RELEASE-NOTES: 7.36.0

test1397: unit test for certificate name wildcard handling
Curl_cert_hostcheck: strip trailing dots in host name and wildcard
2014-03-26 00:29:43 +01:00 · 2014-03-25 23:01:37 +01:00 · 2014-03-25 23:01:37 +01:00 · 2014-03-25 23:01:37 +01:00 · 2014-03-25 23:01:37 +01:00 · 2014-03-25 22:40:46 +01:00
510 changed files with 12063 additions and 5085 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -46,3 +46,4 @@ CHANGES.dist
 .cproject
 .settings
 /[0-9]*.patch
+.dirstamp
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -1,3 +1,24 @@
+#***************************************************************************
+#                                  _   _ ____  _
+#  Project                     ___| | | |  _ \| |
+#                             / __| | | | |_) | |
+#                            | (__| |_| |  _ <| |___
+#                             \___|\___/|_| \_\_____|
+#
+# Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+#
+# This software is licensed as described in the file COPYING, which
+# you should have received as part of this distribution. The terms
+# are also available at http://curl.haxx.se/docs/copyright.html.
+#
+# You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# copies of the Software, and permit persons to whom the Software is
+# furnished to do so, under the terms of the COPYING file.
+#
+# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# KIND, either express or implied.
+#
+###########################################################################
 # cURL/libcurl CMake script
 # by Tetetest and Sukender (Benoit Neil)

@@ -23,6 +44,8 @@ include(Utilities)

 project( CURL C )

+message(WARNING "the curl cmake build system is poorly maintained. Be aware")
+
 file (READ ${CURL_SOURCE_DIR}/include/curl/curlver.h CURL_VERSION_H_CONTENTS)
 string (REGEX MATCH "LIBCURL_VERSION_MAJOR[ \t]+([0-9]+)"
  LIBCURL_VERSION_MJ ${CURL_VERSION_H_CONTENTS})
--- a/2
+++ b/2
@@ -1,6 +1,6 @@
 COPYRIGHT AND PERMISSION NOTICE

-Copyright (c) 1996 - 2013, Daniel Stenberg, <daniel@haxx.se>.
+Copyright (c) 1996 - 2014, Daniel Stenberg, <daniel@haxx.se>.

 All rights reserved.

--- a/Makefile.dist
+++ b/Makefile.dist
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -136,12 +136,36 @@ vc-zlib: $(VC)
 	cd ..\src
 	nmake /f Makefile.$(VC) cfg=release-zlib

+vc-x64-zlib: $(VC)
+	cd lib
+	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-zlib
+	cd ..\src
+	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-zlib
+
 vc-ssl: $(VC)
 	cd lib
 	nmake /f Makefile.$(VC) cfg=release-ssl
 	cd ..\src
 	nmake /f Makefile.$(VC) cfg=release-ssl

+vc-winssl: $(VC)
+	cd lib
+	nmake /f Makefile.$(VC) cfg=release-winssl WINDOWS_SSPI=1
+	cd ..\src
+	nmake /f Makefile.$(VC) cfg=release-winssl WINDOWS_SSPI=1
+
+vc-x64-ssl: $(VC)
+	cd lib
+	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-ssl
+	cd ..\src
+	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-ssl
+
+vc-x64-winssl: $(VC)
+	cd lib
+	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-winssl WINDOWS_SSPI=1
+	cd ..\src
+	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-winssl WINDOWS_SSPI=1
+
 vc-ssl-zlib: $(VC)
 	cd lib
 	nmake /f Makefile.$(VC) cfg=release-ssl-zlib
@@ -266,6 +290,18 @@ linux-ssl: ssl
 # We don't need to do anything for vc6.
 vc6:

+# VC7 makefiles are for use with VS.NET and VS.NET 2003
+vc7: lib/Makefile.vc7 src/Makefile.vc7
+
+lib/Makefile.vc7: lib/Makefile.vc6
+	@echo "generate $@"
+	@sed -e "s/VC6/VC7/g" lib/Makefile.vc6 > lib/Makefile.vc7
+
+src/Makefile.vc7: src/Makefile.vc6
+	@echo "generate $@"
+	@sed -e "s/VC6/VC7/g" src/Makefile.vc6 > src/Makefile.vc7
+
+# VC8 makefiles are for use with VS2005
 vc8: lib/Makefile.vc8 src/Makefile.vc8

 lib/Makefile.vc8: lib/Makefile.vc6
@@ -298,6 +334,28 @@ src/Makefile.vc10: src/Makefile.vc6
 	@echo "generate $@"
 	@sed -e "s#/GX /DWIN32 /YX#/EHsc /DWIN32#" -e "s#/GZ#/RTC1#" -e "s/ws2_32.lib/ws2_32.lib/g" -e "s/vc6/vc10/g" -e "s/VC6/VC10/g" src/Makefile.vc6 > src/Makefile.vc10

+# VC11 makefiles are for use with VS2012
+vc11: lib/Makefile.vc11 src/Makefile.vc11
+
+lib/Makefile.vc11: lib/Makefile.vc6
+	@echo "generate $@"
+	@sed -e "s#/GX /DWIN32 /YX#/EHsc /DWIN32#" -e "s#/GZ#/RTC1#" -e "s/ws2_32.lib/ws2_32.lib/g" -e "s/vc6/vc11/g" -e "s/VC6/VC11/g" lib/Makefile.vc6 > lib/Makefile.vc11
+
+src/Makefile.vc11: src/Makefile.vc6
+	@echo "generate $@"
+	@sed -e "s#/GX /DWIN32 /YX#/EHsc /DWIN32#" -e "s#/GZ#/RTC1#" -e "s/ws2_32.lib/ws2_32.lib/g" -e "s/vc6/vc11/g" -e "s/VC6/VC11/g" src/Makefile.vc6 > src/Makefile.vc11
+
+# VC12 makefiles are for use with VS2013
+vc12: lib/Makefile.vc12 src/Makefile.vc12
+
+lib/Makefile.vc12: lib/Makefile.vc6
+	@echo "generate $@"
+	@sed -e "s#/GX /DWIN32 /YX#/EHsc /DWIN32#" -e "s#/GZ#/RTC1#" -e "s/ws2_32.lib/ws2_32.lib/g" -e "s/vc6/vc12/g" -e "s/VC6/VC12/g" lib/Makefile.vc6 > lib/Makefile.vc12
+
+src/Makefile.vc12: src/Makefile.vc6
+	@echo "generate $@"
+	@sed -e "s#/GX /DWIN32 /YX#/EHsc /DWIN32#" -e "s#/GZ#/RTC1#" -e "s/ws2_32.lib/ws2_32.lib/g" -e "s/vc6/vc12/g" -e "s/VC6/VC12/g" src/Makefile.vc6 > src/Makefile.vc12
+
 ca-bundle: lib/mk-ca-bundle.pl
 	@echo "generate a fresh ca-bundle.crt"
 	@perl $< -b -l -u lib/ca-bundle.crt
--- a/186
+++ b/186
@@ -1,71 +1,86 @@
-Curl and libcurl 7.34.0
+Curl and libcurl 7.36.0

- Public curl releases:         136
+ Public curl releases:         138
 Command line options:         161
 curl_easy_setopt() options:   206
 Public functions in libcurl:  58
 Known libcurl bindings:       42
- Contributors:                 1104
+ Contributors:                 1123

