RELEASE-NOTES: synced with ef60fdbd73

Just before 7.26.0 is about to ship
smtp: Fixed an issue with the multi-interface always sending postdata
2012-05-24 18:04:41 +02:00 · 2012-05-22 22:08:25 +01:00 · 2012-05-22 20:20:59 +01:00 · 2012-05-22 16:40:09 +02:00 · 2012-05-22 11:56:19 +02:00 · 2012-05-22 11:12:25 +02:00
225 changed files with 3033 additions and 2567 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -57,10 +57,6 @@ set(OS "\"${CMAKE_SYSTEM_NAME}\"")
 include_directories(${PROJECT_BINARY_DIR}/include/curl)
 include_directories( ${CURL_SOURCE_DIR}/include )

-if(WIN32)
-  set(NATIVE_WINDOWS ON)
-endif()
-
 option(BUILD_CURL_EXE "Set to ON to build cURL executable." ON)
 option(BUILD_CURL_TESTS "Set to ON to build cURL tests." ON)
 option(CURL_STATICLIB "Set to ON to build libcurl with static linking." OFF)
@@ -113,22 +109,11 @@ mark_as_advanced(CURL_DISABLE_HTTP)

 option(CURL_DISABLE_LDAPS "to disable LDAPS" OFF)
 mark_as_advanced(CURL_DISABLE_LDAPS)
-if(WIN32)
-  set(CURL_DEFAULT_DISABLE_LDAP OFF)
-  # some windows compilers do not have wldap32
-  if( NOT HAVE_WLDAP32)
-    set(CURL_DISABLE_LDAP ON CACHE BOOL "" FORCE)
-    message(STATUS "wldap32 not found CURL_DISABLE_LDAP set ON")
-    option(CURL_LDAP_WIN "Use Windows LDAP implementation" OFF)
-  else()
-    option(CURL_LDAP_WIN "Use Windows LDAP implementation" ON)
-  endif()
-  mark_as_advanced(CURL_LDAP_WIN)
-endif()

 if(HTTP_ONLY)
  set(CURL_DISABLE_FTP ON)
  set(CURL_DISABLE_LDAP ON)
+  set(CURL_DISABLE_LDAPS ON)
  set(CURL_DISABLE_TELNET ON)
  set(CURL_DISABLE_DICT ON)
  set(CURL_DISABLE_FILE ON)
@@ -221,6 +206,20 @@ check_library_exists_concat("ws2_32" getch        HAVE_LIBWS2_32)
 check_library_exists_concat("winmm"  getch        HAVE_LIBWINMM)
 check_library_exists("wldap32" cldap_open "" HAVE_WLDAP32)

+if(WIN32)
+  set(CURL_DEFAULT_DISABLE_LDAP OFF)
+  # some windows compilers do not have wldap32
+  if(NOT HAVE_WLDAP32)
+    set(CURL_DISABLE_LDAP ON CACHE BOOL "" FORCE)
+    message(STATUS "wldap32 not found CURL_DISABLE_LDAP set ON")
+    option(CURL_LDAP_WIN "Use Windows LDAP implementation" OFF)
+  else()
+    option(CURL_LDAP_WIN "Use Windows LDAP implementation" ON)
+  endif()
+  mark_as_advanced(CURL_LDAP_WIN)
+endif()
+
+
 # IF(NOT CURL_SPECIAL_LIBZ)
 #  CHECK_LIBRARY_EXISTS_CONCAT("z"      inflateEnd   HAVE_LIBZ)
 # ENDIF(NOT CURL_SPECIAL_LIBZ)
@@ -387,6 +386,13 @@ if(NOT HAVE_LDAP_H)
  set(CURL_DISABLE_LDAP ON CACHE BOOL "" FORCE)
 endif()

+# No ldap, no ldaps.
+if(CURL_DISABLE_LDAP)
+  if(NOT CURL_DISABLE_LDAPS)
+    message(STATUS "LDAP needs to be enabled to support LDAPS")
+    set(CURL_DISABLE_LDAPS ON CACHE BOOL "" FORCE)
+  endif()
+endif()

 check_type_size(size_t  SIZEOF_SIZE_T)
 check_type_size(ssize_t  SIZEOF_SSIZE_T)
@@ -426,7 +432,7 @@ if(SIZEOF_LONG EQUAL 8)
  set(CURL_FORMAT_CURL_OFF_TU "lu")
  set(CURL_FORMAT_OFF_T "%ld")
  set(CURL_SUFFIX_CURL_OFF_T L)
-  set(CURL_SUFFIX_CURL_OFF_TU LU)
+  set(CURL_SUFFIX_CURL_OFF_TU UL)
 endif(SIZEOF_LONG EQUAL 8)

 if(SIZEOF_LONG_LONG EQUAL 8)
@@ -436,7 +442,7 @@ if(SIZEOF_LONG_LONG EQUAL 8)
  set(CURL_FORMAT_CURL_OFF_TU "llu")
  set(CURL_FORMAT_OFF_T "%lld")
  set(CURL_SUFFIX_CURL_OFF_T LL)
-  set(CURL_SUFFIX_CURL_OFF_TU LLU)
+  set(CURL_SUFFIX_CURL_OFF_TU ULL)
 endif(SIZEOF_LONG_LONG EQUAL 8)

 if(NOT CURL_TYPEOF_CURL_OFF_T)
--- a/2
+++ b/2
@@ -1,6 +1,6 @@
 COPYRIGHT AND PERMISSION NOTICE

-Copyright (c) 1996 - 2011, Daniel Stenberg, <daniel@haxx.se>.
+Copyright (c) 1996 - 2012, Daniel Stenberg, <daniel@haxx.se>.

 All rights reserved.

--- a/119
+++ b/119
@@ -1,4 +1,4 @@
-Curl and libcurl 7.25.0
+Curl and libcurl 7.26.0

 Public curl releases:         127
 Command line options:         151
@@ -9,41 +9,46 @@ Curl and libcurl 7.25.0

 This release includes the following changes:

- o configure: add option disable --libcurl output [1]
- o --ssl-allow-beast and CURLOPT_SSL_OPTIONS added [2]
- o Added CURLOPT_TCP_KEEPALIVE, CURLOPT_TCP_KEEPIDLE, CURLOPT_TCP_KEEPINTVL [4]
- o curl: use new library-side TCP_KEEPALIVE options [5]
- o Added a new CURLOPT_MAIL_AUTH option [13]
- o Added support for --mail-auth [14]
- o --libcurl now also works with -F and more! [15]
+ o nss: the minimal supported version of NSS bumped to 3.12.x
+ o nss: human-readable names are now provided for NSS errors if available
+ o add a manual page for mk-ca-bundle
+ o added --post303 and the CURL_REDIR_POST_303 option for CURLOPT_POSTREDIR
+ o smtp: Add support for DIGEST-MD5 authentication
+ o pop3: Added support for additional pop3 commands

 This release includes the following bugfixes:

- o --max-redirs: allow negative numbers as option value [3]
- o parse_proxy: bail out on zero-length proxy names [6]
- o configure: don't modify LD_LIBRARY_PATH for cross compiles [7]
- o curl_easy_reset: reset the referer string [8]
- o curl tool: don't abort glob-loop due to failures [9]
- o CONNECT: send correct Host: with IPv6 numerical address [10]
- o Explicitly link to the nettle/gcrypt libraries [11]
- o more resilient connection times among IP addresses [12]
- o winbuild: fix IPV6 and IDN options
- o SMTP: Fixed error when using CURLOPT_CONNECT_ONLY
- o cyassl: update to CyaSSL 2.0.x API
- o smtp: Fixed an issue with the EOB checking
- o pop3: Fixed drop of final CRLF in EOB checking [16]
- o smtp: Fixed an issue with writing postdata
- o smtp: Added support for returning SMTP response codes
- o CONNECT: fix ipv6 address in the Request-Line [17]
- o curl-config: only provide libraries with --libs
- o LWIP: don't consider HAVE_ERRNO_H to be winsock [19]
- o ssh: tunnel through HTTP proxy if requested
- o cookies: strip off [brackets] from numerical ipv6 host names [20]
- o libcurl docs: version corrections [18]
- o cmake: list_spaces_append_once failure [22]
- o resolve with c-ares: don't resolve IPv6 when not working [21]
- o smtp: changed error code for EHLO and HELO responses
- o parsedate: fix a numeric overflow
+ o nss: libcurl now uses NSS_InitContext() to prevent collisions if available
+   [1]
+ o URL parse: reject numerical IPv6 addresses outside brackets [4]
+ o MD5: fix OOM memory leak [5]
+ o OpenSSL cert: provide more details when cert check fails
+ o HTTP: empty chunked POST ended up in two zero size chunks [6]
+ o fixed a regression when curl resolved to multiple addresses and the first
+   isn't supported [7]
+ o -# progress meter: avoid superfluous updates and duplicate lines [8]
+ o headers: surround GCC attribute names with double underscores [9]
+ o PolarSSL: correct return code for CRL matches
+ o PolarSSL: include version number in version string
+ o PolarSSL: add support for asynchronous connect
+ o mk-ca-bundle: revert the LWP usage [12]
+ o IPv6 cookie domain: get rid of the first bracket before the second
+ o connect.c: return changed to CURLE_COULDNT_CONNECT when opensocket fails
+ o OpenSSL: Made cert hostname check conform to RFC 6125 [10]
+ o HTTP: reset expected DL/UL sizes on redirects [11]
+ o CMake: fix Windows LDAP/LDAPS option handling [2]
+ o CMake: fix MS Visual Studio x64 unsigned long long literal suffix [3]
+ o configure: update detection logic of getaddrinfo() thread-safeness
+ o configure: check for gethostbyname in the watt lib
+ o curl-config.1: fix curl-config usage in example [13]
+ o smtp: Fixed non-escaping of dot character at beginning of line
+ o MakefileBuild.vc: use the correct IDN variable
+ o autoconf: improve handling of versioned symbols
+ o curl.1: clarify -x usage
+ o curl: shorten user-agent
+ o smtp: issue with the multi-interface always sending postdata [14]
+ o compile error with GnuTLS+Nettle fixed
+ o winbuild: fix IPv6 enabled build

 This release includes the following known bugs:

@@ -52,35 +57,29 @@ This release includes the following known bugs:
 This release would not have looked like this without help, code, reports and
 advice from friends like these:

- Colin Hogben, Alessandro Ghedini, Kamil Dudka, Rob Ward, Dave Reisner,
- Martin Storsjo, Pierre Ynard, Pierre Joye, Yang Tse, Dan Fandrich,
- Michael Day, Juan Barreto, Chandrakant Bagul, Steve Holme, Todd Ouska,
- Rich Gray, John Joseph Bachir, Armel Asselin, Andrei Cipu,
- Maxim Prohorov
+ Andrei Cipu, Armel Asselin, Benjamin Johnson, Dag Ekengren, Dave Reisner,
+ Gokhan Sengun, Guenter Knauf, Jan Schaumann, Jonathan Nieder, Kamil Dudka,
+ Lijo Antony, Olaf Flebbe, Rodrigo Silva, Steve Holme, Tatsuhiro Tsujikawa,
+ Tim Heckman, Yang Tse, Arnaud Compan, Blaise Potard, Daniel Theron,
+ Michael Mueller, Michael Wallner, Tim Heckman, Roman Mamedov, Julian Taylor,
+ Claes Jakobsson, Pierre Chapuis, Jan Ehrhardt

        Thanks! (and sorry if I forgot to mention someone)

 References to bug reports and discussions on issues:

- [1] = http://curl.haxx.se/mail/lib-2012-02/0009.html
- [2] = http://curl.haxx.se/mail/lib-2012-02/0001.html
- [3] = http://curl.haxx.se/mail/lib-2012-02/0098.html
- [4] = http://curl.haxx.se/mail/lib-2012-01/0264.html
- [5] = http://curl.haxx.se/mail/lib-2012-01/0263.html
- [6] = http://curl.haxx.se/mail/lib-2012-02/0000.html
- [7] = http://curl.haxx.se/mail/lib-2012-02/0052.html
- [8] = http://curl.haxx.se/bug/view.cgi?id=3481551
- [9] = http://curl.haxx.se/bug/view.cgi?id=3481223
- [10] = http://curl.haxx.se/bug/view.cgi?id=3482093
- [11] = http://curl.haxx.se/mail/lib-2012-01/0303.html
- [12] = http://curl.haxx.se/mail/lib-2012-01/0190.html
- [13] = http://curl.haxx.se/libcurl/c/curl_easy_setopt.html#CURLOPTMAILAUTH
- [14] = http://curl.haxx.se/docs/manpage.html#--mail-auth
- [15] = http://curl.haxx.se/docs/manpage.html#--libcurl
- [16] = http://curl.haxx.se/mail/lib-2012-02/0051.html
- [17] = http://curl.haxx.se/bug/view.cgi?id=3493129
- [18] = http://curl.haxx.se/bug/view.cgi?id=3494091
- [19] = http://curl.haxx.se/mail/lib-2012-03/0046.html
- [20] = http://curl.haxx.se/mail/lib-2012-03/0036.html
- [21] = http://curl.haxx.se/mail/lib-2012-03/0045.html
- [22] = http://curl.haxx.se/bug/view.cgi?id=3494968
+ [1] = https://bugzilla.redhat.com/738456
+ [2] = http://curl.haxx.se/mail/lib-2012-03/0278.html
+ [3] = http://curl.haxx.se/mail/lib-2012-03/0255.html
+ [4] = http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670126
+ [5] = http://curl.haxx.se/mail/lib-2012-04/0246.html
+ [6] = http://curl.haxx.se/mail/archive-2012-04/0060.html
+ [7] = http://curl.haxx.se/bug/view.cgi?id=3516508
+ [8] = http://curl.haxx.se/bug/view.cgi?id=3517418
+ [9] = http://curl.haxx.se/mail/lib-2012-04/0127.html
+ [10] = http://tools.ietf.org/html/rfc6125#section-6.4.3
+ [11] = http://curl.haxx.se/bug/view.cgi?id=3510057
+ [12] = http://curl.haxx.se/mail/lib-2012-03/0238.html
+ [13] = http://curl.haxx.se/bug/view.cgi?id=3528241
+ [14] = http://curl.haxx.se/mail/lib-2012-05/0108.html
+ 
--- a/17
+++ b/17
@@ -1,15 +1,10 @@
-To be addressed in 7.24.1
-=========================
+To be addressed in 7.27
+=======================

-295 - "RTSP Authentication (#22)" https://github.com/bagder/curl/pull/22
+309 - metalink support for the curl tool

-296 - "OOM leak in multi code" (by Dan Fandrich)
+310 - a new authentication callback

-300 - "Polling on stray socket on sequential transfers." Andrew S
-      http://curl.haxx.se/mail/lib-2011-07/0053.html
+311 - support for SSPI schannel for SSL on windows

-308 - Revisit option --enable-threaded-resolver at least allow selection among
-      pthreads and Windows threads when building a Windows target.
-      http://curl.haxx.se/mail/lib-2012-01/0291.html
-
-309 - 
+312 - 
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -228,12 +228,7 @@ AC_DEFUN([CURL_CHECK_NATIVE_WINDOWS], [
      ])
    fi
  ])
-  case "$ac_cv_native_windows" in
-    yes)
-      AC_DEFINE_UNQUOTED(NATIVE_WINDOWS, 1,
-        [Define to 1 if you are building a native Windows target.])
-      ;;
-  esac
+  AM_CONDITIONAL(DOING_NATIVE_WINDOWS, test "x$ac_cv_native_windows" = xyes)
 ])


--- a/5
+++ b/5
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -384,9 +384,6 @@ $PERL -i.bak -pe 's/\bmv +([^-\s])/mv -f $1/g' aclocal.m4
 echo "buildconf: running autoheader"
 ${AUTOHEADER:-autoheader} || die "autoheader command failed"

-echo "buildconf: cp lib/curl_config.h.in src/curl_config.h.in"
-cp lib/curl_config.h.in src/curl_config.h.in
-
 echo "buildconf: running autoconf"
 ${AUTOCONF:-autoconf} || die "autoconf command failed"

--- a/buildconf.bat
+++ b/buildconf.bat
@@ -27,11 +27,6 @@ if not exist include\curl\curlbuild.h.dist goto end_curlbuild_h
 copy /Y include\curl\curlbuild.h.dist include\curl\curlbuild.h
 :end_curlbuild_h

-REM create src\config-win32.h
-if not exist lib\config-win32.h goto end_config_win32_h
-copy /Y lib\config-win32.h src\config-win32.h
-:end_config_win32_h
-
 REM setup c-ares git tree
 if not exist ares\buildconf.bat goto end_c_ares
 cd ares
--- a/configure.ac
+++ b/configure.ac
@@ -35,7 +35,7 @@ This configure script may be copied, distributed and modified under the
 terms of the curl license; see COPYING for more details])

 AC_CONFIG_SRCDIR([lib/urldata.h])
-AM_CONFIG_HEADER(lib/curl_config.h src/curl_config.h include/curl/curlbuild.h)
+AM_CONFIG_HEADER(lib/curl_config.h include/curl/curlbuild.h)
 AC_CONFIG_MACRO_DIR([m4])
 AM_MAINTAINER_MODE

@@ -44,6 +44,7 @@ CURL_CHECK_OPTION_OPTIMIZE
 CURL_CHECK_OPTION_WARNINGS
 CURL_CHECK_OPTION_WERROR
 CURL_CHECK_OPTION_CURLDEBUG
+CURL_CHECK_OPTION_SYMBOL_HIDING
 CURL_CHECK_OPTION_ARES

 CURL_CHECK_PATH_SEPARATOR_REQUIRED
@@ -236,21 +237,18 @@ esac
 AC_MSG_RESULT($mimpure)
 AM_CONDITIONAL(MIMPURE, test x$mimpure = xyes)

-dnl 'STATICLIB' is, in spite of its name, not generic but only for static-only
-dnl builds on Windows
-AM_CONDITIONAL(STATICLIB, false)
-
 AC_MSG_CHECKING([if we need BUILDING_LIBCURL])
+use_cppflag_building_libcurl="no"
+use_cppflag_curl_staticlib="no"
 case $host in
  *-*-mingw*)
-    AC_DEFINE(BUILDING_LIBCURL, 1, [when building libcurl itself])
    AC_MSG_RESULT(yes)
+    use_cppflag_building_libcurl="yes"
    AC_MSG_CHECKING([if we need CURL_STATICLIB])
    if test "X$enable_shared" = "Xno"
    then
-      AC_DEFINE(CURL_STATICLIB, 1, [when not building a shared library])
      AC_MSG_RESULT(yes)
-      AM_CONDITIONAL(STATICLIB, true)
+      use_cppflag_curl_staticlib="yes"
    else
      AC_MSG_RESULT(no)
    fi
@@ -259,6 +257,8 @@ case $host in
    AC_MSG_RESULT(no)
    ;;
 esac
+AM_CONDITIONAL(USE_CPPFLAG_BUILDING_LIBCURL, test x$use_cppflag_building_libcurl = xyes)
+AM_CONDITIONAL(USE_CPPFLAG_CURL_STATICLIB, test x$use_cppflag_curl_staticlib = xyes)

 # Determine whether all dependent libraries must be specified when linking
 if test "X$enable_shared" = "Xyes" -a "X$link_all_deplibs" = "Xno"
@@ -300,6 +300,7 @@ fi

 CURL_CHECK_COMPILER_HALT_ON_ERROR
 CURL_CHECK_COMPILER_ARRAY_SIZE_NEGATIVE
+CURL_CHECK_COMPILER_SYMBOL_HIDING

 CURL_CHECK_NO_UNDEFINED
 AM_CONDITIONAL(NO_UNDEFINED, test x$need_no_undefined = xyes)
@@ -696,6 +697,17 @@ then
               ])
 fi

+if test "$HAVE_GETHOSTBYNAME" != "1"
+then
+  dnl gethostbyname in the watt lib?
+  AC_CHECK_LIB(watt, gethostbyname,
+               [HAVE_GETHOSTBYNAME="1"
+               CPPFLAGS="-I/dev/env/WATT_ROOT/inc"
+               LDFLAGS="-L/dev/env/WATT_ROOT/lib"
+               LIBS="$LIBS -lwatt"
+               ])
+fi
+
 dnl At least one system has been identified to require BOTH nsl and socket
 dnl libs at the same time to link properly.
 if test "$HAVE_GETHOSTBYNAME" != "1"
@@ -2079,13 +2091,6 @@ if test "$OPENSSL_ENABLED" != "1" -a "$GNUTLS_ENABLED" != "1"; then
        nssprefix=$OPT_NSS
    fi

-    dnl Check for functionPK11_CreateGenericObject
-    dnl this is needed for using the PEM PKCS#11 module
-    AC_CHECK_LIB(nss3, PK11_CreateGenericObject,
-     [
-     AC_DEFINE(HAVE_PK11_CREATEGENERICOBJECT, 1, [if you have the function PK11_CreateGenericObject])
-     AC_SUBST(HAVE_PK11_CREATEGENERICOBJECT, [1])
-     ])
    if test -n "$addlib"; then

      CLEANLIBS="$LIBS"
@@ -2096,7 +2101,8 @@ if test "$OPENSSL_ENABLED" != "1" -a "$GNUTLS_ENABLED" != "1"; then
         CPPFLAGS="$CPPFLAGS $addcflags"
      fi

-      AC_CHECK_LIB(nss3, NSS_Initialize,
+      dnl The function PK11_CreateGenericObject is needed to load libnsspem.so
+      AC_CHECK_LIB(nss3, PK11_CreateGenericObject,
       [
       AC_DEFINE(USE_NSS, 1, [if NSS is enabled])
       AC_SUBST(USE_NSS, [1])
@@ -2112,6 +2118,14 @@ if test "$OPENSSL_ENABLED" != "1" -a "$GNUTLS_ENABLED" != "1"; then
      if test "x$USE_NSS" = "xyes"; then
        AC_MSG_NOTICE([detected NSS version $version])

+        dnl NSS_InitContext() was introduced in NSS 3.12.5 and helps to prevent
+        dnl collisions on NSS initialization/shutdown with other libraries
+        AC_CHECK_FUNC(NSS_InitContext,
+        [
+          AC_DEFINE(HAVE_NSS_INITCONTEXT, 1, [if you have the NSS_InitContext function])
+          AC_SUBST(HAVE_NSS_INITCONTEXT, [1])
+        ])
+
        dnl when shared libs were found in a path that the run-time
        dnl linker doesn't search through, we need to add it to
        dnl LD_LIBRARY_PATH to prevent further configure tests to fail
@@ -2373,25 +2387,20 @@ dnl **********************************************************************
 dnl Check for linker switch for versioned symbols
 dnl **********************************************************************

-AC_MSG_CHECKING([if libraries can be versioned])
-GLD=`$LD --help < /dev/null 2>/dev/null | grep version-script`
-if test -z "$GLD"; then
-    versioned_symbols_flavour=
-    AC_MSG_RESULT(no)
-    AC_MSG_WARN(***
-*** You need an ld version supporting the --version-script option.
-)
-else
-    AC_MSG_RESULT(yes)
-
-AC_MSG_CHECKING([whether versioned symbols are wanted])
 versioned_symbols_flavour=
-
+AC_MSG_CHECKING([whether versioned symbols are wanted])
 AC_ARG_ENABLE(versioned-symbols,
 AC_HELP_STRING([--enable-versioned-symbols], [Enable versioned symbols in shared library])
 AC_HELP_STRING([--disable-versioned-symbols], [Disable versioned symbols in shared library]),
 [ case "$enableval" in
  yes) AC_MSG_RESULT(yes)
+    AC_MSG_CHECKING([if libraries can be versioned])
+    GLD=`$LD --help < /dev/null 2>/dev/null | grep version-script`
+    if test -z "$GLD"; then
+        AC_MSG_RESULT(no)
+        AC_MSG_WARN([You need an ld version supporting the --version-script option])
+    else
+        AC_MSG_RESULT(yes)
        if test "x$OPENSSL_ENABLED" = "x1"; then
          versioned_symbols_flavour="OPENSSL_"
        elif test "x$GNUTLS_ENABLED" == "x1"; then
@@ -2408,6 +2417,7 @@ AC_HELP_STRING([--disable-versioned-symbols], [Disable versioned symbols in shar
          versioned_symbols_flavour=""
        fi
        versioned_symbols="yes"
+    fi
    ;;

  *)   AC_MSG_RESULT(no)
@@ -2417,7 +2427,6 @@ AC_HELP_STRING([--disable-versioned-symbols], [Disable versioned symbols in shar
 AC_MSG_RESULT(no)
 ]
 )
-fi

 AC_SUBST(VERSIONED_FLAVOUR, ["$versioned_symbols_flavour"])
 AM_CONDITIONAL(VERSIONED_SYMBOLS, test "x$versioned_symbols" = "xyes")
@@ -3050,48 +3059,9 @@ AC_HELP_STRING([--disable-cookies],[Disable cookies support]),
 )

 dnl ************************************************************
-dnl Enable hiding of internal symbols in library to reduce its size and
-dnl speed dynamic linking of applications.  This currently is only supported
-dnl on gcc >= 4.0 and SunPro C.
+dnl hiding of library internal symbols
 dnl
-AC_MSG_CHECKING([whether to enable hidden symbols in the library])
-AC_ARG_ENABLE(hidden-symbols,
-AC_HELP_STRING([--enable-hidden-symbols],[Hide internal symbols in library])
-AC_HELP_STRING([--disable-hidden-symbols],[Leave all symbols with default visibility in library]),
-[ case "$enableval" in
-  no)
-       AC_MSG_RESULT(no)
-       ;;
-  *)
-       AC_MSG_CHECKING([whether $CC supports it])
-       if test "$GCC" = yes ; then
-         if $CC --help --verbose 2>&1 | grep fvisibility= > /dev/null ||
-           dnl clang always supports -fvisibility= but it doesn't show up
-           dnl under --help.
-           test "$compiler_id" = "CLANG"; then
-           AC_MSG_RESULT(yes)
-           AC_DEFINE(CURL_HIDDEN_SYMBOLS, 1, [to enable hidden symbols])
-           AC_DEFINE(CURL_EXTERN_SYMBOL, [__attribute__ ((visibility ("default")))], [to make a symbol visible])
-           CFLAGS="$CFLAGS -fvisibility=hidden"
-         else
-            AC_MSG_RESULT(no)
-          fi
-
-       else
-         dnl Test for SunPro cc
-         if $CC 2>&1 | grep flags >/dev/null && $CC -flags | grep xldscope= >/dev/null ; then
-           AC_MSG_RESULT(yes)
-           AC_DEFINE(CURL_HIDDEN_SYMBOLS, 1, [to enable hidden symbols])
-           AC_DEFINE(CURL_EXTERN_SYMBOL, [__global], [to make a symbol visible])
-           CFLAGS="$CFLAGS -xldscope=hidden"
-         else
-           AC_MSG_RESULT(no)
-         fi
-       fi
-       ;;
-  esac ],
-       AC_MSG_RESULT(no)
-)
+CURL_CONFIGURE_SYMBOL_HIDING

 dnl ************************************************************
 dnl enforce SONAME bump
--- a/docs/FAQ
+++ b/docs/FAQ
@@ -306,41 +306,10 @@ FAQ
  We don't know how many users that downloaded or installed curl and then
  never use it.

-  Some facts to use as input to the math:
+  In May 2012 Daniel did a counting game and came up with a number that may
+  be completely wrong or somewhat accurate. 300 million!

-  curl packages are downloaded from the curl.haxx.se and mirrors over a
-  million times per year. curl is installed by default with most Linux
-  distributions. curl is installed by default with Mac OS X. curl and libcurl
-  as used by numerous applications that include libcurl binaries in their
-  distribution packages (like Adobe Acrobat Reader and Google Earth).
-
-  More than a hundred known named companies use curl in commercial
-  environments and products and more than a hundred known named open source
-  projects depend on (lib)curl.
-
-  In a poll on the curl web site mid-2005, more than 50% of the 300+ answers
-  estimated a user base of one million users or more.
-
-  In March 2005, the "Linux Counter project" estimated a total Linux user base
-  of some 29 millions, while Netcraft detected some 4 million "active" Linux
-  based web servers. A guess is that a fair amount of these Linux
-  installations have curl installed.
-
-  The Debian project maintains statistics on packages installed by people
-  who have voluntarily run their package counting application.  In mid-2010,
-  libcurl3 was installed on over 55000 such systems (62% of reporting systems)
-  and was one of the 320 most popular installed packages (out of about 107000
-  possible packages).
-
-  All this taken together, there is no doubt that there are millions of
-  (lib)curl users.
-
-  http://curl.haxx.se/docs/companies.html
-  http://curl.haxx.se/docs/programs.html
-  http://curl.haxx.se/libcurl/using/apps.html
-  http://counter.li.org/estimates.php
-  http://news.netcraft.com/archives/2005/03/14/fedora_makes_rapid_progress.html
-  http://qa.debian.org/popcon.php?package=curl
+  See http://daniel.haxx.se/blog/2012/05/16/300m-users/

  1.11 Why don't you update ca-bundle.crt

--- a/docs/INSTALL
+++ b/docs/INSTALL
@@ -217,9 +217,9 @@ Win32
   adjust as necessary. It is also possible to override these paths with
   environment variables, for example:

-     set ZLIB_PATH=c:\zlib-1.2.5
-     set OPENSSL_PATH=c:\openssl-0.9.8r
-     set LIBSSH2_PATH=c:\libssh2-1.2.8
+     set ZLIB_PATH=c:\zlib-1.2.7
+     set OPENSSL_PATH=c:\openssl-0.9.8x
+     set LIBSSH2_PATH=c:\libssh2-1.4.2

   ATTENTION: if you want to build with libssh2 support you have to use latest
   version 0.17 - previous versions will NOT work with 7.17.0 and later!
@@ -320,7 +320,7 @@ Win32
   documentation on how to compile zlib. Define the ZLIB_PATH environment
   variable to the location of zlib.h and zlib.lib, for example:

-     set ZLIB_PATH=c:\zlib-1.2.5
+     set ZLIB_PATH=c:\zlib-1.2.7

   Then run 'nmake vc-zlib' in curl's root directory.

@@ -334,7 +334,7 @@ Win32
   Before running nmake define the OPENSSL_PATH environment variable with
   the root/base directory of OpenSSL, for example:

-     set OPENSSL_PATH=c:\openssl-0.9.8q
+     set OPENSSL_PATH=c:\openssl-0.9.8x

   Then run 'nmake vc-ssl' or 'nmake vc-ssl-dll' in curl's root
   directory.  'nmake vc-ssl' will create a libcurl static and dynamic
@@ -840,7 +840,30 @@ VxWorks

 Android
 =======
-   See the build notes in the Android.mk file.
+   Method using the static makefile:
+      - see the build notes in the Android.mk file.
+
+   Method using a configure cross-compile (tested with Android NDK r7b):
+      - prepare the toolchain of the Android NDK for standalone use; this can
+        be done by invoking the script:
+        ./tools/make-standalone-toolchain.sh
+        which creates a usual cross-compile toolchain. Lets assume that you put
+        this toolchain below /opt then invoke configure with something like:
+        export PATH=/opt/arm-linux-androideabi-4.4.3/bin:$PATH
+        ./configure --host=arm-linux-androideabi [more configure options]
+        make
+      - if you want to compile directly from our GIT repo you might run into
+        this issue with older automake stuff:
+        checking host system type...
+        Invalid configuration `arm-linux-androideabi':
+        system `androideabi' not recognized
+        configure: error: /bin/sh ./config.sub arm-linux-androideabi failed
+        this issue can be fixed with using more recent versions of config.sub
+        and config.guess which can be obtained here:
+        http://git.savannah.gnu.org/gitweb/?p=config.git;a=tree
+        you need to replace your system-own versions which usually can be
+        found in your automake folder:
+        find /usr -name config.sub


 CROSS COMPILE
--- a/docs/INTERNALS
+++ b/docs/INTERNALS
@@ -43,7 +43,7 @@ Portability
 openldap     2.0
 MIT krb5 lib 1.2.4
 qsossl       V5R2M0
- NSS          3.11.x
+ NSS          3.12.x
 axTLS        1.2.7
 Heimdal      ?

@@ -104,9 +104,9 @@ Windows vs Unix
 Inside the source code, We make an effort to avoid '#ifdef [Your OS]'. All
 conditionals that deal with features *should* instead be in the format
 '#ifdef HAVE_THAT_WEIRD_FUNCTION'. Since Windows can't run configure scripts,
- we maintain two curl_config-win32.h files (one in lib/ and one in src/) that
- are supposed to look exactly as a curl_config.h file would have looked like on
- a Windows machine!
+ we maintain a curl_config-win32.h file in lib directory that is supposed to
+ look exactly as a curl_config.h file would have looked like on a Windows
+ machine!

 Generally speaking: always remember that this will be compiled on dozens of
 operating systems. Don't walk on the edge.
--- a/docs/MAIL-ETIQUETTE
+++ b/docs/MAIL-ETIQUETTE
@@ -13,6 +13,7 @@ MAIL ETIQUETTE
  1.4 Subscription Required
  1.5 Moderation of new posters
  1.6 Handling trolls and spam
+  1.7 How to unsubscribe

 2. Sending mail
  2.1 Reply or New Mail
@@ -110,6 +111,20 @@ MAIL ETIQUETTE

  Don't feed the trolls!

+  1.7 How to unsubscribe
+
+  You unsubscribe the same way you subscribed in the first place. You go to
+  the page for the particular mailing list you're subscribed to and you enter
+  your email address and password and press the unsubscribe button.
+
+  Also, this information is included in the headers of every mail that is sent
+  out to all curl related mailing lists and there's footer in each mail that
+  links to the "admin" page on which you can unsubscribe and change other
+  options.
+
+  You NEVER EVER email the mailing list requesting someone else to get you off
+  the list.
+

 2. Sending mail

--- a/docs/Makefile.am
+++ b/docs/Makefile.am
@@ -22,9 +22,9 @@

 AUTOMAKE_OPTIONS = foreign no-dependencies

-man_MANS = curl.1 curl-config.1
-GENHTMLPAGES = curl.html curl-config.html
-PDFPAGES = curl.pdf curl-config.pdf
+man_MANS = curl.1 curl-config.1 mk-ca-bundle.1
+GENHTMLPAGES = curl.html curl-config.html mk-ca-bundle.html
+PDFPAGES = curl.pdf curl-config.pdf mk-ca-bundle.pdf

 HTMLPAGES = $(GENHTMLPAGES) index.html

--- a/docs/THANKS
+++ b/docs/THANKS
@@ -55,6 +55,7 @@ Andreas Rieke
 Andreas Schuldei
 Andreas Wurf
 Andrei Benea
+Andrei Cipu
 Andres Garcia
 Andrew Benham
 Andrew Biggs
@@ -128,6 +129,7 @@ Carsten Lange
 Casey O'Donnell
 Cedric Deltheil
 Chad Monroe
+Chandrakant Bagul
 Charles Kerr
 Chih-Chung Chang
 Chris "Bob Bob"
@@ -433,6 +435,7 @@ John Crow
 John Dennis
 John E. Malmberg
 John Janssen
+John Joseph Bachir
 John Kelly
 John Lask
 John Lightsey
@@ -456,6 +459,7 @@ Josef Wolf
 Josh Kapell
 Joshua Kwan
 Josue Andrade Gomes
+Juan Barreto
 Juan F. Codagnone
 Juan Ignacio Herv<72>s
 Judson Bishop
@@ -589,6 +593,7 @@ Mauro Iorio
 Max Katsev
 Maxim Ivanov
 Maxim Perenesenko
+Maxim Prohorov
 Mehmet Bozkurt
 Mekonikum
 Mettgut Jamalla
@@ -596,6 +601,7 @@ Michael Benedict
 Michael Calmer
 Michael Cronenworth
 Michael Curtis
+Michael Day
 Michael Goffioul
 Michael Jahn
 Michael Jerris
@@ -709,6 +715,7 @@ Philippe Vaucher
 Pierre
 Pierre Brico
 Pierre Joye
+Pierre Ynard
 Pooyan McSporran
 Pramod Sharma
 Puneet Pawaia
@@ -867,6 +874,7 @@ Tobias Rundstr
 Toby Peterson
 Todd A Ouska
 Todd Kulesza
+Todd Ouska
 Todd Vierling
 Tom Benoist
 Tom Donovan
--- a/docs/TODO
+++ b/docs/TODO
@@ -61,46 +61,57 @@
 8.3 check connection
 8.4 non-gcrypt

- 9. Other protocols
+ 9. SMTP
+ 9.1 Other authentication mechanims
+ 9.2 Specify the preferred authentication mechanism
+ 9.3 Initial response
+ 9.4 Pipelining
 
- 10. New protocols
- 10.1 RSYNC
+ 10. POP3
+ 10.1 APOP Authentication
+ 10.2 Other authentication mechanims
+ 10.3 auth= in URLs
 
- 11. Client
- 11.1 sync
- 11.2 glob posts
- 11.3 prevent file overwriting
- 11.4 simultaneous parallel transfers
- 11.5 provide formpost headers
- 11.6 url-specific options
- 11.7 metalink support
- 11.8 warning when setting an option
- 11.9 IPv6 addresses with globbing
+ 11. Other protocols

- 12. Build
- 12.1 roffit
+ 12. New protocols
+ 12.1 RSYNC

- 13. Test suite
- 13.1 SSL tunnel
- 13.2 nicer lacking perl message
- 13.3 more protocols supported
- 13.4 more platforms supported
+ 13. Client
+ 13.1 sync
+ 13.2 glob posts
+ 13.3 prevent file overwriting
+ 13.4 simultaneous parallel transfers
+ 13.5 provide formpost headers
+ 13.6 url-specific options
+ 13.7 metalink support
+ 13.8 warning when setting an option
+ 13.9 IPv6 addresses with globbing

- 14. Next SONAME bump
- 14.1 http-style HEAD output for ftp
- 14.2 combine error codes
- 14.3 extend CURLOPT_SOCKOPTFUNCTION prototype
+ 14. Build
+ 14.1 roffit

- 15. Next major release
- 15.1 cleanup return codes
- 15.2 remove obsolete defines
- 15.3 size_t
- 15.4 remove several functions
- 15.5 remove CURLOPT_FAILONERROR
- 15.6 remove CURLOPT_DNS_USE_GLOBAL_CACHE
- 15.7 remove progress meter from libcurl
- 15.8 remove 'curl_httppost' from public
- 15.9 have form functions use CURL handle argument
+ 15. Test suite
+ 15.1 SSL tunnel
+ 15.2 nicer lacking perl message
+ 15.3 more protocols supported
+ 15.4 more platforms supported
+
+ 16. Next SONAME bump
+ 16.1 http-style HEAD output for ftp
+ 16.2 combine error codes
+ 16.3 extend CURLOPT_SOCKOPTFUNCTION prototype
+
+ 17. Next major release
+ 17.1 cleanup return codes
+ 17.2 remove obsolete defines
+ 17.3 size_t
+ 17.4 remove several functions
+ 17.5 remove CURLOPT_FAILONERROR
+ 17.6 remove CURLOPT_DNS_USE_GLOBAL_CACHE
+ 17.7 remove progress meter from libcurl
+ 17.8 remove 'curl_httppost' from public
+ 17.9 have form functions use CURL handle argument

 ==============================================================================

@@ -158,7 +169,7 @@
 To make libcurl do blazing fast IPv6 in a dual-stack configuration, this needs
 to be addressed:

-    http://tools.ietf.org/html/draft-ietf-v6ops-happy-eyeballs-07
+    http://tools.ietf.org/html/rfc6555


 2. libcurl - multi interface
@@ -360,18 +371,65 @@ to provide the data to send.
 The correct fix would be to detect which crypto layer that is in use and
 adapt our code to use that instead of blindly assuming gcrypt.

