RELEASE-NOTES: ready for 7.22.0

With this fix, it should work for PolarSSL-1.0.0 (and SVN-1091 trunk)
and retain compatibility with earlier versions. (Tested with 0.14.1)

PolarSSL still doesn't play nicely with curl's CA bundle (we discussed
this before) but I was at least able to retrieve the
https://www.gmail.com/ login page using a modified ca-certificates.crt
file with all 3 versions of PolarSSL.

.gitignore

@@ -14,6 +14,7 @@ Makefile
 Makefile.in
 aclocal.m4
 autom4te.cache
+config.cache
 config.guess
 config.log
 config.status

Android.mk

@@ -62,8 +62,7 @@ CURL_HEADERS := \
 	mprintf.h \
 	multi.h \
 	stdcheaders.h \
-	typecheck-gcc.h \
-	types.h
+	typecheck-gcc.h
 
 LOCAL_SRC_FILES := $(addprefix lib/,$(CSOURCES))
 LOCAL_C_INCLUDES += $(LOCAL_PATH)/include/
@@ -73,6 +72,7 @@ LOCAL_COPY_HEADERS_TO := libcurl/curl
 LOCAL_COPY_HEADERS := $(addprefix include/curl/,$(CURL_HEADERS))
 
 LOCAL_MODULE:= libcurl
+LOCAL_MODULE_TAGS := optional
 
 # Copy the licence to a place where Android will find it.
 # Actually, this doesn't quite work because the build system searches
@@ -93,6 +93,7 @@ include $(LOCAL_PATH)/src/Makefile.inc
 LOCAL_SRC_FILES := $(addprefix src/,$(CURL_CFILES))
 
 LOCAL_MODULE := curl
+LOCAL_MODULE_TAGS := optional
 LOCAL_STATIC_LIBRARIES := libcurl
 LOCAL_SYSTEM_SHARED_LIBRARIES := libc
 

CMakeLists.txt

@@ -23,7 +23,6 @@ include(Utilities)
 
 project( CURL C )
 
-
 file (READ ${CURL_SOURCE_DIR}/include/curl/curlver.h CURL_VERSION_H_CONTENTS)
 string (REGEX MATCH "LIBCURL_VERSION_MAJOR[ \t]+([0-9]+)"
   LIBCURL_VERSION_MJ ${CURL_VERSION_H_CONTENTS})
@@ -149,7 +148,9 @@ option(ENABLE_IPV6 "Define if you want to enable IPv6 support" OFF)
 mark_as_advanced(ENABLE_IPV6)
 
 if(WIN32)
-  list_spaces_append_once(CMAKE_C_STANDARD_LIBRARIES wsock32.lib ws2_32.lib)  # bufferoverflowu.lib
+  find_library(WSOCK32_LIBRARY wsock32)
+  find_library(WS2_32_LIBRARY ws2_32)
+  list_spaces_append_once(CMAKE_C_STANDARD_LIBRARIES ${WSOCK32_LIBRARY} ${WS2_32_LIBRARY})  # bufferoverflowu.lib
   if(CURL_DISABLE_LDAP)
     # Remove wldap32.lib from space-separated list
     string(REPLACE " " ";" _LIST ${CMAKE_C_STANDARD_LIBRARIES})
@@ -191,12 +192,12 @@ if(WIN32)
 endif(WIN32)
 
 # This macro checks if the symbol exists in the library and if it
-# does, it appends library to the list.
+# does, it prepends library to the list.
 macro(CHECK_LIBRARY_EXISTS_CONCAT LIBRARY SYMBOL VARIABLE)
-  check_library_exists("${LIBRARY};${CURL_LIBS}" ${SYMBOL} ""
+  check_library_exists("${LIBRARY};${CURL_LIBS}" ${SYMBOL} "${CMAKE_LIBRARY_PATH}"
     ${VARIABLE})
   if(${VARIABLE})
-    set(CURL_LIBS ${CURL_LIBS} ${LIBRARY})
+    set(CURL_LIBS ${LIBRARY} ${CURL_LIBS})
   endif(${VARIABLE})
 endmacro(CHECK_LIBRARY_EXISTS_CONCAT)
 
@@ -224,25 +225,6 @@ check_library_exists("wldap32" cldap_open "" HAVE_WLDAP32)
 #  CHECK_LIBRARY_EXISTS_CONCAT("z"      inflateEnd   HAVE_LIBZ)
 # ENDIF(NOT CURL_SPECIAL_LIBZ)
 
-option(CMAKE_USE_OPENSSL "Use OpenSSL code. Experimental" ON)
-mark_as_advanced(CMAKE_USE_OPENSSL)
-if(CMAKE_USE_OPENSSL)
-  if(WIN32)
-    find_package(OpenSSL)
-    if(OPENSSL_FOUND)
-      set(USE_SSLEAY TRUE)
-      set(USE_OPENSSL TRUE)
-      list(APPEND CURL_LIBS ${OPENSSL_LIBRARIES} )
-    else()
-      set(CMAKE_USE_OPENSSL FALSE)
-      message(STATUS "OpenSSL NOT Found, disabling CMAKE_USE_OPENSSL")
-    endif()
-  else(WIN32)
-    check_library_exists_concat("crypto" CRYPTO_lock  HAVE_LIBCRYPTO)
-    check_library_exists_concat("ssl"    SSL_connect  HAVE_LIBSSL)
-  endif(WIN32)
-endif(CMAKE_USE_OPENSSL)
-
 # Check for idn
 check_library_exists_concat("idn" idna_to_ascii_lz HAVE_LIBIDN)
 
@@ -271,6 +253,25 @@ if(CURL_ZLIB)  # AND CURL_CONFIG_HAS_BEEN_RUN_BEFORE
   endif()
 endif()
 
+option(CMAKE_USE_OPENSSL "Use OpenSSL code. Experimental" ON)
+mark_as_advanced(CMAKE_USE_OPENSSL)
+if(CMAKE_USE_OPENSSL)
+  if(WIN32)
+    find_package(OpenSSL)
+    if(OPENSSL_FOUND)
+      set(USE_SSLEAY TRUE)
+      set(USE_OPENSSL TRUE)
+      list(APPEND CURL_LIBS ${OPENSSL_LIBRARIES} )
+    else()
+      set(CMAKE_USE_OPENSSL FALSE)
+      message(STATUS "OpenSSL NOT Found, disabling CMAKE_USE_OPENSSL")
+    endif()
+  else(WIN32)
+    check_library_exists_concat("crypto" CRYPTO_lock  HAVE_LIBCRYPTO)
+    check_library_exists_concat("ssl"    SSL_connect  HAVE_LIBSSL)
+  endif(WIN32)
+endif(CMAKE_USE_OPENSSL)
+
 # If we have features.h, then do the _BSD_SOURCE magic
 check_include_file("features.h"       HAVE_FEATURES_H)
 
@@ -852,3 +853,13 @@ endif()
 if(NOT CURL_CONFIG_HAS_BEEN_RUN_BEFORE)
   set(CURL_CONFIG_HAS_BEEN_RUN_BEFORE 1 CACHE INTERNAL "Flag to track whether this is the first time running CMake or if CMake has been configured before")
 endif()
+
+# Installation.
+# First, install generated curlbuild.h
+install(FILES "${CMAKE_CURRENT_BINARY_DIR}/include/curl/curlbuild.h"
+    DESTINATION include/curl )
+# Next, install other headers excluding curlbuild.h
+install(DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}/include/curl"
+    DESTINATION include
+    FILES_MATCHING PATTERN "*.h"
+    PATTERN "curlbuild.h" EXCLUDE)

Makefile.am

@@ -40,8 +40,8 @@ EXTRA_DIST = CHANGES COPYING maketgz Makefile.dist curl-config.in	\
 
 bin_SCRIPTS = curl-config
 
-SUBDIRS = lib src
-DIST_SUBDIRS = $(SUBDIRS) tests include packages docs
+SUBDIRS = lib src include
+DIST_SUBDIRS = $(SUBDIRS) tests packages docs
 
 pkgconfigdir = $(libdir)/pkgconfig
 pkgconfig_DATA = libcurl.pc
@@ -155,3 +155,7 @@ ca-bundle: lib/mk-ca-bundle.pl
 ca-firefox: lib/firefox-db2pem.sh
 	@echo "generate a fresh ca-bundle.crt"
 	./lib/firefox-db2pem.sh lib/ca-bundle.crt
+
+checksrc:
+	cd lib && $(MAKE) checksrc
+	cd src && $(MAKE) checksrc

Makefile.dist

@@ -70,30 +70,18 @@ mingw32:
 	$(MAKE) -C lib -f Makefile.m32
 	$(MAKE) -C src -f Makefile.m32
 
-mingw32-zlib:
-	$(MAKE) -C lib -f Makefile.m32 ZLIB=1
-	$(MAKE) -C src -f Makefile.m32 ZLIB=1
-
-mingw32-ssl-zlib:
-	$(MAKE) -C lib -f Makefile.m32 SSL=1 ZLIB=1
-	$(MAKE) -C src -f Makefile.m32 SSL=1 ZLIB=1
-
-mingw32-ssh2-ssl-zlib:
-	$(MAKE) -C lib -f Makefile.m32 SSH2=1 SSL=1 ZLIB=1
-	$(MAKE) -C src -f Makefile.m32 SSH2=1 SSL=1 ZLIB=1
-
-mingw32-ssh2-ssl-sspi-zlib:
-	$(MAKE) -C lib -f Makefile.m32 SSH2=1 SSL=1 SSPI=1 ZLIB=1
-	$(MAKE) -C src -f Makefile.m32 SSH2=1 SSL=1 SSPI=1 ZLIB=1
-
-mingw32-rtmp-ssh2-ssl-sspi-zlib:
-	$(MAKE) -C lib -f Makefile.m32 RTMP=1 SSH2=1 SSL=1 SSPI=1 ZLIB=1
-	$(MAKE) -C src -f Makefile.m32 RTMP=1 SSH2=1 SSL=1 SSPI=1 ZLIB=1
-
 mingw32-clean:
 	$(MAKE) -C lib -f Makefile.m32 clean
 	$(MAKE) -C src -f Makefile.m32 clean
 
+mingw32-vclean mingw32-distclean:
+	$(MAKE) -C lib -f Makefile.m32 vclean
+	$(MAKE) -C src -f Makefile.m32 vclean
+
+mingw32%:
+	$(MAKE) -C lib -f Makefile.m32 CFG=$@
+	$(MAKE) -C src -f Makefile.m32 CFG=$@
+
 vc-clean: $(VC)
 	cd lib
 	nmake -f Makefile.$(VC) clean

RELEASE-NOTES

@@ -1,69 +1,59 @@
-Curl and libcurl 7.21.5
+Curl and libcurl 7.22.0
 
- Public curl releases:         121
- Command line options:         143
- curl_easy_setopt() options:   185
+ Public curl releases:         124
+ Command line options:         149
+ curl_easy_setopt() options:   192
  Public functions in libcurl:  58
  Known libcurl bindings:       39
- Contributors:                 854
+ Contributors:                 873
 
 This release includes the following changes:
 
- o SOCKOPTFUNCTION: callback can say already-connected
- o Added --netrc-file
- o Added (new) support for cyassl
- o TSL-SRP: enabled with OpenSSL
- o Added CURLE_NOT_BUILT_IN and CURLE_UNKNOWN_OPTION
+ o Added CURLOPT_GSSAPI_DELEGATION
+ o Added support for NTLM delegation to Samba's winbind daemon helper ntlm_auth
+ o Display notes from setup file in testcurl.pl
+ o BSD-style lwIP TCP/IP stack experimental support on Windows
+ o OpenSSL: Use SSL_MODE_RELEASE_BUFFERS if available
+ o --delegation was added to set CURLOPT_GSSAPI_DELEGATION
+ o nss: start with no database if the selected database is broken
+ o telnet: allow programatic use on Windows
 
 This release includes the following bugfixes:
 
- o nss: avoid memory leak on SSL connection failure
- o nss: do not ignore failure of SSL handshake
- o multi: better failed connect handling when using FTP, SMTP, POP3 and IMAP
- o runtests.pl: fix pid number concatenation that prevented it from killing
-   the correct process at times
- o PolarSSL: Return 0 on receiving TLS CLOSE_NOTIFY alert
- o curl_easy_setopt.3: Removed wrong reference to CURLOPT_USERPASSWORD
- o multi: close connection on timeout
- o IMAP in multi mode does SSL connections non-blocking
- o honours the --disable-ldaps configure option
- o Force setopt constants written by --libcurl to be long
- o ssh_connect: treat libssh2 return code better
- o SFTP upload could stall the state machine when the multi_socket API was
-   used
- o SFTP and SCP could leak memory when used with the multi interface and 
-   the connection was closed
- o Added missing file to repair the MSVC makefiles
- o Fixed detection of recvfrom arguments on Android/bionic
- o GSS: handle reuse fix
- o transfer: avoid insane conversion of time_t
- o nss: do not ignore value of CURLOPT_SSL_VERIFYPEER in certain cases
- o SMTP-multi: non-blocking connect
- o SFTP-multi: set cselect for sftp and scp to fix "stall" risk
- o configure: removed wrongly claimed default paths
- o pop3: fixed torture tests to succeed
- o symbols-in-versions: many corrections
- o if a HTTP request gets retried because the connection was dead, rewind if
-   any data was sent as part of it
- o only probe for working ipv6 once and then re-use that info for further
-   requests
- o requests that are asked to bound to a local interface/port will no longer
-   wrongly re-use connections that aren't
- o libcurl.m4: Add missing quotes in AC_LINK_IFELSE
- o progress output: don't print the last update on a separate line
- o POP3: the command to send is STLS, not STARTTLS
- o POP3: PASS command was not sent after upgrade to TLS
- o configure: fix libtool warning
- o nss: allow to use multiple client certificates for a single host
- o HTTP pipelining: Fix handling of zero-length responses
- o Don't list NTLM in curl-config when HTTP is disabled
- o curl_easy_setopt.3: CURLOPT_RESOLVE typo version
- o OpenSSL: build fine with no-sslv2 versions
- o checkconnection: don't call with NULL pointer with RTSP and multi interface
- o Borland makefile updates
- o configure: libssh2 link fix without pkg-config
- o certinfo crash
- o CCC crash
+ o curl_getdate: detect some illegal dates better
+ o when sending a request and an error is received before the (entire) request
+   body is sent, stop sending the request and close the connection after
+   having received the entire response. This is equally true if an Expect:
+   100-continue header was used.
+ o When using both -J and a single -O with multiple URLs, a missing init
+   could cause a segfault
+ o -J fixed for escaped quotes
+ o -J fixed for file names with semicolons
+ o progress: reset flags at transfer start to avoid wrong 
+   CURLINFO_CONTENT_LENGTH_DOWNLOAD
+ o curl_gssapi: Guard files with HAVE_GSSAPI and rename private header
+ o silence picky compilers: mark unused parameters
+ o help output: more gnu like output
+ o libtests: stop checking for CURLM_CALL_MULTI_PERFORM
+ o setting a non-HTTP proxy with an environment variable or with CURLOPT_PROXY
+   / --proxy (without specifying CURLOPT_PROXYTYPE) would still make it do
+   proxy-like HTTP requests
+ o CURLFORM_BUFFER: insert filename as documented (regression)
+ o SOCKS: fix the connect timeout
+ o ftp_doing: bail out on error properly while multi interfacing
+ o improved Content-Encoded decoding error message
+ o asyn-thread: check for dotted addresses before thread starts
+ o cmake: find winsock when building on windows
+ o Curl_retry_request: check return code
+ o cookies: handle 'secure=' as if it was 'secure'
+ o tests: break busy loops in tests 502, 555, and 573
+ o FTP: fix proxy connect race condition with multi interface and SOCKS proxy
+ o RTSP: GET_PARAMETER requests have a body
+ o fixed several memory leaks in OOM situations
+ o bad expire(0) caused multi_socket API to hang
+ o Avoid ftruncate() static define with mingw64
+ o mk-ca-bundle.pl: ignore untrusted certs
+ o builds with PolarSSL 1.0.0
 
 This release includes the following known bugs:
 
@@ -72,10 +62,11 @@ This release includes the following known bugs:
 This release would not have looked like this without help, code, reports and
 advice from friends like these:
 
- Mike Crowe, Kamil Dudka, Julien Chaffraix, Hoi-Ho Chan, Ben Noordhuis,
- Dan Fandrich, Henry Ludemann, Karl M, Manuel Massing, Marcus Sundberg,
- Stefan Krause, Todd A Ouska, Saqib Ali, Andre Guibert de Bruet,
- Tor Arntsen, Vincent Torri, Dave Reisner, Chris Smowton, Tinus van den Berg,
- Hongli Lai, Gisle Vanem, Andrei Benea, Mehmet Bozkurt
+ Paolo Piacentini, Steven Parkes, Adam Tkac, Ben Winslow, Dan Fandrich,
+ Julien Chaffraix, Kamil Dudka, Mandy Wu, Michael Mueller, Patrick Monnerat,
+ Yang Tse, Paul Howarth, Garrett Holmstrom, Peter Hjalmarsson, Herve Amblard,
+ Christian Hagele, Richard Silverman, Henry Ludemann, Cristian Rodriguez,
+ Steve Holme, Jim Hollinger, Pau Garcia i Quiles, Fabian Keil, Wu Yongzheng,
+ Adriano Meirelles, Jeff Pohlmeyer
 
         Thanks! (and sorry if I forgot to mention someone)

TODO-RELEASE

@@ -1,15 +1,11 @@
-To be addressed in 7.21.6
+To be addressed in 7.22.1
 =========================
 
-284 - bug 3172608 "No re-authentication when HTTP connecton is closed"
-      http://curl.haxx.se/bug/view.cgi?id=3172608
-      Would be nice if someone could verify the suggested patch
+295 - "RTSP Authentication (#22)" https://github.com/bagder/curl/pull/22
 
-285 - bug 3163118 "Allow programatic use of telnet on Windows"
-      http://curl.haxx.se/bug/view.cgi?id=3163118
-      Would appreciate a Windows developer to give it a look before we apply
-      the suggested patch
+296 - "OOM leak in multi code" (by Dan Fandrich)
 
-287 - bug 3215314 Post quote operation to rename fails in Windows
+300 - "Polling on stray socket on sequential transfers." Andrew S
+      http://curl.haxx.se/mail/lib-2011-07/0053.html
 
-289 -
+308 -

acinclude.m4

@@ -1663,7 +1663,7 @@ AC_DEFUN([CURL_CHECK_FUNC_RECVFROM], [
           for recvfrom_arg2 in 'char *' 'void *'; do
             for recvfrom_arg3 in 'size_t' 'int' 'socklen_t' 'unsigned int'; do
               for recvfrom_arg4 in 'int' 'unsigned int'; do
-                for recvfrom_arg5 in 'const struct sockaddr *' 'struct sockaddr *' 'void *'; do
+                for recvfrom_arg5 in 'struct sockaddr *' 'void *' 'const struct sockaddr *'; do
                   for recvfrom_arg6 in 'socklen_t *' 'int *' 'unsigned int *' 'size_t *' 'void *'; do
                     if test "$curl_cv_func_recvfrom_args" = "unknown"; then
                       AC_COMPILE_IFELSE([
@@ -1731,7 +1731,7 @@ AC_DEFUN([CURL_CHECK_FUNC_RECVFROM], [
       shift
       #
       recvfrom_ptrt_arg2=$[2]
-      recvfrom_ptrt_arg5=$[5]
+      recvfrom_qual_ptrt_arg5=$[5]
       recvfrom_ptrt_arg6=$[6]
       #
       AC_DEFINE_UNQUOTED(RECVFROM_TYPE_ARG1, $[1],
@@ -1753,12 +1753,25 @@ AC_DEFUN([CURL_CHECK_FUNC_RECVFROM], [
           ;;
       esac
       #
+      case "$recvfrom_qual_ptrt_arg5" in
+        const*)
+          recvfrom_qual_arg5=const
+          recvfrom_ptrt_arg5=`echo $recvfrom_qual_ptrt_arg5 | sed 's/^const //'`
+        ;;
+        *)
+          recvfrom_qual_arg5=
+          recvfrom_ptrt_arg5=$recvfrom_qual_ptrt_arg5
+        ;;
+      esac
+      #
       recvfrom_type_arg2=`echo $recvfrom_ptrt_arg2 | sed 's/ \*//'`
       recvfrom_type_arg5=`echo $recvfrom_ptrt_arg5 | sed 's/ \*//'`
       recvfrom_type_arg6=`echo $recvfrom_ptrt_arg6 | sed 's/ \*//'`
       #
       AC_DEFINE_UNQUOTED(RECVFROM_TYPE_ARG2, $recvfrom_type_arg2,
         [Define to the type pointed by arg 2 for recvfrom.])
+      AC_DEFINE_UNQUOTED(RECVFROM_QUAL_ARG5, $recvfrom_qual_arg5,
+        [Define to the type qualifier pointed by arg 5 for recvfrom.])
       AC_DEFINE_UNQUOTED(RECVFROM_TYPE_ARG5, $recvfrom_type_arg5,
         [Define to the type pointed by arg 5 for recvfrom.])
       AC_DEFINE_UNQUOTED(RECVFROM_TYPE_ARG6, $recvfrom_type_arg6,
@@ -2843,7 +2856,7 @@ AC_DEFUN([DO_CURL_OFF_T_CHECK], [
     tmp_includes=""
     tmp_source=""
     tmp_fmt=""
-    case AS_TR_SH([$1]) in
+    case XC_SH_TR_SH([$1]) in
       int64_t)
         tmp_includes="$curl_includes_inttypes"
         tmp_source="char f@<:@@:>@ = PRId64;"
@@ -2901,7 +2914,7 @@ AC_DEFUN([DO_CURL_OFF_T_SUFFIX_CHECK], [
   curl_suffix_curl_off_t="unknown"
   curl_suffix_curl_off_tu="unknown"
   #
-  case AS_TR_SH([$1]) in
+  case XC_SH_TR_SH([$1]) in
     long_long | __longlong | __longlong_t)
       tst_suffixes="LL::"
       ;;
@@ -3073,7 +3086,7 @@ AC_DEFUN([CURL_CONFIGURE_CURL_OFF_T], [
     curl_format_curl_off_tu=`echo "$curl_format_curl_off_tu" | "$SED" 's/D$/U/'`
   else
     x_pull_headers="no"
-    case AS_TR_SH([$curl_typeof_curl_off_t]) in
+    case XC_SH_TR_SH([$curl_typeof_curl_off_t]) in
       long_long | __longlong | __longlong_t)
         curl_format_curl_off_t="lld"
         curl_format_curl_off_tu="llu"

buildconf

@@ -411,7 +411,7 @@ else
 fi
 
 #--------------------------------------------------------------------------
-# Finished succesfully.
+# Finished successfully.
 #
 
 echo "buildconf: OK"

buildconf.bat

@@ -27,6 +27,11 @@ if not exist include\curl\curlbuild.h.dist goto end_curlbuild_h
 copy /Y include\curl\curlbuild.h.dist include\curl\curlbuild.h
 :end_curlbuild_h
 
+REM create src\config-win32.h
+if not exist lib\config-win32.h goto end_config_win32_h
+copy /Y lib\config-win32.h src\config-win32.h
+:end_config_win32_h
+
 REM setup c-ares git tree
 if not exist ares\buildconf.bat goto end_c_ares
 cd ares

configure.ac

@@ -305,6 +305,44 @@ AM_CONDITIONAL(NO_UNDEFINED, test x$need_no_undefined = xyes)
 CURL_CHECK_CURLDEBUG
 AM_CONDITIONAL(CURLDEBUG, test x$want_curldebug = xyes)
 
+supports_unittests=yes
+# cross-compilation of unit tests static library/programs fails when
+# libcurl shared library is built. This might be due to a libtool or
+# automake issue. In this case we disable unit tests.
+if test "x$cross_compiling" != "xno" &&
+   test "x$enable_shared" != "xno"; then
+  supports_unittests=no
+fi
+
+# IRIX 6.5.24 gcc 3.3 autobuilds fail unittests library compilation due to
+# a problem related with OpenSSL headers and library versions not matching.
+# Disable unit tests while time to further investigate this is found.
+case $host in
+  mips-sgi-irix6.5)
+    if test "$compiler_id" = "GNU_C"; then
+      supports_unittests=no
+    fi
+    ;;
+esac
+
+# All AIX autobuilds fails unit tests linking against unittests library
+# due to unittests library being built with no symbols or members. Libtool ?
+# Disable unit tests while time to further investigate this is found.
+case $host_os in
+  aix*)
+    supports_unittests=no
+    ;;
+esac
+
+dnl Build unit tests when option --enable-debug is given.
+if test "x$want_debug" = "xyes" &&
+   test "x$supports_unittests" = "xyes"; then
+  want_unittests=yes
+else
+  want_unittests=no
+fi
+AM_CONDITIONAL(BUILD_UNITTESTS, test x$want_unittests = xyes)
+
 dnl **********************************************************************
 dnl Compilation based checks should not be done before this point.
 dnl **********************************************************************
@@ -1312,7 +1350,7 @@ if test X"$OPT_SSL" != Xno; then
     dnl the user told us to look
     OPENSSL_PCDIR="$OPT_SSL/lib/pkgconfig"
     AC_MSG_NOTICE([PKG_CONFIG_LIBDIR will be set to "$OPENSSL_PCDIR"])
-    if test -e "$OPENSSL_PCDIR/openssl.pc"; then
+    if test -f "$OPENSSL_PCDIR/openssl.pc"; then
       PKGTEST="yes"
     fi
 
@@ -1513,6 +1551,7 @@ if test X"$OPT_SSL" != Xno; then
        export LD_LIBRARY_PATH
        AC_MSG_NOTICE([Added $LIB_OPENSSL to LD_LIBRARY_PATH])
     fi
+    CURL_CHECK_OPENSSL_API
   fi
 
 fi
@@ -1624,8 +1663,12 @@ if test X"$OPENSSL_ENABLED" = X"1"; then
                  [read randomness from FILE (default=/dev/urandom)]),
       [ RANDOM_FILE="$withval" ],
       [
-          dnl Check for random device
-          AC_CHECK_FILE("/dev/urandom", [ RANDOM_FILE="/dev/urandom"] )
+          if test x$cross_compiling != xyes; then
+            dnl Check for random device
+            AC_CHECK_FILE("/dev/urandom", [ RANDOM_FILE="/dev/urandom"] )
+          else
+            AC_MSG_WARN([skipped the /dev/urandom detection when cross-compiling])
+          fi
       ]
   )
   if test -n "$RANDOM_FILE" && test X"$RANDOM_FILE" != Xno ; then
@@ -2396,6 +2439,7 @@ AC_CHECK_HEADERS(
         stdbool.h \
         arpa/tftp.h \
         sys/filio.h \
+        sys/wait.h \
         setjmp.h,
 dnl to do if not found
 [],
@@ -2517,6 +2561,7 @@ CURL_CHECK_FUNC_FREEIFADDRS
 CURL_CHECK_FUNC_FSETXATTR
 CURL_CHECK_FUNC_FTRUNCATE
 CURL_CHECK_FUNC_GETADDRINFO
+CURL_CHECK_FUNC_GAI_STRERROR
 CURL_CHECK_FUNC_GETHOSTBYADDR
 CURL_CHECK_FUNC_GETHOSTBYADDR_R
 CURL_CHECK_FUNC_GETHOSTBYNAME
@@ -2540,6 +2585,7 @@ CURL_CHECK_FUNC_SIGINTERRUPT
 CURL_CHECK_FUNC_SIGNAL
 CURL_CHECK_FUNC_SIGSETJMP
 CURL_CHECK_FUNC_SOCKET
+CURL_CHECK_FUNC_SOCKETPAIR
 CURL_CHECK_FUNC_STRCASECMP
 CURL_CHECK_FUNC_STRCASESTR
 CURL_CHECK_FUNC_STRCMPI
@@ -2593,7 +2639,7 @@ AC_CHECK_FUNCS([fork \
     ],[
       AC_MSG_RESULT([yes])
       eval "ac_cv_func_$func=yes"
-      AC_DEFINE_UNQUOTED(AS_TR_CPP([HAVE_$func]), [1],
+      AC_DEFINE_UNQUOTED(XC_SH_TR_CPP([HAVE_$func]), [1],
         [Define to 1 if you have the $func function.])
     ],[
       AC_MSG_RESULT([but still no])
@@ -2770,6 +2816,10 @@ AC_HELP_STRING([--disable-crypto-auth],[Disable cryptographic authentication]),
        AC_MSG_RESULT(yes)
 )
 
+CURL_CHECK_OPTION_NTLM_WB
+
+CURL_CHECK_NTLM_WB
+
 dnl ************************************************************
 dnl disable TLS-SRP authentication
 dnl
@@ -2945,6 +2995,9 @@ if test "x$CURL_DISABLE_HTTP" != "x1"; then
   if test "x$USE_SSLEAY" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \
       -o "x$GNUTLS_ENABLED" = "x1" -o "x$NSS_ENABLED" = "x1"; then
     SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM"
+    if test "x$NTLM_WB_ENABLED" = "x1"; then
+      SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM_WB"
+    fi
   fi
 fi
 if test "x$USE_TLS_SRP" = "x1"; then

curl-config.in

@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 2001 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 2001 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -94,7 +94,7 @@ while test $# -gt 0; do
 	;;
 
     --version)
-	echo libcurl @VERSION@
+	echo libcurl @CURLVERSION@
 	exit 0
 	;;
 
@@ -113,7 +113,7 @@ while test $# -gt 0; do
 	  # silent success
 	  exit 0
 	else
-	  echo "requested version $checkfor is newer than existing @VERSION@"
+	  echo "requested version $checkfor is newer than existing @CURLVERSION@"
 	  exit 1
 	fi
 	;;

docs/BUGS

@@ -6,21 +6,34 @@
 
 BUGS
 
+ 1. Bugs
+  1.1 There are still bugs
+  1.2 Where to report
+  1.3 What to report
+  1.4 libcurl problems
+  1.5 Who will fix the problems
+  1.6 How to get a stack trace
+  1.7 Bugs in libcurl bindings
+
+==============================================================================
+
+1.1 There are still bugs
+
   Curl and libcurl have grown substantially since the beginning. At the time
-  of writing (July 2007), there are about 47000 lines of source code, and by
-  the time you read this it has probably grown even more.
+  of writing (September 2011), there are about 66000 lines of source code, and
+  by the time you read this it has probably grown even more.
 
   Of course there are lots of bugs left. And lots of misfeatures.
 
   To help us make curl the stable and solid product we want it to be, we need
   bug reports and bug fixes.
 
-WHERE TO REPORT
+1.2 Where to report
 
   If you can't fix a bug yourself and submit a fix for it, try to report an as
   detailed report as possible to a curl mailing list to allow one of us to
-  have a go at a solution. You should also post your bug/problem at curl's bug
-  tracking system over at
+  have a go at a solution. You can optionally also post your bug/problem at
+  curl's bug tracking system over at
 
         http://sourceforge.net/bugs/?group_id=976
 
@@ -29,16 +42,18 @@ WHERE TO REPORT
   If you feel you need to ask around first, find a suitable mailing list and
   post there. The lists are available on http://curl.haxx.se/mail/
 
-WHAT TO REPORT
+1.3 What to report
 
   When reporting a bug, you should include all information that will help us
   understand what's wrong, what you expected to happen and how to repeat the
   bad behavior. You therefore need to tell us:
 
-   - your operating system's name and version number (uname -a under a unix
-     is fine)
+   - your operating system's name and version number
+
    - what version of curl you're using (curl -V is fine)
+
    - versions of the used libraries that libcurl is built to use
+
    - what URL you were working with (if possible), at least which protocol
 
   and anything and everything else you think matters. Tell us what you
@@ -59,7 +74,48 @@ WHAT TO REPORT
   The address and how to subscribe to the mailing lists are detailed in the
   MANUAL file.
 
-HOW TO GET A STACK TRACE
+1.4 libcurl problems
+
+  First, post all libcurl problems on the curl-library mailing list.
+
+  When you've written your own application with libcurl to perform transfers,
+  it is even more important to be specific and detailed when reporting bugs.
+
+  Tell us the libcurl version and your operating system. Tell us the name and
+  version of all relevant sub-components like for example the SSL library
+  you're using and what name resolving your libcurl uses. If you use SFTP or
+  SCP, the libssh2 version is relevant etc.
+
+  Showing us a real source code example repeating your problem is the best way
+  to get our attention and it will greatly increase our chances to understand
+  your problem and to work on a fix (if we agree it truly is a problem).
+
+  Lots of problems that appear to be libcurl problems are actually just abuses
+  of the libcurl API or other malfunctions in your applications. It is adviced
+  that you run your problematic program using a memory debug tool like
+  valgrind or similar before you post memory-related or "crashing" problems to
+  us.
+
+1.5 Who will fix the problems
+
+  If the problems or bugs you describe are considered to be bugs, we want to
+  have the problems fixed.
+
+  There are no developers in the curl project that are paid to work on bugs.
+  All developers that take on reported bugs do this on a voluntary basis. We
+  do it out of an ambition to keep curl and libcurl excellent products and out
+  of pride.
+
+  But please do not assume that you can just lump over something to us and it
+  will then magically be fixed after some given time. Most often we need
+  feedback and help to understand what you've experienced and how to repeat a
+  problem. Then we may only be able to assist YOU to debug the problem and to
+  track down the proper fix.
+
+  We get reports from many people every month and each report can take a
+  considerable amount of time to really go to the bottom with.
+
+1.6 How to get a stack trace
 
   First, you must make sure that you compile all sources with -g and that you
   don't 'strip' the final executable. Try to avoid optimizing the code as
@@ -79,3 +135,12 @@ HOW TO GET A STACK TRACE
   crashed. Include the stack trace with your detailed bug report. It'll help a
   lot.
 
+1.7 Bugs in libcurl bindings
+
+  There will of course pop up bugs in libcurl bindings. You should then
+  primarily approach the team that works on that particular binding and see
+  what you can do to help them fix the problem.
+
+  If you suspect that the problem exists in the underlying libcurl, then
+  please convert your program over to plain C and follow the steps outlined
+  above.

docs/FAQ

@@ -36,7 +36,7 @@ FAQ
   3.2 How do I tell curl to resume a transfer?
   3.3 Why doesn't my posting using -F work?
   3.4 How do I tell curl to run custom FTP commands?
-  3.5 How can I disable the Pragma: nocache header?
+  3.5 How can I disable the Accept: */* header?
   3.6 Does curl support ASP, XML, XHTML or HTML version Y?
   3.7 Can I use curl to delete/rename a file through FTP?
   3.8 How do I tell curl to follow HTTP redirects?
@@ -491,7 +491,6 @@ FAQ
   3.2 How do I tell curl to resume a transfer?
 
   Curl supports resumed transfers both ways on both FTP and HTTP.
-
   Try the -C option.
 
   3.3 Why doesn't my posting using -F work?
@@ -517,11 +516,11 @@ FAQ
   FTP commands without transferring anything. Therefore you must always specify
   a URL to transfer to/from even when doing custom FTP commands.
 
-  3.5 How can I disable the Pragma: nocache header?
+  3.5 How can I disable the Accept: */* header?
 
   You can change all internally generated headers by adding a replacement with
   the -H/--header option. By adding a header with empty contents you safely
-  disable that one. Use -H "Pragma:" to disable that specific header.
+  disable that one. Use -H "Accept:" to disable that specific header.
 
   3.6 Does curl support ASP, XML, XHTML or HTML version Y?
 
@@ -565,6 +564,12 @@ FAQ
   install and use them, in the libcurl section of the curl web site:
   http://curl.haxx.se/libcurl/
 
+  All the various bindings to libcurl are made by other projects and people,
+  outside of the cURL project. The cURL project itself only produces libcurl
+  with its plain C API. If you don't find anywhere else to ask you can ask
+  about bindings on the curl-library list too, but be prepared that people on
+  that list may not know anything about bindings.
+
   In October 2009, there were interfaces available for the following
   languages: Ada95, Basic, C, C++, Ch, Cocoa, D, Dylan, Eiffel, Euphoria,
   Ferite, Gambas, glib/GTK+, Haskell, ILE/RPG, Java, Lisp, Lua, Mono, .NET,
@@ -1152,6 +1157,11 @@ FAQ
   libcurl will reuse connections for all transfers that are made using the
   same libcurl handle.
 
+  When you use the easy interface, the connection cache is kept within the
+  easy handle. If you instead use the multi interface, the connection cache
+  will be kept within the multi handle and will be shared among all the easy
+  handles that are used within the same multi handle.
+
   5.7 Link errors when building libcurl on Windows!
 
   You need to make sure that your project, and all the libraries (both static
@@ -1260,14 +1270,13 @@ FAQ
   With the easy interface you make sure to return the correct error code from
   one of the callbacks, but none of them are instant. There is no function you
   can call from another thread or similar that will stop it immediately.
-  Instead you need to make sure that one of the callbacks you use return an
-  appropriate value that will stop the transfer.
-
-  Suitable callbacks that you can do this with include the progress callback,
-  the read callback and the write callback.
+  Instead, you need to make sure that one of the callbacks you use returns an
+  appropriate value that will stop the transfer.  Suitable callbacks that you
+  can do this with include the progress callback, the read callback and the
+  write callback.
 
   If you're using the multi interface, you can also stop a transfer by
-  removing the particular easy handle from the multi stack. At any moment you
+  removing the particular easy handle from the multi stack at any moment you
   think the transfer is done.
 
   5.14 Using C++ non-static functions for callbacks?

docs/INSTALL

@@ -14,6 +14,12 @@ Installing Binary Packages
    binary package. This document describes how to compile, build and install
    curl and libcurl from source code.
 
+Building from git
+=================
+
+   If you get your code off a git repository, see the GIT-INFO file in the
+   root directory for specific instructions on how to proceed.
+
 UNIX
 ====
    A normal unix installation is made in three or four steps (after you've
@@ -213,7 +219,7 @@ Win32
 
      set ZLIB_PATH=c:\zlib-1.2.5
      set OPENSSL_PATH=c:\openssl-0.9.8r
-     set LIBSSH2_PATH=c:\libssh2-1.2.7
+     set LIBSSH2_PATH=c:\libssh2-1.2.8
 
    ATTENTION: if you want to build with libssh2 support you have to use latest
    version 0.17 - previous versions will NOT work with 7.17.0 and later!
@@ -461,6 +467,34 @@ Win32
      in the vc6libcurl.dsw/vc6libcurl.dsp Visual C++ 6 IDE project.
 
 
+   Using BSD-style lwIP instead of Winsock TCP/IP stack in Win32 builds
+   --------------------------------------------------------------------
+
+   In order to compile libcurl and curl using BSD-style lwIP TCP/IP stack
+   it is necessary to make definition of preprocessor symbol USE_LWIPSOCK
+   visible to libcurl and curl compilation processes. To set this definition
+   you have the following alternatives:
+
+   - Modify lib/config-win32.h and src/config-win32.h
+   - Modify lib/Makefile.vc6
+   - Add definition to Project/Settings/C/C++/General/Preprocessor Definitions
+     in the vc6libcurl.dsw/vc6libcurl.dsp Visual C++ 6 IDE project.
+
+   Once that libcurl has been built with BSD-style lwIP TCP/IP stack support,
+   in order to use it with your program it is mandatory that your program
+   includes lwIP header file <lwip/opt.h> (or another lwIP header that includes
+   this) before including any libcurl header. Your program does not need the
+   USE_LWIPSOCK preprocessor definition which is for libcurl internals only.
+
+   Compilation has been verified with lwIP 1.4.0 and contrib-1.4.0 from:
+
+   http://download.savannah.gnu.org/releases/lwip/lwip-1.4.0.zip
+   http://download.savannah.gnu.org/releases/lwip/contrib-1.4.0.zip
+
+   This BSD-style lwIP TCP/IP stack support must be considered experimental
+   given that it has been verified that lwIP 1.4.0 still needs some polish,
+   and libcurl might yet need some additional adjustment, caveat emptor.
+
    Important static libcurl usage note
    -----------------------------------
 

docs/INSTALL.cmake

@@ -18,6 +18,17 @@ Building with CMake
    CMake builds can be configured either from the command line, or from one
    of CMake's GUI's.
 
+Important notice
+==================
+   If you got your curl sources from a distribution tarball, make sure to
+   delete the generic 'include/curl/curlbuild.h' file that comes with it:
+       rm -f curl/include/curl/curlbuild.h
+
+   The purpose of this file is to provide reasonable definitions for systems
+   where autoconfiguration is not available. CMake will create its own
+   version of this file in its build directory. If the "generic" version
+   is not deleted, weird build errors may occur on some systems.
+
 Command Line CMake
 ==================
    A command line build of Curl is similar to the autotools build of Curl. It
@@ -32,9 +43,10 @@ Command Line CMake
        # variable prior to running CMake.
        cmake ../curl
        make
-       # currently make test and make install are not implemented
+       # currently make test is not implemented
        #make test
-       #make install
+       # Install to default location:
+       make install
 
 ccmake
 =========

docs/THANKS

@@ -5,6 +5,7 @@
  If you have contributed but are missing here, please let us know!
 
 Aaron Oneal
+Aaron Orenstein
 Adam D. Moss
 Adam Light
 Adam Piggott
@@ -78,6 +79,7 @@ Bas Mevissen
 Ben Darnell
 Ben Greear
 Ben Madsen
+Ben Noordhuis
 Ben Van Hof
 Benbuck Nason
 Benjamin Gerard
@@ -123,6 +125,7 @@ Chris Flerackers
 Chris Gaukroger
 Chris Maltby
 Chris Mumford
+Chris Smowton
 Christian Krause
 Christian Kurz
 Christian Robottom Reis
@@ -149,6 +152,7 @@ Craig Markwardt
 Cris Bailiff
 Curt Bogmine
 Cyrill Osterwalder
+Dagobert Michelsen
 Damien Adant
 Dan Becker
 Dan C
@@ -320,6 +324,7 @@ Heikki Korpela
 Heinrich Ko
 Hendrik Visage
 Henrik Storner
+Henry Ludemann
 Hidemoto Nakada
 Hoi-Ho Chan
 Hongli Lai
@@ -421,6 +426,7 @@ Jose Kahan
 Josef Wolf
 Josh Kapell
 Joshua Kwan
+Josue Andrade Gomes
 Juan F. Codagnone
 Juan Ignacio Herv<72>s
 Judson Bishop
@@ -438,6 +444,7 @@ Kai-Uwe Rommel
 Kalle Vahlman
 Kamil Dudka
 Kang-Jin Lee
+Karl M
 Karl Moerder
 Karol Pietrzak
 Kaspar Brand
@@ -499,6 +506,7 @@ Luong Dinh Dung
 Maciej Karpiuk
 Maciej W. Rozycki
 Manfred Schwarb
+Manuel Massing
 Marc Boucher
 Marc Kleine-Budde
 Marcel Roelofs
@@ -506,6 +514,7 @@ Marcelo Juchem
 Marcin Konicki
 Marco G. Salvagno
 Marco Maggi
+Marcus Sundberg
 Marcus Webster
 Mario Schroeder
 Mark Butler
@@ -537,6 +546,7 @@ Matt Kraai
 Matt Veenstra
 Matt Witherspoon
 Matt Wixson
+Matteo Rocco
 Matthew Blain
 Matthew Clarke
 Matthias Bolte
@@ -545,6 +555,7 @@ Mauro Iorio
 Max Katsev
 Maxim Ivanov
 Maxim Perenesenko
+Mehmet Bozkurt
 Mekonikum
 Mettgut Jamalla
 Michael Benedict
@@ -607,6 +618,7 @@ Ofer
 Olaf Stueben
 Olaf St<53>ben
 Oren Tirosh
+Ori Avtalion
 P R Schaffner
 Pascal Terjan
 Pasha Kuznetsov
@@ -666,6 +678,7 @@ Rafa Muyo
 Rafael Sagula
 Rainer Canavan
 Rainer Koenig
+Rajesh Naganathan
 Ralf S. Engelschall
 Ralph Beckmann
 Ralph Mitchell
@@ -691,6 +704,7 @@ Richard Clayton
 Richard Cooper
 Richard Gorton
 Richard Prescott
+Richard Silverman
 Rick Jones
 Rick Richardson
 Rob Crittenden
@@ -720,6 +734,7 @@ Ruslan Gazizov
 Rutger Hofman
 Ryan Chan
 Ryan Nelson
+Ryan Schmidt
 S. Moonesamy
 Salvador D<>vila
 Salvatore Sorrentino
@@ -730,6 +745,7 @@ Samuel Listopad
 Samuel Thibault
 Sander Gates
 Sandor Feldi
+Saqib Ali
 Saul good
 Scott Barrett
 Scott Cantor
@@ -796,8 +812,10 @@ Tim Chen
 Tim Costello
 Tim Newsome
 Tim Sneddon
+Tinus van den Berg
 Tobias Rundstr<74>m
 Toby Peterson
+Todd A Ouska
 Todd Kulesza
 Todd Vierling
 Tom Benoist
@@ -833,6 +851,7 @@ Vincent Bronner
 Vincent Le Normand
 Vincent Penquerc'h
 Vincent Sanders
+Vincent Torri
 Vlad Grachov
 Vlad Ureche
 Vladimir Lazarenko

docs/TODO

@@ -12,16 +12,15 @@
  All bugs documented in the KNOWN_BUGS document are subject for fixing!
 
  1. libcurl
- 1.1 Zero-copy interface
  1.2 More data sharing
  1.3 struct lifreq
  1.4 signal-based resolver timeouts
  1.5 get rid of PATH_MAX
+ 1.6 progress callback without doubles
 
  2. libcurl - multi interface
  2.1 More non-blocking
  2.2 Remove easy interface internally
- 2.3 Avoid having to remove/readd handles
  2.4 Fix HTTP Pipelining for PUT
 
  3. Documentation
@@ -54,12 +53,10 @@
  7.5 Export session ids
  7.6 Provide callback for cert verification
  7.7 Support other SSL libraries
- 7.8  Support SRP on the TLS layer
  7.9 improve configure --with-ssl
 
  8. GnuTLS
  8.1 SSL engine stuff
- 8.2 SRP
  8.3 check connection
  8.4 non-gcrypt
 
@@ -77,6 +74,7 @@
  11.6 url-specific options
  11.7 metalink support
  11.8 warning when setting an option
+ 11.9 IPv6 addresses with globbing
 
  12. Build
  12.1 roffit
@@ -100,17 +98,12 @@
  15.5 remove CURLOPT_FAILONERROR
  15.6 remove CURLOPT_DNS_USE_GLOBAL_CACHE
  15.7 remove progress meter from libcurl
+ 15.8 remove 'curl_httppost' from public
 
 ==============================================================================
 
 1. libcurl
 
-1.1 Zero-copy interface
-
- Introduce another callback interface for upload/download that makes one less
- copy of data and thus a faster operation.
- [http://curl.haxx.se/dev/no_copy_callbacks.txt]
-
 1.2 More data sharing
 
  curl_share_* functions already exist and work, and they can be extended to
@@ -144,6 +137,15 @@
  we need libssh2 to properly tell us when we pass in a too small buffer and
  its current API (as of libssh2 1.2.7) doesn't.
 
