Fixed compiler warning 'unused parameter'.

Added prototypes to kill compiler warning.
Added --with-winidn to configure.
2012-07-27 03:54:58 +02:00 · 2012-07-27 03:27:51 +02:00 · 2012-07-27 03:19:21 +02:00 · 2012-07-27 01:01:45 +02:00 · 2012-07-27 00:31:15 +02:00 · 2012-07-27 00:15:17 +02:00
448 changed files with 21565 additions and 5782 deletions
--- a/.gitattributes
+++ b/.gitattributes
@@ -1 +1,5 @@
 *.dsw -crlf
+buildconf eol=lf
+configure.ac eol=lf
+*.m4 eol=lf
+*.in eol=lf
--- a/.gitignore
+++ b/.gitignore
@@ -42,3 +42,6 @@ TAGS
 *~
 aclocal.m4.bak
 CHANGES.dist
+.project
+.cproject
+.settings
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -57,10 +57,6 @@ set(OS "\"${CMAKE_SYSTEM_NAME}\"")
 include_directories(${PROJECT_BINARY_DIR}/include/curl)
 include_directories( ${CURL_SOURCE_DIR}/include )

-if(WIN32)
-  set(NATIVE_WINDOWS ON)
-endif()
-
 option(BUILD_CURL_EXE "Set to ON to build cURL executable." ON)
 option(BUILD_CURL_TESTS "Set to ON to build cURL tests." ON)
 option(CURL_STATICLIB "Set to ON to build libcurl with static linking." OFF)
@@ -113,22 +109,11 @@ mark_as_advanced(CURL_DISABLE_HTTP)

 option(CURL_DISABLE_LDAPS "to disable LDAPS" OFF)
 mark_as_advanced(CURL_DISABLE_LDAPS)
-if(WIN32)
-  set(CURL_DEFAULT_DISABLE_LDAP OFF)
-  # some windows compilers do not have wldap32
-  if( NOT HAVE_WLDAP32)
-    set(CURL_DISABLE_LDAP ON CACHE BOOL "" FORCE)
-    message(STATUS "wldap32 not found CURL_DISABLE_LDAP set ON")
-    option(CURL_LDAP_WIN "Use Windows LDAP implementation" OFF)
-  else()
-    option(CURL_LDAP_WIN "Use Windows LDAP implementation" ON)
-  endif()
-  mark_as_advanced(CURL_LDAP_WIN)
-endif()

 if(HTTP_ONLY)
  set(CURL_DISABLE_FTP ON)
  set(CURL_DISABLE_LDAP ON)
+  set(CURL_DISABLE_LDAPS ON)
  set(CURL_DISABLE_TELNET ON)
  set(CURL_DISABLE_DICT ON)
  set(CURL_DISABLE_FILE ON)
@@ -148,9 +133,9 @@ option(ENABLE_IPV6 "Define if you want to enable IPv6 support" OFF)
 mark_as_advanced(ENABLE_IPV6)

 if(WIN32)
-  find_library(WSOCK32_LIBRARY wsock32)
-  find_library(WS2_32_LIBRARY ws2_32)
-  list_spaces_append_once(CMAKE_C_STANDARD_LIBRARIES ${WSOCK32_LIBRARY} ${WS2_32_LIBRARY})  # bufferoverflowu.lib
+  # Windows standard libraries are located in C:/Program Files/Microsoft SDKs/[...]
+  # They are already included in the default MSVC LIBPATH => no find_library is needed!
+  list_spaces_append_once(CMAKE_C_STANDARD_LIBRARIES wsock32.lib ws2_32.lib)  # bufferoverflowu.lib
  if(CURL_DISABLE_LDAP)
    # Remove wldap32.lib from space-separated list
    string(REPLACE " " ";" _LIST ${CMAKE_C_STANDARD_LIBRARIES})
@@ -221,6 +206,20 @@ check_library_exists_concat("ws2_32" getch        HAVE_LIBWS2_32)
 check_library_exists_concat("winmm"  getch        HAVE_LIBWINMM)
 check_library_exists("wldap32" cldap_open "" HAVE_WLDAP32)

+if(WIN32)
+  set(CURL_DEFAULT_DISABLE_LDAP OFF)
+  # some windows compilers do not have wldap32
+  if(NOT HAVE_WLDAP32)
+    set(CURL_DISABLE_LDAP ON CACHE BOOL "" FORCE)
+    message(STATUS "wldap32 not found CURL_DISABLE_LDAP set ON")
+    option(CURL_LDAP_WIN "Use Windows LDAP implementation" OFF)
+  else()
+    option(CURL_LDAP_WIN "Use Windows LDAP implementation" ON)
+  endif()
+  mark_as_advanced(CURL_LDAP_WIN)
+endif()
+
+
 # IF(NOT CURL_SPECIAL_LIBZ)
 #  CHECK_LIBRARY_EXISTS_CONCAT("z"      inflateEnd   HAVE_LIBZ)
 # ENDIF(NOT CURL_SPECIAL_LIBZ)
@@ -387,6 +386,13 @@ if(NOT HAVE_LDAP_H)
  set(CURL_DISABLE_LDAP ON CACHE BOOL "" FORCE)
 endif()

+# No ldap, no ldaps.
+if(CURL_DISABLE_LDAP)
+  if(NOT CURL_DISABLE_LDAPS)
+    message(STATUS "LDAP needs to be enabled to support LDAPS")
+    set(CURL_DISABLE_LDAPS ON CACHE BOOL "" FORCE)
+  endif()
+endif()

 check_type_size(size_t  SIZEOF_SIZE_T)
 check_type_size(ssize_t  SIZEOF_SSIZE_T)
@@ -426,7 +432,7 @@ if(SIZEOF_LONG EQUAL 8)
  set(CURL_FORMAT_CURL_OFF_TU "lu")
  set(CURL_FORMAT_OFF_T "%ld")
  set(CURL_SUFFIX_CURL_OFF_T L)
-  set(CURL_SUFFIX_CURL_OFF_TU LU)
+  set(CURL_SUFFIX_CURL_OFF_TU UL)
 endif(SIZEOF_LONG EQUAL 8)

 if(SIZEOF_LONG_LONG EQUAL 8)
@@ -436,7 +442,7 @@ if(SIZEOF_LONG_LONG EQUAL 8)
  set(CURL_FORMAT_CURL_OFF_TU "llu")
  set(CURL_FORMAT_OFF_T "%lld")
  set(CURL_SUFFIX_CURL_OFF_T LL)
-  set(CURL_SUFFIX_CURL_OFF_TU LLU)
+  set(CURL_SUFFIX_CURL_OFF_TU ULL)
 endif(SIZEOF_LONG_LONG EQUAL 8)

 if(NOT CURL_TYPEOF_CURL_OFF_T)
--- a/2
+++ b/2
@@ -1,6 +1,6 @@
 COPYRIGHT AND PERMISSION NOTICE

-Copyright (c) 1996 - 2011, Daniel Stenberg, <daniel@haxx.se>.
+Copyright (c) 1996 - 2012, Daniel Stenberg, <daniel@haxx.se>.

 All rights reserved.

--- a/Makefile.am
+++ b/Makefile.am
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -86,9 +86,13 @@ endif
 examples:
 	@(cd docs/examples; $(MAKE) check)

+# This is a hook to have 'make clean' also clean up the dosc and the tests
+# dir. The extra check for the Makefiles being present is necessary because
+# 'make distcheck' will make clean first in these directories _before_ it runs
+# this hook.
 clean-local:
-	@(cd tests; $(MAKE) clean)
-	@(cd docs; $(MAKE) clean)
+	@(if test -f tests/Makefile; then cd tests; $(MAKE) clean; fi)
+	@(if test -f docs/Makefile; then cd docs; $(MAKE) clean; fi)

 #
 # Build source and binary rpms. For rpm-3.0 and above, the ~/.rpmmacros
--- a/178
+++ b/178
@@ -1,84 +1,52 @@
-Curl and libcurl 7.24.0
+Curl and libcurl 7.27.0

- Public curl releases:         127
- Command line options:         149
- curl_easy_setopt() options:   192
+ Public curl releases:         128
+ Command line options:         152
+ curl_easy_setopt() options:   199
 Public functions in libcurl:  58
 Known libcurl bindings:       39
- Contributors:                 907
-
-This release includes the following security fixes:
-
- o curl was vulnerable to a data injection attack for certain protocols
-   http://curl.haxx.se/docs/adv_20120124.html
- o curl was vulnerable to a SSL CBC IV vulnerability when built to use OpenSSL
-   http://curl.haxx.se/docs/adv_20120124B.html
+ Contributors:                 953

 This release includes the following changes:

- o CURLOPT_QUOTE: SFTP supports the '*'-prefix now [24]
- o CURLOPT_DNS_SERVERS: set name servers if possible [23]
- o Add support for using nettle instead of gcrypt as gnutls backend [22]
- o CURLOPT_INTERFACE: avoid resolving interfaces names with magic prefixes [21]
- o Added CURLOPT_ACCEPTTIMEOUT_MS [30]
- o configure: add symbols versioning option --enable-versioned-symbols [31]
+ o nss: use human-readable error messages provided by NSS
+ o added --metalink for metalink download support [5]
+ o pop3: Added support for sasl plain text authentication
+ o pop3: Added support for sasl login authentication 
+ o pop3: Added support for sasl ntlm authentication
+ o pop3: Added support for sasl cram-md5 authentication
+ o pop3: Added support for sasl digest-md5 authentication
+ o pop3: Added support for apop authentication
+ o Added support for Schannel (Native Windows) SSL/TLS encryption [2]
+ o Added support for Darwin SSL (Native Mac OS X and iOS) [6]
+ o http: print reason phrase from HTTP status line on error [8]

 This release includes the following bugfixes:

- o SSL session share: move the age counter to the share object [1]
- o -J -O: use -O name if no Content-Disposition header comes! [2]
- o protocol_connect: show verbose connect and set connect time [3]
- o query-part: ignore the URI part for given protocols [4]
- o gnutls: only translate winsock errors for old versions [5]
- o POP3: fix end of body detection [6]
- o POP3: detect when LIST returns no mails
- o TELNET: improved treatment of options [7]
- o configure: add support for pkg-config detection of libidn [8]
- o CyaSSL 2.0+ library initialization adjustment [9]
- o multi interface: only use non-NULL socker function pointer
- o call opensocket callback properly for active FTP
- o don't call close socket callback for sockets created with accept() [10]
- o differentiate better between host/proxy errors [11]
- o SSH: fix CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 and --hostpubmd5 [12]
- o multi: handle timeouts on DNS servers by checking for new sockets [13]
- o CURLOPT_DNS_SERVERS: fix return code
- o POP3: fixed escaped dot not being stripped out [14]
- o OpenSSL: check for the SSLv2 function in configure [15]
- o MakefileBuild: fix the static build [16]
- o create_conn: don't switch to HTTP protocol if tunneling is enabled [17]
- o multi interface: fix block when CONNECT_ONLY option is used [18]
- o Fix connection reuse for TLS upgraded connections [19]
- o multiple file upload with -F and custom type [20]
- o multi interface: active FTP connections are no longer blocking [25]
- o Android build fix [26]
- o timer: restore PRETRANSFER timing [27]
- o libcurl.m4: Fix quoting arguments of AC_LANG_PROGRAM [28]
- o appconnect time fixed for non-blocking connect ssl backends [29]
- o do not include SSL handshake into time spent waiting for 100-continue [32]
- o handle dns cache case insensitive
- o use new host name casing for subsequent HTTP requests [33]
- o CURLOPT_RESOLVE: avoid adding already present host names
- o SFTP mkdir: use correct permission [34]
- o resolve: don't leak pre-populated dns entries [35]
- o --retry: Retry transfers on timeout and DNS errors
- o negotiate with SSPI backend: use the correct buffer for input [36]
- o SFTP dir: increase buffer size counter to avoid cut off file names [37]
- o TFTP: fix resending (again) [38]
- o c-ares: don't include getaddrinfo-using code [39]
- o FTP: CURLE_PARTIAL_FILE will not close the control channel [40]
- o win32-threaded-resolver: stop using a dummy socket
- o OpenSSL: remove reference to openssl internal struct [41]
- o OpenSSL: SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option no longer enabled
- o OpenSSL: fix PKCS#12 certificate parsing related memory leak
- o OpenLDAP: fix LDAP connection phase memory leak [42]
- o Telnet: Use correct file descriptor for telnet upload
- o Telnet: Remove bogus optimisation of telnet upload
- o URL parse: user name with ipv6 numerical address
- o polarssl: show cipher suite name correctly with 1.1.0
- o polarssl: havege_rand is not present in version 1.1.0 WARNING, we still
-   use the old API which is said to be insecure. See
-   http://polarssl.org/trac/wiki/SecurityAdvisory201102
- o gnutls: enforced use of SSLv3 [43]
+ o pop3: Fixed the issue of having to supply the user name for all requests
+ o configure: fix LDAPS disabling related misplaced closing parenthesis
+ o cmdline: made -D option work with -O and -J
+ o configure: Fix libcurl.pc and curl-config generation for static MingW*
+   cross builds
+ o ssl: fix duplicated SSL handshake with multi interface and proxy [1]
+ o winbuild: Fix Makefile.vc ignoring USE_IPV6 and USE_IDN flags
+ o OpenSSL: support longer certificate subject names [3]
+ o openldap: OOM fixes
+ o log2changes.pl: fix the Version output
+ o lib554.c: use curl_formadd() properly [4]
+ o urldata.h: fix cyassl build clash with wincrypt.h
+ o cookies: changed the URL in the cookiejar headers [7]
+ o http-proxy: keep CONNECT connections alive (for NTLM)
+ o NTLM SSPI: fixed to work with unicode user names and passwords
+ o OOM fix in the curl tool when cloning cmdline options
+ o fixed some examples to use curl_global_init() properly
+ o cmdline: stricter numerical option parser
+ o HTTP HEAD: don't force-close after response-headers
+ o test231: fix wrong -C use
+ o docs: switch to proper UTF-8 for text file encoding
+ o keepalive: DragonFly uses milliseconds [9]
+ o HTTP Digest: Client's "qop" value should not be quoted
+ o make distclean works again

 This release includes the following known bugs:

@@ -87,60 +55,22 @@ This release includes the following known bugs:
 This release would not have looked like this without help, code, reports and
 advice from friends like these:

- Alejandro Alvarez Ayllon, Jason Glasgow, Jonas Schnelli, Mark Brand,
- Martin Storsjo, Yang Tse, Laurent Rabret, Jason Glasgow, Steve Holme,
- Reza Arbab, Jason Liu, Gokhan Sengun, Rob Ward, Dan Fandrich,
- Naveen Chandran, Ward Willats, Vladimir Grishchenko, Colin Hogben,
- Alessandro Ghedini, Cedric Deltheil, Toni Moreno, Bernhard Reutner-Fischer,
- Sven Wegener, Alex Vinnik, Kamil Dudka, Mamoru Tasaka, Patrice Guerin,
- Armel Asselin, Arthur Murray, Steve H Truong, Peter Sylvester,
- Johannes Bauer, Brandon Wang, Pierre Joye, Robert Schumann,
- Christian Grothoff, Nikos Mavrogiannopoulos
+ Anthony Bryan, Guenter Knauf, Kamil Dudka, Steve Holme, Tatsuhiro Tsujikawa,
+ Yang Tse, Gokhan Sengun, Marc Hoersken, Ghennadi Procopciuc, Gisle Vanem,
+ Mark Salisbury, Anthony G. Basile, Enrico Scholz, Robert B. Harris,
+ Neil Bowers, Marcel Raad, Christian Hägele, Philip Craig, Nick Zitzmann,
+ Eelco Dolstra, Anton Yabchinskiy, Santhana Todatry, John Marino

        Thanks! (and sorry if I forgot to mention someone)

 References to bug reports and discussions on issues:

- [1] = http://curl.haxx.se/mail/lib-2011-11/0116.html
- [2] = http://curl.haxx.se/mail/archive-2011-11/0030.htm
- [3] = http://curl.haxx.se/mail/archive-2011-11/0035.html
- [4] = http://curl.haxx.se/mail/lib-2011-11/0218.html
- [5] = http://curl.haxx.se/mail/lib-2011-11/0267.html
- [6] = http://curl.haxx.se/mail/lib-2011-11/0279.html
- [7] = http://curl.haxx.se/mail/lib-2011-11/0247.html
- [8] = http://curl.haxx.se/mail/lib-2011-11/0294.html
- [9] = http://curl.haxx.se/bug/view.cgi?id=3442068
- [10] = http://curl.haxx.se/mail/lib-2011-12/0018.html
- [11] = http://curl.haxx.se/mail/archive-2011-12/0010.html
- [12] = http://curl.haxx.se/bug/view.cgi?id=3451592
- [13] = http://curl.haxx.se/mail/lib-2011-11/0371.html
- [14] = http://curl.haxx.se/mail/lib-2011-11/0368.html
- [15] = http://curl.haxx.se/mail/archive-2011-12/0012.html
- [16] = http://curl.haxx.se/mail/lib-2011-12/0063.html
- [17] = http://curl.haxx.se/mail/lib-2011-12/0010.html
- [18] = http://curl.haxx.se/mail/lib-2011-12/0070.html
- [19] = http://curl.haxx.se/mail/lib-2011-11/0022.html
- [20] = http://curl.haxx.se/mail/lib-2011-12/0121.html
- [21] = http://curl.haxx.se/mail/lib-2011-12/0107.html
- [22] = http://curl.haxx.se/mail/lib-2011-11/0164.html
- [23] = http://curl.haxx.se/mail/lib-2011-11/0067.html
- [24] = http://curl.haxx.se/mail/lib-2011-11/0205.html
- [25] = http://curl.haxx.se/mail/lib-2011-12/0179.html
- [26] = http://curl.haxx.se/mail/lib-2011-12/0215.html
- [27] = http://curl.haxx.se/mail/archive-2011-12/0022.html
- [28] = http://curl.haxx.se/mail/lib-2011-12/0218.html
- [29] = http://curl.haxx.se/mail/lib-2011-12/0211.html
- [30] = http://curl.haxx.se/libcurl/c/curl_easy_setopt.html#CURLOPTACCEPTTIMOUTMS
- [31] = http://curl.haxx.se/mail/lib-2011-12/0133.html
- [32] = https://bugzilla.redhat.com/767490
- [33] = http://curl.haxx.se/mail/lib-2011-12/0314.html
- [34] = http://curl.haxx.se/mail/lib-2011-12/0249.html
- [35] = http://curl.haxx.se/bug/view.cgi?id=3463121
- [36] = http://curl.haxx.se/bug/view.cgi?id=3466497
- [37] = http://curl.haxx.se/mail/lib-2011-12/0249.html
- [38] = http://curl.haxx.se/mail/lib-2012-01/0146.html
- [39] = http://curl.haxx.se/mail/lib-2012-01/0160.html
- [40] = http://curl.haxx.se/mail/lib-2012-01/0096.html
- [41] = http://curl.haxx.se/mail/lib-2012-01/0049.html
- [42] = http://curl.haxx.se/bug/view.cgi?id=3474308
- [43] = http://curl.haxx.se/mail/lib-2012-01/0225.html
+ [1] = https://bugzilla.redhat.com/788526
+ [2] = http://daniel.haxx.se/blog/2012/06/12/schannel-support-in-libcurl/
+ [3] = http://curl.haxx.se/bug/view.cgi?id=3533045
+ [4] = http://curl.haxx.se/mail/lib-2012-06/0001.html
+ [5] = http://daniel.haxx.se/blog/2012/06/03/curling-the-metalink/
+ [6] = http://daniel.haxx.se/blog/2012/06/28/darwin-native-ssl-for-curl/
+ [7] = http://daniel.haxx.se/blog/2012/07/08/curls-new-http-cookies-docs/
+ [8] = https://bugzilla.redhat.com/676596
+ [9] = http://curl.haxx.se/bug/view.cgi?id=3546257
--- a/24
+++ b/24
@@ -1,11 +1,21 @@
-To be addressed in 7.22.1
-=========================
+Try to fix in 7.27
+==================

-295 - "RTSP Authentication (#22)" https://github.com/bagder/curl/pull/22
+313 - host.name vs. host.dispname and "(nil)" outputs

-296 - "OOM leak in multi code" (by Dan Fandrich)
+To be addressed in 7.28
+=======================

-300 - "Polling on stray socket on sequential transfers." Andrew S
-      http://curl.haxx.se/mail/lib-2011-07/0053.html
+310 - a new authentication callback
+
+312 - custom Content-Length appears in CONNECT, solve it by offering a separate
+      option to provide headers for the CONNECT request
+
+314 - CURL_SOCKOPTFUNCTION for accept()ed connection
+
+315 - multiple receivers with SMTP and one fails
+
+317 - CURLINFO_SSL_TRUST to return SSL-specific data for a darwinssl build
+
+318 -

-308 -
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -228,12 +228,7 @@ AC_DEFUN([CURL_CHECK_NATIVE_WINDOWS], [
      ])
    fi
  ])
-  case "$ac_cv_native_windows" in
-    yes)
-      AC_DEFINE_UNQUOTED(NATIVE_WINDOWS, 1,
-        [Define to 1 if you are building a native Windows target.])
-      ;;
-  esac
+  AM_CONDITIONAL(DOING_NATIVE_WINDOWS, test "x$ac_cv_native_windows" = xyes)
 ])


--- a/5
+++ b/5
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -384,9 +384,6 @@ $PERL -i.bak -pe 's/\bmv +([^-\s])/mv -f $1/g' aclocal.m4
 echo "buildconf: running autoheader"
 ${AUTOHEADER:-autoheader} || die "autoheader command failed"

-echo "buildconf: cp lib/curl_config.h.in src/curl_config.h.in"
-cp lib/curl_config.h.in src/curl_config.h.in
-
 echo "buildconf: running autoconf"
 ${AUTOCONF:-autoconf} || die "autoconf command failed"

--- a/buildconf.bat
+++ b/buildconf.bat
@@ -27,11 +27,6 @@ if not exist include\curl\curlbuild.h.dist goto end_curlbuild_h
 copy /Y include\curl\curlbuild.h.dist include\curl\curlbuild.h
 :end_curlbuild_h

-REM create src\config-win32.h
-if not exist lib\config-win32.h goto end_config_win32_h
-copy /Y lib\config-win32.h src\config-win32.h
-:end_config_win32_h
-
 REM setup c-ares git tree
 if not exist ares\buildconf.bat goto end_c_ares
 cd ares
--- a/configure.ac
+++ b/configure.ac
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -35,7 +35,7 @@ This configure script may be copied, distributed and modified under the
 terms of the curl license; see COPYING for more details])

 AC_CONFIG_SRCDIR([lib/urldata.h])
-AM_CONFIG_HEADER(lib/curl_config.h src/curl_config.h include/curl/curlbuild.h)
+AM_CONFIG_HEADER(lib/curl_config.h include/curl/curlbuild.h)
 AC_CONFIG_MACRO_DIR([m4])
 AM_MAINTAINER_MODE

@@ -44,6 +44,7 @@ CURL_CHECK_OPTION_OPTIMIZE
 CURL_CHECK_OPTION_WARNINGS
 CURL_CHECK_OPTION_WERROR
 CURL_CHECK_OPTION_CURLDEBUG
+CURL_CHECK_OPTION_SYMBOL_HIDING
 CURL_CHECK_OPTION_ARES

 CURL_CHECK_PATH_SEPARATOR_REQUIRED
@@ -144,7 +145,7 @@ AC_SUBST(PKGADD_VENDOR)

 dnl
 dnl initialize all the info variables
-    curl_ssl_msg="no      (--with-{ssl,gnutls,nss,polarssl,cyassl,axtls} )"
+    curl_ssl_msg="no      (--with-{ssl,gnutls,nss,polarssl,cyassl,axtls,winssl} )"
    curl_ssh_msg="no      (--with-libssh2)"
   curl_zlib_msg="no      (--with-zlib)"
   curl_krb4_msg="no      (--with-krb4*)"
@@ -153,14 +154,17 @@ dnl initialize all the info variables
 curl_tls_srp_msg="no      (--enable-tls-srp)"
    curl_res_msg="default (--enable-ares / --enable-threaded-resolver)"
   curl_ipv6_msg="no      (--enable-ipv6)"
-    curl_idn_msg="no      (--with-libidn)"
+    curl_idn_msg="no      (--with-{libidn,winidn})"
 curl_manual_msg="no      (--enable-manual)"
+curl_libcurl_msg="enabled (--disable-libcurl-option)"
 curl_verbose_msg="enabled (--disable-verbose)"
   curl_sspi_msg="no      (--enable-sspi)"
   curl_ldap_msg="no      (--enable-ldap / --with-ldap-lib / --with-lber-lib)"
  curl_ldaps_msg="no      (--enable-ldaps)"
   curl_rtsp_msg="no      (--enable-rtsp)"
   curl_rtmp_msg="no      (--with-librtmp)"
+  curl_mtlnk_msg="no      (--with-libmetalink)"
+
    init_ssl_msg=${curl_ssl_msg}

 dnl
@@ -235,21 +239,20 @@ esac
 AC_MSG_RESULT($mimpure)
 AM_CONDITIONAL(MIMPURE, test x$mimpure = xyes)

-dnl 'STATICLIB' is, in spite of its name, not generic but only for static-only
-dnl builds on Windows
-AM_CONDITIONAL(STATICLIB, false)
-
 AC_MSG_CHECKING([if we need BUILDING_LIBCURL])
+use_cppflag_building_libcurl="no"
+use_cppflag_curl_staticlib="no"
+CPPFLAG_CURL_STATICLIB=""
 case $host in
  *-*-mingw*)
-    AC_DEFINE(BUILDING_LIBCURL, 1, [when building libcurl itself])
    AC_MSG_RESULT(yes)
+    use_cppflag_building_libcurl="yes"
    AC_MSG_CHECKING([if we need CURL_STATICLIB])
    if test "X$enable_shared" = "Xno"
    then
-      AC_DEFINE(CURL_STATICLIB, 1, [when not building a shared library])
      AC_MSG_RESULT(yes)
-      AM_CONDITIONAL(STATICLIB, true)
+      use_cppflag_curl_staticlib="yes"
+      CPPFLAG_CURL_STATICLIB="-DCURL_STATICLIB"
    else
      AC_MSG_RESULT(no)
    fi
@@ -258,6 +261,9 @@ case $host in
    AC_MSG_RESULT(no)
    ;;
 esac
+AM_CONDITIONAL(USE_CPPFLAG_BUILDING_LIBCURL, test x$use_cppflag_building_libcurl = xyes)
+AM_CONDITIONAL(USE_CPPFLAG_CURL_STATICLIB, test x$use_cppflag_curl_staticlib = xyes)
+AC_SUBST(CPPFLAG_CURL_STATICLIB)

 # Determine whether all dependent libraries must be specified when linking
 if test "X$enable_shared" = "Xyes" -a "X$link_all_deplibs" = "Xno"
@@ -299,6 +305,7 @@ fi

 CURL_CHECK_COMPILER_HALT_ON_ERROR
 CURL_CHECK_COMPILER_ARRAY_SIZE_NEGATIVE
+CURL_CHECK_COMPILER_SYMBOL_HIDING

 CURL_CHECK_NO_UNDEFINED
 AM_CONDITIONAL(NO_UNDEFINED, test x$need_no_undefined = xyes)
@@ -651,6 +658,25 @@ AC_HELP_STRING([--disable-manual],[Disable built-in manual]),
 dnl The actual use of the USE_MANUAL variable is done much later in this
 dnl script to allow other actions to disable it as well.

+dnl ************************************************************
+dnl disable C code generation support
+dnl
+AC_MSG_CHECKING([whether to enable generation of C code])
+AC_ARG_ENABLE(libcurl_option,
+AC_HELP_STRING([--enable-libcurl-option],[Enable --libcurl C code generation support])
+AC_HELP_STRING([--disable-libcurl-option],[Disable --libcurl C code generation support]),
+[ case "$enableval" in
+  no)
+       AC_MSG_RESULT(no)
+       AC_DEFINE(CURL_DISABLE_LIBCURL_OPTION, 1, [to disable --libcurl C code generation option])
+       curl_libcurl_msg="no"
+       ;;
+  *)   AC_MSG_RESULT(yes)
+       ;;
+  esac ],
+       AC_MSG_RESULT(yes)
+)
+
 dnl **********************************************************************
 dnl Checks for libraries.
 dnl **********************************************************************
@@ -676,6 +702,17 @@ then
               ])
 fi

+if test "$HAVE_GETHOSTBYNAME" != "1"
+then
+  dnl gethostbyname in the watt lib?
+  AC_CHECK_LIB(watt, gethostbyname,
+               [HAVE_GETHOSTBYNAME="1"
+               CPPFLAGS="-I/dev/env/WATT_ROOT/inc"
+               LDFLAGS="-L/dev/env/WATT_ROOT/lib"
+               LIBS="$LIBS -lwatt"
+               ])
+fi
+
 dnl At least one system has been identified to require BOTH nsl and socket
 dnl libs at the same time to link properly.
 if test "$HAVE_GETHOSTBYNAME" != "1"
@@ -885,9 +922,9 @@ if test x$CURL_DISABLE_LDAP != x1 ; then
    AC_CHECK_LIB("$LDAPLIBNAME", ldap_init,, [
      AC_MSG_WARN(["$LDAPLIBNAME" is not an LDAP library: LDAP disabled])
      AC_DEFINE(CURL_DISABLE_LDAP, 1, [to disable LDAP])
-      AC_SUBST(CURL_DISABLE_LDAP, [1])])
+      AC_SUBST(CURL_DISABLE_LDAP, [1])
      AC_DEFINE(CURL_DISABLE_LDAPS, 1, [to disable LDAPS])
-      AC_SUBST(CURL_DISABLE_LDAPS, [1])
+      AC_SUBST(CURL_DISABLE_LDAPS, [1])])
  else
    dnl Try to find the right ldap libraries for this system
    CURL_CHECK_LIBS_LDAP
@@ -912,9 +949,9 @@ if test x$CURL_DISABLE_LDAP != x1 ; then
      AC_CHECK_LIB("$LBERLIBNAME", ber_free,, [
        AC_MSG_WARN(["$LBERLIBNAME" is not an LBER library: LDAP disabled])
        AC_DEFINE(CURL_DISABLE_LDAP, 1, [to disable LDAP])
-        AC_SUBST(CURL_DISABLE_LDAP, [1])])
+        AC_SUBST(CURL_DISABLE_LDAP, [1])
        AC_DEFINE(CURL_DISABLE_LDAPS, 1, [to disable LDAPS])
-        AC_SUBST(CURL_DISABLE_LDAPS, [1])
+        AC_SUBST(CURL_DISABLE_LDAPS, [1])])
    fi
  fi
 fi
@@ -1304,6 +1341,59 @@ else
  CPPFLAGS="$save_CPPFLAGS"
 fi

+dnl -------------------------------------------------
+dnl check winssl option before other SSL libraries
+dnl -------------------------------------------------
+
+OPT_WINSSL=no
+AC_ARG_WITH(winssl,dnl
+AC_HELP_STRING([--with-winssl],[enable Windows native SSL/TLS])
+AC_HELP_STRING([--without-winssl], [disable Windows native SSL/TLS]),
+  OPT_WINSSL=$withval)
+
+AC_MSG_CHECKING([whether to enable Windows native SSL/TLS (Windows native builds only)])
+if test "$curl_ssl_msg" = "$init_ssl_msg"; then
+  if test "x$OPT_WINSSL" != "xno"  &&
+     test "x$ac_cv_native_windows" = "xyes"; then
+    AC_MSG_RESULT(yes)
+    AC_DEFINE(USE_SCHANNEL, 1, [to enable Windows native SSL/TLS support])
+    AC_SUBST(USE_SCHANNEL, [1])
+    curl_ssl_msg="enabled (Windows-native)"
+    WINSSL_ENABLED=1
+    # --with-winssl implies --enable-sspi
+    AC_DEFINE(USE_WINDOWS_SSPI, 1, [to enable SSPI support])
+    AC_SUBST(USE_WINDOWS_SSPI, [1])
+    curl_sspi_msg="enabled"
+  else
+    AC_MSG_RESULT(no)
+  fi
+else
+  AC_MSG_RESULT(no)
+fi
+
+OPT_DARWINSSL=no
+AC_ARG_WITH(darwinssl,dnl
+AC_HELP_STRING([--with-darwinssl],[enable iOS/Mac OS X native SSL/TLS])
+AC_HELP_STRING([--without-darwinssl], [disable iOS/Mac OS X native SSL/TLS]),
+  OPT_DARWINSSL=$withval)
+
+AC_MSG_CHECKING([whether to enable iOS/Mac OS X native SSL/TLS])
+if test "$curl_ssl_msg" = "$init_ssl_msg"; then
+  if test "x$OPT_DARWINSSL" != "xno" &&
+     test -d "/System/Library/Frameworks/Security.framework"; then
+    AC_MSG_RESULT(yes)
+    AC_DEFINE(USE_DARWINSSL, 1, [to enable iOS/Mac OS X native SSL/TLS support])
+    AC_SUBST(USE_DARWINSSL, [1])
+    curl_ssl_msg="enabled (iOS/Mac OS X-native)"
+    DARWINSSL_ENABLED=1
+    LDFLAGS="$LDFLAGS -framework CoreFoundation -framework Security"
+  else
+    AC_MSG_RESULT(no)
+  fi
+else
+  AC_MSG_RESULT(no)
+fi
+
 dnl **********************************************************************
 dnl Check for the presence of SSL libraries and headers
 dnl **********************************************************************
@@ -1317,7 +1407,7 @@ AC_HELP_STRING([--with-ssl=PATH],[Where to look for OpenSSL, PATH points to the
 AC_HELP_STRING([--without-ssl], [disable OpenSSL]),
  OPT_SSL=$withval)

-if test X"$OPT_SSL" != Xno; then
+if test "$curl_ssl_msg" = "$init_ssl_msg" && test X"$OPT_SSL" != Xno; then
  dnl backup the pre-ssl variables
  CLEANLDFLAGS="$LDFLAGS"
  CLEANCPPFLAGS="$CPPFLAGS"
@@ -1548,10 +1638,11 @@ if test X"$OPT_SSL" != Xno; then
       dnl when the ssl shared libs were found in a path that the run-time
       dnl linker doesn't search through, we need to add it to LD_LIBRARY_PATH
       dnl to prevent further configure tests to fail due to this
-
-       LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$LIB_OPENSSL"
-       export LD_LIBRARY_PATH
-       AC_MSG_NOTICE([Added $LIB_OPENSSL to LD_LIBRARY_PATH])
+       if test "x$cross_compiling" != "xyes"; then
+         LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$LIB_OPENSSL"
+         export LD_LIBRARY_PATH
+         AC_MSG_NOTICE([Added $LIB_OPENSSL to LD_LIBRARY_PATH])
+       fi
    fi
    CURL_CHECK_OPENSSL_API
  fi
@@ -1703,7 +1794,7 @@ AC_HELP_STRING([--with-gnutls=PATH],[where to look for GnuTLS, PATH points to th
 AC_HELP_STRING([--without-gnutls], [disable GnuTLS detection]),
  OPT_GNUTLS=$withval)

-if test "$OPENSSL_ENABLED" != "1"; then
+if test "$curl_ssl_msg" = "$init_ssl_msg"; then

  if test X"$OPT_GNUTLS" != Xno; then

@@ -1787,10 +1878,11 @@ if test "$OPENSSL_ENABLED" != "1"; then
          dnl linker doesn't search through, we need to add it to
          dnl LD_LIBRARY_PATH to prevent further configure tests to fail
          dnl due to this
-
-          LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$gtlslib"
-          export LD_LIBRARY_PATH
-          AC_MSG_NOTICE([Added $gtlslib to LD_LIBRARY_PATH])
+          if test "x$cross_compiling" != "xyes"; then 
+            LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$gtlslib"
+            export LD_LIBRARY_PATH
+            AC_MSG_NOTICE([Added $gtlslib to LD_LIBRARY_PATH])
+          fi
        fi
      fi

@@ -1798,7 +1890,7 @@ if test "$OPENSSL_ENABLED" != "1"; then

  fi dnl GNUTLS not disabled

-fi dnl OPENSSL != 1
+fi

 dnl ---
 dnl Check which crypto backend GnuTLS uses
@@ -1824,6 +1916,9 @@ if test "$GNUTLS_ENABLED" = "1"; then
  if test "$USE_GNUTLS_NETTLE" = "1"; then
    AC_DEFINE(USE_GNUTLS_NETTLE, 1, [if GnuTLS uses nettle as crypto backend])
    AC_SUBST(USE_GNUTLS_NETTLE, [1])
+    LIBS="$LIBS -lnettle"
+  else
+    LIBS="$LIBS -lgcrypt"
  fi
 fi

@@ -1852,7 +1947,7 @@ AC_HELP_STRING([--with-polarssl=PATH],[where to look for PolarSSL, PATH points t
 AC_HELP_STRING([--without-polarssl], [disable PolarSSL detection]),
  OPT_POLARSSL=$withval)

-if test "$OPENSSL_ENABLED" != "1"; then
+if test "$curl_ssl_msg" = "$init_ssl_msg"; then

  if test X"$OPT_POLARSSL" != Xno; then

@@ -1910,17 +2005,17 @@ if test "$OPENSSL_ENABLED" != "1"; then
        dnl linker doesn't search through, we need to add it to
        dnl LD_LIBRARY_PATH to prevent further configure tests to fail
        dnl due to this
-
-        LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$polarssllib"
-        export LD_LIBRARY_PATH
-        AC_MSG_NOTICE([Added $polarssllib to LD_LIBRARY_PATH])
+        if test "x$cross_compiling" != "xyes"; then
+          LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$polarssllib"
+          export LD_LIBRARY_PATH
+          AC_MSG_NOTICE([Added $polarssllib to LD_LIBRARY_PATH])
+        fi
      fi
-
    fi

  fi dnl PolarSSL not disabled

-fi dnl OPENSSL != 1
+fi

 dnl ----------------------------------------------------
 dnl check for CyaSSL
@@ -1932,11 +2027,11 @@ OPT_CYASSL=no
 _cppflags=$CPPFLAGS
 _ldflags=$LDFLAGS
 AC_ARG_WITH(cyassl,dnl
-AC_HELP_STRING([--with-cyassl=PATH],[where to look for CyaSSL, PATH points to the installation root (default: /usr/local/cyassl)])
+AC_HELP_STRING([--with-cyassl=PATH],[where to look for CyaSSL, PATH points to the installation root (default: system lib default)])
 AC_HELP_STRING([--without-cyassl], [disable CyaSSL detection]),
  OPT_CYASSL=$withval)

-if test "$OPENSSL_ENABLED" != "1"; then
+if test "$curl_ssl_msg" = "$init_ssl_msg"; then

  if test X"$OPT_CYASSL" != Xno; then

@@ -1945,14 +2040,9 @@ if test "$OPENSSL_ENABLED" != "1"; then
    fi

    if test -z "$OPT_CYASSL" ; then
-      dnl check for lib in default first
+      dnl check for lib in system default first

-      trycyassldir="/usr/local/cyassl"
-
-      LDFLAGS="$LDFLAGS -L$trycyassldir/lib"
-      CPPFLAGS="$CPPFLAGS -I$trycyassldir/include"
-
-      AC_CHECK_LIB(cyassl, InitCyaSSL,
+      AC_CHECK_LIB(cyassl, CyaSSL_Init,
      dnl libcyassl found, set the variable
       [
         AC_DEFINE(USE_CYASSL, 1, [if CyaSSL is enabled])
@@ -1974,7 +2064,7 @@ if test "$OPENSSL_ENABLED" != "1"; then
         CPPFLAGS="$CPPFLAGS $addcflags"
      fi

-      AC_CHECK_LIB(cyassl, InitCyaSSL,
+      AC_CHECK_LIB(cyassl, CyaSSL_Init,
       [
       AC_DEFINE(USE_CYASSL, 1, [if CyaSSL is enabled])
       AC_SUBST(USE_CYASSL, [1])
@@ -1999,17 +2089,18 @@ if test "$OPENSSL_ENABLED" != "1"; then
        dnl linker doesn't search through, we need to add it to
        dnl LD_LIBRARY_PATH to prevent further configure tests to fail
        dnl due to this
-
-        LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$cyassllib"
-        export LD_LIBRARY_PATH
-        AC_MSG_NOTICE([Added $cyassllib to LD_LIBRARY_PATH])
+        if test "x$cross_compiling" != "xyes"; then
+          LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$cyassllib"
+          export LD_LIBRARY_PATH
+          AC_MSG_NOTICE([Added $cyassllib to LD_LIBRARY_PATH])
+        fi
      fi

    fi

  fi dnl CyaSSL not disabled

-fi dnl OPENSSL != 1
+fi

 dnl ----------------------------------------------------
 dnl NSS. Only check if GnuTLS and OpenSSL are not enabled
@@ -2023,7 +2114,7 @@ AC_HELP_STRING([--with-nss=PATH],[where to look for NSS, PATH points to the inst
 AC_HELP_STRING([--without-nss], [disable NSS detection]),
  OPT_NSS=$withval)

-if test "$OPENSSL_ENABLED" != "1" -a "$GNUTLS_ENABLED" != "1"; then
+if test "$curl_ssl_msg" = "$init_ssl_msg"; then

  if test X"$OPT_NSS" != Xno; then
    if test "x$OPT_NSS" = "xyes"; then
@@ -2058,13 +2149,6 @@ if test "$OPENSSL_ENABLED" != "1" -a "$GNUTLS_ENABLED" != "1"; then
        nssprefix=$OPT_NSS
    fi

-    dnl Check for functionPK11_CreateGenericObject
-    dnl this is needed for using the PEM PKCS#11 module
-    AC_CHECK_LIB(nss3, PK11_CreateGenericObject,
-     [
-     AC_DEFINE(HAVE_PK11_CREATEGENERICOBJECT, 1, [if you have the function PK11_CreateGenericObject])
-     AC_SUBST(HAVE_PK11_CREATEGENERICOBJECT, [1])
-     ])
    if test -n "$addlib"; then

      CLEANLIBS="$LIBS"
@@ -2075,7 +2159,8 @@ if test "$OPENSSL_ENABLED" != "1" -a "$GNUTLS_ENABLED" != "1"; then
         CPPFLAGS="$CPPFLAGS $addcflags"
      fi

-      AC_CHECK_LIB(nss3, NSS_Initialize,
+      dnl The function PK11_CreateGenericObject is needed to load libnsspem.so
+      AC_CHECK_LIB(nss3, PK11_CreateGenericObject,
       [
       AC_DEFINE(USE_NSS, 1, [if NSS is enabled])
       AC_SUBST(USE_NSS, [1])
@@ -2091,21 +2176,30 @@ if test "$OPENSSL_ENABLED" != "1" -a "$GNUTLS_ENABLED" != "1"; then
      if test "x$USE_NSS" = "xyes"; then
        AC_MSG_NOTICE([detected NSS version $version])

+        dnl NSS_InitContext() was introduced in NSS 3.12.5 and helps to prevent
+        dnl collisions on NSS initialization/shutdown with other libraries
+        AC_CHECK_FUNC(NSS_InitContext,
+        [
+          AC_DEFINE(HAVE_NSS_INITCONTEXT, 1, [if you have the NSS_InitContext function])
+          AC_SUBST(HAVE_NSS_INITCONTEXT, [1])
+        ])
+
        dnl when shared libs were found in a path that the run-time
        dnl linker doesn't search through, we need to add it to
        dnl LD_LIBRARY_PATH to prevent further configure tests to fail
        dnl due to this
-
-        LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$nssprefix/lib$libsuff"
-        export LD_LIBRARY_PATH
-        AC_MSG_NOTICE([Added $nssprefix/lib$libsuff to LD_LIBRARY_PATH])
+        if test "x$cross_compiling" != "xyes"; then
+          LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$nssprefix/lib$libsuff"
+          export LD_LIBRARY_PATH
+          AC_MSG_NOTICE([Added $nssprefix/lib$libsuff to LD_LIBRARY_PATH])
+        fi
      fi

    fi

  fi dnl NSS not disabled

-fi dnl OPENSSL != 1 -a GNUTLS_ENABLED != 1
+fi dnl curl_ssl_msg = init_ssl_msg

 OPT_AXTLS=off

@@ -2162,9 +2256,9 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
  fi
 fi