-This release includes the following security fix:
- o gtls: respect *VERIFYHOST independently of *VERIFYPEER [26]
+This release includes the following SECURITY ADVISORIES:
+
+ o wrong re-use of connections [16]
+ o IP address wildcard certificate validation [17]
+ o not verifying certs for TLS to IP address / Darwinssl [18]
+ o not verifying certs for TLS to IP address / Winssl [19]

 This release includes the following changes:

- o SSL: protocol version can be specified more precisely [1]
- o imap/pop3/smtp: Added graceful cancellation of SASL authentication
- o Add "Happy Eyeballs" for IPv4/IPv6 dual connect attempts
- o base64: Added validation of base64 input strings when decoding [8]
- o curl_easy_setopt: Added the ability to set the login options separately
- o smtp: Added support for additional SMTP commands
- o curl_easy_getinfo: Added CURLINFO_TLS_SESSION for accessing TLS internals
- o nss: allow to use TLS > 1.0 if built against recent NSS [18]
- o SECURITY: added this document to describe our security processes [22]
- o parseconfig: warn if unquoted white spaces are detected
+ o ntlm: Added support for NTLMv2 [2]
+ o tool: Added support for URL specific options [3]
+ o openssl: add ALPN support
+ o gtls: add ALPN support
+ o nss: add ALPN and NPN support
+ o added CURLOPT_EXPECT_100_TIMEOUT_MS [7]
+ o tool: add --no-alpn and --no-npn
+ o added CURLOPT_SSL_ENABLE_NPN and CURLOPT_SSL_ENABLE_ALPN
+ o winssl: enable TLSv1.1 and TLSv1.2 by default
+ o winssl: TLSv1.2 disables certificate signatures using MD5 hash
+ o winssl: enable hostname verification of IP address using SAN or CN [11]
+ o darwinssl: Don't omit CN verification when an IP address is used [12]
+ o http2: build with current nghttp2 version
+ o polarssl: dropped support for PolarSSL < 1.3.0
+ o openssl: info message with SSL version used

 This release includes the following bugfixes:

- o darwinssl: un-break iOS build after PKCS#12 feature added
- o tool: use XFERFUNCTION to save some casts [2]
- o usercertinmem: fix memory leaks
- o ssh: Handle successful SSH_USERAUTH_NONE [3]
- o NSS: acknowledge the --no-sessionid/CURLOPT_SSL_SESSIONID_CACHE option [4]
- o test906: Fixed failing test on some platforms [5]
- o sasl: initialize NSS before using NTLM crypto
- o sasl: Fixed memory leak in OAUTH2 message creation
- o imap/pop3/smtp: Fixed QUIT / LOGOUT being sent when SSL connect fails
- o cmake: unbreak for non-Windows platforms [6]
- o ssh: initialize per-handle data in ssh_connect()
- o glob: fix broken URLs
- o configure: check for long long when building with cyassl
- o CURLOPT_RESOLVE: mention they don't time-out [7]
- o docs/examples/httpput.c: fix build for MSVC
- o FTP: make the data connection work when going through proxy
- o NSS: support for CERTINFO feature
- o curl_multi_wait: accept 0 from multi_timeout() as valid timeout
- o glob_range: pass the closing bracket for a-z ranges
- o tool_help: Updated --list-only description to include POP3
- o Curl_ssl_push_certinfo_len: don't %.*s non-zero-terminated string [9]
- o cmake: fix Windows build with IPv6 support [10]
- o ares: Fixed compilation under Visual Studio 2012 [11]
- o curl_easy_setopt.3: clarify CURLOPT_SSL_VERIFYHOST documentation [12]
- o curl.1: mention that -O does no URL decoding [13]
- o darwinssl: PKCS#12 import feature now requires Lion or later [14]
- o darwinssl: check for SSLSetSessionOption() presence when toggling BEAST
- o configure: Fix test with -Werror=implicit-function-declaration [15]
- o sigpipe: factor out sigpipe_reset from easy.c
- o curl_multi_cleanup: ignore SIGPIPE
- o globbing: curl glob counter mismatch with {} list use [16]
- o parseconfig: dash options can't specified with colon or equals [17]
- o digest: fix CURLAUTH_DIGEST_IE [19]
- o curl.h: <sys/select.h> for OpenBSD [20]
- o darwinssl: Fix #if 10.6.0 for SecKeychainSearch
- o TFTP: fix return codes for connect timeout [21]
- o login options: remove the ;[options] support from CURLOPT_USERPWD [23]
- o imap: Fixed incorrect fallback to clear text authentication
- o parsedate: avoid integer overflow
- o curl.1: document -J doesn't %-decode [25]
- o multi: add timer inaccuracy margin to timeout/connecttimeout [24]
+ o nss: allow to use ECC ciphers if NSS implements them [1]
+ o netrc: Fixed a memory leak in an OOM condition
+ o ftp: fixed a memory leak on wildcard error path
+ o pipeline: Fixed a NULL pointer dereference on OOM
+ o nss: prefer highest available TLS version
+ o 100-continue: fix timeout condition [4]
+ o ssh: Fixed a NULL pointer dereference on OOM condition
+ o formpost: use semicolon in multipart/mixed [5]
+ o --help: add missing --tlsv1.x options
+ o formdata: Fixed memory leak on OOM condition
+ o ConnectionExists: reusing possible HTTP+NTLM connections better [6]
+ o mingw32: fix compilation
+ o chunked decoder: track overflows correctly [8]
+ o curl_easy_setopt.3: add CURL_HTTP_VERSION_2_0
+ o dict: fix memory leak in OOM exit path
+ o valgrind: added suppression on optimized code
+ o curl: output protocol headers using binary mode
+ o tool: Added URL index to password prompt for multiple operations
+ o ConnectionExists: re-use non-NTLM connections better [9]
+ o axtls: call ssl_read repeatedly
+ o multi: make MAXCONNECTS default 4 x number of easy handles function
+ o configure: Fix the --disable-crypto-auth option
+ o multi: ignore SIGPIPE internally
+ o curl.1: update the description of --tlsv1
+ o SFTP: skip reading the dir when NOBODY=1 [10]
+ o easy: Fixed a memory leak on OOM condition
+ o tool: Fixed incorrect return code when setting HTTP request fails
+ o configure: Tiny fix to honor POSIX
+ o tool: Do not output libcurl source for the information only parameters
+ o Rework Open Watcom make files to use standard Wmake features
+ o x509asn: moved out Curl_verifyhost from NSS builds
+ o configure: call it GSS-API
+ o hostcheck: Curl_cert_hostcheck is not used by NSS builds
+ o multi_runsingle: move timestamp into INIT [13]
+ o remote_port: allow connect to port 0
+ o parse_remote_port: error out on illegal port numbers better
+ o ssh: Pass errors from libssh2_sftp_read up the stack
+ o docs: remove documentation on setting up krb4 support
+ o polarssl: build fixes to work with PolarSSL 1.3.x
+ o polarssl: fix possible handshake timeout issue in multi
+ o nss: allow to enable/disable cipher-suites better
+ o ssh: prevent a logic error that could result in an infinite loop
+ o http2: free resources on disconnect
+ o polarssl: avoid extra newlines in debug messages
+ o rtsp: parse "Session:" header properly [14]
+ o trynextip: don't store 'ai' on failed connects
+ o Curl_cert_hostcheck: strip trailing dots in host name and wildcard