+1.6 progress callback without doubles
+
+ The progress callback was introduced way back in the days and the choice to
+ use doubles in the arguments was possibly good at the time. Today the doubles
+ only confuse users and make the amounts less precise. We should introduce
+ another progress callback option that take precedence over the old one and
+ have both co-exist for a forseeable time until we can remove the double-using
+ one.
+
 2. libcurl - multi interface
 
 2.1 More non-blocking
@@ -170,23 +172,6 @@
  internally use and assume the multi interface. The select()-loop should use
  curl_multi_socket().
 
-2.3 Avoid having to remove/readd handles
-
- curl_multi_handle_control() - this can control the easy handle (while) added
- to a multi handle in various ways:
-
- o RESTART, unconditionally restart this easy handle's transfer from the
-   start, re-init the state
-
- o RESTART_COMPLETED, restart this easy handle's transfer but only if the
-   existing transfer has already completed and it is in a "finished state".
-
- o STOP, just stop this transfer and consider it completed
-
- o PAUSE?
-
- o RESUME?
-
 2.4 Fix HTTP Pipelining for PUT
 
  HTTP Pipelining can be a way to greatly enhance performance for multiple
@@ -334,12 +319,6 @@ to provide the data to send.
  Make curl's SSL layer capable of using other free SSL libraries.  Such as
  MatrixSSL (http://www.matrixssl.org/).
 
-7.8  Support SRP on the TLS layer
-
- Peter Sylvester's patch for SRP on the TLS layer.  Awaits OpenSSL support for
- this, no need to support this in libcurl before there's an OpenSSL release
- that does it.
-
 7.9 improve configure --with-ssl
 
  make the configure --with-ssl option first check for OpenSSL, then GnuTLS,
@@ -351,11 +330,6 @@ to provide the data to send.
 
  Is this even possible?
 
-8.2 SRP
-
- Work out a common method with Peter Sylvester's OpenSSL-patch for SRP on the
- TLS to provide name and password. GnuTLS already supports it...
-
 8.3 check connection
 
  Add a way to check if the connection seems to be alive, to correspond to the
@@ -451,6 +425,13 @@ to provide the data to send.
   This can be useful to tell when support for a particular feature hasn't been
   compiled into the library.
 
+11.9 IPv6 addresses with globbing
+
+  Currently the command line client needs to get url globbing disabled (with
+  -g) for it to support IPv6 numerical addresses. This is a rather silly flaw
+  that should be corrected. It probably involves a smarter detection of the
+  '[' and ']' letters.
+
 12. Build
 
 12.1 roffit
@@ -569,3 +550,12 @@ to provide the data to send.
  The progress callback should then be bumped as well to get proper 64bit
  variable types passed to it instead of doubles so that big files work
  correctly.
+
+15.8 remove 'curl_httppost' from public
+
+ curl_formadd() was made to fill in a public struct, but the fact that the
+ struct is public is never really used by application for their own advantage
+ but instead often restricts how the form functions can or can't be modified.
+
+ Changing them to return a private handle will benefit the implementation and
+ allow us much greater freedoms while still maintining a solid API and ABI.

docs/VERSIONS

@@ -11,32 +11,25 @@ Version Numbers and Releases
 
  The version numbering is always built up using the same system:
 
-        X.Y[.Z][-preN]
+        X.Y[.Z]
 
  Where
    X is main version number
    Y is release number
    Z is patch number
-   N is pre-release number
 
  One of these numbers will get bumped in each new release. The numbers to the
  right of a bumped number will be reset to zero. If Z is zero, it may not be
- included in the version number. The pre release number is only included in
- pre releases (they're never used in public, official, releases).
+ included in the version number.
 
  The main version number will get bumped when *really* big, world colliding
- changes are made. The release number is bumped when big changes are
- performed. The patch number is bumped when the changes are mere bugfixes and
- only minor feature changes. The pre-release is a counter, to identify which
- pre-release a certain release is.
-
- When reaching the end of a pre-release period, the version without the
- pre-release part will be released as a public release.
+ changes are made. The release number is bumped when changes are performed or
+ things/features are added. The patch number is bumped when the changes are
+ mere bugfixes.
 
  It means that after release 1.2.3, we can release 2.0 if something really big
  has been made, 1.3 if not that big changes were made or 1.2.4 if mostly bugs
- were fixed. Before 1.2.4 is released, we might release a 1.2.4-pre1 release
- for the brave people to try before the actual release.
+ were fixed.
 
  Bumping, as in increasing the number with 1, is unconditionally only
  affecting one of the numbers (except the ones to the right of it, that may be
@@ -56,12 +49,12 @@ Version Numbers and Releases
         #define LIBCURL_VERSION_NUM 0xXXYYZZ
 
  Where XX, YY and ZZ are the main version, release and patch numbers in
- hexadecimal. All three numbers are always represented using two digits.  1.2
- would appear as "0x010200" while version 9.11.7 appears as "0x090b07".
+ hexadecimal. All three number fields are always represented using two digits
+ (eight bits each). 1.2 would appear as "0x010200" while version 9.11.7
+ appears as "0x090b07".
 
- This 6-digit hexadecimal number does not show pre-release number, and it is
- always a greater number in a more recent release. It makes comparisons with
- greater than and less than work.
+ This 6-digit hexadecimal number is always a greater number in a more recent
+ release. It makes comparisons with greater than and less than work.
 
  This number is also available as three separate defines:
  LIBCURL_VERSION_MAJOR, LIBCURL_VERSION_MINOR and LIBCURL_VERSION_PATCH.

docs/examples/.gitignore

@@ -4,6 +4,7 @@ certinfo
 chkspeed
 cookie_interface
 debug
+externalsocket
 fileupload
 fopen
 ftp-wildcard
@@ -25,6 +26,8 @@ multi-single
 persistant
 post-callback
 postit2
+resolve
+rtsp
 sendrecv
 sepheaders
 simple

docs/examples/Makefile.inc

@@ -4,7 +4,7 @@ check_PROGRAMS = 10-at-a-time anyauthput cookie_interface debug fileupload \
   https multi-app multi-debugcallback multi-double multi-post multi-single \
   persistant post-callback postit2 sepheaders simple simplepost simplessl  \
   sendrecv httpcustomheader certinfo chkspeed ftpgetinfo ftp-wildcard \
-  smtp-multi simplesmtp smtp-tls
+  smtp-multi simplesmtp smtp-tls rtsp externalsocket resolve
 
 # These examples require external dependencies that may not be commonly
 # available on POSIX systems, so don't bother attempting to compile them here.

docs/examples/anyauthput.c

@@ -26,8 +26,6 @@
 #else
 #  ifdef __VMS
      typedef int intptr_t;
-#  else
-#    include <stdint.h>
 #  endif
 #  include <unistd.h>
 #endif

docs/examples/certinfo.c

@@ -22,8 +22,6 @@
 #include <stdio.h>
 
 #include <curl/curl.h>
-#include <curl/types.h>
-#include <curl/easy.h>
 
 static size_t wrfu(void *ptr,  size_t  size,  size_t  nmemb,  void *stream)
 {

docs/examples/chkspeed.c

@@ -35,8 +35,6 @@
 #include <time.h>
 
 #include <curl/curl.h>
-#include <curl/types.h>
-#include <curl/easy.h>
 
 #define URL_BASE "http://speedtest.your.domain/"
 #define URL_1M   URL_BASE "file_1M.bin"

docs/examples/curlgtk.c

@@ -13,8 +13,6 @@
 #include <gtk/gtk.h>
 
 #include <curl/curl.h>
-#include <curl/types.h> /* new for v7 */
-#include <curl/easy.h> /* new for v7 */
 
 GtkWidget *Bar;
 

docs/examples/externalsocket.c

@@ -0,0 +1,128 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+/*
+ * This is an example demonstrating how an application can pass in a custom
+ * socket to libcurl to use. This example also handles the connect itself.
+ */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <curl/curl.h>
+
+#include <sys/types.h>
+#include <sys/socket.h>
+
+#include <sys/socket.h>       /*  socket definitions        */
+#include <sys/types.h>        /*  socket types              */
+#include <arpa/inet.h>        /*  inet (3) funtions         */
+#include <unistd.h>           /*  misc. UNIX functions      */
+
+#include <errno.h>
+
+/* The IP address and port number to connect to */
+#define IPADDR "127.0.0.1"
+#define PORTNUM 80
+
+static size_t write_data(void *ptr, size_t size, size_t nmemb, void *stream)
+{
+  int written = fwrite(ptr, size, nmemb, (FILE *)stream);
+  return written;
+}
+
+static curl_socket_t opensocket(void *clientp,
+                                curlsocktype purpose,
+                                struct curl_sockaddr *address)
+{
+  curl_socket_t sockfd = *(curl_socket_t *)clientp;
+  /* the actual externally set socket is passed in via the OPENSOCKETDATA
+     option */
+  return sockfd;
+}
+
+static int sockopt_callback(void *clientp, curl_socket_t curlfd,
+                            curlsocktype purpose)
+{
+  /* This return code was added in libcurl 7.21.5 */
+  return CURL_SOCKOPT_ALREADY_CONNECTED;
+}
+
+int main(void)
+{
+  CURL *curl;
+  CURLcode res;
+  struct sockaddr_in servaddr;  /*  socket address structure  */
+  curl_socket_t sockfd;
+
+  curl = curl_easy_init();
+  if(curl) {
+    /*
+     * Note that libcurl will internally think that you connect to the host
+     * and port that you specify in the URL option.
+     */
+    curl_easy_setopt(curl, CURLOPT_URL, "http://99.99.99.99:9999");
+
+    /* Create the socket "manually" */
+    if ( (sockfd = socket(AF_INET, SOCK_STREAM, 0)) < 0 ) {
+      fprintf(stderr, "ECHOCLNT: Error creating listening socket.\n");
+      return 3;
+    }
+
+    memset(&servaddr, 0, sizeof(servaddr));
+    servaddr.sin_family      = AF_INET;
+    servaddr.sin_port        = htons(PORTNUM);
+
+    if(inet_aton(IPADDR, &servaddr.sin_addr) <= 0 )
+      return 2;
+
+    if(connect(sockfd,(struct sockaddr *) &servaddr, sizeof(servaddr)) ==
+       -1) {
+      close(sockfd);
+      printf("client error: connect: %s\n", strerror(errno));
+      return 1;
+    }
+
+    /* no progress meter please */
+    curl_easy_setopt(curl, CURLOPT_NOPROGRESS, 1L);
+
+    /* send all data to this function  */
+    curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_data);
+
+    /* call this function to get a socket */
+    curl_easy_setopt(curl, CURLOPT_OPENSOCKETFUNCTION, opensocket);
+    curl_easy_setopt(curl, CURLOPT_OPENSOCKETDATA, &sockfd);
+
+    /* call this function to set options for the socket */
+    curl_easy_setopt(curl, CURLOPT_SOCKOPTFUNCTION, sockopt_callback);
+
+    curl_easy_setopt(curl, CURLOPT_VERBOSE, 1);
+
+    res = curl_easy_perform(curl);
+
+    curl_easy_cleanup(curl);
+
+    if(res) {
+      printf("libcurl error: %d\n", res);
+      return 4;
+    }
+  }
+  return 0;
+}

docs/examples/ftpget.c

@@ -22,8 +22,6 @@
 #include <stdio.h>
 
 #include <curl/curl.h>
-#include <curl/types.h>
-#include <curl/easy.h>
 
 /*
  * This is an example showing how to get a single file from an FTP server.

docs/examples/ftpgetinfo.c

@@ -23,8 +23,6 @@
 #include <string.h>
 
 #include <curl/curl.h>
-#include <curl/types.h>
-#include <curl/easy.h>
 
 /*
  * This is an example showing how to check a single file's size and mtime

docs/examples/ftpgetresp.c

@@ -22,8 +22,6 @@
 #include <stdio.h>
 
 #include <curl/curl.h>
-#include <curl/types.h>
-#include <curl/easy.h>
 
 /*
  * Similar to ftpget.c but this also stores the received response-lines

docs/examples/getinmemory.c

@@ -36,10 +36,10 @@ struct MemoryStruct {
 
 
 static size_t
-WriteMemoryCallback(void *ptr, size_t size, size_t nmemb, void *data)
+WriteMemoryCallback(void *contents, size_t size, size_t nmemb, void *userp)
 {
   size_t realsize = size * nmemb;
-  struct MemoryStruct *mem = (struct MemoryStruct *)data;
+  struct MemoryStruct *mem = (struct MemoryStruct *)userp;
 
   mem->memory = realloc(mem->memory, mem->size + realsize + 1);
   if (mem->memory == NULL) {
@@ -48,7 +48,7 @@ WriteMemoryCallback(void *ptr, size_t size, size_t nmemb, void *data)
     exit(EXIT_FAILURE);
   }
 
-  memcpy(&(mem->memory[mem->size]), ptr, realsize);
+  memcpy(&(mem->memory[mem->size]), contents, realsize);
   mem->size += realsize;
   mem->memory[mem->size] = 0;
 

docs/examples/postit2.c

@@ -37,8 +37,6 @@
 #include <string.h>
 
 #include <curl/curl.h>
-#include <curl/types.h>
-#include <curl/easy.h>
 
 int main(int argc, char *argv[])
 {

docs/examples/resolve.c

@@ -0,0 +1,51 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include <stdio.h>
+#include <curl/curl.h>
+
+int main(void)
+{
+  CURL *curl;
+  CURLcode res = CURLE_OK;
+  struct curl_slist *host = NULL;
+
+  /* Each single name resolve string should be written using the format
+     HOST:PORT:ADDRESS where HOST is the name libcurl will try to resolve,
+     PORT is the port number of the service where libcurl wants to connect to
+     the HOST and ADDRESS is the numerical IP address
+   */
+  host = curl_slist_append(NULL, "example.com:80:127.0.0.1");
+
+  curl = curl_easy_init();
+  if(curl) {
+    curl_easy_setopt(curl, CURLOPT_RESOLVE, host);
+    curl_easy_setopt(curl, CURLOPT_URL, "http://example.com");
+    res = curl_easy_perform(curl);
+
+    /* always cleanup */
+    curl_easy_cleanup(curl);
+  }
+
+  curl_slist_free_all(host);
+
+  return (int)res;
+}

docs/examples/rtsp.c

@@ -0,0 +1,271 @@
+/*
+ * Copyright (c) 2011, Jim Hollinger
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ *   * Neither the name of Jim Hollinger nor the names of its contributors
+ *     may be used to endorse or promote products derived from this
+ *     software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#if defined (WIN32)
+#  include <conio.h>  /* _getch() */
+#else
+#  include <termios.h>
+#  include <unistd.h>
+
+static int _getch(void)
+{
+  struct termios oldt, newt;
+  int ch;
+  tcgetattr( STDIN_FILENO, &oldt );
+  newt = oldt;
+  newt.c_lflag &= ~( ICANON | ECHO );
+  tcsetattr( STDIN_FILENO, TCSANOW, &newt );
+  ch = getchar();
+  tcsetattr( STDIN_FILENO, TCSANOW, &oldt );
+  return ch;
+}
+#endif
+
+#include <curl/curl.h>
+
+#define VERSION_STR  "V1.0"
+
+/* error handling macros */
+#define my_curl_easy_setopt(A, B, C) \
+  if ((res = curl_easy_setopt((A), (B), (C))) != CURLE_OK) \
+    fprintf(stderr, "curl_easy_setopt(%s, %s, %s) failed: %d\n", \
+            #A, #B, #C, res);
+
+#define my_curl_easy_perform(A) \
+  if ((res = curl_easy_perform((A))) != CURLE_OK) \
+    fprintf(stderr, "curl_easy_perform(%s) failed: %d\n", #A, res);
+
+
+/* send RTSP OPTIONS request */
+static void rtsp_options(CURL *curl, const char *uri)
+{
+  CURLcode res = CURLE_OK;
+  printf("\nRTSP: OPTIONS %s\n", uri);
+  my_curl_easy_setopt(curl, CURLOPT_RTSP_STREAM_URI, uri);
+  my_curl_easy_setopt(curl, CURLOPT_RTSP_REQUEST, CURL_RTSPREQ_OPTIONS);
+  my_curl_easy_perform(curl);
+}
+
+
+/* send RTSP DESCRIBE request and write sdp response to a file */
+static void rtsp_describe(CURL *curl, const char *uri,
+                          const char *sdp_filename)
+{
+  CURLcode res = CURLE_OK;
+  FILE *sdp_fp = fopen(sdp_filename, "wt");
+  printf("\nRTSP: DESCRIBE %s\n", uri);
+  if (sdp_fp == NULL) {
+    fprintf(stderr, "Could not open '%s' for writing\n", sdp_filename);
+    sdp_fp = stdout;
+  }
+  else {
+    printf("Writing SDP to '%s'\n", sdp_filename);
+  }
+  my_curl_easy_setopt(curl, CURLOPT_WRITEDATA, sdp_fp);
+  my_curl_easy_setopt(curl, CURLOPT_RTSP_REQUEST, CURL_RTSPREQ_DESCRIBE);
+  my_curl_easy_perform(curl);
+  my_curl_easy_setopt(curl, CURLOPT_WRITEDATA, stdout);
+  if (sdp_fp != stdout) {
+    fclose(sdp_fp);
+  }
+}
+
+/* send RTSP SETUP request */
+static void rtsp_setup(CURL *curl, const char *uri, const char *transport)
+{
+  CURLcode res = CURLE_OK;
+  printf("\nRTSP: SETUP %s\n", uri);
+  printf("      TRANSPORT %s\n", transport);
+  my_curl_easy_setopt(curl, CURLOPT_RTSP_STREAM_URI, uri);
+  my_curl_easy_setopt(curl, CURLOPT_RTSP_TRANSPORT, transport);
+  my_curl_easy_setopt(curl, CURLOPT_RTSP_REQUEST, CURL_RTSPREQ_SETUP);
+  my_curl_easy_perform(curl);
+}
+
+
+/* send RTSP PLAY request */
+static void rtsp_play(CURL *curl, const char *uri, const char *range)
+{
+  CURLcode res = CURLE_OK;
+  printf("\nRTSP: PLAY %s\n", uri);
+  my_curl_easy_setopt(curl, CURLOPT_RTSP_STREAM_URI, uri);
+  my_curl_easy_setopt(curl, CURLOPT_RANGE, range);
+  my_curl_easy_setopt(curl, CURLOPT_RTSP_REQUEST, CURL_RTSPREQ_PLAY);
+  my_curl_easy_perform(curl);
+}
+
+
+/* send RTSP TEARDOWN request */
+static void rtsp_teardown(CURL *curl, const char *uri)
+{
+  CURLcode res = CURLE_OK;
+  printf("\nRTSP: TEARDOWN %s\n", uri);
+  my_curl_easy_setopt(curl, CURLOPT_RTSP_REQUEST, CURL_RTSPREQ_TEARDOWN);
+  my_curl_easy_perform(curl);
+}
+
+
+/* convert url into an sdp filename */
+static void get_sdp_filename(const char *url, char *sdp_filename)
+{
+  const char *s = strrchr(url, '/');
+  strcpy(sdp_filename, "video.sdp");
+  if (s != NULL) {
+    s++;
+    if (s[0] != '\0') {
+      sprintf(sdp_filename, "%s.sdp", s);
+    }
+  }
+}
+
+
+/* scan sdp file for media control attribute */
+static void get_media_control_attribute(const char *sdp_filename,
+                                        char *control)
+{
+  int max_len = 256;
+  char *s = malloc(max_len);
+  FILE *sdp_fp = fopen(sdp_filename, "rt");
+  control[0] = '\0';
+  if (sdp_fp != NULL) {
+    while (fgets(s, max_len - 2, sdp_fp) != NULL) {
+      sscanf(s, " a = control: %s", control);
+    }
+    fclose(sdp_fp);
+  }
+  free(s);
+}
+
+
+/* main app */
+int main(int argc, char * const argv[])
+{
+#if 1
+  const char *transport = "RTP/AVP;unicast;client_port=1234-1235";  /* UDP */
+#else
+  const char *transport = "RTP/AVP/TCP;unicast;client_port=1234-1235";  /* TCP */
+#endif
+  const char *range = "0.000-";
+  int rc = EXIT_SUCCESS;
+  char *basename = NULL;
+
+  printf("\nRTSP request %s\n", VERSION_STR);
+  printf("    Project web site: http://code.google.com/p/rtsprequest/\n");
+  printf("    Requires cURL V7.20 or greater\n\n");
+
+  /* check command line */
+  if ((argc != 2) && (argc != 3)) {
+    basename = strrchr(argv[0], '/');
+    if (basename == NULL) {
+      basename = strrchr(argv[0], '\\');
+    }
+    if (basename == NULL) {
+      basename = argv[0];
+    } else {
+      basename++;
+    }
+    printf("Usage:   %s url [transport]\n", basename);
+    printf("         url of video server\n");
+    printf("         transport (optional) specifier for media stream protocol\n");
+    printf("         default transport: %s\n", transport);
+    printf("Example: %s rtsp://192.168.0.2/media/video1\n\n", basename);
+    rc = EXIT_FAILURE;
+  } else {
+    const char *url = argv[1];
+    char *uri = malloc(strlen(url) + 32);
+    char *sdp_filename = malloc(strlen(url) + 32);
+    char *control = malloc(strlen(url) + 32);
+    CURLcode res;
+    get_sdp_filename(url, sdp_filename);
+    if (argc == 3) {
+      transport = argv[2];
+    }
+
+    /* initialize curl */
+    res = curl_global_init(CURL_GLOBAL_ALL);
+    if (res == CURLE_OK) {
+      curl_version_info_data *data = curl_version_info(CURLVERSION_NOW);
+      CURL *curl;
+      fprintf(stderr, "    cURL V%s loaded\n", data->version);
+
+      /* initialize this curl session */
+      curl = curl_easy_init();
+      if (curl != NULL) {
+        my_curl_easy_setopt(curl, CURLOPT_VERBOSE, 0L);
+        my_curl_easy_setopt(curl, CURLOPT_NOPROGRESS, 1L);
+        my_curl_easy_setopt(curl, CURLOPT_WRITEHEADER, stdout);
+        my_curl_easy_setopt(curl, CURLOPT_URL, url);
+
+        /* request server options */
+        sprintf(uri, "%s", url);
+        rtsp_options(curl, uri);
+
+        /* request session description and write response to sdp file */
+        rtsp_describe(curl, uri, sdp_filename);
+
+        /* get media control attribute from sdp file */
+        get_media_control_attribute(sdp_filename, control);
+
+        /* setup media stream */
+        sprintf(uri, "%s/%s", url, control);
+        rtsp_setup(curl, uri, transport);
+
+        /* start playing media stream */
+        sprintf(uri, "%s/", url);
+        rtsp_play(curl, uri, range);
+        printf("Playing video, press any key to stop ...");
+        _getch();
+        printf("\n");
+
+        /* teardown session */
+        rtsp_teardown(curl, uri);
+
+        /* cleanup */
+        curl_easy_cleanup(curl);
+        curl = NULL;
+      } else {
+        fprintf(stderr, "curl_easy_init() failed\n");
+      }
+      curl_global_cleanup();
+    } else {
+      fprintf(stderr, "curl_global_init(%s) failed: %d\n",
+              "CURL_GLOBAL_ALL", res);
+    }
+    free(control);
+    free(sdp_filename);
+    free(uri);
+  }
+
+  return rc;
+}

docs/examples/sepheaders.c

@@ -24,8 +24,6 @@
 #include <unistd.h>
 
 #include <curl/curl.h>
-#include <curl/types.h>
-#include <curl/easy.h>
 
 static size_t write_data(void *ptr, size_t size, size_t nmemb, void *stream)
 {

docs/examples/simplessl.c

@@ -22,9 +22,6 @@
 #include <stdio.h>
 
 #include <curl/curl.h>
-#include <curl/types.h>
-#include <curl/easy.h>
-
 
 /* some requirements for this to work:
    1.   set pCertFile to the file with the client certificate

docs/examples/smooth-gtk-thread.c

@@ -37,8 +37,6 @@
 #include <pthread.h>
 
 #include <curl/curl.h>
-#include <curl/types.h> /* new for v7 */
-#include <curl/easy.h> /* new for v7 */
 
 #define NUMT 4
 

docs/libcurl/curl_easy_cleanup.3

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -37,8 +37,15 @@ This will effectively close all connections this handle has used and possibly
 has kept open until now. Don't call this function if you intend to transfer
 more files.
 
-Any uses of the \fBhandle\fP after this function has been called are
-illegal. This kills the handle and all memory associated with it!
+Occasionally you may get your progress callback or header callback called from
+within \fIcurl_easy_cleanup(3)\fP (if previously set for the handle using
+\fIcurl_easy_setopt(3)\fP). Like if libcurl decides to shut down the
+connection and the protocol is of a kind that requires a command/response
+sequence before disconnect. Examples of such protocols are FTP, POP3 and IMAP.
+
+Any uses of the \fBhandle\fP after this function has been called and have
+returned, are illegal. This kills the handle and all memory associated with
+it!
 
 With libcurl versions prior to 7.17.: when you've called this, you can safely
 remove all the strings you've previously told libcurl to use, as it won't use

docs/libcurl/curl_easy_escape.3

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2008, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -31,8 +31,8 @@ curl_easy_escape - URL encodes the given string
 .SH DESCRIPTION
 This function converts the given input string to an URL encoded string and
 returns that as a new allocated string. All input characters that are not a-z,
-A-Z or 0-9 are converted to their "URL escaped" version (%NN where NN is a
-two-digit hexadecimal number).
+A-Z, 0-9, '-', '.', '_' or '~' are converted to their "URL escaped" version
+(%NN where NN is a two-digit hexadecimal number).
 
 If the \fBlength\fP argument is set to 0 (zero), \fIcurl_easy_escape(3)\fP
 uses strlen() on the input \fBurl\fP to find out the size.

docs/libcurl/curl_easy_getinfo.3

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -80,12 +80,13 @@ waits in line for the pipeline and more. (Added in 7.19.0)
 Pass a pointer to a double to receive the time, in seconds, it took from the
 start until the file transfer is just about to begin. This includes all
 pre-transfer commands and negotiations that are specific to the particular
-protocol(s) involved.
+protocol(s) involved. It does \fInot\fP involve the sending of the protocol-
+specific request that triggers a transfer.
 .IP CURLINFO_STARTTRANSFER_TIME
 Pass a pointer to a double to receive the time, in seconds, it took from the
-start until the first byte is just about to be transferred. This includes
-CURLINFO_PRETRANSFER_TIME and also the time the server needs to calculate
-the result.
+start until the first byte is received by libcurl. This includes
+CURLINFO_PRETRANSFER_TIME and also the time the server needs to calculate the
+result.
 .IP CURLINFO_REDIRECT_TIME
 Pass a pointer to a double to receive the total time, in seconds, it took for
 all redirection steps include name lookup, connect, pretransfer and transfer
@@ -275,7 +276,7 @@ file transfer is just about to begin. This includes all pre-transfer commands
 and negotiations that are specific to the particular protocol(s) involved.
 .IP STARTTRANSFER
 \fICURLINFO_STARTTRANSFER_TIME\fP. The time it took from the start until the
-first byte is just about to be transferred.
+first byte is received by libcurl.
 .IP TOTAL
 \fICURLINFO_TOTAL_TIME\fP. Total time of the previous request.
 .IP REDIRECT

docs/libcurl/curl_easy_setopt.3

@@ -68,8 +68,9 @@ A parameter set to 1 tells the library to include the header in the body
 output. This is only relevant for protocols that actually have headers
 preceding the data (like HTTP).
 .IP CURLOPT_NOPROGRESS
-A parameter set to 1 tells the library to shut off the built-in progress meter
-completely.
+Pass a long. If set to 1, it tells the library to shut off the progress meter
+completely. It will also present the \fICURLOPT_PROGRESSFUNCTION\fP from
+getting called.
 
 Future versions of libcurl are likely to not have any built-in progress meter
 at all.
@@ -90,7 +91,9 @@ SIGPIPE signals, which otherwise are sent by the system when trying to send
 data to a socket which is closed in the other end. libcurl makes an effort to
 never cause such SIGPIPEs to trigger, but some operating systems have no way
 to avoid them and even on those that have there are some corner cases when
-they may still happen, contrary to our desire.
+they may still happen, contrary to our desire. In addition, using
+\fICURLAUTH_NTLM_WB\fP authentication could cause a SIGCHLD signal to be
+raised.
 .IP CURLOPT_WILDCARDMATCH
 Set this option to 1 if you want to transfer multiple files according to a
 file name pattern. The pattern can be specified as part of the
@@ -105,18 +108,18 @@ This feature is only supported by the FTP download for now.
 
 A brief introduction of its syntax follows:
 .RS
-.IP "\fB*\fP - ASTERISK"
+.IP "* - ASTERISK"
 \&ftp://example.com/some/path/\fB*.txt\fP (for all txt's from the root
 directory)
 .RE
 .RS
-.IP "\fB?\fP - QUESTION MARK"
+.IP "? - QUESTION MARK"
 Question mark matches any (exactly one) character.
 
 \&ftp://example.com/some/path/\fBphoto?.jpeg\fP
 .RE
 .RS
-.IP "\fB[\fP - BRACKET EXPRESSION"
+.IP "[ - BRACKET EXPRESSION"
 The left bracket opens a bracket expression. The question mark and asterisk have
 no special meaning in a bracket expression. Each bracket expression ends by the
 right bracket and matches exactly one character. Some examples follow:
@@ -145,7 +148,7 @@ Using the rules above, a file name pattern can be constructed:
 .SH CALLBACK OPTIONS
 .IP CURLOPT_WRITEFUNCTION
 Function pointer that should match the following prototype: \fBsize_t
-function( void *ptr, size_t size, size_t nmemb, void *userdata);\fP This
+function( char *ptr, size_t size, size_t nmemb, void *userdata);\fP This
 function gets called by libcurl as soon as there is data received that needs
 to be saved. The size of the data pointed to by \fIptr\fP is \fIsize\fP
 multiplied with \fInmemb\fP, it will not be zero terminated. Return the number
@@ -307,6 +310,17 @@ address blacklisting.  The default behavior is:
 Pass a pointer that will be untouched by libcurl and passed as the first
 argument in the opensocket callback set with \fICURLOPT_OPENSOCKETFUNCTION\fP.
 (Option added in 7.17.1.)
+.IP CURLOPT_CLOSESOCKETFUNCTION
+Function pointer that should match the \fIcurl_closesocket_callback\fP
+prototype found in \fI<curl/curl.h>\fP. This function gets called by libcurl
+instead of the \fIclose(3)\fP or \fIclosesocket(3)\fP call when sockets are
+closed (not for any other file descriptors). This is pretty much the reverse
+to the \fICURLOPT_OPENSOCKETFUNCTION\fP option. Return 0 to signal success and
+1 if there was an error.  (Option added in 7.21.7)
+.IP CURLOPT_CLOSESOCKETDATA
+Pass a pointer that will be untouched by libcurl and passed as the first
+argument in the opensocket callback set with
+\fICURLOPT_CLOSESOCKETFUNCTION\fP.  (Option added in 7.21.7)
 .IP CURLOPT_PROGRESSFUNCTION
 Function pointer that should match the \fIcurl_progress_callback\fP prototype
 found in \fI<curl/curl.h>\fP. This function gets called by libcurl instead of
@@ -331,10 +345,10 @@ Function pointer that should match the following prototype: \fIsize_t
 function( void *ptr, size_t size, size_t nmemb, void *userdata);\fP. This
 function gets called by libcurl as soon as it has received header data. The
 header callback will be called once for each header and only complete header
-lines are passed on to the callback. Parsing headers should be easy enough
-using this. The size of the data pointed to by \fIptr\fP is \fIsize\fP
-multiplied with \fInmemb\fP. Do not assume that the header line is zero
-terminated! The pointer named \fIuserdata\fP is the one you set with the
+lines are passed on to the callback. Parsing headers is very easy using
+this. The size of the data pointed to by \fIptr\fP is \fIsize\fP multiplied
+with \fInmemb\fP. Do not assume that the header line is zero terminated! The
+pointer named \fIuserdata\fP is the one you set with the
 \fICURLOPT_WRITEHEADER\fP option. The callback function must return the number
 of bytes actually taken care of. If that amount differs from the amount passed
 to your function, it'll signal an error to the library. This will abort the
@@ -353,19 +367,20 @@ negotiation. If you need to operate on only the headers from the final
 response, you will need to collect headers in the callback yourself and use
 HTTP status lines, for example, to delimit response boundaries.
 
-Since 7.14.1: When a server sends a chunked encoded transfer, it may contain a
-trailer. That trailer is identical to a HTTP header and if such a trailer is
-received it is passed to the application using this callback as well. There
-are several ways to detect it being a trailer and not an ordinary header: 1)
-it comes after the response-body. 2) it comes after the final header line (CR
-LF) 3) a Trailer: header among the response-headers mention what header to
-expect in the trailer.
+When a server sends a chunked encoded transfer, it may contain a trailer. That
+trailer is identical to a HTTP header and if such a trailer is received it is
+passed to the application using this callback as well. There are several ways
+to detect it being a trailer and not an ordinary header: 1) it comes after the
+response-body. 2) it comes after the final header line (CR LF) 3) a Trailer:
+header among the regular response-headers mention what header(s) to expect in
+the trailer.
 .IP CURLOPT_WRITEHEADER
 (This option is also known as \fBCURLOPT_HEADERDATA\fP) Pass a pointer to be
-used to write the header part of the received data to. If you don't use your
-own callback to take care of the writing, this must be a valid FILE *. See
-also the \fICURLOPT_HEADERFUNCTION\fP option above on how to set a custom
-get-all-headers callback.
+used to write the header part of the received data to. If you don't use
+\fICURLOPT_WRITEFUNCTION\fP or \fICURLOPT_HEADERFUNCTION\fP to take care of
+the writing, this must be a valid FILE * as the internal default will then be
+a plain fwrite(). See also the \fICURLOPT_HEADERFUNCTION\fP option above on
+how to set a custom get-all-headers callback.
 .IP CURLOPT_DEBUGFUNCTION
 Function pointer that should match the following prototype: \fIint
 curl_debug_callback (CURL *, curl_infotype, char *, size_t, void *);\fP
@@ -632,6 +647,13 @@ use of a proxy, even if there is an environment variable set for it.
 Since 7.14.1, the proxy host string given in environment variables can be
 specified the exact same way as the proxy can be set with \fICURLOPT_PROXY\fP,
 include protocol prefix (http://) and embedded user + password.
+
+Since 7.21.7, the proxy string may be specified with a protocol:// prefix to
+specify alternative proxy protocols. Use socks4://, socks4a://, socks5:// or
+socks5h:// (the last one to enable socks5 and asking the proxy to do the
+resolving, also known as CURLPROXY_SOCKS5_HOSTNAME type) to request the
+specific SOCKS version to be used. No protocol specified, http:// and all
+others will be treated as HTTP proxies.
 .IP CURLOPT_PROXYPORT
 Pass a long with this option to set the proxy port to connect to unless it is
 specified in the proxy string \fICURLOPT_PROXY\fP.
@@ -641,6 +663,11 @@ this are \fICURLPROXY_HTTP\fP, \fICURLPROXY_HTTP_1_0\fP (added in 7.19.4),
 \fICURLPROXY_SOCKS4\fP (added in 7.15.2), \fICURLPROXY_SOCKS5\fP,
 \fICURLPROXY_SOCKS4A\fP (added in 7.18.0) and \fICURLPROXY_SOCKS5_HOSTNAME\fP
 (added in 7.18.0). The HTTP type is default. (Added in 7.10)
+
+If you set \fBCURLOPT_PROXYTYPE\fP to \fICURLPROXY_HTTP_1_0\fP, it will only
+affect how libcurl speaks to a proxy when CONNECT is used. The HTTP version
+used for "regular" HTTP requests is instead controled with
+\fICURLOPT_HTTP_VERSION\fP.
 .IP CURLOPT_NOPROXY
 Pass a pointer to a zero terminated string. The should be a comma- separated
 list of hosts which do not use a proxy, if one is specified.  The only
@@ -865,6 +892,20 @@ prevent the password from being eavesdropped.
 
 You need to build libcurl with OpenSSL support for this option to work, or
 build libcurl on Windows.
+.IP CURLAUTH_NTLM_WB
+NTLM delegating to winbind helper. Authentication is performed by a separate
+binary application that is executed when needed. The name of the application
+is specified at compile time but is typically /usr/bin/ntlm_auth
+(Added in 7.22.0)
+
+Note that libcurl will fork when necessary to run the winbind application and
+kill it when complete, calling waitpid() to await its exit when done. On POSIX
+operating systems, killing the process will cause a SIGCHLD signal to be
+raised (regardless of whether \fICURLOPT_NOSIGNAL\fP is set), which must be
+handled intelligently by the application. In particular, the application must
+not unconditionally call wait() in its SIGCHLD signal handler to avoid being
+subject to a race condition.  This behavior is subject to change in future
+versions of libcurl.
 .IP CURLAUTH_ANY
 This is a convenience macro that sets all bits and thus makes libcurl pick any
 it finds suitable. libcurl will automatically select the one it finds most
@@ -916,7 +957,7 @@ work. (Added in 7.10.7)
 Pass a parameter set to 1 to enable this. When enabled, libcurl will
 automatically set the Referer: field in requests where it follows a Location:
 redirect.
-.IP CURLOPT_ENCODING
+.IP CURLOPT_ACCEPT_ENCODING
 Sets the contents of the Accept-Encoding: header sent in an HTTP request, and
 enables decoding of a response when a Content-Encoding: header is received.
 Three encodings are supported: \fIidentity\fP, which does nothing,
@@ -928,6 +969,21 @@ supported encodings is sent.
 This is a request, not an order; the server may or may not do it.  This option
 must be set (to any non-NULL value) or else any unsolicited encoding done by
 the server is ignored. See the special file lib/README.encoding for details.
+
+(This option was called CURLOPT_ENCODING before 7.21.6)
+.IP CURLOPT_TRANSFER_ENCODING
+Adds a request for compressed Transfer Encoding in the outgoing HTTP
+request. If the server supports this and so desires, it can respond with the
+HTTP resonse sent using a compressed Transfer-Encoding that will be
+automatically uncompressed by libcurl on receival.
+
+Transfer-Encoding differs slightly from the Content-Encoding you ask for with
+\fBCURLOPT_ACCEPT_ENCODING\fP in that a Transfer-Encoding is strictly meant to
+be for the transfer and thus MUST be decoded before the data arrives in the
+client. Traditionally, Transfer-Encoding has been much less used and supported
+by both HTTP clients and HTTP servers.
+
+(Added in 7.21.6)
 .IP CURLOPT_FOLLOWLOCATION
 A parameter set to 1 tells the library to follow any Location: header that the
 server sends as part of an HTTP header.
@@ -1273,18 +1329,22 @@ Examples with specified ports:
 You disable PORT again and go back to using the passive version by setting
 this option to NULL.
 .IP CURLOPT_QUOTE
-Pass a pointer to a linked list of FTP or SFTP commands to pass to
-the server prior to your FTP request. This will be done before any
-other commands are issued (even before the CWD command for FTP). The
-linked list should be a fully valid list of 'struct curl_slist' structs
-properly filled in with text strings. Use \fIcurl_slist_append(3)\fP
-to append strings (commands) to the list, and clear the entire list
-afterwards with \fIcurl_slist_free_all(3)\fP. Disable this operation
-again by setting a NULL to this option.
-The set of valid FTP commands depends on the server (see RFC959 for a
-list of mandatory commands).
-The valid SFTP commands are: chgrp, chmod, chown, ln, mkdir, pwd,
-rename, rm, rmdir, symlink (see
+Pass a pointer to a linked list of FTP or SFTP commands to pass to the server
+prior to your FTP request. This will be done before any other commands are
+issued (even before the CWD command for FTP). The linked list should be a
+fully valid list of 'struct curl_slist' structs properly filled in with text
+strings. Use \fIcurl_slist_append(3)\fP to append strings (commands) to the
+list, and clear the entire list afterwards with
+\fIcurl_slist_free_all(3)\fP. Disable this operation again by setting a NULL
+to this option. When speaking to a FTP server, prefix the command with an
+asterisk (*) to make libcurl continue even if the command fails as by default
+libcurl will stop at first failure.
+
+The set of valid FTP commands depends on the server (see RFC959 for a list of
+mandatory commands).
+
+The valid SFTP commands are: chgrp, chmod, chown, ln, mkdir, pwd, rename, rm,
+rmdir, symlink (see
 .BR curl (1))
 (SFTP support added in 7.16.3)
 .IP CURLOPT_POSTQUOTE
@@ -2065,6 +2125,14 @@ of these, 'private' will be used. Set the string to NULL to disable kerberos
 support for FTP.
 
 (This option was known as CURLOPT_KRB4LEVEL up to 7.16.3)
+.IP CURLOPT_GSSAPI_DELEGATION
+Set the parameter to CURLGSSAPI_DELEGATION_FLAG to allow unconditional GSSAPI
+credential delegation.  The delegation is disabled by default since 7.21.7.
+Set the parameter to CURLGSSAPI_DELEGATION_POLICY_FLAG to delegate only if
+the OK-AS-DELEGATE flag is set in the service ticket in case this feature is
+supported by the GSSAPI implementation and the definition of
+GSS_C_DELEG_POLICY_FLAG was available at compile-time.
+(Added in 7.22.0)
 .SH SSH OPTIONS
 .IP CURLOPT_SSH_AUTH_TYPES
 Pass a long set to a bitmask consisting of one or more of
@@ -2078,13 +2146,15 @@ libcurl will reject the connection to the host unless the md5sums match. This
 option is only for SCP and SFTP transfers. (Added in 7.17.1)
 .IP CURLOPT_SSH_PUBLIC_KEYFILE
 Pass a char * pointing to a file name for your public key. If not used,
-libcurl defaults to using \fB~/.ssh/id_dsa.pub\fP.
-(Added in 7.16.1)
+libcurl defaults to \fB$HOME/.ssh/id_dsa.pub\fP if the HOME environment
+variable is set, and just "id_dsa.pub" in the current directory if HOME is not
+set.  (Added in 7.16.1)
 .IP CURLOPT_SSH_PRIVATE_KEYFILE
 Pass a char * pointing to a file name for your private key. If not used,
-libcurl defaults to using \fB~/.ssh/id_dsa\fP.  If the file is
-password-protected, set the password with \fICURLOPT_KEYPASSWD\fP. (Added in
-7.16.1)
+libcurl defaults to \fB$HOME/.ssh/id_dsa\fP if the HOME environment variable
+is set, and just "id_dsa" in the current directory if HOME is not set.  If the
+file is password-protected, set the password with
+\fICURLOPT_KEYPASSWD\fP. (Added in 7.16.1)
 .IP CURLOPT_SSH_KNOWNHOSTS
 Pass a pointer to a zero terminated string holding the file name of the
 known_host file to use.  The known_hosts file should use the OpenSSH file

docs/libcurl/curl_formadd.3

@@ -30,18 +30,19 @@ curl_formadd - add a section to a multipart/formdata HTTP POST
 .ad
 .SH DESCRIPTION
 curl_formadd() is used to append sections when building a multipart/formdata
-HTTP POST (sometimes referred to as RFC2388-style posts). Append one section at
-a time until you've added all the sections you want included and then you pass
-the \fIfirstitem\fP pointer as parameter to \fBCURLOPT_HTTPPOST\fP.
-\fIlastitem\fP is set after each call and on repeated invokes it should be
-left as set to allow repeated invokes to find the end of the list faster.
+HTTP POST (sometimes referred to as RFC2388-style posts). Append one section
+at a time until you've added all the sections you want included and then you
+pass the \fIfirstitem\fP pointer as parameter to \fBCURLOPT_HTTPPOST\fP.
+\fIlastitem\fP is set after each \fIcurl_formadd(3)\fP call and on repeated
+invokes it should be left as set to allow repeated invokes to find the end of
+the list faster.
 
 After the \fIlastitem\fP pointer follow the real arguments.
 
-The pointers \fI*firstitem\fP and \fI*lastitem\fP should both be pointing to
+The pointers \fIfirstitem\fP and \fIlastitem\fP should both be pointing to
 NULL in the first call to this function. All list-data will be allocated by
-the function itself. You must call \fIcurl_formfree(3)\fP after the form post
-has been done to free the resources.
+the function itself. You must call \fIcurl_formfree(3)\fP on the
+\fIfirstitem\P after the form post has been done to free the resources.
 
 Using POST with HTTP 1.1 implies the use of a "Expect: 100-continue" header.
 You can disable this header with \fICURLOPT_HTTPHEADER\fP as usual.

docs/libcurl/curl_formfree.3

@@ -31,6 +31,13 @@ curl_formfree - free a previously build multipart/formdata HTTP POST chain
 curl_formfree() is used to clean up data previously built/appended with
 \fIcurl_formadd(3)\fP. This must be called when the data has been used, which
 typically means after \fIcurl_easy_perform(3)\fP has been called.
+
+The pointer to free is the same pointer you passed to the
+\fBCURLOPT_HTTPPOST\fP option, which is the \fIfirstitem\fP pointer from the
+\fIcurl_formadd(3)\fP invoke(s).
+
+\fBform\fP is the pointer as returned from a previous call to
+\fIcurl_formadd(3)\fP and may be NULL.
 .SH RETURN VALUE
 None
 .SH "SEE ALSO"

docs/libcurl/curl_formget.3

@@ -23,24 +23,27 @@
 .SH NAME
 curl_formget - serialize a previously built multipart/formdata HTTP POST chain
 .SH SYNOPSIS
+.nf
 .B #include <curl/curl.h>
-.sp
-.BI "void curl_formget(struct curl_httppost *" form, " void *" arg,
-.BI " curl_formget_callback " append ");"
-.ad
+
+void curl_formget(struct curl_httppost * form, void *userp,
+                  curl_formget_callback append );
 .SH DESCRIPTION
 curl_formget() is used to serialize data previously built/appended with
-\fIcurl_formadd(3)\fP. Accepts a void pointer as second argument which will be
-passed to the curl_formget_callback function.
+\fIcurl_formadd(3)\fP. Accepts a void pointer as second argument named
+\fIuserp\fP which will be passed as the first argument to the
+curl_formget_callback function.
 