-if test "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED$POLARSSL_ENABLED$AXTLS_ENABLED$CYASSL_ENABLED" = "x"; then
+if test "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED$POLARSSL_ENABLED$AXTLS_ENABLED$CYASSL_ENABLED$WINSSL_ENABLED$DARWINSSL_ENABLED" = "x"; then
  AC_MSG_WARN([SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more.])
-  AC_MSG_WARN([Use --with-ssl, --with-gnutls, --with-polarssl, --with-cyassl, --with-nss or --with-axtls to address this.])
+  AC_MSG_WARN([Use --with-ssl, --with-gnutls, --with-polarssl, --with-cyassl, --with-nss, --with-axtls or --with-winssl to address this.])
 else
  # SSL is enabled, genericly
  AC_SUBST(SSL_ENABLED)
@@ -2177,6 +2271,93 @@ dnl **********************************************************************

 CURL_CHECK_CA_BUNDLE

+dnl **********************************************************************
+dnl Check for libmetalink
+dnl **********************************************************************
+
+OPT_LIBMETALINK=no
+
+AC_ARG_WITH(libmetalink,dnl
+AC_HELP_STRING([--with-libmetalink=PATH],[where to look for libmetalink, PATH points to the installation root])
+AC_HELP_STRING([--without-libmetalink], [disable libmetalink detection]),
+  OPT_LIBMETALINK=$withval)
+
+if test X"$OPT_LIBMETALINK" != Xno; then
+
+  addlib=""
+  addld=""
+  addcflags=""
+  version=""
+  libmetalinklib=""
+  PKGTEST="no"
+  if test "x$OPT_LIBMETALINK" = "xyes"; then
+    dnl this is with no partiular path given
+    PKGTEST="yes"
+    CURL_CHECK_PKGCONFIG(libmetalink)
+  else
+    dnl When particular path is given, set PKG_CONFIG_LIBDIR using the path.
+    LIBMETALINK_PCDIR="$OPT_LIBMETALINK/lib/pkgconfig"
+    AC_MSG_NOTICE([PKG_CONFIG_LIBDIR will be set to "$LIBMETALINK_PCDIR"])
+    if test -f "$LIBMETALINK_PCDIR/libmetalink.pc"; then
+      PKGTEST="yes"
+    fi
+    if test "$PKGTEST" = "yes"; then
+      CURL_CHECK_PKGCONFIG(libmetalink, [$LIBMETALINK_PCDIR])
+    fi
+  fi
+  if test "$PKGTEST" = "yes" && test "$PKGCONFIG" != "no"; then
+    addlib=`CURL_EXPORT_PCDIR([$LIBMETALINK_PCDIR]) dnl
+      $PKGCONFIG --libs-only-l libmetalink`
+    addld=`CURL_EXPORT_PCDIR([$LIBMETALINK_PCDIR]) dnl
+      $PKGCONFIG --libs-only-L libmetalink`
+    addcflags=`CURL_EXPORT_PCDIR([$LIBMETALINK_PCDIR]) dnl
+      $PKGCONFIG --cflags-only-I libmetalink`
+    version=`CURL_EXPORT_PCDIR([$LIBMETALINK_PCDIR]) dnl
+      $PKGCONFIG --modversion libmetalink`
+    libmetalinklib=`echo $addld | $SED -e 's/-L//'`
+  fi
+  if test -n "$addlib"; then
+
+    clean_CPPFLAGS="$CPPFLAGS"
+    clean_LDFLAGS="$LDFLAGS"
+    clean_LIBS="$LIBS"
+    CPPFLAGS="$addcflags $clean_CPPFLAGS"
+    LDFLAGS="$addld $clean_LDFLAGS"
+    LIBS="$addlib $clean_LIBS"
+    AC_MSG_CHECKING([if libmetalink is recent enough])
+    AC_LINK_IFELSE([
+      AC_LANG_PROGRAM([[
+#       include <metalink/metalink.h>
+      ]],[[
+        if(0 != metalink_strerror(0)) /* added in 0.1.0 */
+          return 1;
+      ]])
+    ],[
+      AC_MSG_RESULT([yes ($version)])
+      want_metalink="yes"
+    ],[
+      AC_MSG_RESULT([no ($version)])
+      AC_MSG_NOTICE([libmetalink library defective or too old])
+      want_metalink="no"
+    ])
+    CPPFLAGS="$clean_CPPFLAGS"
+    LDFLAGS="$clean_LDFLAGS"
+    LIBS="$clean_LIBS"
+    if test "$want_metalink" = "yes"; then
+      dnl finally libmetalink will be used
+      AC_DEFINE(USE_METALINK, 1, [Define to enable metalink support])
+      LIBMETALINK_LIBS=$addlib
+      LIBMETALINK_LDFLAGS=$addld
+      LIBMETALINK_CFLAGS=$addcflags
+      AC_SUBST([LIBMETALINK_LIBS])
+      AC_SUBST([LIBMETALINK_LDFLAGS])
+      AC_SUBST([LIBMETALINK_CFLAGS])
+      curl_mtlnk_msg="enabled"
+    fi
+
+  fi
+fi
+
 dnl **********************************************************************
 dnl Check for the presence of LIBSSH2 libraries and headers
 dnl **********************************************************************
@@ -2255,10 +2436,11 @@ if test X"$OPT_LIBSSH2" != Xno; then
       dnl libssh2_session_handshake was added in 1.2.8
       AC_CHECK_FUNCS( libssh2_version libssh2_init libssh2_exit \
                       libssh2_scp_send64 libssh2_session_handshake)
-
-       LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$DIR_SSH2"
-       export LD_LIBRARY_PATH
-       AC_MSG_NOTICE([Added $DIR_SSH2 to LD_LIBRARY_PATH])
+       if test "x$cross_compiling" != "xyes"; then
+         LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$DIR_SSH2"
+         export LD_LIBRARY_PATH
+         AC_MSG_NOTICE([Added $DIR_SSH2 to LD_LIBRARY_PATH])
+       fi
    fi
  else
    dnl no libssh2, revert back to clean variables
@@ -2350,41 +2532,41 @@ dnl **********************************************************************
 dnl Check for linker switch for versioned symbols
 dnl **********************************************************************

-AC_MSG_CHECKING([if libraries can be versioned])
-GLD=`$LD --help < /dev/null 2>/dev/null | grep version-script`
-if test -z "$GLD"; then
-    versioned_symbols_flavour=
-    AC_MSG_RESULT(no)
-    AC_MSG_WARN(***
-*** You need an ld version supporting the --version-script option.
-)
-else
-    AC_MSG_RESULT(yes)
-
-AC_MSG_CHECKING([whether versioned symbols are wanted])
 versioned_symbols_flavour=
-
+AC_MSG_CHECKING([whether versioned symbols are wanted])
 AC_ARG_ENABLE(versioned-symbols,
 AC_HELP_STRING([--enable-versioned-symbols], [Enable versioned symbols in shared library])
 AC_HELP_STRING([--disable-versioned-symbols], [Disable versioned symbols in shared library]),
 [ case "$enableval" in
  yes) AC_MSG_RESULT(yes)
-    if test "x$OPENSSL_ENABLED" = "x1"; then
-      versioned_symbols_flavour="OPENSSL_"
-    elif test "x$GNUTLS_ENABLED" == "x1"; then
-      versioned_symbols_flavour="GNUTLS_"
-    elif test "x$NSS_ENABLED" == "x1"; then
-      versioned_symbols_flavour="NSS_"
-    elif test "x$POLARSSL_ENABLED" == "x1"; then
-      versioned_symbols_flavour="POLARSSL_"
-    elif test "x$CYASSL_ENABLED" == "x1"; then
-      versioned_symbols_flavour="CYASSL_"
-    elif test "x$AXTLS_ENABLED" == "x1"; then
-      versioned_symbols_flavour="AXTLS_"
+    AC_MSG_CHECKING([if libraries can be versioned])
+    GLD=`$LD --help < /dev/null 2>/dev/null | grep version-script`
+    if test -z "$GLD"; then
+        AC_MSG_RESULT(no)
+        AC_MSG_WARN([You need an ld version supporting the --version-script option])
    else
-      versioned_symbols_flavour=""
+        AC_MSG_RESULT(yes)
+        if test "x$OPENSSL_ENABLED" = "x1"; then
+          versioned_symbols_flavour="OPENSSL_"
+        elif test "x$GNUTLS_ENABLED" == "x1"; then
+          versioned_symbols_flavour="GNUTLS_"
+        elif test "x$NSS_ENABLED" == "x1"; then
+          versioned_symbols_flavour="NSS_"
+        elif test "x$POLARSSL_ENABLED" == "x1"; then
+          versioned_symbols_flavour="POLARSSL_"
+        elif test "x$CYASSL_ENABLED" == "x1"; then
+          versioned_symbols_flavour="CYASSL_"
+        elif test "x$AXTLS_ENABLED" == "x1"; then
+          versioned_symbols_flavour="AXTLS_"
+        elif test "x$WINSSL_ENABLED" == "x1"; then
+          versioned_symbols_flavour="WINSSL_"
+        elif test "x$DARWINSSL_ENABLED" == "x1"; then
+          versioned_symbols_flavour="DARWINSSL_"
+        else
+          versioned_symbols_flavour=""
+        fi
+        versioned_symbols="yes"
    fi
-    versioned_symbols="yes"
    ;;

  *)   AC_MSG_RESULT(no)
@@ -2394,11 +2576,82 @@ AC_HELP_STRING([--disable-versioned-symbols], [Disable versioned symbols in shar
 AC_MSG_RESULT(no)
 ]
 )
-fi

 AC_SUBST(VERSIONED_FLAVOUR, ["$versioned_symbols_flavour"])
 AM_CONDITIONAL(VERSIONED_SYMBOLS, test "x$versioned_symbols" = "xyes")

+dnl -------------------------------------------------
+dnl check winidn option before other IDN libraries
+dnl -------------------------------------------------
+
+AC_MSG_CHECKING([whether to enable Windows native IDN (Windows native builds only)])
+OPT_WINIDN="default"
+AC_ARG_WITH(winidn,
+AC_HELP_STRING([--with-winidn=PATH],[enable Windows native IDN])
+AC_HELP_STRING([--without-winidn], [disable Windows native IDN]),
+  OPT_WINIDN=$withval)
+case "$OPT_WINIDN" in
+  no|default)
+    dnl --without-winidn option used or configure option not specified
+    want_winidn="no"
+    AC_MSG_RESULT([no])
+    ;;
+  yes)
+    dnl --with-winidn option used without path
+    want_winidn="yes"
+    want_winidn_path="default"
+    AC_MSG_RESULT([yes])
+    ;;
+  *)
+    dnl --with-winidn option used with path
+    want_winidn="yes"
+    want_winidn_path="$withval"
+    AC_MSG_RESULT([yes ($withval)])
+    ;;
+esac
+
+if test "$want_winidn" = "yes"; then
+  dnl winidn library support has been requested
+  clean_CPPFLAGS="$CPPFLAGS"
+  clean_LDFLAGS="$LDFLAGS"
+  clean_LIBS="$LIBS"
+  WINIDN_LIBS="-lnormaliz"
+  #
+  if test "$want_winidn_path" != "default"; then
+    dnl path has been specified
+    dnl pkg-config not available or provides no info
+    WINIDN_LDFLAGS="-L$want_winidn_path/lib$libsuff"
+    WINIDN_CPPFLAGS="-I$want_winidn_path/include"
+    WINIDN_DIR="$want_winidn_path/lib$libsuff"
+  fi
+  #
+  CPPFLAGS="$WINIDN_CPPFLAGS $CPPFLAGS"
+  LDFLAGS="$WINIDN_LDFLAGS $LDFLAGS"
+  LIBS="$WINIDN_LIBS $LIBS"
+  #
+  AC_MSG_CHECKING([if IdnToUnicode can be linked])
+  AC_LINK_IFELSE([
+    AC_LANG_FUNC_LINK_TRY([IdnToUnicode])
+  ],[
+    AC_MSG_RESULT([yes])
+    tst_links_winidn="yes"
+  ],[
+    AC_MSG_RESULT([no])
+    tst_links_winidn="no"
+  ])
+  #
+  if test "$tst_links_winidn" = "yes"; then
+    AC_DEFINE(USE_WIN32_IDN, 1, [Define to 1 if you have the `normaliz' (WinIDN) library (-lnormaliz).])
+    AC_DEFINE(WANT_IDN_PROTOTYPES, 1, [Define to 1 to provide own prototypes.])
+    AC_SUBST([IDN_ENABLED], [1])
+    curl_idn_msg="enabled (Windows-native)"
+  else
+    AC_MSG_WARN([Cannot find libraries for IDN support: IDN disabled])
+    CPPFLAGS="$clean_CPPFLAGS"
+    LDFLAGS="$clean_LDFLAGS"
+    LIBS="$clean_LIBS"
+  fi
+fi

 dnl **********************************************************************
 dnl Check for the presence of IDN libraries and headers
@@ -2953,10 +3206,20 @@ AC_HELP_STRING([--disable-sspi],[Disable SSPI]),
       fi
       ;;
  *)
-       AC_MSG_RESULT(no)
+       if test "x$WINSSL_ENABLED" = "x1"; then
+         # --with-winssl implies --enable-sspi
+         AC_MSG_RESULT(yes)
+       else
+         AC_MSG_RESULT(no)
+       fi
       ;;
  esac ],
-       AC_MSG_RESULT(no)
+       if test "x$WINSSL_ENABLED" = "x1"; then
+         # --with-winssl implies --enable-sspi
+         AC_MSG_RESULT(yes)
+       else
+         AC_MSG_RESULT(no)
+       fi
 )

 dnl ************************************************************
@@ -3027,48 +3290,9 @@ AC_HELP_STRING([--disable-cookies],[Disable cookies support]),
 )

 dnl ************************************************************
-dnl Enable hiding of internal symbols in library to reduce its size and
-dnl speed dynamic linking of applications.  This currently is only supported
-dnl on gcc >= 4.0 and SunPro C.
+dnl hiding of library internal symbols
 dnl
-AC_MSG_CHECKING([whether to enable hidden symbols in the library])
-AC_ARG_ENABLE(hidden-symbols,
-AC_HELP_STRING([--enable-hidden-symbols],[Hide internal symbols in library])
-AC_HELP_STRING([--disable-hidden-symbols],[Leave all symbols with default visibility in library]),
-[ case "$enableval" in
-  no)
-       AC_MSG_RESULT(no)
-       ;;
-  *)
-       AC_MSG_CHECKING([whether $CC supports it])
-       if test "$GCC" = yes ; then
-         if $CC --help --verbose 2>&1 | grep fvisibility= > /dev/null ||
-           dnl clang always supports -fvisibility= but it doesn't show up
-           dnl under --help.
-           test "$compiler_id" = "CLANG"; then
-           AC_MSG_RESULT(yes)
-           AC_DEFINE(CURL_HIDDEN_SYMBOLS, 1, [to enable hidden symbols])
-           AC_DEFINE(CURL_EXTERN_SYMBOL, [__attribute__ ((visibility ("default")))], [to make a symbol visible])
-           CFLAGS="$CFLAGS -fvisibility=hidden"
-         else
-            AC_MSG_RESULT(no)
-          fi
-
-       else
-         dnl Test for SunPro cc
-         if $CC 2>&1 | grep flags >/dev/null && $CC -flags | grep xldscope= >/dev/null ; then
-           AC_MSG_RESULT(yes)
-           AC_DEFINE(CURL_HIDDEN_SYMBOLS, 1, [to enable hidden symbols])
-           AC_DEFINE(CURL_EXTERN_SYMBOL, [__global], [to make a symbol visible])
-           CFLAGS="$CFLAGS -xldscope=hidden"
-         else
-           AC_MSG_RESULT(no)
-         fi
-       fi
-       ;;
-  esac ],
-       AC_MSG_RESULT(no)
-)
+CURL_CONFIGURE_SYMBOL_HIDING

 dnl ************************************************************
 dnl enforce SONAME bump
@@ -3126,7 +3350,7 @@ AC_SUBST(ENABLE_SHARED)

 dnl
 dnl For keeping supported features and protocols also in pkg-config file
-dnl since it is more cross-compile frient than curl-config
+dnl since it is more cross-compile friendly than curl-config
 dnl

 if test "x$USE_SSLEAY" = "x1"; then
@@ -3154,7 +3378,8 @@ if test "x$USE_WINDOWS_SSPI" = "x1"; then
 fi
 if test "x$CURL_DISABLE_HTTP" != "x1"; then
  if test "x$USE_SSLEAY" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \
-      -o "x$GNUTLS_ENABLED" = "x1" -o "x$NSS_ENABLED" = "x1"; then
+      -o "x$GNUTLS_ENABLED" = "x1" -o "x$NSS_ENABLED" = "x1" \
+      -o "x$DARWINSSL_ENABLED" = "x1"; then
    SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM"
    if test "x$NTLM_WB_ENABLED" = "x1"; then
      SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM_WB"
@@ -3298,31 +3523,33 @@ CURL_GENERATE_CONFIGUREHELP_PM

 AC_MSG_NOTICE([Configured to build curl/libcurl:

-  curl version:    ${CURLVERSION}
-  Host setup:      ${host}
-  Install prefix:  ${prefix}
-  Compiler:        ${CC}
-  SSL support:     ${curl_ssl_msg}
-  SSH support:     ${curl_ssh_msg}
-  zlib support:    ${curl_zlib_msg}
-  krb4 support:    ${curl_krb4_msg}
-  GSSAPI support:  ${curl_gss_msg}
-  SPNEGO support:  ${curl_spnego_msg}
-  TLS-SRP support: ${curl_tls_srp_msg}
-  resolver:        ${curl_res_msg}
-  ipv6 support:    ${curl_ipv6_msg}
-  IDN support:     ${curl_idn_msg}
-  Build libcurl:   Shared=${enable_shared}, Static=${enable_static}
-  Built-in manual: ${curl_manual_msg}
-  Verbose errors:  ${curl_verbose_msg}
-  SSPI support:    ${curl_sspi_msg}
-  ca cert bundle:  ${ca}
-  ca cert path:    ${capath}
-  LDAP support:    ${curl_ldap_msg}
-  LDAPS support:   ${curl_ldaps_msg}
-  RTSP support:    ${curl_rtsp_msg}
-  RTMP support:    ${curl_rtmp_msg}
-  Protocols:       ${SUPPORT_PROTOCOLS}
+  curl version:     ${CURLVERSION}
+  Host setup:       ${host}
+  Install prefix:   ${prefix}
+  Compiler:         ${CC}
+  SSL support:      ${curl_ssl_msg}
+  SSH support:      ${curl_ssh_msg}
+  zlib support:     ${curl_zlib_msg}
+  krb4 support:     ${curl_krb4_msg}
+  GSSAPI support:   ${curl_gss_msg}
+  SPNEGO support:   ${curl_spnego_msg}
+  TLS-SRP support:  ${curl_tls_srp_msg}
+  resolver:         ${curl_res_msg}
+  ipv6 support:     ${curl_ipv6_msg}
+  IDN support:      ${curl_idn_msg}
+  Build libcurl:    Shared=${enable_shared}, Static=${enable_static}
+  Built-in manual:  ${curl_manual_msg}
+  --libcurl option: ${curl_libcurl_msg}
+  Verbose errors:   ${curl_verbose_msg}
+  SSPI support:     ${curl_sspi_msg}
+  ca cert bundle:   ${ca}
+  ca cert path:     ${capath}
+  LDAP support:     ${curl_ldap_msg}
+  LDAPS support:    ${curl_ldaps_msg}
+  RTSP support:     ${curl_rtsp_msg}
+  RTMP support:     ${curl_rtmp_msg}
+  metalink support: ${curl_mtlnk_msg}
+  Protocols:        ${SUPPORT_PROTOCOLS}
 ])

 if test "x$soname_bump" = "xyes"; then
--- a/curl-config.in
+++ b/curl-config.in
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 2001 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 2001 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -24,6 +24,7 @@
 prefix=@prefix@
 exec_prefix=@exec_prefix@
 includedir=@includedir@
+cppflag_curl_staticlib=@CPPFLAG_CURL_STATICLIB@

 usage()
 {
@@ -128,10 +129,15 @@ while test $# -gt 0; do
 	;;

    --cflags)
-       	if test "X@includedir@" = "X/usr/include"; then
-          echo ""
+        if test "X$cppflag_curl_staticlib" = "X-DCURL_STATICLIB"; then
+          CPPFLAG_CURL_STATICLIB="-DCURL_STATICLIB "
        else
-          echo "-I@includedir@"
+          CPPFLAG_CURL_STATICLIB=""
+        fi
+       	if test "X@includedir@" = "X/usr/include"; then
+          echo "$(CPPFLAG_CURL_STATICLIB)"
+        else
+          echo "$(CPPFLAG_CURL_STATICLIB)-I@includedir@"
        fi
       	;;

@@ -142,9 +148,9 @@ while test $# -gt 0; do
 	   CURLLIBDIR=""
 	fi
 	if test "X@REQUIRE_LIB_DEPS@" = "Xyes"; then
-	  echo ${CURLLIBDIR}-lcurl @LDFLAGS@ @LIBCURL_LIBS@ @LIBS@
+	  echo ${CURLLIBDIR}-lcurl @LIBCURL_LIBS@ @LIBS@
 	else
-	  echo ${CURLLIBDIR}-lcurl @LDFLAGS@ @LIBS@
+	  echo ${CURLLIBDIR}-lcurl @LIBS@
 	fi
 	;;

--- a/docs/BUGS
+++ b/docs/BUGS
@@ -91,7 +91,7 @@ BUGS
  your problem and to work on a fix (if we agree it truly is a problem).

  Lots of problems that appear to be libcurl problems are actually just abuses
-  of the libcurl API or other malfunctions in your applications. It is adviced
+  of the libcurl API or other malfunctions in your applications. It is advised
  that you run your problematic program using a memory debug tool like
  valgrind or similar before you post memory-related or "crashing" problems to
  us.
--- a/docs/CONTRIBUTE
+++ b/docs/CONTRIBUTE
@@ -34,6 +34,7 @@
 3.3 How To Make a Patch without git
 3.4 How to get your changes into the main sources
 3.5 Write good commit messages
+ 3.6 Please don't send pull requests

 ==============================================================================

@@ -276,3 +277,27 @@
 and make sure that you have your own user and email setup correctly in git
 before you commit

+3.6 Please don't send pull requests
+
+ With git (and especially github) it is easy and tempting to send a pull
+ request to one or more people in the curl project to have changes merged this
+ way instead of mailing patches to the curl-library mailing list.
+
+ We don't like that. We want them mailed for these reasons:
+
+ - Peer review. Anyone and everyone on the list can review, comment and
+   improve on the patch. Pull requests limit this ability.
+
+ - Anyone can merge the patch into their own trees for testing and those who
+   have push rights can push it to the main repo. It doesn't have to be anyone
+   the patch author knows beforehand.
+
+ - Commit messages can be tweaked and changed if merged locally instead of
+   using github. Merges directly on github requires the changes to be perfect
+   already, which they seldom are.
+
+ - Merges on github prevents rebases and even enforces --no-ff which is a git
+   style we don't otherwise use in the project
+
+ However: once patches have been reviewed and deemed fine on list they are
+ perfectly OK to be pulled from a published git tree.
--- a/docs/FAQ
+++ b/docs/FAQ
@@ -138,7 +138,7 @@ FAQ

    libcurl is highly portable, it builds and works identically on numerous
    platforms, including Solaris, NetBSD, FreeBSD, OpenBSD, Darwin, HPUX,
-    IRIX, AIX, Tru64, Linux, UnixWare, HURD, Windows, Amiga, OS/2, BeOs, Mac
+    IRIX, AIX, Tru64, Linux, UnixWare, HURD, Windows, Amiga, OS/2, BeOS, Mac
    OS X, Ultrix, QNX, OpenVMS, RISC OS, Novell NetWare, DOS, Symbian, OSF,
    Android, Minix, IBM TPF and more...

@@ -306,41 +306,10 @@ FAQ
  We don't know how many users that downloaded or installed curl and then
  never use it.

-  Some facts to use as input to the math:
+  In May 2012 Daniel did a counting game and came up with a number that may
+  be completely wrong or somewhat accurate. 300 million!

-  curl packages are downloaded from the curl.haxx.se and mirrors over a
-  million times per year. curl is installed by default with most Linux
-  distributions. curl is installed by default with Mac OS X. curl and libcurl
-  as used by numerous applications that include libcurl binaries in their
-  distribution packages (like Adobe Acrobat Reader and Google Earth).
-
-  More than a hundred known named companies use curl in commercial
-  environments and products and more than a hundred known named open source
-  projects depend on (lib)curl.
-
-  In a poll on the curl web site mid-2005, more than 50% of the 300+ answers
-  estimated a user base of one million users or more.
-
-  In March 2005, the "Linux Counter project" estimated a total Linux user base
-  of some 29 millions, while Netcraft detected some 4 million "active" Linux
-  based web servers. A guess is that a fair amount of these Linux
-  installations have curl installed.
-
-  The Debian project maintains statistics on packages installed by people
-  who have voluntarily run their package counting application.  In mid-2010,
-  libcurl3 was installed on over 55000 such systems (62% of reporting systems)
-  and was one of the 320 most popular installed packages (out of about 107000
-  possible packages).
-
-  All this taken together, there is no doubt that there are millions of
-  (lib)curl users.
-
-  http://curl.haxx.se/docs/companies.html
-  http://curl.haxx.se/docs/programs.html
-  http://curl.haxx.se/libcurl/using/apps.html
-  http://counter.li.org/estimates.php
-  http://news.netcraft.com/archives/2005/03/14/fedora_makes_rapid_progress.html
-  http://qa.debian.org/popcon.php?package=curl
+  See http://daniel.haxx.se/blog/2012/05/16/300m-users/

  1.11 Why don't you update ca-bundle.crt

@@ -838,7 +807,7 @@ FAQ

    4.5.3 "403 Forbidden"

-    The server understood the request, but is refusing to fulfill it.
+    The server understood the request, but is refusing to fulfil it.
    Authorization will not help and the request SHOULD NOT be repeated.

    4.5.4 "404 Not Found"
--- a/docs/FEATURES
+++ b/docs/FEATURES
@@ -26,12 +26,12 @@ libcurl supports
 - compiles on win32 (reported builds on 40+ operating systems)
 - selectable network interface for outgoing traffic
 - IPv6 support on unix and Windows
- - persistant connections
+ - persistent connections
 - socks5 support
 - supports user name + password in proxy environment variables
 - operations through proxy "tunnel" (using CONNECT)
 - supports large files (>2GB and >4GB) both upload/download
- - replacable memory functions (malloc, free, realloc, etc)
+ - replaceable memory functions (malloc, free, realloc, etc)
 - asynchronous name resolving (*6)
 - both a push and a pull style interface

@@ -125,7 +125,7 @@ FILE
 FOOTNOTES
 =========

-  *1 = requires OpenSSL, GnuTLS, NSS, yassl, axTLS or PolarSSL
+  *1 = requires OpenSSL, GnuTLS, NSS, yassl, axTLS, PolarSSL or schannel
  *2 = requires OpenLDAP
  *3 = requires a GSSAPI-compliant library, such as Heimdal or similar.
  *4 = requires FBopenssl
--- a/docs/HTTP-COOKIES
+++ b/docs/HTTP-COOKIES
@@ -0,0 +1,123 @@
+Updated: July 3, 2012 (http://curl.haxx.se/docs/http-cookies.html)
+                                  _   _ ____  _
+                              ___| | | |  _ \| |
+                             / __| | | | |_) | |
+                            | (__| |_| |  _ <| |___
+                             \___|\___/|_| \_\_____|
+
+
+HTTP Cookies
+
+ 1. HTTP Cookies
+ 1.1 Cookie overview
+ 1.2 Cookies saved to disk
+ 1.3 Cookies with curl the command line tool
+ 1.4 Cookies with libcurl
+ 1.5 Cookies with javascript
+
+==============================================================================
+
+1. HTTP Cookies
+
+  1.1 Cookie overview
+
+  HTTP cookies are pieces of 'name=contents' snippets that a server tells the
+  client to hold and then the client sends back those the server on subsequent
+  requests to the same domains/paths for which the cookies were set.
+
+  Cookies are either "session cookies" which typically are forgotten when the
+  session is over which is often translated to equal when browser quits, or
+  the cookies aren't session cookies they have expiration dates after which
+  the client will throw them away.
+
+  Cookies are set to the client with the Set-Cookie: header and are sent to
+  servers with the Cookie: header.
+
+  For a very long time, the only spec explaining how to use cookies was the
+  original Netscape spec from 1994: http://curl.haxx.se/rfc/cookie_spec.html
+
+  In 2011, RFC6265 (http://www.ietf.org/rfc/rfc6265.txt) was finally published
+  and details how cookies work within HTTP.
+
+  1.2 Cookies saved to disk
+
+  Netscape once created a file format for storing cookies on disk so that they
+  would survive browser restarts. curl adopted that file format to allow
+  sharing the cookies with browsers, only to see browsers move away from that
+  format. Modern browsers no longer use it, while curl still does.
+
+  The netscape cookie file format stores one cookie per physical line in the
+  file with a bunch of associated meta data, each field separated with
+  TAB. That file is called the cookiejar in curl terminology.
+
+  When libcurl saves a cookiejar, it creates a file header of its own in which
+  there is a URL mention that will link to the web version of this document.
+
+  1.3 Cookies with curl the command line tool
+
+  curl has a full cookie "engine" built in. If you just activate it, you can
+  have curl receive and send cookies exactly as mandated in the specs.
+
+  Command line options:
+
+  -b, --cookie
+
+    tell curl a file to read cookies from and start the cookie engine, or if
+    it isn't a file it will pass on the given string. -b name=var works and so
+    does -b cookiefile.
+
+  -j, --junk-session-cookies
+
+    when used in combination with -b, it will skip all "session cookies" on
+    load so as to appear to start a new cookie session.
+
+  -c, --cookie-jar
+
+    tell curl to start the cookie engine and write cookies to the given file
+    after the request(s)
+
+  1.4 Cookies with libcurl
+
+  libcurl offers several ways to enable and interface the cookie engine. These
+  options are the ones provided by the native API. libcurl bindings may offer
+  access to them using other means.
+
+  CURLOPT_COOKIE
+
+    Is used when you want to specify the exact contents of a cookie header to
+    send to the server.
+
+  CURLOPT_COOKIEFILE
+
+    Tell libcurl to activate the cookie engine, and to read the initial set of
+    cookies from the given file. Read-only.
+
+  CURLOPT_COOKIEJAR
+
+    Tell libcurl to activate the cookie engine, and when the easy handle is
+    closed save all known cookies to the given cookiejar file. Write-only.
+
+  CURLOPT_COOKIELIST
+
+    Provide detailed information about a single cookie to add to the internal
+    storage of cookies. Pass in the cookie as a HTTP header with all the
+    details set, or pass in a line from a netscape cookie file. This option
+    can also be used to flush the cookies etc.
+    
+  CURLINFO_COOKIELIST
+
+    Extract cookie information from the internal cookie storage as a linked
+    list.
+
+  1.5 Cookies with javascript
+
+  These days a lot of the web is built up by javascript. The webbrowser loads
+  complete programs that render the page you see. These javascript programs
+  can also set and access cookies.
+
+  Since curl and libcurl are plain HTTP clients without any knowledge of or
+  capability to handle javascript, such cookies will not be detected or used.
+
+  Often, if you want to mimic what a browser does on such web sites, you can
+  record web browser HTTP traffic when using such a site and then repeat the
+  cookie operations using curl or libcurl.
--- a/docs/INSTALL
+++ b/docs/INSTALL
@@ -157,6 +157,9 @@ UNIX
     To get support for SCP and SFTP, build with --with-libssh2 and have
     libssh2 0.16 or later installed.

+     To get Metalink support, build with --with-libmetalink and have the
+     libmetalink packages installed.
+
   SPECIAL CASES
   -------------
   Some versions of uClibc require configuring with CPPFLAGS=-D_GNU_SOURCE=1
@@ -197,6 +200,9 @@ Win32
   first to rebuild every single library your app uses as well as your
   app using the debug multithreaded dynamic C runtime.

+   If you get linkage errors read section 5.7 of the FAQ document.
+
+
   MingW32
   -------

@@ -217,9 +223,9 @@ Win32
   adjust as necessary. It is also possible to override these paths with
   environment variables, for example:

-     set ZLIB_PATH=c:\zlib-1.2.5
-     set OPENSSL_PATH=c:\openssl-0.9.8r
-     set LIBSSH2_PATH=c:\libssh2-1.2.8
+     set ZLIB_PATH=c:\zlib-1.2.7
+     set OPENSSL_PATH=c:\openssl-0.9.8x
+     set LIBSSH2_PATH=c:\libssh2-1.4.2

   ATTENTION: if you want to build with libssh2 support you have to use latest
   version 0.17 - previous versions will NOT work with 7.17.0 and later!
@@ -320,7 +326,7 @@ Win32
   documentation on how to compile zlib. Define the ZLIB_PATH environment
   variable to the location of zlib.h and zlib.lib, for example:

-     set ZLIB_PATH=c:\zlib-1.2.5
+     set ZLIB_PATH=c:\zlib-1.2.7

   Then run 'nmake vc-zlib' in curl's root directory.

@@ -334,7 +340,7 @@ Win32
   Before running nmake define the OPENSSL_PATH environment variable with
   the root/base directory of OpenSSL, for example:

-     set OPENSSL_PATH=c:\openssl-0.9.8q
+     set OPENSSL_PATH=c:\openssl-0.9.8x

   Then run 'nmake vc-ssl' or 'nmake vc-ssl-dll' in curl's root
   directory.  'nmake vc-ssl' will create a libcurl static and dynamic
@@ -540,7 +546,7 @@ VMS
   Curl seems to work with FTP & HTTP other protocols are not tested.  (the
   perl http/ftp testing server supplied as testing too cannot work on VMS
   because vms has no concept of fork(). [ I tried to give it a whack, but
-   thats of no use.
+   that's of no use.

   SSL stuff has not been ported.

@@ -673,7 +679,7 @@ NetWare
     you can find precompiled packages at:
     http://www.gknw.net/development/ossl/netware/
     for CLIB-based builds OpenSSL 0.9.8h or later is required  - earlier versions
-     dont support buildunf with CLIB BSD sockets.
+     don't support building with CLIB BSD sockets.
   - optional SSH2 sources (version 0.17 or later);

   Set a search path to your compiler, linker and tools; on Linux make
@@ -840,7 +846,44 @@ VxWorks

 Android
 =======
-   See the build notes in the Android.mk file.
+   Method using the static makefile:
+      - see the build notes in the Android.mk file.
+
+   Method using a configure cross-compile (tested with Android NDK r7c, r8):
+      - prepare the toolchain of the Android NDK for standalone use; this can
+        be done by invoking the script:
+        ./build/tools/make-standalone-toolchain.sh
+        which creates a usual cross-compile toolchain. Lets assume that you put
+        this toolchain below /opt then invoke configure with something like:
+        export PATH=/opt/arm-linux-androideabi-4.4.3/bin:$PATH
+        ./configure --host=arm-linux-androideabi [more configure options]
+        make
+      - if you want to compile directly from our GIT repo you might run into
+        this issue with older automake stuff:
+        checking host system type...
+        Invalid configuration `arm-linux-androideabi':
+        system `androideabi' not recognized
+        configure: error: /bin/sh ./config.sub arm-linux-androideabi failed
+        this issue can be fixed with using more recent versions of config.sub
+        and config.guess which can be obtained here:
+        http://git.savannah.gnu.org/gitweb/?p=config.git;a=tree
+        you need to replace your system-own versions which usually can be
+        found in your automake folder:
+        find /usr -name config.sub
+
+   Wrapper for pkg-config
+      - In order to make proper use of pkg-config so that configure is able to
+        find all dependencies you should create a wrapper script for pkg-config;
+        file /opt/arm-linux-androideabi-4.4.3/bin/arm-linux-androideabi-pkg-config:
+
+        #!/bin/sh
+        SYSROOT=$(dirname ${0%/*})/sysroot
+        export PKG_CONFIG_DIR=
+        export PKG_CONFIG_LIBDIR=${SYSROOT}/usr/local/lib/pkgconfig:${SYSROOT}/usr/share/pkgconfig
+        export PKG_CONFIG_SYSROOT_DIR=${SYSROOT}
+        exec pkg-config "$@"
+
+        also create a copy or symlink with name arm-unknown-linux-androideabi-pkg-config.


 CROSS COMPILE
--- a/docs/INSTALL.cmake
+++ b/docs/INSTALL.cmake
@@ -11,7 +11,7 @@ Building with CMake
   This document describes how to compile, build and install curl and libcurl
   from source code using the CMake build tool. To build with CMake, you will
   of course have to first install CMake.  The minimum required version of
-   CMake is specifed in the file CMakeLists.txt found in the top of the curl
+   CMake is specified in the file CMakeLists.txt found in the top of the curl
   source tree. Once the correct version of CMake is installed you can follow
   the instructions below for the platform you are building on.

@@ -39,7 +39,7 @@ Command Line CMake
       cd curl-build
       # now run CMake from the build tree, giving it the path to the top of
       # the Curl source tree.  CMake will pick a compiler for you. If you
-       # want to specifiy the compile, you can set the CC environment
+       # want to specify the compile, you can set the CC environment
       # variable prior to running CMake.
       cmake ../curl
       make
@@ -51,7 +51,7 @@ Command Line CMake
 ccmake
 =========
     CMake comes with a curses based interface called ccmake.  To run ccmake on
-     a curl use the instructions for the command line cmake, but substitue
+     a curl use the instructions for the command line cmake, but substitute
     ccmake ../curl for cmake ../curl.  This will bring up a curses interface
     with instructions on the bottom of the screen. You can press the "c" key
     to configure the project, and the "g" key to generate the project. After
@@ -65,7 +65,7 @@ cmake-gui
        the curl source tree.
        2. Fill in the "Where to build the binaries" combo box with the path
        to the directory for your build tree, ideally this should not be the
-        same as the source tree, but a parallel diretory called curl-build or
+        same as the source tree, but a parallel directory called curl-build or
        something similar.
        3. Once the source and binary directories are specified, press the
        "Configure" button.
@@ -73,5 +73,5 @@ cmake-gui
        5. At this point you can change any of the options presented in the
        GUI.  Once you have selected all the options you want, click the
        "Generate" button.
-        6. Run the native build tool that you used CMake to genratate.
+        6. Run the native build tool that you used CMake to generate.

--- a/docs/INSTALL.devcpp
+++ b/docs/INSTALL.devcpp
@@ -26,7 +26,7 @@ exists for a Unix/linux command line environments. This is of little help when
 it comes to Windows O/S.

 Secondly the help that does exist for the Windows O/S focused around mingw
-thru a command line argument environment.
+through a command line argument environment.

 You may ask "Why is this a problem?"

--- a/docs/INTERNALS
+++ b/docs/INTERNALS
@@ -39,11 +39,11 @@ Portability
 libssh2      0.16
 c-ares       1.6.0
 libidn       0.4.1
- cyassl       1.4.0
+ cyassl       2.0.0
 openldap     2.0
 MIT krb5 lib 1.2.4
 qsossl       V5R2M0
- NSS          3.11.x
+ NSS          3.12.x
 axTLS        1.2.7
 Heimdal      ?

@@ -104,9 +104,9 @@ Windows vs Unix
 Inside the source code, We make an effort to avoid '#ifdef [Your OS]'. All
 conditionals that deal with features *should* instead be in the format
 '#ifdef HAVE_THAT_WEIRD_FUNCTION'. Since Windows can't run configure scripts,
- we maintain two curl_config-win32.h files (one in lib/ and one in src/) that
- are supposed to look exactly as a curl_config.h file would have looked like on
- a Windows machine!
+ we maintain a curl_config-win32.h file in lib directory that is supposed to
+ look exactly as a curl_config.h file would have looked like on a Windows
+ machine!

 Generally speaking: always remember that this will be compiled on dozens of
 operating systems. Don't walk on the edge.
@@ -220,7 +220,7 @@ Library
 done" loop. It loops if there's a Location: to follow.

 When completed, the curl_easy_cleanup() should be called to free up used
- resources. It runs Curl_disconnect() on all open connectons.
+ resources. It runs Curl_disconnect() on all open connections.

 A quick roundup on internal function sequences (many of these call
 protocol-specific function-pointers):
--- a/docs/KNOWN_BUGS
+++ b/docs/KNOWN_BUGS
@@ -3,13 +3,23 @@ join in and help us correct one or more of these! Also be sure to check the
 changelog of the current development status, as one or more of these problems
 may have been fixed since this was written!

+80. Curl doesn't recognize certificates in DER format in keychain, but it
+  works with PEM.
+  http://curl.haxx.se/bug/view.cgi?id=3439999
+
+79. SMTP. When sending data to multiple recipients, curl will abort and return
+  failure if one of the recipients indicate failure (on the "RCPT TO"
+  command). Ordinary mail programs would proceed and still send to the ones
+  that can receive data. This is subject for change in the future.
+  http://curl.haxx.se/bug/view.cgi?id=3438362
+
 78. curl and libcurl don't always signal the client properly when "sending"
  zero bytes files - it makes for example the command line client not creating
  any file at all. Like when using FTP.
  http://curl.haxx.se/bug/view.cgi?id=3438362

 77. CURLOPT_FORBID_REUSE on a handle prevents NTLM from working since it
-  "absuses" the underlying connection re-use system and if connections are
+  "abuses" the underlying connection re-use system and if connections are
  forced to close they break the NTLM support.

 76. The SOCKET type in Win64 is 64 bits large (and thus so is curl_socket_t on
@@ -17,10 +27,15 @@ may have been fixed since this was written!
  curl_easy_getinfo() to return a socket properly with the CURLINFO_LASTSOCKET
  option as for all other operating systems.

-75. NTLM authentication involving unicode user name or password.
+75. NTLM authentication involving unicode user name or password only works
+  properly if built with UNICODE defined together with the schannel/winssl
+  backend. The original problem was mentioned in:
  http://curl.haxx.se/mail/lib-2009-10/0024.html
  http://curl.haxx.se/bug/view.cgi?id=2944325

+  The schannel version verified to work as mentioned in
+  http://curl.haxx.se/mail/lib-2012-07/0073.html
+
 73. if a connection is made to a FTP server but the server then just never
  sends the 220 response or otherwise is dead slow, libcurl will not
  acknowledge the connection timeout during that phase but only the "real"
--- a/docs/MAIL-ETIQUETTE
+++ b/docs/MAIL-ETIQUETTE
@@ -13,6 +13,7 @@ MAIL ETIQUETTE
  1.4 Subscription Required
  1.5 Moderation of new posters
  1.6 Handling trolls and spam
+  1.7 How to unsubscribe

 2. Sending mail
  2.1 Reply or New Mail
@@ -58,7 +59,7 @@ MAIL ETIQUETTE
  no way to read the reply, but to ask the one person the question. The one
  person consequently gets overloaded with mail.

-  If you really want to contact an individual and perhaps pay for his or her's
+  If you really want to contact an individual and perhaps pay for his or her
  services, by all means go ahead, but if it's just another curl question,
  take it to a suitable list instead.

@@ -91,7 +92,7 @@ MAIL ETIQUETTE

  1.6 Handling trolls and spam

-  Despite our good intensions and hard work to keep spam off the lists and to
+  Despite our good intentions and hard work to keep spam off the lists and to
  maintain a friendly and positive atmosphere, there will be times when spam
  and or trolls get through.

@@ -110,6 +111,20 @@ MAIL ETIQUETTE

  Don't feed the trolls!

+  1.7 How to unsubscribe
+
+  You unsubscribe the same way you subscribed in the first place. You go to
+  the page for the particular mailing list you're subscribed to and you enter
+  your email address and password and press the unsubscribe button.
+
+  Also, this information is included in the headers of every mail that is sent
+  out to all curl related mailing lists and there's footer in each mail that
+  links to the "admin" page on which you can unsubscribe and change other
+  options.
+
+  You NEVER EVER email the mailing list requesting someone else to get you off
+  the list.
+

 2. Sending mail

@@ -155,8 +170,8 @@ MAIL ETIQUETTE
      Q: What is the most annoying thing in e-mail?