-9. Other protocols
+9. SMTP

-10. New protocols
+9.1 Other authentication mechanims

-10.1 RSYNC
+ Add support for other authentication mechanisms such as digest-md5 and
+ gssapi.

- There's no RFC for protocol nor URI/URL format.  An implementation should
- most probably use an existing rsync library, such as librsync.
+9.2 Specify the preferred authentication mechanism

-11. Client
+ Add the ability to specify the preferred authentication mechanism or a list
+ of mechanims that should be used. Not only that, but the order that is
+ returned by the server during the EHLO response should be honored by curl.
 
-11.1 sync
+9.3 Initial response
+
+ Add the ability for the user to specify whether the initial response is
+ included in the AUTH command. Some email servers, such as Microsoft
+ Exchange, can work with either whilst others need to have the initial
+ response sent separately:
+ 
+ http://curl.haxx.se/mail/lib-2012-03/0114.html
+ 
+9.4 Pipelining
+
+ Add support for pipelining emails.
+ 
+10. POP3
+
+10.1 APOP Authentication
+
+ Add support for the APOP command rather than using plain text authentication
+ (USER and PASS) as this is very week security wise. Note: The APOP command
+ is specified as "APOP <username> <md5 password>", however, it isn't
+ supported by all mail servers.
+ 
+10.2 Other authentication mechanims
+
+ SASL offers support for additional authentication mechanisms via the AUTH
+ command. Detection of an email server's support for SASL authentication
+ can be detected via the CAPA command whilst a list of supported mechanisms
+ can be retrieved with an empty AUTH command.
+ 
+10.3 auth= in URLs
+
+ Being able to specify the preferred authentication mechanim in the URL as
+ per RFC-2384 (http://tools.ietf.org/html/rfc2384).
+ 
+11. Other protocols
+
+12. New protocols
+
+12.1 RSYNC
+
+ There's no RFC for the protocol or an URI/URL format.  An implementation
+ should most probably use an existing rsync library, such as librsync.
+
+13. Client
+
+13.1 sync

 "curl --sync http://example.com/feed[1-100].rss" or
 "curl --sync http://example.net/{index,calendar,history}.html"
@@ -380,12 +438,12 @@ to provide the data to send.
 remote file is newer than the local file. A Last-Modified HTTP date header
 should also be used to set the mod date on the downloaded file.

-11.2 glob posts
+13.2 glob posts

 Globbing support for -d and -F, as in 'curl -d "name=foo[0-9]" URL'.
 This is easily scripted though.

-11.3 prevent file overwriting
+13.3 prevent file overwriting

 Add an option that prevents cURL from overwriting existing local files. When
 used, and there already is an existing file with the target file name
@@ -393,14 +451,14 @@ to provide the data to send.
 existing). So that index.html becomes first index.html.1 and then
 index.html.2 etc.

-11.4 simultaneous parallel transfers
+13.4 simultaneous parallel transfers

 The client could be told to use maximum N simultaneous parallel transfers and
 then just make sure that happens. It should of course not make more than one
 connection to the same remote host. This would require the client to use the
 multi interface. http://curl.haxx.se/bug/feature.cgi?id=1558595

-11.5 provide formpost headers
+13.5 provide formpost headers

 Extending the capabilities of the multipart formposting. How about leaving
 the ';type=foo' syntax as it is and adding an extra tag (headers) which
@@ -414,7 +472,7 @@ to provide the data to send.
 which should overwrite the program reasonable defaults (plain/text,
 8bit...)

-11.6 url-specific options
+13.6 url-specific options

 Provide a way to make options bound to a specific URL among several on the
 command line. Possibly by letting ':' separate options between URLs,
@@ -428,62 +486,62 @@ to provide the data to send.

 The example would do a POST-GET-POST combination on a single command line.

-11.7 metalink support
+13.7 metalink support

 Add metalink support to curl (http://www.metalinker.org/). This is most useful
 with simultaneous parallel transfers (11.6) but not necessary.

-11.8 warning when setting an option
+13.8 warning when setting an option

  Display a warning when libcurl returns an error when setting an option.
  This can be useful to tell when support for a particular feature hasn't been
  compiled into the library.

-11.9 IPv6 addresses with globbing
+13.9 IPv6 addresses with globbing

  Currently the command line client needs to get url globbing disabled (with
  -g) for it to support IPv6 numerical addresses. This is a rather silly flaw
  that should be corrected. It probably involves a smarter detection of the
  '[' and ']' letters.

-12. Build
+14. Build

-12.1 roffit
+14.1 roffit

 Consider extending 'roffit' to produce decent ASCII output, and use that
 instead of (g)nroff when building src/hugehelp.c

-13. Test suite
+15. Test suite

-13.1 SSL tunnel
+15.1 SSL tunnel

 Make our own version of stunnel for simple port forwarding to enable HTTPS
 and FTP-SSL tests without the stunnel dependency, and it could allow us to
 provide test tools built with either OpenSSL or GnuTLS

-13.2 nicer lacking perl message
+15.2 nicer lacking perl message

 If perl wasn't found by the configure script, don't attempt to run the tests
 but explain something nice why it doesn't.

-13.3 more protocols supported
+15.3 more protocols supported

 Extend the test suite to include more protocols. The telnet could just do ftp
 or http operations (for which we have test servers).

-13.4 more platforms supported
+15.4 more platforms supported

 Make the test suite work on more platforms. OpenBSD and Mac OS. Remove
 fork()s and it should become even more portable.

-14. Next SONAME bump
+16. Next SONAME bump

-14.1 http-style HEAD output for ftp
+16.1 http-style HEAD output for ftp

 #undef CURL_FTP_HTTPSTYLE_HEAD in lib/ftp.c to remove the HTTP-style headers
 from being output in NOBODY requests over ftp

-14.2 combine error codes
+16.2 combine error codes

 Combine some of the error codes to remove duplicates.  The original
 numbering should not be changed, and the old identifiers would be
@@ -501,29 +559,29 @@ to provide the data to send.
    CURLE_TFTP_NOTFOUND => CURLE_REMOTE_FILE_NOT_FOUND
    CURLE_TFTP_PERM => CURLE_REMOTE_ACCESS_DENIED

-14.3 extend CURLOPT_SOCKOPTFUNCTION prototype
+16.3 extend CURLOPT_SOCKOPTFUNCTION prototype

 The current prototype only provides 'purpose' that tells what the
 connection/socket is for, but not any protocol or similar. It makes it hard
 for applications to differentiate on TCP vs UDP and even HTTP vs FTP and
 similar.

-15. Next major release
+17. Next major release

-15.1 cleanup return codes
+17.1 cleanup return codes

 curl_easy_cleanup() returns void, but curl_multi_cleanup() returns a
 CURLMcode. These should be changed to be the same.

-15.2 remove obsolete defines
+17.2 remove obsolete defines

 remove obsolete defines from curl/curl.h

-15.3 size_t
+17.3 size_t

 make several functions use size_t instead of int in their APIs

-15.4 remove several functions
+17.4 remove several functions

 remove the following functions from the public API:

@@ -544,18 +602,18 @@ to provide the data to send.

 curl_multi_socket_all

-15.5 remove CURLOPT_FAILONERROR
+17.5 remove CURLOPT_FAILONERROR

 Remove support for CURLOPT_FAILONERROR, it has gotten too kludgy and weird
 internally. Let the app judge success or not for itself.

-15.6 remove CURLOPT_DNS_USE_GLOBAL_CACHE
+17.6 remove CURLOPT_DNS_USE_GLOBAL_CACHE

 Remove support for a global DNS cache. Anything global is silly, and we
 already offer the share interface for the same functionality but done
 "right".

-15.7 remove progress meter from libcurl
+17.7 remove progress meter from libcurl

 The internally provided progress meter output doesn't belong in the library.
 Basically no application wants it (apart from curl) but instead applications
@@ -565,7 +623,7 @@ to provide the data to send.
 variable types passed to it instead of doubles so that big files work
 correctly.

-15.8 remove 'curl_httppost' from public
+17.8 remove 'curl_httppost' from public

 curl_formadd() was made to fill in a public struct, but the fact that the
 struct is public is never really used by application for their own advantage
@@ -574,7 +632,7 @@ to provide the data to send.
 Changing them to return a private handle will benefit the implementation and
 allow us much greater freedoms while still maintining a solid API and ABI.

-15.9 have form functions use CURL handle argument
+17.9 have form functions use CURL handle argument

 curl_formadd() and curl_formget() both currently have no CURL handle
 argument, but both can use a callback that is set in the easy handle, and
--- a/docs/curl-config.1
+++ b/docs/curl-config.1
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -93,7 +93,6 @@ What's the installed libcurl version?

 How do I build a single file with a one-line command?

-  $ `curl-config --cc --cflags --libs` -o example example.c
-
+  $ `curl-config --cc --cflags` -o example example.c `curl-config --libs`
 .SH "SEE ALSO"
 .BR curl (1)
--- a/docs/curl.1
+++ b/docs/curl.1
@@ -1485,6 +1485,11 @@ The variables available at this point are:
 The URL that was fetched last. This is most meaningful if you've told curl
 to follow location: headers.
 .TP
+.B filename_effective
+The ultimate filename that curl writes out to. This is only meaningful if curl
+is told to write to a file with the --remote-name or --output option. It's most
+useful in combination with the --remote-header-name option. (Added in 7.25.1)
+.TP
 .B http_code
 The numerical response code that was found in the last retrieved HTTP(S) or
 FTP(s) transfer. In 7.18.2 the alias \fBresponse_code\fP was added to show the
@@ -1569,7 +1574,7 @@ means the verification was successful. (Added in 7.19.0)
 .RE

 If this option is used several times, the last one will be used.
-.IP "-x, --proxy <[protocol://][user@password]proxyhost[:port]>"
+.IP "-x, --proxy <[protocol://][user:password@]proxyhost[:port]>"
 Use the specified HTTP proxy. If the port number is not specified, it is
 assumed at port 1080.

@@ -1582,6 +1587,10 @@ converted to HTTP. It means that certain protocol specific operations might
 not be available. This is not the case if you can tunnel through the proxy, as
 one with the \fI-p, --proxytunnel\fP option.

+User and password that might be provided in the proxy string are URL decoded
+by libcurl. This allows you to pass in special characters such as @ by using
+%40 or pass in a colon with %3a.
+
 The proxy host can be specified the exact same way as the proxy environment
 variables, including the protocol prefix (http://) and the embedded user +
 password.
@@ -1628,12 +1637,12 @@ speed-time seconds it gets aborted. speed-time is set with -y and is 30 if
 not set.

 If this option is used several times, the last one will be used.
-.IP "-z, --time-cond <date expression>"
-(HTTP/FTP/FILE) Request a file that has been modified later than the given time
-and date, or one that has been modified before that time. The date expression
-can be all sorts of date strings or if it doesn't match any internal ones, it
-tries to get the time from a given file name instead! See the
-\fIcurl_getdate(3)\fP man pages for date expression details.
+.IP "-z/--time-cond <date expression>|<file>"
+(HTTP/FTP) Request a file that has been modified later than the given time and
+date, or one that has been modified before that time. The <date expression> can
+be all sorts of date strings or if it doesn't match any internal ones, it is
+taken as a filename and tries to get the modification date (mtime) from <file>
+instead. See the \fIcurl_getdate(3)\fP man pages for date expression details.

 Start the date expression with a dash (-) to make it request for a document
 that is older than the given date/time, default is a document that is newer
--- a/docs/examples/Makefile.am
+++ b/docs/examples/Makefile.am
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -23,7 +23,7 @@
 AUTOMAKE_OPTIONS = foreign nostdinc

 EXTRA_DIST = README Makefile.example Makefile.inc Makefile.m32 \
-	Makefile.netware makefile.dj printf_macro.h $(COMPLICATED_EXAMPLES)
+	Makefile.netware makefile.dj $(COMPLICATED_EXAMPLES)

 # Specify our include paths here, and do it relative to $(top_srcdir) and
 # $(top_builddir), to ensure that these paths which belong to the library
@@ -40,12 +40,12 @@ INCLUDES = -I$(top_builddir)/include/curl \

 LIBDIR = $(top_builddir)/lib

-if STATICLIB
-# we need this define when building with a static lib on Windows
-STATICCPPFLAGS = -DCURL_STATICLIB
-endif
+AM_CPPFLAGS = -DCURL_NO_OLDIES

-CPPFLAGS = -DCURL_NO_OLDIES $(STATICCPPFLAGS)
+# Mostly for Windows build targets, when using static libcurl
+if USE_CPPFLAG_CURL_STATICLIB
+AM_CPPFLAGS += -DCURL_STATICLIB
+endif

 # Dependencies
 LDADD = $(LIBDIR)/libcurl.la
--- a/docs/examples/Makefile.m32
+++ b/docs/examples/Makefile.m32
@@ -27,18 +27,18 @@
 ## Example: mingw32-make -f Makefile.m32 CFG=-zlib-ssl-spi-winidn
 ##
 ## Hint: you can also set environment vars to control the build, f.e.:
-## set ZLIB_PATH=c:/zlib-1.2.5
+## set ZLIB_PATH=c:/zlib-1.2.7
 ## set ZLIB=1
 #
 ###########################################################################

 # Edit the path below to point to the base of your Zlib sources.
 ifndef ZLIB_PATH
-ZLIB_PATH = ../../../zlib-1.2.5
+ZLIB_PATH = ../../../zlib-1.2.7
 endif
 # Edit the path below to point to the base of your OpenSSL package.
 ifndef OPENSSL_PATH
-OPENSSL_PATH = ../../../openssl-0.9.8r
+OPENSSL_PATH = ../../../openssl-0.9.8x
 endif
 ifndef OPENSSL_LIBPATH
 OPENSSL_LIBPATH = $(OPENSSL_PATH)/out
@@ -48,7 +48,7 @@ OPENSSL_LIBS = -leay32 -lssl32
 endif
 # Edit the path below to point to the base of your LibSSH2 package.
 ifndef LIBSSH2_PATH
-LIBSSH2_PATH = ../../../libssh2-1.3.0
+LIBSSH2_PATH = ../../../libssh2-1.4.2
 endif
 # Edit the path below to point to the base of your librtmp package.
 ifndef LIBRTMP_PATH
--- a/docs/examples/Makefile.netware
+++ b/docs/examples/Makefile.netware
@@ -14,17 +14,17 @@ endif

 # Edit the path below to point to the base of your Zlib sources.
 ifndef ZLIB_PATH
-ZLIB_PATH = ../../../zlib-1.2.5
+ZLIB_PATH = ../../../zlib-1.2.7
 endif

 # Edit the path below to point to the base of your OpenSSL package.
 ifndef OPENSSL_PATH
-OPENSSL_PATH = ../../../openssl-0.9.8r
+OPENSSL_PATH = ../../../openssl-0.9.8x
 endif

 # Edit the path below to point to the base of your LibSSH2 package.
 ifndef LIBSSH2_PATH
-LIBSSH2_PATH = ../../../libssh2-1.3.0
+LIBSSH2_PATH = ../../../libssh2-1.4.2
 endif

 # Edit the path below to point to the base of your axTLS package.
--- a/docs/examples/anyauthput.c
+++ b/docs/examples/anyauthput.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -42,7 +42,6 @@
 #endif

 #include <curl/curl.h>
-#include "printf_macro.h"

 #if LIBCURL_VERSION_NUM < 0x070c03
 #error "upgrade your libcurl to no less than 7.12.3"
@@ -89,12 +88,16 @@ static curlioerr my_ioctl(CURL *handle, curliocmd cmd, void *userp)
 static size_t read_callback(void *ptr, size_t size, size_t nmemb, void *stream)
 {
  size_t retcode;
+  curl_off_t nread;

  intptr_t fd = (intptr_t)stream;

  retcode = read(fd, ptr, size * nmemb);

-  fprintf(stderr, "*** We read %" _FMT_SIZE_T " bytes from file\n", retcode);
+  nread = (curl_off_t)retcode;
+
+  fprintf(stderr, "*** We read %" CURL_FORMAT_CURL_OFF_T
+          " bytes from file\n", nread);

  return retcode;
 }
--- a/docs/examples/externalsocket.c
+++ b/docs/examples/externalsocket.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -57,7 +57,10 @@ static curl_socket_t opensocket(void *clientp,
                                curlsocktype purpose,
                                struct curl_sockaddr *address)
 {
-  curl_socket_t sockfd = *(curl_socket_t *)clientp;
+  curl_socket_t sockfd;
+  (void)purpose;
+  (void)address;
+  sockfd = *(curl_socket_t *)clientp;
  /* the actual externally set socket is passed in via the OPENSOCKETDATA
     option */
  return sockfd;
@@ -66,6 +69,9 @@ static curl_socket_t opensocket(void *clientp,
 static int sockopt_callback(void *clientp, curl_socket_t curlfd,
                            curlsocktype purpose)
 {
+  (void)clientp;
+  (void)curlfd;
+  (void)purpose;
  /* This return code was added in libcurl 7.21.5 */
  return CURL_SOCKOPT_ALREADY_CONNECTED;
 }
@@ -96,7 +102,7 @@ int main(void)
    curl_easy_setopt(curl, CURLOPT_URL, "http://99.99.99.99:9999");

    /* Create the socket "manually" */
-    if( (sockfd = socket(AF_INET, SOCK_STREAM, 0)) < 0 ) {
+    if( (sockfd = socket(AF_INET, SOCK_STREAM, 0)) == CURL_SOCKET_BAD ) {
      printf("Error creating listening socket.\n");
      return 3;
    }
--- a/docs/examples/ftp-wildcard.c
+++ b/docs/examples/ftp-wildcard.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -33,7 +33,7 @@ static long file_is_comming(struct curl_fileinfo *finfo,
 static long file_is_downloaded(struct callback_data *data);

 static size_t write_it(char *buff, size_t size, size_t nmemb,
-                       struct callback_data *data);
+                       void *cb_data);

 int main(int argc, char **argv)
 {
@@ -135,8 +135,9 @@ static long file_is_downloaded(struct callback_data *data)
 }

 static size_t write_it(char *buff, size_t size, size_t nmemb,
-                       struct callback_data *data)
+                       void *cb_data)
 {
+  struct callback_data *data = cb_data;
  size_t written = 0;
  if(data->output)
    written = fwrite(buff, size, nmemb, data->output);
--- a/docs/examples/ftpupload.c
+++ b/docs/examples/ftpupload.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -32,7 +32,6 @@
 #else
 #include <unistd.h>
 #endif
-#include "printf_macro.h"

 /*
 * This example shows an FTP upload, with a rename of the file just after
@@ -52,12 +51,16 @@
   variable's memory when passed in to it from an app like this. */
 static size_t read_callback(void *ptr, size_t size, size_t nmemb, void *stream)
 {
+  curl_off_t nread;
  /* in real-world cases, this would probably get this data differently
     as this fread() stuff is exactly what the library already would do
     by default internally */
  size_t retcode = fread(ptr, size, nmemb, stream);

-  fprintf(stderr, "*** We read %" _FMT_SIZE_T " bytes from file\n", retcode);
+  nread = (curl_off_t)retcode;
+
+  fprintf(stderr, "*** We read %" CURL_FORMAT_CURL_OFF_T
+          " bytes from file\n", nread);
  return retcode;
 }

--- a/docs/examples/httpput.c
+++ b/docs/examples/httpput.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -25,7 +25,6 @@
 #include <unistd.h>

 #include <curl/curl.h>
-#include "printf_macro.h"

 /*
 * This example shows a HTTP PUT operation. PUTs a file given as a command
@@ -40,13 +39,17 @@
 static size_t read_callback(void *ptr, size_t size, size_t nmemb, void *stream)
 {
  size_t retcode;
+  curl_off_t nread;

  /* in real-world cases, this would probably get this data differently
     as this fread() stuff is exactly what the library already would do
     by default internally */
  retcode = fread(ptr, size, nmemb, stream);

-  fprintf(stderr, "*** We read %" _FMT_SIZE_T " bytes from file\n", retcode);
+  nread = (curl_off_t)retcode;
+
+  fprintf(stderr, "*** We read %" CURL_FORMAT_CURL_OFF_T
+          " bytes from file\n", nread);

  return retcode;
 }
--- a/docs/examples/imap.c
+++ b/docs/examples/imap.c
@@ -25,7 +25,7 @@
 int main(void)
 {
  CURL *curl;
-  CURLcode res;
+  CURLcode res = CURLE_OK;

  curl = curl_easy_init();
  if(curl) {
--- a/docs/examples/post-callback.c
+++ b/docs/examples/post-callback.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -30,7 +30,7 @@ const char data[]="this is what we post to the silly web server";

 struct WriteThis {
  const char *readptr;
-  int sizeleft;
+  long sizeleft;
 };

 static size_t read_callback(void *ptr, size_t size, size_t nmemb, void *userp)
@@ -96,7 +96,7 @@ int main(void)
 #else
    /* Set the expected POST size. If you want to POST large amounts of data,
       consider CURLOPT_POSTFIELDSIZE_LARGE */
-    curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, (curl_off_t)pooh.sizeleft);
+    curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, pooh.sizeleft);
 #endif

 #ifdef DISABLE_EXPECT
--- a/docs/examples/sendrecv.c
+++ b/docs/examples/sendrecv.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -24,7 +24,6 @@
 #include <stdio.h>
 #include <string.h>
 #include <curl/curl.h>
-#include "printf_macro.h"

 /* Auxiliary function that waits on the socket. */
 static int wait_on_socket(curl_socket_t sockfd, int for_recv, long timeout_ms)
@@ -65,6 +64,7 @@ int main(void)
  curl_socket_t sockfd; /* socket */
  long sockextr;
  size_t iolen;
+  curl_off_t nread;

  curl = curl_easy_init();
  if(curl) {
@@ -123,7 +123,9 @@ int main(void)
      if(CURLE_OK != res)
        break;

-      printf("Received %" _FMT_SIZE_T " bytes.\n", iolen);
+      nread = (curl_off_t)iolen;
+
+      printf("Received %" CURL_FORMAT_CURL_OFF_T " bytes.\n", nread);
    }

    /* always cleanup */
--- a/docs/libcurl/curl_easy_setopt.3
+++ b/docs/libcurl/curl_easy_setopt.3
@@ -357,7 +357,7 @@ of bytes actually taken care of. If that amount differs from the amount passed
 to your function, it'll signal an error to the library. This will abort the
 transfer and return \fICURL_WRITE_ERROR\fP.

-A complete header that is passed to this function can be up to
+A complete HTTP header that is passed to this function can be up to
 \fICURL_MAX_HTTP_HEADER\fP (100K) bytes.

 If this option is not set, or if it is set to NULL, but
@@ -380,6 +380,9 @@ to detect it being a trailer and not an ordinary header: 1) it comes after the
 response-body. 2) it comes after the final header line (CR LF) 3) a Trailer:
 header among the regular response-headers mention what header(s) to expect in
 the trailer.
+
+For non-HTTP protocols like FTP, POP3, IMAP and SMTP this function will get
+called with the server responses to the commands that libcurl sends.
 .IP CURLOPT_WRITEHEADER
 (This option is also known as \fBCURLOPT_HEADERDATA\fP) Pass a pointer to be
 used to write the header part of the received data to. If you don't use
@@ -1061,8 +1064,8 @@ HTTP NTLM authentication. A proprietary protocol invented and used by
 Microsoft. It uses a challenge-response and hash concept similar to Digest, to
 prevent the password from being eavesdropped.

-You need to build libcurl with either OpenSSL or NSS support for this option
-to work, or build libcurl on Windows.
+You need to build libcurl with either OpenSSL, GnuTLS or NSS support for this
+option to work, or build libcurl on Windows.
 .IP CURLAUTH_NTLM_WB
 NTLM delegating to winbind helper. Authentication is performed by a separate
 binary application that is executed when needed. The name of the application
@@ -1180,12 +1183,13 @@ Setting the limit to 0 will make libcurl refuse any redirect. Set it to -1 for
 an infinite number of redirects (which is the default)
 .IP CURLOPT_POSTREDIR
 Pass a bitmask to control how libcurl acts on redirects after POSTs that get a
-301 or 302 response back.  A parameter with bit 0 set (value
+301, 302 or 303 response back.  A parameter with bit 0 set (value
 \fBCURL_REDIR_POST_301\fP) tells the library to respect RFC 2616/10.3.2 and
 not convert POST requests into GET requests when following a 301
 redirection. Setting bit 1 (value CURL_REDIR_POST_302) makes libcurl maintain
-the request method after a 302 redirect. CURL_REDIR_POST_ALL is a convenience
-define that sets both bits.
+the request method after a 302 redirect. Setting bit 2 (value
+\fBCURL_REDIR_POST_303) makes libcurl maintain the request method after a 302
+redirect. CURL_REDIR_POST_ALL is a convenience define that sets both bits.

 The non-RFC behaviour is ubiquitous in web browsers, so the library does the
 conversion by default to maintain consistency. However, a server may require a
@@ -1839,16 +1843,20 @@ source file to the remote target file.
 Pass a curl_off_t as parameter. It contains the offset in number of bytes that
 you want the transfer to start from. (Added in 7.11.0)
 .IP CURLOPT_CUSTOMREQUEST
-Pass a pointer to a zero terminated string as parameter. It will be used
-instead of GET or HEAD when doing a HTTP request, or instead of LIST or NLST
-when doing a FTP directory listing. This is useful for doing DELETE or other
-more or less obscure HTTP requests. Don't do this at will, make sure your
-server supports the command first.
+Pass a pointer to a zero terminated string as parameter. It can be used to
+specify the request instead of GET or HEAD when performing HTTP based
+requests, instead of LIST and NLST when performing FTP directory listings and
+instead of LIST and RETR when issuing POP3 based commands. This is
+particularly useful, for example, for performing a HTTP DELETE request or a
+POP3 DELE command.
+
+Please don't perform this at will, on HTTP based requests, by making sure
+your server supports the command you are sending first.
 
 When you change the request method by setting \fBCURLOPT_CUSTOMREQUEST\fP to
-something, you don't actually change how libcurl behaves or acts in regards to
-the particular request method, it will only change the actual string sent in
-the request.
+something, you don't actually change how libcurl behaves or acts in regards
+to the particular request method, it will only change the actual string sent
+in the request.

 For example: if you tell libcurl to do a HEAD request, but then change the
 request to a "GET" with \fBCURLOPT_CUSTOMREQUEST\fP you'll still see libcurl
@@ -1860,12 +1868,14 @@ POST, use \fICURLOPT_POST\fP or \fICURLOPT_POSTFIELDS\fP and so on.
 Restore to the internal default by setting this to NULL.

 Many people have wrongly used this option to replace the entire request with
-their own, including multiple headers and POST contents. While that might work
-in many cases, it will cause libcurl to send invalid requests and it could
-possibly confuse the remote server badly. Use \fICURLOPT_POST\fP and
+their own, including multiple headers and POST contents. While that might
+work in many cases, it will cause libcurl to send invalid requests and it
+could possibly confuse the remote server badly. Use \fICURLOPT_POST\fP and
 \fICURLOPT_POSTFIELDS\fP to set POST data. Use \fICURLOPT_HTTPHEADER\fP to
 replace or extend the set of headers sent by libcurl. Use
 \fICURLOPT_HTTP_VERSION\fP to change HTTP version.
+
+(Support for POP3 added in 7.26.0)
 .IP CURLOPT_FILETIME
 Pass a long. If it is 1, libcurl will attempt to get the modification date of
 the remote document in this operation. This requires that the remote server
@@ -1874,11 +1884,11 @@ sends the time or replies to a time querying command. The
 can be used after a transfer to extract the received time (if any).
 .IP CURLOPT_NOBODY
 A parameter set to 1 tells the library to not include the body-part in the
-output. This is only relevant for protocols that have separate header and body
-parts. On HTTP(S) servers, this will make libcurl do a HEAD request.
+output. This is only relevant for protocols that have separate header and
+body parts. On HTTP(S) servers, this will make libcurl do a HEAD request.

-To change request to GET, you should use \fICURLOPT_HTTPGET\fP. Change request
-to POST with \fICURLOPT_POST\fP etc.
+To change request to GET, you should use \fICURLOPT_HTTPGET\fP. Change
+request to POST with \fICURLOPT_POST\fP etc.
 .IP CURLOPT_INFILESIZE
 When uploading a file to a remote site, this option should be used to tell
 libcurl what the expected size of the infile is. This value should be passed
@@ -1958,6 +1968,8 @@ SIGALRM to enable time-outing system calls.