-.BI "typedef size_t (*curl_formget_callback)(void *" arg, " const char *" buf,
+.BI "typedef size_t (*curl_formget_callback)(void *" userp, " const char *" buf,
 .BI " size_t " len ");"
-.nf
 
 The curl_formget_callback will be executed for each part of the HTTP POST
-chain. The void *arg pointer will be the one passed as second argument to
-curl_formget(). The character buffer passed to it must not be freed. The
+chain. The character buffer passed to the callback must not be freed. The
 callback should return the buffer length passed to it on success.
+
+If the \fBCURLFORM_STREAM\fP option is used in the formpost, it will prevent
+\fIcurl_formget(3)\fP from working until you've performed the actual HTTP
+request as only then will libcurl get the actual read callback to use!
 .SH RETURN VALUE
 0 means everything was ok, non-zero means an error occurred
 .SH EXAMPLE
@@ -52,6 +55,7 @@ callback should return the buffer length passed to it on success.
    (*(size_t *) arg) += len;
    return len;
  }
+
  size_t print_httppost(struct curl_httppost *post)
  {
    size_t total_size = 0;

docs/libcurl/curl_version_info.3

@@ -128,6 +128,11 @@ the app having to pass them on. (Added in 7.13.2)
 .IP CURL_VERSION_CONV
 libcurl was built with support for character conversions, as provided by the
 CURLOPT_CONV_* callbacks. (Added in 7.15.4)
+.IP CURL_VERSION_TLSAUTH_SRP
+libcurl was built with support for TLS-SRP. (Added in 7.21.4)
+.IP CURL_VERSION_NTLM_WB
+libcurl was built with support for NTLM delegation to a winbind helper.
+(Added in 7.22.0)
 .RE
 \fIssl_version\fP is an ASCII string for the OpenSSL version used. If libcurl
 has no SSL support, this is NULL.

docs/libcurl/symbols-in-versions

@@ -20,6 +20,7 @@ CURLAUTH_DIGEST_IE              7.19.3
 CURLAUTH_GSSNEGOTIATE           7.10.6
 CURLAUTH_NONE                   7.10.6
 CURLAUTH_NTLM                   7.10.6
+CURLAUTH_NTLM_WB                7.22.0
 CURLAUTH_ONLY                   7.21.3
 CURLCLOSEPOLICY_CALLBACK        7.7
 CURLCLOSEPOLICY_LEAST_RECENTLY_USED 7.7
@@ -186,6 +187,9 @@ CURLFTPSSL_TRY                  7.11.0        7.17.0
 CURLFTP_CREATE_DIR              7.19.4
 CURLFTP_CREATE_DIR_NONE         7.19.4
 CURLFTP_CREATE_DIR_RETRY        7.19.4
+CURLGSSAPI_DELEGATION_FLAG      7.22.0
+CURLGSSAPI_DELEGATION_NONE      7.22.0
+CURLGSSAPI_DELEGATION_POLICY_FLAG 7.22.0
 CURLINFO_APPCONNECT_TIME        7.19.0
 CURLINFO_CERTINFO               7.19.1
 CURLINFO_CONDITION_UNMET        7.19.4
@@ -282,6 +286,7 @@ CURLOPTTYPE_FUNCTIONPOINT       7.1
 CURLOPTTYPE_LONG                7.1
 CURLOPTTYPE_OBJECTPOINT         7.1
 CURLOPTTYPE_OFF_T               7.11.0
+CURLOPT_ACCEPT_ENCODING         7.21.6
 CURLOPT_ADDRESS_SCOPE           7.19.0
 CURLOPT_APPEND                  7.17.0
 CURLOPT_AUTOREFERER             7.1
@@ -294,6 +299,8 @@ CURLOPT_CHUNK_DATA              7.21.0
 CURLOPT_CHUNK_END_FUNCTION      7.21.0
 CURLOPT_CLOSEFUNCTION           7.7           7.11.1      7.15.5
 CURLOPT_CLOSEPOLICY             7.7           7.16.1
+CURLOPT_CLOSESOCKETDATA         7.21.7
+CURLOPT_CLOSESOCKETFUNCTION     7.21.7
 CURLOPT_CONNECTTIMEOUT          7.7
 CURLOPT_CONNECTTIMEOUT_MS       7.16.2
 CURLOPT_CONNECT_ONLY            7.15.2
@@ -341,6 +348,7 @@ CURLOPT_FTP_SSL_CCC             7.16.1
 CURLOPT_FTP_USE_EPRT            7.10.5
 CURLOPT_FTP_USE_EPSV            7.9.2
 CURLOPT_FTP_USE_PRET            7.20.0
+CURLOPT_GSSAPI_DELEGATION       7.22.0
 CURLOPT_HEADER                  7.1
 CURLOPT_HEADERDATA              7.10
 CURLOPT_HEADERFUNCTION          7.7.2
@@ -485,6 +493,7 @@ CURLOPT_TLSAUTH_PASSWORD        7.21.4
 CURLOPT_TLSAUTH_TYPE            7.21.4
 CURLOPT_TLSAUTH_USERNAME        7.21.4
 CURLOPT_TRANSFERTEXT            7.1.1
+CURLOPT_TRANSFER_ENCODING       7.21.6
 CURLOPT_UNRESTRICTED_AUTH       7.10.4
 CURLOPT_UPLOAD                  7.1
 CURLOPT_URL                     7.1
@@ -671,6 +680,7 @@ CURL_VERSION_KERBEROS4          7.10
 CURL_VERSION_LARGEFILE          7.11.1
 CURL_VERSION_LIBZ               7.10
 CURL_VERSION_NTLM               7.10.6
+CURL_VERSION_NTLM_WB            7.22.0
 CURL_VERSION_SPNEGO             7.10.8
 CURL_VERSION_SSL                7.10
 CURL_VERSION_SSPI               7.13.2

include/README

@@ -36,7 +36,7 @@ The following notes apply to libcurl version 7.19.0 and later.
 * If you intend to distribute an already compiled libcurl library you _MUST_
   also distribute along with it the generated curl/curlbuild.h which has been
   used to compile it. Otherwise the library will be of no use for the users of
-  the library that you have built. It is _your_ responsability to provide this
+  the library that you have built. It is _your_ responsibility to provide this
   file. No one at the cURL project can know how you have built the library.
 
 * File curl/curlbuild.h includes platform and configuration dependent info,

include/curl/Makefile.am

@@ -20,7 +20,7 @@
 #
 ###########################################################################
 pkginclude_HEADERS = \
-	curl.h curlver.h easy.h mprintf.h stdcheaders.h types.h multi.h \
+	curl.h curlver.h easy.h mprintf.h stdcheaders.h multi.h \
 	typecheck-gcc.h curlbuild.h curlrules.h
 
 pkgincludedir= $(includedir)/curl
@@ -44,3 +44,10 @@ EXTRA_DIST = curlbuild.h.in
 
 DISTCLEANFILES = curlbuild.h
 
+checksrc:
+	@@PERL@ $(top_srcdir)/lib/checksrc.pl -Wcurlbuild.h -D$(top_srcdir)/include/curl $(pkginclude_HEADERS) $(EXTRA_DIST)
+
+if CURLDEBUG
+# for debug builds, we scan the sources on all regular make invokes
+all-local: checksrc
+endif

include/curl/curl.h

@@ -55,18 +55,17 @@
 #include <sys/types.h>
 #include <time.h>
 
-#if defined(WIN32) && !defined(_WIN32_WCE) && !defined(__GNUC__) && \
-  !defined(__CYGWIN__) || defined(__MINGW32__)
-#if !(defined(_WINSOCKAPI_) || defined(_WINSOCK_H))
+#if defined(WIN32) && !defined(_WIN32_WCE) && !defined(__CYGWIN__)
+#if !(defined(_WINSOCKAPI_) || defined(_WINSOCK_H) || defined(__LWIP_OPT_H__))
 /* The check above prevents the winsock2 inclusion if winsock.h already was
    included, since they can't co-exist without problems */
 #include <winsock2.h>
 #include <ws2tcpip.h>
 #endif
-#else
+#endif
 
 /* HP-UX systems version 9, 10 and 11 lack sys/select.h and so does oldish
-   libc5-based Linux systems. Only include it on system that are known to
+   libc5-based Linux systems. Only include it on systems that are known to
    require it! */
 #if defined(_AIX) || defined(__NOVELL_LIBC__) || defined(__NetBSD__) || \
     defined(__minix) || defined(__SYMBIAN32__) || defined(__INTEGRITY) || \
@@ -75,14 +74,13 @@
 #include <sys/select.h>
 #endif
 
-#ifndef _WIN32_WCE
+#if !defined(WIN32) && !defined(_WIN32_WCE)
 #include <sys/socket.h>
 #endif
+
 #if !defined(WIN32) && !defined(__WATCOMC__) && !defined(__VXWORKS__)
 #include <sys/time.h>
 #endif
-#include <sys/types.h>
-#endif
 
 #ifdef __BEOS__
 #include <support/SupportDefs.h>
@@ -122,7 +120,7 @@ typedef void CURL;
 
 #ifndef curl_socket_typedef
 /* socket typedef */
-#ifdef WIN32
+#if defined(WIN32) && !defined(__LWIP_OPT_H__)
 typedef SOCKET curl_socket_t;
 #define CURL_SOCKET_BAD INVALID_SOCKET
 #else
@@ -341,6 +339,9 @@ typedef curl_socket_t
                             curlsocktype purpose,
                             struct curl_sockaddr *address);
 
+typedef int
+(*curl_closesocket_callback)(void *clientp, curl_socket_t item);
+
 typedef enum {
   CURLIOE_OK,            /* I/O operation successful */
   CURLIOE_UNKNOWNCMD,    /* command was unknown to callback */
@@ -467,7 +468,7 @@ typedef enum {
   CURLE_SSL_CERTPROBLEM,         /* 58 - problem with the local certificate */
   CURLE_SSL_CIPHER,              /* 59 - couldn't use specified cipher */
   CURLE_SSL_CACERT,              /* 60 - problem with the CA cert (path?) */
-  CURLE_BAD_CONTENT_ENCODING,    /* 61 - Unrecognized transfer encoding */
+  CURLE_BAD_CONTENT_ENCODING,    /* 61 - Unrecognized/bad encoding */
   CURLE_LDAP_INVALID_URL,        /* 62 - Invalid LDAP URL */
   CURLE_FILESIZE_EXCEEDED,       /* 63 - Maximum file size exceeded */
   CURLE_USE_SSL_FAILED,          /* 64 - Requested FTP SSL level failed */
@@ -507,7 +508,7 @@ typedef enum {
                                     7.19.0) */
   CURLE_FTP_PRET_FAILED,         /* 84 - a PRET command failed */
   CURLE_RTSP_CSEQ_ERROR,         /* 85 - mismatch of RTSP CSeq numbers */
-  CURLE_RTSP_SESSION_ERROR,      /* 86 - mismatch of RTSP Session Identifiers */
+  CURLE_RTSP_SESSION_ERROR,      /* 86 - mismatch of RTSP Session Ids */
   CURLE_FTP_BAD_FILE_LIST,       /* 87 - unable to parse FTP file list */
   CURLE_CHUNK_FAILED,            /* 88 - chunk callback reported error */
 
@@ -517,7 +518,8 @@ typedef enum {
 #ifndef CURL_NO_OLDIES /* define this to test if your app builds with all
                           the obsolete stuff removed! */
 
-/* Backwards compatibility with older names */
+/*  compatibility with older names */
+#define CURLOPT_ENCODING CURLOPT_ACCEPT_ENCODING
 
 /* The following were added in 7.21.5, April 2011 */
 #define CURLE_UNKNOWN_TELNET_OPTION CURLE_UNKNOWN_OPTION
@@ -528,7 +530,7 @@ typedef enum {
 
 /* The following were added in 7.17.0 */
 /* These are scheduled to disappear by 2009 */
-#define CURLE_OBSOLETE CURLE_OBSOLETE50 /* noone should be using this! */
+#define CURLE_OBSOLETE CURLE_OBSOLETE50 /* no one should be using this! */
 #define CURLE_BAD_PASSWORD_ENTERED CURLE_OBSOLETE46
 #define CURLE_BAD_CALLING_ORDER CURLE_OBSOLETE44
 #define CURLE_FTP_USER_PASSWORD_INCORRECT CURLE_OBSOLETE10
@@ -596,6 +598,7 @@ typedef enum {
 #define CURLAUTH_GSSNEGOTIATE (1<<2)  /* GSS-Negotiate */
 #define CURLAUTH_NTLM         (1<<3)  /* NTLM */
 #define CURLAUTH_DIGEST_IE    (1<<4)  /* Digest with IE flavour */
+#define CURLAUTH_NTLM_WB      (1<<5)  /* NTLM delegating to winbind helper */
 #define CURLAUTH_ONLY         (1<<31) /* used together with a single other
                                          type to force no auth or just that
                                          single type */
@@ -610,6 +613,10 @@ typedef enum {
 #define CURLSSH_AUTH_KEYBOARD  (1<<3) /* keyboard interactive */
 #define CURLSSH_AUTH_DEFAULT CURLSSH_AUTH_ANY
 
+#define CURLGSSAPI_DELEGATION_NONE        0      /* no delegation (default) */
+#define CURLGSSAPI_DELEGATION_POLICY_FLAG (1<<0) /* if permitted by policy */
+#define CURLGSSAPI_DELEGATION_FLAG        (1<<1) /* delegate always */
+
 #define CURL_ERROR_SIZE 256
 
 struct curl_khkey {
@@ -754,7 +761,7 @@ typedef enum {
 #endif
 
 #ifdef CURL_ISOCPP
-#define CINIT(name,type,number) CURLOPT_ ## name = CURLOPTTYPE_ ## type + number
+#define CINIT(na,t,nu) CURLOPT_ ## na = CURLOPTTYPE_ ## t + nu
 #else
 /* The macro "##" is ISO C, we assume pre-ISO C doesn't support it. */
 #define LONG          CURLOPTTYPE_LONG
@@ -912,9 +919,7 @@ typedef enum {
   /* send linked-list of post-transfer QUOTE commands */
   CINIT(POSTQUOTE, OBJECTPOINT, 39),
 
-  /* Pass a pointer to string of the output using full variable-replacement
-     as described elsewhere. */
-  CINIT(WRITEINFO, OBJECTPOINT, 40),
+  CINIT(WRITEINFO, OBJECTPOINT, 40), /* DEPRECATED, do not use! */
 
   CINIT(VERBOSE, LONG, 41),      /* talk a lot */
   CINIT(HEADER, LONG, 42),       /* throw the header out too */
@@ -923,7 +928,7 @@ typedef enum {
   CINIT(FAILONERROR, LONG, 45),  /* no output on http error codes >= 300 */
   CINIT(UPLOAD, LONG, 46),       /* this is an upload */
   CINIT(POST, LONG, 47),         /* HTTP POST method */
-  CINIT(DIRLISTONLY, LONG, 48),  /* return bare names when listing directories */
+  CINIT(DIRLISTONLY, LONG, 48),  /* bare names when listing directories */
 
   CINIT(APPEND, LONG, 50),       /* Append instead of overwrite on upload! */
 
@@ -990,9 +995,7 @@ typedef enum {
   /* Max amount of cached alive connections */
   CINIT(MAXCONNECTS, LONG, 71),
 
-  /* What policy to use when closing connections when the cache is filled
-     up */
-  CINIT(CLOSEPOLICY, LONG, 72),
+  CINIT(CLOSEPOLICY, LONG, 72), /* DEPRECATED, do not use! */
 
   /* 73 = OBSOLETE */
 
@@ -1066,7 +1069,7 @@ typedef enum {
   CINIT(SSLENGINE_DEFAULT, LONG, 90),
 
   /* Non-zero value means to use the global dns cache */
-  CINIT(DNS_USE_GLOBAL_CACHE, LONG, 91), /* To become OBSOLETE soon */
+  CINIT(DNS_USE_GLOBAL_CACHE, LONG, 91), /* DEPRECATED, do not use! */
 
   /* DNS cache timeout */
   CINIT(DNS_CACHE_TIMEOUT, LONG, 92),
@@ -1103,8 +1106,9 @@ typedef enum {
   CINIT(PROXYTYPE, LONG, 101),
 
   /* Set the Accept-Encoding string. Use this to tell a server you would like
-     the response to be compressed. */
-  CINIT(ENCODING, OBJECTPOINT, 102),
+     the response to be compressed. Before 7.21.6, this was known as
+     CURLOPT_ENCODING */
+  CINIT(ACCEPT_ENCODING, OBJECTPOINT, 102),
 
   /* Set pointer to private data */
   CINIT(PRIVATE, OBJECTPOINT, 103),
@@ -1117,8 +1121,8 @@ typedef enum {
      and password to whatever host the server decides. */
   CINIT(UNRESTRICTED_AUTH, LONG, 105),
 
-  /* Specifically switch on or off the FTP engine's use of the EPRT command ( it
-     also disables the LPRT attempt). By default, those ones will always be
+  /* Specifically switch on or off the FTP engine's use of the EPRT command (
+     it also disables the LPRT attempt). By default, those ones will always be
      attempted before the good old traditional PORT command. */
   CINIT(FTP_USE_EPRT, LONG, 106),
 
@@ -1462,6 +1466,26 @@ typedef enum {
   /* Set authentication type for authenticated TLS */
   CINIT(TLSAUTH_TYPE, OBJECTPOINT, 206),
 
+  /* Set to 1 to enable the "TE:" header in HTTP requests to ask for
+     compressed transfer-encoded responses. Set to 0 to disable the use of TE:
+     in outgoing requests. The current default is 0, but it might change in a
+     future libcurl release.
+
+     libcurl will ask for the compressed methods it knows of, and if that
+     isn't any, it will not ask for transfer-encoding at all even if this
+     option is set to 1.
+
+  */
+  CINIT(TRANSFER_ENCODING, LONG, 207),
+
+  /* Callback function for closing socket (instead of close(2)). The callback
+     should have type curl_closesocket_callback */
+  CINIT(CLOSESOCKETFUNCTION, FUNCTIONPOINT, 208),
+  CINIT(CLOSESOCKETDATA, OBJECTPOINT, 209),
+
+  /* allow GSSAPI credential delegation */
+  CINIT(GSSAPI_DELEGATION, LONG, 210),
+
   CURLOPT_LASTENTRY /* the last unused */
 } CURLoption;
 
@@ -1690,7 +1714,8 @@ CURL_EXTERN CURLFORMcode curl_formadd(struct curl_httppost **httppost,
  * Should return the buffer length passed to it as the argument "len" on
  *   success.
  */
-typedef size_t (*curl_formget_callback)(void *arg, const char *buf, size_t len);
+typedef size_t (*curl_formget_callback)(void *arg, const char *buf,
+                                        size_t len);
 
 /*
  * NAME curl_formget()
@@ -2070,8 +2095,9 @@ typedef struct {
 #define CURL_VERSION_CONV      (1<<12) /* character conversions supported */
 #define CURL_VERSION_CURLDEBUG (1<<13) /* debug memory tracking supported */
 #define CURL_VERSION_TLSAUTH_SRP (1<<14) /* TLS-SRP auth is supported */
+#define CURL_VERSION_NTLM_WB   (1<<15) /* NTLM delegating to winbind helper */
 
-/*
+ /*
  * NAME curl_version_info()
  *
  * DESCRIPTION

include/curl/curlbuild.h.in

@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -58,52 +58,52 @@
 /* ================================================================ */
 
 #ifdef CURL_SIZEOF_LONG
-#  error "CURL_SIZEOF_LONG shall not be defined except in curlbuild.h"
+#error "CURL_SIZEOF_LONG shall not be defined except in curlbuild.h"
    Error Compilation_aborted_CURL_SIZEOF_LONG_already_defined
 #endif
 
 #ifdef CURL_TYPEOF_CURL_SOCKLEN_T
-#  error "CURL_TYPEOF_CURL_SOCKLEN_T shall not be defined except in curlbuild.h"
+#error "CURL_TYPEOF_CURL_SOCKLEN_T shall not be defined except in curlbuild.h"
    Error Compilation_aborted_CURL_TYPEOF_CURL_SOCKLEN_T_already_defined
 #endif
 
 #ifdef CURL_SIZEOF_CURL_SOCKLEN_T
-#  error "CURL_SIZEOF_CURL_SOCKLEN_T shall not be defined except in curlbuild.h"
+#error "CURL_SIZEOF_CURL_SOCKLEN_T shall not be defined except in curlbuild.h"
    Error Compilation_aborted_CURL_SIZEOF_CURL_SOCKLEN_T_already_defined
 #endif
 
 #ifdef CURL_TYPEOF_CURL_OFF_T
-#  error "CURL_TYPEOF_CURL_OFF_T shall not be defined except in curlbuild.h"
+#error "CURL_TYPEOF_CURL_OFF_T shall not be defined except in curlbuild.h"
    Error Compilation_aborted_CURL_TYPEOF_CURL_OFF_T_already_defined
 #endif
 
 #ifdef CURL_FORMAT_CURL_OFF_T
-#  error "CURL_FORMAT_CURL_OFF_T shall not be defined except in curlbuild.h"
+#error "CURL_FORMAT_CURL_OFF_T shall not be defined except in curlbuild.h"
    Error Compilation_aborted_CURL_FORMAT_CURL_OFF_T_already_defined
 #endif
 
 #ifdef CURL_FORMAT_CURL_OFF_TU
-#  error "CURL_FORMAT_CURL_OFF_TU shall not be defined except in curlbuild.h"
+#error "CURL_FORMAT_CURL_OFF_TU shall not be defined except in curlbuild.h"
    Error Compilation_aborted_CURL_FORMAT_CURL_OFF_TU_already_defined
 #endif
 
 #ifdef CURL_FORMAT_OFF_T
-#  error "CURL_FORMAT_OFF_T shall not be defined except in curlbuild.h"
+#error "CURL_FORMAT_OFF_T shall not be defined except in curlbuild.h"
    Error Compilation_aborted_CURL_FORMAT_OFF_T_already_defined
 #endif
 
 #ifdef CURL_SIZEOF_CURL_OFF_T
-#  error "CURL_SIZEOF_CURL_OFF_T shall not be defined except in curlbuild.h"
+#error "CURL_SIZEOF_CURL_OFF_T shall not be defined except in curlbuild.h"
    Error Compilation_aborted_CURL_SIZEOF_CURL_OFF_T_already_defined
 #endif
 
 #ifdef CURL_SUFFIX_CURL_OFF_T
-#  error "CURL_SUFFIX_CURL_OFF_T shall not be defined except in curlbuild.h"
+#error "CURL_SUFFIX_CURL_OFF_T shall not be defined except in curlbuild.h"
    Error Compilation_aborted_CURL_SUFFIX_CURL_OFF_T_already_defined
 #endif
 
 #ifdef CURL_SUFFIX_CURL_OFF_TU
-#  error "CURL_SUFFIX_CURL_OFF_TU shall not be defined except in curlbuild.h"
+#error "CURL_SUFFIX_CURL_OFF_TU shall not be defined except in curlbuild.h"
    Error Compilation_aborted_CURL_SUFFIX_CURL_OFF_TU_already_defined
 #endif
 

include/curl/curlver.h

@@ -30,13 +30,13 @@
 
 /* This is the version number of the libcurl package from which this header
    file origins: */
-#define LIBCURL_VERSION "7.21.5-DEV"
+#define LIBCURL_VERSION "7.22.0-DEV"
 
 /* The numeric version number is also available "in parts" by using these
    defines: */
 #define LIBCURL_VERSION_MAJOR 7
-#define LIBCURL_VERSION_MINOR 21
-#define LIBCURL_VERSION_PATCH 5
+#define LIBCURL_VERSION_MINOR 22
+#define LIBCURL_VERSION_PATCH 0
 
 /* This is the numeric version of the libcurl version number, meant for easier
    parsing and comparions by programs. The LIBCURL_VERSION_NUM define will
@@ -53,7 +53,7 @@
    and it is always a greater number in a more recent release. It makes
    comparisons with greater than and less than work.
 */
-#define LIBCURL_VERSION_NUM 0x071505
+#define LIBCURL_VERSION_NUM 0x071600
 
 /*
  * This is the date and time when the full source package was created. The

include/curl/easy.h

@@ -53,8 +53,8 @@ CURL_EXTERN CURLcode curl_easy_getinfo(CURL *curl, CURLINFO info, ...);
  *
  * Creates a new curl session handle with the same options set for the handle
  * passed in. Duplicating a handle could only be a matter of cloning data and
- * options, internal state info and things like persistant connections cannot
- * be transfered. It is useful in multithreaded applications when you can run
+ * options, internal state info and things like persistent connections cannot
+ * be transferred. It is useful in multithreaded applications when you can run
  * curl_easy_duphandle() for each new thread to avoid a series of identical
  * curl_easy_setopt() invokes in every thread.
  */

include/curl/typecheck-gcc.h

@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -41,66 +41,66 @@
 #define curl_easy_setopt(handle, option, value)                               \
 __extension__ ({                                                              \
   __typeof__ (option) _curl_opt = option;                                     \
-  if (__builtin_constant_p(_curl_opt)) {                                      \
-    if (_curl_is_long_option(_curl_opt))                                      \
-      if (!_curl_is_long(value))                                              \
+  if(__builtin_constant_p(_curl_opt)) {                                       \
+    if(_curl_is_long_option(_curl_opt))                                       \
+      if(!_curl_is_long(value))                                               \
         _curl_easy_setopt_err_long();                                         \
-    if (_curl_is_off_t_option(_curl_opt))                                     \
-      if (!_curl_is_off_t(value))                                             \
+    if(_curl_is_off_t_option(_curl_opt))                                      \
+      if(!_curl_is_off_t(value))                                              \
         _curl_easy_setopt_err_curl_off_t();                                   \
-    if (_curl_is_string_option(_curl_opt))                                    \
-      if (!_curl_is_string(value))                                            \
+    if(_curl_is_string_option(_curl_opt))                                     \
+      if(!_curl_is_string(value))                                             \
         _curl_easy_setopt_err_string();                                       \
-    if (_curl_is_write_cb_option(_curl_opt))                                  \
-      if (!_curl_is_write_cb(value))                                          \
+    if(_curl_is_write_cb_option(_curl_opt))                                   \
+      if(!_curl_is_write_cb(value))                                           \
         _curl_easy_setopt_err_write_callback();                               \
-    if ((_curl_opt) == CURLOPT_READFUNCTION)                                  \
-      if (!_curl_is_read_cb(value))                                           \
+    if((_curl_opt) == CURLOPT_READFUNCTION)                                   \
+      if(!_curl_is_read_cb(value))                                            \
         _curl_easy_setopt_err_read_cb();                                      \
-    if ((_curl_opt) == CURLOPT_IOCTLFUNCTION)                                 \
-      if (!_curl_is_ioctl_cb(value))                                          \
+    if((_curl_opt) == CURLOPT_IOCTLFUNCTION)                                  \
+      if(!_curl_is_ioctl_cb(value))                                           \
         _curl_easy_setopt_err_ioctl_cb();                                     \
-    if ((_curl_opt) == CURLOPT_SOCKOPTFUNCTION)                               \
-      if (!_curl_is_sockopt_cb(value))                                        \
+    if((_curl_opt) == CURLOPT_SOCKOPTFUNCTION)                                \
+      if(!_curl_is_sockopt_cb(value))                                         \
         _curl_easy_setopt_err_sockopt_cb();                                   \
-    if ((_curl_opt) == CURLOPT_OPENSOCKETFUNCTION)                            \
-      if (!_curl_is_opensocket_cb(value))                                     \
+    if((_curl_opt) == CURLOPT_OPENSOCKETFUNCTION)                             \
+      if(!_curl_is_opensocket_cb(value))                                      \
         _curl_easy_setopt_err_opensocket_cb();                                \
-    if ((_curl_opt) == CURLOPT_PROGRESSFUNCTION)                              \
-      if (!_curl_is_progress_cb(value))                                       \
+    if((_curl_opt) == CURLOPT_PROGRESSFUNCTION)                               \
+      if(!_curl_is_progress_cb(value))                                        \
         _curl_easy_setopt_err_progress_cb();                                  \
-    if ((_curl_opt) == CURLOPT_DEBUGFUNCTION)                                 \
-      if (!_curl_is_debug_cb(value))                                          \
+    if((_curl_opt) == CURLOPT_DEBUGFUNCTION)                                  \
+      if(!_curl_is_debug_cb(value))                                           \
         _curl_easy_setopt_err_debug_cb();                                     \
-    if ((_curl_opt) == CURLOPT_SSL_CTX_FUNCTION)                              \
-      if (!_curl_is_ssl_ctx_cb(value))                                        \
+    if((_curl_opt) == CURLOPT_SSL_CTX_FUNCTION)                               \
+      if(!_curl_is_ssl_ctx_cb(value))                                         \
         _curl_easy_setopt_err_ssl_ctx_cb();                                   \
-    if (_curl_is_conv_cb_option(_curl_opt))                                   \
-      if (!_curl_is_conv_cb(value))                                           \
+    if(_curl_is_conv_cb_option(_curl_opt))                                    \
+      if(!_curl_is_conv_cb(value))                                            \
         _curl_easy_setopt_err_conv_cb();                                      \
-    if ((_curl_opt) == CURLOPT_SEEKFUNCTION)                                  \
-      if (!_curl_is_seek_cb(value))                                           \
+    if((_curl_opt) == CURLOPT_SEEKFUNCTION)                                   \
+      if(!_curl_is_seek_cb(value))                                            \
         _curl_easy_setopt_err_seek_cb();                                      \
-    if (_curl_is_cb_data_option(_curl_opt))                                   \
-      if (!_curl_is_cb_data(value))                                           \
+    if(_curl_is_cb_data_option(_curl_opt))                                    \
+      if(!_curl_is_cb_data(value))                                            \
         _curl_easy_setopt_err_cb_data();                                      \
-    if ((_curl_opt) == CURLOPT_ERRORBUFFER)                                   \
-      if (!_curl_is_error_buffer(value))                                      \
+    if((_curl_opt) == CURLOPT_ERRORBUFFER)                                    \
+      if(!_curl_is_error_buffer(value))                                       \
         _curl_easy_setopt_err_error_buffer();                                 \
-    if ((_curl_opt) == CURLOPT_STDERR)                                        \
-      if (!_curl_is_FILE(value))                                              \
+    if((_curl_opt) == CURLOPT_STDERR)                                         \
+      if(!_curl_is_FILE(value))                                               \
         _curl_easy_setopt_err_FILE();                                         \
-    if (_curl_is_postfields_option(_curl_opt))                                \
-      if (!_curl_is_postfields(value))                                        \
+    if(_curl_is_postfields_option(_curl_opt))                                 \
+      if(!_curl_is_postfields(value))                                         \
         _curl_easy_setopt_err_postfields();                                   \
-    if ((_curl_opt) == CURLOPT_HTTPPOST)                                      \
-      if (!_curl_is_arr((value), struct curl_httppost))                       \
+    if((_curl_opt) == CURLOPT_HTTPPOST)                                       \
+      if(!_curl_is_arr((value), struct curl_httppost))                        \
         _curl_easy_setopt_err_curl_httpost();                                 \
-    if (_curl_is_slist_option(_curl_opt))                                     \
-      if (!_curl_is_arr((value), struct curl_slist))                          \
+    if(_curl_is_slist_option(_curl_opt))                                      \
+      if(!_curl_is_arr((value), struct curl_slist))                           \
         _curl_easy_setopt_err_curl_slist();                                   \
-    if ((_curl_opt) == CURLOPT_SHARE)                                         \
-      if (!_curl_is_ptr((value), CURLSH))                                     \
+    if((_curl_opt) == CURLOPT_SHARE)                                          \
+      if(!_curl_is_ptr((value), CURLSH))                                      \
         _curl_easy_setopt_err_CURLSH();                                       \
   }                                                                           \
   curl_easy_setopt(handle, _curl_opt, value);                                 \
@@ -111,18 +111,18 @@ __extension__ ({                                                              \
 #define curl_easy_getinfo(handle, info, arg)                                  \
 __extension__ ({                                                              \
   __typeof__ (info) _curl_info = info;                                        \
-  if (__builtin_constant_p(_curl_info)) {                                     \
-    if (_curl_is_string_info(_curl_info))                                     \
-      if (!_curl_is_arr((arg), char *))                                       \
+  if(__builtin_constant_p(_curl_info)) {                                      \
+    if(_curl_is_string_info(_curl_info))                                      \
+      if(!_curl_is_arr((arg), char *))                                        \
         _curl_easy_getinfo_err_string();                                      \
-    if (_curl_is_long_info(_curl_info))                                       \
-      if (!_curl_is_arr((arg), long))                                         \
+    if(_curl_is_long_info(_curl_info))                                        \
+      if(!_curl_is_arr((arg), long))                                          \
         _curl_easy_getinfo_err_long();                                        \
-    if (_curl_is_double_info(_curl_info))                                     \
-      if (!_curl_is_arr((arg), double))                                       \
+    if(_curl_is_double_info(_curl_info))                                      \
+      if(!_curl_is_arr((arg), double))                                        \
         _curl_easy_getinfo_err_double();                                      \
-    if (_curl_is_slist_info(_curl_info))                                      \
-      if (!_curl_is_arr((arg), struct curl_slist *))                          \
+    if(_curl_is_slist_info(_curl_info))                                       \
+      if(!_curl_is_arr((arg), struct curl_slist *))                           \
         _curl_easy_getinfo_err_curl_slist();                                  \
   }                                                                           \
   curl_easy_getinfo(handle, _curl_info, arg);                                 \
@@ -149,7 +149,8 @@ _CURL_WARNING(_curl_easy_setopt_err_long,
 _CURL_WARNING(_curl_easy_setopt_err_curl_off_t,
   "curl_easy_setopt expects a curl_off_t argument for this option")
 _CURL_WARNING(_curl_easy_setopt_err_string,
-  "curl_easy_setopt expects a string (char* or char[]) argument for this option"
+              "curl_easy_setopt expects a "
+              "string (char* or char[]) argument for this option"
   )
 _CURL_WARNING(_curl_easy_setopt_err_write_callback,
   "curl_easy_setopt expects a curl_write_callback argument for this option")
@@ -160,7 +161,8 @@ _CURL_WARNING(_curl_easy_setopt_err_ioctl_cb,
 _CURL_WARNING(_curl_easy_setopt_err_sockopt_cb,
   "curl_easy_setopt expects a curl_sockopt_callback argument for this option")
 _CURL_WARNING(_curl_easy_setopt_err_opensocket_cb,
-  "curl_easy_setopt expects a curl_opensocket_callback argument for this option"
+              "curl_easy_setopt expects a "
+              "curl_opensocket_callback argument for this option"
   )
 _CURL_WARNING(_curl_easy_setopt_err_progress_cb,
   "curl_easy_setopt expects a curl_progress_callback argument for this option")
@@ -173,9 +175,11 @@ _CURL_WARNING(_curl_easy_setopt_err_conv_cb,
 _CURL_WARNING(_curl_easy_setopt_err_seek_cb,
   "curl_easy_setopt expects a curl_seek_callback argument for this option")
 _CURL_WARNING(_curl_easy_setopt_err_cb_data,
-  "curl_easy_setopt expects a private data pointer as argument for this option")
+              "curl_easy_setopt expects a "
+              "private data pointer as argument for this option")
 _CURL_WARNING(_curl_easy_setopt_err_error_buffer,
-  "curl_easy_setopt expects a char buffer of CURL_ERROR_SIZE as argument for this option")
+              "curl_easy_setopt expects a "
+              "char buffer of CURL_ERROR_SIZE as argument for this option")
 _CURL_WARNING(_curl_easy_setopt_err_FILE,
   "curl_easy_setopt expects a FILE* argument for this option")
 _CURL_WARNING(_curl_easy_setopt_err_postfields,
@@ -224,7 +228,7 @@ _CURL_WARNING(_curl_easy_getinfo_err_curl_slist,
    (option) == CURLOPT_PROXYUSERNAME ||                                       \
    (option) == CURLOPT_PROXYPASSWORD ||                                       \
    (option) == CURLOPT_NOPROXY ||                                             \
-   (option) == CURLOPT_ENCODING ||                                            \
+   (option) == CURLOPT_ACCEPT_ENCODING ||                                     \
    (option) == CURLOPT_REFERER ||                                             \
    (option) == CURLOPT_USERAGENT ||                                           \
    (option) == CURLOPT_COOKIE ||                                              \
@@ -481,7 +485,8 @@ typedef int (_curl_sockopt_callback1)(void *, curl_socket_t, curlsocktype);
 typedef int (_curl_sockopt_callback2)(const void *, curl_socket_t,
                                       curlsocktype);
 
-/* evaluates to true if expr is of type curl_opensocket_callback or "similar" */
+/* evaluates to true if expr is of type curl_opensocket_callback or
+   "similar" */
 #define _curl_is_opensocket_cb(expr)                                    \
   (_curl_is_NULL(expr) ||                                                     \
    __builtin_types_compatible_p(__typeof__(expr), curl_opensocket_callback) ||\
@@ -550,7 +555,8 @@ typedef CURLcode (_curl_ssl_ctx_callback4)(CURL *, const void *, const void *);
 typedef CURLcode (_curl_ssl_ctx_callback5)(CURL *, SSL_CTX, void *);
 typedef CURLcode (_curl_ssl_ctx_callback6)(CURL *, SSL_CTX, const void *);
 typedef CURLcode (_curl_ssl_ctx_callback7)(CURL *, const SSL_CTX, void *);
-typedef CURLcode (_curl_ssl_ctx_callback8)(CURL *, const SSL_CTX, const void *);
+typedef CURLcode (_curl_ssl_ctx_callback8)(CURL *, const SSL_CTX,
+                                           const void *);
 #else
 typedef _curl_ssl_ctx_callback1 _curl_ssl_ctx_callback5;
 typedef _curl_ssl_ctx_callback1 _curl_ssl_ctx_callback6;

include/curl/types.h

@@ -1 +0,0 @@
-/* not used */

lib/CMakeLists.txt

@@ -122,3 +122,5 @@ if(WIN32)
     set_target_properties(${LIB_NAME} PROPERTIES IMPORT_SUFFIX "_imp.lib")
   endif()
 endif()
+
+install(TARGETS ${LIB_NAME} DESTINATION lib)

lib/Makefile.Watcom

@@ -70,6 +70,13 @@ CFLAGS += -d_WIN32_WINNT=0x0501 -dENABLE_IPV6
 CFLAGS += -dUSE_WINDOWS_SSPI
 !endif
 
+!ifdef %use_winidn
+CFLAGS += -dWINVER=0x0600 -dUSE_WIN32_IDN
+!  if $(__VERSION__) <= 1290
+CFLAGS += -dWANT_IDN_PROTOTYPES
+!  endif
+!endif
+
 #
 # Change to suite.
 #
@@ -82,7 +89,7 @@ ZLIB_ROOT = ..$(DS)..$(DS)zlib-1.2.5
 !ifdef %libssh2_root
 LIBSSH2_ROOT = $(%libssh2_root)
 !else
-LIBSSH2_ROOT = ..$(DS)..$(DS)libssh2-1.2.7
+LIBSSH2_ROOT = ..$(DS)..$(DS)libssh2-1.3.0
 !endif
 
 !ifdef %librtmp_root
@@ -229,6 +236,14 @@ $(LINK_ARG): $(__MAKEFILES__)
 !ifdef %use_ares
 	@%append $^@ library $(ARES_ROOT)$(DS)cares.lib
 !endif
+!ifdef %use_winidn
+!  if $(__VERSION__) > 1290
+	@%append $^@ library normaliz.lib
+!  else
+	@%append $^@ import '_IdnToAscii@20' 'NORMALIZ.DLL'.'IdnToAscii'
+	@%append $^@ import '_IdnToUnicode@20' 'NORMALIZ.DLL'.'IdnToUnicode'
+!  endif
+!endif
 
 $(LIB_ARG): $(__MAKEFILES__)
 	%create $^@

lib/Makefile.am

@@ -38,7 +38,7 @@ EXTRA_DIST = Makefile.b32 Makefile.m32 Makefile.vc6 $(DSP)                 \
  config-win32ce.h config-os400.h setup-os400.h config-symbian.h		   \
  Makefile.Watcom config-tpf.h $(DOCS) $(VCPROJ) mk-ca-bundle.pl		   \
  mk-ca-bundle.vbs firefox-db2pem.sh $(CMAKE_DIST) config-vxworks.h	   \
- Makefile.vxworks config-vms.h
+ Makefile.vxworks config-vms.h checksrc.pl
 
 CLEANFILES = $(DSP) $(VCPROJ)
 
@@ -46,7 +46,7 @@ lib_LTLIBRARIES = libcurl.la
 LIBCURL_LIBS = @LIBCURL_LIBS@
 
 # This might hold -Werror
-libcurl_la_CFLAGS = $(CFLAGS) @CURL_CFLAG_EXTRAS@
+CFLAGS += @CURL_CFLAG_EXTRAS@
 
 # Specify our include paths here, and do it relative to $(top_srcdir) and
 # $(top_builddir), to ensure that these paths which belong to the library
@@ -106,7 +106,7 @@ endif
 # For the full guide on libcurl ABI rules, see docs/libcurl/ABI
 
 if NO_UNDEFINED
-# The -no-undefined flag is CRUCIAL for this to build fine on Cygwin.
+# The -no-undefined flag is crucial to build fine on some platforms
 UNDEF = -no-undefined
 endif
 
@@ -116,18 +116,18 @@ if MIMPURE
 MIMPURE = -mimpure-text
 endif
 
-LINKFLAGS=$(UNDEF) $(MIMPURE) $(LIBCURL_LIBS)
+libcurl_la_LDFLAGS = $(UNDEF) $(VERSIONINFO) $(MIMPURE) $(LIBCURL_LIBS)
 
-libcurl_la_LDFLAGS = $(LINKFLAGS) $(VERSIONINFO)
-
-# as unit testing will compile and link everything an extra time, we only
-# do it if debug is enabled
-if CURLDEBUG
+# unit testing static library built only along with unit tests
+if BUILD_UNITTESTS
 noinst_LTLIBRARIES = libcurlu.la
-libcurlu_la_CFLAGS = -DUNITTESTS
-libcurlu_la_LDFLAGS = -static $(LINKFLAGS)
+else
+noinst_LTLIBRARIES =
 endif
 
+libcurlu_la_CPPFLAGS = $(AM_CPPFLAGS) -DUNITTESTS
+libcurlu_la_LDFLAGS = -static $(LIBCURL_LIBS)
+
 # Makefile.inc provides the CSOURCES and HHEADERS defines
 include Makefile.inc
 
@@ -184,3 +184,12 @@ $(VCPROJ): vc8proj.head vc8proj.foot Makefile.am
 	echo "<File RelativePath=\""$$file"\"></File>" $(VCPROJOUT); \
 	done; \
 	cat $(srcdir)/vc8proj.foot $(VCPROJOUT) )
+
+
+checksrc:
+	@@PERL@ $(top_srcdir)/lib/checksrc.pl -D$(top_srcdir)/lib $(CSOURCES) $(HHEADERS)
+
+if CURLDEBUG
+# for debug builds, we scan the sources on all regular make invokes
+all-local: checksrc
+endif

lib/Makefile.inc

@@ -14,14 +14,16 @@ CSOURCES = file.c timeval.c base64.c hostip.c progress.c formdata.c	\
   curl_fnmatch.c fileinfo.c ftplistparser.c wildcard.c krb5.c		\
   memdebug.c http_chunks.c strtok.c connect.c llist.c hash.c multi.c	\
   content_encoding.c share.c http_digest.c md4.c md5.c curl_rand.c	\
-  http_negotiate.c http_ntlm.c inet_pton.c strtoofft.c strerror.c	\
-  hostares.c hostasyn.c hostip4.c hostip6.c hostsyn.c hostthre.c	\
-  inet_ntop.c parsedate.c select.c gtls.c sslgen.c tftp.c splay.c	\
-  strdup.c socks.c ssh.c nss.c qssl.c rawstr.c curl_addrinfo.c		\
-  socks_gssapi.c socks_sspi.c curl_sspi.c slist.c nonblock.c		\
-  curl_memrchr.c imap.c pop3.c smtp.c pingpong.c rtsp.c curl_threads.c	\
-  warnless.c hmac.c polarssl.c curl_rtmp.c openldap.c curl_gethostname.c\
-  gopher.c axtls.c idn_win32.c http_negotiate_sspi.c cyassl.c http_proxy.c
+  http_negotiate.c inet_pton.c strtoofft.c strerror.c			\
+  hostasyn.c hostip4.c hostip6.c hostsyn.c inet_ntop.c parsedate.c	\
+  select.c gtls.c sslgen.c tftp.c splay.c strdup.c socks.c ssh.c nss.c	\
+  qssl.c rawstr.c curl_addrinfo.c socks_gssapi.c socks_sspi.c		\
+  curl_sspi.c slist.c nonblock.c curl_memrchr.c imap.c pop3.c smtp.c	\
+  pingpong.c rtsp.c curl_threads.c warnless.c hmac.c polarssl.c		\
+  curl_rtmp.c openldap.c curl_gethostname.c gopher.c axtls.c		\
+  idn_win32.c http_negotiate_sspi.c cyassl.c http_proxy.c non-ascii.c	\
+  asyn-ares.c asyn-thread.c curl_gssapi.c curl_ntlm.c curl_ntlm_wb.c	\
+  curl_ntlm_core.c curl_ntlm_msgs.c
 
 HHEADERS = arpa_telnet.h netrc.h file.h timeval.h qssl.h hostip.h	\
   progress.h formdata.h cookie.h http.h sendf.h ftp.h url.h dict.h	\
@@ -29,12 +31,12 @@ HHEADERS = arpa_telnet.h netrc.h file.h timeval.h qssl.h hostip.h	\
   getinfo.h strequal.h krb4.h memdebug.h http_chunks.h curl_rand.h	\
   curl_fnmatch.h wildcard.h fileinfo.h ftplistparser.h strtok.h		\
   connect.h llist.h hash.h content_encoding.h share.h curl_md4.h	\
-  curl_md5.h http_digest.h http_negotiate.h http_ntlm.h inet_pton.h	\
+  curl_md5.h http_digest.h http_negotiate.h inet_pton.h			\
   strtoofft.h strerror.h inet_ntop.h curlx.h curl_memory.h setup.h	\
   transfer.h select.h easyif.h multiif.h parsedate.h sslgen.h gtls.h	\
   tftp.h sockaddr.h splay.h strdup.h setup_once.h socks.h ssh.h nssg.h	\
   curl_base64.h rawstr.h curl_addrinfo.h curl_sspi.h slist.h nonblock.h	\
   curl_memrchr.h imap.h pop3.h smtp.h pingpong.h rtsp.h curl_threads.h	\
-  warnless.h curl_hmac.h polarssl.h curl_rtmp.h curl_gethostname.h      \
-  gopher.h axtls.h cyassl.h http_proxy.h
-
+  warnless.h curl_hmac.h polarssl.h curl_rtmp.h curl_gethostname.h	\
+  gopher.h axtls.h cyassl.h http_proxy.h non-ascii.h asyn.h curl_ntlm.h \
+  curl_gssapi.h curl_ntlm_wb.h curl_ntlm_core.h curl_ntlm_msgs.h

lib/Makefile.m32

@@ -1,10 +1,10 @@
 #########################################################################
 #
 ## Makefile for building libcurl.a with MingW32 (GCC-3.2 or later)
-## and optionally OpenSSL (0.9.8), libssh2 (1.2), zlib (1.2.5)
+## and optionally OpenSSL (0.9.8), libssh2 (1.2), zlib (1.2.5), librtmp (2.3)
 ##
-## Usage:
-## mingw32-make -f Makefile.m32 [SSL=1] [SSH2=1] [ZLIB=1] [IDN=1] [SSPI=1] [IPV6=1] [LDAPS=1] [RTMP=1] [DYN=1]
+## Usage:   mingw32-make -f Makefile.m32 CFG=-feature1[-feature2][-feature3][...]
+## Example: mingw32-make -f Makefile.m32 CFG=-zlib-ssl-sspi-winidn
 ##
 ## Hint: you can also set environment vars to control the build, f.e.:
 ## set ZLIB_PATH=c:/zlib-1.2.5
@@ -24,15 +24,21 @@ OPENSSL_PATH = ../../openssl-0.9.8r
 endif
 # Edit the path below to point to the base of your LibSSH2 package.
 ifndef LIBSSH2_PATH
-LIBSSH2_PATH = ../../libssh2-1.2.7
+LIBSSH2_PATH = ../../libssh2-1.3.0
+endif
+# Edit the path below to point to the base of your librtmp package.
+ifndef LIBRTMP_PATH
+LIBRTMP_PATH = ../../librtmp-2.3
 endif
 # Edit the path below to point to the base of your libidn package.
 ifndef LIBIDN_PATH
 LIBIDN_PATH = ../../libidn-1.18
 endif
-# Edit the path below to point to the base of your librtmp package.
-ifndef LIBRTMP_PATH
-LIBRTMP_PATH = ../../librtmp-2.3
+# Edit the path below to point to the base of your MS idndlpackage. 
+# Microsoft Internationalized Domain Names (IDN) Mitigation APIs 1.1
+# http://www.microsoft.com/downloads/en/details.aspx?FamilyID=ad6158d7-ddba-416a-9109-07607425a815
+ifndef WINIDN_PATH
+WINIDN_PATH = ../../Microsoft IDN Mitigation APIs
 endif
 # Edit the path below to point to the base of your Novell LDAP NDK.
 ifndef LDAP_SDK
@@ -44,10 +50,19 @@ ifndef LIBCARES_PATH
 LIBCARES_PATH = ../ares
 endif
 
+# Edit the var below to set to your architecture or set environment var.
+ifndef ARCH
+ARCH = w32
+endif
+
 CC = gcc
-AR = ar
+CFLAGS = -g -O2 -Wall
+ifeq ($(ARCH),w64)
+CFLAGS += -D_AMD64_
+endif
 # comment LDFLAGS below to keep debug info
 LDFLAGS = -s
+AR = ar
 RANLIB = ranlib
 RC = windres
 RCFLAGS = --include-dir=../include -DDEBUGBUILD=0 -O COFF -i
@@ -57,8 +72,49 @@ STRIP = strip -g
 ########################################################
 ## Nothing more to do below this line!
 
