curl_easy_setopt arguments should be of type long in the examples

RELEASE-NOTES: synced with 10120e6a
one more bug fix and contributor
2011-11-14 14:07:25 -08:00 · 2011-11-12 10:09:54 +01:00 · 2011-11-11 19:57:49 +01:00 · 2011-11-11 19:46:44 +01:00 · 2011-11-08 05:46:46 +01:00 · 2011-11-06 23:42:28 +01:00
421 changed files with 22924 additions and 13154 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -14,6 +14,7 @@ Makefile
 Makefile.in
 aclocal.m4
 autom4te.cache
 config.cache
 config.guess
 config.log
 config.status
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -148,7 +148,9 @@ option(ENABLE_IPV6 "Define if you want to enable IPv6 support" OFF)
 mark_as_advanced(ENABLE_IPV6)
 if(WIN32)
-  list_spaces_append_once(CMAKE_C_STANDARD_LIBRARIES wsock32.lib ws2_32.lib)  # bufferoverflowu.lib
+  find_library(WSOCK32_LIBRARY wsock32)
  find_library(WS2_32_LIBRARY ws2_32)
  list_spaces_append_once(CMAKE_C_STANDARD_LIBRARIES ${WSOCK32_LIBRARY} ${WS2_32_LIBRARY})  # bufferoverflowu.lib
  if(CURL_DISABLE_LDAP)
    # Remove wldap32.lib from space-separated list
    string(REPLACE " " ";" _LIST ${CMAKE_C_STANDARD_LIBRARIES})
@@ -861,4 +863,3 @@ install(DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}/include/curl"
    DESTINATION include
    FILES_MATCHING PATTERN "*.h"
    PATTERN "curlbuild.h" EXCLUDE)
--- a/Makefile.dist
+++ b/Makefile.dist
@@ -73,10 +73,15 @@ mingw32:
 mingw32-clean:
 	$(MAKE) -C lib -f Makefile.m32 clean
 	$(MAKE) -C src -f Makefile.m32 clean
 	$(MAKE) -C docs/examples -f Makefile.m32 clean
 mingw32-vclean mingw32-distclean:
 	$(MAKE) -C lib -f Makefile.m32 vclean
 	$(MAKE) -C src -f Makefile.m32 vclean
 	$(MAKE) -C docs/examples -f Makefile.m32 vclean
 mingw32-examples%:
 	$(MAKE) -C docs/examples -f Makefile.m32 CFG=$@
 mingw32%:
 	$(MAKE) -C lib -f Makefile.m32 CFG=$@
@@ -217,34 +222,27 @@ netware:
 	$(MAKE) -C lib -f Makefile.netware
 	$(MAKE) -C src -f Makefile.netware
 netware-ares:
 	$(MAKE) -C lib -f Makefile.netware WITH_ARES=1
 	$(MAKE) -C src -f Makefile.netware WITH_ARES=1
 netware-ssl:
 	$(MAKE) -C lib -f Makefile.netware WITH_SSL=1
 	$(MAKE) -C src -f Makefile.netware WITH_SSL=1
 netware-ssl-zlib:
 	$(MAKE) -C lib -f Makefile.netware WITH_SSL=1 WITH_ZLIB=1
 	$(MAKE) -C src -f Makefile.netware WITH_SSL=1 WITH_ZLIB=1
 netware-ssh2-ssl-zlib:
 	$(MAKE) -C lib -f Makefile.netware WITH_SSH2=1 WITH_SSL=1 WITH_ZLIB=1
 	$(MAKE) -C src -f Makefile.netware WITH_SSH2=1 WITH_SSL=1 WITH_ZLIB=1
 netware-zlib:
 	$(MAKE) -C lib -f Makefile.netware WITH_ZLIB=1
 	$(MAKE) -C src -f Makefile.netware WITH_ZLIB=1
 netware-clean:
 	$(MAKE) -C lib -f Makefile.netware clean
 	$(MAKE) -C src -f Makefile.netware clean
 	$(MAKE) -C docs/examples -f Makefile.netware clean
 netware-vclean netware-distclean:
 	$(MAKE) -C lib -f Makefile.netware vclean
 	$(MAKE) -C src -f Makefile.netware vclean
 	$(MAKE) -C docs/examples -f Makefile.netware vclean
 netware-install:
 	$(MAKE) -C lib -f Makefile.netware install
 	$(MAKE) -C src -f Makefile.netware install
 netware-examples-%:
 	$(MAKE) -C docs/examples -f Makefile.netware CFG=$@
 netware-%:
 	$(MAKE) -C lib -f Makefile.netware CFG=$@
 	$(MAKE) -C src -f Makefile.netware CFG=$@
 unix: all
 unix-ssl: ssl
--- a/81
+++ b/81
@@ -1,38 +1,55 @@
-Curl and libcurl 7.21.7
+Curl and libcurl 7.23.0
- Public curl releases:         123
+ Public curl releases:         125
- Command line options:         144
+ Command line options:         149
- curl_easy_setopt() options:   186
+ curl_easy_setopt() options:   192
 Public functions in libcurl:  58
 Known libcurl bindings:       39
- Contributors:                 868
+ Contributors:                 873
 This release includes the following changes:
- o recognize the [protocol]:// prefix in proxy hosts where the protocol is one
+ o Empty headers can be sent in HTTP requests by terminating with a semicolon
-   of socks4, socks4a, socks5 or socks5h.
+ o SSL session sharing support added to curl_share_setopt()
- o Added CURLOPT_CLOSESOCKETFUNCTION and CURLOPT_CLOSESOCKETDATA
+ o Added support to MAIL FROM for the optional SIZE parameter
 o smtp: Added support for NTLM authentication
 o curl tool: code split into tool_*.[ch] files
 This release includes the following bugfixes:
- o SECURITY ADVISORY: inappropriate GSSAPI delegation. Full details at
+ o handle HTTP redirects to "//hostname/path"
-   http://curl.haxx.se/docs/adv_20110623.html
+ o SMTP without --mail-from caused segfault
- o NTLM: work with unicode
+ o prevent extra progress meter headers between multiple files
- o fix connect with SOCKS proxy when using the multi interface
+ o allow Content-Length to be replaced when sending HTTP requests
- o anyauthput.c: stdint.h must not be included unconditionally
+ o curl now always sets postfieldsize to allow --data-binary and --data
- o CMake: improved build
+   to be mixed in the same command line
- o SCP/SFTP enable non-blocking earlier
+ o curl_multi_fdset: avoid FD_SET out of bounds
- o GnuTLS handshake: fix timeout
+ o lots of MinGW build tweaks
- o cyassl: build without filesystem
+ o Curl_gethostname: return un-qualified machine name
- o HTTPS over HTTP proxy using the multi interface
+ o fixed the openssl version number configure check
- o speedcheck: invalid timeout event on a reused handle
+ o nss: certificates from files are no longer looked up by file base names
- o Force connection close for HTTP 200 OK when time condition matched
+ o returning abort from the progress function when using the multi interface
- o curl_formget: fix FILE * leak
+   would not properly cancel the transfer and close the connection
- o configure: improved OpenSSL detection
+ o fix libcurl.m4 to not fail with modern gcc versions
- o Android build: support gingerbread
+ o ftp: improved the failed PORT host name resolved error message
- o CURLFORM_STREAM: acknowledge CURLFORM_FILENAME
+ o TFTP timeout and unexpected block adjustments
- o windows build: use correct MS CRT
+ o HTTP and GOPHER test server-side connection closing adjustments
- o pop3: remove extra space in LIST command
+ o fix endless loop upon transport connection timeout
 o don't clobber errno on failed connect
 o typecheck: allow NULL to unset CURLOPT_ERRORBUFFER
 o formdata: ack read callback abort
 o make --show-error properly position independent
 o set the ipv6-connection boolean correctly on connect
 o SMTP: fix end-of-body string escaping
 o gtls: only call gnutls_transport_set_lowat with <gnutls-2.12.0
 o HTTP: handle multiple auths in a single WWW-Authenticate line
 o curl_multi_fdset: correct fdset with FTP PORT use
 o windbuild: fix the static build
 o fix builds with GnuTLS version 3
 o fix calling of OpenSSL's ERR_remove_state(0)
 o HTTP auth: fix proxy Negotiate bug when Negotiate not requested
 o ftp PORT: don't hang if bind() fails
 o -# would crash on terminals wider than 256 columns
 This release includes the following known bugs:
@@ -41,9 +58,13 @@ This release includes the following known bugs:
 This release would not have looked like this without help, code, reports and
 advice from friends like these:
- Dan Fandrich, Guenter Knauf, Vsevolod Novikov, Zmey Petroff,
+ Yukihiro Kawada, Dave Reisner, Gisle Vanem, Guenter Knauf, Steve Holme,
- Dagobert Michelsen, Jeff Pohlmeyer, Dmitri Shubin, Matteo Rocco,
+ Yang Tse, Christopher Stone, Taneli Vahakangas, Albert Chin,
- Aaron Orenstein, Yang Tse, Kamil Dudka, Amr Shahin, Josue Andrade Gomes,
+ Alejandro Alvarez, Dan Fandrich, Julien Royer, Georg Lippitsch,
- Ori Avtalion, Richard Silverman, Julien Chaffraix
+ Vladimir Grishchenko, Dominique Leuenberger, Marcin Adamski,
 Jerry Wu, Michal Marek, Frank Van Uffelen, Fabian Hiernaux, Anton Bychkov,
 Andreas Olsson, Kamil Dudka, Thomas L. Shinnick, Tim Harder, Nick Zitzmann,
 Gokhan Sengun, Tom Wright, Patrick Monnerat, Rene Bernhardt,
 Alexey Zakhlestin
        Thanks! (and sorry if I forgot to mention someone)
--- a/16
+++ b/16
@@ -1,15 +1,11 @@
-To be addressed in 7.21.6
+To be addressed in 7.22.1
 =========================
-284 - bug 3172608 "No re-authentication when HTTP connecton is closed"
+295 - "RTSP Authentication (#22)" https://github.com/bagder/curl/pull/22
      http://curl.haxx.se/bug/view.cgi?id=3172608
      Would be nice if someone could verify the suggested patch
-285 - bug 3163118 "Allow programatic use of telnet on Windows"
+296 - "OOM leak in multi code" (by Dan Fandrich)
      http://curl.haxx.se/bug/view.cgi?id=3163118
      Would appreciate a Windows developer to give it a look before we apply
      the suggested patch
-287 - bug 3215314 Post quote operation to rename fails in Windows
+300 - "Polling on stray socket on sequential transfers." Andrew S
      http://curl.haxx.se/mail/lib-2011-07/0053.html
-289 -
+308 -
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -51,7 +51,7 @@ CURL_DEF_TOKEN $1
  ],[
    tmp_exp=`eval "$ac_cpp conftest.$ac_ext" 2>/dev/null | \
      "$GREP" CURL_DEF_TOKEN 2>/dev/null | \
-      "$SED" 's/.*CURL_DEF_TOKEN[[ ]]//' 2>/dev/null | \
+      "$SED" 's/.*CURL_DEF_TOKEN[[ ]][[ ]]*//' 2>/dev/null | \
      "$SED" 's/[["]][[ ]]*[["]]//g' 2>/dev/null`
    if test -z "$tmp_exp" || test "$tmp_exp" = "$1"; then
      tmp_exp=""
--- a/16
+++ b/16
@@ -80,7 +80,7 @@ removethis(){
 # Ensure that buildconf runs from the subdirectory where configure.ac lives
 #
 if test ! -f configure.ac ||
-  test ! -f src/main.c ||
+  test ! -f src/tool_main.c ||
  test ! -f lib/urldata.h ||
  test ! -f include/curl/curl.h; then
  echo "Can not run buildconf from outside of curl's source subdirectory!"
@@ -89,7 +89,9 @@ if test ! -f configure.ac ||
 fi
 #--------------------------------------------------------------------------
-# autoconf 2.57 or newer
+# autoconf 2.57 or newer. Unpatched version 2.67 does not generate proper
 # configure script. Unpatched version 2.68 is simply unusable, we should
 # disallow 2.68 usage.
 #
 need_autoconf="2.57"
 ac_version=`${AUTOCONF:-autoconf} --version 2>/dev/null|head -n 1| sed -e 's/^[^0-9]*//' -e 's/[a-z]* *$//'`
@@ -108,7 +110,15 @@ if test "$1" = "2" -a "$2" -lt "57" || test "$1" -lt "2"; then
  exit 1
 fi
-echo "buildconf: autoconf version $ac_version (ok)"
+if test "$1" = "2" -a "$2" -eq "67"; then
  echo "buildconf: autoconf version $ac_version (BAD)"
  echo "            Unpatched version generates broken configure script."
 elif test "$1" = "2" -a "$2" -eq "68"; then
  echo "buildconf: autoconf version $ac_version (BAD)"
  echo "            Unpatched version generates unusable configure script."
 else
  echo "buildconf: autoconf version $ac_version (ok)"
 fi
 am4te_version=`${AUTOM4TE:-autom4te} --version 2>/dev/null|head -n 1| sed -e 's/autom4te\(.*\)/\1/' -e 's/^[^0-9]*//' -e 's/[a-z]* *$//'`
 if test -z "$am4te_version"; then
--- a/buildconf.bat
+++ b/buildconf.bat
@@ -27,6 +27,11 @@ if not exist include\curl\curlbuild.h.dist goto end_curlbuild_h
 copy /Y include\curl\curlbuild.h.dist include\curl\curlbuild.h
 :end_curlbuild_h
 REM create src\config-win32.h
 if not exist lib\config-win32.h goto end_config_win32_h
 copy /Y lib\config-win32.h src\config-win32.h
 :end_config_win32_h
 REM setup c-ares git tree
 if not exist ares\buildconf.bat goto end_c_ares
 cd ares
--- a/configure.ac
+++ b/configure.ac
@@ -314,6 +314,26 @@ if test "x$cross_compiling" != "xno" &&
  supports_unittests=no
 fi
 # IRIX 6.5.24 gcc 3.3 autobuilds fail unittests library compilation due to
 # a problem related with OpenSSL headers and library versions not matching.
 # Disable unit tests while time to further investigate this is found.
 case $host in
  mips-sgi-irix6.5)
    if test "$compiler_id" = "GNU_C"; then
      supports_unittests=no
    fi
    ;;
 esac
 # All AIX autobuilds fails unit tests linking against unittests library
 # due to unittests library being built with no symbols or members. Libtool ?
 # Disable unit tests while time to further investigate this is found.
 case $host_os in
  aix*)
    supports_unittests=no
    ;;
 esac
 dnl Build unit tests when option --enable-debug is given.
 if test "x$want_debug" = "xyes" &&
   test "x$supports_unittests" = "xyes"; then
@@ -1330,7 +1350,7 @@ if test X"$OPT_SSL" != Xno; then
    dnl the user told us to look
    OPENSSL_PCDIR="$OPT_SSL/lib/pkgconfig"
    AC_MSG_NOTICE([PKG_CONFIG_LIBDIR will be set to "$OPENSSL_PCDIR"])
-    if test -e "$OPENSSL_PCDIR/openssl.pc"; then
+    if test -f "$OPENSSL_PCDIR/openssl.pc"; then
      PKGTEST="yes"
    fi
@@ -2419,6 +2439,7 @@ AC_CHECK_HEADERS(
        stdbool.h \
        arpa/tftp.h \
        sys/filio.h \
        sys/wait.h \
        setjmp.h,
 dnl to do if not found
 [],
@@ -2564,6 +2585,7 @@ CURL_CHECK_FUNC_SIGINTERRUPT
 CURL_CHECK_FUNC_SIGNAL
 CURL_CHECK_FUNC_SIGSETJMP
 CURL_CHECK_FUNC_SOCKET
 CURL_CHECK_FUNC_SOCKETPAIR
 CURL_CHECK_FUNC_STRCASECMP
 CURL_CHECK_FUNC_STRCASESTR
 CURL_CHECK_FUNC_STRCMPI
@@ -2794,6 +2816,10 @@ AC_HELP_STRING([--disable-crypto-auth],[Disable cryptographic authentication]),
       AC_MSG_RESULT(yes)
 )
 CURL_CHECK_OPTION_NTLM_WB
 CURL_CHECK_NTLM_WB
 dnl ************************************************************
 dnl disable TLS-SRP authentication
 dnl
@@ -2969,6 +2995,9 @@ if test "x$CURL_DISABLE_HTTP" != "x1"; then
  if test "x$USE_SSLEAY" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \
      -o "x$GNUTLS_ENABLED" = "x1" -o "x$NSS_ENABLED" = "x1"; then
    SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM"
    if test "x$NTLM_WB_ENABLED" = "x1"; then
      SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM_WB"
    fi
  fi
 fi
 if test "x$USE_TLS_SRP" = "x1"; then
--- a/docs/BUGS
+++ b/docs/BUGS
@@ -6,21 +6,34 @@
 BUGS
 1. Bugs
  1.1 There are still bugs
  1.2 Where to report
  1.3 What to report
  1.4 libcurl problems
  1.5 Who will fix the problems
  1.6 How to get a stack trace
  1.7 Bugs in libcurl bindings
 ==============================================================================
 1.1 There are still bugs
  Curl and libcurl have grown substantially since the beginning. At the time
-  of writing (July 2007), there are about 47000 lines of source code, and by
+  of writing (September 2011), there are about 66000 lines of source code, and
-  the time you read this it has probably grown even more.
+  by the time you read this it has probably grown even more.
  Of course there are lots of bugs left. And lots of misfeatures.
  To help us make curl the stable and solid product we want it to be, we need
  bug reports and bug fixes.
-WHERE TO REPORT
+1.2 Where to report
  If you can't fix a bug yourself and submit a fix for it, try to report an as
  detailed report as possible to a curl mailing list to allow one of us to
-  have a go at a solution. You should also post your bug/problem at curl's bug
+  have a go at a solution. You can optionally also post your bug/problem at
-  tracking system over at
+  curl's bug tracking system over at
        http://sourceforge.net/bugs/?group_id=976
@@ -29,16 +42,18 @@ WHERE TO REPORT
  If you feel you need to ask around first, find a suitable mailing list and
  post there. The lists are available on http://curl.haxx.se/mail/
-WHAT TO REPORT
+1.3 What to report
  When reporting a bug, you should include all information that will help us
  understand what's wrong, what you expected to happen and how to repeat the
  bad behavior. You therefore need to tell us:
-   - your operating system's name and version number (uname -a under a unix
+   - your operating system's name and version number
-     is fine)
+
   - what version of curl you're using (curl -V is fine)
   - versions of the used libraries that libcurl is built to use
   - what URL you were working with (if possible), at least which protocol
  and anything and everything else you think matters. Tell us what you
@@ -59,7 +74,48 @@ WHAT TO REPORT
  The address and how to subscribe to the mailing lists are detailed in the
  MANUAL file.
-HOW TO GET A STACK TRACE
+1.4 libcurl problems
  First, post all libcurl problems on the curl-library mailing list.
  When you've written your own application with libcurl to perform transfers,
  it is even more important to be specific and detailed when reporting bugs.
  Tell us the libcurl version and your operating system. Tell us the name and
  version of all relevant sub-components like for example the SSL library
  you're using and what name resolving your libcurl uses. If you use SFTP or
  SCP, the libssh2 version is relevant etc.
  Showing us a real source code example repeating your problem is the best way
  to get our attention and it will greatly increase our chances to understand
  your problem and to work on a fix (if we agree it truly is a problem).
  Lots of problems that appear to be libcurl problems are actually just abuses
  of the libcurl API or other malfunctions in your applications. It is adviced
  that you run your problematic program using a memory debug tool like
  valgrind or similar before you post memory-related or "crashing" problems to
  us.
 1.5 Who will fix the problems
  If the problems or bugs you describe are considered to be bugs, we want to
  have the problems fixed.
  There are no developers in the curl project that are paid to work on bugs.
  All developers that take on reported bugs do this on a voluntary basis. We
  do it out of an ambition to keep curl and libcurl excellent products and out
  of pride.
  But please do not assume that you can just lump over something to us and it
  will then magically be fixed after some given time. Most often we need
  feedback and help to understand what you've experienced and how to repeat a
  problem. Then we may only be able to assist YOU to debug the problem and to
  track down the proper fix.
  We get reports from many people every month and each report can take a
  considerable amount of time to really go to the bottom with.
 1.6 How to get a stack trace
  First, you must make sure that you compile all sources with -g and that you
  don't 'strip' the final executable. Try to avoid optimizing the code as
@@ -79,3 +135,12 @@ HOW TO GET A STACK TRACE
  crashed. Include the stack trace with your detailed bug report. It'll help a
  lot.
 1.7 Bugs in libcurl bindings
  There will of course pop up bugs in libcurl bindings. You should then
  primarily approach the team that works on that particular binding and see
  what you can do to help them fix the problem.
  If you suspect that the problem exists in the underlying libcurl, then
  please convert your program over to plain C and follow the steps outlined
  above.
--- a/docs/INSTALL
+++ b/docs/INSTALL
@@ -467,6 +467,34 @@ Win32
     in the vc6libcurl.dsw/vc6libcurl.dsp Visual C++ 6 IDE project.
   Using BSD-style lwIP instead of Winsock TCP/IP stack in Win32 builds
   --------------------------------------------------------------------
   In order to compile libcurl and curl using BSD-style lwIP TCP/IP stack
   it is necessary to make definition of preprocessor symbol USE_LWIPSOCK
   visible to libcurl and curl compilation processes. To set this definition
   you have the following alternatives:
   - Modify lib/config-win32.h and src/config-win32.h
   - Modify lib/Makefile.vc6
   - Add definition to Project/Settings/C/C++/General/Preprocessor Definitions
     in the vc6libcurl.dsw/vc6libcurl.dsp Visual C++ 6 IDE project.
   Once that libcurl has been built with BSD-style lwIP TCP/IP stack support,
   in order to use it with your program it is mandatory that your program
   includes lwIP header file <lwip/opt.h> (or another lwIP header that includes
   this) before including any libcurl header. Your program does not need the
   USE_LWIPSOCK preprocessor definition which is for libcurl internals only.
   Compilation has been verified with lwIP 1.4.0 and contrib-1.4.0 from:
   http://download.savannah.gnu.org/releases/lwip/lwip-1.4.0.zip
   http://download.savannah.gnu.org/releases/lwip/contrib-1.4.0.zip
   This BSD-style lwIP TCP/IP stack support must be considered experimental
   given that it has been verified that lwIP 1.4.0 still needs some polish,
   and libcurl might yet need some additional adjustment, caveat emptor.
   Important static libcurl usage note
   -----------------------------------
--- a/docs/KNOWN_BUGS
+++ b/docs/KNOWN_BUGS
@@ -12,12 +12,6 @@ may have been fixed since this was written!
  http://curl.haxx.se/mail/lib-2009-10/0024.html
  http://curl.haxx.se/bug/view.cgi?id=2944325
 74. The HTTP spec allows headers to be merged and become comma-separated
  instead of being repeated several times. This also include Authenticate: and
  Proxy-Authenticate: headers and while this hardly every happens in real life
  it will confuse libcurl which does not properly support it for all headers -
  like those Authenticate headers.
 73. if a connection is made to a FTP server but the server then just never
  sends the 220 response or otherwise is dead slow, libcurl will not
  acknowledge the connection timeout during that phase but only the "real"
--- a/docs/THANKS
+++ b/docs/THANKS
@@ -5,10 +5,13 @@
 If you have contributed but are missing here, please let us know!
 Aaron Oneal
 Aaron Orenstein
 Adam D. Moss
 Adam Light
 Adam Piggott
 Adam Tkac
 Adrian Schuur
 Adriano Meirelles
 Akos Pasztory
 Alan Pinstein
 Albert Chin-A-Young
@@ -80,6 +83,7 @@ Ben Greear
 Ben Madsen
 Ben Noordhuis
 Ben Van Hof
 Ben Winslow
 Benbuck Nason
 Benjamin Gerard
 Bernard Leak
@@ -125,6 +129,7 @@ Chris Gaukroger
 Chris Maltby
 Chris Mumford
 Chris Smowton
 Christian Hagele
 Christian Krause
 Christian Kurz
 Christian Robottom Reis
@@ -149,8 +154,10 @@ Craig A West
 Craig Davison
 Craig Markwardt
 Cris Bailiff
 Cristian Rodriguez
 Curt Bogmine
 Cyrill Osterwalder
 Dagobert Michelsen
 Damien Adant
 Dan Becker
 Dan C
@@ -275,6 +282,7 @@ Fred New
 Fred Noz
 Frederic Lepied
 Gabriel Kuri
 Garrett Holmstrom
 Gary Maxwell
 Gautam Kachroo
 Gautam Mani
@@ -323,6 +331,7 @@ Heinrich Ko
 Hendrik Visage
 Henrik Storner
 Henry Ludemann
 Herve Amblard
 Hidemoto Nakada
 Hoi-Ho Chan
 Hongli Lai
@@ -389,6 +398,7 @@ Jesper Jensen
 Jesse Noller
 Jim Drash
 Jim Freeman
 Jim Hollinger
 Jim Meyering
 Jocelyn Jaubert
 Joe Halpin
@@ -503,6 +513,7 @@ Luke Call
 Luong Dinh Dung
 Maciej Karpiuk
 Maciej W. Rozycki
 Mandy Wu
 Manfred Schwarb
 Manuel Massing
 Marc Boucher
@@ -544,6 +555,7 @@ Matt Kraai
 Matt Veenstra
 Matt Witherspoon
 Matt Wixson
 Matteo Rocco
 Matthew Blain
 Matthew Clarke
 Matthias Bolte
@@ -563,6 +575,7 @@ Michael Goffioul
 Michael Jahn
 Michael Jerris
 Michael Mealling
 Michael Mueller
 Michael Smith
 Michael Stillwell
 Michael Wallner
@@ -615,7 +628,9 @@ Ofer
 Olaf Stueben
 Olaf St<53>ben
 Oren Tirosh
 Ori Avtalion
 P R Schaffner
 Paolo Piacentini
 Pascal Terjan
 Pasha Kuznetsov
 Pat Ray
@@ -624,6 +639,7 @@ Patrick Monnerat
 Patrick Scott
 Patrick Smith
 Patrik Thunstrom
 Pau Garcia i Quiles
 Paul Harrington
 Paul Howarth
 Paul Marquis
@@ -641,6 +657,7 @@ Pete Su
 Peter Bray
 Peter Forret
 Peter Heuchert
 Peter Hjalmarsson
 Peter Korsgaard
 Peter Lamberg
 Peter O'Gorman
@@ -700,6 +717,7 @@ Richard Clayton
 Richard Cooper
 Richard Gorton
 Richard Prescott
 Richard Silverman
 Rick Jones
 Rick Richardson
 Rob Crittenden
@@ -778,6 +796,7 @@ Stephen Kick
 Stephen More
 Sterling Hughes
 Steve Green
 Steve Holme
 Steve Lhomme
 Steve Little
 Steve Marx
@@ -786,6 +805,7 @@ Steve Roskowski
 Steven Bazyl
 Steven G. Johnson
 Steven M. Schweda
 Steven Parkes
 Stoned Elipot
 Sven Anders
 Sven Neuhaus
@@ -861,6 +881,7 @@ Wesley Miaw
 Wez Furlong
 Wilfredo Sanchez
 Wojciech Zwiefka
 Wu Yongzheng
 Xavier Bouchoux
 Yang Tse
 Yarram Sunil
--- a/docs/TODO
+++ b/docs/TODO
@@ -12,16 +12,15 @@
 All bugs documented in the KNOWN_BUGS document are subject for fixing!
 1. libcurl
 1.1 Zero-copy interface
 1.2 More data sharing
 1.3 struct lifreq
 1.4 signal-based resolver timeouts
 1.5 get rid of PATH_MAX
 1.6 progress callback without doubles
 2. libcurl - multi interface
 2.1 More non-blocking
 2.2 Remove easy interface internally
 2.3 Avoid having to remove/readd handles
 2.4 Fix HTTP Pipelining for PUT
 3. Documentation
@@ -54,12 +53,10 @@
 7.5 Export session ids
 7.6 Provide callback for cert verification
 7.7 Support other SSL libraries
 7.8  Support SRP on the TLS layer
 7.9 improve configure --with-ssl
 8. GnuTLS
 8.1 SSL engine stuff
 8.2 SRP
 8.3 check connection
 8.4 non-gcrypt
@@ -77,6 +74,7 @@
 11.6 url-specific options
 11.7 metalink support
 11.8 warning when setting an option
 11.9 IPv6 addresses with globbing
 12. Build
 12.1 roffit
@@ -100,17 +98,13 @@
 15.5 remove CURLOPT_FAILONERROR
 15.6 remove CURLOPT_DNS_USE_GLOBAL_CACHE
 15.7 remove progress meter from libcurl
 15.8 remove 'curl_httppost' from public
 15.9 have form functions use CURL handle argument
 ==============================================================================
 1. libcurl
 1.1 Zero-copy interface
 Introduce another callback interface for upload/download that makes one less
 copy of data and thus a faster operation.
 [http://curl.haxx.se/dev/no_copy_callbacks.txt]
 1.2 More data sharing
 curl_share_* functions already exist and work, and they can be extended to
@@ -144,6 +138,15 @@
 we need libssh2 to properly tell us when we pass in a too small buffer and
 its current API (as of libssh2 1.2.7) doesn't.
 1.6 progress callback without doubles
 The progress callback was introduced way back in the days and the choice to
 use doubles in the arguments was possibly good at the time. Today the doubles
 only confuse users and make the amounts less precise. We should introduce
 another progress callback option that take precedence over the old one and
 have both co-exist for a forseeable time until we can remove the double-using
 one.
 2. libcurl - multi interface
 2.1 More non-blocking
@@ -170,23 +173,6 @@
 internally use and assume the multi interface. The select()-loop should use
 curl_multi_socket().
 2.3 Avoid having to remove/readd handles
 curl_multi_handle_control() - this can control the easy handle (while) added
 to a multi handle in various ways:
 o RESTART, unconditionally restart this easy handle's transfer from the
   start, re-init the state
 o RESTART_COMPLETED, restart this easy handle's transfer but only if the
   existing transfer has already completed and it is in a "finished state".
 o STOP, just stop this transfer and consider it completed
 o PAUSE?
 o RESUME?
 2.4 Fix HTTP Pipelining for PUT
 HTTP Pipelining can be a way to greatly enhance performance for multiple
@@ -334,12 +320,6 @@ to provide the data to send.
 Make curl's SSL layer capable of using other free SSL libraries.  Such as
 MatrixSSL (http://www.matrixssl.org/).
 7.8  Support SRP on the TLS layer
 Peter Sylvester's patch for SRP on the TLS layer.  Awaits OpenSSL support for
 this, no need to support this in libcurl before there's an OpenSSL release
 that does it.
 7.9 improve configure --with-ssl
 make the configure --with-ssl option first check for OpenSSL, then GnuTLS,
@@ -351,11 +331,6 @@ to provide the data to send.
 Is this even possible?
 8.2 SRP
 Work out a common method with Peter Sylvester's OpenSSL-patch for SRP on the
 TLS to provide name and password. GnuTLS already supports it...
 8.3 check connection
 Add a way to check if the connection seems to be alive, to correspond to the
@@ -451,6 +426,13 @@ to provide the data to send.
  This can be useful to tell when support for a particular feature hasn't been
  compiled into the library.
 11.9 IPv6 addresses with globbing
  Currently the command line client needs to get url globbing disabled (with
  -g) for it to support IPv6 numerical addresses. This is a rather silly flaw
  that should be corrected. It probably involves a smarter detection of the
  '[' and ']' letters.
 12. Build
 12.1 roffit
@@ -569,3 +551,20 @@ to provide the data to send.
 The progress callback should then be bumped as well to get proper 64bit
 variable types passed to it instead of doubles so that big files work
 correctly.
 15.8 remove 'curl_httppost' from public
 curl_formadd() was made to fill in a public struct, but the fact that the
 struct is public is never really used by application for their own advantage
 but instead often restricts how the form functions can or can't be modified.
 Changing them to return a private handle will benefit the implementation and
 allow us much greater freedoms while still maintining a solid API and ABI.
 15.9 have form functions use CURL handle argument
 curl_formadd() and curl_formget() both currently have no CURL handle
 argument, but both can use a callback that is set in the easy handle, and
 thus curl_formget() with callback cannot function without first having
 curl_easy_perform() (or similar) called - which is hard to grasp and a design
 mistake.
--- a/docs/VERSIONS
+++ b/docs/VERSIONS
@@ -11,32 +11,25 @@ Version Numbers and Releases
 The version numbering is always built up using the same system:
-        X.Y[.Z][-preN]
+        X.Y[.Z]
 Where
   X is main version number
   Y is release number
   Z is patch number
   N is pre-release number
 One of these numbers will get bumped in each new release. The numbers to the
 right of a bumped number will be reset to zero. If Z is zero, it may not be
- included in the version number. The pre release number is only included in
+ included in the version number.
 pre releases (they're never used in public, official, releases).
 The main version number will get bumped when *really* big, world colliding
- changes are made. The release number is bumped when big changes are
+ changes are made. The release number is bumped when changes are performed or
- performed. The patch number is bumped when the changes are mere bugfixes and
+ things/features are added. The patch number is bumped when the changes are
- only minor feature changes. The pre-release is a counter, to identify which
+ mere bugfixes.
 pre-release a certain release is.
 When reaching the end of a pre-release period, the version without the
 pre-release part will be released as a public release.
 It means that after release 1.2.3, we can release 2.0 if something really big
 has been made, 1.3 if not that big changes were made or 1.2.4 if mostly bugs
- were fixed. Before 1.2.4 is released, we might release a 1.2.4-pre1 release
+ were fixed.
 for the brave people to try before the actual release.
 Bumping, as in increasing the number with 1, is unconditionally only
 affecting one of the numbers (except the ones to the right of it, that may be
@@ -56,12 +49,12 @@ Version Numbers and Releases
        #define LIBCURL_VERSION_NUM 0xXXYYZZ
 Where XX, YY and ZZ are the main version, release and patch numbers in
- hexadecimal. All three numbers are always represented using two digits.  1.2
+ hexadecimal. All three number fields are always represented using two digits
- would appear as "0x010200" while version 9.11.7 appears as "0x090b07".
+ (eight bits each). 1.2 would appear as "0x010200" while version 9.11.7
 appears as "0x090b07".
- This 6-digit hexadecimal number does not show pre-release number, and it is
+ This 6-digit hexadecimal number is always a greater number in a more recent
- always a greater number in a more recent release. It makes comparisons with
+ release. It makes comparisons with greater than and less than work.
 greater than and less than work.
 This number is also available as three separate defines:
 LIBCURL_VERSION_MAJOR, LIBCURL_VERSION_MINOR and LIBCURL_VERSION_PATCH.
--- a/docs/curl.1
+++ b/docs/curl.1
@@ -110,7 +110,8 @@ the --option version of them. (This concept with --no options was added in
 7.19.0. Previously most options were toggled on/off on repeated use of the
 same command line option.)
 .IP "-#, --progress-bar"
-Make curl display progress information as a progress bar instead of the
+Make curl display progress as a simple progress bar instead of the standard,
 more informational, meter.
 .IP "-0, --http1.0"
 (HTTP) Forces curl to issue its requests using HTTP 1.0 instead of using its
 internally preferred: HTTP 1.1.
@@ -194,7 +195,10 @@ no file will be written. The file will be written using the Netscape cookie
 file format. If you set the file name to a single dash, "-", the cookies will
 be written to stdout.
-.B NOTE
+This command line option will activate the cookie engine that makes curl
 record and use cookies. Another way to activate it is to use the \fI-b,
 --cookie\fP option.
 If the cookie jar can't be created or written to, the whole curl operation
 won't fail or even report an error clearly. Using -v will get a warning
 displayed, but that is the only visible feedback you get about this possibly
@@ -320,6 +324,18 @@ URL-encode that data and pass it on in the POST. The name part gets an equal
 sign appended, resulting in \fIname=urlencoded-file-content\fP. Note that the
 name is expected to be URL-encoded already.
 .RE
 .IP "--delegation LEVEL"
 Set \fILEVEL\fP to tell the server what it is allowed to delegate when it
 comes to user credentials. Used with GSS/kerberos.
 .RS
 .IP "none"
 Don't allow any delegation.
 .IP "policy"
 Delegates if and only if the OK-AS-DELEGATE flag is set in the Kerberos
 service ticket, which is a matter of realm policy.
 .IP "always"
 Unconditionally allow the server to delegate.
 .RE
 .IP "--digest"
 (HTTP) Enables HTTP Digest authentication. This is a authentication that
 prevents the password from being sent over the wire in clear text. Use this in
@@ -348,7 +364,7 @@ passive mode you need to not use \fI-P, --ftp-port\fP or force it with
 transfers. Curl will normally always first attempt to use EPSV before PASV,
 but with this option, it will not try using EPSV.
-\fB--epsv\fP can be used to explicitly enable EPRT again and \fB--no-epsv\fP
+\fB--epsv\fP can be used to explicitly enable EPSV again and \fB--no-epsv\fP
 is an alias for \fB--disable-epsv\fP.
 Disabling EPSV only changes the passive behavior. If you want to switch to
@@ -577,7 +593,9 @@ header will be used instead of the internal one. This allows you to make even
 trickier stuff than curl would normally do. You should not replace internally
 set headers without knowing perfectly well what you're doing. Remove an
 internal header by giving a replacement without content on the right side of
-the colon, as in: -H \&"Host:".
+the colon, as in: -H \&"Host:". If you send the custom header with no-value then
 its header must be terminated with a semicolon, such as \-H "X-Custom-Header;"
 to send "X-Custom-Header:".
 curl will make sure that each header you add/replace is sent with the proper
 end-of-line marker, you should thus \fBnot\fP add that as a part of the header
@@ -1068,16 +1086,18 @@ file will not be read and used. See the \fI-K, --config\fP for details on the
 default config file search path.
 .IP "-Q, --quote <command>"
 (FTP/SFTP) Send an arbitrary command to the remote FTP or SFTP server. Quote
-commands are sent BEFORE the transfer takes place (just after the
+commands are sent BEFORE the transfer takes place (just after the initial PWD
-initial PWD command in an FTP transfer, to be exact). To make commands
+command in an FTP transfer, to be exact). To make commands take place after a
-take place after a successful transfer, prefix them with a dash '-'.
+successful transfer, prefix them with a dash '-'.  To make commands be sent
-To make commands be sent after libcurl has changed the working directory,
+after libcurl has changed the working directory, just before the transfer
-just before the transfer command(s), prefix the command with a '+' (this
+command(s), prefix the command with a '+' (this is only supported for
-is only supported for FTP). You may specify any number of commands. If
+FTP). You may specify any number of commands. If the server returns failure
-the server returns failure for one of the commands, the entire operation
+for one of the commands, the entire operation will be aborted. You must send
-will be aborted. You must send syntactically correct FTP commands as
+syntactically correct FTP commands as RFC 959 defines to FTP servers, or one
-RFC 959 defines to FTP servers, or one of the commands listed below to
+of the commands listed below to SFTP servers.  This option can be used
-SFTP servers.  This option can be used multiple times.
+multiple times. When speaking to a FTP server, prefix the command with an
 asterisk (*) to make libcurl continue even if the command fails as by default
 curl will stop at first failure.
 SFTP is a binary protocol. Unlike for FTP, libcurl interprets SFTP quote
 commands itself before sending them to the server.  File names may be quoted
@@ -1266,9 +1286,8 @@ the port number is not specified, it is assumed at port 1080. (Added in
 This option overrides any previous use of \fI-x, --proxy\fP, as they are
 mutually exclusive.