 In unix-like systems, this might cause signals to be used unless
 \fICURLOPT_NOSIGNAL\fP is set.
+
+Default timeout is 0 (zero) which means it never times out.
 .IP CURLOPT_TIMEOUT_MS
 Like \fICURLOPT_TIMEOUT\fP but takes number of milliseconds instead. If
 libcurl is built to use the standard system name resolver, that portion
@@ -2374,6 +2386,9 @@ Pass a char * pointing to a file name for your public key. If not used,
 libcurl defaults to \fB$HOME/.ssh/id_dsa.pub\fP if the HOME environment
 variable is set, and just "id_dsa.pub" in the current directory if HOME is not
 set.  (Added in 7.16.1)
+If an empty string is passed, libcurl will pass no public key to libssh2
+which then tries to compute it from the private key, this is known to work
+when libssh2 1.4.0+ is linked against OpenSSL. (Added in 7.26.0)
 .IP CURLOPT_SSH_PRIVATE_KEYFILE
 Pass a char * pointing to a file name for your private key. If not used,
 libcurl defaults to \fB$HOME/.ssh/id_dsa\fP if the HOME environment variable
--- a/docs/libcurl/symbols-in-versions
+++ b/docs/libcurl/symbols-in-versions
@@ -649,6 +649,7 @@ CURL_READFUNC_PAUSE             7.18.0
 CURL_REDIR_GET_ALL              7.19.1
 CURL_REDIR_POST_301             7.19.1
 CURL_REDIR_POST_302             7.19.1
+CURL_REDIR_POST_303             7.25.1
 CURL_REDIR_POST_ALL             7.19.1
 CURL_RTSPREQ_ANNOUNCE           7.20.0
 CURL_RTSPREQ_DESCRIBE           7.20.0
--- a/docs/mk-ca-bundle.1
+++ b/docs/mk-ca-bundle.1
@@ -0,0 +1,51 @@
+.Dd April 27, 2012
+.Dt MK-CA-BUNDLE 1
+.Os
+.Sh NAME
+.Nm mk-ca-bundle
+.Nd create a new ca-bundle.crt from mozilla's certdata.txt
+.Sh SYNOPSIS
+.Nm
+.Op Fl bilnqtuv
+.Or outputfile
+.Sh DESCRIPTION
+The
+.Nm
+tool downloads the certdata.txt file from Mozilla's source tree, then
+parses certdata.txt and extracts CA Root Certificates into PEM format.
+These are then processed with the OpenSSL commandline tool to produce the
+final ca-bundle.crt file.
+.Sh OPTIONS
+The following options are supported by
+.Nm :
+.Bl -tag -width _h
+.It Fl b
+backup an existing version of ca-bundle.crt
+.It Fl i
+print version info about used modules
+.It Fl l
+print license info about certdata.txt
+.It Fl n
+no download of certdata.txt (to use existing)
+.It Fl q
+be really quiet (no progress output at all)
+.It Fl t
+include plain text listing of certificates
+.It Fl u
+unlink (remove) certdata.txt after processing
+.It Fl v
+be verbose and print out processed CAs
+.El
+.Sh EXIT STATUS
+.Ex -std
+.Sh SEE ALSO
+.Xr curl 1
+.Sh HISTORY
+.Nm
+was based on the parse-certs script written by
+.An Roland Krikava
+and hacked by
+.An Guenter Knauf .
+This manual page was written by
+.An Jan Schaumann
+.Aq jschauma@netmeister.org .
--- a/include/curl/.gitignore
+++ b/include/curl/.gitignore
@@ -1,3 +1,4 @@
 curlbuild.h
+stamp-h2
 stamp-h3
 curlver.h.dist
--- a/include/curl/curl.h
+++ b/include/curl/curl.h
@@ -598,17 +598,31 @@ typedef enum {
                                   in 7.18.0 */
 } curl_proxytype;  /* this enum was added in 7.10 */

-#define CURLAUTH_NONE         0       /* nothing */
-#define CURLAUTH_BASIC        (1<<0)  /* Basic (default) */
-#define CURLAUTH_DIGEST       (1<<1)  /* Digest */
-#define CURLAUTH_GSSNEGOTIATE (1<<2)  /* GSS-Negotiate */
-#define CURLAUTH_NTLM         (1<<3)  /* NTLM */
-#define CURLAUTH_DIGEST_IE    (1<<4)  /* Digest with IE flavour */
-#define CURLAUTH_NTLM_WB      (1<<5)  /* NTLM delegating to winbind helper */
-#define CURLAUTH_ONLY         (1<<31) /* used together with a single other
-                                         type to force no auth or just that
-                                         single type */
-#define CURLAUTH_ANY (~CURLAUTH_DIGEST_IE)  /* all fine types set */
+/*
+ * Bitmasks for CURLOPT_HTTPAUTH and CURLOPT_PROXYAUTH options:
+ *
+ * CURLAUTH_NONE         - No HTTP authentication
+ * CURLAUTH_BASIC        - HTTP Basic authentication (default)
+ * CURLAUTH_DIGEST       - HTTP Digest authentication
+ * CURLAUTH_GSSNEGOTIATE - HTTP GSS-Negotiate authentication
+ * CURLAUTH_NTLM         - HTTP NTLM authentication
+ * CURLAUTH_DIGEST_IE    - HTTP Digest authentication with IE flavour
+ * CURLAUTH_NTLM_WB      - HTTP NTLM authentication delegated to winbind helper
+ * CURLAUTH_ONLY         - Use together with a single other type to force no
+ *                         authentication or just that single type
+ * CURLAUTH_ANY          - All fine types set
+ * CURLAUTH_ANYSAFE      - All fine types except Basic
+ */
+
+#define CURLAUTH_NONE         ((unsigned long)0)
+#define CURLAUTH_BASIC        (((unsigned long)1)<<0)
+#define CURLAUTH_DIGEST       (((unsigned long)1)<<1)
+#define CURLAUTH_GSSNEGOTIATE (((unsigned long)1)<<2)
+#define CURLAUTH_NTLM         (((unsigned long)1)<<3)
+#define CURLAUTH_DIGEST_IE    (((unsigned long)1)<<4)
+#define CURLAUTH_NTLM_WB      (((unsigned long)1)<<5)
+#define CURLAUTH_ONLY         (((unsigned long)1)<<31)
+#define CURLAUTH_ANY          (~CURLAUTH_DIGEST_IE)
 #define CURLAUTH_ANYSAFE      (~(CURLAUTH_BASIC|CURLAUTH_DIGEST_IE))

 #define CURLSSH_AUTH_ANY       ~0     /* all types supported by the server */
@@ -1624,13 +1638,16 @@ enum CURL_TLSAUTH {
 };

 /* symbols to use with CURLOPT_POSTREDIR.
-   CURL_REDIR_POST_301 and CURL_REDIR_POST_302 can be bitwise ORed so that
-   CURL_REDIR_POST_301 | CURL_REDIR_POST_302 == CURL_REDIR_POST_ALL */
+   CURL_REDIR_POST_301, CURL_REDIR_POST_302 and CURL_REDIR_POST_303
+   can be bitwise ORed so that CURL_REDIR_POST_301 | CURL_REDIR_POST_302
+   | CURL_REDIR_POST_303 == CURL_REDIR_POST_ALL */

 #define CURL_REDIR_GET_ALL  0
 #define CURL_REDIR_POST_301 1
 #define CURL_REDIR_POST_302 2
-#define CURL_REDIR_POST_ALL (CURL_REDIR_POST_301|CURL_REDIR_POST_302)
+#define CURL_REDIR_POST_303 4
+#define CURL_REDIR_POST_ALL \
+    (CURL_REDIR_POST_301|CURL_REDIR_POST_302|CURL_REDIR_POST_303)

 typedef enum {
  CURL_TIMECOND_NONE,
--- a/include/curl/curlver.h
+++ b/include/curl/curlver.h
@@ -30,12 +30,12 @@

 /* This is the version number of the libcurl package from which this header
   file origins: */
-#define LIBCURL_VERSION "7.25.0-DEV"
+#define LIBCURL_VERSION "7.26.0-DEV"

 /* The numeric version number is also available "in parts" by using these
   defines: */
 #define LIBCURL_VERSION_MAJOR 7
-#define LIBCURL_VERSION_MINOR 25
+#define LIBCURL_VERSION_MINOR 26
 #define LIBCURL_VERSION_PATCH 0

 /* This is the numeric version of the libcurl version number, meant for easier
@@ -53,7 +53,7 @@
   and it is always a greater number in a more recent release. It makes
   comparisons with greater than and less than work.
 */
-#define LIBCURL_VERSION_NUM 0x071900
+#define LIBCURL_VERSION_NUM 0x071A00

 /*
 * This is the date and time when the full source package was created. The
--- a/include/curl/typecheck-gcc.h
+++ b/include/curl/typecheck-gcc.h
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -141,8 +141,9 @@ __extension__ ({                                                              \

 /* To define a new warning, use _CURL_WARNING(identifier, "message") */
 #define _CURL_WARNING(id, message)                                            \
-  static void __attribute__((warning(message))) __attribute__((unused))       \
-  __attribute__((noinline)) id(void) { __asm__(""); }
+  static void __attribute__((__warning__(message)))                           \
+  __attribute__((__unused__)) __attribute__((__noinline__))                   \
+  id(void) { __asm__(""); }

 _CURL_WARNING(_curl_easy_setopt_err_long,
  "curl_easy_setopt expects a long argument for this option")
--- a/lib/Makefile.Watcom
+++ b/lib/Makefile.Watcom
@@ -83,13 +83,13 @@ CFLAGS += -dWANT_IDN_PROTOTYPES
 !ifdef %zlib_root
 ZLIB_ROOT = $(%zlib_root)
 !else
-ZLIB_ROOT = ..$(DS)..$(DS)zlib-1.2.5
+ZLIB_ROOT = ..$(DS)..$(DS)zlib-1.2.7
 !endif

 !ifdef %libssh2_root
 LIBSSH2_ROOT = $(%libssh2_root)
 !else
-LIBSSH2_ROOT = ..$(DS)..$(DS)libssh2-1.3.0
+LIBSSH2_ROOT = ..$(DS)..$(DS)libssh2-1.4.2
 !endif

 !ifdef %librtmp_root
@@ -101,7 +101,7 @@ LIBRTMP_ROOT = ..$(DS)..$(DS)rtmpdump-2.3
 !ifdef %openssl_root
 OPENSSL_ROOT = $(%openssl_root)
 !else
-OPENSSL_ROOT = ..$(DS)..$(DS)openssl-0.9.8r
+OPENSSL_ROOT = ..$(DS)..$(DS)openssl-0.9.8x
 !endif

 !ifdef %ares_root
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -33,7 +33,7 @@ CMAKE_DIST = CMakeLists.txt curl_config.h.cmake
 EXTRA_DIST = Makefile.b32 Makefile.m32 Makefile.vc6 $(DSP)                 \
 vc6libcurl.dsw config-win32.h config-win32ce.h config-riscos.h            \
 config-mac.h curl_config.h.in makefile.dj config-dos.h libcurl.plist      \
- libcurl.rc config-amigaos.h amigaos.c amigaos.h makefile.amiga		   \
+ libcurl.rc config-amigaos.h makefile.amiga                                \
 Makefile.netware nwlib.c nwos.c libcurl.imp msvcproj.head msvcproj.foot   \
 config-win32ce.h config-os400.h setup-os400.h config-symbian.h		   \
 Makefile.Watcom config-tpf.h $(DOCS) $(VCPROJ) mk-ca-bundle.pl		   \
@@ -48,6 +48,8 @@ LIBCURL_LIBS = @LIBCURL_LIBS@
 # This might hold -Werror
 CFLAGS += @CURL_CFLAG_EXTRAS@

+CFLAG_CURL_SYMBOL_HIDING = @CFLAG_CURL_SYMBOL_HIDING@
+
 # Specify our include paths here, and do it relative to $(top_srcdir) and
 # $(top_builddir), to ensure that these paths which belong to the library
 # being currently built and tested are searched before the library which
@@ -77,6 +79,18 @@ INCLUDES = -I$(top_builddir)/include/curl \
           -I$(top_srcdir)/lib
 endif

+AM_CPPFLAGS =
+
+# Mostly for Windows build targets, when building libcurl library
+if USE_CPPFLAG_BUILDING_LIBCURL
+AM_CPPFLAGS += -DBUILDING_LIBCURL
+endif
+
+# Mostly for Windows build targets, when building static libcurl
+if USE_CPPFLAG_CURL_STATICLIB
+AM_CPPFLAGS += -DCURL_STATICLIB
+endif
+
 if SONAME_BUMP
 #
 # Bumping of SONAME conditionally may seem like a weird thing to do, and yeah
@@ -122,6 +136,14 @@ endif

 libcurl_la_LDFLAGS = $(UNDEF) $(VERSIONINFO) $(MIMPURE) $(VERSIONED_SYMBOLS) $(LIBCURL_LIBS)

+if DOING_CURL_SYMBOL_HIDING
+libcurl_la_CPPFLAGS = $(AM_CPPFLAGS) -DCURL_HIDDEN_SYMBOLS
+libcurl_la_CFLAGS = $(AM_CFLAGS) $(CFLAG_CURL_SYMBOL_HIDING)
+else
+libcurl_la_CPPFLAGS = $(AM_CPPFLAGS)
+libcurl_la_CFLAGS = $(AM_CFLAGS)
+endif
+
 # unit testing static library built only along with unit tests
 if BUILD_UNITTESTS
 noinst_LTLIBRARIES = libcurlu.la
@@ -131,6 +153,7 @@ endif

 libcurlu_la_CPPFLAGS = $(AM_CPPFLAGS) -DUNITTESTS
 libcurlu_la_LDFLAGS = -static $(LIBCURL_LIBS)
+libcurlu_la_CFLAGS = $(AM_CFLAGS)

 # Makefile.inc provides the CSOURCES and HHEADERS defines
 include Makefile.inc
--- a/lib/Makefile.b32
+++ b/lib/Makefile.b32
@@ -22,12 +22,12 @@ BCCDIR = $(MAKEDIR)\..

 # Edit the path below to point to the base of your Zlib sources.
 !ifndef ZLIB_PATH
-ZLIB_PATH = ..\..\zlib-1.2.5
+ZLIB_PATH = ..\..\zlib-1.2.7
 !endif

 # Edit the path below to point to the base of your OpenSSL package.
 !ifndef OPENSSL_PATH
-OPENSSL_PATH = ..\..\openssl-0.9.8q
+OPENSSL_PATH = ..\..\openssl-0.9.8x
 !endif

 # Set libcurl static lib, dll and import lib
--- a/lib/Makefile.inc
+++ b/lib/Makefile.inc
@@ -14,7 +14,7 @@ CSOURCES = file.c timeval.c base64.c hostip.c progress.c formdata.c	\
  curl_fnmatch.c fileinfo.c ftplistparser.c wildcard.c krb5.c		\
  memdebug.c http_chunks.c strtok.c connect.c llist.c hash.c multi.c	\
  content_encoding.c share.c http_digest.c md4.c md5.c curl_rand.c	\
-  http_negotiate.c inet_pton.c strtoofft.c strerror.c			\
+  http_negotiate.c inet_pton.c strtoofft.c strerror.c amigaos.c		\
  hostasyn.c hostip4.c hostip6.c hostsyn.c inet_ntop.c parsedate.c	\
  select.c gtls.c sslgen.c tftp.c splay.c strdup.c socks.c ssh.c nss.c	\
  qssl.c rawstr.c curl_addrinfo.c socks_gssapi.c socks_sspi.c		\
@@ -31,7 +31,7 @@ HHEADERS = arpa_telnet.h netrc.h file.h timeval.h qssl.h hostip.h	\
  getinfo.h strequal.h krb4.h memdebug.h http_chunks.h curl_rand.h	\
  curl_fnmatch.h wildcard.h fileinfo.h ftplistparser.h strtok.h		\
  connect.h llist.h hash.h content_encoding.h share.h curl_md4.h	\
-  curl_md5.h http_digest.h http_negotiate.h inet_pton.h			\
+  curl_md5.h http_digest.h http_negotiate.h inet_pton.h amigaos.h	\
  strtoofft.h strerror.h inet_ntop.h curlx.h curl_memory.h setup.h	\
  transfer.h select.h easyif.h multiif.h parsedate.h sslgen.h gtls.h	\
  tftp.h sockaddr.h splay.h strdup.h setup_once.h socks.h ssh.h nssg.h	\
--- a/lib/Makefile.m32
+++ b/lib/Makefile.m32
@@ -7,18 +7,18 @@
 ## Example: mingw32-make -f Makefile.m32 CFG=-zlib-ssl-sspi-winidn
 ##
 ## Hint: you can also set environment vars to control the build, f.e.:
-## set ZLIB_PATH=c:/zlib-1.2.5
+## set ZLIB_PATH=c:/zlib-1.2.7
 ## set ZLIB=1
 #
 ###########################################################################

 # Edit the path below to point to the base of your Zlib sources.
 ifndef ZLIB_PATH
-ZLIB_PATH = ../../zlib-1.2.5
+ZLIB_PATH = ../../zlib-1.2.7
 endif
 # Edit the path below to point to the base of your OpenSSL package.
 ifndef OPENSSL_PATH
-OPENSSL_PATH = ../../openssl-0.9.8r
+OPENSSL_PATH = ../../openssl-0.9.8x
 endif
 ifndef OPENSSL_INCLUDE
 OPENSSL_INCLUDE = $(OPENSSL_PATH)/outinc
@@ -31,7 +31,7 @@ OPENSSL_LIBS = -leay32 -lssl32
 endif
 # Edit the path below to point to the base of your LibSSH2 package.
 ifndef LIBSSH2_PATH
-LIBSSH2_PATH = ../../libssh2-1.3.0
+LIBSSH2_PATH = ../../libssh2-1.4.2
 endif
 # Edit the path below to point to the base of your librtmp package.
 ifndef LIBRTMP_PATH
--- a/lib/Makefile.netware
+++ b/lib/Makefile.netware
@@ -14,17 +14,17 @@ endif

 # Edit the path below to point to the base of your Zlib sources.
 ifndef ZLIB_PATH
-ZLIB_PATH = ../../zlib-1.2.5
+ZLIB_PATH = ../../zlib-1.2.7
 endif

 # Edit the path below to point to the base of your OpenSSL package.
 ifndef OPENSSL_PATH
-OPENSSL_PATH = ../../openssl-0.9.8r
+OPENSSL_PATH = ../../openssl-0.9.8x
 endif

 # Edit the path below to point to the base of your LibSSH2 package.
 ifndef LIBSSH2_PATH
-LIBSSH2_PATH = ../../libssh2-1.3.0
+LIBSSH2_PATH = ../../libssh2-1.4.2
 endif

 # Edit the path below to point to the base of your axTLS package.
--- a/lib/Makefile.vc6
+++ b/lib/Makefile.vc6
@@ -65,15 +65,15 @@
 !INCLUDE ..\Makefile.msvc.names

 !IFNDEF OPENSSL_PATH
-OPENSSL_PATH   = ../../openssl-0.9.8r
+OPENSSL_PATH   = ../../openssl-0.9.8x
 !ENDIF

 !IFNDEF LIBSSH2_PATH
-LIBSSH2_PATH   = ../../libssh2-1.2.8
+LIBSSH2_PATH   = ../../libssh2-1.4.2
 !ENDIF

 !IFNDEF ZLIB_PATH
-ZLIB_PATH  = ../../zlib-1.2.5
+ZLIB_PATH  = ../../zlib-1.2.7
 !ENDIF

 !IFNDEF MACHINE
--- a/lib/Makefile.vxworks
+++ b/lib/Makefile.vxworks
@@ -33,10 +33,10 @@ BUILD_TYPE := debug
 USER_CFLAGS:=

 # directories where to seek for includes and libraries
-OPENSSL_INC := D:/libraries/openssl/openssl-0.9.8a-vxWorks6.3/include
-OPENSSL_LIB := D:/libraries/openssl/openssl-0.9.8a-vxWorks6.3
-ZLIB_INC    := D:/libraries/zlib/zlib-1.2.3-VxWorks6.3/zlib-1.2.3
-ZLIB_LIB    := D:/libraries/zlib/zlib-1.2.3-VxWorks6.3/binaries/vxworks_3.1_gnu/Debug/lib
+OPENSSL_INC := D:/libraries/openssl/openssl-0.9.8x-vxWorks6.3/include
+OPENSSL_LIB := D:/libraries/openssl/openssl-0.9.8x-vxWorks6.3
+ZLIB_INC    := D:/libraries/zlib/zlib-1.2.7-VxWorks6.3/zlib-1.2.7
+ZLIB_LIB    := D:/libraries/zlib/zlib-1.2.7-VxWorks6.3/binaries/vxworks_3.1_gnu/Debug/lib
 ARES_INC    :=
 ARES_LIB    :=

--- a/lib/amigaos.c
+++ b/lib/amigaos.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -20,10 +20,13 @@
 *
 ***************************************************************************/

-#ifdef __AMIGA__ /* Any AmigaOS flavour */
+#include "setup.h"
+
+#if defined(__AMIGA__) && !defined(__ixemul__)
+
+#include <amitcp/socketbasetags.h>

 #include "amigaos.h"
-#include <amitcp/socketbasetags.h>

 struct Library *SocketBase = NULL;
 extern int errno, h_errno;
@@ -35,7 +38,7 @@ void __request(const char *msg);
 # define __request( msg )       Printf( msg "\n\a")
 #endif

-void amiga_cleanup()
+void Curl_amiga_cleanup()
 {
  if(SocketBase) {
    CloseLibrary(SocketBase);
@@ -43,7 +46,7 @@ void amiga_cleanup()
  }
 }

-BOOL amiga_init()
+bool Curl_amiga_init()
 {
  if(!SocketBase)
    SocketBase = OpenLibrary("bsdsocket.library", 4);
@@ -61,20 +64,14 @@ BOOL amiga_init()
  }

 #ifndef __libnix__
-  atexit(amiga_cleanup);
+  atexit(Curl_amiga_cleanup);
 #endif

  return TRUE;
 }

 #ifdef __libnix__
-ADD2EXIT(amiga_cleanup,-50);
+ADD2EXIT(Curl_amiga_cleanup,-50);
 #endif

-#else /* __AMIGA__ */
-
-#ifdef __POCC__
-#  pragma warn(disable:2024)  /* Disable warning #2024: Empty input file */
-#endif
-
-#endif /* __AMIGA__ */
+#endif /* __AMIGA__ && ! __ixemul__ */
--- a/lib/amigaos.h
+++ b/lib/amigaos.h
@@ -1,5 +1,5 @@
-#ifndef LIBCURL_AMIGAOS_H
-#define LIBCURL_AMIGAOS_H
+#ifndef HEADER_CURL_AMIGAOS_H
+#define HEADER_CURL_AMIGAOS_H
 /***************************************************************************
 *                                  _   _ ____  _
 *  Project                     ___| | | |  _ \| |
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -21,37 +21,19 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
+#include "setup.h"

-#ifdef __AMIGA__ /* Any AmigaOS flavour */
+#if defined(__AMIGA__) && !defined(__ixemul__)

-#ifndef __ixemul__
+bool Curl_amiga_init();
+void Curl_amiga_cleanup();

-#include <exec/types.h>
-#include <exec/execbase.h>
+#else

-#include <proto/exec.h>
-#include <proto/dos.h>
+#define Curl_amiga_init() 1
+#define Curl_amiga_cleanup() Curl_nop_stmt

-#include <sys/socket.h>
-
-#include "config-amigaos.h"
-
-#ifndef select
-# define select(args...) WaitSelect( args, NULL)
 #endif
-#ifndef ioctl
-# define ioctl(a,b,c,d)  IoctlSocket( (LONG)a, (ULONG)b, (char*)c)
-#endif
-#define _AMIGASF        1

-extern void amiga_cleanup();
-extern BOOL amiga_init();
-
-#else /* __ixemul__ */
-
-#warning compiling with ixemul...
-
-#endif /* __ixemul__ */
-#endif /* __AMIGA__ */
-#endif /* LIBCURL_AMIGAOS_H */
+#endif /* HEADER_CURL_AMIGAOS_H */

--- a/lib/config-amigaos.h
+++ b/lib/config-amigaos.h
@@ -1,5 +1,5 @@
-#ifndef LIBCURL_CONFIG_AMIGAOS_H
-#define LIBCURL_CONFIG_AMIGAOS_H
+#ifndef HEADER_CURL_CONFIG_AMIGAOS_H
+#define HEADER_CURL_CONFIG_AMIGAOS_H
 /***************************************************************************
 *                                  _   _ ____  _
 *  Project                     ___| | | |  _ \| |
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -22,6 +22,10 @@
 *
 ***************************************************************************/

+/* ================================================================ */
+/*               Hand crafted config file for AmigaOS               */
+/* ================================================================ */
+
 #ifdef __AMIGA__ /* Any AmigaOS flavour */

 #define HAVE_ARPA_INET_H 1
@@ -72,8 +76,6 @@
 #define HAVE_SYS_STAT_H 1
 #define HAVE_SYS_TIME_H 1
 #define HAVE_SYS_TYPES_H 1
-#define HAVE_TERMIOS_H 1
-#define HAVE_TERMIO_H 1
 #define HAVE_TIME_H 1
 #define HAVE_UNAME 1
 #define HAVE_UNISTD_H 1
@@ -89,11 +91,11 @@
 #define SIZEOF_SHORT 2
 #define SIZEOF_SIZE_T 4

+#define USE_MANUAL 1
 #define USE_OPENSSL 1
 #define USE_SSLEAY 1
 #define CURL_DISABLE_LDAP 1

-
 #define OS "AmigaOS"

 #define PACKAGE "curl"
@@ -114,10 +116,22 @@

 #define in_addr_t int

+#ifndef F_OK
+#  define F_OK 0
+#endif
+
 #ifndef O_RDONLY
 #  define O_RDONLY 0x0000
 #endif

+#ifndef LONG_MAX
+#  define LONG_MAX 0x7fffffffL
+#endif
+
+#ifndef LONG_MIN
+#  define LONG_MIN (-0x7fffffffL-1)
+#endif
+
 #define HAVE_GETNAMEINFO 1
 #define GETNAMEINFO_QUAL_ARG1 const
 #define GETNAMEINFO_TYPE_ARG1 struct sockaddr *
@@ -150,4 +164,4 @@
 #define SEND_TYPE_RETV int

 #endif /* __AMIGA__ */
-#endif /* LIBCURL_CONFIG_AMIGAOS_H */
+#endif /* HEADER_CURL_CONFIG_AMIGAOS_H */
--- a/lib/config-mac.h
+++ b/lib/config-mac.h
@@ -1,5 +1,5 @@
-#ifndef __LIB_CONFIG_MAC_H
-#define __LIB_CONFIG_MAC_H
+#ifndef HEADER_CURL_CONFIG_MAC_H
+#define HEADER_CURL_CONFIG_MAC_H
 /***************************************************************************
 *                                  _   _ ____  _
 *  Project                     ___| | | |  _ \| |
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -23,13 +23,16 @@
 ***************************************************************************/

 /* =================================================================== */
-/*   lib/config-mac.h - Hand crafted config file for Mac OS 9          */
+/*                Hand crafted config file for Mac OS 9                */
 /* =================================================================== */
 /*  On Mac OS X you must run configure to generate curl_config.h file  */
 /* =================================================================== */

 #define OS "mac"

+/* Define if you want the built-in manual */
+#define USE_MANUAL              1
+
 #define HAVE_ERRNO_H            1
 #define HAVE_NETINET_IN_H       1
 #define HAVE_SYS_SOCKET_H       1
@@ -43,15 +46,16 @@
 #define HAVE_FCNTL_H            1
 #define HAVE_SYS_STAT_H         1
 #define HAVE_ALLOCA_H           1
-#define HAVE_TIME_H             1
 #define HAVE_STDLIB_H           1
+#define HAVE_TIME_H             1
 #define HAVE_UTIME_H            1
 #define HAVE_SYS_TIME_H         1
+#define HAVE_SYS_UTIME_H        1

 #define TIME_WITH_SYS_TIME      1

 #define HAVE_ALARM              1
-#define HAVE_STRDUP             1
+#define HAVE_FTRUNCATE          1
 #define HAVE_UTIME              1
 #define HAVE_SETVBUF            1
 #define HAVE_STRFTIME           1
@@ -61,7 +65,6 @@
 #define HAVE_SOCKET             1
 #define HAVE_STRUCT_TIMEVAL     1

-//#define HAVE_STRICMP          1
 #define HAVE_SIGACTION          1
 #define HAVE_SIGNAL_H           1
 #define HAVE_SIG_ATOMIC_T       1
@@ -120,4 +123,4 @@
 #define HAVE_EXTRA_STRICMP_H 1
 #define HAVE_EXTRA_STRDUP_H  1

-#endif /* __LIB_CONFIG_MAC_H */
+#endif /* HEADER_CURL_CONFIG_MAC_H */
--- a/lib/config-os400.h
+++ b/lib/config-os400.h
@@ -1,6 +1,5 @@
-/* ================================================================ */
-/*    lib/config-os400.h - Hand crafted config file for OS/400      */
-/* ================================================================ */
+#ifndef HEADER_CURL_CONFIG_OS400_H
+#define HEADER_CURL_CONFIG_OS400_H
 /***************************************************************************
 *                                  _   _ ____  _
 *  Project                     ___| | | |  _ \| |
@@ -8,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -23,6 +22,10 @@
 *
 ***************************************************************************/

+/* ================================================================ */
+/*                Hand crafted config file for OS/400               */
+/* ================================================================ */
+
 #pragma enum(int)

 #undef PACKAGE
@@ -434,10 +437,7 @@
 /* To disable LDAP */
 #undef CURL_DISABLE_LDAP

-/* To avoid external use of library hidden symbols */
-#define CURL_HIDDEN_SYMBOLS
-
-/* External symbols need no special keyword. */
+/* Definition to make a library symbol externally visible. */
 #define CURL_EXTERN_SYMBOL

 /* Define if you have the ldap_url_parse procedure. */
@@ -542,3 +542,4 @@
 #define qadrt_use_fread_inline         /* Generate fread() wrapper inline. */
 #define qadrt_use_fwrite_inline        /* Generate fwrite() wrapper inline. */

+#endif /* HEADER_CURL_CONFIG_OS400_H */
--- a/lib/config-riscos.h
+++ b/lib/config-riscos.h
@@ -1,11 +1,13 @@
-/* curl_config.h.in.  Generated automatically from configure.in by autoheader. /***************************************************************************
+#ifndef HEADER_CURL_CONFIG_RISCOS_H
+#define HEADER_CURL_CONFIG_RISCOS_H
+/***************************************************************************
 *                                  _   _ ____  _
 *  Project                     ___| | | |  _ \| |
 *                             / __| | | | |_) | |
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -19,7 +21,11 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
- */
+
+/* ================================================================ */
+/*               Hand crafted config file for RISC OS               */
+/* ================================================================ */
+
 /* Name of this package! */
 #undef PACKAGE

@@ -32,6 +38,9 @@
 /* Define cpu-machine-OS */
 #define OS "ARM-RISC OS"

+/* Define if you want the built-in manual */
+#define USE_MANUAL
+
 /* Define if you have the gethostbyaddr_r() function with 5 arguments */
 #undef HAVE_GETHOSTBYADDR_R_5

@@ -74,8 +83,8 @@
 /* Define if you want to enable IPv6 support */
 #undef ENABLE_IPV6

-/* Define to 1 if you have the alarm function. */
-#define HAVE_ALARM 1
+/* Define if you have the alarm function. */
+#define HAVE_ALARM

 /* Define if you have the <alloca.h> header file. */
 #define HAVE_ALLOCA_H
@@ -101,6 +110,9 @@
 /* Define if you have the <fcntl.h> header file. */
 #define HAVE_FCNTL_H

+/* Define if you have the `ftruncate' function. */
+#define HAVE_FTRUNCATE
+
 /* Define if getaddrinfo exists and works */
 #define HAVE_GETADDRINFO

@@ -144,7 +156,7 @@
 #define HAVE_INTTYPES_H

 /* Define if you have the <io.h> header file. */
-#define HAVE_IO_H
+#undef HAVE_IO_H

 /* Define if you have the `krb_get_our_ip_for_realm' function. */
 #undef HAVE_KRB_GET_OUR_IP_FOR_REALM
@@ -462,8 +474,8 @@
 /* Define to the type pointed by arg 2 for recvfrom. */
 #define RECVFROM_TYPE_ARG2 void

-/* Define to 1 if the type pointed by arg 2 for recvfrom is void. */
-#define RECVFROM_TYPE_ARG2_IS_VOID 1
+/* Define if the type pointed by arg 2 for recvfrom is void. */
+#define RECVFROM_TYPE_ARG2_IS_VOID

 /* Define to the type of arg 3 for recvfrom. */
 #define RECVFROM_TYPE_ARG3 size_t
@@ -500,3 +512,5 @@

 /* Define to the function return type for send. */
 #define SEND_TYPE_RETV ssize_t
+
+#endif /* HEADER_CURL_CONFIG_RISCOS_H */
--- a/lib/config-symbian.h
+++ b/lib/config-symbian.h
@@ -1,4 +1,5 @@
-/* config-symbian.h.  Manually generated.  */
+#ifndef HEADER_CURL_CONFIG_SYMBIAN_H
+#define HEADER_CURL_CONFIG_SYMBIAN_H
 /***************************************************************************
 *                                  _   _ ____  _
 *  Project                     ___| | | |  _ \| |
@@ -6,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -21,8 +22,9 @@
 *
 ***************************************************************************/

-/* when building libcurl itself */
-/* #undef BUILDING_LIBCURL */
+/* ================================================================ */
+/*               Hand crafted config file for Symbian               */
+/* ================================================================ */

 /* Location of default ca bundle */
 /* #define CURL_CA_BUNDLE "/etc/pki/tls/certs/ca-bundle.crt"*/
@@ -63,18 +65,12 @@
 /* to disable verbose strings */
 /* #define CURL_DISABLE_VERBOSE_STRINGS 1*/

-/* to make a symbol visible */
-/*#define CURL_EXTERN_SYMBOL  __declspec(dllexport)*/
-
-/* to enable hidden symbols */
-/*#define CURL_HIDDEN_SYMBOLS 1*/
+/* Definition to make a library symbol externally visible. */
+/* #undef CURL_EXTERN_SYMBOL */

 /* Use Windows LDAP implementation */
 /* #undef CURL_LDAP_WIN */

-/* when not building a shared library */
-/* #undef CURL_STATICLIB */
-
 /* your Entropy Gathering Daemon socket pathname */
 /* #undef EGD_SOCKET */

@@ -400,9 +396,6 @@
 /* Define to 1 if you have the `pipe' function. */
 #define HAVE_PIPE 1

-/* if you have the function PK11_CreateGenericObject */
-/* #undef HAVE_PK11_CREATEGENERICOBJECT */
-
 /* Define to 1 if you have the `poll' function. */
 /*#define HAVE_POLL 1*/

@@ -646,9 +639,6 @@
 /* Define to 1 if you have the <x509.h> header file. */
 /* #undef HAVE_X509_H */

-/* Define to 1 if you are building a native Windows target. */
-/* #undef NATIVE_WINDOWS */
-
 /* Define to 1 if you need the lber.h header file even with ldap.h */
 /* #undef NEED_LBER_H */

@@ -830,3 +820,5 @@
 /* if OpenSSL is in use */
 #define USE_OPENSSL
 #endif
+
+#endif /* HEADER_CURL_CONFIG_SYMBIAN_H */
--- a/lib/config-tpf.h
+++ b/lib/config-tpf.h
@@ -1,5 +1,5 @@
-#ifndef __LIBCONFIGTPF_H
-#define __LIBCONFIGTPF_H
+#ifndef HEADER_CURL_CONFIG_TPF_H
+#define HEADER_CURL_CONFIG_TPF_H
 /***************************************************************************
 *                                  _   _ ____  _
 *  Project                     ___| | | |  _ \| |
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -23,7 +23,7 @@
 ***************************************************************************/

 /* ================================================================ */
-/*    lib/config-tpf.h - Hand crafted config file for TPF           */
+/*                 Hand crafted config file for TPF                 */
 /* ================================================================ */

 /* ---------------------------------------------------------------- */
@@ -32,9 +32,6 @@

 /* NOTE: Refer also to the .mak file for some of the flags below */

-/* when building libcurl itself */
-/* #undef BUILDING_LIBCURL */
-
 /* to disable cookies support */
 /* #undef CURL_DISABLE_COOKIES */

@@ -65,9 +62,6 @@
 /* to disable verbose strings */
 /* #undef CURL_DISABLE_VERBOSE_STRINGS */

-/* when not building a shared library */
-/* #undef CURL_STATICLIB */
-
 /* lber dynamic library file */
 /* #undef DL_LBER_FILE */

@@ -779,4 +773,4 @@
 #endif


-#endif /* __LIBCONFIGTPF_H */
+#endif /* HEADER_CURL_CONFIG_TPF_H */
--- a/lib/config-vxworks.h
+++ b/lib/config-vxworks.h
@@ -1,5 +1,5 @@
-#ifndef __LIB_CONFIG_VXWORKS_H
-#define __LIB_CONFIG_VXWORKS_H
+#ifndef HEADER_CURL_CONFIG_VXWORKS_H
+#define HEADER_CURL_CONFIG_VXWORKS_H
 /***************************************************************************
 *                                  _   _ ____  _
 *  Project                     ___| | | |  _ \| |
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -23,12 +23,9 @@
 ***************************************************************************/

 /* =============================================================== */
-/*   lib/config-vxworks.h - Hand crafted config file for VxWorks   */
+/*               Hand crafted config file for VxWorks              */
 /* =============================================================== */

-/* when building libcurl itself */
-/* #undef BUILDING_LIBCURL */
-
 /* Location of default ca bundle */
 /* #undef CURL_CA_BUNDLE */

@@ -74,18 +71,12 @@
 /* to disable verbose strings */
 /* #undef CURL_DISABLE_VERBOSE_STRINGS */

-/* to make a symbol visible */
+/* Definition to make a library symbol externally visible. */
 /* #undef CURL_EXTERN_SYMBOL */

-/* to enable hidden symbols */
-/* #undef CURL_HIDDEN_SYMBOLS */
-
 /* Use Windows LDAP implementation */
 /* #undef CURL_LDAP_WIN */

-/* when not building a shared library */
-/* #undef CURL_STATICLIB */
-
 /* your Entropy Gathering Daemon socket pathname */
 /* #undef EGD_SOCKET */

@@ -469,9 +460,6 @@
 /* Define to 1 if you have the `pipe' function. */
 #define HAVE_PIPE 1

-/* if you have the function PK11_CreateGenericObject */
-/* #undef HAVE_PK11_CREATEGENERICOBJECT */
-
 /* Define to 1 if you have a working poll function. */
 /* #undef HAVE_POLL */

@@ -745,9 +733,6 @@
 /* if you have the zlib.h header file */
 #define HAVE_ZLIB_H 1

-/* Define to 1 if you are building a native Windows target. */
-/* #undef NATIVE_WINDOWS */
-
 /* Define to 1 if you need the lber.h header file even with ldap.h */
 /* #undef NEED_LBER_H */

@@ -952,4 +937,4 @@
 /* the signed version of size_t */
 /* #undef ssize_t */

-#endif /* __LIB_CONFIG_VXWORKS_H */
+#endif /* HEADER_CURL_CONFIG_VXWORKS_H */
--- a/lib/connect.c
+++ b/lib/connect.c
@@ -881,7 +881,10 @@ singleipconnect(struct connectdata *conn,

  res = Curl_socket(conn, ai, &addr, &sockfd);
  if(res)
-    return res;
+    /* Failed to create the socket, but still return OK since we signal the
+       lack of socket as well. This allows the parent function to keep looping
+       over alternative addresses/socket families etc. */
+    return CURLE_OK;

  /* store remote address and port used in this connection attempt */
  if(!getaddressinfo((struct sockaddr*)&addr.sa_addr,
@@ -1228,7 +1231,7 @@ CURLcode Curl_socket(struct connectdata *conn,

  if(*sockfd == CURL_SOCKET_BAD)
    /* no socket, no connection */
-    return CURLE_FAILED_INIT;
+    return CURLE_COULDNT_CONNECT;

 #if defined(ENABLE_IPV6) && defined(HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID)
  if(conn->scope && (addr->family == AF_INET6)) {
--- a/lib/curl_config.h.cmake
+++ b/lib/curl_config.h.cmake
@@ -1,4 +1,4 @@
-/* lib/curl_config.h.in.  Generated from configure.ac by autoheader.  */
+/* lib/curl_config.h.in.  Generated somehow by cmake.  */

 /* when building libcurl itself */
 #cmakedefine BUILDING_LIBCURL ${BUILDING_LIBCURL}
@@ -52,9 +52,6 @@
 #define CURL_EXTERN_SYMBOL
 #endif

-/* to enable hidden symbols */
-#cmakedefine CURL_HIDDEN_SYMBOLS ${CURL_HIDDEN_SYMBOLS}
-
 /* Use Windows LDAP implementation */
 #cmakedefine CURL_LDAP_WIN ${CURL_LDAP_WIN}

@@ -444,9 +441,6 @@
 /* Define to 1 if you have the `pipe' function. */
 #cmakedefine HAVE_PIPE ${HAVE_PIPE}

-/* if you have the function PK11_CreateGenericObject */
-#cmakedefine HAVE_PK11_CREATEGENERICOBJECT ${HAVE_PK11_CREATEGENERICOBJECT}
-
 /* Define to 1 if you have a working poll function. */
 #cmakedefine HAVE_POLL ${HAVE_POLL}