 This release includes the following known bugs:

@@ -74,42 +89,33 @@ This release includes the following known bugs:
 This release would not have looked like this without help, code, reports and
 advice from friends like these:

- Alessandro Ghedini, Andreas Rieke, Björn Stenberg, Chris Conlon,
- Christian Grothoff, Christian Weisgerber, Dave Reisner, David Walser,
- Dima Tisnek, Fabian Keil, Felix Yan, Gergely Nagy, Gisle Vanem,
- Ishan SinghLevett, James Dury, Javier Barroso, Jeff King, Kamil Dudka,
- Kim Vandry, Marcin Gryszkalis, Melissa Mears, Michael Osipov, Nick Zitzmann,
- Oliver Kuckertz, Patrick Monnerat, Paul Donohue, Paul Marks, Romulo A. Ceccon,
- Rémy Léone, Sergey Tatarincev, Steve Holme, Tomas Hoger, Tyler Hall,
- Yaakov Selkowitz, Eric Lubin, Petr Bahula, He Qin, Marc Deslauriers
+  Adam Sampson, Arvid Norberg, Brad Spencer, Colin Hogben, Dan Fandrich,
+  Daniel Stenberg, David Ryskalczyk, Fabian Frank, Gaël PORTAY, Gisle Vanem,
+  Hubert Kario, Jeff King, Jiri Malak, Kamil Dudka, Maks Naumov, Marc Hoersken,
+  Michael Osipov, Mike Hasselberg, Nick Zitzmann, Patrick Monnerat, Prash Dush,
+  Remi Gacogne, Rob Davies, Romulo A. Ceccon, Shao Shuchao, Steve Holme,
+  Tatsuhiro Tsujikawa, Thomas Braun, Tiit Pikma, Yehezkel Horowitz,

        Thanks! (and sorry if I forgot to mention someone)

 References to bug reports and discussions on issues:

- [1] = https://github.com/bagder/curl/pull/79
- [2] = http://curl.haxx.se/mail/lib-2013-10/0089.html
- [3] = http://curl.haxx.se/mail/lib-2013-10/0096.html
- [4] = http://curl.haxx.se/mail/lib-2013-10/0113.html
- [5] = http://sourceforge.net/p/curl/bugs/1291
- [6] = http://sourceforge.net/p/curl/bugs/1292
- [7] = http://curl.haxx.se/mail/lib-2013-10/0062.html
- [8] = http://curl.haxx.se/mail/lib-2013-10/0242.html
- [9] = http://curl.haxx.se/bug/view.cgi?id=1295
- [10] = http://sourceforge.net/p/curl/bugs/1064
- [11] = http://curl.haxx.se/mail/lib-2013-11/0057.html
- [12] = https://github.com/bagder/curl/pull/83
- [13] = http://sourceforge.net/p/curl/bugs/1299
- [14] = http://curl.haxx.se/mail/lib-2013-11/0076.html
- [15] = http://curl.haxx.se/bug/view.cgi?id=1304
- [16] = http://curl.haxx.se/bug/view.cgi?id=1305
- [17] = http://curl.haxx.se/bug/view.cgi?id=1297
- [18] = http://curl.haxx.se/mail/lib-2013-11/0162.html
- [19] = http://curl.haxx.se/bug/view.cgi?id=1308
- [20] = http://curl.haxx.se/mail/lib-2013-12/0017.html
- [21] = http://curl.haxx.se/bug/view.cgi?id=1310
- [22] = http://curl.haxx.se/dev/security.html
- [23] = http://curl.haxx.se/bug/view.cgi?id=1311
- [24] = http://curl.haxx.se/bug/view.cgi?id=1298
- [25] = http://curl.haxx.se/bug/view.cgi?id=1294
- [26] = http://curl.haxx.se/docs/adv_20131217.html
+ [1] = https://bugzilla.redhat.com/1058776
+ [2] = http://curl.haxx.se/mail/lib-2014-01/0183.html
+ [3] = http://curl.haxx.se/mail/archive-2013-11/0006.html
+ [4] = http://curl.haxx.se/bug/view.cgi?id=1334
+ [5] = http://curl.haxx.se/bug/view.cgi?id=1333
+ [6] = http://curl.haxx.se/mail/lib-2014-02/0100.html
+ [7] = http://curl.haxx.se/libcurl/c/curl_easy_setopt.html#CURLOPTEXPECT100TIMEOUTMS
+ [8] = http://curl.haxx.se/mail/lib-2014-02/0097.html
+ [9] = http://thread.gmane.org/gmane.comp.version-control.git/242213
+ [10] = http://curl.haxx.se/mail/lib-2014-02/0155.html
+ [11] = http://curl.haxx.se/mail/lib-2014-02/0243.html
+ [12] = https://github.com/bagder/curl/pull/93
+ [13] = http://curl.haxx.se/mail/lib-2014-02/0036.html
+ [14] = http://curl.haxx.se/mail/lib-2014-03/0134.html
+ [15] = http://curl.haxx.se/bug/view.cgi?id=1337
+ [16] = http://curl.haxx.se/docs/adv_20140326A.html
+ [17] = http://curl.haxx.se/docs/adv_20140326B.html
+ [18] = http://curl.haxx.se/docs/adv_20140326C.html
+ [19] = http://curl.haxx.se/docs/adv_20140326D.html
--- a/configure.ac
+++ b/configure.ac
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -31,7 +31,7 @@ XC_OVR_ZZ60
 CURL_OVERRIDE_AUTOCONF

 dnl configure script copyright
-AC_COPYRIGHT([Copyright (c) 1998 - 2013 Daniel Stenberg, <daniel@haxx.se>
+AC_COPYRIGHT([Copyright (c) 1998 - 2014 Daniel Stenberg, <daniel@haxx.se>
 This configure script may be copied, distributed and modified under the
 terms of the curl license; see COPYING for more details])

@@ -1173,26 +1173,26 @@ dnl **********************************************************************
 dnl Check for GSS-API libraries
 dnl **********************************************************************

-dnl check for gss stuff in the /usr as default
+dnl check for GSS-API stuff in the /usr as default

 GSSAPI_ROOT="/usr"
 AC_ARG_WITH(gssapi-includes,
  AC_HELP_STRING([--with-gssapi-includes=DIR],
-                 [Specify location of GSSAPI header]),
+                 [Specify location of GSS-API headers]),
  [ GSSAPI_INCS="-I$withval"
    want_gss="yes" ]
 )

 AC_ARG_WITH(gssapi-libs,
  AC_HELP_STRING([--with-gssapi-libs=DIR],
-                 [Specify location of GSSAPI libs]),
+                 [Specify location of GSS-API libs]),
  [ GSSAPI_LIB_DIR="-L$withval"
    want_gss="yes" ]
 )

 AC_ARG_WITH(gssapi,
  AC_HELP_STRING([--with-gssapi=DIR],
-                 [Where to look for GSSAPI]), [
+                 [Where to look for GSS-API]), [
  GSSAPI_ROOT="$withval"
  if test x"$GSSAPI_ROOT" != xno; then
    want_gss="yes"
@@ -1204,7 +1204,7 @@ AC_ARG_WITH(gssapi,
 ])

 save_CPPFLAGS="$CPPFLAGS"
-AC_MSG_CHECKING([if GSSAPI support is requested])
+AC_MSG_CHECKING([if GSS-API support is requested])
 if test x"$want_gss" = xyes; then
  AC_MSG_RESULT(yes)

