RELEASE-NOTES: synced with 92cf6141ed

curl: fix --oauth2-bearer in the --help output
After the option rename in 5df04bfafd
2013-10-13 23:24:21 +02:00 · 2013-10-13 23:21:12 +02:00 · 2013-10-13 23:08:12 +02:00 · 2013-10-13 19:12:58 +02:00 · 2013-10-12 23:26:38 +02:00 · 2013-10-12 23:03:28 +02:00
583 changed files with 33938 additions and 10190 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -45,3 +45,4 @@ CHANGES.dist
 .project
 .cproject
 .settings
 /[0-9]*.patch
--- a/54
+++ b/54
@@ -10,6 +10,10 @@
 # 10.5 is the *ONLY* SDK that support PPC64 :( -- 10.6 do not have ppc64 support
 #If you need to have PPC64 support then change below to 1
 PPC64_NEEDED=0
 # Apple does not support building for PPC anymore in Xcode 4 and later.
 # If you're using Xcode 3 or earlier and need PPC support, then change
 # the setting below to 1
 PPC_NEEDED=0
 # For me the default is to develop for the platform I am on, and if you
 #desire compatibility with older versions then change USE_OLD to 1 :)
@@ -24,9 +28,16 @@ FRAMEWORK_VERSION=Versions/Release-$VERSION
 # and setup the right paths to this version, leaving the system version
 # "intact", so you can "fix" it later with the links to Versions/A/...
-
+DEVELOPER_PATH=`xcode-select --print-path`
-OLD_SDK=`ls  /Developer/SDKs|head -1`
+# Around Xcode 4.3, SDKs were moved from the Developer folder into the
-NEW_SDK=`ls -r /Developer/SDKs|head -1`
+# MacOSX.platform folder
 if test -d "$DEVELOPER_PATH/Platforms/MacOSX.platform/Developer/SDKs"; then
 SDK_PATH="$DEVELOPER_PATH/Platforms/MacOSX.platform/Developer/SDKs"
 else
 SDK_PATH="$DEVELOPER_PATH/SDKs";
 fi
 OLD_SDK=`ls  $SDK_PATH|head -1`
 NEW_SDK=`ls -r $SDK_PATH|head -1`
 if test "0"$USE_OLD -gt 0
 then
@@ -37,21 +48,24 @@ fi
 MACVER=`echo $SDK32|sed -e s/[a-zA-Z]//g -e s/.\$//`
-SDK32_DIR='/Developer/SDKs/'$SDK32
+SDK32_DIR=$SDK_PATH/$SDK32
 MINVER32='-mmacosx-version-min='$MACVER
-ARCHES32='-arch i386 -arch ppc'
+if test $PPC_NEEDED -gt 0; then
-
+ ARCHES32='-arch i386 -arch ppc'
 else
 ARCHES32='-arch i386'
 fi
 if test $PPC64_NEEDED -gt 0
 then
  SDK64=10.5
  ARCHES64='-arch x86_64 -arch ppc64'
-  SDK64=`ls  /Developer/SDKs|grep 10.5|head -1`
+  SDK64=`ls  $SDK_PATH|grep 10.5|head -1`
 else
 ARCHES64='-arch x86_64'
 #We "know" that 10.4 and earlier do not support 64bit
- OLD_SDK64=`ls  /Developer/SDKs|egrep -v "10.[0-4]"|head -1`
+ OLD_SDK64=`ls  $SDK_PATH|egrep -v "10.[0-4]"|head -1`
- NEW_SDK64=`ls -r /Developer/SDKs|egrep -v "10.[0-4]"|head -1`
+ NEW_SDK64=`ls -r $SDK_PATH|egrep -v "10.[0-4]"|head -1`
 if test $USE_OLD -gt 0
  then
   SDK64=$OLD_SDK64
@@ -60,7 +74,7 @@ else
  fi
 fi
-SDK64_DIR='/Developer/SDKs/'$SDK64
+SDK64_DIR=$SDK_PATH/$SDK64
 MACVER64=`echo $SDK64|sed -e s/[a-zA-Z]//g -e s/.\$//`
 MINVER64='-mmacosx-version-min='$MACVER64
@@ -68,13 +82,13 @@ MINVER64='-mmacosx-version-min='$MACVER64
 if test ! -z $SDK32; then
  echo "----Configuring libcurl for 32 bit universal framework..."
  make clean
-  ./configure --disable-dependency-tracking --disable-static --with-gssapi \
+  ./configure --disable-dependency-tracking --disable-static --with-gssapi --with-darwinssl \
-    CFLAGS="-Os -isysroot $SDK32_DIR $ARCHES32 $MINVER32" \
+    CFLAGS="-Os -isysroot $SDK32_DIR $ARCHES32" \
-    LDFLAGS="-Wl,-syslibroot,$SDK32_DIR $ARCHES32 $MINVER32 -Wl,-headerpad_max_install_names" \
+    LDFLAGS="-Wl,-syslibroot,$SDK32_DIR $ARCHES32 -Wl,-headerpad_max_install_names" \
    CC=$CC
  echo "----Building 32 bit libcurl..."
-  make
+  make -j `sysctl -n hw.logicalcpu_max`
  echo "----Creating 32 bit framework..."
  rm -r libcurl.framework
@@ -89,21 +103,21 @@ if test ! -z $SDK32; then
  ln -fs ${FRAMEWORK_VERSION}/Resources Resources
  ln -fs ${FRAMEWORK_VERSION}/Headers Headers
  cd Versions
-  ln -fs ${FRAMEWORK_VERSION} Current
+  ln -fs $(basename "${FRAMEWORK_VERSION}") Current
-  echo TEsting for SDK64
+  echo Testing for SDK64
  if test -d $SDK64_DIR; then
  echo entering...
    popd
    make clean
    echo "----Configuring libcurl for 64 bit universal framework..."
-    ./configure --disable-dependency-tracking --disable-static --with-gssapi \
+    ./configure --disable-dependency-tracking --disable-static --with-gssapi --with-darwinssl \
-      CFLAGS="-Os -isysroot $SDK64_DIR $ARCHES64 $MINVER64" \
+      CFLAGS="-Os -isysroot $SDK64_DIR $ARCHES64" \
-      LDFLAGS="-Wl,-syslibroot,$SDK64_DIR $ARCHES64 $MINVER64 -Wl,-headerpad_max_install_names" \
+      LDFLAGS="-Wl,-syslibroot,$SDK64_DIR $ARCHES64 -Wl,-headerpad_max_install_names" \
      CC=$CC
    echo "----Building 64 bit libcurl..."
-    make
+    make -j `sysctl -n hw.logicalcpu_max`
    echo "----Appending 64 bit framework to 32 bit framework..."
    cp lib/.libs/libcurl.dylib libcurl.framework/${FRAMEWORK_VERSION}/libcurl64
--- a/Makefile.am
+++ b/Makefile.am
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -30,13 +30,38 @@ CMake/CurlTests.c CMake/FindOpenSSL.cmake CMake/FindZLIB.cmake		\
 CMake/OtherTests.cmake CMake/Platforms/WindowsCache.cmake		\
 CMake/Utilities.cmake include/curl/curlbuild.h.cmake
 VC6LIBDSP = vs/vc6/lib/vc6libcurl.dsp
 VC6LIBDSPHEAD = vs/t/lib/vc6_libcurl_dsp.head
 VC6LIBDSPFOOT = vs/t/lib/vc6_libcurl_dsp.foot
 VC8LIBPRJ = vs/vc8/lib/vc8libcurl.vcproj
 VC8LIBPRJHEAD = vs/t/lib/vc8_libcurl_prj.head
 VC8LIBPRJFOOT = vs/t/lib/vc8_libcurl_prj.foot
 VC_DIST = \
 vs/t/README \
 $(VC6LIBDSP) $(VC6LIBDSPHEAD) $(VC6LIBDSPFOOT) \
 $(VC8LIBPRJ) $(VC8LIBPRJHEAD) $(VC8LIBPRJFOOT) \
 vs/vc6/vc6curl.dsw \
 vs/vc6/lib/vc6libcurl.dsw \
 vs/vc6/src/vc6curltool.dsw \
 vs/vc6/src/vc6curltool.dsp
 VC6LIBDSP_DEPS = $(VC6LIBDSPHEAD) $(VC6LIBDSPFOOT) \
 Makefile.am lib/Makefile.inc
 VC8LIBPRJ_DEPS = $(VC8LIBPRJHEAD) $(VC8LIBPRJFOOT) \
 Makefile.am lib/Makefile.inc
 WINBUILD_DIST = winbuild/BUILD.WINDOWS.txt winbuild/gen_resp_file.bat	\
-winbuild/MakefileBuild.vc winbuild/Makefile.vc
+ winbuild/MakefileBuild.vc winbuild/Makefile.vc				\
 winbuild/Makefile.msvc.names
 EXTRA_DIST = CHANGES COPYING maketgz Makefile.dist curl-config.in	\
- curl-style.el sample.emacs RELEASE-NOTES buildconf 	\
+ RELEASE-NOTES buildconf libcurl.pc.in MacOSX-Framework	\
- libcurl.pc.in vc6curl.dsw MacOSX-Framework Android.mk $(CMAKE_DIST)	\
+ $(CMAKE_DIST) $(VC_DIST) $(WINBUILD_DIST) lib/libcurl.vers.in
- Makefile.msvc.names $(WINBUILD_DIST) lib/libcurl.vers.in
+
 CLEANFILES = $(VC6LIBDSP) $(VC8LIBPRJ)
 bin_SCRIPTS = curl-config
@@ -46,6 +71,12 @@ DIST_SUBDIRS = $(SUBDIRS) tests packages docs
 pkgconfigdir = $(libdir)/pkgconfig
 pkgconfig_DATA = libcurl.pc
 # List of libcurl source files required to generate VC IDE dsp and prj files
 include lib/Makefile.inc
 WIN32SOURCES = $(CSOURCES)
 WIN32HEADERS = $(HHEADERS) config-win32.h
 dist-hook:
 	rm -rf $(top_builddir)/tests/log
 	find $(distdir) -name "*.dist" -exec rm {} \;
@@ -89,7 +120,7 @@ endif
 examples:
 	@(cd docs/examples; $(MAKE) check)
-# This is a hook to have 'make clean' also clean up the dosc and the tests
+# This is a hook to have 'make clean' also clean up the docs and the tests
 # dir. The extra check for the Makefiles being present is necessary because
 # 'make distcheck' will make clean first in these directories _before_ it runs
 # this hook.
@@ -166,3 +197,86 @@ ca-firefox: lib/firefox-db2pem.sh
 checksrc:
 	cd lib && $(MAKE) checksrc
 	cd src && $(MAKE) checksrc
 .PHONY: vc6-ide
 vc6-ide:
 	$(MAKE) $(VC6LIBDSP)
 $(VC6LIBDSP): $(VC6LIBDSP_DEPS)
 	@(echo "generating '$(VC6LIBDSP)'"; \
 	\
 	for dir in 'vs' 'vs/vc6' 'vs/vc6/lib'; do \
 	  test -d "$$dir" || mkdir "$$dir" || exit 1; \
 	done; \
 	\
 	dir='..\..\..\lib\'; \
 	body='$(VC6LIBDSP)'.body; \
 	win32_srcs='$(WIN32SOURCES)'; \
 	win32_hdrs='$(WIN32HEADERS)'; \
 	sorted_srcs=`for file in $$win32_srcs; do echo $$file; done | sort`; \
 	sorted_hdrs=`for file in $$win32_hdrs; do echo $$file; done | sort`; \
 	\
 	echo "# Begin Group \"Source Files\""  > $$body; \
 	echo ""                               >> $$body; \
 	echo "# PROP Default_Filter \"\""     >> $$body; \
 	for file in $$sorted_srcs; do \
 	  echo "# Begin Source File"          >> $$body; \
 	  echo ""                             >> $$body; \
 	  echo "SOURCE="$$dir$$file           >> $$body; \
 	  echo "# End Source File"            >> $$body; \
 	done; \
 	echo "# End Group"                    >> $$body; \
 	echo "# Begin Group \"Header Files\"" >> $$body; \
 	echo ""                               >> $$body; \
 	echo "# PROP Default_Filter \"\""     >> $$body; \
 	for file in $$sorted_hdrs; do \
 	  echo "# Begin Source File"          >> $$body; \
 	  echo ""                             >> $$body; \
 	  echo "SOURCE="$$dir$$file           >> $$body; \
 	  echo "# End Source File"            >> $$body; \
 	done; \
 	echo "# End Group"                    >> $$body; \
 	\
 	awk '{ printf("%s\r\n", $$0); }' \
 	  $(srcdir)/$(VC6LIBDSPHEAD) $$body $(srcdir)/$(VC6LIBDSPFOOT) \
 	  > $(VC6LIBDSP) || { rm -f $$body; exit 1; }; \
 	\
 	rm -f $$body)
 .PHONY: vc8-ide
 vc8-ide:
 	$(MAKE) $(VC8LIBPRJ)
 $(VC8LIBPRJ): $(VC8LIBPRJ_DEPS)
 	@(echo "generating '$(VC8LIBPRJ)'"; \
 	\
 	for dir in 'vs' 'vs/vc8' 'vs/vc8/lib'; do \
 	  test -d "$$dir" || mkdir "$$dir" || exit 1; \
 	done; \
 	\
 	dir='..\..\..\lib\'; \
 	body='$(VC8LIBPRJ)'.body; \
 	win32_srcs='$(WIN32SOURCES)'; \
 	win32_hdrs='$(WIN32HEADERS)'; \
 	sorted_srcs=`for file in $$win32_srcs; do echo $$file; done | sort`; \
 	sorted_hdrs=`for file in $$win32_hdrs; do echo $$file; done | sort`; \
 	\
 	echo "%tab%%tab%<Filter Name=\"Source Files\">"  > $$body; \
 	for file in $$sorted_srcs; do \
 	  echo "%tab%%tab%%tab%<File RelativePath=\""$$dir$$file"\"></File>" >> $$body; \
 	done; \
 	echo "%tab%%tab%</Filter>"                      >> $$body; \
 	echo "%tab%%tab%<Filter Name=\"Header Files\">" >> $$body; \
 	for file in $$sorted_hdrs; do \
 	  echo "%tab%%tab%%tab%<File RelativePath=\""$$dir$$file"\"></File>" >> $$body; \
 	done; \
 	echo "%tab%%tab%</Filter>"                      >> $$body; \
 	\
 	awk '{ gsub(/%tab%/, "\t"); printf("%s\r\n", $$0); }' \
 	  $(srcdir)/$(VC8LIBPRJHEAD) $$body $(srcdir)/$(VC8LIBPRJFOOT) \
 	  > $(VC8LIBPRJ) || { rm -f $$body; exit 1; }; \
 	\
 	rm -f $$body)
--- a/Makefile.dist
+++ b/Makefile.dist
@@ -148,12 +148,24 @@ vc-ssl-zlib: $(VC)
 	cd ..\src
 	nmake /f Makefile.$(VC) cfg=release-ssl-zlib
 vc-winssl-zlib: $(VC)
 	cd lib
 	nmake /f Makefile.$(VC) cfg=release-winssl-zlib
 	cd ..\src
 	nmake /f Makefile.$(VC) cfg=release-winssl-zlib
 vc-x64-ssl-zlib: $(VC)
 	cd lib
 	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-ssl-zlib
 	cd ..\src
 	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-ssl-zlib
 vc-x64-winssl-zlib: $(VC)
 	cd lib
 	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-winssl-zlib
 	cd ..\src
 	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-winssl-zlib
 vc-ssl-dll: $(VC)
 	cd lib
 	nmake /f Makefile.$(VC) cfg=release-ssl-dll
--- a/169
+++ b/169
@@ -1,66 +1,68 @@
-Curl and libcurl 7.29.0
+Curl and libcurl 7.33.0
- Public curl releases:         131
+ Public curl releases:         135
- Command line options:         152
+ Command line options:         161
- curl_easy_setopt() options:   199
+ curl_easy_setopt() options:   205
 Public functions in libcurl:  58
- Known libcurl bindings:       39
+ Known libcurl bindings:       42
- Contributors:                 993
+ Contributors:                 1057
 This release includes the following securify fix:
 o POP3/IMAP/SMTP SASL buffer overflow vulnerability [17]
 This release includes the following changes:
- o test: offer "automake" output and check for perl better
+ o test code for testing the event based API [3]
- o always-multi: always use non-blocking internals [1]
+ o CURLM_ADDED_ALREADY: new error code
- o imap: Added support for sasl digest-md5 authentication
+ o test TFTP server: support "writedelay" within <servercmd>
- o imap: Added support for sasl cram-md5 authentication
+ o krb4 support has been removed
- o imap: Added support for sasl ntlm authentication
+ o imap/pop3/smtp: added basic SASL XOAUTH2 support [9]
- o imap: Added support for sasl login authentication
+ o darwinssl: add support for PKCS#12 files for client authentication
- o imap: Added support for sasl plain text authentication
+ o darwinssl: enable BEAST workaround on iOS 7 & later
- o imap: Added support for login disabled server capability
+ o Pass password to OpenSSL engine by user interface [15]
- o mk-ca-bundle: add -f, support passing to stdout and more [5]
+ o c-ares: Add support for various DNS binding options
- o writeout: -w now supports remote_ip/port and local_ip/port
+ o cookies: add expiration
 o curl: added --oauth2-bearer option
 This release includes the following bugfixes:
- o nss: prevent NSS from crashing on client auth hook failure
+ o nss: make sure that NSS is initialized
- o darwinssl: Fixed inability to disable peer verification on Snow Leopard
+ o curl: make --no-[option] work properly for several options
-   and Lion
+ o FTP: with socket_action send better socket updates in active mode [1]
- o curl_multi_remove_handle: fix memory leak triggered with CURLOPT_RESOLVE
+ o curl: fix the --sasl-ir in the --help output
- o SCP: relative path didn't work as documented [7]
+ o tests 2032, 2033: Don't hardcode port in expected output
- o setup_once.h: HP-UX <sys/socket.h> issue workaround
+ o urlglob: better detect unclosed braces, empty lists and overflows [7]
- o configure: fix cross pkg-config detection
+ o urlglob: error out on range overflow [8]
- o runtests: Do not add undefined values to @INC
+ o imap: Fixed response check for SEARCH, EXPUNGE, LSUB, UID and NOOP commands [10]
- o build: fix compilation with CURL_DISABLE_CRYPTO_AUTH flag
+ o handle arbitrary-length username and password [2]
- o multi: fix re-sending request on early connection close
+ o TFTP: make the CURLOPT_LOW_SPEED* options work [4]
- o HTTP: remove stray CRLF in chunk-encoded content-free request bodies
+ o curl.h: name space pollution by "enum type" [5]
- o build: fix AIX compilation and usage of events/revents
+ o multi: move on from STATE_DONE faster [6]
- o VC Makefiles: add missing hostcheck
+ o FTP: 60 secs delay if aborted in the CURLOPT_HEADERFUNCTION callback [11]
- o nss: clear session cache if a client certificate from file is used
+ o multi_socket: improved 100-continue timeout handling
- o nss: fix error messages for CURLE_SSL_{CACERT,CRL}_BADFILE
+ o curl_multi_remove_handle: allow multiple removes
- o fix HTTP CONNECT tunnel establishment upon delayed response [2]
+ o FTP: fix getsock during DO_MORE state [12]
- o --libcurl: fix for non-zero default options
+ o -x: rephrased the --proxy section somewhat
- o FTP: reject illegal port numbers in EPSV 229 responses
+ o acinclude: fix --without-ca-path when cross-compiling [13]
- o build: use per-target '_CPPFLAGS' for those currently using default
+ o LDAP: fix bad free() when URL parsing failed [14]
- o configure: fix automake 1.13 compatibility [6]
+ o --data: mention CRLF treatment when reading from file
- o curl: ignore SIGPIPE [4]
+ o curl_easy_pause: suggest one way to unpause
- o pop3: Added support for non-blocking SSL upgrade
+ o imap: Fixed calculation of transfer when partial FETCH received [16]
- o pop3: Fixed default authentication detection
+ o pingpong: Check SSL library buffers for already read data [16]
- o imap: Fixed usernames and passwords that contain escape characters
+ o imap/pop3/smtp: Speed up SSL connection initialization
- o packages/DOS/common.dj: remove COFF debug info generation [3]
+ o libcurl.3: for multi interface connections are held in the multi handle
- o imap/pop3/smtp: Fixed failure detection during TLS upgrade [8]
+ o curl_easy_setopt.3: mention RTMP URL quirks [17]
- o pop3: Fixed no known authentication mechanism when fallback is required [9]
+ o curl.1: detail how short/long options work [18]
- o formadd: reject trying to read a directory where a file is expected [10]
+ o curl.1: Added information about optional login options to --user option
- o formpost: support quotes, commas and semicolon in file names [11]
+ o curl: Added clarification to the --mail options in the --help output
- o docs: update the comments about loading CA certs with NSS [12]
+ o curl_easy_setopt.3: clarify that TIMEOUT and TIMEOUT_MS set the same value
- o docs: fix typos in man pages [13]
+ o openssl: use correct port number in error message [19]
- o darwinssl: Fix bug where packets were sometimes transmitted twice [14]
+ o darwinssl: block TLS_RSA_WITH_NULL_SHA256 cipher
- o winbuild: include version info for .dll .exe [15]
+ o OpenSSL: acknowledge CURLOPT_SSL_VERIFYHOST without VERIFYPEER
- o schannel: Removed extended error connection setup flag [16]
+ o xattr: add support for FreeBSD xattr API
- o VMS: fix and generate the VMS build config
+ o win32: fix Visual Studio 2010 build with WINVER >= 0x600 [22]
 o configure: use icc options without space [21]
 o test1112: Increase the timeout from 7s to 16s [20]
 o SCP: upload speed on a fast connection limited to 16384 B/s
 o curl_setup_once: fix errno access for lwip on Windows [24]
 o HTTP: Output http response 304 when modified time is too old [23]
 This release includes the following known bugs:
@@ -69,32 +71,41 @@ This release includes the following known bugs:
 This release would not have looked like this without help, code, reports and
 advice from friends like these:
- Nick Zitzmann, Colin Watson, Fabian Keil, Kamil Dudka, Lijo Antony,
+ Alex McLellan, Bill Doyle, Colby Ranger, Fabian Keil, Gisle Vanem,
- Linus Nielsen Feltzing, Marc Hoersken, Stanislav Ivochkin, Steve Holme,
+ John E. Malmberg, Jonathan Nieder, Kamil Dudka, Shawn Landden,
- Yang Tse, Balaji Parasuram, Dan Fandrich, Bob Relyea, Gisle Vanem,
+ Tor Arntsen, Will Dietz, Yi Huang, Kyle L. Huff, Steve Holme, Mike Mio,
- Yves Arrouye, Kai Engert, Lluís Batlle i Rossell, Jirí Hruka,
+ Stefan Neis, Nick Zitzmann, Geoff Beier, John Dunn, Jiri Hruska,
- John E. Malmberg, Tor Arntsen, Matt Arsenault, Sergei Nikulov,
+ Tomas Mlcoch, Kim Vandry, Ben Greear, Gorilla Maguila, Jerry Krinock,
- Guenter Knauf, Craig Davison, Ulrich Doehner, Jiri Jaburek, Bruno de Carvalho,
+ Yamada Yasuharu, Gordon Marler, Dave Thompson, D. Flinkmann,
- Eldar Zaitov
+ Benoit Sigoure, Clemens Gruber, Guenter Knauf, Petr Pisar, Elmira A Semenova,
 Francois Charlier, Ishan SinghLevett, Marcel Raad, Ulf Samuelsson,
 Andrej E Baranov, Derek Higgins, Heinrich Schaefer
        Thanks! (and sorry if I forgot to mention someone)
 References to bug reports and discussions on issues:
- [1] = http://daniel.haxx.se/blog/2013/01/17/internally-were-all-multi-now/
+ [1] = http://curl.haxx.se/mail/lib-2013-08/0043.html
- [2] = http://curl.haxx.se/mail/lib-2013-01/0191.html
+ [2] = http://bugs.debian.org/719856
- [3] = http://curl.haxx.se/mail/lib-2013-01/0130.html
+ [3] = http://daniel.haxx.se/blog/2013/08/20/testing-curl_multi_socket_action/
- [4] = http://curl.haxx.se/bug/view.cgi?id=1180
+ [4] = http://curl.haxx.se/bug/view.cgi?id=1269
- [5] = http://curl.haxx.se/mail/lib-2013-01/0045.html
+ [5] = https://github.com/bagder/curl/pull/76
- [6] = http://curl.haxx.se/mail/lib-2012-12/0246.html
+ [6] = http://curl.haxx.se/mail/lib-2013-08/0211.html
- [7] = http://curl.haxx.se/bug/view.cgi?id=1173
+ [7] = http://curl.haxx.se/bug/view.cgi?id=1264
- [8] = http://curl.haxx.se/mail/lib-2013-01/0250.html
+ [8] = http://curl.haxx.se/bug/view.cgi?id=1267
- [9] = http://curl.haxx.se/mail/lib-2013-02/0004.html
+ [9] = http://curl.haxx.se/mail/lib-2013-08/0234.html
- [10] = http://curl.haxx.se/mail/archive-2013-01/0017.html
+ [10] = http://curl.haxx.se/mail/lib-2013-08/0136.html
- [11] = http://curl.haxx.se/bug/view.cgi?id=1171
+ [11] = https://bugzilla.redhat.com/1005686
- [12] = https://bugzilla.redhat.com/696783
+ [12] = http://curl.haxx.se/mail/lib-2013-08/0109.html
- [13] = https://bugzilla.redhat.com/896544
+ [13] = http://curl.haxx.se/bug/view.cgi?id=1273
- [14] = http://curl.haxx.se/mail/lib-2013-01/0295.html
+ [14] = http://curl.haxx.se/mail/lib-2013-08/0209.html
- [15] = http://curl.haxx.se/bug/view.cgi?id=1186
+ [15] = http://curl.haxx.se/mail/lib-2013-08/0265.html
- [16] = http://curl.haxx.se/bug/view.cgi?id=1187
+ [16] = http://curl.haxx.se/mail/lib-2013-08/0170.html
- [17] = http://curl.haxx.se/docs/adv_20130206.html
+ [17] = http://curl.haxx.se/bug/view.cgi?id=1278
 [18] = http://curl.haxx.se/bug/view.cgi?id=1279
 [19] = http://curl.haxx.se/bug/view.cgi?id=1281
 [20] = http://curl.haxx.se/mail/lib-2010-02/0200.html
 [21] = http://curl.haxx.se/mail/lib-2013-09/0182.html
 [22] = http://curl.haxx.se/bug/view.cgi?id=1282
 [23] = http://curl.haxx.se/bug/view.cgi?id=1288
 [24] = http://curl.haxx.se/mail/lib-2013-10/0048.html
--- a/12
+++ b/12
@@ -1,14 +1,4 @@
-To be addressed in 7.29
+To be addressed in ...
 =======================
 310 - a new authentication callback
 312 - custom Content-Length appears in CONNECT, solve it by offering a
      separate option to provide headers for the CONNECT request:
      http://curl.haxx.se/mail/lib-2012-09/0059.html
 317 - CURLINFO_SSL_TRUST to return SSL-specific data for a darwinssl build
 322 - pipelining improvements
 327 - 
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -1597,213 +1597,6 @@ AC_DEFUN([CURL_CHECK_FUNC_SEND], [
  fi
 ])
 dnl CURL_CHECK_FUNC_RECVFROM
 dnl -------------------------------------------------
 dnl Test if the socket recvfrom() function is available,
 dnl and check its return type and the types of its
 dnl arguments. If the function succeeds HAVE_RECVFROM
 dnl will be defined, defining the types of the arguments
 dnl in RECVFROM_TYPE_ARG1, RECVFROM_TYPE_ARG2, and so on
 dnl to RECVFROM_TYPE_ARG6, defining also the type of the
 dnl function return value in RECVFROM_TYPE_RETV.
 dnl Notice that the types returned for pointer arguments
 dnl will actually be the type pointed by the pointer.
 AC_DEFUN([CURL_CHECK_FUNC_RECVFROM], [
  AC_REQUIRE([CURL_CHECK_HEADER_WINSOCK])dnl
  AC_REQUIRE([CURL_CHECK_HEADER_WINSOCK2])dnl
  AC_CHECK_HEADERS(sys/types.h sys/socket.h)
  #
  AC_MSG_CHECKING([for recvfrom])
  AC_LINK_IFELSE([
    AC_LANG_PROGRAM([[
 #undef inline
 #ifdef HAVE_WINDOWS_H
 #ifndef WIN32_LEAN_AND_MEAN
 #define WIN32_LEAN_AND_MEAN
 #endif
 #include <windows.h>
 #ifdef HAVE_WINSOCK2_H
 #include <winsock2.h>
 #else
 #ifdef HAVE_WINSOCK_H
 #include <winsock.h>
 #endif
 #endif
 #else
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
 #endif
 #ifdef HAVE_SYS_SOCKET_H
 #include <sys/socket.h>
 #endif
 #endif
    ]],[[
      recvfrom(0, 0, 0, 0, 0, 0);
    ]])
  ],[
    AC_MSG_RESULT([yes])
    curl_cv_recvfrom="yes"
  ],[
    AC_MSG_RESULT([no])
    curl_cv_recvfrom="no"
  ])
  #
  if test "$curl_cv_recvfrom" = "yes"; then
    AC_CACHE_CHECK([types of args and return type for recvfrom],
      [curl_cv_func_recvfrom_args], [
      curl_cv_func_recvfrom_args="unknown"
      for recvfrom_retv in 'int' 'ssize_t'; do
        for recvfrom_arg1 in 'int' 'ssize_t' 'SOCKET'; do
          for recvfrom_arg2 in 'char *' 'void *'; do
            for recvfrom_arg3 in 'size_t' 'int' 'socklen_t' 'unsigned int'; do
              for recvfrom_arg4 in 'int' 'unsigned int'; do
                for recvfrom_arg5 in 'struct sockaddr *' 'void *' 'const struct sockaddr *'; do
                  for recvfrom_arg6 in 'socklen_t *' 'int *' 'unsigned int *' 'size_t *' 'void *'; do
                    if test "$curl_cv_func_recvfrom_args" = "unknown"; then
                      AC_COMPILE_IFELSE([
                        AC_LANG_PROGRAM([[
 #undef inline
 #ifdef HAVE_WINDOWS_H
 #ifndef WIN32_LEAN_AND_MEAN
 #define WIN32_LEAN_AND_MEAN
 #endif
 #include <windows.h>
 #ifdef HAVE_WINSOCK2_H
 #include <winsock2.h>
 #else
 #ifdef HAVE_WINSOCK_H
 #include <winsock.h>
 #endif
 #endif
 #define RECVFROMCALLCONV PASCAL
 #else
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
 #endif
 #ifdef HAVE_SYS_SOCKET_H
 #include <sys/socket.h>
 #endif
 #define RECVFROMCALLCONV
 #endif
                          extern $recvfrom_retv RECVFROMCALLCONV
                          recvfrom($recvfrom_arg1, $recvfrom_arg2,
                                   $recvfrom_arg3, $recvfrom_arg4,
                                   $recvfrom_arg5, $recvfrom_arg6);
                        ]],[[
                          $recvfrom_arg1 s=0;
                          $recvfrom_arg2 buf=0;
                          $recvfrom_arg3 len=0;
                          $recvfrom_arg4 flags=0;
                          $recvfrom_arg5 addr=0;
                          $recvfrom_arg6 addrlen=0;
                          $recvfrom_retv res=0;
                          res = recvfrom(s, buf, len, flags, addr, addrlen);
                        ]])
                      ],[
                        curl_cv_func_recvfrom_args="$recvfrom_arg1,$recvfrom_arg2,$recvfrom_arg3,$recvfrom_arg4,$recvfrom_arg5,$recvfrom_arg6,$recvfrom_retv"
                      ])
                    fi
                  done
                done
              done
            done
          done
        done
      done
    ]) # AC-CACHE-CHECK
    # Nearly last minute change for this release starts here
    AC_DEFINE_UNQUOTED(HAVE_RECVFROM, 1,
      [Define to 1 if you have the recvfrom function.])
    ac_cv_func_recvfrom="yes"
    # Nearly last minute change for this release ends here
    if test "$curl_cv_func_recvfrom_args" = "unknown"; then
      AC_MSG_WARN([Cannot find proper types to use for recvfrom args])
    else
      recvfrom_prev_IFS=$IFS; IFS=','
      set dummy `echo "$curl_cv_func_recvfrom_args" | sed 's/\*/\*/g'`
      IFS=$recvfrom_prev_IFS
      shift
      #
      recvfrom_ptrt_arg2=$[2]
      recvfrom_qual_ptrt_arg5=$[5]
      recvfrom_ptrt_arg6=$[6]
      #
      AC_DEFINE_UNQUOTED(RECVFROM_TYPE_ARG1, $[1],
        [Define to the type of arg 1 for recvfrom.])
      AC_DEFINE_UNQUOTED(RECVFROM_TYPE_ARG3, $[3],
        [Define to the type of arg 3 for recvfrom.])
      AC_DEFINE_UNQUOTED(RECVFROM_TYPE_ARG4, $[4],
        [Define to the type of arg 4 for recvfrom.])
      AC_DEFINE_UNQUOTED(RECVFROM_TYPE_RETV, $[7],
        [Define to the function return type for recvfrom.])
      #
      prev_sh_opts=$-
      #
      case $prev_sh_opts in
        *f*)
          ;;
        *)
          set -f
          ;;
      esac
      #
      case "$recvfrom_qual_ptrt_arg5" in
        const*)
          recvfrom_qual_arg5=const
          recvfrom_ptrt_arg5=`echo $recvfrom_qual_ptrt_arg5 | sed 's/^const //'`
        ;;
        *)
          recvfrom_qual_arg5=
          recvfrom_ptrt_arg5=$recvfrom_qual_ptrt_arg5
        ;;
      esac
      #
      recvfrom_type_arg2=`echo $recvfrom_ptrt_arg2 | sed 's/ \*//'`
      recvfrom_type_arg5=`echo $recvfrom_ptrt_arg5 | sed 's/ \*//'`
      recvfrom_type_arg6=`echo $recvfrom_ptrt_arg6 | sed 's/ \*//'`
      #
      AC_DEFINE_UNQUOTED(RECVFROM_TYPE_ARG2, $recvfrom_type_arg2,
        [Define to the type pointed by arg 2 for recvfrom.])
      AC_DEFINE_UNQUOTED(RECVFROM_QUAL_ARG5, $recvfrom_qual_arg5,
        [Define to the type qualifier pointed by arg 5 for recvfrom.])
      AC_DEFINE_UNQUOTED(RECVFROM_TYPE_ARG5, $recvfrom_type_arg5,
        [Define to the type pointed by arg 5 for recvfrom.])
      AC_DEFINE_UNQUOTED(RECVFROM_TYPE_ARG6, $recvfrom_type_arg6,
        [Define to the type pointed by arg 6 for recvfrom.])
      #
      if test "$recvfrom_type_arg2" = "void"; then
        AC_DEFINE_UNQUOTED(RECVFROM_TYPE_ARG2_IS_VOID, 1,
          [Define to 1 if the type pointed by arg 2 for recvfrom is void.])
      fi
      if test "$recvfrom_type_arg5" = "void"; then
        AC_DEFINE_UNQUOTED(RECVFROM_TYPE_ARG5_IS_VOID, 1,
          [Define to 1 if the type pointed by arg 5 for recvfrom is void.])
      fi
      if test "$recvfrom_type_arg6" = "void"; then
        AC_DEFINE_UNQUOTED(RECVFROM_TYPE_ARG6_IS_VOID, 1,
          [Define to 1 if the type pointed by arg 6 for recvfrom is void.])
      fi
      #
      case $prev_sh_opts in
        *f*)
          ;;
        *)
          set +f
          ;;
      esac
      #
      AC_DEFINE_UNQUOTED(HAVE_RECVFROM, 1,
        [Define to 1 if you have the recvfrom function.])
      ac_cv_func_recvfrom="yes"
    fi
  else
    AC_MSG_WARN([Unable to link function recvfrom])
  fi
 ])
 dnl CURL_CHECK_MSG_NOSIGNAL
 dnl -------------------------------------------------
 dnl Check for MSG_NOSIGNAL
@@ -2827,46 +2620,50 @@ AC_HELP_STRING([--without-ca-path], [Don't use a default CA path]),
    capath="$want_capath"
    ca="no"
  else
    dnl neither of --with-ca-* given
    dnl first try autodetecting a CA bundle , then a CA path
    dnl both autodetections can be skipped by --without-ca-*
    ca="no"
    capath="no"
-    if test "x$want_ca" = "xunset"; then
+    if test "x$cross_compiling" != "xyes"; then
-      dnl the path we previously would have installed the curl ca bundle
+      dnl NOT cross-compiling and...
-      dnl to, and thus we now check for an already existing cert in that place
+      dnl neither of the --with-ca-* options are provided
-      dnl in case we find no other
+      if test "x$want_ca" = "xunset"; then
-      if test "x$prefix" != xNONE; then
+        dnl the path we previously would have installed the curl ca bundle
-        cac="${prefix}/share/curl/curl-ca-bundle.crt"
+        dnl to, and thus we now check for an already existing cert in that
-      else
+        dnl place in case we find no other
-        cac="$ac_default_prefix/share/curl/curl-ca-bundle.crt"
+        if test "x$prefix" != xNONE; then
-      fi
+          cac="${prefix}/share/curl/curl-ca-bundle.crt"
        else
          cac="$ac_default_prefix/share/curl/curl-ca-bundle.crt"
        fi
-      for a in /etc/ssl/certs/ca-certificates.crt \
+        for a in /etc/ssl/certs/ca-certificates.crt \
-               /etc/pki/tls/certs/ca-bundle.crt \
+                 /etc/pki/tls/certs/ca-bundle.crt \
-               /usr/share/ssl/certs/ca-bundle.crt \
+                 /usr/share/ssl/certs/ca-bundle.crt \
-               /usr/local/share/certs/ca-root.crt \
+                 /usr/local/share/certs/ca-root.crt \
-               /etc/ssl/cert.pem \
+                 /etc/ssl/cert.pem \
-               "$cac"; do
+                 "$cac"; do
-        if test -f "$a"; then
+          if test -f "$a"; then
-          ca="$a"
+            ca="$a"
-          break
+            break
-        fi
+          fi
-      done
+        done
-    fi
+      fi
-    if test "x$want_capath" = "xunset" -a "x$ca" = "xno" -a \
+      if test "x$want_capath" = "xunset" -a "x$ca" = "xno" -a \
-            "x$OPENSSL_ENABLED" = "x1"; then
+              "x$OPENSSL_ENABLED" = "x1"; then
-      for a in /etc/ssl/certs/; do
+        for a in /etc/ssl/certs/; do
-        if test -d "$a" && ls "$a"/[[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f]].0 >/dev/null 2>/dev/null; then
+          if test -d "$a" && ls "$a"/[[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f]].0 >/dev/null 2>/dev/null; then
-          capath="$a"
+            capath="$a"
-          break
+            break
-        fi
+          fi
-      done
+        done
      fi
    else
      dnl no option given and cross-compiling
      AC_MSG_WARN([skipped the ca-cert path detection when cross-compiling])
    fi
  fi
  if test "x$ca" != "xno"; then
    CURL_CA_BUNDLE='"'$ca'"'
    AC_DEFINE_UNQUOTED(CURL_CA_BUNDLE, "$ca", [Location of default ca bundle])
--- a/configure.ac
+++ b/configure.ac
@@ -126,7 +126,7 @@ fi
 dnl figure out the libcurl version
 CURLVERSION=`$SED -ne 's/^#define LIBCURL_VERSION "\(.*\)"/\1/p' ${srcdir}/include/curl/curlver.h`
 XC_CHECK_PROG_CC
-AM_INIT_AUTOMAKE
+XC_AUTOMAKE
 AC_MSG_CHECKING([curl version])
 AC_MSG_RESULT($CURLVERSION)
@@ -150,7 +150,6 @@ dnl initialize all the info variables
    curl_ssl_msg="no      (--with-{ssl,gnutls,nss,polarssl,cyassl,axtls,winssl,darwinssl} )"
    curl_ssh_msg="no      (--with-libssh2)"
   curl_zlib_msg="no      (--with-zlib)"
   curl_krb4_msg="no      (--with-krb4*)"
    curl_gss_msg="no      (--with-gssapi)"
 curl_spnego_msg="no      (--with-spnego)"
 curl_tls_srp_msg="no      (--enable-tls-srp)"
@@ -198,74 +197,50 @@ CURL_CONFIGURE_REENTRANT
 dnl check for how to do large files
 AC_SYS_LARGEFILE
-dnl support building of Windows DLLs
+XC_LIBTOOL
 AC_LIBTOOL_WIN32_DLL
-dnl force libtool to build static libraries with PIC on AMD64-Linux & FreeBSD
+#
-AC_MSG_CHECKING([if arch-OS host is AMD64-Linux/FreeBSD (to build static libraries with PIC)])
+# Automake conditionals based on libtool related checks
-case $host in
+#
  x86_64*linux*|amd64*freebsd*|ia64*freebsd*)
    AC_MSG_RESULT([yes])
    with_pic=yes
    ;;
  *)
    AC_MSG_RESULT([no])
    ;;
 esac
-AC_MSG_CHECKING([if compiler is icc (to build with PIC)])
+AM_CONDITIONAL([CURL_LT_SHLIB_USE_VERSION_INFO],
-case $CC in
+  [test "x$xc_lt_shlib_use_version_info" = 'xyes'])
-  icc | */icc)
+AM_CONDITIONAL([CURL_LT_SHLIB_USE_NO_UNDEFINED],
-    AC_MSG_RESULT([yes])
+  [test "x$xc_lt_shlib_use_no_undefined" = 'xyes'])
-    with_pic=yes
+AM_CONDITIONAL([CURL_LT_SHLIB_USE_MIMPURE_TEXT],
-    ;;
+  [test "x$xc_lt_shlib_use_mimpure_text" = 'xyes'])
  *)
    AC_MSG_RESULT([no])
    ;;
 esac
-dnl libtool setup
+#
-AC_PROG_LIBTOOL
+# Due to libtool and automake machinery limitations of not allowing
 # specifying separate CPPFLAGS or CFLAGS when compiling objects for
 # inclusion of these in shared or static libraries, we are forced to
 # build using separate configure runs for shared and static libraries
 # on systems where different CPPFLAGS or CFLAGS are mandatory in order
 # to compile objects for each kind of library. Notice that relying on
 # the '-DPIC' CFLAG that libtool provides is not valid given that the
 # user might for example choose to build static libraries with PIC.
 #
-AC_MSG_CHECKING([if we need -mimpure-text])
+#
-mimpure=no
+# Make our Makefile.am files use the staticlib CPPFLAG only when strictly
-case $host in
+# targeting a static library and not building its shared counterpart.
-  *-*-solaris2*)
+#
-    if test "$GCC" = "yes"; then
+
-      mimpure="yes"
+AM_CONDITIONAL([USE_CPPFLAG_CURL_STATICLIB],
-    fi
+  [test "x$xc_lt_build_static_only" = 'xyes'])
-    ;;
+
-  *)
+#
-    ;;
+# Make staticlib CPPFLAG variable and its definition visible in output
-esac
+# files unconditionally, providing an empty definition unless strictly
-AC_MSG_RESULT($mimpure)
+# targeting a static library and not building its shared counterpart.
-AM_CONDITIONAL(MIMPURE, test x$mimpure = xyes)
+#
 CPPFLAG_CURL_STATICLIB=
 if test "x$xc_lt_build_static_only" = 'xyes'; then
  CPPFLAG_CURL_STATICLIB='-DCURL_STATICLIB'
 fi
 AC_SUBST([CPPFLAG_CURL_STATICLIB])
 AC_MSG_CHECKING([if we need BUILDING_LIBCURL])
 use_cppflag_building_libcurl="no"
 use_cppflag_curl_staticlib="no"
 CPPFLAG_CURL_STATICLIB=""
 case $host in
  *-*-mingw*)
    AC_MSG_RESULT(yes)
    use_cppflag_building_libcurl="yes"
    AC_MSG_CHECKING([if we need CURL_STATICLIB])
    if test "X$enable_shared" = "Xno"
    then
      AC_MSG_RESULT(yes)
      use_cppflag_curl_staticlib="yes"
      CPPFLAG_CURL_STATICLIB="-DCURL_STATICLIB"
    else
      AC_MSG_RESULT(no)
    fi
    ;;
  *)
    AC_MSG_RESULT(no)
    ;;
 esac
 AM_CONDITIONAL(USE_CPPFLAG_BUILDING_LIBCURL, test x$use_cppflag_building_libcurl = xyes)
 AM_CONDITIONAL(USE_CPPFLAG_CURL_STATICLIB, test x$use_cppflag_curl_staticlib = xyes)
 AC_SUBST(CPPFLAG_CURL_STATICLIB)
 # Determine whether all dependent libraries must be specified when linking
 if test "X$enable_shared" = "Xyes" -a "X$link_all_deplibs" = "Xno"
@@ -277,10 +252,6 @@ fi
 AC_SUBST(REQUIRE_LIB_DEPS)
 AM_CONDITIONAL(USE_EXPLICIT_LIB_DEPS, test x$REQUIRE_LIB_DEPS = xyes)
 dnl The install stuff has already been taken care of by the automake stuff
 dnl AC_PROG_INSTALL
 AC_PROG_MAKE_SET
 dnl check if there's a way to force code inline
 AC_C_INLINE
@@ -311,9 +282,6 @@ CURL_CHECK_COMPILER_ARRAY_SIZE_NEGATIVE
 CURL_CHECK_COMPILER_PROTOTYPE_MISMATCH
 CURL_CHECK_COMPILER_SYMBOL_HIDING
 CURL_CHECK_NO_UNDEFINED
 AM_CONDITIONAL(NO_UNDEFINED, test x$need_no_undefined = xyes)
 CURL_CHECK_CURLDEBUG
 AM_CONDITIONAL(CURLDEBUG, test x$want_curldebug = xyes)
@@ -1165,101 +1133,6 @@ no)
        ;;
 esac
 dnl **********************************************************************
 dnl Check for the presence of Kerberos4 libraries and headers
 dnl **********************************************************************
 AC_ARG_WITH(krb4-includes,
 AC_HELP_STRING([--with-krb4-includes=DIR],
               [Specify location of kerberos4 headers]),[
 CPPFLAGS="$CPPFLAGS -I$withval"
 KRB4INC="$withval"
 want_krb4=yes
 ])
 AC_ARG_WITH(krb4-libs,
 AC_HELP_STRING([--with-krb4-libs=DIR],[Specify location of kerberos4 libs]),[
 LDFLAGS="$LDFLAGS -L$withval"
 KRB4LIB="$withval"
 want_krb4=yes
 ])
 OPT_KRB4=off
 AC_ARG_WITH(krb4,dnl
 AC_HELP_STRING([--with-krb4=DIR],[where to look for Kerberos4]),[
  OPT_KRB4="$withval"
  if test X"$OPT_KRB4" != Xno; then
    want_krb4="yes"
    if test X"$OPT_KRB4" != Xyes; then
      LDFLAGS="$LDFLAGS -L$OPT_KRB4/lib$libsuff"
      KRB4LIB="$OPT_KRB4/lib$libsuff"
      CPPFLAGS="$CPPFLAGS -I$OPT_KRB4/include"
      KRB4INC="$OPT_KRB4/include"
    fi
  fi
 ])
 AC_MSG_CHECKING([if Kerberos4 support is requested])
 if test "$want_krb4" = yes
 then
  if test "$ipv6" = "yes"; then
    echo krb4 is not compatible with IPv6
    exit 1
  fi
  AC_MSG_RESULT(yes)
  dnl Check for & handle argument to --with-krb4
  AC_MSG_CHECKING(where to look for Kerberos4)
  if test X"$OPT_KRB4" = Xyes
  then
    AC_MSG_RESULT([defaults])
  else
    AC_MSG_RESULT([libs in $KRB4LIB, headers in $KRB4INC])
  fi
  dnl Check for DES library
  AC_CHECK_LIB(des, des_pcbc_encrypt,
  [
    AC_CHECK_HEADERS(des.h)
    dnl resolv lib?
    AC_CHECK_FUNC(res_search, , [AC_CHECK_LIB(resolv, res_search)])
    dnl Check for the Kerberos4 library
    AC_CHECK_LIB(krb, krb_net_read,
    [
      dnl Check for header files
      AC_CHECK_HEADERS(krb.h)
      dnl we found the required libraries, add to LIBS
      LIBS="-lkrb -lcom_err -ldes $LIBS"
      dnl Check for function krb_get_our_ip_for_realm
      dnl this is needed for NAT networks
      AC_CHECK_FUNCS(krb_get_our_ip_for_realm)
      dnl add define KRB4
      AC_DEFINE(HAVE_KRB4, 1,
      [if you have the Kerberos4 libraries (including -ldes)])
      dnl substitute it too!
      KRB4_ENABLED=1
      AC_SUBST(KRB4_ENABLED)
      curl_krb4_msg="enabled"
      dnl the krb4 stuff needs a strlcpy()
      AC_CHECK_FUNCS(strlcpy)
    ])
  ])
 else
  AC_MSG_RESULT(no)
 fi
 dnl **********************************************************************
 dnl Check for FBopenssl(SPNEGO) libraries
 dnl **********************************************************************
@@ -2293,7 +2166,7 @@ fi
 if test "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED$POLARSSL_ENABLED$AXTLS_ENABLED$CYASSL_ENABLED$WINSSL_ENABLED$DARWINSSL_ENABLED" = "x"; then
  AC_MSG_WARN([SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more.])
-  AC_MSG_WARN([Use --with-ssl, --with-gnutls, --with-polarssl, --with-cyassl, --with-nss, --with-axtls or --with-winssl to address this.])
