RELEASE-NOTES: synced with b8b2cf612b

The commit e650dbde86 that stripped off [brackets] from ipv6-only host
headers for the sake of cookie parsing wrongly incremented the host
pointer which would cause a bad free() call later on.

CMakeLists.txt

@@ -148,9 +148,9 @@ option(ENABLE_IPV6 "Define if you want to enable IPv6 support" OFF)
 mark_as_advanced(ENABLE_IPV6)
 
 if(WIN32)
-  find_library(WSOCK32_LIBRARY wsock32)
+  # Windows standard libraries are located in C:/Program Files/Microsoft SDKs/[...]
-  find_library(WS2_32_LIBRARY ws2_32)
+  # They are already included in the default MSVC LIBPATH => no find_library is needed!
-  list_spaces_append_once(CMAKE_C_STANDARD_LIBRARIES ${WSOCK32_LIBRARY} ${WS2_32_LIBRARY})  # bufferoverflowu.lib
+  list_spaces_append_once(CMAKE_C_STANDARD_LIBRARIES wsock32.lib ws2_32.lib)  # bufferoverflowu.lib
   if(CURL_DISABLE_LDAP)
     # Remove wldap32.lib from space-separated list
     string(REPLACE " " ";" _LIST ${CMAKE_C_STANDARD_LIBRARIES})

RELEASE-NOTES

@@ -1,84 +1,49 @@
-Curl and libcurl 7.24.0
+Curl and libcurl 7.25.0
 
  Public curl releases:         127
- Command line options:         149
+ Command line options:         151
- curl_easy_setopt() options:   192
+ curl_easy_setopt() options:   199
  Public functions in libcurl:  58
  Known libcurl bindings:       39
- Contributors:                 907
+ Contributors:                 929
-
-This release includes the following security fixes:
-
- o curl was vulnerable to a data injection attack for certain protocols
-   http://curl.haxx.se/docs/adv_20120124.html
- o curl was vulnerable to a SSL CBC IV vulnerability when built to use OpenSSL
-   http://curl.haxx.se/docs/adv_20120124B.html
 
 This release includes the following changes:
 
- o CURLOPT_QUOTE: SFTP supports the '*'-prefix now [24]
+ o configure: add option disable --libcurl output [1]
- o CURLOPT_DNS_SERVERS: set name servers if possible [23]
+ o --ssl-allow-beast and CURLOPT_SSL_OPTIONS added [2]
- o Add support for using nettle instead of gcrypt as gnutls backend [22]
+ o Added CURLOPT_TCP_KEEPALIVE, CURLOPT_TCP_KEEPIDLE, CURLOPT_TCP_KEEPINTVL [4]
- o CURLOPT_INTERFACE: avoid resolving interfaces names with magic prefixes [21]
+ o curl: use new library-side TCP_KEEPALIVE options [5]
- o Added CURLOPT_ACCEPTTIMEOUT_MS [30]
+ o Added a new CURLOPT_MAIL_AUTH option [13]
- o configure: add symbols versioning option --enable-versioned-symbols [31]
+ o Added support for --mail-auth [14]
+ o --libcurl now also works with -F and more! [15]
 
 This release includes the following bugfixes:
 
- o SSL session share: move the age counter to the share object [1]
+ o --max-redirs: allow negative numbers as option value [3]
- o -J -O: use -O name if no Content-Disposition header comes! [2]
+ o parse_proxy: bail out on zero-length proxy names [6]
- o protocol_connect: show verbose connect and set connect time [3]
+ o configure: don't modify LD_LIBRARY_PATH for cross compiles [7]
- o query-part: ignore the URI part for given protocols [4]
+ o curl_easy_reset: reset the referer string [8]
- o gnutls: only translate winsock errors for old versions [5]
+ o curl tool: don't abort glob-loop due to failures [9]
- o POP3: fix end of body detection [6]
+ o CONNECT: send correct Host: with IPv6 numerical address [10]
- o POP3: detect when LIST returns no mails
+ o Explicitly link to the nettle/gcrypt libraries [11]
- o TELNET: improved treatment of options [7]
+ o more resilient connection times among IP addresses [12]
- o configure: add support for pkg-config detection of libidn [8]
+ o winbuild: fix IPV6 and IDN options
- o CyaSSL 2.0+ library initialization adjustment [9]
+ o SMTP: Fixed error when using CURLOPT_CONNECT_ONLY
- o multi interface: only use non-NULL socker function pointer
+ o cyassl: update to CyaSSL 2.0.x API
- o call opensocket callback properly for active FTP
+ o smtp: Fixed an issue with the EOB checking
- o don't call close socket callback for sockets created with accept() [10]
+ o pop3: Fixed drop of final CRLF in EOB checking [16]
- o differentiate better between host/proxy errors [11]
+ o smtp: Fixed an issue with writing postdata
- o SSH: fix CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 and --hostpubmd5 [12]
+ o smtp: Added support for returning SMTP response codes
- o multi: handle timeouts on DNS servers by checking for new sockets [13]
+ o CONNECT: fix ipv6 address in the Request-Line [17]
- o CURLOPT_DNS_SERVERS: fix return code
+ o curl-config: only provide libraries with --libs
- o POP3: fixed escaped dot not being stripped out [14]
+ o LWIP: don't consider HAVE_ERRNO_H to be winsock [19]
- o OpenSSL: check for the SSLv2 function in configure [15]
+ o ssh: tunnel through HTTP proxy if requested
- o MakefileBuild: fix the static build [16]
+ o cookies: strip off [brackets] from numerical ipv6 host names [20]
- o create_conn: don't switch to HTTP protocol if tunneling is enabled [17]
+ o libcurl docs: version corrections [18]
- o multi interface: fix block when CONNECT_ONLY option is used [18]
+ o cmake: list_spaces_append_once failure [22]
- o Fix connection reuse for TLS upgraded connections [19]
+ o resolve with c-ares: don't resolve IPv6 when not working [21]
- o multiple file upload with -F and custom type [20]
+ o smtp: changed error code for EHLO and HELO responses
- o multi interface: active FTP connections are no longer blocking [25]
+ o parsedate: fix a numeric overflow
- o Android build fix [26]
- o timer: restore PRETRANSFER timing [27]
- o libcurl.m4: Fix quoting arguments of AC_LANG_PROGRAM [28]
- o appconnect time fixed for non-blocking connect ssl backends [29]
- o do not include SSL handshake into time spent waiting for 100-continue [32]
- o handle dns cache case insensitive
- o use new host name casing for subsequent HTTP requests [33]
- o CURLOPT_RESOLVE: avoid adding already present host names
- o SFTP mkdir: use correct permission [34]
- o resolve: don't leak pre-populated dns entries [35]
- o --retry: Retry transfers on timeout and DNS errors
- o negotiate with SSPI backend: use the correct buffer for input [36]
- o SFTP dir: increase buffer size counter to avoid cut off file names [37]
- o TFTP: fix resending (again) [38]
- o c-ares: don't include getaddrinfo-using code [39]
- o FTP: CURLE_PARTIAL_FILE will not close the control channel [40]
- o win32-threaded-resolver: stop using a dummy socket
- o OpenSSL: remove reference to openssl internal struct [41]
- o OpenSSL: SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option no longer enabled
- o OpenSSL: fix PKCS#12 certificate parsing related memory leak
- o OpenLDAP: fix LDAP connection phase memory leak [42]
- o Telnet: Use correct file descriptor for telnet upload
- o Telnet: Remove bogus optimisation of telnet upload
- o URL parse: user name with ipv6 numerical address
- o polarssl: show cipher suite name correctly with 1.1.0
- o polarssl: havege_rand is not present in version 1.1.0 WARNING, we still
-   use the old API which is said to be insecure. See
-   http://polarssl.org/trac/wiki/SecurityAdvisory201102
- o gnutls: enforced use of SSLv3 [43]
 
 This release includes the following known bugs:
 
@@ -87,60 +52,35 @@ This release includes the following known bugs:
 This release would not have looked like this without help, code, reports and
 advice from friends like these:
 
- Alejandro Alvarez Ayllon, Jason Glasgow, Jonas Schnelli, Mark Brand,
+ Colin Hogben, Alessandro Ghedini, Kamil Dudka, Rob Ward, Dave Reisner,
- Martin Storsjo, Yang Tse, Laurent Rabret, Jason Glasgow, Steve Holme,
+ Martin Storsjo, Pierre Ynard, Pierre Joye, Yang Tse, Dan Fandrich,
- Reza Arbab, Jason Liu, Gokhan Sengun, Rob Ward, Dan Fandrich,
+ Michael Day, Juan Barreto, Chandrakant Bagul, Steve Holme, Todd Ouska,
- Naveen Chandran, Ward Willats, Vladimir Grishchenko, Colin Hogben,
+ Rich Gray, John Joseph Bachir, Armel Asselin, Andrei Cipu,
- Alessandro Ghedini, Cedric Deltheil, Toni Moreno, Bernhard Reutner-Fischer,
+ Maxim Prohorov
- Sven Wegener, Alex Vinnik, Kamil Dudka, Mamoru Tasaka, Patrice Guerin,
- Armel Asselin, Arthur Murray, Steve H Truong, Peter Sylvester,
- Johannes Bauer, Brandon Wang, Pierre Joye, Robert Schumann,
- Christian Grothoff, Nikos Mavrogiannopoulos
  
         Thanks! (and sorry if I forgot to mention someone)
 
 References to bug reports and discussions on issues:
 
- [1] = http://curl.haxx.se/mail/lib-2011-11/0116.html
+ [1] = http://curl.haxx.se/mail/lib-2012-02/0009.html
- [2] = http://curl.haxx.se/mail/archive-2011-11/0030.htm
+ [2] = http://curl.haxx.se/mail/lib-2012-02/0001.html
- [3] = http://curl.haxx.se/mail/archive-2011-11/0035.html
+ [3] = http://curl.haxx.se/mail/lib-2012-02/0098.html
- [4] = http://curl.haxx.se/mail/lib-2011-11/0218.html
+ [4] = http://curl.haxx.se/mail/lib-2012-01/0264.html
- [5] = http://curl.haxx.se/mail/lib-2011-11/0267.html
+ [5] = http://curl.haxx.se/mail/lib-2012-01/0263.html
- [6] = http://curl.haxx.se/mail/lib-2011-11/0279.html
+ [6] = http://curl.haxx.se/mail/lib-2012-02/0000.html
- [7] = http://curl.haxx.se/mail/lib-2011-11/0247.html
+ [7] = http://curl.haxx.se/mail/lib-2012-02/0052.html
- [8] = http://curl.haxx.se/mail/lib-2011-11/0294.html
+ [8] = http://curl.haxx.se/bug/view.cgi?id=3481551
- [9] = http://curl.haxx.se/bug/view.cgi?id=3442068
+ [9] = http://curl.haxx.se/bug/view.cgi?id=3481223
- [10] = http://curl.haxx.se/mail/lib-2011-12/0018.html
+ [10] = http://curl.haxx.se/bug/view.cgi?id=3482093
- [11] = http://curl.haxx.se/mail/archive-2011-12/0010.html
+ [11] = http://curl.haxx.se/mail/lib-2012-01/0303.html
- [12] = http://curl.haxx.se/bug/view.cgi?id=3451592
+ [12] = http://curl.haxx.se/mail/lib-2012-01/0190.html
- [13] = http://curl.haxx.se/mail/lib-2011-11/0371.html
+ [13] = http://curl.haxx.se/libcurl/c/curl_easy_setopt.html#CURLOPTMAILAUTH
- [14] = http://curl.haxx.se/mail/lib-2011-11/0368.html
+ [14] = http://curl.haxx.se/docs/manpage.html#--mail-auth
- [15] = http://curl.haxx.se/mail/archive-2011-12/0012.html
+ [15] = http://curl.haxx.se/docs/manpage.html#--libcurl
- [16] = http://curl.haxx.se/mail/lib-2011-12/0063.html
+ [16] = http://curl.haxx.se/mail/lib-2012-02/0051.html
- [17] = http://curl.haxx.se/mail/lib-2011-12/0010.html
+ [17] = http://curl.haxx.se/bug/view.cgi?id=3493129
- [18] = http://curl.haxx.se/mail/lib-2011-12/0070.html
+ [18] = http://curl.haxx.se/bug/view.cgi?id=3494091
- [19] = http://curl.haxx.se/mail/lib-2011-11/0022.html
+ [19] = http://curl.haxx.se/mail/lib-2012-03/0046.html
- [20] = http://curl.haxx.se/mail/lib-2011-12/0121.html
+ [20] = http://curl.haxx.se/mail/lib-2012-03/0036.html
- [21] = http://curl.haxx.se/mail/lib-2011-12/0107.html
+ [21] = http://curl.haxx.se/mail/lib-2012-03/0045.html
- [22] = http://curl.haxx.se/mail/lib-2011-11/0164.html
+ [22] = http://curl.haxx.se/bug/view.cgi?id=3494968
- [23] = http://curl.haxx.se/mail/lib-2011-11/0067.html
- [24] = http://curl.haxx.se/mail/lib-2011-11/0205.html
- [25] = http://curl.haxx.se/mail/lib-2011-12/0179.html
- [26] = http://curl.haxx.se/mail/lib-2011-12/0215.html
- [27] = http://curl.haxx.se/mail/archive-2011-12/0022.html
- [28] = http://curl.haxx.se/mail/lib-2011-12/0218.html
- [29] = http://curl.haxx.se/mail/lib-2011-12/0211.html
- [30] = http://curl.haxx.se/libcurl/c/curl_easy_setopt.html#CURLOPTACCEPTTIMOUTMS
- [31] = http://curl.haxx.se/mail/lib-2011-12/0133.html
- [32] = https://bugzilla.redhat.com/767490
- [33] = http://curl.haxx.se/mail/lib-2011-12/0314.html
- [34] = http://curl.haxx.se/mail/lib-2011-12/0249.html
- [35] = http://curl.haxx.se/bug/view.cgi?id=3463121
- [36] = http://curl.haxx.se/bug/view.cgi?id=3466497
- [37] = http://curl.haxx.se/mail/lib-2011-12/0249.html
- [38] = http://curl.haxx.se/mail/lib-2012-01/0146.html
- [39] = http://curl.haxx.se/mail/lib-2012-01/0160.html
- [40] = http://curl.haxx.se/mail/lib-2012-01/0096.html
- [41] = http://curl.haxx.se/mail/lib-2012-01/0049.html
- [42] = http://curl.haxx.se/bug/view.cgi?id=3474308
- [43] = http://curl.haxx.se/mail/lib-2012-01/0225.html

TODO-RELEASE

@@ -1,4 +1,4 @@
-To be addressed in 7.22.1
+To be addressed in 7.24.1
 =========================
 
 295 - "RTSP Authentication (#22)" https://github.com/bagder/curl/pull/22
@@ -8,4 +8,8 @@ To be addressed in 7.22.1
 300 - "Polling on stray socket on sequential transfers." Andrew S
       http://curl.haxx.se/mail/lib-2011-07/0053.html
 
-308 -
+308 - Revisit option --enable-threaded-resolver at least allow selection among
+      pthreads and Windows threads when building a Windows target.
+      http://curl.haxx.se/mail/lib-2012-01/0291.html
+
+309 - 

configure.ac

@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -155,6 +155,7 @@ curl_tls_srp_msg="no      (--enable-tls-srp)"
    curl_ipv6_msg="no      (--enable-ipv6)"
     curl_idn_msg="no      (--with-libidn)"
  curl_manual_msg="no      (--enable-manual)"
+curl_libcurl_msg="enabled (--disable-libcurl-option)"
 curl_verbose_msg="enabled (--disable-verbose)"
    curl_sspi_msg="no      (--enable-sspi)"
    curl_ldap_msg="no      (--enable-ldap / --with-ldap-lib / --with-lber-lib)"
@@ -651,6 +652,25 @@ AC_HELP_STRING([--disable-manual],[Disable built-in manual]),
 dnl The actual use of the USE_MANUAL variable is done much later in this
 dnl script to allow other actions to disable it as well.
 
+dnl ************************************************************
+dnl disable C code generation support
+dnl
+AC_MSG_CHECKING([whether to enable generation of C code])
+AC_ARG_ENABLE(libcurl_option,
+AC_HELP_STRING([--enable-libcurl-option],[Enable --libcurl C code generation support])
+AC_HELP_STRING([--disable-libcurl-option],[Disable --libcurl C code generation support]),
+[ case "$enableval" in
+  no)
+       AC_MSG_RESULT(no)
+       AC_DEFINE(CURL_DISABLE_LIBCURL_OPTION, 1, [to disable --libcurl C code generation option])
+       curl_libcurl_msg="no"
+       ;;
+  *)   AC_MSG_RESULT(yes)
+       ;;
+  esac ],
+       AC_MSG_RESULT(yes)
+)
+
 dnl **********************************************************************
 dnl Checks for libraries.
 dnl **********************************************************************
@@ -1548,11 +1568,12 @@ if test X"$OPT_SSL" != Xno; then
        dnl when the ssl shared libs were found in a path that the run-time
        dnl linker doesn't search through, we need to add it to LD_LIBRARY_PATH
        dnl to prevent further configure tests to fail due to this
-
+       if test "x$cross_compiling" != "xyes"; then
          LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$LIB_OPENSSL"
          export LD_LIBRARY_PATH
          AC_MSG_NOTICE([Added $LIB_OPENSSL to LD_LIBRARY_PATH])
        fi
+    fi
     CURL_CHECK_OPENSSL_API
   fi
 
@@ -1787,12 +1808,13 @@ if test "$OPENSSL_ENABLED" != "1"; then
           dnl linker doesn't search through, we need to add it to
           dnl LD_LIBRARY_PATH to prevent further configure tests to fail
           dnl due to this
-
+          if test "x$cross_compiling" != "xyes"; then 
             LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$gtlslib"
             export LD_LIBRARY_PATH
             AC_MSG_NOTICE([Added $gtlslib to LD_LIBRARY_PATH])
           fi
         fi
+      fi
 
     fi
 
@@ -1824,6 +1846,9 @@ if test "$GNUTLS_ENABLED" = "1"; then
   if test "$USE_GNUTLS_NETTLE" = "1"; then
     AC_DEFINE(USE_GNUTLS_NETTLE, 1, [if GnuTLS uses nettle as crypto backend])
     AC_SUBST(USE_GNUTLS_NETTLE, [1])
+    LIBS="$LIBS -lnettle"
+  else
+    LIBS="$LIBS -lgcrypt"
   fi
 fi
 
@@ -1910,12 +1935,12 @@ if test "$OPENSSL_ENABLED" != "1"; then
         dnl linker doesn't search through, we need to add it to
         dnl LD_LIBRARY_PATH to prevent further configure tests to fail
         dnl due to this
-
+        if test "x$cross_compiling" != "xyes"; then
           LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$polarssllib"
           export LD_LIBRARY_PATH
           AC_MSG_NOTICE([Added $polarssllib to LD_LIBRARY_PATH])
         fi
-
+      fi
     fi
 
   fi dnl PolarSSL not disabled
@@ -1932,7 +1957,7 @@ OPT_CYASSL=no
 _cppflags=$CPPFLAGS
 _ldflags=$LDFLAGS
 AC_ARG_WITH(cyassl,dnl
-AC_HELP_STRING([--with-cyassl=PATH],[where to look for CyaSSL, PATH points to the installation root (default: /usr/local/cyassl)])
+AC_HELP_STRING([--with-cyassl=PATH],[where to look for CyaSSL, PATH points to the installation root (default: system lib default)])
 AC_HELP_STRING([--without-cyassl], [disable CyaSSL detection]),
   OPT_CYASSL=$withval)
 
@@ -1945,14 +1970,9 @@ if test "$OPENSSL_ENABLED" != "1"; then
     fi
 
     if test -z "$OPT_CYASSL" ; then
-      dnl check for lib in default first
+      dnl check for lib in system default first
 
-      trycyassldir="/usr/local/cyassl"
+      AC_CHECK_LIB(cyassl, CyaSSL_Init,
-
-      LDFLAGS="$LDFLAGS -L$trycyassldir/lib"
-      CPPFLAGS="$CPPFLAGS -I$trycyassldir/include"
-
-      AC_CHECK_LIB(cyassl, InitCyaSSL,
       dnl libcyassl found, set the variable
        [
          AC_DEFINE(USE_CYASSL, 1, [if CyaSSL is enabled])
@@ -1974,7 +1994,7 @@ if test "$OPENSSL_ENABLED" != "1"; then
          CPPFLAGS="$CPPFLAGS $addcflags"
       fi
 
-      AC_CHECK_LIB(cyassl, InitCyaSSL,
+      AC_CHECK_LIB(cyassl, CyaSSL_Init,
        [
        AC_DEFINE(USE_CYASSL, 1, [if CyaSSL is enabled])
        AC_SUBST(USE_CYASSL, [1])
@@ -1999,11 +2019,12 @@ if test "$OPENSSL_ENABLED" != "1"; then
         dnl linker doesn't search through, we need to add it to
         dnl LD_LIBRARY_PATH to prevent further configure tests to fail
         dnl due to this
-
+        if test "x$cross_compiling" != "xyes"; then
           LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$cyassllib"
           export LD_LIBRARY_PATH
           AC_MSG_NOTICE([Added $cyassllib to LD_LIBRARY_PATH])
         fi
+      fi
 
     fi
 
@@ -2095,11 +2116,12 @@ if test "$OPENSSL_ENABLED" != "1" -a "$GNUTLS_ENABLED" != "1"; then
         dnl linker doesn't search through, we need to add it to
         dnl LD_LIBRARY_PATH to prevent further configure tests to fail
         dnl due to this
-
+        if test "x$cross_compiling" != "xyes"; then
           LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$nssprefix/lib$libsuff"
           export LD_LIBRARY_PATH
           AC_MSG_NOTICE([Added $nssprefix/lib$libsuff to LD_LIBRARY_PATH])
         fi
+      fi
 
     fi
 
@@ -2255,11 +2277,12 @@ if test X"$OPT_LIBSSH2" != Xno; then
        dnl libssh2_session_handshake was added in 1.2.8
        AC_CHECK_FUNCS( libssh2_version libssh2_init libssh2_exit \
                        libssh2_scp_send64 libssh2_session_handshake)
-
+       if test "x$cross_compiling" != "xyes"; then
          LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$DIR_SSH2"
          export LD_LIBRARY_PATH
          AC_MSG_NOTICE([Added $DIR_SSH2 to LD_LIBRARY_PATH])
        fi
+    fi
   else
     dnl no libssh2, revert back to clean variables
     LDFLAGS=$CLEANLDFLAGS
@@ -3314,6 +3337,7 @@ AC_MSG_NOTICE([Configured to build curl/libcurl:
   IDN support:      ${curl_idn_msg}
   Build libcurl:    Shared=${enable_shared}, Static=${enable_static}
   Built-in manual:  ${curl_manual_msg}
+  --libcurl option: ${curl_libcurl_msg}
   Verbose errors:   ${curl_verbose_msg}
   SSPI support:     ${curl_sspi_msg}
   ca cert bundle:   ${ca}

curl-config.in

@@ -142,9 +142,9 @@ while test $# -gt 0; do
 	   CURLLIBDIR=""
 	fi
 	if test "X@REQUIRE_LIB_DEPS@" = "Xyes"; then
-	  echo ${CURLLIBDIR}-lcurl @LDFLAGS@ @LIBCURL_LIBS@ @LIBS@
+	  echo ${CURLLIBDIR}-lcurl @LIBCURL_LIBS@ @LIBS@
 	else
-	  echo ${CURLLIBDIR}-lcurl @LDFLAGS@ @LIBS@
+	  echo ${CURLLIBDIR}-lcurl @LIBS@
 	fi
 	;;
 

docs/CONTRIBUTE

@@ -34,6 +34,7 @@
  3.3 How To Make a Patch without git
  3.4 How to get your changes into the main sources
  3.5 Write good commit messages
+ 3.6 Please don't send pull requests
 
 ==============================================================================
 
@@ -276,3 +277,27 @@
  and make sure that you have your own user and email setup correctly in git
  before you commit
 
+3.6 Please don't send pull requests
+
+ With git (and expecially github) it is easy and tempting to send a pull
+ request to one or more people in the curl project to have changes merged this
+ way instead of mailing patches to the curl-library mailing list.
+
+ We don't like that. We want them mailed for these reasons:
+
+ - Peer review. Anyone and everyone on the list can review, comment and
+   improve on the patch. Pull requests limit this ability.
+
+ - Anyone can merge the patch into their own trees for testing and those who
+   have push rights can push it to the main repo. It doesn't have to be anyone
+   the patch author knows beforehand.
+
+ - Commit messages can be tweaked and changed if merged locally instead of
+   using github. Merges directly on github requires the changes to be perfect
+   already, which they seldomly are.
+
+ - Merges on github prevents rebases and even enforces --no-ff which is a git
+   style we don't otherwise use in the project
+
+ However: once patches have been reviewed and deemed fine on list they are
+ perfectly OK to be pulled from a published git tree.

docs/INTERNALS

@@ -39,7 +39,7 @@ Portability
  libssh2      0.16
  c-ares       1.6.0
  libidn       0.4.1
- cyassl       1.4.0
+ cyassl       2.0.0
  openldap     2.0
  MIT krb5 lib 1.2.4
  qsossl       V5R2M0

docs/THANKS

@@ -20,11 +20,13 @@ Albert Choy
 Ale Vesely
 Alejandro Alvarez
 Aleksandar Milivojevic
+Alessandro Ghedini
 Alessandro Vesely
 Alex Bligh
 Alex Fishman
 Alex Neblett
 Alex Suykov
+Alex Vinnik
 Alex aka WindEagle
 Alexander Beedie
 Alexander Kourakos
@@ -74,6 +76,7 @@ Anton Kalmykov
 Arkadiusz Miskiewicz
 Armel Asselin
 Arnaud Ebalard
+Arthur Murray
 Arve Knudsen
 Ates Goral
 Augustus Saunders
@@ -91,6 +94,7 @@ Ben Winslow
 Benbuck Nason
 Benjamin Gerard
 Bernard Leak
+Bernhard Reutner-Fischer
 Bertrand Demiddelaer
 Bill Egert
 Bill Hoffman
@@ -105,6 +109,7 @@ Brad Burdick
 Brad Hards
 Brad King
 Bradford Bruce
+Brandon Wang
 Brendan Jurd
 Brent Beardsley
 Brian Akins
@@ -121,6 +126,7 @@ Camille Moncelier
 Caolan McNamara
 Carsten Lange
 Casey O'Donnell
+Cedric Deltheil
 Chad Monroe
 Charles Kerr
 Chih-Chung Chang
@@ -133,6 +139,7 @@ Chris Gaukroger
 Chris Maltby
 Chris Mumford
 Chris Smowton
+Christian Grothoff
 Christian Hagele
 Christian Krause
 Christian Kurz
@@ -382,6 +389,8 @@ Jan Kunder
 Jan Van Boghout
 Jared Lundell
 Jari Sundell
+Jason Glasgow
+Jason Liu
 Jason McDonald
 Jason S. Priebe
 Jay Austin
@@ -418,6 +427,7 @@ Jofell Gallardo
 Johan Anderson
 Johan Nilsson
 Johan van Selst
+Johannes Bauer
 John Bradshaw
 John Crow
 John Dennis
@@ -437,6 +447,7 @@ Jon Sargeant
 Jon Travis
 Jon Turner
 Jonas Forsman
+Jonas Schnelli
 Jonatan Lander
 Jonathan Hseu
 Jongki Suwandi
@@ -524,6 +535,7 @@ Luke Call
 Luong Dinh Dung
 Maciej Karpiuk
 Maciej W. Rozycki
+Mamoru Tasaka
 Mandy Wu
 Manfred Schwarb
 Manuel Massing
@@ -614,6 +626,7 @@ Moonesamy
 Nathan Coulter
 Nathan O'Sullivan
 Nathanael Nerode
+Naveen Chandran
 Naveen Noel
 Neil Dunbar
 Neil Spring
@@ -631,6 +644,7 @@ Nikita Schmidt
 Nikitinskit Dmitriy
 Niklas Angebrand
 Nikolai Kondrashov
+Nikos Mavrogiannopoulos
 Ning Dong
 Nir Soffer
 Nis Jorgensen
@@ -647,6 +661,7 @@ Paolo Piacentini
 Pascal Terjan
 Pasha Kuznetsov
 Pat Ray
+Patrice Guerin
 Patrick Bihan-Faou
 Patrick Monnerat
 Patrick Scott
@@ -720,6 +735,7 @@ Renaud Duhaut
 Rene Bernhardt
 Rene Rebe
 Reuven Wachtfogel
+Reza Arbab
 Ricardo Cadime
 Rich Gray
 Rich Rauenzahn
@@ -736,11 +752,13 @@ Rick Richardson
 Rob Crittenden
 Rob Jones
 Rob Stanzel
+Rob Ward
 Robert A. Monat
 Robert D. Young
 Robert Foreman
 Robert Iakobashvili
 Robert Olson
+Robert Schumann
 Robert Weaver
 Robin Cornelius
 Robin Johnson
@@ -809,6 +827,7 @@ Stephen Kick
 Stephen More
 Sterling Hughes
 Steve Green
+Steve H Truong
 Steve Holme
 Steve Lhomme
 Steve Little
@@ -864,6 +883,7 @@ Tomasz Lacki
 Tommie Gannert
 Tommy Tam
 Ton Voon
+Toni Moreno
 Toon Verwaest
 Tor Arntsen
 Torsten Foertsch
@@ -892,6 +912,7 @@ Vojtech Janota
 Vojtech Minarik
 Vsevolod Novikov
 Walter J. Mack
+Ward Willats
 Wayne Haigh
 Werner Koch
 Wesley Laxton

docs/curl.1

@@ -20,7 +20,7 @@
 .\" *
 .\" **************************************************************************
 .\"
-.TH curl 1 "14 April 2009" "Curl 7.21.6" "Curl Manual"
+.TH curl 1 "16 February 2012" "Curl 7.25.0" "Curl Manual"
 .SH NAME
 curl \- transfer a URL
 .SH SYNOPSIS
@@ -711,7 +711,8 @@ currently effective on operating systems offering the TCP_KEEPIDLE and
 TCP_KEEPINTVL socket options (meaning Linux, recent AIX, HP-UX and more). This
 option has no effect if \fI--no-keepalive\fP is used. (Added in 7.18.0)
 
-If this option is used multiple times, the last occurrence sets the amount.
+If this option is used multiple times, the last occurrence sets the amount. If
+unspecified, the option defaults to 60 seconds.
 .IP "--key <key>"
 (SSL/SSH) Private key file name. Allows you to provide your private key in this
 separate file.
@@ -761,13 +762,9 @@ was 301, 302, or 303. If the response code was any other 3xx code, curl will
 re-send the following request using the same unmodified method.
 .IP "--libcurl <file>"
 Append this option to any ordinary curl command line, and you will get a
-libcurl-using source code written to the file that does the equivalent
+libcurl-using C source code written to the file that does the equivalent
 of what your command-line operation does!
 
-NOTE: this does not properly support -F and the sending of multipart
-formposts, so in those cases the output program will be missing necessary
-calls to \fIcurl_formadd(3)\fP, and possibly more.
-
 If this option is used several times, the last given file name will be
 used. (Added in 7.16.1)
 .IP "--limit-rate <speed>"
@@ -805,6 +802,12 @@ useful for preventing your batch jobs from hanging for hours due to slow
 networks or links going down.  See also the \fI--connect-timeout\fP option.
 
 If this option is used several times, the last one will be used.
+.IP "--mail-auth <address>"
+(SMTP) Specify a single address. This will be used to specify the
+authentication address (identity) of a submitted message that is being relayed
+to another server.
+
+(Added in 7.25.0)
 .IP "--mail-from <address>"
 (SMTP) Specify a single address that the given mail should get sent from.
 
