RELEASE-NOTES: synced with b8b2cf612b

The commit e650dbde86 that stripped off [brackets] from ipv6-only host
headers for the sake of cookie parsing wrongly incremented the host
pointer which would cause a bad free() call later on.

CHANGES.0

@@ -146,7 +146,7 @@ Daniel Stenberg (14 May 2010)
   compressed Content-Encoding!
 
   (http://curl.haxx.se/bug/view.cgi?id=3000056)
-  
+
 Daniel Stenberg (12 May 2010)
 - Howard Chu brought support for RTMP. This is powered by the underlying
   librtmp library. It supports a range of variations and "sub-protocols"
@@ -181,14 +181,14 @@ Daniel Stenberg (7 May 2010)
   That situation is subject for some closer inspection in the future.
 
 - Howard Chu split the I/O handling functions into private handlers.
-    
+
   Howard Chu brought the bulk work of this patch that properly moves out the
   sending and recving of data to the parts of the code that are properly
   responsible for the various ways of doing so.
-  
+
   Daniel Stenberg assisted with polishing a few bits and fixed some minor
   flaws in the original patch.
-  
+
   Another upside of this patch is that we now abuse CURLcodes less with the
   "magic" -1 return codes and instead use CURLE_AGAIN more consistently.
 
@@ -296,7 +296,7 @@ Daniel Stenberg (28 Mar 2010)
 - Ben Greear: If you pass a URL to pop3 that does not contain a message ID as
   part of the URL, it would previously ask for 'INBOX' which just causes the
   pop3 server to return an error.
-    
+
   Now libcurl treats en empty message ID as a request for LIST (list of pop3
   message IDs).  User's code could then parse this and download individual
   messages as desired.
@@ -318,7 +318,7 @@ Daniel Stenberg (24 Mar 2010)
   the last packet received constitutes the end of the response body, libcurl
   still treats it as a timeout condition and reports a message like:
 
-  "Operation timed out after 3000 milliseconds with 876 out of 876 bytes 
+  "Operation timed out after 3000 milliseconds with 876 out of 876 bytes
   received"
 
   It should only a timeout if the timer lapsed and we DIDN'T receive the end
@@ -368,7 +368,7 @@ Daniel Stenberg (22 Mar 2010)
   case of a timeout, the signal handler for SIGALRM never gets removed. I
   think that in my case it gets executed at some point later on when execution
   has long left Curl_resolv_timeout() or even the cURL library.
-  
+
   The code that is jumped to with siglongjmp() simply sets the error message
   to "name lookup timed out" and then returns with CURLRESOLV_ERROR. I guess
   that instead of simply returning without cleaning up, the code should have a
@@ -17288,7 +17288,7 @@ Version 5.1 (not publicly released)
 
    They should be set for protocol-specific proxies. General proxy should be
    set with
-	
+
 	ALL_PROXY
 
    And a comma-separated list of host names that shouldn't go through any

CMake/FindCARES.cmake

@@ -11,7 +11,7 @@ FIND_PATH(CARES_INCLUDE_DIR ares.h
   /usr/local/include
   /usr/include
   )
- 
+
 SET(CARES_NAMES ${CARES_NAMES} cares)
 FIND_LIBRARY(CARES_LIBRARY
   NAMES ${CARES_NAMES}

CMakeLists.txt

@@ -148,9 +148,9 @@ option(ENABLE_IPV6 "Define if you want to enable IPv6 support" OFF)
 mark_as_advanced(ENABLE_IPV6)
 
 if(WIN32)
-  find_library(WSOCK32_LIBRARY wsock32)
-  find_library(WS2_32_LIBRARY ws2_32)
-  list_spaces_append_once(CMAKE_C_STANDARD_LIBRARIES ${WSOCK32_LIBRARY} ${WS2_32_LIBRARY})  # bufferoverflowu.lib
+  # Windows standard libraries are located in C:/Program Files/Microsoft SDKs/[...]
+  # They are already included in the default MSVC LIBPATH => no find_library is needed!
+  list_spaces_append_once(CMAKE_C_STANDARD_LIBRARIES wsock32.lib ws2_32.lib)  # bufferoverflowu.lib
   if(CURL_DISABLE_LDAP)
     # Remove wldap32.lib from space-separated list
     string(REPLACE " " ";" _LIST ${CMAKE_C_STANDARD_LIBRARIES})
@@ -382,7 +382,7 @@ if(CMAKE_USE_OPENSSL)
   check_include_file_concat("openssl/rand.h"   HAVE_OPENSSL_RAND_H)
 endif(CMAKE_USE_OPENSSL)
 
-if(NOT HAVE_LDAP_H) 
+if(NOT HAVE_LDAP_H)
   message(STATUS "LDAP_H not found CURL_DISABLE_LDAP set ON")
   set(CURL_DISABLE_LDAP ON CACHE BOOL "" FORCE)
 endif()
@@ -784,7 +784,7 @@ if(HAVE_SOCKLEN_T)
   check_type_size("socklen_t" CURL_SIZEOF_CURL_SOCKLEN_T)
   set(CMAKE_EXTRA_INCLUDE_FILES)
   if(NOT HAVE_CURL_SIZEOF_CURL_SOCKLEN_T)
-    message(FATAL_ERROR 
+    message(FATAL_ERROR
      "Check for sizeof socklen_t failed, see CMakeFiles/CMakerror.log")
   endif()
 else()

Makefile.am

@@ -36,7 +36,7 @@ winbuild/MakefileBuild.vc winbuild/Makefile.vc
 EXTRA_DIST = CHANGES COPYING maketgz Makefile.dist curl-config.in	\
  curl-style.el sample.emacs RELEASE-NOTES buildconf 	\
  libcurl.pc.in vc6curl.dsw MacOSX-Framework Android.mk $(CMAKE_DIST)	\
- Makefile.msvc.names $(WINBUILD_DIST)
+ Makefile.msvc.names $(WINBUILD_DIST) lib/libcurl.vers.in
 
 bin_SCRIPTS = curl-config
 

RELEASE-NOTES

@@ -1,19 +1,49 @@
-Curl and libcurl 7.24.0
+Curl and libcurl 7.25.0
 
- Public curl releases:         125
- Command line options:         149
- curl_easy_setopt() options:   192
+ Public curl releases:         127
+ Command line options:         151
+ curl_easy_setopt() options:   199
  Public functions in libcurl:  58
  Known libcurl bindings:       39
- Contributors:                 873
+ Contributors:                 929
 
 This release includes the following changes:
 
- o 
+ o configure: add option disable --libcurl output [1]
+ o --ssl-allow-beast and CURLOPT_SSL_OPTIONS added [2]
+ o Added CURLOPT_TCP_KEEPALIVE, CURLOPT_TCP_KEEPIDLE, CURLOPT_TCP_KEEPINTVL [4]
+ o curl: use new library-side TCP_KEEPALIVE options [5]
+ o Added a new CURLOPT_MAIL_AUTH option [13]
+ o Added support for --mail-auth [14]
+ o --libcurl now also works with -F and more! [15]
 
 This release includes the following bugfixes:
 
- o 
+ o --max-redirs: allow negative numbers as option value [3]
+ o parse_proxy: bail out on zero-length proxy names [6]
+ o configure: don't modify LD_LIBRARY_PATH for cross compiles [7]
+ o curl_easy_reset: reset the referer string [8]
+ o curl tool: don't abort glob-loop due to failures [9]
+ o CONNECT: send correct Host: with IPv6 numerical address [10]
+ o Explicitly link to the nettle/gcrypt libraries [11]
+ o more resilient connection times among IP addresses [12]
+ o winbuild: fix IPV6 and IDN options
+ o SMTP: Fixed error when using CURLOPT_CONNECT_ONLY
+ o cyassl: update to CyaSSL 2.0.x API
+ o smtp: Fixed an issue with the EOB checking
+ o pop3: Fixed drop of final CRLF in EOB checking [16]
+ o smtp: Fixed an issue with writing postdata
+ o smtp: Added support for returning SMTP response codes
+ o CONNECT: fix ipv6 address in the Request-Line [17]
+ o curl-config: only provide libraries with --libs
+ o LWIP: don't consider HAVE_ERRNO_H to be winsock [19]
+ o ssh: tunnel through HTTP proxy if requested
+ o cookies: strip off [brackets] from numerical ipv6 host names [20]
+ o libcurl docs: version corrections [18]
+ o cmake: list_spaces_append_once failure [22]
+ o resolve with c-ares: don't resolve IPv6 when not working [21]
+ o smtp: changed error code for EHLO and HELO responses
+ o parsedate: fix a numeric overflow
 
 This release includes the following known bugs:
 
@@ -22,6 +52,35 @@ This release includes the following known bugs:
 This release would not have looked like this without help, code, reports and
 advice from friends like these:
 
+ Colin Hogben, Alessandro Ghedini, Kamil Dudka, Rob Ward, Dave Reisner,
+ Martin Storsjo, Pierre Ynard, Pierre Joye, Yang Tse, Dan Fandrich,
+ Michael Day, Juan Barreto, Chandrakant Bagul, Steve Holme, Todd Ouska,
+ Rich Gray, John Joseph Bachir, Armel Asselin, Andrei Cipu,
+ Maxim Prohorov
  
-
         Thanks! (and sorry if I forgot to mention someone)
+
+References to bug reports and discussions on issues:
+
+ [1] = http://curl.haxx.se/mail/lib-2012-02/0009.html
+ [2] = http://curl.haxx.se/mail/lib-2012-02/0001.html
+ [3] = http://curl.haxx.se/mail/lib-2012-02/0098.html
+ [4] = http://curl.haxx.se/mail/lib-2012-01/0264.html
+ [5] = http://curl.haxx.se/mail/lib-2012-01/0263.html
+ [6] = http://curl.haxx.se/mail/lib-2012-02/0000.html
+ [7] = http://curl.haxx.se/mail/lib-2012-02/0052.html
+ [8] = http://curl.haxx.se/bug/view.cgi?id=3481551
+ [9] = http://curl.haxx.se/bug/view.cgi?id=3481223
+ [10] = http://curl.haxx.se/bug/view.cgi?id=3482093
+ [11] = http://curl.haxx.se/mail/lib-2012-01/0303.html
+ [12] = http://curl.haxx.se/mail/lib-2012-01/0190.html
+ [13] = http://curl.haxx.se/libcurl/c/curl_easy_setopt.html#CURLOPTMAILAUTH
+ [14] = http://curl.haxx.se/docs/manpage.html#--mail-auth
+ [15] = http://curl.haxx.se/docs/manpage.html#--libcurl
+ [16] = http://curl.haxx.se/mail/lib-2012-02/0051.html
+ [17] = http://curl.haxx.se/bug/view.cgi?id=3493129
+ [18] = http://curl.haxx.se/bug/view.cgi?id=3494091
+ [19] = http://curl.haxx.se/mail/lib-2012-03/0046.html
+ [20] = http://curl.haxx.se/mail/lib-2012-03/0036.html
+ [21] = http://curl.haxx.se/mail/lib-2012-03/0045.html
+ [22] = http://curl.haxx.se/bug/view.cgi?id=3494968

TODO-RELEASE

@@ -1,4 +1,4 @@
-To be addressed in 7.22.1
+To be addressed in 7.24.1
 =========================
 
 295 - "RTSP Authentication (#22)" https://github.com/bagder/curl/pull/22
@@ -8,4 +8,8 @@ To be addressed in 7.22.1
 300 - "Polling on stray socket on sequential transfers." Andrew S
       http://curl.haxx.se/mail/lib-2011-07/0053.html
 
-308 -
+308 - Revisit option --enable-threaded-resolver at least allow selection among
+      pthreads and Windows threads when building a Windows target.
+      http://curl.haxx.se/mail/lib-2012-01/0291.html
+
+309 - 

buildconf

@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -21,9 +21,12 @@
 #
 ###########################################################################
 
+#--------------------------------------------------------------------------
+# die prints argument string to stdout and exits this shell script.
+#
 die(){
-	echo "$@"
-	exit
+  echo "buildconf: $@"
+  exit 1
 }
 
 #--------------------------------------------------------------------------
@@ -33,11 +36,8 @@ die(){
 findtool(){
   file="$1"
 
-  if { echo $file | grep "/" >/dev/null 2>&1; } then
-    # we only check for the explicit file name if the file is given
-    # including a slash. Use ./ for current dir. Previously this would
-    # otherwise always cause findtool to search the local dir first, which
-    # is wrong.
+  if { echo "$file" | grep "/" >/dev/null 2>&1; } then
+    # when file is given with a path check it first
     if test -f "$file"; then
       echo "$file"
       return
@@ -82,7 +82,8 @@ removethis(){
 if test ! -f configure.ac ||
   test ! -f src/tool_main.c ||
   test ! -f lib/urldata.h ||
-  test ! -f include/curl/curl.h; then
+  test ! -f include/curl/curl.h ||
+  test ! -f m4/curl-functions.m4; then
   echo "Can not run buildconf from outside of curl's source subdirectory!"
   echo "Change to the subdirectory where buildconf is found, and try again."
   exit 1
@@ -188,27 +189,24 @@ else
 fi
 
 #--------------------------------------------------------------------------
-# libtool check
+# GNU libtool preliminary check
 #
-LIBTOOL_WANTED_MAJOR=1
-LIBTOOL_WANTED_MINOR=4
-LIBTOOL_WANTED_PATCH=2
-LIBTOOL_WANTED_VERSION=1.4.2
+want_lt_major=1
+want_lt_minor=4
+want_lt_patch=2
+want_lt_version=1.4.2
+
+# This approach that tries 'glibtool' first is intended for systems that
+# have GNU libtool named as 'glibtool' and libtool not being GNU's.
 
-# this approach that tries 'glibtool' first is some kind of work-around for
-# some BSD-systems I believe that use to provide the GNU libtool named
-# glibtool, with 'libtool' being something completely different.
 libtool=`findtool glibtool 2>/dev/null`
 if test ! -x "$libtool"; then
   libtool=`findtool ${LIBTOOL:-libtool}`
 fi
-
-if test -z "$LIBTOOLIZE"; then
-  # set the LIBTOOLIZE here so that glibtoolize is used if glibtool was found
-  # $libtool is already the full path
-  libtoolize="${libtool}ize"
-else
-  libtoolize=`findtool $LIBTOOLIZE`
+if test -z "$libtool"; then
+  echo "buildconf: libtool not found."
+  echo "            You need GNU libtool $want_lt_version or newer installed."
+  exit 1
 fi
 
 lt_pver=`$libtool --version 2>/dev/null|head -n 1`
@@ -216,42 +214,55 @@ lt_qver=`echo $lt_pver|sed -e "s/([^)]*)//g" -e "s/^[^0-9]*//g"`
 lt_version=`echo $lt_qver|sed -e "s/[- ].*//" -e "s/\([a-z]*\)$//"`
 if test -z "$lt_version"; then
   echo "buildconf: libtool not found."
-  echo "            You need libtool version $LIBTOOL_WANTED_VERSION or newer installed"
+  echo "            You need GNU libtool $want_lt_version or newer installed."
   exit 1
 fi
 old_IFS=$IFS; IFS='.'; set $lt_version; IFS=$old_IFS
 lt_major=$1
 lt_minor=$2
 lt_patch=$3
-lt_status="good"
 
-if test "$lt_major" = "$LIBTOOL_WANTED_MAJOR"; then
-   if test "$lt_minor" -lt "$LIBTOOL_WANTED_MINOR"; then
-      lt_status="bad"
-   elif test -n "$LIBTOOL_WANTED_PATCH"; then
-       if test "$lt_minor" -gt "$LIBTOOL_WANTED_MINOR"; then
-         lt_status="good"
-       elif test -n "$lt_patch"; then
-          if test "$lt_patch" -lt "$LIBTOOL_WANTED_PATCH"; then
-             lt_status="bad"
-          fi
-       else
-          lt_status="bad"
-       fi
-   fi
+if test -z "$lt_major"; then
+  lt_status="bad"
+elif test "$lt_major" -gt "$want_lt_major"; then
+  lt_status="good"
+elif test "$lt_major" -lt "$want_lt_major"; then
+  lt_status="bad"
+elif test -z "$lt_minor"; then
+  lt_status="bad"
+elif test "$lt_minor" -gt "$want_lt_minor"; then
+  lt_status="good"
+elif test "$lt_minor" -lt "$want_lt_minor"; then
+  lt_status="bad"
+elif test -z "$lt_patch"; then
+  lt_status="bad"
+elif test "$lt_patch" -gt "$want_lt_patch"; then
+  lt_status="good"
+elif test "$lt_patch" -lt "$want_lt_patch"; then
+  lt_status="bad"
+else
+  lt_status="good"
 fi
-if test $lt_status != "good"; then
+if test "$lt_status" != "good"; then
   echo "buildconf: libtool version $lt_version found."
-  echo "            You need libtool version $LIBTOOL_WANTED_VERSION or newer installed"
+  echo "            You need GNU libtool $want_lt_version or newer installed."
   exit 1
 fi
 
 echo "buildconf: libtool version $lt_version (ok)"
 
-if test -f "$libtoolize"; then
-  echo "buildconf: libtoolize found"
+#--------------------------------------------------------------------------
+# GNU libtoolize check
+#
+if test -z "$LIBTOOLIZE"; then
+  # use (g)libtoolize from same location as (g)libtool
+  libtoolize="${libtool}ize"
 else
-  echo "buildconf: libtoolize not found. Weird libtool installation!"
+  libtoolize=`findtool $LIBTOOLIZE`
+fi
+if test ! -f "$libtoolize"; then
+  echo "buildconf: libtoolize not found."
+  echo "            You need GNU libtoolize $want_lt_version or newer installed."
   exit 1
 fi
 
@@ -276,6 +287,10 @@ fi
 # perl check
 #
 PERL=`findtool ${PERL:-perl}`
+if test -z "$PERL"; then
+  echo "buildconf: perl not found"
+  exit 1
+fi
 
 #--------------------------------------------------------------------------
 # Remove files generated on previous buildconf/configure run.
@@ -311,6 +326,7 @@ for fname in .deps \
     libcurl.pc \
     libtool \
     libtool.m4 \
+    libtool.m4.tmp \
     ltmain.sh \
     ltoptions.m4 \
     ltsugar.m4 \
@@ -327,32 +343,52 @@ done
 #
 
 echo "buildconf: running libtoolize"
-$libtoolize --copy --automake --force || die "The libtoolize command failed"
+${libtoolize} --copy --automake --force || die "libtoolize command failed"
 
-if test ! -f m4/curl-functions.m4; then
-  echo "buildconf: cURL m4 macros not found"
-  exit 1
+# When using libtool 1.5.X (X < 26) we copy libtool.m4 to our local m4
+# subdirectory and this local copy is patched to fix some warnings that
+# are triggered when running aclocal and using autoconf 2.62 or later.
+
+if test "$lt_major" = "1" && test "$lt_minor" = "5"; then
+  if test -z "$lt_patch" || test "$lt_patch" -lt "26"; then
+    echo "buildconf: copying libtool.m4 to local m4 subdir"
+    ac_dir=`${ACLOCAL:-aclocal} --print-ac-dir`
+    if test -f $ac_dir/libtool.m4; then
+      cp -f $ac_dir/libtool.m4 m4/libtool.m4
+    else
+      echo "buildconf: $ac_dir/libtool.m4 not found"
+    fi
+    if test -f m4/libtool.m4; then
+      echo "buildconf: renaming some variables in local m4/libtool.m4"
+      $PERL -i.tmp -pe \
+        's/lt_prog_compiler_pic_works/lt_cv_prog_compiler_pic_works/g; \
+         s/lt_prog_compiler_static_works/lt_cv_prog_compiler_static_works/g;' \
+        m4/libtool.m4
+      rm -f m4/libtool.m4.tmp
+    fi
+  fi
+fi
+
+if test -f m4/libtool.m4; then
+  echo "buildconf: converting all mv to mv -f in local m4/libtool.m4"
+  $PERL -i.tmp -pe 's/\bmv +([^-\s])/mv -f $1/g' m4/libtool.m4
+  rm -f m4/libtool.m4.tmp
 fi
 
 echo "buildconf: running aclocal"
-${ACLOCAL:-aclocal} -I m4 $ACLOCAL_FLAGS || die "The aclocal command line failed"
+${ACLOCAL:-aclocal} -I m4 $ACLOCAL_FLAGS || die "aclocal command failed"
 
-if test -n "$PERL"; then
-  echo "buildconf: running aclocal hack to convert all mv to mv -f"
-  $PERL -i.bak -pe 's/\bmv +([^-\s])/mv -f $1/g' aclocal.m4
-else
-  echo "buildconf: perl not found"
-  exit 1
-fi
+echo "buildconf: converting all mv to mv -f in local aclocal.m4"
+$PERL -i.bak -pe 's/\bmv +([^-\s])/mv -f $1/g' aclocal.m4
 
 echo "buildconf: running autoheader"
-${AUTOHEADER:-autoheader} || die "The autoheader command failed"
+${AUTOHEADER:-autoheader} || die "autoheader command failed"
 
 echo "buildconf: cp lib/curl_config.h.in src/curl_config.h.in"
 cp lib/curl_config.h.in src/curl_config.h.in
 
 echo "buildconf: running autoconf"
-${AUTOCONF:-autoconf}     || die "The autoconf command failed"
+${AUTOCONF:-autoconf} || die "autoconf command failed"
 
 if test -d ares; then
   cd ares
@@ -362,14 +398,15 @@ if test -d ares; then
 fi
 
 echo "buildconf: running automake"
-${AUTOMAKE:-automake} -a -c  || die "The automake command failed"
+${AUTOMAKE:-automake} --add-missing --copy || die "automake command failed"
 
 #--------------------------------------------------------------------------
+# GNU libtool complementary check
+#
 # Depending on the libtool and automake versions being used, config.guess
 # might not be installed in the subdirectory until automake has finished.
 # So we can not attempt to use it until this very last buildconf stage.
 #
-
 if test ! -f ./config.guess; then
   echo "buildconf: config.guess not found"
 else
@@ -413,7 +450,7 @@ else
     if test "$lt_status" != "good"; then
       need_lt_version="$need_lt_major.$need_lt_minor.$need_lt_patch"
       echo "buildconf: libtool version $lt_version found."
-      echo "            $buildhost requires libtool $need_lt_version or newer installed."
+      echo "            $buildhost requires GNU libtool $need_lt_version or newer installed."
       rm -f configure
       exit 1
     fi
@@ -423,6 +460,5 @@ fi
 #--------------------------------------------------------------------------
 # Finished successfully.
 #
-
 echo "buildconf: OK"
 exit 0

configure.ac

@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -26,6 +26,7 @@ AC_PREREQ(2.57)
 dnl We don't know the version number "statically" so we use a dash here
 AC_INIT([curl], [-], [a suitable curl mailing list: http://curl.haxx.se/mail/])
 
+XC_OVR_ZZ50
 CURL_OVERRIDE_AUTOCONF
 
 dnl configure script copyright
@@ -154,6 +155,7 @@ curl_tls_srp_msg="no      (--enable-tls-srp)"
    curl_ipv6_msg="no      (--enable-ipv6)"
     curl_idn_msg="no      (--with-libidn)"
  curl_manual_msg="no      (--enable-manual)"
+curl_libcurl_msg="enabled (--disable-libcurl-option)"
 curl_verbose_msg="enabled (--disable-verbose)"
    curl_sspi_msg="no      (--enable-sspi)"
    curl_ldap_msg="no      (--enable-ldap / --with-ldap-lib / --with-lber-lib)"
@@ -650,6 +652,25 @@ AC_HELP_STRING([--disable-manual],[Disable built-in manual]),
 dnl The actual use of the USE_MANUAL variable is done much later in this
 dnl script to allow other actions to disable it as well.
 
+dnl ************************************************************
+dnl disable C code generation support
+dnl
+AC_MSG_CHECKING([whether to enable generation of C code])
+AC_ARG_ENABLE(libcurl_option,
+AC_HELP_STRING([--enable-libcurl-option],[Enable --libcurl C code generation support])
+AC_HELP_STRING([--disable-libcurl-option],[Disable --libcurl C code generation support]),
+[ case "$enableval" in
+  no)
+       AC_MSG_RESULT(no)
+       AC_DEFINE(CURL_DISABLE_LIBCURL_OPTION, 1, [to disable --libcurl C code generation option])
+       curl_libcurl_msg="no"
+       ;;
+  *)   AC_MSG_RESULT(yes)
+       ;;
+  esac ],
+       AC_MSG_RESULT(yes)
+)
+
 dnl **********************************************************************
 dnl Checks for libraries.
 dnl **********************************************************************
@@ -1514,7 +1535,8 @@ if test X"$OPT_SSL" != Xno; then
                     RAND_egd \
                     ENGINE_cleanup \
                     CRYPTO_cleanup_all_ex_data \
-                    SSL_get_shutdown )
+                    SSL_get_shutdown \
+                    SSLv2_client_method )
 
     dnl Make an attempt to detect if this is actually yassl's headers and
     dnl OpenSSL emulation layer. We still leave everything else believing
@@ -1546,10 +1568,11 @@ if test X"$OPT_SSL" != Xno; then
        dnl when the ssl shared libs were found in a path that the run-time
        dnl linker doesn't search through, we need to add it to LD_LIBRARY_PATH
        dnl to prevent further configure tests to fail due to this
-
-       LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$LIB_OPENSSL"
-       export LD_LIBRARY_PATH
-       AC_MSG_NOTICE([Added $LIB_OPENSSL to LD_LIBRARY_PATH])
+       if test "x$cross_compiling" != "xyes"; then
+         LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$LIB_OPENSSL"
+         export LD_LIBRARY_PATH
+         AC_MSG_NOTICE([Added $LIB_OPENSSL to LD_LIBRARY_PATH])
+       fi
     fi
     CURL_CHECK_OPENSSL_API
   fi
@@ -1785,10 +1808,11 @@ if test "$OPENSSL_ENABLED" != "1"; then
           dnl linker doesn't search through, we need to add it to
           dnl LD_LIBRARY_PATH to prevent further configure tests to fail
           dnl due to this
-
-          LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$gtlslib"
-          export LD_LIBRARY_PATH
-          AC_MSG_NOTICE([Added $gtlslib to LD_LIBRARY_PATH])
+          if test "x$cross_compiling" != "xyes"; then 
+            LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$gtlslib"
+            export LD_LIBRARY_PATH
+            AC_MSG_NOTICE([Added $gtlslib to LD_LIBRARY_PATH])
+          fi
         fi
       fi
 
@@ -1799,17 +1823,33 @@ if test "$OPENSSL_ENABLED" != "1"; then
 fi dnl OPENSSL != 1
 
 dnl ---
-dnl If GnuTLS is enabled, we MUST verify that it uses libgcrypt since
-dnl curl code relies on that but recent GnuTLS versions can in fact build
-dnl with different crypto libraries which curl right now cannot handle
+dnl Check which crypto backend GnuTLS uses
 dnl ---
 
 if test "$GNUTLS_ENABLED" = "1"; then
-  AC_CHECK_LIB(gcrypt,
-               gcry_control, ,
-    [
-      AC_MSG_ERROR([need GnuTLS built with gcrypt to function with GnuTLS])
-    ])
+  USE_GNUTLS_NETTLE=
+  # First check if we can detect either crypto library via transitive linking
+  AC_CHECK_LIB(gnutls, nettle_MD5Init, [ USE_GNUTLS_NETTLE=1 ])
+  if test "$USE_GNUTLS_NETTLE" = ""; then
+    AC_CHECK_LIB(gnutls, gcry_control, [ USE_GNUTLS_NETTLE=0 ])
+  fi
+  # If not, try linking directly to both of them to see if they are available
+  if test "$USE_GNUTLS_NETTLE" = ""; then
+    AC_CHECK_LIB(nettle, nettle_MD5Init, [ USE_GNUTLS_NETTLE=1 ])
+  fi
+  if test "$USE_GNUTLS_NETTLE" = ""; then
+    AC_CHECK_LIB(gcrypt, gcry_control, [ USE_GNUTLS_NETTLE=0 ])
+  fi
+  if test "$USE_GNUTLS_NETTLE" = ""; then
+    AC_MSG_ERROR([GnuTLS found, but neither gcrypt nor nettle found])
+  fi
+  if test "$USE_GNUTLS_NETTLE" = "1"; then
+    AC_DEFINE(USE_GNUTLS_NETTLE, 1, [if GnuTLS uses nettle as crypto backend])
+    AC_SUBST(USE_GNUTLS_NETTLE, [1])
+    LIBS="$LIBS -lnettle"
+  else
+    LIBS="$LIBS -lgcrypt"
+  fi
 fi
 
 dnl ---
@@ -1895,12 +1935,12 @@ if test "$OPENSSL_ENABLED" != "1"; then
         dnl linker doesn't search through, we need to add it to
         dnl LD_LIBRARY_PATH to prevent further configure tests to fail
         dnl due to this
-
-        LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$polarssllib"
-        export LD_LIBRARY_PATH
-        AC_MSG_NOTICE([Added $polarssllib to LD_LIBRARY_PATH])
+        if test "x$cross_compiling" != "xyes"; then
+          LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$polarssllib"
+          export LD_LIBRARY_PATH
+          AC_MSG_NOTICE([Added $polarssllib to LD_LIBRARY_PATH])
+        fi
       fi
-
     fi
 
   fi dnl PolarSSL not disabled
@@ -1917,7 +1957,7 @@ OPT_CYASSL=no
 _cppflags=$CPPFLAGS
 _ldflags=$LDFLAGS
 AC_ARG_WITH(cyassl,dnl
-AC_HELP_STRING([--with-cyassl=PATH],[where to look for CyaSSL, PATH points to the installation root (default: /usr/local/cyassl)])
+AC_HELP_STRING([--with-cyassl=PATH],[where to look for CyaSSL, PATH points to the installation root (default: system lib default)])
 AC_HELP_STRING([--without-cyassl], [disable CyaSSL detection]),
   OPT_CYASSL=$withval)
 
@@ -1930,14 +1970,9 @@ if test "$OPENSSL_ENABLED" != "1"; then
     fi
 
     if test -z "$OPT_CYASSL" ; then
-      dnl check for lib in default first
+      dnl check for lib in system default first
 
-      trycyassldir="/usr/local/cyassl"
-
-      LDFLAGS="$LDFLAGS -L$trycyassldir/lib"
-      CPPFLAGS="$CPPFLAGS -I$trycyassldir/include"
-
-      AC_CHECK_LIB(cyassl, InitCyaSSL,
+      AC_CHECK_LIB(cyassl, CyaSSL_Init,
       dnl libcyassl found, set the variable
        [
          AC_DEFINE(USE_CYASSL, 1, [if CyaSSL is enabled])
@@ -1959,7 +1994,7 @@ if test "$OPENSSL_ENABLED" != "1"; then
          CPPFLAGS="$CPPFLAGS $addcflags"
       fi
 
-      AC_CHECK_LIB(cyassl, InitCyaSSL,
+      AC_CHECK_LIB(cyassl, CyaSSL_Init,
        [
        AC_DEFINE(USE_CYASSL, 1, [if CyaSSL is enabled])
        AC_SUBST(USE_CYASSL, [1])
@@ -1984,10 +2019,11 @@ if test "$OPENSSL_ENABLED" != "1"; then
         dnl linker doesn't search through, we need to add it to
         dnl LD_LIBRARY_PATH to prevent further configure tests to fail
         dnl due to this
-
-        LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$cyassllib"
-        export LD_LIBRARY_PATH
-        AC_MSG_NOTICE([Added $cyassllib to LD_LIBRARY_PATH])
+        if test "x$cross_compiling" != "xyes"; then
+          LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$cyassllib"
+          export LD_LIBRARY_PATH
+          AC_MSG_NOTICE([Added $cyassllib to LD_LIBRARY_PATH])
+        fi
       fi
 
     fi
@@ -2080,10 +2116,11 @@ if test "$OPENSSL_ENABLED" != "1" -a "$GNUTLS_ENABLED" != "1"; then
         dnl linker doesn't search through, we need to add it to
         dnl LD_LIBRARY_PATH to prevent further configure tests to fail
         dnl due to this
-
-        LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$nssprefix/lib$libsuff"
-        export LD_LIBRARY_PATH
-        AC_MSG_NOTICE([Added $nssprefix/lib$libsuff to LD_LIBRARY_PATH])
+        if test "x$cross_compiling" != "xyes"; then
+          LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$nssprefix/lib$libsuff"
+          export LD_LIBRARY_PATH
+          AC_MSG_NOTICE([Added $nssprefix/lib$libsuff to LD_LIBRARY_PATH])
+        fi
       fi
 
     fi
@@ -2240,10 +2277,11 @@ if test X"$OPT_LIBSSH2" != Xno; then
        dnl libssh2_session_handshake was added in 1.2.8
        AC_CHECK_FUNCS( libssh2_version libssh2_init libssh2_exit \
                        libssh2_scp_send64 libssh2_session_handshake)
-
-       LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$DIR_SSH2"
-       export LD_LIBRARY_PATH
-       AC_MSG_NOTICE([Added $DIR_SSH2 to LD_LIBRARY_PATH])
+       if test "x$cross_compiling" != "xyes"; then
+         LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$DIR_SSH2"
+         export LD_LIBRARY_PATH
+         AC_MSG_NOTICE([Added $DIR_SSH2 to LD_LIBRARY_PATH])
+       fi
     fi
   else
     dnl no libssh2, revert back to clean variables
@@ -2331,56 +2369,202 @@ if test X"$OPT_LIBRTMP" != Xno; then
 
 fi
 
+dnl **********************************************************************
+dnl Check for linker switch for versioned symbols
+dnl **********************************************************************
+
+AC_MSG_CHECKING([if libraries can be versioned])
+GLD=`$LD --help < /dev/null 2>/dev/null | grep version-script`
+if test -z "$GLD"; then
+    versioned_symbols_flavour=
+    AC_MSG_RESULT(no)
+    AC_MSG_WARN(***
+*** You need an ld version supporting the --version-script option.
+)
+else
+    AC_MSG_RESULT(yes)
+
+AC_MSG_CHECKING([whether versioned symbols are wanted])
+versioned_symbols_flavour=
+
+AC_ARG_ENABLE(versioned-symbols,
+AC_HELP_STRING([--enable-versioned-symbols], [Enable versioned symbols in shared library])
+AC_HELP_STRING([--disable-versioned-symbols], [Disable versioned symbols in shared library]),
+[ case "$enableval" in
+  yes) AC_MSG_RESULT(yes)
+    if test "x$OPENSSL_ENABLED" = "x1"; then
+      versioned_symbols_flavour="OPENSSL_"
+    elif test "x$GNUTLS_ENABLED" == "x1"; then
+      versioned_symbols_flavour="GNUTLS_"
+    elif test "x$NSS_ENABLED" == "x1"; then
+      versioned_symbols_flavour="NSS_"
+    elif test "x$POLARSSL_ENABLED" == "x1"; then
+      versioned_symbols_flavour="POLARSSL_"
+    elif test "x$CYASSL_ENABLED" == "x1"; then
+      versioned_symbols_flavour="CYASSL_"
+    elif test "x$AXTLS_ENABLED" == "x1"; then
+      versioned_symbols_flavour="AXTLS_"
+    else
+      versioned_symbols_flavour=""
+    fi
+    versioned_symbols="yes"
+    ;;
+
+  *)   AC_MSG_RESULT(no)
+    ;;
+  esac
+], [
+AC_MSG_RESULT(no)
+]
+)
+fi
+
+AC_SUBST(VERSIONED_FLAVOUR, ["$versioned_symbols_flavour"])
+AM_CONDITIONAL(VERSIONED_SYMBOLS, test "x$versioned_symbols" = "xyes")
+
+
 dnl **********************************************************************
 dnl Check for the presence of IDN libraries and headers
 dnl **********************************************************************
 