-Since 7.21.7, this option is superfluous since you can specify a
+Since 7.21.7, this option is superfluous since you can specify a socks5
-socks5-hostnamae proxy with \fI-x, --proxy\fP using a socks5h:// protocol
+hostname proxy with \fI-x, --proxy\fP using a socks5h:// protocol prefix.
 prefix.
 If this option is used several times, the last one will be used. (This option
 was previously wrongly documented and used as --socks without the number
@@ -1576,6 +1595,14 @@ Specifies a custom FTP command to use instead of LIST when doing file lists
 with FTP.
 If this option is used several times, the last one will be used.
 .IP "--xattr"
 When saving output to a file, this option tells curl to store certain file
 metadata in extened file attributes. Currently, the URL is stored in the
 xdg.origin.url attribute and, for HTTP, the content type is stored in
 the mime_type attribute. If the file system does not support extended
 attributes, a warning is issued.
 .IP "-y, --speed-time <time>"
 If a download is slower than speed-limit bytes per second during a speed-time
 period, the download gets aborted. If speed-time is used, the default
@@ -1656,22 +1683,39 @@ Default config file, see \fI-K, --config\fP for details.
 The environment variables can be specified in lower case or upper case. The
 lower case version has precedence. http_proxy is an exception as it is only
 available in lower case.
 Using an environment variable to set the proxy has the same effect as using
 the \fI--proxy\fP option.
 .IP "http_proxy [protocol://]<host>[:port]"
 Sets the proxy server to use for HTTP.
 .IP "HTTPS_PROXY [protocol://]<host>[:port]"
 Sets the proxy server to use for HTTPS.
-.IP "FTP_PROXY [protocol://]<host>[:port]"
+.IP "[url-protocol]_PROXY [protocol://]<host>[:port]"
-Sets the proxy server to use for FTP.
+Sets the proxy server to use for [url-protocol], where the protocol is a
 protocol that curl supports and as specified in a URL. FTP, FTPS, POP3, IMAP,
 SMTP, LDAP etc.
 .IP "ALL_PROXY [protocol://]<host>[:port]"
 Sets the proxy server to use if no protocol-specific proxy is set.
 .IP "NO_PROXY <comma-separated list of hosts>"
 list of host names that shouldn't go through any proxy. If set to a asterisk
 \&'*' only, it matches all hosts.
 .SH "PROXY PROTOCOL PREFIXES"
 Since curl version 7.21.7, the proxy string may be specified with a
 protocol:// prefix to specify alternative proxy protocols.
-Since 7.21.7, the proxy string may be specified with a protocol:// prefix to
+If no protocol is specified in the proxy string or if the string doesn't match
-specify alternative proxy protocols. Use socks4://, socks4a:// or socks5:// to
+a supported one, the proxy will be treated as a HTTP proxy.
-request the specific SOCKS version to be used. No protocol specified, http://
+
-and all others will be treated as HTTP proxies.
+The supported proxy protocol prefixes are as follows:
 .IP "socks4://"
 Makes it the equivalent of \fI--socks4\fP
 .IP "socks4a://"
 Makes it the equivalent of \fI--socks4a\fP
 .IP "socks5://"
 Makes it the equivalent of \fI--socks5\fP
 .IP "socks5h://"
 Makes it the equivalent of \fI--socks5-hostname\fP
 .SH EXIT CODES
 There are a bunch of different error codes and their corresponding error
 messages that may appear during bad conditions. At the time of this writing,
@@ -1852,4 +1896,3 @@ ftp://ftp.sunet.se/pub/www/utilities/curl/
 .SH "SEE ALSO"
 .BR ftp (1),
 .BR wget (1)
--- a/docs/examples/.gitignore
+++ b/docs/examples/.gitignore
@@ -4,6 +4,7 @@ certinfo
 chkspeed
 cookie_interface
 debug
 externalsocket
 fileupload
 fopen
 ftp-wildcard
@@ -25,6 +26,9 @@ multi-single
 persistant
 post-callback
 postit2
 progressfunc
 resolve
 rtsp
 sendrecv
 sepheaders
 simple
--- a/docs/examples/Makefile.am
+++ b/docs/examples/Makefile.am
@@ -23,7 +23,7 @@
 AUTOMAKE_OPTIONS = foreign nostdinc
 EXTRA_DIST = README Makefile.example Makefile.inc Makefile.m32 \
-	makefile.dj $(COMPLICATED_EXAMPLES)
+	Makefile.netware makefile.dj printf_macro.h $(COMPLICATED_EXAMPLES)
 # Specify our include paths here, and do it relative to $(top_srcdir) and
 # $(top_builddir), to ensure that these paths which belong to the library
--- a/docs/examples/Makefile.inc
+++ b/docs/examples/Makefile.inc
@@ -4,7 +4,8 @@ check_PROGRAMS = 10-at-a-time anyauthput cookie_interface debug fileupload \
  https multi-app multi-debugcallback multi-double multi-post multi-single \
  persistant post-callback postit2 sepheaders simple simplepost simplessl  \
  sendrecv httpcustomheader certinfo chkspeed ftpgetinfo ftp-wildcard \
-  smtp-multi simplesmtp smtp-tls
+  smtp-multi simplesmtp smtp-tls rtsp externalsocket resolve \
  progressfunc
 # These examples require external dependencies that may not be commonly
 # available on POSIX systems, so don't bother attempting to compile them here.
--- a/docs/examples/Makefile.m32
+++ b/docs/examples/Makefile.m32
@@ -19,31 +19,50 @@
 # KIND, either express or implied.
 #
 ###########################################################################
 #########################################################################
 #
-## Makefile for building curl examples with MingW32
+## Makefile for building curl examples with MingW (GCC-3.2 or later)
-## and optionally OpenSSL (0.9.8), libssh2 (0.18), zlib (1.2.3)
+## and optionally OpenSSL (0.9.8), libssh2 (1.3), zlib (1.2.5), librtmp (2.3)
 ##
-## Usage:
+## Usage:   mingw32-make -f Makefile.m32 CFG=-feature1[-feature2][-feature3][...]
-## mingw32-make -f Makefile.m32 [SSL=1] [SSH2=1] [ZLIB=1] [SSPI=1] [IPV6=1] [DYN=1]
+## Example: mingw32-make -f Makefile.m32 CFG=-zlib-ssl-spi-winidn
 ##
 ## Hint: you can also set environment vars to control the build, f.e.:
-## set ZLIB_PATH=c:/zlib-1.2.3
+## set ZLIB_PATH=c:/zlib-1.2.5
 ## set ZLIB=1
-##
+#
-#########################################################################
+###########################################################################
 # Edit the path below to point to the base of your Zlib sources.
 ifndef ZLIB_PATH
-ZLIB_PATH = ../../zlib-1.2.3
+ZLIB_PATH = ../../../zlib-1.2.5
 endif
 # Edit the path below to point to the base of your OpenSSL package.
 ifndef OPENSSL_PATH
-OPENSSL_PATH = ../../openssl-0.9.8k
+OPENSSL_PATH = ../../../openssl-0.9.8r
 endif
 ifndef OPENSSL_LIBPATH
 OPENSSL_LIBPATH = $(OPENSSL_PATH)/out
 endif
 ifndef OPENSSL_LIBS
 OPENSSL_LIBS = -leay32 -lssl32
 endif
 # Edit the path below to point to the base of your LibSSH2 package.
 ifndef LIBSSH2_PATH
-LIBSSH2_PATH = ../../libssh2-1.2
+LIBSSH2_PATH = ../../../libssh2-1.3.0
 endif
 # Edit the path below to point to the base of your librtmp package.
 ifndef LIBRTMP_PATH
 LIBRTMP_PATH = ../../../librtmp-2.3
 endif
 # Edit the path below to point to the base of your libidn package.
 ifndef LIBIDN_PATH
 LIBIDN_PATH = ../../../libidn-1.18
 endif
 # Edit the path below to point to the base of your MS idndlpackage. 
 # Microsoft Internationalized Domain Names (IDN) Mitigation APIs 1.1
 # http://www.microsoft.com/downloads/en/details.aspx?FamilyID=ad6158d7-ddba-416a-9109-07607425a815
 ifndef WINIDN_PATH
 WINIDN_PATH = ../../../Microsoft IDN Mitigation APIs
 endif
 # Edit the path below to point to the base of your Novell LDAP NDK.
 ifndef LDAP_SDK
@@ -51,25 +70,76 @@ LDAP_SDK = c:/novell/ndk/cldapsdk/win32
 endif
 PROOT = ../..
 ARES_LIB = $(PROOT)/ares
-SSL = 1
+# Edit the path below to point to the base of your c-ares package.
-ZLIB = 1
+ifndef LIBCARES_PATH
 LIBCARES_PATH = $(PROOT)/ares
 endif
 # Edit the var below to set to your architecture or set environment var.
 ifndef ARCH
 ARCH = w32
 endif
 CC = gcc
 CFLAGS = -g -O2 -Wall
 CFLAGS += -fno-strict-aliasing
 ifeq ($(ARCH),w64)
 CFLAGS += -D_AMD64_
 endif
 # comment LDFLAGS below to keep debug info
 LDFLAGS = -s
 RC = windres
 RCFLAGS = --include-dir=$(PROOT)/include -O COFF -i
-RM = del /q /f > NUL 2>&1
+
 RM = del /q /f 2>NUL
 CP = copy
 ########################################################
 ## Nothing more to do below this line!
 ifeq ($(findstring -dyn,$(CFG)),-dyn)
 DYN = 1
 endif
 ifeq ($(findstring -ares,$(CFG)),-ares)
 ARES = 1
 endif
 ifeq ($(findstring -rtmp,$(CFG)),-rtmp)
 RTMP = 1
 SSL = 1
 ZLIB = 1
 endif
 ifeq ($(findstring -ssh2,$(CFG)),-ssh2)
 SSH2 = 1
 SSL = 1
 ZLIB = 1
 endif
 ifeq ($(findstring -ssl,$(CFG)),-ssl)
 SSL = 1
 endif
 ifeq ($(findstring -zlib,$(CFG)),-zlib)
 ZLIB = 1
 endif
 ifeq ($(findstring -idn,$(CFG)),-idn)
 IDN = 1
 endif
 ifeq ($(findstring -winidn,$(CFG)),-winidn)
 WINIDN = 1
 endif
 ifeq ($(findstring -sspi,$(CFG)),-sspi)
 SSPI = 1
 endif
 ifeq ($(findstring -spnego,$(CFG)),-spnego)
 SPNEGO = 1
 endif
 ifeq ($(findstring -ldaps,$(CFG)),-ldaps)
 LDAPS = 1
 endif
 ifeq ($(findstring -ipv6,$(CFG)),-ipv6)
 IPV6 = 1
 endif
 INCLUDES = -I. -I$(PROOT) -I$(PROOT)/include -I$(PROOT)/lib
 LINK = $(CC) $(LDFLAGS) -o $@
 ifdef DYN
  curl_DEPENDENCIES = $(PROOT)/lib/libcurldll.a $(PROOT)/lib/libcurl.dll
@@ -81,34 +151,45 @@ else
 endif
 ifdef ARES
  ifndef DYN
-    curl_DEPENDENCIES += $(ARES_LIB)/libcares.a
+    curl_DEPENDENCIES += $(LIBCARES_PATH)/libcares.a
  endif
  CFLAGS += -DUSE_ARES
-  curl_LDADD += -L$(ARES_LIB) -lcares
+  curl_LDADD += -L"$(LIBCARES_PATH)" -lcares
 endif
 ifdef RTMP
  CFLAGS += -DUSE_LIBRTMP
  curl_LDADD += -L"$(LIBRTMP_PATH)/librtmp" -lrtmp -lwinmm
 endif
 ifdef SSH2
  CFLAGS += -DUSE_LIBSSH2 -DHAVE_LIBSSH2_H
-  curl_LDADD += -L$(LIBSSH2_PATH)/win32 -lssh2
+  curl_LDADD += -L"$(LIBSSH2_PATH)/win32" -lssh2
 endif
 ifdef SSL
  INCLUDES += -I"$(OPENSSL_PATH)/outinc"
  CFLAGS += -DUSE_SSLEAY -DHAVE_OPENSSL_ENGINE_H
-  ifdef DYN
+  curl_LDADD += -L"$(OPENSSL_LIBPATH)" $(OPENSSL_LIBS)
    curl_LDADD += -L$(OPENSSL_PATH)/out -leay32 -lssl32
  else
    curl_LDADD += -L$(OPENSSL_PATH)/out -lssl -lcrypto -lgdi32
  endif
 endif
 ifdef ZLIB
  INCLUDES += -I"$(ZLIB_PATH)"
  CFLAGS += -DHAVE_LIBZ -DHAVE_ZLIB_H
-  curl_LDADD += -L$(ZLIB_PATH) -lz
+  curl_LDADD += -L"$(ZLIB_PATH)" -lz
 endif
 ifdef IDN
  CFLAGS += -DUSE_LIBIDN
  curl_LDADD += -L"$(LIBIDN_PATH)/lib" -lidn
 else
 ifdef WINIDN
  CFLAGS += -DUSE_WIN32_IDN
  curl_LDADD += -L"$(WINIDN_PATH)" -lnormaliz
 endif
 endif
 ifdef SSPI
  CFLAGS += -DUSE_WINDOWS_SSPI
 endif
 ifdef SPNEGO
  CFLAGS += -DHAVE_SPNEGO
 endif
 ifdef IPV6
-  CFLAGS += -DENABLE_IPV6
+  CFLAGS += -DENABLE_IPV6 -D_WIN32_WINNT=0x0501
 endif
 ifdef LDAPS
  CFLAGS += -DHAVE_LDAP_SSL
@@ -123,32 +204,32 @@ ifdef USE_LDAP_OPENLDAP
 endif
 ifndef USE_LDAP_NOVELL
 ifndef USE_LDAP_OPENLDAP
-curl_LDADD += -lwldap32
+  curl_LDADD += -lwldap32
 endif
 endif
 curl_LDADD += -lws2_32
 COMPILE = $(CC) $(INCLUDES) $(CFLAGS)
 # Makefile.inc provides the check_PROGRAMS and COMPLICATED_EXAMPLES defines
 include Makefile.inc
-example_PROGRAMS := $(patsubst %,%.exe,$(strip $(check_PROGRAMS)))
+check_PROGRAMS := $(patsubst %,%.exe,$(strip $(check_PROGRAMS)))
-
+check_PROGRAMS += ftpuploadresume.exe synctime.exe
 .SUFFIXES: .rc .res .o .exe
-all: $(example_PROGRAMS)
+all: $(check_PROGRAMS)
-.o.exe: $(curl_DEPENDENCIES)
+%.exe: %.o $(curl_DEPENDENCIES)
-	$(LINK) $< $(curl_LDADD)
+	$(CC) $(LDFLAGS) -o $@ $< $(curl_LDADD)
-.c.o:
+%.o: %.c
-	$(COMPILE) -c $<
+	$(CC) $(INCLUDES) $(CFLAGS) -c $<
-.rc.res:
+%.res: %.rc
 	$(RC) $(RCFLAGS) $< -o $@
 clean:
-	$(RM) $(example_PROGRAMS)
+	-$(RM) $(check_PROGRAMS:.exe=.o)
 distclean vclean: clean
 	-$(RM) $(check_PROGRAMS)
--- a/docs/examples/Makefile.netware
+++ b/docs/examples/Makefile.netware
@@ -0,0 +1,441 @@
 #################################################################
 #
 ## Makefile for building curl.nlm (NetWare version - gnu make)
 ## Use: make -f Makefile.netware
 ##
 ## Comments to: Guenter Knauf http://www.gknw.net/phpbb
 #
 #################################################################
 # Edit the path below to point to the base of your Novell NDK.
 ifndef NDKBASE
 NDKBASE	= c:/novell
 endif
 # Edit the path below to point to the base of your Zlib sources.
 ifndef ZLIB_PATH
 ZLIB_PATH = ../../../zlib-1.2.5
 endif
 # Edit the path below to point to the base of your OpenSSL package.
 ifndef OPENSSL_PATH
 OPENSSL_PATH = ../../../openssl-0.9.8r
 endif
 # Edit the path below to point to the base of your LibSSH2 package.
 ifndef LIBSSH2_PATH
 LIBSSH2_PATH = ../../../libssh2-1.3.0
 endif
 # Edit the path below to point to the base of your axTLS package.
 ifndef AXTLS_PATH
 AXTLS_PATH = ../../../axTLS-1.2.7
 endif
 # Edit the path below to point to the base of your libidn package.
 ifndef LIBIDN_PATH
 LIBIDN_PATH = ../../../libidn-1.18
 endif
 # Edit the path below to point to the base of your librtmp package.
 ifndef LIBRTMP_PATH
 LIBRTMP_PATH = ../../../librtmp-2.3
 endif
 # Edit the path below to point to the base of your fbopenssl package.
 ifndef FBOPENSSL_PATH
 FBOPENSSL_PATH = ../../fbopenssl-0.4
 endif
 # Edit the path below to point to the base of your c-ares package.
 ifndef LIBCARES_PATH
 LIBCARES_PATH = ../../ares
 endif
 ifndef INSTDIR
 INSTDIR	= ..$(DS)..$(DS)curl-$(LIBCURL_VERSION_STR)-bin-nw
 endif
 # Edit the vars below to change NLM target settings.
 TARGET  = examples
 VERSION	= $(LIBCURL_VERSION)
 COPYR	= Copyright (C) $(LIBCURL_COPYRIGHT_STR)
 DESCR	= cURL ($(LIBARCH))
 MTSAFE	= YES
 STACK	= 8192
 SCREEN	= Example Program
 # Comment the line below if you dont want to load protected automatically.
 # LDRING = 3
 # Uncomment the next line to enable linking with POSIX semantics.
 # POSIXFL = 1
 # Edit the var below to point to your lib architecture.
 ifndef LIBARCH
 LIBARCH = LIBC
 endif
 # must be equal to NDEBUG or DEBUG, CURLDEBUG
 ifndef DB
 DB	= NDEBUG
 endif
 # Optimization: -O<n> or debugging: -g
 ifeq ($(DB),NDEBUG)
 	OPT	= -O2
 	OBJDIR	= release
 else
 	OPT	= -g
 	OBJDIR	= debug
 endif
 # The following lines defines your compiler.
 ifdef CWFolder
 	METROWERKS = $(CWFolder)
 endif
 ifdef METROWERKS
 	# MWCW_PATH = $(subst \,/,$(METROWERKS))/Novell Support
 	MWCW_PATH = $(subst \,/,$(METROWERKS))/Novell Support/Metrowerks Support
 	CC = mwccnlm
 else
 	CC = gcc
 endif
 PERL	= perl
 # Here you can find a native Win32 binary of the original awk:
 # http://www.gknw.net/development/prgtools/awk-20100523.zip
 AWK	= awk
 CP	= cp -afv
 MKDIR	= mkdir
 # RM	= rm -f
 # If you want to mark the target as MTSAFE you will need a tool for
 # generating the xdc data for the linker; here's a minimal tool:
 # http://www.gknw.net/development/prgtools/mkxdc.zip
 MPKXDC	= mkxdc
 # LIBARCH_U = $(shell $(AWK) 'BEGIN {print toupper(ARGV[1])}' $(LIBARCH))
 LIBARCH_L = $(shell $(AWK) 'BEGIN {print tolower(ARGV[1])}' $(LIBARCH))
 # Include the version info retrieved from curlver.h
 -include $(OBJDIR)/version.inc
 # Global flags for all compilers
 CFLAGS	+= $(OPT) -D$(DB) -DNETWARE -DHAVE_CONFIG_H -nostdinc
 ifeq ($(CC),mwccnlm)
 LD	= mwldnlm
 LDFLAGS	= -nostdlib $< $(PRELUDE) $(LDLIBS) -o $@ -commandfile
 LIBEXT	= lib
 CFLAGS	+= -gccinc -inline off -opt nointrinsics -proc 586
 CFLAGS	+= -relax_pointers
 #CFLAGS	+= -w on
 ifeq ($(LIBARCH),LIBC)
 ifeq ($(POSIXFL),1)
 	PRELUDE = $(NDK_LIBC)/imports/posixpre.o
 else
 	PRELUDE = $(NDK_LIBC)/imports/libcpre.o
 endif
 	CFLAGS += -align 4
 else
 	# PRELUDE = $(NDK_CLIB)/imports/clibpre.o
 	# to avoid the __init_* / __deinit_* whoes dont use prelude from NDK
 	PRELUDE = "$(MWCW_PATH)/libraries/runtime/prelude.obj"
 	# CFLAGS += -include "$(MWCW_PATH)/headers/nlm_clib_prefix.h"
 	CFLAGS += -align 1
 endif
 else
 LD	= nlmconv
 LDFLAGS	= -T
 LIBEXT	= a
 CFLAGS	+= -m32
 CFLAGS  += -fno-builtin -fno-strict-aliasing
 ifeq ($(findstring gcc,$(CC)),gcc)
 CFLAGS  += -fpcc-struct-return
 endif
 CFLAGS	+= -Wall # -pedantic
 ifeq ($(LIBARCH),LIBC)
 ifeq ($(POSIXFL),1)
 	PRELUDE = $(NDK_LIBC)/imports/posixpre.gcc.o
 else
 	PRELUDE = $(NDK_LIBC)/imports/libcpre.gcc.o
 endif
 else
 	# PRELUDE = $(NDK_CLIB)/imports/clibpre.gcc.o
 	# to avoid the __init_* / __deinit_* whoes dont use prelude from NDK
 	# http://www.gknw.net/development/mk_nlm/gcc_pre.zip
 	PRELUDE = $(NDK_ROOT)/pre/prelude.o
 	CFLAGS += -include $(NDKBASE)/nlmconv/genlm.h
 endif
 endif
 NDK_ROOT = $(NDKBASE)/ndk
 ifndef NDK_CLIB
 NDK_CLIB = $(NDK_ROOT)/nwsdk
 endif
 ifndef NDK_LIBC
 NDK_LIBC = $(NDK_ROOT)/libc
 endif
 ifndef NDK_LDAP
 NDK_LDAP = $(NDK_ROOT)/cldapsdk/netware
 endif
 CURL_INC = ../../include
 CURL_LIB = ../../lib
 INCLUDES = -I$(CURL_INC)
 ifeq ($(findstring -static,$(CFG)),-static)
 LINK_STATIC = 1
 endif
 ifeq ($(findstring -ares,$(CFG)),-ares)
 WITH_ARES = 1
 endif
 ifeq ($(findstring -rtmp,$(CFG)),-rtmp)
 WITH_RTMP = 1
 WITH_SSL = 1
 WITH_ZLIB = 1
 endif
 ifeq ($(findstring -ssh2,$(CFG)),-ssh2)
 WITH_SSH2 = 1
 WITH_SSL = 1
 WITH_ZLIB = 1
 endif
 ifeq ($(findstring -axtls,$(CFG)),-axtls)
 WITH_AXTLS = 1
 WITH_SSL =
 else
 ifeq ($(findstring -ssl,$(CFG)),-ssl)
 WITH_SSL = 1
 endif
 endif
 ifeq ($(findstring -zlib,$(CFG)),-zlib)
 WITH_ZLIB = 1
 endif
 ifeq ($(findstring -idn,$(CFG)),-idn)
 WITH_IDN = 1
 endif
 ifeq ($(findstring -spnego,$(CFG)),-spnego)
 WITH_SPNEGO = 1
 endif
 ifeq ($(findstring -ipv6,$(CFG)),-ipv6)
 ENABLE_IPV6 = 1
 endif
 ifdef LINK_STATIC
 	LDLIBS	= $(CURL_LIB)/libcurl.$(LIBEXT)
 ifdef WITH_ARES
 	LDLIBS += $(LIBCARES_PATH)/libcares.$(LIBEXT)
 endif
 else
 	MODULES	= libcurl.nlm
 	IMPORTS	= @$(CURL_LIB)/libcurl.imp
 endif
 ifdef WITH_SSH2
 	# INCLUDES += -I$(LIBSSH2_PATH)/include
 ifdef LINK_STATIC
 	LDLIBS += $(LIBSSH2_PATH)/nw/libssh2.$(LIBEXT)
 else
 	MODULES += libssh2.nlm
 	IMPORTS += @$(LIBSSH2_PATH)/nw/libssh2.imp
 endif
 endif
 ifdef WITH_RTMP
 	# INCLUDES += -I$(LIBRTMP_PATH)
 ifdef LINK_STATIC
 	LDLIBS += $(LIBRTMP_PATH)/librtmp/librtmp.$(LIBEXT)
 endif
 endif
 ifdef WITH_SSL
 	INCLUDES += -I$(OPENSSL_PATH)/outinc_nw_$(LIBARCH_L)
 	LDLIBS += $(OPENSSL_PATH)/out_nw_$(LIBARCH_L)/ssl.$(LIBEXT)
 	LDLIBS += $(OPENSSL_PATH)/out_nw_$(LIBARCH_L)/crypto.$(LIBEXT)
 	IMPORTS += GetProcessSwitchCount RunningProcess
 ifdef WITH_SPNEGO
 	# INCLUDES += -I$(FBOPENSSL_PATH)/include
 	LDLIBS += $(FBOPENSSL_PATH)/nw/fbopenssl.$(LIBEXT)
 endif
 else
 ifdef WITH_AXTLS
 	INCLUDES += -I$(AXTLS_PATH)/inc
 ifdef LINK_STATIC
 	LDLIBS += $(AXTLS_PATH)/lib/libaxtls.$(LIBEXT)
 else
 	MODULES += libaxtls.nlm
 	IMPORTS += $(AXTLS_PATH)/lib/libaxtls.imp
 endif
 endif
 endif
 ifdef WITH_ZLIB
 	# INCLUDES += -I$(ZLIB_PATH)
 ifdef LINK_STATIC
 	LDLIBS += $(ZLIB_PATH)/nw/$(LIBARCH)/libz.$(LIBEXT)
 else
 	MODULES += libz.nlm
 	IMPORTS += @$(ZLIB_PATH)/nw/$(LIBARCH)/libz.imp
 endif
 endif
 ifdef WITH_IDN
 	# INCLUDES += -I$(LIBIDN_PATH)/include
 	LDLIBS += $(LIBIDN_PATH)/lib/libidn.$(LIBEXT)
 endif
 ifeq ($(LIBARCH),LIBC)
 	INCLUDES += -I$(NDK_LIBC)/include
 	# INCLUDES += -I$(NDK_LIBC)/include/nks
 	# INCLUDES += -I$(NDK_LIBC)/include/winsock
 	CFLAGS += -D_POSIX_SOURCE
 else
 	INCLUDES += -I$(NDK_CLIB)/include/nlm
 	# INCLUDES += -I$(NDK_CLIB)/include
 endif
 ifndef DISABLE_LDAP
 	# INCLUDES += -I$(NDK_LDAP)/$(LIBARCH_L)/inc
 endif
 CFLAGS	+= $(INCLUDES)
 ifeq ($(MTSAFE),YES)
 	XDCOPT = -n
 endif
 ifeq ($(MTSAFE),NO)
 	XDCOPT = -u
 endif
 ifdef XDCOPT
 	XDCDATA = $(OBJDIR)/$(TARGET).xdc
 endif
 ifeq ($(findstring /sh,$(SHELL)),/sh)
 DL	= '
 DS	= /
 PCT	= %
 #-include $(NDKBASE)/nlmconv/ncpfs.inc
 else
 DS	= \\
 PCT	= %%
 endif
 # Makefile.inc provides the CSOURCES and HHEADERS defines
 include Makefile.inc
 check_PROGRAMS := $(patsubst %,%.nlm,$(strip $(check_PROGRAMS)))
 .PRECIOUS: $(OBJDIR)/%.o $(OBJDIR)/%.def $(OBJDIR)/%.xdc
 all: prebuild $(check_PROGRAMS)
 prebuild: $(OBJDIR) $(OBJDIR)/version.inc
 $(OBJDIR)/%.o: %.c
 	@echo Compiling $<
 	$(CC) $(CFLAGS) -c $< -o $@
 $(OBJDIR)/version.inc: $(CURL_INC)/curl/curlver.h $(OBJDIR)
 	@echo Creating $@
 	@$(AWK) -f ../../packages/NetWare/get_ver.awk $< > $@
 install: $(INSTDIR) all
 	@$(CP) $(check_PROGRAMS) $(INSTDIR)
 clean:
 	-$(RM) -r $(OBJDIR)
 distclean vclean: clean
 	-$(RM) $(check_PROGRAMS)
 $(OBJDIR) $(INSTDIR):
 	@$(MKDIR) $@
 %.nlm: $(OBJDIR)/%.o $(OBJDIR)/%.def $(XDCDATA)
 	@echo Linking $@
 	@-$(RM) $@
 	@$(LD) $(LDFLAGS) $(OBJDIR)/$(@:.nlm=.def)
 $(OBJDIR)/%.xdc: Makefile.netware
 	@echo Creating $@
 	@$(MPKXDC) $(XDCOPT) $@
 $(OBJDIR)/%.def: Makefile.netware
 	@echo $(DL)# DEF file for linking with $(LD)$(DL) > $@
 	@echo $(DL)# Do not edit this file - it is created by Make!$(DL) >> $@
 	@echo $(DL)# All your changes will be lost!!$(DL) >> $@
 	@echo $(DL)#$(DL) >> $@
 	@echo $(DL)copyright "$(COPYR)"$(DL) >> $@
 	@echo $(DL)description "$(DESCR) $(notdir $(@:.def=)) Example"$(DL) >> $@
 	@echo $(DL)version $(VERSION)$(DL) >> $@
 ifdef NLMTYPE
 	@echo $(DL)type $(NLMTYPE)$(DL) >> $@
 endif
 ifdef STACK
 	@echo $(DL)stack $(STACK)$(DL) >> $@
 endif
 ifdef SCREEN
 	@echo $(DL)screenname "$(DESCR) $(notdir $(@:.def=)) $(SCREEN)"$(DL) >> $@
 else
 	@echo $(DL)screenname "DEFAULT"$(DL) >> $@
 endif
 ifneq ($(DB),NDEBUG)
 	@echo $(DL)debug$(DL) >> $@
 endif
 	@echo $(DL)threadname "_$(notdir $(@:.def=))"$(DL) >> $@
 ifdef XDCDATA
 	@echo $(DL)xdcdata $(XDCDATA)$(DL) >> $@
 endif
 ifeq ($(LDRING),0)
 	@echo $(DL)flag_on 16$(DL) >> $@
 endif
 ifeq ($(LDRING),3)
 	@echo $(DL)flag_on 512$(DL) >> $@
 endif
 ifeq ($(LIBARCH),CLIB)
 	@echo $(DL)start _Prelude$(DL) >> $@
 	@echo $(DL)exit _Stop$(DL) >> $@
 	@echo $(DL)import @$(NDK_CLIB)/imports/clib.imp$(DL) >> $@
 	@echo $(DL)import @$(NDK_CLIB)/imports/threads.imp$(DL) >> $@
 	@echo $(DL)import @$(NDK_CLIB)/imports/nlmlib.imp$(DL) >> $@
 	@echo $(DL)import @$(NDK_CLIB)/imports/socklib.imp$(DL) >> $@
 	@echo $(DL)module clib$(DL) >> $@
 ifndef DISABLE_LDAP
 	@echo $(DL)import @$(NDK_LDAP)/clib/imports/ldapsdk.imp$(DL) >> $@
 	@echo $(DL)import @$(NDK_LDAP)/clib/imports/ldapssl.imp$(DL) >> $@
 #	@echo $(DL)import @$(NDK_LDAP)/clib/imports/ldapx.imp$(DL) >> $@
 	@echo $(DL)module ldapsdk ldapssl$(DL) >> $@
 endif
 else
 ifeq ($(POSIXFL),1)
 	@echo $(DL)flag_on 4194304$(DL) >> $@
 endif
 	@echo $(DL)flag_on 64$(DL) >> $@
 	@echo $(DL)pseudopreemption$(DL) >> $@
 ifeq ($(findstring posixpre,$(PRELUDE)),posixpre)
 	@echo $(DL)start POSIX_Start$(DL) >> $@
 	@echo $(DL)exit POSIX_Stop$(DL) >> $@
 	@echo $(DL)check POSIX_CheckUnload$(DL) >> $@
 else
 	@echo $(DL)start _LibCPrelude$(DL) >> $@
 	@echo $(DL)exit _LibCPostlude$(DL) >> $@
 	@echo $(DL)check _LibCCheckUnload$(DL) >> $@
 endif
 	@echo $(DL)import @$(NDK_LIBC)/imports/libc.imp$(DL) >> $@
 	@echo $(DL)import @$(NDK_LIBC)/imports/netware.imp$(DL) >> $@
 	@echo $(DL)module libc$(DL) >> $@
 ifndef DISABLE_LDAP
 	@echo $(DL)import @$(NDK_LDAP)/libc/imports/lldapsdk.imp$(DL) >> $@
 	@echo $(DL)import @$(NDK_LDAP)/libc/imports/lldapssl.imp$(DL) >> $@
 #	@echo $(DL)import @$(NDK_LDAP)/libc/imports/lldapx.imp$(DL) >> $@
 	@echo $(DL)module lldapsdk lldapssl$(DL) >> $@
 endif
 endif
 ifdef MODULES
 	@echo $(DL)module $(MODULES)$(DL) >> $@
 endif
 ifdef EXPORTS
 	@echo $(DL)export $(EXPORTS)$(DL) >> $@
 endif
 ifdef IMPORTS
 	@echo $(DL)import $(IMPORTS)$(DL) >> $@
 endif
 ifeq ($(findstring nlmconv,$(LD)),nlmconv)
 	@echo $(DL)input $(PRELUDE)$(DL) >> $@
 	@echo $(DL)input $(@:.def=.o)$(DL) >> $@
 ifdef LDLIBS
 	@echo $(DL)input $(LDLIBS)$(DL) >> $@
 endif
 	@echo $(DL)output $(notdir $(@:.def=.nlm))$(DL) >> $@
 endif
--- a/docs/examples/anyauthput.c
+++ b/docs/examples/anyauthput.c
@@ -41,6 +41,7 @@
 #endif
 #include <curl/curl.h>
 #include "printf_macro.h"
 #if LIBCURL_VERSION_NUM < 0x070c03
 #error "upgrade your libcurl to no less than 7.12.3"
@@ -92,7 +93,7 @@ static size_t read_callback(void *ptr, size_t size, size_t nmemb, void *stream)
  retcode = read(fd, ptr, size * nmemb);
-  fprintf(stderr, "*** We read %d bytes from file\n", retcode);
+  fprintf(stderr, "*** We read %" _FMT_SIZE_T " bytes from file\n", retcode);
  return retcode;
 }
--- a/docs/examples/certinfo.c
+++ b/docs/examples/certinfo.c
@@ -22,8 +22,6 @@
 #include <stdio.h>
 #include <curl/curl.h>
 #include <curl/types.h>
 #include <curl/easy.h>
 static size_t wrfu(void *ptr,  size_t  size,  size_t  nmemb,  void *stream)
 {
--- a/docs/examples/chkspeed.c
+++ b/docs/examples/chkspeed.c
@@ -35,8 +35,6 @@
 #include <time.h>
 #include <curl/curl.h>
 #include <curl/types.h>
 #include <curl/easy.h>
 #define URL_BASE "http://speedtest.your.domain/"
 #define URL_1M   URL_BASE "file_1M.bin"
--- a/docs/examples/curlgtk.c
+++ b/docs/examples/curlgtk.c
@@ -13,8 +13,6 @@
 #include <gtk/gtk.h>
 #include <curl/curl.h>
 #include <curl/types.h> /* new for v7 */
 #include <curl/easy.h> /* new for v7 */
 GtkWidget *Bar;
--- a/docs/examples/externalsocket.c
+++ b/docs/examples/externalsocket.c
@@ -0,0 +1,142 @@
 /***************************************************************************
 *                                  _   _ ____  _
 *  Project                     ___| | | |  _ \| |
 *                             / __| | | | |_) | |
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
 * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
 * are also available at http://curl.haxx.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
 * furnished to do so, under the terms of the COPYING file.
 *
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 * KIND, either express or implied.
 *
 ***************************************************************************/
 /*
 * This is an example demonstrating how an application can pass in a custom
 * socket to libcurl to use. This example also handles the connect itself.
 */
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
 #include <curl/curl.h>
 #ifdef WIN32
 #include <windows.h>
 #include <winsock2.h>
 #include <ws2tcpip.h>
 #define close closesocket
 #else
 #include <sys/types.h>        /*  socket types              */
 #include <sys/socket.h>       /*  socket definitions        */
 #include <arpa/inet.h>        /*  inet (3) funtions         */
 #include <unistd.h>           /*  misc. UNIX functions      */
 #endif
 #include <errno.h>
 /* The IP address and port number to connect to */
 #define IPADDR "127.0.0.1"
 #define PORTNUM 80
 static size_t write_data(void *ptr, size_t size, size_t nmemb, void *stream)
 {
  int written = fwrite(ptr, size, nmemb, (FILE *)stream);
  return written;
 }
 static curl_socket_t opensocket(void *clientp,
                                curlsocktype purpose,
                                struct curl_sockaddr *address)
 {
  curl_socket_t sockfd = *(curl_socket_t *)clientp;
  /* the actual externally set socket is passed in via the OPENSOCKETDATA
     option */
  return sockfd;
 }
 static int sockopt_callback(void *clientp, curl_socket_t curlfd,
                            curlsocktype purpose)
 {
  /* This return code was added in libcurl 7.21.5 */
  return CURL_SOCKOPT_ALREADY_CONNECTED;
 }
 int main(void)
 {
  CURL *curl;
  CURLcode res;
  struct sockaddr_in servaddr;  /*  socket address structure  */
  curl_socket_t sockfd;
 #ifdef WIN32
  WSADATA wsaData;
  int initwsa;
  if((initwsa = WSAStartup(MAKEWORD(2,0), &wsaData)) != 0) {
    printf("WSAStartup failed: %d\n", initwsa);
    return 1;
  }
 #endif
  curl = curl_easy_init();
  if(curl) {
    /*
     * Note that libcurl will internally think that you connect to the host
     * and port that you specify in the URL option.
     */
    curl_easy_setopt(curl, CURLOPT_URL, "http://99.99.99.99:9999");
    /* Create the socket "manually" */
    if( (sockfd = socket(AF_INET, SOCK_STREAM, 0)) < 0 ) {
      printf("Error creating listening socket.\n");
      return 3;
    }
    memset(&servaddr, 0, sizeof(servaddr));
    servaddr.sin_family = AF_INET;
    servaddr.sin_port   = htons(PORTNUM);
    if (INADDR_NONE == (servaddr.sin_addr.s_addr = inet_addr(IPADDR)))
      return 2;
    if(connect(sockfd,(struct sockaddr *) &servaddr, sizeof(servaddr)) ==
       -1) {
      close(sockfd);
      printf("client error: connect: %s\n", strerror(errno));
      return 1;
    }
    /* no progress meter please */
    curl_easy_setopt(curl, CURLOPT_NOPROGRESS, 1L);
    /* send all data to this function  */
    curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_data);
    /* call this function to get a socket */
    curl_easy_setopt(curl, CURLOPT_OPENSOCKETFUNCTION, opensocket);
    curl_easy_setopt(curl, CURLOPT_OPENSOCKETDATA, &sockfd);
    /* call this function to set options for the socket */
    curl_easy_setopt(curl, CURLOPT_SOCKOPTFUNCTION, sockopt_callback);
    curl_easy_setopt(curl, CURLOPT_VERBOSE, 1);
    res = curl_easy_perform(curl);
    curl_easy_cleanup(curl);
    if(res) {
      printf("libcurl error: %d\n", res);
      return 4;
    }
  }
  return 0;
 }
--- a/docs/examples/ftpget.c
+++ b/docs/examples/ftpget.c
@@ -22,8 +22,6 @@
 #include <stdio.h>
 #include <curl/curl.h>
 #include <curl/types.h>
 #include <curl/easy.h>
 /*
 * This is an example showing how to get a single file from an FTP server.
