fixed warning with gcc 4.x (hopefully); dynamincally imported UseAccurateCaseForPaths() for CLIB port to be stonetime-compatible (NW 3.x).

fixed a warning which MingW gcc 4.2.1.
There's no need to ignore the User-Agent for this test.
2007-08-09 22:33:49 +00:00 · 2007-08-09 21:05:05 +00:00 · 2007-08-09 03:28:16 +00:00 · 2007-08-08 20:09:08 +00:00 · 2007-08-08 17:51:40 +00:00 · 2007-08-08 17:07:16 +00:00
139 changed files with 4544 additions and 2824 deletions
--- a/180
+++ b/180
@@ -6,6 +6,186 @@

                                  Changelog

+Dan F (8 August 2007)
+- Song Ma noted a zlib memory leak in the illegal compressed header
+  countermeasures code path.
+
+Daniel S (4 August 2007)
+- Patrick Monnerat fixed curl_easy_escape() and curlx_strtoll() to work on
+  non-ASCII systems.
+
+Daniel S (3 August 2007)
+- I cut out support for libssh2 versions older than 0.16 to make our code a
+  lot simpler, and to avoid getting trouble with the LIBSSH2_APINO define
+  that 1) didn't work properly since it was >32 bits and 2) is removed in
+  libssh2 0.16...
+
+Daniel S (2 August 2007)
+- Scott Cantor filed bug report #1766320
+  (http://curl.haxx.se/bug/view.cgi?id=1766320) pointing out that the libcurl
+  code accessed two curl_easy_setopt() options (CURLOPT_DNS_CACHE_TIMEOUT and
+  CURLOPT_DNS_USE_GLOBAL_CACHE) as ints even though they're documented to be
+  passed in as longs, and that makes a difference on 64 bit architectures.
+
+- Dmitriy Sergeyev reported a regression: resumed file:// transfers broke
+  after 7.16.2. This is much due to the different treatment file:// gets
+  internally, but now I added test 231 to make it less likely to happen again
+  without us noticing!
+
+Daniel S (1 August 2007)
+- Patrick Monnerat and I modified libcurl so that now it *copies* all strings
+  passed to it with curl_easy_setopt()! Previously it has always just refered
+  to the data, forcing the user to keep the data around until libcurl is done
+  with it. That is now history and libcurl will instead clone the given
+  strings and keep private copies. This is also part of Patrick Monnerat's
+  OS/400 port.
+
+  Due to this being a somewhat interesting change API wise, I've decided to
+  bump the version of the upcoming release to 7.17.0. Older applications will
+  of course not notice this change nor do they have to care, but new
+  applications can be written to take advantage of this.
+
+- Greg Morse reported a problem with POSTing using ANYAUTH to a server
+  requiring NTLM, and he provided test code and a test server and we worked
+  out a bug fix. We failed to count sent body data at times, which then caused
+  internal confusions when libcurl tried to send the rest of the data in order
+  to maintain the same connection alive.
+
+Daniel S (31 July 2007)
+- Peter O'Gorman pointed out (and fixed) that the non-blocking check in
+  configure made libcurl use blocking sockets on AIX 4 and 5, while that
+  wasn't the intention.
+
+Daniel S (29 July 2007)
+- Jayesh A Shah filed bug report #1759542
+  (http://curl.haxx.se/bug/view.cgi?id=1759542) identifying a rather serious
+  problem with FTPS: libcurl closed the data connection socket and then later
+  in the flow it would call the SSL layer to do SSL shutdown which then would
+  use a socket that had already been closed - so if the application had opened
+  a new one in the mean time, libcurl could send gibberish that way! I worked
+  with Greg Zavertnik to properly diagnose and fix this. The fix affects code
+  for all SSL libraries we support, but it has only been truly verified to
+  work fine for the OpenSSL version. The others have only been code reviewed.
+
+Daniel S (23 July 2007)
+- Implemented the parts of Patrick Monnerat's OS/400 patch that introduces
+  support for the OS/400 Secure Sockets Layer library.
+
+Dan F (23 July 2007)
+- Implemented only the parts of Patrick Monnerat's OS/400 patch that renamed
+  some few internal identifiers to avoid conflicts, which could be useful on
+  other platforms.
+
+Daniel S (22 July 2007)
+- HTTP Digest bug fix by Chris Flerackers:
+
+  Scenario
+
+  - Perfoming a POST request with body
+  - With authentication (only Digest)
+  - Re-using a connection
+
+  libcurl would send a HTTP POST with an Authorization header but without
+  body. Our server would return 400 Bad Request in that case (because
+  authentication passed, but the body was empty).
+
+  Cause
+
+  1) http_digest.c -> Curl_output_digest
+  - Updates allocptr.userpwd/allocptr.proxyuserpwd *only* if d->nonce is
+  filled in (and no errors)
+  - authp->done = TRUE if d->nonce is filled in
+  2) http.c -> Curl_http
+  - *Always* uses allocptr.userpwd/allocptr.proxyuserpwd if not NULL
+  3) http.c -> Curl_http, Curl_http_output_auth
+
+  So what happens is that Curl_output_digest cannot yet update the
+  Authorization header (allocptr.userpwd) which results in authhost->done=0 ->
+  authhost->multi=1 -> conn->bits.authneg = TRUE.  The body is not
+  added. *However*, allocptr.userpwd is still used when building the request
+
+- Added test case 354 that makes a simple FTP retrieval without password, which
+  verifies the bug fix in #1757328.
+
+Daniel S (21 July 2007)
+- To allow more flexibility in FTP test cases, I've removed the enforced states
+  from the test server code as they served no real purpose. The test server
+  is here to serve for the test cases, not to attempt to function as a real
+  server! While at it, I modified test case 141 to better test and verify
+  curl -I on a single FTP file.
+
+Daniel S (20 July 2007)
+- James Housley fixed the SFTP PWD command to work.
+
+- Ralf S. Engelschall filed bug report #1757328
+  (http://curl.haxx.se/bug/view.cgi?id=1757328) and submitted a patch. It
+  turns out we broke login to FTP servers that don't require (nor understand)
+  PASS after the USER command. The breakage was done as part of the krb5
+  commit so a krb-using person needs to verify that the current version now
+  works or if we need to fix it (in a different way of course).
+
+Dan F (17 July 2007)
+- Fixed test cases 613 and 614 by improving the log postprocessor to handle
+  a new directory listing format that newer libssh2's can provide.  This
+  is probably NOT sufficient to handle all directory listing formats that
+  server's can provide, and should be revisited.
+
+Daniel S (17 July 2007)
+- Daniel Johnson fixed a bug in how libssh2_session_last_error() was used, in
+  two places.
+
+- Jofell Gallardo posted a libcurl log using FTP that exposed a bug which made
+  a control connection that was deemed "dead" to yet be re-used in a following
+  request.
+
+Daniel S (13 July 2007)
+- Colin Hogben filed bug report #1750274
+  (http://curl.haxx.se/bug/view.cgi?id=1750274) and submitted a patch for the
+  case where libcurl did a connect attempt to a non-listening port and didn't
+  provide a human readable error string back.
+
+- Daniel Cater fixes:
+  1 - made 'make vc8' work on windows.
+  2 - made libcurl itself built with CURL_NO_OLDIES defined (which doesn't
+      define the symbols for backwards source compatibility)
+  3 - updated libcurl-errors.3
+  4 - added CURL_DISABLE_TFTP to docs/INSTALL
+
+Daniel S (12 July 2007)
+- Made the krb5 code build with Heimdal's GSSAPI lib.
+
+Dan F (12 July 2007)
+- Compile most of the example apps in docs/examples when doing a 'make check'.
+  Fixed some compile warnings and errors in those examples.
+
+- Removed the example program ftp3rdparty.c since libcurl doesn't support
+  3rd party FTP transfers any longer.
+
+Daniel S (12 July 2007)
+- Shmulik Regev found an (albeit rare) case where the proxy CONNECT operation
+  could in fact get stuck in an endless loop.
+
+- Made CURLOPT_SSL_VERIFYHOST set to 1 acts as described in the documentation:
+  fail to connect if there is no Common Name field found in the remote cert.
+  We should deprecate the support for this set to 1 anyway soon, since the
+  feature is pointless and most likely never really used by anyone.
+
+Daniel S (11 July 2007)
+- Shmulik Regev fixed a bug with transfer-encoding skipping during the 407
+  error pages for proxy authentication.
+
+- Giancarlo Formicuccia reported and fixed a problem with a closed connection
+  to a proxy during CONNECT auth negotiation.
+
+Dan F (10 July 2007)
+- Fixed a curl memory leak reported by Song Ma with a modified version
+  of the patch he suggested.  Added his test case as test289 to verify.
+
+- Force the time zone to GMT in the cookie tests in case the user is
+  using one of the so-called 'right' time zones that take into account
+  leap seconds, which causes the tests to fail (as reported by
+  Daniel Black in bug report #1745964).
+
 Version 7.16.4 (10 July 2007)

 Daniel S (10 July 2007)
--- a/Makefile.am
+++ b/Makefile.am
@@ -49,7 +49,7 @@ html:
 pdf:
 	cd docs; make pdf

-check: test
+check: test examples

 if CROSSCOMPILING
 test-full: test
@@ -71,6 +71,9 @@ test-torture:

 endif

+examples:
+	@(cd docs/examples; $(MAKE) all)
+
 #
 # Build source and binary rpms. For rpm-3.0 and above, the ~/.rpmmacros
 # must contain the following line:
--- a/Makefile.dist
+++ b/Makefile.dist
@@ -68,18 +68,22 @@ watcom-clean:
 	wmake -f Makefile.Watcom clean

 mingw32:
+	$(MAKE) -C lib -f Makefile.m32
+	$(MAKE) -C src -f Makefile.m32
+
+mingw32-zlib:
 	$(MAKE) -C lib -f Makefile.m32 ZLIB=1
 	$(MAKE) -C src -f Makefile.m32 ZLIB=1

-mingw32-ssl:
+mingw32-ssl-zlib:
 	$(MAKE) -C lib -f Makefile.m32 SSL=1 ZLIB=1
 	$(MAKE) -C src -f Makefile.m32 SSL=1 ZLIB=1

-mingw32-ssh2-ssl:
+mingw32-ssh2-ssl-zlib:
 	$(MAKE) -C lib -f Makefile.m32 SSH2=1 SSL=1 ZLIB=1
 	$(MAKE) -C src -f Makefile.m32 SSH2=1 SSL=1 ZLIB=1

-mingw32-ssh2-ssl-sspi:
+mingw32-ssh2-ssl-sspi-zlib:
 	$(MAKE) -C lib -f Makefile.m32 SSH2=1 SSL=1 SSPI=1 ZLIB=1
 	$(MAKE) -C src -f Makefile.m32 SSH2=1 SSL=1 SSPI=1 ZLIB=1

@@ -248,5 +252,5 @@ linux-ssl: ssl

 vc8:
 	echo "generate VC8 makefiles"
-	sed -e "s#/GX /DWIN32 /YX#/EHsc /DWIN32#" -e 's#/GZ#/RTC1#' -e 's/wsock32.lib/wsock32.lib bufferoverflowu.lib/g' -e 's/VC6/VC8/g' lib/Makefile.vc6 > lib/Makefile.vc8
-	sed -e "s#/GX /DWIN32 /YX#/EHsc /DWIN32#" -e 's#/GZ#/RTC1#' -e 's/wsock32.lib/wsock32.lib bufferoverflowu.lib/g' -e 's/VC6/VC8/g' src/Makefile.vc6 > src/Makefile.vc8
+	sed -e "s#/GX /DWIN32 /YX#/EHsc /DWIN32#" -e "s#/GZ#/RTC1#" -e "s/wsock32.lib/wsock32.lib bufferoverflowu.lib/g" -e "s/VC6/VC8/g" lib/Makefile.vc6 > lib/Makefile.vc8
+	sed -e "s#/GX /DWIN32 /YX#/EHsc /DWIN32#" -e "s#/GZ#/RTC1#" -e "s/wsock32.lib/wsock32.lib bufferoverflowu.lib/g" -e "s/VC6/VC8/g" src/Makefile.vc6 > src/Makefile.vc8
--- a/57
+++ b/57
@@ -1,30 +1,41 @@
-Curl and libcurl 7.16.4
+Curl and libcurl 7.17.0

- Public curl release number:               100
- Releases counted from the very beginning: 126
+ Public curl release number:               101
+ Releases counted from the very beginning: 127
 Available command line options:           118
 Available curl_easy_setopt() options:     143
 Number of public functions in libcurl:    55
- Amount of public web site mirrors:        39
+ Amount of public web site mirrors:        41
 Number of known libcurl bindings:         35
 Number of contributors:                   572

 This release includes the following changes:
 
- o added CURLOPT_NEW_FILE_PERMS and CURLOPT_NEW_DIRECTORY_PERMS
- o improved hashing of sockets for the multi_socket API
- o ftp kerberos5 support added
+ o support for OS/400 Secure Sockets Layer library
+ o curl_easy_setopt() now allocates strings passed to it
+ o SCP and SFTP support now requires libssh2 0.16 or later

 This release includes the following bugfixes:

- o adjusted how libcurl treats HTTP 1.1 responses without content-lenth or
-   chunked encoding
- o fixed the 10-at-a-time.c example
- o FTP over SOCKS proxy
- o improved error messages on SCP upload failures
- o security flaw (http://curl.haxx.se/docs/adv_20070710.html) in which libcurl
-   failed to properly reject some outdated or not yet valid server certificates
-   when built with GnuTLS
+ o test cases 31, 46, 61, 506, 517 now work in time zones that use leap seconds
+ o problem with closed proxy connection during HTTP CONNECT auth negotiation
+ o transfer-encoding skipping didn't ignore the 407 response bodies properly
+ o CURLOPT_SSL_VERIFYHOST set to 1
+ o CONNECT endless loop
+ o krb5 support builds with Heimdal
+ o added returned error string for connection refused case
+ o re-use of dead FTP control connections
+ o login to FTP servers that don't require (nor understand) PASS after the
+   USER command
+ o bad free of memory from libssh2
+ o the SFTP PWD command works
+ o HTTP Digest auth on a re-used connection
+ o FTPS data connection close
+ o AIX 4 and 5 get to use non-blocking sockets
+ o small POST with NTLM
+ o resumed file:// transfers
+ o CURLOPT_DNS_CACHE_TIMEOUT and CURLOPT_DNS_USE_GLOBAL_CACHE are 64 bit "clean"
+ o memory leak when handling compressed data streams from broken servers

 This release includes the following known bugs:

@@ -32,16 +43,22 @@ This release includes the following known bugs:

 Other curl-related news:

- o 
+ o pycurl 7.16.4 was released http://pycurl.sf.net
+ o TclCurl 7.16.4 was released
+   http://personal1.iddeo.es/andresgarci/tclcurl/english/

 New curl mirrors:

- o 
+ o http://curl.freeby.pctools.cl is a new mirror in Santiago, Chile
+ o http://curl.site2nd.org is a new mirror in Dallas, Texas, USA

 This release would not have looked like this without help, code, reports and
 advice from friends like these:

- Robert Iakobashvili, James Housley, G<>nter Knauf, James Bursa, Song Ma,
- Thomas J. Moore, Gavrie Philipson, Kees Cook
-
+ Dan Fandrich, Song Ma, Daniel Black, Giancarlo Formicuccia, Shmulik Regev,
+ Daniel Cater, Colin Hogben, Jofell Gallardo, Daniel Johnson,
+ Ralf S. Engelschall, James Housley, Chris Flerackers, Patrick Monnerat,
+ Jayesh A Shah, Greg Zavertnik, Peter O'Gorman, Greg Morse, Dmitriy Sergeyev,
+ Scott Cantor
+ 
        Thanks! (and sorry if I forgot to mention someone)
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -1107,7 +1107,7 @@ AC_DEFUN([CURL_CHECK_NONBLOCKING_SOCKET],
 #  define PLATFORM_SUNOS4
 # endif
 #endif
-#if (defined(_AIX) || defined(__xlC__)) && !defined(_AIX4)
+#if (defined(_AIX) || defined(__xlC__)) && !defined(_AIX41)
 # define PLATFORM_AIX_V3
 #endif

--- a/ares/CHANGES
+++ b/ares/CHANGES
@@ -1,5 +1,38 @@
  Changelog for the c-ares project

+* July 14 2007 (Daniel Stenberg)
+
+- Vlad Dinulescu fixed two outstanding valgrind reports:
+
+ 
+  1. In ares_query.c , in find_query_by_id we compare q->qid (which is a short
+  int variable) with qid, which is declared as an int variable.  Moreover,
+  DNS_HEADER_SET_QID is used to set the value of qid, but DNS_HEADER_SET_QID
+  sets only the first two bytes of qid. I think that qid should be declared as
+  "unsigned short" in this function.
+
+  2. The same problem occurs in ares_process.c, process_answer() .  query->qid
+  (an unsigned short integer variable) is compared with id, which is an
+  integer variable. Moreover, id is initialized from DNS_HEADER_QID which sets
+  only the first two bytes of id. I think that the id variable should be
+  declared as "unsigned short" in this function.
+
+  Even after declaring these variables as "unsigned short", the valgrind
+  errors are still there. Which brings us to the third problem.
+
+  3. The third problem is that Valgrind assumes that query->qid is not
+  initialised correctly. And it does that because query->qid is set from
+  DNS_HEADER_QID(qbuf); Valgrind says that qbuf has unitialised bytes. And
+  qbuf has uninitialised bytes because of channel->next_id . And next_id is
+  set by ares_init.c:ares__generate_new_id() . I found that putting short r=0
+  in this function (instead of short r) makes all Valgrind warnings go away.
+  I have studied ares__rc4() too, and this is the offending line:
+
+        buffer_ptr[counter] ^= state[xorIndex];   (ares_query.c:62)
+
+  This is what triggers Valgrind.. buffer_ptr is unitialised in this function,
+  and by applying ^= on it, it remains unitialised.
+
 Version 1.4.0 (June 8, 2007)

 * June 4 2007 (Daniel Stenberg)
--- a/ares/Makefile.am
+++ b/ares/Makefile.am
@@ -11,7 +11,7 @@ MSVCFILES = vc/adig/adig.dep vc/adig/adig.dsp vc/vc.dsw vc/ahost/ahost.dep \
 # adig and ahost are just sample programs and thus not mentioned with the
 # regular sources and headers
 EXTRA_DIST = CHANGES README.cares Makefile.inc adig.c ahost.c $(man_MANS) \
- $(MSVCFILES) AUTHORS config-win32.h RELEASE-NOTES
+ $(MSVCFILES) AUTHORS config-win32.h RELEASE-NOTES libcares.pc.in


 VER=-version-info 1:0:0
--- a/ares/Makefile.netware
+++ b/ares/Makefile.netware
@@ -130,6 +130,9 @@ else
 	# INCLUDES += -I$(SDK_CLIB)/include/nlm/obsolete
 	# INCLUDES += -I$(SDK_CLIB)/include
 endif
+ifeq ($(DB),CURLDEBUG)
+INCLUDES += -I../include
+endif
 CFLAGS	+= -I. $(INCLUDES)

 ifeq ($(MTSAFE),YES)
--- a/ares/ares_free_hostent.3
+++ b/ares/ares_free_hostent.3
@@ -33,12 +33,13 @@ allocated by one of the functions \fIares_parse_a_reply(3)\fP,
 .SH NOTES
 It is not necessary (and is not correct) to free the host structure passed to
 the callback functions for \fIares_gethostbyname(3)\fP or
-\fIares_gethostbyaddr(3)\fP. The ares library will automatically free such
-host structures when the callback returns.
+\fIares_gethostbyaddr(3)\fP. c-ares will automatically free such host
+structures when the callback returns.
 .SH SEE ALSO
 .BR ares_parse_a_reply (3),
 .BR ares_parse_aaaa_reply (3),
-.BR ares_parse_ptr_reply (3)
+.BR ares_parse_ptr_reply (3),
+.BR ares_parse_ns_reply (3)
 .SH AUTHOR
 Greg Hudson, MIT Information Systems
 .br
--- a/ares/ares_init.c
+++ b/ares/ares_init.c
@@ -1322,7 +1322,8 @@ static void init_id_key(rc4_key* key,int key_data_len)
  randomize_key(key->state,key_data_len);
  state = &key->state[0];
  for(counter = 0; counter < 256; counter++)
-        state[counter] = counter;
+    /* unnecessary AND but it keeps some compilers happier */
+    state[counter] = counter & 0xff;
  key->x = 0;
  key->y = 0;
  index1 = 0;
@@ -1341,7 +1342,7 @@ static void init_id_key(rc4_key* key,int key_data_len)

 short ares__generate_new_id(rc4_key* key)
 {
-  short r;
+  short r=0;
  ares__rc4(key, (unsigned char *)&r, sizeof(r));
  return r;
 }
--- a/ares/ares_process.c
+++ b/ares/ares_process.c
@@ -400,7 +400,8 @@ static void process_timeouts(ares_channel channel, time_t now)
 static void process_answer(ares_channel channel, unsigned char *abuf,
                           int alen, int whichserver, int tcp, time_t now)
 {
-  int id, tc, rcode;
+  int tc, rcode;
+  unsigned short id;
  struct query *query;

  /* If there's no room in the answer for a header, we can't do much
--- a/ares/ares_query.c
+++ b/ares/ares_query.c
@@ -67,7 +67,7 @@ void ares__rc4(rc4_key* key, unsigned char *buffer_ptr, int buffer_len)

 static struct query* find_query_by_id(ares_channel channel, int id)
 {
-  int qid;
+  unsigned short qid;
  struct query* q;
  DNS_HEADER_SET_QID(((unsigned char*)&qid), id);

--- a/ares/configure.ac
+++ b/ares/configure.ac
@@ -803,4 +803,4 @@ if test -n "$RANDOM_FILE" && test X"$RANDOM_FILE" != Xno ; then
        [a suitable file/device to read random data from])
 fi

-AC_OUTPUT(Makefile)
+AC_OUTPUT(Makefile libcares.pc)
--- a/ares/libcares.pc.in
+++ b/ares/libcares.pc.in
@@ -0,0 +1,20 @@
+#***************************************************************************
+# Project        ___       __ _ _ __ ___  ___ 
+#               / __|____ / _` | '__/ _ \/ __|
+#              | (_|_____| (_| | | |  __/\__ \
+#               \___|     \__,_|_|  \___||___/
+# $id: $
+#
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+libdir=@libdir@
+includedir=@includedir@
+
+Name: c-ares
+URL: http://daniel.haxx.se/projects/c-ares/
+Description: asyncronous DNS lookup library
+Version: @VERSION@
+Requires: 
+Requires.private: 
+Cflags: -I${includedir}
+Libs: -L${libdir} -lcares
--- a/docs/BUGS
+++ b/docs/BUGS
@@ -8,7 +8,7 @@ $Id$
 BUGS

  Curl and libcurl have grown substantially since the beginning. At the time
-  of writing (August 2003), there are about 40000 lines of source code, and by
+  of writing (July 2007), there are about 47000 lines of source code, and by
  the time you read this it has probably grown even more.

  Of course there are lots of bugs left. And lots of misfeatures.
@@ -39,6 +39,7 @@ WHAT TO REPORT
   - your operating system's name and version number (uname -a under a unix
     is fine)
   - what version of curl you're using (curl -V is fine)
+   - versions of the used libraries that libcurl is built to use
   - what URL you were working with (if possible), at least which protocol

  and anything and everything else you think matters. Tell us what you
--- a/docs/FAQ
+++ b/docs/FAQ
@@ -1,4 +1,4 @@
-Updated: June 26, 2007 (http://curl.haxx.se/docs/faq.html)
+Updated: July 30, 2007 (http://curl.haxx.se/docs/faq.html)
                                  _   _ ____  _
                              ___| | | |  _ \| |
                             / __| | | | |_) | |
@@ -68,6 +68,7 @@ FAQ
  4.12 Why do I get "certificate verify failed" ?
  4.13 Why is curl -R on Windows one hour off?
  4.14 Redirects work in browser but not with curl!
+  4.15 FTPS doesn't work

 5. libcurl Issues
  5.1 Is libcurl thread-safe?
@@ -289,13 +290,13 @@ FAQ

  Some facts to use as input to the math:

-  curl packages are downloaded from the curl.haxx.se and mirrors almost one
+  curl packages are downloaded from the curl.haxx.se and mirrors over a
  million times per year. curl is installed by default with most Linux
  distributions. curl is installed by default with Mac OS X. curl and libcurl
  as used by numerous applications that include libcurl binaries in their
  distribution packages (like Adobe Acrobat Reader and Google Earth).

-  More than 60 known named companies use curl in commercial environments and
+  More than 70 known named companies use curl in commercial environments and
  products. More than 100 known named open source projects depend on
  (lib)curl.

@@ -374,7 +375,7 @@ FAQ

  2.4 Does curl support Socks (RFC 1928) ?

-  Yes, SOCKS5 is supported.
+  Yes, SOCKS 4 and 5 are supported.


 3. Usage problems
@@ -828,6 +829,20 @@ FAQ
  manually figure out what the page is set to do, or you write a script that
  parses the results and fetches the new URL.

+  4.15 FTPS doesn't work
+
+  curl supports FTPS (sometimes known as FTP-SSL) both implicit and explicit
+  mode.
+
+  When a URL is used that starts with FTPS://, curl assumes implicit SSL on
+  the control connection and will therefore immediately connect and try to
+  speak SSL. FTPS:// connections default to port 990.
+
+  To use explicit FTPS, you use a FTP:// URL and the --ftp-ssl option (or one
+  of its related flavours). This is the most common method, and the one
+  mandated by RFC4217. This kind of connection then of course uses the
+  standard FTP port 21 by default.
+

 5. libcurl Issues

@@ -1103,14 +1118,14 @@ FAQ
  In the cURL project we call this module PHP/CURL to differentiate it from
  curl the command line tool and libcurl the library. The PHP team however
  does not refer to it like this (for unknown reasons). They call it plain
-  CURL (often using all caps) which causes much confusion to users which in
-  turn gives us a higher question load.
+  CURL (often using all caps) or sometimes ext/curl, but both cause much
+  confusion to users which in turn gives us a higher question load.

  7.2 Who write PHP/CURL?

  PHP/CURL is a module that comes with the regular PHP package. It depends and
  uses libcurl, so you need to have libcurl installed properly first before
-  PHP/CURL can be used. PHP/CURL is written by Sterling Hughes.
+  PHP/CURL can be used. PHP/CURL was initially written by Sterling Hughes.

  7.3 Can I perform multiple requests using the same handle?

--- a/docs/INSTALL
+++ b/docs/INSTALL
@@ -85,15 +85,6 @@ UNIX

        LDFLAGS=-R/usr/local/ssl/lib ./configure --with-ssl

-   Another option to the previous trick, is to set LD_LIBRARY_PATH or edit the
-   /etc/ld.so.conf file.
-
-   If your SSL library was compiled with rsaref (this was common in the past
-   when used in the United States), you may also need to set:
-
-     LIBS=-lRSAglue -lrsaref
-     (as suggested by Doug Kaufman)
-
   MORE OPTIONS

     To force configure to use the standard cc compiler if both cc and gcc are
@@ -143,6 +134,12 @@ UNIX
     To build with NSS support instead of OpenSSL for SSL/TLS, note that
     you need to use both --without-ssl and --with-nss.

