file using a static
+ have the libcurl version stored in the curl/curlver.h file using a static
  numbering scheme that can be used for comparison. The version number is
  defined as:
         
@@ -62,3 +62,6 @@ Version Numbers and Releases
  This 6-digit hexadecimal number does not show pre-release number, and it is
  always a greater number in a more recent release. It makes comparisons with
  greater than and less than work.
+
+ This number is also available as three separate defines:
+ LIBCURL_VERSION_MAJOR, LIBCURL_VERSION_MINOR and LIBCURL_VERSION_PATCH.

docs/curl.1

@@ -21,7 +21,7 @@
 .\" * $Id$
 .\" **************************************************************************
 .\"
-.TH curl 1 "25 Jan 2005" "Curl 7.13.0" "Curl Manual"
+.TH curl 1 "28 Apr 2005" "Curl 7.14.0" "Curl Manual"
 .SH NAME
 curl \- transfer a URL
 .SH SYNOPSIS
@@ -267,7 +267,7 @@ If this option is used several times, the last one will be used.
 be set with the \fI-H/--header\fP flag of course.  When used with
 \fI-L/--location\fP you can append ";auto" to the referer URL to make curl
 automatically set the previous URL when it follows a Location: header. The
-";auto" string can be used alone, even if you don't set an initial referer.
+\&";auto" string can be used alone, even if you don't set an initial referer.
 
 If this option is used several times, the last one will be used.
 .IP "--engine <name>"
@@ -343,7 +343,7 @@ will instead attempt to create missing directories. (Added in 7.10.7)
 
 If this option is used twice, the second will again disable silent failure.
 .IP "--ftp-pasv"
-(FTP) Use PASV when transfering. PASV is the internal default behavior, but
+(FTP) Use PASV when transferring. PASV is the internal default behavior, but
 using this option can be used to override a previous --ftp-port option. (Added
 in 7.11.0)
 
@@ -380,9 +380,20 @@ or
 
 \fBcurl\fP -F "name=daniel;type=text/foo" url.com
 
+You can also explicitly change the name field of an file upload part by
+setting filename=, like this:
+
+\fBcurl\fP -F "file=@localfile;filename=nameinpost" url.com
+
 See further examples and details in the MANUAL.
 
 This option can be used multiple times.
+.IP "--form-string <name=string>"
+(HTTP) Similar to \fI--form\fP except that the value string for the named
+parameter is used literally. Leading \&'@' and \&'<' characters, and the
+\&';type=' string in the value have no special meaning. Use this in preference
+to \fI--form\fP if there's any possibility that the string value may
+accidentally trigger the \&'@' or \&'<' features of \fI--form\fP.
 .IP "-g/--globoff"
 This option switches off the "URL globbing parser". When you set this option,
 you can specify URLs that contain the letters {}[] without having them being
@@ -486,6 +497,20 @@ line. So, it could look similar to this:
 url = "http://curl.haxx.se/docs/"
 
 This option can be used multiple times.
+
+When curl is invoked, it always (unless \fI-q\fP is used) checks for a default
+config file and uses it if found. The default config file is checked for in
+the following places in this order:
+
+1) curl tries to find the "home dir": It first checks for the CURL_HOME and
+then the HOME environment variables. Failing that, it uses getpwuid() on
+unix-like systems (which returns the home dir given the current user in your
+system). On Windows, it then checks for the APPDATA variable, or as a last
+resort the '%USERPROFILE%\Application Data'.
+
+2) On windows, if there is no _curlrc file in the home dir, it checks for one
+in the same dir the executable curl is placed. On unix-like systems, it will
+simply try to load .curlrc from the determined home dir.
 .IP "--limit-rate <speed>"
 Specify the maximum transfer rate you want curl to use. This feature is useful
 if you have a limited pipe and you'd like your transfer not use your entire
@@ -636,6 +661,13 @@ You may use this option as many times as you have number of URLs.
 (SSL) Pass phrase for the private key
 
 If this option is used several times, the last one will be used.
+.IP "--proxy-anyauth"
+Tells curl to pick a suitable authentication method when communicating with
+the given proxy. This will cause an extra request/response round-trip. Added
+in curl 7.13.2.
+
+If this option is used twice, the second will again disable the proxy use-any
+authentication.
 .IP "--proxy-basic"
 Tells curl to use HTTP Basic authentication when communicating with the given
 proxy. Use \fI--basic\fP for enabling HTTP Basic with a remote host. Basic is
@@ -682,9 +714,10 @@ If this option is used several times, the last one will be used. Disable the
 use of PORT with \fI--ftp-pasv\fP. Disable the attempt to use the EPRT command
 instead of PORT by using \fI--disable-eprt\fP. EPRT is really PORT++.
 .IP "-q"
-If used as the first parameter on the command line, the \fI$HOME/.curlrc\fP
+If used as the first parameter on the command line, the \fIcurlrc\fP config
-file will not be read and used as a config file.
+file will not be read and used. See the \fI-K/--config\fP for details on the
-.IP "-Q/--quote <comand>"
+default config file search path.
+.IP "-Q/--quote <command>"
 (FTP) Send an arbitrary command to the remote FTP server. Quote commands are
 sent BEFORE the transfer is taking place (just after the initial PWD command
 to be exact). To make commands take place after a successful transfer, prefix
@@ -852,6 +885,11 @@ to read for untrained humans.
 
 If this option is used several times, the last one will be used. (Added in
 7.9.7)
+.IP "--trace-time"
+Prepends a time stamp to each trace or verbose line that curl displays.
+
+If this option is used several times, each occurrence will toggle it on/off.
+(Added in 7.14.0        )
 .IP "-u/--user <user:password>"
 Specify user and password to use for server authentication. Overrides
 \fI-n/--netrc\fP and \fI--netrc-optional\fP.
@@ -869,9 +907,9 @@ This option may be used any number of times. To control where this URL is
 written, use the \fI-o/--output\fP or the \fI-O/--remote-name\fP options.
 .IP "-v/--verbose"
 Makes the fetching more verbose/talkative. Mostly usable for debugging. Lines
-starting with '>' means data sent by curl, '<' means data received by curl
+starting with '>' means "header data" sent by curl, '<' means "header data"
-that is hidden in normal cases and lines starting with '*' means additional
+received by curl that is hidden in normal cases and lines starting with '*'
-info provided by curl.
+means additional info provided by curl.
 
 Note that if you only want HTTP headers in the output, \fI-i/--include\fP
 might be option you're looking for.
@@ -915,6 +953,9 @@ SPNEGO Negotiate authentication is supported.
 This curl supports transfers of large files, files larger than 2GB.
 .IP "IDN"
 This curl supports IDN - international domain names.
+.IP "SSPI"
+SSPI is supported. If you use NTLM and set a blank user name, curl will
+authenticate with your current user and password.
 .RE
 .IP "-w/--write-out <format>"
 Defines what to display after a completed and successful operation. The format
@@ -1266,5 +1307,5 @@ http://curl.haxx.se
 ftp://ftp.sunet.se/pub/www/utilities/curl/
 .SH "SEE ALSO"
 .BR ftp (1),
-.BR wget (1),
+.BR wget (1)
 

docs/examples/Makefile.am

@@ -10,7 +10,7 @@ EXTRA_DIST = README curlgtk.c sepheaders.c simple.c postit2.c		\
  post-callback.c multi-app.c multi-double.c multi-single.c		\
  multi-post.c fopen.c simplepost.c makefile.dj curlx.c https.c		\
  multi-debugcallback.c fileupload.c getinfo.c ftp3rdparty.c debug.c	\
- anyauthput.c htmltitle.cc htmltidy.c
+ anyauthput.c htmltitle.cc htmltidy.c opensslthreadlock.c
 
 all:
 	@echo "done"

docs/examples/htmltitle.cc

@@ -131,7 +131,7 @@ static bool init(CURL *&conn, char *url)
 //  libxml start element callback function
 //
 
-static void startElement(void *voidContext,
+static void StartElement(void *voidContext,
                          const xmlChar *name,
                          const xmlChar **attributes)
 {
@@ -148,7 +148,7 @@ static void startElement(void *voidContext,
 //  libxml end element callback function
 //
 
-static void endElement(void *voidContext,
+static void EndElement(void *voidContext,
                        const xmlChar *name)
 {
   Context *context = (Context *)voidContext;
@@ -173,7 +173,7 @@ static void handleCharacters(Context *context,
 //  libxml PCDATA callback function
 //
 
-static void characters(void *voidContext,
+static void Characters(void *voidContext,
                        const xmlChar *chars,
                        int length)
 {
@@ -215,10 +215,10 @@ static htmlSAXHandler saxHandler =
   NULL,
   NULL,
   NULL,
-  startElement,
+  StartElement,
-  endElement,
+  EndElement,
   NULL,
-  characters,
+  Characters,
   NULL,
   NULL,
   NULL,

docs/examples/opensslthreadlock.c

@@ -0,0 +1,77 @@
+/*****************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * $Id$
+ *
+ * Example source code to show one way to set the necessary OpenSSL locking
+ * callbacks if you want to do multi-threaded transfers with HTTPS/FTPS with
+ * libcurl built to use OpenSSL.
+ *
+ * This is not a complete stand-alone example.
+ *
+ * Author: Jeremy Brown
+ */
+
+#define MUTEX_TYPE       pthread_mutex_t
+#define MUTEX_SETUP(x)   pthread_mutex_init(&(x), NULL)
+#define MUTEX_CLEANUP(x) pthread_mutex_destroy(&(x))
+#define MUTEX_LOCK(x)    pthread_mutex_lock(&(x))
+#define MUTEX_UNLOCK(x)  pthread_mutex_unlock(&(x))
+#define THREAD_ID        pthread_self(  )
+
+
+void handle_error(const char *file, int lineno, const char *msg){
+     fprintf(stderr, ** %s:%i %s\n, file, lineno, msg);
+     ERR_print_errors_fp(stderr);
+     /* exit(-1); */
+ }
+
+/* This array will store all of the mutexes available to OpenSSL. */
+static MUTEX_TYPE *mutex_buf= NULL;
+
+
+static void locking_function(int mode, int n, const char * file, int line)
+{
+  if (mode & CRYPTO_LOCK)
+    MUTEX_LOCK(mutex_buf[n]);
+  else
+    MUTEX_UNLOCK(mutex_buf[n]);
+}
+
+static unsigned long id_function(void)
+{
+  return ((unsigned long)THREAD_ID);
+}
+
+int thread_setup(void)
+{
+  int i;
+
+  mutex_buf = (MUTEX_TYPE *)malloc(CRYPTO_num_locks(  ) * sizeof(MUTEX_TYPE));
+  if (!mutex_buf)
+    return 0;
+  for (i = 0;  i < CRYPTO_num_locks(  );  i++)
+    MUTEX_SETUP(mutex_buf[i]);
+  CRYPTO_set_id_callback(id_function);
+  CRYPTO_set_locking_callback(locking_function);
+  return 1;
+}
+
+int thread_cleanup(void)
+{
+  int i;
+
+  if (!mutex_buf)
+    return 0;
+  CRYPTO_set_id_callback(NULL);
+  CRYPTO_set_locking_callback(NULL);
+  for (i = 0;  i < CRYPTO_num_locks(  );  i++)
+    MUTEX_CLEANUP(mutex_buf[i]);
+  free(mutex_buf);
+  mutex_buf = NULL;
+  return 1;
+}

docs/libcurl/curl_easy_setopt.3

@@ -21,7 +21,7 @@
 .\" * $Id$
 .\" **************************************************************************
 .\"
-.TH curl_easy_setopt 3 "25 Jan 2005" "libcurl 7.13.0" "libcurl Manual"
+.TH curl_easy_setopt 3 "12 May 2005" "libcurl 7.14.0" "libcurl Manual"
 .SH NAME
 curl_easy_setopt - set options for a curl easy handle
 .SH SYNOPSIS
@@ -410,7 +410,7 @@ is a more secure way to do authentication over public networks than the
 regular old-fashioned Basic method.
 .IP CURLAUTH_GSSNEGOTIATE
 HTTP GSS-Negotiate authentication. The GSS-Negotiate (also known as plain
-"Negotiate") method was designed by Microsoft and is used in their web
+\&"Negotiate") method was designed by Microsoft and is used in their web
 applications. It is primarily meant as a support for Kerberos5 authentication
 but may be also used along with another authentication methods. For more
 information see IETF draft draft-brezak-spnego-http-04.txt.
@@ -442,7 +442,7 @@ use. Note that for some methods, this will induce an extra network
 round-trip. Set the actual name and password with the
 \fICURLOPT_PROXYUSERPWD\fP option. The bitmask can be constructed by or'ing
 together the bits listed above for the \fICURLOPT_HTTPAUTH\fP option. As of
-this writing, only Basic and NTLM work. (Added in 7.10.7)
+this writing, only Basic, Digest and NTLM work. (Added in 7.10.7)
 .SH HTTP OPTIONS
 .IP CURLOPT_AUTOREFERER
 Pass a non-zero parameter to enable this. When enabled, libcurl will
@@ -617,9 +617,9 @@ name of your file holding cookie data to read. The cookie data may be in
 Netscape / Mozilla cookie data format or just regular HTTP-style headers
 dumped to a file.
 