@@ -1258,6 +1261,12 @@ connection if the server doesn't support SSL/TLS. (Added in 7.20.0)
 
 This option was formerly known as \fI--ftp-ssl-reqd\fP (added in 7.15.5). That
 option name can still be used but will be removed in a future version.
+.IP "--ssl-allow-beast"
+(SSL) This option tells curl to not work around a security flaw in the SSL3
+and TLS1.0 protocols known as BEAST.  If this option isn't used, the SSL layer
+may use work-arounds known to cause interoperability problems with some older
+SSL implementations. WARNING: this option loosens the SSL security, and by
+using this flag you ask for exactly that.  (Added in 7.25.0)
 .IP "--socks4 <host[:port]>"
 Use the specified SOCKS4 proxy. If the port number is not specified, it is
 assumed at port 1080. (Added in 7.15.2)

docs/libcurl/curl_easy_getinfo.3

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -44,11 +44,13 @@ The following information can be extracted:
 .IP CURLINFO_EFFECTIVE_URL
 Pass a pointer to a char pointer to receive the last used effective URL.
 .IP CURLINFO_RESPONSE_CODE
-Pass a pointer to a long to receive the last received HTTP or FTP code. This
+Pass a pointer to a long to receive the last received HTTP, FTP or SMTP
-option was known as CURLINFO_HTTP_CODE in libcurl 7.10.7 and earlier. This
+response code. This option was previously known as CURLINFO_HTTP_CODE in
-will be zero if no server response code has been received. Note that a proxy's
+libcurl 7.10.7 and earlier. The value will be zero if no server response code
-CONNECT response should be read with \fICURLINFO_HTTP_CONNECTCODE\fP and not
+has been received. Note that a proxy's CONNECT response should be read with
-this.
+\fICURLINFO_HTTP_CONNECTCODE\fP and not this.
+
+Support for SMTP responses added in 7.25.0.
 .IP CURLINFO_HTTP_CONNECTCODE
 Pass a pointer to a long to receive the last received proxy response code to a
 CONNECT request.

docs/libcurl/curl_easy_setopt.3

@@ -266,7 +266,7 @@ If you forward the input arguments directly to "fseek" or "lseek", note that
 the data type for \fIoffset\fP is not the same as defined for curl_off_t on
 many systems! (Option added in 7.18.0)
 .IP CURLOPT_SEEKDATA
-Data pointer to pass to the file read function. If you use the
+Data pointer to pass to the file seek function. If you use the
 \fICURLOPT_SEEKFUNCTION\fP option, this is the pointer you'll get as input. If
 you don't specify a seek callback, NULL is passed. (Option added in 7.18.0)
 .IP CURLOPT_SOCKOPTFUNCTION
@@ -281,7 +281,7 @@ socket descriptor so additional setsockopt() calls can be done at the user's
 discretion.  Return 0 (zero) from the callback on success. Return 1 from the
 callback function to signal an unrecoverable error to the library and it will
 close the socket and return \fICURLE_COULDNT_CONNECT\fP.  (Option added in
-7.15.6.)
+7.16.0)
 
 Added in 7.21.5, the callback function may return
 \fICURL_SOCKOPT_ALREADY_CONNECTED\fP, which tells libcurl that the socket is
@@ -289,7 +289,7 @@ in fact already connected and then libcurl will not attempt to connect it.
 .IP CURLOPT_SOCKOPTDATA
 Pass a pointer that will be untouched by libcurl and passed as the first
 argument in the sockopt callback set with \fICURLOPT_SOCKOPTFUNCTION\fP.
-(Option added in 7.15.6.)
+(Option added in 7.16.0)
 .IP CURLOPT_OPENSOCKETFUNCTION
 Function pointer that should match the \fIcurl_opensocket_callback\fP
 prototype found in \fI<curl/curl.h>\fP. This function gets called by libcurl
@@ -322,7 +322,7 @@ to the \fICURLOPT_OPENSOCKETFUNCTION\fP option. Return 0 to signal success and
 1 if there was an error.  (Option added in 7.21.7)
 .IP CURLOPT_CLOSESOCKETDATA
 Pass a pointer that will be untouched by libcurl and passed as the first
-argument in the opensocket callback set with
+argument in the closesocket callback set with
 \fICURLOPT_CLOSESOCKETFUNCTION\fP.  (Option added in 7.21.7)
 .IP CURLOPT_PROGRESSFUNCTION
 Function pointer that should match the \fIcurl_progress_callback\fP prototype
@@ -419,7 +419,7 @@ built against another SSL library, this functionality is absent.
 
 Function pointer that should match the following prototype: \fBCURLcode
 sslctxfun(CURL *curl, void *sslctx, void *parm);\fP This function gets called
-by libcurl just before the initialization of an SSL connection after having
+by libcurl just before the initialization of a SSL connection after having
 processed all other SSL related options to give a last chance to an
 application to modify the behaviour of openssl's ssl initialization. The
 \fIsslctx\fP parameter is actually a pointer to an openssl \fISSL_CTX\fP. If
@@ -434,7 +434,7 @@ the SSL negotiation. The SSL_CTX pointer will be a new one every time.
 To use this properly, a non-trivial amount of knowledge of the openssl
 libraries is necessary. For example, using this function allows you to use
 openssl callbacks to add additional validation code for certificates, and even
-to change the actual URI of an HTTPS request (example used in the lib509 test
+to change the actual URI of a HTTPS request (example used in the lib509 test
 case).  See also the example section for a replacement of the key, certificate
 and trust file settings.
 .IP CURLOPT_SSL_CTX_DATA
@@ -711,7 +711,7 @@ pop3://user:password@mail.domain.com/1 - This retrieves the first message
 
 .B SCP
 
-The path part of an SCP request specifies the file to retrieve and from what
+The path part of a SCP request specifies the file to retrieve and from what
 directory. The file part may not be omitted. The file is taken as an absolute
 path from the root directory on the server. To specify a path relative to
 the user's home directory on the server, prepend ~/ to the path portion.
@@ -725,7 +725,7 @@ user's home directory on the server
 
 .B SFTP
 
-The path part of an SFTP request specifies the file to retrieve and from what
+The path part of a SFTP request specifies the file to retrieve and from what
 directory. If the file part is omitted then libcurl downloads the directory
 listing for the directory specified.  If the path ends in a / then a directory
 listing is returned instead of a file.  If the path is omitted entirely then
@@ -778,7 +778,7 @@ proxy's port number may optionally be specified with the separate option. If
 not specified, libcurl will default to using port 1080 for proxies.
 \fICURLOPT_PROXYPORT\fP.
 
-When you tell the library to use an HTTP proxy, libcurl will transparently
+When you tell the library to use a HTTP proxy, libcurl will transparently
 convert operations to HTTP even if you specify an FTP URL etc. This may have
 an impact on what other features of the library you can use, such as
 \fICURLOPT_QUOTE\fP and similar FTP specifics that don't work unless you
@@ -808,7 +808,7 @@ specified in the proxy string \fICURLOPT_PROXY\fP.
 .IP CURLOPT_PROXYTYPE
 Pass a long with this option to set type of the proxy. Available options for
 this are \fICURLPROXY_HTTP\fP, \fICURLPROXY_HTTP_1_0\fP (added in 7.19.4),
-\fICURLPROXY_SOCKS4\fP (added in 7.15.2), \fICURLPROXY_SOCKS5\fP,
+\fICURLPROXY_SOCKS4\fP (added in 7.10), \fICURLPROXY_SOCKS5\fP,
 \fICURLPROXY_SOCKS4A\fP (added in 7.18.0) and \fICURLPROXY_SOCKS5_HOSTNAME\fP
 (added in 7.18.0). The HTTP type is default. (Added in 7.10)
 
@@ -817,7 +817,7 @@ affect how libcurl speaks to a proxy when CONNECT is used. The HTTP version
 used for "regular" HTTP requests is instead controlled with
 \fICURLOPT_HTTP_VERSION\fP.
 .IP CURLOPT_NOPROXY
-Pass a pointer to a zero terminated string. The should be a comma separated
+Pass a pointer to a zero terminated string. This should be a comma separated
 list of hosts which do not use a proxy, if one is specified.  The only
 wildcard is a single * character, which matches all hosts, and effectively
 disables the proxy. Each name in this list is matched as either a domain which
@@ -915,6 +915,20 @@ overdone.
 .IP CURLOPT_ADDRESS_SCOPE
 Pass a long specifying the scope_id value to use when connecting to IPv6
 link-local or site-local addresses. (Added in 7.19.0)
+.IP CURLOPT_TCP_KEEPALIVE
+Pass a long. If set to 1, TCP keepalive probes will be sent. The delay and
+frequency of these probes can be controlled by the \fICURLOPT_TCP_KEEPIDLE\fP
+and \fICURLOPT_TCP_KEEPINTVL\fP options, provided the operating system supports
+them. Set to 0 (default behavior) to disable keepalive probes (Added in
+7.25.0).
+.IP CURLOPT_TCP_KEEPIDLE
+Pass a long. Sets the delay, in seconds, that the operating system will wait
+while the connection is idle before sending keepalive probes. Not all operating
+systems support this option. (Added in 7.25.0)
+.IP CURLOPT_TCP_KEEPINTVL
+Pass a long. Sets the interval, in seconds, that the operating system will wait
+between sending keepalive probes. Not all operating systems support this
+option. (Added in 7.25.0)
 .SH NAMES and PASSWORDS OPTIONS (Authentication)
 .IP CURLOPT_NETRC
 This parameter controls the preference of libcurl between using user names and
@@ -1047,8 +1061,8 @@ HTTP NTLM authentication. A proprietary protocol invented and used by
 Microsoft. It uses a challenge-response and hash concept similar to Digest, to
 prevent the password from being eavesdropped.
 
-You need to build libcurl with OpenSSL support for this option to work, or
+You need to build libcurl with either OpenSSL or NSS support for this option
-build libcurl on Windows.
+to work, or build libcurl on Windows.
 .IP CURLAUTH_NTLM_WB
 NTLM delegating to winbind helper. Authentication is performed by a separate
 binary application that is executed when needed. The name of the application
@@ -1115,7 +1129,7 @@ Pass a parameter set to 1 to enable this. When enabled, libcurl will
 automatically set the Referer: field in requests where it follows a Location:
 redirect.
 .IP CURLOPT_ACCEPT_ENCODING
-Sets the contents of the Accept-Encoding: header sent in an HTTP request, and
+Sets the contents of the Accept-Encoding: header sent in a HTTP request, and
 enables decoding of a response when a Content-Encoding: header is received.
 Three encodings are supported: \fIidentity\fP, which does nothing,
 \fIdeflate\fP which requests the server to compress its response using the
@@ -1143,7 +1157,7 @@ by both HTTP clients and HTTP servers.
 (Added in 7.21.6)
 .IP CURLOPT_FOLLOWLOCATION
 A parameter set to 1 tells the library to follow any Location: header that the
-server sends as part of an HTTP header.
+server sends as part of a HTTP header.
 
 This means that the library will re-send the same request on the new location
 and follow new Location: headers all the way until no more such headers are
@@ -1223,7 +1237,7 @@ If you issue a POST request and then want to make a HEAD or GET using the same
 re-used handle, you must explicitly set the new request type using
 \fICURLOPT_NOBODY\fP or \fICURLOPT_HTTPGET\fP or similar.
 .IP CURLOPT_POSTFIELDS
-Pass a void * as parameter, which should be the full data to post in an HTTP
+Pass a void * as parameter, which should be the full data to post in a HTTP
 POST operation. You must make sure that the data is formatted the way you want
 the server to receive it. libcurl will not convert or encode it for you. Most
 web servers will assume this data to be url-encoded.
@@ -1258,7 +1272,7 @@ Pass a curl_off_t as parameter. Use this to set the size of the
 data to figure out the size. This is the large file version of the
 \fICURLOPT_POSTFIELDSIZE\fP option. (Added in 7.11.1)
 .IP CURLOPT_COPYPOSTFIELDS
-Pass a char * as parameter, which should be the full data to post in an HTTP
+Pass a char * as parameter, which should be the full data to post in a HTTP
 POST operation. It behaves as the \fICURLOPT_POSTFIELDS\fP option, but the
 original data are copied by the library, allowing the application to overwrite
 the original data after setting this option.
@@ -1430,12 +1444,16 @@ transfer decoding will be disabled, if set to 1 it is enabled
 option is set to zero. (added in 7.16.2)
 .SH SMTP OPTIONS
 .IP CURLOPT_MAIL_FROM
-Pass a pointer to a zero terminated string as parameter. It will be used to
+Pass a pointer to a zero terminated string as parameter. This should be used
-specify the sender address in a mail when sending an SMTP mail with libcurl.
+to specify the sender's email address when sending SMTP mail with libcurl.
 
-An originator email address in SMTP lingo is specified within angle brackets
+An originator email address should be specified with angled brackets (<>)
-(<>) which libcurl will not add for you before version 7.21.4. Failing to
+around it, which if not specified, will be added by libcurl from version
-provide such brackets may cause the server to reject your mail.
+7.21.4 onwards. Failing to provide such brackets may cause the server to
+reject the email.
+
+If this parameter is not specified then an empty address will be sent to the
+mail server which may or may not cause the email to be rejected.
 
 (Added in 7.20.0)
 .IP CURLOPT_MAIL_RCPT
@@ -1444,11 +1462,30 @@ SMTP mail request.  The linked list should be a fully valid list of \fBstruct
 curl_slist\fP structs properly filled in. Use \fIcurl_slist_append(3)\fP to
 create the list and \fIcurl_slist_free_all(3)\fP to clean up an entire list.
 
-Each recipient in SMTP lingo is specified with angle brackets (<>), but should
+Each recipient should be specified within a pair of angled brackets (<>),
-you not use an angle bracket as first letter libcurl will assume you provide a
+however, should you not use an angled bracket as the first character libcurl
-single email address only and enclose that with angle brackets for you.
+will assume you provided a single email address and enclose that address
+within brackets for you.
 
 (Added in 7.20.0)
+.IP CURLOPT_MAIL_AUTH
+Pass a pointer to a zero terminated string as parameter. This will be used
+to specify the authentication address (identity) of a submitted message that
+is being relayed to another server.
+
+This optional parameter allows co-operating agents in a trusted environment to
+communicate the authentication of individual messages and should only be used
+by the application program, using libcurl, if the application is itself a
+mail server acting in such an environment. If the application is operating as
+such and the AUTH address is not known or is invalid, then an empty string
+should be used for this parameter.
+
+Unlike CURLOPT_MAIL_FROM and CURLOPT_MAIL_RCPT, the address should not be
+specified within a pair of angled brackets (<>). However, if an empty string
+is used then a pair of brackets will be sent by libcurl as required by
+RFC-2554.
+
+(Added in 7.24.0)
 .SH TFTP OPTIONS
 .IP CURLOPT_TFTP_BLKSIZE
 Specify block size to use for TFTP data transmission. Valid range as per RFC
@@ -1515,7 +1552,7 @@ Pass a pointer to a linked list of FTP commands to pass to the server after
 the transfer type is set. The linked list should be a fully valid list of
 struct curl_slist structs properly filled in as described for
 \fICURLOPT_QUOTE\fP. Disable this operation again by setting a NULL to this
-option. Before version 7.15.6, if you also set \fICURLOPT_NOBODY\fP to 1, this
+option. Before version 7.16.0, if you also set \fICURLOPT_NOBODY\fP to 1, this
 option didn't work.
 .IP CURLOPT_DIRLISTONLY
 A parameter set to 1 tells the library to just list the names of files in a
@@ -1670,7 +1707,7 @@ needed for this method)\fP  (Added in 7.20.0)
 When sent by a client, this method changes the description of the session. For
 example, if a client is using the server to record a meeting, the client can
 use Announce to inform the server of all the meta-information about the
-session.  ANNOUNCE acts like an HTTP PUT or POST just like
+session.  ANNOUNCE acts like a HTTP PUT or POST just like
 \fICURL_RTSPREQ_SET_PARAMETER\fP (Added in 7.20.0)
 .IP CURL_RTSPREQ_SETUP
 Setup is used to initialize the transport layer for the session. The
@@ -1693,7 +1730,7 @@ different connections.  (Added in 7.20.0)
 .IP CURL_RTSPREQ_GET_PARAMETER
 Retrieve a parameter from the server. By default, libcurl will automatically
 include a \fIContent-Type: text/parameters\fP header on all non-empty requests
-unless a custom one is set. GET_PARAMETER acts just like an HTTP PUT or POST
+unless a custom one is set. GET_PARAMETER acts just like a HTTP PUT or POST
 (see \fICURL_RTSPREQ_SET_PARAMETER\fP).
 Applications wishing to send a heartbeat message (e.g. in the presence of a
 server-specified timeout) should send use an empty GET_PARAMETER request.
@@ -1701,9 +1738,9 @@ server-specified timeout) should send use an empty GET_PARAMETER request.
 .IP CURL_RTSPREQ_SET_PARAMETER
 Set a parameter on the server. By default, libcurl will automatically include
 a \fIContent-Type: text/parameters\fP header unless a custom one is set. The
-interaction with SET_PARAMTER is much like an HTTP PUT or POST. An application
+interaction with SET_PARAMTER is much like a HTTP PUT or POST. An application
-may either use \fICURLOPT_UPLOAD\fP with \fICURLOPT_READDATA\fP like an HTTP
+may either use \fICURLOPT_UPLOAD\fP with \fICURLOPT_READDATA\fP like a HTTP
-PUT, or it may use \fICURLOPT_POSTFIELDS\fP like an HTTP POST. No chunked
+PUT, or it may use \fICURLOPT_POSTFIELDS\fP like a HTTP POST. No chunked
 transfers are allowed, so the application must set the
 \fICURLOPT_INFILESIZE\fP in the former and \fICURLOPT_POSTFIELDSIZE\fP in the
 latter. Also, there is no use of multi-part POSTs within RTSP. (Added in
@@ -1765,7 +1802,7 @@ over FTP. This is a known limitation/flaw that nobody has rectified. libcurl
 simply sets the mode to ASCII and performs a standard transfer.
 .IP CURLOPT_PROXY_TRANSFER_MODE
 Pass a long. If the value is set to 1 (one), it tells libcurl to set the
-transfer mode (binary or ASCII) for FTP transfers done via an HTTP proxy, by
+transfer mode (binary or ASCII) for FTP transfers done via a HTTP proxy, by
 appending ;type=a or ;type=i to the URL. Without this setting, or it being set
 to 0 (zero, the default), \fICURLOPT_TRANSFERTEXT\fP has no effect when doing
 FTP via a proxy. Beware that not all proxies support this feature.  (Added in
@@ -1803,7 +1840,7 @@ Pass a curl_off_t as parameter. It contains the offset in number of bytes that
 you want the transfer to start from. (Added in 7.11.0)
 .IP CURLOPT_CUSTOMREQUEST
 Pass a pointer to a zero terminated string as parameter. It will be used
-instead of GET or HEAD when doing an HTTP request, or instead of LIST or NLST
+instead of GET or HEAD when doing a HTTP request, or instead of LIST or NLST
 when doing a FTP directory listing. This is useful for doing DELETE or other
 more or less obscure HTTP requests. Don't do this at will, make sure your
 server supports the command first.
@@ -2146,7 +2183,7 @@ Pass a long as parameter. By default, curl assumes a value of 1.
 This option determines whether curl verifies the authenticity of the peer's
 certificate. A value of 1 means curl verifies; 0 (zero) means it doesn't.
 
-When negotiating an SSL connection, the server sends a certificate indicating
+When negotiating a SSL connection, the server sends a certificate indicating
 its identity.  Curl verifies whether the certificate is authentic, i.e. that
 you can trust that the server is who the certificate says it is.  This trust
 is based on a chain of digital signatures, rooted in certification authority
@@ -2295,6 +2332,16 @@ this to 1 to enable it. By default all transfers are done using the
 cache. While nothing ever should get hurt by attempting to reuse SSL
 session-IDs, there seem to be broken SSL implementations in the wild that may
 require you to disable this in order for you to succeed. (Added in 7.16.0)
+.IP CURLOPT_SSL_OPTIONS
+Pass a long with a bitmask to tell libcurl about specific SSL behaviors.
+
+CURLSSLOPT_ALLOW_BEAST is the only supported bit and by setting this the user
+will tell libcurl to not attempt to use any work-arounds for a security flaw
+in the SSL3 and TLS1.0 protocols.  If this option isn't used or this bit is
+set to 0, the SSL layer libcurl uses may use a work-around for this flaw
+although it might cause interoperability problems with some (older) SSL
+implementations. WARNING: avoiding this work-around loosens the security, and
+by setting this option to 1 you ask for exactly that. (Added in 7.25.0)
 .IP CURLOPT_KRBLEVEL
 Pass a char * as parameter. Set the kerberos security level for FTP; this also
 enables kerberos awareness.  This is a string, \&'clear', \&'safe',
@@ -2315,8 +2362,8 @@ GSS_C_DELEG_POLICY_FLAG was available at compile-time.
 .IP CURLOPT_SSH_AUTH_TYPES
 Pass a long set to a bitmask consisting of one or more of
 CURLSSH_AUTH_PUBLICKEY, CURLSSH_AUTH_PASSWORD, CURLSSH_AUTH_HOST,
-CURLSSH_AUTH_KEYBOARD. Set CURLSSH_AUTH_ANY to let libcurl pick one.
+CURLSSH_AUTH_KEYBOARD. Set CURLSSH_AUTH_ANY to let libcurl pick one. Currently
-(Added in 7.16.1)
+CURLSSH_AUTH_HOST has no effect. (Added in 7.16.1)
 .IP CURLOPT_SSH_HOST_PUBLIC_KEY_MD5
 Pass a char * pointing to a string containing 32 hexadecimal digits. The
 string should be the 128 bit MD5 checksum of the remote host's public key, and

docs/libcurl/libcurl-errors.3

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -81,11 +81,6 @@ either a PASV or a EPSV command. The server is flawed.
 .IP "CURLE_FTP_WEIRD_227_FORMAT (14)"
 FTP servers return a 227-line as a response to a PASV command. If libcurl
 fails to parse that line, this return code is passed back.
-.IP "CURLE_FTP_PRET_FAILED (84)"
-The FTP server does not understand the PRET command at all or does not support
-the given argument. Be careful when using \fICURLOPT_CUSTOMREQUEST\fP, a
-custom LIST command will be sent with PRET CMD before PASV as well. (Added in
-7.20.0)
 .IP "CURLE_FTP_CANT_GET_HOST (15)"
 An internal failure to lookup the host used for the new connection.
 .IP "CURLE_FTP_COULDNT_SET_TYPE (17)"
@@ -233,7 +228,10 @@ Failed to load CRL file (Added in 7.19.0)
 .IP "CURLE_SSL_ISSUER_ERROR (83)"
 Issuer check failed (Added in 7.19.0)
 .IP "CURLE_FTP_PRET_FAILED (84)"
-PRET command failed
+The FTP server does not understand the PRET command at all or does not support
+the given argument. Be careful when using \fICURLOPT_CUSTOMREQUEST\fP, a
+custom LIST command will be sent with PRET CMD before PASV as well. (Added in
+7.20.0)
 .IP "CURLE_RTSP_CSEQ_ERROR (85)"
 Mismatch of RTSP CSeq numbers.
 .IP "CURLE_RTSP_SESSION_ERROR (86)"

docs/libcurl/symbols-in-versions

@@ -384,6 +384,7 @@ CURLOPT_LOCALPORT               7.15.2
 CURLOPT_LOCALPORTRANGE          7.15.2
 CURLOPT_LOW_SPEED_LIMIT         7.1
 CURLOPT_LOW_SPEED_TIME          7.1
+CURLOPT_MAIL_AUTH               7.25.0
 CURLOPT_MAIL_FROM               7.20.0
 CURLOPT_MAIL_RCPT               7.20.0
 CURLOPT_MAXCONNECTS             7.7
@@ -407,7 +408,7 @@ CURLOPT_OPENSOCKETFUNCTION      7.17.1
 CURLOPT_PASSWDDATA              7.4.2         7.11.1      7.15.5
 CURLOPT_PASSWDFUNCTION          7.4.2         7.11.1      7.15.5
 CURLOPT_PASSWORD                7.19.1
-CURLOPT_PASV_HOST               7.12.1        7.15.6      7.15.5
+CURLOPT_PASV_HOST               7.12.1        7.16.0      7.15.5
 CURLOPT_PORT                    7.1
 CURLOPT_POST                    7.1
 CURLOPT_POST301                 7.17.1        7.19.1
@@ -482,10 +483,14 @@ CURLOPT_SSLVERSION              7.1
 CURLOPT_SSL_CIPHER_LIST         7.9
 CURLOPT_SSL_CTX_DATA            7.10.6
 CURLOPT_SSL_CTX_FUNCTION        7.10.6
+CURLOPT_SSL_OPTIONS             7.25.0
 CURLOPT_SSL_SESSIONID_CACHE     7.16.0
 CURLOPT_SSL_VERIFYHOST          7.8.1
 CURLOPT_SSL_VERIFYPEER          7.4.2
 CURLOPT_STDERR                  7.1
+CURLOPT_TCP_KEEPALIVE           7.25.0
+CURLOPT_TCP_KEEPIDLE            7.25.0
+CURLOPT_TCP_KEEPINTVL           7.25.0
 CURLOPT_TCP_NODELAY             7.11.2
 CURLOPT_TELNETOPTIONS           7.7
 CURLOPT_TFTP_BLKSIZE            7.19.4
@@ -562,7 +567,7 @@ CURLSHOPT_SHARE                 7.10.3
 CURLSHOPT_UNLOCKFUNC            7.10.3
 CURLSHOPT_UNSHARE               7.10.3
 CURLSHOPT_USERDATA              7.10.3
-CURLSOCKTYPE_IPCXN              7.15.6
+CURLSOCKTYPE_IPCXN              7.16.0
 CURLSSH_AUTH_ANY                7.16.1
 CURLSSH_AUTH_DEFAULT            7.16.1
 CURLSSH_AUTH_HOST               7.16.1
@@ -570,6 +575,7 @@ CURLSSH_AUTH_KEYBOARD           7.16.1
 CURLSSH_AUTH_NONE               7.16.1
 CURLSSH_AUTH_PASSWORD           7.16.1
 CURLSSH_AUTH_PUBLICKEY          7.16.1
+CURLSSLOPT_ALLOW_BEAST          7.25.0
 CURLUSESSL_ALL                  7.17.0
 CURLUSESSL_CONTROL              7.17.0
 CURLUSESSL_NONE                 7.17.0

include/curl/curl.h

@@ -673,6 +673,15 @@ typedef enum {
   CURLUSESSL_LAST     /* not an option, never use */
 } curl_usessl;
 
+/* Definition of bits for the CURLOPT_SSL_OPTIONS argument: */
+
+/* - ALLOW_BEAST tells libcurl to allow the BEAST SSL vulnerability in the
+   name of improving interoperability with older servers. Some SSL libraries
+   have introduced work-arounds for this flaw but those work-arounds sometimes
+   make the SSL communication fail. To regain functionality with those broken
+   servers, a user can this way allow the vulnerability back. */
+#define CURLSSLOPT_ALLOW_BEAST (1<<0)
+
 #ifndef CURL_NO_OLDIES /* define this to test if your app builds with all
                           the obsolete stuff removed! */
 
@@ -1499,6 +1508,19 @@ typedef enum {
      of miliseconds. */
   CINIT(ACCEPTTIMEOUT_MS, LONG, 212),
 
+  /* Set TCP keepalive */
+  CINIT(TCP_KEEPALIVE, LONG, 213),
+
+  /* non-universal keepalive knobs (Linux, AIX, HP-UX, more) */
+  CINIT(TCP_KEEPIDLE, LONG, 214),
+  CINIT(TCP_KEEPINTVL, LONG, 215),
+
+  /* Enable/disable specific SSL features with a bitmask, see CURLSSLOPT_* */
+  CINIT(SSL_OPTIONS, LONG, 216),
+
+  /* set the SMTP auth originator */
+  CINIT(MAIL_AUTH, OBJECTPOINT, 217),
+
   CURLOPT_LASTENTRY /* the last unused */
 } CURLoption;
 

include/curl/curlver.h

@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -26,16 +26,16 @@
    a script at release-time. This was made its own header file in 7.11.2 */
 
 /* This is the global package copyright */
-#define LIBCURL_COPYRIGHT "1996 - 2011 Daniel Stenberg, <daniel@haxx.se>."
+#define LIBCURL_COPYRIGHT "1996 - 2012 Daniel Stenberg, <daniel@haxx.se>."
 