@@ -724,9 +718,6 @@
   */
 #cmakedefine LT_OBJDIR ${LT_OBJDIR}

-/* Define to 1 if you are building a native Windows target. */
-#cmakedefine NATIVE_WINDOWS ${NATIVE_WINDOWS}
-
 /* If you lack a fine basename() prototype */
 #cmakedefine NEED_BASENAME_PROTO ${NEED_BASENAME_PROTO}

--- a/lib/curl_md5.h
+++ b/lib/curl_md5.h
@@ -25,10 +25,39 @@
 #ifndef CURL_DISABLE_CRYPTO_AUTH
 #include "curl_hmac.h"

+#define MD5_DIGEST_LEN  16
+
+typedef void (* Curl_MD5_init_func)(void *context);
+typedef void (* Curl_MD5_update_func)(void *context,
+                                      const unsigned char *data,
+                                      unsigned int len);
+typedef void (* Curl_MD5_final_func)(unsigned char *result, void *context);
+
+typedef struct {
+  Curl_MD5_init_func     md5_init_func;   /* Initialize context procedure */
+  Curl_MD5_update_func   md5_update_func; /* Update context with data */
+  Curl_MD5_final_func    md5_final_func;  /* Get final result procedure */
+  unsigned int           md5_ctxtsize;  /* Context structure size */
+  unsigned int           md5_resultlen; /* Result length (bytes) */
+} MD5_params;
+
+typedef struct {
+  const MD5_params      *md5_hash;      /* Hash function definition */
+  void                  *md5_hashctx;   /* Hash function context */
+} MD5_context;
+
+extern const MD5_params Curl_DIGEST_MD5[1];
 extern const HMAC_params Curl_HMAC_MD5[1];

 void Curl_md5it(unsigned char *output,
                const unsigned char *input);
+
+MD5_context * Curl_MD5_init(const MD5_params *md5params);
+int Curl_MD5_update(MD5_context *context,
+                    const unsigned char *data,
+                    unsigned int len);
+int Curl_MD5_final(MD5_context *context, unsigned char *result);
+
 #endif

 #endif /* HEADER_CURL_MD5_H */
--- a/lib/curl_ntlm_core.c
+++ b/lib/curl_ntlm_core.c
@@ -145,7 +145,7 @@ static void setup_des_key(const unsigned char *key_56,
 {
  char key[8];
  extend_key_56_to_64(key_56, key);
-  des_set_key(des, key);
+  des_set_key(des, (const uint8_t*)key);
 }

 #elif defined(USE_GNUTLS)
@@ -389,7 +389,7 @@ CURLcode Curl_ntlm_core_mk_nt_hash(struct SessionHandle *data,
 #elif defined(USE_GNUTLS_NETTLE)
    struct md4_ctx MD4pw;
    md4_init(&MD4pw);
-    md4_update(&MD4pw, 2 * len, pw);
+    md4_update(&MD4pw, (unsigned int)(2 * len), pw);
    md4_digest(&MD4pw, MD4_DIGEST_SIZE, ntbuffer);
 #elif defined(USE_GNUTLS)
    gcry_md_hd_t MD4pw;
--- a/lib/easy.c
+++ b/lib/easy.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -66,6 +66,7 @@
 #include "curl_ntlm.h"
 #include "connect.h" /* for Curl_getconnectinfo */
 #include "slist.h"
+#include "amigaos.h"
 #include "curl_rand.h"
 #include "non-ascii.h"
 #include "warnless.h"
@@ -238,8 +239,8 @@ CURLcode curl_global_init(long flags)
    }

 #ifdef __AMIGA__
-  if(!amiga_init()) {
-    DEBUGF(fprintf(stderr, "Error: amiga_init failed\n"));
+  if(!Curl_amiga_init()) {
+    DEBUGF(fprintf(stderr, "Error: Curl_amiga_init failed\n"));
    return CURLE_FAILED_INIT;
  }
 #endif
@@ -328,9 +329,7 @@ void curl_global_cleanup(void)
  if(init_flags & CURL_GLOBAL_WIN32)
    win32_cleanup();

-#ifdef __AMIGA__
-  amiga_cleanup();
-#endif
+  Curl_amiga_cleanup();

 #if defined(USE_LIBSSH2) && defined(HAVE_LIBSSH2_EXIT)
  (void)libssh2_exit();
--- a/lib/ftp.c
+++ b/lib/ftp.c
@@ -3824,15 +3824,17 @@ static CURLcode init_wc_data(struct connectdata *conn)
     resources for wildcard transfer */

  /* allocate ftp protocol specific temporary wildcard data */
-  ftp_tmp = malloc(sizeof(struct ftp_wc_tmpdata));
+  ftp_tmp = calloc(1, sizeof(struct ftp_wc_tmpdata));
  if(!ftp_tmp) {
+    Curl_safefree(wildcard->pattern);
    return CURLE_OUT_OF_MEMORY;
  }

  /* INITIALIZE parselist structure */
  ftp_tmp->parser = Curl_ftp_parselist_data_alloc();
  if(!ftp_tmp->parser) {
-    free(ftp_tmp);
+    Curl_safefree(wildcard->pattern);
+    Curl_safefree(ftp_tmp);
    return CURLE_OUT_OF_MEMORY;
  }

@@ -3846,9 +3848,22 @@ static CURLcode init_wc_data(struct connectdata *conn)
  /* try to parse ftp url */
  ret = ftp_parse_url_path(conn);
  if(ret) {
+    Curl_safefree(wildcard->pattern);
+    wildcard->tmp_dtor(wildcard->tmp);
+    wildcard->tmp_dtor = ZERO_NULL;
+    wildcard->tmp = NULL;
    return ret;
  }

+  wildcard->path = strdup(conn->data->state.path);
+  if(!wildcard->path) {
+    Curl_safefree(wildcard->pattern);
+    wildcard->tmp_dtor(wildcard->tmp);
+    wildcard->tmp_dtor = ZERO_NULL;
+    wildcard->tmp = NULL;
+    return CURLE_OUT_OF_MEMORY;
+  }
+
  /* backup old write_function */
  ftp_tmp->backup.write_function = conn->data->set.fwrite_func;
  /* parsing write function */
@@ -3858,11 +3873,6 @@ static CURLcode init_wc_data(struct connectdata *conn)
  /* let the writefunc callback know what curl pointer is working with */
  conn->data->set.out = conn;

-  wildcard->path = strdup(conn->data->state.path);
-  if(!wildcard->path) {
-    return CURLE_OUT_OF_MEMORY;
-  }
-
  infof(conn->data, "Wildcard - Parsing started\n");
  return CURLE_OK;
 }
@@ -3889,6 +3899,8 @@ static CURLcode wc_statemach(struct connectdata *conn)
    struct ftp_wc_tmpdata *ftp_tmp = wildcard->tmp;
    conn->data->set.fwrite_func = ftp_tmp->backup.write_function;
    conn->data->set.out = ftp_tmp->backup.file_descriptor;
+    ftp_tmp->backup.write_function = ZERO_NULL;
+    ftp_tmp->backup.file_descriptor = NULL;
    wildcard->state = CURLWC_DOWNLOADING;

    if(Curl_ftp_parselist_geterror(ftp_tmp->parser)) {
--- a/lib/getinfo.c
+++ b/lib/getinfo.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -87,6 +87,11 @@ CURLcode Curl_getinfo(struct SessionHandle *data, CURLINFO info, ...)
    struct curl_slist    * to_slist;
  } ptr;

+  union {
+    unsigned long *to_ulong;
+    long          *to_long;
+  } lptr;
+
  if(!data)
    return CURLE_BAD_FUNCTION_ARGUMENT;

@@ -191,10 +196,12 @@ CURLcode Curl_getinfo(struct SessionHandle *data, CURLINFO info, ...)
    *param_charp = (char *) data->set.private_data;
    break;
  case CURLINFO_HTTPAUTH_AVAIL:
-    *param_longp = data->info.httpauthavail;
+    lptr.to_long = param_longp;
+    *lptr.to_ulong = data->info.httpauthavail;
    break;
  case CURLINFO_PROXYAUTH_AVAIL:
-    *param_longp = data->info.proxyauthavail;
+    lptr.to_long = param_longp;
+    *lptr.to_ulong = data->info.proxyauthavail;
    break;
  case CURLINFO_OS_ERRNO:
    *param_longp = data->state.os_errno;
--- a/lib/http.c
+++ b/lib/http.c
@@ -284,7 +284,7 @@ static bool pickoneauth(struct auth *pick)
 {
  bool picked;
  /* only deal with authentication we want */
-  long avail = pick->avail & pick->want;
+  unsigned long avail = pick->avail & pick->want;
  picked = TRUE;

  /* The order of these checks is highly relevant, as this will be the order
@@ -697,7 +697,7 @@ CURLcode Curl_http_input_auth(struct connectdata *conn,
   */
  struct SessionHandle *data = conn->data;

-  long *availp;
+  unsigned long *availp;
  const char *start;
  struct auth *authp;

@@ -1088,7 +1088,7 @@ CURLcode Curl_add_buffer_send(Curl_send_buffer *in,
    if(conn->data->set.verbose) {
      /* this data _may_ contain binary stuff */
      Curl_debug(conn->data, CURLINFO_HEADER_OUT, ptr, headlen, conn);
-      if((size_t)amount > headlen) {
+      if(bodylen) {
        /* there was body data sent beyond the initial header part, pass that
           on to the debug callback too */
        Curl_debug(conn->data, CURLINFO_DATA_OUT,
@@ -1852,12 +1852,12 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
      int startsearch = 0;
      if(*cookiehost == '[') {
        char *closingbracket;
-        closingbracket = strchr(cookiehost+1, ']');
-        if(closingbracket)
-          *closingbracket = 0;
        /* since the 'cookiehost' is an allocated memory area that will be
           freed later we cannot simply increment the pointer */
        memmove(cookiehost, cookiehost + 1, strlen(cookiehost) - 1);
+        closingbracket = strchr(cookiehost, ']');
+        if(closingbracket)
+          *closingbracket = 0;
      }
      else {
        char *colon = strchr(cookiehost + startsearch, ':');
@@ -2480,11 +2480,13 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
          included_body = postsize;
        }
        else {
+          if(postsize) {
            /* Append the POST data chunky-style */
            result = Curl_add_bufferf(req_buffer, "%x\r\n", (int)postsize);
            if(CURLE_OK == result)
              result = Curl_add_buffer(req_buffer, data->set.postfields,
                                       (size_t)postsize);
+          }
          if(CURLE_OK == result)
            result = Curl_add_buffer(req_buffer,
                                     "\x0d\x0a\x30\x0d\x0a\x0d\x0a", 7);
--- a/lib/imap.c
+++ b/lib/imap.c
@@ -343,6 +343,36 @@ static void imap_to_imaps(struct connectdata *conn)
 #define imap_to_imaps(x) Curl_nop_stmt
 #endif

+/* for the initial server greeting */
+static CURLcode imap_state_servergreet_resp(struct connectdata *conn,
+                                            int imapcode,
+                                            imapstate instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+
+  (void)instate; /* no use for this yet */
+
+  if(imapcode != 'O') {
+    failf(data, "Got unexpected imap-server response");
+    return CURLE_FTP_WEIRD_SERVER_REPLY;
+  }
+
+  if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) {
+    /* We don't have a SSL/TLS connection yet, but SSL is requested. Switch
+       to TLS connection now */
+    const char *str;
+
+    str = getcmdid(conn);
+    result = imapsendf(conn, str, "%s STARTTLS", str);
+    state(conn, IMAP_STARTTLS);
+  }
+  else
+    result = imap_state_login(conn);
+
+  return result;
+}
+
 /* for STARTTLS responses */
 static CURLcode imap_state_starttls_resp(struct connectdata *conn,
                                         int imapcode,
@@ -373,7 +403,9 @@ static CURLcode imap_state_starttls_resp(struct connectdata *conn,
      }
    }
  }
+
  state(conn, IMAP_STOP);
+
  return result;
 }

@@ -400,6 +432,7 @@ static CURLcode imap_state_login_resp(struct connectdata *conn,
 {
  CURLcode result = CURLE_OK;
  struct SessionHandle *data = conn->data;
+
  (void)instate; /* no use for this yet */

  if(imapcode != 'O') {
@@ -408,6 +441,7 @@ static CURLcode imap_state_login_resp(struct connectdata *conn,
  }

  state(conn, IMAP_STOP);
+
  return result;
 }

@@ -422,6 +456,7 @@ static CURLcode imap_state_fetch_resp(struct connectdata *conn,
  struct FTP *imap = data->state.proto.imap;
  struct pingpong *pp = &imapc->pp;
  const char *ptr = data->state.buffer;
+
  (void)instate; /* no use for this yet */

  if('*' != imapcode) {
@@ -489,6 +524,7 @@ static CURLcode imap_state_fetch_resp(struct connectdata *conn,
    result = CURLE_FTP_WEIRD_SERVER_REPLY; /* TODO: fix this code */

  state(conn, IMAP_STOP);
+
  return result;
 }

@@ -558,7 +594,6 @@ static CURLcode imap_statemach_act(struct connectdata *conn)
 {
  CURLcode result;
  curl_socket_t sock = conn->sock[FIRSTSOCKET];
-  struct SessionHandle *data=conn->data;
  int imapcode;
  struct imap_conn *imapc = &conn->proto.imapc;
  struct pingpong *pp = &imapc->pp;
@@ -580,24 +615,7 @@ static CURLcode imap_statemach_act(struct connectdata *conn)
  /* we have now received a full IMAP server response */
  switch(imapc->state) {
  case IMAP_SERVERGREET:
-    if(imapcode != 'O') {
-      failf(data, "Got unexpected imap-server response");
-      return CURLE_FTP_WEIRD_SERVER_REPLY;
-    }
-
-    if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) {
-      /* We don't have a SSL/TLS connection yet, but SSL is requested. Switch
-         to TLS connection now */
-      const char *str;
-
-      str = getcmdid(conn);
-      result = imapsendf(conn, str, "%s STARTTLS", str);
-      state(conn, IMAP_STARTTLS);
-    }
-    else
-      result = imap_state_login(conn);
-    if(result)
-      return result;
+    result = imap_state_servergreet_resp(conn, imapcode, imapc->state);
    break;

  case IMAP_LOGIN:
--- a/lib/libcurl.imp
+++ b/lib/libcurl.imp
@@ -27,6 +27,7 @@
 	curl_mprintf,
 	curl_msprintf,
 	curl_msnprintf,
+	curl_mvaprintf,
 	curl_mvfprintf,
 	curl_mvsnprintf,
 	curl_strequal,
--- a/lib/makefile.amiga
+++ b/lib/makefile.amiga
@@ -11,7 +11,6 @@ CC	=	m68k-amigaos-gcc
 CFLAGS	=	-I$(ATCPSDKI) -m68020-60 -O2 -msoft-float -noixemul -g -I. -I../include -W -Wall

 include Makefile.inc
-CSOURCES += amigaos.c
 OBJS = $(CSOURCES:.c=.o)

 all:	$(OBJS)
--- a/lib/md5.c
+++ b/lib/md5.c
@@ -407,6 +407,15 @@ const HMAC_params Curl_HMAC_MD5[] = {
  }
 };

+const MD5_params Curl_DIGEST_MD5[] = {
+  {
+    (Curl_MD5_init_func) MD5_Init,      /* Digest initialization function */
+    (Curl_MD5_update_func) MD5_Update,  /* Digest update function */
+    (Curl_MD5_final_func) MD5_Final,    /* Digest computation end function */
+    sizeof(MD5_CTX),                    /* Size of digest context struct */
+    16                                  /* Result size */
+  }
+};

 void Curl_md5it(unsigned char *outbuffer, /* 16 bytes */
                const unsigned char *input)
@@ -417,4 +426,47 @@ void Curl_md5it(unsigned char *outbuffer, /* 16 bytes */
  MD5_Final(outbuffer, &ctx);
 }

+MD5_context *Curl_MD5_init(const MD5_params *md5params)
+{
+  MD5_context *ctxt;
+
+  /* Create MD5 context */
+  ctxt = malloc(sizeof *ctxt);
+
+  if(!ctxt)
+    return ctxt;
+
+  ctxt->md5_hashctx = malloc(md5params->md5_ctxtsize);
+
+  if(!ctxt->md5_hashctx) {
+    free(ctxt);
+    return NULL;
+  }
+
+  ctxt->md5_hash = md5params;
+
+  (*md5params->md5_init_func)(ctxt->md5_hashctx);
+
+  return ctxt;
+}
+
+int Curl_MD5_update(MD5_context *context,
+                    const unsigned char *data,
+                    unsigned int len)
+{
+  (*context->md5_hash->md5_update_func)(context->md5_hashctx, data, len);
+
+  return 0;
+}
+
+int Curl_MD5_final(MD5_context *context, unsigned char *result)
+{
+  (*context->md5_hash->md5_final_func)(result, context->md5_hashctx);
+
+  free(context->md5_hashctx);
+  free(context);
+
+  return 0;
+}
+
 #endif /* CURL_DISABLE_CRYPTO_AUTH */
--- a/lib/mk-ca-bundle.pl
+++ b/lib/mk-ca-bundle.pl
@@ -32,11 +32,11 @@
 #
 use Getopt::Std;
 use MIME::Base64;
-use LWP::UserAgent 6;
+use LWP::UserAgent;
 use strict;
 use vars qw($opt_b $opt_h $opt_i $opt_l $opt_n $opt_q $opt_t $opt_u $opt_v);

-my $url = 'https://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt?raw=1';
+my $url = 'http://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt?raw=1';
 # If the OpenSSL commandline is not in search path you can configure it here!
 my $openssl = 'openssl';

--- a/lib/nss.c
+++ b/lib/nss.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -62,6 +62,7 @@
 #include <certdb.h>
 #include <base64.h>
 #include <cert.h>
+#include <prerror.h>

 #include "curl_memory.h"
 #include "rawstr.h"
@@ -78,6 +79,9 @@ PRFileDesc *PR_ImportTCPSocket(PRInt32 osfd);

 PRLock * nss_initlock = NULL;
 PRLock * nss_crllock = NULL;
+#ifdef HAVE_NSS_INITCONTEXT
+NSSInitContext * nss_context = NULL;
+#endif

 volatile int initialized = 0;

@@ -170,11 +174,18 @@ static const int enable_ciphers_by_default[] = {
  SSL_NULL_WITH_NULL_NULL
 };

-#ifdef HAVE_PK11_CREATEGENERICOBJECT
 static const char* pem_library = "libnsspem.so";
-#endif
 SECMODModule* mod = NULL;

+static const char* nss_error_to_name(PRErrorCode code)
+{
+  const char *name = PR_ErrorToName(code);
+  if(name)
+    return name;
+
+  return "unknown error";
+}
+
 static SECStatus set_ciphers(struct SessionHandle *data, PRFileDesc * model,
                             char *cipher_list)
 {
@@ -305,7 +316,6 @@ static char* dup_nickname(struct SessionHandle *data, enum dupstring cert_kind)
  return NULL;
 }

-#ifdef HAVE_PK11_CREATEGENERICOBJECT
 /* Call PK11_CreateGenericObject() with the given obj_class and filename.  If
 * the call succeeds, append the object handle to the list of objects so that
 * the object can be destroyed in Curl_nss_close(). */
@@ -369,7 +379,6 @@ static void nss_destroy_object(void *user, void *ptr)
  (void) user;
  PK11_DestroyGenericObject(obj);
 }
-#endif

 static CURLcode nss_load_cert(struct ssl_connect_data *ssl,
                              const char *filename, PRBool cacert)
@@ -378,7 +387,6 @@ static CURLcode nss_load_cert(struct ssl_connect_data *ssl,
    ? CURLE_SSL_CACERT_BADFILE
    : CURLE_SSL_CERTPROBLEM;

-#ifdef HAVE_PK11_CREATEGENERICOBJECT
  /* libnsspem.so leaks memory if the requested file does not exist.  For more
   * details, go to <https://bugzilla.redhat.com/734760>. */
  if(is_file(filename))
@@ -405,7 +413,6 @@ static CURLcode nss_load_cert(struct ssl_connect_data *ssl,
      free(nickname);
    }
  }
-#endif

  return err;
 }
@@ -499,12 +506,13 @@ fail:
 static CURLcode nss_load_key(struct connectdata *conn, int sockindex,
                             char *key_file)
 {
-#ifdef HAVE_PK11_CREATEGENERICOBJECT
  PK11SlotInfo *slot;
  SECStatus status;
+  CURLcode rv;
  struct ssl_connect_data *ssl = conn->ssl;
+  (void)sockindex; /* unused */

-  CURLcode rv = nss_create_object(ssl, CKO_PRIVATE_KEY, key_file, FALSE);
+  rv = nss_create_object(ssl, CKO_PRIVATE_KEY, key_file, FALSE);
  if(CURLE_OK != rv) {
    PR_SetError(SEC_ERROR_BAD_KEY, 0);
    return rv;
@@ -524,15 +532,6 @@ static CURLcode nss_load_key(struct connectdata *conn, int sockindex,
  return (SECSuccess == status)
    ? CURLE_OK
    : CURLE_SSL_CERTPROBLEM;
-#else
-  /* If we don't have PK11_CreateGenericObject then we can't load a file-based
-   * key.
-   */
-  (void)conn; /* unused */
-  (void)key_file; /* unused */
-  return CURLE_SSL_CERTPROBLEM;
-#endif
-  (void)sockindex; /* unused */
 }

 static int display_error(struct connectdata *conn, PRInt32 err,
@@ -560,8 +559,11 @@ static CURLcode cert_stuff(struct connectdata *conn, int sockindex,
  if(cert_file) {
    rv = nss_load_cert(&conn->ssl[sockindex], cert_file, PR_FALSE);
    if(CURLE_OK != rv) {
-      if(!display_error(conn, PR_GetError(), cert_file))
-        failf(data, "Unable to load client cert %d.", PR_GetError());
+      const PRErrorCode err = PR_GetError();
+      if(!display_error(conn, err, cert_file)) {
+        const char *err_name = nss_error_to_name(err);
+        failf(data, "unable to load client cert: %d (%s)", err, err_name);
+      }

      return rv;
    }
@@ -574,8 +576,11 @@ static CURLcode cert_stuff(struct connectdata *conn, int sockindex,
      /* In case the cert file also has the key */
      rv = nss_load_key(conn, sockindex, cert_file);
    if(CURLE_OK != rv) {
-      if(!display_error(conn, PR_GetError(), key_file))
-        failf(data, "Unable to load client key %d.", PR_GetError());
+      const PRErrorCode err = PR_GetError();
+      if(!display_error(conn, err, key_file)) {
+        const char *err_name = nss_error_to_name(err);
+        failf(data, "unable to load client key: %d (%s)", err, err_name);
+      }

      return rv;
    }
@@ -775,7 +780,6 @@ static SECStatus SelectClientCert(void *arg, PRFileDesc *sock,
  struct SessionHandle *data = connssl->data;
  const char *nickname = connssl->client_nickname;

-#ifdef HAVE_PK11_CREATEGENERICOBJECT
  if(connssl->obj_clicert) {
    /* use the cert/key provided by PEM reader */
    static const char pem_slotname[] = "PEM Token #1";
@@ -815,7 +819,6 @@ static SECStatus SelectClientCert(void *arg, PRFileDesc *sock,
    display_cert_info(data, *pRetCert);
    return SECSuccess;
  }
-#endif

  /* use the default NSS hook */
  if(SECSuccess != NSS_GetClientAuthData((void *)nickname, sock, caNames,
@@ -878,29 +881,57 @@ isTLSIntoleranceError(PRInt32 err)

 static CURLcode nss_init_core(struct SessionHandle *data, const char *cert_dir)
 {
-  if(NSS_IsInitialized())
+#ifdef HAVE_NSS_INITCONTEXT
+  NSSInitParameters initparams;
+
+  if(nss_context != NULL)
    return CURLE_OK;

-  if(cert_dir) {
+  memset((void *) &initparams, '\0', sizeof(initparams));
+  initparams.length = sizeof(initparams);
+#else /* HAVE_NSS_INITCONTEXT */
  SECStatus rv;
+
+  if(NSS_IsInitialized())
+    return CURLE_OK;
+#endif
+
+  if(cert_dir) {
    const bool use_sql = NSS_VersionCheck("3.12.0");
    char *certpath = aprintf("%s%s", use_sql ? "sql:" : "", cert_dir);
    if(!certpath)
      return CURLE_OUT_OF_MEMORY;

    infof(data, "Initializing NSS with certpath: %s\n", certpath);
+#ifdef HAVE_NSS_INITCONTEXT
+    nss_context = NSS_InitContext(certpath, "", "", "", &initparams,
+            NSS_INIT_READONLY | NSS_INIT_PK11RELOAD);
+    free(certpath);
+
+    if(nss_context != NULL)
+      return CURLE_OK;
+#else /* HAVE_NSS_INITCONTEXT */
    rv = NSS_Initialize(certpath, "", "", "", NSS_INIT_READONLY);
    free(certpath);

    if(rv == SECSuccess)
      return CURLE_OK;
+#endif

    infof(data, "Unable to initialize NSS database\n");
  }

  infof(data, "Initializing NSS with certpath: none\n");
+#ifdef HAVE_NSS_INITCONTEXT
+  nss_context = NSS_InitContext("", "", "", "", &initparams, NSS_INIT_READONLY
+         | NSS_INIT_NOCERTDB   | NSS_INIT_NOMODDB       | NSS_INIT_FORCEOPEN
+         | NSS_INIT_NOROOTINIT | NSS_INIT_OPTIMIZESPACE | NSS_INIT_PK11RELOAD);
+  if(nss_context != NULL)
+    return CURLE_OK;
+#else /* HAVE_NSS_INITCONTEXT */
  if(NSS_NoDB_Init(NULL) == SECSuccess)
    return CURLE_OK;
+#endif

  infof(data, "Unable to initialize NSS\n");
  return CURLE_SSL_CACERT_BADFILE;
@@ -996,7 +1027,12 @@ void Curl_nss_cleanup(void)
      SECMOD_DestroyModule(mod);
      mod = NULL;
    }
+#ifdef HAVE_NSS_INITCONTEXT
+    NSS_ShutdownContext(nss_context);
+    nss_context = NULL;
+#else /* HAVE_NSS_INITCONTEXT */
    NSS_Shutdown();
+#endif
  }
  PR_Unlock(nss_initlock);

@@ -1053,12 +1089,11 @@ void Curl_nss_close(struct connectdata *conn, int sockindex)
       * next time to the same server */
      SSL_InvalidateSession(connssl->handle);
    }
-#ifdef HAVE_PK11_CREATEGENERICOBJECT
    /* destroy all NSS objects in order to avoid failure of NSS shutdown */
    Curl_llist_destroy(connssl->obj_list, NULL);
    connssl->obj_list = NULL;
    connssl->obj_clicert = NULL;
-#endif
+
    PR_Close(connssl->handle);
    connssl->handle = NULL;
  }
@@ -1173,12 +1208,10 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)

  connssl->data = data;

-#ifdef HAVE_PK11_CREATEGENERICOBJECT
  /* list of all NSS objects we need to destroy in Curl_nss_close() */
  connssl->obj_list = Curl_llist_alloc(nss_destroy_object);
  if(!connssl->obj_list)
    return CURLE_OUT_OF_MEMORY;
-#endif

  /* FIXME. NSS doesn't support multiple databases open at the same time. */
  PR_Lock(nss_initlock);
@@ -1190,7 +1223,6 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)

  curlerr = CURLE_SSL_CONNECT_ERROR;

-#ifdef HAVE_PK11_CREATEGENERICOBJECT
  if(!mod) {
    char *configstring = aprintf("library=%s name=PEM", pem_library);
    if(!configstring) {
@@ -1209,7 +1241,6 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
            "OpenSSL PEM certificates will not work.\n", pem_library);
    }
  }
-#endif

  PK11_SetPasswordFunc(nss_get_password);
  PR_Unlock(nss_initlock);
@@ -1340,9 +1371,7 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
    char *nickname = dup_nickname(data, STRING_CERT);
    if(nickname) {
      /* we are not going to use libnsspem.so to read the client cert */
-#ifdef HAVE_PK11_CREATEGENERICOBJECT
      connssl->obj_clicert = NULL;
-#endif
    }
    else {
      CURLcode rv = cert_stuff(conn, sockindex, data->set.str[STRING_CERT],
@@ -1437,16 +1466,14 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
  if(handle_cc_error(err, data))
    curlerr = CURLE_SSL_CERTPROBLEM;
  else
-    infof(data, "NSS error %d\n", err);
+    infof(data, "NSS error %d (%s)\n", err, nss_error_to_name(err));

  if(model)
    PR_Close(model);

-#ifdef HAVE_PK11_CREATEGENERICOBJECT
    /* cleanup on connection failure */
    Curl_llist_destroy(connssl->obj_list, NULL);
    connssl->obj_list = NULL;
-#endif

  if(ssl3 && tlsv1 && isTLSIntoleranceError(err)) {
    /* schedule reconnect through Curl_retry_request() */
@@ -1475,7 +1502,8 @@ static ssize_t nss_send(struct connectdata *conn,  /* connection data */
    else if(handle_cc_error(err, conn->data))
      *curlcode = CURLE_SSL_CERTPROBLEM;
    else {
-      failf(conn->data, "SSL write: error %d", err);
+      const char *err_name = nss_error_to_name(err);
+      failf(conn->data, "SSL write: error %d (%s)", err, err_name);
      *curlcode = CURLE_SEND_ERROR;
    }
    return -1;
@@ -1501,7 +1529,8 @@ static ssize_t nss_recv(struct connectdata * conn, /* connection data */
    else if(handle_cc_error(err, conn->data))
      *curlcode = CURLE_SSL_CERTPROBLEM;
    else {
-      failf(conn->data, "SSL read: errno %d", err);
+      const char *err_name = nss_error_to_name(err);
+      failf(conn->data, "SSL read: errno %d (%s)", err, err_name);
      *curlcode = CURLE_RECV_ERROR;
    }
    return -1;
--- a/lib/polarssl.c
+++ b/lib/polarssl.c
@@ -41,6 +41,9 @@
 #include <polarssl/x509.h>
 #include <polarssl/version.h>

+#include <polarssl/entropy.h>
+#include <polarssl/ctr_drbg.h>
+
 #if POLARSSL_VERSION_NUMBER<0x01000000
 /*
  Earlier versions of polarssl had no WANT_READ or WANT_WRITE, only TRY_AGAIN
@@ -95,15 +98,14 @@ static void polarssl_debug(void *context, int level, char *line)
 static Curl_recv polarssl_recv;
 static Curl_send polarssl_send;

-/*
- * This function loads all the client/CA certificates and CRLs. Setup the TLS
- * layer and do all necessary magic.
- */
-CURLcode
-Curl_polarssl_connect(struct connectdata *conn,
+
+static CURLcode
+polarssl_connect_step1(struct connectdata *conn,
                     int sockindex)
 {
  struct SessionHandle *data = conn->data;
+  struct ssl_connect_data* connssl = &conn->ssl[sockindex];
+
  bool sni = TRUE; /* default is SNI enabled */
  int ret = -1;
 #ifdef ENABLE_IPV6
@@ -113,10 +115,6 @@ Curl_polarssl_connect(struct connectdata *conn,
 #endif
  void *old_session = NULL;
  size_t old_session_size = 0;
-  char buffer[1024];
-
-  if(conn->ssl[sockindex].state == ssl_connection_complete)
-    return CURLE_OK;

  /* PolarSSL only supports SSLv3 and TLSv1 */
  if(data->set.ssl.version == CURL_SSLVERSION_SSLv2) {
@@ -126,16 +124,16 @@ Curl_polarssl_connect(struct connectdata *conn,
  else if(data->set.ssl.version == CURL_SSLVERSION_SSLv3)
    sni = FALSE; /* SSLv3 has no SNI */

-  havege_init(&conn->ssl[sockindex].hs);
+  havege_init(&connssl->hs);

  /* Load the trusted CA */
-  memset(&conn->ssl[sockindex].cacert, 0, sizeof(x509_cert));
+  memset(&connssl->cacert, 0, sizeof(x509_cert));

  if(data->set.str[STRING_SSL_CAFILE]) {
-    ret = x509parse_crtfile(&conn->ssl[sockindex].cacert,
+    ret = x509parse_crtfile(&connssl->cacert,
                            data->set.str[STRING_SSL_CAFILE]);

-    if(ret) {
+    if(ret<0) {
      failf(data, "Error reading ca cert file %s: -0x%04X",
            data->set.str[STRING_SSL_CAFILE], ret);

@@ -145,10 +143,10 @@ Curl_polarssl_connect(struct connectdata *conn,
  }

  /* Load the client certificate */
-  memset(&conn->ssl[sockindex].clicert, 0, sizeof(x509_cert));
+  memset(&connssl->clicert, 0, sizeof(x509_cert));

  if(data->set.str[STRING_CERT]) {
-    ret = x509parse_crtfile(&conn->ssl[sockindex].clicert,
+    ret = x509parse_crtfile(&connssl->clicert,
                            data->set.str[STRING_CERT]);

    if(ret) {
@@ -160,7 +158,7 @@ Curl_polarssl_connect(struct connectdata *conn,

  /* Load the client private key */
  if(data->set.str[STRING_KEY]) {
-    ret = x509parse_keyfile(&conn->ssl[sockindex].rsa,
+    ret = x509parse_keyfile(&connssl->rsa,
                            data->set.str[STRING_KEY],
                            data->set.str[STRING_KEY_PASSWD]);

@@ -172,10 +170,10 @@ Curl_polarssl_connect(struct connectdata *conn,
  }

  /* Load the CRL */
-  memset(&conn->ssl[sockindex].crl, 0, sizeof(x509_crl));
+  memset(&connssl->crl, 0, sizeof(x509_crl));

  if(data->set.str[STRING_SSL_CRLFILE]) {
-    ret = x509parse_crlfile(&conn->ssl[sockindex].crl,
+    ret = x509parse_crlfile(&connssl->crl,
                            data->set.str[STRING_SSL_CRLFILE]);

    if(ret) {
@@ -185,64 +183,77 @@ Curl_polarssl_connect(struct connectdata *conn,
    }
  }

-  infof(data, "PolarSSL: Connected to %s:%d\n",
+  infof(data, "PolarSSL: Connecting to %s:%d\n",
        conn->host.name, conn->remote_port);

-  havege_init(&conn->ssl[sockindex].hs);
-
-  if(ssl_init(&conn->ssl[sockindex].ssl)) {
+  if(ssl_init(&connssl->ssl)) {
    failf(data, "PolarSSL: ssl_init failed");
    return CURLE_SSL_CONNECT_ERROR;
  }

-  ssl_set_endpoint(&conn->ssl[sockindex].ssl, SSL_IS_CLIENT);
-  ssl_set_authmode(&conn->ssl[sockindex].ssl, SSL_VERIFY_OPTIONAL);
+  ssl_set_endpoint(&connssl->ssl, SSL_IS_CLIENT);
+  ssl_set_authmode(&connssl->ssl, SSL_VERIFY_OPTIONAL);

-  ssl_set_rng(&conn->ssl[sockindex].ssl, HAVEGE_RANDOM,
-              &conn->ssl[sockindex].hs);
-  ssl_set_bio(&conn->ssl[sockindex].ssl,
+  ssl_set_rng(&connssl->ssl, HAVEGE_RANDOM,
+              &connssl->hs);
+  ssl_set_bio(&connssl->ssl,
              net_recv, &conn->sock[sockindex],
              net_send, &conn->sock[sockindex]);


 #if POLARSSL_VERSION_NUMBER<0x01000000
-  ssl_set_ciphers(&conn->ssl[sockindex].ssl, ssl_default_ciphers);
+  ssl_set_ciphers(&connssl->ssl, ssl_default_ciphers);
 #else
-  ssl_set_ciphersuites(&conn->ssl[sockindex].ssl, ssl_default_ciphersuites);
+  ssl_set_ciphersuites(&connssl->ssl, ssl_default_ciphersuites);
 #endif
  if(!Curl_ssl_getsessionid(conn, &old_session, &old_session_size)) {
-    memcpy(&conn->ssl[sockindex].ssn, old_session, old_session_size);
+    memcpy(&connssl->ssn, old_session, old_session_size);
    infof(data, "PolarSSL re-using session\n");
  }

-  ssl_set_session(&conn->ssl[sockindex].ssl, 1, 600,
-                  &conn->ssl[sockindex].ssn);
+  ssl_set_session(&connssl->ssl, 1, 600,
+                  &connssl->ssn);