-Given an empty or non-existing file, this option will enable cookies for this
+Given an empty or non-existing file or by passing the empty string (""), this
-curl handle, making it understand and parse received cookies and then use
+option will enable cookies for this curl handle, making it understand and
-matching cookies in future request.
+parse received cookies and then use matching cookies in future request.
 .IP CURLOPT_COOKIEJAR
 Pass a file name as char *, zero terminated. This will make libcurl write all
 internally known cookies to the specified file when \fIcurl_easy_cleanup(3)\fP
@@ -996,28 +996,60 @@ operations.
 \fBNOTE:\fP If the crypto device cannot be set,
 \fICURLE_SSL_ENGINE_SETFAILED\fP is returned.
 .IP CURLOPT_SSLVERSION
-Pass a long as parameter. Set what version of SSL to attempt to use, 2 or
+Pass a long as parameter to control what version of SSL/TLS to attempt to use.
-3. By default, the SSL library will try to solve this by itself although some
+The available options are:
-servers make this difficult why you at times may have to use this option.
+.RS
+.IP CURL_SSLVERSION_DEFAULT
+The default action. When libcurl built with OpenSSL, this will attempt to
+figure out the remote SSL protocol version. Unfortunately there are a lot of
+ancient and broken servers in use which cannot handle this technique and will
+fail to connect. When libcurl is built with GnuTLS, this will mean SSLv3.
+.IP CURL_SSLVERSION_TLSv1
+Force TLSv1
+.IP CURL_SSLVERSION_SSLv2
+Force SSLv2
+.IP CURL_SSLVERSION_SSLv3
+Force SSLv3
+.RE
 .IP CURLOPT_SSL_VERIFYPEER
-Pass a long that is set to a zero value to stop curl from verifying the peer's
+Pass a long as parameter.
-certificate (7.10 starting setting this option to non-zero by default).
+
-Alternate certificates to verify against can be specified with the
+This option determines whether curl verifies the authenticity of the
-\fICURLOPT_CAINFO\fP option or a certificate directory can be specified with
+peer's certificate.  A nonzero value means curl verifies; zero means it
-the \fICURLOPT_CAPATH\fP option.  As of 7.10, curl installs a default bundle.
+doesn't.  The default is nonzero, but before 7.10, it was zero.
-\fICURLOPT_SSL_VERIFYHOST\fP may also need to be set to 1 or 0 if
+
-\fICURLOPT_SSL_VERIFYPEER\fP is disabled (it defaults to 2).
+When negotiating an SSL connection, the server sends a certificate
+indicating its identity.  Curl verifies whether the certificate is
+authentic, i.e. that you can trust that the server is who the
+certificate says it is.  This trust is based on a chain of digital
+signatures, rooted in certification authority (CA) certificates you
+supply.  As of 7.10, curl installs a default bundle of CA certificates
+and you can specify alternate certificates with the
+\fICURLOPT_CAINFO\fP option or the \fICURLOPT_CAPATH\fP option.
+
+When \fICURLOPT_SSL_VERIFYPEER\fP is nonzero, and the verification
+fails to prove that the certificate is authentic, the connection
+fails.  When the option is zero, the connection succeeds regardless.
+
+Authenticating the certificate is not by itself very useful.  You
+typically want to ensure that the server, as authentically identified
+by its certificate, is the server you mean to be talking to.  Use
+\fICURLOPT_SSL_VERIFYHOST\fP to control that.
 .IP CURLOPT_CAINFO
 Pass a char * to a zero terminated string naming a file holding one or more
-certificates to verify the peer with. This only makes sense when used in
+certificates to verify the peer with.  This makes sense only when used in
-combination with the \fICURLOPT_SSL_VERIFYPEER\fP option.
+combination with the \fICURLOPT_SSL_VERIFYPEER\fP option.  If
+\fICURLOPT_SSL_VERIFYPEER\fP is zero, \fICURLOPT_CAINFO\fP need not
+even indicate an accessible file.
 .IP CURLOPT_CAPATH
-Pass a char * to a zero terminated string naming a directory holding multiple
+Pass a char * to a zero terminated string naming a directory holding
-CA certificates to verify the peer with. The certificate directory must be
+multiple CA certificates to verify the peer with. The certificate
-prepared using the openssl c_rehash utility. This only makes sense when used
+directory must be prepared using the openssl c_rehash utility. This
-in combination with the \fICURLOPT_SSL_VERIFYPEER\fP option. The
+makes sense only when used in combination with the
-\fICURLOPT_CAPATH\fP function apparently does not work in Windows due to some
+\fICURLOPT_SSL_VERIFYPEER\fP option.  If \fICURLOPT_SSL_VERIFYPEER\fP
-limitation in openssl. (Added in 7.9.8)
+is zero, \fICURLOPT_CAPATH\fP need not even indicate an accessible
+path.  The \fICURLOPT_CAPATH\fP function apparently does not work in
+Windows due to some limitation in openssl. (Added in 7.9.8)
 .IP CURLOPT_RANDOM_FILE
 Pass a char * to a zero terminated file name. The file will be used to read
 from to seed the random engine for SSL. The more random the specified file is,
@@ -1026,9 +1058,34 @@ the more secure the SSL connection will become.
 Pass a char * to the zero terminated path name to the Entropy Gathering Daemon
 socket. It will be used to seed the random engine for SSL.
 .IP CURLOPT_SSL_VERIFYHOST
-Pass a long. Set if we should verify the Common name from the peer certificate
+Pass a long as parameter.
-in the SSL handshake, set 1 to check existence, 2 to ensure that it matches
+
-the provided hostname. This is by default set to 2. (default changed in 7.10)
+This option determines whether curl verifies that the server claims to be
+who you want it to be.
+
+When negotiating an SSL connection, the server sends a certificate
+indicating its identity.
+
+When \fICURLOPT_SSL_VERIFYHOST\fP is 2, that certificate must indicate
+that the server is the server to which you meant to connect, or the
+connection fails.
+
+Curl considers the server the intended one when the Common Name field
+or a Subject Alternate Name field in the certificate matches the host
+name in the URL to which you told Curl to connect.
+
+When the value is 1, the certificate must contain a Common Name field,
+but it doesn't matter what name it says.  (This is not ordinarily a
+useful setting).
+
+When the value is 0, the connection succeeds regardless of the names in
+the certificate.
+
+The default, since 7.10, is 2.
+
+The checking this option controls is of the identity that the server
+\fIclaims\fP.  The server could be lying.  To control lying, see
+\fICURLOPT_SSL_VERIFYPEER\fP.
 .IP CURLOPT_SSL_CIPHER_LIST
 Pass a char *, pointing to a zero terminated string holding the list of
 ciphers to use for the SSL connection. The list must be syntactically correct,

docs/libcurl/curl_getdate.3

@@ -41,9 +41,9 @@ general you should instead use the specific relative time compared to
 UTC. Supported formats include: -1200, MST, +0100.
 .TP
 .B day of the week items
-Specifies a day of the week. Days of the week may be spelled out in full:
+Specifies a day of the week. Days of the week may be spelled out in full
-`Sunday', `Monday', etc or they may be abbreviated to their first three
+(using english): `Sunday', `Monday', etc or they may be abbreviated to their
-letters. This is usually not info that adds anything.
+first three letters. This is usually not info that adds anything.
 .TP
 .B pure numbers
 If a decimal number of the form YYYYMMDD appears, then YYYY is read as the
@@ -85,7 +85,12 @@ This function returns -1 when it fails to parse the date string. Otherwise it
 returns the number of seconds as described.
 
 If the year is larger than 2037 on systems with 32 bit time_t, this function
-will return 0x7fffffff (since that is the largest possible 31 bit number).
+will return 0x7fffffff (since that is the largest possible signed 32 bit
+number).
+
+Having a 64 bit time_t is not a guarantee that dates beyond 03:14:07 UTC,
+January 19, 2038 will work fine. On systems with a 64 bit time_t but with a
+crippled mktime(), \fIcurl_getdate\fP will return -1 in this case.
 .SH REWRITE
 The former version of this function was built with yacc and was not only very
 large, it was also never quite understood and it wasn't possible to build with

docs/libcurl/curl_multi_fdset.3

@@ -1,6 +1,6 @@
 .\" $Id$
 .\"
-.TH curl_multi_fdset 3 "15 Apr 2004" "libcurl 7.9.5" "libcurl Manual"
+.TH curl_multi_fdset 3 "25 Apr 2005" "libcurl 7.9.5" "libcurl Manual"
 .SH NAME
 curl_multi_fdset - extracts file descriptor information from a multi handle
 .SH SYNOPSIS
@@ -15,15 +15,21 @@ CURLMcode curl_multi_fdset(CURLM *multi_handle,
 .ad
 .SH DESCRIPTION
 This function extracts file descriptor information from a given multi_handle.
-libcurl returns its fd_set sets. The application can use these to select()
+libcurl returns its fd_set sets. The application can use these to select() on,
-on. The \fIcurl_multi_perform(3)\fP function should be called as soon as one
+but be sure to FD_ZERO them before calling this function as
-of them are ready to be read from or written to.
+\fIcurl_multi_fdset(3)\fP only adds its own descriptors it doesn't zero or
+otherwise remove any other. The \fIcurl_multi_perform(3)\fP function should be
+called as soon as one of them are ready to be read from or written to.
+
+If no file descriptors are set by libcurl, \fImax_fd\fP will contain -1 when
+this function returns. Otherwise it will contain the higher descriptor number
+libcurl set.
 
 You should also be aware that when doing select(), you should consider using a
 rather small (single-digit number of seconds) timeout and call
 \fIcurl_multi_perform\fP regularly - even if no activity has been seen on the
 fd_sets - as otherwise libcurl-internal retries and timeouts may not work as
-you'd think.
+you'd think and want.
 .SH RETURN VALUE
 CURLMcode type, general libcurl multi interface error code. See
 \fIlibcurl-errors(3)\fP

docs/libcurl/curl_version_info.3

@@ -1,8 +1,6 @@
-.\" You can view this file with:
-.\" nroff -man [file]
 .\" $Id$
 .\"
-.TH curl_version_info 3 "11 May 2004" "libcurl 7.12" "libcurl Manual"
+.TH curl_version_info 3 "11 Mar 2005" "libcurl 7.13.2" "libcurl Manual"
 .SH NAME
 curl_version_info - returns run-time libcurl version info
 .SH SYNOPSIS
@@ -36,7 +34,7 @@ typedef struct {
   const char *host;         /* human readable string */
   int features;             /* bitmask, see below */
   char *ssl_version;        /* human readable string */
-  long ssl_version_num;     /* number */
+  long ssl_version_num;     /* not used, always zero */
   const char *libz_version; /* human readable string */
   const char **protocols;   /* list of protocols */
 
@@ -73,9 +71,9 @@ supports IPv6
 .IP CURL_VERSION_KERBEROS4
 supports kerberos4 (when using FTP)
 .IP CURL_VERSION_SSL
-supports SSL (HTTPS/FTPS)
+supports SSL (HTTPS/FTPS) (Added in 7.10)
 .IP CURL_VERSION_LIBZ
-supports HTTP deflate using libz
+supports HTTP deflate using libz (Added in 7.10)
 .IP CURL_VERSION_NTLM
 supports HTTP NTLM (added in 7.10.6)
 .IP CURL_VERSION_GSSNEGOTIATE
@@ -91,10 +89,15 @@ interface. (added in 7.10.7)
 libcurl was built with support for SPNEGO authentication (Simple and Protected
 GSS-API Negotiation Mechanism, defined in RFC 2478.) (added in 7.10.8)
 .IP CURL_VERSION_LARGEFILE
-libcurl was built with support for large files.
+libcurl was built with support for large files. (Added in 7.11.1)
 .IP CURL_VERSION_IDN
 libcurl was built with support for IDNA, domain names with international
-letters.
+letters. (Added in 7.12.0)
+.IP CURL_VERSION_SSPI
+libcurl was built with support for SSPI. This is only available on Windows and
+makes libcurl use Windows-provided functions for NTLM authentication. It also
+allows libcurl to use the current user and the current user's password without
+the app having to pass them on. (Added in 7.13.2)
 .RE
 \fIssl_version\fP is an ascii string for the OpenSSL version used. If libcurl
 has no SSL support, this is NULL.

docs/libcurl/libcurl-errors.3

@@ -2,7 +2,7 @@
 .\" nroff -man [file]
 .\" $Id$
 .\"
-.TH libcurl-errors 3 "27 Apr 2004" "libcurl 7.12" "libcurl errors"
+.TH libcurl-errors 3 "9 Feb 2005" "libcurl 7.13.1" "libcurl errors"
 .SH NAME
 libcurl-errors \- error codes in libcurl
 .SH DESCRIPTION
@@ -187,6 +187,13 @@ Invalid LDAP URL
 Maximum file size exceeded
 .IP "CURLE_FTP_SSL_FAILED (64)"
 Requested FTP SSL level failed
+.IP "CURLE_SEND_FAIL_REWIND (65)"
+When doing a send operation curl had to rewind the data to retransmit, but the
+rewinding operation failed
+.IP "CURLE_SSL_ENGINE_INITFAILED (66)"
+Initiating the SSL Engine failed
+.IP "CURLE_LOGIN_DENIED (67)"
+The remote server denied curl to login (Added in 7.13.1)
 .SH "CURLMcode"
 This is the generic return code used by functions in the libcurl multi
 interface. Also consider \fIcurl_multi_strerror(3)\fI.

docs/libcurl/libcurl-tutorial.3

@@ -21,7 +21,7 @@
 .\" * $Id$
 .\" **************************************************************************
 .\"
-.TH libcurl-tutorial 3 "25 Jan 2005" "libcurl" "libcurl programming"
+.TH libcurl-tutorial 3 "9 May 2005" "libcurl" "libcurl programming"
 .SH NAME
 libcurl-tutorial \- libcurl programming tutorial
 .SH "Objective"
@@ -246,17 +246,27 @@ you intend to make another transfer. libcurl will then attempt to re-use the
 previous
 
 .SH "Multi-threading Issues"
-libcurl is completely thread safe, except for two issues: signals and alarm
+The first basic rule is that you must \fBnever\fP share a libcurl handle (be
-handlers. Signals are needed for a SIGPIPE handler, and the alarm() call is
+it easy or multi or whatever) between multiple threads. Only use one handle in
-used to deal with timeouts (during DNS lookup).
+one thread at a time.
+
+libcurl is completely thread safe, except for two issues: signals and SSL/TLS
+handlers. Signals are used timeouting name resolves (during DNS lookup) - when
+built without c-ares support and not on Windows..
 