+     To get GSSAPI support, build with --with-gssapi and have the MIT or
+     Heimdal Kerberos 5 packages installed.
+
+     To get support for SCP and SFTP, build with --with-libssh2 and have
+     libssh2 0.16 or later installed.
+     

 Win32
 =====
@@ -173,9 +170,15 @@ Win32
   MingW32
   -------

-   Run the 'mingw32.bat' file to get the proper environment variables set,
-   then run 'make mingw32' in the root dir. Use 'make mingw32-ssl' to build
-   curl SSL enabled.
+   MinGW32 does not provide a batch script to set environment variables
+   automatically. Make sure that MinGW32's bin dir is in PATH and then
+   run 'mingw32-make mingw32' in the root dir. There are other make
+   targets available to build libcurl with more features, use:
+   'mingw32-make mingw32-zlib' to build with Zlib support;
+   'mingw32-make mingw32-ssl-zlib' to build with SSL and Zlib enabled;
+   'mingw32-make mingw32-ssh2-ssl-zlib' to build with SSH2, SSL, Zlib;
+   'mingw32-make mingw32-ssh2-ssl-sspi-zlib' to build with SSH2, SSL, Zlib
+   and SSPI.

   If you have any problems linking libraries or finding header files, be sure
   to verify that the provided "Makefile.m32" files use the proper paths, and
@@ -183,12 +186,12 @@ Win32
   environment variables, for example:

     set ZLIB_PATH=c:\zlib-1.2.3
-     set OPENSSL_PATH=c:\openssl-0.9.8d
-     set LIBSSH2_PATH=c:\libssh2-0.15
+     set OPENSSL_PATH=c:\openssl-0.9.8e
+     set LIBSSH2_PATH=c:\libssh2-0.16

   ATTENTION: if you want to build with libssh2 support you have to use latest
-   sources fetched from CVS - the current 0.14 release will NOT work!
-   Use 'make mingw32-ssh2-ssl' to build curl with SSH2 and SSL enabled.
+   sources fetched from CVS - the current 0.15 release will NOT work!
+   Use 'mingw32-make mingw32-ssh2-ssl-zlib' to build with SSH2 and SSL enabled.

   Cygwin
   ------
@@ -307,6 +310,7 @@ Win32
   CURL_DISABLE_TELNET   disables TELNET
   CURL_DISABLE_DICT     disables DICT
   CURL_DISABLE_FILE     disables FILE
+   CURL_DISABLE_TFTP     disables TFTP

   If you want to set any of these defines you have the following
   possibilities:
--- a/docs/KNOWN_BUGS
+++ b/docs/KNOWN_BUGS
@@ -3,6 +3,13 @@ join in and help us correct one or more of these! Also be sure to check the
 changelog of the current development status, as one or more of these problems
 may have been fixed since this was written!

+45. libcurl built to support ipv6 uses getaddrinfo() to resolve host names.
+  getaddrinfo() sorts the response list which effectively kills how libcurl
+  deals with round-robin DNS entries. All details:
+    http://curl.haxx.se/mail/lib-2007-07/0168.html
+  initial suggested function to use for randomizing the response:
+    http://curl.haxx.se/mail/lib-2007-07/0178.html
+
 44. --ftp-method nocwd does not handle URLs ending with a slash properly (it
  should list the contents of that directory). See test case 351.

--- a/docs/README.win32
+++ b/docs/README.win32
@@ -20,3 +20,7 @@ README.win32
  command line similar to this in order to extract a separate text file:

        curl -M >manual.txt
+
+  Read the INSTALL file for instructions how to compile curl self.
+
+
--- a/docs/THANKS
+++ b/docs/THANKS
@@ -178,6 +178,7 @@ Fred New
 Fred Noz
 Frederic Lepied
 Gautam Mani
+Gavrie Philipson
 Gaz Iqbal
 Georg Horn
 Georg Huettenegger
@@ -287,6 +288,7 @@ Kang-Jin Lee
 Karl Moerder
 Karol Pietrzak
 Katie Wang
+Kees Cook
 Keith MacDonald
 Keith McGuigan
 Ken Hirsch
@@ -461,7 +463,6 @@ Rob Stanzel
 Robert A. Monat
 Robert D. Young
 Robert Foreman
-Robert Iakobashvil
 Robert Iakobashvili
 Robert Olson
 Robert Weaver
@@ -521,6 +522,7 @@ S
 T. Bharath
 T. Yamada
 Temprimus
+Thomas J. Moore
 Thomas Klausner
 Thomas Schwinge
 Thomas Tonino
--- a/docs/TODO
+++ b/docs/TODO
@@ -52,6 +52,10 @@ TODO
   that would risk collide with other apps that use libcurl and that runs
   configure).

+   Work on this has been started but hasn't been finished, and the initial
+   patch and some details are found here:
+   http://curl.haxx.se/mail/lib-2006-12/0084.html
+
 LIBCURL - multi interface

 * Make sure we don't ever loop because of non-blocking sockets return
@@ -81,10 +85,6 @@ TODO
 * Make the detection of (bad) %0d and %0a codes in FTP url parts earlier in
   the process to avoid doing a resolve and connect in vain.

- * Support GSS/Kerberos 5 for ftp file transfer. This will allow user
-   authentication and file encryption.  Possible libraries and example clients
-   are available from MIT or Heimdal. Requested by Markus Moeller.
-
 * REST fix for servers not behaving well on >2GB requests. This should fail
   if the server doesn't set the pointer to the requested index. The tricky
   (impossible?) part is to figure out if the server did the right thing or
--- a/docs/curl.1
+++ b/docs/curl.1
@@ -909,7 +909,7 @@ the server returns failure for one of the commands, the entire operation
 will be aborted. You must send syntactically correct FTP commands as
 RFC959 defines to FTP servers, or one of the following commands (with
 appropriate arguments) to SFTP servers: chgrp, chmod, chown, ln, mkdir,
-rename, rm, rmdir, symlink.
+pwd, rename, rm, rmdir, symlink.

 This option can be used multiple times.
 .IP "--random-file <file>"
--- a/docs/examples/Makefile.am
+++ b/docs/examples/Makefile.am
@@ -2,17 +2,29 @@
 # $Id$
 #

-AUTOMAKE_OPTIONS = foreign no-dependencies
+AUTOMAKE_OPTIONS = foreign nostdinc

-EXTRA_DIST = README curlgtk.c sepheaders.c simple.c postit2.c		\
- persistant.c ftpget.c Makefile.example multithread.c getinmemory.c	\
- ftpupload.c httpput.c simplessl.c ftpgetresp.c http-post.c		\
- post-callback.c multi-app.c multi-double.c multi-single.c		\
- multi-post.c fopen.c simplepost.c makefile.dj curlx.c https.c		\
- multi-debugcallback.c fileupload.c getinfo.c ftp3rdparty.c debug.c	\
- anyauthput.c htmltitle.cc htmltidy.c opensslthreadlock.c		\
- cookie_interface.c cacertinmem.c synctime.c sampleconv.c ftpuploadresume.c \
- 10-at-a-time.c hiperfifo.c ghiper.c
+EXTRA_DIST = README Makefile.example makefile.dj $(COMPLICATED_EXAMPLES)
+
+INCLUDES = -I$(top_srcdir)/include
+
+LIBDIR = $(top_builddir)/lib
+
+# Dependencies
+LDADD = $(LIBDIR)/libcurl.la
+
+# These are all libcurl example programs to be test compiled
+noinst_PROGRAMS = 10-at-a-time anyauthput cookie_interface \
+  debug fileupload fopen ftpget ftpgetresp ftpupload \
+  getinfo getinmemory http-post httpput \
+  https multi-app multi-debugcallback multi-double \
+  multi-post multi-single persistant post-callback \
+  postit2 sepheaders simple simplepost simplessl
+
+# These examples require external dependencies that may not be commonly
+# available on POSIX systems, so don't bother attempting to compile them here.
+COMPLICATED_EXAMPLES = \
+ curlgtk.c curlx.c htmltitle.cc cacertinmem.c ftpuploadresume.c \
+ ghiper.c hiperfifo.c htmltidy.c multithread.c \
+ opensslthreadlock.c sampleconv.c synctime.c

-all:
-	@echo "done"
--- a/docs/examples/anyauthput.c
+++ b/docs/examples/anyauthput.c
@@ -11,6 +11,7 @@
 #include <stdio.h>
 #include <fcntl.h>
 #include <sys/stat.h>
+#include <unistd.h>

 #include <curl/curl.h>

@@ -18,6 +19,10 @@
 #error "upgrade your libcurl to no less than 7.12.3"
 #endif

+#ifndef TRUE
+#define TRUE 1
+#endif
+
 /*
 * This example shows a HTTP PUT operation with authentiction using "any"
 * type. It PUTs a file given as a command line argument to the URL also given
@@ -52,7 +57,7 @@ static curlioerr my_ioctl(CURL *handle, curliocmd cmd, void *userp)
 }

 /* read callback function, fread() look alike */
-size_t read_callback(void *ptr, size_t size, size_t nmemb, void *stream)
+static size_t read_callback(void *ptr, size_t size, size_t nmemb, void *stream)
 {
  size_t retcode;

--- a/docs/examples/cacertinmem.c
+++ b/docs/examples/cacertinmem.c
@@ -135,4 +135,5 @@ int main(void)

  curl_easy_cleanup(ch);
  curl_global_cleanup();
+  return rv;
 }
--- a/docs/examples/cookie_interface.c
+++ b/docs/examples/cookie_interface.c
@@ -10,6 +10,7 @@

 #include <stdio.h>
 #include <string.h>
+#include <stdlib.h>
 #include <errno.h>
 #include <time.h>

@@ -74,7 +75,7 @@ main(void)
 #define snprintf _snprintf
 #endif
    /* Netscape format cookie */
-    snprintf(nline, 256, "%s\t%s\t%s\t%s\t%u\t%s\t%s",
+    snprintf(nline, sizeof(nline), "%s\t%s\t%s\t%s\t%lu\t%s\t%s",
      ".google.com", "TRUE", "/", "FALSE", time(NULL) + 31337, "PREF", "hello google, i like you very much!");
    res = curl_easy_setopt(curl, CURLOPT_COOKIELIST, nline);
    if (res != CURLE_OK) {
@@ -83,7 +84,7 @@ main(void)
    }

    /* HTTP-header style cookie */
-    snprintf(nline, 256,
+    snprintf(nline, sizeof(nline),
      "Set-Cookie: OLD_PREF=3d141414bf4209321; "
      "expires=Sun, 17-Jan-2038 19:14:07 GMT; path=/; domain=.google.com");
    res = curl_easy_setopt(curl, CURLOPT_COOKIELIST, nline);
--- a/docs/examples/curlx.c
+++ b/docs/examples/curlx.c
@@ -81,6 +81,7 @@

 #include <stdio.h>
 #include <stdlib.h>
+#include <string.h>
 #include <curl/curl.h>
 #include <openssl/x509v3.h>
 #include <openssl/x509_vfy.h>
@@ -94,13 +95,13 @@
 #include <openssl/bio.h>
 #include <openssl/ssl.h>

-static char *curlx_usage[]={
+static const char *curlx_usage[]={
  "usage: curlx args\n",
  " -p12 arg         - tia  file ",
  " -envpass arg     - environement variable which content the tia private key password",
  " -out arg         - output file (response)- default stdout",
  " -in arg          - input file (request)- default stdin",
-  " -connect arg     - URL of the server for the connection ex: www.openevidenve.org",
+  " -connect arg     - URL of the server for the connection ex: www.openevidence.org",
  " -mimetype arg    - MIME type for data in ex : application/timestamp-query or application/dvcs -default application/timestamp-query",
  " -acceptmime arg  - MIME type acceptable for the response ex : application/timestamp-response or application/dvcs -default none",
  " -accesstype arg  - an Object identifier in an AIA/SIA method, e.g. AD_DVCS or ad_timestamping",
@@ -268,19 +269,21 @@ int main(int argc, char **argv) {
  char* mimetype;
  char* mimetypeaccept=NULL;
  char* contenttype;
-  char** pp;
+  const char** pp;
  unsigned char* hostporturl = NULL;
-  binaryptr=(char*)malloc(tabLength);
  BIO * p12bio ;
  char **args = argv + 1;
  unsigned char * serverurl;
  sslctxparm p;
  char *response;
-  p.verbose = 0;

  CURLcode res;
  struct curl_slist * headers=NULL;
+  int badarg=0;

+  binaryptr=(char*)malloc(tabLength);
+
+  p.verbose = 0;
  p.errorbio = BIO_new_fp (stderr, BIO_NOCLOSE);

  curl_global_init(CURL_GLOBAL_DEFAULT);
@@ -292,7 +295,6 @@ int main(int argc, char **argv) {
  ERR_load_crypto_strings();


-  int badarg=0;

  while (*args && *args[0] == '-') {
    if (!strcmp (*args, "-in")) {
@@ -407,10 +409,9 @@ int main(int argc, char **argv) {
  }
  else if (p.accesstype != 0) { /* see whether we can find an AIA or SIA for a given access type */
    if (!(serverurl = my_get_ext(p.usercert,p.accesstype,NID_info_access))) {
+      int j=0;
      BIO_printf(p.errorbio,"no service URL in user cert "
                 "cherching in others certificats\n");
-      int j=0;
-      int find=0;
      for (j=0;j<sk_X509_num(p.ca);j++) {
        if ((serverurl = my_get_ext(sk_X509_value(p.ca,j),p.accesstype,
                                    NID_info_access)))
--- a/docs/examples/fileupload.c
+++ b/docs/examples/fileupload.c
@@ -17,7 +17,6 @@ int main(void)
 {
  CURL *curl;
  CURLcode res;
-  curl_off_t size;
  struct stat file_info;
  double speed_upload, total_time;
  FILE *fd;
--- a/docs/examples/fopen.c
+++ b/docs/examples/fopen.c
@@ -70,7 +70,7 @@ struct fcurl_data
 typedef struct fcurl_data URL_FILE;

 /* exported functions */
-URL_FILE *url_fopen(char *url,const char *operation);
+URL_FILE *url_fopen(const char *url,const char *operation);
 int url_fclose(URL_FILE *file);
 int url_feof(URL_FILE *file);
 size_t url_fread(void *ptr, size_t size, size_t nmemb, URL_FILE *file);
@@ -93,11 +93,11 @@ write_callback(char *buffer,
    URL_FILE *url = (URL_FILE *)userp;
    size *= nitems;

-    rembuff=url->buffer_len - url->buffer_pos;//remaining space in buffer
+    rembuff=url->buffer_len - url->buffer_pos; /* remaining space in buffer */

    if(size > rembuff)
    {
-        //not enuf space in buffer
+        /* not enough space in buffer */
        newbuff=realloc(url->buffer,url->buffer_len + (size - rembuff));
        if(newbuff==NULL)
        {
@@ -211,7 +211,7 @@ use_buffer(URL_FILE *file,int want)


 URL_FILE *
-url_fopen(char *url,const char *operation)
+url_fopen(const char *url,const char *operation)
 {
    /* this code could check for URLs or types in the 'url' and
       basicly use the real fopen() for standard files */
@@ -236,7 +236,7 @@ url_fopen(char *url,const char *operation)

        curl_easy_setopt(file->handle.curl, CURLOPT_URL, url);
        curl_easy_setopt(file->handle.curl, CURLOPT_WRITEDATA, file);
-        curl_easy_setopt(file->handle.curl, CURLOPT_VERBOSE, FALSE);
+        curl_easy_setopt(file->handle.curl, CURLOPT_VERBOSE, 0);
        curl_easy_setopt(file->handle.curl, CURLOPT_WRITEFUNCTION, write_callback);

        if(!multi_handle)
@@ -466,7 +466,7 @@ main(int argc, char *argv[])

    int nread;
    char buffer[256];
-    char *url;
+    const char *url;

    if(argc < 2)
    {
@@ -481,7 +481,7 @@ main(int argc, char *argv[])
    outf=fopen("fgets.test","w+");
    if(!outf)
    {
-        perror("couldnt open fgets output file\n");
+        perror("couldn't open fgets output file\n");
        return 1;
    }

@@ -508,7 +508,7 @@ main(int argc, char *argv[])
    outf=fopen("fread.test","w+");
    if(!outf)
    {
-        perror("couldnt open fread output file\n");
+        perror("couldn't open fread output file\n");
        return 1;
    }

@@ -533,7 +533,7 @@ main(int argc, char *argv[])
    outf=fopen("rewind.test","w+");
    if(!outf)
    {
-        perror("couldnt open fread output file\n");
+        perror("couldn't open fread output file\n");
        return 1;
    }

--- a/docs/examples/ftp3rdparty.c
+++ b/docs/examples/ftp3rdparty.c
@@ -1,103 +0,0 @@
-/*****************************************************************************
- *                                  _   _ ____  _
- *  Project                     ___| | | |  _ \| |
- *                             / __| | | | |_) | |
- *                            | (__| |_| |  _ <| |___
- *                             \___|\___/|_| \_\_____|
- *
- * $Id$
- */
-
-#include <stdio.h>
-
-#include <curl/curl.h>
-#include <curl/types.h>
-#include <curl/easy.h>
-
-/*
- * This is an example showing how to transfer a file between two remote hosts.
- * 7.13.0 or later required.
- */
-
-int main(void)
-{
-  CURL *curl;
-  CURLcode res;
-  char source_url[] = "ftp://remotehost.com/path/to/source";
-  char target_url[] = "ftp://aotherserver.com/path/to/dest";
-
-  char sourceUserPass[] = "user:pass";
-  char targetUserPass[] = "user:pass";
-  char url[100];
-
-  struct curl_slist *source_pre_cmd = NULL;
-  struct curl_slist *target_pre_cmd = NULL;
-  struct curl_slist *source_post_cmd = NULL;
-  struct curl_slist *target_post_cmd = NULL;
-  char cmd[] = "PWD";   /* just to test */
-
-  curl_global_init(CURL_GLOBAL_DEFAULT);
-
-  curl = curl_easy_init();
-  if (curl) {
-    /* The ordinary URL is the target when speaking 3rd party transfers */
-    curl_easy_setopt(curl, CURLOPT_URL, target_url);
-
-    /* Set a source URL */
-    curl_easy_setopt(curl, CURLOPT_SOURCE_URL, source_url);
-
-    /* Set target user and password */
-    curl_easy_setopt(curl, CURLOPT_USERPWD, targetUserPass);
-
-    /* Set source user and password */
-    curl_easy_setopt(curl, CURLOPT_SOURCE_USERPWD, sourceUserPass);
-
-#if 0
-    /* FTPPORT enables PORT on the target side, instead of PASV. */
-    curl_easy_setopt(curl, CURLOPT_FTPPORT, "");   /* optional */
-#endif
-
-    /* build a list of commands to pass to libcurl */
-    source_pre_cmd = curl_slist_append(source_pre_cmd, cmd);
-    /* Set a proxy pre-quote command */
-    curl_easy_setopt(curl, CURLOPT_SOURCE_PREQUOTE, source_pre_cmd);
-
-    /* build a list of commands to pass to libcurl */
-    target_pre_cmd = curl_slist_append(target_pre_cmd, cmd);
-    /* Set a pre-quote command */
-    curl_easy_setopt(curl, CURLOPT_PREQUOTE, target_pre_cmd);
-
-    /* build a list of commands to pass to libcurl */
-    source_post_cmd = curl_slist_append(source_post_cmd, cmd);
-    /* Set a proxy post-quote command */
-    curl_easy_setopt(curl, CURLOPT_SOURCE_POSTQUOTE, source_post_cmd);
-
-    /* build a list of commands to pass to libcurl */
-    target_post_cmd = curl_slist_append(target_post_cmd, cmd);
-    /* Set a post-quote command */
-    curl_easy_setopt(curl, CURLOPT_POSTQUOTE, target_post_cmd);
-
-    /* Switch on full protocol/debug output */
-    curl_easy_setopt(curl, CURLOPT_VERBOSE, 1);
-
-    res = curl_easy_perform(curl);
-
-    /* clean up the FTP commands list */
-    curl_slist_free_all(source_pre_cmd);
-    curl_slist_free_all(target_pre_cmd);
-    curl_slist_free_all(source_post_cmd);
-    curl_slist_free_all(target_post_cmd);
-
-    /* always cleanup */
-    curl_easy_cleanup(curl);
-
-    if(CURLE_OK != res) {
-      /* we failed */
-      fprintf(stderr, "curl told us %d\n", res);
-    }
-  }
-
-  curl_global_cleanup();
-
-  return 0;
-}
--- a/docs/examples/ftpget.c
+++ b/docs/examples/ftpget.c
@@ -22,11 +22,11 @@
 */

 struct FtpFile {
-  char *filename;
+  const char *filename;
  FILE *stream;
 };

-int my_fwrite(void *buffer, size_t size, size_t nmemb, void *stream)
+static int my_fwrite(void *buffer, size_t size, size_t nmemb, void *stream)
 {
  struct FtpFile *out=(struct FtpFile *)stream;
  if(out && !out->stream) {
@@ -65,7 +65,7 @@ int main(void)
    curl_easy_setopt(curl, CURLOPT_WRITEDATA, &ftpfile);

    /* Switch on full protocol/debug output */
-    curl_easy_setopt(curl, CURLOPT_VERBOSE, TRUE);
+    curl_easy_setopt(curl, CURLOPT_VERBOSE, 1);

    res = curl_easy_perform(curl);

--- a/docs/examples/ftpgetresp.c
+++ b/docs/examples/ftpgetresp.c
@@ -21,7 +21,7 @@
 * This functionality was introduced in libcurl 7.9.3.
 */

-size_t
+static size_t
 write_response(void *ptr, size_t size, size_t nmemb, void *data)
 {
  FILE *writehere = (FILE *)data;
--- a/docs/examples/ftpupload.c
+++ b/docs/examples/ftpupload.c
@@ -14,6 +14,7 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <fcntl.h>
+#include <unistd.h>

 /*
 * This example shows an FTP upload, with a rename of the file just after
@@ -31,14 +32,13 @@ int main(int argc, char **argv)
 {
  CURL *curl;
  CURLcode res;
-  FILE *ftpfile;
  FILE * hd_src ;
  int hd ;
  struct stat file_info;

  struct curl_slist *headerlist=NULL;
-  char buf_1 [] = "RNFR " UPLOAD_FILE_AS;
-  char buf_2 [] = "RNTO " RENAME_FILE_TO;
+  static const char buf_1 [] = "RNFR " UPLOAD_FILE_AS;
+  static const char buf_2 [] = "RNTO " RENAME_FILE_TO;

  /* get the file size of the local file */
  hd = open(LOCAL_FILE, O_RDONLY) ;
@@ -61,7 +61,7 @@ int main(int argc, char **argv)
    headerlist = curl_slist_append(headerlist, buf_2);

    /* enable uploading */
-    curl_easy_setopt(curl, CURLOPT_UPLOAD, TRUE) ;
+    curl_easy_setopt(curl, CURLOPT_UPLOAD, 1) ;

    /* specify target */
    curl_easy_setopt(curl,CURLOPT_URL, REMOTE_URL);
--- a/docs/examples/ftpuploadresume.c
+++ b/docs/examples/ftpuploadresume.c
@@ -24,7 +24,9 @@

 /* The MinGW headers are missing a few Win32 function definitions,
   you shouldn't need this if you use VC++ */
+#ifdef __MINGW32__
 int __cdecl _snscanf(const char * input, size_t length, const char * format, ...);
+#endif


 /* parse headers for Content-Length */
@@ -75,7 +77,7 @@ int upload(CURL *curlhandle, const char * remotepath, const char * localpath,
 		return 0;
 	}

-	curl_easy_setopt(curlhandle, CURLOPT_UPLOAD, TRUE);
+	curl_easy_setopt(curlhandle, CURLOPT_UPLOAD, 1);

 	curl_easy_setopt(curlhandle, CURLOPT_URL, remotepath);

@@ -91,9 +93,9 @@ int upload(CURL *curlhandle, const char * remotepath, const char * localpath,
 	curl_easy_setopt(curlhandle, CURLOPT_READDATA, f);

 	curl_easy_setopt(curlhandle, CURLOPT_FTPPORT, "-"); /* disable passive mode */
-	curl_easy_setopt(curlhandle, CURLOPT_FTP_CREATE_MISSING_DIRS, TRUE);
+	curl_easy_setopt(curlhandle, CURLOPT_FTP_CREATE_MISSING_DIRS, 1);

-	curl_easy_setopt(curlhandle, CURLOPT_VERBOSE, TRUE);
+	curl_easy_setopt(curlhandle, CURLOPT_VERBOSE, 1);

 	for (c = 0; (r != CURLE_OK) && (c < tries); c++) {
 		/* are we resuming? */
@@ -108,22 +110,22 @@ int upload(CURL *curlhandle, const char * remotepath, const char * localpath,
 			 * because HEADER will dump the headers to stdout
 			 * without it.
 			 */
-			curl_easy_setopt(curlhandle, CURLOPT_NOBODY, TRUE);
-			curl_easy_setopt(curlhandle, CURLOPT_HEADER, TRUE);
+			curl_easy_setopt(curlhandle, CURLOPT_NOBODY, 1);
+			curl_easy_setopt(curlhandle, CURLOPT_HEADER, 1);

 			r = curl_easy_perform(curlhandle);
 			if (r != CURLE_OK)
 				continue;

-			curl_easy_setopt(curlhandle, CURLOPT_NOBODY, FALSE);
-			curl_easy_setopt(curlhandle, CURLOPT_HEADER, FALSE);
+			curl_easy_setopt(curlhandle, CURLOPT_NOBODY, 0);
+			curl_easy_setopt(curlhandle, CURLOPT_HEADER, 0);

 			fseek(f, uploaded_len, SEEK_SET);

-			curl_easy_setopt(curlhandle, CURLOPT_FTPAPPEND, TRUE);
+			curl_easy_setopt(curlhandle, CURLOPT_FTPAPPEND, 1);
 		}
 		else { /* no */
-			curl_easy_setopt(curlhandle, CURLOPT_FTPAPPEND, FALSE);
+			curl_easy_setopt(curlhandle, CURLOPT_FTPAPPEND, 0);
 		}

 		r = curl_easy_perform(curlhandle);
--- a/docs/examples/getinmemory.c
+++ b/docs/examples/getinmemory.c
@@ -26,7 +26,7 @@ struct MemoryStruct {
  size_t size;
 };

-void *myrealloc(void *ptr, size_t size)
+static void *myrealloc(void *ptr, size_t size)
 {
  /* There might be a realloc() out there that doesn't like reallocing
     NULL pointers, so we take care of it here */
@@ -36,7 +36,7 @@ void *myrealloc(void *ptr, size_t size)
    return malloc(size);
 }

