RELEASE-NOTES: done for 7.35.0

tests: make a few lib15?? tests pass the OOM torture tests
lib1900: make the test pass the OOM torture tests
2014-01-29 07:59:01 +01:00 · 2014-01-29 00:40:33 +01:00 · 2014-01-29 00:19:34 +01:00 · 2014-01-28 23:55:04 +01:00 · 2014-01-28 23:47:20 +01:00 · 2014-01-28 23:27:22 +01:00
375 changed files with 12468 additions and 4031 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -46,3 +46,4 @@ CHANGES.dist
 .cproject
 .settings
 /[0-9]*.patch
+.dirstamp
--- a/.travis.yml
+++ b/.travis.yml
@@ -0,0 +1,11 @@
+language: c
+
+before_script:
+  - ./buildconf
+
+compiler:
+  - clang
+  - gcc
+
+notifications:
+  email: false
--- a/CMake/Platforms/WindowsCache.cmake
+++ b/CMake/Platforms/WindowsCache.cmake
@@ -108,7 +108,11 @@ if(NOT UNIX)
    set(HAVE_IN_ADDR_T 0)
    set(HAVE_INET_NTOA_R_DECL 0)
    set(HAVE_INET_NTOA_R_DECL_REENTRANT 0)
-    set(HAVE_GETADDRINFO 0)
+    if(ENABLE_IPV6)
+      set(HAVE_GETADDRINFO 1)
+    else()
+      set(HAVE_GETADDRINFO 0)
+    endif()
    set(STDC_HEADERS 1)
    set(RETSIGTYPE_TEST 1)

--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -1,3 +1,24 @@
+#***************************************************************************
+#                                  _   _ ____  _
+#  Project                     ___| | | |  _ \| |
+#                             / __| | | | |_) | |
+#                            | (__| |_| |  _ <| |___
+#                             \___|\___/|_| \_\_____|
+#
+# Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+#
+# This software is licensed as described in the file COPYING, which
+# you should have received as part of this distribution. The terms
+# are also available at http://curl.haxx.se/docs/copyright.html.
+#
+# You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# copies of the Software, and permit persons to whom the Software is
+# furnished to do so, under the terms of the COPYING file.
+#
+# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# KIND, either express or implied.
+#
+###########################################################################
 # cURL/libcurl CMake script
 # by Tetetest and Sukender (Benoit Neil)

@@ -23,6 +44,8 @@ include(Utilities)

 project( CURL C )

+message(WARNING "the curl cmake build system is poorly maintained. Be aware")
+
 file (READ ${CURL_SOURCE_DIR}/include/curl/curlver.h CURL_VERSION_H_CONTENTS)
 string (REGEX MATCH "LIBCURL_VERSION_MAJOR[ \t]+([0-9]+)"
  LIBCURL_VERSION_MJ ${CURL_VERSION_H_CONTENTS})
@@ -783,6 +806,17 @@ else()
  set(CURL_SIZEOF_CURL_SOCKLEN_T ${SIZEOF_INT})
 endif()

+# TODO test which of these headers are required for the typedefs used in curlbuild.h
+if(WIN32)
+  set(CURL_PULL_WS2TCPIP_H ${HAVE_WS2TCPIP_H})
+else()
+  set(CURL_PULL_SYS_TYPES_H ${HAVE_SYS_TYPES_H})
+  set(CURL_PULL_SYS_SOCKET_H ${HAVE_SYS_SOCKET_H})
+  set(CURL_PULL_SYS_POLL_H ${HAVE_SYS_POLL_H})
+endif()
+set(CURL_PULL_STDINT_H ${HAVE_STDINT_H})
+set(CURL_PULL_INTTYPES_H ${HAVE_INTTYPES_H})
+
 include(CMake/OtherTests.cmake)

 add_definitions(-DHAVE_CONFIG_H)
--- a/2
+++ b/2
@@ -1,6 +1,6 @@
 COPYRIGHT AND PERMISSION NOTICE

-Copyright (c) 1996 - 2013, Daniel Stenberg, <daniel@haxx.se>.
+Copyright (c) 1996 - 2014, Daniel Stenberg, <daniel@haxx.se>.

 All rights reserved.

--- a/Makefile.dist
+++ b/Makefile.dist
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -136,12 +136,36 @@ vc-zlib: $(VC)
 	cd ..\src
 	nmake /f Makefile.$(VC) cfg=release-zlib

+vc-x64-zlib: $(VC)
+	cd lib
+	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-zlib
+	cd ..\src
+	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-zlib
+
 vc-ssl: $(VC)
 	cd lib
 	nmake /f Makefile.$(VC) cfg=release-ssl
 	cd ..\src
 	nmake /f Makefile.$(VC) cfg=release-ssl

+vc-winssl: $(VC)
+	cd lib
+	nmake /f Makefile.$(VC) cfg=release-winssl WINDOWS_SSPI=1
+	cd ..\src
+	nmake /f Makefile.$(VC) cfg=release-winssl WINDOWS_SSPI=1
+
+vc-x64-ssl: $(VC)
+	cd lib
+	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-ssl
+	cd ..\src
+	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-ssl
+
+vc-x64-winssl: $(VC)
+	cd lib
+	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-winssl WINDOWS_SSPI=1
+	cd ..\src
+	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-winssl WINDOWS_SSPI=1
+
 vc-ssl-zlib: $(VC)
 	cd lib
 	nmake /f Makefile.$(VC) cfg=release-ssl-zlib
@@ -266,6 +290,18 @@ linux-ssl: ssl
 # We don't need to do anything for vc6.
 vc6:

+# VC7 makefiles are for use with VS.NET and VS.NET 2003
+vc7: lib/Makefile.vc7 src/Makefile.vc7
+
+lib/Makefile.vc7: lib/Makefile.vc6
+	@echo "generate $@"
+	@sed -e "s/VC6/VC7/g" lib/Makefile.vc6 > lib/Makefile.vc7
+
+src/Makefile.vc7: src/Makefile.vc6
+	@echo "generate $@"
+	@sed -e "s/VC6/VC7/g" src/Makefile.vc6 > src/Makefile.vc7
+
+# VC8 makefiles are for use with VS2005
 vc8: lib/Makefile.vc8 src/Makefile.vc8

 lib/Makefile.vc8: lib/Makefile.vc6
@@ -298,6 +334,28 @@ src/Makefile.vc10: src/Makefile.vc6
 	@echo "generate $@"
 	@sed -e "s#/GX /DWIN32 /YX#/EHsc /DWIN32#" -e "s#/GZ#/RTC1#" -e "s/ws2_32.lib/ws2_32.lib/g" -e "s/vc6/vc10/g" -e "s/VC6/VC10/g" src/Makefile.vc6 > src/Makefile.vc10

+# VC11 makefiles are for use with VS2012
+vc11: lib/Makefile.vc11 src/Makefile.vc11
+
+lib/Makefile.vc11: lib/Makefile.vc6
+	@echo "generate $@"
+	@sed -e "s#/GX /DWIN32 /YX#/EHsc /DWIN32#" -e "s#/GZ#/RTC1#" -e "s/ws2_32.lib/ws2_32.lib/g" -e "s/vc6/vc11/g" -e "s/VC6/VC11/g" lib/Makefile.vc6 > lib/Makefile.vc11
+
+src/Makefile.vc11: src/Makefile.vc6
+	@echo "generate $@"
+	@sed -e "s#/GX /DWIN32 /YX#/EHsc /DWIN32#" -e "s#/GZ#/RTC1#" -e "s/ws2_32.lib/ws2_32.lib/g" -e "s/vc6/vc11/g" -e "s/VC6/VC11/g" src/Makefile.vc6 > src/Makefile.vc11
+
+# VC12 makefiles are for use with VS2013
+vc12: lib/Makefile.vc12 src/Makefile.vc12
+
+lib/Makefile.vc12: lib/Makefile.vc6
+	@echo "generate $@"
+	@sed -e "s#/GX /DWIN32 /YX#/EHsc /DWIN32#" -e "s#/GZ#/RTC1#" -e "s/ws2_32.lib/ws2_32.lib/g" -e "s/vc6/vc12/g" -e "s/VC6/VC12/g" lib/Makefile.vc6 > lib/Makefile.vc12
+
+src/Makefile.vc12: src/Makefile.vc6
+	@echo "generate $@"
+	@sed -e "s#/GX /DWIN32 /YX#/EHsc /DWIN32#" -e "s#/GZ#/RTC1#" -e "s/ws2_32.lib/ws2_32.lib/g" -e "s/vc6/vc12/g" -e "s/VC6/VC12/g" src/Makefile.vc6 > src/Makefile.vc12
+
 ca-bundle: lib/mk-ca-bundle.pl
 	@echo "generate a fresh ca-bundle.crt"
 	@perl $< -b -l -u lib/ca-bundle.crt
--- a/175
+++ b/175
@@ -1,68 +1,68 @@
-Curl and libcurl 7.33.0
+Curl and libcurl 7.35.0

- Public curl releases:         135
+ Public curl releases:         137
 Command line options:         161
- curl_easy_setopt() options:   205
+ curl_easy_setopt() options:   206
 Public functions in libcurl:  58
 Known libcurl bindings:       42
- Contributors:                 1057
+ Contributors:                 1104

 This release includes the following changes:

- o test code for testing the event based API [3]
- o CURLM_ADDED_ALREADY: new error code
- o test TFTP server: support "writedelay" within <servercmd>
- o krb4 support has been removed
- o imap/pop3/smtp: added basic SASL XOAUTH2 support [9]
- o darwinssl: add support for PKCS#12 files for client authentication
- o darwinssl: enable BEAST workaround on iOS 7 & later
- o Pass password to OpenSSL engine by user interface [15]
- o c-ares: Add support for various DNS binding options
- o cookies: add expiration
- o curl: added --oauth2-bearer option
+ o imap/pop3/smtp: Added support for SASL authentication downgrades
+ o imap/pop3/smtp: Extended the login options to support multiple auth mechanisms
+ o TheArtOfHttpScripting: major update, converted layout and more
+ o mprintf: Added support for I, I32 and I64 size specifiers
+ o makefile: Added support for VC7, VC11 and VC12

 This release includes the following bugfixes:

- o nss: make sure that NSS is initialized
- o curl: make --no-[option] work properly for several options
- o FTP: with socket_action send better socket updates in active mode [1]
- o curl: fix the --sasl-ir in the --help output
- o tests 2032, 2033: Don't hardcode port in expected output
- o urlglob: better detect unclosed braces, empty lists and overflows [7]
- o urlglob: error out on range overflow [8]
- o imap: Fixed response check for SEARCH, EXPUNGE, LSUB, UID and NOOP commands [10]
- o handle arbitrary-length username and password [2]
- o TFTP: make the CURLOPT_LOW_SPEED* options work [4]
- o curl.h: name space pollution by "enum type" [5]
- o multi: move on from STATE_DONE faster [6]
- o FTP: 60 secs delay if aborted in the CURLOPT_HEADERFUNCTION callback [11]
- o multi_socket: improved 100-continue timeout handling
- o curl_multi_remove_handle: allow multiple removes
- o FTP: fix getsock during DO_MORE state [12]
- o -x: rephrased the --proxy section somewhat
- o acinclude: fix --without-ca-path when cross-compiling [13]
- o LDAP: fix bad free() when URL parsing failed [14]
- o --data: mention CRLF treatment when reading from file
- o curl_easy_pause: suggest one way to unpause
- o imap: Fixed calculation of transfer when partial FETCH received [16]
- o pingpong: Check SSL library buffers for already read data [16]
- o imap/pop3/smtp: Speed up SSL connection initialization
- o libcurl.3: for multi interface connections are held in the multi handle
- o curl_easy_setopt.3: mention RTMP URL quirks [17]
- o curl.1: detail how short/long options work [18]
- o curl.1: Added information about optional login options to --user option
- o curl: Added clarification to the --mail options in the --help output
- o curl_easy_setopt.3: clarify that TIMEOUT and TIMEOUT_MS set the same value
- o openssl: use correct port number in error message [19]
- o darwinssl: block TLS_RSA_WITH_NULL_SHA256 cipher
- o OpenSSL: acknowledge CURLOPT_SSL_VERIFYHOST without VERIFYPEER
- o xattr: add support for FreeBSD xattr API
- o win32: fix Visual Studio 2010 build with WINVER >= 0x600 [22]
- o configure: use icc options without space [21]
- o test1112: Increase the timeout from 7s to 16s [20]
- o SCP: upload speed on a fast connection limited to 16384 B/s
- o curl_setup_once: fix errno access for lwip on Windows [24]
- o HTTP: Output http response 304 when modified time is too old [23]
+ o SECURITY ADVISORY: re-use of wrong HTTP NTLM connection [25]
+
+ o curl_easy_setopt: Fixed OAuth 2.0 Bearer option name [1]
+ o pop3: Fixed APOP being determined by CAPA response rather than by timestamp
+ o Curl_pp_readresp: zero terminate line [2]
+ o FILE: don't wait due to CURLOPT_MAX_RECV_SPEED_LARGE [3]
+ o docs: mention CURLOPT_MAX_RECV/SEND_SPEED_LARGE don't work for FILE://
+ o pop3: Fixed auth preference not being honored when CAPA not supported
+ o imap: Fixed auth preference not being honored when CAPABILITY not supported
+ o threaded resolver: Use pthread_t * for curl_thread_t [4]
+ o FILE: we don't support paused transfers using this protocol [5]
+ o connect: Try all addresses in first connection attempt [6]
+ o curl_easy_setopt.3: Added SMTP information to CURLOPT_INFILESIZE_LARGE
+ o OpenSSL: Fix forcing SSLv3 connections [7]
+ o openssl: allow explicit sslv2 selection [8]
+ o FTP parselist: fix "total" parser [9]
+ o conncache: fix possible dereference of null pointer
+ o multi.c: fix possible dereference of null pointer
+ o mk-ca-bundle: introduces -d and warns about using this script
+ o ConnectionExists: fix NTLM check for new connection [10]
+ o trynextip: fix build for non-IPV6 capable systems [11]
+ o Curl_updateconninfo: don't do anything for UDP "connections" [12]
+ o darwinssl: un-break Leopard build after PKCS#12 change [13]
+ o threaded-resolver: never use NULL hints with getaddrinf [14]
+ o multi_socket: remind app if timeout didn't run
+ o OpenSSL: deselect weak ciphers by default [15]
+ o error message: Sensible message on timeout when transfer size unknown [16]
+ o curl_easy_setopt.3: mention how to unset CURLOPT_INFILESIZE*
+ o win32: Fixed use of deprecated function 'GetVersionInfoEx' for VC12 [17]
+ o configure: fix gssapi linking on HP-UX [18]
+ o chunked-parser: abort on overflows, allow 64 bit chunks
+ o chunked parsing: relax the CR strictness [19]
+ o cookie: max-age fixes [20]
+ o progress bar: always update when at 100%
+ o progress bar: increase update frequency to 10Hz
+ o tool: Fixed incorrect return code if command line parser runs out of memory
+ o tool: Fixed incorrect return code if password prompting runs out of memory
+ o HTTP POST: omit Content-Length if data size is unknown [21]
+ o GnuTLS: disable insecure ciphers
+ o GnuTLS: honor --slv2 and the --tlsv1[.N] switches
+ o multi: Fixed a memory leak on OOM condition
+ o netrc: Fixed a memory and file descriptor leak on OOM
+ o getpass: fix password parsing from console [22]
+ o TFTP: fix crash on time-out [23]
+ o hostip: don't remove DNS entries that are in use [24]
+ o tests: lots of tests fixed to pass the OOM torture tests

 This release includes the following known bugs:

@@ -71,41 +71,40 @@ This release includes the following known bugs:
 This release would not have looked like this without help, code, reports and
 advice from friends like these:

- Alex McLellan, Bill Doyle, Colby Ranger, Fabian Keil, Gisle Vanem,
- John E. Malmberg, Jonathan Nieder, Kamil Dudka, Shawn Landden,
- Tor Arntsen, Will Dietz, Yi Huang, Kyle L. Huff, Steve Holme, Mike Mio,
- Stefan Neis, Nick Zitzmann, Geoff Beier, John Dunn, Jiri Hruska,
- Tomas Mlcoch, Kim Vandry, Ben Greear, Gorilla Maguila, Jerry Krinock,
- Yamada Yasuharu, Gordon Marler, Dave Thompson, D. Flinkmann,
- Benoit Sigoure, Clemens Gruber, Guenter Knauf, Petr Pisar, Elmira A Semenova,
- Francois Charlier, Ishan SinghLevett, Marcel Raad, Ulf Samuelsson,
- Andrej E Baranov, Derek Higgins, Heinrich Schaefer
+  Abram Pousada, Barry Abrahamson, Björn Stenberg, Cédric Deltheil, Chen Prog,
+  Christian Weisgerber, Colin Hogben, Dan Fandrich, Daniel Stenberg,
+  Fabian Frank, Glenn Sheridan, Guenter Knauf, He Qin, Iida Yosiaki,
+  Jeff Hodges, Justin Maggard, Leif W, Luke Dashjr, Maks Naumov, Marc Hoersken,
+  Michael Osipov, Michal Górny and Anthony G. Basile, Mohammad AlSaleh,
+  Nick Zitzmann, Paras Sethia, Petr Novak, Priyanka Shah, Romulo A. Ceccon,
+  Steve Holme, Tobias Markus, Viktor Szakáts, Yehezkel Horowitz, Yingwei Liu

        Thanks! (and sorry if I forgot to mention someone)

 References to bug reports and discussions on issues:

- [1] = http://curl.haxx.se/mail/lib-2013-08/0043.html
- [2] = http://bugs.debian.org/719856
- [3] = http://daniel.haxx.se/blog/2013/08/20/testing-curl_multi_socket_action/
- [4] = http://curl.haxx.se/bug/view.cgi?id=1269
- [5] = https://github.com/bagder/curl/pull/76
- [6] = http://curl.haxx.se/mail/lib-2013-08/0211.html
- [7] = http://curl.haxx.se/bug/view.cgi?id=1264
- [8] = http://curl.haxx.se/bug/view.cgi?id=1267
- [9] = http://curl.haxx.se/mail/lib-2013-08/0234.html
- [10] = http://curl.haxx.se/mail/lib-2013-08/0136.html
- [11] = https://bugzilla.redhat.com/1005686
- [12] = http://curl.haxx.se/mail/lib-2013-08/0109.html
- [13] = http://curl.haxx.se/bug/view.cgi?id=1273
- [14] = http://curl.haxx.se/mail/lib-2013-08/0209.html
- [15] = http://curl.haxx.se/mail/lib-2013-08/0265.html
- [16] = http://curl.haxx.se/mail/lib-2013-08/0170.html
- [17] = http://curl.haxx.se/bug/view.cgi?id=1278
- [18] = http://curl.haxx.se/bug/view.cgi?id=1279
- [19] = http://curl.haxx.se/bug/view.cgi?id=1281
- [20] = http://curl.haxx.se/mail/lib-2010-02/0200.html
- [21] = http://curl.haxx.se/mail/lib-2013-09/0182.html
- [22] = http://curl.haxx.se/bug/view.cgi?id=1282
- [23] = http://curl.haxx.se/bug/view.cgi?id=1288
- [24] = http://curl.haxx.se/mail/lib-2013-10/0048.html
+ [1] = http://curl.haxx.se/bug/view.cgi?id=1313
+ [2] = http://curl.haxx.se/mail/lib-2013-12/0113.html
+ [3] = http://curl.haxx.se/bug/view.cgi?id=1312
+ [4] = http://curl.haxx.se/bug/view.cgi?id=1314
+ [5] = http://curl.haxx.se/bug/view.cgi?id=1286
+ [6] = http://curl.haxx.se/bug/view.cgi?id=1315
+ [7] = http://curl.haxx.se/mail/lib-2014-01/0002.html
+ [8] = http://curl.haxx.se/mail/lib-2014-01/0013.html
+ [9] = http://curl.haxx.se/mail/lib-2014-01/0019.html
+ [10] = http://curl.haxx.se/mail/lib-2014-01/0046.html
+ [11] = http://curl.haxx.se/bug/view.cgi?id=1322
+ [12] = http://curl.haxx.se/mail/archive-2014-01/0016.html
+ [13] = http://curl.haxx.se/mail/lib-2013-12/0150.html
+ [14] = http://curl.haxx.se/mail/lib-2014-01/0061.html
+ [15] = http://curl.haxx.se/bug/view.cgi?id=1323
+ [16] = http://curl.haxx.se/mail/lib-2014-01/0115.html
+ [17] = http://curl.haxx.se/mail/lib-2014-01/0134.html
+ [18] = http://curl.haxx.se/bug/view.cgi?id=1321
+ [19] = http://curl.haxx.se/mail/archive-2014-01/0000.html
+ [20] = http://curl.haxx.se/mail/lib-2014-01/0130.html
+ [21] = http://curl.haxx.se/mail/lib-2014-01/0103.html
+ [22] = https://github.com/bagder/curl/pull/87
+ [23] = http://curl.haxx.se/mail/lib-2014-01/0246.html
+ [24] = http://curl.haxx.se/bug/view.cgi?id=1327
+ [25] = http://curl.haxx.se/docs/adv_20140129.html
--- a/configure.ac
+++ b/configure.ac
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -31,7 +31,7 @@ XC_OVR_ZZ60
 CURL_OVERRIDE_AUTOCONF

 dnl configure script copyright
-AC_COPYRIGHT([Copyright (c) 1998 - 2013 Daniel Stenberg, <daniel@haxx.se>
+AC_COPYRIGHT([Copyright (c) 1998 - 2014 Daniel Stenberg, <daniel@haxx.se>
 This configure script may be copied, distributed and modified under the
 terms of the curl license; see COPYING for more details])

@@ -1065,6 +1065,7 @@ AC_HELP_STRING([--disable-ipv6],[Disable ipv6 support]),
  AC_TRY_RUN([ /* is AF_INET6 available? */
 #include <sys/types.h>
 #include <sys/socket.h>
+#include <stdlib.h> /* for exit() */
 main()
 {
 if (socket(AF_INET6, SOCK_STREAM, 0) < 0)
@@ -1293,6 +1294,12 @@ if test x"$want_gss" = xyes; then
     *-*-darwin*)
        LIBS="-lgssapi_krb5 -lresolv $LIBS"
        ;;
+     *-hp-hpux*)
+        if test "$GSSAPI_ROOT" != "yes"; then
+           LDFLAGS="$LDFLAGS -L$GSSAPI_ROOT/lib$libsuff"
+        fi
+        LIBS="-lgss $LIBS"
+        ;;
     *)
        if test -f "$GSSAPI_ROOT/bin/krb5-config"; then
           dnl krb5-config doesn't have --libs-only-L or similar, put everything
@@ -1309,7 +1316,14 @@ if test x"$want_gss" = xyes; then
     esac
  else
     LDFLAGS="$LDFLAGS $GSSAPI_LIB_DIR"
-     LIBS="-lgssapi $LIBS"
+     case $host in
+     *-hp-hpux*)
+        LIBS="-lgss $LIBS"
+        ;;
+     *)
+        LIBS="-lgssapi $LIBS"
+        ;;
+     esac
  fi
 else
  CPPFLAGS="$save_CPPFLAGS"
@@ -1983,6 +1997,9 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
    if test "x$USE_CYASSL" = "xyes"; then
      AC_MSG_NOTICE([detected CyaSSL])

+      dnl cyassl/ctaocrypt/types.h needs SIZEOF_LONG_LONG defined!
+      AC_CHECK_SIZEOF(long long)
+
      LIBS="-lcyassl -lm $LIBS"

      if test -n "$cyassllib"; then
@@ -2067,8 +2084,8 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
         CPPFLAGS="$CPPFLAGS $addcflags"
      fi

-      dnl The function PK11_CreateGenericObject is needed to load libnsspem.so
-      AC_CHECK_LIB(nss3, PK11_CreateGenericObject,
+      dnl The function SSL_VersionRangeSet() is needed to enable TLS > 1.0
+      AC_CHECK_LIB(nss3, SSL_VersionRangeSet,
       [
       AC_DEFINE(USE_NSS, 1, [if NSS is enabled])
       AC_SUBST(USE_NSS, [1])
@@ -2084,14 +2101,6 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
      if test "x$USE_NSS" = "xyes"; then
        AC_MSG_NOTICE([detected NSS version $version])

-        dnl NSS_InitContext() was introduced in NSS 3.12.5 and helps to prevent
-        dnl collisions on NSS initialization/shutdown with other libraries
-        AC_CHECK_FUNC(NSS_InitContext,
-        [
-          AC_DEFINE(HAVE_NSS_INITCONTEXT, 1, [if you have the NSS_InitContext function])
-          AC_SUBST(HAVE_NSS_INITCONTEXT, [1])
-        ])
-
        dnl when shared libs were found in a path that the run-time
        dnl linker doesn't search through, we need to add it to
        dnl LD_LIBRARY_PATH to prevent further configure tests to fail
--- a/contributors.sh
+++ b/contributors.sh
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 2013-2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -37,10 +37,29 @@ fi
 # cut off spaces first and last on the line
 # only count names with a space (ie more than one word)
 # sort all unique names
+# awk them into RELEASE-NOTES format
 git log $start..HEAD | \
 egrep '(Author|Commit|by):' | \
 cut -d: -f2- | \
 cut '-d<' -f1 | \
 sed -e 's/^ //' -e 's/ $//g' | \
 grep ' ' | \
-sort -u
+sort -u |
+awk '{
+ num++;
+ n = sprintf("%s%s%s,", n, length(n)?" ":"", $0);
+ #print n;
+ if(length(n) > 78) {
+   printf("  %s\n", p);
+   n=sprintf("%s,", $0);
+ }
+ p=n;
+
+}
+
+ END {
+   printf("  %s\n", p);
+   printf("  (%d contributors)\n", num);
+ }
+
+'
--- a/docs/FAQ
+++ b/docs/FAQ
@@ -422,7 +422,7 @@ FAQ

  curl can be built to use one of the following SSL alternatives: OpenSSL,
  GnuTLS, yassl, NSS, PolarSSL, axTLS, Secure Transport (native iOS/OS X),
-  schannel (native Windows) or qssl (native IBM i). They all have their pros
+  WinSSL (native Windows) or qssl (native IBM i). They all have their pros
  and cons, and we try to maintain a comparison of them here:
  http://curl.haxx.se/docs/ssl-compared.html

--- a/docs/FEATURES
+++ b/docs/FEATURES
@@ -176,14 +176,14 @@ IMAPS (*1)
 FOOTNOTES
 =========

-  *1 = requires OpenSSL, GnuTLS, NSS, yassl, axTLS, PolarSSL, schannel (native
+  *1 = requires OpenSSL, GnuTLS, NSS, yassl, axTLS, PolarSSL, WinSSL (native
       Windows), Secure Transport (native iOS/OS X) or qssl (native IBM i)
  *2 = requires OpenLDAP
  *3 = requires a GSSAPI-compliant library, such as Heimdal or similar
  *4 = requires FBopenssl
  *5 = requires a krb4 library, such as the MIT one or similar
  *6 = requires c-ares
-  *7 = requires OpenSSL, NSS, qssl, schannel or Secure Transport; GnuTLS, for
+  *7 = requires OpenSSL, NSS, qssl, WinSSL or Secure Transport; GnuTLS, for
       example, only supports SSLv3 and TLSv1
  *8 = requires libssh2
  *9 = requires OpenSSL, GnuTLS, NSS, yassl, Secure Transport or SSPI (native
--- a/docs/INSTALL
+++ b/docs/INSTALL
@@ -993,6 +993,7 @@ REDUCING SIZE
     --disable-verbose (eliminates debugging strings and error code strings)
     --enable-hidden-symbols (eliminates unneeded symbols in the shared library)
     --without-libidn (disables support for the libidn DNS library)
+     --without-librtmp (disables support for RTMP)
     --without-ssl (disables support for SSL/TLS)
     --without-zlib (disables support for on-the-fly decompression)

@@ -1011,9 +1012,9 @@ REDUCING SIZE
   .comment section).

   Using these techniques it is possible to create a basic HTTP-only shared
-   libcurl library for i386 Linux platforms that is only 106 KiB in size, and
-   an FTP-only library that is 108 KiB in size (as of libcurl version 7.27.0,
-   using gcc 4.6.3).
+   libcurl library for i386 Linux platforms that is only 114 KiB in size, and
+   an FTP-only library that is 115 KiB in size (as of libcurl version 7.34.1,
+   using gcc 4.8.2).

   You may find that statically linking libcurl to your application will
   result in a lower total size than dynamically linking.
--- a/docs/INTERNALS
+++ b/docs/INTERNALS
@@ -43,7 +43,7 @@ Portability
 openldap     2.0
 MIT krb5 lib 1.2.4
 qsossl       V5R3M0
- NSS          3.12.x
+ NSS          3.14.x
 axTLS        1.2.7
 Heimdal      ?

@@ -337,10 +337,10 @@ SSL libraries
 in future libcurl versions.

 To deal with this internally in the best way possible, we have a generic SSL
- function API as provided by the sslgen.[ch] system, and they are the only SSL
- functions we must use from within libcurl. sslgen is then crafted to use the
+ function API as provided by the vtls.[ch] system, and they are the only SSL
+ functions we must use from within libcurl. vtls is then crafted to use the
 appropriate lower-level function calls to whatever SSL library that is in
- use.
+ use. For example vtls/openssl.[ch] for the OpenSSL library.

 Library Symbols
 ===============
--- a/docs/KNOWN_BUGS
+++ b/docs/KNOWN_BUGS
@@ -3,6 +3,25 @@ join in and help us correct one or more of these! Also be sure to check the
 changelog of the current development status, as one or more of these problems
 may have been fixed since this was written!

+87. -J/--remote-header-name doesn't decode %-encoded file names. RFC6266
+  details how it should be done. The can of worm is basically that we have no
+  charset handling in curl and ascii >=128 is a challenge for us. Not to
+  mention that decoding also means that we need to check for nastyness that is
+  attempted, like "../" sequences and the like. Probably everything to the left
+  of any embedded slashes should be cut off.
+  http://curl.haxx.se/bug/view.cgi?id=1294
+
+86. The disconnect commands (LOGOUT and QUIT) may not be sent by IMAP, POP3
+  and SMTP if a failure occures during the authentication phase of a
+  connection.
+
+85. Wrong STARTTRANSFER timer accounting for POST requests
+  Timer works fine with GET requests, but while using POST the time for
+  CURLINFO_STARTTRANSFER_TIME is wrong. While using POST
+  CURLINFO_STARTTRANSFER_TIME minus CURLINFO_PRETRANSFER_TIME is near to zero
+  every time.
+  http://curl.haxx.se/bug/view.cgi?id=1213
+
 84. CURLINFO_SSL_VERIFYRESULT is only implemented for the OpenSSL and NSS
  backends, so relying on this information in a generic app is flaky.

@@ -50,12 +69,12 @@ may have been fixed since this was written!
  option as for all other operating systems.

 75. NTLM authentication involving unicode user name or password only works
-  properly if built with UNICODE defined together with the schannel/winssl
+  properly if built with UNICODE defined together with the WinSSL/schannel
  backend. The original problem was mentioned in:
  http://curl.haxx.se/mail/lib-2009-10/0024.html
  http://curl.haxx.se/bug/view.cgi?id=896

-  The schannel version verified to work as mentioned in
+  The WinSSL/schannel version verified to work as mentioned in
  http://curl.haxx.se/mail/lib-2012-07/0073.html

 73. if a connection is made to a FTP server but the server then just never
--- a/docs/Makefile.am
+++ b/docs/Makefile.am
@@ -37,7 +37,7 @@ EXTRA_DIST = MANUAL BUGS CONTRIBUTE FAQ FEATURES INTERNALS SSLCERTS	 \
 README.win32 RESOURCES TODO TheArtOfHttpScripting THANKS VERSIONS	 \
 KNOWN_BUGS BINDINGS $(man_MANS) $(HTMLPAGES) HISTORY INSTALL		 \
 $(PDFPAGES) LICENSE-MIXING README.netware DISTRO-DILEMMA INSTALL.devcpp \
- MAIL-ETIQUETTE HTTP-COOKIES LIBCURL-STRUCTS
+ MAIL-ETIQUETTE HTTP-COOKIES LIBCURL-STRUCTS SECURITY RELEASE-PROCEDURE

 MAN2HTML= roffit < $< >$@

--- a/docs/RELEASE-PROCEDURE
+++ b/docs/RELEASE-PROCEDURE
@@ -0,0 +1,53 @@
+                                  _   _ ____  _
+                              ___| | | |  _ \| |
+                             / __| | | | |_) | |
+                            | (__| |_| |  _ <| |___
+                             \___|\___/|_| \_\_____|
+
+curl release procedure - how to do a release
+============================================
+
+[in the source code repo]
+
+- edit RELEASE-NOTES to be accurate
+
+- update docs/THANKS
+
+- make sure all relevant changes are committed on the master branch
+
+- tag the git repo in this style: 'git tag -a curl-7_34_0'. -a annotates the
+  tag and we use underscores instead of dots in the version number. 
+   
+- run "./maketgz 7.34.0" to build the release tarballs. It is important that
+  you run this on a machine with the correct set of autotools etc installed
+  as this is what then will be shipped and used by most users on *nix like
+  systems.
+
+- push the git commits and the new tag
+
+- gpg sign the 4 tarballs as maketgz suggests
+
+- upload the 8 resulting files to the primary download directory
+
+[data in the curl-www repo]
+
+- edit Makefile (version number and date),
+  _newslog.html (announce the new release) and
+  _changes.html (insert changes+bugfixes from RELEASE-NOTES)
+
+- commit all local changes
+
+- tag the repo with the same tag as used for the source repo
+
+- make sure all relevant changes are committed and pushed on the master branch
+
+  (the web site then updates its contents automatically)
+
+[inform]
+
+- send an email to curl-users, curl-announce and curl-library. Insert the
+  RELEASE-NOTES into the mail.
+
+[celebrate]
+
+- suitable beverage intake is encouraged for the festivities
--- a/docs/SECURITY
+++ b/docs/SECURITY
@@ -0,0 +1,91 @@
+                                  _   _ ____  _
+                              ___| | | |  _ \| |
+                             / __| | | | |_) | |
+                            | (__| |_| |  _ <| |___
+                             \___|\___/|_| \_\_____|
+
+CURL SECURITY FOR DEVELOPERS
+
+This document is intended to provide guidance to curl developers on how
+security vulnerabilities should be handled.
+
+PUBLISHING INFORMATION
+
+All known and public curl or libcurl related vulnerabilities are listed at
+http://curl.haxx.se/docs/security.html
+
+Security vulnerabilities should not be entered in the project's public bug
+tracker unless the necessary configuration is in place to limit access to the
+issue to only the reporter and the project's security team.
+
+VULNERABILITY HANDLING
+
+The typical process for handling a new security vulnerability is as follows.
+
+No information should be made public about a vulnerability until it is
+formally announced at the end of this process. That means, for example that a
+bug tracker entry must NOT be created to track the issue since that will make
+the issue public and it should not be discussed on any of the project's public
+mailing lists. Also messages associated with any commits should not make
+any reference to the security nature of the commit if done prior to the public
+announcement.
+
+- The person discovering the issue, the reporter, reports the vulnerability
+  privately to curl-security@haxx.se. That's an email alias that reaches a
+  handful of selected and trusted people.
+
+- Messages that do not relate to the reporting or managing of an undisclosed
+  security vulnerability in curl or libcurl are ignored and no further action
+  is required.
+
+- A person in the security team sends an e-mail to the original reporter to
+  acknowledge the report.
+
+- The security team investigates the report and either rejects it or accepts
+  it.
+
+- If the report is rejected, the team writes to the reporter to explain why.
+
+- If the report is accepted, the team writes to the reporter to let him/her
+  know it is accepted and that they are working on a fix.
+
+- The security team discusses the problem, works out a fix, considers the
+  impact of the problem and suggests a release schedule. This discussion
+  should involve the reporter as much as possible.
+
+- The release of the information should be "as soon as possible" and is most
+  often synced with an upcoming release that contains the fix. If the
+  reporter, or anyone else, thinks the next planned release is too far away
+  then a separate earlier release for security reasons should be considered.
+
+- Write a security advisory draft about the problem that explains what the
+  problem is, its impact, which versions it affects, solutions or
+  work-arounds, when the release is out and make sure to credit all
+  contributors properly.
+
+- Request a CVE number from distros@openwall.org[1] when also informing and
+  preparing them for the upcoming public security vulnerability announcement -
+  attach the advisory draft for information. Note that 'distros' won't accept
+  an embargo longer than 19 days.
+
+- Update the "security advisory" with the CVE number.
+
+- The security team commits the fix in a private branch. The commit message
+  should ideally contain the CVE number. This fix is usually also distributed
+  to the 'distros' mailing list to allow them to use the fix prior to the
+  public announcement.
+
+- At the day of the next release, the private branch is merged into the master
+  branch and pushed. Once pushed, the information is accessible to the public
+  and the actual release should follow suit immediately afterwards.
+
+- The project team creates a release that includes the fix.
+
+- The project team announces the release and the vulnerability to the world in
+  the same manner we always announce releases. It gets sent to the
+  curl-announce, curl-library and curl-users mailing lists.
+
+- The security web page on the web site should get the new vulernability
+  mentioned.
+
+[1] = http://oss-security.openwall.org/wiki/mailing-lists/distros
--- a/docs/THANKS
+++ b/docs/THANKS
@@ -27,6 +27,7 @@ Alessandro Vesely
 Alex Bligh
 Alex Fishman
 Alex Gruz
+Alex McLellan
 Alex Neblett
 Alex Suykov
 Alex Vinnik
@@ -62,6 +63,7 @@ Andreas Schuldei
 Andreas Wurf
 Andrei Benea
 Andrei Cipu
+Andrej E Baranov
 Andres Garcia
 Andrew Benham
 Andrew Biggs
@@ -109,9 +111,11 @@ Benbuck Nason
 Benjamin Gerard
 Benjamin Gilbert
 Benjamin Johnson
+Benoit Sigoure
 Bernard Leak
 Bernhard Reutner-Fischer
 Bertrand Demiddelaer
+Bill Doyle
 Bill Egert
 Bill Hoffman
 Bill Middlecamp
@@ -154,6 +158,7 @@ Charles Kerr
 Chih-Chung Chang
 Chris "Bob Bob"
 Chris Combes
+Chris Conlon
 Chris Conroy
 Chris Deidun
 Chris Flerackers
@@ -181,6 +186,7 @@ Clarence Gardner
 Clemens Gruber
 Clifford Wolf
 Cody Jones
+Colby Ranger
 Colin Hogben
 Colin Watson
 Colm Buckley
@@ -194,6 +200,7 @@ Cristian Rodríguez
 Curt Bogmine
 Cyrill Osterwalder
 Cédric Deltheil
+D. Flinkmann
 Dag Ekengren
 Dagobert Michelsen
 Damien Adant
@@ -221,6 +228,7 @@ Dave Halbakken
 Dave Hamilton
 Dave May
 Dave Reisner
+Dave Thompson
 Dave Vasilevsky
 David Bau
 David Binderman
@@ -244,13 +252,16 @@ David Shaw
 David Strauss
 David Tarendash
 David Thiel
+David Walser
 David Wright
 David Yan
 Dengminwen
+Derek Higgins
 Detlef Schmier
 Didier Brisebourg
 Diego Casorran
 Dima Barsky
+Dima Tisnek
 Dimitre Dimitrov
 Dimitris Sarris
 Dinar
@@ -289,6 +300,7 @@ Eelco Dolstra
 Eetu Ojanen
 Eldar Zaitov
 Ellis Pritchard
+Elmira A Semenova
 Emanuele Bovisio
 Emil Romanus
 Emiliano Ida
@@ -298,6 +310,7 @@ Eric Cooper
 Eric Hu
 Eric Landes
 Eric Lavigne
+Eric Lubin
 Eric Melville
 Eric Mertens
 Eric Rautman
@@ -318,10 +331,12 @@ Fabian Hiernaux
 Fabian Keil
 Fabrizio Ammollo
 Fedor Karpelevitch
+Felix Yan
 Felix von Leitner
 Feng Tu
 Florian Schoppmann
 Forrest Cahoon
+Francois Charlier
 Frank Hempel
 Frank Keeney
 Frank McGeough
@@ -342,11 +357,13 @@ Gautam Kachroo
 Gautam Mani
 Gavrie Philipson
 Gaz Iqbal
+Geoff Beier
 Georg Horn
 Georg Huettenegger
 Georg Lippitsch
 Georg Wicherski
 Gerd v. Egidy
+Gergely Nagy
 Gerhard Herre
 Gerrit Bruchhäuser
 Ghennadi Procopciuc
@@ -362,6 +379,8 @@ Giuseppe D'Ambrosio
 Glen Nakamura
 Glen Scott
 Gokhan Sengun
+Gordon Marler
+Gorilla Maguila
 Grant Erickson
 Greg Hewgill
 Greg Morse
@@ -384,8 +403,10 @@ Hans-Jurgen May
 Hardeep Singh
 Harshal Pradhan
 Hauke Duden
+He Qin
 Heikki Korpela
 Heinrich Ko
+Heinrich Schaefer
 Hendrik Visage
 Henrik Storner
 Henry Ludemann
@@ -422,6 +443,7 @@ James Bursa
 James Cheng
 James Clancy
 James Cone
+James Dury
 James Gallagher
 James Griffiths
 James Housley
@@ -441,6 +463,7 @@ Jason Glasgow
 Jason Liu
 Jason McDonald
 Jason S. Priebe
+Javier Barroso
 Jay Austin
 Jayesh A Shah
 Jaz Fresh
@@ -453,6 +476,7 @@ Jean-Noel Rouvignac
 Jean-Philippe Barrette-LaPierre
 Jeff Connelly
 Jeff Johnson
+Jeff King
 Jeff Lawson
 Jeff Phillips
 Jeff Pohlmeyer
@@ -462,6 +486,7 @@ Jeremy Friesner
 Jeremy Huddleston
 Jerome Muffat-Meridol
 Jerome Vouillon
+Jerry Krinock
 Jerry Wu
 Jes Badwal
 Jesper Jensen
@@ -486,6 +511,7 @@ Johannes Bauer
 John Bradshaw
 John Crow
 John Dennis
+John Dunn
 John E. Malmberg
 John Gardiner Myers
 John Janssen
@@ -569,6 +595,7 @@ Krishnendu Majumdar
 Krister Johansen
 Kristian Gunstone
 Kristian Köhntopp
+Kyle L. Huff
 Kyle Sallee
 Lachlan O'Dea
 Larry Campbell
@@ -611,6 +638,7 @@ Mandy Wu
 Manfred Schwarb
 Manuel Massing
 Marc Boucher
+Marc Deslauriers
 Marc Doughty
 Marc Hoersken
 Marc Kleine-Budde
@@ -618,6 +646,7 @@ Marcel Raad
 Marcel Roelofs
 Marcelo Juchem
 Marcin Adamski
+Marcin Gryszkalis
 Marcin Konicki
 Marco G. Salvagno
 Marco Maggi
@@ -672,6 +701,7 @@ Maxim Prohorov
 Maxime Larocque
 Mehmet Bozkurt
 Mekonikum
+Melissa Mears
 Mettgut Jamalla
 Michael Benedict
 Michael Calmer
@@ -683,6 +713,7 @@ Michael Jahn
 Michael Jerris
 Michael Mealling
 Michael Mueller
+Michael Osipov
 Michael Smith
 Michael Stillwell
 Michael Wallner
@@ -700,6 +731,7 @@ Mike Crowe
 Mike Dobbs
 Mike Giancola
 Mike Hommey
+Mike Mio
 Mike Power
 Mike Protts
 Mike Revi
@@ -744,6 +776,7 @@ Olaf Flebbe
 Olaf Stueben
 Olaf Stüben
 Oliver Gondža
+Oliver Kuckertz
 Olivier Berger
 Oren Tirosh
 Ori Avtalion
@@ -762,8 +795,10 @@ Patrick Scott
 Patrick Smith
 Patrik Thunstrom
 Pau Garcia i Quiles
+Paul Donohue
 Paul Harrington
 Paul Howarth
+Paul Marks
 Paul Marquis
 Paul Moore
 Paul Nolan
@@ -792,6 +827,8 @@ Peter Todd
 Peter Verhas
 Peter Wullinger
 Peteris Krumins
+Petr Bahula
+Petr Pisar
 Phil Blundell
 Phil Karn
 Phil Lisiecki
@@ -875,6 +912,7 @@ Roland Zimmermann
 Rolland Dudemaine
 Roman Koifman
 Roman Mamedov
+Romulo A. Ceccon
 Ron Zapp
 Rosimildo da Silva
 Roy Shan
@@ -884,6 +922,7 @@ Rutger Hofman
 Ryan Chan
 Ryan Nelson
 Ryan Schmidt
+Rémy Léone
 S. Moonesamy
 Salvador Dávila
 Salvatore Sorrentino
@@ -909,11 +948,13 @@ Sebastian Rasmussen
 Sebastien Willemijns
 Senthil Raja Velu
 Sergei Nikulov
+Sergey Tatarincev
 Sergio Ballestrero
 Seshubabu Pasam
 Sh Diao
 Sharad Gupta
 Shard
+Shawn Landden
 Shawn Poulson
 Shmulik Regev
 Siddhartha Prakash Jain
@@ -997,6 +1038,7 @@ Tom Mueller
 Tom Regner
 Tom Wright
 Tom Zerucha
+Tomas Hoger
 Tomas Mlcoch
 Tomas Pospisek
 Tomas Szepe
@@ -1014,7 +1056,9 @@ Traian Nicolescu
 Troels Walsted Hansen
 Troy Engel
 Tupone Alfredo
+Tyler Hall
 Ulf Härnhammar
+Ulf Samuelsson
 Ulrich Doehner
 Ulrich Zadow
 Venkat Akella
@@ -1041,15 +1085,18 @@ Wesley Laxton
 Wesley Miaw
 Wez Furlong
 Wilfredo Sanchez
+Will Dietz
 Willem Sparreboom
 Wojciech Zwiefka
 Wouter Van Rooy
 Wu Yongzheng
 Xavier Bouchoux
+Yaakov Selkowitz
 Yamada Yasuharu
 Yang Tse
 Yarram Sunil
 Yehoshua Hershberg
+Yi Huang
 Yukihiro Kawada
 Yuriy Sosov
 Yves Arrouye
--- a/docs/TODO
+++ b/docs/TODO
@@ -16,8 +16,9 @@
 1.3 struct lifreq
 1.4 signal-based resolver timeouts
 1.5 get rid of PATH_MAX
- 1.6 Happy Eyeball dual stack connect
- 1.7 Modified buffer size approach
+ 1.6 Modified buffer size approach
+ 1.7 Detect when called from witin callbacks
+ 1.8 Allow SSL (HTTPS) to proxy