 If you are accessing HTTPS or FTPS URLs in a multi-threaded manner, you are
-then of course using OpenSSL multi-threaded and it has itself a few
+then of course using OpenSSL/GnuTLS multi-threaded and those libs have their
-requirements on this. Basically, you need to provide one or two functions to
+own requirements on this issue. Basically, you need to provide one or two
-allow it to function properly. For all details, see this:
+functions to allow it to function properly. For all details, see this:
+
+OpenSSL
 
    http://www.openssl.org/docs/crypto/threads.html#DESCRIPTION
 
+GnuTLS
+
+ http://www.gnu.org/software/gnutls/manual/html_node/Multi_002dthreaded-applications.html
+
 When using multiple threads you should set the CURLOPT_NOSIGNAL option to
 TRUE for all handles. Everything will work fine except that timeouts are not
 honored during the DNS lookup - which you can work around by building libcurl

include/curl/curl.h

@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2004, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -245,7 +245,9 @@ typedef enum {
   CURLE_COULDNT_RESOLVE_HOST,    /* 6 */
   CURLE_COULDNT_CONNECT,         /* 7 */
   CURLE_FTP_WEIRD_SERVER_REPLY,  /* 8 */
-  CURLE_FTP_ACCESS_DENIED,       /* 9 */
+  CURLE_FTP_ACCESS_DENIED,       /* 9 a service was denied by the FTP server
+                                    due to lack of access - when login fails
+                                    this is not returned. */
   CURLE_FTP_USER_PASSWORD_INCORRECT, /* 10 */
   CURLE_FTP_WEIRD_PASS_REPLY,    /* 11 */
   CURLE_FTP_WEIRD_USER_REPLY,    /* 12 */
@@ -305,6 +307,8 @@ typedef enum {
   CURLE_SEND_FAIL_REWIND,        /* 65 - Sending the data requires a rewind
                                     that failed */
   CURLE_SSL_ENGINE_INITFAILED,   /* 66 - failed to initialise ENGINE */
+  CURLE_LOGIN_DENIED,            /* 67 - user, password or similar was not
+                                    accepted and we failed to login */
   CURL_LAST /* never use! */
 } CURLcode;
 
@@ -1354,7 +1358,7 @@ typedef struct {
   const char *host;         /* OS/host/cpu/machine when configured */
   int features;             /* bitmask, see defines below */
   const char *ssl_version;  /* human readable string */
-  long ssl_version_num;     /* number */
+  long ssl_version_num;     /* not used anymore, always 0 */
   const char *libz_version; /* human readable string */
   /* protocols is terminated by an entry with a NULL protoname */
   const char * const *protocols;
@@ -1378,6 +1382,7 @@ typedef struct {
 #define CURL_VERSION_SPNEGO    (1<<8)  /* SPNEGO auth */
 #define CURL_VERSION_LARGEFILE (1<<9)  /* supports files bigger than 2GB */
 #define CURL_VERSION_IDN       (1<<10) /* International Domain Names support */
+#define CURL_VERSION_SSPI      (1<<11) /* SSPI is supported */
 
 /*
  * NAME curl_version_info()

include/curl/curlver.h

@@ -28,7 +28,7 @@
 
 /* This is the version number of the libcurl package from which this header
    file origins: */
-#define LIBCURL_VERSION "7.13.1-CVS"
+#define LIBCURL_VERSION "7.14.0-CVS"
 
 /* This is the numeric version of the libcurl version number, meant for easier
    parsing and comparions by programs. The LIBCURL_VERSION_NUM define will
@@ -44,12 +44,12 @@
    always a greater number in a more recent release. It makes comparisons with
    greater than and less than work.
 */
-#define LIBCURL_VERSION_NUM 0x070d01
+#define LIBCURL_VERSION_NUM 0x070e00
 
 /* The numeric version number is also available "in parts" by using these
    defines: */
 #define LIBCURL_VERSION_MAJOR 7
-#define LIBCURL_VERSION_MINOR 13
+#define LIBCURL_VERSION_MINOR 14
-#define LIBCURL_VERSION_PATCH 1
+#define LIBCURL_VERSION_PATCH 0
 
 #endif /* __CURL_CURLVER_H */

include/curl/multi.h

@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2004, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -23,16 +23,8 @@
  * $Id$
  ***************************************************************************/
 /*
-  This is meant to be the "external" header file. Don't give away any
+  This is an "external" header file. Don't give away any internals here!
-  internals here!
 
-  This document presents a mixture of ideas from at least:
-  - Daniel Stenberg
-  - Steve Dekorte
-  - Sterling Hughes
-  - Ben Greear
-
-  -------------------------------------------
   GOALS
 
   o Enable a "pull" interface. The application that uses libcurl decides where
@@ -82,6 +74,22 @@ extern "C" {
 
 typedef void CURLM;
 
+#ifdef HAVE_CURL_MULTI_SOCKET /* this is not set by anything yet */
+
+#ifndef curl_socket_typedef
+/* Public socket typedef */
+#ifdef WIN32
+typedef SOCKET curl_socket_t;
+#define CURL_SOCKET_BAD INVALID_SOCKET
+#else
+typedef int curl_socket_t;
+#define CURL_SOCKET_BAD -1
+#endif
+#define curl_socket_typedef
+#endif /* curl_socket_typedef */
+
+#endif /* HAVE_CURL_MULTI_SOCKET */
+
 typedef enum {
   CURLM_CALL_MULTI_PERFORM=-1, /* please call curl_multi_perform() soon */
   CURLM_OK,
@@ -113,6 +121,7 @@ typedef struct CURLMsg CURLMsg;
  * Name:    curl_multi_init()
  *
  * Desc:    inititalize multi-style curl usage
+ *
  * Returns: a new CURLM handle to use in all 'curl_multi' functions.
  */
 CURL_EXTERN CURLM *curl_multi_init(void);
@@ -121,6 +130,7 @@ CURL_EXTERN CURLM *curl_multi_init(void);
  * Name:    curl_multi_add_handle()
  *
  * Desc:    add a standard curl handle to the multi stack
+ *
  * Returns: CURLMcode type, general multi error code.
  */
 CURL_EXTERN CURLMcode curl_multi_add_handle(CURLM *multi_handle,
@@ -130,6 +140,7 @@ CURL_EXTERN CURLMcode curl_multi_add_handle(CURLM *multi_handle,
   * Name:    curl_multi_remove_handle()
   *
   * Desc:    removes a curl handle from the multi stack again
+  *
   * Returns: CURLMcode type, general multi error code.
   */
 CURL_EXTERN CURLMcode curl_multi_remove_handle(CURLM *multi_handle,
@@ -141,6 +152,7 @@ CURL_EXTERN CURLMcode curl_multi_remove_handle(CURLM *multi_handle,
   * Desc:    Ask curl for its fd_set sets. The app can use these to select() or
   *          poll() on. We want curl_multi_perform() called as soon as one of
   *          them are ready.
+  *
   * Returns: CURLMcode type, general multi error code.
   */
 CURL_EXTERN CURLMcode curl_multi_fdset(CURLM *multi_handle,
@@ -175,6 +187,7 @@ CURL_EXTERN CURLMcode curl_multi_perform(CURLM *multi_handle,
   *          touch any individual easy handles in any way. We need to define
   *          in what state those handles will be if this function is called
   *          in the middle of a transfer.
+  *
   * Returns: CURLMcode type, general multi error code.
   */
 CURL_EXTERN CURLMcode curl_multi_cleanup(CURLM *multi_handle);
@@ -211,16 +224,107 @@ CURL_EXTERN CURLMsg *curl_multi_info_read(CURLM *multi_handle,
                                           int *msgs_in_queue);
 
 /*
- * NAME curl_multi_strerror()
+ * Name:    curl_multi_strerror()
  *
- * DESCRIPTION
+ * Desc:    The curl_multi_strerror function may be used to turn a CURLMcode
+ *          value into the equivalent human readable error string.  This is
+ *          useful for printing meaningful error messages.
  *
- * The curl_multi_strerror function may be used to turn a CURLMcode value
+ * Returns: A pointer to a zero-terminated error message.
- * into the equivalent human readable error string.  This is useful
- * for printing meaningful error messages.
  */
 CURL_EXTERN const char *curl_multi_strerror(CURLMcode);
 
+#ifdef HAVE_CURL_MULTI_SOCKET
+/*
+ * Name:    curl_multi_socket() and
+ *          curl_multi_socket_all()
+ *
+ * Desc:    An alternative version of curl_multi_perform() that allows the
+ *          application to pass in one of the file descriptors that have been
+ *          detected to have "action" on them and let libcurl perform. This
+ *          allows libcurl to not have to scan through all possible file
+ *          descriptors to check for this. The app is recommended to pass in
+ *          the 'easy' argument (or set it to CURL_EASY_NONE) to make libcurl
+ *          figure out the internal structure even faster and easier.  If the
+ *          easy argument is set to something else than CURL_EASY_NONE, the
+ *          's' (socket) argument will be ignored by libcurl.
+ *
+ *          It also informs the application about updates in the socket (file
+ *          descriptor) status by doing none, one or multiple calls to the
+ *          curl_socket_callback. It thus updates the status with changes
+ *          since the previous time this function was used. If 'callback' is
+ *          NULL, no callback will be called. A status change may also be a
+ *          new timeout only, having the same IN/OUT status as before.
+ *
+ *          If a previous wait for socket action(s) timed out, you should call
+ *          this function with the socket argument set to
+ *          CURL_SOCKET_TIMEOUT. If you want to force libcurl to (re-)check
+ *          all its internal sockets, and call the callback with status for
+ *          all sockets no matter what the previous state is, you call
+ *          curl_multi_socket_all() instead.
+ *
+ *          curl_multi_perform() is thus the equivalent of calling
+ *          curl_multi_socket_all(handle, NULL, NULL);
+ *
+ *          IMPLEMENTATION: libcurl will need an internal hash table to map
+ *          socket numbers to internal easy handles for the cases when 'easy'
+ *          is set to CURL_EASY_NONE.
+ *
+ *          Regarding the timeout argument in the callback: it is the timeout
+ *          (in milliseconds) for waiting on action on this socket (and the
+ *          given time period starts when the callback is called) until you
+ *          should call curl_multi_socket() with the timeout stuff mentioned
+ *          above. If "actions" happens on the socket before the timeout
+ *          happens, remember that the timout timer keeps ticking until told
+ *          otherwise.
+ *
+ *          The "what" argument has one of five values:
+ *
+ *            0 CURL_POLL_NONE (0)   - register, not interested in readiness
+ *            1 CURL_POLL_IN         - register, interested in read readiness
+ *            2 CURL_POLL_OUT        - register, interested in write readiness
+ *            3 CURL_POLL_INOUT      - register, interested in both
+ *            4 CURL_POLL_REMOVE     - deregister
+ */
+#define CURL_POLL_NONE   0
+#define CURL_POLL_IN     1
+#define CURL_POLL_OUT    2
+#define CURL_POLL_INOUT  3
+#define CURL_POLL_REMOVE 4
+
+#define CURL_EASY_NONE (CURL *)0
+#define CURL_EASY_TIMEOUT (CURL *)0
+#define CURL_SOCKET_TIMEOUT CURL_SOCKET_BAD
+
+typedef int (*curl_socket_callback)(CURL *easy,      /* easy handle */
+                                    curl_socket_t s, /* socket */
+                                    int what,        /* see above */
+                                    long ms,         /* timeout for wait */
+                                    void *userp);    /* "private" pointer */
+
+CURLMcode curl_multi_socket(CURLM *multi_handle,
+                            curl_socket_t s,
+                            CURL *easy,
+                            curl_socket_callback callback,
+                            void *userp); /* passed to callback */
+
+CURLMcode curl_multi_socket_all(CURLM *multi_handle,
+                                curl_socket_callback callback,
+                                void *userp); /* passed to callback */
+
+/*
+ * Name:    curl_multi_timeout()
+ *
+ * Desc:    Returns the maximum number of milliseconds the app is allowed to
+ *          wait before curl_multi_socket() or curl_multi_perform() must be
+ *          called (to allow libcurl's timed events to take place).
+ *
+ * Returns: CURLM error code.
+ */
+CURLMcode curl_multi_timeout(CURLM *multi_handle, long *milliseconds);
+
+#endif /* HAVE_CURL_MULTI_SOCKET */
+
 #ifdef __cplusplus
 } /* end of extern "C" */
 #endif

lib/Makefile.Watcom

@@ -43,7 +43,8 @@ OBJS = $(OBJ_DIR)\transfer.obj         $(OBJ_DIR)\file.obj       &
        $(OBJ_DIR)\hostip4.obj          $(OBJ_DIR)\hostthre.obj   &
        $(OBJ_DIR)\hostip6.obj          $(OBJ_DIR)\inet_ntop.obj  &
        $(OBJ_DIR)\hostsyn.obj          $(OBJ_DIR)\parsedate.obj  &
-       $(OBJ_DIR)\select.obj
+       $(OBJ_DIR)\select.obj           $(OBJ_DIR)\sslgen.obj     &
+       $(OBJ_DIR)\gtls.obj
 
 RESOURCE = $(OBJ_DIR)\libcurl.res
 
@@ -355,3 +356,9 @@ $(OBJ_DIR)\parsedate.obj: parsedate.c setup.h config-win32.h ..\include\curl\cur
   ..\include\curl\multi.h ..\include\curl\curl.h
 
 $(OBJ_DIR)\select.obj: select.c setup.h config-win32.h select.h
+
+$(OBJ_DIR)\gtls.obj: gtls.c setup.h config-win32.h
+
+$(OBJ_DIR)\sslgen.obj: sslgen.c setup.h config-win32.h urldata.h cookie.h &
+  formdata.h timeval.h http_chunks.h hostip.h hash.h llist.h sslgen.h &
+  ssluse.h gtls.h sendf.h strequal.h url.h memory.h memdebug.h

lib/Makefile.am

@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2004, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -25,7 +25,7 @@ AUTOMAKE_OPTIONS = foreign nostdinc
 DSP = curllib.dsp
 
 EXTRA_DIST = Makefile.b32 Makefile.m32 Makefile.vc6 Makefile.riscos $(DSP)    \
- curllib.dsw config-vms.h config-win32.h config-win32ce.h config-riscos.h     \
+ curllib.dsw config-win32.h config-win32ce.h config-riscos.h     \
  config-mac.h config.h.in ca-bundle.crt README.encoding README.memoryleak     \
  README.ares README.curlx makefile.dj config.dj libcurl.framework.make	      \
  libcurl.plist libcurl.rc config-amigaos.h amigaos.c amigaos.h makefile.amiga \

lib/Makefile.inc

@@ -8,13 +8,15 @@ CSOURCES = file.c timeval.c base64.c hostip.c progress.c formdata.c	\
   content_encoding.c share.c http_digest.c md5.c http_negotiate.c	\
   http_ntlm.c inet_pton.c strtoofft.c strerror.c hostares.c hostasyn.c	\
   hostip4.c hostip6.c hostsyn.c hostthre.c inet_ntop.c parsedate.c	\
-  select.c
+  select.c gtls.c sslgen.c
 