-size_t
+static size_t
 WriteMemoryCallback(void *ptr, size_t size, size_t nmemb, void *data)
 {
  size_t realsize = size * nmemb;
--- a/docs/examples/ghiper.c
+++ b/docs/examples/ghiper.c
@@ -91,9 +91,9 @@ typedef struct _SockInfo {


 /* Die if we get a bad CURLMcode somewhere */
-static void mcode_or_die(char *where, CURLMcode code) {
+static void mcode_or_die(const char *where, CURLMcode code) {
  if ( CURLM_OK != code ) {
-    char *s;
+    const char *s;
    switch (code) {
      case     CURLM_CALL_MULTI_PERFORM: s="CURLM_CALL_MULTI_PERFORM"; break;
      case     CURLM_OK:                 s="CURLM_OK";                 break;
@@ -259,7 +259,7 @@ static int sock_cb(CURL *e, curl_socket_t s, int what, void *cbp, void *sockp)
 {
  GlobalInfo *g = (GlobalInfo*) cbp;
  SockInfo *fdp = (SockInfo*) sockp;
-  char *whatstr[]={ "none", "IN", "OUT", "INOUT", "REMOVE" };
+  static const char *whatstr[]={ "none", "IN", "OUT", "INOUT", "REMOVE" };

  MSG_OUT("socket callback: s=%d e=%p what=%s ", s, e, whatstr[what]);
  if (what == CURL_POLL_REMOVE) {
@@ -402,7 +402,7 @@ static gboolean fifo_cb (GIOChannel *ch, GIOCondition condition, gpointer data)
 int init_fifo(void)
 {
 struct stat st;
- char *fifo = "hiper.fifo";
+ const char *fifo = "hiper.fifo";
 int socket;

 if (lstat (fifo, &st) == 0) {
--- a/docs/examples/hiperfifo.c
+++ b/docs/examples/hiperfifo.c
@@ -252,7 +252,7 @@ static int sock_cb(CURL *e, curl_socket_t s, int what, void *cbp, void *sockp)
 {
  GlobalInfo *g = (GlobalInfo*) cbp;
  SockInfo *fdp = (SockInfo*) sockp;
-  char *whatstr[]={ "none", "IN", "OUT", "INOUT", "REMOVE" };
+  const char *whatstr[]={ "none", "IN", "OUT", "INOUT", "REMOVE" };

  fprintf(MSG_OUT,
          "socket callback: s=%d e=%p what=%s ", s, e, whatstr[what]);
@@ -357,7 +357,7 @@ void fifo_cb(int fd, short event, void *arg) {
 /* Create a named pipe and tell libevent to monitor it */
 int init_fifo (GlobalInfo *g) {
  struct stat st;
-  char *fifo = "hiper.fifo";
+  static const char *fifo = "hiper.fifo";
  int socket;

  fprintf(MSG_OUT, "Creating named pipe \"%s\"\n", fifo);
--- a/docs/examples/httpput.c
+++ b/docs/examples/httpput.c
@@ -11,6 +11,7 @@
 #include <stdio.h>
 #include <fcntl.h>
 #include <sys/stat.h>
+#include <unistd.h>

 #include <curl/curl.h>

@@ -24,7 +25,7 @@
 * http://www.apacheweek.com/features/put
 */

-size_t read_callback(void *ptr, size_t size, size_t nmemb, void *stream)
+static size_t read_callback(void *ptr, size_t size, size_t nmemb, void *stream)
 {
  size_t retcode;

@@ -75,10 +76,10 @@ int main(int argc, char **argv)
    curl_easy_setopt(curl, CURLOPT_READFUNCTION, read_callback);

    /* enable uploading */
-    curl_easy_setopt(curl, CURLOPT_UPLOAD, TRUE) ;
+    curl_easy_setopt(curl, CURLOPT_UPLOAD, 1) ;

    /* HTTP PUT please */
-    curl_easy_setopt(curl, CURLOPT_PUT, TRUE);
+    curl_easy_setopt(curl, CURLOPT_PUT, 1);

    /* specify target URL, and note that this URL should include a file
       name, not only a directory */
--- a/docs/examples/https.c
+++ b/docs/examples/https.c
@@ -31,7 +31,7 @@ int main(void)
     * default bundle, then the CURLOPT_CAPATH option might come handy for
     * you.
     */
-    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, FALSE);
+    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0);
 #endif

 #ifdef SKIP_HOSTNAME_VERFICATION
--- a/docs/examples/multi-app.c
+++ b/docs/examples/multi-app.c
@@ -47,7 +47,7 @@ int main(int argc, char **argv)
  curl_easy_setopt(handles[HTTP_HANDLE], CURLOPT_URL, "http://website.com");

  curl_easy_setopt(handles[FTP_HANDLE], CURLOPT_URL, "ftp://ftpsite.com");
-  curl_easy_setopt(handles[FTP_HANDLE], CURLOPT_UPLOAD, TRUE);
+  curl_easy_setopt(handles[FTP_HANDLE], CURLOPT_UPLOAD, 1);

  /* init a multi stack */
  multi_handle = curl_multi_init();
--- a/docs/examples/multi-post.c
+++ b/docs/examples/multi-post.c
@@ -19,7 +19,6 @@
 int main(int argc, char *argv[])
 {
  CURL *curl;
-  CURLcode res;

  CURLM *multi_handle;
  int still_running;
@@ -27,7 +26,7 @@ int main(int argc, char *argv[])
  struct curl_httppost *formpost=NULL;
  struct curl_httppost *lastptr=NULL;
  struct curl_slist *headerlist=NULL;
-  char buf[] = "Expect:";
+  static const char buf[] = "Expect:";

  /* Fill in the file upload field. This makes libcurl load data from  
     the given file name when curl_easy_perform() is called. */
@@ -58,7 +57,6 @@ int main(int argc, char *argv[])
     wanted */
  headerlist = curl_slist_append(headerlist, buf);
  if(curl && multi_handle) {
-    int perform=0;

    /* what URL that receives this POST */
    curl_easy_setopt(curl, CURLOPT_URL,
--- a/docs/examples/multithread.c
+++ b/docs/examples/multithread.c
@@ -24,7 +24,7 @@
  http://www.openssl.org/docs/crypto/threads.html#DESCRIPTION

 */
-char *urls[]= {
+const char *urls[]= {
  "http://curl.haxx.se/",
  "ftp://cool.haxx.se/",
  "http://www.contactor.se/",
@@ -59,7 +59,7 @@ int main(int argc, char **argv)
    error = pthread_create(&tid[i],
                           NULL, /* default attributes please */
                           pull_one_url,
-                           urls[i]);
+                           (void *)urls[i]);
    if(0 != error)
      fprintf(stderr, "Couldn't run thread number %d, errno %d\n", i, error);
    else
--- a/docs/examples/opensslthreadlock.c
+++ b/docs/examples/opensslthreadlock.c
@@ -16,6 +16,11 @@
 * Author: Jeremy Brown
 */

+
+#include <stdio.h>
+#include <pthread.h>
+#include <openssl/err.h>
+
 #define MUTEX_TYPE       pthread_mutex_t
 #define MUTEX_SETUP(x)   pthread_mutex_init(&(x), NULL)
 #define MUTEX_CLEANUP(x) pthread_mutex_destroy(&(x))
@@ -25,7 +30,7 @@


 void handle_error(const char *file, int lineno, const char *msg){
-     fprintf(stderr, ** %s:%i %s\n, file, lineno, msg);
+     fprintf(stderr, "** %s:%d %s\n", file, lineno, msg);
     ERR_print_errors_fp(stderr);
     /* exit(-1); */
 }
--- a/docs/examples/post-callback.c
+++ b/docs/examples/post-callback.c
@@ -15,14 +15,14 @@
 #include <string.h>
 #include <curl/curl.h>

-char data[]="this is what we post to the silly web server";
+const char data[]="this is what we post to the silly web server";

 struct WriteThis {
-  char *readptr;
+  const char *readptr;
  int sizeleft;
 };

-size_t read_callback(void *ptr, size_t size, size_t nmemb, void *userp)
+static size_t read_callback(void *ptr, size_t size, size_t nmemb, void *userp)
 {
  struct WriteThis *pooh = (struct WriteThis *)userp;

@@ -55,7 +55,7 @@ int main(void)
    curl_easy_setopt(curl, CURLOPT_URL,
                     "http://receivingsite.com.pooh/index.cgi");
    /* Now specify we want to POST data */
-    curl_easy_setopt(curl, CURLOPT_POST, TRUE);
+    curl_easy_setopt(curl, CURLOPT_POST, 1);

    /* we want to use our own read function */
    curl_easy_setopt(curl, CURLOPT_READFUNCTION, read_callback);
--- a/docs/examples/postit2.c
+++ b/docs/examples/postit2.c
@@ -36,7 +36,7 @@ int main(int argc, char *argv[])
  struct curl_httppost *formpost=NULL;
  struct curl_httppost *lastptr=NULL;
  struct curl_slist *headerlist=NULL;
-  char buf[] = "Expect:";
+  static const char buf[] = "Expect:";

  curl_global_init(CURL_GLOBAL_ALL);

--- a/docs/examples/sepheaders.c
+++ b/docs/examples/sepheaders.c
@@ -16,7 +16,7 @@
 #include <curl/types.h>
 #include <curl/easy.h>

-size_t write_data(void *ptr, size_t size, size_t nmemb, void *stream)
+static size_t write_data(void *ptr, size_t size, size_t nmemb, void *stream)
 {
  int written = fwrite(ptr, size, nmemb, (FILE *)stream);
  return written;
@@ -25,9 +25,9 @@ size_t write_data(void *ptr, size_t size, size_t nmemb, void *stream)
 int main(int argc, char **argv)
 {
  CURL *curl_handle;
-  char *headerfilename = "head.out";
+  static const char *headerfilename = "head.out";
  FILE *headerfile;
-  char *bodyfilename = "body.out";
+  static const char *bodyfilename = "body.out";
  FILE *bodyfile;

  curl_global_init(CURL_GLOBAL_ALL);
--- a/docs/examples/simplepost.c
+++ b/docs/examples/simplepost.c
@@ -9,6 +9,7 @@
 */

 #include <stdio.h>
+#include <string.h>
 #include <curl/curl.h>

 int main(void)
@@ -16,7 +17,7 @@ int main(void)
  CURL *curl;
  CURLcode res;

-  char *postthis="moo mooo moo moo";
+  static const char *postthis="moo mooo moo moo";

  curl = curl_easy_init();
  if(curl) {
--- a/docs/examples/simplessl.c
+++ b/docs/examples/simplessl.c
@@ -38,9 +38,10 @@ int main(int argc, char **argv)
  CURL *curl;
  CURLcode res;
  FILE *headerfile;
+  const char *pPassphrase = NULL;

-  const char *pCertFile = "testcert.pem";
-  const char *pCACertFile="cacert.pem";
+  static const char *pCertFile = "testcert.pem";
+  static const char *pCACertFile="cacert.pem";

  const char *pKeyName;
  const char *pKeyType;
@@ -57,8 +58,6 @@ int main(int argc, char **argv)
  pEngine   = NULL;
 #endif

-  const char *pPassphrase = NULL;
-
  headerfile = fopen("dumpit", "w");

  curl_global_init(CURL_GLOBAL_DEFAULT);
--- a/docs/examples/synctime.c
+++ b/docs/examples/synctime.c
@@ -87,7 +87,7 @@ typedef struct
  char timeserver[MAX_STRING1];
 } conf_t;

-char DefaultTimeServer[4][MAX_STRING1] =
+const char DefaultTimeServer[4][MAX_STRING1] =
 {
  "http://nist.time.gov/timezone.cgi?UTC/s/0",
  "http://www.google.com/",
@@ -95,9 +95,9 @@ char DefaultTimeServer[4][MAX_STRING1] =
  "http://www.worldtime.com/cgi-bin/wt.cgi"
 };

-char *DayStr[] = {"Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"};
-char *MthStr[] = {"Jan", "Feb", "Mar", "Apr", "May", "Jun",
-                  "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"};
+const char *DayStr[] = {"Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"};
+const char *MthStr[] = {"Jan", "Feb", "Mar", "Apr", "May", "Jun",
+                        "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"};

 int  ShowAllHeader;
 int  AutoSyncTime;
--- a/docs/libcurl/curl_easy_getinfo.3
+++ b/docs/libcurl/curl_easy_getinfo.3
@@ -133,7 +133,9 @@ protocol used doesn't support this.
 .IP CURLINFO_PRIVATE
 Pass a pointer to a 'char *' to receive the pointer to the private data
 associated with the curl handle (set with the CURLOPT_PRIVATE option to
-\fIcurl_easy_setopt(3)\fP). (Added in 7.10.3)
+\fIcurl_easy_setopt(3)\fP). Please note that for internal reasons, the
+value is returned as a 'char *', although effectively being a 'void *'.
+(Added in 7.10.3)
 .IP CURLINFO_HTTPAUTH_AVAIL
 Pass a pointer to a long to receive a bitmask indicating the authentication
 method(s) available. The meaning of the bits is explained in the
--- a/docs/libcurl/curl_easy_setopt.3
+++ b/docs/libcurl/curl_easy_setopt.3
@@ -21,7 +21,7 @@
 .\" * $Id$
 .\" **************************************************************************
 .\"
-.TH curl_easy_setopt 3 "22 Feb 2007" "libcurl 7.16.2" "libcurl Manual"
+.TH curl_easy_setopt 3 "1 Aug 2007" "libcurl 7.17.0" "libcurl Manual"
 .SH NAME
 curl_easy_setopt \- set options for a curl easy handle
 .SH SYNOPSIS
@@ -44,11 +44,13 @@ between transfers, so if you want subsequent transfers with different options,
 you must change them between the transfers. You can optionally reset all
 options back to internal default with \fIcurl_easy_reset(3)\fP.

-Strings passed to libcurl as 'char *' arguments, will not be copied by the
-library. Instead you should keep them available until libcurl no longer needs
-them. Failing to do so will cause very odd behavior or even crashes. libcurl
-will need them until you call \fIcurl_easy_cleanup(3)\fP or you set the same
-option again to use a different pointer.
+Strings passed to libcurl as 'char *' arguments, are copied by the library;
+thus the string storage associated to the pointer argument may be overwritten
+after curl_easy_setopt() returns. Exceptions to this rule are described in
+the option details below.
+
+NOTE: before 7.17.0 strings were not copied. Instead the user was forced keep
+them available until libcurl no longer needed them.

 The \fIhandle\fP is the return code from a \fIcurl_easy_init(3)\fP or
 \fIcurl_easy_duphandle(3)\fP call.
@@ -194,8 +196,7 @@ this callback will cause libcurl to abort the transfer and return

 If you transfer data with the multi interface, this function will not be
 called during periods of idleness unless you call the appropriate libcurl
-function that performs transfers. Usage of the \fBCURLOPT_PROGRESSFUNCTION\fP
-callback is not recommended when using the multi interface.
+function that performs transfers.

 \fICURLOPT_NOPROGRESS\fP must be set to FALSE to make this function actually
 get called.
@@ -330,6 +331,12 @@ system.
 Pass a char * to a buffer that the libcurl may store human readable error
 messages in. This may be more helpful than just the return code from
 \fIcurl_easy_perform\fP. The buffer must be at least CURL_ERROR_SIZE big.
+Although this argument is a 'char *', it does not describe an input string.
+Therefore the (probably undefined) contents of the buffer is NOT copied
+by the library. You should keep the associated storage available until
+libcurl no longer needs it. Failing to do so will cause very odd behavior
+or even crashes. libcurl will need it until you call \fIcurl_easy_cleanup(3)\fP
+or you set the same option again to use a different pointer. 

 Use \fICURLOPT_VERBOSE\fP and \fICURLOPT_DEBUGFUNCTION\fP to better
 debug/trace why errors happen.
@@ -662,6 +669,12 @@ set that Content-Type by default when this option is used), which is the most
 commonly used one by HTML forms. See also the \fICURLOPT_POST\fP. Using
 \fICURLOPT_POSTFIELDS\fP implies \fICURLOPT_POST\fP.

+If you want to do a zero-byte POST, you need to set
+\fICURLOPT_POSTFIELDSIZE\fP explicitly to zero, as simply setting
+\fICURLOPT_POSTFIELDS\fP to NULL or "" just effectively disables the sending
+of the specified string. libcurl will instead assume that you'll send the POST
+data using the read callback!
+
 Using POST with HTTP 1.1 implies the use of a "Expect: 100-continue" header.
 You can disable this header with \fICURLOPT_HTTPHEADER\fP as usual.

@@ -847,6 +860,8 @@ properly filled in with text strings. Use \fIcurl_slist_append(3)\fP
 to append strings (commands) to the list, and clear the entire list
 afterwards with \fIcurl_slist_free_all(3)\fP. Disable this operation
 again by setting a NULL to this option.
+The valid SFTP commands are: chgrp, chmod, chown, ln, mkdir, pwd,
+rename, rm, rmdir, symlink. (SFTP support added in 7.16.3)
 .IP CURLOPT_POSTQUOTE
 Pass a pointer to a linked list of FTP or SFTP commands to pass to the
 server after your ftp transfer request. The linked list should be a
@@ -1383,16 +1398,19 @@ support for FTP.
 Pass a long set to a bitmask consisting of one or more of
 CURLSSH_AUTH_PUBLICKEY, CURLSSH_AUTH_PASSWORD, CURLSSH_AUTH_HOST,
 CURLSSH_AUTH_KEYBOARD. Set CURLSSH_AUTH_ANY to let libcurl pick one.
+(Added in 7.16.1)
 .IP CURLOPT_SSH_PUBLIC_KEYFILE
 Pass a char * pointing to a file name for your public key. If not used,
 libcurl defaults to using \fB~/.ssh/id_dsa.pub\fP.
+(Added in 7.16.1)
 .IP CURLOPT_SSH_PRIVATE_KEYFILE
 Pass a char * pointing to a file name for your private key. If not used,
 libcurl defaults to using \fB~/.ssh/id_dsa\fP.
 If the file is password-protected, set the password with \fICURLOPT_SSLKEYPASSWD\fP.
+(Added in 7.16.1)
 .SH OTHER OPTIONS
 .IP CURLOPT_PRIVATE
-Pass a char * as parameter, pointing to data that should be associated with
+Pass a void * as parameter, pointing to data that should be associated with
 this curl handle.  The pointer can subsequently be retrieved using
 \fIcurl_easy_getinfo(3)\fP with the CURLINFO_PRIVATE option. libcurl itself
 does nothing with this data. (Added in 7.10.3)
--- a/docs/libcurl/curl_multi_socket.3
+++ b/docs/libcurl/curl_multi_socket.3
@@ -106,7 +106,7 @@ The \fIuserp\fP argument is a private pointer you have previously set with
 CURLMcode type, general libcurl multi interface error code.

 If you receive \fICURLM_CALL_MULTI_PERFORM\fP, this basically means that you
-should call \fIcurl_multi_perform\fP again, before you wait for more actions
+should call \fIcurl_multi_socket(3)\fP again, before you wait for more actions
 on libcurl's sockets. You don't have to do it immediately, but the return code
 means that libcurl may have more data available to return or that there may be
 more data to send off before it is "satisfied".
@@ -119,26 +119,32 @@ function returns OK.

 2. Set the socket callback with CURLMOPT_SOCKETFUNCTION

-3. Add easy handles
+3. Set the timeout callback with CURLMOPT_TIMERFUNCTION, to get to know what
+timeout value to use when waiting for socket activities.

-4. Call curl_multi_socket_all() first once
+4. Add easy handles

-5. Setup a "collection" of sockets to supervise when your socket
-callback is called.
+5. Call curl_multi_socket_all() first once

-6. Use curl_multi_timeout() to figure out how long to wait for action
+6. Provide some means to manage the sockets libcurl is using, so you can check
+them for activity. This can be done through your application code, or by way
+of an external library such as libevent or glib.

-7. Wait for action on any of libcurl's sockets
+7. Wait for activity on any of libcurl's sockets, use the timeout value your
+calback has been told

-8, When action happens, call curl_multi_socket_action() for the socket(s) that got
-action.
+8, When activity is detected, call curl_multi_socket_action() for the
+socket(s) that got action. If no activity is detected and the timeout expires,
+call \fIcurl_multi_socket(3)\fP with \fICURL_SOCKET_TIMEOUT\fP

-9. Go back to step 6.
+9. Go back to step 7.
 .SH AVAILABILITY
-This function was added in libcurl 7.15.4, although deemed stablesince 7.16.0.
+This function was added in libcurl 7.15.4, although deemed stable since
+7.16.0.

 \fIcurl_multi_socket(3)\fP is deprecated, use
 \fIcurl_multi_socket_action(3)\fP instead!
 .SH "SEE ALSO"
 .BR curl_multi_cleanup "(3), " curl_multi_init "(3), "
-.BR curl_multi_fdset "(3), " curl_multi_info_read "(3)"
+.BR curl_multi_fdset "(3), " curl_multi_info_read "(3), "
+.BR "the hiperfifo.c example"
--- a/docs/libcurl/libcurl-errors.3
+++ b/docs/libcurl/libcurl-errors.3
@@ -99,7 +99,8 @@ When sending custom "QUOTE" commands to the remote server, one of the commands
 returned an error code that was 400 or higher.
 .IP "CURLE_HTTP_RETURNED_ERROR (22)"
 This is returned if CURLOPT_FAILONERROR is set TRUE and the HTTP server
-returns an error code that is >= 400.
+returns an error code that is >= 400. (This error code was formerly known as
+CURLE_HTTP_NOT_FOUND.)
 .IP "CURLE_WRITE_ERROR (23)"
 An error occurred when writing received data to a local file, or an error was
 returned to libcurl from a write callback.
@@ -157,10 +158,11 @@ Aborted by callback. A callback returned "abort" to libcurl.
 Internal error. A function was called with a bad parameter.
 .IP "CURLE_BAD_CALLING_ORDER (44)"
 This is never returned by current libcurl.
-.IP "CURLE_HTTP_PORT_FAILED (45)"
+.IP "CURLE_INTERFACE_FAILED (45)"
 Interface error. A specified outgoing interface could not be used. Set which
 interface to use for outgoing connections' source IP address with
-CURLOPT_INTERFACE.
+CURLOPT_INTERFACE. (This error code was formerly known as
+CURLE_HTTP_PORT_FAILED.)
 .IP "CURLE_BAD_PASSWORD_ENTERED (46)"
 This is never returned by current libcurl.
 .IP "CURLE_TOO_MANY_REDIRECTS (47)"
--- a/docs/libcurl/libcurl-multi.3
+++ b/docs/libcurl/libcurl-multi.3
@@ -136,8 +136,6 @@ the future, you should be aware of the following current restrictions:
 - GnuTLS SSL connections
 - Active FTP connections
 - HTTP proxy CONNECT operations
- - SCP and SFTP connections
- - SFTP transfers
 - TFTP transfers
 - file:// transfers
 .fi
--- a/include/curl/curlver.h
+++ b/include/curl/curlver.h
@@ -28,13 +28,13 @@

 /* This is the version number of the libcurl package from which this header
   file origins: */
-#define LIBCURL_VERSION "7.16.4-CVS"
+#define LIBCURL_VERSION "7.17.0-CVS"

 /* The numeric version number is also available "in parts" by using these
   defines: */
 #define LIBCURL_VERSION_MAJOR 7
-#define LIBCURL_VERSION_MINOR 16
-#define LIBCURL_VERSION_PATCH 4
+#define LIBCURL_VERSION_MINOR 17
+#define LIBCURL_VERSION_PATCH 0

 /* This is the numeric version of the libcurl version number, meant for easier
   parsing and comparions by programs. The LIBCURL_VERSION_NUM define will
@@ -51,7 +51,7 @@
   and it is always a greater number in a more recent release. It makes
   comparisons with greater than and less than work.
 */
-#define LIBCURL_VERSION_NUM 0x071004
+#define LIBCURL_VERSION_NUM 0x071100

 /*
 * This is the date and time when the full source package was created. The
--- a/include/curl/mprintf.h
+++ b/include/curl/mprintf.h
@@ -44,6 +44,16 @@ CURL_EXTERN char *curl_maprintf(const char *format, ...);
 CURL_EXTERN char *curl_mvaprintf(const char *format, va_list args);

 #ifdef _MPRINTF_REPLACE
+# undef printf
+# undef fprintf
+# undef sprintf
+# undef vsprintf
+# undef snprintf
+# undef vprintf
+# undef vfprintf
+# undef vsnprintf
+# undef aprintf
+# undef vaprintf
 # define printf curl_mprintf
 # define fprintf curl_mfprintf
 #ifdef CURLDEBUG
--- a/lib/Makefile.Watcom
+++ b/lib/Makefile.Watcom
@@ -9,7 +9,7 @@ TARGETS = libcurl_wc.lib libcurl_wc.dll libcurl_wc_imp.lib
 CC = wcc386

 CFLAGS = -3r -mf -d3 -hc -zff -zgf -zq -zm -zc -s -fr=con -w2 -fpi -oilrtfm -bt=nt -bd &
-         -d+ -dWIN32 -dHAVE_LONGLONG -dCURL_CA_BUNDLE=getenv("CURL_CA_BUNDLE")     &
+         -d+ -dWIN32 -dCURL_CA_BUNDLE=getenv("CURL_CA_BUNDLE")                     &
         -dBUILDING_LIBCURL -dWITHOUT_MM_LIB -dHAVE_SPNEGO=1 -dENABLE_IPV6         &
         -dDEBUG_THREADING_GETADDRINFO -dDEBUG=1 -dCURLDEBUG -d_WIN32_WINNT=0x0501 &
         -I. -I..\include
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -32,7 +32,7 @@ EXTRA_DIST = Makefile.b32 Makefile.m32 Makefile.vc6 Makefile.riscos	\
 $(DSP) curllib.dsw config-win32.h config-win32ce.h config-riscos.h	\
 config-mac.h config.h.in ca-bundle.crt makefile.dj config.dos		\
 libcurl.framework.make libcurl.plist libcurl.rc config-amigaos.h	\
- amigaos.c amigaos.h makefile.amiga Makefile.netware nwlib.c		\
+ amigaos.c amigaos.h makefile.amiga Makefile.netware nwlib.c nwos.c	\
 libcurl.imp msvcproj.head msvcproj.foot config-win32ce.h		\
 Makefile.Watcom config-tpf.h $(DOCS) $(VCPROJ)