+  AC_MSG_WARN([Use --with-ssl, --with-gnutls, --with-polarssl, --with-cyassl, --with-nss, --with-axtls, --with-winssl, or --with-darwinssl to address this.])
 else
  # SSL is enabled, genericly
  AC_SUBST(SSL_ENABLED)
@@ -2613,8 +2486,10 @@ AC_MSG_RESULT(no)
 ]
 )
-AC_SUBST(VERSIONED_FLAVOUR, ["$versioned_symbols_flavour"])
+AC_SUBST([CURL_LT_SHLIB_VERSIONED_FLAVOUR],
-AM_CONDITIONAL(VERSIONED_SYMBOLS, test "x$versioned_symbols" = "xyes")
+  ["$versioned_symbols_flavour"])
 AM_CONDITIONAL([CURL_LT_SHLIB_USE_VERSIONED_SYMBOLS],
  [test "x$versioned_symbols" = 'xyes'])
 dnl -------------------------------------------------
 dnl check winidn option before other IDN libraries
@@ -2837,6 +2712,92 @@ dnl http://publibn.boulder.ibm.com/doc_link/en_US/a_doc_lib/aixprggd/ \
 dnl genprogc/thread_quick_ref.htm
 dnl **********************************************************************
 dnl Check for nghttp2
 dnl **********************************************************************
 AC_MSG_CHECKING([whether to build with nghttp2])
 OPT_H2="no"
 AC_ARG_WITH(nghttp2,
 AC_HELP_STRING([--with-nghttp2=PATH],[Enable nghttp2 usage])
 AC_HELP_STRING([--without-nghttp2],[Disable nghttp2 usage]),
  [OPT_H2=$withval])
 case "$OPT_H2" in
  no)
    dnl --without-nghttp2 option used
    want_idn="no"
    AC_MSG_RESULT([no])
    ;;
  default)
    dnl configure option not specified
    want_h2="no"
    want_h2_path="default"
    AC_MSG_RESULT([no])
    ;;
  yes)
    dnl --with-nghttp2 option used without path
    want_h2="yes"
    want_h2_path=""
    AC_MSG_RESULT([yes])
    ;;
  *)
    dnl --with-nghttp2 option used with path
    want_h2="yes"
    want_h2_path="$withval"
    AC_MSG_RESULT([yes ($withval)])
    ;;
 esac
 curl_h2_msg="disabled (--with-nghttp2)"
 if test X"$OPT_H2" != Xno; then
  dnl backup the pre-librtmp variables
  CLEANLDFLAGS="$LDFLAGS"
  CLEANCPPFLAGS="$CPPFLAGS"
  CLEANLIBS="$LIBS"
  h2pcdir=${want_h2_path}/lib/pkgconfig
  CURL_CHECK_PKGCONFIG(libnghttp2, $h2pcdir)
  if test "$PKGCONFIG" != "no" ; then
    LIB_H2=`CURL_EXPORT_PCDIR([$h2pcdir])
      $PKGCONFIG --libs-only-l libnghttp2`
    AC_MSG_NOTICE([-l is $LIB_H2])
    CPP_H2=`CURL_EXPORT_PCDIR([$h2pcdir]) dnl
      $PKGCONFIG --cflags-only-I libnghttp2`
    AC_MSG_NOTICE([-I is $CPP_H2])
    LD_H2=`CURL_EXPORT_PCDIR([$h2pcdir])
      $PKGCONFIG --libs-only-L libnghttp2`
    AC_MSG_NOTICE([-L is $LD_H2])
  else
    dnl To avoid link errors, we do not allow --libnghttp2 without
    dnl a pkgconfig file
    AC_MSG_ERROR([--with-nghttp2 was specified but could not find libnghttp2 pkg-config file.])
  fi
  LDFLAGS="$LDFLAGS $LD_H2"
  CPPFLAGS="$CPPFLAGS $CPP_H2"
  LIBS="$LIB_H2 $LIBS"
  AC_CHECK_LIB(nghttp2, nghttp2_session_client_new,
    [
     AC_CHECK_HEADERS(nghttp2/nghttp2.h,
        curl_h2_msg="enabled (nghttp2)"
        NGHTTP2_ENABLED=1
        AC_DEFINE(USE_NGHTTP2, 1, [if nghttp2 is in use])
        AC_SUBST(USE_NGHTTP2, [1])
     )
    ],
      dnl not found, revert back to clean variables
      LDFLAGS=$CLEANLDFLAGS
      CPPFLAGS=$CLEANCPPFLAGS
      LIBS=$CLEANLIBS
  )
 fi
 dnl **********************************************************************
 dnl Back to "normal" configuring
 dnl **********************************************************************
@@ -2997,7 +2958,6 @@ AC_TYPE_SIGNAL
 CURL_CHECK_FUNC_SELECT
 CURL_CHECK_FUNC_RECV
 CURL_CHECK_FUNC_RECVFROM
 CURL_CHECK_FUNC_SEND
 CURL_CHECK_MSG_NOSIGNAL
@@ -3039,12 +2999,10 @@ CURL_CHECK_FUNC_SIGSETJMP
 CURL_CHECK_FUNC_SOCKET
 CURL_CHECK_FUNC_SOCKETPAIR
 CURL_CHECK_FUNC_STRCASECMP
 CURL_CHECK_FUNC_STRCASESTR
 CURL_CHECK_FUNC_STRCMPI
 CURL_CHECK_FUNC_STRDUP
 CURL_CHECK_FUNC_STRERROR_R
 CURL_CHECK_FUNC_STRICMP
 CURL_CHECK_FUNC_STRLCAT
 CURL_CHECK_FUNC_STRNCASECMP
 CURL_CHECK_FUNC_STRNCMPI
 CURL_CHECK_FUNC_STRNICMP
@@ -3190,14 +3148,26 @@ if test "$want_thres" = "yes"; then
  AC_CHECK_HEADER(pthread.h,
    [ AC_DEFINE(HAVE_PTHREAD_H, 1, [if you have <pthread.h>])
      save_CFLAGS="$CFLAGS"
-      CFLAGS="$CFLAGS -pthread"
+
-      AC_CHECK_LIB(pthread, pthread_create,
+      dnl first check for function without lib
-        [ AC_MSG_NOTICE([using POSIX threaded DNS lookup])
+      AC_CHECK_FUNC(pthread_create, [USE_THREADS_POSIX=1] )
-          AC_DEFINE(USE_THREADS_POSIX, 1, [if you want POSIX threaded DNS lookup])
+
-          USE_THREADS_POSIX=1
+      dnl if it wasn't found without lib, search for it in pthread lib
-          curl_res_msg="threaded"
+      if test "$USE_THREADS_POSIX" != "1"
-        ],
+      then
-        [ CFLAGS="$save_CFLAGS"])
+        CFLAGS="$CFLAGS -pthread"
        AC_CHECK_LIB(pthread, pthread_create,
                     [USE_THREADS_POSIX=1],
                     [ CFLAGS="$save_CFLAGS"])
      fi
      if test "x$USE_THREADS_POSIX" = "x1"
      then
        AC_DEFINE(USE_THREADS_POSIX, 1, [if you want POSIX threaded DNS lookup])
        curl_res_msg="POSIX threaded"
      fi
  ])
 fi
@@ -3370,6 +3340,11 @@ dnl yes or no
 ENABLE_SHARED="$enable_shared"
 AC_SUBST(ENABLE_SHARED)
 dnl to let curl-config output the static libraries correctly
 ENABLE_STATIC="$enable_static"
 AC_SUBST(ENABLE_STATIC)
 dnl
 dnl For keeping supported features and protocols also in pkg-config file
 dnl since it is more cross-compile friendly than curl-config
@@ -3380,9 +3355,6 @@ if test "x$USE_SSLEAY" = "x1"; then
 elif test -n "$SSL_ENABLED"; then
  SUPPORT_FEATURES="$SUPPORT_FEATURES SSL"
 fi
 if test "@KRB4_ENABLED@" = "x1"; then
  SUPPORT_FEATURES="$SUPPORT_FEATURES KRB4"
 fi
 if test "x$IPV6_ENABLED" = "x1"; then
  SUPPORT_FEATURES="$SUPPORT_FEATURES IPv6"
 fi
@@ -3412,6 +3384,10 @@ if test "x$USE_TLS_SRP" = "x1"; then
  SUPPORT_FEATURES="$SUPPORT_FEATURES TLS-SRP"
 fi
 if test "x$USE_NGHTTP2" = "x1"; then
  SUPPORT_FEATURES="$SUPPORT_FEATURES HTTP2"
 fi
 AC_SUBST(SUPPORT_FEATURES)
 dnl For supported protocols in pkg-config file
@@ -3546,6 +3522,8 @@ AC_OUTPUT
 CURL_GENERATE_CONFIGUREHELP_PM
 XC_AMEND_DISTCLEAN([lib src tests/unit tests/server tests/libtest docs/examples])
 AC_MSG_NOTICE([Configured to build curl/libcurl:
  curl version:     ${CURLVERSION}
@@ -3555,7 +3533,6 @@ AC_MSG_NOTICE([Configured to build curl/libcurl:
  SSL support:      ${curl_ssl_msg}
  SSH support:      ${curl_ssh_msg}
  zlib support:     ${curl_zlib_msg}
  krb4 support:     ${curl_krb4_msg}
  GSSAPI support:   ${curl_gss_msg}
  SPNEGO support:   ${curl_spnego_msg}
  TLS-SRP support:  ${curl_tls_srp_msg}
@@ -3574,6 +3551,7 @@ AC_MSG_NOTICE([Configured to build curl/libcurl:
  RTSP support:     ${curl_rtsp_msg}
  RTMP support:     ${curl_rtmp_msg}
  metalink support: ${curl_mtlnk_msg}
  HTTP2 support:    ${curl_h2_msg}
  Protocols:        ${SUPPORT_PROTOCOLS}
 ])
--- a/contributors.sh
+++ b/contributors.sh
@@ -0,0 +1,46 @@
 #!/bin/sh
 #***************************************************************************
 #                                  _   _ ____  _
 #  Project                     ___| | | |  _ \| |
 #                             / __| | | | |_) | |
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
 # Copyright (C) 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
 # are also available at http://curl.haxx.se/docs/copyright.html.
 #
 # You may opt to use, copy, modify, merge, publish, distribute and/or sell
 # copies of the Software, and permit persons to whom the Software is
 # furnished to do so, under the terms of the COPYING file.
 #
 # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 # KIND, either express or implied.
 #
 ###########################################################################
 #
 # This script shows all mentioned contributors from <hash> until HEAD. To aid
 # when writing RELEASE-NOTES and THANKS.
 #
 start=$1
 if test -z "$start"; then
  echo "Usage: $0 <since this tag/hash>"
 fi
 # filter out Author:, Commit: and *by: lines
 # cut off the email parts
 # cut off spaces first and last on the line
 # only count names with a space (ie more than one word)
 # sort all unique names
 git log $start..HEAD | \
 egrep '(Author|Commit|by):' | \
 cut -d: -f2- | \
 cut '-d<' -f1 | \
 sed -e 's/^ //' -e 's/ $//g' | \
 grep ' ' | \
 sort -u
--- a/curl-config.in
+++ b/curl-config.in
@@ -71,62 +71,62 @@ while test $# -gt 0; do
        ;;
    --ca)
-	echo "@CURL_CA_BUNDLE@"
+        echo "@CURL_CA_BUNDLE@"
-	;;
+        ;;
    --cc)
-	echo "@CC@"
+        echo "@CC@"
-	;;
+        ;;
    --prefix)
-	echo "$prefix"
+        echo "$prefix"
-	;;
+        ;;
    --feature|--features)
        for feature in @SUPPORT_FEATURES@ ""; do
            test -n "$feature" && echo "$feature"
        done
-	;;
+        ;;
    --protocols)
        for protocol in @SUPPORT_PROTOCOLS@; do
            echo "$protocol"
        done
-	;;
+        ;;
    --version)
-	echo libcurl @CURLVERSION@
+        echo libcurl @CURLVERSION@
-	exit 0
+        exit 0
-	;;
+        ;;
    --checkfor)
        checkfor=$2
        cmajor=`echo $checkfor | cut -d. -f1`
        cminor=`echo $checkfor | cut -d. -f2`
        # when extracting the patch part we strip off everything after a
-	# dash as that's used for things like version 1.2.3-CVS
+        # dash as that's used for things like version 1.2.3-CVS
-	cpatch=`echo $checkfor | cut -d. -f3 | cut -d- -f1`
+        cpatch=`echo $checkfor | cut -d. -f3 | cut -d- -f1`
        checknum=`echo "$cmajor*256*256 + $cminor*256 + ${cpatch:-0}" | bc`
        numuppercase=`echo @VERSIONNUM@ | tr 'a-f' 'A-F'`
        nownum=`echo "obase=10; ibase=16; $numuppercase" | bc`
-	if test "$nownum" -ge "$checknum"; then
+        if test "$nownum" -ge "$checknum"; then
-	  # silent success
+          # silent success
-	  exit 0
+          exit 0
-	else
+        else
-	  echo "requested version $checkfor is newer than existing @CURLVERSION@"
+          echo "requested version $checkfor is newer than existing @CURLVERSION@"
-	  exit 1
+          exit 1
-	fi
+        fi
-	;;
+        ;;
    --vernum)
-	echo @VERSIONNUM@
+        echo @VERSIONNUM@
-	exit 0
+        exit 0
-	;;
+        ;;
    --help)
-	usage 0
+        usage 0
-	;;
+        ;;
    --cflags)
        if test "X$cppflag_curl_staticlib" = "X-DCURL_STATICLIB"; then
@@ -134,38 +134,43 @@ while test $# -gt 0; do
        else
          CPPFLAG_CURL_STATICLIB=""
        fi
-       	if test "X@includedir@" = "X/usr/include"; then
+        if test "X@includedir@" = "X/usr/include"; then
          echo "$CPPFLAG_CURL_STATICLIB"
        else
          echo "${CPPFLAG_CURL_STATICLIB}-I@includedir@"
        fi
-       	;;
+        ;;
    --libs)
-	if test "X@libdir@" != "X/usr/lib" -a "X@libdir@" != "X/usr/lib64"; then
+        if test "X@libdir@" != "X/usr/lib" -a "X@libdir@" != "X/usr/lib64"; then
-	   CURLLIBDIR="-L@libdir@ "
+           CURLLIBDIR="-L@libdir@ "
-	else
+        else
-	   CURLLIBDIR=""
+           CURLLIBDIR=""
-	fi
+        fi
-	if test "X@REQUIRE_LIB_DEPS@" = "Xyes"; then
+        if test "X@REQUIRE_LIB_DEPS@" = "Xyes"; then
-	  echo ${CURLLIBDIR}-lcurl @LIBCURL_LIBS@
+          echo ${CURLLIBDIR}-lcurl @LIBCURL_LIBS@
-	else
+        else
-	  echo ${CURLLIBDIR}-lcurl
+          echo ${CURLLIBDIR}-lcurl
-	fi
+        fi
-	;;
+        ;;
    --static-libs)
-	echo @libdir@/libcurl.@libext@ @LDFLAGS@ @LIBCURL_LIBS@
+        if test "X@ENABLE_STATIC@" != "Xno" ; then
-	;;
+          echo @libdir@/libcurl.@libext@ @LDFLAGS@ @LIBCURL_LIBS@
        else
          echo "curl was built with static libraries disabled" >&2
          exit 1
        fi
        ;;
    --configure)
-      echo @CONFIGURE_OPTIONS@
+        echo @CONFIGURE_OPTIONS@
-    ;;
+        ;;
    *)
        echo "unknown option: $1"
-	usage 1
+        usage 1
-	;;
+        ;;
    esac
    shift
 done
--- a/curl-style.el
+++ b/curl-style.el
@@ -1,50 +0,0 @@
 ;;;; Emacs Lisp help for writing curl code. ;;;;
 ;;; The curl hacker's C conventions.
 ;;; See the sample.emacs file on how this file can be made to take
 ;;; effect automatically when editing curl source files.
 (defconst curl-c-style
  '((c-basic-offset . 2)
    (c-comment-only-line-offset . 0)
    (c-hanging-braces-alist     . ((substatement-open before after)))
    (c-offsets-alist . ((topmost-intro        . 0)
 			(topmost-intro-cont   . 0)
 			(substatement         . +)
 			(substatement-open    . 0)
 			(statement-case-intro . +)
 			(statement-case-open  . 0)
 			(case-label           . 0)
 			))
    )
  "Curl C Programming Style")
 (defun curl-code-cleanup ()
  "no docs"
  (interactive)
  (untabify (point-min) (point-max))
  (delete-trailing-whitespace)
 )
 ;; Customizations for all of c-mode, c++-mode, and objc-mode
 (defun curl-c-mode-common-hook ()
  "Curl C mode hook"
  ;; add curl style and set it for the current buffer
  (c-add-style "curl" curl-c-style t)
  (setq tab-width 8
 	indent-tabs-mode nil		; Use spaces. Not tabs.
 	comment-column 40
 	c-font-lock-extra-types (append '("bool" "CURL" "CURLcode" "ssize_t" "size_t" "curl_socklen_t" "fd_set" "time_t" "curl_off_t" "curl_socket_t" "in_addr_t" "CURLSHcode" "CURLMcode" "Curl_addrinfo"))
 	)
  ;; keybindings for C, C++, and Objective-C.  We can put these in
  ;; c-mode-base-map because of inheritance ...
  (define-key c-mode-base-map "\M-q" 'c-fill-paragraph)
  (define-key c-mode-base-map "\M-m" 'curl-code-cleanup)
  (setq c-recognize-knr-p nil)
  ;;; (add-hook 'write-file-hooks 'delete-trailing-whitespace t)
  (setq show-trailing-whitespace t)
  )
 ;; Set this is in your .emacs if you want to use the c-mode-hook as
 ;; defined here right out of the box.
 ; (add-hook 'c-mode-common-hook 'curl-c-mode-common-hook)
--- a/docs/BINDINGS
+++ b/docs/BINDINGS
@@ -6,14 +6,14 @@
                               libcurl bindings
-Creative people have written bindings or interfaces for various environments
+ Creative people have written bindings or interfaces for various environments
-and programming languages. Using one of these allows you to take advantage of
+ and programming languages. Using one of these allows you to take advantage of
-curl powers from within your favourite language or system.
+ curl powers from within your favourite language or system.
-This is a list of all known interfaces as of this writing.
+ This is a list of all known interfaces as of this writing.
-The bindings listed below are not part of the curl/libcurl distribution
+ The bindings listed below are not part of the curl/libcurl distribution
-archives, but must be downloaded and installed separately.
+ archives, but must be downloaded and installed separately.
 Ada95
@@ -41,7 +41,10 @@ Ch
 Cocoa
-  Written by Dan Wood
+  BBHTTP: written by Bruno de Carvalho
  https://github.com/brunodecarvalho/BBHTTP
  curlhandle: Written by Dan Wood
  http://curlhandle.sourceforge.net/
 D
@@ -55,6 +58,7 @@ Dylan
  http://dylanlibs.sourceforge.net/
 Eiffel
  Written by Eiffel Software
  http://curl.haxx.se/libcurl/eiffel/
@@ -81,6 +85,11 @@ glib/GTK+
  Written by Richard Atterer
  http://atterer.net/glibcurl/
 Guile:
  Written by Michael L. Gran
  http://www.lonelycactus.com/guile-curl.html
 Haskell
  Written by Galois, Inc
@@ -91,6 +100,11 @@ Java
  Maintained by [blank]
  http://curl.haxx.se/libcurl/java/
 Julia
  Written by Paul Howe
  https://github.com/forio/Curl.jl
 Lisp
  Written by Liam Healy
--- a/docs/CONTRIBUTE
+++ b/docs/CONTRIBUTE
@@ -79,9 +79,9 @@
 1.3 What To Read
 Source code, the man pages, the INTERNALS document, TODO, KNOWN_BUGS, the
- most recent CHANGES. Just lurking on the libcurl mailing list is gonna give
+ most recent CHANGES. Just lurking on the curl-library mailing list is gonna
- you a lot of insights on what's going on right now. Asking there is a good
+ give you a lot of insights on what's going on right now. Asking there is a
- idea too.
+ good idea too.
 2. cURL Coding Standards
@@ -98,12 +98,12 @@
 2.2 Indenting
- Please try using the same indenting levels and bracing method as all the
+ Use the same indenting levels and bracing method as all the other code
- other code already does. It makes the source code a lot easier to follow if
+ already does. It makes the source code easier to follow if all of it is
- all of it is written using the same style. We don't ask you to like it, we
+ written using the same style. We don't ask you to like it, we just ask you to
- just ask you to follow the tradition! ;-) This mainly means: 2-level indents,
+ follow the tradition! ;-) This mainly means: 2-level indents, using spaces
- using spaces only (no tabs) and having the opening brace ({) on the same line
+ only (no tabs) and having the opening brace ({) on the same line as the if()
- as the if() or while().
+ or while().
 Also note that we use if() and while() with no space before the parenthesis.
@@ -151,6 +151,9 @@
 description exactly what they correct so that all patches can be selectively
 applied by the maintainer or other interested parties.
 Also, separate patches enable bisecting much better when we track problems in
 the future.
 2.9 Patch Against Recent Sources
 Please try to get the latest available sources to make your patches
@@ -178,6 +181,10 @@
 test case that verifies that it works as documented. If every submitter also
 posts a few test cases, it won't end up as a heavy burden on a single person!
 If you don't have test cases or perhaps you have done something that is very
 hard to write tests for, do explain exactly how you have otherwise tested and
 verified your changes.
 3. Pushing Out Your Changes
 3.1 Write Access to git Repository
@@ -212,7 +219,7 @@
 commit.
 Now send those patches off to the curl-library list. You can of course opt to
- do that with the 'get send-email' command.
+ do that with the 'git send-email' command.
 3.3 How To Make a Patch without git
--- a/docs/FAQ
+++ b/docs/FAQ
@@ -202,27 +202,25 @@ FAQ
  better. We do however believe in a few rules when it comes to the future of
  curl:
-  * Curl -- the command line tool -- is to remain a non-graphical command line
+  Curl -- the command line tool -- is to remain a non-graphical command line
-    tool. If you want GUIs or fancy scripting capabilities, you should look
+  tool. If you want GUIs or fancy scripting capabilities, you should look for
-    for another tool that uses libcurl.
+  another tool that uses libcurl.
-  * We do not add things to curl that other small and available tools already
+  We do not add things to curl that other small and available tools already do
-    do very fine at the side. Curl's output is fine to pipe into another
+  very fine at the side. Curl's output is fine to pipe into another program or
-    program or redirect to another file for the next program to interpret.
+  redirect to another file for the next program to interpret.
-  * We focus on protocol related issues and improvements. If you wanna do more
+  We focus on protocol related issues and improvements. If you wanna do more
-    magic with the supported protocols than curl currently does, chances are
+  magic with the supported protocols than curl currently does, chances are big
-    big we will agree. If you wanna add more protocols, we may very well
+  we will agree. If you wanna add more protocols, we may very well agree.
    agree.
-  * If you want someone else to make all the work while you wait for us to
+  If you want someone else to make all the work while you wait for us to
-    implement it for you, that is not a very friendly attitude. We spend a
+  implement it for you, that is not a very friendly attitude. We spend a
-    considerable time already on maintaining and developing curl. In order to
+  considerable time already on maintaining and developing curl. In order to
-    get more out of us, you should consider trading in some of your time and
+  get more out of us, you should consider trading in some of your time and
-    efforts in return.
+  efforts in return.
-  * If you write the code, chances are bigger that it will get into curl
+  If you write the code, chances are bigger that it will get into curl faster.
    faster.
  1.5 Who makes curl?
@@ -245,10 +243,10 @@ FAQ
  supervised in any way by the project.
  We still get help from companies. Haxx provides web site, bandwidth, mailing
-  lists etc and sourceforge.net hosts project services we take advantage from,
+  lists etc, sourceforge.net hosts project services we take advantage from,
-  like the bug tracker. Also again, some companies have sponsored certain
+  like the bug tracker and github hosts the primary git repository. Also
-  parts of the development in the past and I hope some will continue to do so
+  again, some companies have sponsored certain parts of the development in the
-  in the future.
+  past and I hope some will continue to do so in the future.
  If you want to support our project, consider a donation or a banner-program
  or even better: by helping us coding, documenting, testing etc.
@@ -263,7 +261,7 @@ FAQ
  Our project name curl has been in effective use since 1998. We were not the
  first computer related project to use the name "curl" and do not claim any
-  first-hand rights to the name.
+  rights to the name.
  We recognize that we will be living in parallel with curl.com and wish them
  every success.
@@ -309,17 +307,16 @@ FAQ
  never use it.
  In May 2012 Daniel did a counting game and came up with a number that may
-  be completely wrong or somewhat accurate. 300 million!
+  be completely wrong or somewhat accurate. Over 500 million!
  See http://daniel.haxx.se/blog/2012/05/16/300m-users/
  1.11 Why don't you update ca-bundle.crt
-  The ca-bundle.crt file that used to be bundled with curl was very outdated
+  The ca cert bundle that used to shipped with curl was very outdated and must
-  (it being last modified year 2000 should tell) and must be replaced with a
+  be replaced with an up-to-date version by anyone who wants to verify
-  much more modern and up-to-date version by anyone who wants to verify peers
+  peers. It is no longer provided by curl. The last curl release ever that
-  anyway. It is no longer provided, the last curl release that shipped it was
+  shipped a ca cert bundle was curl 7.18.0.
  curl 7.18.0.
  In the cURL project we've decided not to attempt to keep this file updated
  (or even present anymore) since deciding what to add to a ca cert bundle is
@@ -433,10 +430,10 @@ FAQ
  That is an OpenSSL binary built for Windows.
-  Curl uses OpenSSL to do the SSL stuff. The LIBEAY32.DLL is what curl needs
+  Curl can be built with OpenSSL to do the SSL stuff. The LIBEAY32.DLL is then
-  on a windows machine to do https://. Check out the curl web site to find
+  what curl needs on a windows machine to do https:// etc. Check out the curl
-  accurate and up-to-date pointers to recent OpenSSL DLLs and other binary
+  web site to find accurate and up-to-date pointers to recent OpenSSL DLLs and
-  packages.
+  other binary packages.
  2.4 Does curl support SOCKS (RFC 1928) ?
@@ -472,9 +469,9 @@ FAQ
  3.3 Why doesn't my posting using -F work?
  You can't simply use -F or -d at your choice. The web server that will
-  receive your post assumes one of the formats. If the form you're trying to
+  receive your post expects one of the formats. If the form you're trying to
-  "fake" sets the type to 'multipart/form-data', then and only then you must
+  submit uses the type 'multipart/form-data', then and only then you must use
-  use the -F type. In all the most common cases, you should use -d which then
+  the -F type. In all the most common cases, you should use -d which then
  causes a posting with the type 'application/x-www-form-urlencoded'.
  This is described in some detail in the MANUAL and TheArtOfHttpScripting
@@ -502,9 +499,9 @@ FAQ
  3.6 Does curl support ASP, XML, XHTML or HTML version Y?
  To curl, all contents are alike. It doesn't matter how the page was
-  generated. It may be ASP, PHP, Perl, shell-script, SSI or plain
+  generated. It may be ASP, PHP, Perl, shell-script, SSI or plain HTML
-  HTML-files. There's no difference to curl and it doesn't even know what kind
+  files. There's no difference to curl and it doesn't even know what kind of
-  of language that generated the page.
+  language that generated the page.
  See also item 3.14 regarding javascript.
@@ -621,15 +618,15 @@ FAQ
  Some workarounds usually suggested to overcome this Javascript dependency:
-  - Depending on the Javascript complexity, write up a script that
+  Depending on the Javascript complexity, write up a script that translates it
-    translates it to another language and execute that.
+  to another language and execute that.
-  - Read the Javascript code and rewrite the same logic in another language.
+  Read the Javascript code and rewrite the same logic in another language.
-  - Implement a Javascript interpreter, people have successfully used the
+  Implement a Javascript interpreter, people have successfully used the
-    Mozilla Javascript engine in the past.
+  Mozilla Javascript engine in the past.
-  - Ask your admins to stop this, for a static proxy setup or similar.
+  Ask your admins to stop this, for a static proxy setup or similar.
  3.15 Can I do recursive fetches with curl?
@@ -645,34 +642,38 @@ FAQ
  There are three different kinds of "certificates" to keep track of when we
  talk about using SSL-based protocols (HTTPS or FTPS) using curl or libcurl.
-  - Client certificate. The server you communicate may require that you can
+  CLIENT CERTIFICATE
    provide this in order to prove that you actually are who you claim to be.
    If the server doesn't require this, you don't need a client certificate.
-    A client certificate is always used together with a private key, and the
+  The server you communicate may require that you can provide this in order to
-    private key has a pass phrase that protects it.
+  prove that you actually are who you claim to be.  If the server doesn't
  require this, you don't need a client certificate.
-  - Server certificate. The server you communicate with has a server
+  A client certificate is always used together with a private key, and the
-    certificate. You can and should verify this certificate to make sure that
+  private key has a pass phrase that protects it.
    you are truly talking to the real server and not a server impersonating
    it.
-  - Certificate Authority certificate ("CA cert"). You often have several CA
+  SERVER CERTIFICATE
    certs in a CA cert bundle that can be used to verify a server certificate
    that was signed by one of the authorities in the bundle. curl does not
    come with a CA cert bundle but most curl installs provide one. You can
    also override the default.
-    The server certificate verification process is made by using a Certificate
+  The server you communicate with has a server certificate. You can and should
-    Authority certificate ("CA cert") that was used to sign the server
+  verify this certificate to make sure that you are truly talking to the real
-    certificate. Server certificate verification is enabled by default in curl
+  server and not a server impersonating it.
-    and libcurl and is often the reason for problems as explained in FAQ entry
+
-    4.12 and the SSLCERTS document
+  CERTIFICATE AUTHORITY CERTIFICATE ("CA cert")
-    (http://curl.haxx.se/docs/sslcerts.html). Server certificates that are
+
-    "self-signed" or otherwise signed by a CA that you do not have a CA cert
+  You often have several CA certs in a CA cert bundle that can be used to
-    for, cannot be verified. If the verification during a connect fails, you
+  verify a server certificate that was signed by one of the authorities in the
-    are refused access. You then need to explicitly disable the verification
+  bundle. curl does not come with a CA cert bundle but most curl installs
-    to connect to the server.
+  provide one. You can also override the default.
  The server certificate verification process is made by using a Certificate
  Authority certificate ("CA cert") that was used to sign the server
  certificate. Server certificate verification is enabled by default in curl
  and libcurl and is often the reason for problems as explained in FAQ entry
  4.12 and the SSLCERTS document
  (http://curl.haxx.se/docs/sslcerts.html). Server certificates that are
  "self-signed" or otherwise signed by a CA that you do not have a CA cert
  for, cannot be verified. If the verification during a connect fails, you are
  refused access. You then need to explicitly disable the verification to
  connect to the server.
  3.17 How do I list the root dir of an FTP server?
@@ -729,7 +730,7 @@ FAQ
  When passing on a URL to curl to use, it may respond that the particular
  protocol is not supported or disabled. The particular way this error message
  is phrased is because curl doesn't make a distinction internally of whether
-  a particular protocol is not supported (ie never got any code added that
+  a particular protocol is not supported (i.e. never got any code added that
  knows how to speak that protocol) or if it was explicitly disabled. curl can
  be built to only support a given set of protocols, and the rest would then
  be disabled or not supported.
@@ -795,12 +796,13 @@ FAQ
     curl 'http://www.altavista.com/cgi-bin/query?text=yes&q=curl'
-  In Windows, the standard DOS shell treats the %-symbol specially and you
+  In Windows, the standard DOS shell treats the percent sign specially and you
-  need to use TWO %-symbols for each single one you want to use in the URL.
+  need to use TWO percent signs for each single one you want to use in the
  URL.
-  Also note that if you want the literal %-symbol to be part of the data you
+  If you want a literal percent sign to be part of the data you pass in a POST
-  pass in a POST using -d/--data you must encode it as '%25' (which then also
+  using -d/--data you must encode it as '%25' (which then also needs the
-  needs the %-symbol doubled on Windows machines).
+  percent sign doubled on Windows machines).
  4.3 How can I use {, }, [ or ] to specify multiple URLs?
@@ -969,13 +971,13 @@ FAQ
  4.14 Redirects work in browser but not with curl!
  curl supports HTTP redirects fine (see item 3.8). Browsers generally support
-  at least two other ways to perform directs that curl does not:
+  at least two other ways to perform redirects that curl does not:
-  - Meta tags. You can write a HTML tag that will cause the browser to
+  Meta tags. You can write a HTML tag that will cause the browser to redirect
-    redirect to another given URL after a certain time.
+  to another given URL after a certain time.
-  - Javascript. You can write a Javascript program embedded in a HTML page
+  Javascript. You can write a Javascript program embedded in a HTML page that
-    that redirects the browser to another given URL.
+  redirects the browser to another given URL.
  There is no way to make curl follow these redirects. You must either
  manually figure out what the page is set to do, or you write a script that
@@ -1056,11 +1058,11 @@ FAQ
  4.19 Why doesn't cURL return an error when the network cable is unplugged?
-  Unplugging the cable is not an error situation. The TCP/IP protocol stack
+  Unplugging a cable is not an error situation. The TCP/IP protocol stack
  was designed to be fault tolerant, so even though there may be a physical
  break somewhere the connection shouldn't be affected, just possibly
  delayed.  Eventually, the physical break will be fixed or the data will be
-  re-routed around the physical problem.
+  re-routed around the physical problem through another path.
  In such cases, the TCP/IP stack is responsible for detecting when the
  network connection is irrevocably lost. Since with some protocols it is
@@ -1078,6 +1080,12 @@ FAQ
  falls too low, and --connect-timeout and --max-time can be used to put an
  overall timeout on the connection phase or the entire transfer.
  A libcurl-using application running in a known physical environment (e.g.
  an embedded device with only a single network connection) may want to act
  immediately if its lone network connection goes down.  That can be achieved
  by having the application monitor the network connection on its own using an
  OS-specific mechanism, then signalling libcurl to abort (see also item 5.13).
 5. libcurl Issues
@@ -1087,7 +1095,9 @@ FAQ
  We have written the libcurl code specifically adjusted for multi-threaded
  programs. libcurl will use thread-safe functions instead of non-safe ones if
-  your system has such.
+  your system has such.  Note that you must never share the same handle in
  multiple threads.
  If you use a OpenSSL-powered libcurl in a multi-threaded environment, you
  need to provide one or two locking functions:
@@ -1263,17 +1273,18 @@ FAQ
  5.12 Can I make libcurl fake or hide my real IP address?
-  No. libcurl operates on a higher level than so. Besides, faking IP address
+  No. libcurl operates on a higher level. Besides, faking IP address would
-  would imply sending IP packages with a made-up source address, and then you
+  imply sending IP packet with a made-up source address, and then you normally
-  normally get a problem with intercepting the packages sent back as they
+  get a problem with receiving the packet sent back as they would then not be
-  would then not be routed to you!
+  routed to you!
  If you use a proxy to access remote sites, the sites will not see your local
  IP address but instead the address of the proxy.
  Also note that on many networks NATs or other IP-munging techniques are used
  that makes you see and use a different IP address locally than what the
-  remote server will see you coming from.
+  remote server will see you coming from. You may also consider using
  http://www.torproject.org .
  5.13 How do I stop an ongoing transfer?
--- a/docs/FEATURES
+++ b/docs/FEATURES
@@ -13,27 +13,29 @@ curl tool
 - multiple file upload on a single command line
 - custom maximum transfer rate
 - redirectable stderr
 - metalink support (*13)
-libcurl supports
+libcurl
 - full URL syntax with no length limit
 - custom maximum download time
 - custom least download speed acceptable
 - custom output result after completion
 - guesses protocol from host name unless specified
 - uses .netrc
- - progress bar/time specs while downloading
+ - progress bar with time statistics while downloading
 - "standard" proxy environment variables support
 - compiles on win32 (reported builds on 40+ operating systems)
 - selectable network interface for outgoing traffic
 - IPv6 support on unix and Windows
 - persistent connections
 - socks5 support
- - supports user name + password in proxy environment variables
+ - supports user name and password in proxy environment variables
 - operations through proxy "tunnel" (using CONNECT)
- - supports large files (>2GB and >4GB) both upload/download
+ - support for large files (>2GB and >4GB) during upload and download
 - replaceable memory functions (malloc, free, realloc, etc)
 - asynchronous name resolving (*6)
 - both a push and a pull style interface
 - international domain names (*11)
 HTTP
 - HTTP/1.1 compliant (optionally uses 1.0)
@@ -60,7 +62,8 @@ HTTP
 - via http-proxy
 - retrieve file modification date
 - Content-Encoding support for deflate and gzip
- - "Transfer-Encoding: chunked" support for "uploads"
+ - "Transfer-Encoding: chunked" support in uploads
 - data compression (*12)
 HTTPS (*1)
 - (all the HTTP features)
@@ -68,12 +71,13 @@ HTTPS (*1)
 - verify server certificate
 - via http-proxy
 - select desired encryption
- - force usage of a specific SSL version (SSLv2(*7), SSLv3 or TLSv1)
+ - force usage of a specific SSL version (SSLv2 (*7), SSLv3 (*10) or TLSv1)
 FTP
 - download
 - authentication
- - kerberos4 (*5), kerberos5 (*3)
+ - kerberos4 (*5)
 - kerberos5 (*3)
 - active/passive using PORT, EPRT, PASV or EPSV
 - single file size information (compare to HTTP HEAD)
 - 'type=' URL support
@@ -93,7 +97,7 @@ FTP
 FTPS (*1)
 - implicit ftps:// support that use SSL on both connections
- - explicit "AUTH TSL" and "AUTH SSL" usage to "upgrade" plain ftp://
+ - explicit "AUTH TLS" and "AUTH SSL" usage to "upgrade" plain ftp://
   connection to use SSL for both or one of the connections
 SCP (*8)
@@ -104,7 +108,8 @@ SFTP (*8)
 - with custom commands sent before/after the transfer
 TFTP
- - download / upload
+ - download
 - upload
 TELNET
 - connection negotiation
@@ -119,12 +124,12 @@ DICT
 FILE
 - URL support
- - "uploads"
+ - upload
 - resume
 SMTP
 - authentication: Plain, Login, CRAM-MD5, Digest-MD5 and NTLM (*9)
- - send mail
+ - send e-mails
 - mail from support
 - mail size support
 - mail auth support for trusted server-to-server relaying
@@ -142,7 +147,8 @@ POP3
   NTLM (*9)
 - list e-mails
 - retrieve e-mails
- - enhanced command support for: CAPA, DELE, TOP, STAT, UIDL and NOOP
+ - enhanced command support for: CAPA, DELE, TOP, STAT, UIDL and NOOP via
   custom requests
 - via http-proxy
 POP3S (*1)
@@ -152,10 +158,14 @@ POP3S (*1)
 IMAP
 - authentication: Clear Text and SASL
 - select mailbox
 - basic fetch e-mail support
 - SASL based authentication: Plain, Login, CRAM-MD5, Digest-MD5 and
   NTLM (*9)
 - list the folders of a mailbox
 - select a mailbox with support for verifing the UIDVALIDITY
 - fetch e-mails with support for specifing the UID and SECTION
 - upload e-mails via the append command
 - enhanced command support for: EXAMINE, CREATE, DELETE, RENAME, STATUS,
   STORE, COPY and UID via custom requests
 - via http-proxy
 IMAPS (*1)
@@ -167,12 +177,20 @@ FOOTNOTES
 =========
  *1 = requires OpenSSL, GnuTLS, NSS, yassl, axTLS, PolarSSL, schannel (native
-       Windows), Secure Transport (native iOS/OS X)  or qssl (native IBM i)
+       Windows), Secure Transport (native iOS/OS X) or qssl (native IBM i)
  *2 = requires OpenLDAP
-  *3 = requires a GSSAPI-compliant library, such as Heimdal or similar.
+  *3 = requires a GSSAPI-compliant library, such as Heimdal or similar
  *4 = requires FBopenssl
-  *5 = requires a krb4 library, such as the MIT one or similar.
+  *5 = requires a krb4 library, such as the MIT one or similar
  *6 = requires c-ares
-  *7 = requires OpenSSL or NSS, as GnuTLS only supports SSLv3 and TLSv1
+  *7 = requires OpenSSL, NSS, qssl, schannel or Secure Transport; GnuTLS, for
       example, only supports SSLv3 and TLSv1
  *8 = requires libssh2
-  *9 = requires OpenSSL, GnuTLS, NSS, yassl or SSPI (native Windows)
+  *9 = requires OpenSSL, GnuTLS, NSS, yassl, Secure Transport or SSPI (native
       Windows)
  *10 = requires any of the SSL libraries in (*1) above other than axTLS, which
        does not support SSLv3
  *11 = requires libidn or Windows
  *12 = requires libz
  *13 = requires libmetalink, and either an Apple or Microsoft operating
        system, or OpenSSL, or GnuTLS, or NSS
--- a/docs/HISTORY
+++ b/docs/HISTORY
@@ -7,19 +7,19 @@
                          How cURL Became Like This
-In the second half of 1997, Daniel Stenberg came up with the idea to make
+Towards the end of 1996, Daniel Stenberg came up with the idea to make
 currency-exchange calculations available to Internet Relay Chat (IRC)
 users. All the necessary data are published on the Web; he just needed to
 automate their retrieval.
 Daniel simply adopted an existing command-line open-source tool, httpget, that
-Brazilian Rafael Sagula had written. After a few minor adjustments, it did
+Brazilian Rafael Sagula had written and recently release version 0.1 of. After
-just what he needed.
+a few minor adjustments, it did just what he needed. HttpGet 1.0 was released
 on April 8th 1997 with brand new HTTP proxy support.
-Soon, he found currencies on a GOPHER site, so support for that had to go in,
+We soon found and fixed support for getting currencies over GOPHER.  Once FTP
-and not before long FTP download support was added as well. The name of the
+download support was added, the name of the project was changed and urlget 2.0
-project was changed to urlget to better fit what it actually did now, since
+was released in August 1997. The http-only days were already passed.
 the http-only days were already passed.
 The project slowly grew bigger. When upload capabilities were added and the
 name once again was misleading, a second name change was made and on March 20,
--- a/docs/INSTALL
+++ b/docs/INSTALL
@@ -220,8 +220,8 @@ Win32
   adjust as necessary. It is also possible to override these paths with
   environment variables, for example:
-     set ZLIB_PATH=c:\zlib-1.2.7
+     set ZLIB_PATH=c:\zlib-1.2.8
-     set OPENSSL_PATH=c:\openssl-0.9.8x
+     set OPENSSL_PATH=c:\openssl-0.9.8y
     set LIBSSH2_PATH=c:\libssh2-1.4.3
   ATTENTION: if you want to build with libssh2 support you have to use latest
@@ -323,7 +323,7 @@ Win32
   documentation on how to compile zlib. Define the ZLIB_PATH environment
   variable to the location of zlib.h and zlib.lib, for example:
-     set ZLIB_PATH=c:\zlib-1.2.7
+     set ZLIB_PATH=c:\zlib-1.2.8
   Then run 'nmake vc-zlib' in curl's root directory.
@@ -337,7 +337,7 @@ Win32
   Before running nmake define the OPENSSL_PATH environment variable with
   the root/base directory of OpenSSL, for example:
-     set OPENSSL_PATH=c:\openssl-0.9.8x
+     set OPENSSL_PATH=c:\openssl-0.9.8y
   Then run 'nmake vc-ssl' or 'nmake vc-ssl-dll' in curl's root
   directory.  'nmake vc-ssl' will create a libcurl static and dynamic
@@ -359,7 +359,7 @@ Win32
   source distribution archive to allow proper building of the two included
   projects, the libcurl library and the curl tool.
-   1) Open the vc6curl.dsw workspace with MSVC6's IDE.
+   1) Open the vs/vc6/vc6curl.dsw workspace with MSVC6's IDE.
   2) Select 'Build' from top menu.
   3) Select 'Batch Build' from dropdown menu.
   4) Make sure that the eight project configurations are 'checked'.
@@ -367,12 +367,12 @@ Win32
   6) Once the eight project configurations are built you are done.
   Dynamic and static libcurl libraries are built in debug and release flavours,
-   and can be located each one in its own subdirectory, DLL-Debug, DLL-Release,
+   and can be located each one in its own subdirectory, dll-debug, dll-release,
-   LIB-Debug and LIB-Release, all of them below the 'lib' subdirectory.
+   lib-debug and lib-release, all of them below the 'vs/vc6/lib' subdirectory.
   In the same way four curl executables are created, each using its respective
   library. The resulting curl executables are located in its own subdirectory,
-   DLL-Debug, DLL-Release, LIB-Debug and LIB-Release, below the 'src' subdir.
+   dll-debug, dll-release, lib-debug and lib-release, below 'vs/vc6/src' subdir.
   These reference VC++ 6.0 configurations are generated using the dynamic CRT.
@@ -876,7 +876,7 @@ VxWorks
 Android
 =======
   Method using the static makefile:
-      - see the build notes in the Android.mk file.
+      - see the build notes in the packages/Android/Android.mk file.
   Method using a configure cross-compile (tested with Android NDK r7c, r8):
      - prepare the toolchain of the Android NDK for standalone use; this can
@@ -1045,7 +1045,7 @@ PORTS
        - Alpha OpenVMS V7.1-1H2
        - Alpha Tru64 v5.0 5.1
        - AVR32 Linux
-        - ARM Android 1.5, 2.1
+        - ARM Android 1.5, 2.1, 2.3, 3.2, 4.x
        - ARM INTEGRITY
        - ARM iOS
        - Cell Linux
@@ -1116,6 +1116,7 @@ GNU GSS      http://www.gnu.org/software/gss/
 GnuTLS       http://www.gnu.org/software/gnutls/
 Heimdal      http://www.pdc.kth.se/heimdal/
 libidn       http://www.gnu.org/software/libidn/
 libmetalink  https://launchpad.net/libmetalink/
 libssh2      http://www.libssh2.org/
 MIT Kerberos http://web.mit.edu/kerberos/www/dist/
 NSS          http://www.mozilla.org/projects/security/pki/nss/
--- a/docs/INTERNALS
+++ b/docs/INTERNALS
@@ -42,7 +42,7 @@ Portability
 cyassl       2.0.0
 openldap     2.0
 MIT krb5 lib 1.2.4
- qsossl       V5R2M0
+ qsossl       V5R3M0
 NSS          3.12.x
 axTLS        1.2.7
 Heimdal      ?
@@ -52,7 +52,7 @@ Portability
 curl running fine on:
 Windows      98
- AS/400       V5R2M0
+ AS/400       V5R3M0
 Symbian      9.1
 Windows CE   ?
 TPF          ?
@@ -111,6 +111,9 @@ Windows vs Unix
 Library
 =======
 (See LIBCURL-STRUCTS for a separate document describing all major internal
 structs and their purposes.)
 There are plenty of entry points to the library, namely each publicly defined
 function that libcurl offers to applications. All of those functions are
 rather small and easy-to-follow. All the ones prefixed with 'curl_easy' are
@@ -135,16 +138,18 @@ Library
 options is documented in the man page. This function mainly sets things in
 the 'SessionHandle' struct.
- curl_easy_perform() does a whole lot of things:
+ curl_easy_perform() is just a wrapper function that makes use of the multi
 API.  It basically curl_multi_init(), curl_multi_add_handle(),
 curl_multi_wait(), and curl_multi_perform() until the transfer is done and
 then returns.
- It starts off in the lib/easy.c file by calling Curl_perform() and the main
+ Some of the most important key functions in url.c are called from multi.c
- work then continues in lib/url.c. The flow continues with a call to
+ when certain key steps are to be made in the transfer operation.
 Curl_connect() to connect to the remote site.
 o Curl_connect()
-   ... analyzes the URL, it separates the different components and connects to
+   Analyzes the URL, it separates the different components and connects to the
-   the remote host. This may involve using a proxy and/or using SSL. The
+   remote host. This may involve using a proxy and/or using SSL. The
   Curl_resolv() function in lib/hostip.c is used for looking up host names
   (it does then use the proper underlying method, which may vary between
   platforms and builds).
@@ -160,10 +165,7 @@ Library
 o Curl_do()
   Curl_do() makes sure the proper protocol-specific function is called. The
-   functions are named after the protocols they handle. Curl_ftp(),
+   functions are named after the protocols they handle.
   Curl_http(), Curl_dict(), etc. They all reside in their respective files
   (ftp.c, http.c and dict.c). HTTPS is handled by Curl_http() and FTPS by
   Curl_ftp().
   The protocol-specific functions of course deal with protocol-specific
   negotiations and setup. They have access to the Curl_sendf() (from
@@ -182,10 +184,9 @@ Library
   be called with some basic info about the upcoming transfer: what socket(s)
   to read/write and the expected file transfer sizes (if known).
- o Transfer()
+ o Curl_readwrite()
-   Curl_perform() then calls Transfer() in lib/transfer.c that performs the
+   Called during the transfer of the actual protocol payload.
   entire file transfer.
   During transfer, the progress functions in lib/progress.c are called at a
   frequent interval (or at the user's choice, a specified callback might get
@@ -207,33 +208,11 @@ Library
   used. This function is only used when we are certain that no more transfers
   is going to be made on the connection. It can be also closed by force, or
   it can be called to make sure that libcurl doesn't keep too many
-   connections alive at the same time (there's a default amount of 5 but that
+   connections alive at the same time.
   can be changed with the CURLOPT_MAXCONNECTS option).
   This function cleans up all resources that are associated with a single
   connection.
 Curl_perform() is the function that does the main "connect - do - transfer -
 done" loop. It loops if there's a Location: to follow.
 When completed, the curl_easy_cleanup() should be called to free up used
 resources. It runs Curl_disconnect() on all open connections.
 A quick roundup on internal function sequences (many of these call
 protocol-specific function-pointers):
  Curl_connect - connects to a remote site and does initial connect fluff
   This also checks for an existing connection to the requested site and uses
   that one if it is possible.
   Curl_do - starts a transfer
    Curl_handler::do_it() - transfers data
   Curl_done - ends a transfer
  Curl_disconnect - disconnects from a remote site. This is called when the
   disconnect is really requested, which doesn't necessarily have to be
   exactly after curl_done in case we want to keep the connection open for
   a while.
 HTTP(S)
@@ -316,48 +295,38 @@ Persistent Connections
   hold connection-oriented data. It is meant to hold the root data as well as
   all the options etc that the library-user may choose.
 o The 'SessionHandle' struct holds the "connection cache" (an array of
-   pointers to 'connectdata' structs). There's one connectdata struct
+   pointers to 'connectdata' structs).
   allocated for each connection that libcurl knows about. Note that when you
   use the multi interface, the multi handle will hold the connection cache
   and not the particular easy handle. This of course to allow all easy handles
   in a multi stack to be able to share and re-use connections.
 o This enables the 'curl handle' to be reused on subsequent transfers.
- o When we are about to perform a transfer with curl_easy_perform(), we first
+ o When libcurl is told to perform a transfer, it first checks for an already
-   check for an already existing connection in the cache that we can use,
+   existing connection in the cache that we can use. Otherwise it creates a
-   otherwise we create a new one and add to the cache. If the cache is full
+   new one and adds that the cache. If the cache is full already when a new
-   already when we add a new connection, we close one of the present ones. We
+   conncetion is added added, it will first close the oldest unused one.
-   select which one to close dependent on the close policy that may have been
+ o When the transfer operation is complete, the connection is left
-   previously set.
+   open. Particular options may tell libcurl not to, and protocols may signal
- o When the transfer operation is complete, we try to leave the connection
+   closure on connections and then they won't be kept open of course.
   open. Particular options may tell us not to, and protocols may signal
   closure on connections and then we don't keep it open of course.
 o When curl_easy_cleanup() is called, we close all still opened connections,
   unless of course the multi interface "owns" the connections.
- You do realize that the curl handle must be re-used in order for the
+ The curl handle must be re-used in order for the persistent connections to
- persistent connections to work.
+ work.
 multi interface/non-blocking
 ============================
- We make an effort to provide a non-blocking interface to the library, the
+ The multi interface is a non-blocking interface to the library. To make that
- multi interface. To make that interface work as good as possible, no
+ interface work as good as possible, no low-level functions within libcurl
- low-level functions within libcurl must be written to work in a blocking
+ must be written to work in a blocking manner. (There are still a few spots
- manner.
+ violating this rule.)
 One of the primary reasons we introduced c-ares support was to allow the name
 resolve phase to be perfectly non-blocking as well.
- The ultimate goal is to provide the easy interface simply by wrapping the
+ The FTP and the SFTP/SCP protocols are examples of how we adapt and adjust
- multi interface functions and thus treat everything internally as the multi
+ the code to allow non-blocking operations even on multi-stage command-
- interface is the single interface we have.
+ response protocols. They are built around state machines that return when
-
+ they would otherwise block waiting for data.  The DICT, LDAP and TELNET
- The FTP and the SFTP/SCP protocols are thus perfect examples of how we adapt
+ protocols are crappy examples and they are subject for rewrite in the future
- and adjust the code to allow non-blocking operations even on multi-stage
+ to better fit the libcurl protocol family.
 protocols. They are built around state machines that return when they could
 block waiting for data.  The DICT, LDAP and TELNET protocols are crappy
 examples and they are subject for rewrite in the future to better fit the
 libcurl protocol family.
 SSL libraries
 =============
@@ -408,12 +377,12 @@ API/ABI
 Client
 ======
- main() resides in src/main.c together with most of the client code.
+ main() resides in src/tool_main.c.
 src/tool_hugehelp.c is automatically generated by the mkhelp.pl perl script
- to display the complete "manual" and the src/urlglob.c file holds the
+ to display the complete "manual" and the src/tool_urlglob.c file holds the
- functions used for the URL-"globbing" support. Globbing in the sense that
+ functions used for the URL-"globbing" support. Globbing in the sense that the
- the {} and [] expansion stuff is there.
+ {} and [] expansion stuff is there.
 The client mostly messes around to setup its 'config' struct properly, then
 it calls the curl_easy_*() functions of the library and when it gets back
@@ -425,8 +394,8 @@ Client
 curl_easy_getinfo() function to extract useful information from the curl
 session.