 AC_MSG_CHECKING([whether to build with libidn])
+OPT_IDN="default"
 AC_ARG_WITH(libidn,
 AC_HELP_STRING([--with-libidn=PATH],[Enable libidn usage])
 AC_HELP_STRING([--without-libidn],[Disable libidn usage]),
-  [LIBIDN="$withval"])
-
-case "$LIBIDN" in
+  [OPT_IDN=$withval])
+case "$OPT_IDN" in
   no)
-       AC_MSG_RESULT(no)
-       ;;
-  *)   AC_MSG_RESULT(yes)
-
-       idn=""
-       dnl if there is a given path, check that FIRST
-       if test -n "$LIBIDN"; then
-         if test "x$LIBIDN" != "xyes"; then
-            oldLDFLAGS=$LDFLAGS
-            oldCPPFLAGS=$CPPFLAGS
-            LDFLAGS="$LDFLAGS -L$LIBIDN/lib"
-            CPPFLAGS="$CPPFLAGS -I$LIBIDN/include"
-            idn="yes"
-            AC_CHECK_LIB(idn, idna_to_ascii_4i, ,
-                         idn=""
-                         LDFLAGS=$oldLDFLAGS
-                         CPPFLAGS=$oldCPPFLAGS)
-         fi
-       fi
-
-       if test "x$idn" != "xyes"; then
-          dnl check with default paths
-          idn="yes"
-          AC_CHECK_LIB(idn, idna_to_ascii_lz, ,
-                       idn="")
-       fi
-
-       if test "x$idn" = "xyes"; then
-         curl_idn_msg="enabled"
-         AC_SUBST(IDN_ENABLED, [1])
-         dnl different versions of libidn have different setups of these:
-         AC_CHECK_FUNCS( idn_free idna_strerror tld_strerror)
-         AC_CHECK_HEADERS( idn-free.h tld.h )
-       fi
-
-       ;;
+    dnl --without-libidn option used
+    want_idn="no"
+    AC_MSG_RESULT([no])
+    ;;
+  default)
+    dnl configure option not specified
+    want_idn="yes"
+    want_idn_path="default"
+    AC_MSG_RESULT([(assumed) yes])
+    ;;
+  yes)
+    dnl --with-libidn option used without path
+    want_idn="yes"
+    want_idn_path="default"
+    AC_MSG_RESULT([yes])
+    ;;
+  *)
+    dnl --with-libidn option used with path
+    want_idn="yes"
+    want_idn_path="$withval"
+    AC_MSG_RESULT([yes ($withval)])
+    ;;
 esac
 
+if test "$want_idn" = "yes"; then
+  dnl idn library support has been requested
+  clean_CPPFLAGS="$CPPFLAGS"
+  clean_LDFLAGS="$LDFLAGS"
+  clean_LIBS="$LIBS"
+  PKGCONFIG="no"
+  #
+  if test "$want_idn_path" != "default"; then
+    dnl path has been specified
+    IDN_PCDIR="$want_idn_path/lib$libsuff/pkgconfig"
+    CURL_CHECK_PKGCONFIG(libidn, [$IDN_PCDIR])
+    if test "$PKGCONFIG" != "no"; then
+      IDN_LIBS=`CURL_EXPORT_PCDIR([$IDN_PCDIR]) dnl
+        $PKGCONFIG --libs-only-l libidn 2>/dev/null`
+      IDN_LDFLAGS=`CURL_EXPORT_PCDIR([$IDN_PCDIR]) dnl
+        $PKGCONFIG --libs-only-L libidn 2>/dev/null`
+      IDN_CPPFLAGS=`CURL_EXPORT_PCDIR([$IDN_PCDIR]) dnl
+        $PKGCONFIG --cflags-only-I libidn 2>/dev/null`
+      IDN_DIR=`echo $IDN_LDFLAGS | $SED -e 's/-L//'`
+    else
+      dnl pkg-config not available or provides no info
+      IDN_LIBS="-lidn"
+      IDN_LDFLAGS="-L$want_idn_path/lib$libsuff"
+      IDN_CPPFLAGS="-I$want_idn_path/include"
+      IDN_DIR="$want_idn_path/lib$libsuff"
+    fi
+  else
+    dnl path not specified
+    CURL_CHECK_PKGCONFIG(libidn)
+    if test "$PKGCONFIG" != "no"; then
+      IDN_LIBS=`$PKGCONFIG --libs-only-l libidn 2>/dev/null`
+      IDN_LDFLAGS=`$PKGCONFIG --libs-only-L libidn 2>/dev/null`
+      IDN_CPPFLAGS=`$PKGCONFIG --cflags-only-I libidn 2>/dev/null`
+      IDN_DIR=`echo $IDN_LDFLAGS | $SED -e 's/-L//'`
+    else
+      dnl pkg-config not available or provides no info
+      IDN_LIBS="-lidn"
+    fi
+  fi
+  #
+  if test "$PKGCONFIG" != "no"; then
+    AC_MSG_NOTICE([pkg-config: IDN_LIBS: "$IDN_LIBS"])
+    AC_MSG_NOTICE([pkg-config: IDN_LDFLAGS: "$IDN_LDFLAGS"])
+    AC_MSG_NOTICE([pkg-config: IDN_CPPFLAGS: "$IDN_CPPFLAGS"])
+    AC_MSG_NOTICE([pkg-config: IDN_DIR: "$IDN_DIR"])
+  else
+    AC_MSG_NOTICE([IDN_LIBS: "$IDN_LIBS"])
+    AC_MSG_NOTICE([IDN_LDFLAGS: "$IDN_LDFLAGS"])
+    AC_MSG_NOTICE([IDN_CPPFLAGS: "$IDN_CPPFLAGS"])
+    AC_MSG_NOTICE([IDN_DIR: "$IDN_DIR"])
+  fi
+  #
+  CPPFLAGS="$IDN_CPPFLAGS $CPPFLAGS"
+  LDFLAGS="$IDN_LDFLAGS $LDFLAGS"
+  LIBS="$IDN_LIBS $LIBS"
+  #
+  AC_MSG_CHECKING([if idna_to_ascii_4i can be linked])
+  AC_LINK_IFELSE([
+    AC_LANG_FUNC_LINK_TRY([idna_to_ascii_4i])
+  ],[
+    AC_MSG_RESULT([yes])
+    tst_links_libidn="yes"
+  ],[
+    AC_MSG_RESULT([no])
+    tst_links_libidn="no"
+  ])
+  if test "$tst_links_libidn" = "no"; then
+    AC_MSG_CHECKING([if idna_to_ascii_lz can be linked])
+    AC_LINK_IFELSE([
+      AC_LANG_FUNC_LINK_TRY([idna_to_ascii_lz])
+    ],[
+      AC_MSG_RESULT([yes])
+      tst_links_libidn="yes"
+    ],[
+      AC_MSG_RESULT([no])
+      tst_links_libidn="no"
+    ])
+  fi
+  #
+  if test "$tst_links_libidn" = "yes"; then
+    AC_DEFINE(HAVE_LIBIDN, 1, [Define to 1 if you have the `idn' library (-lidn).])
+    dnl different versions of libidn have different setups of these:
+    AC_CHECK_FUNCS( idn_free idna_strerror tld_strerror )
+    AC_CHECK_HEADERS( idn-free.h tld.h )
+    if test "x$ac_cv_header_tld_h" = "xyes"; then
+      AC_SUBST([IDN_ENABLED], [1])
+      curl_idn_msg="enabled"
+      if test -n "$IDN_DIR"; then
+        LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$IDN_DIR"
+        export LD_LIBRARY_PATH
+        AC_MSG_NOTICE([Added $IDN_DIR to LD_LIBRARY_PATH])
+      fi
+    else
+      AC_MSG_WARN([Libraries for IDN support too old: IDN disabled])
+      CPPFLAGS="$clean_CPPFLAGS"
+      LDFLAGS="$clean_LDFLAGS"
+      LIBS="$clean_LIBS"
+    fi
+  else
+    AC_MSG_WARN([Cannot find libraries for IDN support: IDN disabled])
+    CPPFLAGS="$clean_CPPFLAGS"
+    LDFLAGS="$clean_LDFLAGS"
+    LIBS="$clean_LIBS"
+  fi
+fi
+
 
 dnl Let's hope this split URL remains working:
 dnl http://publibn.boulder.ibm.com/doc_link/en_US/a_doc_lib/aixprggd/ \
@@ -3108,6 +3292,7 @@ AC_CONFIG_FILES([Makefile \
            include/curl/Makefile \
            src/Makefile \
            lib/Makefile \
+           lib/libcurl.vers \
            tests/Makefile \
            tests/data/Makefile \
            tests/server/Makefile \
@@ -3136,31 +3321,32 @@ CURL_GENERATE_CONFIGUREHELP_PM
 
 AC_MSG_NOTICE([Configured to build curl/libcurl:
 
-  curl version:    ${CURLVERSION}
-  Host setup:      ${host}
-  Install prefix:  ${prefix}
-  Compiler:        ${CC}
-  SSL support:     ${curl_ssl_msg}
-  SSH support:     ${curl_ssh_msg}
-  zlib support:    ${curl_zlib_msg}
-  krb4 support:    ${curl_krb4_msg}
-  GSSAPI support:  ${curl_gss_msg}
-  SPNEGO support:  ${curl_spnego_msg}
-  TLS-SRP support: ${curl_tls_srp_msg}
-  resolver:        ${curl_res_msg}
-  ipv6 support:    ${curl_ipv6_msg}
-  IDN support:     ${curl_idn_msg}
-  Build libcurl:   Shared=${enable_shared}, Static=${enable_static}
-  Built-in manual: ${curl_manual_msg}
-  Verbose errors:  ${curl_verbose_msg}
-  SSPI support:    ${curl_sspi_msg}
-  ca cert bundle:  ${ca}
-  ca cert path:    ${capath}
-  LDAP support:    ${curl_ldap_msg}
-  LDAPS support:   ${curl_ldaps_msg}
-  RTSP support:    ${curl_rtsp_msg}
-  RTMP support:    ${curl_rtmp_msg}
-  Protocols:       ${SUPPORT_PROTOCOLS}
+  curl version:     ${CURLVERSION}
+  Host setup:       ${host}
+  Install prefix:   ${prefix}
+  Compiler:         ${CC}
+  SSL support:      ${curl_ssl_msg}
+  SSH support:      ${curl_ssh_msg}
+  zlib support:     ${curl_zlib_msg}
+  krb4 support:     ${curl_krb4_msg}
+  GSSAPI support:   ${curl_gss_msg}
+  SPNEGO support:   ${curl_spnego_msg}
+  TLS-SRP support:  ${curl_tls_srp_msg}
+  resolver:         ${curl_res_msg}
+  ipv6 support:     ${curl_ipv6_msg}
+  IDN support:      ${curl_idn_msg}
+  Build libcurl:    Shared=${enable_shared}, Static=${enable_static}
+  Built-in manual:  ${curl_manual_msg}
+  --libcurl option: ${curl_libcurl_msg}
+  Verbose errors:   ${curl_verbose_msg}
+  SSPI support:     ${curl_sspi_msg}
+  ca cert bundle:   ${ca}
+  ca cert path:     ${capath}
+  LDAP support:     ${curl_ldap_msg}
+  LDAPS support:    ${curl_ldaps_msg}
+  RTSP support:     ${curl_rtsp_msg}
+  RTMP support:     ${curl_rtmp_msg}
+  Protocols:        ${SUPPORT_PROTOCOLS}
 ])
 
 if test "x$soname_bump" = "xyes"; then

curl-config.in

@@ -142,9 +142,9 @@ while test $# -gt 0; do
 	   CURLLIBDIR=""
 	fi
 	if test "X@REQUIRE_LIB_DEPS@" = "Xyes"; then
-	  echo ${CURLLIBDIR}-lcurl @LDFLAGS@ @LIBCURL_LIBS@ @LIBS@
+	  echo ${CURLLIBDIR}-lcurl @LIBCURL_LIBS@ @LIBS@
 	else
-	  echo ${CURLLIBDIR}-lcurl @LDFLAGS@ @LIBS@
+	  echo ${CURLLIBDIR}-lcurl @LIBS@
 	fi
 	;;
 

docs/CONTRIBUTE

@@ -34,6 +34,7 @@
  3.3 How To Make a Patch without git
  3.4 How to get your changes into the main sources
  3.5 Write good commit messages
+ 3.6 Please don't send pull requests
 
 ==============================================================================
 
@@ -276,3 +277,27 @@
  and make sure that you have your own user and email setup correctly in git
  before you commit
 
+3.6 Please don't send pull requests
+
+ With git (and expecially github) it is easy and tempting to send a pull
+ request to one or more people in the curl project to have changes merged this
+ way instead of mailing patches to the curl-library mailing list.
+
+ We don't like that. We want them mailed for these reasons:
+
+ - Peer review. Anyone and everyone on the list can review, comment and
+   improve on the patch. Pull requests limit this ability.
+
+ - Anyone can merge the patch into their own trees for testing and those who
+   have push rights can push it to the main repo. It doesn't have to be anyone
+   the patch author knows beforehand.
+
+ - Commit messages can be tweaked and changed if merged locally instead of
+   using github. Merges directly on github requires the changes to be perfect
+   already, which they seldomly are.
+
+ - Merges on github prevents rebases and even enforces --no-ff which is a git
+   style we don't otherwise use in the project
+
+ However: once patches have been reviewed and deemed fine on list they are
+ perfectly OK to be pulled from a published git tree.

docs/FAQ

@@ -1,4 +1,4 @@
-Updated: March 8, 2011 (http://curl.haxx.se/docs/faq.html)
+Updated: December 7, 2011 (http://curl.haxx.se/docs/faq.html)
                                   _   _ ____  _
                               ___| | | |  _ \| |
                              / __| | | | |_) | |
@@ -726,6 +726,12 @@ FAQ
 
     curl --header "Host: www.example.com" http://127.0.0.1/
 
+  You can also opt to add faked host name entries to curl with the --resolve
+  option. That has the added benefit that things like redirects will also work
+  properly. The above operation would instead be done as:
+
+    curl --resolve www.example.com:80:127.0.0.1 http://www.example.com/
+
   3.20 How to SFTP from my user's home directory?
 
   Contrary to how FTP works, SFTP and SCP URLs specify the exact directory to

docs/INSTALL

@@ -392,7 +392,7 @@ Win32
 
      set BCCDIR=c:\Borland\BCC55
 
-   In order to build a plain vanilla version of curl and libcurl run the 
+   In order to build a plain vanilla version of curl and libcurl run the
    following command from curl's root directory:
 
      make borland

docs/INTERNALS

@@ -39,7 +39,7 @@ Portability
  libssh2      0.16
  c-ares       1.6.0
  libidn       0.4.1
- cyassl       1.4.0
+ cyassl       2.0.0
  openldap     2.0
  MIT krb5 lib 1.2.4
  qsossl       V5R2M0
@@ -68,7 +68,7 @@ Portability
  GNU Autoconf 2.57
  GNU Automake 1.7 (we currently avoid 1.10 due to Solaris-related bugs)
  GNU M4       1.4
- perl         4
+ perl         5.004
  roffit       0.5
  groff        ? (any version that supports "groff -Tps -man [in] [out]")
  ps2pdf (gs)  ?

docs/KNOWN_BUGS

@@ -3,6 +3,15 @@ join in and help us correct one or more of these! Also be sure to check the
 changelog of the current development status, as one or more of these problems
 may have been fixed since this was written!
 
+78. curl and libcurl don't always signal the client properly when "sending"
+  zero bytes files - it makes for example the command line client not creating
+  any file at all. Like when using FTP.
+  http://curl.haxx.se/bug/view.cgi?id=3438362
+
+77. CURLOPT_FORBID_REUSE on a handle prevents NTLM from working since it
+  "absuses" the underlying connection re-use system and if connections are
+  forced to close they break the NTLM support.
+
 76. The SOCKET type in Win64 is 64 bits large (and thus so is curl_socket_t on
   that platform), and long is only 32 bits. It makes it impossible for
   curl_easy_getinfo() to return a socket properly with the CURLINFO_LASTSOCKET

docs/MANUAL

@@ -328,7 +328,7 @@ POST (HTTP)
   If the content-type is not specified, curl will try to guess from the file
   extension (it only knows a few), or use the previously specified type (from
   an earlier file if several files are specified in a list) or else it will
-  using the default type 'text/plain'.
+  use the default type 'application/octet-stream'.
 
   Emulate a fill-in form with -F. Let's say you fill in three fields in a
   form. One field is a file name which to post, one field is your name and one

docs/THANKS

@@ -20,11 +20,13 @@ Albert Choy
 Ale Vesely
 Alejandro Alvarez
 Aleksandar Milivojevic
+Alessandro Ghedini
 Alessandro Vesely
 Alex Bligh
 Alex Fishman
 Alex Neblett
 Alex Suykov
+Alex Vinnik
 Alex aka WindEagle
 Alexander Beedie
 Alexander Kourakos
@@ -74,6 +76,7 @@ Anton Kalmykov
 Arkadiusz Miskiewicz
 Armel Asselin
 Arnaud Ebalard
+Arthur Murray
 Arve Knudsen
 Ates Goral
 Augustus Saunders
@@ -91,6 +94,7 @@ Ben Winslow
 Benbuck Nason
 Benjamin Gerard
 Bernard Leak
+Bernhard Reutner-Fischer
 Bertrand Demiddelaer
 Bill Egert
 Bill Hoffman
@@ -105,6 +109,7 @@ Brad Burdick
 Brad Hards
 Brad King
 Bradford Bruce
+Brandon Wang
 Brendan Jurd
 Brent Beardsley
 Brian Akins
@@ -121,6 +126,7 @@ Camille Moncelier
 Caolan McNamara
 Carsten Lange
 Casey O'Donnell
+Cedric Deltheil
 Chad Monroe
 Charles Kerr
 Chih-Chung Chang
@@ -133,6 +139,7 @@ Chris Gaukroger
 Chris Maltby
 Chris Mumford
 Chris Smowton
+Christian Grothoff
 Christian Hagele
 Christian Krause
 Christian Kurz
@@ -382,6 +389,8 @@ Jan Kunder
 Jan Van Boghout
 Jared Lundell
 Jari Sundell
+Jason Glasgow
+Jason Liu
 Jason McDonald
 Jason S. Priebe
 Jay Austin
@@ -418,6 +427,7 @@ Jofell Gallardo
 Johan Anderson
 Johan Nilsson
 Johan van Selst
+Johannes Bauer
 John Bradshaw
 John Crow
 John Dennis
@@ -437,6 +447,7 @@ Jon Sargeant
 Jon Travis
 Jon Turner
 Jonas Forsman
+Jonas Schnelli
 Jonatan Lander
 Jonathan Hseu
 Jongki Suwandi
@@ -524,6 +535,7 @@ Luke Call
 Luong Dinh Dung
 Maciej Karpiuk
 Maciej W. Rozycki
+Mamoru Tasaka
 Mandy Wu
 Manfred Schwarb
 Manuel Massing
@@ -538,6 +550,7 @@ Marco Maggi
 Marcus Sundberg
 Marcus Webster
 Mario Schroeder
+Mark Brand
 Mark Butler
 Mark Davies
 Mark Eichin
@@ -613,6 +626,7 @@ Moonesamy
 Nathan Coulter
 Nathan O'Sullivan
 Nathanael Nerode
+Naveen Chandran
 Naveen Noel
 Neil Dunbar
 Neil Spring
@@ -630,6 +644,7 @@ Nikita Schmidt
 Nikitinskit Dmitriy
 Niklas Angebrand
 Nikolai Kondrashov
+Nikos Mavrogiannopoulos
 Ning Dong
 Nir Soffer
 Nis Jorgensen
@@ -646,6 +661,7 @@ Paolo Piacentini
 Pascal Terjan
 Pasha Kuznetsov
 Pat Ray
+Patrice Guerin
 Patrick Bihan-Faou
 Patrick Monnerat
 Patrick Scott
@@ -719,6 +735,7 @@ Renaud Duhaut
 Rene Bernhardt
 Rene Rebe
 Reuven Wachtfogel
+Reza Arbab
 Ricardo Cadime
 Rich Gray
 Rich Rauenzahn
@@ -735,11 +752,13 @@ Rick Richardson
 Rob Crittenden
 Rob Jones
 Rob Stanzel
+Rob Ward
 Robert A. Monat
 Robert D. Young
 Robert Foreman
 Robert Iakobashvili
 Robert Olson
+Robert Schumann
 Robert Weaver
 Robin Cornelius
 Robin Johnson
@@ -808,6 +827,7 @@ Stephen Kick
 Stephen More
 Sterling Hughes
 Steve Green
+Steve H Truong
 Steve Holme
 Steve Lhomme
 Steve Little
@@ -863,6 +883,7 @@ Tomasz Lacki
 Tommie Gannert
 Tommy Tam
 Ton Voon
+Toni Moreno
 Toon Verwaest
 Tor Arntsen
 Torsten Foertsch
@@ -891,6 +912,7 @@ Vojtech Janota
 Vojtech Minarik
 Vsevolod Novikov
 Walter J. Mack
+Ward Willats
 Wayne Haigh
 Werner Koch
 Wesley Laxton

docs/TODO

@@ -17,6 +17,7 @@
  1.4 signal-based resolver timeouts
  1.5 get rid of PATH_MAX
  1.6 progress callback without doubles
+ 1.7 Happy Eyeball dual stack connect
 
  2. libcurl - multi interface
  2.1 More non-blocking
@@ -147,6 +148,19 @@
  have both co-exist for a forseeable time until we can remove the double-using
  one.
 
+1.7 Happy Eyeball dual stack connect
+
+ In order to make alternative technologies not suffer when transitioning, like
+ when introducing IPv6 as an alternative to IPv4 and there are more than one
+ option existing simultaneously there are reasons to reconsider internal
+ choices.
+
+ To make libcurl do blazing fast IPv6 in a dual-stack configuration, this needs
+ to be addressed:
+
+    http://tools.ietf.org/html/draft-ietf-v6ops-happy-eyeballs-07
+
+
 2. libcurl - multi interface
 
 2.1 More non-blocking
@@ -156,7 +170,6 @@
 
  - Name resolves on non-windows unless c-ares is used
  - NSS SSL connections
- - Active FTP connections
  - HTTP proxy CONNECT operations
  - SOCKS proxy handshakes
  - file:// transfers

docs/curl.1

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -20,7 +20,7 @@
 .\" *
 .\" **************************************************************************
 .\"
-.TH curl 1 "14 April 2009" "Curl 7.21.6" "Curl Manual"
+.TH curl 1 "16 February 2012" "Curl 7.25.0" "Curl Manual"
 .SH NAME
 curl \- transfer a URL
 .SH SYNOPSIS
@@ -434,13 +434,15 @@ may be loaded.
 If this option is used several times, the last one will be used.
 .IP "--capath <CA certificate directory>"
 (SSL) Tells curl to use the specified certificate directory to verify the
-peer. The certificates must be in PEM format, and if curl is built against
-OpenSSL, the directory must have been processed using the c_rehash utility
-supplied with OpenSSL. Using \fI--capath\fP can allow OpenSSL-powered curl to
-make SSL-connections much more efficiently than using \fI--cacert\fP if the
-\fI--cacert\fP file contains many CA certificates.
+peer. Multiple paths can be provided by separating them with ":" (e.g.
+\&"path1:path2:path3"). The certificates must be in PEM format, and if curl is
+built against OpenSSL, the directory must have been processed using the
+c_rehash utility supplied with OpenSSL. Using \fI--capath\fP can allow
+OpenSSL-powered curl to make SSL-connections much more efficiently than using
+\fI--cacert\fP if the \fI--cacert\fP file contains many CA certificates.
 
-If this option is used several times, the last one will be used.
+If this option is set, the default capath value will be ignored, and if it is
+used several times, the last one will be used.
 .IP "-f, --fail"
 (HTTP) Fail silently (no output at all) on server errors. This is mostly done
 to better enable scripts etc to better deal with failed attempts. In
@@ -709,7 +711,8 @@ currently effective on operating systems offering the TCP_KEEPIDLE and
 TCP_KEEPINTVL socket options (meaning Linux, recent AIX, HP-UX and more). This
 option has no effect if \fI--no-keepalive\fP is used. (Added in 7.18.0)
 
-If this option is used multiple times, the last occurrence sets the amount.
+If this option is used multiple times, the last occurrence sets the amount. If
+unspecified, the option defaults to 60 seconds.
 .IP "--key <key>"
 (SSL/SSH) Private key file name. Allows you to provide your private key in this
 separate file.
@@ -759,13 +762,9 @@ was 301, 302, or 303. If the response code was any other 3xx code, curl will
 re-send the following request using the same unmodified method.
 .IP "--libcurl <file>"
 Append this option to any ordinary curl command line, and you will get a
-libcurl-using source code written to the file that does the equivalent
+libcurl-using C source code written to the file that does the equivalent
 of what your command-line operation does!
 
-NOTE: this does not properly support -F and the sending of multipart
-formposts, so in those cases the output program will be missing necessary
-calls to \fIcurl_formadd(3)\fP, and possibly more.
-
 If this option is used several times, the last given file name will be
 used. (Added in 7.16.1)
 .IP "--limit-rate <speed>"
@@ -803,6 +802,12 @@ useful for preventing your batch jobs from hanging for hours due to slow
 networks or links going down.  See also the \fI--connect-timeout\fP option.
 
 If this option is used several times, the last one will be used.
+.IP "--mail-auth <address>"
+(SMTP) Specify a single address. This will be used to specify the
+authentication address (identity) of a submitted message that is being relayed
+to another server.
+
+(Added in 7.25.0)
 .IP "--mail-from <address>"
 (SMTP) Specify a single address that the given mail should get sent from.
 
@@ -1256,6 +1261,12 @@ connection if the server doesn't support SSL/TLS. (Added in 7.20.0)
 
 This option was formerly known as \fI--ftp-ssl-reqd\fP (added in 7.15.5). That
 option name can still be used but will be removed in a future version.
+.IP "--ssl-allow-beast"
+(SSL) This option tells curl to not work around a security flaw in the SSL3
+and TLS1.0 protocols known as BEAST.  If this option isn't used, the SSL layer
+may use work-arounds known to cause interoperability problems with some older
+SSL implementations. WARNING: this option loosens the SSL security, and by
+using this flag you ask for exactly that.  (Added in 7.25.0)
 .IP "--socks4 <host[:port]>"
 Use the specified SOCKS4 proxy. If the port number is not specified, it is
 assumed at port 1080. (Added in 7.15.2)
@@ -1322,8 +1333,7 @@ implementation does not.  The option \fI--socks5-gssapi-nec\fP allows the
 unprotected exchange of the protection mode negotiation. (Added in 7.19.4).
 .IP "--stderr <file>"
 Redirect all writes to stderr to the specified file instead. If the file name
-is a plain '-', it is instead written to stdout. This option has no point when
-you're using a shell with decent redirecting capabilities.
+is a plain '-', it is instead written to stdout.
 
 If this option is used several times, the last one will be used.
 .IP "-t, --telnet-option <OPT=val>"

docs/examples/.gitignore

@@ -18,12 +18,15 @@ http-post
 httpcustomheader
 httpput
 https
+imap
 multi-app
 multi-debugcallback
 multi-double
 multi-post
 multi-single
 persistant
+pop3s
+pop3slist
 post-callback
 postit2
 progressfunc
@@ -37,3 +40,4 @@ simplesmtp
 simplessl
 smtp-multi
 smtp-tls
+url2file

docs/examples/Makefile.inc

@@ -5,7 +5,7 @@ check_PROGRAMS = 10-at-a-time anyauthput cookie_interface debug fileupload \
   persistant post-callback postit2 sepheaders simple simplepost simplessl  \
   sendrecv httpcustomheader certinfo chkspeed ftpgetinfo ftp-wildcard \
   smtp-multi simplesmtp smtp-tls rtsp externalsocket resolve \
-  progressfunc
+  progressfunc pop3s pop3slist imap url2file
 
 # These examples require external dependencies that may not be commonly
 # available on POSIX systems, so don't bother attempting to compile them here.

docs/examples/Makefile.m32

@@ -58,7 +58,7 @@ endif
 ifndef LIBIDN_PATH
 LIBIDN_PATH = ../../../libidn-1.18
 endif
-# Edit the path below to point to the base of your MS idndlpackage. 
+# Edit the path below to point to the base of your MS IDN package.
 # Microsoft Internationalized Domain Names (IDN) Mitigation APIs 1.1
 # http://www.microsoft.com/downloads/en/details.aspx?FamilyID=ad6158d7-ddba-416a-9109-07607425a815
 ifndef WINIDN_PATH

docs/examples/README

@@ -55,6 +55,7 @@ htmltitle.cc   - download a HTML file and extract the <title> tag from a HTML
 http-post.c    - HTTP POST
 httpput.c      - HTTP PUT a local file
 https.c        - simple HTTPS transfer
+imap.c         - simple IMAP transfer
 multi-app.c    - a multi-interface app
 multi-debugcallback.c - a multi-interface app using the debug callback
 multi-double.c - a multi-interface app doing two simultaneous transfers
@@ -63,6 +64,8 @@ multi-single.c - a multi-interface app getting a single file
 multithread.c  - an example using multi-treading transferring multiple files
 opensslthreadlock.c - show how to do locking when using OpenSSL multi-threaded
 persistant.c   - request two URLs with a persistent connection
+pop3s.c        - POP3S transfer
+pop3slist.c    - POP3S LIST
 post-callback.c - send a HTTP POST using a callback
 postit2.c      - send a HTTP multipart formpost
 sampleconv.c   - showing how a program on a non-ASCII platform would invoke
@@ -73,4 +76,5 @@ simple.c       - the most simple download a URL source
 simplepost.c   - HTTP POST
 simplessl.c    - HTTPS example with certificates many options set
 synctime.c     - Sync local time by extracting date from remote HTTP servers
+url2file.c     - download a document and store it in a file
 10-at-a-time.c - Download many files simultaneously, 10 at a time.

docs/examples/anyauthput.c

@@ -27,6 +27,7 @@
 #  ifdef __VMS
      typedef int intptr_t;
 #  endif
+#  include <stdint.h>
 #  include <unistd.h>
 #endif
 #include <sys/types.h>

docs/examples/curlx.c

@@ -239,8 +239,7 @@ static CURLcode sslctxfun(CURL * curl, void * sslctx, void * parm) {
   SSL_CTX_set_cipher_list(ctx,"RC4-MD5");
   SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
 
-  X509_STORE_add_cert(ctx->cert_store,sk_X509_value(p->ca,
-                                                    sk_X509_num(p->ca)-1));
+  X509_STORE_add_cert(SSL_CTX_get_cert_store(ctx), sk_X509_value(p->ca, sk_X509_num(p->ca)-1));
 