@@ -1221,7 +1221,7 @@ if test x"$want_gss" = xyes; then
  AC_CHECK_HEADER(gss.h,
    [
      dnl found in the given dirs
-      AC_DEFINE(HAVE_GSSGNU, 1, [if you have the GNU gssapi libraries])
+      AC_DEFINE(HAVE_GSSGNU, 1, [if you have GNU GSS])
      gnu_gss=yes
    ],
    [
@@ -1242,19 +1242,19 @@ AC_INCLUDES_DEFAULT
        AC_CHECK_HEADER(gssapi.h,
            [
              dnl found
-              AC_DEFINE(HAVE_GSSHEIMDAL, 1, [if you have the Heimdal gssapi libraries])
+              AC_DEFINE(HAVE_GSSHEIMDAL, 1, [if you have Heimdal])
            ],
            [
              dnl no header found, disabling GSS
              want_gss=no
-              AC_MSG_WARN(disabling GSSAPI since no header files was found)
+              AC_MSG_WARN(disabling GSS-API support since no header files were found)
            ]
          )
      else
        dnl MIT found
-        AC_DEFINE(HAVE_GSSMIT, 1, [if you have the MIT gssapi libraries])
-        dnl check if we have a really old MIT kerberos (<= 1.2)
-        AC_MSG_CHECKING([if gssapi headers declare GSS_C_NT_HOSTBASED_SERVICE])
+        AC_DEFINE(HAVE_GSSMIT, 1, [if you have MIT Kerberos])
+        dnl check if we have a really old MIT Kerberos version (<= 1.2)
+        AC_MSG_CHECKING([if GSS-API headers declare GSS_C_NT_HOSTBASED_SERVICE])
        AC_COMPILE_IFELSE([
          AC_LANG_PROGRAM([[
 #include <gssapi/gssapi.h>
@@ -1272,7 +1272,7 @@ AC_INCLUDES_DEFAULT
        ],[
          AC_MSG_RESULT([no])
          AC_DEFINE(HAVE_OLD_GSSMIT, 1,
-            [if you have an old MIT gssapi library, lacking GSS_C_NT_HOSTBASED_SERVICE])
+            [if you have an old MIT Kerberos version, lacking GSS_C_NT_HOSTBASED_SERVICE])
        ])
      fi
    ]
@@ -1281,9 +1281,9 @@ else
  AC_MSG_RESULT(no)
 fi
 if test x"$want_gss" = xyes; then
-  AC_DEFINE(HAVE_GSSAPI, 1, [if you have the gssapi libraries])
+  AC_DEFINE(HAVE_GSSAPI, 1, [if you have GSS-API libraries])

-  curl_gss_msg="enabled (MIT/Heimdal)"
+  curl_gss_msg="enabled (MIT Kerberos/Heimdal)"

  if test -n "$gnu_gss"; then
    curl_gss_msg="enabled (GNU GSS)"
@@ -1294,6 +1294,12 @@ if test x"$want_gss" = xyes; then
     *-*-darwin*)
        LIBS="-lgssapi_krb5 -lresolv $LIBS"
        ;;
+     *-hp-hpux*)
+        if test "$GSSAPI_ROOT" != "yes"; then
+           LDFLAGS="$LDFLAGS -L$GSSAPI_ROOT/lib$libsuff"
+        fi
+        LIBS="-lgss $LIBS"
+        ;;
     *)
        if test -f "$GSSAPI_ROOT/bin/krb5-config"; then
           dnl krb5-config doesn't have --libs-only-L or similar, put everything
@@ -1310,7 +1316,14 @@ if test x"$want_gss" = xyes; then
     esac
  else
     LDFLAGS="$LDFLAGS $GSSAPI_LIB_DIR"
+     case $host in
+     *-hp-hpux*)
+        LIBS="-lgss $LIBS"
+        ;;
+     *)
        LIBS="-lgssapi $LIBS"
+        ;;
+     esac
  fi
 else
  CPPFLAGS="$save_CPPFLAGS"
@@ -1581,7 +1594,10 @@ if test "$curl_ssl_msg" = "$init_ssl_msg" && test X"$OPT_SSL" != Xno; then
                    ENGINE_cleanup \
                    CRYPTO_cleanup_all_ex_data \
                    SSL_get_shutdown \
-                    SSLv2_client_method )
+                    SSLv2_client_method \
+                    SSL_CTX_set_next_proto_select_cb \
+                    SSL_CTX_set_alpn_protos \
+                    SSL_CTX_set_alpn_select_cb )

    dnl Make an attempt to detect if this is actually yassl's headers and
    dnl OpenSSL emulation layer. We still leave everything else believing
@@ -2453,19 +2469,19 @@ AC_HELP_STRING([--disable-versioned-symbols], [Disable versioned symbols in shar
        AC_MSG_RESULT(yes)
        if test "x$OPENSSL_ENABLED" = "x1"; then
          versioned_symbols_flavour="OPENSSL_"
-        elif test "x$GNUTLS_ENABLED" == "x1"; then
+        elif test "x$GNUTLS_ENABLED" = "x1"; then
          versioned_symbols_flavour="GNUTLS_"
-        elif test "x$NSS_ENABLED" == "x1"; then
+        elif test "x$NSS_ENABLED" = "x1"; then
          versioned_symbols_flavour="NSS_"
-        elif test "x$POLARSSL_ENABLED" == "x1"; then
+        elif test "x$POLARSSL_ENABLED" = "x1"; then
          versioned_symbols_flavour="POLARSSL_"
-        elif test "x$CYASSL_ENABLED" == "x1"; then
+        elif test "x$CYASSL_ENABLED" = "x1"; then
          versioned_symbols_flavour="CYASSL_"
-        elif test "x$AXTLS_ENABLED" == "x1"; then
+        elif test "x$AXTLS_ENABLED" = "x1"; then
          versioned_symbols_flavour="AXTLS_"
-        elif test "x$WINSSL_ENABLED" == "x1"; then
+        elif test "x$WINSSL_ENABLED" = "x1"; then
          versioned_symbols_flavour="WINSSL_"
-        elif test "x$DARWINSSL_ENABLED" == "x1"; then
+        elif test "x$DARWINSSL_ENABLED" = "x1"; then
          versioned_symbols_flavour="DARWINSSL_"
        else
          versioned_symbols_flavour=""
@@ -3233,6 +3249,7 @@ AC_HELP_STRING([--disable-crypto-auth],[Disable cryptographic authentication]),
  no)
       AC_MSG_RESULT(no)
       AC_DEFINE(CURL_DISABLE_CRYPTO_AUTH, 1, [to disable cryptographic authentication])
+       CURL_DISABLE_CRYPTO_AUTH=1
       ;;
  *)   AC_MSG_RESULT(yes)
       ;;
@@ -3366,7 +3383,8 @@ fi
 if test "x$USE_WINDOWS_SSPI" = "x1"; then
  SUPPORT_FEATURES="$SUPPORT_FEATURES SSPI"
 fi
-if test "x$CURL_DISABLE_HTTP" != "x1"; then
+if test "x$CURL_DISABLE_HTTP" != "x1" -a \
+	"x$CURL_DISABLE_CRYPTO_AUTH" != "x1"; then
  if test "x$USE_SSLEAY" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \
      -o "x$GNUTLS_ENABLED" = "x1" -o "x$NSS_ENABLED" = "x1" \
      -o "x$DARWINSSL_ENABLED" = "x1"; then
@@ -3529,7 +3547,7 @@ AC_MSG_NOTICE([Configured to build curl/libcurl:
  SSL support:      ${curl_ssl_msg}
  SSH support:      ${curl_ssh_msg}
  zlib support:     ${curl_zlib_msg}
-  GSSAPI support:   ${curl_gss_msg}
+  GSS-API support:  ${curl_gss_msg}
  SPNEGO support:   ${curl_spnego_msg}
  TLS-SRP support:  ${curl_tls_srp_msg}
  resolver:         ${curl_res_msg}
--- a/contributors.sh
+++ b/contributors.sh
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 2013-2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -37,10 +37,29 @@ fi
 # cut off spaces first and last on the line
 # only count names with a space (ie more than one word)
 # sort all unique names
+# awk them into RELEASE-NOTES format
 git log $start..HEAD | \
 egrep '(Author|Commit|by):' | \
 cut -d: -f2- | \
 cut '-d<' -f1 | \
 sed -e 's/^ //' -e 's/ $//g' | \
 grep ' ' | \
-sort -u
+sort -u |
+awk '{
+ num++;
+ n = sprintf("%s%s%s,", n, length(n)?" ":"", $0);
+ #print n;
+ if(length(n) > 78) {
+   printf("  %s\n", p);
+   n=sprintf("%s,", $0);
+ }
+ p=n;
+
+}
+
+ END {
+   printf("  %s\n", p);
+   printf("  (%d contributors)\n", num);
+ }
+
+'
--- a/docs/DISTRO-DILEMMA
+++ b/docs/DISTRO-DILEMMA
@@ -59,7 +59,7 @@ GnuTLS
 OpenSSL does. Now, you can build and distribute an TLS/SSL capable libcurl
 without including any Original BSD licensed code.