--- a/docs/examples/ftpgetinfo.c
+++ b/docs/examples/ftpgetinfo.c
@@ -23,8 +23,6 @@
 #include <string.h>
 #include <curl/curl.h>
 #include <curl/types.h>
 #include <curl/easy.h>
 /*
 * This is an example showing how to check a single file's size and mtime
--- a/docs/examples/ftpgetresp.c
+++ b/docs/examples/ftpgetresp.c
@@ -22,8 +22,6 @@
 #include <stdio.h>
 #include <curl/curl.h>
 #include <curl/types.h>
 #include <curl/easy.h>
 /*
 * Similar to ftpget.c but this also stores the received response-lines
--- a/docs/examples/ftpupload.c
+++ b/docs/examples/ftpupload.c
@@ -32,6 +32,7 @@
 #else
 #include <unistd.h>
 #endif
 #include "printf_macro.h"
 /*
 * This example shows an FTP upload, with a rename of the file just after
@@ -56,7 +57,7 @@ static size_t read_callback(void *ptr, size_t size, size_t nmemb, void *stream)
     by default internally */
  size_t retcode = fread(ptr, size, nmemb, stream);
-  fprintf(stderr, "*** We read %d bytes from file\n", retcode);
+  fprintf(stderr, "*** We read %" _FMT_SIZE_T " bytes from file\n", retcode);
  return retcode;
 }
--- a/docs/examples/ftpuploadresume.c
+++ b/docs/examples/ftpuploadresume.c
@@ -39,7 +39,7 @@
 /* The MinGW headers are missing a few Win32 function definitions,
   you shouldn't need this if you use VC++ */
-#ifdef __MINGW32__
+#if defined(__MINGW32__) && !defined(__MINGW64__)
 int __cdecl _snscanf(const char * input, size_t length, const char * format, ...);
 #endif
--- a/docs/examples/getinmemory.c
+++ b/docs/examples/getinmemory.c
@@ -36,10 +36,10 @@ struct MemoryStruct {
 static size_t
-WriteMemoryCallback(void *ptr, size_t size, size_t nmemb, void *data)
+WriteMemoryCallback(void *contents, size_t size, size_t nmemb, void *userp)
 {
  size_t realsize = size * nmemb;
-  struct MemoryStruct *mem = (struct MemoryStruct *)data;
+  struct MemoryStruct *mem = (struct MemoryStruct *)userp;
  mem->memory = realloc(mem->memory, mem->size + realsize + 1);
  if (mem->memory == NULL) {
@@ -48,7 +48,7 @@ WriteMemoryCallback(void *ptr, size_t size, size_t nmemb, void *data)
    exit(EXIT_FAILURE);
  }
-  memcpy(&(mem->memory[mem->size]), ptr, realsize);
+  memcpy(&(mem->memory[mem->size]), contents, realsize);
  mem->size += realsize;
  mem->memory[mem->size] = 0;
--- a/docs/examples/httpput.c
+++ b/docs/examples/httpput.c
@@ -25,6 +25,7 @@
 #include <unistd.h>
 #include <curl/curl.h>
 #include "printf_macro.h"
 /*
 * This example shows a HTTP PUT operation. PUTs a file given as a command
@@ -45,7 +46,7 @@ static size_t read_callback(void *ptr, size_t size, size_t nmemb, void *stream)
     by default internally */
  retcode = fread(ptr, size, nmemb, stream);
-  fprintf(stderr, "*** We read %d bytes from file\n", retcode);
+  fprintf(stderr, "*** We read %" _FMT_SIZE_T " bytes from file\n", retcode);
  return retcode;
 }
--- a/docs/examples/postit2.c
+++ b/docs/examples/postit2.c
@@ -37,8 +37,6 @@
 #include <string.h>
 #include <curl/curl.h>
 #include <curl/types.h>
 #include <curl/easy.h>
 int main(int argc, char *argv[])
 {
--- a/docs/examples/printf_macro.h
+++ b/docs/examples/printf_macro.h
@@ -0,0 +1,45 @@
 /***************************************************************************
 *                                  _   _ ____  _
 *  Project                     ___| | | |  _ \| |
 *                             / __| | | | |_) | |
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
 * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
 * are also available at http://curl.haxx.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
 * furnished to do so, under the terms of the COPYING file.
 *
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 * KIND, either express or implied.
 *
 ***************************************************************************/
 /* Simple hack trying to get a valid printf format string for size_t.
 * If that fails for your platform you can define your own _FMT_SIZE_T,
 * f.e.: -D_FMT_SIZE_T="zd"
 */
 #ifndef _PRINTF_MACRO_H
 #define _PRINTF_MACRO_H
 #ifndef _FMT_SIZE_T
 #ifdef WIN32
 #define _FMT_SIZE_T "Id"
 #else
 /*
 "zd" is a GNU extension to POSIX; so we dont use it for size_t but hack around
 #define _FMT_SIZE_T "zd"
 */
 #ifdef __x86_64__
 #define _FMT_SIZE_T "lu"
 #else
 #define _FMT_SIZE_T "u"
 #endif /* __x86_64__ */
 #endif /* WIN32 */
 #endif /* !_FMT_SIZE_T */
 #endif /* !_PRINTF_MACRO_H */
--- a/docs/examples/progressfunc.c
+++ b/docs/examples/progressfunc.c
@@ -0,0 +1,58 @@
 /***************************************************************************
 *                                  _   _ ____  _
 *  Project                     ___| | | |  _ \| |
 *                             / __| | | | |_) | |
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
 * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
 * are also available at http://curl.haxx.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
 * furnished to do so, under the terms of the COPYING file.
 *
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 * KIND, either express or implied.
 *
 ***************************************************************************/
 #include <stdio.h>
 #include <curl/curl.h>
 #define STOP_DOWNLOAD_AFTER_THIS_MANY_BYTES 6000
 static int progress(void *p,
                    double dltotal, double dlnow,
                    double ultotal, double ulnow)
 {
  fprintf(stderr, "UP: %g of %g  DOWN: %g of %g\r\n",
          ulnow, ultotal, dlnow, dltotal);
  if(dlnow > STOP_DOWNLOAD_AFTER_THIS_MANY_BYTES)
    return 1;
  return 0;
 }
 int main(void)
 {
  CURL *curl;
  CURLcode res=0;
  curl = curl_easy_init();
  if(curl) {
    curl_easy_setopt(curl, CURLOPT_URL, "http://example.com/");
    curl_easy_setopt(curl, CURLOPT_PROGRESSFUNCTION, progress);
    curl_easy_setopt(curl, CURLOPT_NOPROGRESS, 0L);
    res = curl_easy_perform(curl);
    if(res)
      fprintf(stderr, "%s\n", curl_easy_strerror(res));
    /* always cleanup */
    curl_easy_cleanup(curl);
  }
  return (int)res;
 }
--- a/docs/examples/resolve.c
+++ b/docs/examples/resolve.c
@@ -0,0 +1,51 @@
 /***************************************************************************
 *                                  _   _ ____  _
 *  Project                     ___| | | |  _ \| |
 *                             / __| | | | |_) | |
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
 * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
 * are also available at http://curl.haxx.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
 * furnished to do so, under the terms of the COPYING file.
 *
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 * KIND, either express or implied.
 *
 ***************************************************************************/
 #include <stdio.h>
 #include <curl/curl.h>
 int main(void)
 {
  CURL *curl;
  CURLcode res = CURLE_OK;
  struct curl_slist *host = NULL;
  /* Each single name resolve string should be written using the format
     HOST:PORT:ADDRESS where HOST is the name libcurl will try to resolve,
     PORT is the port number of the service where libcurl wants to connect to
     the HOST and ADDRESS is the numerical IP address
   */
  host = curl_slist_append(NULL, "example.com:80:127.0.0.1");
  curl = curl_easy_init();
  if(curl) {
    curl_easy_setopt(curl, CURLOPT_RESOLVE, host);
    curl_easy_setopt(curl, CURLOPT_URL, "http://example.com");
    res = curl_easy_perform(curl);
    /* always cleanup */
    curl_easy_cleanup(curl);
  }
  curl_slist_free_all(host);
  return (int)res;
 }
--- a/docs/examples/rtsp.c
+++ b/docs/examples/rtsp.c
@@ -0,0 +1,271 @@
 /*
 * Copyright (c) 2011, Jim Hollinger
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *   * Redistributions of source code must retain the above copyright
 *     notice, this list of conditions and the following disclaimer.
 *   * Redistributions in binary form must reproduce the above copyright
 *     notice, this list of conditions and the following disclaimer in the
 *     documentation and/or other materials provided with the distribution.
 *   * Neither the name of Jim Hollinger nor the names of its contributors
 *     may be used to endorse or promote products derived from this
 *     software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 */
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #if defined (WIN32)
 #  include <conio.h>  /* _getch() */
 #else
 #  include <termios.h>
 #  include <unistd.h>
 static int _getch(void)
 {
  struct termios oldt, newt;
  int ch;
  tcgetattr( STDIN_FILENO, &oldt );
  newt = oldt;
  newt.c_lflag &= ~( ICANON | ECHO );
  tcsetattr( STDIN_FILENO, TCSANOW, &newt );
  ch = getchar();
  tcsetattr( STDIN_FILENO, TCSANOW, &oldt );
  return ch;
 }
 #endif
 #include <curl/curl.h>
 #define VERSION_STR  "V1.0"
 /* error handling macros */
 #define my_curl_easy_setopt(A, B, C) \
  if ((res = curl_easy_setopt((A), (B), (C))) != CURLE_OK) \
    fprintf(stderr, "curl_easy_setopt(%s, %s, %s) failed: %d\n", \
            #A, #B, #C, res);
 #define my_curl_easy_perform(A) \
  if ((res = curl_easy_perform((A))) != CURLE_OK) \
    fprintf(stderr, "curl_easy_perform(%s) failed: %d\n", #A, res);
 /* send RTSP OPTIONS request */
 static void rtsp_options(CURL *curl, const char *uri)
 {
  CURLcode res = CURLE_OK;
  printf("\nRTSP: OPTIONS %s\n", uri);
  my_curl_easy_setopt(curl, CURLOPT_RTSP_STREAM_URI, uri);
  my_curl_easy_setopt(curl, CURLOPT_RTSP_REQUEST, (long)CURL_RTSPREQ_OPTIONS);
  my_curl_easy_perform(curl);
 }
 /* send RTSP DESCRIBE request and write sdp response to a file */
 static void rtsp_describe(CURL *curl, const char *uri,
                          const char *sdp_filename)
 {
  CURLcode res = CURLE_OK;
  FILE *sdp_fp = fopen(sdp_filename, "wt");
  printf("\nRTSP: DESCRIBE %s\n", uri);
  if (sdp_fp == NULL) {
    fprintf(stderr, "Could not open '%s' for writing\n", sdp_filename);
    sdp_fp = stdout;
  }
  else {
    printf("Writing SDP to '%s'\n", sdp_filename);
  }
  my_curl_easy_setopt(curl, CURLOPT_WRITEDATA, sdp_fp);
  my_curl_easy_setopt(curl, CURLOPT_RTSP_REQUEST, (long)CURL_RTSPREQ_DESCRIBE);
  my_curl_easy_perform(curl);
  my_curl_easy_setopt(curl, CURLOPT_WRITEDATA, stdout);
  if (sdp_fp != stdout) {
    fclose(sdp_fp);
  }
 }
 /* send RTSP SETUP request */
 static void rtsp_setup(CURL *curl, const char *uri, const char *transport)
 {
  CURLcode res = CURLE_OK;
  printf("\nRTSP: SETUP %s\n", uri);
  printf("      TRANSPORT %s\n", transport);
  my_curl_easy_setopt(curl, CURLOPT_RTSP_STREAM_URI, uri);
  my_curl_easy_setopt(curl, CURLOPT_RTSP_TRANSPORT, transport);
  my_curl_easy_setopt(curl, CURLOPT_RTSP_REQUEST, (long)CURL_RTSPREQ_SETUP);
  my_curl_easy_perform(curl);
 }
 /* send RTSP PLAY request */
 static void rtsp_play(CURL *curl, const char *uri, const char *range)
 {
  CURLcode res = CURLE_OK;
  printf("\nRTSP: PLAY %s\n", uri);
  my_curl_easy_setopt(curl, CURLOPT_RTSP_STREAM_URI, uri);
  my_curl_easy_setopt(curl, CURLOPT_RANGE, range);
  my_curl_easy_setopt(curl, CURLOPT_RTSP_REQUEST, (long)CURL_RTSPREQ_PLAY);
  my_curl_easy_perform(curl);
 }
 /* send RTSP TEARDOWN request */
 static void rtsp_teardown(CURL *curl, const char *uri)
 {
  CURLcode res = CURLE_OK;
  printf("\nRTSP: TEARDOWN %s\n", uri);
  my_curl_easy_setopt(curl, CURLOPT_RTSP_REQUEST, (long)CURL_RTSPREQ_TEARDOWN);
  my_curl_easy_perform(curl);
 }
 /* convert url into an sdp filename */
 static void get_sdp_filename(const char *url, char *sdp_filename)
 {
  const char *s = strrchr(url, '/');
  strcpy(sdp_filename, "video.sdp");
  if (s != NULL) {
    s++;
    if (s[0] != '\0') {
      sprintf(sdp_filename, "%s.sdp", s);
    }
  }
 }
 /* scan sdp file for media control attribute */
 static void get_media_control_attribute(const char *sdp_filename,
                                        char *control)
 {
  int max_len = 256;
  char *s = malloc(max_len);
  FILE *sdp_fp = fopen(sdp_filename, "rt");
  control[0] = '\0';
  if (sdp_fp != NULL) {
    while (fgets(s, max_len - 2, sdp_fp) != NULL) {
      sscanf(s, " a = control: %s", control);
    }
    fclose(sdp_fp);
  }
  free(s);
 }
 /* main app */
 int main(int argc, char * const argv[])
 {
 #if 1
  const char *transport = "RTP/AVP;unicast;client_port=1234-1235";  /* UDP */
 #else
  const char *transport = "RTP/AVP/TCP;unicast;client_port=1234-1235";  /* TCP */
 #endif
  const char *range = "0.000-";
  int rc = EXIT_SUCCESS;
  char *basename = NULL;
  printf("\nRTSP request %s\n", VERSION_STR);
  printf("    Project web site: http://code.google.com/p/rtsprequest/\n");
  printf("    Requires cURL V7.20 or greater\n\n");
  /* check command line */
  if ((argc != 2) && (argc != 3)) {
    basename = strrchr(argv[0], '/');
    if (basename == NULL) {
      basename = strrchr(argv[0], '\\');
    }
    if (basename == NULL) {
      basename = argv[0];
    } else {
      basename++;
    }
    printf("Usage:   %s url [transport]\n", basename);
    printf("         url of video server\n");
    printf("         transport (optional) specifier for media stream protocol\n");
    printf("         default transport: %s\n", transport);
    printf("Example: %s rtsp://192.168.0.2/media/video1\n\n", basename);
    rc = EXIT_FAILURE;
  } else {
    const char *url = argv[1];
    char *uri = malloc(strlen(url) + 32);
    char *sdp_filename = malloc(strlen(url) + 32);
    char *control = malloc(strlen(url) + 32);
    CURLcode res;
    get_sdp_filename(url, sdp_filename);
    if (argc == 3) {
      transport = argv[2];
    }
    /* initialize curl */
    res = curl_global_init(CURL_GLOBAL_ALL);
    if (res == CURLE_OK) {
      curl_version_info_data *data = curl_version_info(CURLVERSION_NOW);
      CURL *curl;
      fprintf(stderr, "    cURL V%s loaded\n", data->version);
      /* initialize this curl session */
      curl = curl_easy_init();
      if (curl != NULL) {
        my_curl_easy_setopt(curl, CURLOPT_VERBOSE, 0L);
        my_curl_easy_setopt(curl, CURLOPT_NOPROGRESS, 1L);
        my_curl_easy_setopt(curl, CURLOPT_WRITEHEADER, stdout);
        my_curl_easy_setopt(curl, CURLOPT_URL, url);
        /* request server options */
        sprintf(uri, "%s", url);
        rtsp_options(curl, uri);
        /* request session description and write response to sdp file */
        rtsp_describe(curl, uri, sdp_filename);
        /* get media control attribute from sdp file */
        get_media_control_attribute(sdp_filename, control);
        /* setup media stream */
        sprintf(uri, "%s/%s", url, control);
        rtsp_setup(curl, uri, transport);
        /* start playing media stream */
        sprintf(uri, "%s/", url);
        rtsp_play(curl, uri, range);
        printf("Playing video, press any key to stop ...");
        _getch();
        printf("\n");
        /* teardown session */
        rtsp_teardown(curl, uri);
        /* cleanup */
        curl_easy_cleanup(curl);
        curl = NULL;
      } else {
        fprintf(stderr, "curl_easy_init() failed\n");
      }
      curl_global_cleanup();
    } else {
      fprintf(stderr, "curl_global_init(%s) failed: %d\n",
              "CURL_GLOBAL_ALL", res);
    }
    free(control);
    free(sdp_filename);
    free(uri);
  }
  return rc;
 }
--- a/docs/examples/sendrecv.c
+++ b/docs/examples/sendrecv.c
@@ -24,6 +24,7 @@
 #include <stdio.h>
 #include <string.h>
 #include <curl/curl.h>
 #include "printf_macro.h"
 /* Auxiliary function that waits on the socket. */
 static int wait_on_socket(curl_socket_t sockfd, int for_recv, long timeout_ms)
@@ -122,7 +123,7 @@ int main(void)
      if(CURLE_OK != res)
        break;
-      printf("Received %u bytes.\n", iolen);
+      printf("Received %" _FMT_SIZE_T " bytes.\n", iolen);
    }
    /* always cleanup */
--- a/docs/examples/sepheaders.c
+++ b/docs/examples/sepheaders.c
@@ -24,8 +24,6 @@
 #include <unistd.h>
 #include <curl/curl.h>
 #include <curl/types.h>
 #include <curl/easy.h>
 static size_t write_data(void *ptr, size_t size, size_t nmemb, void *stream)
 {
--- a/docs/examples/simplessl.c
+++ b/docs/examples/simplessl.c
@@ -22,9 +22,6 @@
 #include <stdio.h>
 #include <curl/curl.h>
 #include <curl/types.h>
 #include <curl/easy.h>
 /* some requirements for this to work:
   1.   set pCertFile to the file with the client certificate
--- a/docs/examples/smooth-gtk-thread.c
+++ b/docs/examples/smooth-gtk-thread.c
@@ -37,8 +37,6 @@
 #include <pthread.h>
 #include <curl/curl.h>
 #include <curl/types.h> /* new for v7 */
 #include <curl/easy.h> /* new for v7 */
 #define NUMT 4
--- a/docs/examples/smtp-multi.c
+++ b/docs/examples/smtp-multi.c
@@ -123,13 +123,13 @@ int main(void)
   curl_easy_setopt(curl, CURLOPT_READFUNCTION, read_callback);
   curl_easy_setopt(curl, CURLOPT_MAIL_FROM, MAILFROM);
   curl_easy_setopt(curl, CURLOPT_MAIL_RCPT, rcpt_list);
-   curl_easy_setopt(curl, CURLOPT_USE_SSL, CURLUSESSL_ALL);
+   curl_easy_setopt(curl, CURLOPT_USE_SSL, (long)CURLUSESSL_ALL);
-   curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER,0);
+   curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
-   curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0);
+   curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
   curl_easy_setopt(curl, CURLOPT_READDATA, &pooh);
-   curl_easy_setopt(curl, CURLOPT_VERBOSE, 1);
+   curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
-   curl_easy_setopt(curl, CURLOPT_SSLVERSION, 0);
+   curl_easy_setopt(curl, CURLOPT_SSLVERSION, 0L);
-   curl_easy_setopt(curl, CURLOPT_SSL_SESSIONID_CACHE, 0);
+   curl_easy_setopt(curl, CURLOPT_SSL_SESSIONID_CACHE, 0L);
   curl_multi_add_handle(mcurl, curl);
   mp_timedout = 0;
--- a/docs/examples/smtp-tls.c
+++ b/docs/examples/smtp-tls.c
@@ -94,13 +94,13 @@ int main(void)
     * of using CURLUSESSL_TRY here, because if TLS upgrade fails, the transfer
     * will continue anyway - see the security discussion in the libcurl
     * tutorial for more details. */
-    curl_easy_setopt(curl, CURLOPT_USE_SSL, CURLUSESSL_ALL);
+    curl_easy_setopt(curl, CURLOPT_USE_SSL, (long)CURLUSESSL_ALL);
    /* If your server doesn't have a valid certificate, then you can disable
     * part of the Transport Layer Security protection by setting the
     * CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST options to 0 (false).
-     *   curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0);
+     *   curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
-     *   curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0);
+     *   curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
     * That is, in general, a bad idea. It is still better than sending your
     * authentication details in plain text though.
     * Instead, you should get the issuer certificate (or the host certificate
@@ -135,7 +135,7 @@ int main(void)
    /* Since the traffic will be encrypted, it is very useful to turn on debug
     * information within libcurl to see what is happening during the transfer.
     */
-    curl_easy_setopt(curl, CURLOPT_VERBOSE, 1);
+    curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
    /* send the message (including headers) */
    res = curl_easy_perform(curl);
--- a/docs/examples/synctime.c
+++ b/docs/examples/synctime.c
@@ -147,7 +147,7 @@ size_t SyncTime_CURL_WriteHeader(void *ptr, size_t size, size_t nmemb,
                                         TmpStr1 & 2? */
        AutoSyncTime = 0;
      else {
-        RetVal = sscanf ((char *)(ptr), "Date: %s %d %s %d %d:%d:%d",
+        RetVal = sscanf ((char *)(ptr), "Date: %s %hu %s %hu %hu:%hu:%hu",
                         TmpStr1, &SYSTime.wDay, TmpStr2, &SYSTime.wYear,
                         &SYSTime.wHour, &SYSTime.wMinute, &SYSTime.wSecond);
--- a/docs/libcurl/curl_easy_cleanup.3
+++ b/docs/libcurl/curl_easy_cleanup.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -37,8 +37,15 @@ This will effectively close all connections this handle has used and possibly
 has kept open until now. Don't call this function if you intend to transfer
 more files.
-Any uses of the \fBhandle\fP after this function has been called are
+Occasionally you may get your progress callback or header callback called from
-illegal. This kills the handle and all memory associated with it!
+within \fIcurl_easy_cleanup(3)\fP (if previously set for the handle using
 \fIcurl_easy_setopt(3)\fP). Like if libcurl decides to shut down the
 connection and the protocol is of a kind that requires a command/response
 sequence before disconnect. Examples of such protocols are FTP, POP3 and IMAP.
 Any uses of the \fBhandle\fP after this function has been called and have
 returned, are illegal. This kills the handle and all memory associated with
 it!
 With libcurl versions prior to 7.17.: when you've called this, you can safely
 remove all the strings you've previously told libcurl to use, as it won't use
--- a/docs/libcurl/curl_easy_setopt.3
+++ b/docs/libcurl/curl_easy_setopt.3
@@ -91,7 +91,9 @@ SIGPIPE signals, which otherwise are sent by the system when trying to send
 data to a socket which is closed in the other end. libcurl makes an effort to
 never cause such SIGPIPEs to trigger, but some operating systems have no way
 to avoid them and even on those that have there are some corner cases when
-they may still happen, contrary to our desire.
+they may still happen, contrary to our desire. In addition, using
 \fICURLAUTH_NTLM_WB\fP authentication could cause a SIGCHLD signal to be
 raised.
 .IP CURLOPT_WILDCARDMATCH
 Set this option to 1 if you want to transfer multiple files according to a
 file name pattern. The pattern can be specified as part of the
@@ -169,8 +171,12 @@ Set the \fIuserdata\fP argument with the \fICURLOPT_WRITEDATA\fP option.
 The callback function will be passed as much data as possible in all invokes,
 but you cannot possibly make any assumptions. It may be one byte, it may be
-thousands. The maximum amount of data that can be passed to the write callback
+thousands. The maximum amount of body data that can be passed to the write
-is defined in the curl.h header file: CURL_MAX_WRITE_SIZE.
+callback is defined in the curl.h header file: CURL_MAX_WRITE_SIZE (the usual
 default is 16K). If you however have \fICURLOPT_HEADER\fP set, which sends
 header data to the write callback, you can get up to
 \fICURL_MAX_HTTP_HEADER\fP bytes of header data passed into it. This usually
 means 100K.
 .IP CURLOPT_WRITEDATA
 Data pointer to pass to the file write function. If you use the
 \fICURLOPT_WRITEFUNCTION\fP option, this is the pointer you'll get as
@@ -352,6 +358,9 @@ of bytes actually taken care of. If that amount differs from the amount passed
 to your function, it'll signal an error to the library. This will abort the
 transfer and return \fICURL_WRITE_ERROR\fP.
 A complete header that is passed to this function can be up to
 \fICURL_MAX_HTTP_HEADER\fP (100K) bytes.
 If this option is not set, or if it is set to NULL, but
 \fICURLOPT_HEADERDATA\fP (\fICURLOPT_WRITEHEADER\fP) is set to anything but
 NULL, the function used to accept response data will be used instead. That is,
@@ -582,20 +591,162 @@ POST/PUT and a 401 or 407 is received immediately afterwards.
 .SH NETWORK OPTIONS
 .IP CURLOPT_URL
 The actual URL to deal with. The parameter should be a char * to a zero
-terminated string.
+terminated string which must be URL-encoded in the following format:
-If the given URL lacks the protocol part ("http://" or "ftp://" etc), it will
+scheme://host:port/path
 attempt to guess which protocol to use based on the given host name. If the
 given protocol of the set URL is not supported, libcurl will return on error
 (\fICURLE_UNSUPPORTED_PROTOCOL\fP) when you call \fIcurl_easy_perform(3)\fP or
 \fIcurl_multi_perform(3)\fP. Use \fIcurl_version_info(3)\fP for detailed info
 on which protocols are supported.
-The string given to CURLOPT_URL must be url-encoded and follow RFC 2396
+For a greater explanation of the format please see RFC 2396
 (http://curl.haxx.se/rfc/rfc2396.txt).
-Starting with version 7.20.0, the fragment part of the URI will not be send as
+If the given URL lacks the scheme, or protocol, part ("http://" or "ftp://"
-part of the path, which was the case previously.
+etc), libcurl will attempt to resolve which protocol to use based on the
 given host mame. If the protocol is not supported, libcurl will return
 (\fICURLE_UNSUPPORTED_PROTOCOL\fP) when you call \fIcurl_easy_perform(3)\fP
 or \fIcurl_multi_perform(3)\fP. Use \fIcurl_version_info(3)\fP for detailed
 information on which protocols are supported.
 The host part of the URL contains the address of the server that you want to
 connect to. This can be the fully qualified domain name of the server, the
 local network name of the machine on your network or the IP address of the
 server or machine represented by either an IPv4 or IPv6 address. For example:
 http://www.example.com/
 http://hostname/
 http://192.168.0.1/
 http://[2001:1890:1112:1::20]/
 It is also possible to specify the user name and password as part of the
 host, for some protocols, when connecting to servers that require
 authentication.
 For example the following types of authentication support this:
 http://user:password@www.domain.com
 ftp://user:password@ftp.domain.com
 pop3://user:password@mail.domain.com
 The port is optional and when not specified libcurl will use the default port
 based on the determined or specified protocol: 80 for http, 21 for ftp and 25
 for smtp, etc. The following examples show how to specify the port:
 http://www.weirdserver.com:8080/ - This will connect to a web server using
 port 8080.
 smtp://mail.domain.com:587/ - This will connect to a smtp server on the
 alternative mail port.
 The path part of the URL is protocol specific and whilst some examples are
 given below this list is not conclusive:
 .B HTTP
 The path part of a HTTP request specifies the file to retrieve and from what
 directory. If the directory is not specified then the web server's root
 directory is used. If the file is omitted then the default document will be
 retrieved for either the directory specified or the root directory. The
 exact resource returned for each URL is entirely dependent on the server's
 configuration.
 http://www.netscape.com - This gets the main page (index.html in this
 example) from Netscape's web server.
 http://www.netscape.com/index.html - This returns the main page from Netscape
 by specifying the page to get.
 http://www.netscape.com/contactus/ - This returns the default document from
 the contactus directory.
 .B FTP
 The path part of an FTP request specifies the file to retrieve and from what
 directory. If the file part is omitted then libcurl downloads the directory
 listing for the directory specified. If the directory is omitted then
 the directory listing for the root / home directory will be returned.
 ftp://cool.haxx.se - This retrieves the directory listing for our FTP server.
 ftp://cool.haxx.se/readme.txt - This downloads the file readme.txt from the
 root directory.
 ftp://cool.haxx.se/libcurl/readme.txt - This downloads readme.txt from the
 libcurl directory.
 ftp://user:password@my.example.com/readme.txt - This retrieves the readme.txt
 file from the user's home directory. When a username and password is
 specified, everything that is specified in the path part is relative to the
 user's home directory. To retrieve files from the root directory or a
 directory underneath the root directory then the absolute path must be
 specified by prepending an additional forward slash to the beginning of the
 path.
 ftp://user:password@my.example.com//readme.txt - This retrieves the readme.txt
 from the root directory when logging in as a specified user.
 .B SMTP
 The path part of a SMTP request specifies the host name to present during
 communication with the mail server. If the path is omitted then libcurl will
 attempt to resolve the local computer's host name. However, this may not
 return the fully qualified domain name that is required by some mail servers
 and specifying this path allows you to set an alternative name, such as
 your machine's fully qualified domain name, which you might have obtained
 from an external function such as gethostname or getaddrinfo.
 smtp://mail.domain.com - This connects to the mail server at domain.com and
 sends your local computer's host name in the HELO / EHLO command.
 smtp://mail.domain.com/client.domain.com - This will send client.domain.com in
 the HELO / EHLO command to the mail server at domain.com.
 .B POP3
 The path part of a POP3 request specifies the mailbox (message) to retrieve.
 If the mailbox is not specified then a list of waiting messages is returned
 instead.
 pop3://user:password@mail.domain.com - This lists the available messages
 pop3://user:password@mail.domain.com/1 - This retrieves the first message
 .B SCP
 The path part of an SCP request specifies the file to retrieve and from what
 directory. The file part may not be omitted. The file is taken as an absolute
 path from the root directory on the server. To specify a path relative to
 the user's home directory on the server, prepend ~/ to the path portion.
 If the user name is not embedded in the URL, it can be set with the
 \fICURLOPT_USERPWD\fP or \fBCURLOPT_USERNAME\fP option.
 scp://user@example.com/etc/issue - This specifies the file /etc/issue
 scp://example.com/~/my-file - This specifies the file my-file in the
 user's home directory on the server
 .B SFTP
 The path part of an SFTP request specifies the file to retrieve and from what
 directory. If the file part is omitted then libcurl downloads the directory
 listing for the directory specified.  If the path ends in a / then a directory
 listing is returned instead of a file.  If the path is omitted entirely then
 the directory listing for the root / home directory will be returned.
 If the user name is not embedded in the URL, it can be set with the
 \fICURLOPT_USERPWD\fP or \fBCURLOPT_USERNAME\fP option.
 sftp://user:password@example.com/etc/issue - This specifies the file
 /etc/issue
 sftp://user@example.com/~/my-file - This specifies the file my-file in the
 user's home directory
 sftp://ssh.example.com/~/Documents/ - This requests a directory listing
 of the Documents directory under the user's home directory
 .B NOTES
 Starting with version 7.20.0, the fragment part of the URI will not be sent as
 part of the path, which was previously the case.
 \fICURLOPT_URL\fP is the only option that \fBmust\fP be set before
 \fIcurl_easy_perform(3)\fP is called.
@@ -664,10 +815,10 @@ this are \fICURLPROXY_HTTP\fP, \fICURLPROXY_HTTP_1_0\fP (added in 7.19.4),
 If you set \fBCURLOPT_PROXYTYPE\fP to \fICURLPROXY_HTTP_1_0\fP, it will only
 affect how libcurl speaks to a proxy when CONNECT is used. The HTTP version
-used for "regular" HTTP requests is instead controled with
+used for "regular" HTTP requests is instead controlled with
 \fICURLOPT_HTTP_VERSION\fP.
 .IP CURLOPT_NOPROXY
-Pass a pointer to a zero terminated string. The should be a comma- separated
+Pass a pointer to a zero terminated string. The should be a comma separated
 list of hosts which do not use a proxy, if one is specified.  The only
 wildcard is a single * character, which matches all hosts, and effectively
 disables the proxy. Each name in this list is matched as either a domain which
@@ -890,6 +1041,20 @@ prevent the password from being eavesdropped.
 You need to build libcurl with OpenSSL support for this option to work, or
 build libcurl on Windows.
 .IP CURLAUTH_NTLM_WB
 NTLM delegating to winbind helper. Authentication is performed by a separate
 binary application that is executed when needed. The name of the application
 is specified at compile time but is typically /usr/bin/ntlm_auth
 (Added in 7.22.0)
 Note that libcurl will fork when necessary to run the winbind application and
 kill it when complete, calling waitpid() to await its exit when done. On POSIX
 operating systems, killing the process will cause a SIGCHLD signal to be
 raised (regardless of whether \fICURLOPT_NOSIGNAL\fP is set), which must be
 handled intelligently by the application. In particular, the application must
 not unconditionally call wait() in its SIGCHLD signal handler to avoid being
 subject to a race condition.  This behavior is subject to change in future
 versions of libcurl.
 .IP CURLAUTH_ANY
 This is a convenience macro that sets all bits and thus makes libcurl pick any
 it finds suitable. libcurl will automatically select the one it finds most
@@ -917,12 +1082,12 @@ You need to build libcurl with GnuTLS or OpenSSL with TLS-SRP support for this
 to work. (Added in 7.21.4)
 .RE
 .IP CURLOPT_TLSAUTH_USERNAME
-Pass a char * as parameter, which should point to the zero-terminated username
+Pass a char * as parameter, which should point to the zero terminated username
 to use for the TLS authentication method specified with the
 \fICURLOPT_TLSAUTH_TYPE\fP option. Requires that the
 \fICURLOPT_TLS_PASSWORD\fP option also be set. (Added in 7.21.4)
 .IP CURLOPT_TLSAUTH_PASSWORD
-Pass a char * as parameter, which should point to the zero-terminated password
+Pass a char * as parameter, which should point to the zero terminated password
 to use for the TLS authentication method specified with the
 \fICURLOPT_TLSAUTH_TYPE\fP option. Requires that the
 \fICURLOPT_TLS_USERNAME\fP option also be set. (Added in 7.21.4)
@@ -1313,18 +1478,22 @@ Examples with specified ports:
 You disable PORT again and go back to using the passive version by setting
 this option to NULL.
 .IP CURLOPT_QUOTE
-Pass a pointer to a linked list of FTP or SFTP commands to pass to
+Pass a pointer to a linked list of FTP or SFTP commands to pass to the server
-the server prior to your FTP request. This will be done before any
+prior to your FTP request. This will be done before any other commands are
-other commands are issued (even before the CWD command for FTP). The
+issued (even before the CWD command for FTP). The linked list should be a
-linked list should be a fully valid list of 'struct curl_slist' structs
+fully valid list of 'struct curl_slist' structs properly filled in with text
-properly filled in with text strings. Use \fIcurl_slist_append(3)\fP
+strings. Use \fIcurl_slist_append(3)\fP to append strings (commands) to the
-to append strings (commands) to the list, and clear the entire list
+list, and clear the entire list afterwards with
-afterwards with \fIcurl_slist_free_all(3)\fP. Disable this operation
+\fIcurl_slist_free_all(3)\fP. Disable this operation again by setting a NULL
-again by setting a NULL to this option.
+to this option. When speaking to a FTP server, prefix the command with an
-The set of valid FTP commands depends on the server (see RFC959 for a
+asterisk (*) to make libcurl continue even if the command fails as by default
-list of mandatory commands).
+libcurl will stop at first failure.
-The valid SFTP commands are: chgrp, chmod, chown, ln, mkdir, pwd,
+
-rename, rm, rmdir, symlink (see
+The set of valid FTP commands depends on the server (see RFC959 for a list of
 mandatory commands).
 The valid SFTP commands are: chgrp, chmod, chown, ln, mkdir, pwd, rename, rm,
 rmdir, symlink (see
 .BR curl (1))
 (SFTP support added in 7.16.3)
 .IP CURLOPT_POSTQUOTE
@@ -1451,7 +1620,7 @@ a reply.
 Initiate the shutdown and wait for a reply.
 .RE
 .IP CURLOPT_FTP_ACCOUNT
-Pass a pointer to a zero-terminated string (or NULL to disable). When an FTP
+Pass a pointer to a zero terminated string (or NULL to disable). When an FTP
 server asks for "account data" after user name and password has been provided,
 this data is sent off using the ACCT command. (Added in 7.13.0)
 .IP CURLOPT_FTP_FILEMETHOD
@@ -2105,6 +2274,14 @@ of these, 'private' will be used. Set the string to NULL to disable kerberos
 support for FTP.
 (This option was known as CURLOPT_KRB4LEVEL up to 7.16.3)
 .IP CURLOPT_GSSAPI_DELEGATION
 Set the parameter to CURLGSSAPI_DELEGATION_FLAG to allow unconditional GSSAPI
 credential delegation.  The delegation is disabled by default since 7.21.7.
 Set the parameter to CURLGSSAPI_DELEGATION_POLICY_FLAG to delegate only if
 the OK-AS-DELEGATE flag is set in the service ticket in case this feature is
 supported by the GSSAPI implementation and the definition of
 GSS_C_DELEG_POLICY_FLAG was available at compile-time.
 (Added in 7.22.0)
 .SH SSH OPTIONS
 .IP CURLOPT_SSH_AUTH_TYPES
 Pass a long set to a bitmask consisting of one or more of
--- a/docs/libcurl/curl_multi_fdset.3
+++ b/docs/libcurl/curl_multi_fdset.3
@@ -40,19 +40,28 @@ but be sure to FD_ZERO them before calling this function as
 otherwise remove any others. The \fIcurl_multi_perform(3)\fP function should be
 called as soon as one of them is ready to be read from or written to.
 To be sure to have up-to-date results, you should call
 \fIcurl_multi_perform\fP until it does not return CURLM_CALL_MULTI_PERFORM
 prior to calling \fIcurl_multi_fdset\fP.  This will make sure that libcurl has
 updated the handles' socket states.
 If no file descriptors are set by libcurl, \fImax_fd\fP will contain -1 when
 this function returns. Otherwise it will contain the higher descriptor number
-libcurl set.
+libcurl set. When libcurl returns -1 in \fImax_fd\fP, it is because libcurl
 currently does something that isn't possible for your application to monitor
 with a socket and unfortunately you can then not know exactly when the current
 action is completed using select(). When max_fd returns with -1, you need to
 wait a while and then proceed and call \fIcurl_multi_perform\fP anyway. How
 long to wait? I would suggest 100 milliseconds at least, but you may want to
 test it out in your own particular conditions to find a suitable value.