   SSL_CTX_set_verify_depth(ctx,2);
 

docs/examples/externalsocket.c

@@ -36,6 +36,7 @@
 #else
 #include <sys/types.h>        /*  socket types              */
 #include <sys/socket.h>       /*  socket definitions        */
+#include <netinet/in.h>
 #include <arpa/inet.h>        /*  inet (3) funtions         */
 #include <unistd.h>           /*  misc. UNIX functions      */
 #endif

docs/examples/imap.c

@@ -0,0 +1,44 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include <stdio.h>
+#include <curl/curl.h>
+
+int main(void)
+{
+  CURL *curl;
+  CURLcode res;
+
+  curl = curl_easy_init();
+  if(curl) {
+    /* Set username and password */
+    curl_easy_setopt(curl, CURLOPT_USERPWD, "user:password");
+
+    /* This will fetch the mailbox named "foobar" */
+    curl_easy_setopt(curl, CURLOPT_URL, "imap://imap.example.com/foobar");
+
+    res = curl_easy_perform(curl);
+
+    /* always cleanup */
+    curl_easy_cleanup(curl);
+  }
+  return (int)res;
+}

docs/examples/pop3s.c

@@ -0,0 +1,68 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include <stdio.h>
+#include <curl/curl.h>
+
+int main(void)
+{
+  CURL *curl;
+  CURLcode res;
+
+  curl = curl_easy_init();
+  if(curl) {
+    /* Set username and password */
+    curl_easy_setopt(curl, CURLOPT_USERPWD, "user:password");
+
+    /* This will only fetch the message with ID "1" of the given mailbox */
+    curl_easy_setopt(curl, CURLOPT_URL, "pop3s://user@pop.example.com/1");
+
+#ifdef SKIP_PEER_VERIFICATION
+    /*
+     * If you want to connect to a site who isn't using a certificate that is
+     * signed by one of the certs in the CA bundle you have, you can skip the
+     * verification of the server's certificate. This makes the connection
+     * A LOT LESS SECURE.
+     *
+     * If you have a CA cert for the server stored someplace else than in the
+     * default bundle, then the CURLOPT_CAPATH option might come handy for
+     * you.
+     */
+    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
+#endif
+
+#ifdef SKIP_HOSTNAME_VERFICATION
+    /*
+     * If the site you're connecting to uses a different host name that what
+     * they have mentioned in their server certificate's commonName (or
+     * subjectAltName) fields, libcurl will refuse to connect. You can skip
+     * this check, but this will make the connection less secure.
+     */
+    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
+#endif
+
+    res = curl_easy_perform(curl);
+
+    /* always cleanup */
+    curl_easy_cleanup(curl);
+  }
+  return 0;
+}

docs/examples/pop3slist.c

@@ -0,0 +1,68 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include <stdio.h>
+#include <curl/curl.h>
+
+int main(void)
+{
+  CURL *curl;
+  CURLcode res;
+
+  curl = curl_easy_init();
+  if(curl) {
+    /* Set username and password */
+    curl_easy_setopt(curl, CURLOPT_USERPWD, "user:password");
+
+    /* This will list every message of the given mailbox */
+    curl_easy_setopt(curl, CURLOPT_URL, "pop3s://user@pop.example.com/");
+
+#ifdef SKIP_PEER_VERIFICATION
+    /*
+     * If you want to connect to a site who isn't using a certificate that is
+     * signed by one of the certs in the CA bundle you have, you can skip the
+     * verification of the server's certificate. This makes the connection
+     * A LOT LESS SECURE.
+     *
+     * If you have a CA cert for the server stored someplace else than in the
+     * default bundle, then the CURLOPT_CAPATH option might come handy for
+     * you.
+     */
+    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
+#endif
+
+#ifdef SKIP_HOSTNAME_VERFICATION
+    /*
+     * If the site you're connecting to uses a different host name that what
+     * they have mentioned in their server certificate's commonName (or
+     * subjectAltName) fields, libcurl will refuse to connect. You can skip
+     * this check, but this will make the connection less secure.
+     */
+    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
+#endif
+
+    res = curl_easy_perform(curl);
+
+    /* always cleanup */
+    curl_easy_cleanup(curl);
+  }
+  return 0;
+}

docs/examples/progressfunc.c

@@ -22,12 +22,32 @@
 #include <stdio.h>
 #include <curl/curl.h>
 
-#define STOP_DOWNLOAD_AFTER_THIS_MANY_BYTES 6000
+#define STOP_DOWNLOAD_AFTER_THIS_MANY_BYTES         6000
+#define MINIMAL_PROGRESS_FUNCTIONALITY_INTERVAL     3
+
+struct myprogress {
+  double lastruntime;
+  CURL *curl;
+};
 
 static int progress(void *p,
                     double dltotal, double dlnow,
                     double ultotal, double ulnow)
 {
+  struct myprogress *myp = (struct myprogress *)p;
+  CURL *curl = myp->curl;
+  double curtime = 0;
+
+  curl_easy_getinfo(curl, CURLINFO_TOTAL_TIME, &curtime);
+
+  /* under certain circumstances it may be desirable for certain functionality
+     to only run every N seconds, in order to do this the transaction time can
+     be used */
+  if((curtime - myp->lastruntime) >= MINIMAL_PROGRESS_FUNCTIONALITY_INTERVAL) {
+    myp->lastruntime = curtime;
+    fprintf(stderr, "TOTAL TIME: %f \r\n", curtime);
+  }
+
   fprintf(stderr, "UP: %g of %g  DOWN: %g of %g\r\n",
           ulnow, ultotal, dlnow, dltotal);
 
@@ -40,11 +60,17 @@ int main(void)
 {
   CURL *curl;
   CURLcode res=0;
+  struct myprogress prog;
 
   curl = curl_easy_init();
   if(curl) {
+    prog.lastruntime = 0;
+    prog.curl = curl;
+
     curl_easy_setopt(curl, CURLOPT_URL, "http://example.com/");
     curl_easy_setopt(curl, CURLOPT_PROGRESSFUNCTION, progress);
+    /* pass the struct pointer into the progress function */
+    curl_easy_setopt(curl, CURLOPT_PROGRESSDATA, &prog);
     curl_easy_setopt(curl, CURLOPT_NOPROGRESS, 0L);
     res = curl_easy_perform(curl);
 

docs/examples/url2file.c

@@ -0,0 +1,81 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#include <curl/curl.h>
+
+static size_t write_data(void *ptr, size_t size, size_t nmemb, void *stream)
+{
+  size_t written = fwrite(ptr, size, nmemb, (FILE *)stream);
+  return written;
+}
+
+int main(int argc, char *argv[])
+{
+  CURL *curl_handle;
+  static const char *pagefilename = "page.out";
+  FILE *pagefile;
+
+  if(argc < 2 ) {
+    printf("Usage: %s <URL>\n", argv[0]);
+    return 1;
+  }
+
+  curl_global_init(CURL_GLOBAL_ALL);
+
+  /* init the curl session */
+  curl_handle = curl_easy_init();
+
+  /* set URL to get here */
+  curl_easy_setopt(curl_handle, CURLOPT_URL, argv[1]);
+
+  /* Switch on full protocol/debug output while testing */
+  curl_easy_setopt(curl_handle, CURLOPT_VERBOSE, 1L);
+
+  /* disable progress meter, set to 0L to enable and disable debug output */
+  curl_easy_setopt(curl_handle, CURLOPT_NOPROGRESS, 1L);
+
+  /* send all data to this function  */
+  curl_easy_setopt(curl_handle, CURLOPT_WRITEFUNCTION, write_data);
+
+  /* open the file */
+  pagefile = fopen(pagefilename, "wb");
+  if (pagefile) {
+
+    /* write the page body to this file handle. CURLOPT_FILE is also known as
+       CURLOPT_WRITEDATA*/
+    curl_easy_setopt(curl_handle, CURLOPT_FILE, pagefile);
+
+    /* get it! */
+    curl_easy_perform(curl_handle);
+
+    /* close the header file */
+    fclose(pagefile);
+  }
+
+  /* cleanup curl stuff */
+  curl_easy_cleanup(curl_handle);
+
+  return 0;
+}

docs/examples/version-check.pl

@@ -90,7 +90,7 @@ my @recent = reverse sort sortversions keys %used;
 # the most recent symbol
 my $newsym = $recent[0];
 # the most recent version
-my $newver = $doc{$newsym}; 
+my $newver = $doc{$newsym};
 
 print "The scanned source uses these symbols introduced in $newver:\n";
 

docs/libcurl/Makefile.am

@@ -82,7 +82,7 @@ PDFPAGES = curl_easy_cleanup.pdf curl_easy_getinfo.pdf			 \
 CLEANFILES = $(HTMLPAGES) $(PDFPAGES)
 
 EXTRA_DIST = $(man_MANS) $(HTMLPAGES) index.html $(PDFPAGES) libcurl.m4 ABI \
-  symbols-in-versions
+  symbols-in-versions symbols.pl
 MAN2HTML= roffit --mandir=. < $< >$@
 
 SUFFIXES = .3 .html

docs/libcurl/curl_easy_getinfo.3

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -44,11 +44,13 @@ The following information can be extracted:
 .IP CURLINFO_EFFECTIVE_URL
 Pass a pointer to a char pointer to receive the last used effective URL.
 .IP CURLINFO_RESPONSE_CODE
-Pass a pointer to a long to receive the last received HTTP or FTP code. This
-option was known as CURLINFO_HTTP_CODE in libcurl 7.10.7 and earlier. This
-will be zero if no server response code has been received. Note that a proxy's
-CONNECT response should be read with \fICURLINFO_HTTP_CONNECTCODE\fP and not
-this.
+Pass a pointer to a long to receive the last received HTTP, FTP or SMTP
+response code. This option was previously known as CURLINFO_HTTP_CODE in
+libcurl 7.10.7 and earlier. The value will be zero if no server response code
+has been received. Note that a proxy's CONNECT response should be read with
+\fICURLINFO_HTTP_CONNECTCODE\fP and not this.
+
+Support for SMTP responses added in 7.25.0.
 .IP CURLINFO_HTTP_CONNECTCODE
 Pass a pointer to a long to receive the last received proxy response code to a
 CONNECT request.

docs/libcurl/curl_easy_setopt.3

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -266,7 +266,7 @@ If you forward the input arguments directly to "fseek" or "lseek", note that
 the data type for \fIoffset\fP is not the same as defined for curl_off_t on
 many systems! (Option added in 7.18.0)
 .IP CURLOPT_SEEKDATA
-Data pointer to pass to the file read function. If you use the
+Data pointer to pass to the file seek function. If you use the
 \fICURLOPT_SEEKFUNCTION\fP option, this is the pointer you'll get as input. If
 you don't specify a seek callback, NULL is passed. (Option added in 7.18.0)
 .IP CURLOPT_SOCKOPTFUNCTION
@@ -281,7 +281,7 @@ socket descriptor so additional setsockopt() calls can be done at the user's
 discretion.  Return 0 (zero) from the callback on success. Return 1 from the
 callback function to signal an unrecoverable error to the library and it will
 close the socket and return \fICURLE_COULDNT_CONNECT\fP.  (Option added in
-7.15.6.)
+7.16.0)
 
 Added in 7.21.5, the callback function may return
 \fICURL_SOCKOPT_ALREADY_CONNECTED\fP, which tells libcurl that the socket is
@@ -289,15 +289,14 @@ in fact already connected and then libcurl will not attempt to connect it.
 .IP CURLOPT_SOCKOPTDATA
 Pass a pointer that will be untouched by libcurl and passed as the first
 argument in the sockopt callback set with \fICURLOPT_SOCKOPTFUNCTION\fP.
-(Option added in 7.15.6.)
+(Option added in 7.16.0)
 .IP CURLOPT_OPENSOCKETFUNCTION
 Function pointer that should match the \fIcurl_opensocket_callback\fP
 prototype found in \fI<curl/curl.h>\fP. This function gets called by libcurl
 instead of the \fIsocket(2)\fP call. The callback's \fIpurpose\fP argument
-identifies the exact purpose for this particular socket, and currently only
-one value is supported: \fICURLSOCKTYPE_IPCXN\fP for the primary connection
-(meaning the control connection in the FTP case). Future versions of libcurl
-may support more purposes. It passes the resolved peer address as a
+identifies the exact purpose for this particular socket:
+\fICURLSOCKTYPE_IPCXN\fP is for IP based connections. Future versions of
+libcurl may support more purposes. It passes the resolved peer address as a
 \fIaddress\fP argument so the callback can modify the address or refuse to
 connect at all. The callback function should return the socket or
 \fICURL_SOCKET_BAD\fP in case no connection should be established or any error
@@ -323,7 +322,7 @@ to the \fICURLOPT_OPENSOCKETFUNCTION\fP option. Return 0 to signal success and
 1 if there was an error.  (Option added in 7.21.7)
 .IP CURLOPT_CLOSESOCKETDATA
 Pass a pointer that will be untouched by libcurl and passed as the first
-argument in the opensocket callback set with
+argument in the closesocket callback set with
 \fICURLOPT_CLOSESOCKETFUNCTION\fP.  (Option added in 7.21.7)
 .IP CURLOPT_PROGRESSFUNCTION
 Function pointer that should match the \fIcurl_progress_callback\fP prototype
@@ -420,7 +419,7 @@ built against another SSL library, this functionality is absent.
 
 Function pointer that should match the following prototype: \fBCURLcode
 sslctxfun(CURL *curl, void *sslctx, void *parm);\fP This function gets called
-by libcurl just before the initialization of an SSL connection after having
+by libcurl just before the initialization of a SSL connection after having
 processed all other SSL related options to give a last chance to an
 application to modify the behaviour of openssl's ssl initialization. The
 \fIsslctx\fP parameter is actually a pointer to an openssl \fISSL_CTX\fP. If
@@ -435,7 +434,7 @@ the SSL negotiation. The SSL_CTX pointer will be a new one every time.
 To use this properly, a non-trivial amount of knowledge of the openssl
 libraries is necessary. For example, using this function allows you to use
 openssl callbacks to add additional validation code for certificates, and even
-to change the actual URI of an HTTPS request (example used in the lib509 test
+to change the actual URI of a HTTPS request (example used in the lib509 test
 case).  See also the example section for a replacement of the key, certificate
 and trust file settings.
 .IP CURLOPT_SSL_CTX_DATA
@@ -595,8 +594,8 @@ terminated string which must be URL-encoded in the following format:
 
 scheme://host:port/path
 
-For a greater explanation of the format please see RFC 2396
-(http://curl.haxx.se/rfc/rfc2396.txt).
+For a greater explanation of the format please see RFC 3986
+(http://curl.haxx.se/rfc/rfc3986.txt).
 
 If the given URL lacks the scheme, or protocol, part ("http://" or "ftp://"
 etc), libcurl will attempt to resolve which protocol to use based on the
@@ -712,7 +711,7 @@ pop3://user:password@mail.domain.com/1 - This retrieves the first message
 
 .B SCP
 
-The path part of an SCP request specifies the file to retrieve and from what
+The path part of a SCP request specifies the file to retrieve and from what
 directory. The file part may not be omitted. The file is taken as an absolute
 path from the root directory on the server. To specify a path relative to
 the user's home directory on the server, prepend ~/ to the path portion.
@@ -726,7 +725,7 @@ user's home directory on the server
 
 .B SFTP
 
-The path part of an SFTP request specifies the file to retrieve and from what
+The path part of a SFTP request specifies the file to retrieve and from what
 directory. If the file part is omitted then libcurl downloads the directory
 listing for the directory specified.  If the path ends in a / then a directory
 listing is returned instead of a file.  If the path is omitted entirely then
@@ -779,7 +778,7 @@ proxy's port number may optionally be specified with the separate option. If
 not specified, libcurl will default to using port 1080 for proxies.
 \fICURLOPT_PROXYPORT\fP.
 
-When you tell the library to use an HTTP proxy, libcurl will transparently
+When you tell the library to use a HTTP proxy, libcurl will transparently
 convert operations to HTTP even if you specify an FTP URL etc. This may have
 an impact on what other features of the library you can use, such as
 \fICURLOPT_QUOTE\fP and similar FTP specifics that don't work unless you
@@ -809,7 +808,7 @@ specified in the proxy string \fICURLOPT_PROXY\fP.
 .IP CURLOPT_PROXYTYPE
 Pass a long with this option to set type of the proxy. Available options for
 this are \fICURLPROXY_HTTP\fP, \fICURLPROXY_HTTP_1_0\fP (added in 7.19.4),
-\fICURLPROXY_SOCKS4\fP (added in 7.15.2), \fICURLPROXY_SOCKS5\fP,
+\fICURLPROXY_SOCKS4\fP (added in 7.10), \fICURLPROXY_SOCKS5\fP,
 \fICURLPROXY_SOCKS4A\fP (added in 7.18.0) and \fICURLPROXY_SOCKS5_HOSTNAME\fP
 (added in 7.18.0). The HTTP type is default. (Added in 7.10)
 
@@ -818,7 +817,7 @@ affect how libcurl speaks to a proxy when CONNECT is used. The HTTP version
 used for "regular" HTTP requests is instead controlled with
 \fICURLOPT_HTTP_VERSION\fP.
 .IP CURLOPT_NOPROXY
-Pass a pointer to a zero terminated string. The should be a comma separated
+Pass a pointer to a zero terminated string. This should be a comma separated
 list of hosts which do not use a proxy, if one is specified.  The only
 wildcard is a single * character, which matches all hosts, and effectively
 disables the proxy. Each name in this list is matched as either a domain which
@@ -844,6 +843,15 @@ negotiation. (Added in 7.19.4).
 Pass a char * as parameter. This sets the interface name to use as outgoing
 network interface. The name can be an interface name, an IP address, or a host
 name.
+
+Starting with 7.24.0: If the parameter starts with "if!" then it is treated as
+only as interface name and no attempt will ever be named to do treat it as an
+IP address or to do name resolution on it.  If the parameter starts with
+\&"host!" it is treated as either an IP address or a hostname.  Hostnames are
+resolved synchronously.  Using the if! format is highly recommended when using
+the multi interfaces to avoid allowing the code to block.  If "if!" is
+specified but the parameter does not match an existing interface,
+CURLE_INTERFACE_FAILED is returned.
 .IP CURLOPT_LOCALPORT
 Pass a long. This sets the local port number of the socket used for
 connection. This can be used in combination with \fICURLOPT_INTERFACE\fP and
@@ -907,6 +915,20 @@ overdone.
 .IP CURLOPT_ADDRESS_SCOPE
 Pass a long specifying the scope_id value to use when connecting to IPv6
 link-local or site-local addresses. (Added in 7.19.0)
+.IP CURLOPT_TCP_KEEPALIVE
+Pass a long. If set to 1, TCP keepalive probes will be sent. The delay and
+frequency of these probes can be controlled by the \fICURLOPT_TCP_KEEPIDLE\fP
+and \fICURLOPT_TCP_KEEPINTVL\fP options, provided the operating system supports
+them. Set to 0 (default behavior) to disable keepalive probes (Added in
+7.25.0).
+.IP CURLOPT_TCP_KEEPIDLE
+Pass a long. Sets the delay, in seconds, that the operating system will wait
+while the connection is idle before sending keepalive probes. Not all operating
+systems support this option. (Added in 7.25.0)
+.IP CURLOPT_TCP_KEEPINTVL
+Pass a long. Sets the interval, in seconds, that the operating system will wait
+between sending keepalive probes. Not all operating systems support this
+option. (Added in 7.25.0)
 .SH NAMES and PASSWORDS OPTIONS (Authentication)
 .IP CURLOPT_NETRC
 This parameter controls the preference of libcurl between using user names and
@@ -1039,8 +1061,8 @@ HTTP NTLM authentication. A proprietary protocol invented and used by
 Microsoft. It uses a challenge-response and hash concept similar to Digest, to
 prevent the password from being eavesdropped.
 
-You need to build libcurl with OpenSSL support for this option to work, or
-build libcurl on Windows.
+You need to build libcurl with either OpenSSL or NSS support for this option
+to work, or build libcurl on Windows.
 .IP CURLAUTH_NTLM_WB
 NTLM delegating to winbind helper. Authentication is performed by a separate
 binary application that is executed when needed. The name of the application
@@ -1107,7 +1129,7 @@ Pass a parameter set to 1 to enable this. When enabled, libcurl will
 automatically set the Referer: field in requests where it follows a Location:
 redirect.
 .IP CURLOPT_ACCEPT_ENCODING
-Sets the contents of the Accept-Encoding: header sent in an HTTP request, and
+Sets the contents of the Accept-Encoding: header sent in a HTTP request, and
 enables decoding of a response when a Content-Encoding: header is received.
 Three encodings are supported: \fIidentity\fP, which does nothing,
 \fIdeflate\fP which requests the server to compress its response using the
@@ -1135,7 +1157,7 @@ by both HTTP clients and HTTP servers.
 (Added in 7.21.6)
 .IP CURLOPT_FOLLOWLOCATION
 A parameter set to 1 tells the library to follow any Location: header that the
-server sends as part of an HTTP header.
+server sends as part of a HTTP header.
 
 This means that the library will re-send the same request on the new location
 and follow new Location: headers all the way until no more such headers are
@@ -1215,7 +1237,7 @@ If you issue a POST request and then want to make a HEAD or GET using the same
 re-used handle, you must explicitly set the new request type using
 \fICURLOPT_NOBODY\fP or \fICURLOPT_HTTPGET\fP or similar.
 .IP CURLOPT_POSTFIELDS
-Pass a void * as parameter, which should be the full data to post in an HTTP
+Pass a void * as parameter, which should be the full data to post in a HTTP
 POST operation. You must make sure that the data is formatted the way you want
 the server to receive it. libcurl will not convert or encode it for you. Most
 web servers will assume this data to be url-encoded.
@@ -1250,7 +1272,7 @@ Pass a curl_off_t as parameter. Use this to set the size of the
 data to figure out the size. This is the large file version of the
 \fICURLOPT_POSTFIELDSIZE\fP option. (Added in 7.11.1)
 .IP CURLOPT_COPYPOSTFIELDS
-Pass a char * as parameter, which should be the full data to post in an HTTP
+Pass a char * as parameter, which should be the full data to post in a HTTP
 POST operation. It behaves as the \fICURLOPT_POSTFIELDS\fP option, but the
 original data are copied by the library, allowing the application to overwrite
 the original data after setting this option.
@@ -1337,7 +1359,7 @@ option and thus you need to concatenate them all in one single string. Set
 multiple cookies in one string like this: "name1=content1; name2=content2;"
 etc.
 
-This option sets the cookie header explictly in the outgoing request(s). If
+This option sets the cookie header explicitly in the outgoing request(s). If
 multiple requests are done due to authentication, followed redirections or
 similar, they will all get this cookie passed on.
 
@@ -1422,25 +1444,48 @@ transfer decoding will be disabled, if set to 1 it is enabled
 option is set to zero. (added in 7.16.2)
 .SH SMTP OPTIONS
 .IP CURLOPT_MAIL_FROM
-Pass a pointer to a zero terminated string as parameter. It will be used to
-specify the sender address in a mail when sending an SMTP mail with libcurl.
+Pass a pointer to a zero terminated string as parameter. This should be used
+to specify the sender's email address when sending SMTP mail with libcurl.
 
-An originator email address in SMTP lingo is specified within angle brackets
-(<>) which libcurl will not add for you before version 7.21.4. Failing to
-provide such brackets may cause the server to reject your mail.
+An originator email address should be specified with angled brackets (<>)
+around it, which if not specified, will be added by libcurl from version
+7.21.4 onwards. Failing to provide such brackets may cause the server to
+reject the email.
+
+If this parameter is not specified then an empty address will be sent to the
+mail server which may or may not cause the email to be rejected.
 
 (Added in 7.20.0)
 .IP CURLOPT_MAIL_RCPT
 Pass a pointer to a linked list of recipients to pass to the server in your
-SMTP mail request.  The linked list should be a fully valid list of \fBstruct
+SMTP mail request. The linked list should be a fully valid list of \fBstruct
 curl_slist\fP structs properly filled in. Use \fIcurl_slist_append(3)\fP to
 create the list and \fIcurl_slist_free_all(3)\fP to clean up an entire list.
 
-Each recipient in SMTP lingo is specified with angle brackets (<>), but should
-you not use an angle bracket as first letter libcurl will assume you provide a
-single email address only and enclose that with angle brackets for you.
+Each recipient should be specified within a pair of angled brackets (<>),
+however, should you not use an angled bracket as the first character libcurl
+will assume you provided a single email address and enclose that address
+within brackets for you.
 
 (Added in 7.20.0)
+.IP CURLOPT_MAIL_AUTH
+Pass a pointer to a zero terminated string as parameter. This will be used
+to specify the authentication address (identity) of a submitted message that
+is being relayed to another server.
+
+This optional parameter allows co-operating agents in a trusted environment to
+communicate the authentication of individual messages and should only be used
+by the application program, using libcurl, if the application is itself a
+mail server acting in such an environment. If the application is operating as
+such and the AUTH address is not known or is invalid, then an empty string
+should be used for this parameter.
+
+Unlike CURLOPT_MAIL_FROM and CURLOPT_MAIL_RCPT, the address should not be
+specified within a pair of angled brackets (<>). However, if an empty string
+is used then a pair of brackets will be sent by libcurl as required by
+RFC-2554.
+
+(Added in 7.24.0)
 .SH TFTP OPTIONS
 .IP CURLOPT_TFTP_BLKSIZE
 Specify block size to use for TFTP data transmission. Valid range as per RFC
@@ -1485,9 +1530,9 @@ fully valid list of 'struct curl_slist' structs properly filled in with text
 strings. Use \fIcurl_slist_append(3)\fP to append strings (commands) to the
 list, and clear the entire list afterwards with
 \fIcurl_slist_free_all(3)\fP. Disable this operation again by setting a NULL
-to this option. When speaking to a FTP server, prefix the command with an
-asterisk (*) to make libcurl continue even if the command fails as by default
-libcurl will stop at first failure.
+to this option. When speaking to a FTP (or SFTP since 7.24.0) server, prefix
+the command with an asterisk (*) to make libcurl continue even if the command
+fails as by default libcurl will stop at first failure.
 
 The set of valid FTP commands depends on the server (see RFC959 for a list of
 mandatory commands).
@@ -1507,7 +1552,7 @@ Pass a pointer to a linked list of FTP commands to pass to the server after
 the transfer type is set. The linked list should be a fully valid list of
 struct curl_slist structs properly filled in as described for
 \fICURLOPT_QUOTE\fP. Disable this operation again by setting a NULL to this
-option. Before version 7.15.6, if you also set \fICURLOPT_NOBODY\fP to 1, this
+option. Before version 7.16.0, if you also set \fICURLOPT_NOBODY\fP to 1, this
 option didn't work.
 .IP CURLOPT_DIRLISTONLY
 A parameter set to 1 tells the library to just list the names of files in a
@@ -1662,7 +1707,7 @@ needed for this method)\fP  (Added in 7.20.0)
 When sent by a client, this method changes the description of the session. For
 example, if a client is using the server to record a meeting, the client can
 use Announce to inform the server of all the meta-information about the
-session.  ANNOUNCE acts like an HTTP PUT or POST just like
+session.  ANNOUNCE acts like a HTTP PUT or POST just like
 \fICURL_RTSPREQ_SET_PARAMETER\fP (Added in 7.20.0)
 .IP CURL_RTSPREQ_SETUP
 Setup is used to initialize the transport layer for the session. The
@@ -1685,7 +1730,7 @@ different connections.  (Added in 7.20.0)
 .IP CURL_RTSPREQ_GET_PARAMETER
 Retrieve a parameter from the server. By default, libcurl will automatically
 include a \fIContent-Type: text/parameters\fP header on all non-empty requests
-unless a custom one is set. GET_PARAMETER acts just like an HTTP PUT or POST
+unless a custom one is set. GET_PARAMETER acts just like a HTTP PUT or POST
 (see \fICURL_RTSPREQ_SET_PARAMETER\fP).
 Applications wishing to send a heartbeat message (e.g. in the presence of a
 server-specified timeout) should send use an empty GET_PARAMETER request.
@@ -1693,9 +1738,9 @@ server-specified timeout) should send use an empty GET_PARAMETER request.
 .IP CURL_RTSPREQ_SET_PARAMETER
 Set a parameter on the server. By default, libcurl will automatically include
 a \fIContent-Type: text/parameters\fP header unless a custom one is set. The
-interaction with SET_PARAMTER is much like an HTTP PUT or POST. An application
-may either use \fICURLOPT_UPLOAD\fP with \fICURLOPT_READDATA\fP like an HTTP
-PUT, or it may use \fICURLOPT_POSTFIELDS\fP like an HTTP POST. No chunked
+interaction with SET_PARAMTER is much like a HTTP PUT or POST. An application
+may either use \fICURLOPT_UPLOAD\fP with \fICURLOPT_READDATA\fP like a HTTP
+PUT, or it may use \fICURLOPT_POSTFIELDS\fP like a HTTP POST. No chunked
 transfers are allowed, so the application must set the
 \fICURLOPT_INFILESIZE\fP in the former and \fICURLOPT_POSTFIELDSIZE\fP in the
 latter. Also, there is no use of multi-part POSTs within RTSP. (Added in
@@ -1757,7 +1802,7 @@ over FTP. This is a known limitation/flaw that nobody has rectified. libcurl
 simply sets the mode to ASCII and performs a standard transfer.
 .IP CURLOPT_PROXY_TRANSFER_MODE
 Pass a long. If the value is set to 1 (one), it tells libcurl to set the
-transfer mode (binary or ASCII) for FTP transfers done via an HTTP proxy, by
+transfer mode (binary or ASCII) for FTP transfers done via a HTTP proxy, by
 appending ;type=a or ;type=i to the URL. Without this setting, or it being set
 to 0 (zero, the default), \fICURLOPT_TRANSFERTEXT\fP has no effect when doing
 FTP via a proxy. Beware that not all proxies support this feature.  (Added in
@@ -1795,7 +1840,7 @@ Pass a curl_off_t as parameter. It contains the offset in number of bytes that
 you want the transfer to start from. (Added in 7.11.0)
 .IP CURLOPT_CUSTOMREQUEST
 Pass a pointer to a zero terminated string as parameter. It will be used
-instead of GET or HEAD when doing an HTTP request, or instead of LIST or NLST
+instead of GET or HEAD when doing a HTTP request, or instead of LIST or NLST
 when doing a FTP directory listing. This is useful for doing DELETE or other
 more or less obscure HTTP requests. Don't do this at will, make sure your
 server supports the command first.
@@ -1842,6 +1887,9 @@ as a long. See also \fICURLOPT_INFILESIZE_LARGE\fP.
 For uploading using SCP, this option or \fICURLOPT_INFILESIZE_LARGE\fP is
 mandatory.
 
+When sending emails using SMTP, this command can be used to specify the
+optional SIZE parameter for the MAIL FROM command. (Added in 7.23.0)
+
 This option does not limit how much data libcurl will actually send, as that
 is controlled entirely by what the read callback returns.
 .IP CURLOPT_INFILESIZE_LARGE
@@ -1971,9 +2019,9 @@ re-use (default behavior).
 .IP CURLOPT_CONNECTTIMEOUT
 Pass a long. It should contain the maximum time in seconds that you allow the
 connection to the server to take.  This only limits the connection phase, once
-it has connected, this option is of no more use. Set to zero to disable
-connection timeout (it will then only timeout on the system's internal
-timeouts). See also the \fICURLOPT_TIMEOUT\fP option.
+it has connected, this option is of no more use. Set to zero to switch to the
+default built-in connection timeout - 300 seconds. See also the
+\fICURLOPT_TIMEOUT\fP option.
 
 In unix-like systems, this might cause signals to be used unless
 \fICURLOPT_NOSIGNAL\fP is set.
@@ -2045,6 +2093,24 @@ resolves, by including a string in the linked list that uses the format
 and port number must exactly match what was already added previously.
 
 (Added in 7.21.3)
+.IP CURLOPT_DNS_SERVERS
+Set the list of DNS servers to be used instead of the system default.
+The format of the dns servers option is:
+
+host[:port][,host[:port]]...
+
+For example:
+
+192.168.1.100,192.168.1.101,3.4.5.6
+
+This option requires that libcurl was built with a resolver backend that
+supports this operation. The c-ares backend is the only such one.
+
+(Added in 7.24.0)
+.IP CURLOPT_ACCEPTTIMEOUT_MS
+Pass a long telling libcurl the maximum number of milliseconds to wait for a
+server to connect back to libcurl when an active FTP connection is used. If no
+timeout is set, the internal default of 60000 will be used. (Added in 7.24.0)
 .SH SSL and SECURITY OPTIONS
 .IP CURLOPT_SSLCERT
 Pass a pointer to a zero terminated string as parameter. The string should be
@@ -2117,7 +2183,7 @@ Pass a long as parameter. By default, curl assumes a value of 1.
 This option determines whether curl verifies the authenticity of the peer's
 certificate. A value of 1 means curl verifies; 0 (zero) means it doesn't.
 