 /* This is the version number of the libcurl package from which this header
    file origins: */
-#define LIBCURL_VERSION "7.24.0-DEV"
+#define LIBCURL_VERSION "7.25.0-DEV"
 
 /* The numeric version number is also available "in parts" by using these
    defines: */
 #define LIBCURL_VERSION_MAJOR 7
-#define LIBCURL_VERSION_MINOR 24
+#define LIBCURL_VERSION_MINOR 25
 #define LIBCURL_VERSION_PATCH 0
 
 /* This is the numeric version of the libcurl version number, meant for easier
@@ -53,7 +53,7 @@
    and it is always a greater number in a more recent release. It makes
    comparisons with greater than and less than work.
 */
-#define LIBCURL_VERSION_NUM 0x071800
+#define LIBCURL_VERSION_NUM 0x071900
 
 /*
  * This is the date and time when the full source package was created. The

lib/asyn-ares.c

@@ -582,6 +582,7 @@ Curl_addrinfo *Curl_resolver_getaddrinfo(struct connectdata *conn,
     res->last_status = ARES_ENOTFOUND;
 #ifdef ENABLE_IPV6 /* CURLRES_IPV6 */
     if(family == PF_UNSPEC) {
+      if(Curl_ipv6works()) {
         res->num_pending = 2;
 
         /* areschannel is already setup in the Curl_open() function */
@@ -590,6 +591,14 @@ Curl_addrinfo *Curl_resolver_getaddrinfo(struct connectdata *conn,
         ares_gethostbyname((ares_channel)data->state.resolver, hostname,
                             PF_INET6, query_completed_cb, conn);
       }
+      else {
+        res->num_pending = 1;
+
+        /* areschannel is already setup in the Curl_open() function */
+        ares_gethostbyname((ares_channel)data->state.resolver, hostname,
+                            PF_INET, query_completed_cb, conn);
+      }
+    }
     else
 #endif /* CURLRES_IPV6 */
     {

lib/base64.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -58,11 +58,11 @@ static void decodeQuantum(unsigned char *dest, const char *src)
       x = (x << 6);
   }
 
-  dest[2] = curlx_ultouc(x);
+  dest[2] = curlx_ultouc(x & 0xFFUL);
   x >>= 8;
-  dest[1] = curlx_ultouc(x);
+  dest[1] = curlx_ultouc(x & 0xFFUL);
   x >>= 8;
-  dest[0] = curlx_ultouc(x);
+  dest[0] = curlx_ultouc(x & 0xFFUL);
 }
 
 /*

lib/connect.c

@@ -91,6 +91,35 @@
 
 static bool verifyconnect(curl_socket_t sockfd, int *error);
 
+static void
+tcpkeepalive(struct SessionHandle *data,
+             curl_socket_t sockfd)
+{
+  int optval = data->set.tcp_keepalive?1:0;
+
+  /* only set IDLE and INTVL if setting KEEPALIVE is successful */
+  if(setsockopt(sockfd, SOL_SOCKET, SO_KEEPALIVE,
+        (void *)&optval, sizeof(optval)) < 0) {
+    infof(data, "Failed to set SO_KEEPALIVE on fd %d\n", sockfd);
+  }
+  else {
+#ifdef TCP_KEEPIDLE
+    optval = curlx_sltosi(data->set.tcp_keepidle);
+    if(setsockopt(sockfd, IPPROTO_TCP, TCP_KEEPIDLE,
+          (void *)&optval, sizeof(optval)) < 0) {
+      infof(data, "Failed to set TCP_KEEPIDLE on fd %d\n", sockfd);
+    }
+#endif
+#ifdef TCP_KEEPINTVL
+    optval = curlx_sltosi(data->set.tcp_keepintvl);
+    if(setsockopt(sockfd, IPPROTO_TCP, TCP_KEEPINTVL,
+          (void *)&optval, sizeof(optval)) < 0) {
+      infof(data, "Failed to set TCP_KEEPINTVL on fd %d\n", sockfd);
+    }
+#endif
+  }
+}
+
 static CURLcode
 singleipconnect(struct connectdata *conn,
                 const Curl_addrinfo *ai, /* start connecting to this */
@@ -732,6 +761,8 @@ CURLcode Curl_is_connected(struct connectdata *conn,
   }
   next:
 
+  conn->timeoutms_per_addr = conn->ip_addr->ai_next == NULL ?
+                             allow : allow / 2;
   code = trynextip(conn, sockindex, connected);
 
   if(code) {
@@ -874,6 +905,9 @@ singleipconnect(struct connectdata *conn,
 
   Curl_sndbufset(sockfd);
 
+  if(data->set.tcp_keepalive)
+    tcpkeepalive(data, sockfd);
+
   if(data->set.fsockopt) {
     /* activate callback for setting socket options */
     error = data->set.fsockopt(data->set.sockopt_client,
@@ -989,7 +1023,6 @@ CURLcode Curl_connecthost(struct connectdata *conn,  /* context */
 {
   struct SessionHandle *data = conn->data;
   curl_socket_t sockfd = CURL_SOCKET_BAD;
-  int aliasindex;
   Curl_addrinfo *ai;
   Curl_addrinfo *curr_addr;
 
@@ -1013,9 +1046,7 @@ CURLcode Curl_connecthost(struct connectdata *conn,  /* context */
     return CURLE_OPERATION_TIMEDOUT;
   }
 
-  /* Max time for each address */
   conn->num_addr = Curl_num_addresses(remotehost->addr);
-  conn->timeoutms_per_addr = timeout_ms / conn->num_addr;
 
   ai = remotehost->addr;
 
@@ -1026,16 +1057,18 @@ CURLcode Curl_connecthost(struct connectdata *conn,  /* context */
   /*
    * Connecting with a Curl_addrinfo chain
    */
-  for(curr_addr = ai, aliasindex=0; curr_addr;
+  for(curr_addr = ai; curr_addr; curr_addr = curr_addr->ai_next) {
-      curr_addr = curr_addr->ai_next, aliasindex++) {
+    CURLcode res;
+
+    /* Max time for the next address */
+    conn->timeoutms_per_addr = curr_addr->ai_next == NULL ?
+                               timeout_ms : timeout_ms / 2;
 
     /* start connecting to the IP curr_addr points to */
-    CURLcode res =
+    res = singleipconnect(conn, curr_addr,
-      singleipconnect(conn, curr_addr,
                           /* don't hang when doing multi */
                           (data->state.used_interface == Curl_if_multi)?0:
                           conn->timeoutms_per_addr, &sockfd, connected);
-
     if(res)
       return res;
 

lib/cyassl.c

@@ -404,14 +404,10 @@ size_t Curl_cyassl_version(char *buffer, size_t size)
 
 int Curl_cyassl_init(void)
 {
-#if (LIBCYASSL_VERSION_HEX >= 0x02000000)
+  if(CyaSSL_Init() == 0)
-  if(SSL_library_init() != SSL_SUCCESS)
-    return 0;
-#else
-  InitCyaSSL();
-#endif
-
     return 1;
+
+  return -1;
 }
 
 

lib/ftp.c

@@ -3197,33 +3197,6 @@ static CURLcode ftp_connect(struct connectdata *conn,
   pp->endofresp = ftp_endofresp;
   pp->conn = conn;
 
-  if(conn->bits.tunnel_proxy && conn->bits.httpproxy) {
-    /* for FTP over HTTP proxy */
-    struct HTTP http_proxy;
-    struct FTP *ftp_save;
-
-    /* BLOCKING */
-    /* We want "seamless" FTP operations through HTTP proxy tunnel */
-
-    /* Curl_proxyCONNECT is based on a pointer to a struct HTTP at the member
-     * conn->proto.http; we want FTP through HTTP and we have to change the
-     * member temporarily for connecting to the HTTP proxy. After
-     * Curl_proxyCONNECT we have to set back the member to the original struct
-     * FTP pointer
-     */
-    ftp_save = data->state.proto.ftp;
-    memset(&http_proxy, 0, sizeof(http_proxy));
-    data->state.proto.http = &http_proxy;
-
-    result = Curl_proxyCONNECT(conn, FIRSTSOCKET,
-                               conn->host.name, conn->remote_port);
-
-    data->state.proto.ftp = ftp_save;
-
-    if(CURLE_OK != result)
-      return result;
-  }
-
   if(conn->handler->flags & PROTOPT_SSL) {
     /* BLOCKING */
     result = Curl_ssl_connect(conn, FIRSTSOCKET);
@@ -4271,7 +4244,8 @@ CURLcode ftp_parse_url_path(struct connectdata *conn)
         return CURLE_OUT_OF_MEMORY;
 
       ftpc->dirs[0] = curl_easy_unescape(conn->data, slash_pos ? cur_pos : "/",
-                                         slash_pos?(int)(slash_pos-cur_pos):1,
+                                         slash_pos ?
+                                         curlx_sztosi(slash_pos-cur_pos) : 1,
                                          NULL);
       if(!ftpc->dirs[0]) {
         freedirs(ftpc);
@@ -4310,7 +4284,7 @@ CURLcode ftp_parse_url_path(struct connectdata *conn)
           /* we skip empty path components, like "x//y" since the FTP command
              CWD requires a parameter and a non-existent parameter a) doesn't
              work on many servers and b) has no effect on the others. */
-          int len = (int)(slash_pos - cur_pos + absolute_dir);
+          int len = curlx_sztosi(slash_pos - cur_pos + absolute_dir);
           ftpc->dirs[ftpc->dirdepth] =
             curl_easy_unescape(conn->data, cur_pos - absolute_dir, len, NULL);
           if(!ftpc->dirs[ftpc->dirdepth]) { /* run out of memory ... */
@@ -4381,8 +4355,8 @@ CURLcode ftp_parse_url_path(struct connectdata *conn)
       return CURLE_OUT_OF_MEMORY;
     }
 
-    dlen -= ftpc->file?(int)strlen(ftpc->file):0;
+    dlen -= ftpc->file?curlx_uztosi(strlen(ftpc->file)):0;
-    if((dlen == (int)strlen(ftpc->prevpath)) &&
+    if((dlen == curlx_uztosi(strlen(ftpc->prevpath))) &&
        strnequal(path, ftpc->prevpath, dlen)) {
       infof(data, "Request has same path as previous transfer\n");
       ftpc->cwddone = TRUE;

lib/http.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -1309,27 +1309,17 @@ CURLcode Curl_http_connect(struct connectdata *conn, bool *done)
      function to make the re-use checks properly be able to check this bit. */
   conn->bits.close = FALSE;
 
-#ifndef CURL_DISABLE_PROXY
+  if(data->state.used_interface == Curl_if_multi) {
-  /* If we are not using a proxy and we want a secure connection, perform SSL
+    /* when the multi interface is used, the CONNECT procedure might not have
-   * initialization & connection now.  If using a proxy with https, then we
+       been completed */
-   * must tell the proxy to CONNECT to the host we want to talk to.  Only
+    result = Curl_proxy_connect(conn);
-   * after the connect has occurred, can we start talking SSL
+    if(result)
-   */
-  if(conn->bits.tunnel_proxy && conn->bits.httpproxy) {
-
-    /* either SSL over proxy, or explicitly asked for */
-    result = Curl_proxyCONNECT(conn, FIRSTSOCKET,
-                               conn->host.name,
-                               conn->remote_port);
-    if(CURLE_OK != result)
       return result;
   }
 
-  if(conn->bits.tunnel_connecting) {
+  if(conn->tunnel_state[FIRSTSOCKET] == TUNNEL_CONNECT)
     /* nothing else to do except wait right now - we're not done here. */
     return CURLE_OK;
-  }
-#endif /* CURL_DISABLE_PROXY */
 
   if(conn->given->flags & PROTOPT_SSL) {
     /* perform SSL initialization */
@@ -1857,9 +1847,23 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
       /* ignore empty data */
       free(cookiehost);
     else {
-      char *colon = strchr(cookiehost, ':');
+      /* If the host begins with '[', we start searching for the port after
+         the bracket has been closed */
+      int startsearch = 0;
+      if(*cookiehost == '[') {
+        char *closingbracket;
+        closingbracket = strchr(cookiehost+1, ']');
+        if(closingbracket)
+          *closingbracket = 0;
+        /* since the 'cookiehost' is an allocated memory area that will be
+           freed later we cannot simply increment the pointer */
+        memmove(cookiehost, cookiehost + 1, strlen(cookiehost) - 1);
+      }
+      else {
+        char *colon = strchr(cookiehost + startsearch, ':');
         if(colon)
           *colon = 0; /* The host must not include an embedded port number */
+      }
       Curl_safefree(conn->allocptr.cookiehost);
       conn->allocptr.cookiehost = cookiehost;
     }

lib/http_digest.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -34,6 +34,7 @@
 #include "url.h" /* for Curl_safefree() */
 #include "curl_memory.h"
 #include "non-ascii.h" /* included for Curl_convert_... prototypes */
+#include "warnless.h"
 
 #define _MPRINTF_REPLACE /* use our functions only */
 #include <curl/mprintf.h>
@@ -416,7 +417,8 @@ CURLcode Curl_output_digest(struct connectdata *conn,
   */
   if(authp->iestyle && ((tmp = strchr((char *)uripath, '?')) != NULL)) {
     md5this = (unsigned char *)aprintf("%s:%.*s", request,
-                                       (int)(tmp - (char *)uripath), uripath);
+                                       curlx_sztosi(tmp - (char *)uripath),
+                                       uripath);
   }
   else
     md5this = (unsigned char *)aprintf("%s:%s", request, uripath);

lib/http_proxy.c

@@ -48,6 +48,40 @@
 /* The last #include file should be: */
 #include "memdebug.h"
 
+CURLcode Curl_proxy_connect(struct connectdata *conn)
+{
+  if(conn->bits.tunnel_proxy && conn->bits.httpproxy) {
+#ifndef CURL_DISABLE_PROXY
+    /* for [protocol] tunneled through HTTP proxy */
+    struct HTTP http_proxy;
+    void *prot_save;
+    CURLcode result;
+
+    /* BLOCKING */
+    /* We want "seamless" operations through HTTP proxy tunnel */
+
+    /* Curl_proxyCONNECT is based on a pointer to a struct HTTP at the
+     * member conn->proto.http; we want [protocol] through HTTP and we have
+     * to change the member temporarily for connecting to the HTTP
+     * proxy. After Curl_proxyCONNECT we have to set back the member to the
+     * original pointer
+     */
+    prot_save = conn->data->state.proto.generic;
+    memset(&http_proxy, 0, sizeof(http_proxy));
+    conn->data->state.proto.http = &http_proxy;
+    result = Curl_proxyCONNECT(conn, FIRSTSOCKET,
+                               conn->host.name, conn->remote_port);
+    conn->data->state.proto.generic = prot_save;
+    if(CURLE_OK != result)
+      return result;
+#else
+    return CURLE_NOT_BUILT_IN;
+#endif
+  }
+  /* no HTTP tunnel proxy, just return */
+  return CURLE_OK;
+}
+
 /*
  * Curl_proxyCONNECT() requires that we're connected to a HTTP proxy. This
  * function will issue the necessary commands to get a seamless tunnel through
@@ -83,10 +117,14 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
 #define SELECT_TIMEOUT 2
   int error = SELECT_OK;
 
+  if(conn->tunnel_state[sockindex] == TUNNEL_COMPLETE)
+    return CURLE_OK; /* CONNECT is already completed */
+
   conn->bits.proxy_connect_closed = FALSE;
 
   do {
-    if(!conn->bits.tunnel_connecting) { /* BEGIN CONNECT PHASE */
+    if(TUNNEL_INIT == conn->tunnel_state[sockindex]) {
+      /* BEGIN CONNECT PHASE */
       char *host_port;
       Curl_send_buffer *req_buffer;
 
@@ -116,18 +154,28 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
       /* Setup the proxy-authorization header, if any */
       result = Curl_http_output_auth(conn, "CONNECT", host_port, TRUE);
 
+      free(host_port);
+
       if(CURLE_OK == result) {
         char *host=(char *)"";
         const char *proxyconn="";
         const char *useragent="";
         const char *http = (conn->proxytype == CURLPROXY_HTTP_1_0) ?
           "1.0" : "1.1";
+        char *hostheader= /* host:port with IPv6 support */
+          aprintf("%s%s%s:%hu", conn->bits.ipv6_ip?"[":"",
+                  hostname, conn->bits.ipv6_ip?"]":"",
+                  remote_port);
+        if(!hostheader) {
+          free(req_buffer);
+          return CURLE_OUT_OF_MEMORY;
+        }
 
         if(!Curl_checkheaders(data, "Host:")) {
-          host = aprintf("Host: %s\r\n", host_port);
+          host = aprintf("Host: %s\r\n", hostheader);
           if(!host) {
+            free(hostheader);
             free(req_buffer);
-            free(host_port);
             return CURLE_OUT_OF_MEMORY;
           }
         }
@@ -138,16 +186,15 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
            data->set.str[STRING_USERAGENT])
           useragent = conn->allocptr.uagent;
 
-        /* Send the connect request to the proxy */
-        /* BLOCKING */
         result =
           Curl_add_bufferf(req_buffer,
-                      "CONNECT %s:%hu HTTP/%s\r\n"
+                           "CONNECT %s HTTP/%s\r\n"
                            "%s"  /* Host: */
                            "%s"  /* Proxy-Authorization */
                            "%s"  /* User-Agent */
                            "%s", /* Proxy-Connection */
-                      hostname, remote_port, http,
+                           hostheader,
+                           http,
                            host,
                            conn->allocptr.proxyuserpwd?
                            conn->allocptr.proxyuserpwd:"",
@@ -156,6 +203,7 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
 
         if(host && *host)
           free(host);
+        free(hostheader);
 
         if(CURLE_OK == result)
           result = Curl_add_custom_headers(conn, req_buffer);
@@ -165,7 +213,8 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
           result = Curl_add_bufferf(req_buffer, "\r\n");
 
         if(CURLE_OK == result) {
-          /* Now send off the request */
+          /* Send the connect request to the proxy */
+          /* BLOCKING */
           result =
             Curl_add_buffer_send(req_buffer, conn,
                                  &data->info.request_size, 0, sockindex);
@@ -174,12 +223,12 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
         if(result)
           failf(data, "Failed sending CONNECT to proxy");
       }
-      free(host_port);
+
       Curl_safefree(req_buffer);
       if(result)
         return result;
 
-      conn->bits.tunnel_connecting = TRUE;
+      conn->tunnel_state[sockindex] = TUNNEL_CONNECT;
     } /* END CONNECT PHASE */
 
     /* now we've issued the CONNECT and we're waiting to hear back -
@@ -215,7 +264,6 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
        2) we're in multi-mode and we didn't block - it's either an error or we
        now have some data waiting.
        In any case, the tunnel_connecting phase is over. */
-    conn->bits.tunnel_connecting = FALSE;
 
     { /* BEGIN NEGOTIATION PHASE */
       size_t nread;   /* total size read */
@@ -505,9 +553,14 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
     if(closeConnection && data->req.newurl)
       conn->bits.proxy_connect_closed = TRUE;
 
+    /* to back to init state */
+    conn->tunnel_state[sockindex] = TUNNEL_INIT;
+
     return CURLE_RECV_ERROR;
   }
 
+  conn->tunnel_state[sockindex] = TUNNEL_COMPLETE;
+
   /* If a proxy-authorization header was used for the proxy, then we should
      make sure that it isn't accidentally used for the document request
      after we've connected. So let's free and clear it here. */

lib/http_proxy.h

@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -21,6 +21,7 @@
  * KIND, either express or implied.
  *
  ***************************************************************************/
+
 #if !defined(CURL_DISABLE_PROXY) && !defined(CURL_DISABLE_HTTP)
 /* ftp can use this as well */
 CURLcode Curl_proxyCONNECT(struct connectdata *conn,
@@ -30,8 +31,11 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
 /* Default proxy timeout in milliseconds */
 #define PROXY_TIMEOUT (3600*1000)
 
+CURLcode Curl_proxy_connect(struct connectdata *conn);
+
 #else
 #define Curl_proxyCONNECT(x,y,z,w) CURLE_NOT_BUILT_IN
+#define Curl_proxy_connect(x) CURLE_OK
 #endif
 
 #endif /* HEADER_CURL_HTTP_PROXY_H */

lib/imap.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -78,7 +78,6 @@
 #include "url.h"
 #include "rawstr.h"
 #include "strtoofft.h"
-#include "http_proxy.h"
 
 #define _MPRINTF_REPLACE /* use our functions only */
 #include <curl/mprintf.h>
@@ -721,33 +720,6 @@ static CURLcode imap_connect(struct connectdata *conn,
   pp->endofresp = imap_endofresp;
   pp->conn = conn;
 
-  if(conn->bits.tunnel_proxy && conn->bits.httpproxy) {
-    /* for IMAP over HTTP proxy */
-    struct HTTP http_proxy;
-    struct FTP *imap_save;
-
-    /* BLOCKING */
-    /* We want "seamless" IMAP operations through HTTP proxy tunnel */
-
-    /* Curl_proxyCONNECT is based on a pointer to a struct HTTP at the member
-     * conn->proto.http; we want IMAP through HTTP and we have to change the
-     * member temporarily for connecting to the HTTP proxy. After
-     * Curl_proxyCONNECT we have to set back the member to the original struct
-     * IMAP pointer
-     */
-    imap_save = data->state.proto.imap;
-    memset(&http_proxy, 0, sizeof(http_proxy));
-    data->state.proto.http = &http_proxy;
-
-    result = Curl_proxyCONNECT(conn, FIRSTSOCKET,
-                               conn->host.name, conn->remote_port);
-
-    data->state.proto.imap = imap_save;
-
-    if(CURLE_OK != result)
-      return result;
-  }
-
   if((conn->handler->flags & PROTOPT_SSL) &&
      data->state.used_interface != Curl_if_multi) {
     /* BLOCKING */

lib/md4.c

@@ -27,6 +27,7 @@
 #ifdef USE_NSS
 
 #include "curl_md4.h"
+#include "warnless.h"
 
 typedef unsigned int UINT4;
 
@@ -275,7 +276,7 @@ void Curl_md4it(unsigned char *output, const unsigned char *input, size_t len)
 {
   MD4_CTX ctx;
   MD4Init(&ctx);
-  MD4Update(&ctx, input, (unsigned int)len);
+  MD4Update(&ctx, input, curlx_uztoui(len));
   MD4Final(output, &ctx);
 }
 #endif /* USE_NSS */

lib/md5.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -26,6 +26,7 @@
 
 #include "curl_md5.h"
 #include "curl_hmac.h"
+#include "warnless.h"
 
 #ifdef USE_GNUTLS_NETTLE
 
@@ -412,7 +413,7 @@ void Curl_md5it(unsigned char *outbuffer, /* 16 bytes */
 {
   MD5_CTX ctx;
   MD5_Init(&ctx);
-  MD5_Update(&ctx, input, (unsigned int)strlen((char *)input));
+  MD5_Update(&ctx, input, curlx_uztoui(strlen((char *)input)));
   MD5_Final(outbuffer, &ctx);
 }
 

lib/mk-ca-bundle.pl

@@ -32,11 +32,11 @@
 #
 use Getopt::Std;
 use MIME::Base64;
-use LWP::UserAgent;
+use LWP::UserAgent 6;
 use strict;
 use vars qw($opt_b $opt_h $opt_i $opt_l $opt_n $opt_q $opt_t $opt_u $opt_v);
 
-my $url = 'http://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt?raw=1';
+my $url = 'https://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt?raw=1';
 # If the OpenSSL commandline is not in search path you can configure it here!
 my $openssl = 'openssl';
 

lib/multi.c

@@ -812,7 +812,7 @@ static int waitconnect_getsock(struct connectdata *conn,
 
   /* when we've sent a CONNECT to a proxy, we should rather wait for the
      socket to become readable to be able to get the response headers */
-  if(conn->bits.tunnel_connecting)
+  if(conn->tunnel_state[FIRSTSOCKET] == TUNNEL_CONNECT)
     return GETSOCK_READSOCK(0);
 
   return GETSOCK_WRITESOCK(0);
@@ -1066,7 +1066,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
                          CURLM_STATE_WAITDO:CURLM_STATE_DO);
             else {
 #ifndef CURL_DISABLE_HTTP
-              if(easy->easy_conn->bits.tunnel_connecting)
+              if(easy->easy_conn->tunnel_state[FIRSTSOCKET] == TUNNEL_CONNECT)
                 multistate(easy, CURLM_STATE_WAITPROXYCONNECT);
               else
 #endif
@@ -1111,7 +1111,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
                        CURLM_STATE_WAITDO:CURLM_STATE_DO);
           else {
 #ifndef CURL_DISABLE_HTTP
-            if(easy->easy_conn->bits.tunnel_connecting)
+            if(easy->easy_conn->tunnel_state[FIRSTSOCKET] == TUNNEL_CONNECT)
               multistate(easy, CURLM_STATE_WAITPROXYCONNECT);
             else
 #endif
@@ -1144,7 +1144,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
         multistate(easy, CURLM_STATE_CONNECT);
       }
       else if(CURLE_OK == easy->result) {
-        if(!easy->easy_conn->bits.tunnel_connecting)
+        if(easy->easy_conn->tunnel_state[FIRSTSOCKET] == TUNNEL_COMPLETE)
           multistate(easy, CURLM_STATE_WAITCONNECT);
       }
       break;
@@ -1179,7 +1179,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
              BUT if we are using a proxy we must change to WAITPROXYCONNECT
           */
 #ifndef CURL_DISABLE_HTTP
-          if(easy->easy_conn->bits.tunnel_connecting)
+          if(easy->easy_conn->tunnel_state[FIRSTSOCKET] == TUNNEL_CONNECT)
             multistate(easy, CURLM_STATE_WAITPROXYCONNECT);
           else
 #endif

lib/nonblock.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -61,11 +61,11 @@ int curlx_nonblock(curl_socket_t sockfd,    /* operate on this */
 
   /* most recent unix versions */
   int flags;
-  flags = fcntl(sockfd, F_GETFL, 0);
+  flags = sfcntl(sockfd, F_GETFL, 0);
   if(nonblock)
-    return fcntl(sockfd, F_SETFL, flags | O_NONBLOCK);
+    return sfcntl(sockfd, F_SETFL, flags | O_NONBLOCK);
   else
-    return fcntl(sockfd, F_SETFL, flags & (~O_NONBLOCK));
+    return sfcntl(sockfd, F_SETFL, flags & (~O_NONBLOCK));
 
 #elif defined(HAVE_IOCTL_FIONBIO)
 

lib/nss.c

@@ -1158,6 +1158,7 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
   PRBool ssl3 = PR_FALSE;
   PRBool tlsv1 = PR_FALSE;
   PRBool ssl_no_cache;
+  PRBool ssl_cbc_random_iv;
   struct SessionHandle *data = conn->data;
   curl_socket_t sockfd = conn->sock[sockindex];
   struct ssl_connect_data *connssl = &conn->ssl[sockindex];
@@ -1266,6 +1267,18 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
   if(SSL_OptionSet(model, SSL_V2_COMPATIBLE_HELLO, ssl2) != SECSuccess)
     goto error;
 
+  ssl_cbc_random_iv = !data->set.ssl_enable_beast;
+#ifdef SSL_CBC_RANDOM_IV
+  /* unless the user explicitly asks to allow the protocol vulnerability, we
+     use the work-around */
+  if(SSL_OptionSet(model, SSL_CBC_RANDOM_IV, ssl_cbc_random_iv) != SECSuccess)
+    infof(data, "warning: failed to set SSL_CBC_RANDOM_IV = %d\n",
+          ssl_cbc_random_iv);
+#else
+  if(ssl_cbc_random_iv)
+    infof(data, "warning: support for SSL_CBC_RANDOM_IV not compiled in\n");
+#endif
+
   /* reset the flag to avoid an infinite loop */
   data->state.ssl_connect_retry = FALSE;
 

lib/openldap.c

@@ -46,7 +46,6 @@
 #include "curl_ldap.h"
 #include "curl_memory.h"
 #include "curl_base64.h"
-#include "http_proxy.h"
 
 #define _MPRINTF_REPLACE /* use our functions only */
 #include <curl/mprintf.h>
@@ -208,33 +207,6 @@ static CURLcode ldap_connect(struct connectdata *conn, bool *done)
 
   ldap_set_option(li->ld, LDAP_OPT_PROTOCOL_VERSION, &proto);
 
-  if(conn->bits.tunnel_proxy && conn->bits.httpproxy) {
-    /* for LDAP over HTTP proxy */
-    struct HTTP http_proxy;
-    ldapconninfo *li_save;
-    CURLcode result;
-
-    /* BLOCKING */
-    /* We want "seamless" LDAP operations through HTTP proxy tunnel */
-
-    /* Curl_proxyCONNECT is based on a pointer to a struct HTTP at the member
-     * conn->proto.http; we want LDAP through HTTP and we have to change the
-     * member temporarily for connecting to the HTTP proxy. After
-     * Curl_proxyCONNECT we have to set back the member to the original struct
-     * LDAP pointer
-     */
-    li_save = data->state.proto.generic;
-    memset(&http_proxy, 0, sizeof(http_proxy));
-    data->state.proto.http = &http_proxy;
-    result = Curl_proxyCONNECT(conn, FIRSTSOCKET,
-                               conn->host.name, conn->remote_port);
-
-    data->state.proto.generic = li_save;
-
-    if(CURLE_OK != result)
-      return result;
-  }
-
 #ifdef USE_SSL
   if(conn->handler->flags & PROTOPT_SSL) {
     CURLcode res;

lib/parsedate.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -75,6 +75,10 @@
 
 #include "setup.h"
 
+#ifdef HAVE_LIMITS_H
+#include <limits.h>
+#endif
+
 #include <curl/curl.h>
 #include "rawstr.h"
 #include "warnless.h"
@@ -392,7 +396,24 @@ static int parsedate(const char *date, time_t *output)
         secnum = 0;
       }
       else {
-        val = curlx_sltosi(strtol(date, &end, 10));
+        long lval;
+        int error;
+        int old_errno;
+
+        old_errno = ERRNO;
+        SET_ERRNO(0);
+        lval = strtol(date, &end, 10);
+        error = ERRNO;
+        if(error != old_errno)
+          SET_ERRNO(old_errno);
+
+        if(error)
+          return PARSEDATE_FAIL;
+
+        if((lval > (long)INT_MAX) || (lval < (long)INT_MIN))
+          return PARSEDATE_FAIL;
+
+        val = curlx_sltosi(lval);
 
         if((tzoff == -1) &&
            ((end - date) == 4) &&

lib/pop3.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -79,7 +79,6 @@
 #include "url.h"
 #include "rawstr.h"
 #include "strtoofft.h"
-#include "http_proxy.h"
 
 #define _MPRINTF_REPLACE /* use our functions only */
 #include <curl/mprintf.h>
@@ -670,33 +669,6 @@ static CURLcode pop3_connect(struct connectdata *conn,
   pp->endofresp = pop3_endofresp;
   pp->conn = conn;
 
-  if(conn->bits.tunnel_proxy && conn->bits.httpproxy) {
-    /* for POP3 over HTTP proxy */
-    struct HTTP http_proxy;
-    struct FTP *pop3_save;
-
-    /* BLOCKING */
-    /* We want "seamless" POP3 operations through HTTP proxy tunnel */
-
-    /* Curl_proxyCONNECT is based on a pointer to a struct HTTP at the member
-     * conn->proto.http; we want POP3 through HTTP and we have to change the
-     * member temporarily for connecting to the HTTP proxy. After
-     * Curl_proxyCONNECT we have to set back the member to the original struct
-     * POP3 pointer
-     */
-    pop3_save = data->state.proto.pop3;
-    memset(&http_proxy, 0, sizeof(http_proxy));
-    data->state.proto.http = &http_proxy;
-
-    result = Curl_proxyCONNECT(conn, FIRSTSOCKET,
-                               conn->host.name, conn->remote_port);
-
-    data->state.proto.pop3 = pop3_save;
-
-    if(CURLE_OK != result)
-      return result;
-  }
-
   if(conn->handler->flags & PROTOPT_SSL) {
     /* BLOCKING */
     result = Curl_ssl_connect(conn, FIRSTSOCKET);
@@ -755,7 +727,7 @@ static CURLcode pop3_done(struct connectdata *conn, CURLcode status,
   Curl_safefree(pop3c->mailbox);
   pop3c->mailbox = NULL;
 
-  /* clear these for next connection */
+  /* Clear the transfer mode for the next connection */
   pop3->transfer = FTPTRANSFER_BODY;
 
   return result;
@@ -1035,7 +1007,7 @@ CURLcode Curl_pop3_write(struct connectdata *conn,
                          char *str,
                          size_t nread)
 {
-  /* This code could be made into a special function in the handler struct. */
+  /* This code could be made into a special function in the handler struct */
   CURLcode result = CURLE_OK;
   struct SessionHandle *data = conn->data;
   struct SingleRequest *k = &data->req;
@@ -1131,10 +1103,15 @@ CURLcode Curl_pop3_write(struct connectdata *conn,
   }
 
   if(pop3c->eob == POP3_EOB_LEN) {
-    /* We have a full match so the transfer is done! */
+    /* We have a full match so the transfer is done, however we must transfer
+    the CRLF at the start of the EOB as this is considered to be part of the
+    message as per RFC-1939, sect. 3 */
+    result = Curl_client_write(conn, CLIENTWRITE_BODY, (char*)POP3_EOB, 2);
+
     k->keepon &= ~KEEP_RECV;
     pop3c->eob = 0;
-    return CURLE_OK;
+
+    return result;
   }
 
   if(pop3c->eob)

lib/setup.h

@@ -623,7 +623,6 @@ int netware_init(void);
 #if defined(__LWIP_OPT_H__)
 #  if defined(SOCKET) || \
      defined(USE_WINSOCK) || \
-     defined(HAVE_ERRNO_H) || \
      defined(HAVE_WINSOCK_H) || \
      defined(HAVE_WINSOCK2_H) || \
      defined(HAVE_WS2TCPIP_H)

lib/setup_once.h

@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -239,10 +239,21 @@ struct timeval {
 #  define sclose(x)  closesocket((x))
 #elif defined(HAVE_CLOSESOCKET_CAMEL)
 #  define sclose(x)  CloseSocket((x))
+#elif defined(USE_LWIPSOCK)
+#  define sclose(x)  lwip_close((x))
 #else
 #  define sclose(x)  close((x))
 #endif
 
+/*
+ * Stack-independent version of fcntl() on sockets:
+ */
+#if defined(USE_LWIPSOCK)
+#  define sfcntl  lwip_fcntl
+#else
+#  define sfcntl  fcntl
+#endif
+
 /*
  * Uppercase macro versions of ANSI/ISO is*() functions/macros which
  * avoid negative number inputs with argument byte codes > 127.