 HHEADERS = arpa_telnet.h netrc.h file.h timeval.h base64.h hostip.h	\
   progress.h formdata.h cookie.h http.h sendf.h ftp.h url.h dict.h	\
   if2ip.h speedcheck.h urldata.h ldap.h ssluse.h escape.h telnet.h	\
-  getinfo.h strequal.h security.h krb4.h memdebug.h inet_ntoa_r.h	\
+  getinfo.h strequal.h krb4.h memdebug.h inet_ntoa_r.h \
   http_chunks.h strtok.h connect.h llist.h hash.h content_encoding.h	\
   share.h md5.h http_digest.h http_negotiate.h http_ntlm.h ca-bundle.h	\
   inet_pton.h strtoofft.h strerror.h inet_ntop.h curlx.h memory.h	\
-  setup.h transfer.h select.h easyif.h multiif.h
+  setup.h transfer.h select.h easyif.h multiif.h parsedate.h sslgen.h   \
+  gtls.h
+

lib/Makefile.netware

@@ -13,11 +13,11 @@ NDKBASE	= c:/novell
 endif
 
 # Edit the path below to point to the base of your Zlib sources.
-#ZLIB_PATH = ../../zlib-1.2.1
+#ZLIB_PATH = ../../zlib-1.2.2
 
 # Edit the path below to point to the base of your OpenSSL package.
 ifndef OPENSSL_PATH
-OPENSSL_PATH = ../../openssl-0.9.7d
+OPENSSL_PATH = ../../openssl-0.9.7g
 endif
 
 ifndef INSTDIR
@@ -27,7 +27,7 @@ endif
 # Edit the vars below to change NLM target settings.
 TARGET  = libcurl
 VERSION	= $(LIBCURL_VERSION)
-COPYR	= Copyright (c) 1996 - 2004, Daniel Stenberg, <daniel@haxx.se>
+COPYR	= Copyright (C) 1996 - 2005, Daniel Stenberg, <daniel@haxx.se>
 DESCR	= cURL libcurl $(LIBCURL_VERSION_STR) - http://curl.haxx.se
 MTSAFE	= YES
 STACK	= 64000
@@ -336,6 +336,14 @@ config.h: Makefile.netware
 	@echo $(DL)#define SIZEOF_CURL_OFF_T 4$(DL) >> $@
 	@echo $(DL)#define STDC_HEADERS 1$(DL) >> $@
 	@echo $(DL)#define TIME_WITH_SYS_TIME 1$(DL) >> $@
+ifdef DISABLE_LDAP
+	@echo $(DL)#define CURL_DISABLE_LDAP 1$(DL) >> $@
+else
+	@echo $(DL)#define DL_LDAP_FILE "lldapsdk.nlm"$(DL) >> $@
+endif
+ifdef ENABLE_IPV6
+	@echo $(DL)#define ENABLE_IPV6 1$(DL) >> $@
+endif
 ifdef NW_WINSOCK
 	@echo $(DL)#define HAVE_CLOSESOCKET 1$(DL) >> $@
 else

lib/Makefile.riscos

@@ -12,7 +12,7 @@ objs =	o.base64 o.connect o.cookie o.dict \
 	o.memdebug o.mprintf o.netrc o.parsedate o.progress \
 	o.security o.select o.sendf o.speedcheck o.ssluse \
 	o.strequal o.strtok o.telnet o.timeval \
-	o.transfer o.url o.version o.strtoofft
+	o.transfer o.url o.version o.strtoofft o.sslgen o.gtls
 
 # Compile options:
 linkopts	= -o libcurl
@@ -119,6 +119,12 @@ o.sendf:	c.sendf
 o.speedcheck:	c.speedcheck
 		gcc $(compileropts) -c -o speedcheck.o c.speedcheck
 
+o.gtls:	c.gtls
+		gcc $(compileropts) -c -o gtls.o c.gtls
+
+o.sslgen:	c.sslgen
+		gcc $(compileropts) -c -o sslgen.o c.sslgen
+
 o.ssluse:	c.ssluse
 		gcc $(compileropts) -c -o ssluse.o c.ssluse
 

lib/Makefile.vc6

@@ -42,6 +42,24 @@ OPENSSL_PATH   = ../../openssl-0.9.7e
 ZLIB_PATH  = ../../zlib-1.2.1
 !ENDIF
 
+# USE_WINDOWS_SSPI uses windows libraries to allow NTLM authentication
+# without an openssl installation and offers the ability to authenticate
+# using the "current logged in user".  It does however require that the
+# Windows SDK be installed.
+#
+# If, for some reason the Windows SDK is installed but not installed
+# in the default location, you can specify WINDOWS_SDK_PATH.
+# It can be downloaded from:
+# http://www.microsoft.com/msdownload/platformsdk/sdkupdate/
+
+# USE_WINDOWS_SSPI = 1
+
+!IFDEF WINDOWS_SSPI
+!IFNDEF WINDOWS_SDK_PATH
+WINDOWS_SDK_PATH = "C:\Program Files\Microsoft SDK"
+!ENDIF
+!ENDIF
+
 # Use the high resolution time by default.  Comment this out to use low
 # resolution time and not require winmm.lib
 USEMM_LIBS = YES
@@ -54,6 +72,7 @@ CCDEBUG    = cl.exe /MDd /Od /Gm /Zi /D_DEBUG /GZ
 CFLAGSSSL  = /DUSE_SSLEAY /I "$(OPENSSL_PATH)/inc32" /I "$(OPENSSL_PATH)/inc32/openssl"
 CFLAGSZLIB = /DHAVE_ZLIB_H /DHAVE_ZLIB /DHAVE_LIBZ /I "$(ZLIB_PATH)"
 CFLAGS     = /I. /I../include /nologo /W3 /GX /DWIN32 /YX /FD /c /DBUILDING_LIBCURL
+CFLAGSLIB  = /DCURL_STATICLIB
 LNKDLL     = link.exe /DLL
 LNKLIB     = link.exe /lib
 LFLAGS     = /nologo
@@ -69,6 +88,11 @@ CFLAGS     = $(CFLAGS) /DWITHOUT_MM_LIB
 #  RSAglue.lib was formerly needed in the SSLLIBS
 CFGSET     = FALSE
 
+!IFDEF WINDOWS_SSPI
+CFLAGS = $(CFLAGS) /DUSE_WINDOWS_SSPI /I$(WINDOWS_SDK_PATH)\include
+LFLAGS = $(LFLAGS) $(WINDOWS_SDK_PATH)\lib\secur32.lib
+!ENDIF
+
 ######################
 # release
 
@@ -76,7 +100,7 @@ CFGSET     = FALSE
 TARGET = $(LIB_NAME).lib
 DIROBJ = $(CFG)
 LNK    = $(LNKLIB) /out:$(DIROBJ)\$(TARGET)
-CC     = $(CCNODBG)
+CC     = $(CCNODBG) $(CFLAGSLIB)
 CFGSET = TRUE
 !ENDIF
 
@@ -88,7 +112,7 @@ TARGET   = $(LIB_NAME).lib
 DIROBJ   = $(CFG)
 LFLAGSZLIB = "/LIBPATH:$(ZLIB_PATH)"
 LNK      = $(LNKLIB) $(ZLIBLIBS) $(LFLAGSZLIB) /out:$(DIROBJ)\$(TARGET)
-CC       = $(CCNODBG) $(CFLAGSZLIB)
+CC       = $(CCNODBG) $(CFLAGSZLIB) $(CFLAGSLIB)
 CFGSET   = TRUE
 !ENDIF
 
@@ -112,7 +136,7 @@ TARGET   = $(LIB_NAME).lib
 DIROBJ   = $(CFG)
 LFLAGSSSL = "/LIBPATH:$(OPENSSL_PATH)\out32"
 LNK      = $(LNKLIB) $(LFLAGSSSL) /out:$(DIROBJ)\$(TARGET)
-CC       = $(CCNODBG) $(CFLAGSSSL)
+CC       = $(CCNODBG) $(CFLAGSSSL) $(CFLAGSLIB)
 CFGSET   = TRUE
 !ENDIF
 
@@ -120,10 +144,10 @@ CFGSET   = TRUE
 # release-ssl-dll
 
 !IF "$(CFG)" == "release-ssl-dll"
-TARGET   = $(LIB_NAME).lib
+TARGET   = $(LIB_NAME).dll
 DIROBJ   = $(CFG)
 LFLAGSSSL = "/LIBPATH:$(OPENSSL_PATH)\out32dll"
-LNK      = $(LNKLIB) $(WINLIBS) $(SSLLIBS) $(LFLAGSSSL) /out:$(DIROBJ)\$(TARGET)
+LNK      = $(LNKDLL) $(WINLIBS) /out:$(DIROBJ)\$(TARGET) $(SSLLIBS) $(LFLAGSSSL) /IMPLIB:$(DIROBJ)\$(IMPLIB_NAME).lib
 CC       = $(CCNODBG) $(CFLAGSSSL)
 CFGSET   = TRUE
 !ENDIF
@@ -137,7 +161,7 @@ DIROBJ   = $(CFG)
 LFLAGSSSL = "/LIBPATH:$(OPENSSL_PATH)\out32"
 LFLAGSZLIB = "/LIBPATH:$(ZLIB_PATH)"
 LNK      = $(LNKLIB) $(LFLAGSSSL) $(LFLAGSZLIB) /out:$(DIROBJ)\$(TARGET)
-CC       = $(CCNODBG) $(CFLAGSSSL) $(CFLAGSZLIB)
+CC       = $(CCNODBG) $(CFLAGSSSL) $(CFLAGSZLIB) $(CFLAGSLIB)
 CFGSET   = TRUE
 !ENDIF
 
@@ -162,7 +186,7 @@ TARGET   = $(LIB_NAME).lib
 DIROBJ   = $(CFG)
 LFLAGSZLIB = "/LIBPATH:$(ZLIB_PATH)"
 LNK      = $(LNKLIB) $(WINLIBS) $(ZLIBLIBSDLL) $(LFLAGSZLIB) /out:$(DIROBJ)\$(TARGET)
-CC       = $(CCNODBG) $(CFLAGSZLIB)
+CC       = $(CCNODBG) $(CFLAGSZLIB) $(CFLAGSLIB)
 CFGSET   = TRUE
 !ENDIF
 
@@ -175,7 +199,7 @@ DIROBJ   = $(CFG)
 LFLAGSZLIB = "/LIBPATH:$(ZLIB_PATH)"
 LFLAGSSSL = "/LIBPATH:$(OPENSSL_PATH)\out32dll"
 LNK      = $(LNKLIB) $(WINLIBS) $(SSLLIBS) $(ZLIBLIBSDLL) $(LFLAGSSSL) $(LFLAGSZLIB) /out:$(DIROBJ)\$(TARGET)
-CC       = $(CCNODBG) $(CFLAGSSSL) $(CFLAGSZLIB)
+CC       = $(CCNODBG) $(CFLAGSSSL) $(CFLAGSZLIB) $(CFLAGSLIB)
 CFGSET   = TRUE
 !ENDIF
 
@@ -213,7 +237,7 @@ RESOURCE = $(DIROBJ)\libcurl.res
 TARGET = $(LIB_NAME_DEBUG).lib
 DIROBJ = $(CFG)
 LNK    = $(LNKLIB) /out:$(DIROBJ)\$(TARGET)
-CC     = $(CCDEBUG)
+CC     = $(CCDEBUG) $(CFLAGSLIB)
 CFGSET = TRUE
 !ENDIF
 
@@ -225,7 +249,7 @@ TARGET   = $(LIB_NAME_DEBUG).lib
 DIROBJ   = $(CFG)
 LFLAGSSSL = "/LIBPATH:$(OPENSSL_PATH)\out32"
 LNK      = $(LNKLIB) $(SSLLIBS) $(LFLAGSSSL) /out:$(DIROBJ)\$(TARGET)
-CC       = $(CCDEBUG) $(CFLAGSSSL)
+CC       = $(CCDEBUG) $(CFLAGSSSL) $(CFLAGSLIB)
 CFGSET   = TRUE
 !ENDIF
 
@@ -237,7 +261,7 @@ TARGET   = $(LIB_NAME_DEBUG).lib
 DIROBJ   = $(CFG)
 LFLAGSZLIB = "/LIBPATH:$(ZLIB_PATH)"
 LNK      = $(LNKLIB) $(ZLIBLIBS) $(LFLAGSZLIB) /out:$(DIROBJ)\$(TARGET)
-CC       = $(CCDEBUG) $(CFLAGSZLIB)
+CC       = $(CCDEBUG) $(CFLAGSZLIB) $(CFLAGSLIB)
 CFGSET   = TRUE
 !ENDIF
 
@@ -249,7 +273,7 @@ TARGET   = $(LIB_NAME_DEBUG).lib
 DIROBJ   = $(CFG)
 LFLAGSSSL = /LIBPATH:$(OPENSSL_PATH)\out32dll
 LNK      = $(LNKLIB) $(WINLIBS) $(SSLLIBS) $(LFLAGSSSL) /out:$(DIROBJ)\$(TARGET)
-CC       = $(CCDEBUG) $(CFLAGSSSL)
+CC       = $(CCDEBUG) $(CFLAGSSSL) $(CFLAGSLIB)
 CFGSET   = TRUE
 !ENDIF
 
@@ -262,7 +286,7 @@ DIROBJ   = $(CFG)
 LFLAGSZLIB = "/LIBPATH:$(ZLIB_PATH)"
 LFLAGSSSL = "/LIBPATH:$(OPENSSL_PATH)\out32"
 LNK      = $(LNKLIB) $(SSLLIBS) $(ZLIBLIBS) $(LFLAGSSSL) $(LFLAGSZLIB) /out:$(DIROBJ)\$(TARGET)
-CC       = $(CCDEBUG) $(CFLAGSSSL) $(CFLAGSZLIB)
+CC       = $(CCDEBUG) $(CFLAGSSSL) $(CFLAGSZLIB) $(CFLAGSLIB)
 CFGSET   = TRUE
 !ENDIF
 
@@ -274,7 +298,7 @@ TARGET   = $(LIB_NAME_DEBUG).lib
 DIROBJ   = $(CFG)
 LFLAGSZLIB = "/LIBPATH:$(ZLIB_PATH)"
 LNK      = $(LNKLIB) $(WINLIBS) $(ZLIBLIBSDLL) $(LFLAGSZLIB) /out:$(DIROBJ)\$(TARGET)
-CC       = $(CCDEBUG) $(CFLAGSZLIB)
+CC       = $(CCDEBUG) $(CFLAGSZLIB) $(CFLAGSLIB)
 CFGSET   = TRUE
 !ENDIF
 