--- a/lib/Makefile.inc
+++ b/lib/Makefile.inc
@@ -1,23 +1,23 @@
 # ./lib/Makefile.inc
- 
+
 CSOURCES = file.c timeval.c base64.c hostip.c progress.c formdata.c	\
  cookie.c http.c sendf.c ftp.c url.c dict.c if2ip.c speedcheck.c	\
  ldap.c ssluse.c version.c getenv.c escape.c mprintf.c telnet.c	\
  netrc.c getinfo.c transfer.c strequal.c easy.c security.c krb4.c	\
-  krb5.c \
-  memdebug.c http_chunks.c strtok.c connect.c llist.c hash.c multi.c	\
-  content_encoding.c share.c http_digest.c md5.c http_negotiate.c	\
-  http_ntlm.c inet_pton.c strtoofft.c strerror.c hostares.c hostasyn.c	\
-  hostip4.c hostip6.c hostsyn.c hostthre.c inet_ntop.c parsedate.c	\
-  select.c gtls.c sslgen.c tftp.c splay.c strdup.c socks.c ssh.c nss.c
+  krb5.c memdebug.c http_chunks.c strtok.c connect.c llist.c hash.c	\
+  multi.c content_encoding.c share.c http_digest.c md5.c		\
+  http_negotiate.c http_ntlm.c inet_pton.c strtoofft.c strerror.c	\
+  hostares.c hostasyn.c hostip4.c hostip6.c hostsyn.c hostthre.c	\
+  inet_ntop.c parsedate.c select.c gtls.c sslgen.c tftp.c splay.c	\
+  strdup.c socks.c ssh.c nss.c qssl.c

 HHEADERS = arpa_telnet.h netrc.h file.h timeval.h base64.h hostip.h	\
  progress.h formdata.h cookie.h http.h sendf.h ftp.h url.h dict.h	\
  if2ip.h speedcheck.h urldata.h ldap.h ssluse.h escape.h telnet.h	\
-  getinfo.h strequal.h krb4.h memdebug.h inet_ntoa_r.h \
-  http_chunks.h strtok.h connect.h llist.h hash.h content_encoding.h	\
-  share.h md5.h http_digest.h http_negotiate.h http_ntlm.h ca-bundle.h	\
-  inet_pton.h strtoofft.h strerror.h inet_ntop.h curlx.h memory.h	\
-  setup.h transfer.h select.h easyif.h multiif.h parsedate.h sslgen.h   \
-  gtls.h tftp.h sockaddr.h splay.h strdup.h setup_once.h socks.h ssh.h  \
-  nssg.h
+  getinfo.h strequal.h krb4.h memdebug.h inet_ntoa_r.h http_chunks.h	\
+  strtok.h connect.h llist.h hash.h content_encoding.h share.h md5.h	\
+  http_digest.h http_negotiate.h http_ntlm.h ca-bundle.h inet_pton.h	\
+  strtoofft.h strerror.h inet_ntop.h curlx.h memory.h setup.h		\
+  transfer.h select.h easyif.h multiif.h parsedate.h sslgen.h gtls.h	\
+  tftp.h sockaddr.h splay.h strdup.h setup_once.h socks.h ssh.h nssg.h	\
+  qssl.h
--- a/lib/Makefile.m32
+++ b/lib/Makefile.m32
@@ -4,16 +4,16 @@
 ## Makefile for building libcurl.a with MingW32 (GCC-3.2) and
 ## optionally OpenSSL (0.9.8)
 ##
-## Use: make -f Makefile.m32 [SSL=1] [SSH2=1] [DYN=1]
+## Use: mingw32-make -f Makefile.m32 [SSL=1] [SSH2=1] [DYN=1]
 ##
 ## Comments to: Troy Engel <tengel@sonic.net> or
 ##              Joern Hartroth <hartroth@acm.org>

 ifndef OPENSSL_PATH
-OPENSSL_PATH = ../../openssl-0.9.8d
+OPENSSL_PATH = ../../openssl-0.9.8e
 endif
 ifndef LIBSSH2_PATH
-LIBSSH2_PATH = ../../libssh2-0.14
+LIBSSH2_PATH = ../../libssh2-0.16
 endif
 ifndef ZLIB_PATH
 ZLIB_PATH = ../../zlib-1.2.3
@@ -23,15 +23,19 @@ ARES_LIB = ../ares

 CC = gcc
 AR = ar
-RM = rm -f
+# comment LDFLAGS below to keep debug info
+LDFLAGS = -s
 RANLIB = ranlib
+RC = windres
+RCFLAGS = --include-dir=../include -DCURLDEBUG=0 -O COFF -i
+RM = del /q /f
 STRIP = strip -g

 ########################################################
 ## Nothing more to do below this line!

 INCLUDES = -I. -I../include
-CFLAGS = -g -O2 -DBUILDING_LIBCURL -DHAVE_LONGLONG
+CFLAGS = -g -O2 -DBUILDING_LIBCURL
 ifdef ARES
  INCLUDES += -I$(ARES_LIB)
  CFLAGS += -DUSE_ARES
@@ -60,6 +64,7 @@ endif
 ifdef IPV6
  CFLAGS += -DENABLE_IPV6
 endif
+DLL_LIBS += -lws2_32 -lwinmm
 COMPILE = $(CC) $(INCLUDES) $(CFLAGS)

 # Makefile.inc provides the CSOURCES and HHEADERS defines
@@ -70,6 +75,10 @@ libcurl_a_OBJECTS := $(patsubst %.c,%.o,$(strip $(CSOURCES)))
 libcurl_a_LIBRARIES = libcurl.a
 libcurl_a_DEPENDENCIES = $(strip $(CSOURCES) $(HHEADERS))

+RESOURCE = libcurl.res
+
+.SUFFIXES: .rc .res
+
 all: libcurl.a libcurl.dll libcurldll.a

 libcurl.a: $(libcurl_a_OBJECTS) $(libcurl_a_DEPENDENCIES)
@@ -78,22 +87,18 @@ libcurl.a: $(libcurl_a_OBJECTS) $(libcurl_a_DEPENDENCIES)
 	$(RANLIB) libcurl.a
 	$(STRIP) $@

-RESOURCE = libcurl.res
-
 # remove the last line above to keep debug info

 libcurl.dll libcurldll.a: $(libcurl_a_OBJECTS) $(RESOURCE)
 	$(RM) $@
-	$(CC) -s -shared -Wl,--out-implib,libcurldll.a -o libcurl.dll \
-	  $(libcurl_a_OBJECTS) $(RESOURCE) $(DLL_LIBS) -lws2_32 -lwinmm
-
-# remove the above '-s' to keep debug info
+	$(CC) $(LDFLAGS) -shared -Wl,--out-implib,libcurldll.a -o libcurl.dll \
+	  $(libcurl_a_OBJECTS) $(RESOURCE) $(DLL_LIBS)

 .c.o:
 	$(COMPILE) -c $<

-libcurl.res: libcurl.rc
-	windres -DCURLDEBUG=0 -O COFF -o $@ -i $^
+.rc.res:
+	$(RC) $(RCFLAGS) $< -o $@

 clean:
 	$(RM) $(libcurl_a_OBJECTS) $(RESOURCE)
--- a/lib/Makefile.netware
+++ b/lib/Makefile.netware
@@ -25,7 +25,7 @@ endif

 # Edit the path below to point to the base of your LibSSH2 package.
 ifndef LIBSSH2_PATH
-LIBSSH2_PATH = ../../libssh2-0.15
+LIBSSH2_PATH = ../../libssh2-0.16
 endif

 ifndef INSTDIR
@@ -123,10 +123,10 @@ CFLAGS	+= -Wall # -pedantic
 ifeq ($(LIBARCH),LIBC)
 	PRELUDE = $(SDK_LIBC)/imports/libcpre.gcc.o
 else
-	# PRELUDE = $(SDK_CLIB)/imports/clibpre.gcc.o
+	PRELUDE = $(SDK_CLIB)/imports/clibpre.gcc.o
 	# to avoid the __init_* / __deinit_* whoes dont use prelude from NDK
 	# http://www.gknw.net/development/mk_nlm/gcc_pre.zip
-	PRELUDE = $(NDK_ROOT)/pre/prelude.o
+	# PRELUDE = $(NDK_ROOT)/pre/prelude.o
 	CFLAGS += -include $(NDKBASE)/nlmconv/genlm.h
 endif
 endif
@@ -145,15 +145,6 @@ ifdef WITH_ARES
 	INCLUDES += -I$(ARES_LIB)
 	LDLIBS += $(ARES_LIB)/libcares.$(LIBEXT)
 endif
-ifdef WITH_ZLIB
-	INCLUDES += -I$(ZLIB_PATH)
-ifdef LINK_STATIC
-	LDLIBS += $(ZLIB_PATH)/nw/$(LIBARCH)/libz.$(LIBEXT)
-else
-	MODULES += libz.nlm
-	IMPORTS += @$(ZLIB_PATH)/nw/$(LIBARCH)/libz.imp
-endif
-endif
 ifdef WITH_SSH2
 	INCLUDES += -I$(LIBSSH2_PATH)/include
 ifdef LINK_STATIC
@@ -169,6 +160,15 @@ ifdef WITH_SSL
 	LDLIBS += $(OPENSSL_PATH)/out_nw_$(LIBARCH_L)/crypto.$(LIBEXT)
 	IMPORTS += GetProcessSwitchCount RunningProcess
 endif
+ifdef WITH_ZLIB
+	INCLUDES += -I$(ZLIB_PATH)
+ifdef LINK_STATIC
+	LDLIBS += $(ZLIB_PATH)/nw/$(LIBARCH)/libz.$(LIBEXT)
+else
+	MODULES += libz.nlm
+	IMPORTS += @$(ZLIB_PATH)/nw/$(LIBARCH)/libz.imp
+endif
+endif

 ifeq ($(LIBARCH),LIBC)
 	INCLUDES += -I$(SDK_LIBC)/include
@@ -207,7 +207,7 @@ endif
 # Makefile.inc provides the CSOURCES and HHEADERS defines
 include Makefile.inc

-OBJS	:= $(patsubst %.c,$(OBJDIR)/%.o,$(strip $(CSOURCES)))
+OBJS	:= $(patsubst %.c,$(OBJDIR)/%.o,$(strip $(CSOURCES))) $(OBJDIR)/nwos.o

 OBJL	= $(OBJS) $(OBJDIR)/nwlib.o $(LDLIBS)

--- a/lib/Makefile.vc6
+++ b/lib/Makefile.vc6
@@ -1,4 +1,5 @@
 #############################################################
+# $Id: Makefile.vc6,v 1.19 2004/11/14 13:48:15 giva Exp $
 #
 # Makefile for building libcurl with MSVC6
 #
@@ -34,11 +35,11 @@ IMPLIB_NAME       = libcurl_imp
 IMPLIB_NAME_DEBUG = libcurld_imp

 !IFNDEF OPENSSL_PATH
-OPENSSL_PATH   = ../../openssl-0.9.7e
+OPENSSL_PATH   = ../../openssl-0.9.8e
 !ENDIF

 !IFNDEF ZLIB_PATH
-ZLIB_PATH  = ../../zlib-1.2.1
+ZLIB_PATH  = ../../zlib-1.2.3
 !ENDIF

 !IFNDEF MACHINE
@@ -47,8 +48,10 @@ MACHINE  = X86

 # USE_WINDOWS_SSPI uses windows libraries to allow NTLM authentication
 # without an openssl installation and offers the ability to authenticate
-# using the "current logged in user".  It does however require that the
-# Windows SDK be installed.
+# using the "current logged in user". Since at least with MSVC6 the sspi.h
+# header is broken it is either required to install the Windows SDK,
+# or to fix sspi.h with adding this define at the beginning of sspi.h:
+# #define FreeCredentialHandle FreeCredentialsHandle
 #
 # If, for some reason the Windows SDK is installed but not installed
 # in the default location, you can specify WINDOWS_SDK_PATH.
--- a/lib/config-win32.h
+++ b/lib/config-win32.h
@@ -282,7 +282,8 @@
 /* Define as the return type of signal handlers (int or void).  */
 #define RETSIGTYPE void

-#if (defined(__WATCOMC__) && (__WATCOMC__ >= 1240)) || defined(__POCC__)
+#if (defined(__WATCOMC__) && (__WATCOMC__ >= 1240)) || defined(__POCC__) || \
+    defined(__MINGW32__)
 #elif defined(_WIN64)
 #define ssize_t __int64
 #else
@@ -346,6 +347,11 @@
 #define HAVE_VARIADIC_MACROS_C99 1
 #endif

+/* Define if the compiler supports LONGLONG. */
+#if defined(__MINGW32__) || defined(__WATCOMC__)
+#define HAVE_LONGLONG 1
+#endif
+
 /* ---------------------------------------------------------------- */
 /*                        LDAP LIBRARY FILES                        */
 /* ---------------------------------------------------------------- */
--- a/lib/connect.c
+++ b/lib/connect.c
@@ -63,9 +63,6 @@
 #include <sys/filio.h>
 #endif
 #ifdef NETWARE
-#ifndef __NOVELL_LIBC__
-NETDB_DEFINE_CONTEXT
-#endif
 #undef in_addr_t
 #define in_addr_t unsigned long
 #endif
@@ -231,11 +228,12 @@ static CURLcode bindlocal(struct connectdata *conn,
                                                "random" */
  /* how many port numbers to try to bind to, increasing one at a time */
  int portnum = data->set.localportrange;
+  const char *dev = data->set.str[STRING_DEVICE];

  /*************************************************************
   * Select device to bind socket to
   *************************************************************/
-  if (data->set.device && (strlen(data->set.device)<255) ) {
+  if (dev && (strlen(dev)<255) ) {
    struct Curl_dns_entry *h=NULL;
    char myhost[256] = "";
    in_addr_t in;
@@ -244,10 +242,10 @@ static CURLcode bindlocal(struct connectdata *conn,
    int in6 = -1;

    /* First check if the given name is an IP address */
-    in=inet_addr(data->set.device);
+    in=inet_addr((char *) dev);

    if((in == CURL_INADDR_NONE) &&
-       Curl_if2ip(data->set.device, myhost, sizeof(myhost))) {
+       Curl_if2ip(dev, myhost, sizeof(myhost))) {
      /*
       * We now have the numerical IPv4-style x.y.z.w in the 'myhost' buffer
       */
@@ -266,7 +264,7 @@ static CURLcode bindlocal(struct connectdata *conn,
       * This was not an interface, resolve the name as a host name
       * or IP number
       */
-      rc = Curl_resolv(conn, data->set.device, 0, &h);
+      rc = Curl_resolv(conn, dev, 0, &h);
      if(rc == CURLRESOLV_PENDING)
        (void)Curl_wait_for_resolv(conn, &h);

@@ -278,7 +276,7 @@ static CURLcode bindlocal(struct connectdata *conn,
                         myhost, sizeof myhost);
        else
          /* we know data->set.device is shorter than the myhost array */
-          strcpy(myhost, data->set.device);
+          strcpy(myhost, dev);
        Curl_resolv_unlock(data, h);
      }
    }
@@ -290,8 +288,8 @@ static CURLcode bindlocal(struct connectdata *conn,
         hostent_buf,
         sizeof(hostent_buf));
      */
-      failf(data, "Couldn't bind to '%s'", data->set.device);
-      return CURLE_HTTP_PORT_FAILED;
+      failf(data, "Couldn't bind to '%s'", dev);
+      return CURLE_INTERFACE_FAILED;
    }

    infof(data, "Bind local address to %s\n", myhost);
@@ -310,11 +308,10 @@ static CURLcode bindlocal(struct connectdata *conn,
       * hostname or ip address.
       */
      if (setsockopt(sockfd, SOL_SOCKET, SO_BINDTODEVICE,
-                     data->set.device, strlen(data->set.device)+1) != 0) {
+                     dev, strlen(dev)+1) != 0) {
        /* printf("Failed to BINDTODEVICE, socket: %d  device: %s error: %s\n",
-           sockfd, data->set.device, Curl_strerror(SOCKERRNO)); */
-        infof(data, "SO_BINDTODEVICE %s failed\n",
-              data->set.device);
+           sockfd, dev, Curl_strerror(SOCKERRNO)); */
+        infof(data, "SO_BINDTODEVICE %s failed\n", dev);
        /* This is typically "errno 1, error: Operation not permitted" if
           you're not running as root or another suitable privileged user */
      }
@@ -328,7 +325,7 @@ static CURLcode bindlocal(struct connectdata *conn,
 #endif
    if (CURL_INADDR_NONE == in && -1 == in6) {
      failf(data,"couldn't find my own IP address (%s)", myhost);
-      return CURLE_HTTP_PORT_FAILED;
+      return CURLE_INTERFACE_FAILED;
    } /* end of inet_addr */

    if ( h ) {
@@ -337,7 +334,7 @@ static CURLcode bindlocal(struct connectdata *conn,
      socksize = addr->ai_addrlen;
    }
    else
-      return CURLE_HTTP_PORT_FAILED;
+      return CURLE_INTERFACE_FAILED;

  }
  else if(port) {
@@ -373,7 +370,7 @@ static CURLcode bindlocal(struct connectdata *conn,
      size = sizeof(add);
      if(getsockname(sockfd, (struct sockaddr *) &add, &size) < 0) {
        failf(data, "getsockname() failed");
-        return CURLE_HTTP_PORT_FAILED;
+        return CURLE_INTERFACE_FAILED;
      }
      /* We re-use/clobber the port variable here below */
      if(((struct sockaddr *)&add)->sa_family == AF_INET)
@@ -396,7 +393,7 @@ static CURLcode bindlocal(struct connectdata *conn,
  data->state.os_errno = SOCKERRNO;
  failf(data, "bind failure: %s",
        Curl_strerror(conn, data->state.os_errno));
-  return CURLE_HTTP_PORT_FAILED;
+  return CURLE_INTERFACE_FAILED;

 }

@@ -580,6 +577,8 @@ CURLcode Curl_is_connected(struct connectdata *conn,
    data->state.os_errno = error;
    infof(data, "Connection failed\n");
    if(trynextip(conn, sockindex, connected)) {
+      failf(data, "Failed connect to %s:%d; %s",
+            conn->host.name, conn->port, Curl_strerror(conn, error));
      code = CURLE_COULDNT_CONNECT;
    }
  }
@@ -599,7 +598,7 @@ CURLcode Curl_is_connected(struct connectdata *conn,
      error = SOCKERRNO;
      data->state.os_errno = error;
      failf(data, "Failed connect to %s:%d; %s",
-            conn->host.name, conn->port, Curl_strerror(conn,error));
+            conn->host.name, conn->port, Curl_strerror(conn, error));
      code = CURLE_COULDNT_CONNECT;
    }
  }
--- a/lib/content_encoding.c
+++ b/lib/content_encoding.c
@@ -133,7 +133,7 @@ inflate_stream(struct connectdata *conn,
      /* some servers seem to not generate zlib headers, so this is an attempt
         to fix and continue anyway */

-      inflateReset(z);
+      (void) inflateEnd(z);	/* don't care about the return code */
      if (inflateInit2(z, -MAX_WBITS) != Z_OK) {
        return process_zlib_error(conn, z);
      }
--- a/lib/easy.c
+++ b/lib/easy.c
@@ -241,6 +241,12 @@ CURLcode curl_global_init(long flags)
  }
 #endif

+#ifdef NETWARE
+  if(netware_init()) {
+    DEBUGF(fprintf(stderr, "Warning: LONG namespace not available\n"));
+  }
+#endif
+
 #ifdef USE_LIBIDN
  idna_init();
 #endif
@@ -573,7 +579,8 @@ CURL *curl_easy_duphandle(CURL *incurl)
    outcurl->state.headersize=HEADERSIZE;

    /* copy all userdefined values */
-    outcurl->set = data->set;
+    if (Curl_dupset(outcurl, data) != CURLE_OK)
+      break;

    if(data->state.used_interface == Curl_if_multi)
      outcurl->state.connc = data->state.connc;
@@ -652,6 +659,7 @@ CURL *curl_easy_duphandle(CURL *incurl)
        free(outcurl->change.url);
      if(outcurl->change.referer)
        free(outcurl->change.referer);
+      Curl_freeset(outcurl);
      free(outcurl); /* free the memory again */
      outcurl = NULL;
    }
@@ -675,6 +683,7 @@ void curl_easy_reset(CURL *curl)
  data->reqdata.proto.generic=NULL;

  /* zero out UserDefined data: */
+  Curl_freeset(data);
  memset(&data->set, 0, sizeof(struct UserDefined));

  /* zero out Progress data: */
@@ -690,10 +699,10 @@ void curl_easy_reset(CURL *curl)
  data->set.err  = stderr;  /* default stderr to stderr */

  /* use fwrite as default function to store output */
-  data->set.fwrite = (curl_write_callback)fwrite;
+  data->set.fwrite_func = (curl_write_callback)fwrite;

  /* use fread as default function to read input */
-  data->set.fread = (curl_read_callback)fread;
+  data->set.fread_func = (curl_read_callback)fread;

  data->set.infilesize = -1; /* we don't know any size */
  data->set.postfieldsize = -1;
@@ -726,7 +735,7 @@ void curl_easy_reset(CURL *curl)
  data->set.ssl.verifyhost = 2;
 #ifdef CURL_CA_BUNDLE
  /* This is our prefered CA cert bundle since install time */
-  data->set.ssl.CAfile = (char *)CURL_CA_BUNDLE;
+  (void) curl_easy_setopt(curl, CURLOPT_CAINFO, (char *) CURL_CA_BUNDLE);
 #endif

  data->set.ssh_auth_types = CURLSSH_AUTH_DEFAULT; /* defaults to any auth
--- a/lib/escape.c
+++ b/lib/escape.c
@@ -75,9 +75,27 @@ char *curl_easy_escape(CURL *handle, const char *string, int inlength)
  length = alloc-1;
  while(length--) {
    in = *string;
-    if(!(in >= 'a' && in <= 'z') &&
-       !(in >= 'A' && in <= 'Z') &&
-       !(in >= '0' && in <= '9')) {
+
+    /* Portable character check (remember EBCDIC). Do not use isalnum() because
+       its behavior is altered by the current locale. */
+
+    switch (in) {
+    case '0': case '1': case '2': case '3': case '4':
+    case '5': case '6': case '7': case '8': case '9':
+    case 'a': case 'b': case 'c': case 'd': case 'e':
+    case 'f': case 'g': case 'h': case 'i': case 'j':
+    case 'k': case 'l': case 'm': case 'n': case 'o':
+    case 'p': case 'q': case 'r': case 's': case 't':
+    case 'u': case 'v': case 'w': case 'x': case 'y': case 'z':
+    case 'A': case 'B': case 'C': case 'D': case 'E':
+    case 'F': case 'G': case 'H': case 'I': case 'J':
+    case 'K': case 'L': case 'M': case 'N': case 'O':
+    case 'P': case 'Q': case 'R': case 'S': case 'T':
+    case 'U': case 'V': case 'W': case 'X': case 'Y': case 'Z':
+      /* just copy this */
+      ns[strindex++]=in;
+      break;
+    default:
      /* encode it */
      newlen += 2; /* the size grows with two, since this'll become a %XX */
      if(newlen > alloc) {
@@ -105,10 +123,7 @@ char *curl_easy_escape(CURL *handle, const char *string, int inlength)
      snprintf(&ns[strindex], 4, "%%%02X", in);

      strindex+=3;
-    }
-    else {
-      /* just copy this */
-      ns[strindex++]=in;
+      break;
    }
    string++;
  }
--- a/lib/file.c
+++ b/lib/file.c
@@ -205,7 +205,7 @@ static CURLcode file_upload(struct connectdata *conn)
   * Since FILE: doesn't do the full init, we need to provide some extra
   * assignments here.
   */
-  conn->fread = data->set.fread;
+  conn->fread_func = data->set.fread_func;
  conn->fread_in = data->set.in;
  conn->data->reqdata.upload_fromhere = buf;

--- a/lib/formdata.c
+++ b/lib/formdata.c
@@ -24,7 +24,10 @@
 /*
  Debug the form generator stand-alone by compiling this source file with:

-  gcc -DHAVE_CONFIG_H -I../ -g -D_FORM_DEBUG -DCURLDEBUG -o formdata -I../include formdata.c strequal.c memdebug.c mprintf.c strerror.c
+  gcc -DHAVE_CONFIG_H -I../ -g -D_FORM_DEBUG -DCURLDEBUG -o formdata \
+    -I../include formdata.c strequal.c memdebug.c mprintf.c strerror.c
+
+  (depending on circumstances you may need further externals added)

  run the 'formdata' executable the output should end with:
  All Tests seem to have worked ...
@@ -49,8 +52,8 @@ vlue for PTRCONTENTS + CONTENTSLENGTH
 (or you might see v^@lue at the start)

 Content-Disposition: form-data; name="PTRCONTENTS_+_CONTENTSLENGTH_+_CONTENTTYPE"
-Content-Type: text/plain
-vlue for PTRCOTNENTS + CONTENTSLENGTH + CONTENTTYPE
+Content-Type: application/octet-stream
+vlue for PTRCONTENTS + CONTENTSLENGTH + CONTENTTYPE
 (or you might see v^@lue at the start)

 Content-Disposition: form-data; name="FILE1_+_CONTENTTYPE"; filename="inet_ntoa_r.h"
@@ -61,23 +64,23 @@ Content-Disposition: form-data; name="FILE1_+_FILE2"
 Content-Type: multipart/mixed, boundary=curlz1s0dkticx49MV1KGcYP5cvfSsz
 ...
 Content-Disposition: attachment; filename="inet_ntoa_r.h"
-Content-Type: text/plain
+Content-Type: application/octet-stream
 ...
 Content-Disposition: attachment; filename="Makefile.b32"
-Content-Type: text/plain
+Content-Type: application/octet-stream
 ...

 Content-Disposition: form-data; name="FILE1_+_FILE2_+_FILE3"
 Content-Type: multipart/mixed, boundary=curlirkYPmPwu6FrJ1vJ1u1BmtIufh1
 ...
 Content-Disposition: attachment; filename="inet_ntoa_r.h"
-Content-Type: text/plain
+Content-Type: application/octet-stream
 ...
 Content-Disposition: attachment; filename="Makefile.b32"
-Content-Type: text/plain
+Content-Type: application/octet-stream
 ...
 Content-Disposition: attachment; filename="inet_ntoa_r.h"
-Content-Type: text/plain
+Content-Type: application/octet-stream
 ...


@@ -85,13 +88,13 @@ Content-Disposition: form-data; name="ARRAY: FILE1_+_FILE2_+_FILE3"
 Content-Type: multipart/mixed, boundary=curlirkYPmPwu6FrJ1vJ1u1BmtIufh1
 ...
 Content-Disposition: attachment; filename="inet_ntoa_r.h"
-Content-Type: text/plain
+Content-Type: application/octet-stream
 ...
 Content-Disposition: attachment; filename="Makefile.b32"
-Content-Type: text/plain
+Content-Type: application/octet-stream
 ...
 Content-Disposition: attachment; filename="inet_ntoa_r.h"
-Content-Type: text/plain
+Content-Type: application/octet-stream
 ...