- I believe Debian is the first (only?) distro that provides libcurl/GnutTLS
+ I believe Debian is the first (only?) distro that provides libcurl/GnuTLS
 packages.

 yassl
@@ -72,20 +72,20 @@ GnuTLS vs OpenSSL vs yassl

 While these three libraries offer similar features, they are not equal.
 libcurl does not (yet) offer a standardized stable ABI if you decide to
- switch from using libcurl-openssl to libcurl-gnutls or vice versa. The GnuTLS
+ switch from using libcurl-openssl to libcurl-gnutls or vice-versa. The GnuTLS
 and yassl support is very recent in libcurl and it has not been tested nor
 used very extensively, while the OpenSSL equivalent code has been used and
 thus matured since 1999.

 GnuTLS
-   - LGPL licensened
+   - LGPL licensed
   - supports SRP
   - lacks SSLv2 support
   - lacks MD2 support (used by at least some CA certs)
   - lacks the crypto functions libcurl uses for NTLM

 OpenSSL
-   - Original BSD licensened
+   - Original BSD licensed
   - lacks SRP
   - supports SSLv2
   - older and more widely used
--- a/docs/FAQ
+++ b/docs/FAQ
@@ -422,7 +422,7 @@ FAQ

  curl can be built to use one of the following SSL alternatives: OpenSSL,
  GnuTLS, yassl, NSS, PolarSSL, axTLS, Secure Transport (native iOS/OS X),
-  schannel (native Windows) or qssl (native IBM i). They all have their pros
+  WinSSL (native Windows) or qssl (native IBM i). They all have their pros
  and cons, and we try to maintain a comparison of them here:
  http://curl.haxx.se/docs/ssl-compared.html

--- a/docs/FEATURES
+++ b/docs/FEATURES
@@ -55,7 +55,7 @@ HTTP
 - reads/writes the netscape cookie file format
 - custom headers (replace/remove internally generated headers)
 - custom user-agent string
- - custom referer string
+ - custom referrer string
 - range
 - proxy authentication
 - time conditions
@@ -161,8 +161,8 @@ IMAP
 - SASL based authentication: Plain, Login, CRAM-MD5, Digest-MD5 and
   NTLM (*9)
 - list the folders of a mailbox
- - select a mailbox with support for verifing the UIDVALIDITY
- - fetch e-mails with support for specifing the UID and SECTION
+ - select a mailbox with support for verifying the UIDVALIDITY
+ - fetch e-mails with support for specifying the UID and SECTION
 - upload e-mails via the append command
 - enhanced command support for: EXAMINE, CREATE, DELETE, RENAME, STATUS,
   STORE, COPY and UID via custom requests
@@ -176,14 +176,14 @@ IMAPS (*1)
 FOOTNOTES
 =========

-  *1 = requires OpenSSL, GnuTLS, NSS, yassl, axTLS, PolarSSL, schannel (native
+  *1 = requires OpenSSL, GnuTLS, NSS, yassl, axTLS, PolarSSL, WinSSL (native
       Windows), Secure Transport (native iOS/OS X) or qssl (native IBM i)
  *2 = requires OpenLDAP
  *3 = requires a GSSAPI-compliant library, such as Heimdal or similar
  *4 = requires FBopenssl
  *5 = requires a krb4 library, such as the MIT one or similar
  *6 = requires c-ares
-  *7 = requires OpenSSL, NSS, qssl, schannel or Secure Transport; GnuTLS, for
+  *7 = requires OpenSSL, NSS, qssl, WinSSL or Secure Transport; GnuTLS, for
       example, only supports SSLv3 and TLSv1
  *8 = requires libssh2
  *9 = requires OpenSSL, GnuTLS, NSS, yassl, Secure Transport or SSPI (native
--- a/docs/INSTALL
+++ b/docs/INSTALL
@@ -115,18 +115,6 @@ UNIX

       ./configure --disable-thread

-     To build curl with kerberos4 support enabled, curl requires the krb4 libs
-     and headers installed. You can then use a set of options to tell
-     configure where those are:
-
-          --with-krb4-includes[=DIR]   Specify location of kerberos4 headers
-          --with-krb4-libs[=DIR]       Specify location of kerberos4 libs
-          --with-krb4[=DIR]            where to look for Kerberos4
-
-     In most cases, /usr/athena is the install prefix and then it works with
-
-       ./configure --with-krb4=/usr/athena
-
     If you're a curl developer and use gcc, you might want to enable more
     debug options with the --enable-debug option.

@@ -993,6 +981,7 @@ REDUCING SIZE
     --disable-verbose (eliminates debugging strings and error code strings)
     --enable-hidden-symbols (eliminates unneeded symbols in the shared library)
     --without-libidn (disables support for the libidn DNS library)
+     --without-librtmp (disables support for RTMP)
     --without-ssl (disables support for SSL/TLS)
     --without-zlib (disables support for on-the-fly decompression)

@@ -1011,9 +1000,9 @@ REDUCING SIZE
   .comment section).

   Using these techniques it is possible to create a basic HTTP-only shared
-   libcurl library for i386 Linux platforms that is only 106 KiB in size, and
-   an FTP-only library that is 108 KiB in size (as of libcurl version 7.27.0,
-   using gcc 4.6.3).
+   libcurl library for i386 Linux platforms that is only 114 KiB in size, and
+   an FTP-only library that is 115 KiB in size (as of libcurl version 7.35.0,
+   using gcc 4.8.2).

