RELEASE-NOTES: synced with 52af6e69f0 / 7.28.1

RELEASE-NOTES: NSS can be used for metalink hashing
Get test 2032 working when using valgrind
2012-11-20 08:05:42 +01:00 · 2012-11-20 00:14:31 +01:00 · 2012-11-19 13:36:28 +01:00 · 2012-11-19 13:36:10 +01:00 · 2012-11-19 10:58:14 +01:00 · 2012-11-19 10:58:14 +01:00
425 changed files with 23360 additions and 4206 deletions
--- a/.gitattributes
+++ b/.gitattributes
@@ -1 +1,5 @@
 *.dsw -crlf
+buildconf eol=lf
+configure.ac eol=lf
+*.m4 eol=lf
+*.in eol=lf
--- a/.gitignore
+++ b/.gitignore
@@ -42,3 +42,6 @@ TAGS
 *~
 aclocal.m4.bak
 CHANGES.dist
+.project
+.cproject
+.settings
--- a/Android.mk
+++ b/Android.mk
@@ -1,5 +1,10 @@
 # Google Android makefile for curl and libcurl
 #
+# This file can be used when building curl using the full Android source
+# release or the NDK. Most users do not want or need to do this; please
+# instead read the Android section in docs/INSTALL for alternate
+# methods.
+#
 # Place the curl source (including this makefile) into external/curl/ in the
 # Android source tree.  Then build them with 'make curl' or just 'make libcurl'
 # from the Android root. Tested with Android versions 1.5, 2.1-2.3
--- a/CMake/FindOpenSSL.cmake
+++ b/CMake/FindOpenSSL.cmake
@@ -2,17 +2,19 @@
 # Adds OPENSSL_INCLUDE_DIRS and libeay32
 include("${CMAKE_ROOT}/Modules/FindOpenSSL.cmake")

-# Bill Hoffman told that libeay32 is necessary for him:
-find_library(SSL_LIBEAY NAMES libeay32)
+# starting 2.8 it is better to use standard modules
+if(CMAKE_MAJOR_VERSION EQUAL "2" AND CMAKE_MINOR_VERSION LESS "8")
+  # Bill Hoffman told that libeay32 is necessary for him:
+  find_library(SSL_LIBEAY NAMES libeay32)

-if(OPENSSL_FOUND)
-  if(SSL_LIBEAY)
-    list(APPEND OPENSSL_LIBRARIES ${SSL_LIBEAY})
-  else()
-    set(OPENSSL_FOUND FALSE)
+  if(OPENSSL_FOUND)
+    if(SSL_LIBEAY)
+      list(APPEND OPENSSL_LIBRARIES ${SSL_LIBEAY})
+    else()
+      set(OPENSSL_FOUND FALSE)
+    endif()
  endif()
-endif()
-
+endif() # if (CMAKE_MAJOR_VERSION EQUAL "2" AND CMAKE_MINOR_VERSION LESS "8")

 if(OPENSSL_FOUND)
  set(OPENSSL_INCLUDE_DIRS ${OPENSSL_INCLUDE_DIR})
--- a/CMake/FindZLIB.cmake
+++ b/CMake/FindZLIB.cmake
@@ -1,8 +1,10 @@
 # Locate zlib
 include("${CMAKE_ROOT}/Modules/FindZLIB.cmake")

-find_library(ZLIB_LIBRARY_DEBUG NAMES zd zlibd zdlld zlib1d )
-
-if(ZLIB_FOUND AND ZLIB_LIBRARY_DEBUG)
-  set( ZLIB_LIBRARIES optimized "${ZLIB_LIBRARY}" debug ${ZLIB_LIBRARY_DEBUG})
+# starting 2.8 it is better to use standard modules
+if(CMAKE_MAJOR_VERSION EQUAL "2" AND CMAKE_MINOR_VERSION LESS "8")
+  find_library(ZLIB_LIBRARY_DEBUG NAMES zd zlibd zdlld zlib1d )
+  if(ZLIB_FOUND AND ZLIB_LIBRARY_DEBUG)
+    set( ZLIB_LIBRARIES optimized "${ZLIB_LIBRARY}" debug ${ZLIB_LIBRARY_DEBUG})
+  endif()
 endif()
--- a/Makefile.am
+++ b/Makefile.am
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -86,9 +86,13 @@ endif
 examples:
 	@(cd docs/examples; $(MAKE) check)

+# This is a hook to have 'make clean' also clean up the dosc and the tests
+# dir. The extra check for the Makefiles being present is necessary because
+# 'make distcheck' will make clean first in these directories _before_ it runs
+# this hook.
 clean-local:
-	@(cd tests; $(MAKE) clean)
-	@(cd docs; $(MAKE) clean)
+	@(if test -f tests/Makefile; then cd tests; $(MAKE) clean; fi)
+	@(if test -f docs/Makefile; then cd docs; $(MAKE) clean; fi)

 #
 # Build source and binary rpms. For rpm-3.0 and above, the ~/.rpmmacros
--- a/126
+++ b/126
@@ -1,54 +1,51 @@
-Curl and libcurl 7.26.0
+Curl and libcurl 7.28.1

- Public curl releases:         127
- Command line options:         151
+ Public curl releases:         130
+ Command line options:         152
 curl_easy_setopt() options:   199
 Public functions in libcurl:  58
 Known libcurl bindings:       39
- Contributors:                 929
+ Contributors:                 979

 This release includes the following changes:

- o nss: the minimal supported version of NSS bumped to 3.12.x
- o nss: human-readable names are now provided for NSS errors if available
- o add a manual page for mk-ca-bundle
- o added --post303 and the CURL_REDIR_POST_303 option for CURLOPT_POSTREDIR
- o smtp: Add support for DIGEST-MD5 authentication
- o pop3: Added support for additional pop3 commands
+ o metalink/md5: Use CommonCrypto on Apple operating systems
+ o href_extractor: new example code extracting href elements
+ o NSS can be used for metalink hashing [13]

 This release includes the following bugfixes:

- o nss: libcurl now uses NSS_InitContext() to prevent collisions if available
-   [1]
- o URL parse: reject numerical IPv6 addresses outside brackets [4]
- o MD5: fix OOM memory leak [5]
- o OpenSSL cert: provide more details when cert check fails
- o HTTP: empty chunked POST ended up in two zero size chunks [6]
- o fixed a regression when curl resolved to multiple addresses and the first
-   isn't supported [7]
- o -# progress meter: avoid superfluous updates and duplicate lines [8]
- o headers: surround GCC attribute names with double underscores [9]
- o PolarSSL: correct return code for CRL matches
- o PolarSSL: include version number in version string
- o PolarSSL: add support for asynchronous connect
- o mk-ca-bundle: revert the LWP usage [12]
- o IPv6 cookie domain: get rid of the first bracket before the second
- o connect.c: return changed to CURLE_COULDNT_CONNECT when opensocket fails
- o OpenSSL: Made cert hostname check conform to RFC 6125 [10]
- o HTTP: reset expected DL/UL sizes on redirects [11]
- o CMake: fix Windows LDAP/LDAPS option handling [2]
- o CMake: fix MS Visual Studio x64 unsigned long long literal suffix [3]
- o configure: update detection logic of getaddrinfo() thread-safeness
- o configure: check for gethostbyname in the watt lib
- o curl-config.1: fix curl-config usage in example [13]
- o smtp: Fixed non-escaping of dot character at beginning of line
- o MakefileBuild.vc: use the correct IDN variable
- o autoconf: improve handling of versioned symbols
- o curl.1: clarify -x usage
- o curl: shorten user-agent
- o smtp: issue with the multi-interface always sending postdata [14]
- o compile error with GnuTLS+Nettle fixed
- o winbuild: fix IPv6 enabled build
+ o Fix broken libmetalink-aware OpenSSL build
+ o gnutls: fix the error is fatal logic [1]
+ o darwinssl: un-broke iOS build, fix error on server disconnect
+ o asyn-ares: restore functionality with c-ares < 1.6.1 [2]
+ o tlsauthtype: deal with the string case insensitively [3]
+ o Fixed MSVC libssh2 static build
+ o evhiperfifo: fix the pointer passed to WRITEDATA [6]
+ o BUGS: fix the bug tracker URL [4]
+ o winbuild: Use machine type of development environment
+ o FTP: prevent the multi interface from blocking [5]
+ o uniformly use AM_CPPFLAGS, avoid deprecated INCLUDES
+ o httpcustomheader.c: free the headers after use
+ o fix >2000 bytes POST over NTLM-using proxy [7]
+ o redirects to URLs with fragments [8]
+ o don't send '#' fragments when using proxy [9]
+ o OpenSSL: show full issuer string [10]
+ o fix HTTP auth regression [11]
+ o CURLOPT_SSL_VERIFYHOST: stop supporting the 1 value [12]
+ o ftp: EPSV-disable fix over SOCKS [14]
+ o Digest: Add microseconds into nounce calculation [15]
+ o SCP/SFTP: improve error code used for send failures
+ o SSL: Several SSL-backend related fixes
+ o removed the notorious "additional stuff not fine" debug output
+ o OpenSSL: Disable SSL/TLS compression - avoid the "CRIME" attack
+ o FILE: Make upload-writes unbuffered
+ o custom memory callbacks failure with HTTP proxy (and more) [16]
+ o TFTP: handle resends
+ o autoconf: don't force-disable compiler debug option
+ o winbuild: Fix PDB file output [17]
+ o test2032: spurious failure caused by premature termination [18]
+ o memory leak: CURLOPT_RESOLVE with multi interface [19]

 This release includes the following known bugs:

@@ -57,29 +54,34 @@ This release includes the following known bugs:
 This release would not have looked like this without help, code, reports and
 advice from friends like these:

- Andrei Cipu, Armel Asselin, Benjamin Johnson, Dag Ekengren, Dave Reisner,
- Gokhan Sengun, Guenter Knauf, Jan Schaumann, Jonathan Nieder, Kamil Dudka,
- Lijo Antony, Olaf Flebbe, Rodrigo Silva, Steve Holme, Tatsuhiro Tsujikawa,
- Tim Heckman, Yang Tse, Arnaud Compan, Blaise Potard, Daniel Theron,
- Michael Mueller, Michael Wallner, Tim Heckman, Roman Mamedov, Julian Taylor,
- Claes Jakobsson, Pierre Chapuis, Jan Ehrhardt
+ Guenter Knauf, Alessandro Ghedini, Nick Zitzmann, Michal Kowalczyk,
+ Jeff Connelly, Oscar Norlander, Guido Berhoerster, Marc Hoersken,
+ Dave Reisner, Jan Ehrhardt, John Suprock, Alessandro Ghedini,
+ Lars Buitinck, Anton Malov, Sergei Nikulov, Patrick Monnerat,
+ Gabriel Sjoberg, Oscar Koeroo, Fabian Keil, Johnny Luong, Cristian Rodríguez,
+ Sebastian Rasmussen, Mark Snelling, Christian Vogt, Marcin Adamski,
+ Ajit Dhumale, Alex Gruz

        Thanks! (and sorry if I forgot to mention someone)

 References to bug reports and discussions on issues:

- [1] = https://bugzilla.redhat.com/738456
- [2] = http://curl.haxx.se/mail/lib-2012-03/0278.html
- [3] = http://curl.haxx.se/mail/lib-2012-03/0255.html
- [4] = http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670126
- [5] = http://curl.haxx.se/mail/lib-2012-04/0246.html
- [6] = http://curl.haxx.se/mail/archive-2012-04/0060.html
- [7] = http://curl.haxx.se/bug/view.cgi?id=3516508
- [8] = http://curl.haxx.se/bug/view.cgi?id=3517418
- [9] = http://curl.haxx.se/mail/lib-2012-04/0127.html
- [10] = http://tools.ietf.org/html/rfc6125#section-6.4.3
- [11] = http://curl.haxx.se/bug/view.cgi?id=3510057
- [12] = http://curl.haxx.se/mail/lib-2012-03/0238.html
- [13] = http://curl.haxx.se/bug/view.cgi?id=3528241
- [14] = http://curl.haxx.se/mail/lib-2012-05/0108.html
- 
+ [1] = http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690551
+ [2] = http://curl.haxx.se/bug/view.cgi?id=3577710
+ [3] = http://curl.haxx.se/bug/view.cgi?id=3578418
+ [4] = http://curl.haxx.se/bug/view.cgi?id=3582408
+ [5] = http://curl.haxx.se/bug/view.cgi?id=3579064
+ [6] = http://curl.haxx.se/bug/view.cgi?id=3582407
+ [7] = http://curl.haxx.se/bug/view.cgi?id=3582321
+ [8] = http://curl.haxx.se/bug/view.cgi?id=3581898
+ [9] = http://curl.haxx.se/bug/view.cgi?id=3579813
+ [10] = http://curl.haxx.se/bug/view.cgi?id=3579286
+ [11] = http://curl.haxx.se/bug/view.cgi?id=3582718
+ [12] = http://daniel.haxx.se/blog/2012/10/25/libcurl-claimed-to-be-dangerous/
+ [13] = http://curl.haxx.se/bug/view.cgi?id=3578163
+ [14] = http://curl.haxx.se/bug/view.cgi?id=3586338
+ [15] = https://github.com/bagder/curl/pull/50
+ [16] = http://curl.haxx.se/mail/lib-2012-11/0125.html
+ [17] = http://curl.haxx.se/bug/view.cgi?id=3586741
+ [18] = http://curl.haxx.se/mail/lib-2012-11/0095.html
+ [19] = http://curl.haxx.se/bug/view.cgi?id=3575448
--- a/14
+++ b/14
@@ -1,10 +1,14 @@
-To be addressed in 7.27
+To be addressed in 7.29
 =======================

-309 - metalink support for the curl tool
-
 310 - a new authentication callback

-311 - support for SSPI schannel for SSL on windows
+312 - custom Content-Length appears in CONNECT, solve it by offering a
+      separate option to provide headers for the CONNECT request:
+      http://curl.haxx.se/mail/lib-2012-09/0059.html

-312 - 
+317 - CURLINFO_SSL_TRUST to return SSL-specific data for a darwinssl build
+
+322 - pipelining improvements
+
+327 - 
--- a/configure.ac
+++ b/configure.ac
@@ -30,7 +30,7 @@ XC_OVR_ZZ50
 CURL_OVERRIDE_AUTOCONF

 dnl configure script copyright
-AC_COPYRIGHT([Copyright (c) 1998 - 2011 Daniel Stenberg, <daniel@haxx.se>
+AC_COPYRIGHT([Copyright (c) 1998 - 2012 Daniel Stenberg, <daniel@haxx.se>
 This configure script may be copied, distributed and modified under the
 terms of the curl license; see COPYING for more details])

@@ -145,7 +145,7 @@ AC_SUBST(PKGADD_VENDOR)

 dnl
 dnl initialize all the info variables
-    curl_ssl_msg="no      (--with-{ssl,gnutls,nss,polarssl,cyassl,axtls} )"
+    curl_ssl_msg="no      (--with-{ssl,gnutls,nss,polarssl,cyassl,axtls,winssl} )"
    curl_ssh_msg="no      (--with-libssh2)"
   curl_zlib_msg="no      (--with-zlib)"
   curl_krb4_msg="no      (--with-krb4*)"
@@ -154,7 +154,7 @@ dnl initialize all the info variables
 curl_tls_srp_msg="no      (--enable-tls-srp)"
    curl_res_msg="default (--enable-ares / --enable-threaded-resolver)"
   curl_ipv6_msg="no      (--enable-ipv6)"
-    curl_idn_msg="no      (--with-libidn)"
+    curl_idn_msg="no      (--with-{libidn,winidn})"
 curl_manual_msg="no      (--enable-manual)"
 curl_libcurl_msg="enabled (--disable-libcurl-option)"
 curl_verbose_msg="enabled (--disable-verbose)"
@@ -163,6 +163,8 @@ curl_verbose_msg="enabled (--disable-verbose)"
  curl_ldaps_msg="no      (--enable-ldaps)"
   curl_rtsp_msg="no      (--enable-rtsp)"
   curl_rtmp_msg="no      (--with-librtmp)"
+  curl_mtlnk_msg="no      (--with-libmetalink)"
+
    init_ssl_msg=${curl_ssl_msg}

 dnl
@@ -240,6 +242,7 @@ AM_CONDITIONAL(MIMPURE, test x$mimpure = xyes)
 AC_MSG_CHECKING([if we need BUILDING_LIBCURL])
 use_cppflag_building_libcurl="no"
 use_cppflag_curl_staticlib="no"
+CPPFLAG_CURL_STATICLIB=""
 case $host in
  *-*-mingw*)
    AC_MSG_RESULT(yes)
@@ -249,6 +252,7 @@ case $host in
    then
      AC_MSG_RESULT(yes)
      use_cppflag_curl_staticlib="yes"
+      CPPFLAG_CURL_STATICLIB="-DCURL_STATICLIB"
    else
      AC_MSG_RESULT(no)
    fi
@@ -259,6 +263,7 @@ case $host in
 esac
 AM_CONDITIONAL(USE_CPPFLAG_BUILDING_LIBCURL, test x$use_cppflag_building_libcurl = xyes)
 AM_CONDITIONAL(USE_CPPFLAG_CURL_STATICLIB, test x$use_cppflag_curl_staticlib = xyes)
+AC_SUBST(CPPFLAG_CURL_STATICLIB)

 # Determine whether all dependent libraries must be specified when linking
 if test "X$enable_shared" = "Xyes" -a "X$link_all_deplibs" = "Xno"
@@ -917,9 +922,9 @@ if test x$CURL_DISABLE_LDAP != x1 ; then
    AC_CHECK_LIB("$LDAPLIBNAME", ldap_init,, [
      AC_MSG_WARN(["$LDAPLIBNAME" is not an LDAP library: LDAP disabled])
      AC_DEFINE(CURL_DISABLE_LDAP, 1, [to disable LDAP])
-      AC_SUBST(CURL_DISABLE_LDAP, [1])])
+      AC_SUBST(CURL_DISABLE_LDAP, [1])
      AC_DEFINE(CURL_DISABLE_LDAPS, 1, [to disable LDAPS])
-      AC_SUBST(CURL_DISABLE_LDAPS, [1])
+      AC_SUBST(CURL_DISABLE_LDAPS, [1])])
  else
    dnl Try to find the right ldap libraries for this system
    CURL_CHECK_LIBS_LDAP
@@ -944,9 +949,9 @@ if test x$CURL_DISABLE_LDAP != x1 ; then
      AC_CHECK_LIB("$LBERLIBNAME", ber_free,, [
        AC_MSG_WARN(["$LBERLIBNAME" is not an LBER library: LDAP disabled])
        AC_DEFINE(CURL_DISABLE_LDAP, 1, [to disable LDAP])
-        AC_SUBST(CURL_DISABLE_LDAP, [1])])
+        AC_SUBST(CURL_DISABLE_LDAP, [1])
        AC_DEFINE(CURL_DISABLE_LDAPS, 1, [to disable LDAPS])
-        AC_SUBST(CURL_DISABLE_LDAPS, [1])
+        AC_SUBST(CURL_DISABLE_LDAPS, [1])])
    fi
  fi
 fi
@@ -1336,6 +1341,59 @@ else
  CPPFLAGS="$save_CPPFLAGS"
 fi

+dnl -------------------------------------------------
+dnl check winssl option before other SSL libraries
+dnl -------------------------------------------------
+
+OPT_WINSSL=no
+AC_ARG_WITH(winssl,dnl
+AC_HELP_STRING([--with-winssl],[enable Windows native SSL/TLS])
+AC_HELP_STRING([--without-winssl], [disable Windows native SSL/TLS]),
+  OPT_WINSSL=$withval)
+
+AC_MSG_CHECKING([whether to enable Windows native SSL/TLS (Windows native builds only)])
+if test "$curl_ssl_msg" = "$init_ssl_msg"; then
+  if test "x$OPT_WINSSL" != "xno"  &&
+     test "x$ac_cv_native_windows" = "xyes"; then
+    AC_MSG_RESULT(yes)
+    AC_DEFINE(USE_SCHANNEL, 1, [to enable Windows native SSL/TLS support])
+    AC_SUBST(USE_SCHANNEL, [1])
+    curl_ssl_msg="enabled (Windows-native)"
+    WINSSL_ENABLED=1
+    # --with-winssl implies --enable-sspi
+    AC_DEFINE(USE_WINDOWS_SSPI, 1, [to enable SSPI support])
+    AC_SUBST(USE_WINDOWS_SSPI, [1])
+    curl_sspi_msg="enabled"
+  else
+    AC_MSG_RESULT(no)
+  fi
+else
+  AC_MSG_RESULT(no)
+fi
+
+OPT_DARWINSSL=no
+AC_ARG_WITH(darwinssl,dnl
+AC_HELP_STRING([--with-darwinssl],[enable iOS/Mac OS X native SSL/TLS])
+AC_HELP_STRING([--without-darwinssl], [disable iOS/Mac OS X native SSL/TLS]),
+  OPT_DARWINSSL=$withval)
+
+AC_MSG_CHECKING([whether to enable iOS/Mac OS X native SSL/TLS])
+if test "$curl_ssl_msg" = "$init_ssl_msg"; then
+  if test "x$OPT_DARWINSSL" != "xno" &&
+     test -d "/System/Library/Frameworks/Security.framework"; then
+    AC_MSG_RESULT(yes)
+    AC_DEFINE(USE_DARWINSSL, 1, [to enable iOS/Mac OS X native SSL/TLS support])
+    AC_SUBST(USE_DARWINSSL, [1])
+    curl_ssl_msg="enabled (iOS/Mac OS X-native)"
+    DARWINSSL_ENABLED=1
+    LDFLAGS="$LDFLAGS -framework CoreFoundation -framework Security"
+  else
+    AC_MSG_RESULT(no)
+  fi
+else
+  AC_MSG_RESULT(no)
+fi
+
 dnl **********************************************************************
 dnl Check for the presence of SSL libraries and headers
 dnl **********************************************************************
@@ -1349,7 +1407,7 @@ AC_HELP_STRING([--with-ssl=PATH],[Where to look for OpenSSL, PATH points to the
 AC_HELP_STRING([--without-ssl], [disable OpenSSL]),
  OPT_SSL=$withval)

-if test X"$OPT_SSL" != Xno; then
+if test "$curl_ssl_msg" = "$init_ssl_msg" && test X"$OPT_SSL" != Xno; then
  dnl backup the pre-ssl variables
  CLEANLDFLAGS="$LDFLAGS"
  CLEANCPPFLAGS="$CPPFLAGS"
@@ -1736,7 +1794,7 @@ AC_HELP_STRING([--with-gnutls=PATH],[where to look for GnuTLS, PATH points to th
 AC_HELP_STRING([--without-gnutls], [disable GnuTLS detection]),
  OPT_GNUTLS=$withval)

-if test "$OPENSSL_ENABLED" != "1"; then
+if test "$curl_ssl_msg" = "$init_ssl_msg"; then

  if test X"$OPT_GNUTLS" != Xno; then

@@ -1832,7 +1890,7 @@ if test "$OPENSSL_ENABLED" != "1"; then

  fi dnl GNUTLS not disabled

-fi dnl OPENSSL != 1
+fi

 dnl ---
 dnl Check which crypto backend GnuTLS uses
@@ -1889,7 +1947,7 @@ AC_HELP_STRING([--with-polarssl=PATH],[where to look for PolarSSL, PATH points t
 AC_HELP_STRING([--without-polarssl], [disable PolarSSL detection]),
  OPT_POLARSSL=$withval)

-if test "$OPENSSL_ENABLED" != "1"; then
+if test "$curl_ssl_msg" = "$init_ssl_msg"; then

  if test X"$OPT_POLARSSL" != Xno; then

@@ -1957,7 +2015,7 @@ if test "$OPENSSL_ENABLED" != "1"; then

  fi dnl PolarSSL not disabled

-fi dnl OPENSSL != 1
+fi

 dnl ----------------------------------------------------
 dnl check for CyaSSL
@@ -1973,7 +2031,7 @@ AC_HELP_STRING([--with-cyassl=PATH],[where to look for CyaSSL, PATH points to th
 AC_HELP_STRING([--without-cyassl], [disable CyaSSL detection]),
  OPT_CYASSL=$withval)

-if test "$OPENSSL_ENABLED" != "1"; then
+if test "$curl_ssl_msg" = "$init_ssl_msg"; then

  if test X"$OPT_CYASSL" != Xno; then

@@ -2042,7 +2100,7 @@ if test "$OPENSSL_ENABLED" != "1"; then

  fi dnl CyaSSL not disabled

-fi dnl OPENSSL != 1
+fi

 dnl ----------------------------------------------------
 dnl NSS. Only check if GnuTLS and OpenSSL are not enabled
@@ -2056,7 +2114,7 @@ AC_HELP_STRING([--with-nss=PATH],[where to look for NSS, PATH points to the inst
 AC_HELP_STRING([--without-nss], [disable NSS detection]),
  OPT_NSS=$withval)

-if test "$OPENSSL_ENABLED" != "1" -a "$GNUTLS_ENABLED" != "1"; then
+if test "$curl_ssl_msg" = "$init_ssl_msg"; then

  if test X"$OPT_NSS" != Xno; then
    if test "x$OPT_NSS" = "xyes"; then
@@ -2141,7 +2199,7 @@ if test "$OPENSSL_ENABLED" != "1" -a "$GNUTLS_ENABLED" != "1"; then

  fi dnl NSS not disabled

-fi dnl OPENSSL != 1 -a GNUTLS_ENABLED != 1
+fi dnl curl_ssl_msg = init_ssl_msg

 OPT_AXTLS=off

@@ -2198,9 +2256,9 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
  fi
 fi

-if test "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED$POLARSSL_ENABLED$AXTLS_ENABLED$CYASSL_ENABLED" = "x"; then
+if test "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED$POLARSSL_ENABLED$AXTLS_ENABLED$CYASSL_ENABLED$WINSSL_ENABLED$DARWINSSL_ENABLED" = "x"; then
  AC_MSG_WARN([SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more.])
-  AC_MSG_WARN([Use --with-ssl, --with-gnutls, --with-polarssl, --with-cyassl, --with-nss or --with-axtls to address this.])
+  AC_MSG_WARN([Use --with-ssl, --with-gnutls, --with-polarssl, --with-cyassl, --with-nss, --with-axtls or --with-winssl to address this.])
 else
  # SSL is enabled, genericly
  AC_SUBST(SSL_ENABLED)
@@ -2213,6 +2271,93 @@ dnl **********************************************************************

 CURL_CHECK_CA_BUNDLE

+dnl **********************************************************************
+dnl Check for libmetalink
+dnl **********************************************************************
+
+OPT_LIBMETALINK=no
+
+AC_ARG_WITH(libmetalink,dnl
+AC_HELP_STRING([--with-libmetalink=PATH],[where to look for libmetalink, PATH points to the installation root])
+AC_HELP_STRING([--without-libmetalink], [disable libmetalink detection]),
+  OPT_LIBMETALINK=$withval)
+
+if test X"$OPT_LIBMETALINK" != Xno; then
+
+  addlib=""
+  addld=""
+  addcflags=""
+  version=""
+  libmetalinklib=""
+  PKGTEST="no"
+  if test "x$OPT_LIBMETALINK" = "xyes"; then
+    dnl this is with no partiular path given
+    PKGTEST="yes"
+    CURL_CHECK_PKGCONFIG(libmetalink)
+  else
+    dnl When particular path is given, set PKG_CONFIG_LIBDIR using the path.
+    LIBMETALINK_PCDIR="$OPT_LIBMETALINK/lib/pkgconfig"
+    AC_MSG_NOTICE([PKG_CONFIG_LIBDIR will be set to "$LIBMETALINK_PCDIR"])
+    if test -f "$LIBMETALINK_PCDIR/libmetalink.pc"; then
+      PKGTEST="yes"
+    fi
+    if test "$PKGTEST" = "yes"; then
+      CURL_CHECK_PKGCONFIG(libmetalink, [$LIBMETALINK_PCDIR])
+    fi
+  fi
+  if test "$PKGTEST" = "yes" && test "$PKGCONFIG" != "no"; then
+    addlib=`CURL_EXPORT_PCDIR([$LIBMETALINK_PCDIR]) dnl
+      $PKGCONFIG --libs-only-l libmetalink`
+    addld=`CURL_EXPORT_PCDIR([$LIBMETALINK_PCDIR]) dnl
+      $PKGCONFIG --libs-only-L libmetalink`
+    addcflags=`CURL_EXPORT_PCDIR([$LIBMETALINK_PCDIR]) dnl
+      $PKGCONFIG --cflags-only-I libmetalink`
+    version=`CURL_EXPORT_PCDIR([$LIBMETALINK_PCDIR]) dnl
+      $PKGCONFIG --modversion libmetalink`
+    libmetalinklib=`echo $addld | $SED -e 's/-L//'`
+  fi
+  if test -n "$addlib"; then
+
+    clean_CPPFLAGS="$CPPFLAGS"
+    clean_LDFLAGS="$LDFLAGS"
+    clean_LIBS="$LIBS"
+    CPPFLAGS="$addcflags $clean_CPPFLAGS"
+    LDFLAGS="$addld $clean_LDFLAGS"
+    LIBS="$addlib $clean_LIBS"
+    AC_MSG_CHECKING([if libmetalink is recent enough])
+    AC_LINK_IFELSE([
+      AC_LANG_PROGRAM([[
+#       include <metalink/metalink.h>
+      ]],[[
+        if(0 != metalink_strerror(0)) /* added in 0.1.0 */
+          return 1;
+      ]])
+    ],[
+      AC_MSG_RESULT([yes ($version)])
+      want_metalink="yes"
+    ],[
+      AC_MSG_RESULT([no ($version)])
+      AC_MSG_NOTICE([libmetalink library defective or too old])
+      want_metalink="no"
+    ])
+    CPPFLAGS="$clean_CPPFLAGS"
+    LDFLAGS="$clean_LDFLAGS"
+    LIBS="$clean_LIBS"
+    if test "$want_metalink" = "yes"; then
+      dnl finally libmetalink will be used
+      AC_DEFINE(USE_METALINK, 1, [Define to enable metalink support])
+      LIBMETALINK_LIBS=$addlib
+      LIBMETALINK_LDFLAGS=$addld
+      LIBMETALINK_CFLAGS=$addcflags
+      AC_SUBST([LIBMETALINK_LIBS])
+      AC_SUBST([LIBMETALINK_LDFLAGS])
+      AC_SUBST([LIBMETALINK_CFLAGS])
+      curl_mtlnk_msg="enabled"
+    fi
+
+  fi
+fi
+
 dnl **********************************************************************
 dnl Check for the presence of LIBSSH2 libraries and headers
 dnl **********************************************************************
@@ -2413,6 +2558,10 @@ AC_HELP_STRING([--disable-versioned-symbols], [Disable versioned symbols in shar
          versioned_symbols_flavour="CYASSL_"
        elif test "x$AXTLS_ENABLED" == "x1"; then
          versioned_symbols_flavour="AXTLS_"
+        elif test "x$WINSSL_ENABLED" == "x1"; then
+          versioned_symbols_flavour="WINSSL_"
+        elif test "x$DARWINSSL_ENABLED" == "x1"; then
+          versioned_symbols_flavour="DARWINSSL_"
        else
          versioned_symbols_flavour=""
        fi
@@ -2431,6 +2580,78 @@ AC_MSG_RESULT(no)
 AC_SUBST(VERSIONED_FLAVOUR, ["$versioned_symbols_flavour"])
 AM_CONDITIONAL(VERSIONED_SYMBOLS, test "x$versioned_symbols" = "xyes")

+dnl -------------------------------------------------
+dnl check winidn option before other IDN libraries
+dnl -------------------------------------------------
+
+AC_MSG_CHECKING([whether to enable Windows native IDN (Windows native builds only)])
+OPT_WINIDN="default"
+AC_ARG_WITH(winidn,
+AC_HELP_STRING([--with-winidn=PATH],[enable Windows native IDN])
+AC_HELP_STRING([--without-winidn], [disable Windows native IDN]),
+  OPT_WINIDN=$withval)
+case "$OPT_WINIDN" in
+  no|default)
+    dnl --without-winidn option used or configure option not specified
+    want_winidn="no"
+    AC_MSG_RESULT([no])
+    ;;
+  yes)
+    dnl --with-winidn option used without path
+    want_winidn="yes"
+    want_winidn_path="default"
+    AC_MSG_RESULT([yes])
+    ;;
+  *)
+    dnl --with-winidn option used with path
+    want_winidn="yes"
+    want_winidn_path="$withval"
+    AC_MSG_RESULT([yes ($withval)])
+    ;;
+esac
+
+if test "$want_winidn" = "yes"; then
+  dnl winidn library support has been requested
+  clean_CPPFLAGS="$CPPFLAGS"
+  clean_LDFLAGS="$LDFLAGS"
+  clean_LIBS="$LIBS"
+  WINIDN_LIBS="-lnormaliz"
+  #
+  if test "$want_winidn_path" != "default"; then
+    dnl path has been specified
+    dnl pkg-config not available or provides no info
+    WINIDN_LDFLAGS="-L$want_winidn_path/lib$libsuff"
+    WINIDN_CPPFLAGS="-I$want_winidn_path/include"
+    WINIDN_DIR="$want_winidn_path/lib$libsuff"
+  fi
+  #
+  CPPFLAGS="$WINIDN_CPPFLAGS $CPPFLAGS"
+  LDFLAGS="$WINIDN_LDFLAGS $LDFLAGS"
+  LIBS="$WINIDN_LIBS $LIBS"
+  #
+  AC_MSG_CHECKING([if IdnToUnicode can be linked])
+  AC_LINK_IFELSE([
+    AC_LANG_FUNC_LINK_TRY([IdnToUnicode])
+  ],[
+    AC_MSG_RESULT([yes])
+    tst_links_winidn="yes"
+  ],[
+    AC_MSG_RESULT([no])
+    tst_links_winidn="no"
+  ])
+  #
+  if test "$tst_links_winidn" = "yes"; then
+    AC_DEFINE(USE_WIN32_IDN, 1, [Define to 1 if you have the `normaliz' (WinIDN) library (-lnormaliz).])
+    AC_DEFINE(WANT_IDN_PROTOTYPES, 1, [Define to 1 to provide own prototypes.])
+    AC_SUBST([IDN_ENABLED], [1])
+    curl_idn_msg="enabled (Windows-native)"
+  else
+    AC_MSG_WARN([Cannot find libraries for IDN support: IDN disabled])
+    CPPFLAGS="$clean_CPPFLAGS"
+    LDFLAGS="$clean_LDFLAGS"
+    LIBS="$clean_LIBS"
+  fi
+fi

 dnl **********************************************************************
 dnl Check for the presence of IDN libraries and headers
@@ -2853,10 +3074,6 @@ if test "$ipv6" = "yes"; then
  CURL_CHECK_NI_WITHSCOPEID
 fi

-dnl ************************************************************
-dnl enable non-blocking communications
-dnl
-CURL_CHECK_OPTION_NONBLOCKING
 CURL_CHECK_NONBLOCKING_SOCKET

 dnl ************************************************************
@@ -2985,10 +3202,20 @@ AC_HELP_STRING([--disable-sspi],[Disable SSPI]),
       fi
       ;;
  *)
-       AC_MSG_RESULT(no)
+       if test "x$WINSSL_ENABLED" = "x1"; then
+         # --with-winssl implies --enable-sspi
+         AC_MSG_RESULT(yes)
+       else
+         AC_MSG_RESULT(no)
+       fi
       ;;
  esac ],
-       AC_MSG_RESULT(no)
+       if test "x$WINSSL_ENABLED" = "x1"; then
+         # --with-winssl implies --enable-sspi
+         AC_MSG_RESULT(yes)
+       else
+         AC_MSG_RESULT(no)
+       fi
 )

 dnl ************************************************************
@@ -3119,7 +3346,7 @@ AC_SUBST(ENABLE_SHARED)

 dnl
 dnl For keeping supported features and protocols also in pkg-config file
-dnl since it is more cross-compile frient than curl-config
+dnl since it is more cross-compile friendly than curl-config
 dnl

 if test "x$USE_SSLEAY" = "x1"; then
@@ -3147,7 +3374,8 @@ if test "x$USE_WINDOWS_SSPI" = "x1"; then
 fi
 if test "x$CURL_DISABLE_HTTP" != "x1"; then
  if test "x$USE_SSLEAY" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \
-      -o "x$GNUTLS_ENABLED" = "x1" -o "x$NSS_ENABLED" = "x1"; then
+      -o "x$GNUTLS_ENABLED" = "x1" -o "x$NSS_ENABLED" = "x1" \
+      -o "x$DARWINSSL_ENABLED" = "x1"; then
    SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM"
    if test "x$NTLM_WB_ENABLED" = "x1"; then
      SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM_WB"
@@ -3316,6 +3544,7 @@ AC_MSG_NOTICE([Configured to build curl/libcurl:
  LDAPS support:    ${curl_ldaps_msg}
  RTSP support:     ${curl_rtsp_msg}
  RTMP support:     ${curl_rtmp_msg}
+  metalink support: ${curl_mtlnk_msg}
  Protocols:        ${SUPPORT_PROTOCOLS}
 ])

--- a/curl-config.in
+++ b/curl-config.in
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 2001 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 2001 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -24,6 +24,7 @@
 prefix=@prefix@
 exec_prefix=@exec_prefix@
 includedir=@includedir@
+cppflag_curl_staticlib=@CPPFLAG_CURL_STATICLIB@

 usage()
 {
@@ -128,10 +129,15 @@ while test $# -gt 0; do
 	;;

    --cflags)
-       	if test "X@includedir@" = "X/usr/include"; then
-          echo ""
+        if test "X$cppflag_curl_staticlib" = "X-DCURL_STATICLIB"; then
+          CPPFLAG_CURL_STATICLIB="-DCURL_STATICLIB "
        else
-          echo "-I@includedir@"
+          CPPFLAG_CURL_STATICLIB=""
+        fi
+       	if test "X@includedir@" = "X/usr/include"; then
+          echo "$CPPFLAG_CURL_STATICLIB"
+        else
+          echo "${CPPFLAG_CURL_STATICLIB}-I@includedir@"
        fi
       	;;

--- a/docs/BUGS
+++ b/docs/BUGS
@@ -35,9 +35,11 @@ BUGS
  have a go at a solution. You can optionally also post your bug/problem at
  curl's bug tracking system over at

-        http://sourceforge.net/bugs/?group_id=976
+        http://sourceforge.net/tracker/?group_id=976&atid=100976

-  (but please read the sections below first before doing that)
+  Please read the rest of this document below first before doing that! Also,
+  you need to login to your sourceforge account before being able to submit a
+  bug report (necessary evil done to avoid spam).

  If you feel you need to ask around first, find a suitable mailing list and
  post there. The lists are available on http://curl.haxx.se/mail/
@@ -91,7 +93,7 @@ BUGS
  your problem and to work on a fix (if we agree it truly is a problem).

  Lots of problems that appear to be libcurl problems are actually just abuses
-  of the libcurl API or other malfunctions in your applications. It is adviced
+  of the libcurl API or other malfunctions in your applications. It is advised
  that you run your problematic program using a memory debug tool like
  valgrind or similar before you post memory-related or "crashing" problems to
  us.
--- a/docs/CONTRIBUTE
+++ b/docs/CONTRIBUTE
@@ -279,7 +279,7 @@

 3.6 Please don't send pull requests

- With git (and expecially github) it is easy and tempting to send a pull
+ With git (and especially github) it is easy and tempting to send a pull
 request to one or more people in the curl project to have changes merged this
 way instead of mailing patches to the curl-library mailing list.

@@ -294,7 +294,7 @@

 - Commit messages can be tweaked and changed if merged locally instead of
   using github. Merges directly on github requires the changes to be perfect
-   already, which they seldomly are.
+   already, which they seldom are.

 - Merges on github prevents rebases and even enforces --no-ff which is a git
   style we don't otherwise use in the project
--- a/docs/FAQ
+++ b/docs/FAQ
@@ -1,4 +1,3 @@
-Updated: December 7, 2011 (http://curl.haxx.se/docs/faq.html)
                                  _   _ ____  _
                              ___| | | |  _ \| |
                             / __| | | | |_) | |
@@ -97,6 +96,7 @@ FAQ
  5.13 How do I stop an ongoing transfer?
  5.14 Using C++ non-static functions for callbacks?
  5.15 How do I get an FTP directory listing?
+  5.16 I want a different time-out!

 6. License Issues
  6.1 I have a GPL program, can I use the libcurl library?
@@ -138,7 +138,7 @@ FAQ

    libcurl is highly portable, it builds and works identically on numerous
    platforms, including Solaris, NetBSD, FreeBSD, OpenBSD, Darwin, HPUX,
-    IRIX, AIX, Tru64, Linux, UnixWare, HURD, Windows, Amiga, OS/2, BeOs, Mac
+    IRIX, AIX, Tru64, Linux, UnixWare, HURD, Windows, Amiga, OS/2, BeOS, Mac
    OS X, Ultrix, QNX, OpenVMS, RISC OS, Novell NetWare, DOS, Symbian, OSF,
    Android, Minix, IBM TPF and more...

@@ -807,7 +807,7 @@ FAQ

    4.5.3 "403 Forbidden"

-    The server understood the request, but is refusing to fulfill it.
+    The server understood the request, but is refusing to fulfil it.
    Authorization will not help and the request SHOULD NOT be repeated.

    4.5.4 "404 Not Found"
@@ -1294,6 +1294,22 @@ FAQ
  libcurl since 7.21.0 also provide the ability to specify a wildcard to
  download multiple files from one FTP directory.