 2. libcurl - multi interface
 2.1 More non-blocking
@@ -31,14 +32,14 @@
 4.2 Alter passive/active on failure and retry
 4.3 Earlier bad letter detection
 4.4 REST for large files
- 4.5 FTP proxy support
- 4.6 ASCII support
+ 4.5 ASCII support

 5. HTTP
 5.1 Better persistency for HTTP 1.0
 5.2 support FF3 sqlite cookie files
 5.3 Rearrange request header order
 5.4 HTTP2/SPDY
+ 5.5 auth= in URLs

 6. TELNET
 6.1 ditch stdin
@@ -48,17 +49,14 @@

 7. SMTP
 7.1 Pipelining
- 7.2 Graceful base64 decoding failure
- 7.3 Enhanced capability support
+ 7.2 Enhanced capability support
 
 8. POP3
 8.1 Pipelining
- 8.2 Graceful base64 decoding failure
- 8.3 Enhanced capability support
+ 8.2 Enhanced capability support
 
 9. IMAP
- 9.1 Graceful base64 decoding failure
- 9.2 Enhanced capability support
+ 9.1 Enhanced capability support
 
 10. LDAP
 10.1 SASL based authentication mechanisms
@@ -73,9 +71,8 @@
 12.4 Cache OpenSSL contexts
 12.5 Export session ids
 12.6 Provide callback for cert verification
- 12.7 Support other SSL libraries
- 12.8 improve configure --with-ssl
- 12.9 Support DANE
+ 12.7 improve configure --with-ssl
+ 12.8 Support DANE

 13. GnuTLS
 13.1 SSL engine stuff
@@ -157,19 +154,7 @@
 we need libssh2 to properly tell us when we pass in a too small buffer and
 its current API (as of libssh2 1.2.7) doesn't.

-1.6 Happy Eyeball dual stack connect
-
- In order to make alternative technologies not suffer when transitioning, like
- when introducing IPv6 as an alternative to IPv4 and there are more than one
- option existing simultaneously there are reasons to reconsider internal
- choices.
-
- To make libcurl do blazing fast IPv6 in a dual-stack configuration, this needs
- to be addressed:
-
-    http://tools.ietf.org/html/rfc6555
-
-1.7 Modified buffer size approach
+1.6 Modified buffer size approach

 Current libcurl allocates a fixed 16K size buffer for download and an
 additional 16K for upload. They are always unconditionally part of the easy
@@ -190,6 +175,18 @@
 Dynamically allocate buffer size depending on protocol in use in combination
 with freeing it after each individual transfer? Other suggestions?

+1.7 Detect when called from witin callbacks
+
+ We should set a state variable before calling callbacks, so that we
+ subsequently can add code within libcurl that returns error if called within
+ callbacks for when that's not supported.
+
+1.8 Allow SSL (HTTPS) to proxy
+
+ To prevent local users from snooping on your traffic to the proxy. Supported
+ by Chrome already:
+ http://www.chromium.org/developers/design-documents/secure-web-proxy
+

 2. libcurl - multi interface

@@ -246,13 +243,7 @@
 the server doesn't set the pointer to the requested index. The tricky
 (impossible?) part is to figure out if the server did the right thing or not.

-4.5 FTP proxy support
-
- Support the most common FTP proxies, Philip Newton provided a list allegedly
- from ncftp. This is not a subject without debate, and is probably not really
- suitable for libcurl.  http://curl.haxx.se/mail/archive-2003-04/0126.html
-
-4.6 ASCII support
+4.5 ASCII support

 FTP ASCII transfers do not follow RFC959. They don't convert the data
 accordingly.
@@ -300,6 +291,17 @@
 be a better option, either used directly or wrapped with a more spindly-like
 API.

+5.5 auth= in URLs
+
+ Add the ability to specify the preferred authentication mechanism to use by
+ using ;auth=<mech> in the login part of the URL.
+
+ For example:
+
+ http://test:pass;auth=NTLM@example.com would be equivalent to specifing --user
+ test:pass;auth=NTLM or --user test:pass --ntlm from the command line. 
+
+ Additionally this should be implemented for proxy base URLs as well.

 6. TELNET

@@ -331,14 +333,7 @@ to provide the data to send.

 Add support for pipelining emails.

-7.2 Graceful base64 decoding failure
-
- Rather than shutting down the session and returning an error when the
- decoding of a base64 encoded authentication response fails, we should
- gracefully shutdown the authentication process by sending a * response to the
- server as per RFC4954.
-
-7.3 Enhanced capability support
+7.2 Enhanced capability support

 Add the ability, for an application that uses libcurl, to obtain the list of
 capabilities returned from the EHLO command.
@@ -349,28 +344,14 @@ to provide the data to send.

 Add support for pipelining commands.

-8.2 Graceful base64 decoding failure
-
- Rather than shutting down the session and returning an error when the
- decoding of a base64 encoded authentication response fails, we should
- gracefully shutdown the authentication process by sending a * response to the
- server as per RFC5034.
- 
-8.3 Enhanced capability support
+8.2 Enhanced capability support

 Add the ability, for an application that uses libcurl, to obtain the list of
 capabilities returned from the CAPA command.

 9. IMAP

-9.1 Graceful base64 decoding failure
-
- Rather than shutting down the session and returning an error when the
- decoding of a base64 encoded authentication response fails, we should
- gracefully shutdown the authentication process by sending a * response to the
- server as per RFC3501.
-
-9.2 Enhanced capability support
+9.1 Enhanced capability support

 Add the ability, for an application that uses libcurl, to obtain the list of
 capabilities returned from the CAPABILITY command.
@@ -434,17 +415,12 @@ to provide the data to send.
 certificate, but this doesn't seem to be exposed in the libcurl APIs. Could
 it be? There's so much that could be done if it were!

-12.7 Support other SSL libraries
-
- Make curl's SSL layer capable of using other free SSL libraries.  Such as
- MatrixSSL (http://www.matrixssl.org/).
-
-12.8 improve configure --with-ssl
+12.7 improve configure --with-ssl

 make the configure --with-ssl option first check for OpenSSL, then GnuTLS,
 then NSS...

-12.9 Support DANE
+12.8 Support DANE

 DNS-Based Authentication of Named Entities (DANE) is a way to provide SSL
 keys and certs over DNS using DNSSEC as an alternative to the CA model.
--- a/docs/TheArtOfHttpScripting
+++ b/docs/TheArtOfHttpScripting
@@ -1,16 +1,72 @@
-Online:  http://curl.haxx.se/docs/httpscripting.html
-Date:    Jan 19, 2011
+Updated: Dec 24, 2013 (http://curl.haxx.se/docs/httpscripting.html)
+                                  _   _ ____  _
+                              ___| | | |  _ \| |
+                             / __| | | | |_) | |
+                            | (__| |_| |  _ <| |___
+                             \___|\___/|_| \_\_____|

-                The Art Of Scripting HTTP Requests Using Curl
-                =============================================

- This document will assume that you're familiar with HTML and general
- networking.
+The Art Of Scripting HTTP Requests Using Curl

- The possibility to write scripts is essential to make a good computer
- system. Unix' capability to be extended by shell scripts and various tools to
- run various automated commands and scripts is one reason why it has succeeded
- so well.
+ 1. HTTP Scripting
+ 1.1 Background
+ 1.2 The HTTP Protocol
+ 1.3 See the Protocol
+ 1.4 See the Timing
+ 1.5 See the Response
+ 2. URL
+ 2.1 Spec
+ 2.2 Host
+ 2.3 Port number
+ 2.4 User name and password
+ 2.5 Path part
+ 3. Fetch a page
+ 3.1 GET
+ 3.2 HEAD
+ 4. HTML forms
+ 4.1 Forms explained
+ 4.2 GET
+ 4.3 POST
+ 4.4 File Upload POST
+ 4.5 Hidden Fields
+ 4.6 Figure Out What A POST Looks Like
+ 5. HTTP upload
+ 5.1 PUT
+ 6. HTTP Authentication
+ 6.1 Basic Authentication
+ 6.2 Other Authentication
+ 6.3 Proxy Authentication
+ 6.4 Hiding credentials
+ 7. More HTTP Headers
+ 7.1 Referer
+ 7.2 User Agent
+ 8. Redirects
+ 8.1 Location header
+ 8.2 Other redirects
+ 9. Cookies
+ 9.1 Cookie Basics
+ 9.2 Cookie options
+ 10. HTTPS
+ 10.1 HTTPS is HTTP secure
+ 10.2 Certificates
+ 11. Custom Request Elements
+ 11.1 Modify method and headers
+ 11.2 More on changed methods
+ 12. Web Login
+ 12.1 Some login tricks
+ 13. Debug
+ 13.1 Some debug tricks
+ 14. References
+ 14.1 Standards
+ 14.2 Sites
+
+==============================================================================
+
+1. HTTP Scripting
+
+ 1.1 Background
+
+ This document assumes that you're familiar with HTML and general networking.

 The increasing amount of applications moving to the web has made "HTTP
 Scripting" more frequently requested and wanted. To be able to automatically
@@ -27,7 +83,7 @@ Date:    Jan 19, 2011
 to glue everything together using some kind of script language or repeated
 manual invokes.

-1. The HTTP Protocol
+ 1.2 The HTTP Protocol

 HTTP is the protocol used to fetch data from web servers. It is a very simple
 protocol that is built upon TCP/IP. The protocol also allows information to
@@ -44,7 +100,7 @@ Date:    Jan 19, 2011
 well), response headers and most often also a response body. The "body" part
 is the plain data you requested, like the actual HTML or the image etc.

- 1.1 See the Protocol
+ 1.3 See the Protocol

  Using curl's option --verbose (-v as a short option) will display what kind
  of commands curl sends to the server, as well as a few other informational
@@ -59,13 +115,88 @@ Date:    Jan 19, 2011

      curl --trace-ascii debugdump.txt http://www.example.com/

+ 1.4 See the Timing
+
+  Many times you may wonder what exactly is taking all the time, or you just
+  want to know the amount of milliseconds between two points in a
+  transfer. For those, and other similar situations, the --trace-time option
+  is what you need. It'll prepend the time to each trace output line:
+
+      curl --trace-ascii d.txt --trace-time http://example.com/
+
+ 1.5 See the Response
+
+  By default curl sends the response to stdout. You need to redirect it
+  somewhere to avoid that, most often that is done with -o or -O.
+
 2. URL

+ 2.1 Spec
+
 The Uniform Resource Locator format is how you specify the address of a
 particular resource on the Internet. You know these, you've seen URLs like
- http://curl.haxx.se or https://yourbank.com a million times.
+ http://curl.haxx.se or https://yourbank.com a million times. RFC 3986 is the
+ canonical spec.

-3. GET a page
+ 2.2 Host
+
+ The host name is usually resolved using DNS or your /etc/hosts file to an IP
+ address and that's what curl will communicate with. Alternatively you specify
+ the IP address directly in the URL instead of a name.
+
+ For development and other trying out situation, you can point out a different
+ IP address for a host name than what would otherwise be used, by using curl's
+ --resolve option:
+
+      curl --resolve www.example.org:80:127.0.0.1 http://www.example.org/
+ 
+ 2.3 Port number
+
+ Each protocol curl supports operate on a default port number, be it over TCP
+ or in some cases UDP. Normally you don't have to take that into
+ consideration, but at times you run test servers on other ports or
+ similar. Then you can specify the port number in the URL with a colon and a
+ number immediately following the host name. Like when doing HTTP to port
+ 1234:
+
+      curl http://www.example.org:1234/
+
+ The port number you specify in the URL is the number that the server uses to
+ offer its services. Sometimes you may use a local proxy, and then you may
+ need to specify that proxy's port number separate on what curl needs to
+ connect to locally. Like when using a HTTP proxy on port 4321:
+
+      curl --proxy http://proxy.example.org:4321 http://remote.example.org/
+
+ 2.4 User name and password
+
+ Some services are setup to require HTTP authentication and then you need to
+ provide name and password which then is transfered to the remote site in
+ various ways depending on the exact authentication protocol used.
+
+ You can opt to either insert the user and password in the URL or you can
+ provide them separately:
+
+      curl http://user:password@example.org/
+
+ or
+
+      curl -u user:password http://example.org/
+
+ You need to pay attention that this kind of HTTP authentication is not what
+ is usually done and requested by user-oriented web sites these days. They
+ tend to use forms and cookies instead.
+
+ 2.5 Path part
+
+ The path part is just sent off to the server to request that it sends back
+ the associated response. The path is what is to the right side of the slash
+ that follows the host name and possibly port number.
+
+
+3. Fetch a page
+
+ 3.1 GET

 The simplest and most common request/operation made using HTTP is to get a
 URL. The URL could itself refer to a web page, an image or a file. The client
@@ -79,10 +210,23 @@ Date:    Jan 19, 2011

 All HTTP replies contain a set of response headers that are normally hidden,
 use curl's --include (-i) option to display them as well as the rest of the
- document. You can also ask the remote server for ONLY the headers by using
- the --head (-I) option (which will make curl issue a HEAD request).
+ document.

-4. Forms
+ 3.2 HEAD
+
+ You can ask the remote server for ONLY the headers by using the --head (-I)
+ option which will make curl issue a HEAD request. In some special cases
+ servers deny the HEAD method while others still work, which is a particular
+ kind of annoyance.
+
+ The HEAD method is defined and made so that the server returns the headers
+ exactly the way it would do for a GET, but without a body. It means that you
+ may see a Content-Length: in the response headers, but there must not be an
+ actual body in the HEAD response.
+
+4. HTML forms
+
+ 4.1 Forms explained

 Forms are the general way a web site can present a HTML page with fields for
 the user to enter data in, and then press some kind of 'OK' or 'submit'
@@ -95,7 +239,7 @@ Date:    Jan 19, 2011
 Of course there has to be some kind of program in the server end to receive
 the data you send. You cannot just invent something out of the air.

- 4.1 GET
+ 4.2 GET

  A GET-form uses the method GET, as specified in HTML like:

@@ -121,7 +265,7 @@ Date:    Jan 19, 2011

        curl "http://www.hotmail.com/when/junk.cgi?birthyear=1905&press=OK"

- 4.2 POST
+ 4.3 POST

  The GET method makes all input field names get displayed in the URL field of
  your browser. That's generally a good thing when you want to be able to
@@ -158,7 +302,7 @@ Date:    Jan 19, 2011

        curl --data-urlencode "name=I am Daniel" http://www.example.com

- 4.3 File Upload POST
+ 4.4 File Upload POST

  Back in late 1995 they defined an additional way to post data over HTTP. It
  is documented in the RFC 1867, why this method sometimes is referred to as
@@ -179,7 +323,7 @@ Date:    Jan 19, 2011

        curl --form upload=@localfilename --form press=OK [URL]

- 4.4 Hidden Fields
+ 4.5 Hidden Fields

  A very common way for HTML based application to pass state information
  between pages is to add hidden fields to the forms. Hidden fields are
@@ -200,7 +344,7 @@ Date:    Jan 19, 2011

        curl --data "birthyear=1905&press=OK&person=daniel" [URL]

- 4.5 Figure Out What A POST Looks Like
+ 4.6 Figure Out What A POST Looks Like

  When you're about fill in a form and send to a server by using curl instead
  of a browser, you're of course very interested in sending a POST exactly the
@@ -213,7 +357,9 @@ Date:    Jan 19, 2011
  You will then clearly see the data get appended to the URL, separated with a
  '?'-letter as GET forms are supposed to.

-5. PUT
+5. HTTP upload
+
+ 5.1 PUT

 The perhaps best way to upload data to a HTTP server is to use PUT. Then
 again, this of course requires that someone put a program or script on the
@@ -225,6 +371,8 @@ Date:    Jan 19, 2011

 6. HTTP Authentication

+ 6.1 Basic Authentication
+
 HTTP Authentication is the ability to tell the server your username and
 password so that it can verify that you're allowed to do the request you're
 doing. The Basic authentication used in HTTP (which is the type curl uses by
@@ -236,10 +384,14 @@ Date:    Jan 19, 2011

        curl --user name:password http://www.example.com

+ 6.2 Other Authentication
+
 The site might require a different authentication method (check the headers
 returned by the server), and then --ntlm, --digest, --negotiate or even
 --anyauth might be options that suit you.

+ 6.3 Proxy Authentication
+
 Sometimes your HTTP access is only available through the use of a HTTP
 proxy. This seems to be especially common at various companies. A HTTP proxy
 may require its own user and password to allow the client to get through to
@@ -253,6 +405,8 @@ Date:    Jan 19, 2011
 If you use any one these user+password options but leave out the password
 part, curl will prompt for the password interactively.

+ 6.4 Hiding credentials
+
 Do note that when a program is run, its parameters might be possible to see
 when listing the running processes of the system. Thus, other users may be
 able to watch your passwords if you pass them as plain command line
@@ -262,7 +416,9 @@ Date:    Jan 19, 2011
 many web sites will not use this concept when they provide logins etc. See
 the Web Login chapter further below for more details on that.

-7. Referer
+7. More HTTP Headers
+
+ 7.1 Referer

 A HTTP request may include a 'referer' field (yes it is misspelled), which
 can be used to tell from which URL the client got to this particular
@@ -276,7 +432,7 @@ Date:    Jan 19, 2011

        curl --referer http://www.example.come http://www.example.com

-8. User Agent
+ 7.2 User Agent

 Very similar to the referer field, all HTTP requests may set the User-Agent
 field. It names what user agent (client) that is being used. Many
@@ -298,7 +454,9 @@ Date:    Jan 19, 2011

  curl --user-agent "Mozilla/4.73 [en] (X11; U; Linux 2.2.15 i686)" [URL]

-9. Redirects
+8. Redirects
+
+ 8.1 Location header

 When a resource is requested from a server, the reply from the server may
 include a hint about where the browser should go next to find this page, or a
@@ -318,7 +476,16 @@ Date:    Jan 19, 2011
 only use POST in the first request, and then revert to GET in the following
 operations.

-10. Cookies
+ 8.2 Other redirects
+
+ Browser typically support at least two other ways of redirects that curl
+ doesn't: first the html may contain a meta refresh tag that asks the browser
+ to load a specific URL after a set number of seconds, or it may use
+ javascript to do it.
+
+9. Cookies
+
+ 9.1 Cookie Basics

 The way the web browsers do "client side state control" is by using
 cookies. Cookies are just names with associated contents. The cookies are
@@ -335,6 +502,8 @@ Date:    Jan 19, 2011
 must be able to record and send back cookies the way the web application
 expects them. The same way browsers deal with them.

+ 9.2 Cookie options
+
 The simplest way to send a few cookies to the server when getting a page with
 curl is to add them on the command line like:

@@ -366,16 +535,18 @@ Date:    Jan 19, 2011
        curl --cookie nada --location http://www.example.com

 Curl has the ability to read and write cookie files that use the same file
- format that Netscape and Mozilla do. It is a convenient way to share cookies
- between browsers and automatic scripts. The --cookie (-b) switch
- automatically detects if a given file is such a cookie file and parses it,
- and by using the --cookie-jar (-c) option you'll make curl write a new cookie
- file at the end of an operation:
+ format that Netscape and Mozilla once used. It is a convenient way to share
+ cookies between scripts or invokes. The --cookie (-b) switch automatically
+ detects if a given file is such a cookie file and parses it, and by using the
+ --cookie-jar (-c) option you'll make curl write a new cookie file at the end
+ of an operation:

        curl --cookie cookies.txt --cookie-jar newcookies.txt \
        http://www.example.com

-11. HTTPS
+10. HTTPS
+
+ 10.1 HTTPS is HTTP secure

 There are a few ways to do secure HTTP transfers. The by far most common
 protocol for doing this is what is generally known as HTTPS, HTTP over
@@ -391,7 +562,7 @@ Date:    Jan 19, 2011

        curl https://secure.example.com

- 11.1 Certificates
+ 10.2 Certificates

  In the HTTPS world, you use certificates to validate that you are the one
  you claim to be, as an addition to normal passwords. Curl supports client-
@@ -413,7 +584,9 @@ Date:    Jan 19, 2011

        http://curl.haxx.se/docs/sslcerts.html

-12. Custom Request Elements
+11. Custom Request Elements
+
+11.1 Modify method and headers

 Doing fancy stuff, you may need to add or change elements of a single curl
 request.
@@ -434,7 +607,26 @@ Date:    Jan 19, 2011

        curl --header "Destination: http://nowhere" http://example.com

-13. Web Login
+ 11.2 More on changed methods
+
+ It should be noted that curl selects which methods to use on its own
+ depending on what action to ask for. -d will do POST, -I will do HEAD and so
+ on. If you use the --request / -X option you can change the method keyword
+ curl selects, but you will not modify curl's behavior. This means that if you
+ for example use -d "data" to do a POST, you can modify the method to a
+ PROPFIND with -X and curl will still think it sends a POST. You can change
+ the normal GET to a POST method by simply adding -X POST in a command line
+ like:
+
+        curl -X POST http://example.org/
+
+ ... but curl will still think and act as if it sent a GET so it won't send any
+ request body etc.
+
+
+12. Web Login
+
+ 12.1 Some login tricks

 While not strictly just HTTP related, it still cause a lot of people problems
 so here's the executive run-down of how the vast majority of all login forms
@@ -463,7 +655,9 @@ Date:    Jan 19, 2011
 to do a proper login POST. Remember that the contents need to be URL encoded
 when sent in a normal POST.

-14. Debug
+13. Debug
+
+ 13.1 Some debug tricks

 Many times when you run curl on a site, you'll notice that the site doesn't
 seem to respond the same way to your curl requests as it does to your
@@ -473,35 +667,40 @@ Date:    Jan 19, 2011
 browser's requests:

 * Use the --trace-ascii option to store fully detailed logs of the requests
-   for easier analyzing and better understanding
+ for easier analyzing and better understanding

 * Make sure you check for and use cookies when needed (both reading with
-   --cookie and writing with --cookie-jar)
+ --cookie and writing with --cookie-jar)

 * Set user-agent to one like a recent popular browser does

 * Set referer like it is set by the browser

 * If you use POST, make sure you send all the fields and in the same order as
-   the browser does it. (See chapter 4.5 above)
+ the browser does it.

 A very good helper to make sure you do this right, is the LiveHTTPHeader tool
 that lets you view all headers you send and receive with Mozilla/Firefox
- (even when using HTTPS).
+ (even when using HTTPS). Chrome features similar functionality out of the box
+ among the developer's tools.

 A more raw approach is to capture the HTTP traffic on the network with tools
 such as ethereal or tcpdump and check what headers that were sent and
 received by the browser. (HTTPS makes this technique inefficient.)

-15. References
+14. References
+
+ 14.1 Standards

 RFC 2616 is a must to read if you want in-depth understanding of the HTTP
- protocol.
+ protocol

- RFC 3986 explains the URL syntax.
+ RFC 3986 explains the URL syntax

- RFC 2109 defines how cookies are supposed to work.
+ RFC 1867 defines the HTTP post upload format

- RFC 1867 defines the HTTP post upload format.
+ RFC 6525 defines how HTTP cookies work
+
+ 14.2 Sites

 http://curl.haxx.se is the home of the cURL project
--- a/docs/curl.1
+++ b/docs/curl.1
@@ -287,11 +287,11 @@ data pieces specified will be merged together with a separating
 chunk that looks like \&'name=daniel&skill=lousy'.

 If you start the data with the letter @, the rest should be a file name to
-read the data from, or - if you want curl to read the data from stdin.  The
-contents of the file must already be URL-encoded. Multiple files can also be
-specified. Posting data from a file named 'foobar' would thus be done with
-\fI--data\fP @foobar. When --data is told to read from a file like that,
-carriage returns and newlines will be stripped out.
+read the data from, or - if you want curl to read the data from
+stdin. Multiple files can also be specified. Posting data from a file
+named 'foobar' would thus be done with \fI--data\fP @foobar. When --data is
+told to read from a file like that, carriage returns and newlines will be
+stripped out.
 .IP "-D, --dump-header <file>"
 Write the protocol headers to the specified file.

@@ -646,10 +646,10 @@ you can specify URLs that contain the letters {}[] without having them being
 interpreted by curl itself. Note that these letters are not normal legal URL
 contents but they should be encoded according to the URI standard.
 .IP "-G, --get"
-When used, this option will make all data specified with \fI-d, --data\fP or
-\fI--data-binary\fP to be used in an HTTP GET request instead of the POST
-request that otherwise would be used. The data will be appended to the URL
-with a '?' separator.
+When used, this option will make all data specified with \fI-d, --data\fP,
+\fI--data-binary\fP or \fI--data-urlencode\fP to be used in an HTTP GET
+request instead of the POST request that otherwise would be used. The data
+will be appended to the URL with a '?' separator.

 If used in combination with -I, the POST data will instead be appended to the
 URL with a HEAD request.
@@ -711,6 +711,9 @@ cookies when they're closed down.
 (HTTP) This option tells the \fI-O, --remote-name\fP option to use the
 server-specified Content-Disposition filename instead of extracting a filename
 from the URL.
+
+There's no attempt to decode %-sequences (yet) in the provided file name, so
+this option may provide you with rather unexpected file names.
 .IP "-k, --insecure"
 (SSL) This option explicitly allows curl to perform "insecure" SSL connections
 and transfers. All SSL connections are attempted to be made secure by using
@@ -722,16 +725,21 @@ See this online resource for further details:
 .IP "-K, --config <config file>"
 Specify which config file to read curl arguments from. The config file is a
 text file in which command line arguments can be written which then will be
-used as if they were written on the actual command line. Options and their
-parameters must be specified on the same config file line, separated by
-whitespace, colon, the equals sign or any combination thereof (however,
-the preferred separator is the equals sign). If the parameter is to contain
-whitespace, the parameter must be enclosed within quotes. Within double
-quotes, the following escape sequences are available: \\\\, \\", \\t, \\n,
-\\r and \\v. A backslash preceding any other letter is ignored. If the
-first column of a config line is a '#' character, the rest of the line will be
-treated as a comment. Only write one option per physical line in the config
-file.
+used as if they were written on the actual command line.
+
+Options and their parameters must be specified on the same config file line,
+separated by whitespace, colon, or the equals sign. Long option names can
+optionally be given in the config file without the initial double dashes and
+if so, the colon or equals characters can be used as separators. If the option
+is specified with one or two dashes, there can be no colon or equals character
+between the option and its parameter.
+
+If the parameter is to contain whitespace, the parameter must be enclosed
+within quotes. Within double quotes, the following escape sequences are
+available: \\\\, \\", \\t, \\n, \\r and \\v. A backslash preceding any other
+letter is ignored. If the first column of a config line is a '#' character,
+the rest of the line will be treated as a comment. Only write one option per
+physical line in the config file.

 Specify the filename to -K, --config as '-' to make curl read the file from
 stdin.
@@ -742,9 +750,6 @@ line. So, it could look similar to this:

 url = "http://curl.haxx.se/docs/"

-Long option names can optionally be given in the config file without the
-initial double dashes.
-
 When curl is invoked, it always (unless \fI-q\fP is used) checks for a default
 config file and uses it if found. The default config file is checked for in
 the following places in this order:
@@ -806,15 +811,23 @@ see if your curl supports it.
 If this option is used several times, the last one will be used.
 .IP "-l, --list-only"
 (FTP)
-When listing an FTP directory, this switch forces a name-only view.
-Especially useful if you want to machine-parse the contents of an FTP
-directory since the normal directory view doesn't use a standard look
-or format.
+When listing an FTP directory, this switch forces a name-only view. This is
+especially useful if the user wants to machine-parse the contents of an FTP
+directory since the normal directory view doesn't use a standard look or
+format. When used like this, the option causes a NLST command to be sent to
+the server instead of LIST.

-This option causes an FTP NLST command to be sent.  Some FTP servers
-list only files in their response to NLST; they do not include
-subdirectories and symbolic links.
+Note: Some FTP servers list only files in their response to NLST; they do not
+include sub-directories and symbolic links.

+(POP3)
+When retrieving a specific email from POP3, this switch forces a LIST command
+to be performed instead of RETR. This is particularly useful if the user wants
+to see if a specific message id exists on the server and what size it is.
+
+Note: When combined with \fI-X, --request <command>\fP, this option can be used
+to send an UIDL command instead, so the user may use the email's unique
+identifier rather than it's message id to make the request. (Added in 7.21.5)
 .IP "-L, --location"
 (HTTP/HTTPS) If the server reports that the requested page has moved to a
 different location (indicated with a Location: header and a 3XX response code),
@@ -894,10 +907,18 @@ return with exit code 63.
 files this option has no effect even if the file transfer ends up being larger
 than this given limit. This concerns both FTP and HTTP transfers.
 .IP "--mail-rcpt <address>"
-(SMTP) Specify a single address that the given mail should get sent to. This
-option can be used multiple times to specify many recipients.
+(SMTP) Specify a single address, user name or mailing list name.

-(Added in 7.20.0)
+When performing a mail transfer, the recipient should specify a valid email
+address to send the mail to. (Added in 7.20.0)
+
+When performing an address verification (VRFY command), the recipient should be
+specified as the user name or user name and domain (as per Section 3.5 of
+RFC5321). (Added in 7.34.0)
+
+When performing a mailing list expand (EXPN command), the recipient should be
+specified using the mailing list name, such as "Friends" or "London-Office".
+(Added in 7.34.0)
 .IP "--max-redirs <num>"
 Set maximum number of redirection-followings allowed. If \fI-L, --location\fP
 is used, this option can be used to prevent curl from following redirections
@@ -1053,11 +1074,15 @@ Consequentially, the file will be saved in the current working directory. If
 you want the file saved in a different directory, make sure you change current
 working directory before you invoke curl with the \fB-O, --remote-name\fP flag!

+There is no URL decoding done on the file name. If it has %20 or other URL
+encoded parts of the name, they will end up as-is as file name.
+
 You may use this option as many times as the number of URLs you have.
 .IP "--oauth2-bearer"
-(IMAP/POP3/SMTP) Specify the Bearer Token for OAUTH 2.0 server authentication.
-The Bearer Token is used in conjuction with the user name which can be
-specified as part of the \fI--url\fP or \fI-u, --user\fP options.
+(IMAP, POP3, SMTP)
+Specify the Bearer Token for OAUTH 2.0 server authentication. The Bearer Token
+is used in conjunction with the user name which can be specified as part of the
+\fI--url\fP or \fI-u, --user\fP options.

 The Bearer Token and user name are formatted according to RFC 6750.

@@ -1498,14 +1523,26 @@ Set TLS authentication type. Currently, the only supported option is "SRP",
 for TLS-SRP (RFC 5054). If \fI--tlsuser\fP and \fI--tlspassword\fP are
 specified but \fI--tlsauthtype\fP is not, then this option defaults to "SRP".
 (Added in 7.21.4)
-.IP "--tlsuser <user>"
-Set username for use with the TLS authentication method specified with
-\fI--tlsauthtype\fP. Requires that \fI--tlspassword\fP also be set.  (Added in
-7.21.4)
 .IP "--tlspassword <password>"
 Set password for use with the TLS authentication method specified with
 \fI--tlsauthtype\fP. Requires that \fI--tlsuser\fP also be set.  (Added in
 7.21.4)
+.IP "--tlsuser <user>"
+Set username for use with the TLS authentication method specified with
+\fI--tlsauthtype\fP. Requires that \fI--tlspassword\fP also be set.  (Added in
+7.21.4)
+.IP "--tlsv1.0"
+(SSL)
+Forces curl to use TLS version 1.0 when negotiating with a remote TLS server.
+(Added in 7.34.0)
+.IP "--tlsv1.1"
+(SSL)
+Forces curl to use TLS version 1.1 when negotiating with a remote TLS server.
+(Added in 7.34.0)
+.IP "--tlsv1.2"
+(SSL)
+Forces curl to use TLS version 1.2 when negotiating with a remote TLS server.
+(Added in 7.34.0)
 .IP "--tr-encoding"
 (HTTP) Request a compressed Transfer-Encoding response using one of the
 algorithms curl supports, and uncompress the data while receiving it.
@@ -1761,8 +1798,17 @@ option.
 Specifies a custom FTP command to use instead of LIST when doing file lists
 with FTP.