@@ -287,7 +311,7 @@ DIROBJ   = $(CFG)
 LFLAGSZLIB = "/LIBPATH:$(ZLIB_PATH)"
 LFLAGSSSL = "/LIBPATH:$(OPENSSL_PATH)\out32dll"
 LNK      = $(LNKLIB) $(WINLIBS) $(SSLLIBS) $(ZLIBLIBSDLL) $(LFLAGSSSL) $(LFLAGSZLIB) /out:$(DIROBJ)\$(TARGET)
-CC       = $(CCDEBUG) $(CFLAGSSSL) $(CFLAGSZLIB)
+CC       = $(CCDEBUG) $(CFLAGSSSL) $(CFLAGSZLIB) $(CFLAGSLIB)
 CFGSET   = TRUE
 !ENDIF
 
@@ -297,7 +321,7 @@ CFGSET   = TRUE
 !IF "$(CFG)" == "debug-dll"
 TARGET = $(LIB_NAME_DEBUG).dll
 DIROBJ = $(CFG)
-LNK    = $(LNKDLL) $(WINLIBS) /DEBUG /out:$(DIROBJ)\$(TARGET) /IMPLIB:$(DIROBJ)\$(LIB_NAME_DEBUG).lib /PDB:$(DIROBJ)\$(IMPLIB_NAME_DEBUG).pdb
+LNK    = $(LNKDLL) $(WINLIBS) /DEBUG /out:$(DIROBJ)\$(TARGET) /IMPLIB:$(DIROBJ)\$(IMPLIB_NAME_DEBUG).lib /PDB:$(DIROBJ)\$(IMPLIB_NAME_DEBUG).pdb
 CC     = $(CCDEBUG)
 CFGSET = TRUE
 RESOURCE = $(DIROBJ)\libcurl.res
@@ -310,7 +334,7 @@ RESOURCE = $(DIROBJ)\libcurl.res
 TARGET   = $(LIB_NAME_DEBUG).dll
 DIROBJ   = $(CFG)
 LFLAGSSSL = "/LIBPATH:$(OPENSSL_PATH)\out32dll"
-LNK      = $(LNKDLL) $(WINLIBS) $(SSLLIBS) $(LFLAGSSSL) /DEBUG /out:$(DIROBJ)\$(TARGET) /IMPLIB:$(DIROBJ)\$(LIB_NAME_DEBUG).lib /PDB:$(DIROBJ)\$(IMPLIB_NAME_DEBUG).pdb
+LNK      = $(LNKDLL) $(WINLIBS) $(SSLLIBS) $(LFLAGSSSL) /DEBUG /out:$(DIROBJ)\$(TARGET) /IMPLIB:$(DIROBJ)\$(IMPLIB_NAME_DEBUG).lib /PDB:$(DIROBJ)\$(IMPLIB_NAME_DEBUG).pdb
 CC       = $(CCDEBUG) $(CFLAGSSSL)
 CFGSET   = TRUE
 RESOURCE = $(DIROBJ)\libcurl.res
@@ -323,7 +347,7 @@ RESOURCE = $(DIROBJ)\libcurl.res
 TARGET   = $(LIB_NAME_DEBUG).dll
 DIROBJ   = $(CFG)
 LFLAGSZLIB = "/LIBPATH:$(ZLIB_PATH)"
-LNK      = $(LNKDLL) $(WINLIBS) $(ZLIBLIBSDLL) $(LFLAGSZLIB) /DEBUG /out:$(DIROBJ)\$(TARGET) /IMPLIB:$(DIROBJ)\$(LIB_NAME_DEBUG).lib /PDB:$(DIROBJ)\$(IMPLIB_NAME_DEBUG).pdb
+LNK      = $(LNKDLL) $(WINLIBS) $(ZLIBLIBSDLL) $(LFLAGSZLIB) /DEBUG /out:$(DIROBJ)\$(TARGET) /IMPLIB:$(DIROBJ)\$(IMPLIB_NAME_DEBUG).lib /PDB:$(DIROBJ)\$(IMPLIB_NAME_DEBUG).pdb
 CC       = $(CCDEBUG) $(CFLAGSZLIB)
 CFGSET   = TRUE
 RESOURCE = $(DIROBJ)\libcurl.res
@@ -337,7 +361,7 @@ TARGET   = $(LIB_NAME_DEBUG).dll
 DIROBJ   = $(CFG)
 LFLAGSZLIB = "/LIBPATH:$(ZLIB_PATH)"
 LFLAGSSSL = "/LIBPATH:$(OPENSSL_PATH)\out32dll"
-LNK      = $(LNKDLL) $(WINLIBS) $(SSLLIBS) $(ZLIBLIBSDLL) $(LFLAGSSSL) $(LFLAGSZLIB) /DEBUG /out:$(DIROBJ)\$(TARGET) /IMPLIB:$(DIROBJ)\$(LIB_NAME_DEBUG).lib /PDB:$(DIROBJ)\$(IMPLIB_NAME_DEBUG).pdb
+LNK      = $(LNKDLL) $(WINLIBS) $(SSLLIBS) $(ZLIBLIBSDLL) $(LFLAGSSSL) $(LFLAGSZLIB) /DEBUG /out:$(DIROBJ)\$(TARGET) /IMPLIB:$(DIROBJ)\$(IMPLIB_NAME_DEBUG).lib /PDB:$(DIROBJ)\$(IMPLIB_NAME_DEBUG).pdb
 CC       = $(CCDEBUG) $(CFLAGSSSL) $(CFLAGSZLIB)
 CFGSET   = TRUE
 RESOURCE = $(DIROBJ)\libcurl.res
@@ -405,6 +429,7 @@ X_OBJS= \
 	$(DIROBJ)\telnet.obj \
 	$(DIROBJ)\parsedate.obj \
 	$(DIROBJ)\getenv.obj \
+	$(DIROBJ)\gtls.obj \
 	$(DIROBJ)\inet_pton.obj \
 	$(DIROBJ)\hostip.obj \
 	$(DIROBJ)\hostasyn.obj \
@@ -420,6 +445,7 @@ X_OBJS= \
 	$(DIROBJ)\progress.obj \
 	$(DIROBJ)\sendf.obj \
 	$(DIROBJ)\speedcheck.obj \
+	$(DIROBJ)\sslgen.obj \
 	$(DIROBJ)\ssluse.obj \
 	$(DIROBJ)\timeval.obj \
 	$(DIROBJ)\url.obj \
@@ -454,7 +480,7 @@ $(TARGET): $(X_OBJS)
 	-xcopy $(DIROBJ)\$(LIB_NAME_DEBUG).dll . /y
 	-xcopy $(DIROBJ)\$(LIB_NAME_DEBUG).lib . /y
 	-xcopy $(DIROBJ)\$(IMPLIB_NAME).lib    . /y
-	-xcopy $(DIROBJ)\$(IMPLIB_NAME).lib    . /y
+	-xcopy $(DIROBJ)\$(IMPLIB_NAME_DEBUG).lib . /y
 	-xcopy $(DIROBJ)\*.exp                 . /y
 	-xcopy $(DIROBJ)\*.pdb                 . /y
 

lib/TODO.gnutls

@@ -0,0 +1,17 @@
+Things to fix for the GnuTLS support
+====================================
+
+* make the configure --with-ssl option first check for OpenSSL and then for
+  GnuTLS if OpenSSL wasn't detected.
+
+* Get NTLM working using the functions provided by libgcrypt, since GnuTLS
+  already depends on that to function. Not strictly SSL/TLS related, but
+  hey... Another option is to get available DES and MD4 source code from the
+  cryptopp library. They are fine license-wise, but are C++.
+
+* SSL engine stuff?
+
+  SRP for TLS
+
+* Work out a common method with Peter Sylvester's OpenSSL-patch for SRP
+  on the TLS to provide name and password

lib/base64.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2004, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -76,10 +76,10 @@ static void decodeQuantum(unsigned char *dest, const char *src)
 /*
  * Curl_base64_decode()
  *
- * Given a base64 string at src, decode it into the memory pointed to by
+ * Given a base64 string at src, decode it and return an allocated memory in
- * dest. Returns the length of the decoded data.
+ * the *outptr. Returns the length of the decoded data.
  */
-size_t Curl_base64_decode(const char *src, char *dest)
+size_t Curl_base64_decode(const char *src, unsigned char **outptr)
 {
   int length = 0;
   int equalsTerm = 0;
@@ -87,25 +87,49 @@ size_t Curl_base64_decode(const char *src, char *dest)
   int numQuantums;
   unsigned char lastQuantum[3];
   size_t rawlen=0;
+  unsigned char *newstr;
+
+  *outptr = NULL;
 
   while((src[length] != '=') && src[length])
     length++;
-  while(src[length+equalsTerm] == '=')
+  /* A maximum of two = padding characters is allowed */
+  if(src[length] == '=') {
     equalsTerm++;
-
+    if(src[length+equalsTerm] == '=')
+      equalsTerm++;
+  }
   numQuantums = (length + equalsTerm) / 4;
 
+  /* Don't allocate a buffer if the decoded length is 0 */
+  if (numQuantums <= 0)
+    return 0;
+
   rawlen = (numQuantums * 3) - equalsTerm;
 
+  /* The buffer must be large enough to make room for the last quantum
+  (which may be partially thrown out) and the zero terminator. */
+  newstr = malloc(rawlen+4);
+  if(!newstr)
+    return 0;
+
+  *outptr = newstr;
+
+  /* Decode all but the last quantum (which may not decode to a
+  multiple of 3 bytes) */
   for(i = 0; i < numQuantums - 1; i++) {
-    decodeQuantum((unsigned char *)dest, src);
+    decodeQuantum((unsigned char *)newstr, src);
-    dest += 3; src += 4;
+    newstr += 3; src += 4;
   }
 
+  /* This final decode may actually read slightly past the end of the buffer
+  if the input string is missing pad bytes.  This will almost always be
+  harmless. */
   decodeQuantum(lastQuantum, src);
   for(i = 0; i < 3 - equalsTerm; i++)
-    dest[i] = lastQuantum[i];
+    newstr[i] = lastQuantum[i];
 
+  newstr[i] = 0; /* zero terminate */
   return rawlen;
 }
 

lib/base64.h

@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2004, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -23,5 +23,5 @@
  * $Id$
  ***************************************************************************/
 size_t Curl_base64_encode(const char *input, size_t size, char **str);
-size_t Curl_base64_decode(const char *source, char *dest);
+size_t Curl_base64_decode(const char *source, unsigned char **outptr);
 #endif

lib/config-amigaos.h

@@ -57,6 +57,8 @@
 
 #define USE_OPENSSL 1
 #define USE_SSLEAY 1
+#define CURL_DISABLE_LDAP 1
+
 
 #define OS "AmigaOS"
 

lib/config-mac.h

@@ -36,6 +36,8 @@
 #       define USE_OPENSSL      1
 #endif
 
+#define CURL_DISABLE_LDAP       1
+
 #define HAVE_RAND_STATUS        1
 #define HAVE_RAND_EGD           1
 