+  5.16 I want a different time-out!
+
+  Time and time again users realize that CURLOPT_TIMEOUT and
+  CURLOPT_CONNECTIMEOUT are not sufficiently advanced or flexible to cover all
+  the various use cases and scenarios applications end up with.
+
+  libcurl offers many more ways to time-out operations. A common alternative
+  is to use the CURLOPT_LOW_SPEED_LIMIT and CURLOPT_LOW_SPEED_TIME options to
+  specify the lowest possible speed to accept before to consider the transfer
+  timed out.
+
+  The most flexible way is by writing your own time-out logic and using
+  CURLOPT_PROGRESSFUNCTION (perhaps in combination with other callbacks) and
+  use that to figure out exactly when the right condition is met when the
+  transfer should get stopped.
+

 6. License Issues

--- a/docs/FEATURES
+++ b/docs/FEATURES
@@ -26,12 +26,12 @@ libcurl supports
 - compiles on win32 (reported builds on 40+ operating systems)
 - selectable network interface for outgoing traffic
 - IPv6 support on unix and Windows
- - persistant connections
+ - persistent connections
 - socks5 support
 - supports user name + password in proxy environment variables
 - operations through proxy "tunnel" (using CONNECT)
 - supports large files (>2GB and >4GB) both upload/download
- - replacable memory functions (malloc, free, realloc, etc)
+ - replaceable memory functions (malloc, free, realloc, etc)
 - asynchronous name resolving (*6)
 - both a push and a pull style interface

@@ -125,7 +125,7 @@ FILE
 FOOTNOTES
 =========

-  *1 = requires OpenSSL, GnuTLS, NSS, yassl, axTLS or PolarSSL
+  *1 = requires OpenSSL, GnuTLS, NSS, yassl, axTLS, PolarSSL or schannel
  *2 = requires OpenLDAP
  *3 = requires a GSSAPI-compliant library, such as Heimdal or similar.
  *4 = requires FBopenssl
--- a/docs/HTTP-COOKIES
+++ b/docs/HTTP-COOKIES
@@ -0,0 +1,123 @@
+Updated: July 3, 2012 (http://curl.haxx.se/docs/http-cookies.html)
+                                  _   _ ____  _
+                              ___| | | |  _ \| |
+                             / __| | | | |_) | |
+                            | (__| |_| |  _ <| |___
+                             \___|\___/|_| \_\_____|
+
+
+HTTP Cookies
+
+ 1. HTTP Cookies
+ 1.1 Cookie overview
+ 1.2 Cookies saved to disk
+ 1.3 Cookies with curl the command line tool
+ 1.4 Cookies with libcurl
+ 1.5 Cookies with javascript
+
+==============================================================================
+
+1. HTTP Cookies
+
+  1.1 Cookie overview
+
+  HTTP cookies are pieces of 'name=contents' snippets that a server tells the
+  client to hold and then the client sends back those the server on subsequent
+  requests to the same domains/paths for which the cookies were set.
+
+  Cookies are either "session cookies" which typically are forgotten when the
+  session is over which is often translated to equal when browser quits, or
+  the cookies aren't session cookies they have expiration dates after which
+  the client will throw them away.
+
+  Cookies are set to the client with the Set-Cookie: header and are sent to
+  servers with the Cookie: header.
+
+  For a very long time, the only spec explaining how to use cookies was the
+  original Netscape spec from 1994: http://curl.haxx.se/rfc/cookie_spec.html
+
+  In 2011, RFC6265 (http://www.ietf.org/rfc/rfc6265.txt) was finally published
+  and details how cookies work within HTTP.
+
+  1.2 Cookies saved to disk
+
+  Netscape once created a file format for storing cookies on disk so that they
+  would survive browser restarts. curl adopted that file format to allow
+  sharing the cookies with browsers, only to see browsers move away from that
+  format. Modern browsers no longer use it, while curl still does.
+
+  The netscape cookie file format stores one cookie per physical line in the
+  file with a bunch of associated meta data, each field separated with
+  TAB. That file is called the cookiejar in curl terminology.
+
+  When libcurl saves a cookiejar, it creates a file header of its own in which
+  there is a URL mention that will link to the web version of this document.
+
+  1.3 Cookies with curl the command line tool
+
+  curl has a full cookie "engine" built in. If you just activate it, you can
+  have curl receive and send cookies exactly as mandated in the specs.
+
+  Command line options:
+
+  -b, --cookie
+
+    tell curl a file to read cookies from and start the cookie engine, or if
+    it isn't a file it will pass on the given string. -b name=var works and so
+    does -b cookiefile.
+
+  -j, --junk-session-cookies
+
+    when used in combination with -b, it will skip all "session cookies" on
+    load so as to appear to start a new cookie session.
+
+  -c, --cookie-jar
+
+    tell curl to start the cookie engine and write cookies to the given file
+    after the request(s)
+
+  1.4 Cookies with libcurl
+
+  libcurl offers several ways to enable and interface the cookie engine. These
+  options are the ones provided by the native API. libcurl bindings may offer
+  access to them using other means.
+
+  CURLOPT_COOKIE
+
+    Is used when you want to specify the exact contents of a cookie header to
+    send to the server.
+
+  CURLOPT_COOKIEFILE
+
+    Tell libcurl to activate the cookie engine, and to read the initial set of
+    cookies from the given file. Read-only.
+
+  CURLOPT_COOKIEJAR
+
+    Tell libcurl to activate the cookie engine, and when the easy handle is
+    closed save all known cookies to the given cookiejar file. Write-only.
+
+  CURLOPT_COOKIELIST
+
+    Provide detailed information about a single cookie to add to the internal
+    storage of cookies. Pass in the cookie as a HTTP header with all the
+    details set, or pass in a line from a netscape cookie file. This option
+    can also be used to flush the cookies etc.
+    
+  CURLINFO_COOKIELIST
+
+    Extract cookie information from the internal cookie storage as a linked
+    list.
+
+  1.5 Cookies with javascript
+
+  These days a lot of the web is built up by javascript. The webbrowser loads
+  complete programs that render the page you see. These javascript programs
+  can also set and access cookies.
+
+  Since curl and libcurl are plain HTTP clients without any knowledge of or
+  capability to handle javascript, such cookies will not be detected or used.
+
+  Often, if you want to mimic what a browser does on such web sites, you can
+  record web browser HTTP traffic when using such a site and then repeat the
+  cookie operations using curl or libcurl.
--- a/docs/INSTALL
+++ b/docs/INSTALL
@@ -157,6 +157,9 @@ UNIX
     To get support for SCP and SFTP, build with --with-libssh2 and have
     libssh2 0.16 or later installed.

+     To get Metalink support, build with --with-libmetalink and have the
+     libmetalink packages installed.
+
   SPECIAL CASES
   -------------
   Some versions of uClibc require configuring with CPPFLAGS=-D_GNU_SOURCE=1
@@ -197,6 +200,9 @@ Win32
   first to rebuild every single library your app uses as well as your
   app using the debug multithreaded dynamic C runtime.

+   If you get linkage errors read section 5.7 of the FAQ document.
+
+
   MingW32
   -------

@@ -540,7 +546,7 @@ VMS
   Curl seems to work with FTP & HTTP other protocols are not tested.  (the
   perl http/ftp testing server supplied as testing too cannot work on VMS
   because vms has no concept of fork(). [ I tried to give it a whack, but
-   thats of no use.
+   that's of no use.

   SSL stuff has not been ported.

@@ -673,7 +679,7 @@ NetWare
     you can find precompiled packages at:
     http://www.gknw.net/development/ossl/netware/
     for CLIB-based builds OpenSSL 0.9.8h or later is required  - earlier versions
-     dont support buildunf with CLIB BSD sockets.
+     don't support building with CLIB BSD sockets.
   - optional SSH2 sources (version 0.17 or later);

   Set a search path to your compiler, linker and tools; on Linux make
@@ -843,10 +849,10 @@ Android
   Method using the static makefile:
      - see the build notes in the Android.mk file.

-   Method using a configure cross-compile (tested with Android NDK r7b):
+   Method using a configure cross-compile (tested with Android NDK r7c, r8):
      - prepare the toolchain of the Android NDK for standalone use; this can
        be done by invoking the script:
-        ./tools/make-standalone-toolchain.sh
+        ./build/tools/make-standalone-toolchain.sh
        which creates a usual cross-compile toolchain. Lets assume that you put
        this toolchain below /opt then invoke configure with something like:
        export PATH=/opt/arm-linux-androideabi-4.4.3/bin:$PATH
@@ -865,6 +871,20 @@ Android
        found in your automake folder:
        find /usr -name config.sub

+   Wrapper for pkg-config
+      - In order to make proper use of pkg-config so that configure is able to
+        find all dependencies you should create a wrapper script for pkg-config;
+        file /opt/arm-linux-androideabi-4.4.3/bin/arm-linux-androideabi-pkg-config:
+
+        #!/bin/sh
+        SYSROOT=$(dirname ${0%/*})/sysroot
+        export PKG_CONFIG_DIR=
+        export PKG_CONFIG_LIBDIR=${SYSROOT}/usr/local/lib/pkgconfig:${SYSROOT}/usr/share/pkgconfig
+        export PKG_CONFIG_SYSROOT_DIR=${SYSROOT}
+        exec pkg-config "$@"
+
+        also create a copy or symlink with name arm-unknown-linux-androideabi-pkg-config.
+

 CROSS COMPILE
 =============
@@ -950,8 +970,9 @@ REDUCING SIZE
   The GNU compiler and linker have a number of options that can reduce the
   size of the libcurl dynamic libraries on some platforms even further.
   Specify them by providing appropriate CFLAGS and LDFLAGS variables on the
-   configure command-line:
-     CFLAGS="-ffunction-sections -fdata-sections" \
+   configure command-line, e.g.
+     CFLAGS="-Os -ffunction-sections -fdata-sections \
+             -fno-unwind-tables -fno-asynchronous-unwind-tables" \
     LDFLAGS="-Wl,-s -Wl,-Bsymbolic -Wl,--gc-sections"

   Be sure also to strip debugging symbols from your binaries after
@@ -961,9 +982,9 @@ REDUCING SIZE
   .comment section).

   Using these techniques it is possible to create a basic HTTP-only shared
-   libcurl library for i386 Linux platforms that is only 101 KiB in size, and
-   an FTP-only library that is 105 KiB in size (as of libcurl version 7.21.5,
-   using gcc 4.4.3).
+   libcurl library for i386 Linux platforms that is only 106 KiB in size, and
+   an FTP-only library that is 108 KiB in size (as of libcurl version 7.27.0,
+   using gcc 4.6.3).

   You may find that statically linking libcurl to your application will
   result in a lower total size than dynamically linking.
--- a/docs/INSTALL.cmake
+++ b/docs/INSTALL.cmake
@@ -11,13 +11,32 @@ Building with CMake
   This document describes how to compile, build and install curl and libcurl
   from source code using the CMake build tool. To build with CMake, you will
   of course have to first install CMake.  The minimum required version of
-   CMake is specifed in the file CMakeLists.txt found in the top of the curl
+   CMake is specified in the file CMakeLists.txt found in the top of the curl
   source tree. Once the correct version of CMake is installed you can follow
   the instructions below for the platform you are building on.

   CMake builds can be configured either from the command line, or from one
   of CMake's GUI's.

+Current flaws in the curl CMake build
+=====================================
+
+   Missing features in the cmake build:
+
+   - Builds libcurl without large file support
+   - It doesn't build src/hugehelp.c which creates the --manual output
+   - Can't select which SSL library to build with, only OpenSSL
+   - Doesn't build with SCP and SFTP support (libssh2)
+   - Doesn't allow different resolver backends (no c-ares build support)
+   - No RTMP support built
+   - Doesn't allow build curl and libcurl debug enabled
+   - Doesn't allow a custom CA bundle path
+   - Doesn't allow you to disable specific protocols from the build
+   - Doesn't properly enable IPv6 support by default
+   - Doesn't find or use krb4 or GSS
+   - Rebuilds test files too eagerly, but still can't run the tests
+
+
 Important notice
 ==================
   If you got your curl sources from a distribution tarball, make sure to
@@ -31,27 +50,33 @@ Important notice

 Command Line CMake
 ==================
-   A command line build of Curl is similar to the autotools build of Curl. It
+   A CMake build of curl is similar to the autotools build of curl. It
   consists of the following steps after you have unpacked the source.
-       # 1st create an out of source build tree parallel to the curl source
-       # tree and change into that directory
-       mkdir curl-build
-       cd curl-build
-       # now run CMake from the build tree, giving it the path to the top of
-       # the Curl source tree.  CMake will pick a compiler for you. If you
-       # want to specifiy the compile, you can set the CC environment
-       # variable prior to running CMake.
-       cmake ../curl
-       make
-       # currently make test is not implemented
-       #make test
-       # Install to default location:
-       make install
+
+    1. Create an out of source build tree parallel to the curl source
+       tree and change into that directory
+
+    $ mkdir curl-build
+    $ cd curl-build
+
+    2. Run CMake from the build tree, giving it the path to the top of
+       the curl source tree.  CMake will pick a compiler for you. If you
+       want to specify the compile, you can set the CC environment
+       variable prior to running CMake.
+
+    $ cmake ../curl
+    $ make
+
+    3. Install to default location:
+
+    $ make install
+
+    (The teste suit does not work with the cmake build)

 ccmake
 =========
     CMake comes with a curses based interface called ccmake.  To run ccmake on
-     a curl use the instructions for the command line cmake, but substitue
+     a curl use the instructions for the command line cmake, but substitute
     ccmake ../curl for cmake ../curl.  This will bring up a curses interface
     with instructions on the bottom of the screen. You can press the "c" key
     to configure the project, and the "g" key to generate the project. After
@@ -65,7 +90,7 @@ cmake-gui
        the curl source tree.
        2. Fill in the "Where to build the binaries" combo box with the path
        to the directory for your build tree, ideally this should not be the
-        same as the source tree, but a parallel diretory called curl-build or
+        same as the source tree, but a parallel directory called curl-build or
        something similar.
        3. Once the source and binary directories are specified, press the
        "Configure" button.
@@ -73,5 +98,5 @@ cmake-gui
        5. At this point you can change any of the options presented in the
        GUI.  Once you have selected all the options you want, click the
        "Generate" button.
-        6. Run the native build tool that you used CMake to genratate.
+        6. Run the native build tool that you used CMake to generate.

--- a/docs/INSTALL.devcpp
+++ b/docs/INSTALL.devcpp
@@ -26,7 +26,7 @@ exists for a Unix/linux command line environments. This is of little help when
 it comes to Windows O/S.

 Secondly the help that does exist for the Windows O/S focused around mingw
-thru a command line argument environment.
+through a command line argument environment.

 You may ask "Why is this a problem?"

--- a/docs/INTERNALS
+++ b/docs/INTERNALS
@@ -220,7 +220,7 @@ Library
 done" loop. It loops if there's a Location: to follow.

 When completed, the curl_easy_cleanup() should be called to free up used
- resources. It runs Curl_disconnect() on all open connectons.
+ resources. It runs Curl_disconnect() on all open connections.

 A quick roundup on internal function sequences (many of these call
 protocol-specific function-pointers):
--- a/docs/KNOWN_BUGS
+++ b/docs/KNOWN_BUGS
@@ -3,13 +3,23 @@ join in and help us correct one or more of these! Also be sure to check the
 changelog of the current development status, as one or more of these problems
 may have been fixed since this was written!

+80. Curl doesn't recognize certificates in DER format in keychain, but it
+  works with PEM.
+  http://curl.haxx.se/bug/view.cgi?id=3439999
+
+79. SMTP. When sending data to multiple recipients, curl will abort and return
+  failure if one of the recipients indicate failure (on the "RCPT TO"
+  command). Ordinary mail programs would proceed and still send to the ones
+  that can receive data. This is subject for change in the future.
+  http://curl.haxx.se/bug/view.cgi?id=3438362
+
 78. curl and libcurl don't always signal the client properly when "sending"
  zero bytes files - it makes for example the command line client not creating
  any file at all. Like when using FTP.
  http://curl.haxx.se/bug/view.cgi?id=3438362

 77. CURLOPT_FORBID_REUSE on a handle prevents NTLM from working since it
-  "absuses" the underlying connection re-use system and if connections are
+  "abuses" the underlying connection re-use system and if connections are
  forced to close they break the NTLM support.

 76. The SOCKET type in Win64 is 64 bits large (and thus so is curl_socket_t on
@@ -17,10 +27,15 @@ may have been fixed since this was written!
  curl_easy_getinfo() to return a socket properly with the CURLINFO_LASTSOCKET
  option as for all other operating systems.

-75. NTLM authentication involving unicode user name or password.
+75. NTLM authentication involving unicode user name or password only works
+  properly if built with UNICODE defined together with the schannel/winssl
+  backend. The original problem was mentioned in:
  http://curl.haxx.se/mail/lib-2009-10/0024.html
  http://curl.haxx.se/bug/view.cgi?id=2944325

+  The schannel version verified to work as mentioned in
+  http://curl.haxx.se/mail/lib-2012-07/0073.html
+
 73. if a connection is made to a FTP server but the server then just never
  sends the 220 response or otherwise is dead slow, libcurl will not
  acknowledge the connection timeout during that phase but only the "real"
@@ -119,13 +134,6 @@ may have been fixed since this was written!
 38. Kumar Swamy Bhatt's problem in ftp/ssl "LIST" operation:
  http://curl.haxx.se/mail/lib-2007-01/0103.html

-37. Having more than one connection to the same host when doing NTLM
-  authentication (with performs multiple "passes" and authenticates a
-  connection rather than a HTTP request), and particularly when using the
-  multi interface, there's a risk that libcurl will re-use a wrong connection
-  when doing the different passes in the NTLM negotiation and thus fail to
-  negotiate (in seemingly mysterious ways).
-
 35. Both SOCKS5 and SOCKS4 proxy connections are done blocking, which is very
  bad when used with the multi interface.

@@ -155,7 +163,6 @@ may have been fixed since this was written!
  to what winhttp does. See http://curl.haxx.se/bug/view.cgi?id=1281867

 23. SOCKS-related problems:
-  A) libcurl doesn't support SOCKS for IPv6.
  B) libcurl doesn't support FTPS over a SOCKS proxy.
  E) libcurl doesn't support active FTP over a SOCKS proxy

--- a/docs/MAIL-ETIQUETTE
+++ b/docs/MAIL-ETIQUETTE
@@ -59,7 +59,7 @@ MAIL ETIQUETTE
  no way to read the reply, but to ask the one person the question. The one
  person consequently gets overloaded with mail.

-  If you really want to contact an individual and perhaps pay for his or her's
+  If you really want to contact an individual and perhaps pay for his or her
  services, by all means go ahead, but if it's just another curl question,
  take it to a suitable list instead.

@@ -92,7 +92,7 @@ MAIL ETIQUETTE

  1.6 Handling trolls and spam

-  Despite our good intensions and hard work to keep spam off the lists and to
+  Despite our good intentions and hard work to keep spam off the lists and to
  maintain a friendly and positive atmosphere, there will be times when spam
  and or trolls get through.

@@ -170,8 +170,8 @@ MAIL ETIQUETTE
      Q: What is the most annoying thing in e-mail?

  Apart from the screwed up read order (especially when mixed together in a
-  thread when some responds doing the mandaded bottom-posting style), it also
-  makes it impossible to quote only parts of the original mail.
+  thread when someone responds using the mandated bottom-posting style), it
+  also makes it impossible to quote only parts of the original mail.

  When you reply to a mail. You let the mail client insert the previous mail
  quoted. Then you put the cursor on the first line of the mail and you move
--- a/docs/MANUAL
+++ b/docs/MANUAL
@@ -19,7 +19,7 @@ SIMPLE USAGE

        curl http://www.weirdserver.com:8000/

-  Get a list of a directory of an FTP site:
+  Get a directory listing of an FTP site:

        curl ftp://cool.haxx.se/

@@ -54,7 +54,7 @@ SIMPLE USAGE

 DOWNLOAD TO A FILE

-  Get a web page and store in a local file:
+  Get a web page and store in a local file with a specific name:

        curl -o thatpage.html http://www.netscape.com/

@@ -113,9 +113,10 @@ USING PASSWORDS
   ones out of the ones that the server accepts for the given URL, by using
   --anyauth.

-   NOTE! Since HTTP URLs don't support user and password, you can't use that
-   style when using Curl via a proxy. You _must_ use the -u style fetch
-   during such circumstances.
+   NOTE! According to the URL specification, HTTP URLs can not contain a user
+   and password, so that style will not work when using curl via a proxy, even
+   though curl allows it at other times. When using a proxy, you _must_ use
+   the -u style for user and password.

 HTTPS

@@ -133,7 +134,7 @@ PROXY

        curl -x my-proxy:888 ftp://ftp.leachsite.com/README

- Get a file from a HTTP server that requires user and password, using the
+ Get a file from an HTTP server that requires user and password, using the
 same proxy as above:

        curl -u user:passwd -x my-proxy:888 http://www.get.this/
@@ -171,7 +172,7 @@ PROXY

 RANGES

-  With HTTP 1.1 byte-ranges were introduced. Using this, a client can request
+  HTTP 1.1 introduced byte-ranges. Using this, a client can request
  to get only one or more subparts of a specified document. Curl supports
  this with the -r flag.

@@ -202,8 +203,8 @@ UPLOADING

        curl -T uploadfile -u user:passwd ftp://ftp.upload.com/myfile

-  Upload a local file to the remote site, and use the local file name remote
-  too:
+  Upload a local file to the remote site, and use the local file name at the remote
+  site too:

        curl -T uploadfile -u user:passwd ftp://ftp.upload.com/

@@ -219,14 +220,14 @@ UPLOADING

 HTTP

-  Upload all data on stdin to a specified http site:
+  Upload all data on stdin to a specified HTTP site:

        curl -T - http://www.upload.com/myfile

-  Note that the http server must have been configured to accept PUT before
+  Note that the HTTP server must have been configured to accept PUT before
  this can be done successfully.

-  For other ways to do http data upload, see the POST section below.
+  For other ways to do HTTP data upload, see the POST section below.

 VERBOSE / DEBUG

@@ -289,7 +290,7 @@ POST (HTTP)
  The 'variable' names are the names set with "name=" in the <input> tags, and
  the data is the contents you want to fill in for the inputs. The data *must*
  be properly URL encoded. That means you replace space with + and that you
-  write weird letters with %XX where XX is the hexadecimal representation of
+  replace weird letters with %XX where XX is the hexadecimal representation of
  the letter's ASCII code.

  Example:
@@ -361,8 +362,8 @@ POST (HTTP)

 REFERRER

-  A HTTP request has the option to include information about which address
-  that referred to actual page.  Curl allows you to specify the
+  An HTTP request has the option to include information about which address
+  referred it to the actual page.  Curl allows you to specify the
  referrer to be used on the command line. It is especially useful to
  fool or trick stupid servers or CGI scripts that rely on that information
  being available or contain certain data.
@@ -373,7 +374,7 @@ REFERRER

 USER AGENT

-  A HTTP request has the option to include information about the browser
+  An HTTP request has the option to include information about the browser
  that generated the request. Curl allows it to be specified on the command
  line. It is especially useful to fool or trick stupid servers or CGI
  scripts that only accept certain browsers.
@@ -613,21 +614,21 @@ SFTP and SCP and PATH NAMES
 FTP and firewalls

  The FTP protocol requires one of the involved parties to open a second
-  connection as soon as data is about to get transfered. There are two ways to
+  connection as soon as data is about to get transferred. There are two ways to
  do this.

  The default way for curl is to issue the PASV command which causes the
  server to open another port and await another connection performed by the
-  client. This is good if the client is behind a firewall that don't allow
+  client. This is good if the client is behind a firewall that doesn't allow
  incoming connections.

        curl ftp.download.com

-  If the server for example, is behind a firewall that don't allow connections
-  on other ports than 21 (or if it just doesn't support the PASV command), the
+  If the server, for example, is behind a firewall that doesn't allow connections
+  on ports other than 21 (or if it just doesn't support the PASV command), the
  other way to do it is to use the PORT command and instruct the server to
-  connect to the client on the given (as parameters to the PORT command) IP
-  number and port.
+  connect to the client on the given IP number and port (as parameters to the
+  PORT command).

  The -P flag to curl supports a few different options. Your machine may have
  several IP-addresses and/or network interfaces and curl allows you to select
@@ -685,8 +686,8 @@ HTTPS
  If you neglect to specify the password on the command line, you will be
  prompted for the correct password before any data can be received.

-  Many older SSL-servers have problems with SSLv3 or TLS, that newer versions
-  of OpenSSL etc is using, therefore it is sometimes useful to specify what
+  Many older SSL-servers have problems with SSLv3 or TLS, which newer versions
+  of OpenSSL etc use, therefore it is sometimes useful to specify what
  SSL-version curl should use. Use -3, -2 or -1 to specify that exact SSL
  version to use (for SSLv3, SSLv2 or TLSv1 respectively):

@@ -695,14 +696,13 @@ HTTPS
  Otherwise, curl will first attempt to use v3 and then v2.

  To use OpenSSL to convert your favourite browser's certificate into a PEM
-  formatted one that curl can use, do something like this (assuming netscape,
-  but IE is likely to work similarly):
+  formatted one that curl can use, do something like this:

-    You start with hitting the 'security' menu button in netscape.
+    In Netscape, you start with hitting the 'Security' menu button.

    Select 'certificates->yours' and then pick a certificate in the list

-    Press the 'export' button
+    Press the 'Export' button

    enter your PIN code for the certs

@@ -713,11 +713,21 @@ HTTPS

     # ./apps/openssl pkcs12 -in [file you saved] -clcerts -out [PEMfile]

+    In Firefox, select Options, then Advanced, then the Encryption tab,
+    View Certificates. This opens the Certificate Manager, where you can
+    Export. Be sure to select PEM for the Save as type.
+
+    In Internet Explorer, select Internet Options, then the Content tab, then
+    Certificates. Then you can Export, and depending on the format you may
+    need to convert to PEM.
+
+    In Chrome, select Settings, then Show Advanced Settings. Under HTTPS/SSL
+    select Manage Certificates.

 RESUMING FILE TRANSFERS

 To continue a file transfer where it was previously aborted, curl supports
- resume on http(s) downloads as well as ftp uploads and downloads.
+ resume on HTTP(S) downloads as well as FTP uploads and downloads.

 Continue downloading a document:

@@ -731,7 +741,7 @@ RESUMING FILE TRANSFERS

        curl -C - -o file http://www.server.com/

- (*1) = This requires that the ftp server supports the non-standard command
+ (*1) = This requires that the FTP server supports the non-standard command
        SIZE. If it doesn't, curl will say so.

 (*2) = This requires that the web server supports at least HTTP/1.1. If it
@@ -740,7 +750,7 @@ RESUMING FILE TRANSFERS
 TIME CONDITIONS

 HTTP allows a client to specify a time condition for the document it
- requests. It is If-Modified-Since or If-Unmodified-Since. Curl allow you to
+ requests. It is If-Modified-Since or If-Unmodified-Since. Curl allows you to
 specify them with the -z/--time-cond flag.

 For example, you can easily make a download that only gets performed if the
@@ -788,7 +798,7 @@ LDAP
  and offer ldap:// support.

  LDAP is a complex thing and writing an LDAP query is not an easy task. I do
-  advice you to dig up the syntax description for that elsewhere. Two places
+  advise you to dig up the syntax description for that elsewhere. Two places
  that might suit you are:

  Netscape's "Netscape Directory SDK 3.0 for C Programmer's Guide Chapter 10:
@@ -797,7 +807,7 @@ LDAP

  RFC 2255, "The LDAP URL Format" http://curl.haxx.se/rfc/rfc2255.txt

-  To show you an example, this is now I can get all people from my local LDAP
+  To show you an example, this is how I can get all people from my local LDAP
  server that has a certain sub-domain in their email address:

        curl -B "ldap://ldap.frontec.se/o=frontec??sub?mail=*sth.frontec.se"
@@ -831,15 +841,15 @@ ENVIRONMENT VARIABLES
 NETRC

  Unix introduced the .netrc concept a long time ago. It is a way for a user
-  to specify name and password for commonly visited ftp sites in a file so
+  to specify name and password for commonly visited FTP sites in a file so
  that you don't have to type them in each time you visit those sites. You
  realize this is a big security risk if someone else gets hold of your
  passwords, so therefore most unix programs won't read this file unless it is
  only readable by yourself (curl doesn't care though).

-  Curl supports .netrc files if told so (using the -n/--netrc and
-  --netrc-optional options). This is not restricted to only ftp,
-  but curl can use it for all protocols where authentication is used.
+  Curl supports .netrc files if told to (using the -n/--netrc and
+  --netrc-optional options). This is not restricted to just FTP,
+  so curl can use it for all protocols where authentication is used.

  A very simple .netrc file could look something like:

@@ -860,7 +870,7 @@ KERBEROS FTP TRANSFER

  Curl supports kerberos4 and kerberos5/GSSAPI for FTP transfers. You need
  the kerberos package installed and used at curl build time for it to be
-  used.
+  available.

  First, get the krb-ticket the normal way, like with the kinit/kauth tool.
  Then use curl in way similar to:
@@ -895,7 +905,7 @@ TELNET

   - NEW_ENV=<var,val> Sets an environment variable.

-  NOTE: the telnet protocol does not specify any way to login with a specified
+  NOTE: The telnet protocol does not specify any way to login with a specified
  user and password so curl can't do that automatically. To do that, you need
  to track when the login prompt is received and send the username and
  password accordingly.
@@ -914,7 +924,7 @@ PERSISTENT CONNECTIONS
  Note that curl cannot use persistent connections for transfers that are used
  in subsequence curl invokes. Try to stuff as many URLs as possible on the
  same command line if they are using the same host, as that'll make the
-  transfers faster. If you use a http proxy for file transfers, practically
+  transfers faster. If you use an HTTP proxy for file transfers, practically
  all transfers will be persistent.

 MULTIPLE TRANSFERS WITH A SINGLE COMMAND LINE
@@ -955,6 +965,28 @@ IPv6
  IPv6 addresses provided other than in URLs (e.g. to the --proxy, --interface
  or --ftp-port options) should not be URL encoded.

+METALINK
+
+  Curl supports Metalink (both version 3 and 4 (RFC 5854) are supported), a way
+  to list multiple URIs and hashes for a file. Curl will make use of the mirrors
+  listed within for failover if there are errors (such as the file or server not
+  being available). It will also verify the hash of the file after the download
+  completes. The Metalink file itself is downloaded and processed in memory and
+  not stored in the local file system.
+
+  Example to use a remote Metalink file:
+
+    curl --metalink http://www.example.com/example.metalink
+
+  To use a Metalink file in the local file system, use FILE protocol (file://):
+
+    curl --metalink file://example.metalink
+
+  Please note that if FILE protocol is disabled, there is no way to use a local
+  Metalink file at the time of this writing. Also note that if --metalink and
+  --include are used together, --include will be ignored. This is because including
+  headers in the response will break Metalink parser and if the headers are included
+  in the file described in Metalink file, hash check will fail.

 MAILING LISTS

--- a/docs/Makefile.am
+++ b/docs/Makefile.am
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -36,7 +36,7 @@ EXTRA_DIST = MANUAL BUGS CONTRIBUTE FAQ FEATURES INTERNALS SSLCERTS	 \
 README.win32 RESOURCES TODO TheArtOfHttpScripting THANKS VERSIONS	 \
 KNOWN_BUGS BINDINGS $(man_MANS) $(HTMLPAGES) HISTORY INSTALL		 \
 $(PDFPAGES) LICENSE-MIXING README.netware DISTRO-DILEMMA INSTALL.devcpp \
- MAIL-ETIQUETTE
+ MAIL-ETIQUETTE HTTP-COOKIES

 MAN2HTML= roffit < $< >$@

--- a/docs/THANKS
+++ b/docs/THANKS
@@ -65,17 +65,20 @@ Andrew Fuller
 Andrew Moise
 Andrew Wansink
 Andrew de los Reyes
-Andr<EFBFBD>s Garc<EFBFBD>a
+Andrés García
 Andy Cedilnik
 Andy Serpa
 Andy Tsouladze
 Angus Mackay
 Anthony Bryan
+Anthony G. Basile
 Antoine Calando
 Anton Bychkov
 Anton Kalmykov
+Anton Yabchinskiy
 Arkadiusz Miskiewicz
 Armel Asselin
+Arnaud Compan
 Arnaud Ebalard
 Arthur Murray
 Arve Knudsen
@@ -94,6 +97,7 @@ Ben Van Hof
 Ben Winslow
 Benbuck Nason
 Benjamin Gerard
+Benjamin Johnson
 Bernard Leak
 Bernhard Reutner-Fischer
 Bertrand Demiddelaer
@@ -102,7 +106,8 @@ Bill Hoffman
 Bjoern Sikora
 Bjorn Augustsson
 Bjorn Reese
-Bj<EFBFBD>rn Stenberg
+Björn Stenberg
+Blaise Potard
 Bob Richmond
 Bob Schader
 Bogdan Nicula
@@ -143,6 +148,7 @@ Chris Mumford
 Chris Smowton
 Christian Grothoff
 Christian Hagele
+Christian Hägele
 Christian Krause
 Christian Kurz
 Christian Robottom Reis
@@ -171,6 +177,7 @@ Cris Bailiff
 Cristian Rodriguez
 Curt Bogmine
 Cyrill Osterwalder
+Dag Ekengren
 Dagobert Michelsen
 Damien Adant
 Dan Becker
@@ -184,11 +191,11 @@ Dan Zitter
 Daniel Black
 Daniel Cater
 Daniel Egger
-Daniel Fandrich
 Daniel Johnson
 Daniel Mentz
 Daniel Steinberg
 Daniel Stenberg
+Daniel Theron
 Daniel at touchtunes
 Darryl House
 Darshan Mody
@@ -200,6 +207,7 @@ Dave Reisner
 Dave Vasilevsky
 David Bau
 David Binderman
+David Blaikie
 David Byron
 David Cohen
 David Eriksson
@@ -256,6 +264,8 @@ Early Ehlinger
 Ebenezer Ikonne
 Edin Kadribasic
 Eduard Bloch
+Edward Sheldrake
+Eelco Dolstra
 Eetu Ojanen
 Ellis Pritchard
 Emanuele Bovisio
@@ -294,6 +304,7 @@ Frank McGeough
 Frank Meier
 Frank Ticheler
 Frank Van Uffelen
+František Kučera
 Fred Machado
 Fred New
 Fred Noz
@@ -311,7 +322,8 @@ Georg Lippitsch
 Georg Wicherski
 Gerd v. Egidy
 Gerhard Herre
-Gerrit Bruchh<EFBFBD>user
+Gerrit Bruchhäuser
+Ghennadi Procopciuc
 Giancarlo Formicuccia
 Giaslas Georgios
 Gil Weber
@@ -335,7 +347,7 @@ Guenter Knauf
 Guillaume Arluison
 Gustaf Hui
 Gwenole Beauchesne
-G<EFBFBD>tz Babin-Ebell
+Götz Babin-Ebell
 Hamish Mackenzie
 Hang Kin Lau
 Hanno Kranzhoff
@@ -351,6 +363,7 @@ Henrik Storner
 Henry Ludemann
 Herve Amblard
 Hidemoto Nakada
+Ho-chi Chen
 Hoi-Ho Chan
 Hongli Lai
 Howard Chu
@@ -387,7 +400,10 @@ James MacMillan
 Jamie Lokier
 Jamie Newton
 Jamie Wilkinson
+Jan Ehrhardt
+Jan Koen Annot
 Jan Kunder
+Jan Schaumann
 Jan Van Boghout
 Jared Lundell
 Jari Sundell
@@ -417,6 +433,7 @@ Jerry Wu
 Jes Badwal
 Jesper Jensen
 Jesse Noller
+Jie He
 Jim Drash
 Jim Freeman
 Jim Hollinger
@@ -424,6 +441,7 @@ Jim Meyering
 Jocelyn Jaubert
 Joe Halpin
 Joe Malicki
+Joe Mason
 Joel Chen
 Jofell Gallardo
 Johan Anderson
@@ -439,6 +457,7 @@ John Joseph Bachir
 John Kelly
 John Lask
 John Lightsey
+John Marino
 John McGowan
 John P. McCaskey
 John Wilkinson
@@ -453,6 +472,7 @@ Jonas Forsman
 Jonas Schnelli
 Jonatan Lander
 Jonathan Hseu
+Jonathan Nieder
 Jongki Suwandi
 Jose Kahan
 Josef Wolf
@@ -461,18 +481,19 @@ Joshua Kwan
 Josue Andrade Gomes
 Juan Barreto
 Juan F. Codagnone
-Juan Ignacio Herv<EFBFBD>s
+Juan Ignacio Hervás
 Judson Bishop
 Juergen Wilke
 Jukka Pihl
 Julian Noble
+Julian Taylor
 Julien Chaffraix
 Julien Royer
 Jun-ichiro itojun Hagino
 Jurij Smakov
 Justin Fletcher
-J<EFBFBD>rg Mueller-Tolk
-J<EFBFBD>rn Hartroth
+Jörg Mueller-Tolk
+Jörn Hartroth
 Kai Sommerfeld
 Kai-Uwe Rommel
 Kalle Vahlman
@@ -506,7 +527,7 @@ Kris Kennaway
 Krishnendu Majumdar
 Krister Johansen
 Kristian Gunstone
-Kristian K<EFBFBD>hntopp
+Kristian Köhntopp
 Kyle Sallee
 Lachlan O'Dea
 Larry Campbell
@@ -523,6 +544,7 @@ Len Krause
 Lenaic Lefever
 Lenny Rachitsky
 Liam Healy
+Lijo Antony
 Linas Vepstas
 Ling Thio
 Linus Nielsen Feltzing
@@ -544,7 +566,9 @@ Mandy Wu
 Manfred Schwarb
 Manuel Massing
 Marc Boucher
+Marc Hoersken
 Marc Kleine-Budde
+Marcel Raad
 Marcel Roelofs
 Marcelo Juchem
 Marcin Adamski
@@ -561,6 +585,8 @@ Mark Eichin
 Mark Incley
 Mark Karpeles
 Mark Lentczner
+Mark Salisbury
+Mark Tully
 Markus Duft
 Markus Koetter
 Markus Moeller
@@ -594,6 +620,7 @@ Max Katsev
 Maxim Ivanov
 Maxim Perenesenko
 Maxim Prohorov
+Maxime Larocque
 Mehmet Bozkurt
 Mekonikum
 Mettgut Jamalla
@@ -634,6 +661,7 @@ Nathan O'Sullivan
 Nathanael Nerode
 Naveen Chandran
 Naveen Noel
+Neil Bowers
 Neil Dunbar
 Neil Spring
 Nic Roets
@@ -644,7 +672,7 @@ Nick Zitzmann
 Nico Baggus
 Nicolas Berloquin
 Nicolas Croiset
-Nicolas Fran<EFBFBD>ois
+Nicolas François
 Niels van Tongeren
 Nikita Schmidt
 Nikitinskit Dmitriy
@@ -658,8 +686,10 @@ Nodak Sodak
 Norbert Frese
 Norbert Novotny
 Ofer
+Olaf Flebbe
 Olaf Stueben
-Olaf St<EFBFBD>ben
+Olaf Stüben
+Olivier Berger
 Oren Tirosh
 Ori Avtalion
 P R Schaffner
@@ -707,6 +737,7 @@ Phil Blundell
 Phil Karn
 Phil Lisiecki
 Phil Pellouchoud
+Philip Craig
 Philip Gladstone
 Philip Langdale
 Philippe Hameau
@@ -714,6 +745,7 @@ Philippe Raoult
 Philippe Vaucher
 Pierre
 Pierre Brico
+Pierre Chapuis
 Pierre Joye
 Pierre Ynard
 Pooyan McSporran
@@ -761,6 +793,7 @@ Rob Jones
 Rob Stanzel
 Rob Ward
 Robert A. Monat
+Robert B. Harris
 Robert D. Young
 Robert Foreman
 Robert Iakobashvili
@@ -772,11 +805,13 @@ Robin Johnson
 Robin Kay
 Robson Braga Araujo
 Rodney Simmons
+Rodrigo Silva
 Roland Blom
 Roland Krikava
 Roland Zimmermann
 Rolland Dudemaine
 Roman Koifman
+Roman Mamedov
 Ron Zapp
 Rosimildo da Silva
 Roy Shan
@@ -787,23 +822,27 @@ Ryan Chan
 Ryan Nelson
 Ryan Schmidt
 S. Moonesamy
-Salvador D<EFBFBD>vila
+Salvador Dávila
 Salvatore Sorrentino
 Sam Listopad
 Sampo Kellomaki
-Samuel D<EFBFBD>az Garc<EFBFBD>a
+Samuel Díaz García
 Samuel Listopad
 Samuel Thibault
 Sander Gates
 Sandor Feldi
+Santhana Todatry
 Saqib Ali
+Sara Golemon
 Saul good
+Scott Bailey
 Scott Barrett
 Scott Cantor
 Scott Davis
 Scott McCreary
 Sebastien Willemijns
 Senthil Raja Velu
+Sergei Nikulov
 Sergio Ballestrero
 Seshubabu Pasam
 Sh Diao
@@ -849,11 +888,12 @@ Stoned Elipot
 Sven Anders
 Sven Neuhaus
 Sven Wegener
-S<EFBFBD>bastien Willemijns
+Sébastien Willemijns
 T. Bharath
 T. Yamada
 Taneli Vahakangas
 Tanguy Fautre
+Tatsuhiro Tsujikawa
 Temprimus
 Thomas J. Moore
 Thomas Klausner
@@ -867,10 +907,11 @@ Tim Bartley
 Tim Chen
 Tim Costello
 Tim Harder
+Tim Heckman
 Tim Newsome
 Tim Sneddon
 Tinus van den Berg
-Tobias Rundstr<EFBFBD>m
+Tobias Rundström
 Toby Peterson
 Todd A Ouska
 Todd Kulesza
@@ -885,6 +926,7 @@ Tom Mueller
 Tom Regner
 Tom Wright
 Tom Zerucha
+Tomas Mlcoch
 Tomas Pospisek
 Tomas Szepe
 Tomasz Lacki
@@ -901,7 +943,7 @@ Traian Nicolescu
 Troels Walsted Hansen
 Troy Engel
 Tupone Alfredo
-Ulf H<EFBFBD>rnhammar
+Ulf Härnhammar
 Ulrich Zadow
 Venkat Akella
 Victor Snezhko
--- a/docs/TODO
+++ b/docs/TODO
@@ -55,63 +55,69 @@
 7.6 Provide callback for cert verification
 7.7 Support other SSL libraries
 7.9 improve configure --with-ssl
+ 7.10 Support DANE

 8. GnuTLS
 8.1 SSL engine stuff
 8.3 check connection
- 8.4 non-gcrypt

 9. SMTP
- 9.1 Other authentication mechanims
- 9.2 Specify the preferred authentication mechanism
- 9.3 Initial response
- 9.4 Pipelining
+ 9.1 Specify the preferred authentication mechanism
+ 9.2 Initial response
+ 9.3 Pipelining
 
 10. POP3
- 10.1 APOP Authentication
- 10.2 Other authentication mechanims
- 10.3 auth= in URLs
+ 10.1 auth= in URLs
 
- 11. Other protocols
+ 11. IMAP
+ 11.1 SASL based authentication mechanisms
 
- 12. New protocols
- 12.1 RSYNC
+ 12. LDAP
+ 12.1 SASL based authentication mechanisms
 
- 13. Client
- 13.1 sync
- 13.2 glob posts
- 13.3 prevent file overwriting
- 13.4 simultaneous parallel transfers
- 13.5 provide formpost headers
- 13.6 url-specific options
- 13.7 metalink support
- 13.8 warning when setting an option
- 13.9 IPv6 addresses with globbing
+ 13. Other protocols

- 14. Build
- 14.1 roffit
+ 14. New protocols
+ 14.1 RSYNC

- 15. Test suite
- 15.1 SSL tunnel
- 15.2 nicer lacking perl message
- 15.3 more protocols supported
- 15.4 more platforms supported
+ 15. SASL
+ 15.1 Other authentication mechanisms
 
- 16. Next SONAME bump
- 16.1 http-style HEAD output for ftp
- 16.2 combine error codes
- 16.3 extend CURLOPT_SOCKOPTFUNCTION prototype
+ 16. Client
+ 16.1 sync
+ 16.2 glob posts
+ 16.3 prevent file overwriting
+ 16.4 simultaneous parallel transfers
+ 16.5 provide formpost headers
+ 16.6 url-specific options
+ 16.7 warning when setting an option
+ 16.8 IPv6 addresses with globbing

- 17. Next major release
- 17.1 cleanup return codes
- 17.2 remove obsolete defines
- 17.3 size_t
- 17.4 remove several functions
- 17.5 remove CURLOPT_FAILONERROR
- 17.6 remove CURLOPT_DNS_USE_GLOBAL_CACHE
- 17.7 remove progress meter from libcurl
- 17.8 remove 'curl_httppost' from public
- 17.9 have form functions use CURL handle argument
+ 17. Build
+ 17.1 roffit
+
+ 18. Test suite
+ 18.1 SSL tunnel
+ 18.2 nicer lacking perl message
+ 18.3 more protocols supported
+ 18.4 more platforms supported
+
+ 19. Next SONAME bump
+ 19.1 http-style HEAD output for ftp
+ 19.2 combine error codes
+ 19.3 extend CURLOPT_SOCKOPTFUNCTION prototype
+
+ 20. Next major release
+ 20.1 cleanup return codes
+ 20.2 remove obsolete defines
+ 20.3 size_t
+ 20.4 remove several functions
+ 20.5 remove CURLOPT_FAILONERROR
+ 20.6 remove CURLOPT_DNS_USE_GLOBAL_CACHE
+ 20.7 remove progress meter from libcurl
+ 20.8 remove 'curl_httppost' from public
+ 20.9 have form functions use CURL handle argument
+ 20.10 Add CURLOPT_MAIL_CLIENT option

 ==============================================================================

@@ -349,6 +355,13 @@ to provide the data to send.
 make the configure --with-ssl option first check for OpenSSL, then GnuTLS,
 then NSS...