-When negotiating an SSL connection, the server sends a certificate indicating
+When negotiating a SSL connection, the server sends a certificate indicating
 its identity.  Curl verifies whether the certificate is authentic, i.e. that
 you can trust that the server is who the certificate says it is.  This trust
 is based on a chain of digital signatures, rooted in certification authority
@@ -2266,6 +2332,16 @@ this to 1 to enable it. By default all transfers are done using the
 cache. While nothing ever should get hurt by attempting to reuse SSL
 session-IDs, there seem to be broken SSL implementations in the wild that may
 require you to disable this in order for you to succeed. (Added in 7.16.0)
+.IP CURLOPT_SSL_OPTIONS
+Pass a long with a bitmask to tell libcurl about specific SSL behaviors.
+
+CURLSSLOPT_ALLOW_BEAST is the only supported bit and by setting this the user
+will tell libcurl to not attempt to use any work-arounds for a security flaw
+in the SSL3 and TLS1.0 protocols.  If this option isn't used or this bit is
+set to 0, the SSL layer libcurl uses may use a work-around for this flaw
+although it might cause interoperability problems with some (older) SSL
+implementations. WARNING: avoiding this work-around loosens the security, and
+by setting this option to 1 you ask for exactly that. (Added in 7.25.0)
 .IP CURLOPT_KRBLEVEL
 Pass a char * as parameter. Set the kerberos security level for FTP; this also
 enables kerberos awareness.  This is a string, \&'clear', \&'safe',
@@ -2286,8 +2362,8 @@ GSS_C_DELEG_POLICY_FLAG was available at compile-time.
 .IP CURLOPT_SSH_AUTH_TYPES
 Pass a long set to a bitmask consisting of one or more of
 CURLSSH_AUTH_PUBLICKEY, CURLSSH_AUTH_PASSWORD, CURLSSH_AUTH_HOST,
-CURLSSH_AUTH_KEYBOARD. Set CURLSSH_AUTH_ANY to let libcurl pick one.
-(Added in 7.16.1)
+CURLSSH_AUTH_KEYBOARD. Set CURLSSH_AUTH_ANY to let libcurl pick one. Currently
+CURLSSH_AUTH_HOST has no effect. (Added in 7.16.1)
 .IP CURLOPT_SSH_HOST_PUBLIC_KEY_MD5
 Pass a char * pointing to a string containing 32 hexadecimal digits. The
 string should be the 128 bit MD5 checksum of the remote host's public key, and

docs/libcurl/curl_easy_strerror.3

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -23,9 +23,9 @@
 .SH NAME
 curl_easy_strerror - return string describing error code
 .SH SYNOPSIS
-.nf
-.B #include <curl/curl.h>
-.BI "const char *curl_easy_strerror(CURLcode " errornum ");"
+#include <curl/curl.h>
+
+const char *curl_easy_strerror(CURLcode errornum);
 .SH DESCRIPTION
 The curl_easy_strerror() function returns a string describing the CURLcode
 error code passed in the argument \fIerrornum\fP.

docs/libcurl/libcurl-errors.3

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -66,20 +66,21 @@ remote server is probably not an OK FTP server.
 .IP "CURLE_REMOTE_ACCESS_DENIED (9)"
 We were denied access to the resource given in the URL.  For FTP, this occurs
 while trying to change to the remote directory.
+.IP "CURLE_FTP_ACCEPT_FAILED (10)"
+While waiting for the server to connect back when an active FTP session is
+used, an error code was sent over the control connection or similar.
 .IP "CURLE_FTP_WEIRD_PASS_REPLY (11)"
 After having sent the FTP password to the server, libcurl expects a proper
 reply. This error code indicates that an unexpected code was returned.
+.IP "CURLE_FTP_ACCEPT_TIMEOUT (12)"
+During an active FTP session while waiting for the server to connect, the
+\fICURLOPT_ACCEPTTIMOUT_MS\fP (or the internal default) timeout expired.
 .IP "CURLE_FTP_WEIRD_PASV_REPLY (13)"
 libcurl failed to get a sensible result back from the server as a response to
 either a PASV or a EPSV command. The server is flawed.
 .IP "CURLE_FTP_WEIRD_227_FORMAT (14)"
 FTP servers return a 227-line as a response to a PASV command. If libcurl
 fails to parse that line, this return code is passed back.
-.IP "CURLE_FTP_PRET_FAILED (84)"
-The FTP server does not understand the PRET command at all or does not support
-the given argument. Be careful when using \fICURLOPT_CUSTOMREQUEST\fP, a
-custom LIST command will be sent with PRET CMD before PASV as well. (Added in
-7.20.0)
 .IP "CURLE_FTP_CANT_GET_HOST (15)"
 An internal failure to lookup the host used for the new connection.
 .IP "CURLE_FTP_COULDNT_SET_TYPE (17)"
@@ -227,7 +228,10 @@ Failed to load CRL file (Added in 7.19.0)
 .IP "CURLE_SSL_ISSUER_ERROR (83)"
 Issuer check failed (Added in 7.19.0)
 .IP "CURLE_FTP_PRET_FAILED (84)"
-PRET command failed
+The FTP server does not understand the PRET command at all or does not support
+the given argument. Be careful when using \fICURLOPT_CUSTOMREQUEST\fP, a
+custom LIST command will be sent with PRET CMD before PASV as well. (Added in
+7.20.0)
 .IP "CURLE_RTSP_CSEQ_ERROR (85)"
 Mismatch of RTSP CSeq numbers.
 .IP "CURLE_RTSP_SESSION_ERROR (86)"

docs/libcurl/libcurl-multi.3

@@ -144,7 +144,6 @@ the future, you should be aware of the following current restrictions:
 .nf
  - Name resolves unless the c-ares or threaded-resolver backends are used
  - NSS SSL connections
- - Active FTP connections
  - HTTP proxy CONNECT operations
  - SOCKS proxy handshakes
  - file:// transfers

docs/libcurl/libcurl-tutorial.3

@@ -817,10 +817,6 @@ This header is required by HTTP 1.1 and even many 1.0 servers and should be
 the name of the server we want to talk to. This includes the port number if
 anything but default.
 
-.IP "Pragma"
-\&"no-cache". Tells a possible proxy to not grab a copy from the cache but to
-fetch a fresh one.
-
 .IP "Accept"
 \&"*/*".
 
@@ -1303,9 +1299,7 @@ ones at any time), you start the transfers by calling
 
 \fIcurl_multi_perform(3)\fP is asynchronous. It will only execute as little as
 possible and then return back control to your program. It is designed to never
-block. If it returns CURLM_CALL_MULTI_PERFORM you better call it again soon,
-as that is a signal that it still has local data to send or remote data to
-receive.
+block.
 
 The best usage of this interface is when you do a select() on all possible
 file descriptors or sockets to know when to call libcurl again. This also
@@ -1341,9 +1335,21 @@ to figure out success on each individual transfer.
  [ seeding, passwords, keys, certificates, ENGINE, ca certs ]
 
 .SH "Sharing Data Between Easy Handles"
+You can share some data between easy handles when the easy interface is used,
+and some data is share automatically when you use the multi interface.
 
- [ fill in ]
+When you add easy handles to a multi handle, these easy handles will
+automatically share a lot of the data that otherwise would be kept on a
+per-easy handle basis when the easy interface is used.
 
+The DNS cache is shared between handles within a multi handle, making
+subsequent name resolvings faster and the connection pool that is kept to
+better allow persistent connections and connection re-use is shared. If you're
+using the easy interface, you can still share these between specific easy
+handles by using the share interface, see \fIlibcurl-share(3)\fP.
+
+Some things are never shared automatically, not within multi handles, like for
+example cookies so the only way to share that is with the share interface.
 .SH "Footnotes"
 
 .IP "[1]"

docs/libcurl/libcurl.m4

@@ -146,7 +146,7 @@ AC_DEFUN([LIBCURL_CHECK_CONFIG],
            _libcurl_save_libs=$LIBS
            LIBS="$LIBCURL $LIBS"
 
-           AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <curl/curl.h>],[
+           AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <curl/curl.h>]],[[
 /* Try and use a few common options to force a failure if we are
    missing symbols or can't link. */
 int x;
@@ -158,7 +158,7 @@ x=CURLOPT_ERRORBUFFER;
 x=CURLOPT_STDERR;
 x=CURLOPT_VERBOSE;
 if (x) ;
-])],libcurl_cv_lib_curl_usable=yes,libcurl_cv_lib_curl_usable=no)
+]])],libcurl_cv_lib_curl_usable=yes,libcurl_cv_lib_curl_usable=no)
 
            CPPFLAGS=$_libcurl_save_cppflags
            LIBS=$_libcurl_save_libs

docs/libcurl/symbols-in-versions

@@ -45,6 +45,8 @@ CURLE_COULDNT_RESOLVE_PROXY     7.1
 CURLE_FAILED_INIT               7.1
 CURLE_FILESIZE_EXCEEDED         7.10.8
 CURLE_FILE_COULDNT_READ_FILE    7.1
+CURLE_FTP_ACCEPT_FAILED         7.24.0
+CURLE_FTP_ACCEPT_TIMEOUT        7.24.0
 CURLE_FTP_ACCESS_DENIED         7.1
 CURLE_FTP_BAD_DOWNLOAD_RESUME   7.1           7.1
 CURLE_FTP_BAD_FILE_LIST         7.21.0
@@ -286,6 +288,7 @@ CURLOPTTYPE_FUNCTIONPOINT       7.1
 CURLOPTTYPE_LONG                7.1
 CURLOPTTYPE_OBJECTPOINT         7.1
 CURLOPTTYPE_OFF_T               7.11.0
+CURLOPT_ACCEPTTIMEOUT_MS        7.24.0
 CURLOPT_ACCEPT_ENCODING         7.21.6
 CURLOPT_ADDRESS_SCOPE           7.19.0
 CURLOPT_APPEND                  7.17.0
@@ -320,6 +323,7 @@ CURLOPT_DEBUGDATA               7.9.6
 CURLOPT_DEBUGFUNCTION           7.9.6
 CURLOPT_DIRLISTONLY             7.17.0
 CURLOPT_DNS_CACHE_TIMEOUT       7.9.3
+CURLOPT_DNS_SERVERS             7.24.0
 CURLOPT_DNS_USE_GLOBAL_CACHE    7.9.3         7.11.1
 CURLOPT_EGDSOCKET               7.7
 CURLOPT_ENCODING                7.10
@@ -380,6 +384,7 @@ CURLOPT_LOCALPORT               7.15.2
 CURLOPT_LOCALPORTRANGE          7.15.2
 CURLOPT_LOW_SPEED_LIMIT         7.1
 CURLOPT_LOW_SPEED_TIME          7.1
+CURLOPT_MAIL_AUTH               7.25.0
 CURLOPT_MAIL_FROM               7.20.0
 CURLOPT_MAIL_RCPT               7.20.0
 CURLOPT_MAXCONNECTS             7.7
@@ -403,7 +408,7 @@ CURLOPT_OPENSOCKETFUNCTION      7.17.1
 CURLOPT_PASSWDDATA              7.4.2         7.11.1      7.15.5
 CURLOPT_PASSWDFUNCTION          7.4.2         7.11.1      7.15.5
 CURLOPT_PASSWORD                7.19.1
-CURLOPT_PASV_HOST               7.12.1        7.15.6      7.15.5
+CURLOPT_PASV_HOST               7.12.1        7.16.0      7.15.5
 CURLOPT_PORT                    7.1
 CURLOPT_POST                    7.1
 CURLOPT_POST301                 7.17.1        7.19.1
@@ -478,10 +483,14 @@ CURLOPT_SSLVERSION              7.1
 CURLOPT_SSL_CIPHER_LIST         7.9
 CURLOPT_SSL_CTX_DATA            7.10.6
 CURLOPT_SSL_CTX_FUNCTION        7.10.6
+CURLOPT_SSL_OPTIONS             7.25.0
 CURLOPT_SSL_SESSIONID_CACHE     7.16.0
 CURLOPT_SSL_VERIFYHOST          7.8.1
 CURLOPT_SSL_VERIFYPEER          7.4.2
 CURLOPT_STDERR                  7.1
+CURLOPT_TCP_KEEPALIVE           7.25.0
+CURLOPT_TCP_KEEPIDLE            7.25.0
+CURLOPT_TCP_KEEPINTVL           7.25.0
 CURLOPT_TCP_NODELAY             7.11.2
 CURLOPT_TELNETOPTIONS           7.7
 CURLOPT_TFTP_BLKSIZE            7.19.4
@@ -558,7 +567,7 @@ CURLSHOPT_SHARE                 7.10.3
 CURLSHOPT_UNLOCKFUNC            7.10.3
 CURLSHOPT_UNSHARE               7.10.3
 CURLSHOPT_USERDATA              7.10.3
-CURLSOCKTYPE_IPCXN              7.15.6
+CURLSOCKTYPE_IPCXN              7.16.0
 CURLSSH_AUTH_ANY                7.16.1
 CURLSSH_AUTH_DEFAULT            7.16.1
 CURLSSH_AUTH_HOST               7.16.1
@@ -566,6 +575,7 @@ CURLSSH_AUTH_KEYBOARD           7.16.1
 CURLSSH_AUTH_NONE               7.16.1
 CURLSSH_AUTH_PASSWORD           7.16.1
 CURLSSH_AUTH_PUBLICKEY          7.16.1
+CURLSSLOPT_ALLOW_BEAST          7.25.0
 CURLUSESSL_ALL                  7.17.0
 CURLUSESSL_CONTROL              7.17.0
 CURLUSESSL_NONE                 7.17.0

docs/libcurl/symbols.pl

@@ -0,0 +1,100 @@
+#!/usr/bin/perl
+#***************************************************************************
+#                                  _   _ ____  _
+#  Project                     ___| | | |  _ \| |
+#                             / __| | | | |_) | |
+#                            | (__| |_| |  _ <| |___
+#                             \___|\___/|_| \_\_____|
+#
+# Copyright (C) 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+#
+# This software is licensed as described in the file COPYING, which
+# you should have received as part of this distribution. The terms
+# are also available at http://curl.haxx.se/docs/copyright.html.
+#
+# You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# copies of the Software, and permit persons to whom the Software is
+# furnished to do so, under the terms of the COPYING file.
+#
+# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# KIND, either express or implied.
+#
+###########################################################################
+#
+# Experience has shown that the symbols-in-versions file is very useful to
+# applications that want to build with a wide range of libcurl versions.
+# It is however easy to get it wrong and the source gets a bit messy with all
+# the fixed numerical comparisions.
+#
+# The point of this script is to provide an easy-to-use macro for libcurl-
+# using applications to do preprocessor checks for specific libcurl defines,
+# and yet make the code clearly show what the macro is used for.
+#
+# Run this script and generate libcurl-symbols.h and then use that header in
+# a fashion similar to:
+#
+# #include "libcurl-symbols.h"
+#
+# #if LIBCURL_HAS(CURLOPT_MUTE)
+#   has mute
+# #else
+#   no mute
+# #endif
+#
+#
+open F, "<symbols-in-versions";
+
+sub str2num {
+    my ($str)=@_;
+    if($str =~ /([0-9]*)\.([0-9]*)\.*([0-9]*)/) {
+        return sprintf("0x%06x", $1<<16 | $2 << 8 | $3);
+    }
+}
+
+print <<EOS
+
+#include <curl/curl.h>
+
+#define LIBCURL_HAS(x) \\
+  (defined(x ## _FIRST) && (x ## _FIRST <= LIBCURL_VERSION_NUM) && \\
+   (!defined(x ## _LAST) || ( x ## _LAST >= LIBCURL_VERSION_NUM)))
+
+EOS
+    ;
+
+while(<F>) {
+    if(/^(CURL[^ ]*)[ \t]*(.*)/) {
+        my ($sym, $vers)=($1, $2);
+
+        my $intr;
+        my $rm;
+        my $dep;
+
+        # is there removed info?
+        if($vers =~ /([\d.]+)[ \t-]+([\d.]+)[ \t]+([\d.]+)/) {
+            ($intr, $dep, $rm)=($1, $2, $3);
+        }
+        # is it a dep-only line?
+        elsif($vers =~ /([\d.]+)[ \t-]+([\d.]+)/) {
+            ($intr, $dep)=($1, $2);
+        }
+        else {
+            $intr = $vers;
+        }
+
+        my $inum = str2num($intr);
+
+        print <<EOS
+#define ${sym}_FIRST $inum /* Added in $intr */
+EOS
+;
+        my $irm = str2num($rm);
+        if($rm) {
+        print <<EOS
+#define ${sym}_LAST $irm /* Last featured in $rm */
+EOS
+;
+        }
+
+    }
+}

include/curl/curl.h

@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -69,7 +69,7 @@
    require it! */
 #if defined(_AIX) || defined(__NOVELL_LIBC__) || defined(__NetBSD__) || \
     defined(__minix) || defined(__SYMBIAN32__) || defined(__INTEGRITY) || \
-    defined(ANDROID) || \
+    defined(ANDROID) || defined(__ANDROID__) || \
    (defined(__FreeBSD_version) && (__FreeBSD_version < 800000))
 #include <sys/select.h>
 #endif
@@ -411,9 +411,12 @@ typedef enum {
   CURLE_REMOTE_ACCESS_DENIED,    /* 9 a service was denied by the server
                                     due to lack of access - when login fails
                                     this is not returned. */
-  CURLE_OBSOLETE10,              /* 10 - NOT USED */
+  CURLE_FTP_ACCEPT_FAILED,       /* 10 - [was obsoleted in April 2006 for
+                                    7.15.4, reused in Dec 2011 for 7.24.0]*/
   CURLE_FTP_WEIRD_PASS_REPLY,    /* 11 */
-  CURLE_OBSOLETE12,              /* 12 - NOT USED */
+  CURLE_FTP_ACCEPT_TIMEOUT,      /* 12 - timeout occurred accepting server
+                                    [was obsoleted in August 2007 for 7.17.0,
+                                    reused in Dec 2011 for 7.24.0]*/
   CURLE_FTP_WEIRD_PASV_REPLY,    /* 13 */
   CURLE_FTP_WEIRD_227_FORMAT,    /* 14 */
   CURLE_FTP_CANT_GET_HOST,       /* 15 */
@@ -511,13 +514,16 @@ typedef enum {
   CURLE_RTSP_SESSION_ERROR,      /* 86 - mismatch of RTSP Session Ids */
   CURLE_FTP_BAD_FILE_LIST,       /* 87 - unable to parse FTP file list */
   CURLE_CHUNK_FAILED,            /* 88 - chunk callback reported error */
-
   CURL_LAST /* never use! */
 } CURLcode;
 
 #ifndef CURL_NO_OLDIES /* define this to test if your app builds with all
                           the obsolete stuff removed! */
 
+/* Previously obsoletes error codes re-used in 7.24.0 */
+#define CURLE_OBSOLETE10 CURLE_FTP_ACCEPT_FAILED
+#define CURLE_OBSOLETE12 CURLE_FTP_ACCEPT_TIMEOUT
+
 /*  compatibility with older names */
 #define CURLOPT_ENCODING CURLOPT_ACCEPT_ENCODING
 
@@ -667,6 +673,15 @@ typedef enum {
   CURLUSESSL_LAST     /* not an option, never use */
 } curl_usessl;
 
+/* Definition of bits for the CURLOPT_SSL_OPTIONS argument: */
+
+/* - ALLOW_BEAST tells libcurl to allow the BEAST SSL vulnerability in the
+   name of improving interoperability with older servers. Some SSL libraries
+   have introduced work-arounds for this flaw but those work-arounds sometimes
+   make the SSL communication fail. To regain functionality with those broken
+   servers, a user can this way allow the vulnerability back. */
+#define CURLSSLOPT_ALLOW_BEAST (1<<0)
+
 #ifndef CURL_NO_OLDIES /* define this to test if your app builds with all
                           the obsolete stuff removed! */
 
@@ -1486,6 +1501,26 @@ typedef enum {
   /* allow GSSAPI credential delegation */
   CINIT(GSSAPI_DELEGATION, LONG, 210),
 
+  /* Set the name servers to use for DNS resolution */
+  CINIT(DNS_SERVERS, OBJECTPOINT, 211),
+
+  /* Time-out accept operations (currently for FTP only) after this amount
+     of miliseconds. */
+  CINIT(ACCEPTTIMEOUT_MS, LONG, 212),
+
+  /* Set TCP keepalive */
+  CINIT(TCP_KEEPALIVE, LONG, 213),
+
+  /* non-universal keepalive knobs (Linux, AIX, HP-UX, more) */
+  CINIT(TCP_KEEPIDLE, LONG, 214),
+  CINIT(TCP_KEEPINTVL, LONG, 215),
+
+  /* Enable/disable specific SSL features with a bitmask, see CURLSSLOPT_* */
+  CINIT(SSL_OPTIONS, LONG, 216),
+
+  /* set the SMTP auth originator */
+  CINIT(MAIL_AUTH, OBJECTPOINT, 217),
+
   CURLOPT_LASTENTRY /* the last unused */
 } CURLoption;
 

include/curl/curlver.h

@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -26,16 +26,16 @@
    a script at release-time. This was made its own header file in 7.11.2 */
 
 /* This is the global package copyright */
-#define LIBCURL_COPYRIGHT "1996 - 2011 Daniel Stenberg, <daniel@haxx.se>."
+#define LIBCURL_COPYRIGHT "1996 - 2012 Daniel Stenberg, <daniel@haxx.se>."
 
 /* This is the version number of the libcurl package from which this header
    file origins: */
-#define LIBCURL_VERSION "7.24.0-DEV"
+#define LIBCURL_VERSION "7.25.0-DEV"
 
 /* The numeric version number is also available "in parts" by using these
    defines: */
 #define LIBCURL_VERSION_MAJOR 7
-#define LIBCURL_VERSION_MINOR 24
+#define LIBCURL_VERSION_MINOR 25
 #define LIBCURL_VERSION_PATCH 0
 
 /* This is the numeric version of the libcurl version number, meant for easier
@@ -53,7 +53,7 @@
    and it is always a greater number in a more recent release. It makes
    comparisons with greater than and less than work.
 */
-#define LIBCURL_VERSION_NUM 0x071800
+#define LIBCURL_VERSION_NUM 0x071900
 
 /*
  * This is the date and time when the full source package was created. The

lib/.gitignore

@@ -10,3 +10,4 @@ libcurl.plist.dist
 libcurl.vcproj
 vc6libcurl.dsp
 Makefile.vc10.dist
+libcurl.vers

lib/Makefile.am

@@ -116,7 +116,11 @@ if MIMPURE
 MIMPURE = -mimpure-text
 endif
 
-libcurl_la_LDFLAGS = $(UNDEF) $(VERSIONINFO) $(MIMPURE) $(LIBCURL_LIBS)
+if VERSIONED_SYMBOLS
+VERSIONED_SYMBOLS = -Wl,--version-script=libcurl.vers
+endif
+
+libcurl_la_LDFLAGS = $(UNDEF) $(VERSIONINFO) $(MIMPURE) $(VERSIONED_SYMBOLS) $(LIBCURL_LIBS)
 
 # unit testing static library built only along with unit tests
 if BUILD_UNITTESTS

lib/Makefile.m32

@@ -41,7 +41,7 @@ endif
 ifndef LIBIDN_PATH
 LIBIDN_PATH = ../../libidn-1.18
 endif
-# Edit the path below to point to the base of your MS idndlpackage. 
+# Edit the path below to point to the base of your MS IDN package.
 # Microsoft Internationalized Domain Names (IDN) Mitigation APIs 1.1
 # http://www.microsoft.com/downloads/en/details.aspx?FamilyID=ad6158d7-ddba-416a-9109-07607425a815
 ifndef WINIDN_PATH

lib/arpa_telnet.h

@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -26,9 +26,11 @@
  * Telnet option defines. Add more here if in need.
  */
 #define CURL_TELOPT_BINARY   0  /* binary 8bit data */
+#define CURL_TELOPT_ECHO     1  /* just echo! */
 #define CURL_TELOPT_SGA      3  /* Suppress Go Ahead */
 #define CURL_TELOPT_EXOPL  255  /* EXtended OPtions List */
 #define CURL_TELOPT_TTYPE   24  /* Terminal TYPE */
+#define CURL_TELOPT_NAWS    31  /* Negotiate About Window Size */
 #define CURL_TELOPT_XDISPLOC 35 /* X DISPlay LOCation */
 
 #define CURL_TELOPT_NEW_ENVIRON 39  /* NEW ENVIRONment variables */

lib/asyn-ares.c

@@ -227,18 +227,19 @@ int Curl_resolver_getsock(struct connectdata *conn,
   struct timeval maxtime;
   struct timeval timebuf;
   struct timeval *timeout;
+  long milli;
   int max = ares_getsock((ares_channel)conn->data->state.resolver,
                          (ares_socket_t *)socks, numsocks);
 
-
   maxtime.tv_sec = CURL_TIMEOUT_RESOLVE;
   maxtime.tv_usec = 0;
 
   timeout = ares_timeout((ares_channel)conn->data->state.resolver, &maxtime,
                          &timebuf);
-
-  Curl_expire(conn->data,
-              (timeout->tv_sec * 1000) + (timeout->tv_usec/1000));
+  milli = (timeout->tv_sec * 1000) + (timeout->tv_usec/1000);
+  if(milli == 0)
+    milli += 10;
+  Curl_expire(conn->data, milli);
 
   return max;
 }
@@ -330,9 +331,12 @@ CURLcode Curl_resolver_is_resolved(struct connectdata *conn,
     res->temp_ai = NULL;
     destroy_async_data(&conn->async);
     if(!conn->async.dns) {
-      failf(data, "Could not resolve host: %s (%s)", conn->host.dispname,
+      failf(data, "Could not resolve %s: %s (%s)",
+            conn->bits.proxy?"proxy":"host",
+            conn->host.dispname,
             ares_strerror(conn->async.status));
-      return CURLE_COULDNT_RESOLVE_HOST;
+      return conn->bits.proxy?CURLE_COULDNT_RESOLVE_PROXY:
+        CURLE_COULDNT_RESOLVE_HOST;
     }
     *dns = conn->async.dns;
   }
@@ -418,7 +422,7 @@ CURLcode Curl_resolver_wait_resolv(struct connectdata *conn,
   if(!conn->async.dns) {
     /* a name was not resolved */
     if((timeout < 0) || (conn->async.status == ARES_ETIMEOUT)) {
-      if(conn->bits.httpproxy) {
+      if(conn->bits.proxy) {
         failf(data, "Resolving proxy timed out: %s", conn->proxy.dispname);
         rc = CURLE_COULDNT_RESOLVE_PROXY;
       }
@@ -428,7 +432,7 @@ CURLcode Curl_resolver_wait_resolv(struct connectdata *conn,
       }
     }
     else if(conn->async.done) {
-      if(conn->bits.httpproxy) {
+      if(conn->bits.proxy) {
         failf(data, "Could not resolve proxy: %s (%s)", conn->proxy.dispname,
               ares_strerror(conn->async.status));
         rc = CURLE_COULDNT_RESOLVE_PROXY;
@@ -578,13 +582,22 @@ Curl_addrinfo *Curl_resolver_getaddrinfo(struct connectdata *conn,
     res->last_status = ARES_ENOTFOUND;
 #ifdef ENABLE_IPV6 /* CURLRES_IPV6 */
     if(family == PF_UNSPEC) {
-      res->num_pending = 2;
+      if(Curl_ipv6works()) {
+        res->num_pending = 2;
 
-      /* areschannel is already setup in the Curl_open() function */
-      ares_gethostbyname((ares_channel)data->state.resolver, hostname,
-                         PF_INET, query_completed_cb, conn);
-      ares_gethostbyname((ares_channel)data->state.resolver, hostname,
-                         PF_INET6, query_completed_cb, conn);
+        /* areschannel is already setup in the Curl_open() function */
+        ares_gethostbyname((ares_channel)data->state.resolver, hostname,
+                            PF_INET, query_completed_cb, conn);
+        ares_gethostbyname((ares_channel)data->state.resolver, hostname,
+                            PF_INET6, query_completed_cb, conn);
+      }
+      else {
+        res->num_pending = 1;
+
+        /* areschannel is already setup in the Curl_open() function */
+        ares_gethostbyname((ares_channel)data->state.resolver, hostname,
+                            PF_INET, query_completed_cb, conn);
+      }
     }
     else
 #endif /* CURLRES_IPV6 */
@@ -600,4 +613,31 @@ Curl_addrinfo *Curl_resolver_getaddrinfo(struct connectdata *conn,
   }
   return NULL; /* no struct yet */
 }
+
+CURLcode Curl_set_dns_servers(struct SessionHandle *data,
+                              char *servers)
+{
+  CURLcode result = CURLE_NOT_BUILT_IN;
+#if (ARES_VERSION >= 0x010704)
+  int ares_result = ares_set_servers_csv(data->state.resolver, servers);
+  switch(ares_result) {
+  case ARES_SUCCESS:
+    result = CURLE_OK;
+    break;
+  case ARES_ENOMEM:
+    result = CURLE_OUT_OF_MEMORY;
+    break;
+  case ARES_ENOTINITIALIZED:
+  case ARES_ENODATA:
+  case ARES_EBADSTR:
+  default:
+    result = CURLE_BAD_FUNCTION_ARGUMENT;
+    break;
+  }
+#else /* too old c-ares version! */
+  (void)data;
+  (void)servers;
+#endif
+  return result;
+}
 #endif /* CURLRES_ARES */

lib/asyn-thread.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -175,7 +175,6 @@ struct thread_sync_data {
 
 struct thread_data {
   curl_thread_t thread_hnd;
-  curl_socket_t dummy_sock;
   unsigned int poll_interval;
   int interval_end;
   struct thread_sync_data tsd;
@@ -329,9 +328,6 @@ static void destroy_async_data (struct Curl_async *async)
   if(async->os_specific) {
     struct thread_data *td = (struct thread_data*) async->os_specific;
 
-    if(td->dummy_sock != CURL_SOCKET_BAD)
-      sclose(td->dummy_sock);
-
     if(td->thread_hnd != curl_thread_t_null)
       Curl_thread_join(&td->thread_hnd);
 
@@ -364,7 +360,6 @@ static bool init_resolve_thread (struct connectdata *conn,
   conn->async.done = FALSE;
   conn->async.status = 0;
   conn->async.dns = NULL;
-  td->dummy_sock = CURL_SOCKET_BAD;
   td->thread_hnd = curl_thread_t_null;
 
   if(!init_thread_sync_data(&td->tsd, hostname, port, hints))
@@ -375,16 +370,6 @@ static bool init_resolve_thread (struct connectdata *conn,
   if(!conn->async.hostname)
     goto err_exit;
 
-#ifdef WIN32
-  /* This socket is only to keep Curl_resolver_fdset() and select() happy;
-   * should never become signalled for read since it's unbound but
-   * Windows needs at least 1 socket in select().
-   */
-  td->dummy_sock = socket(AF_INET, SOCK_DGRAM, 0);
-  if(td->dummy_sock == CURL_SOCKET_BAD)
-    goto err_exit;
-#endif
-
 #ifdef HAVE_GETADDRINFO
   td->thread_hnd = Curl_thread_create(getaddrinfo_thread, &td->tsd);
 #else
@@ -574,17 +559,9 @@ int Curl_resolver_getsock(struct connectdata *conn,
                           curl_socket_t *socks,
                           int numsocks)
 {
-  const struct thread_data *td =
-    (const struct thread_data *) conn->async.os_specific;
-
-  if(td && td->dummy_sock != CURL_SOCKET_BAD) {
-    if(numsocks) {
-      /* return one socket waiting for readable, even though this is just
-         a dummy */
-      socks[0] = td->dummy_sock;
-      return GETSOCK_READSOCK(0);
-    }
-  }
+  (void)conn;
+  (void)socks;
+  (void)numsocks;
   return 0;
 }
 
@@ -696,4 +673,13 @@ Curl_addrinfo *Curl_resolver_getaddrinfo(struct connectdata *conn,
 
 #endif /* !HAVE_GETADDRINFO */
 
+CURLcode Curl_set_dns_servers(struct SessionHandle *data,
+                              char *servers)
+{
+  (void)data;
+  (void)servers;
+  return CURLE_NOT_BUILT_IN;
+
+}
+
 #endif /* CURLRES_THREADED */

lib/base64.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -58,11 +58,11 @@ static void decodeQuantum(unsigned char *dest, const char *src)
       x = (x << 6);
   }
 
-  dest[2] = curlx_ultouc(x);
+  dest[2] = curlx_ultouc(x & 0xFFUL);
   x >>= 8;
-  dest[1] = curlx_ultouc(x);
+  dest[1] = curlx_ultouc(x & 0xFFUL);
   x >>= 8;
-  dest[0] = curlx_ultouc(x);
+  dest[0] = curlx_ultouc(x & 0xFFUL);
 }
 
 /*

lib/connect.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -89,20 +89,37 @@
 #undef SO_NOSIGPIPE
 #endif
 
-struct Curl_sockaddr_ex {
-  int family;
-  int socktype;
-  int protocol;
-  unsigned int addrlen;
-  union {
-    struct sockaddr addr;
-    struct Curl_sockaddr_storage buff;
-  } _sa_ex_u;
-};
-#define sa_addr _sa_ex_u.addr
-
 static bool verifyconnect(curl_socket_t sockfd, int *error);
 
+static void
+tcpkeepalive(struct SessionHandle *data,
+             curl_socket_t sockfd)
+{
+  int optval = data->set.tcp_keepalive?1:0;
+
+  /* only set IDLE and INTVL if setting KEEPALIVE is successful */
+  if(setsockopt(sockfd, SOL_SOCKET, SO_KEEPALIVE,
+        (void *)&optval, sizeof(optval)) < 0) {
+    infof(data, "Failed to set SO_KEEPALIVE on fd %d\n", sockfd);
+  }
+  else {
+#ifdef TCP_KEEPIDLE
+    optval = curlx_sltosi(data->set.tcp_keepidle);
+    if(setsockopt(sockfd, IPPROTO_TCP, TCP_KEEPIDLE,
+          (void *)&optval, sizeof(optval)) < 0) {
+      infof(data, "Failed to set TCP_KEEPIDLE on fd %d\n", sockfd);
+    }
+#endif
+#ifdef TCP_KEEPINTVL
+    optval = curlx_sltosi(data->set.tcp_keepintvl);
+    if(setsockopt(sockfd, IPPROTO_TCP, TCP_KEEPINTVL,
+          (void *)&optval, sizeof(optval)) < 0) {
+      infof(data, "Failed to set TCP_KEEPINTVL on fd %d\n", sockfd);
+    }
+#endif
+  }
+}
+
 static CURLcode
 singleipconnect(struct connectdata *conn,
                 const Curl_addrinfo *ai, /* start connecting to this */
@@ -252,6 +269,10 @@ static CURLcode bindlocal(struct connectdata *conn,
   int error;
   char myhost[256] = "";
   int done = 0; /* -1 for error, 1 for address found */
+  bool is_interface = FALSE;
+  bool is_host = FALSE;
+  static const char *if_prefix = "if!";
+  static const char *host_prefix = "host!";
 
   /*************************************************************
    * Select device to bind socket to
@@ -263,9 +284,20 @@ static CURLcode bindlocal(struct connectdata *conn,
   memset(&sa, 0, sizeof(struct Curl_sockaddr_storage));
 
   if(dev && (strlen(dev)<255) ) {
+    if(strncmp(if_prefix, dev, strlen(if_prefix)) == 0) {
+      dev += strlen(if_prefix);
+      is_interface = TRUE;
+    }
+    else if(strncmp(host_prefix, dev, strlen(host_prefix)) == 0) {
+      dev += strlen(host_prefix);
+      is_host = TRUE;
+    }
 
     /* interface */
-    if(Curl_if2ip(af, dev, myhost, sizeof(myhost))) {
+    if(!is_host && (is_interface || Curl_if_is_interface_name(dev))) {
+      if(Curl_if2ip(af, dev, myhost, sizeof(myhost)) == NULL)
+        return CURLE_INTERFACE_FAILED;
+
       /*
        * We now have the numerical IP address in the 'myhost' buffer
        */
@@ -729,6 +761,8 @@ CURLcode Curl_is_connected(struct connectdata *conn,
   }
   next:
 
+  conn->timeoutms_per_addr = conn->ip_addr->ai_next == NULL ?
+                             allow : allow / 2;
   code = trynextip(conn, sockindex, connected);
 
   if(code) {
@@ -841,56 +875,13 @@ singleipconnect(struct connectdata *conn,
   struct SessionHandle *data = conn->data;
   curl_socket_t sockfd;
   CURLcode res = CURLE_OK;
-#if defined(ENABLE_IPV6) && defined(HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID)
-  struct sockaddr_in6 * const sa6 = (void *)&addr.sa_addr;
-#endif
 