-  ssl_set_ca_chain(&conn->ssl[sockindex].ssl,
-                   &conn->ssl[sockindex].cacert,
-                   &conn->ssl[sockindex].crl,
+  ssl_set_ca_chain(&connssl->ssl,
+                   &connssl->cacert,
+                   &connssl->crl,
                   conn->host.name);

-  ssl_set_own_cert(&conn->ssl[sockindex].ssl,
-                   &conn->ssl[sockindex].clicert, &conn->ssl[sockindex].rsa);
+  ssl_set_own_cert(&connssl->ssl,
+                   &connssl->clicert, &connssl->rsa);

  if(!Curl_inet_pton(AF_INET, conn->host.name, &addr) &&
 #ifdef ENABLE_IPV6
     !Curl_inet_pton(AF_INET6, conn->host.name, &addr) &&
 #endif
-     sni && ssl_set_hostname(&conn->ssl[sockindex].ssl, conn->host.name)) {
+     sni && ssl_set_hostname(&connssl->ssl, conn->host.name)) {
     infof(data, "WARNING: failed to configure "
                 "server name indication (SNI) TLS extension\n");
  }

-  infof(data, "PolarSSL: performing SSL/TLS handshake...\n");
-
 #ifdef POLARSSL_DEBUG
-  ssl_set_dbg(&conn->ssl[sockindex].ssl, polarssl_debug, data);
+  ssl_set_dbg(&connssl->ssl, polarssl_debug, data);
 #endif

+  connssl->connecting_state = ssl_connect_2;
+
+  return CURLE_OK;
+}
+
+static CURLcode
+polarssl_connect_step2(struct connectdata *conn,
+                     int sockindex)
+{
+  int ret;
+  struct SessionHandle *data = conn->data;
+  struct ssl_connect_data* connssl = &conn->ssl[sockindex];
+  char buffer[1024];
+
+  conn->recv[sockindex] = polarssl_recv;
+  conn->send[sockindex] = polarssl_send;
+
  for(;;) {
-    if(!(ret = ssl_handshake(&conn->ssl[sockindex].ssl)))
+    if(!(ret = ssl_handshake(&connssl->ssl)))
      break;
    else if(ret != POLARSSL_ERR_NET_WANT_READ &&
            ret != POLARSSL_ERR_NET_WANT_WRITE) {
@@ -250,27 +261,17 @@ Curl_polarssl_connect(struct connectdata *conn,
      return CURLE_SSL_CONNECT_ERROR;
    }
    else {
-      /* wait for data from server... */
-      long timeout_ms = Curl_timeleft(data, NULL, TRUE);
-
-      if(timeout_ms < 0) {
-        failf(data, "SSL connection timeout");
-        return CURLE_OPERATION_TIMEDOUT;
+      if(ret == POLARSSL_ERR_NET_WANT_READ) {
+        connssl->connecting_state = ssl_connect_2_reading;
+        return CURLE_OK;
      }
-
-      switch(Curl_socket_ready(conn->sock[sockindex],
-                               CURL_SOCKET_BAD, timeout_ms)) {
-      case 0:
-        failf(data, "SSL handshake timeout");
-        return CURLE_OPERATION_TIMEDOUT;
-        break;
-      case CURL_CSELECT_IN:
-        continue;
-        break;
-      default:
+      if(ret == POLARSSL_ERR_NET_WANT_WRITE) {
+        connssl->connecting_state = ssl_connect_2_writing;
+        return CURLE_OK;
+      }
+      failf(data, "SSL_connect failed with error %d.", ret);
      return CURLE_SSL_CONNECT_ERROR;
-        break;
-      }
+
    }
  }

@@ -290,8 +291,10 @@ Curl_polarssl_connect(struct connectdata *conn,
    if(ret & BADCERT_EXPIRED)
      failf(data, "Cert verify failed: BADCERT_EXPIRED\n");

-    if(ret & BADCERT_REVOKED)
+    if(ret & BADCERT_REVOKED) {
      failf(data, "Cert verify failed: BADCERT_REVOKED");
+      return CURLE_SSL_CACERT;
+    }

    if(ret & BADCERT_CN_MISMATCH)
      failf(data, "Cert verify failed: BADCERT_CN_MISMATCH");
@@ -299,7 +302,7 @@ Curl_polarssl_connect(struct connectdata *conn,
    if(ret & BADCERT_NOT_TRUSTED)
      failf(data, "Cert verify failed: BADCERT_NOT_TRUSTED");

-    return CURLE_SSL_CACERT;
+    return CURLE_PEER_FAILED_VERIFICATION;
  }

  if(conn->ssl[sockindex].ssl.peer_cert) {
@@ -311,26 +314,56 @@ Curl_polarssl_connect(struct connectdata *conn,
      infof(data, "Dumping cert info:\n%s\n", buffer);
  }

-  conn->ssl[sockindex].state = ssl_connection_complete;
-  conn->recv[sockindex] = polarssl_recv;
-  conn->send[sockindex] = polarssl_send;
+  connssl->connecting_state = ssl_connect_3;
+  infof(data, "SSL connected\n");
+
+  return CURLE_OK;
+}
+
+static CURLcode
+polarssl_connect_step3(struct connectdata *conn,
+                     int sockindex)
+{
+  CURLcode retcode = CURLE_OK;
+  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+  struct SessionHandle *data = conn->data;
+  void *old_ssl_sessionid = NULL;
+  ssl_session *our_ssl_sessionid = &conn->ssl[sockindex].ssn ;
+  int incache;
+
+  DEBUGASSERT(ssl_connect_3 == connssl->connecting_state);

  /* Save the current session data for possible re-use */
-  {
-    void *new_session = malloc(sizeof(conn->ssl[sockindex].ssn));
+  incache = !(Curl_ssl_getsessionid(conn, &old_ssl_sessionid, NULL));
+  if(incache) {
+    if(old_ssl_sessionid != our_ssl_sessionid) {
+      infof(data, "old SSL session ID is stale, removing\n");
+      Curl_ssl_delsessionid(conn, old_ssl_sessionid);
+      incache = FALSE;
+    }
+  }
+  if(!incache) {
+    void *new_session = malloc(sizeof(ssl_session));

    if(new_session) {
-      memcpy(new_session, &conn->ssl[sockindex].ssn,
-             sizeof(conn->ssl[sockindex].ssn));
+      memcpy(new_session, our_ssl_sessionid,
+             sizeof(ssl_session));

-      if(old_session)
-        Curl_ssl_delsessionid(conn, old_session);
+      retcode = Curl_ssl_addsessionid(conn, new_session,
+                                   sizeof(ssl_session));
+    }
+    else {
+      retcode = CURLE_OUT_OF_MEMORY;
+    }

-      return Curl_ssl_addsessionid(conn, new_session,
-                                   sizeof(conn->ssl[sockindex].ssn));
+    if(retcode) {
+      failf(data, "failed to store ssl session");
+      return retcode;
    }
  }

+  connssl->connecting_state = ssl_connect_done;
+
  return CURLE_OK;
 }

@@ -401,7 +434,146 @@ void Curl_polarssl_session_free(void *ptr)

 size_t Curl_polarssl_version(char *buffer, size_t size)
 {
-  return snprintf(buffer, size, "PolarSSL");
+  unsigned int version = version_get_number();
+  return snprintf(buffer, size, "PolarSSL/%d.%d.%d", version>>24,
+                  (version>>16)&0xff, (version>>8)&0xff);
+}
+
+static CURLcode
+polarssl_connect_common(struct connectdata *conn,
+                        int sockindex,
+                        bool nonblocking,
+                        bool *done)
+{
+  CURLcode retcode;
+  struct SessionHandle *data = conn->data;
+  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
+  curl_socket_t sockfd = conn->sock[sockindex];
+  long timeout_ms;
+  int what;
+
+  /* check if the connection has already been established */
+  if(ssl_connection_complete == connssl->state) {
+    *done = TRUE;
+    return CURLE_OK;
+  }
+
+  if(ssl_connect_1==connssl->connecting_state) {
+    /* Find out how much more time we're allowed */
+    timeout_ms = Curl_timeleft(data, NULL, TRUE);
+
+    if(timeout_ms < 0) {
+      /* no need to continue if time already is up */
+      failf(data, "SSL connection timeout");
+      return CURLE_OPERATION_TIMEDOUT;
+    }
+    retcode = polarssl_connect_step1(conn, sockindex);
+    if(retcode)
+      return retcode;
+  }
+
+  while(ssl_connect_2 == connssl->connecting_state ||
+        ssl_connect_2_reading == connssl->connecting_state ||
+        ssl_connect_2_writing == connssl->connecting_state) {
+
+    /* check allowed time left */
+    timeout_ms = Curl_timeleft(data, NULL, TRUE);
+
+    if(timeout_ms < 0) {
+      /* no need to continue if time already is up */
+      failf(data, "SSL connection timeout");
+      return CURLE_OPERATION_TIMEDOUT;
+    }
+
+    /* if ssl is expecting something, check if it's available. */
+    if(connssl->connecting_state == ssl_connect_2_reading
+       || connssl->connecting_state == ssl_connect_2_writing) {
+
+      curl_socket_t writefd = ssl_connect_2_writing==
+        connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
+      curl_socket_t readfd = ssl_connect_2_reading==
+        connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
+
+      what = Curl_socket_ready(readfd, writefd, nonblocking?0:timeout_ms);
+      if(what < 0) {
+        /* fatal error */
+        failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
+        return CURLE_SSL_CONNECT_ERROR;
+      }
+      else if(0 == what) {
+        if(nonblocking) {
+          *done = FALSE;
+          return CURLE_OK;
+        }
+        else {
+          /* timeout */
+          failf(data, "SSL connection timeout");
+          return CURLE_OPERATION_TIMEDOUT;
+        }
+      }
+      /* socket is readable or writable */
+    }
+
+    /* Run transaction, and return to the caller if it failed or if
+     * this connection is part of a multi handle and this loop would
+     * execute again. This permits the owner of a multi handle to
+     * abort a connection attempt before step2 has completed while
+     * ensuring that a client using select() or epoll() will always
+     * have a valid fdset to wait on.
+     */
+    retcode = polarssl_connect_step2(conn, sockindex);
+    if(retcode || (nonblocking &&
+                   (ssl_connect_2 == connssl->connecting_state ||
+                    ssl_connect_2_reading == connssl->connecting_state ||
+                    ssl_connect_2_writing == connssl->connecting_state)))
+      return retcode;
+
+  } /* repeat step2 until all transactions are done. */
+
+  if(ssl_connect_3==connssl->connecting_state) {
+    retcode = polarssl_connect_step3(conn, sockindex);
+    if(retcode)
+      return retcode;
+  }
+
+  if(ssl_connect_done==connssl->connecting_state) {
+    connssl->state = ssl_connection_complete;
+    conn->recv[sockindex] = polarssl_recv;
+    conn->send[sockindex] = polarssl_send;
+    *done = TRUE;
+  }
+  else
+    *done = FALSE;
+
+  /* Reset our connect state machine */
+  connssl->connecting_state = ssl_connect_1;
+
+  return CURLE_OK;
+}
+
+CURLcode
+Curl_polarssl_connect_nonblocking(struct connectdata *conn,
+                                int sockindex,
+                                bool *done)
+{
+  return polarssl_connect_common(conn, sockindex, TRUE, done);
+}
+
+
+CURLcode
+Curl_polarssl_connect(struct connectdata *conn,
+                    int sockindex)
+{
+  CURLcode retcode;
+  bool done = FALSE;
+
+  retcode = polarssl_connect_common(conn, sockindex, FALSE, &done);
+  if(retcode)
+    return retcode;
+
+  DEBUGASSERT(done);
+
+  return CURLE_OK;
 }

 #endif
--- a/lib/polarssl.h
+++ b/lib/polarssl.h
@@ -27,6 +27,10 @@

 CURLcode Curl_polarssl_connect(struct connectdata *conn, int sockindex);

+CURLcode Curl_polarssl_connect_nonblocking(struct connectdata *conn,
+                                           int sockindex,
+                                           bool *done);
+
 /* tell PolarSSL to close down all open information regarding connections (and
   thus session ID caching etc) */
 void Curl_polarssl_close_all(struct SessionHandle *data);
@@ -42,6 +46,7 @@ int Curl_polarssl_shutdown(struct connectdata *conn, int sockindex);
 #define curlssl_init() (1)
 #define curlssl_cleanup() Curl_nop_stmt
 #define curlssl_connect Curl_polarssl_connect
+#define curlssl_connect_nonblocking Curl_polarssl_connect_nonblocking
 #define curlssl_session_free(x)  Curl_polarssl_session_free(x)
 #define curlssl_close_all Curl_polarssl_close_all
 #define curlssl_close Curl_polarssl_close
--- a/lib/pop3.c
+++ b/lib/pop3.c
@@ -89,6 +89,7 @@

 /* Local API functions */
 static CURLcode pop3_parse_url_path(struct connectdata *conn);
+static CURLcode pop3_parse_custom_request(struct connectdata *conn);
 static CURLcode pop3_regular_transfer(struct connectdata *conn, bool *done);
 static CURLcode pop3_do(struct connectdata *conn, bool *done);
 static CURLcode pop3_done(struct connectdata *conn,
@@ -127,7 +128,6 @@ const struct Curl_handler Curl_handler_pop3 = {
  PROTOPT_CLOSEACTION | PROTOPT_NOURLQUERY /* flags */
 };

-
 #ifdef USE_SSL
 /*
 * POP3S protocol handler.
@@ -180,7 +180,6 @@ static const struct Curl_handler Curl_handler_pop3_proxy = {
  PROTOPT_NONE                          /* flags */
 };

-
 #ifdef USE_SSL
 /*
 * HTTP-proxyed POP3S protocol handler.
@@ -208,7 +207,6 @@ static const struct Curl_handler Curl_handler_pop3s_proxy = {
 #endif
 #endif

-
 /* function that checks for a pop3 status code at the start of the given
   string */
 static int pop3_endofresp(struct pingpong *pp,
@@ -219,7 +217,7 @@ static int pop3_endofresp(struct pingpong *pp,

  if(((len >= 3) && !memcmp("+OK", line, 3)) ||
     ((len >= 4) && !memcmp("-ERR", line, 4))) {
-    *resp=line[1]; /* O or E */
+    *resp = line[1]; /* O or E */
    return TRUE;
  }

@@ -238,9 +236,7 @@ static void state(struct connectdata *conn,
    "USER",
    "PASS",
    "STARTTLS",
-    "LIST",
-    "LIST_SINGLE",
-    "RETR",
+    "COMMAND",
    "QUIT",
    /* LAST */
  };
@@ -261,7 +257,7 @@ static CURLcode pop3_state_user(struct connectdata *conn)

  /* send USER */
  result = Curl_pp_sendf(&conn->proto.pop3c.pp, "USER %s",
-                         pop3->user?pop3->user:"");
+                         pop3->user ? pop3->user : "");
  if(result)
    return result;

@@ -287,6 +283,34 @@ static void pop3_to_pop3s(struct connectdata *conn)
 #define pop3_to_pop3s(x) Curl_nop_stmt
 #endif

+/* for the initial server greeting */
+static CURLcode pop3_state_servergreet_resp(struct connectdata *conn,
+                                            int pop3code,
+                                            pop3state instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  struct pop3_conn *pop3c = &conn->proto.pop3c;
+
+  (void)instate; /* no use for this yet */
+
+  if(pop3code != 'O') {
+    failf(data, "Got unexpected pop3-server response");
+    return CURLE_FTP_WEIRD_SERVER_REPLY;
+  }
+
+  if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) {
+    /* We don't have a SSL/TLS connection yet, but SSL is requested. Switch
+       to TLS connection now */
+    result = Curl_pp_sendf(&pop3c->pp, "STLS");
+    state(conn, POP3_STARTTLS);
+  }
+  else
+    result = pop3_state_user(conn);
+
+  return result;
+}
+
 /* for STARTTLS responses */
 static CURLcode pop3_state_starttls_resp(struct connectdata *conn,
                                         int pop3code,
@@ -294,6 +318,7 @@ static CURLcode pop3_state_starttls_resp(struct connectdata *conn,
 {
  CURLcode result = CURLE_OK;
  struct SessionHandle *data = conn->data;
+
  (void)instate; /* no use for this yet */

  if(pop3code != 'O') {
@@ -316,6 +341,7 @@ static CURLcode pop3_state_starttls_resp(struct connectdata *conn,
      state(conn, POP3_STOP);
    }
  }
+
  return result;
 }

@@ -337,11 +363,12 @@ static CURLcode pop3_state_user_resp(struct connectdata *conn,
  else
    /* send PASS */
    result = Curl_pp_sendf(&conn->proto.pop3c.pp, "PASS %s",
-                           pop3->passwd?pop3->passwd:"");
+                           pop3->passwd ? pop3->passwd : "");
  if(result)
    return result;

  state(conn, POP3_PASS);
+
  return result;
 }

@@ -352,6 +379,7 @@ static CURLcode pop3_state_pass_resp(struct connectdata *conn,
 {
  CURLcode result = CURLE_OK;
  struct SessionHandle *data = conn->data;
+
  (void)instate; /* no use for this yet */

  if(pop3code != 'O') {
@@ -360,54 +388,12 @@ static CURLcode pop3_state_pass_resp(struct connectdata *conn,
  }

  state(conn, POP3_STOP);
+
  return result;
 }

-/* for the retr response */
-static CURLcode pop3_state_retr_resp(struct connectdata *conn,
-                                     int pop3code,
-                                     pop3state instate)
-{
-  CURLcode result = CURLE_OK;
-  struct SessionHandle *data = conn->data;
-  struct FTP *pop3 = data->state.proto.pop3;
-  struct pop3_conn *pop3c = &conn->proto.pop3c;
-  struct pingpong *pp = &pop3c->pp;
-
-  (void)instate; /* no use for this yet */
-
-  if('O' != pop3code) {
-    state(conn, POP3_STOP);
-    return CURLE_RECV_ERROR;
-  }
-
-  /* POP3 download */
-  Curl_setup_transfer(conn, FIRSTSOCKET, -1, FALSE,
-                      pop3->bytecountp, -1, NULL); /* no upload here */
-
-  if(pp->cache) {
-    /* At this point there is a bunch of data in the header "cache" that is
-       actually body content, send it as body and then skip it. Do note
-       that there may even be additional "headers" after the body. */
-
-    /* we may get the EOB already here! */
-    result = Curl_pop3_write(conn, pp->cache, pp->cache_size);
-    if(result)
-      return result;
-
-    /* cache is drained */
-    free(pp->cache);
-    pp->cache = NULL;
-    pp->cache_size = 0;
-  }
-
-  state(conn, POP3_STOP);
-  return result;
-}
-
-
-/* for the list response */
-static CURLcode pop3_state_list_resp(struct connectdata *conn,
+/* for the command response */
+static CURLcode pop3_state_command_resp(struct connectdata *conn,
                                        int pop3code,
                                        pop3state instate)
 {
@@ -439,72 +425,63 @@ static CURLcode pop3_state_list_resp(struct connectdata *conn,
                      -1, NULL); /* no upload here */

  if(pp->cache) {
-    /* cache holds the email ID listing */
+    /* The header "cache" contains a bunch of data that is actually body
+       content so send it as such. Note that there may even be additional
+       "headers" after the body */

-    /* we may get the EOB already here! */
+    if(!data->set.opt_no_body) {
      result = Curl_pop3_write(conn, pp->cache, pp->cache_size);
      if(result)
        return result;
+    }

-    /* cache is drained */
-    free(pp->cache);
-    pp->cache = NULL;
+    /* Free the cache */
+    Curl_safefree(pp->cache);
+
+    /* Reset the cache size */
    pp->cache_size = 0;
  }

  state(conn, POP3_STOP);
+
  return result;
 }

-/* for LIST response with a given message */
-static CURLcode pop3_state_list_single_resp(struct connectdata *conn,
-                                     int pop3code,
-                                     pop3state instate)
+/* start the DO phase for the command */
+static CURLcode pop3_command(struct connectdata *conn)
 {
  CURLcode result = CURLE_OK;
-  struct SessionHandle *data = conn->data;
-  (void)instate; /* no use for this yet */
+  struct pop3_conn *pop3c = &conn->proto.pop3c;
+  const char *command = NULL;

-  if(pop3code != 'O') {
-    failf(data, "Invalid message. %c", pop3code);
-    result = CURLE_REMOTE_FILE_NOT_FOUND;
+  /* Calculate the default command */
+  if(pop3c->mailbox[0] == '\0' || conn->data->set.ftp_list_only) {
+    command = "LIST";
+
+    if(pop3c->mailbox[0] != '\0') {
+      /* Message specific LIST so skip the BODY transfer */
+      struct FTP *pop3 = conn->data->state.proto.pop3;
+      pop3->transfer = FTPTRANSFER_INFO;
    }
+  }
+  else
+    command = "RETR";

-  state(conn, POP3_STOP);
-  return result;
-}
+  /* Send the command */
+  if(pop3c->mailbox[0] != '\0')
+    result = Curl_pp_sendf(&conn->proto.pop3c.pp, "%s %s",
+                           (pop3c->custom && pop3c->custom[0] != '\0' ?
+                            pop3c->custom : command), pop3c->mailbox);
+  else
+    result = Curl_pp_sendf(&conn->proto.pop3c.pp,
+                           (pop3c->custom && pop3c->custom[0] != '\0' ?
+                            pop3c->custom : command));

-/* start the DO phase for RETR */
-static CURLcode pop3_retr(struct connectdata *conn)
-{
-  CURLcode result = CURLE_OK;
-  struct pop3_conn *pop3c = &conn->proto.pop3c;
-
-  result = Curl_pp_sendf(&conn->proto.pop3c.pp, "RETR %s", pop3c->mailbox);
  if(result)
    return result;

-  state(conn, POP3_RETR);
-  return result;
-}
+  state(conn, POP3_COMMAND);

-/* start the DO phase for LIST */
-static CURLcode pop3_list(struct connectdata *conn)
-{
-  CURLcode result = CURLE_OK;
-  struct pop3_conn *pop3c = &conn->proto.pop3c;
-
-  if(pop3c->mailbox[0] != '\0')
-    result = Curl_pp_sendf(&conn->proto.pop3c.pp, "LIST %s", pop3c->mailbox);
-  else
-    result = Curl_pp_sendf(&conn->proto.pop3c.pp, "LIST");
-  if(result)
-    return result;
-
-  if(pop3c->mailbox[0] != '\0')
-    state(conn, POP3_LIST_SINGLE);
-  else
-    state(conn, POP3_LIST);
  return result;
 }

@@ -512,7 +489,6 @@ static CURLcode pop3_statemach_act(struct connectdata *conn)
 {
  CURLcode result;
  curl_socket_t sock = conn->sock[FIRSTSOCKET];
-  struct SessionHandle *data=conn->data;
  int pop3code;
  struct pop3_conn *pop3c = &conn->proto.pop3c;
  struct pingpong *pp = &pop3c->pp;
@@ -530,21 +506,7 @@ static CURLcode pop3_statemach_act(struct connectdata *conn)
    /* we have now received a full POP3 server response */
    switch(pop3c->state) {
    case POP3_SERVERGREET:
-      if(pop3code != 'O') {
-        failf(data, "Got unexpected pop3-server response");
-        return CURLE_FTP_WEIRD_SERVER_REPLY;
-      }
-
-      if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) {
-        /* We don't have a SSL/TLS connection yet, but SSL is requested. Switch
-           to TLS connection now */
-        result = Curl_pp_sendf(&pop3c->pp, "STLS");
-        state(conn, POP3_STARTTLS);
-      }
-      else
-        result = pop3_state_user(conn);
-      if(result)
-        return result;
+      result = pop3_state_servergreet_resp(conn, pop3code, pop3c->state);
      break;

    case POP3_USER:
@@ -559,16 +521,8 @@ static CURLcode pop3_statemach_act(struct connectdata *conn)
      result = pop3_state_starttls_resp(conn, pop3code, pop3c->state);
      break;

-    case POP3_RETR:
-      result = pop3_state_retr_resp(conn, pop3code, pop3c->state);
-      break;
-
-    case POP3_LIST:
-      result = pop3_state_list_resp(conn, pop3code, pop3c->state);
-      break;
-
-    case POP3_LIST_SINGLE:
-      result = pop3_state_list_single_resp(conn, pop3code, pop3c->state);
+    case POP3_COMMAND:
+      result = pop3_state_command_resp(conn, pop3code, pop3c->state);
      break;

    case POP3_QUIT:
@@ -579,6 +533,7 @@ static CURLcode pop3_statemach_act(struct connectdata *conn)
      break;
    }
  }
+
  return result;
 }

@@ -616,6 +571,7 @@ static CURLcode pop3_init(struct connectdata *conn)
 {
  struct SessionHandle *data = conn->data;
  struct FTP *pop3 = data->state.proto.pop3;
+
  if(!pop3) {
    pop3 = data->state.proto.pop3 = calloc(sizeof(struct FTP), 1);
    if(!pop3)
@@ -648,7 +604,7 @@ static CURLcode pop3_connect(struct connectdata *conn,
 {
  CURLcode result;
  struct pop3_conn *pop3c = &conn->proto.pop3c;
-  struct SessionHandle *data=conn->data;
+  struct SessionHandle *data = conn->data;
  struct pingpong *pp = &pop3c->pp;

  *done = FALSE; /* default to not done yet */
@@ -708,7 +664,8 @@ static CURLcode pop3_done(struct connectdata *conn, CURLcode status,
  struct SessionHandle *data = conn->data;
  struct FTP *pop3 = data->state.proto.pop3;
  struct pop3_conn *pop3c = &conn->proto.pop3c;
-  CURLcode result=CURLE_OK;
+  CURLcode result = CURLE_OK;
+
  (void)premature;

  if(!pop3)
@@ -724,8 +681,9 @@ static CURLcode pop3_done(struct connectdata *conn, CURLcode status,
    result = status;         /* use the already set error code */
  }

+  /* Clear our variables for the next connection */
  Curl_safefree(pop3c->mailbox);
-  pop3c->mailbox = NULL;
+  Curl_safefree(pop3c->custom);

  /* Clear the transfer mode for the next connection */
  pop3->transfer = FTPTRANSFER_BODY;
@@ -747,8 +705,7 @@ CURLcode pop3_perform(struct connectdata *conn,
                     bool *dophase_done)
 {
  /* this is POP3 and no proxy */
-  CURLcode result=CURLE_OK;
-  struct pop3_conn *pop3c = &conn->proto.pop3c;
+  CURLcode result = CURLE_OK;

  DEBUGF(infof(conn->data, "DO phase starts\n"));

@@ -761,13 +718,7 @@ CURLcode pop3_perform(struct connectdata *conn,
  *dophase_done = FALSE; /* not done yet */

  /* start the first command in the DO phase */
-  /* If mailbox is empty, then assume user wants listing for mail IDs,
-   * otherwise, attempt to retrieve the mail-id stored in mailbox
-   */
-  if(strlen(pop3c->mailbox) && !conn->data->set.ftp_list_only)
-    result = pop3_retr(conn);
-  else
-    result = pop3_list(conn);
+  result = pop3_command(conn);
  if(result)
    return result;

@@ -812,10 +763,16 @@ static CURLcode pop3_do(struct connectdata *conn, bool *done)
  if(retcode)
    return retcode;

+  /* Parse the URL path */
  retcode = pop3_parse_url_path(conn);
  if(retcode)
    return retcode;

+  /* Parse the custom request */
+  retcode = pop3_parse_custom_request(conn);
+  if(retcode)
+    return retcode;
+
  retcode = pop3_regular_transfer(conn, done);

  return retcode;
@@ -837,6 +794,7 @@ static CURLcode pop3_quit(struct connectdata *conn)
  result = Curl_pp_sendf(&conn->proto.pop3c.pp, "QUIT", NULL);
  if(result)
    return result;
+
  state(conn, POP3_QUIT);

  result = pop3_easy_statemach(conn);
@@ -865,7 +823,6 @@ static CURLcode pop3_disconnect(struct connectdata *conn, bool dead_connection)
  if(!dead_connection && pop3c->pp.conn)
    (void)pop3_quit(conn); /* ignore errors on the LOGOUT */

-
  Curl_pp_disconnect(&pop3c->pp);

  return CURLE_OK;
@@ -885,15 +842,30 @@ static CURLcode pop3_parse_url_path(struct connectdata *conn)
  struct SessionHandle *data = conn->data;
  const char *path = data->state.path;

-  /* url decode the path and use this mailbox */
+  /* URL decode the path and use this mailbox */
  return Curl_urldecode(data, path, 0, &pop3c->mailbox, NULL, TRUE);
 }

+static CURLcode pop3_parse_custom_request(struct connectdata *conn)
+{
+  CURLcode result = CURLE_OK;
+  struct pop3_conn *pop3c = &conn->proto.pop3c;
+  struct SessionHandle *data = conn->data;
+  const char *custom = conn->data->set.str[STRING_CUSTOMREQUEST];
+
+  /* URL decode the custom request */
+  if(custom)
+    result = Curl_urldecode(data, custom, 0, &pop3c->custom, NULL, TRUE);
+
+  return result;
+}
+
 /* call this when the DO phase has completed */
 static CURLcode pop3_dophase_done(struct connectdata *conn,
                                  bool connected)
 {
  struct FTP *pop3 = conn->data->state.proto.pop3;
+
  (void)connected;

  if(pop3->transfer != FTPTRANSFER_BODY)
@@ -915,6 +887,7 @@ static CURLcode pop3_doing(struct connectdata *conn,

    DEBUGF(infof(conn->data, "DO phase is complete\n"));
  }
+
  return result;
 }

@@ -928,12 +901,11 @@ static CURLcode pop3_doing(struct connectdata *conn,
 * remote host.
 *
 */
-static
-CURLcode pop3_regular_transfer(struct connectdata *conn,
+static CURLcode pop3_regular_transfer(struct connectdata *conn,
                                      bool *dophase_done)
 {
-  CURLcode result=CURLE_OK;
-  bool connected=FALSE;
+  CURLcode result = CURLE_OK;
+  bool connected = FALSE;
  struct SessionHandle *data = conn->data;
  data->req.size = -1; /* make sure this is unknown at this point */

@@ -978,6 +950,7 @@ static CURLcode pop3_setup_connection(struct connectdata * conn)
      return CURLE_UNSUPPORTED_PROTOCOL;
 #endif
    }
+
    /*
     * We explicitly mark this connection as persistent here as we're doing
     * POP3 over HTTP and thus we accidentally avoid setting this value
--- a/lib/pop3.h
+++ b/lib/pop3.h
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 2009 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2009 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -32,9 +32,7 @@ typedef enum {
  POP3_USER,
  POP3_PASS,
  POP3_STARTTLS,
-  POP3_LIST,
-  POP3_LIST_SINGLE,
-  POP3_RETR,
+  POP3_COMMAND,
  POP3_QUIT,
  POP3_LAST  /* never used */
 } pop3state;
@@ -43,7 +41,8 @@ typedef enum {
   struct */
 struct pop3_conn {
  struct pingpong pp;
-  char *mailbox;     /* what to RETR */
+  char *mailbox;     /* message id */
+  char *custom;      /* custom request */
  size_t eob;        /* number of bytes of the EOB (End Of Body) that has been
                        received thus far */
  size_t strip;      /* number of bytes from the start to ignore as non-body */
--- a/lib/progress.c
+++ b/lib/progress.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -146,13 +146,16 @@ void Curl_pgrsDone(struct connectdata *conn)
  data->progress.speeder_c = 0; /* reset the progress meter display */
 }

-/* reset all times except redirect */
-void Curl_pgrsResetTimes(struct SessionHandle *data)
+/* reset all times except redirect, and reset the known transfer sizes */
+void Curl_pgrsResetTimesSizes(struct SessionHandle *data)
 {
  data->progress.t_nslookup = 0.0;
  data->progress.t_connect = 0.0;
  data->progress.t_pretransfer = 0.0;
  data->progress.t_starttransfer = 0.0;
+
+  Curl_pgrsSetDownloadSize(data, 0);
+  Curl_pgrsSetUploadSize(data, 0);
 }

 void Curl_pgrsTime(struct SessionHandle *data, timerid timer)
--- a/lib/progress.h
+++ b/lib/progress.h
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2008, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -46,7 +46,7 @@ void Curl_pgrsSetUploadSize(struct SessionHandle *data, curl_off_t size);
 void Curl_pgrsSetDownloadCounter(struct SessionHandle *data, curl_off_t size);
 void Curl_pgrsSetUploadCounter(struct SessionHandle *data, curl_off_t size);
 int Curl_pgrsUpdate(struct connectdata *);
-void Curl_pgrsResetTimes(struct SessionHandle *data);
+void Curl_pgrsResetTimesSizes(struct SessionHandle *data);
 void Curl_pgrsTime(struct SessionHandle *data, timerid timer);


--- a/lib/setup.h
+++ b/lib/setup.h
@@ -1,5 +1,5 @@
-#ifndef HEADER_CURL_LIB_SETUP_H
-#define HEADER_CURL_LIB_SETUP_H
+#ifndef HEADER_CURL_SETUP_H
+#define HEADER_CURL_SETUP_H
 /***************************************************************************
 *                                  _   _ ____  _
 *  Project                     ___| | | |  _ \| |
@@ -54,8 +54,12 @@
 #  include "config-mac.h"
 #endif

+#ifdef __riscos__
+#  include "config-riscos.h"
+#endif
+
 #ifdef __AMIGA__
-#  include "amigaos.h"
+#  include "config-amigaos.h"
 #endif

 #ifdef __SYMBIAN32__
@@ -281,6 +285,16 @@
 #  include <ioLib.h>      /* for basic I/O interface functions */
 #endif

+#ifdef __AMIGA__
+#  ifndef __ixemul__
+#    include <exec/types.h>
+#    include <exec/execbase.h>
+#    include <proto/exec.h>
+#    include <proto/dos.h>
+#    define select(a,b,c,d,e) WaitSelect(a,b,c,d,e,0)
+#  endif
+#endif
+
 #include <stdio.h>
 #ifdef HAVE_ASSERT_H
 #include <assert.h>
@@ -591,13 +605,17 @@ int netware_init(void);
 #define S_ISREG(m) (((m) & S_IFMT) == S_IFREG)
 #endif

-/* Provide a mechanism to silence picky compilers, such as gcc 4.6+.
-   Parameters should of course normally not be unused, but for example when we
-   have multiple implementations of the same interface it may happen. */
-#ifndef __GNUC__
-#define UNUSED_PARAM /*NOTHING*/
+/*
+ * Provide a mechanism to silence picky compilers, such as gcc 4.6+.
+ * Parameters should of course normally not be unused, but for example when
+ * we have multiple implementations of the same interface it may happen.
+ */
+
+#if defined(__GNUC__) && ((__GNUC__ >= 3) || \
+  ((__GNUC__ == 2) && defined(__GNUC_MINOR__) && (__GNUC_MINOR__ >= 7)))
+#  define UNUSED_PARAM __attribute__((__unused__))
 #else
-#define UNUSED_PARAM __attribute__((unused))
+#  define UNUSED_PARAM /*NOTHING*/
 #endif

 /*
@@ -640,4 +658,4 @@ int netware_init(void);
 #  define SHUT_RDWR 0x02
 #endif

-#endif /* HEADER_CURL_LIB_SETUP_H */
+#endif /* HEADER_CURL_SETUP_H */
--- a/lib/setup_once.h
+++ b/lib/setup_once.h
@@ -79,7 +79,7 @@
 #include <fcntl.h>
 #endif

-#ifdef HAVE_STDBOOL_H
+#if defined(HAVE_STDBOOL_H) && defined(HAVE_BOOL_T)
 #include <stdbool.h>
 #endif