  Apart from the screwed up read order (especially when mixed together in a
-  thread when some responds doing the mandaded bottom-posting style), it also
-  makes it impossible to quote only parts of the original mail.
+  thread when someone responds using the mandated bottom-posting style), it
+  also makes it impossible to quote only parts of the original mail.

  When you reply to a mail. You let the mail client insert the previous mail
  quoted. Then you put the cursor on the first line of the mail and you move
--- a/docs/MANUAL
+++ b/docs/MANUAL
@@ -613,7 +613,7 @@ SFTP and SCP and PATH NAMES
 FTP and firewalls

  The FTP protocol requires one of the involved parties to open a second
-  connection as soon as data is about to get transfered. There are two ways to
+  connection as soon as data is about to get transferred. There are two ways to
  do this.

  The default way for curl is to issue the PASV command which causes the
--- a/docs/Makefile.am
+++ b/docs/Makefile.am
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -22,9 +22,9 @@

 AUTOMAKE_OPTIONS = foreign no-dependencies

-man_MANS = curl.1 curl-config.1
-GENHTMLPAGES = curl.html curl-config.html
-PDFPAGES = curl.pdf curl-config.pdf
+man_MANS = curl.1 curl-config.1 mk-ca-bundle.1
+GENHTMLPAGES = curl.html curl-config.html mk-ca-bundle.html
+PDFPAGES = curl.pdf curl-config.pdf mk-ca-bundle.pdf

 HTMLPAGES = $(GENHTMLPAGES) index.html

@@ -36,7 +36,7 @@ EXTRA_DIST = MANUAL BUGS CONTRIBUTE FAQ FEATURES INTERNALS SSLCERTS	 \
 README.win32 RESOURCES TODO TheArtOfHttpScripting THANKS VERSIONS	 \
 KNOWN_BUGS BINDINGS $(man_MANS) $(HTMLPAGES) HISTORY INSTALL		 \
 $(PDFPAGES) LICENSE-MIXING README.netware DISTRO-DILEMMA INSTALL.devcpp \
- MAIL-ETIQUETTE
+ MAIL-ETIQUETTE HTTP-COOKIES

 MAN2HTML= roffit < $< >$@

--- a/docs/THANKS
+++ b/docs/THANKS
@@ -20,11 +20,13 @@ Albert Choy
 Ale Vesely
 Alejandro Alvarez
 Aleksandar Milivojevic
+Alessandro Ghedini
 Alessandro Vesely
 Alex Bligh
 Alex Fishman
 Alex Neblett
 Alex Suykov
+Alex Vinnik
 Alex aka WindEagle
 Alexander Beedie
 Alexander Kourakos
@@ -53,6 +55,7 @@ Andreas Rieke
 Andreas Schuldei
 Andreas Wurf
 Andrei Benea
+Andrei Cipu
 Andres Garcia
 Andrew Benham
 Andrew Biggs
@@ -62,7 +65,7 @@ Andrew Fuller
 Andrew Moise
 Andrew Wansink
 Andrew de los Reyes
-Andr<EFBFBD>s Garc<EFBFBD>a
+Andrés García
 Andy Cedilnik
 Andy Serpa
 Andy Tsouladze
@@ -73,7 +76,9 @@ Anton Bychkov
 Anton Kalmykov
 Arkadiusz Miskiewicz
 Armel Asselin
+Arnaud Compan
 Arnaud Ebalard
+Arthur Murray
 Arve Knudsen
 Ates Goral
 Augustus Saunders
@@ -90,14 +95,17 @@ Ben Van Hof
 Ben Winslow
 Benbuck Nason
 Benjamin Gerard
+Benjamin Johnson
 Bernard Leak
+Bernhard Reutner-Fischer
 Bertrand Demiddelaer
 Bill Egert
 Bill Hoffman
 Bjoern Sikora
 Bjorn Augustsson
 Bjorn Reese
-Bj<EFBFBD>rn Stenberg
+Björn Stenberg
+Blaise Potard
 Bob Richmond
 Bob Schader
 Bogdan Nicula
@@ -105,6 +113,7 @@ Brad Burdick
 Brad Hards
 Brad King
 Bradford Bruce
+Brandon Wang
 Brendan Jurd
 Brent Beardsley
 Brian Akins
@@ -121,7 +130,9 @@ Camille Moncelier
 Caolan McNamara
 Carsten Lange
 Casey O'Donnell
+Cedric Deltheil
 Chad Monroe
+Chandrakant Bagul
 Charles Kerr
 Chih-Chung Chang
 Chris "Bob Bob"
@@ -133,6 +144,7 @@ Chris Gaukroger
 Chris Maltby
 Chris Mumford
 Chris Smowton
+Christian Grothoff
 Christian Hagele
 Christian Krause
 Christian Kurz
@@ -162,6 +174,7 @@ Cris Bailiff
 Cristian Rodriguez
 Curt Bogmine
 Cyrill Osterwalder
+Dag Ekengren
 Dagobert Michelsen
 Damien Adant
 Dan Becker
@@ -175,11 +188,11 @@ Dan Zitter
 Daniel Black
 Daniel Cater
 Daniel Egger
-Daniel Fandrich
 Daniel Johnson
 Daniel Mentz
 Daniel Steinberg
 Daniel Stenberg
+Daniel Theron
 Daniel at touchtunes
 Darryl House
 Darshan Mody
@@ -302,7 +315,7 @@ Georg Lippitsch
 Georg Wicherski
 Gerd v. Egidy
 Gerhard Herre
-Gerrit Bruchh<EFBFBD>user
+Gerrit Bruchhäuser
 Giancarlo Formicuccia
 Giaslas Georgios
 Gil Weber
@@ -326,7 +339,7 @@ Guenter Knauf
 Guillaume Arluison
 Gustaf Hui
 Gwenole Beauchesne
-G<EFBFBD>tz Babin-Ebell
+Götz Babin-Ebell
 Hamish Mackenzie
 Hang Kin Lau
 Hanno Kranzhoff
@@ -378,10 +391,14 @@ James MacMillan
 Jamie Lokier
 Jamie Newton
 Jamie Wilkinson
+Jan Ehrhardt
 Jan Kunder
+Jan Schaumann
 Jan Van Boghout
 Jared Lundell
 Jari Sundell
+Jason Glasgow
+Jason Liu
 Jason McDonald
 Jason S. Priebe
 Jay Austin
@@ -418,11 +435,13 @@ Jofell Gallardo
 Johan Anderson
 Johan Nilsson
 Johan van Selst
+Johannes Bauer
 John Bradshaw
 John Crow
 John Dennis
 John E. Malmberg
 John Janssen
+John Joseph Bachir
 John Kelly
 John Lask
 John Lightsey
@@ -437,27 +456,31 @@ Jon Sargeant
 Jon Travis
 Jon Turner
 Jonas Forsman
+Jonas Schnelli
 Jonatan Lander
 Jonathan Hseu
+Jonathan Nieder
 Jongki Suwandi
 Jose Kahan
 Josef Wolf
 Josh Kapell
 Joshua Kwan
 Josue Andrade Gomes
+Juan Barreto
 Juan F. Codagnone
-Juan Ignacio Herv<EFBFBD>s
+Juan Ignacio Hervás
 Judson Bishop
 Juergen Wilke
 Jukka Pihl
 Julian Noble
+Julian Taylor
 Julien Chaffraix
 Julien Royer
 Jun-ichiro itojun Hagino
 Jurij Smakov
 Justin Fletcher
-J<EFBFBD>rg Mueller-Tolk
-J<EFBFBD>rn Hartroth
+Jörg Mueller-Tolk
+Jörn Hartroth
 Kai Sommerfeld
 Kai-Uwe Rommel
 Kalle Vahlman
@@ -491,7 +514,7 @@ Kris Kennaway
 Krishnendu Majumdar
 Krister Johansen
 Kristian Gunstone
-Kristian K<EFBFBD>hntopp
+Kristian Köhntopp
 Kyle Sallee
 Lachlan O'Dea
 Larry Campbell
@@ -508,6 +531,7 @@ Len Krause
 Lenaic Lefever
 Lenny Rachitsky
 Liam Healy
+Lijo Antony
 Linas Vepstas
 Ling Thio
 Linus Nielsen Feltzing
@@ -524,10 +548,12 @@ Luke Call
 Luong Dinh Dung
 Maciej Karpiuk
 Maciej W. Rozycki
+Mamoru Tasaka
 Mandy Wu
 Manfred Schwarb
 Manuel Massing
 Marc Boucher
+Marc Hoersken
 Marc Kleine-Budde
 Marcel Roelofs
 Marcelo Juchem
@@ -577,6 +603,7 @@ Mauro Iorio
 Max Katsev
 Maxim Ivanov
 Maxim Perenesenko
+Maxim Prohorov
 Mehmet Bozkurt
 Mekonikum
 Mettgut Jamalla
@@ -584,6 +611,7 @@ Michael Benedict
 Michael Calmer
 Michael Cronenworth
 Michael Curtis
+Michael Day
 Michael Goffioul
 Michael Jahn
 Michael Jerris
@@ -614,6 +642,7 @@ Moonesamy
 Nathan Coulter
 Nathan O'Sullivan
 Nathanael Nerode
+Naveen Chandran
 Naveen Noel
 Neil Dunbar
 Neil Spring
@@ -625,12 +654,13 @@ Nick Zitzmann
 Nico Baggus
 Nicolas Berloquin
 Nicolas Croiset
-Nicolas Fran<EFBFBD>ois
+Nicolas François
 Niels van Tongeren
 Nikita Schmidt
 Nikitinskit Dmitriy
 Niklas Angebrand
 Nikolai Kondrashov
+Nikos Mavrogiannopoulos
 Ning Dong
 Nir Soffer
 Nis Jorgensen
@@ -638,8 +668,9 @@ Nodak Sodak
 Norbert Frese
 Norbert Novotny
 Ofer
+Olaf Flebbe
 Olaf Stueben
-Olaf St<EFBFBD>ben
+Olaf Stüben
 Oren Tirosh
 Ori Avtalion
 P R Schaffner
@@ -647,6 +678,7 @@ Paolo Piacentini
 Pascal Terjan
 Pasha Kuznetsov
 Pat Ray
+Patrice Guerin
 Patrick Bihan-Faou
 Patrick Monnerat
 Patrick Scott
@@ -693,7 +725,9 @@ Philippe Raoult
 Philippe Vaucher
 Pierre
 Pierre Brico
+Pierre Chapuis
 Pierre Joye
+Pierre Ynard
 Pooyan McSporran
 Pramod Sharma
 Puneet Pawaia
@@ -720,6 +754,7 @@ Renaud Duhaut
 Rene Bernhardt
 Rene Rebe
 Reuven Wachtfogel
+Reza Arbab
 Ricardo Cadime
 Rich Gray
 Rich Rauenzahn
@@ -736,22 +771,26 @@ Rick Richardson
 Rob Crittenden
 Rob Jones
 Rob Stanzel
+Rob Ward
 Robert A. Monat
 Robert D. Young
 Robert Foreman
 Robert Iakobashvili
 Robert Olson
+Robert Schumann
 Robert Weaver
 Robin Cornelius
 Robin Johnson
 Robin Kay
 Robson Braga Araujo
 Rodney Simmons
+Rodrigo Silva
 Roland Blom
 Roland Krikava
 Roland Zimmermann
 Rolland Dudemaine
 Roman Koifman
+Roman Mamedov
 Ron Zapp
 Rosimildo da Silva
 Roy Shan
@@ -762,11 +801,11 @@ Ryan Chan
 Ryan Nelson
 Ryan Schmidt
 S. Moonesamy
-Salvador D<EFBFBD>vila
+Salvador Dávila
 Salvatore Sorrentino
 Sam Listopad
 Sampo Kellomaki
-Samuel D<EFBFBD>az Garc<EFBFBD>a
+Samuel Díaz García
 Samuel Listopad
 Samuel Thibault
 Sander Gates
@@ -809,6 +848,7 @@ Stephen Kick
 Stephen More
 Sterling Hughes
 Steve Green
+Steve H Truong
 Steve Holme
 Steve Lhomme
 Steve Little
@@ -823,11 +863,12 @@ Stoned Elipot
 Sven Anders
 Sven Neuhaus
 Sven Wegener
-S<EFBFBD>bastien Willemijns
+Sébastien Willemijns
 T. Bharath
 T. Yamada
 Taneli Vahakangas
 Tanguy Fautre
+Tatsuhiro Tsujikawa
 Temprimus
 Thomas J. Moore
 Thomas Klausner
@@ -841,13 +882,15 @@ Tim Bartley
 Tim Chen
 Tim Costello
 Tim Harder
+Tim Heckman
 Tim Newsome
 Tim Sneddon
 Tinus van den Berg
-Tobias Rundstr<EFBFBD>m
+Tobias Rundström
 Toby Peterson
 Todd A Ouska
 Todd Kulesza
+Todd Ouska
 Todd Vierling
 Tom Benoist
 Tom Donovan
@@ -864,6 +907,7 @@ Tomasz Lacki
 Tommie Gannert
 Tommy Tam
 Ton Voon
+Toni Moreno
 Toon Verwaest
 Tor Arntsen
 Torsten Foertsch
@@ -873,7 +917,7 @@ Traian Nicolescu
 Troels Walsted Hansen
 Troy Engel
 Tupone Alfredo
-Ulf H<EFBFBD>rnhammar
+Ulf Härnhammar
 Ulrich Zadow
 Venkat Akella
 Victor Snezhko
@@ -892,6 +936,7 @@ Vojtech Janota
 Vojtech Minarik
 Vsevolod Novikov
 Walter J. Mack
+Ward Willats
 Wayne Haigh
 Werner Koch
 Wesley Laxton
--- a/docs/TODO
+++ b/docs/TODO
@@ -61,46 +61,64 @@
 8.3 check connection
 8.4 non-gcrypt

- 9. Other protocols
+ 9. SMTP
+ 9.1 Other authentication mechanisms
+ 9.2 Specify the preferred authentication mechanism
+ 9.3 Initial response
+ 9.4 Pipelining
 
- 10. New protocols
- 10.1 RSYNC
+ 10. POP3
+ 10.1 APOP Authentication
+ 10.2 SASL based authentication mechanisms
+ 10.3 auth= in URLs
 
- 11. Client
- 11.1 sync
- 11.2 glob posts
- 11.3 prevent file overwriting
- 11.4 simultaneous parallel transfers
- 11.5 provide formpost headers
- 11.6 url-specific options
- 11.7 metalink support
- 11.8 warning when setting an option
- 11.9 IPv6 addresses with globbing
+ 11. IMAP
+ 11.1 SASL based authentication mechanisms
 
- 12. Build
- 12.1 roffit
+ 12. LDAP
+ 12.1 SASL based authentication mechanisms
 
- 13. Test suite
- 13.1 SSL tunnel
- 13.2 nicer lacking perl message
- 13.3 more protocols supported
- 13.4 more platforms supported
+ 13. Other protocols

- 14. Next SONAME bump
- 14.1 http-style HEAD output for ftp
- 14.2 combine error codes
- 14.3 extend CURLOPT_SOCKOPTFUNCTION prototype
+ 14. New protocols
+ 14.1 RSYNC

- 15. Next major release
- 15.1 cleanup return codes
- 15.2 remove obsolete defines
- 15.3 size_t
- 15.4 remove several functions
- 15.5 remove CURLOPT_FAILONERROR
- 15.6 remove CURLOPT_DNS_USE_GLOBAL_CACHE
- 15.7 remove progress meter from libcurl
- 15.8 remove 'curl_httppost' from public
- 15.9 have form functions use CURL handle argument
+ 15. Client
+ 15.1 sync
+ 15.2 glob posts
+ 15.3 prevent file overwriting
+ 15.4 simultaneous parallel transfers
+ 15.5 provide formpost headers
+ 15.6 url-specific options
+ 15.7 metalink support
+ 15.8 warning when setting an option
+ 15.9 IPv6 addresses with globbing
+
+ 16. Build
+ 16.1 roffit
+
+ 17. Test suite
+ 17.1 SSL tunnel
+ 17.2 nicer lacking perl message
+ 17.3 more protocols supported
+ 17.4 more platforms supported
+
+ 18. Next SONAME bump
+ 18.1 http-style HEAD output for ftp
+ 18.2 combine error codes
+ 18.3 extend CURLOPT_SOCKOPTFUNCTION prototype
+
+ 19. Next major release
+ 19.1 cleanup return codes
+ 19.2 remove obsolete defines
+ 19.3 size_t
+ 19.4 remove several functions
+ 19.5 remove CURLOPT_FAILONERROR
+ 19.6 remove CURLOPT_DNS_USE_GLOBAL_CACHE
+ 19.7 remove progress meter from libcurl
+ 19.8 remove 'curl_httppost' from public
+ 19.9 have form functions use CURL handle argument
+ 19.10 Add CURLOPT_MAIL_CLIENT option

 ==============================================================================

@@ -158,7 +176,7 @@
 To make libcurl do blazing fast IPv6 in a dual-stack configuration, this needs
 to be addressed:

-    http://tools.ietf.org/html/draft-ietf-v6ops-happy-eyeballs-07
+    http://tools.ietf.org/html/rfc6555


 2. libcurl - multi interface
@@ -360,18 +378,82 @@ to provide the data to send.
 The correct fix would be to detect which crypto layer that is in use and
 adapt our code to use that instead of blindly assuming gcrypt.

-9. Other protocols
+9. SMTP

-10. New protocols
+9.1 Other authentication mechanisms

-10.1 RSYNC
+ Add support for gssapi.

- There's no RFC for protocol nor URI/URL format.  An implementation should
- most probably use an existing rsync library, such as librsync.
+9.2 Specify the preferred authentication mechanism

-11. Client
+ Add the ability to specify the preferred authentication mechanism or a list
+ of mechanisms that should be used. Not only that, but the order that is
+ returned by the server during the EHLO response should be honored by curl.

-11.1 sync
+9.3 Initial response
+
+ Add the ability for the user to specify whether the initial response is
+ included in the AUTH command. Some email servers, such as Microsoft
+ Exchange, can work with either whilst others need to have the initial
+ response sent separately:
+
+ http://curl.haxx.se/mail/lib-2012-03/0114.html
+
+9.4 Pipelining
+
+ Add support for pipelining emails.
+
+10. POP3
+
+10.1 APOP Authentication
+
+ Add support for the APOP command rather than using plain text authentication
+ (USER and PASS) as this is very week security wise. Note: The APOP command
+ is specified as "APOP <username> <md5 password>", however, it isn't
+ supported by all mail servers.
+
+10.2 SASL authentication mechanisms
+
+ SASL offers support for additional authentication mechanisms via the AUTH
+ command. Detection of an email server's support for SASL authentication
+ can be detected via the CAPA command whilst a list of supported mechanisms
+ can be retrieved with an empty AUTH command.
+
+10.3 auth= in URLs
+
+ Being able to specify the preferred authentication mechanism in the URL as
+ per RFC2384.
+
+11. IMAP
+
+11.1 SASL based authentication mechanisms
+
+ Like POP3 curl currently sends usernames and passwords as clear text.
+ Support should also be added to support SASL based authentication mechanisms
+ as these are more secure.
+
+12. LDAP
+
+12.1 SASL based authentication mechansims
+
+ Currently the LDAP module only supports ldap_simple_bind_s() in order to bind
+ to an LDAP server. However, this function sends username and password details
+ using the simple authentication mechanism (as clear text). However, it should
+ be possible to use ldap_bind_s() instead specifing the security context
+ information ourselves.
+
+13. Other protocols
+
+14. New protocols
+
+14.1 RSYNC
+
+ There's no RFC for the protocol or an URI/URL format.  An implementation
+ should most probably use an existing rsync library, such as librsync.
+
+15. Client
+
+15.1 sync

 "curl --sync http://example.com/feed[1-100].rss" or
 "curl --sync http://example.net/{index,calendar,history}.html"
@@ -380,12 +462,12 @@ to provide the data to send.
 remote file is newer than the local file. A Last-Modified HTTP date header
 should also be used to set the mod date on the downloaded file.

-11.2 glob posts
+15.2 glob posts

 Globbing support for -d and -F, as in 'curl -d "name=foo[0-9]" URL'.
 This is easily scripted though.

-11.3 prevent file overwriting
+15.3 prevent file overwriting

 Add an option that prevents cURL from overwriting existing local files. When
 used, and there already is an existing file with the target file name
@@ -393,14 +475,14 @@ to provide the data to send.
 existing). So that index.html becomes first index.html.1 and then
 index.html.2 etc.

-11.4 simultaneous parallel transfers
+15.4 simultaneous parallel transfers

 The client could be told to use maximum N simultaneous parallel transfers and
 then just make sure that happens. It should of course not make more than one
 connection to the same remote host. This would require the client to use the
 multi interface. http://curl.haxx.se/bug/feature.cgi?id=1558595

-11.5 provide formpost headers
+15.5 provide formpost headers

 Extending the capabilities of the multipart formposting. How about leaving
 the ';type=foo' syntax as it is and adding an extra tag (headers) which
@@ -414,7 +496,7 @@ to provide the data to send.
 which should overwrite the program reasonable defaults (plain/text,
 8bit...)

-11.6 url-specific options
+15.6 url-specific options

 Provide a way to make options bound to a specific URL among several on the
 command line. Possibly by letting ':' separate options between URLs,
@@ -428,62 +510,62 @@ to provide the data to send.

 The example would do a POST-GET-POST combination on a single command line.

-11.7 metalink support
+15.7 metalink support

 Add metalink support to curl (http://www.metalinker.org/). This is most useful
 with simultaneous parallel transfers (11.6) but not necessary.

-11.8 warning when setting an option
+15.8 warning when setting an option

  Display a warning when libcurl returns an error when setting an option.
  This can be useful to tell when support for a particular feature hasn't been
  compiled into the library.

-11.9 IPv6 addresses with globbing
+15.9 IPv6 addresses with globbing

  Currently the command line client needs to get url globbing disabled (with
  -g) for it to support IPv6 numerical addresses. This is a rather silly flaw
  that should be corrected. It probably involves a smarter detection of the
  '[' and ']' letters.

-12. Build
+16. Build

-12.1 roffit
+16.1 roffit

 Consider extending 'roffit' to produce decent ASCII output, and use that
 instead of (g)nroff when building src/hugehelp.c

-13. Test suite
+17. Test suite

-13.1 SSL tunnel
+17.1 SSL tunnel

 Make our own version of stunnel for simple port forwarding to enable HTTPS
 and FTP-SSL tests without the stunnel dependency, and it could allow us to
 provide test tools built with either OpenSSL or GnuTLS

-13.2 nicer lacking perl message
+17.2 nicer lacking perl message

 If perl wasn't found by the configure script, don't attempt to run the tests
 but explain something nice why it doesn't.

-13.3 more protocols supported
+17.3 more protocols supported

 Extend the test suite to include more protocols. The telnet could just do ftp
 or http operations (for which we have test servers).

-13.4 more platforms supported
+17.4 more platforms supported

 Make the test suite work on more platforms. OpenBSD and Mac OS. Remove
 fork()s and it should become even more portable.

-14. Next SONAME bump
+18. Next SONAME bump

-14.1 http-style HEAD output for ftp
+18.1 http-style HEAD output for ftp

 #undef CURL_FTP_HTTPSTYLE_HEAD in lib/ftp.c to remove the HTTP-style headers
 from being output in NOBODY requests over ftp

-14.2 combine error codes
+18.2 combine error codes

 Combine some of the error codes to remove duplicates.  The original
 numbering should not be changed, and the old identifiers would be
@@ -493,37 +575,44 @@ to provide the data to send.
 Candidates for removal and their replacements:

    CURLE_FILE_COULDNT_READ_FILE => CURLE_REMOTE_FILE_NOT_FOUND
+
    CURLE_FTP_COULDNT_RETR_FILE => CURLE_REMOTE_FILE_NOT_FOUND
+
    CURLE_FTP_COULDNT_USE_REST => CURLE_RANGE_ERROR
+
    CURLE_FUNCTION_NOT_FOUND => CURLE_FAILED_INIT
+
    CURLE_LDAP_INVALID_URL => CURLE_URL_MALFORMAT
+
    CURLE_TFTP_NOSUCHUSER => CURLE_TFTP_ILLEGAL
+
    CURLE_TFTP_NOTFOUND => CURLE_REMOTE_FILE_NOT_FOUND
+
    CURLE_TFTP_PERM => CURLE_REMOTE_ACCESS_DENIED

-14.3 extend CURLOPT_SOCKOPTFUNCTION prototype
+18.3 extend CURLOPT_SOCKOPTFUNCTION prototype

 The current prototype only provides 'purpose' that tells what the
 connection/socket is for, but not any protocol or similar. It makes it hard
 for applications to differentiate on TCP vs UDP and even HTTP vs FTP and
 similar.

-15. Next major release
+19. Next major release

-15.1 cleanup return codes
+19.1 cleanup return codes

 curl_easy_cleanup() returns void, but curl_multi_cleanup() returns a
 CURLMcode. These should be changed to be the same.

-15.2 remove obsolete defines
+19.2 remove obsolete defines

 remove obsolete defines from curl/curl.h

-15.3 size_t
+19.3 size_t

 make several functions use size_t instead of int in their APIs

-15.4 remove several functions
+19.4 remove several functions

 remove the following functions from the public API:

@@ -544,18 +633,18 @@ to provide the data to send.

 curl_multi_socket_all

-15.5 remove CURLOPT_FAILONERROR
+19.5 remove CURLOPT_FAILONERROR

 Remove support for CURLOPT_FAILONERROR, it has gotten too kludgy and weird
 internally. Let the app judge success or not for itself.

-15.6 remove CURLOPT_DNS_USE_GLOBAL_CACHE
+19.6 remove CURLOPT_DNS_USE_GLOBAL_CACHE

 Remove support for a global DNS cache. Anything global is silly, and we
 already offer the share interface for the same functionality but done
 "right".

-15.7 remove progress meter from libcurl
+19.7 remove progress meter from libcurl

 The internally provided progress meter output doesn't belong in the library.
 Basically no application wants it (apart from curl) but instead applications
@@ -565,7 +654,7 @@ to provide the data to send.
 variable types passed to it instead of doubles so that big files work
 correctly.

-15.8 remove 'curl_httppost' from public
+19.8 remove 'curl_httppost' from public

 curl_formadd() was made to fill in a public struct, but the fact that the
 struct is public is never really used by application for their own advantage
@@ -574,10 +663,21 @@ to provide the data to send.
 Changing them to return a private handle will benefit the implementation and
 allow us much greater freedoms while still maintining a solid API and ABI.

-15.9 have form functions use CURL handle argument
+19.9 have form functions use CURL handle argument

 curl_formadd() and curl_formget() both currently have no CURL handle
 argument, but both can use a callback that is set in the easy handle, and
 thus curl_formget() with callback cannot function without first having
 curl_easy_perform() (or similar) called - which is hard to grasp and a design
 mistake.
+
+19.10 Add CURLOPT_MAIL_CLIENT option
+
+ Rather than use the URL to specify the mail client string to present in the
+ HELO and EHLO commands, libcurl should support a new CURLOPT specifically for
+ specifing this data as the URL is non-standard and to be honest a bit of a
+ hack ;-)
+
+ Please see the following thread for more information:
+ http://curl.haxx.se/mail/lib-2012-05/0178.html
+ 
--- a/docs/curl-config.1
+++ b/docs/curl-config.1
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -93,7 +93,6 @@ What's the installed libcurl version?

 How do I build a single file with a one-line command?

-  $ `curl-config --cc --cflags --libs` -o example example.c
-
+  $ `curl-config --cc --cflags` -o example example.c `curl-config --libs`
 .SH "SEE ALSO"
 .BR curl (1)
--- a/docs/curl.1
+++ b/docs/curl.1
@@ -20,7 +20,7 @@
 .\" *
 .\" **************************************************************************
 .\"
-.TH curl 1 "14 April 2009" "Curl 7.21.6" "Curl Manual"
+.TH curl 1 "16 February 2012" "Curl 7.25.0" "Curl Manual"
 .SH NAME
 curl \- transfer a URL
 .SH SYNOPSIS
@@ -35,8 +35,8 @@ command is designed to work without user interaction.

 curl offers a busload of useful tricks like proxy support, user
 authentication, FTP upload, HTTP post, SSL connections, cookies, file transfer
-resume and more. As you will see below, the number of features will make your
-head spin!
+resume, Metalink, and more. As you will see below, the number of features will
+make your head spin!

 curl is powered by libcurl for all transfer-related features. See
 .BR libcurl (3)
@@ -711,7 +711,8 @@ currently effective on operating systems offering the TCP_KEEPIDLE and
 TCP_KEEPINTVL socket options (meaning Linux, recent AIX, HP-UX and more). This
 option has no effect if \fI--no-keepalive\fP is used. (Added in 7.18.0)

-If this option is used multiple times, the last occurrence sets the amount.
+If this option is used multiple times, the last occurrence sets the amount. If
+unspecified, the option defaults to 60 seconds.
 .IP "--key <key>"
 (SSL/SSH) Private key file name. Allows you to provide your private key in this
 separate file.
@@ -761,13 +762,9 @@ was 301, 302, or 303. If the response code was any other 3xx code, curl will
 re-send the following request using the same unmodified method.
 .IP "--libcurl <file>"
 Append this option to any ordinary curl command line, and you will get a
-libcurl-using source code written to the file that does the equivalent
+libcurl-using C source code written to the file that does the equivalent
 of what your command-line operation does!

-NOTE: this does not properly support -F and the sending of multipart
-formposts, so in those cases the output program will be missing necessary
-calls to \fIcurl_formadd(3)\fP, and possibly more.
-
 If this option is used several times, the last given file name will be
 used. (Added in 7.16.1)
 .IP "--limit-rate <speed>"
@@ -805,6 +802,12 @@ useful for preventing your batch jobs from hanging for hours due to slow
 networks or links going down.  See also the \fI--connect-timeout\fP option.

 If this option is used several times, the last one will be used.
+.IP "--mail-auth <address>"
+(SMTP) Specify a single address. This will be used to specify the
+authentication address (identity) of a submitted message that is being relayed
+to another server.
+
+(Added in 7.25.0)
 .IP "--mail-from <address>"
 (SMTP) Specify a single address that the given mail should get sent from.

@@ -829,6 +832,31 @@ is used, this option can be used to prevent curl from following redirections
 option to -1 to make it limitless.

 If this option is used several times, the last one will be used.
+.IP "--metalink"
+This option can tell curl to parse and process a given URI as Metalink file (both
+version 3 and 4 (RFC 5854) are supported) and make use of the mirrors
+listed within for failover if there are errors (such as the file or
+server not being available). It will also verify the hashe of the file
+after the download completes. The Metalink file itself is downloaded
+and processed in memory and not stored in the local file system.
+
+Example to use a remote Metalink file:
+
+\fBcurl\fP --metalink http://www.example.com/example.metalink
+
+To use a Metalink file in the local file system, use FILE protocol
+(file://):
+
+\fBcurl\fP --metalink file://example.metalink
+
+Please note that if FILE protocol is disabled, there is no way to use
+a local Metalink file at the time of this writing. Also note that If
+--metalink and --include are used together, --include will be
+ignored. This is because including headers in the response will break
+Metalink parser and if the headers are included in the file described
+in Metalink file, hash check will fail.
+
+(Added in 7.27.0, if built against the libmetalink library.)
 .IP "-n, --netrc"
 Makes curl scan the \fI.netrc\fP (\fI_netrc\fP on Windows) file in the user's
 home directory for login name and password. This is typically used for FTP on
@@ -1220,7 +1248,7 @@ using \fI--retry-delay\fP you disable this exponential backoff algorithm. See
 also \fI--retry-max-time\fP to limit the total time allowed for
 retries. (Added in 7.12.3)

-If this option is used multiple times, the last occurrence decide the amount.
+If this option is used multiple times, the last occurrence determines the amount.
 .IP "--retry-delay <seconds>"
 Make curl sleep this amount of time before each retry when a transfer has
 failed with a transient error (it changes the default backoff time algorithm
@@ -1258,6 +1286,12 @@ connection if the server doesn't support SSL/TLS. (Added in 7.20.0)

 This option was formerly known as \fI--ftp-ssl-reqd\fP (added in 7.15.5). That
 option name can still be used but will be removed in a future version.
+.IP "--ssl-allow-beast"
+(SSL) This option tells curl to not work around a security flaw in the SSL3
+and TLS1.0 protocols known as BEAST.  If this option isn't used, the SSL layer
+may use work-arounds known to cause interoperability problems with some older
+SSL implementations. WARNING: this option loosens the SSL security, and by
+using this flag you ask for exactly that.  (Added in 7.25.0)
 .IP "--socks4 <host[:port]>"
 Use the specified SOCKS4 proxy. If the port number is not specified, it is
 assumed at port 1080. (Added in 7.15.2)
@@ -1476,6 +1510,11 @@ The variables available at this point are:
 The URL that was fetched last. This is most meaningful if you've told curl
 to follow location: headers.
 .TP
+.B filename_effective
+The ultimate filename that curl writes out to. This is only meaningful if curl
+is told to write to a file with the --remote-name or --output option. It's most
+useful in combination with the --remote-header-name option. (Added in 7.25.1)
+.TP
 .B http_code
 The numerical response code that was found in the last retrieved HTTP(S) or
 FTP(s) transfer. In 7.18.2 the alias \fBresponse_code\fP was added to show the
@@ -1560,7 +1599,7 @@ means the verification was successful. (Added in 7.19.0)
 .RE

 If this option is used several times, the last one will be used.
-.IP "-x, --proxy <[protocol://][user@password]proxyhost[:port]>"
+.IP "-x, --proxy <[protocol://][user:password@]proxyhost[:port]>"
 Use the specified HTTP proxy. If the port number is not specified, it is
 assumed at port 1080.

@@ -1573,6 +1612,10 @@ converted to HTTP. It means that certain protocol specific operations might
 not be available. This is not the case if you can tunnel through the proxy, as
 one with the \fI-p, --proxytunnel\fP option.

+User and password that might be provided in the proxy string are URL decoded
+by libcurl. This allows you to pass in special characters such as @ by using
+%40 or pass in a colon with %3a.
+
 The proxy host can be specified the exact same way as the proxy environment
 variables, including the protocol prefix (http://) and the embedded user +
 password.
@@ -1619,12 +1662,12 @@ speed-time seconds it gets aborted. speed-time is set with -y and is 30 if
 not set.

 If this option is used several times, the last one will be used.
-.IP "-z, --time-cond <date expression>"
-(HTTP/FTP/FILE) Request a file that has been modified later than the given time
-and date, or one that has been modified before that time. The date expression
-can be all sorts of date strings or if it doesn't match any internal ones, it
-tries to get the time from a given file name instead! See the
-\fIcurl_getdate(3)\fP man pages for date expression details.
+.IP "-z/--time-cond <date expression>|<file>"
+(HTTP/FTP) Request a file that has been modified later than the given time and
+date, or one that has been modified before that time. The <date expression> can
+be all sorts of date strings or if it doesn't match any internal ones, it is
+taken as a filename and tries to get the modification date (mtime) from <file>
+instead. See the \fIcurl_getdate(3)\fP man pages for date expression details.

 Start the date expression with a dash (-) to make it request for a document
 that is older than the given date/time, default is a document that is newer
@@ -1675,6 +1718,10 @@ SSPI is supported. If you use NTLM and set a blank user name, curl will
 authenticate with your current user and password.
 .IP "TLS-SRP"
 SRP (Secure Remote Password) authentication is supported for TLS.
+.IP "Metalink"
+This curl supports Metalink (both version 3 and 4 (RFC 5854)), which
+describes mirrors and hashes.  curl will use mirrors for failover if
+there are errors (such as the file or server not being available).
 .RE
 .SH FILES
 .I ~/.curlrc
--- a/docs/examples/Makefile.am
+++ b/docs/examples/Makefile.am
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -23,7 +23,7 @@
 AUTOMAKE_OPTIONS = foreign nostdinc

 EXTRA_DIST = README Makefile.example Makefile.inc Makefile.m32 \
-	Makefile.netware makefile.dj printf_macro.h $(COMPLICATED_EXAMPLES)
+	Makefile.netware makefile.dj $(COMPLICATED_EXAMPLES)

 # Specify our include paths here, and do it relative to $(top_srcdir) and
 # $(top_builddir), to ensure that these paths which belong to the library
@@ -40,12 +40,12 @@ INCLUDES = -I$(top_builddir)/include/curl \

 LIBDIR = $(top_builddir)/lib

-if STATICLIB
-# we need this define when building with a static lib on Windows
-STATICCPPFLAGS = -DCURL_STATICLIB
-endif
+AM_CPPFLAGS = -DCURL_NO_OLDIES

-CPPFLAGS = -DCURL_NO_OLDIES $(STATICCPPFLAGS)
+# Mostly for Windows build targets, when using static libcurl
+if USE_CPPFLAG_CURL_STATICLIB
+AM_CPPFLAGS += -DCURL_STATICLIB
+endif

 # Dependencies
 LDADD = $(LIBDIR)/libcurl.la
--- a/docs/examples/Makefile.m32
+++ b/docs/examples/Makefile.m32
@@ -27,28 +27,22 @@
 ## Example: mingw32-make -f Makefile.m32 CFG=-zlib-ssl-spi-winidn
 ##
 ## Hint: you can also set environment vars to control the build, f.e.:
-## set ZLIB_PATH=c:/zlib-1.2.5
+## set ZLIB_PATH=c:/zlib-1.2.7
 ## set ZLIB=1
 #
 ###########################################################################

 # Edit the path below to point to the base of your Zlib sources.
 ifndef ZLIB_PATH
-ZLIB_PATH = ../../../zlib-1.2.5
+ZLIB_PATH = ../../../zlib-1.2.7
 endif
 # Edit the path below to point to the base of your OpenSSL package.
 ifndef OPENSSL_PATH
-OPENSSL_PATH = ../../../openssl-0.9.8r
-endif
-ifndef OPENSSL_LIBPATH
-OPENSSL_LIBPATH = $(OPENSSL_PATH)/out
-endif
-ifndef OPENSSL_LIBS
-OPENSSL_LIBS = -leay32 -lssl32
+OPENSSL_PATH = ../../../openssl-0.9.8x
 endif
 # Edit the path below to point to the base of your LibSSH2 package.
 ifndef LIBSSH2_PATH
-LIBSSH2_PATH = ../../../libssh2-1.3.0
+LIBSSH2_PATH = ../../../libssh2-1.4.2
 endif
 # Edit the path below to point to the base of your librtmp package.
 ifndef LIBRTMP_PATH
@@ -81,19 +75,44 @@ ifndef ARCH
 ARCH = w32
 endif

-CC = gcc
-CFLAGS = -g -O2 -Wall
-CFLAGS += -fno-strict-aliasing
+CC	= $(CROSSPREFIX)gcc
+CFLAGS	= -g -O2 -Wall
+CFLAGS	+= -fno-strict-aliasing
 ifeq ($(ARCH),w64)
-CFLAGS += -D_AMD64_
+CFLAGS	+= -D_AMD64_
 endif
 # comment LDFLAGS below to keep debug info
-LDFLAGS = -s
-RC = windres
-RCFLAGS = --include-dir=$(PROOT)/include -O COFF -i
+LDFLAGS	= -s
+RC	= $(CROSSPREFIX)windres
+RCFLAGS	= --include-dir=$(PROOT)/include -O COFF -i

-RM = del /q /f 2>NUL
-CP = copy
+# Platform-dependent helper tool macros
+ifeq ($(findstring /sh,$(SHELL)),/sh)
+DEL	= rm -f $1
+RMDIR	= rm -fr $1
+MKDIR	= mkdir -p $1
+COPY	= -cp -afv $1 $2
+#COPYR	= -cp -afr $1/* $2
+COPYR	= -rsync -aC $1/* $2
+TOUCH	= touch $1
+CAT	= cat
+ECHONL	= echo ""
+DL	= '
+else
+ifeq "$(OS)" "Windows_NT"
+DEL	= -del 2>NUL /q /f $(subst /,\,$1)
+RMDIR	= -rd 2>NUL /q /s $(subst /,\,$1)
+else
+DEL	= -del 2>NUL $(subst /,\,$1)
+RMDIR	= -deltree 2>NUL /y $(subst /,\,$1)
+endif
+MKDIR	= -md 2>NUL $(subst /,\,$1)
+COPY	= -copy 2>NUL /y $(subst /,\,$1) $(subst /,\,$2)
+COPYR	= -xcopy 2>NUL /q /y /e $(subst /,\,$1) $(subst /,\,$2)
+TOUCH	= copy 2>&1>NUL /b $(subst /,\,$1) +,,
+CAT	= type
+ECHONL	= $(ComSpec) /c echo.
+endif

 ########################################################
 ## Nothing more to do below this line!
@@ -138,6 +157,13 @@ endif
 ifeq ($(findstring -ipv6,$(CFG)),-ipv6)
 IPV6 = 1
 endif
+ifeq ($(findstring -metalink,$(CFG)),-metalink)
+METALINK = 1
+endif
+ifeq ($(findstring -winssl,$(CFG)),-winssl)
+SCHANNEL = 1
+SSPI = 1
+endif

 INCLUDES = -I. -I$(PROOT) -I$(PROOT)/include -I$(PROOT)/lib

@@ -148,6 +174,7 @@ else
  curl_DEPENDENCIES = $(PROOT)/lib/libcurl.a
  curl_LDADD = -L$(PROOT)/lib -lcurl
  CFLAGS += -DCURL_STATICLIB
+  LDFLAGS += -static
 endif
 ifdef ARES
  ifndef DYN
@@ -165,7 +192,22 @@ ifdef SSH2
  curl_LDADD += -L"$(LIBSSH2_PATH)/win32" -lssh2
 endif
 ifdef SSL
-  CFLAGS += -DUSE_SSLEAY -DHAVE_OPENSSL_ENGINE_H
+  ifndef OPENSSL_LIBPATH
+    OPENSSL_LIBS = -lssl -lcrypto
+    ifeq "$(wildcard $(OPENSSL_PATH)/out)" "$(OPENSSL_PATH)/out"
+      OPENSSL_LIBPATH = $(OPENSSL_PATH)/out
+      ifdef DYN
+        OPENSSL_LIBS = -lssl32 -leay32
+      endif
+    endif
+    ifeq "$(wildcard $(OPENSSL_PATH)/lib)" "$(OPENSSL_PATH)/lib"
+      OPENSSL_LIBPATH = $(OPENSSL_PATH)/lib
+    endif
+  endif
+  ifndef DYN
+    OPENSSL_LIBS += -lgdi32 -lcrypt32
+  endif
+  CFLAGS += -DUSE_SSLEAY
  curl_LDADD += -L"$(OPENSSL_LIBPATH)" $(OPENSSL_LIBS)
 endif
 ifdef ZLIB
@@ -184,6 +226,9 @@ endif
 endif
 ifdef SSPI
  CFLAGS += -DUSE_WINDOWS_SSPI
+  ifdef SCHANNEL
+    CFLAGS += -DUSE_SCHANNEL
+  endif
 endif
 ifdef SPNEGO
  CFLAGS += -DHAVE_SPNEGO
@@ -215,6 +260,8 @@ include Makefile.inc
 check_PROGRAMS := $(patsubst %,%.exe,$(strip $(check_PROGRAMS)))
 check_PROGRAMS += ftpuploadresume.exe synctime.exe

+.PRECIOUS: %.o
+

 all: $(check_PROGRAMS)

@@ -228,8 +275,8 @@ all: $(check_PROGRAMS)
 	$(RC) $(RCFLAGS) $< -o $@

 clean:
-	-$(RM) $(check_PROGRAMS:.exe=.o)
+	@$(call DEL, $(check_PROGRAMS:.exe=.o))

 distclean vclean: clean
-	-$(RM) $(check_PROGRAMS)
+	@$(call DEL, $(check_PROGRAMS))

--- a/docs/examples/Makefile.netware
+++ b/docs/examples/Makefile.netware
@@ -14,17 +14,17 @@ endif

 # Edit the path below to point to the base of your Zlib sources.
 ifndef ZLIB_PATH
-ZLIB_PATH = ../../../zlib-1.2.5
+ZLIB_PATH = ../../../zlib-1.2.7
 endif