+7.10 Support DANE
+
+ DNS-Based Authentication of Named Entities (DANE) is a way to provide SSL
+ keys and certs over DNS using DNSSEC as an alternative to the CA model.
+ http://www.rfc-editor.org/rfc/rfc6698.txt
+
+
 8. GnuTLS

 8.1 SSL engine stuff
@@ -360,31 +373,16 @@ to provide the data to send.
 Add a way to check if the connection seems to be alive, to correspond to the
 SSL_peak() way we use with OpenSSL.

-8.4 non-gcrypt
-
- libcurl assumes that there are gcrypt functions available when
- GnuTLS is.
-
- GnuTLS can be built to use libnettle instead as crypto library,
- which breaks the previously mentioned assumption
-
- The correct fix would be to detect which crypto layer that is in use and
- adapt our code to use that instead of blindly assuming gcrypt.

 9. SMTP

-9.1 Other authentication mechanims
-
- Add support for other authentication mechanisms such as digest-md5 and
- gssapi.
-
-9.2 Specify the preferred authentication mechanism
+9.1 Specify the preferred authentication mechanism

 Add the ability to specify the preferred authentication mechanism or a list
- of mechanims that should be used. Not only that, but the order that is
+ of mechanisms that should be used. Not only that, but the order that is
 returned by the server during the EHLO response should be honored by curl.

-9.3 Initial response
+9.2 Initial response

 Add the ability for the user to specify whether the initial response is
 included in the AUTH command. Some email servers, such as Microsoft
@@ -393,43 +391,53 @@ to provide the data to send.

 http://curl.haxx.se/mail/lib-2012-03/0114.html

-9.4 Pipelining
+9.3 Pipelining

 Add support for pipelining emails.

 10. POP3

-10.1 APOP Authentication
+10.1 auth= in URLs

- Add support for the APOP command rather than using plain text authentication
- (USER and PASS) as this is very week security wise. Note: The APOP command
- is specified as "APOP <username> <md5 password>", however, it isn't
- supported by all mail servers.
+ Being able to specify the preferred authentication mechanism in the URL as
+ per RFC2384.

-10.2 Other authentication mechanims
+11. IMAP

- SASL offers support for additional authentication mechanisms via the AUTH
- command. Detection of an email server's support for SASL authentication
- can be detected via the CAPA command whilst a list of supported mechanisms
- can be retrieved with an empty AUTH command.
+11.1 SASL based authentication mechanisms

-10.3 auth= in URLs
+ Curl currently sends usernames and passwords as clear text whilst SASL based
+ authentication mechanisms can be more secure. As such, support should be
+ added to support these authentication mechanisms.

- Being able to specify the preferred authentication mechanim in the URL as
- per RFC-2384 (http://tools.ietf.org/html/rfc2384).
+12. LDAP

-11. Other protocols
+12.1 SASL based authentication mechansims

-12. New protocols
+ Currently the LDAP module only supports ldap_simple_bind_s() in order to bind
+ to an LDAP server. However, this function sends username and password details
+ using the simple authentication mechanism (as clear text). However, it should
+ be possible to use ldap_bind_s() instead specifing the security context
+ information ourselves.

-12.1 RSYNC
+13. Other protocols
+
+14. New protocols
+
+14.1 RSYNC

 There's no RFC for the protocol or an URI/URL format.  An implementation
 should most probably use an existing rsync library, such as librsync.

-13. Client
+15. SASL

-13.1 sync
+15.1 Other authentication mechanisms
+
+ Add support for gssapi to SMTP and POP3.
+
+16. Client
+
+16.1 sync

 "curl --sync http://example.com/feed[1-100].rss" or
 "curl --sync http://example.net/{index,calendar,history}.html"
@@ -438,12 +446,12 @@ to provide the data to send.
 remote file is newer than the local file. A Last-Modified HTTP date header
 should also be used to set the mod date on the downloaded file.

-13.2 glob posts
+16.2 glob posts

 Globbing support for -d and -F, as in 'curl -d "name=foo[0-9]" URL'.
 This is easily scripted though.

-13.3 prevent file overwriting
+16.3 prevent file overwriting

 Add an option that prevents cURL from overwriting existing local files. When
 used, and there already is an existing file with the target file name
@@ -451,14 +459,14 @@ to provide the data to send.
 existing). So that index.html becomes first index.html.1 and then
 index.html.2 etc.

-13.4 simultaneous parallel transfers
+16.4 simultaneous parallel transfers

 The client could be told to use maximum N simultaneous parallel transfers and
 then just make sure that happens. It should of course not make more than one
 connection to the same remote host. This would require the client to use the
 multi interface. http://curl.haxx.se/bug/feature.cgi?id=1558595

-13.5 provide formpost headers
+16.5 provide formpost headers

 Extending the capabilities of the multipart formposting. How about leaving
 the ';type=foo' syntax as it is and adding an extra tag (headers) which
@@ -472,7 +480,7 @@ to provide the data to send.
 which should overwrite the program reasonable defaults (plain/text,
 8bit...)

-13.6 url-specific options
+16.6 url-specific options

 Provide a way to make options bound to a specific URL among several on the
 command line. Possibly by letting ':' separate options between URLs,
@@ -486,62 +494,57 @@ to provide the data to send.

 The example would do a POST-GET-POST combination on a single command line.

-13.7 metalink support
-
- Add metalink support to curl (http://www.metalinker.org/). This is most useful
- with simultaneous parallel transfers (11.6) but not necessary.
-
-13.8 warning when setting an option
+16.7 warning when setting an option

  Display a warning when libcurl returns an error when setting an option.
  This can be useful to tell when support for a particular feature hasn't been
  compiled into the library.

-13.9 IPv6 addresses with globbing
+16.8 IPv6 addresses with globbing

  Currently the command line client needs to get url globbing disabled (with
  -g) for it to support IPv6 numerical addresses. This is a rather silly flaw
  that should be corrected. It probably involves a smarter detection of the
  '[' and ']' letters.

-14. Build
+17. Build

-14.1 roffit
+17.1 roffit

 Consider extending 'roffit' to produce decent ASCII output, and use that
 instead of (g)nroff when building src/hugehelp.c

-15. Test suite
+18. Test suite

-15.1 SSL tunnel
+18.1 SSL tunnel

 Make our own version of stunnel for simple port forwarding to enable HTTPS
 and FTP-SSL tests without the stunnel dependency, and it could allow us to
 provide test tools built with either OpenSSL or GnuTLS

-15.2 nicer lacking perl message
+18.2 nicer lacking perl message

 If perl wasn't found by the configure script, don't attempt to run the tests
 but explain something nice why it doesn't.

-15.3 more protocols supported
+18.3 more protocols supported

 Extend the test suite to include more protocols. The telnet could just do ftp
 or http operations (for which we have test servers).

-15.4 more platforms supported
+18.4 more platforms supported

 Make the test suite work on more platforms. OpenBSD and Mac OS. Remove
 fork()s and it should become even more portable.

-16. Next SONAME bump
+19. Next SONAME bump

-16.1 http-style HEAD output for ftp
+19.1 http-style HEAD output for ftp

 #undef CURL_FTP_HTTPSTYLE_HEAD in lib/ftp.c to remove the HTTP-style headers
 from being output in NOBODY requests over ftp

-16.2 combine error codes
+19.2 combine error codes

 Combine some of the error codes to remove duplicates.  The original
 numbering should not be changed, and the old identifiers would be
@@ -551,37 +554,44 @@ to provide the data to send.
 Candidates for removal and their replacements:

    CURLE_FILE_COULDNT_READ_FILE => CURLE_REMOTE_FILE_NOT_FOUND
+
    CURLE_FTP_COULDNT_RETR_FILE => CURLE_REMOTE_FILE_NOT_FOUND
+
    CURLE_FTP_COULDNT_USE_REST => CURLE_RANGE_ERROR
+
    CURLE_FUNCTION_NOT_FOUND => CURLE_FAILED_INIT
+
    CURLE_LDAP_INVALID_URL => CURLE_URL_MALFORMAT
+
    CURLE_TFTP_NOSUCHUSER => CURLE_TFTP_ILLEGAL
+
    CURLE_TFTP_NOTFOUND => CURLE_REMOTE_FILE_NOT_FOUND
+
    CURLE_TFTP_PERM => CURLE_REMOTE_ACCESS_DENIED

-16.3 extend CURLOPT_SOCKOPTFUNCTION prototype
+19.3 extend CURLOPT_SOCKOPTFUNCTION prototype

 The current prototype only provides 'purpose' that tells what the
 connection/socket is for, but not any protocol or similar. It makes it hard
 for applications to differentiate on TCP vs UDP and even HTTP vs FTP and
 similar.

-17. Next major release
+20. Next major release

-17.1 cleanup return codes
+20.1 cleanup return codes

 curl_easy_cleanup() returns void, but curl_multi_cleanup() returns a
 CURLMcode. These should be changed to be the same.

-17.2 remove obsolete defines
+20.2 remove obsolete defines

 remove obsolete defines from curl/curl.h

-17.3 size_t
+20.3 size_t

 make several functions use size_t instead of int in their APIs

-17.4 remove several functions
+20.4 remove several functions

 remove the following functions from the public API:

@@ -602,18 +612,18 @@ to provide the data to send.

 curl_multi_socket_all

-17.5 remove CURLOPT_FAILONERROR
+20.5 remove CURLOPT_FAILONERROR

 Remove support for CURLOPT_FAILONERROR, it has gotten too kludgy and weird
 internally. Let the app judge success or not for itself.

-17.6 remove CURLOPT_DNS_USE_GLOBAL_CACHE
+20.6 remove CURLOPT_DNS_USE_GLOBAL_CACHE

 Remove support for a global DNS cache. Anything global is silly, and we
 already offer the share interface for the same functionality but done
 "right".

-17.7 remove progress meter from libcurl
+20.7 remove progress meter from libcurl

 The internally provided progress meter output doesn't belong in the library.
 Basically no application wants it (apart from curl) but instead applications
@@ -623,7 +633,7 @@ to provide the data to send.
 variable types passed to it instead of doubles so that big files work
 correctly.

-17.8 remove 'curl_httppost' from public
+20.8 remove 'curl_httppost' from public

 curl_formadd() was made to fill in a public struct, but the fact that the
 struct is public is never really used by application for their own advantage
@@ -632,10 +642,21 @@ to provide the data to send.
 Changing them to return a private handle will benefit the implementation and
 allow us much greater freedoms while still maintining a solid API and ABI.

-17.9 have form functions use CURL handle argument
+20.9 have form functions use CURL handle argument

 curl_formadd() and curl_formget() both currently have no CURL handle
 argument, but both can use a callback that is set in the easy handle, and
 thus curl_formget() with callback cannot function without first having
 curl_easy_perform() (or similar) called - which is hard to grasp and a design
 mistake.
+
+20.10 Add CURLOPT_MAIL_CLIENT option
+
+ Rather than use the URL to specify the mail client string to present in the
+ HELO and EHLO commands, libcurl should support a new CURLOPT specifically for
+ specifing this data as the URL is non-standard and to be honest a bit of a
+ hack ;-)
+
+ Please see the following thread for more information:
+ http://curl.haxx.se/mail/lib-2012-05/0178.html
+ 
--- a/docs/curl.1
+++ b/docs/curl.1
@@ -20,7 +20,7 @@
 .\" *
 .\" **************************************************************************
 .\"
-.TH curl 1 "16 February 2012" "Curl 7.25.0" "Curl Manual"
+.TH curl 1 "27 July 2012" "Curl 7.27.0" "Curl Manual"
 .SH NAME
 curl \- transfer a URL
 .SH SYNOPSIS
@@ -35,8 +35,8 @@ command is designed to work without user interaction.

 curl offers a busload of useful tricks like proxy support, user
 authentication, FTP upload, HTTP post, SSL connections, cookies, file transfer
-resume and more. As you will see below, the number of features will make your
-head spin!
+resume, Metalink, and more. As you will see below, the number of features will
+make your head spin!

 curl is powered by libcurl for all transfer-related features. See
 .BR libcurl (3)
@@ -79,14 +79,14 @@ curl will do its best to use what you pass to it as a URL. It is not trying to
 validate it as a syntactically correct URL by any means but is instead
 \fBvery\fP liberal with what it accepts.

-Curl will attempt to re-use connections for multiple file transfers, so that
+curl will attempt to re-use connections for multiple file transfers, so that
 getting many files from the same server will not do multiple connects /
 handshakes. This improves speed. Of course this is only done on files
 specified on a single command line and cannot be used between separate curl
 invokes.
 .SH "PROGRESS METER"
-curl normally displays a progress meter during operations, indicating the amount
-of transferred data, transfer speeds and estimated time left, etc.
+curl normally displays a progress meter during operations, indicating the
+amount of transferred data, transfer speeds and estimated time left, etc.

 curl displays this data to the terminal by default, so if you invoke curl to
 do an operation and it is about to write data to the terminal, it
@@ -103,7 +103,7 @@ any response data to the terminal.
 If you prefer a progress "bar" instead of the regular meter, \fI-#\fP is your
 friend.
 .SH OPTIONS
-In general, all boolean options are enabled with --option and yet again
+In general, all boolean options are enabled with --\fBoption\fP and yet again
 disabled with --\fBno-\fPoption. That is, you use the exact same option name
 but prefix it with "no-". However, in this list we mostly only list and show
 the --option version of them. (This concept with --no options was added in
@@ -125,14 +125,13 @@ Forces curl to use SSL version 2 when negotiating with a remote SSL server.
 (SSL)
 Forces curl to use SSL version 3 when negotiating with a remote SSL server.
 .IP "-4, --ipv4"
-If libcurl is capable of resolving an address to multiple IP versions (which
-it is if it is IPv6-capable), this option tells libcurl to resolve names to
-IPv4 addresses only.
+If curl is capable of resolving an address to multiple IP versions (which it
+is if it is IPv6-capable), this option tells curl to resolve names to IPv4
+addresses only.
 .IP "-6, --ipv6"
-If libcurl is capable of resolving an address to multiple IP versions (which
-it is if it is IPv6-capable), this option tells libcurl to resolve names to
-IPv6 addresses only.
-default statistics.
+If curl is capable of resolving an address to multiple IP versions (which it
+is if it is IPv6-capable), this option tells curl to resolve names to IPv6
+addresses only.
 .IP "-a, --append"
 (FTP/SFTP) When used in an upload, this will tell curl to append to the target
 file instead of overwriting it. If the file doesn't exist, it will be created.
@@ -143,8 +142,7 @@ done CGIs fail if this field isn't set to "Mozilla/4.0". To encode blanks in
 the string, surround the string with single quote marks. This can also be set
 with the \fI-H, --header\fP option of course.

-If this option is set more than once, the last one will be the one that's
-used.
+If this option is used several times, the last one will be used.
 .IP "--anyauth"
 (HTTP) Tells curl to figure out authentication method by itself, and use the
 most secure one the remote site claims to support. This is done by first
@@ -176,10 +174,9 @@ input. No cookies will be stored in the file. To store cookies, use the
 \fI-c, --cookie-jar\fP option or you could even save the HTTP headers to a file
 using \fI-D, --dump-header\fP!

-If this option is set more than once, the last one will be the one that's
-used.
+If this option is used several times, the last one will be used.
 .IP "-B, --use-ascii"
-Enable ASCII transfer when using FTP or LDAP. For FTP, this can also be
+(FTP/LDAP) Enable ASCII transfer. For FTP, this can also be
 enforced by using an URL that ends with ";type=A". This option causes data
 sent to stdout to be in text mode for win32 systems.
 .IP "--basic"
@@ -188,12 +185,12 @@ this option is usually pointless, unless you use it to override a previously
 set option that sets a different authentication method (such as \fI--ntlm\fP,
 \fI--digest\fP, or \fI--negotiate\fP).
 .IP "-c, --cookie-jar <file name>"
-Specify to which file you want curl to write all cookies after a completed
-operation. Curl writes all cookies previously read from a specified file as
-well as all cookies received from remote server(s). If no cookies are known,
-no file will be written. The file will be written using the Netscape cookie
-file format. If you set the file name to a single dash, "-", the cookies will
-be written to stdout.
+(HTTP) Specify to which file you want curl to write all cookies after a
+completed operation. Curl writes all cookies previously read from a specified
+file as well as all cookies received from remote server(s). If no cookies are
+known, no file will be written. The file will be written using the Netscape
+cookie file format. If you set the file name to a single dash, "-", the
+cookies will be written to stdout.

 This command line option will activate the cookie engine that makes curl
 record and use cookies. Another way to activate it is to use the \fI-b,
@@ -221,13 +218,13 @@ If this option is used several times, the last one will be used.
 must specify valid ciphers. Read up on SSL cipher list details on this URL:
 \fIhttp://www.openssl.org/docs/apps/ciphers.html\fP

-NSS ciphers are done differently than OpenSSL and GnuTLS. The full list of
-NSS ciphers is in the NSSCipherSuite entry at this URL:
-\fIhttp://directory.fedora.redhat.com/docs/mod_nss.html#Directives\fP
+NSS ciphers are done differently than OpenSSL and GnuTLS. The full list of NSS
+ciphers is in the NSSCipherSuite entry at this URL:
+\fIhttp://git.fedorahosted.org/cgit/mod_nss.git/plain/docs/mod_nss.html#Directives\fP

-If this option is used several times, the last one will override the others.
+If this option is used several times, the last one will be used.
 .IP "--compressed"
-(HTTP) Request a compressed response using one of the algorithms libcurl
+(HTTP) Request a compressed response using one of the algorithms curl
 supports, and save the uncompressed document.  If this option is used and the
 server sends an unsupported encoding, curl will report an error.
 .IP "--connect-timeout <seconds>"
@@ -237,10 +234,10 @@ of no more use. See also the \fI-m, --max-time\fP option.

 If this option is used several times, the last one will be used.
 .IP "--create-dirs"
-When used in conjunction with the -o option, curl will create the necessary
-local directory hierarchy as needed. This option creates the dirs mentioned
-with the -o option, nothing else. If the -o file name uses no dir or if the
-dirs it mentions already exist, no dir will be created.
+When used in conjunction with the \fI-o\fP option, curl will create the
+necessary local directory hierarchy as needed. This option creates the dirs
+mentioned with the \fI-o\fP option, nothing else. If the \fI-o\fP file name
+uses no dir or if the dirs it mentions already exist, no dir will be created.

 To create remote directories when using FTP or SFTP, try
 \fI--ftp-create-dirs\fP.
@@ -277,7 +274,7 @@ specified. Posting data from a file named 'foobar' would thus be done with
 .IP "-D, --dump-header <file>"
 Write the protocol headers to the specified file.

-This option is handy to use when you want to store the headers that a HTTP
+This option is handy to use when you want to store the headers that an HTTP
 site sends to you. Cookies from the headers could then be read in a second
 curl invocation by using the \fI-b, --cookie\fP option! The
 \fI-c, --cookie-jar\fP option is however a better way to store cookies.
@@ -285,8 +282,10 @@ curl invocation by using the \fI-b, --cookie\fP option! The
 When used in FTP, the FTP server response lines are considered being "headers"
 and thus are saved there.

-If this option is used several times, the last one will be used.  IP
-"--data-ascii <data>" See \fI-d, --data\fP.
+If this option is used several times, the last one will be used.
+
+.IP "--data-ascii <data>"
+See \fI-d, --data\fP.
 .IP "--data-binary <data>"
 (HTTP) This posts data exactly as specified with no extra processing
 whatsoever.
@@ -337,21 +336,20 @@ service ticket, which is a matter of realm policy.
 Unconditionally allow the server to delegate.
 .RE
 .IP "--digest"
-(HTTP) Enables HTTP Digest authentication. This is a authentication that
-prevents the password from being sent over the wire in clear text. Use this in
-combination with the normal \fI-u, --user\fP option to set user name and
-password. See also \fI--ntlm\fP, \fI--negotiate\fP and \fI--anyauth\fP for
+(HTTP) Enables HTTP Digest authentication. This is an authentication scheme
+that prevents the password from being sent over the wire in clear text. Use
+this in combination with the normal \fI-u, --user\fP option to set user name
+and password. See also \fI--ntlm\fP, \fI--negotiate\fP and \fI--anyauth\fP for
 related options.

-If this option is used several times, the following occurrences make no
-difference.
+If this option is used several times, only the first one is used.
 .IP "--disable-eprt"
 (FTP) Tell curl to disable the use of the EPRT and LPRT commands when doing
 active FTP transfers. Curl will normally always first attempt to use EPRT,
 then LPRT before using PORT, but with this option, it will use PORT right
-away. EPRT and LPRT are extensions to the original FTP protocol, and may not work
-on all servers, but they enable more functionality in a better way than the
-traditional PORT command.
+away. EPRT and LPRT are extensions to the original FTP protocol, and may not
+work on all servers, but they enable more functionality in a better way than
+the traditional PORT command.

 \fB--eprt\fP can be used to explicitly enable EPRT again and \fB--no-eprt\fP
 is an alias for \fB--disable-eprt\fP.
@@ -399,9 +397,9 @@ operations. Use \fI--engine list\fP to print a list of build-time supported
 engines. Note that not all (or none) of the engines may be available at
 run-time.
 .IP "--environment"
-(RISC OS ONLY) Sets a range of environment variables, using the names the -w
-option supports, to allow easier extraction of useful information after having
-run curl.
+(RISC OS ONLY) Sets a range of environment variables, using the names the
+\fI-w\fP option supports, to allow easier extraction of useful information
+after having run curl.
 .IP "--egd-file <file>"
 (SSL) Specify the path name to the Entropy Gathering Daemon socket. The socket
 is used to seed the random engine for SSL connections. See also the
@@ -446,7 +444,7 @@ used several times, the last one will be used.
 .IP "-f, --fail"
 (HTTP) Fail silently (no output at all) on server errors. This is mostly done
 to better enable scripts etc to better deal with failed attempts. In
-normal cases when a HTTP server fails to deliver a document, it returns an
+normal cases when an HTTP server fails to deliver a document, it returns an
 HTML document stating so (which often also describes why and more). This flag
 will prevent curl from outputting that and return error 22.

@@ -494,7 +492,7 @@ This option can be used multiple times.
 has been provided, this data is sent off using the ACCT command. (Added in
 7.13.0)

-If this option is used twice, the second will override the previous use.
+If this option is used several times, the last one will be used.
 .IP "--ftp-alternative-to-user <command>"
 (FTP) If authenticating with the USER and PASS commands fails, send this
 command.  When connecting to Tumbleweed's Secure Transport server over FTPS
@@ -506,7 +504,7 @@ currently exist on the server, the standard behavior of curl is to
 fail. Using this option, curl will instead attempt to create missing
 directories.
 .IP "--ftp-method [method]"
-(FTP) Control what method curl should use to reach a file on a FTP(S)
+(FTP) Control what method curl should use to reach a file on an FTP(S)
 server. The method argument should be one of the following alternatives:
 .RS
 .IP multicwd
@@ -527,9 +525,9 @@ compliant than 'nocwd' but without the full penalty of 'multicwd'.
 behavior, but using this option can be used to override a previous
 \fI-P/-ftp-port\fP option. (Added in 7.11.0)

-If this option is used several times, the following occurrences make no
-difference. Undoing an enforced passive really isn't doable but you must then
-instead enforce the correct \fI-P, --ftp-port\fP again.
+If this option is used several times, only the first one is used. Undoing an
+enforced passive really isn't doable but you must then instead enforce the
+correct \fI-P, --ftp-port\fP again.

 Passive mode means that curl will try the EPSV command first and then PASV,
 unless \fI--disable-epsv\fP is used.
@@ -550,7 +548,7 @@ directory listings as well as up and downloads in PASV mode.
 Shuts down the SSL/TLS layer after authenticating. The rest of the
 control channel communication will be unencrypted. This allows
 NAT routers to follow the FTP transaction. The default mode is
-passive. See --ftp-ssl-ccc-mode for other modes.
+passive. See \fI--ftp-ssl-ccc-mode\fP for other modes.
 (Added in 7.16.1)
 .IP "--ftp-ssl-ccc-mode [active/passive]"
 (FTP) Use CCC (Clear Command Channel)
@@ -577,16 +575,16 @@ interpreted by curl itself. Note that these letters are not normal legal URL
 contents but they should be encoded according to the URI standard.
 .IP "-G, --get"
 When used, this option will make all data specified with \fI-d, --data\fP or
-\fI--data-binary\fP to be used in a HTTP GET request instead of the POST
+\fI--data-binary\fP to be used in an HTTP GET request instead of the POST
 request that otherwise would be used. The data will be appended to the URL
 with a '?' separator.

 If used in combination with -I, the POST data will instead be appended to the
 URL with a HEAD request.

-If this option is used several times, the following occurrences make no
-difference. This is because undoing a GET doesn't make sense, but you should
-then instead enforce the alternative method you prefer.
+If this option is used several times, only the first one is used. This is
+because undoing a GET doesn't make sense, but you should then instead enforce
+the alternative method you prefer.
 .IP "-H, --header <header>"
 (HTTP) Extra header to use when getting a web page. You may specify any number
 of extra headers. Note that if you should add a custom header that has the
@@ -595,9 +593,9 @@ header will be used instead of the internal one. This allows you to make even
 trickier stuff than curl would normally do. You should not replace internally
 set headers without knowing perfectly well what you're doing. Remove an
 internal header by giving a replacement without content on the right side of
-the colon, as in: -H \&"Host:". If you send the custom header with no-value then
-its header must be terminated with a semicolon, such as \-H "X-Custom-Header;"
-to send "X-Custom-Header:".
+the colon, as in: -H \&"Host:". If you send the custom header with no-value
+then its header must be terminated with a semicolon, such as \-H
+\&"X-Custom-Header;" to send "X-Custom-Header:".

 curl will make sure that each header you add/replace is sent with the proper
 end-of-line marker, you should thus \fBnot\fP add that as a part of the header
@@ -608,10 +606,9 @@ See also the \fI-A, --user-agent\fP and \fI-e, --referer\fP options.

 This option can be used multiple times to add/replace/remove multiple headers.
 .IP "--hostpubmd5 <md5>"
-Pass a string containing 32 hexadecimal digits. The string should be the 128
-bit MD5 checksum of the remote host's public key, curl will refuse the
-connection with the host unless the md5sums match. This option is only for SCP
-and SFTP transfers. (Added in 7.17.1)
+(SCP/SFTP) Pass a string containing 32 hexadecimal digits. The string should
+be the 128 bit MD5 checksum of the remote host's public key, curl will refuse
+the connection with the host unless the md5sums match. (Added in 7.17.1)
 .IP "--ignore-content-length"
 (HTTP)
 Ignore the Content-Length header. This is particularly useful for servers
@@ -624,7 +621,7 @@ like server-name, date of the document, HTTP-version and more...
 (HTTP/FTP/FILE)
 Fetch the HTTP-header only! HTTP-servers feature the command HEAD
 which this uses to get nothing but the header of a document. When used
-on a FTP or FILE file, curl displays the file size and last modification
+on an FTP or FILE file, curl displays the file size and last modification
 time only.
 .IP "--interface <name>"
 Perform an operation using a specified interface. You can enter interface
@@ -639,8 +636,9 @@ make it discard all "session cookies". This will basically have the same effect
 as if a new session is started. Typical browsers always discard session
 cookies when they're closed down.
 .IP "-J, --remote-header-name"
-(HTTP) This option tells the -O, --remote-name option to use the server-specified
-Content-Disposition filename instead of extracting a filename from the URL.
+(HTTP) This option tells the \fI-O, --remote-name\fP option to use the
+server-specified Content-Disposition filename instead of extracting a filename
+from the URL.
 .IP "-k, --insecure"
 (SSL) This option explicitly allows curl to perform "insecure" SSL connections
 and transfers. All SSL connections are attempted to be made secure by using
@@ -711,7 +709,7 @@ currently effective on operating systems offering the TCP_KEEPIDLE and
 TCP_KEEPINTVL socket options (meaning Linux, recent AIX, HP-UX and more). This
 option has no effect if \fI--no-keepalive\fP is used. (Added in 7.18.0)

-If this option is used multiple times, the last occurrence sets the amount. If
+If this option is used several times, the last one will be used. If
 unspecified, the option defaults to 60 seconds.
 .IP "--key <key>"
 (SSL/SSH) Private key file name. Allows you to provide your private key in this
@@ -817,9 +815,9 @@ Specify the maximum size (in bytes) of a file to download. If the file
 requested is larger than this value, the transfer will not start and curl will
 return with exit code 63.

-\fBNOTE:\fP The file size is not always known prior to download, and for such files
-this option has no effect even if the file transfer ends up being larger than
-this given limit. This concerns both FTP and HTTP transfers.
+\fBNOTE:\fP The file size is not always known prior to download, and for such
+files this option has no effect even if the file transfer ends up being larger
+than this given limit. This concerns both FTP and HTTP transfers.
 .IP "--mail-rcpt <address>"
 (SMTP) Specify a single address that the given mail should get sent to. This
 option can be used multiple times to specify many recipients.
@@ -832,6 +830,31 @@ is used, this option can be used to prevent curl from following redirections
 option to -1 to make it limitless.

 If this option is used several times, the last one will be used.
+.IP "--metalink"
+This option can tell curl to parse and process a given URI as Metalink file
+(both version 3 and 4 (RFC 5854) are supported) and make use of the mirrors
+listed within for failover if there are errors (such as the file or server not
+being available). It will also verify the hash of the file after the download
+completes. The Metalink file itself is downloaded and processed in memory and
+not stored in the local file system.
+
+Example to use a remote Metalink file:
+
+\fBcurl\fP --metalink http://www.example.com/example.metalink
+
+To use a Metalink file in the local file system, use FILE protocol
+(file://):
+
+\fBcurl\fP --metalink file://example.metalink
+
+Please note that if FILE protocol is disabled, there is no way to use
+a local Metalink file at the time of this writing. Also note that if
+\fI--metalink\fP and \fI--include\fP are used together, \fI--include\fP will be
+ignored. This is because including headers in the response will break
+Metalink parser and if the headers are included in the file described
+in Metalink file, hash check will fail.
+
+(Added in 7.27.0, if built against the libmetalink library.)
 .IP "-n, --netrc"
 Makes curl scan the \fI.netrc\fP (\fI_netrc\fP on Windows) file in the user's
 home directory for login name and password. This is typically used for FTP on
@@ -865,7 +888,7 @@ You can only specify one netrc file per invocation. If several
 (Added in 7.21.5)

 This option overrides any use of \fI--netrc\fP as they are mutually exclusive.
-It will also abide by --netrc-optional if specified.
+It will also abide by \fI--netrc-optional\fP if specified.

 .IP "--netrc-optional"
 Very similar to \fI--netrc\fP, but this option makes the .netrc usage
@@ -885,12 +908,11 @@ This option requires a library built with GSSAPI support. This is
 not very common. Use \fI-V, --version\fP to see if your version supports
 GSS-Negotiate.

-When using this option, you must also provide a fake -u, --user option to
+When using this option, you must also provide a fake \fI-u, --user\fP option to
 activate the authentication code properly. Sending a '-u :' is enough as the
-user name and password from the -u option aren't actually used.
+user name and password from the \fI-u\fP option aren't actually used.

-If this option is used several times, the following occurrences make no
-difference.
+If this option is used several times, only the first one is used.
 .IP "--no-keepalive"
 Disables the use of keepalive messages on the TCP connection, as by default
 curl enables them.
@@ -927,8 +949,7 @@ If you want to enable NTLM for your proxy authentication, then use
 This option requires a library built with SSL support. Use
 \fI-V, --version\fP to see if your curl supports NTLM.

-If this option is used several times, the following occurrences make no
-difference.
+If this option is used several times, only the first one is used.
 .IP "-o, --output <file>"
 Write output to <file> instead of stdout. If you are using {} or [] to fetch
 multiple documents, you can use '#' followed by a number in the <file>
@@ -996,16 +1017,16 @@ available.

 If this option is used several times, the last one will be used.
 .IP "--post301"
-Tells curl to respect RFC 2616/10.3.2 and not convert POST requests into GET
-requests when following a 301 redirection. The non-RFC behaviour is ubiquitous
-in web browsers, so curl does the conversion by default to maintain
+(HTTP) Tells curl to respect RFC 2616/10.3.2 and not convert POST requests
+into GET requests when following a 301 redirection. The non-RFC behaviour is
+ubiquitous in web browsers, so curl does the conversion by default to maintain
 consistency. However, a server may require a POST to remain a POST after such
 a redirection. This option is meaningful only when using \fI-L, --location\fP
 (Added in 7.17.1)
 .IP "--post302"
-Tells curl to respect RFC 2616/10.3.2 and not convert POST requests into GET
-requests when following a 302 redirection. The non-RFC behaviour is ubiquitous
-in web browsers, so curl does the conversion by default to maintain
+(HTTP) Tells curl to respect RFC 2616/10.3.2 and not convert POST requests
+into GET requests when following a 302 redirection. The non-RFC behaviour is
+ubiquitous in web browsers, so curl does the conversion by default to maintain
 consistency. However, a server may require a POST to remain a POST after such
 a redirection. This option is meaningful only when using \fI-L, --location\fP
 (Added in 7.19.1)
@@ -1094,24 +1115,24 @@ default config file search path.
 commands are sent BEFORE the transfer takes place (just after the initial PWD
 command in an FTP transfer, to be exact). To make commands take place after a
 successful transfer, prefix them with a dash '-'.  To make commands be sent
-after libcurl has changed the working directory, just before the transfer
+after curl has changed the working directory, just before the transfer
 command(s), prefix the command with a '+' (this is only supported for
 FTP). You may specify any number of commands. If the server returns failure
 for one of the commands, the entire operation will be aborted. You must send
 syntactically correct FTP commands as RFC 959 defines to FTP servers, or one
 of the commands listed below to SFTP servers.  This option can be used
-multiple times. When speaking to a FTP server, prefix the command with an
-asterisk (*) to make libcurl continue even if the command fails as by default
+multiple times. When speaking to an FTP server, prefix the command with an
+asterisk (*) to make curl continue even if the command fails as by default
 curl will stop at first failure.

-SFTP is a binary protocol. Unlike for FTP, libcurl interprets SFTP quote
-commands itself before sending them to the server.  File names may be quoted
+SFTP is a binary protocol. Unlike for FTP, curl interprets SFTP quote commands
+itself before sending them to the server.  File names may be quoted
 shell-style to embed spaces or special characters.  Following is the list of
 all supported SFTP quote commands:
 .RS
 .IP "chgrp group file"
-The chgrp command sets the group ID of the file named by the file operand to the
-group ID specified by the group operand. The group operand is a decimal
+The chgrp command sets the group ID of the file named by the file operand to
+the group ID specified by the group operand. The group operand is a decimal
 integer group ID.
 .IP "chmod mode file"
 The chmod command modifies the file mode bits of the specified file. The
@@ -1169,9 +1190,10 @@ specifies two separate 100-byte ranges(*)(H)
 (*) = NOTE that this will cause the server to reply with a multipart
 response!

-Only digit characters (0-9) are valid in the 'start' and 'stop' fields of
-the \&'start-stop' range syntax. If a non-digit character is given in the range, the server's
-response will be unspecified, depending on the server's configuration.
+Only digit characters (0-9) are valid in the 'start' and 'stop' fields of the
+\&'start-stop' range syntax. If a non-digit character is given in the range,
+the server's response will be unspecified, depending on the server's
+configuration.

 You should also be aware that many HTTP/1.1 servers do not have this feature
 enabled, so that when you attempt to get a range, you'll instead get the whole
@@ -1183,7 +1205,7 @@ FTP command SIZE.

 If this option is used several times, the last one will be used.
 .IP "-R, --remote-time"
-When used, this will make libcurl attempt to figure out the timestamp of the
+When used, this will make curl attempt to figure out the timestamp of the
 remote file, and if that is available make the local file get that same
 timestamp.
 .IP "--random-file <file>"
@@ -1191,7 +1213,7 @@ timestamp.
 random data. The data is used to seed the random engine for SSL connections.
 See also the \fI--egd-file\fP option.
 .IP "--raw"
-When used, it disables all internal HTTP decoding of content or transfer
+(HTTP) When used, it disables all internal HTTP decoding of content or transfer
 encodings and instead makes them passed on unaltered, raw. (Added in 7.16.2)
 .IP "--remote-name-all"
 This option changes the default action for all given URLs to be dealt with as
@@ -1223,7 +1245,7 @@ using \fI--retry-delay\fP you disable this exponential backoff algorithm. See
 also \fI--retry-max-time\fP to limit the total time allowed for
 retries. (Added in 7.12.3)

-If this option is used multiple times, the last occurrence decide the amount.
+If this option is used several times, the last one will be used.
 .IP "--retry-delay <seconds>"
 Make curl sleep this amount of time before each retry when a transfer has
 failed with a transient error (it changes the default backoff time algorithm
@@ -1231,7 +1253,7 @@ between retries). This option is only interesting if \fI--retry\fP is also
 used. Setting this delay to zero will make curl use the default backoff time.
 (Added in 7.12.3)

-If this option is used multiple times, the last occurrence determines the amount.
+If this option is used several times, the last one will be used.
 .IP "--retry-max-time <seconds>"
 The retry timer is reset before the first transfer attempt. Retries will be
 done as usual (see \fI--retry\fP) as long as the timer hasn't reached this
@@ -1240,13 +1262,12 @@ will be made and while performing, it may take longer than this given time
 period. To limit a single request\'s maximum time, use \fI-m, --max-time\fP.
 Set this option to zero to not timeout retries. (Added in 7.12.3)

-If this option is used multiple times, the last occurrence determines the
-amount.
+If this option is used several times, the last one will be used.
 .IP "-s, --silent"
 Silent or quiet mode. Don't show progress meter or error messages.  Makes
 Curl mute.
 .IP "-S, --show-error"
-When used with -s it makes curl show an error message if it fails.
+When used with \fI-s\fP it makes curl show an error message if it fails.
 .IP "--ssl"
 (FTP, POP3, IMAP, SMTP) Try to use SSL/TLS for the connection.  Reverts to a
 non-secure connection if the server doesn't support SSL/TLS.  See also
@@ -1350,7 +1371,7 @@ part in the specified URL, Curl will append the local file name. NOTE that you
 must use a trailing / on the last directory to really prove to Curl that there
 is no file name or curl will think that your last directory name is the remote
 file name to use. That will most likely cause the upload operation to fail. If
-this is used on a HTTP(S) server, the PUT command will be used.
+this is used on an HTTP(S) server, the PUT command will be used.

 Use the file name "-" (a single dash) to use stdin instead of a given file.
 Alternately, the file name "." (a single period) may be specified instead
@@ -1393,7 +1414,7 @@ Set password for use with the TLS authentication method specified with
 7.21.4)
 .IP "--tr-encoding"
 (HTTP) Request a compressed Transfer-Encoding response using one of the
-algorithms libcurl supports, and uncompress the data while receiving it.
+algorithms curl supports, and uncompress the data while receiving it.

 (Added in 7.21.6)
 .IP "--trace <file>"
@@ -1478,17 +1499,21 @@ space with \\t.
 The %-symbol is a special symbol in the win32-environment, where all
 occurrences of % must be doubled when using this option.