--- a/lib/smtp.c
+++ b/lib/smtp.c
@@ -22,6 +22,7 @@
 * RFC3207 SMTP over TLS
 * RFC4954 SMTP Authentication
 * RFC2195 CRAM-MD5 authentication
+ * RFC2831 DIGEST-MD5 authentication
 * RFC4616 PLAIN authentication
 *
 ***************************************************************************/
@@ -82,6 +83,7 @@
 #include "rawstr.h"
 #include "strtoofft.h"
 #include "curl_base64.h"
+#include "curl_rand.h"
 #include "curl_md5.h"
 #include "curl_hmac.h"
 #include "curl_gethostname.h"
@@ -98,16 +100,15 @@
 /* Local API functions */
 static CURLcode smtp_regular_transfer(struct connectdata *conn, bool *done);
 static CURLcode smtp_do(struct connectdata *conn, bool *done);
-static CURLcode smtp_done(struct connectdata *conn,
-                          CURLcode, bool premature);
+static CURLcode smtp_done(struct connectdata *conn, CURLcode status,
+                          bool premature);
 static CURLcode smtp_connect(struct connectdata *conn, bool *done);
 static CURLcode smtp_disconnect(struct connectdata *conn, bool dead);
 static CURLcode smtp_multi_statemach(struct connectdata *conn, bool *done);
 static int smtp_getsock(struct connectdata *conn,
                        curl_socket_t *socks,
                        int numsocks);
-static CURLcode smtp_doing(struct connectdata *conn,
-                           bool *dophase_done);
+static CURLcode smtp_doing(struct connectdata *conn, bool *dophase_done);
 static CURLcode smtp_setup_connection(struct connectdata *conn);
 static CURLcode smtp_state_upgrade_tls(struct connectdata *conn);

@@ -228,7 +229,7 @@ static int smtp_endofresp(struct pingpong *pp, int *resp)
  size_t wordlen;

  if(len < 4 || !ISDIGIT(line[0]) || !ISDIGIT(line[1]) || !ISDIGIT(line[2]))
-    return FALSE;       /* Nothing for us. */
+    return FALSE;       /* Nothing for us */

  if((result = (line[3] == ' ')) != 0)
    *resp = curlx_sltosi(strtol(line, NULL, 10));
@@ -279,9 +280,35 @@ static int smtp_endofresp(struct pingpong *pp, int *resp)
  return result;
 }

+#ifndef CURL_DISABLE_CRYPTO_AUTH
+/* Retrieves the value for a corresponding key from the challenge string
+ * returns TRUE if the key could be found, FALSE if it does not exists
+ */
+static bool smtp_digest_get_key_value(const unsigned char *chlg,
+                                      const char *key,
+                                      char *value,
+                                      size_t max_val_len,
+                                      char end_char)
+{
+  char *find_pos;
+  size_t i;
+
+  find_pos = strstr((const char *) chlg, key);
+  if(!find_pos)
+    return FALSE;
+
+  find_pos += strlen(key);
+
+  for(i = 0; *find_pos && *find_pos != end_char && i < max_val_len - 1; ++i)
+    value[i] = *find_pos++;
+  value[i] = '\0';
+
+  return TRUE;
+}
+#endif
+
 /* This is the ONLY way to change SMTP state! */
-static void state(struct connectdata *conn,
-                  smtpstate newstate)
+static void state(struct connectdata *conn, smtpstate newstate)
 {
  struct smtp_conn *smtpc = &conn->proto.smtpc;
 #if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS)
@@ -297,6 +324,8 @@ static void state(struct connectdata *conn,
    "AUTHLOGIN",
    "AUTHPASSWD",
    "AUTHCRAM",
+    "AUTHDIGESTMD5",
+    "AUTHDIGESTMD5_RESP",
    "AUTHNTLM",
    "AUTHNTLM_TYPE2MSG",
    "AUTH",
@@ -363,7 +392,7 @@ static CURLcode smtp_auth_plain_data(struct connectdata *conn,
  ulen = strlen(conn->user);
  plen = strlen(conn->passwd);

-  if(2 * ulen + plen + 2 > sizeof plainauth) {
+  if(2 * ulen + plen + 2 > sizeof(plainauth)) {
    *outlen = 0;
    *outptr = NULL;
    return CURLE_OUT_OF_MEMORY; /* plainauth too small */
@@ -374,6 +403,7 @@ static CURLcode smtp_auth_plain_data(struct connectdata *conn,
  memcpy(plainauth + ulen + 1, conn->user, ulen);
  plainauth[2 * ulen + 1] = '\0';
  memcpy(plainauth + 2 * ulen + 2, conn->passwd, plen);
+
  return Curl_base64_encode(conn->data, plainauth, 2 * ulen + plen + 2,
                            outptr, outlen);
 }
@@ -416,7 +446,7 @@ static CURLcode smtp_authenticate(struct connectdata *conn)
  smtpstate state2 = SMTP_STOP;

  /* Check we have a username and password to authenticate with and end the
-     connect phase if we don't. */
+     connect phase if we don't */
  if(!conn->bits.user_passwd) {
    state(conn, SMTP_STOP);

@@ -424,9 +454,14 @@ static CURLcode smtp_authenticate(struct connectdata *conn)
  }

  /* Check supported authentication mechanisms by decreasing order of
-     security. */
+     security */
 #ifndef CURL_DISABLE_CRYPTO_AUTH
-  if(smtpc->authmechs & SMTP_AUTH_CRAM_MD5) {
+  if(smtpc->authmechs & SMTP_AUTH_DIGEST_MD5) {
+    mech = "DIGEST-MD5";
+    state1 = SMTP_AUTHDIGESTMD5;
+    smtpc->authused = SMTP_AUTH_DIGEST_MD5;
+  }
+  else if(smtpc->authmechs & SMTP_AUTH_CRAM_MD5) {
    mech = "CRAM-MD5";
    state1 = SMTP_AUTHCRAMMD5;
    smtpc->authused = SMTP_AUTH_CRAM_MD5;
@@ -459,7 +494,7 @@ static CURLcode smtp_authenticate(struct connectdata *conn)
  }
  else {
    infof(conn->data, "No known auth mechanisms supported!\n");
-    result = CURLE_LOGIN_DENIED;      /* Other mechanisms not supported. */
+    result = CURLE_LOGIN_DENIED;      /* Other mechanisms not supported */
  }

  if(!result) {
@@ -499,6 +534,26 @@ static void smtp_to_smtps(struct connectdata *conn)
 #define smtp_to_smtps(x) Curl_nop_stmt
 #endif

+/* for the initial server greeting */
+static CURLcode smtp_state_servergreet_resp(struct connectdata *conn,
+                                            int smtpcode,
+                                            smtpstate instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+
+  (void)instate; /* no use for this yet */
+
+  if(smtpcode/100 != 2) {
+    failf(data, "Got unexpected smtp-server response: %d", smtpcode);
+    return CURLE_FTP_WEIRD_SERVER_REPLY;
+  }
+
+  result = smtp_state_ehlo(conn);
+
+  return result;
+}
+
 /* for STARTTLS responses */
 static CURLcode smtp_state_starttls_resp(struct connectdata *conn,
                                         int smtpcode,
@@ -506,6 +561,7 @@ static CURLcode smtp_state_starttls_resp(struct connectdata *conn,
 {
  CURLcode result = CURLE_OK;
  struct SessionHandle *data = conn->data;
+
  (void)instate; /* no use for this yet */

  if(smtpcode != 220) {
@@ -667,7 +723,7 @@ static CURLcode smtp_state_authlogin_resp(struct connectdata *conn,
  return result;
 }

-/* for responses to user entry of AUTH LOGIN. */
+/* for responses to user entry of AUTH LOGIN */
 static CURLcode smtp_state_authpasswd_resp(struct connectdata *conn,
                                           int smtpcode,
                                           smtpstate instate)
@@ -709,7 +765,7 @@ static CURLcode smtp_state_authpasswd_resp(struct connectdata *conn,

 #ifndef CURL_DISABLE_CRYPTO_AUTH

-/* for AUTH CRAM-MD5 responses. */
+/* for AUTH CRAM-MD5 responses */
 static CURLcode smtp_state_authcram_resp(struct connectdata *conn,
                                         int smtpcode,
                                         smtpstate instate)
@@ -722,8 +778,8 @@ static CURLcode smtp_state_authcram_resp(struct connectdata *conn,
  size_t len = 0;
  char *rplyb64 = NULL;
  HMAC_context *ctxt;
-  unsigned char digest[16];
-  char reply[MAX_CURL_USER_LENGTH + 32 /* 2 * size of MD5 digest */ + 1];
+  unsigned char digest[MD5_DIGEST_LEN];
+  char reply[MAX_CURL_USER_LENGTH + 2 * MD5_DIGEST_LEN + 1];

  (void)instate; /* no use for this yet */

@@ -732,7 +788,7 @@ static CURLcode smtp_state_authcram_resp(struct connectdata *conn,
    return CURLE_LOGIN_DENIED;
  }

-  /* Get the challenge. */
+  /* Get the challenge */
  for(chlg64 += 4; *chlg64 == ' ' || *chlg64 == '\t'; chlg64++)
    ;

@@ -754,7 +810,7 @@ static CURLcode smtp_state_authcram_resp(struct connectdata *conn,
    }
  }

-  /* Compute digest. */
+  /* Compute digest */
  ctxt = Curl_HMAC_init(Curl_HMAC_MD5,
                        (const unsigned char *) conn->passwd,
                        curlx_uztoui(strlen(conn->passwd)));
@@ -771,15 +827,15 @@ static CURLcode smtp_state_authcram_resp(struct connectdata *conn,

  Curl_HMAC_final(ctxt, digest);

-  /* Prepare the reply. */
-  snprintf(reply, sizeof reply,
+  /* Prepare the reply */
+  snprintf(reply, sizeof(reply),
   "%s %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
           conn->user, digest[0], digest[1], digest[2], digest[3], digest[4],
           digest[5],
           digest[6], digest[7], digest[8], digest[9], digest[10], digest[11],
           digest[12], digest[13], digest[14], digest[15]);

-  /* Encode it to base64 and send it. */
+  /* Encode it to base64 and send it */
  result = Curl_base64_encode(data, reply, 0, &rplyb64, &len);

  if(!result) {
@@ -795,10 +851,223 @@ static CURLcode smtp_state_authcram_resp(struct connectdata *conn,
  return result;
 }

+/* for AUTH DIGEST-MD5 challenge responses */
+static CURLcode smtp_state_authdigest_resp(struct connectdata *conn,
+                                           int smtpcode,
+                                           smtpstate instate)
+{
+  static const char table16[] = "0123456789abcdef";
+
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+  char *chlg64 = data->state.buffer;
+  unsigned char *chlg;
+  size_t chlglen;
+  size_t len = 0;
+  size_t i;
+  char *rplyb64 = NULL;
+  MD5_context *ctxt;
+  unsigned char digest[MD5_DIGEST_LEN];
+  char HA1_hex[2 * MD5_DIGEST_LEN + 1];
+  char HA2_hex[2 * MD5_DIGEST_LEN + 1];
+  char resp_hash_hex[2 * MD5_DIGEST_LEN + 1];
+
+  char nonce[64];
+  char realm[128];
+  char alg[64];
+  char nonceCount[] = "00000001";
+  char cnonce[]     = "12345678"; /* will be changed */
+  char method[]     = "AUTHENTICATE";
+  char qop[]        = "auth";
+  char uri[128]     = "smtp/";
+  char response[512];
+
+  (void)instate; /* no use for this yet */
+
+  if(smtpcode != 334) {
+    failf(data, "Access denied: %d", smtpcode);
+    return CURLE_LOGIN_DENIED;
+  }
+
+  /* Get the challenge */
+  for(chlg64 += 4; *chlg64 == ' ' || *chlg64 == '\t'; chlg64++)
+    ;
+
+  chlg = (unsigned char *) NULL;
+  chlglen = 0;
+
+  result = Curl_base64_decode(chlg64, &chlg, &chlglen);
+
+  if(result)
+    return result;
+
+  /* Retrieve nonce string from the challenge */
+  if(!smtp_digest_get_key_value(chlg, "nonce=\"", nonce,
+                                sizeof(nonce), '\"')) {
+    Curl_safefree(chlg);
+    return CURLE_LOGIN_DENIED;
+  }
+
+  /* Retrieve realm string from the challenge */
+  if(!smtp_digest_get_key_value(chlg, "realm=\"", realm,
+                                sizeof(realm), '\"')) {
+    /* Challenge does not have a realm, set empty string [RFC2831] page 6 */
+    strcpy(realm, "");
+  }
+
+  /* Retrieve algorithm string from the challenge */
+  if(!smtp_digest_get_key_value(chlg, "algorithm=", alg, sizeof(alg), ',')) {
+    Curl_safefree(chlg);
+    return CURLE_LOGIN_DENIED;
+  }
+
+  Curl_safefree(chlg);
+
+  /* We do not support other algorithms */
+  if(strcmp(alg, "md5-sess") != 0)
+    return CURLE_LOGIN_DENIED;
+
+  /* Generate 64 bits of random data */
+  for(i = 0; i < 8; i++)
+    cnonce[i] = table16[Curl_rand()%16];
+
+  /* So far so good, now calculate A1 and H(A1) according to RFC 2831 */
+  ctxt = Curl_MD5_init(Curl_DIGEST_MD5);
+  if(!ctxt)
+    return CURLE_OUT_OF_MEMORY;
+
+  Curl_MD5_update(ctxt, (const unsigned char *) conn->user,
+                  curlx_uztoui(strlen(conn->user)));
+  Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
+  Curl_MD5_update(ctxt, (const unsigned char *) realm,
+                  curlx_uztoui(strlen(realm)));
+  Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
+  Curl_MD5_update(ctxt, (const unsigned char *) conn->passwd,
+                  curlx_uztoui(strlen(conn->passwd)));
+  Curl_MD5_final(ctxt, digest);
+
+  ctxt = Curl_MD5_init(Curl_DIGEST_MD5);
+  if(!ctxt)
+    return CURLE_OUT_OF_MEMORY;
+
+  Curl_MD5_update(ctxt, (const unsigned char *) digest, MD5_DIGEST_LEN);
+  Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
+  Curl_MD5_update(ctxt, (const unsigned char *) nonce,
+                  curlx_uztoui(strlen(nonce)));
+  Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
+  Curl_MD5_update(ctxt, (const unsigned char *) cnonce,
+                  curlx_uztoui(strlen(cnonce)));
+  Curl_MD5_final(ctxt, digest);
+
+  /* Convert calculated 16 octet hex into 32 bytes string */
+  for(i = 0; i < MD5_DIGEST_LEN; i++)
+    snprintf(&HA1_hex[2 * i], 3, "%02x", digest[i]);
+
+  /* Orepare URL string, append realm to the protocol */
+  strcat(uri, realm);
+
+  /* Calculate H(A2) */
+  ctxt = Curl_MD5_init(Curl_DIGEST_MD5);
+  if(!ctxt)
+    return CURLE_OUT_OF_MEMORY;
+
+  Curl_MD5_update(ctxt, (const unsigned char *) method,
+                  curlx_uztoui(strlen(method)));
+  Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
+  Curl_MD5_update(ctxt, (const unsigned char *) uri,
+                  curlx_uztoui(strlen(uri)));
+  Curl_MD5_final(ctxt, digest);
+
+  for(i = 0; i < MD5_DIGEST_LEN; i++)
+    snprintf(&HA2_hex[2 * i], 3, "%02x", digest[i]);
+
+  /* Now calculate the response hash */
+  ctxt = Curl_MD5_init(Curl_DIGEST_MD5);
+  if(!ctxt)
+    return CURLE_OUT_OF_MEMORY;
+
+  Curl_MD5_update(ctxt, (const unsigned char *) HA1_hex, 2 * MD5_DIGEST_LEN);
+  Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
+  Curl_MD5_update(ctxt, (const unsigned char *) nonce,
+                  curlx_uztoui(strlen(nonce)));
+  Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
+
+  Curl_MD5_update(ctxt, (const unsigned char *) nonceCount,
+                  curlx_uztoui(strlen(nonceCount)));
+  Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
+  Curl_MD5_update(ctxt, (const unsigned char *) cnonce,
+                  curlx_uztoui(strlen(cnonce)));
+  Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
+  Curl_MD5_update(ctxt, (const unsigned char *) qop,
+                  curlx_uztoui(strlen(qop)));
+  Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
+
+  Curl_MD5_update(ctxt, (const unsigned char *) HA2_hex, 2 * MD5_DIGEST_LEN);
+  Curl_MD5_final(ctxt, digest);
+
+  for(i = 0; i < MD5_DIGEST_LEN; i++)
+    snprintf(&resp_hash_hex[2 * i], 3, "%02x", digest[i]);
+
+  strcpy(response, "username=\"");
+  strcat(response, conn->user);
+  strcat(response, "\",realm=\"");
+  strcat(response, realm);
+  strcat(response, "\",nonce=\"");
+  strcat(response, nonce);
+  strcat(response, "\",cnonce=\"");
+  strcat(response, cnonce);
+  strcat(response, "\",nc=");
+  strcat(response, nonceCount);
+  strcat(response, ",digest-uri=\"");
+  strcat(response, uri);
+  strcat(response, "\",response=");
+  strcat(response, resp_hash_hex);
+
+  /* Encode it to base64 and send it */
+  result = Curl_base64_encode(data, response, 0, &rplyb64, &len);
+
+  if(!result) {
+    if(rplyb64) {
+      result = Curl_pp_sendf(&conn->proto.smtpc.pp, "%s", rplyb64);
+
+      if(!result)
+        state(conn, SMTP_AUTHDIGESTMD5_RESP);
+    }
+
+    Curl_safefree(rplyb64);
+  }
+
+  return result;
+}
+
+/* For AUTH DIGEST-MD5 challenge-response responses */
+static CURLcode smtp_state_authdigest_resp_resp(struct connectdata *conn,
+                                                int smtpcode,
+                                                smtpstate instate)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data = conn->data;
+
+  (void)instate; /* no use for this yet */
+
+  if(smtpcode != 334) {
+    failf(data, "Authentication failed: %d", smtpcode);
+    result = CURLE_LOGIN_DENIED;
+  }
+  else {
+    result = Curl_pp_sendf(&conn->proto.smtpc.pp, "");
+
+    if(!result)
+      state(conn, SMTP_AUTH);
+  }
+
+  return result;
+}
+
 #endif

 #ifdef USE_NTLM
-/* for the AUTH NTLM (without initial response) response. */
+/* for the AUTH NTLM (without initial response) response */
 static CURLcode smtp_state_auth_ntlm_resp(struct connectdata *conn,
                                          int smtpcode,
                                          smtpstate instate)
@@ -824,6 +1093,7 @@ static CURLcode smtp_state_auth_ntlm_resp(struct connectdata *conn,
        if(!result)
          state(conn, SMTP_AUTHNTLM_TYPE2MSG);
      }
+
      Curl_safefree(type1msg);
    }
  }
@@ -831,7 +1101,7 @@ static CURLcode smtp_state_auth_ntlm_resp(struct connectdata *conn,
  return result;
 }

-/* for the NTLM type-2 response (sent in reponse to our type-1 message). */
+/* for the NTLM type-2 response (sent in reponse to our type-1 message) */
 static CURLcode smtp_state_auth_ntlm_type2msg_resp(struct connectdata *conn,
                                                   int smtpcode,
                                                   smtpstate instate)
@@ -861,6 +1131,7 @@ static CURLcode smtp_state_auth_ntlm_type2msg_resp(struct connectdata *conn,
          if(!result)
            state(conn, SMTP_AUTH);
        }
+
        Curl_safefree(type3msg);
      }
    }
@@ -870,7 +1141,7 @@ static CURLcode smtp_state_auth_ntlm_type2msg_resp(struct connectdata *conn,
 }
 #endif

-/* for final responses to AUTH sequences. */
+/* for the final responses to the AUTH sequence */
 static CURLcode smtp_state_auth_resp(struct connectdata *conn,
                                     int smtpcode,
                                     smtpstate instate)
@@ -885,7 +1156,7 @@ static CURLcode smtp_state_auth_resp(struct connectdata *conn,
    result = CURLE_LOGIN_DENIED;
  }
  else
-    state(conn, SMTP_STOP);             /* End of connect phase. */
+    state(conn, SMTP_STOP);             /* End of connect phase */

  return result;
 }
@@ -991,6 +1262,7 @@ static CURLcode smtp_state_mail_resp(struct connectdata *conn,
 {
  CURLcode result = CURLE_OK;
  struct SessionHandle *data = conn->data;
+
  (void)instate; /* no use for this yet */

  if(smtpcode/100 != 2) {
@@ -1015,6 +1287,7 @@ static CURLcode smtp_state_rcpt_resp(struct connectdata *conn,
 {
  CURLcode result = CURLE_OK;
  struct SessionHandle *data = conn->data;
+
  (void)instate; /* no use for this yet */

  if(smtpcode/100 != 2) {
@@ -1066,6 +1339,7 @@ static CURLcode smtp_state_data_resp(struct connectdata *conn,
                      FIRSTSOCKET, smtp->bytecountp);

  state(conn, SMTP_STOP);
+
  return CURLE_OK;
 }

@@ -1117,14 +1391,7 @@ static CURLcode smtp_statemach_act(struct connectdata *conn)
    /* we have now received a full SMTP server response */
    switch(smtpc->state) {
    case SMTP_SERVERGREET:
-      if(smtpcode/100 != 2) {
-        failf(data, "Got unexpected smtp-server response: %d", smtpcode);
-        return CURLE_FTP_WEIRD_SERVER_REPLY;
-      }
-
-      result = smtp_state_ehlo(conn);
-      if(result)
-        return result;
+      result = smtp_state_servergreet_resp(conn, smtpcode, smtpc->state);
      break;

    case SMTP_EHLO:
@@ -1155,6 +1422,14 @@ static CURLcode smtp_statemach_act(struct connectdata *conn)
    case SMTP_AUTHCRAMMD5:
      result = smtp_state_authcram_resp(conn, smtpcode, smtpc->state);
      break;
+
+    case SMTP_AUTHDIGESTMD5:
+      result = smtp_state_authdigest_resp(conn, smtpcode, smtpc->state);
+      break;
+
+    case SMTP_AUTHDIGESTMD5_RESP:
+      result = smtp_state_authdigest_resp_resp(conn, smtpcode, smtpc->state);
+      break;
 #endif

 #ifdef USE_NTLM
@@ -1201,8 +1476,7 @@ static CURLcode smtp_statemach_act(struct connectdata *conn)
 }

 /* called repeatedly until done from multi.c */
-static CURLcode smtp_multi_statemach(struct connectdata *conn,
-                                     bool *done)
+static CURLcode smtp_multi_statemach(struct connectdata *conn, bool *done)
 {
  struct smtp_conn *smtpc = &conn->proto.smtpc;
  CURLcode result;
@@ -1267,8 +1541,7 @@ static CURLcode smtp_init(struct connectdata *conn)
 * connect phase is done when this function returns, or FALSE if not. When
 * called as a part of the easy interface, it will always be TRUE.
 */
-static CURLcode smtp_connect(struct connectdata *conn,
-                             bool *done) /* see description above */
+static CURLcode smtp_connect(struct connectdata *conn, bool *done)
 {
  CURLcode result;
  struct smtp_conn *smtpc = &conn->proto.smtpc;
@@ -1304,7 +1577,8 @@ static CURLcode smtp_connect(struct connectdata *conn,
      return result;
  }

-  Curl_pp_init(pp); /* init the response reader stuff */
+  /* Initialise the response reader stuff */
+  Curl_pp_init(pp);

  pp->response_time = RESP_TIMEOUT; /* set default response time-out */
  pp->statemach_act = smtp_statemach_act;
@@ -1548,8 +1822,7 @@ static CURLcode smtp_disconnect(struct connectdata *conn,
 }

 /* call this when the DO phase has completed */
-static CURLcode smtp_dophase_done(struct connectdata *conn,
-                                  bool connected)
+static CURLcode smtp_dophase_done(struct connectdata *conn, bool connected)
 {
  struct FTP *smtp = conn->data->state.proto.smtp;
  struct smtp_conn *smtpc = &conn->proto.smtpc;
@@ -1565,17 +1838,17 @@ static CURLcode smtp_dophase_done(struct connectdata *conn,
 }

 /* called from multi.c while DOing */
-static CURLcode smtp_doing(struct connectdata *conn,
-                           bool *dophase_done)
+static CURLcode smtp_doing(struct connectdata *conn, bool *dophase_done)
 {
-  CURLcode result;
-  result = smtp_multi_statemach(conn, dophase_done);
-
-  if(*dophase_done) {
-    result = smtp_dophase_done(conn, FALSE /* not connected */);
+  CURLcode result = smtp_multi_statemach(conn, dophase_done);

+  if(result)
+    DEBUGF(infof(conn->data, "DO phase failed\n"));
+  else
    DEBUGF(infof(conn->data, "DO phase is complete\n"));
-  }
+
+  if(*dophase_done)
+    smtp_dophase_done(conn, FALSE /* not connected */);

  return result;
 }
@@ -1657,9 +1930,11 @@ static CURLcode smtp_setup_connection(struct connectdata *conn)

 CURLcode Curl_smtp_escape_eob(struct connectdata *conn, ssize_t nread)
 {
-  /* When sending SMTP payload, we must detect CRLF.CRLF sequences in
-   * the data and make sure it is sent as CRLF..CRLF instead, as
-   * otherwise it will wrongly be detected as end of data by the server.
+  /* When sending a SMTP payload we must detect CRLF. sequences making sure
+     they are sent as CRLF.. instead, as a . on the beginning of a line will
+     be deleted by the server when not part of an EOB terminator and a
+     genuine CRLF.CRLF which isn't escaped will wrongly be detected as end of
+     data by the server.
  */
  ssize_t i;
  ssize_t si;
@@ -1686,23 +1961,19 @@ CURLcode Curl_smtp_escape_eob(struct connectdata *conn, ssize_t nread)
      memcpy(&data->state.scratch[si], SMTP_EOB, smtpc->eob);
      si += smtpc->eob;

-      /* then compare the first byte */
+      /* Then compare the first byte */
      if(SMTP_EOB[0] == data->req.upload_fromhere[i])
        smtpc->eob = 1;
      else
        smtpc->eob = 0;
    }

-    if(SMTP_EOB_LEN == smtpc->eob) {
-      /* It matched, copy the replacement data to the target buffer
-         instead. Note that the replacement does not contain the
-         trailing CRLF but we instead continue to match on that one
-         to deal with repeated sequences. Like CRLF.CRLF.CRLF etc
-      */
-      memcpy(&data->state.scratch[si], SMTP_EOB_REPL,
-             SMTP_EOB_REPL_LEN);
+    /* Do we have a match for CRLF. as per RFC-2821, sect. 4.5.2 */
+    if(SMTP_EOB_FIND_LEN == smtpc->eob) {
+      /* Copy the replacement data to the target buffer */
+      memcpy(&data->state.scratch[si], SMTP_EOB_REPL, SMTP_EOB_REPL_LEN);
      si += SMTP_EOB_REPL_LEN;
-      smtpc->eob = 2; /* start over at two bytes */
+      smtpc->eob = 0;
    }
    else if(!smtpc->eob)
      data->state.scratch[si++] = data->req.upload_fromhere[i];
@@ -1716,13 +1987,13 @@ CURLcode Curl_smtp_escape_eob(struct connectdata *conn, ssize_t nread)
  }

  if(si != nread) {
-    /* only use the new buffer if we replaced something */
+    /* Only use the new buffer if we replaced something */
    nread = si;

-    /* upload from the new (replaced) buffer instead */
+    /* Upload from the new (replaced) buffer instead */
    data->req.upload_fromhere = data->state.scratch;

-    /* set the new amount too */
+    /* Set the new amount too */
    data->req.upload_present = nread;
  }

--- a/lib/smtp.h
+++ b/lib/smtp.h
@@ -40,6 +40,8 @@ typedef enum {
  SMTP_AUTHLOGIN,
  SMTP_AUTHPASSWD,
  SMTP_AUTHCRAMMD5,
+  SMTP_AUTHDIGESTMD5,
+  SMTP_AUTHDIGESTMD5_RESP,
  SMTP_AUTHNTLM,
  SMTP_AUTHNTLM_TYPE2MSG,
  SMTP_AUTH,
@@ -80,6 +82,7 @@ extern const struct Curl_handler Curl_handler_smtps;
 /* this is the 5-bytes End-Of-Body marker for SMTP */
 #define SMTP_EOB "\x0d\x0a\x2e\x0d\x0a"
 #define SMTP_EOB_LEN 5
+#define SMTP_EOB_FIND_LEN 3

 /* if found in data, replace it with this string instead */
 #define SMTP_EOB_REPL "\x0d\x0a\x2e\x2e"
--- a/lib/ssh.c
+++ b/lib/ssh.c
@@ -108,12 +108,14 @@
                         have their definition hidden well */
 #endif

+#define sftp_libssh2_last_error(s) curlx_ultosi(libssh2_sftp_last_error(s))
+
 #define sftp_libssh2_realpath(s,p,t,m) \
        libssh2_sftp_symlink_ex((s), (p), curlx_uztoui(strlen(p)), \
                                (t), (m), LIBSSH2_SFTP_REALPATH)

 /* Local functions: */
-static const char *sftp_libssh2_strerror(unsigned long err);
+static const char *sftp_libssh2_strerror(int err);
 static LIBSSH2_ALLOC_FUNC(my_libssh2_malloc);
 static LIBSSH2_REALLOC_FUNC(my_libssh2_realloc);
 static LIBSSH2_FREE_FUNC(my_libssh2_free);
@@ -767,7 +769,8 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)

      if((data->set.ssh_auth_types & CURLSSH_AUTH_PUBLICKEY) &&
         (strstr(sshc->authlist, "publickey") != NULL)) {
-        char *home;
+        char *home = NULL;
+        bool rsa_pub_empty_but_ok = FALSE;

        sshc->rsa_pub = sshc->rsa = NULL;

@@ -775,7 +778,10 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
           HOME environment variable etc? */
        home = curl_getenv("HOME");

-        if(data->set.str[STRING_SSH_PUBLIC_KEY])
+        if(data->set.str[STRING_SSH_PUBLIC_KEY] &&
+           !*data->set.str[STRING_SSH_PUBLIC_KEY])
+           rsa_pub_empty_but_ok = true;
+        else if(data->set.str[STRING_SSH_PUBLIC_KEY])
          sshc->rsa_pub = aprintf("%s", data->set.str[STRING_SSH_PUBLIC_KEY]);
        else if(home)
          sshc->rsa_pub = aprintf("%s/.ssh/id_dsa.pub", home);
@@ -783,9 +789,8 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
          /* as a final resort, try current dir! */
          sshc->rsa_pub = strdup("id_dsa.pub");

-        if(sshc->rsa_pub == NULL) {
+        if(!rsa_pub_empty_but_ok && (sshc->rsa_pub == NULL)) {
          Curl_safefree(home);
-          home = NULL;
          state(conn, SSH_SESSION_FREE);
          sshc->actualcode = CURLE_OUT_OF_MEMORY;
          break;
@@ -801,9 +806,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)

        if(sshc->rsa == NULL) {
          Curl_safefree(home);
-          home = NULL;
          Curl_safefree(sshc->rsa_pub);
-          sshc->rsa_pub = NULL;
          state(conn, SSH_SESSION_FREE);
          sshc->actualcode = CURLE_OUT_OF_MEMORY;
          break;
@@ -814,7 +817,6 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
          sshc->passphrase = "";

        Curl_safefree(home);
-        home = NULL;

        infof(data, "Using ssh public key file %s\n", sshc->rsa_pub);
        infof(data, "Using ssh private key file %s\n", sshc->rsa);
@@ -840,9 +842,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
      }

      Curl_safefree(sshc->rsa_pub);
-      sshc->rsa_pub = NULL;
      Curl_safefree(sshc->rsa);
-      sshc->rsa = NULL;

      if(rc == 0) {
        sshc->authed = TRUE;
@@ -1004,7 +1004,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
      }
      else {
        /* Return the error type */
-        err = (int)(libssh2_sftp_last_error(sshc->sftp_session));
+        err = sftp_libssh2_last_error(sshc->sftp_session);
        result = sftp_libssh2_error_to_CURLE(err);
        sshc->actualcode = result?result:CURLE_SSH;
        DEBUGF(infof(data, "error = %d makes libcurl = %d\n",
@@ -1145,7 +1145,6 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
              failf(data, "Syntax error in chgrp/chmod/chown: "
                    "Bad second parameter");
            Curl_safefree(sshc->quote_path1);
-            sshc->quote_path1 = NULL;
            state(conn, SSH_SFTP_CLOSE);
            sshc->nextstate = SSH_NO_STATE;
            sshc->actualcode = result;
@@ -1168,7 +1167,6 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
              failf(data,
                    "Syntax error in ln/symlink: Bad second parameter");
            Curl_safefree(sshc->quote_path1);
-            sshc->quote_path1 = NULL;
            state(conn, SSH_SFTP_CLOSE);
            sshc->nextstate = SSH_NO_STATE;
            sshc->actualcode = result;
@@ -1193,7 +1191,6 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
            else
              failf(data, "Syntax error in rename: Bad second parameter");
            Curl_safefree(sshc->quote_path1);
-            sshc->quote_path1 = NULL;
            state(conn, SSH_SFTP_CLOSE);
            sshc->nextstate = SSH_NO_STATE;
            sshc->actualcode = result;
@@ -1214,9 +1211,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)

        failf(data, "Unknown SFTP command");
        Curl_safefree(sshc->quote_path1);
-        sshc->quote_path1 = NULL;
        Curl_safefree(sshc->quote_path2);
-        sshc->quote_path2 = NULL;
        state(conn, SSH_SFTP_CLOSE);
        sshc->nextstate = SSH_NO_STATE;
        sshc->actualcode = CURLE_QUOTE_ERROR;
@@ -1229,14 +1224,8 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
    break;

    case SSH_SFTP_NEXT_QUOTE:
-      if(sshc->quote_path1) {
      Curl_safefree(sshc->quote_path1);
-        sshc->quote_path1 = NULL;
-      }
-      if(sshc->quote_path2) {
      Curl_safefree(sshc->quote_path2);
-        sshc->quote_path2 = NULL;
-      }

      sshc->quote_item = sshc->quote_item->next;

@@ -1282,11 +1271,9 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
          break;
        }
        else if(rc != 0 && !sshc->acceptfail) { /* get those attributes */
-          err = (int)(libssh2_sftp_last_error(sshc->sftp_session));
+          err = sftp_libssh2_last_error(sshc->sftp_session);
          Curl_safefree(sshc->quote_path1);
-          sshc->quote_path1 = NULL;
          Curl_safefree(sshc->quote_path2);
-          sshc->quote_path2 = NULL;
          failf(data, "Attempt to get SFTP stats failed: %s",
                sftp_libssh2_strerror(err));
          state(conn, SSH_SFTP_CLOSE);
@@ -1303,9 +1290,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
        if(sshc->quote_attrs.gid == 0 && !ISDIGIT(sshc->quote_path1[0]) &&
           !sshc->acceptfail) {
          Curl_safefree(sshc->quote_path1);
-          sshc->quote_path1 = NULL;
          Curl_safefree(sshc->quote_path2);
-          sshc->quote_path2 = NULL;
          failf(data, "Syntax error: chgrp gid not a number");
          state(conn, SSH_SFTP_CLOSE);
          sshc->nextstate = SSH_NO_STATE;
@@ -1320,9 +1305,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
        if(sshc->quote_attrs.permissions == 0 &&
           !ISDIGIT(sshc->quote_path1[0])) {
          Curl_safefree(sshc->quote_path1);
-          sshc->quote_path1 = NULL;
          Curl_safefree(sshc->quote_path2);
-          sshc->quote_path2 = NULL;
          failf(data, "Syntax error: chmod permissions not a number");
          state(conn, SSH_SFTP_CLOSE);
          sshc->nextstate = SSH_NO_STATE;
@@ -1336,9 +1319,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
        if(sshc->quote_attrs.uid == 0 && !ISDIGIT(sshc->quote_path1[0]) &&
           !sshc->acceptfail) {
          Curl_safefree(sshc->quote_path1);
-          sshc->quote_path1 = NULL;
          Curl_safefree(sshc->quote_path2);
-          sshc->quote_path2 = NULL;
          failf(data, "Syntax error: chown uid not a number");
          state(conn, SSH_SFTP_CLOSE);
          sshc->nextstate = SSH_NO_STATE;
@@ -1361,11 +1342,9 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
        break;
      }
      else if(rc != 0 && !sshc->acceptfail) {
-        err = (int)(libssh2_sftp_last_error(sshc->sftp_session));
+        err = sftp_libssh2_last_error(sshc->sftp_session);
        Curl_safefree(sshc->quote_path1);
-        sshc->quote_path1 = NULL;
        Curl_safefree(sshc->quote_path2);
-        sshc->quote_path2 = NULL;
        failf(data, "Attempt to set SFTP stats failed: %s",
              sftp_libssh2_strerror(err));
        state(conn, SSH_SFTP_CLOSE);
@@ -1386,11 +1365,9 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
        break;
      }
      else if(rc != 0 && !sshc->acceptfail) {
-        err = (int)(libssh2_sftp_last_error(sshc->sftp_session));
+        err = sftp_libssh2_last_error(sshc->sftp_session);
        Curl_safefree(sshc->quote_path1);
-        sshc->quote_path1 = NULL;
        Curl_safefree(sshc->quote_path2);
-        sshc->quote_path2 = NULL;
        failf(data, "symlink command failed: %s",
              sftp_libssh2_strerror(err));
        state(conn, SSH_SFTP_CLOSE);
@@ -1409,9 +1386,8 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
        break;
      }
      else if(rc != 0 && !sshc->acceptfail) {
-        err = (int)(libssh2_sftp_last_error(sshc->sftp_session));
+        err = sftp_libssh2_last_error(sshc->sftp_session);
        Curl_safefree(sshc->quote_path1);
-        sshc->quote_path1 = NULL;
        failf(data, "mkdir command failed: %s", sftp_libssh2_strerror(err));
        state(conn, SSH_SFTP_CLOSE);
        sshc->nextstate = SSH_NO_STATE;
@@ -1434,11 +1410,9 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
        break;
      }
      else if(rc != 0 && !sshc->acceptfail) {
-        err = (int)(libssh2_sftp_last_error(sshc->sftp_session));
+        err = sftp_libssh2_last_error(sshc->sftp_session);
        Curl_safefree(sshc->quote_path1);
-        sshc->quote_path1 = NULL;
        Curl_safefree(sshc->quote_path2);
-        sshc->quote_path2 = NULL;
        failf(data, "rename command failed: %s", sftp_libssh2_strerror(err));
        state(conn, SSH_SFTP_CLOSE);
        sshc->nextstate = SSH_NO_STATE;
@@ -1455,9 +1429,8 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
        break;
      }
      else if(rc != 0 && !sshc->acceptfail) {
-        err = (int)(libssh2_sftp_last_error(sshc->sftp_session));
+        err = sftp_libssh2_last_error(sshc->sftp_session);
        Curl_safefree(sshc->quote_path1);
-        sshc->quote_path1 = NULL;
        failf(data, "rmdir command failed: %s", sftp_libssh2_strerror(err));
        state(conn, SSH_SFTP_CLOSE);
        sshc->nextstate = SSH_NO_STATE;
@@ -1474,9 +1447,8 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
        break;
      }
      else if(rc != 0 && !sshc->acceptfail) {
-        err = (int)(libssh2_sftp_last_error(sshc->sftp_session));
+        err = sftp_libssh2_last_error(sshc->sftp_session);
        Curl_safefree(sshc->quote_path1);
-        sshc->quote_path1 = NULL;
        failf(data, "rm command failed: %s", sftp_libssh2_strerror(err));
        state(conn, SSH_SFTP_CLOSE);
        sshc->nextstate = SSH_NO_STATE;
@@ -1557,7 +1529,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
          if(LIBSSH2_ERROR_SFTP_PROTOCOL == rc)
            /* only when there was an SFTP protocol error can we extract
               the sftp error! */
-            err = (int)(libssh2_sftp_last_error(sshc->sftp_session));
+            err = sftp_libssh2_last_error(sshc->sftp_session);
          else
            err = -1; /* not an sftp error at all */