 # Edit the path below to point to the base of your OpenSSL package.
 ifndef OPENSSL_PATH
-OPENSSL_PATH = ../../../openssl-0.9.8r
+OPENSSL_PATH = ../../../openssl-0.9.8x
 endif

 # Edit the path below to point to the base of your LibSSH2 package.
 ifndef LIBSSH2_PATH
-LIBSSH2_PATH = ../../../libssh2-1.3.0
+LIBSSH2_PATH = ../../../libssh2-1.4.2
 endif

 # Edit the path below to point to the base of your axTLS package.
--- a/docs/examples/anyauthput.c
+++ b/docs/examples/anyauthput.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -42,7 +42,6 @@
 #endif

 #include <curl/curl.h>
-#include "printf_macro.h"

 #if LIBCURL_VERSION_NUM < 0x070c03
 #error "upgrade your libcurl to no less than 7.12.3"
@@ -89,12 +88,16 @@ static curlioerr my_ioctl(CURL *handle, curliocmd cmd, void *userp)
 static size_t read_callback(void *ptr, size_t size, size_t nmemb, void *stream)
 {
  size_t retcode;
+  curl_off_t nread;

  intptr_t fd = (intptr_t)stream;

  retcode = read(fd, ptr, size * nmemb);

-  fprintf(stderr, "*** We read %" _FMT_SIZE_T " bytes from file\n", retcode);
+  nread = (curl_off_t)retcode;
+
+  fprintf(stderr, "*** We read %" CURL_FORMAT_CURL_OFF_T
+          " bytes from file\n", nread);

  return retcode;
 }
@@ -159,6 +162,10 @@ int main(int argc, char **argv)

    /* Now run off and do what you've been told! */
    res = curl_easy_perform(curl);
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));

    /* always cleanup */
    curl_easy_cleanup(curl);
--- a/docs/examples/debug.c
+++ b/docs/examples/debug.c
@@ -132,6 +132,10 @@ int main(void)

    curl_easy_setopt(curl, CURLOPT_URL, "http://example.com/");
    res = curl_easy_perform(curl);
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));

    /* always cleanup */
    curl_easy_cleanup(curl);
--- a/docs/examples/externalsocket.c
+++ b/docs/examples/externalsocket.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -57,7 +57,10 @@ static curl_socket_t opensocket(void *clientp,
                                curlsocktype purpose,
                                struct curl_sockaddr *address)
 {
-  curl_socket_t sockfd = *(curl_socket_t *)clientp;
+  curl_socket_t sockfd;
+  (void)purpose;
+  (void)address;
+  sockfd = *(curl_socket_t *)clientp;
  /* the actual externally set socket is passed in via the OPENSOCKETDATA
     option */
  return sockfd;
@@ -66,6 +69,9 @@ static curl_socket_t opensocket(void *clientp,
 static int sockopt_callback(void *clientp, curl_socket_t curlfd,
                            curlsocktype purpose)
 {
+  (void)clientp;
+  (void)curlfd;
+  (void)purpose;
  /* This return code was added in libcurl 7.21.5 */
  return CURL_SOCKOPT_ALREADY_CONNECTED;
 }
@@ -96,7 +102,7 @@ int main(void)
    curl_easy_setopt(curl, CURLOPT_URL, "http://99.99.99.99:9999");

    /* Create the socket "manually" */
-    if( (sockfd = socket(AF_INET, SOCK_STREAM, 0)) < 0 ) {
+    if( (sockfd = socket(AF_INET, SOCK_STREAM, 0)) == CURL_SOCKET_BAD ) {
      printf("Error creating listening socket.\n");
      return 3;
    }
--- a/docs/examples/fileupload.c
+++ b/docs/examples/fileupload.c
@@ -64,14 +64,21 @@ int main(void)
    curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);

    res = curl_easy_perform(curl);
+    /* Check for errors */
+    if(res != CURLE_OK) {
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));

-    /* now extract transfer info */
-    curl_easy_getinfo(curl, CURLINFO_SPEED_UPLOAD, &speed_upload);
-    curl_easy_getinfo(curl, CURLINFO_TOTAL_TIME, &total_time);
+    }
+    else {
+      /* now extract transfer info */
+      curl_easy_getinfo(curl, CURLINFO_SPEED_UPLOAD, &speed_upload);
+      curl_easy_getinfo(curl, CURLINFO_TOTAL_TIME, &total_time);

-    fprintf(stderr, "Speed: %.3f bytes/sec during %.3f seconds\n",
-            speed_upload, total_time);
+      fprintf(stderr, "Speed: %.3f bytes/sec during %.3f seconds\n",
+              speed_upload, total_time);

+    }
    /* always cleanup */
    curl_easy_cleanup(curl);
  }
--- a/docs/examples/ftp-wildcard.c
+++ b/docs/examples/ftp-wildcard.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -33,7 +33,7 @@ static long file_is_comming(struct curl_fileinfo *finfo,
 static long file_is_downloaded(struct callback_data *data);

 static size_t write_it(char *buff, size_t size, size_t nmemb,
-                       struct callback_data *data);
+                       void *cb_data);

 int main(int argc, char **argv)
 {
@@ -135,8 +135,9 @@ static long file_is_downloaded(struct callback_data *data)
 }

 static size_t write_it(char *buff, size_t size, size_t nmemb,
-                       struct callback_data *data)
+                       void *cb_data)
 {
+  struct callback_data *data = cb_data;
  size_t written = 0;
  if(data->output)
    written = fwrite(buff, size, nmemb, data->output);
--- a/docs/examples/ftpgetresp.c
+++ b/docs/examples/ftpgetresp.c
@@ -60,6 +60,10 @@ int main(void)
    curl_easy_setopt(curl, CURLOPT_HEADERFUNCTION, write_response);
    curl_easy_setopt(curl, CURLOPT_WRITEHEADER, respfile);
    res = curl_easy_perform(curl);
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));

    /* always cleanup */
    curl_easy_cleanup(curl);
--- a/docs/examples/ftpupload.c
+++ b/docs/examples/ftpupload.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -32,7 +32,6 @@
 #else
 #include <unistd.h>
 #endif
-#include "printf_macro.h"

 /*
 * This example shows an FTP upload, with a rename of the file just after
@@ -52,12 +51,16 @@
   variable's memory when passed in to it from an app like this. */
 static size_t read_callback(void *ptr, size_t size, size_t nmemb, void *stream)
 {
+  curl_off_t nread;
  /* in real-world cases, this would probably get this data differently
     as this fread() stuff is exactly what the library already would do
     by default internally */
  size_t retcode = fread(ptr, size, nmemb, stream);

-  fprintf(stderr, "*** We read %" _FMT_SIZE_T " bytes from file\n", retcode);
+  nread = (curl_off_t)retcode;
+
+  fprintf(stderr, "*** We read %" CURL_FORMAT_CURL_OFF_T
+          " bytes from file\n", nread);
  return retcode;
 }

@@ -119,6 +122,10 @@ int main(void)

    /* Now run off and do what you've been told! */
    res = curl_easy_perform(curl);
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));

    /* clean up the FTP commands list */
    curl_slist_free_all (headerlist);
--- a/docs/examples/http-post.c
+++ b/docs/examples/http-post.c
@@ -27,6 +27,10 @@ int main(void)
  CURL *curl;
  CURLcode res;

+  /* In windows, this will init the winsock stuff */
+  curl_global_init(CURL_GLOBAL_ALL);
+
+  /* get a curl handle */
  curl = curl_easy_init();
  if(curl) {
    /* First set the URL that is about to receive our POST. This URL can
@@ -38,9 +42,14 @@ int main(void)

    /* Perform the request, res will get the return code */
    res = curl_easy_perform(curl);
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));

    /* always cleanup */
    curl_easy_cleanup(curl);
  }
+  curl_global_cleanup();
  return 0;
 }
--- a/docs/examples/httpcustomheader.c
+++ b/docs/examples/httpcustomheader.c
@@ -38,10 +38,18 @@ int main(void)
    curl_easy_setopt(curl, CURLOPT_URL, "localhost");
    curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
    res = curl_easy_perform(curl);
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));

    /* redo request with our own custom Accept: */
    res = curl_easy_setopt(curl, CURLOPT_HTTPHEADER, chunk);
    res = curl_easy_perform(curl);
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));

    /* always cleanup */
    curl_easy_cleanup(curl);
--- a/docs/examples/httpput.c
+++ b/docs/examples/httpput.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -25,7 +25,6 @@
 #include <unistd.h>

 #include <curl/curl.h>
-#include "printf_macro.h"

 /*
 * This example shows a HTTP PUT operation. PUTs a file given as a command
@@ -40,13 +39,17 @@
 static size_t read_callback(void *ptr, size_t size, size_t nmemb, void *stream)
 {
  size_t retcode;
+  curl_off_t nread;

  /* in real-world cases, this would probably get this data differently
     as this fread() stuff is exactly what the library already would do
     by default internally */
  retcode = fread(ptr, size, nmemb, stream);

-  fprintf(stderr, "*** We read %" _FMT_SIZE_T " bytes from file\n", retcode);
+  nread = (curl_off_t)retcode;
+
+  fprintf(stderr, "*** We read %" CURL_FORMAT_CURL_OFF_T
+          " bytes from file\n", nread);

  return retcode;
 }
@@ -107,6 +110,10 @@ int main(int argc, char **argv)

    /* Now run off and do what you've been told! */
    res = curl_easy_perform(curl);
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));

    /* always cleanup */
    curl_easy_cleanup(curl);
--- a/docs/examples/https.c
+++ b/docs/examples/https.c
@@ -55,7 +55,12 @@ int main(void)
    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
 #endif

+    /* Perform the request, res will get the return code */
    res = curl_easy_perform(curl);
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));

    /* always cleanup */
    curl_easy_cleanup(curl);
--- a/docs/examples/imap.c
+++ b/docs/examples/imap.c
@@ -25,7 +25,7 @@
 int main(void)
 {
  CURL *curl;
-  CURLcode res;
+  CURLcode res = CURLE_OK;

  curl = curl_easy_init();
  if(curl) {
--- a/docs/examples/persistant.c
+++ b/docs/examples/persistant.c
@@ -37,12 +37,24 @@ int main(void)

    /* get the first document */
    curl_easy_setopt(curl, CURLOPT_URL, "http://example.com/");
+
+    /* Perform the request, res will get the return code */
    res = curl_easy_perform(curl);
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));

    /* get another document from the same server using the same
       connection */
    curl_easy_setopt(curl, CURLOPT_URL, "http://example.com/docs/");
+
+    /* Perform the request, res will get the return code */
    res = curl_easy_perform(curl);
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));

    /* always cleanup */
    curl_easy_cleanup(curl);
--- a/docs/examples/pop3s.c
+++ b/docs/examples/pop3s.c
@@ -59,7 +59,12 @@ int main(void)
    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
 #endif

+    /* Perform the request, res will get the return code */
    res = curl_easy_perform(curl);
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));

    /* always cleanup */
    curl_easy_cleanup(curl);
--- a/docs/examples/pop3slist.c
+++ b/docs/examples/pop3slist.c
@@ -59,7 +59,12 @@ int main(void)
    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
 #endif

+    /* Perform the request, res will get the return code */
    res = curl_easy_perform(curl);
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));

    /* always cleanup */
    curl_easy_cleanup(curl);
--- a/docs/examples/post-callback.c
+++ b/docs/examples/post-callback.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -30,7 +30,7 @@ const char data[]="this is what we post to the silly web server";

 struct WriteThis {
  const char *readptr;
-  int sizeleft;
+  long sizeleft;
 };

 static size_t read_callback(void *ptr, size_t size, size_t nmemb, void *userp)
@@ -60,6 +60,16 @@ int main(void)
  pooh.readptr = data;
  pooh.sizeleft = strlen(data);

+  /* In windows, this will init the winsock stuff */
+  res = curl_global_init(CURL_GLOBAL_DEFAULT);
+  /* Check for errors */
+  if(res != CURLE_OK) {
+    fprintf(stderr, "curl_global_init() failed: %s\n",
+            curl_easy_strerror(res));
+    return 1;
+  }
+
+  /* get a curl handle */
  curl = curl_easy_init();
  if(curl) {
    /* First set the URL that is about to receive our POST. */
@@ -96,7 +106,7 @@ int main(void)
 #else
    /* Set the expected POST size. If you want to POST large amounts of data,
       consider CURLOPT_POSTFIELDSIZE_LARGE */
-    curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, (curl_off_t)pooh.sizeleft);
+    curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, pooh.sizeleft);
 #endif

 #ifdef DISABLE_EXPECT
@@ -120,9 +130,14 @@ int main(void)

    /* Perform the request, res will get the return code */
    res = curl_easy_perform(curl);
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));

    /* always cleanup */
    curl_easy_cleanup(curl);
  }
+  curl_global_cleanup();
  return 0;
 }
--- a/docs/examples/postit2.c
+++ b/docs/examples/postit2.c
@@ -83,7 +83,13 @@ int main(int argc, char *argv[])
      /* only disable 100-continue header if explicitly requested */
      curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headerlist);
    curl_easy_setopt(curl, CURLOPT_HTTPPOST, formpost);
+
+    /* Perform the request, res will get the return code */
    res = curl_easy_perform(curl);
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));

    /* always cleanup */
    curl_easy_cleanup(curl);
--- a/docs/examples/printf_macro.h
+++ b/docs/examples/printf_macro.h
@@ -1,45 +0,0 @@
-/***************************************************************************
- *                                  _   _ ____  _
- *  Project                     ___| | | |  _ \| |
- *                             / __| | | | |_) | |
- *                            | (__| |_| |  _ <| |___
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- ***************************************************************************/
-/* Simple hack trying to get a valid printf format string for size_t.
- * If that fails for your platform you can define your own _FMT_SIZE_T,
- * f.e.: -D_FMT_SIZE_T="zd"
- */
-#ifndef _PRINTF_MACRO_H
-#define _PRINTF_MACRO_H
-
-#ifndef _FMT_SIZE_T
-#ifdef WIN32
-#define _FMT_SIZE_T "Id"
-#else
-/*
-"zd" is a GNU extension to POSIX; so we dont use it for size_t but hack around
-#define _FMT_SIZE_T "zd"
-*/
-#ifdef __x86_64__
-#define _FMT_SIZE_T "lu"
-#else
-#define _FMT_SIZE_T "u"
-#endif /* __x86_64__ */
-#endif /* WIN32 */
-#endif /* !_FMT_SIZE_T */
-
-#endif /* !_PRINTF_MACRO_H */
--- a/docs/examples/sendrecv.c
+++ b/docs/examples/sendrecv.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -24,7 +24,6 @@
 #include <stdio.h>
 #include <string.h>
 #include <curl/curl.h>
-#include "printf_macro.h"

 /* Auxiliary function that waits on the socket. */
 static int wait_on_socket(curl_socket_t sockfd, int for_recv, long timeout_ms)
@@ -65,6 +64,7 @@ int main(void)
  curl_socket_t sockfd; /* socket */
  long sockextr;
  size_t iolen;
+  curl_off_t nread;

  curl = curl_easy_init();
  if(curl) {
@@ -123,7 +123,9 @@ int main(void)
      if(CURLE_OK != res)
        break;

-      printf("Received %" _FMT_SIZE_T " bytes.\n", iolen);
+      nread = (curl_off_t)iolen;
+
+      printf("Received %" CURL_FORMAT_CURL_OFF_T " bytes.\n", nread);
    }

    /* always cleanup */
--- a/docs/examples/simple.c
+++ b/docs/examples/simple.c
@@ -30,7 +30,13 @@ int main(void)
  curl = curl_easy_init();
  if(curl) {
    curl_easy_setopt(curl, CURLOPT_URL, "http://example.com");
+
+    /* Perform the request, res will get the return code */
    res = curl_easy_perform(curl);
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));

    /* always cleanup */
    curl_easy_cleanup(curl);
--- a/docs/examples/simplepost.c
+++ b/docs/examples/simplepost.c
@@ -39,7 +39,12 @@ int main(void)
       itself */
    curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, (long)strlen(postthis));

+    /* Perform the request, res will get the return code */
    res = curl_easy_perform(curl);
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));

    /* always cleanup */
    curl_easy_cleanup(curl);
--- a/docs/examples/simplesmtp.c
+++ b/docs/examples/simplesmtp.c
@@ -65,6 +65,10 @@ int main(void)

    /* send the message (including headers) */
    res = curl_easy_perform(curl);
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));

    /* free the list of recipients */
    curl_slist_free_all(recipients);
--- a/docs/examples/simplessl.c
+++ b/docs/examples/simplessl.c
@@ -118,7 +118,13 @@ int main(void)
      /* disconnect if we can't validate server's cert */
      curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,1L);

+      /* Perform the request, res will get the return code */
      res = curl_easy_perform(curl);
+      /* Check for errors */
+      if(res != CURLE_OK)
+        fprintf(stderr, "curl_easy_perform() failed: %s\n",
+                curl_easy_strerror(res));
+
      break;                   /* we are done... */
    }
    /* always cleanup */
--- a/docs/examples/smtp-multi.c
+++ b/docs/examples/smtp-multi.c
@@ -96,7 +96,6 @@ int main(void)
   CURLM *mcurl;
   int still_running = 1;
   struct timeval mp_start;
-   char mp_timedout = 0;
   struct WriteThis pooh;
   struct curl_slist* rcpt_list = NULL;

@@ -132,7 +131,6 @@ int main(void)
   curl_easy_setopt(curl, CURLOPT_SSL_SESSIONID_CACHE, 0L);
   curl_multi_add_handle(mcurl, curl);

-   mp_timedout = 0;
   mp_start = tvnow();

  /* we start some action by calling perform right away */
--- a/docs/examples/smtp-tls.c
+++ b/docs/examples/smtp-tls.c
@@ -139,6 +139,10 @@ int main(void)

    /* send the message (including headers) */
    res = curl_easy_perform(curl);
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));

    /* free the list of recipients and clean up */
    curl_slist_free_all(recipients);
--- a/docs/libcurl/curl_easy_getinfo.3
+++ b/docs/libcurl/curl_easy_getinfo.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -44,11 +44,13 @@ The following information can be extracted:
 .IP CURLINFO_EFFECTIVE_URL
 Pass a pointer to a char pointer to receive the last used effective URL.
 .IP CURLINFO_RESPONSE_CODE
-Pass a pointer to a long to receive the last received HTTP or FTP code. This
-option was known as CURLINFO_HTTP_CODE in libcurl 7.10.7 and earlier. This
-will be zero if no server response code has been received. Note that a proxy's
-CONNECT response should be read with \fICURLINFO_HTTP_CONNECTCODE\fP and not
-this.
+Pass a pointer to a long to receive the last received HTTP, FTP or SMTP
+response code. This option was previously known as CURLINFO_HTTP_CODE in
+libcurl 7.10.7 and earlier. The value will be zero if no server response code
+has been received. Note that a proxy's CONNECT response should be read with
+\fICURLINFO_HTTP_CONNECTCODE\fP and not this.
+
+Support for SMTP responses added in 7.25.0.
 .IP CURLINFO_HTTP_CONNECTCODE
 Pass a pointer to a long to receive the last received proxy response code to a
 CONNECT request.
--- a/docs/libcurl/curl_easy_setopt.3
+++ b/docs/libcurl/curl_easy_setopt.3
@@ -69,7 +69,7 @@ output. This is only relevant for protocols that actually have headers
 preceding the data (like HTTP).
 .IP CURLOPT_NOPROGRESS
 Pass a long. If set to 1, it tells the library to shut off the progress meter
-completely. It will also present the \fICURLOPT_PROGRESSFUNCTION\fP from
+completely. It will also prevent the \fICURLOPT_PROGRESSFUNCTION\fP from
 getting called.

 Future versions of libcurl are likely to not have any built-in progress meter
@@ -147,10 +147,10 @@ Using the rules above, a file name pattern can be constructed:
 (This was added in 7.21.0)
 .SH CALLBACK OPTIONS
 .IP CURLOPT_WRITEFUNCTION
-Function pointer that should match the following prototype: \fBsize_t
-function( char *ptr, size_t size, size_t nmemb, void *userdata);\fP This
-function gets called by libcurl as soon as there is data received that needs
-to be saved. The size of the data pointed to by \fIptr\fP is \fIsize\fP
+Pass a pointer to a function that matches the following prototype:
+\fBsize_t function( char *ptr, size_t size, size_t nmemb, void *userdata);\fP
+This function gets called by libcurl as soon as there is data received that
+needs to be saved. The size of the data pointed to by \fIptr\fP is \fIsize\fP
 multiplied with \fInmemb\fP, it will not be zero terminated. Return the number
 of bytes actually taken care of. If that amount differs from the amount passed
 to your function, it'll signal an error to the library. This will abort the
@@ -193,11 +193,11 @@ crashes.
 This option is also known with the older name \fICURLOPT_FILE\fP, the name
 \fICURLOPT_WRITEDATA\fP was introduced in 7.9.7.
 .IP CURLOPT_READFUNCTION
-Function pointer that should match the following prototype: \fBsize_t
-function( void *ptr, size_t size, size_t nmemb, void *userdata);\fP This
-function gets called by libcurl as soon as it needs to read data in order to
-send it to the peer. The data area pointed at by the pointer \fIptr\fP may be
-filled with at most \fIsize\fP multiplied with \fInmemb\fP number of
+Pass a pointer to a function that matches the following prototype:
+\fBsize_t function( void *ptr, size_t size, size_t nmemb, void *userdata);\fP
+This function gets called by libcurl as soon as it needs to read data in order
+to send it to the peer. The data area pointed at by the pointer \fIptr\fP may
+be filled with at most \fIsize\fP multiplied with \fInmemb\fP number of
 bytes. Your function must return the actual number of bytes that you stored in
 that memory area. Returning 0 will signal end-of-file to the library and cause
 it to stop the current transfer.
@@ -234,13 +234,13 @@ If you're using libcurl as a win32 DLL, you MUST use a
 This option was also known by the older name \fICURLOPT_INFILE\fP, the name
 \fICURLOPT_READDATA\fP was introduced in 7.9.7.
 .IP CURLOPT_IOCTLFUNCTION
-Function pointer that should match the \fIcurl_ioctl_callback\fP prototype
-found in \fI<curl/curl.h>\fP. This function gets called by libcurl when
-something special I/O-related needs to be done that the library can't do by
-itself. For now, rewinding the read data stream is the only action it can
-request. The rewinding of the read data stream may be necessary when doing a
-HTTP PUT or POST with a multi-pass authentication method.  (Option added in
-7.12.3).
+Pass a pointer to a function that matches the following prototype:
+\fBcurlioerr function(CURL *handle, int cmd, void *clientp);\fP. This function
+gets called by libcurl when something special I/O-related needs to be done
+that the library can't do by itself. For now, rewinding the read data stream
+is the only action it can request. The rewinding of the read data stream may
+be necessary when doing a HTTP PUT or POST with a multi-pass authentication
+method.  (Option added in 7.12.3).

 Use \fICURLOPT_SEEKFUNCTION\fP instead to provide seeking!
 .IP CURLOPT_IOCTLDATA
@@ -248,7 +248,7 @@ Pass a pointer that will be untouched by libcurl and passed as the 3rd
 argument in the ioctl callback set with \fICURLOPT_IOCTLFUNCTION\fP.  (Option
 added in 7.12.3)
 .IP CURLOPT_SEEKFUNCTION
-Function pointer that should match the following prototype: \fIint
+Pass a pointer to a function that matches the following prototype: \fBint
 function(void *instream, curl_off_t offset, int origin);\fP This function gets
 called by libcurl to seek to a certain position in the input stream and can be
 used to fast forward a file in a resumed upload (instead of reading all
@@ -266,22 +266,22 @@ If you forward the input arguments directly to "fseek" or "lseek", note that
 the data type for \fIoffset\fP is not the same as defined for curl_off_t on
 many systems! (Option added in 7.18.0)
 .IP CURLOPT_SEEKDATA
-Data pointer to pass to the file read function. If you use the
+Data pointer to pass to the file seek function. If you use the
 \fICURLOPT_SEEKFUNCTION\fP option, this is the pointer you'll get as input. If
 you don't specify a seek callback, NULL is passed. (Option added in 7.18.0)
 .IP CURLOPT_SOCKOPTFUNCTION
-Function pointer that should match the \fIcurl_sockopt_callback\fP prototype
-found in \fI<curl/curl.h>\fP. This function gets called by libcurl after the
-socket() call but before the connect() call. The callback's \fIpurpose\fP
-argument identifies the exact purpose for this particular socket, and
-currently only one value is supported: \fICURLSOCKTYPE_IPCXN\fP for the
-primary connection (meaning the control connection in the FTP case). Future
-versions of libcurl may support more purposes. It passes the newly created
-socket descriptor so additional setsockopt() calls can be done at the user's
-discretion.  Return 0 (zero) from the callback on success. Return 1 from the
-callback function to signal an unrecoverable error to the library and it will
-close the socket and return \fICURLE_COULDNT_CONNECT\fP.  (Option added in
-7.15.6.)
+Pass a pointer to a function that matches the following prototype: \fBint
+function(void *clientp, curl_socket_t curlfd, curlsocktype purpose);\fP. This
+function gets called by libcurl after the socket() call but before the
+connect() call. The callback's \fIpurpose\fP argument identifies the exact
+purpose for this particular socket, and currently only one value is supported:
+\fICURLSOCKTYPE_IPCXN\fP for the primary connection (meaning the control
+connection in the FTP case). Future versions of libcurl may support more
+purposes. It passes the newly created socket descriptor so additional
+setsockopt() calls can be done at the user's discretion.  Return 0 (zero) from
+the callback on success. Return 1 from the callback function to signal an
+unrecoverable error to the library and it will close the socket and return
+\fICURLE_COULDNT_CONNECT\fP.  (Option added in 7.16.0)

 Added in 7.21.5, the callback function may return
 \fICURL_SOCKOPT_ALREADY_CONNECTED\fP, which tells libcurl that the socket is
@@ -289,22 +289,23 @@ in fact already connected and then libcurl will not attempt to connect it.
 .IP CURLOPT_SOCKOPTDATA
 Pass a pointer that will be untouched by libcurl and passed as the first
 argument in the sockopt callback set with \fICURLOPT_SOCKOPTFUNCTION\fP.
-(Option added in 7.15.6.)
+(Option added in 7.16.0)
 .IP CURLOPT_OPENSOCKETFUNCTION
-Function pointer that should match the \fIcurl_opensocket_callback\fP
-prototype found in \fI<curl/curl.h>\fP. This function gets called by libcurl
-instead of the \fIsocket(2)\fP call. The callback's \fIpurpose\fP argument
-identifies the exact purpose for this particular socket:
-\fICURLSOCKTYPE_IPCXN\fP is for IP based connections. Future versions of
-libcurl may support more purposes. It passes the resolved peer address as a
-\fIaddress\fP argument so the callback can modify the address or refuse to
-connect at all. The callback function should return the socket or
-\fICURL_SOCKET_BAD\fP in case no connection should be established or any error
-detected. Any additional \fIsetsockopt(2)\fP calls can be done on the socket
-at the user's discretion.  \fICURL_SOCKET_BAD\fP return value from the
-callback function will signal an unrecoverable error to the library and it
-will return \fICURLE_COULDNT_CONNECT\fP.  This return code can be used for IP
-address blacklisting.  The default behavior is:
+Pass a pointer to a function that matches the following prototype:
+\fBcurl_socket_t function(void *clientp, curlsocktype purpose, struct
+curl_sockaddr *address);\fP. This function gets called by libcurl instead of
+the \fIsocket(2)\fP call. The callback's \fIpurpose\fP argument identifies the
+exact purpose for this particular socket: \fICURLSOCKTYPE_IPCXN\fP is for IP
+based connections. Future versions of libcurl may support more purposes. It
+passes the resolved peer address as a \fIaddress\fP argument so the callback
+can modify the address or refuse to connect at all. The callback function
+should return the socket or \fICURL_SOCKET_BAD\fP in case no connection could
+be established or another error was detected. Any additional
+\fIsetsockopt(2)\fP calls can be done on the socket at the user's discretion.
+\fICURL_SOCKET_BAD\fP return value from the callback function will signal an
+unrecoverable error to the library and it will return
+\fICURLE_COULDNT_CONNECT\fP.  This return code can be used for IP address
+blacklisting.  The default behavior is:
 .nf
   return socket(addr->family, addr->socktype, addr->protocol);
 .fi
@@ -314,25 +315,26 @@ Pass a pointer that will be untouched by libcurl and passed as the first
 argument in the opensocket callback set with \fICURLOPT_OPENSOCKETFUNCTION\fP.
 (Option added in 7.17.1.)
 .IP CURLOPT_CLOSESOCKETFUNCTION
-Function pointer that should match the \fIcurl_closesocket_callback\fP
-prototype found in \fI<curl/curl.h>\fP. This function gets called by libcurl
-instead of the \fIclose(3)\fP or \fIclosesocket(3)\fP call when sockets are
-closed (not for any other file descriptors). This is pretty much the reverse
-to the \fICURLOPT_OPENSOCKETFUNCTION\fP option. Return 0 to signal success and
-1 if there was an error.  (Option added in 7.21.7)
+Pass a pointer to a function that matches the following prototype: \fBint
+function(void *clientp, curl_socket_t item);\fP. This function gets called by
+libcurl instead of the \fIclose(3)\fP or \fIclosesocket(3)\fP call when
+sockets are closed (not for any other file descriptors). This is pretty much
+the reverse to the \fICURLOPT_OPENSOCKETFUNCTION\fP option. Return 0 to signal
+success and 1 if there was an error.  (Option added in 7.21.7)
 .IP CURLOPT_CLOSESOCKETDATA
 Pass a pointer that will be untouched by libcurl and passed as the first
-argument in the opensocket callback set with
+argument in the closesocket callback set with
 \fICURLOPT_CLOSESOCKETFUNCTION\fP.  (Option added in 7.21.7)
 .IP CURLOPT_PROGRESSFUNCTION
-Function pointer that should match the \fIcurl_progress_callback\fP prototype
-found in \fI<curl/curl.h>\fP. This function gets called by libcurl instead of
-its internal equivalent with a frequent interval during operation (roughly
-once per second or sooner) no matter if data is being transfered or not.
-Unknown/unused argument values passed to the callback will be set to zero
-(like if you only download data, the upload size will remain 0). Returning a
-non-zero value from this callback will cause libcurl to abort the transfer and
-return \fICURLE_ABORTED_BY_CALLBACK\fP.
+Pass a pointer to a function that matches the following prototype: \fBint
+function(void *clientp, double dltotal, double dlnow, double ultotal, double
+ulnow); \fP. This function gets called by libcurl instead of its internal
+equivalent with a frequent interval during operation (roughly once per second
+or sooner) no matter if data is being transferred or not.  Unknown/unused
+argument values passed to the callback will be set to zero (like if you only
+download data, the upload size will remain 0). Returning a non-zero value from
+this callback will cause libcurl to abort the transfer and return
+\fICURLE_ABORTED_BY_CALLBACK\fP.

 If you transfer data with the multi interface, this function will not be
 called during periods of idleness unless you call the appropriate libcurl
@@ -344,20 +346,20 @@ get called.
 Pass a pointer that will be untouched by libcurl and passed as the first
 argument in the progress callback set with \fICURLOPT_PROGRESSFUNCTION\fP.
 .IP CURLOPT_HEADERFUNCTION
-Function pointer that should match the following prototype: \fIsize_t
-function( void *ptr, size_t size, size_t nmemb, void *userdata);\fP. This
-function gets called by libcurl as soon as it has received header data. The
-header callback will be called once for each header and only complete header
-lines are passed on to the callback. Parsing headers is very easy using
-this. The size of the data pointed to by \fIptr\fP is \fIsize\fP multiplied
-with \fInmemb\fP. Do not assume that the header line is zero terminated! The
-pointer named \fIuserdata\fP is the one you set with the
+Pass a pointer to a function that matches the following prototype:
+\fBsize_t function( void *ptr, size_t size, size_t nmemb, void
+*userdata);\fP. This function gets called by libcurl as soon as it has
+received header data. The header callback will be called once for each header
+and only complete header lines are passed on to the callback. Parsing headers
+is very easy using this. The size of the data pointed to by \fIptr\fP is
+\fIsize\fP multiplied with \fInmemb\fP. Do not assume that the header line is
+zero terminated! The pointer named \fIuserdata\fP is the one you set with the
 \fICURLOPT_WRITEHEADER\fP option. The callback function must return the number
 of bytes actually taken care of. If that amount differs from the amount passed
 to your function, it'll signal an error to the library. This will abort the
 transfer and return \fICURL_WRITE_ERROR\fP.

-A complete header that is passed to this function can be up to
+A complete HTTP header that is passed to this function can be up to
 \fICURL_MAX_HTTP_HEADER\fP (100K) bytes.

 If this option is not set, or if it is set to NULL, but
@@ -380,6 +382,9 @@ to detect it being a trailer and not an ordinary header: 1) it comes after the
 response-body. 2) it comes after the final header line (CR LF) 3) a Trailer:
 header among the regular response-headers mention what header(s) to expect in
 the trailer.
+
+For non-HTTP protocols like FTP, POP3, IMAP and SMTP this function will get
+called with the server responses to the commands that libcurl sends.
 .IP CURLOPT_WRITEHEADER
 (This option is also known as \fBCURLOPT_HEADERDATA\fP) Pass a pointer to be
 used to write the header part of the received data to. If you don't use
@@ -388,7 +393,7 @@ the writing, this must be a valid FILE * as the internal default will then be
 a plain fwrite(). See also the \fICURLOPT_HEADERFUNCTION\fP option above on
 how to set a custom get-all-headers callback.
 .IP CURLOPT_DEBUGFUNCTION
-Function pointer that should match the following prototype: \fIint
+Pass a pointer to a function that matches the following prototype: \fBint
 curl_debug_callback (CURL *, curl_infotype, char *, size_t, void *);\fP
 \fICURLOPT_DEBUGFUNCTION\fP replaces the standard debug function used when
 \fICURLOPT_VERBOSE \fP is in effect. This callback receives debug information,
@@ -417,11 +422,11 @@ used by libcurl, it is only passed to the callback.
 This option does only function for libcurl powered by OpenSSL. If libcurl was
 built against another SSL library, this functionality is absent.

-Function pointer that should match the following prototype: \fBCURLcode
-sslctxfun(CURL *curl, void *sslctx, void *parm);\fP This function gets called
-by libcurl just before the initialization of an SSL connection after having
-processed all other SSL related options to give a last chance to an
-application to modify the behaviour of openssl's ssl initialization. The
+Pass a pointer to a function that matches the following prototype:
+\fBCURLcode sslctxfun(CURL *curl, void *sslctx, void *parm);\fP This function
+gets called by libcurl just before the initialization of a SSL connection
+after having processed all other SSL related options to give a last chance to
+an application to modify the behaviour of openssl's ssl initialization. The
 \fIsslctx\fP parameter is actually a pointer to an openssl \fISSL_CTX\fP. If
 an error is returned no attempt to establish a connection is made and the
 perform operation will return the error code from this callback function.  Set
@@ -434,7 +439,7 @@ the SSL negotiation. The SSL_CTX pointer will be a new one every time.
 To use this properly, a non-trivial amount of knowledge of the openssl
 libraries is necessary. For example, using this function allows you to use
 openssl callbacks to add additional validation code for certificates, and even
-to change the actual URI of an HTTPS request (example used in the lib509 test
+to change the actual URI of a HTTPS request (example used in the lib509 test
 case).  See also the example section for a replacement of the key, certificate
 and trust file settings.
 .IP CURLOPT_SSL_CTX_DATA
@@ -444,8 +449,8 @@ parameter, otherwise \fBNULL\fP. (Added in 7.11.0)
 .IP CURLOPT_CONV_TO_NETWORK_FUNCTION
 .IP CURLOPT_CONV_FROM_NETWORK_FUNCTION
 .IP CURLOPT_CONV_FROM_UTF8_FUNCTION
-Function pointers that should match the following prototype: CURLcode
-function(char *ptr, size_t length);
+Pass a pointer to a function that matches the following prototype:
+\fBCURLcode function(char *ptr, size_t length);\fP

 These three options apply to non-ASCII platforms only.  They are available
 only if \fBCURL_DOES_CONVERSIONS\fP was defined when libcurl was built. When
@@ -487,18 +492,19 @@ follows:
 You will need to override these definitions if they are different on your
 system.
 .IP CURLOPT_INTERLEAVEFUNCTION
-Function pointer that should match the following prototype: \fIsize_t
-function( void *ptr, size_t size, size_t nmemb, void *userdata)\fP. This
-function gets called by libcurl as soon as it has received interleaved RTP
-data. This function gets called for each $ block and therefore contains
-exactly one upper-layer protocol unit (e.g.  one RTP packet). Curl writes the
-interleaved header as well as the included data for each call. The first byte
-is always an ASCII dollar sign. The dollar sign is followed by a one byte
-channel identifier and then a 2 byte integer length in network byte order. See
-\fIRFC 2326 Section 10.12\fP for more information on how RTP interleaving
-behaves. If unset or set to NULL, curl will use the default write function.
+Pass a pointer to a function that matches the following prototype:
+\fBsize_t function( void *ptr, size_t size, size_t nmemb, void
+*userdata)\fP. This function gets called by libcurl as soon as it has received
+interleaved RTP data. This function gets called for each $ block and therefore
+contains exactly one upper-layer protocol unit (e.g.  one RTP packet). Curl
+writes the interleaved header as well as the included data for each call. The
+first byte is always an ASCII dollar sign. The dollar sign is followed by a
+one byte channel identifier and then a 2 byte integer length in network byte
+order. See \fIRFC2326 Section 10.12\fP for more information on how RTP
+interleaving behaves. If unset or set to NULL, curl will use the default write
+function.

-Interleaved RTP poses some challeneges for the client application. Since the
+Interleaved RTP poses some challenges for the client application. Since the
 stream data is sharing the RTSP control connection, it is critical to service
 the RTP in a timely fashion. If the RTP data is not handled quickly,
 subsequent response processing may become unreasonably delayed and the
@@ -512,10 +518,10 @@ This is the userdata pointer that will be passed to
 \fICURLOPT_INTERLEAVEFUNCTION\fP when interleaved RTP data is received. (Added
 in 7.20.0)
 .IP CURLOPT_CHUNK_BGN_FUNCTION
-Function pointer that should match the following prototype: \fBlong function
-(const void *transfer_info, void *ptr, int remains)\fP. This function gets
-called by libcurl before a part of the stream is going to be transferred (if
-the transfer supports chunks).
+Pass a pointer to a function that matches the following prototype:
+\fBlong function (const void *transfer_info, void *ptr, int remains)\fP. This
+function gets called by libcurl before a part of the stream is going to be
+transferred (if the transfer supports chunks).

 This callback makes sense only when using the \fICURLOPT_WILDCARDMATCH\fP
 option for now.
@@ -532,9 +538,9 @@ Return \fICURL_CHUNK_BGN_FUNC_OK\fP if everything is fine,
 \fICURL_CHUNK_BGN_FUNC_FAIL\fP to tell libcurl to stop if some error occurred.
 (This was added in 7.21.0)
 .IP CURLOPT_CHUNK_END_FUNCTION
-Function pointer that should match the following prototype: \fBlong
-function(void *ptr)\fP. This function gets called by libcurl as soon as a part
-of the stream has been transferred (or skipped).
+Pass a pointer to a function that matches the following prototype:
+\fBlong function(void *ptr)\fP. This function gets called by libcurl as soon
+as a part of the stream has been transferred (or skipped).

 Return \fICURL_CHUNK_END_FUNC_OK\fP if everything is fine or
 \fBCURL_CHUNK_END_FUNC_FAIL\fP to tell the lib to stop if some error occurred.
@@ -544,9 +550,9 @@ Pass a pointer that will be untouched by libcurl and passed as the ptr
 argument to the \fICURL_CHUNK_BGN_FUNTION\fP and \fICURL_CHUNK_END_FUNTION\fP.
 (This was added in 7.21.0)
 .IP CURLOPT_FNMATCH_FUNCTION
-Function pointer that should match \fBint function(void *ptr, const char
-*pattern, const char *string)\fP prototype (see \fIcurl/curl.h\fP). It is used
-internally for the wildcard matching feature.
+Pass a pointer to a function that matches the following prototype: \fBint
+function(void *ptr, const char *pattern, const char *string)\fP prototype (see
+\fIcurl/curl.h\fP). It is used internally for the wildcard matching feature.

 Return \fICURL_FNMATCHFUNC_MATCH\fP if pattern matches the string,
 \fICURL_FNMATCHFUNC_NOMATCH\fP if not or \fICURL_FNMATCHFUNC_FAIL\fP if an
@@ -560,11 +566,11 @@ Pass a char * to a buffer that the libcurl may store human readable error
 messages in. This may be more helpful than just the return code from
 \fIcurl_easy_perform\fP. The buffer must be at least CURL_ERROR_SIZE big.
 Although this argument is a 'char *', it does not describe an input string.
-Therefore the (probably undefined) contents of the buffer is NOT copied
-by the library. You should keep the associated storage available until
-libcurl no longer needs it. Failing to do so will cause very odd behavior
-or even crashes. libcurl will need it until you call \fIcurl_easy_cleanup(3)\fP
-or you set the same option again to use a different pointer.
+Therefore the (probably undefined) contents of the buffer is NOT copied by the
+library. You must keep the associated storage available until libcurl no
+longer needs it. Failing to do so will cause very odd behavior or even
+crashes. libcurl will need it until you call \fIcurl_easy_cleanup(3)\fP or you
+set the same option again to use a different pointer.

 Use \fICURLOPT_VERBOSE\fP and \fICURLOPT_DEBUGFUNCTION\fP to better
 debug/trace why errors happen.
@@ -589,13 +595,13 @@ detected, like when a "100-continue" is received as a response to a
 POST/PUT and a 401 or 407 is received immediately afterwards.
 .SH NETWORK OPTIONS
 .IP CURLOPT_URL
-The actual URL to deal with. The parameter should be a char * to a zero
-terminated string which must be URL-encoded in the following format:
+Pass in a pointer to the actual URL to deal with. The parameter should be a
+char * to a zero terminated string which must be URL-encoded in the following
+format:

 scheme://host:port/path

-For a greater explanation of the format please see RFC 3986
-(http://curl.haxx.se/rfc/rfc3986.txt).
+For a greater explanation of the format please see RFC3986.

 If the given URL lacks the scheme, or protocol, part ("http://" or "ftp://"
 etc), libcurl will attempt to resolve which protocol to use based on the
@@ -623,18 +629,20 @@ authentication.

 For example the following types of authentication support this:

-http://user:password@www.domain.com
-ftp://user:password@ftp.domain.com
-pop3://user:password@mail.domain.com
+http://user:password@www.example.com
+
+ftp://user:password@ftp.example.com
+
+pop3://user:password@mail.example.com

 The port is optional and when not specified libcurl will use the default port
-based on the determined or specified protocol: 80 for http, 21 for ftp and 25
-for smtp, etc. The following examples show how to specify the port:
+based on the determined or specified protocol: 80 for HTTP, 21 for FTP and 25
+for SMTP, etc. The following examples show how to specify the port:

-http://www.weirdserver.com:8080/ - This will connect to a web server using
-port 8080.
+http://www.example.com:8080/ - This will connect to a web server using port
+8080 rather than 80.

-smtp://mail.domain.com:587/ - This will connect to a smtp server on the
+smtp://mail.example.com:587/ - This will connect to a SMTP server on the
 alternative mail port.

 The path part of the URL is protocol specific and whilst some examples are
@@ -649,13 +657,12 @@ retrieved for either the directory specified or the root directory. The
 exact resource returned for each URL is entirely dependent on the server's
 configuration.

-http://www.netscape.com - This gets the main page (index.html in this
-example) from Netscape's web server.
+http://www.example.com - This gets the main page from the web server.

-http://www.netscape.com/index.html - This returns the main page from Netscape
-by specifying the page to get.
+http://www.example.com/index.html - This returns the main page by explicitly
+requesting it.

-http://www.netscape.com/contactus/ - This returns the default document from
+http://www.example.com/contactus/ - This returns the default document from
 the contactus directory.

 .B FTP
@@ -665,15 +672,16 @@ directory. If the file part is omitted then libcurl downloads the directory
 listing for the directory specified. If the directory is omitted then
 the directory listing for the root / home directory will be returned.