   *sockp = CURL_SOCKET_BAD;
-
-  /*
-   * The Curl_sockaddr_ex structure is basically libcurl's external API
-   * curl_sockaddr structure with enough space available to directly hold
-   * any protocol-specific address structures. The variable declared here
-   * will be used to pass / receive data to/from the fopensocket callback
-   * if this has been set, before that, it is initialized from parameters.
-   */
-
-  addr.family = ai->ai_family;
-  addr.socktype = conn->socktype;
-  addr.protocol = conn->socktype==SOCK_DGRAM?IPPROTO_UDP:ai->ai_protocol;
-  addr.addrlen = ai->ai_addrlen;
-
-  if(addr.addrlen > sizeof(struct Curl_sockaddr_storage))
-     addr.addrlen = sizeof(struct Curl_sockaddr_storage);
-  memcpy(&addr.sa_addr, ai->ai_addr, addr.addrlen);
-
   *connected = FALSE; /* default is not connected */
 
-  if(data->set.fopensocket)
-   /*
-    * If the opensocket callback is set, all the destination address
-    * information is passed to the callback. Depending on this information the
-    * callback may opt to abort the connection, this is indicated returning
-    * CURL_SOCKET_BAD; otherwise it will return a not-connected socket. When
-    * the callback returns a valid socket the destination address information
-    * might have been changed and this 'new' address will actually be used
-    * here to connect.
-    */
-    sockfd = data->set.fopensocket(data->set.opensocket_client,
-                                   CURLSOCKTYPE_IPCXN,
-                                   (struct curl_sockaddr *)&addr);
-  else
-    /* opensocket callback not set, so simply create the socket now */
-    sockfd = socket(addr.family, addr.socktype, addr.protocol);
-
-  if(sockfd == CURL_SOCKET_BAD)
-    /* no socket, no connection */
-    return CURLE_OK;
-
-#if defined(ENABLE_IPV6) && defined(HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID)
-  if(conn->scope && (addr.family == AF_INET6))
-    sa6->sin6_scope_id = conn->scope;
-#endif
+  res = Curl_socket(conn, ai, &addr, &sockfd);
+  if(res)
+    return res;
 
   /* store remote address and port used in this connection attempt */
   if(!getaddressinfo((struct sockaddr*)&addr.sa_addr,
@@ -903,7 +894,7 @@ singleipconnect(struct connectdata *conn,
     return CURLE_OK;
   }
   memcpy(conn->ip_addr_str, conn->primary_ip, MAX_IPADR_LEN);
-  infof(data, "  Trying %s... ", conn->ip_addr_str);
+  infof(data, "  Trying %s...\n", conn->ip_addr_str);
 
   Curl_persistconninfo(conn);
 
@@ -914,6 +905,9 @@ singleipconnect(struct connectdata *conn,
 
   Curl_sndbufset(sockfd);
 
+  if(data->set.tcp_keepalive)
+    tcpkeepalive(data, sockfd);
+
   if(data->set.fsockopt) {
     /* activate callback for setting socket options */
     error = data->set.fsockopt(data->set.sockopt_client,
@@ -1029,7 +1023,6 @@ CURLcode Curl_connecthost(struct connectdata *conn,  /* context */
 {
   struct SessionHandle *data = conn->data;
   curl_socket_t sockfd = CURL_SOCKET_BAD;
-  int aliasindex;
   Curl_addrinfo *ai;
   Curl_addrinfo *curr_addr;
 
@@ -1053,9 +1046,7 @@ CURLcode Curl_connecthost(struct connectdata *conn,  /* context */
     return CURLE_OPERATION_TIMEDOUT;
   }
 
-  /* Max time for each address */
   conn->num_addr = Curl_num_addresses(remotehost->addr);
-  conn->timeoutms_per_addr = timeout_ms / conn->num_addr;
 
   ai = remotehost->addr;
 
@@ -1066,16 +1057,18 @@ CURLcode Curl_connecthost(struct connectdata *conn,  /* context */
   /*
    * Connecting with a Curl_addrinfo chain
    */
-  for(curr_addr = ai, aliasindex=0; curr_addr;
-      curr_addr = curr_addr->ai_next, aliasindex++) {
+  for(curr_addr = ai; curr_addr; curr_addr = curr_addr->ai_next) {
+    CURLcode res;
+
+    /* Max time for the next address */
+    conn->timeoutms_per_addr = curr_addr->ai_next == NULL ?
+                               timeout_ms : timeout_ms / 2;
 
     /* start connecting to the IP curr_addr points to */
-    CURLcode res =
-      singleipconnect(conn, curr_addr,
-                      /* don't hang when doing multi */
-                      (data->state.used_interface == Curl_if_multi)?0:
-                      conn->timeoutms_per_addr, &sockfd, connected);
-
+    res = singleipconnect(conn, curr_addr,
+                          /* don't hang when doing multi */
+                          (data->state.used_interface == Curl_if_multi)?0:
+                          conn->timeoutms_per_addr, &sockfd, connected);
     if(res)
       return res;
 
@@ -1165,8 +1158,85 @@ curl_socket_t Curl_getconnectinfo(struct SessionHandle *data,
 int Curl_closesocket(struct connectdata *conn,
                      curl_socket_t sock)
 {
-  if(conn && conn->fclosesocket)
-    return conn->fclosesocket(conn->closesocket_client, sock);
-  else
-    return sclose(sock);
+  if(conn && conn->fclosesocket) {
+    if((sock == conn->sock[SECONDARYSOCKET]) &&
+       conn->sock_accepted[SECONDARYSOCKET])
+      /* if this socket matches the second socket, and that was created with
+         accept, then we MUST NOT call the callback but clear the accepted
+         status */
+      conn->sock_accepted[SECONDARYSOCKET] = FALSE;
+    else
+      return conn->fclosesocket(conn->closesocket_client, sock);
+  }
+  return sclose(sock);
+}
+
+/*
+ * Create a socket based on info from 'conn' and 'ai'.
+ *
+ * 'addr' should be a pointer to the correct struct to get data back, or NULL.
+ * 'sockfd' must be a pointer to a socket descriptor.
+ *
+ * If the open socket callback is set, used that!
+ *
+ */
+CURLcode Curl_socket(struct connectdata *conn,
+                     const Curl_addrinfo *ai,
+                     struct Curl_sockaddr_ex *addr,
+                     curl_socket_t *sockfd)
+{
+  struct SessionHandle *data = conn->data;
+  struct Curl_sockaddr_ex dummy;
+
+  if(!addr)
+    /* if the caller doesn't want info back, use a local temp copy */
+    addr = &dummy;
+
+  /*
+   * The Curl_sockaddr_ex structure is basically libcurl's external API
+   * curl_sockaddr structure with enough space available to directly hold
+   * any protocol-specific address structures. The variable declared here
+   * will be used to pass / receive data to/from the fopensocket callback
+   * if this has been set, before that, it is initialized from parameters.
+   */
+
+  addr->family = ai->ai_family;
+  addr->socktype = conn->socktype;
+  addr->protocol = conn->socktype==SOCK_DGRAM?IPPROTO_UDP:ai->ai_protocol;
+  addr->addrlen = ai->ai_addrlen;
+
+  if(addr->addrlen > sizeof(struct Curl_sockaddr_storage))
+     addr->addrlen = sizeof(struct Curl_sockaddr_storage);
+  memcpy(&addr->sa_addr, ai->ai_addr, addr->addrlen);
+
+  if(data->set.fopensocket)
+   /*
+    * If the opensocket callback is set, all the destination address
+    * information is passed to the callback. Depending on this information the
+    * callback may opt to abort the connection, this is indicated returning
+    * CURL_SOCKET_BAD; otherwise it will return a not-connected socket. When
+    * the callback returns a valid socket the destination address information
+    * might have been changed and this 'new' address will actually be used
+    * here to connect.
+    */
+    *sockfd = data->set.fopensocket(data->set.opensocket_client,
+                                    CURLSOCKTYPE_IPCXN,
+                                    (struct curl_sockaddr *)addr);
+  else
+    /* opensocket callback not set, so simply create the socket now */
+    *sockfd = socket(addr->family, addr->socktype, addr->protocol);
+
+  if(*sockfd == CURL_SOCKET_BAD)
+    /* no socket, no connection */
+    return CURLE_FAILED_INIT;
+
+#if defined(ENABLE_IPV6) && defined(HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID)
+  if(conn->scope && (addr->family == AF_INET6)) {
+    struct sockaddr_in6 * const sa6 = (void *)&addr->sa_addr;
+    sa6->sin6_scope_id = conn->scope;
+  }
+#endif
+
+  return CURLE_OK;
+
 }

lib/connect.h

@@ -24,6 +24,7 @@
 #include "setup.h"
 
 #include "nonblock.h" /* for curlx_nonblock(), formerly Curl_nonblock() */
+#include "sockaddr.h"
 
 CURLcode Curl_is_connected(struct connectdata *conn,
                            int sockindex,
@@ -72,4 +73,35 @@ void Curl_updateconninfo(struct connectdata *conn, curl_socket_t sockfd);
 void Curl_persistconninfo(struct connectdata *conn);
 int Curl_closesocket(struct connectdata *conn, curl_socket_t sock);
 
+/*
+ * The Curl_sockaddr_ex structure is basically libcurl's external API
+ * curl_sockaddr structure with enough space available to directly hold any
+ * protocol-specific address structures. The variable declared here will be
+ * used to pass / receive data to/from the fopensocket callback if this has
+ * been set, before that, it is initialized from parameters.
+ */
+struct Curl_sockaddr_ex {
+  int family;
+  int socktype;
+  int protocol;
+  unsigned int addrlen;
+  union {
+    struct sockaddr addr;
+    struct Curl_sockaddr_storage buff;
+  } _sa_ex_u;
+};
+#define sa_addr _sa_ex_u.addr
+
+/*
+ * Create a socket based on info from 'conn' and 'ai'.
+ *
+ * Fill in 'addr' and 'sockfd' accordingly if OK is returned. If the open
+ * socket callback is set, used that!
+ *
+ */
+CURLcode Curl_socket(struct connectdata *conn,
+                     const Curl_addrinfo *ai,
+                     struct Curl_sockaddr_ex *addr,
+                     curl_socket_t *sockfd);
+
 #endif /* HEADER_CURL_CONNECT_H */

lib/curl_ntlm_core.c

@@ -63,6 +63,11 @@
 #    define DESKEY(x) &x
 #  endif
 
+#elif defined(USE_GNUTLS_NETTLE)
+
+#  include <nettle/des.h>
+#  include <nettle/md4.h>
+
 #elif defined(USE_GNUTLS)
 
 #  include <gcrypt.h>
@@ -133,7 +138,17 @@ static void extend_key_56_to_64(const unsigned char *key_56, char *key)
   key[7] = (unsigned char) ((key_56[6] << 1) & 0xFF);
 }
 
-#if defined(USE_GNUTLS)
+#if defined(USE_GNUTLS_NETTLE)
+
+static void setup_des_key(const unsigned char *key_56,
+                          struct des_ctx *des)
+{
+  char key[8];
+  extend_key_56_to_64(key_56, key);
+  des_set_key(des, key);
+}
+
+#elif defined(USE_GNUTLS)
 
 /*
  * Turns a 56 bit key into the 64 bit, odd parity key and sets the key.
@@ -233,6 +248,14 @@ void Curl_ntlm_core_lm_resp(const unsigned char *keys,
   setup_des_key(keys + 14, DESKEY(ks));
   DES_ecb_encrypt((DES_cblock*) plaintext, (DES_cblock*) (results + 16),
                   DESKEY(ks), DES_ENCRYPT);
+#elif defined(USE_GNUTLS_NETTLE)
+  struct des_ctx des;
+  setup_des_key(keys, &des);
+  des_encrypt(&des, 8, results, plaintext);
+  setup_des_key(keys + 7, &des);
+  des_encrypt(&des, 8, results + 8, plaintext);
+  setup_des_key(keys + 14, &des);
+  des_encrypt(&des, 8, results + 16, plaintext);
 #elif defined(USE_GNUTLS)
   gcry_cipher_hd_t des;
 
@@ -295,6 +318,12 @@ void Curl_ntlm_core_mk_lm_hash(struct SessionHandle *data,
     setup_des_key(pw + 7, DESKEY(ks));
     DES_ecb_encrypt((DES_cblock *)magic, (DES_cblock *)(lmbuffer + 8),
                     DESKEY(ks), DES_ENCRYPT);
+#elif defined(USE_GNUTLS_NETTLE)
+    struct des_ctx des;
+    setup_des_key(pw, &des);
+    des_encrypt(&des, 8, lmbuffer, magic);
+    setup_des_key(pw + 7, &des);
+    des_encrypt(&des, 8, lmbuffer + 8, magic);
 #elif defined(USE_GNUTLS)
     gcry_cipher_hd_t des;
 
@@ -357,6 +386,11 @@ CURLcode Curl_ntlm_core_mk_nt_hash(struct SessionHandle *data,
     MD4_Init(&MD4pw);
     MD4_Update(&MD4pw, pw, 2 * len);
     MD4_Final(ntbuffer, &MD4pw);
+#elif defined(USE_GNUTLS_NETTLE)
+    struct md4_ctx MD4pw;
+    md4_init(&MD4pw);
+    md4_update(&MD4pw, 2 * len, pw);
+    md4_digest(&MD4pw, MD4_DIGEST_SIZE, ntbuffer);
 #elif defined(USE_GNUTLS)
     gcry_md_hd_t MD4pw;
     gcry_md_open(&MD4pw, GCRY_MD_MD4, 0);

lib/curl_ntlm_msgs.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -54,6 +54,13 @@
 #  endif
 #  include "ssluse.h"
 
+#elif defined(USE_GNUTLS_NETTLE)
+
+#  include <nettle/md5.h>
+#  include <gnutls/gnutls.h>
+#  include <gnutls/crypto.h>
+#  define MD5_DIGEST_LENGTH 16
+
 #elif defined(USE_GNUTLS)
 
 #  include <gcrypt.h>
@@ -688,7 +695,7 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
   /* Get the machine's un-qualified host name as NTLM doesn't like the fully
      qualified domain name */
   if(Curl_gethostname(host, sizeof(host))) {
-    infof(data, "gethostname() failed, continuing without!");
+    infof(data, "gethostname() failed, continuing without!\n");
     hostlen = 0;
   }
   else {
@@ -714,6 +721,9 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
     MD5_CTX MD5pw;
     Curl_ossl_seed(data); /* Initiate the seed if not already done */
     RAND_bytes(entropy, 8);
+#elif defined(USE_GNUTLS_NETTLE)
+    struct md5_ctx MD5pw;
+    gnutls_rnd(GNUTLS_RND_RANDOM, entropy, 8);
 #elif defined(USE_GNUTLS)
     gcry_md_hd_t MD5pw;
     Curl_gtls_seed(data); /* Initiate the seed if not already done */
@@ -739,6 +749,10 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
     MD5_Init(&MD5pw);
     MD5_Update(&MD5pw, tmp, 16);
     MD5_Final(md5sum, &MD5pw);
+#elif defined(USE_GNUTLS_NETTLE)
+    md5_init(&MD5pw);
+    md5_update(&MD5pw, 16, tmp);
+    md5_digest(&MD5pw, 16, md5sum);
 #elif defined(USE_GNUTLS)
     gcry_md_open(&MD5pw, GCRY_MD_MD5, 0);
     gcry_md_write(MD5pw, tmp, MD5_DIGEST_LENGTH);

lib/cyassl.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -258,7 +258,7 @@ cyassl_connect_step2(struct connectdata *conn,
   }
 
   conssl->connecting_state = ssl_connect_3;
-  infof(data, "SSL connected");
+  infof(data, "SSL connected\n");
 
   return CURLE_OK;
 }
@@ -404,9 +404,10 @@ size_t Curl_cyassl_version(char *buffer, size_t size)
 
 int Curl_cyassl_init(void)
 {
-  InitCyaSSL();
+  if(CyaSSL_Init() == 0)
+    return 1;
 
-  return 1;
+  return -1;
 }
 
 

lib/dict.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -98,7 +98,7 @@ const struct Curl_handler Curl_handler_dict = {
   ZERO_NULL,                            /* readwrite */
   PORT_DICT,                            /* defport */
   CURLPROTO_DICT,                       /* protocol */
-  PROTOPT_NONE                          /* flags */
+  PROTOPT_NONE | PROTOPT_NOURLQUERY      /* flags */
 };
 
 static char *unescape_word(struct SessionHandle *data, const char *inputbuff)
@@ -178,7 +178,7 @@ static CURLcode dict_do(struct connectdata *conn, bool *done)
     }
 
     if((word == NULL) || (*word == (char)0)) {
-      infof(data, "lookup word is missing");
+      infof(data, "lookup word is missing\n");
       word=(char *)"default";
     }
     if((database == NULL) || (*database == (char)0)) {
@@ -232,7 +232,7 @@ static CURLcode dict_do(struct connectdata *conn, bool *done)
     }
 
     if((word == NULL) || (*word == (char)0)) {
-      infof(data, "lookup word is missing");
+      infof(data, "lookup word is missing\n");
       word=(char *)"default";
     }
     if((database == NULL) || (*database == (char)0)) {

lib/escape.c

@@ -31,6 +31,7 @@
 #include "urldata.h"
 #include "warnless.h"
 #include "non-ascii.h"
+#include "escape.h"
 
 #define _MPRINTF_REPLACE /* use our functions only */
 #include <curl/mprintf.h>
@@ -84,7 +85,7 @@ char *curl_easy_escape(CURL *handle, const char *string, int inlength)
   char *testing_ptr = NULL;
   unsigned char in; /* we need to treat the characters unsigned */
   size_t newlen = alloc;
-  int strindex=0;
+  size_t strindex=0;
   size_t length;
   CURLcode res;
 
@@ -132,23 +133,29 @@ char *curl_easy_escape(CURL *handle, const char *string, int inlength)
 }
 
 /*
- * Unescapes the given URL escaped string of given length. Returns a
- * pointer to a malloced string with length given in *olen.
- * If length == 0, the length is assumed to be strlen(string).
- * If olen == NULL, no output length is stored.
+ * Curl_urldecode() URL decodes the given string.
+ *
+ * Optionally detects control characters (byte codes lower than 32) in the
+ * data and rejects such data.
+ *
+ * Returns a pointer to a malloced string in *ostring with length given in
+ * *olen. If length == 0, the length is assumed to be strlen(string).
+ *
  */
-char *curl_easy_unescape(CURL *handle, const char *string, int length,
-                         int *olen)
+CURLcode Curl_urldecode(struct SessionHandle *data,
+                        const char *string, size_t length,
+                        char **ostring, size_t *olen,
+                        bool reject_ctrl)
 {
-  int alloc = (length?length:(int)strlen(string))+1;
+  size_t alloc = (length?length:strlen(string))+1;
   char *ns = malloc(alloc);
   unsigned char in;
-  int strindex=0;
+  size_t strindex=0;
   unsigned long hex;
   CURLcode res;
 
   if(!ns)
-    return NULL;
+    return CURLE_OUT_OF_MEMORY;
 
   while(--alloc > 0) {
     in = *string;
@@ -164,16 +171,20 @@ char *curl_easy_unescape(CURL *handle, const char *string, int length,
 
       in = curlx_ultouc(hex); /* this long is never bigger than 255 anyway */
 
-      res = Curl_convert_from_network(handle, &in, 1);
+      res = Curl_convert_from_network(data, &in, 1);
       if(res) {
         /* Curl_convert_from_network calls failf if unsuccessful */
         free(ns);
-        return NULL;
+        return res;
       }
 
       string+=2;
       alloc-=2;
     }
+    if(reject_ctrl && (in < 0x20)) {
+      free(ns);
+      return CURLE_URL_MALFORMAT;
+    }
 
     ns[strindex++] = in;
     string++;
@@ -183,7 +194,33 @@ char *curl_easy_unescape(CURL *handle, const char *string, int length,
   if(olen)
     /* store output size */
     *olen = strindex;
-  return ns;
+
+  if(ostring)
+    /* store output string */
+    *ostring = ns;
+
+  return CURLE_OK;
+}
+
+/*
+ * Unescapes the given URL escaped string of given length. Returns a
+ * pointer to a malloced string with length given in *olen.
+ * If length == 0, the length is assumed to be strlen(string).
+ * If olen == NULL, no output length is stored.
+ */
+char *curl_easy_unescape(CURL *handle, const char *string, int length,
+                         int *olen)
+{
+  char *str = NULL;
+  size_t inputlen = length;
+  size_t outputlen;
+  CURLcode res = Curl_urldecode(handle, string, inputlen, &str, &outputlen,
+                                FALSE);
+  if(res)
+    return NULL;
+  if(olen)
+    *olen = curlx_uztosi(outputlen);
+  return str;
 }
 
 /* For operating systems/environments that use different malloc/free

lib/escape.h

@@ -1,5 +1,5 @@
-#ifndef __ESCAPE_H
-#define __ESCAPE_H
+#ifndef HEADER_CURL_ESCAPE_H
+#define HEADER_CURL_ESCAPE_H
 
 /***************************************************************************
  *                                  _   _ ____  _
@@ -8,7 +8,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -25,5 +25,9 @@
 /* Escape and unescape URL encoding in strings. The functions return a new
  * allocated string or NULL if an error occurred.  */
 
+CURLcode Curl_urldecode(struct SessionHandle *data,
+                        const char *string, size_t length,
+                        char **ostring, size_t *olen,
+                        bool reject_crlf);
 
 #endif

lib/file.c

@@ -119,7 +119,7 @@ const struct Curl_handler Curl_handler_file = {
   ZERO_NULL,                            /* readwrite */
   0,                                    /* defport */
   CURLPROTO_FILE,                       /* protocol */
-  PROTOPT_NONETWORK                     /* flags */
+  PROTOPT_NONETWORK | PROTOPT_NOURLQUERY /* flags */
 };
 
 

lib/formdata.c

@@ -156,8 +156,6 @@ static FormInfo * AddFormInfo(char *value,
     /* then move the original 'more' to point to ourselves */
     parent_form_info->more = form_info;
   }
-  else
-    return NULL;
 
   return form_info;
 }
@@ -458,9 +456,21 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost,
         if(current_form->value) {
           if(current_form->flags & HTTPPOST_FILENAME) {
             if(filename) {
-              if((current_form = AddFormInfo(strdup(filename),
-                                             NULL, current_form)) == NULL)
+              char *fname = strdup(filename);
+              if(!fname)
                 return_value = CURL_FORMADD_MEMORY;
+              else {
+                form = AddFormInfo(fname, NULL, current_form);
+                if(!form) {
+                  Curl_safefree(fname);
+                  return_value = CURL_FORMADD_MEMORY;
+                }
+                else {
+                  form->value_alloc = TRUE;
+                  current_form = form;
+                  form = NULL;
+                }
+              }
             }
             else
               return_value = CURL_FORMADD_NULL;
@@ -535,10 +545,21 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost,
         if(current_form->contenttype) {
           if(current_form->flags & HTTPPOST_FILENAME) {
             if(contenttype) {
-              if((current_form = AddFormInfo(NULL,
-                                             strdup(contenttype),
-                                             current_form)) == NULL)
+              char *type = strdup(contenttype);
+              if(!type)
                 return_value = CURL_FORMADD_MEMORY;
+              else {
+                form = AddFormInfo(NULL, type, current_form);
+                if(!form) {
+                  Curl_safefree(type);
+                  return_value = CURL_FORMADD_MEMORY;
+                }
+                else {
+                  form->contenttype_alloc = TRUE;
+                  current_form = form;
+                  form = NULL;
+                }
+              }
             }
             else
               return_value = CURL_FORMADD_NULL;
@@ -596,6 +617,30 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost,
     }
   }
 
+  if(CURL_FORMADD_OK != return_value) {
+    /* On error, free allocated fields for all nodes of the FormInfo linked
+       list without deallocating nodes. List nodes are deallocated later on */
+    FormInfo *ptr;
+    for(ptr = first_form; ptr != NULL; ptr = ptr->more) {
+      if(ptr->name_alloc) {
+        Curl_safefree(ptr->name);
+        ptr->name_alloc = FALSE;
+      }
+      if(ptr->value_alloc) {
+        Curl_safefree(ptr->value);
+        ptr->value_alloc = FALSE;
+      }
+      if(ptr->contenttype_alloc) {
+        Curl_safefree(ptr->contenttype);
+        ptr->contenttype_alloc = FALSE;
+      }
+      if(ptr->showfilename_alloc) {
+        Curl_safefree(ptr->showfilename);
+        ptr->showfilename_alloc = FALSE;
+      }
+    }
+  }
+
   if(CURL_FORMADD_OK == return_value) {
     /* go through the list, check for completeness and if everything is
      * alright add the HttpPost item otherwise set return_value accordingly */
@@ -675,32 +720,39 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost,
           prevtype = form->contenttype;
       }
     }
-  }
-
-  if(return_value) {
-    /* we return on error, free possibly allocated fields */
-    if(!form)
-      form = current_form;
-    if(form) {
-      if(form->name_alloc)
-        free(form->name);
-      if(form->value_alloc)
-        free(form->value);
-      if(form->contenttype_alloc)
-        free(form->contenttype);
-      if(form->showfilename_alloc)
-        free(form->showfilename);
+    if(CURL_FORMADD_OK != return_value) {
+      /* On error, free allocated fields for nodes of the FormInfo linked
+         list which are not already owned by the httppost linked list
+         without deallocating nodes. List nodes are deallocated later on */
+      FormInfo *ptr;
+      for(ptr = form; ptr != NULL; ptr = ptr->more) {
+        if(ptr->name_alloc) {
+          Curl_safefree(ptr->name);
+          ptr->name_alloc = FALSE;
+        }
+        if(ptr->value_alloc) {
+          Curl_safefree(ptr->value);
+          ptr->value_alloc = FALSE;
+        }
+        if(ptr->contenttype_alloc) {
+          Curl_safefree(ptr->contenttype);
+          ptr->contenttype_alloc = FALSE;
+        }
+        if(ptr->showfilename_alloc) {
+          Curl_safefree(ptr->showfilename);
+          ptr->showfilename_alloc = FALSE;
+        }
+      }
     }
   }
 
-  /* always delete the allocated memory before returning */
-  form = first_form;
-  while(form != NULL) {
-    FormInfo *delete_form;
-
-    delete_form = form;
-    form = form->more;
-    free (delete_form);
+  /* Always deallocate FormInfo linked list nodes without touching node
+     fields given that these have either been deallocated or are owned
+     now by the httppost linked list */
+  while(first_form) {
+    FormInfo *ptr = first_form->more;
+    Curl_safefree(first_form);
+    first_form = ptr;
   }
 
   return return_value;
@@ -996,12 +1048,12 @@ CURLcode Curl_getformdata(struct SessionHandle *data,
   struct curl_httppost *file;
   CURLcode result = CURLE_OK;
 
-  curl_off_t size=0; /* support potentially ENORMOUS formposts */
+  curl_off_t size = 0; /* support potentially ENORMOUS formposts */
   char *boundary;
-  char *fileboundary=NULL;
+  char *fileboundary = NULL;
   struct curl_slist* curList;
 
-  *finalform=NULL; /* default form is empty */
+  *finalform = NULL; /* default form is empty */
 
   if(!post)
     return result; /* no input => no output! */
@@ -1018,7 +1070,7 @@ CURLcode Curl_getformdata(struct SessionHandle *data,
                         boundary);
 
   if(result) {
-    free(boundary);
+    Curl_safefree(boundary);
     return result;
   }
   /* we DO NOT include that line in the total size of the POST, since it'll be
@@ -1061,7 +1113,12 @@ CURLcode Curl_getformdata(struct SessionHandle *data,
       /* If used, this is a link to more file names, we must then do
          the magic to include several files with the same field name */
 
+      Curl_safefree(fileboundary);
       fileboundary = Curl_FormBoundary();
+      if(!fileboundary) {
+        result = CURLE_OUT_OF_MEMORY;
+        break;
+      }
 
       result = AddFormDataf(&form, &size,
                             "\r\nContent-Type: multipart/mixed,"
@@ -1081,13 +1138,12 @@ CURLcode Curl_getformdata(struct SessionHandle *data,
 
       if(post->more) {
         /* if multiple-file */
-        char *filebasename= NULL;
+        char *filebasename = NULL;
         if(!file->showfilename) {
           filebasename = strippath(file->contents);
           if(!filebasename) {
-            Curl_formclean(&firstform);
-            free(boundary);
-            return CURLE_OUT_OF_MEMORY;
+            result = CURLE_OUT_OF_MEMORY;
+            break;
           }
         }
 
@@ -1097,8 +1153,7 @@ CURLcode Curl_getformdata(struct SessionHandle *data,
                               fileboundary,
                               (file->showfilename?file->showfilename:
                                filebasename));
-        if(filebasename)
-          free(filebasename);
+        Curl_safefree(filebasename);
         if(result)
           break;
       }
@@ -1115,8 +1170,7 @@ CURLcode Curl_getformdata(struct SessionHandle *data,
                                 "; filename=\"%s\"",
                                 (post->showfilename?post->showfilename:
                                  filebasename));
-          if(filebasename)
-            free(filebasename);
+          Curl_safefree(filebasename);
         }
 
         if(result)
@@ -1140,11 +1194,8 @@ CURLcode Curl_getformdata(struct SessionHandle *data,
           break;
         curList = curList->next;
       }
-      if(result) {
-        Curl_formclean(&firstform);
-        free(boundary);
-        return result;
-      }
+      if(result)
+        break;
 
       result = AddFormDataf(&form, &size, "\r\n\r\n");
       if(result)
@@ -1166,7 +1217,7 @@ CURLcode Curl_getformdata(struct SessionHandle *data,
 
         if(fileread) {
           if(fileread != stdin) {
-            /* close the file again */
+            /* close the file */
             fclose(fileread);
             /* add the file name only - for later reading from this */
             result = AddFormData(&form, FORM_FILE, file->contents, 0, &size);
@@ -1210,11 +1261,8 @@ CURLcode Curl_getformdata(struct SessionHandle *data,
       file = file->more;
     } while(file && !result); /* for each specified file for this field */
 
-    if(result) {
-      Curl_formclean(&firstform);
-      free(boundary);
-      return result;
-    }
+    if(result)
+      break;
 
     if(post->more) {
       /* this was a multiple-file inclusion, make a termination file
@@ -1222,33 +1270,31 @@ CURLcode Curl_getformdata(struct SessionHandle *data,
       result = AddFormDataf(&form, &size,
                            "\r\n--%s--",
                            fileboundary);
-      free(fileboundary);
       if(result)
         break;
     }
 
   } while((post = post->next) != NULL); /* for each field */
-  if(result) {
-    Curl_formclean(&firstform);
-    free(boundary);
-    return result;
-  }
 
   /* end-boundary for everything */
-  result = AddFormDataf(&form, &size,
-                       "\r\n--%s--\r\n",
-                       boundary);
+  if(CURLE_OK == result)
+    result = AddFormDataf(&form, &size,
+                          "\r\n--%s--\r\n",
+                          boundary);
+
   if(result) {
     Curl_formclean(&firstform);
-    free(boundary);
+    Curl_safefree(fileboundary);
+    Curl_safefree(boundary);
     return result;
   }
 
   *sizep = size;
 
-  free(boundary);
+  Curl_safefree(fileboundary);
+  Curl_safefree(boundary);
 
-  *finalform=firstform;
+  *finalform = firstform;
 
   return result;
 }

lib/ftp.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -108,6 +108,8 @@
 #endif
 
 /* Local API functions */
+static void state(struct connectdata *conn,
+                  ftpstate newstate);
 static CURLcode ftp_sendquote(struct connectdata *conn,
                               struct curl_slist *quote);
 static CURLcode ftp_quit(struct connectdata *conn);
@@ -132,7 +134,7 @@ static CURLcode ftp_done(struct connectdata *conn,
                          CURLcode, bool premature);
 static CURLcode ftp_connect(struct connectdata *conn, bool *done);
 static CURLcode ftp_disconnect(struct connectdata *conn, bool dead_connection);
-static CURLcode ftp_nextconnect(struct connectdata *conn);
+static CURLcode ftp_do_more(struct connectdata *conn, bool *completed);
 static CURLcode ftp_multi_statemach(struct connectdata *conn, bool *done);
 static int ftp_getsock(struct connectdata *conn, curl_socket_t *socks,
                        int numsocks);
@@ -150,6 +152,11 @@ static void wc_data_dtor(void *ptr);
 static CURLcode ftp_state_post_retr_size(struct connectdata *conn,
                                          curl_off_t filesize);
 
+static CURLcode ftp_readresp(curl_socket_t sockfd,
+                             struct pingpong *pp,
+                             int *ftpcode,
+                             size_t *size);
+
 /* easy-to-use macro: */
 #define FTPSENDF(x,y,z)    if((result = Curl_ftpsendf(x,y,z)) != CURLE_OK) \
                               return result
@@ -166,7 +173,7 @@ const struct Curl_handler Curl_handler_ftp = {
   ftp_setup_connection,            /* setup_connection */
   ftp_do,                          /* do_it */
   ftp_done,                        /* done */
-  ftp_nextconnect,                 /* do_more */
+  ftp_do_more,                     /* do_more */
   ftp_connect,                     /* connect_it */
   ftp_multi_statemach,             /* connecting */
   ftp_doing,                       /* doing */
@@ -178,7 +185,8 @@ const struct Curl_handler Curl_handler_ftp = {
   ZERO_NULL,                       /* readwrite */
   PORT_FTP,                        /* defport */
   CURLPROTO_FTP,                   /* protocol */
-  PROTOPT_DUAL | PROTOPT_CLOSEACTION | PROTOPT_NEEDSPWD /* flags */
+  PROTOPT_DUAL | PROTOPT_CLOSEACTION | PROTOPT_NEEDSPWD
+  | PROTOPT_NOURLQUERY /* flags */
 };
 