 Content-Disposition: form-data; name="FILECONTENT"
@@ -278,8 +281,6 @@ static const char * ContentTypeForFilename (const char *filename,
    /* default to the previously set/used! */
    contenttype = prevtype;
  else
-    /* It seems RFC1867 defines no Content-Type to default to
-       text/plain so we don't actually need to set this: */
    contenttype = HTTPPOST_CONTENTTYPE_DEFAULT;

  if(filename) { /* in case a NULL was passed in */
@@ -1495,7 +1496,7 @@ int FormAddTest(const char * errormsg,
 }


-int main()
+int main(int argc, argv_item_t argv[])
 {
  char name1[] = "simple_COPYCONTENTS";
  char name2[] = "COPYCONTENTS_+_CONTENTTYPE";
@@ -1513,7 +1514,7 @@ int main()
  char value3[] = "value for PTRNAME + NAMELENGTH + COPYNAME + CONTENTSLENGTH";
  char value4[] = "value for simple PTRCONTENTS";
  char value5[] = "value for PTRCONTENTS + CONTENTSLENGTH";
-  char value6[] = "value for PTRCOTNENTS + CONTENTSLENGTH + CONTENTTYPE";
+  char value6[] = "value for PTRCONTENTS + CONTENTSLENGTH + CONTENTTYPE";
  char value7[] = "inet_ntoa_r.h";
  char value8[] = "Makefile.b32";
  char type2[] = "image/gif";
@@ -1521,11 +1522,11 @@ int main()
  char type7[] = "text/html";
  int name3length = strlen(name3);
  int value3length = strlen(value3);
-  int value5length = strlen(value4);
-  int value6length = strlen(value5);
+  int value5length = strlen(value5);
+  int value6length = strlen(value6);
  int errors = 0;
  CURLcode rc;
-  size_t size;
+  curl_off_t size;
  size_t nread;
  char buffer[4096];
  struct curl_httppost *httppost=NULL;
@@ -1535,6 +1536,9 @@ int main()
  struct FormData *form;
  struct Form formread;

+  (void) argc;
+  (void) argv;
+
  if (FormAddTest("simple COPYCONTENTS test", &httppost, &last_post,
                  CURLFORM_COPYNAME, name1, CURLFORM_COPYCONTENTS, value1,
                  CURLFORM_END))
@@ -1621,7 +1625,9 @@ int main()
    fwrite(buffer, nread, 1, stdout);
  } while(1);

-  fprintf(stdout, "size: %d\n", size);
+  fprintf(stdout, "size: ");
+  fprintf(stdout, CURL_FORMAT_OFF_T, size);
+  fprintf(stdout, "\n");
  if (errors)
    fprintf(stdout, "\n==> %d Test(s) failed!\n", errors);
  else
--- a/lib/ftp.c
+++ b/lib/ftp.c
@@ -705,7 +705,7 @@ static void state(struct connectdata *conn,
 {
 #if defined(CURLDEBUG) && !defined(CURL_DISABLE_VERBOSE_STRINGS)
  /* for debug purposes */
-  const char *names[]={
+  static const char * const names[]={
    "STOP",
    "WAIT220",
    "AUTH",
@@ -862,7 +862,7 @@ static CURLcode ftp_state_use_port(struct connectdata *conn,
  char hbuf[NI_MAXHOST];
  struct sockaddr *sa=(struct sockaddr *)&ss;
  char tmp[1024];
-  const char *mode[] = { "EPRT", "PORT", NULL };
+  static const char * const mode[] = { "EPRT", "PORT", NULL };
  int rc;
  int error;
  char *host=NULL;
@@ -871,11 +871,12 @@ static CURLcode ftp_state_use_port(struct connectdata *conn,

  /* Step 1, figure out what address that is requested */

-  if(data->set.ftpport && (strlen(data->set.ftpport) > 1)) {
+  if(data->set.str[STRING_FTPPORT] &&
+     (strlen(data->set.str[STRING_FTPPORT]) > 1)) {
    /* attempt to get the address of the given interface name */
-    if(!Curl_if2ip(data->set.ftpport, hbuf, sizeof(hbuf)))
+    if(!Curl_if2ip(data->set.str[STRING_FTPPORT], hbuf, sizeof(hbuf)))
      /* not an interface, use the given string as host name instead */
-      host = data->set.ftpport;
+      host = data->set.str[STRING_FTPPORT];
    else
      host = hbuf; /* use the hbuf for host name */
  } /* data->set.ftpport */
@@ -1080,27 +1081,28 @@ static CURLcode ftp_state_use_port(struct connectdata *conn,
  unsigned short ip[4];
  bool freeaddr = TRUE;
  socklen_t sslen = sizeof(sa);
+  const char *ftpport = data->set.str[STRING_FTPPORT];

  (void)fcmd; /* not used in the IPv4 code */
-  if(data->set.ftpport) {
+  if(ftpport) {
    in_addr_t in;

    /* First check if the given name is an IP address */
-    in=inet_addr(data->set.ftpport);
+    in=inet_addr(ftpport);

    if(in != CURL_INADDR_NONE)
      /* this is an IPv4 address */
-      addr = Curl_ip2addr(in, data->set.ftpport, 0);
+      addr = Curl_ip2addr(in, ftpport, 0);
    else {
-      if(Curl_if2ip(data->set.ftpport, myhost, sizeof(myhost))) {
+      if(Curl_if2ip(ftpport, myhost, sizeof(myhost))) {
        /* The interface to IP conversion provided a dotted address */
        in=inet_addr(myhost);
        addr = Curl_ip2addr(in, myhost, 0);
      }
-      else if(strlen(data->set.ftpport)> 1) {
+      else if(strlen(ftpport)> 1) {
        /* might be a host name! */
        struct Curl_dns_entry *h=NULL;
-        int rc = Curl_resolv(conn, data->set.ftpport, 0, &h);
+        int rc = Curl_resolv(conn, ftpport, 0, &h);
        if(rc == CURLRESOLV_PENDING)
          /* BLOCKING */
          rc = Curl_wait_for_resolv(conn, &h);
@@ -1114,11 +1116,11 @@ static CURLcode ftp_state_use_port(struct connectdata *conn,
                               since it points to a DNS cache entry! */
        } /* (h) */
        else {
-          infof(data, "Failed to resolve host name %s\n", data->set.ftpport);
+          infof(data, "Failed to resolve host name %s\n", ftpport);
        }
      } /* strlen */
    } /* CURL_INADDR_NONE */
-  } /* data->set.ftpport */
+  } /* ftpport */

  if(!addr) {
    /* pick a suitable default here */
@@ -1246,7 +1248,7 @@ static CURLcode ftp_state_use_pasv(struct connectdata *conn)

  */

-  const char *mode[] = { "EPSV", "PASV", NULL };
+  static const char * const mode[] = { "EPSV", "PASV", NULL };
  int modeoff;

 #ifdef PF_INET6
@@ -1346,7 +1348,8 @@ static CURLcode ftp_state_post_listtype(struct connectdata *conn)
     servers either... */

  NBFTPSENDF(conn, "%s",
-             data->set.customrequest?data->set.customrequest:
+             data->set.str[STRING_CUSTOMREQUEST]?
+             data->set.str[STRING_CUSTOMREQUEST]:
             (data->set.ftp_list_only?"NLST":"LIST"));

  state(conn, FTP_LIST);
@@ -1477,7 +1480,7 @@ static CURLcode ftp_state_ul_setup(struct connectdata *conn,
        readthisamountnow = BUFSIZE;

      actuallyread = (curl_off_t)
-        conn->fread(data->state.buffer, 1, (size_t)readthisamountnow,
+        conn->fread_func(data->state.buffer, 1, (size_t)readthisamountnow,
                    conn->fread_in);

      passed += actuallyread;
@@ -1720,7 +1723,7 @@ static CURLcode ftp_state_pasv_resp(struct connectdata *conn,
    return CURLE_FTP_WEIRD_PASV_REPLY;
  }

-  if(data->set.proxy && *data->set.proxy) {
+  if(data->set.str[STRING_PROXY] && *data->set.str[STRING_PROXY]) {
    /*
     * This is a tunnel through a http proxy and we need to connect to the
     * proxy again here.
@@ -2157,7 +2160,7 @@ static CURLcode ftp_state_stor_resp(struct connectdata *conn,
  if(ftpcode>=400) {
    failf(data, "Failed FTP upload: %0d", ftpcode);
    /* oops, we never close the sockets! */
-    return CURLE_FTP_COULDNT_STOR_FILE;
+    return CURLE_UPLOAD_FAILED;
  }

  if(data->set.ftp_use_port) {
@@ -2372,7 +2375,7 @@ static CURLcode ftp_state_user_resp(struct connectdata *conn,
  (void)instate; /* no use for this yet */

  /* some need password anyway, and others just return 2xx ignored */
-  if((ftpcode == 331 || ftpcode/100 == 2) && (ftpc->state == FTP_USER)) {
+  if((ftpcode == 331) && (ftpc->state == FTP_USER)) {
    /* 331 Password required for ...
       (the server requires to send the user's password too) */
    NBFTPSENDF(conn, "PASS %s", ftp->passwd?ftp->passwd:"");
@@ -2384,8 +2387,8 @@ static CURLcode ftp_state_user_resp(struct connectdata *conn,
    result = ftp_state_loggedin(conn);
  }
  else if(ftpcode == 332) {
-    if(data->set.ftp_account) {
-      NBFTPSENDF(conn, "ACCT %s", data->set.ftp_account);
+    if(data->set.str[STRING_FTP_ACCOUNT]) {
+      NBFTPSENDF(conn, "ACCT %s", data->set.str[STRING_FTP_ACCOUNT]);
      state(conn, FTP_ACCT);
    }
    else {
@@ -2399,10 +2402,11 @@ static CURLcode ftp_state_user_resp(struct connectdata *conn,
    530 User ... access denied
    (the server denies to log the specified user) */

-    if (conn->data->set.ftp_alternative_to_user &&
+    if (conn->data->set.str[STRING_FTP_ALTERNATIVE_TO_USER] &&
        !conn->data->state.ftp_trying_alternative) {
      /* Ok, USER failed.  Let's try the supplied command. */
-      NBFTPSENDF(conn, "%s", conn->data->set.ftp_alternative_to_user);
+      NBFTPSENDF(conn, "%s",
+                 conn->data->set.str[STRING_FTP_ALTERNATIVE_TO_USER]);
      conn->data->state.ftp_trying_alternative = TRUE;
      state(conn, FTP_USER);
      result = CURLE_OK;
@@ -2488,7 +2492,7 @@ static CURLcode ftp_statemach_act(struct connectdata *conn)
        Curl_sec_request_prot(conn, "private");
        /* We set private first as default, in case the line below fails to
           set a valid level */
-	Curl_sec_request_prot(conn, data->set.krb_level);
+	Curl_sec_request_prot(conn, data->set.str[STRING_KRB_LEVEL]);

        if(Curl_sec_login(conn) != 0)
          infof(data, "Logging in with password in cleartext!\n");
@@ -3055,7 +3059,7 @@ CURLcode Curl_ftp_done(struct connectdata *conn, CURLcode status, bool premature
  case CURLE_FTP_PORT_FAILED:
  case CURLE_FTP_COULDNT_SET_BINARY:
  case CURLE_FTP_COULDNT_RETR_FILE:
-  case CURLE_FTP_COULDNT_STOR_FILE:
+  case CURLE_UPLOAD_FAILED:
  case CURLE_FTP_ACCESS_DENIED:
  case CURLE_FILESIZE_EXCEEDED:
    /* the connection stays alive fine even though this happened */
@@ -3115,6 +3119,14 @@ CURLcode Curl_ftp_done(struct connectdata *conn, CURLcode status, bool premature
  shutdown(conn->sock[SECONDARYSOCKET],2);  /* SD_BOTH */
 #endif

+  if(conn->ssl[SECONDARYSOCKET].use) {
+    /* The secondary socket is using SSL so we must close down that part first
+       before we close the socket for real */
+    Curl_ssl_close(conn, SECONDARYSOCKET);
+
+    /* Note that we keep "use" set to TRUE since that (next) connection is
+       still requested to use SSL */
+  }
  sclose(conn->sock[SECONDARYSOCKET]);

  conn->sock[SECONDARYSOCKET] = CURL_SOCKET_BAD;
@@ -3137,7 +3149,7 @@ CURLcode Curl_ftp_done(struct connectdata *conn, CURLcode status, bool premature
    if(!nread && (CURLE_OPERATION_TIMEDOUT == result)) {
      failf(data, "control connection looks dead");
      ftpc->ctl_valid = FALSE; /* mark control connection as bad */
-      return result;
+      conn->bits.close = TRUE; /* mark for closure */
    }

    if(result)
--- a/lib/getinfo.c
+++ b/lib/getinfo.c
@@ -176,7 +176,7 @@ CURLcode Curl_getinfo(struct SessionHandle *data, CURLINFO info, ...)
    *param_charp = data->info.contenttype;
    break;
  case CURLINFO_PRIVATE:
-    *param_charp = data->set.private_data;
+    *param_charp = (char *) data->set.private_data;
    break;
  case CURLINFO_HTTPAUTH_AVAIL:
    *param_longp = data->info.httpauthavail;
--- a/lib/gtls.c
+++ b/lib/gtls.c
@@ -227,7 +227,7 @@ Curl_gtls_connect(struct connectdata *conn,
                  int sockindex)

 {
-  const int cert_type_priority[] = { GNUTLS_CRT_X509, 0 };
+  static const int cert_type_priority[] = { GNUTLS_CRT_X509, 0 };
  struct SessionHandle *data = conn->data;
  gnutls_session session;
  int rc;
@@ -299,11 +299,13 @@ Curl_gtls_connect(struct connectdata *conn,
  if(rc < 0)
    return CURLE_SSL_CONNECT_ERROR;

-  if(data->set.cert) {
+  if(data->set.str[STRING_CERT]) {
    if( gnutls_certificate_set_x509_key_file(
-          conn->ssl[sockindex].cred, data->set.cert,
-          data->set.key != 0 ? data->set.key : data->set.cert,
-          do_file_type(data->set.cert_type) ) ) {
+          conn->ssl[sockindex].cred,
+          data->set.str[STRING_CERT],
+          data->set.str[STRING_KEY] ?
+          data->set.str[STRING_KEY] : data->set.str[STRING_CERT],
+          do_file_type(data->set.str[STRING_CERT_TYPE]) ) ) {
      failf(data, "error reading X.509 key or certificate file");
      return CURLE_SSL_CONNECT_ERROR;
    }
@@ -556,17 +558,17 @@ static void close_one(struct connectdata *conn,
  if(conn->ssl[index].session) {
    gnutls_bye(conn->ssl[index].session, GNUTLS_SHUT_RDWR);
    gnutls_deinit(conn->ssl[index].session);
+    conn->ssl[index].session = NULL;
  }
-  if(conn->ssl[index].cred)
+  if(conn->ssl[index].cred) {
    gnutls_certificate_free_credentials(conn->ssl[index].cred);
+    conn->ssl[index].cred = NULL;
+  }
 }

-void Curl_gtls_close(struct connectdata *conn)
+void Curl_gtls_close(struct connectdata *conn, int sockindex)
 {
-  if(conn->ssl[0].use)
-    close_one(conn, 0);
-  if(conn->ssl[1].use)
-    close_one(conn, 1);
+  close_one(conn, sockindex);
 }

 /*
@@ -631,8 +633,8 @@ int Curl_gtls_shutdown(struct connectdata *conn, int sockindex)
  }
  gnutls_certificate_free_credentials(conn->ssl[sockindex].cred);

+  conn->ssl[sockindex].cred = NULL;
  conn->ssl[sockindex].session = NULL;
-  conn->ssl[sockindex].use = FALSE;

  return retval;
 }
--- a/lib/gtls.h
+++ b/lib/gtls.h
@@ -29,7 +29,9 @@ CURLcode Curl_gtls_connect(struct connectdata *conn, int sockindex);
 /* tell GnuTLS to close down all open information regarding connections (and
   thus session ID caching etc) */
 void Curl_gtls_close_all(struct SessionHandle *data);
-void Curl_gtls_close(struct connectdata *conn); /* close a SSL connection */
+
+ /* close a SSL connection */
+void Curl_gtls_close(struct connectdata *conn, int index);

 /* return number of sent (non-SSL) bytes */
 ssize_t Curl_gtls_send(struct connectdata *conn, int sockindex,
--- a/lib/hostip4.c
+++ b/lib/hostip4.c
@@ -285,7 +285,6 @@ Curl_addrinfo *Curl_getaddrinfo(struct connectdata *conn,
     */
  else {
 #if (defined(NETWARE) && !defined(__NOVELL_LIBC__))
-    NETDB_DEFINE_CONTEXT
    h = gethostbyname((char*)hostname);
 #else
    h = gethostbyname(hostname);
--- a/lib/http.c
+++ b/lib/http.c
@@ -790,7 +790,7 @@ static size_t readmoredata(char *buffer,
      /* move backup data into focus and continue on that */
      http->postdata = http->backup.postdata;
      http->postsize = http->backup.postsize;
-      conn->fread =    http->backup.fread;
+      conn->fread_func = http->backup.fread_func;
      conn->fread_in = http->backup.fread_in;

      http->sending++; /* move one step up */
@@ -853,10 +853,10 @@ send_buffer *add_buffer_init(void)
 static
 CURLcode add_buffer_send(send_buffer *in,
                         struct connectdata *conn,
-                         long *bytes_written, /* add the number of sent
-                                                 bytes to this counter */
+                         long *bytes_written, /* add the number of sent bytes
+                                                 to this counter */
                         size_t included_body_bytes, /* how much of the buffer
-                                        contains body data (for log tracing) */
+                                                        contains body data */
                         int socketindex)

 {
@@ -926,6 +926,10 @@ CURLcode add_buffer_send(send_buffer *in,
                   ptr+amount-included_body_bytes,
                   (size_t)included_body_bytes, conn);
    }
+    if (included_body_bytes)
+      /* since we sent a piece of the body here, up the byte counter for it
+         accordingly */
+      http->writebytecount = included_body_bytes;

    *bytes_written += amount;

@@ -940,13 +944,13 @@ CURLcode add_buffer_send(send_buffer *in,
        ptr = in->buffer + amount;

        /* backup the currently set pointers */
-        http->backup.fread = conn->fread;
+        http->backup.fread_func = conn->fread_func;
        http->backup.fread_in = conn->fread_in;
        http->backup.postdata = http->postdata;
        http->backup.postsize = http->postsize;

        /* set the new pointers for the request-sending */
-        conn->fread = (curl_read_callback)readmoredata;
+        conn->fread_func = (curl_read_callback)readmoredata;
        conn->fread_in = (void *)conn;
        http->postdata = ptr;
        http->postsize = (curl_off_t)size;
@@ -1183,7 +1187,8 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
        if(!checkheaders(data, "Proxy-Connection:"))
          proxyconn = "Proxy-Connection: Keep-Alive\r\n";

-        if(!checkheaders(data, "User-Agent:") && data->set.useragent)
+        if(!checkheaders(data, "User-Agent:") &&
+           data->set.str[STRING_USERAGENT])
          useragent = conn->allocptr.uagent;

 	/* Send the connect request to the proxy */
@@ -1398,6 +1403,9 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
                  else if(Curl_compareheader(line_start,
                                             "Connection:", "close"))
                    closeConnection = TRUE;
+                  else if(Curl_compareheader(line_start,
+                                             "Proxy-Connection:", "close"))
+                    closeConnection = TRUE;
                  else if(2 == sscanf(line_start, "HTTP/1.%d %d",
                                      &subversion,
                                      &k->httpcode)) {
@@ -1585,6 +1593,18 @@ int Curl_https_getsock(struct connectdata *conn,
  (void)numsocks;
  return GETSOCK_BLANK;
 }
+#else
+#ifdef USE_QSOSSL
+int Curl_https_getsock(struct connectdata *conn,
+                       curl_socket_t *socks,
+                       int numsocks)
+{
+  (void)conn;
+  (void)socks;
+  (void)numsocks;
+  return GETSOCK_BLANK;
+}
+#endif
 #endif
 #endif
 #endif
@@ -1603,7 +1623,7 @@ CURLcode Curl_http_done(struct connectdata *conn,
  (void)premature; /* not used */

  /* set the proper values (possibly modified on POST) */
-  conn->fread = data->set.fread; /* restore */
+  conn->fread_func = data->set.fread_func; /* restore */
  conn->fread_in = data->set.in; /* restore */

  if (http == NULL)
@@ -1751,8 +1771,8 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
  }

  /* Now set the 'request' pointer to the proper request string */
-  if(data->set.customrequest)
-    request = data->set.customrequest;
+  if(data->set.str[STRING_CUSTOMREQUEST])
+    request = data->set.str[STRING_CUSTOMREQUEST];
  else {
    if(conn->bits.no_body)
      request = (char *)"HEAD";
@@ -1807,14 +1827,14 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
  else
    conn->allocptr.ref = NULL;

-  if(data->set.cookie && !checkheaders(data, "Cookie:"))
-    addcookies = data->set.cookie;
+  if(data->set.str[STRING_COOKIE] && !checkheaders(data, "Cookie:"))
+    addcookies = data->set.str[STRING_COOKIE];

  if(!checkheaders(data, "Accept-Encoding:") &&
-     data->set.encoding) {
+     data->set.str[STRING_ENCODING]) {
    Curl_safefree(conn->allocptr.accept_encoding);
    conn->allocptr.accept_encoding =
-      aprintf("Accept-Encoding: %s\r\n", data->set.encoding);
+      aprintf("Accept-Encoding: %s\r\n", data->set.str[STRING_ENCODING]);
    if(!conn->allocptr.accept_encoding)
      return CURLE_OUT_OF_MEMORY;
  }
@@ -1988,7 +2008,7 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
          readthisamountnow = BUFSIZE;

        actuallyread =
-          data->set.fread(data->state.buffer, 1, (size_t)readthisamountnow,
+          data->set.fread_func(data->state.buffer, 1, (size_t)readthisamountnow,
                          data->set.in);

        passed += actuallyread;
@@ -2023,7 +2043,8 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
      /* if a line like this was already allocated, free the previous one */
      if(conn->allocptr.rangeline)
        free(conn->allocptr.rangeline);
-      conn->allocptr.rangeline = aprintf("Range: bytes=%s\r\n", data->reqdata.range);
+      conn->allocptr.rangeline = aprintf("Range: bytes=%s\r\n",
+                                         data->reqdata.range);
    }
    else if((httpreq != HTTPREQ_GET) &&
            !checkheaders(data, "Content-Range:")) {
@@ -2087,19 +2108,23 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
                conn->allocptr.userpwd?conn->allocptr.userpwd:"",
                (data->reqdata.use_range && conn->allocptr.rangeline)?
                conn->allocptr.rangeline:"",
-                (data->set.useragent && *data->set.useragent && conn->allocptr.uagent)?
+                (data->set.str[STRING_USERAGENT] &&
+                 *data->set.str[STRING_USERAGENT] && conn->allocptr.uagent)?
                conn->allocptr.uagent:"",
                (conn->allocptr.host?conn->allocptr.host:""), /* Host: host */
                http->p_pragma?http->p_pragma:"",
                http->p_accept?http->p_accept:"",
-                (data->set.encoding && *data->set.encoding && conn->allocptr.accept_encoding)?
-                conn->allocptr.accept_encoding:"",
-                (data->change.referer && conn->allocptr.ref)?conn->allocptr.ref:"" /* Referer: <data> */,
-                (conn->bits.httpproxy &&
-                 !conn->bits.tunnel_proxy &&
-                 !checkheaders(data, "Proxy-Connection:"))?
+                (data->set.str[STRING_ENCODING] &&
+                 *data->set.str[STRING_ENCODING] &&
+                 conn->allocptr.accept_encoding)?
+                  conn->allocptr.accept_encoding:"",
+                  (data->change.referer && conn->allocptr.ref)?
+                  conn->allocptr.ref:"" /* Referer: <data> */,
+                  (conn->bits.httpproxy &&
+                   !conn->bits.tunnel_proxy &&
+                   !checkheaders(data, "Proxy-Connection:"))?
                  "Proxy-Connection: Keep-Alive\r\n":"",
-                te
+                  te
                );

    if(result)
@@ -2243,7 +2268,7 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
      }

      /* set the read function to read from the generated form data */
-      conn->fread = (curl_read_callback)Curl_FormReader;
+      conn->fread_func = (curl_read_callback)Curl_FormReader;
      conn->fread_in = &http->form;

      http->sending = HTTPSEND_BODY;
@@ -2364,7 +2389,8 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
        /* figure out the size of the postfields */
        postsize = (data->set.postfieldsize != -1)?
          data->set.postfieldsize:
-          (data->set.postfields?(curl_off_t)strlen(data->set.postfields):0);
+          (data->set.str[STRING_POSTFIELDS]?
+           (curl_off_t)strlen(data->set.str[STRING_POSTFIELDS]):0);

      if(!conn->bits.upload_chunky) {
        /* We only set Content-Length and allow a custom Content-Length if
@@ -2389,7 +2415,7 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
          return result;
      }

-      if(data->set.postfields) {
+      if(data->set.str[STRING_POSTFIELDS]) {

        /* for really small posts we don't use Expect: headers at all, and for
           the somewhat bigger ones we allow the app to disable it */
@@ -2403,7 +2429,7 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)

        if(!data->state.expect100header &&
           (postsize < MAX_INITIAL_POST_SIZE))  {
-          /* if we don't use expect:-100  AND
+          /* if we don't use expect: 100  AND
             postsize is less than MAX_INITIAL_POST_SIZE

             then append the post data to the HTTP request header. This limit
@@ -2417,7 +2443,7 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
          if(!conn->bits.upload_chunky) {
            /* We're not sending it 'chunked', append it to the request
               already now to reduce the number if send() calls */
-            result = add_buffer(req_buffer, data->set.postfields,
+            result = add_buffer(req_buffer, data->set.str[STRING_POSTFIELDS],
                                (size_t)postsize);
            included_body = postsize;
          }
@@ -2425,7 +2451,7 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
            /* Append the POST data chunky-style */
            result = add_bufferf(req_buffer, "%x\r\n", (int)postsize);
            if(CURLE_OK == result)
-              result = add_buffer(req_buffer, data->set.postfields,
+              result = add_buffer(req_buffer, data->set.str[STRING_POSTFIELDS],
                                  (size_t)postsize);
            if(CURLE_OK == result)
              result = add_buffer(req_buffer,
@@ -2439,11 +2465,11 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
        else {
          /* A huge POST coming up, do data separate from the request */
          http->postsize = postsize;
-          http->postdata = data->set.postfields;
+          http->postdata = data->set.str[STRING_POSTFIELDS];

          http->sending = HTTPSEND_BODY;

-          conn->fread = (curl_read_callback)readmoredata;
+          conn->fread_func = (curl_read_callback)readmoredata;
          conn->fread_in = (void *)conn;