-The variables available at this point are:
+The variables available are:
 .RS
 .TP 15
-.B url_effective
-The URL that was fetched last. This is most meaningful if you've told curl
-to follow location: headers.
+.B content_type
+The Content-Type of the requested document, if there was any.
 .TP
 .B filename_effective
 The ultimate filename that curl writes out to. This is only meaningful if curl
-is told to write to a file with the --remote-name or --output option. It's most
-useful in combination with the --remote-header-name option. (Added in 7.25.1)
+is told to write to a file with the \fI--remote-name\fP or \fI--output\fP
+option. It's most useful in combination with the \fI--remote-header-name\fP
+option. (Added in 7.25.1)
+.TP
+.B ftp_entry_path
+The initial path curl ended up in when logging on to the remote FTP
+server. (Added in 7.15.4)
 .TP
 .B http_code
 The numerical response code that was found in the last retrieved HTTP(S) or
@@ -1499,21 +1524,51 @@ same info.
 The numerical code that was found in the last response (from a proxy) to a
 curl CONNECT request. (Added in 7.12.4)
 .TP
-.B time_total
-The total time, in seconds, that the full operation lasted. The time will be
-displayed with millisecond resolution.
+.B num_connects
+Number of new connects made in the recent transfer. (Added in 7.12.3)
 .TP
-.B time_namelookup
-The time, in seconds, it took from the start until the name resolving was
-completed.
+.B num_redirects
+Number of redirects that were followed in the request. (Added in 7.12.3)
+.TP
+.B redirect_url
+When an HTTP request was made without -L to follow redirects, this variable
+will show the actual URL a redirect \fIwould\fP take you to. (Added in 7.18.2)
+.TP
+.B size_download
+The total amount of bytes that were downloaded.
+.TP
+.B size_header
+The total amount of bytes of the downloaded headers.
+.TP
+.B size_request
+The total amount of bytes that were sent in the HTTP request.
+.TP
+.B size_upload
+The total amount of bytes that were uploaded.
+.TP
+.B speed_download
+The average download speed that curl measured for the complete download. Bytes
+per second.
+.TP
+.B speed_upload
+The average upload speed that curl measured for the complete upload. Bytes per
+second.
+.TP
+.B ssl_verify_result
+The result of the SSL peer certificate verification that was requested. 0
+means the verification was successful. (Added in 7.19.0)
+.TP
+.B time_appconnect
+The time, in seconds, it took from the start until the SSL/SSH/etc
+connect/handshake to the remote host was completed. (Added in 7.19.0)
 .TP
 .B time_connect
 The time, in seconds, it took from the start until the TCP connect to the
 remote host (or proxy) was completed.
 .TP
-.B time_appconnect
-The time, in seconds, it took from the start until the SSL/SSH/etc
-connect/handshake to the remote host was completed. (Added in 7.19.0)
+.B time_namelookup
+The time, in seconds, it took from the start until the name resolving was
+completed.
 .TP
 .B time_pretransfer
 The time, in seconds, it took from the start until the file transfer was just
@@ -1527,50 +1582,17 @@ started. time_redirect shows the complete execution time for multiple
 redirections. (Added in 7.12.3)
 .TP
 .B time_starttransfer
-The time, in seconds, it took from the start until the first byte was just about
-to be transferred. This includes time_pretransfer and also the time the
+The time, in seconds, it took from the start until the first byte was just
+about to be transferred. This includes time_pretransfer and also the time the
 server needed to calculate the result.
 .TP
-.B size_download
-The total amount of bytes that were downloaded.
+.B time_total
+The total time, in seconds, that the full operation lasted. The time will be
+displayed with millisecond resolution.
 .TP
-.B size_upload
-The total amount of bytes that were uploaded.
-.TP
-.B size_header
-The total amount of bytes of the downloaded headers.
-.TP
-.B size_request
-The total amount of bytes that were sent in the HTTP request.
-.TP
-.B speed_download
-The average download speed that curl measured for the complete download. Bytes
-per second.
-.TP
-.B speed_upload
-The average upload speed that curl measured for the complete upload. Bytes per
-second.
-.TP
-.B content_type
-The Content-Type of the requested document, if there was any.
-.TP
-.B num_connects
-Number of new connects made in the recent transfer. (Added in 7.12.3)
-.TP
-.B num_redirects
-Number of redirects that were followed in the request. (Added in 7.12.3)
-.TP
-.B redirect_url
-When a HTTP request was made without -L to follow redirects, this variable
-will show the actual URL a redirect \fIwould\fP take you to. (Added in 7.18.2)
-.TP
-.B ftp_entry_path
-The initial path libcurl ended up in when logging on to the remote FTP
-server. (Added in 7.15.4)
-.TP
-.B ssl_verify_result
-The result of the SSL peer certificate verification that was requested. 0
-means the verification was successful. (Added in 7.19.0)
+.B url_effective
+The URL that was fetched last. This is most meaningful if you've told curl
+to follow location: headers.
 .RE

 If this option is used several times, the last one will be used.
@@ -1582,14 +1604,14 @@ This option overrides existing environment variables that set the proxy to
 use. If there's an environment variable setting a proxy, you can set proxy to
 \&"" to override it.

-All operations that are performed over a HTTP proxy will transparently be
+All operations that are performed over an HTTP proxy will transparently be
 converted to HTTP. It means that certain protocol specific operations might
 not be available. This is not the case if you can tunnel through the proxy, as
 one with the \fI-p, --proxytunnel\fP option.

 User and password that might be provided in the proxy string are URL decoded
-by libcurl. This allows you to pass in special characters such as @ by using
-%40 or pass in a colon with %3a.
+by curl. This allows you to pass in special characters such as @ by using %40
+or pass in a colon with %3a.

 The proxy host can be specified the exact same way as the proxy environment
 variables, including the protocol prefix (http://) and the embedded user +
@@ -1625,7 +1647,7 @@ attributes, a warning is issued.
 .IP "-y, --speed-time <time>"
 If a download is slower than speed-limit bytes per second during a speed-time
 period, the download gets aborted. If speed-time is used, the default
-speed-limit will be 1 unless set with -Y.
+speed-limit will be 1 unless set with \fI-Y\fP.

 This option controls transfers and thus will not affect slow connects etc. If
 this is a concern for you, try the \fI--connect-timeout\fP option.
@@ -1633,16 +1655,17 @@ this is a concern for you, try the \fI--connect-timeout\fP option.
 If this option is used several times, the last one will be used.
 .IP "-Y, --speed-limit <speed>"
 If a download is slower than this given speed (in bytes per second) for
-speed-time seconds it gets aborted. speed-time is set with -y and is 30 if
-not set.
+speed-time seconds it gets aborted. speed-time is set with \fI-y\fP and is 30
+if not set.

 If this option is used several times, the last one will be used.
 .IP "-z/--time-cond <date expression>|<file>"
 (HTTP/FTP) Request a file that has been modified later than the given time and
-date, or one that has been modified before that time. The <date expression> can
-be all sorts of date strings or if it doesn't match any internal ones, it is
-taken as a filename and tries to get the modification date (mtime) from <file>
-instead. See the \fIcurl_getdate(3)\fP man pages for date expression details.
+date, or one that has been modified before that time. The <date expression>
+can be all sorts of date strings or if it doesn't match any internal ones, it
+is taken as a filename and tries to get the modification date (mtime) from
+<file> instead. See the \fIcurl_getdate(3)\fP man pages for date expression
+details.

 Start the date expression with a dash (-) to make it request for a document
 that is older than the given date/time, default is a document that is newer
@@ -1693,6 +1716,10 @@ SSPI is supported. If you use NTLM and set a blank user name, curl will
 authenticate with your current user and password.
 .IP "TLS-SRP"
 SRP (Secure Remote Password) authentication is supported for TLS.
+.IP "Metalink"
+This curl supports Metalink (both version 3 and 4 (RFC 5854)), which
+describes mirrors and hashes.  curl will use mirrors for failover if
+there are errors (such as the file or server not being available).
 .RE
 .SH FILES
 .I ~/.curlrc
@@ -1724,7 +1751,7 @@ Since curl version 7.21.7, the proxy string may be specified with a
 protocol:// prefix to specify alternative proxy protocols.

 If no protocol is specified in the proxy string or if the string doesn't match
-a supported one, the proxy will be treated as a HTTP proxy.
+a supported one, the proxy will be treated as an HTTP proxy.

 The supported proxy protocol prefixes are as follows:
 .IP "socks4://"
--- a/docs/examples/.gitignore
+++ b/docs/examples/.gitignore
@@ -11,6 +11,7 @@ ftp-wildcard
 ftpget
 ftpgetinfo
 ftpgetresp
+ftpsget
 ftpupload
 getinfo
 getinmemory
@@ -34,6 +35,7 @@ resolve
 rtsp
 sendrecv
 sepheaders
+sftpget
 simple
 simplepost
 simplesmtp
--- a/docs/examples/Makefile.am
+++ b/docs/examples/Makefile.am
@@ -34,14 +34,13 @@ EXTRA_DIST = README Makefile.example Makefile.inc Makefile.m32 \
 # $(top_builddir)/include for generated curlbuild.h included from lib/setup.h
 # $(top_srcdir)/include is for libcurl's external include files

-INCLUDES = -I$(top_builddir)/include/curl \
-           -I$(top_builddir)/include      \
-           -I$(top_srcdir)/include
+AM_CPPFLAGS = -I$(top_builddir)/include/curl \
+              -I$(top_builddir)/include      \
+              -I$(top_srcdir)/include \
+              -DCURL_NO_OLDIES

 LIBDIR = $(top_builddir)/lib

-AM_CPPFLAGS = -DCURL_NO_OLDIES
-
 # Mostly for Windows build targets, when using static libcurl
 if USE_CPPFLAG_CURL_STATICLIB
 AM_CPPFLAGS += -DCURL_STATICLIB
--- a/docs/examples/Makefile.inc
+++ b/docs/examples/Makefile.inc
@@ -5,11 +5,11 @@ check_PROGRAMS = 10-at-a-time anyauthput cookie_interface debug fileupload \
  persistant post-callback postit2 sepheaders simple simplepost simplessl  \
  sendrecv httpcustomheader certinfo chkspeed ftpgetinfo ftp-wildcard \
  smtp-multi simplesmtp smtp-tls rtsp externalsocket resolve \
-  progressfunc pop3s pop3slist imap url2file
+  progressfunc pop3s pop3slist imap url2file sftpget ftpsget

 # These examples require external dependencies that may not be commonly
 # available on POSIX systems, so don't bother attempting to compile them here.
 COMPLICATED_EXAMPLES = curlgtk.c curlx.c htmltitle.cc cacertinmem.c	   \
  ftpuploadresume.c ghiper.c hiperfifo.c htmltidy.c multithread.c	   \
  opensslthreadlock.c sampleconv.c synctime.c threaded-ssl.c evhiperfifo.c \
-  smooth-gtk-thread.c version-check.pl
+  smooth-gtk-thread.c version-check.pl href_extractor.c
--- a/docs/examples/Makefile.m32
+++ b/docs/examples/Makefile.m32
@@ -40,12 +40,6 @@ endif
 ifndef OPENSSL_PATH
 OPENSSL_PATH = ../../../openssl-0.9.8x
 endif
-ifndef OPENSSL_LIBPATH
-OPENSSL_LIBPATH = $(OPENSSL_PATH)/out
-endif
-ifndef OPENSSL_LIBS
-OPENSSL_LIBS = -leay32 -lssl32
-endif
 # Edit the path below to point to the base of your LibSSH2 package.
 ifndef LIBSSH2_PATH
 LIBSSH2_PATH = ../../../libssh2-1.4.2
@@ -81,19 +75,44 @@ ifndef ARCH
 ARCH = w32
 endif

-CC = gcc
-CFLAGS = -g -O2 -Wall
-CFLAGS += -fno-strict-aliasing
+CC	= $(CROSSPREFIX)gcc
+CFLAGS	= -g -O2 -Wall
+CFLAGS	+= -fno-strict-aliasing
 ifeq ($(ARCH),w64)
-CFLAGS += -D_AMD64_
+CFLAGS	+= -D_AMD64_
 endif
 # comment LDFLAGS below to keep debug info
-LDFLAGS = -s
-RC = windres
-RCFLAGS = --include-dir=$(PROOT)/include -O COFF -i
+LDFLAGS	= -s
+RC	= $(CROSSPREFIX)windres
+RCFLAGS	= --include-dir=$(PROOT)/include -O COFF -i

-RM = del /q /f 2>NUL
-CP = copy
+# Platform-dependent helper tool macros
+ifeq ($(findstring /sh,$(SHELL)),/sh)
+DEL	= rm -f $1
+RMDIR	= rm -fr $1
+MKDIR	= mkdir -p $1
+COPY	= -cp -afv $1 $2
+#COPYR	= -cp -afr $1/* $2
+COPYR	= -rsync -aC $1/* $2
+TOUCH	= touch $1
+CAT	= cat
+ECHONL	= echo ""
+DL	= '
+else
+ifeq "$(OS)" "Windows_NT"
+DEL	= -del 2>NUL /q /f $(subst /,\,$1)
+RMDIR	= -rd 2>NUL /q /s $(subst /,\,$1)
+else
+DEL	= -del 2>NUL $(subst /,\,$1)
+RMDIR	= -deltree 2>NUL /y $(subst /,\,$1)
+endif
+MKDIR	= -md 2>NUL $(subst /,\,$1)
+COPY	= -copy 2>NUL /y $(subst /,\,$1) $(subst /,\,$2)
+COPYR	= -xcopy 2>NUL /q /y /e $(subst /,\,$1) $(subst /,\,$2)
+TOUCH	= copy 2>&1>NUL /b $(subst /,\,$1) +,,
+CAT	= type
+ECHONL	= $(ComSpec) /c echo.
+endif

 ########################################################
 ## Nothing more to do below this line!
@@ -138,6 +157,13 @@ endif
 ifeq ($(findstring -ipv6,$(CFG)),-ipv6)
 IPV6 = 1
 endif
+ifeq ($(findstring -metalink,$(CFG)),-metalink)
+METALINK = 1
+endif
+ifeq ($(findstring -winssl,$(CFG)),-winssl)
+SCHANNEL = 1
+SSPI = 1
+endif

 INCLUDES = -I. -I$(PROOT) -I$(PROOT)/include -I$(PROOT)/lib

@@ -148,6 +174,7 @@ else
  curl_DEPENDENCIES = $(PROOT)/lib/libcurl.a
  curl_LDADD = -L$(PROOT)/lib -lcurl
  CFLAGS += -DCURL_STATICLIB
+  LDFLAGS += -static
 endif
 ifdef ARES
  ifndef DYN
@@ -165,7 +192,22 @@ ifdef SSH2
  curl_LDADD += -L"$(LIBSSH2_PATH)/win32" -lssh2
 endif
 ifdef SSL
-  CFLAGS += -DUSE_SSLEAY -DHAVE_OPENSSL_ENGINE_H
+  ifndef OPENSSL_LIBPATH
+    OPENSSL_LIBS = -lssl -lcrypto
+    ifeq "$(wildcard $(OPENSSL_PATH)/out)" "$(OPENSSL_PATH)/out"
+      OPENSSL_LIBPATH = $(OPENSSL_PATH)/out
+      ifdef DYN
+        OPENSSL_LIBS = -lssl32 -leay32
+      endif
+    endif
+    ifeq "$(wildcard $(OPENSSL_PATH)/lib)" "$(OPENSSL_PATH)/lib"
+      OPENSSL_LIBPATH = $(OPENSSL_PATH)/lib
+    endif
+  endif
+  ifndef DYN
+    OPENSSL_LIBS += -lgdi32 -lcrypt32
+  endif
+  CFLAGS += -DUSE_SSLEAY
  curl_LDADD += -L"$(OPENSSL_LIBPATH)" $(OPENSSL_LIBS)
 endif
 ifdef ZLIB
@@ -184,6 +226,9 @@ endif
 endif
 ifdef SSPI
  CFLAGS += -DUSE_WINDOWS_SSPI
+  ifdef SCHANNEL
+    CFLAGS += -DUSE_SCHANNEL
+  endif
 endif
 ifdef SPNEGO
  CFLAGS += -DHAVE_SPNEGO
@@ -215,6 +260,8 @@ include Makefile.inc
 check_PROGRAMS := $(patsubst %,%.exe,$(strip $(check_PROGRAMS)))
 check_PROGRAMS += ftpuploadresume.exe synctime.exe

+.PRECIOUS: %.o
+

 all: $(check_PROGRAMS)

@@ -228,8 +275,8 @@ all: $(check_PROGRAMS)
 	$(RC) $(RCFLAGS) $< -o $@

 clean:
-	-$(RM) $(check_PROGRAMS:.exe=.o)
+	@$(call DEL, $(check_PROGRAMS:.exe=.o))

 distclean vclean: clean
-	-$(RM) $(check_PROGRAMS)
+	@$(call DEL, $(check_PROGRAMS))

--- a/docs/examples/anyauthput.c
+++ b/docs/examples/anyauthput.c
@@ -162,6 +162,10 @@ int main(int argc, char **argv)

    /* Now run off and do what you've been told! */
    res = curl_easy_perform(curl);
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));

    /* always cleanup */
    curl_easy_cleanup(curl);
--- a/docs/examples/debug.c
+++ b/docs/examples/debug.c
@@ -132,6 +132,10 @@ int main(void)

    curl_easy_setopt(curl, CURLOPT_URL, "http://example.com/");
    res = curl_easy_perform(curl);
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));

    /* always cleanup */
    curl_easy_cleanup(curl);
--- a/docs/examples/evhiperfifo.c
+++ b/docs/examples/evhiperfifo.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -336,7 +336,7 @@ static void new_conn(char *url, GlobalInfo *g )
  conn->url = strdup(url);
  curl_easy_setopt(conn->easy, CURLOPT_URL, conn->url);
  curl_easy_setopt(conn->easy, CURLOPT_WRITEFUNCTION, write_cb);
-  curl_easy_setopt(conn->easy, CURLOPT_WRITEDATA, &conn);
+  curl_easy_setopt(conn->easy, CURLOPT_WRITEDATA, conn);
  curl_easy_setopt(conn->easy, CURLOPT_VERBOSE, 1L);
  curl_easy_setopt(conn->easy, CURLOPT_ERRORBUFFER, conn->error);
  curl_easy_setopt(conn->easy, CURLOPT_PRIVATE, conn);
--- a/docs/examples/fileupload.c
+++ b/docs/examples/fileupload.c
@@ -64,14 +64,21 @@ int main(void)
    curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);

    res = curl_easy_perform(curl);
+    /* Check for errors */
+    if(res != CURLE_OK) {
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));

-    /* now extract transfer info */
-    curl_easy_getinfo(curl, CURLINFO_SPEED_UPLOAD, &speed_upload);
-    curl_easy_getinfo(curl, CURLINFO_TOTAL_TIME, &total_time);
+    }
+    else {
+      /* now extract transfer info */
+      curl_easy_getinfo(curl, CURLINFO_SPEED_UPLOAD, &speed_upload);
+      curl_easy_getinfo(curl, CURLINFO_TOTAL_TIME, &total_time);

-    fprintf(stderr, "Speed: %.3f bytes/sec during %.3f seconds\n",
-            speed_upload, total_time);
+      fprintf(stderr, "Speed: %.3f bytes/sec during %.3f seconds\n",
+              speed_upload, total_time);

+    }
    /* always cleanup */
    curl_easy_cleanup(curl);
  }
--- a/docs/examples/ftpgetresp.c
+++ b/docs/examples/ftpgetresp.c
@@ -60,6 +60,10 @@ int main(void)
    curl_easy_setopt(curl, CURLOPT_HEADERFUNCTION, write_response);
    curl_easy_setopt(curl, CURLOPT_WRITEHEADER, respfile);
    res = curl_easy_perform(curl);
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));

    /* always cleanup */
    curl_easy_cleanup(curl);
--- a/docs/examples/ftpsget.c
+++ b/docs/examples/ftpsget.c
@@ -0,0 +1,101 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include <stdio.h>
+
+#include <curl/curl.h>
+
+/*
+ * This is an example showing how to get a single file from an FTPS server.
+ * It delays the actual destination file creation until the first write
+ * callback so that it won't create an empty file in case the remote file
+ * doesn't exist or something else fails.
+ */
+
+struct FtpFile {
+  const char *filename;
+  FILE *stream;
+};
+
+static size_t my_fwrite(void *buffer, size_t size, size_t nmemb,
+                        void *stream)
+{
+  struct FtpFile *out=(struct FtpFile *)stream;
+  if(out && !out->stream) {
+    /* open file for writing */
+    out->stream=fopen(out->filename, "wb");
+    if(!out->stream)
+      return -1; /* failure, can't open file to write */
+  }
+  return fwrite(buffer, size, nmemb, out->stream);
+}
+
+
+int main(void)
+{
+  CURL *curl;
+  CURLcode res;
+  struct FtpFile ftpfile={
+    "yourfile.bin", /* name to store the file as if succesful */
+    NULL
+  };
+
+  curl_global_init(CURL_GLOBAL_DEFAULT);
+
+  curl = curl_easy_init();
+  if(curl) {
+    /*
+     * You better replace the URL with one that works! Note that we use an
+     * FTP:// URL with standard explicit FTPS. You can also do FTPS:// URLs if
+     * you want to do the rarer kind of transfers: implicit.
+     */
+    curl_easy_setopt(curl, CURLOPT_URL,
+                     "ftp://user@server/home/user/file.txt");
+    /* Define our callback to get called when there's data to be written */
+    curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, my_fwrite);
+    /* Set a pointer to our struct to pass to the callback */
+    curl_easy_setopt(curl, CURLOPT_WRITEDATA, &ftpfile);
+
+    /* We activate SSL and we require it for both control and data */
+    curl_easy_setopt(curl, CURLOPT_USE_SSL, CURLUSESSL_ALL);
+
+    /* Switch on full protocol/debug output */
+    curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
+
+    res = curl_easy_perform(curl);
+
+    /* always cleanup */
+    curl_easy_cleanup(curl);
+
+    if(CURLE_OK != res) {
+      /* we failed */
+      fprintf(stderr, "curl told us %d\n", res);
+    }
+  }
+
+  if(ftpfile.stream)
+    fclose(ftpfile.stream); /* close the local file */
+
+  curl_global_cleanup();
+
+  return 0;
+}
--- a/docs/examples/ftpupload.c
+++ b/docs/examples/ftpupload.c
@@ -122,6 +122,10 @@ int main(void)

    /* Now run off and do what you've been told! */
    res = curl_easy_perform(curl);
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));

    /* clean up the FTP commands list */
    curl_slist_free_all (headerlist);
--- a/docs/examples/href_extractor.c
+++ b/docs/examples/href_extractor.c
@@ -0,0 +1,86 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+/*
+ * This example uses the "Streaming HTML parser" to extract the href pieces in
+ * a streaming manner from a downloaded HTML. Kindly donated by Michał
+ * Kowalczyk.
+ *
+ * The parser is found at
+ * http://code.google.com/p/htmlstreamparser/
+ */
+
+#include <stdio.h>
+#include <curl/curl.h>
+#include <htmlstreamparser.h>
+
+
+static size_t write_callback(void *buffer, size_t size, size_t nmemb,
+                             void *hsp)
+{
+  size_t realsize = size * nmemb, p;
+  for (p = 0; p < realsize; p++) {
+    html_parser_char_parse(hsp, ((char *)buffer)[p]);
+    if (html_parser_cmp_tag(hsp, "a", 1))
+      if (html_parser_cmp_attr(hsp, "href", 4))
+        if (html_parser_is_in(hsp, HTML_VALUE_ENDED)) {
+          html_parser_val(hsp)[html_parser_val_length(hsp)] = '\0';
+          printf("%s\n", html_parser_val(hsp));
+        }
+  }
+  return realsize;
+}
+
+int main(int argc, char *argv[])
+{
+  char tag[1], attr[4], val[128];
+  CURL *curl;
+  HTMLSTREAMPARSER *hsp;
+
+  if (argc != 2) {
+    printf("Usage: %s URL\n", argv[0]);
+    return EXIT_FAILURE;
+  }
+
+  curl = curl_easy_init();
+
+  hsp = html_parser_init();
+
+  html_parser_set_tag_to_lower(hsp, 1);
+  html_parser_set_attr_to_lower(hsp, 1);
+  html_parser_set_tag_buffer(hsp, tag, sizeof(tag));
+  html_parser_set_attr_buffer(hsp, attr, sizeof(attr));
+  html_parser_set_val_buffer(hsp, val, sizeof(val)-1);
+
+  curl_easy_setopt(curl, CURLOPT_URL, argv[1]);
+  curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_callback);
+  curl_easy_setopt(curl, CURLOPT_WRITEDATA, hsp);
+  curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1);
+
+  curl_easy_perform(curl);
+
+  curl_easy_cleanup(curl);
+
+  html_parser_cleanup(hsp);
+
+  return EXIT_SUCCESS;
+}
--- a/docs/examples/http-post.c
+++ b/docs/examples/http-post.c
@@ -27,6 +27,10 @@ int main(void)
  CURL *curl;
  CURLcode res;

+  /* In windows, this will init the winsock stuff */
+  curl_global_init(CURL_GLOBAL_ALL);
+
+  /* get a curl handle */
  curl = curl_easy_init();
  if(curl) {
    /* First set the URL that is about to receive our POST. This URL can
@@ -38,9 +42,14 @@ int main(void)

    /* Perform the request, res will get the return code */
    res = curl_easy_perform(curl);
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));

    /* always cleanup */
    curl_easy_cleanup(curl);
  }
+  curl_global_cleanup();
  return 0;
 }
--- a/docs/examples/httpcustomheader.c
+++ b/docs/examples/httpcustomheader.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -38,13 +38,24 @@ int main(void)
    curl_easy_setopt(curl, CURLOPT_URL, "localhost");
    curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
    res = curl_easy_perform(curl);
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));

    /* redo request with our own custom Accept: */
    res = curl_easy_setopt(curl, CURLOPT_HTTPHEADER, chunk);
    res = curl_easy_perform(curl);
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));

    /* always cleanup */
    curl_easy_cleanup(curl);
+
+    /* free the custom headers */
+    curl_slist_free_all(chunk);
  }
  return 0;
 }
--- a/docs/examples/httpput.c
+++ b/docs/examples/httpput.c
@@ -110,6 +110,10 @@ int main(int argc, char **argv)

    /* Now run off and do what you've been told! */
    res = curl_easy_perform(curl);
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));

    /* always cleanup */
    curl_easy_cleanup(curl);
--- a/docs/examples/https.c
+++ b/docs/examples/https.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -27,6 +27,8 @@ int main(void)
  CURL *curl;
  CURLcode res;

+  curl_global_init(CURL_GLOBAL_DEFAULT);
+
  curl = curl_easy_init();
  if(curl) {
    curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/");
@@ -45,7 +47,7 @@ int main(void)
    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
 #endif

-#ifdef SKIP_HOSTNAME_VERFICATION
+#ifdef SKIP_HOSTNAME_VERIFICATION
    /*
     * If the site you're connecting to uses a different host name that what
     * they have mentioned in their server certificate's commonName (or
@@ -55,10 +57,18 @@ int main(void)
    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
 #endif

+    /* Perform the request, res will get the return code */
    res = curl_easy_perform(curl);
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));

    /* always cleanup */
    curl_easy_cleanup(curl);
  }
+
+  curl_global_cleanup();
+
  return 0;
 }
--- a/docs/examples/multi-app.c
+++ b/docs/examples/multi-app.c
@@ -70,7 +70,7 @@ int main(void)
  /* we start some action by calling perform right away */
  curl_multi_perform(multi_handle, &still_running);

-  while(still_running) {
+  do {
    struct timeval timeout;
    int rc; /* select() return code */

@@ -118,7 +118,7 @@ int main(void)
      curl_multi_perform(multi_handle, &still_running);
      break;
    }
-  }
+  } while(still_running);

  /* See how the transfers went */
  while ((msg = curl_multi_info_read(multi_handle, &msgs_left))) {
--- a/docs/examples/multi-debugcallback.c
+++ b/docs/examples/multi-debugcallback.c
@@ -144,7 +144,7 @@ int main(void)
  /* we start some action by calling perform right away */
  curl_multi_perform(multi_handle, &still_running);

-  while(still_running) {
+  do {
    struct timeval timeout;
    int rc; /* select() return code */

@@ -195,7 +195,7 @@ int main(void)
      curl_multi_perform(multi_handle, &still_running);
      break;
    }
-  }
+  } while(still_running);

  curl_multi_cleanup(multi_handle);

--- a/docs/examples/multi-double.c
+++ b/docs/examples/multi-double.c
@@ -59,7 +59,7 @@ int main(void)
  /* we start some action by calling perform right away */
  curl_multi_perform(multi_handle, &still_running);

-  while(still_running) {
+  do {
    struct timeval timeout;
    int rc; /* select() return code */

@@ -108,7 +108,7 @@ int main(void)
      curl_multi_perform(multi_handle, &still_running);
      break;
    }
-  }
+  } while(still_running);

  curl_multi_cleanup(multi_handle);

--- a/docs/examples/multi-post.c
+++ b/docs/examples/multi-post.c
@@ -80,7 +80,7 @@ int main(void)

    curl_multi_perform(multi_handle, &still_running);

-    while(still_running) {
+    do {
      struct timeval timeout;
      int rc; /* select() return code */

@@ -131,7 +131,7 @@ int main(void)
        printf("running: %d!\n", still_running);
        break;
      }
-    }
+    } while(still_running);

    curl_multi_cleanup(multi_handle);

--- a/docs/examples/multi-single.c
+++ b/docs/examples/multi-single.c
@@ -55,7 +55,7 @@ int main(void)
  /* we start some action by calling perform right away */
  curl_multi_perform(multi_handle, &still_running);

-  while(still_running) {
+  do {
    struct timeval timeout;
    int rc; /* select() return code */

@@ -106,7 +106,7 @@ int main(void)
      curl_multi_perform(multi_handle, &still_running);
      break;
    }
-  }
+  } while(still_running);

  curl_multi_cleanup(multi_handle);

--- a/docs/examples/persistant.c
+++ b/docs/examples/persistant.c
@@ -37,12 +37,24 @@ int main(void)

    /* get the first document */
    curl_easy_setopt(curl, CURLOPT_URL, "http://example.com/");
+
+    /* Perform the request, res will get the return code */
    res = curl_easy_perform(curl);
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));

    /* get another document from the same server using the same
       connection */
    curl_easy_setopt(curl, CURLOPT_URL, "http://example.com/docs/");
+
+    /* Perform the request, res will get the return code */
    res = curl_easy_perform(curl);
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));

    /* always cleanup */
    curl_easy_cleanup(curl);
--- a/docs/examples/pop3s.c
+++ b/docs/examples/pop3s.c
@@ -59,7 +59,12 @@ int main(void)
    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
 #endif

+    /* Perform the request, res will get the return code */
    res = curl_easy_perform(curl);
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));

    /* always cleanup */
    curl_easy_cleanup(curl);
--- a/docs/examples/pop3slist.c
+++ b/docs/examples/pop3slist.c
@@ -59,7 +59,12 @@ int main(void)
    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
 #endif

+    /* Perform the request, res will get the return code */
    res = curl_easy_perform(curl);
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));

    /* always cleanup */
    curl_easy_cleanup(curl);
--- a/docs/examples/post-callback.c
+++ b/docs/examples/post-callback.c
@@ -60,6 +60,16 @@ int main(void)
  pooh.readptr = data;
  pooh.sizeleft = strlen(data);

+  /* In windows, this will init the winsock stuff */
+  res = curl_global_init(CURL_GLOBAL_DEFAULT);
+  /* Check for errors */
+  if(res != CURLE_OK) {
+    fprintf(stderr, "curl_global_init() failed: %s\n",
+            curl_easy_strerror(res));
+    return 1;
+  }
+
+  /* get a curl handle */
  curl = curl_easy_init();
  if(curl) {
    /* First set the URL that is about to receive our POST. */
@@ -120,9 +130,14 @@ int main(void)

    /* Perform the request, res will get the return code */
    res = curl_easy_perform(curl);
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));

    /* always cleanup */
    curl_easy_cleanup(curl);
  }
+  curl_global_cleanup();
  return 0;
 }
--- a/docs/examples/postit2.c
+++ b/docs/examples/postit2.c
@@ -83,7 +83,13 @@ int main(int argc, char *argv[])
      /* only disable 100-continue header if explicitly requested */
      curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headerlist);
    curl_easy_setopt(curl, CURLOPT_HTTPPOST, formpost);
+
+    /* Perform the request, res will get the return code */
    res = curl_easy_perform(curl);
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));

    /* always cleanup */
    curl_easy_cleanup(curl);
--- a/docs/examples/sftpget.c
+++ b/docs/examples/sftpget.c
@@ -0,0 +1,106 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include <stdio.h>
+
+#include <curl/curl.h>
+
+/* define this to switch off the use of ssh-agent in this program */
+#undef DISABLE_SSH_AGENT
+
+/*
+ * This is an example showing how to get a single file from an SFTP server.
+ * It delays the actual destination file creation until the first write
+ * callback so that it won't create an empty file in case the remote file
+ * doesn't exist or something else fails.
+ */
+
+struct FtpFile {
+  const char *filename;
+  FILE *stream;
+};
+
+static size_t my_fwrite(void *buffer, size_t size, size_t nmemb,
+                        void *stream)
+{
+  struct FtpFile *out=(struct FtpFile *)stream;
+  if(out && !out->stream) {
+    /* open file for writing */
+    out->stream=fopen(out->filename, "wb");
+    if(!out->stream)
+      return -1; /* failure, can't open file to write */
+  }
+  return fwrite(buffer, size, nmemb, out->stream);
+}
+
+
+int main(void)
+{
+  CURL *curl;
+  CURLcode res;
+  struct FtpFile ftpfile={
+    "yourfile.bin", /* name to store the file as if succesful */
+    NULL
+  };
+
+  curl_global_init(CURL_GLOBAL_DEFAULT);
+
+  curl = curl_easy_init();
+  if(curl) {
+    /*
+     * You better replace the URL with one that works!
+     */
+    curl_easy_setopt(curl, CURLOPT_URL,
+                     "sftp://user@server/home/user/file.txt");
+    /* Define our callback to get called when there's data to be written */
+    curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, my_fwrite);
+    /* Set a pointer to our struct to pass to the callback */
+    curl_easy_setopt(curl, CURLOPT_WRITEDATA, &ftpfile);
+
+#ifndef DISABLE_SSH_AGENT
+    /* We activate ssh agent. For this to work you need
+       to have ssh-agent running (type set | grep SSH_AGENT to check) or
+       pageant on Windows (there is an icon in systray if so) */
+    curl_easy_setopt(curl, CURLOPT_SSH_AUTH_TYPES, CURLSSH_AUTH_AGENT);
+#endif
+
+    /* Switch on full protocol/debug output */
+    curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
+
+    res = curl_easy_perform(curl);
+
+    /* always cleanup */
+    curl_easy_cleanup(curl);
+
+    if(CURLE_OK != res) {
+      /* we failed */
+      fprintf(stderr, "curl told us %d\n", res);
+    }
+  }
+
+  if(ftpfile.stream)
+    fclose(ftpfile.stream); /* close the local file */
+
+  curl_global_cleanup();
+
+  return 0;
+}
--- a/docs/examples/simple.c
+++ b/docs/examples/simple.c
@@ -30,7 +30,13 @@ int main(void)
  curl = curl_easy_init();
  if(curl) {
    curl_easy_setopt(curl, CURLOPT_URL, "http://example.com");
+
+    /* Perform the request, res will get the return code */
    res = curl_easy_perform(curl);
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));

    /* always cleanup */
    curl_easy_cleanup(curl);
--- a/docs/examples/simplepost.c
+++ b/docs/examples/simplepost.c
@@ -39,7 +39,12 @@ int main(void)
       itself */
    curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, (long)strlen(postthis));

+    /* Perform the request, res will get the return code */
    res = curl_easy_perform(curl);
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));

    /* always cleanup */
    curl_easy_cleanup(curl);
--- a/docs/examples/simplesmtp.c
+++ b/docs/examples/simplesmtp.c
@@ -65,6 +65,10 @@ int main(void)

    /* send the message (including headers) */
    res = curl_easy_perform(curl);
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));

    /* free the list of recipients */
    curl_slist_free_all(recipients);
--- a/docs/examples/simplessl.c
+++ b/docs/examples/simplessl.c
@@ -118,7 +118,13 @@ int main(void)
      /* disconnect if we can't validate server's cert */
      curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,1L);

+      /* Perform the request, res will get the return code */
      res = curl_easy_perform(curl);
+      /* Check for errors */
+      if(res != CURLE_OK)
+        fprintf(stderr, "curl_easy_perform() failed: %s\n",
+                curl_easy_strerror(res));
+
      break;                   /* we are done... */
    }
    /* always cleanup */
--- a/docs/examples/smtp-multi.c
+++ b/docs/examples/smtp-multi.c
@@ -96,7 +96,6 @@ int main(void)
   CURLM *mcurl;
   int still_running = 1;
   struct timeval mp_start;
-   char mp_timedout = 0;
   struct WriteThis pooh;
   struct curl_slist* rcpt_list = NULL;

@@ -132,7 +131,6 @@ int main(void)
   curl_easy_setopt(curl, CURLOPT_SSL_SESSIONID_CACHE, 0L);
   curl_multi_add_handle(mcurl, curl);

-   mp_timedout = 0;
   mp_start = tvnow();

  /* we start some action by calling perform right away */
--- a/docs/examples/smtp-tls.c
+++ b/docs/examples/smtp-tls.c
@@ -139,6 +139,10 @@ int main(void)

    /* send the message (including headers) */
    res = curl_easy_perform(curl);
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));

    /* free the list of recipients and clean up */
    curl_slist_free_all(recipients);
--- a/docs/libcurl/Makefile.am
+++ b/docs/libcurl/Makefile.am
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -38,7 +38,7 @@ man_MANS = curl_easy_cleanup.3 curl_easy_getinfo.3 curl_easy_init.3	 \
 curl_easy_unescape.3 curl_multi_setopt.3 curl_multi_socket.3		 \
 curl_multi_timeout.3 curl_formget.3 curl_multi_assign.3		 \
 curl_easy_pause.3 curl_easy_recv.3 curl_easy_send.3			 \
- curl_multi_socket_action.3
+ curl_multi_socket_action.3 curl_multi_wait.3

 HTMLPAGES = curl_easy_cleanup.html curl_easy_getinfo.html		\
 curl_easy_init.html curl_easy_perform.html curl_easy_setopt.html	\
@@ -58,7 +58,7 @@ HTMLPAGES = curl_easy_cleanup.html curl_easy_getinfo.html		\
 curl_easy_unescape.html curl_multi_setopt.html curl_multi_socket.html	\
 curl_multi_timeout.html curl_formget.html curl_multi_assign.html	\
 curl_easy_pause.html curl_easy_recv.html curl_easy_send.html		\
- curl_multi_socket_action.html
+ curl_multi_socket_action.html curl_multi_wait.html

 PDFPAGES = curl_easy_cleanup.pdf curl_easy_getinfo.pdf			 \
 curl_easy_init.pdf curl_easy_perform.pdf curl_easy_setopt.pdf		 \
@@ -77,7 +77,7 @@ PDFPAGES = curl_easy_cleanup.pdf curl_easy_getinfo.pdf			 \
 curl_easy_escape.pdf curl_easy_unescape.pdf curl_multi_setopt.pdf	 \
 curl_multi_socket.pdf curl_multi_timeout.pdf curl_formget.pdf		 \
 curl_multi_assign.pdf curl_easy_pause.pdf curl_easy_recv.pdf		 \
- curl_easy_send.pdf curl_multi_socket_action.pdf
+ curl_easy_send.pdf curl_multi_socket_action.pdf curl_multi_wait.pdf

 CLEANFILES = $(HTMLPAGES) $(PDFPAGES)

--- a/docs/libcurl/curl_easy_setopt.3
+++ b/docs/libcurl/curl_easy_setopt.3
@@ -69,7 +69,7 @@ output. This is only relevant for protocols that actually have headers
 preceding the data (like HTTP).
 .IP CURLOPT_NOPROGRESS
 Pass a long. If set to 1, it tells the library to shut off the progress meter
-completely. It will also present the \fICURLOPT_PROGRESSFUNCTION\fP from
+completely. It will also prevent the \fICURLOPT_PROGRESSFUNCTION\fP from
 getting called.

 Future versions of libcurl are likely to not have any built-in progress meter
@@ -147,10 +147,10 @@ Using the rules above, a file name pattern can be constructed:
 (This was added in 7.21.0)
 .SH CALLBACK OPTIONS
 .IP CURLOPT_WRITEFUNCTION
-Function pointer that should match the following prototype: \fBsize_t
-function( char *ptr, size_t size, size_t nmemb, void *userdata);\fP This
-function gets called by libcurl as soon as there is data received that needs
-to be saved. The size of the data pointed to by \fIptr\fP is \fIsize\fP
+Pass a pointer to a function that matches the following prototype:
+\fBsize_t function( char *ptr, size_t size, size_t nmemb, void *userdata);\fP
+This function gets called by libcurl as soon as there is data received that
+needs to be saved. The size of the data pointed to by \fIptr\fP is \fIsize\fP
 multiplied with \fInmemb\fP, it will not be zero terminated. Return the number
 of bytes actually taken care of. If that amount differs from the amount passed
 to your function, it'll signal an error to the library. This will abort the
@@ -193,11 +193,11 @@ crashes.
 This option is also known with the older name \fICURLOPT_FILE\fP, the name
 \fICURLOPT_WRITEDATA\fP was introduced in 7.9.7.
 .IP CURLOPT_READFUNCTION
-Function pointer that should match the following prototype: \fBsize_t
-function( void *ptr, size_t size, size_t nmemb, void *userdata);\fP This
-function gets called by libcurl as soon as it needs to read data in order to
-send it to the peer. The data area pointed at by the pointer \fIptr\fP may be
-filled with at most \fIsize\fP multiplied with \fInmemb\fP number of
+Pass a pointer to a function that matches the following prototype:
+\fBsize_t function( void *ptr, size_t size, size_t nmemb, void *userdata);\fP
+This function gets called by libcurl as soon as it needs to read data in order
+to send it to the peer. The data area pointed at by the pointer \fIptr\fP may
+be filled with at most \fIsize\fP multiplied with \fInmemb\fP number of
 bytes. Your function must return the actual number of bytes that you stored in
 that memory area. Returning 0 will signal end-of-file to the library and cause
 it to stop the current transfer.
@@ -234,13 +234,13 @@ If you're using libcurl as a win32 DLL, you MUST use a
 This option was also known by the older name \fICURLOPT_INFILE\fP, the name
 \fICURLOPT_READDATA\fP was introduced in 7.9.7.
 .IP CURLOPT_IOCTLFUNCTION
-Function pointer that should match the \fIcurl_ioctl_callback\fP prototype
-found in \fI<curl/curl.h>\fP. This function gets called by libcurl when
-something special I/O-related needs to be done that the library can't do by
-itself. For now, rewinding the read data stream is the only action it can
-request. The rewinding of the read data stream may be necessary when doing a
-HTTP PUT or POST with a multi-pass authentication method.  (Option added in
-7.12.3).
+Pass a pointer to a function that matches the following prototype:
+\fBcurlioerr function(CURL *handle, int cmd, void *clientp);\fP. This function
+gets called by libcurl when something special I/O-related needs to be done
+that the library can't do by itself. For now, rewinding the read data stream
+is the only action it can request. The rewinding of the read data stream may
+be necessary when doing a HTTP PUT or POST with a multi-pass authentication
+method.  (Option added in 7.12.3).