 
@@ -192,7 +200,7 @@ const struct Curl_handler Curl_handler_ftps = {
   ftp_setup_connection,            /* setup_connection */
   ftp_do,                          /* do_it */
   ftp_done,                        /* done */
-  ftp_nextconnect,                 /* do_more */
+  ftp_do_more,                     /* do_more */
   ftp_connect,                     /* connect_it */
   ftp_multi_statemach,             /* connecting */
   ftp_doing,                       /* doing */
@@ -205,7 +213,7 @@ const struct Curl_handler Curl_handler_ftps = {
   PORT_FTPS,                       /* defport */
   CURLPROTO_FTP | CURLPROTO_FTPS,  /* protocol */
   PROTOPT_SSL | PROTOPT_DUAL | PROTOPT_CLOSEACTION |
-  PROTOPT_NEEDSPWD /* flags */
+  PROTOPT_NEEDSPWD | PROTOPT_NOURLQUERY /* flags */
 };
 #endif
 
@@ -309,19 +317,16 @@ static bool isBadFtpString(const char *string)
 
 /***********************************************************************
  *
- * AllowServerConnect()
+ * AcceptServerConnect()
  *
- * When we've issue the PORT command, we have told the server to connect
- * to us. This function will sit and wait here until the server has
- * connected.
+ * After connection request is received from the server this function is
+ * called to accept the connection and close the listening socket
  *
  */
-static CURLcode AllowServerConnect(struct connectdata *conn)
+static CURLcode AcceptServerConnect(struct connectdata *conn)
 {
   struct SessionHandle *data = conn->data;
   curl_socket_t sock = conn->sock[SECONDARYSOCKET];
-  long timeout_ms;
-  long interval_ms;
   curl_socket_t s = CURL_SOCKET_BAD;
 #ifdef ENABLE_IPV6
   struct Curl_sockaddr_storage add;
@@ -330,47 +335,258 @@ static CURLcode AllowServerConnect(struct connectdata *conn)
 #endif
   curl_socklen_t size = (curl_socklen_t) sizeof(add);
 
-  for(;;) {
-    timeout_ms = Curl_timeleft(data, NULL, TRUE);
+  if(0 == getsockname(sock, (struct sockaddr *) &add, &size)) {
+    size = sizeof(add);
 
-    if(timeout_ms < 0) {
-      /* if a timeout was already reached, bail out */
-      failf(data, "Timeout while waiting for server connect");
-      return CURLE_OPERATION_TIMEDOUT;
+    s=accept(sock, (struct sockaddr *) &add, &size);
+  }
+  Curl_closesocket(conn, sock); /* close the first socket */
+
+  if(CURL_SOCKET_BAD == s) {
+    failf(data, "Error accept()ing server connect");
+    return CURLE_FTP_PORT_FAILED;
+  }
+  infof(data, "Connection accepted from server\n");
+
+  conn->sock[SECONDARYSOCKET] = s;
+  curlx_nonblock(s, TRUE); /* enable non-blocking */
+  conn->sock_accepted[SECONDARYSOCKET] = TRUE;
+  return CURLE_OK;
+
+}
+
+/*
+ * ftp_timeleft_accept() returns the amount of milliseconds left allowed for
+ * waiting server to connect. If the value is negative, the timeout time has
+ * already elapsed.
+ *
+ * The start time is stored in progress.t_acceptdata - as set with
+ * Curl_pgrsTime(..., TIMER_STARTACCEPT);
+ *
+ */
+static long ftp_timeleft_accept(struct SessionHandle *data)
+{
+  long timeout_ms = DEFAULT_ACCEPT_TIMEOUT;
+  long other;
+  struct timeval now;
+
+  if(data->set.accepttimeout > 0)
+    timeout_ms = data->set.accepttimeout;
+
+  now = Curl_tvnow();
+
+  /* check if the generic timeout possibly is set shorter */
+  other =  Curl_timeleft(data, &now, FALSE);
+  if(other && (other < timeout_ms))
+    /* note that this also works fine for when other happens to be negative
+       due to it already having elapsed */
+    timeout_ms = other;
+  else {
+    /* subtract elapsed time */
+    timeout_ms -= Curl_tvdiff(now, data->progress.t_acceptdata);
+    if(!timeout_ms)
+      /* avoid returning 0 as that means no timeout! */
+      return -1;
+  }
+
+  return timeout_ms;
+}
+
+
+/***********************************************************************
+ *
+ * ReceivedServerConnect()
+ *
+ * After allowing server to connect to us from data port, this function
+ * checks both data connection for connection establishment and ctrl
+ * connection for a negative response regarding a failure in connecting
+ *
+ */
+static CURLcode ReceivedServerConnect(struct connectdata* conn, bool* received)
+{
+  struct SessionHandle *data = conn->data;
+  curl_socket_t ctrl_sock = conn->sock[FIRSTSOCKET];
+  curl_socket_t data_sock = conn->sock[SECONDARYSOCKET];
+  struct ftp_conn *ftpc = &conn->proto.ftpc;
+  struct pingpong *pp = &ftpc->pp;
+  int result;
+  long timeout_ms;
+  ssize_t nread;
+  int ftpcode;
+
+  *received = FALSE;
+
+  timeout_ms = ftp_timeleft_accept(data);
+  infof(data, "Checking for server connect\n");
+  if(timeout_ms < 0) {
+    /* if a timeout was already reached, bail out */
+    failf(data, "Accept timeout occurred while waiting server connect");
+    return CURLE_FTP_ACCEPT_TIMEOUT;
+  }
+
+  /* First check whether there is a cached response from server */
+  if(pp->cache_size && pp->cache && pp->cache[0] > '3') {
+    /* Data connection could not be established, let's return */
+    infof(data, "There is negative response in cache while serv connect\n");
+    Curl_GetFTPResponse(&nread, conn, &ftpcode);
+    return CURLE_FTP_ACCEPT_FAILED;
+  }
+
+  result = Curl_socket_check(ctrl_sock, data_sock, CURL_SOCKET_BAD, 0);
+
+  /* see if the connection request is already here */
+  switch (result) {
+  case -1: /* error */
+    /* let's die here */
+    failf(data, "Error while waiting for server connect");
+    return CURLE_FTP_ACCEPT_FAILED;
+  case 0:  /* Server connect is not received yet */
+    break; /* loop */
+  default:
+
+    if(result & CURL_CSELECT_IN2) {
+      infof(data, "Ready to accept data connection from server\n");
+      *received = TRUE;
+    }
+    else if(result & CURL_CSELECT_IN) {
+      infof(data, "Ctrl conn has data while waiting for data conn\n");
+      Curl_GetFTPResponse(&nread, conn, &ftpcode);
+
+      if(ftpcode/100 > 3)
+        return CURLE_FTP_ACCEPT_FAILED;
+
+      return CURLE_FTP_WEIRD_SERVER_REPLY;
     }
 
-    interval_ms = 1000;  /* use 1 second timeout intervals */
-    if(timeout_ms < interval_ms)
-      interval_ms = timeout_ms;
+    break;
+  } /* switch() */
 
-    switch (Curl_socket_ready(sock, CURL_SOCKET_BAD, interval_ms)) {
-    case -1: /* error */
-      /* let's die here */
-      failf(data, "Error while waiting for server connect");
-      return CURLE_FTP_PORT_FAILED;
-    case 0:  /* timeout */
-      break; /* loop */
-    default:
-      /* we have received data here */
-      if(0 == getsockname(sock, (struct sockaddr *) &add, &size)) {
-        size = sizeof(add);
+  return CURLE_OK;
+}
 
-        s=accept(sock, (struct sockaddr *) &add, &size);
-      }
-      Curl_closesocket(conn, sock); /* close the first socket */
 
-      if(CURL_SOCKET_BAD == s) {
-        failf(data, "Error accept()ing server connect");
-        return CURLE_FTP_PORT_FAILED;
-      }
-      infof(data, "Connection accepted from server\n");
+/***********************************************************************
+ *
+ * InitiateTransfer()
+ *
+ * After connection from server is accepted this function is called to
+ * setup transfer parameters and initiate the data transfer.
+ *
+ */
+static CURLcode InitiateTransfer(struct connectdata *conn)
+{
+  struct SessionHandle *data = conn->data;
+  struct FTP *ftp = data->state.proto.ftp;
+  CURLcode result = CURLE_OK;
 
-      conn->sock[SECONDARYSOCKET] = s;
-      curlx_nonblock(s, TRUE); /* enable non-blocking */
-      return CURLE_OK;
-    } /* switch() */
+  if(conn->ssl[SECONDARYSOCKET].use) {
+    /* since we only have a plaintext TCP connection here, we must now
+     * do the TLS stuff */
+    infof(data, "Doing the SSL/TLS handshake on the data stream\n");
+    result = Curl_ssl_connect(conn, SECONDARYSOCKET);
+    if(result)
+      return result;
   }
-  /* never reaches this point */
+
+  if(conn->proto.ftpc.state_saved == FTP_STOR) {
+    *(ftp->bytecountp)=0;
+
+    /* When we know we're uploading a specified file, we can get the file
+       size prior to the actual upload. */
+
+    Curl_pgrsSetUploadSize(data, data->set.infilesize);
+
+    /* set the SO_SNDBUF for the secondary socket for those who need it */
+    Curl_sndbufset(conn->sock[SECONDARYSOCKET]);
+
+    Curl_setup_transfer(conn, -1, -1, FALSE, NULL, /* no download */
+                        SECONDARYSOCKET, ftp->bytecountp);
+  }
+  else {
+    /* FTP download: */
+    Curl_setup_transfer(conn, SECONDARYSOCKET,
+        conn->proto.ftpc.retr_size_saved, FALSE,
+        ftp->bytecountp, -1, NULL); /* no upload here */
+  }
+
+  conn->proto.ftpc.pp.pending_resp = TRUE; /* expect server response */
+  state(conn, FTP_STOP);
+
+  return CURLE_OK;
+}
+
+/***********************************************************************
+ *
+ * AllowServerConnect()
+ *
+ * When we've issue the PORT command, we have told the server to connect
+ * to us. This function
+ *   - will sit and wait here until the server has connected for easy interface
+ *   - will check whether data connection is established if so it is accepted
+ *   for multi interface
+ *
+ */
+static CURLcode AllowServerConnect(struct connectdata *conn, bool *connected)
+{
+  struct SessionHandle *data = conn->data;
+  long timeout_ms;
+  long interval_ms;
+  CURLcode ret = CURLE_OK;
+
+  *connected = FALSE;
+  infof(data, "Preparing for accepting server on data port\n");
+
+  /* Save the time we start accepting server connect */
+  Curl_pgrsTime(data, TIMER_STARTACCEPT);
+
+  for(;;) {
+    timeout_ms = ftp_timeleft_accept(data);
+    if(timeout_ms < 0) {
+      /* if a timeout was already reached, bail out */
+      failf(data, "Accept timeout occurred while waiting server connect");
+      return CURLE_FTP_ACCEPT_TIMEOUT;
+    }
+
+    /* see if the connection request is already here */
+    ret = ReceivedServerConnect(conn, connected);
+    if(ret)
+      return ret;
+
+    if(*connected) {
+      ret = AcceptServerConnect(conn);
+      if(ret)
+        return ret;
+
+      ret = InitiateTransfer(conn);
+      if(ret)
+        return ret;
+
+      break; /* connection is accepted, break the loop */
+    }
+    else {
+      if(data->state.used_interface == Curl_if_easy) {
+        interval_ms = 1000;
+        if(timeout_ms < interval_ms)
+          interval_ms = timeout_ms;
+
+        /* sleep for 1 second and then continue */
+        Curl_socket_ready(CURL_SOCKET_BAD, CURL_SOCKET_BAD, interval_ms);
+      }
+      else {
+        /* Add timeout to multi handle and break out of the loop */
+        if(ret == CURLE_OK && *connected == FALSE) {
+          if(data->set.accepttimeout > 0)
+            Curl_expire(data, data->set.accepttimeout);
+          else
+            Curl_expire(data, DEFAULT_ACCEPT_TIMEOUT);
+        }
+
+        break; /* connection was not accepted immediately */
+      }
+    }
+  }
+
+  return ret;
 }
 
 /* macro to check for a three-digit ftp status code at the start of the
@@ -666,6 +882,10 @@ static int ftp_domore_getsock(struct connectdata *conn, curl_socket_t *socks,
   }
 
   socks[0] = conn->sock[SECONDARYSOCKET];
+  if(ftpc->wait_data_conn) {
+    socks[1] = conn->sock[FIRSTSOCKET];
+    return GETSOCK_READSOCK(0) | GETSOCK_READSOCK(1);
+  }
 
   return GETSOCK_READSOCK(0);
 }
@@ -900,14 +1120,8 @@ static CURLcode ftp_state_use_port(struct connectdata *conn,
   portsock = CURL_SOCKET_BAD;
   error = 0;
   for(ai = res; ai; ai = ai->ai_next) {
-    /*
-     * Workaround for AIX5 getaddrinfo() problem (it doesn't set ai_socktype):
-     */
-    if(ai->ai_socktype == 0)
-      ai->ai_socktype = conn->socktype;
-
-    portsock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
-    if(portsock == CURL_SOCKET_BAD) {
+    result = Curl_socket(conn, ai, NULL, &portsock);
+    if(result) {
       error = SOCKERRNO;
       continue;
     }
@@ -939,7 +1153,7 @@ static CURLcode ftp_state_use_port(struct connectdata *conn,
          * the control connection instead and restart the port loop
          */
 
-        infof(data, "bind(port=%hu) on non-local address failed: %s", port,
+        infof(data, "bind(port=%hu) on non-local address failed: %s\n", port,
               Curl_strerror(conn, error) );
 
         sslen = sizeof(ss);
@@ -2157,11 +2371,10 @@ static CURLcode ftp_state_rest_resp(struct connectdata *conn,
 }
 
 static CURLcode ftp_state_stor_resp(struct connectdata *conn,
-                                    int ftpcode)
+                                    int ftpcode, ftpstate instate)
 {
   CURLcode result = CURLE_OK;
   struct SessionHandle *data = conn->data;
-  struct FTP *ftp = data->state.proto.ftp;
 
   if(ftpcode>=400) {
     failf(data, "Failed FTP upload: %0d", ftpcode);
@@ -2169,41 +2382,29 @@ static CURLcode ftp_state_stor_resp(struct connectdata *conn,
     return CURLE_UPLOAD_FAILED;
   }
 
+  conn->proto.ftpc.state_saved = instate;
+
+  /* PORT means we are now awaiting the server to connect to us. */
   if(data->set.ftp_use_port) {
-    /* BLOCKING */
-    /* PORT means we are now awaiting the server to connect to us. */
-    result = AllowServerConnect(conn);
+    bool connected;
+
+    result = AllowServerConnect(conn, &connected);
     if(result)
       return result;
+
+    if(!connected) {
+      struct ftp_conn *ftpc = &conn->proto.ftpc;
+      infof(data, "Data conn was not available immediately\n");
+      /* as there's not necessarily an immediate action on the control
+         connection now, we halt the state machine */
+      state(conn, FTP_STOP);
+      ftpc->wait_data_conn = TRUE;
+    }
+
+    return CURLE_OK;
   }
-
-  if(conn->ssl[SECONDARYSOCKET].use) {
-    /* since we only have a plaintext TCP connection here, we must now
-       do the TLS stuff */
-    infof(data, "Doing the SSL/TLS handshake on the data stream\n");
-    /* BLOCKING */
-    result = Curl_ssl_connect(conn, SECONDARYSOCKET);
-    if(result)
-      return result;
-  }
-
-  *(ftp->bytecountp)=0;
-
-  /* When we know we're uploading a specified file, we can get the file
-     size prior to the actual upload. */
-
-  Curl_pgrsSetUploadSize(data, data->set.infilesize);
-
-  /* set the SO_SNDBUF for the secondary socket for those who need it */
-  Curl_sndbufset(conn->sock[SECONDARYSOCKET]);
-
-  Curl_setup_transfer(conn, -1, -1, FALSE, NULL, /* no download */
-                      SECONDARYSOCKET, ftp->bytecountp);
-  state(conn, FTP_STOP);
-
-  conn->proto.ftpc.pp.pending_resp = TRUE; /* expect a server response */
-
-  return result;
+  else
+    return InitiateTransfer(conn);
 }
 
 /* for LIST and RETR responses */
@@ -2284,22 +2485,6 @@ static CURLcode ftp_state_get_resp(struct connectdata *conn,
     else if(ftp->downloadsize > -1)
       size = ftp->downloadsize;
 
-    if(data->set.ftp_use_port) {
-      /* BLOCKING */
-      result = AllowServerConnect(conn);
-      if(result)
-        return result;
-    }
-
-    if(conn->ssl[SECONDARYSOCKET].use) {
-      /* since we only have a plaintext TCP connection here, we must now
-         do the TLS stuff */
-      infof(data, "Doing the SSL/TLS handshake on the data stream\n");
-      result = Curl_ssl_connect(conn, SECONDARYSOCKET);
-      if(result)
-        return result;
-    }
-
     if(size > data->req.maxdownload && data->req.maxdownload > 0)
       size = data->req.size = data->req.maxdownload;
     else if((instate != FTP_LIST) && (data->set.prefer_ascii))
@@ -2311,11 +2496,25 @@ static CURLcode ftp_state_get_resp(struct connectdata *conn,
       infof(data, "Getting file with size: %" FORMAT_OFF_T "\n", size);
 
     /* FTP download: */
-    Curl_setup_transfer(conn, SECONDARYSOCKET, size, FALSE,
-                        ftp->bytecountp, -1, NULL); /* no upload here */
+    conn->proto.ftpc.state_saved = instate;
+    conn->proto.ftpc.retr_size_saved = size;
 
-    conn->proto.ftpc.pp.pending_resp = TRUE; /* expect server response */
-    state(conn, FTP_STOP);
+    if(data->set.ftp_use_port) {
+      bool connected;
+
+      result = AllowServerConnect(conn, &connected);
+      if(result)
+        return result;
+
+      if(!connected) {
+        struct ftp_conn *ftpc = &conn->proto.ftpc;
+        infof(data, "Data conn was not available immediately\n");
+        state(conn, FTP_STOP);
+        ftpc->wait_data_conn = TRUE;
+      }
+    }
+    else
+      return InitiateTransfer(conn);
   }
   else {
     if((instate == FTP_LIST) && (ftpcode == 450)) {
@@ -2463,7 +2662,6 @@ static CURLcode ftp_statemach_act(struct connectdata *conn)
   if(pp->sendleft)
     return Curl_pp_flushsend(pp);
 
-  /* we read a piece of response */
   result = ftp_readresp(sock, pp, &ftpcode, &nread);
   if(result)
     return result;
@@ -2869,7 +3067,7 @@ static CURLcode ftp_statemach_act(struct connectdata *conn)
       break;
 
     case FTP_STOR:
-      result = ftp_state_stor_resp(conn, ftpcode);
+      result = ftp_state_stor_resp(conn, ftpcode, ftpc->state);
       break;
 
     case FTP_QUIT:
@@ -2999,33 +3197,6 @@ static CURLcode ftp_connect(struct connectdata *conn,
   pp->endofresp = ftp_endofresp;
   pp->conn = conn;
 
-  if(conn->bits.tunnel_proxy && conn->bits.httpproxy) {
-    /* for FTP over HTTP proxy */
-    struct HTTP http_proxy;
-    struct FTP *ftp_save;
-
-    /* BLOCKING */
-    /* We want "seamless" FTP operations through HTTP proxy tunnel */
-
-    /* Curl_proxyCONNECT is based on a pointer to a struct HTTP at the member
-     * conn->proto.http; we want FTP through HTTP and we have to change the
-     * member temporarily for connecting to the HTTP proxy. After
-     * Curl_proxyCONNECT we have to set back the member to the original struct
-     * FTP pointer
-     */
-    ftp_save = data->state.proto.ftp;
-    memset(&http_proxy, 0, sizeof(http_proxy));
-    data->state.proto.http = &http_proxy;
-
-    result = Curl_proxyCONNECT(conn, FIRSTSOCKET,
-                               conn->host.name, conn->remote_port);
-
-    data->state.proto.ftp = ftp_save;
-
-    if(CURLE_OK != result)
-      return result;
-  }
-
   if(conn->handler->flags & PROTOPT_SSL) {
     /* BLOCKING */
     result = Curl_ssl_connect(conn, FIRSTSOCKET);
@@ -3085,8 +3256,11 @@ static CURLcode ftp_done(struct connectdata *conn, CURLcode status,
   case CURLE_BAD_DOWNLOAD_RESUME:
   case CURLE_FTP_WEIRD_PASV_REPLY:
   case CURLE_FTP_PORT_FAILED:
+  case CURLE_FTP_ACCEPT_FAILED:
+  case CURLE_FTP_ACCEPT_TIMEOUT:
   case CURLE_FTP_COULDNT_SET_TYPE:
   case CURLE_FTP_COULDNT_RETR_FILE:
+  case CURLE_PARTIAL_FILE:
   case CURLE_UPLOAD_FAILED:
   case CURLE_REMOTE_ACCESS_DENIED:
   case CURLE_FILESIZE_EXCEEDED:
@@ -3457,28 +3631,54 @@ static CURLcode ftp_range(struct connectdata *conn)
 
 
 /*
- * ftp_nextconnect()
+ * ftp_do_more()
  *
  * This function shall be called when the second FTP (data) connection is
  * connected.
  */
 
-static CURLcode ftp_nextconnect(struct connectdata *conn)
+static CURLcode ftp_do_more(struct connectdata *conn, bool *complete)
 {
   struct SessionHandle *data=conn->data;
   struct ftp_conn *ftpc = &conn->proto.ftpc;
   CURLcode result = CURLE_OK;
+  bool connected = FALSE;
 
   /* the ftp struct is inited in ftp_connect() */
   struct FTP *ftp = data->state.proto.ftp;
 
-  DEBUGF(infof(data, "DO-MORE phase starts\n"));
+  /* if the second connection isn't done yet, wait for it */
+  if(!conn->bits.tcpconnect[SECONDARYSOCKET]) {
+    result = Curl_is_connected(conn, SECONDARYSOCKET, &connected);
+
+    /* Ready to do more? */
+    if(connected) {
+      DEBUGF(infof(data, "DO-MORE connected phase starts\n"));
+    }
+    else
+      return result;
+  }
 
   if(ftp->transfer <= FTPTRANSFER_INFO) {
     /* a transfer is about to take place, or if not a file name was given
        so we'll do a SIZE on it later and then we need the right TYPE first */
 
-    if(data->set.upload) {
+    if(ftpc->wait_data_conn == TRUE) {
+      bool serv_conned;
+
+      result = ReceivedServerConnect(conn, &serv_conned);
+      if(result)
+        return result; /* Failed to accept data connection */
+
+      if(serv_conned) {
+        /* It looks data connection is established */
+        result = AcceptServerConnect(conn);
+        ftpc->wait_data_conn = FALSE;
+        if(result == CURLE_OK)
+          result = InitiateTransfer(conn);
+      }
+    }
+    else if(data->set.upload) {
       result = ftp_nb_type(conn, data->set.prefer_ascii, FTP_STOR_TYPE);
       if(result)
         return result;
@@ -3517,8 +3717,11 @@ static CURLcode ftp_nextconnect(struct connectdata *conn)
        too! */
     Curl_setup_transfer(conn, -1, -1, FALSE, NULL, -1, NULL);
 
-  /* end of transfer */
-  DEBUGF(infof(data, "DO-MORE phase ends with %d\n", (int)result));
+  if(!ftpc->wait_data_conn) {
+    /* no waiting for the data connection so this is now complete */
+    *complete = TRUE;
+    DEBUGF(infof(data, "DO-MORE phase ends with %d\n", (int)result));
+  }
 
   return result;
 }
@@ -3798,8 +4001,10 @@ static CURLcode wc_statemach(struct connectdata *conn)
 static CURLcode ftp_do(struct connectdata *conn, bool *done)
 {
   CURLcode retcode = CURLE_OK;
+  struct ftp_conn *ftpc = &conn->proto.ftpc;
 
   *done = FALSE; /* default to false */
+  ftpc->wait_data_conn = FALSE; /* default to no such wait */
 
   /*
     Since connections can be re-used between SessionHandles, this might be a
@@ -4039,7 +4244,8 @@ CURLcode ftp_parse_url_path(struct connectdata *conn)
         return CURLE_OUT_OF_MEMORY;
 
       ftpc->dirs[0] = curl_easy_unescape(conn->data, slash_pos ? cur_pos : "/",
-                                         slash_pos?(int)(slash_pos-cur_pos):1,
+                                         slash_pos ?
+                                         curlx_sztosi(slash_pos-cur_pos) : 1,
                                          NULL);
       if(!ftpc->dirs[0]) {
         freedirs(ftpc);
@@ -4078,7 +4284,7 @@ CURLcode ftp_parse_url_path(struct connectdata *conn)
           /* we skip empty path components, like "x//y" since the FTP command
              CWD requires a parameter and a non-existent parameter a) doesn't
              work on many servers and b) has no effect on the others. */
-          int len = (int)(slash_pos - cur_pos + absolute_dir);
+          int len = curlx_sztosi(slash_pos - cur_pos + absolute_dir);
           ftpc->dirs[ftpc->dirdepth] =
             curl_easy_unescape(conn->data, cur_pos - absolute_dir, len, NULL);
           if(!ftpc->dirs[ftpc->dirdepth]) { /* run out of memory ... */
@@ -4149,8 +4355,8 @@ CURLcode ftp_parse_url_path(struct connectdata *conn)
       return CURLE_OUT_OF_MEMORY;
     }
 
-    dlen -= ftpc->file?(int)strlen(ftpc->file):0;
-    if((dlen == (int)strlen(ftpc->prevpath)) &&
+    dlen -= ftpc->file?curlx_uztosi(strlen(ftpc->file)):0;
+    if((dlen == curlx_uztosi(strlen(ftpc->prevpath))) &&
        strnequal(path, ftpc->prevpath, dlen)) {
       infof(data, "Request has same path as previous transfer\n");
       ftpc->cwddone = TRUE;
@@ -4169,8 +4375,10 @@ static CURLcode ftp_dophase_done(struct connectdata *conn,
   struct FTP *ftp = conn->data->state.proto.ftp;
   struct ftp_conn *ftpc = &conn->proto.ftpc;
 
-  if(connected)
-    result = ftp_nextconnect(conn);
+  if(connected) {
+    bool completed;
+    result = ftp_do_more(conn, &completed);
+  }
 
   if(result && (conn->sock[SECONDARYSOCKET] != CURL_SOCKET_BAD)) {
     /* Failure detected, close the second socket if it was created already */

lib/ftp.h

@@ -139,6 +139,7 @@ struct ftp_conn {
                        already has been done */
   bool cwdfail;     /* set TRUE if a CWD command fails, as then we must prevent
                        caching the current directory */
+  bool wait_data_conn; /* this is set TRUE if data connection is waited */
   char *prevpath;   /* conn->path from the previous transfer */
   char transfertype; /* set by ftp_transfertype for use by Curl_client_write()a
                         and others (A/I or zero) */
@@ -146,10 +147,15 @@ struct ftp_conn {
   int count2; /* general purpose counter for the state machine */
   int count3; /* general purpose counter for the state machine */
   ftpstate state; /* always use ftp.c:state() to change state! */
+  ftpstate state_saved; /* transfer type saved to be reloaded after
+                           data connection is established */
+  curl_off_t retr_size_saved; /* Size of retrieved file saved */
   char * server_os;     /* The target server operating system. */
   curl_off_t known_filesize; /* file size is different from -1, if wildcard
                                 LIST parsing was done and wc_statemach set
                                 it */
 };
 
+#define DEFAULT_ACCEPT_TIMEOUT   60000 /* milliseconds == one minute */
+
 #endif /* HEADER_CURL_FTP_H */

lib/getinfo.c

@@ -46,6 +46,7 @@ CURLcode Curl_initinfo(struct SessionHandle *data)
 
   pro->t_nslookup = 0;
   pro->t_connect = 0;
+  pro->t_appconnect = 0;
   pro->t_pretransfer = 0;
   pro->t_starttransfer = 0;
   pro->timespent = 0;

lib/gtls.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -34,7 +34,9 @@
 
 #include <gnutls/gnutls.h>
 #include <gnutls/x509.h>
+#ifndef USE_GNUTLS_NETTLE
 #include <gcrypt.h>
+#endif
 
 #ifdef HAVE_SYS_SOCKET_H
 #include <sys/socket.h>
@@ -85,8 +87,7 @@ static bool gtls_inited = FALSE;
 #    define USE_GNUTLS_PRIORITY_SET_DIRECT 1
 #  endif
 #  if (GNUTLS_VERSION_NUMBER >= 0x020c03)
-#    undef gnutls_transport_set_global_errno
-#    define gnutls_transport_set_global_errno(A) SET_ERRNO((A))
+#    define GNUTLS_MAPS_WINSOCK_ERRORS 1
 #  endif
 #endif
 
@@ -107,9 +108,13 @@ static bool gtls_inited = FALSE;
  * resort global errno variable using gnutls_transport_set_global_errno,
  * with a transport agnostic error value. This implies that some winsock
  * error translation must take place in these callbacks.
+ *
+ * Paragraph above applies to GNU TLS versions older than 2.12.3, since
+ * this version GNU TLS does its own internal winsock error translation
+ * using system_errno() function.
  */
 
-#ifdef USE_WINSOCK
+#if defined(USE_WINSOCK) && !defined(GNUTLS_MAPS_WINSOCK_ERRORS)
 #  define gtls_EINTR  4
 #  define gtls_EIO    5
 #  define gtls_EAGAIN 11
@@ -130,7 +135,7 @@ static int gtls_mapped_sockerrno(void)
 static ssize_t Curl_gtls_push(void *s, const void *buf, size_t len)
 {
   ssize_t ret = swrite(GNUTLS_POINTER_TO_INT_CAST(s), buf, len);
-#ifdef USE_WINSOCK
+#if defined(USE_WINSOCK) && !defined(GNUTLS_MAPS_WINSOCK_ERRORS)
   if(ret < 0)
     gnutls_transport_set_global_errno(gtls_mapped_sockerrno());
 #endif
@@ -140,7 +145,7 @@ static ssize_t Curl_gtls_push(void *s, const void *buf, size_t len)
 static ssize_t Curl_gtls_pull(void *s, void *buf, size_t len)
 {
   ssize_t ret = sread(GNUTLS_POINTER_TO_INT_CAST(s), buf, len);
-#ifdef USE_WINSOCK
+#if defined(USE_WINSOCK) && !defined(GNUTLS_MAPS_WINSOCK_ERRORS)
   if(ret < 0)
     gnutls_transport_set_global_errno(gtls_mapped_sockerrno());
 #endif
@@ -198,7 +203,7 @@ static void showtime(struct SessionHandle *data,
            tm->tm_hour,
            tm->tm_min,
            tm->tm_sec);
-  infof(data, "%s", data->state.buffer);
+  infof(data, "%s\n", data->state.buffer);
 }
 
 static gnutls_datum load_file (const char *file)
@@ -448,7 +453,13 @@ gtls_connect_step1(struct connectdata *conn,
     rc = gnutls_protocol_set_priority(session, protocol_priority);
 #else
     const char *err;
-    rc = gnutls_priority_set_direct(session, "-VERS-TLS-ALL:+VERS-SSL3.0",
+    /* the combination of the cipher ARCFOUR with SSL 3.0 and TLS 1.0 is not
+       vulnerable to attacks such as the BEAST, why this code now explicitly
+       asks for that
+    */
+    rc = gnutls_priority_set_direct(session,
+                                    "NORMAL:-VERS-TLS-ALL:+VERS-SSL3.0:"
+                                    "-CIPHER-ALL:+ARCFOUR-128",
                                     &err);
 #endif
     if(rc != GNUTLS_E_SUCCESS)
@@ -1032,7 +1043,9 @@ int Curl_gtls_seed(struct SessionHandle *data)
   static bool ssl_seeded = FALSE;
 
   /* Quickly add a bit of entropy */
+#ifndef USE_GNUTLS_NETTLE
   gcry_fast_random_poll();
+#endif
 
   if(!ssl_seeded || data->set.str[STRING_SSL_RANDOM_FILE] ||
      data->set.str[STRING_SSL_EGDSOCKET]) {

lib/hash.c

@@ -264,6 +264,9 @@ Curl_hash_clean_with_criterium(struct curl_hash *h, void *user,
   struct curl_llist *list;
   int i;
 
+  if(!h)
+    return;
+
   for(i = 0; i < h->slots; ++i) {
     list = h->table[i];
     le = list->head; /* get first list entry */

lib/hostip.c

@@ -201,14 +201,23 @@ Curl_printable_address(const Curl_addrinfo *ai, char *buf, size_t bufsize)
 }
 
 /*
- * Return a hostcache id string for the providing host + port, to be used by
+ * Return a hostcache id string for the provided host + port, to be used by
  * the DNS caching.
  */
 static char *
-create_hostcache_id(const char *server, int port)
+create_hostcache_id(const char *name, int port)
 {
   /* create and return the new allocated entry */
-  return aprintf("%s:%d", server, port);
+  char *id = aprintf("%s:%d", name, port);
+  char *ptr = id;
+  if(ptr) {
+    /* lower case the name part */
+    while(*ptr && (*ptr != ':')) {
+      *ptr = (char)TOLOWER(*ptr);
+      ptr++;
+    }
+  }
+  return id;
 }
 
 struct hostcache_prune_data {
@@ -721,4 +730,93 @@ struct curl_hash *Curl_mk_dnscache(void)
   return Curl_hash_alloc(7, Curl_hash_str, Curl_str_key_compare, freednsentry);
 }
 
+static int hostcache_inuse(void *data, void *hc)
+{
+  struct Curl_dns_entry *c = (struct Curl_dns_entry *) hc;
 