-If this option is used several times, the last one will be used.
+(POP3)
+Specifies a custom POP3 command to use instead of LIST or RETR. (Added in
+7.26.0)

+(IMAP)
+Specifies a custom IMAP command to use insead of LIST. (Added in 7.30.0)
+
+(SMTP)
+Specifies a custom SMTP command to use instead of HELP or VRFY. (Added in 7.34.0)
+
+If this option is used several times, the last one will be used.
 .IP "--xattr"
 When saving output to a file, this option tells curl to store certain file
 metadata in extended file attributes. Currently, the URL is stored in the
@@ -2055,6 +2101,8 @@ RTSP: mismatch of Session Identifiers
 unable to parse FTP file list
 .IP 88
 FTP chunk callback reported error
+.IP 89
+No connection available, the session will be queued
 .IP XX
 More error codes will appear here in future releases. The existing ones
 are meant to never change.
--- a/docs/examples/Makefile.inc
+++ b/docs/examples/Makefile.inc
@@ -4,8 +4,12 @@ check_PROGRAMS = 10-at-a-time anyauthput cookie_interface debug fileupload \
  https multi-app multi-debugcallback multi-double multi-post multi-single \
  persistant post-callback postit2 sepheaders simple simplepost simplessl  \
  sendrecv httpcustomheader certinfo chkspeed ftpgetinfo ftp-wildcard \
-  smtp-multi simplesmtp smtp-tls rtsp externalsocket resolve \
-  progressfunc pop3s pop3slist imap url2file sftpget ftpsget postinmemory
+  smtp-mail smtp-multi smtp-ssl smtp-tls smtp-vrfy smtp-expn rtsp \
+  externalsocket resolve progressfunc pop3-retr pop3-list pop3-uidl pop3-dele \
+  pop3-top pop3-stat pop3-noop pop3-ssl pop3-tls pop3-multi imap-list \
+  imap-fetch imap-store imap-append imap-examine imap-search imap-create \
+  imap-delete imap-copy imap-noop imap-ssl imap-tls imap-multi url2file \
+  sftpget ftpsget postinmemory

 # These examples require external dependencies that may not be commonly
 # available on POSIX systems, so don't bother attempting to compile them here.
@@ -13,4 +17,4 @@ COMPLICATED_EXAMPLES = curlgtk.c curlx.c htmltitle.cpp cacertinmem.c	   \
  ftpuploadresume.c ghiper.c hiperfifo.c htmltidy.c multithread.c	   \
  opensslthreadlock.c sampleconv.c synctime.c threaded-ssl.c evhiperfifo.c \
  smooth-gtk-thread.c version-check.pl href_extractor.c asiohiper.cpp \
-  multi-uv.c xmlstream.c usercertinmem.c
+  multi-uv.c xmlstream.c usercertinmem.c sessioninfo.c
--- a/docs/examples/httpput.c
+++ b/docs/examples/httpput.c
@@ -22,8 +22,6 @@
 #include <stdio.h>
 #include <fcntl.h>
 #include <sys/stat.h>
-#include <unistd.h>
-
 #include <curl/curl.h>

 /*
@@ -59,7 +57,6 @@ int main(int argc, char **argv)
  CURL *curl;
  CURLcode res;
  FILE * hd_src ;
-  int hd ;
  struct stat file_info;

  char *file;
@@ -72,9 +69,7 @@ int main(int argc, char **argv)
  url = argv[2];

  /* get the file size of the local file */
-  hd = open(file, O_RDONLY) ;
-  fstat(hd, &file_info);
-  close(hd) ;
+  stat(file, &file_info);

  /* get a FILE * of the same file, could also be made with
     fdopen() from the previous descriptor, but hey this is just
--- a/docs/examples/imap-append.c
+++ b/docs/examples/imap-append.c
@@ -0,0 +1,115 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include <stdio.h>
+#include <curl/curl.h>
+
+/* This is a simple example showing how to send mail using libcurl's IMAP
+ * capabilities.
+ *
+ * Note that this example requires libcurl 7.30.0 or above.
+ */
+
+#define FROM    "<sender@example.org>"
+#define TO      "<addressee@example.net>"
+#define CC      "<info@example.org>"
+
+static const char *payload_text[] = {
+  "Date: Mon, 29 Nov 2010 21:54:29 +1100\r\n",
+  "To: " TO "\r\n",
+  "From: " FROM "(Example User)\r\n",
+  "Cc: " CC "(Another example User)\r\n",
+  "Message-ID: <dcd7cb36-11db-487a-9f3a-e652a9458efd@rfcpedant.example.org>\r\n",
+  "Subject: IMAP example message\r\n",
+  "\r\n", /* empty line to divide headers from body, see RFC5322 */
+  "The body of the message starts here.\r\n",
+  "\r\n",
+  "It could be a lot of lines, could be MIME encoded, whatever.\r\n",
+  "Check RFC5322.\r\n",
+  NULL
+};
+
+struct upload_status {
+  int lines_read;
+};
+
+static size_t payload_source(void *ptr, size_t size, size_t nmemb, void *userp)
+{
+  struct upload_status *upload_ctx = (struct upload_status *)userp;
+  const char *data;
+
+  if((size == 0) || (nmemb == 0) || ((size*nmemb) < 1)) {
+    return 0;
+  }
+
+  data = payload_text[upload_ctx->lines_read];
+
+  if(data) {
+    size_t len = strlen(data);
+    memcpy(ptr, data, len);
+    upload_ctx->lines_read++;
+
+    return len;
+  }
+
+  return 0;
+}
+
+int main(void)
+{
+  CURL *curl;
+  CURLcode res = CURLE_OK;
+  struct upload_status upload_ctx;
+
+  upload_ctx.lines_read = 0;
+
+  curl = curl_easy_init();
+  if(curl) {
+    /* Set username and password */
+    curl_easy_setopt(curl, CURLOPT_USERNAME, "user");
+    curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");
+
+    /* This will create a new message 100. Note that you should perform an
+     * EXAMINE command to obtain the UID of the next message to create and a
+     * SELECT to ensure you are creating the message in the OUTBOX. */
+    curl_easy_setopt(curl, CURLOPT_URL, "imap://imap.example.com/100");
+
+    /* In this case, we're using a callback function to specify the data. You
+     * could just use the CURLOPT_READDATA option to specify a FILE pointer to
+     * read from. */
+    curl_easy_setopt(curl, CURLOPT_READFUNCTION, payload_source);
+    curl_easy_setopt(curl, CURLOPT_READDATA, &upload_ctx);
+    curl_easy_setopt(curl, CURLOPT_UPLOAD, 1L);
+
+    /* Perform the append */
+    res = curl_easy_perform(curl);
+
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));
+
+    /* Always cleanup */
+    curl_easy_cleanup(curl);
+  }
+
+  return (int)res;
+}
--- a/docs/examples/imap-copy.c
+++ b/docs/examples/imap-copy.c
@@ -0,0 +1,65 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include <stdio.h>
+#include <curl/curl.h>
+
+/* This is a simple example showing how to copy a mail from one mailbox folder
+ * to another using libcurl's IMAP capabilities.
+ *
+ * Note that this example requires libcurl 7.30.0 or above.
+ */
+
+int main(void)
+{
+  CURL *curl;
+  CURLcode res = CURLE_OK;
+
+  curl = curl_easy_init();
+  if(curl) {
+    /* Set username and password */
+    curl_easy_setopt(curl, CURLOPT_USERNAME, "user");
+    curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");
+
+    /* This is source mailbox folder to select */
+    curl_easy_setopt(curl, CURLOPT_URL, "imap://imap.example.com/INBOX");
+
+    /* Set the COPY command specifing the message ID and destination folder */
+    curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "COPY 1 FOLDER");
+
+    /* Note that to perform a move operation you will need to perform the copy,
+     * then mark the original mail as Deleted and EXPUNGE or CLOSE. Please see
+     * imap-store.c for more information on deleting messages. */
+
+    /* Perform the custom request */
+    res = curl_easy_perform(curl);
+
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));
+
+    /* Always cleanup */
+    curl_easy_cleanup(curl);
+  }
+
+  return (int)res;
+}
--- a/docs/examples/imap-create.c
+++ b/docs/examples/imap-create.c
@@ -0,0 +1,61 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include <stdio.h>
+#include <curl/curl.h>
+
+/* This is a simple example showing how to create a new mailbox folder using
+ * libcurl's IMAP capabilities.
+ *
+ * Note that this example requires libcurl 7.30.0 or above.
+ */
+
+int main(void)
+{
+  CURL *curl;
+  CURLcode res = CURLE_OK;
+
+  curl = curl_easy_init();
+  if(curl) {
+    /* Set username and password */
+    curl_easy_setopt(curl, CURLOPT_USERNAME, "user");
+    curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");
+
+    /* This is just the server URL */
+    curl_easy_setopt(curl, CURLOPT_URL, "imap://imap.example.com");
+
+    /* Set the CREATE command specifing the new folder name */
+    curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "CREATE FOLDER");
+
+    /* Perform the custom request */
+    res = curl_easy_perform(curl);
+
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));
+
+    /* Always cleanup */
+    curl_easy_cleanup(curl);
+  }
+
+  return (int)res;
+}
--- a/docs/examples/imap-delete.c
+++ b/docs/examples/imap-delete.c
@@ -0,0 +1,61 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include <stdio.h>
+#include <curl/curl.h>
+
+/* This is a simple example showing how to delete an existing mailbox folder
+ * using libcurl's IMAP capabilities.
+ *
+ * Note that this example requires libcurl 7.30.0 or above.
+ */
+
+int main(void)
+{
+  CURL *curl;
+  CURLcode res = CURLE_OK;
+
+  curl = curl_easy_init();
+  if(curl) {
+    /* Set username and password */
+    curl_easy_setopt(curl, CURLOPT_USERNAME, "user");
+    curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");
+
+    /* This is just the server URL */
+    curl_easy_setopt(curl, CURLOPT_URL, "imap://imap.example.com");
+
+    /* Set the DELETE command specifing the existing folder */
+    curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "DELETE FOLDER");
+
+    /* Perform the custom request */
+    res = curl_easy_perform(curl);
+
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));
+
+    /* Always cleanup */
+    curl_easy_cleanup(curl);
+  }
+
+  return (int)res;
+}
--- a/docs/examples/imap-examine.c
+++ b/docs/examples/imap-examine.c
@@ -0,0 +1,61 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include <stdio.h>
+#include <curl/curl.h>
+
+/* This is a simple example showing how to obtain information about a mailbox
+ * folder using libcurl's IMAP capabilities via the EXAMINE command.
+ *
+ * Note that this example requires libcurl 7.30.0 or above.
+ */
+
+int main(void)
+{
+  CURL *curl;
+  CURLcode res = CURLE_OK;
+
+  curl = curl_easy_init();
+  if(curl) {
+    /* Set username and password */
+    curl_easy_setopt(curl, CURLOPT_USERNAME, "user");
+    curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");
+
+    /* This is just the server URL */
+    curl_easy_setopt(curl, CURLOPT_URL, "imap://imap.example.com");
+
+    /* Set the EXAMINE command specifing the mailbox folder */
+    curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "EXAMINE OUTBOX");
+
+    /* Perform the custom request */
+    res = curl_easy_perform(curl);
+
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));
+
+    /* Always cleanup */
+    curl_easy_cleanup(curl);
+  }
+
+  return (int)res;
+}
--- a/docs/examples/imap-fetch.c
+++ b/docs/examples/imap-fetch.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -22,6 +22,12 @@
 #include <stdio.h>
 #include <curl/curl.h>

+/* This is a simple example showing how to fetch mail using libcurl's IMAP
+ * capabilities.
+ *
+ * Note that this example requires libcurl 7.30.0 or above.
+ */
+
 int main(void)
 {
  CURL *curl;
@@ -30,15 +36,23 @@ int main(void)
  curl = curl_easy_init();
  if(curl) {
    /* Set username and password */
-    curl_easy_setopt(curl, CURLOPT_USERPWD, "user:password");
+    curl_easy_setopt(curl, CURLOPT_USERNAME, "user");
+    curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");

-    /* This will fetch the mailbox named "foobar" */
-    curl_easy_setopt(curl, CURLOPT_URL, "imap://imap.example.com/foobar");
+    /* This will fetch message 1 from the user's inbox */
+    curl_easy_setopt(curl, CURLOPT_URL, "imap://imap.example.com/INBOX/;UID=1");

+    /* Perform the fetch */
    res = curl_easy_perform(curl);

-    /* always cleanup */
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));
+
+    /* Always cleanup */
    curl_easy_cleanup(curl);
  }
+
  return (int)res;
 }
--- a/docs/examples/imap-list.c
+++ b/docs/examples/imap-list.c
@@ -0,0 +1,60 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include <stdio.h>
+#include <curl/curl.h>
+
+/* This is a simple example showing how to list the folders within an IMAP
+ * mailbox.
+ *
+ * Note that this example requires libcurl 7.30.0 or above.
+ */
+
+int main(void)
+{
+  CURL *curl;
+  CURLcode res = CURLE_OK;
+
+  curl = curl_easy_init();
+  if(curl) {
+    /* Set username and password */
+    curl_easy_setopt(curl, CURLOPT_USERNAME, "user");
+    curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");
+
+    /* This will list the folders within the user's mailbox. If you want to
+     * list the folders within a specific folder, for example the inbox, then
+     * specify the folder as a path in the URL such as /INBOX */
+    curl_easy_setopt(curl, CURLOPT_URL, "imap://imap.example.com");
+
+    /* Perform the list */
+    res = curl_easy_perform(curl);
+
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));
+
+    /* Always cleanup */
+    curl_easy_cleanup(curl);
+  }
+
+  return (int)res;
+}
--- a/docs/examples/imap-multi.c
+++ b/docs/examples/imap-multi.c
@@ -0,0 +1,145 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include <stdio.h>
+#include <curl/curl.h>
+
+/* This is a simple example showing how to fetch mail using libcurl's IMAP
+ * capabilities. It builds on the imap-fetch.c example to demonstrate how to
+ * use libcurl's multi interface.
+ *
+ * Note that this example requires libcurl 7.30.0 or above.
+ */
+
+#define MULTI_PERFORM_HANG_TIMEOUT 60 * 1000
+
+static struct timeval tvnow(void)
+{
+  struct timeval now;
+
+  /* time() returns the value of time in seconds since the epoch */
+  now.tv_sec = (long)time(NULL);
+  now.tv_usec = 0;
+
+  return now;
+}
+
+static long tvdiff(struct timeval newer, struct timeval older)
+{
+  return (newer.tv_sec - older.tv_sec) * 1000 +
+    (newer.tv_usec - older.tv_usec) / 1000;
+}
+
+int main(void)
+{
+  CURL *curl;
+  CURLM *mcurl;
+  int still_running = 1;
+  struct timeval mp_start;
+
+  curl_global_init(CURL_GLOBAL_DEFAULT);
+
+  curl = curl_easy_init();
+  if(!curl)
+    return 1;
+
+  mcurl = curl_multi_init();
+  if(!mcurl)
+    return 2;
+
+  /* Set username and password */
+  curl_easy_setopt(curl, CURLOPT_USERNAME, "user");
+  curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");
+
+  /* This will fetch message 1 from the user's inbox */
+  curl_easy_setopt(curl, CURLOPT_URL, "imap://imap.example.com/INBOX/;UID=1");
+
+  /* Tell the multi stack about our easy handle */
+  curl_multi_add_handle(mcurl, curl);
+
+  /* Record the start time which we can use later */
+  mp_start = tvnow();
+
+  /* We start some action by calling perform right away */
+  curl_multi_perform(mcurl, &still_running);
+
+  while(still_running) {
+    struct timeval timeout;
+    fd_set fdread;
+    fd_set fdwrite;
+    fd_set fdexcep;
+    int maxfd = -1;
+    int rc;
+
+    long curl_timeo = -1;
+
+    /* Initialise the file descriptors */
+    FD_ZERO(&fdread);
+    FD_ZERO(&fdwrite);
+    FD_ZERO(&fdexcep);
+
+    /* Set a suitable timeout to play around with */
+    timeout.tv_sec = 1;
+    timeout.tv_usec = 0;
+
+    curl_multi_timeout(mcurl, &curl_timeo);
+    if(curl_timeo >= 0) {
+      timeout.tv_sec = curl_timeo / 1000;
+      if(timeout.tv_sec > 1)
+        timeout.tv_sec = 1;
+      else
+        timeout.tv_usec = (curl_timeo % 1000) * 1000;
+    }
+
+    /* Get file descriptors from the transfers */
+    curl_multi_fdset(mcurl, &fdread, &fdwrite, &fdexcep, &maxfd);
+
+    /* In a real-world program you OF COURSE check the return code of the
+       function calls.  On success, the value of maxfd is guaranteed to be
+       greater or equal than -1.  We call select(maxfd + 1, ...), specially in
+       case of (maxfd == -1), we call select(0, ...), which is basically equal
+       to sleep. */
+    rc = select(maxfd + 1, &fdread, &fdwrite, &fdexcep, &timeout);
+
+    if(tvdiff(tvnow(), mp_start) > MULTI_PERFORM_HANG_TIMEOUT) {
+      fprintf(stderr,
+              "ABORTING: Since it seems that we would have run forever.\n");
+      break;
+    }
+
+    switch(rc) {
+    case -1:  /* select error */
+      break;
+    case 0:   /* timeout */
+    default:  /* action */
+      curl_multi_perform(mcurl, &still_running);
+      break;
+    }
+  }
+
+  /* Always cleanup */
+  curl_multi_remove_handle(mcurl, curl);
+  curl_multi_cleanup(mcurl);
+  curl_easy_cleanup(curl);
+  curl_global_cleanup();
+
+  return 0;
+}
--- a/docs/examples/imap-noop.c
+++ b/docs/examples/imap-noop.c
@@ -0,0 +1,61 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include <stdio.h>
+#include <curl/curl.h>
+
+/* This is a simple example showing how to perform a noop using libcurl's IMAP
+ * capabilities.
+ *
+ * Note that this example requires libcurl 7.30.0 or above.
+ */
+
+int main(void)
+{
+  CURL *curl;
+  CURLcode res = CURLE_OK;
+
+  curl = curl_easy_init();
+  if(curl) {
+    /* Set username and password */
+    curl_easy_setopt(curl, CURLOPT_USERNAME, "user");
+    curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");
+
+    /* This is just the server URL */
+    curl_easy_setopt(curl, CURLOPT_URL, "imap://imap.example.com");
+
+    /* Set the NOOP command */
+    curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "NOOP");
+
+    /* Perform the custom request */
+    res = curl_easy_perform(curl);
+
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));
+
+    /* Always cleanup */
+    curl_easy_cleanup(curl);
+  }
+
+  return (int)res;
+}
--- a/docs/examples/imap-search.c
+++ b/docs/examples/imap-search.c
@@ -0,0 +1,65 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include <stdio.h>
+#include <curl/curl.h>
+
+/* This is a simple example showing how to search for new messages using
+ * libcurl's IMAP capabilities.
+ *
+ * Note that this example requires libcurl 7.30.0 or above.
+ */
+
+int main(void)
+{
+  CURL *curl;
+  CURLcode res = CURLE_OK;
+
+  curl = curl_easy_init();
+  if(curl) {
+    /* Set username and password */
+    curl_easy_setopt(curl, CURLOPT_USERNAME, "user");
+    curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");
+
+    /* This is mailbox folder to select */
+    curl_easy_setopt(curl, CURLOPT_URL, "imap://imap.example.com/INBOX");
+
+    /* Set the SEARCH command specifing what we want to search for. Note that
+     * this can contain a message sequence set and a number of search criteria
+     * keywords including flags such as ANSWERED, DELETED, DRAFT, FLAGGED, NEW,
+     * RECENT and SEEN. For more information about the search criteria please
+     * see RFC-3501 section 6.4.4.   */
+    curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "SEARCH NEW");
+
+    /* Perform the custom request */
+    res = curl_easy_perform(curl);
+
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));
+
+    /* Always cleanup */
+    curl_easy_cleanup(curl);
+  }
+
+  return (int)res;
+}
--- a/docs/examples/pop3slist.c
+++ b/docs/examples/pop3slist.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -22,52 +22,64 @@
 #include <stdio.h>
 #include <curl/curl.h>

+/* This is a simple example showing how to fetch mail using libcurl's IMAP
+ * capabilities. It builds on the imap-fetch.c example adding transport
+ * security to protect the authentication details from being snooped.
+ *
+ * Note that this example requires libcurl 7.30.0 or above.
+ */
+
 int main(void)
 {
  CURL *curl;
-  CURLcode res;
+  CURLcode res = CURLE_OK;

  curl = curl_easy_init();
  if(curl) {
    /* Set username and password */
-    curl_easy_setopt(curl, CURLOPT_USERPWD, "user:password");
+    curl_easy_setopt(curl, CURLOPT_USERNAME, "user");
+    curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");

-    /* This will list every message of the given mailbox */
-    curl_easy_setopt(curl, CURLOPT_URL, "pop3s://user@pop.example.com/");
+    /* This will fetch message 1 from the user's inbox. Note the use of
+    * imaps:// rather than imap:// to request a SSL based connection. */
+    curl_easy_setopt(curl, CURLOPT_URL, "imaps://imap.example.com/INBOX/;UID=1");

-#ifdef SKIP_PEER_VERIFICATION
-    /*
-     * If you want to connect to a site who isn't using a certificate that is
+    /* If you want to connect to a site who isn't using a certificate that is
     * signed by one of the certs in the CA bundle you have, you can skip the
     * verification of the server's certificate. This makes the connection
     * A LOT LESS SECURE.
     *
     * If you have a CA cert for the server stored someplace else than in the
     * default bundle, then the CURLOPT_CAPATH option might come handy for
-     * you.
-     */
+     * you. */
+#ifdef SKIP_PEER_VERIFICATION
    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
 #endif

-#ifdef SKIP_HOSTNAME_VERFICATION
-    /*
-     * If the site you're connecting to uses a different host name that what
+    /* If the site you're connecting to uses a different host name that what
     * they have mentioned in their server certificate's commonName (or
     * subjectAltName) fields, libcurl will refuse to connect. You can skip
-     * this check, but this will make the connection less secure.
-     */
+     * this check, but this will make the connection less secure. */
+#ifdef SKIP_HOSTNAME_VERFICATION
    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
 #endif

-    /* Perform the request, res will get the return code */
+    /* Since the traffic will be encrypted, it is very useful to turn on debug
+     * information within libcurl to see what is happening during the
+     * transfer */
+    curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
+
+    /* Perform the fetch */
    res = curl_easy_perform(curl);
+
    /* Check for errors */
    if(res != CURLE_OK)
      fprintf(stderr, "curl_easy_perform() failed: %s\n",
              curl_easy_strerror(res));

-    /* always cleanup */
+    /* Always cleanup */
    curl_easy_cleanup(curl);
  }
-  return 0;
+
+  return (int)res;
 }
--- a/docs/examples/imap-store.c
+++ b/docs/examples/imap-store.c
@@ -0,0 +1,76 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include <stdio.h>
+#include <curl/curl.h>
+
+/* This is a simple example showing how to modify an existing mail using
+ * libcurl's IMAP capabilities with the STORE command.
+ *
+ * Note that this example requires libcurl 7.30.0 or above.
+ */
+
+int main(void)
+{
+  CURL *curl;
+  CURLcode res = CURLE_OK;
+
+  curl = curl_easy_init();
+  if(curl) {
+    /* Set username and password */
+    curl_easy_setopt(curl, CURLOPT_USERNAME, "user");
+    curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");
+
+    /* This is the mailbox folder to select */
+    curl_easy_setopt(curl, CURLOPT_URL, "imap://imap.example.com/INBOX");
+
+    /* Set the STORE command with the Deleted flag for message 1. Note that
+     * you can use the STORE command to set other flags such as Seen, Answered,
+     * Flagged, Draft and Recent. */
+    curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "STORE 1 +Flags \\Deleted");
+
+    /* Perform the custom request */
+    res = curl_easy_perform(curl);
+
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));
+    else {
+      /* Set the EXPUNGE command, although you can use the CLOSE command if you
+       * don't want to know the result of the STORE */
+      curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "EXPUNGE");
+
+      /* Perform the second custom request */
+      res = curl_easy_perform(curl);
+
+      /* Check for errors */
+      if(res != CURLE_OK)
+        fprintf(stderr, "curl_easy_perform() failed: %s\n",
+                curl_easy_strerror(res));
+    }
+
+    /* Always cleanup */
+    curl_easy_cleanup(curl);
+  }
+
+  return (int)res;
+}
--- a/docs/examples/imap-tls.c
+++ b/docs/examples/imap-tls.c
@@ -0,0 +1,84 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include <stdio.h>
+#include <curl/curl.h>
+
+/* This is a simple example showing how to fetch mail using libcurl's IMAP
+ * capabilities. It builds on the imap-fetch.c example adding transport
+ * security to protect the authentication details from being snooped.
+ *
+ * Note that this example requires libcurl 7.30.0 or above.
+ */
+
+int main(void)
+{
+  CURL *curl;
+  CURLcode res = CURLE_OK;
+
+  curl = curl_easy_init();
+  if(curl) {
+    /* Set username and password */
+    curl_easy_setopt(curl, CURLOPT_USERNAME, "user");
+    curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");
+
+    /* This will fetch message 1 from the user's inbox */
+    curl_easy_setopt(curl, CURLOPT_URL, "imap://imap.example.com/INBOX/;UID=1");
+
+    /* In this example, we'll start with a plain text connection, and upgrade
+     * to Transport Layer Security (TLS) using the STARTTLS command. Be careful
+     * of using CURLUSESSL_TRY here, because if TLS upgrade fails, the transfer
+     * will continue anyway - see the security discussion in the libcurl
+     * tutorial for more details. */
+    curl_easy_setopt(curl, CURLOPT_USE_SSL, (long)CURLUSESSL_ALL);
+
+    /* If your server doesn't have a valid certificate, then you can disable
+     * part of the Transport Layer Security protection by setting the
+     * CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST options to 0 (false).
+     *   curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
+     *   curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
+     * That is, in general, a bad idea. It is still better than sending your
+     * authentication details in plain text though.
+     * Instead, you should get the issuer certificate (or the host certificate
+     * if the certificate is self-signed) and add it to the set of certificates
+     * that are known to libcurl using CURLOPT_CAINFO and/or CURLOPT_CAPATH. See
+     * docs/SSLCERTS for more information. */
+    curl_easy_setopt(curl, CURLOPT_CAINFO, "/path/to/certificate.pem");
+
+    /* Since the traffic will be encrypted, it is very useful to turn on debug
+     * information within libcurl to see what is happening during the
+     * transfer */
+    curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
+
+    /* Perform the fetch */
+    res = curl_easy_perform(curl);
+
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));
+
+    /* Always cleanup */
+    curl_easy_cleanup(curl);
+  }
+
+  return (int)res;
+}
--- a/docs/examples/pop3-dele.c
+++ b/docs/examples/pop3-dele.c
@@ -0,0 +1,64 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include <stdio.h>
+#include <curl/curl.h>
+
+/* This is a simple example showing how to delete an existing mail using
+ * libcurl's POP3 capabilities.
+ *
+ * Note that this example requires libcurl 7.26.0 or above.
+ */
+
+int main(void)
+{
+  CURL *curl;
+  CURLcode res = CURLE_OK;
+
+  curl = curl_easy_init();
+  if(curl) {
+    /* Set username and password */
+    curl_easy_setopt(curl, CURLOPT_USERNAME, "user");
+    curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");
+
+    /* You can specify the message either in the URL or DELE command */
+    curl_easy_setopt(curl, CURLOPT_URL, "pop3://pop.example.com/1");
+
+    /* Set the DELE command */
+    curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "DELE");
+
+    /* Do not perform a transfer as DELE returns no data */
+    curl_easy_setopt(curl, CURLOPT_NOBODY, 1L);
+
+    /* Perform the custom request */
+    res = curl_easy_perform(curl);
+
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));
+
+    /* Always cleanup */
+    curl_easy_cleanup(curl);
+  }
+
+  return (int)res;
+}
--- a/docs/examples/pop3-list.c
+++ b/docs/examples/pop3-list.c
@@ -0,0 +1,58 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include <stdio.h>
+#include <curl/curl.h>
+
+/* This is a simple example using libcurl's POP3 capabilities to list the
+ * contents of a mailbox.
+ *
+ * Note that this example requires libcurl 7.20.0 or above.
+ */
+
+int main(void)
+{
+  CURL *curl;
+  CURLcode res = CURLE_OK;
+
+  curl = curl_easy_init();
+  if(curl) {
+    /* Set username and password */
+    curl_easy_setopt(curl, CURLOPT_USERNAME, "user");
+    curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");
+
+    /* This will list every message of the given mailbox */
+    curl_easy_setopt(curl, CURLOPT_URL, "pop3://pop.example.com");
+
+    /* Perform the list */
+    res = curl_easy_perform(curl);
+
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));
+
+    /* Always cleanup */
+    curl_easy_cleanup(curl);
+  }
+
+  return (int)res;
+}
--- a/docs/examples/pop3-multi.c
+++ b/docs/examples/pop3-multi.c
@@ -0,0 +1,145 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include <stdio.h>
+#include <curl/curl.h>
+
+/* This is a simple example showing how to retrieve mail using libcurl's POP3
+ * capabilities. It builds on the pop3-retr.c example to demonstrate how to use
+ * libcurl's multi interface.
+ *
+ * Note that this example requires libcurl 7.20.0 or above.
+ */
+
+#define MULTI_PERFORM_HANG_TIMEOUT 60 * 1000
+
+static struct timeval tvnow(void)
+{
+  struct timeval now;
+
+  /* time() returns the value of time in seconds since the epoch */
+  now.tv_sec = (long)time(NULL);
+  now.tv_usec = 0;
+
+  return now;
+}
+
+static long tvdiff(struct timeval newer, struct timeval older)
+{
+  return (newer.tv_sec - older.tv_sec) * 1000 +
+    (newer.tv_usec - older.tv_usec) / 1000;
+}
+
+int main(void)
+{
+  CURL *curl;
+  CURLM *mcurl;
+  int still_running = 1;
+  struct timeval mp_start;
+
+  curl_global_init(CURL_GLOBAL_DEFAULT);
+
+  curl = curl_easy_init();
+  if(!curl)
+    return 1;
+
+  mcurl = curl_multi_init();
+  if(!mcurl)
+    return 2;
+
+  /* Set username and password */
+  curl_easy_setopt(curl, CURLOPT_USERNAME, "user");
+  curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");
+
+  /* This will retreive message 1 from the user's mailbox */
+  curl_easy_setopt(curl, CURLOPT_URL, "pop3://pop.example.com/1");
+
+  /* Tell the multi stack about our easy handle */
+  curl_multi_add_handle(mcurl, curl);
+
+  /* Record the start time which we can use later */
+  mp_start = tvnow();
+
+  /* We start some action by calling perform right away */
+  curl_multi_perform(mcurl, &still_running);
+
+  while(still_running) {
+    struct timeval timeout;
+    fd_set fdread;
+    fd_set fdwrite;
+    fd_set fdexcep;
+    int maxfd = -1;
+    int rc;
+
+    long curl_timeo = -1;
+
+    /* Initialise the file descriptors */
+    FD_ZERO(&fdread);
+    FD_ZERO(&fdwrite);
+    FD_ZERO(&fdexcep);
+
+    /* Set a suitable timeout to play around with */
+    timeout.tv_sec = 1;
+    timeout.tv_usec = 0;
+
+    curl_multi_timeout(mcurl, &curl_timeo);
+    if(curl_timeo >= 0) {
+      timeout.tv_sec = curl_timeo / 1000;
+      if(timeout.tv_sec > 1)
+        timeout.tv_sec = 1;
+      else
+        timeout.tv_usec = (curl_timeo % 1000) * 1000;
+    }
+
+    /* Get file descriptors from the transfers */
+    curl_multi_fdset(mcurl, &fdread, &fdwrite, &fdexcep, &maxfd);
+
+    /* In a real-world program you OF COURSE check the return code of the
+       function calls. On success, the value of maxfd is guaranteed to be
+       greater or equal than -1. We call select(maxfd + 1, ...), specially in
+       case of (maxfd == -1), we call select(0, ...), which is basically equal
+       to sleep. */
+    rc = select(maxfd + 1, &fdread, &fdwrite, &fdexcep, &timeout);
+
+    if(tvdiff(tvnow(), mp_start) > MULTI_PERFORM_HANG_TIMEOUT) {
+      fprintf(stderr,
+              "ABORTING: Since it seems that we would have run forever.\n");
+      break;
+    }
+
+    switch(rc) {
+    case -1:  /* select error */
+      break;
+    case 0:   /* timeout */
+    default:  /* action */
+      curl_multi_perform(mcurl, &still_running);
+      break;
+    }
+  }
+
+  /* Always cleanup */
+  curl_multi_remove_handle(mcurl, curl);
+  curl_multi_cleanup(mcurl);
+  curl_easy_cleanup(curl);
+  curl_global_cleanup();
+
+  return 0;
+}
--- a/docs/examples/pop3-noop.c
+++ b/docs/examples/pop3-noop.c
@@ -0,0 +1,64 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include <stdio.h>
+#include <curl/curl.h>
+
+/* This is a simple example showing how to perform a noop using libcurl's POP3
+ * capabilities.
+ *
+ * Note that this example requires libcurl 7.26.0 or above.
+ */
+
+int main(void)
+{
+  CURL *curl;
+  CURLcode res = CURLE_OK;
+
+  curl = curl_easy_init();
+  if(curl) {
+    /* Set username and password */
+    curl_easy_setopt(curl, CURLOPT_USERNAME, "user");
+    curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");
+
+    /* This is just the server URL */
+    curl_easy_setopt(curl, CURLOPT_URL, "pop3://pop.example.com");
+
+    /* Set the NOOP command */
+    curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "NOOP");
+
+    /* Do not perform a transfer as NOOP returns no data */
+    curl_easy_setopt(curl, CURLOPT_NOBODY, 1L);
+
+    /* Perform the custom request */
+    res = curl_easy_perform(curl);
+
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));
+
+    /* Always cleanup */
+    curl_easy_cleanup(curl);
+  }
+
+  return (int)res;
+}
--- a/docs/examples/pop3-retr.c
+++ b/docs/examples/pop3-retr.c
@@ -0,0 +1,58 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include <stdio.h>
+#include <curl/curl.h>
+
+/* This is a simple example showing how to retrieve mail using libcurl's POP3
+ * capabilities.
+ *
+ * Note that this example requires libcurl 7.20.0 or above.
+ */
+
+int main(void)
+{
+  CURL *curl;
+  CURLcode res = CURLE_OK;
+
+  curl = curl_easy_init();
+  if(curl) {
+    /* Set username and password */
+    curl_easy_setopt(curl, CURLOPT_USERNAME, "user");
+    curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");
+
+    /* This will retreive message 1 from the user's mailbox */
+    curl_easy_setopt(curl, CURLOPT_URL, "pop3://pop.example.com/1");
+
+    /* Perform the retr */
+    res = curl_easy_perform(curl);
+
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));
+
+    /* Always cleanup */
+    curl_easy_cleanup(curl);
+  }
+
+  return (int)res;
+}
--- a/docs/examples/pop3-ssl.c
+++ b/docs/examples/pop3-ssl.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -22,52 +22,64 @@
 #include <stdio.h>
 #include <curl/curl.h>

+/* This is a simple example showing how to retrieve mail using libcurl's POP3
+ * capabilities. It builds on the pop3-retr.c example adding transport
+ * security to protect the authentication details from being snooped.
+ *
+ * Note that this example requires libcurl 7.20.0 or above.
+ */
+
 int main(void)
 {
  CURL *curl;
-  CURLcode res;
+  CURLcode res = CURLE_OK;

  curl = curl_easy_init();
  if(curl) {
    /* Set username and password */
-    curl_easy_setopt(curl, CURLOPT_USERPWD, "user:password");
+    curl_easy_setopt(curl, CURLOPT_USERNAME, "user");
+    curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");

-    /* This will only fetch the message with ID "1" of the given mailbox */
-    curl_easy_setopt(curl, CURLOPT_URL, "pop3s://user@pop.example.com/1");
+    /* This will retreive message 1 from the user's mailbox. Note the use of
+     * pop3s:// rather than pop3:// to request a SSL based connection. */
+    curl_easy_setopt(curl, CURLOPT_URL, "pop3s://pop.example.com/1");

-#ifdef SKIP_PEER_VERIFICATION
-    /*
-     * If you want to connect to a site who isn't using a certificate that is
+    /* If you want to connect to a site who isn't using a certificate that is
     * signed by one of the certs in the CA bundle you have, you can skip the
     * verification of the server's certificate. This makes the connection
     * A LOT LESS SECURE.
     *
     * If you have a CA cert for the server stored someplace else than in the
     * default bundle, then the CURLOPT_CAPATH option might come handy for
-     * you.
-     */
+     * you. */
+#ifdef SKIP_PEER_VERIFICATION
    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
 #endif

-#ifdef SKIP_HOSTNAME_VERFICATION
-    /*
-     * If the site you're connecting to uses a different host name that what
+    /* If the site you're connecting to uses a different host name that what
     * they have mentioned in their server certificate's commonName (or
     * subjectAltName) fields, libcurl will refuse to connect. You can skip
-     * this check, but this will make the connection less secure.
-     */
+     * this check, but this will make the connection less secure. */
+#ifdef SKIP_HOSTNAME_VERFICATION
    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
 #endif

-    /* Perform the request, res will get the return code */
+    /* Since the traffic will be encrypted, it is very useful to turn on debug
+     * information within libcurl to see what is happening during the
+     * transfer */
+    curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
+
+    /* Perform the retr */
    res = curl_easy_perform(curl);
+
    /* Check for errors */
    if(res != CURLE_OK)
      fprintf(stderr, "curl_easy_perform() failed: %s\n",
              curl_easy_strerror(res));