 Use \fICURLOPT_SEEKFUNCTION\fP instead to provide seeking!
 .IP CURLOPT_IOCTLDATA
@@ -248,7 +248,7 @@ Pass a pointer that will be untouched by libcurl and passed as the 3rd
 argument in the ioctl callback set with \fICURLOPT_IOCTLFUNCTION\fP.  (Option
 added in 7.12.3)
 .IP CURLOPT_SEEKFUNCTION
-Function pointer that should match the following prototype: \fIint
+Pass a pointer to a function that matches the following prototype: \fBint
 function(void *instream, curl_off_t offset, int origin);\fP This function gets
 called by libcurl to seek to a certain position in the input stream and can be
 used to fast forward a file in a resumed upload (instead of reading all
@@ -270,18 +270,22 @@ Data pointer to pass to the file seek function. If you use the
 \fICURLOPT_SEEKFUNCTION\fP option, this is the pointer you'll get as input. If
 you don't specify a seek callback, NULL is passed. (Option added in 7.18.0)
 .IP CURLOPT_SOCKOPTFUNCTION
-Function pointer that should match the \fIcurl_sockopt_callback\fP prototype
-found in \fI<curl/curl.h>\fP. This function gets called by libcurl after the
-socket() call but before the connect() call. The callback's \fIpurpose\fP
-argument identifies the exact purpose for this particular socket, and
-currently only one value is supported: \fICURLSOCKTYPE_IPCXN\fP for the
-primary connection (meaning the control connection in the FTP case). Future
-versions of libcurl may support more purposes. It passes the newly created
-socket descriptor so additional setsockopt() calls can be done at the user's
-discretion.  Return 0 (zero) from the callback on success. Return 1 from the
-callback function to signal an unrecoverable error to the library and it will
-close the socket and return \fICURLE_COULDNT_CONNECT\fP.  (Option added in
-7.16.0)
+Pass a pointer to a function that matches the following prototype: \fBint
+function(void *clientp, curl_socket_t curlfd, curlsocktype purpose);\fP. This
+function gets called by libcurl after the socket() call but before the
+connect() call. The callback's \fIpurpose\fP argument identifies the exact
+purpose for this particular socket:
+
+\fICURLSOCKTYPE_IPCXN\fP for actively created connections or since 7.28.0
+\fICURLSOCKTYPE_ACCEPT\fP for FTP when the connection was setup with PORT/EPSV
+(in earlier versions these sockets weren't passed to this callback).
+
+Future versions of libcurl may support more purposes. It passes the newly
+created socket descriptor so additional setsockopt() calls can be done at the
+user's discretion.  Return 0 (zero) from the callback on success. Return 1
+from the callback function to signal an unrecoverable error to the library and
+it will close the socket and return \fICURLE_COULDNT_CONNECT\fP.  (Option
+added in 7.16.0)

 Added in 7.21.5, the callback function may return
 \fICURL_SOCKOPT_ALREADY_CONNECTED\fP, which tells libcurl that the socket is
@@ -291,20 +295,21 @@ Pass a pointer that will be untouched by libcurl and passed as the first
 argument in the sockopt callback set with \fICURLOPT_SOCKOPTFUNCTION\fP.
 (Option added in 7.16.0)
 .IP CURLOPT_OPENSOCKETFUNCTION
-Function pointer that should match the \fIcurl_opensocket_callback\fP
-prototype found in \fI<curl/curl.h>\fP. This function gets called by libcurl
-instead of the \fIsocket(2)\fP call. The callback's \fIpurpose\fP argument
-identifies the exact purpose for this particular socket:
-\fICURLSOCKTYPE_IPCXN\fP is for IP based connections. Future versions of
-libcurl may support more purposes. It passes the resolved peer address as a
-\fIaddress\fP argument so the callback can modify the address or refuse to
-connect at all. The callback function should return the socket or
-\fICURL_SOCKET_BAD\fP in case no connection should be established or any error
-detected. Any additional \fIsetsockopt(2)\fP calls can be done on the socket
-at the user's discretion.  \fICURL_SOCKET_BAD\fP return value from the
-callback function will signal an unrecoverable error to the library and it
-will return \fICURLE_COULDNT_CONNECT\fP.  This return code can be used for IP
-address blacklisting.  The default behavior is:
+Pass a pointer to a function that matches the following prototype:
+\fBcurl_socket_t function(void *clientp, curlsocktype purpose, struct
+curl_sockaddr *address);\fP. This function gets called by libcurl instead of
+the \fIsocket(2)\fP call. The callback's \fIpurpose\fP argument identifies the
+exact purpose for this particular socket: \fICURLSOCKTYPE_IPCXN\fP is for IP
+based connections. Future versions of libcurl may support more purposes. It
+passes the resolved peer address as a \fIaddress\fP argument so the callback
+can modify the address or refuse to connect at all. The callback function
+should return the socket or \fICURL_SOCKET_BAD\fP in case no connection could
+be established or another error was detected. Any additional
+\fIsetsockopt(2)\fP calls can be done on the socket at the user's discretion.
+\fICURL_SOCKET_BAD\fP return value from the callback function will signal an
+unrecoverable error to the library and it will return
+\fICURLE_COULDNT_CONNECT\fP.  This return code can be used for IP address
+blacklisting.  The default behavior is:
 .nf
   return socket(addr->family, addr->socktype, addr->protocol);
 .fi
@@ -314,25 +319,26 @@ Pass a pointer that will be untouched by libcurl and passed as the first
 argument in the opensocket callback set with \fICURLOPT_OPENSOCKETFUNCTION\fP.
 (Option added in 7.17.1.)
 .IP CURLOPT_CLOSESOCKETFUNCTION
-Function pointer that should match the \fIcurl_closesocket_callback\fP
-prototype found in \fI<curl/curl.h>\fP. This function gets called by libcurl
-instead of the \fIclose(3)\fP or \fIclosesocket(3)\fP call when sockets are
-closed (not for any other file descriptors). This is pretty much the reverse
-to the \fICURLOPT_OPENSOCKETFUNCTION\fP option. Return 0 to signal success and
-1 if there was an error.  (Option added in 7.21.7)
+Pass a pointer to a function that matches the following prototype: \fBint
+function(void *clientp, curl_socket_t item);\fP. This function gets called by
+libcurl instead of the \fIclose(3)\fP or \fIclosesocket(3)\fP call when
+sockets are closed (not for any other file descriptors). This is pretty much
+the reverse to the \fICURLOPT_OPENSOCKETFUNCTION\fP option. Return 0 to signal
+success and 1 if there was an error.  (Option added in 7.21.7)
 .IP CURLOPT_CLOSESOCKETDATA
 Pass a pointer that will be untouched by libcurl and passed as the first
 argument in the closesocket callback set with
 \fICURLOPT_CLOSESOCKETFUNCTION\fP.  (Option added in 7.21.7)
 .IP CURLOPT_PROGRESSFUNCTION
-Function pointer that should match the \fIcurl_progress_callback\fP prototype
-found in \fI<curl/curl.h>\fP. This function gets called by libcurl instead of
-its internal equivalent with a frequent interval during operation (roughly
-once per second or sooner) no matter if data is being transfered or not.
-Unknown/unused argument values passed to the callback will be set to zero
-(like if you only download data, the upload size will remain 0). Returning a
-non-zero value from this callback will cause libcurl to abort the transfer and
-return \fICURLE_ABORTED_BY_CALLBACK\fP.
+Pass a pointer to a function that matches the following prototype: \fBint
+function(void *clientp, double dltotal, double dlnow, double ultotal, double
+ulnow); \fP. This function gets called by libcurl instead of its internal
+equivalent with a frequent interval during operation (roughly once per second
+or sooner) no matter if data is being transferred or not.  Unknown/unused
+argument values passed to the callback will be set to zero (like if you only
+download data, the upload size will remain 0). Returning a non-zero value from
+this callback will cause libcurl to abort the transfer and return
+\fICURLE_ABORTED_BY_CALLBACK\fP.

 If you transfer data with the multi interface, this function will not be
 called during periods of idleness unless you call the appropriate libcurl
@@ -344,14 +350,14 @@ get called.
 Pass a pointer that will be untouched by libcurl and passed as the first
 argument in the progress callback set with \fICURLOPT_PROGRESSFUNCTION\fP.
 .IP CURLOPT_HEADERFUNCTION
-Function pointer that should match the following prototype: \fIsize_t
-function( void *ptr, size_t size, size_t nmemb, void *userdata);\fP. This
-function gets called by libcurl as soon as it has received header data. The
-header callback will be called once for each header and only complete header
-lines are passed on to the callback. Parsing headers is very easy using
-this. The size of the data pointed to by \fIptr\fP is \fIsize\fP multiplied
-with \fInmemb\fP. Do not assume that the header line is zero terminated! The
-pointer named \fIuserdata\fP is the one you set with the
+Pass a pointer to a function that matches the following prototype:
+\fBsize_t function( void *ptr, size_t size, size_t nmemb, void
+*userdata);\fP. This function gets called by libcurl as soon as it has
+received header data. The header callback will be called once for each header
+and only complete header lines are passed on to the callback. Parsing headers
+is very easy using this. The size of the data pointed to by \fIptr\fP is
+\fIsize\fP multiplied with \fInmemb\fP. Do not assume that the header line is
+zero terminated! The pointer named \fIuserdata\fP is the one you set with the
 \fICURLOPT_WRITEHEADER\fP option. The callback function must return the number
 of bytes actually taken care of. If that amount differs from the amount passed
 to your function, it'll signal an error to the library. This will abort the
@@ -391,7 +397,7 @@ the writing, this must be a valid FILE * as the internal default will then be
 a plain fwrite(). See also the \fICURLOPT_HEADERFUNCTION\fP option above on
 how to set a custom get-all-headers callback.
 .IP CURLOPT_DEBUGFUNCTION
-Function pointer that should match the following prototype: \fIint
+Pass a pointer to a function that matches the following prototype: \fBint
 curl_debug_callback (CURL *, curl_infotype, char *, size_t, void *);\fP
 \fICURLOPT_DEBUGFUNCTION\fP replaces the standard debug function used when
 \fICURLOPT_VERBOSE \fP is in effect. This callback receives debug information,
@@ -420,11 +426,11 @@ used by libcurl, it is only passed to the callback.
 This option does only function for libcurl powered by OpenSSL. If libcurl was
 built against another SSL library, this functionality is absent.

-Function pointer that should match the following prototype: \fBCURLcode
-sslctxfun(CURL *curl, void *sslctx, void *parm);\fP This function gets called
-by libcurl just before the initialization of a SSL connection after having
-processed all other SSL related options to give a last chance to an
-application to modify the behaviour of openssl's ssl initialization. The
+Pass a pointer to a function that matches the following prototype:
+\fBCURLcode sslctxfun(CURL *curl, void *sslctx, void *parm);\fP This function
+gets called by libcurl just before the initialization of a SSL connection
+after having processed all other SSL related options to give a last chance to
+an application to modify the behaviour of openssl's ssl initialization. The
 \fIsslctx\fP parameter is actually a pointer to an openssl \fISSL_CTX\fP. If
 an error is returned no attempt to establish a connection is made and the
 perform operation will return the error code from this callback function.  Set
@@ -447,8 +453,8 @@ parameter, otherwise \fBNULL\fP. (Added in 7.11.0)
 .IP CURLOPT_CONV_TO_NETWORK_FUNCTION
 .IP CURLOPT_CONV_FROM_NETWORK_FUNCTION
 .IP CURLOPT_CONV_FROM_UTF8_FUNCTION
-Function pointers that should match the following prototype: CURLcode
-function(char *ptr, size_t length);
+Pass a pointer to a function that matches the following prototype:
+\fBCURLcode function(char *ptr, size_t length);\fP

 These three options apply to non-ASCII platforms only.  They are available
 only if \fBCURL_DOES_CONVERSIONS\fP was defined when libcurl was built. When
@@ -490,18 +496,19 @@ follows:
 You will need to override these definitions if they are different on your
 system.
 .IP CURLOPT_INTERLEAVEFUNCTION
-Function pointer that should match the following prototype: \fIsize_t
-function( void *ptr, size_t size, size_t nmemb, void *userdata)\fP. This
-function gets called by libcurl as soon as it has received interleaved RTP
-data. This function gets called for each $ block and therefore contains
-exactly one upper-layer protocol unit (e.g.  one RTP packet). Curl writes the
-interleaved header as well as the included data for each call. The first byte
-is always an ASCII dollar sign. The dollar sign is followed by a one byte
-channel identifier and then a 2 byte integer length in network byte order. See
-\fIRFC 2326 Section 10.12\fP for more information on how RTP interleaving
-behaves. If unset or set to NULL, curl will use the default write function.
+Pass a pointer to a function that matches the following prototype:
+\fBsize_t function( void *ptr, size_t size, size_t nmemb, void
+*userdata)\fP. This function gets called by libcurl as soon as it has received
+interleaved RTP data. This function gets called for each $ block and therefore
+contains exactly one upper-layer protocol unit (e.g.  one RTP packet). Curl
+writes the interleaved header as well as the included data for each call. The
+first byte is always an ASCII dollar sign. The dollar sign is followed by a
+one byte channel identifier and then a 2 byte integer length in network byte
+order. See \fIRFC2326 Section 10.12\fP for more information on how RTP
+interleaving behaves. If unset or set to NULL, curl will use the default write
+function.

-Interleaved RTP poses some challeneges for the client application. Since the
+Interleaved RTP poses some challenges for the client application. Since the
 stream data is sharing the RTSP control connection, it is critical to service
 the RTP in a timely fashion. If the RTP data is not handled quickly,
 subsequent response processing may become unreasonably delayed and the
@@ -515,10 +522,10 @@ This is the userdata pointer that will be passed to
 \fICURLOPT_INTERLEAVEFUNCTION\fP when interleaved RTP data is received. (Added
 in 7.20.0)
 .IP CURLOPT_CHUNK_BGN_FUNCTION
-Function pointer that should match the following prototype: \fBlong function
-(const void *transfer_info, void *ptr, int remains)\fP. This function gets
-called by libcurl before a part of the stream is going to be transferred (if
-the transfer supports chunks).
+Pass a pointer to a function that matches the following prototype:
+\fBlong function (const void *transfer_info, void *ptr, int remains)\fP. This
+function gets called by libcurl before a part of the stream is going to be
+transferred (if the transfer supports chunks).

 This callback makes sense only when using the \fICURLOPT_WILDCARDMATCH\fP
 option for now.
@@ -535,9 +542,9 @@ Return \fICURL_CHUNK_BGN_FUNC_OK\fP if everything is fine,
 \fICURL_CHUNK_BGN_FUNC_FAIL\fP to tell libcurl to stop if some error occurred.
 (This was added in 7.21.0)
 .IP CURLOPT_CHUNK_END_FUNCTION
-Function pointer that should match the following prototype: \fBlong
-function(void *ptr)\fP. This function gets called by libcurl as soon as a part
-of the stream has been transferred (or skipped).
+Pass a pointer to a function that matches the following prototype:
+\fBlong function(void *ptr)\fP. This function gets called by libcurl as soon
+as a part of the stream has been transferred (or skipped).

 Return \fICURL_CHUNK_END_FUNC_OK\fP if everything is fine or
 \fBCURL_CHUNK_END_FUNC_FAIL\fP to tell the lib to stop if some error occurred.
@@ -547,9 +554,9 @@ Pass a pointer that will be untouched by libcurl and passed as the ptr
 argument to the \fICURL_CHUNK_BGN_FUNTION\fP and \fICURL_CHUNK_END_FUNTION\fP.
 (This was added in 7.21.0)
 .IP CURLOPT_FNMATCH_FUNCTION
-Function pointer that should match \fBint function(void *ptr, const char
-*pattern, const char *string)\fP prototype (see \fIcurl/curl.h\fP). It is used
-internally for the wildcard matching feature.
+Pass a pointer to a function that matches the following prototype: \fBint
+function(void *ptr, const char *pattern, const char *string)\fP prototype (see
+\fIcurl/curl.h\fP). It is used internally for the wildcard matching feature.

 Return \fICURL_FNMATCHFUNC_MATCH\fP if pattern matches the string,
 \fICURL_FNMATCHFUNC_NOMATCH\fP if not or \fICURL_FNMATCHFUNC_FAIL\fP if an
@@ -563,11 +570,11 @@ Pass a char * to a buffer that the libcurl may store human readable error
 messages in. This may be more helpful than just the return code from
 \fIcurl_easy_perform\fP. The buffer must be at least CURL_ERROR_SIZE big.
 Although this argument is a 'char *', it does not describe an input string.
-Therefore the (probably undefined) contents of the buffer is NOT copied
-by the library. You should keep the associated storage available until
-libcurl no longer needs it. Failing to do so will cause very odd behavior
-or even crashes. libcurl will need it until you call \fIcurl_easy_cleanup(3)\fP
-or you set the same option again to use a different pointer.
+Therefore the (probably undefined) contents of the buffer is NOT copied by the
+library. You must keep the associated storage available until libcurl no
+longer needs it. Failing to do so will cause very odd behavior or even
+crashes. libcurl will need it until you call \fIcurl_easy_cleanup(3)\fP or you
+set the same option again to use a different pointer.

 Use \fICURLOPT_VERBOSE\fP and \fICURLOPT_DEBUGFUNCTION\fP to better
 debug/trace why errors happen.
@@ -592,13 +599,13 @@ detected, like when a "100-continue" is received as a response to a
 POST/PUT and a 401 or 407 is received immediately afterwards.
 .SH NETWORK OPTIONS
 .IP CURLOPT_URL
-The actual URL to deal with. The parameter should be a char * to a zero
-terminated string which must be URL-encoded in the following format:
+Pass in a pointer to the actual URL to deal with. The parameter should be a
+char * to a zero terminated string which must be URL-encoded in the following
+format:

 scheme://host:port/path

-For a greater explanation of the format please see RFC 3986
-(http://curl.haxx.se/rfc/rfc3986.txt).
+For a greater explanation of the format please see RFC3986.

 If the given URL lacks the scheme, or protocol, part ("http://" or "ftp://"
 etc), libcurl will attempt to resolve which protocol to use based on the
@@ -626,18 +633,20 @@ authentication.

 For example the following types of authentication support this:

-http://user:password@www.domain.com
-ftp://user:password@ftp.domain.com
-pop3://user:password@mail.domain.com
+http://user:password@www.example.com
+
+ftp://user:password@ftp.example.com
+
+pop3://user:password@mail.example.com

 The port is optional and when not specified libcurl will use the default port
-based on the determined or specified protocol: 80 for http, 21 for ftp and 25
-for smtp, etc. The following examples show how to specify the port:
+based on the determined or specified protocol: 80 for HTTP, 21 for FTP and 25
+for SMTP, etc. The following examples show how to specify the port:

-http://www.weirdserver.com:8080/ - This will connect to a web server using
-port 8080.
+http://www.example.com:8080/ - This will connect to a web server using port
+8080 rather than 80.

-smtp://mail.domain.com:587/ - This will connect to a smtp server on the
+smtp://mail.example.com:587/ - This will connect to a SMTP server on the
 alternative mail port.

 The path part of the URL is protocol specific and whilst some examples are
@@ -652,13 +661,12 @@ retrieved for either the directory specified or the root directory. The
 exact resource returned for each URL is entirely dependent on the server's
 configuration.

-http://www.netscape.com - This gets the main page (index.html in this
-example) from Netscape's web server.
+http://www.example.com - This gets the main page from the web server.

-http://www.netscape.com/index.html - This returns the main page from Netscape
-by specifying the page to get.
+http://www.example.com/index.html - This returns the main page by explicitly
+requesting it.

-http://www.netscape.com/contactus/ - This returns the default document from
+http://www.example.com/contactus/ - This returns the default document from
 the contactus directory.

 .B FTP
@@ -668,15 +676,16 @@ directory. If the file part is omitted then libcurl downloads the directory
 listing for the directory specified. If the directory is omitted then
 the directory listing for the root / home directory will be returned.

-ftp://cool.haxx.se - This retrieves the directory listing for our FTP server.
+ftp://ftp.example.com - This retrieves the directory listing for the root
+directory.

-ftp://cool.haxx.se/readme.txt - This downloads the file readme.txt from the
+ftp://ftp.example.com/readme.txt - This downloads the file readme.txt from the
 root directory.

-ftp://cool.haxx.se/libcurl/readme.txt - This downloads readme.txt from the
+ftp://ftp.example.com/libcurl/readme.txt - This downloads readme.txt from the
 libcurl directory.

-ftp://user:password@my.example.com/readme.txt - This retrieves the readme.txt
+ftp://user:password@ftp.example.com/readme.txt - This retrieves the readme.txt
 file from the user's home directory. When a username and password is
 specified, everything that is specified in the path part is relative to the
 user's home directory. To retrieve files from the root directory or a
@@ -684,7 +693,7 @@ directory underneath the root directory then the absolute path must be
 specified by prepending an additional forward slash to the beginning of the
 path.

-ftp://user:password@my.example.com//readme.txt - This retrieves the readme.txt
+ftp://user:password@ftp.example.com//readme.txt - This retrieves the readme.txt
 from the root directory when logging in as a specified user.

 .B SMTP
@@ -697,11 +706,11 @@ and specifying this path allows you to set an alternative name, such as
 your machine's fully qualified domain name, which you might have obtained
 from an external function such as gethostname or getaddrinfo.

-smtp://mail.domain.com - This connects to the mail server at domain.com and
+smtp://mail.example.com - This connects to the mail server at example.com and
 sends your local computer's host name in the HELO / EHLO command.

-smtp://mail.domain.com/client.domain.com - This will send client.domain.com in
-the HELO / EHLO command to the mail server at domain.com.
+smtp://mail.example.com/client.example.com - This will send client.example.com in
+the HELO / EHLO command to the mail server at example.com.

 .B POP3

@@ -709,8 +718,8 @@ The path part of a POP3 request specifies the mailbox (message) to retrieve.
 If the mailbox is not specified then a list of waiting messages is returned
 instead.

-pop3://user:password@mail.domain.com - This lists the available messages
-pop3://user:password@mail.domain.com/1 - This retrieves the first message
+pop3://user:password@mail.example.com - This lists the available messages
+pop3://user:password@mail.example.com/1 - This retrieves the first message

 .B SCP

@@ -745,6 +754,26 @@ user's home directory
 sftp://ssh.example.com/~/Documents/ - This requests a directory listing
 of the Documents directory under the user's home directory

+.B LDAP
+
+The path part of a LDAP request can be used to specify the: Distinguished
+Name, Attributes, Scope, Filter and Extension for a LDAP search. Each field
+is separated by a question mark and when that field is not required an empty
+string with the question mark separator should be included.
+
+ldap://ldap.example.com/o=My%20Organisation - This will perform a LDAP search
+with the DN as My Organisation.
+
+ldap://ldap.example.com/o=My%20Organisation?postalAddress - This will perform
+the same search but will only return postalAddress attributes.
+
+ldap://ldap.example.com/?rootDomainNamingContext - This specifies an empty DN
+and requests information about the rootDomainNamingContext attribute for an
+Active Directory server.
+
+For more information about the individual components of a LDAP URL please
+see RFC4516.
+
 .B NOTES

 Starting with version 7.20.0, the fragment part of the URI will not be sent as
@@ -820,13 +849,14 @@ affect how libcurl speaks to a proxy when CONNECT is used. The HTTP version
 used for "regular" HTTP requests is instead controlled with
 \fICURLOPT_HTTP_VERSION\fP.
 .IP CURLOPT_NOPROXY
-Pass a pointer to a zero terminated string. This should be a comma separated
-list of hosts which do not use a proxy, if one is specified.  The only
-wildcard is a single * character, which matches all hosts, and effectively
-disables the proxy. Each name in this list is matched as either a domain which
-contains the hostname, or the hostname itself. For example, local.com would
-match local.com, local.com:80, and www.local.com, but not www.notlocal.com.
-(Added in 7.19.4)
+Pass a pointer to a zero terminated string. The string consists of a comma
+separated list of host names that do not require a proxy to get reached, even
+if one is specified.  The only wildcard available is a single * character,
+which matches all hosts, and effectively disables the proxy. Each name in this
+list is matched as either a domain which contains the hostname, or the
+hostname itself. For example, example.com would match example.com,
+example.com:80, and www.example.com, but not www.notanexample.com.  (Added in
+7.19.4)
 .IP CURLOPT_HTTPPROXYTUNNEL
 Set the parameter to 1 to make the library tunnel all operations through a
 given HTTP proxy. There is a big difference between using a proxy and to
@@ -838,7 +868,7 @@ default service name for a SOCKS5 server is rcmd/server-fqdn. This option
 allows you to change it. (Added in 7.19.4)
 .IP CURLOPT_SOCKS5_GSSAPI_NEC
 Pass a long set to 1 to enable or 0 to disable. As part of the gssapi
-negotiation a protection mode is negotiated. The rfc1961 says in section
+negotiation a protection mode is negotiated. The RFC1961 says in section
 4.3/4.4 it should be protected, but the NEC reference implementation does not.
 If enabled, this option allows the unprotected exchange of the protection mode
 negotiation. (Added in 7.19.4).
@@ -861,7 +891,7 @@ connection. This can be used in combination with \fICURLOPT_INTERFACE\fP and
 you are recommended to use \fICURLOPT_LOCALPORTRANGE\fP as well when this is
 set. Valid port numbers are 1 - 65535. (Added in 7.15.2)
 .IP CURLOPT_LOCALPORTRANGE
-Pass a long. This is the number of attempts libcurl should make to find a
+Pass a long. This is the number of attempts libcurl will make to find a
 working local port number. It starts with the given \fICURLOPT_LOCALPORT\fP
 and adds one to the number for each retry. Setting this to 1 or below will
 make libcurl do only one try for the exact port number. Port numbers by nature
@@ -900,21 +930,20 @@ only makes sense to use this option if you want it smaller.
 Pass a long specifying what remote port number to connect to, instead of the
 one specified in the URL or the default port for the used protocol.
 .IP CURLOPT_TCP_NODELAY
-Pass a long specifying whether the TCP_NODELAY option should be set or
-cleared (1 = set, 0 = clear). The option is cleared by default. This
-will have no effect after the connection has been established.
+Pass a long specifying whether the TCP_NODELAY option is to be set or cleared
+(1 = set, 0 = clear). The option is cleared by default. This will have no
+effect after the connection has been established.

-Setting this option will disable TCP's Nagle algorithm. The purpose of
-this algorithm is to try to minimize the number of small packets on
-the network (where "small packets" means TCP segments less than the
-Maximum Segment Size (MSS) for the network).
+Setting this option will disable TCP's Nagle algorithm. The purpose of this
+algorithm is to try to minimize the number of small packets on the network
+(where "small packets" means TCP segments less than the Maximum Segment Size
+(MSS) for the network).

 Maximizing the amount of data sent per TCP segment is good because it
-amortizes the overhead of the send. However, in some cases (most
-notably telnet or rlogin) small segments may need to be sent
-without delay. This is less efficient than sending larger amounts of
-data at a time, and can contribute to congestion on the network if
-overdone.
+amortizes the overhead of the send. However, in some cases (most notably
+telnet or rlogin) small segments may need to be sent without delay. This is
+less efficient than sending larger amounts of data at a time, and can
+contribute to congestion on the network if overdone.
 .IP CURLOPT_ADDRESS_SCOPE
 Pass a long specifying the scope_id value to use when connecting to IPv6
 link-local or site-local addresses. (Added in 7.19.0)
@@ -1099,7 +1128,7 @@ authentication method(s) you want it to use for TLS authentication.
 .RS
 .IP CURLOPT_TLSAUTH_SRP
 TLS-SRP authentication. Secure Remote Password authentication for TLS is
-defined in RFC 5054 and provides mutual authentication if both sides have a
+defined in RFC5054 and provides mutual authentication if both sides have a
 shared secret. To use TLS-SRP, you must also set the
 \fICURLOPT_TLSAUTH_USERNAME\fP and \fICURLOPT_TLSAUTH_PASSWORD\fP options.

@@ -1148,8 +1177,8 @@ the server is ignored. See the special file lib/README.encoding for details.
 .IP CURLOPT_TRANSFER_ENCODING
 Adds a request for compressed Transfer Encoding in the outgoing HTTP
 request. If the server supports this and so desires, it can respond with the
-HTTP resonse sent using a compressed Transfer-Encoding that will be
-automatically uncompressed by libcurl on receival.
+HTTP response sent using a compressed Transfer-Encoding that will be
+automatically uncompressed by libcurl on reception.

 Transfer-Encoding differs slightly from the Content-Encoding you ask for with
 \fBCURLOPT_ACCEPT_ENCODING\fP in that a Transfer-Encoding is strictly meant to
@@ -1184,19 +1213,19 @@ an infinite number of redirects (which is the default)
 .IP CURLOPT_POSTREDIR
 Pass a bitmask to control how libcurl acts on redirects after POSTs that get a
 301, 302 or 303 response back.  A parameter with bit 0 set (value
-\fBCURL_REDIR_POST_301\fP) tells the library to respect RFC 2616/10.3.2 and
-not convert POST requests into GET requests when following a 301
-redirection. Setting bit 1 (value CURL_REDIR_POST_302) makes libcurl maintain
-the request method after a 302 redirect. Setting bit 2 (value
-\fBCURL_REDIR_POST_303) makes libcurl maintain the request method after a 302
-redirect. CURL_REDIR_POST_ALL is a convenience define that sets both bits.
+\fBCURL_REDIR_POST_301\fP) tells the library to respect RFC2616/10.3.2 and not
+convert POST requests into GET requests when following a 301 redirection.
+Setting bit 1 (value \fBCURL_REDIR_POST_302\fP) makes libcurl maintain the
+request method after a 302 redirect whilst setting bit 2 (value
+\fBCURL_REDIR_POST_303\fP) makes libcurl maintain the request method after a
+303 redirect. The value \fBCURL_REDIR_POST_ALL\fP is a convenience define that
+sets all three bits.

 The non-RFC behaviour is ubiquitous in web browsers, so the library does the
 conversion by default to maintain consistency. However, a server may require a
 POST to remain a POST after such a redirection. This option is meaningful only
 when setting \fICURLOPT_FOLLOWLOCATION\fP.  (Added in 7.17.1) (This option was
-known as CURLOPT_POST301 up to 7.19.0 as it only supported the 301 way before
-then)
+known as CURLOPT_POST301 up to 7.19.0 as it only supported the 301 then)
 .IP CURLOPT_PUT
 A parameter set to 1 tells the library to use HTTP PUT to transfer data. The
 data should be set with \fICURLOPT_READDATA\fP and \fICURLOPT_INFILESIZE\fP.
@@ -1487,16 +1516,16 @@ should be used for this parameter.
 Unlike CURLOPT_MAIL_FROM and CURLOPT_MAIL_RCPT, the address should not be
 specified within a pair of angled brackets (<>). However, if an empty string
 is used then a pair of brackets will be sent by libcurl as required by
-RFC-2554.
+RFC2554.

-(Added in 7.24.0)
+(Added in 7.25.0)
 .SH TFTP OPTIONS
 .IP CURLOPT_TFTP_BLKSIZE
-Specify block size to use for TFTP data transmission. Valid range as per RFC
-2348 is 8-65464 bytes. The default of 512 bytes will be used if this option is
-not specified. The specified block size will only be used pending support by
-the remote server. If the server does not return an option acknowledgement or
-returns an option acknowledgement with no blksize, the default of 512 bytes
+Specify block size to use for TFTP data transmission. Valid range as per
+RFC2348 is 8-65464 bytes. The default of 512 bytes will be used if this option
+is not specified. The specified block size will only be used pending support
+by the remote server. If the server does not return an option acknowledgement
+or returns an option acknowledgement with no blksize, the default of 512 bytes
 will be used. (added in 7.19.4)
 .SH FTP OPTIONS
 .IP CURLOPT_FTPPORT
@@ -1611,7 +1640,7 @@ already exists or lack of permissions prevents creation. (Added in 7.16.3)

 Starting with 7.19.4, you can also set this value to 2, which will make
 libcurl retry the CWD command again if the subsequent MKD command fails. This
-is especially useful if you're doing many simultanoes connections against the
+is especially useful if you're doing many simultaneous connections against the
 same server and they all have this option enabled, as then CWD may first fail
 but then another connection does MKD before this connection and thus MKD fails
 but trying CWD works! 7.19.4 also introduced the \fICURLFTP_CREATE_DIR\fP and
@@ -1698,7 +1727,7 @@ initialized. (Added in 7.20.0)
 .RS
 .IP CURL_RTSPREQ_OPTIONS
 Used to retrieve the available methods of the server. The application is
-responsbile for parsing and obeying the response. \fB(The session ID is not
+responsible for parsing and obeying the response. \fB(The session ID is not
 needed for this method.)\fP  (Added in 7.20.0)
 .IP CURL_RTSPREQ_DESCRIBE
 Used to get the low level description of a stream. The application should note
@@ -1821,7 +1850,7 @@ want. It should be in the format "X-Y", where X or Y may be left out. HTTP
 transfers also support several intervals, separated with commas as in
 \fI"X-Y,N-M"\fP. Using this kind of multiple intervals will cause the HTTP
 server to send the response document in pieces (using standard MIME separation
-techniques). For RTSP, the formatting of a range should follow RFC 2326
+techniques). For RTSP, the formatting of a range should follow RFC2326
 Section 12.29. For RTSP, byte ranges are \fBnot\fP permitted. Instead, ranges
 should be given in npt, utc, or smpte formats.

@@ -1858,12 +1887,18 @@ something, you don't actually change how libcurl behaves or acts in regards
 to the particular request method, it will only change the actual string sent
 in the request.

-For example: if you tell libcurl to do a HEAD request, but then change the
-request to a "GET" with \fBCURLOPT_CUSTOMREQUEST\fP you'll still see libcurl
-act as if it sent a HEAD even when it does send a GET.
+For example:

-To switch to a proper HEAD, use \fICURLOPT_NOBODY\fP, to switch to a proper
-POST, use \fICURLOPT_POST\fP or \fICURLOPT_POSTFIELDS\fP and so on.
+With the HTTP protocol when you tell libcurl to do a HEAD request, but then
+specify a GET though a custom request libcurl will still act as if it sent a
+HEAD. To switch to a proper HEAD use \fICURLOPT_NOBODY\fP, to switch to a
+proper POST use \fICURLOPT_POST\fP or \fICURLOPT_POSTFIELDS\fP and to switch
+to a proper GET use CURLOPT_HTTPGET.
+
+With the POP3 protocol when you tell libcurl to use a custom request it will
+behave like a LIST or RETR command was sent where it expects data to be
+returned by the server. As such \fICURLOPT_NOBODY\fP should be used when
+specifying commands such as DELE and NOOP for example.

 Restore to the internal default by setting this to NULL.

@@ -2288,8 +2323,9 @@ Curl considers the server the intended one when the Common Name field or a
 Subject Alternate Name field in the certificate matches the host name in the
 URL to which you told Curl to connect.

-When the value is 1, the certificate must contain a Common Name field, but it
-doesn't matter what name it says.  (This is not ordinarily a useful setting).
+When the value is 1, libcurl will return a failure. It was previously (in
+7.28.0 and earlier) a debug option of some sorts, but it is no longer
+supported due to frequently leading to programmer mistakes.

 When the value is 0, the connection succeeds regardless of the names in the
 certificate.
@@ -2336,7 +2372,7 @@ this option then all known ciphers are disabled and only those passed in
 are enabled.

 You'll find more details about the NSS cipher lists on this URL:
-\fIhttp://directory.fedora.redhat.com/docs/mod_nss.html#Directives\fP
+\fIhttp://git.fedorahosted.org/cgit/mod_nss.git/plain/docs/mod_nss.html#Directives\fP

 .IP CURLOPT_SSL_SESSIONID_CACHE
 Pass a long set to 0 to disable libcurl's use of SSL session-ID caching. Set
@@ -2348,7 +2384,7 @@ require you to disable this in order for you to succeed. (Added in 7.16.0)
 Pass a long with a bitmask to tell libcurl about specific SSL behaviors.

 CURLSSLOPT_ALLOW_BEAST is the only supported bit and by setting this the user
-will tell libcurl to not attempt to use any work-arounds for a security flaw
+will tell libcurl to not attempt to use any workarounds for a security flaw
 in the SSL3 and TLS1.0 protocols.  If this option isn't used or this bit is
 set to 0, the SSL layer libcurl uses may use a work-around for this flaw
 although it might cause interoperability problems with some (older) SSL
@@ -2374,8 +2410,11 @@ GSS_C_DELEG_POLICY_FLAG was available at compile-time.
 .IP CURLOPT_SSH_AUTH_TYPES
 Pass a long set to a bitmask consisting of one or more of
 CURLSSH_AUTH_PUBLICKEY, CURLSSH_AUTH_PASSWORD, CURLSSH_AUTH_HOST,
-CURLSSH_AUTH_KEYBOARD. Set CURLSSH_AUTH_ANY to let libcurl pick one. Currently
-CURLSSH_AUTH_HOST has no effect. (Added in 7.16.1)
+CURLSSH_AUTH_KEYBOARD and CURLSSH_AUTH_AGENT. Set CURLSSH_AUTH_ANY to let
+libcurl pick a suitable one. Currently CURLSSH_AUTH_HOST has no effect. (Added
+in 7.16.1) If CURLSSH_AUTH_AGENT is used, libcurl attempts to connect to
+ssh-agent or pageant and let the agent attempt the authentication. (Added in
+7.28.0)
 .IP CURLOPT_SSH_HOST_PUBLIC_KEY_MD5
 Pass a char * pointing to a string containing 32 hexadecimal digits. The
 string should be the 128 bit MD5 checksum of the remote host's public key, and
--- a/docs/libcurl/curl_global_init.3
+++ b/docs/libcurl/curl_global_init.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -66,6 +66,10 @@ Initialize the Win32 socket libraries.
 .TP
 .B CURL_GLOBAL_NOTHING
 Initialise nothing extra. This sets no bit.
+.TP
+.B CURL_GLOBAL_DEFAULT
+A sensible default. It will init both SSL and Win32. Right now, this equals
+the functionality of the \fBCURL_GLOBAL_ALL\fP mask.
 .SH RETURN VALUE
 If this function returns non-zero, something went wrong and you cannot use the
 other curl functions.
--- a/docs/libcurl/curl_multi_perform.3
+++ b/docs/libcurl/curl_multi_perform.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -28,21 +28,24 @@ curl_multi_perform - reads/writes available data from each easy handle
 CURLMcode curl_multi_perform(CURLM *multi_handle, int *running_handles);
 .ad
 .SH DESCRIPTION
-When the app thinks there's data available for the multi_handle, it should
-call this function to read/write whatever there is to read or write right
-now. curl_multi_perform() returns as soon as the reads/writes are done. This
+This function handles transfers on all the added handles that need attention
+in an non-blocking fashion.
+
+When an application has found out there's data available for the multi_handle
+or a timeout has elapsed, the application should call this function to
+read/write whatever there is to read or write right now etc.
+curl_multi_perform() returns as soon as the reads/writes are done. This
 function does not require that there actually is any data available for
 reading or that data can be written, it can be called just in case. It will
 write the number of handles that still transfer data in the second argument's
 integer-pointer.

-When you call curl_multi_perform() and the amount of \fIrunning_handles\fP is
-changed from the previous call (or is less than the amount of easy handles
-you've added to the multi handle), you know that there is one or more
-transfers less "running". You can then call \fIcurl_multi_info_read(3)\fP to
-get information about each individual completed transfer, and that returned
-info includes CURLcode and more. If an added handle fails very quickly, it may
-never be counted as a running_handle.
+If the amount of \fIrunning_handles\fP is changed from the previous call (or
+is less than the amount of easy handles you've added to the multi handle), you
+know that there is one or more transfers less "running". You can then call
+\fIcurl_multi_info_read(3)\fP to get information about each individual
+completed transfer, and that returned info includes CURLcode and more. If an
+added handle fails very quickly, it may never be counted as a running_handle.

 When \fIrunning_handles\fP is set to zero (0) on the return of this function,
 there is no longer any transfers in progress.
@@ -61,12 +64,14 @@ need to wait for \&"action" and then call this function again.

 This function only returns errors etc regarding the whole multi stack.
 Problems still might have occurred on individual transfers even when this
-function returns \fICURLM_OK\fP.
+function returns \fICURLM_OK\fP. Use \fIcurl_multi_info_read(3)\fP to figure
+out how individual transfers did.
 .SH "TYPICAL USAGE"
 Most applications will use \fIcurl_multi_fdset(3)\fP to get the multi_handle's
-file descriptors, then it'll wait for action on them using \fBselect(3)\fP and
-as soon as one or more of them are ready, \fIcurl_multi_perform(3)\fP gets
-called.
+file descriptors, and \fIcurl_multi_timeout(3)\fP to get a suitable timeout
+period, then it'll wait for action on the file descriptors using
+\fBselect(3)\fP. As soon as one or more file descriptor is ready,
+\fIcurl_multi_perform(3)\fP gets called.
 .SH "SEE ALSO"
 .BR curl_multi_cleanup "(3), " curl_multi_init "(3), "
 .BR curl_multi_fdset "(3), " curl_multi_info_read "(3), "
--- a/docs/libcurl/curl_multi_socket_action.3
+++ b/docs/libcurl/curl_multi_socket_action.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -132,8 +132,8 @@ timeout value to use when waiting for socket activities.
 them for activity. This can be done through your application code, or by way
 of an external library such as libevent or glib.

-6. Call curl_multi_socket_action() to kickstart everything. To get one or more
-callbacks called.
+6. Call curl_multi_socket_action(...CURL_SOCKET_TIMEOUT...) to kickstart
+everything. To get one or more callbacks called.