@@ -1711,17 +1683,16 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
      *sshc->slash_pos = '/';
      ++sshc->slash_pos;
      if(rc == -1) {
-        unsigned int sftp_err = 0;
        /*
         * Abort if failure wasn't that the dir already exists or the
         * permission was denied (creation might succeed further down the
         * path) - retry on unspecific FAILURE also
         */
-        sftp_err = (unsigned int)(libssh2_sftp_last_error(sshc->sftp_session));
-        if((sftp_err != LIBSSH2_FX_FILE_ALREADY_EXISTS) &&
-           (sftp_err != LIBSSH2_FX_FAILURE) &&
-           (sftp_err != LIBSSH2_FX_PERMISSION_DENIED)) {
-          result = sftp_libssh2_error_to_CURLE(sftp_err);
+        err = sftp_libssh2_last_error(sshc->sftp_session);
+        if((err != LIBSSH2_FX_FILE_ALREADY_EXISTS) &&
+           (err != LIBSSH2_FX_FAILURE) &&
+           (err != LIBSSH2_FX_PERMISSION_DENIED)) {
+          result = sftp_libssh2_error_to_CURLE(err);
          state(conn, SSH_SFTP_CLOSE);
          sshc->actualcode = result?result:CURLE_SSH;
          break;
@@ -1747,7 +1718,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
          break;
        }
        else {
-          err = (int)(libssh2_sftp_last_error(sshc->sftp_session));
+          err = sftp_libssh2_last_error(sshc->sftp_session);
          failf(data, "Could not open directory for reading: %s",
                sftp_libssh2_strerror(err));
          state(conn, SSH_SFTP_CLOSE);
@@ -1763,7 +1734,6 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
      }
      if((sshc->readdir_longentry = malloc(PATH_MAX+1)) == NULL) {
        Curl_safefree(sshc->readdir_filename);
-        sshc->readdir_filename = NULL;
        state(conn, SSH_SFTP_CLOSE);
        sshc->actualcode = CURLE_OUT_OF_MEMORY;
        break;
@@ -1818,9 +1788,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
          sshc->readdir_line = calloc(sshc->readdir_totalLen, 1);
          if(!sshc->readdir_line) {
            Curl_safefree(sshc->readdir_filename);
-            sshc->readdir_filename = NULL;
            Curl_safefree(sshc->readdir_longentry);
-            sshc->readdir_longentry = NULL;
            state(conn, SSH_SFTP_CLOSE);
            sshc->actualcode = CURLE_OUT_OF_MEMORY;
            break;
@@ -1834,9 +1802,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
            sshc->readdir_linkPath = malloc(PATH_MAX + 1);
            if(sshc->readdir_linkPath == NULL) {
              Curl_safefree(sshc->readdir_filename);
-              sshc->readdir_filename = NULL;
              Curl_safefree(sshc->readdir_longentry);
-              sshc->readdir_longentry = NULL;
              state(conn, SSH_SFTP_CLOSE);
              sshc->actualcode = CURLE_OUT_OF_MEMORY;
              break;
@@ -1853,23 +1819,19 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
      }
      else if(sshc->readdir_len == 0) {
        Curl_safefree(sshc->readdir_filename);
-        sshc->readdir_filename = NULL;
        Curl_safefree(sshc->readdir_longentry);
-        sshc->readdir_longentry = NULL;
        state(conn, SSH_SFTP_READDIR_DONE);
        break;
      }
      else if(sshc->readdir_len <= 0) {
-        err = (int)(libssh2_sftp_last_error(sshc->sftp_session));
+        err = sftp_libssh2_last_error(sshc->sftp_session);
        result = sftp_libssh2_error_to_CURLE(err);
        sshc->actualcode = result?result:CURLE_SSH;
        failf(data, "Could not open remote file for reading: %s :: %d",
              sftp_libssh2_strerror(err),
              libssh2_session_last_errno(sshc->ssh_session));
        Curl_safefree(sshc->readdir_filename);
-        sshc->readdir_filename = NULL;
        Curl_safefree(sshc->readdir_longentry);
-        sshc->readdir_longentry = NULL;
        state(conn, SSH_SFTP_CLOSE);
        break;
      }
@@ -1887,18 +1849,14 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
        break;
      }
      Curl_safefree(sshc->readdir_linkPath);
-      sshc->readdir_linkPath = NULL;

      /* get room for the filename and extra output */
      sshc->readdir_totalLen += 4 + sshc->readdir_len;
      new_readdir_line = realloc(sshc->readdir_line, sshc->readdir_totalLen);
      if(!new_readdir_line) {
        Curl_safefree(sshc->readdir_line);
-        sshc->readdir_line = NULL;
        Curl_safefree(sshc->readdir_filename);
-        sshc->readdir_filename = NULL;
        Curl_safefree(sshc->readdir_longentry);
-        sshc->readdir_longentry = NULL;
        state(conn, SSH_SFTP_CLOSE);
        sshc->actualcode = CURLE_OUT_OF_MEMORY;
        break;
@@ -1934,7 +1892,6 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
        data->req.bytecount += sshc->readdir_currLen;
      }
      Curl_safefree(sshc->readdir_line);
-      sshc->readdir_line = NULL;
      if(result) {
        state(conn, SSH_STOP);
      }
@@ -1950,9 +1907,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
      }
      sshc->sftp_handle = NULL;
      Curl_safefree(sshc->readdir_filename);
-      sshc->readdir_filename = NULL;
      Curl_safefree(sshc->readdir_longentry);
-      sshc->readdir_longentry = NULL;

      /* no data to transfer */
      Curl_setup_transfer(conn, -1, -1, FALSE, NULL, -1, NULL);
@@ -1975,7 +1930,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
          break;
        }
        else {
-          err = (int)(libssh2_sftp_last_error(sshc->sftp_session));
+          err = sftp_libssh2_last_error(sshc->sftp_session);
          failf(data, "Could not open remote file for reading: %s",
                sftp_libssh2_strerror(err));
          state(conn, SSH_SFTP_CLOSE);
@@ -2120,10 +2075,8 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
        }
        sshc->sftp_handle = NULL;
      }
-      if(sftp_scp) {
+      if(sftp_scp)
        Curl_safefree(sftp_scp->path);
-        sftp_scp->path = NULL;
-      }

      DEBUGF(infof(data, "SFTP DONE done\n"));

@@ -2167,7 +2120,6 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
      }

      Curl_safefree(sshc->homedir);
-      sshc->homedir = NULL;
      conn->data->state.most_recent_ftp_entrypath = NULL;

      state(conn, SSH_SESSION_DISCONNECT);
@@ -2392,7 +2344,6 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
      }

      Curl_safefree(sshc->homedir);
-      sshc->homedir = NULL;
      conn->data->state.most_recent_ftp_entrypath = NULL;

      state(conn, SSH_SESSION_FREE);
@@ -2835,7 +2786,6 @@ static CURLcode scp_disconnect(struct connectdata *conn, bool dead_connection)
  (void) dead_connection;

  Curl_safefree(conn->data->state.proto.ssh);
-  conn->data->state.proto.ssh = NULL;

  if(ssh->ssh_session) {
    /* only if there's a session still around to use! */
@@ -2868,10 +2818,8 @@ static CURLcode ssh_done(struct connectdata *conn, CURLcode status)
  else
    result = status;

-  if(sftp_scp) {
+  if(sftp_scp)
    Curl_safefree(sftp_scp->path);
-    sftp_scp->path = NULL;
-  }
  Curl_pgrsDone(conn);

  conn->data->req.keepon = 0; /* clear all bits */
@@ -3003,7 +2951,6 @@ static CURLcode sftp_disconnect(struct connectdata *conn, bool dead_connection)
  DEBUGF(infof(conn->data, "SSH DISCONNECT starts now\n"));

  Curl_safefree(conn->data->state.proto.ssh);
-  conn->data->state.proto.ssh = NULL;

  if(conn->proto.sshc.ssh_session) {
    /* only if there's a session still around to use! */
@@ -3160,12 +3107,11 @@ get_pathname(const char **cpp, char **path)

  fail:
    Curl_safefree(*path);
-    *path = NULL;
    return CURLE_QUOTE_ERROR;
 }


-static const char *sftp_libssh2_strerror(unsigned long err)
+static const char *sftp_libssh2_strerror(int err)
 {
  switch (err) {
    case LIBSSH2_FX_NO_SUCH_FILE:
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -1048,40 +1048,50 @@ static int asn1_output(const ASN1_UTCTIME *tm,
 * E.g.
 *  "foo.host.com" matches "*.host.com".
 *
- * We are a bit more liberal than RFC2818 describes in that we
- * accept multiple "*" in pattern (similar to what some other browsers do).
- * E.g.
- *  "abc.def.domain.com" should strickly not match "*.domain.com", but we
- *  don't consider "." to be important in CERT checking.
+ * We use the matching rule described in RFC6125, section 6.4.3.
+ * http://tools.ietf.org/html/rfc6125#section-6.4.3
 */
 #define HOST_NOMATCH 0
 #define HOST_MATCH   1

 static int hostmatch(const char *hostname, const char *pattern)
 {
-  for(;;) {
-    char c = *pattern++;
-
-    if(c == '\0')
-      return (*hostname ? HOST_NOMATCH : HOST_MATCH);
-
-    if(c == '*') {
-      c = *pattern;
-      if(c == '\0')      /* "*\0" matches anything remaining */
-        return HOST_MATCH;
-
-      while(*hostname) {
-        /* The only recursive function in libcurl! */
-        if(hostmatch(hostname++,pattern) == HOST_MATCH)
-          return HOST_MATCH;
+  const char *pattern_label_end, *pattern_wildcard, *hostname_label_end;
+  int wildcard_enabled;
+  size_t prefixlen, suffixlen;
+  pattern_wildcard = strchr(pattern, '*');
+  if(pattern_wildcard == NULL) {
+    return Curl_raw_equal(pattern, hostname) ? HOST_MATCH : HOST_NOMATCH;
  }
-      break;
+  /* We require at least 2 dots in pattern to avoid too wide wildcard
+     match. */
+  wildcard_enabled = 1;
+  pattern_label_end = strchr(pattern, '.');
+  if(pattern_label_end == NULL || strchr(pattern_label_end+1, '.') == NULL ||
+     pattern_wildcard > pattern_label_end ||
+     Curl_raw_nequal(pattern, "xn--", 4)) {
+    wildcard_enabled = 0;
  }
-
-    if(Curl_raw_toupper(c) != Curl_raw_toupper(*hostname++))
-      break;
+  if(!wildcard_enabled) {
+    return Curl_raw_equal(pattern, hostname) ? HOST_MATCH : HOST_NOMATCH;
  }
+  hostname_label_end = strchr(hostname, '.');
+  if(hostname_label_end == NULL ||
+     !Curl_raw_equal(pattern_label_end, hostname_label_end)) {
    return HOST_NOMATCH;
+  }
+  /* The wildcard must match at least one character, so the left-most
+     label of the hostname is at least as large as the left-most label
+     of the pattern. */
+  if(hostname_label_end - hostname < pattern_label_end - pattern) {
+    return HOST_NOMATCH;
+  }
+  prefixlen = pattern_wildcard - pattern;
+  suffixlen = pattern_label_end - (pattern_wildcard+1);
+  return Curl_raw_nequal(pattern, hostname, prefixlen) &&
+    Curl_raw_nequal(pattern_wildcard+1, hostname_label_end - suffixlen,
+                    suffixlen) ?
+    HOST_MATCH : HOST_NOMATCH;
 }

 static int
@@ -1793,6 +1803,7 @@ ossl_connect_step2(struct connectdata *conn, int sockindex)
                                 256 bytes long. */
      CURLcode rc;
      const char *cert_problem = NULL;
+      long lerr;

      connssl->connecting_state = ssl_connect_2; /* the connection failed,
                                                    we're not waiting for
@@ -1814,12 +1825,22 @@ ossl_connect_step2(struct connectdata *conn, int sockindex)
           SSL routines:
           SSL3_GET_SERVER_CERTIFICATE:
           certificate verify failed */
-        cert_problem = "SSL certificate problem, verify that the CA cert is"
-          " OK. Details:\n";
        rc = CURLE_SSL_CACERT;
+
+        lerr = SSL_get_verify_result(connssl->handle);
+        if(lerr != X509_V_OK) {
+          snprintf(error_buffer, sizeof(error_buffer),
+                   "SSL certificate problem: %s",
+                   X509_verify_cert_error_string(lerr));
+        }
+        else
+          cert_problem = "SSL certificate problem, verify that the CA cert is"
+            " OK.";
+
        break;
      default:
        rc = CURLE_SSL_CONNECT_ERROR;
+        SSL_strerror(errdetail, error_buffer, sizeof(error_buffer));
        break;
      }

@@ -1836,7 +1857,6 @@ ossl_connect_step2(struct connectdata *conn, int sockindex)
      }
      /* Could be a CERT problem */

-      SSL_strerror(errdetail, error_buffer, sizeof(error_buffer));
      failf(data, "%s%s", cert_problem ? cert_problem : "", error_buffer);
      return rc;
    }
--- a/lib/transfer.c
+++ b/lib/transfer.c
@@ -1864,7 +1864,7 @@ CURLcode Curl_follow(struct SessionHandle *data,
     */
    if((data->set.httpreq == HTTPREQ_POST
        || data->set.httpreq == HTTPREQ_POST_FORM)
-       && !data->set.post301) {
+       && !(data->set.keep_post & CURL_REDIR_POST_301)) {
      infof(data,
            "Violate RFC 2616/10.3.2 and switch from POST to GET\n");
      data->set.httpreq = HTTPREQ_GET;
@@ -1892,7 +1892,7 @@ CURLcode Curl_follow(struct SessionHandle *data,
    */
    if((data->set.httpreq == HTTPREQ_POST
        || data->set.httpreq == HTTPREQ_POST_FORM)
-       && !data->set.post302) {
+       && !(data->set.keep_post & CURL_REDIR_POST_302)) {
      infof(data,
            "Violate RFC 2616/10.3.3 and switch from POST to GET\n");
      data->set.httpreq = HTTPREQ_GET;
@@ -1900,9 +1900,10 @@ CURLcode Curl_follow(struct SessionHandle *data,
    break;

  case 303: /* See Other */
-    /* Disable both types of POSTs, since doing a second POST when
-     * following isn't what anyone would want! */
-    if(data->set.httpreq != HTTPREQ_GET) {
+    /* Disable both types of POSTs, unless the user explicitely
+       asks for POST after POST */
+    if(data->set.httpreq != HTTPREQ_GET
+      && !(data->set.keep_post & CURL_REDIR_POST_303)) {
      data->set.httpreq = HTTPREQ_GET; /* enforce GET request */
      infof(data, "Disables POST, goes with %s\n",
            data->set.opt_no_body?"HEAD":"GET");
@@ -1924,7 +1925,7 @@ CURLcode Curl_follow(struct SessionHandle *data,
    break;
  }
  Curl_pgrsTime(data, TIMER_REDIRECT);
-  Curl_pgrsResetTimes(data);
+  Curl_pgrsResetTimesSizes(data);

  return CURLE_OK;
 #endif /* CURL_DISABLE_HTTP */
--- a/lib/url.c
+++ b/lib/url.c
@@ -105,6 +105,7 @@ int curl_win32_idn_to_ascii(const char *in, char **out);
 #include "rawstr.h"
 #include "warnless.h"
 #include "non-ascii.h"
+#include "inet_pton.h"

 /* And now for the protocols */
 #include "ftp.h"
@@ -1111,12 +1112,12 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
     * CURL_REDIR_GET_ALL - POST is changed to GET after 301 and 302
     * CURL_REDIR_POST_301 - POST is kept as POST after 301
     * CURL_REDIR_POST_302 - POST is kept as POST after 302
-     * CURL_REDIR_POST_ALL - POST is kept as POST after 301 and 302
+     * CURL_REDIR_POST_303 - POST is kept as POST after 303
+     * CURL_REDIR_POST_ALL - POST is kept as POST after 301, 302 and 303
     * other - POST is kept as POST after 301 and 302
     */
-    long postRedir = va_arg(param, long);
-    data->set.post301 = (postRedir & CURL_REDIR_POST_301)?TRUE:FALSE;
-    data->set.post302 = (postRedir & CURL_REDIR_POST_302)?TRUE:FALSE;
+    int postRedir = curlx_sltosi(va_arg(param, long));
+    data->set.keep_post = postRedir & CURL_REDIR_POST_ALL;
  }
  break;

@@ -1397,7 +1398,14 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
     * Set HTTP Authentication type BITMASK.
     */
  {
-    long auth = va_arg(param, long);
+    int bitcheck;
+    bool authbits;
+    unsigned long auth = va_arg(param, unsigned long);
+
+    if(auth == CURLAUTH_NONE) {
+      data->set.httpauth = auth;
+      break;
+    }

    /* the DIGEST_IE bit is only used to set a special marker, for all the
       rest we need to handle it as normal DIGEST */
@@ -1419,7 +1427,17 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
    auth &= ~CURLAUTH_GSSNEGOTIATE; /* no GSS-Negotiate without GSSAPI or
                                       WINDOWS_SSPI */
 #endif
-    if(!auth)
+
+    /* check if any auth bit lower than CURLAUTH_ONLY is still set */
+    bitcheck = 0;
+    authbits = FALSE;
+    while(bitcheck < 31) {
+      if(auth & (1UL << bitcheck++)) {
+        authbits = TRUE;
+        break;
+      }
+    }
+    if(!authbits)
      return CURLE_NOT_BUILT_IN; /* no supported types left! */

    data->set.httpauth = auth;
@@ -1461,7 +1479,14 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
     * Set HTTP Authentication type BITMASK.
     */
  {
-    long auth = va_arg(param, long);
+    int bitcheck;
+    bool authbits;
+    unsigned long auth = va_arg(param, unsigned long);
+
+    if(auth == CURLAUTH_NONE) {
+      data->set.proxyauth = auth;
+      break;
+    }

    /* the DIGEST_IE bit is only used to set a special marker, for all the
       rest we need to handle it as normal DIGEST */
@@ -1482,7 +1507,17 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
    auth &= ~CURLAUTH_GSSNEGOTIATE; /* no GSS-Negotiate without GSSAPI or
                                       WINDOWS_SSPI */
 #endif
-    if(!auth)
+
+    /* check if any auth bit lower than CURLAUTH_ONLY is still set */
+    bitcheck = 0;
+    authbits = FALSE;
+    while(bitcheck < 31) {
+      if(auth & (1UL << bitcheck++)) {
+        authbits = TRUE;
+        break;
+      }
+    }
+    if(!authbits)
      return CURLE_NOT_BUILT_IN; /* no supported types left! */

    data->set.proxyauth = auth;
@@ -4461,8 +4496,19 @@ static CURLcode parse_remote_port(struct SessionHandle *data,
        portptr = NULL; /* no port number available */
    }
  }
-  else
+  else {
+#ifdef ENABLE_IPV6
+    struct in6_addr in6;
+    if(Curl_inet_pton(AF_INET6, conn->host.name, &in6) > 0) {
+      /* This is a numerical IPv6 address, meaning this is a wrongly formatted
+         URL */
+      failf(data, "IPv6 numerical address used in URL without brackets");
+      return CURLE_URL_MALFORMAT;
+    }
+#endif
+
    portptr = strrchr(conn->host.name, ':');
+  }

  if(data->set.use_port && data->state.allow_port) {
    /* if set, we use this and ignore the port possibly given in the URL */
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -261,6 +261,7 @@ struct ssl_connect_data {
  x509_cert clicert;
  x509_crl crl;
  rsa_context rsa;
+  ssl_connect_state connecting_state;
 #endif /* USE_POLARSSL */
 #ifdef USE_CYASSL
  SSL_CTX* ctx;
@@ -271,10 +272,8 @@ struct ssl_connect_data {
  PRFileDesc *handle;
  char *client_nickname;
  struct SessionHandle *data;
-#ifdef HAVE_PK11_CREATEGENERICOBJECT
  struct curl_llist *obj_list;
  PK11GenericObject *obj_clicert;
-#endif
 #endif /* USE_NSS */
 #ifdef USE_QSOSSL
  SSLHandle *handle;
@@ -987,8 +986,8 @@ struct PureInfo {
                     thus made the document NOT get fetched */
  long header_size;  /* size of read header(s) in bytes */
  long request_size; /* the amount of bytes sent in the request(s) */
-  long proxyauthavail; /* what proxy auth types were announced */
-  long httpauthavail;  /* what host auth types were announced */
+  unsigned long proxyauthavail; /* what proxy auth types were announced */
+  unsigned long httpauthavail;  /* what host auth types were announced */
  long numconnects; /* how many new connection did libcurl created */
  char *contenttype; /* the content type of the object */
  char *wouldredirect; /* URL this would've been redirected to if asked to */
@@ -1090,11 +1089,11 @@ typedef enum {
 #define MAX_CURL_PASSWORD_LENGTH_TXT "255"

 struct auth {
-  long want;  /* Bitmask set to the authentication methods wanted by the app
-                 (with CURLOPT_HTTPAUTH or CURLOPT_PROXYAUTH). */
-  long picked;
-  long avail; /* bitmask for what the server reports to support for this
-                 resource */
+  unsigned long want;  /* Bitmask set to the authentication methods wanted by
+                          app (with CURLOPT_HTTPAUTH or CURLOPT_PROXYAUTH). */
+  unsigned long picked;
+  unsigned long avail; /* Bitmask for what the server reports to support for
+                          this resource */
  bool done;  /* TRUE when the auth phase is done and ready to do the *actual*
                 request */
  bool multi; /* TRUE if this is not yet authenticated but within the auth
@@ -1362,14 +1361,14 @@ struct UserDefined {
  void *writeheader; /* write the header to this if non-NULL */
  void *rtp_out;     /* write RTP to this if non-NULL */
  long use_port;     /* which port to use (when not using default) */
-  long httpauth;     /* what kind of HTTP authentication to use (bitmask) */
-  long proxyauth;    /* what kind of proxy authentication to use (bitmask) */
+  unsigned long httpauth;  /* kind of HTTP authentication to use (bitmask) */
+  unsigned long proxyauth; /* kind of proxy authentication to use (bitmask) */
  long followlocation; /* as in HTTP Location: */
  long maxredirs;    /* maximum no. of http(s) redirects to follow, set to -1
                        for infinity */
-  bool post301;      /* Obey RFC 2616/10.3.2 and keep POSTs as POSTs after a
-                        301 */
-  bool post302;      /* keep POSTs as POSTs after a 302 */
+
+  int keep_post;     /* keep POSTs as POSTs after a 30x request; each
+                        bit represents a request, from 301 to 303 */
  bool free_referer; /* set TRUE if 'referer' points to a string we
                        allocated */
  void *postfields;  /* if POST, set the fields' values here */
--- a/lib/warnless.c
+++ b/lib/warnless.c
@@ -158,6 +158,25 @@ unsigned char curlx_ultouc(unsigned long ulnum)
 #endif
 }

+/*
+** unsigned long to signed int
+*/
+
+int curlx_ultosi(unsigned long ulnum)
+{
+#ifdef __INTEL_COMPILER
+#  pragma warning(push)
+#  pragma warning(disable:810) /* conversion may lose significant bits */
+#endif
+
+  DEBUGASSERT(ulnum <= (unsigned long) CURL_MASK_SINT);
+  return (int)(ulnum & (unsigned long) CURL_MASK_SINT);
+
+#ifdef __INTEL_COMPILER
+#  pragma warning(pop)
+#endif
+}
+
 /*
 ** unsigned size_t to signed int
 */
--- a/lib/warnless.h
+++ b/lib/warnless.h
@@ -26,6 +26,8 @@ unsigned short curlx_ultous(unsigned long ulnum);

 unsigned char curlx_ultouc(unsigned long ulnum);

+int curlx_ultosi(unsigned long ulnum);
+
 int curlx_uztosi(size_t uznum);

 unsigned long curlx_uztoul(size_t uznum);
--- a/m4/curl-compilers.m4
+++ b/m4/curl-compilers.m4
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -21,7 +21,7 @@
 #***************************************************************************

 # File version for 'aclocal' use. Keep it a single number.
-# serial 58
+# serial 61


 dnl CURL_CHECK_COMPILER
@@ -161,6 +161,7 @@ AC_DEFUN([CURL_CHECK_COMPILER_GNU_C], [
    flags_opt_all="-O -O0 -O1 -O2 -O3 -Os"
    flags_opt_yes="-O2"
    flags_opt_off="-O0"
+    CURL_CHECK_DEF([_WIN32], [], [silent])
  else
    AC_MSG_RESULT([no])
  fi
@@ -977,6 +978,14 @@ AC_DEFUN([CURL_SET_COMPILER_WARNING_OPTS], [
            tmp_CFLAGS="$tmp_CFLAGS -Wconversion -Wno-sign-conversion -Wvla"
          fi
          #
+          dnl Only gcc 4.5 or later
+          if test "$compiler_num" -ge "405"; then
+            dnl Only windows targets
+            if test "$curl_cv_have_def__WIN32" = "yes"; then
+              tmp_CFLAGS="$tmp_CFLAGS -Wno-pedantic-ms-format"
+            fi
+          fi
+          #
        fi
        #
        dnl Do not issue warnings for code in system include paths.
@@ -1375,6 +1384,114 @@ AC_DEFUN([CURL_CHECK_COMPILER_STRUCT_MEMBER_SIZE], [
 ])


+dnl CURL_CHECK_COMPILER_SYMBOL_HIDING
+dnl -------------------------------------------------
+dnl Verify if compiler supports hiding library internal symbols, setting
+dnl shell variable supports_symbol_hiding value as appropriate, as well as
+dnl variables symbol_hiding_CFLAGS and symbol_hiding_EXTERN when supported.
+
+AC_DEFUN([CURL_CHECK_COMPILER_SYMBOL_HIDING], [
+  AC_REQUIRE([CURL_CHECK_COMPILER])dnl
+  AC_BEFORE([$0],[CURL_CONFIGURE_SYMBOL_HIDING])dnl
+  AC_MSG_CHECKING([if compiler supports hiding library internal symbols])
+  supports_symbol_hiding="no"
+  symbol_hiding_CFLAGS=""
+  symbol_hiding_EXTERN=""
+  tmp_CFLAGS=""
+  tmp_EXTERN=""
+  case "$compiler_id" in
+    CLANG)
+      dnl All versions of clang support -fvisibility=
+      tmp_EXTERN="__attribute__ ((__visibility__ (\"default\")))"
+      tmp_CFLAGS="-fvisibility=hidden"
+      supports_symbol_hiding="yes"
+      ;;
+    GNU_C)
+      dnl Only gcc 3.4 or later
+      if test "$compiler_num" -ge "304"; then
+        if $CC --help --verbose 2>&1 | grep fvisibility= > /dev/null ; then
+          tmp_EXTERN="__attribute__ ((__visibility__ (\"default\")))"
+          tmp_CFLAGS="-fvisibility=hidden"
+          supports_symbol_hiding="yes"
+        fi
+      fi
+      ;;
+    INTEL_UNIX_C)
+      dnl Only icc 9.0 or later
+      if test "$compiler_num" -ge "900"; then
+        if $CC --help --verbose 2>&1 | grep fvisibility= > /dev/null ; then
+          tmp_save_CFLAGS="$CFLAGS"
+          CFLAGS="$CFLAGS -fvisibility=hidden"
+          AC_LINK_IFELSE([
+            AC_LANG_PROGRAM([[
+#             include <stdio.h>
+            ]],[[
+              printf("icc fvisibility bug test");
+            ]])
+          ],[
+            tmp_EXTERN="__attribute__ ((__visibility__ (\"default\")))"
+            tmp_CFLAGS="-fvisibility=hidden"
+            supports_symbol_hiding="yes"
+          ])
+          CFLAGS="$tmp_save_CFLAGS"
+        fi
+      fi
+      ;;
+    SUNPRO_C)
+      if $CC 2>&1 | grep flags >/dev/null && $CC -flags | grep xldscope= >/dev/null ; then
+        tmp_EXTERN="__global"
+        tmp_CFLAGS="-xldscope=hidden"
+        supports_symbol_hiding="yes"
+      fi
+      ;;
+  esac
+  if test "$supports_symbol_hiding" = "yes"; then
+    tmp_save_CFLAGS="$CFLAGS"
+    CFLAGS="$tmp_save_CFLAGS $tmp_CFLAGS"
+    squeeze CFLAGS
+    AC_COMPILE_IFELSE([
+      AC_LANG_PROGRAM([[
+        $tmp_EXTERN char *dummy(char *buff);
+        char *dummy(char *buff)
+        {
+         if(buff)
+           return ++buff;
+         else
+           return buff;
+        }
+      ]],[[
+        char b[16];
+        char *r = dummy(&b[0]);
+        if(r)
+          return (int)*r;
+      ]])
+    ],[
+      supports_symbol_hiding="yes"
+      if test -f conftest.err; then
+        grep 'visibility' conftest.err >/dev/null
+        if test "$?" -eq "0"; then
+          supports_symbol_hiding="no"
+        fi
+      fi
+    ],[
+      supports_symbol_hiding="no"
+      echo " " >&6
+      sed 's/^/cc-src: /' conftest.$ac_ext >&6
+      sed 's/^/cc-err: /' conftest.err >&6
+      echo " " >&6
+    ])
+    CFLAGS="$tmp_save_CFLAGS"
+  fi
+  if test "$supports_symbol_hiding" = "yes"; then
+    AC_MSG_RESULT([yes])
+    symbol_hiding_CFLAGS="$tmp_CFLAGS"
+    symbol_hiding_EXTERN="$tmp_EXTERN"
+  else
+    AC_MSG_RESULT([no])
+  fi
+])
+
+
 dnl CURL_VAR_MATCH (VARNAME, VALUE)
 dnl -------------------------------------------------
 dnl Verifies if shell variable VARNAME contains VALUE.
--- a/m4/curl-confopts.m4
+++ b/m4/curl-confopts.m4
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -21,7 +21,7 @@
 #***************************************************************************

 # File version for 'aclocal' use. Keep it a single number.
-# serial 16
+# serial 18

 dnl CURL_CHECK_OPTION_THREADED_RESOLVER
 dnl -------------------------------------------------
@@ -258,6 +258,50 @@ AC_HELP_STRING([--disable-optimize],[Disable compiler optimizations]),
 ])


+dnl CURL_CHECK_OPTION_SYMBOL_HIDING
+dnl -------------------------------------------------
+dnl Verify if configure has been invoked with option
+dnl --enable-symbol-hiding or --disable-symbol-hiding,
+dnl setting shell variable want_symbol_hiding value.
+
+AC_DEFUN([CURL_CHECK_OPTION_SYMBOL_HIDING], [
+  AC_BEFORE([$0],[CURL_CHECK_COMPILER_SYMBOL_HIDING])dnl
+  AC_MSG_CHECKING([whether to enable hiding of library internal symbols])
+  OPT_SYMBOL_HIDING="default"
+  AC_ARG_ENABLE(symbol-hiding,
+AC_HELP_STRING([--enable-symbol-hiding],[Enable hiding of library internal symbols])
+AC_HELP_STRING([--disable-symbol-hiding],[Disable hiding of library internal symbols]),
+  OPT_SYMBOL_HIDING=$enableval)
+  AC_ARG_ENABLE(hidden-symbols,
+AC_HELP_STRING([--enable-hidden-symbols],[To be deprecated, use --enable-symbol-hiding])
+AC_HELP_STRING([--disable-hidden-symbols],[To be deprecated, use --disable-symbol-hiding]),
+  OPT_SYMBOL_HIDING=$enableval)
+  case "$OPT_SYMBOL_HIDING" in
+    no)
+      dnl --disable-symbol-hiding option used.
+      dnl This is an indication to not attempt hiding of library internal
+      dnl symbols. Default symbol visibility will be used, which normally
+      dnl exposes all library internal symbols.
+      want_symbol_hiding="no"
+      AC_MSG_RESULT([no])
+      ;;
+    default)
+      dnl configure's symbol-hiding option not specified.
+      dnl Handle this as if --enable-symbol-hiding option was given.
+      want_symbol_hiding="yes"
+      AC_MSG_RESULT([yes])
+      ;;
+    *)
+      dnl --enable-symbol-hiding option used.
+      dnl This is an indication to attempt hiding of library internal
+      dnl symbols. This is only supported on some compilers/linkers.
+      want_symbol_hiding="yes"
+      AC_MSG_RESULT([yes])
+      ;;
+  esac
+])
+
+
 dnl CURL_CHECK_OPTION_THREADS
 dnl -------------------------------------------------
 dnl Verify if configure has been invoked with option
@@ -411,6 +455,35 @@ AC_DEFUN([CURL_CHECK_NONBLOCKING_SOCKET], [
 ])


+dnl CURL_CONFIGURE_SYMBOL_HIDING
+dnl -------------------------------------------------
+dnl Depending on --enable-symbol-hiding or --disable-symbol-hiding
+dnl configure option, and compiler capability to actually honor such
+dnl option, this will modify compiler flags as appropriate and also
+dnl provide needed definitions for configuration and Makefile.am files.
+dnl This macro should not be used until all compilation tests have
+dnl been done to prevent interferences on other tests.
+
+AC_DEFUN([CURL_CONFIGURE_SYMBOL_HIDING], [
+  AC_MSG_CHECKING([whether hiding of library internal symbols will actually happen])
+  CFLAG_CURL_SYMBOL_HIDING=""
+  doing_symbol_hiding="no"
+  if test x"$ac_cv_native_windows" != "xyes" &&
+    test "$want_symbol_hiding" = "yes" &&
+    test "$supports_symbol_hiding" = "yes"; then
+    doing_symbol_hiding="yes"
+    CFLAG_CURL_SYMBOL_HIDING="$symbol_hiding_CFLAGS"
+    AC_DEFINE_UNQUOTED(CURL_EXTERN_SYMBOL, $symbol_hiding_EXTERN,
+      [Definition to make a library symbol externally visible.])
+    AC_MSG_RESULT([yes])
+  else
+    AC_MSG_RESULT([no])
+  fi
+  AM_CONDITIONAL(DOING_CURL_SYMBOL_HIDING, test x$doing_symbol_hiding = xyes)
+  AC_SUBST(CFLAG_CURL_SYMBOL_HIDING)
+])
+
+
 dnl CURL_CHECK_LIB_ARES
 dnl -------------------------------------------------
 dnl When c-ares library support has been requested,
--- a/m4/curl-functions.m4
+++ b/m4/curl-functions.m4
@@ -21,7 +21,7 @@
 #***************************************************************************