 When doing select(), you should use \fBcurl_multi_timeout\fP to figure out how
 long to wait for action. Call \fIcurl_multi_perform\fP even if no activity has
 been seen on the fd_sets after the timeout expires as otherwise internal
 retries and timeouts may not work as you'd think and want.
 If one of the sockets used by libcurl happens to be larger than what can be
 set in an fd_set, which on POSIX systems means that the file descriptor is
 larger than FD_SETSIZE, then libcurl will try to not set it. Setting a too
 large file descriptor in an fd_set implies an out of bounds write which can
 cause crashes, or worse. The effect of NOT storing it will possibly save you
 from the crash, but will make your program NOT wait for sockets it should wait
 for...
 .SH RETURN VALUE
 CURLMcode type, general libcurl multi interface error code. See
 \fIlibcurl-errors(3)\fP
--- a/docs/libcurl/curl_share_setopt.3
+++ b/docs/libcurl/curl_share_setopt.3
@@ -64,6 +64,11 @@ Cached DNS hosts will be shared across the easy handles using this shared
 object. Note that when you use the multi interface, all easy handles added to
 the same multi handle will share DNS cache by default without this having to
 be used!
 .IP CURL_LOCK_DATA_SSL_SESSION
 SSL session IDs will be shared accross the easy handles using this shared
 object. This will reduce the time spent in the SSL handshake when reconnecting
 to the same server. Note SSL session IDs are reused within the same easy handle
 by default.
 .RE
 .IP CURLSHOPT_UNSHARE
 This option does the opposite of \fICURLSHOPT_SHARE\fP. It specifies that
--- a/docs/libcurl/curl_version_info.3
+++ b/docs/libcurl/curl_version_info.3
@@ -128,6 +128,11 @@ the app having to pass them on. (Added in 7.13.2)
 .IP CURL_VERSION_CONV
 libcurl was built with support for character conversions, as provided by the
 CURLOPT_CONV_* callbacks. (Added in 7.15.4)
 .IP CURL_VERSION_TLSAUTH_SRP
 libcurl was built with support for TLS-SRP. (Added in 7.21.4)
 .IP CURL_VERSION_NTLM_WB
 libcurl was built with support for NTLM delegation to a winbind helper.
 (Added in 7.22.0)
 .RE
 \fIssl_version\fP is an ASCII string for the OpenSSL version used. If libcurl
 has no SSL support, this is NULL.
--- a/docs/libcurl/libcurl-errors.3
+++ b/docs/libcurl/libcurl-errors.3
@@ -277,3 +277,6 @@ An invalid share object was passed to the function.
 .IP "CURLSHE_NOMEM (4)"
 Not enough memory was available.
 (Added in 7.12.0)
 .IP "CURLSHE_NOT_BUILT_IN (5)"
 The requsted sharing could not be done because the library you use don't have
 that particular feature enabled. (Added in 7.23.0)
--- a/docs/libcurl/libcurl-multi.3
+++ b/docs/libcurl/libcurl-multi.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -82,14 +82,6 @@ might need attention. This also makes it very easy for your program to wait
 for input on your own private file descriptors at the same time or perhaps
 timeout every now and then, should you want that.
 A little note here about the return codes from the multi functions, and
 especially the \fIcurl_multi_perform(3)\fP: if you receive
 \fICURLM_CALL_MULTI_PERFORM\fP, this basically means that you should call
 \fIcurl_multi_perform(3)\fP again, before you select() on more actions. You
 don't have to do it immediately, but the return code means that libcurl may
 have more data available to return or that there may be more data to send off
 before it is "satisfied".
 \fIcurl_multi_perform(3)\fP stores the number of still running transfers in
 one of its input arguments, and by reading that you can figure out when all
 the transfers in the multi handles are done. 'done' does not mean
@@ -118,21 +110,39 @@ If you want to re-use an easy handle that was added to the multi handle for
 transfer, you must first remove it from the multi stack and then re-add it
 again (possibly after having altered some options at your own choice).
 .SH "MULTI_SOCKET"
-Since 7.16.0, the \fIcurl_multi_socket_action(3)\fP function offers a way for
+\fIcurl_multi_socket_action(3)\fP function offers a way for applications to
-applications to not only avoid being forced to use select(), but it also
+not only avoid being forced to use select(), but it also offers a much more
-offers a much more high-performance API that will make a significant
+high-performance API that will make a significant difference for applications
-difference for applications using large numbers of simultaneous connections.
+using large numbers of simultaneous connections.
-\fIcurl_multi_socket_action(3)\fP is then used
+\fIcurl_multi_socket_action(3)\fP is then used instead of
-instead of \fIcurl_multi_perform(3)\fP.
+\fIcurl_multi_perform(3)\fP.
 When using this API, you add easy handles to the multi handle just as with the
 normal multi interface. Then you also set two callbacks with the
 CURLMOPT_SOCKETFUNCTION and CURLMOPT_TIMERFUNCTION options to
 \fIcurl_multi_setopt(3)\fP.
 The API is then designed to inform your application about which sockets
 libcurl is currently using and for what activities (read and/or write) on
 those sockets your application is expected to wait for.
 Your application must then make sure to receive all sockets informed about in
 the CURLMOPT_SOCKETFUNCTION callback and make sure it reacts on the given
 activity on them. When a socket has the given activity, you call
 \fIcurl_multi_socket_action(3)\fP specifying which socket and action there
 are.
 The CURLMOPT_TIMERFUNCTION callback is called to set a timeout. When that
 timeout expires, your application should call the
 \fIcurl_multi_socket_action(3)\fP function saying it was due to a timeout.
 .SH "BLOCKING"
 A few areas in the code are still using blocking code, even when used from the
 multi interface. While we certainly want and intend for these to get fixed in
 the future, you should be aware of the following current restrictions:
 .nf
- - Name resolves on non-windows unless c-ares is used
+ - Name resolves unless the c-ares or threaded-resolver backends are used
 - GnuTLS SSL connections
 - NSS SSL connections
 - Active FTP connections
 - HTTP proxy CONNECT operations
--- a/docs/libcurl/libcurl-tutorial.3
+++ b/docs/libcurl/libcurl-tutorial.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -249,9 +249,11 @@ complication for you. Given simply the URL to a file, libcurl will take care
 of all the details needed to get the file moved from one machine to another.
 .SH "Multi-threading Issues"
-The first basic rule is that you must \fBnever\fP share a libcurl handle (be
+The first basic rule is that you must \fBnever\fP simultaneously share a
-it easy or multi or whatever) between multiple threads. Only use one handle in
+libcurl handle (be it easy or multi or whatever) between multiple
-one thread at a time.
+threads. Only use one handle in one thread at any time. You can pass the
 handles around among threads, but you must never use a single handle from more
 than one thread at any given time.
 libcurl is completely thread safe, except for two issues: signals and SSL/TLS
 handlers. Signals are used for timing out name resolves (during DNS lookup) -
--- a/docs/libcurl/libcurl.m4
+++ b/docs/libcurl/libcurl.m4
@@ -157,6 +157,7 @@ x=CURLOPT_FILE;
 x=CURLOPT_ERRORBUFFER;
 x=CURLOPT_STDERR;
 x=CURLOPT_VERBOSE;
 if (x) ;
 ])],libcurl_cv_lib_curl_usable=yes,libcurl_cv_lib_curl_usable=no)
           CPPFLAGS=$_libcurl_save_cppflags
--- a/docs/libcurl/symbols-in-versions
+++ b/docs/libcurl/symbols-in-versions
@@ -20,6 +20,7 @@ CURLAUTH_DIGEST_IE              7.19.3
 CURLAUTH_GSSNEGOTIATE           7.10.6
 CURLAUTH_NONE                   7.10.6
 CURLAUTH_NTLM                   7.10.6
 CURLAUTH_NTLM_WB                7.22.0
 CURLAUTH_ONLY                   7.21.3
 CURLCLOSEPOLICY_CALLBACK        7.7
 CURLCLOSEPOLICY_LEAST_RECENTLY_USED 7.7
@@ -186,6 +187,9 @@ CURLFTPSSL_TRY                  7.11.0        7.17.0
 CURLFTP_CREATE_DIR              7.19.4
 CURLFTP_CREATE_DIR_NONE         7.19.4
 CURLFTP_CREATE_DIR_RETRY        7.19.4
 CURLGSSAPI_DELEGATION_FLAG      7.22.0
 CURLGSSAPI_DELEGATION_NONE      7.22.0
 CURLGSSAPI_DELEGATION_POLICY_FLAG 7.22.0
 CURLINFO_APPCONNECT_TIME        7.19.0
 CURLINFO_CERTINFO               7.19.1
 CURLINFO_CONDITION_UNMET        7.19.4
@@ -344,6 +348,7 @@ CURLOPT_FTP_SSL_CCC             7.16.1
 CURLOPT_FTP_USE_EPRT            7.10.5
 CURLOPT_FTP_USE_EPSV            7.9.2
 CURLOPT_FTP_USE_PRET            7.20.0
 CURLOPT_GSSAPI_DELEGATION       7.22.0
 CURLOPT_HEADER                  7.1
 CURLOPT_HEADERDATA              7.10
 CURLOPT_HEADERFUNCTION          7.7.2
@@ -545,6 +550,7 @@ CURLSHE_BAD_OPTION              7.10.3
 CURLSHE_INVALID                 7.10.3
 CURLSHE_IN_USE                  7.10.3
 CURLSHE_NOMEM                   7.12.0
 CURLSHE_NOT_BUILT_IN            7.23.0
 CURLSHE_OK                      7.10.3
 CURLSHOPT_LOCKFUNC              7.10.3
 CURLSHOPT_NONE                  7.10.3
@@ -675,6 +681,7 @@ CURL_VERSION_KERBEROS4          7.10
 CURL_VERSION_LARGEFILE          7.11.1
 CURL_VERSION_LIBZ               7.10
 CURL_VERSION_NTLM               7.10.6
 CURL_VERSION_NTLM_WB            7.22.0
 CURL_VERSION_SPNEGO             7.10.8
 CURL_VERSION_SSL                7.10
 CURL_VERSION_SSPI               7.13.2
--- a/include/curl/curl.h
+++ b/include/curl/curl.h
@@ -55,18 +55,17 @@
 #include <sys/types.h>
 #include <time.h>
-#if defined(WIN32) && !defined(_WIN32_WCE) && !defined(__GNUC__) && \
+#if defined(WIN32) && !defined(_WIN32_WCE) && !defined(__CYGWIN__)
-  !defined(__CYGWIN__) || defined(__MINGW32__)
+#if !(defined(_WINSOCKAPI_) || defined(_WINSOCK_H) || defined(__LWIP_OPT_H__))
 #if !(defined(_WINSOCKAPI_) || defined(_WINSOCK_H))
 /* The check above prevents the winsock2 inclusion if winsock.h already was
   included, since they can't co-exist without problems */
 #include <winsock2.h>
 #include <ws2tcpip.h>
 #endif
-#else
+#endif
 /* HP-UX systems version 9, 10 and 11 lack sys/select.h and so does oldish
-   libc5-based Linux systems. Only include it on system that are known to
+   libc5-based Linux systems. Only include it on systems that are known to
   require it! */
 #if defined(_AIX) || defined(__NOVELL_LIBC__) || defined(__NetBSD__) || \
    defined(__minix) || defined(__SYMBIAN32__) || defined(__INTEGRITY) || \
@@ -75,14 +74,13 @@
 #include <sys/select.h>
 #endif
-#ifndef _WIN32_WCE
+#if !defined(WIN32) && !defined(_WIN32_WCE)
 #include <sys/socket.h>
 #endif
 #if !defined(WIN32) && !defined(__WATCOMC__) && !defined(__VXWORKS__)
 #include <sys/time.h>
 #endif
 #include <sys/types.h>
 #endif
 #ifdef __BEOS__
 #include <support/SupportDefs.h>
@@ -122,7 +120,7 @@ typedef void CURL;
 #ifndef curl_socket_typedef
 /* socket typedef */
-#ifdef WIN32
+#if defined(WIN32) && !defined(__LWIP_OPT_H__)
 typedef SOCKET curl_socket_t;
 #define CURL_SOCKET_BAD INVALID_SOCKET
 #else
@@ -189,10 +187,10 @@ typedef int (*curl_progress_callback)(void *clientp,
 #define CURL_MAX_HTTP_HEADER (100*1024)
 #endif
 /* This is a magic return code for the write callback that, when returned,
   will signal libcurl to pause receiving on the current transfer. */
 #define CURL_WRITEFUNC_PAUSE 0x10000001
 typedef size_t (*curl_write_callback)(char *buffer,
                                      size_t size,
                                      size_t nitems,
@@ -600,6 +598,7 @@ typedef enum {
 #define CURLAUTH_GSSNEGOTIATE (1<<2)  /* GSS-Negotiate */
 #define CURLAUTH_NTLM         (1<<3)  /* NTLM */
 #define CURLAUTH_DIGEST_IE    (1<<4)  /* Digest with IE flavour */
 #define CURLAUTH_NTLM_WB      (1<<5)  /* NTLM delegating to winbind helper */
 #define CURLAUTH_ONLY         (1<<31) /* used together with a single other
                                         type to force no auth or just that
                                         single type */
@@ -614,6 +613,10 @@ typedef enum {
 #define CURLSSH_AUTH_KEYBOARD  (1<<3) /* keyboard interactive */
 #define CURLSSH_AUTH_DEFAULT CURLSSH_AUTH_ANY
 #define CURLGSSAPI_DELEGATION_NONE        0      /* no delegation (default) */
 #define CURLGSSAPI_DELEGATION_POLICY_FLAG (1<<0) /* if permitted by policy */
 #define CURLGSSAPI_DELEGATION_FLAG        (1<<1) /* delegate always */
 #define CURL_ERROR_SIZE 256
 struct curl_khkey {
@@ -916,9 +919,7 @@ typedef enum {
  /* send linked-list of post-transfer QUOTE commands */
  CINIT(POSTQUOTE, OBJECTPOINT, 39),
-  /* Pass a pointer to string of the output using full variable-replacement
+  CINIT(WRITEINFO, OBJECTPOINT, 40), /* DEPRECATED, do not use! */
     as described elsewhere. */
  CINIT(WRITEINFO, OBJECTPOINT, 40),
  CINIT(VERBOSE, LONG, 41),      /* talk a lot */
  CINIT(HEADER, LONG, 42),       /* throw the header out too */
@@ -994,8 +995,7 @@ typedef enum {
  /* Max amount of cached alive connections */
  CINIT(MAXCONNECTS, LONG, 71),
-  /* 72 - DEPRECATED */
+  CINIT(CLOSEPOLICY, LONG, 72), /* DEPRECATED, do not use! */
  CINIT(CLOSEPOLICY, LONG, 72),
  /* 73 = OBSOLETE */
@@ -1069,7 +1069,7 @@ typedef enum {
  CINIT(SSLENGINE_DEFAULT, LONG, 90),
  /* Non-zero value means to use the global dns cache */
-  CINIT(DNS_USE_GLOBAL_CACHE, LONG, 91), /* To become OBSOLETE soon */
+  CINIT(DNS_USE_GLOBAL_CACHE, LONG, 91), /* DEPRECATED, do not use! */
  /* DNS cache timeout */
  CINIT(DNS_CACHE_TIMEOUT, LONG, 92),
@@ -1483,6 +1483,9 @@ typedef enum {
  CINIT(CLOSESOCKETFUNCTION, FUNCTIONPOINT, 208),
  CINIT(CLOSESOCKETDATA, OBJECTPOINT, 209),
  /* allow GSSAPI credential delegation */
  CINIT(GSSAPI_DELEGATION, LONG, 210),
  CURLOPT_LASTENTRY /* the last unused */
 } CURLoption;
@@ -2011,8 +2014,9 @@ typedef enum {
  CURLSHE_BAD_OPTION, /* 1 */
  CURLSHE_IN_USE,     /* 2 */
  CURLSHE_INVALID,    /* 3 */
-  CURLSHE_NOMEM,      /* out of memory */
+  CURLSHE_NOMEM,      /* 4 out of memory */
-  CURLSHE_LAST /* never use */
+  CURLSHE_NOT_BUILT_IN, /* 5 feature not present in lib */
  CURLSHE_LAST        /* never use */
 } CURLSHcode;
 typedef enum {
@@ -2092,8 +2096,9 @@ typedef struct {
 #define CURL_VERSION_CONV      (1<<12) /* character conversions supported */
 #define CURL_VERSION_CURLDEBUG (1<<13) /* debug memory tracking supported */
 #define CURL_VERSION_TLSAUTH_SRP (1<<14) /* TLS-SRP auth is supported */
 #define CURL_VERSION_NTLM_WB   (1<<15) /* NTLM delegating to winbind helper */
-/*
+ /*
 * NAME curl_version_info()
 *
 * DESCRIPTION
--- a/include/curl/curlver.h
+++ b/include/curl/curlver.h
@@ -30,13 +30,13 @@
 /* This is the version number of the libcurl package from which this header
   file origins: */
-#define LIBCURL_VERSION "7.21.7-DEV"
+#define LIBCURL_VERSION "7.23.0-DEV"
 /* The numeric version number is also available "in parts" by using these
   defines: */
 #define LIBCURL_VERSION_MAJOR 7
-#define LIBCURL_VERSION_MINOR 21
+#define LIBCURL_VERSION_MINOR 23
-#define LIBCURL_VERSION_PATCH 7
+#define LIBCURL_VERSION_PATCH 0
 /* This is the numeric version of the libcurl version number, meant for easier
   parsing and comparions by programs. The LIBCURL_VERSION_NUM define will
@@ -53,7 +53,7 @@
   and it is always a greater number in a more recent release. It makes
   comparisons with greater than and less than work.
 */
-#define LIBCURL_VERSION_NUM 0x071507
+#define LIBCURL_VERSION_NUM 0x071700
 /*
 * This is the date and time when the full source package was created. The
--- a/include/curl/typecheck-gcc.h
+++ b/include/curl/typecheck-gcc.h
@@ -392,7 +392,8 @@ _CURL_WARNING(_curl_easy_getinfo_err_curl_slist,
 /* evaluates to true if expr is abuffer suitable for CURLOPT_ERRORBUFFER */
 /* XXX: also check size of an char[] array? */
 #define _curl_is_error_buffer(expr)                                           \
-  (__builtin_types_compatible_p(__typeof__(expr), char *) ||                  \
+  (_curl_is_NULL(expr) ||                                                     \
   __builtin_types_compatible_p(__typeof__(expr), char *) ||                  \
   __builtin_types_compatible_p(__typeof__(expr), char[]))
 /* evaluates to true if expr is of type (const) void* or (const) FILE* */
@@ -521,7 +522,11 @@ typedef int (_curl_progress_callback2)(const void *,
   _curl_callback_compatible((expr), _curl_debug_callback1) ||                \
   _curl_callback_compatible((expr), _curl_debug_callback2) ||                \
   _curl_callback_compatible((expr), _curl_debug_callback3) ||                \
-   _curl_callback_compatible((expr), _curl_debug_callback4))
+   _curl_callback_compatible((expr), _curl_debug_callback4) ||                \
   _curl_callback_compatible((expr), _curl_debug_callback5) ||                \
   _curl_callback_compatible((expr), _curl_debug_callback6) ||                \
   _curl_callback_compatible((expr), _curl_debug_callback7) ||                \
   _curl_callback_compatible((expr), _curl_debug_callback8))
 typedef int (_curl_debug_callback1) (CURL *,
    curl_infotype, char *, size_t, void *);
 typedef int (_curl_debug_callback2) (CURL *,
@@ -530,6 +535,14 @@ typedef int (_curl_debug_callback3) (CURL *,
    curl_infotype, const char *, size_t, void *);
 typedef int (_curl_debug_callback4) (CURL *,
    curl_infotype, const char *, size_t, const void *);
 typedef int (_curl_debug_callback5) (CURL *,
    curl_infotype, unsigned char *, size_t, void *);
 typedef int (_curl_debug_callback6) (CURL *,
    curl_infotype, unsigned char *, size_t, const void *);
 typedef int (_curl_debug_callback7) (CURL *,
    curl_infotype, const unsigned char *, size_t, void *);
 typedef int (_curl_debug_callback8) (CURL *,
    curl_infotype, const unsigned char *, size_t, const void *);
 /* evaluates to true if expr is of type curl_ssl_ctx_callback or "similar" */
 /* this is getting even messier... */
--- a/lib/Makefile.Watcom
+++ b/lib/Makefile.Watcom
@@ -89,7 +89,7 @@ ZLIB_ROOT = ..$(DS)..$(DS)zlib-1.2.5
 !ifdef %libssh2_root
 LIBSSH2_ROOT = $(%libssh2_root)
 !else
-LIBSSH2_ROOT = ..$(DS)..$(DS)libssh2-1.2.8
+LIBSSH2_ROOT = ..$(DS)..$(DS)libssh2-1.3.0
 !endif
 !ifdef %librtmp_root
--- a/lib/Makefile.inc
+++ b/lib/Makefile.inc
@@ -14,7 +14,7 @@ CSOURCES = file.c timeval.c base64.c hostip.c progress.c formdata.c	\
  curl_fnmatch.c fileinfo.c ftplistparser.c wildcard.c krb5.c		\
  memdebug.c http_chunks.c strtok.c connect.c llist.c hash.c multi.c	\
  content_encoding.c share.c http_digest.c md4.c md5.c curl_rand.c	\
-  http_negotiate.c http_ntlm.c inet_pton.c strtoofft.c strerror.c	\
+  http_negotiate.c inet_pton.c strtoofft.c strerror.c			\
  hostasyn.c hostip4.c hostip6.c hostsyn.c inet_ntop.c parsedate.c	\
  select.c gtls.c sslgen.c tftp.c splay.c strdup.c socks.c ssh.c nss.c	\
  qssl.c rawstr.c curl_addrinfo.c socks_gssapi.c socks_sspi.c		\
@@ -22,7 +22,8 @@ CSOURCES = file.c timeval.c base64.c hostip.c progress.c formdata.c	\
  pingpong.c rtsp.c curl_threads.c warnless.c hmac.c polarssl.c		\
  curl_rtmp.c openldap.c curl_gethostname.c gopher.c axtls.c		\
  idn_win32.c http_negotiate_sspi.c cyassl.c http_proxy.c non-ascii.c	\
-  asyn-ares.c asyn-thread.c
+  asyn-ares.c asyn-thread.c curl_gssapi.c curl_ntlm.c curl_ntlm_wb.c	\
  curl_ntlm_core.c curl_ntlm_msgs.c
 HHEADERS = arpa_telnet.h netrc.h file.h timeval.h qssl.h hostip.h	\
  progress.h formdata.h cookie.h http.h sendf.h ftp.h url.h dict.h	\
@@ -30,11 +31,12 @@ HHEADERS = arpa_telnet.h netrc.h file.h timeval.h qssl.h hostip.h	\
  getinfo.h strequal.h krb4.h memdebug.h http_chunks.h curl_rand.h	\
  curl_fnmatch.h wildcard.h fileinfo.h ftplistparser.h strtok.h		\
  connect.h llist.h hash.h content_encoding.h share.h curl_md4.h	\
-  curl_md5.h http_digest.h http_negotiate.h http_ntlm.h inet_pton.h	\
+  curl_md5.h http_digest.h http_negotiate.h inet_pton.h			\
  strtoofft.h strerror.h inet_ntop.h curlx.h curl_memory.h setup.h	\
  transfer.h select.h easyif.h multiif.h parsedate.h sslgen.h gtls.h	\
  tftp.h sockaddr.h splay.h strdup.h setup_once.h socks.h ssh.h nssg.h	\
  curl_base64.h rawstr.h curl_addrinfo.h curl_sspi.h slist.h nonblock.h	\
  curl_memrchr.h imap.h pop3.h smtp.h pingpong.h rtsp.h curl_threads.h	\
  warnless.h curl_hmac.h polarssl.h curl_rtmp.h curl_gethostname.h	\
-  gopher.h axtls.h cyassl.h http_proxy.h non-ascii.h asyn.h
+  gopher.h axtls.h cyassl.h http_proxy.h non-ascii.h asyn.h curl_ntlm.h \
  curl_gssapi.h curl_ntlm_wb.h curl_ntlm_core.h curl_ntlm_msgs.h
--- a/lib/Makefile.m32
+++ b/lib/Makefile.m32
@@ -1,7 +1,7 @@
-#########################################################################
+###########################################################################
 #
-## Makefile for building libcurl.a with MingW32 (GCC-3.2 or later)
+## Makefile for building libcurl.a with MingW (GCC-3.2 or later)
-## and optionally OpenSSL (0.9.8), libssh2 (1.2), zlib (1.2.5), librtmp (2.3)
+## and optionally OpenSSL (0.9.8), libssh2 (1.3), zlib (1.2.5), librtmp (2.3)
 ##
 ## Usage:   mingw32-make -f Makefile.m32 CFG=-feature1[-feature2][-feature3][...]
 ## Example: mingw32-make -f Makefile.m32 CFG=-zlib-ssl-sspi-winidn
@@ -9,10 +9,8 @@
 ## Hint: you can also set environment vars to control the build, f.e.:
 ## set ZLIB_PATH=c:/zlib-1.2.5
 ## set ZLIB=1
-##
+#
-## Comments to: Troy Engel <tengel@sonic.net> or
+###########################################################################
 ##              Joern Hartroth <hartroth@acm.org>
 #########################################################################
 # Edit the path below to point to the base of your Zlib sources.
 ifndef ZLIB_PATH
@@ -22,9 +20,18 @@ endif
 ifndef OPENSSL_PATH
 OPENSSL_PATH = ../../openssl-0.9.8r
 endif
 ifndef OPENSSL_INCLUDE
 OPENSSL_INCLUDE = $(OPENSSL_PATH)/outinc
 endif
 ifndef OPENSSL_LIBPATH
 OPENSSL_LIBPATH = $(OPENSSL_PATH)/out
 endif
 ifndef OPENSSL_LIBS
 OPENSSL_LIBS = -leay32 -lssl32
 endif
 # Edit the path below to point to the base of your LibSSH2 package.
 ifndef LIBSSH2_PATH
-LIBSSH2_PATH = ../../libssh2-1.2.8
+LIBSSH2_PATH = ../../libssh2-1.3.0
 endif
 # Edit the path below to point to the base of your librtmp package.
 ifndef LIBRTMP_PATH
@@ -45,22 +52,35 @@ ifndef LDAP_SDK
 LDAP_SDK = c:/novell/ndk/cldapsdk/win32
 endif
 PROOT = ..
 # Edit the path below to point to the base of your c-ares package.
 ifndef LIBCARES_PATH
-LIBCARES_PATH = ../ares
+LIBCARES_PATH = $(PROOT)/ares
 endif
 # Edit the var below to set to your architecture or set environment var.
 ifndef ARCH
 ARCH = w32
 endif
 CC = gcc
 CFLAGS = -g -O2 -Wall
 CFLAGS += -fno-strict-aliasing
 ifeq ($(ARCH),w64)
 CFLAGS += -D_AMD64_
 endif
 # comment LDFLAGS below to keep debug info
 LDFLAGS = -s
 AR = ar
 RANLIB = ranlib
 RC = windres
-RCFLAGS = --include-dir=../include -DDEBUGBUILD=0 -O COFF -i
+RCFLAGS = --include-dir=$(PROOT)/include -DDEBUGBUILD=0 -O COFF -i
 RM = del /q /f 2>NUL
 STRIP = strip -g
 RM = del /q /f 2>NUL
 CP = copy
 ########################################################
 ## Nothing more to do below this line!
@@ -95,6 +115,9 @@ endif
 ifeq ($(findstring -sspi,$(CFG)),-sspi)
 SSPI = 1
 endif
 ifeq ($(findstring -spnego,$(CFG)),-spnego)
 SPNEGO = 1
 endif
 ifeq ($(findstring -ldaps,$(CFG)),-ldaps)
 LDAPS = 1
 endif
@@ -104,10 +127,11 @@ endif
 INCLUDES = -I. -I../include
 CFLAGS += -DBUILDING_LIBCURL
 ifdef ARES
-  INCLUDES += -I$(LIBCARES_PATH)
+  INCLUDES += -I"$(LIBCARES_PATH)"
  CFLAGS += -DUSE_ARES
-  DLL_LIBS += -L$(LIBCARES_PATH) -lcares
+  DLL_LIBS += -L"$(LIBCARES_PATH)" -lcares
  libcurl_dll_DEPENDENCIES = $(LIBCARES_PATH)/libcares.a
 endif
 ifdef RTMP
@@ -118,37 +142,39 @@ endif
 ifdef SSH2
  INCLUDES += -I"$(LIBSSH2_PATH)/include" -I"$(LIBSSH2_PATH)/win32"
  CFLAGS += -DUSE_LIBSSH2 -DHAVE_LIBSSH2_H
-  DLL_LIBS += -L$(LIBSSH2_PATH)/win32 -lssh2
+  DLL_LIBS += -L"$(LIBSSH2_PATH)/win32" -lssh2
 endif
 ifdef SSL
-  INCLUDES += -I"$(OPENSSL_PATH)/outinc" -I"$(OPENSSL_PATH)/outinc/openssl"
+  INCLUDES += -I"$(OPENSSL_INCLUDE)"
  CFLAGS += -DUSE_SSLEAY -DUSE_OPENSSL -DHAVE_OPENSSL_ENGINE_H -DHAVE_OPENSSL_PKCS12_H \
            -DHAVE_ENGINE_LOAD_BUILTIN_ENGINES -DOPENSSL_NO_KRB5 \
            -DCURL_WANTS_CA_BUNDLE_ENV
-  DLL_LIBS += -L$(OPENSSL_PATH)/out -leay32 -lssl32
+  DLL_LIBS += -L"$(OPENSSL_LIBPATH)" $(OPENSSL_LIBS)
 endif
 ifdef ZLIB
  INCLUDES += -I"$(ZLIB_PATH)"
  CFLAGS += -DHAVE_LIBZ -DHAVE_ZLIB_H
-  DLL_LIBS += -L$(ZLIB_PATH) -lz
+  DLL_LIBS += -L"$(ZLIB_PATH)" -lz
 endif
 ifdef IDN
  INCLUDES += -I"$(LIBIDN_PATH)/include"
  CFLAGS += -DUSE_LIBIDN
-  DLL_LIBS += -L$(LIBIDN_PATH)/lib -lidn
+  DLL_LIBS += -L"$(LIBIDN_PATH)/lib" -lidn
 else
 ifdef WINIDN
  INCLUDES += -I"$(WINIDN_PATH)/include"
  CFLAGS += -DHAVE_NORMALIZATION_H
  CFLAGS += -DUSE_WIN32_IDN
  CFLAGS += -DWANT_IDN_PROTOTYPES
  DLL_LIBS += -L"$(WINIDN_PATH)" -lnormaliz
 endif
 endif
 ifdef SSPI
  CFLAGS += -DUSE_WINDOWS_SSPI
 endif
 ifdef SPNEGO
  CFLAGS += -DHAVE_SPNEGO
 endif
 ifdef IPV6
-  CFLAGS += -DENABLE_IPV6
+  CFLAGS += -DENABLE_IPV6 -D_WIN32_WINNT=0x0501
 endif
 ifdef LDAPS
  CFLAGS += -DHAVE_LDAP_SSL
@@ -165,11 +191,10 @@ ifdef USE_LDAP_OPENLDAP
 endif
 ifndef USE_LDAP_NOVELL
 ifndef USE_LDAP_OPENLDAP
-DLL_LIBS += -lwldap32
+  DLL_LIBS += -lwldap32
 endif
 endif
 DLL_LIBS += -lws2_32
 COMPILE = $(CC) $(INCLUDES) $(CFLAGS)
 # Makefile.inc provides the CSOURCES and HHEADERS defines
 include Makefile.inc
@@ -183,7 +208,6 @@ libcurl_a_DEPENDENCIES := $(strip $(CSOURCES) $(HHEADERS))
 RESOURCE = libcurl.res
 .SUFFIXES: .rc .res
 all: $(libcurl_a_LIBRARY) $(libcurl_dll_LIBRARY)
@@ -200,20 +224,25 @@ $(libcurl_dll_LIBRARY): $(libcurl_a_OBJECTS) $(RESOURCE) $(libcurl_dll_DEPENDENC
 	$(CC) $(LDFLAGS) -shared -Wl,--out-implib,$(libcurl_dll_a_LIBRARY) \
 	  -o $@ $(libcurl_a_OBJECTS) $(RESOURCE) $(DLL_LIBS)
-.c.o:
+%.o: %.c $(PROOT)/include/curl/curlbuild.h
-	$(COMPILE) -c $<
+	$(CC) $(INCLUDES) $(CFLAGS) -c $<
-.rc.res:
+%.res: %.rc
 	$(RC) $(RCFLAGS) $< -o $@
 clean:
 ifeq "$(wildcard $(PROOT)/include/curl/curlbuild.h.dist)" "$(PROOT)/include/curl/curlbuild.h.dist"
 	-$(RM) $(subst /,\,$(PROOT)/include/curl/curlbuild.h)
 endif
 	-$(RM) $(libcurl_a_OBJECTS) $(RESOURCE)
 distclean vclean: clean
 	-$(RM) $(libcurl_a_LIBRARY) $(libcurl_dll_LIBRARY) $(libcurl_dll_a_LIBRARY)
 FORCE: ;
 $(LIBCARES_PATH)/libcares.a:
 	$(MAKE) -C $(LIBCARES_PATH) -f Makefile.m32
 $(PROOT)/include/curl/curlbuild.h:
 	@echo Creating $@
 	@$(CP) $(subst /,\,$@).dist $(subst /,\,$@)
--- a/lib/Makefile.netware
+++ b/lib/Makefile.netware
@@ -24,7 +24,7 @@ endif
 # Edit the path below to point to the base of your LibSSH2 package.
 ifndef LIBSSH2_PATH
-LIBSSH2_PATH = ../../libssh2-1.2.8
+LIBSSH2_PATH = ../../libssh2-1.3.0
 endif
 # Edit the path below to point to the base of your axTLS package.
@@ -42,6 +42,11 @@ ifndef LIBRTMP_PATH
 LIBRTMP_PATH = ../../librtmp-2.3
 endif
 # Edit the path below to point to the base of your fbopenssl package.
 ifndef FBOPENSSL_PATH
 FBOPENSSL_PATH = ../../fbopenssl-0.4
 endif
 # Edit the path below to point to the base of your c-ares package.
 ifndef LIBCARES_PATH
 LIBCARES_PATH = ../ares
@@ -95,7 +100,7 @@ else
 endif
 PERL	= perl
 # Here you can find a native Win32 binary of the original awk:
-# http://www.gknw.net/development/prgtools/awk-20070501.zip
+# http://www.gknw.net/development/prgtools/awk-20100523.zip
 AWK	= awk
 CP	= cp -afv
 MKDIR	= mkdir
@@ -181,6 +186,43 @@ CURL_LIB = ../lib
 INCLUDES = -I$(CURL_INC) -I$(CURL_LIB)
 ifeq ($(findstring -static,$(CFG)),-static)
 LINK_STATIC = 1
 endif
 ifeq ($(findstring -ares,$(CFG)),-ares)
 WITH_ARES = 1
 endif
 ifeq ($(findstring -rtmp,$(CFG)),-rtmp)
 WITH_RTMP = 1
 WITH_SSL = 1
 WITH_ZLIB = 1
 endif
 ifeq ($(findstring -ssh2,$(CFG)),-ssh2)
 WITH_SSH2 = 1
 WITH_SSL = 1
 WITH_ZLIB = 1
 endif
 ifeq ($(findstring -axtls,$(CFG)),-axtls)
 WITH_AXTLS = 1
 WITH_SSL =
 else
 ifeq ($(findstring -ssl,$(CFG)),-ssl)
 WITH_SSL = 1
 endif
 endif
 ifeq ($(findstring -zlib,$(CFG)),-zlib)
 WITH_ZLIB = 1
 endif
 ifeq ($(findstring -idn,$(CFG)),-idn)
 WITH_IDN = 1
 endif
 ifeq ($(findstring -spnego,$(CFG)),-spnego)
 WITH_SPNEGO = 1
 endif
 ifeq ($(findstring -ipv6,$(CFG)),-ipv6)
 ENABLE_IPV6 = 1
 endif
 ifdef WITH_ARES
 	INCLUDES += -I$(LIBCARES_PATH)
 	LDLIBS += $(LIBCARES_PATH)/libcares.$(LIBEXT)
@@ -204,6 +246,10 @@ ifdef WITH_SSL
 	LDLIBS += $(OPENSSL_PATH)/out_nw_$(LIBARCH_L)/crypto.$(LIBEXT)
 	IMPORTS += GetProcessSwitchCount RunningProcess
 	INSTDEP += ca-bundle.crt
 ifdef WITH_SPNEGO
 	INCLUDES += -I$(FBOPENSSL_PATH)/include
 	LDLIBS += $(FBOPENSSL_PATH)/nw/fbopenssl.$(LIBEXT)
 endif
 else
 ifdef WITH_AXTLS
 	INCLUDES += -I$(AXTLS_PATH)/inc
@@ -498,6 +544,7 @@ endif
 	@echo $(DL)#define USE_MANUAL 1$(DL) >> $@
 	@echo $(DL)#define HAVE_ARPA_INET_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_ASSERT_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_ERRNO_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_ERR_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_FCNTL_H 1$(DL) >> $@