lib/config-riscos.h

@@ -388,3 +388,6 @@
 
 #define HAVE_FIONBIO
 
+/* to disable LDAP */
+#define CURL_DISABLE_LDAP
+

lib/config-vms.h

@@ -1,385 +0,0 @@
-/* Define if on AIX 3.
-   System headers sometimes define this.
-   We just want to avoid a redefinition error message.  */
-#ifndef _ALL_SOURCE
-#undef _ALL_SOURCE
-#endif
-
-/* Define to empty if the keyword does not work.  */
-#undef const
-
-/* Define as the return type of signal handlers (int or void).  */
-#undef RETSIGTYPE
-
-/* Define to `unsigned' if <sys/types.h> doesn't define.  */
-#undef size_t
-
-/* Define if you have the ANSI C header files.  */
-#define STDC_HEADERS 1
-
-/* Define if you can safely include both <sys/time.h> and <time.h>.  */
-#define TIME_WITH_SYS_TIME 1
-
-/* Define cpu-machine-OS */
-#define OS "ALPHA-COMPAQ-VMS"
-
-/* Define if you have the gethostbyaddr_r() function with 5 arguments */
-#undef HAVE_GETHOSTBYADDR_R_5
-
-/* Define if you have the gethostbyaddr_r() function with 7 arguments */
-#undef HAVE_GETHOSTBYADDR_R_7
-
-/* Define if you have the gethostbyaddr_r() function with 8 arguments */
-#undef HAVE_GETHOSTBYADDR_R_8
-
-/* Define if you have the gethostbyname_r() function with 3 arguments */
-#undef HAVE_GETHOSTBYNAME_R_3
-
-/* Define if you have the gethostbyname_r() function with 5 arguments */
-#undef HAVE_GETHOSTBYNAME_R_5
-
-/* Define if you have the gethostbyname_r() function with 6 arguments */
-#undef HAVE_GETHOSTBYNAME_R_6
-
-/* Define if you have the inet_ntoa_r function declared. */
-#undef HAVE_INET_NTOA_R_DECL
-
-/* Define if you need the _REENTRANT define for some functions */
-#undef NEED_REENTRANT
-
-/* Define if you have the Kerberos4 libraries (including -ldes) */
-#undef HAVE_KRB4
-
-/* Define this to 'int' if ssize_t is not an available typedefed type */
-#undef ssize_t
-
-/* Define this to 'int' if socklen_t is not an available typedefed type */
-#define socklen_t size_t
-
-/* Define this as a suitable file to read random data from */
-#undef RANDOM_FILE
-
-/* Define this to your Entropy Gathering Daemon socket pathname */
-#undef EGD_SOCKET
-
-/* The number of bytes in a long double.  */
-#define SIZEOF_LONG_DOUBLE 8
-
-/* The number of bytes in a long long.  */
-#define SIZEOF_LONG_LONG 8
-
-/* Define if you have the RAND_egd function.  */
-#undef HAVE_RAND_EGD
-
-/* Define if you have the RAND_screen function.  */
-#undef HAVE_RAND_SCREEN
-
-/* Define if you have the RAND_status function.  */
-#undef HAVE_RAND_STATUS
-
-/* Define if you have the closesocket function.  */
-#undef HAVE_CLOSESOCKET
-
-/* Define if you have the geteuid function.  */
-#define HAVE_GETEUID 1
-
-/* Define if you have the gethostbyaddr function.  */
-#define HAVE_GETHOSTBYADDR 1
-
-/* Define if you have the gethostbyaddr_r function.  */
-#undef HAVE_GETHOSTBYADDR_R
-
-/* Define if you have the gethostbyname_r function.  */
-#undef HAVE_GETHOSTBYNAME_R
-
-/* Define if you have the gethostname function.  */
-#define HAVE_GETHOSTNAME 1
-
-/* Define if you have the getpass_r function.  */
-#undef HAVE_GETPASS_R
-
-/* Define if you have the getpwuid function.  */
-#define HAVE_GETPWUID 1
-
-/* Define if you have the getservbyname function.  */
-#define HAVE_GETSERVBYNAME 1
-
-/* Define if you have the gettimeofday function.  */
-#define HAVE_GETTIMEOFDAY 1
-
-/* Define if you have the inet_addr function.  */
-#define HAVE_INET_ADDR 1
-
-/* Define if you have the inet_ntoa function.  */
-#define HAVE_INET_NTOA 1
-
-/* Define if you have the inet_ntoa_r function.  */
-#undef HAVE_INET_NTOA_R
-
-/* Define if you have the krb_get_our_ip_for_realm function.  */
-#undef HAVE_KRB_GET_OUR_IP_FOR_REALM
-
-/* Define if you have the localtime_r function.  */
-#undef HAVE_LOCALTIME_R
-
-/* Define if you have the perror function.  */
-#define HAVE_PERROR 1
-
-/* Define if you have the select function.  */
-#define HAVE_SELECT 1
-
-/* Define if you have the setvbuf function.  */
-#undef HAVE_SETVBUF
-
-/* Define if you have the sigaction function.  */
-#define HAVE_SIGACTION 1
-
-/* Define if you have the signal function.  */
-#define HAVE_SIGNAL 1
-
-/* Define if you have the socket function.  */
-#define HAVE_SOCKET 1
-
-/* Define if you have the strcasecmp function.  */
-#define HAVE_STRCASECMP 1
-
-/* Define if you have the strcmpi function.  */
-#define HAVE_STRCMPI 1
-
-/* Define if you have the strdup function.  */
-#define HAVE_STRDUP 1
-
-/* Define if you have the strftime function.  */
-#define HAVE_STRFTIME 1
-
-/* Define if you have the stricmp function.  */
-#define HAVE_STRICMP 1
-
-/* Define if you have the strlcat function.  */
-#undef HAVE_STRLCAT
-
-/* Define if you have the strlcpy function.  */
-#undef HAVE_STRLCPY
-
-/* Define if you have the strstr function.  */
-#define  HAVE_STRSTR 1
-
-/* Define if you have the tcgetattr function.  */
-#undef HAVE_TCGETATTR
-
-/* Define if you have the tcsetattr function.  */
-#undef HAVE_TCSETATTR
-
-/* Define if you have the uname function.  */
-#define HAVE_UNAME 1
-
-/* Define if you have the <alloca.h> header file.  */
-#undef HAVE_ALLOCA_H
-
-/* Define if you have the <arpa/inet.h> header file.  */
-#undef HAVE_ARPA_INET_H
-
-/* Define if you have the <crypto.h> header file.  */
-#undef HAVE_CRYPTO_H
-
-/* Define if you have the <des.h> header file.  */
-#undef HAVE_DES_H
-
-/* Define if you have the <dlfcn.h> header file.  */
-#undef HAVE_DLFCN_H
-
-/* Define if you have the <err.h> header file.  */
-#define HAVE_ERR_H 1
-
-/* Define if you have the <fcntl.h> header file.  */
-#define HAVE_FCNTL_H 1
-
-/* Define if you have the <getopt.h> header file.  */
-#define HAVE_GETOPT_H 1
-
-/* Define if you have the <io.h> header file.  */
-#undef HAVE_IO_H
-
-/* Define if you have the <krb.h> header file.  */
-#undef HAVE_KRB_H
-
-/* Define if you have the <malloc.h> header file.  */
-#define HAVE_MALLOC_H 1
-
-/* Define if you have the <net/if.h> header file.  */
-#define HAVE_NET_IF_H 1
-
-/* Define if you have the <netdb.h> header file.  */
-#define HAVE_NETDB_H 1
-
-/* Define if you have the <netinet/if_ether.h> header file.  */
-#define HAVE_NETINET_IF_ETHER_H 1
-
-/* Define if you have the <netinet/in.h> header file.  */
-#define HAVE_NETINET_IN_H 1
-
-/* Define if you have the <openssl/crypto.h> header file.  */
-#define HAVE_OPENSSL_CRYPTO_H 1
-
-/* Define if you have the <openssl/err.h> header file.  */
-#define HAVE_OPENSSL_ERR_H      1
-
-/* Define if you have the <openssl/pem.h> header file.  */
-#define HAVE_OPENSSL_PEM_H      1
-
-/* Define if you have the <openssl/rsa.h> header file.  */
-#define HAVE_OPENSSL_RSA_H 1
-
-/* Define if you have the <openssl/ssl.h> header file.  */
-#define HAVE_OPENSSL_SSL_H      1
-
-/* Define if you have the <openssl/x509.h> header file.  */
-#define HAVE_OPENSSL_X509_H     1
-
-/* Define if you have the <pem.h> header file.  */
-#undef HAVE_PEM_H
-
-/* Define if you have the <pwd.h> header file.  */
-#define HAVE_PWD_H 1
-
-/* Define if you have the <rsa.h> header file.  */
-#undef HAVE_RSA_H
-
-/* Define if you have the <sgtty.h> header file.  */
-#define HAVE_SGTTY_H 1
-
-/* Define if you have the <ssl.h> header file.  */
-#undef HAVE_SSL_H
-
-/* Define if you have the <stdlib.h> header file.  */
-#define HAVE_STDLIB_H 1
-
-/* Define if you have the <sys/param.h> header file.  */
-#undef HAVE_SYS_PARAM_H
-
-/* Define if you have the <sys/select.h> header file.  */
-#undef HAVE_SYS_SELECT_H
-
-/* Define if you have the <sys/socket.h> header file.  */
-#define HAVE_SYS_SOCKET_H 1
-
-/* Define if you have the <sys/sockio.h> header file.  */
-#undef HAVE_SYS_SOCKIO_H
-
-/* Define if you have the <sys/stat.h> header file.  */
-#define HAVE_SYS_STAT_H 1
-
-/* Define if you have the <sys/time.h> header file.  */
-#define HAVE_SYS_TIME_H 1
-
-/* Define if you have the <sys/types.h> header file.  */
-#define HAVE_SYS_TYPES_H 1
-
-/* Define if you have the <termio.h> header file.  */
-#undef HAVE_TERMIO_H
-
-/* Define if you have the <termios.h> header file.  */
-#define HAVE_TERMIOS_H 1
-
-/* Define if you have the <time.h> header file.  */
-#define HAVE_TIME_H 1
-
-/* Define if you have the <unistd.h> header file.  */
-#define HAVE_UNISTD_H 1
-
-/* Define if you have the <winsock.h> header file.  */
-#undef HAVE_WINSOCK_H
-
-/* Define if you have the <x509.h> header file.  */
-#undef HAVE_X509_H
-
-/* Define if you have the crypto library (-lcrypto).  */
-#define HAVE_LIBCRYPTO 1
-
-/* Define if you have the dl library (-ldl).  */
-#undef HAVE_LIBDL
-
-/* Define if you have the nsl library (-lnsl).  */
-#undef HAVE_LIBNSL
-
-/* Define if you have the resolv library (-lresolv).  */
-#define HAVE_LIBRESOLV 1
-
-/* Define if you have the resolve library (-lresolve).  */
-#undef HAVE_LIBRESOLVE
-
-/* Define if you have the socket library (-lsocket).  */
-#define HAVE_LIBSOCKET 1
-
-/* Define if you have the ssl library (-lssl).  */
-#define HAVE_LIBSSL     1
-
-/* Define if you have the ucb library (-lucb).  */
-#undef HAVE_LIBUCB
-
-/* Number of bits in a file offset, on hosts where this is settable. */
-#undef _FILE_OFFSET_BITS
-
-/* Define for large files, on AIX-style hosts. */
-#undef _LARGE_FILES
-
-/* Define if getaddrinfo exists and works */
-#define HAVE_GETADDRINFO 1
-
-/* Define if you want to enable IPv6 support */
-#undef ENABLE_IPV6
-
-/* Set to explicitly specify we don't want to use thread-safe functions */
-#undef DISABLED_THREADSAFE
-
-#define HAVE_TIMEVAL_H  1
-
-/* Name of this package! */
-#define PACKAGE "not-used"
-
-/* Version number of this archive. */
-#define VERSION "not-used"
-
-/* Define if you have the getpass function.  */
-#undef HAVE_GETPASS
-
-/* if OpenSSL is in use */
-#define USE_OPENSSL 1
-
-/* if SSL is enabled */
-#define USE_SSLEAY 1
-
-/* Define if you have the `dlopen' function. */
-#undef HAVE_DLOPEN
-
-/* Define if you have the <inttypes.h> header file. */
-#undef HAVE_INTTYPES_H
-
-/* Define if you have the <strings.h> header file. */
-#define HAVE_STRINGS_H 1
-
-/* Define if you have the <string.h> header file. */
-#define HAVE_STRING_H 1
-
-/* Define if you have the `strtok_r' function. */
-#undef HAVE_STRTOK_R
-
-/* Define if you have the `strtoll' function. */
-#undef HAVE_STRTOLL
-
-#define HAVE_MEMORY_H   1
-
-#define HAVE_FIONBIO    1
-
-/* Define if you have the `sigsetjmp' function. */
-#define HAVE_SIGSETJMP 1
-
-/* Define to 1 if you have the <setjmp.h> header file. */
-#define HAVE_SETJMP_H 1
-
-/*
- * This needs to be defined for OpenSSL 0.9.7 and other versions that have the
- * ENGINE stuff supported. If an include of "openssl/engine.h" fails, then
- * undefine the define below.
-*/
-#define HAVE_OPENSSL_ENGINE_H 1

lib/config-win32.h

@@ -232,6 +232,16 @@
 /* use ioctlsocket() for non-blocking sockets */
 #define HAVE_IOCTLSOCKET
 
+/* lber dynamic library file */
+/* #undef DL_LBER_FILE */
+
+/* Defines set for VS2005 to _not_ deprecate a few functions we use. */
+#define _CRT_SECURE_NO_DEPRECATE
+#define _CRT_NONSTDC_NO_DEPRECATE
+
+/* ldap dynamic library file */
+#define DL_LDAP_FILE "wldap32.dll"
+
 /*************************************************
  * This section is for compiler specific defines.*
  *************************************************/

lib/config.dj

@@ -15,6 +15,7 @@
 #define HAVE_BASENAME          1
 #define HAVE_CLOSESOCKET       1
 #define HAVE_FCNTL_H           1
+#define HAVE_FIONBIO           1
 #define HAVE_GETHOSTBYADDR     1
 #define HAVE_GETHOSTNAME       1
 #define HAVE_GETPASS           1
@@ -93,6 +94,9 @@
   #define USE_OPENSSL            1
 #endif
 
+/* to disable LDAP */
+#define CURL_DISABLE_LDAP        1
+
 /* Because djgpp <= 2.03 doesn't have snprintf() etc.
  */
 #if (DJGPP_MINOR < 4)
@@ -101,7 +105,10 @@
 
 #define in_addr_t  u_long
 #define socklen_t  int
+
+#if __GNUC__ < 4   /* gcc 4.x built-in ? */
 #define ssize_t    int
+#endif
 
 #include <stdlib.h>
 #include <string.h>

lib/connect.c

@@ -133,6 +133,7 @@ int Curl_nonblock(curl_socket_t sockfd,    /* operate on this */
                   int nonblock   /* TRUE or FALSE */)
 {
 #undef SETBLOCK
+#define SETBLOCK 0
 #ifdef HAVE_O_NONBLOCK
   /* most recent unix versions */
   int flags;
@@ -142,46 +143,52 @@ int Curl_nonblock(curl_socket_t sockfd,    /* operate on this */
     return fcntl(sockfd, F_SETFL, flags | O_NONBLOCK);
   else
     return fcntl(sockfd, F_SETFL, flags & (~O_NONBLOCK));
+#undef SETBLOCK
 #define SETBLOCK 1
 #endif
 
-#ifdef HAVE_FIONBIO
+#if defined(HAVE_FIONBIO) && (SETBLOCK == 0)
   /* older unix versions */
   int flags;
 
   flags = nonblock;
   return ioctl(sockfd, FIONBIO, &flags);
+#undef SETBLOCK
 #define SETBLOCK 2
 #endif
 
-#ifdef HAVE_IOCTLSOCKET
+#if defined(HAVE_IOCTLSOCKET) && (SETBLOCK == 0)
   /* Windows? */
   unsigned long flags;
   flags = nonblock;
 
   return ioctlsocket(sockfd, FIONBIO, &flags);
+#undef SETBLOCK
 #define SETBLOCK 3
 #endif
 
-#ifdef HAVE_IOCTLSOCKET_CASE
+#if defined(HAVE_IOCTLSOCKET_CASE) && (SETBLOCK == 0)
   /* presumably for Amiga */
   return IoctlSocket(sockfd, FIONBIO, (long)nonblock);
+#undef SETBLOCK
 #define SETBLOCK 4
 #endif
 
-#ifdef HAVE_SO_NONBLOCK
+#if defined(HAVE_SO_NONBLOCK) && (SETBLOCK == 0)
   /* BeOS */
   long b = nonblock ? 1 : 0;
   return setsockopt(sockfd, SOL_SOCKET, SO_NONBLOCK, &b, sizeof(b));
+#undef SETBLOCK
 #define SETBLOCK 5
 #endif
 
 #ifdef HAVE_DISABLED_NONBLOCKING
   return 0; /* returns success */
+#undef SETBLOCK
 #define SETBLOCK 6
 #endif
 