- Recent versions may loop and do all this several times if many URLs were
+ It may loop and do all this several times if many URLs were specified on the
- specified on the command line or config file.
+ command line or config file.
 Memory Debugging
 ================
--- a/docs/KNOWN_BUGS
+++ b/docs/KNOWN_BUGS
@@ -3,20 +3,42 @@ join in and help us correct one or more of these! Also be sure to check the
 changelog of the current development status, as one or more of these problems
 may have been fixed since this was written!
 84. CURLINFO_SSL_VERIFYRESULT is only implemented for the OpenSSL and NSS
  backends, so relying on this information in a generic app is flaky.
 83. curl is unable to load non-default openssl engines, because openssl isn't
  initialized properly. This seems to require OpenSSL_config() or
  CONF_modules_load_file() to be used by libcurl but the first seems to not
  work and we've gotten not reports from tests with the latter. Possibly we
  need to discuss with OpenSSL developers how this is supposed to be done. We
  need users with actual external openssl engines for testing to work on this.
  http://curl.haxx.se/bug/view.cgi?id=1208
 82. When building with the Windows Borland compiler, it fails because the
  "tlib" tool doesn't support hyphens (minus signs) in file names and we have
  such in the build.
  http://curl.haxx.se/bug/view.cgi?id=1222
 81. When using -J (with -O), automaticly resumed downloading together with "-C
  -" fails. Without -J the same command line works! This happens because the
  resume logic is worked out before the target file name (and thus its
  pre-transfer size) has been figured out!
  http://curl.haxx.se/bug/view.cgi?id=1169
 80. Curl doesn't recognize certificates in DER format in keychain, but it
  works with PEM.
-  http://curl.haxx.se/bug/view.cgi?id=3439999
+  http://curl.haxx.se/bug/view.cgi?id=1065
 79. SMTP. When sending data to multiple recipients, curl will abort and return
  failure if one of the recipients indicate failure (on the "RCPT TO"
  command). Ordinary mail programs would proceed and still send to the ones
  that can receive data. This is subject for change in the future.
-  http://curl.haxx.se/bug/view.cgi?id=3438362
+  http://curl.haxx.se/bug/view.cgi?id=1116
 78. curl and libcurl don't always signal the client properly when "sending"
  zero bytes files - it makes for example the command line client not creating
  any file at all. Like when using FTP.
-  http://curl.haxx.se/bug/view.cgi?id=3438362
+  http://curl.haxx.se/bug/view.cgi?id=1063
 77. CURLOPT_FORBID_REUSE on a handle prevents NTLM from working since it
  "abuses" the underlying connection re-use system and if connections are
@@ -31,7 +53,7 @@ may have been fixed since this was written!
  properly if built with UNICODE defined together with the schannel/winssl
  backend. The original problem was mentioned in:
  http://curl.haxx.se/mail/lib-2009-10/0024.html
-  http://curl.haxx.se/bug/view.cgi?id=2944325
+  http://curl.haxx.se/bug/view.cgi?id=896
  The schannel version verified to work as mentioned in
  http://curl.haxx.se/mail/lib-2012-07/0073.html
@@ -41,7 +63,7 @@ may have been fixed since this was written!
  acknowledge the connection timeout during that phase but only the "real"
  timeout - which may surprise users as it is probably considered to be the
  connect phase to most people. Brought up (and is being misunderstood) in:
-  http://curl.haxx.se/bug/view.cgi?id=2844077
+  http://curl.haxx.se/bug/view.cgi?id=856
 72. "Pausing pipeline problems."
  http://curl.haxx.se/mail/lib-2009-07/0214.html
@@ -59,7 +81,7 @@ may have been fixed since this was written!
  http://tools.ietf.org/html/draft-reschke-rfc2231-in-http-02
 66. When using telnet, the time limitation options don't work.
-  http://curl.haxx.se/bug/view.cgi?id=2818950
+  http://curl.haxx.se/bug/view.cgi?id=846
 65. When doing FTP over a socks proxy or CONNECT through HTTP proxy and the
  multi interface is used, libcurl will fail if the (passive) TCP connection
@@ -85,19 +107,12 @@ may have been fixed since this was written!
  CURLOPT_FAILONERROR with FTP to detect if a file exists or not, but it is
  not working: http://curl.haxx.se/mail/lib-2008-07/0295.html
 57. On VMS-Alpha: When using an http-file-upload the file is not sent to the
  Server with the correct content-length.  Sending a file with 511 or less
  bytes, content-length 512 is used.  Sending a file with 513 - 1023 bytes,
  content-length 1024 is used.  Files with a length of a multiple of 512 Bytes
  show the correct content-length. Only these files work for upload.
  http://curl.haxx.se/bug/view.cgi?id=2057858
 56. When libcurl sends CURLOPT_POSTQUOTE commands when connected to a SFTP
  server using the multi interface, the commands are not being sent correctly
  and instead the connection is "cancelled" (the operation is considered done)
  prematurely. There is a half-baked (busy-looping) patch provided in the bug
  report but it cannot be accepted as-is. See
-  http://curl.haxx.se/bug/view.cgi?id=2006544
+  http://curl.haxx.se/bug/view.cgi?id=748
 55. libcurl fails to build with MIT Kerberos for Windows (KfW) due to KfW's
  library header files exporting symbols/macros that should be kept private
@@ -121,12 +136,12 @@ may have been fixed since this was written!
  protocol code. This should be very rare.
 43. There seems to be a problem when connecting to the Microsoft telnet server.
-  http://curl.haxx.se/bug/view.cgi?id=1720605
+  http://curl.haxx.se/bug/view.cgi?id=649
 41. When doing an operation over FTP that requires the ACCT command (but not
  when logging in), the operation will fail since libcurl doesn't detect this
  and thus fails to issue the correct command:
-  http://curl.haxx.se/bug/view.cgi?id=1693337
+  http://curl.haxx.se/bug/view.cgi?id=635
 39. Steffen Rumler's Race Condition in Curl_proxyCONNECT:
  http://curl.haxx.se/mail/lib-2007-01/0045.html
@@ -139,7 +154,7 @@ may have been fixed since this was written!
 34. The SOCKS4 connection codes don't properly acknowledge (connect) timeouts.
  Also see #12. According to bug #1556528, even the SOCKS5 connect code does
-  not do it right: http://curl.haxx.se/bug/view.cgi?id=1556528,
+  not do it right: http://curl.haxx.se/bug/view.cgi?id=604
 31. "curl-config --libs" will include details set in LDFLAGS when configure is
  run that might be needed only for building libcurl. Further, curl-config
@@ -154,13 +169,12 @@ may have been fixed since this was written!
  IDs in URLs to get around the problem of percent signs being
  special. According to the reporter, Firefox deals with the URL _with_ a
  percent letter (which seems like a blatant URL spec violation).
-  libcurl supports zone IDs where the percent sign is URL-escaped (i.e. %25).
+  libcurl supports zone IDs where the percent sign is URL-escaped (i.e. %25):
-
+  http://curl.haxx.se/bug/view.cgi?id=555
   See http://curl.haxx.se/bug/view.cgi?id=1371118
 26. NTLM authentication using SSPI (on Windows) when (lib)curl is running in
  "system context" will make it use wrong(?) user name - at least when compared
-  to what winhttp does. See http://curl.haxx.se/bug/view.cgi?id=1281867
+  to what winhttp does. See http://curl.haxx.se/bug/view.cgi?id=535
 23. SOCKS-related problems:
  B) libcurl doesn't support FTPS over a SOCKS proxy.
@@ -169,12 +183,6 @@ may have been fixed since this was written!
  We probably have even more bugs and lack of features when a SOCKS proxy is
  used.
 22. Sending files to a FTP server using curl on VMS, might lead to curl
  complaining on "unaligned file size" on completion. The problem is related
  to VMS file structures and the perceived file sizes stat() returns. A
  possible fix would involve sending a "STRU VMS" command.
  http://curl.haxx.se/bug/view.cgi?id=1156287
 21. FTP ASCII transfers do not follow RFC959. They don't convert the data
   accordingly (not for sending nor for receiving). RFC 959 section 3.1.1.1
   clearly describes how this should be done:
@@ -212,7 +220,7 @@ may have been fixed since this was written!
 10. To get HTTP Negotiate authentication to work fine, you need to provide a
  (fake) user name (this concerns both curl and the lib) because the code
  wrongly only considers authentication if there's a user name provided.
-  http://curl.haxx.se/bug/view.cgi?id=1004841. How?
+  http://curl.haxx.se/bug/view.cgi?id=440 How?
  http://curl.haxx.se/mail/lib-2004-08/0182.html
 8. Doing resumed upload over HTTP does not work with '-C -', because curl
--- a/docs/LIBCURL-STRUCTS
+++ b/docs/LIBCURL-STRUCTS
@@ -0,0 +1,245 @@
                                  _   _ ____  _
                              ___| | | |  _ \| |
                             / __| | | | |_) | |
                            | (__| |_| |  _ <| |___
                             \___|\___/|_| \_\_____|
 Structs in libcurl
 This document should cover 7.32.0 pretty accurately, but will make sense even
 for older and later versions as things don't change drastically that often.
 1. The main structs in libcurl
  1.1 SessionHandle
  1.2 connectdata
  1.3 Curl_multi
  1.4 Curl_handler
  1.5 conncache
  1.6 Curl_share
  1.7 CookieInfo
 ==============================================================================
 1. The main structs in libcurl
  1.1 SessionHandle
  The SessionHandle handle struct is the one returned to the outside in the
  external API as a "CURL *". This is usually known as an easy handle in API
  documentations and examples.
  Information and state that is related to the actual connection is in the
  'connectdata' struct. When a transfer is about to be made, libcurl will
  either create a new connection or re-use an existing one. The particular
  connectdata that is used by this handle is pointed out by
  SessionHandle->easy_conn.
  Data and information that regard this particular single transfer is put in
  the SingleRequest sub-struct.
  When the SessionHandle struct is added to a multi handle, as it must be in
  order to do any transfer, the ->multi member will point to the Curl_multi
  struct it belongs to. The ->prev and ->next members will then be used by the
  multi code to keep a linked list of SessionHandle structs that are added to
  that same multi handle. libcurl always uses multi so ->multi *will* point to
  a Curl_multi when a transfer is in progress.
  ->mstate is the multi state of this particular SessionHandle. When
  multi_runsingle() is called, it will act on this handle according to which
  state it is in. The mstate is also what tells which sockets to return for a
  speicific SessionHandle when curl_multi_fdset() is called etc.
  The libcurl source code generally use the name 'data' for the variable that
  points to the SessionHandle.
  1.2 connectdata
  A general idea in libcurl is to keep connections around in a connection
  "cache" after they have been used in case they will be used again and then
  re-use an existing one instead of creating a new as it creates a significant
  performance boost.
  Each 'connectdata' identifies a single physical conncetion to a server. If
  the connection can't be kept alive, the connection will be closed after use
  and then this struct can be removed from the cache and freed.
  Thus, the same SessionHandle can be used multiple times and each time select
  another connectdata struct to use for the connection. Keep this in mind, as
  it is then important to consider if options or choices are based on the
  connection or the SessionHandle.
  Functions in libcurl will assume that connectdata->data points to the
  SessionHandle that uses this connection.
  As a special complexity, some protocols supported by libcurl require a
  special disconnect procedure that is more than just shutting down the
  socket. It can involve sending one or more commands to the server before
  doing so. Since connections are kept in the connection cache after use, the
  original SessionHandle may no longer be around when the time comes to shut
  down a particular connection. For this purpose, libcurl holds a special
  dummy 'closure_handle' SessionHandle in the Curl_multi struct to 
  FTP uses two TCP connections for a typical transfer but it keeps both in
  this single struct and thus can be considered a single connection for most
  internal concerns.
  The libcurl source code generally use the name 'conn' for the variable that
  points to the connectdata.
  1.3 Curl_multi
  Internally, the easy interface is implemented as a wrapper around multi
  interface functions. This makes everything multi interface.
  Curl_multi is the multi handle struct exposed as "CURLM *" in external APIs.
  This struct holds a list of SessionHandle structs that have been added to
  this handle with curl_multi_add_handle(). The start of the list is ->easyp
  and ->num_easy is a counter of added SessionHandles.
  ->msglist is a linked list of messages to send back when
  curl_multi_info_read() is called. Basically a node is added to that list
  when an individual SessionHandle's transfer has completed.
  ->hostcache points to the name cache. It is a hash table for looking up name
  to IP. The nodes have a limited life time in there and this cache is meant
  to reduce the time for when the same name is wanted within a short period of
  time.
  ->timetree points to a tree of SessionHandles, sorted by the remaining time
  until it should be checked - normally some sort of timeout. Each
  SessionHandle has one node in the tree.
  ->sockhash is a hash table to allow fast lookups of socket descriptor to
  which SessionHandle that uses that descriptor. This is necessary for the
  multi_socket API.
  ->conn_cache points to the connection cache. It keeps track of all
  connections that are kept after use. The cache has a maximum size.
  ->closure_handle is described in the 'connectdata' section.
  The libcurl source code generally use the name 'multi' for the variable that
  points to the Curl_multi struct.
  1.4 Curl_handler
  Each unique protocol that is supported by libcurl needs to provide at least
  one Curl_handler struct. It defines what the protocol is called and what
  functions the main code should call to deal with protocol specific issues.
  In general, there's a source file named [protocol].c in which there's a
  "struct Curl_handler Curl_handler_[protocol]" declared. In url.c there's
  then the main array with all individual Curl_handler structs pointed to from
  a single array which is scanned through when a URL is given to libcurl to
  work with.
  ->scheme is the URL scheme name, usually spelled out in uppercase. That's
  "HTTP" or "FTP" etc. SSL versions of the protcol need its own Curl_handler
  setup so HTTPS separate from HTTP.
  ->setup_connection is called to allow the protocol code to allocate protocol
  specific data that then gets associated with that SessionHandle for the rest
  of this transfer. It gets freed again at the end of the transfer. It will be
  called before the 'connectdata' for the transfer has been selected/created.
  Most protocols will allocate its private 'struct [PROTOCOL]' here and assign
  SessionHandle->req.protop to point to it.
  ->connect_it allows a protocol to do some specific actions after the TCP
  connect is done, that can still be considered part of the connection phase.
  Some protocols will alter the connectdata->recv[] and connectdata->send[]
  function pointers in this function.
  ->connecting is similarly a function that keeps getting called as long as the
  protocol considers itself still in the connecting phase.
  ->do_it is the function called to issue the transfer request. What we call
  the DO action internally. If the DO is not enough and things need to be kept
  getting done for the entier DO sequence to complete, ->doing is then usually
  also provided. Each protocol that needs to do multiple commands or similar
  for do/doing need to implement their own state machines (see SCP, SFTP,
  FTP). Some protocols (only FTP and only due to historical reasons) has a
  separate piece of the DO state called DO_MORE.
  ->doing keeps getting called while issudeing the transfer request command(s)
  ->done gets called when the transfer is complete and DONE. That's after the
  main data has been transferred.
  ->do_more gets called doring the DO_MORE state. The FTP protocol uses this
  state when setting up the second connection.
  ->proto_getsock
  ->doing_getsock
  ->domore_getsock
  ->perform_getsock
  Functions that return socket information. Which socket(s) to wait for which
  action(s) during the particular multi state.
  ->disconnect is called immediately before the TCP connection is shutdown.
  ->readwrite gets called during transfer to allow the protocol to do extra
  reads/writes
  ->defport is the default report TCP or UDP port this protocol uses
  ->protocol is one or more bits in the CURLPROTO_* set. The SSL versions have
  their "base" protocol set and then the SSL variation. Like "HTTP|HTTPS".
  ->flags is a bitmask with additional information about the protocol that will
  make it get treated differently by the generic engine:
    PROTOPT_SSL - will make it connect and negotiate SSL
    PROTOPT_DUAL - this protocol uses two connections
    PROTOPT_CLOSEACTION - this protocol has actions to do before closing the
    connection. This flag is no longer used by code, yet still set for a bunch
    protocol handlers.
    PROTOPT_DIRLOCK - "direction lock". The SSH protocols set this bit to
    limit which "direction" of socket actions that the main engine will
    concern itself about.
    PROTOPT_NONETWORK - a protocol that doesn't use network (read file:)
    PROTOPT_NEEDSPWD - this protocol needs a password and will use a default
    one unless one is provided
    PROTOPT_NOURLQUERY - this protocol can't handle a query part on the URL
    (?foo=bar)
  1.5 conncache
  Is a hash table with connections for later re-use. Each SessionHandle has
  a pointer to its connection cache. Each multi handle sets up a connection
  cache that all added SessionHandles share by default.
  1.6 Curl_share
  The libcurl share API allocates a Curl_share struct, exposed to the external
  API as "CURLSH *".
  The idea is that the struct can have a set of own versions of caches and
  pools and then by providing this struct in the CURLOPT_SHARE option, those
  specific SessionHandles will use the caches/pools that this share handle
  holds.
  Then individual SessionHandle structs can be made to share specific things
  that they otherwise wouldn't, such as cookies.
  The Curl_share struct can currently hold cookies, DNS cache and the SSL
  session cache.
  1.7 CookieInfo
  This is the main cookie struct. It holds all known cookies and related
  information. Each SessionHandle has its own private CookieInfo even when
  they are added to a multi handle. They can be made to share cookies by using
  the share API.
--- a/docs/Makefile.am
+++ b/docs/Makefile.am
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -22,7 +22,8 @@
 AUTOMAKE_OPTIONS = foreign no-dependencies
-man_MANS = curl.1 curl-config.1 mk-ca-bundle.1
+man_MANS = curl.1 curl-config.1
 noinst_man_MANS = mk-ca-bundle.1
 GENHTMLPAGES = curl.html curl-config.html mk-ca-bundle.html
 PDFPAGES = curl.pdf curl-config.pdf mk-ca-bundle.pdf
@@ -36,7 +37,7 @@ EXTRA_DIST = MANUAL BUGS CONTRIBUTE FAQ FEATURES INTERNALS SSLCERTS	 \
 README.win32 RESOURCES TODO TheArtOfHttpScripting THANKS VERSIONS	 \
 KNOWN_BUGS BINDINGS $(man_MANS) $(HTMLPAGES) HISTORY INSTALL		 \
 $(PDFPAGES) LICENSE-MIXING README.netware DISTRO-DILEMMA INSTALL.devcpp \
- MAIL-ETIQUETTE HTTP-COOKIES
+ MAIL-ETIQUETTE HTTP-COOKIES LIBCURL-STRUCTS
 MAN2HTML= roffit < $< >$@
--- a/docs/SSLCERTS
+++ b/docs/SSLCERTS
@@ -1,6 +1,12 @@
                      Peer SSL Certificate Verification
                      =================================
 (NOTE: If libcurl was built with Schannel or Secure Transport support, then
 this does not apply to you. Scroll down for details on how the OS-native
 engines handle SSL certificates. If you're not sure, then run "curl -V" and
 read the results. If the version string says "WinSSL" in it, then it was built
 with Schannel support.)
 libcurl performs peer SSL certificate verification by default.  This is done
 by using CA cert bundle that the SSL library can use to make sure the peer's
 server certificate is valid.
@@ -93,24 +99,40 @@ server.
                      Peer SSL Certificate Verification with NSS
                      ==========================================
-If libcurl is build with NSS support then depending on the OS distribution it
+If libcurl was built with NSS support, then depending on the OS distribution,
-is probably required to take some additional steps to use the system-wide CA
+it is probably required to take some additional steps to use the system-wide CA
-cert db. RedHat ships with an additional module libnsspem.so which enables NSS
+cert db. RedHat ships with an additional module, libnsspem.so, which enables
-to read the OpenSSL PEM CA bundle. With OpenSuSE this lib is missing, and NSS
+NSS to read the OpenSSL PEM CA bundle. This library is missing in OpenSuSE, and
-can only work with its own internal formats. Also NSS got a new database
+without it, NSS can only work with its own internal formats. NSS also has a new
-format:
+database format: https://wiki.mozilla.org/NSS_Shared_DB
-https://wiki.mozilla.org/NSS_Shared_DB
+
-Starting with version 7.19.7 libcurl will check for the NSS version it runs,
+Starting with version 7.19.7, libcurl will check for the NSS version it runs,
-and add automatically the 'sql:' prefix to the certdb directory (either the
+and automatically add the 'sql:' prefix to the certdb directory (either the
 hardcoded default /etc/pki/nssdb or the directory configured with SSL_DIR
-environment variable) if a version 3.12.0 or later is detected.
+environment variable) if version 3.12.0 or later is detected. To check which
-To check which certdb format your distribution provides examine the default
+ertdb format your distribution provides, examine the default
-certdb location /etc/pki/nssdb; the new certdb format can be identified by
+certdb location: /etc/pki/nssdb; the new certdb format can be identified by
 the filenames cert9.db, key4.db, pkcs11.txt; filenames of older versions are
 cert8.db, key3.db, modsec.db.
-Usually these cert databases are empty; but NSS also has built-in CAs which are
+
-provided through a shared library libnssckbi.so; if you want to use these
+Usually these cert databases are empty, but NSS also has built-in CAs which are
-built-in CAs then create a symlink to libnssckbi.so in /etc/pki/nssdb:
+provided through a shared library, libnssckbi.so; if you want to use these
 built-in CAs, then create a symlink to libnssckbi.so in /etc/pki/nssdb:
 ln -s /usr/lib[64]/libnssckbi.so /etc/pki/nssdb/libnssckbi.so
     Peer SSL Certificate Verification with Schannel and Secure Transport
     ====================================================================
 If libcurl was built with Schannel (Microsoft's TLS/SSL engine) or Secure
 Transport (Apple's TLS/SSL engine) support, then libcurl will still perform
 peer certificate verification, but instead of using a CA cert bundle, it will
 use the certificates that are built into the OS. These are the same
 certificates that appear in the Internet Options control panel (under Windows)
 or Keychain Access application (under OS X). Any custom security rules for
 certificates will be honored.
 Schannel will run CRL checks on certificates unless peer verification is
 disabled. Secure Transport on iOS will run OCSP checks on certificates unless
 peer verification is disabled. Secure Transport on OS X will run either OCSP
 or CRL checks on certificates if those features are enabled, and this behavior
 can be adjusted in the preferences of Keychain Access.
--- a/docs/THANKS
+++ b/docs/THANKS
@@ -13,14 +13,15 @@ Adam Tkac
 Adrian Schuur
 Adriano Meirelles
 Ajit Dhumale
 Aki Koskinen
 Akos Pasztory
 Alan Pinstein
 Albert Chin
 Albert Chin-A-Young
 Albert Choy
 Ale Vesely
 Alejandro Alvarez
 Aleksandar Milivojevic
 Aleksey Tulinov
 Alessandro Ghedini
 Alessandro Vesely
 Alex Bligh
@@ -31,6 +32,7 @@ Alex Suykov
 Alex Vinnik
 Alex aka WindEagle
 Alexander Beedie
 Alexander Klauer
 Alexander Kourakos
 Alexander Krasnostavsky
 Alexander Lazic
@@ -46,11 +48,13 @@ Amol Pattekar
 Amr Shahin
 Anatoli Tubman
 Anders Gustafsson
 Anders Havn
 Andi Jahja
 Andre Guibert de Bruet
 Andreas Damm
 Andreas Faerber
 Andreas Farber
 Andreas Malzahn
 Andreas Ntaflos
 Andreas Olsson
 Andreas Rieke
@@ -64,9 +68,11 @@ Andrew Biggs
 Andrew Bushnell
 Andrew Francis
 Andrew Fuller
 Andrew Kurushin
 Andrew Moise
 Andrew Wansink
 Andrew de los Reyes
 Andrii Moiseiev
 Andrés García
 Andy Cedilnik
 Andy Serpa
@@ -89,6 +95,7 @@ Ates Goral
 Augustus Saunders
 Avery Fay
 Axel Tillequin
 Balaji Parasuram
 Balint Szilakszi
 Bart Whiteley
 Bas Mevissen
@@ -100,17 +107,20 @@ Ben Van Hof
 Ben Winslow
 Benbuck Nason
 Benjamin Gerard
 Benjamin Gilbert
 Benjamin Johnson
 Bernard Leak
 Bernhard Reutner-Fischer
 Bertrand Demiddelaer
 Bill Egert
 Bill Hoffman
 Bill Middlecamp
 Bjoern Sikora
 Bjorn Augustsson
 Bjorn Reese
 Björn Stenberg
 Blaise Potard
 Bob Relyea
 Bob Richmond
 Bob Schader
 Bogdan Nicula
@@ -128,8 +138,10 @@ Brian R Duffy
 Brian Ulm
 Brock Noland
 Bruce Mitchener
 Bruno de Carvalho
 Bryan Henderson
 Bryan Kemp
 Byrial Jensen
 Cameron Kaiser
 Camille Moncelier
 Caolan McNamara
@@ -150,13 +162,13 @@ Chris Maltby
 Chris Mumford
 Chris Smowton
 Christian Grothoff
 Christian Hagele
 Christian Hägele
 Christian Krause
 Christian Kurz
 Christian Robottom Reis
 Christian Schmitz
 Christian Vogt
 Christian Weisgerber
 Christophe Demory
 Christophe Legry
 Christopher Conroy
@@ -166,6 +178,7 @@ Christopher Stone
 Ciprian Badescu
 Claes Jakobsson
 Clarence Gardner
 Clemens Gruber
 Clifford Wolf
 Cody Jones
 Colin Hogben
@@ -177,10 +190,10 @@ Craig A West
 Craig Davison
 Craig Markwardt
 Cris Bailiff
 Cristian Rodriguez
 Cristian Rodríguez
 Curt Bogmine
 Cyrill Osterwalder
 Cédric Deltheil
 Dag Ekengren
 Dagobert Michelsen
 Damien Adant
@@ -228,6 +241,7 @@ David Odin
 David Phillips
 David Rosenstrauch
 David Shaw
 David Strauss
 David Tarendash
 David Thiel
 David Wright
@@ -260,6 +274,7 @@ Douglas R. Horner
 Douglas Steinwand
 Dov Murik
 Duane Cathey
 Duncan
 Duncan Mac-Vicar Prett
 Dustin Boswell
 Dylan Ellicott
@@ -268,9 +283,11 @@ Early Ehlinger
 Ebenezer Ikonne
 Edin Kadribasic
 Eduard Bloch
 Edward Rudd
 Edward Sheldrake
 Eelco Dolstra
 Eetu Ojanen
 Eldar Zaitov
 Ellis Pritchard
 Emanuele Bovisio
 Emil Romanus
@@ -284,15 +301,18 @@ Eric Lavigne
 Eric Melville
 Eric Mertens
 Eric Rautman
 Eric S. Raymond
 Eric Thelin
 Eric Vergnaud
 Eric Wong
 Eric Young
 Erick Nuwendam
 Erik Johansson
 Erwan Legrand
 Erwin Authried
 Eugene Kotlyarov
 Evan Jordan
 Evgeny Turnaev
 Eygene Ryabinkin
 Fabian Hiernaux
 Fabian Keil
@@ -313,6 +333,7 @@ Fred Machado
 Fred New
 Fred Noz
 Frederic Lepied
 Fredrik Thulin
 Gabriel Kuri
 Gabriel Sjoberg
 Garrett Holmstrom
@@ -356,6 +377,7 @@ Gwenole Beauchesne
 Götz Babin-Ebell
 Hamish Mackenzie
 Hang Kin Lau
 Hang Su
 Hanno Kranzhoff
 Hans Steegers
 Hans-Jurgen May
@@ -390,6 +412,7 @@ Immanuel Gregoire
 Ingmar Runge
 Ingo Ralf Blum
 Ingo Wilken
 Ishan SinghLevett
 Jack Zhang
 Jacky Lam
 Jacob Meuser
@@ -411,6 +434,7 @@ Jan Koen Annot
 Jan Kunder
 Jan Schaumann
 Jan Van Boghout
 Jared Jennings
 Jared Lundell
 Jari Sundell
 Jason Glasgow
@@ -425,6 +449,7 @@ Jean-Claude Chauve
 Jean-Francois Bertrand
 Jean-Louis Lemaire
 Jean-Marc Ranger
 Jean-Noel Rouvignac
 Jean-Philippe Barrette-LaPierre
 Jeff Connelly
 Jeff Johnson
@@ -434,6 +459,7 @@ Jeff Pohlmeyer
 Jeff Weber
 Jeffrey Pohlmeyer
 Jeremy Friesner
 Jeremy Huddleston
 Jerome Muffat-Meridol
 Jerome Vouillon
 Jerry Wu
@@ -445,6 +471,8 @@ Jim Drash
 Jim Freeman
 Jim Hollinger
 Jim Meyering
 Jiri Hruska
 Jiri Jaburek
 Jocelyn Jaubert
 Joe Halpin
 Joe Malicki
@@ -459,6 +487,7 @@ John Bradshaw
 John Crow
 John Dennis
 John E. Malmberg
 John Gardiner Myers
 John Janssen
 John Joseph Bachir
 John Kelly
@@ -500,8 +529,10 @@ Julien Royer
 Jun-ichiro itojun Hagino
 Jurij Smakov
 Justin Fletcher
 Justin Karneges
 Jörg Mueller-Tolk
 Jörn Hartroth
 Kai Engert
 Kai Sommerfeld
 Kai-Uwe Rommel
 Kalle Vahlman
@@ -527,10 +558,12 @@ Kevin Lussier
 Kevin Reed
 Kevin Roth
 Kim Rinnewitz
 Kim Vandry
 Kimmo Kinnunen
 Kjell Ericson
 Kjetil Jacobsen
 Klevtsov Vadim
 Konstantin Isakov
 Kris Kennaway
 Krishnendu Majumdar
 Krister Johansen
@@ -543,6 +576,7 @@ Larry Fahnoe
 Lars Buitinck
 Lars Gustafsson
 Lars J. Aas
 Lars Johannesen
 Lars Nilsson
 Lars Torben Wilson
 Lau Hang Kin
@@ -559,11 +593,13 @@ Ling Thio
 Linus Nielsen Feltzing
 Lisa Xu
 Liza Alenchery
 Lluís Batlle i Rossell
 Loic Dachary
 Loren Kirkby
 Luca Altea
 Luca Alteas
 Lucas Adamski
 Ludovico Cavedon
 Lukasz Czekierda
 Luke Amery
 Luke Call
@@ -575,6 +611,7 @@ Mandy Wu
 Manfred Schwarb
 Manuel Massing
 Marc Boucher
 Marc Doughty
 Marc Hoersken
 Marc Kleine-Budde
 Marcel Raad
@@ -606,6 +643,7 @@ Martin C. Martin
 Martin Drasar
 Martin Hager
 Martin Hedenfalk
 Martin Jansen
 Martin Lemke
 Martin Skinner
 Martin Storsjo
@@ -616,6 +654,7 @@ Massimo Callegari
 Mateusz Loskot
 Mathias Axelsson
 Mats Lidell
 Matt Arsenault
 Matt Kraai
 Matt Veenstra
 Matt Witherspoon
@@ -652,12 +691,14 @@ Michal Gorny
 Michal Kowalczyk
 Michal Marek
 Michele Bini
 Miguel Angel
 Mihai Ionescu
 Mikael Johansson
 Mikael Sennerholm
 Mike Bytnar
 Mike Crowe
 Mike Dobbs
 Mike Giancola
 Mike Hommey
 Mike Power
 Mike Protts
@@ -667,6 +708,8 @@ Mitz Wark
 Mohamed Lrhazi
 Mohun Biswas
 Moonesamy
 Myk Taylor
 Nach M. S.
 Nathan Coulter
 Nathan O'Sullivan
 Nathanael Nerode
@@ -700,6 +743,7 @@ Ofer
 Olaf Flebbe
 Olaf Stueben
 Olaf Stüben
 Oliver Gondža
 Olivier Berger
 Oren Tirosh
 Ori Avtalion
@@ -711,6 +755,7 @@ Pascal Terjan
 Pasha Kuznetsov
 Pat Ray
 Patrice Guerin
 Patricia Muscalu
 Patrick Bihan-Faou
 Patrick Monnerat
 Patrick Scott
@@ -733,6 +778,7 @@ Pedro Neves
 Pete Su
 Peter Bray
 Peter Forret
 Peter Gal
 Peter Heuchert
 Peter Hjalmarsson
 Peter Korsgaard
@@ -770,6 +816,7 @@ Quinn Slack
 Rafa Muyo
 Rafael Sagula
 Rainer Canavan
 Rainer Jung
 Rainer Koenig
 Rajesh Naganathan
 Ralf S. Engelschall
@@ -784,6 +831,7 @@ Reinout van Schouwen
 Renato Botelho
 Renaud Chaillat
 Renaud Duhaut
 Renaud Guillard
 Rene Bernhardt
 Rene Rebe
 Reuven Wachtfogel
@@ -797,6 +845,7 @@ Richard Bramante
 Richard Clayton
 Richard Cooper
 Richard Gorton
 Richard Michael
 Richard Prescott
 Richard Silverman
 Rick Jones
@@ -813,6 +862,7 @@ Robert Iakobashvili
 Robert Olson
 Robert Schumann
 Robert Weaver
 Robert Wruck
 Robin Cornelius
 Robin Johnson
 Robin Kay
@@ -837,6 +887,7 @@ Ryan Schmidt
 S. Moonesamy
 Salvador Dávila
 Salvatore Sorrentino
 Sam Deane
 Sam Listopad
 Sampo Kellomaki
 Samuel Díaz García
@@ -847,6 +898,7 @@ Sandor Feldi
 Santhana Todatry
 Saqib Ali
 Sara Golemon
 Saran Neti
 Saul good
 Scott Bailey
 Scott Barrett
@@ -876,8 +928,10 @@ Spacen Jasset
 Spiridonoff A.V
 Stadler Stephan
 Stan van de Burgt
 Stanislav Ivochkin
 Stefan Esser
 Stefan Krause
 Stefan Neis
 Stefan Teleman
 Stefan Tomanek
 Stefan Ulrich
@@ -896,6 +950,7 @@ Steve Oliphant
 Steve Roskowski
 Steven Bazyl
 Steven G. Johnson
 Steven Gu
 Steven M. Schweda
 Steven Parkes
 Stoned Elipot
@@ -924,6 +979,7 @@ Tim Harder
 Tim Heckman
 Tim Newsome
 Tim Sneddon
 Timo Sirainen
 Tinus van den Berg
 Tobias Rundström
 Toby Peterson
@@ -933,6 +989,7 @@ Todd Ouska
 Todd Vierling
 Tom Benoist
 Tom Donovan
 Tom Grace
 Tom Lee
 Tom Mattison
 Tom Moers
@@ -958,6 +1015,7 @@ Troels Walsted Hansen
 Troy Engel
 Tupone Alfredo
 Ulf Härnhammar
 Ulrich Doehner
 Ulrich Zadow
 Venkat Akella
 Victor Snezhko
@@ -983,15 +1041,21 @@ Wesley Laxton
 Wesley Miaw
 Wez Furlong
 Wilfredo Sanchez
 Willem Sparreboom
 Wojciech Zwiefka
 Wouter Van Rooy
 Wu Yongzheng
 Xavier Bouchoux
 Yamada Yasuharu
 Yang Tse
 Yarram Sunil
 Yehoshua Hershberg
 Yukihiro Kawada
 Yuriy Sosov
 Yves Arrouye
 Yves Lejeune
 Zdenek Pavlas
 Zekun Ni
 Zmey Petroff
 Zvi Har'El
 nk
--- a/docs/TODO
+++ b/docs/TODO
@@ -16,8 +16,8 @@
 1.3 struct lifreq
 1.4 signal-based resolver timeouts
 1.5 get rid of PATH_MAX
- 1.6 progress callback without doubles
+ 1.6 Happy Eyeball dual stack connect
- 1.7 Happy Eyeball dual stack connect
+ 1.7 Modified buffer size approach
 2. libcurl - multi interface
 2.1 More non-blocking
@@ -38,6 +38,7 @@
 5.1 Better persistency for HTTP 1.0
 5.2 support FF3 sqlite cookie files
 5.3 Rearrange request header order
 5.4 HTTP2/SPDY
 6. TELNET
 6.1 ditch stdin
@@ -45,36 +46,40 @@
 6.3 feature negotiation debug data
 6.4 send data in chunks
- 7. SSL
+ 7. SMTP
- 7.1 Disable specific versions
+ 7.1 Pipelining
- 7.2 Provide mutex locking API
+ 7.2 Graceful base64 decoding failure
- 7.3 Evaluate SSL patches
+ 7.3 Enhanced capability support
 7.4 Cache OpenSSL contexts
 7.5 Export session ids
 7.6 Provide callback for cert verification
 7.7 Support other SSL libraries
 7.9 improve configure --with-ssl
 7.10 Support DANE
 8. GnuTLS
 8.1 SSL engine stuff
 8.3 check connection
 9. SMTP
 9.1 Specify the preferred authentication mechanism
 9.2 Initial response
 9.3 Pipelining
- 10. POP3
+ 8. POP3
- 10.1 auth= in URLs
+ 8.1 Pipelining
 8.2 Graceful base64 decoding failure
 8.3 Enhanced capability support
- 11. LDAP
+ 9. IMAP
- 11.1 SASL based authentication mechanisms
+ 9.1 Graceful base64 decoding failure
 9.2 Enhanced capability support
- 12. Other protocols
+ 10. LDAP
 10.1 SASL based authentication mechanisms
 11. New protocols
 11.1 RSYNC
- 13. New protocols
+ 12. SSL
- 13.1 RSYNC
+ 12.1 Disable specific versions
 12.2 Provide mutex locking API
 12.3 Evaluate SSL patches
 12.4 Cache OpenSSL contexts
 12.5 Export session ids
 12.6 Provide callback for cert verification
 12.7 Support other SSL libraries
 12.8 improve configure --with-ssl
 12.9 Support DANE
 13. GnuTLS
 13.1 SSL engine stuff
 13.2 check connection
 14. SASL
 14.1 Other authentication mechanisms
@@ -152,16 +157,7 @@
 we need libssh2 to properly tell us when we pass in a too small buffer and
 its current API (as of libssh2 1.2.7) doesn't.
-1.6 progress callback without doubles
+1.6 Happy Eyeball dual stack connect
 The progress callback was introduced way back in the days and the choice to
 use doubles in the arguments was possibly good at the time. Today the doubles
 only confuse users and make the amounts less precise. We should introduce
 another progress callback option that take precedence over the old one and
 have both co-exist for a forseeable time until we can remove the double-using
 one.
 1.7 Happy Eyeball dual stack connect
 In order to make alternative technologies not suffer when transitioning, like
 when introducing IPv6 as an alternative to IPv4 and there are more than one
@@ -173,6 +169,27 @@
    http://tools.ietf.org/html/rfc6555
 1.7 Modified buffer size approach
 Current libcurl allocates a fixed 16K size buffer for download and an
 additional 16K for upload. They are always unconditionally part of the easy
 handle. If CRLF translations are requested, an additional 32K "scratch
 buffer" is allocated. A total of 64K transfer buffers in the worst case.
 First, while the handles are not actually in use these buffers could be freed
 so that lingering handles just kept in queues or whatever waste less memory.
 Secondly, SFTP is a protocol that needs to handle many ~30K blocks at once
 since each need to be individually acked and therefore libssh2 must be
 allowed to send (or receive) many separate ones in parallel to achieve high
 transfer speeds. A current libcurl build with a 16K buffer makes that
 impossible, but one with a 512K buffer will reach MUCH faster transfers. But
 allocating 512K unconditionally for all buffers just in case they would like
 to do fast SFTP transfers at some point is not a good solution either.
 Dynamically allocate buffer size depending on protocol in use in combination
 with freeing it after each individual transfer? Other suggestions?
 2. libcurl - multi interface
@@ -265,6 +282,24 @@
 headers use a default value so only headers that need to be moved have to be
 specified.
 5.4 HTTP2/SPDY
 The first drafts for HTTP2 have been published
 (http://tools.ietf.org/html/draft-ietf-httpbis-http2-03) and is so far based
 on SPDY (http://www.chromium.org/spdy) designs and experiences. Chances are
 it will end up in that style. Chrome and Firefox already support SPDY and
 lots of web services do.
 It would make sense to implement SPDY support now and later transition into
 or add HTTP2 support as well.
 We should base or HTTP2/SPDY work on a 3rd party library for the protocol
 fiddling. The Spindy library (http://spindly.haxx.se/) was an attempt to make
 such a library with an API suitable for use by libcurl but that effort has
 more or less stalled.  spdylay (https://github.com/tatsuhiro-t/spdylay) may
 be a better option, either used directly or wrapped with a more spindly-like
 API.
 6. TELNET
@@ -290,25 +325,92 @@ to provide the data to send.
  use, but inefficient for any other.  Sent data should be sent in larger
  chunks.
-7. SSL
+7. SMTP
-7.1 Disable specific versions
+7.1 Pipelining
 Add support for pipelining emails.
 7.2 Graceful base64 decoding failure
 Rather than shutting down the session and returning an error when the
 decoding of a base64 encoded authentication response fails, we should
 gracefully shutdown the authentication process by sending a * response to the
 server as per RFC4954.
 7.3 Enhanced capability support
 Add the ability, for an application that uses libcurl, to obtain the list of
 capabilities returned from the EHLO command.
 8. POP3
 8.1 Pipelining
 Add support for pipelining commands.
 8.2 Graceful base64 decoding failure
 Rather than shutting down the session and returning an error when the
 decoding of a base64 encoded authentication response fails, we should
 gracefully shutdown the authentication process by sending a * response to the
 server as per RFC5034.
 8.3 Enhanced capability support
 Add the ability, for an application that uses libcurl, to obtain the list of
 capabilities returned from the CAPA command.
 9. IMAP
 9.1 Graceful base64 decoding failure
 Rather than shutting down the session and returning an error when the
 decoding of a base64 encoded authentication response fails, we should
 gracefully shutdown the authentication process by sending a * response to the
 server as per RFC3501.
 9.2 Enhanced capability support
 Add the ability, for an application that uses libcurl, to obtain the list of
 capabilities returned from the CAPABILITY command.
 10. LDAP
 10.1 SASL based authentication mechanisms
 Currently the LDAP module only supports ldap_simple_bind_s() in order to bind
 to an LDAP server. However, this function sends username and password details
 using the simple authentication mechanism (as clear text). However, it should
 be possible to use ldap_bind_s() instead specifing the security context
 information ourselves.
 11. New protocols
 11.1 RSYNC
 There's no RFC for the protocol or an URI/URL format.  An implementation
 should most probably use an existing rsync library, such as librsync.
 12. SSL
 12.1 Disable specific versions
 Provide an option that allows for disabling specific SSL versions, such as
 SSLv2 http://curl.haxx.se/bug/feature.cgi?id=1767276
-7.2 Provide mutex locking API
+12.2 Provide mutex locking API
 Provide a libcurl API for setting mutex callbacks in the underlying SSL
 library, so that the same application code can use mutex-locking
 independently of OpenSSL or GnutTLS being used.
-7.3 Evaluate SSL patches
+12.3 Evaluate SSL patches
 Evaluate/apply Gertjan van Wingerde's SSL patches:
 http://curl.haxx.se/mail/lib-2004-03/0087.html
-7.4 Cache OpenSSL contexts
+12.4 Cache OpenSSL contexts
 "Look at SSL cafile - quick traces look to me like these are done on every
 request as well, when they should only be necessary once per ssl context (or
@@ -318,7 +420,7 @@ to provide the data to send.
 style connections are re-used. It will make us use slightly more memory but
 it will libcurl do less creations and deletions of SSL contexts.
-7.5 Export session ids
+12.5 Export session ids
 Add an interface to libcurl that enables "session IDs" to get
 exported/imported. Cris Bailiff said: "OpenSSL has functions which can
@@ -326,93 +428,50 @@ to provide the data to send.
 the state from such a buffer at a later date - this is used by mod_ssl for
 apache to implement and SSL session ID cache".
-7.6 Provide callback for cert verification
+12.6 Provide callback for cert verification
 OpenSSL supports a callback for customised verification of the peer
 certificate, but this doesn't seem to be exposed in the libcurl APIs. Could
 it be? There's so much that could be done if it were!
-7.7 Support other SSL libraries
+12.7 Support other SSL libraries
 Make curl's SSL layer capable of using other free SSL libraries.  Such as
 MatrixSSL (http://www.matrixssl.org/).
-7.9 improve configure --with-ssl
+12.8 improve configure --with-ssl
 make the configure --with-ssl option first check for OpenSSL, then GnuTLS,
 then NSS...
-7.10 Support DANE
+12.9 Support DANE
 DNS-Based Authentication of Named Entities (DANE) is a way to provide SSL
 keys and certs over DNS using DNSSEC as an alternative to the CA model.
 http://www.rfc-editor.org/rfc/rfc6698.txt
 An initial patch was posted by Suresh Krishnaswamy on March 7th 2013
 (http://curl.haxx.se/mail/lib-2013-03/0075.html) but it was a too simple
 approach. See Daniel's comments:
 http://curl.haxx.se/mail/lib-2013-03/0103.html . libunbound may be the
 correct library to base this development on.
-8. GnuTLS
+13. GnuTLS
-8.1 SSL engine stuff
+13.1 SSL engine stuff
 Is this even possible?
-8.3 check connection
+13.2 check connection
 Add a way to check if the connection seems to be alive, to correspond to the
 SSL_peak() way we use with OpenSSL.
 9. SMTP
 9.1 Specify the preferred authentication mechanism
 Add the ability to specify the preferred authentication mechanism or a list
 of mechanisms that should be used. Not only that, but the order that is
 returned by the server during the EHLO response should be honored by curl.
 9.2 Initial response
 Add the ability for the user to specify whether the initial response is
 included in the AUTH command. Some email servers, such as Microsoft
 Exchange, can work with either whilst others need to have the initial
 response sent separately:
 http://curl.haxx.se/mail/lib-2012-03/0114.html
 9.3 Pipelining
 Add support for pipelining emails.
 10. POP3
 10.1 auth= in URLs
 Being able to specify the preferred authentication mechanism in the URL as
 per RFC2384.
 11. LDAP
 11.1 SASL based authentication mechanisms
 Currently the LDAP module only supports ldap_simple_bind_s() in order to bind
 to an LDAP server. However, this function sends username and password details
 using the simple authentication mechanism (as clear text). However, it should
 be possible to use ldap_bind_s() instead specifing the security context
 information ourselves.
 12. Other protocols
 13. New protocols
 13.1 RSYNC
 There's no RFC for the protocol or an URI/URL format.  An implementation
 should most probably use an existing rsync library, such as librsync.
 14. SASL
 14.1 Other authentication mechanisms
- Add support for gssapi to SMTP, POP3 and IMAP.
+ Add support for GSSAPI to SMTP, POP3 and IMAP.
 15. Client
--- a/docs/curl.1
+++ b/docs/curl.1
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -103,6 +103,18 @@ any response data to the terminal.
 If you prefer a progress "bar" instead of the regular meter, \fI-#\fP is your
 friend.
 .SH OPTIONS
 Options start with one or two dashes. Many of the options require an addition
 value next to it.
 The short "single-dash" form of the options, -d for example, may be used with
 or without a space between it and its value, although a space is a recommended
 separator. The long "double-dash" form, --data for example, requires a space
 between it and its value.
 Short version options that don't need any additional values can be used
 immediately next to each other, like for example you can specify all the
 options -O, -L and -v at once as -OLv.
 In general, all boolean options are enabled with --\fBoption\fP and yet again
 disabled with --\fBno-\fPoption. That is, you use the exact same option name
 but prefix it with "no-". However, in this list we mostly only list and show
@@ -113,8 +125,14 @@ same command line option.)
 Make curl display progress as a simple progress bar instead of the standard,
 more informational, meter.
 .IP "-0, --http1.0"
-(HTTP) Forces curl to issue its requests using HTTP 1.0 instead of using its
+(HTTP) Tells curl to use HTTP version 1.0 instead of using its internally
-internally preferred: HTTP 1.1.
+preferred: HTTP 1.1.
 .IP "--http1.1"
 (HTTP) Tells curl to use HTTP version 1.1. This is the internal default
 version. (Added in 7.33.0)
 .IP "--http2.0"
 (HTTP) Tells curl to issue its requests using HTTP 2.0. This requires that the
 underlying libcurl was built to support it. (Added in 7.33.0)
 .IP "-1, --tlsv1"
 (SSL)
 Forces curl to use TLS version 1 when negotiating with a remote TLS server.
@@ -230,7 +248,9 @@ server sends an unsupported encoding, curl will report an error.
 .IP "--connect-timeout <seconds>"
 Maximum time in seconds that you allow the connection to the server to take.
 This only limits the connection phase, once curl has connected this option is
-of no more use. See also the \fI-m, --max-time\fP option.
+of no more use.  Since 7.32.0, this option accepts decimal values, but the
 actual timeout will decrease in accuracy as the specified timeout increases in
 decimal precision. See also the \fI-m, --max-time\fP option.
 If this option is used several times, the last one will be used.
 .IP "--create-dirs"
@@ -270,7 +290,8 @@ If you start the data with the letter @, the rest should be a file name to
 read the data from, or - if you want curl to read the data from stdin.  The
 contents of the file must already be URL-encoded. Multiple files can also be
 specified. Posting data from a file named 'foobar' would thus be done with
-\fI--data @foobar\fP.
+\fI--data\fP @foobar. When --data is told to read from a file like that,
 carriage returns and newlines will be stripped out.
 .IP "-D, --dump-header <file>"
 Write the protocol headers to the specified file.
@@ -292,7 +313,7 @@ whatsoever.
 If you start the data with the letter @, the rest should be a filename.  Data
 is posted in a similar manner as \fI--data-ascii\fP does, except that newlines
-are preserved and conversions are never done.
+and carriage returns are preserved and conversions are never done.
 If this option is used several times, the ones following the first will append
 data as described in \fI-d, --data\fP.
@@ -367,6 +388,39 @@ is an alias for \fB--disable-epsv\fP.
 Disabling EPSV only changes the passive behavior. If you want to switch to
 active mode you need to use \fI-P, --ftp-port\fP.
 .IP "--dns-interface <interface>"
 Tell curl to send outgoing DNS requests through <interface>. This option
 is a counterpart to \fI--interface\fP (which does not affect DNS). The
 supplied string must be an interface name (not an address).
 This option requires that libcurl was built with a resolver backend that
 supports this operation. The c-ares backend is the only such one. (Added in
 7.33.0)
 .IP "--dns-ipv4-addr <ip-address>"
 Tell curl to bind to <ip-address> when making IPv4 DNS requests, so that
 the DNS requests originate from this address. The argument should be a
 single IPv4 address.
 This option requires that libcurl was built with a resolver backend that
 supports this operation. The c-ares backend is the only such one.  (Added in
 7.33.0)
 .IP "--dns-ipv6-addr <ip-address>"
 Tell curl to bind to <ip-address> when making IPv6 DNS requests, so that
 the DNS requests originate from this address. The argument should be a
 single IPv6 address.
 This option requires that libcurl was built with a resolver backend that
 supports this operation. The c-ares backend is the only such one.  (Added in
 7.33.0)
 .IP "--dns-servers <ip-address,ip-address>"
 Set the list of DNS servers to be used instead of the system default.
 The list of IP addresses should be separated with commas. Port numbers
 may also optionally be given as \fI:<port-number>\fP after each IP
 address.
 This option requires that libcurl was built with a resolver backend that
 supports this operation. The c-ares backend is the only such one.  (Added in
 7.33.0)
 .IP "-e, --referer <URL>"
 (HTTP) Sends the "Referer Page" information to the HTTP server. This can also
 be set with the \fI-H, --header\fP flag of course.  When used with
@@ -378,7 +432,8 @@ If this option is used several times, the last one will be used.
 .IP "-E, --cert <certificate[:password]>"
 (SSL) Tells curl to use the specified client certificate file when getting a
 file with HTTPS, FTPS or another SSL-based protocol. The certificate must be
-in PEM format.  If the optional password isn't specified, it will be queried
+in PKCS#12 format if using Secure Transport, or PEM format if using any other
 engine.  If the optional password isn't specified, it will be queried
 for on the terminal. Note that this option assumes a \&"certificate" file that
 is the private key and the private certificate concatenated! See \fI--cert\fP
 and \fI--key\fP to specify them independently.