+ifeq ($(findstring -dyn,$(CFG)),-dyn)
+DYN = 1
+endif
+ifeq ($(findstring -ares,$(CFG)),-ares)
+ARES = 1
+endif
+ifeq ($(findstring -rtmp,$(CFG)),-rtmp)
+RTMP = 1
+SSL = 1
+ZLIB = 1
+endif
+ifeq ($(findstring -ssh2,$(CFG)),-ssh2)
+SSH2 = 1
+SSL = 1
+ZLIB = 1
+endif
+ifeq ($(findstring -ssl,$(CFG)),-ssl)
+SSL = 1
+endif
+ifeq ($(findstring -zlib,$(CFG)),-zlib)
+ZLIB = 1
+endif
+ifeq ($(findstring -idn,$(CFG)),-idn)
+IDN = 1
+endif
+ifeq ($(findstring -winidn,$(CFG)),-winidn)
+WINIDN = 1
+endif
+ifeq ($(findstring -sspi,$(CFG)),-sspi)
+SSPI = 1
+endif
+ifeq ($(findstring -spnego,$(CFG)),-spnego)
+SPNEGO = 1
+endif
+ifeq ($(findstring -ldaps,$(CFG)),-ldaps)
+LDAPS = 1
+endif
+ifeq ($(findstring -ipv6,$(CFG)),-ipv6)
+IPV6 = 1
+endif
+
 INCLUDES = -I. -I../include
-CFLAGS = -g -O2 -DBUILDING_LIBCURL
+CFLAGS += -DBUILDING_LIBCURL
 ifdef ARES
   INCLUDES += -I$(LIBCARES_PATH)
   CFLAGS += -DUSE_ARES
@@ -91,10 +147,19 @@ ifdef IDN
   INCLUDES += -I"$(LIBIDN_PATH)/include"
   CFLAGS += -DUSE_LIBIDN
   DLL_LIBS += -L$(LIBIDN_PATH)/lib -lidn
+else
+ifdef WINIDN
+  CFLAGS += -DUSE_WIN32_IDN
+  CFLAGS += -DWANT_IDN_PROTOTYPES
+  DLL_LIBS += -L"$(WINIDN_PATH)" -lnormaliz
+endif
 endif
 ifdef SSPI
   CFLAGS += -DUSE_WINDOWS_SSPI
 endif
+ifdef SPNEGO
+  CFLAGS += -DHAVE_SPNEGO
+endif
 ifdef IPV6
   CFLAGS += -DENABLE_IPV6
 endif

lib/Makefile.netware

@@ -24,7 +24,7 @@ endif
 
 # Edit the path below to point to the base of your LibSSH2 package.
 ifndef LIBSSH2_PATH
-LIBSSH2_PATH = ../../libssh2-1.2.7
+LIBSSH2_PATH = ../../libssh2-1.3.0
 endif
 
 # Edit the path below to point to the base of your axTLS package.
@@ -95,7 +95,7 @@ else
 endif
 PERL	= perl
 # Here you can find a native Win32 binary of the original awk:
-# http://www.gknw.net/development/prgtools/awk-20070501.zip
+# http://www.gknw.net/development/prgtools/awk-20100523.zip
 AWK	= awk
 CP	= cp -afv
 MKDIR	= mkdir
@@ -498,6 +498,7 @@ endif
 	@echo $(DL)#define USE_MANUAL 1$(DL) >> $@
 	@echo $(DL)#define HAVE_ARPA_INET_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_ASSERT_H 1$(DL) >> $@
+	@echo $(DL)#define HAVE_ERRNO_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_ERR_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_FCNTL_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_GETHOSTBYADDR 1$(DL) >> $@

lib/Makefile.vc6

@@ -20,6 +20,11 @@
 #
 #***************************************************************************
 
+# All files in the Makefile.vc* series are generated automatically from the
+# one made for MSVC version 6. Alas, if you want to do changes to any of the
+# fiels and send back to the project, edit the version six, make your diff and
+# mail curl-library.
+
 ###########################################################################
 #
 # Makefile for building libcurl with MSVC6
@@ -59,13 +64,14 @@
 
 !INCLUDE ..\Makefile.msvc.names
 
-
-
-
 !IFNDEF OPENSSL_PATH
 OPENSSL_PATH   = ../../openssl-0.9.8r
 !ENDIF
 
+!IFNDEF LIBSSH2_PATH
+LIBSSH2_PATH   = ../../libssh2-1.2.8
+!ENDIF
+
 !IFNDEF ZLIB_PATH
 ZLIB_PATH  = ../../zlib-1.2.5
 !ENDIF
@@ -100,8 +106,9 @@ WINDOWS_SDK_PATH = "$(PROGRAMFILES)\Microsoft SDK"
 CCNODBG    = cl.exe /O2 /DNDEBUG
 CCDEBUG    = cl.exe /Od /Gm /Zi /D_DEBUG /GZ
 CFLAGSSSL  = /DUSE_SSLEAY /I "$(OPENSSL_PATH)/inc32" /I "$(OPENSSL_PATH)/inc32/openssl"
+CFLAGSSSH2 = /DUSE_LIBSSH2 /DCURL_DISABLE_LDAP /DHAVE_LIBSSH2 /DHAVE_LIBSSH2_H /DLIBSSH2_WIN32 /DLIBSSH2_LIBRARY /I "$(LIBSSH2_PATH)/include"
 CFLAGSZLIB = /DHAVE_ZLIB_H /DHAVE_ZLIB /DHAVE_LIBZ /I "$(ZLIB_PATH)"
-CFLAGS     = /I. /I../include /nologo /W3 /GX /DWIN32 /YX /FD /c /DBUILDING_LIBCURL
+CFLAGS     = /I. /I../include /nologo /W3 /GX /DWIN32 /YX /FD /c /DBUILDING_LIBCURL /D_BIND_TO_CURRENT_VCLIBS_VERSION=1
 CFLAGSLIB  = /DCURL_STATICLIB
 LNKDLL     = link.exe /DLL
 LNKLIB     = link.exe /lib
@@ -219,6 +226,36 @@ CC       = $(CCNODBG) $(RTLIB) $(CFLAGSSSL) $(CFLAGSZLIB) $(CFLAGSLIB)
 CFGSET   = TRUE
 !ENDIF
 
+######################
+# release-ssl-ssh2-zlib
+
+!IF "$(CFG)" == "release-ssl-ssh2-zlib"
+TARGET   = $(LIB_NAME).lib
+DIROBJ   = $(CFG)
+LFLAGSSSL = "/LIBPATH:$(OPENSSL_PATH)\out32"
+LFLAGSSSH2 = "/LIBPATH:$(LIBSSH2_PATH)"
+LFLAGSZLIB = "/LIBPATH:$(ZLIB_PATH)"
+LNK      = $(LNKLIB) $(LFLAGSSSL) $(LFLAGSSSH2) $(LFLAGSZLIB) /out:$(DIROBJ)\$(TARGET)
+CC       = $(CCNODBG) $(RTLIB) $(CFLAGSSSL) $(CFLAGSSSH2) $(CFLAGSZLIB) $(CFLAGSLIB)
+CFGSET   = TRUE
+RESOURCE = $(LIBSSH2_PATH)/Release/src/libssh2.lib $(ZLIB_PATH)/zlib.lib
+!ENDIF
+
+######################
+# debug-ssl-ssh2-zlib
+
+!IF "$(CFG)" == "debug-ssl-ssh2-zlib"
+TARGET   = $(LIB_NAME_DEBUG).lib
+DIROBJ   = $(CFG)
+LFLAGSZLIB = "/LIBPATH:$(ZLIB_PATH)"
+LFLAGSSSH2 = "/LIBPATH:$(LIBSSH2_PATH)"
+LFLAGSSSL = "/LIBPATH:$(OPENSSL_PATH)\out32"
+LNK      = $(LNKLIB) $(ZLIBLIBS) $(LFLAGSSSL) $(LFLAGSSSH2) $(LFLAGSZLIB) /out:$(DIROBJ)\$(TARGET)
+CC       = $(CCDEBUG) $(RTLIBD) $(CFLAGSSSL) $(CFLAGSSSH2) $(CFLAGSZLIB) $(CFLAGSLIB)
+CFGSET   = TRUE
+RESOURCE = $(LIBSSH2_PATH)/Release/src/libssh2.lib $(ZLIB_PATH)/zlib.lib
+!ENDIF
+
 ######################
 # release-dll
 
@@ -418,6 +455,7 @@ RESOURCE = $(DIROBJ)\libcurl.res
 !MESSAGE   release-ssl                  - release static library with ssl
 !MESSAGE   release-zlib                 - release static library with zlib
 !MESSAGE   release-ssl-zlib             - release static library with ssl and zlib
+!MESSAGE   release-ssl-ssh2-zlib        - release static library with ssl, ssh2 and zlib
 !MESSAGE   release-ssl-dll              - release static library with dynamic ssl
 !MESSAGE   release-zlib-dll             - release static library with dynamic zlib
 !MESSAGE   release-ssl-dll-zlib-dll     - release static library with dynamic ssl and dynamic zlib
@@ -425,6 +463,7 @@ RESOURCE = $(DIROBJ)\libcurl.res
 !MESSAGE   release-dll-ssl-dll          - release dynamic library with dynamic ssl
 !MESSAGE   release-dll-zlib-dll         - release dynamic library with dynamic zlib
 !MESSAGE   release-dll-ssl-dll-zlib-dll - release dynamic library with dynamic ssl and dynamic zlib
+!MESSAGE   debug-ssl-ssh2-zlib          - debug static library with ssl, ssh2 and zlib
 !MESSAGE   debug                        - debug static library
 !MESSAGE   debug-ssl                    - debug static library with ssl
 !MESSAGE   debug-zlib                   - debug static library with zlib
@@ -457,6 +496,8 @@ clean:
 # A config was provided, so the library can be built.
 #
 X_OBJS= \
+	$(DIROBJ)\asyn-ares.obj \
+	$(DIROBJ)\asyn-thread.obj \
 	$(DIROBJ)\base64.obj \
 	$(DIROBJ)\connect.obj \
 	$(DIROBJ)\content_encoding.obj \
@@ -465,6 +506,10 @@ X_OBJS= \
 	$(DIROBJ)\curl_fnmatch.obj \
 	$(DIROBJ)\curl_gethostname.obj \
 	$(DIROBJ)\curl_memrchr.obj \
+	$(DIROBJ)\curl_ntlm.obj \
+	$(DIROBJ)\curl_ntlm_core.obj \
+	$(DIROBJ)\curl_ntlm_msgs.obj \
+	$(DIROBJ)\curl_ntlm_wb.obj \
 	$(DIROBJ)\curl_rand.obj \
 	$(DIROBJ)\curl_rtmp.obj \
 	$(DIROBJ)\curl_sspi.obj \
@@ -479,22 +524,19 @@ X_OBJS= \
 	$(DIROBJ)\ftp.obj \
 	$(DIROBJ)\getenv.obj \
 	$(DIROBJ)\getinfo.obj \
-	$(DIROBJ)\gtls.obj \
 	$(DIROBJ)\gopher.obj \
+	$(DIROBJ)\gtls.obj \
 	$(DIROBJ)\hash.obj \
 	$(DIROBJ)\hmac.obj \
-	$(DIROBJ)\hostares.obj \
 	$(DIROBJ)\hostasyn.obj \
 	$(DIROBJ)\hostip4.obj \
 	$(DIROBJ)\hostip6.obj \
 	$(DIROBJ)\hostip.obj \
 	$(DIROBJ)\hostsyn.obj \
-	$(DIROBJ)\hostthre.obj \
 	$(DIROBJ)\http_chunks.obj \
 	$(DIROBJ)\http_digest.obj \
 	$(DIROBJ)\http_negotiate.obj \
         $(DIROBJ)\http_negotiate_sspi.obj \
-	$(DIROBJ)\http_ntlm.obj \
 	$(DIROBJ)\http.obj \
 	$(DIROBJ)\http_proxy.obj \
 	$(DIROBJ)\if2ip.obj \

lib/Makefile.vxworks

@@ -5,7 +5,7 @@
 #Description: makefile to be used in order to compile libcurl for VxWoorks 6.3.
 #
 #How to use:
-#             1. Adjust environment variables at the file begining
+#             1. Adjust environment variables at the file beginning
 #             2. Open the Command Prompt window and change directory ('cd')
 #                into the 'lib' folder
 #             3. Add <CYGWIN>/bin folder to the PATH environment variable

lib/README.encoding

@@ -33,21 +33,21 @@ Gallagher, and support for the 'gzip' encoding was added by Dan Fandrich.
 
 To cause libcurl to request a content encoding use:
 
-    curl_easy_setopt(curl, CURLOPT_ENCODING, <string>)
+    curl_easy_setopt(curl, CURLOPT_ACCEPT_ENCODING, <string>)
 
 where <string> is the intended value of the Accept-Encoding header.
 
 Currently, libcurl only understands how to process responses that use the
-"deflate" or "gzip" Content-Encoding, so the only values for CURLOPT_ENCODING
-that will work (besides "identity," which does nothing) are "deflate" and
-"gzip" If a response is encoded using the "compress" or methods, libcurl will
-return an error indicating that the response could not be decoded.  If
-<string> is NULL no Accept-Encoding header is generated.  If <string> is a
-zero-length string, then an Accept-Encoding header containing all supported
-encodings will be generated.
+"deflate" or "gzip" Content-Encoding, so the only values for
+CURLOPT_ACCEPT_ENCODING that will work (besides "identity," which does
+nothing) are "deflate" and "gzip" If a response is encoded using the
+"compress" or methods, libcurl will return an error indicating that the
+response could not be decoded.  If <string> is NULL no Accept-Encoding header
+is generated.  If <string> is a zero-length string, then an Accept-Encoding
+header containing all supported encodings will be generated.
 
-The CURLOPT_ENCODING must be set to any non-NULL value for content to be
-automatically decoded.  If it is not set and the server still sends encoded
+The CURLOPT_ACCEPT_ENCODING must be set to any non-NULL value for content to
+be automatically decoded.  If it is not set and the server still sends encoded
 content (despite not having been asked), the data is returned in its raw form
 and the Content-Encoding type is not checked.
 

lib/arpa_telnet.h

@@ -26,7 +26,7 @@
  * Telnet option defines. Add more here if in need.
  */
 #define CURL_TELOPT_BINARY   0  /* binary 8bit data */
-#define CURL_TELOPT_SGA      3  /* Supress Go Ahead */
+#define CURL_TELOPT_SGA      3  /* Suppress Go Ahead */
 #define CURL_TELOPT_EXOPL  255  /* EXtended OPtions List */
 #define CURL_TELOPT_TTYPE   24  /* Terminal TYPE */
 #define CURL_TELOPT_XDISPLOC 35 /* X DISPlay LOCation */

lib/asyn-ares.c

@@ -22,8 +22,6 @@
 
 #include "setup.h"
 
-#include <string.h>
-
 #ifdef HAVE_LIMITS_H
 #include <limits.h>
 #endif
@@ -39,16 +37,12 @@
 #ifdef HAVE_ARPA_INET_H
 #include <arpa/inet.h>
 #endif
-#ifdef HAVE_STDLIB_H
-#include <stdlib.h>     /* required for free() prototypes */
-#endif
 #ifdef HAVE_UNISTD_H
 #include <unistd.h>     /* for the close() proto */
 #endif
 #ifdef __VMS
 #include <in.h>
 #include <inet.h>
-#include <stdlib.h>
 #endif
 
 #ifdef HAVE_PROCESS_H
@@ -60,6 +54,14 @@
 #define in_addr_t unsigned long
 #endif
 
+/***********************************************************************
+ * Only for ares-enabled builds
+ * And only for functions that fulfill the asynch resolver backend API
+ * as defined in asyn.h, nothing else belongs in this file!
+ **********************************************************************/
+
+#ifdef CURLRES_ARES
+
 #include "urldata.h"
 #include "sendf.h"
 #include "hostip.h"
@@ -76,18 +78,140 @@
 #define _MPRINTF_REPLACE /* use our functions only */
 #include <curl/mprintf.h>
 
+#  if defined(CURL_STATICLIB) && !defined(CARES_STATICLIB) && \
+     (defined(WIN32) || defined(_WIN32) || defined(__SYMBIAN32__))
+#    define CARES_STATICLIB
+#  endif
+#  include <ares.h>
+
+#if ARES_VERSION >= 0x010500
+/* c-ares 1.5.0 or later, the callback proto is modified */
+#define HAVE_CARES_CALLBACK_TIMEOUTS 1
+#endif
+
 #include "curl_memory.h"
 /* The last #include file should be: */
 #include "memdebug.h"
 
-/***********************************************************************
- * Only for ares-enabled builds
- **********************************************************************/
-
-#ifdef CURLRES_ARES
+struct ResolverResults {
+  int num_pending; /* number of ares_gethostbyname() requests */
+  Curl_addrinfo *temp_ai; /* intermediary result while fetching c-ares parts */
+  int last_status;
+};
 
 /*
- * Curl_resolv_fdset() is called when someone from the outside world (using
+ * Curl_resolver_global_init() - the generic low-level asynchronous name
+ * resolve API.  Called from curl_global_init() to initialize global resolver
+ * environment.  Initializes ares library.
+ */
+int Curl_resolver_global_init(void)
+{
+#ifdef CARES_HAVE_ARES_LIBRARY_INIT
+  if(ares_library_init(ARES_LIB_INIT_ALL)) {
+    return CURLE_FAILED_INIT;
+  }
+#endif
+  return CURLE_OK;
+}
+
+/*
+ * Curl_resolver_global_cleanup()
+ *
+ * Called from curl_global_cleanup() to destroy global resolver environment.
+ * Deinitializes ares library.
+ */
+void Curl_resolver_global_cleanup(void)
+{
+#ifdef CARES_HAVE_ARES_LIBRARY_CLEANUP
+  ares_library_cleanup();
+#endif
+}
+
+/*
+ * Curl_resolver_init()
+ *
+ * Called from curl_easy_init() -> Curl_open() to initialize resolver
+ * URL-state specific environment ('resolver' member of the UrlState
+ * structure).  Fills the passed pointer by the initialized ares_channel.
+ */
+CURLcode Curl_resolver_init(void **resolver)
+{
+  int status = ares_init((ares_channel*)resolver);
+  if(status != ARES_SUCCESS) {
+    if(status == ARES_ENOMEM)
+      return CURLE_OUT_OF_MEMORY;
+    else
+      return CURLE_FAILED_INIT;
+  }
+  return CURLE_OK;
+  /* make sure that all other returns from this function should destroy the
+     ares channel before returning error! */
+}
+
+/*
+ * Curl_resolver_cleanup()
+ *
+ * Called from curl_easy_cleanup() -> Curl_close() to cleanup resolver
+ * URL-state specific environment ('resolver' member of the UrlState
+ * structure).  Destroys the ares channel.
+ */
+void Curl_resolver_cleanup(void *resolver)
+{
+  ares_destroy((ares_channel)resolver);
+}
+
+/*
+ * Curl_resolver_duphandle()
+ *
+ * Called from curl_easy_duphandle() to duplicate resolver URL-state specific
+ * environment ('resolver' member of the UrlState structure).  Duplicates the
+ * 'from' ares channel and passes the resulting channel to the 'to' pointer.
+ */
+int Curl_resolver_duphandle(void **to, void *from)
+{
+  /* Clone the ares channel for the new handle */
+  if(ARES_SUCCESS != ares_dup((ares_channel*)to,(ares_channel)from))
+    return CURLE_FAILED_INIT;
+  return CURLE_OK;
+}
+
+static void destroy_async_data (struct Curl_async *async);
+
+/*
+ * Cancel all possibly still on-going resolves for this connection.
+ */
+void Curl_resolver_cancel(struct connectdata *conn)
+{
+  if(conn && conn->data && conn->data->state.resolver)
+    ares_cancel((ares_channel)conn->data->state.resolver);
+  destroy_async_data(&conn->async);
+}
+
+/*
+ * destroy_async_data() cleans up async resolver data.
+ */
+static void destroy_async_data (struct Curl_async *async)
+{
+  if(async->hostname)
+    free(async->hostname);
+
+  if(async->os_specific) {
+    struct ResolverResults *res = (struct ResolverResults *)async->os_specific;
+    if(res) {
+      if(res->temp_ai) {
+        Curl_freeaddrinfo(res->temp_ai);
+        res->temp_ai = NULL;
+      }
+      free(res);
+    }
+    async->os_specific = NULL;
+  }
+
+  async->hostname = NULL;
+}
+
+/*
+ * Curl_resolver_fdset() is called when someone from the outside world (using
  * curl_multi_fdset()) wants to get our fd_set setup and we're talking with
  * ares. The caller must make sure that this function is only called when we
  * have a working ares channel.
@@ -95,22 +219,23 @@
  * Returns: CURLE_OK always!
  */
 
-int Curl_resolv_getsock(struct connectdata *conn,
-                        curl_socket_t *socks,
-                        int numsocks)
+int Curl_resolver_getsock(struct connectdata *conn,
+                          curl_socket_t *socks,
+                          int numsocks)
 
 {
   struct timeval maxtime;
   struct timeval timebuf;
   struct timeval *timeout;
-  int max = ares_getsock(conn->data->state.areschannel,
+  int max = ares_getsock((ares_channel)conn->data->state.resolver,
                          (ares_socket_t *)socks, numsocks);
 
 
   maxtime.tv_sec = CURL_TIMEOUT_RESOLVE;
   maxtime.tv_usec = 0;
 
-  timeout = ares_timeout(conn->data->state.areschannel, &maxtime, &timebuf);
+  timeout = ares_timeout((ares_channel)conn->data->state.resolver, &maxtime,
+                         &timebuf);
 
   Curl_expire(conn->data,
               (timeout->tv_sec * 1000) + (timeout->tv_usec/1000));
@@ -138,7 +263,8 @@ static int waitperform(struct connectdata *conn, int timeout_ms)
   int i;
   int num = 0;
 
-  bitmask = ares_getsock(data->state.areschannel, socks, ARES_GETSOCK_MAXNUM);
+  bitmask = ares_getsock((ares_channel)data->state.resolver, socks,
+                         ARES_GETSOCK_MAXNUM);
 
   for(i=0; i < ARES_GETSOCK_MAXNUM; i++) {
     pfd[i].events = 0;
@@ -165,11 +291,12 @@ static int waitperform(struct connectdata *conn, int timeout_ms)
   if(!nfds)
     /* Call ares_process() unconditonally here, even if we simply timed out
        above, as otherwise the ares name resolve won't timeout! */
-    ares_process_fd(data->state.areschannel, ARES_SOCKET_BAD, ARES_SOCKET_BAD);
+    ares_process_fd((ares_channel)data->state.resolver, ARES_SOCKET_BAD,
+                    ARES_SOCKET_BAD);
   else {
     /* move through the descriptors and ask for processing on them */
     for(i=0; i < num; i++)
-      ares_process_fd(data->state.areschannel,
+      ares_process_fd((ares_channel)data->state.resolver,
                       pfd[i].revents & (POLLRDNORM|POLLIN)?
                       pfd[i].fd:ARES_SOCKET_BAD,
                       pfd[i].revents & (POLLWRNORM|POLLOUT)?
@@ -179,23 +306,29 @@ static int waitperform(struct connectdata *conn, int timeout_ms)
 }
 
 /*
- * Curl_is_resolved() is called repeatedly to check if a previous name resolve
- * request has completed. It should also make sure to time-out if the
- * operation seems to take too long.
+ * Curl_resolver_is_resolved() is called repeatedly to check if a previous
+ * name resolve request has completed. It should also make sure to time-out if
+ * the operation seems to take too long.
  *
  * Returns normal CURLcode errors.
  */
-CURLcode Curl_is_resolved(struct connectdata *conn,
-                          struct Curl_dns_entry **dns)
+CURLcode Curl_resolver_is_resolved(struct connectdata *conn,
+                                   struct Curl_dns_entry **dns)
 {
   struct SessionHandle *data = conn->data;
+  struct ResolverResults *res = (struct ResolverResults *)
+    conn->async.os_specific;
 
   *dns = NULL;
 
   waitperform(conn, 0);
 
-  if(conn->async.done) {
-    /* we're done, kill the ares handle */
+  if(res && !res->num_pending) {
+    (void)Curl_addrinfo_callback(conn, res->last_status, res->temp_ai);
+    /* temp_ai ownership is moved to the connection, so we need not free-up
+       them */
+    res->temp_ai = NULL;
+    destroy_async_data(&conn->async);
     if(!conn->async.dns) {
       failf(data, "Could not resolve host: %s (%s)", conn->host.dispname,
             ares_strerror(conn->async.status));
@@ -208,21 +341,24 @@ CURLcode Curl_is_resolved(struct connectdata *conn,
 }
 
 /*
- * Curl_wait_for_resolv() waits for a resolve to finish. This function should
- * be avoided since using this risk getting the multi interface to "hang".
+ * Curl_resolver_wait_resolv()
+ *
+ * waits for a resolve to finish. This function should be avoided since using
+ * this risk getting the multi interface to "hang".
  *
  * If 'entry' is non-NULL, make it point to the resolved dns entry
  *
  * Returns CURLE_COULDNT_RESOLVE_HOST if the host was not resolved, and
  * CURLE_OPERATION_TIMEDOUT if a time-out occurred.
  */
-CURLcode Curl_wait_for_resolv(struct connectdata *conn,
-                              struct Curl_dns_entry **entry)
+CURLcode Curl_resolver_wait_resolv(struct connectdata *conn,
+                                   struct Curl_dns_entry **entry)
 {
   CURLcode rc=CURLE_OK;
   struct SessionHandle *data = conn->data;
   long timeout;
   struct timeval now = Curl_tvnow();
+  struct Curl_dns_entry *temp_entry;
 
   timeout = Curl_timeleft(data, &now, TRUE);
   if(!timeout)
@@ -240,7 +376,7 @@ CURLcode Curl_wait_for_resolv(struct connectdata *conn,
     store.tv_sec = itimeout/1000;
     store.tv_usec = (itimeout%1000)*1000;
 
-    tvp = ares_timeout(data->state.areschannel, &store, &tv);
+    tvp = ares_timeout((ares_channel)data->state.resolver, &store, &tv);
 
     /* use the timeout period ares returned to us above if less than one
        second is left, otherwise just use 1000ms to make sure the progress
@@ -251,6 +387,7 @@ CURLcode Curl_wait_for_resolv(struct connectdata *conn,
       timeout_ms = 1000;
 
     waitperform(conn, timeout_ms);
+    Curl_resolver_is_resolved(conn,&temp_entry);
 
     if(conn->async.done)
       break;
@@ -267,7 +404,7 @@ CURLcode Curl_wait_for_resolv(struct connectdata *conn,
     }
     if(timeout < 0) {
       /* our timeout, so we cancel the ares operation */
-      ares_cancel(data->state.areschannel);
+      ares_cancel((ares_channel)data->state.resolver);
       break;
     }
   }
@@ -281,7 +418,7 @@ CURLcode Curl_wait_for_resolv(struct connectdata *conn,
   if(!conn->async.dns) {
     /* a name was not resolved */
     if((timeout < 0) || (conn->async.status == ARES_ETIMEOUT)) {
-      if (conn->bits.httpproxy) {
+      if(conn->bits.httpproxy) {
         failf(data, "Resolving proxy timed out: %s", conn->proxy.dispname);
         rc = CURLE_COULDNT_RESOLVE_PROXY;
       }
@@ -291,7 +428,7 @@ CURLcode Curl_wait_for_resolv(struct connectdata *conn,
       }
     }
     else if(conn->async.done) {
-      if (conn->bits.httpproxy) {
+      if(conn->bits.httpproxy) {
         failf(data, "Could not resolve proxy: %s (%s)", conn->proxy.dispname,
               ares_strerror(conn->async.status));
         rc = CURLE_COULDNT_RESOLVE_PROXY;
@@ -313,53 +450,73 @@ CURLcode Curl_wait_for_resolv(struct connectdata *conn,
   return rc;
 }
 
+/* Connects results to the list */
+static void compound_results(struct ResolverResults *res,
+                             Curl_addrinfo *ai)
+{
+  Curl_addrinfo *ai_tail;
+  if(!ai)
+    return;
+  ai_tail = ai;
+
+  while(ai_tail->ai_next)
+    ai_tail = ai_tail->ai_next;
+
+  /* Add the new results to the list of old results. */
+  ai_tail->ai_next = res->temp_ai;
+  res->temp_ai = ai;
+}
+
 /*
  * ares_query_completed_cb() is the callback that ares will call when
  * the host query initiated by ares_gethostbyname() from Curl_getaddrinfo(),
  * when using ares, is completed either successfully or with failure.
  */
-static void ares_query_completed_cb(void *arg,  /* (struct connectdata *) */
-                                    int status,
+static void query_completed_cb(void *arg,  /* (struct connectdata *) */
+                               int status,
 #ifdef HAVE_CARES_CALLBACK_TIMEOUTS
-                                    int timeouts,
+                               int timeouts,
 #endif
-                                    struct hostent *hostent)
+                               struct hostent *hostent)
 {
   struct connectdata *conn = (struct connectdata *)arg;
-  struct Curl_addrinfo * ai = NULL;
+  struct ResolverResults *res;
 
 #ifdef HAVE_CARES_CALLBACK_TIMEOUTS
   (void)timeouts; /* ignored */
 #endif
 
-  switch(status) {
-  case CURL_ASYNC_SUCCESS:
-    ai = Curl_he2ai(hostent, conn->async.port);
-    break;
-  case ARES_EDESTRUCTION:
-    /* this ares handle is getting destroyed, the 'arg' pointer may not be
-       valid! */
+  if(ARES_EDESTRUCTION == status)
+    /* when this ares handle is getting destroyed, the 'arg' pointer may not
+       be valid so only defer it when we know the 'status' says its fine! */
     return;
-  default:
-    /* do nothing */
-    break;
-  }
 
-  (void)Curl_addrinfo_callback(arg, status, ai);
+  res = (struct ResolverResults *)conn->async.os_specific;
+  res->num_pending--;
+
+  if(CURL_ASYNC_SUCCESS == status) {
+    Curl_addrinfo *ai = Curl_he2ai(hostent, conn->async.port);
+    if(ai) {
+      compound_results(res, ai);
+    }
+  }
+  /* A successful result overwrites any previous error */
+  if(res->last_status != ARES_SUCCESS)
+    res->last_status = status;
 }
 
 /*
- * Curl_getaddrinfo() - when using ares
+ * Curl_resolver_getaddrinfo() - when using ares
  *
  * Returns name information about the given hostname and port number. If
  * successful, the 'hostent' is returned and the forth argument will point to
  * memory we need to free after use. That memory *MUST* be freed with
  * Curl_freeaddrinfo(), nothing else.
  */
-Curl_addrinfo *Curl_getaddrinfo(struct connectdata *conn,
-                                const char *hostname,
-                                int port,
-                                int *waitp)
+Curl_addrinfo *Curl_resolver_getaddrinfo(struct connectdata *conn,
+                                         const char *hostname,
+                                         int port,
+                                         int *waitp)
 {
   char *bufp;
   struct SessionHandle *data = conn->data;
@@ -379,10 +536,9 @@ Curl_addrinfo *Curl_getaddrinfo(struct connectdata *conn,
 
 #ifdef ENABLE_IPV6 /* CURLRES_IPV6 */
   /* Otherwise, check if this is an IPv6 address string */
-  if (Curl_inet_pton (AF_INET6, hostname, &in6) > 0) {
+  if(Curl_inet_pton (AF_INET6, hostname, &in6) > 0)
     /* This must be an IPv6 address literal.  */
     return Curl_ip2addr(AF_INET6, &in6, hostname, port);
-  }
 
   switch(conn->ip_version) {
   default:
@@ -402,34 +558,42 @@ Curl_addrinfo *Curl_getaddrinfo(struct connectdata *conn,
 #endif /* CURLRES_IPV6 */
 
   bufp = strdup(hostname);
-
   if(bufp) {
+    struct ResolverResults *res = NULL;
     Curl_safefree(conn->async.hostname);
     conn->async.hostname = bufp;
     conn->async.port = port;
     conn->async.done = FALSE;   /* not done */
     conn->async.status = 0;     /* clear */
     conn->async.dns = NULL;     /* clear */
-    conn->async.temp_ai = NULL; /* clear */
+    res = calloc(sizeof(struct ResolverResults),1);
+    if(!res) {
+      Curl_safefree(conn->async.hostname);
+      conn->async.hostname = NULL;
+      return NULL;
+    }
+    conn->async.os_specific = res;
 
+    /* initial status - failed */
+    res->last_status = ARES_ENOTFOUND;
 #ifdef ENABLE_IPV6 /* CURLRES_IPV6 */
     if(family == PF_UNSPEC) {
-      conn->async.num_pending = 2;
+      res->num_pending = 2;
 
       /* areschannel is already setup in the Curl_open() function */
-      ares_gethostbyname(data->state.areschannel, hostname, PF_INET,
-                         ares_query_completed_cb, conn);
-      ares_gethostbyname(data->state.areschannel, hostname, PF_INET6,
-                         ares_query_completed_cb, conn);
+      ares_gethostbyname((ares_channel)data->state.resolver, hostname,
+                         PF_INET, query_completed_cb, conn);
+      ares_gethostbyname((ares_channel)data->state.resolver, hostname,
+                         PF_INET6, query_completed_cb, conn);
     }
     else
 #endif /* CURLRES_IPV6 */
     {
-      conn->async.num_pending = 1;
+      res->num_pending = 1;
 
       /* areschannel is already setup in the Curl_open() function */
-      ares_gethostbyname(data->state.areschannel, hostname, family,
-                         ares_query_completed_cb, conn);
+      ares_gethostbyname((ares_channel)data->state.resolver, hostname, family,
+                         query_completed_cb, conn);
     }
 
     *waitp = 1; /* expect asynchronous response */

lib/asyn-thread.c

@@ -22,9 +22,6 @@
 
 #include "setup.h"
 
-#include <string.h>
-#include <errno.h>
-
 #ifdef HAVE_SYS_SOCKET_H
 #include <sys/socket.h>
 #endif
@@ -37,16 +34,12 @@
 #ifdef HAVE_ARPA_INET_H
 #include <arpa/inet.h>
 #endif
-#ifdef HAVE_STDLIB_H
-#include <stdlib.h>     /* required for free() prototypes */
-#endif
 #ifdef HAVE_UNISTD_H
 #include <unistd.h>     /* for the close() proto */
 #endif
 #ifdef __VMS
 #include <in.h>
 #include <inet.h>
-#include <stdlib.h>
 #endif
 
 #if defined(USE_THREADS_POSIX)
@@ -64,6 +57,12 @@
 #define in_addr_t unsigned long
 #endif
 
+#ifdef HAVE_GETADDRINFO
+#  define RESOLVER_ENOMEM  EAI_MEMORY
+#else
+#  define RESOLVER_ENOMEM  ENOMEM
+#endif
+
 #include "urldata.h"
 #include "sendf.h"
 #include "hostip.h"
@@ -88,6 +87,71 @@
  **********************************************************************/
 #ifdef CURLRES_THREADED
 
+/*
+ * Curl_resolver_global_init()
+ * Called from curl_global_init() to initialize global resolver environment.
+ * Does nothing here.
+ */
+int Curl_resolver_global_init(void)
+{
+  return CURLE_OK;
+}
+
+/*
+ * Curl_resolver_global_cleanup()
+ * Called from curl_global_cleanup() to destroy global resolver environment.
+ * Does nothing here.
+ */
+void Curl_resolver_global_cleanup(void)
+{
+}
+
+/*
+ * Curl_resolver_init()
+ * Called from curl_easy_init() -> Curl_open() to initialize resolver
+ * URL-state specific environment ('resolver' member of the UrlState
+ * structure).  Does nothing here.
+ */
+CURLcode Curl_resolver_init(void **resolver)
+{
+  (void)resolver;
+  return CURLE_OK;
+}
+
+/*
+ * Curl_resolver_cleanup()
+ * Called from curl_easy_cleanup() -> Curl_close() to cleanup resolver
+ * URL-state specific environment ('resolver' member of the UrlState
+ * structure).  Does nothing here.
+ */
+void Curl_resolver_cleanup(void *resolver)
+{
+  (void)resolver;
+}
+
+/*
+ * Curl_resolver_duphandle()
+ * Called from curl_easy_duphandle() to duplicate resolver URL state-specific
+ * environment ('resolver' member of the UrlState structure).  Does nothing
+ * here.
+ */
+int Curl_resolver_duphandle(void **to, void *from)
+{
+  (void)to;
+  (void)from;
+  return CURLE_OK;
+}
+
+static void destroy_async_data(struct Curl_async *);
+
+/*
+ * Cancel all possibly still on-going resolves for this connection.
+ */
+void Curl_resolver_cancel(struct connectdata *conn)
+{
+  destroy_async_data(&conn->async);
+}
+
 /* This function is used to init a threaded resolve */
 static bool init_resolve_thread(struct connectdata *conn,
                                 const char *hostname, int port,
@@ -117,7 +181,7 @@ struct thread_data {
   struct thread_sync_data tsd;
 };
 
-static struct thread_sync_data * conn_thread_sync_data(struct connectdata *conn)
+static struct thread_sync_data *conn_thread_sync_data(struct connectdata *conn)
 {
   return &(((struct thread_data *)conn->async.os_specific)->tsd);
 }
@@ -128,7 +192,7 @@ static struct thread_sync_data * conn_thread_sync_data(struct connectdata *conn)
 static
 void destroy_thread_sync_data(struct thread_sync_data * tsd)
 {
-  if (tsd->mtx) {
+  if(tsd->mtx) {
     Curl_mutex_destroy(tsd->mtx);
     free(tsd->mtx);
   }
@@ -136,7 +200,7 @@ void destroy_thread_sync_data(struct thread_sync_data * tsd)
   if(tsd->hostname)
     free(tsd->hostname);
 
-  if (tsd->res)
+  if(tsd->res)
     Curl_freeaddrinfo(tsd->res);
 
   memset(tsd,0,sizeof(*tsd));
@@ -160,7 +224,8 @@ int init_thread_sync_data(struct thread_sync_data * tsd,
 #endif
 
   tsd->mtx = malloc(sizeof(curl_mutex_t));
-  if (tsd->mtx == NULL) goto err_exit;
+  if(tsd->mtx == NULL)
+    goto err_exit;
 
   Curl_mutex_init(tsd->mtx);
 
@@ -170,7 +235,8 @@ int init_thread_sync_data(struct thread_sync_data * tsd,
    * thread during gethostbyname execution.
    */
   tsd->hostname = strdup(hostname);
-  if (!tsd->hostname) goto err_exit;
+  if(!tsd->hostname)
+    goto err_exit;
 
   return 1;
 
@@ -186,9 +252,9 @@ static int getaddrinfo_complete(struct connectdata *conn)
   int rc;
 
   rc = Curl_addrinfo_callback(conn, tsd->sock_error, tsd->res);
-  /* The tsd->res structure has been copied to async.dns and perhaps the DNS cache.
-     Set our copy to NULL so destroy_thread_sync_data doesn't free it.
-   */
+  /* The tsd->res structure has been copied to async.dns and perhaps the DNS
+     cache.  Set our copy to NULL so destroy_thread_sync_data doesn't free it.
+  */
   tsd->res = NULL;
 
   return rc;
@@ -213,10 +279,10 @@ static unsigned int CURL_STDCALL getaddrinfo_thread (void *arg)
 
   rc = Curl_getaddrinfo_ex(tsd->hostname, service, &tsd->hints, &tsd->res);
 
-  if (rc != 0) {
-    tsd->sock_error = SOCKERRNO;
-    if (tsd->sock_error == 0)
-      tsd->sock_error = ENOMEM;
+  if(rc != 0) {
+    tsd->sock_error = SOCKERRNO?SOCKERRNO:rc;
+    if(tsd->sock_error == 0)
+      tsd->sock_error = RESOLVER_ENOMEM;
   }
 
   Curl_mutex_acquire(tsd->mtx);
@@ -237,10 +303,10 @@ static unsigned int CURL_STDCALL gethostbyname_thread (void *arg)
 
   tsd->res = Curl_ipv4_resolve_r(tsd->hostname, tsd->port);
 
-  if (!tsd->res) {
+  if(!tsd->res) {
     tsd->sock_error = SOCKERRNO;
-    if (tsd->sock_error == 0)
-      tsd->sock_error = ENOMEM;
+    if(tsd->sock_error == 0)
+      tsd->sock_error = RESOLVER_ENOMEM;
   }
 
   Curl_mutex_acquire(tsd->mtx);
@@ -253,10 +319,9 @@ static unsigned int CURL_STDCALL gethostbyname_thread (void *arg)
 #endif /* HAVE_GETADDRINFO */
 
 /*
- * Curl_destroy_thread_data() cleans up async resolver data and thread handle.
- * Complementary of ares_destroy.
+ * destroy_async_data() cleans up async resolver data and thread handle.
  */
-void Curl_destroy_thread_data (struct Curl_async *async)
+static void destroy_async_data (struct Curl_async *async)
 {
   if(async->hostname)
     free(async->hostname);
@@ -264,10 +329,10 @@ void Curl_destroy_thread_data (struct Curl_async *async)
   if(async->os_specific) {
     struct thread_data *td = (struct thread_data*) async->os_specific;
 
-    if (td->dummy_sock != CURL_SOCKET_BAD)
+    if(td->dummy_sock != CURL_SOCKET_BAD)
       sclose(td->dummy_sock);
 