   You may find that statically linking libcurl to your application will
   result in a lower total size than dynamically linking.
@@ -1025,7 +1014,6 @@ REDUCING SIZE
   command line.  Following is a list of appropriate key words:

     --disable-cookies          !cookies
-     --disable-crypto-auth      !HTTP\ Digest\ auth !HTTP\ proxy\ Digest\ auth
     --disable-manual           !--manual
     --disable-proxy            !HTTP\ proxy !proxytunnel !SOCKS4 !SOCKS5

--- a/docs/INSTALL.cmake
+++ b/docs/INSTALL.cmake
@@ -71,7 +71,7 @@ Command Line CMake

    $ make install

-    (The teste suit does not work with the cmake build)
+    (The test suite does not work with the cmake build)

 ccmake
 =========
--- a/docs/INTERNALS
+++ b/docs/INTERNALS
@@ -45,6 +45,7 @@ Portability
 qsossl       V5R3M0
 NSS          3.14.x
 axTLS        1.2.7
+ PolarSSL     1.3.0
 Heimdal      ?

 On systems where configure runs, we aim at working on them all - if they have
@@ -300,7 +301,7 @@ Persistent Connections
 o When libcurl is told to perform a transfer, it first checks for an already
   existing connection in the cache that we can use. Otherwise it creates a
   new one and adds that the cache. If the cache is full already when a new
-   conncetion is added added, it will first close the oldest unused one.
+   connection is added added, it will first close the oldest unused one.
 o When the transfer operation is complete, the connection is left
   open. Particular options may tell libcurl not to, and protocols may signal
   closure on connections and then they won't be kept open of course.
@@ -337,10 +338,10 @@ SSL libraries
 in future libcurl versions.

 To deal with this internally in the best way possible, we have a generic SSL
- function API as provided by the sslgen.[ch] system, and they are the only SSL
- functions we must use from within libcurl. sslgen is then crafted to use the
+ function API as provided by the vtls.[ch] system, and they are the only SSL
+ functions we must use from within libcurl. vtls is then crafted to use the
 appropriate lower-level function calls to whatever SSL library that is in
- use.
+ use. For example vtls/openssl.[ch] for the OpenSSL library.

 Library Symbols
 ===============
--- a/docs/KNOWN_BUGS
+++ b/docs/KNOWN_BUGS
@@ -6,13 +6,13 @@ may have been fixed since this was written!
 87. -J/--remote-header-name doesn't decode %-encoded file names. RFC6266
  details how it should be done. The can of worm is basically that we have no
  charset handling in curl and ascii >=128 is a challenge for us. Not to
-  mention that decoding also means that we need to check for nastyness that is
+  mention that decoding also means that we need to check for nastiness that is
  attempted, like "../" sequences and the like. Probably everything to the left
  of any embedded slashes should be cut off.
  http://curl.haxx.se/bug/view.cgi?id=1294

 86. The disconnect commands (LOGOUT and QUIT) may not be sent by IMAP, POP3
-  and SMTP if a failure occures during the authentication phase of a
+  and SMTP if a failure occurs during the authentication phase of a
  connection.

 85. Wrong STARTTRANSFER timer accounting for POST requests
@@ -38,9 +38,9 @@ may have been fixed since this was written!
  such in the build.
  http://curl.haxx.se/bug/view.cgi?id=1222

-81. When using -J (with -O), automaticly resumed downloading together with "-C
-  -" fails. Without -J the same command line works! This happens because the
-  resume logic is worked out before the target file name (and thus its
+81. When using -J (with -O), automatically resumed downloading together with
+  "-C -" fails. Without -J the same command line works! This happens because
+  the resume logic is worked out before the target file name (and thus its
  pre-transfer size) has been figured out!
  http://curl.haxx.se/bug/view.cgi?id=1169

@@ -69,12 +69,12 @@ may have been fixed since this was written!
  option as for all other operating systems.

 75. NTLM authentication involving unicode user name or password only works
-  properly if built with UNICODE defined together with the schannel/winssl
+  properly if built with UNICODE defined together with the WinSSL/schannel
  backend. The original problem was mentioned in:
  http://curl.haxx.se/mail/lib-2009-10/0024.html
  http://curl.haxx.se/bug/view.cgi?id=896

-  The schannel version verified to work as mentioned in
+  The WinSSL/schannel version verified to work as mentioned in
  http://curl.haxx.se/mail/lib-2012-07/0073.html

 73. if a connection is made to a FTP server but the server then just never
--- a/docs/LIBCURL-STRUCTS
+++ b/docs/LIBCURL-STRUCTS
@@ -47,7 +47,7 @@ for older and later versions as things don't change drastically that often.
  ->mstate is the multi state of this particular SessionHandle. When
  multi_runsingle() is called, it will act on this handle according to which
  state it is in. The mstate is also what tells which sockets to return for a
-  speicific SessionHandle when curl_multi_fdset() is called etc.
+  specific SessionHandle when curl_multi_fdset() is called etc.

  The libcurl source code generally use the name 'data' for the variable that
  points to the SessionHandle.
@@ -60,7 +60,7 @@ for older and later versions as things don't change drastically that often.
  re-use an existing one instead of creating a new as it creates a significant
  performance boost.

-  Each 'connectdata' identifies a single physical conncetion to a server. If
+  Each 'connectdata' identifies a single physical connection to a server. If
  the connection can't be kept alive, the connection will be closed after use
  and then this struct can be removed from the cache and freed.

@@ -158,18 +158,18 @@ for older and later versions as things don't change drastically that often.

  ->do_it is the function called to issue the transfer request. What we call
  the DO action internally. If the DO is not enough and things need to be kept
-  getting done for the entier DO sequence to complete, ->doing is then usually
+  getting done for the entire DO sequence to complete, ->doing is then usually
  also provided. Each protocol that needs to do multiple commands or similar
  for do/doing need to implement their own state machines (see SCP, SFTP,
  FTP). Some protocols (only FTP and only due to historical reasons) has a
  separate piece of the DO state called DO_MORE.

-  ->doing keeps getting called while issudeing the transfer request command(s)
+  ->doing keeps getting called while issuing the transfer request command(s)

  ->done gets called when the transfer is complete and DONE. That's after the
  main data has been transferred.

-  ->do_more gets called doring the DO_MORE state. The FTP protocol uses this
+  ->do_more gets called during the DO_MORE state. The FTP protocol uses this
  state when setting up the second connection.

  ->proto_getsock
--- a/docs/MAIL-ETIQUETTE
+++ b/docs/MAIL-ETIQUETTE
@@ -105,7 +105,7 @@ MAIL ETIQUETTE
  No matter what, we NEVER EVER respond to trolls or spammers on the list. If
  you believe the list admin should do something particular, contact him/her
  off-list. The subject will be taken care of as good as possible to prevent
-  repeated offences, but responding on the list to such messages never lead to
+  repeated offenses, but responding on the list to such messages never lead to
  anything good and only puts the light even more on the offender: which was
  the entire purpose of it getting to the list in the first place.