@@ -388,7 +443,16 @@ curl the nickname of the certificate to use within the NSS database defined
 by the environment variable SSL_DIR (or by default /etc/pki/nssdb). If the
 NSS PEM PKCS#11 module (libnsspem.so) is available then PEM files may be
 loaded. If you want to use a file from the current directory, please precede
-it with "./" prefix, in order to avoid confusion with a nickname.
+it with "./" prefix, in order to avoid confusion with a nickname.  If the
 nickname contains ":", it needs to be preceded by "\\" so that it is not
 recognized as password delimiter.  If the nickname contains "\\", it needs to
 be escaped as "\\\\" so that it is not recognized as an escape character.
 (iOS and Mac OS X only) If curl is built against Secure Transport, then the
 certificate string can either be the name of a certificate/private key in the
 system or user keychain, or the path to a PKCS#12-encoded certificate and
 private key. If you want to use a file from the current directory, please
 precede it with "./" prefix, in order to avoid confusion with a nickname.
 If this option is used several times, the last one will be used.
 .IP "--engine <name>"
@@ -805,7 +869,10 @@ Basic authentication).
 .IP "-m, --max-time <seconds>"
 Maximum time in seconds that you allow the whole operation to take.  This is
 useful for preventing your batch jobs from hanging for hours due to slow
-networks or links going down.  See also the \fI--connect-timeout\fP option.
+networks or links going down.  Since 7.32.0, this option accepts decimal
 values, but the actual timeout will decrease in accuracy as the specified
 timeout increases in decimal precision.  See also the \fI--connect-timeout\fP
 option.
 If this option is used several times, the last one will be used.
 .IP "--mail-auth <address>"
@@ -987,6 +1054,14 @@ you want the file saved in a different directory, make sure you change current
 working directory before you invoke curl with the \fB-O, --remote-name\fP flag!
 You may use this option as many times as the number of URLs you have.
 .IP "--oauth2-bearer"
 (IMAP/POP3/SMTP) Specify the Bearer Token for OAUTH 2.0 server authentication.
 The Bearer Token is used in conjuction with the user name which can be
 specified as part of the \fI--url\fP or \fI-u, --user\fP options.
 The Bearer Token and user name are formatted according to RFC 6750.
 If this option is used several times, the last one will be used.
 .IP "-p, --proxytunnel"
 When an HTTP proxy is used (\fI-x, --proxy\fP), this option will cause non-HTTP
 protocols to attempt to tunnel through the proxy instead of merely using it to
@@ -1038,6 +1113,13 @@ ubiquitous in web browsers, so curl does the conversion by default to maintain
 consistency. However, a server may require a POST to remain a POST after such
 a redirection. This option is meaningful only when using \fI-L, --location\fP
 (Added in 7.19.1)
 .IP "--post303"
 (HTTP) Tells curl to respect RFC 2616/10.3.2 and not convert POST requests
 into GET requests when following a 303 redirection. The non-RFC behaviour is
 ubiquitous in web browsers, so curl does the conversion by default to maintain
 consistency. However, a server may require a POST to remain a POST after such
 a redirection. This option is meaningful only when using \fI-L, --location\fP
 (Added in 7.26.0)
 .IP "--proto <protocols>"
 Tells curl to use the listed protocols for its initial retrieval. Protocols
 are evaluated left to right, are comma separated, and are each a protocol
@@ -1272,8 +1354,12 @@ Set this option to zero to not timeout retries. (Added in 7.12.3)
 If this option is used several times, the last one will be used.
 .IP "-s, --silent"
-Silent or quiet mode. Don't show progress meter or error messages.  Makes
+Silent or quiet mode. Don't show progress meter or error messages.  Makes Curl
-Curl mute.
+mute. It will still output the data you ask for, potentially even to the
 terminal/stdout unless you redirect it.
 .IP "--sasl-ir"
 Enable initial response in SASL authentication.
 (Added in 7.31.0)
 .IP "-S, --show-error"
 When used with \fI-s\fP it makes curl show an error message if it fails.
 .IP "--ssl"
@@ -1449,16 +1535,23 @@ If this option is used several times, the last one will be used.
 .IP "--trace-time"
 Prepends a time stamp to each trace or verbose line that curl displays.
 (Added in 7.14.0)
-.IP "-u, --user <user:password>"
+.IP "-u, --user <user:password;options>"
-Specify the user name and password to use for server authentication. Overrides
+Specify the user name, password and optional login options to use for server
-\fI-n, --netrc\fP and \fI--netrc-optional\fP.
+authentication. Overrides \fI-n, --netrc\fP and \fI--netrc-optional\fP.
-If you just give the user name (without entering a colon) curl will prompt for
+If you simply specify the user name, with or without the login options, curl
-a password.
+will prompt for a password.
-If you use an SSPI-enabled curl binary and do NTLM authentication, you can
+If you use an SSPI-enabled curl binary and perform NTLM authentication, you
-force curl to pick up the user name and password from your environment by
+can force curl to select the user name and password from your environment by
-simply specifying a single colon with this option: "-u :".
+simply specifying a single colon with this option: "-u :" or by specfying the
 login options on their own, for example "-u ;auth=NTLM".
 You can use the optional login options part to specify protocol specific
 options that may be used during authentication. At present only IMAP, POP3 and
 SMTP support login options as part of the user login information. For more
 information about the login options please see RFC 2384, RFC 5092 and IETF
 draft draft-earhart-url-smtp-00.txt (Added in 7.31.0). 
 If this option is used several times, the last one will be used.
 .IP "-U, --proxy-user <user:password>"
@@ -1619,8 +1712,16 @@ to follow location: headers.
 If this option is used several times, the last one will be used.
 .IP "-x, --proxy <[protocol://][user:password@]proxyhost[:port]>"
-Use the specified HTTP proxy. If the port number is not specified, it is
+Use the specified proxy.
-assumed at port 1080.
+
 The proxy string can be specified with a protocol:// prefix to specify
 alternative proxy protocols. Use socks4://, socks4a://, socks5:// or
 socks5h:// to request the specific SOCKS version to be used. No protocol
 specified, http:// and all others will be treated as HTTP proxies. (The
 protocol support was added in curl 7.21.7)
 If the port number is not specified in the proxy string, it is assumed to be
 1080.
 This option overrides existing environment variables that set the proxy to
 use. If there's an environment variable setting a proxy, you can set proxy to
@@ -1639,11 +1740,6 @@ The proxy host can be specified the exact same way as the proxy environment
 variables, including the protocol prefix (http://) and the embedded user +
 password.
 From 7.21.7, the proxy string may be specified with a protocol:// prefix to
 specify alternative proxy protocols. Use socks4://, socks4a://, socks5:// or
 socks5h:// to request the specific SOCKS version to be used. No protocol
 specified, http:// and all others will be treated as HTTP proxies.
 If this option is used several times, the last one will be used.
 .IP "-X, --request <command>"
 (HTTP) Specifies a custom request method to use when communicating with the
@@ -1669,7 +1765,7 @@ If this option is used several times, the last one will be used.
 .IP "--xattr"
 When saving output to a file, this option tells curl to store certain file
-metadata in extened file attributes. Currently, the URL is stored in the
+metadata in extended file attributes. Currently, the URL is stored in the
 xdg.origin.url attribute and, for HTTP, the content type is stored in
 the mime_type attribute. If the file system does not support extended
 attributes, a warning is issued.
@@ -1689,7 +1785,7 @@ speed-time seconds it gets aborted. speed-time is set with \fI-y\fP and is 30
 if not set.
 If this option is used several times, the last one will be used.
-.IP "-z/--time-cond <date expression>|<file>"
+.IP "-z, --time-cond <date expression>|<file>"
 (HTTP/FTP) Request a file that has been modified later than the given time and
 date, or one that has been modified before that time. The <date expression>
 can be all sorts of date strings or if it doesn't match any internal ones, it
--- a/docs/examples/.gitignore
+++ b/docs/examples/.gitignore
@@ -43,3 +43,5 @@ simplessl
 smtp-multi
 smtp-tls
 url2file
 usercertinmem
 xmlstream
--- a/docs/examples/Makefile.am
+++ b/docs/examples/Makefile.am
@@ -43,7 +43,6 @@ LIBDIR = $(top_builddir)/lib
 # Avoid libcurl obsolete stuff
 AM_CPPFLAGS += -DCURL_NO_OLDIES
 # Mostly for Windows build targets, when using static libcurl
 if USE_CPPFLAG_CURL_STATICLIB
 AM_CPPFLAGS += -DCURL_STATICLIB
 endif
--- a/docs/examples/Makefile.inc
+++ b/docs/examples/Makefile.inc
@@ -5,11 +5,12 @@ check_PROGRAMS = 10-at-a-time anyauthput cookie_interface debug fileupload \
  persistant post-callback postit2 sepheaders simple simplepost simplessl  \
  sendrecv httpcustomheader certinfo chkspeed ftpgetinfo ftp-wildcard \
  smtp-multi simplesmtp smtp-tls rtsp externalsocket resolve \
-  progressfunc pop3s pop3slist imap url2file sftpget ftpsget
+  progressfunc pop3s pop3slist imap url2file sftpget ftpsget postinmemory
 # These examples require external dependencies that may not be commonly
 # available on POSIX systems, so don't bother attempting to compile them here.
 COMPLICATED_EXAMPLES = curlgtk.c curlx.c htmltitle.cpp cacertinmem.c	   \
  ftpuploadresume.c ghiper.c hiperfifo.c htmltidy.c multithread.c	   \
  opensslthreadlock.c sampleconv.c synctime.c threaded-ssl.c evhiperfifo.c \
-  smooth-gtk-thread.c version-check.pl href_extractor.c asiohiper.cpp
+  smooth-gtk-thread.c version-check.pl href_extractor.c asiohiper.cpp \
  multi-uv.c xmlstream.c usercertinmem.c
--- a/docs/examples/Makefile.m32
+++ b/docs/examples/Makefile.m32
@@ -27,18 +27,18 @@
 ## Example: mingw32-make -f Makefile.m32 CFG=-zlib-ssl-spi-winidn
 ##
 ## Hint: you can also set environment vars to control the build, f.e.:
-## set ZLIB_PATH=c:/zlib-1.2.7
+## set ZLIB_PATH=c:/zlib-1.2.8
 ## set ZLIB=1
 #
 ###########################################################################
 # Edit the path below to point to the base of your Zlib sources.
 ifndef ZLIB_PATH
-ZLIB_PATH = ../../../zlib-1.2.7
+ZLIB_PATH = ../../../zlib-1.2.8
 endif
 # Edit the path below to point to the base of your OpenSSL package.
 ifndef OPENSSL_PATH
-OPENSSL_PATH = ../../../openssl-0.9.8x
+OPENSSL_PATH = ../../../openssl-0.9.8y
 endif
 # Edit the path below to point to the base of your LibSSH2 package.
 ifndef LIBSSH2_PATH
--- a/docs/examples/Makefile.netware
+++ b/docs/examples/Makefile.netware
@@ -14,12 +14,12 @@ endif
 # Edit the path below to point to the base of your Zlib sources.
 ifndef ZLIB_PATH
-ZLIB_PATH = ../../../zlib-1.2.7
+ZLIB_PATH = ../../../zlib-1.2.8
 endif
 # Edit the path below to point to the base of your OpenSSL package.
 ifndef OPENSSL_PATH
-OPENSSL_PATH = ../../../openssl-0.9.8x
+OPENSSL_PATH = ../../../openssl-0.9.8y
 endif
 # Edit the path below to point to the base of your LibSSH2 package.
--- a/docs/examples/README
+++ b/docs/examples/README
@@ -61,6 +61,7 @@ multi-debugcallback.c - a multi-interface app using the debug callback
 multi-double.c - a multi-interface app doing two simultaneous transfers
 multi-post.c   - a multi-interface app doing a multipart formpost
 multi-single.c - a multi-interface app getting a single file
 multi-uv.c     - a multi-interface app using libuv
 multithread.c  - an example using multi-treading transferring multiple files
 opensslthreadlock.c - show how to do locking when using OpenSSL multi-threaded
 persistant.c   - request two URLs with a persistent connection
@@ -77,4 +78,5 @@ simplepost.c   - HTTP POST
 simplessl.c    - HTTPS example with certificates many options set
 synctime.c     - Sync local time by extracting date from remote HTTP servers
 url2file.c     - download a document and store it in a file
 xmlstream.c    - Stream-parse a document using the streaming Expat parser
 10-at-a-time.c - Download many files simultaneously, 10 at a time.
--- a/docs/examples/chkspeed.c
+++ b/docs/examples/chkspeed.c
@@ -60,7 +60,7 @@ int main(int argc, char *argv[])
 {
  CURL *curl_handle;
  CURLcode res;
-  int prtsep = 0, prttime = 0;
+  int prtall = 0, prtsep = 0, prttime = 0;
  const char *url = URL_1M;
  char *appname = argv[0];
@@ -77,6 +77,8 @@ int main(int argc, char *argv[])
          fprintf(stderr, "\r%s %s - %s\n",
                  appname, CHKSPEED_VERSION, curl_version());
          exit(1);
        } else if (strncasecmp(*argv, "-A", 2) == 0) {
          prtall = 1;
        } else if (strncasecmp(*argv, "-X", 2) == 0) {
          prtsep = 1;
        } else if (strncasecmp(*argv, "-T", 2) == 0) {
@@ -161,6 +163,18 @@ int main(int argc, char *argv[])
    if((CURLE_OK == res) && (val>0))
      printf("Average download speed: %0.3f kbyte/sec.\n", val / 1024);
    if (prtall) {
      /* check for name resolution time */
      res = curl_easy_getinfo(curl_handle, CURLINFO_NAMELOOKUP_TIME, &val);
      if((CURLE_OK == res) && (val>0))
        printf("Name lookup time: %0.3f sec.\n", val);
      /* check for connect time */
      res = curl_easy_getinfo(curl_handle, CURLINFO_CONNECT_TIME, &val);
      if((CURLE_OK == res) && (val>0))
        printf("Connect time: %0.3f sec.\n", val);
    }
  } else {
    fprintf(stderr, "Error while fetching '%s' : %s\n",
            url, curl_easy_strerror(res));
--- a/docs/examples/getinmemory.c
+++ b/docs/examples/getinmemory.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -42,10 +42,10 @@ WriteMemoryCallback(void *contents, size_t size, size_t nmemb, void *userp)
  struct MemoryStruct *mem = (struct MemoryStruct *)userp;
  mem->memory = realloc(mem->memory, mem->size + realsize + 1);
-  if (mem->memory == NULL) {
+  if(mem->memory == NULL) {
    /* out of memory! */
    printf("not enough memory (realloc returned NULL)\n");
-    exit(EXIT_FAILURE);
+    return 0;
  }
  memcpy(&(mem->memory[mem->size]), contents, realsize);
@@ -59,6 +59,7 @@ WriteMemoryCallback(void *contents, size_t size, size_t nmemb, void *userp)
 int main(void)
 {
  CURL *curl_handle;
  CURLcode res;
  struct MemoryStruct chunk;
@@ -84,24 +85,27 @@ int main(void)
  curl_easy_setopt(curl_handle, CURLOPT_USERAGENT, "libcurl-agent/1.0");
  /* get it! */
-  curl_easy_perform(curl_handle);
+  res = curl_easy_perform(curl_handle);
  /* check for errors */
  if(res != CURLE_OK) {
    fprintf(stderr, "curl_easy_perform() failed: %s\n",
            curl_easy_strerror(res));
  }
  else {
    /*
     * Now, our chunk.memory points to a memory block that is chunk.size
     * bytes big and contains the remote file.
     *
     * Do something nice with it!
     */
    printf("%lu bytes retrieved\n", (long)chunk.size);
  }
  /* cleanup curl stuff */
  curl_easy_cleanup(curl_handle);
  /*
   * Now, our chunk.memory points to a memory block that is chunk.size
   * bytes big and contains the remote file.
   *
   * Do something nice with it!
   *
   * You should be aware of the fact that at this point we might have an
   * allocated data block, and nothing has yet deallocated that data. So when
   * you're done with it, you should free() it as a nice application.
   */
  printf("%lu bytes retrieved\n", (long)chunk.size);
  if(chunk.memory)
    free(chunk.memory);
--- a/docs/examples/hiperfifo.c
+++ b/docs/examples/hiperfifo.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -24,7 +24,7 @@
 Written by Jeff Pohlmeyer
-Requires libevent and a (POSIX?) system that has mkfifo().
+Requires libevent version 2 and a (POSIX?) system that has mkfifo().
 This is an adaptation of libcurl's "hipev.c" and libevent's "event-test.c"
 sample programs.
@@ -61,7 +61,7 @@ callback.
 #include <unistd.h>
 #include <sys/poll.h>
 #include <curl/curl.h>
-#include <event.h>
+#include <event2/event.h>
 #include <fcntl.h>
 #include <sys/stat.h>
 #include <errno.h>
@@ -71,9 +71,11 @@ callback.
 /* Global information, common to all connections */
-typedef struct _GlobalInfo {
+typedef struct _GlobalInfo
-  struct event fifo_event;
+{
-  struct event timer_event;
+  struct event_base *evbase;
  struct event *fifo_event;
  struct event *timer_event;
  CURLM *multi;
  int still_running;
  FILE* input;
@@ -81,7 +83,8 @@ typedef struct _GlobalInfo {
 /* Information associated with a specific easy handle */
-typedef struct _ConnInfo {
+typedef struct _ConnInfo
 {
  CURL *easy;
  char *url;
  GlobalInfo *global;
@@ -90,12 +93,13 @@ typedef struct _ConnInfo {
 /* Information associated with a specific socket */
-typedef struct _SockInfo {
+typedef struct _SockInfo
 {
  curl_socket_t sockfd;
  CURL *easy;
  int action;
  long timeout;
-  struct event ev;
+  struct event *ev;
  int evset;
  GlobalInfo *global;
 } SockInfo;
@@ -111,7 +115,7 @@ static int multi_timer_cb(CURLM *multi, long timeout_ms, GlobalInfo *g)
  timeout.tv_sec = timeout_ms/1000;
  timeout.tv_usec = (timeout_ms%1000)*1000;
  fprintf(MSG_OUT, "multi_timer_cb: Setting timeout to %ld ms\n", timeout_ms);
-  evtimer_add(&g->timer_event, &timeout);
+  evtimer_add(g->timer_event, &timeout);
  return 0;
 }
@@ -186,8 +190,8 @@ static void event_cb(int fd, short kind, void *userp)
  check_multi_info(g);
  if ( g->still_running <= 0 ) {
    fprintf(MSG_OUT, "last transfer done, kill timeout\n");
-    if (evtimer_pending(&g->timer_event, NULL)) {
+    if (evtimer_pending(g->timer_event, NULL)) {
-      evtimer_del(&g->timer_event);
+      evtimer_del(g->timer_event);
    }
  }
 }
@@ -215,7 +219,7 @@ static void remsock(SockInfo *f)
 {
  if (f) {
    if (f->evset)
-      event_del(&f->ev);
+      event_free(f->ev);
    free(f);
  }
 }
@@ -232,16 +236,17 @@ static void setsock(SockInfo*f, curl_socket_t s, CURL*e, int act, GlobalInfo*g)
  f->action = act;
  f->easy = e;
  if (f->evset)
-    event_del(&f->ev);
+    event_free(f->ev);
-  event_set(&f->ev, f->sockfd, kind, event_cb, g);
+  f->ev = event_new(g->evbase, f->sockfd, kind, event_cb, g);
-  f->evset=1;
+  f->evset = 1;
-  event_add(&f->ev, NULL);
+  event_add(f->ev, NULL);
 }
 /* Initialize a new SockInfo structure */
-static void addsock(curl_socket_t s, CURL *easy, int action, GlobalInfo *g) {
+static void addsock(curl_socket_t s, CURL *easy, int action, GlobalInfo *g)
 {
  SockInfo *fdp = calloc(sizeof(SockInfo), 1);
  fdp->global = g;
@@ -359,10 +364,10 @@ static void fifo_cb(int fd, short event, void *arg)
 }
 /* Create a named pipe and tell libevent to monitor it */
 static const char *fifo = "hiper.fifo";
 static int init_fifo (GlobalInfo *g)
 {
  struct stat st;
  static const char *fifo = "hiper.fifo";
  curl_socket_t sockfd;
  fprintf(MSG_OUT, "Creating named pipe \"%s\"\n", fifo);
@@ -386,11 +391,18 @@ static int init_fifo (GlobalInfo *g)
  g->input = fdopen(sockfd, "r");
  fprintf(MSG_OUT, "Now, pipe some URL's into > %s\n", fifo);
-  event_set(&g->fifo_event, sockfd, EV_READ | EV_PERSIST, fifo_cb, g);
+  g->fifo_event = event_new(g->evbase, sockfd, EV_READ|EV_PERSIST, fifo_cb, g);
-  event_add(&g->fifo_event, NULL);
+  event_add(g->fifo_event, NULL);
  return (0);
 }
 static void clean_fifo(GlobalInfo *g)
 {
    event_free(g->fifo_event);
    fclose(g->input);
    unlink(fifo);
 }
 int main(int argc, char **argv)
 {
  GlobalInfo g;
@@ -398,10 +410,10 @@ int main(int argc, char **argv)
  (void)argv;
  memset(&g, 0, sizeof(GlobalInfo));
-  event_init();
+  g.evbase = event_base_new();
  init_fifo(&g);
  g.multi = curl_multi_init();
-  evtimer_set(&g.timer_event, timer_cb, &g);
+  g.timer_event = evtimer_new(g.evbase, timer_cb, &g);
  /* setup the generic multi interface options we want */
  curl_multi_setopt(g.multi, CURLMOPT_SOCKETFUNCTION, sock_cb);
@@ -412,7 +424,13 @@ int main(int argc, char **argv)
  /* we don't call any curl_multi_socket*() function yet as we have no handles
     added! */
-  event_dispatch();
+  event_base_dispatch(g.evbase);
  /* this, of course, won't get called since only way to stop this program is
     via ctrl-C, but it is here to show how cleanup /would/ be done. */
  clean_fifo(&g);
  event_free(g.timer_event);
  event_base_free(g.evbase);
  curl_multi_cleanup(g.multi);
  return 0;
 }
--- a/docs/examples/htmltitle.cpp
+++ b/docs/examples/htmltitle.cpp
@@ -25,7 +25,7 @@
 //
 // GNU C++ compile command line suggestion (edit paths accordingly):
 //
-// g++ -Wall -I/opt/curl/include -I/opt/libxml/include/libxml2 htmltitle.cc \
+// g++ -Wall -I/opt/curl/include -I/opt/libxml/include/libxml2 htmltitle.cpp \
 // -o htmltitle -L/opt/curl/lib -L/opt/libxml/lib -lcurl -lxml2
 #include <stdio.h>
--- a/docs/examples/multi-single.c
+++ b/docs/examples/multi-single.c
@@ -41,6 +41,8 @@ int main(void)
  int still_running; /* keep number of running handles */
  curl_global_init(CURL_GLOBAL_DEFAULT);
  http_handle = curl_easy_init();
  /* set the options (I left out a few, you'll get the point anyway) */
@@ -108,9 +110,13 @@ int main(void)
    }
  } while(still_running);
-  curl_multi_cleanup(multi_handle);
+  curl_multi_remove_handle(multi_handle, http_handle);
  curl_easy_cleanup(http_handle);
  curl_multi_cleanup(multi_handle);
  curl_global_cleanup();
  return 0;
 }
--- a/docs/examples/multi-uv.c
+++ b/docs/examples/multi-uv.c
@@ -0,0 +1,212 @@
 /***************************************************************************
 *                                  _   _ ____  _
 *  Project                     ___| | | |  _ \| |
 *                             / __| | | | |_) | |
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
 * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
 * are also available at http://curl.haxx.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
 * furnished to do so, under the terms of the COPYING file.
 *
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 * KIND, either express or implied.
 *
 ***************************************************************************/
 /* Example application code using the multi socket interface to download
   multiple files at once, but instead of using curl_multi_perform and
   curl_multi_wait, which uses select(), we use libuv.
   It supports epoll, kqueue, etc. on unixes and fast IO completion ports on
   Windows, which means, it should be very fast on all platforms..
   Written by Clemens Gruber, based on an outdated example from uvbook and
   some tests from libuv.
   Requires libuv and (of course) libcurl.
   See http://nikhilm.github.com/uvbook/ for more information on libuv.
 */
 #include <stdio.h>
 #include <stdlib.h>
 #include <uv.h>
 #include <curl/curl.h>
 uv_loop_t *loop;
 CURLM *curl_handle;
 uv_timer_t timeout;
 typedef struct curl_context_s {
  uv_poll_t poll_handle;
  curl_socket_t sockfd;
 } curl_context_t;
 curl_context_t* create_curl_context(curl_socket_t sockfd)
 {
  curl_context_t *context;
  context = (curl_context_t *) malloc(sizeof *context);
  context->sockfd = sockfd;
  uv_poll_init_socket(loop, &context->poll_handle, sockfd);
  context->poll_handle.data = context;
  return context;
 }
 void curl_close_cb(uv_handle_t *handle)
 {
  curl_context_t* context = (curl_context_t*) handle->data;
  free(context);
 }
 void destroy_curl_context(curl_context_t *context)
 {
  uv_close((uv_handle_t*) &context->poll_handle, curl_close_cb);
 }
 void add_download(const char *url, int num)
 {
  char filename[50];
  FILE *file;
  CURL *handle;
  sprintf(filename, "%d.download", num);
  file = fopen(filename, "w");
  if (file == NULL) {
    fprintf(stderr, "Error opening %s\n", filename);
    return;
  }
  handle = curl_easy_init();
  curl_easy_setopt(handle, CURLOPT_WRITEDATA, file);
  curl_easy_setopt(handle, CURLOPT_URL, url);
  curl_multi_add_handle(curl_handle, handle);
  fprintf(stderr, "Added download %s -> %s\n", url, filename);
 }
 void curl_perform(uv_poll_t *req, int status, int events)
 {
  int running_handles;
  int flags = 0;
  curl_context_t *context;
  char *done_url;
  CURLMsg *message;
  int pending;
  uv_timer_stop(&timeout);
  if (events & UV_READABLE)
    flags |= CURL_CSELECT_IN;
  if (events & UV_WRITABLE)
    flags |= CURL_CSELECT_OUT;
  context = (curl_context_t*)req;
  curl_multi_socket_action(curl_handle, context->sockfd, flags,
                           &running_handles);
  while ((message = curl_multi_info_read(curl_handle, &pending))) {
    switch (message->msg) {
    case CURLMSG_DONE:
      curl_easy_getinfo(message->easy_handle, CURLINFO_EFFECTIVE_URL,
                        &done_url);
      printf("%s DONE\n", done_url);
      curl_multi_remove_handle(curl_handle, message->easy_handle);
      curl_easy_cleanup(message->easy_handle);
      break;
    default:
      fprintf(stderr, "CURLMSG default\n");
      abort();
    }
  }
 }
 void on_timeout(uv_timer_t *req, int status)
 {
  int running_handles;
  curl_multi_socket_action(curl_handle, CURL_SOCKET_TIMEOUT, 0,
                           &running_handles);
 }
 void start_timeout(CURLM *multi, long timeout_ms, void *userp)
 {
  if (timeout_ms <= 0)
    timeout_ms = 1; /* 0 means directly call socket_action, but we'll do it in
                       a bit */
  uv_timer_start(&timeout, on_timeout, timeout_ms, 0);
 }
 int handle_socket(CURL *easy, curl_socket_t s, int action, void *userp,
                  void *socketp)
 {
  curl_context_t *curl_context;
  if (action == CURL_POLL_IN || action == CURL_POLL_OUT) {
    if (socketp) {
      curl_context = (curl_context_t*) socketp;
    }
    else {
      curl_context = create_curl_context(s);
    }
    curl_multi_assign(curl_handle, s, (void *) curl_context);
  }
  switch (action) {
  case CURL_POLL_IN:
    uv_poll_start(&curl_context->poll_handle, UV_READABLE, curl_perform);
    break;
  case CURL_POLL_OUT:
    uv_poll_start(&curl_context->poll_handle, UV_WRITABLE, curl_perform);
    break;
  case CURL_POLL_REMOVE:
    if (socketp) {
      uv_poll_stop(&((curl_context_t*)socketp)->poll_handle);
      destroy_curl_context((curl_context_t*) socketp);
      curl_multi_assign(curl_handle, s, NULL);
    }
    break;
  default:
    abort();
  }
  return 0;
 }
 int main(int argc, char **argv)
 {
  loop = uv_default_loop();
  if (argc <= 1)
    return 0;
  if (curl_global_init(CURL_GLOBAL_ALL)) {
    fprintf(stderr, "Could not init cURL\n");
    return 1;
  }
  uv_timer_init(loop, &timeout);
  curl_handle = curl_multi_init();
  curl_multi_setopt(curl_handle, CURLMOPT_SOCKETFUNCTION, handle_socket);
  curl_multi_setopt(curl_handle, CURLMOPT_TIMERFUNCTION, start_timeout);
  while (argc-- > 1) {
    add_download(argv[argc], argc);
  }
  uv_run(loop, UV_RUN_DEFAULT);
  curl_multi_cleanup(curl_handle);
  return 0;
 }
--- a/docs/examples/postinmemory.c
+++ b/docs/examples/postinmemory.c
@@ -0,0 +1,111 @@
 /***************************************************************************
 *                                  _   _ ____  _
 *  Project                     ___| | | |  _ \| |
 *                             / __| | | | |_) | |
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
 * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
 * are also available at http://curl.haxx.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
 * furnished to do so, under the terms of the COPYING file.
 *
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 * KIND, either express or implied.
 *
 ***************************************************************************/
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <curl/curl.h>
 struct MemoryStruct {
  char *memory;
  size_t size;
 };
 static size_t
 WriteMemoryCallback(void *contents, size_t size, size_t nmemb, void *userp)
 {
  size_t realsize = size * nmemb;
  struct MemoryStruct *mem = (struct MemoryStruct *)userp;
  mem->memory = realloc(mem->memory, mem->size + realsize + 1);
  if(mem->memory == NULL) {
    /* out of memory! */
    printf("not enough memory (realloc returned NULL)\n");
    return 0;
  }
  memcpy(&(mem->memory[mem->size]), contents, realsize);
  mem->size += realsize;
  mem->memory[mem->size] = 0;
  return realsize;
 }
 int main(void)
 {
  CURL *curl;
  CURLcode res;
  struct MemoryStruct chunk;
  static const char *postthis="Field=1&Field=2&Field=3";
  chunk.memory = malloc(1);  /* will be grown as needed by realloc above */
  chunk.size = 0;    /* no data at this point */
  curl_global_init(CURL_GLOBAL_ALL);
  curl = curl_easy_init();
  if(curl) {
    curl_easy_setopt(curl, CURLOPT_URL, "http://www.example.org/");
    /* send all data to this function  */
    curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, WriteMemoryCallback);
    /* we pass our 'chunk' struct to the callback function */
    curl_easy_setopt(curl, CURLOPT_WRITEDATA, (void *)&chunk);
    /* some servers don't like requests that are made without a user-agent
       field, so we provide one */
    curl_easy_setopt(curl, CURLOPT_USERAGENT, "libcurl-agent/1.0");
    curl_easy_setopt(curl, CURLOPT_POSTFIELDS, postthis);
    /* if we don't provide POSTFIELDSIZE, libcurl will strlen() by
       itself */
    curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, (long)strlen(postthis));
    /* Perform the request, res will get the return code */
    res = curl_easy_perform(curl);
    /* Check for errors */
    if(res != CURLE_OK) {
      fprintf(stderr, "curl_easy_perform() failed: %s\n",
              curl_easy_strerror(res));
    }
    else {
      /*
       * Now, our chunk.memory points to a memory block that is chunk.size
       * bytes big and contains the remote file.
       *
       * Do something nice with it!
       */
      printf("%s\n",chunk.memory);
    }
    /* always cleanup */
    curl_easy_cleanup(curl);
    if(chunk.memory)
      free(chunk.memory);
    /* we're done with libcurl, so clean it up */
    curl_global_cleanup();
  }
  return 0;
 }
--- a/docs/examples/progressfunc.c
+++ b/docs/examples/progressfunc.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -30,9 +30,10 @@ struct myprogress {
  CURL *curl;
 };
-static int progress(void *p,
+/* this is how the CURLOPT_XFERINFOFUNCTION callback works */
-                    double dltotal, double dlnow,
+static int xferinfo(void *p,
-                    double ultotal, double ulnow)
+                    curl_off_t dltotal, curl_off_t dlnow,
                    curl_off_t ultotal, curl_off_t ulnow)
 {
  struct myprogress *myp = (struct myprogress *)p;
  CURL *curl = myp->curl;
@@ -48,7 +49,9 @@ static int progress(void *p,
    fprintf(stderr, "TOTAL TIME: %f \r\n", curtime);
  }
-  fprintf(stderr, "UP: %g of %g  DOWN: %g of %g\r\n",
+  fprintf(stderr, "UP: %" CURL_FORMAT_CURL_OFF_T " of %" CURL_FORMAT_CURL_OFF_T
          "  DOWN: %" CURL_FORMAT_CURL_OFF_T " of %" CURL_FORMAT_CURL_OFF_T
          "\r\n",
          ulnow, ultotal, dlnow, dltotal);
  if(dlnow > STOP_DOWNLOAD_AFTER_THIS_MANY_BYTES)
@@ -56,6 +59,19 @@ static int progress(void *p,
  return 0;
 }
 /* for libcurl older than 7.32.0 (CURLOPT_PROGRESSFUNCTION) */
 static int older_progress(void *p,
                          double dltotal, double dlnow,
                          double ultotal, double ulnow)
 {
  return xferinfo(p,
                  (curl_off_t)dltotal,
                  (curl_off_t)dlnow,
                  (curl_off_t)ultotal,
                  (curl_off_t)ulnow);
 }
 int main(void)
 {
  CURL *curl;
@@ -68,9 +84,28 @@ int main(void)
    prog.curl = curl;
    curl_easy_setopt(curl, CURLOPT_URL, "http://example.com/");
-    curl_easy_setopt(curl, CURLOPT_PROGRESSFUNCTION, progress);
+
    curl_easy_setopt(curl, CURLOPT_PROGRESSFUNCTION, older_progress);
    /* pass the struct pointer into the progress function */
    curl_easy_setopt(curl, CURLOPT_PROGRESSDATA, &prog);
 #if LIBCURL_VERSION_NUM >= 0x072000
    /* xferinfo was introduced in 7.32.0, no earlier libcurl versions will
       compile as they won't have the symbols around.
       If built with a newer libcurl, but running with an older libcurl:
       curl_easy_setopt() will fail in run-time trying to set the new
       callback, making the older callback get used.
       New libcurls will prefer the new callback and instead use that one even
       if both callbacks are set. */
    curl_easy_setopt(curl, CURLOPT_XFERINFOFUNCTION, xferinfo);
    /* pass the struct pointer into the xferinfo function, note that this is
       an alias to CURLOPT_PROGRESSDATA */
    curl_easy_setopt(curl, CURLOPT_XFERINFODATA, &prog);
 #endif
    curl_easy_setopt(curl, CURLOPT_NOPROGRESS, 0L);
    res = curl_easy_perform(curl);
--- a/docs/examples/sepheaders.c
+++ b/docs/examples/sepheaders.c
@@ -54,23 +54,22 @@ int main(void)
  curl_easy_setopt(curl_handle, CURLOPT_WRITEFUNCTION, write_data);
  /* open the files */
-  headerfile = fopen(headerfilename,"w");
+  headerfile = fopen(headerfilename,"wb");
  if (headerfile == NULL) {
    curl_easy_cleanup(curl_handle);
    return -1;
  }
-  bodyfile = fopen(bodyfilename,"w");
+  bodyfile = fopen(bodyfilename,"wb");
  if (bodyfile == NULL) {
    curl_easy_cleanup(curl_handle);
    return -1;
  }
-  /* we want the headers to this file handle */
+  /* we want the headers be written to this file handle */
  curl_easy_setopt(curl_handle,   CURLOPT_WRITEHEADER, headerfile);
-  /*
+  /* we want the body be written to this file handle instead of stdout */
-   * Notice here that if you want the actual data sent anywhere else but
+  curl_easy_setopt(curl_handle,   CURLOPT_WRITEDATA, bodyfile);
   * stdout, you should consider using the CURLOPT_WRITEDATA option.  */
  /* get it! */
  curl_easy_perform(curl_handle);
@@ -78,6 +77,9 @@ int main(void)
  /* close the header file */
  fclose(headerfile);
  /* close the body file */
  fclose(bodyfile);
  /* cleanup curl stuff */
  curl_easy_cleanup(curl_handle);
--- a/docs/examples/usercertinmem.c
+++ b/docs/examples/usercertinmem.c
@@ -0,0 +1,211 @@
 /***************************************************************************
 *                                  _   _ ____  _
 *  Project                     ___| | | |  _ \| |
 *                             / __| | | | |_) | |
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
 * Copyright (C) 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
 * are also available at http://curl.haxx.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
 * furnished to do so, under the terms of the COPYING file.
 *
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 * KIND, either express or implied.
 *
 ***************************************************************************/
 /* Example using an in memory PEM user certificate and RSA key to retrieve an
 * https page.
 * Written by Ishan SinghLevett, based on Theo Borm's cacertinmem.c.
 * Note this example does not use a CA certificate, however one should be used
 * if you want a properly secure connection
 */
 #include <openssl/ssl.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <curl/curl.h>
 #include <stdio.h>
 static size_t writefunction(void *ptr, size_t size, size_t nmemb, void *stream)
 {
  fwrite(ptr,size,nmemb,stream);
  return(nmemb*size);
 }
 static CURLcode sslctx_function(CURL *curl, void *sslctx, void *parm)
 {
  X509 *cert = NULL;
  BIO *bio = NULL;
  BIO *kbio = NULL;
  RSA *rsa = NULL;
  int ret;
  const char *mypem = /* www.cacert.org */
    "-----BEGIN CERTIFICATE-----\n"\
    "MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290\n"\
    "IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB\n"\
    "IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA\n"\
    "Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO\n"\
    "BgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEi\n"\
    "MCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJ\n"\
    "ARYSc3VwcG9ydEBjYWNlcnQub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC\n"\
    "CgKCAgEAziLA4kZ97DYoB1CW8qAzQIxL8TtmPzHlawI229Z89vGIj053NgVBlfkJ\n"\
    "8BLPRoZzYLdufujAWGSuzbCtRRcMY/pnCujW0r8+55jE8Ez64AO7NV1sId6eINm6\n"\
    "zWYyN3L69wj1x81YyY7nDl7qPv4coRQKFWyGhFtkZip6qUtTefWIonvuLwphK42y\n"\
    "fk1WpRPs6tqSnqxEQR5YYGUFZvjARL3LlPdCfgv3ZWiYUQXw8wWRBB0bF4LsyFe7\n"\
    "w2t6iPGwcswlWyCR7BYCEo8y6RcYSNDHBS4CMEK4JZwFaz+qOqfrU0j36NK2B5jc\n"\
    "G8Y0f3/JHIJ6BVgrCFvzOKKrF11myZjXnhCLotLddJr3cQxyYN/Nb5gznZY0dj4k\n"\
    "epKwDpUeb+agRThHqtdB7Uq3EvbXG4OKDy7YCbZZ16oE/9KTfWgu3YtLq1i6L43q\n"\
    "laegw1SJpfvbi1EinbLDvhG+LJGGi5Z4rSDTii8aP8bQUWWHIbEZAWV/RRyH9XzQ\n"\
    "QUxPKZgh/TMfdQwEUfoZd9vUFBzugcMd9Zi3aQaRIt0AUMyBMawSB3s42mhb5ivU\n"\
    "fslfrejrckzzAeVLIL+aplfKkQABi6F1ITe1Yw1nPkZPcCBnzsXWWdsC4PDSy826\n"\
    "YreQQejdIOQpvGQpQsgi3Hia/0PsmBsJUUtaWsJx8cTLc6nloQsCAwEAAaOCAc4w\n"\
    "ggHKMB0GA1UdDgQWBBQWtTIb1Mfz4OaO873SsDrusjkY0TCBowYDVR0jBIGbMIGY\n"\
    "gBQWtTIb1Mfz4OaO873SsDrusjkY0aF9pHsweTEQMA4GA1UEChMHUm9vdCBDQTEe\n"\
    "MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0\n"\
    "IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2Vy\n"\
    "dC5vcmeCAQAwDwYDVR0TAQH/BAUwAwEB/zAyBgNVHR8EKzApMCegJaAjhiFodHRw\n"\
    "czovL3d3dy5jYWNlcnQub3JnL3Jldm9rZS5jcmwwMAYJYIZIAYb4QgEEBCMWIWh0\n"\
    "dHBzOi8vd3d3LmNhY2VydC5vcmcvcmV2b2tlLmNybDA0BglghkgBhvhCAQgEJxYl\n"\
    "aHR0cDovL3d3dy5jYWNlcnQub3JnL2luZGV4LnBocD9pZD0xMDBWBglghkgBhvhC\n"\
    "AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQg\n"\
    "b3ZlciB0byBodHRwOi8vd3d3LmNhY2VydC5vcmcwDQYJKoZIhvcNAQEEBQADggIB\n"\
    "ACjH7pyCArpcgBLKNQodgW+JapnM8mgPf6fhjViVPr3yBsOQWqy1YPaZQwGjiHCc\n"\
    "nWKdpIevZ1gNMDY75q1I08t0AoZxPuIrA2jxNGJARjtT6ij0rPtmlVOKTV39O9lg\n"\
    "18p5aTuxZZKmxoGCXJzN600BiqXfEVWqFcofN8CCmHBh22p8lqOOLlQ+TyGpkO/c\n"\
    "gr/c6EWtTZBzCDyUZbAEmXZ/4rzCahWqlwQ3JNgelE5tDlG+1sSPypZt90Pf6DBl\n"\
    "Jzt7u0NDY8RD97LsaMzhGY4i+5jhe1o+ATc7iwiwovOVThrLm82asduycPAtStvY\n"\
    "sONvRUgzEv/+PDIqVPfE94rwiCPCR/5kenHA0R6mY7AHfqQv0wGP3J8rtsYIqQ+T\n"\
    "SCX8Ev2fQtzzxD72V7DX3WnRBnc0CkvSyqD/HMaMyRa+xMwyN2hzXwj7UfdJUzYF\n"\
    "CpUCTPJ5GhD22Dp1nPMd8aINcGeGG7MW9S/lpOt5hvk9C8JzC6WZrG/8Z7jlLwum\n"\
    "GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk\n"\
    "zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW\n"\
    "omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD\n"\
    "-----END CERTIFICATE-----\n";
 /*replace the XXX with the actual RSA key*/
  const char *mykey =
    "-----BEGIN RSA PRIVATE KEY-----\n"\
    "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\n"\
    "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\n"\
    "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\n"\
    "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\n"\
    "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\n"\
    "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\n"\
    "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\n"\
    "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\n"\
    "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\n"\
    "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\n"\
    "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\n"\
    "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\n"\
    "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\n"\
    "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\n"\
    "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\n"\
    "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\n"\
    "-----END RSA PRIVATE KEY-----\n";
  (void)curl; /* avoid warnings */
  (void)parm; /* avoid warnings */
  /* get a BIO */
  bio = BIO_new_mem_buf((char *)mypem, -1);
  if (bio == NULL) {
    printf("BIO_new_mem_buf failed\n");
  }
  /* use it to read the PEM formatted certificate from memory into an X509
   * structure that SSL can use
   */
  cert = PEM_read_bio_X509(bio, NULL, 0, NULL);
  if (cert == NULL) {
    printf("PEM_read_bio_X509 failed...\n");
  }
  /*tell SSL to use the X509 certificate*/
  ret = SSL_CTX_use_certificate((SSL_CTX*)sslctx, cert);
  if (ret != 1) {
    printf("Use certificate failed\n");
  }
  /*create a bio for the RSA key*/
  kbio = BIO_new_mem_buf((char *)mykey, -1);
  if (kbio == NULL) {
    printf("BIO_new_mem_buf failed\n");
  }
  /*read the key bio into an RSA object*/
  rsa = PEM_read_bio_RSAPrivateKey(kbio, NULL, 0, NULL);
  if (rsa == NULL) {
    printf("Failed to create key bio\n");
  }
  /*tell SSL to use the RSA key from memory*/
  ret = SSL_CTX_use_RSAPrivateKey((SSL_CTX*)sslctx, rsa);
  if (ret != 1) {
    printf("Use Key failed\n");
  }
  /* all set to go */
  return CURLE_OK ;
 }
 int main(void)
 {
  CURL *ch;
  CURLcode rv;
  rv = curl_global_init(CURL_GLOBAL_ALL);
  ch = curl_easy_init();
  rv = curl_easy_setopt(ch,CURLOPT_VERBOSE, 0L);
  rv = curl_easy_setopt(ch,CURLOPT_HEADER, 0L);
  rv = curl_easy_setopt(ch,CURLOPT_NOPROGRESS, 1L);
  rv = curl_easy_setopt(ch,CURLOPT_NOSIGNAL, 1L);
  rv = curl_easy_setopt(ch,CURLOPT_WRITEFUNCTION, *writefunction);
  rv = curl_easy_setopt(ch,CURLOPT_WRITEDATA, stdout);
  rv = curl_easy_setopt(ch,CURLOPT_HEADERFUNCTION, *writefunction);
  rv = curl_easy_setopt(ch,CURLOPT_WRITEHEADER, stderr);
  rv = curl_easy_setopt(ch,CURLOPT_SSLCERTTYPE,"PEM");
  /* both VERIFYPEER and VERIFYHOST are set to 0 in this case because there is
     no CA certificate*/
  rv = curl_easy_setopt(ch,CURLOPT_SSL_VERIFYPEER, 0L);
  rv = curl_easy_setopt(ch,CURLOPT_SSL_VERIFYHOST, 0L);
  rv = curl_easy_setopt(ch, CURLOPT_URL, "https://www.example.com/");
  rv = curl_easy_setopt(ch, CURLOPT_SSLKEYTYPE, "PEM");
  /* first try: retrieve page without user certificate and key -> will fail
   */
  rv = curl_easy_perform(ch);
  if (rv==CURLE_OK) {
    printf("*** transfer succeeded ***\n");
  }
  else {
    printf("*** transfer failed ***\n");
  }
  /* second try: retrieve page using user certificate and key -> will succeed
   * load the certificate and key by installing a function doing the necessary
   * "modifications" to the SSL CONTEXT just before link init
   */
  rv = curl_easy_setopt(ch,CURLOPT_SSL_CTX_FUNCTION, *sslctx_function);
  rv = curl_easy_perform(ch);
  if (rv==CURLE_OK) {
    printf("*** transfer succeeded ***\n");
  }
  else {
    printf("*** transfer failed ***\n");
  }
  curl_easy_cleanup(ch);
  curl_global_cleanup();
  return rv;
 }
--- a/docs/examples/xmlstream.c
+++ b/docs/examples/xmlstream.c
@@ -0,0 +1,158 @@
 /***************************************************************************
 *                                  _   _ ____  _
 *  Project                     ___| | | |  _ \| |
 *                             / __| | | | |_) | |
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
 * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
 * are also available at http://curl.haxx.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
 * furnished to do so, under the terms of the COPYING file.
 *
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 * KIND, either express or implied.
 *
 ***************************************************************************/
 /* Stream-parse a document using the streaming Expat parser.
 * Written by David Strauss
 *
 * Expat => http://www.libexpat.org/
 *
 * gcc -Wall -I/usr/local/include xmlstream.c -lcurl -lexpat -o xmlstream
 *
 */
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <assert.h>
 #include <expat.h>
 #include <curl/curl.h>
 struct MemoryStruct {
  char *memory;
  size_t size;
 };
 struct ParserStruct {
  int ok;
  size_t tags;
  size_t depth;
  struct MemoryStruct characters;
 };
 static void startElement(void *userData, const XML_Char *name, const XML_Char **atts)
 {
  struct ParserStruct *state = (struct ParserStruct *) userData;
  state->tags++;
  state->depth++;
  /* Get a clean slate for reading in character data. */
  free(state->characters.memory);
  state->characters.memory = NULL;
  state->characters.size = 0;
 }
 static void characterDataHandler(void *userData, const XML_Char *s, int len)
 {
  struct ParserStruct *state = (struct ParserStruct *) userData;
  struct MemoryStruct *mem = &state->characters;
  mem->memory = realloc(mem->memory, mem->size + len + 1);
  if(mem->memory == NULL) {
    /* Out of memory. */
    fprintf(stderr, "Not enough memory (realloc returned NULL).\n");
    state->ok = 0;
    return;
  }
  memcpy(&(mem->memory[mem->size]), s, len);
  mem->size += len;
  mem->memory[mem->size] = 0;
 }
 static void endElement(void *userData, const XML_Char *name)
 {
  struct ParserStruct *state = (struct ParserStruct *) userData;
  state->depth--;
  printf("%5lu   %10lu   %s\n", state->depth, state->characters.size, name);
 }
 static size_t parseStreamCallback(void *contents, size_t length, size_t nmemb, void *userp)
 {
  XML_Parser parser = (XML_Parser) userp;
  size_t real_size = length * nmemb;
  struct ParserStruct *state = (struct ParserStruct *) XML_GetUserData(parser);
  /* Only parse if we're not already in a failure state. */
  if (state->ok && XML_Parse(parser, contents, real_size, 0) == 0) {
    int error_code = XML_GetErrorCode(parser);
    fprintf(stderr, "Parsing response buffer of length %lu failed with error code %d (%s).\n",
            real_size, error_code, XML_ErrorString(error_code));
    state->ok = 0;
  }
  return real_size;
 }
 int main(void)
 {
  CURL *curl_handle;
  CURLcode res;
  XML_Parser parser;
  struct ParserStruct state;
  /* Initialize the state structure for parsing. */
  memset(&state, 0, sizeof(struct ParserStruct));
  state.ok = 1;
  /* Initialize a namespace-aware parser. */
  parser = XML_ParserCreateNS(NULL, '\0');
  XML_SetUserData(parser, &state);
  XML_SetElementHandler(parser, startElement, endElement);
  XML_SetCharacterDataHandler(parser, characterDataHandler);
  /* Initalize a libcurl handle. */
  curl_global_init(CURL_GLOBAL_ALL ^ CURL_GLOBAL_SSL);
  curl_handle = curl_easy_init();
  curl_easy_setopt(curl_handle, CURLOPT_URL, "http://www.w3schools.com/xml/simple.xml");
  curl_easy_setopt(curl_handle, CURLOPT_WRITEFUNCTION, parseStreamCallback);
  curl_easy_setopt(curl_handle, CURLOPT_WRITEDATA, (void *)parser);
  printf("Depth   Characters   Closing Tag\n");
  /* Perform the request and any follow-up parsing. */
  res = curl_easy_perform(curl_handle);
  if(res != CURLE_OK) {
    fprintf(stderr, "curl_easy_perform() failed: %s\n",
            curl_easy_strerror(res));
  }
  else if (state.ok) {
    /* Expat requires one final call to finalize parsing. */
    if (XML_Parse(parser, NULL, 0, 1) == 0) {
      int error_code = XML_GetErrorCode(parser);
      fprintf(stderr, "Finalizing parsing failed with error code %d (%s).\n",
              error_code, XML_ErrorString(error_code));
    }
    else {
      printf("                     --------------\n");
      printf("                     %lu tags total\n", state.tags);
    }
  }
  /* Clean up. */
  free(state.characters.memory);
  XML_ParserFree(parser);
  curl_easy_cleanup(curl_handle);
  curl_global_cleanup();
  return 0;
 }
--- a/docs/libcurl/curl_easy_getinfo.3
+++ b/docs/libcurl/curl_easy_getinfo.3
@@ -232,7 +232,7 @@ Pass a pointer to a char pointer to receive a pointer to a string holding the
 most recent RTSP Session ID.