-ftp://cool.haxx.se - This retrieves the directory listing for our FTP server.
+ftp://ftp.example.com - This retrieves the directory listing for the root
+directory.

-ftp://cool.haxx.se/readme.txt - This downloads the file readme.txt from the
+ftp://ftp.example.com/readme.txt - This downloads the file readme.txt from the
 root directory.

-ftp://cool.haxx.se/libcurl/readme.txt - This downloads readme.txt from the
+ftp://ftp.example.com/libcurl/readme.txt - This downloads readme.txt from the
 libcurl directory.

-ftp://user:password@my.example.com/readme.txt - This retrieves the readme.txt
+ftp://user:password@ftp.example.com/readme.txt - This retrieves the readme.txt
 file from the user's home directory. When a username and password is
 specified, everything that is specified in the path part is relative to the
 user's home directory. To retrieve files from the root directory or a
@@ -681,7 +689,7 @@ directory underneath the root directory then the absolute path must be
 specified by prepending an additional forward slash to the beginning of the
 path.

-ftp://user:password@my.example.com//readme.txt - This retrieves the readme.txt
+ftp://user:password@ftp.example.com//readme.txt - This retrieves the readme.txt
 from the root directory when logging in as a specified user.

 .B SMTP
@@ -694,11 +702,11 @@ and specifying this path allows you to set an alternative name, such as
 your machine's fully qualified domain name, which you might have obtained
 from an external function such as gethostname or getaddrinfo.

-smtp://mail.domain.com - This connects to the mail server at domain.com and
+smtp://mail.example.com - This connects to the mail server at example.com and
 sends your local computer's host name in the HELO / EHLO command.

-smtp://mail.domain.com/client.domain.com - This will send client.domain.com in
-the HELO / EHLO command to the mail server at domain.com.
+smtp://mail.example.com/client.example.com - This will send client.example.com in
+the HELO / EHLO command to the mail server at example.com.

 .B POP3

@@ -706,12 +714,12 @@ The path part of a POP3 request specifies the mailbox (message) to retrieve.
 If the mailbox is not specified then a list of waiting messages is returned
 instead.

-pop3://user:password@mail.domain.com - This lists the available messages
-pop3://user:password@mail.domain.com/1 - This retrieves the first message
+pop3://user:password@mail.example.com - This lists the available messages
+pop3://user:password@mail.example.com/1 - This retrieves the first message

 .B SCP

-The path part of an SCP request specifies the file to retrieve and from what
+The path part of a SCP request specifies the file to retrieve and from what
 directory. The file part may not be omitted. The file is taken as an absolute
 path from the root directory on the server. To specify a path relative to
 the user's home directory on the server, prepend ~/ to the path portion.
@@ -725,7 +733,7 @@ user's home directory on the server

 .B SFTP

-The path part of an SFTP request specifies the file to retrieve and from what
+The path part of a SFTP request specifies the file to retrieve and from what
 directory. If the file part is omitted then libcurl downloads the directory
 listing for the directory specified.  If the path ends in a / then a directory
 listing is returned instead of a file.  If the path is omitted entirely then
@@ -742,6 +750,26 @@ user's home directory
 sftp://ssh.example.com/~/Documents/ - This requests a directory listing
 of the Documents directory under the user's home directory

+.B LDAP
+
+The path part of a LDAP request can be used to specify the: Distinguished
+Name, Attributes, Scope, Filter and Extension for a LDAP search. Each field
+is separated by a question mark and when that field is not required an empty
+string with the question mark separator should be included.
+
+ldap://ldap.example.com/o=My%20Organisation - This will perform a LDAP search
+with the DN as My Organisation.
+
+ldap://ldap.example.com/o=My%20Organisation?postalAddress - This will perform
+the same search but will only return postalAddress attributes.
+
+ldap://ldap.example.com/?rootDomainNamingContext - This specifies an empty DN
+and requests information about the rootDomainNamingContext attribute for an
+Active Directory server.
+
+For more information about the individual components of a LDAP URL please
+see RFC4516.
+
 .B NOTES

 Starting with version 7.20.0, the fragment part of the URI will not be sent as
@@ -778,7 +806,7 @@ proxy's port number may optionally be specified with the separate option. If
 not specified, libcurl will default to using port 1080 for proxies.
 \fICURLOPT_PROXYPORT\fP.

-When you tell the library to use an HTTP proxy, libcurl will transparently
+When you tell the library to use a HTTP proxy, libcurl will transparently
 convert operations to HTTP even if you specify an FTP URL etc. This may have
 an impact on what other features of the library you can use, such as
 \fICURLOPT_QUOTE\fP and similar FTP specifics that don't work unless you
@@ -808,7 +836,7 @@ specified in the proxy string \fICURLOPT_PROXY\fP.
 .IP CURLOPT_PROXYTYPE
 Pass a long with this option to set type of the proxy. Available options for
 this are \fICURLPROXY_HTTP\fP, \fICURLPROXY_HTTP_1_0\fP (added in 7.19.4),
-\fICURLPROXY_SOCKS4\fP (added in 7.15.2), \fICURLPROXY_SOCKS5\fP,
+\fICURLPROXY_SOCKS4\fP (added in 7.10), \fICURLPROXY_SOCKS5\fP,
 \fICURLPROXY_SOCKS4A\fP (added in 7.18.0) and \fICURLPROXY_SOCKS5_HOSTNAME\fP
 (added in 7.18.0). The HTTP type is default. (Added in 7.10)

@@ -817,13 +845,14 @@ affect how libcurl speaks to a proxy when CONNECT is used. The HTTP version
 used for "regular" HTTP requests is instead controlled with
 \fICURLOPT_HTTP_VERSION\fP.
 .IP CURLOPT_NOPROXY
-Pass a pointer to a zero terminated string. The should be a comma separated
-list of hosts which do not use a proxy, if one is specified.  The only
-wildcard is a single * character, which matches all hosts, and effectively
-disables the proxy. Each name in this list is matched as either a domain which
-contains the hostname, or the hostname itself. For example, local.com would
-match local.com, local.com:80, and www.local.com, but not www.notlocal.com.
-(Added in 7.19.4)
+Pass a pointer to a zero terminated string. The string consists of a comma
+separated list of host names that do not require a proxy to get reached, even
+if one is specified.  The only wildcard available is a single * character,
+which matches all hosts, and effectively disables the proxy. Each name in this
+list is matched as either a domain which contains the hostname, or the
+hostname itself. For example, example.com would match example.com,
+example.com:80, and www.example.com, but not www.notanexample.com.  (Added in
+7.19.4)
 .IP CURLOPT_HTTPPROXYTUNNEL
 Set the parameter to 1 to make the library tunnel all operations through a
 given HTTP proxy. There is a big difference between using a proxy and to
@@ -835,7 +864,7 @@ default service name for a SOCKS5 server is rcmd/server-fqdn. This option
 allows you to change it. (Added in 7.19.4)
 .IP CURLOPT_SOCKS5_GSSAPI_NEC
 Pass a long set to 1 to enable or 0 to disable. As part of the gssapi
-negotiation a protection mode is negotiated. The rfc1961 says in section
+negotiation a protection mode is negotiated. The RFC1961 says in section
 4.3/4.4 it should be protected, but the NEC reference implementation does not.
 If enabled, this option allows the unprotected exchange of the protection mode
 negotiation. (Added in 7.19.4).
@@ -858,7 +887,7 @@ connection. This can be used in combination with \fICURLOPT_INTERFACE\fP and
 you are recommended to use \fICURLOPT_LOCALPORTRANGE\fP as well when this is
 set. Valid port numbers are 1 - 65535. (Added in 7.15.2)
 .IP CURLOPT_LOCALPORTRANGE
-Pass a long. This is the number of attempts libcurl should make to find a
+Pass a long. This is the number of attempts libcurl will make to find a
 working local port number. It starts with the given \fICURLOPT_LOCALPORT\fP
 and adds one to the number for each retry. Setting this to 1 or below will
 make libcurl do only one try for the exact port number. Port numbers by nature
@@ -897,24 +926,37 @@ only makes sense to use this option if you want it smaller.
 Pass a long specifying what remote port number to connect to, instead of the
 one specified in the URL or the default port for the used protocol.
 .IP CURLOPT_TCP_NODELAY
-Pass a long specifying whether the TCP_NODELAY option should be set or
-cleared (1 = set, 0 = clear). The option is cleared by default. This
-will have no effect after the connection has been established.
+Pass a long specifying whether the TCP_NODELAY option is to be set or cleared
+(1 = set, 0 = clear). The option is cleared by default. This will have no
+effect after the connection has been established.

-Setting this option will disable TCP's Nagle algorithm. The purpose of
-this algorithm is to try to minimize the number of small packets on
-the network (where "small packets" means TCP segments less than the
-Maximum Segment Size (MSS) for the network).
+Setting this option will disable TCP's Nagle algorithm. The purpose of this
+algorithm is to try to minimize the number of small packets on the network
+(where "small packets" means TCP segments less than the Maximum Segment Size
+(MSS) for the network).

 Maximizing the amount of data sent per TCP segment is good because it
-amortizes the overhead of the send. However, in some cases (most
-notably telnet or rlogin) small segments may need to be sent
-without delay. This is less efficient than sending larger amounts of
-data at a time, and can contribute to congestion on the network if
-overdone.
+amortizes the overhead of the send. However, in some cases (most notably
+telnet or rlogin) small segments may need to be sent without delay. This is
+less efficient than sending larger amounts of data at a time, and can
+contribute to congestion on the network if overdone.
 .IP CURLOPT_ADDRESS_SCOPE
 Pass a long specifying the scope_id value to use when connecting to IPv6
 link-local or site-local addresses. (Added in 7.19.0)
+.IP CURLOPT_TCP_KEEPALIVE
+Pass a long. If set to 1, TCP keepalive probes will be sent. The delay and
+frequency of these probes can be controlled by the \fICURLOPT_TCP_KEEPIDLE\fP
+and \fICURLOPT_TCP_KEEPINTVL\fP options, provided the operating system supports
+them. Set to 0 (default behavior) to disable keepalive probes (Added in
+7.25.0).
+.IP CURLOPT_TCP_KEEPIDLE
+Pass a long. Sets the delay, in seconds, that the operating system will wait
+while the connection is idle before sending keepalive probes. Not all operating
+systems support this option. (Added in 7.25.0)
+.IP CURLOPT_TCP_KEEPINTVL
+Pass a long. Sets the interval, in seconds, that the operating system will wait
+between sending keepalive probes. Not all operating systems support this
+option. (Added in 7.25.0)
 .SH NAMES and PASSWORDS OPTIONS (Authentication)
 .IP CURLOPT_NETRC
 This parameter controls the preference of libcurl between using user names and
@@ -1047,8 +1089,8 @@ HTTP NTLM authentication. A proprietary protocol invented and used by
 Microsoft. It uses a challenge-response and hash concept similar to Digest, to
 prevent the password from being eavesdropped.

-You need to build libcurl with OpenSSL support for this option to work, or
-build libcurl on Windows.
+You need to build libcurl with either OpenSSL, GnuTLS or NSS support for this
+option to work, or build libcurl on Windows.
 .IP CURLAUTH_NTLM_WB
 NTLM delegating to winbind helper. Authentication is performed by a separate
 binary application that is executed when needed. The name of the application
@@ -1082,7 +1124,7 @@ authentication method(s) you want it to use for TLS authentication.
 .RS
 .IP CURLOPT_TLSAUTH_SRP
 TLS-SRP authentication. Secure Remote Password authentication for TLS is
-defined in RFC 5054 and provides mutual authentication if both sides have a
+defined in RFC5054 and provides mutual authentication if both sides have a
 shared secret. To use TLS-SRP, you must also set the
 \fICURLOPT_TLSAUTH_USERNAME\fP and \fICURLOPT_TLSAUTH_PASSWORD\fP options.

@@ -1115,7 +1157,7 @@ Pass a parameter set to 1 to enable this. When enabled, libcurl will
 automatically set the Referer: field in requests where it follows a Location:
 redirect.
 .IP CURLOPT_ACCEPT_ENCODING
-Sets the contents of the Accept-Encoding: header sent in an HTTP request, and
+Sets the contents of the Accept-Encoding: header sent in a HTTP request, and
 enables decoding of a response when a Content-Encoding: header is received.
 Three encodings are supported: \fIidentity\fP, which does nothing,
 \fIdeflate\fP which requests the server to compress its response using the
@@ -1131,8 +1173,8 @@ the server is ignored. See the special file lib/README.encoding for details.
 .IP CURLOPT_TRANSFER_ENCODING
 Adds a request for compressed Transfer Encoding in the outgoing HTTP
 request. If the server supports this and so desires, it can respond with the
-HTTP resonse sent using a compressed Transfer-Encoding that will be
-automatically uncompressed by libcurl on receival.
+HTTP response sent using a compressed Transfer-Encoding that will be
+automatically uncompressed by libcurl on reception.

 Transfer-Encoding differs slightly from the Content-Encoding you ask for with
 \fBCURLOPT_ACCEPT_ENCODING\fP in that a Transfer-Encoding is strictly meant to
@@ -1143,7 +1185,7 @@ by both HTTP clients and HTTP servers.
 (Added in 7.21.6)
 .IP CURLOPT_FOLLOWLOCATION
 A parameter set to 1 tells the library to follow any Location: header that the
-server sends as part of an HTTP header.
+server sends as part of a HTTP header.

 This means that the library will re-send the same request on the new location
 and follow new Location: headers all the way until no more such headers are
@@ -1166,19 +1208,20 @@ Setting the limit to 0 will make libcurl refuse any redirect. Set it to -1 for
 an infinite number of redirects (which is the default)
 .IP CURLOPT_POSTREDIR
 Pass a bitmask to control how libcurl acts on redirects after POSTs that get a
-301 or 302 response back.  A parameter with bit 0 set (value
-\fBCURL_REDIR_POST_301\fP) tells the library to respect RFC 2616/10.3.2 and
-not convert POST requests into GET requests when following a 301
-redirection. Setting bit 1 (value CURL_REDIR_POST_302) makes libcurl maintain
-the request method after a 302 redirect. CURL_REDIR_POST_ALL is a convenience
-define that sets both bits.
+301, 302 or 303 response back.  A parameter with bit 0 set (value
+\fBCURL_REDIR_POST_301\fP) tells the library to respect RFC2616/10.3.2 and not
+convert POST requests into GET requests when following a 301 redirection.
+Setting bit 1 (value \fBCURL_REDIR_POST_302\fP) makes libcurl maintain the
+request method after a 302 redirect whilst setting bit 2 (value
+\fBCURL_REDIR_POST_303\fP) makes libcurl maintain the request method after a
+303 redirect. The value \fBCURL_REDIR_POST_ALL\fP is a convenience define that
+sets all three bits.

 The non-RFC behaviour is ubiquitous in web browsers, so the library does the
 conversion by default to maintain consistency. However, a server may require a
 POST to remain a POST after such a redirection. This option is meaningful only
 when setting \fICURLOPT_FOLLOWLOCATION\fP.  (Added in 7.17.1) (This option was
-known as CURLOPT_POST301 up to 7.19.0 as it only supported the 301 way before
-then)
+known as CURLOPT_POST301 up to 7.19.0 as it only supported the 301 then)
 .IP CURLOPT_PUT
 A parameter set to 1 tells the library to use HTTP PUT to transfer data. The
 data should be set with \fICURLOPT_READDATA\fP and \fICURLOPT_INFILESIZE\fP.
@@ -1223,7 +1266,7 @@ If you issue a POST request and then want to make a HEAD or GET using the same
 re-used handle, you must explicitly set the new request type using
 \fICURLOPT_NOBODY\fP or \fICURLOPT_HTTPGET\fP or similar.
 .IP CURLOPT_POSTFIELDS
-Pass a void * as parameter, which should be the full data to post in an HTTP
+Pass a void * as parameter, which should be the full data to post in a HTTP
 POST operation. You must make sure that the data is formatted the way you want
 the server to receive it. libcurl will not convert or encode it for you. Most
 web servers will assume this data to be url-encoded.
@@ -1258,7 +1301,7 @@ Pass a curl_off_t as parameter. Use this to set the size of the
 data to figure out the size. This is the large file version of the
 \fICURLOPT_POSTFIELDSIZE\fP option. (Added in 7.11.1)
 .IP CURLOPT_COPYPOSTFIELDS
-Pass a char * as parameter, which should be the full data to post in an HTTP
+Pass a char * as parameter, which should be the full data to post in a HTTP
 POST operation. It behaves as the \fICURLOPT_POSTFIELDS\fP option, but the
 original data are copied by the library, allowing the application to overwrite
 the original data after setting this option.
@@ -1430,32 +1473,55 @@ transfer decoding will be disabled, if set to 1 it is enabled
 option is set to zero. (added in 7.16.2)
 .SH SMTP OPTIONS
 .IP CURLOPT_MAIL_FROM
-Pass a pointer to a zero terminated string as parameter. It will be used to
-specify the sender address in a mail when sending an SMTP mail with libcurl.
+Pass a pointer to a zero terminated string as parameter. This should be used
+to specify the sender's email address when sending SMTP mail with libcurl.

-An originator email address in SMTP lingo is specified within angle brackets
-(<>) which libcurl will not add for you before version 7.21.4. Failing to
-provide such brackets may cause the server to reject your mail.
+An originator email address should be specified with angled brackets (<>)
+around it, which if not specified, will be added by libcurl from version
+7.21.4 onwards. Failing to provide such brackets may cause the server to
+reject the email.
+
+If this parameter is not specified then an empty address will be sent to the
+mail server which may or may not cause the email to be rejected.

 (Added in 7.20.0)
 .IP CURLOPT_MAIL_RCPT
 Pass a pointer to a linked list of recipients to pass to the server in your
-SMTP mail request.  The linked list should be a fully valid list of \fBstruct
+SMTP mail request. The linked list should be a fully valid list of \fBstruct
 curl_slist\fP structs properly filled in. Use \fIcurl_slist_append(3)\fP to
 create the list and \fIcurl_slist_free_all(3)\fP to clean up an entire list.

-Each recipient in SMTP lingo is specified with angle brackets (<>), but should
-you not use an angle bracket as first letter libcurl will assume you provide a
-single email address only and enclose that with angle brackets for you.
+Each recipient should be specified within a pair of angled brackets (<>),
+however, should you not use an angled bracket as the first character libcurl
+will assume you provided a single email address and enclose that address
+within brackets for you.

 (Added in 7.20.0)
+.IP CURLOPT_MAIL_AUTH
+Pass a pointer to a zero terminated string as parameter. This will be used
+to specify the authentication address (identity) of a submitted message that
+is being relayed to another server.
+
+This optional parameter allows co-operating agents in a trusted environment to
+communicate the authentication of individual messages and should only be used
+by the application program, using libcurl, if the application is itself a
+mail server acting in such an environment. If the application is operating as
+such and the AUTH address is not known or is invalid, then an empty string
+should be used for this parameter.
+
+Unlike CURLOPT_MAIL_FROM and CURLOPT_MAIL_RCPT, the address should not be
+specified within a pair of angled brackets (<>). However, if an empty string
+is used then a pair of brackets will be sent by libcurl as required by
+RFC2554.
+
+(Added in 7.25.0)
 .SH TFTP OPTIONS
 .IP CURLOPT_TFTP_BLKSIZE
-Specify block size to use for TFTP data transmission. Valid range as per RFC
-2348 is 8-65464 bytes. The default of 512 bytes will be used if this option is
-not specified. The specified block size will only be used pending support by
-the remote server. If the server does not return an option acknowledgement or
-returns an option acknowledgement with no blksize, the default of 512 bytes
+Specify block size to use for TFTP data transmission. Valid range as per
+RFC2348 is 8-65464 bytes. The default of 512 bytes will be used if this option
+is not specified. The specified block size will only be used pending support
+by the remote server. If the server does not return an option acknowledgement
+or returns an option acknowledgement with no blksize, the default of 512 bytes
 will be used. (added in 7.19.4)
 .SH FTP OPTIONS
 .IP CURLOPT_FTPPORT
@@ -1515,7 +1581,7 @@ Pass a pointer to a linked list of FTP commands to pass to the server after
 the transfer type is set. The linked list should be a fully valid list of
 struct curl_slist structs properly filled in as described for
 \fICURLOPT_QUOTE\fP. Disable this operation again by setting a NULL to this
-option. Before version 7.15.6, if you also set \fICURLOPT_NOBODY\fP to 1, this
+option. Before version 7.16.0, if you also set \fICURLOPT_NOBODY\fP to 1, this
 option didn't work.
 .IP CURLOPT_DIRLISTONLY
 A parameter set to 1 tells the library to just list the names of files in a
@@ -1570,7 +1636,7 @@ already exists or lack of permissions prevents creation. (Added in 7.16.3)

 Starting with 7.19.4, you can also set this value to 2, which will make
 libcurl retry the CWD command again if the subsequent MKD command fails. This
-is especially useful if you're doing many simultanoes connections against the
+is especially useful if you're doing many simultaneous connections against the
 same server and they all have this option enabled, as then CWD may first fail
 but then another connection does MKD before this connection and thus MKD fails
 but trying CWD works! 7.19.4 also introduced the \fICURLFTP_CREATE_DIR\fP and
@@ -1657,7 +1723,7 @@ initialized. (Added in 7.20.0)
 .RS
 .IP CURL_RTSPREQ_OPTIONS
 Used to retrieve the available methods of the server. The application is
-responsbile for parsing and obeying the response. \fB(The session ID is not
+responsible for parsing and obeying the response. \fB(The session ID is not
 needed for this method.)\fP  (Added in 7.20.0)
 .IP CURL_RTSPREQ_DESCRIBE
 Used to get the low level description of a stream. The application should note
@@ -1670,7 +1736,7 @@ needed for this method)\fP  (Added in 7.20.0)
 When sent by a client, this method changes the description of the session. For
 example, if a client is using the server to record a meeting, the client can
 use Announce to inform the server of all the meta-information about the
-session.  ANNOUNCE acts like an HTTP PUT or POST just like
+session.  ANNOUNCE acts like a HTTP PUT or POST just like
 \fICURL_RTSPREQ_SET_PARAMETER\fP (Added in 7.20.0)
 .IP CURL_RTSPREQ_SETUP
 Setup is used to initialize the transport layer for the session. The
@@ -1693,7 +1759,7 @@ different connections.  (Added in 7.20.0)
 .IP CURL_RTSPREQ_GET_PARAMETER
 Retrieve a parameter from the server. By default, libcurl will automatically
 include a \fIContent-Type: text/parameters\fP header on all non-empty requests
-unless a custom one is set. GET_PARAMETER acts just like an HTTP PUT or POST
+unless a custom one is set. GET_PARAMETER acts just like a HTTP PUT or POST
 (see \fICURL_RTSPREQ_SET_PARAMETER\fP).
 Applications wishing to send a heartbeat message (e.g. in the presence of a
 server-specified timeout) should send use an empty GET_PARAMETER request.
@@ -1701,9 +1767,9 @@ server-specified timeout) should send use an empty GET_PARAMETER request.
 .IP CURL_RTSPREQ_SET_PARAMETER
 Set a parameter on the server. By default, libcurl will automatically include
 a \fIContent-Type: text/parameters\fP header unless a custom one is set. The
-interaction with SET_PARAMTER is much like an HTTP PUT or POST. An application
-may either use \fICURLOPT_UPLOAD\fP with \fICURLOPT_READDATA\fP like an HTTP
-PUT, or it may use \fICURLOPT_POSTFIELDS\fP like an HTTP POST. No chunked
+interaction with SET_PARAMTER is much like a HTTP PUT or POST. An application
+may either use \fICURLOPT_UPLOAD\fP with \fICURLOPT_READDATA\fP like a HTTP
+PUT, or it may use \fICURLOPT_POSTFIELDS\fP like a HTTP POST. No chunked
 transfers are allowed, so the application must set the
 \fICURLOPT_INFILESIZE\fP in the former and \fICURLOPT_POSTFIELDSIZE\fP in the
 latter. Also, there is no use of multi-part POSTs within RTSP. (Added in
@@ -1765,7 +1831,7 @@ over FTP. This is a known limitation/flaw that nobody has rectified. libcurl
 simply sets the mode to ASCII and performs a standard transfer.
 .IP CURLOPT_PROXY_TRANSFER_MODE
 Pass a long. If the value is set to 1 (one), it tells libcurl to set the
-transfer mode (binary or ASCII) for FTP transfers done via an HTTP proxy, by
+transfer mode (binary or ASCII) for FTP transfers done via a HTTP proxy, by
 appending ;type=a or ;type=i to the URL. Without this setting, or it being set
 to 0 (zero, the default), \fICURLOPT_TRANSFERTEXT\fP has no effect when doing
 FTP via a proxy. Beware that not all proxies support this feature.  (Added in
@@ -1780,7 +1846,7 @@ want. It should be in the format "X-Y", where X or Y may be left out. HTTP
 transfers also support several intervals, separated with commas as in
 \fI"X-Y,N-M"\fP. Using this kind of multiple intervals will cause the HTTP
 server to send the response document in pieces (using standard MIME separation
-techniques). For RTSP, the formatting of a range should follow RFC 2326
+techniques). For RTSP, the formatting of a range should follow RFC2326
 Section 12.29. For RTSP, byte ranges are \fBnot\fP permitted. Instead, ranges
 should be given in npt, utc, or smpte formats.

@@ -1802,33 +1868,45 @@ source file to the remote target file.
 Pass a curl_off_t as parameter. It contains the offset in number of bytes that
 you want the transfer to start from. (Added in 7.11.0)
 .IP CURLOPT_CUSTOMREQUEST
-Pass a pointer to a zero terminated string as parameter. It will be used
-instead of GET or HEAD when doing an HTTP request, or instead of LIST or NLST
-when doing a FTP directory listing. This is useful for doing DELETE or other
-more or less obscure HTTP requests. Don't do this at will, make sure your
-server supports the command first.
+Pass a pointer to a zero terminated string as parameter. It can be used to
+specify the request instead of GET or HEAD when performing HTTP based
+requests, instead of LIST and NLST when performing FTP directory listings and
+instead of LIST and RETR when issuing POP3 based commands. This is
+particularly useful, for example, for performing a HTTP DELETE request or a
+POP3 DELE command.
+
+Please don't perform this at will, on HTTP based requests, by making sure
+your server supports the command you are sending first.
 
 When you change the request method by setting \fBCURLOPT_CUSTOMREQUEST\fP to
-something, you don't actually change how libcurl behaves or acts in regards to
-the particular request method, it will only change the actual string sent in
-the request.
+something, you don't actually change how libcurl behaves or acts in regards
+to the particular request method, it will only change the actual string sent
+in the request.

-For example: if you tell libcurl to do a HEAD request, but then change the
-request to a "GET" with \fBCURLOPT_CUSTOMREQUEST\fP you'll still see libcurl
-act as if it sent a HEAD even when it does send a GET.
+For example:

-To switch to a proper HEAD, use \fICURLOPT_NOBODY\fP, to switch to a proper
-POST, use \fICURLOPT_POST\fP or \fICURLOPT_POSTFIELDS\fP and so on.
+With the HTTP protocol when you tell libcurl to do a HEAD request, but then
+specify a GET though a custom request libcurl will still act as if it sent a
+HEAD. To switch to a proper HEAD use \fICURLOPT_NOBODY\fP, to switch to a
+proper POST use \fICURLOPT_POST\fP or \fICURLOPT_POSTFIELDS\fP and to switch
+to a proper GET use CURLOPT_HTTPGET.
+
+With the POP3 protocol when you tell libcurl to use a custom request it will
+behave like a LIST or RETR command was sent where it expects data to be
+returned by the server. As such \fICURLOPT_NOBODY\fP should be used when
+specifying commands such as DELE and NOOP for example.

 Restore to the internal default by setting this to NULL.

 Many people have wrongly used this option to replace the entire request with
-their own, including multiple headers and POST contents. While that might work
-in many cases, it will cause libcurl to send invalid requests and it could
-possibly confuse the remote server badly. Use \fICURLOPT_POST\fP and
+their own, including multiple headers and POST contents. While that might
+work in many cases, it will cause libcurl to send invalid requests and it
+could possibly confuse the remote server badly. Use \fICURLOPT_POST\fP and
 \fICURLOPT_POSTFIELDS\fP to set POST data. Use \fICURLOPT_HTTPHEADER\fP to
 replace or extend the set of headers sent by libcurl. Use
 \fICURLOPT_HTTP_VERSION\fP to change HTTP version.
+
+(Support for POP3 added in 7.26.0)
 .IP CURLOPT_FILETIME
 Pass a long. If it is 1, libcurl will attempt to get the modification date of
 the remote document in this operation. This requires that the remote server
@@ -1837,11 +1915,11 @@ sends the time or replies to a time querying command. The
 can be used after a transfer to extract the received time (if any).
 .IP CURLOPT_NOBODY
 A parameter set to 1 tells the library to not include the body-part in the
-output. This is only relevant for protocols that have separate header and body
-parts. On HTTP(S) servers, this will make libcurl do a HEAD request.
+output. This is only relevant for protocols that have separate header and
+body parts. On HTTP(S) servers, this will make libcurl do a HEAD request.

-To change request to GET, you should use \fICURLOPT_HTTPGET\fP. Change request
-to POST with \fICURLOPT_POST\fP etc.
+To change request to GET, you should use \fICURLOPT_HTTPGET\fP. Change
+request to POST with \fICURLOPT_POST\fP etc.
 .IP CURLOPT_INFILESIZE
 When uploading a file to a remote site, this option should be used to tell
 libcurl what the expected size of the infile is. This value should be passed
@@ -1921,6 +1999,8 @@ SIGALRM to enable time-outing system calls.

 In unix-like systems, this might cause signals to be used unless
 \fICURLOPT_NOSIGNAL\fP is set.
+
+Default timeout is 0 (zero) which means it never times out.
 .IP CURLOPT_TIMEOUT_MS
 Like \fICURLOPT_TIMEOUT\fP but takes number of milliseconds instead. If
 libcurl is built to use the standard system name resolver, that portion
@@ -2146,7 +2226,7 @@ Pass a long as parameter. By default, curl assumes a value of 1.
 This option determines whether curl verifies the authenticity of the peer's
 certificate. A value of 1 means curl verifies; 0 (zero) means it doesn't.

-When negotiating an SSL connection, the server sends a certificate indicating
+When negotiating a SSL connection, the server sends a certificate indicating
 its identity.  Curl verifies whether the certificate is authentic, i.e. that
 you can trust that the server is who the certificate says it is.  This trust
 is based on a chain of digital signatures, rooted in certification authority
@@ -2295,6 +2375,16 @@ this to 1 to enable it. By default all transfers are done using the
 cache. While nothing ever should get hurt by attempting to reuse SSL
 session-IDs, there seem to be broken SSL implementations in the wild that may
 require you to disable this in order for you to succeed. (Added in 7.16.0)
+.IP CURLOPT_SSL_OPTIONS
+Pass a long with a bitmask to tell libcurl about specific SSL behaviors.
+
+CURLSSLOPT_ALLOW_BEAST is the only supported bit and by setting this the user
+will tell libcurl to not attempt to use any workarounds for a security flaw
+in the SSL3 and TLS1.0 protocols.  If this option isn't used or this bit is
+set to 0, the SSL layer libcurl uses may use a work-around for this flaw
+although it might cause interoperability problems with some (older) SSL
+implementations. WARNING: avoiding this work-around loosens the security, and
+by setting this option to 1 you ask for exactly that. (Added in 7.25.0)
 .IP CURLOPT_KRBLEVEL
 Pass a char * as parameter. Set the kerberos security level for FTP; this also
 enables kerberos awareness.  This is a string, \&'clear', \&'safe',
@@ -2315,8 +2405,8 @@ GSS_C_DELEG_POLICY_FLAG was available at compile-time.
 .IP CURLOPT_SSH_AUTH_TYPES
 Pass a long set to a bitmask consisting of one or more of
 CURLSSH_AUTH_PUBLICKEY, CURLSSH_AUTH_PASSWORD, CURLSSH_AUTH_HOST,
-CURLSSH_AUTH_KEYBOARD. Set CURLSSH_AUTH_ANY to let libcurl pick one.
-(Added in 7.16.1)
+CURLSSH_AUTH_KEYBOARD. Set CURLSSH_AUTH_ANY to let libcurl pick one. Currently
+CURLSSH_AUTH_HOST has no effect. (Added in 7.16.1)
 .IP CURLOPT_SSH_HOST_PUBLIC_KEY_MD5
 Pass a char * pointing to a string containing 32 hexadecimal digits. The
 string should be the 128 bit MD5 checksum of the remote host's public key, and
@@ -2327,6 +2417,9 @@ Pass a char * pointing to a file name for your public key. If not used,
 libcurl defaults to \fB$HOME/.ssh/id_dsa.pub\fP if the HOME environment
 variable is set, and just "id_dsa.pub" in the current directory if HOME is not
 set.  (Added in 7.16.1)
+If an empty string is passed, libcurl will pass no public key to libssh2
+which then tries to compute it from the private key, this is known to work
+when libssh2 1.4.0+ is linked against OpenSSL. (Added in 7.26.0)
 .IP CURLOPT_SSH_PRIVATE_KEYFILE
 Pass a char * pointing to a file name for your private key. If not used,
 libcurl defaults to \fB$HOME/.ssh/id_dsa\fP if the HOME environment variable
--- a/docs/libcurl/curl_global_init.3
+++ b/docs/libcurl/curl_global_init.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -66,6 +66,10 @@ Initialize the Win32 socket libraries.
 .TP
 .B CURL_GLOBAL_NOTHING
 Initialise nothing extra. This sets no bit.
+.TP
+.B CURL_GLOBAL_DEFAULT
+A sensible default. It will init both SSL and Win32. Right now, this equals
+the functionality of the \fBCURL_GLOBAL_ALL\fP mask.
 .SH RETURN VALUE
 If this function returns non-zero, something went wrong and you cannot use the
 other curl functions.
--- a/docs/libcurl/curl_multi_socket_action.3
+++ b/docs/libcurl/curl_multi_socket_action.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -132,8 +132,8 @@ timeout value to use when waiting for socket activities.
 them for activity. This can be done through your application code, or by way
 of an external library such as libevent or glib.

-6. Call curl_multi_socket_action() to kickstart everything. To get one or more
-callbacks called.
+6. Call curl_multi_socket_action(...CURL_SOCKET_TIMEOUT...) to kickstart
+everything. To get one or more callbacks called.

 7. Wait for activity on any of libcurl's sockets, use the timeout value your
 callback has been told
--- a/docs/libcurl/curl_share_setopt.3
+++ b/docs/libcurl/curl_share_setopt.3
@@ -65,7 +65,7 @@ object. Note that when you use the multi interface, all easy handles added to
 the same multi handle will share DNS cache by default without this having to
 be used!
 .IP CURL_LOCK_DATA_SSL_SESSION
-SSL session IDs will be shared accross the easy handles using this shared
+SSL session IDs will be shared across the easy handles using this shared
 object. This will reduce the time spent in the SSL handshake when reconnecting
 to the same server. Note SSL session IDs are reused within the same easy handle
 by default.
--- a/docs/libcurl/libcurl-errors.3
+++ b/docs/libcurl/libcurl-errors.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -81,11 +81,6 @@ either a PASV or a EPSV command. The server is flawed.
 .IP "CURLE_FTP_WEIRD_227_FORMAT (14)"
 FTP servers return a 227-line as a response to a PASV command. If libcurl
 fails to parse that line, this return code is passed back.
-.IP "CURLE_FTP_PRET_FAILED (84)"
-The FTP server does not understand the PRET command at all or does not support
-the given argument. Be careful when using \fICURLOPT_CUSTOMREQUEST\fP, a
-custom LIST command will be sent with PRET CMD before PASV as well. (Added in
-7.20.0)
 .IP "CURLE_FTP_CANT_GET_HOST (15)"
 An internal failure to lookup the host used for the new connection.
 .IP "CURLE_FTP_COULDNT_SET_TYPE (17)"
@@ -233,7 +228,10 @@ Failed to load CRL file (Added in 7.19.0)
 .IP "CURLE_SSL_ISSUER_ERROR (83)"
 Issuer check failed (Added in 7.19.0)
 .IP "CURLE_FTP_PRET_FAILED (84)"
-PRET command failed
+The FTP server does not understand the PRET command at all or does not support
+the given argument. Be careful when using \fICURLOPT_CUSTOMREQUEST\fP, a
+custom LIST command will be sent with PRET CMD before PASV as well. (Added in
+7.20.0)
 .IP "CURLE_RTSP_CSEQ_ERROR (85)"
 Mismatch of RTSP CSeq numbers.
 .IP "CURLE_RTSP_SESSION_ERROR (86)"
@@ -250,7 +248,10 @@ This is the generic return code used by functions in the libcurl multi
 interface. Also consider \fIcurl_multi_strerror(3)\fP.
 .IP "CURLM_CALL_MULTI_PERFORM (-1)"
 This is not really an error. It means you should call
-\fIcurl_multi_perform(3)\fP again without doing select() or similar in between.
+\fIcurl_multi_perform(3)\fP again without doing select() or similar in
+between. Before version 7.20.0 this could be returned by
+\fIcurl_multi_perform(3)\fP, but in later versions this return code is never
+used.
 .IP "CURLM_OK (0)"
 Things are fine.
 .IP "CURLM_BAD_HANDLE (1)"
@@ -284,5 +285,5 @@ An invalid share object was passed to the function.
 Not enough memory was available.
 (Added in 7.12.0)
 .IP "CURLSHE_NOT_BUILT_IN (5)"
-The requsted sharing could not be done because the library you use don't have
+The requested sharing could not be done because the library you use don't have
 that particular feature enabled. (Added in 7.23.0)
--- a/docs/libcurl/symbols-in-versions
+++ b/docs/libcurl/symbols-in-versions
@@ -384,6 +384,7 @@ CURLOPT_LOCALPORT               7.15.2
 CURLOPT_LOCALPORTRANGE          7.15.2
 CURLOPT_LOW_SPEED_LIMIT         7.1
 CURLOPT_LOW_SPEED_TIME          7.1
+CURLOPT_MAIL_AUTH               7.25.0
 CURLOPT_MAIL_FROM               7.20.0
 CURLOPT_MAIL_RCPT               7.20.0
 CURLOPT_MAXCONNECTS             7.7
@@ -407,7 +408,7 @@ CURLOPT_OPENSOCKETFUNCTION      7.17.1
 CURLOPT_PASSWDDATA              7.4.2         7.11.1      7.15.5
 CURLOPT_PASSWDFUNCTION          7.4.2         7.11.1      7.15.5
 CURLOPT_PASSWORD                7.19.1
-CURLOPT_PASV_HOST               7.12.1        7.15.6      7.15.5
+CURLOPT_PASV_HOST               7.12.1        7.16.0      7.15.5
 CURLOPT_PORT                    7.1
 CURLOPT_POST                    7.1
 CURLOPT_POST301                 7.17.1        7.19.1
@@ -482,10 +483,14 @@ CURLOPT_SSLVERSION              7.1
 CURLOPT_SSL_CIPHER_LIST         7.9
 CURLOPT_SSL_CTX_DATA            7.10.6
 CURLOPT_SSL_CTX_FUNCTION        7.10.6
+CURLOPT_SSL_OPTIONS             7.25.0
 CURLOPT_SSL_SESSIONID_CACHE     7.16.0
 CURLOPT_SSL_VERIFYHOST          7.8.1
 CURLOPT_SSL_VERIFYPEER          7.4.2
 CURLOPT_STDERR                  7.1
+CURLOPT_TCP_KEEPALIVE           7.25.0
+CURLOPT_TCP_KEEPIDLE            7.25.0
+CURLOPT_TCP_KEEPINTVL           7.25.0
 CURLOPT_TCP_NODELAY             7.11.2
 CURLOPT_TELNETOPTIONS           7.7
 CURLOPT_TFTP_BLKSIZE            7.19.4
@@ -562,7 +567,7 @@ CURLSHOPT_SHARE                 7.10.3
 CURLSHOPT_UNLOCKFUNC            7.10.3
 CURLSHOPT_UNSHARE               7.10.3
 CURLSHOPT_USERDATA              7.10.3
-CURLSOCKTYPE_IPCXN              7.15.6
+CURLSOCKTYPE_IPCXN              7.16.0
 CURLSSH_AUTH_ANY                7.16.1
 CURLSSH_AUTH_DEFAULT            7.16.1
 CURLSSH_AUTH_HOST               7.16.1
@@ -570,6 +575,7 @@ CURLSSH_AUTH_KEYBOARD           7.16.1
 CURLSSH_AUTH_NONE               7.16.1
 CURLSSH_AUTH_PASSWORD           7.16.1
 CURLSSH_AUTH_PUBLICKEY          7.16.1
+CURLSSLOPT_ALLOW_BEAST          7.25.0
 CURLUSESSL_ALL                  7.17.0
 CURLUSESSL_CONTROL              7.17.0
 CURLUSESSL_NONE                 7.17.0
@@ -643,6 +649,7 @@ CURL_READFUNC_PAUSE             7.18.0
 CURL_REDIR_GET_ALL              7.19.1
 CURL_REDIR_POST_301             7.19.1
 CURL_REDIR_POST_302             7.19.1
+CURL_REDIR_POST_303             7.25.1
 CURL_REDIR_POST_ALL             7.19.1
 CURL_RTSPREQ_ANNOUNCE           7.20.0
 CURL_RTSPREQ_DESCRIBE           7.20.0
--- a/docs/mk-ca-bundle.1
+++ b/docs/mk-ca-bundle.1
@@ -0,0 +1,51 @@
+.Dd April 27, 2012
+.Dt MK-CA-BUNDLE 1
+.Os
+.Sh NAME
+.Nm mk-ca-bundle
+.Nd create a new ca-bundle.crt from mozilla's certdata.txt
+.Sh SYNOPSIS
+.Nm
+.Op Fl bilnqtuv
+.Or outputfile
+.Sh DESCRIPTION
+The
+.Nm
+tool downloads the certdata.txt file from Mozilla's source tree, then
+parses certdata.txt and extracts CA Root Certificates into PEM format.
+These are then processed with the OpenSSL commandline tool to produce the
+final ca-bundle.crt file.
+.Sh OPTIONS
+The following options are supported by
+.Nm :
+.Bl -tag -width _h
+.It Fl b
+backup an existing version of ca-bundle.crt
+.It Fl i
+print version info about used modules
+.It Fl l
+print license info about certdata.txt
+.It Fl n
+no download of certdata.txt (to use existing)
+.It Fl q
+be really quiet (no progress output at all)
+.It Fl t
+include plain text listing of certificates
+.It Fl u
+unlink (remove) certdata.txt after processing
+.It Fl v
+be verbose and print out processed CAs
+.El
+.Sh EXIT STATUS
+.Ex -std
+.Sh SEE ALSO
+.Xr curl 1
+.Sh HISTORY
+.Nm
+was based on the parse-certs script written by
+.An Roland Krikava
+and hacked by
+.An Guenter Knauf .
+This manual page was written by
+.An Jan Schaumann
+.Aq jschauma@netmeister.org .
--- a/include/curl/.gitignore
+++ b/include/curl/.gitignore
@@ -1,3 +1,4 @@
 curlbuild.h
+stamp-h2
 stamp-h3
 curlver.h.dist
--- a/include/curl/curl.h
+++ b/include/curl/curl.h
@@ -598,18 +598,32 @@ typedef enum {
                                   in 7.18.0 */
 } curl_proxytype;  /* this enum was added in 7.10 */

-#define CURLAUTH_NONE         0       /* nothing */
-#define CURLAUTH_BASIC        (1<<0)  /* Basic (default) */
-#define CURLAUTH_DIGEST       (1<<1)  /* Digest */
-#define CURLAUTH_GSSNEGOTIATE (1<<2)  /* GSS-Negotiate */
-#define CURLAUTH_NTLM         (1<<3)  /* NTLM */
-#define CURLAUTH_DIGEST_IE    (1<<4)  /* Digest with IE flavour */
-#define CURLAUTH_NTLM_WB      (1<<5)  /* NTLM delegating to winbind helper */
-#define CURLAUTH_ONLY         (1<<31) /* used together with a single other
-                                         type to force no auth or just that
-                                         single type */
-#define CURLAUTH_ANY (~CURLAUTH_DIGEST_IE)  /* all fine types set */
-#define CURLAUTH_ANYSAFE (~(CURLAUTH_BASIC|CURLAUTH_DIGEST_IE))
+/*
+ * Bitmasks for CURLOPT_HTTPAUTH and CURLOPT_PROXYAUTH options:
+ *
+ * CURLAUTH_NONE         - No HTTP authentication
+ * CURLAUTH_BASIC        - HTTP Basic authentication (default)
+ * CURLAUTH_DIGEST       - HTTP Digest authentication
+ * CURLAUTH_GSSNEGOTIATE - HTTP GSS-Negotiate authentication
+ * CURLAUTH_NTLM         - HTTP NTLM authentication
+ * CURLAUTH_DIGEST_IE    - HTTP Digest authentication with IE flavour
+ * CURLAUTH_NTLM_WB      - HTTP NTLM authentication delegated to winbind helper
+ * CURLAUTH_ONLY         - Use together with a single other type to force no
+ *                         authentication or just that single type
+ * CURLAUTH_ANY          - All fine types set
+ * CURLAUTH_ANYSAFE      - All fine types except Basic
+ */
+
+#define CURLAUTH_NONE         ((unsigned long)0)
+#define CURLAUTH_BASIC        (((unsigned long)1)<<0)
+#define CURLAUTH_DIGEST       (((unsigned long)1)<<1)
+#define CURLAUTH_GSSNEGOTIATE (((unsigned long)1)<<2)
+#define CURLAUTH_NTLM         (((unsigned long)1)<<3)
+#define CURLAUTH_DIGEST_IE    (((unsigned long)1)<<4)
+#define CURLAUTH_NTLM_WB      (((unsigned long)1)<<5)
+#define CURLAUTH_ONLY         (((unsigned long)1)<<31)
+#define CURLAUTH_ANY          (~CURLAUTH_DIGEST_IE)
+#define CURLAUTH_ANYSAFE      (~(CURLAUTH_BASIC|CURLAUTH_DIGEST_IE))

 #define CURLSSH_AUTH_ANY       ~0     /* all types supported by the server */
 #define CURLSSH_AUTH_NONE      0      /* none allowed, silly but complete */
@@ -673,6 +687,15 @@ typedef enum {
  CURLUSESSL_LAST     /* not an option, never use */
 } curl_usessl;

+/* Definition of bits for the CURLOPT_SSL_OPTIONS argument: */
+
+/* - ALLOW_BEAST tells libcurl to allow the BEAST SSL vulnerability in the
+   name of improving interoperability with older servers. Some SSL libraries
+   have introduced work-arounds for this flaw but those work-arounds sometimes
+   make the SSL communication fail. To regain functionality with those broken
+   servers, a user can this way allow the vulnerability back. */
+#define CURLSSLOPT_ALLOW_BEAST (1<<0)
+
 #ifndef CURL_NO_OLDIES /* define this to test if your app builds with all
                          the obsolete stuff removed! */

@@ -1499,6 +1522,19 @@ typedef enum {
     of miliseconds. */
  CINIT(ACCEPTTIMEOUT_MS, LONG, 212),

+  /* Set TCP keepalive */
+  CINIT(TCP_KEEPALIVE, LONG, 213),
+
+  /* non-universal keepalive knobs (Linux, AIX, HP-UX, more) */
+  CINIT(TCP_KEEPIDLE, LONG, 214),
+  CINIT(TCP_KEEPINTVL, LONG, 215),
+
+  /* Enable/disable specific SSL features with a bitmask, see CURLSSLOPT_* */
+  CINIT(SSL_OPTIONS, LONG, 216),
+
+  /* set the SMTP auth originator */
+  CINIT(MAIL_AUTH, OBJECTPOINT, 217),
+
  CURLOPT_LASTENTRY /* the last unused */
 } CURLoption;

@@ -1602,13 +1638,16 @@ enum CURL_TLSAUTH {
 };

 /* symbols to use with CURLOPT_POSTREDIR.
-   CURL_REDIR_POST_301 and CURL_REDIR_POST_302 can be bitwise ORed so that
-   CURL_REDIR_POST_301 | CURL_REDIR_POST_302 == CURL_REDIR_POST_ALL */
+   CURL_REDIR_POST_301, CURL_REDIR_POST_302 and CURL_REDIR_POST_303
+   can be bitwise ORed so that CURL_REDIR_POST_301 | CURL_REDIR_POST_302
+   | CURL_REDIR_POST_303 == CURL_REDIR_POST_ALL */

 #define CURL_REDIR_GET_ALL  0
 #define CURL_REDIR_POST_301 1
 #define CURL_REDIR_POST_302 2
-#define CURL_REDIR_POST_ALL (CURL_REDIR_POST_301|CURL_REDIR_POST_302)
+#define CURL_REDIR_POST_303 4
+#define CURL_REDIR_POST_ALL \
+    (CURL_REDIR_POST_301|CURL_REDIR_POST_302|CURL_REDIR_POST_303)

 typedef enum {
  CURL_TIMECOND_NONE,
--- a/include/curl/curlver.h
+++ b/include/curl/curlver.h
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -26,16 +26,16 @@
   a script at release-time. This was made its own header file in 7.11.2 */

 /* This is the global package copyright */
-#define LIBCURL_COPYRIGHT "1996 - 2011 Daniel Stenberg, <daniel@haxx.se>."
+#define LIBCURL_COPYRIGHT "1996 - 2012 Daniel Stenberg, <daniel@haxx.se>."