-    if (td->thread_hnd != curl_thread_t_null)
+    if(td->thread_hnd != curl_thread_t_null)
       Curl_thread_join(&td->thread_hnd);
 
     destroy_thread_sync_data(&td->tsd);
@@ -289,7 +354,7 @@ static bool init_resolve_thread (struct connectdata *conn,
                                  const struct addrinfo *hints)
 {
   struct thread_data *td = calloc(1, sizeof(struct thread_data));
-  int err = ENOMEM;
+  int err = RESOLVER_ENOMEM;
 
   conn->async.os_specific = (void*) td;
   if(!td)
@@ -302,7 +367,7 @@ static bool init_resolve_thread (struct connectdata *conn,
   td->dummy_sock = CURL_SOCKET_BAD;
   td->thread_hnd = curl_thread_t_null;
 
-  if (!init_thread_sync_data(&td->tsd, hostname, port, hints))
+  if(!init_thread_sync_data(&td->tsd, hostname, port, hints))
     goto err_exit;
 
   Curl_safefree(conn->async.hostname);
@@ -311,12 +376,12 @@ static bool init_resolve_thread (struct connectdata *conn,
     goto err_exit;
 
 #ifdef WIN32
-  /* This socket is only to keep Curl_resolv_fdset() and select() happy;
+  /* This socket is only to keep Curl_resolver_fdset() and select() happy;
    * should never become signalled for read since it's unbound but
    * Windows needs at least 1 socket in select().
    */
   td->dummy_sock = socket(AF_INET, SOCK_DGRAM, 0);
-  if (td->dummy_sock == CURL_SOCKET_BAD)
+  if(td->dummy_sock == CURL_SOCKET_BAD)
     goto err_exit;
 #endif
 
@@ -336,37 +401,93 @@ static bool init_resolve_thread (struct connectdata *conn,
   return TRUE;
 
  err_exit:
-  Curl_destroy_thread_data(&conn->async);
+  destroy_async_data(&conn->async);
 
   SET_ERRNO(err);
 
   return FALSE;
 }
 
+#if defined(HAVE_GETADDRINFO) && !defined(HAVE_GAI_STRERROR) && !defined(WIN32)
+/* NetWare has getaddrinfo but lacks gai_strerror.
+   Windows has a gai_strerror but it is bad (not thread-safe) and the generic
+   socket error string function can be used for this pupose. */
+static const char *gai_strerror(int ecode)
+{
+  switch (ecode) {
+  case EAI_AGAIN:
+    return "The name could not be resolved at this time";
+  case EAI_BADFLAGS:
+    return "The flags parameter had an invalid value";
+  case EAI_FAIL:
+    return "A non-recoverable error occurred when attempting to "
+      "resolve the name";
+  case EAI_FAMILY:
+    return "The address family was not recognized";
+  case EAI_MEMORY:
+    return "Out of memory";
+  case EAI_NONAME:
+    return "The name does not resolve for the supplied parameters";
+  case EAI_SERVICE:
+    return "The service passed was not recognized for the "
+      "specified socket type"
+  case EAI_SOCKTYPE:
+    return "The intended socket type was not recognized"
+  case EAI_SYSTEM:
+    return "A system error occurred";
+  case EAI_OVERFLOW:
+    return "An argument buffer overflowed";
+  default:
+    return "Unknown error";
+
+/* define this now as this is a private implementation of said function */
+#define HAVE_GAI_STRERROR
+}
+#endif
+
 
 /*
- * Curl_wait_for_resolv() waits for a resolve to finish. This function should
- * be avoided since using this risk getting the multi interface to "hang".
+ * resolver_error() calls failf() with the appropriate message after a resolve
+ * error
+ */
+
+static void resolver_error(struct connectdata *conn, const char *host_or_proxy)
+{
+  failf(conn->data, "Could not resolve %s: %s; %s", host_or_proxy,
+        conn->async.hostname,
+#ifdef HAVE_GAI_STRERROR
+        /* NetWare doesn't have gai_strerror and on Windows it isn't deemed
+           thread-safe */
+        gai_strerror(conn->async.status)
+#else
+        Curl_strerror(conn, conn->async.status)
+#endif
+    );
+}
+
+/*
+ * Curl_resolver_wait_resolv()
+ *
+ * waits for a resolve to finish. This function should be avoided since using
+ * this risk getting the multi interface to "hang".
  *
  * If 'entry' is non-NULL, make it point to the resolved dns entry
  *
  * This is the version for resolves-in-a-thread.
  */
-CURLcode Curl_wait_for_resolv(struct connectdata *conn,
-                              struct Curl_dns_entry **entry)
+CURLcode Curl_resolver_wait_resolv(struct connectdata *conn,
+                                   struct Curl_dns_entry **entry)
 {
   struct thread_data   *td = (struct thread_data*) conn->async.os_specific;
-  struct SessionHandle *data = conn->data;
   CURLcode rc = CURLE_OK;
 
   DEBUGASSERT(conn && td);
 
   /* wait for the thread to resolve the name */
-  if (Curl_thread_join(&td->thread_hnd)) {
+  if(Curl_thread_join(&td->thread_hnd))
     rc = getaddrinfo_complete(conn);
-  } else {
+  else
     DEBUGASSERT(0);
-  }
 
   conn->async.done = TRUE;
 
@@ -375,18 +496,17 @@ CURLcode Curl_wait_for_resolv(struct connectdata *conn,
 
   if(!conn->async.dns) {
     /* a name was not resolved */
-    if (conn->bits.httpproxy) {
-      failf(data, "Could not resolve proxy: %s; %s",
-            conn->async.hostname, Curl_strerror(conn, conn->async.status));
+    if(conn->bits.httpproxy) {
+      resolver_error(conn, "proxy");
       rc = CURLE_COULDNT_RESOLVE_PROXY;
-    } else {
-      failf(data, "Could not resolve host: %s; %s",
-            conn->async.hostname, Curl_strerror(conn, conn->async.status));
+    }
+    else {
+      resolver_error(conn, "host");
       rc = CURLE_COULDNT_RESOLVE_HOST;
     }
   }
 
-  Curl_destroy_thread_data(&conn->async);
+  destroy_async_data(&conn->async);
 
   if(!conn->async.dns)
     conn->bits.close = TRUE;
@@ -395,12 +515,12 @@ CURLcode Curl_wait_for_resolv(struct connectdata *conn,
 }
 
 /*
- * Curl_is_resolved() is called repeatedly to check if a previous name resolve
- * request has completed. It should also make sure to time-out if the
- * operation seems to take too long.
+ * Curl_resolver_is_resolved() is called repeatedly to check if a previous
+ * name resolve request has completed. It should also make sure to time-out if
+ * the operation seems to take too long.
  */
-CURLcode Curl_is_resolved(struct connectdata *conn,
-                          struct Curl_dns_entry **entry)
+CURLcode Curl_resolver_is_resolved(struct connectdata *conn,
+                                   struct Curl_dns_entry **entry)
 {
   struct SessionHandle *data = conn->data;
   struct thread_data   *td = (struct thread_data*) conn->async.os_specific;
@@ -408,7 +528,7 @@ CURLcode Curl_is_resolved(struct connectdata *conn,
 
   *entry = NULL;
 
-  if (!td) {
+  if(!td) {
     DEBUGASSERT(td);
     return CURLE_COULDNT_RESOLVE_HOST;
   }
@@ -417,30 +537,30 @@ CURLcode Curl_is_resolved(struct connectdata *conn,
   done = td->tsd.done;
   Curl_mutex_release(td->tsd.mtx);
 
-  if (done) {
+  if(done) {
     getaddrinfo_complete(conn);
-    Curl_destroy_thread_data(&conn->async);
+    destroy_async_data(&conn->async);
 
     if(!conn->async.dns) {
-      failf(data, "Could not resolve host: %s; %s",
-            conn->host.name, Curl_strerror(conn, conn->async.status));
+      resolver_error(conn, "host");
       return CURLE_COULDNT_RESOLVE_HOST;
     }
     *entry = conn->async.dns;
-  } else {
+  }
+  else {
     /* poll for name lookup done with exponential backoff up to 250ms */
     int elapsed = Curl_tvdiff(Curl_tvnow(), data->progress.t_startsingle);
-    if (elapsed < 0)
+    if(elapsed < 0)
       elapsed = 0;
 
-    if (td->poll_interval == 0)
+    if(td->poll_interval == 0)
       /* Start at 1ms poll interval */
       td->poll_interval = 1;
-    else if (elapsed >= td->interval_end)
+    else if(elapsed >= td->interval_end)
       /* Back-off exponentially if last interval expired  */
       td->poll_interval *= 2;
 
-    if (td->poll_interval > 250)
+    if(td->poll_interval > 250)
       td->poll_interval = 250;
 
     td->interval_end = elapsed + td->poll_interval;
@@ -450,9 +570,9 @@ CURLcode Curl_is_resolved(struct connectdata *conn,
   return CURLE_OK;
 }
 
-int Curl_resolv_getsock(struct connectdata *conn,
-                        curl_socket_t *socks,
-                        int numsocks)
+int Curl_resolver_getsock(struct connectdata *conn,
+                          curl_socket_t *socks,
+                          int numsocks)
 {
   const struct thread_data *td =
     (const struct thread_data *) conn->async.os_specific;
@@ -472,10 +592,10 @@ int Curl_resolv_getsock(struct connectdata *conn,
 /*
  * Curl_getaddrinfo() - for platforms without getaddrinfo
  */
-Curl_addrinfo *Curl_getaddrinfo(struct connectdata *conn,
-                                const char *hostname,
-                                int port,
-                                int *waitp)
+Curl_addrinfo *Curl_resolver_getaddrinfo(struct connectdata *conn,
+                                         const char *hostname,
+                                         int port,
+                                         int *waitp)
 {
   struct in_addr in;
 
@@ -498,23 +618,36 @@ Curl_addrinfo *Curl_getaddrinfo(struct connectdata *conn,
 #else /* !HAVE_GETADDRINFO */
 
 /*
- * Curl_getaddrinfo() - for getaddrinfo
+ * Curl_resolver_getaddrinfo() - for getaddrinfo
  */
-Curl_addrinfo *Curl_getaddrinfo(struct connectdata *conn,
-                                const char *hostname,
-                                int port,
-                                int *waitp)
+Curl_addrinfo *Curl_resolver_getaddrinfo(struct connectdata *conn,
+                                         const char *hostname,
+                                         int port,
+                                         int *waitp)
 {
   struct addrinfo hints;
+  struct in_addr in;
   Curl_addrinfo *res;
   int error;
   char sbuf[NI_MAXSERV];
   int pf = PF_INET;
-  struct SessionHandle *data = conn->data;
+#ifdef CURLRES_IPV6
+  struct in6_addr in6;
+#endif /* CURLRES_IPV6 */
 
   *waitp = 0; /* default to synchronous response */
 
-#ifndef CURLRES_IPV4
+  /* First check if this is an IPv4 address string */
+  if(Curl_inet_pton(AF_INET, hostname, &in) > 0)
+    /* This is a dotted IP address 123.123.123.123-style */
+    return Curl_ip2addr(AF_INET, &in, hostname, port);
+
+#ifdef CURLRES_IPV6
+  /* check if this is an IPv6 address string */
+  if(Curl_inet_pton (AF_INET6, hostname, &in6) > 0)
+    /* This is an IPv6 address literal */
+    return Curl_ip2addr(AF_INET6, &in6, hostname, port);
+
   /*
    * Check if a limited name resolve has been requested.
    */
@@ -534,7 +667,7 @@ Curl_addrinfo *Curl_getaddrinfo(struct connectdata *conn,
     /* the stack seems to be a non-ipv6 one */
     pf = PF_INET;
 
-#endif /* !CURLRES_IPV4 */
+#endif /* CURLRES_IPV6 */
 
   memset(&hints, 0, sizeof(hints));
   hints.ai_family = pf;
@@ -549,12 +682,12 @@ Curl_addrinfo *Curl_getaddrinfo(struct connectdata *conn,
   }
 
   /* fall-back to blocking version */
-  infof(data, "init_resolve_thread() failed for %s; %s\n",
+  infof(conn->data, "init_resolve_thread() failed for %s; %s\n",
         hostname, Curl_strerror(conn, ERRNO));
 
   error = Curl_getaddrinfo_ex(hostname, sbuf, &hints, &res);
   if(error) {
-    infof(data, "getaddrinfo() failed for %s:%d; %s\n",
+    infof(conn->data, "getaddrinfo() failed for %s:%d; %s\n",
           hostname, port, Curl_strerror(conn, SOCKERRNO));
     return NULL;
   }

lib/asyn.h

@@ -0,0 +1,168 @@
+#ifndef HEADER_CURL_ASYN_H
+#define HEADER_CURL_ASYN_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "setup.h"
+#include "curl_addrinfo.h"
+
+struct addrinfo;
+struct hostent;
+struct SessionHandle;
+struct connectdata;
+struct Curl_dns_entry;
+
+/*
+ * This header defines all functions in the internal asynch resolver interface.
+ * All asynch resolvers need to provide these functions.
+ * asyn-ares.c and asyn-thread.c are the current implementations of asynch
+ * resolver backends.
+ */
+
+/*
+ * Curl_resolver_global_init()
+ *
+ * Called from curl_global_init() to initialize global resolver environment.
+ * Returning anything else than CURLE_OK fails curl_global_init().
+ */
+int Curl_resolver_global_init(void);
+
+/*
+ * Curl_resolver_global_cleanup()
+ * Called from curl_global_cleanup() to destroy global resolver environment.
+ */
+void Curl_resolver_global_cleanup(void);
+
+/*
+ * Curl_resolver_init()
+ * Called from curl_easy_init() -> Curl_open() to initialize resolver
+ * URL-state specific environment ('resolver' member of the UrlState
+ * structure).  Should fill the passed pointer by the initialized handler.
+ * Returning anything else than CURLE_OK fails curl_easy_init() with the
+ * correspondent code.
+ */
+CURLcode Curl_resolver_init(void **resolver);
+
+/*
+ * Curl_resolver_cleanup()
+ * Called from curl_easy_cleanup() -> Curl_close() to cleanup resolver
+ * URL-state specific environment ('resolver' member of the UrlState
+ * structure).  Should destroy the handler and free all resources connected to
+ * it.
+ */
+void Curl_resolver_cleanup(void *resolver);
+
+/*
+ * Curl_resolver_duphandle()
+ * Called from curl_easy_duphandle() to duplicate resolver URL-state specific
+ * environment ('resolver' member of the UrlState structure).  Should
+ * duplicate the 'from' handle and pass the resulting handle to the 'to'
+ * pointer.  Returning anything else than CURLE_OK causes failed
+ * curl_easy_duphandle() call.
+ */
+int Curl_resolver_duphandle(void **to, void *from);
+
+/*
+ * Curl_resolver_cancel().
+ *
+ * It is called from inside other functions to cancel currently performing
+ * resolver request. Should also free any temporary resources allocated to
+ * perform a request.
+ */
+void Curl_resolver_cancel(struct connectdata *conn);
+
+/* Curl_resolver_getsock()
+ *
+ * This function is called from the multi_getsock() function.  'sock' is a
+ * pointer to an array to hold the file descriptors, with 'numsock' being the
+ * size of that array (in number of entries). This function is supposed to
+ * return bitmask indicating what file descriptors (referring to array indexes
+ * in the 'sock' array) to wait for, read/write.
+ */
+int Curl_resolver_getsock(struct connectdata *conn, curl_socket_t *sock,
+                          int numsocks);
+
+/*
+ * Curl_resolver_is_resolved()
+ *
+ * Called repeatedly to check if a previous name resolve request has
+ * completed. It should also make sure to time-out if the operation seems to
+ * take too long.
+ *
+ * Returns normal CURLcode errors.
+ */
+CURLcode Curl_resolver_is_resolved(struct connectdata *conn,
+                                   struct Curl_dns_entry **dns);
+
+/*
+ * Curl_resolver_wait_resolv()
+ *
+ * waits for a resolve to finish. This function should be avoided since using
+ * this risk getting the multi interface to "hang".
+ *
+ * If 'entry' is non-NULL, make it point to the resolved dns entry
+ *
+ * Returns CURLE_COULDNT_RESOLVE_HOST if the host was not resolved, and
+ * CURLE_OPERATION_TIMEDOUT if a time-out occurred.
+
+ */
+CURLcode Curl_resolver_wait_resolv(struct connectdata *conn,
+                                   struct Curl_dns_entry **dnsentry);
+
+/*
+ * Curl_resolver_getaddrinfo() - when using this resolver
+ *
+ * Returns name information about the given hostname and port number. If
+ * successful, the 'hostent' is returned and the forth argument will point to
+ * memory we need to free after use. That memory *MUST* be freed with
+ * Curl_freeaddrinfo(), nothing else.
+ *
+ * Each resolver backend must of course make sure to return data in the
+ * correct format to comply with this.
+ */
+Curl_addrinfo *Curl_resolver_getaddrinfo(struct connectdata *conn,
+                                         const char *hostname,
+                                         int port,
+                                         int *waitp);
+
+#ifndef CURLRES_ASYNCH
+/* convert these functions if an asynch resolver isn't used */
+#define Curl_resolver_cancel(x) Curl_nop_stmt
+#define Curl_resolver_is_resolved(x,y) CURLE_COULDNT_RESOLVE_HOST
+#define Curl_resolver_wait_resolv(x,y) CURLE_COULDNT_RESOLVE_HOST
+#define Curl_resolver_getsock(x,y,z) 0
+#define Curl_resolver_duphandle(x,y) CURLE_OK
+#define Curl_resolver_init(x) CURLE_OK
+#define Curl_resolver_global_init() CURLE_OK
+#define Curl_resolver_global_cleanup() Curl_nop_stmt
+#define Curl_resolver_cleanup(x) Curl_nop_stmt
+#endif
+
+#ifdef CURLRES_ASYNCH
+#define Curl_resolver_asynch() 1
+#else
+#define Curl_resolver_asynch() 0
+#endif
+
+
+/********** end of generic resolver interface functions *****************/
+#endif /* HEADER_CURL_ASYN_H */

lib/axtls.c

@@ -27,13 +27,11 @@
  */
 
 #include "setup.h"
+
 #ifdef USE_AXTLS
 #include <axTLS/ssl.h>
 #include "axtls.h"
 
-#include <string.h>
-#include <stdlib.h>
-#include <ctype.h>
 #ifdef HAVE_SYS_SOCKET_H
 #include <sys/socket.h>
 #endif
@@ -58,7 +56,7 @@ static int SSL_read(SSL *ssl, void *buf, int num)
 
   while((ret = ssl_read(ssl, &read_buf)) == SSL_OK);
 
-  if(ret > SSL_OK){
+  if(ret > SSL_OK) {
     memcpy(buf, read_buf, ret > num ? num : ret);
   }
 
@@ -82,8 +80,7 @@ int Curl_axtls_cleanup(void)
 
 static CURLcode map_error_to_curl(int axtls_err)
 {
-  switch (axtls_err)
-  {
+  switch (axtls_err) {
   case SSL_ERROR_NOT_SUPPORTED:
   case SSL_ERROR_INVALID_VERSION:
   case -70:                       /* protocol version alert from server */
@@ -188,10 +185,10 @@ Curl_axtls_connect(struct connectdata *conn,
   /* Load the trusted CA cert bundle file */
   if(data->set.ssl.CAfile) {
     if(ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CACERT, data->set.ssl.CAfile, NULL)
-       != SSL_OK){
+       != SSL_OK) {
       infof(data, "error reading ca cert file %s \n",
             data->set.ssl.CAfile);
-      if(data->set.ssl.verifypeer){
+      if(data->set.ssl.verifypeer) {
         Curl_axtls_close(conn, sockindex);
         return CURLE_SSL_CACERT_BADFILE;
       }
@@ -209,13 +206,13 @@ Curl_axtls_connect(struct connectdata *conn,
    */
 
   /* Load client certificate */
-  if(data->set.str[STRING_CERT]){
+  if(data->set.str[STRING_CERT]) {
     i=0;
     /* Instead of trying to analyze cert type here, let axTLS try them all. */
-    while(cert_types[i] != 0){
+    while(cert_types[i] != 0) {
       ssl_fcn_return = ssl_obj_load(ssl_ctx, cert_types[i],
                                     data->set.str[STRING_CERT], NULL);
-      if(ssl_fcn_return == SSL_OK){
+      if(ssl_fcn_return == SSL_OK) {
         infof(data, "successfully read cert file %s \n",
               data->set.str[STRING_CERT]);
         break;
@@ -223,7 +220,7 @@ Curl_axtls_connect(struct connectdata *conn,
       i++;
     }
     /* Tried all cert types, none worked. */
-    if(cert_types[i] == 0){
+    if(cert_types[i] == 0) {
       failf(data, "%s is not x509 or pkcs12 format",
             data->set.str[STRING_CERT]);
       Curl_axtls_close(conn, sockindex);
@@ -234,13 +231,13 @@ Curl_axtls_connect(struct connectdata *conn,
   /* Load client key.
      If a pkcs12 file successfully loaded a cert, then there's nothing to do
      because the key has already been loaded. */
-  if(data->set.str[STRING_KEY] && cert_types[i] != SSL_OBJ_PKCS12){
+  if(data->set.str[STRING_KEY] && cert_types[i] != SSL_OBJ_PKCS12) {
     i=0;
     /* Instead of trying to analyze key type here, let axTLS try them all. */
-    while(key_types[i] != 0){
+    while(key_types[i] != 0) {
       ssl_fcn_return = ssl_obj_load(ssl_ctx, key_types[i],
                                     data->set.str[STRING_KEY], NULL);
-      if(ssl_fcn_return == SSL_OK){
+      if(ssl_fcn_return == SSL_OK) {
         infof(data, "successfully read key file %s \n",
               data->set.str[STRING_KEY]);
         break;
@@ -248,7 +245,7 @@ Curl_axtls_connect(struct connectdata *conn,
       i++;
     }
     /* Tried all key types, none worked. */
-    if(key_types[i] == 0){
+    if(key_types[i] == 0) {
       failf(data, "Failure: %s is not a supported key file",
             data->set.str[STRING_KEY]);
       Curl_axtls_close(conn, sockindex);
@@ -274,7 +271,7 @@ Curl_axtls_connect(struct connectdata *conn,
 
   /* Check to make sure handshake was ok. */
   ssl_fcn_return = ssl_handshake_status(ssl);
-  if(ssl_fcn_return != SSL_OK){
+  if(ssl_fcn_return != SSL_OK) {
     Curl_axtls_close(conn, sockindex);
     ssl_display_error(ssl_fcn_return); /* goes to stdout. */
     return map_error_to_curl(ssl_fcn_return);
@@ -286,8 +283,8 @@ Curl_axtls_connect(struct connectdata *conn,
    */
 
   /* Verify server's certificate */
-  if(data->set.ssl.verifypeer){
-    if(ssl_verify_cert(ssl) != SSL_OK){
+  if(data->set.ssl.verifypeer) {
+    if(ssl_verify_cert(ssl) != SSL_OK) {
       Curl_axtls_close(conn, sockindex);
       failf(data, "server cert verify failed");
       return CURLE_SSL_CONNECT_ERROR;
@@ -296,7 +293,7 @@ Curl_axtls_connect(struct connectdata *conn,
   else
     infof(data, "\t server certificate verification SKIPPED\n");
 
-  /* Here, gtls.c does issuer verfication. axTLS has no straightforward
+  /* Here, gtls.c does issuer verification. axTLS has no straightforward
    * equivalent, so omitting for now.*/
 
   /* See if common name was set in server certificate */
@@ -416,7 +413,7 @@ int Curl_axtls_shutdown(struct connectdata *conn, int sockindex)
       nread = (ssize_t)SSL_read(conn->ssl[sockindex].ssl, buf,
                                 sizeof(buf));
 
-      if (nread < SSL_OK){
+      if(nread < SSL_OK) {
         failf(data, "close notify alert not received during shutdown");
         retval = -1;
       }
@@ -448,13 +445,13 @@ static ssize_t axtls_recv(struct connectdata *conn, /* connection data */
 
   infof(conn->data, "  axtls_recv\n");
 
-  if(connssl){
+  if(connssl) {
     ret = (ssize_t)SSL_read(conn->ssl[num].ssl, buf, (int)buffersize);
 
     /* axTLS isn't terribly generous about error reporting */
     /* With patched axTLS, SSL_CLOSE_NOTIFY=-3.  Hard-coding until axTLS
        team approves proposed fix. */
-    if(ret == -3 ){
+    if(ret == -3 ) {
       Curl_axtls_close(conn, num);
     }
     else if(ret < 0) {

lib/base64.c

@@ -24,17 +24,14 @@
 
 #include "setup.h"
 
-#include <stdlib.h>
-#include <string.h>
-
 #define _MPRINTF_REPLACE /* use our functions only */
 #include <curl/mprintf.h>
 
 #include "urldata.h" /* for the SessionHandle definition */
-#include "easyif.h"  /* for Curl_convert_... prototypes */
 #include "warnless.h"
 #include "curl_base64.h"
 #include "curl_memory.h"
+#include "non-ascii.h"
 
 /* include memdebug.h last */
 #include "memdebug.h"
@@ -71,10 +68,19 @@ static void decodeQuantum(unsigned char *dest, const char *src)
 /*
  * Curl_base64_decode()
  *
- * Given a base64 string at src, decode it and return an allocated memory in
- * the *outptr. Returns the length of the decoded data.
+ * Given a base64 NUL-terminated string at src, decode it and return a
+ * pointer in *outptr to a newly allocated memory area holding decoded
+ * data. Size of decoded data is returned in variable pointed by outlen.
+ *
+ * Returns CURLE_OK on success, otherwise specific error code. Function
+ * output shall not be considered valid unless CURLE_OK is returned.
+ *
+ * When decoded data length is 0, returns NULL in *outptr.
+ *
+ * @unittest: 1302
  */
-size_t Curl_base64_decode(const char *src, unsigned char **outptr)
+CURLcode Curl_base64_decode(const char *src,
+                            unsigned char **outptr, size_t *outlen)
 {
   size_t length = 0;
   size_t equalsTerm = 0;
@@ -85,6 +91,7 @@ size_t Curl_base64_decode(const char *src, unsigned char **outptr)
   unsigned char *newstr;
 
   *outptr = NULL;
+  *outlen = 0;
 
   while((src[length] != '=') && src[length])
     length++;
@@ -98,7 +105,7 @@ size_t Curl_base64_decode(const char *src, unsigned char **outptr)
 
   /* Don't allocate a buffer if the decoded length is 0 */
   if(numQuantums == 0)
-    return 0;
+    return CURLE_OK;
 
   rawlen = (numQuantums * 3) - equalsTerm;
 
@@ -106,7 +113,7 @@ size_t Curl_base64_decode(const char *src, unsigned char **outptr)
   (which may be partially thrown out) and the zero terminator. */
   newstr = malloc(rawlen+4);
   if(!newstr)
-    return 0;
+    return CURLE_OUT_OF_MEMORY;
 
   *outptr = newstr;
 
@@ -125,68 +132,70 @@ size_t Curl_base64_decode(const char *src, unsigned char **outptr)
     newstr[i] = lastQuantum[i];
 
   newstr[i] = '\0'; /* zero terminate */
-  return rawlen;
+
+  *outlen = rawlen; /* return size of decoded data */
+
+  return CURLE_OK;
 }
 
 /*
  * Curl_base64_encode()
  *
- * Returns the length of the newly created base64 string. The third argument
- * is a pointer to an allocated area holding the base64 data. If something
- * went wrong, 0 is returned.
+ * Given a pointer to an input buffer and an input size, encode it and
+ * return a pointer in *outptr to a newly allocated memory area holding
+ * encoded data. Size of encoded data is returned in variable pointed by
+ * outlen.
  *
+ * Input length of 0 indicates input buffer holds a NUL-terminated string.
+ *
+ * Returns CURLE_OK on success, otherwise specific error code. Function
+ * output shall not be considered valid unless CURLE_OK is returned.
+ *
+ * When encoded data length is 0, returns NULL in *outptr.
+ *
+ * @unittest: 1302
  */
-size_t Curl_base64_encode(struct SessionHandle *data,
-                          const char *inputbuff, size_t insize,
-                          char **outptr)
+CURLcode Curl_base64_encode(struct SessionHandle *data,
+                            const char *inputbuff, size_t insize,
+                            char **outptr, size_t *outlen)
 {
+  CURLcode error;
   unsigned char ibuf[3];
   unsigned char obuf[4];
   int i;
   int inputparts;
   char *output;
   char *base64data;
-#ifdef CURL_DOES_CONVERSIONS
   char *convbuf = NULL;
-#endif
 
   const char *indata = inputbuff;
 
-  *outptr = NULL; /* set to NULL in case of failure before we reach the end */
+  *outptr = NULL;
+  *outlen = 0;
 
   if(0 == insize)
     insize = strlen(indata);
 
   base64data = output = malloc(insize*4/3+4);
   if(NULL == output)
-    return 0;
+    return CURLE_OUT_OF_MEMORY;
 
-#ifdef CURL_DOES_CONVERSIONS
   /*
    * The base64 data needs to be created using the network encoding
    * not the host encoding.  And we can't change the actual input
    * so we copy it to a buffer, translate it, and use that instead.
    */
-  if(data) {
-    convbuf = malloc(insize);
-    if(!convbuf) {
-      free(output);
-      return 0;
-    }
-    memcpy(convbuf, indata, insize);
-    if(CURLE_OK != Curl_convert_to_network(data, convbuf, insize)) {
-      free(convbuf);
-      free(output);
-      return 0;
-    }
-    indata = convbuf; /* switch to the converted buffer */
+  error = Curl_convert_clone(data, indata, insize, &convbuf);
+  if(error) {
+    free(output);
+    return error;
   }
-#else
-  (void)data;
-#endif
+
+  if(convbuf)
+    indata = (char *)convbuf;
 
   while(insize > 0) {
-    for (i = inputparts = 0; i < 3; i++) {
+    for(i = inputparts = 0; i < 3; i++) {
       if(insize > 0) {
         inputparts++;
         ibuf[i] = (unsigned char) *indata;
@@ -226,13 +235,14 @@ size_t Curl_base64_encode(struct SessionHandle *data,
     }
     output += 4;
   }
-  *output=0;
-  *outptr = base64data; /* make it return the actual data memory */
+  *output = '\0';
+  *outptr = base64data; /* return pointer to new data, allocated memory */
 
-#ifdef CURL_DOES_CONVERSIONS
-  if(data)
+  if(convbuf)
     free(convbuf);
-#endif
-  return strlen(base64data); /* return the length of the new data */
+
+  *outlen = strlen(base64data); /* return the length of the new data */
+
+  return CURLE_OK;
 }
 /* ---- End of Base64 Encoding ---- */

lib/checksrc.pl

@@ -0,0 +1,198 @@
+#!/usr/bin/perl
+#***************************************************************************
+#                                  _   _ ____  _
+#  Project                     ___| | | |  _ \| |
+#                             / __| | | | |_) | |
+#                            | (__| |_| |  _ <| |___
+#                             \___|\___/|_| \_\_____|
+#
+# Copyright (C) 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+#
+# This software is licensed as described in the file COPYING, which
+# you should have received as part of this distribution. The terms
+# are also available at http://curl.haxx.se/docs/copyright.html.
+#
+# You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# copies of the Software, and permit persons to whom the Software is
+# furnished to do so, under the terms of the COPYING file.
+#
+# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# KIND, either express or implied.
+#
+###########################################################################
+
+my $max_column = 79;
+my $indent = 2;
+
+my $warnings;
+my $errors;
+my $file;
+my $dir=".";
+my $wlist;
+
+sub checkwarn {
+    my ($num, $col, $file, $line, $msg, $error) = @_;
+
+    my $w=$error?"error":"warning";
+
+    if($w) {
+        $warnings++;
+    }
+    else {
+        $errors++;
+    }
+
+    $col++;
+    print "$file:$num:$col: $w: $msg\n";
+    print " $line\n";
+
+    if($col < 80) {
+        my $pref = (' ' x $col);
+        print "${pref}^\n";
+    }
+}
+
+$file = shift @ARGV;
+
+while(1) {
+
+    if($file =~ /-D(.*)/) {
+        $dir = $1;
+        $file = shift @ARGV;
+        next;
+    }
+    elsif($file =~ /-W(.*)/) {
+        $wlist .= " $1 ";
+        $file = shift @ARGV;
+        next;
+    }
+
+    last;
+}
+
+if(!$file) {
+    print "checksrc.pl [option] <file1> [file2] ...\n";
+    print " Options:\n";
+    print "  -D[DIR]   Directory to prepend file names\n";
+    print "  -W[file]  Whitelist the given file - ignore all its flaws\n";
+    exit;
+}
+
+do {
+    if("$wlist" !~ / $file /) {
+        my $fullname = $file;
+        $fullname = "$dir/$file" if ($fullname !~ '^\.?\.?/');
+        scanfile($fullname);
+    }
+    $file = shift @ARGV;
+
+} while($file);
+
+
+sub scanfile {
+    my ($file) = @_;
+
+    my $line = 1;
+    my $prevl;
+    my $l;
+    open(R, "<$file") || die "failed to open $file";
+
+    my $copyright=0;
+
+    while(<R>) {
+        chomp;
+        my $l = $_;
+        my $column = 0;
+
+        # check for a copyright statement
+        if(!$copyright && ($l =~ /copyright .* \d\d\d\d/i)) {
+            $copyright=1;
+        }
+
+        # detect long lines
+        if(length($l) > $max_column) {
+            checkwarn($line, length($l), $file, $l, "Longer than $max_column columns");
+        }
+        # detect TAB characters
+        if($l =~ /^(.*)\t/) {
+            checkwarn($line, length($1), $file, $l, "Contains TAB character", 1);
+        }
+        # detect trailing white space
+        if($l =~ /^(.*)[ \t]+\z/) {
+            checkwarn($line, length($1), $file, $l, "Trailing whitespace");
+        }
+
+        # check spaces after for/if/while
+        if($l =~ /^(.*)(for|if|while) \(/) {
+            if($1 =~ / *\#/) {
+                # this is a #if, treat it differently
+            }
+            else {
+                checkwarn($line, length($1)+length($2), $file, $l,
+                          "$2 with space");
+            }
+        }
+
+        # check spaces after open paren after for/if/while
+        if($l =~ /^(.*)(for|if|while)\( /) {
+            if($1 =~ / *\#/) {
+                # this is a #if, treat it differently
+            }
+            else {
+                checkwarn($line, length($1)+length($2)+1, $file, $l,
+                          "$2 with space first in condition");
+            }
+        }
+
+        # check for "} else"
+        if($l =~ /^(.*)\} *else/) {
+            checkwarn($line, length($1), $file, $l, "else after closing brace on same line");
+        }
+        # check for "){"
+        if($l =~ /^(.*)\)\{/) {
+            checkwarn($line, length($1)+1, $file, $l, "missing space after close paren");
+        }
+
+        # check for open brace first on line but not first column
+        # only alert if previous line ended with a close paren and wasn't a cpp
+        # line
+        if((($prevl =~ /\)\z/) && ($prevl !~ /^ *#/)) && ($l =~ /^( +)\{/)) {
+            checkwarn($line, length($1), $file, $l, "badly placed open brace");
+        }
+
+        # if the previous line starts with if/while/for AND ends with an open
+        # brace, check that this line is indented $indent more steps, if not
+        # a cpp line
+        if($prevl =~ /^( *)(if|while|for)\(.*\{\z/) {
+            my $first = length($1);
+
+            # this line has some character besides spaces
+            if(($l !~ /^ *#/) && ($l =~ /^( *)[^ ]/)) {
+                my $second = length($1);
+                my $expect = $first+$indent;
+                if($expect != $second) {
+                    my $diff = $second - $first;
+                    checkwarn($line, length($1), $file, $l,
+                              "not indented $indent steps, uses $diff)");
+
+                }
+            }
+        }
+
+        $line++;
+        $prevl = $l;
+    }
+
+    if(!$copyright) {
+        checkwarn(1, 0, $file, "", "Missing copyright statement", 1);
+    }
+
+    close(R);
+
+}
+
+
+if($errors || $warnings) {
+    printf "checksrc: %d errors and %d warnings\n", $errors, $warnings;
+    exit 5; # return failure
+}

lib/config-amigaos.h

@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -26,6 +26,7 @@
 
 #define HAVE_ARPA_INET_H 1
 #define HAVE_CLOSESOCKET_CAMEL 1
+#define HAVE_ERRNO_H 1
 #define HAVE_GETHOSTBYADDR 1
 #define HAVE_INET_ADDR 1
 #define HAVE_INTTYPES_H 1

lib/config-dos.h

@@ -40,6 +40,7 @@
 #define PACKAGE  "curl"
 
 #define HAVE_ARPA_INET_H       1
+#define HAVE_ERRNO_H           1
 #define HAVE_FCNTL_H           1
 #define HAVE_GETADDRINFO       1
 #define HAVE_GETNAMEINFO       1

lib/config-mac.h

@@ -30,6 +30,7 @@
 
 #define OS "mac"
 
+#define HAVE_ERRNO_H            1
 #define HAVE_NETINET_IN_H       1
 #define HAVE_SYS_SOCKET_H       1
 #define HAVE_SYS_SELECT_H       1

lib/config-os400.h

@@ -97,6 +97,9 @@
 /* Define if you have the <des.h> header file. */
 #undef HAVE_DES_H
 
+/* Define if you have the <errno.h> header file. */
+#define HAVE_ERRNO_H
+
 /* Define if you have the <err.h> header file. */
 #undef HAVE_ERR_H
 

lib/config-riscos.h

@@ -92,6 +92,9 @@
 /* Define if you have the <des.h> header file. */
 #undef HAVE_DES_H
 
+/* Define if you have the <errno.h> header file. */
+#define HAVE_ERRNO_H
+
 /* Define if you have the <err.h> header file. */
 #undef HAVE_ERR_H
 

lib/config-vms.h

@@ -143,6 +143,9 @@
 /* Define if you have the uname function.  */
 #define HAVE_UNAME 1
 
+/* Define if you have the <errno.h> header file.  */
+#define HAVE_ERRNO_H 1
+
 /* Define if you have the <err.h> header file.  */
 #define HAVE_ERR_H 1
 

lib/config-win32.h

@@ -1,5 +1,5 @@
-#ifndef __LIB_CONFIG_WIN32_H
-#define __LIB_CONFIG_WIN32_H
+#ifndef HEADER_CURL_CONFIG_WIN32_H
+#define HEADER_CURL_CONFIG_WIN32_H
 /***************************************************************************
  *                                  _   _ ____  _
  *  Project                     ___| | | |  _ \| |
@@ -23,49 +23,57 @@
  ***************************************************************************/
 
 /* ================================================================ */
-/*    lib/config-win32.h - Hand crafted config file for Windows     */
+/*               Hand crafted config file for Windows               */
 /* ================================================================ */
 
 /* ---------------------------------------------------------------- */
 /*                          HEADER FILES                            */
 /* ---------------------------------------------------------------- */
 
-/* Define if you have the <arpa/inet.h> header file.  */
+/* Define if you have the <arpa/inet.h> header file. */
 /* #define HAVE_ARPA_INET_H 1 */
 
-/* Define if you have the <assert.h> header file.  */
+/* Define if you have the <assert.h> header file. */
 #define HAVE_ASSERT_H 1
 
-/* Define if you have the <crypto.h> header file.  */
+/* Define if you have the <crypto.h> header file. */
 /* #define HAVE_CRYPTO_H 1 */
 
-/* Define if you have the <err.h> header file.  */
+/* Define if you have the <errno.h> header file. */
+#define HAVE_ERRNO_H 1
+
+/* Define if you have the <err.h> header file. */
 /* #define HAVE_ERR_H 1 */
 
-/* Define if you have the <fcntl.h> header file.  */
+/* Define if you have the <fcntl.h> header file. */
 #define HAVE_FCNTL_H 1
 
-/* Define if you have the <getopt.h> header file.  */
-/* #define HAVE_GETOPT_H 1 */
+/* Define if you have the <getopt.h> header file. */
+#if defined(__MINGW32__) || defined(__POCC__)
+#define HAVE_GETOPT_H 1
+#endif
 
-/* Define if you have the <io.h> header file.  */
+/* Define if you have the <io.h> header file. */
 #define HAVE_IO_H 1
 
-/* Define if you have the <limits.h> header file.  */
+/* Define if you have the <limits.h> header file. */
 #define HAVE_LIMITS_H 1
 
-/* Define if you need the malloc.h header file even with stdlib.h  */
+/* Define if you have the <locale.h> header file. */
+#define HAVE_LOCALE_H 1
+
+/* Define if you need <malloc.h> header even with <stdlib.h> header file. */
 #if !defined(__SALFORDC__) && !defined(__POCC__)
 #define NEED_MALLOC_H 1
 #endif
 
-/* Define if you have the <netdb.h> header file.  */
+/* Define if you have the <netdb.h> header file. */
 /* #define HAVE_NETDB_H 1 */
 
-/* Define if you have the <netinet/in.h> header file.  */
+/* Define if you have the <netinet/in.h> header file. */
 /* #define HAVE_NETINET_IN_H 1 */
 
-/* Define if you have the <process.h> header file.  */
+/* Define if you have the <process.h> header file. */
 #ifndef __SALFORDC__
 #define HAVE_PROCESS_H 1
 #endif
@@ -73,68 +81,68 @@
 /* Define if you have the <signal.h> header file. */
 #define HAVE_SIGNAL_H 1
 
-/* Define if you have the <sgtty.h> header file.  */
+/* Define if you have the <sgtty.h> header file. */
 /* #define HAVE_SGTTY_H 1 */
 
-/* Define if you have the <ssl.h> header file.  */
+/* Define if you have the <ssl.h> header file. */
 /* #define HAVE_SSL_H 1 */
 
-/* Define if you have the <stdlib.h> header file.  */
+/* Define if you have the <stdlib.h> header file. */
 #define HAVE_STDLIB_H 1
 
-/* Define if you have the <sys/param.h> header file.  */
+/* Define if you have the <sys/param.h> header file. */
 /* #define HAVE_SYS_PARAM_H 1 */
 
-/* Define if you have the <sys/select.h> header file.  */
+/* Define if you have the <sys/select.h> header file. */
 /* #define HAVE_SYS_SELECT_H 1 */
 
-/* Define if you have the <sys/socket.h> header file.  */
+/* Define if you have the <sys/socket.h> header file. */
 /* #define HAVE_SYS_SOCKET_H 1 */
 
-/* Define if you have the <sys/sockio.h> header file.  */
+/* Define if you have the <sys/sockio.h> header file. */
 /* #define HAVE_SYS_SOCKIO_H 1 */
 
-/* Define if you have the <sys/stat.h> header file.  */
+/* Define if you have the <sys/stat.h> header file. */
 #define HAVE_SYS_STAT_H 1
 
-/* Define if you have the <sys/time.h> header file */
+/* Define if you have the <sys/time.h> header file. */
 /* #define HAVE_SYS_TIME_H 1 */
 
-/* Define if you have the <sys/types.h> header file.  */
+/* Define if you have the <sys/types.h> header file. */
 #define HAVE_SYS_TYPES_H 1
 
-/* Define if you have the <sys/utime.h> header file.  */
+/* Define if you have the <sys/utime.h> header file. */
 #ifndef __BORLANDC__
 #define HAVE_SYS_UTIME_H 1
 #endif
 
-/* Define if you have the <termio.h> header file.  */
+/* Define if you have the <termio.h> header file. */
 /* #define HAVE_TERMIO_H 1 */
 
-/* Define if you have the <termios.h> header file.  */
+/* Define if you have the <termios.h> header file. */
 /* #define HAVE_TERMIOS_H 1 */
 
-/* Define if you have the <time.h> header file.  */
+/* Define if you have the <time.h> header file. */
 #define HAVE_TIME_H 1
 
-/* Define if you have the <unistd.h> header file.  */
+/* Define if you have the <unistd.h> header file. */
 #if defined(__MINGW32__) || defined(__WATCOMC__) || defined(__LCC__) || \
     defined(__POCC__)
 #define HAVE_UNISTD_H 1
 #endif
 
-/* Define if you have the <windows.h> header file.  */
+/* Define if you have the <windows.h> header file. */
 #define HAVE_WINDOWS_H 1
 
-/* Define if you have the <winsock.h> header file.  */
+/* Define if you have the <winsock.h> header file. */
 #define HAVE_WINSOCK_H 1
 
-/* Define if you have the <winsock2.h> header file.  */
+/* Define if you have the <winsock2.h> header file. */
 #ifndef __SALFORDC__
 #define HAVE_WINSOCK2_H 1
 #endif
 
-/* Define if you have the <ws2tcpip.h> header file.  */
+/* Define if you have the <ws2tcpip.h> header file. */
 #ifndef __SALFORDC__
 #define HAVE_WS2TCPIP_H 1
 #endif
@@ -146,41 +154,44 @@
 /* Define if sig_atomic_t is an available typedef. */
 #define HAVE_SIG_ATOMIC_T 1
 
-/* Define if you have the ANSI C header files.  */
+/* Define if you have the ANSI C header files. */
 #define STDC_HEADERS 1
 
-/* Define if you can safely include both <sys/time.h> and <time.h>.  */
+/* Define if you can safely include both <sys/time.h> and <time.h>. */
 /* #define TIME_WITH_SYS_TIME 1 */
 
 /* ---------------------------------------------------------------- */
 /*                             FUNCTIONS                            */
 /* ---------------------------------------------------------------- */
 
-/* Define if you have the closesocket function.  */
+/* Define if you have the closesocket function. */
 #define HAVE_CLOSESOCKET 1
 
-/* Define if you don't have vprintf but do have _doprnt.  */
+/* Define if you don't have vprintf but do have _doprnt. */
 /* #define HAVE_DOPRNT 1 */
 
-/* Define if you have the gethostbyaddr function.  */
+/* Define if you have the ftruncate function. */
+#define HAVE_FTRUNCATE 1
+
+/* Define if you have the gethostbyaddr function. */
 #define HAVE_GETHOSTBYADDR 1
 
-/* Define if you have the gethostname function.  */
+/* Define if you have the gethostname function. */
 #define HAVE_GETHOSTNAME 1
 
-/* Define if you have the getpass function.  */
+/* Define if you have the getpass function. */
 /* #define HAVE_GETPASS 1 */
 
-/* Define if you have the getservbyname function.  */
+/* Define if you have the getservbyname function. */
 #define HAVE_GETSERVBYNAME 1
 
-/* Define if you have the getprotobyname function.  */
+/* Define if you have the getprotobyname function. */
 #define HAVE_GETPROTOBYNAME
 