 7. Wait for activity on any of libcurl's sockets, use the timeout value your
 callback has been told
--- a/docs/libcurl/curl_multi_wait.3
+++ b/docs/libcurl/curl_multi_wait.3
@@ -0,0 +1,75 @@
+.\" **************************************************************************
+.\" *                                  _   _ ____  _
+.\" *  Project                     ___| | | |  _ \| |
+.\" *                             / __| | | | |_) | |
+.\" *                            | (__| |_| |  _ <| |___
+.\" *                             \___|\___/|_| \_\_____|
+.\" *
+.\" * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" *
+.\" * This software is licensed as described in the file COPYING, which
+.\" * you should have received as part of this distribution. The terms
+.\" * are also available at http://curl.haxx.se/docs/copyright.html.
+.\" *
+.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+.\" * copies of the Software, and permit persons to whom the Software is
+.\" * furnished to do so, under the terms of the COPYING file.
+.\" *
+.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+.\" * KIND, either express or implied.
+.\" *
+.\" **************************************************************************
+.TH curl_multi_wait 3 "12 Jul 2012" "libcurl 7.28.0" "libcurl Manual"
+.SH NAME
+curl_multi_wait - polls on all easy handles in a multi handle
+.SH SYNOPSIS
+.nf
+#include <curl/curl.h>
+
+CURLMcode curl_multi_wait(CURLM *multi_handle,
+                          struct curl_waitfd extra_fds[],
+                          unsigned int extra_nfds,
+                          int timeout_ms,
+                          int *numfds);
+.ad
+.SH DESCRIPTION
+This function polls on all file descriptors used by the curl easy handles
+contained in the given multi handle set.  It will block until activity is
+detected on at least one of the handles or \fItimeout_ms\fP has passed.
+
+The calling application may pass additional curl_waitfd structures which are
+similar to \fIpoll(2)\fP's pollfd structure to be waited on in the same call.
+
+On completion, if \fInumfds\fP is supplied, it will be populated with the
+number of file descriptors on which interesting events occured.
+
+If no extra file descriptors are provided and libcurl has no file descriptor
+to offer to wait for, this function will return immediately.
+
+This function is encouraged to be used instead of select(3) when using the
+multi interface to allow applications to easier circumvent the common problem
+with 1024 maximum file descriptors.
+.SH curl_waitfd
+.nf
+struct curl_waitfd {
+  curl_socket_t fd;
+  short events;
+  short revents;
+};
+.fi
+.IP CURL_WAIT_POLLIN
+Bit flag to curl_waitfd.events indicating the socket should poll on read
+events such as new data received.
+.IP CURL_WAIT_POLLPRI
+Bit flag to curl_waitfd.events indicating the socket should poll on high
+priority read events such as out of band data.
+.IP CURL_WAIT_POLLOUT
+Bit flag to curl_waitfd.events indicating the socket should poll on write
+events such as the socket being clear to write without blocking.
+.SH RETURN VALUE
+CURLMcode type, general libcurl multi interface error code. See
+\fIlibcurl-errors(3)\fP
+.SH AVAILABILITY
+This function was added in libcurl 7.28.0.
+.SH "SEE ALSO"
+.BR curl_multi_fdset "(3), " curl_multi_perform "(3)"
--- a/docs/libcurl/curl_share_setopt.3
+++ b/docs/libcurl/curl_share_setopt.3
@@ -65,7 +65,7 @@ object. Note that when you use the multi interface, all easy handles added to
 the same multi handle will share DNS cache by default without this having to
 be used!
 .IP CURL_LOCK_DATA_SSL_SESSION
-SSL session IDs will be shared accross the easy handles using this shared
+SSL session IDs will be shared across the easy handles using this shared
 object. This will reduce the time spent in the SSL handshake when reconnecting
 to the same server. Note SSL session IDs are reused within the same easy handle
 by default.
--- a/docs/libcurl/libcurl-errors.3
+++ b/docs/libcurl/libcurl-errors.3
@@ -248,7 +248,10 @@ This is the generic return code used by functions in the libcurl multi
 interface. Also consider \fIcurl_multi_strerror(3)\fP.
 .IP "CURLM_CALL_MULTI_PERFORM (-1)"
 This is not really an error. It means you should call
-\fIcurl_multi_perform(3)\fP again without doing select() or similar in between.
+\fIcurl_multi_perform(3)\fP again without doing select() or similar in
+between. Before version 7.20.0 this could be returned by
+\fIcurl_multi_perform(3)\fP, but in later versions this return code is never
+used.
 .IP "CURLM_OK (0)"
 Things are fine.
 .IP "CURLM_BAD_HANDLE (1)"
@@ -282,5 +285,5 @@ An invalid share object was passed to the function.
 Not enough memory was available.
 (Added in 7.12.0)
 .IP "CURLSHE_NOT_BUILT_IN (5)"
-The requsted sharing could not be done because the library you use don't have
+The requested sharing could not be done because the library you use don't have
 that particular feature enabled. (Added in 7.23.0)
--- a/docs/libcurl/libcurl-share.3
+++ b/docs/libcurl/libcurl-share.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -41,8 +41,7 @@ You create a shared object with \fIcurl_share_init(3)\fP. It returns a handle
 for a newly created one.

 You tell the shared object what data you want it to share by using
-\fIcurl_share_setopt(3)\fP. Currently you can only share DNS and/or COOKIE
-data.
+\fIcurl_share_setopt(3)\fP.

 Since you can use this share from multiple threads, and libcurl has no
 internal thread synchronization, you must provide mutex callbacks if you're
--- a/docs/libcurl/symbols-in-versions
+++ b/docs/libcurl/symbols-in-versions
@@ -567,7 +567,9 @@ CURLSHOPT_SHARE                 7.10.3
 CURLSHOPT_UNLOCKFUNC            7.10.3
 CURLSHOPT_UNSHARE               7.10.3
 CURLSHOPT_USERDATA              7.10.3
+CURLSOCKTYPE_ACCEPT             7.28.0
 CURLSOCKTYPE_IPCXN              7.16.0
+CURLSSH_AUTH_AGENT              7.28.0
 CURLSSH_AUTH_ANY                7.16.1
 CURLSSH_AUTH_DEFAULT            7.16.1
 CURLSSH_AUTH_HOST               7.16.1
@@ -697,4 +699,7 @@ CURL_VERSION_SPNEGO             7.10.8
 CURL_VERSION_SSL                7.10
 CURL_VERSION_SSPI               7.13.2
 CURL_VERSION_TLSAUTH_SRP        7.21.4
+CURL_WAIT_POLLIN                7.28.0
+CURL_WAIT_POLLOUT               7.28.0
+CURL_WAIT_POLLPRI               7.28.0
 CURL_WRITEFUNC_PAUSE            7.18.0
--- a/include/curl/curl.h
+++ b/include/curl/curl.h
@@ -309,8 +309,9 @@ typedef size_t (*curl_read_callback)(char *buffer,
                                      void *instream);

 typedef enum  {
-  CURLSOCKTYPE_IPCXN, /* socket created for a specific IP connection */
-  CURLSOCKTYPE_LAST   /* never use */
+  CURLSOCKTYPE_IPCXN,  /* socket created for a specific IP connection */
+  CURLSOCKTYPE_ACCEPT, /* socket created by accept() call */
+  CURLSOCKTYPE_LAST    /* never use */
 } curlsocktype;

 /* The return code from the sockopt_callback can signal information back
@@ -631,6 +632,7 @@ typedef enum {
 #define CURLSSH_AUTH_PASSWORD  (1<<1) /* password */
 #define CURLSSH_AUTH_HOST      (1<<2) /* host key files */
 #define CURLSSH_AUTH_KEYBOARD  (1<<3) /* keyboard interactive */
+#define CURLSSH_AUTH_AGENT     (1<<4) /* agent (ssh-agent, pageant...) */
 #define CURLSSH_AUTH_DEFAULT CURLSSH_AUTH_ANY

 #define CURLGSSAPI_DELEGATION_NONE        0      /* no delegation (default) */
@@ -1045,9 +1047,8 @@ typedef enum {
  /* Set to the Entropy Gathering Daemon socket pathname */
  CINIT(EGDSOCKET, OBJECTPOINT, 77),

-  /* Time-out connect operations after this amount of seconds, if connects
-     are OK within this time, then fine... This only aborts the connect
-     phase. [Only works on unix-style/SIGALRM operating systems] */
+  /* Time-out connect operations after this amount of seconds, if connects are
+     OK within this time, then fine... This only aborts the connect phase. */
  CINIT(CONNECTTIMEOUT, LONG, 78),

  /* Function that will be called to store headers (instead of fwrite). The
@@ -1221,9 +1222,9 @@ typedef enum {
  CINIT(NETRC_FILE, OBJECTPOINT, 118),

  /* Enable SSL/TLS for FTP, pick one of:
-     CURLFTPSSL_TRY     - try using SSL, proceed anyway otherwise
-     CURLFTPSSL_CONTROL - SSL for the control connection or fail
-     CURLFTPSSL_ALL     - SSL for all communication or fail
+     CURLUSESSL_TRY     - try using SSL, proceed anyway otherwise
+     CURLUSESSL_CONTROL - SSL for the control connection or fail
+     CURLUSESSL_ALL     - SSL for all communication or fail
  */
  CINIT(USE_SSL, LONG, 119),

--- a/include/curl/curlver.h
+++ b/include/curl/curlver.h
@@ -30,13 +30,13 @@

 /* This is the version number of the libcurl package from which this header
   file origins: */
-#define LIBCURL_VERSION "7.26.0-DEV"
+#define LIBCURL_VERSION "7.28.1-DEV"

 /* The numeric version number is also available "in parts" by using these
   defines: */
 #define LIBCURL_VERSION_MAJOR 7
-#define LIBCURL_VERSION_MINOR 26
-#define LIBCURL_VERSION_PATCH 0
+#define LIBCURL_VERSION_MINOR 28
+#define LIBCURL_VERSION_PATCH 1

 /* This is the numeric version of the libcurl version number, meant for easier
   parsing and comparions by programs. The LIBCURL_VERSION_NUM define will
@@ -53,7 +53,7 @@
   and it is always a greater number in a more recent release. It makes
   comparisons with greater than and less than work.
 */
-#define LIBCURL_VERSION_NUM 0x071A00
+#define LIBCURL_VERSION_NUM 0x071c01

 /*
 * This is the date and time when the full source package was created. The
--- a/include/curl/multi.h
+++ b/include/curl/multi.h
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -89,6 +89,19 @@ struct CURLMsg {
 };
 typedef struct CURLMsg CURLMsg;

+/* Based on poll(2) structure and values.
+ * We don't use pollfd and POLL* constants explicitly
+ * to cover platforms without poll(). */
+#define CURL_WAIT_POLLIN    0x0001
+#define CURL_WAIT_POLLPRI   0x0002
+#define CURL_WAIT_POLLOUT   0x0004
+
+struct curl_waitfd {
+  curl_socket_t fd;
+  short events;
+  short revents; /* not supported yet */
+};
+
 /*
 * Name:    curl_multi_init()
 *
@@ -133,6 +146,20 @@ CURL_EXTERN CURLMcode curl_multi_fdset(CURLM *multi_handle,
                                       fd_set *exc_fd_set,
                                       int *max_fd);

+/*
+ * Name:     curl_multi_wait()
+ *
+ * Desc:     Poll on all fds within a CURLM set as well as any
+ *           additional fds passed to the function.
+ *
+ * Returns:  CURLMcode type, general multi error code.
+ */
+CURL_EXTERN CURLMcode curl_multi_wait(CURLM *multi_handle,
+                                      struct curl_waitfd extra_fds[],
+                                      unsigned int extra_nfds,
+                                      int timeout_ms,
+                                      int *ret);
+
 /*
  * Name:    curl_multi_perform()
  *
--- a/lib/.gitignore
+++ b/lib/.gitignore
@@ -11,3 +11,7 @@ libcurl.vcproj
 vc6libcurl.dsp
 Makefile.vc10.dist
 libcurl.vers
+*.a
+*.res
+*.imp
+*.nlm
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -30,14 +30,14 @@ DOCS = README.encoding README.memoryleak README.ares README.curlx	\

 CMAKE_DIST = CMakeLists.txt curl_config.h.cmake

-EXTRA_DIST = Makefile.b32 Makefile.m32 Makefile.vc6 $(DSP)                 \
- vc6libcurl.dsw config-win32.h config-win32ce.h config-riscos.h            \
- config-mac.h curl_config.h.in makefile.dj config-dos.h libcurl.plist      \
- libcurl.rc config-amigaos.h makefile.amiga                                \
- Makefile.netware nwlib.c nwos.c libcurl.imp msvcproj.head msvcproj.foot   \
- config-win32ce.h config-os400.h setup-os400.h config-symbian.h		   \
- Makefile.Watcom config-tpf.h $(DOCS) $(VCPROJ) mk-ca-bundle.pl		   \
- mk-ca-bundle.vbs firefox-db2pem.sh $(CMAKE_DIST) config-vxworks.h	   \
+EXTRA_DIST = Makefile.b32 Makefile.m32 Makefile.vc6 $(DSP)              \
+ vc6libcurl.dsw config-win32.h config-win32ce.h config-riscos.h         \
+ config-mac.h curl_config.h.in makefile.dj config-dos.h libcurl.plist   \
+ libcurl.rc config-amigaos.h makefile.amiga                             \
+ Makefile.netware nwlib.c nwos.c msvcproj.head msvcproj.foot		\
+ config-win32ce.h config-os400.h setup-os400.h config-symbian.h		\
+ Makefile.Watcom config-tpf.h $(DOCS) $(VCPROJ) mk-ca-bundle.pl		\
+ mk-ca-bundle.vbs firefox-db2pem.sh $(CMAKE_DIST) config-vxworks.h	\
 Makefile.vxworks config-vms.h checksrc.pl

 CLEANFILES = $(DSP) $(VCPROJ)
@@ -64,23 +64,21 @@ CFLAG_CURL_SYMBOL_HIDING = @CFLAG_CURL_SYMBOL_HIDING@
 # $(top_srcdir)/ares is for in-tree c-ares's external include files

 if USE_EMBEDDED_ARES
-INCLUDES = -I$(top_builddir)/include/curl \
-           -I$(top_builddir)/include      \
-           -I$(top_srcdir)/include        \
-           -I$(top_builddir)/lib          \
-           -I$(top_srcdir)/lib            \
-           -I$(top_builddir)/ares         \
-           -I$(top_srcdir)/ares
+AM_CPPFLAGS = -I$(top_builddir)/include/curl \
+              -I$(top_builddir)/include      \
+              -I$(top_srcdir)/include        \
+              -I$(top_builddir)/lib          \
+              -I$(top_srcdir)/lib            \
+              -I$(top_builddir)/ares         \
+              -I$(top_srcdir)/ares
 else
-INCLUDES = -I$(top_builddir)/include/curl \
-           -I$(top_builddir)/include      \
-           -I$(top_srcdir)/include        \
-           -I$(top_builddir)/lib          \
-           -I$(top_srcdir)/lib
+AM_CPPFLAGS = -I$(top_builddir)/include/curl \
+              -I$(top_builddir)/include      \
+              -I$(top_srcdir)/include        \
+              -I$(top_builddir)/lib          \
+              -I$(top_srcdir)/lib
 endif

-AM_CPPFLAGS =
-
 # Mostly for Windows build targets, when building libcurl library
 if USE_CPPFLAG_BUILDING_LIBCURL
 AM_CPPFLAGS += -DBUILDING_LIBCURL
@@ -101,9 +99,9 @@ if SONAME_BUMP
 #
 # This conditional soname bump SHOULD be removed at next "proper" bump.
 #
-VERSIONINFO=-version-info 7:0:2
+VERSIONINFO=-version-info 8:0:3
 else
-VERSIONINFO=-version-info 6:0:2
+VERSIONINFO=-version-info 7:0:3
 endif

 # This flag accepts an argument of the form current[:revision[:age]]. So,
--- a/lib/Makefile.inc
+++ b/lib/Makefile.inc
@@ -23,7 +23,8 @@ CSOURCES = file.c timeval.c base64.c hostip.c progress.c formdata.c	\
  curl_rtmp.c openldap.c curl_gethostname.c gopher.c axtls.c		\
  idn_win32.c http_negotiate_sspi.c cyassl.c http_proxy.c non-ascii.c	\
  asyn-ares.c asyn-thread.c curl_gssapi.c curl_ntlm.c curl_ntlm_wb.c	\
-  curl_ntlm_core.c curl_ntlm_msgs.c
+  curl_ntlm_core.c curl_ntlm_msgs.c curl_sasl.c curl_schannel.c	\
+  curl_multibyte.c curl_darwinssl.c hostcheck.c

 HHEADERS = arpa_telnet.h netrc.h file.h timeval.h qssl.h hostip.h	\
  progress.h formdata.h cookie.h http.h sendf.h ftp.h url.h dict.h	\
@@ -38,5 +39,7 @@ HHEADERS = arpa_telnet.h netrc.h file.h timeval.h qssl.h hostip.h	\
  curl_base64.h rawstr.h curl_addrinfo.h curl_sspi.h slist.h nonblock.h	\
  curl_memrchr.h imap.h pop3.h smtp.h pingpong.h rtsp.h curl_threads.h	\
  warnless.h curl_hmac.h polarssl.h curl_rtmp.h curl_gethostname.h	\
-  gopher.h axtls.h cyassl.h http_proxy.h non-ascii.h asyn.h curl_ntlm.h \
-  curl_gssapi.h curl_ntlm_wb.h curl_ntlm_core.h curl_ntlm_msgs.h
+  gopher.h axtls.h cyassl.h http_proxy.h non-ascii.h asyn.h curl_ntlm.h	\
+  curl_gssapi.h curl_ntlm_wb.h curl_ntlm_core.h curl_ntlm_msgs.h	\
+  curl_sasl.h curl_schannel.h curl_multibyte.h curl_darwinssl.h	\
+  hostcheck.h
--- a/lib/Makefile.m32
+++ b/lib/Makefile.m32
@@ -20,15 +20,6 @@ endif
 ifndef OPENSSL_PATH
 OPENSSL_PATH = ../../openssl-0.9.8x
 endif
-ifndef OPENSSL_INCLUDE
-OPENSSL_INCLUDE = $(OPENSSL_PATH)/outinc
-endif
-ifndef OPENSSL_LIBPATH
-OPENSSL_LIBPATH = $(OPENSSL_PATH)/out
-endif
-ifndef OPENSSL_LIBS
-OPENSSL_LIBS = -leay32 -lssl32
-endif
 # Edit the path below to point to the base of your LibSSH2 package.
 ifndef LIBSSH2_PATH
 LIBSSH2_PATH = ../../libssh2-1.4.2
@@ -64,22 +55,47 @@ ifndef ARCH
 ARCH = w32
 endif

-CC = gcc
-CFLAGS = -g -O2 -Wall
-CFLAGS += -fno-strict-aliasing
+CC	= $(CROSSPREFIX)gcc
+CFLAGS	= -g -O2 -Wall
+CFLAGS	+= -fno-strict-aliasing
 ifeq ($(ARCH),w64)
-CFLAGS += -D_AMD64_
+CFLAGS	+= -D_AMD64_
 endif
 # comment LDFLAGS below to keep debug info
-LDFLAGS = -s
-AR = ar
-RANLIB = ranlib
-RC = windres
-RCFLAGS = --include-dir=$(PROOT)/include -DDEBUGBUILD=0 -O COFF -i
-STRIP = strip -g
+LDFLAGS	= -s
+AR	= $(CROSSPREFIX)ar
+RANLIB	= $(CROSSPREFIX)ranlib
+RC	= $(CROSSPREFIX)windres
+RCFLAGS	= --include-dir=$(PROOT)/include -DDEBUGBUILD=0 -O COFF -i
+STRIP	= $(CROSSPREFIX)strip -g

-RM = del /q /f 2>NUL
-CP = copy
+# Platform-dependent helper tool macros
+ifeq ($(findstring /sh,$(SHELL)),/sh)
+DEL	= rm -f $1
+RMDIR	= rm -fr $1
+MKDIR	= mkdir -p $1
+COPY	= -cp -afv $1 $2
+#COPYR	= -cp -afr $1/* $2
+COPYR	= -rsync -aC $1/* $2
+TOUCH	= touch $1
+CAT	= cat
+ECHONL	= echo ""
+DL	= '
+else
+ifeq "$(OS)" "Windows_NT"
+DEL	= -del 2>NUL /q /f $(subst /,\,$1)
+RMDIR	= -rd 2>NUL /q /s $(subst /,\,$1)
+else
+DEL	= -del 2>NUL $(subst /,\,$1)
+RMDIR	= -deltree 2>NUL /y $(subst /,\,$1)
+endif
+MKDIR	= -md 2>NUL $(subst /,\,$1)
+COPY	= -copy 2>NUL /y $(subst /,\,$1) $(subst /,\,$2)
+COPYR	= -xcopy 2>NUL /q /y /e $(subst /,\,$1) $(subst /,\,$2)
+TOUCH	= copy 2>&1>NUL /b $(subst /,\,$1) +,,
+CAT	= type
+ECHONL	= $(ComSpec) /c echo.
+endif

 ########################################################
 ## Nothing more to do below this line!
@@ -103,6 +119,9 @@ endif
 ifeq ($(findstring -ssl,$(CFG)),-ssl)
 SSL = 1
 endif
+ifeq ($(findstring -srp,$(CFG)),-srp)
+SRP = 1
+endif
 ifeq ($(findstring -zlib,$(CFG)),-zlib)
 ZLIB = 1
 endif
@@ -124,6 +143,10 @@ endif
 ifeq ($(findstring -ipv6,$(CFG)),-ipv6)
 IPV6 = 1
 endif
+ifeq ($(findstring -winssl,$(CFG)),-winssl)
+WINSSL = 1
+SSPI = 1
+endif

 INCLUDES = -I. -I../include
 CFLAGS += -DBUILDING_LIBCURL
@@ -145,11 +168,37 @@ ifdef SSH2
  DLL_LIBS += -L"$(LIBSSH2_PATH)/win32" -lssh2
 endif
 ifdef SSL
+  ifndef OPENSSL_INCLUDE
+    ifeq "$(wildcard $(OPENSSL_PATH)/outinc)" "$(OPENSSL_PATH)/outinc"
+      OPENSSL_INCLUDE = $(OPENSSL_PATH)/outinc
+    endif
+    ifeq "$(wildcard $(OPENSSL_PATH)/include)" "$(OPENSSL_PATH)/include"
+      OPENSSL_INCLUDE = $(OPENSSL_PATH)/include
+    endif
+  endif
+  ifneq "$(wildcard $(OPENSSL_INCLUDE)/openssl/opensslv.h)" "$(OPENSSL_INCLUDE)/openssl/opensslv.h"
+  $(error Invalid path to OpenSSL package: $(OPENSSL_PATH))
+  endif
+  ifndef OPENSSL_LIBPATH
+    ifeq "$(wildcard $(OPENSSL_PATH)/out)" "$(OPENSSL_PATH)/out"
+      OPENSSL_LIBPATH = $(OPENSSL_PATH)/out
+      OPENSSL_LIBS = -leay32 -lssl32
+    endif
+    ifeq "$(wildcard $(OPENSSL_PATH)/lib)" "$(OPENSSL_PATH)/lib"
+      OPENSSL_LIBPATH = $(OPENSSL_PATH)/lib
+      OPENSSL_LIBS = -lcrypto -lssl
+    endif
+  endif
  INCLUDES += -I"$(OPENSSL_INCLUDE)"
  CFLAGS += -DUSE_SSLEAY -DUSE_OPENSSL -DHAVE_OPENSSL_ENGINE_H -DHAVE_OPENSSL_PKCS12_H \
            -DHAVE_ENGINE_LOAD_BUILTIN_ENGINES -DOPENSSL_NO_KRB5 \
            -DCURL_WANTS_CA_BUNDLE_ENV
  DLL_LIBS += -L"$(OPENSSL_LIBPATH)" $(OPENSSL_LIBS)
+  ifdef SRP
+    ifeq "$(wildcard $(OPENSSL_INCLUDE)/openssl/srp.h)" "$(OPENSSL_INCLUDE)/openssl/srp.h"
+      CFLAGS += -DHAVE_SSLEAY_SRP -DUSE_TLS_SRP
+    endif
+  endif
 endif
 ifdef ZLIB
  INCLUDES += -I"$(ZLIB_PATH)"
@@ -169,6 +218,9 @@ endif
 endif
 ifdef SSPI
  CFLAGS += -DUSE_WINDOWS_SSPI
+  ifdef WINSSL
+    CFLAGS += -DUSE_SCHANNEL
+  endif
 endif
 ifdef SPNEGO
  CFLAGS += -DHAVE_SPNEGO
@@ -212,7 +264,7 @@ RESOURCE = libcurl.res
 all: $(libcurl_a_LIBRARY) $(libcurl_dll_LIBRARY)

 $(libcurl_a_LIBRARY): $(libcurl_a_OBJECTS) $(libcurl_a_DEPENDENCIES)
-	-$(RM) $@
+	@$(call DEL, $@)
 	$(AR) cru $@ $(libcurl_a_OBJECTS)
 	$(RANLIB) $@
 	$(STRIP) $@
@@ -220,9 +272,10 @@ $(libcurl_a_LIBRARY): $(libcurl_a_OBJECTS) $(libcurl_a_DEPENDENCIES)
 # remove the last line above to keep debug info

 $(libcurl_dll_LIBRARY): $(libcurl_a_OBJECTS) $(RESOURCE) $(libcurl_dll_DEPENDENCIES)
-	-$(RM) $@
-	$(CC) $(LDFLAGS) -shared -Wl,--out-implib,$(libcurl_dll_a_LIBRARY) \
-	  -o $@ $(libcurl_a_OBJECTS) $(RESOURCE) $(DLL_LIBS)
+	@$(call DEL, $@)
+	$(CC) $(LDFLAGS) -shared -o $@ \
+	  -Wl,--output-def,$(@:.dll=.def),--out-implib,$(libcurl_dll_a_LIBRARY) \
+	  $(libcurl_a_OBJECTS) $(RESOURCE) $(DLL_LIBS)

 %.o: %.c $(PROOT)/include/curl/curlbuild.h
 	$(CC) $(INCLUDES) $(CFLAGS) -c $<
@@ -232,17 +285,18 @@ $(libcurl_dll_LIBRARY): $(libcurl_a_OBJECTS) $(RESOURCE) $(libcurl_dll_DEPENDENC

 clean:
 ifeq "$(wildcard $(PROOT)/include/curl/curlbuild.h.dist)" "$(PROOT)/include/curl/curlbuild.h.dist"
-	-$(RM) $(subst /,\,$(PROOT)/include/curl/curlbuild.h)
+	@$(call DEL, $(PROOT)/include/curl/curlbuild.h)
 endif
-	-$(RM) $(libcurl_a_OBJECTS) $(RESOURCE)
+	@$(call DEL, $(libcurl_a_OBJECTS) $(RESOURCE))

 distclean vclean: clean
-	-$(RM) $(libcurl_a_LIBRARY) $(libcurl_dll_LIBRARY) $(libcurl_dll_a_LIBRARY)
+	@$(call DEL, $(libcurl_a_LIBRARY) $(libcurl_dll_LIBRARY) $(libcurl_dll_LIBRARY:.dll=.def) $(libcurl_dll_a_LIBRARY))
+
+$(PROOT)/include/curl/curlbuild.h:
+	@echo Creating $@
+	@$(call COPY, $@.dist, $@)

 $(LIBCARES_PATH)/libcares.a:
 	$(MAKE) -C $(LIBCARES_PATH) -f Makefile.m32

-$(PROOT)/include/curl/curlbuild.h:
-	@echo Creating $@
-	@$(CP) $(subst /,\,$@).dist $(subst /,\,$@)

--- a/lib/Makefile.netware
+++ b/lib/Makefile.netware
@@ -64,7 +64,8 @@ DESCR	= cURL libcurl $(LIBCURL_VERSION_STR) ($(LIBARCH)) - http://curl.haxx.se
 MTSAFE	= YES
 STACK	= 64000
 SCREEN	= none
-EXPORTS	= @libcurl.imp
+EXPORTF	= $(TARGET).imp
+EXPORTS	= @$(EXPORTF)

 # Uncomment the next line to enable linking with POSIX semantics.
 # POSIXFL = 1
@@ -330,7 +331,7 @@ $(OBJDIR)/%.o: %.c
 #	@echo Compiling $<
 	$(CC) $(CFLAGS) -c $< -o $@

-$(OBJDIR)/version.inc: ../include/curl/curlver.h $(OBJDIR)
+$(OBJDIR)/version.inc: $(CURL_INC)/curl/curlver.h $(OBJDIR)
 	@echo Creating $@
 	@$(AWK) -f ../packages/NetWare/get_ver.awk $< > $@

@@ -350,7 +351,7 @@ clean:
 	-$(RM) -r $(OBJDIR)

 distclean vclean: clean
-	-$(RM) $(TARGET).$(LIBEXT) $(TARGET).nlm
+	-$(RM) $(TARGET).$(LIBEXT) $(TARGET).nlm $(TARGET).imp
 	-$(RM) certdata.txt ca-bundle.crt

 $(OBJDIR) $(INSTDIR):
@@ -364,7 +365,7 @@ ifdef RANLIB
 	@$(RANLIB) $@
 endif

-$(TARGET).nlm: $(OBJDIR)/$(TARGET).def $(OBJL) $(XDCDATA)
+$(TARGET).nlm: $(OBJDIR)/$(TARGET).def $(OBJL) $(EXPORTF) $(XDCDATA)
 	@echo Linking $@
 	@-$(RM) $@
 	@$(LD) $(LDFLAGS) $<
@@ -660,6 +661,10 @@ else
 	@echo $(DL)#define CURL_CA_BUNDLE getenv("CURL_CA_BUNDLE")$(DL) >> $@
 endif

+$(EXPORTF): $(CURL_INC)/curl/curl.h $(CURL_INC)/curl/easy.h $(CURL_INC)/curl/multi.h $(CURL_INC)/curl/mprintf.h
+	@echo Creating $@
+	@$(AWK) -f ../packages/NetWare/get_exp.awk $^ > $@
+
 FORCE: ;

 info: $(OBJDIR)/version.inc
@@ -696,13 +701,6 @@ else
 	@echo ipv6 support:    no
 endif

-$(LIBCARES_PATH)/libcares.$(LIBEXT):
-	$(MAKE) -C $(LIBCARES_PATH) -f Makefile.netware lib
-
-ca-bundle.crt: mk-ca-bundle.pl
-	@echo Creating $@
-	@-$(PERL) $< -b -n $@
-
 $(CURL_INC)/curl/curlbuild.h: Makefile.netware FORCE
 	@echo Creating $@
 	@echo $(DL)/* $@ intended for NetWare target.$(DL) > $@
@@ -741,3 +739,10 @@ endif
 	@echo $(DL)typedef CURL_TYPEOF_CURL_OFF_T curl_off_t;$(DL) >> $@
 	@echo $(DL)#endif /* __CURL_CURLBUILD_H */$(DL) >> $@

+$(LIBCARES_PATH)/libcares.$(LIBEXT):
+	$(MAKE) -C $(LIBCARES_PATH) -f Makefile.netware lib
+
+ca-bundle.crt: mk-ca-bundle.pl
+	@echo Creating $@
+	@-$(PERL) $< -b -n $@
+
--- a/lib/Makefile.vc6
+++ b/lib/Makefile.vc6
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1999 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1999 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -22,7 +22,7 @@

 # All files in the Makefile.vc* series are generated automatically from the
 # one made for MSVC version 6. Alas, if you want to do changes to any of the
-# fiels and send back to the project, edit the version six, make your diff and
+# files and send back to the project, edit the version six, make your diff and
 # mail curl-library.

 ###########################################################################
@@ -105,7 +105,7 @@ WINDOWS_SDK_PATH = "$(PROGRAMFILES)\Microsoft SDK"

 CCNODBG    = cl.exe /O2 /DNDEBUG
 CCDEBUG    = cl.exe /Od /Gm /Zi /D_DEBUG /GZ
-CFLAGSSSL  = /DUSE_SSLEAY /I "$(OPENSSL_PATH)/inc32" /I "$(OPENSSL_PATH)/inc32/openssl"
+CFLAGSSSL  = /DUSE_SSLEAY /DUSE_OPENSSL /I "$(OPENSSL_PATH)/inc32" /I "$(OPENSSL_PATH)/inc32/openssl"
 CFLAGSSSH2 = /DUSE_LIBSSH2 /DCURL_DISABLE_LDAP /DHAVE_LIBSSH2 /DHAVE_LIBSSH2_H /DLIBSSH2_WIN32 /DLIBSSH2_LIBRARY /I "$(LIBSSH2_PATH)/include"
 CFLAGSZLIB = /DHAVE_ZLIB_H /DHAVE_ZLIB /DHAVE_LIBZ /I "$(ZLIB_PATH)"
 CFLAGS     = /I. /I../include /nologo /W3 /GX /DWIN32 /YX /FD /c /DBUILDING_LIBCURL /D_BIND_TO_CURRENT_VCLIBS_VERSION=1
@@ -116,7 +116,7 @@ LFLAGS     = /nologo /machine:$(MACHINE)
 SSLLIBS    = libeay32.lib ssleay32.lib
 ZLIBLIBSDLL= zdll.lib
 ZLIBLIBS   = zlib.lib
-WINLIBS    = ws2_32.lib wldap32.lib
+WINLIBS    = ws2_32.lib wldap32.lib advapi32.lib
 CFLAGS     = $(CFLAGS)

 CFGSET     = FALSE
@@ -189,6 +189,20 @@ CC       = $(CCNODBG) $(RTLIB) $(CFLAGSSSL) $(CFLAGSZLIB) $(CFLAGSLIB)
 CFGSET   = TRUE
 !ENDIF

+######################
+# release-ssl-ssh2-zlib
+
+!IF "$(CFG)" == "release-ssl-ssh2-zlib"
+TARGET   = $(LIBCURL_STA_LIB_REL)
+DIROBJ   = $(CFG)
+LFLAGSSSL = "/LIBPATH:$(OPENSSL_PATH)\out32"
+LFLAGSSSH2 = "/LIBPATH:$(LIBSSH2_PATH)"
+LFLAGSZLIB = "/LIBPATH:$(ZLIB_PATH)"
+LNK      = $(LNKLIB) $(LFLAGSSSL) $(LFLAGSSSH2) $(LFLAGSZLIB) /out:$(DIROBJ)\$(TARGET)
+CC       = $(CCNODBG) $(RTLIB) $(CFLAGSSSL) $(CFLAGSSSH2) $(CFLAGSZLIB) $(CFLAGSLIB)
+CFGSET   = TRUE
+!ENDIF
+
 ######################
 # release-ssl-dll

@@ -226,36 +240,6 @@ CC       = $(CCNODBG) $(RTLIB) $(CFLAGSSSL) $(CFLAGSZLIB) $(CFLAGSLIB)
 CFGSET   = TRUE
 !ENDIF

-######################
-# release-ssl-ssh2-zlib
-
-!IF "$(CFG)" == "release-ssl-ssh2-zlib"
-TARGET   = $(LIB_NAME).lib
-DIROBJ   = $(CFG)
-LFLAGSSSL = "/LIBPATH:$(OPENSSL_PATH)\out32"
-LFLAGSSSH2 = "/LIBPATH:$(LIBSSH2_PATH)"
-LFLAGSZLIB = "/LIBPATH:$(ZLIB_PATH)"
-LNK      = $(LNKLIB) $(LFLAGSSSL) $(LFLAGSSSH2) $(LFLAGSZLIB) /out:$(DIROBJ)\$(TARGET)
-CC       = $(CCNODBG) $(RTLIB) $(CFLAGSSSL) $(CFLAGSSSH2) $(CFLAGSZLIB) $(CFLAGSLIB)
-CFGSET   = TRUE
-RESOURCE = $(LIBSSH2_PATH)/Release/src/libssh2.lib $(ZLIB_PATH)/zlib.lib
-!ENDIF
-
-######################
-# debug-ssl-ssh2-zlib
-
-!IF "$(CFG)" == "debug-ssl-ssh2-zlib"
-TARGET   = $(LIB_NAME_DEBUG).lib
-DIROBJ   = $(CFG)
-LFLAGSZLIB = "/LIBPATH:$(ZLIB_PATH)"
-LFLAGSSSH2 = "/LIBPATH:$(LIBSSH2_PATH)"
-LFLAGSSSL = "/LIBPATH:$(OPENSSL_PATH)\out32"
-LNK      = $(LNKLIB) $(ZLIBLIBS) $(LFLAGSSSL) $(LFLAGSSSH2) $(LFLAGSZLIB) /out:$(DIROBJ)\$(TARGET)
-CC       = $(CCDEBUG) $(RTLIBD) $(CFLAGSSSL) $(CFLAGSSSH2) $(CFLAGSZLIB) $(CFLAGSLIB)
-CFGSET   = TRUE
-RESOURCE = $(LIBSSH2_PATH)/Release/src/libssh2.lib $(ZLIB_PATH)/zlib.lib
-!ENDIF
-
 ######################
 # release-dll

@@ -356,6 +340,20 @@ CC       = $(CCDEBUG) $(RTLIBD) $(CFLAGSSSL) $(CFLAGSZLIB) $(CFLAGSLIB)
 CFGSET   = TRUE
 !ENDIF

+######################
+# debug-ssl-ssh2-zlib
+
+!IF "$(CFG)" == "debug-ssl-ssh2-zlib"
+TARGET   = $(LIBCURL_STA_LIB_DBG)
+DIROBJ   = $(CFG)
+LFLAGSZLIB = "/LIBPATH:$(ZLIB_PATH)"
+LFLAGSSSH2 = "/LIBPATH:$(LIBSSH2_PATH)"
+LFLAGSSSL = "/LIBPATH:$(OPENSSL_PATH)\out32"
+LNK      = $(LNKLIB) $(ZLIBLIBS) $(LFLAGSSSL) $(LFLAGSSSH2) $(LFLAGSZLIB) /out:$(DIROBJ)\$(TARGET)
+CC       = $(CCDEBUG) $(RTLIBD) $(CFLAGSSSL) $(CFLAGSSSH2) $(CFLAGSZLIB) $(CFLAGSLIB)
+CFGSET   = TRUE
+!ENDIF
+
 ######################
 # debug-ssl-dll

@@ -463,11 +461,11 @@ RESOURCE = $(DIROBJ)\libcurl.res
 !MESSAGE   release-dll-ssl-dll          - release dynamic library with dynamic ssl
 !MESSAGE   release-dll-zlib-dll         - release dynamic library with dynamic zlib
 !MESSAGE   release-dll-ssl-dll-zlib-dll - release dynamic library with dynamic ssl and dynamic zlib
-!MESSAGE   debug-ssl-ssh2-zlib          - debug static library with ssl, ssh2 and zlib
 !MESSAGE   debug                        - debug static library
 !MESSAGE   debug-ssl                    - debug static library with ssl
 !MESSAGE   debug-zlib                   - debug static library with zlib
 !MESSAGE   debug-ssl-zlib               - debug static library with ssl and zlib
+!MESSAGE   debug-ssl-ssh2-zlib          - debug static library with ssl, ssh2 and zlib
 !MESSAGE   debug-ssl-dll                - debug static library with dynamic ssl
 !MESSAGE   debug-zlib-dll               - debug static library with dynamic zlib
 !MESSAGE   debug-ssl-dll-zlib-dll       - debug static library with dynamic ssl and dynamic zlib
@@ -503,25 +501,29 @@ X_OBJS= \
 	$(DIROBJ)\content_encoding.obj \
 	$(DIROBJ)\cookie.obj \
 	$(DIROBJ)\curl_addrinfo.obj \
+	$(DIROBJ)\curl_darwinssl.obj \
 	$(DIROBJ)\curl_fnmatch.obj \
 	$(DIROBJ)\curl_gethostname.obj \
 	$(DIROBJ)\curl_memrchr.obj \
+	$(DIROBJ)\curl_multibyte.obj \
 	$(DIROBJ)\curl_ntlm.obj \
 	$(DIROBJ)\curl_ntlm_core.obj \
 	$(DIROBJ)\curl_ntlm_msgs.obj \
 	$(DIROBJ)\curl_ntlm_wb.obj \
 	$(DIROBJ)\curl_rand.obj \
 	$(DIROBJ)\curl_rtmp.obj \
+	$(DIROBJ)\curl_sasl.obj \
+	$(DIROBJ)\curl_schannel.obj \
 	$(DIROBJ)\curl_sspi.obj \
 	$(DIROBJ)\curl_threads.obj \
 	$(DIROBJ)\dict.obj \
 	$(DIROBJ)\easy.obj \
 	$(DIROBJ)\escape.obj \
-	$(DIROBJ)\fileinfo.obj \
 	$(DIROBJ)\file.obj \
+	$(DIROBJ)\fileinfo.obj \
 	$(DIROBJ)\formdata.obj \
-	$(DIROBJ)\ftplistparser.obj \
 	$(DIROBJ)\ftp.obj \
+	$(DIROBJ)\ftplistparser.obj \
 	$(DIROBJ)\getenv.obj \
 	$(DIROBJ)\getinfo.obj \
 	$(DIROBJ)\gopher.obj \
@@ -529,15 +531,15 @@ X_OBJS= \
 	$(DIROBJ)\hash.obj \
 	$(DIROBJ)\hmac.obj \
 	$(DIROBJ)\hostasyn.obj \
+	$(DIROBJ)\hostip.obj \
 	$(DIROBJ)\hostip4.obj \
 	$(DIROBJ)\hostip6.obj \
-	$(DIROBJ)\hostip.obj \
 	$(DIROBJ)\hostsyn.obj \
+	$(DIROBJ)\http.obj \
 	$(DIROBJ)\http_chunks.obj \
 	$(DIROBJ)\http_digest.obj \
 	$(DIROBJ)\http_negotiate.obj \
-        $(DIROBJ)\http_negotiate_sspi.obj \
-	$(DIROBJ)\http.obj \
+	$(DIROBJ)\http_negotiate_sspi.obj \
 	$(DIROBJ)\http_proxy.obj \
 	$(DIROBJ)\if2ip.obj \
 	$(DIROBJ)\imap.obj \
@@ -565,8 +567,8 @@ X_OBJS= \
 	$(DIROBJ)\share.obj \
 	$(DIROBJ)\slist.obj \
 	$(DIROBJ)\smtp.obj \
-	$(DIROBJ)\socks_gssapi.obj \
 	$(DIROBJ)\socks.obj \
+	$(DIROBJ)\socks_gssapi.obj \
 	$(DIROBJ)\socks_sspi.obj \
 	$(DIROBJ)\speedcheck.obj \
 	$(DIROBJ)\splay.obj \
--- a/lib/asyn-ares.c
+++ b/lib/asyn-ares.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -83,6 +83,8 @@
 #    define CARES_STATICLIB
 #  endif
 #  include <ares.h>
+#  include <ares_version.h> /* really old c-ares didn't include this by
+                               itself */

 #if ARES_VERSION >= 0x010500
 /* c-ares 1.5.0 or later, the callback proto is modified */
--- a/lib/axtls.c
+++ b/lib/axtls.c
@@ -47,6 +47,8 @@
 #include "curl_memory.h"
 /* The last #include file should be: */
 #include "memdebug.h"
+#include "hostcheck.h"
+

 /* SSL_read is opied from axTLS compat layer */
 static int SSL_read(SSL *ssl, void *buf, int num)
@@ -150,7 +152,11 @@ Curl_axtls_connect(struct connectdata *conn,
  int i, ssl_fcn_return;
  const uint8_t *ssl_sessionid;
  size_t ssl_idsize;
-  const char *x509;
+  const char *peer_CN;
+  uint32_t dns_altname_index;
+  const char *dns_altname;
+  int8_t found_subject_alt_names = 0;
+  int8_t found_subject_alt_name_matching_conn = 0;

  /* Assuming users will not compile in custom key/cert to axTLS */
  uint32_t client_option = SSL_NO_DEFAULT_KEY|SSL_SERVER_VERIFY_LATER;
@@ -296,19 +302,65 @@ Curl_axtls_connect(struct connectdata *conn,
  /* Here, gtls.c does issuer verification. axTLS has no straightforward
   * equivalent, so omitting for now.*/