 # File version for 'aclocal' use. Keep it a single number.
-# serial 69
+# serial 70


 dnl CURL_INCLUDES_ARPA_INET
@@ -2020,6 +2020,7 @@ AC_DEFUN([CURL_CHECK_FUNC_GETADDRINFO], [
  AC_REQUIRE([CURL_INCLUDES_STRING])dnl
  AC_REQUIRE([CURL_INCLUDES_SYS_SOCKET])dnl
  AC_REQUIRE([CURL_INCLUDES_NETDB])dnl
+  AC_REQUIRE([CURL_CHECK_NATIVE_WINDOWS])dnl
  #
  tst_links_getaddrinfo="unknown"
  tst_proto_getaddrinfo="unknown"
@@ -2196,7 +2197,34 @@ AC_DEFUN([CURL_CHECK_FUNC_GETADDRINFO], [
        tst_tsafe_getaddrinfo="yes"
        ;;
    esac
+    if test "$tst_tsafe_getaddrinfo" = "unknown" &&
+       test "$ac_cv_native_windows" = "yes"; then
+      tst_tsafe_getaddrinfo="yes"
+    fi
    if test "$tst_tsafe_getaddrinfo" = "unknown"; then
+      CURL_CHECK_DEF_CC([h_errno], [
+        $curl_includes_sys_socket
+        $curl_includes_netdb
+        ], [silent])
+      if test "$curl_cv_have_def_h_errno" = "yes"; then
+        tst_h_errno_macro="yes"
+      else
+        tst_h_errno_macro="no"
+      fi
+      AC_COMPILE_IFELSE([
+        AC_LANG_PROGRAM([[
+          $curl_includes_sys_socket
+          $curl_includes_netdb
+        ]],[[
+          h_errno = 2;
+          if(0 != h_errno)
+            return 1;
+        ]])
+      ],[
+        tst_h_errno_modifiable_lvalue="yes"
+      ],[
+        tst_h_errno_modifiable_lvalue="no"
+      ])
      AC_COMPILE_IFELSE([
        AC_LANG_PROGRAM([[
        ]],[[
@@ -2209,22 +2237,18 @@ AC_DEFUN([CURL_CHECK_FUNC_GETADDRINFO], [
 #endif
        ]])
      ],[
-        tst_tsafe_getaddrinfo="yes"
+        tst_h_errno_sbs_issue_7="yes"
+      ],[
+        tst_h_errno_sbs_issue_7="no"
      ])
-    fi
-    if test "$tst_tsafe_getaddrinfo" = "unknown"; then
-      CURL_CHECK_DEF_CC([h_errno], [
-        $curl_includes_ws2tcpip
-        $curl_includes_sys_socket
-        $curl_includes_netdb
-        ], [silent])
-      if test "$curl_cv_have_def_h_errno" = "no"; then
+      if test "$tst_h_errno_macro" = "no" &&
+         test "$tst_h_errno_modifiable_lvalue" = "no" &&
+         test "$tst_h_errno_sbs_issue_7" = "no"; then
        tst_tsafe_getaddrinfo="no"
-      fi
-    fi
-    if test "$tst_tsafe_getaddrinfo" = "unknown"; then
+      else
        tst_tsafe_getaddrinfo="yes"
      fi
+    fi
    AC_MSG_RESULT([$tst_tsafe_getaddrinfo])
    if test "$tst_tsafe_getaddrinfo" = "yes"; then
      AC_DEFINE_UNQUOTED(HAVE_GETADDRINFO_THREADSAFE, 1,
--- a/8
+++ b/8
@@ -9,7 +9,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -91,12 +91,6 @@ findprog()
  return 0
 }

-echo "maketgz: cp lib/curl_config.h.in src/curl_config.h.in"
-cp lib/curl_config.h.in src/curl_config.h.in
-
-echo "maketgz: cp lib/config-win32.h src/config-win32.h"
-cp lib/config-win32.h src/config-win32.h
-
 ############################################################################
 #
 # Enforce a rerun of configure (updates the VERSION)
--- a/packages/AIX/RPM/curl.spec.in
+++ b/packages/AIX/RPM/curl.spec.in
@@ -105,6 +105,7 @@ make DESTDIR=%{buildroot} install-strip
 %defattr(-,root,root)
 %attr(0755,root,root) %{_bindir}/curl
 %attr(0644,root,root) %{_mandir}/man1/curl.1*
+%attr(0644,root,root) %{_mandir}/man1/mk-ca-bundle.1
 %{_libdir}/libcurl.a
 %if %{SSL} == 1
 %{_datadir}/curl/curl-ca-bundle.crt
@@ -124,6 +125,7 @@ make DESTDIR=%{buildroot} install-strip
 %defattr(-,root,root)
 %attr(0755,root,root) %{_bindir}/curl-config
 %attr(0644,root,root) %{_mandir}/man1/curl-config.1*
+%attr(0644,root,root) %{_mandir}/man1/mk-ca-bundle.1
 %attr(0644,root,root) %{_mandir}/man3/*
 %attr(0644,root,root) %{_includedir}/curl/*
 %{_libdir}/libcurl.la
--- a/packages/EPM/curl.list.in
+++ b/packages/EPM/curl.list.in
@@ -23,6 +23,7 @@ $datarootdir=@datarootdir@

 f 0644 cowo pppusers ${mandir}/man1/curl.1 ./docs/curl.1
 f 0644 cowo pppusers ${mandir}/man1/curl-config.1 ./docs/curl-config.1
+f 0644 cowo pppusers ${mandir}/man1/mk-ca-bundle.1 ./docs/mk-ca-bundle.1
 f 0644 cowo pppusers ${mandir}/man3/curl_easy_cleanup.3 ./docs/curl_easy_cleanup.3
 f 0644 cowo pppusers ${mandir}/man3/curl_easy_getinfo.3 ./docs/curl_easy_getinfo.3
 f 0644 cowo pppusers ${mandir}/man3/curl_easy_init.3 ./docs/curl_easy_init.3
--- a/packages/Linux/RPM/curl-ssl.spec.in
+++ b/packages/Linux/RPM/curl-ssl.spec.in
@@ -66,6 +66,7 @@ make DESTDIR=%{buildroot} install-strip
 %defattr(-,root,root)
 %attr(0755,root,root) %{_bindir}/curl
 %attr(0644,root,root) %{_mandir}/man1/curl.1*
+%attr(0644,root,root) %{_mandir}/man1/mk-ca-bundle.1
 %{_libdir}/libcurl.so*
 %{_datadir}/curl/curl-ca-bundle.crt
 %doc CHANGES COPYING README testcurl.sh docs/BUGS docs/SSLCERTS
--- a/packages/OS400/initscript.sh
+++ b/packages/OS400/initscript.sh
@@ -157,6 +157,10 @@ db2_name()
        basename "${1}"                                                 |
        tr 'a-z-' 'A-Z_'                                                |
        sed -e 's/\..*//'                                               \
+            -e 's/\([^_]\)[^_]*_\(.*\)/\1\2/'                                \
+            -e 's/\([^_]\)\([^_]\)[^_]*_\(.*\)/\1\2\3/'                      \
+            -e 's/\([^_]\)\([^_]\)\([^_]\)[^_]*_\(.*\)/\1\2\3\4/'            \
+            -e 's/\([^_]\)\([^_]\)\([^_]\)\([^_]\)[^_]*_\(.*\)/\1\2\3\4\5/'  \
            -e 's/^\(..........\).*/\1/'
 }

--- a/src/Makefile.Watcom
+++ b/src/Makefile.Watcom
@@ -72,13 +72,13 @@ CFLAGS += -d_WIN32_WINNT=0x0501 -dENABLE_IPV6
 !ifdef %zlib_root
 ZLIB_ROOT = $(%zlib_root)
 !else
-ZLIB_ROOT = ..$(DS)..$(DS)zlib-1.2.5
+ZLIB_ROOT = ..$(DS)..$(DS)zlib-1.2.7
 !endif

 !ifdef %libssh2_root
 LIBSSH2_ROOT = $(%libssh2_root)
 !else
-LIBSSH2_ROOT = ..$(DS)..$(DS)libssh2-1.3.0
+LIBSSH2_ROOT = ..$(DS)..$(DS)libssh2-1.4.2
 !endif

 !ifdef %librtmp_root
@@ -90,7 +90,7 @@ LIBRTMP_ROOT = ..$(DS)..$(DS)rtmpdump-2.3
 !ifdef %openssl_root
 OPENSSL_ROOT = $(%openssl_root)
 !else
-OPENSSL_ROOT = ..$(DS)..$(DS)openssl-0.9.8r
+OPENSSL_ROOT = ..$(DS)..$(DS)openssl-0.9.8x
 !endif

 !ifdef %ares_root
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -32,7 +32,7 @@ AUTOMAKE_OPTIONS = foreign nostdinc
 # $(top_builddir)/lib is for libcurl's generated lib/curl_config.h file
 # $(top_builddir)/src is for curl's generated src/curl_config.h file
 # $(top_srcdir)/lib is for libcurl's lib/setup.h and other "borrowed" files
-# $(top_srcdir)/src is for curl's src/setup.h and "curl-private" files
+# $(top_srcdir)/src is for curl's src/tool_setup.h and "curl-private" files

 INCLUDES = -I$(top_builddir)/include/curl \
           -I$(top_builddir)/include      \
@@ -44,6 +44,11 @@ INCLUDES = -I$(top_builddir)/include/curl \

 bin_PROGRAMS = curl

+# Mostly for Windows build targets, when using static libcurl
+if USE_CPPFLAG_CURL_STATICLIB
+AM_CPPFLAGS = -DCURL_STATICLIB
+endif
+
 include Makefile.inc

 # This might hold -Werror
@@ -51,16 +56,16 @@ CFLAGS += @CURL_CFLAG_EXTRAS@

 curl_LDADD = $(top_builddir)/lib/libcurl.la @CURL_LIBS@
 curl_DEPENDENCIES = $(top_builddir)/lib/libcurl.la
-BUILT_SOURCES = hugehelp.c config-win32.h
-CLEANFILES = hugehelp.c config-win32.h
+BUILT_SOURCES = hugehelp.c
+CLEANFILES = hugehelp.c
 # Use the C locale to ensure that only ASCII characters appear in the
 # embedded text.
 NROFF=env LC_ALL=C @NROFF@ @MANOPT@ # figured out by the configure script

 EXTRA_DIST = mkhelp.pl makefile.dj Makefile.vc6 Makefile.b32 Makefile.m32 \
-	curl_config.h.in macos/curl.mcp.xml.sit.hqx			  \
+	macos/curl.mcp.xml.sit.hqx                                        \
 	macos/MACINSTALL.TXT macos/src/curl_GUSIConfig.cpp vc6curlsrc.dsp \
-	macos/src/macos_main.cpp config-amigaos.h makefile.amiga curl.rc  \
+	macos/src/macos_main.cpp makefile.amiga curl.rc                   \
 	Makefile.netware Makefile.inc Makefile.Watcom vc6curlsrc.dsw      \
 	CMakeLists.txt

@@ -68,11 +73,6 @@ MANPAGE=$(top_srcdir)/docs/curl.1
 README=$(top_srcdir)/docs/MANUAL
 MKHELP=$(top_srcdir)/src/mkhelp.pl
 HUGE=hugehelp.c
-CFGWIN32=config-win32.h
-
-$(CFGWIN32): $(top_srcdir)/lib/config-win32.h
-	echo "creating $(CFGWIN32)"
-	@(cp $(top_srcdir)/lib/config-win32.h $(CFGWIN32))

 if USE_MANUAL
 # Here are the stuff to create a built-in manual
@@ -80,7 +80,7 @@ if USE_MANUAL
 if HAVE_LIBZ
 # This generates the hugehelp.c file in both uncompressed and compressed formats
 $(HUGE): $(README) $(MANPAGE)  mkhelp.pl
-	echo '#include "setup.h"' > $(HUGE)
+	echo '#include "tool_setup.h"' > $(HUGE)
 	echo '#ifndef HAVE_LIBZ' >> $(HUGE)
 	$(NROFF) $(MANPAGE) | $(PERL) $(MKHELP) $(README) >> $(HUGE)
 	echo '#else' >> $(HUGE)
@@ -89,7 +89,7 @@ $(HUGE): $(README) $(MANPAGE)  mkhelp.pl
 else # HAVE_LIBZ
 # This generates the hugehelp.c file uncompressed only
 $(HUGE): $(README) $(MANPAGE)  mkhelp.pl
-	echo '#include "setup.h"' > $(HUGE)
+	echo '#include "tool_setup.h"' > $(HUGE)
 	$(NROFF) $(MANPAGE) | $(PERL) $(MKHELP) $(README) >> $(HUGE)
 endif

@@ -102,9 +102,9 @@ $(HUGE):
 endif

 # ignore hugehelp.c since it is generated source code and it plays by slightly
-# different rules! config-win32.h already checked in lib subdir.
+# different rules!
 checksrc:
-	@@PERL@ $(top_srcdir)/lib/checksrc.pl -D$(top_srcdir)/src -Whugehelp.c -Wconfig-win32.h $(curl_SOURCES)
+	@@PERL@ $(top_srcdir)/lib/checksrc.pl -D$(top_srcdir)/src -Whugehelp.c $(curl_SOURCES)

 if CURLDEBUG
 # for debug builds, we scan the sources on all regular make invokes
--- a/src/Makefile.b32
+++ b/src/Makefile.b32
@@ -22,12 +22,12 @@ BCCDIR = $(MAKEDIR)\..

 # Edit the path below to point to the base of your Zlib sources.
 !ifndef ZLIB_PATH
-ZLIB_PATH = ..\..\zlib-1.2.5
+ZLIB_PATH = ..\..\zlib-1.2.7
 !endif

 # Edit the path below to point to the base of your OpenSSL package.
 !ifndef OPENSSL_PATH
-OPENSSL_PATH = ..\..\openssl-0.9.8q
+OPENSSL_PATH = ..\..\openssl-0.9.8x
 !endif

 # Set program's name
--- a/src/Makefile.inc
+++ b/src/Makefile.inc
@@ -52,8 +52,7 @@ CURL_CFILES = hugehelp.c \
 	tool_writeout.c \
 	tool_xattr.c

-CURL_HFILES = hugehelp.h setup.h config-win32.h config-mac.h \
-	config-riscos.h \
+CURL_HFILES = hugehelp.h \
 	tool_binmode.h \
 	tool_bname.h \
 	tool_cb_dbg.h \
@@ -84,6 +83,7 @@ CURL_HFILES = hugehelp.h setup.h config-win32.h config-mac.h \
 	tool_parsecfg.h \
 	tool_sdecls.h \
 	tool_setopt.h \
+	tool_setup.h \
 	tool_sleep.h \
 	tool_urlglob.h \
 	tool_util.h \
--- a/src/Makefile.m32
+++ b/src/Makefile.m32
@@ -7,18 +7,18 @@
 ## Example: mingw32-make -f Makefile.m32 CFG=-zlib-ssl-spi-winidn
 ##
 ## Hint: you can also set environment vars to control the build, f.e.:
-## set ZLIB_PATH=c:/zlib-1.2.5
+## set ZLIB_PATH=c:/zlib-1.2.7
 ## set ZLIB=1
 #
 ###########################################################################

 # Edit the path below to point to the base of your Zlib sources.
 ifndef ZLIB_PATH
-ZLIB_PATH = ../../zlib-1.2.5
+ZLIB_PATH = ../../zlib-1.2.7
 endif
 # Edit the path below to point to the base of your OpenSSL package.
 ifndef OPENSSL_PATH
-OPENSSL_PATH = ../../openssl-0.9.8r
+OPENSSL_PATH = ../../openssl-0.9.8x
 endif
 ifndef OPENSSL_LIBPATH
 OPENSSL_LIBPATH = $(OPENSSL_PATH)/out
@@ -28,7 +28,7 @@ OPENSSL_LIBS = -leay32 -lssl32
 endif
 # Edit the path below to point to the base of your LibSSH2 package.
 ifndef LIBSSH2_PATH
-LIBSSH2_PATH = ../../libssh2-1.3.0
+LIBSSH2_PATH = ../../libssh2-1.4.2
 endif
 # Edit the path below to point to the base of your librtmp package.
 ifndef LIBRTMP_PATH
--- a/src/Makefile.netware
+++ b/src/Makefile.netware
@@ -14,17 +14,17 @@ endif

 # Edit the path below to point to the base of your Zlib sources.
 ifndef ZLIB_PATH
-ZLIB_PATH = ../../zlib-1.2.5
+ZLIB_PATH = ../../zlib-1.2.7
 endif

 # Edit the path below to point to the base of your OpenSSL package.
 ifndef OPENSSL_PATH
-OPENSSL_PATH = ../../openssl-0.9.8r
+OPENSSL_PATH = ../../openssl-0.9.8x
 endif

 # Edit the path below to point to the base of your LibSSH2 package.
 ifndef LIBSSH2_PATH
-LIBSSH2_PATH = ../../libssh2-1.3.0
+LIBSSH2_PATH = ../../libssh2-1.4.2
 endif

 # Edit the path below to point to the base of your axTLS package.
@@ -323,7 +323,7 @@ vpath %.c $(CURL_LIB)

 all: prebuild $(TARGET).nlm

-prebuild: $(OBJDIR) $(OBJDIR)/version.inc curl_config.h
+prebuild: $(OBJDIR) $(OBJDIR)/version.inc

 $(OBJDIR)/%.o: %.c
 #	@echo Compiling $<
@@ -342,7 +342,6 @@ clean:
 ifeq "$(wildcard hugehelp.c.cvs)" "hugehelp.c.cvs"
 	-$(RM) hugehelp.c
 endif
-	-$(RM) curl_config.h
 	-$(RM) -r $(OBJDIR)

 distclean vclean: clean
@@ -449,210 +448,6 @@ endif
 	@echo $(DL)output $(TARGET).nlm$(DL) >> $@
 endif

-curl_config.h: Makefile.netware
-	@echo Creating $@
-	@echo $(DL)/* $@ for NetWare target.$(DL) > $@
-	@echo $(DL)** Do not edit this file - it is created by make!$(DL) >> $@
-	@echo $(DL)** All your changes will be lost!!$(DL) >> $@
-	@echo $(DL)*/$(DL) >> $@
-	@echo $(DL)#ifndef NETWARE$(DL) >> $@
-	@echo $(DL)#error This $(notdir $@) is created for NetWare platform!$(DL) >> $@
-	@echo $(DL)#endif$(DL) >> $@
-	@echo $(DL)#define VERSION "$(LIBCURL_VERSION_STR)"$(DL) >> $@
-	@echo $(DL)#define PACKAGE_BUGREPORT "a suitable curl mailing list => http://curl.haxx.se/mail/"$(DL) >> $@
-ifeq ($(LIBARCH),CLIB)
-	@echo $(DL)#define OS "i586-pc-clib-NetWare"$(DL) >> $@
-	@echo $(DL)#define NETDB_USE_INTERNET 1$(DL) >> $@
-	@echo $(DL)#define HAVE_STRICMP 1$(DL) >> $@
-	@echo $(DL)#define HAVE_STRNICMP 1$(DL) >> $@
-	@echo $(DL)#define RECV_TYPE_ARG1 int$(DL) >> $@
-	@echo $(DL)#define RECV_TYPE_ARG2 char *$(DL) >> $@
-	@echo $(DL)#define RECV_TYPE_ARG3 int$(DL) >> $@
-	@echo $(DL)#define RECV_TYPE_ARG4 int$(DL) >> $@
-	@echo $(DL)#define RECV_TYPE_RETV int$(DL) >> $@
-	@echo $(DL)#define RECVFROM_TYPE_ARG1 int$(DL) >> $@
-	@echo $(DL)#define RECVFROM_TYPE_ARG2 char$(DL) >> $@
-	@echo $(DL)#define RECVFROM_TYPE_ARG3 int$(DL) >> $@
-	@echo $(DL)#define RECVFROM_TYPE_ARG4 int$(DL) >> $@
-	@echo $(DL)#define RECVFROM_TYPE_ARG5 struct sockaddr$(DL) >> $@
-	@echo $(DL)#define RECVFROM_TYPE_ARG6 int$(DL) >> $@
-	@echo $(DL)#define RECVFROM_TYPE_RETV int$(DL) >> $@
-	@echo $(DL)#define SEND_QUAL_ARG2$(DL) >> $@
-	@echo $(DL)#define SEND_TYPE_ARG1 int$(DL) >> $@
-	@echo $(DL)#define SEND_TYPE_ARG2 char *$(DL) >> $@
-	@echo $(DL)#define SEND_TYPE_ARG3 int$(DL) >> $@
-	@echo $(DL)#define SEND_TYPE_ARG4 int$(DL) >> $@
-	@echo $(DL)#define SEND_TYPE_RETV int$(DL) >> $@
-	@echo $(DL)#define SIZEOF_SIZE_T 4$(DL) >> $@
-	@echo $(DL)#define pressanykey PressAnyKeyToContinue$(DL) >> $@
-else
-	@echo $(DL)#define OS "i586-pc-libc-NetWare"$(DL) >> $@
-	@echo $(DL)#define HAVE_FTRUNCATE 1$(DL) >> $@
-	@echo $(DL)#define HAVE_GETTIMEOFDAY 1$(DL) >> $@
-	@echo $(DL)#define HAVE_INTTYPES_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_LONGLONG 1$(DL) >> $@
-	@echo $(DL)#define HAVE_STDINT_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_STRCASECMP 1$(DL) >> $@
-	@echo $(DL)#define HAVE_STRLCAT 1$(DL) >> $@
-	@echo $(DL)#define HAVE_STRLCPY 1$(DL) >> $@
-	@echo $(DL)#define HAVE_STRTOLL 1$(DL) >> $@
-	@echo $(DL)#define HAVE_SYS_PARAM_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_SYS_SELECT_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_TERMIOS_H 1$(DL) >> $@
-	@echo $(DL)#define RECV_TYPE_ARG1 int$(DL) >> $@
-	@echo $(DL)#define RECV_TYPE_ARG2 void *$(DL) >> $@
-	@echo $(DL)#define RECV_TYPE_ARG3 size_t$(DL) >> $@
-	@echo $(DL)#define RECV_TYPE_ARG4 int$(DL) >> $@
-	@echo $(DL)#define RECV_TYPE_RETV ssize_t$(DL) >> $@
-	@echo $(DL)#define RECVFROM_TYPE_ARG1 int$(DL) >> $@
-	@echo $(DL)#define RECVFROM_TYPE_ARG2 void$(DL) >> $@
-	@echo $(DL)#define RECVFROM_TYPE_ARG3 size_t$(DL) >> $@
-	@echo $(DL)#define RECVFROM_TYPE_ARG4 int$(DL) >> $@
-	@echo $(DL)#define RECVFROM_TYPE_ARG5 struct sockaddr$(DL) >> $@
-	@echo $(DL)#define RECVFROM_TYPE_ARG6 size_t$(DL) >> $@
-	@echo $(DL)#define RECVFROM_TYPE_RETV ssize_t$(DL) >> $@
-	@echo $(DL)#define RECVFROM_TYPE_ARG2_IS_VOID 1$(DL) >> $@
-	@echo $(DL)#define SEND_QUAL_ARG2$(DL) >> $@
-	@echo $(DL)#define SEND_TYPE_ARG1 int$(DL) >> $@
-	@echo $(DL)#define SEND_TYPE_ARG2 void *$(DL) >> $@
-	@echo $(DL)#define SEND_TYPE_ARG3 size_t$(DL) >> $@
-	@echo $(DL)#define SEND_TYPE_ARG4 int$(DL) >> $@
-	@echo $(DL)#define SEND_TYPE_RETV ssize_t$(DL) >> $@
-	@echo $(DL)#define SIZEOF_OFF_T 8$(DL) >> $@
-	@echo $(DL)#define SIZEOF_SIZE_T 8$(DL) >> $@
-	@echo $(DL)#define _LARGEFILE 1$(DL) >> $@
-ifdef ENABLE_IPV6
-	@echo $(DL)#define ENABLE_IPV6 1$(DL) >> $@
-	@echo $(DL)#define HAVE_AF_INET6 1$(DL) >> $@
-	@echo $(DL)#define HAVE_PF_INET6 1$(DL) >> $@
-	@echo $(DL)#define HAVE_FREEADDRINFO 1$(DL) >> $@
-	@echo $(DL)#define HAVE_GETADDRINFO 1$(DL) >> $@
-	@echo $(DL)#define HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID 1$(DL) >> $@
-	@echo $(DL)#define HAVE_STRUCT_ADDRINFO 1$(DL) >> $@
-	@echo $(DL)#define HAVE_STRUCT_IN6_ADDR 1$(DL) >> $@
-	@echo $(DL)#define HAVE_STRUCT_SOCKADDR_IN6 1$(DL) >> $@
-	@echo $(DL)#define SIZEOF_STRUCT_IN6_ADDR 16$(DL) >> $@
-endif
-endif
-	@echo $(DL)#define USE_MANUAL 1$(DL) >> $@
-	@echo $(DL)#define HAVE_ARPA_INET_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_ASSERT_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_ERRNO_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_ERR_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_FCNTL_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_GETHOSTBYADDR 1$(DL) >> $@
-	@echo $(DL)#define HAVE_GETHOSTBYNAME 1$(DL) >> $@
-	@echo $(DL)#define HAVE_GETPROTOBYNAME 1$(DL) >> $@
-	@echo $(DL)#define HAVE_GMTIME_R 1$(DL) >> $@
-	@echo $(DL)#define HAVE_INET_ADDR 1$(DL) >> $@
-	@echo $(DL)#define HAVE_IOCTL 1$(DL) >> $@
-	@echo $(DL)#define HAVE_IOCTL_FIONBIO 1$(DL) >> $@
-	@echo $(DL)#define HAVE_LIMITS_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_LL 1$(DL) >> $@
-	@echo $(DL)#define HAVE_LOCALE_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_LOCALTIME_R 1$(DL) >> $@
-	@echo $(DL)#define HAVE_MALLOC_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_NETINET_IN_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_RECV 1$(DL) >> $@
-	@echo $(DL)#define HAVE_RECVFROM 1$(DL) >> $@
-	@echo $(DL)#define HAVE_SELECT 1$(DL) >> $@
-	@echo $(DL)#define HAVE_SEND 1$(DL) >> $@
-	@echo $(DL)#define HAVE_SETJMP_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_SETLOCALE 1$(DL) >> $@
-	@echo $(DL)#define HAVE_SIGNAL 1$(DL) >> $@
-	@echo $(DL)#define HAVE_SIGNAL_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_SIG_ATOMIC_T 1$(DL) >> $@
-	@echo $(DL)#define HAVE_SOCKET 1$(DL) >> $@
-	@echo $(DL)#define HAVE_STDLIB_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_STRDUP 1$(DL) >> $@
-	@echo $(DL)#define HAVE_STRFTIME 1$(DL) >> $@
-	@echo $(DL)#define HAVE_STRING_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_STRSTR 1$(DL) >> $@
-	@echo $(DL)#define HAVE_STRUCT_TIMEVAL 1$(DL) >> $@
-	@echo $(DL)#define HAVE_SYS_IOCTL_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_SYS_STAT_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_SYS_TIME_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_TIME_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_UNAME 1$(DL) >> $@
-	@echo $(DL)#define HAVE_UNISTD_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_UTIME 1$(DL) >> $@
-	@echo $(DL)#define HAVE_UTIME_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_WRITEV 1$(DL) >> $@
-	@echo $(DL)#define RETSIGTYPE void$(DL) >> $@
-	@echo $(DL)#define SIZEOF_INT 4$(DL) >> $@
-	@echo $(DL)#define SIZEOF_SHORT 2$(DL) >> $@
-	@echo $(DL)#define SIZEOF_STRUCT_IN_ADDR 4$(DL) >> $@
-	@echo $(DL)#define STDC_HEADERS 1$(DL) >> $@
-	@echo $(DL)#define TIME_WITH_SYS_TIME 1$(DL) >> $@
-ifdef DISABLE_LDAP
-	@echo $(DL)#define CURL_DISABLE_LDAP 1$(DL) >> $@
-else
-	@echo $(DL)#define CURL_HAS_NOVELL_LDAPSDK 1$(DL) >> $@
-ifndef DISABLE_LDAPS
-	@echo $(DL)#define HAVE_LDAP_SSL 1$(DL) >> $@
-endif
-	@echo $(DL)#define HAVE_LDAP_SSL_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_LDAP_URL_PARSE 1$(DL) >> $@
-endif
-ifdef NW_WINSOCK
-	@echo $(DL)#define HAVE_CLOSESOCKET 1$(DL) >> $@
-else
-	@echo $(DL)#define USE_BSD_SOCKETS 1$(DL) >> $@
-	@echo $(DL)#define HAVE_SYS_TYPES_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_SYS_SOCKET_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_SYS_SOCKIO_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_NETDB_H 1$(DL) >> $@
-endif
-ifdef WITH_ARES
-	@echo $(DL)#define USE_ARES 1$(DL) >> $@
-endif
-ifdef WITH_ZLIB
-	@echo $(DL)#define HAVE_ZLIB_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_LIBZ 1$(DL) >> $@
-endif
-ifdef WITH_SSL
-	@echo $(DL)#define USE_SSLEAY 1$(DL) >> $@
-	@echo $(DL)#define USE_OPENSSL 1$(DL) >> $@
-	@echo $(DL)#define HAVE_OPENSSL_X509_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_OPENSSL_SSL_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_OPENSSL_RSA_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_OPENSSL_PEM_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_OPENSSL_ERR_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_OPENSSL_CRYPTO_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_OPENSSL_ENGINE_H 1$(DL) >> $@
-	@echo $(DL)#define HAVE_LIBSSL 1$(DL) >> $@
-	@echo $(DL)#define HAVE_LIBCRYPTO 1$(DL) >> $@
-	@echo $(DL)#define OPENSSL_NO_KRB5 1$(DL) >> $@
-ifdef WITH_SPNEGO
-	@echo $(DL)#define HAVE_SPNEGO 1$(DL) >> $@
-endif
-else
-ifdef WITH_AXTLS
-	@echo $(DL)#define USE_AXTLS 1$(DL) >> $@
-endif
-endif
-ifdef WITH_SSH2
-	@echo $(DL)#define USE_LIBSSH2 1$(DL) >> $@
-	@echo $(DL)#define HAVE_LIBSSH2_H 1$(DL) >> $@
-endif
-ifdef WITH_IDN
-	@echo $(DL)#define HAVE_LIBIDN 1$(DL) >> $@
-	@echo $(DL)#define HAVE_TLD_H 1$(DL) >> $@
-endif
-ifdef WITH_RTMP
-	@echo $(DL)#define USE_LIBRTMP 1$(DL) >> $@
-endif
-	@echo $(DL)#ifdef __GNUC__$(DL) >> $@
-	@echo $(DL)#define HAVE_VARIADIC_MACROS_GCC 1$(DL) >> $@
-	@echo $(DL)#else$(DL) >> $@
-	@echo $(DL)#define HAVE_VARIADIC_MACROS_C99 1$(DL) >> $@
-	@echo $(DL)#endif$(DL) >> $@
-ifdef CABUNDLE
-	@echo $(DL)#define CURL_CA_BUNDLE "$(CABUNDLE)"$(DL) >> $@
-else
-	@echo $(DL)#define CURL_CA_BUNDLE getenv("CURL_CA_BUNDLE")$(DL) >> $@
-endif
-
 hugehelp.c:
 	@echo Creating $@
 	@$(CP) hugehelp.c.cvs $@
--- a/src/Makefile.vc6
+++ b/src/Makefile.vc6
@@ -57,11 +57,11 @@ PROGRAM_NAME = curl.exe


 !IFNDEF OPENSSL_PATH
-OPENSSL_PATH = ../../openssl-0.9.8r
+OPENSSL_PATH = ../../openssl-0.9.8x
 !ENDIF

 !IFNDEF ZLIB_PATH
-ZLIB_PATH = ../../zlib-1.2.5
+ZLIB_PATH = ../../zlib-1.2.7
 !ENDIF

 !IFNDEF MACHINE
--- a/src/config-amigaos.h
+++ b/src/config-amigaos.h
@@ -1,70 +0,0 @@
-#ifndef CURL_CONFIG_AMIGAOS_H
-#define CURL_CONFIG_AMIGAOS_H
-/***************************************************************************
- *                                  _   _ ____  _
- *  Project                     ___| | | |  _ \| |
- *                             / __| | | | |_) | |
- *                            | (__| |_| |  _ <| |___
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- ***************************************************************************/
-
-#ifdef __AMIGA__ /* Any AmigaOS flavour */
-
-/* Define to 1 if you want the built-in manual */
-#define USE_MANUAL 1
-
-#define OS "AmigaOS"
-
-#define HAVE_CLOSESOCKET_CAMEL  1
-#define HAVE_ERRNO_H            1
-#define HAVE_UNISTD_H           1
-#define HAVE_STRDUP             1
-#define HAVE_UTIME              1
-#define HAVE_UTIME_H            1
-#define HAVE_SYS_TYPES_H        1
-#define HAVE_SYS_SOCKET_H       1
-#define HAVE_WRITABLE_ARGV      1
-#define HAVE_SYS_TIME_H         1
-#define HAVE_TIME_H             1
-#define TIME_WITH_SYS_TIME      1
-#define HAVE_STRUCT_TIMEVAL     1
-
-#if 0
-# define HAVE_TERMIOS_H         1
-# define HAVE_FTRUNCATE         1
-#endif
-
-#define HAVE_PWD_H              1
-
-#ifndef F_OK
-# define F_OK 0
-#endif
-#ifndef O_RDONLY
-# define	O_RDONLY	0x0000		/* open for reading only */
-#endif
-#ifndef LONG_MAX
-# define        LONG_MAX        0x7fffffffL             /* max value for a long */
-#endif
-#ifndef LONG_MIN
-# define        LONG_MIN        (-0x7fffffffL-1)        /* min value for a long */
-#endif
-
-#define SIZEOF_INT              4
-#define SIZEOF_SHORT            2
-
-#endif /* __AMIGA__ */
-#endif /* CURL_CONFIG_AMIGAOS_H */
--- a/src/config-mac.h
+++ b/src/config-mac.h
@@ -1,57 +0,0 @@
-#ifndef __SRC_CONFIG_MAC_H
-#define __SRC_CONFIG_MAC_H
-/***************************************************************************
- *                                  _   _ ____  _
- *  Project                     ___| | | |  _ \| |
- *                             / __| | | | |_) | |
- *                            | (__| |_| |  _ <| |___
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- ***************************************************************************/
-
-/* =================================================================== */
-/*   src/config-mac.h - Hand crafted config file for Mac OS 9          */
-/* =================================================================== */
-/*  On Mac OS X you must run configure to generate curl_config.h file  */
-/* =================================================================== */
-
-/* Define to 1 if you want the built-in manual */
-#define USE_MANUAL 1
-
-#define HAVE_UNISTD_H           1
-#define HAVE_ERRNO_H            1
-#define HAVE_FCNTL_H            1
-#define HAVE_UTIME_H            1
-#define HAVE_SYS_UTIME_H        1
-
-#define HAVE_SETVBUF            1
-#define HAVE_UTIME              1
-#define HAVE_FTRUNCATE          1
-
-#define HAVE_TIME_H             1
-#define HAVE_SYS_TIME_H         1
-#define TIME_WITH_SYS_TIME      1
-#define HAVE_STRUCT_TIMEVAL     1
-
-#define SIZEOF_INT              4
-#define SIZEOF_SHORT            2
-
-#define main(x,y) curl_main(x,y)
-
-/* we provide our own strdup prototype */
-char *strdup(char *s1);
-
-#endif /* __SRC_CONFIG_MAC_H */
--- a/Show More
+++ b/Show More