 Applications wishing to resume an RTSP session on another connection should
-retreive this info before closing the active connection.
+retrieve this info before closing the active connection.
 .IP CURLINFO_RTSP_CLIENT_CSEQ
 Pass a pointer to a long to receive the next CSeq that will be used by the
 application.
@@ -244,7 +244,7 @@ by the application.
 unimplemented).\fP
 Applications wishing to resume an RTSP session on another connection should
-retreive this info before closing the active connection.
+retrieve this info before closing the active connection.
 .IP CURLINFO_RTSP_CSEQ_RECV
 Pass a pointer to a long to receive the most recently received CSeq from the
 server. If your application encounters a \fICURLE_RTSP_CSEQ_ERROR\fP then you
--- a/docs/libcurl/curl_easy_pause.3
+++ b/docs/libcurl/curl_easy_pause.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -38,8 +38,11 @@ that returns pause signals to the library that it couldn't take care of any
 data at all, and that data will then be delivered again to the callback when
 the writing is later unpaused.
-NOTE: while it may feel tempting, take care and notice that you cannot call
+While it may feel tempting, take care and notice that you cannot call this
-this function from another thread.
+function from another thread. To unpause, you may for example call it from the
 progress callback (see \fIcurl_easy_setopt(3)\fP's
 \fICURLOPT_PROGRESSFUNCTION\fP), which gets called at least once per second,
 even if the connection is paused.
 When this function is called to unpause reading, the chance is high that you
 will get your write callback called before this function returns.
@@ -68,6 +71,18 @@ code means something wrong occurred after the new state was set.  See the
 .SH AVAILABILITY
 This function was added in libcurl 7.18.0. Before this version, there was no
 explicit support for pausing transfers.
 .SH "USAGE WITH THE MULTI-SOCKET INTERFACE"
 Before libcurl 7.32.0, when a specific handle was unpaused with this function,
 there was no particular forced rechecking or similar of the socket's state,
 which made the continuation of the transfer get delayed until next
 multi-socket call invoke or even longer. Alternatively, the user could
 forcibly call for example curl_multi_socket_all(3) - with a rather hefty
 performance penalty.
 Starting in libcurl 7.32.0, unpausing a transfer will schedule a timeout
 trigger for that handle 1 millisecond into the future, so that a
 curl_multi_socket_action( ... CURL_SOCKET_TIMEOUT) can be used immediately
 afterwards to get the transfer going again as desired.
 .SH "MEMORY USE"
 When pausing a read by returning the magic return code from a write callback,
 the read data is already in libcurl's internal buffers so it'll have to keep
--- a/docs/libcurl/curl_easy_setopt.3
+++ b/docs/libcurl/curl_easy_setopt.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -58,7 +58,8 @@ The \fIhandle\fP is the return code from a \fIcurl_easy_init(3)\fP or
 Set the parameter to 1 to get the library to display a lot of verbose
 information about its operations. Very useful for libcurl and/or protocol
 debugging and understanding. The verbose information will be sent to stderr,
-or the stream set with \fICURLOPT_STDERR\fP.
+or the stream set with \fICURLOPT_STDERR\fP. The default value for this
 parameter is 0.
 You hardly ever want this set in production use, you will almost always want
 this when you debug/report problems. Another neat option for debugging is the
@@ -66,11 +67,11 @@ this when you debug/report problems. Another neat option for debugging is the
 .IP CURLOPT_HEADER
 A parameter set to 1 tells the library to include the header in the body
 output. This is only relevant for protocols that actually have headers
-preceding the data (like HTTP).
+preceding the data (like HTTP). The default value for this parameter is 0.
 .IP CURLOPT_NOPROGRESS
 Pass a long. If set to 1, it tells the library to shut off the progress meter
 completely. It will also prevent the \fICURLOPT_PROGRESSFUNCTION\fP from
-getting called.
+getting called. The default value for this parameter is 1.
 Future versions of libcurl are likely to not have any built-in progress meter
 at all.
@@ -79,6 +80,7 @@ Pass a long. If it is 1, libcurl will not use any functions that
 install signal handlers or any functions that cause signals to be sent to the
 process. This option is mainly here to allow multi-threaded unix applications
 to still set/use all timeout options etc, without risking getting signals.
 The default value for this parameter is 0.
 (Added in 7.10)
 If this option is set and libcurl has been built with the standard name
@@ -180,8 +182,9 @@ means 100K.
 .IP CURLOPT_WRITEDATA
 Data pointer to pass to the file write function. If you use the
 \fICURLOPT_WRITEFUNCTION\fP option, this is the pointer you'll get as
-input. If you don't use a callback, you must pass a 'FILE *' as libcurl will
+input. If you don't use a callback, you must pass a 'FILE *' (cast
-pass this to fwrite() when writing data.
+to 'void *') as libcurl will pass this to fwrite() when writing data.
 By default, the value of this parameter is unspecified.
 The internal \fICURLOPT_WRITEFUNCTION\fP will write the data to the FILE *
 given with this option, or to stdout if this option hasn't been set.
@@ -226,7 +229,7 @@ userdata set with \fICURLOPT_READDATA\fP.
 Data pointer to pass to the file read function. If you use the
 \fICURLOPT_READFUNCTION\fP option, this is the pointer you'll get as input. If
 you don't specify a read callback but instead rely on the default internal
-read function, this data must be a valid readable FILE *.
+read function, this data must be a valid readable FILE * (cast to 'void *').
 If you're using libcurl as a win32 DLL, you MUST use a
 \fICURLOPT_READFUNCTION\fP if you set this option.
@@ -240,13 +243,15 @@ gets called by libcurl when something special I/O-related needs to be done
 that the library can't do by itself. For now, rewinding the read data stream
 is the only action it can request. The rewinding of the read data stream may
 be necessary when doing a HTTP PUT or POST with a multi-pass authentication
-method.  (Option added in 7.12.3).
+method. By default, this parameter is set to NULL.  (Option added in 7.12.3).
-Use \fICURLOPT_SEEKFUNCTION\fP instead to provide seeking!
+Use \fICURLOPT_SEEKFUNCTION\fP instead to provide seeking! If
 \fICURLOPT_SEEKFUNCTION\fP is set, this parameter will be ignored when seeking.
 .IP CURLOPT_IOCTLDATA
 Pass a pointer that will be untouched by libcurl and passed as the 3rd
-argument in the ioctl callback set with \fICURLOPT_IOCTLFUNCTION\fP.  (Option
+argument in the ioctl callback set with \fICURLOPT_IOCTLFUNCTION\fP.
-added in 7.12.3)
+By default, the value of this parameter is unspecified.  (Option added in
 7.12.3)
 .IP CURLOPT_SEEKFUNCTION
 Pass a pointer to a function that matches the following prototype: \fBint
 function(void *instream, curl_off_t offset, int origin);\fP This function gets
@@ -255,13 +260,15 @@ used to fast forward a file in a resumed upload (instead of reading all
 uploaded bytes with the normal read function/callback). It is also called to
 rewind a stream when doing a HTTP PUT or POST with a multi-pass authentication
 method. The function shall work like "fseek" or "lseek" and accepted SEEK_SET,
-SEEK_CUR and SEEK_END as argument for origin, although (in 7.18.0) libcurl
+SEEK_CUR and SEEK_END as argument for origin, although libcurl currently only
-only passes SEEK_SET. The callback must return 0 (CURL_SEEKFUNC_OK) on
+passes SEEK_SET. The callback must return 0 (CURL_SEEKFUNC_OK) on success, 1
-success, 1 (CURL_SEEKFUNC_FAIL) to cause the upload operation to fail or 2
+(CURL_SEEKFUNC_FAIL) to cause the upload operation to fail or 2
 (CURL_SEEKFUNC_CANTSEEK) to indicate that while the seek failed, libcurl is
 free to work around the problem if possible. The latter can sometimes be done
 by instead reading from the input or similar.
 By default, this parameter is unset.
 If you forward the input arguments directly to "fseek" or "lseek", note that
 the data type for \fIoffset\fP is not the same as defined for curl_off_t on
 many systems! (Option added in 7.18.0)
@@ -271,7 +278,8 @@ Data pointer to pass to the file seek function. If you use the
 you don't specify a seek callback, NULL is passed. (Option added in 7.18.0)
 .IP CURLOPT_SOCKOPTFUNCTION
 Pass a pointer to a function that matches the following prototype: \fBint
-function(void *clientp, curl_socket_t curlfd, curlsocktype purpose);\fP. This
+function(void *clientp, curl_socket_t curlfd, curlsocktype purpose);\fP. By
 default, this parameter is unset. If set, this
 function gets called by libcurl after the socket() call but before the
 connect() call. The callback's \fIpurpose\fP argument identifies the exact
 purpose for this particular socket:
@@ -293,6 +301,7 @@ in fact already connected and then libcurl will not attempt to connect it.
 .IP CURLOPT_SOCKOPTDATA
 Pass a pointer that will be untouched by libcurl and passed as the first
 argument in the sockopt callback set with \fICURLOPT_SOCKOPTFUNCTION\fP.
 The default value of this parameter is unspecified.
 (Option added in 7.16.0)
 .IP CURLOPT_OPENSOCKETFUNCTION
 Pass a pointer to a function that matches the following prototype:
@@ -317,6 +326,7 @@ blacklisting.  The default behavior is:
 .IP CURLOPT_OPENSOCKETDATA
 Pass a pointer that will be untouched by libcurl and passed as the first
 argument in the opensocket callback set with \fICURLOPT_OPENSOCKETFUNCTION\fP.
 The default value of this parameter is unspecified.
 (Option added in 7.17.1.)
 .IP CURLOPT_CLOSESOCKETFUNCTION
 Pass a pointer to a function that matches the following prototype: \fBint
@@ -328,17 +338,38 @@ success and 1 if there was an error.  (Option added in 7.21.7)
 .IP CURLOPT_CLOSESOCKETDATA
 Pass a pointer that will be untouched by libcurl and passed as the first
 argument in the closesocket callback set with
-\fICURLOPT_CLOSESOCKETFUNCTION\fP.  (Option added in 7.21.7)
+\fICURLOPT_CLOSESOCKETFUNCTION\fP.
 The default value of this parameter is unspecified.
 (Option added in 7.21.7)
 .IP CURLOPT_PROGRESSFUNCTION
-Pass a pointer to a function that matches the following prototype: \fBint
+Pass a pointer to a function that matches the following prototype:
-function(void *clientp, double dltotal, double dlnow, double ultotal, double
+
-ulnow); \fP. This function gets called by libcurl instead of its internal
+\fBint function(void *clientp, double dltotal, double dlnow, double ultotal,
-equivalent with a frequent interval during operation (roughly once per second
+double ulnow);\fP
-or sooner) no matter if data is being transferred or not.  Unknown/unused
+
-argument values passed to the callback will be set to zero (like if you only
+This function gets called by libcurl instead of its internal equivalent with a
-download data, the upload size will remain 0). Returning a non-zero value from
+frequent interval. While data is being transferred it will be called very
-this callback will cause libcurl to abort the transfer and return
+frequently, and during slow periods like when nothing is being transferred it
-\fICURLE_ABORTED_BY_CALLBACK\fP.
+can slow down to about one call per second.
 \fIclientp\fP is the pointer set with \fICURLOPT_PROGRESSDATA\fP, it is not
 actually used by libcurl but is only passed along from the application to the
 callback.
 The callback gets told how much data libcurl will transfer and has
 transferred, in number of bytes. \fIdltotal\fP is the total number of bytes
 libcurl expects to download in this transfer. \fIdlnow\fP is the number of
 bytes downloaded so far. \fIultotal\fP is the total number of bytes libcurl
 expects to upload in this transfer. \fIulnow\fP is the number of bytes
 uploaded so far.
 Unknown/unused argument values passed to the callback will be set to zero
 (like if you only download data, the upload size will remain 0). Many times
 the callback will be called one or more times first, before it knows the data
 sizes so a program must be made to handle that.
 Returning a non-zero value from this callback will cause libcurl to abort the
 transfer and return \fICURLE_ABORTED_BY_CALLBACK\fP.
 If you transfer data with the multi interface, this function will not be
 called during periods of idleness unless you call the appropriate libcurl
@@ -346,9 +377,54 @@ function that performs transfers.
 \fICURLOPT_NOPROGRESS\fP must be set to 0 to make this function actually
 get called.
 .IP CURLOPT_XFERINFOFUNCTION
 Pass a pointer to a function that matches the following prototype:
 .nf
 \fBint function(void *clientp, curl_off_t dltotal, curl_off_t dlnow,
                curl_off_t ultotal, curl_off_t ulnow);\fP
 .fi
 This function gets called by libcurl instead of its internal equivalent with a
 frequent interval. While data is being transferred it will be called very
 frequently, and during slow periods like when nothing is being transferred it
 can slow down to about one call per second.
 \fIclientp\fP is the pointer set with \fICURLOPT_XFERINFODATA\fP, it is only
 passed along from the application to the callback.
 The callback gets told how much data libcurl will transfer and has
 transferred, in number of bytes. \fIdltotal\fP is the total number of bytes
 libcurl expects to download in this transfer. \fIdlnow\fP is the number of
 bytes downloaded so far. \fIultotal\fP is the total number of bytes libcurl
 expects to upload in this transfer. \fIulnow\fP is the number of bytes
 uploaded so far.
 Unknown/unused argument values passed to the callback will be set to zero
 (like if you only download data, the upload size will remain 0). Many times
 the callback will be called one or more times first, before it knows the data
 sizes so a program must be made to handle that.
 Returning a non-zero value from this callback will cause libcurl to abort the
 transfer and return \fICURLE_ABORTED_BY_CALLBACK\fP.
 If you transfer data with the multi interface, this function will not be
 called during periods of idleness unless you call the appropriate libcurl
 function that performs transfers.
 \fICURLOPT_NOPROGRESS\fP must be set to 0 to make this function actually
 get called.
 (Added in 7.32.0)
 .IP CURLOPT_PROGRESSDATA
 Pass a pointer that will be untouched by libcurl and passed as the first
 argument in the progress callback set with \fICURLOPT_PROGRESSFUNCTION\fP.
 The default value of this parameter is unspecified.
 .IP CURLOPT_XFERINFODATA
 Pass a pointer that will be untouched by libcurl and passed as the first
 argument in the progress callback set with \fICURLOPT_XFERINFOFUNCTION\fP.
 The default value of this parameter is unspecified. This option is an alias
 for CURLOPT_PROGRESSDATA. (Added in 7.32.0)
 .IP CURLOPT_HEADERFUNCTION
 Pass a pointer to a function that matches the following prototype:
 \fBsize_t function( void *ptr, size_t size, size_t nmemb, void
@@ -607,12 +683,20 @@ scheme://host:port/path
 For a greater explanation of the format please see RFC3986.
-If the given URL lacks the scheme, or protocol, part ("http://" or "ftp://"
+If the given URL lacks the scheme (such as "http://" or "ftp://" etc) then
-etc), libcurl will attempt to resolve which protocol to use based on the
+libcurl will attempt to resolve the protocol based on one of the following
-given host mame. If the protocol is not supported, libcurl will return
+given host names:
-(\fICURLE_UNSUPPORTED_PROTOCOL\fP) when you call \fIcurl_easy_perform(3)\fP
+
-or \fIcurl_multi_perform(3)\fP. Use \fIcurl_version_info(3)\fP for detailed
+HTTP, FTP, DICT, LDAP, IMAP, POP3 or SMTP
-information on which protocols are supported.
+
 (POP3 and SMTP added in 7.31.0)
 Should the protocol, either that specified by the scheme or deduced by libcurl
 from the host name, not be supported by libcurl then
 (\fICURLE_UNSUPPORTED_PROTOCOL\fP) will be returned from either the
 \fIcurl_easy_perform(3)\fP or \fIcurl_multi_perform(3)\fP functions when you
 call them. Use \fIcurl_version_info(3)\fP for detailed information of which
 protocols are supported by the build of libcurl you are using.
 The host part of the URL contains the address of the server that you want to
 connect to. This can be the fully qualified domain name of the server, the
@@ -627,17 +711,23 @@ http://192.168.0.1/
 http://[2001:1890:1112:1::20]/
-It is also possible to specify the user name and password as part of the
+It is also possible to specify the user name, password and any supported login
-host, for some protocols, when connecting to servers that require
+options as part of the host, for the following protocols, when connecting to
-authentication.
+servers that require authentication:
 For example the following types of authentication support this:
 http://user:password@www.example.com
 ftp://user:password@ftp.example.com
-pop3://user:password@mail.example.com
+imap://user:password;options@mail.example.com
 pop3://user:password;options@mail.example.com
 smtp://user:password;options@mail.example.com
 At present only IMAP, POP3 and SMTP support login options as part of the host.
 For more information about the login options in URL syntax please see RFC2384,
 RFC5092 and IETF draft draft-earhart-url-smtp-00.txt (Added in 7.31.0).
 The port is optional and when not specified libcurl will use the default port
 based on the determined or specified protocol: 80 for HTTP, 21 for FTP and 25
@@ -714,12 +804,39 @@ the HELO / EHLO command to the mail server at example.com.
 .B POP3
-The path part of a POP3 request specifies the mailbox (message) to retrieve.
+The path part of a POP3 request specifies the message ID to retrieve. If the
-If the mailbox is not specified then a list of waiting messages is returned
+ID is not specified then a list of waiting messages is returned instead.
 instead.
-pop3://user:password@mail.example.com - This lists the available messages
+pop3://user:password@mail.example.com - This lists the available messages for
-pop3://user:password@mail.example.com/1 - This retrieves the first message
+the user
 pop3://user:password@mail.example.com/1 - This retrieves the first message for
 the user
 .B IMAP
 The path part of an IMAP request not only specifies the mailbox to list (Added
 in 7.30.0) or select, but can also be used to check the UIDVALIDITY of the
 mailbox and to specify the UID and SECTION of the message to fetch (Added in
 7.30.0).
 imap://user:password@mail.example.com - Performs a top level folder list
 imap://user:password@mail.example.com/INBOX - Performs a folder list on the
 user's inbox
 imap://user:password@mail.example.com/INBOX/;UID=1 - Selects the user's inbox
 and fetches message 1
 imap://user:password@mail.example.com/INBOX;UIDVALIDITY=50/;UID=2 - Selects
 the user's inbox, checks the UIDVALIDITY of the mailbox is 50 and fetches
 message 2 if it is
 imap://user:password@mail.example.com/INBOX/;UID=3/;SECTION=TEXT - Selects the
 user's inbox and fetches message 3 with only the text portion of the message
 For more information about the individual components of an IMAP URL please
 see RFC5092.
 .B SCP
@@ -774,6 +891,19 @@ Active Directory server.
 For more information about the individual components of a LDAP URL please
 see RFC4516.
 .B RTMP
 There's no official URL spec for RTMP so libcurl uses the URL syntax supported
 by the underlying librtmp library. It has a syntax where it wants a
 traditional URL, followed by a space and a series of space-separated
 name=value pairs.
 While space is not typically a "legal" letter, libcurl accepts them. When a
 user wants to pass in a '#' (hash) character it will be treated as a fragment
 and get cut off by libcurl if provided literally. You will instead have to
 escape it by providing it as backslash and its ASCII value in hexadecimal:
 "\\23".
 .B NOTES
 Starting with version 7.20.0, the fragment part of the URI will not be sent as
@@ -1000,8 +1130,8 @@ the full path name to the file you want libcurl to use as .netrc file. If this
 option is omitted, and \fICURLOPT_NETRC\fP is set, libcurl will attempt to
 find a .netrc file in the current user's home directory. (Added in 7.10.9)
 .IP CURLOPT_USERPWD
-Pass a char * as parameter, which should be [user name]:[password] to use for
+Pass a char * as parameter, pointing to a zero terminated login details string
-the connection. Use \fICURLOPT_HTTPAUTH\fP to decide the authentication method.
+for the connection. The format of which is: [user name]:[password];[options].
 When using NTLM, you can set the domain by prepending it to the user name and
 separating the domain and name with a forward (/) or backward slash (\\). Like
@@ -1014,10 +1144,18 @@ and password information to hosts using the initial host name (unless
 \fICURLOPT_UNRESTRICTED_AUTH\fP is set), so if libcurl follows locations to
 other hosts it will not send the user and password to those. This is enforced
 to prevent accidental information leakage.
 At present only IMAP, POP3 and SMTP support login options as part of the
 details string. For more information about the login options please see
 RFC2384, RFC5092 and IETF draft draft-earhart-url-smtp-00.txt (Added in 7.31.0).
 Use \fICURLOPT_HTTPAUTH\fP to specify the authentication method for HTTP based
 connections.
 .IP CURLOPT_PROXYUSERPWD
 Pass a char * as parameter, which should be [user name]:[password] to use for
-the connection to the HTTP proxy.  Use \fICURLOPT_PROXYAUTH\fP to decide
+the connection to the HTTP proxy.
-the authentication method.
+
 Use \fICURLOPT_PROXYAUTH\fP to specify the authentication method.
 .IP CURLOPT_USERNAME
 Pass a char * as parameter, which should be pointing to the zero terminated
 user name to use for the transfer.
@@ -1094,7 +1232,7 @@ Microsoft. It uses a challenge-response and hash concept similar to Digest, to
 prevent the password from being eavesdropped.
 You need to build libcurl with either OpenSSL, GnuTLS or NSS support for this
-option to work, or build libcurl on Windows.
+option to work, or build libcurl on Windows with SSPI support.
 .IP CURLAUTH_NTLM_WB
 NTLM delegating to winbind helper. Authentication is performed by a separate
 binary application that is executed when needed. The name of the application
@@ -1155,6 +1293,22 @@ actual name and password with the \fICURLOPT_PROXYUSERPWD\fP option. The
 bitmask can be constructed by or'ing together the bits listed above for the
 \fICURLOPT_HTTPAUTH\fP option. As of this writing, only Basic, Digest and NTLM
 work. (Added in 7.10.7)
 .IP CURLOPT_SASL_IR
 Pass a long. If the value is 1, curl will send the initial response to the
 server in the first authentication packet in order to reduce the number of
 ping pong requests. Only applicable to supporting SASL authentication
 mechanisms and to the IMAP, POP3 and SMTP protocols. (Added in 7.31.0)
 Note: Whilst IMAP supports this option there is no need to explicitly set it,
 as libcurl can determine the feature itself when the server supports the
 SASL-IR CAPABILITY.
 .IP CURLOPT_BEARER
 Pass a char * as parameter, which should point to the zero terminated OAUTH
 2.0 Bearer Access Token for use with IMAP. POP3 and SMTP servers that support
 the OAUTH 2.0 Authorization Framework. (Added in 7.33.0)
 Note: The user name used to generate the Bearer Token should be supplied via
 the \fICURLOPT_USERNAME\fP option.
 .SH HTTP OPTIONS
 .IP CURLOPT_AUTOREFERER
 Pass a parameter set to 1 to enable this. When enabled, libcurl will
@@ -1352,10 +1506,12 @@ internally, your added one will be used instead. If you add a header with no
 content as in 'Accept:' (no data on the right side of the colon), the
 internally used header will get disabled. Thus, using this option you can add
 new headers, replace internal headers and remove internal headers. To add a
-header with no content, make the content be two quotes: \&"". The headers
+header with no content (nothing to the right side of the colon), use the
-included in the linked list must not be CRLF-terminated, because curl adds
+form 'MyHeader;' (note the ending semicolon).
-CRLF after each header item. Failure to comply with this will result in
+
-strange bugs because the server will most likely ignore part of the headers
+The headers included in the linked list must not be CRLF-terminated, because
 curl adds CRLF after each header item. Failure to comply with this will result
 in strange bugs because the server will most likely ignore part of the headers
 you specified.
 The first line in a request (containing the method, usually a GET or POST) is
@@ -1445,7 +1601,7 @@ to GET. Usable if a POST, HEAD, PUT, or a custom request has been used
 previously using the same curl handle.
 When setting \fICURLOPT_HTTPGET\fP to 1, it will automatically set
-\fICURLOPT_NOBODY\fP to 0 (since 7.14.1).
+\fICURLOPT_NOBODY\fP to 0 and \fICURLOPT_UPLOAD\fP to 0.
 .IP CURLOPT_HTTP_VERSION
 Pass a long, set to one of the values described below. They force libcurl to
 use the specific HTTP versions. This is not sensible to do unless you have a
@@ -1468,8 +1624,8 @@ connection. (added in 7.14.1)
 .IP CURLOPT_HTTP_CONTENT_DECODING
 Pass a long to tell libcurl how to act on content decoding. If set to zero,
 content decoding will be disabled. If set to 1 it is enabled. Libcurl has no
-default content decoding but requires you to use \fICURLOPT_ENCODING\fP for
+default content decoding but requires you to use \fICURLOPT_ACCEPT_ENCODING\fP
-that. (added in 7.16.2)
+for that. (added in 7.16.2)
 .IP CURLOPT_HTTP_TRANSFER_DECODING
 Pass a long to tell libcurl how to act on transfer decoding. If set to zero,
 transfer decoding will be disabled, if set to 1 it is enabled
@@ -2006,10 +2162,14 @@ In unix-like systems, this might cause signals to be used unless
 Default timeout is 0 (zero) which means it never times out.
 .IP CURLOPT_TIMEOUT_MS
-Like \fICURLOPT_TIMEOUT\fP but takes number of milliseconds instead. If
+An alternative to \fICURLOPT_TIMEOUT\fP but takes number of milliseconds
-libcurl is built to use the standard system name resolver, that portion
+instead. If libcurl is built to use the standard system name resolver, that
-of the transfer will still use full-second resolution for timeouts with
+portion of the transfer will still use full-second resolution for timeouts
-a minimum timeout allowed of one second.
+with a minimum timeout allowed of one second.
 If both \fICURLOPT_TIMEOUT\fP and \fICURLOPT_TIMEOUT_MS\fP are set, the value
 set last will be used.
 (Added in 7.16.2)
 .IP CURLOPT_LOW_SPEED_LIMIT
 Pass a long as parameter. It contains the transfer speed in bytes per second
@@ -2155,6 +2315,36 @@ This option requires that libcurl was built with a resolver backend that
 supports this operation. The c-ares backend is the only such one.
 (Added in 7.24.0)
 .IP CURLOPT_DNS_INTERFACE
 Pass a char * as parameter. Set the name of the network interface that
 the DNS resolver should bind to. This must be an interface name (not an
 address). Set this option to NULL to use the default setting (don't
 bind to a specific interface).
 This option requires that libcurl was built with a resolver backend that
 supports this operation. The c-ares backend is the only such one.
 (Added in 7.33.0)
 .IP CURLOPT_DNS_LOCAL_IP4
 Set the local IPv4 address that the resolver should bind to. The argument
 should be of type char * and contain a single IPv4 address as a string.
 Set this option to NULL to use the default setting (don't
 bind to a specific IP address).
 This option requires that libcurl was built with a resolver backend that
 supports this operation. The c-ares backend is the only such one.
 (Added in 7.33.0)
 .IP CURLOPT_DNS_LOCAL_IP6
 Set the local IPv6 address that the resolver should bind to. The argument
 should be of type char * and contain a single IPv6 address as a string.
 Set this option to NULL to use the default setting (don't
 bind to a specific IP address).
 This option requires that libcurl was built with a resolver backend that
 supports this operation. The c-ares backend is the only such one.
 (Added in 7.33.0)
 .IP CURLOPT_ACCEPTTIMEOUT_MS
 Pass a long telling libcurl the maximum number of milliseconds to wait for a
 server to connect back to libcurl when an active FTP connection is used. If no
@@ -2162,20 +2352,28 @@ timeout is set, the internal default of 60000 will be used. (Added in 7.24.0)
 .SH SSL and SECURITY OPTIONS
 .IP CURLOPT_SSLCERT
 Pass a pointer to a zero terminated string as parameter. The string should be
-the file name of your certificate. The default format is "PEM" and can be
+the file name of your certificate. The default format is "P12" on Secure
-changed with \fICURLOPT_SSLCERTTYPE\fP.
+Transport and "PEM" on other engines, and can be changed with
 \fICURLOPT_SSLCERTTYPE\fP.
-With NSS this can also be the nickname of the certificate you wish to
+With NSS or Secure Transport, this can also be the nickname of the certificate
-authenticate with. If you want to use a file from the current directory, please
+you wish to authenticate with as it is named in the security database. If you
-precede it with "./" prefix, in order to avoid confusion with a nickname.
+want to use a file from the current directory, please precede it with "./"
 prefix, in order to avoid confusion with a nickname.
 .IP CURLOPT_SSLCERTTYPE
 Pass a pointer to a zero terminated string as parameter. The string should be
-the format of your certificate. Supported formats are "PEM" and "DER".  (Added
+the format of your certificate. Supported formats are "PEM" and "DER", except
-in 7.9.3)
+with Secure Transport. OpenSSL (versions 0.9.3 and later) and Secure Transport
 (on iOS 5 or later, or OS X 10.6 or later) also support "P12" for
 PKCS#12-encoded files. (Added in 7.9.3)
 .IP CURLOPT_SSLKEY
 Pass a pointer to a zero terminated string as parameter. The string should be
 the file name of your private key. The default format is "PEM" and can be
 changed with \fICURLOPT_SSLKEYTYPE\fP.
 (iOS and Mac OS X only) This option is ignored if curl was built against Secure
 Transport. Secure Transport expects the private key to be already present in
 the keychain or PKCS#12 file containing the certificate.
 .IP CURLOPT_SSLKEYTYPE
 Pass a pointer to a zero terminated string as parameter. The string should be
 the format of your private key. Supported formats are "PEM", "DER" and "ENG".
--- a/docs/libcurl/curl_formadd.3
+++ b/docs/libcurl/curl_formadd.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -42,7 +42,7 @@ After the \fIlastitem\fP pointer follow the real arguments.
 The pointers \fIfirstitem\fP and \fIlastitem\fP should both be pointing to
 NULL in the first call to this function. All list-data will be allocated by
 the function itself. You must call \fIcurl_formfree(3)\fP on the
-\fIfirstitem\P after the form post has been done to free the resources.
+\fIfirstitem\fP after the form post has been done to free the resources.
 Using POST with HTTP 1.1 implies the use of a "Expect: 100-continue" header.
 You can disable this header with \fICURLOPT_HTTPHEADER\fP as usual.
--- a/docs/libcurl/curl_global_init.3
+++ b/docs/libcurl/curl_global_init.3
@@ -56,7 +56,8 @@ details of how to use this function.
 .SH FLAGS
 .TP 5
 .B CURL_GLOBAL_ALL
-Initialize everything possible. This sets all known bits.
+Initialize everything possible. This sets all known bits except
 \fBCURL_GLOBAL_ACK_EINTR\fP.
 .TP
 .B CURL_GLOBAL_SSL
 Initialize SSL
@@ -70,6 +71,10 @@ Initialise nothing extra. This sets no bit.
 .B CURL_GLOBAL_DEFAULT
 A sensible default. It will init both SSL and Win32. Right now, this equals
 the functionality of the \fBCURL_GLOBAL_ALL\fP mask.
 .TP
 .B CURL_GLOBAL_ACK_EINTR
 When this flag is set, curl will acknowledge EINTR condition when connecting
 or when waiting for data.  Otherwise, curl waits until full timeout elapses.
 .SH RETURN VALUE
 If this function returns non-zero, something went wrong and you cannot use the
 other curl functions.
--- a/docs/libcurl/curl_multi_add_handle.3
+++ b/docs/libcurl/curl_multi_add_handle.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -29,9 +29,9 @@ CURLMcode curl_multi_add_handle(CURLM *multi_handle, CURL *easy_handle);
 .ad
 .SH DESCRIPTION
 Adds a standard easy handle to the multi stack. This function call will make
-this \fImulti_handle\fP control the specified \fIeasy_handle\fP.
+this \fImulti_handle\fP control the specified \fIeasy_handle\fP.  Furthermore,
-Furthermore, libcurl now initiates the connection associated with the
+libcurl now initiates the connection associated with the specified
-specified \fIeasy_handle\fP.
+\fIeasy_handle\fP.
 When an easy handle has been added to a multi stack, you can not and you must
 not use \fIcurl_easy_perform(3)\fP on that handle!
@@ -41,6 +41,12 @@ cache (CURLOPT_DNS_USE_GLOBAL_CACHE), it will be made to use the DNS cache
 that is shared between all easy handles within the multi handle when
 \fIcurl_multi_add_handle(3)\fP is called.
 If you have CURLMOPT_TIMERFUNCTION set in the multi handle (and you really
 should if you're working event-based with \fIcurl_multi_socket_action(3)\fP
 and friends), that callback will be called from within this function to ask
 for an updated timer so that your main event loop will get the activity on
 this handle to get started.
 The easy handle will remain added until you remove it again with
 \fIcurl_multi_remove_handle(3)\fP. You should remove the easy handle from the
 multi stack before you terminate first the easy handle and then the multi
--- a/docs/libcurl/curl_multi_cleanup.3
+++ b/docs/libcurl/curl_multi_cleanup.3
@@ -41,6 +41,7 @@ handle is no longer connected to the multi handle
 3 - \fIcurl_multi_cleanup(3)\fP should be called when all easy handles are
 removed
 .SH RETURN VALUE
-CURLMcode type, general libcurl multi interface error code.
+CURLMcode type, general libcurl multi interface error code. On success,
 CURLM_OK is returned.
 .SH "SEE ALSO"
 .BR curl_multi_init "(3)," curl_easy_cleanup "(3)," curl_easy_init "(3)"
--- a/docs/libcurl/curl_multi_setopt.3
+++ b/docs/libcurl/curl_multi_setopt.3
@@ -49,7 +49,7 @@ argument with \fICURLMOPT_SOCKETDATA\fP.  See \fIcurl_multi_socket(3)\fP for
 more callback details.
 .IP CURLMOPT_SOCKETDATA
 Pass a pointer to whatever you want passed to the \fBcurl_socket_callback\fP's
-forth argument, the userp pointer. This is not used by libcurl but only
+fourth argument, the userp pointer. This is not used by libcurl but only
 passed-thru as-is. Set the callback pointer with
 \fICURLMOPT_SOCKETFUNCTION\fP.
 .IP CURLMOPT_PIPELINING
@@ -61,14 +61,17 @@ on the same connection rather than being executed in parallel. (Added in
 7.16.0)
 .IP CURLMOPT_TIMERFUNCTION
 Pass a pointer to a function matching the \fBcurl_multi_timer_callback\fP
-prototype.  This function will then be called when the timeout value
+prototype: int curl_multi_timer_callback(CURLM *multi /* multi handle */,
 long timeout_ms /* timeout in milliseconds */, void *userp /* TIMERDATA */).
 This function will then be called when the timeout value
 changes. The timeout value is at what latest time the application should call
 one of the \&"performing" functions of the multi interface
 (\fIcurl_multi_socket_action(3)\fP and \fIcurl_multi_perform(3)\fP) - to allow
 libcurl to keep timeouts and retries etc to work. A timeout value of -1 means
 that there is no timeout at all, and 0 means that the timeout is already
 reached. Libcurl attempts to limit calling this only when the fixed future
-timeout time actually changes. See also \fICURLMOPT_TIMERDATA\fP. This
+timeout time actually changes. See also \fICURLMOPT_TIMERDATA\fP. The callback
 should return 0 on success, and -1 on error. This
 callback can be used instead of, or in addition to,
 \fIcurl_multi_timeout(3)\fP. (Added in 7.16.0)
 .IP CURLMOPT_TIMERDATA
@@ -92,6 +95,112 @@ This option is for the multi handle's use only, when using the easy interface
 you should instead use the \fICURLOPT_MAXCONNECTS\fP option.
 (Added in 7.16.3)
 .IP CURLMOPT_MAX_HOST_CONNECTIONS
 Pass a long. The set number will be used as the maximum amount of
 simultaneously open connections to a single host. For each new session to
 a host, libcurl will open a new connection up to the limit set by
 CURLMOPT_MAX_HOST_CONNECTIONS. When the limit is reached, the sessions will
 be pending until there are available connections. If CURLMOPT_PIPELINING is
 1, libcurl will try to pipeline if the host is capable of it.
 The default value is 0, which means that there is no limit.
 However, for backwards compatibility, setting it to 0 when CURLMOPT_PIPELINING
 is 1 will not be treated as unlimited. Instead it will open only 1 connection
 and try to pipeline on it.
 (Added in 7.30.0)
 .IP CURLMOPT_MAX_PIPELINE_LENGTH
 Pass a long. The set number will be used as the maximum amount of requests
 in a pipelined connection. When this limit is reached, libcurl will use another
 connection to the same host (see CURLMOPT_MAX_HOST_CONNECTIONS), or queue the
 requests until one of the pipelines to the host is ready to accept a request.
 Thus, the total number of requests in-flight is CURLMOPT_MAX_HOST_CONNECTIONS *
 CURLMOPT_MAX_PIPELINE_LENGTH.
 The default value is 5.
 (Added in 7.30.0)
 .IP CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE
 Pass a long. If a pipelined connection is currently processing a request
 with a Content-Length larger than CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE, that
 connection will not be considered for additional requests, even if it is
 shorter than CURLMOPT_MAX_PIPELINE_LENGTH.
 The default value is 0, which means that the penalization is inactive.
 (Added in 7.30.0)
 .IP CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE
 Pass a long. If a pipelined connection is currently processing a
 chunked (Transfer-encoding: chunked) request with a current chunk length
 larger than CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE, that connection will not be
 considered for additional requests, even if it is shorter than
 CURLMOPT_MAX_PIPELINE_LENGTH.
 The default value is 0, which means that the penalization is inactive.
 (Added in 7.30.0)
 .IP CURLMOPT_PIPELINING_SITE_BL
 Pass an array of char *, ending with NULL. This is a list of sites that are
 blacklisted from pipelining, i.e sites that are known to not support HTTP
 pipelining. The array is copied by libcurl.
 The default value is NULL, which means that there is no blacklist.
 Pass a NULL pointer to clear the blacklist.
 Example:
 .nf
  site_blacklist[] =
  {
    "www.haxx.se",
    "www.example.com:1234",
    NULL
  };
  curl_multi_setopt(m, CURLMOPT_PIPELINE_SITE_BL, site_blacklist);
 .fi
 (Added in 7.30.0)
 .IP CURLMOPT_PIPELINING_SERVER_BL
 Pass an array of char *, ending with NULL. This is a list of server types
 prefixes (in the Server: HTTP header) that are blacklisted from pipelining,
 i.e server types that are known to not support HTTP pipelining. The array is
 copied by libcurl.
 Note that the comparison matches if the Server: header begins with the string
 in the blacklist, i.e "Server: Ninja 1.2.3" and "Server: Ninja 1.4.0" can 
 both be blacklisted by having "Ninja" in the backlist.
 The default value is NULL, which means that there is no blacklist.
 Pass a NULL pointer to clear the blacklist.
 Example:
 .nf
  server_blacklist[] =
  {
    "Microsoft-IIS/6.0",
    "nginx/0.8.54",
    NULL
  };
  curl_multi_setopt(m, CURLMOPT_PIPELINE_SERVER_BL, server_blacklist);
 .fi
 (Added in 7.30.0)
 .IP CURLMOPT_MAX_TOTAL_CONNECTIONS
 Pass a long. The set number will be used as the maximum amount of
 simultaneously open connections in total. For each new session, libcurl
 will open a new connection up to the limit set by
 CURLMOPT_MAX_TOTAL_CONNECTIONS. When the limit is reached, the sessions will
 be pending until there are available connections. If CURLMOPT_PIPELINING is
 1, libcurl will try to pipeline if the host is capable of it.
 The default value is 0, which means that there is no limit.
 However, for backwards compatibility, setting it to 0 when CURLMOPT_PIPELINING
 is 1 will not be treated as unlimited. Instead it will open only 1 connection
 and try to pipeline on it.
 (Added in 7.30.0)
 .SH RETURNS
 The standard CURLMcode for multi interface error codes. Note that it returns a
 CURLM_UNKNOWN_OPTION if you try setting an option that this version of libcurl
--- a/docs/libcurl/curl_multi_socket_action.3
+++ b/docs/libcurl/curl_multi_socket_action.3
@@ -38,7 +38,9 @@ can be passed as an events bitmask \fBev_bitmask\fP by first setting
 \fBev_bitmask\fP to 0, and then adding using bitwise OR (|) any combination of
 events to be chosen from CURL_CSELECT_IN, CURL_CSELECT_OUT or
 CURL_CSELECT_ERR. When the events on a socket are unknown, pass 0 instead, and
-libcurl will test the descriptor internally.
+libcurl will test the descriptor internally. It is also permissible to pass
 CURL_SOCKET_TIMEOUT to the \fBsockfd\fP parameter in order to initiate the
 whole process or when a timeout occurs.
 At return, the integer \fBrunning_handles\fP points to will contain the number
 of running easy handles within the multi handle. When this number reaches
@@ -71,7 +73,10 @@ The socket \fBcallback\fP function uses a prototype like this
                           curl_socket_t s, /* socket */
                           int action,      /* see values below */
                           void *userp,    /* private callback pointer */
-                           void *socketp); /* private socket pointer */
+                           void *socketp); /* private socket pointer,
                                              \fBNULL\fP if not
                                              previously assigned with
                                              \fBcurl_multi_assign(3)\fP */
 .fi
 The callback MUST return 0.
@@ -132,15 +137,15 @@ timeout value to use when waiting for socket activities.
 them for activity. This can be done through your application code, or by way
 of an external library such as libevent or glib.
-6. Call curl_multi_socket_action(...CURL_SOCKET_TIMEOUT...) to kickstart
+6. Call curl_multi_socket_action(..., CURL_SOCKET_TIMEOUT, 0, ...)
-everything. To get one or more callbacks called.
+to kickstart everything. To get one or more callbacks called.
 7. Wait for activity on any of libcurl's sockets, use the timeout value your
-callback has been told
+callback has been told.
 8, When activity is detected, call curl_multi_socket_action() for the
 socket(s) that got action. If no activity is detected and the timeout expires,
-call \fIcurl_multi_socket_action(3)\fP with \fICURL_SOCKET_TIMEOUT\fP
+call \fIcurl_multi_socket_action(3)\fP with \fICURL_SOCKET_TIMEOUT\fP.
 .SH AVAILABILITY
 This function was added in libcurl 7.15.4, and is deemed stable since 7.16.0.
 .SH "SEE ALSO"
--- a/docs/libcurl/curl_multi_timeout.3
+++ b/docs/libcurl/curl_multi_timeout.3
@@ -42,7 +42,7 @@ of milliseconds at this very moment. If 0, it means you should proceed
 immediately without waiting for anything. If it returns -1, there's no timeout
 at all set.
-An application that uses the multi_socket API SHOULD not use this function, but
+An application that uses the multi_socket API SHOULD NOT use this function, but
 SHOULD instead use \fIcurl_multi_setopt(3)\fP and its
 \fPCURLMOPT_TIMERFUNCTION\fP option for proper and desired behavior.
--- a/docs/libcurl/curl_multi_wait.3
+++ b/docs/libcurl/curl_multi_wait.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -36,12 +36,17 @@ CURLMcode curl_multi_wait(CURLM *multi_handle,
 This function polls on all file descriptors used by the curl easy handles
 contained in the given multi handle set.  It will block until activity is
 detected on at least one of the handles or \fItimeout_ms\fP has passed.
 Alternatively, if the multi handle has a pending internal timeout that has a
 shorter expiry time than \fItimeout_ms\fP, that shorter time will be used
 instead to make sure timeout accuracy is reasonably kept.
 The calling application may pass additional curl_waitfd structures which are
 similar to \fIpoll(2)\fP's pollfd structure to be waited on in the same call.
 On completion, if \fInumfds\fP is supplied, it will be populated with the
-number of file descriptors on which interesting events occured.
+total number of file descriptors on which interesting events occured. This
 number can include both libcurl internal descriptors as well as descriptors
 provided in \fIextra_fds\fP.
 If no extra file descriptors are provided and libcurl has no file descriptor
 to offer to wait for, this function will return immediately.
--- a/docs/libcurl/curl_version.3
+++ b/docs/libcurl/curl_version.3
@@ -31,6 +31,7 @@ curl_version - returns the libcurl version string
 Returns a human readable string with the version number of libcurl and some of
 its important components (like OpenSSL version).
 .SH RETURN VALUE
-A pointer to a zero terminated string.
+A pointer to a zero terminated string. The string resides in a statically
 allocated buffer and must not be freed by the caller.
 .SH "SEE ALSO"
 .BR curl_version_info "(3)"
--- a/docs/libcurl/index.html
+++ b/docs/libcurl/index.html
@@ -21,40 +21,49 @@
 <H2>Library Functions (A-Z)</H2>
 <a href="curl_easy_cleanup.html">curl_easy_cleanup</A>
 <br><a href="curl_easy_duphandle.html">curl_easy_duphandle</A>
 <br><a href="curl_easy_escape.html">curl_easy_escape</A>
 <br><a href="curl_easy_getinfo.html">curl_easy_getinfo</A>
 <br><a href="curl_easy_init.html">curl_easy_init</A>
 <br><a href="curl_easy_pause.html">curl_easy_pause</A>
 <br><a href="curl_easy_perform.html">curl_easy_perform</A>
 <br><a href="curl_easy_recv.html">curl_easy_recv</A>
 <br><a href="curl_easy_reset.html">curl_easy_reset</A>
 <br><a href="curl_easy_send.html">curl_easy_send</A>
 <br><a href="curl_easy_setopt.html">curl_easy_setopt</A>
 <br><a href="curl_easy_strerror.html">curl_easy_strerror</A>
-<br><a href="curl_escape.html">curl_escape</A>
+<br><a href="curl_easy_unescape.html">curl_easy_unescape</A>
 <br><a href="curl_escape.html">curl_escape</A> (deprecated)
 <br><a href="curl_formadd.html">curl_formadd</A>
 <br><a href="curl_formfree.html">curl_formfree</A>
 <br><a href="curl_formget.html">curl_formget</A>
 <br><a href="curl_free.html">curl_free</A>
 <br><a href="curl_getdate.html">curl_getdate</A>
-<br><a href="curl_getenv.html">curl_getenv</A>
+<br><a href="curl_getenv.html">curl_getenv</A> (deprecated)
 <br><a href="curl_global_cleanup.html">curl_global_cleanup</A>
 <br><a href="curl_global_init.html">curl_global_init</A>
 <br><a href="curl_global_init_mem.html">curl_global_init_mem</A>
-<br><a href="curl_mprintf.html">curl_mprintf</A>
+<br><a href="curl_mprintf.html">curl_mprintf</A> (deprecated)
 <br><a href="curl_multi_add_handle.html">curl_multi_add_handle</a>
 <br><a href="curl_multi_assign.html">curl_multi_assign</a>
 <br><a href="curl_multi_cleanup.html">curl_multi_cleanup</a>
 <br><a href="curl_multi_fdset.html">curl_multi_fdset</a>
 <br><a href="curl_multi_info_read.html">curl_multi_info_read</a>
 <br><a href="curl_multi_init.html">curl_multi_init</a>
 <br><a href="curl_multi_perform.html">curl_multi_perform</a>
 <br><a href="curl_multi_remove_handle.html">curl_multi_remove_handle</a>
-<br><a href="curl_multi_strerror.html">curl_multi_strerror.html</a>
+<br><a href="curl_multi_setopt.html">curl_multi_setopt</a>
 <br><a href="curl_multi_socket.html">curl_multi_socket</a> (deprecated)
 <br><a href="curl_multi_socket_action.html">curl_multi_socket_action</a>
 <br><a href="curl_multi_strerror.html">curl_multi_strerror</a>
 <br><a href="curl_multi_timeout.html">curl_multi_timeout</a> (deprecated)
 <br><a href="curl_share_cleanup.html">curl_share_cleanup</A>
 <br><a href="curl_share_init.html">curl_share_init</A>
 <br><a href="curl_share_setopt.html">curl_share_setopt</A>
-<br><a href="curl_share_strerror.html">curl_share_strerror.html</a>
+<br><a href="curl_share_strerror.html">curl_share_strerror</a>
 <br><a href="curl_slist_append.html">curl_slist_append</A>
 <br><a href="curl_slist_free_all.html">curl_slist_free_all</A>
 <br><a href="curl_strequal.html">curl_strequal and curl_strnequal</A>
-<br><a href="curl_unescape.html">curl_unescape</A>
+<br><a href="curl_unescape.html">curl_unescape</A> (deprecated)
 <br><a href="curl_version.html">curl_version</A>
 <br><a href="curl_version_info.html">curl_version_info</A>
--- a/docs/libcurl/libcurl-errors.3
+++ b/docs/libcurl/libcurl-errors.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -240,6 +240,9 @@ Mismatch of RTSP Session Identifiers.
 Unable to parse FTP file list (during FTP wildcard downloading).
 .IP "CURLE_CHUNK_FAILED (88)"
 Chunk callback reported error.
 .IP "CURLE_NO_CONNECTION_AVAILABLE (89)"
 (For internal use only, will never be returned by libcurl) No connection
 available, the session will be queued. (added in 7.30.0)
 .IP "CURLE_OBSOLETE*"
 These error codes will never be returned. They were used in an old libcurl
 version and are currently unused.
@@ -270,6 +273,9 @@ The passed-in socket is not a valid one that libcurl already knows about.
 .IP "CURLM_UNKNOWN_OPTION (6)"
 curl_multi_setopt() with unsupported option
 (Added in 7.15.4)
 .IP "CURLM_ADDED_ALREADY (7)"
 An easy handle already added to a multi handle was attempted to get added a
 second time. (Added in 7.32.1)
 .SH "CURLSHcode"
 The "share" interface will return a CURLSHcode to indicate when an error has
 occurred.  Also consider \fIcurl_share_strerror(3)\fP.
--- a/docs/libcurl/libcurl-share.3
+++ b/docs/libcurl/libcurl-share.3
@@ -34,8 +34,10 @@ The share interface was added to enable sharing of data between curl
 \&"handles".
 .SH "ONE SET OF DATA - MANY TRANSFERS"
 You can have multiple easy handles share data between them. Have them update
-and use the \fBsame\fP cookie database or DNS cache! This way, each single
+and use the \fBsame\fP cookie database, DNS cache, TLS session cache! This
-transfer will take advantage from data updates made by the other transfer(s).
+way, each single transfer will take advantage from data updates made by the
 other transfer(s). The sharing interface, however, does not share active or
 persistent connections between different easy handles.
 .SH "SHARE OBJECT"
 You create a shared object with \fIcurl_share_init(3)\fP. It returns a handle
 for a newly created one.
--- a/docs/libcurl/libcurl-tutorial.3
+++ b/docs/libcurl/libcurl-tutorial.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -289,6 +289,10 @@ axTLS
 Required actions unknown.
 Secure Transport
 The engine is fully thread-safe, and no additional steps are required.
 When using multiple threads you should set the CURLOPT_NOSIGNAL option to 1
 for all handles. Everything will or might work fine except that timeouts are
 not honored during the DNS lookup - which you can work around by building
@@ -1153,13 +1157,13 @@ and install a CURLOPT_OPENSOCKETFUNCTION callback function in which addresses
 are sanitized before use.
 .IP "Private Resources"
-A user who can control the DNS server of a domain being passed in within
+A user who can control the DNS server of a domain being passed in within a URL
-a URL can change the address of the host to a local, private address
+can change the address of the host to a local, private address which a
-which the libcurl application will then use. e.g. The innocuous URL
+server-side libcurl-using application could then use. e.g. the innocuous URL
-http://fuzzybunnies.example.com/ could actually resolve to the IP address
+http://fuzzybunnies.example.com/ could actually resolve to the IP address of a
-of a server behind a firewall, such as 127.0.0.1 or 10.1.2.3
+server behind a firewall, such as 127.0.0.1 or 10.1.2.3.  Apps can mitigate
-Apps can mitigate against this by setting a CURLOPT_OPENSOCKETFUNCTION
+against this by setting a CURLOPT_OPENSOCKETFUNCTION and checking the address
-and checking the address before a connection.
+before a connection.