--- a/docs/Makefile.am
+++ b/docs/Makefile.am
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -37,7 +37,8 @@ EXTRA_DIST = MANUAL BUGS CONTRIBUTE FAQ FEATURES INTERNALS SSLCERTS	 \
 README.win32 RESOURCES TODO TheArtOfHttpScripting THANKS VERSIONS	 \
 KNOWN_BUGS BINDINGS $(man_MANS) $(HTMLPAGES) HISTORY INSTALL		 \
 $(PDFPAGES) LICENSE-MIXING README.netware DISTRO-DILEMMA INSTALL.devcpp \
- MAIL-ETIQUETTE HTTP-COOKIES LIBCURL-STRUCTS SECURITY
+ MAIL-ETIQUETTE HTTP-COOKIES LIBCURL-STRUCTS SECURITY RELEASE-PROCEDURE  \
+ SSL-PROBLEMS

 MAN2HTML= roffit < $< >$@

--- a/docs/README.netware
+++ b/docs/README.netware
@@ -10,7 +10,7 @@ README.netware

  Curl has been successfully compiled with gcc / nlmconv on different flavours
  of Linux as well as with the official Metrowerks CodeWarrior compiler.
-  While not being the main development target, a continously growing share of
+  While not being the main development target, a continuously growing share of
  curl users are NetWare-based, specially also consuming the lib from PHP.

  The unix-style man pages are tricky to read on windows, so therefore are all
--- a/docs/RELEASE-PROCEDURE
+++ b/docs/RELEASE-PROCEDURE
@@ -0,0 +1,53 @@
+                                  _   _ ____  _
+                              ___| | | |  _ \| |
+                             / __| | | | |_) | |
+                            | (__| |_| |  _ <| |___
+                             \___|\___/|_| \_\_____|
+
+curl release procedure - how to do a release
+============================================
+
+[in the source code repo]
+
+- edit RELEASE-NOTES to be accurate
+
+- update docs/THANKS
+
+- make sure all relevant changes are committed on the master branch
+
+- tag the git repo in this style: 'git tag -a curl-7_34_0'. -a annotates the
+  tag and we use underscores instead of dots in the version number. 
+   
+- run "./maketgz 7.34.0" to build the release tarballs. It is important that
+  you run this on a machine with the correct set of autotools etc installed
+  as this is what then will be shipped and used by most users on *nix like
+  systems.
+
+- push the git commits and the new tag
+
+- gpg sign the 4 tarballs as maketgz suggests
+
+- upload the 8 resulting files to the primary download directory
+
+[data in the curl-www repo]
+
+- edit Makefile (version number and date),
+  _newslog.html (announce the new release) and
+  _changes.html (insert changes+bugfixes from RELEASE-NOTES)
+
+- commit all local changes
+
+- tag the repo with the same tag as used for the source repo
+
+- make sure all relevant changes are committed and pushed on the master branch
+
+  (the web site then updates its contents automatically)
+
+[inform]
+
+- send an email to curl-users, curl-announce and curl-library. Insert the
+  RELEASE-NOTES into the mail.
+
+[celebrate]
+
+- suitable beverage intake is encouraged for the festivities
--- a/docs/SECURITY
+++ b/docs/SECURITY
@@ -60,7 +60,7 @@ announcement.

 - Write a security advisory draft about the problem that explains what the
  problem is, its impact, which versions it affects, solutions or
-  work-arounds, when the release is out and make sure to credit all
+  workarounds, when the release is out and make sure to credit all
  contributors properly.

 - Request a CVE number from distros@openwall.org[1] when also informing and
@@ -85,7 +85,7 @@ announcement.
  the same manner we always announce releases. It gets sent to the
  curl-announce, curl-library and curl-users mailing lists.

- The security web page on the web site should get the new vulernability
+- The security web page on the web site should get the new vulnerability
  mentioned.

 [1] = http://oss-security.openwall.org/wiki/mailing-lists/distros
--- a/docs/SSL-PROBLEMS
+++ b/docs/SSL-PROBLEMS
@@ -0,0 +1,67 @@
+                                  _   _ ____  _
+                              ___| | | |  _ \| |
+                             / __| | | | |_) | |
+                            | (__| |_| |  _ <| |___
+                             \___|\___/|_| \_\_____|
+
+SSL problems
+
+  First, let's establish that we often refer to TLS and SSL interchangeably as
+  SSL here. The current protocol is called TLS, it was called SSL a long time
+  ago.
+
+  There are several known reasons why a connection that involves SSL might
+  fail. This is a document that attempts to details the most common ones and
+  how to mitigate them.
+
+CA certs
+
+  CA certs are used to digitally verify the server's certificate. You need a
+  "ca bundle" for this. See lots of more details on this in the SSLCERTS
+  document.
+
+CA bundle missing intermediate certificates
+
+  When using said CA bundle to verify a server cert, you will experience
+  problems if your CA cert does not have the certificates for the
+  intermediates in the whole trust chain.
+
+SSL version
+
+  Some broken servers fail to support the protocol negotiation properly that
+  SSL servers are supposed to handle. This may cause the connection to fail
+  completely. Sometimes you may need to explicitly select a SSL version to use
+  when connecting to make the connection succeed.
+
+  An additional complication can be that modern SSL libraries sometimes are
+  built with support for older SSL and TLS versions disabled!
+
+SSL ciphers
+
+  Clients give servers a list of ciphers to select from. If the list doesn't
+  include any ciphers the server wants/can use, the connection handshake
+  fails.
+
+  curl has recently disabled the user of a whole bunch of seriously insecure
+  ciphers from its default set (slightly depending on SSL backend in use).
+
+  You may have to explicitly provide an alternative list of ciphers for curl
+  to use to allow the server to use a WEAK cipher for you.
+
+  Note that these weak ciphers are identified as flawed. For example, this
+  includes symmetric ciphers with less than 128 bit keys and RC4.
+
+  References:
+
+  http://tools.ietf.org/html/draft-popov-tls-prohibiting-rc4-01
+  
+Allow BEAST
+
+  BEAST is the name of a TLS 1.0 attack that surfaced 2011. When adding means
+  to mitigate this attack, it turned out that some broken servers out there in
+  the wild didn't work properly with the BEAST mitigation in place.
+
+  To make such broken servers work, the --ssl-allow-beast option was
+  introduced. Exactly as it sounds, it re-introduces the BEAST vulnerability
+  but on the other hand it allows curl to connect to that kind of strange
+  servers.
--- a/docs/SSLCERTS
+++ b/docs/SSLCERTS
@@ -110,7 +110,7 @@ Starting with version 7.19.7, libcurl will check for the NSS version it runs,
 and automatically add the 'sql:' prefix to the certdb directory (either the
 hardcoded default /etc/pki/nssdb or the directory configured with SSL_DIR
 environment variable) if version 3.12.0 or later is detected. To check which
-ertdb format your distribution provides, examine the default
+certdb format your distribution provides, examine the default
 certdb location: /etc/pki/nssdb; the new certdb format can be identified by
 the filenames cert9.db, key4.db, pkcs11.txt; filenames of older versions are
 cert8.db, key3.db, modsec.db.
--- a/docs/THANKS
+++ b/docs/THANKS
@@ -6,9 +6,11 @@