 	@echo $(DL)#define HAVE_GETHOSTBYADDR 1$(DL) >> $@
@@ -583,6 +630,9 @@ ifdef WITH_SSL
 	@echo $(DL)#define HAVE_LIBSSL 1$(DL) >> $@
 	@echo $(DL)#define HAVE_LIBCRYPTO 1$(DL) >> $@
 	@echo $(DL)#define OPENSSL_NO_KRB5 1$(DL) >> $@
 ifdef WITH_SPNEGO
 	@echo $(DL)#define HAVE_SPNEGO 1$(DL) >> $@
 endif
 else
 ifdef WITH_AXTLS
 	@echo $(DL)#define USE_AXTLS 1$(DL) >> $@
--- a/lib/Makefile.vc6
+++ b/lib/Makefile.vc6
@@ -20,6 +20,11 @@
 #
 #***************************************************************************
 # All files in the Makefile.vc* series are generated automatically from the
 # one made for MSVC version 6. Alas, if you want to do changes to any of the
 # fiels and send back to the project, edit the version six, make your diff and
 # mail curl-library.
 ###########################################################################
 #
 # Makefile for building libcurl with MSVC6
@@ -59,13 +64,14 @@
 !INCLUDE ..\Makefile.msvc.names
 !IFNDEF OPENSSL_PATH
 OPENSSL_PATH   = ../../openssl-0.9.8r
 !ENDIF
 !IFNDEF LIBSSH2_PATH
 LIBSSH2_PATH   = ../../libssh2-1.2.8
 !ENDIF
 !IFNDEF ZLIB_PATH
 ZLIB_PATH  = ../../zlib-1.2.5
 !ENDIF
@@ -100,6 +106,7 @@ WINDOWS_SDK_PATH = "$(PROGRAMFILES)\Microsoft SDK"
 CCNODBG    = cl.exe /O2 /DNDEBUG
 CCDEBUG    = cl.exe /Od /Gm /Zi /D_DEBUG /GZ
 CFLAGSSSL  = /DUSE_SSLEAY /I "$(OPENSSL_PATH)/inc32" /I "$(OPENSSL_PATH)/inc32/openssl"
 CFLAGSSSH2 = /DUSE_LIBSSH2 /DCURL_DISABLE_LDAP /DHAVE_LIBSSH2 /DHAVE_LIBSSH2_H /DLIBSSH2_WIN32 /DLIBSSH2_LIBRARY /I "$(LIBSSH2_PATH)/include"
 CFLAGSZLIB = /DHAVE_ZLIB_H /DHAVE_ZLIB /DHAVE_LIBZ /I "$(ZLIB_PATH)"
 CFLAGS     = /I. /I../include /nologo /W3 /GX /DWIN32 /YX /FD /c /DBUILDING_LIBCURL /D_BIND_TO_CURRENT_VCLIBS_VERSION=1
 CFLAGSLIB  = /DCURL_STATICLIB
@@ -219,6 +226,36 @@ CC       = $(CCNODBG) $(RTLIB) $(CFLAGSSSL) $(CFLAGSZLIB) $(CFLAGSLIB)
 CFGSET   = TRUE
 !ENDIF
 ######################
 # release-ssl-ssh2-zlib
 !IF "$(CFG)" == "release-ssl-ssh2-zlib"
 TARGET   = $(LIB_NAME).lib
 DIROBJ   = $(CFG)
 LFLAGSSSL = "/LIBPATH:$(OPENSSL_PATH)\out32"
 LFLAGSSSH2 = "/LIBPATH:$(LIBSSH2_PATH)"
 LFLAGSZLIB = "/LIBPATH:$(ZLIB_PATH)"
 LNK      = $(LNKLIB) $(LFLAGSSSL) $(LFLAGSSSH2) $(LFLAGSZLIB) /out:$(DIROBJ)\$(TARGET)
 CC       = $(CCNODBG) $(RTLIB) $(CFLAGSSSL) $(CFLAGSSSH2) $(CFLAGSZLIB) $(CFLAGSLIB)
 CFGSET   = TRUE
 RESOURCE = $(LIBSSH2_PATH)/Release/src/libssh2.lib $(ZLIB_PATH)/zlib.lib
 !ENDIF
 ######################
 # debug-ssl-ssh2-zlib
 !IF "$(CFG)" == "debug-ssl-ssh2-zlib"
 TARGET   = $(LIB_NAME_DEBUG).lib
 DIROBJ   = $(CFG)
 LFLAGSZLIB = "/LIBPATH:$(ZLIB_PATH)"
 LFLAGSSSH2 = "/LIBPATH:$(LIBSSH2_PATH)"
 LFLAGSSSL = "/LIBPATH:$(OPENSSL_PATH)\out32"
 LNK      = $(LNKLIB) $(ZLIBLIBS) $(LFLAGSSSL) $(LFLAGSSSH2) $(LFLAGSZLIB) /out:$(DIROBJ)\$(TARGET)
 CC       = $(CCDEBUG) $(RTLIBD) $(CFLAGSSSL) $(CFLAGSSSH2) $(CFLAGSZLIB) $(CFLAGSLIB)
 CFGSET   = TRUE
 RESOURCE = $(LIBSSH2_PATH)/Release/src/libssh2.lib $(ZLIB_PATH)/zlib.lib
 !ENDIF
 ######################
 # release-dll
@@ -418,6 +455,7 @@ RESOURCE = $(DIROBJ)\libcurl.res
 !MESSAGE   release-ssl                  - release static library with ssl
 !MESSAGE   release-zlib                 - release static library with zlib
 !MESSAGE   release-ssl-zlib             - release static library with ssl and zlib
 !MESSAGE   release-ssl-ssh2-zlib        - release static library with ssl, ssh2 and zlib
 !MESSAGE   release-ssl-dll              - release static library with dynamic ssl
 !MESSAGE   release-zlib-dll             - release static library with dynamic zlib
 !MESSAGE   release-ssl-dll-zlib-dll     - release static library with dynamic ssl and dynamic zlib
@@ -425,6 +463,7 @@ RESOURCE = $(DIROBJ)\libcurl.res
 !MESSAGE   release-dll-ssl-dll          - release dynamic library with dynamic ssl
 !MESSAGE   release-dll-zlib-dll         - release dynamic library with dynamic zlib
 !MESSAGE   release-dll-ssl-dll-zlib-dll - release dynamic library with dynamic ssl and dynamic zlib
 !MESSAGE   debug-ssl-ssh2-zlib          - debug static library with ssl, ssh2 and zlib
 !MESSAGE   debug                        - debug static library
 !MESSAGE   debug-ssl                    - debug static library with ssl
 !MESSAGE   debug-zlib                   - debug static library with zlib
@@ -467,6 +506,10 @@ X_OBJS= \
 	$(DIROBJ)\curl_fnmatch.obj \
 	$(DIROBJ)\curl_gethostname.obj \
 	$(DIROBJ)\curl_memrchr.obj \
 	$(DIROBJ)\curl_ntlm.obj \
 	$(DIROBJ)\curl_ntlm_core.obj \
 	$(DIROBJ)\curl_ntlm_msgs.obj \
 	$(DIROBJ)\curl_ntlm_wb.obj \
 	$(DIROBJ)\curl_rand.obj \
 	$(DIROBJ)\curl_rtmp.obj \
 	$(DIROBJ)\curl_sspi.obj \
@@ -494,7 +537,6 @@ X_OBJS= \
 	$(DIROBJ)\http_digest.obj \
 	$(DIROBJ)\http_negotiate.obj \
        $(DIROBJ)\http_negotiate_sspi.obj \
 	$(DIROBJ)\http_ntlm.obj \
 	$(DIROBJ)\http.obj \
 	$(DIROBJ)\http_proxy.obj \
 	$(DIROBJ)\if2ip.obj \
--- a/lib/asyn-ares.c
+++ b/lib/asyn-ares.c
@@ -22,8 +22,6 @@
 #include "setup.h"
 #include <string.h>
 #ifdef HAVE_LIMITS_H
 #include <limits.h>
 #endif
@@ -39,16 +37,12 @@
 #ifdef HAVE_ARPA_INET_H
 #include <arpa/inet.h>
 #endif
 #ifdef HAVE_STDLIB_H
 #include <stdlib.h>     /* required for free() prototypes */
 #endif
 #ifdef HAVE_UNISTD_H
 #include <unistd.h>     /* for the close() proto */
 #endif
 #ifdef __VMS
 #include <in.h>
 #include <inet.h>
 #include <stdlib.h>
 #endif
 #ifdef HAVE_PROCESS_H
--- a/lib/asyn-thread.c
+++ b/lib/asyn-thread.c
@@ -22,9 +22,6 @@
 #include "setup.h"
 #include <string.h>
 #include <errno.h>
 #ifdef HAVE_SYS_SOCKET_H
 #include <sys/socket.h>
 #endif
@@ -37,16 +34,12 @@
 #ifdef HAVE_ARPA_INET_H
 #include <arpa/inet.h>
 #endif
 #ifdef HAVE_STDLIB_H
 #include <stdlib.h>     /* required for free() prototypes */
 #endif
 #ifdef HAVE_UNISTD_H
 #include <unistd.h>     /* for the close() proto */
 #endif
 #ifdef __VMS
 #include <in.h>
 #include <inet.h>
 #include <stdlib.h>
 #endif
 #if defined(USE_THREADS_POSIX)
@@ -421,7 +414,7 @@ static bool init_resolve_thread (struct connectdata *conn,
   socket error string function can be used for this pupose. */
 static const char *gai_strerror(int ecode)
 {
-  switch (ecode){
+  switch (ecode) {
  case EAI_AGAIN:
    return "The name could not be resolved at this time";
  case EAI_BADFLAGS:
@@ -633,14 +626,28 @@ Curl_addrinfo *Curl_resolver_getaddrinfo(struct connectdata *conn,
                                         int *waitp)
 {
  struct addrinfo hints;
  struct in_addr in;
  Curl_addrinfo *res;
  int error;
  char sbuf[NI_MAXSERV];
  int pf = PF_INET;
 #ifdef CURLRES_IPV6
  struct in6_addr in6;
 #endif /* CURLRES_IPV6 */
  *waitp = 0; /* default to synchronous response */
-#ifndef CURLRES_IPV4
+  /* First check if this is an IPv4 address string */
  if(Curl_inet_pton(AF_INET, hostname, &in) > 0)
    /* This is a dotted IP address 123.123.123.123-style */
    return Curl_ip2addr(AF_INET, &in, hostname, port);
 #ifdef CURLRES_IPV6
  /* check if this is an IPv6 address string */
  if(Curl_inet_pton (AF_INET6, hostname, &in6) > 0)
    /* This is an IPv6 address literal */
    return Curl_ip2addr(AF_INET6, &in6, hostname, port);
  /*
   * Check if a limited name resolve has been requested.
   */
@@ -660,7 +667,7 @@ Curl_addrinfo *Curl_resolver_getaddrinfo(struct connectdata *conn,
    /* the stack seems to be a non-ipv6 one */
    pf = PF_INET;
-#endif /* !CURLRES_IPV4 */
+#endif /* CURLRES_IPV6 */
  memset(&hints, 0, sizeof(hints));
  hints.ai_family = pf;
--- a/lib/asyn.h
+++ b/lib/asyn.h
@@ -146,15 +146,15 @@ Curl_addrinfo *Curl_resolver_getaddrinfo(struct connectdata *conn,
 #ifndef CURLRES_ASYNCH
 /* convert these functions if an asynch resolver isn't used */
-#define Curl_resolver_cancel(x)
+#define Curl_resolver_cancel(x) Curl_nop_stmt
 #define Curl_resolver_is_resolved(x,y) CURLE_COULDNT_RESOLVE_HOST
 #define Curl_resolver_wait_resolv(x,y) CURLE_COULDNT_RESOLVE_HOST
 #define Curl_resolver_getsock(x,y,z) 0
 #define Curl_resolver_duphandle(x,y) CURLE_OK
 #define Curl_resolver_init(x) CURLE_OK
 #define Curl_resolver_global_init() CURLE_OK
-#define Curl_resolver_global_cleanup()
+#define Curl_resolver_global_cleanup() Curl_nop_stmt
-#define Curl_resolver_cleanup(x)
+#define Curl_resolver_cleanup(x) Curl_nop_stmt
 #endif
 #ifdef CURLRES_ASYNCH
--- a/lib/axtls.c
+++ b/lib/axtls.c
@@ -27,13 +27,11 @@
 */
 #include "setup.h"
 #ifdef USE_AXTLS
 #include <axTLS/ssl.h>
 #include "axtls.h"
 #include <string.h>
 #include <stdlib.h>
 #include <ctype.h>
 #ifdef HAVE_SYS_SOCKET_H
 #include <sys/socket.h>
 #endif
@@ -58,7 +56,7 @@ static int SSL_read(SSL *ssl, void *buf, int num)
  while((ret = ssl_read(ssl, &read_buf)) == SSL_OK);
-  if(ret > SSL_OK){
+  if(ret > SSL_OK) {
    memcpy(buf, read_buf, ret > num ? num : ret);
  }
@@ -187,10 +185,10 @@ Curl_axtls_connect(struct connectdata *conn,
  /* Load the trusted CA cert bundle file */
  if(data->set.ssl.CAfile) {
    if(ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CACERT, data->set.ssl.CAfile, NULL)
-       != SSL_OK){
+       != SSL_OK) {
      infof(data, "error reading ca cert file %s \n",
            data->set.ssl.CAfile);
-      if(data->set.ssl.verifypeer){
+      if(data->set.ssl.verifypeer) {
        Curl_axtls_close(conn, sockindex);
        return CURLE_SSL_CACERT_BADFILE;
      }
@@ -208,13 +206,13 @@ Curl_axtls_connect(struct connectdata *conn,
   */
  /* Load client certificate */
-  if(data->set.str[STRING_CERT]){
+  if(data->set.str[STRING_CERT]) {
    i=0;
    /* Instead of trying to analyze cert type here, let axTLS try them all. */
-    while(cert_types[i] != 0){
+    while(cert_types[i] != 0) {
      ssl_fcn_return = ssl_obj_load(ssl_ctx, cert_types[i],
                                    data->set.str[STRING_CERT], NULL);
-      if(ssl_fcn_return == SSL_OK){
+      if(ssl_fcn_return == SSL_OK) {
        infof(data, "successfully read cert file %s \n",
              data->set.str[STRING_CERT]);
        break;
@@ -222,7 +220,7 @@ Curl_axtls_connect(struct connectdata *conn,
      i++;
    }
    /* Tried all cert types, none worked. */
-    if(cert_types[i] == 0){
+    if(cert_types[i] == 0) {
      failf(data, "%s is not x509 or pkcs12 format",
            data->set.str[STRING_CERT]);
      Curl_axtls_close(conn, sockindex);
@@ -233,13 +231,13 @@ Curl_axtls_connect(struct connectdata *conn,
  /* Load client key.
     If a pkcs12 file successfully loaded a cert, then there's nothing to do
     because the key has already been loaded. */
-  if(data->set.str[STRING_KEY] && cert_types[i] != SSL_OBJ_PKCS12){
+  if(data->set.str[STRING_KEY] && cert_types[i] != SSL_OBJ_PKCS12) {
    i=0;
    /* Instead of trying to analyze key type here, let axTLS try them all. */
-    while(key_types[i] != 0){
+    while(key_types[i] != 0) {
      ssl_fcn_return = ssl_obj_load(ssl_ctx, key_types[i],
                                    data->set.str[STRING_KEY], NULL);
-      if(ssl_fcn_return == SSL_OK){
+      if(ssl_fcn_return == SSL_OK) {
        infof(data, "successfully read key file %s \n",
              data->set.str[STRING_KEY]);
        break;
@@ -247,7 +245,7 @@ Curl_axtls_connect(struct connectdata *conn,
      i++;
    }
    /* Tried all key types, none worked. */
-    if(key_types[i] == 0){
+    if(key_types[i] == 0) {
      failf(data, "Failure: %s is not a supported key file",
            data->set.str[STRING_KEY]);
      Curl_axtls_close(conn, sockindex);
@@ -273,7 +271,7 @@ Curl_axtls_connect(struct connectdata *conn,
  /* Check to make sure handshake was ok. */
  ssl_fcn_return = ssl_handshake_status(ssl);
-  if(ssl_fcn_return != SSL_OK){
+  if(ssl_fcn_return != SSL_OK) {
    Curl_axtls_close(conn, sockindex);
    ssl_display_error(ssl_fcn_return); /* goes to stdout. */
    return map_error_to_curl(ssl_fcn_return);
@@ -285,8 +283,8 @@ Curl_axtls_connect(struct connectdata *conn,
   */
  /* Verify server's certificate */
-  if(data->set.ssl.verifypeer){
+  if(data->set.ssl.verifypeer) {
-    if(ssl_verify_cert(ssl) != SSL_OK){
+    if(ssl_verify_cert(ssl) != SSL_OK) {
      Curl_axtls_close(conn, sockindex);
      failf(data, "server cert verify failed");
      return CURLE_SSL_CONNECT_ERROR;
@@ -415,7 +413,7 @@ int Curl_axtls_shutdown(struct connectdata *conn, int sockindex)
      nread = (ssize_t)SSL_read(conn->ssl[sockindex].ssl, buf,
                                sizeof(buf));
-      if(nread < SSL_OK){
+      if(nread < SSL_OK) {
        failf(data, "close notify alert not received during shutdown");
        retval = -1;
      }
@@ -447,13 +445,13 @@ static ssize_t axtls_recv(struct connectdata *conn, /* connection data */
  infof(conn->data, "  axtls_recv\n");
-  if(connssl){
+  if(connssl) {
    ret = (ssize_t)SSL_read(conn->ssl[num].ssl, buf, (int)buffersize);
    /* axTLS isn't terribly generous about error reporting */
    /* With patched axTLS, SSL_CLOSE_NOTIFY=-3.  Hard-coding until axTLS
       team approves proposed fix. */
-    if(ret == -3 ){
+    if(ret == -3 ) {
      Curl_axtls_close(conn, num);
    }
    else if(ret < 0) {
--- a/lib/base64.c
+++ b/lib/base64.c
@@ -24,9 +24,6 @@
 #include "setup.h"
 #include <stdlib.h>
 #include <string.h>
 #define _MPRINTF_REPLACE /* use our functions only */
 #include <curl/mprintf.h>
@@ -71,12 +68,19 @@ static void decodeQuantum(unsigned char *dest, const char *src)
 /*
 * Curl_base64_decode()
 *
- * Given a base64 string at src, decode it and return an allocated memory in
+ * Given a base64 NUL-terminated string at src, decode it and return a
- * the *outptr. Returns the length of the decoded data.
+ * pointer in *outptr to a newly allocated memory area holding decoded
 * data. Size of decoded data is returned in variable pointed by outlen.
 *
 * Returns CURLE_OK on success, otherwise specific error code. Function
 * output shall not be considered valid unless CURLE_OK is returned.
 *
 * When decoded data length is 0, returns NULL in *outptr.
 *
 * @unittest: 1302
 */
-size_t Curl_base64_decode(const char *src, unsigned char **outptr)
+CURLcode Curl_base64_decode(const char *src,
                            unsigned char **outptr, size_t *outlen)
 {
  size_t length = 0;
  size_t equalsTerm = 0;
@@ -87,6 +91,7 @@ size_t Curl_base64_decode(const char *src, unsigned char **outptr)
  unsigned char *newstr;
  *outptr = NULL;
  *outlen = 0;
  while((src[length] != '=') && src[length])
    length++;
@@ -100,7 +105,7 @@ size_t Curl_base64_decode(const char *src, unsigned char **outptr)
  /* Don't allocate a buffer if the decoded length is 0 */
  if(numQuantums == 0)
-    return 0;
+    return CURLE_OK;
  rawlen = (numQuantums * 3) - equalsTerm;
@@ -108,7 +113,7 @@ size_t Curl_base64_decode(const char *src, unsigned char **outptr)
  (which may be partially thrown out) and the zero terminator. */
  newstr = malloc(rawlen+4);
  if(!newstr)
-    return 0;
+    return CURLE_OUT_OF_MEMORY;
  *outptr = newstr;
@@ -127,23 +132,34 @@ size_t Curl_base64_decode(const char *src, unsigned char **outptr)
    newstr[i] = lastQuantum[i];
  newstr[i] = '\0'; /* zero terminate */
-  return rawlen;
+
  *outlen = rawlen; /* return size of decoded data */
  return CURLE_OK;
 }
 /*
 * Curl_base64_encode()
 *
- * Returns the length of the newly created base64 string. The third argument
+ * Given a pointer to an input buffer and an input size, encode it and
- * is a pointer to an allocated area holding the base64 data. If something
+ * return a pointer in *outptr to a newly allocated memory area holding
- * went wrong, 0 is returned.
+ * encoded data. Size of encoded data is returned in variable pointed by
 * outlen.
 *
 * Input length of 0 indicates input buffer holds a NUL-terminated string.
 *
 * Returns CURLE_OK on success, otherwise specific error code. Function
 * output shall not be considered valid unless CURLE_OK is returned.
 *
 * When encoded data length is 0, returns NULL in *outptr.
 *
 * @unittest: 1302
 */
-size_t Curl_base64_encode(struct SessionHandle *data,
+CURLcode Curl_base64_encode(struct SessionHandle *data,
-                          const char *inputbuff, size_t insize,
+                            const char *inputbuff, size_t insize,
-                          char **outptr)
+                            char **outptr, size_t *outlen)
 {
-  CURLcode res;
+  CURLcode error;
  unsigned char ibuf[3];
  unsigned char obuf[4];
  int i;
@@ -154,24 +170,25 @@ size_t Curl_base64_encode(struct SessionHandle *data,
  const char *indata = inputbuff;
-  *outptr = NULL; /* set to NULL in case of failure before we reach the end */
+  *outptr = NULL;
  *outlen = 0;
  if(0 == insize)
    insize = strlen(indata);
  base64data = output = malloc(insize*4/3+4);
  if(NULL == output)
-    return 0;
+    return CURLE_OUT_OF_MEMORY;
  /*
   * The base64 data needs to be created using the network encoding
   * not the host encoding.  And we can't change the actual input
   * so we copy it to a buffer, translate it, and use that instead.
   */
-  res = Curl_convert_clone(data, indata, insize, &convbuf);
+  error = Curl_convert_clone(data, indata, insize, &convbuf);
-  if(res) {
+  if(error) {
    free(output);
-    return 0;
+    return error;
  }
  if(convbuf)
@@ -218,12 +235,14 @@ size_t Curl_base64_encode(struct SessionHandle *data,
    }
    output += 4;
  }
-  *output=0;
+  *output = '\0';
-  *outptr = base64data; /* make it return the actual data memory */
+  *outptr = base64data; /* return pointer to new data, allocated memory */
  if(convbuf)
    free(convbuf);
-  return strlen(base64data); /* return the length of the new data */
+  *outlen = strlen(base64data); /* return the length of the new data */
  return CURLE_OK;
 }
 /* ---- End of Base64 Encoding ---- */
--- a/lib/checksrc.pl
+++ b/lib/checksrc.pl
@@ -62,7 +62,7 @@ while(1) {
        next;
    }
    elsif($file =~ /-W(.*)/) {
-        $wlist = $1;
+        $wlist .= " $1 ";
        $file = shift @ARGV;
        next;
    }
@@ -79,7 +79,7 @@ if(!$file) {
 }
 do {
-    if($file ne "$wlist") {
+    if("$wlist" !~ / $file /) {
        my $fullname = $file;
        $fullname = "$dir/$file" if ($fullname !~ '^\.?\.?/');
        scanfile($fullname);
@@ -145,9 +145,14 @@ sub scanfile {
        }
        # check for "} else"
-        if($l =~ /^(.*)\} else/) {
+        if($l =~ /^(.*)\} *else/) {
            checkwarn($line, length($1), $file, $l, "else after closing brace on same line");
        }
        # check for "){"
        if($l =~ /^(.*)\)\{/) {
            checkwarn($line, length($1)+1, $file, $l, "missing space after close paren");
        }
        # check for open brace first on line but not first column
        # only alert if previous line ended with a close paren and wasn't a cpp
        # line
--- a/lib/config-amigaos.h
+++ b/lib/config-amigaos.h
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -26,6 +26,7 @@
 #define HAVE_ARPA_INET_H 1
 #define HAVE_CLOSESOCKET_CAMEL 1
 #define HAVE_ERRNO_H 1
 #define HAVE_GETHOSTBYADDR 1
 #define HAVE_INET_ADDR 1
 #define HAVE_INTTYPES_H 1
--- a/lib/config-dos.h
+++ b/lib/config-dos.h
@@ -40,6 +40,7 @@
 #define PACKAGE  "curl"
 #define HAVE_ARPA_INET_H       1
 #define HAVE_ERRNO_H           1
 #define HAVE_FCNTL_H           1
 #define HAVE_GETADDRINFO       1
 #define HAVE_GETNAMEINFO       1
--- a/lib/config-mac.h
+++ b/lib/config-mac.h
@@ -30,6 +30,7 @@
 #define OS "mac"
 #define HAVE_ERRNO_H            1
 #define HAVE_NETINET_IN_H       1
 #define HAVE_SYS_SOCKET_H       1
 #define HAVE_SYS_SELECT_H       1
--- a/lib/config-os400.h
+++ b/lib/config-os400.h
@@ -97,6 +97,9 @@
 /* Define if you have the <des.h> header file. */
 #undef HAVE_DES_H
 /* Define if you have the <errno.h> header file. */
 #define HAVE_ERRNO_H
 /* Define if you have the <err.h> header file. */
 #undef HAVE_ERR_H
--- a/lib/config-riscos.h
+++ b/lib/config-riscos.h
@@ -92,6 +92,9 @@
 /* Define if you have the <des.h> header file. */
 #undef HAVE_DES_H
 /* Define if you have the <errno.h> header file. */
 #define HAVE_ERRNO_H
 /* Define if you have the <err.h> header file. */
 #undef HAVE_ERR_H
--- a/lib/config-vms.h
+++ b/lib/config-vms.h
@@ -143,6 +143,9 @@
 /* Define if you have the uname function.  */
 #define HAVE_UNAME 1
 /* Define if you have the <errno.h> header file.  */
 #define HAVE_ERRNO_H 1
 /* Define if you have the <err.h> header file.  */
 #define HAVE_ERR_H 1
--- a/lib/config-win32.h
+++ b/lib/config-win32.h
@@ -1,5 +1,5 @@
-#ifndef __LIB_CONFIG_WIN32_H
+#ifndef HEADER_CURL_CONFIG_WIN32_H
-#define __LIB_CONFIG_WIN32_H
+#define HEADER_CURL_CONFIG_WIN32_H
 /***************************************************************************
 *                                  _   _ ____  _
 *  Project                     ___| | | |  _ \| |
@@ -23,49 +23,57 @@
 ***************************************************************************/
 /* ================================================================ */
-/*    lib/config-win32.h - Hand crafted config file for Windows     */
+/*               Hand crafted config file for Windows               */
 /* ================================================================ */
 /* ---------------------------------------------------------------- */
 /*                          HEADER FILES                            */
 /* ---------------------------------------------------------------- */
-/* Define if you have the <arpa/inet.h> header file.  */
+/* Define if you have the <arpa/inet.h> header file. */
 /* #define HAVE_ARPA_INET_H 1 */
-/* Define if you have the <assert.h> header file.  */
+/* Define if you have the <assert.h> header file. */
 #define HAVE_ASSERT_H 1
-/* Define if you have the <crypto.h> header file.  */
+/* Define if you have the <crypto.h> header file. */
 /* #define HAVE_CRYPTO_H 1 */
-/* Define if you have the <err.h> header file.  */
+/* Define if you have the <errno.h> header file. */
 #define HAVE_ERRNO_H 1
 /* Define if you have the <err.h> header file. */
 /* #define HAVE_ERR_H 1 */
-/* Define if you have the <fcntl.h> header file.  */
+/* Define if you have the <fcntl.h> header file. */
 #define HAVE_FCNTL_H 1
-/* Define if you have the <getopt.h> header file.  */
+/* Define if you have the <getopt.h> header file. */
-/* #define HAVE_GETOPT_H 1 */
+#if defined(__MINGW32__) || defined(__POCC__)
 #define HAVE_GETOPT_H 1
 #endif
-/* Define if you have the <io.h> header file.  */
+/* Define if you have the <io.h> header file. */
 #define HAVE_IO_H 1
-/* Define if you have the <limits.h> header file.  */
+/* Define if you have the <limits.h> header file. */
 #define HAVE_LIMITS_H 1
-/* Define if you need the malloc.h header file even with stdlib.h  */
+/* Define if you have the <locale.h> header file. */
 #define HAVE_LOCALE_H 1
 /* Define if you need <malloc.h> header even with <stdlib.h> header file. */
 #if !defined(__SALFORDC__) && !defined(__POCC__)
 #define NEED_MALLOC_H 1
 #endif
-/* Define if you have the <netdb.h> header file.  */
+/* Define if you have the <netdb.h> header file. */
 /* #define HAVE_NETDB_H 1 */
-/* Define if you have the <netinet/in.h> header file.  */
+/* Define if you have the <netinet/in.h> header file. */
 /* #define HAVE_NETINET_IN_H 1 */
-/* Define if you have the <process.h> header file.  */
+/* Define if you have the <process.h> header file. */
 #ifndef __SALFORDC__
 #define HAVE_PROCESS_H 1
 #endif
@@ -73,68 +81,68 @@
 /* Define if you have the <signal.h> header file. */
 #define HAVE_SIGNAL_H 1
-/* Define if you have the <sgtty.h> header file.  */
+/* Define if you have the <sgtty.h> header file. */
 /* #define HAVE_SGTTY_H 1 */
-/* Define if you have the <ssl.h> header file.  */
+/* Define if you have the <ssl.h> header file. */
 /* #define HAVE_SSL_H 1 */
-/* Define if you have the <stdlib.h> header file.  */
+/* Define if you have the <stdlib.h> header file. */
 #define HAVE_STDLIB_H 1
-/* Define if you have the <sys/param.h> header file.  */
+/* Define if you have the <sys/param.h> header file. */
 /* #define HAVE_SYS_PARAM_H 1 */
-/* Define if you have the <sys/select.h> header file.  */
+/* Define if you have the <sys/select.h> header file. */
 /* #define HAVE_SYS_SELECT_H 1 */
-/* Define if you have the <sys/socket.h> header file.  */
+/* Define if you have the <sys/socket.h> header file. */
 /* #define HAVE_SYS_SOCKET_H 1 */
-/* Define if you have the <sys/sockio.h> header file.  */
+/* Define if you have the <sys/sockio.h> header file. */
 /* #define HAVE_SYS_SOCKIO_H 1 */
-/* Define if you have the <sys/stat.h> header file.  */
+/* Define if you have the <sys/stat.h> header file. */
 #define HAVE_SYS_STAT_H 1
-/* Define if you have the <sys/time.h> header file */
+/* Define if you have the <sys/time.h> header file. */
 /* #define HAVE_SYS_TIME_H 1 */
-/* Define if you have the <sys/types.h> header file.  */
+/* Define if you have the <sys/types.h> header file. */
 #define HAVE_SYS_TYPES_H 1
-/* Define if you have the <sys/utime.h> header file.  */
+/* Define if you have the <sys/utime.h> header file. */
 #ifndef __BORLANDC__
 #define HAVE_SYS_UTIME_H 1
 #endif
-/* Define if you have the <termio.h> header file.  */
+/* Define if you have the <termio.h> header file. */
 /* #define HAVE_TERMIO_H 1 */
-/* Define if you have the <termios.h> header file.  */
+/* Define if you have the <termios.h> header file. */
 /* #define HAVE_TERMIOS_H 1 */
-/* Define if you have the <time.h> header file.  */
+/* Define if you have the <time.h> header file. */
 #define HAVE_TIME_H 1
-/* Define if you have the <unistd.h> header file.  */
+/* Define if you have the <unistd.h> header file. */
 #if defined(__MINGW32__) || defined(__WATCOMC__) || defined(__LCC__) || \
    defined(__POCC__)
 #define HAVE_UNISTD_H 1
 #endif
-/* Define if you have the <windows.h> header file.  */
+/* Define if you have the <windows.h> header file. */
 #define HAVE_WINDOWS_H 1
-/* Define if you have the <winsock.h> header file.  */
+/* Define if you have the <winsock.h> header file. */
 #define HAVE_WINSOCK_H 1
-/* Define if you have the <winsock2.h> header file.  */
+/* Define if you have the <winsock2.h> header file. */
 #ifndef __SALFORDC__
 #define HAVE_WINSOCK2_H 1
 #endif
-/* Define if you have the <ws2tcpip.h> header file.  */
+/* Define if you have the <ws2tcpip.h> header file. */
 #ifndef __SALFORDC__
 #define HAVE_WS2TCPIP_H 1
 #endif
@@ -146,41 +154,44 @@
 /* Define if sig_atomic_t is an available typedef. */
 #define HAVE_SIG_ATOMIC_T 1
-/* Define if you have the ANSI C header files.  */
+/* Define if you have the ANSI C header files. */
 #define STDC_HEADERS 1
-/* Define if you can safely include both <sys/time.h> and <time.h>.  */
+/* Define if you can safely include both <sys/time.h> and <time.h>. */
 /* #define TIME_WITH_SYS_TIME 1 */
 /* ---------------------------------------------------------------- */
 /*                             FUNCTIONS                            */
 /* ---------------------------------------------------------------- */
-/* Define if you have the closesocket function.  */
+/* Define if you have the closesocket function. */
 #define HAVE_CLOSESOCKET 1
-/* Define if you don't have vprintf but do have _doprnt.  */
+/* Define if you don't have vprintf but do have _doprnt. */
 /* #define HAVE_DOPRNT 1 */
-/* Define if you have the gethostbyaddr function.  */
+/* Define if you have the ftruncate function. */
 #define HAVE_FTRUNCATE 1
 /* Define if you have the gethostbyaddr function. */
 #define HAVE_GETHOSTBYADDR 1
-/* Define if you have the gethostname function.  */
+/* Define if you have the gethostname function. */
 #define HAVE_GETHOSTNAME 1
-/* Define if you have the getpass function.  */
+/* Define if you have the getpass function. */
 /* #define HAVE_GETPASS 1 */
-/* Define if you have the getservbyname function.  */
+/* Define if you have the getservbyname function. */
 #define HAVE_GETSERVBYNAME 1
-/* Define if you have the getprotobyname function.  */
+/* Define if you have the getprotobyname function. */
 #define HAVE_GETPROTOBYNAME
-/* Define if you have the gettimeofday function.  */
+/* Define if you have the gettimeofday function. */
 /* #define HAVE_GETTIMEOFDAY 1 */
-/* Define if you have the inet_addr function.  */
+/* Define if you have the inet_addr function. */
 #define HAVE_INET_ADDR 1
 /* Define if you have the ioctlsocket function. */
@@ -189,35 +200,41 @@
 /* Define if you have a working ioctlsocket FIONBIO function. */
 #define HAVE_IOCTLSOCKET_FIONBIO 1
-/* Define if you have the perror function.  */
+/* Define if you have the perror function. */
 #define HAVE_PERROR 1
-/* Define if you have the RAND_screen function when using SSL  */
+/* Define if you have the RAND_screen function when using SSL. */
 #define HAVE_RAND_SCREEN 1
 /* Define if you have the `RAND_status' function when using SSL. */
 #define HAVE_RAND_STATUS 1
-/* Define to 1 if you have the `CRYPTO_cleanup_all_ex_data' function.
+/* Define if you have the `CRYPTO_cleanup_all_ex_data' function.
   This is present in OpenSSL versions after 0.9.6b */
 #define HAVE_CRYPTO_CLEANUP_ALL_EX_DATA 1
-/* Define if you have the select function.  */
+/* Define if you have the select function. */
 #define HAVE_SELECT 1
-/* Define if you have the setvbuf function.  */
+/* Define if you have the setlocale function. */
 #define HAVE_SETLOCALE 1
 /* Define if you have the setmode function. */
 #define HAVE_SETMODE 1
 /* Define if you have the setvbuf function. */
 #define HAVE_SETVBUF 1
-/* Define if you have the socket function.  */
+/* Define if you have the socket function. */
 #define HAVE_SOCKET 1
-/* Define if you have the strcasecmp function.  */
+/* Define if you have the strcasecmp function. */
 /* #define HAVE_STRCASECMP 1 */
-/* Define if you have the strdup function.  */
+/* Define if you have the strdup function. */
 #define HAVE_STRDUP 1
-/* Define if you have the strftime function.  */
+/* Define if you have the strftime function. */
 #define HAVE_STRFTIME 1
 /* Define if you have the stricmp function. */
@@ -229,21 +246,21 @@
 /* Define if you have the strnicmp function. */
 #define HAVE_STRNICMP 1
-/* Define if you have the strstr function.  */
+/* Define if you have the strstr function. */
 #define HAVE_STRSTR 1
-/* Define if you have the strtoll function.  */
+/* Define if you have the strtoll function. */
 #if defined(__MINGW32__) || defined(__WATCOMC__) || defined(__POCC__)
 #define HAVE_STRTOLL 1
 #endif
-/* Define if you have the tcgetattr function.  */
+/* Define if you have the tcgetattr function. */
 /* #define HAVE_TCGETATTR 1 */
-/* Define if you have the tcsetattr function.  */
+/* Define if you have the tcsetattr function. */
 /* #define HAVE_TCSETATTR 1 */
-/* Define if you have the utime function */
+/* Define if you have the utime function. */
 #ifndef __BORLANDC__
 #define HAVE_UTIME 1
 #endif
@@ -330,13 +347,13 @@
 /*                       TYPEDEF REPLACEMENTS                       */
 /* ---------------------------------------------------------------- */
-/* Define this if in_addr_t is not an available 'typedefed' type */
+/* Define if in_addr_t is not an available 'typedefed' type. */
 #define in_addr_t unsigned long
-/* Define as the return type of signal handlers (int or void).  */
+/* Define to the return type of signal handlers (int or void). */
 #define RETSIGTYPE void
-/* Define ssize_t if it is not an available 'typedefed' type */
+/* Define if ssize_t is not an available 'typedefed' type. */
 #ifndef _SSIZE_T_DEFINED
 #  if (defined(__WATCOMC__) && (__WATCOMC__ >= 1240)) || \
      defined(__POCC__) || \
@@ -354,19 +371,19 @@
 /*                            TYPE SIZES                            */
 /* ---------------------------------------------------------------- */
-/* The size of `int', as computed by sizeof. */
+/* Define to the size of `int', as computed by sizeof. */
 #define SIZEOF_INT 4
-/* The size of `long double', as computed by sizeof. */
+/* Define to the size of `long double', as computed by sizeof. */
 #define SIZEOF_LONG_DOUBLE 16
-/* The size of `long long', as computed by sizeof. */
+/* Define to the size of `long long', as computed by sizeof. */
 /* #define SIZEOF_LONG_LONG 8 */
-/* The size of `short', as computed by sizeof. */
+/* Define to the size of `short', as computed by sizeof. */
 #define SIZEOF_SHORT 2
-/* The size of `size_t', as computed by sizeof. */
+/* Define to the size of `size_t', as computed by sizeof. */
 #if defined(_WIN64)
 #  define SIZEOF_SIZE_T 8
 #else
@@ -377,14 +394,49 @@
 /*                          STRUCT RELATED                          */
 /* ---------------------------------------------------------------- */
-/* Define this if you have struct sockaddr_storage */
+/* Define if you have struct sockaddr_storage. */
 #if !defined(__SALFORDC__) && !defined(__BORLANDC__)
 #define HAVE_STRUCT_SOCKADDR_STORAGE 1
 #endif
-/* Define this if you have struct timeval */
+/* Define if you have struct timeval. */
 #define HAVE_STRUCT_TIMEVAL 1
 /* Define if struct sockaddr_in6 has the sin6_scope_id member. */
 #define HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID 1
 /* ---------------------------------------------------------------- */
 /*               BSD-style lwIP TCP/IP stack SPECIFIC               */
 /* ---------------------------------------------------------------- */
 /* Define to use BSD-style lwIP TCP/IP stack. */
 /* #define USE_LWIPSOCK 1 */
 #ifdef USE_LWIPSOCK
 #  undef USE_WINSOCK
 #  undef HAVE_WINSOCK_H
 #  undef HAVE_WINSOCK2_H
 #  undef HAVE_WS2TCPIP_H
 #  undef HAVE_ERRNO_H
 #  undef HAVE_GETHOSTNAME
 #  undef HAVE_GETNAMEINFO
 #  undef LWIP_POSIX_SOCKETS_IO_NAMES
 #  undef RECV_TYPE_ARG1
 #  undef RECV_TYPE_ARG3
 #  undef SEND_TYPE_ARG1
 #  undef SEND_TYPE_ARG3
 #  define HAVE_FREEADDRINFO
 #  define HAVE_GETADDRINFO
 #  define HAVE_GETHOSTBYNAME
 #  define HAVE_GETHOSTBYNAME_R
 #  define HAVE_GETHOSTBYNAME_R_6
 #  define LWIP_POSIX_SOCKETS_IO_NAMES 0
 #  define RECV_TYPE_ARG1 int
 #  define RECV_TYPE_ARG3 size_t
 #  define SEND_TYPE_ARG1 int
 #  define SEND_TYPE_ARG3 size_t
 #endif
 /* ---------------------------------------------------------------- */
 /*                        Watt-32 tcp/ip SPECIFIC                   */
 /* ---------------------------------------------------------------- */
@@ -413,8 +465,11 @@
 /*                        COMPILER SPECIFIC                         */
 /* ---------------------------------------------------------------- */
-/* Undef keyword 'const' if it does not work.  */
+/* Define to nothing if compiler does not support 'const' qualifier. */
-/* #undef const */
+/* #define const */
 /* Define to nothing if compiler does not support 'volatile' qualifier. */
 /* #define volatile */
 /* Windows should not have HAVE_GMTIME_R defined */
 /* #undef HAVE_GMTIME_R */
@@ -429,14 +484,14 @@
 #define HAVE_LONGLONG 1
 #endif
-/* Define to avoid VS2005 complaining about portable C functions */
+/* Define to avoid VS2005 complaining about portable C functions. */
 #if defined(_MSC_VER) && (_MSC_VER >= 1400)
 #define _CRT_SECURE_NO_DEPRECATE 1
 #define _CRT_NONSTDC_NO_DEPRECATE 1
 #endif
-/* VS2005 and later dafault size for time_t is 64-bit, unless */
+/* VS2005 and later dafault size for time_t is 64-bit, unless
-/* _USE_32BIT_TIME_T has been defined to get a 32-bit time_t. */
+   _USE_32BIT_TIME_T has been defined to get a 32-bit time_t. */
 #if defined(_MSC_VER) && (_MSC_VER >= 1400)
 #  ifndef _USE_32BIT_TIME_T
 #    define SIZEOF_TIME_T 8
@@ -446,12 +501,13 @@
 #endif
 /* Officially, Microsoft's Windows SDK versions 6.X do not support Windows
-   2000 as a supported build target. VS2008 default installations provide an
+   2000 as a supported build target. VS2008 default installations provide
-   embedded Windows SDK v6.0A along with the claim that Windows 2000 is a
+   an embedded Windows SDK v6.0A along with the claim that Windows 2000 is
-   valid build target for VS2008. Popular belief is that binaries built using
+   a valid build target for VS2008. Popular belief is that binaries built
-   Windows SDK versions 6.X and Windows 2000 as a build target are functional */
+   with VS2008 using Windows SDK versions 6.X and Windows 2000 as a build
   target are functional. */
 #if defined(_MSC_VER) && (_MSC_VER >= 1500)
-#  define VS2008_MINIMUM_TARGET 0x0500
+#  define VS2008_MIN_TARGET 0x0500
 #endif
 /* When no build target is specified VS2008 default build target is Windows
@@ -459,18 +515,18 @@
   for VS2008 we will target the minimum Officially supported build target,
   which happens to be Windows XP. */
 #if defined(_MSC_VER) && (_MSC_VER >= 1500)
-#  define VS2008_DEFAULT_TARGET  0x0501
+#  define VS2008_DEF_TARGET  0x0501
 #endif
-/* VS2008 default target settings and minimum build target check */
+/* VS2008 default target settings and minimum build target check. */
 #if defined(_MSC_VER) && (_MSC_VER >= 1500)
 #  ifndef _WIN32_WINNT
-#    define _WIN32_WINNT VS2008_DEFAULT_TARGET
+#    define _WIN32_WINNT VS2008_DEF_TARGET
 #  endif
 #  ifndef WINVER
-#    define WINVER VS2008_DEFAULT_TARGET
+#    define WINVER VS2008_DEF_TARGET
 #  endif
-#  if (_WIN32_WINNT < VS2008_MINIMUM_TARGET) || (WINVER < VS2008_MINIMUM_TARGET)
+#  if (_WIN32_WINNT < VS2008_MIN_TARGET) || (WINVER < VS2008_MIN_TARGET)
 #    error VS2008 does not support Windows build targets prior to Windows 2000
 #  endif
 #endif
@@ -549,13 +605,13 @@
 /* ---------------------------------------------------------------- */
 /*
- * Undefine both USE_ARES and USE_THREADS_WIN32 for synchronous DNS
+ * Undefine both USE_ARES and USE_THREADS_WIN32 for synchronous DNS.