 All the malicious scenarios regarding redirected URLs apply just as well
 to non-redirected URLs, if the user is allowed to specify an arbitrary URL
@@ -1174,6 +1178,19 @@ IP address and port number for a server local to the app running libcurl
 but behind a firewall.  Apps can mitigate against this by using the
 CURLOPT_FTP_SKIP_PASV_IP option or CURLOPT_FTPPORT.
 .IP "IPv6 Addresses"
 libcurl will normally handle IPv6 addresses transparently and just as easily
 as IPv4 addresses. That means that a sanitizing function that filters out
 addressses like 127.0.0.1 isn't sufficient--the equivalent IPv6 addresses ::1,
 ::, 0:00::0:1, ::127.0.0.1 and ::ffff:7f00:1 supplied somehow by an attacker
 would all bypass a naive filter and could allow access to undesired local
 resources.  IPv6 also has special address blocks like link-local and site-local
 that generally shouldn't be accessed by a server-side libcurl-using
 application.  A poorly-configured firewall installed in a data center,
 organization or server may also be configured to limit IPv4 connections but
 leave IPv6 connections wide open.  In some cases, the CURL_IPRESOLVE_V4 option
 can be used to limit resolved addresses to IPv4 only and bypass these issues.
 .IP Uploads
 When uploading, a redirect can cause a local (or remote) file to be
 overwritten.  Apps must not allow any unsanitized URL to be passed in
@@ -1246,7 +1263,7 @@ using the Content-disposition: header to generate a file name.  An application
 could also use CURLINFO_EFFECTIVE_URL to generate a file name from a
 server-supplied redirect URL. Special care must be taken to sanitize such
 names to avoid the possibility of a malicious server supplying one like
-"/etc/passwd", "\autoexec.bat" or even ".bashrc".
+"/etc/passwd", "\\autoexec.bat", "prn:" or even ".bashrc".
 .IP "Server Certificates"
 A secure application should never use the CURLOPT_SSL_VERIFYPEER option to
@@ -1259,10 +1276,15 @@ validated certificates is potentially as insecure as a plain HTTP connection.
 On a related issue, be aware that even in situations like when you have
 problems with libcurl and ask someone for help, everything you reveal in order
 to get best possible help might also impose certain security related
-risks. Host names, user names, paths, operating system specifics, etc (not to
+risks. Host names, user names, paths, operating system specifics, etc. (not to
 mention passwords of course) may in fact be used by intruders to gain
 additional information of a potential target.
 Be sure to limit access to application logs if they could hold private or
 security-related data.  Besides the obvious candidates like user names and
 passwords, things like URLs, cookies or even file names could also hold
 sensitive data.
 To avoid this problem, you must of course use your common sense. Often, you
 can just edit out the sensitive data or just search/replace your true
 information with faked data.
@@ -1343,10 +1365,10 @@ automatically share a lot of the data that otherwise would be kept on a
 per-easy handle basis when the easy interface is used.
 The DNS cache is shared between handles within a multi handle, making
-subsequent name resolvings faster and the connection pool that is kept to
+subsequent name resolving faster, and the connection pool that is kept to
-better allow persistent connections and connection re-use is shared. If you're
+better allow persistent connections and connection re-use is also shared. If
-using the easy interface, you can still share these between specific easy
+you're using the easy interface, you can still share these between specific
-handles by using the share interface, see \fIlibcurl-share(3)\fP.
+easy handles by using the share interface, see \fIlibcurl-share(3)\fP.
 Some things are never shared automatically, not within multi handles, like for
 example cookies so the only way to share that is with the share interface.
--- a/docs/libcurl/libcurl.3
+++ b/docs/libcurl/libcurl.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -39,8 +39,15 @@ maintain while using libcurl.  This essentially means you call
 for details.
 To transfer files, you always set up an "easy handle" using
-\fIcurl_easy_init(3)\fP, but when you want the file(s) transferred you have
+\fIcurl_easy_init(3)\fP for a single specific transfer (in either
-the option of using the "easy" interface, or the "multi" interface.
+direction). You then set your desired set of options in that handle with
 \fIcurk_easy_setopt(3)\fP. Options you set with \fIcurl_easy_setopt(3)\fP will
 be used on every repeated use of this handle until you either call the
 function again and change the option, or you reset them all with
 \fIcurl_easy_reset(3)\fP.
 To actually transfer data you have the option of using the "easy" interface,
 or the "multi" interface.
 The easy interface is a synchronous interface with which you call
 \fIcurl_easy_perform(3)\fP and let it perform the transfer. When it is
@@ -51,7 +58,8 @@ The multi interface on the other hand is an asynchronous interface, that you
 call and that performs only a little piece of the transfer on each invoke. It
 is perfect if you want to do things while the transfer is in progress, or
 similar. The multi interface allows you to select() on libcurl action, and
-even to easily download multiple files simultaneously using a single thread. See further details in the \fIlibcurl-multi(3)\fP man page.
+even to easily download multiple files simultaneously using a single
 thread. See further details in the \fIlibcurl-multi(3)\fP man page.
 You can have multiple easy handles share certain data, even if they are used
 in different threads. This magic is setup using the share interface, as
@@ -115,19 +123,21 @@ Persistent connections means that libcurl can re-use the same connection for
 several transfers, if the conditions are right.
 libcurl will \fBalways\fP attempt to use persistent connections. Whenever you
-use \fIcurl_easy_perform(3)\fP or \fIcurl_multi_perform(3)\fP, libcurl will
+use \fIcurl_easy_perform(3)\fP or \fIcurl_multi_perform(3)\fP etc, libcurl
-attempt to use an existing connection to do the transfer, and if none exists
+will attempt to use an existing connection to do the transfer, and if none
-it'll open a new one that will be subject for re-use on a possible following
+exists it'll open a new one that will be subject for re-use on a possible
-call to \fIcurl_easy_perform(3)\fP or \fIcurl_multi_perform(3)\fP.
+following call to \fIcurl_easy_perform(3)\fP or \fIcurl_multi_perform(3)\fP.
 To allow libcurl to take full advantage of persistent connections, you should
-do as many of your file transfers as possible using the same curl handle. When
+do as many of your file transfers as possible using the same handle.
 you call \fIcurl_easy_cleanup(3)\fP, all the possibly open connections held by
 libcurl will be closed and forgotten.
-Note that the options set with \fIcurl_easy_setopt(3)\fP will be used on
+If you use the easy interface, and you call \fIcurl_easy_cleanup(3)\fP, all
-every repeated \fIcurl_easy_perform(3)\fP call.
+the possibly open connections held by libcurl will be closed and forgotten.
 When you've created a multi handle and are using the multi interface, the
 connection pool is instead kept in the multi handle so closing and creating
 new easy handles to do transfers will not affect them. Instead all added easy
 handles can take advantage of the single shared pool.
 .SH "GLOBAL CONSTANTS"
 There are a variety of constants that libcurl uses, mainly through its
 internal use of other libraries, which are too complicated for the
--- a/docs/libcurl/symbols-in-versions
+++ b/docs/libcurl/symbols-in-versions
@@ -86,6 +86,7 @@ CURLE_LIBRARY_NOT_FOUND         7.1           7.17.0
 CURLE_LOGIN_DENIED              7.13.1
 CURLE_MALFORMAT_USER            7.1           7.17.0
 CURLE_NOT_BUILT_IN              7.21.5
 CURLE_NO_CONNECTION_AVAILABLE   7.30.0
 CURLE_OK                        7.1
 CURLE_OPERATION_TIMEDOUT        7.10.2
 CURLE_OPERATION_TIMEOUTED       7.1           7.17.0
@@ -267,14 +268,22 @@ CURLKHTYPE_DSS                  7.19.6
 CURLKHTYPE_RSA                  7.19.6
 CURLKHTYPE_RSA1                 7.19.6
 CURLKHTYPE_UNKNOWN              7.19.6
 CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE 7.30.0
 CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE 7.30.0
 CURLMOPT_MAXCONNECTS            7.16.3
 CURLMOPT_MAX_HOST_CONNECTIONS   7.30.0
 CURLMOPT_MAX_PIPELINE_LENGTH    7.30.0
 CURLMOPT_MAX_TOTAL_CONNECTIONS  7.30.0
 CURLMOPT_PIPELINING             7.16.0
 CURLMOPT_PIPELINING_SERVER_BL   7.30.0
 CURLMOPT_PIPELINING_SITE_BL     7.30.0
 CURLMOPT_SOCKETDATA             7.15.4
 CURLMOPT_SOCKETFUNCTION         7.15.4
 CURLMOPT_TIMERDATA              7.16.0
 CURLMOPT_TIMERFUNCTION          7.16.0
 CURLMSG_DONE                    7.9.6
 CURLMSG_NONE                    7.9.6
 CURLM_ADDED_ALREADY             7.32.1
 CURLM_BAD_EASY_HANDLE           7.9.6
 CURLM_BAD_HANDLE                7.9.6
 CURLM_BAD_SOCKET                7.15.4
@@ -323,6 +332,9 @@ CURLOPT_DEBUGDATA               7.9.6
 CURLOPT_DEBUGFUNCTION           7.9.6
 CURLOPT_DIRLISTONLY             7.17.0
 CURLOPT_DNS_CACHE_TIMEOUT       7.9.3
 CURLOPT_DNS_INTERFACE           7.33.0
 CURLOPT_DNS_LOCAL_IP4           7.33.0
 CURLOPT_DNS_LOCAL_IP6           7.33.0
 CURLOPT_DNS_SERVERS             7.24.0
 CURLOPT_DNS_USE_GLOBAL_CACHE    7.9.3         7.11.1
 CURLOPT_EGDSOCKET               7.7
@@ -420,7 +432,7 @@ CURLOPT_POSTREDIR               7.19.1
 CURLOPT_PREQUOTE                7.9.5
 CURLOPT_PRIVATE                 7.10.3
 CURLOPT_PROGRESSDATA            7.1
-CURLOPT_PROGRESSFUNCTION        7.1
+CURLOPT_PROGRESSFUNCTION        7.1           7.32.0
 CURLOPT_PROTOCOLS               7.19.4
 CURLOPT_PROXY                   7.1
 CURLOPT_PROXYAUTH               7.10.7
@@ -448,6 +460,7 @@ CURLOPT_RTSP_SERVER_CSEQ        7.20.0
 CURLOPT_RTSP_SESSION_ID         7.20.0
 CURLOPT_RTSP_STREAM_URI         7.20.0
 CURLOPT_RTSP_TRANSPORT          7.20.0
 CURLOPT_SASL_IR                 7.31.0
 CURLOPT_SEEKDATA                7.18.0
 CURLOPT_SEEKFUNCTION            7.18.0
 CURLOPT_SERVER_RESPONSE_TIMEOUT 7.20.0
@@ -516,6 +529,9 @@ CURLOPT_WRITEDATA               7.9.7
 CURLOPT_WRITEFUNCTION           7.1
 CURLOPT_WRITEHEADER             7.1
 CURLOPT_WRITEINFO               7.1
 CURLOPT_XFERINFODATA            7.32.0
 CURLOPT_XFERINFOFUNCTION        7.32.0
 CURLOPT_XOAUTH2_BEARER          7.33.0
 CURLPAUSE_ALL                   7.18.0
 CURLPAUSE_CONT                  7.18.0
 CURLPAUSE_RECV                  7.18.0
@@ -609,6 +625,7 @@ CURL_FORMADD_NULL               7.9.8
 CURL_FORMADD_OK                 7.9.8
 CURL_FORMADD_OPTION_TWICE       7.9.8
 CURL_FORMADD_UNKNOWN_OPTION     7.9.8
 CURL_GLOBAL_ACK_EINTR           7.30.0
 CURL_GLOBAL_ALL                 7.8
 CURL_GLOBAL_DEFAULT             7.8
 CURL_GLOBAL_NOTHING             7.8
@@ -616,6 +633,7 @@ CURL_GLOBAL_SSL                 7.8
 CURL_GLOBAL_WIN32               7.8.1
 CURL_HTTP_VERSION_1_0           7.9.1
 CURL_HTTP_VERSION_1_1           7.9.1
 CURL_HTTP_VERSION_2_0           7.33.0
 CURL_HTTP_VERSION_NONE          7.9.1
 CURL_IPRESOLVE_V4               7.10.8
 CURL_IPRESOLVE_V6               7.10.8
@@ -688,6 +706,7 @@ CURL_VERSION_CONV               7.15.4
 CURL_VERSION_CURLDEBUG          7.19.6
 CURL_VERSION_DEBUG              7.10.6
 CURL_VERSION_GSSNEGOTIATE       7.10.6
 CURL_VERSION_HTTP2              7.33.0
 CURL_VERSION_IDN                7.12.0
 CURL_VERSION_IPV6               7.10
 CURL_VERSION_KERBEROS4          7.10
--- a/docs/mk-ca-bundle.1
+++ b/docs/mk-ca-bundle.1
@@ -60,11 +60,16 @@ unlink (remove) certdata.txt after processing
 be verbose and print out processed CAs
 .SH EXIT STATUS
 Returns 0 on success. Returns 1 if it fails to download data.
 .SH CERTDATA FORMAT
 The file format used by Mozilla for this trust information seems to be documented here:
 .nf
 http://p11-glue.freedesktop.org/doc/storing-trust-policy/storing-trust-existing.html
 .fi
 .SH SEE ALSO
 .BR curl (1)
 .SH HISTORY
 \fBmk-ca-bundle\fP is a command line tool that is shipped as part of every
 curl and libcurl release (see http://curl.haxx.se/). It was originally based
 on the parse-certs script written by Roland Krikava and was later much
-improved by Guenter Knauf.  This manual page was written by Jan Schaumann
+improved by Guenter Knauf.  This manual page was initially written by Jan
-\&<jschauma@netmeister.org>.
+Schaumann \&<jschauma@netmeister.org>.
--- a/include/curl/curl.h
+++ b/include/curl/curl.h
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -93,29 +93,21 @@ extern "C" {
 typedef void CURL;
 /*
- * Decorate exportable functions for Win32 and Symbian OS DLL linking.
+ * libcurl external API function linkage decorations.
 * This avoids using a .def file for building libcurl.dll.
 */
 #if (defined(WIN32) || defined(_WIN32) || defined(__SYMBIAN32__)) && \
     !defined(CURL_STATICLIB)
 #if defined(BUILDING_LIBCURL)
 #define CURL_EXTERN  __declspec(dllexport)
 #else
 #define CURL_EXTERN  __declspec(dllimport)
 #endif
 #else
-#ifdef CURL_HIDDEN_SYMBOLS
+#ifdef CURL_STATICLIB
-/*
+#  define CURL_EXTERN
- * This definition is used to make external definitions visible in the
+#elif defined(WIN32) || defined(_WIN32) || defined(__SYMBIAN32__)
- * shared library when symbols are hidden by default.  It makes no
+#  if defined(BUILDING_LIBCURL)
- * difference when compiling applications whether this is set or not,
+#    define CURL_EXTERN  __declspec(dllexport)
- * only when compiling the library.
+#  else
- */
+#    define CURL_EXTERN  __declspec(dllimport)
-#define CURL_EXTERN CURL_EXTERN_SYMBOL
+#  endif
 #elif defined(BUILDING_LIBCURL) && defined(CURL_HIDDEN_SYMBOLS)
 #  define CURL_EXTERN CURL_EXTERN_SYMBOL
 #else
-#define CURL_EXTERN
+#  define CURL_EXTERN
 #endif
 #endif
 #ifndef curl_socket_typedef
@@ -164,12 +156,22 @@ struct curl_httppost {
                                       HTTPPOST_CALLBACK posts */
 };
 /* This is the CURLOPT_PROGRESSFUNCTION callback proto. It is now considered
   deprecated but was the only choice up until 7.31.0 */
 typedef int (*curl_progress_callback)(void *clientp,
                                      double dltotal,
                                      double dlnow,
                                      double ultotal,
                                      double ulnow);
 /* This is the CURLOPT_XFERINFOFUNCTION callback proto. It was introduced in
   7.32.0, it avoids floating point and provides more detailed information. */
 typedef int (*curl_xferinfo_callback)(void *clientp,
                                      curl_off_t dltotal,
                                      curl_off_t dlnow,
                                      curl_off_t ultotal,
                                      curl_off_t ulnow);
 #ifndef CURL_MAX_WRITE_SIZE
  /* Tests have proven that 20K is a very bad buffer size for uploads on
     Windows, while 16K for some odd reason performed a lot better.
@@ -515,6 +517,8 @@ typedef enum {
  CURLE_RTSP_SESSION_ERROR,      /* 86 - mismatch of RTSP Session Ids */
  CURLE_FTP_BAD_FILE_LIST,       /* 87 - unable to parse FTP file list */
  CURLE_CHUNK_FAILED,            /* 88 - chunk callback reported error */
  CURLE_NO_CONNECTION_AVAILABLE, /* 89 - No connection available, the
                                    session will be queued */
  CURL_LAST /* never use! */
 } CURLcode;
@@ -641,16 +645,18 @@ typedef enum {
 #define CURL_ERROR_SIZE 256
 enum curl_khtype {
  CURLKHTYPE_UNKNOWN,
  CURLKHTYPE_RSA1,
  CURLKHTYPE_RSA,
  CURLKHTYPE_DSS
 };
 struct curl_khkey {
  const char *key; /* points to a zero-terminated string encoded with base64
                      if len is zero, otherwise to the "raw" data */
  size_t len;
-  enum type {
+  enum curl_khtype keytype;
    CURLKHTYPE_UNKNOWN,
    CURLKHTYPE_RSA1,
    CURLKHTYPE_RSA,
    CURLKHTYPE_DSS
  } keytype;
 };
 /* this is the set of return values expected from the curl_sshkeycallback
@@ -974,13 +980,16 @@ typedef enum {
  /* 55 = OBSOLETE */
-  /* Function that will be called instead of the internal progress display
+  /* DEPRECATED
   * Function that will be called instead of the internal progress display
   * function. This function should be defined as the curl_progress_callback
   * prototype defines. */
  CINIT(PROGRESSFUNCTION, FUNCTIONPOINT, 56),
-  /* Data passed to the progress callback */
+  /* Data passed to the CURLOPT_PROGRESSFUNCTION and CURLOPT_XFERINFOFUNCTION
     callbacks */
  CINIT(PROGRESSDATA, OBJECTPOINT, 57),
 #define CURLOPT_XFERINFODATA CURLOPT_PROGRESSDATA
  /* We want the referrer field set automatically when following locations */
  CINIT(AUTOREFERER, LONG, 58),
@@ -1533,9 +1542,33 @@ typedef enum {
  /* Enable/disable specific SSL features with a bitmask, see CURLSSLOPT_* */
  CINIT(SSL_OPTIONS, LONG, 216),
-  /* set the SMTP auth originator */
+  /* Set the SMTP auth originator */
  CINIT(MAIL_AUTH, OBJECTPOINT, 217),
  /* Enable/disable SASL initial response */
  CINIT(SASL_IR, LONG, 218),
  /* Function that will be called instead of the internal progress display
   * function. This function should be defined as the curl_xferinfo_callback
   * prototype defines. (Deprecates CURLOPT_PROGRESSFUNCTION) */
  CINIT(XFERINFOFUNCTION, FUNCTIONPOINT, 219),
  /* The XOAUTH2 bearer token */
  CINIT(XOAUTH2_BEARER, OBJECTPOINT, 220),
  /* Set the interface string to use as outgoing network
   * interface for DNS requests.
   * Only supported by the c-ares DNS backend */
  CINIT(DNS_INTERFACE, OBJECTPOINT, 221),
  /* Set the local IPv4 address to use for outgoing DNS requests.
   * Only supported by the c-ares DNS backend */
  CINIT(DNS_LOCAL_IP4, OBJECTPOINT, 222),
  /* Set the local IPv4 address to use for outgoing DNS requests.
   * Only supported by the c-ares DNS backend */
  CINIT(DNS_LOCAL_IP6, OBJECTPOINT, 223),
  CURLOPT_LASTENTRY /* the last unused */
 } CURLoption;
@@ -1588,6 +1621,7 @@ enum {
                             for us! */
  CURL_HTTP_VERSION_1_0,  /* please use HTTP 1.0 in the request */
  CURL_HTTP_VERSION_1_1,  /* please use HTTP 1.1 in the request */
  CURL_HTTP_VERSION_2_0,  /* please use HTTP 2.0 in the request */
  CURL_HTTP_VERSION_LAST /* *ILLEGAL* http version */
 };
@@ -2023,6 +2057,7 @@ typedef enum {
 #define CURL_GLOBAL_ALL (CURL_GLOBAL_SSL|CURL_GLOBAL_WIN32)
 #define CURL_GLOBAL_NOTHING 0
 #define CURL_GLOBAL_DEFAULT CURL_GLOBAL_ALL
 #define CURL_GLOBAL_ACK_EINTR (1<<2)
 /*****************************************************************************
@@ -2150,6 +2185,7 @@ typedef struct {
 #define CURL_VERSION_CURLDEBUG (1<<13) /* debug memory tracking supported */
 #define CURL_VERSION_TLSAUTH_SRP (1<<14) /* TLS-SRP auth is supported */
 #define CURL_VERSION_NTLM_WB   (1<<15) /* NTLM delegating to winbind helper */
 #define CURL_VERSION_HTTP2     (1<<16) /* HTTP2 support built-in */
 /*
 * NAME curl_version_info()
--- a/include/curl/curlbuild.h.dist
+++ b/include/curl/curlbuild.h.dist
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -527,7 +527,8 @@
 /* ===================================== */
 #elif defined(__GNUC__)
-#  if defined(__i386__) || defined(__ppc__)
+#  if defined(__ILP32__) || \
      defined(__i386__) || defined(__ppc__) || defined(__arm__)
 #    define CURL_SIZEOF_LONG           4
 #    define CURL_TYPEOF_CURL_OFF_T     long long
 #    define CURL_FORMAT_CURL_OFF_T     "lld"
@@ -536,7 +537,8 @@
 #    define CURL_SIZEOF_CURL_OFF_T     8
 #    define CURL_SUFFIX_CURL_OFF_T     LL
 #    define CURL_SUFFIX_CURL_OFF_TU    ULL
-#  elif defined(__x86_64__) || defined(__ppc64__)
+#  elif defined(__LP64__) || \
        defined(__x86_64__) || defined(__ppc64__)
 #    define CURL_SIZEOF_LONG           8
 #    define CURL_TYPEOF_CURL_OFF_T     long
 #    define CURL_FORMAT_CURL_OFF_T     "ld"
--- a/include/curl/curlver.h
+++ b/include/curl/curlver.h
@@ -30,13 +30,13 @@
 /* This is the version number of the libcurl package from which this header
   file origins: */
-#define LIBCURL_VERSION "7.28.2-DEV"
+#define LIBCURL_VERSION "7.33.0-DEV"
 /* The numeric version number is also available "in parts" by using these
   defines: */
 #define LIBCURL_VERSION_MAJOR 7
-#define LIBCURL_VERSION_MINOR 28
+#define LIBCURL_VERSION_MINOR 33
-#define LIBCURL_VERSION_PATCH 2
+#define LIBCURL_VERSION_PATCH 0
 /* This is the numeric version of the libcurl version number, meant for easier
   parsing and comparions by programs. The LIBCURL_VERSION_NUM define will
@@ -53,7 +53,7 @@
   and it is always a greater number in a more recent release. It makes
   comparisons with greater than and less than work.
 */
-#define LIBCURL_VERSION_NUM 0x071c02
+#define LIBCURL_VERSION_NUM 0x072100
 /*
 * This is the date and time when the full source package was created. The
--- a/include/curl/mprintf.h
+++ b/include/curl/mprintf.h
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -58,7 +58,7 @@ CURL_EXTERN char *curl_mvaprintf(const char *format, va_list args);
 # define printf curl_mprintf
 # define fprintf curl_mfprintf
 #ifdef CURLDEBUG
-/* When built with CURLDEBUG we define away the sprintf() functions since we
+/* When built with CURLDEBUG we define away the sprintf functions since we
   don't want internal code to be using them */
 # define sprintf sprintf_was_used
 # define vsprintf vsprintf_was_used
--- a/include/curl/multi.h
+++ b/include/curl/multi.h
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -64,6 +64,8 @@ typedef enum {
  CURLM_INTERNAL_ERROR,  /* this is a libcurl bug */
  CURLM_BAD_SOCKET,      /* the passed in socket argument did not match */
  CURLM_UNKNOWN_OPTION,  /* curl_multi_setopt() with unsupported option */
  CURLM_ADDED_ALREADY,   /* an easy handle already added to a multi handle was
                            attempted to get added - again */
  CURLM_LAST
 } CURLMcode;
@@ -338,6 +340,31 @@ typedef enum {
  /* maximum number of entries in the connection cache */
  CINIT(MAXCONNECTS, LONG, 6),
  /* maximum number of (pipelining) connections to one host */
  CINIT(MAX_HOST_CONNECTIONS, LONG, 7),
  /* maximum number of requests in a pipeline */
  CINIT(MAX_PIPELINE_LENGTH, LONG, 8),
  /* a connection with a content-length longer than this
     will not be considered for pipelining */
  CINIT(CONTENT_LENGTH_PENALTY_SIZE, OFF_T, 9),
  /* a connection with a chunk length longer than this
     will not be considered for pipelining */
  CINIT(CHUNK_LENGTH_PENALTY_SIZE, OFF_T, 10),
  /* a list of site names(+port) that are blacklisted from
     pipelining */
  CINIT(PIPELINING_SITE_BL, OBJECTPOINT, 11),
  /* a list of server types that are blacklisted from
     pipelining */
  CINIT(PIPELINING_SERVER_BL, OBJECTPOINT, 12),
  /* maximum number of open connections in total */
  CINIT(MAX_TOTAL_CONNECTIONS, LONG, 13),
  CURLMOPT_LASTENTRY /* the last unused */
 } CURLMoption;
--- a/include/curl/typecheck-gcc.h
+++ b/include/curl/typecheck-gcc.h
@@ -264,6 +264,11 @@ _CURL_WARNING(_curl_easy_getinfo_err_curl_slist,
   (option) == CURLOPT_RTSP_SESSION_ID ||                                     \
   (option) == CURLOPT_RTSP_STREAM_URI ||                                     \
   (option) == CURLOPT_RTSP_TRANSPORT ||                                      \
   (option) == CURLOPT_XOAUTH2_BEARER ||                                      \
   (option) == CURLOPT_DNS_SERVERS ||                                         \
   (option) == CURLOPT_DNS_INTERFACE ||                                       \
   (option) == CURLOPT_DNS_LOCAL_IP4 ||                                       \
   (option) == CURLOPT_DNS_LOCAL_IP6 ||                                       \
   0)
 /* evaluates to true if option takes a curl_write_callback argument */
--- a/675
+++ b/675
@@ -1,250 +1,527 @@
 #!/bin/sh
 #
 # install - install a program, script, or datafile
-# This comes from X11R5 (mit/util/scripts/install.sh).
+
 scriptversion=2011-01-19.21; # UTC
 # This originates from X11R5 (mit/util/scripts/install.sh), which was
 # later released in X11R6 (xc/config/util/install.sh) with the
 # following copyright and license.
 #
-# Copyright 1991 by the Massachusetts Institute of Technology
+# Copyright (C) 1994 X Consortium
 #
-# Permission to use, copy, modify, distribute, and sell this software and its
+# Permission is hereby granted, free of charge, to any person obtaining a copy
-# documentation for any purpose is hereby granted without fee, provided that
+# of this software and associated documentation files (the "Software"), to
-# the above copyright notice appear in all copies and that both that
+# deal in the Software without restriction, including without limitation the
-# copyright notice and this permission notice appear in supporting
+# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
-# documentation, and that the name of M.I.T. not be used in advertising or
+# sell copies of the Software, and to permit persons to whom the Software is
-# publicity pertaining to distribution of the software without specific,
+# furnished to do so, subject to the following conditions:
-# written prior permission.  M.I.T. makes no representations about the
+#
-# suitability of this software for any purpose.  It is provided "as is"
+# The above copyright notice and this permission notice shall be included in
-# without express or implied warranty.
+# all copies or substantial portions of the Software.
 #
 # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
 # X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
 # AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC-
 # TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 #
 # Except as contained in this notice, the name of the X Consortium shall not
 # be used in advertising or otherwise to promote the sale, use or other deal-
 # ings in this Software without prior written authorization from the X Consor-
 # tium.
 #
 #
 # FSF changes to this file are in the public domain.
 #
 # Calling this script install-sh is preferred over install.sh, to prevent
 # `make' implicit rules from creating a file called install from it
 # when there is no Makefile.
 #
 # This script is compatible with the BSD install script, but was written
-# from scratch.  It can only install one file at a time, a restriction
+# from scratch.
 # shared with many OS's install programs.
 nl='
 '
 IFS=" ""	$nl"
 # set DOITPROG to echo to test this script
 # Don't use :- since 4.3BSD and earlier shells don't like it.
-doit="${DOITPROG-}"
+doit=${DOITPROG-}
-
+if test -z "$doit"; then
-
+  doit_exec=exec
 # put in absolute paths if you don't have them in your path; or use env. vars.
 mvprog="${MVPROG-mv}"
 cpprog="${CPPROG-cp}"
 chmodprog="${CHMODPROG-chmod}"
 chownprog="${CHOWNPROG-chown}"
 chgrpprog="${CHGRPPROG-chgrp}"
 stripprog="${STRIPPROG-strip}"
 rmprog="${RMPROG-rm}"
 mkdirprog="${MKDIRPROG-mkdir}"
 transformbasename=""
 transform_arg=""
 instcmd="$mvprog"
 chmodcmd="$chmodprog 0755"
 chowncmd=""
 chgrpcmd=""
 stripcmd=""
 rmcmd="$rmprog -f"
 mvcmd="$mvprog"
 src=""
 dst=""
 dir_arg=""
 while [ x"$1" != x ]; do
    case $1 in
 	-c) instcmd="$cpprog"
 	    shift
 	    continue;;
 	-d) dir_arg=true
 	    shift
 	    continue;;
 	-m) chmodcmd="$chmodprog $2"
 	    shift
 	    shift
 	    continue;;
 	-o) chowncmd="$chownprog $2"
 	    shift
 	    shift
 	    continue;;
 	-g) chgrpcmd="$chgrpprog $2"
 	    shift
 	    shift
 	    continue;;
 	-s) stripcmd="$stripprog"
 	    shift
 	    continue;;
 	-t=*) transformarg=`echo $1 | sed 's/-t=//'`
 	    shift
 	    continue;;
 	-b=*) transformbasename=`echo $1 | sed 's/-b=//'`
 	    shift
 	    continue;;
 	*)  if [ x"$src" = x ]
 	    then
 		src=$1
 	    else
 		# this colon is to work around a 386BSD /bin/sh bug
 		:
 		dst=$1
 	    fi
 	    shift
 	    continue;;
    esac
 done
 if [ x"$src" = x ]
 then
 	echo "install:	no input file specified"
 	exit 1
 else
-	true
+  doit_exec=$doit
 fi
-if [ x"$dir_arg" != x ]; then
+# Put in absolute file names if you don't have them in your path;
-	dst=$src
+# or use environment vars.
 	src=""
 	if [ -d $dst ]; then
 		instcmd=:
 	else
 		instcmd=mkdir
 	fi
 else
-# Waiting for this to be detected by the "$instcmd $src $dsttmp" command
+chgrpprog=${CHGRPPROG-chgrp}
-# might cause directories to be created, which would be especially bad
+chmodprog=${CHMODPROG-chmod}
-# if $src (and thus $dsttmp) contains '*'.
+chownprog=${CHOWNPROG-chown}
 cmpprog=${CMPPROG-cmp}
 cpprog=${CPPROG-cp}
 mkdirprog=${MKDIRPROG-mkdir}
 mvprog=${MVPROG-mv}
 rmprog=${RMPROG-rm}
 stripprog=${STRIPPROG-strip}
-	if [ -f $src -o -d $src ]
+posix_glob='?'
-	then
+initialize_posix_glob='
-		true
+  test "$posix_glob" != "?" || {
-	else
+    if (set -f) 2>/dev/null; then
-		echo "install:  $src does not exist"
+      posix_glob=
-		exit 1
+    else
-	fi
+      posix_glob=:
-	
+    fi
-	if [ x"$dst" = x ]
+  }
 	then
 		echo "install:	no destination specified"
 		exit 1
 	else
 		true
 	fi
 # If destination is a directory, append the input filename; if your system
 # does not like double slashes in filenames, you may need to add some logic
 	if [ -d $dst ]
 	then
 		dst="$dst"/`basename $src`
 	else
 		true
 	fi
 fi
 ## this sed command emulates the dirname command
 dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'`
 # Make sure that the destination directory exists.
 #  this part is taken from Noah Friedman's mkinstalldirs script
 # Skip lots of stat calls in the usual case.
 if [ ! -d "$dstdir" ]; then
 defaultIFS='	
 '
 IFS="${IFS-${defaultIFS}}"
-oIFS="${IFS}"
+posix_mkdir=
 # Some sh's can't handle IFS=/ for some reason.
 IFS='%'
 set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'`
 IFS="${oIFS}"
-pathcomp=''
+# Desired mode of installed file.
 mode=0755
-while [ $# -ne 0 ] ; do
+chgrpcmd=
-	pathcomp="${pathcomp}${1}"
+chmodcmd=$chmodprog
-	shift
+chowncmd=
 mvcmd=$mvprog
 rmcmd="$rmprog -f"
 stripcmd=
-	if [ ! -d "${pathcomp}" ] ;
+src=
-        then
+dst=
-		$mkdirprog "${pathcomp}"
+dir_arg=
-	else
+dst_arg=
 		true
 	fi
-	pathcomp="${pathcomp}/"
+copy_on_change=false
 no_target_directory=
 usage="\
 Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE
   or: $0 [OPTION]... SRCFILES... DIRECTORY
   or: $0 [OPTION]... -t DIRECTORY SRCFILES...
   or: $0 [OPTION]... -d DIRECTORIES...
 In the 1st form, copy SRCFILE to DSTFILE.
 In the 2nd and 3rd, copy all SRCFILES to DIRECTORY.
 In the 4th, create DIRECTORIES.
 Options:
     --help     display this help and exit.
     --version  display version info and exit.
  -c            (ignored)
  -C            install only if different (preserve the last data modification time)
  -d            create directories instead of installing files.
  -g GROUP      $chgrpprog installed files to GROUP.
  -m MODE       $chmodprog installed files to MODE.
  -o USER       $chownprog installed files to USER.
  -s            $stripprog installed files.
  -t DIRECTORY  install into DIRECTORY.
  -T            report an error if DSTFILE is a directory.
 Environment variables override the default commands:
  CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG
  RMPROG STRIPPROG
 "
 while test $# -ne 0; do
  case $1 in
    -c) ;;
    -C) copy_on_change=true;;
    -d) dir_arg=true;;
    -g) chgrpcmd="$chgrpprog $2"
 	shift;;
    --help) echo "$usage"; exit $?;;
    -m) mode=$2
 	case $mode in
 	  *' '* | *'	'* | *'
 '*	  | *'*'* | *'?'* | *'['*)
 	    echo "$0: invalid mode: $mode" >&2
 	    exit 1;;
 	esac
 	shift;;
    -o) chowncmd="$chownprog $2"
 	shift;;
    -s) stripcmd=$stripprog;;
    -t) dst_arg=$2
 	# Protect names problematic for `test' and other utilities.
 	case $dst_arg in
 	  -* | [=\(\)!]) dst_arg=./$dst_arg;;
 	esac
 	shift;;
    -T) no_target_directory=true;;
    --version) echo "$0 $scriptversion"; exit $?;;
    --)	shift
 	break;;
    -*)	echo "$0: invalid option: $1" >&2
 	exit 1;;
    *)  break;;
  esac
  shift
 done
 if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then
  # When -d is used, all remaining arguments are directories to create.
  # When -t is used, the destination is already specified.
  # Otherwise, the last argument is the destination.  Remove it from $@.
  for arg
  do
    if test -n "$dst_arg"; then
      # $@ is not empty: it contains at least $arg.
      set fnord "$@" "$dst_arg"
      shift # fnord
    fi
    shift # arg
    dst_arg=$arg
    # Protect names problematic for `test' and other utilities.
    case $dst_arg in
      -* | [=\(\)!]) dst_arg=./$dst_arg;;
    esac
  done
 fi
-if [ x"$dir_arg" != x ]
+if test $# -eq 0; then
-then
+  if test -z "$dir_arg"; then
-	$doit $instcmd $dst &&
+    echo "$0: no input file specified." >&2
    exit 1
  fi
  # It's OK to call `install-sh -d' without argument.
  # This can happen when creating conditional directories.
  exit 0
 fi
-	if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi &&
+if test -z "$dir_arg"; then
-	if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi &&
+  do_exit='(exit $ret); exit $ret'
-	if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi &&
+  trap "ret=129; $do_exit" 1
-	if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi
+  trap "ret=130; $do_exit" 2
-else
+  trap "ret=141; $do_exit" 13
  trap "ret=143; $do_exit" 15
-# If we're going to rename the final executable, determine the name now.
+  # Set umask so as not to create temps with too-generous modes.
  # However, 'strip' requires both read and write access to temps.
  case $mode in
    # Optimize common cases.
    *644) cp_umask=133;;
    *755) cp_umask=22;;
-	if [ x"$transformarg" = x ]
+    *[0-7])
-	then
+      if test -z "$stripcmd"; then
-		dstfile=`basename $dst`
+	u_plus_rw=
      else
 	u_plus_rw='% 200'
      fi
      cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;;
    *)
      if test -z "$stripcmd"; then
 	u_plus_rw=
      else
 	u_plus_rw=,u+rw
      fi
      cp_umask=$mode$u_plus_rw;;
  esac
 fi
 for src
 do
  # Protect names problematic for `test' and other utilities.
  case $src in
    -* | [=\(\)!]) src=./$src;;
  esac
  if test -n "$dir_arg"; then
    dst=$src
    dstdir=$dst
    test -d "$dstdir"
    dstdir_status=$?
  else
    # Waiting for this to be detected by the "$cpprog $src $dsttmp" command
    # might cause directories to be created, which would be especially bad
    # if $src (and thus $dsttmp) contains '*'.
    if test ! -f "$src" && test ! -d "$src"; then
      echo "$0: $src does not exist." >&2
      exit 1
    fi
    if test -z "$dst_arg"; then
      echo "$0: no destination specified." >&2
      exit 1
    fi
    dst=$dst_arg
    # If destination is a directory, append the input filename; won't work
    # if double slashes aren't ignored.
    if test -d "$dst"; then
      if test -n "$no_target_directory"; then
 	echo "$0: $dst_arg: Is a directory" >&2
 	exit 1
      fi
      dstdir=$dst
      dst=$dstdir/`basename "$src"`
      dstdir_status=0
    else
      # Prefer dirname, but fall back on a substitute if dirname fails.
      dstdir=`
 	(dirname "$dst") 2>/dev/null ||
 	expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
 	     X"$dst" : 'X\(//\)[^/]' \| \
 	     X"$dst" : 'X\(//\)$' \| \
 	     X"$dst" : 'X\(/\)' \| . 2>/dev/null ||
 	echo X"$dst" |
 	    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
 		   s//\1/
 		   q
 		 }
 		 /^X\(\/\/\)[^/].*/{
 		   s//\1/
 		   q
 		 }
 		 /^X\(\/\/\)$/{
 		   s//\1/
 		   q
 		 }
 		 /^X\(\/\).*/{
 		   s//\1/
 		   q
 		 }
 		 s/.*/./; q'
      `
      test -d "$dstdir"
      dstdir_status=$?
    fi
  fi
  obsolete_mkdir_used=false
  if test $dstdir_status != 0; then
    case $posix_mkdir in
      '')
 	# Create intermediate dirs using mode 755 as modified by the umask.
 	# This is like FreeBSD 'install' as of 1997-10-28.
 	umask=`umask`
 	case $stripcmd.$umask in
 	  # Optimize common cases.
 	  *[2367][2367]) mkdir_umask=$umask;;
 	  .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;;
 	  *[0-7])
 	    mkdir_umask=`expr $umask + 22 \
 	      - $umask % 100 % 40 + $umask % 20 \
 	      - $umask % 10 % 4 + $umask % 2
 	    `;;
 	  *) mkdir_umask=$umask,go-w;;
 	esac
 	# With -d, create the new directory with the user-specified mode.
 	# Otherwise, rely on $mkdir_umask.
 	if test -n "$dir_arg"; then
 	  mkdir_mode=-m$mode
 	else
-		dstfile=`basename $dst $transformbasename |
+	  mkdir_mode=
 			sed $transformarg`$transformbasename
 	fi
-# don't allow the sed command to completely eliminate the filename
+	posix_mkdir=false
 	case $umask in
 	  *[123567][0-7][0-7])
 	    # POSIX mkdir -p sets u+wx bits regardless of umask, which
 	    # is incompatible with FreeBSD 'install' when (umask & 300) != 0.
 	    ;;
 	  *)
 	    tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
 	    trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0
-	if [ x"$dstfile" = x ]
+	    if (umask $mkdir_umask &&
-	then
+		exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1
-		dstfile=`basename $dst`
+	    then
 	      if test -z "$dir_arg" || {
 		   # Check for POSIX incompatibilities with -m.
 		   # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
 		   # other-writeable bit of parent directory when it shouldn't.
 		   # FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
 		   ls_ld_tmpdir=`ls -ld "$tmpdir"`
 		   case $ls_ld_tmpdir in
 		     d????-?r-*) different_mode=700;;
 		     d????-?--*) different_mode=755;;
 		     *) false;;
 		   esac &&
 		   $mkdirprog -m$different_mode -p -- "$tmpdir" && {
 		     ls_ld_tmpdir_1=`ls -ld "$tmpdir"`
 		     test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
 		   }
 		 }
 	      then posix_mkdir=:
 	      fi
 	      rmdir "$tmpdir/d" "$tmpdir"
 	    else
 	      # Remove any dirs left behind by ancient mkdir implementations.
 	      rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null
 	    fi
 	    trap '' 0;;
 	esac;;
    esac
    if
      $posix_mkdir && (
 	umask $mkdir_umask &&
 	$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir"
      )
    then :
    else
      # The umask is ridiculous, or mkdir does not conform to POSIX,
      # or it failed possibly due to a race condition.  Create the
      # directory the slow way, step by step, checking for races as we go.
      case $dstdir in
 	/*) prefix='/';;
 	[-=\(\)!]*) prefix='./';;
 	*)  prefix='';;
      esac
      eval "$initialize_posix_glob"
      oIFS=$IFS
      IFS=/
      $posix_glob set -f
      set fnord $dstdir
      shift
      $posix_glob set +f
      IFS=$oIFS
      prefixes=
      for d
      do
 	test X"$d" = X && continue
 	prefix=$prefix$d
 	if test -d "$prefix"; then
 	  prefixes=
 	else
-		true
+	  if $posix_mkdir; then
 	    (umask=$mkdir_umask &&
 	     $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
 	    # Don't fail if two instances are running concurrently.
 	    test -d "$prefix" || exit 1
 	  else
 	    case $prefix in
 	      *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;;
 	      *) qprefix=$prefix;;
 	    esac
 	    prefixes="$prefixes '$qprefix'"
 	  fi
 	fi
 	prefix=$prefix/
      done
-# Make a temp file name in the proper directory.
+      if test -n "$prefixes"; then
 	# Don't fail if two instances are running concurrently.
 	(umask $mkdir_umask &&
 	 eval "\$doit_exec \$mkdirprog $prefixes") ||
 	  test -d "$dstdir" || exit 1
 	obsolete_mkdir_used=true
      fi
    fi
  fi
-	dsttmp=$dstdir/#inst.$$#
+  if test -n "$dir_arg"; then
    { test -z "$chowncmd" || $doit $chowncmd "$dst"; } &&
    { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } &&
    { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false ||
      test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1
  else
-# Move or copy the file name to the temp name
+    # Make a couple of temp file names in the proper directory.
    dsttmp=$dstdir/_inst.$$_
    rmtmp=$dstdir/_rm.$$_
-	$doit $instcmd $src $dsttmp &&
+    # Trap to clean up those temp files at exit.
    trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0
-	trap "rm -f ${dsttmp}" 0 &&
+    # Copy the file name to the temp name.
    (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") &&
-# and set any options; do chmod last to preserve setuid bits
+    # and set any options; do chmod last to preserve setuid bits.
    #
    # If any of these fail, we abort the whole thing.  If we want to
    # ignore errors from any of these, just make sure not to ignore
    # errors from the above "$doit $cpprog $src $dsttmp" command.
    #
    { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } &&
    { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } &&
    { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } &&
    { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } &&
-# If any of these fail, we abort the whole thing.  If we want to
+    # If -C, don't bother to copy if it wouldn't change the file.
-# ignore errors from any of these, just make sure not to ignore
+    if $copy_on_change &&
-# errors from the above "$doit $instcmd $src $dsttmp" command.
+       old=`LC_ALL=C ls -dlL "$dst"	2>/dev/null` &&
       new=`LC_ALL=C ls -dlL "$dsttmp"	2>/dev/null` &&
-	if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi &&
+       eval "$initialize_posix_glob" &&
-	if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi &&
+       $posix_glob set -f &&
-	if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi &&
+       set X $old && old=:$2:$4:$5:$6 &&
-	if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi &&
+       set X $new && new=:$2:$4:$5:$6 &&
       $posix_glob set +f &&
-# Now rename the file to the real destination.
+       test "$old" = "$new" &&
       $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1
    then
      rm -f "$dsttmp"
    else
      # Rename the file to the real destination.
      $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null ||
-	$doit $rmcmd -f $dstdir/$dstfile &&
+      # The rename failed, perhaps because mv can't rename something else
-	$doit $mvcmd $dsttmp $dstdir/$dstfile
+      # to itself, or perhaps because mv is so ancient that it does not
      # support -f.
      {
 	# Now remove or move aside any old file at destination location.
 	# We try this two ways since rm can't unlink itself on some
 	# systems and the destination file might be busy for other
 	# reasons.  In this case, the final cleanup might fail but the new
 	# file should still install successfully.
 	{
 	  test ! -f "$dst" ||
 	  $doit $rmcmd -f "$dst" 2>/dev/null ||
 	  { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null &&
 	    { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }
 	  } ||
 	  { echo "$0: cannot unlink or rename $dst" >&2
 	    (exit 1); exit 1
 	  }
 	} &&
-fi &&
+	# Now rename the file to the real destination.