-#ifndef SETBLOCK
+#if (SETBLOCK == 0)
 #error "no non-blocking method was found/used/set"
 #endif
 }
@@ -345,7 +352,8 @@ static CURLcode bindlocal(struct connectdata *conn,
 
         if(!bindworked) {
           data->state.os_errno = Curl_ourerrno();
-          failf(data, "%s", Curl_strerror(conn, data->state.os_errno));
+          failf(data, "bind failure: %s",
+                Curl_strerror(conn, data->state.os_errno));
           return CURLE_HTTP_PORT_FAILED;
         }
 
@@ -364,6 +372,9 @@ static CURLcode bindlocal(struct connectdata *conn,
     return CURLE_OK;
 
   } /* end of device selection support */
+#else
+  (void)conn;
+  (void)sockfd;
 #endif /* end of HAVE_INET_NTOA */
 
   return CURLE_HTTP_PORT_FAILED;
@@ -640,14 +651,16 @@ singleipconnect(struct connectdata *conn,
     /* user selected to bind the outgoing socket to a specified "device"
        before doing connect */
     CURLcode res = bindlocal(conn, sockfd);
-    if(res)
+    if(res) {
-      return res;
+      sclose(sockfd); /* close socket and bail out */
+      return CURL_SOCKET_BAD;
+    }
   }
 
   /* set socket non-blocking */
   Curl_nonblock(sockfd, TRUE);
 
-  rc = connect(sockfd, ai->ai_addr, ai->ai_addrlen);
+  rc = connect(sockfd, ai->ai_addr, (socklen_t)ai->ai_addrlen);
 
   if(-1 == rc) {
     error = Curl_ourerrno();

lib/content_encoding.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2004, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms

lib/cookie.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2004, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -309,7 +309,7 @@ Curl_cookie_add(struct SessionHandle *data,
               break;
             }
             co->expires =
-              atoi((*co->maxage=='\"')?&co->maxage[1]:&co->maxage[0]) + now;
+              atoi((*co->maxage=='\"')?&co->maxage[1]:&co->maxage[0]) + (long)now;
           }
           else if(strequal("expires", name)) {
             co->expirestr=strdup(whatptr);
@@ -317,7 +317,7 @@ Curl_cookie_add(struct SessionHandle *data,
               badcookie = TRUE;
               break;
             }
-            co->expires = curl_getdate(what, &now);
+            co->expires = (long)curl_getdate(what, &now);
           }
           else if(!co->name) {
             co->name = strdup(name);
@@ -651,6 +651,10 @@ struct CookieInfo *Curl_cookie_init(struct SessionHandle *data,
     fp = stdin;
     fromfile=FALSE;
   }
+  else if(file && !*file) {
+    /* points to a "" string */
+    fp = NULL;
+  }
   else
     fp = file?fopen(file, "r"):NULL;
 

lib/dict.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2004, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -85,7 +85,7 @@
 #define _MPRINTF_REPLACE /* use our functions only */
 #include <curl/mprintf.h>
 
-CURLcode Curl_dict(struct connectdata *conn)
+CURLcode Curl_dict(struct connectdata *conn, bool *done)
 {
   char *word;
   char *ppath;
@@ -100,6 +100,8 @@ CURLcode Curl_dict(struct connectdata *conn)
   char *path = conn->path;
   curl_off_t *bytecount = &conn->bytecount;
 
+  *done = TRUE; /* unconditionally */
+
   if(conn->bits.user_passwd) {
     /* AUTH is missing */
   }

lib/dict.h

@@ -8,7 +8,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2004, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -24,7 +24,7 @@
  * $Id$
  ***************************************************************************/
 #ifndef CURL_DISABLE_DICT
-CURLcode Curl_dict(struct connectdata *conn);
+CURLcode Curl_dict(struct connectdata *conn, bool *done);
 CURLcode Curl_dict_done(struct connectdata *conn);
 #endif
 #endif

lib/easy.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2004, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -75,7 +75,7 @@
 #include "urldata.h"
 #include <curl/curl.h>
 #include "transfer.h"
-#include "ssluse.h"
+#include "sslgen.h"
 #include "url.h"
 #include "getinfo.h"
 #include "hostip.h"
@@ -201,7 +201,8 @@ CURLcode curl_global_init(long flags)
   Curl_ccalloc = (curl_calloc_callback)calloc;
 
   if (flags & CURL_GLOBAL_SSL)
-    Curl_SSL_init();
+    if (!Curl_ssl_init())
+      return CURLE_FAILED_INIT;
 
   if (flags & CURL_GLOBAL_WIN32)
     if (win32_init() != CURLE_OK)
@@ -265,7 +266,7 @@ void curl_global_cleanup(void)
   Curl_global_host_cache_dtor();
 
   if (init_flags & CURL_GLOBAL_SSL)
-    Curl_SSL_cleanup();
+    Curl_ssl_cleanup();
 
   if (init_flags & CURL_GLOBAL_WIN32)
     win32_cleanup();

lib/easyif.h

@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2004, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms

lib/file.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2004, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -87,6 +87,7 @@
 #include "transfer.h"
 #include "url.h"
 #include "memory.h"
+#include "parsedate.h" /* for the week day and month names */
 
 #define _MPRINTF_REPLACE /* use our functions only */
 #include <curl/mprintf.h>
@@ -266,7 +267,7 @@ static CURLcode file_upload(struct connectdata *conn)
  * opposed to sockets) we instead perform the whole do-operation in this
  * function.
  */
-CURLcode Curl_file(struct connectdata *conn)
+CURLcode Curl_file(struct connectdata *conn, bool *done)
 {
   /* This implementation ignores the host name in conformance with
      RFC 1738. Only local files (reachable via the standard file system)
@@ -286,6 +287,8 @@ CURLcode Curl_file(struct connectdata *conn)
   int fd;
   struct timeval now = Curl_tvnow();
 
+  *done = TRUE; /* unconditionally */
+
   Curl_readwrite_init(conn);
   Curl_initinfo(data);
   Curl_pgrsStartNow(data);
@@ -319,7 +322,6 @@ CURLcode Curl_file(struct connectdata *conn)
     if(result)
       return result;
 
-#ifdef HAVE_STRFTIME
     if(fstated) {
       struct tm *tm;
       time_t clock = (time_t)statbuf.st_mtime;
@@ -330,11 +332,17 @@ CURLcode Curl_file(struct connectdata *conn)
       tm = gmtime(&clock);
 #endif
       /* format: "Tue, 15 Nov 1994 12:45:26 GMT" */
-      strftime(buf, BUFSIZE-1, "Last-Modified: %a, %d %b %Y %H:%M:%S GMT\r\n",
+      snprintf(buf, BUFSIZE-1,
-               tm);
+               "Last-Modified: %s, %02d %s %4d %02d:%02d:%02d GMT\r\n",
+               Curl_wkday[tm->tm_wday?tm->tm_wday-1:6],
+               tm->tm_mday,
+               Curl_month[tm->tm_mon],
+               tm->tm_year + 1900,
+               tm->tm_hour,
+               tm->tm_min,
+               tm->tm_sec);
       result = Curl_client_write(data, CLIENTWRITE_BOTH, buf, 0);
     }
-#endif
     return result;
   }
 

lib/file.h

@@ -8,7 +8,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2004, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -24,7 +24,7 @@
  * $Id$
  ***************************************************************************/
 #ifndef CURL_DISABLE_FILE
-CURLcode Curl_file(struct connectdata *);
+CURLcode Curl_file(struct connectdata *, bool *done);
 CURLcode Curl_file_done(struct connectdata *, CURLcode);
 CURLcode Curl_file_connect(struct connectdata *);
 #endif

lib/formdata.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2004, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -464,7 +464,7 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost,
         return_value = CURL_FORMADD_OPTION_TWICE;
       else
         current_form->namelength =
-          array_state?(long)array_value:va_arg(params, long);
+          array_state?(long)array_value:(long)va_arg(params, long);
       break;
 
       /*
@@ -1550,7 +1550,7 @@ char *Curl_FormBoundary(void)
   if(!retstring)
     return NULL; /* failed */
 
-  srand(time(NULL)+randomizer++); /* seed */
+  srand((unsigned int)time(NULL)+randomizer++); /* seed */
 
   strcpy(retstring, "----------------------------");
 

lib/ftp.h

@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2004, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -24,14 +24,21 @@
  ***************************************************************************/
 
 #ifndef CURL_DISABLE_FTP
-CURLcode Curl_ftp(struct connectdata *conn);
+CURLcode Curl_ftp(struct connectdata *conn, bool *done);
 CURLcode Curl_ftp_done(struct connectdata *conn, CURLcode);
-CURLcode Curl_ftp_connect(struct connectdata *conn);
+CURLcode Curl_ftp_connect(struct connectdata *conn, bool *done);
 CURLcode Curl_ftp_disconnect(struct connectdata *conn);
 CURLcode Curl_ftpsendf(struct connectdata *, const char *fmt, ...);
+CURLcode Curl_nbftpsendf(struct connectdata *, const char *fmt, ...);
 CURLcode Curl_GetFTPResponse(ssize_t *nread, struct connectdata *conn,
                              int *ftpcode);
 CURLcode Curl_ftp_nextconnect(struct connectdata *conn);
-#endif
+CURLcode Curl_ftp_multi_statemach(struct connectdata *conn, bool *done);
-
+CURLcode Curl_ftp_fdset(struct connectdata *conn,
-#endif
+                        fd_set *read_fd_set,
+                        fd_set *write_fd_set,
+                        int *max_fdp);
+CURLcode Curl_ftp_doing(struct connectdata *conn,
+                        bool *dophase_done);
+#endif /* CURL_DISABLE_FTP */
+#endif /* __FTP_H */

lib/getinfo.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2004, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -33,7 +33,7 @@
 #include <stdarg.h>
 #include <stdlib.h>
 #include "memory.h"
-#include "ssluse.h"
+#include "sslgen.h"
 
 /* Make this the last #include */
 #include "memdebug.h"
@@ -182,7 +182,7 @@ CURLcode Curl_getinfo(struct SessionHandle *data, CURLINFO info, ...)
     *param_longp = data->info.numconnects;
     break;
   case CURLINFO_SSL_ENGINES:
-    *param_slistp = Curl_SSL_engines_list(data);
+    *param_slistp = Curl_ssl_engines_list(data);
     break;
   default:
     return CURLE_BAD_FUNCTION_ARGUMENT;