 /* This is the version number of the libcurl package from which this header
   file origins: */
-#define LIBCURL_VERSION "7.24.0-DEV"
+#define LIBCURL_VERSION "7.27.0-DEV"

 /* The numeric version number is also available "in parts" by using these
   defines: */
 #define LIBCURL_VERSION_MAJOR 7
-#define LIBCURL_VERSION_MINOR 24
+#define LIBCURL_VERSION_MINOR 27
 #define LIBCURL_VERSION_PATCH 0

 /* This is the numeric version of the libcurl version number, meant for easier
@@ -53,7 +53,7 @@
   and it is always a greater number in a more recent release. It makes
   comparisons with greater than and less than work.
 */
-#define LIBCURL_VERSION_NUM 0x071800
+#define LIBCURL_VERSION_NUM 0x071B00

 /*
 * This is the date and time when the full source package was created. The
--- a/include/curl/typecheck-gcc.h
+++ b/include/curl/typecheck-gcc.h
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -141,8 +141,9 @@ __extension__ ({                                                              \

 /* To define a new warning, use _CURL_WARNING(identifier, "message") */
 #define _CURL_WARNING(id, message)                                            \
-  static void __attribute__((warning(message))) __attribute__((unused))       \
-  __attribute__((noinline)) id(void) { __asm__(""); }
+  static void __attribute__((__warning__(message)))                           \
+  __attribute__((__unused__)) __attribute__((__noinline__))                   \
+  id(void) { __asm__(""); }

 _CURL_WARNING(_curl_easy_setopt_err_long,
  "curl_easy_setopt expects a long argument for this option")
--- a/lib/.gitignore
+++ b/lib/.gitignore
@@ -11,3 +11,7 @@ libcurl.vcproj
 vc6libcurl.dsp
 Makefile.vc10.dist
 libcurl.vers
+*.a
+*.res
+*.imp
+*.nlm
--- a/lib/Makefile.Watcom
+++ b/lib/Makefile.Watcom
@@ -83,13 +83,13 @@ CFLAGS += -dWANT_IDN_PROTOTYPES
 !ifdef %zlib_root
 ZLIB_ROOT = $(%zlib_root)
 !else
-ZLIB_ROOT = ..$(DS)..$(DS)zlib-1.2.5
+ZLIB_ROOT = ..$(DS)..$(DS)zlib-1.2.7
 !endif

 !ifdef %libssh2_root
 LIBSSH2_ROOT = $(%libssh2_root)
 !else
-LIBSSH2_ROOT = ..$(DS)..$(DS)libssh2-1.3.0
+LIBSSH2_ROOT = ..$(DS)..$(DS)libssh2-1.4.2
 !endif

 !ifdef %librtmp_root
@@ -101,7 +101,7 @@ LIBRTMP_ROOT = ..$(DS)..$(DS)rtmpdump-2.3
 !ifdef %openssl_root
 OPENSSL_ROOT = $(%openssl_root)
 !else
-OPENSSL_ROOT = ..$(DS)..$(DS)openssl-0.9.8r
+OPENSSL_ROOT = ..$(DS)..$(DS)openssl-0.9.8x
 !endif

 !ifdef %ares_root
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -30,14 +30,14 @@ DOCS = README.encoding README.memoryleak README.ares README.curlx	\

 CMAKE_DIST = CMakeLists.txt curl_config.h.cmake

-EXTRA_DIST = Makefile.b32 Makefile.m32 Makefile.vc6 $(DSP)                 \
- vc6libcurl.dsw config-win32.h config-win32ce.h config-riscos.h            \
- config-mac.h curl_config.h.in makefile.dj config-dos.h libcurl.plist      \
- libcurl.rc config-amigaos.h amigaos.c amigaos.h makefile.amiga		   \
- Makefile.netware nwlib.c nwos.c libcurl.imp msvcproj.head msvcproj.foot   \
- config-win32ce.h config-os400.h setup-os400.h config-symbian.h		   \
- Makefile.Watcom config-tpf.h $(DOCS) $(VCPROJ) mk-ca-bundle.pl		   \
- mk-ca-bundle.vbs firefox-db2pem.sh $(CMAKE_DIST) config-vxworks.h	   \
+EXTRA_DIST = Makefile.b32 Makefile.m32 Makefile.vc6 $(DSP)              \
+ vc6libcurl.dsw config-win32.h config-win32ce.h config-riscos.h         \
+ config-mac.h curl_config.h.in makefile.dj config-dos.h libcurl.plist   \
+ libcurl.rc config-amigaos.h makefile.amiga                             \
+ Makefile.netware nwlib.c nwos.c msvcproj.head msvcproj.foot		\
+ config-win32ce.h config-os400.h setup-os400.h config-symbian.h		\
+ Makefile.Watcom config-tpf.h $(DOCS) $(VCPROJ) mk-ca-bundle.pl		\
+ mk-ca-bundle.vbs firefox-db2pem.sh $(CMAKE_DIST) config-vxworks.h	\
 Makefile.vxworks config-vms.h checksrc.pl

 CLEANFILES = $(DSP) $(VCPROJ)
@@ -48,6 +48,8 @@ LIBCURL_LIBS = @LIBCURL_LIBS@
 # This might hold -Werror
 CFLAGS += @CURL_CFLAG_EXTRAS@

+CFLAG_CURL_SYMBOL_HIDING = @CFLAG_CURL_SYMBOL_HIDING@
+
 # Specify our include paths here, and do it relative to $(top_srcdir) and
 # $(top_builddir), to ensure that these paths which belong to the library
 # being currently built and tested are searched before the library which
@@ -77,6 +79,18 @@ INCLUDES = -I$(top_builddir)/include/curl \
           -I$(top_srcdir)/lib
 endif

+AM_CPPFLAGS =
+
+# Mostly for Windows build targets, when building libcurl library
+if USE_CPPFLAG_BUILDING_LIBCURL
+AM_CPPFLAGS += -DBUILDING_LIBCURL
+endif
+
+# Mostly for Windows build targets, when building static libcurl
+if USE_CPPFLAG_CURL_STATICLIB
+AM_CPPFLAGS += -DCURL_STATICLIB
+endif
+
 if SONAME_BUMP
 #
 # Bumping of SONAME conditionally may seem like a weird thing to do, and yeah
@@ -122,6 +136,14 @@ endif

 libcurl_la_LDFLAGS = $(UNDEF) $(VERSIONINFO) $(MIMPURE) $(VERSIONED_SYMBOLS) $(LIBCURL_LIBS)

+if DOING_CURL_SYMBOL_HIDING
+libcurl_la_CPPFLAGS = $(AM_CPPFLAGS) -DCURL_HIDDEN_SYMBOLS
+libcurl_la_CFLAGS = $(AM_CFLAGS) $(CFLAG_CURL_SYMBOL_HIDING)
+else
+libcurl_la_CPPFLAGS = $(AM_CPPFLAGS)
+libcurl_la_CFLAGS = $(AM_CFLAGS)
+endif
+
 # unit testing static library built only along with unit tests
 if BUILD_UNITTESTS
 noinst_LTLIBRARIES = libcurlu.la
@@ -131,6 +153,7 @@ endif

 libcurlu_la_CPPFLAGS = $(AM_CPPFLAGS) -DUNITTESTS
 libcurlu_la_LDFLAGS = -static $(LIBCURL_LIBS)
+libcurlu_la_CFLAGS = $(AM_CFLAGS)

 # Makefile.inc provides the CSOURCES and HHEADERS defines
 include Makefile.inc
--- a/lib/Makefile.b32
+++ b/lib/Makefile.b32
@@ -22,12 +22,12 @@ BCCDIR = $(MAKEDIR)\..

 # Edit the path below to point to the base of your Zlib sources.
 !ifndef ZLIB_PATH
-ZLIB_PATH = ..\..\zlib-1.2.5
+ZLIB_PATH = ..\..\zlib-1.2.7
 !endif

 # Edit the path below to point to the base of your OpenSSL package.
 !ifndef OPENSSL_PATH
-OPENSSL_PATH = ..\..\openssl-0.9.8q
+OPENSSL_PATH = ..\..\openssl-0.9.8x
 !endif

 # Set libcurl static lib, dll and import lib
--- a/lib/Makefile.inc
+++ b/lib/Makefile.inc
@@ -14,7 +14,7 @@ CSOURCES = file.c timeval.c base64.c hostip.c progress.c formdata.c	\
  curl_fnmatch.c fileinfo.c ftplistparser.c wildcard.c krb5.c		\
  memdebug.c http_chunks.c strtok.c connect.c llist.c hash.c multi.c	\
  content_encoding.c share.c http_digest.c md4.c md5.c curl_rand.c	\
-  http_negotiate.c inet_pton.c strtoofft.c strerror.c			\
+  http_negotiate.c inet_pton.c strtoofft.c strerror.c amigaos.c		\
  hostasyn.c hostip4.c hostip6.c hostsyn.c inet_ntop.c parsedate.c	\
  select.c gtls.c sslgen.c tftp.c splay.c strdup.c socks.c ssh.c nss.c	\
  qssl.c rawstr.c curl_addrinfo.c socks_gssapi.c socks_sspi.c		\
@@ -23,7 +23,8 @@ CSOURCES = file.c timeval.c base64.c hostip.c progress.c formdata.c	\
  curl_rtmp.c openldap.c curl_gethostname.c gopher.c axtls.c		\
  idn_win32.c http_negotiate_sspi.c cyassl.c http_proxy.c non-ascii.c	\
  asyn-ares.c asyn-thread.c curl_gssapi.c curl_ntlm.c curl_ntlm_wb.c	\
-  curl_ntlm_core.c curl_ntlm_msgs.c
+  curl_ntlm_core.c curl_ntlm_msgs.c curl_sasl.c curl_schannel.c	\
+  curl_multibyte.c curl_darwinssl.c

 HHEADERS = arpa_telnet.h netrc.h file.h timeval.h qssl.h hostip.h	\
  progress.h formdata.h cookie.h http.h sendf.h ftp.h url.h dict.h	\
@@ -31,12 +32,13 @@ HHEADERS = arpa_telnet.h netrc.h file.h timeval.h qssl.h hostip.h	\
  getinfo.h strequal.h krb4.h memdebug.h http_chunks.h curl_rand.h	\
  curl_fnmatch.h wildcard.h fileinfo.h ftplistparser.h strtok.h		\
  connect.h llist.h hash.h content_encoding.h share.h curl_md4.h	\
-  curl_md5.h http_digest.h http_negotiate.h inet_pton.h			\
+  curl_md5.h http_digest.h http_negotiate.h inet_pton.h amigaos.h	\
  strtoofft.h strerror.h inet_ntop.h curlx.h curl_memory.h setup.h	\
  transfer.h select.h easyif.h multiif.h parsedate.h sslgen.h gtls.h	\
  tftp.h sockaddr.h splay.h strdup.h setup_once.h socks.h ssh.h nssg.h	\
  curl_base64.h rawstr.h curl_addrinfo.h curl_sspi.h slist.h nonblock.h	\
  curl_memrchr.h imap.h pop3.h smtp.h pingpong.h rtsp.h curl_threads.h	\
  warnless.h curl_hmac.h polarssl.h curl_rtmp.h curl_gethostname.h	\
-  gopher.h axtls.h cyassl.h http_proxy.h non-ascii.h asyn.h curl_ntlm.h \
-  curl_gssapi.h curl_ntlm_wb.h curl_ntlm_core.h curl_ntlm_msgs.h
+  gopher.h axtls.h cyassl.h http_proxy.h non-ascii.h asyn.h curl_ntlm.h	\
+  curl_gssapi.h curl_ntlm_wb.h curl_ntlm_core.h curl_ntlm_msgs.h	\
+  curl_sasl.h curl_schannel.h curl_multibyte.h curl_darwinssl.h
--- a/lib/Makefile.m32
+++ b/lib/Makefile.m32
@@ -7,31 +7,22 @@
 ## Example: mingw32-make -f Makefile.m32 CFG=-zlib-ssl-sspi-winidn
 ##
 ## Hint: you can also set environment vars to control the build, f.e.:
-## set ZLIB_PATH=c:/zlib-1.2.5
+## set ZLIB_PATH=c:/zlib-1.2.7
 ## set ZLIB=1
 #
 ###########################################################################

 # Edit the path below to point to the base of your Zlib sources.
 ifndef ZLIB_PATH
-ZLIB_PATH = ../../zlib-1.2.5
+ZLIB_PATH = ../../zlib-1.2.7
 endif
 # Edit the path below to point to the base of your OpenSSL package.
 ifndef OPENSSL_PATH
-OPENSSL_PATH = ../../openssl-0.9.8r
-endif
-ifndef OPENSSL_INCLUDE
-OPENSSL_INCLUDE = $(OPENSSL_PATH)/outinc
-endif
-ifndef OPENSSL_LIBPATH
-OPENSSL_LIBPATH = $(OPENSSL_PATH)/out
-endif
-ifndef OPENSSL_LIBS
-OPENSSL_LIBS = -leay32 -lssl32
+OPENSSL_PATH = ../../openssl-0.9.8x
 endif
 # Edit the path below to point to the base of your LibSSH2 package.
 ifndef LIBSSH2_PATH
-LIBSSH2_PATH = ../../libssh2-1.3.0
+LIBSSH2_PATH = ../../libssh2-1.4.2
 endif
 # Edit the path below to point to the base of your librtmp package.
 ifndef LIBRTMP_PATH
@@ -64,22 +55,47 @@ ifndef ARCH
 ARCH = w32
 endif

-CC = gcc
-CFLAGS = -g -O2 -Wall
-CFLAGS += -fno-strict-aliasing
+CC	= $(CROSSPREFIX)gcc
+CFLAGS	= -g -O2 -Wall
+CFLAGS	+= -fno-strict-aliasing
 ifeq ($(ARCH),w64)
-CFLAGS += -D_AMD64_
+CFLAGS	+= -D_AMD64_
 endif
 # comment LDFLAGS below to keep debug info
-LDFLAGS = -s
-AR = ar
-RANLIB = ranlib
-RC = windres
-RCFLAGS = --include-dir=$(PROOT)/include -DDEBUGBUILD=0 -O COFF -i
-STRIP = strip -g
+LDFLAGS	= -s
+AR	= $(CROSSPREFIX)ar
+RANLIB	= $(CROSSPREFIX)ranlib
+RC	= $(CROSSPREFIX)windres
+RCFLAGS	= --include-dir=$(PROOT)/include -DDEBUGBUILD=0 -O COFF -i
+STRIP	= $(CROSSPREFIX)strip -g

-RM = del /q /f 2>NUL
-CP = copy
+# Platform-dependent helper tool macros
+ifeq ($(findstring /sh,$(SHELL)),/sh)
+DEL	= rm -f $1
+RMDIR	= rm -fr $1
+MKDIR	= mkdir -p $1
+COPY	= -cp -afv $1 $2
+#COPYR	= -cp -afr $1/* $2
+COPYR	= -rsync -aC $1/* $2
+TOUCH	= touch $1
+CAT	= cat
+ECHONL	= echo ""
+DL	= '
+else
+ifeq "$(OS)" "Windows_NT"
+DEL	= -del 2>NUL /q /f $(subst /,\,$1)
+RMDIR	= -rd 2>NUL /q /s $(subst /,\,$1)
+else
+DEL	= -del 2>NUL $(subst /,\,$1)
+RMDIR	= -deltree 2>NUL /y $(subst /,\,$1)
+endif
+MKDIR	= -md 2>NUL $(subst /,\,$1)
+COPY	= -copy 2>NUL /y $(subst /,\,$1) $(subst /,\,$2)
+COPYR	= -xcopy 2>NUL /q /y /e $(subst /,\,$1) $(subst /,\,$2)
+TOUCH	= copy 2>&1>NUL /b $(subst /,\,$1) +,,
+CAT	= type
+ECHONL	= $(ComSpec) /c echo.
+endif

 ########################################################
 ## Nothing more to do below this line!
@@ -103,6 +119,9 @@ endif
 ifeq ($(findstring -ssl,$(CFG)),-ssl)
 SSL = 1
 endif
+ifeq ($(findstring -srp,$(CFG)),-srp)
+SRP = 1
+endif
 ifeq ($(findstring -zlib,$(CFG)),-zlib)
 ZLIB = 1
 endif
@@ -124,6 +143,10 @@ endif
 ifeq ($(findstring -ipv6,$(CFG)),-ipv6)
 IPV6 = 1
 endif
+ifeq ($(findstring -winssl,$(CFG)),-winssl)
+WINSSL = 1
+SSPI = 1
+endif

 INCLUDES = -I. -I../include
 CFLAGS += -DBUILDING_LIBCURL
@@ -145,11 +168,37 @@ ifdef SSH2
  DLL_LIBS += -L"$(LIBSSH2_PATH)/win32" -lssh2
 endif
 ifdef SSL
+  ifndef OPENSSL_INCLUDE
+    ifeq "$(wildcard $(OPENSSL_PATH)/outinc)" "$(OPENSSL_PATH)/outinc"
+      OPENSSL_INCLUDE = $(OPENSSL_PATH)/outinc
+    endif
+    ifeq "$(wildcard $(OPENSSL_PATH)/include)" "$(OPENSSL_PATH)/include"
+      OPENSSL_INCLUDE = $(OPENSSL_PATH)/include
+    endif
+  endif
+  ifneq "$(wildcard $(OPENSSL_INCLUDE)/openssl/opensslv.h)" "$(OPENSSL_INCLUDE)/openssl/opensslv.h"
+  $(error Invalid path to OpenSSL package: $(OPENSSL_PATH))
+  endif
+  ifndef OPENSSL_LIBPATH
+    ifeq "$(wildcard $(OPENSSL_PATH)/out)" "$(OPENSSL_PATH)/out"
+      OPENSSL_LIBPATH = $(OPENSSL_PATH)/out
+      OPENSSL_LIBS = -leay32 -lssl32
+    endif
+    ifeq "$(wildcard $(OPENSSL_PATH)/lib)" "$(OPENSSL_PATH)/lib"
+      OPENSSL_LIBPATH = $(OPENSSL_PATH)/lib
+      OPENSSL_LIBS = -lcrypto -lssl
+    endif
+  endif
  INCLUDES += -I"$(OPENSSL_INCLUDE)"
  CFLAGS += -DUSE_SSLEAY -DUSE_OPENSSL -DHAVE_OPENSSL_ENGINE_H -DHAVE_OPENSSL_PKCS12_H \
            -DHAVE_ENGINE_LOAD_BUILTIN_ENGINES -DOPENSSL_NO_KRB5 \
            -DCURL_WANTS_CA_BUNDLE_ENV
  DLL_LIBS += -L"$(OPENSSL_LIBPATH)" $(OPENSSL_LIBS)
+  ifdef SRP
+    ifeq "$(wildcard $(OPENSSL_INCLUDE)/openssl/srp.h)" "$(OPENSSL_INCLUDE)/openssl/srp.h"
+      CFLAGS += -DHAVE_SSLEAY_SRP -DUSE_TLS_SRP
+    endif
+  endif
 endif
 ifdef ZLIB
  INCLUDES += -I"$(ZLIB_PATH)"
@@ -169,6 +218,9 @@ endif
 endif
 ifdef SSPI
  CFLAGS += -DUSE_WINDOWS_SSPI
+  ifdef WINSSL
+    CFLAGS += -DUSE_SCHANNEL
+  endif
 endif
 ifdef SPNEGO
  CFLAGS += -DHAVE_SPNEGO
@@ -212,7 +264,7 @@ RESOURCE = libcurl.res
 all: $(libcurl_a_LIBRARY) $(libcurl_dll_LIBRARY)

 $(libcurl_a_LIBRARY): $(libcurl_a_OBJECTS) $(libcurl_a_DEPENDENCIES)
-	-$(RM) $@
+	@$(call DEL, $@)
 	$(AR) cru $@ $(libcurl_a_OBJECTS)
 	$(RANLIB) $@
 	$(STRIP) $@
@@ -220,7 +272,7 @@ $(libcurl_a_LIBRARY): $(libcurl_a_OBJECTS) $(libcurl_a_DEPENDENCIES)
 # remove the last line above to keep debug info

 $(libcurl_dll_LIBRARY): $(libcurl_a_OBJECTS) $(RESOURCE) $(libcurl_dll_DEPENDENCIES)
-	-$(RM) $@
+	@$(call DEL, $@)
 	$(CC) $(LDFLAGS) -shared -Wl,--out-implib,$(libcurl_dll_a_LIBRARY) \
 	  -o $@ $(libcurl_a_OBJECTS) $(RESOURCE) $(DLL_LIBS)

@@ -232,17 +284,18 @@ $(libcurl_dll_LIBRARY): $(libcurl_a_OBJECTS) $(RESOURCE) $(libcurl_dll_DEPENDENC

 clean:
 ifeq "$(wildcard $(PROOT)/include/curl/curlbuild.h.dist)" "$(PROOT)/include/curl/curlbuild.h.dist"
-	-$(RM) $(subst /,\,$(PROOT)/include/curl/curlbuild.h)
+	@$(call DEL, $(PROOT)/include/curl/curlbuild.h)
 endif
-	-$(RM) $(libcurl_a_OBJECTS) $(RESOURCE)
+	@$(call DEL, $(libcurl_a_OBJECTS) $(RESOURCE))

 distclean vclean: clean
-	-$(RM) $(libcurl_a_LIBRARY) $(libcurl_dll_LIBRARY) $(libcurl_dll_a_LIBRARY)
+	@$(call DEL, $(libcurl_a_LIBRARY) $(libcurl_dll_LIBRARY) $(libcurl_dll_a_LIBRARY))
+
+$(PROOT)/include/curl/curlbuild.h:
+	@echo Creating $@
+	@$(call COPY, $@.dist, $@)

 $(LIBCARES_PATH)/libcares.a:
 	$(MAKE) -C $(LIBCARES_PATH) -f Makefile.m32

-$(PROOT)/include/curl/curlbuild.h:
-	@echo Creating $@
-	@$(CP) $(subst /,\,$@).dist $(subst /,\,$@)

--- a/lib/Makefile.netware
+++ b/lib/Makefile.netware
@@ -14,17 +14,17 @@ endif

 # Edit the path below to point to the base of your Zlib sources.
 ifndef ZLIB_PATH
-ZLIB_PATH = ../../zlib-1.2.5
+ZLIB_PATH = ../../zlib-1.2.7
 endif

 # Edit the path below to point to the base of your OpenSSL package.
 ifndef OPENSSL_PATH
-OPENSSL_PATH = ../../openssl-0.9.8r
+OPENSSL_PATH = ../../openssl-0.9.8x
 endif

 # Edit the path below to point to the base of your LibSSH2 package.
 ifndef LIBSSH2_PATH
-LIBSSH2_PATH = ../../libssh2-1.3.0
+LIBSSH2_PATH = ../../libssh2-1.4.2
 endif

 # Edit the path below to point to the base of your axTLS package.
@@ -64,7 +64,8 @@ DESCR	= cURL libcurl $(LIBCURL_VERSION_STR) ($(LIBARCH)) - http://curl.haxx.se
 MTSAFE	= YES
 STACK	= 64000
 SCREEN	= none
-EXPORTS	= @libcurl.imp
+EXPORTF	= $(TARGET).imp
+EXPORTS	= @$(EXPORTF)

 # Uncomment the next line to enable linking with POSIX semantics.
 # POSIXFL = 1
@@ -330,7 +331,7 @@ $(OBJDIR)/%.o: %.c
 #	@echo Compiling $<
 	$(CC) $(CFLAGS) -c $< -o $@

-$(OBJDIR)/version.inc: ../include/curl/curlver.h $(OBJDIR)
+$(OBJDIR)/version.inc: $(CURL_INC)/curl/curlver.h $(OBJDIR)
 	@echo Creating $@
 	@$(AWK) -f ../packages/NetWare/get_ver.awk $< > $@

@@ -350,7 +351,7 @@ clean:
 	-$(RM) -r $(OBJDIR)

 distclean vclean: clean
-	-$(RM) $(TARGET).$(LIBEXT) $(TARGET).nlm
+	-$(RM) $(TARGET).$(LIBEXT) $(TARGET).nlm $(TARGET).imp
 	-$(RM) certdata.txt ca-bundle.crt

 $(OBJDIR) $(INSTDIR):
@@ -364,7 +365,7 @@ ifdef RANLIB
 	@$(RANLIB) $@
 endif

-$(TARGET).nlm: $(OBJDIR)/$(TARGET).def $(OBJL) $(XDCDATA)
+$(TARGET).nlm: $(OBJDIR)/$(TARGET).def $(OBJL) $(EXPORTF) $(XDCDATA)
 	@echo Linking $@
 	@-$(RM) $@
 	@$(LD) $(LDFLAGS) $<
@@ -660,6 +661,10 @@ else
 	@echo $(DL)#define CURL_CA_BUNDLE getenv("CURL_CA_BUNDLE")$(DL) >> $@
 endif

+$(EXPORTF): $(CURL_INC)/curl/curl.h $(CURL_INC)/curl/easy.h $(CURL_INC)/curl/multi.h $(CURL_INC)/curl/mprintf.h
+	@echo Creating $@
+	@$(AWK) -f ../packages/NetWare/get_exp.awk $^ > $@
+
 FORCE: ;

 info: $(OBJDIR)/version.inc
@@ -696,13 +701,6 @@ else
 	@echo ipv6 support:    no
 endif

-$(LIBCARES_PATH)/libcares.$(LIBEXT):
-	$(MAKE) -C $(LIBCARES_PATH) -f Makefile.netware lib
-
-ca-bundle.crt: mk-ca-bundle.pl
-	@echo Creating $@
-	@-$(PERL) $< -b -n $@
-
 $(CURL_INC)/curl/curlbuild.h: Makefile.netware FORCE
 	@echo Creating $@
 	@echo $(DL)/* $@ intended for NetWare target.$(DL) > $@
@@ -741,3 +739,10 @@ endif
 	@echo $(DL)typedef CURL_TYPEOF_CURL_OFF_T curl_off_t;$(DL) >> $@
 	@echo $(DL)#endif /* __CURL_CURLBUILD_H */$(DL) >> $@

+$(LIBCARES_PATH)/libcares.$(LIBEXT):
+	$(MAKE) -C $(LIBCARES_PATH) -f Makefile.netware lib
+
+ca-bundle.crt: mk-ca-bundle.pl
+	@echo Creating $@
+	@-$(PERL) $< -b -n $@
+
--- a/lib/Makefile.vc6
+++ b/lib/Makefile.vc6
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1999 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1999 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -22,7 +22,7 @@

 # All files in the Makefile.vc* series are generated automatically from the
 # one made for MSVC version 6. Alas, if you want to do changes to any of the
-# fiels and send back to the project, edit the version six, make your diff and
+# files and send back to the project, edit the version six, make your diff and
 # mail curl-library.

 ###########################################################################
@@ -65,15 +65,15 @@
 !INCLUDE ..\Makefile.msvc.names

 !IFNDEF OPENSSL_PATH
-OPENSSL_PATH   = ../../openssl-0.9.8r
+OPENSSL_PATH   = ../../openssl-0.9.8x
 !ENDIF

 !IFNDEF LIBSSH2_PATH
-LIBSSH2_PATH   = ../../libssh2-1.2.8
+LIBSSH2_PATH   = ../../libssh2-1.4.2
 !ENDIF

 !IFNDEF ZLIB_PATH
-ZLIB_PATH  = ../../zlib-1.2.5
+ZLIB_PATH  = ../../zlib-1.2.7
 !ENDIF

 !IFNDEF MACHINE
@@ -189,6 +189,20 @@ CC       = $(CCNODBG) $(RTLIB) $(CFLAGSSSL) $(CFLAGSZLIB) $(CFLAGSLIB)
 CFGSET   = TRUE
 !ENDIF

+######################
+# release-ssl-ssh2-zlib
+
+!IF "$(CFG)" == "release-ssl-ssh2-zlib"
+TARGET   = $(LIBCURL_STA_LIB_REL)
+DIROBJ   = $(CFG)
+LFLAGSSSL = "/LIBPATH:$(OPENSSL_PATH)\out32"
+LFLAGSSSH2 = "/LIBPATH:$(LIBSSH2_PATH)"
+LFLAGSZLIB = "/LIBPATH:$(ZLIB_PATH)"
+LNK      = $(LNKLIB) $(LFLAGSSSL) $(LFLAGSSSH2) $(LFLAGSZLIB) /out:$(DIROBJ)\$(TARGET)
+CC       = $(CCNODBG) $(RTLIB) $(CFLAGSSSL) $(CFLAGSSSH2) $(CFLAGSZLIB) $(CFLAGSLIB)
+CFGSET   = TRUE
+!ENDIF
+
 ######################
 # release-ssl-dll

@@ -226,36 +240,6 @@ CC       = $(CCNODBG) $(RTLIB) $(CFLAGSSSL) $(CFLAGSZLIB) $(CFLAGSLIB)
 CFGSET   = TRUE
 !ENDIF

-######################
-# release-ssl-ssh2-zlib
-
-!IF "$(CFG)" == "release-ssl-ssh2-zlib"
-TARGET   = $(LIB_NAME).lib
-DIROBJ   = $(CFG)
-LFLAGSSSL = "/LIBPATH:$(OPENSSL_PATH)\out32"
-LFLAGSSSH2 = "/LIBPATH:$(LIBSSH2_PATH)"
-LFLAGSZLIB = "/LIBPATH:$(ZLIB_PATH)"
-LNK      = $(LNKLIB) $(LFLAGSSSL) $(LFLAGSSSH2) $(LFLAGSZLIB) /out:$(DIROBJ)\$(TARGET)
-CC       = $(CCNODBG) $(RTLIB) $(CFLAGSSSL) $(CFLAGSSSH2) $(CFLAGSZLIB) $(CFLAGSLIB)
-CFGSET   = TRUE
-RESOURCE = $(LIBSSH2_PATH)/Release/src/libssh2.lib $(ZLIB_PATH)/zlib.lib
-!ENDIF
-
-######################
-# debug-ssl-ssh2-zlib
-
-!IF "$(CFG)" == "debug-ssl-ssh2-zlib"
-TARGET   = $(LIB_NAME_DEBUG).lib
-DIROBJ   = $(CFG)
-LFLAGSZLIB = "/LIBPATH:$(ZLIB_PATH)"
-LFLAGSSSH2 = "/LIBPATH:$(LIBSSH2_PATH)"
-LFLAGSSSL = "/LIBPATH:$(OPENSSL_PATH)\out32"
-LNK      = $(LNKLIB) $(ZLIBLIBS) $(LFLAGSSSL) $(LFLAGSSSH2) $(LFLAGSZLIB) /out:$(DIROBJ)\$(TARGET)
-CC       = $(CCDEBUG) $(RTLIBD) $(CFLAGSSSL) $(CFLAGSSSH2) $(CFLAGSZLIB) $(CFLAGSLIB)
-CFGSET   = TRUE
-RESOURCE = $(LIBSSH2_PATH)/Release/src/libssh2.lib $(ZLIB_PATH)/zlib.lib
-!ENDIF
-
 ######################
 # release-dll

@@ -356,6 +340,20 @@ CC       = $(CCDEBUG) $(RTLIBD) $(CFLAGSSSL) $(CFLAGSZLIB) $(CFLAGSLIB)
 CFGSET   = TRUE
 !ENDIF

+######################
+# debug-ssl-ssh2-zlib
+
+!IF "$(CFG)" == "debug-ssl-ssh2-zlib"
+TARGET   = $(LIBCURL_STA_LIB_DBG)
+DIROBJ   = $(CFG)
+LFLAGSZLIB = "/LIBPATH:$(ZLIB_PATH)"
+LFLAGSSSH2 = "/LIBPATH:$(LIBSSH2_PATH)"
+LFLAGSSSL = "/LIBPATH:$(OPENSSL_PATH)\out32"
+LNK      = $(LNKLIB) $(ZLIBLIBS) $(LFLAGSSSL) $(LFLAGSSSH2) $(LFLAGSZLIB) /out:$(DIROBJ)\$(TARGET)
+CC       = $(CCDEBUG) $(RTLIBD) $(CFLAGSSSL) $(CFLAGSSSH2) $(CFLAGSZLIB) $(CFLAGSLIB)
+CFGSET   = TRUE
+!ENDIF
+
 ######################
 # debug-ssl-dll

@@ -463,11 +461,11 @@ RESOURCE = $(DIROBJ)\libcurl.res
 !MESSAGE   release-dll-ssl-dll          - release dynamic library with dynamic ssl
 !MESSAGE   release-dll-zlib-dll         - release dynamic library with dynamic zlib
 !MESSAGE   release-dll-ssl-dll-zlib-dll - release dynamic library with dynamic ssl and dynamic zlib
-!MESSAGE   debug-ssl-ssh2-zlib          - debug static library with ssl, ssh2 and zlib
 !MESSAGE   debug                        - debug static library
 !MESSAGE   debug-ssl                    - debug static library with ssl
 !MESSAGE   debug-zlib                   - debug static library with zlib
 !MESSAGE   debug-ssl-zlib               - debug static library with ssl and zlib
+!MESSAGE   debug-ssl-ssh2-zlib          - debug static library with ssl, ssh2 and zlib
 !MESSAGE   debug-ssl-dll                - debug static library with dynamic ssl
 !MESSAGE   debug-zlib-dll               - debug static library with dynamic zlib
 !MESSAGE   debug-ssl-dll-zlib-dll       - debug static library with dynamic ssl and dynamic zlib
@@ -503,25 +501,29 @@ X_OBJS= \
 	$(DIROBJ)\content_encoding.obj \
 	$(DIROBJ)\cookie.obj \
 	$(DIROBJ)\curl_addrinfo.obj \
+	$(DIROBJ)\curl_darwinssl.obj \
 	$(DIROBJ)\curl_fnmatch.obj \
 	$(DIROBJ)\curl_gethostname.obj \
 	$(DIROBJ)\curl_memrchr.obj \
+	$(DIROBJ)\curl_multibyte.obj \
 	$(DIROBJ)\curl_ntlm.obj \
 	$(DIROBJ)\curl_ntlm_core.obj \
 	$(DIROBJ)\curl_ntlm_msgs.obj \
 	$(DIROBJ)\curl_ntlm_wb.obj \
 	$(DIROBJ)\curl_rand.obj \
 	$(DIROBJ)\curl_rtmp.obj \
+	$(DIROBJ)\curl_sasl.obj \
+	$(DIROBJ)\curl_schannel.obj \
 	$(DIROBJ)\curl_sspi.obj \
 	$(DIROBJ)\curl_threads.obj \
 	$(DIROBJ)\dict.obj \
 	$(DIROBJ)\easy.obj \
 	$(DIROBJ)\escape.obj \
-	$(DIROBJ)\fileinfo.obj \
 	$(DIROBJ)\file.obj \
+	$(DIROBJ)\fileinfo.obj \
 	$(DIROBJ)\formdata.obj \
-	$(DIROBJ)\ftplistparser.obj \
 	$(DIROBJ)\ftp.obj \
+	$(DIROBJ)\ftplistparser.obj \
 	$(DIROBJ)\getenv.obj \
 	$(DIROBJ)\getinfo.obj \
 	$(DIROBJ)\gopher.obj \
@@ -529,15 +531,15 @@ X_OBJS= \
 	$(DIROBJ)\hash.obj \
 	$(DIROBJ)\hmac.obj \
 	$(DIROBJ)\hostasyn.obj \
+	$(DIROBJ)\hostip.obj \
 	$(DIROBJ)\hostip4.obj \
 	$(DIROBJ)\hostip6.obj \
-	$(DIROBJ)\hostip.obj \
 	$(DIROBJ)\hostsyn.obj \
+	$(DIROBJ)\http.obj \
 	$(DIROBJ)\http_chunks.obj \
 	$(DIROBJ)\http_digest.obj \
 	$(DIROBJ)\http_negotiate.obj \
-        $(DIROBJ)\http_negotiate_sspi.obj \
-	$(DIROBJ)\http.obj \
+	$(DIROBJ)\http_negotiate_sspi.obj \
 	$(DIROBJ)\http_proxy.obj \
 	$(DIROBJ)\if2ip.obj \
 	$(DIROBJ)\imap.obj \
@@ -565,8 +567,8 @@ X_OBJS= \
 	$(DIROBJ)\share.obj \
 	$(DIROBJ)\slist.obj \
 	$(DIROBJ)\smtp.obj \
-	$(DIROBJ)\socks_gssapi.obj \
 	$(DIROBJ)\socks.obj \
+	$(DIROBJ)\socks_gssapi.obj \
 	$(DIROBJ)\socks_sspi.obj \
 	$(DIROBJ)\speedcheck.obj \
 	$(DIROBJ)\splay.obj \
--- a/lib/Makefile.vxworks
+++ b/lib/Makefile.vxworks
@@ -33,10 +33,10 @@ BUILD_TYPE := debug
 USER_CFLAGS:=

 # directories where to seek for includes and libraries
-OPENSSL_INC := D:/libraries/openssl/openssl-0.9.8a-vxWorks6.3/include
-OPENSSL_LIB := D:/libraries/openssl/openssl-0.9.8a-vxWorks6.3
-ZLIB_INC    := D:/libraries/zlib/zlib-1.2.3-VxWorks6.3/zlib-1.2.3
-ZLIB_LIB    := D:/libraries/zlib/zlib-1.2.3-VxWorks6.3/binaries/vxworks_3.1_gnu/Debug/lib
+OPENSSL_INC := D:/libraries/openssl/openssl-0.9.8x-vxWorks6.3/include
+OPENSSL_LIB := D:/libraries/openssl/openssl-0.9.8x-vxWorks6.3
+ZLIB_INC    := D:/libraries/zlib/zlib-1.2.7-VxWorks6.3/zlib-1.2.7
+ZLIB_LIB    := D:/libraries/zlib/zlib-1.2.7-VxWorks6.3/binaries/vxworks_3.1_gnu/Debug/lib
 ARES_INC    :=
 ARES_LIB    :=

--- a/lib/amigaos.c
+++ b/lib/amigaos.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -20,10 +20,13 @@
 *
 ***************************************************************************/

-#ifdef __AMIGA__ /* Any AmigaOS flavour */
+#include "setup.h"
+
+#if defined(__AMIGA__) && !defined(__ixemul__)
+
+#include <amitcp/socketbasetags.h>

 #include "amigaos.h"
-#include <amitcp/socketbasetags.h>

 struct Library *SocketBase = NULL;
 extern int errno, h_errno;
@@ -35,7 +38,7 @@ void __request(const char *msg);
 # define __request( msg )       Printf( msg "\n\a")
 #endif

-void amiga_cleanup()
+void Curl_amiga_cleanup()
 {
  if(SocketBase) {
    CloseLibrary(SocketBase);
@@ -43,7 +46,7 @@ void amiga_cleanup()
  }
 }

-BOOL amiga_init()
+bool Curl_amiga_init()
 {
  if(!SocketBase)
    SocketBase = OpenLibrary("bsdsocket.library", 4);
@@ -61,20 +64,14 @@ BOOL amiga_init()
  }