lib/smtp.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -87,7 +87,6 @@
 #include "curl_gethostname.h"
 #include "curl_ntlm_msgs.h"
 #include "warnless.h"
-#include "http_proxy.h"
 
 #define _MPRINTF_REPLACE /* use our functions only */
 #include <curl/mprintf.h>
@@ -109,7 +108,7 @@ static int smtp_getsock(struct connectdata *conn,
                         int numsocks);
 static CURLcode smtp_doing(struct connectdata *conn,
                            bool *dophase_done);
-static CURLcode smtp_setup_connection(struct connectdata * conn);
+static CURLcode smtp_setup_connection(struct connectdata *conn);
 static CURLcode smtp_state_upgrade_tls(struct connectdata *conn);
 
 /*
@@ -331,6 +330,7 @@ static CURLcode smtp_state_ehlo(struct connectdata *conn)
     return result;
 
   state(conn, SMTP_EHLO);
+
   return CURLE_OK;
 }
 
@@ -349,6 +349,7 @@ static CURLcode smtp_state_helo(struct connectdata *conn)
     return result;
 
   state(conn, SMTP_HELO);
+
   return CURLE_OK;
 }
 
@@ -427,7 +428,7 @@ static CURLcode smtp_authenticate(struct connectdata *conn)
 #ifndef CURL_DISABLE_CRYPTO_AUTH
   if(smtpc->authmechs & SMTP_AUTH_CRAM_MD5) {
     mech = "CRAM-MD5";
-    state1 = SMTP_AUTHCRAM;
+    state1 = SMTP_AUTHCRAMMD5;
     smtpc->authused = SMTP_AUTH_CRAM_MD5;
   }
   else
@@ -562,8 +563,8 @@ static CURLcode smtp_state_ehlo_resp(struct connectdata *conn,
      !conn->bits.user_passwd)
       result = smtp_state_helo(conn);
     else {
-      failf(data, "Access denied: %d", smtpcode);
+      failf(data, "Remote access denied: %d", smtpcode);
-      result = CURLE_LOGIN_DENIED;
+      result = CURLE_REMOTE_ACCESS_DENIED;
     }
   }
   else if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) {
@@ -589,8 +590,8 @@ static CURLcode smtp_state_helo_resp(struct connectdata *conn,
   (void)instate; /* no use for this yet */
 
   if(smtpcode/100 != 2) {
-    failf(data, "Access denied: %d", smtpcode);
+    failf(data, "Remote access denied: %d", smtpcode);
-    result = CURLE_LOGIN_DENIED;
+    result = CURLE_REMOTE_ACCESS_DENIED;
   }
   else {
     /* end the connect phase */
@@ -715,8 +716,8 @@ static CURLcode smtp_state_authcram_resp(struct connectdata *conn,
 {
   CURLcode result = CURLE_OK;
   struct SessionHandle *data = conn->data;
-  char * chlg64 = data->state.buffer;
+  char *chlg64 = data->state.buffer;
-  unsigned char * chlg;
+  unsigned char *chlg;
   size_t chlglen;
   size_t len = 0;
   char *rplyb64 = NULL;
@@ -756,7 +757,7 @@ static CURLcode smtp_state_authcram_resp(struct connectdata *conn,
   /* Compute digest. */
   ctxt = Curl_HMAC_init(Curl_HMAC_MD5,
                         (const unsigned char *) conn->passwd,
-                        (unsigned int)(strlen(conn->passwd)));
+                        curlx_uztoui(strlen(conn->passwd)));
 
   if(!ctxt) {
     Curl_safefree(chlg);
@@ -764,7 +765,7 @@ static CURLcode smtp_state_authcram_resp(struct connectdata *conn,
   }
 
   if(chlglen > 0)
-    Curl_HMAC_update(ctxt, chlg, (unsigned int)(chlglen));
+    Curl_HMAC_update(ctxt, chlg, curlx_uztoui(chlglen));
 
   Curl_safefree(chlg);
 
@@ -893,6 +894,7 @@ static CURLcode smtp_state_auth_resp(struct connectdata *conn,
 static CURLcode smtp_mail(struct connectdata *conn)
 {
   char *from = NULL;
+  char *auth = NULL;
   char *size = NULL;
   CURLcode result = CURLE_OK;
   struct SessionHandle *data = conn->data;
@@ -909,26 +911,50 @@ static CURLcode smtp_mail(struct connectdata *conn)
   if(!from)
     return CURLE_OUT_OF_MEMORY;
 
-  /* calculate the optional SIZE parameter */
+  /* calculate the optional AUTH parameter */
-  if(conn->data->set.infilesize > 0) {
+  if(data->set.str[STRING_MAIL_AUTH] && conn->proto.smtpc.authused) {
-    size = aprintf("%" FORMAT_OFF_T, data->set.infilesize);
+    if(data->set.str[STRING_MAIL_AUTH][0] != '\0')
+      auth = aprintf("%s", data->set.str[STRING_MAIL_AUTH]);
+    else
+      /* empty AUTH, RFC-2554, sect. 5 */
+      auth = strdup("<>");
 
-    if(!size) {
+    if(!auth) {
       Curl_safefree(from);
 
       return CURLE_OUT_OF_MEMORY;
     }
   }
 
-  /* send MAIL FROM */
+  /* calculate the optional SIZE parameter */
-  if(!size)
+  if(conn->data->set.infilesize > 0) {
-    result = Curl_pp_sendf(&conn->proto.smtpc.pp, "MAIL FROM:%s", from);
+    size = aprintf("%" FORMAT_OFF_T, data->set.infilesize);
-  else
-    result = Curl_pp_sendf(&conn->proto.smtpc.pp, "MAIL FROM:%s SIZE=%s",
-                           from, size);
 
-  Curl_safefree(size);
+    if(!size) {
       Curl_safefree(from);
+      Curl_safefree(auth);
+
+      return CURLE_OUT_OF_MEMORY;
+    }
+  }
+
+  /* send MAIL FROM */
+  if(!auth && !size)
+    result = Curl_pp_sendf(&conn->proto.smtpc.pp,
+                           "MAIL FROM:%s", from);
+  else if(auth && !size)
+    result = Curl_pp_sendf(&conn->proto.smtpc.pp,
+                           "MAIL FROM:%s AUTH=%s", from, auth);
+  else if(auth && size)
+    result = Curl_pp_sendf(&conn->proto.smtpc.pp,
+                           "MAIL FROM:%s AUTH=%s SIZE=%s", from, auth, size);
+  else
+    result = Curl_pp_sendf(&conn->proto.smtpc.pp,
+                           "MAIL FROM:%s SIZE=%s", from, size);
+
+  Curl_safefree(from);
+  Curl_safefree(auth);
+  Curl_safefree(size);
 
   if(result)
     return result;
@@ -1010,6 +1036,7 @@ static CURLcode smtp_state_rcpt_resp(struct connectdata *conn,
 
     /* send DATA */
     result = Curl_pp_sendf(&conn->proto.smtpc.pp, "DATA");
+
     if(result)
       return result;
 
@@ -1082,6 +1109,10 @@ static CURLcode smtp_statemach_act(struct connectdata *conn)
   if(result)
     return result;
 
+  if(smtpc->state != SMTP_QUIT)
+    /* store the latest code for later retrieval */
+    data->info.httpcode = smtpcode;
+
   if(smtpcode) {
     /* we have now received a full SMTP server response */
     switch(smtpc->state) {
@@ -1121,7 +1152,7 @@ static CURLcode smtp_statemach_act(struct connectdata *conn)
       break;
 
 #ifndef CURL_DISABLE_CRYPTO_AUTH
-    case SMTP_AUTHCRAM:
+    case SMTP_AUTHCRAMMD5:
       result = smtp_state_authcram_resp(conn, smtpcode, smtpc->state);
       break;
 #endif
@@ -1264,33 +1295,6 @@ static CURLcode smtp_connect(struct connectdata *conn,
   pp->endofresp = smtp_endofresp;
   pp->conn = conn;
 
-  if(conn->bits.tunnel_proxy && conn->bits.httpproxy) {
-    /* for SMTP over HTTP proxy */
-    struct HTTP http_proxy;
-    struct FTP *smtp_save;
-
-    /* BLOCKING */
-    /* We want "seamless" SMTP operations through HTTP proxy tunnel */
-
-    /* Curl_proxyCONNECT is based on a pointer to a struct HTTP at the member
-     * conn->proto.http; we want SMTP through HTTP and we have to change the
-     * member temporarily for connecting to the HTTP proxy. After
-     * Curl_proxyCONNECT we have to set back the member to the original struct
-     * SMTP pointer
-     */
-    smtp_save = data->state.proto.smtp;
-    memset(&http_proxy, 0, sizeof(http_proxy));
-    data->state.proto.http = &http_proxy;
-
-    result = Curl_proxyCONNECT(conn, FIRSTSOCKET,
-                               conn->host.name, conn->remote_port);
-
-    data->state.proto.smtp = smtp_save;
-
-    if(CURLE_OK != result)
-      return result;
-  }
-
   if((conn->handler->protocol & CURLPROTO_SMTPS) &&
       data->state.used_interface != Curl_if_multi) {
     /* SMTPS is simply smtp with SSL for the control channel */
@@ -1308,19 +1312,18 @@ static CURLcode smtp_connect(struct connectdata *conn,
   pp->conn = conn;
 
   if(!*path) {
-    if(!Curl_gethostname(localhost, sizeof localhost))
+    if(!Curl_gethostname(localhost, sizeof(localhost)))
       path = localhost;
     else
       path = "localhost";
   }
 
-  /* url decode the path and use it as domain with EHLO */
+  /* Url decode the path and use it as the domain in our EHLO */
   result = Curl_urldecode(conn->data, path, 0, &smtpc->domain, NULL, TRUE);
   if(result)
     return result;
 
-  /* When we connect, we start in the state where we await the server greeting
+  /* Set the state as we are waiting the server greeting */
-   */
   state(conn, SMTP_SERVERGREET);
 
   if(data->state.used_interface == Curl_if_multi)
@@ -1364,25 +1367,34 @@ static CURLcode smtp_done(struct connectdata *conn, CURLcode status,
     conn->bits.close = TRUE; /* marked for closure */
     result = status;         /* use the already set error code */
   }
-  else
+  else if(!data->set.connect_only) {
-    /* TODO: make this work even when the socket is EWOULDBLOCK in this
+    struct smtp_conn *smtpc = &conn->proto.smtpc;
-       call! */
+    struct pingpong *pp = &smtpc->pp;
 
-    /* write to socket (send away data) */
+    /* Send the end of block data */
     result = Curl_write(conn,
                         conn->writesockfd,  /* socket to send to */
                         SMTP_EOB,           /* buffer pointer */
                         SMTP_EOB_LEN,       /* buffer size */
                         &bytes_written);    /* actually sent away */
 
+    if(result)
+      return result;
 
-  if(status == CURLE_OK) {
+    if(bytes_written != SMTP_EOB_LEN) {
-    struct smtp_conn *smtpc = &conn->proto.smtpc;
+      /* The whole chunk was not sent so keep it around and adjust the
-    struct pingpong *pp = &smtpc->pp;
+         pingpong structure accordingly */
-    pp->response = Curl_tvnow(); /* timeout relative now */
+      pp->sendthis = strdup(SMTP_EOB);
+      pp->sendsize = SMTP_EOB_LEN;
+      pp->sendleft = SMTP_EOB_LEN - bytes_written;
+    }
+    else
+      /* Successfully sent so adjust the response timeout relative to now */
+      pp->response = Curl_tvnow();
 
     state(conn, SMTP_POSTDATA);
-    /* run the state-machine
+
+    /* Run the state-machine
 
        TODO: when the multi interface is used, this _really_ should be using
        the smtp_multi_statemach function but we have no general support for
@@ -1392,7 +1404,7 @@ static CURLcode smtp_done(struct connectdata *conn, CURLcode status,
     result = smtp_easy_statemach(conn);
   }
 
-  /* clear these for next connection */
+  /* Clear the transfer mode for the next connection */
   smtp->transfer = FTPTRANSFER_BODY;
 
   return result;
@@ -1405,7 +1417,6 @@ static CURLcode smtp_done(struct connectdata *conn, CURLcode status,
  * This is the actual DO function for SMTP. Get a file/directory according to
  * the options previously setup.
  */
-
 static
 CURLcode smtp_perform(struct connectdata *conn,
                      bool *connected,  /* connect status after PASV / PORT */
@@ -1491,6 +1502,7 @@ static CURLcode smtp_quit(struct connectdata *conn)
   result = Curl_pp_sendf(&conn->proto.smtpc.pp, "QUIT");
   if(result)
     return result;
+
   state(conn, SMTP_QUIT);
 
   result = smtp_easy_statemach(conn);
@@ -1531,7 +1543,6 @@ static CURLcode smtp_disconnect(struct connectdata *conn,
 
   /* This won't already be freed in some error cases */
   Curl_safefree(smtpc->domain);
-  smtpc->domain = NULL;
 
   return CURLE_OK;
 }
@@ -1548,8 +1559,7 @@ static CURLcode smtp_dophase_done(struct connectdata *conn,
     /* no data to transfer */
     Curl_setup_transfer(conn, -1, -1, FALSE, NULL, -1, NULL);
 
-  free(smtpc->domain);
+  Curl_safefree(smtpc->domain);
-  smtpc->domain = NULL;
 
   return CURLE_OK;
 }
@@ -1579,8 +1589,7 @@ static CURLcode smtp_doing(struct connectdata *conn,
  * Performs all commands done before a regular transfer between a local and a
  * remote host.
  */
-static
+static CURLcode smtp_regular_transfer(struct connectdata *conn,
-CURLcode smtp_regular_transfer(struct connectdata *conn,
                                       bool *dophase_done)
 {
   CURLcode result = CURLE_OK;
@@ -1629,8 +1638,8 @@ static CURLcode smtp_setup_connection(struct connectdata *conn)
       return CURLE_UNSUPPORTED_PROTOCOL;
 #endif
     }
-    /*
+
-     * We explicitly mark this connection as persistent here as we're doing
+    /* We explicitly mark this connection as persistent here as we're doing
      * SMTP over HTTP and thus we accidentally avoid setting this value
      * otherwise.
      */
@@ -1657,20 +1666,23 @@ CURLcode Curl_smtp_escape_eob(struct connectdata *conn, ssize_t nread)
   struct smtp_conn *smtpc = &conn->proto.smtpc;
   struct SessionHandle *data = conn->data;
 
-  if(data->state.scratch == NULL)
+  /* Do we need to allocate the scatch buffer? */
+  if(!data->state.scratch)  {
     data->state.scratch = malloc(2 * BUFSIZE);
-  if(data->state.scratch == NULL) {
+
+    if(!data->state.scratch) {
       failf (data, "Failed to alloc scratch buffer!");
       return CURLE_OUT_OF_MEMORY;
     }
+  }
+
   /* This loop can be improved by some kind of Boyer-Moore style of
      approach but that is saved for later... */
   for(i = 0, si = 0; i < nread; i++) {
-
     if(SMTP_EOB[smtpc->eob] == data->req.upload_fromhere[i])
       smtpc->eob++;
     else if(smtpc->eob) {
-      /* previously a substring matched, output that first */
+      /* A previous substring matched so output that first */
       memcpy(&data->state.scratch[si], SMTP_EOB, smtpc->eob);
       si += smtpc->eob;
 
@@ -1694,8 +1706,14 @@ CURLcode Curl_smtp_escape_eob(struct connectdata *conn, ssize_t nread)
     }
     else if(!smtpc->eob)
       data->state.scratch[si++] = data->req.upload_fromhere[i];
+  }
 
-  } /* for() */
+  if(smtpc->eob) {
+    /* A substring matched before processing ended so output that now */
+    memcpy(&data->state.scratch[si], SMTP_EOB, smtpc->eob);
+    si += smtpc->eob;
+    smtpc->eob = 0;
+  }
 
   if(si != nread) {
     /* only use the new buffer if we replaced something */

lib/smtp.h

@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2009 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2009 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -39,7 +39,7 @@ typedef enum {
   SMTP_AUTHPLAIN,
   SMTP_AUTHLOGIN,
   SMTP_AUTHPASSWD,
-  SMTP_AUTHCRAM,
+  SMTP_AUTHCRAMMD5,
   SMTP_AUTHNTLM,
   SMTP_AUTHNTLM_TYPE2MSG,
   SMTP_AUTH,

lib/ssh.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -108,6 +108,10 @@
                          have their definition hidden well */
 #endif
 
+#define sftp_libssh2_realpath(s,p,t,m) \
+        libssh2_sftp_symlink_ex((s), (p), curlx_uztoui(strlen(p)), \
+                                (t), (m), LIBSSH2_SFTP_REALPATH)
+
 /* Local functions: */
 static const char *sftp_libssh2_strerror(unsigned long err);
 static LIBSSH2_ALLOC_FUNC(my_libssh2_malloc);
@@ -225,7 +229,7 @@ kbd_callback(const char *name, int name_len, const char *instruction,
 #endif  /* CURL_LIBSSH2_DEBUG */
   if(num_prompts == 1) {
     responses[0].text = strdup(conn->passwd);
-    responses[0].length = (unsigned int)strlen(conn->passwd);
+    responses[0].length = curlx_uztoui(strlen(conn->passwd));
   }
   (void)prompts;
   (void)abstract;
@@ -734,7 +738,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
        */
       sshc->authlist = libssh2_userauth_list(sshc->ssh_session,
                                              conn->user,
-                                             (unsigned int)strlen(conn->user));
+                                             curlx_uztoui(strlen(conn->user)));
 
       if(!sshc->authlist) {
         if((err = libssh2_session_last_errno(sshc->ssh_session)) ==
@@ -827,8 +831,8 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
        */
       rc = libssh2_userauth_publickey_fromfile_ex(sshc->ssh_session,
                                                   conn->user,
-                                                  (unsigned int)
+                                                  curlx_uztoui(
-                                                  strlen(conn->user),
+                                                    strlen(conn->user)),
                                                   sshc->rsa_pub,
                                                   sshc->rsa, sshc->passphrase);
       if(rc == LIBSSH2_ERROR_EAGAIN) {
@@ -866,9 +870,9 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
 
     case SSH_AUTH_PASS:
       rc = libssh2_userauth_password_ex(sshc->ssh_session, conn->user,
-                                        (unsigned int)strlen(conn->user),
+                                        curlx_uztoui(strlen(conn->user)),
                                         conn->passwd,
-                                        (unsigned int)strlen(conn->passwd),
+                                        curlx_uztoui(strlen(conn->passwd)),
                                         NULL);
       if(rc == LIBSSH2_ERROR_EAGAIN) {
         break;
@@ -911,8 +915,8 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
       /* Authentication failed. Continue with keyboard-interactive now. */
       rc = libssh2_userauth_keyboard_interactive_ex(sshc->ssh_session,
                                                     conn->user,
-                                                    (unsigned int)
+                                                    curlx_uztoui(
-                                                    strlen(conn->user),
+                                                      strlen(conn->user)),
                                                     &kbd_callback);
       if(rc == LIBSSH2_ERROR_EAGAIN) {
         break;
@@ -982,7 +986,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
       /*
        * Get the "home" directory
        */
-      rc = libssh2_sftp_realpath(sshc->sftp_session, ".",
+      rc = sftp_libssh2_realpath(sshc->sftp_session, ".",
                                  tempHome, PATH_MAX-1);
       if(rc == LIBSSH2_ERROR_EAGAIN) {
         break;
@@ -1271,7 +1275,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
          * first.  This takes an extra protocol round trip.
          */
         rc = libssh2_sftp_stat_ex(sshc->sftp_session, sshc->quote_path2,
-                                  (unsigned int)strlen(sshc->quote_path2),
+                                  curlx_uztoui(strlen(sshc->quote_path2)),
                                   LIBSSH2_SFTP_STAT,
                                   &sshc->quote_attrs);
         if(rc == LIBSSH2_ERROR_EAGAIN) {
@@ -1350,7 +1354,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
 
     case SSH_SFTP_QUOTE_SETSTAT:
       rc = libssh2_sftp_stat_ex(sshc->sftp_session, sshc->quote_path2,
-                                (unsigned int)strlen(sshc->quote_path2),
+                                curlx_uztoui(strlen(sshc->quote_path2)),
                                 LIBSSH2_SFTP_SETSTAT,
                                 &sshc->quote_attrs);
       if(rc == LIBSSH2_ERROR_EAGAIN) {
@@ -1374,9 +1378,9 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
 
     case SSH_SFTP_QUOTE_SYMLINK:
       rc = libssh2_sftp_symlink_ex(sshc->sftp_session, sshc->quote_path1,
-                                   (unsigned int)strlen(sshc->quote_path1),
+                                   curlx_uztoui(strlen(sshc->quote_path1)),
                                    sshc->quote_path2,
-                                   (unsigned int)strlen(sshc->quote_path2),
+                                   curlx_uztoui(strlen(sshc->quote_path2)),
                                    LIBSSH2_SFTP_SYMLINK);
       if(rc == LIBSSH2_ERROR_EAGAIN) {
         break;
@@ -1399,7 +1403,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
 
     case SSH_SFTP_QUOTE_MKDIR:
       rc = libssh2_sftp_mkdir_ex(sshc->sftp_session, sshc->quote_path1,
-                                 (unsigned int)strlen(sshc->quote_path1),
+                                 curlx_uztoui(strlen(sshc->quote_path1)),
                                  data->set.new_directory_perms);
       if(rc == LIBSSH2_ERROR_EAGAIN) {
         break;
@@ -1419,9 +1423,9 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
 
     case SSH_SFTP_QUOTE_RENAME:
       rc = libssh2_sftp_rename_ex(sshc->sftp_session, sshc->quote_path1,
-                                  (unsigned int)strlen(sshc->quote_path1),
+                                  curlx_uztoui(strlen(sshc->quote_path1)),
                                   sshc->quote_path2,
-                                  (unsigned int)strlen(sshc->quote_path2),
+                                  curlx_uztoui(strlen(sshc->quote_path2)),
                                   LIBSSH2_SFTP_RENAME_OVERWRITE |
                                   LIBSSH2_SFTP_RENAME_ATOMIC |
                                   LIBSSH2_SFTP_RENAME_NATIVE);
@@ -1446,7 +1450,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
 
     case SSH_SFTP_QUOTE_RMDIR:
       rc = libssh2_sftp_rmdir_ex(sshc->sftp_session, sshc->quote_path1,
-                                 (unsigned int)strlen(sshc->quote_path1));
+                                 curlx_uztoui(strlen(sshc->quote_path1)));
       if(rc == LIBSSH2_ERROR_EAGAIN) {
         break;
       }
@@ -1465,7 +1469,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
 
     case SSH_SFTP_QUOTE_UNLINK:
       rc = libssh2_sftp_unlink_ex(sshc->sftp_session, sshc->quote_path1,
-                                  (unsigned int)strlen(sshc->quote_path1));
+                                  curlx_uztoui(strlen(sshc->quote_path1)));
       if(rc == LIBSSH2_ERROR_EAGAIN) {
         break;
       }
@@ -1509,7 +1513,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
         LIBSSH2_SFTP_ATTRIBUTES attrs;
         if(data->state.resume_from < 0) {
           rc = libssh2_sftp_stat_ex(sshc->sftp_session, sftp_scp->path,
-                                    (unsigned int)strlen(sftp_scp->path),
+                                    curlx_uztoui(strlen(sftp_scp->path)),
                                     LIBSSH2_SFTP_STAT, &attrs);
           if(rc == LIBSSH2_ERROR_EAGAIN) {
             break;
@@ -1540,7 +1544,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
 
       sshc->sftp_handle =
         libssh2_sftp_open_ex(sshc->sftp_session, sftp_scp->path,
-                             (unsigned int)strlen(sftp_scp->path),
+                             curlx_uztoui(strlen(sftp_scp->path)),
                              flags, data->set.new_file_perms,
                              LIBSSH2_SFTP_OPENFILE);
 
@@ -1699,7 +1703,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
     case SSH_SFTP_CREATE_DIRS_MKDIR:
       /* 'mode' - parameter is preliminary - default to 0644 */
       rc = libssh2_sftp_mkdir_ex(sshc->sftp_session, sftp_scp->path,
-                                 (unsigned int)strlen(sftp_scp->path),
+                                 curlx_uztoui(strlen(sftp_scp->path)),
                                  data->set.new_directory_perms);
       if(rc == LIBSSH2_ERROR_EAGAIN) {
         break;
@@ -1733,8 +1737,8 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
        */
       sshc->sftp_handle = libssh2_sftp_open_ex(sshc->sftp_session,
                                                sftp_scp->path,
-                                               (unsigned int)
+                                               curlx_uztoui(
-                                               strlen(sftp_scp->path),
+                                                 strlen(sftp_scp->path)),
                                                0, 0, LIBSSH2_SFTP_OPENDIR);
       if(!sshc->sftp_handle) {
         if(libssh2_session_last_errno(sshc->ssh_session) ==
@@ -1875,7 +1879,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
       sshc->readdir_len =
         libssh2_sftp_symlink_ex(sshc->sftp_session,
                                 sshc->readdir_linkPath,
-                                (unsigned int) strlen(sshc->readdir_linkPath),
+                                curlx_uztoui(strlen(sshc->readdir_linkPath)),
                                 sshc->readdir_filename,
                                 PATH_MAX, LIBSSH2_SFTP_READLINK);
       if(sshc->readdir_len == LIBSSH2_ERROR_EAGAIN) {
@@ -1961,7 +1965,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
        */
       sshc->sftp_handle =
         libssh2_sftp_open_ex(sshc->sftp_session, sftp_scp->path,
-                             (unsigned int)strlen(sftp_scp->path),
+                             curlx_uztoui(strlen(sftp_scp->path)),
                              LIBSSH2_FXF_READ, data->set.new_file_perms,
                              LIBSSH2_SFTP_OPENFILE);
       if(!sshc->sftp_handle) {
@@ -1988,7 +1992,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
       LIBSSH2_SFTP_ATTRIBUTES attrs;
 
       rc = libssh2_sftp_stat_ex(sshc->sftp_session, sftp_scp->path,
-                                (unsigned int)strlen(sftp_scp->path),
+                                curlx_uztoui(strlen(sftp_scp->path)),
                                 LIBSSH2_SFTP_STAT, &attrs);
       if(rc == LIBSSH2_ERROR_EAGAIN) {
         break;

lib/ssluse.c

@@ -67,6 +67,7 @@
 #include <x509v3.h>
 #endif
 
+#include "warnless.h"
 #include "curl_memory.h"
 #include "non-ascii.h" /* for Curl_convert_from_utf8 prototype */
 
@@ -144,7 +145,7 @@
 static char global_passwd[64];
 #endif
 
-static int passwd_callback(char *buf, int num, int verify
+static int passwd_callback(char *buf, int num, int encrypting
 #ifdef HAVE_USERDATA_IN_PWD_CALLBACK
                            /* This was introduced in 0.9.4, we can set this
                               using SSL_CTX_set_default_passwd_cb_userdata()
@@ -153,12 +154,13 @@ static int passwd_callback(char *buf, int num, int verify
 #endif
                            )
 {
-  if(verify)
+  DEBUGASSERT(0 == encrypting);
-    fprintf(stderr, "%s\n", buf);
+
-  else {
+  if(!encrypting) {
-    if(num > (int)strlen((char *)global_passwd)) {
+    int klen = curlx_uztosi(strlen((char *)global_passwd));
-      strcpy(buf, global_passwd);
+    if(num > klen) {
-      return (int)strlen(buf);
+      memcpy(buf, global_passwd, klen+1);
+      return klen;
     }
   }
   return 0;
@@ -254,7 +256,7 @@ static int ossl_seed(struct SessionHandle *data)
       if(!area)
         return 3; /* out of memory */
 
-      len = (int)strlen(area);
+      len = curlx_uztosi(strlen(area));
       RAND_add(area, len, (len >> 1));
 
       free(area); /* now remove the random junk */
@@ -338,6 +340,8 @@ int cert_stuff(struct connectdata *conn,
       size_t len = strlen(data->set.str[STRING_KEY_PASSWD]);
       if(len < sizeof(global_passwd))
         memcpy(global_passwd, data->set.str[STRING_KEY_PASSWD], len+1);
+      else
+        global_passwd[0] = '\0';
 #else
       /*
        * We set the password in the callback userdata
@@ -1252,7 +1256,7 @@ static CURLcode verifyhost(struct connectdata *conn,
         else /* not a UTF8 name */
           j = ASN1_STRING_to_UTF8(&peer_CN, tmp);
 
-        if(peer_CN && ((int)strlen((char *)peer_CN) != j)) {
+        if(peer_CN && (curlx_uztosi(strlen((char *)peer_CN)) != j)) {
           /* there was a terminating zero before the end of string, this
              cannot match and we return failure! */
           failf(data, "SSL: illegal cert name field");
@@ -1566,6 +1570,9 @@ ossl_connect_step1(struct connectdata *conn,
 #endif
 
 #ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
+  /* unless the user explicitly ask to allow the protocol vulnerability we
+     use the work-around */
+  if(!conn->data->set.ssl_enable_beast)
     ctx_options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
 #endif
 

lib/telnet.c

@@ -69,6 +69,7 @@
 #include "select.h"
 #include "strequal.h"
 #include "rawstr.h"
+#include "warnless.h"
 
 /* The last #include file should be: */
 #include "memdebug.h"

lib/url.c

@@ -124,6 +124,7 @@ int curl_win32_idn_to_ascii(const char *in, char **out);
 #include "socks.h"
 #include "curl_rtmp.h"
 #include "gopher.h"
+#include "http_proxy.h"
 
 #define _MPRINTF_REPLACE /* use our functions only */
 #include <curl/mprintf.h>
@@ -272,6 +273,12 @@ void Curl_freeset(struct SessionHandle * data)
   enum dupstring i;
   for(i=(enum dupstring)0; i < STRING_LAST; i++)
     Curl_safefree(data->set.str[i]);
+
+  if(data->change.referer_alloc) {
+    Curl_safefree(data->change.referer);
+    data->change.referer_alloc = FALSE;
+  }
+  data->change.referer = NULL;
 }
 
 static CURLcode setstropt(char **charp, char * s)
@@ -742,6 +749,13 @@ CURLcode Curl_init_userdefined(struct UserDefined *set)
   set->chunk_bgn      = ZERO_NULL;
   set->chunk_end      = ZERO_NULL;
 
+  /* tcp keepalives are disabled by default, but provide reasonable values for
+   * the interval and idle times.
+   */
+  set->tcp_keepalive = FALSE;
+  set->tcp_keepintvl = 60;
+  set->tcp_keepidle = 60;
+
   return res;
 }
 
@@ -805,6 +819,7 @@ CURLcode Curl_open(struct SessionHandle **curl)
        multi stack. */
   }
 
+
   if(res) {
     Curl_resolver_cleanup(data->state.resolver);
     if(data->state.headerbuff)
@@ -824,6 +839,7 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
 {
   char *argptr;
   CURLcode result = CURLE_OK;
+  long arg;
 #ifndef CURL_DISABLE_HTTP
   curl_off_t bigsize;
 #endif
@@ -833,11 +849,9 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
     data->set.dns_cache_timeout = va_arg(param, long);
     break;
   case CURLOPT_DNS_USE_GLOBAL_CACHE:
-  {
     /* remember we want this enabled */
-    long use_cache = va_arg(param, long);
+    arg = va_arg(param, long);
-    data->set.global_dns_cache = (0 != use_cache)?TRUE:FALSE;
+    data->set.global_dns_cache = (0 != arg)?TRUE:FALSE;
-  }
     break;
   case CURLOPT_SSL_CIPHER_LIST:
     /* set a list of cipher we want to use in the SSL connection */
@@ -2175,6 +2189,12 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
      */
     data->set.use_ssl = (curl_usessl)va_arg(param, long);
     break;
+
+  case CURLOPT_SSL_OPTIONS:
+    arg = va_arg(param, long);
+    data->set.ssl_enable_beast = arg&CURLSSLOPT_ALLOW_BEAST?TRUE:FALSE;
+    break;
+
 #endif
   case CURLOPT_FTPSSLAUTH:
     /*
@@ -2383,6 +2403,11 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
                        va_arg(param, char *));
     break;
 