lib/gtls.c

@@ -0,0 +1,490 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * $Id$
+ ***************************************************************************/
+
+/*
+ * Source file for all GnuTLS-specific code for the TLS/SSL layer. No code
+ * but sslgen.c should ever call or use these functions.
+ *
+ * Note: don't use the GnuTLS' *_t variable type names in this source code,
+ * since they were not present in 1.0.X.
+ */
+
+#include "setup.h"
+#ifdef USE_GNUTLS
+#include <gnutls/gnutls.h>
+#include <gnutls/x509.h>
+
+#include <string.h>
+#include <stdlib.h>
+#include <ctype.h>
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+
+#include "urldata.h"
+#include "sendf.h"
+#include "gtls.h"
+#include "sslgen.h"
+#include "parsedate.h"
+#include "connect.h" /* for the connect timeout */
+#include "select.h"
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+#include "memory.h"
+/* The last #include file should be: */
+#include "memdebug.h"
+
+/* Enable GnuTLS debugging by defining GTLSDEBUG */
+/*#define GTLSDEBUG */
+
+#ifdef GTLSDEBUG
+static void tls_log_func(int level, const char *str)
+{
+    fprintf(stderr, "|<%d>| %s", level, str);
+}
+#endif
+
+
+/* Global GnuTLS init, called from Curl_ssl_init() */
+int Curl_gtls_init(void)
+{
+  gnutls_global_init();
+#ifdef GTLSDEBUG
+  gnutls_global_set_log_function(tls_log_func);
+  gnutls_global_set_log_level(2);
+#endif
+  return 1;
+}
+
+int Curl_gtls_cleanup(void)
+{
+  gnutls_global_deinit();
+  return 1;
+}
+
+static void showtime(struct SessionHandle *data,
+                     const char *text,
+                     time_t stamp)
+{
+  struct tm *tm;
+#ifdef HAVE_GMTIME_R
+  struct tm buffer;
+  tm = (struct tm *)gmtime_r(&stamp, &buffer);
+#else
+  tm = gmtime(&stamp);
+#endif
+  snprintf(data->state.buffer,
+           BUFSIZE,
+           "\t %s: %s, %02d %s %4d %02d:%02d:%02d GMT\n",
+           text,
+           Curl_wkday[tm->tm_wday?tm->tm_wday-1:6],
+           tm->tm_mday,
+           Curl_month[tm->tm_mon],
+           tm->tm_year + 1900,
+           tm->tm_hour,
+           tm->tm_min,
+           tm->tm_sec);
+  infof(data, "%s", data->state.buffer);
+}
+
+/*
+ * This function is called after the TCP connect has completed. Setup the TLS
+ * layer and do all necessary magic.
+ */
+CURLcode
+Curl_gtls_connect(struct connectdata *conn,
+                  int sockindex)
+
+{
+  const int cert_type_priority[] = { GNUTLS_CRT_X509, 0 };
+  struct SessionHandle *data = conn->data;
+  gnutls_session session;
+  int rc;
+  unsigned int cert_list_size;
+  const gnutls_datum *chainp;
+  unsigned int verify_status;
+  gnutls_x509_crt x509_cert;
+  char certbuf[256]; /* big enough? */
+  size_t size;
+  unsigned int algo;
+  unsigned int bits;
+  time_t clock;
+  const char *ptr;
+  void *ssl_sessionid;
+  size_t ssl_idsize;
+
+  /* GnuTLS only supports TLSv1 (and SSLv3?) */
+  if(data->set.ssl.version == CURL_SSLVERSION_SSLv2) {
+    failf(data, "GnuTLS does not support SSLv2");
+    return CURLE_SSL_CONNECT_ERROR;
+  }
+
+  /* allocate a cred struct */
+  rc = gnutls_certificate_allocate_credentials(&conn->ssl[sockindex].cred);
+  if(rc < 0) {
+    failf(data, "gnutls_cert_all_cred() failed: %s", gnutls_strerror(rc));
+    return CURLE_SSL_CONNECT_ERROR;
+  }
+
+  if(data->set.ssl.CAfile) {
+    /* set the trusted CA cert bundle file */
+    rc = gnutls_certificate_set_x509_trust_file(conn->ssl[sockindex].cred,
+                                                data->set.ssl.CAfile,
+                                                GNUTLS_X509_FMT_PEM);
+    if(rc < 0) {
+      infof(data, "error reading ca cert file %s (%s)\n",
+            data->set.ssl.CAfile, gnutls_strerror(rc));
+    }
+  }
+
+  /* Initialize TLS session as a client */
+  rc = gnutls_init(&conn->ssl[sockindex].session, GNUTLS_CLIENT);
+  if(rc) {
+    failf(data, "gnutls_init() failed: %d", rc);
+    return CURLE_SSL_CONNECT_ERROR;
+  }
+
+  /* convenient assign */
+  session = conn->ssl[sockindex].session;
+
+  /* Use default priorities */
+  rc = gnutls_set_default_priority(session);
+  if(rc < 0)
+    return CURLE_SSL_CONNECT_ERROR;
+
+  /* Sets the priority on the certificate types supported by gnutls. Priority
+     is higher for types specified before others. After specifying the types
+     you want, you must append a 0. */
+  rc = gnutls_certificate_type_set_priority(session, cert_type_priority);
+  if(rc < 0)
+    return CURLE_SSL_CONNECT_ERROR;
+
+  /* put the anonymous credentials to the current session */
+  rc = gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE,
+                              conn->ssl[sockindex].cred);
+
+  /* set the connection handle (file descriptor for the socket) */
+  gnutls_transport_set_ptr(session,
+                           (gnutls_transport_ptr)conn->sock[sockindex]);
+
+  /* This might be a reconnect, so we check for a session ID in the cache
+     to speed up things */
+
+  if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, &ssl_idsize)) {
+    /* we got a session id, use it! */
+    gnutls_session_set_data(session, ssl_sessionid, ssl_idsize);
+
+    /* Informational message */
+    infof (data, "SSL re-using session ID\n");
+  }
+
+  do {
+    rc = gnutls_handshake(session);
+
+    if((rc == GNUTLS_E_AGAIN) || (rc == GNUTLS_E_INTERRUPTED)) {
+      long timeout_ms;
+      long has_passed;
+
+      if(data->set.timeout || data->set.connecttimeout) {
+        /* get the most strict timeout of the ones converted to milliseconds */
+        if(data->set.timeout &&
+           (data->set.timeout>data->set.connecttimeout))
+          timeout_ms = data->set.timeout*1000;
+        else
+          timeout_ms = data->set.connecttimeout*1000;
+      }
+      else
+        timeout_ms = DEFAULT_CONNECT_TIMEOUT;
+
+      /* Evaluate in milliseconds how much time that has passed */
+      has_passed = Curl_tvdiff(Curl_tvnow(), data->progress.t_startsingle);
+
+      /* subtract the passed time */
+      timeout_ms -= has_passed;
+
+      if(timeout_ms < 0) {
+        /* a precaution, no need to continue if time already is up */
+        failf(data, "SSL connection timeout");
+        return CURLE_OPERATION_TIMEOUTED;
+      }
+
+      rc = Curl_select(conn->sock[sockindex],
+                         conn->sock[sockindex], (int)timeout_ms);
+      if(rc > 0)
+        /* reabable or writable, go loop*/
+        continue;
+      else if(0 == rc) {
+        /* timeout */
+        failf(data, "SSL connection timeout");
+        return CURLE_OPERATION_TIMEDOUT;
+      }
+      else {
+        /* anything that gets here is fatally bad */
+        failf(data, "select on SSL socket, errno: %d", Curl_ourerrno());
+        return CURLE_SSL_CONNECT_ERROR;
+      }
+    }
+    else
+      break;
+  } while(1);
+
+  if (rc < 0) {
+    failf(data, "gnutls_handshake() failed: %d", rc);
+    /* gnutls_perror(ret); */
+    return CURLE_SSL_CONNECT_ERROR;
+  }
+
+  /* This function will return the peer's raw certificate (chain) as sent by
+     the peer. These certificates are in raw format (DER encoded for
+     X.509). In case of a X.509 then a certificate list may be present. The
+     first certificate in the list is the peer's certificate, following the
+     issuer's certificate, then the issuer's issuer etc. */
+
+  chainp = gnutls_certificate_get_peers(session, &cert_list_size);
+  if(!chainp) {
+    if(data->set.ssl.verifyhost) {
+      failf(data, "failed to get server cert");
+      return CURLE_SSL_PEER_CERTIFICATE;
+    }
+    infof(data, "\t common name: WARNING couldn't obtain\n");
+  }
+
+  /* This function will try to verify the peer's certificate and return its
+     status (trusted, invalid etc.). The value of status should be one or more
+     of the gnutls_certificate_status_t enumerated elements bitwise or'd. To
+     avoid denial of service attacks some default upper limits regarding the
+     certificate key size and chain size are set. To override them use
+     gnutls_certificate_set_verify_limits(). */
+
+  rc = gnutls_certificate_verify_peers2(session, &verify_status);
+  if (rc < 0) {
+    failf(data, "server cert verify failed: %d", rc);
+    return CURLE_SSL_CONNECT_ERROR;
+  }
+
+  /* verify_status is a bitmask of gnutls_certificate_status bits */
+  if(verify_status & GNUTLS_CERT_INVALID) {
+    if (data->set.ssl.verifypeer) {
+      failf(data, "server certificate verification failed. CAfile: %s",
+            data->set.ssl.CAfile?data->set.ssl.CAfile:"none");
+      return CURLE_SSL_CACERT;
+    }
+    else
+      infof(data, "\t server certificate verification FAILED\n");
+  }
+  else
+      infof(data, "\t server certificate verification OK\n");
+
+  /* initialize an X.509 certificate structure. */
+  gnutls_x509_crt_init(&x509_cert);
+
+  /* convert the given DER or PEM encoded Certificate to the native
+     gnutls_x509_crt_t format */
+  gnutls_x509_crt_import(x509_cert, chainp, GNUTLS_X509_FMT_DER);
+
+  size=sizeof(certbuf);
+  rc = gnutls_x509_crt_get_dn_by_oid(x509_cert, GNUTLS_OID_X520_COMMON_NAME,
+                                     0, /* the first and only one */
+                                     FALSE,
+                                     certbuf,
+                                     &size);
+  if(rc) {
+    infof(data, "error fetching CN from cert:%s\n",
+          gnutls_strerror(rc));
+  }
+
+  /* This function will check if the given certificate's subject matches the
+     given hostname. This is a basic implementation of the matching described
+     in RFC2818 (HTTPS), which takes into account wildcards, and the subject
+     alternative name PKIX extension. Returns non zero on success, and zero on
+     failure. */
+  rc = gnutls_x509_crt_check_hostname(x509_cert, conn->host.name);
+
+  if(!rc) {
+    if (data->set.ssl.verifyhost > 1) {
+      failf(data, "SSL: certificate subject name (%s) does not match "
+            "target host name '%s'", certbuf, conn->host.dispname);
+      gnutls_x509_crt_deinit(x509_cert);
+      return CURLE_SSL_PEER_CERTIFICATE;
+    }
+    else
+      infof(data, "\t common name: %s (does not match '%s')\n",
+            certbuf, conn->host.dispname);
+  }
+  else
+    infof(data, "\t common name: %s (matched)\n", certbuf);
+
+  /* Show:
+
+  - ciphers used
+  - subject
+  - start date
+  - expire date
+  - common name
+  - issuer
+
+  */
+
+  /* public key algorithm's parameters */
+  algo = gnutls_x509_crt_get_pk_algorithm(x509_cert, &bits);
+  infof(data, "\t certificate public key: %s\n",
+        gnutls_pk_algorithm_get_name(algo));
+
+  /* version of the X.509 certificate. */
+  infof(data, "\t certificate version: #%d\n",
+        gnutls_x509_crt_get_version(x509_cert));
+
+
+  size = sizeof(certbuf);
+  gnutls_x509_crt_get_dn(x509_cert, certbuf, &size);
+  infof(data, "\t subject: %s\n", certbuf);
+
+  clock = gnutls_x509_crt_get_activation_time(x509_cert);
+  showtime(data, "start date", clock);
+
+  clock = gnutls_x509_crt_get_expiration_time(x509_cert);
+  showtime(data, "expire date", clock);
+
+  size = sizeof(certbuf);
+  gnutls_x509_crt_get_issuer_dn(x509_cert, certbuf, &size);
+  infof(data, "\t issuer: %s\n", certbuf);
+
+  gnutls_x509_crt_deinit(x509_cert);
+
+  /* compression algorithm (if any) */
+  ptr = gnutls_compression_get_name(gnutls_compression_get(session));
+  /* the *_get_name() says "NULL" if GNUTLS_COMP_NULL is returned */
+  infof(data, "\t compression: %s\n", ptr);
+
+  /* the name of the cipher used. ie 3DES. */
+  ptr = gnutls_cipher_get_name(gnutls_cipher_get(session));
+  infof(data, "\t cipher: %s\n", ptr);
+
+  /* the MAC algorithms name. ie SHA1 */
+  ptr = gnutls_mac_get_name(gnutls_mac_get(session));
+  infof(data, "\t MAC: %s\n", ptr);
+
+  if(!ssl_sessionid) {
+    /* this session was not previously in the cache, add it now */
+
+    /* get the session ID data size */
+    gnutls_session_get_data(session, NULL, &ssl_idsize);
+    ssl_sessionid = malloc(ssl_idsize); /* get a buffer for it */
+
+    if(ssl_sessionid) {
+      /* extract session ID to the allocated buffer */
+      gnutls_session_get_data(session, ssl_sessionid, &ssl_idsize);
+
+      /* store this session id */
+      return Curl_ssl_addsessionid(conn, ssl_sessionid, ssl_idsize);
+    }
+  }
+
+  return CURLE_OK;
+}
+
+
+/* return number of sent (non-SSL) bytes */
+int Curl_gtls_send(struct connectdata *conn,
+                   int sockindex,
+                   void *mem,
+                   size_t len)
+{
+  int rc;
+  rc = gnutls_record_send(conn->ssl[sockindex].session, mem, len);
+
+  return rc;
+}
+
+void Curl_gtls_close_all(struct SessionHandle *data)
+{
+  /* FIX: make the OpenSSL code more generic and use parts of it here */
+  (void)data;
+}
+
+static void close_one(struct connectdata *conn,
+                      int index)
+{
+  if(conn->ssl[index].session) {
+    gnutls_bye(conn->ssl[index].session, GNUTLS_SHUT_RDWR);
+    gnutls_deinit(conn->ssl[index].session);
+  }
+  gnutls_certificate_free_credentials(conn->ssl[index].cred);
+}
+
+void Curl_gtls_close(struct connectdata *conn)
+{
+  if(conn->ssl[0].use)
+    close_one(conn, 0);
+  if(conn->ssl[1].use)
+    close_one(conn, 1);
+}
+
+/*
+ * If the read would block we return -1 and set 'wouldblock' to TRUE.
+ * Otherwise we return the amount of data read. Other errors should return -1
+ * and set 'wouldblock' to FALSE.
+ */
+ssize_t Curl_gtls_recv(struct connectdata *conn, /* connection data */
+                       int num,                  /* socketindex */
+                       char *buf,                /* store read data here */
+                       size_t buffersize,        /* max amount to read */
+                       bool *wouldblock)
+{
+  ssize_t ret;
+
+  ret = gnutls_record_recv(conn->ssl[num].session, buf, buffersize);
+  if((ret == GNUTLS_E_AGAIN) || (ret == GNUTLS_E_INTERRUPTED)) {
+    *wouldblock = TRUE;
+    return -1;
+  }
+
+  *wouldblock = FALSE;
+  if (!ret) {
+    failf(conn->data, "Peer closed the TLS connection");
+    return -1;
+  }
+
+  if (ret < 0) {
+    failf(conn->data, "GnuTLS recv error (%d): %s",
+          (int)ret, gnutls_strerror(ret));
+    return -1;
+  }
+
+  return ret;
+}
+
+void Curl_gtls_session_free(void *ptr)
+{
+  free(ptr);
+}
+
+size_t Curl_gtls_version(char *buffer, size_t size)
+{
+  return snprintf(buffer, size, " GnuTLS/%s", gnutls_check_version(NULL));
+}
+
+#endif /* USE_GNUTLS */

lib/gtls.h

@@ -0,0 +1,45 @@
+#ifndef __GTLS_H
+#define __GTLS_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * $Id$
+ ***************************************************************************/
+int Curl_gtls_init(void);
+int Curl_gtls_cleanup(void);
+CURLcode Curl_gtls_connect(struct connectdata *conn, int sockindex);
+
+/* tell GnuTLS to close down all open information regarding connections (and
+   thus session ID caching etc) */
+void Curl_gtls_close_all(struct SessionHandle *data);
+void Curl_gtls_close(struct connectdata *conn); /* close a SSL connection */
+
+/* return number of sent (non-SSL) bytes */
+int Curl_gtls_send(struct connectdata *conn, int sockindex,
+                   void *mem, size_t len);
+ssize_t Curl_gtls_recv(struct connectdata *conn, /* connection data */
+                       int num,                  /* socketindex */
+                       char *buf,                /* store read data here */
+                       size_t buffersize,        /* max amount to read */
+                       bool *wouldblock);
+void Curl_gtls_session_free(void *ptr);
+size_t Curl_gtls_version(char *buffer, size_t size);
+
+#endif

lib/hostares.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2004, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -26,8 +26,6 @@
 #include <string.h>
 #include <errno.h>
 
-#define _REENTRANT
-
 #if defined(WIN32) && !defined(__GNUC__) || defined(__MINGW32__)
 #include <malloc.h>
 #else
@@ -99,7 +97,7 @@
 #ifdef CURLRES_ARES
 
 /*
- * Curl_fdset() is called when someone from the outside world (using
+ * Curl_resolv_fdset() is called when someone from the outside world (using
  * curl_multi_fdset()) wants to get our fd_set setup and we're talking with
  * ares. The caller must make sure that this function is only called when we
  * have a working ares channel.
@@ -107,7 +105,7 @@
  * Returns: CURLE_OK always!
  */
 
-CURLcode Curl_fdset(struct connectdata *conn,
+CURLcode Curl_resolv_fdset(struct connectdata *conn,
                            fd_set *read_fd_set,
                            fd_set *write_fd_set,
                            int *max_fdp)