+  if(c->inuse == 1)
+    Curl_resolv_unlock(data, c);
+
+  return 1; /* free all entries */
+}
+
+void Curl_hostcache_destroy(struct SessionHandle *data)
+{
+  /* Entries added to the hostcache with the CURLOPT_RESOLVE function are
+   * still present in the cache with the inuse counter set to 1. Detect them
+   * and cleanup!
+   */
+  Curl_hash_clean_with_criterium(data->dns.hostcache, data, hostcache_inuse);
+
+  Curl_hash_destroy(data->dns.hostcache);
+  data->dns.hostcachetype = HCACHE_NONE;
+  data->dns.hostcache = NULL;
+}
+
+CURLcode Curl_loadhostpairs(struct SessionHandle *data)
+{
+  struct curl_slist *hostp;
+  char hostname[256];
+  char address[256];
+  int port;
+
+  for(hostp = data->change.resolve; hostp; hostp = hostp->next ) {
+    if(!hostp->data)
+      continue;
+    if(hostp->data[0] == '-') {
+      /* TODO: mark an entry for removal */
+    }
+    else if(3 == sscanf(hostp->data, "%255[^:]:%d:%255s", hostname, &port,
+                        address)) {
+      struct Curl_dns_entry *dns;
+      Curl_addrinfo *addr;
+      char *entry_id;
+      size_t entry_len;
+
+      addr = Curl_str2addr(address, port);
+      if(!addr) {
+        infof(data, "Resolve %s found illegal!\n", hostp->data);
+        continue;
+      }
+
+      /* Create an entry id, based upon the hostname and port */
+      entry_id = create_hostcache_id(hostname, port);
+      /* If we can't create the entry id, fail */
+      if(!entry_id) {
+        Curl_freeaddrinfo(addr);
+        return CURLE_OUT_OF_MEMORY;
+      }
+
+      entry_len = strlen(entry_id);
+
+      if(data->share)
+        Curl_share_lock(data, CURL_LOCK_DATA_DNS, CURL_LOCK_ACCESS_SINGLE);
+
+      /* See if its already in our dns cache */
+      dns = Curl_hash_pick(data->dns.hostcache, entry_id, entry_len+1);
+
+      /* free the allocated entry_id again */
+      free(entry_id);
+
+      if(!dns)
+        /* if not in the cache already, put this host in the cache */
+        dns = Curl_cache_addr(data, addr, hostname, port);
+      else
+        /* this is a duplicate, free it again */
+        Curl_freeaddrinfo(addr);
+
+      if(data->share)
+        Curl_share_unlock(data, CURL_LOCK_DATA_DNS);
+
+      if(!dns) {
+        Curl_freeaddrinfo(addr);
+        return CURLE_OUT_OF_MEMORY;
+      }
+      infof(data, "Added %s:%d:%s to DNS cache\n",
+            hostname, port, address);
+    }
+  }
+  data->change.resolve = NULL; /* dealt with now */
+
+  return CURLE_OK;
+}

lib/hostip.h

@@ -195,4 +195,16 @@ Curl_cache_addr(struct SessionHandle *data, Curl_addrinfo *addr,
 extern sigjmp_buf curl_jmpenv;
 #endif
 
+/*
+ * Function provided by the resolver backend to set DNS servers to use.
+ */
+CURLcode Curl_set_dns_servers(struct SessionHandle *data, char *servers);
+
+/*
+ * Destroy the hostcache of this handle.
+ */
+void Curl_hostcache_destroy(struct SessionHandle *data);
+
+CURLcode Curl_loadhostpairs(struct SessionHandle *data);
+
 #endif /* HEADER_CURL_HOSTIP_H */

lib/hostip4.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -119,6 +119,8 @@ Curl_addrinfo *Curl_getaddrinfo(struct connectdata *conn,
 #endif /* CURLRES_SYNCH */
 #endif /* CURLRES_IPV4 */
 
+#if defined(CURLRES_IPV4) && !defined(CURLRES_ARES)
+
 /*
  * Curl_ipv4_resolve_r() - ipv4 threadsafe resolver function.
  *
@@ -311,3 +313,4 @@ Curl_addrinfo *Curl_ipv4_resolve_r(const char *hostname,
 
   return ai;
 }
+#endif /* defined(CURLRES_IPV4) && !defined(CURLRES_ARES) */

lib/hostsyn.c

@@ -66,5 +66,16 @@
  **********************************************************************/
 #ifdef CURLRES_SYNCH
 
+/*
+ * Function provided by the resolver backend to set DNS servers to use.
+ */
+CURLcode Curl_set_dns_servers(struct SessionHandle *data,
+                              char *servers)
+{
+  (void)data;
+  (void)servers;
+  return CURLE_NOT_BUILT_IN;
+
+}
 
 #endif /* truly sync */

lib/http.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -1309,27 +1309,17 @@ CURLcode Curl_http_connect(struct connectdata *conn, bool *done)
      function to make the re-use checks properly be able to check this bit. */
   conn->bits.close = FALSE;
 
-#ifndef CURL_DISABLE_PROXY
-  /* If we are not using a proxy and we want a secure connection, perform SSL
-   * initialization & connection now.  If using a proxy with https, then we
-   * must tell the proxy to CONNECT to the host we want to talk to.  Only
-   * after the connect has occurred, can we start talking SSL
-   */
-  if(conn->bits.tunnel_proxy && conn->bits.httpproxy) {
-
-    /* either SSL over proxy, or explicitly asked for */
-    result = Curl_proxyCONNECT(conn, FIRSTSOCKET,
-                               conn->host.name,
-                               conn->remote_port);
-    if(CURLE_OK != result)
+  if(data->state.used_interface == Curl_if_multi) {
+    /* when the multi interface is used, the CONNECT procedure might not have
+       been completed */
+    result = Curl_proxy_connect(conn);
+    if(result)
       return result;
   }
 
-  if(conn->bits.tunnel_connecting) {
+  if(conn->tunnel_state[FIRSTSOCKET] == TUNNEL_CONNECT)
     /* nothing else to do except wait right now - we're not done here. */
     return CURLE_OK;
-  }
-#endif /* CURL_DISABLE_PROXY */
 
   if(conn->given->flags & PROTOPT_SSL) {
     /* perform SSL initialization */
@@ -1857,9 +1847,23 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
       /* ignore empty data */
       free(cookiehost);
     else {
-      char *colon = strchr(cookiehost, ':');
-      if(colon)
-        *colon = 0; /* The host must not include an embedded port number */
+      /* If the host begins with '[', we start searching for the port after
+         the bracket has been closed */
+      int startsearch = 0;
+      if(*cookiehost == '[') {
+        char *closingbracket;
+        closingbracket = strchr(cookiehost+1, ']');
+        if(closingbracket)
+          *closingbracket = 0;
+        /* since the 'cookiehost' is an allocated memory area that will be
+           freed later we cannot simply increment the pointer */
+        memmove(cookiehost, cookiehost + 1, strlen(cookiehost) - 1);
+      }
+      else {
+        char *colon = strchr(cookiehost + startsearch, ':');
+        if(colon)
+          *colon = 0; /* The host must not include an embedded port number */
+      }
       Curl_safefree(conn->allocptr.cookiehost);
       conn->allocptr.cookiehost = cookiehost;
     }

lib/http_digest.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -34,6 +34,7 @@
 #include "url.h" /* for Curl_safefree() */
 #include "curl_memory.h"
 #include "non-ascii.h" /* included for Curl_convert_... prototypes */
+#include "warnless.h"
 
 #define _MPRINTF_REPLACE /* use our functions only */
 #include <curl/mprintf.h>
@@ -416,7 +417,8 @@ CURLcode Curl_output_digest(struct connectdata *conn,
   */
   if(authp->iestyle && ((tmp = strchr((char *)uripath, '?')) != NULL)) {
     md5this = (unsigned char *)aprintf("%s:%.*s", request,
-                                       (int)(tmp - (char *)uripath), uripath);
+                                       curlx_sztosi(tmp - (char *)uripath),
+                                       uripath);
   }
   else
     md5this = (unsigned char *)aprintf("%s:%s", request, uripath);

lib/http_negotiate.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -124,7 +124,7 @@ log_gss_error(struct connectdata *conn, OM_uint32 error_status,
     gss_release_buffer(&min_stat, &status_string);
   } while(!GSS_ERROR(maj_stat) && msg_ctx != 0);
 
-  infof(conn->data, "%s", buf);
+  infof(conn->data, "%s\n", buf);
 }
 
 /* returning zero (0) means success, everything else is treated as "failure"

lib/http_negotiate_sspi.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -29,6 +29,7 @@
 #include "urldata.h"
 #include "sendf.h"
 #include "rawstr.h"
+#include "warnless.h"
 #include "curl_base64.h"
 #include "http_negotiate.h"
 #include "curl_memory.h"
@@ -189,7 +190,7 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy,
   out_buff_desc.cBuffers  = 1;
   out_buff_desc.pBuffers  = &out_sec_buff;
 
-  out_sec_buff.cbBuffer   = neg_ctx->max_token_length;
+  out_sec_buff.cbBuffer   = curlx_uztoul(neg_ctx->max_token_length);
   out_sec_buff.BufferType = SECBUFFER_TOKEN;
   out_sec_buff.pvBuffer   = neg_ctx->output_token;
 
@@ -197,9 +198,9 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy,
   if(input_token) {
     in_buff_desc.ulVersion = 0;
     in_buff_desc.cBuffers  = 1;
-    in_buff_desc.pBuffers  = &out_sec_buff;
+    in_buff_desc.pBuffers  = &in_sec_buff;
 
-    in_sec_buff.cbBuffer   = input_token_len;
+    in_sec_buff.cbBuffer   = curlx_uztoul(input_token_len);
     in_sec_buff.BufferType = SECBUFFER_TOKEN;
     in_sec_buff.pvBuffer   = input_token;
   }

lib/http_proxy.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -48,6 +48,40 @@
 /* The last #include file should be: */
 #include "memdebug.h"
 
+CURLcode Curl_proxy_connect(struct connectdata *conn)
+{
+  if(conn->bits.tunnel_proxy && conn->bits.httpproxy) {
+#ifndef CURL_DISABLE_PROXY
+    /* for [protocol] tunneled through HTTP proxy */
+    struct HTTP http_proxy;
+    void *prot_save;
+    CURLcode result;
+
+    /* BLOCKING */
+    /* We want "seamless" operations through HTTP proxy tunnel */
+
+    /* Curl_proxyCONNECT is based on a pointer to a struct HTTP at the
+     * member conn->proto.http; we want [protocol] through HTTP and we have
+     * to change the member temporarily for connecting to the HTTP
+     * proxy. After Curl_proxyCONNECT we have to set back the member to the
+     * original pointer
+     */
+    prot_save = conn->data->state.proto.generic;
+    memset(&http_proxy, 0, sizeof(http_proxy));
+    conn->data->state.proto.http = &http_proxy;
+    result = Curl_proxyCONNECT(conn, FIRSTSOCKET,
+                               conn->host.name, conn->remote_port);
+    conn->data->state.proto.generic = prot_save;
+    if(CURLE_OK != result)
+      return result;
+#else
+    return CURLE_NOT_BUILT_IN;
+#endif
+  }
+  /* no HTTP tunnel proxy, just return */
+  return CURLE_OK;
+}
+
 /*
  * Curl_proxyCONNECT() requires that we're connected to a HTTP proxy. This
  * function will issue the necessary commands to get a seamless tunnel through
@@ -83,10 +117,14 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
 #define SELECT_TIMEOUT 2
   int error = SELECT_OK;
 
+  if(conn->tunnel_state[sockindex] == TUNNEL_COMPLETE)
+    return CURLE_OK; /* CONNECT is already completed */
+
   conn->bits.proxy_connect_closed = FALSE;
 
   do {
-    if(!conn->bits.tunnel_connecting) { /* BEGIN CONNECT PHASE */
+    if(TUNNEL_INIT == conn->tunnel_state[sockindex]) {
+      /* BEGIN CONNECT PHASE */
       char *host_port;
       Curl_send_buffer *req_buffer;
 
@@ -116,18 +154,28 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
       /* Setup the proxy-authorization header, if any */
       result = Curl_http_output_auth(conn, "CONNECT", host_port, TRUE);
 
+      free(host_port);
+
       if(CURLE_OK == result) {
         char *host=(char *)"";
         const char *proxyconn="";
         const char *useragent="";
         const char *http = (conn->proxytype == CURLPROXY_HTTP_1_0) ?
           "1.0" : "1.1";
+        char *hostheader= /* host:port with IPv6 support */
+          aprintf("%s%s%s:%hu", conn->bits.ipv6_ip?"[":"",
+                  hostname, conn->bits.ipv6_ip?"]":"",
+                  remote_port);
+        if(!hostheader) {
+          free(req_buffer);
+          return CURLE_OUT_OF_MEMORY;
+        }
 
         if(!Curl_checkheaders(data, "Host:")) {
-          host = aprintf("Host: %s\r\n", host_port);
+          host = aprintf("Host: %s\r\n", hostheader);
           if(!host) {
+            free(hostheader);
             free(req_buffer);
-            free(host_port);
             return CURLE_OUT_OF_MEMORY;
           }
         }
@@ -138,24 +186,24 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
            data->set.str[STRING_USERAGENT])
           useragent = conn->allocptr.uagent;
 
-        /* Send the connect request to the proxy */
-        /* BLOCKING */
         result =
           Curl_add_bufferf(req_buffer,
-                      "CONNECT %s:%hu HTTP/%s\r\n"
-                      "%s"  /* Host: */
-                      "%s"  /* Proxy-Authorization */
-                      "%s"  /* User-Agent */
-                      "%s", /* Proxy-Connection */
-                      hostname, remote_port, http,
-                      host,
-                      conn->allocptr.proxyuserpwd?
-                      conn->allocptr.proxyuserpwd:"",
-                      useragent,
-                      proxyconn);
+                           "CONNECT %s HTTP/%s\r\n"
+                           "%s"  /* Host: */
+                           "%s"  /* Proxy-Authorization */
+                           "%s"  /* User-Agent */
+                           "%s", /* Proxy-Connection */
+                           hostheader,
+                           http,
+                           host,
+                           conn->allocptr.proxyuserpwd?
+                           conn->allocptr.proxyuserpwd:"",
+                           useragent,
+                           proxyconn);
 
         if(host && *host)
           free(host);
+        free(hostheader);
 
         if(CURLE_OK == result)
           result = Curl_add_custom_headers(conn, req_buffer);
@@ -165,7 +213,8 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
           result = Curl_add_bufferf(req_buffer, "\r\n");
 
         if(CURLE_OK == result) {
-          /* Now send off the request */
+          /* Send the connect request to the proxy */
+          /* BLOCKING */
           result =
             Curl_add_buffer_send(req_buffer, conn,
                                  &data->info.request_size, 0, sockindex);
@@ -174,12 +223,12 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
         if(result)
           failf(data, "Failed sending CONNECT to proxy");
       }
-      free(host_port);
+
       Curl_safefree(req_buffer);
       if(result)
         return result;
 
-      conn->bits.tunnel_connecting = TRUE;
+      conn->tunnel_state[sockindex] = TUNNEL_CONNECT;
     } /* END CONNECT PHASE */
 
     /* now we've issued the CONNECT and we're waiting to hear back -
@@ -202,11 +251,11 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
       else {
         DEBUGF(infof(data,
                      "Multi mode finished polling for response from "
-                     "proxy CONNECT."));
+                     "proxy CONNECT\n"));
       }
     }
     else {
-      DEBUGF(infof(data, "Easy mode waiting response from proxy CONNECT."));
+      DEBUGF(infof(data, "Easy mode waiting response from proxy CONNECT\n"));
     }
 
     /* at this point, either:
@@ -215,7 +264,6 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
        2) we're in multi-mode and we didn't block - it's either an error or we
        now have some data waiting.
        In any case, the tunnel_connecting phase is over. */
-    conn->bits.tunnel_connecting = FALSE;
 
     { /* BEGIN NEGOTIATION PHASE */
       size_t nread;   /* total size read */
@@ -409,8 +457,15 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
                         keepon=FALSE;
                       }
                     }
-                    else
+                    else {
                       keepon = FALSE;
+                      if(200 == data->info.httpproxycode) {
+                        if(gotbytes - (i+1))
+                          failf(data, "Proxy CONNECT followed by %zd bytes "
+                                "of opaque data. Data ignored (known bug #39)",
+                                gotbytes - (i+1));
+                      }
+                    }
                     break; /* breaks out of for-loop, not switch() */
                   }
 
@@ -498,9 +553,14 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
     if(closeConnection && data->req.newurl)
       conn->bits.proxy_connect_closed = TRUE;
 
+    /* to back to init state */
+    conn->tunnel_state[sockindex] = TUNNEL_INIT;
+
     return CURLE_RECV_ERROR;
   }
 
+  conn->tunnel_state[sockindex] = TUNNEL_COMPLETE;
+
   /* If a proxy-authorization header was used for the proxy, then we should
      make sure that it isn't accidentally used for the document request
      after we've connected. So let's free and clear it here. */

lib/http_proxy.h

@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -21,6 +21,7 @@
  * KIND, either express or implied.
  *
  ***************************************************************************/
+
 #if !defined(CURL_DISABLE_PROXY) && !defined(CURL_DISABLE_HTTP)
 /* ftp can use this as well */
 CURLcode Curl_proxyCONNECT(struct connectdata *conn,
@@ -30,8 +31,11 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
 /* Default proxy timeout in milliseconds */
 #define PROXY_TIMEOUT (3600*1000)
 
+CURLcode Curl_proxy_connect(struct connectdata *conn);
+
 #else
 #define Curl_proxyCONNECT(x,y,z,w) CURLE_NOT_BUILT_IN
+#define Curl_proxy_connect(x) CURLE_OK
 #endif
 
 #endif /* HEADER_CURL_HTTP_PROXY_H */

lib/if2ip.c

@@ -71,16 +71,34 @@
 
 #if defined(HAVE_GETIFADDRS)
 
-char *Curl_if2ip(int af, const char *interface, char *buf, int buf_size)
+bool Curl_if_is_interface_name(const char *interf)
+{
+  bool result = FALSE;
+
+  struct ifaddrs *iface, *head;
+
+  if(getifaddrs(&head) >= 0) {
+    for(iface=head; iface != NULL; iface=iface->ifa_next) {
+      if(curl_strequal(iface->ifa_name, interf)) {
+        result = TRUE;
+        break;
+      }
+    }
+    freeifaddrs(head);
+  }
+  return result;
+}
+
+char *Curl_if2ip(int af, const char *interf, char *buf, int buf_size)
 {
   struct ifaddrs *iface, *head;
-  char *ip=NULL;
+  char *ip = NULL;
 
   if(getifaddrs(&head) >= 0) {
     for(iface=head; iface != NULL; iface=iface->ifa_next) {
       if((iface->ifa_addr != NULL) &&
          (iface->ifa_addr->sa_family == af) &&
-         curl_strequal(iface->ifa_name, interface)) {
+         curl_strequal(iface->ifa_name, interf)) {
         void *addr;
         char scope[12]="";
 #ifdef ENABLE_IPV6
@@ -109,7 +127,17 @@ char *Curl_if2ip(int af, const char *interface, char *buf, int buf_size)
 
 #elif defined(HAVE_IOCTL_SIOCGIFADDR)
 
-char *Curl_if2ip(int af, const char *interface, char *buf, int buf_size)
+bool Curl_if_is_interface_name(const char *interf)
+{
+  /* This is here just to support the old interfaces */
+  char buf[256];
+
+  char *ip = Curl_if2ip(AF_INET, interf, buf, sizeof(buf));
+
+  return (ip != NULL) ? TRUE : FALSE;
+}
+
+char *Curl_if2ip(int af, const char *interf, char *buf, int buf_size)
 {
   struct ifreq req;
   struct in_addr in;
@@ -118,10 +146,10 @@ char *Curl_if2ip(int af, const char *interface, char *buf, int buf_size)
   size_t len;
   char *ip;
 
-  if(!interface || (af != AF_INET))
+  if(!interf || (af != AF_INET))
     return NULL;
 
-  len = strlen(interface);
+  len = strlen(interf);
   if(len >= sizeof(req.ifr_name))
     return NULL;
 
@@ -130,7 +158,7 @@ char *Curl_if2ip(int af, const char *interface, char *buf, int buf_size)
     return NULL;
 
   memset(&req, 0, sizeof(req));
-  memcpy(req.ifr_name, interface, len+1);
+  memcpy(req.ifr_name, interf, len+1);
   req.ifr_addr.sa_family = AF_INET;
 
   if(ioctl(dummy, SIOCGIFADDR, &req) < 0) {
@@ -148,6 +176,13 @@ char *Curl_if2ip(int af, const char *interface, char *buf, int buf_size)
 
 #else
 
+bool Curl_if_is_interface_name(const char *interf)
+{
+  (void) interf;
+
+  return FALSE;
+}
+
 char *Curl_if2ip(int af, const char *interf, char *buf, int buf_size)
 {
     (void) af;

lib/if2ip.h

@@ -1,5 +1,5 @@
-#ifndef __IF2IP_H
-#define __IF2IP_H
+#ifndef HEADER_CURL_IF2IP_H
+#define HEADER_CURL_IF2IP_H
 /***************************************************************************
  *                                  _   _ ____  _
  *  Project                     ___| | | |  _ \| |
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2005, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -23,7 +23,8 @@
  ***************************************************************************/
 #include "setup.h"
 
-extern char *Curl_if2ip(int af, const char *interf, char *buf, int buf_size);
+bool Curl_if_is_interface_name(const char *interf);
+char *Curl_if2ip(int af, const char *interf, char *buf, int buf_size);
 
 #ifdef __INTERIX
 #include <sys/socket.h>
@@ -62,4 +63,4 @@ struct ifreq {
 #define SIOCGIFADDR _IOW('s', 102, struct ifreq) /* Get if addr */
 #endif /* interix */
 
-#endif
+#endif /* HEADER_CURL_IF2IP_H */

lib/imap.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -78,7 +78,6 @@
 #include "url.h"
 #include "rawstr.h"
 #include "strtoofft.h"
-#include "http_proxy.h"
 
 #define _MPRINTF_REPLACE /* use our functions only */
 #include <curl/mprintf.h>
@@ -125,7 +124,8 @@ const struct Curl_handler Curl_handler_imap = {
   ZERO_NULL,                        /* readwrite */
   PORT_IMAP,                        /* defport */
   CURLPROTO_IMAP,                   /* protocol */
-  PROTOPT_CLOSEACTION | PROTOPT_NEEDSPWD /* flags */
+  PROTOPT_CLOSEACTION | PROTOPT_NEEDSPWD
+  | PROTOPT_NOURLQUERY              /* flags */
 };
 
 
@@ -151,7 +151,8 @@ const struct Curl_handler Curl_handler_imaps = {
   ZERO_NULL,                        /* readwrite */
   PORT_IMAPS,                       /* defport */
   CURLPROTO_IMAP | CURLPROTO_IMAPS, /* protocol */
-  PROTOPT_CLOSEACTION | PROTOPT_SSL | PROTOPT_NEEDSPWD /* flags */
+  PROTOPT_CLOSEACTION | PROTOPT_SSL | PROTOPT_NEEDSPWD
+  | PROTOPT_NOURLQUERY              /* flags */
 };
 #endif
 
@@ -352,8 +353,12 @@ static CURLcode imap_state_starttls_resp(struct connectdata *conn,
   (void)instate; /* no use for this yet */
 
   if(imapcode != 'O') {
-    failf(data, "STARTTLS denied. %c", imapcode);
-    result = CURLE_LOGIN_DENIED;
+    if(data->set.use_ssl != CURLUSESSL_TRY) {
+      failf(data, "STARTTLS denied. %c", imapcode);
+      result = CURLE_USE_SSL_FAILED;
+    }
+    else
+      result = imap_state_login(conn);
   }
   else {
     if(data->state.used_interface == Curl_if_multi) {
@@ -715,33 +720,6 @@ static CURLcode imap_connect(struct connectdata *conn,
   pp->endofresp = imap_endofresp;
   pp->conn = conn;
 
-  if(conn->bits.tunnel_proxy && conn->bits.httpproxy) {
-    /* for IMAP over HTTP proxy */
-    struct HTTP http_proxy;
-    struct FTP *imap_save;
-
-    /* BLOCKING */
-    /* We want "seamless" IMAP operations through HTTP proxy tunnel */
-
-    /* Curl_proxyCONNECT is based on a pointer to a struct HTTP at the member
-     * conn->proto.http; we want IMAP through HTTP and we have to change the
-     * member temporarily for connecting to the HTTP proxy. After
-     * Curl_proxyCONNECT we have to set back the member to the original struct
-     * IMAP pointer
-     */
-    imap_save = data->state.proto.imap;
-    memset(&http_proxy, 0, sizeof(http_proxy));
-    data->state.proto.http = &http_proxy;
-
-    result = Curl_proxyCONNECT(conn, FIRSTSOCKET,
-                               conn->host.name, conn->remote_port);
-
-    data->state.proto.imap = imap_save;
-
-    if(CURLE_OK != result)
-      return result;
-  }
-
   if((conn->handler->flags & PROTOPT_SSL) &&
      data->state.used_interface != Curl_if_multi) {
     /* BLOCKING */
@@ -947,17 +925,12 @@ static CURLcode imap_parse_url_path(struct connectdata *conn)
   struct imap_conn *imapc = &conn->proto.imapc;
   struct SessionHandle *data = conn->data;
   const char *path = data->state.path;
-  int len;
 
   if(!*path)
     path = "INBOX";
 
   /* url decode the path and use this mailbox */
-  imapc->mailbox = curl_easy_unescape(data, path, 0, &len);
-  if(!imapc->mailbox)
-    return CURLE_OUT_OF_MEMORY;
-
-  return CURLE_OK;
+  return Curl_urldecode(data, path, 0, &imapc->mailbox, NULL, TRUE);
 }
 
 /* call this when the DO phase has completed */

lib/krb5.c

@@ -2,7 +2,7 @@
  *
  * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H<>gskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
- * Copyright (c) 2004 - 2011 Daniel Stenberg
+ * Copyright (c) 2004 - 2012 Daniel Stenberg
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -313,10 +313,13 @@ krb5_auth(void *app_data, struct connectdata *conn)
 
 static void krb5_end(void *app_data)
 {
-    OM_uint32 maj, min;
+    OM_uint32 min;
     gss_ctx_id_t *context = app_data;
     if(*context != GSS_C_NO_CONTEXT) {
-      maj = gss_delete_sec_context(&min, context, GSS_C_NO_BUFFER);
+#ifdef DEBUGBUILD
+      OM_uint32 maj =
+#endif
+      gss_delete_sec_context(&min, context, GSS_C_NO_BUFFER);
       DEBUGASSERT(maj == GSS_S_COMPLETE);
     }
 }

lib/libcurl.plist

@@ -3,17 +3,17 @@
 <plist version="0.9">
 <dict>
 	<key>CFBundleInfoDictionaryVersion</key>
-	<string>6.0</string>	
-	
+	<string>6.0</string>
+
 	<key>CFBundleDevelopmentRegion</key>
 	<string>English</string>
-	
+
 	<key>CFBundleExecutable</key>
 	<string>curl</string>
-	
+
 	<key>CFBundleIdentifier</key>
 	<string>com.libcurl.libcurl</string>
-	
+
 	<key>CFBundleVersion</key>
 	<string>7.12.3</string>
 
@@ -21,15 +21,15 @@
 	<string>libcurl</string>
 
 	<key>CFBundlePackageType</key>
-	<string>FMWK</string>	
-	 
+	<string>FMWK</string>
+
 	<key>CFBundleSignature</key>
-	<string>????</string>	
-	
+	<string>????</string>
+
 	<key>CFBundleShortVersionString</key>
 	<string>libcurl 7.12.3</string>
-	
+
 	<key>CFBundleGetInfoString</key>
 	<string>libcurl.plist 7.12.3</string>
 </dict>
-</plist>
+</plist>

lib/libcurl.vers.in

@@ -0,0 +1,13 @@
+HIDDEN
+{
+  local:
+    __*;
+    _rest*;
+    _save*;
+};
+
+CURL_@VERSIONED_FLAVOUR@4
+{
+  global: curl_*;
+  local: *;
+};

lib/md4.c

@@ -27,6 +27,7 @@
 #ifdef USE_NSS
 
 #include "curl_md4.h"
+#include "warnless.h"
 
 typedef unsigned int UINT4;
 
@@ -275,7 +276,7 @@ void Curl_md4it(unsigned char *output, const unsigned char *input, size_t len)
 {
   MD4_CTX ctx;
   MD4Init(&ctx);
-  MD4Update(&ctx, input, (unsigned int)len);
+  MD4Update(&ctx, input, curlx_uztoui(len));
   MD4Final(output, &ctx);
 }
 #endif /* USE_NSS */

lib/md5.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -26,6 +26,31 @@
 
 #include "curl_md5.h"
 #include "curl_hmac.h"
+#include "warnless.h"
+
+#ifdef USE_GNUTLS_NETTLE
+
+#include <nettle/md5.h>
+
+typedef struct md5_ctx MD5_CTX;
+
+static void MD5_Init(MD5_CTX * ctx)
+{
+  md5_init(ctx);
+}
+
+static void MD5_Update(MD5_CTX * ctx,
+                       const unsigned char * input,
+                       unsigned int inputLen)
+{
+  md5_update(ctx, inputLen, input);
+}
+
+static void MD5_Final(unsigned char digest[16], MD5_CTX * ctx)
+{
+  md5_digest(ctx, 16, digest);
+}
+#else
 
 #ifdef USE_GNUTLS
 
@@ -369,6 +394,8 @@ static void Decode (UINT4 *output,
 
 #endif /* USE_GNUTLS */
 
+#endif /* USE_GNUTLS_NETTLE */
+
 const HMAC_params Curl_HMAC_MD5[] = {
   {
     (HMAC_hinit_func) MD5_Init,           /* Hash initialization function. */
@@ -386,7 +413,7 @@ void Curl_md5it(unsigned char *outbuffer, /* 16 bytes */
 {
   MD5_CTX ctx;
   MD5_Init(&ctx);
-  MD5_Update(&ctx, input, (unsigned int)strlen((char *)input));
+  MD5_Update(&ctx, input, curlx_uztoui(strlen((char *)input)));
   MD5_Final(outbuffer, &ctx);
 }
 

lib/mk-ca-bundle.pl

@@ -32,11 +32,11 @@
 #
 use Getopt::Std;
 use MIME::Base64;
-use LWP::UserAgent;
+use LWP::UserAgent 6;
 use strict;
 use vars qw($opt_b $opt_h $opt_i $opt_l $opt_n $opt_q $opt_t $opt_u $opt_v);
 
-my $url = 'http://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt?raw=1';
+my $url = 'https://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt?raw=1';
 # If the OpenSSL commandline is not in search path you can configure it here!
 my $openssl = 'openssl';
 

lib/multi.c

@@ -812,7 +812,7 @@ static int waitconnect_getsock(struct connectdata *conn,
 
   /* when we've sent a CONNECT to a proxy, we should rather wait for the
      socket to become readable to be able to get the response headers */
-  if(conn->bits.tunnel_connecting)
+  if(conn->tunnel_state[FIRSTSOCKET] == TUNNEL_CONNECT)
     return GETSOCK_READSOCK(0);
 
   return GETSOCK_WRITESOCK(0);
@@ -1066,7 +1066,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
                          CURLM_STATE_WAITDO:CURLM_STATE_DO);
             else {
 #ifndef CURL_DISABLE_HTTP
-              if(easy->easy_conn->bits.tunnel_connecting)
+              if(easy->easy_conn->tunnel_state[FIRSTSOCKET] == TUNNEL_CONNECT)
                 multistate(easy, CURLM_STATE_WAITPROXYCONNECT);
               else
 #endif
@@ -1085,12 +1085,15 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
       /* check if we have the name resolved by now */
       easy->result = Curl_resolver_is_resolved(easy->easy_conn, &dns);
 
-      if(dns) {
-        /* Update sockets here. Mainly because the socket(s) may have been
-           closed and the application thus needs to be told, even if it is
-           likely that the same socket(s) will again be used further down. */
-        singlesocket(multi, easy);
+      /* Update sockets here, because the socket(s) may have been
+         closed and the application thus needs to be told, even if it
+         is likely that the same socket(s) will again be used further
+         down.  If the name has not yet been resolved, it is likely
+         that new sockets have been opened in an attempt to contact
+         another resolver. */
+      singlesocket(multi, easy);
 
+      if(dns) {
         /* Perform the next step in the connection phase, and then move on
            to the WAITCONNECT state */
         easy->result = Curl_async_resolved(easy->easy_conn,
@@ -1108,7 +1111,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
                        CURLM_STATE_WAITDO:CURLM_STATE_DO);
           else {
 #ifndef CURL_DISABLE_HTTP
-            if(easy->easy_conn->bits.tunnel_connecting)
+            if(easy->easy_conn->tunnel_state[FIRSTSOCKET] == TUNNEL_CONNECT)
               multistate(easy, CURLM_STATE_WAITPROXYCONNECT);
             else
 #endif
@@ -1141,7 +1144,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
         multistate(easy, CURLM_STATE_CONNECT);
       }
       else if(CURLE_OK == easy->result) {
-        if(!easy->easy_conn->bits.tunnel_connecting)
+        if(easy->easy_conn->tunnel_state[FIRSTSOCKET] == TUNNEL_COMPLETE)
           multistate(easy, CURLM_STATE_WAITCONNECT);
       }
       break;
@@ -1176,7 +1179,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
              BUT if we are using a proxy we must change to WAITPROXYCONNECT
           */
 #ifndef CURL_DISABLE_HTTP
-          if(easy->easy_conn->bits.tunnel_connecting)
+          if(easy->easy_conn->tunnel_state[FIRSTSOCKET] == TUNNEL_CONNECT)
             multistate(easy, CURLM_STATE_WAITPROXYCONNECT);
           else
 #endif
@@ -1236,7 +1239,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
         easy->easy_conn->bits.close = FALSE;
         multistate(easy, CURLM_STATE_DONE);
         easy->result = CURLE_OK;
-        result = CURLM_OK;
+        result = CURLM_CALL_MULTI_PERFORM;
       }
       else {
         /* Perform the protocol's DO action */
@@ -1358,29 +1361,27 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
       break;
 
     case CURLM_STATE_DO_MORE:
-      /* Ready to do more? */
-      easy->result = Curl_is_connected(easy->easy_conn,
-                                       SECONDARYSOCKET,
-                                       &connected);
-      if(connected) {
-        /*
-         * When we are connected, DO MORE and then go DO_DONE
-         */
-        easy->result = Curl_do_more(easy->easy_conn);
+      /*
+       * When we are connected, DO MORE and then go DO_DONE
+       */
+      easy->result = Curl_do_more(easy->easy_conn, &dophase_done);
 