-    /* always cleanup */
+    /* Always cleanup */
    curl_easy_cleanup(curl);
  }
-  return 0;
+
+  return (int)res;
 }
--- a/docs/examples/pop3-stat.c
+++ b/docs/examples/pop3-stat.c
@@ -0,0 +1,64 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include <stdio.h>
+#include <curl/curl.h>
+
+/* This is a simple example showing how to obtain message statistics using
+ * libcurl's POP3 capabilities.
+ *
+ * Note that this example requires libcurl 7.26.0 or above.
+ */
+
+int main(void)
+{
+  CURL *curl;
+  CURLcode res = CURLE_OK;
+
+  curl = curl_easy_init();
+  if(curl) {
+    /* Set username and password */
+    curl_easy_setopt(curl, CURLOPT_USERNAME, "user");
+    curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");
+
+    /* This is just the server URL */
+    curl_easy_setopt(curl, CURLOPT_URL, "pop3://pop.example.com");
+
+    /* Set the STAT command */
+    curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "STAT");
+
+    /* Do not perform a transfer as the data is in the response */
+    curl_easy_setopt(curl, CURLOPT_NOBODY, 1L);
+
+    /* Perform the custom request */
+    res = curl_easy_perform(curl);
+
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));
+
+    /* Always cleanup */
+    curl_easy_cleanup(curl);
+  }
+
+  return (int)res;
+}
--- a/docs/examples/pop3-tls.c
+++ b/docs/examples/pop3-tls.c
@@ -0,0 +1,84 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include <stdio.h>
+#include <curl/curl.h>
+
+/* This is a simple example showing how to retrieve mail using libcurl's POP3
+ * capabilities. It builds on the pop3-retr.c example adding transport
+ * security to protect the authentication details from being snooped.
+ *
+ * Note that this example requires libcurl 7.20.0 or above.
+ */
+
+int main(void)
+{
+  CURL *curl;
+  CURLcode res = CURLE_OK;
+
+  curl = curl_easy_init();
+  if(curl) {
+    /* Set username and password */
+    curl_easy_setopt(curl, CURLOPT_USERNAME, "user");
+    curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");
+
+    /* This will retreive message 1 from the user's mailbox */
+    curl_easy_setopt(curl, CURLOPT_URL, "pop3://pop.example.com/1");
+
+    /* In this example, we'll start with a plain text connection, and upgrade
+     * to Transport Layer Security (TLS) using the STLS command. Be careful of
+     * using CURLUSESSL_TRY here, because if TLS upgrade fails, the transfer
+     * will continue anyway - see the security discussion in the libcurl
+     * tutorial for more details. */
+    curl_easy_setopt(curl, CURLOPT_USE_SSL, (long)CURLUSESSL_ALL);
+
+    /* If your server doesn't have a valid certificate, then you can disable
+     * part of the Transport Layer Security protection by setting the
+     * CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST options to 0 (false).
+     *   curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
+     *   curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
+     * That is, in general, a bad idea. It is still better than sending your
+     * authentication details in plain text though.
+     * Instead, you should get the issuer certificate (or the host certificate
+     * if the certificate is self-signed) and add it to the set of certificates
+     * that are known to libcurl using CURLOPT_CAINFO and/or CURLOPT_CAPATH. See
+     * docs/SSLCERTS for more information. */
+    curl_easy_setopt(curl, CURLOPT_CAINFO, "/path/to/certificate.pem");
+
+    /* Since the traffic will be encrypted, it is very useful to turn on debug
+     * information within libcurl to see what is happening during the
+     * transfer */
+    curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
+
+    /* Perform the retr */
+    res = curl_easy_perform(curl);
+
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));
+
+    /* Always cleanup */
+    curl_easy_cleanup(curl);
+  }
+
+  return (int)res;
+}
--- a/docs/examples/pop3-top.c
+++ b/docs/examples/pop3-top.c
@@ -0,0 +1,61 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include <stdio.h>
+#include <curl/curl.h>
+
+/* This is a simple example showing how to retrieve only the headers of a mail
+ * using libcurl's POP3 capabilities.
+ *
+ * Note that this example requires libcurl 7.26.0 or above.
+ */
+
+int main(void)
+{
+  CURL *curl;
+  CURLcode res = CURLE_OK;
+
+  curl = curl_easy_init();
+  if(curl) {
+    /* Set username and password */
+    curl_easy_setopt(curl, CURLOPT_USERNAME, "user");
+    curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");
+
+    /* This is just the server URL */
+    curl_easy_setopt(curl, CURLOPT_URL, "pop3://pop.example.com");
+
+    /* Set the TOP command for message 1 to only include the headers */
+    curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "TOP 1 0");
+
+    /* Perform the custom request */
+    res = curl_easy_perform(curl);
+
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));
+
+    /* Always cleanup */
+    curl_easy_cleanup(curl);
+  }
+
+  return (int)res;
+}
--- a/docs/examples/pop3-uidl.c
+++ b/docs/examples/pop3-uidl.c
@@ -0,0 +1,61 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include <stdio.h>
+#include <curl/curl.h>
+
+/* This is a simple example using libcurl's POP3 capabilities to list the
+ * contents of a mailbox by unique ID.
+ *
+ * Note that this example requires libcurl 7.26.0 or above.
+ */
+
+int main(void)
+{
+  CURL *curl;
+  CURLcode res = CURLE_OK;
+
+  curl = curl_easy_init();
+  if(curl) {
+    /* Set username and password */
+    curl_easy_setopt(curl, CURLOPT_USERNAME, "user");
+    curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");
+
+    /* This is just the server URL */
+    curl_easy_setopt(curl, CURLOPT_URL, "pop3://pop.example.com");
+
+    /* Set the UIDL command */
+    curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "UIDL");
+
+    /* Perform the custom request */
+    res = curl_easy_perform(curl);
+
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));
+
+    /* Always cleanup */
+    curl_easy_cleanup(curl);
+  }
+
+  return (int)res;
+}
--- a/docs/examples/sessioninfo.c
+++ b/docs/examples/sessioninfo.c
@@ -0,0 +1,105 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+/* Note that this example currently requires cURL to be linked against
+   GnuTLS (and this program must also be linked against -lgnutls). */
+
+#include <stdio.h>
+
+#include <curl/curl.h>
+#include <gnutls/gnutls.h>
+
+static CURL *curl;
+
+static size_t wrfu(void *ptr, size_t size, size_t nmemb, void *stream)
+{
+  const struct curl_tlssessioninfo *info;
+  unsigned int cert_list_size;
+  const gnutls_datum_t *chainp;
+  CURLcode res;
+
+  (void)stream;
+  (void)ptr;
+
+  res = curl_easy_getinfo(curl, CURLINFO_TLS_SESSION, &info);
+
+  if(!res) {
+    switch(info->backend) {
+    case CURLSSLBACKEND_GNUTLS:
+      /* info->internals is now the gnutls_session_t */
+      chainp = gnutls_certificate_get_peers(info->internals, &cert_list_size);
+      if((chainp) && (cert_list_size)) {
+        unsigned int i;
+
+        for(i = 0; i < cert_list_size; i++) {
+          gnutls_x509_crt_t cert;
+          gnutls_datum_t dn;
+
+          if(GNUTLS_E_SUCCESS == gnutls_x509_crt_init(&cert)) {
+            if(GNUTLS_E_SUCCESS ==
+               gnutls_x509_crt_import(cert, &chainp[i], GNUTLS_X509_FMT_DER)) {
+              if(GNUTLS_E_SUCCESS ==
+                 gnutls_x509_crt_print(cert, GNUTLS_CRT_PRINT_FULL, &dn)) {
+                fprintf(stderr, "Certificate #%d: %.*s", i, dn.size, dn.data);
+
+                gnutls_free(dn.data);
+              }
+            }
+
+            gnutls_x509_crt_deinit(cert);
+          }
+        }
+      }
+      break;
+    case CURLSSLBACKEND_NONE:
+    default:
+      break;
+    }
+  }
+
+  return size * nmemb;
+}
+
+int main(void)
+{
+  curl_global_init(CURL_GLOBAL_DEFAULT);
+
+  curl = curl_easy_init();
+  if(curl) {
+    curl_easy_setopt(curl, CURLOPT_URL, "https://www.example.com/");
+
+    curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, wrfu);
+
+    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
+    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
+
+    curl_easy_setopt(curl, CURLOPT_VERBOSE, 0L);
+
+    (void) curl_easy_perform(curl);
+
+    curl_easy_cleanup(curl);
+  }
+
+  curl_global_cleanup();
+
+  return 0;
+}
--- a/docs/examples/simplesmtp.c
+++ b/docs/examples/simplesmtp.c
@@ -1,87 +0,0 @@
-/***************************************************************************
- *                                  _   _ ____  _
- *  Project                     ___| | | |  _ \| |
- *                             / __| | | | |_) | |
- *                            | (__| |_| |  _ <| |___
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- ***************************************************************************/
-#include <stdio.h>
-#include <string.h>
-#include <curl/curl.h>
-
-int main(void)
-{
-  CURL *curl;
-  CURLcode res;
-  struct curl_slist *recipients = NULL;
-
-  /* value for envelope reverse-path */
-  static const char *from = "<bradh@example.com>";
-
-  /* this becomes the envelope forward-path */
-  static const char *to = "<bradh@example.net>";
-
-  curl = curl_easy_init();
-  if(curl) {
-    /* this is the URL for your mailserver - you can also use an smtps:// URL
-     * here */
-    curl_easy_setopt(curl, CURLOPT_URL, "smtp://mail.example.net.");
-
-    /* Note that this option isn't strictly required, omitting it will result in
-     * libcurl will sent the MAIL FROM command with no sender data. All
-     * autoresponses should have an empty reverse-path, and should be directed
-     * to the address in the reverse-path which triggered them. Otherwise, they
-     * could cause an endless loop. See RFC 5321 Section 4.5.5 for more details.
-     */
-    curl_easy_setopt(curl, CURLOPT_MAIL_FROM, from);
-
-    /* Note that the CURLOPT_MAIL_RCPT takes a list, not a char array.  */
-    recipients = curl_slist_append(recipients, to);
-    curl_easy_setopt(curl, CURLOPT_MAIL_RCPT, recipients);
-
-    /* You provide the payload (headers and the body of the message) as the
-     * "data" element. There are two choices, either:
-     * - provide a callback function and specify the function name using the
-     * CURLOPT_READFUNCTION option; or
-     * - just provide a FILE pointer that can be used to read the data from.
-     * The easiest case is just to read from standard input, (which is available
-     * as a FILE pointer) as shown here.
-     */
-    curl_easy_setopt(curl, CURLOPT_READDATA, stdin);
-
-    /* send the message (including headers) */
-    res = curl_easy_perform(curl);
-    /* Check for errors */
-    if(res != CURLE_OK)
-      fprintf(stderr, "curl_easy_perform() failed: %s\n",
-              curl_easy_strerror(res));
-
-    /* free the list of recipients */
-    curl_slist_free_all(recipients);
-
-    /* curl won't send the QUIT command until you call cleanup, so you should be
-     * able to re-use this connection for additional messages (setting
-     * CURLOPT_MAIL_FROM and CURLOPT_MAIL_RCPT as required, and calling
-     * curl_easy_perform() again. It may not be a good idea to keep the
-     * connection open for a very long time though (more than a few minutes may
-     * result in the server timing out the connection), and you do want to clean
-     * up in the end.
-     */
-    curl_easy_cleanup(curl);
-  }
-  return 0;
-}
--- a/docs/examples/smtp-expn.c
+++ b/docs/examples/smtp-expn.c
@@ -0,0 +1,73 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include <stdio.h>
+#include <string.h>
+#include <curl/curl.h>
+
+/* This is a simple example showing how to expand an email mailing list.
+ *
+ * Notes:
+ *
+ * 1) This example requires libcurl 7.34.0 or above.
+ * 2) Not all email servers support this command.
+ */
+
+int main(void)
+{
+  CURL *curl;
+  CURLcode res;
+  struct curl_slist *recipients = NULL;
+
+  curl = curl_easy_init();
+  if(curl) {
+    /* This is the URL for your mailserver */
+    curl_easy_setopt(curl, CURLOPT_URL, "smtp://mail.example.com");
+
+    /* Note that the CURLOPT_MAIL_RCPT takes a list, not a char array  */
+    recipients = curl_slist_append(recipients, "Friends");
+    curl_easy_setopt(curl, CURLOPT_MAIL_RCPT, recipients);
+
+    /* Set the EXPN command */
+    curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "EXPN");
+
+    /* Perform the custom request */
+    res = curl_easy_perform(curl);
+
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));
+
+    /* Free the list of recipients */
+    curl_slist_free_all(recipients);
+
+    /* Curl won't send the QUIT command until you call cleanup, so you should
+     * be able to re-use this connection for additional requests. It may not be
+     * a good idea to keep the connection open for a very long time though
+     * (more than a few minutes may result in the server timing out the
+     * connection) and you do want to clean up in the end.
+     */
+    curl_easy_cleanup(curl);
+  }
+
+  return 0;
+}
--- a/docs/examples/smtp-mail.c
+++ b/docs/examples/smtp-mail.c
@@ -0,0 +1,137 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include <stdio.h>
+#include <string.h>
+#include <curl/curl.h>
+
+/* This is a simple example showing how to send mail using libcurl's SMTP
+ * capabilities. For an exmaple of using the multi interface please see
+ * smtp-multi.c.
+ *
+ * Note that this example requires libcurl 7.20.0 or above.
+ */
+
+#define FROM    "<sender@example.org>"
+#define TO      "<addressee@example.net>"
+#define CC      "<info@example.org>"
+
+static const char *payload_text[] = {
+  "Date: Mon, 29 Nov 2010 21:54:29 +1100\r\n",
+  "To: " TO "\r\n",
+  "From: " FROM "(Example User)\r\n",
+  "Cc: " CC "(Another example User)\r\n",
+  "Message-ID: <dcd7cb36-11db-487a-9f3a-e652a9458efd@rfcpedant.example.org>\r\n",
+  "Subject: SMTP example message\r\n",
+  "\r\n", /* empty line to divide headers from body, see RFC5322 */
+  "The body of the message starts here.\r\n",
+  "\r\n",
+  "It could be a lot of lines, could be MIME encoded, whatever.\r\n",
+  "Check RFC5322.\r\n",
+  NULL
+};
+
+struct upload_status {
+  int lines_read;
+};
+
+static size_t payload_source(void *ptr, size_t size, size_t nmemb, void *userp)
+{
+  struct upload_status *upload_ctx = (struct upload_status *)userp;
+  const char *data;
+
+  if((size == 0) || (nmemb == 0) || ((size*nmemb) < 1)) {
+    return 0;
+  }
+
+  data = payload_text[upload_ctx->lines_read];
+
+  if(data) {
+    size_t len = strlen(data);
+    memcpy(ptr, data, len);
+    upload_ctx->lines_read++;
+
+    return len;
+  }
+
+  return 0;
+}
+
+int main(void)
+{
+  CURL *curl;
+  CURLcode res = CURLE_OK;
+  struct curl_slist *recipients = NULL;
+  struct upload_status upload_ctx;
+
+  upload_ctx.lines_read = 0;
+
+  curl = curl_easy_init();
+  if(curl) {
+    /* This is the URL for your mailserver */
+    curl_easy_setopt(curl, CURLOPT_URL, "smtp://mail.example.com");
+
+    /* Note that this option isn't strictly required, omitting it will result in
+     * libcurl sending the MAIL FROM command with empty sender data. All
+     * autoresponses should have an empty reverse-path, and should be directed
+     * to the address in the reverse-path which triggered them. Otherwise, they
+     * could cause an endless loop. See RFC 5321 Section 4.5.5 for more details.
+     */
+    curl_easy_setopt(curl, CURLOPT_MAIL_FROM, FROM);
+
+    /* Add two recipients, in this particular case they correspond to the
+     * To: and Cc: addressees in the header, but they could be any kind of
+     * recipient. */
+    recipients = curl_slist_append(recipients, TO);
+    recipients = curl_slist_append(recipients, CC);
+    curl_easy_setopt(curl, CURLOPT_MAIL_RCPT, recipients);
+
+    /* We're using a callback function to specify the payload (the headers and
+     * body of the message). You could just use the CURLOPT_READDATA option to
+     * specify a FILE pointer to read from. */
+    curl_easy_setopt(curl, CURLOPT_READFUNCTION, payload_source);
+    curl_easy_setopt(curl, CURLOPT_READDATA, &upload_ctx);
+    curl_easy_setopt(curl, CURLOPT_UPLOAD, 1L);
+
+    /* Send the message */
+    res = curl_easy_perform(curl);
+
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));
+
+    /* Free the list of recipients */
+    curl_slist_free_all(recipients);
+
+    /* curl won't send the QUIT command until you call cleanup, so you should be
+     * able to re-use this connection for additional messages (setting
+     * CURLOPT_MAIL_FROM and CURLOPT_MAIL_RCPT as required, and calling
+     * curl_easy_perform() again. It may not be a good idea to keep the
+     * connection open for a very long time though (more than a few minutes may
+     * result in the server timing out the connection), and you do want to clean
+     * up in the end.
+     */
+    curl_easy_cleanup(curl);
+  }
+
+  return (int)res;
+}
--- a/docs/examples/smtp-multi.c
+++ b/docs/examples/smtp-multi.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -19,139 +19,151 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
-/* This is an example application source code sending SMTP mail using the
- * multi interface.
- */
-
 #include <string.h>
 #include <curl/curl.h>

-/*
- * This is the list of basic details you need to tweak to get things right.
+/* This is an example showing how to send mail using libcurl's SMTP
+ * capabilities. It builds on the smtp-mail.c example to demonstrate how to use
+ * libcurl's multi interface.
+ *
+ * Note that this example requires libcurl 7.20.0 or above.
 */
-#define USERNAME "user@example.com"
-#define PASSWORD "123qwerty"
-#define SMTPSERVER "smtp.example.com"
-#define SMTPPORT ":587" /* it is a colon+port string, but you can set it
-                           to "" to use the default port */
-#define RECIPIENT "<recipient@example.com>"
-#define MAILFROM "<realuser@example.com>"
+
+#define FROM     "<sender@example.com>"
+#define TO       "<recipient@example.com>"
+#define CC       "<info@example.com>"

 #define MULTI_PERFORM_HANG_TIMEOUT 60 * 1000

-/* Note that you should include the actual meta data headers here as well if
-   you want the mail to have a Subject, another From:, show a To: or whatever
-   you think your mail should feature! */
-static const char *text[]={
-  "one\n",
-  "two\n",
-  "three\n",
-  " Hello, this is CURL email SMTP\n",
+static const char *payload_text[] = {
+  "Date: Mon, 29 Nov 2010 21:54:29 +1100\r\n",
+  "To: " TO "\r\n",
+  "From: " FROM "(Example User)\r\n",
+  "Cc: " CC "(Another example User)\r\n",
+  "Message-ID: <dcd7cb36-11db-487a-9f3a-e652a9458efd@rfcpedant.example.org>\r\n",
+  "Subject: SMTP multi example message\r\n",
+  "\r\n", /* empty line to divide headers from body, see RFC5322 */
+  "The body of the message starts here.\r\n",
+  "\r\n",
+  "It could be a lot of lines, could be MIME encoded, whatever.\r\n",
+  "Check RFC5322.\r\n",
  NULL
 };

-struct WriteThis {
-  int counter;
+struct upload_status {
+  int lines_read;
 };

-static size_t read_callback(void *ptr, size_t size, size_t nmemb, void *userp)
+static size_t payload_source(void *ptr, size_t size, size_t nmemb, void *userp)
 {
-  struct WriteThis *pooh = (struct WriteThis *)userp;
+  struct upload_status *upload_ctx = (struct upload_status *)userp;
  const char *data;

-  if(size*nmemb < 1)
+  if((size == 0) || (nmemb == 0) || ((size*nmemb) < 1)) {
    return 0;
+  }

-  data = text[pooh->counter];
+  data = payload_text[upload_ctx->lines_read];

  if(data) {
    size_t len = strlen(data);
    memcpy(ptr, data, len);
-    pooh->counter++; /* advance pointer */
+    upload_ctx->lines_read++;
+
    return len;
  }
-  return 0;                         /* no more data left to deliver */
+
+  return 0;
 }

 static struct timeval tvnow(void)
 {
-  /*
-  ** time() returns the value of time in seconds since the Epoch.
-  */
  struct timeval now;
+
+  /* time() returns the value of time in seconds since the epoch */
  now.tv_sec = (long)time(NULL);
  now.tv_usec = 0;
+
  return now;
 }

 static long tvdiff(struct timeval newer, struct timeval older)
 {
-  return (newer.tv_sec-older.tv_sec)*1000+
-    (newer.tv_usec-older.tv_usec)/1000;
+  return (newer.tv_sec - older.tv_sec) * 1000 +
+    (newer.tv_usec - older.tv_usec) / 1000;
 }

 int main(void)
 {
-   CURL *curl;
-   CURLM *mcurl;
-   int still_running = 1;
-   struct timeval mp_start;
-   struct WriteThis pooh;
-   struct curl_slist* rcpt_list = NULL;
+  CURL *curl;
+  CURLM *mcurl;
+  int still_running = 1;
+  struct timeval mp_start;
+  struct curl_slist *recipients = NULL;
+  struct upload_status upload_ctx;

-   pooh.counter = 0;
+  upload_ctx.lines_read = 0;

-   curl_global_init(CURL_GLOBAL_DEFAULT);
+  curl_global_init(CURL_GLOBAL_DEFAULT);

-   curl = curl_easy_init();
-   if(!curl)
-     return 1;
+  curl = curl_easy_init();
+  if(!curl)
+    return 1;

-   mcurl = curl_multi_init();
-   if(!mcurl)
-     return 2;
+  mcurl = curl_multi_init();
+  if(!mcurl)
+    return 2;

-   rcpt_list = curl_slist_append(rcpt_list, RECIPIENT);
-   /* more addresses can be added here
-      rcpt_list = curl_slist_append(rcpt_list, "<others@example.com>");
+  /* This is the URL for your mailserver */
+  curl_easy_setopt(curl, CURLOPT_URL, "smtp://mail.example.com");
+
+  /* Note that this option isn't strictly required, omitting it will result in
+   * libcurl sending the MAIL FROM command with empty sender data. All
+   * autoresponses should have an empty reverse-path, and should be directed
+   * to the address in the reverse-path which triggered them. Otherwise, they
+   * could cause an endless loop. See RFC 5321 Section 4.5.5 for more details.
   */
+  curl_easy_setopt(curl, CURLOPT_MAIL_FROM, FROM);

-   curl_easy_setopt(curl, CURLOPT_URL, "smtp://" SMTPSERVER SMTPPORT);
-   curl_easy_setopt(curl, CURLOPT_USERNAME, USERNAME);
-   curl_easy_setopt(curl, CURLOPT_PASSWORD, PASSWORD);
-   curl_easy_setopt(curl, CURLOPT_READFUNCTION, read_callback);
-   curl_easy_setopt(curl, CURLOPT_MAIL_FROM, MAILFROM);
-   curl_easy_setopt(curl, CURLOPT_MAIL_RCPT, rcpt_list);
-   curl_easy_setopt(curl, CURLOPT_USE_SSL, (long)CURLUSESSL_ALL);
-   curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
-   curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
-   curl_easy_setopt(curl, CURLOPT_READDATA, &pooh);
-   curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
-   curl_easy_setopt(curl, CURLOPT_SSLVERSION, 0L);
-   curl_easy_setopt(curl, CURLOPT_SSL_SESSIONID_CACHE, 0L);
-   curl_multi_add_handle(mcurl, curl);
+  /* Add two recipients, in this particular case they correspond to the
+   * To: and Cc: addressees in the header, but they could be any kind of
+   * recipient. */
+  recipients = curl_slist_append(recipients, TO);
+  recipients = curl_slist_append(recipients, CC);
+  curl_easy_setopt(curl, CURLOPT_MAIL_RCPT, recipients);

-   mp_start = tvnow();
+  /* We're using a callback function to specify the payload (the headers and
+   * body of the message). You could just use the CURLOPT_READDATA option to
+   * specify a FILE pointer to read from. */
+  curl_easy_setopt(curl, CURLOPT_READFUNCTION, payload_source);
+  curl_easy_setopt(curl, CURLOPT_READDATA, &upload_ctx);
+  curl_easy_setopt(curl, CURLOPT_UPLOAD, 1L);

-  /* we start some action by calling perform right away */
+  /* Tell the multi stack about our easy handle */
+  curl_multi_add_handle(mcurl, curl);
+
+  /* Record the start time which we can use later */
+  mp_start = tvnow();
+
+  /* We start some action by calling perform right away */
  curl_multi_perform(mcurl, &still_running);

  while(still_running) {
    struct timeval timeout;
-    int rc; /* select() return code */
-
    fd_set fdread;
    fd_set fdwrite;
    fd_set fdexcep;
    int maxfd = -1;
+    int rc;

    long curl_timeo = -1;

+    /* Initialise the file descriptors */
    FD_ZERO(&fdread);
    FD_ZERO(&fdwrite);
    FD_ZERO(&fdexcep);

-    /* set a suitable timeout to play around with */
+    /* Set a suitable timeout to play around with */
    timeout.tv_sec = 1;
    timeout.tv_usec = 0;

@@ -164,7 +176,7 @@ int main(void)
        timeout.tv_usec = (curl_timeo % 1000) * 1000;
    }

-    /* get file descriptors from the transfers */
+    /* Get file descriptors from the transfers */
    curl_multi_fdset(mcurl, &fdread, &fdwrite, &fdexcep, &maxfd);

    /* In a real-world program you OF COURSE check the return code of the
@@ -172,32 +184,32 @@ int main(void)
       greater or equal than -1.  We call select(maxfd + 1, ...), specially in
       case of (maxfd == -1), we call select(0, ...), which is basically equal
       to sleep. */
-
    rc = select(maxfd+1, &fdread, &fdwrite, &fdexcep, &timeout);

-    if (tvdiff(tvnow(), mp_start) > MULTI_PERFORM_HANG_TIMEOUT) {
-      fprintf(stderr, "ABORTING TEST, since it seems "
-              "that it would have run forever.\n");
+    if(tvdiff(tvnow(), mp_start) > MULTI_PERFORM_HANG_TIMEOUT) {
+      fprintf(stderr,
+              "ABORTING: Since it seems that we would have run forever.\n");
      break;
    }

    switch(rc) {
-    case -1:
-      /* select error */
+    case -1:  /* select error */
      break;
-    case 0: /* timeout */
-    default: /* action */
+    case 0:   /* timeout */
+    default:  /* action */
      curl_multi_perform(mcurl, &still_running);
      break;
    }
  }

-  curl_slist_free_all(rcpt_list);
+  /* Free the list of recipients */
+  curl_slist_free_all(recipients);
+
+  /* Always cleanup */
  curl_multi_remove_handle(mcurl, curl);
  curl_multi_cleanup(mcurl);
  curl_easy_cleanup(curl);
  curl_global_cleanup();
+
  return 0;
 }
-
-
--- a/docs/examples/smtp-ssl.c
+++ b/docs/examples/smtp-ssl.c
@@ -0,0 +1,161 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include <stdio.h>
+#include <string.h>
+#include <curl/curl.h>
+
+/* This is a simple example showing how to send mail using libcurl's SMTP
+ * capabilities. It builds on the smtp-mail.c example to add authentication
+ * and, more importantly, transport security to protect the authentication
+ * details from being snooped.
+ *
+ * Note that this example requires libcurl 7.20.0 or above.
+ */
+
+#define FROM    "<sender@example.org>"
+#define TO      "<addressee@example.net>"
+#define CC      "<info@example.org>"
+
+static const char *payload_text[] = {
+  "Date: Mon, 29 Nov 2010 21:54:29 +1100\r\n",
+  "To: " TO "\r\n",
+  "From: " FROM "(Example User)\r\n",
+  "Cc: " CC "(Another example User)\r\n",
+  "Message-ID: <dcd7cb36-11db-487a-9f3a-e652a9458efd@rfcpedant.example.org>\r\n",
+  "Subject: SMTP SSL example message\r\n",
+  "\r\n", /* empty line to divide headers from body, see RFC5322 */
+  "The body of the message starts here.\r\n",
+  "\r\n",
+  "It could be a lot of lines, could be MIME encoded, whatever.\r\n",
+  "Check RFC5322.\r\n",
+  NULL
+};
+
+struct upload_status {
+  int lines_read;
+};
+
+static size_t payload_source(void *ptr, size_t size, size_t nmemb, void *userp)
+{
+  struct upload_status *upload_ctx = (struct upload_status *)userp;
+  const char *data;
+
+  if((size == 0) || (nmemb == 0) || ((size*nmemb) < 1)) {
+    return 0;
+  }
+
+  data = payload_text[upload_ctx->lines_read];
+
+  if(data) {
+    size_t len = strlen(data);
+    memcpy(ptr, data, len);
+    upload_ctx->lines_read++;
+
+    return len;
+  }
+
+  return 0;
+}
+
+int main(void)
+{
+  CURL *curl;
+  CURLcode res = CURLE_OK;
+  struct curl_slist *recipients = NULL;
+  struct upload_status upload_ctx;
+
+  upload_ctx.lines_read = 0;
+
+  curl = curl_easy_init();
+  if(curl) {
+    /* Set username and password */
+    curl_easy_setopt(curl, CURLOPT_USERNAME, "user");
+    curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");
+
+    /* This is the URL for your mailserver. Note the use of smtps:// rather
+     * than smtp:// to request a SSL based connection. */
+    curl_easy_setopt(curl, CURLOPT_URL, "smtps://mainserver.example.net");
+
+    /* If you want to connect to a site who isn't using a certificate that is
+     * signed by one of the certs in the CA bundle you have, you can skip the
+     * verification of the server's certificate. This makes the connection
+     * A LOT LESS SECURE.
+     *
+     * If you have a CA cert for the server stored someplace else than in the
+     * default bundle, then the CURLOPT_CAPATH option might come handy for
+     * you. */
+#ifdef SKIP_PEER_VERIFICATION
+    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
+#endif
+
+    /* If the site you're connecting to uses a different host name that what
+     * they have mentioned in their server certificate's commonName (or
+     * subjectAltName) fields, libcurl will refuse to connect. You can skip
+     * this check, but this will make the connection less secure. */
+#ifdef SKIP_HOSTNAME_VERFICATION
+    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
+#endif
+
+    /* Note that this option isn't strictly required, omitting it will result in
+     * libcurl sending the MAIL FROM command with empty sender data. All
+     * autoresponses should have an empty reverse-path, and should be directed
+     * to the address in the reverse-path which triggered them. Otherwise, they
+     * could cause an endless loop. See RFC 5321 Section 4.5.5 for more details.
+     */
+    curl_easy_setopt(curl, CURLOPT_MAIL_FROM, FROM);
+
+    /* Add two recipients, in this particular case they correspond to the
+     * To: and Cc: addressees in the header, but they could be any kind of
+     * recipient. */
+    recipients = curl_slist_append(recipients, TO);
+    recipients = curl_slist_append(recipients, CC);
+    curl_easy_setopt(curl, CURLOPT_MAIL_RCPT, recipients);
+
+    /* We're using a callback function to specify the payload (the headers and
+     * body of the message). You could just use the CURLOPT_READDATA option to
+     * specify a FILE pointer to read from. */
+    curl_easy_setopt(curl, CURLOPT_READFUNCTION, payload_source);
+    curl_easy_setopt(curl, CURLOPT_READDATA, &upload_ctx);
+    curl_easy_setopt(curl, CURLOPT_UPLOAD, 1L);
+
+    /* Since the traffic will be encrypted, it is very useful to turn on debug
+     * information within libcurl to see what is happening during the
+     * transfer */
+    curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
+
+    /* Send the message */
+    res = curl_easy_perform(curl);
+
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));
+
+    /* Free the list of recipients */
+    curl_slist_free_all(recipients);
+
+    /* Always cleanup */
+    curl_easy_cleanup(curl);
+  }
+
+  return (int)res;
+}
--- a/docs/examples/smtp-tls.c
+++ b/docs/examples/smtp-tls.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -24,26 +24,29 @@
 #include <curl/curl.h>

 /* This is a simple example showing how to send mail using libcurl's SMTP
- * capabilities. It builds on the simplesmtp.c example, adding some
- * authentication and transport security.
+ * capabilities. It builds on the smtp-mail.c example to add authentication
+ * and, more importantly, transport security to protect the authentication
+ * details from being snooped.
+ *
+ * Note that this example requires libcurl 7.20.0 or above.
 */

 #define FROM    "<sender@example.org>"
 #define TO      "<addressee@example.net>"
 #define CC      "<info@example.org>"

-static const char *payload_text[]={
-  "Date: Mon, 29 Nov 2010 21:54:29 +1100\n",
-  "To: " TO "\n",
-  "From: " FROM "(Example User)\n",
-  "Cc: " CC "(Another example User)\n",
-  "Message-ID: <dcd7cb36-11db-487a-9f3a-e652a9458efd@rfcpedant.example.org>\n",
-  "Subject: SMTP TLS example message\n",
-  "\n", /* empty line to divide headers from body, see RFC5322 */
-  "The body of the message starts here.\n",
-  "\n",
-  "It could be a lot of lines, could be MIME encoded, whatever.\n",
-  "Check RFC5322.\n",
+static const char *payload_text[] = {
+  "Date: Mon, 29 Nov 2010 21:54:29 +1100\r\n",
+  "To: " TO "\r\n",
+  "From: " FROM "(Example User)\r\n",
+  "Cc: " CC "(Another example User)\r\n",
+  "Message-ID: <dcd7cb36-11db-487a-9f3a-e652a9458efd@rfcpedant.example.org>\r\n",
+  "Subject: SMTP TLS example message\r\n",
+  "\r\n", /* empty line to divide headers from body, see RFC5322 */
+  "The body of the message starts here.\r\n",
+  "\r\n",
+  "It could be a lot of lines, could be MIME encoded, whatever.\r\n",
+  "Check RFC5322.\r\n",
  NULL
 };

@@ -56,33 +59,38 @@ static size_t payload_source(void *ptr, size_t size, size_t nmemb, void *userp)
  struct upload_status *upload_ctx = (struct upload_status *)userp;
  const char *data;

-  if ((size == 0) || (nmemb == 0) || ((size*nmemb) < 1)) {
+  if((size == 0) || (nmemb == 0) || ((size*nmemb) < 1)) {
    return 0;
  }

  data = payload_text[upload_ctx->lines_read];

-  if (data) {
+  if(data) {
    size_t len = strlen(data);
    memcpy(ptr, data, len);
-    upload_ctx->lines_read ++;
+    upload_ctx->lines_read++;
+
    return len;
  }
+
  return 0;
 }

-
 int main(void)
 {
  CURL *curl;
-  CURLcode res;
+  CURLcode res = CURLE_OK;
  struct curl_slist *recipients = NULL;
  struct upload_status upload_ctx;

  upload_ctx.lines_read = 0;

  curl = curl_easy_init();
-  if (curl) {
+  if(curl) {
+    /* Set username and password */
+    curl_easy_setopt(curl, CURLOPT_USERNAME, "user");
+    curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");
+
    /* This is the URL for your mailserver. Note the use of port 587 here,
     * instead of the normal SMTP port (25). Port 587 is commonly used for
     * secure mail submission (see RFC4403), but you should use whatever
@@ -106,18 +114,17 @@ int main(void)
     * Instead, you should get the issuer certificate (or the host certificate
     * if the certificate is self-signed) and add it to the set of certificates
     * that are known to libcurl using CURLOPT_CAINFO and/or CURLOPT_CAPATH. See
-     * docs/SSLCERTS for more information.
-     */
+     * docs/SSLCERTS for more information. */
    curl_easy_setopt(curl, CURLOPT_CAINFO, "/path/to/certificate.pem");

-    /* A common reason for requiring transport security is to protect
-     * authentication details (user names and passwords) from being "snooped"
-     * on the network. Here is how the user name and password are provided: */
-    curl_easy_setopt(curl, CURLOPT_USERNAME, "user@example.net");
-    curl_easy_setopt(curl, CURLOPT_PASSWORD, "P@ssw0rd");
-
-    /* value for envelope reverse-path */
+    /* Note that this option isn't strictly required, omitting it will result in
+     * libcurl sending the MAIL FROM command with empty sender data. All
+     * autoresponses should have an empty reverse-path, and should be directed
+     * to the address in the reverse-path which triggered them. Otherwise, they
+     * could cause an endless loop. See RFC 5321 Section 4.5.5 for more details.
+     */
    curl_easy_setopt(curl, CURLOPT_MAIL_FROM, FROM);
+
    /* Add two recipients, in this particular case they correspond to the
     * To: and Cc: addressees in the header, but they could be any kind of
     * recipient. */
@@ -125,28 +132,32 @@ int main(void)
    recipients = curl_slist_append(recipients, CC);
    curl_easy_setopt(curl, CURLOPT_MAIL_RCPT, recipients);

-    /* In this case, we're using a callback function to specify the data. You
-     * could just use the CURLOPT_READDATA option to specify a FILE pointer to
-     * read from.
-     */
+    /* We're using a callback function to specify the payload (the headers and
+     * body of the message). You could just use the CURLOPT_READDATA option to
+     * specify a FILE pointer to read from. */
    curl_easy_setopt(curl, CURLOPT_READFUNCTION, payload_source);
    curl_easy_setopt(curl, CURLOPT_READDATA, &upload_ctx);
+    curl_easy_setopt(curl, CURLOPT_UPLOAD, 1L);

    /* Since the traffic will be encrypted, it is very useful to turn on debug
     * information within libcurl to see what is happening during the transfer.
     */
    curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);

-    /* send the message (including headers) */
+    /* Send the message */
    res = curl_easy_perform(curl);
+
    /* Check for errors */
    if(res != CURLE_OK)
      fprintf(stderr, "curl_easy_perform() failed: %s\n",
              curl_easy_strerror(res));

-    /* free the list of recipients and clean up */
+    /* Free the list of recipients */
    curl_slist_free_all(recipients);
+
+    /* Always cleanup */
    curl_easy_cleanup(curl);
  }
-  return 0;
+
+  return (int)res;
 }
--- a/docs/examples/smtp-vrfy.c
+++ b/docs/examples/smtp-vrfy.c
@@ -0,0 +1,73 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include <stdio.h>
+#include <string.h>
+#include <curl/curl.h>
+
+/* This is a simple example showing how to verify an email address from an
+ * SMTP server.
+ *
+ * Notes:
+ *
+ * 1) This example requires libcurl 7.34.0 or above.
+ * 2) Not all email servers support this command and even if your email server
+ *    does support it, it may respond with a 252 response code even though the
+ *    address doesn't exist.
+ */
+
+int main(void)
+{
+  CURL *curl;
+  CURLcode res;
+  struct curl_slist *recipients = NULL;
+
+  curl = curl_easy_init();
+  if(curl) {
+    /* This is the URL for your mailserver */
+    curl_easy_setopt(curl, CURLOPT_URL, "smtp://mail.example.com");
+
+    /* Note that the CURLOPT_MAIL_RCPT takes a list, not a char array  */
+    recipients = curl_slist_append(recipients, "<recipient@example.com>");
+    curl_easy_setopt(curl, CURLOPT_MAIL_RCPT, recipients);
+
+    /* Perform the VRFY */
+    res = curl_easy_perform(curl);
+
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));
+
+    /* Free the list of recipients */
+    curl_slist_free_all(recipients);
+
+    /* Curl won't send the QUIT command until you call cleanup, so you should
+     * be able to re-use this connection for additional requests. It may not be
+     * a good idea to keep the connection open for a very long time though
+     * (more than a few minutes may result in the server timing out the
+     * connection) and you do want to clean up in the end.
+     */
+    curl_easy_cleanup(curl);
+  }
+
+  return 0;
+}
--- a/docs/examples/usercertinmem.c
+++ b/docs/examples/usercertinmem.c
@@ -22,8 +22,9 @@
 /* Example using an in memory PEM user certificate and RSA key to retrieve an
 * https page.
 * Written by Ishan SinghLevett, based on Theo Borm's cacertinmem.c.
- * Note this example does not use a CA certificate, however one should be used
- * if you want a properly secure connection
+ * Note that to maintain simplicity this example does not use a CA certificate 
+ * for peer verification.  However, some form of peer verification
+ * must be used in real circumstances when a secure connection is required.
 */

 #include <openssl/ssl.h>
@@ -152,6 +153,18 @@ static CURLcode sslctx_function(CURL *curl, void *sslctx, void *parm)
    printf("Use Key failed\n");
  }

+  /* free resources that have been allocated by openssl functions */
+  if (bio)
+    BIO_free(bio);
+
+  if (kbio)
+    BIO_free(kbio);
+
+  if (rsa)
+    RSA_free(rsa);
+
+  if (cert)
+    X509_free(cert);

  /* all set to go */
  return CURLE_OK ;
--- a/docs/libcurl/Makefile.am
+++ b/docs/libcurl/Makefile.am
@@ -79,9 +79,12 @@ PDFPAGES = curl_easy_cleanup.pdf curl_easy_getinfo.pdf			 \
 curl_multi_assign.pdf curl_easy_pause.pdf curl_easy_recv.pdf		 \
 curl_easy_send.pdf curl_multi_socket_action.pdf curl_multi_wait.pdf

+m4macrodir = $(datadir)/aclocal
+dist_m4macro_DATA = libcurl.m4
+
 CLEANFILES = $(HTMLPAGES) $(PDFPAGES)

-EXTRA_DIST = $(man_MANS) $(HTMLPAGES) index.html $(PDFPAGES) libcurl.m4 ABI \
+EXTRA_DIST = $(man_MANS) $(HTMLPAGES) index.html $(PDFPAGES) ABI \
  symbols-in-versions symbols.pl
 MAN2HTML= roffit --mandir=. < $< >$@

--- a/docs/libcurl/curl_easy_getinfo.3
+++ b/docs/libcurl/curl_easy_getinfo.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -219,8 +219,20 @@ done. The struct reports how many certs it found and then you can extract info
 for each of those certs by following the linked lists. The info chain is
 provided in a series of data in the format "name:content" where the content is
 for the specific named data. See also the certinfo.c example. NOTE: this
-option is only available in libcurl built with OpenSSL support. (Added in
-7.19.1)
+option is only available in libcurl built with OpenSSL, NSS, GSKit or QsoSSL
+support. (Added in 7.19.1)
+.IP CURLINFO_TLS_SESSION
+Pass a pointer to a 'struct curl_tlsinfo *'.  The pointer will be initialized
+to refer to a 'struct curl_tlsinfo *' that will contain an enum indicating the
+SSL library used for the handshake and the respective internal TLS session
+structure of this underlying SSL library.
+
+This may then be used to extract certificate information in a format
+convenient for further processing, such as manual validation. NOTE: this
+option may not be available for all SSL backends; unsupported SSL backends
+will return 'CURLSSLBACKEND_NONE' to indicate that they are not supported;
+this does not mean that no SSL backend was used. (Added in 7.34.0)
+
 .IP CURLINFO_CONDITION_UNMET
 Pass a pointer to a long to receive the number 1 if the condition provided in
 the previous request didn't match (see \fICURLOPT_TIMECONDITION\fP). Alas, if
--- a/docs/libcurl/curl_easy_pause.3
+++ b/docs/libcurl/curl_easy_pause.3
@@ -31,8 +31,8 @@ curl_easy_pause - pause and unpause a connection
 Using this function, you can explicitly mark a running connection to get
 paused, and you can unpause a connection that was previously paused.

-A connection can be paused by using this function or by letting the read
-or the write callbacks return the proper magic return code
+A connection can be paused by using this function or by letting the read or
+the write callbacks return the proper magic return code
 (\fICURL_READFUNC_PAUSE\fP and \fICURL_WRITEFUNC_PAUSE\fP). A write callback
 that returns pause signals to the library that it couldn't take care of any
 data at all, and that data will then be delivered again to the callback when
@@ -68,6 +68,10 @@ Convenience define that unpauses both directions
 CURLE_OK (zero) means that the option was set properly, and a non-zero return
 code means something wrong occurred after the new state was set.  See the
 \fIlibcurl-errors(3)\fP man page for the full list with descriptions.
+.SH LIMITATIONS
+The pausing of transfers does not work with protocols that work without
+network connectivity, like FILE://. Trying to pause such a transfer, in any
+direction, will cause problems in the worst case or an error in the best case.
 .SH AVAILABILITY
 This function was added in libcurl 7.18.0. Before this version, there was no
 explicit support for pausing transfers.
--- a/docs/libcurl/curl_easy_setopt.3
+++ b/docs/libcurl/curl_easy_setopt.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -1131,7 +1131,7 @@ option is omitted, and \fICURLOPT_NETRC\fP is set, libcurl will attempt to
 find a .netrc file in the current user's home directory. (Added in 7.10.9)
 .IP CURLOPT_USERPWD
 Pass a char * as parameter, pointing to a zero terminated login details string
-for the connection. The format of which is: [user name]:[password];[options].
+for the connection. The format of which is: [user name]:[password].

 When using NTLM, you can set the domain by prepending it to the user name and
 separating the domain and name with a forward (/) or backward slash (\\). Like
@@ -1145,15 +1145,18 @@ and password information to hosts using the initial host name (unless
 other hosts it will not send the user and password to those. This is enforced
 to prevent accidental information leakage.

-At present only IMAP, POP3 and SMTP support login options as part of the
-details string. For more information about the login options please see
-RFC2384, RFC5092 and IETF draft draft-earhart-url-smtp-00.txt (Added in 7.31.0).
-
 Use \fICURLOPT_HTTPAUTH\fP to specify the authentication method for HTTP based
-connections.
+connections or \fICURLOPT_LOGIN_OPTIONS\fP to control IMAP, POP3 and SMTP
+options.
+
+The user and password strings are not URL decoded, so there's no way to send
+in a user name containing a colon using this option. Use \fICURLOPT_USERNAME\fP
+for that, or include it in the URL.
 .IP CURLOPT_PROXYUSERPWD
 Pass a char * as parameter, which should be [user name]:[password] to use for
-the connection to the HTTP proxy.
+the connection to the HTTP proxy. Both the name and the password will be URL
+decoded before use, so to include for example a colon in the user name you
+should encode it as %3A.

 Use \fICURLOPT_PROXYAUTH\fP to specify the authentication method.
 .IP CURLOPT_USERNAME
@@ -1164,14 +1167,26 @@ user name to use for the transfer.
 authentication. You should not use this option together with the (older)
 CURLOPT_USERPWD option.

-In order to specify the password to be used in conjunction with the user name
-use the \fICURLOPT_PASSWORD\fP option.  (Added in 7.19.1)
+To specify the password and login options, along with the user name, use the
+\fICURLOPT_PASSWORD\fP and \fICURLOPT_LOGIN_OPTIONS\fP options. (Added in
+7.19.1)
 .IP CURLOPT_PASSWORD
 Pass a char * as parameter, which should be pointing to the zero terminated
 password to use for the transfer.