 #ifndef __libnix__
-  atexit(amiga_cleanup);
+  atexit(Curl_amiga_cleanup);
 #endif

  return TRUE;
 }

 #ifdef __libnix__
-ADD2EXIT(amiga_cleanup,-50);
+ADD2EXIT(Curl_amiga_cleanup,-50);
 #endif

-#else /* __AMIGA__ */
-
-#ifdef __POCC__
-#  pragma warn(disable:2024)  /* Disable warning #2024: Empty input file */
-#endif
-
-#endif /* __AMIGA__ */
+#endif /* __AMIGA__ && ! __ixemul__ */
--- a/lib/amigaos.h
+++ b/lib/amigaos.h
@@ -1,5 +1,5 @@
-#ifndef LIBCURL_AMIGAOS_H
-#define LIBCURL_AMIGAOS_H
+#ifndef HEADER_CURL_AMIGAOS_H
+#define HEADER_CURL_AMIGAOS_H
 /***************************************************************************
 *                                  _   _ ____  _
 *  Project                     ___| | | |  _ \| |
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -21,37 +21,19 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
+#include "setup.h"

-#ifdef __AMIGA__ /* Any AmigaOS flavour */
+#if defined(__AMIGA__) && !defined(__ixemul__)

-#ifndef __ixemul__
+bool Curl_amiga_init();
+void Curl_amiga_cleanup();

-#include <exec/types.h>
-#include <exec/execbase.h>
+#else

-#include <proto/exec.h>
-#include <proto/dos.h>
+#define Curl_amiga_init() 1
+#define Curl_amiga_cleanup() Curl_nop_stmt

-#include <sys/socket.h>
-
-#include "config-amigaos.h"
-
-#ifndef select
-# define select(args...) WaitSelect( args, NULL)
 #endif
-#ifndef ioctl
-# define ioctl(a,b,c,d)  IoctlSocket( (LONG)a, (ULONG)b, (char*)c)
-#endif
-#define _AMIGASF        1

-extern void amiga_cleanup();
-extern BOOL amiga_init();
-
-#else /* __ixemul__ */
-
-#warning compiling with ixemul...
-
-#endif /* __ixemul__ */
-#endif /* __AMIGA__ */
-#endif /* LIBCURL_AMIGAOS_H */
+#endif /* HEADER_CURL_AMIGAOS_H */

--- a/lib/asyn-ares.c
+++ b/lib/asyn-ares.c
@@ -582,13 +582,22 @@ Curl_addrinfo *Curl_resolver_getaddrinfo(struct connectdata *conn,
    res->last_status = ARES_ENOTFOUND;
 #ifdef ENABLE_IPV6 /* CURLRES_IPV6 */
    if(family == PF_UNSPEC) {
-      res->num_pending = 2;
+      if(Curl_ipv6works()) {
+        res->num_pending = 2;

-      /* areschannel is already setup in the Curl_open() function */
-      ares_gethostbyname((ares_channel)data->state.resolver, hostname,
-                         PF_INET, query_completed_cb, conn);
-      ares_gethostbyname((ares_channel)data->state.resolver, hostname,
-                         PF_INET6, query_completed_cb, conn);
+        /* areschannel is already setup in the Curl_open() function */
+        ares_gethostbyname((ares_channel)data->state.resolver, hostname,
+                            PF_INET, query_completed_cb, conn);
+        ares_gethostbyname((ares_channel)data->state.resolver, hostname,
+                            PF_INET6, query_completed_cb, conn);
+      }
+      else {
+        res->num_pending = 1;
+
+        /* areschannel is already setup in the Curl_open() function */
+        ares_gethostbyname((ares_channel)data->state.resolver, hostname,
+                            PF_INET, query_completed_cb, conn);
+      }
    }
    else
 #endif /* CURLRES_IPV6 */
--- a/lib/base64.c
+++ b/lib/base64.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -58,11 +58,11 @@ static void decodeQuantum(unsigned char *dest, const char *src)
      x = (x << 6);
  }

-  dest[2] = curlx_ultouc(x);
+  dest[2] = curlx_ultouc(x & 0xFFUL);
  x >>= 8;
-  dest[1] = curlx_ultouc(x);
+  dest[1] = curlx_ultouc(x & 0xFFUL);
  x >>= 8;
-  dest[0] = curlx_ultouc(x);
+  dest[0] = curlx_ultouc(x & 0xFFUL);
 }

 /*
--- a/lib/config-amigaos.h
+++ b/lib/config-amigaos.h
@@ -1,5 +1,5 @@
-#ifndef LIBCURL_CONFIG_AMIGAOS_H
-#define LIBCURL_CONFIG_AMIGAOS_H
+#ifndef HEADER_CURL_CONFIG_AMIGAOS_H
+#define HEADER_CURL_CONFIG_AMIGAOS_H
 /***************************************************************************
 *                                  _   _ ____  _
 *  Project                     ___| | | |  _ \| |
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -22,6 +22,10 @@
 *
 ***************************************************************************/

+/* ================================================================ */
+/*               Hand crafted config file for AmigaOS               */
+/* ================================================================ */
+
 #ifdef __AMIGA__ /* Any AmigaOS flavour */

 #define HAVE_ARPA_INET_H 1
@@ -72,8 +76,6 @@
 #define HAVE_SYS_STAT_H 1
 #define HAVE_SYS_TIME_H 1
 #define HAVE_SYS_TYPES_H 1
-#define HAVE_TERMIOS_H 1
-#define HAVE_TERMIO_H 1
 #define HAVE_TIME_H 1
 #define HAVE_UNAME 1
 #define HAVE_UNISTD_H 1
@@ -89,11 +91,11 @@
 #define SIZEOF_SHORT 2
 #define SIZEOF_SIZE_T 4

+#define USE_MANUAL 1
 #define USE_OPENSSL 1
 #define USE_SSLEAY 1
 #define CURL_DISABLE_LDAP 1

-
 #define OS "AmigaOS"

 #define PACKAGE "curl"
@@ -114,8 +116,20 @@

 #define in_addr_t int

+#ifndef F_OK
+#  define F_OK 0
+#endif
+
 #ifndef O_RDONLY
-# define O_RDONLY 0x0000
+#  define O_RDONLY 0x0000
+#endif
+
+#ifndef LONG_MAX
+#  define LONG_MAX 0x7fffffffL
+#endif
+
+#ifndef LONG_MIN
+#  define LONG_MIN (-0x7fffffffL-1)
 #endif

 #define HAVE_GETNAMEINFO 1
@@ -150,4 +164,4 @@
 #define SEND_TYPE_RETV int

 #endif /* __AMIGA__ */
-#endif /* LIBCURL_CONFIG_AMIGAOS_H */
+#endif /* HEADER_CURL_CONFIG_AMIGAOS_H */
--- a/lib/config-mac.h
+++ b/lib/config-mac.h
@@ -1,5 +1,5 @@
-#ifndef __LIB_CONFIG_MAC_H
-#define __LIB_CONFIG_MAC_H
+#ifndef HEADER_CURL_CONFIG_MAC_H
+#define HEADER_CURL_CONFIG_MAC_H
 /***************************************************************************
 *                                  _   _ ____  _
 *  Project                     ___| | | |  _ \| |
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -23,13 +23,16 @@
 ***************************************************************************/

 /* =================================================================== */
-/*   lib/config-mac.h - Hand crafted config file for Mac OS 9          */
+/*                Hand crafted config file for Mac OS 9                */
 /* =================================================================== */
 /*  On Mac OS X you must run configure to generate curl_config.h file  */
 /* =================================================================== */

 #define OS "mac"

+/* Define if you want the built-in manual */
+#define USE_MANUAL              1
+
 #define HAVE_ERRNO_H            1
 #define HAVE_NETINET_IN_H       1
 #define HAVE_SYS_SOCKET_H       1
@@ -43,15 +46,16 @@
 #define HAVE_FCNTL_H            1
 #define HAVE_SYS_STAT_H         1
 #define HAVE_ALLOCA_H           1
-#define HAVE_TIME_H             1
 #define HAVE_STDLIB_H           1
+#define HAVE_TIME_H             1
 #define HAVE_UTIME_H            1
 #define HAVE_SYS_TIME_H         1
+#define HAVE_SYS_UTIME_H        1

 #define TIME_WITH_SYS_TIME      1

 #define HAVE_ALARM              1
-#define HAVE_STRDUP             1
+#define HAVE_FTRUNCATE          1
 #define HAVE_UTIME              1
 #define HAVE_SETVBUF            1
 #define HAVE_STRFTIME           1
@@ -61,14 +65,13 @@
 #define HAVE_SOCKET             1
 #define HAVE_STRUCT_TIMEVAL     1

-//#define HAVE_STRICMP          1
 #define HAVE_SIGACTION          1
 #define HAVE_SIGNAL_H           1
 #define HAVE_SIG_ATOMIC_T       1

 #ifdef MACOS_SSL_SUPPORT
-#       define USE_SSLEAY       1
-#       define USE_OPENSSL      1
+#  define USE_SSLEAY            1
+#  define USE_OPENSSL           1
 #endif

 #define CURL_DISABLE_LDAP       1
@@ -120,4 +123,4 @@
 #define HAVE_EXTRA_STRICMP_H 1
 #define HAVE_EXTRA_STRDUP_H  1

-#endif /* __LIB_CONFIG_MAC_H */
+#endif /* HEADER_CURL_CONFIG_MAC_H */
--- a/lib/config-os400.h
+++ b/lib/config-os400.h
@@ -1,6 +1,5 @@
-/* ================================================================ */
-/*    lib/config-os400.h - Hand crafted config file for OS/400      */
-/* ================================================================ */
+#ifndef HEADER_CURL_CONFIG_OS400_H
+#define HEADER_CURL_CONFIG_OS400_H
 /***************************************************************************
 *                                  _   _ ____  _
 *  Project                     ___| | | |  _ \| |
@@ -8,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -23,6 +22,10 @@
 *
 ***************************************************************************/

+/* ================================================================ */
+/*                Hand crafted config file for OS/400               */
+/* ================================================================ */
+
 #pragma enum(int)

 #undef PACKAGE
@@ -434,10 +437,7 @@
 /* To disable LDAP */
 #undef CURL_DISABLE_LDAP

-/* To avoid external use of library hidden symbols */
-#define CURL_HIDDEN_SYMBOLS
-
-/* External symbols need no special keyword. */
+/* Definition to make a library symbol externally visible. */
 #define CURL_EXTERN_SYMBOL

 /* Define if you have the ldap_url_parse procedure. */
@@ -542,3 +542,4 @@
 #define qadrt_use_fread_inline         /* Generate fread() wrapper inline. */
 #define qadrt_use_fwrite_inline        /* Generate fwrite() wrapper inline. */

+#endif /* HEADER_CURL_CONFIG_OS400_H */
--- a/lib/config-riscos.h
+++ b/lib/config-riscos.h
@@ -1,11 +1,13 @@
-/* curl_config.h.in.  Generated automatically from configure.in by autoheader. /***************************************************************************
+#ifndef HEADER_CURL_CONFIG_RISCOS_H
+#define HEADER_CURL_CONFIG_RISCOS_H
+/***************************************************************************
 *                                  _   _ ____  _
 *  Project                     ___| | | |  _ \| |
 *                             / __| | | | |_) | |
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -19,7 +21,11 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
- */
+
+/* ================================================================ */
+/*               Hand crafted config file for RISC OS               */
+/* ================================================================ */
+
 /* Name of this package! */
 #undef PACKAGE

@@ -32,6 +38,9 @@
 /* Define cpu-machine-OS */
 #define OS "ARM-RISC OS"

+/* Define if you want the built-in manual */
+#define USE_MANUAL
+
 /* Define if you have the gethostbyaddr_r() function with 5 arguments */
 #undef HAVE_GETHOSTBYADDR_R_5

@@ -74,8 +83,8 @@
 /* Define if you want to enable IPv6 support */
 #undef ENABLE_IPV6

-/* Define to 1 if you have the alarm function. */
-#define HAVE_ALARM 1
+/* Define if you have the alarm function. */
+#define HAVE_ALARM

 /* Define if you have the <alloca.h> header file. */
 #define HAVE_ALLOCA_H
@@ -101,6 +110,9 @@
 /* Define if you have the <fcntl.h> header file. */
 #define HAVE_FCNTL_H

+/* Define if you have the `ftruncate' function. */
+#define HAVE_FTRUNCATE
+
 /* Define if getaddrinfo exists and works */
 #define HAVE_GETADDRINFO

@@ -144,7 +156,7 @@
 #define HAVE_INTTYPES_H

 /* Define if you have the <io.h> header file. */
-#define HAVE_IO_H
+#undef HAVE_IO_H

 /* Define if you have the `krb_get_our_ip_for_realm' function. */
 #undef HAVE_KRB_GET_OUR_IP_FOR_REALM
@@ -462,8 +474,8 @@
 /* Define to the type pointed by arg 2 for recvfrom. */
 #define RECVFROM_TYPE_ARG2 void

-/* Define to 1 if the type pointed by arg 2 for recvfrom is void. */
-#define RECVFROM_TYPE_ARG2_IS_VOID 1
+/* Define if the type pointed by arg 2 for recvfrom is void. */
+#define RECVFROM_TYPE_ARG2_IS_VOID

 /* Define to the type of arg 3 for recvfrom. */
 #define RECVFROM_TYPE_ARG3 size_t
@@ -500,3 +512,5 @@

 /* Define to the function return type for send. */
 #define SEND_TYPE_RETV ssize_t
+
+#endif /* HEADER_CURL_CONFIG_RISCOS_H */
--- a/lib/config-symbian.h
+++ b/lib/config-symbian.h
@@ -1,4 +1,5 @@
-/* config-symbian.h.  Manually generated.  */
+#ifndef HEADER_CURL_CONFIG_SYMBIAN_H
+#define HEADER_CURL_CONFIG_SYMBIAN_H
 /***************************************************************************
 *                                  _   _ ____  _
 *  Project                     ___| | | |  _ \| |
@@ -6,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -21,8 +22,9 @@
 *
 ***************************************************************************/

-/* when building libcurl itself */
-/* #undef BUILDING_LIBCURL */
+/* ================================================================ */
+/*               Hand crafted config file for Symbian               */
+/* ================================================================ */

 /* Location of default ca bundle */
 /* #define CURL_CA_BUNDLE "/etc/pki/tls/certs/ca-bundle.crt"*/
@@ -63,18 +65,12 @@
 /* to disable verbose strings */
 /* #define CURL_DISABLE_VERBOSE_STRINGS 1*/

-/* to make a symbol visible */
-/*#define CURL_EXTERN_SYMBOL  __declspec(dllexport)*/
-
-/* to enable hidden symbols */
-/*#define CURL_HIDDEN_SYMBOLS 1*/
+/* Definition to make a library symbol externally visible. */
+/* #undef CURL_EXTERN_SYMBOL */

 /* Use Windows LDAP implementation */
 /* #undef CURL_LDAP_WIN */

-/* when not building a shared library */
-/* #undef CURL_STATICLIB */
-
 /* your Entropy Gathering Daemon socket pathname */
 /* #undef EGD_SOCKET */

@@ -400,9 +396,6 @@
 /* Define to 1 if you have the `pipe' function. */
 #define HAVE_PIPE 1

-/* if you have the function PK11_CreateGenericObject */
-/* #undef HAVE_PK11_CREATEGENERICOBJECT */
-
 /* Define to 1 if you have the `poll' function. */
 /*#define HAVE_POLL 1*/

@@ -646,9 +639,6 @@
 /* Define to 1 if you have the <x509.h> header file. */
 /* #undef HAVE_X509_H */

-/* Define to 1 if you are building a native Windows target. */
-/* #undef NATIVE_WINDOWS */
-
 /* Define to 1 if you need the lber.h header file even with ldap.h */
 /* #undef NEED_LBER_H */

@@ -830,3 +820,5 @@
 /* if OpenSSL is in use */
 #define USE_OPENSSL
 #endif
+
+#endif /* HEADER_CURL_CONFIG_SYMBIAN_H */
--- a/lib/config-tpf.h
+++ b/lib/config-tpf.h
@@ -1,5 +1,5 @@
-#ifndef __LIBCONFIGTPF_H
-#define __LIBCONFIGTPF_H
+#ifndef HEADER_CURL_CONFIG_TPF_H
+#define HEADER_CURL_CONFIG_TPF_H
 /***************************************************************************
 *                                  _   _ ____  _
 *  Project                     ___| | | |  _ \| |
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -23,7 +23,7 @@
 ***************************************************************************/

 /* ================================================================ */
-/*    lib/config-tpf.h - Hand crafted config file for TPF           */
+/*                 Hand crafted config file for TPF                 */
 /* ================================================================ */

 /* ---------------------------------------------------------------- */
@@ -32,9 +32,6 @@

 /* NOTE: Refer also to the .mak file for some of the flags below */

-/* when building libcurl itself */
-/* #undef BUILDING_LIBCURL */
-
 /* to disable cookies support */
 /* #undef CURL_DISABLE_COOKIES */

@@ -65,9 +62,6 @@
 /* to disable verbose strings */
 /* #undef CURL_DISABLE_VERBOSE_STRINGS */

-/* when not building a shared library */
-/* #undef CURL_STATICLIB */
-
 /* lber dynamic library file */
 /* #undef DL_LBER_FILE */

@@ -779,4 +773,4 @@
 #endif


-#endif /* __LIBCONFIGTPF_H */
+#endif /* HEADER_CURL_CONFIG_TPF_H */
--- a/lib/config-vxworks.h
+++ b/lib/config-vxworks.h
@@ -1,5 +1,5 @@
-#ifndef __LIB_CONFIG_VXWORKS_H
-#define __LIB_CONFIG_VXWORKS_H
+#ifndef HEADER_CURL_CONFIG_VXWORKS_H
+#define HEADER_CURL_CONFIG_VXWORKS_H
 /***************************************************************************
 *                                  _   _ ____  _
 *  Project                     ___| | | |  _ \| |
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -23,12 +23,9 @@
 ***************************************************************************/

 /* =============================================================== */
-/*   lib/config-vxworks.h - Hand crafted config file for VxWorks   */
+/*               Hand crafted config file for VxWorks              */
 /* =============================================================== */

-/* when building libcurl itself */
-/* #undef BUILDING_LIBCURL */
-
 /* Location of default ca bundle */
 /* #undef CURL_CA_BUNDLE */

@@ -74,18 +71,12 @@
 /* to disable verbose strings */
 /* #undef CURL_DISABLE_VERBOSE_STRINGS */

-/* to make a symbol visible */
+/* Definition to make a library symbol externally visible. */
 /* #undef CURL_EXTERN_SYMBOL */

-/* to enable hidden symbols */
-/* #undef CURL_HIDDEN_SYMBOLS */
-
 /* Use Windows LDAP implementation */
 /* #undef CURL_LDAP_WIN */

-/* when not building a shared library */
-/* #undef CURL_STATICLIB */
-
 /* your Entropy Gathering Daemon socket pathname */
 /* #undef EGD_SOCKET */

@@ -469,9 +460,6 @@
 /* Define to 1 if you have the `pipe' function. */
 #define HAVE_PIPE 1

-/* if you have the function PK11_CreateGenericObject */
-/* #undef HAVE_PK11_CREATEGENERICOBJECT */
-
 /* Define to 1 if you have a working poll function. */
 /* #undef HAVE_POLL */

@@ -745,9 +733,6 @@
 /* if you have the zlib.h header file */
 #define HAVE_ZLIB_H 1

-/* Define to 1 if you are building a native Windows target. */
-/* #undef NATIVE_WINDOWS */
-
 /* Define to 1 if you need the lber.h header file even with ldap.h */
 /* #undef NEED_LBER_H */

@@ -952,4 +937,4 @@
 /* the signed version of size_t */
 /* #undef ssize_t */

-#endif /* __LIB_CONFIG_VXWORKS_H */
+#endif /* HEADER_CURL_CONFIG_VXWORKS_H */
--- a/lib/config-win32ce.h
+++ b/lib/config-win32ce.h
@@ -1,5 +1,5 @@
-#ifndef __LIB_CONFIG_WIN32CE_H
-#define __LIB_CONFIG_WIN32CE_H
+#ifndef HEADER_CURL_CONFIG_WIN32CE_H
+#define HEADER_CURL_CONFIG_WIN32CE_H
 /***************************************************************************
 *                                  _   _ ____  _
 *  Project                     ___| | | |  _ \| |
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -79,7 +79,7 @@
 #define HAVE_STDLIB_H 1

 /* Define if you have the <process.h> header file.  */
-#define HAVE_PROCESS_H 1
+/* #define HAVE_PROCESS_H 1 */

 /* Define if you have the <sys/param.h> header file.  */
 /* #define HAVE_SYS_PARAM_H 1 */
@@ -427,6 +427,14 @@
 /*                       WinCE                                      */
 /* ---------------------------------------------------------------- */

+#ifndef UNICODE
+#  define UNICODE
+#endif
+
+#ifndef _UNICODE
+#  define _UNICODE
+#endif
+
 #define CURL_DISABLE_FILE 1
 #define CURL_DISABLE_TELNET 1
 #define CURL_DISABLE_LDAP 1
@@ -437,4 +445,4 @@

 extern int stat(const char *path,struct stat *buffer );

-#endif /* __LIB_CONFIG_WIN32CE_H */
+#endif /* HEADER_CURL_CONFIG_WIN32CE_H */
--- a/lib/connect.c
+++ b/lib/connect.c
@@ -91,6 +91,44 @@

 static bool verifyconnect(curl_socket_t sockfd, int *error);

+#ifdef __DragonFly__
+/* DragonFlyBSD uses millisecond as KEEPIDLE and KEEPINTVL units */
+#define KEEPALIVE_FACTOR(x) (x *= 1000)
+#else
+#define KEEPALIVE_FACTOR(x)
+#endif
+
+static void
+tcpkeepalive(struct SessionHandle *data,
+             curl_socket_t sockfd)
+{
+  int optval = data->set.tcp_keepalive?1:0;
+
+  /* only set IDLE and INTVL if setting KEEPALIVE is successful */
+  if(setsockopt(sockfd, SOL_SOCKET, SO_KEEPALIVE,
+        (void *)&optval, sizeof(optval)) < 0) {
+    infof(data, "Failed to set SO_KEEPALIVE on fd %d\n", sockfd);
+  }
+  else {
+#ifdef TCP_KEEPIDLE
+    optval = curlx_sltosi(data->set.tcp_keepidle);
+    KEEPALIVE_FACTOR(optval);
+    if(setsockopt(sockfd, IPPROTO_TCP, TCP_KEEPIDLE,
+          (void *)&optval, sizeof(optval)) < 0) {
+      infof(data, "Failed to set TCP_KEEPIDLE on fd %d\n", sockfd);
+    }
+#endif
+#ifdef TCP_KEEPINTVL
+    optval = curlx_sltosi(data->set.tcp_keepintvl);
+    KEEPALIVE_FACTOR(optval);
+    if(setsockopt(sockfd, IPPROTO_TCP, TCP_KEEPINTVL,
+          (void *)&optval, sizeof(optval)) < 0) {
+      infof(data, "Failed to set TCP_KEEPINTVL on fd %d\n", sockfd);
+    }
+#endif
+  }
+}
+
 static CURLcode
 singleipconnect(struct connectdata *conn,
                const Curl_addrinfo *ai, /* start connecting to this */
@@ -732,6 +770,8 @@ CURLcode Curl_is_connected(struct connectdata *conn,
  }
  next:

+  conn->timeoutms_per_addr = conn->ip_addr->ai_next == NULL ?
+                             allow : allow / 2;
  code = trynextip(conn, sockindex, connected);

  if(code) {
@@ -850,7 +890,10 @@ singleipconnect(struct connectdata *conn,

  res = Curl_socket(conn, ai, &addr, &sockfd);
  if(res)
-    return res;
+    /* Failed to create the socket, but still return OK since we signal the
+       lack of socket as well. This allows the parent function to keep looping
+       over alternative addresses/socket families etc. */
+    return CURLE_OK;

  /* store remote address and port used in this connection attempt */
  if(!getaddressinfo((struct sockaddr*)&addr.sa_addr,
@@ -874,6 +917,9 @@ singleipconnect(struct connectdata *conn,

  Curl_sndbufset(sockfd);

+  if(data->set.tcp_keepalive)
+    tcpkeepalive(data, sockfd);
+
  if(data->set.fsockopt) {
    /* activate callback for setting socket options */
    error = data->set.fsockopt(data->set.sockopt_client,
@@ -989,7 +1035,6 @@ CURLcode Curl_connecthost(struct connectdata *conn,  /* context */
 {
  struct SessionHandle *data = conn->data;
  curl_socket_t sockfd = CURL_SOCKET_BAD;
-  int aliasindex;
  Curl_addrinfo *ai;
  Curl_addrinfo *curr_addr;

@@ -1013,9 +1058,7 @@ CURLcode Curl_connecthost(struct connectdata *conn,  /* context */
    return CURLE_OPERATION_TIMEDOUT;
  }

-  /* Max time for each address */
  conn->num_addr = Curl_num_addresses(remotehost->addr);
-  conn->timeoutms_per_addr = timeout_ms / conn->num_addr;

  ai = remotehost->addr;

@@ -1026,16 +1069,18 @@ CURLcode Curl_connecthost(struct connectdata *conn,  /* context */
  /*
   * Connecting with a Curl_addrinfo chain
   */
-  for(curr_addr = ai, aliasindex=0; curr_addr;
-      curr_addr = curr_addr->ai_next, aliasindex++) {
+  for(curr_addr = ai; curr_addr; curr_addr = curr_addr->ai_next) {
+    CURLcode res;
+
+    /* Max time for the next address */
+    conn->timeoutms_per_addr = curr_addr->ai_next == NULL ?
+                               timeout_ms : timeout_ms / 2;

    /* start connecting to the IP curr_addr points to */
-    CURLcode res =
-      singleipconnect(conn, curr_addr,
-                      /* don't hang when doing multi */
-                      (data->state.used_interface == Curl_if_multi)?0:
-                      conn->timeoutms_per_addr, &sockfd, connected);
-
+    res = singleipconnect(conn, curr_addr,
+                          /* don't hang when doing multi */
+                          (data->state.used_interface == Curl_if_multi)?0:
+                          conn->timeoutms_per_addr, &sockfd, connected);
    if(res)
      return res;

@@ -1195,7 +1240,7 @@ CURLcode Curl_socket(struct connectdata *conn,

  if(*sockfd == CURL_SOCKET_BAD)
    /* no socket, no connection */
-    return CURLE_FAILED_INIT;
+    return CURLE_COULDNT_CONNECT;

 #if defined(ENABLE_IPV6) && defined(HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID)
  if(conn->scope && (addr->family == AF_INET6)) {
--- a/lib/cookie.c
+++ b/lib/cookie.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -882,7 +882,7 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c,
    for(i=0; co; co = co->next)
      array[i++] = co;

-    /* now sort the cookie pointers in path lenth order */
+    /* now sort the cookie pointers in path length order */
    qsort(array, matches, sizeof(struct Cookie *), cookie_sort);

    /* remake the linked list order according to the new order */
@@ -1069,7 +1069,7 @@ static int cookie_output(struct CookieInfo *c, const char *dumphere)
    char *format_ptr;

    fputs("# Netscape HTTP Cookie File\n"
-          "# http://curl.haxx.se/rfc/cookie_spec.html\n"
+          "# http://curl.haxx.se/docs/http-cookies.html\n"
          "# This file was generated by libcurl! Edit at your own risk.\n\n",
          out);
    co = c->cookies;
--- a/lib/curl_config.h.cmake
+++ b/lib/curl_config.h.cmake
@@ -1,4 +1,4 @@
-/* lib/curl_config.h.in.  Generated from configure.ac by autoheader.  */
+/* lib/curl_config.h.in.  Generated somehow by cmake.  */

 /* when building libcurl itself */
 #cmakedefine BUILDING_LIBCURL ${BUILDING_LIBCURL}
@@ -52,9 +52,6 @@
 #define CURL_EXTERN_SYMBOL
 #endif

-/* to enable hidden symbols */
-#cmakedefine CURL_HIDDEN_SYMBOLS ${CURL_HIDDEN_SYMBOLS}
-
 /* Use Windows LDAP implementation */
 #cmakedefine CURL_LDAP_WIN ${CURL_LDAP_WIN}

@@ -444,9 +441,6 @@
 /* Define to 1 if you have the `pipe' function. */
 #cmakedefine HAVE_PIPE ${HAVE_PIPE}

-/* if you have the function PK11_CreateGenericObject */
-#cmakedefine HAVE_PK11_CREATEGENERICOBJECT ${HAVE_PK11_CREATEGENERICOBJECT}
-
 /* Define to 1 if you have a working poll function. */
 #cmakedefine HAVE_POLL ${HAVE_POLL}

@@ -724,9 +718,6 @@
   */
 #cmakedefine LT_OBJDIR ${LT_OBJDIR}

-/* Define to 1 if you are building a native Windows target. */
-#cmakedefine NATIVE_WINDOWS ${NATIVE_WINDOWS}
-
 /* If you lack a fine basename() prototype */
 #cmakedefine NEED_BASENAME_PROTO ${NEED_BASENAME_PROTO}