-        /* No need to remove ourselves from the send pipeline here since that
-           is done for us in Curl_done() */
-
-        if(CURLE_OK == easy->result) {
+      /* No need to remove this handle from the send pipeline here since that
+         is done in Curl_done() */
+      if(CURLE_OK == easy->result) {
+        if(dophase_done) {
           multistate(easy, CURLM_STATE_DO_DONE);
           result = CURLM_CALL_MULTI_PERFORM;
         }
-        else {
-          /* failure detected */
-          Curl_posttransfer(data);
-          Curl_done(&easy->easy_conn, easy->result, FALSE);
-          disconnect_conn = TRUE;
-        }
+        else
+          /* stay in DO_MORE */
+          result = CURLM_OK;
+      }
+      else {
+        /* failure detected */
+        Curl_posttransfer(data);
+        Curl_done(&easy->easy_conn, easy->result, FALSE);
+        disconnect_conn = TRUE;
       }
       break;
 
@@ -1937,11 +1938,12 @@ static void singlesocket(struct Curl_multi *multi,
     }
 
     /* we know (entry != NULL) at this point, see the logic above */
-    multi->socket_cb(easy->easy_handle,
-                     s,
-                     action,
-                     multi->socket_userp,
-                     entry->socketp);
+    if(multi->socket_cb)
+      multi->socket_cb(easy->easy_handle,
+                       s,
+                       action,
+                       multi->socket_userp,
+                       entry->socketp);
 
     entry->action = action; /* store the current action state */
   }
@@ -2016,11 +2018,12 @@ static void singlesocket(struct Curl_multi *multi,
         remove_sock_from_hash = FALSE;
 
       if(remove_sock_from_hash) {
-        multi->socket_cb(easy->easy_handle,
-                         s,
-                         CURL_POLL_REMOVE,
-                         multi->socket_userp,
-                         entry ? entry->socketp : NULL);
+        if(multi->socket_cb)
+          multi->socket_cb(easy->easy_handle,
+                           s,
+                           CURL_POLL_REMOVE,
+                           multi->socket_userp,
+                           entry ? entry->socketp : NULL);
         sh_delentry(multi->sockhash, s);
       }
 

lib/nonblock.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -61,11 +61,11 @@ int curlx_nonblock(curl_socket_t sockfd,    /* operate on this */
 
   /* most recent unix versions */
   int flags;
-  flags = fcntl(sockfd, F_GETFL, 0);
+  flags = sfcntl(sockfd, F_GETFL, 0);
   if(nonblock)
-    return fcntl(sockfd, F_SETFL, flags | O_NONBLOCK);
+    return sfcntl(sockfd, F_SETFL, flags | O_NONBLOCK);
   else
-    return fcntl(sockfd, F_SETFL, flags & (~O_NONBLOCK));
+    return sfcntl(sockfd, F_SETFL, flags & (~O_NONBLOCK));
 
 #elif defined(HAVE_IOCTL_FIONBIO)
 

lib/nss.c

@@ -1158,6 +1158,7 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
   PRBool ssl3 = PR_FALSE;
   PRBool tlsv1 = PR_FALSE;
   PRBool ssl_no_cache;
+  PRBool ssl_cbc_random_iv;
   struct SessionHandle *data = conn->data;
   curl_socket_t sockfd = conn->sock[sockindex];
   struct ssl_connect_data *connssl = &conn->ssl[sockindex];
@@ -1266,6 +1267,18 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
   if(SSL_OptionSet(model, SSL_V2_COMPATIBLE_HELLO, ssl2) != SECSuccess)
     goto error;
 
+  ssl_cbc_random_iv = !data->set.ssl_enable_beast;
+#ifdef SSL_CBC_RANDOM_IV
+  /* unless the user explicitly asks to allow the protocol vulnerability, we
+     use the work-around */
+  if(SSL_OptionSet(model, SSL_CBC_RANDOM_IV, ssl_cbc_random_iv) != SECSuccess)
+    infof(data, "warning: failed to set SSL_CBC_RANDOM_IV = %d\n",
+          ssl_cbc_random_iv);
+#else
+  if(ssl_cbc_random_iv)
+    infof(data, "warning: support for SSL_CBC_RANDOM_IV not compiled in\n");
+#endif
+
   /* reset the flag to avoid an infinite loop */
   data->state.ssl_connect_retry = FALSE;
 

lib/openldap.c

@@ -6,7 +6,7 @@
  *                 \___|\___/|_| \_\_____|
  *
  * Copyright (C) 2010, Howard Chu, <hyc@openldap.org>
- * Copyright (C) 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2011 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -46,7 +46,6 @@
 #include "curl_ldap.h"
 #include "curl_memory.h"
 #include "curl_base64.h"
-#include "http_proxy.h"
 
 #define _MPRINTF_REPLACE /* use our functions only */
 #include <curl/mprintf.h>
@@ -208,33 +207,6 @@ static CURLcode ldap_connect(struct connectdata *conn, bool *done)
 
   ldap_set_option(li->ld, LDAP_OPT_PROTOCOL_VERSION, &proto);
 
-  if(conn->bits.tunnel_proxy && conn->bits.httpproxy) {
-    /* for LDAP over HTTP proxy */
-    struct HTTP http_proxy;
-    ldapconninfo *li_save;
-    CURLcode result;
-
-    /* BLOCKING */
-    /* We want "seamless" LDAP operations through HTTP proxy tunnel */
-
-    /* Curl_proxyCONNECT is based on a pointer to a struct HTTP at the member
-     * conn->proto.http; we want LDAP through HTTP and we have to change the
-     * member temporarily for connecting to the HTTP proxy. After
-     * Curl_proxyCONNECT we have to set back the member to the original struct
-     * LDAP pointer
-     */
-    li_save = data->state.proto.generic;
-    memset(&http_proxy, 0, sizeof(http_proxy));
-    data->state.proto.http = &http_proxy;
-    result = Curl_proxyCONNECT(conn, FIRSTSOCKET,
-                               conn->host.name, conn->remote_port);
-
-    data->state.proto.generic = li_save;
-
-    if(CURLE_OK != result)
-      return result;
-  }
-
 #ifdef USE_SSL
   if(conn->handler->flags & PROTOPT_SSL) {
     CURLcode res;
@@ -336,7 +308,10 @@ retry:
     int proto;
     ldap_get_option(li->ld, LDAP_OPT_PROTOCOL_VERSION, &proto);
     if(proto == LDAP_VERSION3) {
-      ldap_memfree(info);
+      if(info) {
+        ldap_memfree(info);
+        info = NULL;
+      }
       proto = LDAP_VERSION2;
       ldap_set_option(li->ld, LDAP_OPT_PROTOCOL_VERSION, &proto);
       li->didbind = FALSE;
@@ -347,8 +322,13 @@ retry:
   if(err) {
     failf(data, "LDAP remote: bind failed %s %s", ldap_err2string(rc),
           info ? info : "");
+    if(info)
+      ldap_memfree(info);
     return CURLE_LOGIN_DENIED;
   }
+
+  if(info)
+    ldap_memfree(info);
   conn->recv[FIRSTSOCKET] = ldap_recv;
   *done = TRUE;
   return CURLE_OK;

lib/parsedate.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -75,6 +75,10 @@
 
 #include "setup.h"
 
+#ifdef HAVE_LIMITS_H
+#include <limits.h>
+#endif
+
 #include <curl/curl.h>
 #include "rawstr.h"
 #include "warnless.h"
@@ -392,7 +396,24 @@ static int parsedate(const char *date, time_t *output)
         secnum = 0;
       }
       else {
-        val = curlx_sltosi(strtol(date, &end, 10));
+        long lval;
+        int error;
+        int old_errno;
+
+        old_errno = ERRNO;
+        SET_ERRNO(0);
+        lval = strtol(date, &end, 10);
+        error = ERRNO;
+        if(error != old_errno)
+          SET_ERRNO(old_errno);
+
+        if(error)
+          return PARSEDATE_FAIL;
+
+        if((lval > (long)INT_MAX) || (lval < (long)INT_MIN))
+          return PARSEDATE_FAIL;
+
+        val = curlx_sltosi(lval);
 
         if((tzoff == -1) &&
            ((end - date) == 4) &&

lib/polarssl.c

@@ -65,6 +65,15 @@
 /* The last #include file should be: */
 #include "memdebug.h"
 
+/* version dependent differences */
+#if POLARSSL_VERSION_NUMBER < 0x01010000
+/* the old way */
+#define HAVEGE_RANDOM havege_rand
+#else
+/* from 1.1.0 */
+#define HAVEGE_RANDOM havege_random
+#endif
+
 /* Define this to enable lots of debugging for PolarSSL */
 #undef POLARSSL_DEBUG
 
@@ -128,7 +137,7 @@ Curl_polarssl_connect(struct connectdata *conn,
 
     if(ret) {
       failf(data, "Error reading ca cert file %s: -0x%04X",
-            data->set.str[STRING_SSL_CAFILE], -ret);
+            data->set.str[STRING_SSL_CAFILE], ret);
 
       if(data->set.ssl.verifypeer)
         return CURLE_SSL_CACERT_BADFILE;
@@ -189,7 +198,7 @@ Curl_polarssl_connect(struct connectdata *conn,
   ssl_set_endpoint(&conn->ssl[sockindex].ssl, SSL_IS_CLIENT);
   ssl_set_authmode(&conn->ssl[sockindex].ssl, SSL_VERIFY_OPTIONAL);
 
-  ssl_set_rng(&conn->ssl[sockindex].ssl, havege_rand,
+  ssl_set_rng(&conn->ssl[sockindex].ssl, HAVEGE_RANDOM,
               &conn->ssl[sockindex].hs);
   ssl_set_bio(&conn->ssl[sockindex].ssl,
               net_recv, &conn->sock[sockindex],
@@ -267,10 +276,13 @@ Curl_polarssl_connect(struct connectdata *conn,
 
   infof(data, "PolarSSL: Handshake complete, cipher is %s\n",
 #if POLARSSL_VERSION_NUMBER<0x01000000
-        ssl_get_cipher(&conn->ssl[sockindex].ssl));
+        ssl_get_cipher(&conn->ssl[sockindex].ssl)
+#elif POLARSSL_VERSION_NUMBER >= 0x01010000
+        ssl_get_ciphersuite(&conn->ssl[sockindex].ssl)
 #else
-        ssl_get_ciphersuite_name(&conn->ssl[sockindex].ssl));
+        ssl_get_ciphersuite_name(&conn->ssl[sockindex].ssl)
 #endif
+    );
 
   ret = ssl_get_verify_result(&conn->ssl[sockindex].ssl);
 

lib/pop3.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -79,7 +79,6 @@
 #include "url.h"
 #include "rawstr.h"
 #include "strtoofft.h"
-#include "http_proxy.h"
 
 #define _MPRINTF_REPLACE /* use our functions only */
 #include <curl/mprintf.h>
@@ -125,7 +124,7 @@ const struct Curl_handler Curl_handler_pop3 = {
   ZERO_NULL,                        /* readwrite */
   PORT_POP3,                        /* defport */
   CURLPROTO_POP3,                   /* protocol */
-  PROTOPT_CLOSEACTION               /* flags */
+  PROTOPT_CLOSEACTION | PROTOPT_NOURLQUERY /* flags */
 };
 
 
@@ -151,7 +150,8 @@ const struct Curl_handler Curl_handler_pop3s = {
   ZERO_NULL,                        /* readwrite */
   PORT_POP3S,                       /* defport */
   CURLPROTO_POP3 | CURLPROTO_POP3S, /* protocol */
-  PROTOPT_CLOSEACTION | PROTOPT_SSL /* flags */
+  PROTOPT_CLOSEACTION | PROTOPT_SSL
+  | PROTOPT_NOURLQUERY              /* flags */
 };
 #endif
 
@@ -297,9 +297,13 @@ static CURLcode pop3_state_starttls_resp(struct connectdata *conn,
   (void)instate; /* no use for this yet */
 
   if(pop3code != 'O') {
-    failf(data, "STARTTLS denied. %c", pop3code);
-    result = CURLE_LOGIN_DENIED;
-    state(conn, POP3_STOP);
+    if(data->set.use_ssl != CURLUSESSL_TRY) {
+      failf(data, "STARTTLS denied. %c", pop3code);
+      result = CURLE_USE_SSL_FAILED;
+      state(conn, POP3_STOP);
+    }
+    else
+      result = pop3_state_user(conn);
   }
   else {
     /* Curl_ssl_connect is BLOCKING */
@@ -420,6 +424,16 @@ static CURLcode pop3_state_list_resp(struct connectdata *conn,
     return CURLE_RECV_ERROR;
   }
 
+  /* This 'OK' line ends with a CR LF pair which is the two first bytes of the
+     EOB string so count this is two matching bytes. This is necessary to make
+     the code detect the EOB if the only data than comes now is %2e CR LF like
+     when there is no body to return. */
+  pop3c->eob = 2;
+
+  /* But since this initial CR LF pair is not part of the actual body, we set
+     the strip counter here so that these bytes won't be delivered. */
+  pop3c->strip = 2;
+
   /* POP3 download */
   Curl_setup_transfer(conn, FIRSTSOCKET, -1, FALSE, pop3->bytecountp,
                       -1, NULL); /* no upload here */
@@ -655,33 +669,6 @@ static CURLcode pop3_connect(struct connectdata *conn,
   pp->endofresp = pop3_endofresp;
   pp->conn = conn;
 
-  if(conn->bits.tunnel_proxy && conn->bits.httpproxy) {
-    /* for POP3 over HTTP proxy */
-    struct HTTP http_proxy;
-    struct FTP *pop3_save;
-
-    /* BLOCKING */
-    /* We want "seamless" POP3 operations through HTTP proxy tunnel */
-
-    /* Curl_proxyCONNECT is based on a pointer to a struct HTTP at the member
-     * conn->proto.http; we want POP3 through HTTP and we have to change the
-     * member temporarily for connecting to the HTTP proxy. After
-     * Curl_proxyCONNECT we have to set back the member to the original struct
-     * POP3 pointer
-     */
-    pop3_save = data->state.proto.pop3;
-    memset(&http_proxy, 0, sizeof(http_proxy));
-    data->state.proto.http = &http_proxy;
-
-    result = Curl_proxyCONNECT(conn, FIRSTSOCKET,
-                               conn->host.name, conn->remote_port);
-
-    data->state.proto.pop3 = pop3_save;
-
-    if(CURLE_OK != result)
-      return result;
-  }
-
   if(conn->handler->flags & PROTOPT_SSL) {
     /* BLOCKING */
     result = Curl_ssl_connect(conn, FIRSTSOCKET);
@@ -740,7 +727,7 @@ static CURLcode pop3_done(struct connectdata *conn, CURLcode status,
   Curl_safefree(pop3c->mailbox);
   pop3c->mailbox = NULL;
 
-  /* clear these for next connection */
+  /* Clear the transfer mode for the next connection */
   pop3->transfer = FTPTRANSFER_BODY;
 
   return result;
@@ -899,11 +886,7 @@ static CURLcode pop3_parse_url_path(struct connectdata *conn)
   const char *path = data->state.path;
 
   /* url decode the path and use this mailbox */
-  pop3c->mailbox = curl_easy_unescape(data, path, 0, NULL);
-  if(!pop3c->mailbox)
-    return CURLE_OUT_OF_MEMORY;
-
-  return CURLE_OK;
+  return Curl_urldecode(data, path, 0, &pop3c->mailbox, NULL, TRUE);
 }
 
 /* call this when the DO phase has completed */
@@ -1024,42 +1007,121 @@ CURLcode Curl_pop3_write(struct connectdata *conn,
                          char *str,
                          size_t nread)
 {
-  /* This code could be made into a special function in the handler struct. */
-  CURLcode result;
+  /* This code could be made into a special function in the handler struct */
+  CURLcode result = CURLE_OK;
   struct SessionHandle *data = conn->data;
   struct SingleRequest *k = &data->req;
 
-  /* Detect the end-of-body marker, which is 5 bytes:
-     0d 0a 2e 0d 0a. This marker can of course be spread out
-     over up to 5 different data chunks. Deal with it! */
   struct pop3_conn *pop3c = &conn->proto.pop3c;
-  size_t checkmax = (nread >= POP3_EOB_LEN?POP3_EOB_LEN:nread);
-  size_t checkleft = POP3_EOB_LEN-pop3c->eob;
-  size_t check = (checkmax >= checkleft?checkleft:checkmax);
+  bool strip_dot = FALSE;
+  size_t last = 0;
+  size_t i;
 
-  if(!memcmp(POP3_EOB, &str[nread - check], check)) {
-    /* substring match */
-    pop3c->eob += check;
-    if(pop3c->eob == POP3_EOB_LEN) {
-      /* full match, the transfer is done! */
-      str[nread - check] = '\0';
-      nread -= check;
-      k->keepon &= ~KEEP_RECV;
+  /* Search through the buffer looking for the end-of-body marker which is
+     5 bytes (0d 0a 2e 0d 0a). Note that a line starting with a dot matches
+     the eob so the server will have prefixed it with an extra dot which we
+     need to strip out. Additionally the marker could of course be spread out
+     over 5 different data chunks */
+  for(i = 0; i < nread; i++) {
+    size_t prev = pop3c->eob;
+
+    switch(str[i]) {
+    case 0x0d:
+      if(pop3c->eob == 0) {
+        pop3c->eob++;
+
+        if(i) {
+          /* Write out the body part that didn't match */
+          result = Curl_client_write(conn, CLIENTWRITE_BODY, &str[last],
+                                     i - last);
+
+          if(result)
+            return result;
+
+          last = i;
+        }
+      }
+      else if(pop3c->eob == 3)
+        pop3c->eob++;
+      else
+        /* If the character match wasn't at position 0 or 3 then restart the
+           pattern matching */
+        pop3c->eob = 1;
+      break;
+
+    case 0x0a:
+      if(pop3c->eob == 1 || pop3c->eob == 4)
+        pop3c->eob++;
+      else
+        /* If the character match wasn't at position 1 or 4 then start the
+           search again */
+        pop3c->eob = 0;
+      break;
+
+    case 0x2e:
+      if(pop3c->eob == 2)
+        pop3c->eob++;
+      else if(pop3c->eob == 3) {
+        /* We have an extra dot after the CRLF which we need to strip off */
+        strip_dot = TRUE;
+        pop3c->eob = 0;
+      }
+      else
+        /* If the character match wasn't at position 2 then start the search
+           again */
+        pop3c->eob = 0;
+      break;
+
+    default:
       pop3c->eob = 0;
+      break;
+    }
+
+    /* Did we have a partial match which has subsequently failed? */
+    if(prev && prev >= pop3c->eob) {
+      /* Strip can only be non-zero for the very first mismatch after CRLF
+         and then both prev and strip are equal and nothing will be output
+         below */
+      while(prev && pop3c->strip) {
+        prev--;
+        pop3c->strip--;
+      }
+
+      if(prev) {
+        /* If the partial match was the CRLF and dot then only write the CRLF
+           as the server would have inserted the dot */
+        result = Curl_client_write(conn, CLIENTWRITE_BODY, (char*)POP3_EOB,
+                                   strip_dot ? prev - 1 : prev);
+
+        if(result)
+          return result;
+
+        last = i;
+        strip_dot = FALSE;
+      }
     }
   }
-  else if(pop3c->eob) {
-    /* not a match, but we matched a piece before so we must now
-       send that part as body first, before we move on and send
-       this buffer */
-    result = Curl_client_write(conn, CLIENTWRITE_BODY,
-                               (char *)POP3_EOB, pop3c->eob);
-    if(result)
-      return result;
+
+  if(pop3c->eob == POP3_EOB_LEN) {
+    /* We have a full match so the transfer is done, however we must transfer
+    the CRLF at the start of the EOB as this is considered to be part of the
+    message as per RFC-1939, sect. 3 */
+    result = Curl_client_write(conn, CLIENTWRITE_BODY, (char*)POP3_EOB, 2);
+
+    k->keepon &= ~KEEP_RECV;
     pop3c->eob = 0;
+
+    return result;
   }
 
-  result = Curl_client_write(conn, CLIENTWRITE_BODY, str, nread);
+  if(pop3c->eob)
+    /* While EOB is matching nothing should be output */
+    return CURLE_OK;
+
+  if(nread - last) {
+    result = Curl_client_write(conn, CLIENTWRITE_BODY, &str[last],
+                               nread - last);
+  }
 
   return result;
 }

lib/pop3.h

@@ -1,5 +1,5 @@
-#ifndef __POP3_H
-#define __POP3_H
+#ifndef HEADER_CURL_POP3_H
+#define HEADER_CURL_POP3_H
 /***************************************************************************
  *                                  _   _ ____  _
  *  Project                     ___| | | |  _ \| |
@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2009, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2009 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -46,6 +46,7 @@ struct pop3_conn {
   char *mailbox;     /* what to RETR */
   size_t eob;        /* number of bytes of the EOB (End Of Body) that has been
                         received thus far */
+  size_t strip;      /* number of bytes from the start to ignore as non-body */
   pop3state state; /* always use pop3.c:state() to change state! */
 };
 
@@ -60,4 +61,4 @@ CURLcode Curl_pop3_write(struct connectdata *conn,
                          char *str,
                          size_t nread);
 
-#endif /* __POP3_H */
+#endif /* HEADER_CURL_POP3_H */

lib/progress.c

@@ -157,6 +157,8 @@ void Curl_pgrsResetTimes(struct SessionHandle *data)
 
 void Curl_pgrsTime(struct SessionHandle *data, timerid timer)
 {
+  struct timeval now = Curl_tvnow();
+
   switch(timer) {
   default:
   case TIMER_NONE:
@@ -164,35 +166,38 @@ void Curl_pgrsTime(struct SessionHandle *data, timerid timer)
     break;
   case TIMER_STARTSINGLE:
     /* This is set at the start of a single fetch */
-    data->progress.t_startsingle = Curl_tvnow();
+    data->progress.t_startsingle = now;
+    break;
+
+  case TIMER_STARTACCEPT:
+    data->progress.t_acceptdata = Curl_tvnow();
     break;
 
   case TIMER_NAMELOOKUP:
     data->progress.t_nslookup =
-      Curl_tvdiff_secs(Curl_tvnow(), data->progress.t_startsingle);
+      Curl_tvdiff_secs(now, data->progress.t_startsingle);
     break;
   case TIMER_CONNECT:
     data->progress.t_connect =
-      Curl_tvdiff_secs(Curl_tvnow(), data->progress.t_startsingle);
+      Curl_tvdiff_secs(now, data->progress.t_startsingle);
     break;
   case TIMER_APPCONNECT:
     data->progress.t_appconnect =
-      Curl_tvdiff_secs(Curl_tvnow(), data->progress.t_startsingle);
+      Curl_tvdiff_secs(now, data->progress.t_startsingle);
     break;
   case TIMER_PRETRANSFER:
     data->progress.t_pretransfer =
-      Curl_tvdiff_secs(Curl_tvnow(), data->progress.t_startsingle);
+      Curl_tvdiff_secs(now, data->progress.t_startsingle);
     break;
   case TIMER_STARTTRANSFER:
     data->progress.t_starttransfer =
-      Curl_tvdiff_secs(Curl_tvnow(), data->progress.t_startsingle);
+      Curl_tvdiff_secs(now, data->progress.t_startsingle);
     break;
   case TIMER_POSTRANSFER:
     /* this is the normal end-of-transfer thing */
     break;
   case TIMER_REDIRECT:
-    data->progress.t_redirect =
-      Curl_tvdiff_secs(Curl_tvnow(), data->progress.start);
+    data->progress.t_redirect = Curl_tvdiff_secs(now, data->progress.start);
     break;
   }
 }

lib/progress.h

@@ -34,6 +34,7 @@ typedef enum {
   TIMER_STARTTRANSFER,
   TIMER_POSTRANSFER,
   TIMER_STARTSINGLE,
+  TIMER_STARTACCEPT,
   TIMER_REDIRECT,
   TIMER_LAST /* must be last */
 } timerid;

lib/select.c

@@ -125,11 +125,11 @@ int Curl_wait_ms(int timeout_ms)
 }
 
 /*
- * This is an internal function used for waiting for read or write
- * events on a pair of file descriptors.  It uses poll() when a fine
- * poll() is available, in order to avoid limits with FD_SETSIZE,
- * otherwise select() is used.  An error is returned if select() is
- * being used and a file descriptor is too large for FD_SETSIZE.
+ * Wait for read or write events on a set of file descriptors. It uses poll()
+ * when a fine poll() is available, in order to avoid limits with FD_SETSIZE,
+ * otherwise select() is used.  An error is returned if select() is being used
+ * and a file descriptor is too large for FD_SETSIZE.
+ *
  * A negative timeout value makes this function wait indefinitely,
  * unles no valid file descriptor is given, when this happens the
  * negative timeout is ignored and the function times out immediately.
@@ -140,13 +140,20 @@ int Curl_wait_ms(int timeout_ms)
  * Return values:
  *   -1 = system call error or fd >= FD_SETSIZE
  *    0 = timeout
- *    CURL_CSELECT_IN | CURL_CSELECT_OUT | CURL_CSELECT_ERR
+ *    [bitmask] = action as described below
+ *
+ * CURL_CSELECT_IN - first socket is readable
+ * CURL_CSELECT_IN2 - second socket is readable
+ * CURL_CSELECT_OUT - write socket is writable
+ * CURL_CSELECT_ERR - an error condition occurred
  */
-int Curl_socket_ready(curl_socket_t readfd, curl_socket_t writefd,
-                      long timeout_ms)
+int Curl_socket_check(curl_socket_t readfd0, /* two sockets to read from */
+                      curl_socket_t readfd1,
+                      curl_socket_t writefd, /* socket to write to */
+                      long timeout_ms)       /* milliseconds to wait */
 {
 #ifdef HAVE_POLL_FINE
-  struct pollfd pfd[2];
+  struct pollfd pfd[3];
   int num;
 #else
   struct timeval pending_tv;
@@ -162,7 +169,9 @@ int Curl_socket_ready(curl_socket_t readfd, curl_socket_t writefd,
   int r;
   int ret;
 
-  if((readfd == CURL_SOCKET_BAD) && (writefd == CURL_SOCKET_BAD)) {
+  if((readfd0 == CURL_SOCKET_BAD) && (readfd1 == CURL_SOCKET_BAD) &&
+     (writefd == CURL_SOCKET_BAD)) {
+    /* no sockets, just wait */
     r = Curl_wait_ms((int)timeout_ms);
     return r;
   }
@@ -180,8 +189,14 @@ int Curl_socket_ready(curl_socket_t readfd, curl_socket_t writefd,
 #ifdef HAVE_POLL_FINE
 
   num = 0;
-  if(readfd != CURL_SOCKET_BAD) {
-    pfd[num].fd = readfd;
+  if(readfd0 != CURL_SOCKET_BAD) {
+    pfd[num].fd = readfd0;
+    pfd[num].events = POLLRDNORM|POLLIN|POLLRDBAND|POLLPRI;
+    pfd[num].revents = 0;
+    num++;
+  }
+  if(readfd1 != CURL_SOCKET_BAD) {
+    pfd[num].fd = readfd1;
     pfd[num].events = POLLRDNORM|POLLIN|POLLRDBAND|POLLPRI;
     pfd[num].revents = 0;
     num++;
@@ -218,13 +233,20 @@ int Curl_socket_ready(curl_socket_t readfd, curl_socket_t writefd,
 
   ret = 0;
   num = 0;
-  if(readfd != CURL_SOCKET_BAD) {
+  if(readfd0 != CURL_SOCKET_BAD) {
     if(pfd[num].revents & (POLLRDNORM|POLLIN|POLLERR|POLLHUP))
       ret |= CURL_CSELECT_IN;
     if(pfd[num].revents & (POLLRDBAND|POLLPRI|POLLNVAL))
       ret |= CURL_CSELECT_ERR;
     num++;
   }
+  if(readfd1 != CURL_SOCKET_BAD) {
+    if(pfd[num].revents & (POLLRDNORM|POLLIN|POLLERR|POLLHUP))
+      ret |= CURL_CSELECT_IN2;
+    if(pfd[num].revents & (POLLRDBAND|POLLPRI|POLLNVAL))
+      ret |= CURL_CSELECT_ERR;
+    num++;
+  }
   if(writefd != CURL_SOCKET_BAD) {
     if(pfd[num].revents & (POLLWRNORM|POLLOUT))
       ret |= CURL_CSELECT_OUT;
@@ -240,11 +262,18 @@ int Curl_socket_ready(curl_socket_t readfd, curl_socket_t writefd,
   maxfd = (curl_socket_t)-1;
 
   FD_ZERO(&fds_read);
-  if(readfd != CURL_SOCKET_BAD) {
-    VERIFY_SOCK(readfd);
-    FD_SET(readfd, &fds_read);
-    FD_SET(readfd, &fds_err);
-    maxfd = readfd;
+  if(readfd0 != CURL_SOCKET_BAD) {
+    VERIFY_SOCK(readfd0);
+    FD_SET(readfd0, &fds_read);
+    FD_SET(readfd0, &fds_err);
+    maxfd = readfd0;
+  }
+  if(readfd1 != CURL_SOCKET_BAD) {
+    VERIFY_SOCK(readfd1);
+    FD_SET(readfd1, &fds_read);
+    FD_SET(readfd1, &fds_err);
+    if(readfd1 > maxfd)
+      maxfd = readfd1;
   }
 
   FD_ZERO(&fds_write);
@@ -286,10 +315,16 @@ int Curl_socket_ready(curl_socket_t readfd, curl_socket_t writefd,
     return 0;
 
   ret = 0;
-  if(readfd != CURL_SOCKET_BAD) {
-    if(FD_ISSET(readfd, &fds_read))
+  if(readfd0 != CURL_SOCKET_BAD) {
+    if(FD_ISSET(readfd0, &fds_read))
       ret |= CURL_CSELECT_IN;
-    if(FD_ISSET(readfd, &fds_err))
+    if(FD_ISSET(readfd0, &fds_err))
+      ret |= CURL_CSELECT_ERR;
+  }
+  if(readfd1 != CURL_SOCKET_BAD) {
+    if(FD_ISSET(readfd1, &fds_read))
+      ret |= CURL_CSELECT_IN2;
+    if(FD_ISSET(readfd1, &fds_err))
       ret |= CURL_CSELECT_ERR;
   }
   if(writefd != CURL_SOCKET_BAD) {

lib/select.h

@@ -84,9 +84,19 @@ struct pollfd
 #define POLLRDBAND POLLPRI
 #endif
 
-int Curl_socket_ready(curl_socket_t readfd, curl_socket_t writefd,
+/* there are three CSELECT defines that are defined in the public header that
+   are exposed to users, but this *IN2 bit is only ever used internally and
+   therefore defined here */
+#define CURL_CSELECT_IN2 (CURL_CSELECT_ERR << 1)
+
+int Curl_socket_check(curl_socket_t readfd, curl_socket_t readfd2,
+                      curl_socket_t writefd,
                       long timeout_ms);
 
+/* provide the former API internally */
+#define Curl_socket_ready(x,y,z) \
+  Curl_socket_check(x, CURL_SOCKET_BAD, y, z)
+
 int Curl_poll(struct pollfd ufds[], unsigned int nfds, int timeout_ms);
 
 int Curl_wait_ms(int timeout_ms);

lib/setup.h

@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -487,6 +487,9 @@
 #ifdef USE_ARES
 #  define CURLRES_ASYNCH
 #  define CURLRES_ARES
+/* now undef the stock libc functions just to avoid them being used */
+#  undef HAVE_GETADDRINFO
+#  undef HAVE_GETHOSTBYNAME
 #elif defined(USE_THREADS_POSIX) || defined(USE_THREADS_WIN32)
 #  define CURLRES_ASYNCH
 #  define CURLRES_THREADED
@@ -620,7 +623,6 @@ int netware_init(void);
 #if defined(__LWIP_OPT_H__)
 #  if defined(SOCKET) || \
      defined(USE_WINSOCK) || \
-     defined(HAVE_ERRNO_H) || \
      defined(HAVE_WINSOCK_H) || \
      defined(HAVE_WINSOCK2_H) || \
      defined(HAVE_WS2TCPIP_H)
@@ -628,4 +630,14 @@ int netware_init(void);
 #  endif
 #endif
 
+/*
+ * Portable symbolic names for Winsock shutdown() mode flags.
+ */
+
+#ifdef USE_WINSOCK
+#  define SHUT_RD   0x00
+#  define SHUT_WR   0x01
+#  define SHUT_RDWR 0x02
+#endif
+
 #endif /* HEADER_CURL_LIB_SETUP_H */

lib/setup_once.h

@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -239,10 +239,21 @@ struct timeval {
 #  define sclose(x)  closesocket((x))
 #elif defined(HAVE_CLOSESOCKET_CAMEL)
 #  define sclose(x)  CloseSocket((x))
+#elif defined(USE_LWIPSOCK)
+#  define sclose(x)  lwip_close((x))
 #else
 #  define sclose(x)  close((x))
 #endif
 
+/*
+ * Stack-independent version of fcntl() on sockets:
+ */
+#if defined(USE_LWIPSOCK)
+#  define sfcntl  lwip_fcntl
+#else
+#  define sfcntl  fcntl
+#endif
+
 /*
  * Uppercase macro versions of ANSI/ISO is*() functions/macros which
  * avoid negative number inputs with argument byte codes > 127.