-The CURLOPT_PASSWORD option should be used in conjunction with
-the \fICURLOPT_USERNAME\fP option. (Added in 7.19.1)
+The CURLOPT_PASSWORD option should be used in conjunction with the
+\fICURLOPT_USERNAME\fP option. (Added in 7.19.1)
+.IP CURLOPT_LOGIN_OPTIONS
+(Added in 7.34.0) Pass a char * as parameter, which should be pointing to the
+zero terminated options string to use for the transfer.
+
+At present only IMAP, POP3 and SMTP support login options. For more
+information about the login options please see RFC2384, RFC5092 and IETF draft
+draft-earhart-url-smtp-00.txt
+
+\fBCURLOPT_LOGIN_OPTIONS\fP can be used to set protocol specific login options,
+such as the preferred authentication mechanism via "AUTH=NTLM" or "AUTH=*",
+and should be used in conjunction with the \fICURLOPT_USERNAME\fP option.
 .IP CURLOPT_PROXYUSERNAME
 Pass a char * as parameter, which should be pointing to the zero terminated
 user name to use for the transfer while connecting to Proxy.
@@ -1291,8 +1306,7 @@ authentication methods it supports and then pick the best one you allow it to
 use. For some methods, this will induce an extra network round-trip. Set the
 actual name and password with the \fICURLOPT_PROXYUSERPWD\fP option. The
 bitmask can be constructed by or'ing together the bits listed above for the
-\fICURLOPT_HTTPAUTH\fP option. As of this writing, only Basic, Digest and NTLM
-work. (Added in 7.10.7)
+\fICURLOPT_HTTPAUTH\fP option. \fICURLOPT_PROXYAUTH\fP was added in 7.10.7
 .IP CURLOPT_SASL_IR
 Pass a long. If the value is 1, curl will send the initial response to the
 server in the first authentication packet in order to reduce the number of
@@ -1302,10 +1316,10 @@ mechanisms and to the IMAP, POP3 and SMTP protocols. (Added in 7.31.0)
 Note: Whilst IMAP supports this option there is no need to explicitly set it,
 as libcurl can determine the feature itself when the server supports the
 SASL-IR CAPABILITY.
-.IP CURLOPT_BEARER
-Pass a char * as parameter, which should point to the zero terminated OAUTH
-2.0 Bearer Access Token for use with IMAP. POP3 and SMTP servers that support
-the OAUTH 2.0 Authorization Framework. (Added in 7.33.0)
+.IP CURLOPT_XOAUTH2_BEARER
+Pass a char * as parameter, which should point to the zero terminated OAuth
+2.0 Bearer Access Token for use with IMAP, POP3 and SMTP servers that support
+the OAuth 2.0 Authorization Framework. (Added in 7.33.0)

 Note: The user name used to generate the Bearer Token should be supplied via
 the \fICURLOPT_USERNAME\fP option.
@@ -1651,12 +1665,18 @@ SMTP mail request. The linked list should be a fully valid list of \fBstruct
 curl_slist\fP structs properly filled in. Use \fIcurl_slist_append(3)\fP to
 create the list and \fIcurl_slist_free_all(3)\fP to clean up an entire list.

-Each recipient should be specified within a pair of angled brackets (<>),
-however, should you not use an angled bracket as the first character libcurl
-will assume you provided a single email address and enclose that address
-within brackets for you.
+When performing a mail transfer, each recipient should be specified within a
+pair of angled brackets (<>), however, should you not use an angled bracket as
+the first character libcurl will assume you provided a single email address and
+enclose that address within brackets for you. (Added in 7.20.0)

-(Added in 7.20.0)
+When performing an address verification (VRFY command), each recipient should
+be specified as the user name or user name and domain (as per Section 3.5 of
+RFC5321). (Added in 7.34.0)
+
+When performing a mailing list expand (EXPN command), each recipient should be
+specified using the mailing list name, such as "Friends" or "London-Office".
+(Added in 7.34.0)
 .IP CURLOPT_MAIL_AUTH
 Pass a pointer to a zero terminated string as parameter. This will be used
 to specify the authentication address (identity) of a submitted message that
@@ -2028,35 +2048,32 @@ source file to the remote target file.
 Pass a curl_off_t as parameter. It contains the offset in number of bytes that
 you want the transfer to start from. (Added in 7.11.0)
 .IP CURLOPT_CUSTOMREQUEST
-Pass a pointer to a zero terminated string as parameter. It can be used to
-specify the request instead of GET or HEAD when performing HTTP based
-requests, instead of LIST and NLST when performing FTP directory listings and
-instead of LIST and RETR when issuing POP3 based commands. This is
-particularly useful, for example, for performing a HTTP DELETE request or a
-POP3 DELE command.
+Pass a pointer to a zero terminated string as parameter.

-Please don't perform this at will, on HTTP based requests, by making sure
-your server supports the command you are sending first.
- 
 When you change the request method by setting \fBCURLOPT_CUSTOMREQUEST\fP to
 something, you don't actually change how libcurl behaves or acts in regards
 to the particular request method, it will only change the actual string sent
 in the request.

+Restore to the internal default by setting this to NULL.
+
+This option can be used to specify the request:
+
+.B HTTP
+
+Instead of GET or HEAD when performing HTTP based requests. This is
+particularly useful, for example, for performing a HTTP DELETE request.
+
 For example:

-With the HTTP protocol when you tell libcurl to do a HEAD request, but then
-specify a GET though a custom request libcurl will still act as if it sent a
-HEAD. To switch to a proper HEAD use \fICURLOPT_NOBODY\fP, to switch to a
-proper POST use \fICURLOPT_POST\fP or \fICURLOPT_POSTFIELDS\fP and to switch
-to a proper GET use CURLOPT_HTTPGET.
+When you tell libcurl to do a HEAD request, but then specify a GET though a
+custom request libcurl will still act as if it sent a HEAD. To switch to a
+proper HEAD use \fICURLOPT_NOBODY\fP, to switch to a proper POST use
+\fICURLOPT_POST\fP or \fICURLOPT_POSTFIELDS\fP and to switch to a proper GET
+use CURLOPT_HTTPGET.

-With the POP3 protocol when you tell libcurl to use a custom request it will
-behave like a LIST or RETR command was sent where it expects data to be
-returned by the server. As such \fICURLOPT_NOBODY\fP should be used when
-specifying commands such as DELE and NOOP for example.
-
-Restore to the internal default by setting this to NULL.
+Please don't perform this at will, on HTTP based requests, by making sure
+your server supports the command you are sending first.

 Many people have wrongly used this option to replace the entire request with
 their own, including multiple headers and POST contents. While that might
@@ -2066,7 +2083,35 @@ could possibly confuse the remote server badly. Use \fICURLOPT_POST\fP and
 replace or extend the set of headers sent by libcurl. Use
 \fICURLOPT_HTTP_VERSION\fP to change HTTP version.

-(Support for POP3 added in 7.26.0)
+.B FTP
+
+Instead of LIST and NLST when performing FTP directory listings.
+
+.B IMAP
+
+Instead of LIST when issuing IMAP based requests. (Added in 7.30.0)
+
+.B POP3
+
+Instead of LIST and RETR when issuing POP3 based requests. (Added in 7.26.0)
+
+For example:
+
+When you tell libcurl to use a custom request it will behave like a LIST or
+RETR command was sent where it expects data to be returned by the server. As
+such \fICURLOPT_NOBODY\fP should be used when specifying commands such as
+DELE and NOOP for example.
+
+.B SMTP
+
+Instead of a HELP or VRFY when issuing SMTP based requests. (Added in 7.34.0)
+
+For example:
+
+Normally a multiline response is returned which can be used, in conjuection with
+\fICURLOPT_MAIL_RCPT\fP, to specify an EXPN request. If the \fICURLOPT_NOBODY\fP
+option is specified then the request can be used to issue NOOP and RSET
+commands.
 .IP CURLOPT_FILETIME
 Pass a long. If it is 1, libcurl will attempt to get the modification date of
 the remote document in this operation. This requires that the remote server
@@ -2088,6 +2133,8 @@ as a long. See also \fICURLOPT_INFILESIZE_LARGE\fP.
 For uploading using SCP, this option or \fICURLOPT_INFILESIZE_LARGE\fP is
 mandatory.

+To "unset" this value again, set it to -1.
+
 When sending emails using SMTP, this command can be used to specify the
 optional SIZE parameter for the MAIL FROM command. (Added in 7.23.0)

@@ -2100,6 +2147,11 @@ as a curl_off_t. (Added in 7.11.0)

 For uploading using SCP, this option or \fICURLOPT_INFILESIZE\fP is mandatory.

+To "unset" this value again, set it to -1.
+
+When sending emails using SMTP, this command can be used to specify the
+optional SIZE parameter for the MAIL FROM command. (Added in 7.23.0)
+
 This option does not limit how much data libcurl will actually send, as that
 is controlled entirely by what the read callback returns.
 .IP CURLOPT_UPLOAD
@@ -2183,12 +2235,18 @@ it too slow and abort.
 Pass a curl_off_t as parameter.  If an upload exceeds this speed (counted in
 bytes per second) on cumulative average during the transfer, the transfer will
 pause to keep the average rate less than or equal to the parameter value.
-Defaults to unlimited speed. (Added in 7.15.5)
+Defaults to unlimited speed.
+
+This option doesn't affect transfer speeds done with FILE:// URLs. (Added in
+ 7.15.5)
 .IP CURLOPT_MAX_RECV_SPEED_LARGE
 Pass a curl_off_t as parameter.  If a download exceeds this speed (counted in
 bytes per second) on cumulative average during the transfer, the transfer will
 pause to keep the average rate less than or equal to the parameter
-value. Defaults to unlimited speed. (Added in 7.15.5)
+value. Defaults to unlimited speed.
+
+This option doesn't affect transfer speeds done with FILE:// URLs. (Added in
+7.15.5)
 .IP CURLOPT_MAXCONNECTS
 Pass a long. The set number will be the persistent connection cache size. The
 set amount will be the maximum amount of simultaneously open connections that
@@ -2293,7 +2351,9 @@ ADDRESS can of course be either IPv4 or IPv6 style addressing.

 This option effectively pre-populates the DNS cache with entries for the
 host+port pair so redirects and everything that operations against the
-HOST+PORT will instead use your provided ADDRESS.
+HOST+PORT will instead use your provided ADDRESS. Addresses to set with
+\fICURL_RESOLVE\fP will not time-out from the DNS cache like ordindary
+entries.

 You can remove names from the DNS cache again, to stop providing these fake
 resolves, by including a string in the linked list that uses the format
@@ -2364,7 +2424,7 @@ prefix, in order to avoid confusion with a nickname.
 Pass a pointer to a zero terminated string as parameter. The string should be
 the format of your certificate. Supported formats are "PEM" and "DER", except
 with Secure Transport. OpenSSL (versions 0.9.3 and later) and Secure Transport
-(on iOS 5 or later, or OS X 10.6 or later) also support "P12" for
+(on iOS 5 or later, or OS X 10.7 or later) also support "P12" for
 PKCS#12-encoded files. (Added in 7.9.3)
 .IP CURLOPT_SSLKEY
 Pass a pointer to a zero terminated string as parameter. The string should be
@@ -2410,6 +2470,8 @@ Even though this option doesn't need any parameter, in some configurations
 arguments. Therefore, it's recommended to pass 1 as parameter to this option.
 .IP CURLOPT_SSLVERSION
 Pass a long as parameter to control what version of SSL/TLS to attempt to use.
+(Added in 7.9.2)
+
 The available options are:
 .RS
 .IP CURL_SSLVERSION_DEFAULT
@@ -2417,11 +2479,17 @@ The default action. This will attempt to figure out the remote SSL protocol
 version, i.e. either SSLv3 or TLSv1 (but not SSLv2, which became disabled
 by default with 7.18.1).
 .IP CURL_SSLVERSION_TLSv1
-Force TLSv1
+Force TLSv1.x
 .IP CURL_SSLVERSION_SSLv2
 Force SSLv2
 .IP CURL_SSLVERSION_SSLv3
 Force SSLv3
+.IP CURL_SSLVERSION_TLSv1_0
+Force TLSv1.0 (Added in 7.34.0)
+.IP CURL_SSLVERSION_TLSv1_1
+Force TLSv1.1 (Added in 7.34.0)
+.IP CURL_SSLVERSION_TLSv1_2
+Force TLSv1.2 (Added in 7.34.0)
 .RE
 .IP CURLOPT_SSL_VERIFYPEER
 Pass a long as parameter. By default, curl assumes a value of 1.
@@ -2522,9 +2590,10 @@ Curl considers the server the intended one when the Common Name field or a
 Subject Alternate Name field in the certificate matches the host name in the
 URL to which you told Curl to connect.

-When the value is 1, libcurl will return a failure. It was previously (in
-7.28.0 and earlier) a debug option of some sorts, but it is no longer
-supported due to frequently leading to programmer mistakes.
+When the value is 1, \fIcurl_easy_setopt\fP will return an error and the option
+value will not be changed.  It was previously (in 7.28.0 and earlier) a debug
+option of some sorts, but it is no longer supported due to frequently leading
+to programmer mistakes.

 When the value is 0, the connection succeeds regardless of the names in the
 certificate.
@@ -2534,14 +2603,14 @@ The default value for this option is 2.
 This option controls checking the server's certificate's claimed identity.
 The server could be lying.  To control lying, see
 \fICURLOPT_SSL_VERIFYPEER\fP.  If libcurl is built against NSS and
-\fICURLOPT_SSL_VERIFYPEER\fP is zero, \fICURLOPT_SSL_VERIFYHOST\fP
-is ignored.
-
+\fICURLOPT_SSL_VERIFYPEER\fP is zero, \fICURLOPT_SSL_VERIFYHOST\fP is also set
+to zero and cannot be overridden.
 .IP CURLOPT_CERTINFO
 Pass a long set to 1 to enable libcurl's certificate chain info gatherer. With
-this enabled, libcurl (if built with OpenSSL) will extract lots of information
+this enabled, libcurl (if built with OpenSSL, NSS, GSKit or QsoSSL) will
+extract lots of information
 and data about the certificates in the certificate chain used in the SSL
-connection. This data is then possible to extract after a transfer using
+connection. This data may then be retrieved after a transfer using
 \fIcurl_easy_getinfo(3)\fP and its option \fICURLINFO_CERTINFO\fP. (Added in
 7.19.1)
 .IP CURLOPT_RANDOM_FILE
--- a/docs/libcurl/curl_getdate.3
+++ b/docs/libcurl/curl_getdate.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -21,22 +21,17 @@
 .\" **************************************************************************
 .TH curl_getdate 3 "12 Aug 2005" "libcurl 7.0" "libcurl Manual"
 .SH NAME
-curl_getdate - Convert a date string to number of seconds since January 1,
-1970
+curl_getdate - Convert a date string to number of seconds
 .SH SYNOPSIS
 .B #include <curl/curl.h>
 .sp
 .BI "time_t curl_getdate(char *" datestring ", time_t *"now " );"
 .ad
 .SH DESCRIPTION
-This function returns the number of seconds since January 1st 1970 in the UTC
-time zone, for the date and time that the \fIdatestring\fP parameter
-specifies. The \fInow\fP parameter is not used, pass a NULL there.
-
-\fBNOTE:\fP This function was rewritten for the 7.12.2 release and this
-documentation covers the functionality of the new one. The new one is not
-feature-complete with the old one, but most of the formats supported by the
-new one was supported by the old too.
+\fIcurl_getdate(3)\fP returns the number of seconds since the Epoch, January
+1st 1970 00:00:00 in the UTC time zone, for the date and time that the
+\fIdatestring\fP parameter specifies. The \fInow\fP parameter is not used,
+pass a NULL there.
 .SH PARSING DATES AND TIMES
 A "date" is a string containing several items separated by whitespace. The
 order of the items is immaterial.  A date string may contain many flavors of
@@ -108,10 +103,3 @@ number).
 Having a 64 bit time_t is not a guarantee that dates beyond 03:14:07 UTC,
 January 19, 2038 will work fine. On systems with a 64 bit time_t but with a
 crippled mktime(), \fIcurl_getdate\fP will return -1 in this case.
-.SH REWRITE
-The former version of this function was built with yacc and was not only very
-large, it was also never quite understood and it wasn't possible to build with
-non-GNU tools since only GNU Bison could make it thread-safe!
-
-The rewrite was done for 7.12.2. The new one is much smaller and uses simpler
-code.
--- a/docs/libcurl/symbols-in-versions
+++ b/docs/libcurl/symbols-in-versions
@@ -250,6 +250,7 @@ CURLINFO_SSL_VERIFYRESULT       7.5
 CURLINFO_STARTTRANSFER_TIME     7.9.2
 CURLINFO_STRING                 7.4.1
 CURLINFO_TEXT                   7.9.6
+CURLINFO_TLS_SESSION            7.34.0
 CURLINFO_TOTAL_TIME             7.4.1
 CURLINFO_TYPEMASK               7.4.1
 CURLIOCMD_NOP                   7.12.3
@@ -394,6 +395,7 @@ CURLOPT_KRB4LEVEL               7.3           7.17.0
 CURLOPT_KRBLEVEL                7.16.4
 CURLOPT_LOCALPORT               7.15.2
 CURLOPT_LOCALPORTRANGE          7.15.2
+CURLOPT_LOGIN_OPTIONS           7.34.0
 CURLOPT_LOW_SPEED_LIMIT         7.1
 CURLOPT_LOW_SPEED_TIME          7.1
 CURLOPT_MAIL_AUTH               7.25.0
@@ -593,6 +595,16 @@ CURLSSH_AUTH_KEYBOARD           7.16.1
 CURLSSH_AUTH_NONE               7.16.1
 CURLSSH_AUTH_PASSWORD           7.16.1
 CURLSSH_AUTH_PUBLICKEY          7.16.1
+CURLSSLBACKEND_CYASSL           7.34.0
+CURLSSLBACKEND_DARWINSSL        7.34.0
+CURLSSLBACKEND_GNUTLS           7.34.0
+CURLSSLBACKEND_GSKIT            7.34.0
+CURLSSLBACKEND_NONE             7.34.0
+CURLSSLBACKEND_NSS              7.34.0
+CURLSSLBACKEND_OPENSSL          7.34.0
+CURLSSLBACKEND_POLARSSL         7.34.0
+CURLSSLBACKEND_QSOSSL           7.34.0
+CURLSSLBACKEND_SCHANNEL         7.34.0
 CURLSSLOPT_ALLOW_BEAST          7.25.0
 CURLUSESSL_ALL                  7.17.0
 CURLUSESSL_CONTROL              7.17.0
@@ -695,6 +707,9 @@ CURL_SSLVERSION_DEFAULT         7.9.2
 CURL_SSLVERSION_SSLv2           7.9.2
 CURL_SSLVERSION_SSLv3           7.9.2
 CURL_SSLVERSION_TLSv1           7.9.2
+CURL_SSLVERSION_TLSv1_0         7.34.0
+CURL_SSLVERSION_TLSv1_1         7.34.0
+CURL_SSLVERSION_TLSv1_2         7.34.0
 CURL_TIMECOND_IFMODSINCE        7.9.7
 CURL_TIMECOND_IFUNMODSINCE      7.9.7
 CURL_TIMECOND_LASTMOD           7.9.7
--- a/docs/mk-ca-bundle.1
+++ b/docs/mk-ca-bundle.1
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 2008 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 2008 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -20,7 +20,7 @@
 .\" *
 .\" **************************************************************************
 .\"
-.TH mk-ca-bundle 1 "5 Jan 2013" "version 1.17" "mk-ca-bundle manual"
+.TH mk-ca-bundle 1 "5 Jan 2013" "version 1.20" "mk-ca-bundle manual"
 .SH NAME
 mk-ca-bundle \- convert mozilla's certdata.txt to PEM format
 .SH SYNOPSIS
@@ -42,6 +42,10 @@ curl, wget and more.
 The following options are supported:
 .IP -b
 backup an existing version of \fIoutputfilename\fP
+.IP -d [name]
+specify which Mozilla tree to pull certdata.txt from (or a custom URL). Valid
+names are: aurora, beta, central, mozilla, nss, release (default). They are
+shortcuts for which source tree to get the cert data from.
 .IP -f
 force rebuild even if certdata.txt is current (Added in version 1.17)
 .IP -i
--- a/include/curl/curl.h
+++ b/include/curl/curl.h
@@ -69,7 +69,7 @@
   require it! */
 #if defined(_AIX) || defined(__NOVELL_LIBC__) || defined(__NetBSD__) || \
    defined(__minix) || defined(__SYMBIAN32__) || defined(__INTEGRITY) || \
-    defined(ANDROID) || defined(__ANDROID__) || \
+    defined(ANDROID) || defined(__ANDROID__) || defined(__OpenBSD__) || \
   (defined(__FreeBSD_version) && (__FreeBSD_version < 800000))
 #include <sys/select.h>
 #endif
@@ -827,10 +827,10 @@ typedef enum {
  /* Name of proxy to use. */
  CINIT(PROXY, OBJECTPOINT, 4),

-  /* "name:password" to use when fetching. */
+  /* "user:password;options" to use when fetching. */
  CINIT(USERPWD, OBJECTPOINT, 5),

-  /* "name:password" to use with proxy. */
+  /* "user:password" to use with proxy. */
  CINIT(PROXYUSERPWD, OBJECTPOINT, 6),

  /* Range to get, specified as an ASCII string. */
@@ -1388,8 +1388,7 @@ typedef enum {
  CINIT(ADDRESS_SCOPE, LONG, 171),

  /* Collect certificate chain info and allow it to get retrievable with
-     CURLINFO_CERTINFO after the transfer is complete. (Unfortunately) only
-     working with OpenSSL-powered builds. */
+     CURLINFO_CERTINFO after the transfer is complete. */
  CINIT(CERTINFO, LONG, 172),

  /* "name" and "pwd" to use when fetching. */
@@ -1569,6 +1568,9 @@ typedef enum {
   * Only supported by the c-ares DNS backend */
  CINIT(DNS_LOCAL_IP6, OBJECTPOINT, 223),

+  /* Set authentication options directly */
+  CINIT(LOGIN_OPTIONS, OBJECTPOINT, 224),
+
  CURLOPT_LASTENTRY /* the last unused */
 } CURLoption;

@@ -1659,9 +1661,12 @@ enum CURL_NETRC_OPTION {

 enum {
  CURL_SSLVERSION_DEFAULT,
-  CURL_SSLVERSION_TLSv1,
+  CURL_SSLVERSION_TLSv1, /* TLS 1.x */
  CURL_SSLVERSION_SSLv2,
  CURL_SSLVERSION_SSLv3,
+  CURL_SSLVERSION_TLSv1_0,
+  CURL_SSLVERSION_TLSv1_1,
+  CURL_SSLVERSION_TLSv1_2,

  CURL_SSLVERSION_LAST /* never use, keep last */
 };
@@ -1980,6 +1985,28 @@ struct curl_certinfo {
                                   format "name: value" */
 };

+/* enum for the different supported SSL backends */
+typedef enum {
+  CURLSSLBACKEND_NONE = 0,
+  CURLSSLBACKEND_OPENSSL = 1,
+  CURLSSLBACKEND_GNUTLS = 2,
+  CURLSSLBACKEND_NSS = 3,
+  CURLSSLBACKEND_QSOSSL = 4,
+  CURLSSLBACKEND_GSKIT = 5,
+  CURLSSLBACKEND_POLARSSL = 6,
+  CURLSSLBACKEND_CYASSL = 7,
+  CURLSSLBACKEND_SCHANNEL = 8,
+  CURLSSLBACKEND_DARWINSSL = 9
+} curl_sslbackend;
+
+/* Information about the SSL library used and the respective internal SSL
+   handle, which can be used to obtain further information regarding the
+   connection. Asked for with CURLINFO_TLS_SESSION. */
+struct curl_tlssessioninfo {
+  curl_sslbackend backend;
+  void *internals;
+};
+
 #define CURLINFO_STRING   0x100000
 #define CURLINFO_LONG     0x200000
 #define CURLINFO_DOUBLE   0x300000
@@ -2031,9 +2058,10 @@ typedef enum {
  CURLINFO_PRIMARY_PORT     = CURLINFO_LONG   + 40,
  CURLINFO_LOCAL_IP         = CURLINFO_STRING + 41,
  CURLINFO_LOCAL_PORT       = CURLINFO_LONG   + 42,
+  CURLINFO_TLS_SESSION      = CURLINFO_SLIST  + 43,
  /* Fill in new entries below here! */

-  CURLINFO_LASTONE          = 42
+  CURLINFO_LASTONE          = 43
 } CURLINFO;

 /* CURLINFO_RESPONSE_CODE is the new name for the option previously known as
--- a/include/curl/curlbuild.h.cmake
+++ b/include/curl/curlbuild.h.cmake
@@ -58,51 +58,52 @@
 /* ================================================================ */

 #ifdef CURL_SIZEOF_LONG
-#  error "CURL_SIZEOF_LONG shall not be defined except in curlbuild.h"
+#error "CURL_SIZEOF_LONG shall not be defined except in curlbuild.h"
   Error Compilation_aborted_CURL_SIZEOF_LONG_already_defined
 #endif

 #ifdef CURL_TYPEOF_CURL_SOCKLEN_T
-#  error "CURL_TYPEOF_CURL_SOCKLEN_T shall not be defined except in curlbuild.h"
+#error "CURL_TYPEOF_CURL_SOCKLEN_T shall not be defined except in curlbuild.h"
   Error Compilation_aborted_CURL_TYPEOF_CURL_SOCKLEN_T_already_defined
 #endif

 #ifdef CURL_SIZEOF_CURL_SOCKLEN_T
-#  error "CURL_SIZEOF_CURL_SOCKLEN_T shall not be defined except in curlbuild.h"
+#error "CURL_SIZEOF_CURL_SOCKLEN_T shall not be defined except in curlbuild.h"
   Error Compilation_aborted_CURL_SIZEOF_CURL_SOCKLEN_T_already_defined
 #endif
+
 #ifdef CURL_TYPEOF_CURL_OFF_T
-#  error "CURL_TYPEOF_CURL_OFF_T shall not be defined except in curlbuild.h"
+#error "CURL_TYPEOF_CURL_OFF_T shall not be defined except in curlbuild.h"
   Error Compilation_aborted_CURL_TYPEOF_CURL_OFF_T_already_defined
 #endif

 #ifdef CURL_FORMAT_CURL_OFF_T
-#  error "CURL_FORMAT_CURL_OFF_T shall not be defined except in curlbuild.h"
+#error "CURL_FORMAT_CURL_OFF_T shall not be defined except in curlbuild.h"
   Error Compilation_aborted_CURL_FORMAT_CURL_OFF_T_already_defined
 #endif

 #ifdef CURL_FORMAT_CURL_OFF_TU
-#  error "CURL_FORMAT_CURL_OFF_TU shall not be defined except in curlbuild.h"
+#error "CURL_FORMAT_CURL_OFF_TU shall not be defined except in curlbuild.h"
   Error Compilation_aborted_CURL_FORMAT_CURL_OFF_TU_already_defined
 #endif

 #ifdef CURL_FORMAT_OFF_T
-#  error "CURL_FORMAT_OFF_T shall not be defined except in curlbuild.h"
+#error "CURL_FORMAT_OFF_T shall not be defined except in curlbuild.h"
   Error Compilation_aborted_CURL_FORMAT_OFF_T_already_defined
 #endif

 #ifdef CURL_SIZEOF_CURL_OFF_T
-#  error "CURL_SIZEOF_CURL_OFF_T shall not be defined except in curlbuild.h"
+#error "CURL_SIZEOF_CURL_OFF_T shall not be defined except in curlbuild.h"
   Error Compilation_aborted_CURL_SIZEOF_CURL_OFF_T_already_defined
 #endif

 #ifdef CURL_SUFFIX_CURL_OFF_T
-#  error "CURL_SUFFIX_CURL_OFF_T shall not be defined except in curlbuild.h"
+#error "CURL_SUFFIX_CURL_OFF_T shall not be defined except in curlbuild.h"
   Error Compilation_aborted_CURL_SUFFIX_CURL_OFF_T_already_defined
 #endif

 #ifdef CURL_SUFFIX_CURL_OFF_TU
-#  error "CURL_SUFFIX_CURL_OFF_TU shall not be defined except in curlbuild.h"
+#error "CURL_SUFFIX_CURL_OFF_TU shall not be defined except in curlbuild.h"
   Error Compilation_aborted_CURL_SUFFIX_CURL_OFF_TU_already_defined
 #endif

@@ -110,71 +111,87 @@
 /*  EXTERNAL INTERFACE SETTINGS FOR CONFIGURE CAPABLE SYSTEMS ONLY  */
 /* ================================================================ */

+/* Configure process defines this to 1 when it finds out that system  */
+/* header file ws2tcpip.h must be included by the external interface. */
+#cmakedefine CURL_PULL_WS2TCPIP_H
+#ifdef CURL_PULL_WS2TCPIP_H
+#  ifndef WIN32_LEAN_AND_MEAN
+#    define WIN32_LEAN_AND_MEAN
+#  endif
+#  include <windows.h>
+#  include <winsock2.h>
+#  include <ws2tcpip.h>
+#endif
+
 /* Configure process defines this to 1 when it finds out that system   */
 /* header file sys/types.h must be included by the external interface. */
-#cmakedefine CURL_PULL_SYS_TYPES_H ${CURL_PULL_SYS_TYPES_H}
+#cmakedefine CURL_PULL_SYS_TYPES_H
 #ifdef CURL_PULL_SYS_TYPES_H
 #  include <sys/types.h>
 #endif

 /* Configure process defines this to 1 when it finds out that system */
 /* header file stdint.h must be included by the external interface.  */
-#cmakedefine CURL_PULL_STDINT_H ${CURL_PULL_STDINT_H}
+#cmakedefine CURL_PULL_STDINT_H
 #ifdef CURL_PULL_STDINT_H
 #  include <stdint.h>
 #endif

 /* Configure process defines this to 1 when it finds out that system  */
 /* header file inttypes.h must be included by the external interface. */
-#cmakedefine CURL_PULL_INTTYPES_H ${CURL_PULL_INTTYPES_H}
+#cmakedefine CURL_PULL_INTTYPES_H
 #ifdef CURL_PULL_INTTYPES_H
 #  include <inttypes.h>
 #endif

-/* The size of `long', as computed by sizeof. */
-#cmakedefine CURL_SIZEOF_LONG ${CURL_SIZEOF_LONG}
-
-/* Integral data type used for curl_socklen_t. */
-#cmakedefine CURL_TYPEOF_CURL_SOCKLEN_T ${CURL_TYPEOF_CURL_SOCKLEN_T}
-
-/* on windows socklen_t is in here */
-#ifdef _WIN32
-#  include <winsock2.h>
-#  include <ws2tcpip.h>
-#endif
-
-#ifdef HAVE_SYS_SOCKET_H
+/* Configure process defines this to 1 when it finds out that system    */
+/* header file sys/socket.h must be included by the external interface. */
+#cmakedefine CURL_PULL_SYS_SOCKET_H
+#ifdef CURL_PULL_SYS_SOCKET_H
 #  include <sys/socket.h>
 #endif

+/* Configure process defines this to 1 when it finds out that system  */
+/* header file sys/poll.h must be included by the external interface. */
+#cmakedefine CURL_PULL_SYS_POLL_H
+#ifdef CURL_PULL_SYS_POLL_H
+#  include <sys/poll.h>
+#endif
+
+/* The size of `long', as computed by sizeof. */
+#define CURL_SIZEOF_LONG ${CURL_SIZEOF_LONG}
+
+/* Integral data type used for curl_socklen_t. */
+#define CURL_TYPEOF_CURL_SOCKLEN_T ${CURL_TYPEOF_CURL_SOCKLEN_T}
+
+/* The size of `curl_socklen_t', as computed by sizeof. */
+#define CURL_SIZEOF_CURL_SOCKLEN_T ${CURL_SIZEOF_CURL_SOCKLEN_T}
+
 /* Data type definition of curl_socklen_t. */
 typedef CURL_TYPEOF_CURL_SOCKLEN_T curl_socklen_t;

-/* The size of `curl_socklen_t', as computed by sizeof. */
-#cmakedefine CURL_SIZEOF_CURL_SOCKLEN_T ${CURL_SIZEOF_CURL_SOCKLEN_T}
-
 /* Signed integral data type used for curl_off_t. */
-#cmakedefine CURL_TYPEOF_CURL_OFF_T ${CURL_TYPEOF_CURL_OFF_T}
+#define CURL_TYPEOF_CURL_OFF_T ${CURL_TYPEOF_CURL_OFF_T}

 /* Data type definition of curl_off_t. */
 typedef CURL_TYPEOF_CURL_OFF_T curl_off_t;

 /* curl_off_t formatting string directive without "%" conversion specifier. */
-#cmakedefine CURL_FORMAT_CURL_OFF_T "${CURL_FORMAT_CURL_OFF_T}"
+#define CURL_FORMAT_CURL_OFF_T "${CURL_FORMAT_CURL_OFF_T}"

 /* unsigned curl_off_t formatting string without "%" conversion specifier. */
-#cmakedefine CURL_FORMAT_CURL_OFF_TU "${CURL_FORMAT_CURL_OFF_TU}"
+#define CURL_FORMAT_CURL_OFF_TU "${CURL_FORMAT_CURL_OFF_TU}"

 /* curl_off_t formatting string directive with "%" conversion specifier. */
-#cmakedefine CURL_FORMAT_OFF_T "${CURL_FORMAT_OFF_T}"
+#define CURL_FORMAT_OFF_T "${CURL_FORMAT_OFF_T}"

 /* The size of `curl_off_t', as computed by sizeof. */
-#cmakedefine CURL_SIZEOF_CURL_OFF_T ${CURL_SIZEOF_CURL_OFF_T}
+#define CURL_SIZEOF_CURL_OFF_T ${CURL_SIZEOF_CURL_OFF_T}

 /* curl_off_t constant suffix. */
-#cmakedefine CURL_SUFFIX_CURL_OFF_T ${CURL_SUFFIX_CURL_OFF_T}
+#define CURL_SUFFIX_CURL_OFF_T ${CURL_SUFFIX_CURL_OFF_T}

 /* unsigned curl_off_t constant suffix. */
-#cmakedefine CURL_SUFFIX_CURL_OFF_TU ${CURL_SUFFIX_CURL_OFF_TU}
+#define CURL_SUFFIX_CURL_OFF_TU ${CURL_SUFFIX_CURL_OFF_TU}

 #endif /* __CURL_CURLBUILD_H */
--- a/include/curl/curlver.h
+++ b/include/curl/curlver.h
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -26,17 +26,17 @@
   a script at release-time. This was made its own header file in 7.11.2 */

 /* This is the global package copyright */
-#define LIBCURL_COPYRIGHT "1996 - 2013 Daniel Stenberg, <daniel@haxx.se>."
+#define LIBCURL_COPYRIGHT "1996 - 2014 Daniel Stenberg, <daniel@haxx.se>."

 /* This is the version number of the libcurl package from which this header
   file origins: */
-#define LIBCURL_VERSION "7.33.0-DEV"
+#define LIBCURL_VERSION "7.34.1-DEV"

 /* The numeric version number is also available "in parts" by using these
   defines: */
 #define LIBCURL_VERSION_MAJOR 7
-#define LIBCURL_VERSION_MINOR 33
-#define LIBCURL_VERSION_PATCH 0
+#define LIBCURL_VERSION_MINOR 34
+#define LIBCURL_VERSION_PATCH 1

 /* This is the numeric version of the libcurl version number, meant for easier
   parsing and comparions by programs. The LIBCURL_VERSION_NUM define will
@@ -53,7 +53,7 @@
   and it is always a greater number in a more recent release. It makes
   comparisons with greater than and less than work.
 */
-#define LIBCURL_VERSION_NUM 0x072100
+#define LIBCURL_VERSION_NUM 0x072201

 /*
 * This is the date and time when the full source package was created. The
--- a/include/curl/typecheck-gcc.h
+++ b/include/curl/typecheck-gcc.h
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -269,6 +269,7 @@ _CURL_WARNING(_curl_easy_getinfo_err_curl_slist,
   (option) == CURLOPT_DNS_INTERFACE ||                                       \
   (option) == CURLOPT_DNS_LOCAL_IP4 ||                                       \
   (option) == CURLOPT_DNS_LOCAL_IP6 ||                                       \
+   (option) == CURLOPT_LOGIN_OPTIONS ||                                       \
   0)

 /* evaluates to true if option takes a curl_write_callback argument */
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -60,20 +60,15 @@ CFLAGS += @CURL_CFLAG_EXTRAS@
 # $(top_builddir)/ares is for in-tree c-ares's generated ares_build.h file
 # $(top_srcdir)/ares is for in-tree c-ares's external include files

-if USE_EMBEDDED_ARES
-AM_CPPFLAGS = -I$(top_builddir)/include/curl \
-              -I$(top_builddir)/include      \
-              -I$(top_srcdir)/include        \
-              -I$(top_builddir)/lib          \
-              -I$(top_srcdir)/lib            \
-              -I$(top_builddir)/ares         \
-              -I$(top_srcdir)/ares
-else
 AM_CPPFLAGS = -I$(top_builddir)/include/curl \
              -I$(top_builddir)/include      \
              -I$(top_srcdir)/include        \
              -I$(top_builddir)/lib          \
              -I$(top_srcdir)/lib
+
+if USE_EMBEDDED_ARES
+AM_CPPFLAGS += -I$(top_builddir)/ares        \
+               -I$(top_srcdir)/ares
 endif

 # Prevent LIBS from being used for all link targets
--- a/lib/Makefile.inc
+++ b/lib/Makefile.inc
@@ -1,49 +1,65 @@
-# ./lib/Makefile.inc
-# Using the backslash as line continuation character might be problematic
-# with some make flavours, as Watcom's wmake showed us already. If we
-# ever want to change this in a portable manner then we should consider
-# this idea (posted to the libcurl list by Adam Kellas):
-# CSRC1 = file1.c file2.c file3.c
-# CSRC2 = file4.c file5.c file6.c
-# CSOURCES = $(CSRC1) $(CSRC2)
+#***************************************************************************
+#                                  _   _ ____  _
+#  Project                     ___| | | |  _ \| |
+#                             / __| | | | |_) | |
+#                            | (__| |_| |  _ <| |___
+#                             \___|\___/|_| \_\_____|
+#
+# Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+#
+# This software is licensed as described in the file COPYING, which
+# you should have received as part of this distribution. The terms
+# are also available at http://curl.haxx.se/docs/copyright.html.
+#
+# You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# copies of the Software, and permit persons to whom the Software is
+# furnished to do so, under the terms of the COPYING file.
+#
+# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# KIND, either express or implied.
+#
+###########################################################################
+
+VSOURCES=vtls/openssl.c vtls/gtls.c vtls/vtls.c vtls/nss.c vtls/qssl.c	\
+  vtls/polarssl.c vtls/polarssl_threadlock.c vtls/axtls.c vtls/cyassl.c	\
+  vtls/curl_schannel.c vtls/curl_darwinssl.c vtls/gskit.c
+VHEADERS= vtls/qssl.h vtls/openssl.h vtls/vtls.h vtls/gtls.h		\
+  vtls/nssg.h vtls/polarssl.h vtls/polarssl_threadlock.h vtls/axtls.h	\
+  vtls/cyassl.h vtls/curl_schannel.h vtls/curl_darwinssl.h vtls/gskit.h

 CSOURCES = file.c timeval.c base64.c hostip.c progress.c formdata.c	\
  cookie.c http.c sendf.c ftp.c url.c dict.c if2ip.c speedcheck.c	\
-  ldap.c ssluse.c version.c getenv.c escape.c mprintf.c telnet.c	\
-  netrc.c getinfo.c transfer.c strequal.c easy.c security.c      	\
-  curl_fnmatch.c fileinfo.c ftplistparser.c wildcard.c krb5.c		\
-  memdebug.c http_chunks.c strtok.c connect.c llist.c hash.c multi.c	\
-  content_encoding.c share.c http_digest.c md4.c md5.c	\
-  http_negotiate.c inet_pton.c strtoofft.c strerror.c amigaos.c		\
-  hostasyn.c hostip4.c hostip6.c hostsyn.c inet_ntop.c parsedate.c	\
-  select.c gtls.c sslgen.c tftp.c splay.c strdup.c socks.c ssh.c nss.c	\
-  qssl.c rawstr.c curl_addrinfo.c socks_gssapi.c socks_sspi.c		\
+  ldap.c version.c getenv.c escape.c mprintf.c telnet.c netrc.c		\
+  getinfo.c transfer.c strequal.c easy.c security.c curl_fnmatch.c	\
+  fileinfo.c ftplistparser.c wildcard.c krb5.c memdebug.c http_chunks.c	\
+  strtok.c connect.c llist.c hash.c multi.c content_encoding.c share.c	\
+  http_digest.c md4.c md5.c http_negotiate.c inet_pton.c strtoofft.c	\
+  strerror.c amigaos.c hostasyn.c hostip4.c hostip6.c hostsyn.c		\
+  inet_ntop.c parsedate.c select.c tftp.c splay.c strdup.c socks.c	\
+  ssh.c rawstr.c curl_addrinfo.c socks_gssapi.c socks_sspi.c		\
  curl_sspi.c slist.c nonblock.c curl_memrchr.c imap.c pop3.c smtp.c	\
-  pingpong.c rtsp.c curl_threads.c warnless.c hmac.c polarssl.c		\
-  polarssl_threadlock.c curl_rtmp.c openldap.c curl_gethostname.c	\
-  gopher.c axtls.c idn_win32.c http_negotiate_sspi.c cyassl.c		\
-  http_proxy.c non-ascii.c asyn-ares.c asyn-thread.c curl_gssapi.c	\
-  curl_ntlm.c curl_ntlm_wb.c curl_ntlm_core.c curl_ntlm_msgs.c		\
-  curl_sasl.c curl_schannel.c curl_multibyte.c curl_darwinssl.c		\
-  hostcheck.c bundles.c conncache.c pipeline.c dotdot.c x509asn1.c      \
-  gskit.c http2.c
+  pingpong.c rtsp.c curl_threads.c warnless.c hmac.c curl_rtmp.c	\
+  openldap.c curl_gethostname.c gopher.c idn_win32.c			\
+  http_negotiate_sspi.c http_proxy.c non-ascii.c asyn-ares.c		\
+  asyn-thread.c curl_gssapi.c curl_ntlm.c curl_ntlm_wb.c		\
+  curl_ntlm_core.c curl_ntlm_msgs.c curl_sasl.c curl_multibyte.c	\
+  hostcheck.c bundles.c conncache.c pipeline.c dotdot.c x509asn1.c	\
+  http2.c $(VSOURCES)