-  /* See if common name was set in server certificate */
-  x509 = ssl_get_cert_dn(ssl, SSL_X509_CERT_COMMON_NAME);
-  if(x509 == NULL)
-    infof(data, "error fetching CN from cert\n");
-
  /* Here, gtls.c does the following
   * 1) x509 hostname checking per RFC2818.  axTLS doesn't support this, but
-   *    it seems useful.  Omitting for now.
+   *    it seems useful. This is now implemented, by Oscar Koeroo
   * 2) checks cert validity based on time.  axTLS does this in ssl_verify_cert
   * 3) displays a bunch of cert information.  axTLS doesn't support most of
   *    this, but a couple fields are available.
   */

+
+  /* There is no (DNS) Altnames count in the version 1.4.8 API. There is a
+     risk of an inifite loop */
+  for(dns_altname_index = 0; ; dns_altname_index++) {
+    dns_altname = ssl_get_cert_subject_alt_dnsname(ssl, dns_altname_index);
+    if(dns_altname == NULL) {
+      break;
+    }
+    found_subject_alt_names = 1;
+
+    infof(data, "\tComparing subject alt name DNS with hostname: %s <-> %s\n",
+          dns_altname, conn->host.name);
+    if(Curl_cert_hostcheck(dns_altname, conn->host.name)) {
+      found_subject_alt_name_matching_conn = 1;
+      break;
+    }
+  }
+
+  /* RFC2818 checks */
+  if(found_subject_alt_names && !found_subject_alt_name_matching_conn) {
+    /* Break connection ! */
+    Curl_axtls_close(conn, sockindex);
+    failf(data, "\tsubjectAltName(s) do not match %s\n", conn->host.dispname);
+    return CURLE_PEER_FAILED_VERIFICATION;
+  }
+  else if(found_subject_alt_names == 0) {
+    /* Per RFC2818, when no Subject Alt Names were available, examine the peer
+       CN as a legacy fallback */
+    peer_CN = ssl_get_cert_dn(ssl, SSL_X509_CERT_COMMON_NAME);
+    if(peer_CN == NULL) {
+      /* Similar behaviour to the OpenSSL interface */
+      Curl_axtls_close(conn, sockindex);
+      failf(data, "unable to obtain common name from peer certificate");
+      return CURLE_PEER_FAILED_VERIFICATION;
+    }
+    else {
+      if(!Curl_cert_hostcheck((const char *)peer_CN, conn->host.name)) {
+        if(data->set.ssl.verifyhost) {
+          /* Break connection ! */
+          Curl_axtls_close(conn, sockindex);
+          failf(data, "\tcommon name \"%s\" does not match \"%s\"\n",
+                peer_CN, conn->host.dispname);
+          return CURLE_PEER_FAILED_VERIFICATION;
+        }
+        else
+          infof(data, "\tcommon name \"%s\" does not match \"%s\"\n",
+                peer_CN, conn->host.dispname);
+      }
+    }
+  }
+
  /* General housekeeping */
  conn->ssl[sockindex].state = ssl_connection_complete;
  conn->ssl[sockindex].ssl = ssl;
--- a/lib/config-win32ce.h
+++ b/lib/config-win32ce.h
@@ -1,5 +1,5 @@
-#ifndef __LIB_CONFIG_WIN32CE_H
-#define __LIB_CONFIG_WIN32CE_H
+#ifndef HEADER_CURL_CONFIG_WIN32CE_H
+#define HEADER_CURL_CONFIG_WIN32CE_H
 /***************************************************************************
 *                                  _   _ ____  _
 *  Project                     ___| | | |  _ \| |
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -79,7 +79,7 @@
 #define HAVE_STDLIB_H 1

 /* Define if you have the <process.h> header file.  */
-#define HAVE_PROCESS_H 1
+/* #define HAVE_PROCESS_H 1 */

 /* Define if you have the <sys/param.h> header file.  */
 /* #define HAVE_SYS_PARAM_H 1 */
@@ -427,6 +427,14 @@
 /*                       WinCE                                      */
 /* ---------------------------------------------------------------- */

+#ifndef UNICODE
+#  define UNICODE
+#endif
+
+#ifndef _UNICODE
+#  define _UNICODE
+#endif
+
 #define CURL_DISABLE_FILE 1
 #define CURL_DISABLE_TELNET 1
 #define CURL_DISABLE_LDAP 1
@@ -437,4 +445,4 @@

 extern int stat(const char *path,struct stat *buffer );

-#endif /* __LIB_CONFIG_WIN32CE_H */
+#endif /* HEADER_CURL_CONFIG_WIN32CE_H */
--- a/lib/connect.c
+++ b/lib/connect.c
@@ -91,6 +91,13 @@

 static bool verifyconnect(curl_socket_t sockfd, int *error);

+#ifdef __DragonFly__
+/* DragonFlyBSD uses millisecond as KEEPIDLE and KEEPINTVL units */
+#define KEEPALIVE_FACTOR(x) (x *= 1000)
+#else
+#define KEEPALIVE_FACTOR(x)
+#endif
+
 static void
 tcpkeepalive(struct SessionHandle *data,
             curl_socket_t sockfd)
@@ -105,6 +112,7 @@ tcpkeepalive(struct SessionHandle *data,
  else {
 #ifdef TCP_KEEPIDLE
    optval = curlx_sltosi(data->set.tcp_keepidle);
+    KEEPALIVE_FACTOR(optval);
    if(setsockopt(sockfd, IPPROTO_TCP, TCP_KEEPIDLE,
          (void *)&optval, sizeof(optval)) < 0) {
      infof(data, "Failed to set TCP_KEEPIDLE on fd %d\n", sockfd);
@@ -112,6 +120,7 @@ tcpkeepalive(struct SessionHandle *data,
 #endif
 #ifdef TCP_KEEPINTVL
    optval = curlx_sltosi(data->set.tcp_keepintvl);
+    KEEPALIVE_FACTOR(optval);
    if(setsockopt(sockfd, IPPROTO_TCP, TCP_KEEPINTVL,
          (void *)&optval, sizeof(optval)) < 0) {
      infof(data, "Failed to set TCP_KEEPINTVL on fd %d\n", sockfd);
@@ -1092,7 +1101,9 @@ CURLcode Curl_connecthost(struct connectdata *conn,  /* context */

  if(sockfd == CURL_SOCKET_BAD) {
    /* no good connect was made */
-    failf(data, "couldn't connect to host");
+    failf(data, "couldn't connect to %s at %s:%d",
+          conn->bits.proxy?"proxy":"host",
+          conn->bits.proxy?conn->proxy.name:conn->host.name, conn->port);
    return CURLE_COULDNT_CONNECT;
  }

--- a/lib/cookie.c
+++ b/lib/cookie.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -882,7 +882,7 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c,
    for(i=0; co; co = co->next)
      array[i++] = co;

-    /* now sort the cookie pointers in path lenth order */
+    /* now sort the cookie pointers in path length order */
    qsort(array, matches, sizeof(struct Cookie *), cookie_sort);

    /* remake the linked list order according to the new order */
@@ -1069,7 +1069,7 @@ static int cookie_output(struct CookieInfo *c, const char *dumphere)
    char *format_ptr;

    fputs("# Netscape HTTP Cookie File\n"
-          "# http://curl.haxx.se/rfc/cookie_spec.html\n"
+          "# http://curl.haxx.se/docs/http-cookies.html\n"
          "# This file was generated by libcurl! Edit at your own risk.\n\n",
          out);
    co = c->cookies;
--- a/lib/curl_darwinssl.c
+++ b/lib/curl_darwinssl.c
--- a/lib/curl_darwinssl.h
+++ b/lib/curl_darwinssl.h
@@ -0,0 +1,73 @@
+#ifndef HEADER_CURL_DARWINSSL_H
+#define HEADER_CURL_DARWINSSL_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2012, Nick Zitzmann, <nickzman@gmail.com>.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include "setup.h"
+
+#ifdef USE_DARWINSSL
+
+CURLcode Curl_darwinssl_connect(struct connectdata *conn, int sockindex);
+
+CURLcode Curl_darwinssl_connect_nonblocking(struct connectdata *conn,
+                                            int sockindex,
+                                            bool *done);
+
+/* this function doesn't actually do anything */
+void Curl_darwinssl_close_all(struct SessionHandle *data);
+
+/* close a SSL connection */
+void Curl_darwinssl_close(struct connectdata *conn, int sockindex);
+
+size_t Curl_darwinssl_version(char *buffer, size_t size);
+int Curl_darwinssl_shutdown(struct connectdata *conn, int sockindex);
+int Curl_darwinssl_check_cxn(struct connectdata *conn);
+bool Curl_darwinssl_data_pending(const struct connectdata *conn,
+                                 int connindex);
+
+void Curl_darwinssl_random(struct SessionHandle *data,
+                           unsigned char *entropy,
+                           size_t length);
+void Curl_darwinssl_md5sum(unsigned char *tmp, /* input */
+                           size_t tmplen,
+                           unsigned char *md5sum, /* output */
+                           size_t md5len);
+
+/* API setup for SecureTransport */
+#define curlssl_init() (1)
+#define curlssl_cleanup() Curl_nop_stmt
+#define curlssl_connect Curl_darwinssl_connect
+#define curlssl_connect_nonblocking Curl_darwinssl_connect_nonblocking
+#define curlssl_session_free(x) Curl_nop_stmt
+#define curlssl_close_all Curl_darwinssl_close_all
+#define curlssl_close Curl_darwinssl_close
+#define curlssl_shutdown(x,y) 0
+#define curlssl_set_engine(x,y) (x=x, y=y, CURLE_NOT_BUILT_IN)
+#define curlssl_set_engine_default(x) (x=x, CURLE_NOT_BUILT_IN)
+#define curlssl_engines_list(x) (x=x, (struct curl_slist *)NULL)
+#define curlssl_version Curl_darwinssl_version
+#define curlssl_check_cxn Curl_darwinssl_check_cxn
+#define curlssl_data_pending(x,y) Curl_darwinssl_data_pending(x, y)
+#define curlssl_random(x,y,z) Curl_darwinssl_random(x,y,z)
+#define curlssl_md5sum(a,b,c,d) Curl_darwinssl_md5sum(a,b,c,d)
+
+#endif /* USE_DARWINSSL */
+#endif /* HEADER_CURL_DARWINSSL_H */
--- a/lib/curl_multibyte.c
+++ b/lib/curl_multibyte.c
@@ -0,0 +1,82 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "setup.h"
+
+#if defined(USE_WIN32_IDN) || (defined(USE_WINDOWS_SSPI) && defined(UNICODE))
+
+ /*
+  * MultiByte conversions using Windows kernel32 library.
+  */
+
+#include "curl_multibyte.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+#include "curl_memory.h"
+/* The last #include file should be: */
+#include "memdebug.h"
+
+wchar_t *Curl_convert_UTF8_to_wchar(const char *str_utf8)
+{
+  wchar_t *str_w = NULL;
+
+  if(str_utf8) {
+    int str_w_len = MultiByteToWideChar(CP_UTF8, MB_ERR_INVALID_CHARS,
+                                        str_utf8, -1, NULL, 0);
+    if(str_w_len > 0) {
+      str_w = malloc(str_w_len * sizeof(wchar_t));
+      if(str_w) {
+        if(MultiByteToWideChar(CP_UTF8, 0, str_utf8, -1, str_w,
+                               str_w_len) == 0) {
+          Curl_safefree(str_w);
+        }
+      }
+    }
+  }
+
+  return str_w;
+}
+
+char *Curl_convert_wchar_to_UTF8(const wchar_t *str_w)
+{
+  char *str_utf8 = NULL;
+
+  if(str_w) {
+    int str_utf8_len = WideCharToMultiByte(CP_UTF8, 0, str_w, -1, NULL,
+                                           0, NULL, NULL);
+    if(str_utf8_len > 0) {
+      str_utf8 = malloc(str_utf8_len * sizeof(wchar_t));
+      if(str_utf8) {
+        if(WideCharToMultiByte(CP_UTF8, 0, str_w, -1, str_utf8, str_utf8_len,
+                               NULL, FALSE) == 0) {
+          Curl_safefree(str_utf8);
+        }
+      }
+    }
+  }
+
+  return str_utf8;
+}
+
+#endif /* USE_WIN32_IDN || (USE_WINDOWS_SSPI && UNICODE) */
--- a/lib/curl_multibyte.h
+++ b/lib/curl_multibyte.h
@@ -0,0 +1,90 @@
+#ifndef HEADER_CURL_MULTIBYTE_H
+#define HEADER_CURL_MULTIBYTE_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include "setup.h"
+
+#if defined(USE_WIN32_IDN) || (defined(USE_WINDOWS_SSPI) && defined(UNICODE))
+
+ /*
+  * MultiByte conversions using Windows kernel32 library.
+  */
+
+wchar_t *Curl_convert_UTF8_to_wchar(const char *str_utf8);
+char *Curl_convert_wchar_to_UTF8(const wchar_t *str_w);
+
+#endif /* USE_WIN32_IDN || (USE_WINDOWS_SSPI && UNICODE) */
+
+
+#if defined(USE_WIN32_IDN) || defined(USE_WINDOWS_SSPI)
+
+/*
+ * Macros Curl_convert_UTF8_to_tchar(), Curl_convert_tchar_to_UTF8()
+ * and Curl_unicodefree() main purpose is to minimize the number of
+ * preprocessor conditional directives needed by code using these
+ * to differentiate UNICODE from non-UNICODE builds.
+ *
+ * When building with UNICODE defined, this two macros
+ * Curl_convert_UTF8_to_tchar() and Curl_convert_tchar_to_UTF8()
+ * return a pointer to a newly allocated memory area holding result.
+ * When the result is no longer needed, allocated memory is intended
+ * to be free'ed with Curl_unicodefree().
+ *
+ * When building without UNICODE defined, this macros
+ * Curl_convert_UTF8_to_tchar() and Curl_convert_tchar_to_UTF8()
+ * return the pointer received as argument. Curl_unicodefree() does
+ * no actual free'ing of this pointer it is simply set to NULL.
+ */
+
+#ifdef UNICODE
+
+#define Curl_convert_UTF8_to_tchar(ptr) Curl_convert_UTF8_to_wchar((ptr))
+#define Curl_convert_tchar_to_UTF8(ptr) Curl_convert_wchar_to_UTF8((ptr))
+#define Curl_unicodefree(ptr) \
+  do {if((ptr)) {free((ptr)); (ptr) = NULL;}} WHILE_FALSE
+
+typedef union {
+  unsigned short       *tchar_ptr;
+  const unsigned short *const_tchar_ptr;
+  unsigned short       *tbyte_ptr;
+  const unsigned short *const_tbyte_ptr;
+} xcharp_u;
+
+#else
+
+#define Curl_convert_UTF8_to_tchar(ptr) (ptr)
+#define Curl_convert_tchar_to_UTF8(ptr) (ptr)
+#define Curl_unicodefree(ptr) \
+  do {(ptr) = NULL;} WHILE_FALSE
+
+typedef union {
+  char                *tchar_ptr;
+  const char          *const_tchar_ptr;
+  unsigned char       *tbyte_ptr;
+  const unsigned char *const_tbyte_ptr;
+} xcharp_u;
+
+#endif /* UNICODE */
+
+#endif /* USE_WIN32_IDN || USE_WINDOWS_SSPI */
+
+#endif /* HEADER_CURL_MULTIBYTE_H */
--- a/lib/curl_ntlm.c
+++ b/lib/curl_ntlm.c
@@ -95,7 +95,13 @@ CURLcode Curl_input_ntlm(struct connectdata *conn,
      ntlm->state = NTLMSTATE_TYPE2; /* We got a type-2 message */
    }
    else {
-      if(ntlm->state >= NTLMSTATE_TYPE1) {
+      if(ntlm->state == NTLMSTATE_TYPE3) {
+        infof(conn->data, "NTLM handshake rejected\n");
+        Curl_http_ntlm_cleanup(conn);
+        ntlm->state = NTLMSTATE_NONE;
+        return CURLE_REMOTE_ACCESS_DENIED;
+      }
+      else if(ntlm->state >= NTLMSTATE_TYPE1) {
        infof(conn->data, "NTLM handshake failure (internal error)\n");
        return CURLE_REMOTE_ACCESS_DENIED;
      }
--- a/lib/curl_ntlm_core.c
+++ b/lib/curl_ntlm_core.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -82,6 +82,11 @@
 #  include "curl_md4.h"
 #  define MD5_DIGEST_LENGTH MD5_LENGTH

+#elif defined(USE_DARWINSSL)
+
+#  include <CommonCrypto/CommonCryptor.h>
+#  include <CommonCrypto/CommonDigest.h>
+
 #else
 #  error "Can't compile NTLM support without a crypto library."
 #endif
@@ -221,7 +226,23 @@ fail:
  return rv;
 }

-#endif /* defined(USE_NSS) */
+#elif defined(USE_DARWINSSL)
+
+static bool encrypt_des(const unsigned char *in, unsigned char *out,
+                        const unsigned char *key_56)
+{
+  char key[8];
+  size_t out_len;
+  CCCryptorStatus err;
+
+  extend_key_56_to_64(key_56, key);
+  err = CCCrypt(kCCEncrypt, kCCAlgorithmDES, kCCOptionECBMode, key,
+                kCCKeySizeDES, NULL, in, 8 /* inbuflen */, out,
+                8 /* outbuflen */, &out_len);
+  return err == kCCSuccess;
+}
+
+#endif /* defined(USE_DARWINSSL) */

 #endif /* defined(USE_SSLEAY) */

@@ -273,7 +294,7 @@ void Curl_ntlm_core_lm_resp(const unsigned char *keys,
  setup_des_key(keys + 14, &des);
  gcry_cipher_encrypt(des, results + 16, 8, plaintext, 8);
  gcry_cipher_close(des);
-#elif defined(USE_NSS)
+#elif defined(USE_NSS) || defined(USE_DARWINSSL)
  encrypt_des(plaintext, results, keys);
  encrypt_des(plaintext, results + 8, keys + 7);
  encrypt_des(plaintext, results + 16, keys + 14);
@@ -336,7 +357,7 @@ void Curl_ntlm_core_mk_lm_hash(struct SessionHandle *data,
    setup_des_key(pw + 7, &des);
    gcry_cipher_encrypt(des, lmbuffer + 8, 8, magic, 8);
    gcry_cipher_close(des);
-#elif defined(USE_NSS)
+#elif defined(USE_NSS) || defined(USE_DARWINSSL)
    encrypt_des(magic, lmbuffer, pw);
    encrypt_des(magic, lmbuffer + 8, pw + 7);
 #endif
@@ -399,6 +420,8 @@ CURLcode Curl_ntlm_core_mk_nt_hash(struct SessionHandle *data,
    gcry_md_close(MD4pw);
 #elif defined(USE_NSS)
    Curl_md4it(ntbuffer, pw, 2 * len);
+#elif defined(USE_DARWINSSL)
+    (void)CC_MD4(pw, 2 * len, ntbuffer);
 #endif

    memset(ntbuffer + 16, 0, 21 - 16);
--- a/lib/curl_ntlm_msgs.c
+++ b/lib/curl_ntlm_msgs.c
@@ -33,64 +33,22 @@

 #define DEBUG_ME 0

-#ifdef USE_SSLEAY
-
-#  ifdef USE_OPENSSL
-#    include <openssl/des.h>
-#    ifndef OPENSSL_NO_MD4
-#      include <openssl/md4.h>
-#    endif
-#    include <openssl/md5.h>
-#    include <openssl/ssl.h>
-#    include <openssl/rand.h>
-#  else
-#    include <des.h>
-#    ifndef OPENSSL_NO_MD4
-#      include <md4.h>
-#    endif
-#    include <md5.h>
-#    include <ssl.h>
-#    include <rand.h>
-#  endif
-#  include "ssluse.h"
-
-#elif defined(USE_GNUTLS_NETTLE)
-
-#  include <nettle/md5.h>
-#  include <gnutls/gnutls.h>
-#  include <gnutls/crypto.h>
-#  define MD5_DIGEST_LENGTH 16
-
-#elif defined(USE_GNUTLS)
-
-#  include <gcrypt.h>
-#  include "gtls.h"
-#  define MD5_DIGEST_LENGTH 16
-#  define MD4_DIGEST_LENGTH 16
-
-#elif defined(USE_NSS)
-
-#  include <nss.h>
-#  include <pk11pub.h>
-#  include <hasht.h>
-#  include "nssg.h"
-#  include "curl_md4.h"
-#  define MD5_DIGEST_LENGTH MD5_LENGTH
-
-#elif defined(USE_WINDOWS_SSPI)
-#  include "curl_sspi.h"
-#else
-#  error "Can't compile NTLM support without a crypto library."
-#endif
-
 #include "urldata.h"
 #include "non-ascii.h"
 #include "sendf.h"
 #include "curl_base64.h"
 #include "curl_ntlm_core.h"
 #include "curl_gethostname.h"
+#include "curl_multibyte.h"
+#include "warnless.h"
 #include "curl_memory.h"

+#ifdef USE_WINDOWS_SSPI
+#  include "curl_sspi.h"
+#endif
+
+#include "sslgen.h"
+
 #define BUILDING_CURL_NTLM_MSGS_C
 #include "curl_ntlm_msgs.h"

@@ -281,7 +239,7 @@ CURLcode Curl_ntlm_decode_type2_message(struct SessionHandle *data,
    free(buffer);
    return CURLE_OUT_OF_MEMORY;
  }
-  ntlm->n_type_2 = (unsigned long)size;
+  ntlm->n_type_2 = curlx_uztoul(size);
  memcpy(ntlm->type_2, buffer, size);
 #else
  ntlm->flags = 0;
@@ -315,19 +273,16 @@ CURLcode Curl_ntlm_decode_type2_message(struct SessionHandle *data,
 #ifdef USE_WINDOWS_SSPI
 void Curl_ntlm_sspi_cleanup(struct ntlmdata *ntlm)
 {
-  if(ntlm->type_2) {
-    free(ntlm->type_2);
-    ntlm->type_2 = NULL;
-  }
+  Curl_safefree(ntlm->type_2);
  if(ntlm->has_handles) {
    s_pSecFn->DeleteSecurityContext(&ntlm->c_handle);
    s_pSecFn->FreeCredentialsHandle(&ntlm->handle);
    ntlm->has_handles = 0;
  }
  if(ntlm->p_identity) {
-    if(ntlm->identity.User) free(ntlm->identity.User);
-    if(ntlm->identity.Password) free(ntlm->identity.Password);
-    if(ntlm->identity.Domain) free(ntlm->identity.Domain);
+    Curl_safefree(ntlm->identity.User);
+    Curl_safefree(ntlm->identity.Password);
+    Curl_safefree(ntlm->identity.Domain);
    ntlm->p_identity = NULL;
  }
 }
@@ -359,7 +314,7 @@ static void unicodecpy(unsigned char *dest,
 * userp   [in]     - The user name in the format User or Domain\User.
 * passdwp [in]     - The user's password.
 * ntlm    [in/out] - The ntlm data struct being used and modified.
- * outptr  [in/out] - The adress where a pointer to newly allocated memory
+ * outptr  [in/out] - The address where a pointer to newly allocated memory
 *                    holding the result will be stored upon completion.
 * outlen  [out]    - The length of the output message.
 *
@@ -393,67 +348,94 @@ CURLcode Curl_ntlm_create_type1_message(const char *userp,
  SecBuffer buf;
  SecBufferDesc desc;
  SECURITY_STATUS status;
-  ULONG attrs;
-  const char *dest = "";
-  const char *user;
-  const char *domain = "";
-  size_t userlen = 0;
+  unsigned long attrs;
+  xcharp_u useranddomain;
+  xcharp_u user, dup_user;
+  xcharp_u domain, dup_domain;
+  xcharp_u passwd, dup_passwd;
  size_t domlen = 0;
-  size_t passwdlen = 0;
  TimeStamp tsDummy; /* For Windows 9x compatibility of SSPI calls */

+  domain.const_tchar_ptr = TEXT("");
+
  Curl_ntlm_sspi_cleanup(ntlm);

-  user = strchr(userp, '\\');
-  if(!user)
-    user = strchr(userp, '/');
+  if(userp && *userp) {

-  if(user) {
-    domain = userp;
-    domlen = user - userp;
-    user++;
-  }
-  else {
-    user = userp;
-    domain = "";
-    domlen = 0;
-  }
-
-  if(user)
-    userlen = strlen(user);
-
-  if(passwdp)
-    passwdlen = strlen(passwdp);
-
-  if(userlen > 0) {
-    /* note: initialize all of this before doing the mallocs so that
-     * it can be cleaned up later without leaking memory.
-     */
+    /* null initialize ntlm identity's data to allow proper cleanup */
    ntlm->p_identity = &ntlm->identity;
    memset(ntlm->p_identity, 0, sizeof(*ntlm->p_identity));
-    if((ntlm->identity.User = (unsigned char *)strdup(user)) == NULL)
+
+    useranddomain.tchar_ptr = Curl_convert_UTF8_to_tchar((char *)userp);
+    if(!useranddomain.tchar_ptr)
      return CURLE_OUT_OF_MEMORY;

-    ntlm->identity.UserLength = (unsigned long)userlen;
-    if((ntlm->identity.Password = (unsigned char *)strdup(passwdp)) == NULL)
-      return CURLE_OUT_OF_MEMORY;
+    user.const_tchar_ptr = _tcschr(useranddomain.const_tchar_ptr, TEXT('\\'));
+    if(!user.const_tchar_ptr)
+      user.const_tchar_ptr = _tcschr(useranddomain.const_tchar_ptr, TEXT('/'));

-    ntlm->identity.PasswordLength = (unsigned long)strlen(passwdp);
-    if((ntlm->identity.Domain = malloc(domlen + 1)) == NULL)
-      return CURLE_OUT_OF_MEMORY;
+    if(user.tchar_ptr) {
+      domain.tchar_ptr = useranddomain.tchar_ptr;
+      domlen = user.tchar_ptr - useranddomain.tchar_ptr;
+      user.tchar_ptr++;
+    }
+    else {
+      user.tchar_ptr = useranddomain.tchar_ptr;
+      domain.const_tchar_ptr = TEXT("");
+      domlen = 0;
+    }

-    strncpy((char *)ntlm->identity.Domain, domain, domlen);
-    ntlm->identity.Domain[domlen] = '\0';
-    ntlm->identity.DomainLength = (unsigned long)domlen;
-    ntlm->identity.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI;
+    /* setup ntlm identity's user and length */
+    dup_user.tchar_ptr = _tcsdup(user.tchar_ptr);
+    if(!dup_user.tchar_ptr) {
+      Curl_unicodefree(useranddomain.tchar_ptr);
+      return CURLE_OUT_OF_MEMORY;
+    }
+    ntlm->identity.User = dup_user.tbyte_ptr;
+    ntlm->identity.UserLength = curlx_uztoul(_tcslen(dup_user.tchar_ptr));
+    dup_user.tchar_ptr = NULL;
+
+    /* setup ntlm identity's domain and length */
+    dup_domain.tchar_ptr = malloc(sizeof(TCHAR) * (domlen + 1));
+    if(!dup_domain.tchar_ptr) {
+      Curl_unicodefree(useranddomain.tchar_ptr);
+      return CURLE_OUT_OF_MEMORY;
+    }
+    _tcsncpy(dup_domain.tchar_ptr, domain.tchar_ptr, domlen);
+    *(dup_domain.tchar_ptr + domlen) = TEXT('\0');
+    ntlm->identity.Domain = dup_domain.tbyte_ptr;
+    ntlm->identity.DomainLength = curlx_uztoul(domlen);
+    dup_domain.tchar_ptr = NULL;
+
+    Curl_unicodefree(useranddomain.tchar_ptr);
+
+    /* setup ntlm identity's password and length */
+    passwd.tchar_ptr = Curl_convert_UTF8_to_tchar((char *)passwdp);
+    if(!passwd.tchar_ptr)
+      return CURLE_OUT_OF_MEMORY;
+    dup_passwd.tchar_ptr = _tcsdup(passwd.tchar_ptr);
+    if(!dup_passwd.tchar_ptr) {
+      Curl_unicodefree(passwd.tchar_ptr);
+      return CURLE_OUT_OF_MEMORY;
+    }
+    ntlm->identity.Password = dup_passwd.tbyte_ptr;
+    ntlm->identity.PasswordLength =
+      curlx_uztoul(_tcslen(dup_passwd.tchar_ptr));
+    dup_passwd.tchar_ptr = NULL;
+
+    Curl_unicodefree(passwd.tchar_ptr);
+
+    /* setup ntlm identity's flags */
+    ntlm->identity.Flags = SECFLAG_WINNT_AUTH_IDENTITY;
  }
  else
    ntlm->p_identity = NULL;

-  status = s_pSecFn->AcquireCredentialsHandleA(NULL, (void *)"NTLM",
-                                               SECPKG_CRED_OUTBOUND, NULL,
-                                               ntlm->p_identity, NULL, NULL,
-                                               &ntlm->handle, &tsDummy);
+  status = s_pSecFn->AcquireCredentialsHandle(NULL,
+                                              (TCHAR *) TEXT("NTLM"),
+                                              SECPKG_CRED_OUTBOUND, NULL,
+                                              ntlm->p_identity, NULL, NULL,
+                                              &ntlm->handle, &tsDummy);
  if(status != SEC_E_OK)
    return CURLE_OUT_OF_MEMORY;

@@ -464,15 +446,15 @@ CURLcode Curl_ntlm_create_type1_message(const char *userp,
  buf.BufferType = SECBUFFER_TOKEN;
  buf.pvBuffer   = ntlmbuf;

-  status = s_pSecFn->InitializeSecurityContextA(&ntlm->handle, NULL,
-                                                (void *)dest,
-                                                ISC_REQ_CONFIDENTIALITY |
-                                                ISC_REQ_REPLAY_DETECT |
-                                                ISC_REQ_CONNECTION,
-                                                0, SECURITY_NETWORK_DREP,
-                                                NULL, 0,
-                                                &ntlm->c_handle, &desc,
-                                                &attrs, &tsDummy);
+  status = s_pSecFn->InitializeSecurityContext(&ntlm->handle, NULL,
+                                               (TCHAR *) TEXT(""),
+                                               ISC_REQ_CONFIDENTIALITY |
+                                               ISC_REQ_REPLAY_DETECT |
+                                               ISC_REQ_CONNECTION,
+                                               0, SECURITY_NETWORK_DREP,
+                                               NULL, 0,
+                                               &ntlm->c_handle, &desc,
+                                               &attrs, &tsDummy);

  if(status == SEC_I_COMPLETE_AND_CONTINUE ||
     status == SEC_I_CONTINUE_NEEDED)
@@ -580,7 +562,7 @@ CURLcode Curl_ntlm_create_type1_message(const char *userp,
 * userp   [in]     - The user name in the format User or Domain\User.
 * passdwp [in]     - The user's password.
 * ntlm    [in/out] - The ntlm data struct being used and modified.
- * outptr  [in/out] - The adress where a pointer to newly allocated memory
+ * outptr  [in/out] - The address where a pointer to newly allocated memory
 *                    holding the result will be stored upon completion.
 * outlen  [out]    - The length of the output message.
 *
@@ -615,13 +597,12 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
  size_t size;

 #ifdef USE_WINDOWS_SSPI
-  const char *dest = "";
  SecBuffer type_2;
  SecBuffer type_3;
  SecBufferDesc type_2_desc;
  SecBufferDesc type_3_desc;
  SECURITY_STATUS status;
-  ULONG attrs;
+  unsigned long attrs;
  TimeStamp tsDummy; /* For Windows 9x compatibility of SSPI calls */

  (void)passwdp;
@@ -640,17 +621,17 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
  type_3.pvBuffer   = ntlmbuf;
  type_3.cbBuffer   = NTLM_BUFSIZE;

-  status = s_pSecFn->InitializeSecurityContextA(&ntlm->handle,
-                                                &ntlm->c_handle,
-                                                (void *)dest,
-                                                ISC_REQ_CONFIDENTIALITY |
-                                                ISC_REQ_REPLAY_DETECT |
-                                                ISC_REQ_CONNECTION,
-                                                0, SECURITY_NETWORK_DREP,
-                                                &type_2_desc,
-                                                0, &ntlm->c_handle,
-                                                &type_3_desc,
-                                                &attrs, &tsDummy);
+  status = s_pSecFn->InitializeSecurityContext(&ntlm->handle,
+                                               &ntlm->c_handle,
+                                               (TCHAR *) TEXT(""),
+                                               ISC_REQ_CONFIDENTIALITY |
+                                               ISC_REQ_REPLAY_DETECT |
+                                               ISC_REQ_CONNECTION,
+                                               0, SECURITY_NETWORK_DREP,
+                                               &type_2_desc,
+                                               0, &ntlm->c_handle,
+                                               &type_3_desc,
+                                               &attrs, &tsDummy);
  if(status != SEC_E_OK)
    return CURLE_RECV_ERROR;

@@ -717,23 +698,7 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
    unsigned char entropy[8];

    /* Need to create 8 bytes random data */
-#ifdef USE_SSLEAY
-    MD5_CTX MD5pw;
-    Curl_ossl_seed(data); /* Initiate the seed if not already done */
-    RAND_bytes(entropy, 8);
-#elif defined(USE_GNUTLS_NETTLE)
-    struct md5_ctx MD5pw;
-    gnutls_rnd(GNUTLS_RND_RANDOM, entropy, 8);
-#elif defined(USE_GNUTLS)
-    gcry_md_hd_t MD5pw;
-    Curl_gtls_seed(data); /* Initiate the seed if not already done */
-    gcry_randomize(entropy, 8, GCRY_STRONG_RANDOM);
-#elif defined(USE_NSS)
-    PK11Context *MD5pw;
-    unsigned int MD5len;
-    Curl_nss_seed(data);  /* Initiate the seed if not already done */
-    PK11_GenerateRandom(entropy, 8);
-#endif
+    Curl_ssl_random(data, entropy, sizeof(entropy));

    /* 8 bytes random data as challenge in lmresp */
    memcpy(lmresp, entropy, 8);
@@ -745,25 +710,7 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
    memcpy(tmp, &ntlm->nonce[0], 8);
    memcpy(tmp + 8, entropy, 8);

-#ifdef USE_SSLEAY
-    MD5_Init(&MD5pw);
-    MD5_Update(&MD5pw, tmp, 16);
-    MD5_Final(md5sum, &MD5pw);
-#elif defined(USE_GNUTLS_NETTLE)
-    md5_init(&MD5pw);
-    md5_update(&MD5pw, 16, tmp);
-    md5_digest(&MD5pw, 16, md5sum);
-#elif defined(USE_GNUTLS)
-    gcry_md_open(&MD5pw, GCRY_MD_MD5, 0);
-    gcry_md_write(MD5pw, tmp, MD5_DIGEST_LENGTH);
-    memcpy(md5sum, gcry_md_read (MD5pw, 0), MD5_DIGEST_LENGTH);
-    gcry_md_close(MD5pw);
-#elif defined(USE_NSS)
-    MD5pw = PK11_CreateDigestContext(SEC_OID_MD5);
-    PK11_DigestOp(MD5pw, tmp, 16);
-    PK11_DigestFinal(MD5pw, md5sum, &MD5len, MD5_DIGEST_LENGTH);
-    PK11_DestroyContext(MD5pw, PR_TRUE);
-#endif
+    Curl_ssl_md5sum(tmp, 16, md5sum, MD5_DIGEST_LENGTH);

    /* We shall only use the first 8 bytes of md5sum, but the des
       code in Curl_ntlm_core_lm_resp only encrypt the first 8 bytes */
--- a/lib/curl_ntlm_msgs.h
+++ b/lib/curl_ntlm_msgs.h
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -163,6 +163,14 @@ void Curl_ntlm_sspi_cleanup(struct ntlmdata *ntlm);
 #define NTLMFLAG_NEGOTIATE_56                    (1<<31)
 /* Indicates that 56-bit encryption is supported. */

+#ifdef UNICODE
+#  define SECFLAG_WINNT_AUTH_IDENTITY \
+     (unsigned long)SEC_WINNT_AUTH_IDENTITY_UNICODE
+#else
+#  define SECFLAG_WINNT_AUTH_IDENTITY \
+     (unsigned long)SEC_WINNT_AUTH_IDENTITY_ANSI
+#endif
+
 #endif /* BUILDING_CURL_NTLM_MSGS_C */

 #endif /* USE_NTLM */
--- a/lib/curl_rtmp.c
+++ b/lib/curl_rtmp.c
@@ -28,6 +28,7 @@
 #include "nonblock.h" /* for curlx_nonblock */
 #include "progress.h" /* for Curl_pgrsSetUploadSize */
 #include "transfer.h"
+#include "warnless.h"
 #include <curl/curl.h>
 #include <librtmp/rtmp.h>

@@ -279,7 +280,7 @@ static ssize_t rtmp_recv(struct connectdata *conn, int sockindex, char *buf,

  (void)sockindex; /* unused */

-  nread = RTMP_Read(r, buf, len);
+  nread = RTMP_Read(r, buf, curlx_uztosi(len));
  if(nread < 0) {
    if(r->m_read.status == RTMP_READ_COMPLETE ||
        r->m_read.status == RTMP_READ_EOF) {
@@ -300,7 +301,7 @@ static ssize_t rtmp_send(struct connectdata *conn, int sockindex,

  (void)sockindex; /* unused */

-  num = RTMP_Write(r, (char *)buf, len);
+  num = RTMP_Write(r, (char *)buf, curlx_uztosi(len));
  if(num < 0)
    *err = CURLE_SEND_ERROR;