--- a/lib/curl_darwinssl.c
+++ b/lib/curl_darwinssl.c
@@ -0,0 +1,920 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2012, Nick Zitzmann, <nickzman@gmail.com>.
+ * Copyright (C) 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+/*
+ * Source file for all iOS and Mac OS X SecureTransport-specific code for the
+ * TLS/SSL layer. No code but sslgen.c should ever call or use these functions.
+ */
+
+#include "setup.h"
+
+#ifdef USE_DARWINSSL
+
+#ifdef HAVE_LIMITS_H
+#include <limits.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+
+#include <Security/Security.h>
+#include <Security/SecureTransport.h>
+#include <CoreFoundation/CoreFoundation.h>
+#include <CommonCrypto/CommonDigest.h>
+
+#include "urldata.h"
+#include "sendf.h"
+#include "inet_pton.h"
+#include "connect.h"
+#include "select.h"
+#include "sslgen.h"
+#include "curl_darwinssl.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+#include "curl_memory.h"
+/* The last #include file should be: */
+#include "memdebug.h"
+
+/* From MacTypes.h (which we can't include because it isn't present in iOS: */
+#define ioErr -36
+
+/* The following two functions were ripped from Apple sample code,
+ * with some modifications: */
+static OSStatus SocketRead(SSLConnectionRef connection,
+                           void *data,          /* owned by
+                                                 * caller, data
+                                                 * RETURNED */
+                           size_t *dataLength)  /* IN/OUT */
+{
+  UInt32 bytesToGo = *dataLength;
+  UInt32 initLen = bytesToGo;
+  UInt8 *currData = (UInt8 *)data;
+  /*int sock = *(int *)connection;*/
+  struct ssl_connect_data *connssl = (struct ssl_connect_data *)connection;
+  int sock = connssl->ssl_sockfd;
+  OSStatus rtn = noErr;
+  UInt32 bytesRead;
+  int rrtn;
+  int theErr;
+
+  *dataLength = 0;
+
+  for(;;) {
+    bytesRead = 0;
+    rrtn = read(sock, currData, bytesToGo);
+    if(rrtn <= 0) {
+      /* this is guesswork... */
+      theErr = errno;
+      if((rrtn == 0) && (theErr == 0)) {
+        /* try fix for iSync */
+        rtn = errSSLClosedGraceful;
+      }
+      else /* do the switch */
+        switch(theErr) {
+          case ENOENT:
+            /* connection closed */
+            rtn = errSSLClosedGraceful;
+            break;
+          case ECONNRESET:
+            rtn = errSSLClosedAbort;
+            break;
+          case EAGAIN:
+            rtn = errSSLWouldBlock;
+            connssl->ssl_direction = false;
+            break;
+          default:
+            rtn = ioErr;
+            break;
+        }
+      break;
+    }
+    else {
+      bytesRead = rrtn;
+    }
+    bytesToGo -= bytesRead;
+    currData  += bytesRead;
+
+    if(bytesToGo == 0) {
+      /* filled buffer with incoming data, done */
+      break;
+    }
+  }
+  *dataLength = initLen - bytesToGo;
+
+  return rtn;
+}
+
+static OSStatus SocketWrite(SSLConnectionRef connection,
+                            const void *data,
+                            size_t *dataLength)  /* IN/OUT */
+{
+  UInt32 bytesSent = 0;
+  /*int sock = *(int *)connection;*/
+  struct ssl_connect_data *connssl = (struct ssl_connect_data *)connection;
+  int sock = connssl->ssl_sockfd;
+  int length;
+  UInt32 dataLen = *dataLength;
+  const UInt8 *dataPtr = (UInt8 *)data;
+  OSStatus ortn;
+  int theErr;
+
+  *dataLength = 0;
+
+  do {
+    length = write(sock,
+                   (char*)dataPtr + bytesSent,
+                   dataLen - bytesSent);
+  } while((length > 0) &&
+           ( (bytesSent += length) < dataLen) );
+
+  if(length <= 0) {
+    theErr = errno;
+    if(theErr == EAGAIN) {
+      ortn = errSSLWouldBlock;
+      connssl->ssl_direction = true;
+    }
+    else {
+      ortn = ioErr;
+    }
+  }
+  else {
+    ortn = noErr;
+  }
+  *dataLength = bytesSent;
+  return ortn;
+}
+
+CF_INLINE const char *CipherNameForNumber(SSLCipherSuite cipher) {
+  switch (cipher) {
+    case SSL_RSA_WITH_NULL_MD5:
+      return "SSL_RSA_WITH_NULL_MD5";
+      break;
+    case SSL_RSA_WITH_NULL_SHA:
+      return "SSL_RSA_WITH_NULL_SHA";
+      break;
+    case SSL_RSA_EXPORT_WITH_RC4_40_MD5:
+      return "SSL_RSA_EXPORT_WITH_RC4_40_MD5";
+      break;
+    case SSL_RSA_WITH_RC4_128_MD5:
+      return "SSL_RSA_WITH_RC4_128_MD5";
+      break;
+    case SSL_RSA_WITH_RC4_128_SHA:
+      return "SSL_RSA_WITH_RC4_128_SHA";
+      break;
+    case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
+      return "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5";
+      break;
+    case SSL_RSA_WITH_IDEA_CBC_SHA:
+      return "SSL_RSA_WITH_IDEA_CBC_SHA";
+      break;
+    case SSL_RSA_EXPORT_WITH_DES40_CBC_SHA:
+      return "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA";
+      break;
+    case SSL_RSA_WITH_DES_CBC_SHA:
+      return "SSL_RSA_WITH_DES_CBC_SHA";
+      break;
+    case SSL_RSA_WITH_3DES_EDE_CBC_SHA:
+      return "SSL_RSA_WITH_3DES_EDE_CBC_SHA";
+      break;
+    case SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA:
+      return "SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA";
+      break;
+    case SSL_DH_DSS_WITH_DES_CBC_SHA:
+      return "SSL_DH_DSS_WITH_DES_CBC_SHA";
+      break;
+    case SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA:
+      return "SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA";
+      break;
+    case SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA:
+      return "SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA";
+      break;
+    case SSL_DH_RSA_WITH_DES_CBC_SHA:
+      return "SSL_DH_RSA_WITH_DES_CBC_SHA";
+      break;
+    case SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA:
+      return "SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA";
+      break;
+    case SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA:
+      return "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA";
+      break;
+    case SSL_DHE_DSS_WITH_DES_CBC_SHA:
+      return "SSL_DHE_DSS_WITH_DES_CBC_SHA";
+      break;
+    case SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA:
+      return "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA";
+      break;
+    case SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA:
+      return "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA";
+      break;
+    case SSL_DHE_RSA_WITH_DES_CBC_SHA:
+      return "SSL_DHE_RSA_WITH_DES_CBC_SHA";
+      break;
+    case SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
+      return "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA";
+      break;
+    case SSL_DH_anon_EXPORT_WITH_RC4_40_MD5:
+      return "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5";
+      break;
+    case SSL_DH_anon_WITH_RC4_128_MD5:
+      return "SSL_DH_anon_WITH_RC4_128_MD5";
+      break;
+    case SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA:
+      return "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA";
+      break;
+    case SSL_DH_anon_WITH_DES_CBC_SHA:
+      return "SSL_DH_anon_WITH_DES_CBC_SHA";
+      break;
+    case SSL_DH_anon_WITH_3DES_EDE_CBC_SHA:
+      return "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA";
+      break;
+    case SSL_FORTEZZA_DMS_WITH_NULL_SHA:
+      return "SSL_FORTEZZA_DMS_WITH_NULL_SHA";
+      break;
+    case SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA:
+      return "SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA";
+      break;
+    case TLS_RSA_WITH_AES_128_CBC_SHA:
+      return "TLS_RSA_WITH_AES_128_CBC_SHA";
+      break;
+    case TLS_DH_DSS_WITH_AES_128_CBC_SHA:
+      return "TLS_DH_DSS_WITH_AES_128_CBC_SHA";
+      break;
+    case TLS_DH_RSA_WITH_AES_128_CBC_SHA:
+      return "TLS_DH_RSA_WITH_AES_128_CBC_SHA";
+      break;
+    case TLS_DHE_DSS_WITH_AES_128_CBC_SHA:
+      return "TLS_DHE_DSS_WITH_AES_128_CBC_SHA";
+      break;
+    case TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
+      return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA";
+      break;
+    case TLS_DH_anon_WITH_AES_128_CBC_SHA:
+      return "TLS_DH_anon_WITH_AES_128_CBC_SHA";
+      break;
+    case TLS_RSA_WITH_AES_256_CBC_SHA:
+      return "TLS_RSA_WITH_AES_256_CBC_SHA";
+      break;
+    case TLS_DH_DSS_WITH_AES_256_CBC_SHA:
+      return "TLS_DH_DSS_WITH_AES_256_CBC_SHA";
+      break;
+    case TLS_DH_RSA_WITH_AES_256_CBC_SHA:
+      return "TLS_DH_RSA_WITH_AES_256_CBC_SHA";
+      break;
+    case TLS_DHE_DSS_WITH_AES_256_CBC_SHA:
+      return "TLS_DHE_DSS_WITH_AES_256_CBC_SHA";
+      break;
+    case TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
+      return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA";
+      break;
+    case TLS_DH_anon_WITH_AES_256_CBC_SHA:
+      return "TLS_DH_anon_WITH_AES_256_CBC_SHA";
+      break;
+    case TLS_ECDH_ECDSA_WITH_NULL_SHA:
+      return "TLS_ECDH_ECDSA_WITH_NULL_SHA";
+      break;
+    case TLS_ECDH_ECDSA_WITH_RC4_128_SHA:
+      return "TLS_ECDH_ECDSA_WITH_RC4_128_SHA";
+      break;
+    case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA:
+      return "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA";
+      break;
+    case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA:
+      return "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA";
+      break;
+    case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA:
+      return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA";
+      break;
+    case TLS_ECDHE_ECDSA_WITH_NULL_SHA:
+      return "TLS_ECDHE_ECDSA_WITH_NULL_SHA";
+      break;
+    case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
+      return "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA";
+      break;
+    case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
+      return "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA";
+      break;
+    case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
+      return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA";
+      break;
+    case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
+      return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA";
+      break;
+    case TLS_ECDH_RSA_WITH_NULL_SHA:
+      return "TLS_ECDH_RSA_WITH_NULL_SHA";
+      break;
+    case TLS_ECDH_RSA_WITH_RC4_128_SHA:
+      return "TLS_ECDH_RSA_WITH_RC4_128_SHA";
+      break;
+    case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA:
+      return "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA";
+      break;
+    case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA:
+      return "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA";
+      break;
+    case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA:
+      return "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA";
+      break;
+    case TLS_ECDHE_RSA_WITH_NULL_SHA:
+      return "TLS_ECDHE_RSA_WITH_NULL_SHA";
+      break;
+    case TLS_ECDHE_RSA_WITH_RC4_128_SHA:
+      return "TLS_ECDHE_RSA_WITH_RC4_128_SHA";
+      break;
+    case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
+      return "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA";
+      break;
+    case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
+      return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA";
+      break;
+    case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
+      return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA";
+      break;
+    case TLS_ECDH_anon_WITH_NULL_SHA:
+      return "TLS_ECDH_anon_WITH_NULL_SHA";
+      break;
+    case TLS_ECDH_anon_WITH_RC4_128_SHA:
+      return "TLS_ECDH_anon_WITH_RC4_128_SHA";
+      break;
+    case TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA:
+      return "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA";
+      break;
+    case TLS_ECDH_anon_WITH_AES_128_CBC_SHA:
+      return "TLS_ECDH_anon_WITH_AES_128_CBC_SHA";
+      break;
+    case TLS_ECDH_anon_WITH_AES_256_CBC_SHA:
+      return "TLS_ECDH_anon_WITH_AES_256_CBC_SHA";
+      break;
+    case SSL_RSA_WITH_RC2_CBC_MD5:
+      return "SSL_RSA_WITH_RC2_CBC_MD5";
+      break;
+    case SSL_RSA_WITH_IDEA_CBC_MD5:
+      return "SSL_RSA_WITH_IDEA_CBC_MD5";
+      break;
+    case SSL_RSA_WITH_DES_CBC_MD5:
+      return "SSL_RSA_WITH_DES_CBC_MD5";
+      break;
+    case SSL_RSA_WITH_3DES_EDE_CBC_MD5:
+      return "SSL_RSA_WITH_3DES_EDE_CBC_MD5";
+      break;
+  }
+  return "(NONE)";
+}
+
+static CURLcode darwinssl_connect_step1(struct connectdata *conn,
+                                        int sockindex)
+{
+  struct SessionHandle *data = conn->data;
+  curl_socket_t sockfd = conn->sock[sockindex];
+  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+  bool sni = true;
+#ifdef ENABLE_IPV6
+  struct in6_addr addr;
+#else
+  struct in_addr addr;
+#endif
+  /*SSLConnectionRef ssl_connection;*/
+  OSStatus err = noErr;
+
+  if(connssl->ssl_ctx)
+    (void)SSLDisposeContext(connssl->ssl_ctx);
+  err = SSLNewContext(false, &(connssl->ssl_ctx));
+  if(err != noErr) {
+    failf(data, "SSL: couldn't create a context: OSStatus %d", err);
+    return CURLE_OUT_OF_MEMORY;
+  }
+
+  /* check to see if we've been told to use an explicit SSL/TLS version */
+  (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx, kSSLProtocolAll, false);
+  switch(data->set.ssl.version) {
+    default:
+    case CURL_SSLVERSION_DEFAULT:
+      (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
+                                         kSSLProtocol3,
+                                         true);
+      (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
+                                         kTLSProtocol1,
+                                         true);
+      break;
+    case CURL_SSLVERSION_TLSv1:
+      (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
+                                         kTLSProtocol1,
+                                         true);
+      break;
+    case CURL_SSLVERSION_SSLv2:
+      (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
+                                         kSSLProtocol2,
+                                         true);
+      break;
+    case CURL_SSLVERSION_SSLv3:
+      (void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
+                                         kSSLProtocol3,
+                                         true);
+      break;
+  }
+
+  /* No need to load certificates here. SecureTransport uses the Keychain
+   * (which is also part of the Security framework) to evaluate trust. */
+
+  /* SSL always tries to verify the peer, this only says whether it should
+   * fail to connect if the verification fails, or if it should continue
+   * anyway. In the latter case the result of the verification is checked with
+   * SSL_get_verify_result() below. */
+  err = SSLSetEnableCertVerify(connssl->ssl_ctx,
+                               data->set.ssl.verifypeer?true:false);
+  if(err != noErr) {
+    failf(data, "SSL: SSLSetEnableCertVerify() failed: OSStatus %d", err);
+    return CURLE_SSL_CONNECT_ERROR;
+  }
+
+  /* If this is a domain name and not an IP address, then configure SNI: */
+  if((0 == Curl_inet_pton(AF_INET, conn->host.name, &addr)) &&
+#ifdef ENABLE_IPV6
+     (0 == Curl_inet_pton(AF_INET6, conn->host.name, &addr)) &&
+#endif
+     sni) {
+    err = SSLSetPeerDomainName(connssl->ssl_ctx, conn->host.name,
+                               strlen(conn->host.name));
+    if(err != noErr) {
+      infof(data, "WARNING: SSL: SSLSetPeerDomainName() failed: OSStatus %d",
+            err);
+    }
+  }
+
+  err = SSLSetIOFuncs(connssl->ssl_ctx, SocketRead, SocketWrite);
+  if(err != noErr) {
+    failf(data, "SSL: SSLSetIOFuncs() failed: OSStatus %d", err);
+    return CURLE_SSL_CONNECT_ERROR;
+  }
+
+  /* pass the raw socket into the SSL layers */
+  /* We need to store the FD in a constant memory address, because
+   * SSLSetConnection() will not copy that address. I've found that
+   * conn->sock[sockindex] may change on its own. */
+  connssl->ssl_sockfd = sockfd;
+  /*ssl_connection = &(connssl->ssl_sockfd);
+  err = SSLSetConnection(connssl->ssl_ctx, ssl_connection);*/
+  err = SSLSetConnection(connssl->ssl_ctx, connssl);
+  if(err != noErr) {
+    failf(data, "SSL: SSLSetConnection() failed: %d", err);
+    return CURLE_SSL_CONNECT_ERROR;
+  }
+
+  connssl->connecting_state = ssl_connect_2;
+  return CURLE_OK;
+}
+
+static CURLcode
+darwinssl_connect_step2(struct connectdata *conn, int sockindex)
+{
+  struct SessionHandle *data = conn->data;
+  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+  OSStatus err;
+  SSLCipherSuite cipher;
+
+  DEBUGASSERT(ssl_connect_2 == connssl->connecting_state
+              || ssl_connect_2_reading == connssl->connecting_state
+              || ssl_connect_2_writing == connssl->connecting_state);
+
+  /* Here goes nothing: */
+  err = SSLHandshake(connssl->ssl_ctx);
+
+  if(err != noErr) {
+    switch (err) {
+      case errSSLWouldBlock:  /* they're not done with us yet */
+        connssl->connecting_state = connssl->ssl_direction ?
+            ssl_connect_2_writing : ssl_connect_2_reading;
+        return CURLE_OK;
+        break;
+
+      case errSSLServerAuthCompleted:
+        /* the documentation says we need to call SSLHandshake() again */
+        return darwinssl_connect_step2(conn, sockindex);
+
+      case errSSLXCertChainInvalid:
+      case errSSLUnknownRootCert:
+      case errSSLNoRootCert:
+      case errSSLCertExpired:
+        failf(data, "SSL certificate problem: OSStatus %d", err);
+        return CURLE_SSL_CACERT;
+        break;
+
+      default:
+        failf(data, "Unknown SSL protocol error in connection to %s:%d",
+              conn->host.name, err);
+        return CURLE_SSL_CONNECT_ERROR;
+        break;
+    }
+  }
+  else {
+    /* we have been connected fine, we're not waiting for anything else. */
+    connssl->connecting_state = ssl_connect_3;
+
+    /* Informational message */
+    (void)SSLGetNegotiatedCipher(connssl->ssl_ctx, &cipher);
+    infof (data, "SSL connection using %s\n", CipherNameForNumber(cipher));
+
+    return CURLE_OK;
+  }
+}
+
+static CURLcode
+darwinssl_connect_step3(struct connectdata *conn,
+                        int sockindex)
+{
+  struct SessionHandle *data = conn->data;
+  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+  CFStringRef server_cert_summary;
+  char server_cert_summary_c[128];
+  CFArrayRef server_certs;
+  SecCertificateRef server_cert;
+  OSStatus err;
+  CFIndex i, count;
+
+  /* There is no step 3!
+   * Well, okay, if verbose mode is on, let's print the details of the
+   * server certificates. */
+  err = SSLCopyPeerCertificates(connssl->ssl_ctx, &server_certs);
+  if(err == noErr) {
+    count = CFArrayGetCount(server_certs);
+    for(i = 0L ; i < count ; i++) {
+      server_cert = (SecCertificateRef)CFArrayGetValueAtIndex(server_certs, i);
+
+      server_cert_summary = SecCertificateCopySubjectSummary(server_cert);
+      memset(server_cert_summary_c, 0, 128);
+      if(CFStringGetCString(server_cert_summary,
+                            server_cert_summary_c,
+                            128,
+                            kCFStringEncodingUTF8)) {
+        infof(data, "Server certificate: %s\n", server_cert_summary_c);
+      }
+      CFRelease(server_cert_summary);
+    }
+    CFRelease(server_certs);
+  }
+
+  connssl->connecting_state = ssl_connect_done;
+  return CURLE_OK;
+}
+
+static Curl_recv darwinssl_recv;
+static Curl_send darwinssl_send;
+
+static CURLcode
+darwinssl_connect_common(struct connectdata *conn,
+                         int sockindex,
+                         bool nonblocking,
+                         bool *done)
+{
+  CURLcode retcode;
+  struct SessionHandle *data = conn->data;
+  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+  curl_socket_t sockfd = conn->sock[sockindex];
+  long timeout_ms;
+  int what;
+
+  /* check if the connection has already been established */
+  if(ssl_connection_complete == connssl->state) {
+    *done = TRUE;
+    return CURLE_OK;
+  }
+
+  if(ssl_connect_1==connssl->connecting_state) {
+    /* Find out how much more time we're allowed */
+    timeout_ms = Curl_timeleft(data, NULL, TRUE);
+
+    if(timeout_ms < 0) {
+      /* no need to continue if time already is up */
+      failf(data, "SSL connection timeout");
+      return CURLE_OPERATION_TIMEDOUT;
+    }
+    retcode = darwinssl_connect_step1(conn, sockindex);
+    if(retcode)
+      return retcode;
+  }
+
+  while(ssl_connect_2 == connssl->connecting_state ||
+        ssl_connect_2_reading == connssl->connecting_state ||
+        ssl_connect_2_writing == connssl->connecting_state) {
+
+    /* check allowed time left */
+    timeout_ms = Curl_timeleft(data, NULL, TRUE);
+
+    if(timeout_ms < 0) {
+      /* no need to continue if time already is up */
+      failf(data, "SSL connection timeout");
+      return CURLE_OPERATION_TIMEDOUT;
+    }
+
+    /* if ssl is expecting something, check if it's available. */
+    if(connssl->connecting_state == ssl_connect_2_reading
+       || connssl->connecting_state == ssl_connect_2_writing) {
+
+      curl_socket_t writefd = ssl_connect_2_writing ==
+      connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
+      curl_socket_t readfd = ssl_connect_2_reading ==
+      connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
+
+      what = Curl_socket_ready(readfd, writefd, nonblocking?0:timeout_ms);
+      if(what < 0) {
+        /* fatal error */
+        failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
+        return CURLE_SSL_CONNECT_ERROR;
+      }
+      else if(0 == what) {
+        if(nonblocking) {
+          *done = FALSE;
+          return CURLE_OK;
+        }
+        else {
+          /* timeout */
+          failf(data, "SSL connection timeout");
+          return CURLE_OPERATION_TIMEDOUT;
+        }
+      }
+      /* socket is readable or writable */
+    }
+
+    /* Run transaction, and return to the caller if it failed or if this
+     * connection is done nonblocking and this loop would execute again. This
+     * permits the owner of a multi handle to abort a connection attempt
+     * before step2 has completed while ensuring that a client using select()
+     * or epoll() will always have a valid fdset to wait on.
+     */
+    retcode = darwinssl_connect_step2(conn, sockindex);
+    if(retcode || (nonblocking &&
+                   (ssl_connect_2 == connssl->connecting_state ||
+                    ssl_connect_2_reading == connssl->connecting_state ||
+                    ssl_connect_2_writing == connssl->connecting_state)))
+      return retcode;
+
+  } /* repeat step2 until all transactions are done. */
+
+
+  if(ssl_connect_3==connssl->connecting_state) {
+    retcode = darwinssl_connect_step3(conn, sockindex);
+    if(retcode)
+      return retcode;
+  }
+
+  if(ssl_connect_done==connssl->connecting_state) {
+    connssl->state = ssl_connection_complete;
+    conn->recv[sockindex] = darwinssl_recv;
+    conn->send[sockindex] = darwinssl_send;
+    *done = TRUE;
+  }
+  else
+    *done = FALSE;
+
+  /* Reset our connect state machine */
+  connssl->connecting_state = ssl_connect_1;
+
+  return CURLE_OK;
+}
+
+CURLcode
+Curl_darwinssl_connect_nonblocking(struct connectdata *conn,
+                                   int sockindex,
+                                   bool *done)
+{
+  return darwinssl_connect_common(conn, sockindex, TRUE, done);
+}
+
+CURLcode
+Curl_darwinssl_connect(struct connectdata *conn,
+                       int sockindex)
+{
+  CURLcode retcode;
+  bool done = FALSE;
+
+  retcode = darwinssl_connect_common(conn, sockindex, FALSE, &done);
+
+  if(retcode)
+    return retcode;
+
+  DEBUGASSERT(done);
+
+  return CURLE_OK;
+}
+
+void Curl_darwinssl_close(struct connectdata *conn, int sockindex)
+{
+  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+
+  (void)SSLClose(connssl->ssl_ctx);
+  (void)SSLDisposeContext(connssl->ssl_ctx);
+  connssl->ssl_ctx = NULL;
+  connssl->ssl_sockfd = 0;
+}
+
+void Curl_darwinssl_close_all(struct SessionHandle *data)
+{
+  /* SecureTransport doesn't separate sessions from contexts, so... */
+  (void)data;
+}
+
+int Curl_darwinssl_shutdown(struct connectdata *conn, int sockindex)
+{
+  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+  struct SessionHandle *data = conn->data;
+  ssize_t nread;
+  int what;
+  int rc;
+  char buf[120];
+
+  if(!connssl->ssl_ctx)
+    return 0;
+
+  if(data->set.ftp_ccc != CURLFTPSSL_CCC_ACTIVE)
+    return 0;
+
+  Curl_darwinssl_close(conn, sockindex);
+
+  rc = 0;
+
+  what = Curl_socket_ready(conn->sock[sockindex],
+                           CURL_SOCKET_BAD, SSL_SHUTDOWN_TIMEOUT);
+
+  for(;;) {
+    if(what < 0) {
+      /* anything that gets here is fatally bad */
+      failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
+      rc = -1;
+      break;
+    }
+
+    if(!what) {                                /* timeout */
+      failf(data, "SSL shutdown timeout");
+      break;
+    }
+
+    /* Something to read, let's do it and hope that it is the close
+     notify alert from the server. No way to SSL_Read now, so use read(). */
+
+    nread = read(conn->sock[sockindex], buf, sizeof(buf));
+
+    if(nread < 0) {
+      failf(data, "read: %s", strerror(errno));
+      rc = -1;
+    }
+
+    if(nread <= 0)
+      break;
+
+    what = Curl_socket_ready(conn->sock[sockindex], CURL_SOCKET_BAD, 0);
+  }
+
+  return rc;
+}
+
+size_t Curl_darwinssl_version(char *buffer, size_t size)
+{
+  return snprintf(buffer, size, "SecureTransport");
+}
+
+/*
+ * This function uses SSLGetSessionState to determine connection status.
+ *
+ * Return codes:
+ *     1 means the connection is still in place
+ *     0 means the connection has been closed
+ *    -1 means the connection status is unknown
+ */
+int Curl_darwinssl_check_cxn(struct connectdata *conn)
+{
+  struct ssl_connect_data *connssl = &conn->ssl[FIRSTSOCKET];
+  OSStatus err;
+  SSLSessionState state;
+
+  if(connssl->ssl_ctx) {
+    err = SSLGetSessionState(connssl->ssl_ctx, &state);
+    if(err == noErr)
+      return state == kSSLConnected || state == kSSLHandshake;
+    return -1;
+  }
+  return 0;
+}
+
+bool Curl_darwinssl_data_pending(const struct connectdata *conn,
+                                 int connindex)
+{
+  const struct ssl_connect_data *connssl = &conn->ssl[connindex];
+  OSStatus err;
+  size_t buffer;
+
+  if(connssl->ssl_ctx) {  /* SSL is in use */
+    err = SSLGetBufferedReadSize(connssl->ssl_ctx, &buffer);
+    if(err == noErr)
+      return buffer > 0UL;
+    return false;
+  }
+  else
+    return false;
+}
+
+void Curl_darwinssl_random(struct SessionHandle *data,
+                           unsigned char *entropy,
+                           size_t length)
+{
+  /* arc4random_buf() isn't available on cats older than Lion, so let's
+     do this manually for the benefit of the older cats. */
+  size_t i;
+  u_int32_t random = 0;
+
+  for(i = 0 ; i < length ; i++) {
+    if(i % sizeof(u_int32_t) == 0)
+      random = arc4random();
+    entropy[i] = random & 0xFF;
+    random >>= 8;
+  }
+  i = random = 0;
+  (void)data;
+}
+
+void Curl_darwinssl_md5sum(unsigned char *tmp, /* input */
+                           size_t tmplen,
+                           unsigned char *md5sum, /* output */
+                           size_t md5len)
+{
+  (void)md5len;
+  (void)CC_MD5(tmp, tmplen, md5sum);
+}
+
+static ssize_t darwinssl_send(struct connectdata *conn,
+                              int sockindex,
+                              const void *mem,
+                              size_t len,
+                              CURLcode *curlcode)
+{
+  /*struct SessionHandle *data = conn->data;*/
+  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+  size_t processed;
+  OSStatus err = SSLWrite(connssl->ssl_ctx, mem, len, &processed);
+
+  if(err != noErr) {
+    switch (err) {
+      case errSSLWouldBlock:  /* we're not done yet; keep sending */
+        *curlcode = CURLE_AGAIN;
+        return -1;
+        break;
+
+      default:
+        failf(conn->data, "SSLWrite() return error %d", err);
+        *curlcode = CURLE_SEND_ERROR;
+        return -1;
+        break;
+    }
+  }
+  return (ssize_t)processed;
+}
+
+static ssize_t darwinssl_recv(struct connectdata *conn,
+                              int num,
+                              char *buf,
+                              size_t buffersize,
+                              CURLcode *curlcode)
+{
+  /*struct SessionHandle *data = conn->data;*/
+  struct ssl_connect_data *connssl = &conn->ssl[num];
+  size_t processed;
+  OSStatus err = SSLRead(connssl->ssl_ctx, buf, buffersize, &processed);
+
+  if(err != noErr) {
+    switch (err) {
+      case errSSLWouldBlock:  /* we're not done yet; keep reading */
+        *curlcode = CURLE_AGAIN;
+        return -1;
+        break;
+
+      default:
+        failf(conn->data, "SSLRead() return error %d", err);
+        *curlcode = CURLE_RECV_ERROR;
+        return -1;
+        break;
+    }
+  }
+  return (ssize_t)processed;
+}
+
+#endif /* USE_DARWINSSL */
--- a/lib/curl_darwinssl.h
+++ b/lib/curl_darwinssl.h
@@ -0,0 +1,73 @@
+#ifndef HEADER_CURL_DARWINSSL_H
+#define HEADER_CURL_DARWINSSL_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2012, Nick Zitzmann, <nickzman@gmail.com>.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include "setup.h"
+
+#ifdef USE_DARWINSSL
+
+CURLcode Curl_darwinssl_connect(struct connectdata *conn, int sockindex);
+
+CURLcode Curl_darwinssl_connect_nonblocking(struct connectdata *conn,
+                                            int sockindex,
+                                            bool *done);
+
+/* this function doesn't actually do anything */
+void Curl_darwinssl_close_all(struct SessionHandle *data);
+
+/* close a SSL connection */
+void Curl_darwinssl_close(struct connectdata *conn, int sockindex);
+
+size_t Curl_darwinssl_version(char *buffer, size_t size);
+int Curl_darwinssl_shutdown(struct connectdata *conn, int sockindex);
+int Curl_darwinssl_check_cxn(struct connectdata *conn);
+bool Curl_darwinssl_data_pending(const struct connectdata *conn,
+                                 int connindex);
+
+void Curl_darwinssl_random(struct SessionHandle *data,
+                           unsigned char *entropy,
+                           size_t length);
+void Curl_darwinssl_md5sum(unsigned char *tmp, /* input */
+                           size_t tmplen,
+                           unsigned char *md5sum, /* output */
+                           size_t md5len);
+
+/* API setup for SecureTransport */
+#define curlssl_init() (1)
+#define curlssl_cleanup() Curl_nop_stmt
+#define curlssl_connect Curl_darwinssl_connect
+#define curlssl_connect_nonblocking Curl_darwinssl_connect_nonblocking
+#define curlssl_session_free(x) Curl_nop_stmt
+#define curlssl_close_all Curl_darwinssl_close_all
+#define curlssl_close Curl_darwinssl_close
+#define curlssl_shutdown(x,y) 0
+#define curlssl_set_engine(x,y) (x=x, y=y, CURLE_NOT_BUILT_IN)
+#define curlssl_set_engine_default(x) (x=x, CURLE_NOT_BUILT_IN)
+#define curlssl_engines_list(x) (x=x, (struct curl_slist *)NULL)
+#define curlssl_version Curl_darwinssl_version
+#define curlssl_check_cxn Curl_darwinssl_check_cxn
+#define curlssl_data_pending(x,y) Curl_darwinssl_data_pending(x, y)
+#define curlssl_random(x,y,z) Curl_darwinssl_random(x,y,z)
+#define curlssl_md5sum(a,b,c,d) Curl_darwinssl_md5sum(a,b,c,d)
+
+#endif /* USE_DARWINSSL */
+#endif /* HEADER_CURL_DARWINSSL_H */
--- a/lib/curl_md5.h
+++ b/lib/curl_md5.h
@@ -25,10 +25,39 @@
 #ifndef CURL_DISABLE_CRYPTO_AUTH
 #include "curl_hmac.h"

+#define MD5_DIGEST_LEN  16
+
+typedef void (* Curl_MD5_init_func)(void *context);
+typedef void (* Curl_MD5_update_func)(void *context,
+                                      const unsigned char *data,
+                                      unsigned int len);
+typedef void (* Curl_MD5_final_func)(unsigned char *result, void *context);
+
+typedef struct {
+  Curl_MD5_init_func     md5_init_func;   /* Initialize context procedure */
+  Curl_MD5_update_func   md5_update_func; /* Update context with data */
+  Curl_MD5_final_func    md5_final_func;  /* Get final result procedure */
+  unsigned int           md5_ctxtsize;  /* Context structure size */
+  unsigned int           md5_resultlen; /* Result length (bytes) */
+} MD5_params;
+
+typedef struct {
+  const MD5_params      *md5_hash;      /* Hash function definition */
+  void                  *md5_hashctx;   /* Hash function context */
+} MD5_context;
+
+extern const MD5_params Curl_DIGEST_MD5[1];
 extern const HMAC_params Curl_HMAC_MD5[1];

 void Curl_md5it(unsigned char *output,
                const unsigned char *input);
+
+MD5_context * Curl_MD5_init(const MD5_params *md5params);
+int Curl_MD5_update(MD5_context *context,
+                    const unsigned char *data,
+                    unsigned int len);
+int Curl_MD5_final(MD5_context *context, unsigned char *result);
+
 #endif

 #endif /* HEADER_CURL_MD5_H */
--- a/lib/curl_multibyte.c
+++ b/lib/curl_multibyte.c
@@ -0,0 +1,82 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "setup.h"
+
+#if defined(USE_WIN32_IDN) || (defined(USE_WINDOWS_SSPI) && defined(UNICODE))
+
+ /*
+  * MultiByte conversions using Windows kernel32 library.
+  */
+
+#include "curl_multibyte.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+#include "curl_memory.h"
+/* The last #include file should be: */
+#include "memdebug.h"
+
+wchar_t *Curl_convert_UTF8_to_wchar(const char *str_utf8)
+{
+  wchar_t *str_w = NULL;
+
+  if(str_utf8) {
+    int str_w_len = MultiByteToWideChar(CP_UTF8, MB_ERR_INVALID_CHARS,
+                                        str_utf8, -1, NULL, 0);
+    if(str_w_len > 0) {
+      str_w = malloc(str_w_len * sizeof(wchar_t));
+      if(str_w) {
+        if(MultiByteToWideChar(CP_UTF8, 0, str_utf8, -1, str_w,
+                               str_w_len) == 0) {
+          Curl_safefree(str_w);
+        }
+      }
+    }
+  }
+
+  return str_w;
+}
+
+char *Curl_convert_wchar_to_UTF8(const wchar_t *str_w)
+{
+  char *str_utf8 = NULL;
+
+  if(str_w) {
+    int str_utf8_len = WideCharToMultiByte(CP_UTF8, 0, str_w, -1, NULL,
+                                           0, NULL, NULL);
+    if(str_utf8_len > 0) {
+      str_utf8 = malloc(str_utf8_len * sizeof(wchar_t));
+      if(str_utf8) {
+        if(WideCharToMultiByte(CP_UTF8, 0, str_w, -1, str_utf8, str_utf8_len,
+                               NULL, FALSE) == 0) {
+          Curl_safefree(str_utf8);
+        }
+      }
+    }
+  }
+
+  return str_utf8;
+}
+
+#endif /* USE_WIN32_IDN || (USE_WINDOWS_SSPI && UNICODE) */
--- a/lib/curl_multibyte.h
+++ b/lib/curl_multibyte.h
@@ -0,0 +1,90 @@
+#ifndef HEADER_CURL_MULTIBYTE_H
+#define HEADER_CURL_MULTIBYTE_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include "setup.h"
+
+#if defined(USE_WIN32_IDN) || (defined(USE_WINDOWS_SSPI) && defined(UNICODE))
+
+ /*
+  * MultiByte conversions using Windows kernel32 library.
+  */
+
+wchar_t *Curl_convert_UTF8_to_wchar(const char *str_utf8);
+char *Curl_convert_wchar_to_UTF8(const wchar_t *str_w);
+
+#endif /* USE_WIN32_IDN || (USE_WINDOWS_SSPI && UNICODE) */
+
+
+#if defined(USE_WIN32_IDN) || defined(USE_WINDOWS_SSPI)
+
+/*
+ * Macros Curl_convert_UTF8_to_tchar(), Curl_convert_tchar_to_UTF8()
+ * and Curl_unicodefree() main purpose is to minimize the number of
+ * preprocessor conditional directives needed by code using these
+ * to differentiate UNICODE from non-UNICODE builds.
+ *
+ * When building with UNICODE defined, this two macros
+ * Curl_convert_UTF8_to_tchar() and Curl_convert_tchar_to_UTF8()
+ * return a pointer to a newly allocated memory area holding result.
+ * When the result is no longer needed, allocated memory is intended
+ * to be free'ed with Curl_unicodefree().
+ *
+ * When building without UNICODE defined, this macros
+ * Curl_convert_UTF8_to_tchar() and Curl_convert_tchar_to_UTF8()
+ * return the pointer received as argument. Curl_unicodefree() does
+ * no actual free'ing of this pointer it is simply set to NULL.
+ */
+
+#ifdef UNICODE
+
+#define Curl_convert_UTF8_to_tchar(ptr) Curl_convert_UTF8_to_wchar((ptr))
+#define Curl_convert_tchar_to_UTF8(ptr) Curl_convert_wchar_to_UTF8((ptr))
+#define Curl_unicodefree(ptr) \
+  do {if((ptr)) {free((ptr)); (ptr) = NULL;}} WHILE_FALSE
+
+typedef union {
+  unsigned short       *tchar_ptr;
+  const unsigned short *const_tchar_ptr;
+  unsigned short       *tbyte_ptr;
+  const unsigned short *const_tbyte_ptr;
+} xcharp_u;
+
+#else
+
+#define Curl_convert_UTF8_to_tchar(ptr) (ptr)
+#define Curl_convert_tchar_to_UTF8(ptr) (ptr)
+#define Curl_unicodefree(ptr) \
+  do {(ptr) = NULL;} WHILE_FALSE
+
+typedef union {
+  char                *tchar_ptr;
+  const char          *const_tchar_ptr;
+  unsigned char       *tbyte_ptr;
+  const unsigned char *const_tbyte_ptr;
+} xcharp_u;
+
+#endif /* UNICODE */
+
+#endif /* USE_WIN32_IDN || USE_WINDOWS_SSPI */
+
+#endif /* HEADER_CURL_MULTIBYTE_H */
--- a/lib/curl_ntlm_core.c
+++ b/lib/curl_ntlm_core.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -82,6 +82,11 @@
 #  include "curl_md4.h"
 #  define MD5_DIGEST_LENGTH MD5_LENGTH

+#elif defined(USE_DARWINSSL)
+
+#  include <CommonCrypto/CommonCryptor.h>
+#  include <CommonCrypto/CommonDigest.h>
+
 #else
 #  error "Can't compile NTLM support without a crypto library."
 #endif
@@ -145,7 +150,7 @@ static void setup_des_key(const unsigned char *key_56,
 {
  char key[8];
  extend_key_56_to_64(key_56, key);
-  des_set_key(des, key);
+  des_set_key(des, (const uint8_t*)key);
 }

 #elif defined(USE_GNUTLS)
@@ -221,7 +226,23 @@ fail:
  return rv;
 }

-#endif /* defined(USE_NSS) */
+#elif defined(USE_DARWINSSL)
+
+static bool encrypt_des(const unsigned char *in, unsigned char *out,
+                        const unsigned char *key_56)
+{
+  char key[8];
+  size_t out_len;
+  CCCryptorStatus err;
+
+  extend_key_56_to_64(key_56, key);
+  err = CCCrypt(kCCEncrypt, kCCAlgorithmDES, kCCOptionECBMode, key,
+                kCCKeySizeDES, NULL, in, 8 /* inbuflen */, out,
+                8 /* outbuflen */, &out_len);
+  return err == kCCSuccess;
+}
+
+#endif /* defined(USE_DARWINSSL) */

 #endif /* defined(USE_SSLEAY) */

@@ -273,7 +294,7 @@ void Curl_ntlm_core_lm_resp(const unsigned char *keys,
  setup_des_key(keys + 14, &des);
  gcry_cipher_encrypt(des, results + 16, 8, plaintext, 8);
  gcry_cipher_close(des);
-#elif defined(USE_NSS)
+#elif defined(USE_NSS) || defined(USE_DARWINSSL)
  encrypt_des(plaintext, results, keys);
  encrypt_des(plaintext, results + 8, keys + 7);
  encrypt_des(plaintext, results + 16, keys + 14);
@@ -336,7 +357,7 @@ void Curl_ntlm_core_mk_lm_hash(struct SessionHandle *data,
    setup_des_key(pw + 7, &des);
    gcry_cipher_encrypt(des, lmbuffer + 8, 8, magic, 8);
    gcry_cipher_close(des);
-#elif defined(USE_NSS)
+#elif defined(USE_NSS) || defined(USE_DARWINSSL)
    encrypt_des(magic, lmbuffer, pw);
    encrypt_des(magic, lmbuffer + 8, pw + 7);
 #endif
@@ -389,7 +410,7 @@ CURLcode Curl_ntlm_core_mk_nt_hash(struct SessionHandle *data,
 #elif defined(USE_GNUTLS_NETTLE)
    struct md4_ctx MD4pw;
    md4_init(&MD4pw);
-    md4_update(&MD4pw, 2 * len, pw);
+    md4_update(&MD4pw, (unsigned int)(2 * len), pw);
    md4_digest(&MD4pw, MD4_DIGEST_SIZE, ntbuffer);
 #elif defined(USE_GNUTLS)
    gcry_md_hd_t MD4pw;
@@ -399,6 +420,8 @@ CURLcode Curl_ntlm_core_mk_nt_hash(struct SessionHandle *data,
    gcry_md_close(MD4pw);
 #elif defined(USE_NSS)
    Curl_md4it(ntbuffer, pw, 2 * len);
+#elif defined(USE_DARWINSSL)
+    (void)CC_MD4(pw, 2 * len, ntbuffer);
 #endif

    memset(ntbuffer + 16, 0, 21 - 16);
--- a/lib/curl_ntlm_msgs.c
+++ b/lib/curl_ntlm_msgs.c
@@ -33,64 +33,22 @@

 #define DEBUG_ME 0

-#ifdef USE_SSLEAY
-
-#  ifdef USE_OPENSSL
-#    include <openssl/des.h>
-#    ifndef OPENSSL_NO_MD4
-#      include <openssl/md4.h>
-#    endif
-#    include <openssl/md5.h>
-#    include <openssl/ssl.h>
-#    include <openssl/rand.h>
-#  else
-#    include <des.h>
-#    ifndef OPENSSL_NO_MD4
-#      include <md4.h>
-#    endif
-#    include <md5.h>
-#    include <ssl.h>
-#    include <rand.h>
-#  endif
-#  include "ssluse.h"
-
-#elif defined(USE_GNUTLS_NETTLE)
-
-#  include <nettle/md5.h>
-#  include <gnutls/gnutls.h>
-#  include <gnutls/crypto.h>
-#  define MD5_DIGEST_LENGTH 16
-
-#elif defined(USE_GNUTLS)
-
-#  include <gcrypt.h>
-#  include "gtls.h"
-#  define MD5_DIGEST_LENGTH 16
-#  define MD4_DIGEST_LENGTH 16
-
-#elif defined(USE_NSS)
-
-#  include <nss.h>
-#  include <pk11pub.h>
-#  include <hasht.h>
-#  include "nssg.h"
-#  include "curl_md4.h"
-#  define MD5_DIGEST_LENGTH MD5_LENGTH
-
-#elif defined(USE_WINDOWS_SSPI)
-#  include "curl_sspi.h"
-#else
-#  error "Can't compile NTLM support without a crypto library."
-#endif
-
 #include "urldata.h"
 #include "non-ascii.h"
 #include "sendf.h"
 #include "curl_base64.h"
 #include "curl_ntlm_core.h"
 #include "curl_gethostname.h"
+#include "curl_multibyte.h"
+#include "warnless.h"
 #include "curl_memory.h"

+#ifdef USE_WINDOWS_SSPI
+#  include "curl_sspi.h"
+#endif
+
+#include "sslgen.h"
+
 #define BUILDING_CURL_NTLM_MSGS_C
 #include "curl_ntlm_msgs.h"

@@ -281,7 +239,7 @@ CURLcode Curl_ntlm_decode_type2_message(struct SessionHandle *data,
    free(buffer);
    return CURLE_OUT_OF_MEMORY;
  }
-  ntlm->n_type_2 = (unsigned long)size;
+  ntlm->n_type_2 = curlx_uztoul(size);
  memcpy(ntlm->type_2, buffer, size);
 #else
  ntlm->flags = 0;
@@ -315,19 +273,16 @@ CURLcode Curl_ntlm_decode_type2_message(struct SessionHandle *data,
 #ifdef USE_WINDOWS_SSPI
 void Curl_ntlm_sspi_cleanup(struct ntlmdata *ntlm)
 {
-  if(ntlm->type_2) {
-    free(ntlm->type_2);
-    ntlm->type_2 = NULL;
-  }
+  Curl_safefree(ntlm->type_2);
  if(ntlm->has_handles) {
    s_pSecFn->DeleteSecurityContext(&ntlm->c_handle);
    s_pSecFn->FreeCredentialsHandle(&ntlm->handle);
    ntlm->has_handles = 0;
  }
  if(ntlm->p_identity) {
-    if(ntlm->identity.User) free(ntlm->identity.User);
-    if(ntlm->identity.Password) free(ntlm->identity.Password);
-    if(ntlm->identity.Domain) free(ntlm->identity.Domain);
+    Curl_safefree(ntlm->identity.User);
+    Curl_safefree(ntlm->identity.Password);
+    Curl_safefree(ntlm->identity.Domain);
    ntlm->p_identity = NULL;
  }
 }
@@ -359,7 +314,7 @@ static void unicodecpy(unsigned char *dest,
 * userp   [in]     - The user name in the format User or Domain\User.
 * passdwp [in]     - The user's password.
 * ntlm    [in/out] - The ntlm data struct being used and modified.
- * outptr  [in/out] - The adress where a pointer to newly allocated memory
+ * outptr  [in/out] - The address where a pointer to newly allocated memory
 *                    holding the result will be stored upon completion.
 * outlen  [out]    - The length of the output message.
 *
@@ -393,67 +348,94 @@ CURLcode Curl_ntlm_create_type1_message(const char *userp,
  SecBuffer buf;
  SecBufferDesc desc;
  SECURITY_STATUS status;
-  ULONG attrs;
-  const char *dest = "";
-  const char *user;
-  const char *domain = "";
-  size_t userlen = 0;
+  unsigned long attrs;
+  xcharp_u useranddomain;
+  xcharp_u user, dup_user;
+  xcharp_u domain, dup_domain;
+  xcharp_u passwd, dup_passwd;
  size_t domlen = 0;
-  size_t passwdlen = 0;
  TimeStamp tsDummy; /* For Windows 9x compatibility of SSPI calls */

+  domain.const_tchar_ptr = TEXT("");
+
  Curl_ntlm_sspi_cleanup(ntlm);

-  user = strchr(userp, '\\');
-  if(!user)
-    user = strchr(userp, '/');
+  if(userp && *userp) {

-  if(user) {
-    domain = userp;
-    domlen = user - userp;
-    user++;
-  }
-  else {
-    user = userp;
-    domain = "";
-    domlen = 0;
-  }
-
-  if(user)
-    userlen = strlen(user);
-
-  if(passwdp)
-    passwdlen = strlen(passwdp);
-
-  if(userlen > 0) {
-    /* note: initialize all of this before doing the mallocs so that
-     * it can be cleaned up later without leaking memory.
-     */
+    /* null initialize ntlm identity's data to allow proper cleanup */
    ntlm->p_identity = &ntlm->identity;
    memset(ntlm->p_identity, 0, sizeof(*ntlm->p_identity));
-    if((ntlm->identity.User = (unsigned char *)strdup(user)) == NULL)
+
+    useranddomain.tchar_ptr = Curl_convert_UTF8_to_tchar((char *)userp);
+    if(!useranddomain.tchar_ptr)
      return CURLE_OUT_OF_MEMORY;

-    ntlm->identity.UserLength = (unsigned long)userlen;
-    if((ntlm->identity.Password = (unsigned char *)strdup(passwdp)) == NULL)
-      return CURLE_OUT_OF_MEMORY;
+    user.const_tchar_ptr = _tcschr(useranddomain.const_tchar_ptr, TEXT('\\'));
+    if(!user.const_tchar_ptr)
+      user.const_tchar_ptr = _tcschr(useranddomain.const_tchar_ptr, TEXT('/'));

-    ntlm->identity.PasswordLength = (unsigned long)strlen(passwdp);
-    if((ntlm->identity.Domain = malloc(domlen + 1)) == NULL)
-      return CURLE_OUT_OF_MEMORY;
+    if(user.tchar_ptr) {
+      domain.tchar_ptr = useranddomain.tchar_ptr;
+      domlen = user.tchar_ptr - useranddomain.tchar_ptr;
+      user.tchar_ptr++;
+    }
+    else {
+      user.tchar_ptr = useranddomain.tchar_ptr;
+      domain.const_tchar_ptr = TEXT("");
+      domlen = 0;
+    }

-    strncpy((char *)ntlm->identity.Domain, domain, domlen);
-    ntlm->identity.Domain[domlen] = '\0';
-    ntlm->identity.DomainLength = (unsigned long)domlen;
-    ntlm->identity.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI;
+    /* setup ntlm identity's user and length */
+    dup_user.tchar_ptr = _tcsdup(user.tchar_ptr);
+    if(!dup_user.tchar_ptr) {
+      Curl_unicodefree(useranddomain.tchar_ptr);
+      return CURLE_OUT_OF_MEMORY;
+    }
+    ntlm->identity.User = dup_user.tbyte_ptr;
+    ntlm->identity.UserLength = curlx_uztoul(_tcslen(dup_user.tchar_ptr));
+    dup_user.tchar_ptr = NULL;
+
+    /* setup ntlm identity's domain and length */
+    dup_domain.tchar_ptr = malloc(sizeof(TCHAR) * (domlen + 1));
+    if(!dup_domain.tchar_ptr) {
+      Curl_unicodefree(useranddomain.tchar_ptr);
+      return CURLE_OUT_OF_MEMORY;
+    }
+    _tcsncpy(dup_domain.tchar_ptr, domain.tchar_ptr, domlen);
+    *(dup_domain.tchar_ptr + domlen) = TEXT('\0');
+    ntlm->identity.Domain = dup_domain.tbyte_ptr;
+    ntlm->identity.DomainLength = curlx_uztoul(domlen);
+    dup_domain.tchar_ptr = NULL;
+
+    Curl_unicodefree(useranddomain.tchar_ptr);
+
+    /* setup ntlm identity's password and length */
+    passwd.tchar_ptr = Curl_convert_UTF8_to_tchar((char *)passwdp);
+    if(!passwd.tchar_ptr)
+      return CURLE_OUT_OF_MEMORY;
+    dup_passwd.tchar_ptr = _tcsdup(passwd.tchar_ptr);
+    if(!dup_passwd.tchar_ptr) {
+      Curl_unicodefree(passwd.tchar_ptr);
+      return CURLE_OUT_OF_MEMORY;
+    }
+    ntlm->identity.Password = dup_passwd.tbyte_ptr;
+    ntlm->identity.PasswordLength =
+      curlx_uztoul(_tcslen(dup_passwd.tchar_ptr));
+    dup_passwd.tchar_ptr = NULL;
+
+    Curl_unicodefree(passwd.tchar_ptr);
+
+    /* setup ntlm identity's flags */
+    ntlm->identity.Flags = SECFLAG_WINNT_AUTH_IDENTITY;
  }
  else
    ntlm->p_identity = NULL;

-  status = s_pSecFn->AcquireCredentialsHandleA(NULL, (void *)"NTLM",
-                                               SECPKG_CRED_OUTBOUND, NULL,
-                                               ntlm->p_identity, NULL, NULL,
-                                               &ntlm->handle, &tsDummy);
+  status = s_pSecFn->AcquireCredentialsHandle(NULL,
+                                              (TCHAR *) TEXT("NTLM"),
+                                              SECPKG_CRED_OUTBOUND, NULL,
+                                              ntlm->p_identity, NULL, NULL,
+                                              &ntlm->handle, &tsDummy);
  if(status != SEC_E_OK)
    return CURLE_OUT_OF_MEMORY;

@@ -464,15 +446,15 @@ CURLcode Curl_ntlm_create_type1_message(const char *userp,
  buf.BufferType = SECBUFFER_TOKEN;
  buf.pvBuffer   = ntlmbuf;

-  status = s_pSecFn->InitializeSecurityContextA(&ntlm->handle, NULL,
-                                                (void *)dest,
-                                                ISC_REQ_CONFIDENTIALITY |
-                                                ISC_REQ_REPLAY_DETECT |
-                                                ISC_REQ_CONNECTION,
-                                                0, SECURITY_NETWORK_DREP,
-                                                NULL, 0,
-                                                &ntlm->c_handle, &desc,
-                                                &attrs, &tsDummy);
+  status = s_pSecFn->InitializeSecurityContext(&ntlm->handle, NULL,
+                                               (TCHAR *) TEXT(""),
+                                               ISC_REQ_CONFIDENTIALITY |
+                                               ISC_REQ_REPLAY_DETECT |
+                                               ISC_REQ_CONNECTION,
+                                               0, SECURITY_NETWORK_DREP,
+                                               NULL, 0,
+                                               &ntlm->c_handle, &desc,
+                                               &attrs, &tsDummy);

  if(status == SEC_I_COMPLETE_AND_CONTINUE ||
     status == SEC_I_CONTINUE_NEEDED)
@@ -580,7 +562,7 @@ CURLcode Curl_ntlm_create_type1_message(const char *userp,
 * userp   [in]     - The user name in the format User or Domain\User.
 * passdwp [in]     - The user's password.
 * ntlm    [in/out] - The ntlm data struct being used and modified.
- * outptr  [in/out] - The adress where a pointer to newly allocated memory
+ * outptr  [in/out] - The address where a pointer to newly allocated memory
 *                    holding the result will be stored upon completion.
 * outlen  [out]    - The length of the output message.
 *
@@ -615,13 +597,12 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
  size_t size;

 #ifdef USE_WINDOWS_SSPI
-  const char *dest = "";
  SecBuffer type_2;
  SecBuffer type_3;
  SecBufferDesc type_2_desc;
  SecBufferDesc type_3_desc;
  SECURITY_STATUS status;
-  ULONG attrs;
+  unsigned long attrs;
  TimeStamp tsDummy; /* For Windows 9x compatibility of SSPI calls */

  (void)passwdp;
@@ -640,17 +621,17 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
  type_3.pvBuffer   = ntlmbuf;
  type_3.cbBuffer   = NTLM_BUFSIZE;

-  status = s_pSecFn->InitializeSecurityContextA(&ntlm->handle,
-                                                &ntlm->c_handle,
-                                                (void *)dest,
-                                                ISC_REQ_CONFIDENTIALITY |
-                                                ISC_REQ_REPLAY_DETECT |
-                                                ISC_REQ_CONNECTION,
-                                                0, SECURITY_NETWORK_DREP,
-                                                &type_2_desc,
-                                                0, &ntlm->c_handle,
-                                                &type_3_desc,
-                                                &attrs, &tsDummy);
+  status = s_pSecFn->InitializeSecurityContext(&ntlm->handle,
+                                               &ntlm->c_handle,
+                                               (TCHAR *) TEXT(""),
+                                               ISC_REQ_CONFIDENTIALITY |
+                                               ISC_REQ_REPLAY_DETECT |
+                                               ISC_REQ_CONNECTION,
+                                               0, SECURITY_NETWORK_DREP,
+                                               &type_2_desc,
+                                               0, &ntlm->c_handle,
+                                               &type_3_desc,
+                                               &attrs, &tsDummy);
  if(status != SEC_E_OK)
    return CURLE_RECV_ERROR;

@@ -717,23 +698,7 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
    unsigned char entropy[8];

    /* Need to create 8 bytes random data */
-#ifdef USE_SSLEAY
-    MD5_CTX MD5pw;
-    Curl_ossl_seed(data); /* Initiate the seed if not already done */
-    RAND_bytes(entropy, 8);
-#elif defined(USE_GNUTLS_NETTLE)
-    struct md5_ctx MD5pw;
-    gnutls_rnd(GNUTLS_RND_RANDOM, entropy, 8);
-#elif defined(USE_GNUTLS)
-    gcry_md_hd_t MD5pw;
-    Curl_gtls_seed(data); /* Initiate the seed if not already done */
-    gcry_randomize(entropy, 8, GCRY_STRONG_RANDOM);
-#elif defined(USE_NSS)
-    PK11Context *MD5pw;
-    unsigned int MD5len;
-    Curl_nss_seed(data);  /* Initiate the seed if not already done */
-    PK11_GenerateRandom(entropy, 8);
-#endif
+    Curl_ssl_random(data, entropy, sizeof(entropy));

    /* 8 bytes random data as challenge in lmresp */
    memcpy(lmresp, entropy, 8);
@@ -745,25 +710,7 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
    memcpy(tmp, &ntlm->nonce[0], 8);
    memcpy(tmp + 8, entropy, 8);

-#ifdef USE_SSLEAY
-    MD5_Init(&MD5pw);
-    MD5_Update(&MD5pw, tmp, 16);
-    MD5_Final(md5sum, &MD5pw);
-#elif defined(USE_GNUTLS_NETTLE)
-    md5_init(&MD5pw);
-    md5_update(&MD5pw, 16, tmp);
-    md5_digest(&MD5pw, 16, md5sum);
-#elif defined(USE_GNUTLS)
-    gcry_md_open(&MD5pw, GCRY_MD_MD5, 0);
-    gcry_md_write(MD5pw, tmp, MD5_DIGEST_LENGTH);
-    memcpy(md5sum, gcry_md_read (MD5pw, 0), MD5_DIGEST_LENGTH);
-    gcry_md_close(MD5pw);
-#elif defined(USE_NSS)
-    MD5pw = PK11_CreateDigestContext(SEC_OID_MD5);
-    PK11_DigestOp(MD5pw, tmp, 16);
-    PK11_DigestFinal(MD5pw, md5sum, &MD5len, MD5_DIGEST_LENGTH);
-    PK11_DestroyContext(MD5pw, PR_TRUE);
-#endif
+    Curl_ssl_md5sum(tmp, 16, md5sum, MD5_DIGEST_LENGTH);

    /* We shall only use the first 8 bytes of md5sum, but the des
       code in Curl_ntlm_core_lm_resp only encrypt the first 8 bytes */
--- a/Show More
+++ b/Show More