+  case CURLOPT_MAIL_AUTH:
+    result = setstropt(&data->set.str[STRING_MAIL_AUTH],
+                       va_arg(param, char *));
+    break;
+
   case CURLOPT_MAIL_RCPT:
     /* get a list of mail recipients */
     data->set.mail_rcpt = va_arg(param, struct curl_slist *);
@@ -2539,6 +2564,16 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
     result = Curl_set_dns_servers(data, va_arg(param, char *));
     break;
 
+  case CURLOPT_TCP_KEEPALIVE:
+    data->set.tcp_keepalive = (0 != va_arg(param, long))?TRUE:FALSE;
+    break;
+  case CURLOPT_TCP_KEEPIDLE:
+    data->set.tcp_keepidle = va_arg(param, long);
+    break;
+  case CURLOPT_TCP_KEEPINTVL:
+    data->set.tcp_keepintvl = va_arg(param, long);
+    break;
+
   default:
     /* unknown tag and its companion, just ignore: */
     result = CURLE_UNKNOWN_OPTION;
@@ -3351,13 +3386,18 @@ CURLcode Curl_protocol_connect(struct connectdata *conn,
   Curl_verboseconnect(conn);
 
   if(!conn->bits.protoconnstart) {
-    if(conn->handler->connect_it) {
-      /* is there a protocol-specific connect() procedure? */
 
     /* Set start time here for timeout purposes in the connect procedure, it
        is later set again for the progress meter purpose */
     conn->now = Curl_tvnow();
 
+    result = Curl_proxy_connect(conn);
+    if(result)
+      return result;
+
+    if(conn->handler->connect_it) {
+      /* is there a protocol-specific connect() procedure? */
+
       /* Call the protocol-specific connect function */
       result = conn->handler->connect_it(conn, protocol_done);
     }
@@ -4195,22 +4235,18 @@ static CURLcode parse_proxy(struct SessionHandle *data,
 
       if(CURLE_OK == res) {
         conn->bits.proxy_user_passwd = TRUE; /* enable it */
-        atsign = strdup(atsign+1); /* the right side of the @-letter */
+        atsign++; /* the right side of the @-letter */
 
-        if(atsign) {
+        if(atsign)
-          free(proxy); /* free the former proxy string */
           proxy = proxyptr = atsign; /* now use this instead */
-        }
         else
           res = CURLE_OUT_OF_MEMORY;
       }
 
-      if(res) {
+      if(res)
-        free(proxy); /* free the allocated proxy string */
         return res;
     }
   }
-  }
 
   /* start scanning for port number at this point */
   portptr = proxyptr;
@@ -4242,6 +4278,12 @@ static CURLcode parse_proxy(struct SessionHandle *data,
     conn->port = strtol(prox_portno, NULL, 10);
   }
   else {
+    if(proxyptr[0]=='/')
+      /* If the first character in the proxy string is a slash, fail
+         immediately. The following code will otherwise clear the string which
+         will lead to code running as if no proxy was set! */
+      return CURLE_COULDNT_RESOLVE_PROXY;
+
     /* without a port number after the host name, some people seem to use
        a slash so we strip everything from the first slash */
     atsign = strchr(proxyptr, '/');
@@ -4258,7 +4300,6 @@ static CURLcode parse_proxy(struct SessionHandle *data,
   conn->proxy.rawalloc = strdup(proxyptr);
   conn->proxy.name = conn->proxy.rawalloc;
 
-  free(proxy);
   if(!conn->proxy.rawalloc)
     return CURLE_OUT_OF_MEMORY;
 
@@ -4889,8 +4930,9 @@ static CURLcode create_conn(struct SessionHandle *data,
   if(proxy) {
     result = parse_proxy(data, conn, proxy);
 
-    /* parse_proxy has freed the proxy string, so don't try to use it again */
+    free(proxy); /* parse_proxy copies the proxy string */
-    if(result != CURLE_OK)
+
+    if(result)
       return result;
 
     if((conn->proxytype == CURLPROXY_HTTP) ||

lib/urldata.h

@@ -112,7 +112,7 @@
 #endif
 
 #ifdef USE_CYASSL
-#include <openssl/ssl.h>
+#include <cyassl/openssl/ssl.h>
 #endif
 
 #ifdef USE_NSS
@@ -422,8 +422,6 @@ struct ConnectBits {
                          This is implicit when SSL-protocols are used through
                          proxies, but can also be enabled explicitly by
                          apps */
-  bool tunnel_connecting; /* TRUE while we're still waiting for a proxy CONNECT
-                           */
   bool authneg;       /* TRUE when the auth phase has started, which means
                          that we are creating a request with an auth header,
                          but it is not the final request in the auth
@@ -964,6 +962,12 @@ struct connectdata {
   unsigned short localport;
   int localportrange;
 
+  /* tunnel as in tunnel through a HTTP proxy with CONNECT */
+  enum {
+    TUNNEL_INIT,    /* init/default/no tunnel state */
+    TUNNEL_CONNECT, /* CONNECT has been sent off */
+    TUNNEL_COMPLETE /* CONNECT response received completely */
+  } tunnel_state[2]; /* two separate ones to allow FTP */
 };
 
 /* The end of connectdata. */
@@ -1335,6 +1339,7 @@ enum dupstring {
   STRING_SOCKS5_GSSAPI_SERVICE,  /* GSSAPI service name */
 #endif
   STRING_MAIL_FROM,
+  STRING_MAIL_AUTH,
 
 #ifdef USE_TLS_SRP
   STRING_TLSAUTH_USERNAME,     /* TLS auth <username> */
@@ -1508,6 +1513,8 @@ struct UserDefined {
   bool ftp_skip_ip;      /* skip the IP address the FTP server passes on to
                             us */
   bool connect_only;     /* make connection, let application use the socket */
+  bool ssl_enable_beast; /* especially allow this flaw for interoperability's
+                            sake*/
   long ssh_auth_types;   /* allowed SSH auth types */
   bool http_te_skip;     /* pass the raw body data to the user, even when
                             transfer-encoded (chunked, compressed) */
@@ -1539,6 +1546,10 @@ struct UserDefined {
 
   long gssapi_delegation; /* GSSAPI credential delegation, see the
                              documentation of CURLOPT_GSSAPI_DELEGATION */
+
+  bool tcp_keepalive;    /* use TCP keepalives */
+  long tcp_keepidle;     /* seconds in idle before sending keepalive probe */
+  long tcp_keepintvl;    /* seconds between TCP keepalive probes */
 };
 
 struct Names {

lib/warnless.c

@@ -131,6 +131,7 @@ unsigned short curlx_ultous(unsigned long ulnum)
 #  pragma warning(disable:810) /* conversion may lose significant bits */
 #endif
 
+  DEBUGASSERT(ulnum <= (unsigned long) CURL_MASK_USHORT);
   return (unsigned short)(ulnum & (unsigned long) CURL_MASK_USHORT);
 
 #ifdef __INTEL_COMPILER
@@ -149,6 +150,7 @@ unsigned char curlx_ultouc(unsigned long ulnum)
 #  pragma warning(disable:810) /* conversion may lose significant bits */
 #endif
 
+  DEBUGASSERT(ulnum <= (unsigned long) CURL_MASK_UCHAR);
   return (unsigned char)(ulnum & (unsigned long) CURL_MASK_UCHAR);
 
 #ifdef __INTEL_COMPILER
@@ -167,6 +169,7 @@ int curlx_uztosi(size_t uznum)
 #  pragma warning(disable:810) /* conversion may lose significant bits */
 #endif
 
+  DEBUGASSERT(uznum <= (size_t) CURL_MASK_SINT);
   return (int)(uznum & (size_t) CURL_MASK_SINT);
 
 #ifdef __INTEL_COMPILER
@@ -185,6 +188,7 @@ unsigned long curlx_uztoul(size_t uznum)
 # pragma warning(disable:810) /* conversion may lose significant bits */
 #endif
 
+  DEBUGASSERT(uznum <= (size_t) CURL_MASK_ULONG);
   return (unsigned long)(uznum & (size_t) CURL_MASK_ULONG);
 
 #ifdef __INTEL_COMPILER
@@ -192,6 +196,25 @@ unsigned long curlx_uztoul(size_t uznum)
 #endif
 }
 
+/*
+** unsigned size_t to unsigned int
+*/
+
+unsigned int curlx_uztoui(size_t uznum)
+{
+#ifdef __INTEL_COMPILER
+# pragma warning(push)
+# pragma warning(disable:810) /* conversion may lose significant bits */
+#endif
+
+  DEBUGASSERT(uznum <= (size_t) CURL_MASK_UINT);
+  return (unsigned int)(uznum & (size_t) CURL_MASK_UINT);
+
+#ifdef __INTEL_COMPILER
+# pragma warning(pop)
+#endif
+}
+
 /*
 ** signed long to signed int
 */
@@ -204,6 +227,7 @@ int curlx_sltosi(long slnum)
 #endif
 
   DEBUGASSERT(slnum >= 0);
+  DEBUGASSERT((unsigned long) slnum <= (unsigned long) CURL_MASK_SINT);
   return (int)(slnum & (long) CURL_MASK_SINT);
 
 #ifdef __INTEL_COMPILER
@@ -223,6 +247,7 @@ unsigned int curlx_sltoui(long slnum)
 #endif
 
   DEBUGASSERT(slnum >= 0);
+  DEBUGASSERT((unsigned long) slnum <= (unsigned long) CURL_MASK_UINT);
   return (unsigned int)(slnum & (long) CURL_MASK_UINT);
 
 #ifdef __INTEL_COMPILER
@@ -242,6 +267,7 @@ unsigned short curlx_sltous(long slnum)
 #endif
 
   DEBUGASSERT(slnum >= 0);
+  DEBUGASSERT((unsigned long) slnum <= (unsigned long) CURL_MASK_USHORT);
   return (unsigned short)(slnum & (long) CURL_MASK_USHORT);
 
 #ifdef __INTEL_COMPILER
@@ -260,6 +286,7 @@ ssize_t curlx_uztosz(size_t uznum)
 #  pragma warning(disable:810) /* conversion may lose significant bits */
 #endif
 
+  DEBUGASSERT(uznum <= (size_t) CURL_MASK_SSIZE_T);
   return (ssize_t)(uznum & (size_t) CURL_MASK_SSIZE_T);
 
 #ifdef __INTEL_COMPILER
@@ -286,6 +313,26 @@ size_t curlx_sotouz(curl_off_t sonum)
 #endif
 }
 
+/*
+** signed ssize_t to signed int
+*/
+
+int curlx_sztosi(ssize_t sznum)
+{
+#ifdef __INTEL_COMPILER
+#  pragma warning(push)
+#  pragma warning(disable:810) /* conversion may lose significant bits */
+#endif
+
+  DEBUGASSERT(sznum >= 0);
+  DEBUGASSERT((size_t) sznum <= (size_t) CURL_MASK_SINT);
+  return (int)(sznum & (ssize_t) CURL_MASK_SINT);
+
+#ifdef __INTEL_COMPILER
+#  pragma warning(pop)
+#endif
+}
+
 /*
 ** signed int to unsigned size_t
 */

lib/warnless.h

@@ -30,6 +30,8 @@ int curlx_uztosi(size_t uznum);
 
 unsigned long curlx_uztoul(size_t uznum);
 
+unsigned int curlx_uztoui(size_t uznum);
+
 int curlx_sltosi(long slnum);
 
 unsigned int curlx_sltoui(long slnum);
@@ -40,6 +42,8 @@ ssize_t curlx_uztosz(size_t uznum);
 
 size_t curlx_sotouz(curl_off_t sonum);
 
+int curlx_sztosi(ssize_t sznum);
+
 size_t curlx_sitouz(int sinum);
 
 #if defined(__INTEL_COMPILER) && defined(__unix__)

m4/curl-functions.m4

@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -21,7 +21,7 @@
 #***************************************************************************
 
 # File version for 'aclocal' use. Keep it a single number.
-# serial 68
+# serial 69
 
 
 dnl CURL_INCLUDES_ARPA_INET
@@ -2196,6 +2196,22 @@ AC_DEFUN([CURL_CHECK_FUNC_GETADDRINFO], [
         tst_tsafe_getaddrinfo="yes"
         ;;
     esac
+    if test "$tst_tsafe_getaddrinfo" = "unknown"; then
+      AC_COMPILE_IFELSE([
+        AC_LANG_PROGRAM([[
+        ]],[[
+#if defined(_POSIX_C_SOURCE) && (_POSIX_C_SOURCE >= 200809L)
+          return 0;
+#elif defined(_XOPEN_SOURCE) && (_XOPEN_SOURCE >= 700)
+          return 0;
+#else
+          force compilation error
+#endif
+        ]])
+      ],[
+        tst_tsafe_getaddrinfo="yes"
+      ])
+    fi
     if test "$tst_tsafe_getaddrinfo" = "unknown"; then
       CURL_CHECK_DEF_CC([h_errno], [
         $curl_includes_ws2tcpip

packages/Symbian/group/curl.mmp

@@ -16,7 +16,6 @@ SOURCE \
     tool_cb_prg.c \
     tool_cb_rea.c \
     tool_cb_see.c \
-    tool_cb_skt.c \
     tool_cb_wrt.c \
     tool_cfgable.c \
     tool_convert.c \

src/Makefile.inc

@@ -22,7 +22,6 @@ CURL_CFILES = hugehelp.c \
 	tool_cb_prg.c \
 	tool_cb_rea.c \
 	tool_cb_see.c \
-	tool_cb_skt.c \
 	tool_cb_wrt.c \
 	tool_cfgable.c \
 	tool_convert.c \
@@ -62,7 +61,6 @@ CURL_HFILES = hugehelp.h setup.h config-win32.h config-mac.h \
 	tool_cb_prg.h \
 	tool_cb_rea.h \
 	tool_cb_see.h \
-	tool_cb_skt.h \
 	tool_cb_wrt.h \
 	tool_cfgable.h \
 	tool_convert.h \

src/Makefile.vc6

@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1999 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1999 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -144,7 +144,6 @@ RELEASE_OBJS= \
 	tool_cb_prgr.obj \
 	tool_cb_rear.obj \
 	tool_cb_seer.obj \
-	tool_cb_sktr.obj \
 	tool_cb_wrtr.obj \
 	tool_cfgabler.obj \
 	tool_convertr.obj \
@@ -188,7 +187,6 @@ DEBUG_OBJS= \
 	tool_cb_prgd.obj \
 	tool_cb_read.obj \
 	tool_cb_seed.obj \
-	tool_cb_sktd.obj \
 	tool_cb_wrtd.obj \
 	tool_cfgabled.obj \
 	tool_convertd.obj \
@@ -362,8 +360,6 @@ tool_cb_rear.obj: tool_cb_rea.c
 	$(CCR) $(CFLAGS) /Fo"$@" tool_cb_rea.c
 tool_cb_seer.obj: tool_cb_see.c
 	$(CCR) $(CFLAGS) /Fo"$@" tool_cb_see.c
-tool_cb_sktr.obj: tool_cb_skt.c
-	$(CCR) $(CFLAGS) /Fo"$@" tool_cb_skt.c
 tool_cb_wrtr.obj: tool_cb_wrt.c
 	$(CCR) $(CFLAGS) /Fo"$@" tool_cb_wrt.c
 tool_cfgabler.obj: tool_cfgable.c
@@ -448,8 +444,6 @@ tool_cb_read.obj: tool_cb_rea.c
 	$(CCD) $(CFLAGS) /Fo"$@" tool_cb_rea.c
 tool_cb_seed.obj: tool_cb_see.c
 	$(CCD) $(CFLAGS) /Fo"$@" tool_cb_see.c
-tool_cb_sktd.obj: tool_cb_skt.c
-	$(CCD) $(CFLAGS) /Fo"$@" tool_cb_skt.c
 tool_cb_wrtd.obj: tool_cb_wrt.c
 	$(CCD) $(CFLAGS) /Fo"$@" tool_cb_wrt.c
 tool_cfgabled.obj: tool_cfgable.c

src/tool_cb_skt.c

@@ -1,97 +0,0 @@
-/***************************************************************************
- *                                  _   _ ____  _
- *  Project                     ___| | | |  _ \| |
- *                             / __| | | | |_) | |
- *                            | (__| |_| |  _ <| |___
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- ***************************************************************************/
-#include "setup.h"
-
-#include <curl/curl.h>
-
-#ifdef HAVE_SYS_SOCKET_H
-#  include <sys/socket.h>
-#endif
-
-#define ENABLE_CURLX_PRINTF
-/* use our own printf() functions */
-#include "curlx.h"
-
-#include "tool_cfgable.h"
-#include "tool_msgs.h"
-#include "tool_cb_skt.h"
-
-#include "memdebug.h" /* keep this as LAST include */
-
-/*
-** callback for CURLOPT_SOCKOPTFUNCTION
-*/
-
-int tool_sockopt_cb(void *userdata, curl_socket_t curlfd, curlsocktype purpose)
-{
-  struct Configurable *config = userdata;
-
-  int onoff = 1; /* this callback is only used if we ask for keepalives on the
-                    connection */
-
-#if defined(TCP_KEEPIDLE) || defined(TCP_KEEPINTVL)
-  int keepidle = (int)config->alivetime;
-#endif
-
-  switch(purpose) {
-  case CURLSOCKTYPE_IPCXN:
-    if(setsockopt(curlfd, SOL_SOCKET, SO_KEEPALIVE, (void *)&onoff,
-                  sizeof(onoff)) < 0) {
-      /* don't abort operation, just issue a warning */
-      SET_SOCKERRNO(0);
-      warnf(config, "Could not set SO_KEEPALIVE!\n");
-      return 0;
-    }
-    else {
-      if(config->alivetime) {
-#ifdef TCP_KEEPIDLE
-        if(setsockopt(curlfd, IPPROTO_TCP, TCP_KEEPIDLE, (void *)&keepidle,
-                      sizeof(keepidle)) < 0) {
-          /* don't abort operation, just issue a warning */
-          SET_SOCKERRNO(0);
-          warnf(config, "Could not set TCP_KEEPIDLE!\n");
-          return 0;
-        }
-#endif
-#ifdef TCP_KEEPINTVL
-        if(setsockopt(curlfd, IPPROTO_TCP, TCP_KEEPINTVL, (void *)&keepidle,
-                      sizeof(keepidle)) < 0) {
-          /* don't abort operation, just issue a warning */
-          SET_SOCKERRNO(0);
-          warnf(config, "Could not set TCP_KEEPINTVL!\n");
-          return 0;
-        }
-#endif
-#if !defined(TCP_KEEPIDLE) || !defined(TCP_KEEPINTVL)
-        warnf(config, "Keep-alive functionality somewhat crippled due to "
-              "missing support in your operating system!\n");
-#endif
-      }
-    }
-    break;
-  default:
-    break;
-  }
-
-  return 0;
-}
-

src/tool_cb_skt.h

@@ -1,35 +0,0 @@
-#ifndef HEADER_CURL_TOOL_CB_SKT_H
-#define HEADER_CURL_TOOL_CB_SKT_H
-/***************************************************************************
- *                                  _   _ ____  _
- *  Project                     ___| | | |  _ \| |
- *                             / __| | | | |_) | |
- *                            | (__| |_| |  _ <| |___
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- ***************************************************************************/
-#include "setup.h"
-
-/*
-** callback for CURLOPT_SOCKOPTFUNCTION
-*/
-
-int tool_sockopt_cb(void *userdata,
-                    curl_socket_t curlfd,
-                    curlsocktype purpose);
-
-#endif /* HEADER_CURL_TOOL_CB_SKT_H */
-

src/tool_cfgable.c

@@ -60,8 +60,10 @@ void free_config_fields(struct Configurable *config)
   Curl_safefree(config->proxy);
 
   Curl_safefree(config->noproxy);
+
   Curl_safefree(config->mail_from);
   curl_slist_free_all(config->mail_rcpt);
+  Curl_safefree(config->mail_auth);
 
   Curl_safefree(config->netrc_file);
 

src/tool_cfgable.h

@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -77,6 +77,7 @@ struct Configurable {
   char *noproxy;
   char *mail_from;
   struct curl_slist *mail_rcpt;
+  char *mail_auth;
   bool proxytunnel;
   bool ftp_append;          /* APPE on ftp */
   bool mute;                /* don't show messages, --silent given */
@@ -195,7 +196,7 @@ struct Configurable {
 
   bool xattr;               /* store metadata in extended attributes */
   long gssapi_delegation;
-
+  bool ssl_allow_beast;     /* allow this SSL vulnerability */
 }; /* struct Configurable */
 
 void free_config_fields(struct Configurable *config);

src/tool_easysrc.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -23,6 +23,8 @@
 
 #include <curl/curl.h>
 
+#ifndef CURL_DISABLE_LIBCURL_OPTION
+
 #define ENABLE_CURLX_PRINTF
 /* use our own printf() functions */
 #include "curlx.h"
@@ -35,8 +37,13 @@
 
 /* global variable definitions, for easy-interface source code generation */
 
-struct curl_slist *easysrc = NULL;
+struct curl_slist *easysrc_decl = NULL; /* Variable declarations */
-struct curl_slist *easysrc_remarks = NULL;
+struct curl_slist *easysrc_data = NULL; /* Build slists, forms etc. */
+struct curl_slist *easysrc_code = NULL; /* Setopt calls */
+struct curl_slist *easysrc_toohard = NULL; /* Unconvertible setopt */
+struct curl_slist *easysrc_clean = NULL;  /* Clean up allocated data */
+int easysrc_form_count = 0;
+int easysrc_slist_count = 0;
 
 static const char *const srchead[]={
   "/********* Sample code generated by the curl command line tool **********",
@@ -48,8 +55,117 @@ static const char *const srchead[]={
   "int main(int argc, char *argv[])",
   "{",
   "  CURLcode ret;",
+  "  CURL *hnd;",
   NULL
 };
+/* easysrc_decl declarations come here */
+/* easysrc_data initialisations come here */
+/* easysrc_code statements come here */
+static const char *const srchard[]={
+  "/* Here is a list of options the curl code used that cannot get generated",
+  "   as source easily. You may select to either not use them or implement",
+  "   them yourself.",
+  "",
+  NULL
+};
+static const char *const srcend[]={
+  "",
+  "  return (int)ret;",
+  "}",
+  "/**** End of sample code ****/",
+  NULL
+};
+
+/* Clean up all source code if we run out of memory */
+static void easysrc_free(void)
+{
+  curl_slist_free_all(easysrc_decl);
+  easysrc_decl = NULL;
+  curl_slist_free_all(easysrc_data);
+  easysrc_data = NULL;
+  curl_slist_free_all(easysrc_code);
+  easysrc_code = NULL;
+  curl_slist_free_all(easysrc_toohard);
+  easysrc_toohard = NULL;
+  curl_slist_free_all(easysrc_clean);
+  easysrc_clean = NULL;
+}
+
+/* Add a source line to the main code or remarks */
+CURLcode easysrc_add(struct curl_slist **plist, const char *line)
+{
+  CURLcode ret = CURLE_OK;
+  struct curl_slist *list =
+    curl_slist_append(*plist, line);
+  if(!list) {
+    easysrc_free();
+    ret = CURLE_OUT_OF_MEMORY;
+  }
+  else
+    *plist = list;
+  return ret;
+}
+
+CURLcode easysrc_addf(struct curl_slist **plist, const char *fmt, ...)
+{
+  CURLcode ret;
+  char *bufp;
+  va_list ap;
+  va_start(ap, fmt);
+  bufp = curlx_mvaprintf(fmt, ap);
+  va_end(ap);
+  if(! bufp) {
+    ret = CURLE_OUT_OF_MEMORY;
+  }
+  else {
+    ret = easysrc_add(plist, bufp);
+    curl_free(bufp);
+  }
+  return ret;
+}
+
+#define CHKRET(v) do {CURLcode ret = (v); if(ret) return ret;} WHILE_FALSE
+
+CURLcode easysrc_init(void)
+{
+  CHKRET(easysrc_add(&easysrc_code,
+                     "hnd = curl_easy_init();"));
+  return CURLE_OK;
+}
+
+CURLcode easysrc_perform(void)
+{
+  /* Note any setopt calls which we could not convert */
+  if(easysrc_toohard) {
+    int i;
+    struct curl_slist *ptr;
+    const char *c;
+    CHKRET(easysrc_add(&easysrc_code, ""));
+    /* Preamble comment */
+    for(i=0; ((c = srchard[i]) != '\0'); i++)
+      CHKRET(easysrc_add(&easysrc_code, c));
+    /* Each unconverted option */
+    for(ptr=easysrc_toohard; ptr; ptr = ptr->next)
+      CHKRET(easysrc_add(&easysrc_code, ptr->data));
+    CHKRET(easysrc_add(&easysrc_code, ""));
+    CHKRET(easysrc_add(&easysrc_code, "*/"));
+
+    curl_slist_free_all(easysrc_toohard);
+    easysrc_toohard = NULL;
+  }
+
+  CHKRET(easysrc_add(&easysrc_code, ""));
+  CHKRET(easysrc_add(&easysrc_code, "ret = curl_easy_perform(hnd);"));
+  return CURLE_OK;
+}
+
+CURLcode easysrc_cleanup(void)
+{
+  CHKRET(easysrc_add(&easysrc_code, ""));
+  CHKRET(easysrc_add(&easysrc_code, "curl_easy_cleanup(hnd);"));
+  CHKRET(easysrc_add(&easysrc_code, "hnd = NULL;"));
+  return CURLE_OK;
+}
 
 void dumpeasysrc(struct Configurable *config)
 {
@@ -60,7 +176,7 @@ void dumpeasysrc(struct Configurable *config)
     FILE *out;
     bool fopened = FALSE;
     if(strcmp(o, "-")) {
-      out = fopen(o, "wt");
+      out = fopen(o, "w");
       fopened = TRUE;
     }
     else
@@ -74,39 +190,40 @@ void dumpeasysrc(struct Configurable *config)
       for(i=0; ((c = srchead[i]) != '\0'); i++)
         fprintf(out, "%s\n", c);
 
-      ptr = easysrc;
+      /* Declare variables used for complex setopt values */
-      while(ptr) {
+      for(ptr=easysrc_decl; ptr; ptr = ptr->next)
+        fprintf(out, "  %s\n", ptr->data);
+
+      /* Set up complex values for setopt calls */
+      if(easysrc_data) {
+        fprintf(out, "\n");
+
+        for(ptr=easysrc_data; ptr; ptr = ptr->next)
           fprintf(out, "  %s\n", ptr->data);
-        ptr = ptr->next;
       }
 
-      ptr = easysrc_remarks;
+      fprintf(out, "\n");
-      if(ptr) {
+      for(ptr=easysrc_code; ptr; ptr = ptr->next) {
-        fprintf(out,
+        if(ptr->data[0]) {
-                "\n  /* Here is a list of options the curl code"
-                " used that cannot get generated\n"
-                "     as source easily. You may select to either"
-                " not use them or implement\n     them yourself.\n"
-                "\n");
-        while(ptr) {
           fprintf(out, "  %s\n", ptr->data);
-          ptr = ptr->next;
         }
-        fprintf(out, "\n  */\n");
+        else {
+          fprintf(out, "\n");
+        }
       }
 
-      fprintf(out,
+      for(ptr=easysrc_clean; ptr; ptr = ptr->next)
-              "  return (int)ret;\n"
+        fprintf(out, "  %s\n", ptr->data);
-              "}\n"
+
-              "/**** End of sample code ****/\n");
+      for(i=0; ((c = srcend[i]) != '\0'); i++)
+        fprintf(out, "%s\n", c);
+
       if(fopened)
         fclose(out);
     }
   }
 
-  curl_slist_free_all(easysrc_remarks);
+  easysrc_free();
-  curl_slist_free_all(easysrc);
-  easysrc_remarks = NULL;
-  easysrc = NULL;
 }
 
+#endif /* CURL_DISABLE_LIBCURL_OPTION */

src/tool_easysrc.h

@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -22,13 +22,26 @@
  *
  ***************************************************************************/
 #include "setup.h"
+#ifndef CURL_DISABLE_LIBCURL_OPTION
 
 /* global variable declarations, for easy-interface source code generation */
 
-extern struct curl_slist *easysrc;
+extern struct curl_slist *easysrc_decl; /* Variable declarations */
-extern struct curl_slist *easysrc_remarks;
+extern struct curl_slist *easysrc_data; /* Build slists, forms etc. */
+extern struct curl_slist *easysrc_code; /* Setopt calls etc. */
+extern struct curl_slist *easysrc_toohard; /* Unconvertible setopt */
+extern struct curl_slist *easysrc_clean;  /* Clean up (reverse order) */
 
+extern int easysrc_form_count;  /* Number of curl_httppost variables */
+extern int easysrc_slist_count; /* Number of curl_slist variables */
+
+extern CURLcode easysrc_init(void);
+extern CURLcode easysrc_add(struct curl_slist **plist, const char *bupf);
+extern CURLcode easysrc_addf(struct curl_slist **plist, const char *fmt, ...);
+extern CURLcode easysrc_perform(void);
+extern CURLcode easysrc_cleanup(void);
 void dumpeasysrc(struct Configurable *config);
 