--- a/lib/curl_sasl.c
+++ b/lib/curl_sasl.c
@@ -0,0 +1,504 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * RFC2195 CRAM-MD5 authentication
+ * RFC2831 DIGEST-MD5 authentication
+ * RFC4616 PLAIN authentication
+ *
+ ***************************************************************************/
+
+#include "setup.h"
+
+#include <curl/curl.h>
+#include "urldata.h"
+
+#include "curl_base64.h"
+#include "curl_md5.h"
+#include "curl_rand.h"
+#include "curl_hmac.h"
+#include "curl_ntlm_msgs.h"
+#include "curl_sasl.h"
+#include "warnless.h"
+#include "curl_memory.h"
+
+#define _MPRINTF_REPLACE /* use our functions only */
+#include <curl/mprintf.h>
+
+/* The last #include file should be: */
+#include "memdebug.h"
+
+#ifndef CURL_DISABLE_CRYPTO_AUTH
+/* Retrieves the value for a corresponding key from the challenge string
+ * returns TRUE if the key could be found, FALSE if it does not exists
+ */
+static bool sasl_digest_get_key_value(const unsigned char *chlg,
+                                      const char *key,
+                                      char *value,
+                                      size_t max_val_len,
+                                      char end_char)
+{
+  char *find_pos;
+  size_t i;
+
+  find_pos = strstr((const char *) chlg, key);
+  if(!find_pos)
+    return FALSE;
+
+  find_pos += strlen(key);
+
+  for(i = 0; *find_pos && *find_pos != end_char && i < max_val_len - 1; ++i)
+    value[i] = *find_pos++;
+  value[i] = '\0';
+
+  return TRUE;
+}
+#endif
+
+/*
+ * Curl_sasl_create_plain_message()
+ *
+ * This is used to generate an already encoded PLAIN message ready
+ * for sending to the recipient.
+ *
+ * Parameters:
+ *
+ * data    [in]     - The session handle.
+ * userp   [in]     - The user name.
+ * passdwp [in]     - The user's password.
+ * outptr  [in/out] - The address where a pointer to newly allocated memory
+ *                    holding the result will be stored upon completion.
+ * outlen  [out]    - The length of the output message.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_sasl_create_plain_message(struct SessionHandle *data,
+                                        const char* userp,
+                                        const char* passwdp,
+                                        char **outptr, size_t *outlen)
+{
+  char plainauth[2 * MAX_CURL_USER_LENGTH + MAX_CURL_PASSWORD_LENGTH];
+  size_t ulen;
+  size_t plen;
+
+  ulen = strlen(userp);
+  plen = strlen(passwdp);
+
+  if(2 * ulen + plen + 2 > sizeof(plainauth)) {
+    *outlen = 0;
+    *outptr = NULL;
+
+    /* Plainauth too small */
+    return CURLE_OUT_OF_MEMORY;
+  }
+
+  /* Calculate the reply */
+  memcpy(plainauth, userp, ulen);
+  plainauth[ulen] = '\0';
+  memcpy(plainauth + ulen + 1, userp, ulen);
+  plainauth[2 * ulen + 1] = '\0';
+  memcpy(plainauth + 2 * ulen + 2, passwdp, plen);
+
+  /* Base64 encode the reply */
+  return Curl_base64_encode(data, plainauth, 2 * ulen + plen + 2, outptr,
+                            outlen);
+}
+
+/*
+ * Curl_sasl_create_login_message()
+ *
+ * This is used to generate an already encoded LOGIN message containing the
+ * user name or password ready for sending to the recipient.
+ *
+ * Parameters:
+ *
+ * data    [in]     - The session handle.
+ * valuep  [in]     - The user name or user's password.
+ * outptr  [in/out] - The address where a pointer to newly allocated memory
+ *                    holding the result will be stored upon completion.
+ * outlen  [out]    - The length of the output message.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_sasl_create_login_message(struct SessionHandle *data,
+                                        const char* valuep, char **outptr,
+                                        size_t *outlen)
+{
+  size_t vlen = strlen(valuep);
+
+  if(!vlen) {
+    /* Calculate an empty reply */
+    *outptr = strdup("=");
+    if(*outptr) {
+      *outlen = (size_t) 1;
+      return CURLE_OK;
+    }
+
+    *outlen = 0;
+    return CURLE_OUT_OF_MEMORY;
+  }
+
+  /* Base64 encode the value */
+  return Curl_base64_encode(data, valuep, vlen, outptr, outlen);
+}
+
+#ifndef CURL_DISABLE_CRYPTO_AUTH
+/*
+ * Curl_sasl_create_cram_md5_message()
+ *
+ * This is used to generate an already encoded CRAM-MD5 response message ready
+ * for sending to the recipient.
+ *
+ * Parameters:
+ *
+ * data    [in]     - The session handle.
+ * chlg64  [in]     - Pointer to the base64 encoded challenge buffer.
+ * userp   [in]     - The user name.
+ * passdwp [in]     - The user's password.
+ * outptr  [in/out] - The address where a pointer to newly allocated memory
+ *                    holding the result will be stored upon completion.
+ * outlen  [out]    - The length of the output message.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_sasl_create_cram_md5_message(struct SessionHandle *data,
+                                           const char* chlg64,
+                                           const char* userp,
+                                           const char* passwdp,
+                                           char **outptr, size_t *outlen)
+{
+  CURLcode result = CURLE_OK;
+  size_t chlg64len = strlen(chlg64);
+  unsigned char *chlg = (unsigned char *) NULL;
+  size_t chlglen = 0;
+  HMAC_context *ctxt;
+  unsigned char digest[MD5_DIGEST_LEN];
+  char response[MAX_CURL_USER_LENGTH + 2 * MD5_DIGEST_LEN + 1];
+
+  /* Decode the challenge if necessary */
+  if(chlg64len && *chlg64 != '=') {
+    result = Curl_base64_decode(chlg64, &chlg, &chlglen);
+
+    if(result)
+      return result;
+  }
+
+  /* Compute the digest using the password as the key */
+  ctxt = Curl_HMAC_init(Curl_HMAC_MD5,
+                        (const unsigned char *) passwdp,
+                        curlx_uztoui(strlen(passwdp)));
+
+  if(!ctxt) {
+    Curl_safefree(chlg);
+    return CURLE_OUT_OF_MEMORY;
+  }
+
+  /* Update the digest with the given challenge */
+  if(chlglen > 0)
+    Curl_HMAC_update(ctxt, chlg, curlx_uztoui(chlglen));
+
+  Curl_safefree(chlg);
+
+  /* Finalise the digest */
+  Curl_HMAC_final(ctxt, digest);
+
+  /* Prepare the response */
+  snprintf(response, sizeof(response),
+      "%s %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
+           userp, digest[0], digest[1], digest[2], digest[3], digest[4],
+           digest[5], digest[6], digest[7], digest[8], digest[9], digest[10],
+           digest[11], digest[12], digest[13], digest[14], digest[15]);
+
+  /* Base64 encode the reply */
+  return Curl_base64_encode(data, response, 0, outptr, outlen);
+}
+
+/*
+ * Curl_sasl_create_digest_md5_message()
+ *
+ * This is used to generate an already encoded DIGEST-MD5 response message
+ * ready for sending to the recipient.
+ *
+ * Parameters:
+ *
+ * data    [in]     - The session handle.
+ * chlg64  [in]     - Pointer to the base64 encoded challenge buffer.
+ * userp   [in]     - The user name.
+ * passdwp [in]     - The user's password.
+ * service [in]     - The service type such as www, smtp or pop
+ * outptr  [in/out] - The address where a pointer to newly allocated memory
+ *                    holding the result will be stored upon completion.
+ * outlen  [out]    - The length of the output message.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
+                                             const char* chlg64,
+                                             const char* userp,
+                                             const char* passwdp,
+                                             const char* service,
+                                             char **outptr, size_t *outlen)
+{
+  static const char table16[] = "0123456789abcdef";
+
+  CURLcode result = CURLE_OK;
+  unsigned char *chlg = (unsigned char *) NULL;
+  size_t chlglen = 0;
+  size_t i;
+  MD5_context *ctxt;
+  unsigned char digest[MD5_DIGEST_LEN];
+  char HA1_hex[2 * MD5_DIGEST_LEN + 1];
+  char HA2_hex[2 * MD5_DIGEST_LEN + 1];
+  char resp_hash_hex[2 * MD5_DIGEST_LEN + 1];
+
+  char nonce[64];
+  char realm[128];
+  char alg[64];
+  char nonceCount[] = "00000001";
+  char cnonce[]     = "12345678"; /* will be changed */
+  char method[]     = "AUTHENTICATE";
+  char qop[]        = "auth";
+  char uri[128];
+  char response[512];
+
+  result = Curl_base64_decode(chlg64, &chlg, &chlglen);
+
+  if(result)
+    return result;
+
+  /* Retrieve nonce string from the challenge */
+  if(!sasl_digest_get_key_value(chlg, "nonce=\"", nonce,
+                                sizeof(nonce), '\"')) {
+    Curl_safefree(chlg);
+    return CURLE_LOGIN_DENIED;
+  }
+
+  /* Retrieve realm string from the challenge */
+  if(!sasl_digest_get_key_value(chlg, "realm=\"", realm,
+                                sizeof(realm), '\"')) {
+    /* Challenge does not have a realm, set empty string [RFC2831] page 6 */
+    strcpy(realm, "");
+  }
+
+  /* Retrieve algorithm string from the challenge */
+  if(!sasl_digest_get_key_value(chlg, "algorithm=", alg, sizeof(alg), ',')) {
+    Curl_safefree(chlg);
+    return CURLE_LOGIN_DENIED;
+  }
+
+  Curl_safefree(chlg);
+
+  /* We do not support other algorithms */
+  if(strcmp(alg, "md5-sess") != 0)
+    return CURLE_LOGIN_DENIED;
+
+  /* Generate 64 bits of random data */
+  for(i = 0; i < 8; i++)
+    cnonce[i] = table16[Curl_rand()%16];
+
+  /* So far so good, now calculate A1 and H(A1) according to RFC 2831 */
+  ctxt = Curl_MD5_init(Curl_DIGEST_MD5);
+  if(!ctxt)
+    return CURLE_OUT_OF_MEMORY;
+
+  Curl_MD5_update(ctxt, (const unsigned char *) userp,
+                  curlx_uztoui(strlen(userp)));
+  Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
+  Curl_MD5_update(ctxt, (const unsigned char *) realm,
+                  curlx_uztoui(strlen(realm)));
+  Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
+  Curl_MD5_update(ctxt, (const unsigned char *) passwdp,
+                  curlx_uztoui(strlen(passwdp)));
+  Curl_MD5_final(ctxt, digest);
+
+  ctxt = Curl_MD5_init(Curl_DIGEST_MD5);
+  if(!ctxt)
+    return CURLE_OUT_OF_MEMORY;
+
+  Curl_MD5_update(ctxt, (const unsigned char *) digest, MD5_DIGEST_LEN);
+  Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
+  Curl_MD5_update(ctxt, (const unsigned char *) nonce,
+                  curlx_uztoui(strlen(nonce)));
+  Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
+  Curl_MD5_update(ctxt, (const unsigned char *) cnonce,
+                  curlx_uztoui(strlen(cnonce)));
+  Curl_MD5_final(ctxt, digest);
+
+  /* Convert calculated 16 octet hex into 32 bytes string */
+  for(i = 0; i < MD5_DIGEST_LEN; i++)
+    snprintf(&HA1_hex[2 * i], 3, "%02x", digest[i]);
+
+  /* Prepare the URL string */
+  strcpy(uri, service);
+  strcat(uri, "/");
+  strcat(uri, realm);
+
+  /* Calculate H(A2) */
+  ctxt = Curl_MD5_init(Curl_DIGEST_MD5);
+  if(!ctxt)
+    return CURLE_OUT_OF_MEMORY;
+
+  Curl_MD5_update(ctxt, (const unsigned char *) method,
+                  curlx_uztoui(strlen(method)));
+  Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
+  Curl_MD5_update(ctxt, (const unsigned char *) uri,
+                  curlx_uztoui(strlen(uri)));
+  Curl_MD5_final(ctxt, digest);
+
+  for(i = 0; i < MD5_DIGEST_LEN; i++)
+    snprintf(&HA2_hex[2 * i], 3, "%02x", digest[i]);
+
+  /* Now calculate the response hash */
+  ctxt = Curl_MD5_init(Curl_DIGEST_MD5);
+  if(!ctxt)
+    return CURLE_OUT_OF_MEMORY;
+
+  Curl_MD5_update(ctxt, (const unsigned char *) HA1_hex, 2 * MD5_DIGEST_LEN);
+  Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
+  Curl_MD5_update(ctxt, (const unsigned char *) nonce,
+                  curlx_uztoui(strlen(nonce)));
+  Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
+
+  Curl_MD5_update(ctxt, (const unsigned char *) nonceCount,
+                  curlx_uztoui(strlen(nonceCount)));
+  Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
+  Curl_MD5_update(ctxt, (const unsigned char *) cnonce,
+                  curlx_uztoui(strlen(cnonce)));
+  Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
+  Curl_MD5_update(ctxt, (const unsigned char *) qop,
+                  curlx_uztoui(strlen(qop)));
+  Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
+
+  Curl_MD5_update(ctxt, (const unsigned char *) HA2_hex, 2 * MD5_DIGEST_LEN);
+  Curl_MD5_final(ctxt, digest);
+
+  for(i = 0; i < MD5_DIGEST_LEN; i++)
+    snprintf(&resp_hash_hex[2 * i], 3, "%02x", digest[i]);
+
+  strcpy(response, "username=\"");
+  strcat(response, userp);
+  strcat(response, "\",realm=\"");
+  strcat(response, realm);
+  strcat(response, "\",nonce=\"");
+  strcat(response, nonce);
+  strcat(response, "\",cnonce=\"");
+  strcat(response, cnonce);
+  strcat(response, "\",nc=");
+  strcat(response, nonceCount);
+  strcat(response, ",digest-uri=\"");
+  strcat(response, uri);
+  strcat(response, "\",response=");
+  strcat(response, resp_hash_hex);
+
+  /* Base64 encode the reply */
+  return Curl_base64_encode(data, response, 0, outptr, outlen);
+}
+#endif
+
+#ifdef USE_NTLM
+/*
+ * Curl_sasl_create_ntlm_type1_message()
+ *
+ * This is used to generate an already encoded NTLM type-1 message ready for
+ * sending to the recipient.
+ *
+ * Note: This is a simple wrapper of the NTLM function which means that any
+ * SASL based protocols don't have to include the NTLM functions directly.
+ *
+ * Parameters:
+ *
+ * userp   [in]     - The user name in the format User or Domain\User.
+ * passdwp [in]     - The user's password.
+ * ntlm    [in/out] - The ntlm data struct being used and modified.
+ * outptr  [in/out] - The address where a pointer to newly allocated memory
+ *                    holding the result will be stored upon completion.
+ * outlen  [out]    - The length of the output message.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_sasl_create_ntlm_type1_message(const char *userp,
+                                             const char *passwdp,
+                                             struct ntlmdata *ntlm,
+                                             char **outptr, size_t *outlen)
+{
+  return Curl_ntlm_create_type1_message(userp, passwdp, ntlm, outptr,
+                                        outlen);
+}
+
+/*
+ * Curl_sasl_create_ntlm_type3_message()
+ *
+ * This is used to generate an already encoded NTLM type-3 message ready for
+ * sending to the recipient.
+ *
+ * Parameters:
+ *
+ * data    [in]     - Pointer to session handle.
+ * header  [in]     - Pointer to the base64 encoded type-2 message buffer.
+ * userp   [in]     - The user name in the format User or Domain\User.
+ * passdwp [in]     - The user's password.
+ * ntlm    [in/out] - The ntlm data struct being used and modified.
+ * outptr  [in/out] - The address where a pointer to newly allocated memory
+ *                    holding the result will be stored upon completion.
+ * outlen  [out]    - The length of the output message.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_sasl_create_ntlm_type3_message(struct SessionHandle *data,
+                                             const char *header,
+                                             const char *userp,
+                                             const char *passwdp,
+                                             struct ntlmdata *ntlm,
+                                             char **outptr, size_t *outlen)
+{
+  CURLcode result = Curl_ntlm_decode_type2_message(data, header, ntlm);
+
+  if(!result)
+    result = Curl_ntlm_create_type3_message(data, userp, passwdp, ntlm,
+                                            outptr, outlen);
+
+  return result;
+}
+#endif /* USE_NTLM */
+
+/*
+ * Curl_sasl_cleanup()
+ *
+ * This is used to cleanup any libraries or curl modules used by the sasl
+ * functions.
+ *
+ * Parameters:
+ *
+ * conn     [in]     - Pointer to the connection data.
+ * authused [in]     - The authentication mechanism used.
+ */
+void Curl_sasl_cleanup(struct connectdata *conn, unsigned int authused)
+{
+#ifdef USE_NTLM
+  /* Cleanup the ntlm structure */
+  if(authused == SASL_MECH_NTLM) {
+    Curl_ntlm_sspi_cleanup(&conn->ntlm);
+  }
+  (void)conn;
+#else
+  /* Reserved for future use */
+  (void)conn;
+  (void)authused;
+#endif
+}
--- a/lib/curl_sasl.h
+++ b/lib/curl_sasl.h
@@ -0,0 +1,88 @@
+#ifndef HEADER_CURL_SASL_H
+#define HEADER_CURL_SASL_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "pingpong.h"
+
+/* Authentication mechanism flags */
+#define SASL_MECH_LOGIN         0x0001
+#define SASL_MECH_PLAIN         0x0002
+#define SASL_MECH_CRAM_MD5      0x0004
+#define SASL_MECH_DIGEST_MD5    0x0008
+#define SASL_MECH_GSSAPI        0x0010
+#define SASL_MECH_EXTERNAL      0x0020
+#define SASL_MECH_NTLM          0x0040
+
+/* This is used to generate a base64 encoded PLAIN authentication message */
+CURLcode Curl_sasl_create_plain_message(struct SessionHandle *data,
+                                        const char* userp,
+                                        const char* passwdp,
+                                        char **outptr, size_t *outlen);
+
+/* This is used to generate a base64 encoded LOGIN authentication message
+   containing either the user name or password details */
+CURLcode Curl_sasl_create_login_message(struct SessionHandle *data,
+                                        const char* valuep, char **outptr,
+                                        size_t *outlen);
+
+#ifndef CURL_DISABLE_CRYPTO_AUTH
+/* This is used to generate a base64 encoded CRAM-MD5 response message */
+CURLcode Curl_sasl_create_cram_md5_message(struct SessionHandle *data,
+                                           const char* chlg64,
+                                           const char* user,
+                                           const char* passwdp,
+                                           char **outptr, size_t *outlen);
+
+/* This is used to generate a base64 encoded DIGEST-MD5 response message */
+CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
+                                             const char* chlg64,
+                                             const char* user,
+                                             const char* passwdp,
+                                             const char* service,
+                                             char **outptr, size_t *outlen);
+#endif
+
+#ifdef USE_NTLM
+/* This is used to generate a base64 encoded NTLM type-1 message */
+CURLcode Curl_sasl_create_ntlm_type1_message(const char *userp,
+                                             const char *passwdp,
+                                             struct ntlmdata *ntlm,
+                                             char **outptr,
+                                             size_t *outlen);
+
+/* This is used to decode an incoming NTLM type-2 message and generate a
+   base64 encoded type-3 response */
+CURLcode Curl_sasl_create_ntlm_type3_message(struct SessionHandle *data,
+                                             const char *header,
+                                             const char *userp,
+                                             const char *passwdp,
+                                             struct ntlmdata *ntlm,
+                                             char **outptr, size_t *outlen);
+
+#endif /* USE_NTLM */
+
+/* This is used to cleanup any libraries or curl modules used by the sasl
+   functions */
+void Curl_sasl_cleanup(struct connectdata *conn, unsigned int authused);
+
+#endif /* HEADER_CURL_SASL_H */
--- a/lib/curl_schannel.c
+++ b/lib/curl_schannel.c
--- a/lib/curl_schannel.h
+++ b/lib/curl_schannel.h
@@ -0,0 +1,132 @@
+#ifndef HEADER_CURL_SCHANNEL_H
+#define HEADER_CURL_SCHANNEL_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2012, Marc Hoersken, <info@marc-hoersken.de>, et al.
+ * Copyright (C) 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include "setup.h"
+
+#ifdef USE_SCHANNEL
+
+#include "urldata.h"
+
+#ifndef UNISP_NAME_A
+#define UNISP_NAME_A "Microsoft Unified Security Protocol Provider"
+#endif
+
+#ifndef UNISP_NAME_W
+#define UNISP_NAME_W L"Microsoft Unified Security Protocol Provider"
+#endif
+
+#ifndef UNISP_NAME
+#ifdef UNICODE
+#define UNISP_NAME  UNISP_NAME_W
+#else
+#define UNISP_NAME  UNISP_NAME_A
+#endif
+#endif
+
+#ifndef SP_PROT_SSL2_CLIENT
+#define SP_PROT_SSL2_CLIENT             0x00000008
+#endif
+
+#ifndef SP_PROT_SSL3_CLIENT
+#define SP_PROT_SSL3_CLIENT             0x00000008
+#endif
+
+#ifndef SP_PROT_TLS1_CLIENT
+#define SP_PROT_TLS1_CLIENT             0x00000080
+#endif
+
+#ifndef SP_PROT_TLS1_0_CLIENT
+#define SP_PROT_TLS1_0_CLIENT           SP_PROT_TLS1_CLIENT
+#endif
+
+#ifndef SP_PROT_TLS1_1_CLIENT
+#define SP_PROT_TLS1_1_CLIENT           0x00000200
+#endif
+
+#ifndef SP_PROT_TLS1_2_CLIENT
+#define SP_PROT_TLS1_2_CLIENT           0x00000800
+#endif
+
+#ifndef SECBUFFER_ALERT
+#define SECBUFFER_ALERT                 17
+#endif
+
+#ifndef ISC_RET_REPLAY_DETECT
+#define ISC_RET_REPLAY_DETECT           0x00000004
+#endif
+
+#ifndef ISC_RET_SEQUENCE_DETECT
+#define ISC_RET_SEQUENCE_DETECT         0x00000008
+#endif
+
+#ifndef ISC_RET_CONFIDENTIALITY
+#define ISC_RET_CONFIDENTIALITY         0x00000010
+#endif
+
+#ifndef ISC_RET_ALLOCATED_MEMORY
+#define ISC_RET_ALLOCATED_MEMORY        0x00000100
+#endif
+
+#ifndef ISC_RET_STREAM
+#define ISC_RET_STREAM                  0x00008000
+#endif
+
+
+#define CURL_SCHANNEL_BUFFER_INIT_SIZE   4096
+#define CURL_SCHANNEL_BUFFER_FREE_SIZE   1024
+#define CURL_SCHANNEL_BUFFER_STEP_FACTOR 2
+
+
+CURLcode Curl_schannel_connect(struct connectdata *conn, int sockindex);
+
+CURLcode Curl_schannel_connect_nonblocking(struct connectdata *conn,
+                                           int sockindex,
+                                           bool *done);
+
+bool Curl_schannel_data_pending(const struct connectdata *conn, int sockindex);
+void Curl_schannel_close(struct connectdata *conn, int sockindex);
+int Curl_schannel_shutdown(struct connectdata *conn, int sockindex);
+void Curl_schannel_session_free(void *ptr);
+
+int Curl_schannel_init(void);
+void Curl_schannel_cleanup(void);
+size_t Curl_schannel_version(char *buffer, size_t size);
+
+/* API setup for Schannel */
+#define curlssl_init Curl_schannel_init
+#define curlssl_cleanup Curl_schannel_cleanup
+#define curlssl_connect Curl_schannel_connect
+#define curlssl_connect_nonblocking Curl_schannel_connect_nonblocking
+#define curlssl_session_free Curl_schannel_session_free
+#define curlssl_close_all(x) (x=x, CURLE_NOT_BUILT_IN)
+#define curlssl_close Curl_schannel_close
+#define curlssl_shutdown Curl_schannel_shutdown
+#define curlssl_set_engine(x,y) (x=x, y=y, CURLE_NOT_BUILT_IN)
+#define curlssl_set_engine_default(x) (x=x, CURLE_NOT_BUILT_IN)
+#define curlssl_engines_list(x) (x=x, (struct curl_slist *)NULL)
+#define curlssl_version Curl_schannel_version
+#define curlssl_check_cxn(x) (x=x, -1)
+#define curlssl_data_pending Curl_schannel_data_pending
+#endif /* USE_SCHANNEL */
+#endif /* HEADER_CURL_SCHANNEL_H */
--- a/lib/curl_sspi.c
+++ b/lib/curl_sspi.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -35,16 +35,25 @@
 /* The last #include file should be: */
 #include "memdebug.h"

-
 /* We use our own typedef here since some headers might lack these */
-typedef PSecurityFunctionTableA (APIENTRY *INITSECURITYINTERFACE_FN_A)(VOID);
+typedef PSecurityFunctionTable (APIENTRY *INITSECURITYINTERFACE_FN)(VOID);
+
+/* See definition of SECURITY_ENTRYPOINT in sspi.h */
+#ifdef UNICODE
+#  ifdef _WIN32_WCE
+#    define SECURITYENTRYPOINT L"InitSecurityInterfaceW"
+#  else
+#    define SECURITYENTRYPOINT "InitSecurityInterfaceW"
+#  endif
+#else
+#  define SECURITYENTRYPOINT "InitSecurityInterfaceA"
+#endif

 /* Handle of security.dll or secur32.dll, depending on Windows version */
 HMODULE s_hSecDll = NULL;

 /* Pointer to SSPI dispatch table */
-PSecurityFunctionTableA s_pSecFn = NULL;
-
+PSecurityFunctionTable s_pSecFn = NULL;

 /*
 * Curl_sspi_global_init()
@@ -57,20 +66,18 @@ PSecurityFunctionTableA s_pSecFn = NULL;
 * Once this function has been executed, Windows SSPI functions can be
 * called through the Security Service Provider Interface dispatch table.
 */
-
-CURLcode
-Curl_sspi_global_init(void)
+CURLcode Curl_sspi_global_init(void)
 {
  OSVERSIONINFO osver;
-  INITSECURITYINTERFACE_FN_A pInitSecurityInterface;
+  INITSECURITYINTERFACE_FN pInitSecurityInterface;

  /* If security interface is not yet initialized try to do this */
-  if(s_hSecDll == NULL) {
+  if(!s_hSecDll) {

    /* Find out Windows version */
    memset(&osver, 0, sizeof(osver));
    osver.dwOSVersionInfoSize = sizeof(osver);
-    if(! GetVersionEx(&osver))
+    if(!GetVersionEx(&osver))
      return CURLE_FAILED_INIT;

    /* Security Service Provider Interface (SSPI) functions are located in
@@ -80,36 +87,34 @@ Curl_sspi_global_init(void)
    /* Load SSPI dll into the address space of the calling process */
    if(osver.dwPlatformId == VER_PLATFORM_WIN32_NT
      && osver.dwMajorVersion == 4)
-      s_hSecDll = LoadLibrary("security.dll");
+      s_hSecDll = LoadLibrary(TEXT("security.dll"));
    else
-      s_hSecDll = LoadLibrary("secur32.dll");
-    if(! s_hSecDll)
+      s_hSecDll = LoadLibrary(TEXT("secur32.dll"));
+    if(!s_hSecDll)
      return CURLE_FAILED_INIT;

    /* Get address of the InitSecurityInterfaceA function from the SSPI dll */
-    pInitSecurityInterface = (INITSECURITYINTERFACE_FN_A)
-      GetProcAddress(s_hSecDll, "InitSecurityInterfaceA");
-    if(! pInitSecurityInterface)
+    pInitSecurityInterface = (INITSECURITYINTERFACE_FN)
+      GetProcAddress(s_hSecDll, SECURITYENTRYPOINT);
+    if(!pInitSecurityInterface)
      return CURLE_FAILED_INIT;

    /* Get pointer to Security Service Provider Interface dispatch table */
    s_pSecFn = pInitSecurityInterface();
-    if(! s_pSecFn)
+    if(!s_pSecFn)
      return CURLE_FAILED_INIT;
-
  }
+
  return CURLE_OK;
 }

-
 /*
 * Curl_sspi_global_cleanup()
 *
 * This deinitializes the Security Service Provider Interface from libcurl.
 */

-void
-Curl_sspi_global_cleanup(void)
+void Curl_sspi_global_cleanup(void)
 {
  if(s_hSecDll) {
    FreeLibrary(s_hSecDll);
--- a/lib/curl_sspi.h
+++ b/lib/curl_sspi.h
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -40,34 +40,254 @@
 #include <sspi.h>
 #include <rpc.h>

-/* Provide some definitions missing in MinGW's headers */
-
-#ifndef SEC_I_CONTEXT_EXPIRED
-# define SEC_I_CONTEXT_EXPIRED ((HRESULT)0x00090317L)
-#endif
-#ifndef SEC_E_BUFFER_TOO_SMALL
-# define SEC_E_BUFFER_TOO_SMALL ((HRESULT)0x80090321L)
-#endif
-#ifndef SEC_E_CONTEXT_EXPIRED
-# define SEC_E_CONTEXT_EXPIRED ((HRESULT)0x80090317L)
-#endif
-#ifndef SEC_E_CRYPTO_SYSTEM_INVALID
-# define SEC_E_CRYPTO_SYSTEM_INVALID ((HRESULT)0x80090337L)
-#endif
-#ifndef SEC_E_MESSAGE_ALTERED
-# define SEC_E_MESSAGE_ALTERED ((HRESULT)0x8009030FL)
-#endif
-#ifndef SEC_E_OUT_OF_SEQUENCE
-# define SEC_E_OUT_OF_SEQUENCE ((HRESULT)0x80090310L)
-#endif
-
 CURLcode Curl_sspi_global_init(void);
 void Curl_sspi_global_cleanup(void);

 /* Forward-declaration of global variables defined in curl_sspi.c */

 extern HMODULE s_hSecDll;
-extern PSecurityFunctionTableA s_pSecFn;
+extern PSecurityFunctionTable s_pSecFn;
+
+/* Provide some definitions missing in old headers */
+
+#ifndef SEC_E_INSUFFICIENT_MEMORY
+# define SEC_E_INSUFFICIENT_MEMORY             ((HRESULT)0x80090300L)
+#endif
+#ifndef SEC_E_INVALID_HANDLE
+# define SEC_E_INVALID_HANDLE                  ((HRESULT)0x80090301L)
+#endif
+#ifndef SEC_E_UNSUPPORTED_FUNCTION
+# define SEC_E_UNSUPPORTED_FUNCTION            ((HRESULT)0x80090302L)
+#endif
+#ifndef SEC_E_TARGET_UNKNOWN
+# define SEC_E_TARGET_UNKNOWN                  ((HRESULT)0x80090303L)
+#endif
+#ifndef SEC_E_INTERNAL_ERROR
+# define SEC_E_INTERNAL_ERROR                  ((HRESULT)0x80090304L)
+#endif
+#ifndef SEC_E_SECPKG_NOT_FOUND
+# define SEC_E_SECPKG_NOT_FOUND                ((HRESULT)0x80090305L)
+#endif
+#ifndef SEC_E_NOT_OWNER
+# define SEC_E_NOT_OWNER                       ((HRESULT)0x80090306L)
+#endif
+#ifndef SEC_E_CANNOT_INSTALL
+# define SEC_E_CANNOT_INSTALL                  ((HRESULT)0x80090307L)
+#endif
+#ifndef SEC_E_INVALID_TOKEN
+# define SEC_E_INVALID_TOKEN                   ((HRESULT)0x80090308L)
+#endif
+#ifndef SEC_E_CANNOT_PACK
+# define SEC_E_CANNOT_PACK                     ((HRESULT)0x80090309L)
+#endif
+#ifndef SEC_E_QOP_NOT_SUPPORTED
+# define SEC_E_QOP_NOT_SUPPORTED               ((HRESULT)0x8009030AL)
+#endif
+#ifndef SEC_E_NO_IMPERSONATION
+# define SEC_E_NO_IMPERSONATION                ((HRESULT)0x8009030BL)
+#endif
+#ifndef SEC_E_LOGON_DENIED
+# define SEC_E_LOGON_DENIED                    ((HRESULT)0x8009030CL)
+#endif
+#ifndef SEC_E_UNKNOWN_CREDENTIALS
+# define SEC_E_UNKNOWN_CREDENTIALS             ((HRESULT)0x8009030DL)
+#endif
+#ifndef SEC_E_NO_CREDENTIALS
+# define SEC_E_NO_CREDENTIALS                  ((HRESULT)0x8009030EL)
+#endif
+#ifndef SEC_E_MESSAGE_ALTERED
+# define SEC_E_MESSAGE_ALTERED                 ((HRESULT)0x8009030FL)
+#endif
+#ifndef SEC_E_OUT_OF_SEQUENCE
+# define SEC_E_OUT_OF_SEQUENCE                 ((HRESULT)0x80090310L)
+#endif
+#ifndef SEC_E_NO_AUTHENTICATING_AUTHORITY
+# define SEC_E_NO_AUTHENTICATING_AUTHORITY     ((HRESULT)0x80090311L)
+#endif
+#ifndef SEC_E_BAD_PKGID
+# define SEC_E_BAD_PKGID                       ((HRESULT)0x80090316L)
+#endif
+#ifndef SEC_E_CONTEXT_EXPIRED
+# define SEC_E_CONTEXT_EXPIRED                 ((HRESULT)0x80090317L)
+#endif
+#ifndef SEC_E_INCOMPLETE_MESSAGE
+# define SEC_E_INCOMPLETE_MESSAGE              ((HRESULT)0x80090318L)
+#endif
+#ifndef SEC_E_INCOMPLETE_CREDENTIALS
+# define SEC_E_INCOMPLETE_CREDENTIALS          ((HRESULT)0x80090320L)
+#endif
+#ifndef SEC_E_BUFFER_TOO_SMALL
+# define SEC_E_BUFFER_TOO_SMALL                ((HRESULT)0x80090321L)
+#endif
+#ifndef SEC_E_WRONG_PRINCIPAL
+# define SEC_E_WRONG_PRINCIPAL                 ((HRESULT)0x80090322L)
+#endif
+#ifndef SEC_E_TIME_SKEW
+# define SEC_E_TIME_SKEW                       ((HRESULT)0x80090324L)
+#endif
+#ifndef SEC_E_UNTRUSTED_ROOT
+# define SEC_E_UNTRUSTED_ROOT                  ((HRESULT)0x80090325L)
+#endif
+#ifndef SEC_E_ILLEGAL_MESSAGE
+# define SEC_E_ILLEGAL_MESSAGE                 ((HRESULT)0x80090326L)
+#endif
+#ifndef SEC_E_CERT_UNKNOWN
+# define SEC_E_CERT_UNKNOWN                    ((HRESULT)0x80090327L)
+#endif
+#ifndef SEC_E_CERT_EXPIRED
+# define SEC_E_CERT_EXPIRED                    ((HRESULT)0x80090328L)
+#endif
+#ifndef SEC_E_ENCRYPT_FAILURE
+# define SEC_E_ENCRYPT_FAILURE                 ((HRESULT)0x80090329L)
+#endif
+#ifndef SEC_E_DECRYPT_FAILURE
+# define SEC_E_DECRYPT_FAILURE                 ((HRESULT)0x80090330L)
+#endif
+#ifndef SEC_E_ALGORITHM_MISMATCH
+# define SEC_E_ALGORITHM_MISMATCH              ((HRESULT)0x80090331L)
+#endif
+#ifndef SEC_E_SECURITY_QOS_FAILED
+# define SEC_E_SECURITY_QOS_FAILED             ((HRESULT)0x80090332L)
+#endif
+#ifndef SEC_E_UNFINISHED_CONTEXT_DELETED
+# define SEC_E_UNFINISHED_CONTEXT_DELETED      ((HRESULT)0x80090333L)
+#endif
+#ifndef SEC_E_NO_TGT_REPLY
+# define SEC_E_NO_TGT_REPLY                    ((HRESULT)0x80090334L)
+#endif
+#ifndef SEC_E_NO_IP_ADDRESSES
+# define SEC_E_NO_IP_ADDRESSES                 ((HRESULT)0x80090335L)
+#endif
+#ifndef SEC_E_WRONG_CREDENTIAL_HANDLE
+# define SEC_E_WRONG_CREDENTIAL_HANDLE         ((HRESULT)0x80090336L)
+#endif
+#ifndef SEC_E_CRYPTO_SYSTEM_INVALID
+# define SEC_E_CRYPTO_SYSTEM_INVALID           ((HRESULT)0x80090337L)
+#endif
+#ifndef SEC_E_MAX_REFERRALS_EXCEEDED
+# define SEC_E_MAX_REFERRALS_EXCEEDED          ((HRESULT)0x80090338L)
+#endif
+#ifndef SEC_E_MUST_BE_KDC
+# define SEC_E_MUST_BE_KDC                     ((HRESULT)0x80090339L)
+#endif
+#ifndef SEC_E_STRONG_CRYPTO_NOT_SUPPORTED
+# define SEC_E_STRONG_CRYPTO_NOT_SUPPORTED     ((HRESULT)0x8009033AL)
+#endif
+#ifndef SEC_E_TOO_MANY_PRINCIPALS
+# define SEC_E_TOO_MANY_PRINCIPALS             ((HRESULT)0x8009033BL)
+#endif
+#ifndef SEC_E_NO_PA_DATA
+# define SEC_E_NO_PA_DATA                      ((HRESULT)0x8009033CL)
+#endif
+#ifndef SEC_E_PKINIT_NAME_MISMATCH
+# define SEC_E_PKINIT_NAME_MISMATCH            ((HRESULT)0x8009033DL)
+#endif
+#ifndef SEC_E_SMARTCARD_LOGON_REQUIRED
+# define SEC_E_SMARTCARD_LOGON_REQUIRED        ((HRESULT)0x8009033EL)
+#endif
+#ifndef SEC_E_SHUTDOWN_IN_PROGRESS
+# define SEC_E_SHUTDOWN_IN_PROGRESS            ((HRESULT)0x8009033FL)
+#endif
+#ifndef SEC_E_KDC_INVALID_REQUEST
+# define SEC_E_KDC_INVALID_REQUEST             ((HRESULT)0x80090340L)
+#endif
+#ifndef SEC_E_KDC_UNABLE_TO_REFER
+# define SEC_E_KDC_UNABLE_TO_REFER             ((HRESULT)0x80090341L)
+#endif
+#ifndef SEC_E_KDC_UNKNOWN_ETYPE
+# define SEC_E_KDC_UNKNOWN_ETYPE               ((HRESULT)0x80090342L)
+#endif
+#ifndef SEC_E_UNSUPPORTED_PREAUTH
+# define SEC_E_UNSUPPORTED_PREAUTH             ((HRESULT)0x80090343L)
+#endif
+#ifndef SEC_E_DELEGATION_REQUIRED
+# define SEC_E_DELEGATION_REQUIRED             ((HRESULT)0x80090345L)
+#endif
+#ifndef SEC_E_BAD_BINDINGS
+# define SEC_E_BAD_BINDINGS                    ((HRESULT)0x80090346L)
+#endif
+#ifndef SEC_E_MULTIPLE_ACCOUNTS
+# define SEC_E_MULTIPLE_ACCOUNTS               ((HRESULT)0x80090347L)
+#endif
+#ifndef SEC_E_NO_KERB_KEY
+# define SEC_E_NO_KERB_KEY                     ((HRESULT)0x80090348L)
+#endif
+#ifndef SEC_E_CERT_WRONG_USAGE
+# define SEC_E_CERT_WRONG_USAGE                ((HRESULT)0x80090349L)
+#endif
+#ifndef SEC_E_DOWNGRADE_DETECTED
+# define SEC_E_DOWNGRADE_DETECTED              ((HRESULT)0x80090350L)
+#endif
+#ifndef SEC_E_SMARTCARD_CERT_REVOKED
+# define SEC_E_SMARTCARD_CERT_REVOKED          ((HRESULT)0x80090351L)
+#endif
+#ifndef SEC_E_ISSUING_CA_UNTRUSTED
+# define SEC_E_ISSUING_CA_UNTRUSTED            ((HRESULT)0x80090352L)
+#endif
+#ifndef SEC_E_REVOCATION_OFFLINE_C
+# define SEC_E_REVOCATION_OFFLINE_C            ((HRESULT)0x80090353L)
+#endif
+#ifndef SEC_E_PKINIT_CLIENT_FAILURE
+# define SEC_E_PKINIT_CLIENT_FAILURE           ((HRESULT)0x80090354L)
+#endif
+#ifndef SEC_E_SMARTCARD_CERT_EXPIRED
+# define SEC_E_SMARTCARD_CERT_EXPIRED          ((HRESULT)0x80090355L)
+#endif
+#ifndef SEC_E_NO_S4U_PROT_SUPPORT
+# define SEC_E_NO_S4U_PROT_SUPPORT             ((HRESULT)0x80090356L)
+#endif
+#ifndef SEC_E_CROSSREALM_DELEGATION_FAILURE
+# define SEC_E_CROSSREALM_DELEGATION_FAILURE   ((HRESULT)0x80090357L)
+#endif
+#ifndef SEC_E_REVOCATION_OFFLINE_KDC
+# define SEC_E_REVOCATION_OFFLINE_KDC          ((HRESULT)0x80090358L)
+#endif
+#ifndef SEC_E_ISSUING_CA_UNTRUSTED_KDC
+# define SEC_E_ISSUING_CA_UNTRUSTED_KDC        ((HRESULT)0x80090359L)
+#endif
+#ifndef SEC_E_KDC_CERT_EXPIRED
+# define SEC_E_KDC_CERT_EXPIRED                ((HRESULT)0x8009035AL)
+#endif
+#ifndef SEC_E_KDC_CERT_REVOKED
+# define SEC_E_KDC_CERT_REVOKED                ((HRESULT)0x8009035BL)
+#endif
+#ifndef SEC_E_INVALID_PARAMETER
+# define SEC_E_INVALID_PARAMETER               ((HRESULT)0x8009035DL)
+#endif
+#ifndef SEC_E_DELEGATION_POLICY
+# define SEC_E_DELEGATION_POLICY               ((HRESULT)0x8009035EL)
+#endif
+#ifndef SEC_E_POLICY_NLTM_ONLY
+# define SEC_E_POLICY_NLTM_ONLY                ((HRESULT)0x8009035FL)
+#endif
+
+#ifndef SEC_I_CONTINUE_NEEDED
+# define SEC_I_CONTINUE_NEEDED                 ((HRESULT)0x00090312L)
+#endif
+#ifndef SEC_I_COMPLETE_NEEDED
+# define SEC_I_COMPLETE_NEEDED                 ((HRESULT)0x00090313L)
+#endif
+#ifndef SEC_I_COMPLETE_AND_CONTINUE
+# define SEC_I_COMPLETE_AND_CONTINUE           ((HRESULT)0x00090314L)
+#endif
+#ifndef SEC_I_LOCAL_LOGON
+# define SEC_I_LOCAL_LOGON                     ((HRESULT)0x00090315L)
+#endif
+#ifndef SEC_I_CONTEXT_EXPIRED
+# define SEC_I_CONTEXT_EXPIRED                 ((HRESULT)0x00090317L)
+#endif
+#ifndef SEC_I_INCOMPLETE_CREDENTIALS
+# define SEC_I_INCOMPLETE_CREDENTIALS          ((HRESULT)0x00090320L)
+#endif
+#ifndef SEC_I_RENEGOTIATE
+# define SEC_I_RENEGOTIATE                     ((HRESULT)0x00090321L)
+#endif
+#ifndef SEC_I_NO_LSA_CONTEXT
+# define SEC_I_NO_LSA_CONTEXT                  ((HRESULT)0x00090323L)
+#endif
+#ifndef SEC_I_SIGNATURE_NEEDED
+# define SEC_I_SIGNATURE_NEEDED                ((HRESULT)0x0009035CL)
+#endif

 #endif /* USE_WINDOWS_SSPI */
 #endif /* HEADER_CURL_SSPI_H */
--- a/lib/cyassl.c
+++ b/lib/cyassl.c
@@ -53,6 +53,8 @@
 #include "curl_memory.h"
 /* The last #include file should be: */
 #include "memdebug.h"
+#include <cyassl/ssl.h>
+#include <cyassl/error.h>


 static Curl_recv cyassl_recv;
@@ -132,7 +134,7 @@ cyassl_connect_step1(struct connectdata *conn,
      if(data->set.ssl.verifypeer) {
        /* Fail if we insiste on successfully verifying the server. */
        failf(data,"error setting certificate verify locations:\n"
-              "  CAfile: %s\n  CApath: %s\n",
+              "  CAfile: %s\n  CApath: %s",
              data->set.str[STRING_SSL_CAFILE]?
              data->set.str[STRING_SSL_CAFILE]: "none",
              data->set.str[STRING_SSL_CAPATH]?
@@ -237,6 +239,13 @@ cyassl_connect_step2(struct connectdata *conn,
  conn->recv[sockindex] = cyassl_recv;
  conn->send[sockindex] = cyassl_send;

+  /* Enable RFC2818 checks */
+  if(data->set.ssl.verifyhost) {
+    ret = CyaSSL_check_domain_name(conssl->handle, conn->host.name);
+    if(ret == SSL_FAILURE)
+      return CURLE_OUT_OF_MEMORY;
+  }
+
  ret = SSL_connect(conssl->handle);
  if(ret != 1) {
    char error_buffer[80];
@@ -246,15 +255,43 @@ cyassl_connect_step2(struct connectdata *conn,
      conssl->connecting_state = ssl_connect_2_reading;
      return CURLE_OK;
    }
-
-    if(SSL_ERROR_WANT_WRITE == detail) {
+    else if(SSL_ERROR_WANT_WRITE == detail) {
      conssl->connecting_state = ssl_connect_2_writing;
      return CURLE_OK;
    }
-
-    failf(data, "SSL_connect failed with error %d: %s", detail,
+    /* There is no easy way to override only the CN matching.
+     * This will enable the override of both mismatching SubjectAltNames
+     * as also mismatching CN fields */
+    else if(DOMAIN_NAME_MISMATCH == detail) {
+#if 1
+      failf(data, "\tsubject alt name(s) or common name do not match \"%s\"\n",
+            conn->host.dispname);
+      return CURLE_PEER_FAILED_VERIFICATION;
+#else
+      /* When the CyaSSL_check_domain_name() is used and you desire to continue
+       * on a DOMAIN_NAME_MISMATCH, i.e. 'data->set.ssl.verifyhost == 0',
+       * CyaSSL version 2.4.0 will fail with an INCOMPLETE_DATA error. The only
+       * way to do this is currently to switch the CyaSSL_check_domain_name()
+       * in and out based on the 'data->set.ssl.verifyhost' value. */
+      if(data->set.ssl.verifyhost) {
+        failf(data,
+              "\tsubject alt name(s) or common name do not match \"%s\"\n",
+              conn->host.dispname);
+        return CURLE_PEER_FAILED_VERIFICATION;
+      }
+      else {
+        infof(data,
+              "\tsubject alt name(s) and/or common name do not match \"%s\"\n",
+              conn->host.dispname);
+        return CURLE_OK;
+      }
+#endif
+    }
+    else {
+      failf(data, "SSL_connect failed with error %d: %s", detail,
          ERR_error_string(detail, error_buffer));
-    return CURLE_SSL_CONNECT_ERROR;
+      return CURLE_SSL_CONNECT_ERROR;
+    }
  }

  conssl->connecting_state = ssl_connect_3;
--- a/lib/dict.c
+++ b/lib/dict.c
@@ -67,10 +67,10 @@
 #define _MPRINTF_REPLACE /* use our functions only */
 #include <curl/mprintf.h>

+#include "curl_memory.h"
 /* The last #include file should be: */
 #include "memdebug.h"

-
 /*
 * Forward declarations.
 */
--- a/Show More
+++ b/Show More