          /* set the upload size to the progress meter */
@@ -2477,9 +2503,9 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
      else
        result =
          Curl_setup_transfer(conn, FIRSTSOCKET, -1, TRUE,
-                        &http->readbytecount,
-                        http->postdata?FIRSTSOCKET:-1,
-                        http->postdata?&http->writebytecount:NULL);
+                              &http->readbytecount,
+                              http->postdata?FIRSTSOCKET:-1,
+                              http->postdata?&http->writebytecount:NULL);
      break;

    default:
--- a/lib/http_chunks.c
+++ b/lib/http_chunks.c
@@ -118,10 +118,9 @@ CHUNKcode Curl_httpchunk_read(struct connectdata *conn,

  /* the original data is written to the client, but we go on with the
     chunk read process, to properly calculate the content length*/
-  if ( data->set.http_te_skip )
+  if (data->set.http_te_skip && !k->ignorebody)
    Curl_client_write(conn, CLIENTWRITE_BODY, datap,datalen);

-
  while(length) {
    switch(ch->state) {
    case CHUNK_HEX:
--- a/lib/http_digest.c
+++ b/lib/http_digest.c
@@ -266,6 +266,11 @@ CURLcode Curl_output_digest(struct connectdata *conn,
    authp = &data->state.authhost;
  }

+  if (*allocuserpwd) {
+    Curl_safefree(*allocuserpwd);
+    *allocuserpwd = NULL;
+  }
+
  /* not set means empty */
  if(!userp)
    userp=(char *)"";
@@ -388,8 +393,6 @@ CURLcode Curl_output_digest(struct connectdata *conn,
    nonce="1053604145", uri="/64", response="c55f7f30d83d774a3d2dcacf725abaca"
  */

-  Curl_safefree(*allocuserpwd);
-
  if (d->qop) {
    *allocuserpwd =
      aprintf( "%sAuthorization: Digest "
--- a/lib/http_ntlm.c
+++ b/lib/http_ntlm.c
@@ -48,6 +48,10 @@
 #include <unistd.h>
 #endif

+#if (defined(NETWARE) && !defined(__NOVELL_LIBC__))
+#include <netdb.h>
+#endif
+
 #include "urldata.h"
 #include "easyif.h"  /* for Curl_convert_... prototypes */
 #include "sendf.h"
--- a/lib/inet_ntop.c
+++ b/lib/inet_ntop.c
@@ -42,10 +42,6 @@

 #include "inet_ntop.h"

-#if (defined(NETWARE) && !defined(__NOVELL_LIBC__))
-NETINET_DEFINE_CONTEXT
-#endif
-
 #if defined(HAVE_INET_NTOA_R) && !defined(HAVE_INET_NTOA_R_DECL)
 /* this platform has a inet_ntoa_r() function, but no proto declared anywhere
   so we include our own proto to make compilers happy */
--- a/lib/krb5.c
+++ b/lib/krb5.c
@@ -36,14 +36,24 @@
 #ifndef CURL_DISABLE_FTP
 #ifdef HAVE_GSSAPI

+#ifdef HAVE_GSSMIT
+#define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name
+#endif
+
 #include <stdlib.h>
 #ifdef HAVE_NETDB_H
 #include <netdb.h>
 #endif
 #include <string.h>
+#ifdef HAVE_GSSMIT
+/* MIT style */
 #include <gssapi/gssapi.h>
 #include <gssapi/gssapi_generic.h>
 #include <gssapi/gssapi_krb5.h>
+#else
+/* Heimdal-style */
+#include <gssapi.h>
+#endif

 #include "urldata.h"
 #include "base64.h"
@@ -145,7 +155,7 @@ krb5_auth(void *app_data, struct connectdata *conn)
  char *p;
  const char *host = conn->dns_entry->addr->ai_canonname;
  ssize_t nread;
-  unsigned int l = sizeof(conn->local_addr);
+  socklen_t l = sizeof(conn->local_addr);
  struct SessionHandle *data = conn->data;
  CURLcode result;
  const char *service = "ftp", *srv_host = "host";
@@ -185,7 +195,7 @@ krb5_auth(void *app_data, struct connectdata *conn)

    gssbuf.value = data->state.buffer;
    gssbuf.length = snprintf(gssbuf.value, BUFSIZE, "%s@%s", service, host);
-    maj = gss_import_name(&min, &gssbuf, gss_nt_service_name, &gssname);
+    maj = gss_import_name(&min, &gssbuf, GSS_C_NT_HOSTBASED_SERVICE, &gssname);
    if(maj != GSS_S_COMPLETE) {
      gss_release_name(&min, &gssname);
      if(service == srv_host) {
--- a/lib/memdebug.c
+++ b/lib/memdebug.c
@@ -47,7 +47,10 @@

 struct memdebug {
  size_t size;
-  double mem[1];
+  union {
+    double d;
+    void * p;
+  } mem[1];
  /* I'm hoping this is the thing with the strictest alignment
   * requirements.  That also means we waste some space :-( */
 };
--- a/lib/mprintf.c
+++ b/lib/mprintf.c
@@ -296,10 +296,10 @@ int dprintf_Pass1Report(va_stack_t *vto, int max)
 *
 ******************************************************************/

-static long dprintf_Pass1(char *format, va_stack_t *vto, char **endpos,
+static long dprintf_Pass1(const char *format, va_stack_t *vto, char **endpos,
                          va_list arglist)
 {
-  char *fmt = format;
+  char *fmt = (char *)format;
  int param_num = 0;
  long this_param;
  long width;
@@ -614,7 +614,7 @@ static int dprintf_formatf(
  va_stack_t *p;

  /* Do the actual %-code parsing */
-  dprintf_Pass1((char *)format, vto, endpos, ap_save);
+  dprintf_Pass1(format, vto, endpos, ap_save);

  end = &endpos[0]; /* the initial end-position from the list dprintf_Pass1()
                       created for us */
--- a/lib/nss.c
+++ b/lib/nss.c
@@ -96,7 +96,7 @@ typedef struct {

 enum sslversion { SSL2 = 1, SSL3 = 2, TLS = 4 };

-cipher_s cipherlist[ciphernum] = {
+static const cipher_s cipherlist[ciphernum] = {
  /* SSL2 cipher suites */
  {"rc4", SSL_EN_RC4_128_WITH_MD5, SSL2},
  {"rc4export", SSL_EN_RC4_128_EXPORT40_WITH_MD5, SSL2},
@@ -225,8 +225,8 @@ static char * nss_get_password(PK11SlotInfo * slot, PRBool retry, void *arg)
  pphrase_arg_t *parg = (pphrase_arg_t *) arg;
  (void)slot; /* unused */
  (void)retry; /* unused */
-  if(parg->data->set.key_passwd)
-    return (char *)PORT_Strdup((char *)parg->data->set.key_passwd);
+  if(parg->data->set.str[STRING_KEY_PASSWD])
+    return (char *)PORT_Strdup((char *)parg->data->set.str[STRING_KEY_PASSWD]);
  else
    return NULL;
 }
@@ -384,18 +384,13 @@ Curl_nss_check_cxn(struct connectdata *conn)
 /*
 * This function is called when an SSL connection is closed.
 */
-void Curl_nss_close(struct connectdata *conn)
+void Curl_nss_close(struct connectdata *conn, int sockindex)
 {
-  int i;
+  struct ssl_connect_data *connssl = &conn->ssl[sockindex];

-  for(i=0; i<2; i++) {
-    struct ssl_connect_data *connssl = &conn->ssl[i];
-
-    if(connssl->handle) {
-      PR_Close(connssl->handle);
-      connssl->handle = NULL;
-    }
-    connssl->use = FALSE; /* get back to ordinary socket usage */
+  if(connssl->handle) {
+    PR_Close(connssl->handle);
+    connssl->handle = NULL;
  }
 }

@@ -493,10 +488,11 @@ CURLcode Curl_nss_connect(struct connectdata * conn, int sockindex)
                           NULL) != SECSuccess)
    goto error;

-  if(data->set.cert) {
+  if(data->set.str[STRING_CERT]) {
    if(SSL_GetClientAuthDataHook(model,
                                 (SSLGetClientAuthData) SelectClientCert,
-                                 (void *)data->set.cert) != SECSuccess) {
+                                 (void *)data->set.str[STRING_CERT]) !=
+       SECSuccess) {
      curlerr = CURLE_SSL_CERTPROBLEM;
      goto error;
    }
--- a/lib/nssg.h
+++ b/lib/nssg.h
@@ -32,7 +32,9 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex);
 CURLcode Curl_nss_connect_nonblocking(struct connectdata *conn,
                                      int sockindex,
                                      bool *done);
-void Curl_nss_close(struct connectdata *conn); /* close a SSL connection */
+/* close a SSL connection */
+void Curl_nss_close(struct connectdata *conn, int index);
+
 /* tell NSS to close down all open information regarding connections (and
   thus session ID caching etc) */
 int Curl_nss_close_all(struct SessionHandle *data);
--- a/lib/nwlib.c
+++ b/lib/nwlib.c
@@ -308,13 +308,6 @@ void DisposeThreadData( void *data )
 /* For native CLib-based NLM seems we can do a bit more simple. */
 #include <nwthread.h>

-/* Make the CLIB Ctx stuff link */
-/*
-#include <stdio.h>
-#include <netdb.h>
-NETDB_DEFINE_CONTEXT
-*/
-
 int main ( void )
 {
    /* initialize any globals here... */
--- a/lib/nwos.c
+++ b/lib/nwos.c
@@ -0,0 +1,92 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * $Id$
+ ***************************************************************************/
+
+#ifdef NETWARE /* Novell NetWare */
+
+#include <stdlib.h>
+
+#ifdef __NOVELL_LIBC__
+/* For native LibC-based NLM we need to do nothing. */
+int netware_init ( void )
+{
+    return 0;
+}
+
+#else /* __NOVELL_LIBC__ */
+
+/* For native CLib-based NLM we need to initialize the LONG namespace. */
+#include <stdio.h>
+#include <nwnspace.h>
+#include <nwthread.h>
+#include <nwadv.h>
+/* Make the CLIB Ctx stuff link */
+#include <netdb.h>
+NETDB_DEFINE_CONTEXT
+/* Make the CLIB Inet stuff link */
+#include <netinet/in.h>
+#include <arpa/inet.h>
+NETINET_DEFINE_CONTEXT
+
+int netware_init ( void )
+{
+    int rc = 0;
+    unsigned int myHandle = GetNLMHandle();
+    /* import UnAugmentAsterisk dynamically for NW4.x compatibility */
+    void (*pUnAugmentAsterisk)(int) = (void(*)(int))
+            ImportSymbol(myHandle, "UnAugmentAsterisk");
+    /* import UseAccurateCaseForPaths dynamically for NW3.x compatibility */
+    void (*pUseAccurateCaseForPaths)(int) = (void(*)(int))
+            ImportSymbol(myHandle, "UseAccurateCaseForPaths");
+    if (pUnAugmentAsterisk)
+        pUnAugmentAsterisk(1);
+    if (pUseAccurateCaseForPaths)
+        pUseAccurateCaseForPaths(1);
+    UnimportSymbol(myHandle, "UnAugmentAsterisk");
+    UnimportSymbol(myHandle, "UseAccurateCaseForPaths");
+    /* set long name space */
+    if ((SetCurrentNameSpace(4) == 255)) {
+        rc = 1;
+    }
+    if ((SetTargetNameSpace(4) == 255)) {
+        rc = rc + 2;
+    }
+    return rc;
+}
+
+/* dummy function to satisfy newer prelude */
+int __init_environment ( void )
+{
+    return 0;
+}
+
+/* dummy function to satisfy newer prelude */
+int __deinit_environment ( void )
+{
+    return 0;
+}
+
+#endif /* __NOVELL_LIBC__ */
+
+#endif /* NETWARE */
+
+
--- a/lib/qssl.c
+++ b/lib/qssl.c
@@ -0,0 +1,487 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * $Id$
+ ***************************************************************************/
+
+#include "setup.h"
+
+#ifdef USE_QSOSSL
+#include <qsossl.h>
+#include <errno.h>
+#include <string.h>
+
+#include <curl/curl.h>
+#include "urldata.h"
+#include "sendf.h"
+#include "qssl.h"
+#include "sslgen.h"
+#include "connect.h" /* for the connect timeout */
+#include "select.h"
+#include "memory.h"
+/* The last #include file should be: */
+#include "memdebug.h"
+
+
+int Curl_qsossl_init(void)
+
+{
+  /* Nothing to do here. We must have connection data to initialize ssl, so
+   * defer.
+   */
+
+  return 1;
+}
+
+
+void Curl_qsossl_cleanup(void)
+
+{
+  /* Nothing to do. */
+}
+
+
+static CURLcode Curl_qsossl_init_session(struct SessionHandle * data)
+
+{
+  int rc;
+  char * certname;
+  SSLInit initstr;
+  SSLInitApp initappstr;
+
+  /* Initialize the job for SSL according to the current parameters.
+   * QsoSSL offers two ways to do it: SSL_Init_Application() that uses an
+   *  application identifier to select certificates in the main certificate
+   *  store, and SSL_Init() that uses named keyring files and a password.
+   * It is not possible to have different keyrings for the CAs and the
+   *  local certificate. We thus use the certificate name to identify the
+   *  keyring if given, else the CA file name.
+   * If the key file name is given, it is taken as the password for the
+   *  keyring in certificate file.
+   * We first try to SSL_Init_Application(), then SSL_Init() if it failed.
+   */
+
+  certname = data->set.str[STRING_CERT];
+
+  if (!certname) {
+    certname = data->set.str[STRING_SSL_CAFILE];
+
+    if (!certname)
+      return CURLE_OK;          /* Use previous setup. */
+    }
+
+  memset((char *) &initappstr, 0, sizeof initappstr);
+  initappstr.applicationID = certname;
+  initappstr.applicationIDLen = strlen(certname);
+  initappstr.protocol = SSL_VERSION_CURRENT;
+  initappstr.sessionType = SSL_REGISTERED_AS_CLIENT;
+  rc = SSL_Init_Application(&initappstr);
+
+  if (rc == SSL_ERROR_NOT_REGISTERED) {
+    initstr.keyringFileName = certname;
+    initstr.keyringPassword = data->set.str[STRING_KEY];
+    initstr.cipherSuiteList = NULL;    /* Use default. */
+    initstr.cipherSuiteListLen = 0;
+    rc = SSL_Init(&initstr);
+    }
+
+  switch (rc) {
+
+  case 0:                             /* No error. */
+    break;
+
+  case SSL_ERROR_IO:
+    failf(data, "SSL_Init() I/O error: %s\n", strerror(errno));
+    return CURLE_SSL_CONNECT_ERROR;
+
+  case SSL_ERROR_BAD_CIPHER_SUITE:
+    return CURLE_SSL_CIPHER;
+
+  case SSL_ERROR_KEYPASSWORD_EXPIRED:
+  case SSL_ERROR_NOT_REGISTERED:
+    return CURLE_SSL_CONNECT_ERROR;
+
+  case SSL_ERROR_NO_KEYRING:
+    return CURLE_SSL_CACERT;
+
+  case SSL_ERROR_CERT_EXPIRED:
+    return CURLE_SSL_CERTPROBLEM;
+
+  default:
+    failf(data, "SSL_Init(): %s\n", SSL_Strerror(rc, NULL));
+    return CURLE_SSL_CONNECT_ERROR;
+  }
+
+  return CURLE_OK;
+}
+
+
+static CURLcode Curl_qsossl_create(struct connectdata * conn, int sockindex)
+
+{
+  SSLHandle * h;
+  struct ssl_connect_data * connssl = &conn->ssl[sockindex];
+
+  h = SSL_Create(conn->sock[sockindex], SSL_ENCRYPT);
+
+  if (!h) {
+    failf(conn->data, "SSL_Create() I/O error: %s\n", strerror(errno));
+    return CURLE_SSL_CONNECT_ERROR;
+    }
+
+  connssl->handle = h;
+  return CURLE_OK;
+}
+
+
+static int Curl_qsossl_trap_cert(SSLHandle * h)
+
+{
+  return 1;       /* Accept certificate. */
+}
+
+
+static CURLcode Curl_qsossl_handshake(struct connectdata * conn, int sockindex)
+
+{
+  int rc;
+  struct SessionHandle * data = conn->data;
+  struct ssl_connect_data * connssl = &conn->ssl[sockindex];
+  SSLHandle * h = connssl->handle;
+  long timeout_ms;
+
+  h->exitPgm = NULL;
+
+  if (!data->set.ssl.verifyhost)
+    h->exitPgm = Curl_qsossl_trap_cert;
+
+  if (data->set.connecttimeout) {
+    timeout_ms = data->set.connecttimeout;
+
+    if (data->set.timeout)
+      if (timeout_ms > data->set.timeout)
+        timeout_ms = data->set.timeout;
+    }
+  else if (data->set.timeout)
+    timeout_ms = data->set.timeout;
+  else
+    timeout_ms = DEFAULT_CONNECT_TIMEOUT;
+
+  /* SSL_Handshake() timeout resolution is second, so round up. */
+
+  h->timeout = (timeout_ms + 1000 - 1) / 1000;
+
+  /* Set-up protocol. */
+
+  switch (data->set.ssl.version) {
+
+  default:
+  case CURL_SSLVERSION_DEFAULT:
+    h->protocol = SSL_VERSION_CURRENT;
+    break;
+
+  case CURL_SSLVERSION_TLSv1:
+    h->protocol = TLS_VERSION_1;
+    break;
+
+  case CURL_SSLVERSION_SSLv2:
+    h->protocol = SSL_VERSION_2;
+    break;
+
+  case CURL_SSLVERSION_SSLv3:
+    h->protocol = SSL_VERSION_3;
+    break;
+  }
+
+  rc = SSL_Handshake(h, SSL_HANDSHAKE_AS_CLIENT);
+
+  switch (rc) {
+
+  case 0:                             /* No error. */
+    break;
+
+  case SSL_ERROR_BAD_CERTIFICATE:
+  case SSL_ERROR_BAD_CERT_SIG:
+  case SSL_ERROR_NOT_TRUSTED_ROOT:
+    return CURLE_SSL_PEER_CERTIFICATE;
+
+  case SSL_ERROR_BAD_CIPHER_SUITE:
+  case SSL_ERROR_NO_CIPHERS:
+    return CURLE_SSL_CIPHER;
+
+  case SSL_ERROR_CERTIFICATE_REJECTED:
+  case SSL_ERROR_CERT_EXPIRED:
+  case SSL_ERROR_NO_CERTIFICATE:
+    return CURLE_SSL_CERTPROBLEM;
+
+  case SSL_ERROR_IO:
+    failf(data, "SSL_Handshake(): %s\n", SSL_Strerror(rc, NULL));
+    return CURLE_SSL_CONNECT_ERROR;
+
+  default:
+    failf(data, "SSL_Init(): %s\n", SSL_Strerror(rc, NULL));
+    return CURLE_SSL_CONNECT_ERROR;
+  }
+
+  return CURLE_OK;
+}
+
+
+CURLcode Curl_qsossl_connect(struct connectdata * conn, int sockindex)
+
+{
+  struct SessionHandle * data = conn->data;
+  struct ssl_connect_data * connssl = &conn->ssl[sockindex];
+  int rc;
+
+  rc = Curl_qsossl_init_session(data);
+
+  if (rc == CURLE_OK) {
+    rc = Curl_qsossl_create(conn, sockindex);
+
+    if (rc == CURLE_OK)
+      rc = Curl_qsossl_handshake(conn, sockindex);
+    else {
+      SSL_Destroy(connssl->handle);
+      connssl->handle = NULL;
+      connssl->use = FALSE;
+    }
+  }
+
+  return rc;
+}
+
+
+static int Curl_qsossl_close_one(struct ssl_connect_data * conn,
+                                 struct SessionHandle * data)
+
+{
+  int rc;
+
+  if(!conn->handle)
+    return 0;
+
+  rc = SSL_Destroy(conn->handle);
+
+  if(rc) {
+    if (rc == SSL_ERROR_IO) {
+      failf(data, "SSL_Destroy() I/O error: %s\n", strerror(errno));
+      return -1;
+    }
+
+    /* An SSL error. */
+    failf(data, "SSL_Destroy() returned error %d\n", SSL_Strerror(rc, NULL));
+    return -1;
+  }
+
+  conn->handle = NULL;
+  return 0;
+}
+
+
+void Curl_qsossl_close(struct connectdata *conn, int sockindex)
+
+{
+  struct SessionHandle *data = conn->data;
+  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+
+  if(connssl->use)
+    (void) Curl_qsossl_close_one(connssl, data);
+}
+
+
+int Curl_qsossl_close_all(struct SessionHandle * data)
+
+{
+  /* Unimplemented. */
+  (void) data;
+  return 0;
+}
+
+
+int Curl_qsossl_shutdown(struct connectdata * conn, int sockindex)
+
+{
+  struct ssl_connect_data * connssl = &conn->ssl[sockindex];
+  struct SessionHandle *data = conn->data;
+  ssize_t nread;
+  int what;
+  int rc;
+  char buf[120];
+
+  if (!connssl->handle)
+    return 0;
+
+  if (data->set.ftp_ccc != CURLFTPSSL_CCC_ACTIVE)
+    return 0;
+
+  if (Curl_qsossl_close_one(connssl, data))
+    return -1;
+
+  rc = 0;
+
+  what = Curl_socket_ready(conn->sock[sockindex],
+                           CURL_SOCKET_BAD, SSL_SHUTDOWN_TIMEOUT);
+
+  for (;;) {
+    if (what < 0) {
+      /* anything that gets here is fatally bad */
+      failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
+      rc = -1;
+      break;
+    }
+
+    if (!what) {                                /* timeout */
+      failf(data, "SSL shutdown timeout");
+      break;
+    }
+
+    /* Something to read, let's do it and hope that it is the close
+       notify alert from the server. No way to SSL_Read now, so use read(). */
+
+    nread = read(conn->sock[sockindex], buf, sizeof(buf));
+
+    if (nread < 0) {
+      failf(data, "read: %s\n", strerror(errno));
+      rc = -1;
+    }
+
+    if (nread <= 0)
+      break;
+
+    what = Curl_socket_ready(conn->sock[sockindex], CURL_SOCKET_BAD, 0);
+  }
+
+  return rc;
+}
+
+
+ssize_t Curl_qsossl_send(struct connectdata * conn, int sockindex, void * mem,
+                         size_t len)
+
+{
+  /* SSL_Write() is said to return 'int' while write() and send() returns
+     'size_t' */
+  int rc;
+
+  rc = SSL_Write(conn->ssl[sockindex].handle, mem, (int) len);
+
+  if(rc < 0) {
+    switch(rc) {
+
+    case SSL_ERROR_BAD_STATE:
+      /* The operation did not complete; the same SSL I/O function
+         should be called again later. This is basicly an EWOULDBLOCK
+         equivalent. */
+      return 0;
+
+    case SSL_ERROR_IO:
+      switch (errno) {
+      case EWOULDBLOCK:
+      case EINTR:
+        return 0;
+        }
+
+      failf(conn->data, "SSL_Write() I/O error: %s\n", strerror(errno));
+      return -1;
+    }
+
+    /* An SSL error. */
+    failf(conn->data, "SSL_Write() returned error %d\n",
+          SSL_Strerror(rc, NULL));
+    return -1;
+  }
+
+  return (ssize_t) rc; /* number of bytes */
+}
+
+
+ssize_t Curl_qsossl_recv(struct connectdata * conn, int num, char * buf,
+                         size_t buffersize, bool * wouldblock)
+
+{
+  char error_buffer[120]; /* OpenSSL documents that this must be at
+                             least 120 bytes long. */
+  unsigned long sslerror;
+  int nread;
+
+  nread = SSL_Read(conn->ssl[num].handle, buf, (int) buffersize);
+  *wouldblock = FALSE;
+
+  if(nread < 0) {
+    /* failed SSL_read */
+
+    switch (nread) {
+
+    case SSL_ERROR_BAD_STATE:
+      /* there's data pending, re-invoke SSL_Read(). */
+      *wouldblock = TRUE;
+      return -1; /* basically EWOULDBLOCK */
+
+    case SSL_ERROR_IO:
+      switch (errno) {
+      case EWOULDBLOCK:
+	*wouldblock = TRUE;
+        return -1;
+        }
+
+      failf(conn->data, "SSL_Read() I/O error: %s\n", strerror(errno));
+      return -1;
+
+    default:
+      failf(conn->data, "SSL read error: %s\n", SSL_Strerror(nread, NULL));
+      return -1;
+    }
+  }
+  return (ssize_t) nread;
+}
+
+
+size_t Curl_qsossl_version(char * buffer, size_t size)
+
+{
+  strncpy(buffer, "IBM OS/400 SSL", size);
+  return strlen(buffer);
+}
+
+
+int Curl_qsossl_check_cxn(struct connectdata * cxn)
+
+{
+  int err;
+  int errlen;
+
+  /* The only thing that can be tested here is at the socket level. */
+
+  if (!cxn->ssl[FIRSTSOCKET].handle)
+    return 0; /* connection has been closed */
+
+  err = 0;
+  errlen = sizeof err;
+
+  if (getsockopt(cxn->sock[FIRSTSOCKET], SOL_SOCKET, SO_ERROR,
+                 (unsigned char *) &err, &errlen) ||
+      errlen != sizeof err || err)
+    return 0; /* connection has been closed */
+
+  return -1;  /* connection status unknown */
+}
+
+#endif /* USE_QSOSSL */
--- a/lib/qssl.h
+++ b/lib/qssl.h
@@ -0,0 +1,52 @@
+#ifndef __QSSL_H
+#define __QSSL_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * $Id$
+ ***************************************************************************/
+
+/*
+ * This header should only be needed to get included by sslgen.c and qssl.c
+ */
+
+#include "urldata.h"
+
+int Curl_qsossl_init(void);
+void Curl_qsossl_cleanup(void);
+CURLcode Curl_qsossl_connect(struct connectdata * conn, int sockindex);
+void Curl_qsossl_close(struct connectdata *conn, int sockindex);
+int Curl_qsossl_close_all(struct SessionHandle * data);
+int Curl_qsossl_shutdown(struct connectdata * conn, int sockindex);
+
+ssize_t Curl_qsossl_send(struct connectdata * conn,
+                         int sockindex,
+                         void * mem,
+                         size_t len);
+ssize_t Curl_qsossl_recv(struct connectdata * conn, /* connection data */
+                         int num,                   /* socketindex */
+                         char * buf,                /* store read data here */
+                         size_t buffersize,         /* max amount to read */
+                         bool * wouldblock);
+
+size_t Curl_qsossl_version(char * buffer, size_t size);
+int Curl_qsossl_check_cxn(struct connectdata * cxn);
+
+#endif
--- a/lib/sendf.c
+++ b/lib/sendf.c
@@ -416,7 +416,7 @@ CURLcode Curl_client_write(struct connectdata *conn,
    /* If the previous block of data ended with CR and this block of data is
       just a NL, then the length might be zero */
    if (len) {
-      wrote = data->set.fwrite(ptr, 1, len, data->set.out);
+      wrote = data->set.fwrite_func(ptr, 1, len, data->set.out);
    }
    else {
      wrote = len;
@@ -435,7 +435,7 @@ CURLcode Curl_client_write(struct connectdata *conn,
     * header callback function (added after version 7.7.1).
     */
    curl_write_callback writeit=
-      data->set.fwrite_header?data->set.fwrite_header:data->set.fwrite;
+      data->set.fwrite_header?data->set.fwrite_header:data->set.fwrite_func;