-/* Define if you have the gettimeofday function.  */
+/* Define if you have the gettimeofday function. */
 /* #define HAVE_GETTIMEOFDAY 1 */
 
-/* Define if you have the inet_addr function.  */
+/* Define if you have the inet_addr function. */
 #define HAVE_INET_ADDR 1
 
 /* Define if you have the ioctlsocket function. */
@@ -189,35 +200,41 @@
 /* Define if you have a working ioctlsocket FIONBIO function. */
 #define HAVE_IOCTLSOCKET_FIONBIO 1
 
-/* Define if you have the perror function.  */
+/* Define if you have the perror function. */
 #define HAVE_PERROR 1
 
-/* Define if you have the RAND_screen function when using SSL  */
+/* Define if you have the RAND_screen function when using SSL. */
 #define HAVE_RAND_SCREEN 1
 
 /* Define if you have the `RAND_status' function when using SSL. */
 #define HAVE_RAND_STATUS 1
 
-/* Define to 1 if you have the `CRYPTO_cleanup_all_ex_data' function.
+/* Define if you have the `CRYPTO_cleanup_all_ex_data' function.
    This is present in OpenSSL versions after 0.9.6b */
 #define HAVE_CRYPTO_CLEANUP_ALL_EX_DATA 1
 
-/* Define if you have the select function.  */
+/* Define if you have the select function. */
 #define HAVE_SELECT 1
 
-/* Define if you have the setvbuf function.  */
+/* Define if you have the setlocale function. */
+#define HAVE_SETLOCALE 1
+
+/* Define if you have the setmode function. */
+#define HAVE_SETMODE 1
+
+/* Define if you have the setvbuf function. */
 #define HAVE_SETVBUF 1
 
-/* Define if you have the socket function.  */
+/* Define if you have the socket function. */
 #define HAVE_SOCKET 1
 
-/* Define if you have the strcasecmp function.  */
+/* Define if you have the strcasecmp function. */
 /* #define HAVE_STRCASECMP 1 */
 
-/* Define if you have the strdup function.  */
+/* Define if you have the strdup function. */
 #define HAVE_STRDUP 1
 
-/* Define if you have the strftime function.  */
+/* Define if you have the strftime function. */
 #define HAVE_STRFTIME 1
 
 /* Define if you have the stricmp function. */
@@ -229,21 +246,21 @@
 /* Define if you have the strnicmp function. */
 #define HAVE_STRNICMP 1
 
-/* Define if you have the strstr function.  */
+/* Define if you have the strstr function. */
 #define HAVE_STRSTR 1
 
-/* Define if you have the strtoll function.  */
+/* Define if you have the strtoll function. */
 #if defined(__MINGW32__) || defined(__WATCOMC__) || defined(__POCC__)
 #define HAVE_STRTOLL 1
 #endif
 
-/* Define if you have the tcgetattr function.  */
+/* Define if you have the tcgetattr function. */
 /* #define HAVE_TCGETATTR 1 */
 
-/* Define if you have the tcsetattr function.  */
+/* Define if you have the tcsetattr function. */
 /* #define HAVE_TCSETATTR 1 */
 
-/* Define if you have the utime function */
+/* Define if you have the utime function. */
 #ifndef __BORLANDC__
 #define HAVE_UTIME 1
 #endif
@@ -330,13 +347,13 @@
 /*                       TYPEDEF REPLACEMENTS                       */
 /* ---------------------------------------------------------------- */
 
-/* Define this if in_addr_t is not an available 'typedefed' type */
+/* Define if in_addr_t is not an available 'typedefed' type. */
 #define in_addr_t unsigned long
 
-/* Define as the return type of signal handlers (int or void).  */
+/* Define to the return type of signal handlers (int or void). */
 #define RETSIGTYPE void
 
-/* Define ssize_t if it is not an available 'typedefed' type */
+/* Define if ssize_t is not an available 'typedefed' type. */
 #ifndef _SSIZE_T_DEFINED
 #  if (defined(__WATCOMC__) && (__WATCOMC__ >= 1240)) || \
       defined(__POCC__) || \
@@ -354,19 +371,19 @@
 /*                            TYPE SIZES                            */
 /* ---------------------------------------------------------------- */
 
-/* The size of `int', as computed by sizeof. */
+/* Define to the size of `int', as computed by sizeof. */
 #define SIZEOF_INT 4
 
-/* The size of `long double', as computed by sizeof. */
+/* Define to the size of `long double', as computed by sizeof. */
 #define SIZEOF_LONG_DOUBLE 16
 
-/* The size of `long long', as computed by sizeof. */
+/* Define to the size of `long long', as computed by sizeof. */
 /* #define SIZEOF_LONG_LONG 8 */
 
-/* The size of `short', as computed by sizeof. */
+/* Define to the size of `short', as computed by sizeof. */
 #define SIZEOF_SHORT 2
 
-/* The size of `size_t', as computed by sizeof. */
+/* Define to the size of `size_t', as computed by sizeof. */
 #if defined(_WIN64)
 #  define SIZEOF_SIZE_T 8
 #else
@@ -377,14 +394,49 @@
 /*                          STRUCT RELATED                          */
 /* ---------------------------------------------------------------- */
 
-/* Define this if you have struct sockaddr_storage */
+/* Define if you have struct sockaddr_storage. */
 #if !defined(__SALFORDC__) && !defined(__BORLANDC__)
 #define HAVE_STRUCT_SOCKADDR_STORAGE 1
 #endif
 
-/* Define this if you have struct timeval */
+/* Define if you have struct timeval. */
 #define HAVE_STRUCT_TIMEVAL 1
 
+/* Define if struct sockaddr_in6 has the sin6_scope_id member. */
+#define HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID 1
+
+/* ---------------------------------------------------------------- */
+/*               BSD-style lwIP TCP/IP stack SPECIFIC               */
+/* ---------------------------------------------------------------- */
+
+/* Define to use BSD-style lwIP TCP/IP stack. */
+/* #define USE_LWIPSOCK 1 */
+
+#ifdef USE_LWIPSOCK
+#  undef USE_WINSOCK
+#  undef HAVE_WINSOCK_H
+#  undef HAVE_WINSOCK2_H
+#  undef HAVE_WS2TCPIP_H
+#  undef HAVE_ERRNO_H
+#  undef HAVE_GETHOSTNAME
+#  undef HAVE_GETNAMEINFO
+#  undef LWIP_POSIX_SOCKETS_IO_NAMES
+#  undef RECV_TYPE_ARG1
+#  undef RECV_TYPE_ARG3
+#  undef SEND_TYPE_ARG1
+#  undef SEND_TYPE_ARG3
+#  define HAVE_FREEADDRINFO
+#  define HAVE_GETADDRINFO
+#  define HAVE_GETHOSTBYNAME
+#  define HAVE_GETHOSTBYNAME_R
+#  define HAVE_GETHOSTBYNAME_R_6
+#  define LWIP_POSIX_SOCKETS_IO_NAMES 0
+#  define RECV_TYPE_ARG1 int
+#  define RECV_TYPE_ARG3 size_t
+#  define SEND_TYPE_ARG1 int
+#  define SEND_TYPE_ARG3 size_t
+#endif
+
 /* ---------------------------------------------------------------- */
 /*                        Watt-32 tcp/ip SPECIFIC                   */
 /* ---------------------------------------------------------------- */
@@ -413,8 +465,11 @@
 /*                        COMPILER SPECIFIC                         */
 /* ---------------------------------------------------------------- */
 
-/* Undef keyword 'const' if it does not work.  */
-/* #undef const */
+/* Define to nothing if compiler does not support 'const' qualifier. */
+/* #define const */
+
+/* Define to nothing if compiler does not support 'volatile' qualifier. */
+/* #define volatile */
 
 /* Windows should not have HAVE_GMTIME_R defined */
 /* #undef HAVE_GMTIME_R */
@@ -429,14 +484,14 @@
 #define HAVE_LONGLONG 1
 #endif
 
-/* Define to avoid VS2005 complaining about portable C functions */
+/* Define to avoid VS2005 complaining about portable C functions. */
 #if defined(_MSC_VER) && (_MSC_VER >= 1400)
 #define _CRT_SECURE_NO_DEPRECATE 1
 #define _CRT_NONSTDC_NO_DEPRECATE 1
 #endif
 
-/* VS2005 and later dafault size for time_t is 64-bit, unless */
-/* _USE_32BIT_TIME_T has been defined to get a 32-bit time_t. */
+/* VS2005 and later dafault size for time_t is 64-bit, unless
+   _USE_32BIT_TIME_T has been defined to get a 32-bit time_t. */
 #if defined(_MSC_VER) && (_MSC_VER >= 1400)
 #  ifndef _USE_32BIT_TIME_T
 #    define SIZEOF_TIME_T 8
@@ -446,12 +501,13 @@
 #endif
 
 /* Officially, Microsoft's Windows SDK versions 6.X do not support Windows
-   2000 as a supported build target. VS2008 default installations provide an
-   embedded Windows SDK v6.0A along with the claim that Windows 2000 is a
-   valid build target for VS2008. Popular belief is that binaries built using
-   Windows SDK versions 6.X and Windows 2000 as a build target are functional */
+   2000 as a supported build target. VS2008 default installations provide
+   an embedded Windows SDK v6.0A along with the claim that Windows 2000 is
+   a valid build target for VS2008. Popular belief is that binaries built
+   with VS2008 using Windows SDK versions 6.X and Windows 2000 as a build
+   target are functional. */
 #if defined(_MSC_VER) && (_MSC_VER >= 1500)
-#  define VS2008_MINIMUM_TARGET 0x0500
+#  define VS2008_MIN_TARGET 0x0500
 #endif
 
 /* When no build target is specified VS2008 default build target is Windows
@@ -459,18 +515,18 @@
    for VS2008 we will target the minimum Officially supported build target,
    which happens to be Windows XP. */
 #if defined(_MSC_VER) && (_MSC_VER >= 1500)
-#  define VS2008_DEFAULT_TARGET  0x0501
+#  define VS2008_DEF_TARGET  0x0501
 #endif
 
-/* VS2008 default target settings and minimum build target check */
+/* VS2008 default target settings and minimum build target check. */
 #if defined(_MSC_VER) && (_MSC_VER >= 1500)
 #  ifndef _WIN32_WINNT
-#    define _WIN32_WINNT VS2008_DEFAULT_TARGET
+#    define _WIN32_WINNT VS2008_DEF_TARGET
 #  endif
 #  ifndef WINVER
-#    define WINVER VS2008_DEFAULT_TARGET
+#    define WINVER VS2008_DEF_TARGET
 #  endif
-#  if (_WIN32_WINNT < VS2008_MINIMUM_TARGET) || (WINVER < VS2008_MINIMUM_TARGET)
+#  if (_WIN32_WINNT < VS2008_MIN_TARGET) || (WINVER < VS2008_MIN_TARGET)
 #    error VS2008 does not support Windows build targets prior to Windows 2000
 #  endif
 #endif
@@ -549,13 +605,13 @@
 /* ---------------------------------------------------------------- */
 
 /*
- * Undefine both USE_ARES and USE_THREADS_WIN32 for synchronous DNS
+ * Undefine both USE_ARES and USE_THREADS_WIN32 for synchronous DNS.
  */
 
-/* Define USE_ARES to enable c-ares asynchronous DNS lookups */
+/* Define to enable c-ares asynchronous DNS lookups. */
 /* #define USE_ARES 1 */
 
-/* Define USE_THREADS_WIN32 to enable threaded asynchronous DNS lookups */
+/* Define to enable threaded asynchronous DNS lookups. */
 #define USE_THREADS_WIN32 1
 
 #if defined(USE_ARES) && defined(USE_THREADS_WIN32)
@@ -608,8 +664,11 @@
 /* Name of package */
 #define PACKAGE "curl"
 
+/* If you want to build curl with the built-in manual */
+#define USE_MANUAL 1
+
 #if defined(__POCC__) || (USE_IPV6)
 #  define ENABLE_IPV6 1
 #endif
 
-#endif /* __LIB_CONFIG_WIN32_H */
+#endif /* HEADER_CURL_CONFIG_WIN32_H */

lib/config-win32ce.h

@@ -39,6 +39,9 @@
 /* Define if you have the <crypto.h> header file.  */
 /* #define HAVE_CRYPTO_H 1 */
 
+/* Define if you have the <errno.h> header file.  */
+/* #define HAVE_ERRNO_H 1 */
+
 /* Define if you have the <err.h> header file.  */
 /* #define HAVE_ERR_H 1 */
 

lib/connect.c

@@ -22,9 +22,6 @@
 
 #include "setup.h"
 
-#ifdef HAVE_SYS_TIME_H
-#include <sys/time.h>
-#endif
 #ifdef HAVE_SYS_SOCKET_H
 #include <sys/socket.h>
 #endif
@@ -52,9 +49,6 @@
 #ifdef HAVE_ARPA_INET_H
 #include <arpa/inet.h>
 #endif
-#ifdef HAVE_STDLIB_H
-#include <stdlib.h>
-#endif
 
 #if (defined(HAVE_IOCTL_FIONBIO) && defined(NETWARE))
 #include <sys/filio.h>
@@ -68,10 +62,6 @@
 #include <inet.h>
 #endif
 
-#include <stdio.h>
-#include <errno.h>
-#include <string.h>
-
 #define _MPRINTF_REPLACE /* use our functions only */
 #include <curl/mprintf.h>
 
@@ -89,6 +79,7 @@
 #include "inet_pton.h"
 #include "sslgen.h" /* for Curl_ssl_check_cxn() */
 #include "progress.h"
+#include "warnless.h"
 
 /* The last #include file should be: */
 #include "memdebug.h"
@@ -130,6 +121,8 @@ singleipconnect(struct connectdata *conn,
  * If 'nowp' is non-NULL, it points to the current time.
  * 'duringconnect' is FALSE if not during a connect, as then of course the
  * connect timeout is not taken into account!
+ *
+ * @unittest: 1303
  */
 long Curl_timeleft(struct SessionHandle *data,
                    struct timeval *nowp,
@@ -174,7 +167,7 @@ long Curl_timeleft(struct SessionHandle *data,
     nowp = &now;
   }
 
-  /* substract elapsed time */
+  /* subtract elapsed time */
   timeout_ms -= Curl_tvdiff(*nowp, data->progress.t_startsingle);
   if(!timeout_ms)
     /* avoid returning 0 as that means no timeout! */
@@ -210,8 +203,8 @@ int waitconnect(struct connectdata *conn,
   for(;;) {
 
     /* now select() until we get connect or timeout */
-    rc = Curl_socket_ready(CURL_SOCKET_BAD, sockfd, (int)(timeout_msec>1000?
-                                                          1000:timeout_msec));
+    rc = Curl_socket_ready(CURL_SOCKET_BAD, sockfd, timeout_msec>1000?
+                           1000:timeout_msec);
     if(Curl_pgrsUpdate(conn))
       return WAITCONN_ABORTED;
 
@@ -263,7 +256,7 @@ static CURLcode bindlocal(struct connectdata *conn,
   /*************************************************************
    * Select device to bind socket to
    *************************************************************/
-  if ( !dev && !port )
+  if(!dev && !port)
     /* no local kind of binding was requested */
     return CURLE_OK;
 
@@ -315,16 +308,16 @@ static CURLcode bindlocal(struct connectdata *conn,
       long ipver = conn->ip_version;
       int rc;
 
-      if (af == AF_INET)
+      if(af == AF_INET)
         conn->ip_version = CURL_IPRESOLVE_V4;
 #ifdef ENABLE_IPV6
-      else if (af == AF_INET6)
+      else if(af == AF_INET6)
         conn->ip_version = CURL_IPRESOLVE_V6;
 #endif
 
       rc = Curl_resolv(conn, dev, 0, &h);
       if(rc == CURLRESOLV_PENDING)
-        (void)Curl_wait_for_resolv(conn, &h);
+        (void)Curl_resolver_wait_resolv(conn, &h);
       conn->ip_version = ipver;
 
       if(h) {
@@ -372,14 +365,14 @@ static CURLcode bindlocal(struct connectdata *conn,
   else {
     /* no device was given, prepare sa to match af's needs */
 #ifdef ENABLE_IPV6
-    if ( af == AF_INET6 ) {
+    if(af == AF_INET6) {
       si6->sin6_family = AF_INET6;
       si6->sin6_port = htons(port);
       sizeof_sa = sizeof(struct sockaddr_in6);
     }
     else
 #endif
-    if ( af == AF_INET ) {
+    if(af == AF_INET) {
       si4->sin_family = AF_INET;
       si4->sin_port = htons(port);
       sizeof_sa = sizeof(struct sockaddr_in);
@@ -387,8 +380,8 @@ static CURLcode bindlocal(struct connectdata *conn,
   }
 
   for(;;) {
-    if( bind(sockfd, sock, sizeof_sa) >= 0) {
-    /* we succeeded to bind */
+    if(bind(sockfd, sock, sizeof_sa) >= 0) {
+      /* we succeeded to bind */
       struct Curl_sockaddr_storage add;
       curl_socklen_t size = sizeof(add);
       memset(&add, 0, sizeof(struct Curl_sockaddr_storage));
@@ -510,7 +503,7 @@ static CURLcode trynextip(struct connectdata *conn,
   *connected = FALSE;
 
   if(sockindex != FIRSTSOCKET) {
-    sclose(fd_to_close);
+    Curl_closesocket(conn, fd_to_close);
     return CURLE_COULDNT_CONNECT; /* no next */
   }
 
@@ -525,12 +518,12 @@ static CURLcode trynextip(struct connectdata *conn,
       /* store the new socket descriptor */
       conn->sock[sockindex] = sockfd;
       conn->ip_addr = ai;
-      sclose(fd_to_close);
+      Curl_closesocket(conn, fd_to_close);
       return CURLE_OK;
     }
     ai = ai->ai_next;
   }
-  sclose(fd_to_close);
+  Curl_closesocket(conn, fd_to_close);
   return CURLE_COULDNT_CONNECT;
 }
 
@@ -666,7 +659,7 @@ CURLcode Curl_is_connected(struct connectdata *conn,
 
   *connected = FALSE; /* a very negative world view is best */
 
-  if(conn->bits.tcpconnect) {
+  if(conn->bits.tcpconnect[sockindex]) {
     /* we are connected already! */
     *connected = TRUE;
     return CURLE_OK;
@@ -698,10 +691,17 @@ CURLcode Curl_is_connected(struct connectdata *conn,
 
   if(WAITCONN_CONNECTED == rc) {
     if(verifyconnect(sockfd, &error)) {
-      /* we are connected, awesome! */
-      conn->bits.tcpconnect = TRUE;
+      /* we are connected with TCP, awesome! */
+
+      /* see if we need to do any proxy magic first once we connected */
+      code = Curl_connected_proxy(conn);
+      if(code)
+        return code;
+
+      conn->bits.tcpconnect[sockindex] = TRUE;
       *connected = TRUE;
-      Curl_pgrsTime(data, TIMER_CONNECT); /* connect done */
+      if(sockindex == FIRSTSOCKET)
+        Curl_pgrsTime(data, TIMER_CONNECT); /* connect done */
       Curl_verboseconnect(conn);
       Curl_updateconninfo(conn, sockfd);
 
@@ -747,7 +747,7 @@ static void tcpnodelay(struct connectdata *conn,
 #ifdef TCP_NODELAY
   struct SessionHandle *data= conn->data;
   curl_socklen_t onoff = (curl_socklen_t) data->set.tcp_nodelay;
-  int proto = IPPROTO_TCP;
+  int level = IPPROTO_TCP;
 
 #if 0
   /* The use of getprotobyname() is disabled since it isn't thread-safe on
@@ -759,10 +759,10 @@ static void tcpnodelay(struct connectdata *conn,
      detected. */
   struct protoent *pe = getprotobyname("tcp");
   if(pe)
-    proto = pe->p_proto;
+    level = pe->p_proto;
 #endif
 
-  if(setsockopt(sockfd, proto, TCP_NODELAY, (void *)&onoff,
+  if(setsockopt(sockfd, level, TCP_NODELAY, (void *)&onoff,
                 sizeof(onoff)) < 0)
     infof(data, "Could not set TCP_NODELAY: %s\n",
           Curl_strerror(conn, SOCKERRNO));
@@ -790,10 +790,10 @@ static void nosigpipe(struct connectdata *conn,
           Curl_strerror(conn, SOCKERRNO));
 }
 #else
-#define nosigpipe(x,y)
+#define nosigpipe(x,y) Curl_nop_stmt
 #endif
 
-#ifdef WIN32
+#ifdef USE_WINSOCK
 /* When you run a program that uses the Windows Sockets API, you may
    experience slow performance when you copy data to a TCP server.
 
@@ -809,8 +809,8 @@ void Curl_sndbufset(curl_socket_t sockfd)
   int curval = 0;
   int curlen = sizeof(curval);
 
-  if (getsockopt(sockfd, SOL_SOCKET, SO_SNDBUF, (char *)&curval, &curlen) == 0)
-    if (curval > val)
+  if(getsockopt(sockfd, SOL_SOCKET, SO_SNDBUF, (char *)&curval, &curlen) == 0)
+    if(curval > val)
       return;
 
   setsockopt(sockfd, SOL_SOCKET, SO_SNDBUF, (const char *)&val, sizeof(val));
@@ -888,7 +888,7 @@ singleipconnect(struct connectdata *conn,
     return CURLE_OK;
 
 #if defined(ENABLE_IPV6) && defined(HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID)
-  if (conn->scope && (addr.family == AF_INET6))
+  if(conn->scope && (addr.family == AF_INET6))
     sa6->sin6_scope_id = conn->scope;
 #endif
 
@@ -899,7 +899,7 @@ singleipconnect(struct connectdata *conn,
     error = ERRNO;
     failf(data, "sa_addr inet_ntop() failed with errno %d: %s",
           error, Curl_strerror(conn, error));
-    sclose(sockfd);
+    Curl_closesocket(conn, sockfd);
     return CURLE_OK;
   }
   memcpy(conn->ip_addr_str, conn->primary_ip, MAX_IPADR_LEN);
@@ -928,7 +928,7 @@ singleipconnect(struct connectdata *conn,
     if(error == CURL_SOCKOPT_ALREADY_CONNECTED)
       isconnected = TRUE;
     else if(error) {
-      sclose(sockfd); /* close the socket and bail out */
+      Curl_closesocket(conn, sockfd); /* close the socket and bail out */
       return CURLE_ABORTED_BY_CALLBACK;
     }
   }
@@ -936,7 +936,7 @@ singleipconnect(struct connectdata *conn,
   /* possibly bind the local end to an IP, interface or port */
   res = bindlocal(conn, sockfd, addr.family);
   if(res) {
-    sclose(sockfd); /* close socket and bail out */
+    Curl_closesocket(conn, sockfd); /* close socket and bail out */
     return res;
   }
 
@@ -970,7 +970,7 @@ singleipconnect(struct connectdata *conn,
 #endif
       rc = waitconnect(conn, sockfd, timeout_ms);
       if(WAITCONN_ABORTED == rc) {
-        sclose(sockfd);
+        Curl_closesocket(conn, sockfd);
         return CURLE_ABORTED_BY_CALLBACK;
       }
       break;
@@ -1011,7 +1011,7 @@ singleipconnect(struct connectdata *conn,
   }
 
   /* connect failed or timed out */
-  sclose(sockfd);
+  Curl_closesocket(conn, sockfd);
 
   return CURLE_OK;
 }
@@ -1067,8 +1067,8 @@ CURLcode Curl_connecthost(struct connectdata *conn,  /* context */
   /*
    * Connecting with a Curl_addrinfo chain
    */
-  for (curr_addr = ai, aliasindex=0; curr_addr;
-       curr_addr = curr_addr->ai_next, aliasindex++) {
+  for(curr_addr = ai, aliasindex=0; curr_addr;
+      curr_addr = curr_addr->ai_next, aliasindex++) {
 
     /* start connecting to the IP curr_addr points to */
     CURLcode res =
@@ -1157,3 +1157,17 @@ curl_socket_t Curl_getconnectinfo(struct SessionHandle *data,
 
   return sockfd;
 }
+
+/*
+ * Close a socket.
+ *
+ * 'conn' can be NULL, beware!
+ */
+int Curl_closesocket(struct connectdata *conn,
+                     curl_socket_t sock)
+{
+  if(conn && conn->fclosesocket)
+    return conn->fclosesocket(conn->closesocket_client, sock);
+  else
+    return sclose(sock);
+}

lib/connect.h

@@ -1,5 +1,5 @@
-#ifndef __CONNECT_H
-#define __CONNECT_H
+#ifndef HEADER_CURL_CONNECT_H
+#define HEADER_CURL_CONNECT_H
 /***************************************************************************
  *                                  _   _ ____  _
  *  Project                     ___| | | |  _ \| |
@@ -21,6 +21,7 @@
  * KIND, either express or implied.
  *
  ***************************************************************************/
+#include "setup.h"
 
 #include "nonblock.h" /* for curlx_nonblock(), formerly Curl_nonblock() */
 
@@ -52,7 +53,7 @@ long Curl_timeleft(struct SessionHandle *data,
 curl_socket_t Curl_getconnectinfo(struct SessionHandle *data,
                                   struct connectdata **connp);
 
-#ifdef WIN32
+#ifdef USE_WINSOCK
 /* When you run a program that uses the Windows Sockets API, you may
    experience slow performance when you copy data to a TCP server.
 
@@ -64,11 +65,11 @@ curl_socket_t Curl_getconnectinfo(struct SessionHandle *data,
 */
 void Curl_sndbufset(curl_socket_t sockfd);
 #else
-#define Curl_sndbufset(y)
+#define Curl_sndbufset(y) Curl_nop_stmt
 #endif
 
 void Curl_updateconninfo(struct connectdata *conn, curl_socket_t sockfd);
-
 void Curl_persistconninfo(struct connectdata *conn);
+int Curl_closesocket(struct connectdata *conn, curl_socket_t sock);
 
-#endif
+#endif /* HEADER_CURL_CONNECT_H */

lib/content_encoding.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -24,9 +24,6 @@
 
 #ifdef HAVE_LIBZ
 
-#include <stdlib.h>
-#include <string.h>
-
 #include "urldata.h"
 #include <curl/curl.h>
 #include "sendf.h"
@@ -52,6 +49,21 @@
 #define COMMENT      0x10 /* bit 4 set: file comment present */
 #define RESERVED     0xE0 /* bits 5..7: reserved */
 
+static voidpf
+zalloc_cb(voidpf opaque, unsigned int items, unsigned int size)
+{
+  (void) opaque;
+  /* not a typo, keep it calloc() */
+  return (voidpf) calloc(items, size);
+}
+
+static void
+zfree_cb(voidpf opaque, voidpf ptr)
+{
+  (void) opaque;
+  free(ptr);
+}
+
 static CURLcode
 process_zlib_error(struct connectdata *conn, z_stream *z)
 {
@@ -95,7 +107,7 @@ inflate_stream(struct connectdata *conn,
 
   /* because the buffer size is fixed, iteratively decompress and transfer to
      the client via client_write. */
-  for (;;) {
+  for(;;) {
     /* (re)set buffer for decompressed output for every iteration */
     z->next_out = (Bytef *)decomp;
     z->avail_out = DSIZ;
@@ -161,11 +173,10 @@ Curl_unencode_deflate_write(struct connectdata *conn,
 
   /* Initialize zlib? */
   if(k->zlib_init == ZLIB_UNINIT) {
-    z->zalloc = (alloc_func)Z_NULL;
-    z->zfree = (free_func)Z_NULL;
-    z->opaque = 0;
-    z->next_in = NULL;
-    z->avail_in = 0;
+    memset(z, 0, sizeof(z_stream));
+    z->zalloc = (alloc_func)zalloc_cb;
+    z->zfree = (free_func)zfree_cb;
+
     if(inflateInit(z) != Z_OK)
       return process_zlib_error(conn, z);
     k->zlib_init = ZLIB_INIT;
@@ -272,11 +283,9 @@ Curl_unencode_gzip_write(struct connectdata *conn,
 
   /* Initialize zlib? */
   if(k->zlib_init == ZLIB_UNINIT) {
-    z->zalloc = (alloc_func)Z_NULL;
-    z->zfree = (free_func)Z_NULL;
-    z->opaque = 0;
-    z->next_in = NULL;
-    z->avail_in = 0;
+    memset(z, 0, sizeof(z_stream));
+    z->zalloc = (alloc_func)zalloc_cb;
+    z->zfree = (free_func)zfree_cb;
 
     if(strcmp(zlibVersion(), "1.2.0.4") >= 0) {
       /* zlib ver. >= 1.2.0.4 supports transparent gzip decompressing */

lib/content_encoding.h

@@ -1,5 +1,5 @@
-#ifndef __CURL_CONTENT_ENCODING_H
-#define __CURL_CONTENT_ENCODING_H
+#ifndef HEADER_CURL_CONTENT_ENCODING_H
+#define HEADER_CURL_CONTENT_ENCODING_H
 /***************************************************************************
  *                                  _   _ ____  _
  *  Project                     ___| | | |  _ \| |
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -32,7 +32,7 @@
 void Curl_unencode_cleanup(struct connectdata *conn);
 #else
 #define ALL_CONTENT_ENCODINGS "identity"
-#define Curl_unencode_cleanup(x)
+#define Curl_unencode_cleanup(x) Curl_nop_stmt
 #endif
 
 CURLcode Curl_unencode_deflate_write(struct connectdata *conn,
@@ -45,4 +45,4 @@ Curl_unencode_gzip_write(struct connectdata *conn,
                          ssize_t nread);
 
 
-#endif
+#endif /* HEADER_CURL_CONTENT_ENCODING_H */

lib/cookie.c

@@ -81,10 +81,7 @@ Example set of cookies:
 
 #if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES)
 
-#include <stdlib.h>
-#include <string.h>
-
-#define _MPRINTF_REPLACE /* without this on windows OS we get undefined reference to snprintf */
+#define _MPRINTF_REPLACE
 #include <curl/mprintf.h>
 
 #include "urldata.h"
@@ -101,7 +98,6 @@ Example set of cookies:
 /* The last #include file should be: */
 #include "memdebug.h"
 
-
 static void freecookie(struct Cookie *co)
 {
   if(co->expirestr)
@@ -130,7 +126,7 @@ static bool tailmatch(const char *little, const char *bigone)
   if(littlelen > biglen)
     return FALSE;
 
-  return (bool)Curl_raw_equal(little, bigone+biglen-littlelen);
+  return Curl_raw_equal(little, bigone+biglen-littlelen) ? TRUE : FALSE;
 }
 
 /*
@@ -210,7 +206,6 @@ Curl_cookie_add(struct SessionHandle *data,
   if(httpheader) {
     /* This line was read off a HTTP-header */
     const char *ptr;
-    const char *sep;
     const char *semiptr;
     char *what;
 
@@ -227,185 +222,186 @@ Curl_cookie_add(struct SessionHandle *data,
 
     ptr = lineptr;
     do {
-      /* we have a <what>=<this> pair or a 'secure' word here */
-      sep = strchr(ptr, '=');
-      if(sep && (!semiptr || (semiptr>sep)) ) {
-        /*
-         * There is a = sign and if there was a semicolon too, which make sure
-         * that the semicolon comes _after_ the equal sign.
-         */
+      /* we have a <what>=<this> pair or a stand-alone word here */
+      name[0]=what[0]=0; /* init the buffers */
+      if(1 <= sscanf(ptr, "%" MAX_NAME_TXT "[^;\r\n =]=%"
+                     MAX_COOKIE_LINE_TXT "[^;\r\n]",
+                     name, what)) {
+        /* Use strstore() below to properly deal with received cookie
+           headers that have the same string property set more than once,
+           and then we use the last one. */
+        const char *whatptr;
+        bool done = FALSE;
+        bool sep;
+        size_t len=strlen(what);
+        const char *endofn = &ptr[ strlen(name) ];
 
-        name[0]=what[0]=0; /* init the buffers */
-        if(1 <= sscanf(ptr, "%" MAX_NAME_TXT "[^;=]=%"
-                       MAX_COOKIE_LINE_TXT "[^;\r\n]",
-                       name, what)) {
-          /* this is a <name>=<what> pair. We use strstore() below to properly
-             deal with received cookie headers that have the same string
-             property set more than once, and then we use the last one. */
+        /* skip trailing spaces in name */
+        while(*endofn && ISBLANK(*endofn))
+          endofn++;
 
-          const char *whatptr;
+        /* name ends with a '=' ? */
+        sep = (*endofn == '=')?TRUE:FALSE;
 
-          /* Strip off trailing whitespace from the 'what' */
-          size_t len=strlen(what);
-          while(len && ISBLANK(what[len-1])) {
-            what[len-1]=0;
-            len--;
+        /* Strip off trailing whitespace from the 'what' */
+        while(len && ISBLANK(what[len-1])) {
+          what[len-1]=0;
+          len--;
+        }
+
+        /* Skip leading whitespace from the 'what' */
+        whatptr=what;
+        while(*whatptr && ISBLANK(*whatptr))
+          whatptr++;
+
+        if(!len) {
+          /* this was a "<name>=" with no content, and we must allow
+             'secure' and 'httponly' specified this weirdly */
+          done = TRUE;
+          if(Curl_raw_equal("secure", name))
+            co->secure = TRUE;
+          else if(Curl_raw_equal("httponly", name))
+            co->httponly = TRUE;
+          else if(sep)
+            /* there was a '=' so we're not done parsing this field */
+            done = FALSE;
+        }
+        if(done)
+          ;
+        else if(Curl_raw_equal("path", name)) {
+          strstore(&co->path, whatptr);
+          if(!co->path) {
+            badcookie = TRUE; /* out of memory bad */
+            break;
           }
+        }
+        else if(Curl_raw_equal("domain", name)) {
+          /* note that this name may or may not have a preceding dot, but
+             we don't care about that, we treat the names the same anyway */
 
-          /* Skip leading whitespace from the 'what' */
-          whatptr=what;
-          while(*whatptr && ISBLANK(*whatptr)) {
-            whatptr++;
-          }
+          const char *domptr=whatptr;
+          const char *nextptr;
+          int dotcount=1;
 
-          if(Curl_raw_equal("path", name)) {
-            strstore(&co->path, whatptr);
-            if(!co->path) {
-              badcookie = TRUE; /* out of memory bad */
-              break;
+          /* Count the dots, we need to make sure that there are enough
+             of them. */
+
+          if('.' == whatptr[0])
+            /* don't count the initial dot, assume it */
+            domptr++;
+
+          do {
+            nextptr = strchr(domptr, '.');
+            if(nextptr) {
+              if(domptr != nextptr)
+                dotcount++;
+              domptr = nextptr+1;
             }
+          } while(nextptr);
+
+          /* The original Netscape cookie spec defined that this domain name
+             MUST have three dots (or two if one of the seven holy TLDs),
+             but it seems that these kinds of cookies are in use "out there"
+             so we cannot be that strict. I've therefore lowered the check
+             to not allow less than two dots. */
+
+          if(dotcount < 2) {
+            /* Received and skipped a cookie with a domain using too few
+               dots. */
+            badcookie=TRUE; /* mark this as a bad cookie */
+            infof(data, "skipped cookie with illegal dotcount domain: %s\n",
+                  whatptr);
           }
-          else if(Curl_raw_equal("domain", name)) {
-            /* note that this name may or may not have a preceeding dot, but
-               we don't care about that, we treat the names the same anyway */
-
-            const char *domptr=whatptr;
-            const char *nextptr;
-            int dotcount=1;
-
-            /* Count the dots, we need to make sure that there are enough
-               of them. */
+          else {
+            /* Now, we make sure that our host is within the given domain,
+               or the given domain is not valid and thus cannot be set. */
 
             if('.' == whatptr[0])
-              /* don't count the initial dot, assume it */
-              domptr++;
+              whatptr++; /* ignore preceding dot */
 
-            do {
-              nextptr = strchr(domptr, '.');
-              if(nextptr) {
-                if(domptr != nextptr)
-                  dotcount++;
-                domptr = nextptr+1;
+            if(!domain || tailmatch(whatptr, domain)) {
+              const char *tailptr=whatptr;
+              if(tailptr[0] == '.')
+                tailptr++;
+              strstore(&co->domain, tailptr); /* don't prefix w/dots
+                                                 internally */
+              if(!co->domain) {
+                badcookie = TRUE;
+                break;
               }
-            } while(nextptr);
-
-            /* The original Netscape cookie spec defined that this domain name
-               MUST have three dots (or two if one of the seven holy TLDs),
-               but it seems that these kinds of cookies are in use "out there"
-               so we cannot be that strict. I've therefore lowered the check
-               to not allow less than two dots. */
-
-            if(dotcount < 2) {
-              /* Received and skipped a cookie with a domain using too few
-                 dots. */
-              badcookie=TRUE; /* mark this as a bad cookie */
-              infof(data, "skipped cookie with illegal dotcount domain: %s\n",
-                    whatptr);
+              co->tailmatch=TRUE; /* we always do that if the domain name was
+                                     given */
             }
             else {
-              /* Now, we make sure that our host is within the given domain,
-                 or the given domain is not valid and thus cannot be set. */
-
-              if('.' == whatptr[0])
-                whatptr++; /* ignore preceeding dot */
-
-              if(!domain || tailmatch(whatptr, domain)) {
-                const char *tailptr=whatptr;
-                if(tailptr[0] == '.')
-                  tailptr++;
-                strstore(&co->domain, tailptr); /* don't prefix w/dots
-                                                   internally */
-                if(!co->domain) {
-                  badcookie = TRUE;
-                  break;
-                }
-                co->tailmatch=TRUE; /* we always do that if the domain name was
-                                       given */
-              }
-              else {
-                /* we did not get a tailmatch and then the attempted set domain
-                   is not a domain to which the current host belongs. Mark as
-                   bad. */
-                badcookie=TRUE;
-                infof(data, "skipped cookie with bad tailmatch domain: %s\n",
-                      whatptr);
-              }
+              /* we did not get a tailmatch and then the attempted set domain
+                 is not a domain to which the current host belongs. Mark as
+                 bad. */
+              badcookie=TRUE;
+              infof(data, "skipped cookie with bad tailmatch domain: %s\n",
+                    whatptr);
             }
           }
-          else if(Curl_raw_equal("version", name)) {
-            strstore(&co->version, whatptr);
-            if(!co->version) {
-              badcookie = TRUE;
-              break;
-            }
-          }
-          else if(Curl_raw_equal("max-age", name)) {
-            /* Defined in RFC2109:
-
-               Optional.  The Max-Age attribute defines the lifetime of the
-               cookie, in seconds.  The delta-seconds value is a decimal non-
-               negative integer.  After delta-seconds seconds elapse, the
-               client should discard the cookie.  A value of zero means the
-               cookie should be discarded immediately.
-
-             */
-            strstore(&co->maxage, whatptr);
-            if(!co->maxage) {
-              badcookie = TRUE;
-              break;
-            }
-            co->expires =
-              strtol((*co->maxage=='\"')?&co->maxage[1]:&co->maxage[0],NULL,10)
-                + (long)now;
-          }
-          else if(Curl_raw_equal("expires", name)) {
-            strstore(&co->expirestr, whatptr);
-            if(!co->expirestr) {
-              badcookie = TRUE;
-              break;
-            }
-            /* Note that if the date couldn't get parsed for whatever reason,
-               the cookie will be treated as a session cookie */
-            co->expires = curl_getdate(what, &now);
-
-            /* Session cookies have expires set to 0 so if we get that back
-               from the date parser let's add a second to make it a
-               non-session cookie */
-            if (co->expires == 0)
-              co->expires = 1;
-            else if( co->expires < 0 )
-                co->expires = 0;
-          }
-          else if(!co->name) {
-            co->name = strdup(name);
-            co->value = strdup(whatptr);
-            if(!co->name || !co->value) {
-              badcookie = TRUE;
-              break;
-            }
-          }
-          /*
-            else this is the second (or more) name we don't know
-            about! */
         }
-        else {
-          /* this is an "illegal" <what>=<this> pair */
+        else if(Curl_raw_equal("version", name)) {
+          strstore(&co->version, whatptr);
+          if(!co->version) {
+            badcookie = TRUE;
+            break;
+          }
         }
+        else if(Curl_raw_equal("max-age", name)) {
+          /* Defined in RFC2109:
+
+             Optional.  The Max-Age attribute defines the lifetime of the
+             cookie, in seconds.  The delta-seconds value is a decimal non-
+             negative integer.  After delta-seconds seconds elapse, the
+             client should discard the cookie.  A value of zero means the
+             cookie should be discarded immediately.
+
+          */
+          strstore(&co->maxage, whatptr);
+          if(!co->maxage) {
+            badcookie = TRUE;
+            break;
+          }
+          co->expires =
+            strtol((*co->maxage=='\"')?&co->maxage[1]:&co->maxage[0],NULL,10)
+            + (long)now;
+        }
+        else if(Curl_raw_equal("expires", name)) {
+          strstore(&co->expirestr, whatptr);
+          if(!co->expirestr) {
+            badcookie = TRUE;
+            break;
+          }
+          /* Note that if the date couldn't get parsed for whatever reason,
+             the cookie will be treated as a session cookie */
+          co->expires = curl_getdate(what, &now);
+
+          /* Session cookies have expires set to 0 so if we get that back
+             from the date parser let's add a second to make it a
+             non-session cookie */
+          if(co->expires == 0)
+            co->expires = 1;
+          else if(co->expires < 0)
+            co->expires = 0;
+        }
+        else if(!co->name) {
+          co->name = strdup(name);
+          co->value = strdup(whatptr);
+          if(!co->name || !co->value) {
+            badcookie = TRUE;
+            break;
+          }
+        }
+        /*
+          else this is the second (or more) name we don't know
+          about! */
       }
       else {
-        if(sscanf(ptr, "%" MAX_COOKIE_LINE_TXT "[^;\r\n]",
-                  what)) {
-          if(Curl_raw_equal("secure", what)) {
-            co->secure = TRUE;
-          }
-          else if (Curl_raw_equal("httponly", what)) {
-            co->httponly = TRUE;
-          }
-          /* else,
-             unsupported keyword without assign! */
-
-        }
+        /* this is an "illegal" <what>=<this> pair */
       }
+
       if(!semiptr || !*semiptr) {
         /* we already know there are no more cookies */
         semiptr = NULL;
@@ -479,10 +475,10 @@ Curl_cookie_add(struct SessionHandle *data,
        marked with httpOnly after the domain name are not accessible
        from javascripts, but since curl does not operate at javascript
        level, we include them anyway. In Firefox's cookie files, these
-       lines are preceeded with #HttpOnly_ and then everything is
+       lines are preceded with #HttpOnly_ and then everything is
        as usual, so we skip 10 characters of the line..
     */
-    if (strncmp(lineptr, "#HttpOnly_", 10) == 0) {
+    if(strncmp(lineptr, "#HttpOnly_", 10) == 0) {
       lineptr += 10;
       co->httponly = TRUE;
     }
@@ -514,7 +510,7 @@ Curl_cookie_add(struct SessionHandle *data,
         ptr=strtok_r(NULL, "\t", &tok_buf), fields++) {
       switch(fields) {
       case 0:
-        if(ptr[0]=='.') /* skip preceeding dots */
+        if(ptr[0]=='.') /* skip preceding dots */
           ptr++;
         co->domain = strdup(ptr);
         if(!co->domain)
@@ -531,7 +527,7 @@ Curl_cookie_add(struct SessionHandle *data,
            As far as I can see, it is set to true when the cookie says
            .domain.com and to false when the domain is complete www.domain.com
         */
-        co->tailmatch=(bool)Curl_raw_equal(ptr, "TRUE"); /* store information */
+        co->tailmatch = Curl_raw_equal(ptr, "TRUE")?TRUE:FALSE;
         break;
       case 2:
         /* It turns out, that sometimes the file format allows the path
@@ -551,7 +547,7 @@ Curl_cookie_add(struct SessionHandle *data,
         fields++; /* add a field and fall down to secure */
         /* FALLTHROUGH */
       case 3:
-        co->secure = (bool)Curl_raw_equal(ptr, "TRUE");
+        co->secure = Curl_raw_equal(ptr, "TRUE")?TRUE:FALSE;
         break;
       case 4:
         co->expires = curlx_strtoofft(ptr, NULL, 10);
@@ -819,8 +815,8 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c,
     /* only process this cookie if it is not expired or had no expire
        date AND that if the cookie requires we're secure we must only
        continue if we are! */
-    if( (!co->expires || (co->expires > now)) &&
-        (co->secure?secure:TRUE) ) {
+    if((!co->expires || (co->expires > now)) &&
+       (co->secure?secure:TRUE)) {
 
       /* now check if the domain is correct */
       if(!co->domain ||
@@ -877,7 +873,7 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c,
     size_t i;
 
     /* alloc an array and store all cookie pointers */
-    array = (struct Cookie **)malloc(sizeof(struct Cookie *) * matches);
+    array = malloc(sizeof(struct Cookie *) * matches);
     if(!array)
       goto fail;
 
@@ -1040,14 +1036,14 @@ static char *get_netscape_format(const struct Cookie *co)
 }
 
 /*
- * Curl_cookie_output()
+ * cookie_output()
  *
  * Writes all internally known cookies to the specified file. Specify
  * "-" as file name to write to stdout.
  *
  * The function returns non-zero on write failure.
  */
-int Curl_cookie_output(struct CookieInfo *c, const char *dumphere)
+static int cookie_output(struct CookieInfo *c, const char *dumphere)
 {
   struct Cookie *co;
   FILE *out;
@@ -1147,7 +1143,7 @@ void Curl_flush_cookies(struct SessionHandle *data, int cleanup)
     Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE);
 
     /* if we have a destination file for all the cookies to get dumped to */
-    if(Curl_cookie_output(data->cookies, data->set.str[STRING_COOKIEJAR]))
+    if(cookie_output(data->cookies, data->set.str[STRING_COOKIEJAR]))
       infof(data, "WARNING: failed to save cookies in %s\n",
             data->set.str[STRING_COOKIEJAR]);
   }

lib/cookie.h

@@ -1,5 +1,5 @@
-#ifndef __COOKIE_H
-#define __COOKIE_H
+#ifndef HEADER_CURL_COOKIE_H
+#define HEADER_CURL_COOKIE_H
 /***************************************************************************
  *                                  _   _ ____  _
  *  Project                     ___| | | |  _ \| |
@@ -21,15 +21,7 @@
  * KIND, either express or implied.
  *
  ***************************************************************************/
-
-#include <stdio.h>
-#if defined(WIN32)
-#include <time.h>
-#else
-#ifdef HAVE_SYS_TIME_H
-#include <sys/time.h>
-#endif
-#endif
+#include "setup.h"
 