 	$doit $mvcmd "$dsttmp" "$dst"
      }
    fi || exit 1
    trap '' 0
  fi
 done
-exit 0
+# Local variables:
 # eval: (add-hook 'write-file-hooks 'time-stamp)
 # time-stamp-start: "scriptversion="
 # time-stamp-format: "%:y-%02m-%02d.%02H"
 # time-stamp-time-zone: "UTC"
 # time-stamp-end: "; # UTC"
 # End:
--- a/lib/.gitignore
+++ b/lib/.gitignore
@@ -7,8 +7,6 @@ TAGS
 Makefile.vc8.dist
 Makefile.vc9.dist
 libcurl.plist.dist
 libcurl.vcproj
 vc6libcurl.dsp
 Makefile.vc10.dist
 libcurl.vers
 *.a
--- a/lib/CMakeLists.txt
+++ b/lib/CMakeLists.txt
@@ -94,6 +94,10 @@ add_library(
  ${HHEADERS} ${CSOURCES}
  )
 if(MSVC AND CURL_STATICLIB)
  set_target_properties(${LIB_NAME} PROPERTIES STATIC_LIBRARY_FLAGS ${CMAKE_EXE_LINKER_FLAGS})
 endif()
 target_link_libraries(${LIB_NAME} ${CURL_LIBS})
 if(WIN32)
@@ -108,14 +112,6 @@ setup_curl_dependencies(${LIB_NAME})
 set_target_properties(${LIB_NAME} PROPERTIES PREFIX "")
 set_target_properties(${LIB_NAME} PROPERTIES IMPORT_PREFIX "")
 if(MSVC)
  if(NOT BUILD_RELEASE_DEBUG_DIRS)
    # Ugly workaround to remove the "/debug" or "/release" in each output
    set_target_properties(${LIB_NAME} PROPERTIES PREFIX "../")
    set_target_properties(${LIB_NAME} PROPERTIES IMPORT_PREFIX "../")
  endif()
 endif()
 if(WIN32)
  if(NOT CURL_STATICLIB)
    # Add "_imp" as a suffix before the extension to avoid conflicting with the statically linked "libcurl.lib"
--- a/lib/Makefile.Watcom
+++ b/lib/Makefile.Watcom
@@ -83,7 +83,7 @@ CFLAGS += -dWANT_IDN_PROTOTYPES
 !ifdef %zlib_root
 ZLIB_ROOT = $(%zlib_root)
 !else
-ZLIB_ROOT = ..$(DS)..$(DS)zlib-1.2.7
+ZLIB_ROOT = ..$(DS)..$(DS)zlib-1.2.8
 !endif
 !ifdef %libssh2_root
@@ -101,7 +101,7 @@ LIBRTMP_ROOT = ..$(DS)..$(DS)rtmpdump-2.3
 !ifdef %openssl_root
 OPENSSL_ROOT = $(%openssl_root)
 !else
-OPENSSL_ROOT = ..$(DS)..$(DS)openssl-0.9.8x
+OPENSSL_ROOT = ..$(DS)..$(DS)openssl-0.9.8y
 !endif
 !ifdef %ares_root
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -21,35 +21,32 @@
 ###########################################################################
 AUTOMAKE_OPTIONS = foreign nostdinc
 DSP = vc6libcurl.dsp
 VCPROJ = libcurl.vcproj
 DOCS = README.encoding README.memoryleak README.ares README.curlx	\
 README.hostip README.multi_socket README.httpauth README.pipelining    \
 README.curl_off_t README.pingpong
 CMAKE_DIST = CMakeLists.txt curl_config.h.cmake
-EXTRA_DIST = Makefile.b32 Makefile.m32 Makefile.vc6 $(DSP)		\
+EXTRA_DIST = Makefile.b32 Makefile.m32 Makefile.vc6 config-win32.h	\
- vc6libcurl.dsw config-win32.h config-win32ce.h config-riscos.h		\
+ config-win32ce.h config-riscos.h config-mac.h curl_config.h.in		\
- config-mac.h curl_config.h.in makefile.dj config-dos.h libcurl.plist	\
+ makefile.dj config-dos.h libcurl.plist libcurl.rc config-amigaos.h	\
- libcurl.rc config-amigaos.h makefile.amiga Makefile.netware nwlib.c	\
+ makefile.amiga Makefile.netware nwlib.c nwos.c config-win32ce.h	\
- nwos.c msvcproj.head msvcproj.foot config-win32ce.h config-os400.h	\
+ config-os400.h setup-os400.h config-symbian.h Makefile.Watcom		\
- setup-os400.h config-symbian.h Makefile.Watcom config-tpf.h $(DOCS)	\
+ config-tpf.h $(DOCS) mk-ca-bundle.pl mk-ca-bundle.vbs $(CMAKE_DIST)	\
- $(VCPROJ) mk-ca-bundle.pl mk-ca-bundle.vbs firefox-db2pem.sh		\
+ firefox-db2pem.sh config-vxworks.h Makefile.vxworks checksrc.pl	\
 $(CMAKE_DIST) config-vxworks.h Makefile.vxworks checksrc.pl		\
 objnames-test08.sh objnames-test10.sh objnames.inc
 CLEANFILES = $(DSP) $(VCPROJ)
 lib_LTLIBRARIES = libcurl.la
-LIBCURL_LIBS = @LIBCURL_LIBS@
+
 if BUILD_UNITTESTS
 noinst_LTLIBRARIES = libcurlu.la
 else
 noinst_LTLIBRARIES =
 endif
 # This might hold -Werror
 CFLAGS += @CURL_CFLAG_EXTRAS@
 CFLAG_CURL_SYMBOL_HIDING = @CFLAG_CURL_SYMBOL_HIDING@
 # Specify our include paths here, and do it relative to $(top_srcdir) and
 # $(top_builddir), to ensure that these paths which belong to the library
 # being currently built and tested are searched before the library which
@@ -79,15 +76,8 @@ AM_CPPFLAGS = -I$(top_builddir)/include/curl \
              -I$(top_srcdir)/lib
 endif
-# Mostly for Windows build targets, when building libcurl library
+# Prevent LIBS from being used for all link targets
-if USE_CPPFLAG_BUILDING_LIBCURL
+LIBS = $(BLANK_AT_MAKETIME)
 AM_CPPFLAGS += -DBUILDING_LIBCURL
 endif
 # Mostly for Windows build targets, when building static libcurl
 if USE_CPPFLAG_CURL_STATICLIB
 AM_CPPFLAGS += -DCURL_STATICLIB
 endif
 if SONAME_BUMP
 #
@@ -117,43 +107,45 @@ endif
 #
 # For the full guide on libcurl ABI rules, see docs/libcurl/ABI
-if NO_UNDEFINED
+AM_CPPFLAGS += -DBUILDING_LIBCURL
-# The -no-undefined flag is crucial to build fine on some platforms
+AM_LDFLAGS =
-UNDEF = -no-undefined
+AM_CFLAGS =
 libcurl_la_CPPFLAGS_EXTRA =
 libcurl_la_LDFLAGS_EXTRA =
 libcurl_la_CFLAGS_EXTRA =
 if CURL_LT_SHLIB_USE_VERSION_INFO
 libcurl_la_LDFLAGS_EXTRA += $(VERSIONINFO)
 endif
-if MIMPURE
+if CURL_LT_SHLIB_USE_NO_UNDEFINED
-# This is for gcc on Solaris (8+ ?) to avoid "relocations remain against
+libcurl_la_LDFLAGS_EXTRA += -no-undefined
 # allocatable but non-writable sections" problems.
 MIMPURE = -mimpure-text
 endif
-if VERSIONED_SYMBOLS
+if CURL_LT_SHLIB_USE_MIMPURE_TEXT
-VERSIONED_SYMBOLS = -Wl,--version-script=libcurl.vers
+libcurl_la_LDFLAGS_EXTRA += -mimpure-text
 endif
-# Prevent LIBS from being used for all link targets
+if CURL_LT_SHLIB_USE_VERSIONED_SYMBOLS
-LIBS = $(BLANK_AT_MAKETIME)
+libcurl_la_LDFLAGS_EXTRA += -Wl,--version-script=libcurl.vers
 endif
-libcurl_la_LDFLAGS = $(UNDEF) $(VERSIONINFO) $(MIMPURE) $(VERSIONED_SYMBOLS) $(LIBCURL_LIBS)
+if USE_CPPFLAG_CURL_STATICLIB
 libcurl_la_CPPFLAGS_EXTRA += -DCURL_STATICLIB
 endif
 if DOING_CURL_SYMBOL_HIDING
-libcurl_la_CPPFLAGS = $(AM_CPPFLAGS) -DCURL_HIDDEN_SYMBOLS
+libcurl_la_CPPFLAGS_EXTRA += -DCURL_HIDDEN_SYMBOLS
-libcurl_la_CFLAGS = $(AM_CFLAGS) $(CFLAG_CURL_SYMBOL_HIDING)
+libcurl_la_CFLAGS_EXTRA += $(CFLAG_CURL_SYMBOL_HIDING)
 else
 libcurl_la_CPPFLAGS = $(AM_CPPFLAGS)
 libcurl_la_CFLAGS = $(AM_CFLAGS)
 endif
-# unit testing static library built only along with unit tests
+libcurl_la_CPPFLAGS = $(AM_CPPFLAGS) $(libcurl_la_CPPFLAGS_EXTRA)
-if BUILD_UNITTESTS
+libcurl_la_LDFLAGS = $(AM_LDFLAGS) $(libcurl_la_LDFLAGS_EXTRA) $(LDFLAGS) $(LIBCURL_LIBS)
-noinst_LTLIBRARIES = libcurlu.la
+libcurl_la_CFLAGS = $(AM_CFLAGS) $(libcurl_la_CFLAGS_EXTRA)
 else
 noinst_LTLIBRARIES =
 endif
-libcurlu_la_CPPFLAGS = $(AM_CPPFLAGS) -DUNITTESTS
+libcurlu_la_CPPFLAGS = $(AM_CPPFLAGS) -DCURL_STATICLIB -DUNITTESTS
-libcurlu_la_LDFLAGS = -static $(LIBCURL_LIBS)
+libcurlu_la_LDFLAGS = $(AM_LDFLAGS) -static $(LIBCURL_LIBS)
 libcurlu_la_CFLAGS = $(AM_CFLAGS)
 # Makefile.inc provides the CSOURCES and HHEADERS defines
@@ -162,58 +154,6 @@ include Makefile.inc
 libcurl_la_SOURCES = $(CSOURCES) $(HHEADERS)
 libcurlu_la_SOURCES = $(CSOURCES) $(HHEADERS)
 WIN32SOURCES = $(CSOURCES)
 WIN32HEADERS = $(HHEADERS) config-win32.h
 DSPOUT = | awk '{printf("%s\r\n", $$0)}' >> $(DSP)
 VCPROJOUT = | awk '{printf("%s\r\n", $$0)}' >> $(VCPROJ)
 $(DSP): msvcproj.head msvcproj.foot Makefile.am
 	echo "creating $(DSP)"
 	@(cp $(srcdir)/msvcproj.head $(DSP); \
 	echo "# Begin Group \"Source Files\"" $(DSPOUT); \
        echo "" $(DSPOUT); \
        echo "# PROP Default_Filter \"\"" $(DSPOUT); \
        win32_srcs='$(WIN32SOURCES)'; \
        sorted_srcs=`for file in $$win32_srcs; do echo $$file; done | sort`; \
        for file in $$sorted_srcs; do \
 	echo "# Begin Source File" $(DSPOUT); \
 	echo "" $(DSPOUT); \
 	echo "SOURCE=.\\"$$file $(DSPOUT); \
 	echo "# End Source File" $(DSPOUT); \
 	done; \
 	echo "# End Group" $(DSPOUT); \
 	echo "# Begin Group \"Header Files\"" $(DSPOUT); \
        echo "" $(DSPOUT); \
        echo "# PROP Default_Filter \"\"" $(DSPOUT); \
        win32_hdrs='$(WIN32HEADERS)'; \
        sorted_hdrs=`for file in $$win32_hdrs; do echo $$file; done | sort`; \
        for file in $$sorted_hdrs; do \
 	echo "# Begin Source File" $(DSPOUT); \
 	echo "" $(DSPOUT); \
 	echo "SOURCE=.\\"$$file $(DSPOUT); \
 	echo "# End Source File" $(DSPOUT); \
 	done; \
 	echo "# End Group" $(DSPOUT); \
 	cat $(srcdir)/msvcproj.foot $(DSPOUT) )
 $(VCPROJ): vc8proj.head vc8proj.foot Makefile.am
 	echo "creating $(VCPROJ)"
 	@(cp $(srcdir)/vc8proj.head $(VCPROJ); \
        win32_srcs='$(WIN32SOURCES)'; \
        sorted_srcs=`for file in $$win32_srcs; do echo $$file; done | sort`; \
        for file in $$sorted_srcs; do \
 	echo "<File RelativePath=\""$$file"\"></File>" $(VCPROJOUT); \
 	done; \
 	echo "</Filter><Filter	Name=\"Header Files\">" $(VCPROJOUT); \
        win32_hdrs='$(WIN32HEADERS)'; \
        sorted_hdrs=`for file in $$win32_hdrs; do echo $$file; done | sort`; \
        for file in $$sorted_hdrs; do \
 	echo "<File RelativePath=\""$$file"\"></File>" $(VCPROJOUT); \
 	done; \
 	cat $(srcdir)/vc8proj.foot $(VCPROJOUT) )
 checksrc:
 	@@PERL@ $(top_srcdir)/lib/checksrc.pl -D$(top_srcdir)/lib $(CSOURCES) $(HHEADERS)
--- a/lib/Makefile.b32
+++ b/lib/Makefile.b32
@@ -22,12 +22,12 @@ BCCDIR = $(MAKEDIR)\..
 # Edit the path below to point to the base of your Zlib sources.
 !ifndef ZLIB_PATH
-ZLIB_PATH = ..\..\zlib-1.2.7
+ZLIB_PATH = ..\..\zlib-1.2.8
 !endif
 # Edit the path below to point to the base of your OpenSSL package.
 !ifndef OPENSSL_PATH
-OPENSSL_PATH = ..\..\openssl-0.9.8x
+OPENSSL_PATH = ..\..\openssl-0.9.8y
 !endif
 # Set libcurl static lib, dll and import lib
@@ -52,7 +52,7 @@ LDFLAGS  = -q -lq -laa -tWD
 SRCDIR   = .
 OBJDIR   = .\BCC_objs
 INCDIRS  = -I.;..\include
-LINKLIB  = $(BCCDIR)\lib\cw32mt.lib
+LINKLIB  = $(BCCDIR)\lib\cw32mt.lib $(BCCDIR)\lib\ws2_32.lib
 DEFINES  = -DNDEBUG -DWIN32 -DBUILDING_LIBCURL
 # By default SSPI support is enabled for BCC
@@ -88,8 +88,24 @@ LINKLIB  = $(LINKLIB) $(OPENSSL_PATH)\out32\ssleay32.lib $(OPENSSL_PATH)\out32\l
 # Makefile.inc provides the CSOURCES and HHEADERS defines
 !include Makefile.inc
-OBJECTS = $(CSOURCES:.c=.obj)
+# Borland's command line librarian program TLIB version 4.5 is not capable
-PREPROCESSED = $(CSOURCES:.c=.int)
+# of building a library when any of its objects contains an hypen in its
 # name, due to a command line parsing bug. In order to workaround this, we
 # build source files with hyphens in their name as objects with underscores
 # using explicit compilation build rules instead of implicit ones.
 NOHYPHEN = $(CSOURCES:-=_)
 OBJECTS = $(NOHYPHEN:.c=.obj)
 PREPROCESSED = $(NOHYPHEN:.c=.int)
 # Borland's command line compiler (BCC32) version 5.5.1 integrated
 # preprocessor has a bug which results in silently generating wrong
 # definitions for libcurl macros such as CURL_OFF_T_C, on the other
 # hand Borland's command line preprocessor (CPP32) version 5.5.1 does
 # not have the bug and achieves proper results. In order to avoid the
 # silent bug we first preprocess source files and later compile the
 # preprocessed result.
 .c.obj:
 	@-$(RM) $(@R).int
@@ -98,6 +114,21 @@ PREPROCESSED = $(CSOURCES:.c=.int)
 all:	$(OBJDIR) $(LIBCURL_LIB) $(LIBCURL_DLL)
 asyn_ares.obj: asyn-ares.c
 	@-$(RM) $(@R).int
 	$(PP_CMD) $(CC_FLAGS) $(INCDIRS) $(DEFINES) -o$(@R).int $(?)
 	$(CC_CMD) $(CC_FLAGS) -o$(@) $(@R).int
 asyn_thread.obj: asyn-thread.c
 	@-$(RM) $(@R).int
 	$(PP_CMD) $(CC_FLAGS) $(INCDIRS) $(DEFINES) -o$(@R).int $(?)
 	$(CC_CMD) $(CC_FLAGS) -o$(@) $(@R).int
 non_ascii.obj: non-ascii.c
 	@-$(RM) $(@R).int
 	$(PP_CMD) $(CC_FLAGS) $(INCDIRS) $(DEFINES) -o$(@R).int $(?)
 	$(CC_CMD) $(CC_FLAGS) -o$(@) $(@R).int
 clean:
 	cd $(OBJDIR)
 	@-$(RM) $(OBJECTS)
@@ -122,7 +153,10 @@ $(LIBCURL_LIB): $(OBJECTS)
 $(LIBCURL_DLL) $(LIBCURL_IMPLIB): $(OBJECTS) $(LINKLIB)
 	@-$(RM) $(LIBCURL_DLL)
 	@-$(RM) $(LIBCURL_IMPLIB)
-	$(LD) $(LDFLAGS) -e$(LIBCURL_DLL) $**
+	$(LD) $(LDFLAGS) -e$(LIBCURL_DLL) @&&!
 $(**: = ^
 )
 !
 	$(IMPLIB) $(LIBCURL_IMPLIB) $(LIBCURL_DLL)
--- a/lib/Makefile.inc
+++ b/lib/Makefile.inc
@@ -10,38 +10,40 @@
 CSOURCES = file.c timeval.c base64.c hostip.c progress.c formdata.c	\
  cookie.c http.c sendf.c ftp.c url.c dict.c if2ip.c speedcheck.c	\
  ldap.c ssluse.c version.c getenv.c escape.c mprintf.c telnet.c	\
-  netrc.c getinfo.c transfer.c strequal.c easy.c security.c krb4.c	\
+  netrc.c getinfo.c transfer.c strequal.c easy.c security.c      	\
  curl_fnmatch.c fileinfo.c ftplistparser.c wildcard.c krb5.c		\
  memdebug.c http_chunks.c strtok.c connect.c llist.c hash.c multi.c	\
-  content_encoding.c share.c http_digest.c md4.c md5.c curl_rand.c	\
+  content_encoding.c share.c http_digest.c md4.c md5.c	\
  http_negotiate.c inet_pton.c strtoofft.c strerror.c amigaos.c		\
  hostasyn.c hostip4.c hostip6.c hostsyn.c inet_ntop.c parsedate.c	\
  select.c gtls.c sslgen.c tftp.c splay.c strdup.c socks.c ssh.c nss.c	\
  qssl.c rawstr.c curl_addrinfo.c socks_gssapi.c socks_sspi.c		\
  curl_sspi.c slist.c nonblock.c curl_memrchr.c imap.c pop3.c smtp.c	\
  pingpong.c rtsp.c curl_threads.c warnless.c hmac.c polarssl.c		\
-  curl_rtmp.c openldap.c curl_gethostname.c gopher.c axtls.c		\
+  polarssl_threadlock.c curl_rtmp.c openldap.c curl_gethostname.c	\
-  idn_win32.c http_negotiate_sspi.c cyassl.c http_proxy.c non-ascii.c	\
+  gopher.c axtls.c idn_win32.c http_negotiate_sspi.c cyassl.c		\
-  asyn-ares.c asyn-thread.c curl_gssapi.c curl_ntlm.c curl_ntlm_wb.c	\
+  http_proxy.c non-ascii.c asyn-ares.c asyn-thread.c curl_gssapi.c	\
-  curl_ntlm_core.c curl_ntlm_msgs.c curl_sasl.c curl_schannel.c	        \
+  curl_ntlm.c curl_ntlm_wb.c curl_ntlm_core.c curl_ntlm_msgs.c		\
-  curl_multibyte.c curl_darwinssl.c hostcheck.c                         \
+  curl_sasl.c curl_schannel.c curl_multibyte.c curl_darwinssl.c		\
-  bundles.c conncache.c
+  hostcheck.c bundles.c conncache.c pipeline.c dotdot.c x509asn1.c      \
  gskit.c http2.c
 HHEADERS = arpa_telnet.h netrc.h file.h timeval.h qssl.h hostip.h	\
  progress.h formdata.h cookie.h http.h sendf.h ftp.h url.h dict.h	\
  if2ip.h speedcheck.h urldata.h curl_ldap.h ssluse.h escape.h telnet.h	\
-  getinfo.h strequal.h krb4.h memdebug.h http_chunks.h curl_rand.h	\
+  getinfo.h strequal.h curl_sec.h memdebug.h http_chunks.h		\
  curl_fnmatch.h wildcard.h fileinfo.h ftplistparser.h strtok.h		\
  connect.h llist.h hash.h content_encoding.h share.h curl_md4.h	\
  curl_md5.h http_digest.h http_negotiate.h inet_pton.h amigaos.h	\
  strtoofft.h strerror.h inet_ntop.h curlx.h curl_memory.h curl_setup.h	\
  transfer.h select.h easyif.h multiif.h parsedate.h sslgen.h gtls.h	\
-  tftp.h sockaddr.h splay.h strdup.h socks.h ssh.h nssg.h		\
+  tftp.h sockaddr.h splay.h strdup.h socks.h ssh.h nssg.h curl_base64.h	\
-  curl_base64.h rawstr.h curl_addrinfo.h curl_sspi.h slist.h nonblock.h	\
+  rawstr.h curl_addrinfo.h curl_sspi.h slist.h nonblock.h		\
  curl_memrchr.h imap.h pop3.h smtp.h pingpong.h rtsp.h curl_threads.h	\
-  warnless.h curl_hmac.h polarssl.h curl_rtmp.h curl_gethostname.h	\
+  warnless.h curl_hmac.h polarssl.h polarssl_threadlock.h curl_rtmp.h	\
-  gopher.h axtls.h cyassl.h http_proxy.h non-ascii.h asyn.h curl_ntlm.h	\
+  curl_gethostname.h gopher.h axtls.h cyassl.h http_proxy.h non-ascii.h	\
-  curl_gssapi.h curl_ntlm_wb.h curl_ntlm_core.h curl_ntlm_msgs.h	\
+  asyn.h curl_ntlm.h curl_gssapi.h curl_ntlm_wb.h curl_ntlm_core.h	\
-  curl_sasl.h curl_schannel.h curl_multibyte.h curl_darwinssl.h	        \
+  curl_ntlm_msgs.h curl_sasl.h curl_schannel.h curl_multibyte.h		\
-  hostcheck.h bundles.h conncache.h curl_setup_once.h multihandle.h     \
+  curl_darwinssl.h hostcheck.h bundles.h conncache.h curl_setup_once.h	\
-  setup-vms.h
+  multihandle.h setup-vms.h pipeline.h dotdot.h x509asn1.h gskit.h	\
  http2.h
--- a/lib/Makefile.m32
+++ b/lib/Makefile.m32
@@ -7,18 +7,18 @@
 ## Example: mingw32-make -f Makefile.m32 CFG=-zlib-ssl-sspi-winidn
 ##
 ## Hint: you can also set environment vars to control the build, f.e.:
-## set ZLIB_PATH=c:/zlib-1.2.7
+## set ZLIB_PATH=c:/zlib-1.2.8
 ## set ZLIB=1
 #
 ###########################################################################
 # Edit the path below to point to the base of your Zlib sources.
 ifndef ZLIB_PATH
-ZLIB_PATH = ../../zlib-1.2.7
+ZLIB_PATH = ../../zlib-1.2.8
 endif
 # Edit the path below to point to the base of your OpenSSL package.
 ifndef OPENSSL_PATH
-OPENSSL_PATH = ../../openssl-0.9.8x
+OPENSSL_PATH = ../../openssl-0.9.8y
 endif
 # Edit the path below to point to the base of your LibSSH2 package.
 ifndef LIBSSH2_PATH
@@ -106,6 +106,9 @@ endif
 ifeq ($(findstring -ares,$(CFG)),-ares)
 ARES = 1
 endif
 ifeq ($(findstring -sync,$(CFG)),-sync)
 SYNC = 1
 endif
 ifeq ($(findstring -rtmp,$(CFG)),-rtmp)
 RTMP = 1
 SSL = 1
@@ -151,11 +154,15 @@ endif
 INCLUDES = -I. -I../include
 CFLAGS += -DBUILDING_LIBCURL
-ifdef ARES
+ifdef SYNC
-  INCLUDES += -I"$(LIBCARES_PATH)"
+  CFLAGS += -DUSE_SYNC_DNS
-  CFLAGS += -DUSE_ARES
+else
-  DLL_LIBS += -L"$(LIBCARES_PATH)" -lcares
+  ifdef ARES
-  libcurl_dll_DEPENDENCIES = $(LIBCARES_PATH)/libcares.a
+    INCLUDES += -I"$(LIBCARES_PATH)"
    CFLAGS += -DUSE_ARES -DCARES_STATICLIB
    DLL_LIBS += -L"$(LIBCARES_PATH)" -lcares
    libcurl_dll_DEPENDENCIES = $(LIBCARES_PATH)/libcares.a
  endif
 endif
 ifdef RTMP
  INCLUDES += -I"$(LIBRTMP_PATH)"
--- a/lib/Makefile.netware
+++ b/lib/Makefile.netware
@@ -14,12 +14,12 @@ endif
 # Edit the path below to point to the base of your Zlib sources.
 ifndef ZLIB_PATH
-ZLIB_PATH = ../../zlib-1.2.7
+ZLIB_PATH = ../../zlib-1.2.8
 endif
 # Edit the path below to point to the base of your OpenSSL package.
 ifndef OPENSSL_PATH
-OPENSSL_PATH = ../../openssl-0.9.8x
+OPENSSL_PATH = ../../openssl-0.9.8y
 endif
 # Edit the path below to point to the base of your LibSSH2 package.
--- a/lib/Makefile.vc6
+++ b/lib/Makefile.vc6
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1999 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1999 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -62,10 +62,10 @@
 # Makefile.msvc.names provides libcurl file names
 # ------------------------------------------------
-!INCLUDE ..\Makefile.msvc.names
+!INCLUDE ..\winbuild\Makefile.msvc.names
 !IFNDEF OPENSSL_PATH
-OPENSSL_PATH   = ../../openssl-0.9.8x
+OPENSSL_PATH   = ../../openssl-0.9.8y
 !ENDIF
 !IFNDEF LIBSSH2_PATH
@@ -73,7 +73,7 @@ LIBSSH2_PATH   = ../../libssh2-1.4.3
 !ENDIF
 !IFNDEF ZLIB_PATH
-ZLIB_PATH  = ../../zlib-1.2.7
+ZLIB_PATH  = ../../zlib-1.2.8
 !ENDIF
 !IFNDEF MACHINE
@@ -103,23 +103,24 @@ WINDOWS_SDK_PATH = "$(PROGRAMFILES)\Microsoft SDK"
 #############################################################
 ## Nothing more to do below this line!
-CCNODBG    = cl.exe /O2 /DNDEBUG
+CCNODBG      = cl.exe /O2 /DNDEBUG
-CCDEBUG    = cl.exe /Od /Gm /Zi /D_DEBUG /GZ
+CCDEBUG      = cl.exe /Od /Gm /Zi /D_DEBUG /GZ
-CFLAGSSSL  = /DUSE_SSLEAY /DUSE_OPENSSL /I "$(OPENSSL_PATH)/inc32" /I "$(OPENSSL_PATH)/inc32/openssl"
+CFLAGSSSL    = /DUSE_SSLEAY /DUSE_OPENSSL /I "$(OPENSSL_PATH)/inc32" /I "$(OPENSSL_PATH)/inc32/openssl"
-CFLAGSSSH2 = /DUSE_LIBSSH2 /DCURL_DISABLE_LDAP /DHAVE_LIBSSH2 /DHAVE_LIBSSH2_H /DLIBSSH2_WIN32 /DLIBSSH2_LIBRARY /I "$(LIBSSH2_PATH)/include"
+CFLAGSWINSSL = /DUSE_SCHANNEL
-CFLAGSZLIB = /DHAVE_ZLIB_H /DHAVE_ZLIB /DHAVE_LIBZ /I "$(ZLIB_PATH)"
+CFLAGSSSH2   = /DUSE_LIBSSH2 /DCURL_DISABLE_LDAP /DHAVE_LIBSSH2 /DHAVE_LIBSSH2_H /DLIBSSH2_WIN32 /DLIBSSH2_LIBRARY /I "$(LIBSSH2_PATH)/include"
-CFLAGS     = /I. /I../include /nologo /W3 /GX /DWIN32 /YX /FD /c /DBUILDING_LIBCURL /D_BIND_TO_CURRENT_VCLIBS_VERSION=1
+CFLAGSZLIB   = /DHAVE_ZLIB_H /DHAVE_ZLIB /DHAVE_LIBZ /I "$(ZLIB_PATH)"
-CFLAGSLIB  = /DCURL_STATICLIB
+CFLAGS       = /I. /I../include /nologo /W3 /GX /DWIN32 /YX /FD /c /DBUILDING_LIBCURL /D_BIND_TO_CURRENT_VCLIBS_VERSION=1
-LNKDLL     = link.exe /DLL
+CFLAGSLIB    = /DCURL_STATICLIB
-LNKLIB     = link.exe /lib
+LNKDLL       = link.exe /DLL
-LFLAGS     = /nologo /machine:$(MACHINE)
+LNKLIB       = link.exe /lib
-SSLLIBS    = libeay32.lib ssleay32.lib
+LFLAGS       = /nologo /machine:$(MACHINE)
-ZLIBLIBSDLL= zdll.lib
+SSLLIBS      = libeay32.lib ssleay32.lib
-ZLIBLIBS   = zlib.lib
+ZLIBLIBSDLL  = zdll.lib
-WINLIBS    = ws2_32.lib wldap32.lib advapi32.lib
+ZLIBLIBS     = zlib.lib
-CFLAGS     = $(CFLAGS)
+WINLIBS      = ws2_32.lib wldap32.lib advapi32.lib
 CFLAGS       = $(CFLAGS)
-CFGSET     = FALSE
+CFGSET       = FALSE
 !IFDEF WINDOWS_SSPI
 CFLAGS = $(CFLAGS) /DUSE_WINDOWS_SSPI /I$(WINDOWS_SDK_PATH)\include
@@ -189,6 +190,18 @@ CC       = $(CCNODBG) $(RTLIB) $(CFLAGSSSL) $(CFLAGSZLIB) $(CFLAGSLIB)
 CFGSET   = TRUE
 !ENDIF
 ######################
 # release-winssl-zlib
 !IF "$(CFG)" == "release-winssl-zlib"
 TARGET   = $(LIBCURL_STA_LIB_REL)
 DIROBJ   = $(CFG)
 LFLAGSZLIB = "/LIBPATH:$(ZLIB_PATH)"
 LNK      = $(LNKLIB) $(LFLAGSZLIB) /out:$(DIROBJ)\$(TARGET)
 CC       = $(CCNODBG) $(RTLIB) $(CFLAGSWINSSL) $(CFLAGSZLIB) $(CFLAGSLIB)
 CFGSET   = TRUE
 !ENDIF
 ######################
 # release-ssl-ssh2-zlib
@@ -494,8 +507,10 @@ clean:
 # A config was provided, so the library can be built.
 #
 X_OBJS= \
 	$(DIROBJ)\amigaos.obj \
 	$(DIROBJ)\asyn-ares.obj \
 	$(DIROBJ)\asyn-thread.obj \
 	$(DIROBJ)\axtls.obj \
 	$(DIROBJ)\base64.obj \
 	$(DIROBJ)\bundles.obj \
 	$(DIROBJ)\conncache.obj \
@@ -506,19 +521,21 @@ X_OBJS= \
 	$(DIROBJ)\curl_darwinssl.obj \
 	$(DIROBJ)\curl_fnmatch.obj \
 	$(DIROBJ)\curl_gethostname.obj \
 	$(DIROBJ)\curl_gssapi.obj \
 	$(DIROBJ)\curl_memrchr.obj \
 	$(DIROBJ)\curl_multibyte.obj \
 	$(DIROBJ)\curl_ntlm.obj \
 	$(DIROBJ)\curl_ntlm_core.obj \
 	$(DIROBJ)\curl_ntlm_msgs.obj \
 	$(DIROBJ)\curl_ntlm_wb.obj \
 	$(DIROBJ)\curl_rand.obj \
 	$(DIROBJ)\curl_rtmp.obj \
 	$(DIROBJ)\curl_sasl.obj \
 	$(DIROBJ)\curl_schannel.obj \
 	$(DIROBJ)\curl_sspi.obj \
 	$(DIROBJ)\curl_threads.obj \
 	$(DIROBJ)\cyassl.obj \
 	$(DIROBJ)\dict.obj \
 	$(DIROBJ)\dotdot.obj \
 	$(DIROBJ)\easy.obj \
 	$(DIROBJ)\escape.obj \
 	$(DIROBJ)\file.obj \
@@ -544,10 +561,12 @@ X_OBJS= \
 	$(DIROBJ)\http_negotiate.obj \
 	$(DIROBJ)\http_negotiate_sspi.obj \
 	$(DIROBJ)\http_proxy.obj \
 	$(DIROBJ)\idn_win32.obj \
 	$(DIROBJ)\if2ip.obj \
 	$(DIROBJ)\imap.obj \
 	$(DIROBJ)\inet_ntop.obj \
 	$(DIROBJ)\inet_pton.obj \
 	$(DIROBJ)\krb5.obj \
 	$(DIROBJ)\ldap.obj \
 	$(DIROBJ)\llist.obj \
 	$(DIROBJ)\md4.obj \
@@ -556,15 +575,21 @@ X_OBJS= \
 	$(DIROBJ)\mprintf.obj \
 	$(DIROBJ)\multi.obj \
 	$(DIROBJ)\netrc.obj \
 	$(DIROBJ)\non-ascii.obj \
 	$(DIROBJ)\nonblock.obj \
 	$(DIROBJ)\nss.obj \
 	$(DIROBJ)\openldap.obj \
 	$(DIROBJ)\parsedate.obj \
 	$(DIROBJ)\pingpong.obj \
 	$(DIROBJ)\pipeline.obj \
 	$(DIROBJ)\polarssl.obj \
 	$(DIROBJ)\polarssl_threadlock.obj \
 	$(DIROBJ)\pop3.obj \
 	$(DIROBJ)\progress.obj \
 	$(DIROBJ)\qssl.obj \
 	$(DIROBJ)\rawstr.obj \
 	$(DIROBJ)\rtsp.obj \
 	$(DIROBJ)\security.obj \
 	$(DIROBJ)\select.obj \
 	$(DIROBJ)\sendf.obj \
 	$(DIROBJ)\share.obj \
@@ -578,6 +603,7 @@ X_OBJS= \
 	$(DIROBJ)\ssh.obj \
 	$(DIROBJ)\sslgen.obj \
 	$(DIROBJ)\ssluse.obj \
 	$(DIROBJ)\strdup.obj \
 	$(DIROBJ)\strequal.obj \
 	$(DIROBJ)\strerror.obj \
 	$(DIROBJ)\strtok.obj \
--- a/lib/Makefile.vxworks
+++ b/lib/Makefile.vxworks
@@ -33,10 +33,10 @@ BUILD_TYPE := debug
 USER_CFLAGS:=
 # directories where to seek for includes and libraries
-OPENSSL_INC := D:/libraries/openssl/openssl-0.9.8x-vxWorks6.3/include
+OPENSSL_INC := D:/libraries/openssl/openssl-0.9.8y-vxWorks6.3/include
-OPENSSL_LIB := D:/libraries/openssl/openssl-0.9.8x-vxWorks6.3
+OPENSSL_LIB := D:/libraries/openssl/openssl-0.9.8y-vxWorks6.3
-ZLIB_INC    := D:/libraries/zlib/zlib-1.2.7-VxWorks6.3/zlib-1.2.7
+ZLIB_INC    := D:/libraries/zlib/zlib-1.2.8-VxWorks6.3/zlib-1.2.8
-ZLIB_LIB    := D:/libraries/zlib/zlib-1.2.7-VxWorks6.3/binaries/vxworks_3.1_gnu/Debug/lib
+ZLIB_LIB    := D:/libraries/zlib/zlib-1.2.8-VxWorks6.3/binaries/vxworks_3.1_gnu/Debug/lib
 ARES_INC    :=
 ARES_LIB    :=
--- a/lib/README.http2
+++ b/lib/README.http2
@@ -0,0 +1,31 @@
 HTTP2 with libcurl
 Spec: http://tools.ietf.org/html/draft-ietf-httpbis-http2-06
 nghttp2 (https://github.com/tatsuhiro-t/nghttp2)
  We're depending on this 3rd party library for the actual low level protocol
  handling parts. The reason for this is that HTTP2 is much more complex at
  that layer than HTTP1.1 (which we implement on our own) and that nghttp2 is
  an already existing and well functional library.
 Over an http:// URL
  If CURLOPT_HTTP_VERSION is set to CURL_HTTP_VERSION_2, libcurl will include
  an upgrade header in the initial request to the host to allow upgrading to
  http2. Possibly introduce an option that will cause libcurl to fail if not
  possible to upgrade. Possibly introduce an option that makes libcurl use
  http2 at once over http://
 Over an https:// URL
  If CURLOPT_HTTP_VERSION is set to CURL_HTTP_VERSION_2, libcurl will use ALPN
  (or NPN) to negotiate which protocol to continue with. Possibly introduce an
  option that will cause libcurl to fail if not possible to use http2.
 To consider:
  - How to tell libcurl when using the multi interface that all or some of the
    handles are allowed to re-use the same physical connection. Can we just
    re-use existing pipelining logic?
--- a/lib/README.pipelining
+++ b/lib/README.pipelining
@@ -42,10 +42,3 @@ Details
  still resolve the second one properly to make sure that they actually _can_
  be considered for pipelining. Also, asking for explicit pipelining on handle
  X may be tricky when handle X get a closed connection.
 - We need options to control max pipeline length, and probably how to behave
  if we reach that limit. As was discussed on the list, it can probably be
  made very complicated, so perhaps we can think of a way to pass all
  variables involved to a callback and let the application decide how to act
  in specific situations. Either way, these fancy options are only interesting
  to work on when everything is working and we have working apps to test with.
--- a/lib/asyn-ares.c
+++ b/lib/asyn-ares.c
@@ -315,6 +315,7 @@ CURLcode Curl_resolver_is_resolved(struct connectdata *conn,
  struct SessionHandle *data = conn->data;
  struct ResolverResults *res = (struct ResolverResults *)
    conn->async.os_specific;
  CURLcode rc = CURLE_OK;
  *dns = NULL;
@@ -325,19 +326,19 @@ CURLcode Curl_resolver_is_resolved(struct connectdata *conn,
    /* temp_ai ownership is moved to the connection, so we need not free-up
       them */
    res->temp_ai = NULL;
    destroy_async_data(&conn->async);
    if(!conn->async.dns) {
-      failf(data, "Could not resolve %s: %s (%s)",
+      failf(data, "Could not resolve: %s (%s)",
-            conn->bits.proxy?"proxy":"host",
+            conn->async.hostname, ares_strerror(conn->async.status));
-            conn->host.dispname,
+      rc = conn->bits.proxy?CURLE_COULDNT_RESOLVE_PROXY:
            ares_strerror(conn->async.status));
      return conn->bits.proxy?CURLE_COULDNT_RESOLVE_PROXY:
        CURLE_COULDNT_RESOLVE_HOST;
    }
-    *dns = conn->async.dns;
+    else
      *dns = conn->async.dns;
    destroy_async_data(&conn->async);
  }
-  return CURLE_OK;
+  return rc;
 }
 /*
@@ -415,37 +416,12 @@ CURLcode Curl_resolver_wait_resolv(struct connectdata *conn,
  if(entry)
    *entry = conn->async.dns;
-  if(!conn->async.dns) {
+  if(rc)
    /* a name was not resolved */
    if((timeout < 0) || (conn->async.status == ARES_ETIMEOUT)) {
      if(conn->bits.proxy) {
        failf(data, "Resolving proxy timed out: %s", conn->proxy.dispname);
        rc = CURLE_COULDNT_RESOLVE_PROXY;
      }
      else {
        failf(data, "Resolving host timed out: %s", conn->host.dispname);
        rc = CURLE_COULDNT_RESOLVE_HOST;
      }
    }
    else if(conn->async.done) {
      if(conn->bits.proxy) {
        failf(data, "Could not resolve proxy: %s (%s)", conn->proxy.dispname,
              ares_strerror(conn->async.status));
        rc = CURLE_COULDNT_RESOLVE_PROXY;
      }
      else {
        failf(data, "Could not resolve host: %s (%s)", conn->host.dispname,
              ares_strerror(conn->async.status));
        rc = CURLE_COULDNT_RESOLVE_HOST;
      }
    }
    else
      rc = CURLE_OPERATION_TIMEDOUT;
    /* close the connection, since we can't return failure here without
-       cleaning up this connection properly */
+       cleaning up this connection properly.
       TODO: remove this action from here, it is not a name resolver decision.
    */
    conn->bits.close = TRUE;
  }
  return rc;
 }
@@ -614,8 +590,19 @@ CURLcode Curl_set_dns_servers(struct SessionHandle *data,
                              char *servers)
 {
  CURLcode result = CURLE_NOT_BUILT_IN;
  int ares_result;
  /* If server is NULL or empty, this would purge all DNS servers
   * from ares library, which will cause any and all queries to fail.
   * So, just return OK if none are configured and don't actually make
   * any changes to c-ares.  This lets c-ares use it's defaults, which
   * it gets from the OS (for instance from /etc/resolv.conf on Linux).
   */
  if(!(servers && servers[0]))
    return CURLE_OK;
 #if (ARES_VERSION >= 0x010704)
-  int ares_result = ares_set_servers_csv(data->state.resolver, servers);
+  ares_result = ares_set_servers_csv(data->state.resolver, servers);
  switch(ares_result) {
  case ARES_SUCCESS:
    result = CURLE_OK;
@@ -632,8 +619,76 @@ CURLcode Curl_set_dns_servers(struct SessionHandle *data,
  }
 #else /* too old c-ares version! */
  (void)data;
-  (void)servers;
+  (void)(ares_result);
 #endif
  return result;
 }
 CURLcode Curl_set_dns_interface(struct SessionHandle *data,
                                const char *interf)
 {
 #if (ARES_VERSION >= 0x010704)
  if(!interf)
    interf = "";
  ares_set_local_dev((ares_channel)data->state.resolver, interf);
  return CURLE_OK;
 #else /* c-ares version too old! */
  (void)data;
  (void)interf;
  return CURLE_NOT_BUILT_IN;
 #endif
 }
 CURLcode Curl_set_dns_local_ip4(struct SessionHandle *data,
                                const char *local_ip4)
 {
 #if (ARES_VERSION >= 0x010704)
  uint32_t a4;
  if((!local_ip4) || (local_ip4[0] == 0)) {
    a4 = 0; /* disabled: do not bind to a specific address */
  }
  else {
    if(Curl_inet_pton(AF_INET, local_ip4, &a4) != 1) {
      return CURLE_BAD_FUNCTION_ARGUMENT;
    }
  }
  ares_set_local_ip4((ares_channel)data->state.resolver, ntohl(a4));
  return CURLE_OK;
 #else /* c-ares version too old! */
  (void)data;
  (void)local_ip4;
  return CURLE_NOT_BUILT_IN;
 #endif
 }
 CURLcode Curl_set_dns_local_ip6(struct SessionHandle *data,
                                const char *local_ip6)
 {
 #if (ARES_VERSION >= 0x010704)
  unsigned char a6[INET6_ADDRSTRLEN];
  if((!local_ip6) || (local_ip6[0] == 0)) {
    /* disabled: do not bind to a specific address */
    memset(a6, 0, sizeof(a6));
  }
  else {
    if(Curl_inet_pton(AF_INET6, local_ip6, a6) != 1) {
      return CURLE_BAD_FUNCTION_ARGUMENT;
    }
  }
  ares_set_local_ip6((ares_channel)data->state.resolver, a6);
  return CURLE_OK;
 #else /* c-ares version too old! */
  (void)data;
  (void)local_ip6;
  return CURLE_NOT_BUILT_IN;
 #endif
 }
 #endif /* CURLRES_ARES */
--- a/lib/asyn-thread.c
+++ b/lib/asyn-thread.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -170,7 +170,7 @@ struct thread_sync_data {
 struct thread_data {
  curl_thread_t thread_hnd;
  unsigned int poll_interval;
-  int interval_end;
+  long interval_end;
  struct thread_sync_data tsd;
 };
@@ -265,7 +265,7 @@ static int getaddrinfo_complete(struct connectdata *conn)
 static unsigned int CURL_STDCALL getaddrinfo_thread (void *arg)
 {
  struct thread_sync_data *tsd = (struct thread_sync_data*)arg;
-  char   service [NI_MAXSERV];
+  char service[12];
  int rc;
  snprintf(service, sizeof(service), "%d", tsd->port);
@@ -387,61 +387,27 @@ static bool init_resolve_thread (struct connectdata *conn,
  return FALSE;
 }
 #if defined(HAVE_GETADDRINFO) && !defined(HAVE_GAI_STRERROR) && !defined(WIN32)
 /* NetWare has getaddrinfo but lacks gai_strerror.
   Windows has a gai_strerror but it is bad (not thread-safe) and the generic
   socket error string function can be used for this pupose. */
 static const char *gai_strerror(int ecode)
 {
  switch (ecode) {
  case EAI_AGAIN:
    return "The name could not be resolved at this time";
  case EAI_BADFLAGS:
    return "The flags parameter had an invalid value";
  case EAI_FAIL:
    return "A non-recoverable error occurred when attempting to "
      "resolve the name";
  case EAI_FAMILY:
    return "The address family was not recognized";
  case EAI_MEMORY:
    return "Out of memory";
  case EAI_NONAME:
    return "The name does not resolve for the supplied parameters";
  case EAI_SERVICE:
    return "The service passed was not recognized for the "
      "specified socket type"
  case EAI_SOCKTYPE:
    return "The intended socket type was not recognized"
  case EAI_SYSTEM:
    return "A system error occurred";
  case EAI_OVERFLOW:
    return "An argument buffer overflowed";
  default:
    return "Unknown error";
 /* define this now as this is a private implementation of said function */
 #define HAVE_GAI_STRERROR
 }
 #endif
 /*
 * resolver_error() calls failf() with the appropriate message after a resolve
 * error
 */
-static void resolver_error(struct connectdata *conn, const char *host_or_proxy)
+static CURLcode resolver_error(struct connectdata *conn)
 {
-  failf(conn->data, "Could not resolve %s: %s; %s", host_or_proxy,
+  const char *host_or_proxy;
-        conn->async.hostname,
+  CURLcode rc;
-#ifdef HAVE_GAI_STRERROR
+  if(conn->bits.httpproxy) {
-        /* NetWare doesn't have gai_strerror and on Windows it isn't deemed
+    host_or_proxy = "proxy";
-           thread-safe */
+    rc = CURLE_COULDNT_RESOLVE_PROXY;
-        gai_strerror(conn->async.status)
+  }
-#else
+  else {
-        Curl_strerror(conn, conn->async.status)
+    host_or_proxy = "host";
-#endif
+    rc = CURLE_COULDNT_RESOLVE_HOST;
-    );
+  }
  failf(conn->data, "Could not resolve %s: %s", host_or_proxy,
        conn->async.hostname);
  return rc;
 }
 /*
@@ -473,17 +439,9 @@ CURLcode Curl_resolver_wait_resolv(struct connectdata *conn,
  if(entry)
    *entry = conn->async.dns;
-  if(!conn->async.dns) {
+  if(!conn->async.dns)
-    /* a name was not resolved */
+    /* a name was not resolved, report error */
-    if(conn->bits.httpproxy) {
+    rc = resolver_error(conn);
      resolver_error(conn, "proxy");
      rc = CURLE_COULDNT_RESOLVE_PROXY;
    }
    else {
      resolver_error(conn, "host");
      rc = CURLE_COULDNT_RESOLVE_HOST;
    }
  }
  destroy_async_data(&conn->async);
@@ -518,17 +476,18 @@ CURLcode Curl_resolver_is_resolved(struct connectdata *conn,
  if(done) {
    getaddrinfo_complete(conn);
    destroy_async_data(&conn->async);
    if(!conn->async.dns) {
-      resolver_error(conn, "host");
+      CURLcode rc = resolver_error(conn);
-      return CURLE_COULDNT_RESOLVE_HOST;
+      destroy_async_data(&conn->async);
      return rc;
    }
    destroy_async_data(&conn->async);
    *entry = conn->async.dns;
  }
  else {
    /* poll for name lookup done with exponential backoff up to 250ms */
-    int elapsed = Curl_tvdiff(Curl_tvnow(), data->progress.t_startsingle);
+    long elapsed = Curl_tvdiff(Curl_tvnow(), data->progress.t_startsingle);
    if(elapsed < 0)
      elapsed = 0;
@@ -600,7 +559,7 @@ Curl_addrinfo *Curl_resolver_getaddrinfo(struct connectdata *conn,
  struct in_addr in;
  Curl_addrinfo *res;
  int error;
-  char sbuf[NI_MAXSERV];
+  char sbuf[12];
  int pf = PF_INET;
 #ifdef CURLRES_IPV6
  struct in6_addr in6;
@@ -676,4 +635,28 @@ CURLcode Curl_set_dns_servers(struct SessionHandle *data,
 }
 CURLcode Curl_set_dns_interface(struct SessionHandle *data,
                                const char *interf)
 {
  (void)data;
  (void)interf;
  return CURLE_NOT_BUILT_IN;
 }
 CURLcode Curl_set_dns_local_ip4(struct SessionHandle *data,
                                const char *local_ip4)
 {
  (void)data;
  (void)local_ip4;
  return CURLE_NOT_BUILT_IN;
 }
 CURLcode Curl_set_dns_local_ip6(struct SessionHandle *data,
                                const char *local_ip6)
 {
  (void)data;
  (void)local_ip6;
  return CURLE_NOT_BUILT_IN;
 }
 #endif /* CURLRES_THREADED */
--- a/lib/axtls.c
+++ b/lib/axtls.c
@@ -41,26 +41,12 @@
 #define _MPRINTF_REPLACE /* use our functions only */
 #include <curl/mprintf.h>
 #include "curl_memory.h"
 #include <unistd.h>
 /* The last #include file should be: */
 #include "memdebug.h"
 #include "hostcheck.h"
 /* SSL_read is opied from axTLS compat layer */
 static int SSL_read(SSL *ssl, void *buf, int num)
 {
  uint8_t *read_buf;
  int ret;
  while((ret = ssl_read(ssl, &read_buf)) == SSL_OK);
  if(ret > SSL_OK) {
    memcpy(buf, read_buf, ret > num ? num : ret);
  }
  return ret;
 }
 /* Global axTLS init, called from Curl_ssl_init() */
 int Curl_axtls_init(void)
 {
@@ -131,31 +117,40 @@ static CURLcode map_error_to_curl(int axtls_err)
 static Curl_recv axtls_recv;
 static Curl_send axtls_send;
-/*
+static void free_ssl_structs(struct ssl_connect_data *connssl)
- * This function is called after the TCP connect has completed. Setup the TLS
+{
- * layer and do all necessary magic.
+  if(connssl->ssl) {
- */
+    ssl_free (connssl->ssl);
-CURLcode
+    connssl->ssl = NULL;
-Curl_axtls_connect(struct connectdata *conn,
+  }
-                  int sockindex)
+  if(connssl->ssl_ctx) {
    ssl_ctx_free(connssl->ssl_ctx);
    connssl->ssl_ctx = NULL;
  }
 }
 /*
 * For both blocking and non-blocking connects, this function sets up the
 * ssl context and state.  This function is called after the TCP connect
 * has completed.
 */
 static CURLcode connect_prep(struct connectdata *conn, int sockindex)
 {
  struct SessionHandle *data = conn->data;
  SSL_CTX *ssl_ctx;
-  SSL *ssl;
+  SSL *ssl = NULL;
  int cert_types[] = {SSL_OBJ_X509_CERT, SSL_OBJ_PKCS12, 0};
  int key_types[] = {SSL_OBJ_RSA_KEY, SSL_OBJ_PKCS8, SSL_OBJ_PKCS12, 0};
  int i, ssl_fcn_return;
  const uint8_t *ssl_sessionid;
  size_t ssl_idsize;
  const char *peer_CN;
  uint32_t dns_altname_index;
  const char *dns_altname;
  int8_t found_subject_alt_names = 0;
  int8_t found_subject_alt_name_matching_conn = 0;
-  /* Assuming users will not compile in custom key/cert to axTLS */
+  /* Assuming users will not compile in custom key/cert to axTLS.
-  uint32_t client_option = SSL_NO_DEFAULT_KEY|SSL_SERVER_VERIFY_LATER;
+  *  Also, even for blocking connects, use axTLS non-blocking feature.
  */
  uint32_t client_option = SSL_NO_DEFAULT_KEY |
    SSL_SERVER_VERIFY_LATER |
    SSL_CONNECT_IN_PARTS;
  if(conn->ssl[sockindex].state == ssl_connection_complete)
    /* to make us tolerant against being called more than once for the
@@ -184,6 +179,9 @@ Curl_axtls_connect(struct connectdata *conn,
    return CURLE_SSL_CONNECT_ERROR;
  }
  conn->ssl[sockindex].ssl_ctx = ssl_ctx;
  conn->ssl[sockindex].ssl = NULL;
  /* Load the trusted CA cert bundle file */
  if(data->set.ssl.CAfile) {
    if(ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CACERT, data->set.ssl.CAfile, NULL)
@@ -191,7 +189,6 @@ Curl_axtls_connect(struct connectdata *conn,
      infof(data, "error reading ca cert file %s \n",
            data->set.ssl.CAfile);
      if(data->set.ssl.verifypeer) {
        Curl_axtls_close(conn, sockindex);
        return CURLE_SSL_CACERT_BADFILE;
      }
    }
@@ -225,7 +222,6 @@ Curl_axtls_connect(struct connectdata *conn,
    if(cert_types[i] == 0) {
      failf(data, "%s is not x509 or pkcs12 format",
            data->set.str[STRING_CERT]);
      Curl_axtls_close(conn, sockindex);
      return CURLE_SSL_CERTPROBLEM;
    }
  }
@@ -250,7 +246,6 @@ Curl_axtls_connect(struct connectdata *conn,
    if(key_types[i] == 0) {
      failf(data, "Failure: %s is not a supported key file",
            data->set.str[STRING_KEY]);
      Curl_axtls_close(conn, sockindex);
      return CURLE_SSL_CONNECT_ERROR;
    }
  }
@@ -271,14 +266,25 @@ Curl_axtls_connect(struct connectdata *conn,
  else
    ssl = ssl_client_new(ssl_ctx, conn->sock[sockindex], NULL, 0);
-  /* Check to make sure handshake was ok. */
+  conn->ssl[sockindex].ssl = ssl;
-  ssl_fcn_return = ssl_handshake_status(ssl);
+  return CURLE_OK;
-  if(ssl_fcn_return != SSL_OK) {
+}
-    Curl_axtls_close(conn, sockindex);
+
-    ssl_display_error(ssl_fcn_return); /* goes to stdout. */
+/*
-    return map_error_to_curl(ssl_fcn_return);
+ * For both blocking and non-blocking connects, this function finalizes the
-  }
+ * SSL connection.
-  infof (data, "handshake completed successfully\n");
+ */
 static CURLcode connect_finish(struct connectdata *conn, int sockindex)
 {
  struct SessionHandle *data = conn->data;
  SSL *ssl = conn->ssl[sockindex].ssl;
  const uint8_t *ssl_sessionid;
  size_t ssl_idsize;
  const char *peer_CN;
  uint32_t dns_altname_index;
  const char *dns_altname;
  int8_t found_subject_alt_names = 0;
  int8_t found_subject_alt_name_matching_conn = 0;
  /* Here, gtls.c gets the peer certificates and fails out depending on
   * settings in "data."  axTLS api doesn't have get cert chain fcn, so omit?
@@ -289,7 +295,7 @@ Curl_axtls_connect(struct connectdata *conn,
    if(ssl_verify_cert(ssl) != SSL_OK) {
      Curl_axtls_close(conn, sockindex);
      failf(data, "server cert verify failed");
-      return CURLE_SSL_CONNECT_ERROR;
+      return CURLE_PEER_FAILED_VERIFICATION;
    }
  }
  else
@@ -306,7 +312,6 @@ Curl_axtls_connect(struct connectdata *conn,
   *    this, but a couple fields are available.