 */
-/* Define USE_ARES to enable c-ares asynchronous DNS lookups */
+/* Define to enable c-ares asynchronous DNS lookups. */
 /* #define USE_ARES 1 */
-/* Define USE_THREADS_WIN32 to enable threaded asynchronous DNS lookups */
+/* Define to enable threaded asynchronous DNS lookups. */
 #define USE_THREADS_WIN32 1
 #if defined(USE_ARES) && defined(USE_THREADS_WIN32)
@@ -597,10 +653,10 @@
 #undef OS
 #if defined(_M_IX86) || defined(__i386__) /* x86 (MSVC or gcc) */
 #define OS "i386-pc-win32"
 #elif defined(_M_X64) || defined(__x86_64__) /* x86_64 (MSVC >=2005 or gcc) */
 #define OS "x86_64-pc-win32"
 #elif defined(_M_IA64) /* Itanium */
 #define OS "ia64-pc-win32"
 #elif defined(_M_X64) /* AMD64/EM64T - Not defined until MSVC 2005 */
 #define OS "amd64-pc-win32"
 #else
 #define OS "unknown-pc-win32"
 #endif
@@ -608,8 +664,11 @@
 /* Name of package */
 #define PACKAGE "curl"
 /* If you want to build curl with the built-in manual */
 #define USE_MANUAL 1
 #if defined(__POCC__) || (USE_IPV6)
 #  define ENABLE_IPV6 1
 #endif
-#endif /* __LIB_CONFIG_WIN32_H */
+#endif /* HEADER_CURL_CONFIG_WIN32_H */
--- a/lib/config-win32ce.h
+++ b/lib/config-win32ce.h
@@ -39,6 +39,9 @@
 /* Define if you have the <crypto.h> header file.  */
 /* #define HAVE_CRYPTO_H 1 */
 /* Define if you have the <errno.h> header file.  */
 /* #define HAVE_ERRNO_H 1 */
 /* Define if you have the <err.h> header file.  */
 /* #define HAVE_ERR_H 1 */
--- a/lib/connect.c
+++ b/lib/connect.c
@@ -22,9 +22,6 @@
 #include "setup.h"
 #ifdef HAVE_SYS_TIME_H
 #include <sys/time.h>
 #endif
 #ifdef HAVE_SYS_SOCKET_H
 #include <sys/socket.h>
 #endif
@@ -52,9 +49,6 @@
 #ifdef HAVE_ARPA_INET_H
 #include <arpa/inet.h>
 #endif
 #ifdef HAVE_STDLIB_H
 #include <stdlib.h>
 #endif
 #if (defined(HAVE_IOCTL_FIONBIO) && defined(NETWARE))
 #include <sys/filio.h>
@@ -68,10 +62,6 @@
 #include <inet.h>
 #endif
 #include <stdio.h>
 #include <errno.h>
 #include <string.h>
 #define _MPRINTF_REPLACE /* use our functions only */
 #include <curl/mprintf.h>
@@ -669,7 +659,7 @@ CURLcode Curl_is_connected(struct connectdata *conn,
  *connected = FALSE; /* a very negative world view is best */
-  if(conn->bits.tcpconnect) {
+  if(conn->bits.tcpconnect[sockindex]) {
    /* we are connected already! */
    *connected = TRUE;
    return CURLE_OK;
@@ -708,9 +698,10 @@ CURLcode Curl_is_connected(struct connectdata *conn,
      if(code)
        return code;
-      conn->bits.tcpconnect = TRUE;
+      conn->bits.tcpconnect[sockindex] = TRUE;
      *connected = TRUE;
-      Curl_pgrsTime(data, TIMER_CONNECT); /* connect done */
+      if(sockindex == FIRSTSOCKET)
        Curl_pgrsTime(data, TIMER_CONNECT); /* connect done */
      Curl_verboseconnect(conn);
      Curl_updateconninfo(conn, sockfd);
@@ -756,7 +747,7 @@ static void tcpnodelay(struct connectdata *conn,
 #ifdef TCP_NODELAY
  struct SessionHandle *data= conn->data;
  curl_socklen_t onoff = (curl_socklen_t) data->set.tcp_nodelay;
-  int proto = IPPROTO_TCP;
+  int level = IPPROTO_TCP;
 #if 0
  /* The use of getprotobyname() is disabled since it isn't thread-safe on
@@ -768,10 +759,10 @@ static void tcpnodelay(struct connectdata *conn,
     detected. */
  struct protoent *pe = getprotobyname("tcp");
  if(pe)
-    proto = pe->p_proto;
+    level = pe->p_proto;
 #endif
-  if(setsockopt(sockfd, proto, TCP_NODELAY, (void *)&onoff,
+  if(setsockopt(sockfd, level, TCP_NODELAY, (void *)&onoff,
                sizeof(onoff)) < 0)
    infof(data, "Could not set TCP_NODELAY: %s\n",
          Curl_strerror(conn, SOCKERRNO));
@@ -799,10 +790,10 @@ static void nosigpipe(struct connectdata *conn,
          Curl_strerror(conn, SOCKERRNO));
 }
 #else
-#define nosigpipe(x,y)
+#define nosigpipe(x,y) Curl_nop_stmt
 #endif
-#ifdef WIN32
+#ifdef USE_WINSOCK
 /* When you run a program that uses the Windows Sockets API, you may
   experience slow performance when you copy data to a TCP server.
@@ -845,7 +836,7 @@ singleipconnect(struct connectdata *conn,
 {
  struct Curl_sockaddr_ex addr;
  int rc;
-  int error;
+  int error = 0;
  bool isconnected = FALSE;
  struct SessionHandle *data = conn->data;
  curl_socket_t sockfd;
@@ -916,11 +907,6 @@ singleipconnect(struct connectdata *conn,
  Curl_persistconninfo(conn);
 #ifdef ENABLE_IPV6
  if(addr.family == AF_INET6)
    conn->bits.ipv6 = TRUE;
 #endif
  if(data->set.tcp_nodelay)
    tcpnodelay(conn, sockfd);
@@ -955,6 +941,8 @@ singleipconnect(struct connectdata *conn,
  /* Connect TCP sockets, bind UDP */
  if(!isconnected && (conn->socktype == SOCK_STREAM)) {
    rc = connect(sockfd, &addr.sa_addr, addr.addrlen);
    if(-1 == rc)
      error = SOCKERRNO;
    conn->connecttime = Curl_tvnow();
    if(conn->num_addr > 1)
      Curl_expire(data, conn->timeoutms_per_addr);
@@ -963,8 +951,6 @@ singleipconnect(struct connectdata *conn,
    rc = 0;
  if(-1 == rc) {
    error = SOCKERRNO;
    switch (error) {
    case EINPROGRESS:
    case EWOULDBLOCK:
@@ -1008,6 +994,10 @@ singleipconnect(struct connectdata *conn,
    /* we are connected, awesome! */
    *connected = TRUE; /* this is a true connect */
    infof(data, "connected\n");
 #ifdef ENABLE_IPV6
    conn->bits.ipv6 = (addr.family == AF_INET6)?TRUE:FALSE;
 #endif
    Curl_updateconninfo(conn, sockfd);
    *sockp = sockfd;
    return CURLE_OK;
--- a/lib/connect.h
+++ b/lib/connect.h
@@ -1,5 +1,5 @@
-#ifndef __CONNECT_H
+#ifndef HEADER_CURL_CONNECT_H
-#define __CONNECT_H
+#define HEADER_CURL_CONNECT_H
 /***************************************************************************
 *                                  _   _ ____  _
 *  Project                     ___| | | |  _ \| |
@@ -21,6 +21,7 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
 #include "setup.h"
 #include "nonblock.h" /* for curlx_nonblock(), formerly Curl_nonblock() */
@@ -52,7 +53,7 @@ long Curl_timeleft(struct SessionHandle *data,
 curl_socket_t Curl_getconnectinfo(struct SessionHandle *data,
                                  struct connectdata **connp);
-#ifdef WIN32
+#ifdef USE_WINSOCK
 /* When you run a program that uses the Windows Sockets API, you may
   experience slow performance when you copy data to a TCP server.
@@ -64,10 +65,11 @@ curl_socket_t Curl_getconnectinfo(struct SessionHandle *data,
 */
 void Curl_sndbufset(curl_socket_t sockfd);
 #else
-#define Curl_sndbufset(y)
+#define Curl_sndbufset(y) Curl_nop_stmt
 #endif
 void Curl_updateconninfo(struct connectdata *conn, curl_socket_t sockfd);
 void Curl_persistconninfo(struct connectdata *conn);
 int Curl_closesocket(struct connectdata *conn, curl_socket_t sock);
-#endif
+
 #endif /* HEADER_CURL_CONNECT_H */
--- a/lib/content_encoding.c
+++ b/lib/content_encoding.c
@@ -24,9 +24,6 @@
 #ifdef HAVE_LIBZ
 #include <stdlib.h>
 #include <string.h>
 #include "urldata.h"
 #include <curl/curl.h>
 #include "sendf.h"
@@ -52,6 +49,21 @@
 #define COMMENT      0x10 /* bit 4 set: file comment present */
 #define RESERVED     0xE0 /* bits 5..7: reserved */
 static voidpf
 zalloc_cb(voidpf opaque, unsigned int items, unsigned int size)
 {
  (void) opaque;
  /* not a typo, keep it calloc() */
  return (voidpf) calloc(items, size);
 }
 static void
 zfree_cb(voidpf opaque, voidpf ptr)
 {
  (void) opaque;
  free(ptr);
 }
 static CURLcode
 process_zlib_error(struct connectdata *conn, z_stream *z)
 {
@@ -161,11 +173,10 @@ Curl_unencode_deflate_write(struct connectdata *conn,
  /* Initialize zlib? */
  if(k->zlib_init == ZLIB_UNINIT) {
-    z->zalloc = (alloc_func)Z_NULL;
+    memset(z, 0, sizeof(z_stream));
-    z->zfree = (free_func)Z_NULL;
+    z->zalloc = (alloc_func)zalloc_cb;
-    z->opaque = 0;
+    z->zfree = (free_func)zfree_cb;
-    z->next_in = NULL;
+
    z->avail_in = 0;
    if(inflateInit(z) != Z_OK)
      return process_zlib_error(conn, z);
    k->zlib_init = ZLIB_INIT;
@@ -272,11 +283,9 @@ Curl_unencode_gzip_write(struct connectdata *conn,
  /* Initialize zlib? */
  if(k->zlib_init == ZLIB_UNINIT) {
-    z->zalloc = (alloc_func)Z_NULL;
+    memset(z, 0, sizeof(z_stream));
-    z->zfree = (free_func)Z_NULL;
+    z->zalloc = (alloc_func)zalloc_cb;
-    z->opaque = 0;
+    z->zfree = (free_func)zfree_cb;
    z->next_in = NULL;
    z->avail_in = 0;
    if(strcmp(zlibVersion(), "1.2.0.4") >= 0) {
      /* zlib ver. >= 1.2.0.4 supports transparent gzip decompressing */
--- a/lib/content_encoding.h
+++ b/lib/content_encoding.h
@@ -1,5 +1,5 @@
-#ifndef __CURL_CONTENT_ENCODING_H
+#ifndef HEADER_CURL_CONTENT_ENCODING_H
-#define __CURL_CONTENT_ENCODING_H
+#define HEADER_CURL_CONTENT_ENCODING_H
 /***************************************************************************
 *                                  _   _ ____  _
 *  Project                     ___| | | |  _ \| |
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -32,7 +32,7 @@
 void Curl_unencode_cleanup(struct connectdata *conn);
 #else
 #define ALL_CONTENT_ENCODINGS "identity"
-#define Curl_unencode_cleanup(x)
+#define Curl_unencode_cleanup(x) Curl_nop_stmt
 #endif
 CURLcode Curl_unencode_deflate_write(struct connectdata *conn,
@@ -45,4 +45,4 @@ Curl_unencode_gzip_write(struct connectdata *conn,
                         ssize_t nread);
-#endif
+#endif /* HEADER_CURL_CONTENT_ENCODING_H */
--- a/lib/cookie.c
+++ b/lib/cookie.c
@@ -81,9 +81,6 @@ Example set of cookies:
 #if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES)
 #include <stdlib.h>
 #include <string.h>
 #define _MPRINTF_REPLACE
 #include <curl/mprintf.h>
@@ -129,7 +126,7 @@ static bool tailmatch(const char *little, const char *bigone)
  if(littlelen > biglen)
    return FALSE;
-  return (bool)Curl_raw_equal(little, bigone+biglen-littlelen);
+  return Curl_raw_equal(little, bigone+biglen-littlelen) ? TRUE : FALSE;
 }
 /*
@@ -147,9 +144,9 @@ void Curl_cookie_loadfiles(struct SessionHandle *data)
                                       data->set.cookiesession);
      list = list->next;
    }
    Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE);
    curl_slist_free_all(data->change.cookielist); /* clean up list */
    data->change.cookielist = NULL; /* don't do this again! */
    Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE);
  }
 }
@@ -209,7 +206,6 @@ Curl_cookie_add(struct SessionHandle *data,
  if(httpheader) {
    /* This line was read off a HTTP-header */
    const char *ptr;
    const char *sep;
    const char *semiptr;
    char *what;
@@ -226,185 +222,186 @@ Curl_cookie_add(struct SessionHandle *data,
    ptr = lineptr;
    do {
-      /* we have a <what>=<this> pair or a 'secure' word here */
+      /* we have a <what>=<this> pair or a stand-alone word here */
-      sep = strchr(ptr, '=');
+      name[0]=what[0]=0; /* init the buffers */
-      if(sep && (!semiptr || (semiptr>sep)) ) {
+      if(1 <= sscanf(ptr, "%" MAX_NAME_TXT "[^;\r\n =]=%"
-        /*
+                     MAX_COOKIE_LINE_TXT "[^;\r\n]",
-         * There is a = sign and if there was a semicolon too, which make sure
+                     name, what)) {
-         * that the semicolon comes _after_ the equal sign.
+        /* Use strstore() below to properly deal with received cookie
-         */
+           headers that have the same string property set more than once,
           and then we use the last one. */
        const char *whatptr;
        bool done = FALSE;
        bool sep;
        size_t len=strlen(what);
        const char *endofn = &ptr[ strlen(name) ];
-        name[0]=what[0]=0; /* init the buffers */
+        /* skip trailing spaces in name */
-        if(1 <= sscanf(ptr, "%" MAX_NAME_TXT "[^;=]=%"
+        while(*endofn && ISBLANK(*endofn))
-                       MAX_COOKIE_LINE_TXT "[^;\r\n]",
+          endofn++;
                       name, what)) {
          /* this is a <name>=<what> pair. We use strstore() below to properly
             deal with received cookie headers that have the same string
             property set more than once, and then we use the last one. */
-          const char *whatptr;
+        /* name ends with a '=' ? */
        sep = (*endofn == '=')?TRUE:FALSE;
-          /* Strip off trailing whitespace from the 'what' */
+        /* Strip off trailing whitespace from the 'what' */
-          size_t len=strlen(what);
+        while(len && ISBLANK(what[len-1])) {
-          while(len && ISBLANK(what[len-1])) {
+          what[len-1]=0;
-            what[len-1]=0;
+          len--;
-            len--;
+        }
        /* Skip leading whitespace from the 'what' */
        whatptr=what;
        while(*whatptr && ISBLANK(*whatptr))
          whatptr++;
        if(!len) {
          /* this was a "<name>=" with no content, and we must allow
             'secure' and 'httponly' specified this weirdly */
          done = TRUE;
          if(Curl_raw_equal("secure", name))
            co->secure = TRUE;
          else if(Curl_raw_equal("httponly", name))
            co->httponly = TRUE;
          else if(sep)
            /* there was a '=' so we're not done parsing this field */
            done = FALSE;
        }
        if(done)
          ;
        else if(Curl_raw_equal("path", name)) {
          strstore(&co->path, whatptr);
          if(!co->path) {
            badcookie = TRUE; /* out of memory bad */
            break;
          }
        }
        else if(Curl_raw_equal("domain", name)) {
          /* note that this name may or may not have a preceding dot, but
             we don't care about that, we treat the names the same anyway */
-          /* Skip leading whitespace from the 'what' */
+          const char *domptr=whatptr;
-          whatptr=what;
+          const char *nextptr;
-          while(*whatptr && ISBLANK(*whatptr)) {
+          int dotcount=1;
            whatptr++;
          }
-          if(Curl_raw_equal("path", name)) {
+          /* Count the dots, we need to make sure that there are enough
-            strstore(&co->path, whatptr);
+             of them. */
-            if(!co->path) {
+
-              badcookie = TRUE; /* out of memory bad */
+          if('.' == whatptr[0])
-              break;
+            /* don't count the initial dot, assume it */
            domptr++;
          do {
            nextptr = strchr(domptr, '.');
            if(nextptr) {
              if(domptr != nextptr)
                dotcount++;
              domptr = nextptr+1;
            }
          } while(nextptr);
          /* The original Netscape cookie spec defined that this domain name
             MUST have three dots (or two if one of the seven holy TLDs),
             but it seems that these kinds of cookies are in use "out there"
             so we cannot be that strict. I've therefore lowered the check
             to not allow less than two dots. */
          if(dotcount < 2) {
            /* Received and skipped a cookie with a domain using too few
               dots. */
            badcookie=TRUE; /* mark this as a bad cookie */
            infof(data, "skipped cookie with illegal dotcount domain: %s\n",
                  whatptr);
          }
-          else if(Curl_raw_equal("domain", name)) {
+          else {
-            /* note that this name may or may not have a preceding dot, but
+            /* Now, we make sure that our host is within the given domain,
-               we don't care about that, we treat the names the same anyway */
+               or the given domain is not valid and thus cannot be set. */
            const char *domptr=whatptr;
            const char *nextptr;
            int dotcount=1;
            /* Count the dots, we need to make sure that there are enough
               of them. */
            if('.' == whatptr[0])
-              /* don't count the initial dot, assume it */
+              whatptr++; /* ignore preceding dot */
              domptr++;
-            do {
+            if(!domain || tailmatch(whatptr, domain)) {
-              nextptr = strchr(domptr, '.');
+              const char *tailptr=whatptr;
-              if(nextptr) {
+              if(tailptr[0] == '.')
-                if(domptr != nextptr)
+                tailptr++;
-                  dotcount++;
+              strstore(&co->domain, tailptr); /* don't prefix w/dots
-                domptr = nextptr+1;
+                                                 internally */
              if(!co->domain) {
                badcookie = TRUE;
                break;
              }
-            } while(nextptr);
+              co->tailmatch=TRUE; /* we always do that if the domain name was
-
+                                     given */
            /* The original Netscape cookie spec defined that this domain name
               MUST have three dots (or two if one of the seven holy TLDs),
               but it seems that these kinds of cookies are in use "out there"
               so we cannot be that strict. I've therefore lowered the check
               to not allow less than two dots. */
            if(dotcount < 2) {
              /* Received and skipped a cookie with a domain using too few
                 dots. */
              badcookie=TRUE; /* mark this as a bad cookie */
              infof(data, "skipped cookie with illegal dotcount domain: %s\n",
                    whatptr);
            }
            else {
-              /* Now, we make sure that our host is within the given domain,
+              /* we did not get a tailmatch and then the attempted set domain
-                 or the given domain is not valid and thus cannot be set. */
+                 is not a domain to which the current host belongs. Mark as
-
+                 bad. */
-              if('.' == whatptr[0])
+              badcookie=TRUE;
-                whatptr++; /* ignore preceding dot */
+              infof(data, "skipped cookie with bad tailmatch domain: %s\n",
-
+                    whatptr);
              if(!domain || tailmatch(whatptr, domain)) {
                const char *tailptr=whatptr;
                if(tailptr[0] == '.')
                  tailptr++;
                strstore(&co->domain, tailptr); /* don't prefix w/dots
                                                   internally */
                if(!co->domain) {
                  badcookie = TRUE;
                  break;
                }
                co->tailmatch=TRUE; /* we always do that if the domain name was
                                       given */
              }
              else {
                /* we did not get a tailmatch and then the attempted set domain
                   is not a domain to which the current host belongs. Mark as
                   bad. */
                badcookie=TRUE;
                infof(data, "skipped cookie with bad tailmatch domain: %s\n",
                      whatptr);
              }
            }
          }
          else if(Curl_raw_equal("version", name)) {
            strstore(&co->version, whatptr);
            if(!co->version) {
              badcookie = TRUE;
              break;
            }
          }
          else if(Curl_raw_equal("max-age", name)) {
            /* Defined in RFC2109:
               Optional.  The Max-Age attribute defines the lifetime of the
               cookie, in seconds.  The delta-seconds value is a decimal non-
               negative integer.  After delta-seconds seconds elapse, the
               client should discard the cookie.  A value of zero means the
               cookie should be discarded immediately.
             */
            strstore(&co->maxage, whatptr);
            if(!co->maxage) {
              badcookie = TRUE;
              break;
            }
            co->expires =
              strtol((*co->maxage=='\"')?&co->maxage[1]:&co->maxage[0],NULL,10)
                + (long)now;
          }
          else if(Curl_raw_equal("expires", name)) {
            strstore(&co->expirestr, whatptr);
            if(!co->expirestr) {
              badcookie = TRUE;
              break;
            }
            /* Note that if the date couldn't get parsed for whatever reason,
               the cookie will be treated as a session cookie */
            co->expires = curl_getdate(what, &now);
            /* Session cookies have expires set to 0 so if we get that back
               from the date parser let's add a second to make it a
               non-session cookie */
            if(co->expires == 0)
              co->expires = 1;
            else if(co->expires < 0)
              co->expires = 0;
          }
          else if(!co->name) {
            co->name = strdup(name);
            co->value = strdup(whatptr);
            if(!co->name || !co->value) {
              badcookie = TRUE;
              break;
            }
          }
          /*
            else this is the second (or more) name we don't know
            about! */
        }
-        else {
+        else if(Curl_raw_equal("version", name)) {
-          /* this is an "illegal" <what>=<this> pair */
+          strstore(&co->version, whatptr);
          if(!co->version) {
            badcookie = TRUE;
            break;
          }
        }
        else if(Curl_raw_equal("max-age", name)) {
          /* Defined in RFC2109:
             Optional.  The Max-Age attribute defines the lifetime of the
             cookie, in seconds.  The delta-seconds value is a decimal non-
             negative integer.  After delta-seconds seconds elapse, the
             client should discard the cookie.  A value of zero means the
             cookie should be discarded immediately.
          */
          strstore(&co->maxage, whatptr);
          if(!co->maxage) {
            badcookie = TRUE;
            break;
          }
          co->expires =
            strtol((*co->maxage=='\"')?&co->maxage[1]:&co->maxage[0],NULL,10)
            + (long)now;
        }
        else if(Curl_raw_equal("expires", name)) {
          strstore(&co->expirestr, whatptr);
          if(!co->expirestr) {
            badcookie = TRUE;
            break;
          }
          /* Note that if the date couldn't get parsed for whatever reason,
             the cookie will be treated as a session cookie */
          co->expires = curl_getdate(what, &now);
          /* Session cookies have expires set to 0 so if we get that back
             from the date parser let's add a second to make it a
             non-session cookie */
          if(co->expires == 0)
            co->expires = 1;
          else if(co->expires < 0)
            co->expires = 0;
        }
        else if(!co->name) {
          co->name = strdup(name);
          co->value = strdup(whatptr);
          if(!co->name || !co->value) {
            badcookie = TRUE;
            break;
          }
        }
        /*
          else this is the second (or more) name we don't know
          about! */
      }
      else {
-        if(sscanf(ptr, "%" MAX_COOKIE_LINE_TXT "[^;\r\n]",
+        /* this is an "illegal" <what>=<this> pair */
                  what)) {
          if(Curl_raw_equal("secure", what)) {
            co->secure = TRUE;
          }
          else if(Curl_raw_equal("httponly", what)) {
            co->httponly = TRUE;
          }
          /* else,
             unsupported keyword without assign! */
        }
      }
      if(!semiptr || !*semiptr) {
        /* we already know there are no more cookies */
        semiptr = NULL;
@@ -530,7 +527,7 @@ Curl_cookie_add(struct SessionHandle *data,
           As far as I can see, it is set to true when the cookie says
           .domain.com and to false when the domain is complete www.domain.com
        */
-        co->tailmatch=(bool)Curl_raw_equal(ptr, "TRUE");
+        co->tailmatch = Curl_raw_equal(ptr, "TRUE")?TRUE:FALSE;
        break;
      case 2:
        /* It turns out, that sometimes the file format allows the path
@@ -550,7 +547,7 @@ Curl_cookie_add(struct SessionHandle *data,
        fields++; /* add a field and fall down to secure */
        /* FALLTHROUGH */
      case 3:
-        co->secure = (bool)Curl_raw_equal(ptr, "TRUE");
+        co->secure = Curl_raw_equal(ptr, "TRUE")?TRUE:FALSE;
        break;
      case 4:
        co->expires = curlx_strtoofft(ptr, NULL, 10);
@@ -1110,23 +1107,20 @@ struct curl_slist *Curl_cookie_list(struct SessionHandle *data)
  c = data->cookies->cookies;
  beg = list;
  while(c) {
    /* fill the list with _all_ the cookies we know */
    line = get_netscape_format(c);
-    if(line == NULL) {
+    if(!line) {
-      curl_slist_free_all(beg);
+      curl_slist_free_all(list);
      return NULL;
    }
-    list = curl_slist_append(list, line);
+    beg = curl_slist_append(list, line);
    free(line);
-    if(list == NULL) {
+    if(!beg) {
-      curl_slist_free_all(beg);
+      curl_slist_free_all(list);
      return NULL;
    }
-    else if(beg == NULL) {
+    list = beg;
      beg = list;
    }
    c = c->next;
  }
@@ -1151,10 +1145,12 @@ void Curl_flush_cookies(struct SessionHandle *data, int cleanup)
            data->set.str[STRING_COOKIEJAR]);
  }
  else {
-    if(cleanup && data->change.cookielist)
+    if(cleanup && data->change.cookielist) {
      /* since nothing is written, we can just free the list of cookie file
         names */
      curl_slist_free_all(data->change.cookielist); /* clean up list */
      data->change.cookielist = NULL;
    }
    Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE);
  }
--- a/lib/cookie.h
+++ b/lib/cookie.h
@@ -21,15 +21,7 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
-
+#include "setup.h"
 #include <stdio.h>
 #if defined(WIN32)
 #include <time.h>
 #else
 #ifdef HAVE_SYS_TIME_H
 #include <sys/time.h>
 #endif
 #endif
 #include <curl/curl.h>
@@ -95,10 +87,10 @@ void Curl_cookie_clearsess(struct CookieInfo *cookies);
 #if defined(CURL_DISABLE_HTTP) || defined(CURL_DISABLE_COOKIES)
 #define Curl_cookie_list(x) NULL
-#define Curl_cookie_loadfiles(x) do { } while (0)
+#define Curl_cookie_loadfiles(x) Curl_nop_stmt
 #define Curl_cookie_init(x,y,z,w) NULL
-#define Curl_cookie_cleanup(x) do { } while (0)
+#define Curl_cookie_cleanup(x) Curl_nop_stmt
-#define Curl_flush_cookies(x,y)
+#define Curl_flush_cookies(x,y) Curl_nop_stmt
 #else
 void Curl_flush_cookies(struct SessionHandle *data, int cleanup);
 void Curl_cookie_cleanup(struct CookieInfo *);
--- a/lib/curl_addrinfo.c
+++ b/lib/curl_addrinfo.c
@@ -40,7 +40,6 @@
 #ifdef __VMS
 #  include <in.h>
 #  include <inet.h>
 #  include <stdlib.h>
 #endif
 #if defined(NETWARE) && defined(__NOVELL_LIBC__)
--- a/lib/curl_base64.h
+++ b/lib/curl_base64.h
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -22,10 +22,11 @@
 *
 ***************************************************************************/
-size_t Curl_base64_encode(struct SessionHandle *data,
+CURLcode Curl_base64_encode(struct SessionHandle *data,
-                          const char *inputbuff, size_t insize,
+                            const char *inputbuff, size_t insize,
-                          char **outptr);
+                            char **outptr, size_t *outlen);
-size_t Curl_base64_decode(const char *src, unsigned char **outptr);
+CURLcode Curl_base64_decode(const char *src,
                            unsigned char **outptr, size_t *outlen);
 #endif /* HEADER_CURL_BASE64_H */
--- a/lib/curl_gethostname.c
+++ b/lib/curl_gethostname.c
@@ -32,12 +32,16 @@
 * Curl_gethostname() is a wrapper around gethostname() which allows
 * overriding the host name that the function would normally return.
 * This capability is used by the test suite to verify exact matching
- * of NTLM authentication, which exercises libcurl's MD4 and DES code.
+ * of NTLM authentication, which exercises libcurl's MD4 and DES code
 * as well as by the SMTP module when a hostname is not provided.
 *
 * For libcurl debug enabled builds host name overriding takes place
 * when environment variable CURL_GETHOSTNAME is set, using the value
 * held by the variable to override returned host name.
 *
 * Note: The function always returns the un-qualified hostname rather
 * than being provider dependent.
 *
 * For libcurl shared library release builds the test suite preloads
 * another shared library named libhostname using the LD_PRELOAD
 * mechanism which intercepts, and might override, the gethostname()
@@ -58,6 +62,8 @@ int Curl_gethostname(char *name, GETHOSTNAME_TYPE_ARG2 namelen) {
  return -1;
 #else
  int err;
  char* dot;
 #ifdef DEBUGBUILD
@@ -65,17 +71,34 @@ int Curl_gethostname(char *name, GETHOSTNAME_TYPE_ARG2 namelen) {
  const char *force_hostname = getenv("CURL_GETHOSTNAME");
  if(force_hostname) {
    strncpy(name, force_hostname, namelen);
-    name[namelen-1] = '\0';
+    err = 0;
-    return 0;
+  }
  else {
    name[0] = '\0';
    err = gethostname(name, namelen);
  }
-#endif /* DEBUGBUILD */
+#else /* DEBUGBUILD */
  /* The call to system's gethostname() might get intercepted by the
     libhostname library when libcurl is built as a non-debug shared
     library when running the test suite. */
-  return gethostname(name, namelen);
+  name[0] = '\0';
  err = gethostname(name, namelen);
 #endif
  name[namelen - 1] = '\0';
  if(err)
    return err;
  /* Truncate domain, leave only machine name */
  dot = strchr(name, '.');
  if(dot)
    *dot = '\0';
  return 0;
 #endif
 }
--- a/lib/curl_gethostname.h
+++ b/lib/curl_gethostname.h
@@ -22,6 +22,10 @@
 *
 ***************************************************************************/
 /* Hostname buffer size */
 #define HOSTNAME_MAX 1024
 /* This returns the local machine's un-qualified hostname */
 int Curl_gethostname(char *name, GETHOSTNAME_TYPE_ARG2 namelen);
 #endif /* HEADER_CURL_GETHOSTNAME_H */
--- a/lib/curl_gssapi.c
+++ b/lib/curl_gssapi.c
@@ -0,0 +1,69 @@
 /***************************************************************************
 *                                  _   _ ____  _
 *  Project                     ___| | | |  _ \| |
 *                             / __| | | | |_) | |
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
 * Copyright (C) 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
 * are also available at http://curl.haxx.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
 * furnished to do so, under the terms of the COPYING file.
 *
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 * KIND, either express or implied.
 *
 ***************************************************************************/
 #include "setup.h"
 #ifdef HAVE_GSSAPI
 #include "curl_gssapi.h"
 #include "sendf.h"
 OM_uint32 Curl_gss_init_sec_context(
    struct SessionHandle *data,
    OM_uint32 * minor_status,
    gss_ctx_id_t * context,
    gss_name_t target_name,
    gss_channel_bindings_t input_chan_bindings,
    gss_buffer_t input_token,
    gss_buffer_t output_token,
    OM_uint32 * ret_flags)
 {
  OM_uint32 req_flags = GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG;
  if(data->set.gssapi_delegation & CURLGSSAPI_DELEGATION_POLICY_FLAG) {
 #ifdef GSS_C_DELEG_POLICY_FLAG
    req_flags |= GSS_C_DELEG_POLICY_FLAG;
 #else
    infof(data, "warning: support for CURLGSSAPI_DELEGATION_POLICY_FLAG not "
        "compiled in\n");
 #endif
  }
  if(data->set.gssapi_delegation & CURLGSSAPI_DELEGATION_FLAG)
    req_flags |= GSS_C_DELEG_FLAG;
  return gss_init_sec_context(minor_status,
                              GSS_C_NO_CREDENTIAL, /* cred_handle */
                              context,
                              target_name,
                              GSS_C_NO_OID, /* mech_type */
                              req_flags,
                              0, /* time_req */
                              input_chan_bindings,
                              input_token,
                              NULL, /* actual_mech_type */
                              output_token,
                              ret_flags,
                              NULL /* time_rec */);
 }
 #endif /* HAVE_GSSAPI */
--- a/lib/curl_gssapi.h
+++ b/lib/curl_gssapi.h
@@ -0,0 +1,57 @@
 #ifndef HEADER_CURL_GSSAPI_H
 #define HEADER_CURL_GSSAPI_H
 /***************************************************************************
 *                                  _   _ ____  _
 *  Project                     ___| | | |  _ \| |
 *                             / __| | | | |_) | |
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
 * Copyright (C) 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
 * are also available at http://curl.haxx.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
 * furnished to do so, under the terms of the COPYING file.
 *
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 * KIND, either express or implied.
 *
 ***************************************************************************/
 #include "setup.h"
 #include "urldata.h"
 #ifdef HAVE_GSSAPI
 #ifdef HAVE_GSSGNU
 #  include <gss.h>
 #elif defined HAVE_GSSMIT
   /* MIT style */
 #  include <gssapi/gssapi.h>
 #  include <gssapi/gssapi_generic.h>
 #  include <gssapi/gssapi_krb5.h>
 #else
   /* Heimdal-style */
 #  include <gssapi.h>
 #endif
 /* Common method for using gss api */
 OM_uint32 Curl_gss_init_sec_context(
    struct SessionHandle *data,
    OM_uint32 * minor_status,
    gss_ctx_id_t * context,
    gss_name_t target_name,
    gss_channel_bindings_t input_chan_bindings,
    gss_buffer_t input_token,
    gss_buffer_t output_token,
    OM_uint32 * ret_flags);
 #endif /* HAVE_GSSAPI */
 #endif /* HEADER_CURL_GSSAPI_H */
--- a/lib/curl_ntlm.c
+++ b/lib/curl_ntlm.c
@@ -0,0 +1,238 @@
 /***************************************************************************
 *                                  _   _ ____  _
 *  Project                     ___| | | |  _ \| |
 *                             / __| | | | |_) | |
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
 * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
 * are also available at http://curl.haxx.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
 * furnished to do so, under the terms of the COPYING file.
 *
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 * KIND, either express or implied.