 #include <curl/curl.h>
 
@@ -92,14 +84,13 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *, const char *,
 void Curl_cookie_freelist(struct Cookie *cookies, bool cookiestoo);
 void Curl_cookie_clearall(struct CookieInfo *cookies);
 void Curl_cookie_clearsess(struct CookieInfo *cookies);
-int Curl_cookie_output(struct CookieInfo *, const char *);
 
 #if defined(CURL_DISABLE_HTTP) || defined(CURL_DISABLE_COOKIES)
 #define Curl_cookie_list(x) NULL
-#define Curl_cookie_loadfiles(x) do { } while (0)
+#define Curl_cookie_loadfiles(x) Curl_nop_stmt
 #define Curl_cookie_init(x,y,z,w) NULL
-#define Curl_cookie_cleanup(x)
-#define Curl_flush_cookies(x,y)
+#define Curl_cookie_cleanup(x) Curl_nop_stmt
+#define Curl_flush_cookies(x,y) Curl_nop_stmt
 #else
 void Curl_flush_cookies(struct SessionHandle *data, int cleanup);
 void Curl_cookie_cleanup(struct CookieInfo *);
@@ -109,4 +100,4 @@ struct curl_slist *Curl_cookie_list(struct SessionHandle *data);
 void Curl_cookie_loadfiles(struct SessionHandle *data);
 #endif
 
-#endif
+#endif /* HEADER_CURL_COOKIE_H */

lib/curl_addrinfo.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -40,7 +40,6 @@
 #ifdef __VMS
 #  include <in.h>
 #  include <inet.h>
-#  include <stdlib.h>
 #endif
 
 #if defined(NETWARE) && defined(__NOVELL_LIBC__)
@@ -50,6 +49,7 @@
 
 #include "curl_addrinfo.h"
 #include "inet_pton.h"
+#include "warnless.h"
 
 #define _MPRINTF_REPLACE /* use our functions only */
 #include <curl/mprintf.h>
@@ -294,7 +294,7 @@ Curl_he2ai(const struct hostent *he, int port)
 
     size_t ss_size;
 #ifdef ENABLE_IPV6
-    if (he->h_addrtype == AF_INET6)
+    if(he->h_addrtype == AF_INET6)
       ss_size = sizeof (struct sockaddr_in6);
     else
 #endif
@@ -486,7 +486,7 @@ Curl_addrinfo *Curl_str2addr(char *address, int port)
  *
  * This is strictly for memory tracing and are using the same style as the
  * family otherwise present in memdebug.c. I put these ones here since they
- * require a bunch of structs I didn't wanna include in memdebug.c
+ * require a bunch of structs I didn't want to include in memdebug.c
  */
 
 void
@@ -506,7 +506,7 @@ curl_dofreeaddrinfo(struct addrinfo *freethis,
  *
  * This is strictly for memory tracing and are using the same style as the
  * family otherwise present in memdebug.c. I put these ones here since they
- * require a bunch of structs I didn't wanna include in memdebug.c
+ * require a bunch of structs I didn't want to include in memdebug.c
  */
 
 int

lib/curl_base64.h

@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -22,10 +22,11 @@
  *
  ***************************************************************************/
 
-size_t Curl_base64_encode(struct SessionHandle *data,
-                          const char *inputbuff, size_t insize,
-                          char **outptr);
+CURLcode Curl_base64_encode(struct SessionHandle *data,
+                            const char *inputbuff, size_t insize,
+                            char **outptr, size_t *outlen);
 
-size_t Curl_base64_decode(const char *src, unsigned char **outptr);
+CURLcode Curl_base64_decode(const char *src,
+                            unsigned char **outptr, size_t *outlen);
 
 #endif /* HEADER_CURL_BASE64_H */

lib/curl_config.h.cmake

@@ -1,8 +1,5 @@
 /* lib/curl_config.h.in.  Generated from configure.ac by autoheader.  */
 
-/* Define to 1 if you have the $func function. */
-#cmakedefine AS_TR_CPP ${AS_TR_CPP}
-
 /* when building libcurl itself */
 #cmakedefine BUILDING_LIBCURL ${BUILDING_LIBCURL}
 

lib/curl_fnmatch.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -317,7 +317,7 @@ static int loop(const unsigned char *pattern, const unsigned char *string)
   unsigned char charset[CURLFNM_CHSET_SIZE] = { 0 };
   int rc = 0;
 
-  for (;;) {
+  for(;;) {
     switch(state) {
     case CURLFNM_LOOP_DEFAULT:
       if(*p == '*') {
@@ -413,6 +413,9 @@ static int loop(const unsigned char *pattern, const unsigned char *string)
   }
 }
 
+/*
+ * @unittest: 1307
+ */
 int Curl_fnmatch(void *ptr, const char *pattern, const char *string)
 {
   (void)ptr; /* the argument is specified by the curl_fnmatch_callback

lib/curl_gssapi.c

@@ -0,0 +1,69 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "setup.h"
+
+#ifdef HAVE_GSSAPI
+
+#include "curl_gssapi.h"
+#include "sendf.h"
+
+OM_uint32 Curl_gss_init_sec_context(
+    struct SessionHandle *data,
+    OM_uint32 * minor_status,
+    gss_ctx_id_t * context,
+    gss_name_t target_name,
+    gss_channel_bindings_t input_chan_bindings,
+    gss_buffer_t input_token,
+    gss_buffer_t output_token,
+    OM_uint32 * ret_flags)
+{
+  OM_uint32 req_flags = GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG;
+
+  if(data->set.gssapi_delegation & CURLGSSAPI_DELEGATION_POLICY_FLAG) {
+#ifdef GSS_C_DELEG_POLICY_FLAG
+    req_flags |= GSS_C_DELEG_POLICY_FLAG;
+#else
+    infof(data, "warning: support for CURLGSSAPI_DELEGATION_POLICY_FLAG not "
+        "compiled in\n");
+#endif
+  }
+
+  if(data->set.gssapi_delegation & CURLGSSAPI_DELEGATION_FLAG)
+    req_flags |= GSS_C_DELEG_FLAG;
+
+  return gss_init_sec_context(minor_status,
+                              GSS_C_NO_CREDENTIAL, /* cred_handle */
+                              context,
+                              target_name,
+                              GSS_C_NO_OID, /* mech_type */
+                              req_flags,
+                              0, /* time_req */
+                              input_chan_bindings,
+                              input_token,
+                              NULL, /* actual_mech_type */
+                              output_token,
+                              ret_flags,
+                              NULL /* time_rec */);
+}
+
+#endif /* HAVE_GSSAPI */

lib/curl_gssapi.h

@@ -0,0 +1,57 @@
+#ifndef HEADER_CURL_GSSAPI_H
+#define HEADER_CURL_GSSAPI_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "setup.h"
+#include "urldata.h"
+
+#ifdef HAVE_GSSAPI
+
+#ifdef HAVE_GSSGNU
+#  include <gss.h>
+#elif defined HAVE_GSSMIT
+   /* MIT style */
+#  include <gssapi/gssapi.h>
+#  include <gssapi/gssapi_generic.h>
+#  include <gssapi/gssapi_krb5.h>
+#else
+   /* Heimdal-style */
+#  include <gssapi.h>
+#endif
+
+
+/* Common method for using gss api */
+
+OM_uint32 Curl_gss_init_sec_context(
+    struct SessionHandle *data,
+    OM_uint32 * minor_status,
+    gss_ctx_id_t * context,
+    gss_name_t target_name,
+    gss_channel_bindings_t input_chan_bindings,
+    gss_buffer_t input_token,
+    gss_buffer_t output_token,
+    OM_uint32 * ret_flags);
+
+#endif /* HAVE_GSSAPI */
+
+#endif /* HEADER_CURL_GSSAPI_H */

lib/curl_memrchr.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -50,8 +50,8 @@ Curl_memrchr(const void *s, int c, size_t n)
 
   p += n - 1;
 
-  while (p >= q) {
-    if (*p == (unsigned char)c)
+  while(p >= q) {
+    if(*p == (unsigned char)c)
       return (void *)p;
     p--;
   }

lib/curl_ntlm.c

@@ -0,0 +1,235 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "setup.h"
+
+#ifdef USE_NTLM
+
+/*
+ * NTLM details:
+ *
+ * http://davenport.sourceforge.net/ntlm.html
+ * http://www.innovation.ch/java/ntlm.html
+ */
+
+#define DEBUG_ME 0
+
+#include "urldata.h"
+#include "sendf.h"
+#include "rawstr.h"
+#include "curl_ntlm.h"
+#include "curl_ntlm_msgs.h"
+#include "curl_ntlm_wb.h"
+#include "url.h"
+#include "curl_memory.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+#if defined(USE_NSS)
+#include "nssg.h"
+#elif defined(USE_WINDOWS_SSPI)
+#include "curl_sspi.h"
+#endif
+
+/* The last #include file should be: */
+#include "memdebug.h"
+
+#if DEBUG_ME
+# define DEBUG_OUT(x) x
+#else
+# define DEBUG_OUT(x) Curl_nop_stmt
+#endif
+
+CURLcode Curl_input_ntlm(struct connectdata *conn,
+                         bool proxy,         /* if proxy or not */
+                         const char *header) /* rest of the www-authenticate:
+                                                header */
+{
+  /* point to the correct struct with this */
+  struct ntlmdata *ntlm;
+  CURLcode result = CURLE_OK;
+
+#ifdef USE_NSS
+  result = Curl_nss_force_init(conn->data);
+  if(result)
+    return result;
+#endif
+
+  ntlm = proxy ? &conn->proxyntlm : &conn->ntlm;
+
+  /* skip initial whitespaces */
+  while(*header && ISSPACE(*header))
+    header++;
+
+  if(checkprefix("NTLM", header)) {
+    header += strlen("NTLM");
+
+    while(*header && ISSPACE(*header))
+      header++;
+
+    if(*header) {
+      result = Curl_ntlm_decode_type2_message(conn->data, header, ntlm);
+      if(CURLE_OK != result)
+        return result;
+
+      ntlm->state = NTLMSTATE_TYPE2; /* We got a type-2 message */
+    }
+    else {
+      if(ntlm->state >= NTLMSTATE_TYPE1) {
+        infof(conn->data, "NTLM handshake failure (internal error)\n");
+        return CURLE_REMOTE_ACCESS_DENIED;
+      }
+
+      ntlm->state = NTLMSTATE_TYPE1; /* We should send away a type-1 */
+    }
+  }
+
+  return result;
+}
+
+/*
+ * This is for creating ntlm header output
+ */
+CURLcode Curl_output_ntlm(struct connectdata *conn,
+                          bool proxy)
+{
+  char *base64 = NULL;
+  CURLcode error;
+
+  /* point to the address of the pointer that holds the string to send to the
+     server, which is for a plain host or for a HTTP proxy */
+  char **allocuserpwd;
+
+  /* point to the name and password for this */
+  const char *userp;
+  const char *passwdp;
+
+  /* point to the correct struct with this */
+  struct ntlmdata *ntlm;
+  struct auth *authp;
+
+  DEBUGASSERT(conn);
+  DEBUGASSERT(conn->data);
+
+#ifdef USE_NSS
+  if(CURLE_OK != Curl_nss_force_init(conn->data))
+    return CURLE_OUT_OF_MEMORY;
+#endif
+
+  if(proxy) {
+    allocuserpwd = &conn->allocptr.proxyuserpwd;
+    userp = conn->proxyuser;
+    passwdp = conn->proxypasswd;
+    ntlm = &conn->proxyntlm;
+    authp = &conn->data->state.authproxy;
+  }
+  else {
+    allocuserpwd = &conn->allocptr.userpwd;
+    userp = conn->user;
+    passwdp = conn->passwd;
+    ntlm = &conn->ntlm;
+    authp = &conn->data->state.authhost;
+  }
+  authp->done = FALSE;
+
+  /* not set means empty */
+  if(!userp)
+    userp = "";
+
+  if(!passwdp)
+    passwdp = "";
+
+#ifdef USE_WINDOWS_SSPI
+  if(s_hSecDll == NULL) {
+    /* not thread safe and leaks - use curl_global_init() to avoid */
+    CURLcode err = Curl_sspi_global_init();
+    if(s_hSecDll == NULL)
+      return err;
+  }
+#endif
+
+  switch(ntlm->state) {
+  case NTLMSTATE_TYPE1:
+  default: /* for the weird cases we (re)start here */
+    /* Create a type-1 message */
+    error = Curl_ntlm_create_type1_message(userp, passwdp, ntlm, &base64);
+    if(error)
+      return error;
+
+    if(base64) {
+      Curl_safefree(*allocuserpwd);
+      *allocuserpwd = aprintf("%sAuthorization: NTLM %s\r\n",
+                              proxy ? "Proxy-" : "",
+                              base64);
+      DEBUG_OUT(fprintf(stderr, "**** Header %s\n ", *allocuserpwd));
+      free(base64);
+    }
+    break;
+
+  case NTLMSTATE_TYPE2:
+    /* We already received the type-2 message, create a type-3 message */
+    error = Curl_ntlm_create_type3_message(conn->data, userp, passwdp,
+                                           ntlm, &base64);
+    if(error)
+      return error;
+
+    if(base64) {
+      Curl_safefree(*allocuserpwd);
+      *allocuserpwd = aprintf("%sAuthorization: NTLM %s\r\n",
+                              proxy ? "Proxy-" : "",
+                              base64);
+      DEBUG_OUT(fprintf(stderr, "**** %s\n ", *allocuserpwd));
+      free(base64);
+
+      ntlm->state = NTLMSTATE_TYPE3; /* we send a type-3 */
+      authp->done = TRUE;
+    }
+    break;
+
+  case NTLMSTATE_TYPE3:
+    /* connection is already authenticated,
+     * don't send a header in future requests */
+    if(*allocuserpwd) {
+      free(*allocuserpwd);
+      *allocuserpwd = NULL;
+    }
+    authp->done = TRUE;
+    break;
+  }
+
+  return CURLE_OK;
+}
+
+void Curl_http_ntlm_cleanup(struct connectdata *conn)
+{
+#ifdef USE_WINDOWS_SSPI
+  Curl_ntlm_sspi_cleanup(&conn->ntlm);
+  Curl_ntlm_sspi_cleanup(&conn->proxyntlm);
+#elif defined(NTLM_WB_ENABLED)
+  Curl_ntlm_wb_cleanup(conn);
+#else
+  (void)conn;
+#endif
+}
+
+#endif /* USE_NTLM */

lib/curl_ntlm.h

@@ -0,0 +1,44 @@
+#ifndef HEADER_CURL_NTLM_H
+#define HEADER_CURL_NTLM_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "setup.h"
+
+#ifdef USE_NTLM
+
+/* this is for ntlm header input */
+CURLcode Curl_input_ntlm(struct connectdata *conn, bool proxy,
+                         const char *header);
+
+/* this is for creating ntlm header output */
+CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy);
+
+void Curl_http_ntlm_cleanup(struct connectdata *conn);
+
+#else
+
+#define Curl_http_ntlm_cleanup(a) Curl_nop_stmt
+
+#endif
+
+#endif /* HEADER_CURL_NTLM_H */

lib/curl_ntlm_core.c

@@ -0,0 +1,379 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "setup.h"
+
+#if defined(USE_NTLM) && !defined(USE_WINDOWS_SSPI)
+
+/*
+ * NTLM details:
+ *
+ * http://davenport.sourceforge.net/ntlm.html
+ * http://www.innovation.ch/java/ntlm.html
+ */
+
+#ifdef USE_SSLEAY
+
+#  ifdef USE_OPENSSL
+#    include <openssl/des.h>
+#    ifndef OPENSSL_NO_MD4
+#      include <openssl/md4.h>
+#    endif
+#    include <openssl/md5.h>
+#    include <openssl/ssl.h>
+#    include <openssl/rand.h>
+#  else
+#    include <des.h>
+#    ifndef OPENSSL_NO_MD4
+#      include <md4.h>
+#    endif
+#    include <md5.h>
+#    include <ssl.h>
+#    include <rand.h>
+#  endif
+#  if (OPENSSL_VERSION_NUMBER < 0x00907001L)
+#    define DES_key_schedule des_key_schedule
+#    define DES_cblock des_cblock
+#    define DES_set_odd_parity des_set_odd_parity
+#    define DES_set_key des_set_key
+#    define DES_ecb_encrypt des_ecb_encrypt
+#    define DESKEY(x) x
+#    define DESKEYARG(x) x
+#  else
+#    define DESKEYARG(x) *x
+#    define DESKEY(x) &x
+#  endif
+
+#elif defined(USE_GNUTLS)
+
+#  include <gcrypt.h>
+#  define MD5_DIGEST_LENGTH 16
+#  define MD4_DIGEST_LENGTH 16
+
+#elif defined(USE_NSS)
+
+#  include <nss.h>
+#  include <pk11pub.h>
+#  include <hasht.h>
+#  include "curl_md4.h"
+#  define MD5_DIGEST_LENGTH MD5_LENGTH
+
+#else
+#  error "Can't compile NTLM support without a crypto library."
+#endif
+
+#include "urldata.h"
+#include "non-ascii.h"
+#include "rawstr.h"
+#include "curl_memory.h"
+#include "curl_ntlm_core.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+/* The last #include file should be: */
+#include "memdebug.h"
+
+#ifdef USE_SSLEAY
+/*
+ * Turns a 56 bit key into the 64 bit, odd parity key and sets the key.  The
+ * key schedule ks is also set.
+ */
+static void setup_des_key(const unsigned char *key_56,
+                          DES_key_schedule DESKEYARG(ks))
+{
+  DES_cblock key;
+
+  key[0] = key_56[0];
+  key[1] = (unsigned char)(((key_56[0] << 7) & 0xFF) | (key_56[1] >> 1));
+  key[2] = (unsigned char)(((key_56[1] << 6) & 0xFF) | (key_56[2] >> 2));
+  key[3] = (unsigned char)(((key_56[2] << 5) & 0xFF) | (key_56[3] >> 3));
+  key[4] = (unsigned char)(((key_56[3] << 4) & 0xFF) | (key_56[4] >> 4));
+  key[5] = (unsigned char)(((key_56[4] << 3) & 0xFF) | (key_56[5] >> 5));
+  key[6] = (unsigned char)(((key_56[5] << 2) & 0xFF) | (key_56[6] >> 6));
+  key[7] = (unsigned char) ((key_56[6] << 1) & 0xFF);
+
+  DES_set_odd_parity(&key);
+  DES_set_key(&key, ks);
+}
+
+#else /* defined(USE_SSLEAY) */
+
+/*
+ * Turns a 56 bit key into the 64 bit, odd parity key.  Used by GnuTLS and NSS.
+ */
+static void extend_key_56_to_64(const unsigned char *key_56, char *key)
+{
+  key[0] = key_56[0];
+  key[1] = (unsigned char)(((key_56[0] << 7) & 0xFF) | (key_56[1] >> 1));
+  key[2] = (unsigned char)(((key_56[1] << 6) & 0xFF) | (key_56[2] >> 2));
+  key[3] = (unsigned char)(((key_56[2] << 5) & 0xFF) | (key_56[3] >> 3));
+  key[4] = (unsigned char)(((key_56[3] << 4) & 0xFF) | (key_56[4] >> 4));
+  key[5] = (unsigned char)(((key_56[4] << 3) & 0xFF) | (key_56[5] >> 5));
+  key[6] = (unsigned char)(((key_56[5] << 2) & 0xFF) | (key_56[6] >> 6));
+  key[7] = (unsigned char) ((key_56[6] << 1) & 0xFF);
+}
+
+#if defined(USE_GNUTLS)
+
+/*
+ * Turns a 56 bit key into the 64 bit, odd parity key and sets the key.
+ */
+static void setup_des_key(const unsigned char *key_56,
+                          gcry_cipher_hd_t *des)
+{
+  char key[8];
+  extend_key_56_to_64(key_56, key);
+  gcry_cipher_setkey(*des, key, 8);
+}
+
+#elif defined(USE_NSS)
+
+/*
+ * Expands a 56 bit key KEY_56 to 64 bit and encrypts 64 bit of data, using
+ * the expanded key.  The caller is responsible for giving 64 bit of valid
+ * data is IN and (at least) 64 bit large buffer as OUT.
+ */
+static bool encrypt_des(const unsigned char *in, unsigned char *out,
+                        const unsigned char *key_56)
+{
+  const CK_MECHANISM_TYPE mech = CKM_DES_ECB; /* DES cipher in ECB mode */
+  PK11SlotInfo *slot = NULL;
+  char key[8];                                /* expanded 64 bit key */
+  SECItem key_item;
+  PK11SymKey *symkey = NULL;
+  SECItem *param = NULL;
+  PK11Context *ctx = NULL;
+  int out_len;                                /* not used, required by NSS */
+  bool rv = FALSE;
+
+  /* use internal slot for DES encryption (requires NSS to be initialized) */
+  slot = PK11_GetInternalKeySlot();
+  if(!slot)
+    return FALSE;
+
+  /* expand the 56 bit key to 64 bit and wrap by NSS */
+  extend_key_56_to_64(key_56, key);
+  key_item.data = (unsigned char *)key;
+  key_item.len = /* hard-wired */ 8;
+  symkey = PK11_ImportSymKey(slot, mech, PK11_OriginUnwrap, CKA_ENCRYPT,
+                             &key_item, NULL);
+  if(!symkey)
+    goto fail;
+
+  /* create DES encryption context */
+  param = PK11_ParamFromIV(mech, /* no IV in ECB mode */ NULL);
+  if(!param)
+    goto fail;
+  ctx = PK11_CreateContextBySymKey(mech, CKA_ENCRYPT, symkey, param);
+  if(!ctx)
+    goto fail;
+
+  /* perform the encryption */
+  if(SECSuccess == PK11_CipherOp(ctx, out, &out_len, /* outbuflen */ 8,
+                                 (unsigned char *)in, /* inbuflen */ 8)
+      && SECSuccess == PK11_Finalize(ctx))
+    rv = /* all OK */ TRUE;
+
+fail:
+  /* cleanup */
+  if(ctx)
+    PK11_DestroyContext(ctx, PR_TRUE);
+  if(symkey)
+    PK11_FreeSymKey(symkey);
+  if(param)
+    SECITEM_FreeItem(param, PR_TRUE);
+  PK11_FreeSlot(slot);
+  return rv;
+}
+
+#endif /* defined(USE_NSS) */
+
+#endif /* defined(USE_SSLEAY) */
+
+ /*
+  * takes a 21 byte array and treats it as 3 56-bit DES keys. The
+  * 8 byte plaintext is encrypted with each key and the resulting 24
+  * bytes are stored in the results array.
+  */
+void Curl_ntlm_core_lm_resp(const unsigned char *keys,
+                            const unsigned char *plaintext,
+                            unsigned char *results)
+{
+#ifdef USE_SSLEAY
+  DES_key_schedule ks;
+
+  setup_des_key(keys, DESKEY(ks));
+  DES_ecb_encrypt((DES_cblock*) plaintext, (DES_cblock*) results,
+                  DESKEY(ks), DES_ENCRYPT);
+
+  setup_des_key(keys + 7, DESKEY(ks));
+  DES_ecb_encrypt((DES_cblock*) plaintext, (DES_cblock*) (results + 8),
+                  DESKEY(ks), DES_ENCRYPT);
+
+  setup_des_key(keys + 14, DESKEY(ks));
+  DES_ecb_encrypt((DES_cblock*) plaintext, (DES_cblock*) (results + 16),
+                  DESKEY(ks), DES_ENCRYPT);
+#elif defined(USE_GNUTLS)
+  gcry_cipher_hd_t des;
+
+  gcry_cipher_open(&des, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0);
+  setup_des_key(keys, &des);
+  gcry_cipher_encrypt(des, results, 8, plaintext, 8);
+  gcry_cipher_close(des);
+
+  gcry_cipher_open(&des, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0);
+  setup_des_key(keys + 7, &des);
+  gcry_cipher_encrypt(des, results + 8, 8, plaintext, 8);
+  gcry_cipher_close(des);
+
+  gcry_cipher_open(&des, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0);
+  setup_des_key(keys + 14, &des);
+  gcry_cipher_encrypt(des, results + 16, 8, plaintext, 8);
+  gcry_cipher_close(des);
+#elif defined(USE_NSS)
+  encrypt_des(plaintext, results, keys);
+  encrypt_des(plaintext, results + 8, keys + 7);
+  encrypt_des(plaintext, results + 16, keys + 14);
+#endif
+}
+
+/*
+ * Set up lanmanager hashed password
+ */
+void Curl_ntlm_core_mk_lm_hash(struct SessionHandle *data,
+                               const char *password,
+                               unsigned char *lmbuffer /* 21 bytes */)
+{
+  CURLcode res;
+  unsigned char pw[14];
+  static const unsigned char magic[] = {
+    0x4B, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 /* i.e. KGS!@#$% */
+  };
+  size_t len = CURLMIN(strlen(password), 14);
+
+  Curl_strntoupper((char *)pw, password, len);
+  memset(&pw[len], 0, 14 - len);
+
+  /*
+   * The LanManager hashed password needs to be created using the
+   * password in the network encoding not the host encoding.
+   */
+  res = Curl_convert_to_network(data, (char *)pw, 14);
+  if(res)
+    return;
+
+  {
+    /* Create LanManager hashed password. */
+
+#ifdef USE_SSLEAY
+    DES_key_schedule ks;
+
+    setup_des_key(pw, DESKEY(ks));
+    DES_ecb_encrypt((DES_cblock *)magic, (DES_cblock *)lmbuffer,
+                    DESKEY(ks), DES_ENCRYPT);
+
+    setup_des_key(pw + 7, DESKEY(ks));
+    DES_ecb_encrypt((DES_cblock *)magic, (DES_cblock *)(lmbuffer + 8),
+                    DESKEY(ks), DES_ENCRYPT);
+#elif defined(USE_GNUTLS)
+    gcry_cipher_hd_t des;
+
+    gcry_cipher_open(&des, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0);
+    setup_des_key(pw, &des);
+    gcry_cipher_encrypt(des, lmbuffer, 8, magic, 8);
+    gcry_cipher_close(des);
+
+    gcry_cipher_open(&des, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0);
+    setup_des_key(pw + 7, &des);
+    gcry_cipher_encrypt(des, lmbuffer + 8, 8, magic, 8);
+    gcry_cipher_close(des);
+#elif defined(USE_NSS)
+    encrypt_des(magic, lmbuffer, pw);
+    encrypt_des(magic, lmbuffer + 8, pw + 7);
+#endif
+
+    memset(lmbuffer + 16, 0, 21 - 16);
+  }
+}
+
+#if USE_NTRESPONSES
+static void ascii_to_unicode_le(unsigned char *dest, const char *src,
+                                size_t srclen)
+{
+  size_t i;
+  for(i = 0; i < srclen; i++) {
+    dest[2 * i] = (unsigned char)src[i];
+    dest[2 * i + 1] = '\0';
+  }
+}
+
+/*
+ * Set up nt hashed passwords
+ */
+CURLcode Curl_ntlm_core_mk_nt_hash(struct SessionHandle *data,
+                                   const char *password,
+                                   unsigned char *ntbuffer /* 21 bytes */)
+{
+  size_t len = strlen(password);
+  unsigned char *pw = malloc(len * 2);
+  CURLcode result;
+  if(!pw)
+    return CURLE_OUT_OF_MEMORY;
+
+  ascii_to_unicode_le(pw, password, len);
+
+  /*
+   * The NT hashed password needs to be created using the password in the
+   * network encoding not the host encoding.
+   */
+  result = Curl_convert_to_network(data, (char *)pw, len * 2);
+  if(result)
+    return result;
+
+  {
+    /* Create NT hashed password. */
+#ifdef USE_SSLEAY
+    MD4_CTX MD4pw;
+    MD4_Init(&MD4pw);
+    MD4_Update(&MD4pw, pw, 2 * len);
+    MD4_Final(ntbuffer, &MD4pw);
+#elif defined(USE_GNUTLS)
+    gcry_md_hd_t MD4pw;
+    gcry_md_open(&MD4pw, GCRY_MD_MD4, 0);
+    gcry_md_write(MD4pw, pw, 2 * len);
+    memcpy (ntbuffer, gcry_md_read (MD4pw, 0), MD4_DIGEST_LENGTH);
+    gcry_md_close(MD4pw);
+#elif defined(USE_NSS)
+    Curl_md4it(ntbuffer, pw, 2 * len);
+#endif
+
+    memset(ntbuffer + 16, 0, 21 - 16);
+  }
+
+  free(pw);
+
+  return CURLE_OK;
+}
+#endif /* USE_NTRESPONSES */
+
+#endif /* USE_NTLM && !USE_WINDOWS_SSPI */

lib/curl_ntlm_core.h

@@ -0,0 +1,68 @@
+#ifndef HEADER_CURL_NTLM_CORE_H
+#define HEADER_CURL_NTLM_CORE_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "setup.h"
+
+#if defined(USE_NTLM) && !defined(USE_WINDOWS_SSPI)
+
+#ifdef USE_SSLEAY
+#  if !defined(OPENSSL_VERSION_NUMBER) && \
+      !defined(HEADER_SSL_H) && !defined(HEADER_MD5_H)
+#    error "curl_ntlm_core.h shall not be included before OpenSSL headers."
+#  endif
+#  ifdef OPENSSL_NO_MD4
+#    define USE_NTRESPONSES 0
+#    define USE_NTLM2SESSION 0
+#  endif
+#endif
+
+/*
+ * Define USE_NTRESPONSES to 1 in order to make the type-3 message include
+ * the NT response message. Define USE_NTLM2SESSION to 1 in order to make
+ * the type-3 message include the NTLM2Session response message, requires
+ * USE_NTRESPONSES defined to 1.
+ */
+
+#ifndef USE_NTRESPONSES
+#  define USE_NTRESPONSES 1
+#  define USE_NTLM2SESSION 1
+#endif
+
+void Curl_ntlm_core_lm_resp(const unsigned char *keys,
+                            const unsigned char *plaintext,
+                            unsigned char *results);
+
+void Curl_ntlm_core_mk_lm_hash(struct SessionHandle *data,
+                               const char *password,
+                               unsigned char *lmbuffer /* 21 bytes */);
+
+#if USE_NTRESPONSES
+CURLcode Curl_ntlm_core_mk_nt_hash(struct SessionHandle *data,
+                                   const char *password,
+                                   unsigned char *ntbuffer /* 21 bytes */);
+#endif
+
+#endif /* USE_NTLM && !USE_WINDOWS_SSPI */
+
+#endif /* HEADER_CURL_NTLM_CORE_H */