-HHEADERS = arpa_telnet.h netrc.h file.h timeval.h qssl.h hostip.h	\
-  progress.h formdata.h cookie.h http.h sendf.h ftp.h url.h dict.h	\
-  if2ip.h speedcheck.h urldata.h curl_ldap.h ssluse.h escape.h telnet.h	\
-  getinfo.h strequal.h curl_sec.h memdebug.h http_chunks.h		\
-  curl_fnmatch.h wildcard.h fileinfo.h ftplistparser.h strtok.h		\
-  connect.h llist.h hash.h content_encoding.h share.h curl_md4.h	\
-  curl_md5.h http_digest.h http_negotiate.h inet_pton.h amigaos.h	\
-  strtoofft.h strerror.h inet_ntop.h curlx.h curl_memory.h curl_setup.h	\
-  transfer.h select.h easyif.h multiif.h parsedate.h sslgen.h gtls.h	\
-  tftp.h sockaddr.h splay.h strdup.h socks.h ssh.h nssg.h curl_base64.h	\
-  rawstr.h curl_addrinfo.h curl_sspi.h slist.h nonblock.h		\
-  curl_memrchr.h imap.h pop3.h smtp.h pingpong.h rtsp.h curl_threads.h	\
-  warnless.h curl_hmac.h polarssl.h polarssl_threadlock.h curl_rtmp.h	\
-  curl_gethostname.h gopher.h axtls.h cyassl.h http_proxy.h non-ascii.h	\
-  asyn.h curl_ntlm.h curl_gssapi.h curl_ntlm_wb.h curl_ntlm_core.h	\
-  curl_ntlm_msgs.h curl_sasl.h curl_schannel.h curl_multibyte.h		\
-  curl_darwinssl.h hostcheck.h bundles.h conncache.h curl_setup_once.h	\
-  multihandle.h setup-vms.h pipeline.h dotdot.h x509asn1.h gskit.h	\
-  http2.h
+HHEADERS = arpa_telnet.h netrc.h file.h timeval.h hostip.h progress.h	\
+  formdata.h cookie.h http.h sendf.h ftp.h url.h dict.h if2ip.h		\
+  speedcheck.h urldata.h curl_ldap.h escape.h telnet.h getinfo.h	\
+  strequal.h curl_sec.h memdebug.h http_chunks.h curl_fnmatch.h		\
+  wildcard.h fileinfo.h ftplistparser.h strtok.h connect.h llist.h	\
+  hash.h content_encoding.h share.h curl_md4.h curl_md5.h http_digest.h	\
+  http_negotiate.h inet_pton.h amigaos.h strtoofft.h strerror.h		\
+  inet_ntop.h curlx.h curl_memory.h curl_setup.h transfer.h select.h	\
+  easyif.h multiif.h parsedate.h tftp.h sockaddr.h splay.h strdup.h	\
+  socks.h ssh.h curl_base64.h rawstr.h curl_addrinfo.h curl_sspi.h	\
+  slist.h nonblock.h curl_memrchr.h imap.h pop3.h smtp.h pingpong.h	\
+  rtsp.h curl_threads.h warnless.h curl_hmac.h curl_rtmp.h		\
+  curl_gethostname.h gopher.h http_proxy.h non-ascii.h asyn.h		\
+  curl_ntlm.h curl_gssapi.h curl_ntlm_wb.h curl_ntlm_core.h		\
+  curl_ntlm_msgs.h curl_sasl.h curl_multibyte.h hostcheck.h bundles.h	\
+  conncache.h curl_setup_once.h multihandle.h setup-vms.h pipeline.h	\
+  dotdot.h x509asn1.h http2.h sigpipe.h $(VHEADERS)
--- a/lib/Makefile.netware
+++ b/lib/Makefile.netware
@@ -315,10 +315,12 @@ endif
 # Makefile.inc provides the CSOURCES and HHEADERS defines
 include Makefile.inc

-OBJS	:= $(patsubst %.c,$(OBJDIR)/%.o,$(strip $(CSOURCES))) $(OBJDIR)/nwos.o
+OBJS	:= $(patsubst %.c,$(OBJDIR)/%.o,$(strip $(notdir $(CSOURCES)))) $(OBJDIR)/nwos.o

 OBJL	= $(OBJS) $(OBJDIR)/nwlib.o $(LDLIBS)

+vpath %.c . vtls
+
 all: lib nlm

 nlm: prebuild $(TARGET).nlm
--- a/lib/Makefile.vc6
+++ b/lib/Makefile.vc6
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1999 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1999 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -165,6 +165,18 @@ CC       = $(CCNODBG) $(RTLIB) $(CFLAGSSSL) $(CFLAGSLIB)
 CFGSET   = TRUE
 !ENDIF

+######################
+# release-winssl
+
+!IF "$(CFG)" == "release-winssl"
+TARGET   = $(LIBCURL_STA_LIB_REL)
+DIROBJ   = $(CFG)
+LFLAGSZLIB = "/LIBPATH:$(ZLIB_PATH)"
+LNK      = $(LNKLIB) /out:$(DIROBJ)\$(TARGET)
+CC       = $(CCNODBG) $(RTLIB) $(CFLAGSWINSSL) $(CFLAGSLIB)
+CFGSET   = TRUE
+!ENDIF
+
 ######################
 # release-zlib

@@ -601,8 +613,8 @@ X_OBJS= \
 	$(DIROBJ)\speedcheck.obj \
 	$(DIROBJ)\splay.obj \
 	$(DIROBJ)\ssh.obj \
-	$(DIROBJ)\sslgen.obj \
-	$(DIROBJ)\ssluse.obj \
+	$(DIROBJ)\vtls.obj \
+	$(DIROBJ)\openssl.obj \
 	$(DIROBJ)\strdup.obj \
 	$(DIROBJ)\strequal.obj \
 	$(DIROBJ)\strerror.obj \
@@ -641,6 +653,9 @@ $(DIROBJ):
 {.\}.c{$(DIROBJ)\}.obj:
 	$(CC) $(CFLAGS) /Fo"$@"  $<

+{.\vtls\}.c{$(DIROBJ)\}.obj:
+	$(CC) $(CFLAGS) /Fo"$@"  $<
+
 debug-dll\libcurl.res \
 debug-dll-ssl-dll\libcurl.res \
 debug-dll-zlib-dll\libcurl.res \
--- a/lib/asyn-ares.c
+++ b/lib/asyn-ares.c
@@ -645,10 +645,10 @@ CURLcode Curl_set_dns_local_ip4(struct SessionHandle *data,
                                const char *local_ip4)
 {
 #if (ARES_VERSION >= 0x010704)
-  uint32_t a4;
+  struct in_addr a4;

  if((!local_ip4) || (local_ip4[0] == 0)) {
-    a4 = 0; /* disabled: do not bind to a specific address */
+    a4.s_addr = 0; /* disabled: do not bind to a specific address */
  }
  else {
    if(Curl_inet_pton(AF_INET, local_ip4, &a4) != 1) {
@@ -656,7 +656,7 @@ CURLcode Curl_set_dns_local_ip4(struct SessionHandle *data,
    }
  }

-  ares_set_local_ip4((ares_channel)data->state.resolver, ntohl(a4));
+  ares_set_local_ip4((ares_channel)data->state.resolver, ntohl(a4.s_addr));

  return CURLE_OK;
 #else /* c-ares version too old! */
--- a/lib/asyn-thread.c
+++ b/lib/asyn-thread.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -209,7 +209,7 @@ int init_thread_sync_data(struct thread_sync_data * tsd,
  memset(tsd, 0, sizeof(*tsd));

  tsd->port = port;
-#ifdef CURLRES_IPV6
+#ifdef HAVE_GETADDRINFO
  DEBUGASSERT(hints);
  tsd->hints = *hints;
 #else
--- a/lib/base64.c
+++ b/lib/base64.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -40,29 +40,45 @@
 static const char table64[]=
  "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";

-static void decodeQuantum(unsigned char *dest, const char *src)
+static size_t decodeQuantum(unsigned char *dest, const char *src)
 {
+  size_t padding = 0;
  const char *s, *p;
  unsigned long i, v, x = 0;

  for(i = 0, s = src; i < 4; i++, s++) {
    v = 0;
-    p = table64;
-    while(*p && (*p != *s)) {
-      v++;
-      p++;
-    }
-    if(*p == *s)
-      x = (x << 6) + v;
-    else if(*s == '=')
+
+    if(*s == '=') {
      x = (x << 6);
+      padding++;
+    }
+    else {
+      p = table64;
+
+      while(*p && (*p != *s)) {
+        v++;
+        p++;
+      }
+
+      if(*p == *s)
+        x = (x << 6) + v;
+      else
+        return 0;
+    }
  }

-  dest[2] = curlx_ultouc(x & 0xFFUL);
+  if(padding < 1)
+    dest[2] = curlx_ultouc(x & 0xFFUL);
+
  x >>= 8;
-  dest[1] = curlx_ultouc(x & 0xFFUL);
+  if(padding < 2)
+    dest[1] = curlx_ultouc(x & 0xFFUL);
+
  x >>= 8;
  dest[0] = curlx_ultouc(x & 0xFFUL);
+
+  return 3 - padding;
 }

 /*
@@ -82,58 +98,71 @@ static void decodeQuantum(unsigned char *dest, const char *src)
 CURLcode Curl_base64_decode(const char *src,
                            unsigned char **outptr, size_t *outlen)
 {
+  size_t srclen = 0;
  size_t length = 0;
-  size_t equalsTerm = 0;
+  size_t padding = 0;
  size_t i;
+  size_t result;
  size_t numQuantums;
-  unsigned char lastQuantum[3];
  size_t rawlen = 0;
+  unsigned char *pos;
  unsigned char *newstr;

  *outptr = NULL;
  *outlen = 0;
+  srclen = strlen(src);

+  /* Check the length of the input string is valid */
+  if(!srclen || srclen % 4)
+    return CURLE_BAD_CONTENT_ENCODING;
+
+  /* Find the position of any = padding characters */
  while((src[length] != '=') && src[length])
    length++;
+
  /* A maximum of two = padding characters is allowed */
  if(src[length] == '=') {
-    equalsTerm++;
-    if(src[length+equalsTerm] == '=')
-      equalsTerm++;
+    padding++;
+    if(src[length + 1] == '=')
+      padding++;
  }
-  numQuantums = (length + equalsTerm) / 4;

-  /* Don't allocate a buffer if the decoded length is 0 */
-  if(numQuantums == 0)
-    return CURLE_OK;
+  /* Check the = padding characters weren't part way through the input */
+  if(length + padding != srclen)
+    return CURLE_BAD_CONTENT_ENCODING;

-  rawlen = (numQuantums * 3) - equalsTerm;
+  /* Calculate the number of quantums */
+  numQuantums = srclen / 4;

-  /* The buffer must be large enough to make room for the last quantum
-  (which may be partially thrown out) and the zero terminator. */
-  newstr = malloc(rawlen+4);
+  /* Calculate the size of the decoded string */
+  rawlen = (numQuantums * 3) - padding;
+
+  /* Allocate our buffer including room for a zero terminator */
+  newstr = malloc(rawlen + 1);
  if(!newstr)
    return CURLE_OUT_OF_MEMORY;

-  *outptr = newstr;
+  pos = newstr;

-  /* Decode all but the last quantum (which may not decode to a
-  multiple of 3 bytes) */
-  for(i = 0; i < numQuantums - 1; i++) {
-    decodeQuantum(newstr, src);
-    newstr += 3; src += 4;
+  /* Decode the quantums */
+  for(i = 0; i < numQuantums; i++) {
+    result = decodeQuantum(pos, src);
+    if(!result) {
+      Curl_safefree(newstr);
+
+      return CURLE_BAD_CONTENT_ENCODING;
+    }
+
+    pos += result;
+    src += 4;
  }

-  /* This final decode may actually read slightly past the end of the buffer
-  if the input string is missing pad bytes.  This will almost always be
-  harmless. */
-  decodeQuantum(lastQuantum, src);
-  for(i = 0; i < 3 - equalsTerm; i++)
-    newstr[i] = lastQuantum[i];
+  /* Zero terminate */
+  *pos = '\0';

-  newstr[i] = '\0'; /* zero terminate */
-
-  *outlen = rawlen; /* return size of decoded data */
+  /* Return the decoded data */
+  *outptr = newstr;
+  *outlen = rawlen;

  return CURLE_OK;
 }
--- a/lib/config-os400.h
+++ b/lib/config-os400.h
@@ -529,10 +529,10 @@
 #define SEND_TYPE_RETV int

 /* Define to use the QsoSSL package. */
-#define USE_QSOSSL
+#undef USE_QSOSSL

 /* Define to use the GSKit package. */
-#undef USE_GSKIT
+#define USE_GSKIT

 /* Use the system keyring as the default CA bundle. */
 #define CURL_CA_BUNDLE  "/QIBM/UserData/ICSS/Cert/Server/DEFAULT.KDB"
--- a/lib/conncache.c
+++ b/lib/conncache.c
@@ -6,7 +6,7 @@
 *                             \___|\___/|_| \_\_____|
 *
 * Copyright (C) 2012, Linus Nielsen Feltzing, <linus@haxx.se>
- * Copyright (C) 2012 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2012 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -166,10 +166,13 @@ void Curl_conncache_remove_conn(struct conncache *connc,
    if(bundle->num_connections == 0) {
      conncache_remove_bundle(connc, bundle);
    }
-    connc->num_connections--;

-    DEBUGF(infof(conn->data, "The cache now contains %d members\n",
-                 connc->num_connections));
+    if(connc) {
+      connc->num_connections--;
+
+      DEBUGF(infof(conn->data, "The cache now contains %d members\n",
+                   connc->num_connections));
+    }
  }
 }

--- a/lib/connect.c
+++ b/lib/connect.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -71,7 +71,7 @@
 #include "sockaddr.h" /* required for Curl_sockaddr_storage */
 #include "inet_ntop.h"
 #include "inet_pton.h"
-#include "sslgen.h" /* for Curl_ssl_check_cxn() */
+#include "vtls/vtls.h" /* for Curl_ssl_check_cxn() */
 #include "progress.h"
 #include "warnless.h"
 #include "conncache.h"
@@ -164,8 +164,7 @@ tcpkeepalive(struct SessionHandle *data,
 static CURLcode
 singleipconnect(struct connectdata *conn,
                const Curl_addrinfo *ai, /* start connecting to this */
-                curl_socket_t *sock,
-                bool *connected);
+                curl_socket_t *sock);

 /*
 * Curl_timeleft() returns the amount of milliseconds left allowed for the
@@ -233,45 +232,6 @@ long Curl_timeleft(struct SessionHandle *data,
  return timeout_ms;
 }

-/*
- * checkconnect() checks for a TCP connect on the given socket.
- * It returns:
- */
-
-enum chkconn_t {
-  CHKCONN_SELECT_ERROR = -1,
-  CHKCONN_CONNECTED    = 0,
-  CHKCONN_IDLE         = 1,
-  CHKCONN_FDSET_ERROR  = 2
-};
-
-static enum chkconn_t
-checkconnect(curl_socket_t sockfd)
-{
-  int rc;
-#ifdef mpeix
-  /* Call this function once now, and ignore the results. We do this to
-     "clear" the error state on the socket so that we can later read it
-     reliably. This is reported necessary on the MPE/iX operating system. */
-  (void)verifyconnect(sockfd, NULL);
-#endif
-
-  rc = Curl_socket_ready(CURL_SOCKET_BAD, sockfd, 0);
-
-  if(-1 == rc)
-    /* error, no connect here, try next */
-    return CHKCONN_SELECT_ERROR;
-
-  else if(rc & CURL_CSELECT_ERR)
-    /* error condition caught */
-    return CHKCONN_FDSET_ERROR;
-
-  else if(rc)
-    return CHKCONN_CONNECTED;
-
-  return CHKCONN_IDLE;
-}
-
 static CURLcode bindlocal(struct connectdata *conn,
                          curl_socket_t sockfd, int af)
 {
@@ -573,42 +533,57 @@ static bool verifyconnect(curl_socket_t sockfd, int *error)
   more address exists or error */
 static CURLcode trynextip(struct connectdata *conn,
                          int sockindex,
-                          bool *connected)
+                          int tempindex)
 {
-  curl_socket_t sockfd;
-  Curl_addrinfo *ai;
+  CURLcode rc = CURLE_COULDNT_CONNECT;

  /* First clean up after the failed socket.
     Don't close it yet to ensure that the next IP's socket gets a different
     file descriptor, which can prevent bugs when the curl_multi_socket_action
     interface is used with certain select() replacements such as kqueue. */
-  curl_socket_t fd_to_close = conn->sock[sockindex];
-  conn->sock[sockindex] = CURL_SOCKET_BAD;
-  *connected = FALSE;
+  curl_socket_t fd_to_close = conn->tempsock[tempindex];
+  conn->tempsock[tempindex] = CURL_SOCKET_BAD;

-  if(sockindex != FIRSTSOCKET) {
-    Curl_closesocket(conn, fd_to_close);
-    return CURLE_COULDNT_CONNECT; /* no next */
-  }
+  if(sockindex == FIRSTSOCKET) {
+    Curl_addrinfo *ai;
+    int family;

-  /* try the next address */
-  ai = conn->ip_addr->ai_next;
-
-  while(ai) {
-    CURLcode res = singleipconnect(conn, ai, &sockfd, connected);
-    if(res)
-      return res;
-    if(sockfd != CURL_SOCKET_BAD) {
-      /* store the new socket descriptor */
-      conn->sock[sockindex] = sockfd;
-      conn->ip_addr = ai;
-      Curl_closesocket(conn, fd_to_close);
-      return CURLE_OK;
+    if(conn->tempaddr[tempindex]) {
+      /* find next address in the same protocol family */
+      family = conn->tempaddr[tempindex]->ai_family;
+      ai = conn->tempaddr[tempindex]->ai_next;
+    }
+    else {
+      /* happy eyeballs - try the other protocol family */
+      int firstfamily = conn->tempaddr[0]->ai_family;
+#ifdef ENABLE_IPV6
+      family = (firstfamily == AF_INET) ? AF_INET6 : AF_INET;
+#else
+      family = firstfamily;
+#endif
+      ai = conn->tempaddr[0]->ai_next;
+    }
+
+    while(ai) {
+      while(ai && ai->ai_family != family)
+        ai = ai->ai_next;
+
+      if(ai) {
+        rc = singleipconnect(conn, ai, &conn->tempsock[tempindex]);
+        conn->tempaddr[tempindex] = ai;
+        if(rc == CURLE_COULDNT_CONNECT) {
+          ai = ai->ai_next;
+          continue;
+        }
+      }
+      break;
    }
-    ai = ai->ai_next;
  }
-  Curl_closesocket(conn, fd_to_close);
-  return CURLE_COULDNT_CONNECT;
+
+  if(fd_to_close != CURL_SOCKET_BAD)
+    Curl_closesocket(conn, fd_to_close);
+
+  return rc;
 }

 /* Copies connection info into the session handle to make it available
@@ -682,6 +657,10 @@ void Curl_updateconninfo(struct connectdata *conn, curl_socket_t sockfd)
  struct Curl_sockaddr_storage ssloc;
  struct SessionHandle *data = conn->data;

+  if(conn->socktype == SOCK_DGRAM)
+    /* there's no connection! */
+    return;
+
  if(!conn->bits.reuse) {

    len = sizeof(struct Curl_sockaddr_storage);
@@ -707,6 +686,7 @@ void Curl_updateconninfo(struct connectdata *conn, curl_socket_t sockfd)
            error, Curl_strerror(conn, error));
      return;
    }
+    memcpy(conn->ip_addr_str, conn->primary_ip, MAX_IPADR_LEN);

    if(!getaddressinfo((struct sockaddr*)&ssloc,
                       conn->local_ip, &conn->local_port)) {
@@ -732,11 +712,11 @@ CURLcode Curl_is_connected(struct connectdata *conn,
 {
  struct SessionHandle *data = conn->data;
  CURLcode code = CURLE_OK;
-  curl_socket_t sockfd = conn->sock[sockindex];
-  long allow = DEFAULT_CONNECT_TIMEOUT;
+  long allow;
  int error = 0;
  struct timeval now;
-  enum chkconn_t chk;
+  int result;
+  int i;

  DEBUGASSERT(sockindex >= FIRSTSOCKET && sockindex <= SECONDARYSOCKET);

@@ -759,69 +739,104 @@ CURLcode Curl_is_connected(struct connectdata *conn,
    return CURLE_OPERATION_TIMEDOUT;
  }

-  /* check socket for connect */
-  chk = checkconnect(sockfd);
-  if(CHKCONN_IDLE == chk) {
-    if(curlx_tvdiff(now, conn->connecttime) >= conn->timeoutms_per_addr) {
-      infof(data, "After %ldms connect time, move on!\n",
-            conn->timeoutms_per_addr);
-      goto next;
+  for(i=0; i<2; i++) {
+    if(conn->tempsock[i] == CURL_SOCKET_BAD)
+      continue;
+
+#ifdef mpeix
+    /* Call this function once now, and ignore the results. We do this to
+       "clear" the error state on the socket so that we can later read it
+       reliably. This is reported necessary on the MPE/iX operating system. */
+    (void)verifyconnect(conn->tempsock[i], NULL);
+#endif
+
+    /* check socket for connect */
+    result = Curl_socket_ready(CURL_SOCKET_BAD, conn->tempsock[i], 0);
+
+    if(result == 0) { /* no connection yet */
+      if(curlx_tvdiff(now, conn->connecttime) >= conn->timeoutms_per_addr) {
+        infof(data, "After %ldms connect time, move on!\n",
+              conn->timeoutms_per_addr);
+        error = ETIMEDOUT;
+      }
+
+      /* should we try another protocol family? */
+      if(i == 0 && conn->tempaddr[1] == NULL &&
+         curlx_tvdiff(now, conn->connecttime) >= HAPPY_EYEBALLS_TIMEOUT) {
+        trynextip(conn, sockindex, 1);
+      }
    }
+    else if(result == CURL_CSELECT_OUT) {
+      if(verifyconnect(conn->tempsock[i], &error)) {
+        /* we are connected with TCP, awesome! */
+        int other = i ^ 1;

-    /* not an error, but also no connection yet */
-    return code;
-  }
+        /* use this socket from now on */
+        conn->sock[sockindex] = conn->tempsock[i];
+        conn->ip_addr = conn->tempaddr[i];
+        conn->tempsock[i] = CURL_SOCKET_BAD;

-  if(CHKCONN_CONNECTED == chk) {
-    if(verifyconnect(sockfd, &error)) {
-      /* we are connected with TCP, awesome! */
+        /* close the other socket, if open */
+        if(conn->tempsock[other] != CURL_SOCKET_BAD) {
+          Curl_closesocket(conn, conn->tempsock[other]);
+          conn->tempsock[other] = CURL_SOCKET_BAD;
+        }

-      /* see if we need to do any proxy magic first once we connected */
-      code = Curl_connected_proxy(conn);
-      if(code)
-        return code;
+        /* see if we need to do any proxy magic first once we connected */
+        code = Curl_connected_proxy(conn, sockindex);
+        if(code)
+          return code;

-      conn->bits.tcpconnect[sockindex] = TRUE;
+        conn->bits.tcpconnect[sockindex] = TRUE;

-      *connected = TRUE;
-      if(sockindex == FIRSTSOCKET)
-        Curl_pgrsTime(data, TIMER_CONNECT); /* connect done */
-      Curl_verboseconnect(conn);
-      Curl_updateconninfo(conn, sockfd);
+        *connected = TRUE;
+        if(sockindex == FIRSTSOCKET)
+          Curl_pgrsTime(data, TIMER_CONNECT); /* connect done */
+        Curl_updateconninfo(conn, conn->sock[sockindex]);
+        Curl_verboseconnect(conn);

-      return CURLE_OK;
+        return CURLE_OK;
+      }
+      else
+        infof(data, "Connection failed\n");
    }
-    /* nope, not connected for real */
-  }
-  else {
-    /* nope, not connected  */
-    if(CHKCONN_FDSET_ERROR == chk) {
-      (void)verifyconnect(sockfd, &error);
-      infof(data, "%s\n",Curl_strerror(conn, error));
+    else if(result & CURL_CSELECT_ERR)
+      (void)verifyconnect(conn->tempsock[i], &error);
+
+    /*
+     * The connection failed here, we should attempt to connect to the "next
+     * address" for the given host. But first remember the latest error.
+     */
+    if(error) {
+      char ipaddress[MAX_IPADR_LEN];
+      data->state.os_errno = error;
+      SET_SOCKERRNO(error);
+      Curl_printable_address(conn->tempaddr[i], ipaddress, MAX_IPADR_LEN);
+      infof(data, "connect to %s port %ld failed: %s\n",
+            ipaddress, conn->port, Curl_strerror(conn, error));
+
+      conn->timeoutms_per_addr = conn->tempaddr[i]->ai_next == NULL ?
+                                 allow : allow / 2;
+
+      code = trynextip(conn, sockindex, i);
    }
-    else
-      infof(data, "Connection failed\n");
  }

-  /*
-   * The connection failed here, we should attempt to connect to the "next
-   * address" for the given host. But first remember the latest error.
-   */
-  if(error) {
-    data->state.os_errno = error;
-    SET_SOCKERRNO(error);
-  }
-  next:
-
-  conn->timeoutms_per_addr = conn->ip_addr->ai_next == NULL ?
-                             allow : allow / 2;
-  code = trynextip(conn, sockindex, connected);
-
  if(code) {
-    error = SOCKERRNO;
-    data->state.os_errno = error;
-    failf(data, "Failed connect to %s:%ld; %s",
-          conn->host.name, conn->port, Curl_strerror(conn, error));
+    /* no more addresses to try */
+
+    /* if the first address family runs out of addresses to try before
+       the happy eyeball timeout, go ahead and try the next family now */
+    if(conn->tempaddr[1] == NULL) {
+      int rc;
+      rc = trynextip(conn, sockindex, 1);
+      if(rc == CURLE_OK)
+        return CURLE_OK;
+    }
+
+    failf(data, "Failed to connect to %s port %ld: %s",
+          conn->bits.proxy?conn->proxy.name:conn->host.name,
+          conn->port, Curl_strerror(conn, error));
  }

  return code;
@@ -901,19 +916,40 @@ void Curl_sndbufset(curl_socket_t sockfd)
  int val = CURL_MAX_WRITE_SIZE + 32;
  int curval = 0;
  int curlen = sizeof(curval);
+  DWORD majorVersion = 6;

-  OSVERSIONINFO osver;
  static int detectOsState = DETECT_OS_NONE;

  if(detectOsState == DETECT_OS_NONE) {
+#if !defined(_WIN32_WINNT) || !defined(_WIN32_WINNT_WIN2K) || \
+    (_WIN32_WINNT < _WIN32_WINNT_WIN2K)
+    OSVERSIONINFO osver;
+
    memset(&osver, 0, sizeof(osver));
    osver.dwOSVersionInfoSize = sizeof(osver);
+
    detectOsState = DETECT_OS_PREVISTA;
    if(GetVersionEx(&osver)) {
-      if(osver.dwMajorVersion >= 6)
+      if(osver.dwMajorVersion >= majorVersion)
        detectOsState = DETECT_OS_VISTA_OR_LATER;
    }
+#else
+    ULONGLONG majorVersionMask;
+    OSVERSIONINFOEX osver;
+
+    memset(&osver, 0, sizeof(osver));
+    osver.dwOSVersionInfoSize = sizeof(osver);
+    osver.dwMajorVersion = majorVersion;
+    majorVersionMask = VerSetConditionMask(0, VER_MAJORVERSION,
+                                           VER_GREATER_EQUAL);
+
+    if(VerifyVersionInfo(&osver, VER_MAJORVERSION, majorVersionMask))
+      detectOsState = DETECT_OS_VISTA_OR_LATER;
+    else
+      detectOsState = DETECT_OS_PREVISTA;
+#endif
  }
+
  if(detectOsState == DETECT_OS_VISTA_OR_LATER)
    return;

@@ -925,7 +961,6 @@ void Curl_sndbufset(curl_socket_t sockfd)
 }
 #endif

-
 /*
 * singleipconnect()
 *
@@ -938,8 +973,7 @@ void Curl_sndbufset(curl_socket_t sockfd)
 static CURLcode
 singleipconnect(struct connectdata *conn,
                const Curl_addrinfo *ai,
-                curl_socket_t *sockp,
-                bool *connected)
+                curl_socket_t *sockp)
 {
  struct Curl_sockaddr_ex addr;
  int rc;
@@ -948,9 +982,10 @@ singleipconnect(struct connectdata *conn,
  struct SessionHandle *data = conn->data;
  curl_socket_t sockfd;
  CURLcode res = CURLE_OK;
+  char ipaddress[MAX_IPADR_LEN];
+  long port;

  *sockp = CURL_SOCKET_BAD;
-  *connected = FALSE; /* default is not connected */

  res = Curl_socket(conn, ai, &addr, &sockfd);
  if(res)
@@ -961,7 +996,7 @@ singleipconnect(struct connectdata *conn,

  /* store remote address and port used in this connection attempt */
  if(!getaddressinfo((struct sockaddr*)&addr.sa_addr,
-                     conn->primary_ip, &conn->primary_port)) {
+                     ipaddress, &port)) {
    /* malformed address or bug in inet_ntop, try next address */
    error = ERRNO;
    failf(data, "sa_addr inet_ntop() failed with errno %d: %s",
@@ -969,10 +1004,7 @@ singleipconnect(struct connectdata *conn,
    Curl_closesocket(conn, sockfd);
    return CURLE_OK;
  }
-  memcpy(conn->ip_addr_str, conn->primary_ip, MAX_IPADR_LEN);
-  infof(data, "  Trying %s...\n", conn->ip_addr_str);
-
-  Curl_persistconninfo(conn);
+  infof(data, "  Trying %s...\n", ipaddress);

  if(data->set.tcp_nodelay)
    tcpnodelay(conn, sockfd);
@@ -1033,7 +1065,7 @@ singleipconnect(struct connectdata *conn,
 #endif

  if(-1 == rc) {
-    switch (error) {
+    switch(error) {
    case EINPROGRESS:
    case EWOULDBLOCK:
 #if defined(EAGAIN)
@@ -1045,25 +1077,25 @@ singleipconnect(struct connectdata *conn,
    case EAGAIN:
 #endif
 #endif
-      *sockp = sockfd;
-      return CURLE_OK;
+      res = CURLE_OK;
+      break;

    default:
      /* unknown error, fallthrough and try another address! */
-      failf(data, "Failed to connect to %s: %s",
-            conn->ip_addr_str, Curl_strerror(conn,error));
+      infof(data, "Immediate connect fail for %s: %s\n",
+            ipaddress, Curl_strerror(conn,error));
      data->state.os_errno = error;

      /* connect failed */
      Curl_closesocket(conn, sockfd);
-
-      break;
+      res = CURLE_COULDNT_CONNECT;
    }
  }
-  else
+
+  if(!res)
    *sockp = sockfd;

-  return CURLE_OK;
+  return res;
 }

 /*
@@ -1073,29 +1105,13 @@ singleipconnect(struct connectdata *conn,
 */

 CURLcode Curl_connecthost(struct connectdata *conn,  /* context */
-                          const struct Curl_dns_entry *remotehost,
-                          curl_socket_t *sockconn,   /* the connected socket */
-                          Curl_addrinfo **addr,      /* the one we used */
-                          bool *connected)           /* really connected? */
+                          const struct Curl_dns_entry *remotehost)
 {
  struct SessionHandle *data = conn->data;
-  curl_socket_t sockfd = CURL_SOCKET_BAD;
-  Curl_addrinfo *ai;
-  Curl_addrinfo *curr_addr;
-
-  struct timeval after;
  struct timeval before = Curl_tvnow();
+  CURLcode res = CURLE_COULDNT_CONNECT;

-  /*************************************************************
-   * Figure out what maximum time we have left
-   *************************************************************/
-  long timeout_ms;
-
-  DEBUGASSERT(sockconn);
-  *connected = FALSE; /* default to not connected */
-
-  /* get the timeout left */
-  timeout_ms = Curl_timeleft(data, &before, TRUE);
+  long timeout_ms = Curl_timeleft(data, &before, TRUE);

  if(timeout_ms < 0) {
    /* a precaution, no need to continue if time already is up */
@@ -1104,57 +1120,26 @@ CURLcode Curl_connecthost(struct connectdata *conn,  /* context */
  }

  conn->num_addr = Curl_num_addresses(remotehost->addr);
+  conn->tempaddr[0] = remotehost->addr;
+  conn->tempaddr[1] = NULL;
+  conn->tempsock[0] = CURL_SOCKET_BAD;
+  conn->tempsock[1] = CURL_SOCKET_BAD;
+  Curl_expire(conn->data, HAPPY_EYEBALLS_TIMEOUT);

-  ai = remotehost->addr;
+  /* Max time for the next connection attempt */
+  conn->timeoutms_per_addr =
+    conn->tempaddr[0]->ai_next == NULL ? timeout_ms : timeout_ms / 2;

-  /* Below is the loop that attempts to connect to all IP-addresses we
-   * know for the given host. One by one until one IP succeeds.
-   */
-
-  /*
-   * Connecting with a Curl_addrinfo chain
-   */
-  for(curr_addr = ai; curr_addr; curr_addr = curr_addr->ai_next) {
-    CURLcode res;
-
-    /* Max time for the next address */
-    conn->timeoutms_per_addr = curr_addr->ai_next == NULL ?
-                               timeout_ms : timeout_ms / 2;
-
-    /* start connecting to the IP curr_addr points to */
-    res = singleipconnect(conn, curr_addr,
-                          &sockfd, connected);
-    if(res)
-      return res;
-
-    if(sockfd != CURL_SOCKET_BAD)
-      break;
-
-    /* get a new timeout for next attempt */
-    after = Curl_tvnow();
-    timeout_ms -= Curl_tvdiff(after, before);
-    if(timeout_ms < 0) {
-      failf(data, "connect() timed out!");
-      return CURLE_OPERATION_TIMEDOUT;
-    }
-    before = after;
-  }  /* end of connect-to-each-address loop */
-
-  *sockconn = sockfd;    /* the socket descriptor we've connected */
-
-  if(sockfd == CURL_SOCKET_BAD) {
-    /* no good connect was made */
-    failf(data, "couldn't connect to %s at %s:%ld",
-          conn->bits.proxy?"proxy":"host",
-          conn->bits.proxy?conn->proxy.name:conn->host.name, conn->port);
-    return CURLE_COULDNT_CONNECT;
+  /* start connecting to first IP */
+  while(conn->tempaddr[0]) {
+    res = singleipconnect(conn, conn->tempaddr[0], &(conn->tempsock[0]));
+    if(res == CURLE_OK)
+        break;
+    conn->tempaddr[0] = conn->tempaddr[0]->ai_next;
  }

-  /* leave the socket in non-blocking mode */
-
-  /* store the address we use */
-  if(addr)
-    *addr = curr_addr;
+  if(conn->tempsock[0] == CURL_SOCKET_BAD)
+    return res;

  data->info.numconnects++; /* to track the number of connections made */

--- a/lib/connect.h
+++ b/lib/connect.h
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -31,11 +31,7 @@ CURLcode Curl_is_connected(struct connectdata *conn,
                           bool *connected);

 CURLcode Curl_connecthost(struct connectdata *conn,
-                          const struct Curl_dns_entry *host, /* connect to
-                                                                this */
-                          curl_socket_t *sockconn, /* not set if error */
-                          Curl_addrinfo **addr, /* the one we used */
-                          bool *connected); /* truly connected? */
+                          const struct Curl_dns_entry *host);

 /* generic function that returns how much time there's left to run, according
   to the timeouts set */
@@ -44,6 +40,8 @@ long Curl_timeleft(struct SessionHandle *data,
                   bool duringconnect);

 #define DEFAULT_CONNECT_TIMEOUT 300000 /* milliseconds == five minutes */
+#define HAPPY_EYEBALLS_TIMEOUT     200 /* milliseconds to wait between
+                                          ipv4/ipv6 connection attempts */

 /*
 * Used to extract socket and connectdata struct for the most recent
--- a/lib/cookie.c
+++ b/lib/cookie.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -489,9 +489,6 @@ Curl_cookie_add(struct SessionHandle *data,
            badcookie = TRUE;
            break;
          }
-          co->expires =
-            strtol((*co->maxage=='\"')?&co->maxage[1]:&co->maxage[0],NULL,10)
-            + (long)now;
        }
        else if(Curl_raw_equal("expires", name)) {
          strstore(&co->expirestr, whatptr);
@@ -499,17 +496,6 @@ Curl_cookie_add(struct SessionHandle *data,
            badcookie = TRUE;
            break;
          }
-          /* Note that if the date couldn't get parsed for whatever reason,
-             the cookie will be treated as a session cookie */
-          co->expires = curl_getdate(what, &now);
-
-          /* Session cookies have expires set to 0 so if we get that back
-             from the date parser let's add a second to make it a
-             non-session cookie */
-          if(co->expires == 0)
-            co->expires = 1;
-          else if(co->expires < 0)
-            co->expires = 0;
        }
        else if(!co->name) {
          co->name = strdup(name);
@@ -544,6 +530,30 @@ Curl_cookie_add(struct SessionHandle *data,
        semiptr=strchr(ptr, '\0');
    } while(semiptr);

+    if(co->maxage) {
+      co->expires =
+        curlx_strtoofft((*co->maxage=='\"')?
+                        &co->maxage[1]:&co->maxage[0], NULL, 10);
+      if(CURL_OFF_T_MAX - now < co->expires)
+        /* avoid overflow */
+        co->expires = CURL_OFF_T_MAX;
+      else
+        co->expires += now;
+    }
+    else if(co->expirestr) {
+      /* Note that if the date couldn't get parsed for whatever reason,
+         the cookie will be treated as a session cookie */
+      co->expires = curl_getdate(co->expirestr, NULL);
+
+      /* Session cookies have expires set to 0 so if we get that back
+         from the date parser let's add a second to make it a
+         non-session cookie */
+      if(co->expires == 0)
+        co->expires = 1;
+      else if(co->expires < 0)
+        co->expires = 0;
+    }
+
    if(!badcookie && !co->domain) {
      if(domain) {
        /* no domain was given in the header line, set the default */
@@ -815,7 +825,7 @@ Curl_cookie_add(struct SessionHandle *data,
  if(c->running)
    /* Only show this when NOT reading the cookies from a file */
    infof(data, "%s cookie %s=\"%s\" for domain %s, path %s, "
-          "expire %" FORMAT_OFF_T "\n",
+          "expire %" CURL_FORMAT_CURL_OFF_T "\n",
          replace_old?"Replaced":"Added", co->name, co->value,
          co->domain, co->path, co->expires);

@@ -1172,7 +1182,7 @@ static char *get_netscape_format(const struct Cookie *co)
    "%s\t"   /* tailmatch */
    "%s\t"   /* path */
    "%s\t"   /* secure */
-    "%" FORMAT_OFF_T "\t"   /* expires */
+    "%" CURL_FORMAT_CURL_OFF_T "\t"   /* expires */
    "%s\t"   /* name */
    "%s",    /* value */
    co->httponly?"#HttpOnly_":"",
--- a/lib/curl_ntlm.c
+++ b/lib/curl_ntlm.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -46,7 +46,7 @@
 #include <curl/mprintf.h>

 #if defined(USE_NSS)
-#include "nssg.h"
+#include "vtls/nssg.h"
 #elif defined(USE_WINDOWS_SSPI)
 #include "curl_sspi.h"
 #endif
@@ -77,10 +77,6 @@ CURLcode Curl_input_ntlm(struct connectdata *conn,

  ntlm = proxy ? &conn->proxyntlm : &conn->ntlm;

-  /* skip initial whitespaces */
-  while(*header && ISSPACE(*header))
-    header++;
-
  if(checkprefix("NTLM", header)) {
    header += strlen("NTLM");

--- a/lib/curl_ntlm_msgs.c
+++ b/lib/curl_ntlm_msgs.c
@@ -47,7 +47,7 @@
 #  include "curl_sspi.h"
 #endif

-#include "sslgen.h"
+#include "vtls/vtls.h"