-#endif /* HEADER_CURL_TOOL_EASYSRC_H */
+#endif /* CURL_DISABLE_LIBCURL_OPTION */
 
+#endif /* HEADER_CURL_TOOL_EASYSRC_H */

src/tool_getparam.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -170,6 +170,7 @@ static const struct LongShort aliases[]= {
   {"$E", "proto-redir",              TRUE},
   {"$F", "resolve",                  TRUE},
   {"$G", "delegation",               TRUE},
+  {"$H", "mail-auth",                TRUE},
   {"0",  "http1.0",                  FALSE},
   {"1",  "tlsv1",                    FALSE},
   {"2",  "sslv2",                    FALSE},
@@ -202,6 +203,7 @@ static const struct LongShort aliases[]= {
   {"Ek", "tlsuser",                  TRUE},
   {"El", "tlspassword",              TRUE},
   {"Em", "tlsauthtype",              TRUE},
+  {"En", "ssl-allow-beast",          FALSE},
   {"f",  "fail",                     FALSE},
   {"F",  "form",                     TRUE},
   {"Fs", "form-string",              TRUE},
@@ -738,8 +740,14 @@ ParameterError getparameter(char *flag,    /* f or -long-flag */
         config->ftp_ssl_ccc_mode = ftpcccmethod(config, nextarg);
         break;
       case 'z': /* --libcurl */
+#ifdef CURL_DISABLE_LIBCURL_OPTION
+        warnf(config,
+              "--libcurl option was disabled at build-time!\n");
+        return PARAM_OPTION_UNKNOWN;
+#else
         GetStr(&config->libcurl, nextarg);
         break;
+#endif
       case '#': /* --raw */
         config->raw = toggle;
         break;
@@ -806,6 +814,9 @@ ParameterError getparameter(char *flag,    /* f or -long-flag */
       case 'G': /* --delegation LEVEL */
         config->gssapi_delegation = delegation(config, nextarg);
         break;
+      case 'H': /* --mail-auth */
+        GetStr(&config->mail_auth, nextarg);
+        break;
       }
       break;
     case '#': /* --progress-bar */
@@ -1144,6 +1155,10 @@ ParameterError getparameter(char *flag,    /* f or -long-flag */
         else
           return PARAM_LIBCURL_DOESNT_SUPPORT;
         break;
+      case 'n': /* no empty SSL fragments */
+        if(curlinfo->features & CURL_VERSION_SSL)
+          config->ssl_allow_beast = toggle;
+        break;
       default: /* certificate file */
       {
         char *ptr = strchr(nextarg, ':');

src/tool_help.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -110,7 +110,9 @@ static const char *const helptext[] = {
   "     --key KEY       Private key file name (SSL/SSH)",
   "     --key-type TYPE Private key file type (DER/PEM/ENG) (SSL)",
   "     --krb LEVEL     Enable Kerberos with specified security level (F)",
+#ifndef CURL_DISABLE_LIBCURL_OPTION
   "     --libcurl FILE  Dump libcurl equivalent code of this command line",
+#endif
   "     --limit-rate RATE  Limit transfer speed to this rate",
   " -l, --list-only     List only names of an FTP directory (F)",
   "     --local-port RANGE  Force use of these local port numbers",
@@ -119,6 +121,7 @@ static const char *const helptext[] = {
   " -M, --manual        Display the full manual",
   "     --mail-from FROM  Mail from this address",
   "     --mail-rcpt TO  Mail to this receiver(s)",
+  "     --mail-auth AUTH  Originator address of the original email",
   "     --max-filesize BYTES  Maximum file size to download (H/F)",
   "     --max-redirs NUM  Maximum number of redirects allowed (H)",
   " -m, --max-time SECONDS  Maximum time allowed for the transfer",
@@ -187,6 +190,7 @@ static const char *const helptext[] = {
   "     --ssl-reqd      Require SSL/TLS (FTP, IMAP, POP3, SMTP)",
   " -2, --sslv2         Use SSLv2 (SSL)",
   " -3, --sslv3         Use SSLv3 (SSL)",
+  "     --ssl-allow-beast Allow security flaw to improve interop (SSL)",
   "     --stderr FILE   Where to redirect stderr. - means stdout",
   "     --tcp-nodelay   Use the TCP_NODELAY option",
   " -t, --telnet-option OPT=VAL  Set telnet option",

src/tool_operate.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -41,6 +41,10 @@
 #  include <locale.h>
 #endif
 
+#ifdef HAVE_NETINET_TCP_H
+#  include <netinet/tcp.h>
+#endif
+
 #include "rawstr.h"
 
 #define ENABLE_CURLX_PRINTF
@@ -54,7 +58,6 @@
 #include "tool_cb_prg.h"
 #include "tool_cb_rea.h"
 #include "tool_cb_see.h"
-#include "tool_cb_skt.h"
 #include "tool_cb_wrt.h"
 #include "tool_dirhie.h"
 #include "tool_doswin.h"
@@ -102,6 +105,24 @@
   "If you'd like to turn off curl's verification of the certificate, use\n" \
   " the -k (or --insecure) option.\n"
 
+static int is_fatal_error(int code)
+{
+  switch(code) {
+  /* TODO: Should CURLE_SSL_CACERT be included as critical error ? */
+  case CURLE_FAILED_INIT:
+  case CURLE_OUT_OF_MEMORY:
+  case CURLE_UNKNOWN_OPTION:
+  case CURLE_FUNCTION_NOT_FOUND:
+  case CURLE_BAD_FUNCTION_ARGUMENT:
+    /* critical error */
+    return 1;
+  default:
+    break;
+  }
+  /* no error or not critical */
+  return 0;
+}
+
 int operate(struct Configurable *config, int argc, argv_item_t argv[])
 {
   char errorbuffer[CURL_ERROR_SIZE];
@@ -333,13 +354,13 @@ int operate(struct Configurable *config, int argc, argv_item_t argv[])
     }
   }
 
-  /* This is the first entry added to easysrc and it initializes the slist */
+#ifndef CURL_DISABLE_LIBCURL_OPTION
-  easysrc = curl_slist_append(easysrc, "CURL *hnd = curl_easy_init();");
+  res = easysrc_init();
-  if(!easysrc) {
+  if(res) {
     helpf(config->errors, "out of memory\n");
-    res = CURLE_OUT_OF_MEMORY;
     goto quit_curl;
   }
+#endif
 
   if(config->list_engines) {
     struct curl_slist *engines = NULL;
@@ -384,7 +405,7 @@ int operate(struct Configurable *config, int argc, argv_item_t argv[])
     URLGlob *inglob;
 
     outfiles = NULL;
-    infilenum = 0;
+    infilenum = 1;
     inglob = NULL;
 
     /* urlnode->url is the full URL (it might be NULL) */
@@ -422,7 +443,7 @@ int operate(struct Configurable *config, int argc, argv_item_t argv[])
 
     /* Here's the loop for uploading multiple files within the same
        single globbed string. If no upload, we enter the loop once anyway. */
-    for(up = 0 ;; up++) {
+    for(up = 0 ; up < infilenum; up++) {
 
       char *uploadfile; /* a single file, never a glob */
       int separator;
@@ -472,7 +493,7 @@ int operate(struct Configurable *config, int argc, argv_item_t argv[])
       separator= ((!outfiles || curlx_strequal(outfiles, "-")) && urlnum > 1);
 
       /* Here's looping around each globbed URL */
-      for(i = 0 ;; i++) {
+      for(i = 0 ; i < urlnum; i++) {
 
         int infd;
         bool infdopen;
@@ -812,25 +833,25 @@ int operate(struct Configurable *config, int argc, argv_item_t argv[])
 
           /* new in libcurl 7.5 */
           if(config->proxy)
-            my_setopt(curl, CURLOPT_PROXYTYPE, config->proxyver);
+            my_setopt_enum(curl, CURLOPT_PROXYTYPE, config->proxyver);
 
           /* new in libcurl 7.10 */
           if(config->socksproxy) {
             my_setopt_str(curl, CURLOPT_PROXY, config->socksproxy);
-            my_setopt(curl, CURLOPT_PROXYTYPE, config->socksver);
+            my_setopt_enum(curl, CURLOPT_PROXYTYPE, config->socksver);
           }
 
           /* new in libcurl 7.10.6 */
           if(config->proxyanyauth)
-            my_setopt(curl, CURLOPT_PROXYAUTH, CURLAUTH_ANY);
+            my_setopt_flags(curl, CURLOPT_PROXYAUTH, CURLAUTH_ANY);
           else if(config->proxynegotiate)
-            my_setopt(curl, CURLOPT_PROXYAUTH, CURLAUTH_GSSNEGOTIATE);
+            my_setopt_flags(curl, CURLOPT_PROXYAUTH, CURLAUTH_GSSNEGOTIATE);
           else if(config->proxyntlm)
-            my_setopt(curl, CURLOPT_PROXYAUTH, CURLAUTH_NTLM);
+            my_setopt_flags(curl, CURLOPT_PROXYAUTH, CURLAUTH_NTLM);
           else if(config->proxydigest)
-            my_setopt(curl, CURLOPT_PROXYAUTH, CURLAUTH_DIGEST);
+            my_setopt_flags(curl, CURLOPT_PROXYAUTH, CURLAUTH_DIGEST);
           else if(config->proxybasic)
-            my_setopt(curl, CURLOPT_PROXYAUTH, CURLAUTH_BASIC);
+            my_setopt_flags(curl, CURLOPT_PROXYAUTH, CURLAUTH_BASIC);
 
           /* new in libcurl 7.19.4 */
           my_setopt(curl, CURLOPT_NOPROXY, config->noproxy);
@@ -873,7 +894,7 @@ int operate(struct Configurable *config, int argc, argv_item_t argv[])
                       config->postfieldsize);
             break;
           case HTTPREQ_POST:
-            my_setopt(curl, CURLOPT_HTTPPOST, config->httppost);
+            my_setopt_httppost(curl, CURLOPT_HTTPPOST, config->httppost);
             break;
           default:
             break;
@@ -882,18 +903,18 @@ int operate(struct Configurable *config, int argc, argv_item_t argv[])
           my_setopt_str(curl, CURLOPT_REFERER, config->referer);
           my_setopt(curl, CURLOPT_AUTOREFERER, config->autoreferer);
           my_setopt_str(curl, CURLOPT_USERAGENT, config->useragent);
-          my_setopt(curl, CURLOPT_HTTPHEADER, config->headers);
+          my_setopt_slist(curl, CURLOPT_HTTPHEADER, config->headers);
 
           /* new in libcurl 7.5 */
           my_setopt(curl, CURLOPT_MAXREDIRS, config->maxredirs);
 
           /* new in libcurl 7.9.1 */
           if(config->httpversion)
-            my_setopt(curl, CURLOPT_HTTP_VERSION, config->httpversion);
+            my_setopt_enum(curl, CURLOPT_HTTP_VERSION, config->httpversion);
 
           /* new in libcurl 7.10.6 (default is Basic) */
           if(config->authtype)
-            my_setopt(curl, CURLOPT_HTTPAUTH, config->authtype);
+            my_setopt_flags(curl, CURLOPT_HTTPAUTH, config->authtype);
 
           /* curl 7.19.1 (the 301 version existed in 7.18.2) */
           my_setopt(curl, CURLOPT_POSTREDIR, config->post301 |
@@ -988,9 +1009,9 @@ int operate(struct Configurable *config, int argc, argv_item_t argv[])
         }
 
         my_setopt(curl, CURLOPT_CRLF, config->crlf);
-        my_setopt(curl, CURLOPT_QUOTE, config->quote);
+        my_setopt_slist(curl, CURLOPT_QUOTE, config->quote);
-        my_setopt(curl, CURLOPT_POSTQUOTE, config->postquote);
+        my_setopt_slist(curl, CURLOPT_POSTQUOTE, config->postquote);
-        my_setopt(curl, CURLOPT_PREQUOTE, config->prequote);
+        my_setopt_slist(curl, CURLOPT_PREQUOTE, config->prequote);
 
 #if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES)
         {
@@ -1011,8 +1032,8 @@ int operate(struct Configurable *config, int argc, argv_item_t argv[])
         }
 #endif
 
-        my_setopt(curl, CURLOPT_SSLVERSION, config->ssl_version);
+        my_setopt_enum(curl, CURLOPT_SSLVERSION, config->ssl_version);
-        my_setopt(curl, CURLOPT_TIMECONDITION, config->timecond);
+        my_setopt_enum(curl, CURLOPT_TIMECONDITION, config->timecond);
         my_setopt(curl, CURLOPT_TIMEVALUE, config->condtime);
         my_setopt_str(curl, CURLOPT_CUSTOMREQUEST, config->customrequest);
         my_setopt(curl, CURLOPT_STDERR, config->errors);
@@ -1031,7 +1052,7 @@ int operate(struct Configurable *config, int argc, argv_item_t argv[])
         }
 
         /* new in libcurl 7.6.2: */
-        my_setopt(curl, CURLOPT_TELNETOPTIONS, config->telnet_options);
+        my_setopt_slist(curl, CURLOPT_TELNETOPTIONS, config->telnet_options);
 
         /* new in libcurl 7.7: */
         my_setopt_str(curl, CURLOPT_RANDOM_FILE, config->random_file);
@@ -1095,7 +1116,7 @@ int operate(struct Configurable *config, int argc, argv_item_t argv[])
 
         /* new in curl 7.16.1 */
         if(config->ftp_ssl_ccc)
-          my_setopt(curl, CURLOPT_FTP_SSL_CCC, config->ftp_ssl_ccc_mode);
+          my_setopt_enum(curl, CURLOPT_FTP_SSL_CCC, config->ftp_ssl_ccc_mode);
 
 #if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
         {
@@ -1147,9 +1168,18 @@ int operate(struct Configurable *config, int argc, argv_item_t argv[])
 
         /* curl 7.17.1 */
         if(!config->nokeepalive) {
-          my_setopt(curl, CURLOPT_SOCKOPTFUNCTION, tool_sockopt_cb);
+          my_setopt(curl, CURLOPT_TCP_KEEPALIVE, 1L);
-          my_setopt(curl, CURLOPT_SOCKOPTDATA, config);
+          if(config->alivetime != 0) {
+#if !defined(TCP_KEEPIDLE) || !defined(TCP_KEEPINTVL)
+            warnf(config, "Keep-alive functionality somewhat crippled due to "
+                "missing support in your operating system!\n");
+#endif
+            my_setopt(curl, CURLOPT_TCP_KEEPIDLE, config->alivetime);
+            my_setopt(curl, CURLOPT_TCP_KEEPINTVL, config->alivetime);
           }
+        }
+        else
+          my_setopt(curl, CURLOPT_TCP_KEEPALIVE, 0L);
 
         /* curl 7.20.0 */
         if(config->tftp_blksize)
@@ -1159,16 +1189,16 @@ int operate(struct Configurable *config, int argc, argv_item_t argv[])
           my_setopt_str(curl, CURLOPT_MAIL_FROM, config->mail_from);
 
         if(config->mail_rcpt)
-          my_setopt(curl, CURLOPT_MAIL_RCPT, config->mail_rcpt);
+          my_setopt_slist(curl, CURLOPT_MAIL_RCPT, config->mail_rcpt);
 
         /* curl 7.20.x */
         if(config->ftp_pret)
           my_setopt(curl, CURLOPT_FTP_USE_PRET, TRUE);
 
         if(config->proto_present)
-          my_setopt(curl, CURLOPT_PROTOCOLS, config->proto);
+          my_setopt_flags(curl, CURLOPT_PROTOCOLS, config->proto);
         if(config->proto_redir_present)
-          my_setopt(curl, CURLOPT_REDIR_PROTOCOLS, config->proto_redir);
+          my_setopt_flags(curl, CURLOPT_REDIR_PROTOCOLS, config->proto_redir);
 
         if((urlnode->flags & GETOUT_USEREMOTE)
            && config->content_disposition) {
@@ -1184,7 +1214,7 @@ int operate(struct Configurable *config, int argc, argv_item_t argv[])
 
         if(config->resolve)
           /* new in 7.21.3 */
-          my_setopt(curl, CURLOPT_RESOLVE, config->resolve);
+          my_setopt_slist(curl, CURLOPT_RESOLVE, config->resolve);
 
         /* new in 7.21.4 */
         if(curlinfo->features & CURL_VERSION_TLSAUTH_SRP) {
@@ -1204,6 +1234,13 @@ int operate(struct Configurable *config, int argc, argv_item_t argv[])
           my_setopt_str(curl, CURLOPT_GSSAPI_DELEGATION,
                         config->gssapi_delegation);
 
+        /* new in 7.25.0 */
+        if(config->ssl_allow_beast)
+          my_setopt(curl, CURLOPT_SSL_OPTIONS, (long)CURLSSLOPT_ALLOW_BEAST);
+
+        if(config->mail_auth)
+          my_setopt_str(curl, CURLOPT_MAIL_AUTH, config->mail_auth);
+
         /* initialize retry vars for loop below */
         retry_sleep_default = (config->retry_delay) ?
           config->retry_delay*1000L : RETRY_SLEEP_DEFAULT; /* ms */
@@ -1212,10 +1249,12 @@ int operate(struct Configurable *config, int argc, argv_item_t argv[])
         retry_sleep = retry_sleep_default; /* ms */
         retrystart = tvnow();
 
-        if(!curl_slist_append(easysrc, "ret = curl_easy_perform(hnd);")) {
+#ifndef CURL_DISABLE_LIBCURL_OPTION
-          res = CURLE_OUT_OF_MEMORY;
+        res = easysrc_perform();
+        if(res) {
           goto show_error;
         }
+#endif
 
         for(;;) {
           res = curl_easy_perform(curl);
@@ -1463,8 +1502,13 @@ int operate(struct Configurable *config, int argc, argv_item_t argv[])
           infd = STDIN_FILENO;
         }
 
-        /* upon error exit loop */
+        if(urlnum > 1) {
-        if(res)
+          /* when url globbing, exit loop upon critical error */
+          if(is_fatal_error(res))
+            break;
+        }
+        else if(res)
+          /* when not url globbing, exit loop upon any error */
           break;
 
       } /* loop to the next URL */
@@ -1479,8 +1523,13 @@ int operate(struct Configurable *config, int argc, argv_item_t argv[])
         urls = NULL;
       }
 
-      /* upon error exit loop */
+      if(infilenum > 1) {
-      if(res)
+        /* when file globbing, exit loop upon critical error */
+        if(is_fatal_error(res))
+          break;
+      }
+      else if(res)
+        /* when not file globbing, exit loop upon any error */
         break;
 
     } /* loop to the next globbed upload file */
@@ -1502,21 +1551,11 @@ int operate(struct Configurable *config, int argc, argv_item_t argv[])
     Curl_safefree(urlnode->infile);
     urlnode->flags = 0;
 
-    /* TODO: Should CURLE_SSL_CACERT be included as critical error ? */
-
     /*
     ** Bail out upon critical errors
     */
-    switch(res) {
+    if(is_fatal_error(res))
-    case CURLE_FAILED_INIT:
-    case CURLE_OUT_OF_MEMORY:
-    case CURLE_FUNCTION_NOT_FOUND:
-    case CURLE_BAD_FUNCTION_ARGUMENT:
       goto quit_curl;
-    default:
-      /* Merrily loop to next URL */
-      break;
-    }
 
   } /* for-loop through all URLs */
 
@@ -1538,8 +1577,9 @@ int operate(struct Configurable *config, int argc, argv_item_t argv[])
     curl_easy_cleanup(curl);
     config->easy = curl = NULL;
   }
-  if(easysrc)
+#ifndef CURL_DISABLE_LIBCURL_OPTION
-    curl_slist_append(easysrc, "curl_easy_cleanup(hnd);");
+  easysrc_cleanup();
+#endif
 
   /* Close function-local opened file descriptors */
 
@@ -1551,10 +1591,12 @@ int operate(struct Configurable *config, int argc, argv_item_t argv[])
   if(config->trace_fopened && config->trace_stream)
     fclose(config->trace_stream);
 
+#ifndef CURL_DISABLE_LIBCURL_OPTION
   /* Dump the libcurl code if previously enabled.
      NOTE: that this function relies on config->errors amongst other things
      so not everything can be closed and cleaned before this is called */
   dumpeasysrc(config);
+#endif
 
   if(config->errors_fopened && config->errors)
     fclose(config->errors);

src/tool_paramhlp.c

@@ -151,8 +151,6 @@ void cleanarg(char *str)
  * Parse the string and write the integer in the given address. Return
  * non-zero on failure, zero on success.
  *
- * The string must start with a digit to be valid.
- *
  * Since this function gets called with the 'nextarg' pointer from within the
  * getparameter a lot, we must check it for NULL before accessing the str
  * data.
@@ -160,7 +158,7 @@ void cleanarg(char *str)
 
 int str2num(long *val, const char *str)
 {
-  if(str && ISDIGIT(*str)) {
+  if(str) {
     char *endptr;
     long num = strtol(str, &endptr, 10);
     if((endptr != str) && (endptr == str + strlen(str))) {

src/tool_setopt.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -21,6 +21,8 @@
  ***************************************************************************/
 #include "setup.h"
 
+#ifndef CURL_DISABLE_LIBCURL_OPTION
+
 #include <curl/curl.h>
 
 #define ENABLE_CURLX_PRINTF
@@ -33,43 +35,409 @@
 
 #include "memdebug.h" /* keep this as LAST include */
 
+/* Lookup tables for converting setopt values back to symbols */
+/* For enums, values may be in any order. */
+/* For bit masks, put combinations first, then single bits, */
+/* and finally any "NONE" value. */
+
+#define NV(e) {#e, e}
+#define NVEND {NULL, 0}         /* sentinel to mark end of list */
+
+const NameValue setopt_nv_CURLPROXY[] = {
+  NV(CURLPROXY_HTTP),
+  NV(CURLPROXY_HTTP_1_0),
+  NV(CURLPROXY_SOCKS4),
+  NV(CURLPROXY_SOCKS5),
+  NV(CURLPROXY_SOCKS4A),
+  NV(CURLPROXY_SOCKS5_HOSTNAME),
+  NVEND,
+};
+
+const NameValue setopt_nv_CURLAUTH[] = {
+  NV(CURLAUTH_ANY),             /* combination */
+  NV(CURLAUTH_ANYSAFE),         /* combination */
+  NV(CURLAUTH_BASIC),
+  NV(CURLAUTH_DIGEST),
+  NV(CURLAUTH_GSSNEGOTIATE),
+  NV(CURLAUTH_NTLM),
+  NV(CURLAUTH_DIGEST_IE),
+  NV(CURLAUTH_NTLM_WB),
+  NV(CURLAUTH_ONLY),
+  NV(CURLAUTH_NONE),
+  NVEND,
+};
+
+const NameValue setopt_nv_CURL_HTTP_VERSION[] = {
+  NV(CURL_HTTP_VERSION_NONE),
+  NV(CURL_HTTP_VERSION_1_0),
+  NV(CURL_HTTP_VERSION_1_1),
+  NVEND,
+};
+
+const NameValue setopt_nv_CURL_SSLVERSION[] = {
+  NV(CURL_SSLVERSION_DEFAULT),
+  NV(CURL_SSLVERSION_TLSv1),
+  NV(CURL_SSLVERSION_SSLv2),
+  NV(CURL_SSLVERSION_SSLv3),
+  NVEND,
+};
+
+const NameValue setopt_nv_CURL_TIMECOND[] = {
+  NV(CURL_TIMECOND_IFMODSINCE),
+  NV(CURL_TIMECOND_IFUNMODSINCE),
+  NV(CURL_TIMECOND_LASTMOD),
+  NV(CURL_TIMECOND_NONE),
+  NVEND,
+};
+
+const NameValue setopt_nv_CURLFTPSSL_CCC[] = {
+  NV(CURLFTPSSL_CCC_NONE),
+  NV(CURLFTPSSL_CCC_PASSIVE),
+  NV(CURLFTPSSL_CCC_ACTIVE),
+  NVEND,
+};
+
+/* These mappings essentially triplicated - see
+ * tool_libinfo.c and tool_paramhlp.c */
+const NameValue setopt_nv_CURLPROTO[] = {
+  NV(CURLPROTO_ALL),            /* combination */
+  NV(CURLPROTO_DICT),
+  NV(CURLPROTO_FILE),
+  NV(CURLPROTO_FTP),
+  NV(CURLPROTO_FTPS),
+  NV(CURLPROTO_GOPHER),
+  NV(CURLPROTO_HTTP),
+  NV(CURLPROTO_HTTPS),
+  NV(CURLPROTO_IMAP),
+  NV(CURLPROTO_IMAPS),
+  NV(CURLPROTO_LDAP),
+  NV(CURLPROTO_LDAPS),
+  NV(CURLPROTO_POP3),
+  NV(CURLPROTO_POP3S),
+  NV(CURLPROTO_RTSP),
+  NV(CURLPROTO_SCP),
+  NV(CURLPROTO_SFTP),
+  NV(CURLPROTO_SMTP),
+  NV(CURLPROTO_SMTPS),
+  NV(CURLPROTO_TELNET),
+  NV(CURLPROTO_TFTP),
+  NVEND,
+};
+
+/* Format and add code; jump to nomem on malloc error */
+#define ADD(args) do { \
+  ret = easysrc_add args; \
+  if(ret) \
+    goto nomem; \
+} WHILE_FALSE
+#define ADDF(args) do { \
+  ret = easysrc_addf args; \
+  if(ret) \
+    goto nomem; \
+} WHILE_FALSE
+
+#define DECL0(s) ADD((&easysrc_decl, s))
+#define DECL1(f,a) ADDF((&easysrc_decl, f,a))
+
+#define DATA0(s) ADD((&easysrc_data, s))
+#define DATA1(f,a) ADDF((&easysrc_data, f,a))
+#define DATA2(f,a,b) ADDF((&easysrc_data, f,a,b))
+#define DATA3(f,a,b,c) ADDF((&easysrc_data, f,a,b,c))
+
+#define CODE0(s) ADD((&easysrc_code, s))
+#define CODE1(f,a) ADDF((&easysrc_code, f,a))
+#define CODE2(f,a,b) ADDF((&easysrc_code, f,a,b))
+#define CODE3(f,a,b,c) ADDF((&easysrc_code, f,a,b,c))
+
+#define CLEAN0(s) ADD((&easysrc_clean, s))
+#define CLEAN1(f,a) ADDF((&easysrc_clean, f,a))
+
+#define REM0(s) ADD((&easysrc_toohard, s))
+#define REM1(f,a) ADDF((&easysrc_toohard, f,a))
+#define REM2(f,a,b) ADDF((&easysrc_toohard, f,a,b))
+
+/* Escape string to C string syntax.  Return NULL if out of memory.
+ * Is this correct for those wacky EBCDIC guys? */
+static char *c_escape(const char *str)
+{
+  size_t len = 0;
+  const char *s;
+  unsigned char c;
+  char *escaped, *e;
+  /* Allocate space based on worst-case */
+  len = strlen(str);
+  escaped = malloc(4 * len + 1);
+  if(!escaped)
+    return NULL;
+
+  e = escaped;
+  for(s=str; (c=*s) != '\0'; s++) {
+    if(c=='\n') {
+      strcpy(e, "\\n");
+      e += 2;
+    }
+    else if(c=='\r') {
+      strcpy(e, "\\r");
+      e += 2;
+    }
+    else if(c=='\t') {
+      strcpy(e, "\\t");
+      e += 2;
+    }
+    else if(c=='\\') {
+      strcpy(e, "\\\\");
+      e += 2;
+    }
+    else if(c=='"') {
+      strcpy(e, "\\\"");
+      e += 2;
+    }
+    else if(! isprint(c)) {
+      sprintf(e, "\\%03o", c);
+      e += 4;
+    }
+    else
+      *e++ = c;
+  }
+  *e = '\0';
+  return escaped;
+}
+
+/* setopt wrapper for enum types */
+CURLcode tool_setopt_enum(CURL *curl, struct Configurable *config,
+                          const char *name, CURLoption tag,
+                          const NameValue *nvlist, long lval)
+{
+  CURLcode ret = CURLE_OK;
+  bool skip = FALSE;
+
+  ret = curl_easy_setopt(curl, tag, lval);
+  if(!lval)
+    skip = TRUE;
+
+  if(config->libcurl && !skip && !ret) {
+    /* we only use this for real if --libcurl was used */
+    const NameValue *nv = NULL;
+    for(nv=nvlist; nv->name; nv++) {
+      if(nv->value == lval) break; /* found it */
+    }
+    if(! nv->name) {
+      /* If no definition was found, output an explicit value.
+       * This could happen if new values are defined and used
+       * but the NameValue list is not updated. */
+      CODE2("curl_easy_setopt(hnd, %s, %ldL);", name, lval);
+    }
+    else {
+      CODE2("curl_easy_setopt(hnd, %s, (long)%s);", name, nv->name);
+    }
+  }
+
+ nomem:
+  return ret;
+}
+
+/* setopt wrapper for bit mask */
+CURLcode tool_setopt_flags(CURL *curl, struct Configurable *config,
+                           const char *name, CURLoption tag,
+                           const NameValue *nvlist, long lval)
+{
+  CURLcode ret = CURLE_OK;
+  bool skip = FALSE;
+
+  ret = curl_easy_setopt(curl, tag, lval);
+  if(!lval)
+    skip = TRUE;
+
+  if(config->libcurl && !skip && !ret) {
+    /* we only use this for real if --libcurl was used */
+    char preamble[80];          /* should accommodate any symbol name */
+    long rest = lval;           /* bits not handled yet */
+    const NameValue *nv = NULL;
+    snprintf(preamble, sizeof(preamble),
+             "curl_easy_setopt(hnd, %s, ", name);
+    for(nv=nvlist; nv->name; nv++) {
+      if((nv->value & ~ rest) == 0) {
+        /* all value flags contained in rest */
+        rest &= ~ nv->value;    /* remove bits handled here */
+        CODE3("%s(long)%s%s",
+              preamble, nv->name, rest ? " |" : ");");
+        if(!rest)
+          break;                /* handled them all */
+        /* replace with all spaces for continuation line */
+        sprintf(preamble, "%*s", strlen(preamble), "");
+      }
+    }
+    /* If any bits have no definition, output an explicit value.
+     * This could happen if new bits are defined and used
+     * but the NameValue list is not updated. */
+    if(rest)
+      CODE2("%s%ldL);", preamble, rest);
+  }
+
+ nomem:
+  return ret;
+}
+
+/* setopt wrapper for CURLOPT_HTTPPOST */
+CURLcode tool_setopt_httppost(CURL *curl, struct Configurable *config,
+                              const char *name, CURLoption tag,
+                              struct curl_httppost *post)
+{
+  CURLcode ret = CURLE_OK;
+  char *escaped = NULL;
+  bool skip = FALSE;
+
+  ret = curl_easy_setopt(curl, tag, post);
+  if(!post)
+    skip = TRUE;
+
+  if(config->libcurl && !skip && !ret) {
+    struct curl_httppost *pp, *p;
+    int i;
+    /* May use several httppost lists, if multiple POST actions */
+    i = ++ easysrc_form_count;
+    DECL1("struct curl_httppost *post%d;", i);
+    DATA1("post%d = NULL;", i);
+    CLEAN1("curl_formfree(post%d);", i);
+    CLEAN1("post%d = NULL;", i);
+    if(i == 1)
+      DECL0("struct curl_httppost *postend;");
+    DATA0("postend = NULL;");
+    for(p=post; p; p=p->next) {
+      DATA1("curl_formadd(&post%d, &postend,", i);
+      DATA1("             CURLFORM_COPYNAME, \"%s\",", p->name);
+      for(pp=p; pp; pp=pp->more) {
+        /* May be several files uploaded for one name;
+         * these are linked through the 'more' pointer */
+        Curl_safefree(escaped);
+        escaped = c_escape(pp->contents);
+        if(!escaped) {
+          ret = CURLE_OUT_OF_MEMORY;
+          goto nomem;
+        }
+        if(pp->flags & HTTPPOST_FILENAME) {
+          /* file upload as for -F @filename */
+          DATA1("             CURLFORM_FILE, \"%s\",", escaped);
+        }
+        else if(pp->flags & HTTPPOST_READFILE) {
+          /* content from file as for -F <filename */
+          DATA1("             CURLFORM_FILECONTENT, \"%s\",", escaped);
+        }
+        else
+          DATA1("             CURLFORM_COPYCONTENTS, \"%s\",", escaped);
+        if(pp->showfilename) {
+          Curl_safefree(escaped);
+          escaped = c_escape(pp->showfilename);
+          if(!escaped) {
+            ret = CURLE_OUT_OF_MEMORY;
+            goto nomem;
+          }
+          DATA1("             CURLFORM_FILENAME, \"%s\",", escaped);
+        }
+        if(pp->contenttype) {
+          Curl_safefree(escaped);
+          escaped = c_escape(pp->contenttype);
+          if(!escaped) {
+            ret = CURLE_OUT_OF_MEMORY;
+            goto nomem;
+          }
+          DATA1("             CURLFORM_CONTENTTYPE, \"%s\",", escaped);
+        }
+      }
+      DATA0("             CURLFORM_END);");
+    }
+    CODE2("curl_easy_setopt(hnd, %s, post%d);", name, i);
+  }
+
+ nomem:
+  Curl_safefree(escaped);
+  return ret;
+}
+
+/* setopt wrapper for curl_slist options */
+CURLcode tool_setopt_slist(CURL *curl, struct Configurable *config,
+                           const char *name, CURLoption tag,
+                           struct curl_slist *list)
+{
+  CURLcode ret = CURLE_OK;
+  char *escaped = NULL;
+  bool skip = FALSE;
+
+  ret = curl_easy_setopt(curl, tag, list);
+  if(!list)
+    skip = TRUE;
+
+  if(config->libcurl && !skip && !ret) {
+    struct curl_slist *s;
+    int i;
+    /* May need several slist variables, so invent name */
+    i = ++ easysrc_slist_count;
+    DECL1("struct curl_slist *slist%d;", i);
+    DATA1("slist%d = NULL;", i);
+    CLEAN1("curl_slist_free_all(slist%d);", i);
+    CLEAN1("slist%d = NULL;", i);
+    for(s=list; s; s=s->next) {
+      Curl_safefree(escaped);
+      escaped = c_escape(s->data);
+      if(!escaped) {
+        ret = CURLE_OUT_OF_MEMORY;
+        goto nomem;
+      }
+      DATA3("slist%d = curl_slist_append(slist%d, \"%s\");", i, i, escaped);
+    }
+    CODE2("curl_easy_setopt(hnd, %s, slist%d);", name, i);
+  }
+
+ nomem:
+  Curl_safefree(escaped);
+  return ret;
+}
+
+/* generic setopt wrapper for all other options.
+ * Some type information is encoded in the tag value. */
 CURLcode tool_setopt(CURL *curl, bool str, struct Configurable *config,
                      const char *name, CURLoption tag, ...)
 {
   va_list arg;
-  char *bufp;
+  char buf[256];
-  char value[256];
+  const char *value = NULL;
   bool remark = FALSE;
   bool skip = FALSE;
+  bool escape = FALSE;
+  char *escaped = NULL;
   CURLcode ret = CURLE_OK;
 
   va_start(arg, tag);
 
   if(tag < CURLOPTTYPE_OBJECTPOINT) {
+    /* Value is expected to be a long */
     long lval = va_arg(arg, long);
-    snprintf(value, sizeof(value), "%ldL", lval);
+    snprintf(buf, sizeof(buf), "%ldL", lval);
+    value = buf;
     ret = curl_easy_setopt(curl, tag, lval);
     if(!lval)
       skip = TRUE;
   }
   else if(tag < CURLOPTTYPE_OFF_T) {
+    /* Value is some sort of object pointer */
     void *pval = va_arg(arg, void *);
-    unsigned char *ptr = (unsigned char *)pval;
 