lib/curl_ntlm_msgs.c

@@ -0,0 +1,964 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "setup.h"
+
+#ifdef USE_NTLM
+
+/*
+ * NTLM details:
+ *
+ * http://davenport.sourceforge.net/ntlm.html
+ * http://www.innovation.ch/java/ntlm.html
+ */
+
+#define DEBUG_ME 0
+
+#ifdef USE_SSLEAY
+
+#  ifdef USE_OPENSSL
+#    include <openssl/des.h>
+#    ifndef OPENSSL_NO_MD4
+#      include <openssl/md4.h>
+#    endif
+#    include <openssl/md5.h>
+#    include <openssl/ssl.h>
+#    include <openssl/rand.h>
+#  else
+#    include <des.h>
+#    ifndef OPENSSL_NO_MD4
+#      include <md4.h>
+#    endif
+#    include <md5.h>
+#    include <ssl.h>
+#    include <rand.h>
+#  endif
+#  include "ssluse.h"
+
+#elif defined(USE_GNUTLS)
+
+#  include <gcrypt.h>
+#  include "gtls.h"
+#  define MD5_DIGEST_LENGTH 16
+#  define MD4_DIGEST_LENGTH 16
+
+#elif defined(USE_NSS)
+
+#  include <nss.h>
+#  include <pk11pub.h>
+#  include <hasht.h>
+#  include "nssg.h"
+#  include "curl_md4.h"
+#  define MD5_DIGEST_LENGTH MD5_LENGTH
+
+#elif defined(USE_WINDOWS_SSPI)
+#  include "curl_sspi.h"
+#else
+#  error "Can't compile NTLM support without a crypto library."
+#endif
+
+#include "urldata.h"
+#include "non-ascii.h"
+#include "sendf.h"
+#include "curl_base64.h"
+#include "curl_ntlm_core.h"
+#include "curl_gethostname.h"
+#include "curl_memory.h"
+
+#define BUILDING_CURL_NTLM_MSGS_C
+#include "curl_ntlm_msgs.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+/* The last #include file should be: */
+#include "memdebug.h"
+
+/* Hostname buffer size */
+#define HOSTNAME_MAX 1024
+
+/* "NTLMSSP" signature is always in ASCII regardless of the platform */
+#define NTLMSSP_SIGNATURE "\x4e\x54\x4c\x4d\x53\x53\x50"
+
+#define SHORTPAIR(x) ((x) & 0xff), (((x) >> 8) & 0xff)
+#define LONGQUARTET(x) ((x) & 0xff), (((x) >> 8) & 0xff), \
+  (((x) >> 16) & 0xff), (((x) >> 24) & 0xff)
+
+#if DEBUG_ME
+# define DEBUG_OUT(x) x
+static void ntlm_print_flags(FILE *handle, unsigned long flags)
+{
+  if(flags & NTLMFLAG_NEGOTIATE_UNICODE)
+    fprintf(handle, "NTLMFLAG_NEGOTIATE_UNICODE ");
+  if(flags & NTLMFLAG_NEGOTIATE_OEM)
+    fprintf(handle, "NTLMFLAG_NEGOTIATE_OEM ");
+  if(flags & NTLMFLAG_REQUEST_TARGET)
+    fprintf(handle, "NTLMFLAG_REQUEST_TARGET ");
+  if(flags & (1<<3))
+    fprintf(handle, "NTLMFLAG_UNKNOWN_3 ");
+  if(flags & NTLMFLAG_NEGOTIATE_SIGN)
+    fprintf(handle, "NTLMFLAG_NEGOTIATE_SIGN ");
+  if(flags & NTLMFLAG_NEGOTIATE_SEAL)
+    fprintf(handle, "NTLMFLAG_NEGOTIATE_SEAL ");
+  if(flags & NTLMFLAG_NEGOTIATE_DATAGRAM_STYLE)
+    fprintf(handle, "NTLMFLAG_NEGOTIATE_DATAGRAM_STYLE ");
+  if(flags & NTLMFLAG_NEGOTIATE_LM_KEY)
+    fprintf(handle, "NTLMFLAG_NEGOTIATE_LM_KEY ");
+  if(flags & NTLMFLAG_NEGOTIATE_NETWARE)
+    fprintf(handle, "NTLMFLAG_NEGOTIATE_NETWARE ");
+  if(flags & NTLMFLAG_NEGOTIATE_NTLM_KEY)
+    fprintf(handle, "NTLMFLAG_NEGOTIATE_NTLM_KEY ");
+  if(flags & (1<<10))
+    fprintf(handle, "NTLMFLAG_UNKNOWN_10 ");
+  if(flags & NTLMFLAG_NEGOTIATE_ANONYMOUS)
+    fprintf(handle, "NTLMFLAG_NEGOTIATE_ANONYMOUS ");
+  if(flags & NTLMFLAG_NEGOTIATE_DOMAIN_SUPPLIED)
+    fprintf(handle, "NTLMFLAG_NEGOTIATE_DOMAIN_SUPPLIED ");
+  if(flags & NTLMFLAG_NEGOTIATE_WORKSTATION_SUPPLIED)
+    fprintf(handle, "NTLMFLAG_NEGOTIATE_WORKSTATION_SUPPLIED ");
+  if(flags & NTLMFLAG_NEGOTIATE_LOCAL_CALL)
+    fprintf(handle, "NTLMFLAG_NEGOTIATE_LOCAL_CALL ");
+  if(flags & NTLMFLAG_NEGOTIATE_ALWAYS_SIGN)
+    fprintf(handle, "NTLMFLAG_NEGOTIATE_ALWAYS_SIGN ");
+  if(flags & NTLMFLAG_TARGET_TYPE_DOMAIN)
+    fprintf(handle, "NTLMFLAG_TARGET_TYPE_DOMAIN ");
+  if(flags & NTLMFLAG_TARGET_TYPE_SERVER)
+    fprintf(handle, "NTLMFLAG_TARGET_TYPE_SERVER ");
+  if(flags & NTLMFLAG_TARGET_TYPE_SHARE)
+    fprintf(handle, "NTLMFLAG_TARGET_TYPE_SHARE ");
+  if(flags & NTLMFLAG_NEGOTIATE_NTLM2_KEY)
+    fprintf(handle, "NTLMFLAG_NEGOTIATE_NTLM2_KEY ");
+  if(flags & NTLMFLAG_REQUEST_INIT_RESPONSE)
+    fprintf(handle, "NTLMFLAG_REQUEST_INIT_RESPONSE ");
+  if(flags & NTLMFLAG_REQUEST_ACCEPT_RESPONSE)
+    fprintf(handle, "NTLMFLAG_REQUEST_ACCEPT_RESPONSE ");
+  if(flags & NTLMFLAG_REQUEST_NONNT_SESSION_KEY)
+    fprintf(handle, "NTLMFLAG_REQUEST_NONNT_SESSION_KEY ");
+  if(flags & NTLMFLAG_NEGOTIATE_TARGET_INFO)
+    fprintf(handle, "NTLMFLAG_NEGOTIATE_TARGET_INFO ");
+  if(flags & (1<<24))
+    fprintf(handle, "NTLMFLAG_UNKNOWN_24 ");
+  if(flags & (1<<25))
+    fprintf(handle, "NTLMFLAG_UNKNOWN_25 ");
+  if(flags & (1<<26))
+    fprintf(handle, "NTLMFLAG_UNKNOWN_26 ");
+  if(flags & (1<<27))
+    fprintf(handle, "NTLMFLAG_UNKNOWN_27 ");
+  if(flags & (1<<28))
+    fprintf(handle, "NTLMFLAG_UNKNOWN_28 ");
+  if(flags & NTLMFLAG_NEGOTIATE_128)
+    fprintf(handle, "NTLMFLAG_NEGOTIATE_128 ");
+  if(flags & NTLMFLAG_NEGOTIATE_KEY_EXCHANGE)
+    fprintf(handle, "NTLMFLAG_NEGOTIATE_KEY_EXCHANGE ");
+  if(flags & NTLMFLAG_NEGOTIATE_56)
+    fprintf(handle, "NTLMFLAG_NEGOTIATE_56 ");
+}
+
+static void ntlm_print_hex(FILE *handle, const char *buf, size_t len)
+{
+  const char *p = buf;
+  (void)handle;
+  fprintf(stderr, "0x");
+  while(len-- > 0)
+    fprintf(stderr, "%02.2x", (unsigned int)*p++);
+}
+#else
+# define DEBUG_OUT(x) Curl_nop_stmt
+#endif
+
+#ifndef USE_WINDOWS_SSPI
+/*
+ * This function converts from the little endian format used in the
+ * incoming package to whatever endian format we're using natively.
+ * Argument is a pointer to a 4 byte buffer.
+ */
+static unsigned int readint_le(unsigned char *buf)
+{
+  return ((unsigned int)buf[0]) | ((unsigned int)buf[1] << 8) |
+    ((unsigned int)buf[2] << 16) | ((unsigned int)buf[3] << 24);
+}
+#endif
+
+/*
+  NTLM message structure notes:
+
+  A 'short' is a 'network short', a little-endian 16-bit unsigned value.
+
+  A 'long' is a 'network long', a little-endian, 32-bit unsigned value.
+
+  A 'security buffer' represents a triplet used to point to a buffer,
+  consisting of two shorts and one long:
+
+    1. A 'short' containing the length of the buffer content in bytes.
+    2. A 'short' containing the allocated space for the buffer in bytes.
+    3. A 'long' containing the offset to the start of the buffer in bytes,
+       from the beginning of the NTLM message.
+*/
+
+/*
+ * Curl_ntlm_decode_type2_message()
+ *
+ * This is used to decode a ntlm type-2 message received from a: HTTP, SMTP
+ * or POP3 server. The message is first decoded from a base64 string into a
+ * raw ntlm message and checked for validity before the appropriate data for
+ * creating a type-3 message is written to the given ntlm data structure.
+ *
+ * Parameters:
+ *
+ * data    [in]     - Pointer to session handle.
+ * header  [in]     - Pointer to the input buffer.
+ * ntlm    [in]     - Pointer to ntlm data struct being used and modified.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_ntlm_decode_type2_message(struct SessionHandle *data,
+                                        const char* header,
+                                        struct ntlmdata* ntlm)
+{
+#ifndef USE_WINDOWS_SSPI
+  static const char type2_marker[] = { 0x02, 0x00, 0x00, 0x00 };
+#endif
+
+  /* NTLM type-2 message structure:
+
+          Index  Description            Content
+            0    NTLMSSP Signature      Null-terminated ASCII "NTLMSSP"
+                                        (0x4e544c4d53535000)
+            8    NTLM Message Type      long (0x02000000)
+           12    Target Name            security buffer
+           20    Flags                  long
+           24    Challenge              8 bytes
+          (32)   Context                8 bytes (two consecutive longs) (*)
+          (40)   Target Information     security buffer (*)
+          (48)   OS Version Structure   8 bytes (*)
+  32 (48) (56)   Start of data block    (*)
+                                        (*) -> Optional
+  */
+
+  size_t size = 0;
+  unsigned char *buffer = NULL;
+  CURLcode error;
+
+#if defined(CURL_DISABLE_VERBOSE_STRINGS) || defined(USE_WINDOWS_SSPI)
+  (void)data;
+#endif
+
+  error = Curl_base64_decode(header, &buffer, &size);
+  if(error)
+    return error;
+
+  if(!buffer) {
+    infof(data, "NTLM handshake failure (unhandled condition)\n");
+    return CURLE_REMOTE_ACCESS_DENIED;
+  }
+
+#ifdef USE_WINDOWS_SSPI
+  ntlm->type_2 = malloc(size + 1);
+  if(ntlm->type_2 == NULL) {
+    free(buffer);
+    return CURLE_OUT_OF_MEMORY;
+  }
+  ntlm->n_type_2 = (unsigned long)size;
+  memcpy(ntlm->type_2, buffer, size);
+#else
+  ntlm->flags = 0;
+
+  if((size < 32) ||
+     (memcmp(buffer, NTLMSSP_SIGNATURE, 8) != 0) ||
+     (memcmp(buffer + 8, type2_marker, sizeof(type2_marker)) != 0)) {
+    /* This was not a good enough type-2 message */
+    free(buffer);
+    infof(data, "NTLM handshake failure (bad type-2 message)\n");
+    return CURLE_REMOTE_ACCESS_DENIED;
+  }
+
+  ntlm->flags = readint_le(&buffer[20]);
+  memcpy(ntlm->nonce, &buffer[24], 8);
+
+  DEBUG_OUT({
+    fprintf(stderr, "**** TYPE2 header flags=0x%08.8lx ", ntlm->flags);
+    ntlm_print_flags(stderr, ntlm->flags);
+    fprintf(stderr, "\n                  nonce=");
+    ntlm_print_hex(stderr, (char *)ntlm->nonce, 8);
+    fprintf(stderr, "\n****\n");
+    fprintf(stderr, "**** Header %s\n ", header);
+  });
+#endif
+  free(buffer);
+
+  return CURLE_OK;
+}
+
+#ifdef USE_WINDOWS_SSPI
+void Curl_ntlm_sspi_cleanup(struct ntlmdata *ntlm)
+{
+  if(ntlm->type_2) {
+    free(ntlm->type_2);
+    ntlm->type_2 = NULL;
+  }
+  if(ntlm->has_handles) {
+    s_pSecFn->DeleteSecurityContext(&ntlm->c_handle);
+    s_pSecFn->FreeCredentialsHandle(&ntlm->handle);
+    ntlm->has_handles = 0;
+  }
+  if(ntlm->p_identity) {
+    if(ntlm->identity.User) free(ntlm->identity.User);
+    if(ntlm->identity.Password) free(ntlm->identity.Password);
+    if(ntlm->identity.Domain) free(ntlm->identity.Domain);
+    ntlm->p_identity = NULL;
+  }
+}
+#endif
+
+#ifndef USE_WINDOWS_SSPI
+/* copy the source to the destination and fill in zeroes in every
+   other destination byte! */
+static void unicodecpy(unsigned char *dest,
+                       const char *src, size_t length)
+{
+  size_t i;
+  for(i = 0; i < length; i++) {
+    dest[2 * i] = (unsigned char)src[i];
+    dest[2 * i + 1] = '\0';
+  }
+}
+#endif
+
+/*
+ * Curl_ntlm_create_type1_message()
+ *
+ * This is used to generate an already encoded NTLM type-1 message ready
+ * for sending to the recipient, be it a: HTTP, SMTP or POP3 server,
+ * using the appropriate compile time crypo API.
+ *
+ * Parameters:
+ *
+ * userp   [in]     - The user name in the format User or Domain\User.
+ * passdwp [in]     - The user's password.
+ * ntlm    [in/out] - The ntlm data struct being used and modified.
+ * outptr  [in/out] - The adress where a pointer to newly allocated memory
+ *                    holding the result will be stored upon completion.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_ntlm_create_type1_message(const char *userp,
+                                        const char *passwdp,
+                                        struct ntlmdata *ntlm,
+                                        char **outptr)
+{
+  /* NTLM type-1 message structure:
+
+       Index  Description            Content
+         0    NTLMSSP Signature      Null-terminated ASCII "NTLMSSP"
+                                     (0x4e544c4d53535000)
+         8    NTLM Message Type      long (0x01000000)
+        12    Flags                  long
+       (16)   Supplied Domain        security buffer (*)
+       (24)   Supplied Workstation   security buffer (*)
+       (32)   OS Version Structure   8 bytes (*)
+  (32) (40)   Start of data block    (*)
+                                     (*) -> Optional
+  */
+
+  unsigned char ntlmbuf[NTLM_BUFSIZE];
+  size_t base64_sz = 0;
+  size_t size;
+
+#ifdef USE_WINDOWS_SSPI
+
+  SecBuffer buf;
+  SecBufferDesc desc;
+  SECURITY_STATUS status;
+  ULONG attrs;
+  const char *dest = "";
+  const char *user;
+  const char *domain = "";
+  size_t userlen = 0;
+  size_t domlen = 0;
+  size_t passwdlen = 0;
+  TimeStamp tsDummy; /* For Windows 9x compatibility of SSPI calls */
+
+  Curl_ntlm_sspi_cleanup(ntlm);
+
+  user = strchr(userp, '\\');
+  if(!user)
+    user = strchr(userp, '/');
+
+  if(user) {
+    domain = userp;
+    domlen = user - userp;
+    user++;
+  }
+  else {
+    user = userp;
+    domain = "";
+    domlen = 0;
+  }
+
+  if(user)
+    userlen = strlen(user);
+
+  if(passwdp)
+    passwdlen = strlen(passwdp);
+
+  if(userlen > 0) {
+    /* note: initialize all of this before doing the mallocs so that
+     * it can be cleaned up later without leaking memory.
+     */
+    ntlm->p_identity = &ntlm->identity;
+    memset(ntlm->p_identity, 0, sizeof(*ntlm->p_identity));
+    if((ntlm->identity.User = (unsigned char *)strdup(user)) == NULL)
+      return CURLE_OUT_OF_MEMORY;
+
+    ntlm->identity.UserLength = (unsigned long)userlen;
+    if((ntlm->identity.Password = (unsigned char *)strdup(passwdp)) == NULL)
+      return CURLE_OUT_OF_MEMORY;
+
+    ntlm->identity.PasswordLength = (unsigned long)strlen(passwdp);
+    if((ntlm->identity.Domain = malloc(domlen + 1)) == NULL)
+      return CURLE_OUT_OF_MEMORY;
+
+    strncpy((char *)ntlm->identity.Domain, domain, domlen);
+    ntlm->identity.Domain[domlen] = '\0';
+    ntlm->identity.DomainLength = (unsigned long)domlen;
+    ntlm->identity.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI;
+  }
+  else
+    ntlm->p_identity = NULL;
+
+  status = s_pSecFn->AcquireCredentialsHandleA(NULL, (void *)"NTLM",
+                                               SECPKG_CRED_OUTBOUND, NULL,
+                                               ntlm->p_identity, NULL, NULL,
+                                               &ntlm->handle, &tsDummy);
+  if(status != SEC_E_OK)
+    return CURLE_OUT_OF_MEMORY;
+
+  desc.ulVersion = SECBUFFER_VERSION;
+  desc.cBuffers  = 1;
+  desc.pBuffers  = &buf;
+  buf.cbBuffer   = NTLM_BUFSIZE;
+  buf.BufferType = SECBUFFER_TOKEN;
+  buf.pvBuffer   = ntlmbuf;
+
+  status = s_pSecFn->InitializeSecurityContextA(&ntlm->handle, NULL,
+                                                (void *)dest,
+                                                ISC_REQ_CONFIDENTIALITY |
+                                                ISC_REQ_REPLAY_DETECT |
+                                                ISC_REQ_CONNECTION,
+                                                0, SECURITY_NETWORK_DREP,
+                                                NULL, 0,
+                                                &ntlm->c_handle, &desc,
+                                                &attrs, &tsDummy);
+
+  if(status == SEC_I_COMPLETE_AND_CONTINUE ||
+     status == SEC_I_CONTINUE_NEEDED)
+    s_pSecFn->CompleteAuthToken(&ntlm->c_handle, &desc);
+  else if(status != SEC_E_OK) {
+    s_pSecFn->FreeCredentialsHandle(&ntlm->handle);
+    return CURLE_RECV_ERROR;
+  }
+
+  ntlm->has_handles = 1;
+  size = buf.cbBuffer;
+
+#else
+
+  const char *host = "";              /* empty */
+  const char *domain = "";            /* empty */
+  size_t hostlen = 0;
+  size_t domlen = 0;
+  size_t hostoff = 0;
+  size_t domoff = hostoff + hostlen;  /* This is 0: remember that host and
+                                         domain are empty */
+  (void)userp;
+  (void)passwdp;
+  (void)ntlm;
+
+#if USE_NTLM2SESSION
+#define NTLM2FLAG NTLMFLAG_NEGOTIATE_NTLM2_KEY
+#else
+#define NTLM2FLAG 0
+#endif
+  snprintf((char *)ntlmbuf, NTLM_BUFSIZE,
+           NTLMSSP_SIGNATURE "%c"
+           "\x01%c%c%c" /* 32-bit type = 1 */
+           "%c%c%c%c"   /* 32-bit NTLM flag field */
+           "%c%c"       /* domain length */
+           "%c%c"       /* domain allocated space */
+           "%c%c"       /* domain name offset */
+           "%c%c"       /* 2 zeroes */
+           "%c%c"       /* host length */
+           "%c%c"       /* host allocated space */
+           "%c%c"       /* host name offset */
+           "%c%c"       /* 2 zeroes */
+           "%s"         /* host name */
+           "%s",        /* domain string */
+           0,           /* trailing zero */
+           0, 0, 0,     /* part of type-1 long */
+
+           LONGQUARTET(NTLMFLAG_NEGOTIATE_OEM |
+                       NTLMFLAG_REQUEST_TARGET |
+                       NTLMFLAG_NEGOTIATE_NTLM_KEY |
+                       NTLM2FLAG |
+                       NTLMFLAG_NEGOTIATE_ALWAYS_SIGN),
+           SHORTPAIR(domlen),
+           SHORTPAIR(domlen),
+           SHORTPAIR(domoff),
+           0, 0,
+           SHORTPAIR(hostlen),
+           SHORTPAIR(hostlen),
+           SHORTPAIR(hostoff),
+           0, 0,
+           host,  /* this is empty */
+           domain /* this is empty */);
+
+  /* Initial packet length */
+  size = 32 + hostlen + domlen;
+
+#endif
+
+  DEBUG_OUT({
+    fprintf(stderr, "* TYPE1 header flags=0x%02.2x%02.2x%02.2x%02.2x "
+            "0x%08.8x ",
+            LONGQUARTET(NTLMFLAG_NEGOTIATE_OEM |
+                        NTLMFLAG_REQUEST_TARGET |
+                        NTLMFLAG_NEGOTIATE_NTLM_KEY |
+                        NTLM2FLAG |
+                        NTLMFLAG_NEGOTIATE_ALWAYS_SIGN),
+            NTLMFLAG_NEGOTIATE_OEM |
+            NTLMFLAG_REQUEST_TARGET |
+            NTLMFLAG_NEGOTIATE_NTLM_KEY |
+            NTLM2FLAG |
+            NTLMFLAG_NEGOTIATE_ALWAYS_SIGN);
+    ntlm_print_flags(stderr,
+                     NTLMFLAG_NEGOTIATE_OEM |
+                     NTLMFLAG_REQUEST_TARGET |
+                     NTLMFLAG_NEGOTIATE_NTLM_KEY |
+                     NTLM2FLAG |
+                     NTLMFLAG_NEGOTIATE_ALWAYS_SIGN);
+    fprintf(stderr, "\n****\n");
+  });
+
+  /* Return with binary blob encoded into base64 */
+  return Curl_base64_encode(NULL, (char *)ntlmbuf, size, outptr, &base64_sz);
+}
+
+/*
+ * Curl_ntlm_create_type3_message()
+ *
+ * This is used to generate an already encoded NTLM type-3 message ready
+ * for sending to the recipient, be it a: HTTP, SMTP or POP3 server,
+ * using the appropriate compile time crypo API.
+ *
+ * Parameters:
+ *
+ * data    [in]     - The session handle.
+ * userp   [in]     - The user name in the format User or Domain\User.
+ * passdwp [in]     - The user's password.
+ * ntlm    [in/out] - The ntlm data struct being used and modified.
+ * outptr  [in/out] - The adress where a pointer to newly allocated memory
+ *                    holding the result will be stored upon completion.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
+                                        const char *userp,
+                                        const char *passwdp,
+                                        struct ntlmdata *ntlm,
+                                        char **outptr)
+{
+  /* NTLM type-3 message structure:
+
+          Index  Description            Content
+            0    NTLMSSP Signature      Null-terminated ASCII "NTLMSSP"
+                                        (0x4e544c4d53535000)
+            8    NTLM Message Type      long (0x03000000)
+           12    LM/LMv2 Response       security buffer
+           20    NTLM/NTLMv2 Response   security buffer
+           28    Target Name            security buffer
+           36    User Name              security buffer
+           44    Workstation Name       security buffer
+          (52)   Session Key            security buffer (*)
+          (60)   Flags                  long (*)
+          (64)   OS Version Structure   8 bytes (*)
+  52 (64) (72)   Start of data block
+                                          (*) -> Optional
+  */
+
+  unsigned char ntlmbuf[NTLM_BUFSIZE];
+  size_t base64_sz = 0;
+  size_t size;
+
+#ifdef USE_WINDOWS_SSPI
+  const char *dest = "";
+  SecBuffer type_2;
+  SecBuffer type_3;
+  SecBufferDesc type_2_desc;
+  SecBufferDesc type_3_desc;
+  SECURITY_STATUS status;
+  ULONG attrs;
+  TimeStamp tsDummy; /* For Windows 9x compatibility of SSPI calls */
+
+  (void)passwdp;
+  (void)userp;
+  (void)data;
+
+  type_2_desc.ulVersion = type_3_desc.ulVersion  = SECBUFFER_VERSION;
+  type_2_desc.cBuffers  = type_3_desc.cBuffers   = 1;
+  type_2_desc.pBuffers  = &type_2;
+  type_3_desc.pBuffers  = &type_3;
+
+  type_2.BufferType = SECBUFFER_TOKEN;
+  type_2.pvBuffer   = ntlm->type_2;
+  type_2.cbBuffer   = ntlm->n_type_2;
+  type_3.BufferType = SECBUFFER_TOKEN;
+  type_3.pvBuffer   = ntlmbuf;
+  type_3.cbBuffer   = NTLM_BUFSIZE;
+
+  status = s_pSecFn->InitializeSecurityContextA(&ntlm->handle,
+                                                &ntlm->c_handle,
+                                                (void *)dest,
+                                                ISC_REQ_CONFIDENTIALITY |
+                                                ISC_REQ_REPLAY_DETECT |
+                                                ISC_REQ_CONNECTION,
+                                                0, SECURITY_NETWORK_DREP,
+                                                &type_2_desc,
+                                                0, &ntlm->c_handle,
+                                                &type_3_desc,
+                                                &attrs, &tsDummy);
+  if(status != SEC_E_OK)
+    return CURLE_RECV_ERROR;
+
+  size = type_3.cbBuffer;
+
+  Curl_ntlm_sspi_cleanup(ntlm);
+
+#else
+  int lmrespoff;
+  unsigned char lmresp[24]; /* fixed-size */
+#if USE_NTRESPONSES
+  int ntrespoff;
+  unsigned char ntresp[24]; /* fixed-size */
+#endif
+  bool unicode = (ntlm->flags & NTLMFLAG_NEGOTIATE_UNICODE) ? TRUE : FALSE;
+  char host[HOSTNAME_MAX + 1] = "";
+  const char *user;
+  const char *domain = "";
+  size_t hostoff = 0;
+  size_t useroff = 0;
+  size_t domoff = 0;
+  size_t hostlen = 0;
+  size_t userlen = 0;
+  size_t domlen = 0;
+  CURLcode res;
+
+  user = strchr(userp, '\\');
+  if(!user)
+    user = strchr(userp, '/');
+
+  if(user) {
+    domain = userp;
+    domlen = (user - domain);
+    user++;
+  }
+  else
+    user = userp;
+
+  if(user)
+    userlen = strlen(user);
+
+  if(Curl_gethostname(host, HOSTNAME_MAX)) {
+    infof(data, "gethostname() failed, continuing without!");
+    hostlen = 0;
+  }
+  else {
+    /* If the workstation if configured with a full DNS name (i.e.
+     * workstation.somewhere.net) gethostname() returns the fully qualified
+     * name, which NTLM doesn't like.
+     */
+    char *dot = strchr(host, '.');
+    if(dot)
+      *dot = '\0';
+    hostlen = strlen(host);
+  }
+
+  if(unicode) {
+    domlen = domlen * 2;
+    userlen = userlen * 2;
+    hostlen = hostlen * 2;
+  }
+
+#if USE_NTLM2SESSION
+  /* We don't support NTLM2 if we don't have USE_NTRESPONSES */
+  if(ntlm->flags & NTLMFLAG_NEGOTIATE_NTLM2_KEY) {
+    unsigned char ntbuffer[0x18];
+    unsigned char tmp[0x18];
+    unsigned char md5sum[MD5_DIGEST_LENGTH];
+    unsigned char entropy[8];
+
+    /* Need to create 8 bytes random data */
+#ifdef USE_SSLEAY
+    MD5_CTX MD5pw;
+    Curl_ossl_seed(data); /* Initiate the seed if not already done */
+    RAND_bytes(entropy, 8);
+#elif defined(USE_GNUTLS)
+    gcry_md_hd_t MD5pw;
+    Curl_gtls_seed(data); /* Initiate the seed if not already done */
+    gcry_randomize(entropy, 8, GCRY_STRONG_RANDOM);
+#elif defined(USE_NSS)
+    PK11Context *MD5pw;
+    unsigned int outlen;
+    Curl_nss_seed(data);  /* Initiate the seed if not already done */
+    PK11_GenerateRandom(entropy, 8);
+#endif
+
+    /* 8 bytes random data as challenge in lmresp */
+    memcpy(lmresp, entropy, 8);
+
+    /* Pad with zeros */
+    memset(lmresp + 8, 0, 0x10);
+
+    /* Fill tmp with challenge(nonce?) + entropy */
+    memcpy(tmp, &ntlm->nonce[0], 8);
+    memcpy(tmp + 8, entropy, 8);
+
+#ifdef USE_SSLEAY
+    MD5_Init(&MD5pw);
+    MD5_Update(&MD5pw, tmp, 16);
+    MD5_Final(md5sum, &MD5pw);
+#elif defined(USE_GNUTLS)
+    gcry_md_open(&MD5pw, GCRY_MD_MD5, 0);
+    gcry_md_write(MD5pw, tmp, MD5_DIGEST_LENGTH);
+    memcpy(md5sum, gcry_md_read (MD5pw, 0), MD5_DIGEST_LENGTH);
+    gcry_md_close(MD5pw);
+#elif defined(USE_NSS)
+    MD5pw = PK11_CreateDigestContext(SEC_OID_MD5);
+    PK11_DigestOp(MD5pw, tmp, 16);
+    PK11_DigestFinal(MD5pw, md5sum, &outlen, MD5_DIGEST_LENGTH);
+    PK11_DestroyContext(MD5pw, PR_TRUE);
+#endif
+
+    /* We shall only use the first 8 bytes of md5sum, but the des
+       code in Curl_ntlm_core_lm_resp only encrypt the first 8 bytes */
+    if(CURLE_OUT_OF_MEMORY ==
+       Curl_ntlm_core_mk_nt_hash(data, passwdp, ntbuffer))
+      return CURLE_OUT_OF_MEMORY;
+    Curl_ntlm_core_lm_resp(ntbuffer, md5sum, ntresp);
+
+    /* End of NTLM2 Session code */
+  }
+  else
+#endif
+  {
+
+#if USE_NTRESPONSES
+    unsigned char ntbuffer[0x18];
+#endif
+    unsigned char lmbuffer[0x18];
+
+#if USE_NTRESPONSES
+    if(CURLE_OUT_OF_MEMORY ==
+       Curl_ntlm_core_mk_nt_hash(data, passwdp, ntbuffer))
+      return CURLE_OUT_OF_MEMORY;
+    Curl_ntlm_core_lm_resp(ntbuffer, &ntlm->nonce[0], ntresp);
+#endif
+
+    Curl_ntlm_core_mk_lm_hash(data, passwdp, lmbuffer);
+    Curl_ntlm_core_lm_resp(lmbuffer, &ntlm->nonce[0], lmresp);
+    /* A safer but less compatible alternative is:
+     *   Curl_ntlm_core_lm_resp(ntbuffer, &ntlm->nonce[0], lmresp);
+     * See http://davenport.sourceforge.net/ntlm.html#ntlmVersion2 */
+  }
+
+  lmrespoff = 64; /* size of the message header */
+#if USE_NTRESPONSES
+  ntrespoff = lmrespoff + 0x18;
+  domoff = ntrespoff + 0x18;
+#else
+  domoff = lmrespoff + 0x18;
+#endif
+  useroff = domoff + domlen;
+  hostoff = useroff + userlen;
+
+  /* Create the big type-3 message binary blob */
+  size = snprintf((char *)ntlmbuf, NTLM_BUFSIZE,
+                  NTLMSSP_SIGNATURE "%c"
+                  "\x03%c%c%c"  /* 32-bit type = 3 */
+
+                  "%c%c"  /* LanManager length */
+                  "%c%c"  /* LanManager allocated space */
+                  "%c%c"  /* LanManager offset */
+                  "%c%c"  /* 2 zeroes */
+
+                  "%c%c"  /* NT-response length */
+                  "%c%c"  /* NT-response allocated space */
+                  "%c%c"  /* NT-response offset */
+                  "%c%c"  /* 2 zeroes */
+
+                  "%c%c"  /* domain length */
+                  "%c%c"  /* domain allocated space */
+                  "%c%c"  /* domain name offset */
+                  "%c%c"  /* 2 zeroes */
+
+                  "%c%c"  /* user length */
+                  "%c%c"  /* user allocated space */
+                  "%c%c"  /* user offset */
+                  "%c%c"  /* 2 zeroes */
+
+                  "%c%c"  /* host length */
+                  "%c%c"  /* host allocated space */
+                  "%c%c"  /* host offset */
+                  "%c%c"  /* 2 zeroes */
+
+                  "%c%c"  /* session key length (unknown purpose) */
+                  "%c%c"  /* session key allocated space (unknown purpose) */
+                  "%c%c"  /* session key offset (unknown purpose) */
+                  "%c%c"  /* 2 zeroes */
+
+                  "%c%c%c%c",  /* flags */
+
+                  /* domain string */
+                  /* user string */
+                  /* host string */
+                  /* LanManager response */
+                  /* NT response */
+
+                  0,                /* zero termination */
+                  0, 0, 0,          /* type-3 long, the 24 upper bits */
+
+                  SHORTPAIR(0x18),  /* LanManager response length, twice */
+                  SHORTPAIR(0x18),
+                  SHORTPAIR(lmrespoff),
+                  0x0, 0x0,
+
+#if USE_NTRESPONSES
+                  SHORTPAIR(0x18),  /* NT-response length, twice */
+                  SHORTPAIR(0x18),
+                  SHORTPAIR(ntrespoff),
+                  0x0, 0x0,
+#else
+                  0x0, 0x0,
+                  0x0, 0x0,
+                  0x0, 0x0,
+                  0x0, 0x0,
+#endif
+                  SHORTPAIR(domlen),
+                  SHORTPAIR(domlen),
+                  SHORTPAIR(domoff),
+                  0x0, 0x0,
+
+                  SHORTPAIR(userlen),
+                  SHORTPAIR(userlen),
+                  SHORTPAIR(useroff),
+                  0x0, 0x0,
+
+                  SHORTPAIR(hostlen),
+                  SHORTPAIR(hostlen),
+                  SHORTPAIR(hostoff),
+                  0x0, 0x0,
+
+                  0x0, 0x0,
+                  0x0, 0x0,
+                  0x0, 0x0,
+                  0x0, 0x0,
+
+                  LONGQUARTET(ntlm->flags));
+
+  DEBUGASSERT(size == 64);
+  DEBUGASSERT(size == (size_t)lmrespoff);
+
+  /* We append the binary hashes */
+  if(size < (NTLM_BUFSIZE - 0x18)) {
+    memcpy(&ntlmbuf[size], lmresp, 0x18);
+    size += 0x18;
+  }
+
+  DEBUG_OUT({
+    fprintf(stderr, "**** TYPE3 header lmresp=");
+    ntlm_print_hex(stderr, (char *)&ntlmbuf[lmrespoff], 0x18);
+  });
+
+#if USE_NTRESPONSES
+  if(size < (NTLM_BUFSIZE - 0x18)) {
+    DEBUGASSERT(size == (size_t)ntrespoff);
+    memcpy(&ntlmbuf[size], ntresp, 0x18);
+    size += 0x18;
+  }
+
+  DEBUG_OUT({
+    fprintf(stderr, "\n   ntresp=");
+    ntlm_print_hex(stderr, (char *)&ntlmbuf[ntrespoff], 0x18);
+  });
+
+#endif
+
+  DEBUG_OUT({
+    fprintf(stderr, "\n   flags=0x%02.2x%02.2x%02.2x%02.2x 0x%08.8x ",
+            LONGQUARTET(ntlm->flags), ntlm->flags);
+    ntlm_print_flags(stderr, ntlm->flags);
+    fprintf(stderr, "\n****\n");
+  });
+
+  /* Make sure that the domain, user and host strings fit in the
+     buffer before we copy them there. */
+  if(size + userlen + domlen + hostlen >= NTLM_BUFSIZE) {
+    failf(data, "user + domain + host name too big");
+    return CURLE_OUT_OF_MEMORY;
+  }
+
+  DEBUGASSERT(size == domoff);
+  if(unicode)
+    unicodecpy(&ntlmbuf[size], domain, domlen / 2);
+  else
+    memcpy(&ntlmbuf[size], domain, domlen);
+
+  size += domlen;
+
+  DEBUGASSERT(size == useroff);
+  if(unicode)
+    unicodecpy(&ntlmbuf[size], user, userlen / 2);
+  else
+    memcpy(&ntlmbuf[size], user, userlen);
+
+  size += userlen;
+
+  DEBUGASSERT(size == hostoff);
+  if(unicode)
+    unicodecpy(&ntlmbuf[size], host, hostlen / 2);
+  else
+    memcpy(&ntlmbuf[size], host, hostlen);
+
+  size += hostlen;
+
+  /* Convert domain, user, and host to ASCII but leave the rest as-is */
+  res = Curl_convert_to_network(data, (char *)&ntlmbuf[domoff],
+                                size - domoff);
+  if(res)
+    return CURLE_CONV_FAILED;
+
+#endif
+
+  /* Return with binary blob encoded into base64 */
+  return Curl_base64_encode(NULL, (char *)ntlmbuf, size, outptr, &base64_sz);
+}
+
+#endif /* USE_NTLM */

lib/curl_ntlm_msgs.h

@@ -1,5 +1,5 @@
-#ifndef __HTTP_NTLM_H
-#define __HTTP_NTLM_H
+#ifndef HEADER_CURL_NTLM_MSGS_H
+#define HEADER_CURL_NTLM_MSGS_H
 /***************************************************************************
  *                                  _   _ ____  _
  *  Project                     ___| | | |  _ \| |
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -22,27 +22,39 @@
  *
  ***************************************************************************/
 
-typedef enum {
-  CURLNTLM_NONE, /* not a ntlm */
-  CURLNTLM_BAD,  /* an ntlm, but one we don't like */
-  CURLNTLM_FIRST, /* the first 401-reply we got with NTLM */
-  CURLNTLM_FINE, /* an ntlm we act on */
+#include "setup.h"
 
-  CURLNTLM_LAST  /* last entry in this enum, don't use */
-} CURLntlm;
+#ifdef USE_NTLM
 
-/* this is for ntlm header input */
-CURLntlm Curl_input_ntlm(struct connectdata *conn, bool proxy,
-                         const char *header);
+/* This is to generate a base64 encoded NTLM type-1 message */
+CURLcode Curl_ntlm_create_type1_message(const char *userp,
+                                        const char *passwdp,
+                                        struct ntlmdata *ntlm,
+                                        char **outptr);
 
-/* this is for creating ntlm header output */
-CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy);
+/* This is to generate a base64 encoded NTLM type-3 message */
+CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
+                                        const char *userp,
+                                        const char *passwdp,
+                                        struct ntlmdata *ntlm,
+                                        char **outptr);
 
-void Curl_ntlm_cleanup(struct connectdata *conn);
-#ifndef USE_NTLM
-#define Curl_ntlm_cleanup(x)
+/* This is to decode a NTLM type-2 message */
+CURLcode Curl_ntlm_decode_type2_message(struct SessionHandle *data,
+                                        const char* header,
+                                        struct ntlmdata* ntlm);
+
+/* This is to clean up the ntlm data structure */
+#ifdef USE_WINDOWS_SSPI
+void Curl_ntlm_sspi_cleanup(struct ntlmdata *ntlm);
 #endif
 
+/* NTLM buffer fixed size, large enough for long user + host + domain */
+#define NTLM_BUFSIZE 1024
+
+/* Stuff only required for curl_ntlm_msgs.c */
+#ifdef BUILDING_CURL_NTLM_MSGS_C
+
 /* Flag bits definitions based on http://davenport.sourceforge.net/ntlm.html */
 
 #define NTLMFLAG_NEGOTIATE_UNICODE               (1<<0)
@@ -146,4 +158,9 @@ void Curl_ntlm_cleanup(struct connectdata *conn);
 
 #define NTLMFLAG_NEGOTIATE_56                    (1<<31)
 /* Indicates that 56-bit encryption is supported. */
-#endif
+
+#endif /* BUILDING_CURL_NTLM_MSGS_C */
+
+#endif /* USE_NTLM */
+
+#endif /* HEADER_CURL_NTLM_MSGS_H */

lib/curl_ntlm_wb.c

@@ -0,0 +1,394 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "setup.h"
+
+#if defined(USE_NTLM) && defined(NTLM_WB_ENABLED)
+
+/*
+ * NTLM details:
+ *
+ * http://davenport.sourceforge.net/ntlm.html
+ * http://www.innovation.ch/java/ntlm.html
+ */
+
+#define DEBUG_ME 0
+
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_SYS_WAIT_H
+#include <sys/wait.h>
+#endif
+#ifdef HAVE_SIGNAL_H
+#include <signal.h>
+#endif
+
+#include "urldata.h"
+#include "sendf.h"
+#include "select.h"
+#include "curl_ntlm_wb.h"
+#include "url.h"
+#include "strerror.h"
+#include "curl_memory.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+/* The last #include file should be: */
+#include "memdebug.h"
+
+#if DEBUG_ME
+# define DEBUG_OUT(x) x
+#else
+# define DEBUG_OUT(x) Curl_nop_stmt
+#endif
+
+/* Portable 'sclose_nolog' used only in child process instead of 'sclose'
+   to avoid fooling the socket leak detector */
+#if defined(HAVE_CLOSESOCKET)
+#  define sclose_nolog(x)  closesocket((x))
+#elif defined(HAVE_CLOSESOCKET_CAMEL)
+#  define sclose_nolog(x)  CloseSocket((x))
+#else
+#  define sclose_nolog(x)  close((x))
+#endif
+
+void Curl_ntlm_wb_cleanup(struct connectdata *conn)
+{
+  if(conn->ntlm_auth_hlpr_socket != CURL_SOCKET_BAD) {
+    sclose(conn->ntlm_auth_hlpr_socket);
+    conn->ntlm_auth_hlpr_socket = CURL_SOCKET_BAD;
+  }
+
+  if(conn->ntlm_auth_hlpr_pid) {
+    int i;
+    for(i = 0; i < 4; i++) {
+      pid_t ret = waitpid(conn->ntlm_auth_hlpr_pid, NULL, WNOHANG);
+      if(ret == conn->ntlm_auth_hlpr_pid || errno == ECHILD)
+        break;
+      switch(i) {
+      case 0:
+        kill(conn->ntlm_auth_hlpr_pid, SIGTERM);
+        break;
+      case 1:
+        /* Give the process another moment to shut down cleanly before
+           bringing down the axe */
+        Curl_wait_ms(1);
+        break;
+      case 2:
+        kill(conn->ntlm_auth_hlpr_pid, SIGKILL);
+        break;
+      case 3:
+        break;
+      }
+    }
+    conn->ntlm_auth_hlpr_pid = 0;
+  }
+
+  Curl_safefree(conn->challenge_header);
+  conn->challenge_header = NULL;
+  Curl_safefree(conn->response_header);
+  conn->response_header = NULL;
+}
+
+static CURLcode ntlm_wb_init(struct connectdata *conn, const char *userp)
+{
+  curl_socket_t sockfds[2];
+  pid_t child_pid;
+  const char *username;
+  char *slash, *domain = NULL;
+  const char *ntlm_auth = NULL;
+  char *ntlm_auth_alloc = NULL;
+  int error;
+
+  /* Return if communication with ntlm_auth already set up */
+  if(conn->ntlm_auth_hlpr_socket != CURL_SOCKET_BAD ||
+     conn->ntlm_auth_hlpr_pid)
+    return CURLE_OK;
+
+  username = userp;
+  slash = strpbrk(username, "\\/");
+  if(slash) {
+    if((domain = strdup(username)) == NULL)
+      return CURLE_OUT_OF_MEMORY;
+    slash = domain + (slash - username);
+    *slash = '\0';
+    username = username + (slash - domain) + 1;
+  }
+
+  /* For testing purposes, when DEBUGBUILD is defined and environment
+     variable CURL_NTLM_WB_FILE is set a fake_ntlm is used to perform
+     NTLM challenge/response which only accepts commands and output
+     strings pre-written in test case definitions */
+#ifdef DEBUGBUILD
+  ntlm_auth_alloc = curl_getenv("CURL_NTLM_WB_FILE");
+  if(ntlm_auth_alloc)
+    ntlm_auth = ntlm_auth_alloc;
+  else
+#endif
+    ntlm_auth = NTLM_WB_FILE;
+
+  if(access(ntlm_auth, X_OK) != 0) {
+    error = ERRNO;
+    failf(conn->data, "Could not access ntlm_auth: %s errno %d: %s",
+          ntlm_auth, error, Curl_strerror(conn, error));
+    goto done;
+  }
+
+  if(socketpair(AF_UNIX, SOCK_STREAM, 0, sockfds)) {
+    error = ERRNO;
+    failf(conn->data, "Could not open socket pair. errno %d: %s",
+          error, Curl_strerror(conn, error));
+    goto done;
+  }
+
+  child_pid = fork();
+  if(child_pid == -1) {
+    error = ERRNO;
+    sclose(sockfds[0]);
+    sclose(sockfds[1]);
+    failf(conn->data, "Could not fork. errno %d: %s",
+          error, Curl_strerror(conn, error));
+    goto done;
+  }
+  else if(!child_pid) {
+    /*
+     * child process
+     */
+
+    /* Don't use sclose in the child since it fools the socket leak detector */
+    sclose_nolog(sockfds[0]);
+    if(dup2(sockfds[1], STDIN_FILENO) == -1) {
+      error = ERRNO;
+      failf(conn->data, "Could not redirect child stdin. errno %d: %s",
+            error, Curl_strerror(conn, error));
+      exit(1);
+    }
+
+    if(dup2(sockfds[1], STDOUT_FILENO) == -1) {
+      error = ERRNO;
+      failf(conn->data, "Could not redirect child stdout. errno %d: %s",
+            error, Curl_strerror(conn, error));
+      exit(1);
+    }
+
+    if(domain)
+      execl(ntlm_auth, ntlm_auth,
+            "--helper-protocol", "ntlmssp-client-1",
+            "--use-cached-creds",
+            "--username", username,
+            "--domain", domain,
+            NULL);
+    else
+      execl(ntlm_auth, ntlm_auth,
+            "--helper-protocol", "ntlmssp-client-1",
+            "--use-cached-creds",
+            "--username", username,
+            NULL);
+
+    error = ERRNO;
+    sclose_nolog(sockfds[1]);
+    failf(conn->data, "Could not execl(). errno %d: %s",
+          error, Curl_strerror(conn, error));
+    exit(1);
+  }
+
+  sclose(sockfds[1]);
+  conn->ntlm_auth_hlpr_socket = sockfds[0];
+  conn->ntlm_auth_hlpr_pid = child_pid;
+  Curl_safefree(domain);
+  Curl_safefree(ntlm_auth_alloc);
+  return CURLE_OK;
+
+done:
+  Curl_safefree(domain);
+  Curl_safefree(ntlm_auth_alloc);
+  return CURLE_REMOTE_ACCESS_DENIED;
+}
+
+static CURLcode ntlm_wb_response(struct connectdata *conn,
+                                 const char *input, curlntlm state)
+{
+  ssize_t size;
+  char buf[200]; /* enough, type 1, 3 message length is less then 200 */
+  char *tmpbuf = buf;
+  size_t len_in = strlen(input), len_out = sizeof(buf);
+
+  while(len_in > 0) {
+    ssize_t written = swrite(conn->ntlm_auth_hlpr_socket, input, len_in);
+    if(written == -1) {
+      /* Interrupted by a signal, retry it */
+      if(errno == EINTR)
+        continue;
+      /* write failed if other errors happen */
+      goto done;
+    }
+    input += written;
+    len_in -= written;
+  }
+  /* Read one line */
+  while(len_out > 0) {
+    size = sread(conn->ntlm_auth_hlpr_socket, tmpbuf, len_out);
+    if(size == -1) {
+      if(errno == EINTR)
+        continue;
+      goto done;
+    }
+    else if(size == 0)
+      goto done;
+    else if(tmpbuf[size - 1] == '\n') {
+      tmpbuf[size - 1] = '\0';
+      goto wrfinish;
+    }
+    tmpbuf += size;
+    len_out -= size;
+  }
+  goto done;
+wrfinish:
+  /* Samba/winbind installed but not configured */
+  if(state == NTLMSTATE_TYPE1 &&
+     size == 3 &&
+     buf[0] == 'P' && buf[1] == 'W')
+    return CURLE_REMOTE_ACCESS_DENIED;
+  /* invalid response */
+  if(size < 4)
+    goto done;
+  if(state == NTLMSTATE_TYPE1 &&
+     (buf[0]!='Y' || buf[1]!='R' || buf[2]!=' '))
+    goto done;
+  if(state == NTLMSTATE_TYPE2 &&
+     (buf[0]!='K' || buf[1]!='K' || buf[2]!=' ') &&
+     (buf[0]!='A' || buf[1]!='F' || buf[2]!=' '))
+    goto done;
+
+  conn->response_header = aprintf("NTLM %.*s", size - 4, buf + 3);
+  return CURLE_OK;
+done:
+  return CURLE_REMOTE_ACCESS_DENIED;
+}
+
+/*
+ * This is for creating ntlm header output by delegating challenge/response
+ * to Samba's winbind daemon helper ntlm_auth.
+ */
+CURLcode Curl_output_ntlm_wb(struct connectdata *conn,
+                              bool proxy)
+{
+  /* point to the address of the pointer that holds the string to send to the
+     server, which is for a plain host or for a HTTP proxy */
+  char **allocuserpwd;
+  /* point to the name and password for this */
+  const char *userp;
+  /* point to the correct struct with this */
+  struct ntlmdata *ntlm;
+  struct auth *authp;
+
+  CURLcode res = CURLE_OK;
+  char *input;
+
+  DEBUGASSERT(conn);
+  DEBUGASSERT(conn->data);
+
+  if(proxy) {
+    allocuserpwd = &conn->allocptr.proxyuserpwd;
+    userp = conn->proxyuser;
+    ntlm = &conn->proxyntlm;
+    authp = &conn->data->state.authproxy;
+  }
+  else {
+    allocuserpwd = &conn->allocptr.userpwd;
+    userp = conn->user;
+    ntlm = &conn->ntlm;
+    authp = &conn->data->state.authhost;
+  }
+  authp->done = FALSE;
+
+  /* not set means empty */
+  if(!userp)
+    userp="";
+
+  switch(ntlm->state) {
+  case NTLMSTATE_TYPE1:
+  default:
+    /* Use Samba's 'winbind' daemon to support NTLM authentication,
+     * by delegating the NTLM challenge/response protocal to a helper
+     * in ntlm_auth.
+     * http://devel.squid-cache.org/ntlm/squid_helper_protocol.html
+     * http://www.samba.org/samba/docs/man/manpages-3/winbindd.8.html
+     * http://www.samba.org/samba/docs/man/manpages-3/ntlm_auth.1.html
+     * Preprocessor symbol 'NTLM_WB_ENABLED' is defined when this
+     * feature is enabled and 'NTLM_WB_FILE' symbol holds absolute
+     * filename of ntlm_auth helper.
+     * If NTLM authentication using winbind fails, go back to original
+     * request handling process.
+     */
+    /* Create communication with ntlm_auth */
+    res = ntlm_wb_init(conn, userp);
+    if(res)
+      return res;
+    res = ntlm_wb_response(conn, "YR\n", ntlm->state);
+    if(res)
+      return res;
+
+    Curl_safefree(*allocuserpwd);
+    *allocuserpwd = aprintf("%sAuthorization: %s\r\n",
+                            proxy ? "Proxy-" : "",
+                            conn->response_header);
+    DEBUG_OUT(fprintf(stderr, "**** Header %s\n ", *allocuserpwd));
+    Curl_safefree(conn->response_header);
+    conn->response_header = NULL;
+    break;
+  case NTLMSTATE_TYPE2:
+    input = aprintf("TT %s", conn->challenge_header);
+    if(!input)
+      return CURLE_OUT_OF_MEMORY;
+    res = ntlm_wb_response(conn, input, ntlm->state);
+    free(input);
+    input = NULL;
+    if(res)
+      return res;
+
+    Curl_safefree(*allocuserpwd);
+    *allocuserpwd = aprintf("%sAuthorization: %s\r\n",
+                            proxy ? "Proxy-" : "",
+                            conn->response_header);
+    DEBUG_OUT(fprintf(stderr, "**** %s\n ", *allocuserpwd));
+    ntlm->state = NTLMSTATE_TYPE3; /* we sent a type-3 */
+    authp->done = TRUE;
+    Curl_ntlm_wb_cleanup(conn);
+    break;
+  case NTLMSTATE_TYPE3:
+    /* connection is already authenticated,
+     * don't send a header in future requests */
+    if(*allocuserpwd) {
+      free(*allocuserpwd);
+      *allocuserpwd=NULL;
+    }
+    authp->done = TRUE;
+    break;
+  }
+
+  return CURLE_OK;
+}
+
+#endif /* USE_NTLM && NTLM_WB_ENABLED */

lib/curl_ntlm_wb.h

@@ -0,0 +1,37 @@
+#ifndef HEADER_CURL_NTLM_WB_H
+#define HEADER_CURL_NTLM_WB_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "setup.h"
+
+#if defined(USE_NTLM) && defined(NTLM_WB_ENABLED)
+
+/* this is for creating ntlm header output by delegating challenge/response
+   to Samba's winbind daemon helper ntlm_auth */
+CURLcode Curl_output_ntlm_wb(struct connectdata *conn, bool proxy);
+
+void Curl_ntlm_wb_cleanup(struct connectdata *conn);
+
+#endif /* USE_NTLM && NTLM_WB_ENABLED */
+
+#endif /* HEADER_CURL_NTLM_WB_H */

lib/curl_rtmp.c

@@ -51,7 +51,7 @@ static CURLcode rtmp_setup(struct connectdata *conn);
 static CURLcode rtmp_do(struct connectdata *conn, bool *done);
 static CURLcode rtmp_done(struct connectdata *conn, CURLcode, bool premature);
 static CURLcode rtmp_connect(struct connectdata *conn, bool *done);
-static CURLcode rtmp_disconnect(struct connectdata *conn, bool dead_connection);
+static CURLcode rtmp_disconnect(struct connectdata *conn, bool dead);
 
 static Curl_recv rtmp_recv;
 static Curl_send rtmp_send;
@@ -73,6 +73,7 @@ const struct Curl_handler Curl_handler_rtmp = {
   ZERO_NULL,                            /* doing_getsock */
   ZERO_NULL,                            /* perform_getsock */
   rtmp_disconnect,                      /* disconnect */
+  ZERO_NULL,                            /* readwrite */
   PORT_RTMP,                            /* defport */
   CURLPROTO_RTMP,                       /* protocol */
   PROTOPT_NONE                          /* flags*/
@@ -91,6 +92,7 @@ const struct Curl_handler Curl_handler_rtmpt = {
   ZERO_NULL,                            /* doing_getsock */
   ZERO_NULL,                            /* perform_getsock */
   rtmp_disconnect,                      /* disconnect */
+  ZERO_NULL,                            /* readwrite */
   PORT_RTMPT,                           /* defport */
   CURLPROTO_RTMPT,                      /* protocol */
   PROTOPT_NONE                          /* flags*/
@@ -109,6 +111,7 @@ const struct Curl_handler Curl_handler_rtmpe = {
   ZERO_NULL,                            /* doing_getsock */
   ZERO_NULL,                            /* perform_getsock */
   rtmp_disconnect,                      /* disconnect */
+  ZERO_NULL,                            /* readwrite */
   PORT_RTMP,                            /* defport */
   CURLPROTO_RTMPE,                      /* protocol */
   PROTOPT_NONE                          /* flags*/
@@ -127,6 +130,7 @@ const struct Curl_handler Curl_handler_rtmpte = {
   ZERO_NULL,                            /* doing_getsock */
   ZERO_NULL,                            /* perform_getsock */
   rtmp_disconnect,                      /* disconnect */
+  ZERO_NULL,                            /* readwrite */
   PORT_RTMPT,                           /* defport */
   CURLPROTO_RTMPTE,                     /* protocol */
   PROTOPT_NONE                          /* flags*/
@@ -145,10 +149,12 @@ const struct Curl_handler Curl_handler_rtmps = {
   ZERO_NULL,                            /* doing_getsock */
   ZERO_NULL,                            /* perform_getsock */
   rtmp_disconnect,                      /* disconnect */
+  ZERO_NULL,                            /* readwrite */
   PORT_RTMPS,                           /* defport */
   CURLPROTO_RTMPS,                      /* protocol */
   PROTOPT_NONE                          /* flags*/
 };
+
 const struct Curl_handler Curl_handler_rtmpts = {
   "RTMPTS",                             /* scheme */
   rtmp_setup,                           /* setup_connection */
@@ -162,6 +168,7 @@ const struct Curl_handler Curl_handler_rtmpts = {
   ZERO_NULL,                            /* doing_getsock */
   ZERO_NULL,                            /* perform_getsock */
   rtmp_disconnect,                      /* disconnect */
+  ZERO_NULL,                            /* readwrite */
   PORT_RTMPS,                           /* defport */
   CURLPROTO_RTMPTS,                     /* protocol */
   PROTOPT_NONE                          /* flags*/
@@ -171,12 +178,12 @@ static CURLcode rtmp_setup(struct connectdata *conn)
 {
   RTMP *r = RTMP_Alloc();
 
-  if (!r)
+  if(!r)
     return CURLE_OUT_OF_MEMORY;
 
   RTMP_Init(r);
   RTMP_SetBufferMS(r, DEF_BUFTIME);
-  if (!RTMP_SetupURL(r, conn->data->change.url)) {
+  if(!RTMP_SetupURL(r, conn->data->change.url)) {
     RTMP_Free(r);
     return CURLE_URL_MALFORMAT;
   }
@@ -194,17 +201,19 @@ static CURLcode rtmp_connect(struct connectdata *conn, bool *done)
   /* We have to know if it's a write before we send the
    * connect request packet
    */
-  if (conn->data->set.upload)
+  if(conn->data->set.upload)
     r->Link.protocol |= RTMP_FEATURE_WRITE;
 
   /* For plain streams, use the buffer toggle trick to keep data flowing */
-  if (!(r->Link.lFlags & RTMP_LF_LIVE) && !(r->Link.protocol & RTMP_FEATURE_HTTP))
+  if(!(r->Link.lFlags & RTMP_LF_LIVE) &&
+     !(r->Link.protocol & RTMP_FEATURE_HTTP))
     r->Link.lFlags |= RTMP_LF_BUFX;
 
   curlx_nonblock(r->m_sb.sb_socket, FALSE);
-  setsockopt(r->m_sb.sb_socket, SOL_SOCKET, SO_RCVTIMEO, (char *)&tv, sizeof(tv));
+  setsockopt(r->m_sb.sb_socket, SOL_SOCKET, SO_RCVTIMEO,
+             (char *)&tv, sizeof(tv));
 
-  if (!RTMP_Connect1(r, NULL))
+  if(!RTMP_Connect1(r, NULL))
     return CURLE_FAILED_INIT;
 
   /* Clients must send a periodic BytesReceived report to the server */
@@ -220,13 +229,14 @@ static CURLcode rtmp_do(struct connectdata *conn, bool *done)
 {
   RTMP *r = conn->proto.generic;
 
-  if (!RTMP_ConnectStream(r, 0))
+  if(!RTMP_ConnectStream(r, 0))
     return CURLE_FAILED_INIT;
 
-  if (conn->data->set.upload) {
+  if(conn->data->set.upload) {
     Curl_pgrsSetUploadSize(conn->data, conn->data->set.infilesize);
     Curl_setup_transfer(conn, -1, -1, FALSE, NULL, FIRSTSOCKET, NULL);
-  } else
+  }
+  else
     Curl_setup_transfer(conn, FIRSTSOCKET, -1, FALSE, NULL, -1, NULL);
   *done = TRUE;
   return CURLE_OK;
@@ -247,7 +257,7 @@ static CURLcode rtmp_disconnect(struct connectdata *conn,
 {
   RTMP *r = conn->proto.generic;
   (void)dead_connection;
-  if (r) {
+  if(r) {
     conn->proto.generic = NULL;
     RTMP_Close(r);
     RTMP_Free(r);
@@ -264,12 +274,13 @@ static ssize_t rtmp_recv(struct connectdata *conn, int sockindex, char *buf,
   (void)sockindex; /* unused */
 
   nread = RTMP_Read(r, buf, len);
-  if (nread < 0) {
-    if (r->m_read.status == RTMP_READ_COMPLETE ||
+  if(nread < 0) {
+    if(r->m_read.status == RTMP_READ_COMPLETE ||
         r->m_read.status == RTMP_READ_EOF) {
       conn->data->req.size = conn->data->req.bytecount;
       nread = 0;
-    } else
+    }
+    else
       *err = CURLE_RECV_ERROR;
   }
   return nread;
@@ -284,9 +295,9 @@ static ssize_t rtmp_send(struct connectdata *conn, int sockindex,
   (void)sockindex; /* unused */
 
   num = RTMP_Write(r, (char *)buf, len);
-  if (num < 0) {
+  if(num < 0)
     *err = CURLE_SEND_ERROR;
-  }
+
   return num;
 }
 #endif  /* USE_LIBRTMP */