 #define BUILDING_CURL_NTLM_MSGS_C
 #include "curl_ntlm_msgs.h"
--- a/lib/curl_ntlm_wb.c
+++ b/lib/curl_ntlm_wb.c
@@ -356,7 +356,7 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn,
    conn->response_header = NULL;
    break;
  case NTLMSTATE_TYPE2:
-    input = aprintf("TT %s", conn->challenge_header);
+    input = aprintf("TT %s\n", conn->challenge_header);
    if(!input)
      return CURLE_OUT_OF_MEMORY;
    res = ntlm_wb_response(conn, input, ntlm->state);
--- a/lib/curl_sasl.c
+++ b/lib/curl_sasl.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 2012 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2012 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -23,6 +23,7 @@
 * RFC4422 Simple Authentication and Security Layer (SASL)
 * RFC4616 PLAIN authentication
 * RFC6749 OAuth 2.0 Authorization Framework
+ * Draft   LOGIN SASL Mechanism <draft-murchison-sasl-login-00.txt>
 *
 ***************************************************************************/

@@ -33,13 +34,17 @@

 #include "curl_base64.h"
 #include "curl_md5.h"
-#include "sslgen.h"
+#include "vtls/vtls.h"
 #include "curl_hmac.h"
 #include "curl_ntlm_msgs.h"
 #include "curl_sasl.h"
 #include "warnless.h"
 #include "curl_memory.h"

+#ifdef USE_NSS
+#include "vtls/nssg.h" /* for Curl_nss_force_init() */
+#endif
+
 #define _MPRINTF_REPLACE /* use our functions only */
 #include <curl/mprintf.h>

@@ -50,7 +55,7 @@
 /* Retrieves the value for a corresponding key from the challenge string
 * returns TRUE if the key could be found, FALSE if it does not exists
 */
-static bool sasl_digest_get_key_value(const unsigned char *chlg,
+static bool sasl_digest_get_key_value(const char *chlg,
                                      const char *key,
                                      char *value,
                                      size_t max_val_len,
@@ -59,7 +64,7 @@ static bool sasl_digest_get_key_value(const unsigned char *chlg,
  char *find_pos;
  size_t i;

-  find_pos = strstr((const char *) chlg, key);
+  find_pos = strstr(chlg, key);
  if(!find_pos)
    return FALSE;

@@ -163,7 +168,37 @@ CURLcode Curl_sasl_create_login_message(struct SessionHandle *data,
 }

 #ifndef CURL_DISABLE_CRYPTO_AUTH
-/*
+ /*
+ * Curl_sasl_decode_cram_md5_message()
+ *
+ * This is used to decode an already encoded CRAM-MD5 challenge message.
+ *
+ * Parameters:
+ *
+ * chlg64  [in]     - Pointer to the base64 encoded challenge message.
+ * outptr  [in/out] - The address where a pointer to newly allocated memory
+ *                    holding the result will be stored upon completion.
+ * outlen  [out]    - The length of the output message.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_sasl_decode_cram_md5_message(const char *chlg64, char **outptr,
+                                           size_t *outlen)
+{
+  CURLcode result = CURLE_OK;
+  size_t chlg64len = strlen(chlg64);
+
+  *outptr = NULL;
+  *outlen = 0;
+
+  /* Decode the challenge if necessary */
+  if(chlg64len && *chlg64 != '=')
+    result = Curl_base64_decode(chlg64, (unsigned char **) outptr, outlen);
+
+    return result;
+ }
+
+ /*
 * Curl_sasl_create_cram_md5_message()
 *
 * This is used to generate an already encoded CRAM-MD5 response message ready
@@ -172,7 +207,7 @@ CURLcode Curl_sasl_create_login_message(struct SessionHandle *data,
 * Parameters:
 *
 * data    [in]     - The session handle.
- * chlg64  [in]     - Pointer to the base64 encoded challenge buffer.
+ * chlg    [in]     - The challenge.
 * userp   [in]     - The user name.
 * passdwp [in]     - The user's password.
 * outptr  [in/out] - The address where a pointer to newly allocated memory
@@ -182,47 +217,36 @@ CURLcode Curl_sasl_create_login_message(struct SessionHandle *data,
 * Returns CURLE_OK on success.
 */
 CURLcode Curl_sasl_create_cram_md5_message(struct SessionHandle *data,
-                                           const char *chlg64,
+                                           const char *chlg,
                                           const char *userp,
                                           const char *passwdp,
                                           char **outptr, size_t *outlen)
 {
  CURLcode result = CURLE_OK;
-  size_t chlg64len = strlen(chlg64);
-  unsigned char *chlg = (unsigned char *) NULL;
  size_t chlglen = 0;
  HMAC_context *ctxt;
  unsigned char digest[MD5_DIGEST_LEN];
  char *response;

-  /* Decode the challenge if necessary */
-  if(chlg64len && *chlg64 != '=') {
-    result = Curl_base64_decode(chlg64, &chlg, &chlglen);
-
-    if(result)
-      return result;
-  }
+  if(chlg)
+    chlglen = strlen(chlg);

  /* Compute the digest using the password as the key */
  ctxt = Curl_HMAC_init(Curl_HMAC_MD5,
                        (const unsigned char *) passwdp,
                        curlx_uztoui(strlen(passwdp)));
-
-  if(!ctxt) {
-    Curl_safefree(chlg);
+  if(!ctxt)
    return CURLE_OUT_OF_MEMORY;
-  }

  /* Update the digest with the given challenge */
  if(chlglen > 0)
-    Curl_HMAC_update(ctxt, chlg, curlx_uztoui(chlglen));
-
-  Curl_safefree(chlg);
+    Curl_HMAC_update(ctxt, (const unsigned char *) chlg,
+                     curlx_uztoui(chlglen));

  /* Finalise the digest */
  Curl_HMAC_final(ctxt, digest);

-  /* Prepare the response */
+  /* Generate the response */
  response = aprintf(
      "%s %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
           userp, digest[0], digest[1], digest[2], digest[3], digest[4],
@@ -231,13 +255,74 @@ CURLcode Curl_sasl_create_cram_md5_message(struct SessionHandle *data,
  if(!response)
    return CURLE_OUT_OF_MEMORY;

-  /* Base64 encode the reply */
+  /* Base64 encode the response */
  result = Curl_base64_encode(data, response, 0, outptr, outlen);

  Curl_safefree(response);
+
  return result;
 }

+/*
+ * Curl_sasl_decode_digest_md5_message()
+ *
+ * This is used to decode an already encoded DIGEST-MD5 challenge message.
+ *
+ * Parameters:
+ *
+ * chlg64  [in]     - Pointer to the base64 encoded challenge message.
+ * nonce   [in/out] - The buffer where the nonce will be stored.
+ * nlen    [in]     - The length of the nonce buffer.
+ * realm   [in/out] - The buffer where the realm will be stored.
+ * rlen    [in]     - The length of the realm buffer.
+ * alg     [in/out] - The buffer where the algorithm will be stored.
+ * alen    [in]     - The length of the algorithm buffer.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_sasl_decode_digest_md5_message(const char *chlg64,
+                                             char *nonce, size_t nlen,
+                                             char *realm, size_t rlen,
+                                             char *alg, size_t alen)
+{
+  CURLcode result = CURLE_OK;
+  unsigned char *chlg = NULL;
+  size_t chlglen = 0;
+  size_t chlg64len = strlen(chlg64);
+
+  if(chlg64len && *chlg64 != '=') {
+    result = Curl_base64_decode(chlg64, &chlg, &chlglen);
+    if(result)
+      return result;
+  }
+
+  /* Ensure we have a valid challenge message */
+  if(!chlg)
+    return CURLE_BAD_CONTENT_ENCODING;
+
+  /* Retrieve nonce string from the challenge */
+  if(!sasl_digest_get_key_value((char *)chlg, "nonce=\"", nonce, nlen, '\"')) {
+    Curl_safefree(chlg);
+    return CURLE_BAD_CONTENT_ENCODING;
+  }
+
+  /* Retrieve realm string from the challenge */
+  if(!sasl_digest_get_key_value((char *)chlg, "realm=\"", realm, rlen, '\"')) {
+    /* Challenge does not have a realm, set empty string [RFC2831] page 6 */
+    strcpy(realm, "");
+  }
+
+  /* Retrieve algorithm string from the challenge */
+  if(!sasl_digest_get_key_value((char *)chlg, "algorithm=", alg, alen, ',')) {
+    Curl_safefree(chlg);
+    return CURLE_BAD_CONTENT_ENCODING;
+  }
+
+  Curl_safefree(chlg);
+
+  return CURLE_OK;
+}
+
 /*
 * Curl_sasl_create_digest_md5_message()
 *
@@ -247,10 +332,11 @@ CURLcode Curl_sasl_create_cram_md5_message(struct SessionHandle *data,
 * Parameters:
 *
 * data    [in]     - The session handle.
- * chlg64  [in]     - Pointer to the base64 encoded challenge buffer.
+ * nonce   [in]     - The nonce.
+ * realm   [in]     - The realm.
 * userp   [in]     - The user name.
 * passdwp [in]     - The user's password.
- * service [in]     - The service type such as www, smtp or pop
+ * service [in]     - The service type such as www, smtp, pop or imap.
 * outptr  [in/out] - The address where a pointer to newly allocated memory
 *                    holding the result will be stored upon completion.
 * outlen  [out]    - The length of the output message.
@@ -258,71 +344,36 @@ CURLcode Curl_sasl_create_cram_md5_message(struct SessionHandle *data,
 * Returns CURLE_OK on success.
 */
 CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
-                                             const char *chlg64,
+                                             const char *nonce,
+                                             const char *realm,
                                             const char *userp,
                                             const char *passwdp,
                                             const char *service,
                                             char **outptr, size_t *outlen)
 {
+#ifndef DEBUGBUILD
  static const char table16[] = "0123456789abcdef";
-
+#endif
  CURLcode result = CURLE_OK;
-  unsigned char *chlg = (unsigned char *) NULL;
-  size_t chlglen = 0;
  size_t i;
  MD5_context *ctxt;
+  char *response = NULL;
  unsigned char digest[MD5_DIGEST_LEN];
  char HA1_hex[2 * MD5_DIGEST_LEN + 1];
  char HA2_hex[2 * MD5_DIGEST_LEN + 1];
  char resp_hash_hex[2 * MD5_DIGEST_LEN + 1];

-  char nonce[64];
-  char realm[128];
-  char alg[64];
  char nonceCount[] = "00000001";
  char cnonce[]     = "12345678"; /* will be changed */
  char method[]     = "AUTHENTICATE";
  char qop[]        = "auth";
  char uri[128];
-  char response[512];
-
-  result = Curl_base64_decode(chlg64, &chlg, &chlglen);
-
-  if(result)
-    return result;
-
-  if(!chlg)
-    return CURLE_LOGIN_DENIED;
-
-  /* Retrieve nonce string from the challenge */
-  if(!sasl_digest_get_key_value(chlg, "nonce=\"", nonce,
-                                sizeof(nonce), '\"')) {
-    Curl_safefree(chlg);
-    return CURLE_LOGIN_DENIED;
-  }
-
-  /* Retrieve realm string from the challenge */
-  if(!sasl_digest_get_key_value(chlg, "realm=\"", realm,
-                                sizeof(realm), '\"')) {
-    /* Challenge does not have a realm, set empty string [RFC2831] page 6 */
-    strcpy(realm, "");
-  }
-
-  /* Retrieve algorithm string from the challenge */
-  if(!sasl_digest_get_key_value(chlg, "algorithm=", alg, sizeof(alg), ',')) {
-    Curl_safefree(chlg);
-    return CURLE_LOGIN_DENIED;
-  }
-
-  Curl_safefree(chlg);
-
-  /* We do not support other algorithms */
-  if(strcmp(alg, "md5-sess") != 0)
-    return CURLE_LOGIN_DENIED;

+#ifndef DEBUGBUILD
  /* Generate 64 bits of random data */
  for(i = 0; i < 8; i++)
    cnonce[i] = table16[Curl_rand(data)%16];
+#endif

  /* So far so good, now calculate A1 and H(A1) according to RFC 2831 */
  ctxt = Curl_MD5_init(Curl_DIGEST_MD5);
@@ -401,14 +452,20 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
  for(i = 0; i < MD5_DIGEST_LEN; i++)
    snprintf(&resp_hash_hex[2 * i], 3, "%02x", digest[i]);

-  snprintf(response, sizeof(response),
-           "username=\"%s\",realm=\"%s\",nonce=\"%s\","
-           "cnonce=\"%s\",nc=\"%s\",digest-uri=\"%s\",response=%s",
-           userp, realm, nonce,
-           cnonce, nonceCount, uri, resp_hash_hex);
+  /* Generate the response */
+  response = aprintf("username=\"%s\",realm=\"%s\",nonce=\"%s\","
+                     "cnonce=\"%s\",nc=\"%s\",digest-uri=\"%s\",response=%s",
+                     userp, realm, nonce,
+                     cnonce, nonceCount, uri, resp_hash_hex);
+  if(!response)
+    return CURLE_OUT_OF_MEMORY;

-  /* Base64 encode the reply */
-  return Curl_base64_encode(data, response, 0, outptr, outlen);
+  /* Base64 encode the response */
+  result = Curl_base64_encode(data, response, 0, outptr, outlen);
+
+  Curl_safefree(response);
+
+  return result;
 }
 #endif

@@ -438,8 +495,36 @@ CURLcode Curl_sasl_create_ntlm_type1_message(const char *userp,
                                             struct ntlmdata *ntlm,
                                             char **outptr, size_t *outlen)
 {
-  return Curl_ntlm_create_type1_message(userp, passwdp, ntlm, outptr,
-                                        outlen);
+  return Curl_ntlm_create_type1_message(userp, passwdp, ntlm, outptr, outlen);
+}
+
+/*
+ * Curl_sasl_decode_ntlm_type2_message()
+ *
+ * This is used to decode an already encoded NTLM type-2 message.
+ *
+ * Parameters:
+ *
+ * data     [in]     - Pointer to session handle.
+ * type2msg [in]     - Pointer to the base64 encoded type-2 message.
+ * ntlm     [in/out] - The ntlm data struct being used and modified.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_sasl_decode_ntlm_type2_message(struct SessionHandle *data,
+                                             const char *type2msg,
+                                             struct ntlmdata *ntlm)
+{
+#ifdef USE_NSS
+  CURLcode result;
+
+  /* make sure the crypto backend is initialized */
+  result = Curl_nss_force_init(data);
+  if(result)
+    return result;
+#endif
+
+  return Curl_ntlm_decode_type2_message(data, type2msg, ntlm);
 }

 /*
@@ -451,7 +536,6 @@ CURLcode Curl_sasl_create_ntlm_type1_message(const char *userp,
 * Parameters:
 *
 * data    [in]     - Pointer to session handle.
- * header  [in]     - Pointer to the base64 encoded type-2 message buffer.
 * userp   [in]     - The user name in the format User or Domain\User.
 * passdwp [in]     - The user's password.
 * ntlm    [in/out] - The ntlm data struct being used and modified.
@@ -462,33 +546,27 @@ CURLcode Curl_sasl_create_ntlm_type1_message(const char *userp,
 * Returns CURLE_OK on success.
 */
 CURLcode Curl_sasl_create_ntlm_type3_message(struct SessionHandle *data,
-                                             const char *header,
                                             const char *userp,
                                             const char *passwdp,
                                             struct ntlmdata *ntlm,
                                             char **outptr, size_t *outlen)
 {
-  CURLcode result = Curl_ntlm_decode_type2_message(data, header, ntlm);
-
-  if(!result)
-    result = Curl_ntlm_create_type3_message(data, userp, passwdp, ntlm,
-                                            outptr, outlen);
-
-  return result;
+  return Curl_ntlm_create_type3_message(data, userp, passwdp, ntlm, outptr,
+                                        outlen);
 }
 #endif /* USE_NTLM */

 /*
 * Curl_sasl_create_xoauth2_message()
 *
- * This is used to generate an already encoded XOAUTH2 message ready
- * for sending to the recipient.
+ * This is used to generate an already encoded OAuth 2.0 message ready for
+ * sending to the recipient.
 *
 * Parameters:
 *
 * data    [in]     - The session handle.
 * user    [in]     - The user name.
- * bearer  [in]     - The XOAUTH Bearer token.
+ * bearer  [in]     - The bearer token.
 * outptr  [in/out] - The address where a pointer to newly allocated memory
 *                    holding the result will be stored upon completion.
 * outlen  [out]    - The length of the output message.
@@ -500,16 +578,20 @@ CURLcode Curl_sasl_create_xoauth2_message(struct SessionHandle *data,
                                          const char *bearer,
                                          char **outptr, size_t *outlen)
 {
-  char *xoauth;
+  CURLcode result = CURLE_OK;
+  char *xoauth = NULL;

+  /* Generate the message */
  xoauth = aprintf("user=%s\1auth=Bearer %s\1\1", user, bearer);
-
  if(!xoauth)
    return CURLE_OUT_OF_MEMORY;

  /* Base64 encode the reply */
-  return Curl_base64_encode(data, xoauth, strlen(xoauth), outptr,
-                            outlen);
+  result = Curl_base64_encode(data, xoauth, strlen(xoauth), outptr, outlen);
+
+  Curl_safefree(xoauth);
+
+  return result;
 }

 /*
--- a/lib/curl_sasl.h
+++ b/lib/curl_sasl.h
@@ -66,16 +66,27 @@ CURLcode Curl_sasl_create_login_message(struct SessionHandle *data,
                                        size_t *outlen);

 #ifndef CURL_DISABLE_CRYPTO_AUTH
+/* This is used to decode a base64 encoded CRAM-MD5 challange message */
+CURLcode Curl_sasl_decode_cram_md5_message(const char *chlg64, char **outptr,
+                                           size_t *outlen);
+
 /* This is used to generate a base64 encoded CRAM-MD5 response message */
 CURLcode Curl_sasl_create_cram_md5_message(struct SessionHandle *data,
-                                           const char *chlg64,
+                                           const char *chlg,
                                           const char *user,
                                           const char *passwdp,
                                           char **outptr, size_t *outlen);

+/* This is used to decode a base64 encoded DIGEST-MD5 challange message */
+CURLcode Curl_sasl_decode_digest_md5_message(const char *chlg64,
+                                             char *nonce, size_t nlen,
+                                             char *realm, size_t rlen,
+                                             char *alg, size_t alen);
+
 /* This is used to generate a base64 encoded DIGEST-MD5 response message */
 CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
-                                             const char *chlg64,
+                                             const char *nonce,
+                                             const char *realm,
                                             const char *user,
                                             const char *passwdp,
                                             const char *service,
@@ -90,10 +101,13 @@ CURLcode Curl_sasl_create_ntlm_type1_message(const char *userp,
                                             char **outptr,
                                             size_t *outlen);

-/* This is used to decode an incoming NTLM type-2 message and generate a
-   base64 encoded type-3 response */
+/* This is used to decode a base64 encoded NTLM type-2 message */
+CURLcode Curl_sasl_decode_ntlm_type2_message(struct SessionHandle *data,
+                                             const char *type2msg,
+                                             struct ntlmdata *ntlm);
+
+/* This is used to generate a base64 encoded NTLM type-3 message */
 CURLcode Curl_sasl_create_ntlm_type3_message(struct SessionHandle *data,
-                                             const char *header,
                                             const char *userp,
                                             const char *passwdp,
                                             struct ntlmdata *ntlm,
--- a/lib/curl_setup.h
+++ b/lib/curl_setup.h
@@ -139,29 +139,6 @@
   Error Compilation_aborted_SIZEOF_CURL_OFF_T_shall_not_be_defined
 #endif

-/*
- * Set up internal curl_off_t formatting string directives for
- * exclusive use with libcurl's internal *printf functions.
- */
-
-#ifdef FORMAT_OFF_T
-#  error "FORMAT_OFF_T shall not be defined before this point!"
-   Error Compilation_aborted_FORMAT_OFF_T_already_defined
-#endif
-
-#ifdef FORMAT_OFF_TU
-#  error "FORMAT_OFF_TU shall not be defined before this point!"
-   Error Compilation_aborted_FORMAT_OFF_TU_already_defined
-#endif
-
-#if (CURL_SIZEOF_CURL_OFF_T > CURL_SIZEOF_LONG)
-#  define FORMAT_OFF_T  "lld"
-#  define FORMAT_OFF_TU "llu"
-#else
-#  define FORMAT_OFF_T  "ld"
-#  define FORMAT_OFF_TU "lu"
-#endif
-
 /*
 * Disable other protocols when http is the only one desired.
 */
--- a/lib/curl_sspi.c
+++ b/lib/curl_sspi.c
@@ -68,25 +68,52 @@ PSecurityFunctionTable s_pSecFn = NULL;
 */
 CURLcode Curl_sspi_global_init(void)
 {
-  OSVERSIONINFO osver;
+  bool securityDll = FALSE;
  INITSECURITYINTERFACE_FN pInitSecurityInterface;

  /* If security interface is not yet initialized try to do this */
  if(!s_hSecDll) {
-
-    /* Find out Windows version */
-    memset(&osver, 0, sizeof(osver));
-    osver.dwOSVersionInfoSize = sizeof(osver);
-    if(!GetVersionEx(&osver))
-      return CURLE_FAILED_INIT;
-
    /* Security Service Provider Interface (SSPI) functions are located in
     * security.dll on WinNT 4.0 and in secur32.dll on Win9x. Win2K and XP
     * have both these DLLs (security.dll forwards calls to secur32.dll) */
+    DWORD majorVersion = 4;
+    DWORD platformId = VER_PLATFORM_WIN32_NT;
+
+#if !defined(_WIN32_WINNT) || !defined(_WIN32_WINNT_WIN2K) || \
+    (_WIN32_WINNT < _WIN32_WINNT_WIN2K)
+    OSVERSIONINFO osver;
+
+    memset(&osver, 0, sizeof(osver));
+    osver.dwOSVersionInfoSize = sizeof(osver);
+
+    /* Find out Windows version */
+    if(!GetVersionEx(&osver))
+      return CURLE_FAILED_INIT;
+
+    /* Verify the major version number == 4 and platform id == WIN_NT */
+    if(osver.dwMajorVersion == majorVersion &&
+       osver.dwPlatformId == platformId)
+      securityDll = TRUE;
+#else
+    ULONGLONG majorVersionMask;
+    ULONGLONG platformIdMask;
+    OSVERSIONINFOEX osver;
+
+    memset(&osver, 0, sizeof(osver));
+    osver.dwOSVersionInfoSize = sizeof(osver);
+    osver.dwMajorVersion = majorVersion;
+    osver.dwPlatformId = platformId;
+    majorVersionMask = VerSetConditionMask(0, VER_MAJORVERSION, VER_EQUAL);
+    platformIdMask = VerSetConditionMask(0, VER_PLATFORMID, VER_EQUAL);
+
+    /* Verify the major version number == 4 and platform id == WIN_NT */
+    if(VerifyVersionInfo(&osver, VER_MAJORVERSION, majorVersionMask) &&
+       VerifyVersionInfo(&osver, VER_PLATFORMID, platformIdMask))
+      securityDll = TRUE;
+#endif

    /* Load SSPI dll into the address space of the calling process */
-    if(osver.dwPlatformId == VER_PLATFORM_WIN32_NT
-      && osver.dwMajorVersion == 4)
+    if(securityDll)
      s_hSecDll = LoadLibrary(TEXT("security.dll"));
    else
      s_hSecDll = LoadLibrary(TEXT("secur32.dll"));
--- a/lib/curl_threads.c
+++ b/lib/curl_threads.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -63,32 +63,38 @@ static void *curl_thread_create_thunk(void *arg)

 curl_thread_t Curl_thread_create(unsigned int (*func) (void*), void *arg)
 {
-  curl_thread_t t;
+  curl_thread_t t = malloc(sizeof(pthread_t));
  struct curl_actual_call *ac = malloc(sizeof(struct curl_actual_call));
-  if(!ac)
-    return curl_thread_t_null;
+  if(!(ac && t))
+    goto err;

  ac->func = func;
  ac->arg = arg;

-  if(pthread_create(&t, NULL, curl_thread_create_thunk, ac) != 0) {
-    free(ac);
-    return curl_thread_t_null;
-  }
+  if(pthread_create(t, NULL, curl_thread_create_thunk, ac) != 0)
+    goto err;

  return t;
+
+err:
+  Curl_safefree(t);
+  Curl_safefree(ac);
+  return curl_thread_t_null;
 }

 void Curl_thread_destroy(curl_thread_t hnd)
 {
-  if(hnd != curl_thread_t_null)
-    pthread_detach(hnd);
+  if(hnd != curl_thread_t_null) {
+    pthread_detach(*hnd);
+    free(hnd);
+  }
 }

 int Curl_thread_join(curl_thread_t *hnd)
 {
-  int ret = (pthread_join(*hnd, NULL) == 0);
+  int ret = (pthread_join(**hnd, NULL) == 0);

+  free(*hnd);
  *hnd = curl_thread_t_null;

  return ret;
--- a/lib/curl_threads.h
+++ b/lib/curl_threads.h
@@ -26,8 +26,8 @@
 #if defined(USE_THREADS_POSIX)
 #  define CURL_STDCALL
 #  define curl_mutex_t           pthread_mutex_t
-#  define curl_thread_t          pthread_t
-#  define curl_thread_t_null     (pthread_t)0
+#  define curl_thread_t          pthread_t *
+#  define curl_thread_t_null     (pthread_t *)0
 #  define Curl_mutex_init(m)     pthread_mutex_init(m, NULL)
 #  define Curl_mutex_acquire(m)  pthread_mutex_lock(m)
 #  define Curl_mutex_release(m)  pthread_mutex_unlock(m)
--- a/lib/easy.c
+++ b/lib/easy.c
@@ -50,16 +50,11 @@
 #include <sys/param.h>
 #endif

-#if defined(HAVE_SIGNAL_H) && defined(HAVE_SIGACTION) && defined(USE_OPENSSL)
-#define SIGPIPE_IGNORE 1
-#include <signal.h>
-#endif
-
 #include "strequal.h"
 #include "urldata.h"
 #include <curl/curl.h>
 #include "transfer.h"
-#include "sslgen.h"
+#include "vtls/vtls.h"
 #include "url.h"
 #include "getinfo.h"
 #include "hostip.h"
@@ -78,6 +73,7 @@
 #include "warnless.h"
 #include "conncache.h"
 #include "multiif.h"
+#include "sigpipe.h"

 #define _MPRINTF_REPLACE /* use our functions only */
 #include <curl/mprintf.h>
@@ -85,56 +81,6 @@
 /* The last #include file should be: */
 #include "memdebug.h"

-#ifdef SIGPIPE_IGNORE
-struct sigpipe_ignore {
-  struct sigaction old_pipe_act;
-  bool no_signal;
-};
-
-#define SIGPIPE_VARIABLE(x) struct sigpipe_ignore x
-
-/*
- * sigpipe_ignore() makes sure we ignore SIGPIPE while running libcurl
- * internals, and then sigpipe_restore() will restore the situation when we
- * return from libcurl again.
- */
-static void sigpipe_ignore(struct SessionHandle *data,
-                           struct sigpipe_ignore *ig)
-{
-  /* get a local copy of no_signal because the SessionHandle might not be
-     around when we restore */
-  ig->no_signal = data->set.no_signal;
-  if(!data->set.no_signal) {
-    struct sigaction action;
-    /* first, extract the existing situation */
-    memset(&ig->old_pipe_act, 0, sizeof(struct sigaction));
-    sigaction(SIGPIPE, NULL, &ig->old_pipe_act);
-    action = ig->old_pipe_act;
-    /* ignore this signal */
-    action.sa_handler = SIG_IGN;
-    sigaction(SIGPIPE, &action, NULL);
-  }
-}
-
-/*
- * sigpipe_restore() puts back the outside world's opinion of signal handler
- * and SIGPIPE handling. It MUST only be called after a corresponding
- * sigpipe_ignore() was used.
- */
-static void sigpipe_restore(struct sigpipe_ignore *ig)
-{
-  if(!ig->no_signal)
-    /* restore the outside state */
-    sigaction(SIGPIPE, &ig->old_pipe_act, NULL);
-}
-
-#else
-/* for systems without sigaction */
-#define sigpipe_ignore(x,y) Curl_nop_stmt
-#define sigpipe_restore(x)  Curl_nop_stmt
-#define SIGPIPE_VARIABLE(x)
-#endif
-
 /* win32_cleanup() is for win32 socket cleanup functionality, the opposite
   of win32_init() */
 static void win32_cleanup(void)
--- a/lib/file.c
+++ b/lib/file.c
@@ -152,14 +152,14 @@ static CURLcode file_range(struct connectdata *conn)
    if((-1 == to) && (from>=0)) {
      /* X - */
      data->state.resume_from = from;
-      DEBUGF(infof(data, "RANGE %" FORMAT_OFF_T " to end of file\n",
+      DEBUGF(infof(data, "RANGE %" CURL_FORMAT_CURL_OFF_T " to end of file\n",
                   from));
    }
    else if(from < 0) {
      /* -Y */
      data->req.maxdownload = -from;
      data->state.resume_from = from;
-      DEBUGF(infof(data, "RANGE the last %" FORMAT_OFF_T " bytes\n",
+      DEBUGF(infof(data, "RANGE the last %" CURL_FORMAT_CURL_OFF_T " bytes\n",
                   -from));
    }
    else {
@@ -167,12 +167,13 @@ static CURLcode file_range(struct connectdata *conn)
      totalsize = to-from;
      data->req.maxdownload = totalsize+1; /* include last byte */
      data->state.resume_from = from;
-      DEBUGF(infof(data, "RANGE from %" FORMAT_OFF_T
-                   " getting %" FORMAT_OFF_T " bytes\n",
+      DEBUGF(infof(data, "RANGE from %" CURL_FORMAT_CURL_OFF_T
+                   " getting %" CURL_FORMAT_CURL_OFF_T " bytes\n",
                   from, data->req.maxdownload));
    }
-    DEBUGF(infof(data, "range-download from %" FORMAT_OFF_T
-                 " to %" FORMAT_OFF_T ", totally %" FORMAT_OFF_T " bytes\n",
+    DEBUGF(infof(data, "range-download from %" CURL_FORMAT_CURL_OFF_T
+                 " to %" CURL_FORMAT_CURL_OFF_T ", totally %"
+                 CURL_FORMAT_CURL_OFF_T " bytes\n",
                 from, to, data->req.maxdownload));
  }
  else
@@ -465,7 +466,7 @@ static CURLcode file_do(struct connectdata *conn, bool *done)
  if(data->set.opt_no_body && data->set.include_header && fstated) {
    CURLcode result;
    snprintf(buf, sizeof(data->state.buffer),
-             "Content-Length: %" FORMAT_OFF_T "\r\n", expected_size);
+             "Content-Length: %" CURL_FORMAT_CURL_OFF_T "\r\n", expected_size);
    result = Curl_client_write(conn, CLIENTWRITE_BOTH, buf, 0);
    if(result)
      return result;
--- a/lib/formdata.c
+++ b/lib/formdata.c
@@ -32,7 +32,7 @@

 #include "urldata.h" /* for struct SessionHandle */
 #include "formdata.h"
-#include "sslgen.h"
+#include "vtls/vtls.h"
 #include "strequal.h"
 #include "curl_memory.h"
 #include "sendf.h"
--- a/lib/ftp.c
+++ b/lib/ftp.c
@@ -62,7 +62,7 @@
 #include "curl_sec.h"
 #include "strtoofft.h"
 #include "strequal.h"
-#include "sslgen.h"
+#include "vtls/vtls.h"
 #include "connect.h"
 #include "strerror.h"
 #include "inet_ntop.h"
@@ -1802,23 +1802,87 @@ static CURLcode ftp_epsv_disable(struct connectdata *conn)
  return result;
 }

+/*
+ * Perform the necessary magic that needs to be done once the TCP connection
+ * to the proxy has completed.
+ */
+static CURLcode proxy_magic(struct connectdata *conn,
+                            char *newhost, unsigned short newport,
+                            bool *magicdone)
+{
+  CURLcode result = CURLE_OK;
+  struct SessionHandle *data=conn->data;
+
+  *magicdone = FALSE;
+  switch(conn->proxytype) {
+  case CURLPROXY_SOCKS5:
+  case CURLPROXY_SOCKS5_HOSTNAME:
+    result = Curl_SOCKS5(conn->proxyuser, conn->proxypasswd, newhost,
+                         newport, SECONDARYSOCKET, conn);
+    *magicdone = TRUE;
+    break;
+  case CURLPROXY_SOCKS4:
+    result = Curl_SOCKS4(conn->proxyuser, newhost, newport,
+                         SECONDARYSOCKET, conn, FALSE);
+    *magicdone = TRUE;
+    break;
+  case CURLPROXY_SOCKS4A:
+    result = Curl_SOCKS4(conn->proxyuser, newhost, newport,
+                         SECONDARYSOCKET, conn, TRUE);
+    *magicdone = TRUE;
+    break;
+  case CURLPROXY_HTTP:
+  case CURLPROXY_HTTP_1_0:
+    /* do nothing here. handled later. */
+    break;
+  default:
+    failf(data, "unknown proxytype option given");
+    result = CURLE_COULDNT_CONNECT;
+    break;
+  }
+
+  if(conn->bits.tunnel_proxy && conn->bits.httpproxy) {
+    /* BLOCKING */
+    /* We want "seamless" FTP operations through HTTP proxy tunnel */
+
+    /* Curl_proxyCONNECT is based on a pointer to a struct HTTP at the
+     * member conn->proto.http; we want FTP through HTTP and we have to
+     * change the member temporarily for connecting to the HTTP proxy. After
+     * Curl_proxyCONNECT we have to set back the member to the original
+     * struct FTP pointer
+     */
+    struct HTTP http_proxy;
+    struct FTP *ftp_save = data->req.protop;
+    memset(&http_proxy, 0, sizeof(http_proxy));
+    data->req.protop = &http_proxy;
+
+    result = Curl_proxyCONNECT(conn, SECONDARYSOCKET, newhost, newport);
+
+    data->req.protop = ftp_save;
+
+    if(result)
+      return result;
+
+    if(conn->tunnel_state[SECONDARYSOCKET] != TUNNEL_COMPLETE) {
+      /* the CONNECT procedure is not complete, the tunnel is not yet up */
+      state(conn, FTP_STOP); /* this phase is completed */
+      return result;
+    }
+    else
+      *magicdone = TRUE;
+  }
+  return result;
+}
+
 static CURLcode ftp_state_pasv_resp(struct connectdata *conn,
                                    int ftpcode)
 {
  struct ftp_conn *ftpc = &conn->proto.ftpc;
  CURLcode result;
  struct SessionHandle *data=conn->data;
-  Curl_addrinfo *conninfo;
  struct Curl_dns_entry *addr=NULL;
  int rc;
  unsigned short connectport; /* the local port connect() should use! */
-  unsigned short newport=0; /* remote port */
-  bool connected;
-
-  /* newhost must be able to hold a full IP-style address in ASCII, which
-     in the IPv6 case means 5*8-1 = 39 letters */
-#define NEWHOST_BUFSIZE 48
-  char newhost[NEWHOST_BUFSIZE];
  char *str=&data->state.buffer[4];  /* start on the first letter */

  if((ftpc->count1 == 0) &&
@@ -1851,7 +1915,7 @@ static CURLcode ftp_state_pasv_resp(struct connectdata *conn,
          return CURLE_FTP_WEIRD_PASV_REPLY;
        }
        if(ptr) {
-          newport = (unsigned short)(num & 0xffff);
+          ftpc->newport = (unsigned short)(num & 0xffff);

          if(conn->bits.tunnel_proxy ||
             conn->proxytype == CURLPROXY_SOCKS5 ||
@@ -1860,10 +1924,11 @@ static CURLcode ftp_state_pasv_resp(struct connectdata *conn,
             conn->proxytype == CURLPROXY_SOCKS4A)
            /* proxy tunnel -> use other host info because ip_addr_str is the
               proxy address not the ftp host */
-            snprintf(newhost, sizeof(newhost), "%s", conn->host.name);
+            snprintf(ftpc->newhost, sizeof(ftpc->newhost), "%s",
+                     conn->host.name);
          else
            /* use the same IP we are already connected to */
-            snprintf(newhost, NEWHOST_BUFSIZE, "%s", conn->ip_addr_str);
+            snprintf(ftpc->newhost, NEWHOST_BUFSIZE, "%s", conn->ip_addr_str);
        }
      }
      else
@@ -1916,14 +1981,15 @@ static CURLcode ftp_state_pasv_resp(struct connectdata *conn,
         conn->proxytype == CURLPROXY_SOCKS4A)
        /* proxy tunnel -> use other host info because ip_addr_str is the
           proxy address not the ftp host */
-        snprintf(newhost, sizeof(newhost), "%s", conn->host.name);
+        snprintf(ftpc->newhost, sizeof(ftpc->newhost), "%s", conn->host.name);
      else
-        snprintf(newhost, sizeof(newhost), "%s", conn->ip_addr_str);
+        snprintf(ftpc->newhost, sizeof(ftpc->newhost), "%s",
+                 conn->ip_addr_str);
    }
    else
-      snprintf(newhost, sizeof(newhost),
+      snprintf(ftpc->newhost, sizeof(ftpc->newhost),
               "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]);
-    newport = (unsigned short)(((port[0]<<8) + port[1]) & 0xffff);
+    ftpc->newport = (unsigned short)(((port[0]<<8) + port[1]) & 0xffff);
  }
  else if(ftpc->count1 == 0) {
    /* EPSV failed, move on to PASV */
@@ -1957,24 +2023,21 @@ static CURLcode ftp_state_pasv_resp(struct connectdata *conn,
  }
  else {
    /* normal, direct, ftp connection */
-    rc = Curl_resolv(conn, newhost, newport, &addr);
+    rc = Curl_resolv(conn, ftpc->newhost, ftpc->newport, &addr);
    if(rc == CURLRESOLV_PENDING)
      /* BLOCKING */
      (void)Curl_resolver_wait_resolv(conn, &addr);

-    connectport = newport; /* we connect to the remote port */
+    connectport = ftpc->newport; /* we connect to the remote port */

    if(!addr) {
-      failf(data, "Can't resolve new host %s:%hu", newhost, connectport);
+      failf(data, "Can't resolve new host %s:%hu", ftpc->newhost, connectport);
      return CURLE_FTP_CANT_GET_HOST;
    }
  }

-  result = Curl_connecthost(conn,
-                            addr,
-                            &conn->sock[SECONDARYSOCKET],
-                            &conninfo,
-                            &connected);
+  conn->bits.tcpconnect[SECONDARYSOCKET] = FALSE;
+  result = Curl_connecthost(conn, addr);

  Curl_resolv_unlock(data, addr); /* we're done using this address */

@@ -1985,88 +2048,17 @@ static CURLcode ftp_state_pasv_resp(struct connectdata *conn,
    return result;
  }

-  conn->bits.tcpconnect[SECONDARYSOCKET] = connected;

  /*
   * When this is used from the multi interface, this might've returned with
   * the 'connected' set to FALSE and thus we are now awaiting a non-blocking
-   * connect to connect and we should not be "hanging" here waiting.
+   * connect to connect.
   */

  if(data->set.verbose)
    /* this just dumps information about this second connection */
-    ftp_pasv_verbose(conn, conninfo, newhost, connectport);
+    ftp_pasv_verbose(conn, conn->ip_addr, ftpc->newhost, connectport);

-  switch(conn->proxytype) {
-    /* FIX: this MUST wait for a proper connect first if 'connected' is
-     * FALSE */
-  case CURLPROXY_SOCKS5:
-  case CURLPROXY_SOCKS5_HOSTNAME:
-    result = Curl_SOCKS5(conn->proxyuser, conn->proxypasswd, newhost, newport,
-                         SECONDARYSOCKET, conn);
-    connected = TRUE;
-    break;
-  case CURLPROXY_SOCKS4:
-    result = Curl_SOCKS4(conn->proxyuser, newhost, newport,
-                         SECONDARYSOCKET, conn, FALSE);
-    connected = TRUE;
-    break;
-  case CURLPROXY_SOCKS4A:
-    result = Curl_SOCKS4(conn->proxyuser, newhost, newport,
-                         SECONDARYSOCKET, conn, TRUE);
-    connected = TRUE;
-    break;
-  case CURLPROXY_HTTP:
-  case CURLPROXY_HTTP_1_0:
-    /* do nothing here. handled later. */
-    break;
-  default:
-    failf(data, "unknown proxytype option given");
-    result = CURLE_COULDNT_CONNECT;
-    break;
-  }
-
-  if(result) {
-    if(ftpc->count1 == 0 && ftpcode == 229)
-      return ftp_epsv_disable(conn);
-    return result;
-  }
-
-  if(conn->bits.tunnel_proxy && conn->bits.httpproxy) {
-    /* FIX: this MUST wait for a proper connect first if 'connected' is
-     * FALSE */
-
-    /* BLOCKING */
-    /* We want "seamless" FTP operations through HTTP proxy tunnel */
-
-    /* Curl_proxyCONNECT is based on a pointer to a struct HTTP at the member
-     * conn->proto.http; we want FTP through HTTP and we have to change the
-     * member temporarily for connecting to the HTTP proxy. After
-     * Curl_proxyCONNECT we have to set back the member to the original struct
-     * FTP pointer
-     */
-    struct HTTP http_proxy;
-    struct FTP *ftp_save = data->req.protop;
-    memset(&http_proxy, 0, sizeof(http_proxy));
-    data->req.protop = &http_proxy;
-
-    result = Curl_proxyCONNECT(conn, SECONDARYSOCKET, newhost, newport);
-
-    data->req.protop = ftp_save;
-
-    if(result)
-      return result;
-
-    if(conn->tunnel_state[SECONDARYSOCKET] != TUNNEL_COMPLETE) {
-      /* the CONNECT procedure is not complete, the tunnel is not yet up */
-      state(conn, FTP_STOP); /* this phase is completed */
-      conn->bits.tcpconnect[SECONDARYSOCKET] = FALSE;
-
-      return result;
-    }
-  }
-
-  conn->bits.tcpconnect[SECONDARYSOCKET] = connected;
  conn->bits.do_more = TRUE;
  state(conn, FTP_STOP); /* this phase is completed */