     /* function pointers are never printable */
     if(tag >= CURLOPTTYPE_FUNCTIONPOINT) {
       if(pval) {
-        strcpy(value, "functionpointer"); /* 'value' fits 256 bytes */
+        value = "functionpointer";
         remark = TRUE;
       }
       else
         skip = TRUE;
     }
 
-    else if(pval && str)
+    else if(pval && str) {
-      snprintf(value, sizeof(value), "\"%s\"", (char *)ptr);
+      value = (char *)pval;
+      escape = TRUE;
+    }
     else if(pval) {
-      strcpy(value, "objectpointer"); /* 'value' fits 256 bytes */
+      value = "objectpointer";
       remark = TRUE;
     }
     else
@@ -79,9 +447,11 @@ CURLcode tool_setopt(CURL *curl, bool str, struct Configurable *config,
 
   }
   else {
+    /* Value is expected to be curl_off_t */
     curl_off_t oval = va_arg(arg, curl_off_t);
-    snprintf(value, sizeof(value),
+    snprintf(buf, sizeof(buf),
              "(curl_off_t)%" CURL_FORMAT_CURL_OFF_T, oval);
+    value = buf;
     ret = curl_easy_setopt(curl, tag, oval);
 
     if(!oval)
@@ -94,32 +464,24 @@ CURLcode tool_setopt(CURL *curl, bool str, struct Configurable *config,
     /* we only use this for real if --libcurl was used */
 
     if(remark)
-      bufp = curlx_maprintf("%s set to a %s", name, value);
+      REM2("%s set to a %s", name, value);
-    else
-      bufp = curlx_maprintf("curl_easy_setopt(hnd, %s, %s);", name, value);
-
-    if(!bufp)
-      ret = CURLE_OUT_OF_MEMORY;
     else {
-      struct curl_slist *list =
+      if(escape) {
-        curl_slist_append(remark?easysrc_remarks:easysrc, bufp);
+        escaped = c_escape(value);
-
+        if(!escaped) {
-      curl_free(bufp);
-
-      if(!list) {
-        curl_slist_free_all(easysrc_remarks);
-        curl_slist_free_all(easysrc);
-        easysrc_remarks = NULL;
-        easysrc = NULL;
           ret = CURLE_OUT_OF_MEMORY;
+          goto nomem;
+        }
+        CODE2("curl_easy_setopt(hnd, %s, \"%s\");", name, escaped);
       }
-      else if(remark)
-        easysrc_remarks = list;
       else
-        easysrc = list;
+        CODE2("curl_easy_setopt(hnd, %s, %s);", name, value);
     }
   }
 
+ nomem:
+  Curl_safefree(escaped);
   return ret;
 }
 
+#endif /* CURL_DISABLE_LIBCURL_OPTION */

src/tool_setopt.h

@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -23,28 +23,108 @@
  ***************************************************************************/
 #include "setup.h"
 
-CURLcode tool_setopt(CURL *curl, bool str, struct Configurable *config,
-                     const char *name, CURLoption tag, ...);
-
 /*
  * Macros used in operate()
  */
 
-#define my_setopt(x,y,z)  do { \
+#define SETOPT_CHECK(v) do { \
-  res = tool_setopt(x, FALSE, config, #y, y, z); \
+  res = (v); \
   if(res) \
     goto show_error; \
 } WHILE_FALSE
 
-#define my_setopt_str(x,y,z)  do { \
+#ifndef CURL_DISABLE_LIBCURL_OPTION
-  res = tool_setopt(x, TRUE, config, #y, y, z); \
+
-  if(res) \
+/* Associate symbolic names with option values */
-    goto show_error; \
+typedef struct {
-} WHILE_FALSE
+  const char *name;
+  long value;
+} NameValue;
+
+extern const NameValue setopt_nv_CURLPROXY[];
+extern const NameValue setopt_nv_CURLAUTH[];
+extern const NameValue setopt_nv_CURL_HTTP_VERSION[];
+extern const NameValue setopt_nv_CURL_SSLVERSION[];
+extern const NameValue setopt_nv_CURL_TIMECOND[];
+extern const NameValue setopt_nv_CURLFTPSSL_CCC[];
+extern const NameValue setopt_nv_CURLPROTO[];
+
+/* Map options to NameValue sets */
+#define setopt_nv_CURLOPT_HTTP_VERSION setopt_nv_CURL_HTTP_VERSION
+#define setopt_nv_CURLOPT_HTTPAUTH setopt_nv_CURLAUTH
+#define setopt_nv_CURLOPT_SSLVERSION setopt_nv_CURL_SSLVERSION
+#define setopt_nv_CURLOPT_TIMECONDITION setopt_nv_CURL_TIMECOND
+#define setopt_nv_CURLOPT_FTP_SSL_CCC setopt_nv_CURLFTPSSL_CCC
+#define setopt_nv_CURLOPT_PROTOCOLS setopt_nv_CURLPROTO
+#define setopt_nv_CURLOPT_REDIR_PROTOCOLS setopt_nv_CURLPROTO
+#define setopt_nv_CURLOPT_PROXYTYPE setopt_nv_CURLPROXY
+#define setopt_nv_CURLOPT_PROXYAUTH setopt_nv_CURLAUTH
+
+/* Intercept setopt calls for --libcurl */
+
+CURLcode tool_setopt_enum(CURL *curl, struct Configurable *config,
+                          const char *name, CURLoption tag,
+                          const NameValue *nv, long lval);
+CURLcode tool_setopt_flags(CURL *curl, struct Configurable *config,
+                           const char *name, CURLoption tag,
+                           const NameValue *nv, long lval);
+CURLcode tool_setopt_httppost(CURL *curl, struct Configurable *config,
+                              const char *name, CURLoption tag,
+                              struct curl_httppost *httppost);
+CURLcode tool_setopt_slist(CURL *curl, struct Configurable *config,
+                           const char *name, CURLoption tag,
+                           struct curl_slist *list);
+CURLcode tool_setopt(CURL *curl, bool str, struct Configurable *config,
+                     const char *name, CURLoption tag, ...);
+
+#define my_setopt(x,y,z) \
+  SETOPT_CHECK(tool_setopt(x, FALSE, config, #y, y, z))
+
+#define my_setopt_str(x,y,z) \
+  SETOPT_CHECK(tool_setopt(x, TRUE, config, #y, y, z))
+
+#define my_setopt_enum(x,y,z) \
+  SETOPT_CHECK(tool_setopt_enum(x, config, #y, y, setopt_nv_ ## y, z))
+
+#define my_setopt_flags(x,y,z) \
+  SETOPT_CHECK(tool_setopt_flags(x, config, #y, y, setopt_nv_ ## y, z))
+
+#define my_setopt_httppost(x,y,z) \
+  SETOPT_CHECK(tool_setopt_httppost(x, config, #y, y, z))
+
+#define my_setopt_slist(x,y,z) \
+  SETOPT_CHECK(tool_setopt_slist(x, config, #y, y, z))
 
 #define res_setopt(x,y,z) tool_setopt(x, FALSE, config, #y, y, z)
 
 #define res_setopt_str(x,y,z) tool_setopt(x, TRUE, config, #y, y, z)
 
-#endif /* HEADER_CURL_TOOL_SETOPT_H */
+#else /* CURL_DISABLE_LIBCURL_OPTION */
 
+/* No --libcurl, so pass options directly to library */
+
+#define my_setopt(x,y,z) \
+  SETOPT_CHECK(curl_easy_setopt(x, y, z))
+
+#define my_setopt_str(x,y,z) \
+  SETOPT_CHECK(curl_easy_setopt(x, y, z))
+
+#define my_setopt_enum(x,y,z) \
+  SETOPT_CHECK(curl_easy_setopt(x, y, z))
+
+#define my_setopt_flags(x,y,z) \
+  SETOPT_CHECK(curl_easy_setopt(x, y, z))
+
+#define my_setopt_httppost(x,y,z) \
+  SETOPT_CHECK(curl_easy_setopt(x, y, z))
+
+#define my_setopt_slist(x,y,z) \
+  SETOPT_CHECK(curl_easy_setopt(x, y, z))
+
+#define res_setopt(x,y,z) curl_easy_setopt(x,y,z)
+
+#define res_setopt_str(x,y,z) curl_easy_setopt(x,y,z)
+
+#endif /* CURL_DISABLE_LIBCURL_OPTION */
+
+#endif /* HEADER_CURL_TOOL_SETOPT_H */

src/vc6curlsrc.dsp

@@ -183,10 +183,6 @@ SOURCE=.\tool_cb_see.c
 # End Source File
 # Begin Source File
 
-SOURCE=.\tool_cb_skt.c
-# End Source File
-# Begin Source File
-
 SOURCE=.\tool_cb_wrt.c
 # End Source File
 # Begin Source File
@@ -359,10 +355,6 @@ SOURCE=.\tool_cb_see.h
 # End Source File
 # Begin Source File
 
-SOURCE=.\tool_cb_skt.h
-# End Source File
-# Begin Source File
-
 SOURCE=.\tool_cb_wrt.h
 # End Source File
 # Begin Source File

tests/convsrctest.pl

@@ -0,0 +1,255 @@
+#!/usr/bin/env perl
+#***************************************************************************
+#                                  _   _ ____  _
+#  Project                     ___| | | |  _ \| |
+#                             / __| | | | |_) | |
+#                            | (__| |_| |  _ <| |___
+#                             \___|\___/|_| \_\_____|
+#
+# Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+#
+# This software is licensed as described in the file COPYING, which
+# you should have received as part of this distribution. The terms
+# are also available at http://curl.haxx.se/docs/copyright.html.
+#
+# You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# copies of the Software, and permit persons to whom the Software is
+# furnished to do so, under the terms of the COPYING file.
+#
+# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# KIND, either express or implied.
+#
+#***************************************************************************
+
+#=======================================================================
+# Read a test definition which exercises curl's --libcurl option.
+# Generate either compilable source code for a new test tool,
+# or a new test definition which runs the tool and expects the
+# same output.
+# This should verify that the --libcurl code really does perform
+# the same actions as the original curl invocation.
+#-----------------------------------------------------------------------
+# The output of curl's --libcurl option differs in several ways from
+# the code needed to integrate with the test tool environment:
+# - #include "test.h"
+# - no call of curl_global_init & curl_global_cleanup
+# - main() function vs. test() function
+# - no checking of curl_easy_setopt calls vs. test_setopt wrapper
+# - handling of stdout
+# - variable names ret & hnd vs. res & curl
+# - URL as literal string vs. passed as argument
+#=======================================================================
+use strict;
+require "getpart.pm";
+
+# Boilerplate code for test tool
+my $head =
+'#include "test.h"
+#include "memdebug.h"
+
+int test(char *URL)
+{
+  CURLcode res;
+  CURL *curl;
+';
+# Other declarations from --libcurl come here
+# e.g. curl_slist
+my $init =
+'
+  if (curl_global_init(CURL_GLOBAL_ALL) != CURLE_OK) {
+    fprintf(stderr, "curl_global_init() failed\n");
+    return TEST_ERR_MAJOR_BAD;
+  }
+
+  if ((curl = curl_easy_init()) == NULL) {
+    fprintf(stderr, "curl_easy_init() failed\n");
+    curl_global_cleanup();
+    return TEST_ERR_MAJOR_BAD;
+  }
+';
+# Option setting, perform and cleanup come here
+my $exit =
+'  curl_global_cleanup();
+
+  return (int)res;
+}
+';
+
+my $myname = leaf($0);
+sub usage {die "Usage: $myname -c|-test=num testfile\n";}
+
+sub main {
+    @ARGV == 2
+        or usage;
+    my($opt,$testfile) = @ARGV;
+
+    if(loadtest($testfile)) {
+        die "$myname: $testfile doesn't look like a test case\n";
+    }
+
+    my $comment = sprintf("DO NOT EDIT - generated from %s by %s",
+                          leaf($testfile), $myname);
+    if($opt eq '-c') {
+        generate_c($comment);
+    }
+    elsif(my($num) = $opt =~ /^-test=(\d+)$/) {
+        generate_test($comment, $num);
+    }
+    else {
+        usage;
+    }
+}
+
+sub generate_c {
+    my($comment) = @_;
+    # Fetch the generated code, which is the output file checked by
+    # the old test.
+    my @libcurl = getpart("verify", "file")
+        or die "$myname: no <verify><file> section found\n";
+
+    # Mangle the code into a suitable form for a test tool.
+    # We want to extract the important parts (declarations,
+    # URL, setopt calls, cleanup code) from the --libcurl
+    # boilerplate and insert them into a new boilerplate.
+    my(@decl,@code);
+    # First URL passed in as argument, others as global
+    my @urlvars = ('URL', 'libtest_arg2', 'libtest_arg3');
+    my($seen_main,$seen_setopt,$seen_return);
+    foreach (@libcurl) {
+        # Check state changes first (even though it
+        # duplicates some matches) so that the other tests
+        # are in a logical order).
+        if(/^int main/) {
+            $seen_main = 1;
+        }
+        if($seen_main and /curl_easy_setopt/) {
+            # Don't match 'curl_easy_setopt' in comment!
+            $seen_setopt = 1;
+        }
+        if(/^\s*return/) {
+            $seen_return = 1;
+        }
+
+        # Now filter the code according to purpose
+        if(! $seen_main) {
+            next;
+        }
+        elsif(! $seen_setopt) {
+            if(/^\s*(int main|\{|CURLcode |CURL |hnd = curl_easy_init)/) {
+                # Initialisations handled by boilerplate
+                next;
+            }
+            else {
+                push @decl, $_;
+            }
+        }
+        elsif(! $seen_return) {
+            if(/CURLOPT_URL/) {
+                # URL is passed in as argument or by global
+		my $var = shift @urlvars;
+                s/\"[^\"]*\"/$var/;
+            }
+	    s/\bhnd\b/curl/;
+            # Convert to macro wrapper
+            s/curl_easy_setopt/test_setopt/;
+	    if(/curl_easy_perform/) {
+		s/\bret\b/res/;
+		push @code, $_;
+		push @code, "test_cleanup:\n";
+	    }
+	    else {
+		push @code, $_;
+	    }
+        }
+    }
+
+    print ("/* $comment */\n",
+           $head,
+           @decl,
+           $init,
+           @code,
+           $exit);
+}
+
+# Read the original test data file and transform it
+# - add a "DO NOT EDIT comment"
+# - replace CURLOPT_URL string with URL variable
+# - remove <verify><file> section (was the --libcurl output)
+# - insert a <client><tool> section with our new C program name
+# - replace <client><command> section with the URL
+sub generate_test {
+    my($comment,$newnumber) = @_;
+    my @libcurl = getpart("verify", "file")
+        or die "$myname: no <verify><file> section found\n";
+    # Scan the --libcurl code to find the URL used.
+    my $url;
+    foreach (@libcurl) {
+        if(my($u) = /CURLOPT_URL, \"([^\"]*)\"/) {
+            $url = $u;
+        }
+    }
+    die "$myname: CURLOPT_URL not found\n"
+        unless defined $url;
+
+    # Traverse the pseudo-XML transforming as required
+    my @new;
+    my(@path,$path,$skip);
+    foreach (getall()) {
+        if(my($end) = /\s*<(\/?)testcase>/) {
+            push @new, $_;
+            push @new, "# $comment\n"
+                unless $end;
+        }
+        elsif(my($tag) = /^\s*<(\w+)/) {
+            push @path, $tag;
+            $path = join '/', @path;
+            if($path eq 'verify/file') {
+                $skip = 1;
+            }
+            push @new, $_
+                unless $skip;
+            if($path eq 'client') {
+                push @new, ("<tool>\n",
+                            "lib$newnumber\n",
+                            "</tool>\n");
+            }
+            elsif($path eq 'client/command') {
+                push @new, sh_quote($url)."\n";
+            }
+        }
+        elsif(my($etag) = /^\s*<\/(\w+)/) {
+            my $tag = pop @path;
+            die "$myname: mismatched </$etag>\n"
+                unless $tag eq $etag;
+            push @new, $_
+                unless $skip;
+            $skip --
+                if $path eq 'verify/file';
+            $path = join '/', @path;
+        }
+        else {
+            if($path eq 'client/command') {
+                # Replaced above
+            }
+            else {
+                push @new, $_
+                    unless $skip;
+            }
+        }
+    }
+    print @new;
+}
+
+sub leaf {
+    # Works for POSIX filenames
+    (my $path = shift) =~ s!.*/!!;
+    return $path;
+}
+
+sub sh_quote {
+    my $word = shift;
+    $word =~ s/[\$\"\'\\]/\\$&/g;
+    return '"' . $word . '"';
+}
+
+main;

tests/data/Makefile.am

@@ -48,7 +48,7 @@ test551 test552 test553 test554 test555 test556 test557 test560 test561	\
 test562 test563 test564 test565 test566 test567 test568 test569 test570	\
 test571 test572 test573 test574 test575 test576 test578 test579 test580	\
 test581 test582 test583 test584 test585 test586 test587 test588 test590 \
-test591 test592 test593 test594 test595 test596 test597 \
+test591 test592 test593 test594 test595 test596 test597 test598 \
 test600 test601 test602 test603 test604	\
 test605 test606 test607 test608 test609 test610 test611 test612 test613	\
 test614 test615 test616 test617 test618 test619 test620 test621 test622	\
@@ -82,7 +82,8 @@ test1220 \
 test1300 test1301 test1302 test1303 test1304 test1305	\
 test1306 test1307 test1308 test1309 test1310 test1311 test1312 test1313 \
 test1314 test1315 test1316 test1317 test1318 test1319 test1320 test1321 \
-test1322 test1323 test1324 test1325 test1326 test1327 \
+test1322 test1323 test1324 test1325 test1326 test1327 test1328 test1329 \
+test1400 test1401 test1402 test1403 test1404 test1405 test1406 test1407 \
 test2000 test2001 test2002 test2003 test2004
 
 EXTRA_DIST = $(TESTCASES) DISABLED

tests/data/test1328

@@ -0,0 +1,70 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP GET
+-f
+</keywords>
+</info>
+
+<reply>
+<data>
+HTTP/1.1 404 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Content-Length: 6
+Funny-head: yesyes
+
+-noo-
+</data>
+<data1>
+HTTP/1.1 200 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Content-Length: 6
+Connection: close
+Funny-head: yesyes
+
+-yes-
+</data1>
+<datacheck>
+HTTP/1.1 200 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Content-Length: 6
+Connection: close
+Funny-head: yesyes
+
+-yes-
+</datacheck>
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+http
+</server>
+ <name>
+HTTP GET a globbed range with -f
+ </name>
+ <command>
+-f 'http://%HOSTIP:%HTTPPORT/[13280000-13280001]' -o log/#1
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<strip>
+^User-Agent:.*
+</strip>
+<protocol>
+GET /13280000 HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+
+GET /13280001 HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+
+</protocol>
+</verify>
+</testcase>

tests/data/test1329

@@ -0,0 +1,30 @@
+<testcase>
+<info>
+<keywords>
+HTTP proxy
+</keywords>
+</info>
+
+#
+# Client-side
+<client>
+<server>
+http
+</server>
+ <name>
+/-prefixed proxy name
+ </name>
+ <command>
+http://%HOSTIP:%HTTPPORT/we/want/that/page/1329 -x "/server"
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+# 5 == CURLE_COULDNT_RESOLVE_PROXY
+<errorcode>
+5
+</errorcode>
+</verify>
+</testcase>

tests/data/test1400

@@ -0,0 +1,101 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP GET
+--libcurl
+</keywords>
+</info>
+
+# Server-side
+<reply>
+<data>
+HTTP/1.1 200 OK
+Date: Thu, 29 Jul 2008 14:49:00 GMT
+Server: test-server/fake
+Content-Length: 0
+Connection: close
+
+</data>
+</reply>
+
+# Client-side
+<client>
+<server>
+http
+</server>
+ <name>
+--libcurl for simple HTTP GET
+ </name>
+ <command>
+http://%HOSTIP:%HTTPPORT/we/want/1400 --libcurl log/test1400.c
+</command>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+<strip>
+^User-Agent:.*
+</strip>
+<protocol>
+GET /we/want/1400 HTTP/1.1
+User-Agent: curl/7.18.2 (i686-pc-linux-gnu) libcurl/7.18.2 OpenSSL/0.9.7a ipv6 zlib/1.1.4
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+
+</protocol>
+<stripfile>
+s/(USERAGENT, \")[^\"]+/${1}stripped/
+# CURLOPT_SSL_VERIFYPEER and SSH_KNOWNHOSTS vary with configurations - just
+# ignore them
+$_ = '' if /CURLOPT_SSL_VERIFYPEER/
+$_ = '' if /CURLOPT_SSH_KNOWNHOSTS/
+</stripfile>
+<file name="log/test1400.c" mode="text">
+/********* Sample code generated by the curl command line tool **********
+ * All curl_easy_setopt() options are documented at:
+ * http://curl.haxx.se/libcurl/c/curl_easy_setopt.html
+ ************************************************************************/
+#include <curl/curl.h>
+
+int main(int argc, char *argv[])
+{
+  CURLcode ret;
+  CURL *hnd;
+
+  hnd = curl_easy_init();
+  curl_easy_setopt(hnd, CURLOPT_URL, "http://%HOSTIP:%HTTPPORT/we/want/1400");
+  curl_easy_setopt(hnd, CURLOPT_HEADER, 1L);
+  curl_easy_setopt(hnd, CURLOPT_USERAGENT, "stripped");
+  curl_easy_setopt(hnd, CURLOPT_MAXREDIRS, 50L);
+  curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L);
+  curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L);
+
+  /* Here is a list of options the curl code used that cannot get generated
+     as source easily. You may select to either not use them or implement
+     them yourself.
+
+  CURLOPT_WRITEDATA set to a objectpointer
+  CURLOPT_WRITEFUNCTION set to a functionpointer
+  CURLOPT_READDATA set to a objectpointer
+  CURLOPT_READFUNCTION set to a functionpointer
+  CURLOPT_SEEKDATA set to a objectpointer
+  CURLOPT_SEEKFUNCTION set to a functionpointer
+  CURLOPT_ERRORBUFFER set to a objectpointer
+  CURLOPT_STDERR set to a objectpointer
+  CURLOPT_DEBUGFUNCTION set to a functionpointer
+  CURLOPT_DEBUGDATA set to a objectpointer
+
+  */
+
+  ret = curl_easy_perform(hnd);
+
+  curl_easy_cleanup(hnd);
+  hnd = NULL;
+
+  return (int)ret;
+}
+/**** End of sample code ****/
+</file>
+</verify>
+</testcase>

tests/data/test1401

@@ -0,0 +1,124 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP GET
+HTTP Basic auth
+HTTP set cookie
+cookies
+--libcurl
+</keywords>
+</info>
+
+# Server-side
+<reply>
+<data>
+HTTP/1.1 200 OK
+Date: Thu, 29 Jul 2008 14:49:00 GMT
+Server: test-server/fake
+Content-Length: 0
+Content-Type: text/plain
+Connection: close
+
+</data>
+</reply>
+
+# Client-side
+<client>
+<server>
+http
+</server>
+ <name>
+--libcurl for GET with various options
+ </name>
+ <command>
+http://%HOSTIP:%HTTPPORT/we/want/1401 --libcurl log/test1401.c --basic -u fake:user -H "X-Files: Mulder" -H "X-Men: cyclops, iceman" -A MyUA -b chocolate=chip --proto "=http,ftp,file"
+</command>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+<strip>
+^User-Agent:.*
+</strip>
+<protocol>
+GET /we/want/1401 HTTP/1.1
+User-Agent: stripped
+Authorization: Basic ZmFrZTp1c2Vy
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+Cookie: chocolate=chip
+X-Files: Mulder
+X-Men: cyclops, iceman
+
+</protocol>
+<stripfile>
+# CURLOPT_SSL_VERIFYPEER and SSH_KNOWNHOSTS vary with configurations - just
+# ignore them
+$_ = '' if /CURLOPT_SSL_VERIFYPEER/
+$_ = '' if /CURLOPT_SSH_KNOWNHOSTS/
+</stripfile>
+<file name="log/test1401.c" mode="text">
+/********* Sample code generated by the curl command line tool **********
+ * All curl_easy_setopt() options are documented at:
+ * http://curl.haxx.se/libcurl/c/curl_easy_setopt.html
+ ************************************************************************/
+#include <curl/curl.h>
+
+int main(int argc, char *argv[])
+{
+  CURLcode ret;
+  CURL *hnd;
+  struct curl_slist *slist1;
+
+  slist1 = NULL;
+  slist1 = curl_slist_append(slist1, "X-Files: Mulder");
+  slist1 = curl_slist_append(slist1, "X-Men: cyclops, iceman");
+
+  hnd = curl_easy_init();
+  curl_easy_setopt(hnd, CURLOPT_URL, "http://%HOSTIP:%HTTPPORT/we/want/1401");
+  curl_easy_setopt(hnd, CURLOPT_HEADER, 1L);
+  curl_easy_setopt(hnd, CURLOPT_USERPWD, "fake:user");
+  curl_easy_setopt(hnd, CURLOPT_USERAGENT, "MyUA");
+  curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, slist1);
+  curl_easy_setopt(hnd, CURLOPT_MAXREDIRS, 50L);
+  curl_easy_setopt(hnd, CURLOPT_HTTPAUTH, (long)CURLAUTH_BASIC);
+  curl_easy_setopt(hnd, CURLOPT_COOKIE, "chocolate=chip");
+  curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L);
+  curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L);
+  curl_easy_setopt(hnd, CURLOPT_PROTOCOLS, (long)CURLPROTO_FILE |
+                                           (long)CURLPROTO_FTP |
+                                           (long)CURLPROTO_HTTP);
+
+  /* Here is a list of options the curl code used that cannot get generated
+     as source easily. You may select to either not use them or implement
+     them yourself.
+
+  CURLOPT_WRITEDATA set to a objectpointer
+  CURLOPT_WRITEFUNCTION set to a functionpointer
+  CURLOPT_READDATA set to a objectpointer
+  CURLOPT_READFUNCTION set to a functionpointer
+  CURLOPT_SEEKDATA set to a objectpointer
+  CURLOPT_SEEKFUNCTION set to a functionpointer
+  CURLOPT_ERRORBUFFER set to a objectpointer
+  CURLOPT_STDERR set to a objectpointer
+  CURLOPT_DEBUGFUNCTION set to a functionpointer
+  CURLOPT_DEBUGDATA set to a objectpointer
+
+  */
+
+  ret = curl_easy_perform(hnd);
+
+  curl_easy_cleanup(hnd);
+  hnd = NULL;
+  curl_slist_free_all(slist1);
+  slist1 = NULL;
+
+  return (int)ret;
+}
+/**** End of sample code ****/
+</file>
+<stdout>
+</stdout>
+</verify>
+</testcase>

tests/data/test1402

@@ -0,0 +1,110 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP POST
+--libcurl
+</keywords>
+</info>
+
+# Server-side
+<reply>
+<data>
+HTTP/1.1 200 OK
+Date: Thu, 29 Jul 2008 14:49:00 GMT
+Server: test-server/fake
+Content-Length: 0
+Content-Type: text/plain
+Connection: close
+
+</data>
+</reply>
+
+# Client-side
+<client>
+<server>
+http
+</server>
+ <name>
+--libcurl for simple POST
+ </name>
+ <command>
+http://%HOSTIP:%HTTPPORT/we/want/1402 --libcurl log/test1402.c -d "foo=bar" -d "baz=quux"
+</command>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+<strip>
+^User-Agent:.*
+</strip>
+<protocol nonewline="yes">
+POST /we/want/1402 HTTP/1.1
+User-Agent: curl/7.18.2 (i686-pc-linux-gnu) libcurl/7.18.2 OpenSSL/0.9.7a ipv6 zlib/1.1.4
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+Content-Length: 16
+Content-Type: application/x-www-form-urlencoded
+
+foo=bar&baz=quux
+</protocol>
+<stripfile>
+# curl's default user-agent varies with version, libraries etc.
+s/(USERAGENT, \")[^\"]+/${1}stripped/
+# CURLOPT_SSL_VERIFYPEER and SSH_KNOWNHOSTS vary with configurations - just
+# ignore them
+$_ = '' if /CURLOPT_SSL_VERIFYPEER/
+$_ = '' if /CURLOPT_SSH_KNOWNHOSTS/
+</stripfile>
+<file name="log/test1402.c" mode="text">
+/********* Sample code generated by the curl command line tool **********
+ * All curl_easy_setopt() options are documented at:
+ * http://curl.haxx.se/libcurl/c/curl_easy_setopt.html
+ ************************************************************************/
+#include <curl/curl.h>
+
+int main(int argc, char *argv[])
+{
+  CURLcode ret;
+  CURL *hnd;
+
+  hnd = curl_easy_init();
+  curl_easy_setopt(hnd, CURLOPT_URL, "http://%HOSTIP:%HTTPPORT/we/want/1402");
+  curl_easy_setopt(hnd, CURLOPT_HEADER, 1L);
+  curl_easy_setopt(hnd, CURLOPT_POSTFIELDS, "foo=bar&baz=quux");
+  curl_easy_setopt(hnd, CURLOPT_POSTFIELDSIZE_LARGE, (curl_off_t)16);
+  curl_easy_setopt(hnd, CURLOPT_USERAGENT, "stripped");
+  curl_easy_setopt(hnd, CURLOPT_MAXREDIRS, 50L);
+  curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L);
+  curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L);
+
+  /* Here is a list of options the curl code used that cannot get generated
+     as source easily. You may select to either not use them or implement
+     them yourself.
+
+  CURLOPT_WRITEDATA set to a objectpointer
+  CURLOPT_WRITEFUNCTION set to a functionpointer
+  CURLOPT_READDATA set to a objectpointer
+  CURLOPT_READFUNCTION set to a functionpointer
+  CURLOPT_SEEKDATA set to a objectpointer
+  CURLOPT_SEEKFUNCTION set to a functionpointer
+  CURLOPT_ERRORBUFFER set to a objectpointer
+  CURLOPT_STDERR set to a objectpointer
+  CURLOPT_DEBUGFUNCTION set to a functionpointer
+  CURLOPT_DEBUGDATA set to a objectpointer
+
+  */
+
+  ret = curl_easy_perform(hnd);
+
+  curl_easy_cleanup(hnd);
+  hnd = NULL;
+
+  return (int)ret;
+}
+/**** End of sample code ****/
+</file>
+<stdout>
+</stdout>
+</verify>
+</testcase>