 *
 ***************************************************************************/
 #include "setup.h"
 #ifdef USE_NTLM
 /*
 * NTLM details:
 *
 * http://davenport.sourceforge.net/ntlm.html
 * http://www.innovation.ch/java/ntlm.html
 */
 #define DEBUG_ME 0
 #include "urldata.h"
 #include "sendf.h"
 #include "rawstr.h"
 #include "curl_ntlm.h"
 #include "curl_ntlm_msgs.h"
 #include "curl_ntlm_wb.h"
 #include "url.h"
 #include "curl_memory.h"
 #define _MPRINTF_REPLACE /* use our functions only */
 #include <curl/mprintf.h>
 #if defined(USE_NSS)
 #include "nssg.h"
 #elif defined(USE_WINDOWS_SSPI)
 #include "curl_sspi.h"
 #endif
 /* The last #include file should be: */
 #include "memdebug.h"
 #if DEBUG_ME
 # define DEBUG_OUT(x) x
 #else
 # define DEBUG_OUT(x) Curl_nop_stmt
 #endif
 CURLcode Curl_input_ntlm(struct connectdata *conn,
                         bool proxy,         /* if proxy or not */
                         const char *header) /* rest of the www-authenticate:
                                                header */
 {
  /* point to the correct struct with this */
  struct ntlmdata *ntlm;
  CURLcode result = CURLE_OK;
 #ifdef USE_NSS
  result = Curl_nss_force_init(conn->data);
  if(result)
    return result;
 #endif
  ntlm = proxy ? &conn->proxyntlm : &conn->ntlm;
  /* skip initial whitespaces */
  while(*header && ISSPACE(*header))
    header++;
  if(checkprefix("NTLM", header)) {
    header += strlen("NTLM");
    while(*header && ISSPACE(*header))
      header++;
    if(*header) {
      result = Curl_ntlm_decode_type2_message(conn->data, header, ntlm);
      if(CURLE_OK != result)
        return result;
      ntlm->state = NTLMSTATE_TYPE2; /* We got a type-2 message */
    }
    else {
      if(ntlm->state >= NTLMSTATE_TYPE1) {
        infof(conn->data, "NTLM handshake failure (internal error)\n");
        return CURLE_REMOTE_ACCESS_DENIED;
      }
      ntlm->state = NTLMSTATE_TYPE1; /* We should send away a type-1 */
    }
  }
  return result;
 }
 /*
 * This is for creating ntlm header output
 */
 CURLcode Curl_output_ntlm(struct connectdata *conn,
                          bool proxy)
 {
  char *base64 = NULL;
  size_t len = 0;
  CURLcode error;
  /* point to the address of the pointer that holds the string to send to the
     server, which is for a plain host or for a HTTP proxy */
  char **allocuserpwd;
  /* point to the name and password for this */
  const char *userp;
  const char *passwdp;
  /* point to the correct struct with this */
  struct ntlmdata *ntlm;
  struct auth *authp;
  DEBUGASSERT(conn);
  DEBUGASSERT(conn->data);
 #ifdef USE_NSS
  if(CURLE_OK != Curl_nss_force_init(conn->data))
    return CURLE_OUT_OF_MEMORY;
 #endif
  if(proxy) {
    allocuserpwd = &conn->allocptr.proxyuserpwd;
    userp = conn->proxyuser;
    passwdp = conn->proxypasswd;
    ntlm = &conn->proxyntlm;
    authp = &conn->data->state.authproxy;
  }
  else {
    allocuserpwd = &conn->allocptr.userpwd;
    userp = conn->user;
    passwdp = conn->passwd;
    ntlm = &conn->ntlm;
    authp = &conn->data->state.authhost;
  }
  authp->done = FALSE;
  /* not set means empty */
  if(!userp)
    userp = "";
  if(!passwdp)
    passwdp = "";
 #ifdef USE_WINDOWS_SSPI
  if(s_hSecDll == NULL) {
    /* not thread safe and leaks - use curl_global_init() to avoid */
    CURLcode err = Curl_sspi_global_init();
    if(s_hSecDll == NULL)
      return err;
  }
 #endif
  switch(ntlm->state) {
  case NTLMSTATE_TYPE1:
  default: /* for the weird cases we (re)start here */
    /* Create a type-1 message */
    error = Curl_ntlm_create_type1_message(userp, passwdp, ntlm, &base64,
                                           &len);
    if(error)
      return error;
    if(base64) {
      Curl_safefree(*allocuserpwd);
      *allocuserpwd = aprintf("%sAuthorization: NTLM %s\r\n",
                              proxy ? "Proxy-" : "",
                              base64);
      DEBUG_OUT(fprintf(stderr, "**** Header %s\n ", *allocuserpwd));
      free(base64);
    }
    break;
  case NTLMSTATE_TYPE2:
    /* We already received the type-2 message, create a type-3 message */
    error = Curl_ntlm_create_type3_message(conn->data, userp, passwdp,
                                           ntlm, &base64, &len);
    if(error)
      return error;
    if(base64) {
      Curl_safefree(*allocuserpwd);
      *allocuserpwd = aprintf("%sAuthorization: NTLM %s\r\n",
                              proxy ? "Proxy-" : "",
                              base64);
      DEBUG_OUT(fprintf(stderr, "**** %s\n ", *allocuserpwd));
      free(base64);
      ntlm->state = NTLMSTATE_TYPE3; /* we send a type-3 */
      authp->done = TRUE;
    }
    break;
  case NTLMSTATE_TYPE3:
    /* connection is already authenticated,
     * don't send a header in future requests */
    if(*allocuserpwd) {
      free(*allocuserpwd);
      *allocuserpwd = NULL;
    }
    authp->done = TRUE;
    break;
  }
  return CURLE_OK;
 }
 void Curl_http_ntlm_cleanup(struct connectdata *conn)
 {
 #ifdef USE_WINDOWS_SSPI
  Curl_ntlm_sspi_cleanup(&conn->ntlm);
  Curl_ntlm_sspi_cleanup(&conn->proxyntlm);
 #elif defined(NTLM_WB_ENABLED)
  Curl_ntlm_wb_cleanup(conn);
 #else
  (void)conn;
 #endif
 }
 #endif /* USE_NTLM */
--- a/lib/curl_ntlm.h
+++ b/lib/curl_ntlm.h
@@ -0,0 +1,44 @@
 #ifndef HEADER_CURL_NTLM_H
 #define HEADER_CURL_NTLM_H
 /***************************************************************************
 *                                  _   _ ____  _
 *  Project                     ___| | | |  _ \| |
 *                             / __| | | | |_) | |
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
 * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
 * are also available at http://curl.haxx.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
 * furnished to do so, under the terms of the COPYING file.
 *
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 * KIND, either express or implied.
 *
 ***************************************************************************/
 #include "setup.h"
 #ifdef USE_NTLM
 /* this is for ntlm header input */
 CURLcode Curl_input_ntlm(struct connectdata *conn, bool proxy,
                         const char *header);
 /* this is for creating ntlm header output */
 CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy);
 void Curl_http_ntlm_cleanup(struct connectdata *conn);
 #else
 #define Curl_http_ntlm_cleanup(a) Curl_nop_stmt
 #endif
 #endif /* HEADER_CURL_NTLM_H */
--- a/lib/curl_ntlm_core.c
+++ b/lib/curl_ntlm_core.c
@@ -0,0 +1,379 @@
 /***************************************************************************
 *                                  _   _ ____  _
 *  Project                     ___| | | |  _ \| |
 *                             / __| | | | |_) | |
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
 * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
 * are also available at http://curl.haxx.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
 * furnished to do so, under the terms of the COPYING file.
 *
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 * KIND, either express or implied.
 *
 ***************************************************************************/
 #include "setup.h"
 #if defined(USE_NTLM) && !defined(USE_WINDOWS_SSPI)
 /*
 * NTLM details:
 *
 * http://davenport.sourceforge.net/ntlm.html
 * http://www.innovation.ch/java/ntlm.html
 */
 #ifdef USE_SSLEAY
 #  ifdef USE_OPENSSL
 #    include <openssl/des.h>
 #    ifndef OPENSSL_NO_MD4
 #      include <openssl/md4.h>
 #    endif
 #    include <openssl/md5.h>
 #    include <openssl/ssl.h>
 #    include <openssl/rand.h>
 #  else
 #    include <des.h>
 #    ifndef OPENSSL_NO_MD4
 #      include <md4.h>
 #    endif
 #    include <md5.h>
 #    include <ssl.h>
 #    include <rand.h>
 #  endif
 #  if (OPENSSL_VERSION_NUMBER < 0x00907001L)
 #    define DES_key_schedule des_key_schedule
 #    define DES_cblock des_cblock
 #    define DES_set_odd_parity des_set_odd_parity
 #    define DES_set_key des_set_key
 #    define DES_ecb_encrypt des_ecb_encrypt
 #    define DESKEY(x) x
 #    define DESKEYARG(x) x
 #  else
 #    define DESKEYARG(x) *x
 #    define DESKEY(x) &x
 #  endif
 #elif defined(USE_GNUTLS)
 #  include <gcrypt.h>
 #  define MD5_DIGEST_LENGTH 16
 #  define MD4_DIGEST_LENGTH 16
 #elif defined(USE_NSS)
 #  include <nss.h>
 #  include <pk11pub.h>
 #  include <hasht.h>
 #  include "curl_md4.h"
 #  define MD5_DIGEST_LENGTH MD5_LENGTH
 #else
 #  error "Can't compile NTLM support without a crypto library."
 #endif
 #include "urldata.h"
 #include "non-ascii.h"
 #include "rawstr.h"
 #include "curl_memory.h"
 #include "curl_ntlm_core.h"
 #define _MPRINTF_REPLACE /* use our functions only */
 #include <curl/mprintf.h>
 /* The last #include file should be: */
 #include "memdebug.h"
 #ifdef USE_SSLEAY
 /*
 * Turns a 56 bit key into the 64 bit, odd parity key and sets the key.  The
 * key schedule ks is also set.
 */
 static void setup_des_key(const unsigned char *key_56,
                          DES_key_schedule DESKEYARG(ks))
 {
  DES_cblock key;
  key[0] = key_56[0];
  key[1] = (unsigned char)(((key_56[0] << 7) & 0xFF) | (key_56[1] >> 1));
  key[2] = (unsigned char)(((key_56[1] << 6) & 0xFF) | (key_56[2] >> 2));
  key[3] = (unsigned char)(((key_56[2] << 5) & 0xFF) | (key_56[3] >> 3));
  key[4] = (unsigned char)(((key_56[3] << 4) & 0xFF) | (key_56[4] >> 4));
  key[5] = (unsigned char)(((key_56[4] << 3) & 0xFF) | (key_56[5] >> 5));
  key[6] = (unsigned char)(((key_56[5] << 2) & 0xFF) | (key_56[6] >> 6));
  key[7] = (unsigned char) ((key_56[6] << 1) & 0xFF);
  DES_set_odd_parity(&key);
  DES_set_key(&key, ks);
 }
 #else /* defined(USE_SSLEAY) */
 /*
 * Turns a 56 bit key into the 64 bit, odd parity key.  Used by GnuTLS and NSS.
 */
 static void extend_key_56_to_64(const unsigned char *key_56, char *key)
 {
  key[0] = key_56[0];
  key[1] = (unsigned char)(((key_56[0] << 7) & 0xFF) | (key_56[1] >> 1));
  key[2] = (unsigned char)(((key_56[1] << 6) & 0xFF) | (key_56[2] >> 2));
  key[3] = (unsigned char)(((key_56[2] << 5) & 0xFF) | (key_56[3] >> 3));
  key[4] = (unsigned char)(((key_56[3] << 4) & 0xFF) | (key_56[4] >> 4));
  key[5] = (unsigned char)(((key_56[4] << 3) & 0xFF) | (key_56[5] >> 5));
  key[6] = (unsigned char)(((key_56[5] << 2) & 0xFF) | (key_56[6] >> 6));
  key[7] = (unsigned char) ((key_56[6] << 1) & 0xFF);
 }
 #if defined(USE_GNUTLS)
 /*
 * Turns a 56 bit key into the 64 bit, odd parity key and sets the key.
 */
 static void setup_des_key(const unsigned char *key_56,
                          gcry_cipher_hd_t *des)
 {
  char key[8];
  extend_key_56_to_64(key_56, key);
  gcry_cipher_setkey(*des, key, 8);
 }
 #elif defined(USE_NSS)
 /*
 * Expands a 56 bit key KEY_56 to 64 bit and encrypts 64 bit of data, using
 * the expanded key.  The caller is responsible for giving 64 bit of valid
 * data is IN and (at least) 64 bit large buffer as OUT.
 */
 static bool encrypt_des(const unsigned char *in, unsigned char *out,
                        const unsigned char *key_56)
 {
  const CK_MECHANISM_TYPE mech = CKM_DES_ECB; /* DES cipher in ECB mode */
  PK11SlotInfo *slot = NULL;
  char key[8];                                /* expanded 64 bit key */
  SECItem key_item;
  PK11SymKey *symkey = NULL;
  SECItem *param = NULL;
  PK11Context *ctx = NULL;
  int out_len;                                /* not used, required by NSS */
  bool rv = FALSE;
  /* use internal slot for DES encryption (requires NSS to be initialized) */
  slot = PK11_GetInternalKeySlot();
  if(!slot)
    return FALSE;
  /* expand the 56 bit key to 64 bit and wrap by NSS */
  extend_key_56_to_64(key_56, key);
  key_item.data = (unsigned char *)key;
  key_item.len = /* hard-wired */ 8;
  symkey = PK11_ImportSymKey(slot, mech, PK11_OriginUnwrap, CKA_ENCRYPT,
                             &key_item, NULL);
  if(!symkey)
    goto fail;
  /* create DES encryption context */
  param = PK11_ParamFromIV(mech, /* no IV in ECB mode */ NULL);
  if(!param)
    goto fail;
  ctx = PK11_CreateContextBySymKey(mech, CKA_ENCRYPT, symkey, param);
  if(!ctx)
    goto fail;
  /* perform the encryption */
  if(SECSuccess == PK11_CipherOp(ctx, out, &out_len, /* outbuflen */ 8,
                                 (unsigned char *)in, /* inbuflen */ 8)
      && SECSuccess == PK11_Finalize(ctx))
    rv = /* all OK */ TRUE;
 fail:
  /* cleanup */
  if(ctx)
    PK11_DestroyContext(ctx, PR_TRUE);
  if(symkey)
    PK11_FreeSymKey(symkey);
  if(param)
    SECITEM_FreeItem(param, PR_TRUE);
  PK11_FreeSlot(slot);
  return rv;
 }
 #endif /* defined(USE_NSS) */
 #endif /* defined(USE_SSLEAY) */
 /*
  * takes a 21 byte array and treats it as 3 56-bit DES keys. The
  * 8 byte plaintext is encrypted with each key and the resulting 24
  * bytes are stored in the results array.
  */
 void Curl_ntlm_core_lm_resp(const unsigned char *keys,
                            const unsigned char *plaintext,
                            unsigned char *results)
 {
 #ifdef USE_SSLEAY
  DES_key_schedule ks;
  setup_des_key(keys, DESKEY(ks));
  DES_ecb_encrypt((DES_cblock*) plaintext, (DES_cblock*) results,
                  DESKEY(ks), DES_ENCRYPT);
  setup_des_key(keys + 7, DESKEY(ks));
  DES_ecb_encrypt((DES_cblock*) plaintext, (DES_cblock*) (results + 8),
                  DESKEY(ks), DES_ENCRYPT);
  setup_des_key(keys + 14, DESKEY(ks));
  DES_ecb_encrypt((DES_cblock*) plaintext, (DES_cblock*) (results + 16),
                  DESKEY(ks), DES_ENCRYPT);
 #elif defined(USE_GNUTLS)
  gcry_cipher_hd_t des;
  gcry_cipher_open(&des, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0);
  setup_des_key(keys, &des);
  gcry_cipher_encrypt(des, results, 8, plaintext, 8);
  gcry_cipher_close(des);
  gcry_cipher_open(&des, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0);
  setup_des_key(keys + 7, &des);
  gcry_cipher_encrypt(des, results + 8, 8, plaintext, 8);
  gcry_cipher_close(des);
  gcry_cipher_open(&des, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0);
  setup_des_key(keys + 14, &des);
  gcry_cipher_encrypt(des, results + 16, 8, plaintext, 8);
  gcry_cipher_close(des);
 #elif defined(USE_NSS)
  encrypt_des(plaintext, results, keys);
  encrypt_des(plaintext, results + 8, keys + 7);
  encrypt_des(plaintext, results + 16, keys + 14);
 #endif
 }
 /*
 * Set up lanmanager hashed password
 */
 void Curl_ntlm_core_mk_lm_hash(struct SessionHandle *data,
                               const char *password,
                               unsigned char *lmbuffer /* 21 bytes */)
 {
  CURLcode res;
  unsigned char pw[14];
  static const unsigned char magic[] = {
    0x4B, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 /* i.e. KGS!@#$% */
  };
  size_t len = CURLMIN(strlen(password), 14);
  Curl_strntoupper((char *)pw, password, len);
  memset(&pw[len], 0, 14 - len);
  /*
   * The LanManager hashed password needs to be created using the
   * password in the network encoding not the host encoding.
   */
  res = Curl_convert_to_network(data, (char *)pw, 14);
  if(res)
    return;
  {
    /* Create LanManager hashed password. */
 #ifdef USE_SSLEAY
    DES_key_schedule ks;
    setup_des_key(pw, DESKEY(ks));
    DES_ecb_encrypt((DES_cblock *)magic, (DES_cblock *)lmbuffer,
                    DESKEY(ks), DES_ENCRYPT);
    setup_des_key(pw + 7, DESKEY(ks));
    DES_ecb_encrypt((DES_cblock *)magic, (DES_cblock *)(lmbuffer + 8),
                    DESKEY(ks), DES_ENCRYPT);
 #elif defined(USE_GNUTLS)
    gcry_cipher_hd_t des;
    gcry_cipher_open(&des, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0);
    setup_des_key(pw, &des);
    gcry_cipher_encrypt(des, lmbuffer, 8, magic, 8);
    gcry_cipher_close(des);
    gcry_cipher_open(&des, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0);
    setup_des_key(pw + 7, &des);
    gcry_cipher_encrypt(des, lmbuffer + 8, 8, magic, 8);
    gcry_cipher_close(des);
 #elif defined(USE_NSS)
    encrypt_des(magic, lmbuffer, pw);
    encrypt_des(magic, lmbuffer + 8, pw + 7);
 #endif
    memset(lmbuffer + 16, 0, 21 - 16);
  }
 }
 #if USE_NTRESPONSES
 static void ascii_to_unicode_le(unsigned char *dest, const char *src,
                                size_t srclen)
 {
  size_t i;
  for(i = 0; i < srclen; i++) {
    dest[2 * i] = (unsigned char)src[i];
    dest[2 * i + 1] = '\0';
  }
 }
 /*
 * Set up nt hashed passwords
 */
 CURLcode Curl_ntlm_core_mk_nt_hash(struct SessionHandle *data,
                                   const char *password,
                                   unsigned char *ntbuffer /* 21 bytes */)
 {
  size_t len = strlen(password);
  unsigned char *pw = malloc(len * 2);
  CURLcode result;
  if(!pw)
    return CURLE_OUT_OF_MEMORY;
  ascii_to_unicode_le(pw, password, len);
  /*
   * The NT hashed password needs to be created using the password in the
   * network encoding not the host encoding.
   */
  result = Curl_convert_to_network(data, (char *)pw, len * 2);
  if(result)
    return result;
  {
    /* Create NT hashed password. */
 #ifdef USE_SSLEAY
    MD4_CTX MD4pw;
    MD4_Init(&MD4pw);
    MD4_Update(&MD4pw, pw, 2 * len);
    MD4_Final(ntbuffer, &MD4pw);
 #elif defined(USE_GNUTLS)
    gcry_md_hd_t MD4pw;
    gcry_md_open(&MD4pw, GCRY_MD_MD4, 0);
    gcry_md_write(MD4pw, pw, 2 * len);
    memcpy (ntbuffer, gcry_md_read (MD4pw, 0), MD4_DIGEST_LENGTH);
    gcry_md_close(MD4pw);
 #elif defined(USE_NSS)
    Curl_md4it(ntbuffer, pw, 2 * len);
 #endif
    memset(ntbuffer + 16, 0, 21 - 16);
  }
  free(pw);
  return CURLE_OK;
 }
 #endif /* USE_NTRESPONSES */
 #endif /* USE_NTLM && !USE_WINDOWS_SSPI */
--- a/lib/curl_ntlm_core.h
+++ b/lib/curl_ntlm_core.h
@@ -0,0 +1,68 @@
 #ifndef HEADER_CURL_NTLM_CORE_H
 #define HEADER_CURL_NTLM_CORE_H
 /***************************************************************************
 *                                  _   _ ____  _
 *  Project                     ___| | | |  _ \| |
 *                             / __| | | | |_) | |
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
 * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
 * are also available at http://curl.haxx.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
 * furnished to do so, under the terms of the COPYING file.
 *
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 * KIND, either express or implied.
 *
 ***************************************************************************/
 #include "setup.h"
 #if defined(USE_NTLM) && !defined(USE_WINDOWS_SSPI)
 #ifdef USE_SSLEAY
 #  if !defined(OPENSSL_VERSION_NUMBER) && \
      !defined(HEADER_SSL_H) && !defined(HEADER_MD5_H)
 #    error "curl_ntlm_core.h shall not be included before OpenSSL headers."
 #  endif
 #  ifdef OPENSSL_NO_MD4
 #    define USE_NTRESPONSES 0
 #    define USE_NTLM2SESSION 0
 #  endif
 #endif
 /*
 * Define USE_NTRESPONSES to 1 in order to make the type-3 message include
 * the NT response message. Define USE_NTLM2SESSION to 1 in order to make
 * the type-3 message include the NTLM2Session response message, requires
 * USE_NTRESPONSES defined to 1.
 */
 #ifndef USE_NTRESPONSES
 #  define USE_NTRESPONSES 1
 #  define USE_NTLM2SESSION 1
 #endif
 void Curl_ntlm_core_lm_resp(const unsigned char *keys,
                            const unsigned char *plaintext,
                            unsigned char *results);
 void Curl_ntlm_core_mk_lm_hash(struct SessionHandle *data,
                               const char *password,
                               unsigned char *lmbuffer /* 21 bytes */);
 #if USE_NTRESPONSES
 CURLcode Curl_ntlm_core_mk_nt_hash(struct SessionHandle *data,
                                   const char *password,
                                   unsigned char *ntbuffer /* 21 bytes */);
 #endif
 #endif /* USE_NTLM && !USE_WINDOWS_SSPI */
 #endif /* HEADER_CURL_NTLM_CORE_H */
--- a/lib/curl_ntlm_msgs.c
+++ b/lib/curl_ntlm_msgs.c
@@ -0,0 +1,958 @@
 /***************************************************************************
 *                                  _   _ ____  _
 *  Project                     ___| | | |  _ \| |
 *                             / __| | | | |_) | |
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
 * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
 * are also available at http://curl.haxx.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
 * furnished to do so, under the terms of the COPYING file.
 *
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 * KIND, either express or implied.
 *
 ***************************************************************************/
 #include "setup.h"
 #ifdef USE_NTLM
 /*
 * NTLM details:
 *
 * http://davenport.sourceforge.net/ntlm.html
 * http://www.innovation.ch/java/ntlm.html
 */
 #define DEBUG_ME 0
 #ifdef USE_SSLEAY
 #  ifdef USE_OPENSSL
 #    include <openssl/des.h>
 #    ifndef OPENSSL_NO_MD4
 #      include <openssl/md4.h>
 #    endif
 #    include <openssl/md5.h>
 #    include <openssl/ssl.h>
 #    include <openssl/rand.h>
 #  else
 #    include <des.h>
 #    ifndef OPENSSL_NO_MD4
 #      include <md4.h>
 #    endif
 #    include <md5.h>
 #    include <ssl.h>
 #    include <rand.h>
 #  endif
 #  include "ssluse.h"
 #elif defined(USE_GNUTLS)
 #  include <gcrypt.h>
 #  include "gtls.h"
 #  define MD5_DIGEST_LENGTH 16
 #  define MD4_DIGEST_LENGTH 16
 #elif defined(USE_NSS)
 #  include <nss.h>
 #  include <pk11pub.h>
 #  include <hasht.h>
 #  include "nssg.h"
 #  include "curl_md4.h"
 #  define MD5_DIGEST_LENGTH MD5_LENGTH
 #elif defined(USE_WINDOWS_SSPI)
 #  include "curl_sspi.h"
 #else
 #  error "Can't compile NTLM support without a crypto library."
 #endif
 #include "urldata.h"
 #include "non-ascii.h"
 #include "sendf.h"
 #include "curl_base64.h"
 #include "curl_ntlm_core.h"
 #include "curl_gethostname.h"
 #include "curl_memory.h"
 #define BUILDING_CURL_NTLM_MSGS_C
 #include "curl_ntlm_msgs.h"
 #define _MPRINTF_REPLACE /* use our functions only */
 #include <curl/mprintf.h>
 /* The last #include file should be: */
 #include "memdebug.h"
 /* "NTLMSSP" signature is always in ASCII regardless of the platform */
 #define NTLMSSP_SIGNATURE "\x4e\x54\x4c\x4d\x53\x53\x50"
 #define SHORTPAIR(x) ((x) & 0xff), (((x) >> 8) & 0xff)
 #define LONGQUARTET(x) ((x) & 0xff), (((x) >> 8) & 0xff), \
  (((x) >> 16) & 0xff), (((x) >> 24) & 0xff)
 #if DEBUG_ME
 # define DEBUG_OUT(x) x
 static void ntlm_print_flags(FILE *handle, unsigned long flags)
 {
  if(flags & NTLMFLAG_NEGOTIATE_UNICODE)
    fprintf(handle, "NTLMFLAG_NEGOTIATE_UNICODE ");
  if(flags & NTLMFLAG_NEGOTIATE_OEM)
    fprintf(handle, "NTLMFLAG_NEGOTIATE_OEM ");
  if(flags & NTLMFLAG_REQUEST_TARGET)
    fprintf(handle, "NTLMFLAG_REQUEST_TARGET ");
  if(flags & (1<<3))
    fprintf(handle, "NTLMFLAG_UNKNOWN_3 ");
  if(flags & NTLMFLAG_NEGOTIATE_SIGN)
    fprintf(handle, "NTLMFLAG_NEGOTIATE_SIGN ");
  if(flags & NTLMFLAG_NEGOTIATE_SEAL)
    fprintf(handle, "NTLMFLAG_NEGOTIATE_SEAL ");
  if(flags & NTLMFLAG_NEGOTIATE_DATAGRAM_STYLE)
    fprintf(handle, "NTLMFLAG_NEGOTIATE_DATAGRAM_STYLE ");
  if(flags & NTLMFLAG_NEGOTIATE_LM_KEY)
    fprintf(handle, "NTLMFLAG_NEGOTIATE_LM_KEY ");
  if(flags & NTLMFLAG_NEGOTIATE_NETWARE)
    fprintf(handle, "NTLMFLAG_NEGOTIATE_NETWARE ");
  if(flags & NTLMFLAG_NEGOTIATE_NTLM_KEY)
    fprintf(handle, "NTLMFLAG_NEGOTIATE_NTLM_KEY ");
  if(flags & (1<<10))
    fprintf(handle, "NTLMFLAG_UNKNOWN_10 ");
  if(flags & NTLMFLAG_NEGOTIATE_ANONYMOUS)
    fprintf(handle, "NTLMFLAG_NEGOTIATE_ANONYMOUS ");
  if(flags & NTLMFLAG_NEGOTIATE_DOMAIN_SUPPLIED)
    fprintf(handle, "NTLMFLAG_NEGOTIATE_DOMAIN_SUPPLIED ");
  if(flags & NTLMFLAG_NEGOTIATE_WORKSTATION_SUPPLIED)
    fprintf(handle, "NTLMFLAG_NEGOTIATE_WORKSTATION_SUPPLIED ");
  if(flags & NTLMFLAG_NEGOTIATE_LOCAL_CALL)
    fprintf(handle, "NTLMFLAG_NEGOTIATE_LOCAL_CALL ");
  if(flags & NTLMFLAG_NEGOTIATE_ALWAYS_SIGN)
    fprintf(handle, "NTLMFLAG_NEGOTIATE_ALWAYS_SIGN ");
  if(flags & NTLMFLAG_TARGET_TYPE_DOMAIN)
    fprintf(handle, "NTLMFLAG_TARGET_TYPE_DOMAIN ");
  if(flags & NTLMFLAG_TARGET_TYPE_SERVER)
    fprintf(handle, "NTLMFLAG_TARGET_TYPE_SERVER ");
  if(flags & NTLMFLAG_TARGET_TYPE_SHARE)
    fprintf(handle, "NTLMFLAG_TARGET_TYPE_SHARE ");
  if(flags & NTLMFLAG_NEGOTIATE_NTLM2_KEY)
    fprintf(handle, "NTLMFLAG_NEGOTIATE_NTLM2_KEY ");
  if(flags & NTLMFLAG_REQUEST_INIT_RESPONSE)
    fprintf(handle, "NTLMFLAG_REQUEST_INIT_RESPONSE ");
  if(flags & NTLMFLAG_REQUEST_ACCEPT_RESPONSE)
    fprintf(handle, "NTLMFLAG_REQUEST_ACCEPT_RESPONSE ");
  if(flags & NTLMFLAG_REQUEST_NONNT_SESSION_KEY)
    fprintf(handle, "NTLMFLAG_REQUEST_NONNT_SESSION_KEY ");
  if(flags & NTLMFLAG_NEGOTIATE_TARGET_INFO)
    fprintf(handle, "NTLMFLAG_NEGOTIATE_TARGET_INFO ");
  if(flags & (1<<24))
    fprintf(handle, "NTLMFLAG_UNKNOWN_24 ");
  if(flags & (1<<25))
    fprintf(handle, "NTLMFLAG_UNKNOWN_25 ");
  if(flags & (1<<26))
    fprintf(handle, "NTLMFLAG_UNKNOWN_26 ");
  if(flags & (1<<27))
    fprintf(handle, "NTLMFLAG_UNKNOWN_27 ");
  if(flags & (1<<28))
    fprintf(handle, "NTLMFLAG_UNKNOWN_28 ");
  if(flags & NTLMFLAG_NEGOTIATE_128)
    fprintf(handle, "NTLMFLAG_NEGOTIATE_128 ");
  if(flags & NTLMFLAG_NEGOTIATE_KEY_EXCHANGE)
    fprintf(handle, "NTLMFLAG_NEGOTIATE_KEY_EXCHANGE ");
  if(flags & NTLMFLAG_NEGOTIATE_56)
    fprintf(handle, "NTLMFLAG_NEGOTIATE_56 ");
 }
 static void ntlm_print_hex(FILE *handle, const char *buf, size_t len)
 {
  const char *p = buf;
  (void)handle;
  fprintf(stderr, "0x");
  while(len-- > 0)
    fprintf(stderr, "%02.2x", (unsigned int)*p++);
 }
 #else
 # define DEBUG_OUT(x) Curl_nop_stmt
 #endif
 #ifndef USE_WINDOWS_SSPI
 /*
 * This function converts from the little endian format used in the
 * incoming package to whatever endian format we're using natively.
 * Argument is a pointer to a 4 byte buffer.
 */
 static unsigned int readint_le(unsigned char *buf)
 {
  return ((unsigned int)buf[0]) | ((unsigned int)buf[1] << 8) |
    ((unsigned int)buf[2] << 16) | ((unsigned int)buf[3] << 24);
 }
 #endif
 /*
  NTLM message structure notes:
  A 'short' is a 'network short', a little-endian 16-bit unsigned value.
  A 'long' is a 'network long', a little-endian, 32-bit unsigned value.
  A 'security buffer' represents a triplet used to point to a buffer,
  consisting of two shorts and one long:
    1. A 'short' containing the length of the buffer content in bytes.
    2. A 'short' containing the allocated space for the buffer in bytes.
    3. A 'long' containing the offset to the start of the buffer in bytes,
       from the beginning of the NTLM message.
 */
 /*
 * Curl_ntlm_decode_type2_message()
 *
 * This is used to decode a ntlm type-2 message received from a: HTTP, SMTP
 * or POP3 server. The message is first decoded from a base64 string into a
 * raw ntlm message and checked for validity before the appropriate data for
 * creating a type-3 message is written to the given ntlm data structure.
 *
 * Parameters:
 *
 * data    [in]     - Pointer to session handle.
 * header  [in]     - Pointer to the input buffer.
 * ntlm    [in]     - Pointer to ntlm data struct being used and modified.
 *
 * Returns CURLE_OK on success.
 */
 CURLcode Curl_ntlm_decode_type2_message(struct SessionHandle *data,
                                        const char* header,
                                        struct ntlmdata* ntlm)
 {
 #ifndef USE_WINDOWS_SSPI
  static const char type2_marker[] = { 0x02, 0x00, 0x00, 0x00 };
 #endif
  /* NTLM type-2 message structure:
          Index  Description            Content
            0    NTLMSSP Signature      Null-terminated ASCII "NTLMSSP"
                                        (0x4e544c4d53535000)
            8    NTLM Message Type      long (0x02000000)
           12    Target Name            security buffer
           20    Flags                  long
           24    Challenge              8 bytes
          (32)   Context                8 bytes (two consecutive longs) (*)
          (40)   Target Information     security buffer (*)
          (48)   OS Version Structure   8 bytes (*)
  32 (48) (56)   Start of data block    (*)
                                        (*) -> Optional
  */
  size_t size = 0;
  unsigned char *buffer = NULL;
  CURLcode error;
 #if defined(CURL_DISABLE_VERBOSE_STRINGS) || defined(USE_WINDOWS_SSPI)
  (void)data;
 #endif
  error = Curl_base64_decode(header, &buffer, &size);
  if(error)
    return error;
  if(!buffer) {
    infof(data, "NTLM handshake failure (unhandled condition)\n");
    return CURLE_REMOTE_ACCESS_DENIED;
  }
 #ifdef USE_WINDOWS_SSPI
  ntlm->type_2 = malloc(size + 1);
  if(ntlm->type_2 == NULL) {
    free(buffer);
    return CURLE_OUT_OF_MEMORY;
  }
  ntlm->n_type_2 = (unsigned long)size;
  memcpy(ntlm->type_2, buffer, size);
 #else
  ntlm->flags = 0;
  if((size < 32) ||
     (memcmp(buffer, NTLMSSP_SIGNATURE, 8) != 0) ||
     (memcmp(buffer + 8, type2_marker, sizeof(type2_marker)) != 0)) {
    /* This was not a good enough type-2 message */
    free(buffer);
    infof(data, "NTLM handshake failure (bad type-2 message)\n");
    return CURLE_REMOTE_ACCESS_DENIED;
  }
  ntlm->flags = readint_le(&buffer[20]);
  memcpy(ntlm->nonce, &buffer[24], 8);
  DEBUG_OUT({
    fprintf(stderr, "**** TYPE2 header flags=0x%08.8lx ", ntlm->flags);
    ntlm_print_flags(stderr, ntlm->flags);
    fprintf(stderr, "\n                  nonce=");
    ntlm_print_hex(stderr, (char *)ntlm->nonce, 8);
    fprintf(stderr, "\n****\n");
    fprintf(stderr, "**** Header %s\n ", header);
  });
 #endif
  free(buffer);
  return CURLE_OK;
 }
 #ifdef USE_WINDOWS_SSPI
 void Curl_ntlm_sspi_cleanup(struct ntlmdata *ntlm)
 {
  if(ntlm->type_2) {
    free(ntlm->type_2);
    ntlm->type_2 = NULL;
  }
  if(ntlm->has_handles) {
    s_pSecFn->DeleteSecurityContext(&ntlm->c_handle);
    s_pSecFn->FreeCredentialsHandle(&ntlm->handle);
    ntlm->has_handles = 0;
  }
  if(ntlm->p_identity) {
    if(ntlm->identity.User) free(ntlm->identity.User);
    if(ntlm->identity.Password) free(ntlm->identity.Password);
    if(ntlm->identity.Domain) free(ntlm->identity.Domain);
    ntlm->p_identity = NULL;
  }
 }
 #endif
 #ifndef USE_WINDOWS_SSPI
 /* copy the source to the destination and fill in zeroes in every
   other destination byte! */
 static void unicodecpy(unsigned char *dest,
                       const char *src, size_t length)
 {
  size_t i;
  for(i = 0; i < length; i++) {
    dest[2 * i] = (unsigned char)src[i];
    dest[2 * i + 1] = '\0';
  }
 }
 #endif
 /*
 * Curl_ntlm_create_type1_message()
 *
 * This is used to generate an already encoded NTLM type-1 message ready
 * for sending to the recipient, be it a: HTTP, SMTP or POP3 server,
 * using the appropriate compile time crypo API.
 *
 * Parameters:
 *
 * userp   [in]     - The user name in the format User or Domain\User.
 * passdwp [in]     - The user's password.
 * ntlm    [in/out] - The ntlm data struct being used and modified.
 * outptr  [in/out] - The adress where a pointer to newly allocated memory
 *                    holding the result will be stored upon completion.
 * outlen  [out]    - The length of the output message.
 *
 * Returns CURLE_OK on success.
 */
 CURLcode Curl_ntlm_create_type1_message(const char *userp,
                                        const char *passwdp,
                                        struct ntlmdata *ntlm,
                                        char **outptr,
                                        size_t *outlen)
 {
  /* NTLM type-1 message structure:
       Index  Description            Content
         0    NTLMSSP Signature      Null-terminated ASCII "NTLMSSP"
                                     (0x4e544c4d53535000)
         8    NTLM Message Type      long (0x01000000)
        12    Flags                  long
       (16)   Supplied Domain        security buffer (*)
       (24)   Supplied Workstation   security buffer (*)
       (32)   OS Version Structure   8 bytes (*)
  (32) (40)   Start of data block    (*)
                                     (*) -> Optional
  */
  unsigned char ntlmbuf[NTLM_BUFSIZE];
  size_t size;
 #ifdef USE_WINDOWS_SSPI
  SecBuffer buf;
  SecBufferDesc desc;
  SECURITY_STATUS status;
  ULONG attrs;
  const char *dest = "";
  const char *user;
  const char *domain = "";
  size_t userlen = 0;
  size_t domlen = 0;
  size_t passwdlen = 0;
  TimeStamp tsDummy; /* For Windows 9x compatibility of SSPI calls */
  Curl_ntlm_sspi_cleanup(ntlm);
  user = strchr(userp, '\\');
  if(!user)
    user = strchr(userp, '/');
  if(user) {
    domain = userp;
    domlen = user - userp;
    user++;
  }
  else {
    user = userp;
    domain = "";
    domlen = 0;
  }
  if(user)
    userlen = strlen(user);
  if(passwdp)
    passwdlen = strlen(passwdp);
  if(userlen > 0) {
    /* note: initialize all of this before doing the mallocs so that
     * it can be cleaned up later without leaking memory.