    /* Note: The header is in the host encoding
       regardless of the ftp transfer mode (ASCII/Image) */
--- a/lib/setup.h
+++ b/lib/setup.h
@@ -315,6 +315,7 @@ int fileno( FILE *stream);
 #endif

 #ifdef NETWARE
+int netware_init(void);
 #ifndef __NOVELL_LIBC__
 #include <sys/bsdskt.h>
 #include <sys/timeval.h>
@@ -339,8 +340,8 @@ int fileno( FILE *stream);
 #define HAVE_INET_NTOA_R_2_ARGS 1
 #endif

-#if defined(USE_GNUTLS) || defined(USE_SSLEAY) || defined(USE_NSS)
-#define USE_SSL    /* Either OpenSSL || GnuTLS || NSS */
+#if defined(USE_GNUTLS) || defined(USE_SSLEAY) || defined(USE_NSS) || defined(USE_QSOSSL)
+#define USE_SSL    /* SSL support has been enabled */
 #endif

 #if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_NTLM)
--- a/lib/splay.c
+++ b/lib/splay.c
@@ -373,7 +373,7 @@ int main(int argc, argv_item_t argv[])
  int adds=0;
  int rc;

-  long sizes[]={
+  static const long sizes[]={
    50, 60, 50, 100, 60, 200, 120, 300, 400, 200, 256, 122, 60, 120, 200, 300,
    220, 80, 90, 50, 100, 60, 200, 120, 300, 400, 200, 256, 122, 60, 120, 200,
    300, 220, 80, 90, 50, 100, 60, 200, 120, 300, 400, 200, 256, 122, 60, 120,
--- a/lib/ssh.c
+++ b/lib/ssh.c
--- a/lib/ssh.h
+++ b/lib/ssh.h
@@ -36,7 +36,6 @@ ssize_t Curl_scp_send(struct connectdata *conn, int sockindex,
                      void *mem, size_t len);
 ssize_t Curl_scp_recv(struct connectdata *conn, int sockindex,
                      char *mem, size_t len);
-
 CURLcode Curl_sftp_do(struct connectdata *conn, bool *done);
 CURLcode Curl_sftp_done(struct connectdata *conn, CURLcode, bool premature);

@@ -44,6 +43,10 @@ ssize_t Curl_sftp_send(struct connectdata *conn, int sockindex,
                       void *mem, size_t len);
 ssize_t Curl_sftp_recv(struct connectdata *conn, int sockindex,
                       char *mem, size_t len);
+CURLcode Curl_sftp_doing(struct connectdata *conn,
+                         bool *dophase_done);
+CURLcode Curl_scp_doing(struct connectdata *conn,
+                        bool *dophase_done);

 #endif /* USE_LIBSSH2 */

--- a/lib/sslgen.c
+++ b/lib/sslgen.c
@@ -52,6 +52,7 @@
 #include "ssluse.h" /* OpenSSL versions */
 #include "gtls.h"   /* GnuTLS versions */
 #include "nssg.h"   /* NSS versions */
+#include "qssl.h"   /* QSOSSL versions */
 #include "sendf.h"
 #include "strequal.h"
 #include "url.h"
@@ -134,20 +135,11 @@ Curl_clone_ssl_config(struct ssl_config_data *source,

 void Curl_free_ssl_config(struct ssl_config_data* sslc)
 {
-  if(sslc->CAfile)
-    free(sslc->CAfile);
-
-  if(sslc->CApath)
-    free(sslc->CApath);
-
-  if(sslc->cipher_list)
-    free(sslc->cipher_list);
-
-  if(sslc->egdsocket)
-    free(sslc->egdsocket);
-
-  if(sslc->random_file)
-    free(sslc->random_file);
+  Curl_safefree(sslc->CAfile);
+  Curl_safefree(sslc->CApath);
+  Curl_safefree(sslc->cipher_list);
+  Curl_safefree(sslc->egdsocket);
+  Curl_safefree(sslc->random_file);
 }

 /**
@@ -171,9 +163,13 @@ int Curl_ssl_init(void)
 #else
 #ifdef USE_NSS
  return Curl_nss_init();
+#else
+#ifdef USE_QSOSSL
+  return Curl_qsossl_init();
 #else
  /* no SSL support */
  return 1;
+#endif /* USE_QSOSSL */
 #endif /* USE_NSS */
 #endif /* USE_GNUTLS */
 #endif /* USE_SSLEAY */
@@ -190,8 +186,13 @@ void Curl_ssl_cleanup(void)
 #else
 #ifdef USE_GNUTLS
    Curl_gtls_cleanup();
+#else
 #ifdef USE_NSS
    Curl_nss_cleanup();
+#else
+#ifdef USE_QSOSSL
+    Curl_qsossl_cleanup();
+#endif /* USE_QSOSSL */
 #endif /* USE_NSS */
 #endif /* USE_GNUTLS */
 #endif /* USE_SSLEAY */
@@ -214,6 +215,10 @@ Curl_ssl_connect(struct connectdata *conn, int sockindex)
 #else
 #ifdef USE_NSS
  return Curl_nss_connect(conn, sockindex);
+#else
+#ifdef USE_QSOSSL
+  return Curl_qsossl_connect(conn, sockindex);
+#endif /* USE_QSOSSL */
 #endif /* USE_NSS */
 #endif /* USE_GNUTLS */
 #endif /* USE_SSLEAY */
@@ -239,11 +244,16 @@ Curl_ssl_connect_nonblocking(struct connectdata *conn, int sockindex,
 #ifdef USE_NSS
  *done = TRUE; /* fallback to BLOCKING */
  return Curl_nss_connect(conn, sockindex);
+#else
+#ifdef USE_QSOSSL
+  *done = TRUE; /* fallback to BLOCKING */
+  return Curl_qsossl_connect(conn, sockindex);
 #else
  /* not implemented!
     fallback to BLOCKING call. */
  *done = TRUE;
  return Curl_ssl_connect(conn, sockindex);
+#endif /* USE_QSOSSL */
 #endif /* USE_NSS */
 #endif /* USE_SSLEAY */
 }
@@ -302,9 +312,13 @@ static int kill_session(struct curl_ssl_session *session)
 #ifdef USE_GNUTLS
    Curl_gtls_session_free(session->sessionid);
 #else
+#ifdef USE_QSOSSL
+    /* No session handling for QsoSSL. */
+#else
 #ifdef USE_NSS
    /* NSS has its own session ID cache */
 #endif /* USE_NSS */
+#endif /* USE_QSOSSL */
 #endif /* USE_GNUTLS */
 #endif /* USE_SSLEAY */
    session->sessionid=NULL;
@@ -400,6 +414,10 @@ void Curl_ssl_close_all(struct SessionHandle *data)
 #else
 #ifdef USE_NSS
  Curl_nss_close_all(data);
+#else
+#ifdef USE_QSOSSL
+  Curl_qsossl_close_all(data);
+#endif /* USE_QSOSSL */
 #endif /* USE_NSS */
 #endif /* USE_GNUTLS */
 #endif /* USE_SSLEAY */
@@ -408,38 +426,47 @@ void Curl_ssl_close_all(struct SessionHandle *data)
 #endif /* USE_SSL */
 }

-void Curl_ssl_close(struct connectdata *conn)
+void Curl_ssl_close(struct connectdata *conn, int sockindex)
 {
-  if(conn->ssl[FIRSTSOCKET].use) {
+  DEBUGASSERT((sockindex <= 1) && (sockindex >= -1));
+
 #ifdef USE_SSLEAY
-    Curl_ossl_close(conn);
+  Curl_ossl_close(conn, sockindex);
 #endif /* USE_SSLEAY */
 #ifdef USE_GNUTLS
-    Curl_gtls_close(conn);
+  Curl_gtls_close(conn, sockindex);
 #endif /* USE_GNUTLS */
 #ifdef USE_NSS
-    Curl_nss_close(conn);
+  Curl_nss_close(conn, sockindex);
 #endif /* USE_NSS */
-    conn->ssl[FIRSTSOCKET].use = FALSE;
-  }
+#ifdef USE_QSOSSL
+  Curl_qsossl_close(conn, sockindex);
+#endif /* USE_QSOSSL */
+#ifndef USE_SSL
+  (void)conn;
+  (void)sockindex;
+#endif /* !USE_SSL */
 }

 CURLcode Curl_ssl_shutdown(struct connectdata *conn, int sockindex)
 {
-  if(conn->ssl[sockindex].use) {
 #ifdef USE_SSLEAY
-    if(Curl_ossl_shutdown(conn, sockindex))
-      return CURLE_SSL_SHUTDOWN_FAILED;
+  if(Curl_ossl_shutdown(conn, sockindex))
+    return CURLE_SSL_SHUTDOWN_FAILED;
 #else
 #ifdef USE_GNUTLS
-    if(Curl_gtls_shutdown(conn, sockindex))
-      return CURLE_SSL_SHUTDOWN_FAILED;
+  if(Curl_gtls_shutdown(conn, sockindex))
+    return CURLE_SSL_SHUTDOWN_FAILED;
 #else
-    (void)conn;
-    (void)sockindex;
+#ifdef USE_QSOSSL
+  if(Curl_qsossl_shutdown(conn, sockindex))
+    return CURLE_SSL_SHUTDOWN_FAILED;
+#endif /* USE_QSOSSL */
 #endif /* USE_GNUTLS */
 #endif /* USE_SSLEAY */
-  }
+
+  conn->ssl[sockindex].use = FALSE; /* get back to ordinary socket usage */
+
  return CURLE_OK;
 }

@@ -461,11 +488,18 @@ CURLcode Curl_ssl_set_engine(struct SessionHandle *data, const char *engine)
  (void)data;
  (void)engine;
  return CURLE_FAILED_INIT;
+#else
+#ifdef USE_QSOSSL
+  /* QSOSSL doesn't set an engine this way */
+  (void)data;
+  (void)engine;
+  return CURLE_FAILED_INIT;
 #else
  /* no SSL layer */
  (void)data;
  (void)engine;
  return CURLE_FAILED_INIT;
+#endif /* USE_QSOSSL */
 #endif /* USE_NSS */
 #endif /* USE_GNUTLS */
 #endif /* USE_SSLEAY */
@@ -487,10 +521,16 @@ CURLcode Curl_ssl_set_engine_default(struct SessionHandle *data)
  /* A no-op for NSS */
  (void)data;
  return CURLE_FAILED_INIT;
+#else
+#ifdef USE_QSOSSL
+  /* A no-op for QSOSSL */
+  (void)data;
+  return CURLE_FAILED_INIT;
 #else
  /* No SSL layer */
  (void)data;
  return CURLE_FAILED_INIT;
+#endif /* USE_QSOSSL */
 #endif /* USE_NSS */
 #endif /* USE_GNUTLS */
 #endif /* USE_SSLEAY */
@@ -513,8 +553,14 @@ struct curl_slist *Curl_ssl_engines_list(struct SessionHandle *data)
  (void)data;
  return NULL;
 #else
+#ifdef USE_QSOSSL
+  /* No engine support in QSOSSL. */
  (void)data;
  return NULL;
+#else
+  (void)data;
+  return NULL;
+#endif /* USE_QSOSSL */
 #endif /* USE_NSS */
 #endif /* USE_GNUTLS */
 #endif /* USE_SSLEAY */
@@ -534,12 +580,16 @@ ssize_t Curl_ssl_send(struct connectdata *conn,
 #else
 #ifdef USE_NSS
  return Curl_nss_send(conn, sockindex, mem, len);
+#else
+#ifdef USE_QSOSSL
+  return Curl_qsossl_send(conn, sockindex, mem, len);
 #else
  (void)conn;
  (void)sockindex;
  (void)mem;
  (void)len;
  return 0;
+#endif /* USE_QSOSSL */
 #endif /* USE_NSS */
 #endif /* USE_GNUTLS */
 #endif /* USE_SSLEAY */
@@ -568,6 +618,10 @@ ssize_t Curl_ssl_recv(struct connectdata *conn, /* connection data */
 #else
 #ifdef USE_NSS
  nread = Curl_nss_recv(conn, sockindex, mem, len, &block);
+#else
+#ifdef USE_QSOSSL
+  nread = Curl_qsossl_recv(conn, sockindex, mem, len, &block);
+#endif /* USE_QSOSSL */
 #endif /* USE_NSS */
 #endif /* USE_GNUTLS */
 #endif /* USE_SSLEAY */
@@ -631,10 +685,14 @@ size_t Curl_ssl_version(char *buffer, size_t size)
 #else
 #ifdef USE_NSS
  return Curl_nss_version(buffer, size);
+#else
+#ifdef USE_QSOSSL
+  return Curl_qsossl_version(buffer, size);
 #else
  (void)buffer;
  (void)size;
  return 0; /* no SSL support */
+#endif /* USE_QSOSSL */
 #endif /* USE_NSS */
 #endif /* USE_GNUTLS */
 #endif /* USE_SSLEAY */
@@ -656,10 +714,14 @@ int Curl_ssl_check_cxn(struct connectdata *conn)
 #else
 #ifdef USE_NSS
  return Curl_nss_check_cxn(conn);
+#else
+#ifdef USE_QSOSSL
+  return Curl_qsossl_check_cxn(conn);
 #else
  (void)conn;
  /* TODO: we lack implementation of this for GnuTLS */
  return -1; /* connection status unknown */
+#endif /* USE_QSOSSL */
 #endif /* USE_NSS */
 #endif /* USE_SSLEAY */
 }
--- a/lib/sslgen.h
+++ b/lib/sslgen.h
@@ -35,7 +35,7 @@ CURLcode Curl_ssl_connect(struct connectdata *conn, int sockindex);
 CURLcode Curl_ssl_connect_nonblocking(struct connectdata *conn,
                                      int sockindex,
                                      bool *done);
-void Curl_ssl_close(struct connectdata *conn);
+void Curl_ssl_close(struct connectdata *conn, int sockindex);
 /* tell the SSL stuff to close down all open information regarding
   connections (and thus session ID caching etc) */
 void Curl_ssl_close_all(struct SessionHandle *data);
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -125,7 +125,7 @@ static char global_passwd[64];
 #endif

 static int passwd_callback(char *buf, int num, int verify
-#if HAVE_USERDATA_IN_PWD_CALLBACK
+#ifdef HAVE_USERDATA_IN_PWD_CALLBACK
                           /* This was introduced in 0.9.4, we can set this
                              using SSL_CTX_set_default_passwd_cb_userdata()
                              */
@@ -182,8 +182,9 @@ static int ossl_seed(struct SessionHandle *data)
 #endif
  {
    /* let the option override the define */
-    nread += RAND_load_file((data->set.ssl.random_file?
-                             data->set.ssl.random_file:RANDOM_FILE),
+    nread += RAND_load_file((data->set.str[STRING_SSL_RANDOM_FILE]?
+                             data->set.str[STRING_SSL_RANDOM_FILE]:
+                             RANDOM_FILE),
                            RAND_LOAD_LENGTH);
    if(seed_enough(nread))
      return nread;
@@ -195,14 +196,14 @@ static int ossl_seed(struct SessionHandle *data)
 #ifndef EGD_SOCKET
  /* If we don't have the define set, we only do this if the egd-option
     is set */
-  if(data->set.ssl.egdsocket)
+  if(data->set.str[STRING_SSL_EGDSOCKET])
 #define EGD_SOCKET "" /* doesn't matter won't be used */
 #endif
  {
    /* If there's an option and a define, the option overrides the
       define */
-    int ret = RAND_egd(data->set.ssl.egdsocket?
-                       data->set.ssl.egdsocket:EGD_SOCKET);
+    int ret = RAND_egd(data->set.str[STRING_SSL_EGDSOCKET]?
+                       data->set.str[STRING_SSL_EGDSOCKET]:EGD_SOCKET);
    if(-1 != ret) {
      nread += ret;
      if(seed_enough(nread))
@@ -261,7 +262,8 @@ int Curl_ossl_seed(struct SessionHandle *data)
     time-consuming seedings in vain */
  static bool ssl_seeded = FALSE;

-  if(!ssl_seeded || data->set.ssl.random_file || data->set.ssl.egdsocket) {
+  if(!ssl_seeded || data->set.str[STRING_SSL_RANDOM_FILE] ||
+     data->set.str[STRING_SSL_EGDSOCKET]) {
    ossl_seed(data);
    ssl_seeded = TRUE;
  }
@@ -306,7 +308,7 @@ int cert_stuff(struct connectdata *conn,
    X509 *x509;
    int cert_done = 0;

-    if(data->set.key_passwd) {
+    if(data->set.str[STRING_KEY_PASSWD]) {
 #ifndef HAVE_USERDATA_IN_PWD_CALLBACK
      /*
       * If password has been given, we store that in the global
@@ -320,7 +322,7 @@ int cert_stuff(struct connectdata *conn,
       * We set the password in the callback userdata
       */
      SSL_CTX_set_default_passwd_cb_userdata(ctx,
-                                             data->set.key_passwd);
+                                             data->set.str[STRING_KEY_PASSWD]);
 #endif
      /* Set passwd callback: */
      SSL_CTX_set_default_passwd_cb(ctx, passwd_callback);
@@ -373,7 +375,8 @@ int cert_stuff(struct connectdata *conn,

      PKCS12_PBE_add();

-      if (!PKCS12_parse(p12, data->set.key_passwd, &pri, &x509, NULL)) {
+      if (!PKCS12_parse(p12, data->set.str[STRING_KEY_PASSWD], &pri, &x509,
+                        NULL)) {
        failf(data,
              "could not parse PKCS12 file, check password, OpenSSL error %s",
              ERR_error_string(ERR_get_error(), NULL) );
@@ -446,7 +449,7 @@ int cert_stuff(struct connectdata *conn,
 #ifdef HAVE_ENGINE_LOAD_FOUR_ARGS
                                    ui_method,
 #endif
-                                    data->set.key_passwd);
+                                    data->set.str[STRING_KEY_PASSWD]);
          if(!priv_key) {
            failf(data, "failed to load private key from crypto engine\n");
            return 0;
@@ -703,35 +706,20 @@ struct curl_slist *Curl_ossl_engines_list(struct SessionHandle *data)
 /*
 * This function is called when an SSL connection is closed.
 */
-void Curl_ossl_close(struct connectdata *conn)
+void Curl_ossl_close(struct connectdata *conn, int sockindex)
 {
-  int i;
-  /*
-    ERR_remove_state() frees the error queue associated with
-    thread pid.  If pid == 0, the current thread will have its
-    error queue removed.
+  struct ssl_connect_data *connssl = &conn->ssl[sockindex];

-    Since error queue data structures are allocated
-    automatically for new threads, they must be freed when
-    threads are terminated in oder to avoid memory leaks.
-  */
-  ERR_remove_state(0);
+  if(connssl->handle) {
+    (void)SSL_shutdown(connssl->handle);
+    SSL_set_connect_state(connssl->handle);

-  for(i=0; i<2; i++) {
-    struct ssl_connect_data *connssl = &conn->ssl[i];
-
-    if(connssl->handle) {
-      (void)SSL_shutdown(connssl->handle);
-      SSL_set_connect_state(connssl->handle);
-
-      SSL_free (connssl->handle);
-      connssl->handle = NULL;
-    }
-    if(connssl->ctx) {
-      SSL_CTX_free (connssl->ctx);
-      connssl->ctx = NULL;
-    }
-    connssl->use = FALSE; /* get back to ordinary socket usage */
+    SSL_free (connssl->handle);
+    connssl->handle = NULL;
+  }
+  if(connssl->ctx) {
+    SSL_CTX_free (connssl->ctx);
+    connssl->ctx = NULL;
  }
 }

@@ -827,8 +815,6 @@ int Curl_ossl_shutdown(struct connectdata *conn, int sockindex)
 #endif
    }

-    connssl->use = FALSE; /* get back to ordinary socket usage */
-
    SSL_free (connssl->handle);
    connssl->handle = NULL;
  }
@@ -847,6 +833,17 @@ void Curl_ossl_session_free(void *ptr)
 */
 int Curl_ossl_close_all(struct SessionHandle *data)
 {
+  /*
+    ERR_remove_state() frees the error queue associated with
+    thread pid.  If pid == 0, the current thread will have its
+    error queue removed.
+
+    Since error queue data structures are allocated
+    automatically for new threads, they must be freed when
+    threads are terminated in oder to avoid memory leaks.
+  */
+  ERR_remove_state(0);
+
 #ifdef HAVE_OPENSSL_ENGINE_H
  if(data->state.engine) {
    ENGINE_finish(data->state.engine);
@@ -1131,16 +1128,9 @@ static CURLcode verifyhost(struct connectdata *conn,
 #endif /* CURL_DOES_CONVERSIONS */

    if (!peer_CN) {
-      if(data->set.ssl.verifyhost > 1) {
-        failf(data,
-              "SSL: unable to obtain common name from peer certificate");
-        return CURLE_SSL_PEER_CERTIFICATE;
-      }
-      else {
-        /* Consider verifyhost == 1 as an "OK" for a missing CN field, but we
-           output a note about the situation */
-        infof(data, "\t common name: WARNING couldn't obtain\n");
-      }
+      failf(data,
+            "SSL: unable to obtain common name from peer certificate");
+      return CURLE_SSL_PEER_CERTIFICATE;
    }
    else if(!cert_hostcheck((const char *)peer_CN, conn->host.name)) {
      if(data->set.ssl.verifyhost > 1) {
@@ -1353,37 +1343,40 @@ Curl_ossl_connect_step1(struct connectdata *conn,
    SSL_CTX_ctrl(connssl->ctx, BIO_C_SET_NBIO, 1, NULL);
 #endif

-  if(data->set.cert) {
+  if(data->set.str[STRING_CERT]) {
    if(!cert_stuff(conn,
                   connssl->ctx,
-                   data->set.cert,
-                   data->set.cert_type,
-                   data->set.key,
-                   data->set.key_type)) {
+                   data->set.str[STRING_CERT],
+                   data->set.str[STRING_CERT_TYPE],
+                   data->set.str[STRING_KEY],
+                   data->set.str[STRING_KEY_TYPE])) {
      /* failf() is already done in cert_stuff() */
      return CURLE_SSL_CERTPROBLEM;
    }
  }

-  if(data->set.ssl.cipher_list) {
+  if(data->set.str[STRING_SSL_CIPHER_LIST]) {
    if(!SSL_CTX_set_cipher_list(connssl->ctx,
-                                data->set.ssl.cipher_list)) {
+                                data->set.str[STRING_SSL_CIPHER_LIST])) {
      failf(data, "failed setting cipher list");
      return CURLE_SSL_CIPHER;
    }
  }

-  if (data->set.ssl.CAfile || data->set.ssl.CApath) {
+  if (data->set.str[STRING_SSL_CAFILE] || data->set.str[STRING_SSL_CAPATH]) {
    /* tell SSL where to find CA certificates that are used to verify
       the servers certificate. */
-    if (!SSL_CTX_load_verify_locations(connssl->ctx, data->set.ssl.CAfile,
-                                       data->set.ssl.CApath)) {
+    if (!SSL_CTX_load_verify_locations(connssl->ctx,
+                                       data->set.str[STRING_SSL_CAFILE],
+                                       data->set.str[STRING_SSL_CAPATH])) {
      if (data->set.ssl.verifypeer) {
        /* Fail if we insist on successfully verifying the server. */
        failf(data,"error setting certificate verify locations:\n"
              "  CAfile: %s\n  CApath: %s\n",
-              data->set.ssl.CAfile ? data->set.ssl.CAfile : "none",
-              data->set.ssl.CApath ? data->set.ssl.CApath : "none");
+              data->set.str[STRING_SSL_CAFILE]?
+              data->set.str[STRING_SSL_CAFILE]: "none",
+              data->set.str[STRING_SSL_CAPATH]?
+              data->set.str[STRING_SSL_CAPATH] : "none");
        return CURLE_SSL_CACERT_BADFILE;
      }
      else {
@@ -1400,8 +1393,10 @@ Curl_ossl_connect_step1(struct connectdata *conn,
    infof(data,
          "  CAfile: %s\n"
          "  CApath: %s\n",
-          data->set.ssl.CAfile ? data->set.ssl.CAfile : "none",
-          data->set.ssl.CApath ? data->set.ssl.CApath : "none");
+          data->set.str[STRING_SSL_CAFILE] ? data->set.str[STRING_SSL_CAFILE]:
+          "none",
+          data->set.str[STRING_SSL_CAPATH] ? data->set.str[STRING_SSL_CAPATH]:
+          "none");
  }
  /* SSL always tries to verify the peer, this only says whether it should
   * fail to connect if the verification fails, or if it should continue
--- a/lib/ssluse.h
+++ b/lib/ssluse.h
@@ -32,10 +32,14 @@ CURLcode Curl_ossl_connect(struct connectdata *conn, int sockindex);
 CURLcode Curl_ossl_connect_nonblocking(struct connectdata *conn,
                                       int sockindex,
                                       bool *done);
-void Curl_ossl_close(struct connectdata *conn); /* close a SSL connection */
+
+/* close a SSL connection */
+void Curl_ossl_close(struct connectdata *conn, int sockindex);
+
 /* tell OpenSSL to close down all open information regarding connections (and
   thus session ID caching etc) */
 int Curl_ossl_close_all(struct SessionHandle *data);
+
 /* Sets an OpenSSL engine */
 CURLcode Curl_ossl_set_engine(struct SessionHandle *data, const char *engine);

--- a/lib/strtoofft.c
+++ b/lib/strtoofft.c
@@ -37,6 +37,18 @@
 #include <ctype.h>
 #include <errno.h>

+/* Range tests can be used for alphanum decoding if characters are consecutive,
+   like in ASCII. Else an array is scanned. Determine this condition now. */
+
+#if ('9' - '0') != 9 || ('Z' - 'A') != 25 || ('z' - 'a') != 25
+#include <string.h>
+
+#define NO_RANGE_TEST
+
+static const char valchars[] =
+            "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+#endif
+
 static int get_char(char c, int base);

 /**
@@ -145,6 +157,7 @@ curlx_strtoll(const char *nptr, char **endptr, int base)
 */
 static int get_char(char c, int base)
 {
+#ifndef NO_RANGE_TEST
  int value = -1;
  if (c <= '9' && c >= '0') {
    value = c - '0';
@@ -155,6 +168,20 @@ static int get_char(char c, int base)
  else if (c <= 'z' && c >= 'a') {
    value = c - 'a' + 10;
  }
+#else
+  const char * cp;
+  int value;
+
+  cp = memchr(valchars, c, 10 + 26 + 26);
+
+  if (!cp)
+    return -1;
+
+  value = cp - valchars;
+
+  if (value >= 10 + 26)
+    value -= 26;                /* Lowercase. */
+#endif

  if (value >= base) {
    value = -1;
--- a/lib/strtoofft.h
+++ b/lib/strtoofft.h
@@ -39,7 +39,7 @@
 * 'strtoofft' such that it can be used to work with curl_off_t's regardless.
 */
 #if (SIZEOF_CURL_OFF_T > 4) && (SIZEOF_LONG < 8)
-#if HAVE_STRTOLL
+#ifdef HAVE_STRTOLL
 #define curlx_strtoofft strtoll
 #else /* HAVE_STRTOLL */