tests/data/test1403

@@ -0,0 +1,105 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP GET
+--libcurl
+</keywords>
+</info>
+
+# Server-side
+<reply>
+<data>
+HTTP/1.1 200 OK
+Date: Thu, 29 Jul 2008 14:49:00 GMT
+Server: test-server/fake
+Content-Length: 0
+Content-Type: text/plain
+Connection: close
+
+</data>
+</reply>
+
+# Client-side
+<client>
+<server>
+http
+</server>
+ <name>
+--libcurl for GET with query
+ </name>
+ <command>
+http://%HOSTIP:%HTTPPORT/we/want/1403 --libcurl log/test1403.c -G -d "foo=bar" -d "baz=quux"
+</command>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+<strip>
+^User-Agent:.*
+</strip>
+<protocol>
+GET /we/want/1403?foo=bar&baz=quux HTTP/1.1
+User-Agent: curl/7.18.2 (i686-pc-linux-gnu) libcurl/7.18.2 OpenSSL/0.9.7a ipv6 zlib/1.1.4
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+
+</protocol>
+<stripfile>
+# curl's default user-agent varies with version, libraries etc.
+s/(USERAGENT, \")[^\"]+/${1}stripped/
+# CURLOPT_SSL_VERIFYPEER and SSH_KNOWNHOSTS vary with configurations - just
+# ignore them
+$_ = '' if /CURLOPT_SSL_VERIFYPEER/
+$_ = '' if /CURLOPT_SSH_KNOWNHOSTS/
+</stripfile>
+<file name="log/test1403.c" mode="text">
+/********* Sample code generated by the curl command line tool **********
+ * All curl_easy_setopt() options are documented at:
+ * http://curl.haxx.se/libcurl/c/curl_easy_setopt.html
+ ************************************************************************/
+#include <curl/curl.h>
+
+int main(int argc, char *argv[])
+{
+  CURLcode ret;
+  CURL *hnd;
+
+  hnd = curl_easy_init();
+  curl_easy_setopt(hnd, CURLOPT_URL, "http://%HOSTIP:%HTTPPORT/we/want/1403?foo=bar&baz=quux");
+  curl_easy_setopt(hnd, CURLOPT_HEADER, 1L);
+  curl_easy_setopt(hnd, CURLOPT_USERAGENT, "stripped");
+  curl_easy_setopt(hnd, CURLOPT_MAXREDIRS, 50L);
+  curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L);
+  curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L);
+
+  /* Here is a list of options the curl code used that cannot get generated
+     as source easily. You may select to either not use them or implement
+     them yourself.
+
+  CURLOPT_WRITEDATA set to a objectpointer
+  CURLOPT_WRITEFUNCTION set to a functionpointer
+  CURLOPT_READDATA set to a objectpointer
+  CURLOPT_READFUNCTION set to a functionpointer
+  CURLOPT_SEEKDATA set to a objectpointer
+  CURLOPT_SEEKFUNCTION set to a functionpointer
+  CURLOPT_ERRORBUFFER set to a objectpointer
+  CURLOPT_STDERR set to a objectpointer
+  CURLOPT_DEBUGFUNCTION set to a functionpointer
+  CURLOPT_DEBUGDATA set to a objectpointer
+
+  */
+
+  ret = curl_easy_perform(hnd);
+
+  curl_easy_cleanup(hnd);
+  hnd = NULL;
+
+  return (int)ret;
+}
+/**** End of sample code ****/
+</file>
+<stdout>
+</stdout>
+</verify>
+</testcase>

tests/data/test1404

@@ -0,0 +1,159 @@
+<testcase>
+# Based on test 1315
+<info>
+<keywords>
+HTTP
+HTTP FORMPOST
+HTTP file upload
+--libcurl
+</keywords>
+</info>
+
+# Server-side
+<reply>
+<data>
+HTTP/1.1 200 OK
+Date: Thu, 29 Jul 2008 14:49:00 GMT
+Server: test-server/fake
+Content-Length: 0
+Connection: close
+
+</data>
+</reply>
+
+# Client-side
+<client>
+<server>
+http
+</server>
+ <name>
+HTTP RFC1867-type formposting - -F with three files, one with explicit type
+ </name>
+ <command>
+http://%HOSTIP:%HTTPPORT/we/want/1404 -F name=value -F 'file=@log/test1404.txt,log/test1404.txt;type=magic/content,log/test1404.txt' --libcurl log/test1404.c
+</command>
+# We create this file before the command is invoked!
+<file name="log/test1404.txt">
+dummy data
+</file>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+<strip>
+(^User-Agent:.*|-----+\w+)
+</strip>
+<protocol>
+POST /we/want/1404 HTTP/1.1
+User-Agent: curl/7.18.2 (i686-pc-linux-gnu) libcurl/7.18.2 OpenSSL/0.9.7a ipv6 zlib/1.1.4
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+Content-Length: 795
+Expect: 100-continue
+Content-Type: multipart/form-data; boundary=----------------------------9ef8d6205763
+
+------------------------------9ef8d6205763
+Content-Disposition: form-data; name="name"
+
+value
+------------------------------9ef8d6205763
+Content-Disposition: form-data; name="file"
+Content-Type: multipart/mixed; boundary=----------------------------aaaaaaaaaaaa
+
+Content-Disposition: attachment; filename="test1404.txt"
+Content-Type: text/plain
+
+dummy data
+
+------------------------------9ef8d6205763
+Content-Disposition: attachment; filename="test1404.txt"
+Content-Type: magic/content
+
+dummy data
+
+------------------------------9ef8d6205763
+Content-Disposition: attachment; filename="test1404.txt"
+Content-Type: text/plain
+
+dummy data
+
+------------------------------aaaaaaaaaaaa--
+------------------------------9ef8d6205763--
+</protocol>
+<stripfile>
+# curl's default user-agent varies with version, libraries etc.
+s/(USERAGENT, \")[^\"]+/${1}stripped/
+# CURLOPT_SSL_VERIFYPEER and SSH_KNOWNHOSTS vary with configurations - just
+# ignore them
+$_ = '' if /CURLOPT_SSL_VERIFYPEER/
+$_ = '' if /CURLOPT_SSH_KNOWNHOSTS/
+</stripfile>
+<file name="log/test1404.c" mode="text">
+/********* Sample code generated by the curl command line tool **********
+ * All curl_easy_setopt() options are documented at:
+ * http://curl.haxx.se/libcurl/c/curl_easy_setopt.html
+ ************************************************************************/
+#include <curl/curl.h>
+
+int main(int argc, char *argv[])
+{
+  CURLcode ret;
+  CURL *hnd;
+  struct curl_httppost *post1;
+  struct curl_httppost *postend;
+
+  post1 = NULL;
+  postend = NULL;
+  curl_formadd(&post1, &postend,
+               CURLFORM_COPYNAME, "name",
+               CURLFORM_COPYCONTENTS, "value",
+               CURLFORM_END);
+  curl_formadd(&post1, &postend,
+               CURLFORM_COPYNAME, "file",
+               CURLFORM_FILE, "log/test1404.txt",
+               CURLFORM_CONTENTTYPE, "text/plain",
+               CURLFORM_FILE, "log/test1404.txt",
+               CURLFORM_CONTENTTYPE, "magic/content",
+               CURLFORM_FILE, "log/test1404.txt",
+               CURLFORM_CONTENTTYPE, "text/plain",
+               CURLFORM_END);
+
+  hnd = curl_easy_init();
+  curl_easy_setopt(hnd, CURLOPT_URL, "http://%HOSTIP:%HTTPPORT/we/want/1404");
+  curl_easy_setopt(hnd, CURLOPT_HEADER, 1L);
+  curl_easy_setopt(hnd, CURLOPT_HTTPPOST, post1);
+  curl_easy_setopt(hnd, CURLOPT_USERAGENT, "stripped");
+  curl_easy_setopt(hnd, CURLOPT_MAXREDIRS, 50L);
+  curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L);
+  curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L);
+
+  /* Here is a list of options the curl code used that cannot get generated
+     as source easily. You may select to either not use them or implement
+     them yourself.
+
+  CURLOPT_WRITEDATA set to a objectpointer
+  CURLOPT_WRITEFUNCTION set to a functionpointer
+  CURLOPT_READDATA set to a objectpointer
+  CURLOPT_READFUNCTION set to a functionpointer
+  CURLOPT_SEEKDATA set to a objectpointer
+  CURLOPT_SEEKFUNCTION set to a functionpointer
+  CURLOPT_ERRORBUFFER set to a objectpointer
+  CURLOPT_STDERR set to a objectpointer
+  CURLOPT_DEBUGFUNCTION set to a functionpointer
+  CURLOPT_DEBUGDATA set to a objectpointer
+
+  */
+
+  ret = curl_easy_perform(hnd);
+
+  curl_easy_cleanup(hnd);
+  hnd = NULL;
+  curl_formfree(post1);
+  post1 = NULL;
+
+  return (int)ret;
+}
+/**** End of sample code ****/
+</file>
+</verify>
+</testcase>

tests/data/test1405

@@ -0,0 +1,135 @@
+<testcase>
+# Derived from test227
+<info>
+<keywords>
+FTP
+post-quote
+pre-quote
+quote
+--libcurl
+</keywords>
+</info>
+# Server-side
+<reply>
+<data>
+data
+    to
+      see
+that FTP
+works
+  so does it?
+</data>
+<servercmd>
+REPLY EPSV 500 no such command
+REPLY FAIL 500 this might not be a failure!
+</servercmd>
+</reply>
+
+# Client-side
+<client>
+<server>
+ftp
+</server>
+ <name>
+FTP with quote ops
+ </name>
+ <command>
+ftp://%HOSTIP:%FTPPORT/1405 -Q "NOOP 1" -Q "+NOOP 2" -Q "-NOOP 3" -Q "*FAIL" -Q "+*FAIL HARD" --libcurl log/test1405.c
+</command>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+<protocol>
+USER anonymous
+PASS ftp@example.com
+PWD
+NOOP 1
+FAIL
+EPSV
+PASV
+TYPE I
+NOOP 2
+FAIL HARD
+SIZE 1405
+RETR 1405
+NOOP 3
+QUIT
+</protocol>
+<file name="log/test1405.c" mode="text">
+/********* Sample code generated by the curl command line tool **********
+ * All curl_easy_setopt() options are documented at:
+ * http://curl.haxx.se/libcurl/c/curl_easy_setopt.html
+ ************************************************************************/
+#include <curl/curl.h>
+
+int main(int argc, char *argv[])
+{
+  CURLcode ret;
+  CURL *hnd;
+  struct curl_slist *slist1;
+  struct curl_slist *slist2;
+  struct curl_slist *slist3;
+
+  slist1 = NULL;
+  slist1 = curl_slist_append(slist1, "NOOP 1");
+  slist1 = curl_slist_append(slist1, "*FAIL");
+  slist2 = NULL;
+  slist2 = curl_slist_append(slist2, "NOOP 3");
+  slist3 = NULL;
+  slist3 = curl_slist_append(slist3, "NOOP 2");
+  slist3 = curl_slist_append(slist3, "*FAIL HARD");
+
+  hnd = curl_easy_init();
+  curl_easy_setopt(hnd, CURLOPT_URL, "ftp://%HOSTIP:%FTPPORT/1405");
+  curl_easy_setopt(hnd, CURLOPT_HEADER, 1L);
+  curl_easy_setopt(hnd, CURLOPT_USERAGENT, "stripped");
+  curl_easy_setopt(hnd, CURLOPT_MAXREDIRS, 50L);
+  curl_easy_setopt(hnd, CURLOPT_QUOTE, slist1);
+  curl_easy_setopt(hnd, CURLOPT_POSTQUOTE, slist2);
+  curl_easy_setopt(hnd, CURLOPT_PREQUOTE, slist3);
+  curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L);
+  curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L);
+
+  /* Here is a list of options the curl code used that cannot get generated
+     as source easily. You may select to either not use them or implement
+     them yourself.
+
+  CURLOPT_WRITEDATA set to a objectpointer
+  CURLOPT_WRITEFUNCTION set to a functionpointer
+  CURLOPT_READDATA set to a objectpointer
+  CURLOPT_READFUNCTION set to a functionpointer
+  CURLOPT_SEEKDATA set to a objectpointer
+  CURLOPT_SEEKFUNCTION set to a functionpointer
+  CURLOPT_ERRORBUFFER set to a objectpointer
+  CURLOPT_STDERR set to a objectpointer
+  CURLOPT_DEBUGFUNCTION set to a functionpointer
+  CURLOPT_DEBUGDATA set to a objectpointer
+
+  */
+
+  ret = curl_easy_perform(hnd);
+
+  curl_easy_cleanup(hnd);
+  hnd = NULL;
+  curl_slist_free_all(slist1);
+  slist1 = NULL;
+  curl_slist_free_all(slist2);
+  slist2 = NULL;
+  curl_slist_free_all(slist3);
+  slist3 = NULL;
+
+  return (int)ret;
+}
+/**** End of sample code ****/
+</file>
+<stripfile>
+# curl's default user-agent varies with version, libraries etc.
+s/(USERAGENT, \")[^\"]+/${1}stripped/
+# CURLOPT_SSL_VERIFYPEER and SSH_KNOWNHOSTS vary with configurations - just
+# ignore them
+$_ = '' if /CURLOPT_SSL_VERIFYPEER/
+$_ = '' if /CURLOPT_SSH_KNOWNHOSTS/
+</stripfile>
+</verify>
+</testcase>

tests/data/test1406

@@ -0,0 +1,121 @@
+<testcase>
+# Based on test802
+# N.B. --libcurl output not sufficient to deal with uploaded files.
+<info>
+<keywords>
+SMTP
+--libcurl
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+smtp
+</server>
+ <name>
+SMTP
+ </name>
+<file name="log/test1406.eml">
+From: different
+To: another
+
+body
+</file>
+ <command>
+smtp://%HOSTIP:%SMTPPORT/user --mail-rcpt 1406@foo --mail-rcpt 1406@foobar.example --mail-from 1406@from -T log/test1406.eml --libcurl log/test1406.c
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<protocol>
+EHLO user
+MAIL FROM:<1406@from> SIZE=34
+RCPT TO:<1406@foo>
+RCPT TO:<1406@foobar.example>
+DATA
+QUIT
+</protocol>
+<upload>
+From: different
+To: another
+
+body
+
+.
+</upload>
+<file name="log/test1406.c" mode="text">
+/********* Sample code generated by the curl command line tool **********
+ * All curl_easy_setopt() options are documented at:
+ * http://curl.haxx.se/libcurl/c/curl_easy_setopt.html
+ ************************************************************************/
+#include <curl/curl.h>
+
+int main(int argc, char *argv[])
+{
+  CURLcode ret;
+  CURL *hnd;
+  struct curl_slist *slist1;
+
+  slist1 = NULL;
+  slist1 = curl_slist_append(slist1, "1406@foo");
+  slist1 = curl_slist_append(slist1, "1406@foobar.example");
+
+  hnd = curl_easy_init();
+  curl_easy_setopt(hnd, CURLOPT_INFILESIZE_LARGE, (curl_off_t)34);
+  curl_easy_setopt(hnd, CURLOPT_URL, "smtp://%HOSTIP:%SMTPPORT/user");
+  curl_easy_setopt(hnd, CURLOPT_HEADER, 1L);
+  curl_easy_setopt(hnd, CURLOPT_UPLOAD, 1L);
+  curl_easy_setopt(hnd, CURLOPT_USERAGENT, "stripped");
+  curl_easy_setopt(hnd, CURLOPT_MAXREDIRS, 50L);
+  curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L);
+  curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L);
+  curl_easy_setopt(hnd, CURLOPT_MAIL_FROM, "1406@from");
+  curl_easy_setopt(hnd, CURLOPT_MAIL_RCPT, slist1);
+
+  /* Here is a list of options the curl code used that cannot get generated
+     as source easily. You may select to either not use them or implement
+     them yourself.
+
+  CURLOPT_WRITEDATA set to a objectpointer
+  CURLOPT_WRITEFUNCTION set to a functionpointer
+  CURLOPT_READDATA set to a objectpointer
+  CURLOPT_READFUNCTION set to a functionpointer
+  CURLOPT_SEEKDATA set to a objectpointer
+  CURLOPT_SEEKFUNCTION set to a functionpointer
+  CURLOPT_ERRORBUFFER set to a objectpointer
+  CURLOPT_STDERR set to a objectpointer
+  CURLOPT_DEBUGFUNCTION set to a functionpointer
+  CURLOPT_DEBUGDATA set to a objectpointer
+
+  */
+
+  ret = curl_easy_perform(hnd);
+
+  curl_easy_cleanup(hnd);
+  hnd = NULL;
+  curl_slist_free_all(slist1);
+  slist1 = NULL;
+
+  return (int)ret;
+}
+/**** End of sample code ****/
+</file>
+<stripfile>
+# curl's default user-agent varies with version, libraries etc.
+s/(USERAGENT, \")[^\"]+/${1}stripped/
+# CURLOPT_SSL_VERIFYPEER and SSH_KNOWNHOSTS vary with configurations - just
+# ignore them
+$_ = '' if /CURLOPT_SSL_VERIFYPEER/
+$_ = '' if /CURLOPT_SSH_KNOWNHOSTS/
+</stripfile>
+</verify>
+</testcase>

tests/data/test1407

@@ -0,0 +1,99 @@
+<testcase>
+# Based on test808
+<info>
+<keywords>
+POP3
+LIST
+--libcurl
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+<servercmd>
+REPLY LIST +OK 1407 100
+</servercmd>
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+pop3
+</server>
+ <name>
+POP3 LIST one message
+ </name>
+ <command>
+pop3://%HOSTIP:%POP3PORT/1407 -l -u user:secret --libcurl log/test1407.c
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<protocol>
+USER user
+PASS secret
+LIST 1407
+QUIT
+</protocol>
+<file name="log/test1407.c" mode="text">
+/********* Sample code generated by the curl command line tool **********
+ * All curl_easy_setopt() options are documented at:
+ * http://curl.haxx.se/libcurl/c/curl_easy_setopt.html
+ ************************************************************************/
+#include <curl/curl.h>
+
+int main(int argc, char *argv[])
+{
+  CURLcode ret;
+  CURL *hnd;
+
+  hnd = curl_easy_init();
+  curl_easy_setopt(hnd, CURLOPT_URL, "pop3://%HOSTIP:%POP3PORT/1407");
+  curl_easy_setopt(hnd, CURLOPT_HEADER, 1L);
+  curl_easy_setopt(hnd, CURLOPT_DIRLISTONLY, 1L);
+  curl_easy_setopt(hnd, CURLOPT_USERPWD, "user:secret");
+  curl_easy_setopt(hnd, CURLOPT_USERAGENT, "stripped");
+  curl_easy_setopt(hnd, CURLOPT_MAXREDIRS, 50L);
+  curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L);
+  curl_easy_setopt(hnd, CURLOPT_TCP_KEEPALIVE, 1L);
+
+  /* Here is a list of options the curl code used that cannot get generated
+     as source easily. You may select to either not use them or implement
+     them yourself.
+
+  CURLOPT_WRITEDATA set to a objectpointer
+  CURLOPT_WRITEFUNCTION set to a functionpointer
+  CURLOPT_READDATA set to a objectpointer
+  CURLOPT_READFUNCTION set to a functionpointer
+  CURLOPT_SEEKDATA set to a objectpointer
+  CURLOPT_SEEKFUNCTION set to a functionpointer
+  CURLOPT_ERRORBUFFER set to a objectpointer
+  CURLOPT_STDERR set to a objectpointer
+  CURLOPT_DEBUGFUNCTION set to a functionpointer
+  CURLOPT_DEBUGDATA set to a objectpointer
+
+  */
+
+  ret = curl_easy_perform(hnd);
+
+  curl_easy_cleanup(hnd);
+  hnd = NULL;
+
+  return (int)ret;
+}
+/**** End of sample code ****/
+</file>
+<stripfile>
+# curl's default user-agent varies with version, libraries etc.
+s/(USERAGENT, \")[^\"]+/${1}stripped/
+# CURLOPT_SSL_VERIFYPEER and SSH_KNOWNHOSTS vary with configurations - just
+# ignore them
+$_ = '' if /CURLOPT_SSL_VERIFYPEER/
+$_ = '' if /CURLOPT_SSH_KNOWNHOSTS/
+</stripfile>
+</verify>
+</testcase>

tests/data/test598

@@ -0,0 +1,78 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP GET
+CURLOPT_REFERER
+curl_easy_reset
+</keywords>
+</info>
+#
+# Server-side
+<reply>
+<data mode="text">
+HTTP/1.1 200 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Content-Length: 6
+Connection: close
+Content-Type: text/html
+
+-foo-
+</data>
+
+# since the request runs twice
+<datacheck>
+HTTP/1.1 200 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Content-Length: 6
+Connection: close
+Content-Type: text/html
+
+-foo-
+HTTP/1.1 200 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Content-Length: 6
+Connection: close
+Content-Type: text/html
+
+-foo-
+</datacheck>
+
+</reply>
+
+# Client-side
+<client>
+<server>
+http
+</server>
+# tool is what to use instead of 'curl'
+<tool>
+lib598
+</tool>
+
+ <name>
+curl_easy_reset with referer and other strings set
+ </name>
+ <command>
+http://%HOSTIP:%HTTPPORT/598
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<protocol>
+GET /598 HTTP/1.1
+User-Agent: the-moo agent next generation
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+Referer: http://example.com/the-moo
+Cookie: name=moo
+
+GET /598 HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+
+</protocol>
+</verify>
+</testcase>

tests/ftpserver.pl

@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -857,8 +857,9 @@ sub RETR_pop3 {
          sendcontrol $d;
      }
 
-     # end with the magic 5-byte end of mail marker
+     # end with the magic 3-byte end of mail marker, assumes that the
-     sendcontrol "\r\n.\r\n";
+     # mail body ends with a CRLF!
+     sendcontrol ".\r\n";
 
      return 0;
 }
@@ -880,8 +881,8 @@ my @pop3list=(
          sendcontrol $d;
      }
 
-     # end with the magic 5-byte end of listing marker
+     # end with the magic 3-byte end of listing marker
-     sendcontrol "\r\n.\r\n";
+     sendcontrol ".\r\n";
 
      return 0;
 }

tests/getpart.pm

@@ -124,6 +124,11 @@ sub getpart {
     return @this; #empty!
 }
 
+# Return entire document as list of lines
+sub getall {
+    return @xml;
+}
+
 sub loadtest {
     my ($file)=@_;
 

tests/libtest/Makefile.inc

@@ -19,7 +19,7 @@ noinst_PROGRAMS = chkhostname \
   lib543 lib544 lib545 lib547 lib548 lib549 lib552 lib553 lib554 lib555	\
   lib556 lib539 lib557 lib560 lib562 lib564 lib565 lib566 lib567 lib568	\
   lib569 lib570 lib571 lib572 lib573 lib582 lib583 lib585 lib586 lib587 \
-  lib590 lib591 lib597
+  lib590 lib591 lib597 lib598
 
 chkhostname_SOURCES = chkhostname.c $(top_srcdir)/lib/curl_gethostname.c
 chkhostname_LDADD = @CURL_NETWORK_LIBS@
@@ -119,7 +119,7 @@ lib549_SOURCES = lib549.c $(SUPPORTFILES)
 
 lib555_SOURCES = lib555.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 
-lib552_SOURCES = lib552.c $(SUPPORTFILES)
+lib552_SOURCES = lib552.c $(SUPPORTFILES) $(WARNLESS)
 
 lib553_SOURCES = lib553.c $(SUPPORTFILES)
 
@@ -154,7 +154,7 @@ lib569_SOURCES = lib569.c $(SUPPORTFILES)
 
 lib570_SOURCES = lib570.c $(SUPPORTFILES)
 
-lib571_SOURCES = lib571.c $(SUPPORTFILES)
+lib571_SOURCES = lib571.c $(SUPPORTFILES) $(WARNLESS)
 
 lib572_SOURCES = lib572.c $(SUPPORTFILES)
 
@@ -181,3 +181,5 @@ lib590_SOURCES = lib590.c $(SUPPORTFILES)
 lib591_SOURCES = lib591.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 
 lib597_SOURCES = lib597.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
+
+lib598_SOURCES = lib598.c $(SUPPORTFILES)

tests/libtest/lib552.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -25,6 +25,7 @@
 
 #include "test.h"
 
+#include "warnless.h"
 #include "memdebug.h"
 
 struct data {
@@ -136,7 +137,8 @@ static size_t read_callback(void *ptr, size_t size, size_t nmemb, void *stream)
 
 static size_t write_callback(void *ptr, size_t size, size_t nmemb, void *stream)
 {
-  printf("%.*s", (int)(size * nmemb), (char *)ptr);
+  int amount = curlx_uztosi(size * nmemb);
+  printf("%.*s", amount, (char *)ptr);
   (void)stream;
   return size * nmemb;
 }

tests/libtest/lib571.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -39,6 +39,7 @@
 
 #include <curl/mprintf.h>
 
+#include "warnless.h"
 #include "memdebug.h"
 
 #define RTP_PKT_CHANNEL(p)   ((int)((unsigned char)((p)[1])))
@@ -54,12 +55,14 @@ static int rtp_packet_count = 0;
 static size_t rtp_write(void *ptr, size_t size, size_t nmemb, void *stream) {
   char *data = (char *)ptr;
   int channel = RTP_PKT_CHANNEL(data);
-  int message_size = (int)(size * nmemb) - 4;
+  int message_size;
   int coded_size = RTP_PKT_LENGTH(data);
   size_t failure = (size * nmemb) ? 0 : 1;
   int i;
   (void)stream;
 
+  message_size = curlx_uztosi(size * nmemb) - 4;
+
   printf("RTP: message size %d, channel %d\n", message_size, channel);
   if(message_size != coded_size) {
     printf("RTP embedded size (%d) does not match the write size (%d).\n",

tests/libtest/lib598.c

@@ -0,0 +1,72 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include "test.h"
+
+#include "memdebug.h"
+
+int test(char *URL)
+{
+  CURLcode res;
+  CURL *curl;
+
+  if (curl_global_init(CURL_GLOBAL_ALL) != CURLE_OK) {
+    fprintf(stderr, "curl_global_init() failed\n");
+    return TEST_ERR_MAJOR_BAD;
+  }
+
+  if ((curl = curl_easy_init()) == NULL) {
+    fprintf(stderr, "curl_easy_init() failed\n");
+    curl_global_cleanup();
+    return TEST_ERR_MAJOR_BAD;
+  }
+
+  test_setopt(curl, CURLOPT_URL, URL);
+  test_setopt(curl, CURLOPT_HEADER, 1L);
+  test_setopt(curl, CURLOPT_REFERER, "http://example.com/the-moo");
+  test_setopt(curl, CURLOPT_USERAGENT, "the-moo agent next generation");
+  test_setopt(curl, CURLOPT_COOKIE, "name=moo");
+  test_setopt(curl, CURLOPT_VERBOSE, 1L);
+
+  res = curl_easy_perform(curl);
+  if(res) {
+    fprintf(stderr, "retrieve 1 failed\n");
+    goto test_cleanup;
+  }
+
+  curl_easy_reset(curl);
+
+  test_setopt(curl, CURLOPT_URL, URL);
+  test_setopt(curl, CURLOPT_HEADER, 1L);
+  test_setopt(curl, CURLOPT_VERBOSE, 1L);
+
+  res = curl_easy_perform(curl);
+  if(res)
+    fprintf(stderr, "retrieve 2 failed\n");
+
+test_cleanup:
+
+  curl_easy_cleanup(curl);
+  curl_global_cleanup();
+
+  return (int)res;
+}
+

tests/libtest/testtrace.c

@@ -91,11 +91,13 @@ int libtest_debug_cb(CURL *handle, curl_infotype type,
   struct timeval tv;
   struct tm *now;
   char timebuf[20];
+  char *timestr;
   time_t secs;
 
   (void)handle;
 
   timebuf[0] = '\0';
+  timestr = &timebuf[0];
 
   if(trace_cfg->tracetime) {
     tv = tutil_tvnow();
@@ -111,7 +113,7 @@ int libtest_debug_cb(CURL *handle, curl_infotype type,
 
   switch (type) {
   case CURLINFO_TEXT:
-    fprintf(stderr, "%s== Info: %s", &timebuf[0], data);
+    fprintf(stderr, "%s== Info: %s", timestr, (char *)data);
   default: /* in case a new one is introduced to shock us */
     return 0;
 

tests/server/sws.c

@@ -1944,6 +1944,10 @@ int main(int argc, char *argv[])
 
       if(DOCNUMBER_CONNECT == req.testno) {
         /* a CONNECT request, setup and talk the tunnel */
+        if(!is_proxy) {
+          logmsg("received CONNECT but isn't running as proxy! EXIT");
+        }
+        else
           http_connect(&msgsock, sock, &req, hostport);
         break;
       }

tests/stunnel.pem

@@ -137,6 +137,7 @@ Ft896NmH4QFsDAetZcCFf24AM4DbUQo5jtG+dkanI/7IxxNYJ1PQ64/yscdQFvHW
 xhIX3Q6FqABjcN5nc80Rog+b6eS8QRX1BRnQqbGtocuptUgW5mWsSb+DR6pZbA==
 -----END CERTIFICATE-----
 -----BEGIN DH PARAMETERS-----
-MEYCQQD+KCcagSasA1QSo8tRXpbaLJJ1Ezt3FJFEZ3RVplp4qZwXQpSZ+Vly3xWx
+MIGHAoGBAMq/KFGh2oy16WzkFs1U71Uz7dIEKvSYfc+zo439pYyVzcD8MkcC15Zb
-q3YvALe/enMbIq8F3OUmppq3UHwTAgEC
+ayK3jPBYf07eKzc2TvI3/ZSducmECNP8gk2gAndP1P1rmpheN+owZJS7kQVfQmHl
+UmT87U99NPaMHXMNOsFj/3mbAaANndKEnd8PM2r5fg16C4+2e5KzAgEC
 -----END DH PARAMETERS-----

winbuild/Makefile.vc

@@ -50,9 +50,9 @@ USE_SSPI=true
 !ENDIF
 
 !IFNDEF ENABLE_IPV6
-USE_IPV6   =true
+USE_IPV6   = true
 !ELSEIF "$(ENABLE_IPV6)"=="yes"
-USE_IPV6   =true
+USE_IPV6   = true
 !ENDIF
 
 !IFNDEF ENABLE_IDN

winbuild/MakefileBuild.vc

@@ -149,10 +149,10 @@ USE_SSPI=true
 !ENDIF
 
 !IFNDEF USE_IPV6
-USE_IPV6=yes
+USE_IPV6=true
 !ENDIF
 
-!IFNDEF USE_IDN
+!IFNDEF ENABLE_IDN
 USE_IDN   =true
 !ELSEIF "$(USE_IDN)"=="yes"
 USE_IDN   =true