     */
    ntlm->p_identity = &ntlm->identity;
    memset(ntlm->p_identity, 0, sizeof(*ntlm->p_identity));
    if((ntlm->identity.User = (unsigned char *)strdup(user)) == NULL)
      return CURLE_OUT_OF_MEMORY;
    ntlm->identity.UserLength = (unsigned long)userlen;
    if((ntlm->identity.Password = (unsigned char *)strdup(passwdp)) == NULL)
      return CURLE_OUT_OF_MEMORY;
    ntlm->identity.PasswordLength = (unsigned long)strlen(passwdp);
    if((ntlm->identity.Domain = malloc(domlen + 1)) == NULL)
      return CURLE_OUT_OF_MEMORY;
    strncpy((char *)ntlm->identity.Domain, domain, domlen);
    ntlm->identity.Domain[domlen] = '\0';
    ntlm->identity.DomainLength = (unsigned long)domlen;
    ntlm->identity.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI;
  }
  else
    ntlm->p_identity = NULL;
  status = s_pSecFn->AcquireCredentialsHandleA(NULL, (void *)"NTLM",
                                               SECPKG_CRED_OUTBOUND, NULL,
                                               ntlm->p_identity, NULL, NULL,
                                               &ntlm->handle, &tsDummy);
  if(status != SEC_E_OK)
    return CURLE_OUT_OF_MEMORY;
  desc.ulVersion = SECBUFFER_VERSION;
  desc.cBuffers  = 1;
  desc.pBuffers  = &buf;
  buf.cbBuffer   = NTLM_BUFSIZE;
  buf.BufferType = SECBUFFER_TOKEN;
  buf.pvBuffer   = ntlmbuf;
  status = s_pSecFn->InitializeSecurityContextA(&ntlm->handle, NULL,
                                                (void *)dest,
                                                ISC_REQ_CONFIDENTIALITY |
                                                ISC_REQ_REPLAY_DETECT |
                                                ISC_REQ_CONNECTION,
                                                0, SECURITY_NETWORK_DREP,
                                                NULL, 0,
                                                &ntlm->c_handle, &desc,
                                                &attrs, &tsDummy);
  if(status == SEC_I_COMPLETE_AND_CONTINUE ||
     status == SEC_I_CONTINUE_NEEDED)
    s_pSecFn->CompleteAuthToken(&ntlm->c_handle, &desc);
  else if(status != SEC_E_OK) {
    s_pSecFn->FreeCredentialsHandle(&ntlm->handle);
    return CURLE_RECV_ERROR;
  }
  ntlm->has_handles = 1;
  size = buf.cbBuffer;
 #else
  const char *host = "";              /* empty */
  const char *domain = "";            /* empty */
  size_t hostlen = 0;
  size_t domlen = 0;
  size_t hostoff = 0;
  size_t domoff = hostoff + hostlen;  /* This is 0: remember that host and
                                         domain are empty */
  (void)userp;
  (void)passwdp;
  (void)ntlm;
 #if USE_NTLM2SESSION
 #define NTLM2FLAG NTLMFLAG_NEGOTIATE_NTLM2_KEY
 #else
 #define NTLM2FLAG 0
 #endif
  snprintf((char *)ntlmbuf, NTLM_BUFSIZE,
           NTLMSSP_SIGNATURE "%c"
           "\x01%c%c%c" /* 32-bit type = 1 */
           "%c%c%c%c"   /* 32-bit NTLM flag field */
           "%c%c"       /* domain length */
           "%c%c"       /* domain allocated space */
           "%c%c"       /* domain name offset */
           "%c%c"       /* 2 zeroes */
           "%c%c"       /* host length */
           "%c%c"       /* host allocated space */
           "%c%c"       /* host name offset */
           "%c%c"       /* 2 zeroes */
           "%s"         /* host name */
           "%s",        /* domain string */
           0,           /* trailing zero */
           0, 0, 0,     /* part of type-1 long */
           LONGQUARTET(NTLMFLAG_NEGOTIATE_OEM |
                       NTLMFLAG_REQUEST_TARGET |
                       NTLMFLAG_NEGOTIATE_NTLM_KEY |
                       NTLM2FLAG |
                       NTLMFLAG_NEGOTIATE_ALWAYS_SIGN),
           SHORTPAIR(domlen),
           SHORTPAIR(domlen),
           SHORTPAIR(domoff),
           0, 0,
           SHORTPAIR(hostlen),
           SHORTPAIR(hostlen),
           SHORTPAIR(hostoff),
           0, 0,
           host,  /* this is empty */
           domain /* this is empty */);
  /* Initial packet length */
  size = 32 + hostlen + domlen;
 #endif
  DEBUG_OUT({
    fprintf(stderr, "* TYPE1 header flags=0x%02.2x%02.2x%02.2x%02.2x "
            "0x%08.8x ",
            LONGQUARTET(NTLMFLAG_NEGOTIATE_OEM |
                        NTLMFLAG_REQUEST_TARGET |
                        NTLMFLAG_NEGOTIATE_NTLM_KEY |
                        NTLM2FLAG |
                        NTLMFLAG_NEGOTIATE_ALWAYS_SIGN),
            NTLMFLAG_NEGOTIATE_OEM |
            NTLMFLAG_REQUEST_TARGET |
            NTLMFLAG_NEGOTIATE_NTLM_KEY |
            NTLM2FLAG |
            NTLMFLAG_NEGOTIATE_ALWAYS_SIGN);
    ntlm_print_flags(stderr,
                     NTLMFLAG_NEGOTIATE_OEM |
                     NTLMFLAG_REQUEST_TARGET |
                     NTLMFLAG_NEGOTIATE_NTLM_KEY |
                     NTLM2FLAG |
                     NTLMFLAG_NEGOTIATE_ALWAYS_SIGN);
    fprintf(stderr, "\n****\n");
  });
  /* Return with binary blob encoded into base64 */
  return Curl_base64_encode(NULL, (char *)ntlmbuf, size, outptr, outlen);
 }
 /*
 * Curl_ntlm_create_type3_message()
 *
 * This is used to generate an already encoded NTLM type-3 message ready
 * for sending to the recipient, be it a: HTTP, SMTP or POP3 server,
 * using the appropriate compile time crypo API.
 *
 * Parameters:
 *
 * data    [in]     - The session handle.
 * userp   [in]     - The user name in the format User or Domain\User.
 * passdwp [in]     - The user's password.
 * ntlm    [in/out] - The ntlm data struct being used and modified.
 * outptr  [in/out] - The adress where a pointer to newly allocated memory
 *                    holding the result will be stored upon completion.
 * outlen  [out]    - The length of the output message.
 *
 * Returns CURLE_OK on success.
 */
 CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
                                        const char *userp,
                                        const char *passwdp,
                                        struct ntlmdata *ntlm,
                                        char **outptr,
                                        size_t *outlen)
 {
  /* NTLM type-3 message structure:
          Index  Description            Content
            0    NTLMSSP Signature      Null-terminated ASCII "NTLMSSP"
                                        (0x4e544c4d53535000)
            8    NTLM Message Type      long (0x03000000)
           12    LM/LMv2 Response       security buffer
           20    NTLM/NTLMv2 Response   security buffer
           28    Target Name            security buffer
           36    User Name              security buffer
           44    Workstation Name       security buffer
          (52)   Session Key            security buffer (*)
          (60)   Flags                  long (*)
          (64)   OS Version Structure   8 bytes (*)
  52 (64) (72)   Start of data block
                                          (*) -> Optional
  */
  unsigned char ntlmbuf[NTLM_BUFSIZE];
  size_t size;
 #ifdef USE_WINDOWS_SSPI
  const char *dest = "";
  SecBuffer type_2;
  SecBuffer type_3;
  SecBufferDesc type_2_desc;
  SecBufferDesc type_3_desc;
  SECURITY_STATUS status;
  ULONG attrs;
  TimeStamp tsDummy; /* For Windows 9x compatibility of SSPI calls */
  (void)passwdp;
  (void)userp;
  (void)data;
  type_2_desc.ulVersion = type_3_desc.ulVersion  = SECBUFFER_VERSION;
  type_2_desc.cBuffers  = type_3_desc.cBuffers   = 1;
  type_2_desc.pBuffers  = &type_2;
  type_3_desc.pBuffers  = &type_3;
  type_2.BufferType = SECBUFFER_TOKEN;
  type_2.pvBuffer   = ntlm->type_2;
  type_2.cbBuffer   = ntlm->n_type_2;
  type_3.BufferType = SECBUFFER_TOKEN;
  type_3.pvBuffer   = ntlmbuf;
  type_3.cbBuffer   = NTLM_BUFSIZE;
  status = s_pSecFn->InitializeSecurityContextA(&ntlm->handle,
                                                &ntlm->c_handle,
                                                (void *)dest,
                                                ISC_REQ_CONFIDENTIALITY |
                                                ISC_REQ_REPLAY_DETECT |
                                                ISC_REQ_CONNECTION,
                                                0, SECURITY_NETWORK_DREP,
                                                &type_2_desc,
                                                0, &ntlm->c_handle,
                                                &type_3_desc,
                                                &attrs, &tsDummy);
  if(status != SEC_E_OK)
    return CURLE_RECV_ERROR;
  size = type_3.cbBuffer;
  Curl_ntlm_sspi_cleanup(ntlm);
 #else
  int lmrespoff;
  unsigned char lmresp[24]; /* fixed-size */
 #if USE_NTRESPONSES
  int ntrespoff;
  unsigned char ntresp[24]; /* fixed-size */
 #endif
  bool unicode = (ntlm->flags & NTLMFLAG_NEGOTIATE_UNICODE) ? TRUE : FALSE;
  char host[HOSTNAME_MAX + 1] = "";
  const char *user;
  const char *domain = "";
  size_t hostoff = 0;
  size_t useroff = 0;
  size_t domoff = 0;
  size_t hostlen = 0;
  size_t userlen = 0;
  size_t domlen = 0;
  CURLcode res;
  user = strchr(userp, '\\');
  if(!user)
    user = strchr(userp, '/');
  if(user) {
    domain = userp;
    domlen = (user - domain);
    user++;
  }
  else
    user = userp;
  if(user)
    userlen = strlen(user);
  /* Get the machine's un-qualified host name as NTLM doesn't like the fully
     qualified domain name */
  if(Curl_gethostname(host, sizeof(host))) {
    infof(data, "gethostname() failed, continuing without!");
    hostlen = 0;
  }
  else {
    hostlen = strlen(host);
  }
  if(unicode) {
    domlen = domlen * 2;
    userlen = userlen * 2;
    hostlen = hostlen * 2;
  }
 #if USE_NTLM2SESSION
  /* We don't support NTLM2 if we don't have USE_NTRESPONSES */
  if(ntlm->flags & NTLMFLAG_NEGOTIATE_NTLM2_KEY) {
    unsigned char ntbuffer[0x18];
    unsigned char tmp[0x18];
    unsigned char md5sum[MD5_DIGEST_LENGTH];
    unsigned char entropy[8];
    /* Need to create 8 bytes random data */
 #ifdef USE_SSLEAY
    MD5_CTX MD5pw;
    Curl_ossl_seed(data); /* Initiate the seed if not already done */
    RAND_bytes(entropy, 8);
 #elif defined(USE_GNUTLS)
    gcry_md_hd_t MD5pw;
    Curl_gtls_seed(data); /* Initiate the seed if not already done */
    gcry_randomize(entropy, 8, GCRY_STRONG_RANDOM);
 #elif defined(USE_NSS)
    PK11Context *MD5pw;
    unsigned int MD5len;
    Curl_nss_seed(data);  /* Initiate the seed if not already done */
    PK11_GenerateRandom(entropy, 8);
 #endif
    /* 8 bytes random data as challenge in lmresp */
    memcpy(lmresp, entropy, 8);
    /* Pad with zeros */
    memset(lmresp + 8, 0, 0x10);
    /* Fill tmp with challenge(nonce?) + entropy */
    memcpy(tmp, &ntlm->nonce[0], 8);
    memcpy(tmp + 8, entropy, 8);
 #ifdef USE_SSLEAY
    MD5_Init(&MD5pw);
    MD5_Update(&MD5pw, tmp, 16);
    MD5_Final(md5sum, &MD5pw);
 #elif defined(USE_GNUTLS)
    gcry_md_open(&MD5pw, GCRY_MD_MD5, 0);
    gcry_md_write(MD5pw, tmp, MD5_DIGEST_LENGTH);
    memcpy(md5sum, gcry_md_read (MD5pw, 0), MD5_DIGEST_LENGTH);
    gcry_md_close(MD5pw);
 #elif defined(USE_NSS)
    MD5pw = PK11_CreateDigestContext(SEC_OID_MD5);
    PK11_DigestOp(MD5pw, tmp, 16);
    PK11_DigestFinal(MD5pw, md5sum, &MD5len, MD5_DIGEST_LENGTH);
    PK11_DestroyContext(MD5pw, PR_TRUE);
 #endif
    /* We shall only use the first 8 bytes of md5sum, but the des
       code in Curl_ntlm_core_lm_resp only encrypt the first 8 bytes */
    if(CURLE_OUT_OF_MEMORY ==
       Curl_ntlm_core_mk_nt_hash(data, passwdp, ntbuffer))
      return CURLE_OUT_OF_MEMORY;
    Curl_ntlm_core_lm_resp(ntbuffer, md5sum, ntresp);
    /* End of NTLM2 Session code */
  }
  else
 #endif
  {
 #if USE_NTRESPONSES
    unsigned char ntbuffer[0x18];
 #endif
    unsigned char lmbuffer[0x18];
 #if USE_NTRESPONSES
    if(CURLE_OUT_OF_MEMORY ==
       Curl_ntlm_core_mk_nt_hash(data, passwdp, ntbuffer))
      return CURLE_OUT_OF_MEMORY;
    Curl_ntlm_core_lm_resp(ntbuffer, &ntlm->nonce[0], ntresp);
 #endif
    Curl_ntlm_core_mk_lm_hash(data, passwdp, lmbuffer);
    Curl_ntlm_core_lm_resp(lmbuffer, &ntlm->nonce[0], lmresp);
    /* A safer but less compatible alternative is:
     *   Curl_ntlm_core_lm_resp(ntbuffer, &ntlm->nonce[0], lmresp);
     * See http://davenport.sourceforge.net/ntlm.html#ntlmVersion2 */
  }
  lmrespoff = 64; /* size of the message header */
 #if USE_NTRESPONSES
  ntrespoff = lmrespoff + 0x18;
  domoff = ntrespoff + 0x18;
 #else
  domoff = lmrespoff + 0x18;
 #endif
  useroff = domoff + domlen;
  hostoff = useroff + userlen;
  /* Create the big type-3 message binary blob */
  size = snprintf((char *)ntlmbuf, NTLM_BUFSIZE,
                  NTLMSSP_SIGNATURE "%c"
                  "\x03%c%c%c"  /* 32-bit type = 3 */
                  "%c%c"  /* LanManager length */
                  "%c%c"  /* LanManager allocated space */
                  "%c%c"  /* LanManager offset */
                  "%c%c"  /* 2 zeroes */
                  "%c%c"  /* NT-response length */
                  "%c%c"  /* NT-response allocated space */
                  "%c%c"  /* NT-response offset */
                  "%c%c"  /* 2 zeroes */
                  "%c%c"  /* domain length */
                  "%c%c"  /* domain allocated space */
                  "%c%c"  /* domain name offset */
                  "%c%c"  /* 2 zeroes */
                  "%c%c"  /* user length */
                  "%c%c"  /* user allocated space */
                  "%c%c"  /* user offset */
                  "%c%c"  /* 2 zeroes */
                  "%c%c"  /* host length */
                  "%c%c"  /* host allocated space */
                  "%c%c"  /* host offset */
                  "%c%c"  /* 2 zeroes */
                  "%c%c"  /* session key length (unknown purpose) */
                  "%c%c"  /* session key allocated space (unknown purpose) */
                  "%c%c"  /* session key offset (unknown purpose) */
                  "%c%c"  /* 2 zeroes */
                  "%c%c%c%c",  /* flags */
                  /* domain string */
                  /* user string */
                  /* host string */
                  /* LanManager response */
                  /* NT response */
                  0,                /* zero termination */
                  0, 0, 0,          /* type-3 long, the 24 upper bits */
                  SHORTPAIR(0x18),  /* LanManager response length, twice */
                  SHORTPAIR(0x18),
                  SHORTPAIR(lmrespoff),
                  0x0, 0x0,
 #if USE_NTRESPONSES
                  SHORTPAIR(0x18),  /* NT-response length, twice */
                  SHORTPAIR(0x18),
                  SHORTPAIR(ntrespoff),
                  0x0, 0x0,
 #else
                  0x0, 0x0,
                  0x0, 0x0,
                  0x0, 0x0,
                  0x0, 0x0,
 #endif
                  SHORTPAIR(domlen),
                  SHORTPAIR(domlen),
                  SHORTPAIR(domoff),
                  0x0, 0x0,
                  SHORTPAIR(userlen),
                  SHORTPAIR(userlen),
                  SHORTPAIR(useroff),
                  0x0, 0x0,
                  SHORTPAIR(hostlen),
                  SHORTPAIR(hostlen),
                  SHORTPAIR(hostoff),
                  0x0, 0x0,
                  0x0, 0x0,
                  0x0, 0x0,
                  0x0, 0x0,
                  0x0, 0x0,
                  LONGQUARTET(ntlm->flags));
  DEBUGASSERT(size == 64);
  DEBUGASSERT(size == (size_t)lmrespoff);
  /* We append the binary hashes */
  if(size < (NTLM_BUFSIZE - 0x18)) {
    memcpy(&ntlmbuf[size], lmresp, 0x18);
    size += 0x18;
  }
  DEBUG_OUT({
    fprintf(stderr, "**** TYPE3 header lmresp=");
    ntlm_print_hex(stderr, (char *)&ntlmbuf[lmrespoff], 0x18);
  });
 #if USE_NTRESPONSES
  if(size < (NTLM_BUFSIZE - 0x18)) {
    DEBUGASSERT(size == (size_t)ntrespoff);
    memcpy(&ntlmbuf[size], ntresp, 0x18);
    size += 0x18;
  }
  DEBUG_OUT({
    fprintf(stderr, "\n   ntresp=");
    ntlm_print_hex(stderr, (char *)&ntlmbuf[ntrespoff], 0x18);
  });
 #endif
  DEBUG_OUT({
    fprintf(stderr, "\n   flags=0x%02.2x%02.2x%02.2x%02.2x 0x%08.8x ",
            LONGQUARTET(ntlm->flags), ntlm->flags);
    ntlm_print_flags(stderr, ntlm->flags);
    fprintf(stderr, "\n****\n");
  });
  /* Make sure that the domain, user and host strings fit in the
     buffer before we copy them there. */
  if(size + userlen + domlen + hostlen >= NTLM_BUFSIZE) {
    failf(data, "user + domain + host name too big");
    return CURLE_OUT_OF_MEMORY;
  }
  DEBUGASSERT(size == domoff);
  if(unicode)
    unicodecpy(&ntlmbuf[size], domain, domlen / 2);
  else
    memcpy(&ntlmbuf[size], domain, domlen);
  size += domlen;
  DEBUGASSERT(size == useroff);
  if(unicode)
    unicodecpy(&ntlmbuf[size], user, userlen / 2);
  else
    memcpy(&ntlmbuf[size], user, userlen);
  size += userlen;
  DEBUGASSERT(size == hostoff);
  if(unicode)
    unicodecpy(&ntlmbuf[size], host, hostlen / 2);
  else
    memcpy(&ntlmbuf[size], host, hostlen);
  size += hostlen;
  /* Convert domain, user, and host to ASCII but leave the rest as-is */
  res = Curl_convert_to_network(data, (char *)&ntlmbuf[domoff],
                                size - domoff);
  if(res)
    return CURLE_CONV_FAILED;
 #endif
  /* Return with binary blob encoded into base64 */
  return Curl_base64_encode(NULL, (char *)ntlmbuf, size, outptr, outlen);
 }
 #endif /* USE_NTLM */
--- a/lib/curl_ntlm_msgs.h
+++ b/lib/curl_ntlm_msgs.h
@@ -1,5 +1,5 @@
-#ifndef __HTTP_NTLM_H
+#ifndef HEADER_CURL_NTLM_MSGS_H
-#define __HTTP_NTLM_H
+#define HEADER_CURL_NTLM_MSGS_H
 /***************************************************************************
 *                                  _   _ ____  _
 *  Project                     ___| | | |  _ \| |
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -22,27 +22,43 @@
 *
 ***************************************************************************/
-typedef enum {
+#include "setup.h"
  CURLNTLM_NONE, /* not a ntlm */
  CURLNTLM_BAD,  /* an ntlm, but one we don't like */
  CURLNTLM_FIRST, /* the first 401-reply we got with NTLM */
  CURLNTLM_FINE, /* an ntlm we act on */
-  CURLNTLM_LAST  /* last entry in this enum, don't use */
+#ifdef USE_NTLM
 } CURLntlm;
-/* this is for ntlm header input */
+/* This is to generate a base64 encoded NTLM type-1 message */
-CURLntlm Curl_input_ntlm(struct connectdata *conn, bool proxy,
+CURLcode Curl_ntlm_create_type1_message(const char *userp,
-                         const char *header);
+                                        const char *passwdp,
                                        struct ntlmdata *ntlm,
                                        char **outptr,
                                        size_t *outlen);
-/* this is for creating ntlm header output */
+/* This is to generate a base64 encoded NTLM type-3 message */
-CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy);
+CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
                                        const char *userp,
                                        const char *passwdp,
                                        struct ntlmdata *ntlm,
                                        char **outptr,
                                        size_t *outlen);
-void Curl_ntlm_cleanup(struct connectdata *conn);
+/* This is to decode a NTLM type-2 message */
-#ifndef USE_NTLM
+CURLcode Curl_ntlm_decode_type2_message(struct SessionHandle *data,
-#define Curl_ntlm_cleanup(x)
+                                        const char* header,
                                        struct ntlmdata* ntlm);
 /* This is to clean up the ntlm data structure */
 #ifdef USE_WINDOWS_SSPI
 void Curl_ntlm_sspi_cleanup(struct ntlmdata *ntlm);
 #else
 #define Curl_ntlm_sspi_cleanup(x)
 #endif
 /* NTLM buffer fixed size, large enough for long user + host + domain */
 #define NTLM_BUFSIZE 1024
 /* Stuff only required for curl_ntlm_msgs.c */
 #ifdef BUILDING_CURL_NTLM_MSGS_C
 /* Flag bits definitions based on http://davenport.sourceforge.net/ntlm.html */
 #define NTLMFLAG_NEGOTIATE_UNICODE               (1<<0)
@@ -146,4 +162,9 @@ void Curl_ntlm_cleanup(struct connectdata *conn);
 #define NTLMFLAG_NEGOTIATE_56                    (1<<31)
 /* Indicates that 56-bit encryption is supported. */
-#endif
+
 #endif /* BUILDING_CURL_NTLM_MSGS_C */
 #endif /* USE_NTLM */
 #endif /* HEADER_CURL_NTLM_MSGS_H */
--- a/lib/curl_ntlm_wb.c
+++ b/lib/curl_ntlm_wb.c
@@ -0,0 +1,394 @@
 /***************************************************************************
 *                                  _   _ ____  _
 *  Project                     ___| | | |  _ \| |
 *                             / __| | | | |_) | |
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
 * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
 * are also available at http://curl.haxx.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
 * furnished to do so, under the terms of the COPYING file.
 *
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 * KIND, either express or implied.
 *
 ***************************************************************************/
 #include "setup.h"
 #if defined(USE_NTLM) && defined(NTLM_WB_ENABLED)
 /*
 * NTLM details:
 *
 * http://davenport.sourceforge.net/ntlm.html
 * http://www.innovation.ch/java/ntlm.html
 */
 #define DEBUG_ME 0
 #ifdef HAVE_UNISTD_H
 #include <unistd.h>
 #endif
 #ifdef HAVE_SYS_WAIT_H
 #include <sys/wait.h>
 #endif
 #ifdef HAVE_SIGNAL_H
 #include <signal.h>
 #endif
 #include "urldata.h"
 #include "sendf.h"
 #include "select.h"
 #include "curl_ntlm_wb.h"
 #include "url.h"
 #include "strerror.h"
 #include "curl_memory.h"
 #define _MPRINTF_REPLACE /* use our functions only */
 #include <curl/mprintf.h>
 /* The last #include file should be: */
 #include "memdebug.h"
 #if DEBUG_ME
 # define DEBUG_OUT(x) x
 #else
 # define DEBUG_OUT(x) Curl_nop_stmt
 #endif
 /* Portable 'sclose_nolog' used only in child process instead of 'sclose'
   to avoid fooling the socket leak detector */
 #if defined(HAVE_CLOSESOCKET)
 #  define sclose_nolog(x)  closesocket((x))
 #elif defined(HAVE_CLOSESOCKET_CAMEL)
 #  define sclose_nolog(x)  CloseSocket((x))
 #else
 #  define sclose_nolog(x)  close((x))
 #endif
 void Curl_ntlm_wb_cleanup(struct connectdata *conn)
 {
  if(conn->ntlm_auth_hlpr_socket != CURL_SOCKET_BAD) {
    sclose(conn->ntlm_auth_hlpr_socket);
    conn->ntlm_auth_hlpr_socket = CURL_SOCKET_BAD;
  }
  if(conn->ntlm_auth_hlpr_pid) {
    int i;
    for(i = 0; i < 4; i++) {
      pid_t ret = waitpid(conn->ntlm_auth_hlpr_pid, NULL, WNOHANG);
      if(ret == conn->ntlm_auth_hlpr_pid || errno == ECHILD)
        break;
      switch(i) {
      case 0:
        kill(conn->ntlm_auth_hlpr_pid, SIGTERM);
        break;
      case 1:
        /* Give the process another moment to shut down cleanly before
           bringing down the axe */
        Curl_wait_ms(1);
        break;
      case 2:
        kill(conn->ntlm_auth_hlpr_pid, SIGKILL);
        break;
      case 3:
        break;
      }
    }
    conn->ntlm_auth_hlpr_pid = 0;
  }
  Curl_safefree(conn->challenge_header);
  conn->challenge_header = NULL;
  Curl_safefree(conn->response_header);
  conn->response_header = NULL;
 }
 static CURLcode ntlm_wb_init(struct connectdata *conn, const char *userp)
 {
  curl_socket_t sockfds[2];
  pid_t child_pid;
  const char *username;
  char *slash, *domain = NULL;
  const char *ntlm_auth = NULL;
  char *ntlm_auth_alloc = NULL;
  int error;
  /* Return if communication with ntlm_auth already set up */
  if(conn->ntlm_auth_hlpr_socket != CURL_SOCKET_BAD ||
     conn->ntlm_auth_hlpr_pid)
    return CURLE_OK;
  username = userp;
  slash = strpbrk(username, "\\/");
  if(slash) {
    if((domain = strdup(username)) == NULL)
      return CURLE_OUT_OF_MEMORY;
    slash = domain + (slash - username);
    *slash = '\0';
    username = username + (slash - domain) + 1;
  }
  /* For testing purposes, when DEBUGBUILD is defined and environment
     variable CURL_NTLM_WB_FILE is set a fake_ntlm is used to perform
     NTLM challenge/response which only accepts commands and output
     strings pre-written in test case definitions */
 #ifdef DEBUGBUILD
  ntlm_auth_alloc = curl_getenv("CURL_NTLM_WB_FILE");
  if(ntlm_auth_alloc)
    ntlm_auth = ntlm_auth_alloc;
  else
 #endif
    ntlm_auth = NTLM_WB_FILE;
  if(access(ntlm_auth, X_OK) != 0) {
    error = ERRNO;
    failf(conn->data, "Could not access ntlm_auth: %s errno %d: %s",
          ntlm_auth, error, Curl_strerror(conn, error));
    goto done;
  }
  if(socketpair(AF_UNIX, SOCK_STREAM, 0, sockfds)) {
    error = ERRNO;
    failf(conn->data, "Could not open socket pair. errno %d: %s",
          error, Curl_strerror(conn, error));
    goto done;
  }
  child_pid = fork();
  if(child_pid == -1) {
    error = ERRNO;
    sclose(sockfds[0]);
    sclose(sockfds[1]);
    failf(conn->data, "Could not fork. errno %d: %s",
          error, Curl_strerror(conn, error));
    goto done;
  }
  else if(!child_pid) {
    /*
     * child process
     */
    /* Don't use sclose in the child since it fools the socket leak detector */
    sclose_nolog(sockfds[0]);
    if(dup2(sockfds[1], STDIN_FILENO) == -1) {
      error = ERRNO;
      failf(conn->data, "Could not redirect child stdin. errno %d: %s",
            error, Curl_strerror(conn, error));
      exit(1);
    }
    if(dup2(sockfds[1], STDOUT_FILENO) == -1) {
      error = ERRNO;
      failf(conn->data, "Could not redirect child stdout. errno %d: %s",
            error, Curl_strerror(conn, error));
      exit(1);
    }
    if(domain)
      execl(ntlm_auth, ntlm_auth,
            "--helper-protocol", "ntlmssp-client-1",
            "--use-cached-creds",
            "--username", username,
            "--domain", domain,
            NULL);
    else
      execl(ntlm_auth, ntlm_auth,
            "--helper-protocol", "ntlmssp-client-1",
            "--use-cached-creds",
            "--username", username,
            NULL);
    error = ERRNO;
    sclose_nolog(sockfds[1]);
    failf(conn->data, "Could not execl(). errno %d: %s",
          error, Curl_strerror(conn, error));
    exit(1);
  }
  sclose(sockfds[1]);
  conn->ntlm_auth_hlpr_socket = sockfds[0];
  conn->ntlm_auth_hlpr_pid = child_pid;
  Curl_safefree(domain);
  Curl_safefree(ntlm_auth_alloc);
  return CURLE_OK;
 done:
  Curl_safefree(domain);
  Curl_safefree(ntlm_auth_alloc);
  return CURLE_REMOTE_ACCESS_DENIED;
 }
 static CURLcode ntlm_wb_response(struct connectdata *conn,
                                 const char *input, curlntlm state)
 {
  ssize_t size;
  char buf[200]; /* enough, type 1, 3 message length is less then 200 */
  char *tmpbuf = buf;
  size_t len_in = strlen(input), len_out = sizeof(buf);
  while(len_in > 0) {
    ssize_t written = swrite(conn->ntlm_auth_hlpr_socket, input, len_in);
    if(written == -1) {
      /* Interrupted by a signal, retry it */
      if(errno == EINTR)
        continue;
      /* write failed if other errors happen */
      goto done;
    }
    input += written;
    len_in -= written;
  }
  /* Read one line */
  while(len_out > 0) {
    size = sread(conn->ntlm_auth_hlpr_socket, tmpbuf, len_out);
    if(size == -1) {
      if(errno == EINTR)
        continue;
      goto done;
    }
    else if(size == 0)
      goto done;
    else if(tmpbuf[size - 1] == '\n') {
      tmpbuf[size - 1] = '\0';
      goto wrfinish;
    }
    tmpbuf += size;
    len_out -= size;
  }
  goto done;
 wrfinish:
  /* Samba/winbind installed but not configured */
  if(state == NTLMSTATE_TYPE1 &&
     size == 3 &&
     buf[0] == 'P' && buf[1] == 'W')
    return CURLE_REMOTE_ACCESS_DENIED;
  /* invalid response */
  if(size < 4)
    goto done;
  if(state == NTLMSTATE_TYPE1 &&
     (buf[0]!='Y' || buf[1]!='R' || buf[2]!=' '))
    goto done;
  if(state == NTLMSTATE_TYPE2 &&
     (buf[0]!='K' || buf[1]!='K' || buf[2]!=' ') &&
     (buf[0]!='A' || buf[1]!='F' || buf[2]!=' '))
    goto done;
  conn->response_header = aprintf("NTLM %.*s", size - 4, buf + 3);
  return CURLE_OK;
 done:
  return CURLE_REMOTE_ACCESS_DENIED;
 }
 /*
 * This is for creating ntlm header output by delegating challenge/response
 * to Samba's winbind daemon helper ntlm_auth.
 */
 CURLcode Curl_output_ntlm_wb(struct connectdata *conn,
                              bool proxy)
 {
  /* point to the address of the pointer that holds the string to send to the
     server, which is for a plain host or for a HTTP proxy */
  char **allocuserpwd;
  /* point to the name and password for this */
  const char *userp;
  /* point to the correct struct with this */
  struct ntlmdata *ntlm;
  struct auth *authp;
  CURLcode res = CURLE_OK;
  char *input;
  DEBUGASSERT(conn);
  DEBUGASSERT(conn->data);
  if(proxy) {
    allocuserpwd = &conn->allocptr.proxyuserpwd;
    userp = conn->proxyuser;
    ntlm = &conn->proxyntlm;
    authp = &conn->data->state.authproxy;
  }
  else {
    allocuserpwd = &conn->allocptr.userpwd;
    userp = conn->user;
    ntlm = &conn->ntlm;
    authp = &conn->data->state.authhost;
  }
  authp->done = FALSE;
  /* not set means empty */
  if(!userp)
    userp="";
  switch(ntlm->state) {
  case NTLMSTATE_TYPE1:
  default:
    /* Use Samba's 'winbind' daemon to support NTLM authentication,
     * by delegating the NTLM challenge/response protocal to a helper
     * in ntlm_auth.
     * http://devel.squid-cache.org/ntlm/squid_helper_protocol.html
     * http://www.samba.org/samba/docs/man/manpages-3/winbindd.8.html
     * http://www.samba.org/samba/docs/man/manpages-3/ntlm_auth.1.html
     * Preprocessor symbol 'NTLM_WB_ENABLED' is defined when this
     * feature is enabled and 'NTLM_WB_FILE' symbol holds absolute
     * filename of ntlm_auth helper.
     * If NTLM authentication using winbind fails, go back to original
     * request handling process.
     */
    /* Create communication with ntlm_auth */
    res = ntlm_wb_init(conn, userp);
    if(res)
      return res;
    res = ntlm_wb_response(conn, "YR\n", ntlm->state);
    if(res)
      return res;
    Curl_safefree(*allocuserpwd);
    *allocuserpwd = aprintf("%sAuthorization: %s\r\n",
                            proxy ? "Proxy-" : "",
                            conn->response_header);
    DEBUG_OUT(fprintf(stderr, "**** Header %s\n ", *allocuserpwd));
    Curl_safefree(conn->response_header);
    conn->response_header = NULL;
    break;
  case NTLMSTATE_TYPE2:
    input = aprintf("TT %s", conn->challenge_header);
    if(!input)
      return CURLE_OUT_OF_MEMORY;
    res = ntlm_wb_response(conn, input, ntlm->state);
    free(input);
    input = NULL;
    if(res)
      return res;
    Curl_safefree(*allocuserpwd);
    *allocuserpwd = aprintf("%sAuthorization: %s\r\n",
                            proxy ? "Proxy-" : "",
                            conn->response_header);
    DEBUG_OUT(fprintf(stderr, "**** %s\n ", *allocuserpwd));
    ntlm->state = NTLMSTATE_TYPE3; /* we sent a type-3 */
    authp->done = TRUE;
    Curl_ntlm_wb_cleanup(conn);
    break;
  case NTLMSTATE_TYPE3:
    /* connection is already authenticated,
     * don't send a header in future requests */
    if(*allocuserpwd) {
      free(*allocuserpwd);
      *allocuserpwd=NULL;
    }
    authp->done = TRUE;
    break;
  }
  return CURLE_OK;
 }
 #endif /* USE_NTLM && NTLM_WB_ENABLED */
--- a/lib/curl_ntlm_wb.h
+++ b/lib/curl_ntlm_wb.h
@@ -0,0 +1,37 @@
 #ifndef HEADER_CURL_NTLM_WB_H
 #define HEADER_CURL_NTLM_WB_H
 /***************************************************************************
 *                                  _   _ ____  _
 *  Project                     ___| | | |  _ \| |
 *                             / __| | | | |_) | |
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
 * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
 * are also available at http://curl.haxx.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
 * furnished to do so, under the terms of the COPYING file.
 *
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 * KIND, either express or implied.
 *
 ***************************************************************************/
 #include "setup.h"
 #if defined(USE_NTLM) && defined(NTLM_WB_ENABLED)
 /* this is for creating ntlm header output by delegating challenge/response
   to Samba's winbind daemon helper ntlm_auth */
 CURLcode Curl_output_ntlm_wb(struct connectdata *conn, bool proxy);
 void Curl_ntlm_wb_cleanup(struct connectdata *conn);
 #endif /* USE_NTLM && NTLM_WB_ENABLED */
 #endif /* HEADER_CURL_NTLM_WB_H */
--- a/lib/curl_rtmp.c
+++ b/lib/curl_rtmp.c
@@ -71,6 +71,7 @@ const struct Curl_handler Curl_handler_rtmp = {
  ZERO_NULL,                            /* doing */
  ZERO_NULL,                            /* proto_getsock */
  ZERO_NULL,                            /* doing_getsock */
  ZERO_NULL,                            /* domore_getsock */
  ZERO_NULL,                            /* perform_getsock */
  rtmp_disconnect,                      /* disconnect */
  ZERO_NULL,                            /* readwrite */
@@ -90,6 +91,7 @@ const struct Curl_handler Curl_handler_rtmpt = {
  ZERO_NULL,                            /* doing */
  ZERO_NULL,                            /* proto_getsock */
  ZERO_NULL,                            /* doing_getsock */
  ZERO_NULL,                            /* domore_getsock */
  ZERO_NULL,                            /* perform_getsock */
  rtmp_disconnect,                      /* disconnect */
  ZERO_NULL,                            /* readwrite */
@@ -109,6 +111,7 @@ const struct Curl_handler Curl_handler_rtmpe = {
  ZERO_NULL,                            /* doing */
  ZERO_NULL,                            /* proto_getsock */
  ZERO_NULL,                            /* doing_getsock */
  ZERO_NULL,                            /* domore_getsock */
  ZERO_NULL,                            /* perform_getsock */
  rtmp_disconnect,                      /* disconnect */
  ZERO_NULL,                            /* readwrite */
@@ -128,6 +131,7 @@ const struct Curl_handler Curl_handler_rtmpte = {
  ZERO_NULL,                            /* doing */
  ZERO_NULL,                            /* proto_getsock */
  ZERO_NULL,                            /* doing_getsock */
  ZERO_NULL,                            /* domore_getsock */
  ZERO_NULL,                            /* perform_getsock */
  rtmp_disconnect,                      /* disconnect */
  ZERO_NULL,                            /* readwrite */
@@ -147,6 +151,7 @@ const struct Curl_handler Curl_handler_rtmps = {
  ZERO_NULL,                            /* doing */
  ZERO_NULL,                            /* proto_getsock */
  ZERO_NULL,                            /* doing_getsock */
  ZERO_NULL,                            /* domore_getsock */
  ZERO_NULL,                            /* perform_getsock */
  rtmp_disconnect,                      /* disconnect */
  ZERO_NULL,                            /* readwrite */
@@ -166,6 +171,7 @@ const struct Curl_handler Curl_handler_rtmpts = {
  ZERO_NULL,                            /* doing */
  ZERO_NULL,                            /* proto_getsock */
  ZERO_NULL,                            /* doing_getsock */
  ZERO_NULL,                            /* domore_getsock */
  ZERO_NULL,                            /* perform_getsock */
  rtmp_disconnect,                      /* disconnect */
  ZERO_NULL,                            /* readwrite */
--- a/lib/curl_threads.c
+++ b/lib/curl_threads.c
@@ -19,6 +19,7 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
 #include "setup.h"
 #if defined(USE_THREADS_POSIX)
--- a/lib/cyassl.c
+++ b/lib/cyassl.c
@@ -27,16 +27,17 @@
 */
 #include "setup.h"
 #ifdef USE_CYASSL
-#include <string.h>
+#ifdef HAVE_LIMITS_H
-#include <stdlib.h>
+#include <limits.h>
-#include <ctype.h>
+#endif
 #ifdef HAVE_SYS_SOCKET_H
 #include <sys/socket.h>
 #endif
 #include "urldata.h"
 #include "sendf.h"
 #include "inet_pton.h"
@@ -412,7 +413,7 @@ int Curl_cyassl_init(void)
 bool Curl_cyassl_data_pending(const struct connectdata* conn, int connindex)
 {
  if(conn->ssl[connindex].handle)   /* SSL is in use */
-    return (bool)(0 != SSL_pending(conn->ssl[connindex].handle));
+    return (0 != SSL_pending(conn->ssl[connindex].handle)) ? TRUE : FALSE;
  else
    return FALSE;
 }
--- a/Show More
+++ b/Show More