   */
  /* There is no (DNS) Altnames count in the version 1.4.8 API. There is a
     risk of an inifite loop */
  for(dns_altname_index = 0; ; dns_altname_index++) {
@@ -326,20 +331,29 @@ Curl_axtls_connect(struct connectdata *conn,
  /* RFC2818 checks */
  if(found_subject_alt_names && !found_subject_alt_name_matching_conn) {
-    /* Break connection ! */
+    if(data->set.ssl.verifyhost) {
-    Curl_axtls_close(conn, sockindex);
+      /* Break connection ! */
-    failf(data, "\tsubjectAltName(s) do not match %s\n", conn->host.dispname);
+      Curl_axtls_close(conn, sockindex);
-    return CURLE_PEER_FAILED_VERIFICATION;
+      failf(data, "\tsubjectAltName(s) do not match %s\n",
            conn->host.dispname);
      return CURLE_PEER_FAILED_VERIFICATION;
    }
    else
      infof(data, "\tsubjectAltName(s) do not match %s\n",
            conn->host.dispname);
  }
  else if(found_subject_alt_names == 0) {
    /* Per RFC2818, when no Subject Alt Names were available, examine the peer
       CN as a legacy fallback */
    peer_CN = ssl_get_cert_dn(ssl, SSL_X509_CERT_COMMON_NAME);
    if(peer_CN == NULL) {
-      /* Similar behaviour to the OpenSSL interface */
+      if(data->set.ssl.verifyhost) {
-      Curl_axtls_close(conn, sockindex);
+        Curl_axtls_close(conn, sockindex);
-      failf(data, "unable to obtain common name from peer certificate");
+        failf(data, "unable to obtain common name from peer certificate");
-      return CURLE_PEER_FAILED_VERIFICATION;
+        return CURLE_PEER_FAILED_VERIFICATION;
      }
      else
        infof(data, "unable to obtain common name from peer certificate");
    }
    else {
      if(!Curl_cert_hostcheck((const char *)peer_CN, conn->host.name)) {
@@ -359,8 +373,6 @@ Curl_axtls_connect(struct connectdata *conn,
  /* General housekeeping */
  conn->ssl[sockindex].state = ssl_connection_complete;
  conn->ssl[sockindex].ssl = ssl;
  conn->ssl[sockindex].ssl_ctx = ssl_ctx;
  conn->recv[sockindex] = axtls_recv;
  conn->send[sockindex] = axtls_send;
@@ -374,6 +386,107 @@ Curl_axtls_connect(struct connectdata *conn,
  return CURLE_OK;
 }
 /*
 * Use axTLS's non-blocking connection feature to open an SSL connection.
 * This is called after a TCP connection is already established.
 */
 CURLcode Curl_axtls_connect_nonblocking(
    struct connectdata *conn,
    int sockindex,
    bool *done)
 {
  CURLcode conn_step;
  int ssl_fcn_return;
 *done = FALSE;
  /* connectdata is calloc'd and connecting_state is only changed in this
     function, so this is safe, as the state is effectively initialized. */
  if(conn->ssl[sockindex].connecting_state == ssl_connect_1) {
    conn_step = connect_prep(conn, sockindex);
    if(conn_step != CURLE_OK) {
      Curl_axtls_close(conn, sockindex);
      return conn_step;
    }
    conn->ssl[sockindex].connecting_state = ssl_connect_2;
  }
  if(conn->ssl[sockindex].connecting_state == ssl_connect_2) {
    /* Check to make sure handshake was ok. */
    if(ssl_handshake_status(conn->ssl[sockindex].ssl) != SSL_OK) {
      ssl_fcn_return = ssl_read(conn->ssl[sockindex].ssl, NULL);
      if(ssl_fcn_return < 0) {
        Curl_axtls_close(conn, sockindex);
        ssl_display_error(ssl_fcn_return); /* goes to stdout. */
        return map_error_to_curl(ssl_fcn_return);
      }
      else {
        return CURLE_OK; /* Return control to caller for retries */
      }
    }
    infof (conn->data, "handshake completed successfully\n");
    conn->ssl[sockindex].connecting_state = ssl_connect_3;
  }
  if(conn->ssl[sockindex].connecting_state == ssl_connect_3) {
    conn_step = connect_finish(conn, sockindex);
    if(conn_step != CURLE_OK) {
      Curl_axtls_close(conn, sockindex);
      return conn_step;
    }
    /* Reset connect state */
    conn->ssl[sockindex].connecting_state = ssl_connect_1;
    *done = TRUE;
    return CURLE_OK;
  }
  /* Unrecognized state.  Things are very bad. */
  conn->ssl[sockindex].state  = ssl_connection_none;
  conn->ssl[sockindex].connecting_state = ssl_connect_1;
  /* Return value perhaps not strictly correct, but distinguishes the issue.*/
  return CURLE_BAD_FUNCTION_ARGUMENT;
 }
 /*
 * This function is called after the TCP connect has completed. Setup the TLS
 * layer and do all necessary magic for a blocking connect.
 */
 CURLcode
 Curl_axtls_connect(struct connectdata *conn,
                  int sockindex)
 {
  CURLcode conn_step = connect_prep(conn, sockindex);
  int ssl_fcn_return;
  SSL *ssl = conn->ssl[sockindex].ssl;
  if(conn_step != CURLE_OK) {
    Curl_axtls_close(conn, sockindex);
    return conn_step;
  }
  /* Check to make sure handshake was ok. */
  while(ssl_handshake_status(ssl) != SSL_OK) {
    ssl_fcn_return = ssl_read(ssl, NULL);
    if(ssl_fcn_return < 0) {
      Curl_axtls_close(conn, sockindex);
      ssl_display_error(ssl_fcn_return); /* goes to stdout. */
      return map_error_to_curl(ssl_fcn_return);
    }
    usleep(10000);
  }
  infof (conn->data, "handshake completed successfully\n");
  conn_step = connect_finish(conn, sockindex);
  if(conn_step != CURLE_OK) {
    Curl_axtls_close(conn, sockindex);
    return conn_step;
  }
  return CURLE_OK;
 }
 /* return number of sent (non-SSL) bytes */
 static ssize_t axtls_send(struct connectdata *conn,
@@ -407,7 +520,7 @@ void Curl_axtls_close(struct connectdata *conn, int sockindex)
  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
  infof(conn->data, "  Curl_axtls_close\n");
-  if(connssl->ssl) {
+
    /* line from ssluse.c: (void)SSL_shutdown(connssl->ssl);
       axTLS compat layer does nothing for SSL_shutdown */
@@ -415,13 +528,7 @@ void Curl_axtls_close(struct connectdata *conn, int sockindex)
       equivalent.  ssl_free and ssl_ctx_free close things.
       SSL_set_connect_state(connssl->handle); */
-    ssl_free (connssl->ssl);
+  free_ssl_structs(connssl);
    connssl->ssl = NULL;
  }
  if(connssl->ssl_ctx) {
    ssl_ctx_free (connssl->ssl_ctx);
    connssl->ssl_ctx = NULL;
  }
 }
 /*
@@ -436,8 +543,7 @@ int Curl_axtls_shutdown(struct connectdata *conn, int sockindex)
  int retval = 0;
  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
  struct SessionHandle *data = conn->data;
-  char buf[120]; /* We will use this for the OpenSSL error buffer, so it has
+  uint8_t *buf;
                    to be at least 120 bytes long. */
  ssize_t nread;
  infof(conn->data, "  Curl_axtls_shutdown\n");
@@ -457,9 +563,10 @@ int Curl_axtls_shutdown(struct connectdata *conn, int sockindex)
                                 CURL_SOCKET_BAD, SSL_SHUTDOWN_TIMEOUT);
    if(what > 0) {
      /* Something to read, let's do it and hope that it is the close
-         notify alert from the server */
+         notify alert from the server.  buf is managed internally by
-      nread = (ssize_t)SSL_read(conn->ssl[sockindex].ssl, buf,
+         axTLS and will be released upon calling ssl_free via
-                                sizeof(buf));
+         free_ssl_structs. */
      nread = (ssize_t)ssl_read(connssl->ssl, &buf);
      if(nread < SSL_OK) {
        failf(data, "close notify alert not received during shutdown");
@@ -476,8 +583,7 @@ int Curl_axtls_shutdown(struct connectdata *conn, int sockindex)
      retval = -1;
    }
-    ssl_free (connssl->ssl);
+    free_ssl_structs(connssl);
    connssl->ssl = NULL;
  }
  return retval;
 }
@@ -490,26 +596,36 @@ static ssize_t axtls_recv(struct connectdata *conn, /* connection data */
 {
  struct ssl_connect_data *connssl = &conn->ssl[num];
  ssize_t ret = 0;
  uint8_t *read_buf;
  infof(conn->data, "  axtls_recv\n");
  *err = CURLE_OK;
  if(connssl) {
-    ret = (ssize_t)SSL_read(conn->ssl[num].ssl, buf, (int)buffersize);
+    ret = ssl_read(connssl->ssl, &read_buf);
-
+    if(ret > SSL_OK) {
-    /* axTLS isn't terribly generous about error reporting */
+      /* ssl_read returns SSL_OK if there is more data to read, so if it is
-    /* With patched axTLS, SSL_CLOSE_NOTIFY=-3.  Hard-coding until axTLS
+         larger, then all data has been read already.  */
-       team approves proposed fix. */
+      memcpy(buf, read_buf,
-    if(ret == -3 ) {
+             (size_t)ret > buffersize ? buffersize : (size_t)ret);
    }
    else if(ret == SSL_OK) {
      /* more data to be read, signal caller to call again */
      *err = CURLE_AGAIN;
      ret = -1;
    }
    else if(ret == -3) {
      /* With patched axTLS, SSL_CLOSE_NOTIFY=-3.  Hard-coding until axTLS
         team approves proposed fix. */
      Curl_axtls_close(conn, num);
    }
-    else if(ret < 0) {
+    else {
-      failf(conn->data, "axTLS recv error (%d)", (int)ret);
+      failf(conn->data, "axTLS recv error (%d)", ret);
      *err = map_error_to_curl(ret);
-      return -1;
+      ret = -1;
    }
  }
  *err = CURLE_OK;
  return ret;
 }
--- a/lib/axtls.h
+++ b/lib/axtls.h
@@ -30,6 +30,10 @@
 int Curl_axtls_init(void);
 int Curl_axtls_cleanup(void);
 CURLcode Curl_axtls_connect(struct connectdata *conn, int sockindex);
 CURLcode Curl_axtls_connect_nonblocking(
    struct connectdata *conn,
    int sockindex,
    bool *done);
 /* tell axTLS to close down all open information regarding connections (and
   thus session ID caching etc) */
@@ -47,6 +51,7 @@ int Curl_axtls_check_cxn(struct connectdata *conn);
 #define curlssl_init Curl_axtls_init
 #define curlssl_cleanup Curl_axtls_cleanup
 #define curlssl_connect Curl_axtls_connect
 #define curlssl_connect_nonblocking Curl_axtls_connect_nonblocking
 #define curlssl_session_free(x)  Curl_axtls_session_free(x)
 #define curlssl_close_all Curl_axtls_close_all
 #define curlssl_close Curl_axtls_close
--- a/lib/checksrc.pl
+++ b/lib/checksrc.pl
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 2011 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -153,6 +153,12 @@ sub scanfile {
            checkwarn($line, length($1)+1, $file, $l, "missing space after close paren");
        }
        # scan for use of banned functions
        if($l =~ /^(.*\W)(sprintf|vsprintf|strcat|strncat|gets)\s*\(/) {
            checkwarn($line, length($1), $file, $l,
                      "use of $2 is banned");
        }
        # check for open brace first on line but not first column
        # only alert if previous line ended with a close paren and wasn't a cpp
        # line
--- a/lib/config-dos.h
+++ b/lib/config-dos.h
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -79,7 +79,6 @@
 #define HAVE_SYS_SOCKET_H      1
 #define HAVE_SYS_STAT_H        1
 #define HAVE_SYS_TYPES_H       1
 #define HAVE_TERMIOS_H         1
 #define HAVE_TIME_H            1
 #define HAVE_UNISTD_H          1
@@ -149,7 +148,7 @@
 #if defined(__HIGHC__) || \
    (defined(__GNUC__) && (__GNUC__ < 4))
-#define ssize_t    int
+  #define ssize_t  int
 #endif
 #define CURL_CA_BUNDLE  getenv("CURL_CA_BUNDLE")
@@ -162,12 +161,9 @@
  #define HAVE_SIGACTION  1
  #define HAVE_SIGSETJMP  1
  #define HAVE_SYS_TIME_H 1
  #define HAVE_TERMIOS_H  1
  #define HAVE_VARIADIC_MACROS_GCC 1
  #if (DJGPP_MINOR >= 4)
    #define HAVE_STRLCAT  1
  #endif
  /* Because djgpp <= 2.03 doesn't have snprintf() etc. */
  #if (DJGPP_MINOR < 4)
    #define _MPRINTF_REPLACE
@@ -178,11 +174,11 @@
 #elif defined(__HIGHC__)
  #define HAVE_SYS_TIME_H 1
  #define strerror(e) strerror_s_((e))
 #endif
 #ifdef MSDOS  /* Watt-32 */
-  #define HAVE_CLOSESOCKET_CAMEL  1
+  #define HAVE_CLOSE_S    1
  #define CloseSocket(s)          close_s((s))
 #endif
 #undef word
--- a/lib/config-os400.h
+++ b/lib/config-os400.h
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -277,30 +277,33 @@
 /* Define if you have the <stdlib.h> header file. */
 #define HAVE_STDLIB_H
 /* The following define is needed on OS400 to enable strcmpi(), stricmp() and
   strdup(). */
 #define __cplusplus__strings__
 /* Define if you have the `strcasecmp' function. */
 #undef HAVE_STRCASECMP
 /* Define if you have the `strcmpi' function. */
-#undef HAVE_STRCMPI
+#define HAVE_STRCMPI
 /* Define if you have the `stricmp' function. */
 #define HAVE_STRICMP
 /* Define if you have the `strdup' function. */
-#undef HAVE_STRDUP
+#define HAVE_STRDUP
 /* Define if you have the `strftime' function. */
 #define HAVE_STRFTIME
 /* Define if you have the `stricmp' function. */
 #undef HAVE_STRICMP
 /* Define if you have the <strings.h> header file. */
 #define HAVE_STRINGS_H
 /* Define if you have the <string.h> header file. */
 #define HAVE_STRING_H
 /* Define if you have the `strlcat' function. */
 #undef HAVE_STRLCAT
 /* Define if you have the `strlcpy' function. */
 #undef HAVE_STRLCPY
@@ -528,6 +531,9 @@
 /* Define to use the QsoSSL package. */
 #define USE_QSOSSL
 /* Define to use the GSKit package. */
 #undef USE_GSKIT
 /* Use the system keyring as the default CA bundle. */
 #define CURL_CA_BUNDLE  "/QIBM/UserData/ICSS/Cert/Server/DEFAULT.KDB"
--- a/lib/config-riscos.h
+++ b/lib/config-riscos.h
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -305,9 +305,6 @@
 /* Define if you have the <string.h> header file. */
 #define HAVE_STRING_H
 /* Define if you have the `strlcat' function. */
 #undef HAVE_STRLCAT
 /* Define if you have the `strlcpy' function. */
 #undef HAVE_STRLCPY
--- a/lib/config-symbian.h
+++ b/lib/config-symbian.h
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -504,9 +504,6 @@
 /* Define to 1 if you have the `strcasecmp' function. */
 #define HAVE_STRCASECMP 1
 /* Define to 1 if you have the `strcasestr' function. */
 #define HAVE_STRCASESTR 1
 /* Define to 1 if you have the `strcmpi' function. */
 /* #undef HAVE_STRCMPI */
@@ -525,9 +522,6 @@
 /* Define to 1 if you have the <string.h> header file. */
 #define HAVE_STRING_H 1
 /* Define to 1 if you have the `strlcat' function. */
 #define HAVE_STRLCAT 1
 /* Define to 1 if you have the `strlcpy' function. */
 #define HAVE_STRLCPY 1
--- a/lib/config-tpf.h
+++ b/lib/config-tpf.h
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -471,9 +471,6 @@
 /* Define to 1 if you have the <string.h> header file. */
 #define HAVE_STRING_H 1
 /* Define to 1 if you have the `strlcat' function. */
 /* #undef HAVE_STRLCAT */
 /* Define to 1 if you have the `strlcpy' function. */
 /* #undef HAVE_STRLCPY */
--- a/lib/config-vxworks.h
+++ b/lib/config-vxworks.h
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -571,9 +571,6 @@
 /* Define to 1 if you have the strcasecmp function. */
 #define HAVE_STRCASECMP 1
 /* Define to 1 if you have the strcasestr function. */
 /* #undef HAVE_STRCASESTR */
 /* Define to 1 if you have the strcmpi function. */
 /* #undef HAVE_STRCMPI */
@@ -592,9 +589,6 @@
 /* Define to 1 if you have the <string.h> header file. */
 #define HAVE_STRING_H 1
 /* Define to 1 if you have the strlcat function. */
 /* #undef HAVE_STRLCAT */
 /* Define to 1 if you have the `strlcpy' function. */
 /* #undef HAVE_STRLCPY */
--- a/lib/config-win32.h
+++ b/lib/config-win32.h
@@ -390,21 +390,6 @@
 #  define SIZEOF_SIZE_T 4
 #endif
 /* ---------------------------------------------------------------- */
 /*                          STRUCT RELATED                          */
 /* ---------------------------------------------------------------- */
 /* Define if you have struct sockaddr_storage. */
 #if !defined(__SALFORDC__) && !defined(__BORLANDC__)
 #define HAVE_STRUCT_SOCKADDR_STORAGE 1
 #endif
 /* Define if you have struct timeval. */
 #define HAVE_STRUCT_TIMEVAL 1
 /* Define if struct sockaddr_in6 has the sin6_scope_id member. */
 #define HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID 1
 /* ---------------------------------------------------------------- */
 /*               BSD-style lwIP TCP/IP stack SPECIFIC               */
 /* ---------------------------------------------------------------- */
@@ -572,6 +557,25 @@
 #  endif
 #endif
 /* ---------------------------------------------------------------- */
 /*                          STRUCT RELATED                          */
 /* ---------------------------------------------------------------- */
 /* Define if you have struct sockaddr_storage. */
 #if !defined(__SALFORDC__) && !defined(__BORLANDC__)
 #define HAVE_STRUCT_SOCKADDR_STORAGE 1
 #endif
 /* Define if you have struct timeval. */
 #define HAVE_STRUCT_TIMEVAL 1
 /* Define if struct sockaddr_in6 has the sin6_scope_id member. */
 #define HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID 1
 #if HAVE_WINSOCK2_H && defined(_WIN32_WINNT) && (_WIN32_WINNT >= 0x0600)
 #define HAVE_STRUCT_POLLFD 1
 #endif
 /* ---------------------------------------------------------------- */
 /*                        LARGE FILE SUPPORT                        */
 /* ---------------------------------------------------------------- */
@@ -611,8 +615,11 @@
 /* Define to enable c-ares asynchronous DNS lookups. */
 /* #define USE_ARES 1 */
-/* Define to enable threaded asynchronous DNS lookups. */
+/* Default define to enable threaded asynchronous DNS lookups. */
-#define USE_THREADS_WIN32 1
+#if !defined(USE_SYNC_DNS) && !defined(USE_ARES) && \
    !defined(USE_THREADS_WIN32)
 #  define USE_THREADS_WIN32 1
 #endif
 #if defined(USE_ARES) && defined(USE_THREADS_WIN32)
 #  error "Only one DNS lookup specialty may be defined at most"
--- a/lib/conncache.c
+++ b/lib/conncache.c
@@ -38,8 +38,6 @@
 /* The last #include file should be: */
 #include "memdebug.h"
 #define CONNECTION_HASH_SIZE 97
 static void free_bundle_hash_entry(void *freethis)
 {
  struct connectbundle *b = (struct connectbundle *) freethis;
@@ -47,7 +45,7 @@ static void free_bundle_hash_entry(void *freethis)
  Curl_bundle_destroy(b);
 }
-struct conncache *Curl_conncache_init(void)
+struct conncache *Curl_conncache_init(int size)
 {
  struct conncache *connc;
@@ -55,7 +53,7 @@ struct conncache *Curl_conncache_init(void)
  if(!connc)
    return NULL;
-  connc->hash = Curl_hash_alloc(CONNECTION_HASH_SIZE, Curl_hash_str,
+  connc->hash = Curl_hash_alloc(size, Curl_hash_str,
                                Curl_str_key_compare, free_bundle_hash_entry);
  if(!connc->hash) {
--- a/lib/conncache.h
+++ b/lib/conncache.h
@@ -27,7 +27,7 @@ struct conncache {
  size_t num_connections;
 };
-struct conncache *Curl_conncache_init(void);
+struct conncache *Curl_conncache_init(int size);
 void Curl_conncache_destroy(struct conncache *connc);
--- a/lib/connect.c
+++ b/lib/connect.c
@@ -87,13 +87,23 @@
 static bool verifyconnect(curl_socket_t sockfd, int *error);
-#ifdef __DragonFly__
+#if defined(__DragonFly__) || defined(HAVE_WINSOCK_H)
-/* DragonFlyBSD uses millisecond as KEEPIDLE and KEEPINTVL units */
+/* DragonFlyBSD and Windows use millisecond units */
 #define KEEPALIVE_FACTOR(x) (x *= 1000)
 #else
 #define KEEPALIVE_FACTOR(x)
 #endif
 #if defined(HAVE_WINSOCK_H) && !defined(SIO_KEEPALIVE_VALS)
 #define SIO_KEEPALIVE_VALS    _WSAIOW(IOC_VENDOR,4)
 struct tcp_keepalive {
  u_long onoff;
  u_long keepalivetime;
  u_long keepaliveinterval;
 };
 #endif
 static void
 tcpkeepalive(struct SessionHandle *data,
             curl_socket_t sockfd)
@@ -106,6 +116,22 @@ tcpkeepalive(struct SessionHandle *data,
    infof(data, "Failed to set SO_KEEPALIVE on fd %d\n", sockfd);
  }
  else {
 #if defined(SIO_KEEPALIVE_VALS)
    struct tcp_keepalive vals;
    DWORD dummy;
    vals.onoff = 1;
    optval = curlx_sltosi(data->set.tcp_keepidle);
    KEEPALIVE_FACTOR(optval);
    vals.keepalivetime = optval;
    optval = curlx_sltosi(data->set.tcp_keepintvl);
    KEEPALIVE_FACTOR(optval);
    vals.keepaliveinterval = optval;
    if(WSAIoctl(sockfd, SIO_KEEPALIVE_VALS, (LPVOID) &vals, sizeof(vals),
                NULL, 0, &dummy, NULL, NULL) != 0) {
      infof(data, "Failed to set SIO_KEEPALIVE_VALS on fd %d: %d\n",
            (int)sockfd, WSAGetLastError());
    }
 #else
 #ifdef TCP_KEEPIDLE
    optval = curlx_sltosi(data->set.tcp_keepidle);
    KEEPALIVE_FACTOR(optval);
@@ -121,6 +147,16 @@ tcpkeepalive(struct SessionHandle *data,
          (void *)&optval, sizeof(optval)) < 0) {
      infof(data, "Failed to set TCP_KEEPINTVL on fd %d\n", sockfd);
    }
 #endif
 #ifdef TCP_KEEPALIVE
    /* Mac OS X style */
    optval = curlx_sltosi(data->set.tcp_keepidle);
    KEEPALIVE_FACTOR(optval);
    if(setsockopt(sockfd, IPPROTO_TCP, TCP_KEEPALIVE,
          (void *)&optval, sizeof(optval)) < 0) {
      infof(data, "Failed to set TCP_KEEPALIVE on fd %d\n", sockfd);
    }
 #endif
 #endif
  }
 }
@@ -283,41 +319,54 @@ static CURLcode bindlocal(struct connectdata *conn,
    }
    /* interface */
-    if(!is_host && (is_interface || Curl_if_is_interface_name(dev))) {
+    if(!is_host) {
-      if(Curl_if2ip(af, dev, myhost, sizeof(myhost)) == NULL)
+      switch(Curl_if2ip(af, conn->scope, dev, myhost, sizeof(myhost))) {
-        return CURLE_INTERFACE_FAILED;
+        case IF2IP_NOT_FOUND:
-
+          if(is_interface) {
-      /*
+            /* Do not fall back to treating it as a host name */
-       * We now have the numerical IP address in the 'myhost' buffer
+            failf(data, "Couldn't bind to interface '%s'", dev);
-       */
+            return CURLE_INTERFACE_FAILED;
-      infof(data, "Local Interface %s is ip %s using address family %i\n",
+          }
-            dev, myhost, af);
+          break;
-      done = 1;
+        case IF2IP_AF_NOT_SUPPORTED:
          /* Signal the caller to try another address family if available */
          return CURLE_UNSUPPORTED_PROTOCOL;
        case IF2IP_FOUND:
          is_interface = TRUE;
          /*
           * We now have the numerical IP address in the 'myhost' buffer
           */
          infof(data, "Local Interface %s is ip %s using address family %i\n",
                dev, myhost, af);
          done = 1;
 #ifdef SO_BINDTODEVICE
-      /* I am not sure any other OSs than Linux that provide this feature, and
+          /* I am not sure any other OSs than Linux that provide this feature,
-       * at the least I cannot test. --Ben
+           * and at the least I cannot test. --Ben
-       *
+           *
-       * This feature allows one to tightly bind the local socket to a
+           * This feature allows one to tightly bind the local socket to a
-       * particular interface.  This will force even requests to other local
+           * particular interface.  This will force even requests to other
-       * interfaces to go out the external interface.
+           * local interfaces to go out the external interface.
-       *
+           *
-       *
+           *
-       * Only bind to the interface when specified as interface, not just as a
+           * Only bind to the interface when specified as interface, not just
-       * hostname or ip address.
+           * as a hostname or ip address.
-       */
+           */
-      if(setsockopt(sockfd, SOL_SOCKET, SO_BINDTODEVICE,
+          if(setsockopt(sockfd, SOL_SOCKET, SO_BINDTODEVICE,
-                    dev, (curl_socklen_t)strlen(dev)+1) != 0) {
+                        dev, (curl_socklen_t)strlen(dev)+1) != 0) {
-        error = SOCKERRNO;
+            error = SOCKERRNO;
-        infof(data, "SO_BINDTODEVICE %s failed with errno %d: %s;"
+            infof(data, "SO_BINDTODEVICE %s failed with errno %d: %s;"
-              " will do regular bind\n",
+                  " will do regular bind\n",
-              dev, error, Curl_strerror(conn, error));
+                  dev, error, Curl_strerror(conn, error));
-        /* This is typically "errno 1, error: Operation not permitted" if
+            /* This is typically "errno 1, error: Operation not permitted" if
-           you're not running as root or another suitable privileged user */
+               you're not running as root or another suitable privileged
-      }
+               user */
          }
 #endif
          break;
      }
    }
-    else {
+    if(!is_interface) {
      /*
       * This was not an interface, resolve the name as a host name
       * or IP number
@@ -361,10 +410,24 @@ static CURLcode bindlocal(struct connectdata *conn,
    if(done > 0) {
 #ifdef ENABLE_IPV6
      /* ipv6 address */
-      if((af == AF_INET6) &&
+      if(af == AF_INET6) {
-         (Curl_inet_pton(AF_INET6, myhost, &si6->sin6_addr) > 0)) {
+#ifdef HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID
-        si6->sin6_family = AF_INET6;
+        char *scope_ptr = strchr(myhost, '%');
-        si6->sin6_port = htons(port);
+        if(scope_ptr)
          *(scope_ptr++) = 0;
 #endif
        if(Curl_inet_pton(AF_INET6, myhost, &si6->sin6_addr) > 0) {
          si6->sin6_family = AF_INET6;
          si6->sin6_port = htons(port);
 #ifdef HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID
          if(scope_ptr)
            /* The "myhost" string either comes from Curl_if2ip or from
               Curl_printable_address. The latter returns only numeric scope
               IDs and the former returns none at all.  So the scope ID, if
               present, is known to be numeric */
            si6->sin6_scope_id = atoi(scope_ptr);
 #endif
        }
        sizeof_sa = sizeof(struct sockaddr_in6);
      }
      else
@@ -825,13 +888,35 @@ static void nosigpipe(struct connectdata *conn,
   Work-around: Make the Socket Send Buffer Size Larger Than the Program Send
   Buffer Size
   The problem described in this knowledge-base is applied only to pre-Vista
   Windows.  Following function trying to detect OS version and skips
   SO_SNDBUF adjustment for Windows Vista and above.
 */
 #define DETECT_OS_NONE 0
 #define DETECT_OS_PREVISTA 1
 #define DETECT_OS_VISTA_OR_LATER 2
 void Curl_sndbufset(curl_socket_t sockfd)
 {
  int val = CURL_MAX_WRITE_SIZE + 32;
  int curval = 0;
  int curlen = sizeof(curval);
  OSVERSIONINFO osver;
  static int detectOsState = DETECT_OS_NONE;
  if(detectOsState == DETECT_OS_NONE) {
    memset(&osver, 0, sizeof(osver));
    osver.dwOSVersionInfoSize = sizeof(osver);
    detectOsState = DETECT_OS_PREVISTA;
    if(GetVersionEx(&osver)) {
      if(osver.dwMajorVersion >= 6)
        detectOsState = DETECT_OS_VISTA_OR_LATER;
    }
  }
  if(detectOsState == DETECT_OS_VISTA_OR_LATER)
    return;
  if(getsockopt(sockfd, SOL_SOCKET, SO_SNDBUF, (char *)&curval, &curlen) == 0)
    if(curval > val)
      return;
@@ -917,6 +1002,11 @@ singleipconnect(struct connectdata *conn,
  res = bindlocal(conn, sockfd, addr.family);
  if(res) {
    Curl_closesocket(conn, sockfd); /* close socket and bail out */
    if(res == CURLE_UNSUPPORTED_PROTOCOL) {
      /* The address family is not supported on this interface.
         We can continue trying addresses */
      return CURLE_OK;
    }
    return res;
  }
@@ -1054,7 +1144,7 @@ CURLcode Curl_connecthost(struct connectdata *conn,  /* context */
  if(sockfd == CURL_SOCKET_BAD) {
    /* no good connect was made */
-    failf(data, "couldn't connect to %s at %s:%d",
+    failf(data, "couldn't connect to %s at %s:%ld",
          conn->bits.proxy?"proxy":"host",
          conn->bits.proxy?conn->proxy.name:conn->host.name, conn->port);
    return CURLE_COULDNT_CONNECT;
@@ -1149,7 +1239,7 @@ curl_socket_t Curl_getconnectinfo(struct SessionHandle *data,
 * 'conn' can be NULL, beware!
 */
 int Curl_closesocket(struct connectdata *conn,
-                     curl_socket_t sock)
+                      curl_socket_t sock)
 {
  if(conn && conn->fclosesocket) {
    if((sock == conn->sock[SECONDARYSOCKET]) &&
@@ -1161,7 +1251,13 @@ int Curl_closesocket(struct connectdata *conn,
    else
      return conn->fclosesocket(conn->closesocket_client, sock);
  }
-  return sclose(sock);
+  sclose(sock);
  if(conn)
    /* tell the multi-socket code about this */
    Curl_multi_closed(conn, sock);
  return 0;
 }
 /*
--- a/lib/cookie.c
+++ b/lib/cookie.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -89,6 +89,7 @@ Example set of cookies:
 #include "strequal.h"
 #include "strtok.h"
 #include "sendf.h"
 #include "slist.h"
 #include "curl_memory.h"
 #include "share.h"
 #include "strtoofft.h"
@@ -106,6 +107,8 @@ static void freecookie(struct Cookie *co)
    free(co->domain);
  if(co->path)
    free(co->path);
  if(co->spath)
    free(co->spath);
  if(co->name)
    free(co->name);
  if(co->value)
@@ -118,15 +121,139 @@ static void freecookie(struct Cookie *co)
  free(co);
 }
-static bool tailmatch(const char *little, const char *bigone)
+static bool tailmatch(const char *cooke_domain, const char *hostname)
 {
-  size_t littlelen = strlen(little);
+  size_t cookie_domain_len = strlen(cooke_domain);
-  size_t biglen = strlen(bigone);
+  size_t hostname_len = strlen(hostname);
-  if(littlelen > biglen)
+  if(hostname_len < cookie_domain_len)
    return FALSE;
-  return Curl_raw_equal(little, bigone+biglen-littlelen) ? TRUE : FALSE;
+  if(!Curl_raw_equal(cooke_domain, hostname+hostname_len-cookie_domain_len))
    return FALSE;
  /* A lead char of cookie_domain is not '.'.
     RFC6265 4.1.2.3. The Domain Attribute says:
       For example, if the value of the Domain attribute is
       "example.com", the user agent will include the cookie in the Cookie
       header when making HTTP requests to example.com, www.example.com, and
       www.corp.example.com.
   */
  if(hostname_len == cookie_domain_len)
    return TRUE;
  if('.' == *(hostname + hostname_len - cookie_domain_len - 1))
    return TRUE;
  return FALSE;
 }
 /*
 * matching cookie path and url path
 * RFC6265 5.1.4 Paths and Path-Match
 */
 static bool pathmatch(const char* cookie_path, const char* request_uri)
 {
  size_t cookie_path_len;
  size_t uri_path_len;
  char* uri_path = NULL;
  char* pos;
  bool ret = FALSE;
  /* cookie_path must not have last '/' separator. ex: /sample */
  cookie_path_len = strlen(cookie_path);
  if(1 == cookie_path_len) {
    /* cookie_path must be '/' */
    return TRUE;
  }
  uri_path = strdup(request_uri);
  if(!uri_path)
    return FALSE;
  pos = strchr(uri_path, '?');
  if(pos)
    *pos = 0x0;
  /* #-fragments are already cut off! */
  if(0 == strlen(uri_path) || uri_path[0] != '/') {
    free(uri_path);
    uri_path = strdup("/");
    if(!uri_path)
      return FALSE;
  }
  /* here, RFC6265 5.1.4 says
     4. Output the characters of the uri-path from the first character up
        to, but not including, the right-most %x2F ("/").
     but URL path /hoge?fuga=xxx means /hoge/index.cgi?fuga=xxx in some site
     without redirect.
     Ignore this algorithm because /hoge is uri path for this case
     (uri path is not /).
   */
  uri_path_len = strlen(uri_path);
  if(uri_path_len < cookie_path_len) {
    ret = FALSE;
    goto pathmatched;
  }
  /* not using checkprefix() because matching should be case-sensitive */
  if(strncmp(cookie_path, uri_path, cookie_path_len)) {
    ret = FALSE;
    goto pathmatched;
  }
  /* The cookie-path and the uri-path are identical. */
  if(cookie_path_len == uri_path_len) {
    ret = TRUE;
    goto pathmatched;
  }
  /* here, cookie_path_len < url_path_len */
  if(uri_path[cookie_path_len] == '/') {
    ret = TRUE;
    goto pathmatched;
  }
  ret = FALSE;
 pathmatched:
  free(uri_path);
  return ret;
 }
 /*
 * cookie path sanitize
 */
 static char *sanitize_cookie_path(const char *cookie_path)
 {
  size_t len;
  char *new_path = strdup(cookie_path);
  if(!new_path)
    return NULL;
  /* some stupid site sends path attribute with '"'. */
  if(new_path[0] == '\"') {
    memmove((void *)new_path, (const void *)(new_path + 1), strlen(new_path));
  }
  if(new_path[strlen(new_path) - 1] == '\"') {
    new_path[strlen(new_path) - 1] = 0x0;
  }
  /* RFC6265 5.2.4 The Path Attribute */
  if(new_path[0] != '/') {
    /* Let cookie-path be the default-path. */
    free(new_path);
    new_path = strdup("/");
    return new_path;
  }
  /* convert /hoge/ to /hoge */
  len = strlen(new_path);
  if(1 < len && new_path[len - 1] == '/') {
    new_path[len - 1] = 0x0;
  }
  return new_path;
 }
 /*
@@ -163,6 +290,34 @@ static void strstore(char **str, const char *newstr)
  *str = strdup(newstr);
 }
 /*
 * remove_expired() removes expired cookies.
 */
 static void remove_expired(struct CookieInfo *cookies)
 {
  struct Cookie *co, *nx, *pv;
  curl_off_t now = (curl_off_t)time(NULL);
  co = cookies->cookies;
  pv = NULL;
  while(co) {
    nx = co->next;
    if((co->expirestr || co->maxage) && co->expires < now) {
      if(co == cookies->cookies) {
        cookies->cookies = co->next;
      }
      else {
        pv->next = co->next;
      }
      cookies->numcookies--;
      freecookie(co);
    }
    else {
      pv = co;
    }
    co = nx;
  }
 }
 /****************************************************************************
 *
@@ -170,6 +325,9 @@ static void strstore(char **str, const char *newstr)
 *
 * Add a single cookie line to the cookie keeping object.
 *
 * Be aware that sometimes we get an IP-only host name, and that might also be
 * a numerical IPv6 address.
 *
 ***************************************************************************/
 struct Cookie *
@@ -274,72 +432,39 @@ Curl_cookie_add(struct SessionHandle *data,
            badcookie = TRUE; /* out of memory bad */
            break;
          }
          co->spath = sanitize_cookie_path(co->path);
          if(!co->spath) {
            badcookie = TRUE; /* out of memory bad */
            break;
          }
        }
        else if(Curl_raw_equal("domain", name)) {
-          /* note that this name may or may not have a preceding dot, but
+          /* Now, we make sure that our host is within the given domain,
-             we don't care about that, we treat the names the same anyway */
+             or the given domain is not valid and thus cannot be set. */
          const char *domptr=whatptr;
          const char *nextptr;
          int dotcount=1;
          /* Count the dots, we need to make sure that there are enough
             of them. */
          if('.' == whatptr[0])
-            /* don't count the initial dot, assume it */
+            whatptr++; /* ignore preceding dot */
            domptr++;
-          do {
+          if(!domain || tailmatch(whatptr, domain)) {
-            nextptr = strchr(domptr, '.');
+            const char *tailptr=whatptr;
-            if(nextptr) {
+            if(tailptr[0] == '.')
-              if(domptr != nextptr)
+              tailptr++;
-                dotcount++;
+            strstore(&co->domain, tailptr); /* don't prefix w/dots
-              domptr = nextptr+1;
+                                               internally */
            if(!co->domain) {
              badcookie = TRUE;
              break;
            }
-          } while(nextptr);
+            co->tailmatch=TRUE; /* we always do that if the domain name was
-
+                                   given */
          /* The original Netscape cookie spec defined that this domain name
             MUST have three dots (or two if one of the seven holy TLDs),
             but it seems that these kinds of cookies are in use "out there"
             so we cannot be that strict. I've therefore lowered the check
             to not allow less than two dots. */
          if(dotcount < 2) {
            /* Received and skipped a cookie with a domain using too few
               dots. */
            badcookie=TRUE; /* mark this as a bad cookie */
            infof(data, "skipped cookie with illegal dotcount domain: %s\n",
                  whatptr);
          }
          else {
-            /* Now, we make sure that our host is within the given domain,
+            /* we did not get a tailmatch and then the attempted set domain
-               or the given domain is not valid and thus cannot be set. */
+               is not a domain to which the current host belongs. Mark as
-
+               bad. */
-            if('.' == whatptr[0])
+            badcookie=TRUE;
-              whatptr++; /* ignore preceding dot */
+            infof(data, "skipped cookie with bad tailmatch domain: %s\n",
-
+                  whatptr);
            if(!domain || tailmatch(whatptr, domain)) {
              const char *tailptr=whatptr;
              if(tailptr[0] == '.')
                tailptr++;
              strstore(&co->domain, tailptr); /* don't prefix w/dots
                                                 internally */
              if(!co->domain) {
                badcookie = TRUE;
                break;
              }
              co->tailmatch=TRUE; /* we always do that if the domain name was
                                     given */
            }
            else {
              /* we did not get a tailmatch and then the attempted set domain
                 is not a domain to which the current host belongs. Mark as
                 bad. */
              badcookie=TRUE;
              infof(data, "skipped cookie with bad tailmatch domain: %s\n",
                    whatptr);
            }
          }
        }
        else if(Curl_raw_equal("version", name)) {
@@ -447,6 +572,9 @@ Curl_cookie_add(struct SessionHandle *data,
        if(co->path) {
          memcpy(co->path, path, pathlen);
          co->path[pathlen]=0; /* zero terminate */
          co->spath = sanitize_cookie_path(co->path);
          if(!co->spath)
            badcookie = TRUE; /* out of memory bad */
        }
        else
          badcookie = TRUE;
@@ -498,12 +626,6 @@ Curl_cookie_add(struct SessionHandle *data,
    firstptr=strtok_r(lineptr, "\t", &tok_buf); /* tokenize it on the TAB */
    /* Here's a quick check to eliminate normal HTTP-headers from this */
    if(!firstptr || strchr(firstptr, ':')) {
      free(co);
      return NULL;
    }
    /* Now loop through the fields and init the struct we already have
       allocated */
    for(ptr=firstptr, fields=0; ptr && !badcookie;
@@ -538,12 +660,21 @@ Curl_cookie_add(struct SessionHandle *data,
          co->path = strdup(ptr);
          if(!co->path)
            badcookie = TRUE;
          else {
            co->spath = sanitize_cookie_path(co->path);
            if(!co->spath) {
              badcookie = TRUE; /* out of memory bad */
            }
          }
          break;
        }
        /* this doesn't look like a path, make one up! */
        co->path = strdup("/");
        if(!co->path)
          badcookie = TRUE;
        co->spath = strdup("/");
        if(!co->spath)
          badcookie = TRUE;
        fields++; /* add a field and fall down to secure */
        /* FALLTHROUGH */
      case 3:
@@ -597,6 +728,9 @@ Curl_cookie_add(struct SessionHandle *data,
     superceeds an already existing cookie, which it may if the previous have
     the same domain and path as this */
  /* at first, remove expired cookies */
  remove_expired(c);
  clist = c->cookies;
  replace_old = FALSE;
  while(clist) {
@@ -614,14 +748,14 @@ Curl_cookie_add(struct SessionHandle *data,
      if(replace_old) {
        /* the domains were identical */
-        if(clist->path && co->path) {
+        if(clist->spath && co->spath) {
-          if(Curl_raw_equal(clist->path, co->path)) {
+          if(Curl_raw_equal(clist->spath, co->spath)) {
            replace_old = TRUE;
          }
          else
            replace_old = FALSE;
        }
-        else if(!clist->path && !co->path)
+        else if(!clist->spath && !co->spath)
          replace_old = TRUE;
        else
          replace_old = FALSE;
@@ -650,6 +784,8 @@ Curl_cookie_add(struct SessionHandle *data,
          free(clist->domain);
        if(clist->path)
          free(clist->path);
        if(clist->spath)
          free(clist->spath);
        if(clist->expirestr)
          free(clist->expirestr);
@@ -689,9 +825,9 @@ Curl_cookie_add(struct SessionHandle *data,
      lastc->next = co;
    else
      c->cookies = co;
    c->numcookies++; /* one more cookie in the jar */
  }
  c->numcookies++; /* one more cookie in the jar */
  return co;
 }
@@ -777,11 +913,28 @@ static int cookie_sort(const void *p1, const void *p2)
 {
  struct Cookie *c1 = *(struct Cookie **)p1;
  struct Cookie *c2 = *(struct Cookie **)p2;
  size_t l1, l2;
-  size_t l1 = c1->path?strlen(c1->path):0;
+  /* 1 - compare cookie path lengths */
-  size_t l2 = c2->path?strlen(c2->path):0;
+  l1 = c1->path ? strlen(c1->path) : 0;
  l2 = c2->path ? strlen(c2->path) : 0;
-  return (l2 > l1) ? 1 : (l2 < l1) ? -1 : 0 ;
+  if(l1 != l2)
    return (l2 > l1) ? 1 : -1 ; /* avoid size_t <=> int conversions */
  /* 2 - compare cookie domain lengths */
  l1 = c1->domain ? strlen(c1->domain) : 0;
  l2 = c2->domain ? strlen(c2->domain) : 0;
  if(l1 != l2)
    return (l2 > l1) ? 1 : -1 ;  /* avoid size_t <=> int conversions */
  /* 3 - compare cookie names */
  if(c1->name && c2->name)
    return strcmp(c1->name, c2->name);
  /* sorry, can't be more deterministic */
  return 0;
 }
 /*****************************************************************************
@@ -809,6 +962,9 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c,
  if(!c || !c->cookies)
    return NULL; /* no cookie struct or no cookies in the struct */
  /* at first, remove expired cookies */
  remove_expired(c);
  co = c->cookies;
  while(co) {
@@ -827,10 +983,7 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c,
        /* now check the left part of the path with the cookies path
           requirement */
-        if(!co->path ||
+        if(!co->spath || pathmatch(co->spath, path) ) {
           /* not using checkprefix() because matching should be
              case-sensitive */
           !strncmp(co->path, path, strlen(co->path)) ) {
          /* and now, we know this is a match and we should create an
             entry for the return-linked-list */
@@ -1054,6 +1207,9 @@ static int cookie_output(struct CookieInfo *c, const char *dumphere)
       destination file */
    return 0;
  /* at first, remove expired cookies */
  remove_expired(c);
  if(strequal("-", dumphere)) {
    /* use stdout */
    out = stdout;
@@ -1114,9 +1270,9 @@ struct curl_slist *Curl_cookie_list(struct SessionHandle *data)
      curl_slist_free_all(list);
      return NULL;
    }
-    beg = curl_slist_append(list, line);
+    beg = Curl_slist_append_nodup(list, line);
    free(line);
    if(!beg) {
      free(line);
      curl_slist_free_all(list);
      return NULL;
    }
--- a/lib/cookie.h
+++ b/lib/cookie.h
@@ -29,7 +29,8 @@ struct Cookie {
  struct Cookie *next; /* next in the chain */
  char *name;        /* <this> = value */
  char *value;       /* name = <this> */
-  char *path;         /* path = <this> */
+  char *path;         /* path = <this> which is in Set-Cookie: */
  char *spath;        /* sanitized cookie path */
  char *domain;      /* domain = <this> */
  curl_off_t expires;  /* expires = <this> */
  char *expirestr;   /* the plain text version */
--- a/lib/curl_darwinssl.c
+++ b/lib/curl_darwinssl.c
--- a/lib/curl_darwinssl.h
+++ b/lib/curl_darwinssl.h
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 2012, Nick Zitzmann, <nickzman@gmail.com>.
+ * Copyright (C) 2012 - 2013, Nick Zitzmann, <nickzman@gmail.com>.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -37,6 +37,7 @@ void Curl_darwinssl_close_all(struct SessionHandle *data);
 /* close a SSL connection */
 void Curl_darwinssl_close(struct connectdata *conn, int sockindex);
 void Curl_darwinssl_session_free(void *ptr);
 size_t Curl_darwinssl_version(char *buffer, size_t size);
 int Curl_darwinssl_shutdown(struct connectdata *conn, int sockindex);
 int Curl_darwinssl_check_cxn(struct connectdata *conn);
@@ -51,12 +52,16 @@ void Curl_darwinssl_md5sum(unsigned char *tmp, /* input */
                           unsigned char *md5sum, /* output */
                           size_t md5len);
 /* this backend provides these functions: */
 #define have_curlssl_random 1
 #define have_curlssl_md5sum 1
 /* API setup for SecureTransport */
 #define curlssl_init() (1)
 #define curlssl_cleanup() Curl_nop_stmt
 #define curlssl_connect Curl_darwinssl_connect
 #define curlssl_connect_nonblocking Curl_darwinssl_connect_nonblocking
-#define curlssl_session_free(x) Curl_nop_stmt
+#define curlssl_session_free(x) Curl_darwinssl_session_free(x)
 #define curlssl_close_all Curl_darwinssl_close_all
 #define curlssl_close Curl_darwinssl_close
 #define curlssl_shutdown(x,y) 0
--- a/lib/curl_memory.h
+++ b/lib/curl_memory.h
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -22,17 +22,86 @@
 *
 ***************************************************************************/
-#include <curl/curl.h> /* for the typedefs */
+/*
 * Nasty internal details ahead...
 *
 * File curl_memory.h must be included by _all_ *.c source files
 * that use memory related functions strdup, malloc, calloc, realloc
 * or free, and given source file is used to build libcurl library.
 *
 * There is nearly no exception to above rule. All libcurl source
 * files in 'lib' subdirectory as well as those living deep inside
 * 'packages' subdirectories and linked together in order to build
 * libcurl library shall follow it.
 *
 * File lib/strdup.c is an exception, given that it provides a strdup
 * clone implementation while using malloc. Extra care needed inside
 * this one. TODO: revisit this paragraph and related code.
 *
 * The need for curl_memory.h inclusion is due to libcurl's feature
 * of allowing library user to provide memory replacement functions,
 * memory callbacks, at runtime with curl_global_init_mem()
 *
 * Any *.c source file used to build libcurl library that does not
 * include curl_memory.h and uses any memory function of the five
 * mentioned above will compile without any indication, but it will
 * trigger weird memory related issues at runtime.
 *
 * OTOH some source files from 'lib' subdirectory may additionally be
 * used directly as source code when using some curlx_ functions by
 * third party programs that don't even use libcurl at all. When using
 * these source files in this way it is necessary these are compiled
 * with CURLX_NO_MEMORY_CALLBACKS defined, in order to ensure that no
 * attempt of calling libcurl's memory callbacks is done from code
 * which can not use this machinery.
 *
 * Notice that libcurl's 'memory tracking' system works chaining into
 * the memory callback machinery. This implies that when compiling
 * 'lib' source files with CURLX_NO_MEMORY_CALLBACKS defined this file
 * disengages usage of libcurl's 'memory tracking' system, defining
 * MEMDEBUG_NODEFINES and overriding CURLDEBUG purpose.
 *
 * CURLX_NO_MEMORY_CALLBACKS takes precedence over CURLDEBUG. This is
 * done in order to allow building a 'memory tracking' enabled libcurl
 * and at the same time allow building programs which do not use it.
 *
 * Programs and libraries in 'tests' subdirectories have specific
 * purposes and needs, and as such each one will use whatever fits
 * best, depending additionally wether it links with libcurl or not.
 *
 * Caveat emptor. Proper curlx_* separation is a work in progress
 * the same as CURLX_NO_MEMORY_CALLBACKS usage, some adjustments may
 * still be required. IOW don't use them yet, there are sharp edges.
 */
 #ifdef HEADER_CURL_MEMDEBUG_H
 #error "Header memdebug.h shall not be included before curl_memory.h"
 #endif
 #ifndef CURLX_NO_MEMORY_CALLBACKS
 #include <curl/curl.h> /* for the callback typedefs */
 extern curl_malloc_callback Curl_cmalloc;
 extern curl_free_callback Curl_cfree;
 extern curl_realloc_callback Curl_crealloc;
 extern curl_strdup_callback Curl_cstrdup;
 extern curl_calloc_callback Curl_ccalloc;
 #if defined(WIN32) && defined(UNICODE)
 extern curl_wcsdup_callback Curl_cwcsdup;
 #endif
 #ifndef CURLDEBUG
-/* Only do this define-mania if we're not using the memdebug system, as that
+
-   has preference on this magic. */
+/*
 * libcurl's 'memory tracking' system defines strdup, malloc, calloc,
 * realloc and free, along with others, in memdebug.h in a different
 * way although still using memory callbacks forward declared above.
 * When using the 'memory tracking' system (CURLDEBUG defined) we do
 * not define here the five memory functions given that definitions
 * from memdebug.h are the ones that shall be used.
 */
 #undef strdup
 #define strdup(ptr) Curl_cstrdup(ptr)
 #undef malloc
@@ -44,6 +113,28 @@ extern curl_calloc_callback Curl_ccalloc;
 #undef free
 #define free(ptr) Curl_cfree(ptr)
 #ifdef WIN32
 #  ifdef UNICODE
 #    undef wcsdup
 #    define wcsdup(ptr) Curl_cwcsdup(ptr)
 #    undef _wcsdup
 #    define _wcsdup(ptr) Curl_cwcsdup(ptr)
 #    undef _tcsdup
 #    define _tcsdup(ptr) Curl_cwcsdup(ptr)
 #  else
 #    undef _tcsdup
 #    define _tcsdup(ptr) Curl_cstrdup(ptr)
 #  endif
 #endif
 #endif /* CURLDEBUG */
 #else /* CURLX_NO_MEMORY_CALLBACKS */
 #ifndef MEMDEBUG_NODEFINES
 #define MEMDEBUG_NODEFINES
 #endif
 #endif /* CURLX_NO_MEMORY_CALLBACKS */
 #endif /* HEADER_CURL_MEMORY_H */
--- a/Show More
+++ b/Show More