@@ -2271,8 +2263,8 @@ static CURLcode ftp_state_retr(struct connectdata *conn,
      if(data->state.resume_from< 0) {
        /* We're supposed to download the last abs(from) bytes */
        if(filesize < -data->state.resume_from) {
-          failf(data, "Offset (%" FORMAT_OFF_T
-                ") was beyond file size (%" FORMAT_OFF_T ")",
+          failf(data, "Offset (%" CURL_FORMAT_CURL_OFF_T
+                ") was beyond file size (%" CURL_FORMAT_CURL_OFF_T ")",
                data->state.resume_from, filesize);
          return CURLE_BAD_DOWNLOAD_RESUME;
        }
@@ -2283,8 +2275,8 @@ static CURLcode ftp_state_retr(struct connectdata *conn,
      }
      else {
        if(filesize < data->state.resume_from) {
-          failf(data, "Offset (%" FORMAT_OFF_T
-                ") was beyond file size (%" FORMAT_OFF_T ")",
+          failf(data, "Offset (%" CURL_FORMAT_CURL_OFF_T
+                ") was beyond file size (%" CURL_FORMAT_CURL_OFF_T ")",
                data->state.resume_from, filesize);
          return CURLE_BAD_DOWNLOAD_RESUME;
        }
@@ -2306,13 +2298,13 @@ static CURLcode ftp_state_retr(struct connectdata *conn,
    }

    /* Set resume file transfer offset */
-    infof(data, "Instructs server to resume from offset %" FORMAT_OFF_T
-          "\n", data->state.resume_from);
+    infof(data, "Instructs server to resume from offset %"
+          CURL_FORMAT_CURL_OFF_T "\n", data->state.resume_from);

-    PPSENDF(&ftpc->pp, "REST %" FORMAT_OFF_T, data->state.resume_from);
+    PPSENDF(&ftpc->pp, "REST %" CURL_FORMAT_CURL_OFF_T,
+            data->state.resume_from);

    state(conn, FTP_RETR_REST);
-
  }
  else {
    /* no resume */
@@ -2339,7 +2331,7 @@ static CURLcode ftp_state_size_resp(struct connectdata *conn,
 #ifdef CURL_FTP_HTTPSTYLE_HEAD
    if(-1 != filesize) {
      snprintf(buf, sizeof(data->state.buffer),
-               "Content-Length: %" FORMAT_OFF_T "\r\n", filesize);
+               "Content-Length: %" CURL_FORMAT_CURL_OFF_T "\r\n", filesize);
      result = Curl_client_write(conn, CLIENTWRITE_BOTH, buf, 0);
      if(result)
        return result;
@@ -2516,10 +2508,12 @@ static CURLcode ftp_state_get_resp(struct connectdata *conn,
    else if((instate != FTP_LIST) && (data->set.prefer_ascii))
      size = -1; /* kludge for servers that understate ASCII mode file size */

-    infof(data, "Maxdownload = %" FORMAT_OFF_T "\n", data->req.maxdownload);
+    infof(data, "Maxdownload = %" CURL_FORMAT_CURL_OFF_T "\n",
+          data->req.maxdownload);

    if(instate != FTP_LIST)
-      infof(data, "Getting file with size: %" FORMAT_OFF_T "\n", size);
+      infof(data, "Getting file with size: %" CURL_FORMAT_CURL_OFF_T "\n",
+            size);

    /* FTP download: */
    conn->proto.ftpc.state_saved = instate;
@@ -3375,8 +3369,8 @@ static CURLcode ftp_done(struct connectdata *conn, CURLcode status,
       (data->set.infilesize != *ftp->bytecountp) &&
       !data->set.crlf &&
       (ftp->transfer == FTPTRANSFER_BODY)) {
-      failf(data, "Uploaded unaligned file size (%" FORMAT_OFF_T
-            " out of %" FORMAT_OFF_T " bytes)",
+      failf(data, "Uploaded unaligned file size (%" CURL_FORMAT_CURL_OFF_T
+            " out of %" CURL_FORMAT_CURL_OFF_T " bytes)",
            *ftp->bytecountp, data->set.infilesize);
      result = CURLE_PARTIAL_FILE;
    }
@@ -3393,8 +3387,8 @@ static CURLcode ftp_done(struct connectdata *conn, CURLcode status,
        *ftp->bytecountp) &&
 #endif /* CURL_DO_LINEEND_CONV */
       (data->req.maxdownload != *ftp->bytecountp)) {
-      failf(data, "Received only partial file: %" FORMAT_OFF_T " bytes",
-            *ftp->bytecountp);
+      failf(data, "Received only partial file: %" CURL_FORMAT_CURL_OFF_T
+            " bytes", *ftp->bytecountp);
      result = CURLE_PARTIAL_FILE;
    }
    else if(!ftpc->dont_check &&
@@ -3559,26 +3553,27 @@ static CURLcode ftp_range(struct connectdata *conn)
    if((-1 == to) && (from>=0)) {
      /* X - */
      data->state.resume_from = from;
-      DEBUGF(infof(conn->data, "FTP RANGE %" FORMAT_OFF_T " to end of file\n",
-                   from));
+      DEBUGF(infof(conn->data, "FTP RANGE %" CURL_FORMAT_CURL_OFF_T
+                   " to end of file\n", from));
    }
    else if(from < 0) {
      /* -Y */
      data->req.maxdownload = -from;
      data->state.resume_from = from;
-      DEBUGF(infof(conn->data, "FTP RANGE the last %" FORMAT_OFF_T " bytes\n",
-                   -from));
+      DEBUGF(infof(conn->data, "FTP RANGE the last %" CURL_FORMAT_CURL_OFF_T
+                   " bytes\n", -from));
    }
    else {
      /* X-Y */
      data->req.maxdownload = (to-from)+1; /* include last byte */
      data->state.resume_from = from;
-      DEBUGF(infof(conn->data, "FTP RANGE from %" FORMAT_OFF_T
-                   " getting %" FORMAT_OFF_T " bytes\n",
+      DEBUGF(infof(conn->data, "FTP RANGE from %" CURL_FORMAT_CURL_OFF_T
+                   " getting %" CURL_FORMAT_CURL_OFF_T " bytes\n",
                   from, data->req.maxdownload));
    }
-    DEBUGF(infof(conn->data, "range-download from %" FORMAT_OFF_T
-                 " to %" FORMAT_OFF_T ", totally %" FORMAT_OFF_T " bytes\n",
+    DEBUGF(infof(conn->data, "range-download from %" CURL_FORMAT_CURL_OFF_T
+                 " to %" CURL_FORMAT_CURL_OFF_T ", totally %"
+                 CURL_FORMAT_CURL_OFF_T " bytes\n",
                 from, to, data->req.maxdownload));
    ftpc->dont_check = TRUE; /* dont check for successful transfer */
  }
@@ -3625,6 +3620,10 @@ static CURLcode ftp_do_more(struct connectdata *conn, int *completep)
    /* Ready to do more? */
    if(connected) {
      DEBUGF(infof(data, "DO-MORE connected phase starts\n"));
+      if(conn->bits.proxy) {
+        infof(data, "Connection to proxy confirmed\n");
+        result = proxy_magic(conn, ftpc->newhost, ftpc->newport, &connected);
+      }
    }
    else {
      if(result && (ftpc->count1 == 0)) {
--- a/lib/ftp.h
+++ b/lib/ftp.h
@@ -147,6 +147,12 @@ struct ftp_conn {
  curl_off_t known_filesize; /* file size is different from -1, if wildcard
                                LIST parsing was done and wc_statemach set
                                it */
+  /* newhost must be able to hold a full IP-style address in ASCII, which
+     in the IPv6 case means 5*8-1 = 39 letters */
+#define NEWHOST_BUFSIZE 48
+  char newhost[NEWHOST_BUFSIZE]; /* this is the pair to connect the DATA... */
+  unsigned short newport;        /* connection to */
+
 };

 #define DEFAULT_ACCEPT_TIMEOUT   60000 /* milliseconds == one minute */
--- a/lib/ftplistparser.c
+++ b/lib/ftplistparser.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -449,9 +449,12 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
            finfo->b_data[parser->item_length - 1] = 0;
            if(strncmp("total ", finfo->b_data, 6) == 0) {
              char *endptr = finfo->b_data+6;
-              /* here we can deal with directory size */
+              /* here we can deal with directory size, pass the leading white
+                 spaces and then the digits */
              while(ISSPACE(*endptr))
                endptr++;
+              while(ISDIGIT(*endptr))
+                endptr++;
              if(*endptr != 0) {
                PL_ERROR(conn, CURLE_FTP_BAD_FILE_LIST);
                return bufflen;
--- a/lib/getinfo.c
+++ b/lib/getinfo.c
@@ -28,7 +28,7 @@
 #include "getinfo.h"

 #include "curl_memory.h"
-#include "sslgen.h"
+#include "vtls/vtls.h"
 #include "connect.h" /* Curl_getconnectinfo() */
 #include "progress.h"

@@ -277,7 +277,57 @@ static CURLcode getinfo_slist(struct SessionHandle *data, CURLINFO info,
    ptr.to_certinfo = &data->info.certs;
    *param_slistp = ptr.to_slist;
    break;
+  case CURLINFO_TLS_SESSION:
+    {
+      struct curl_tlssessioninfo **tsip = (struct curl_tlssessioninfo **)
+                                          param_slistp;
+      struct curl_tlssessioninfo *tsi = &data->tsi;
+      struct connectdata *conn = data->easy_conn;
+      unsigned int sockindex = 0;

+      *tsip = tsi;
+      tsi->backend = CURLSSLBACKEND_NONE;
+      tsi->internals = NULL;
+
+      if(!conn)
+        break;
+
+      /* Find the active ("in use") SSL connection, if any */
+      while((sockindex < sizeof(conn->ssl) / sizeof(conn->ssl[0])) &&
+            (!conn->ssl[sockindex].use))
+        sockindex++;
+
+      if(sockindex == sizeof(conn->ssl) / sizeof(conn->ssl[0]))
+        break; /* no SSL session found */
+
+      /* Return the TLS session information from the relevant backend */
+#ifdef USE_SSLEAY
+      tsi->backend = CURLSSLBACKEND_OPENSSL;
+      tsi->internals = conn->ssl[sockindex].ctx;
+#endif
+#ifdef USE_GNUTLS
+      tsi->backend = CURLSSLBACKEND_GNUTLS;
+      tsi->internals = conn->ssl[sockindex].session;
+#endif
+#ifdef USE_NSS
+      tsi->backend = CURLSSLBACKEND_NSS;
+      tsi->internals = conn->ssl[sockindex].handle;
+#endif
+#ifdef USE_QSOSSL
+      tsi->backend = CURLSSLBACKEND_QSOSSL;
+      tsi->internals = conn->ssl[sockindex].handle;
+#endif
+#ifdef USE_GSKIT
+      tsi->backend = CURLSSLBACKEND_GSKIT;
+      tsi->internals = conn->ssl[sockindex].handle;
+#endif
+      /* NOTE: For other SSL backends, it is not immediately clear what data
+         to return from 'struct ssl_connect_data'; thus, for now we keep the
+         backend as CURLSSLBACKEND_NONE in those cases, which should be
+         interpreted as "not supported" */
+      break;
+    }
+    break;
  default:
    return CURLE_BAD_FUNCTION_ARGUMENT;
  }
--- a/lib/hostcheck.c
+++ b/lib/hostcheck.c
@@ -23,7 +23,7 @@
 #include "curl_setup.h"

 #if defined(USE_SSLEAY) || defined(USE_AXTLS) || defined(USE_QSOSSL) || \
-    defined(USE_GSKIT)
+    defined(USE_GSKIT) || defined(USE_NSS)
 /* these backends use functions from this file */

 #include "hostcheck.h"
@@ -94,4 +94,4 @@ int Curl_cert_hostcheck(const char *match_pattern, const char *hostname)
  return 0;
 }

-#endif /* SSLEAY or AXTLS or QSOSSL or GSKIT */
+#endif /* SSLEAY or AXTLS or QSOSSL or GSKIT or NSS */
--- a/lib/hostip.c
+++ b/lib/hostip.c
@@ -237,7 +237,7 @@ hostcache_timestamp_remove(void *datap, void *hc)
    (struct hostcache_prune_data *) datap;
  struct Curl_dns_entry *c = (struct Curl_dns_entry *) hc;

-  return (data->now - c->timestamp >= data->cache_timeout);
+  return !c->inuse && (data->now - c->timestamp >= data->cache_timeout);
 }

 /*
@@ -291,9 +291,10 @@ remove_entry_if_stale(struct SessionHandle *data, struct Curl_dns_entry *dns)
 {
  struct hostcache_prune_data user;

-  if(!dns || (data->set.dns_cache_timeout == -1) || !data->dns.hostcache)
-    /* cache forever means never prune, and NULL hostcache means
-       we can't do it */
+  if(!dns || (data->set.dns_cache_timeout == -1) || !data->dns.hostcache ||
+     dns->inuse)
+    /* cache forever means never prune, and NULL hostcache means we can't do
+       it, if it still is in use then we leave it */
    return 0;

  time(&user.now);
@@ -428,9 +429,13 @@ int Curl_resolv(struct connectdata *conn,
  /* free the allocated entry_id again */
  free(entry_id);

+  infof(data, "Hostname was %sfound in DNS cache\n", dns?"":"NOT ");
+
  /* See whether the returned entry is stale. Done before we release lock */
-  if(remove_entry_if_stale(data, dns))
+  if(remove_entry_if_stale(data, dns)) {
+    infof(data, "Hostname in DNS cache was stale, zapped\n");
    dns = NULL; /* the memory deallocation is being handled by the hash */
+  }

  if(dns) {
    dns->inuse++; /* we use it! */
--- a/lib/http.c
+++ b/lib/http.c
@@ -54,7 +54,7 @@
 #include "curl_base64.h"
 #include "cookie.h"
 #include "strequal.h"
-#include "sslgen.h"
+#include "vtls/vtls.h"
 #include "http_digest.h"
 #include "curl_ntlm.h"
 #include "curl_ntlm_wb.h"
@@ -187,25 +187,25 @@ char *Curl_checkheaders(struct SessionHandle *data, const char *thisheader)
 * case of allocation failure. Returns an empty string if the header value
 * consists entirely of whitespace.
 */
-static char *copy_header_value(const char *h)
+char *Curl_copy_header_value(const char *header)
 {
  const char *start;
  const char *end;
  char *value;
  size_t len;

-  DEBUGASSERT(h);
+  DEBUGASSERT(header);

  /* Find the end of the header name */
-  while(*h && (*h != ':'))
-    ++h;
+  while(*header && (*header != ':'))
+    ++header;

-  if(*h)
+  if(*header)
    /* Skip over colon */
-    ++h;
+    ++header;

  /* Find the first non-space letter */
-  start = h;
+  start = header;
  while(*start && ISSPACE(*start))
    start++;

@@ -224,7 +224,7 @@ static char *copy_header_value(const char *h)
    end--;

  /* get length of the type */
-  len = end-start+1;
+  len = end - start + 1;

  value = malloc(len + 1);
  if(!value)
@@ -414,8 +414,9 @@ static CURLcode http_perhapsrewind(struct connectdata *conn)
        /* this is already marked to get closed */
        return CURLE_OK;

-      infof(data, "NTLM send, close instead of sending %" FORMAT_OFF_T
-            " bytes\n", (curl_off_t)(expectsend - bytessent));
+      infof(data, "NTLM send, close instead of sending %"
+            CURL_FORMAT_CURL_OFF_T " bytes\n",
+            (curl_off_t)(expectsend - bytessent));
    }

    /* This is not NTLM or many bytes left to send: close
@@ -699,9 +700,8 @@ Curl_http_output_auth(struct connectdata *conn,
 * proxy CONNECT loop.
 */

-CURLcode Curl_http_input_auth(struct connectdata *conn,
-                              int httpcode,
-                              const char *header) /* the first non-space */
+CURLcode Curl_http_input_auth(struct connectdata *conn, bool proxy,
+                              const char *auth) /* the first non-space */
 {
  /*
   * This resource requires authentication
@@ -709,24 +709,17 @@ CURLcode Curl_http_input_auth(struct connectdata *conn,
  struct SessionHandle *data = conn->data;

  unsigned long *availp;
-  const char *start;
  struct auth *authp;

-  if(httpcode == 407) {
-    start = header+strlen("Proxy-authenticate:");
+  if(proxy) {
    availp = &data->info.proxyauthavail;
    authp = &data->state.authproxy;
  }
  else {
-    start = header+strlen("WWW-Authenticate:");
    availp = &data->info.httpauthavail;
    authp = &data->state.authhost;
  }

-  /* pass all white spaces */
-  while(*start && ISSPACE(*start))
-    start++;
-
  /*
   * Here we check if we want the specific single authentication (using ==) and
   * if we do, we initiate usage of it.
@@ -744,10 +737,10 @@ CURLcode Curl_http_input_auth(struct connectdata *conn,
   *
   */

-  while(*start) {
+  while(*auth) {
 #ifdef USE_HTTP_NEGOTIATE
-    if(checkprefix("GSS-Negotiate", start) ||
-       checkprefix("Negotiate", start)) {
+    if(checkprefix("GSS-Negotiate", auth) ||
+       checkprefix("Negotiate", auth)) {
      int neg;
      *availp |= CURLAUTH_GSSNEGOTIATE;
      authp->avail |= CURLAUTH_GSSNEGOTIATE;
@@ -760,7 +753,7 @@ CURLcode Curl_http_input_auth(struct connectdata *conn,
          data->state.authproblem = TRUE;
        }
        else {
-          neg = Curl_input_negotiate(conn, (bool)(httpcode == 407), start);
+          neg = Curl_input_negotiate(conn, proxy, auth);
          if(neg == 0) {
            DEBUGASSERT(!data->req.newurl);
            data->req.newurl = strdup(data->change.url);
@@ -779,14 +772,14 @@ CURLcode Curl_http_input_auth(struct connectdata *conn,
 #endif
 #ifdef USE_NTLM
      /* NTLM support requires the SSL crypto libs */
-      if(checkprefix("NTLM", start)) {
+      if(checkprefix("NTLM", auth)) {
        *availp |= CURLAUTH_NTLM;
        authp->avail |= CURLAUTH_NTLM;
        if(authp->picked == CURLAUTH_NTLM ||
           authp->picked == CURLAUTH_NTLM_WB) {
          /* NTLM authentication is picked and activated */
          CURLcode ntlm =
-            Curl_input_ntlm(conn, (httpcode == 407)?TRUE:FALSE, start);
+            Curl_input_ntlm(conn, proxy, auth);
          if(CURLE_OK == ntlm) {
            data->state.authproblem = FALSE;
 #ifdef NTLM_WB_ENABLED
@@ -798,14 +791,14 @@ CURLcode Curl_http_input_auth(struct connectdata *conn,

              /* Get the challenge-message which will be passed to
               * ntlm_auth for generating the type 3 message later */
-              while(*start && ISSPACE(*start))
-                start++;
-              if(checkprefix("NTLM", start)) {
-                start += strlen("NTLM");
-                while(*start && ISSPACE(*start))
-                  start++;
-                if(*start)
-                  if((conn->challenge_header = strdup(start)) == NULL)
+              while(*auth && ISSPACE(*auth))
+                auth++;
+              if(checkprefix("NTLM", auth)) {
+                auth += strlen("NTLM");
+                while(*auth && ISSPACE(*auth))
+                  auth++;
+                if(*auth)
+                  if((conn->challenge_header = strdup(auth)) == NULL)
                    return CURLE_OUT_OF_MEMORY;
              }
            }
@@ -820,7 +813,7 @@ CURLcode Curl_http_input_auth(struct connectdata *conn,
      else
 #endif
 #ifndef CURL_DISABLE_CRYPTO_AUTH
-        if(checkprefix("Digest", start)) {
+        if(checkprefix("Digest", auth)) {
          if((authp->avail & CURLAUTH_DIGEST) != 0) {
            infof(data, "Ignoring duplicate digest auth header.\n");
          }
@@ -833,7 +826,7 @@ CURLcode Curl_http_input_auth(struct connectdata *conn,
             * authentication isn't activated yet, as we need to store the
             * incoming data from this header in case we are gonna use
             * Digest. */
-            dig = Curl_input_digest(conn, (httpcode == 407)?TRUE:FALSE, start);
+            dig = Curl_input_digest(conn, proxy, auth);

            if(CURLDIGEST_FINE != dig) {
              infof(data, "Authentication problem. Ignoring this.\n");
@@ -843,7 +836,7 @@ CURLcode Curl_http_input_auth(struct connectdata *conn,
        }
        else
 #endif
-          if(checkprefix("Basic", start)) {
+          if(checkprefix("Basic", auth)) {
            *availp |= CURLAUTH_BASIC;
            authp->avail |= CURLAUTH_BASIC;
            if(authp->picked == CURLAUTH_BASIC) {
@@ -857,12 +850,12 @@ CURLcode Curl_http_input_auth(struct connectdata *conn,
          }

    /* there may be multiple methods on one line, so keep reading */
-    while(*start && *start != ',') /* read up to the next comma */
-      start++;
-    if(*start == ',') /* if we're on a comma, skip it */
-      start++;
-    while(*start && ISSPACE(*start))
-      start++;
+    while(*auth && *auth != ',') /* read up to the next comma */
+      auth++;
+    if(*auth == ',') /* if we're on a comma, skip it */
+      auth++;
+    while(*auth && ISSPACE(*auth))
+      auth++;
  }
  return CURLE_OK;
 }
@@ -1831,7 +1824,7 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
       custom Host: header if this is NOT a redirect, as setting Host: in the
       redirected request is being out on thin ice. Except if the host name
       is the same as the first one! */
-    char *cookiehost = copy_header_value(ptr);
+    char *cookiehost = Curl_copy_header_value(ptr);
    if(!cookiehost)
      return CURLE_OUT_OF_MEMORY;
    if(!*cookiehost)
@@ -2026,9 +2019,8 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
            if((actuallyread == 0) || (actuallyread > readthisamountnow)) {
              /* this checks for greater-than only to make sure that the
                 CURL_READFUNC_ABORT return code still aborts */
-              failf(data, "Could only read %" FORMAT_OFF_T
-                    " bytes from the input",
-                    passed);
+              failf(data, "Could only read %" CURL_FORMAT_CURL_OFF_T
+                    " bytes from the input", passed);
              return CURLE_READ_ERROR;
            }
          } while(passed < data->state.resume_from);
@@ -2073,8 +2065,8 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
           remote part so we tell the server (and act accordingly) that we
           upload the whole file (again) */
        conn->allocptr.rangeline =
-          aprintf("Content-Range: bytes 0-%" FORMAT_OFF_T
-                  "/%" FORMAT_OFF_T "\r\n",
+          aprintf("Content-Range: bytes 0-%" CURL_FORMAT_CURL_OFF_T
+                  "/%" CURL_FORMAT_CURL_OFF_T "\r\n",
                  data->set.infilesize - 1, data->set.infilesize);

      }
@@ -2083,8 +2075,8 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
        curl_off_t total_expected_size=
          data->state.resume_from + data->set.infilesize;
        conn->allocptr.rangeline =
-          aprintf("Content-Range: bytes %s%" FORMAT_OFF_T
-                  "/%" FORMAT_OFF_T "\r\n",
+          aprintf("Content-Range: bytes %s%" CURL_FORMAT_CURL_OFF_T
+                  "/%" CURL_FORMAT_CURL_OFF_T "\r\n",
                  data->state.range, total_expected_size-1,
                  total_expected_size);
      }
@@ -2092,7 +2084,7 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
        /* Range was selected and then we just pass the incoming range and
           append total size */
        conn->allocptr.rangeline =
-          aprintf("Content-Range: bytes %s/%" FORMAT_OFF_T "\r\n",
+          aprintf("Content-Range: bytes %s/%" CURL_FORMAT_CURL_OFF_T "\r\n",
                  data->state.range, data->set.infilesize);
      }
      if(!conn->allocptr.rangeline)
@@ -2302,8 +2294,8 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
       !Curl_checkheaders(data, "Content-Length:")) {
      /* only add Content-Length if not uploading chunked */
      result = Curl_add_bufferf(req_buffer,
-                                "Content-Length: %" FORMAT_OFF_T "\r\n",
-                                http->postsize);
+                                "Content-Length: %" CURL_FORMAT_CURL_OFF_T
+                                "\r\n", http->postsize);
      if(result)
        return result;
    }
@@ -2374,8 +2366,8 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
       !Curl_checkheaders(data, "Content-Length:")) {
      /* only add Content-Length if not uploading chunked */
      result = Curl_add_bufferf(req_buffer,
-                                "Content-Length: %" FORMAT_OFF_T "\r\n",
-                                postsize );
+                                "Content-Length: %" CURL_FORMAT_CURL_OFF_T
+                                "\r\n", postsize);
      if(result)
        return result;
    }
@@ -2416,20 +2408,19 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
        data->set.postfieldsize:
        (data->set.postfields? (curl_off_t)strlen(data->set.postfields):-1);
    }
-    if(!data->req.upload_chunky) {
-      /* We only set Content-Length and allow a custom Content-Length if
-         we don't upload data chunked, as RFC2616 forbids us to set both
-         kinds of headers (Transfer-Encoding: chunked and Content-Length) */

-      if(conn->bits.authneg || !Curl_checkheaders(data, "Content-Length:")) {
-        /* we allow replacing this header if not during auth negotiation,
-           although it isn't very wise to actually set your own */
-        result = Curl_add_bufferf(req_buffer,
-                                  "Content-Length: %" FORMAT_OFF_T"\r\n",
-                                  postsize);
-        if(result)
-          return result;
-      }
+    /* We only set Content-Length and allow a custom Content-Length if
+       we don't upload data chunked, as RFC2616 forbids us to set both
+       kinds of headers (Transfer-Encoding: chunked and Content-Length) */
+    if((postsize != -1) && !data->req.upload_chunky &&
+       !Curl_checkheaders(data, "Content-Length:")) {
+      /* we allow replacing this header if not during auth negotiation,
+         although it isn't very wise to actually set your own */
+      result = Curl_add_bufferf(req_buffer,
+                                "Content-Length: %" CURL_FORMAT_CURL_OFF_T
+                                "\r\n", postsize);
+      if(result)
+        return result;
    }

    if(!Curl_checkheaders(data, "Content-Type:")) {
@@ -2590,8 +2581,8 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
    if(http->writebytecount >= postsize) {
      /* already sent the entire request body, mark the "upload" as
         complete */
-      infof(data, "upload completely sent off: %" FORMAT_OFF_T " out of "
-            "%" FORMAT_OFF_T " bytes\n",
+      infof(data, "upload completely sent off: %" CURL_FORMAT_CURL_OFF_T
+            " out of %" CURL_FORMAT_CURL_OFF_T " bytes\n",
            http->writebytecount, postsize);
      data->req.upload_done = TRUE;
      data->req.keepon &= ~KEEP_SEND; /* we're done writing */
@@ -3241,13 +3232,13 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
           happens for example when older Apache servers send large
           files */
        conn->bits.close = TRUE;
-        infof(data, "Negative content-length: %" FORMAT_OFF_T
+        infof(data, "Negative content-length: %" CURL_FORMAT_CURL_OFF_T
              ", closing after transfer\n", contentlength);
      }
    }
    /* check for Content-Type: header lines to get the MIME-type */
    else if(checkprefix("Content-Type:", k->p)) {
-      char *contenttype = copy_header_value(k->p);
+      char *contenttype = Curl_copy_header_value(k->p);
      if(!contenttype)
        return CURLE_OUT_OF_MEMORY;
      if(!*contenttype)
@@ -3259,7 +3250,7 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
      }
    }
    else if(checkprefix("Server:", k->p)) {
-      char *server_name = copy_header_value(k->p);
+      char *server_name = Curl_copy_header_value(k->p);

      /* Turn off pipelining if the server version is blacklisted */
      if(conn->bundle && conn->bundle->server_supports_pipelining) {
@@ -3455,7 +3446,16 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
             (401 == k->httpcode)) ||
            (checkprefix("Proxy-authenticate:", k->p) &&
             (407 == k->httpcode))) {
-      result = Curl_http_input_auth(conn, k->httpcode, k->p);
+
+      bool proxy = (k->httpcode == 407) ? TRUE : FALSE;
+      char *auth = Curl_copy_header_value(k->p);
+      if(!auth)
+        return CURLE_OUT_OF_MEMORY;
+
+      result = Curl_http_input_auth(conn, proxy, auth);
+
+      Curl_safefree(auth);
+
      if(result)
        return result;
    }
@@ -3463,7 +3463,7 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
            checkprefix("Location:", k->p) &&
            !data->req.location) {
      /* this is the URL that the server advises us to use instead */
-      char *location = copy_header_value(k->p);
+      char *location = Curl_copy_header_value(k->p);
      if(!location)
        return CURLE_OUT_OF_MEMORY;
      if(!*location)
--- a/lib/http.h
+++ b/lib/http.h
@@ -35,11 +35,12 @@ extern const struct Curl_handler Curl_handler_http;
 extern const struct Curl_handler Curl_handler_https;
 #endif

+/* Header specific functions */
 bool Curl_compareheader(const char *headerline,  /* line to check */
                        const char *header,   /* header keyword _with_ colon */
                        const char *content); /* content string to find */
-
 char *Curl_checkheaders(struct SessionHandle *data, const char *thisheader);
+char *Curl_copy_header_value(const char *header);

 /* ------------------------------------------------------------------------- */
 /*
@@ -81,8 +82,8 @@ CHUNKcode Curl_httpchunk_read(struct connectdata *conn, char *datap,

 /* These functions are in http.c */
 void Curl_http_auth_stage(struct SessionHandle *data, int stage);
-CURLcode Curl_http_input_auth(struct connectdata *conn,
-                              int httpcode, const char *header);
+CURLcode Curl_http_input_auth(struct connectdata *conn, bool proxy,
+                              const char *auth);
 CURLcode Curl_http_auth_act(struct connectdata *conn);
 CURLcode Curl_http_perhapsrewind(struct connectdata *conn);

--- a/lib/http_chunks.c
+++ b/lib/http_chunks.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -31,6 +31,8 @@
 #include "http.h"
 #include "curl_memory.h"
 #include "non-ascii.h" /* for Curl_convert_to_network prototype */
+#include "strtoofft.h"
+#include "warnless.h"

 #define _MPRINTF_REPLACE /* use our functions only */
 #include <curl/mprintf.h>
@@ -87,8 +89,8 @@ static bool Curl_isxdigit(char digit)
 void Curl_httpchunk_init(struct connectdata *conn)
 {
  struct Curl_chunker *chunk = &conn->chunk;
-  chunk->hexindex=0; /* start at 0 */
-  chunk->dataleft=0; /* no data left yet! */
+  chunk->hexindex=0;        /* start at 0 */
+  chunk->dataleft=0;        /* no data left yet! */
  chunk->state = CHUNK_HEX; /* we get hex first! */
 }

@@ -113,7 +115,7 @@ CHUNKcode Curl_httpchunk_read(struct connectdata *conn,
  struct Curl_chunker *ch = &conn->chunk;
  struct SingleRequest *k = &data->req;
  size_t piece;
-  size_t length = (size_t)datalen;
+  curl_off_t length = (curl_off_t)datalen;
  size_t *wrote = (size_t *)wrotep;

  *wrote = 0; /* nothing's written yet */
@@ -141,11 +143,12 @@ CHUNKcode Curl_httpchunk_read(struct connectdata *conn,
        }
      }
      else {
-        if(0 == ch->hexindex) {
+        char *endptr;
+        if(0 == ch->hexindex)
          /* This is illegal data, we received junk where we expected
             a hexadecimal digit. */
          return CHUNKE_ILLEGAL_HEX;
-        }
+
        /* length and datap are unmodified */
        ch->hexbuffer[ch->hexindex]=0;

@@ -155,50 +158,38 @@ CHUNKcode Curl_httpchunk_read(struct connectdata *conn,
        if(result) {
          /* Curl_convert_from_network calls failf if unsuccessful */
          /* Treat it as a bad hex character */
-          return(CHUNKE_ILLEGAL_HEX);
+          return CHUNKE_ILLEGAL_HEX ;
        }

-        ch->datasize=strtoul(ch->hexbuffer, NULL, 16);
-        ch->state = CHUNK_POSTHEX;
+        ch->datasize=curlx_strtoofft(ch->hexbuffer, &endptr, 16);
+        if(errno == ERANGE)
+          /* over or underflow is an error */
+          return CHUNKE_ILLEGAL_HEX;
+        ch->state = CHUNK_LF; /* now wait for the CRLF */
      }
      break;

-    case CHUNK_POSTHEX:
-      /* In this state, we're waiting for CRLF to arrive. We support
-         this to allow so called chunk-extensions to show up here
-         before the CRLF comes. */
-      if(*datap == 0x0d)
-        ch->state = CHUNK_CR;
-      length--;
-      datap++;
-      break;
-
-    case CHUNK_CR:
-      /* waiting for the LF */
+    case CHUNK_LF:
+      /* waiting for the LF after a chunk size */
      if(*datap == 0x0a) {
        /* we're now expecting data to come, unless size was zero! */
        if(0 == ch->datasize) {
          ch->state = CHUNK_TRAILER; /* now check for trailers */
          conn->trlPos=0;
        }
-        else {
+        else
          ch->state = CHUNK_DATA;
-        }
      }
-      else
-        /* previously we got a fake CR, go back to CR waiting! */
-        ch->state = CHUNK_CR;
+
      datap++;
      length--;
      break;

    case CHUNK_DATA:
-      /* we get pure and fine data
-
-         We expect another 'datasize' of data. We have 'length' right now,
-         it can be more or less than 'datasize'. Get the smallest piece.
+      /* We expect 'datasize' of data. We have 'length' right now, it can be
+         more or less than 'datasize'. Get the smallest piece.
      */
-      piece = (ch->datasize >= length)?length:ch->datasize;
+      piece = curlx_sotouz((ch->datasize >= length)?length:ch->datasize);

      /* Write the data portion available */
 #ifdef HAVE_LIBZ
@@ -251,37 +242,22 @@ CHUNKcode Curl_httpchunk_read(struct connectdata *conn,

      if(0 == ch->datasize)
        /* end of data this round, we now expect a trailing CRLF */
-        ch->state = CHUNK_POSTCR;
-      break;
-
-    case CHUNK_POSTCR:
-      if(*datap == 0x0d) {
        ch->state = CHUNK_POSTLF;
-        datap++;
-        length--;
-      }
-      else
-        return CHUNKE_BAD_CHUNK;
-
      break;

    case CHUNK_POSTLF:
      if(*datap == 0x0a) {
-        /*
-         * The last one before we go back to hex state and start all
-         * over.
-         */
-        Curl_httpchunk_init(conn);
-        datap++;
-        length--;
+        /* The last one before we go back to hex state and start all over. */
+        Curl_httpchunk_init(conn); /* sets state back to CHUNK_HEX */
      }
-      else
+      else if(*datap != 0x0d)
        return CHUNKE_BAD_CHUNK;
-
+      datap++;
+      length--;
      break;

    case CHUNK_TRAILER:
-      if(*datap == 0x0d) {
+      if((*datap == 0x0d) || (*datap == 0x0a)) {
        /* this is the end of a trailer, but if the trailer was zero bytes
           there was no trailer and we move on */

@@ -307,6 +283,9 @@ CHUNKcode Curl_httpchunk_read(struct connectdata *conn,
          }
          conn->trlPos=0;
          ch->state = CHUNK_TRAILER_CR;
+          if(*datap == 0x0a)
+            /* already on the LF */
+            break;
        }
        else {
          /* no trailer, we're on the final CRLF pair */
@@ -352,27 +331,18 @@ CHUNKcode Curl_httpchunk_read(struct connectdata *conn,
    case CHUNK_TRAILER_POSTCR:
      /* We enter this state when a CR should arrive so we expect to
         have to first pass a CR before we wait for LF */
-      if(*datap != 0x0d) {
+      if((*datap != 0x0d) && (*datap != 0x0a)) {
        /* not a CR then it must be another header in the trailer */
        ch->state = CHUNK_TRAILER;
        break;
      }
-      datap++;
-      length--;
-      /* now wait for the final LF */
-      ch->state = CHUNK_STOP;
-      break;
-
-    case CHUNK_STOPCR:
-      /* Read the final CRLF that ends all chunk bodies */
-
      if(*datap == 0x0d) {
-        ch->state = CHUNK_STOP;
+        /* skip if CR */
        datap++;
        length--;
      }
-      else
-        return CHUNKE_BAD_CHUNK;
+      /* now wait for the final LF */
+      ch->state = CHUNK_STOP;
      break;

    case CHUNK_STOP:
@@ -381,15 +351,12 @@ CHUNKcode Curl_httpchunk_read(struct connectdata *conn,

        /* Record the length of any data left in the end of the buffer
           even if there's no more chunks to read */
+        ch->dataleft = curlx_sotouz(length);

-        ch->dataleft = length;
        return CHUNKE_STOP; /* return stop */
      }
      else
        return CHUNKE_BAD_CHUNK;
-
-    default:
-      return CHUNKE_STATE_ERROR;
    }
  }
  return CHUNKE_OK;
--- a/lib/http_chunks.h
+++ b/lib/http_chunks.h
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -29,40 +29,25 @@
 #define MAXNUM_SIZE 16

 typedef enum {
-  CHUNK_FIRST, /* never use */
-
-  /* In this we await and buffer all hexadecimal digits until we get one
-     that isn't a hexadecimal digit. When done, we go POSTHEX */
+  /* await and buffer all hexadecimal digits until we get one that isn't a
+     hexadecimal digit. When done, we go CHUNK_LF */
  CHUNK_HEX,

-  /* We have received the hexadecimal digit and we eat all characters until
-     we get a CRLF pair. When we see a CR we go to the CR state. */
-  CHUNK_POSTHEX,
-
-  /* A single CR has been found and we should get a LF right away in this
-     state or we go back to POSTHEX. When LF is received, we go to DATA.
-     If the size given was zero, we set state to STOP and return. */
-  CHUNK_CR,
+  /* wait for LF, ignore all else */
+  CHUNK_LF,

  /* We eat the amount of data specified. When done, we move on to the
     POST_CR state. */
  CHUNK_DATA,

-  /* POSTCR should get a CR and nothing else, then move to POSTLF */
-  CHUNK_POSTCR,
-
-  /* POSTLF should get a LF and nothing else, then move back to HEX as the
-     CRLF combination marks the end of a chunk */
+  /* POSTLF should get a CR and then a LF and nothing else, then move back to
+     HEX as the CRLF combination marks the end of a chunk. A missing CR is no
+     big deal. */
  CHUNK_POSTLF,

-  /* Each Chunk body should end with a CRLF.  Read a CR and nothing else,
-     then move to CHUNK_STOP */
-  CHUNK_STOPCR,
-
-  /* This is mainly used to really mark that we're out of the game.
-     NOTE: that there's a 'dataleft' field in the struct that will tell how
-     many bytes that were not passed to the client in the end of the last
-     buffer! */
+  /* Used to mark that we're out of the game.  NOTE: that there's a 'dataleft'
+     field in the struct that will tell how many bytes that were not passed to
+     the client in the end of the last buffer! */
  CHUNK_STOP,

  /* At this point optional trailer headers can be found, unless the next line
@@ -77,10 +62,7 @@ typedef enum {
     signalled If this is an empty trailer CHUNKE_STOP will be signalled.
     Otherwise the trailer will be broadcasted via Curl_client_write() and the
     next state will be CHUNK_TRAILER */
-  CHUNK_TRAILER_POSTCR,
-
-  CHUNK_LAST /* never use */
-
+  CHUNK_TRAILER_POSTCR
 } ChunkyState;

 typedef enum {
@@ -100,7 +82,7 @@ struct Curl_chunker {
  char hexbuffer[ MAXNUM_SIZE + 1];
  int hexindex;
  ChunkyState state;
-  size_t datasize;
+  curl_off_t datasize;
  size_t dataleft; /* untouched data amount at the end of the last buffer */
 };

--- a/Show More
+++ b/Show More