--- a/lib/transfer.c
+++ b/lib/transfer.c
@@ -127,7 +127,7 @@ CURLcode Curl_fillreadbuffer(struct connectdata *conn, int bytes, int *nreadp)

  /* this function returns a size_t, so we typecast to int to prevent warnings
     with picky compilers */
-  nread = (int)conn->fread(data->reqdata.upload_fromhere, 1,
+  nread = (int)conn->fread_func(data->reqdata.upload_fromhere, 1,
                           buffersize, conn->fread_in);

  if(nread == CURL_READFUNC_ABORT) {
@@ -233,14 +233,14 @@ CURLcode Curl_readrewind(struct connectdata *conn)
  /* We have sent away data. If not using CURLOPT_POSTFIELDS or
     CURLOPT_HTTPPOST, call app to rewind
  */
-  if(data->set.postfields ||
+  if(data->set.str[STRING_POSTFIELDS] ||
     (data->set.httpreq == HTTPREQ_POST_FORM))
    ; /* do nothing */
  else {
-    if(data->set.ioctl) {
+    if(data->set.ioctl_func) {
      curlioerr err;

-      err = (data->set.ioctl) (data, CURLIOCMD_RESTARTREAD,
+      err = (data->set.ioctl_func) (data, CURLIOCMD_RESTARTREAD,
                            data->set.ioctl_client);
      infof(data, "the ioctl callback returned %d\n", (int)err);

@@ -254,7 +254,7 @@ CURLcode Curl_readrewind(struct connectdata *conn)
      /* If no CURLOPT_READFUNCTION is used, we know that we operate on a
         given FILE * stream and we can actually attempt to rewind that
         ourself with fseek() */
-      if(data->set.fread == (curl_read_callback)fread) {
+      if(data->set.fread_func == (curl_read_callback)fread) {
        if(-1 != fseek(data->set.in, 0, SEEK_SET))
          /* successful rewind */
          return CURLE_OK;
@@ -330,9 +330,13 @@ CURLcode Curl_readwrite(struct connectdata *conn,
  /* only use the proper socket if the *_HOLD bit is not set simultaneously as
     then we are in rate limiting state in that transfer direction */

-  if((k->keepon & (KEEP_READ|KEEP_READ_HOLD)) == KEEP_READ)
+  if((k->keepon & (KEEP_READ|KEEP_READ_HOLD)) == KEEP_READ) {
    fd_read = conn->sockfd;
-  else
+#if defined(USE_LIBSSH2)
+    if (conn->protocol & (PROT_SCP|PROT_SFTP))
+      select_res |= CURL_CSELECT_IN;
+#endif /* USE_LIBSSH2 */
+  } else
    fd_read = CURL_SOCKET_BAD;

  if((k->keepon & (KEEP_WRITE|KEEP_WRITE_HOLD)) == KEEP_WRITE)
@@ -340,11 +344,11 @@ CURLcode Curl_readwrite(struct connectdata *conn,
  else
    fd_write = CURL_SOCKET_BAD;

-   if (!select_res) { /* Call for select()/poll() only, if read/write/error 
+   if (!select_res) { /* Call for select()/poll() only, if read/write/error
                         status is not known. */
       select_res = Curl_socket_ready(fd_read, fd_write, 0);
   }
- 
+
  if(select_res == CURL_CSELECT_ERR) {
    failf(data, "select/poll returned error");
    return CURLE_SEND_ERROR;
@@ -988,7 +992,7 @@ CURLcode Curl_readwrite(struct connectdata *conn,
            }

            else if (checkprefix("Content-Encoding:", k->p) &&
-                     data->set.encoding) {
+                     data->set.str[STRING_ENCODING]) {
              /*
               * Process Content-Encoding. Look for the values: identity,
               * gzip, deflate, compress, x-gzip and x-compress. x-gzip and
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Gunter Knauf	b238e0b1b4	fixed warning with gcc 4.x (hopefully); dynamincally imported UseAccurateCaseForPaths() for CLIB port to be stonetime-compatible (NW 3.x).	2007-08-09 22:33:49 +00:00
Gunter Knauf	3f62bfb61d	fixed a warning which MingW gcc 4.2.1.	2007-08-09 21:05:05 +00:00
Dan Fandrich	c7a66d5af4	There's no need to ignore the User-Agent for this test.	2007-08-09 03:28:16 +00:00
Gunter Knauf	1866b95b7f	moved ugly CLIB define to nwos.c.	2007-08-08 20:09:08 +00:00
Dan Fandrich	668c204970	Song Ma noted a zlib memory leak in the illegal compressed header countermeasures code path.	2007-08-08 17:51:40 +00:00
Gunter Knauf	af2d899d6b	removed asm rules since we have no asm in the sources, and this produced 2 warnings.	2007-08-08 17:07:16 +00:00
Gunter Knauf	d5ed9f787f	blocked ssize_t define for MingW32.	2007-08-08 16:59:43 +00:00
Patrick Monnerat	259f27b09f	Fix getsockname argument type Improve "universal" alignment type in struct memdebug	2007-08-08 10:37:07 +00:00
Daniel Stenberg	c1b9356081	Usage of the BCURLOPT_PROGRESSFUNCTION callback is not recommended when using the multi interface, but having the comment in here caused more questions than we fixed problems so I remove it now. It still works fine.	2007-08-07 21:14:31 +00:00
Dan Fandrich	c669e1ae45	Fixed torture test for test 509	2007-08-07 18:24:49 +00:00
Gunter Knauf	10203cada9	moved HAVE_LONGLONG from makefiles to config-win32.h.	2007-08-07 17:40:56 +00:00
Daniel Stenberg	58b0415d36	add URL to more "generated public config.h" details	2007-08-07 13:01:36 +00:00
Patrick Monnerat	ad9cb40b6f	Some #if --> #ifdef undef standard *printf before (re)defining them	2007-08-07 12:44:38 +00:00
Dan Fandrich	2e60ca382d	Fixed some icc compiler warnings.	2007-08-07 00:10:27 +00:00
Gunter Knauf	25920f4a14	Peteris Krumins pointed out that MingW32 doesnt provide a batch file to set the path to the bin folder.	2007-08-06 22:21:38 +00:00
Daniel Stenberg	160c302933	ontributors from the 7.16.4 release notes and a removed duplicate	2007-08-06 15:58:05 +00:00
Daniel Stenberg	dddc8e3374	removed the rsaglue hint since it doesn't apply to modern OpenSSL, and added some brief hints about gssapi and libssh2	2007-08-06 15:54:38 +00:00
Daniel Stenberg	bccb1ee7cd	we now support GSS/Kerberos 5 for ftp file transfers!	2007-08-06 14:56:21 +00:00
Daniel Stenberg	26af759732	Patrick Monnerat updated the _FORM_DEBUG-enabled code, and I updated comments based on his comments/suggestions.	2007-08-05 21:33:31 +00:00
Gunter Knauf	87fc4ad919	changed to use libssh2 0.16; fixed link order in case libssh2 is build with zlib.	2007-08-04 23:35:23 +00:00
Daniel Stenberg	b214298960	another mirror	2007-08-04 20:58:53 +00:00
Daniel Stenberg	1926f4573d	Patrick Monnerat fixed curl_easy_escape() and curlx_strtoll() to work on non-ASCII systems.	2007-08-04 20:47:59 +00:00
Dan Fandrich	7fe65aaf5b	Fixed a couple of compiler warnings.	2007-08-04 16:54:58 +00:00
Dan Fandrich	0d3d84e3ff	Refactored CreateConnection() somewhat to reduce its length by splitting it into a few new functions. Fixed a few leaks in out of memory conditions, including for test case 231.	2007-08-03 22:46:59 +00:00
Gunter Knauf	e789a3802c	fixed small fix issue I introduced with my previous commit.	2007-08-03 19:54:31 +00:00
Gunter Knauf	4aabbc5ac2	some more makefile fixes/changes.	2007-08-03 14:30:02 +00:00
James Housley	e7a50e37d6	Start adding some expanded error conversion of libssh2 errors.	2007-08-03 13:57:37 +00:00
James Housley	9fa05db83b	The previous commit to force the use of libssh2-0.16 by removing LIBSSH2_APINO	2007-08-03 13:46:59 +00:00
Gunter Knauf	7ed58c4636	changed 'rm -f' to 'del /f' so it works without GnuUtils as Peteris Krumins pointed out; changed to use latest external libs.	2007-08-03 12:53:00 +00:00
Gunter Knauf	f2f7c18245	Peteris Krumins pointed out some MingW32 related build issues.	2007-08-03 11:46:00 +00:00
Gunter Knauf	efaab37698	Peteris Krumins pointed out that the standard MingW32 build depends on zlib; removed that, and added another option for zlib build, and renamed all other targets to reflect zlib dependency.	2007-08-03 11:24:22 +00:00
Daniel Stenberg	869319ce4a	SCP and SFTP support now requires libssh2 0.16 or later	2007-08-03 08:31:47 +00:00
Daniel Stenberg	252f16db02	remove left-over partly support for libssh2 0.14	2007-08-03 08:25:28 +00:00
Daniel Stenberg	72f5d6ba46	The SSH code now only works with libssh2 0.16 or later. Thus we must not release the next curl until there is a libssh2 0.16 released.	2007-08-03 08:14:51 +00:00
Daniel Stenberg	5ec786b02e	Scott Cantor filed bug report #1766320 (http://curl.haxx.se/bug/view.cgi?id=1766320) pointing out that the libcurl code accessed two curl_easy_setopt() options (CURLOPT_DNS_CACHE_TIMEOUT and CURLOPT_DNS_USE_GLOBAL_CACHE) as ints even though they're documented to be passed in as longs, and that makes a difference on 64 bit architectures.	2007-08-02 20:10:28 +00:00
Dan Fandrich	035ee257c8	Fixed a compiler warning.	2007-08-02 19:23:35 +00:00
Daniel Stenberg	188b08ca55	Patrick Monnerat's cleanup fix after my alloc-strings commit	2007-08-02 14:42:16 +00:00
Daniel Stenberg	6f750f3b57	Dmitriy Sergeyev reported a regression: resumed file:// transfers broke after 7.16.2. This is much due to the different treatment file:// gets internally, but now I added test 231 to make it less likely to happen again without us noticing!	2007-08-02 14:09:08 +00:00
Daniel Stenberg	5a6dcdc36c	clarify that setting POSTFIELDS to NULL or "" is not enough to make a zero byte POST	2007-08-02 13:26:06 +00:00
Daniel Stenberg	59c16a570f	argh, Greg Morse pointed out that the NTLM POST fix only worked if VERBOSE was set, this should make it work for all cases!	2007-08-02 11:34:50 +00:00
Daniel Stenberg	50c10aa5bf	Patrick Monnerat and I modified libcurl so that now it copies all strings passed to it with curl_easy_setopt()! Previously it has always just refered to the data, forcing the user to keep the data around until libcurl is done with it. That is now history and libcurl will instead clone the given strings and keep private copies.	2007-08-01 21:20:01 +00:00
Daniel Stenberg	006878686c	Greg Morse reported a problem with POSTing using ANYAUTH to a server requiring NTLM, and he provided test code and a test server and we worked out a bug fix. We failed to count sent body data at times, which then caused internal confusions when libcurl tried to send the rest of the data in order to maintain the same connection alive. (and then I did some minor reformatting of code in lib/http.c)	2007-08-01 12:58:04 +00:00
Daniel Stenberg	bd100b2a51	AIX 4 and 5 get to use non-blocking sockets	2007-07-30 22:54:02 +00:00
Daniel Stenberg	5b1bbffdff	Peter O'Gorman pointed out (and fixed) that the non-blocking check in configure made libcurl use blocking sockets on AIX 4 and 5, while that wasn't the intention.	2007-07-30 22:53:18 +00:00
Daniel Stenberg	16710a1c9b	users should use the CURLMOPT_TIMERFUNCTION rather than curl_multi_timeout when using the socket API	2007-07-30 22:01:04 +00:00
Daniel Stenberg	ba5c71b79b	less blocking these days	2007-07-30 21:47:56 +00:00
Daniel Stenberg	f3799462c2	updated based on suggestion from Jeff Pohlmeyer	2007-07-30 21:47:44 +00:00
Daniel Stenberg	f01c6e51f4	Patrick Monnerat restored qssl successful compilation and loading	2007-07-30 21:41:12 +00:00
Daniel Stenberg	21d62118dc	give credit to Greg Zavertnik	2007-07-30 20:07:43 +00:00
Dan Fandrich	de55038e33	Properly set USE_SSL on OS/400	2007-07-30 17:08:26 +00:00
Dan Fandrich	ea908c23ae	Fixed compiler warning on non-SSL builds	2007-07-30 17:05:39 +00:00
Daniel Stenberg	844cbc701a	Added "4.15 FTPS doesn't work" and updated a few other sections slightly	2007-07-29 22:17:39 +00:00
Daniel Stenberg	f1fa7b8ba4	Bug report #1759542 (http://curl.haxx.se/bug/view.cgi?id=1759542 ). A bad use of a socket after it has been closed, when the FTP-SSL data connection is taken down.	2007-07-29 12:54:05 +00:00
Daniel Stenberg	86ff3194fa	added missing part for the qsossl support	2007-07-27 08:33:32 +00:00
Daniel Stenberg	d460b601f9	added initial pkg-config file (attempt)	2007-07-26 21:56:47 +00:00
Dan Fandrich	48a06d1a7b	Removed unused variable.	2007-07-24 15:23:16 +00:00
Daniel Stenberg	813a1107f4	#if that should be #ifdef	2007-07-23 21:48:27 +00:00
Daniel Stenberg	b3461bab1d	Implemented the parts of Patrick Monnerat's OS/400 patch that introduces support for the OS/400 Secure Sockets Layer library	2007-07-23 21:46:26 +00:00
Dan Fandrich	5ecd56d964	Implemented only the parts of Patrick Monnerat's OS/400 patch that renamed some few internal identifiers to avoid conflicts, which could be useful on other platforms.	2007-07-23 18:51:22 +00:00
Dan Fandrich	cc44fb1dc8	Log the "<CMD> wasn't handled" error normally since it is now expected to occur in a couple of tests.	2007-07-23 17:51:43 +00:00
Gunter Knauf	77b0efdbc2	added 2 system libs necessary for linking OpenSSL 0.9.8e statically.	2007-07-23 01:05:34 +00:00
Daniel Stenberg	68653bcbdd	fix mess added in my previous commit	2007-07-22 10:19:53 +00:00
Daniel Stenberg	9af807a5ce	HTTP Digest auth fix on a re-used connection	2007-07-22 10:17:52 +00:00
Daniel Stenberg	4bbcc47f3f	Added test case 354 that makes a simple FTP retrieval without password, which verifies the bug fix in #1757328.	2007-07-22 10:08:59 +00:00
Daniel Stenberg	8ab495a088	test and verify curl -I on a single FTP file somewhat more than before	2007-07-21 21:49:23 +00:00
Daniel Stenberg	84e7bb85b1	To allow more flexibility in FTP test cases, I've removed the enforced states from the test server code as they served no real purpose. The test server is here to serve for the test cases, not to attempt to function as a real server!	2007-07-21 21:48:58 +00:00
Daniel Stenberg	4fc7e13a98	news	2007-07-21 21:47:02 +00:00
Dan Fandrich	b465750041	Make the pointers of a few static const arrays const, too, for safety.	2007-07-21 02:08:17 +00:00
Gunter Knauf	37dc0fa519	added curl include for debug builds.	2007-07-20 21:50:53 +00:00
Dan Fandrich	000fdc6b99	Document pwd as an sftp quote command for curl(1), and show it as lower case for consistency since sftp commands are case insensitive.	2007-07-20 17:29:43 +00:00
Gunter Knauf	594fc0411e	added lf to Win32 getpass_r() so that next output appears in new line.	2007-07-20 16:01:05 +00:00
Daniel Stenberg	94fcb4b09d	PWD for SFTP is fixed	2007-07-20 15:33:44 +00:00
Daniel Stenberg	1a0034ac34	the "libssh2 owns the memory don't free it" case	2007-07-20 09:38:41 +00:00
Daniel Stenberg	e3377e637a	Ralf S. Engelschall filed bug report #1757328 (http://curl.haxx.se/bug/view.cgi?id=1757328) and submitted a patch. It turns out we broke login to FTP servers that don't require (nor understand) PASS after the USER command	2007-07-20 09:35:58 +00:00
James Housley	2ab854cafd	Fix a loop with PWD	2007-07-20 01:03:49 +00:00
Dan Fandrich	4a2f0fb2be	Made some const arrays static to avoid unnecessary stack usage.	2007-07-20 00:41:12 +00:00
Daniel Stenberg	dca3564cfb	minor addition, re-count of the number of lines of code	2007-07-19 21:35:36 +00:00
Daniel Stenberg	9d183bb7b1	libssh2 fix	2007-07-19 15:08:47 +00:00
Dan Fandrich	c7db74fe73	Revert the 512 change since newer versions of OpenSSH don't support DSA keys that small.	2007-07-19 01:42:22 +00:00
James Housley	5251c45187	SFTP also supports PWD	2007-07-18 23:21:32 +00:00
Dan Fandrich	d9b5f327bf	Added the list of sftp quote commands.	2007-07-18 22:23:07 +00:00
James Housley	ca1356702a	As has been pointed out, err_msg should not be freed here. The actual issue is in libssh2 and not freeing a dynamic error message during cleanup.	2007-07-18 18:31:34 +00:00
Dan Fandrich	89d119646d	Use 512 bit keys to reduce the time taken to generate them. This shouldn't really reduce security since in the common case of a daily automated build the keys are only used for a single test run lasting a few minutes before being deleted.	2007-07-18 00:27:13 +00:00
Dan Fandrich	989dd9c34a	Fixed test cases 613 and 614 by improving the log postprocessor to handle a new directory listing format that newer libssh2's can provide. This is probably NOT sufficient to handle all directory listing formats that server's can provide and should be revisited.	2007-07-17 21:53:38 +00:00
Daniel Stenberg	1d728aae2a	Jofell Gallardo posted a libcurl log using FTP that exposed a bug which made a control connection that was deemed "dead" to yet be re-used in a following request. We must make sure the connection gets closed on this situation.	2007-07-17 20:59:53 +00:00
Daniel Stenberg	98b9349be7	make it do all three requests on the same connection	2007-07-16 21:44:46 +00:00
Dan Fandrich	4706a93341	Fixed some more simple compile warnings in the examples.	2007-07-16 21:22:12 +00:00
Daniel Stenberg	b85b56a73d	45. libcurl built to support ipv6 uses getaddrinfo() to resolve host names. getaddrinfo() sorts the response list which effectively kills how libcurl deals with round-robin DNS entries. All details: http://curl.haxx.se/mail/lib-2007-07/0168.html initial suggested function to use for randomizing the response: http://curl.haxx.se/mail/lib-2007-07/0178.html	2007-07-16 21:08:08 +00:00
Daniel Stenberg	1da3d402f6	convert test case 540 to use a custom Host: header as well	2007-07-15 21:00:26 +00:00
Daniel Stenberg	1da3192d2d	let's just export the whole argc + argv pair globally so that each test tool can take advantage of it however they see fit!	2007-07-15 20:59:43 +00:00
Gunter Knauf	dab569d76c	make users use the latest OpenSSL and Zlib libraries; added hint to compile with SSPI with MSVC6 without PSDK.	2007-07-15 13:00:39 +00:00
Daniel Stenberg	598c589359	added another SEE ALSO	2007-07-14 23:01:49 +00:00
Daniel Stenberg	15c8219340	Added test case 540 and lib540.c, the 'proxyauth.c' test app posted by Shmulik Regev on the libcurl mailing list on 10 Jul 2007, converted to a test case.	2007-07-14 22:39:22 +00:00
Daniel Stenberg	5ae21ebde9	add support for arg3 as the third argument...	2007-07-14 22:38:18 +00:00
Daniel Stenberg	c7e0d8c30b	add some better logging when HTTP server start fails, and make the failure really hard if the test server can't be resolved (like for ::1 ipv6)	2007-07-14 22:33:46 +00:00
Gunter Knauf	fee4f8c86d	for now unless we do better fixed LIBSSH2_APINO compares to use long constants.	2007-07-14 15:59:01 +00:00
Daniel Stenberg	1261c3feba	Brad House's fix to hish a win32 compiler warning	2007-07-14 13:14:58 +00:00
Daniel Stenberg	7fc300d5dc	added Vlad's entire description of his valgrind fix	2007-07-14 13:11:36 +00:00
Daniel Stenberg	88ce03e945	Vlad Dinulescu fixed two outstanding valgrind reports	2007-07-14 13:08:50 +00:00
Dan Fandrich	5bed99c97d	The examples don't need access to curl internal source files.	2007-07-13 21:31:44 +00:00
Daniel Stenberg	46c699c483	Colin Hogben filed bug report #1750274 (http://curl.haxx.se/bug/view.cgi?id=1750274) and submitted a patch for the case where libcurl did a connect attempt to a non-listening port and didn't provide a human readable error string back.	2007-07-13 20:17:35 +00:00
Daniel Stenberg	f7d6e147f1	Daniel Cater added the mentioning of CURL_DISABLE_TFTP	2007-07-13 20:09:38 +00:00
Daniel Stenberg	aad1d3ce14	Daniel Cater: libcurl-errors needs updating to reflect a couple of deprecated error codes	2007-07-13 20:07:22 +00:00
Daniel Stenberg	cf5378b366	Daniel Cater made libcurl build with CURL_NO_OLDIES defined (which doesn't define the symbols for backwards source compatibility)	2007-07-13 20:04:53 +00:00
Daniel Stenberg	fea938cbcb	Daniel Cater made the vc8-generating line use double-quotes to run fine on windows	2007-07-13 19:38:36 +00:00
Daniel Stenberg	a67c8b4698	Made the krb5 code build with Heimdal's GSSAPI lib	2007-07-12 21:34:42 +00:00
Dan Fandrich	49ce3e5160	Fixed some compile warnings and errors and improved portability in the examples. Removed ftp3rdparty.c since libcurl doesn't support 3rd party FTP transfers any longer.	2007-07-12 21:11:10 +00:00
Daniel Stenberg	4a728747e6	make it compile fine	2007-07-12 20:55:17 +00:00
Daniel Stenberg	f5a6355172	fix include path	2007-07-12 20:54:54 +00:00
Dan Fandrich	ffff8ddbef	Compile most of the example apps in docs/examples when doing a 'make check'.	2007-07-12 20:38:54 +00:00
Daniel Stenberg	cf86f8cb78	Shmulik Regev found an (albeit rare) case where the proxy CONNECT operation could in fact get stuck in an endless loop.	2007-07-12 20:15:38 +00:00
Daniel Stenberg	a53ba060c8	start the retry delay at 10 ms, double it for every failed attempt which makes it 10 seconds delay after 11 attempts	2007-07-12 17:03:45 +00:00
Gunter Knauf	72bb5854f7	the timeout was probably too short with max = 1 sec, so lets test with 5 sec.	2007-07-12 10:54:15 +00:00
Gunter Knauf	0de56e5535	added nwos.c so that it gets distributed with releases and tarballs.	2007-07-12 10:44:46 +00:00
Gunter Knauf	0878b14f79	added time loop to sockfilt.c in order to wait for SO_REUSEADDR; added go_sleep() to util.c.	2007-07-12 01:07:49 +00:00
Marty Kuhrt	7d56f35388	Updated to match curl.h	2007-07-11 23:17:11 +00:00
Daniel Stenberg	d12759c73e	Made CURLOPT_SSL_VERIFYHOST set to 1 acts as described in the documentation: fail to connect if there is no Common Name field found in the remote cert. We should deprecate the support for this set to 1 anyway soon, since the feature is pointless and most likely never really used by anyone.	2007-07-11 22:20:46 +00:00
Gunter Knauf	c0095d6dd9	removed now obsolete NETDB_DEFINE_CONTEXT macro calls.	2007-07-11 21:47:31 +00:00
Gunter Knauf	6a88eab067	updated makefile to compile nwos.c.	2007-07-11 21:38:28 +00:00
Gunter Knauf	a4f36558fc	added NetWare-own file to provide some init functions (for now only CLIB); added call to netware_init() in curl_global_init() to make sure it gets called before any library functions get used.	2007-07-11 21:34:22 +00:00
Dan Fandrich	5e1cd407a3	Added the first libcurl version to which the SSH options were added.	2007-07-11 19:21:38 +00:00
Gunter Knauf	2a1345ae9f	added netdb.h for NetWare CLIB since gethostname() is defined there.	2007-07-11 09:08:03 +00:00
Gunter Knauf	cf61c8d659	fixed endif comment.	2007-07-11 09:03:22 +00:00
Gunter Knauf	c39690486c	fixed endif comment.	2007-07-11 08:55:28 +00:00
Dan Fandrich	814b471d55	Added a code coverage section using gcc and gcov.	2007-07-10 22:55:51 +00:00
Daniel Stenberg	5119fb16d6	Shmulik Regev: The tiny patch below fixes a bug (that I introduced :) which happens when negotiating authentication with a proxy (probably with web servers as well) that uses chunked transfer encoding for the 407 error pages. In this case the ''ignorebody'' flag was ignored (no pun intended).	2007-07-10 22:45:01 +00:00
Daniel Stenberg	dc2c70be07	Giancarlo Formicuccia reported and fixed a problem with a closed connection to a proxy during CONNECT auth negotiation.	2007-07-10 22:31:13 +00:00
Dan Fandrich	19631f5d5f	Force the time zone to GMT in the cookie tests in case the user is using one of the so-called 'right' time zones that take into account leap seconds, which causes the tests to fail (as reported by Daniel Black in bug report #1745964).	2007-07-10 22:27:16 +00:00
James Housley	a8d6b40736	The previous commits changed the error code	2007-07-10 22:26:59 +00:00
James Housley	8026d94c07	* Finish moving sftp:// into a state machine so it won't block in multi mode * Move scp:// into a state machine so it won't block in multi mode * When available use the full directory entry from the sftp:// server	2007-07-10 22:26:32 +00:00
Dan Fandrich	93bd512357	Fixed a curl memory leak reported by Song Ma with a modified version of the patch he suggested. Added his test case as test289 to verify.	2007-07-10 22:23:16 +00:00
Daniel Stenberg	04d3a8c714	start working on 7.16.5...	2007-07-10 22:07:33 +00:00