 Aaron Oneal
 Aaron Orenstein
+Abram Pousada
 Adam D. Moss
 Adam Light
 Adam Piggott
+Adam Sampson
 Adam Tkac
 Adrian Schuur
 Adriano Meirelles
@@ -93,12 +95,14 @@ Arnaud Compan
 Arnaud Ebalard
 Arthur Murray
 Arve Knudsen
+Arvid Norberg
 Ates Goral
 Augustus Saunders
 Avery Fay
 Axel Tillequin
 Balaji Parasuram
 Balint Szilakszi
+Barry Abrahamson
 Bart Whiteley
 Bas Mevissen
 Ben Darnell
@@ -131,6 +135,7 @@ Bogdan Nicula
 Brad Burdick
 Brad Hards
 Brad King
+Brad Spencer
 Bradford Bruce
 Brandon Wang
 Brendan Jurd
@@ -155,6 +160,7 @@ Cedric Deltheil
 Chad Monroe
 Chandrakant Bagul
 Charles Kerr
+Chen Prog
 Chih-Chung Chang
 Chris "Bob Bob"
 Chris Combes
@@ -248,6 +254,7 @@ David McCreedy
 David Odin
 David Phillips
 David Rosenstrauch
+David Ryskalczyk
 David Shaw
 David Strauss
 David Tarendash
@@ -327,6 +334,7 @@ Eugene Kotlyarov
 Evan Jordan
 Evgeny Turnaev
 Eygene Ryabinkin
+Fabian Frank
 Fabian Hiernaux
 Fabian Keil
 Fabrizio Ammollo
@@ -357,6 +365,7 @@ Gautam Kachroo
 Gautam Mani
 Gavrie Philipson
 Gaz Iqbal
+Gaël Portay
 Geoff Beier
 Georg Horn
 Georg Huettenegger
@@ -378,6 +387,7 @@ Giuseppe Attardi
 Giuseppe D'Ambrosio
 Glen Nakamura
 Glen Scott
+Glenn Sheridan
 Gokhan Sengun
 Gordon Marler
 Gorilla Maguila
@@ -416,6 +426,7 @@ Ho-chi Chen
 Hoi-Ho Chan
 Hongli Lai
 Howard Chu
+Hubert Kario
 Hzhijun
 Ian D Allen
 Ian Ford
@@ -427,6 +438,7 @@ Ignacio Vazquez-Abrams
 Igor Franchuk
 Igor Novoseltsev
 Igor Polyakov
+Iida Yosiaki
 Ilguiz Latypov
 Ilja van Sprundel
 Immanuel Gregoire
@@ -475,6 +487,7 @@ Jean-Marc Ranger
 Jean-Noel Rouvignac
 Jean-Philippe Barrette-LaPierre
 Jeff Connelly
+Jeff Hodges
 Jeff Johnson
 Jeff King
 Jeff Lawson
@@ -498,6 +511,7 @@ Jim Hollinger
 Jim Meyering
 Jiri Hruska
 Jiri Jaburek
+Jiri Malak
 Jocelyn Jaubert
 Joe Halpin
 Joe Malicki
@@ -556,6 +570,7 @@ Jun-ichiro itojun Hagino
 Jurij Smakov
 Justin Fletcher
 Justin Karneges
+Justin Maggard
 Jörg Mueller-Tolk
 Jörn Hartroth
 Kai Engert
@@ -610,6 +625,7 @@ Lau Hang Kin
 Laurent Rabret
 Legoff Vincent
 Lehel Bernadt
+Leif W
 Len Krause
 Lenaic Lefever
 Lenny Rachitsky
@@ -630,9 +646,11 @@ Ludovico Cavedon
 Lukasz Czekierda
 Luke Amery
 Luke Call
+Luke Dashjr
 Luong Dinh Dung
 Maciej Karpiuk
 Maciej W. Rozycki
+Maks Naumov
 Mamoru Tasaka
 Mandy Wu
 Manfred Schwarb
@@ -730,6 +748,7 @@ Mike Bytnar
 Mike Crowe
 Mike Dobbs
 Mike Giancola
+Mike Hasselberg
 Mike Hommey
 Mike Mio
 Mike Power
@@ -738,6 +757,7 @@ Mike Revi
 Miklos Nemeth
 Mitz Wark
 Mohamed Lrhazi
+Mohammad AlSaleh
 Mohun Biswas
 Moonesamy
 Myk Taylor
@@ -784,6 +804,7 @@ Oscar Koeroo
 Oscar Norlander
 P R Schaffner
 Paolo Piacentini
+Paras Sethia
 Pascal Terjan
 Pasha Kuznetsov
 Pat Ray
@@ -828,6 +849,7 @@ Peter Verhas
 Peter Wullinger
 Peteris Krumins
 Petr Bahula
+Petr Novak
 Petr Pisar
 Phil Blundell
 Phil Karn
@@ -846,6 +868,8 @@ Pierre Joye
 Pierre Ynard
 Pooyan McSporran
 Pramod Sharma
+Prash Dush
+Priyanka Shah
 Puneet Pawaia
 Quagmire
 Quanah Gibson-Mount
@@ -865,6 +889,7 @@ Ravi Pratap
 Ray Dassen
 Ray Pekowski
 Reinout van Schouwen
+Remi Gacogne
 Renato Botelho
 Renaud Chaillat
 Renaud Duhaut
@@ -888,6 +913,7 @@ Richard Silverman
 Rick Jones
 Rick Richardson
 Rob Crittenden
+Rob Davies
 Rob Jones
 Rob Stanzel
 Rob Ward
@@ -952,6 +978,7 @@ Sergey Tatarincev
 Sergio Ballestrero
 Seshubabu Pasam
 Sh Diao
+Shao Shuchao
 Sharad Gupta
 Shard
 Shawn Landden
@@ -1005,12 +1032,14 @@ Taneli Vahakangas
 Tanguy Fautre
 Tatsuhiro Tsujikawa
 Temprimus
+Thomas Braun
 Thomas J. Moore
 Thomas Klausner
 Thomas L. Shinnick
 Thomas Lopatic
 Thomas Schwinge
 Thomas Tonino
+Tiit Pikma
 Tim Ansell
 Tim Baker
 Tim Bartley
@@ -1022,6 +1051,7 @@ Tim Newsome
 Tim Sneddon
 Timo Sirainen
 Tinus van den Berg
+Tobias Markus
 Tobias Rundström
 Toby Peterson
 Todd A Ouska
@@ -1064,6 +1094,7 @@ Ulrich Zadow
 Venkat Akella
 Victor Snezhko
 Vikram Saxena
+Viktor Szakáts
 Vilmos Nebehaj
 Vincent Bronner
 Vincent Le Normand
@@ -1095,8 +1126,10 @@ Yaakov Selkowitz
 Yamada Yasuharu
 Yang Tse
 Yarram Sunil
+Yehezkel Horowitz
 Yehoshua Hershberg
 Yi Huang
+Yingwei Liu
 Yukihiro Kawada
 Yuriy Sosov
 Yves Arrouye
--- a/docs/TODO
+++ b/docs/TODO
@@ -17,6 +17,8 @@
 1.4 signal-based resolver timeouts
 1.5 get rid of PATH_MAX
 1.6 Modified buffer size approach
+ 1.7 Detect when called from witin callbacks
+ 1.8 Allow SSL (HTTPS) to proxy

 2. libcurl - multi interface
 2.1 More non-blocking
@@ -30,14 +32,13 @@
 4.2 Alter passive/active on failure and retry
 4.3 Earlier bad letter detection
 4.4 REST for large files
- 4.5 FTP proxy support
- 4.6 ASCII support
+ 4.5 ASCII support

 5. HTTP
 5.1 Better persistency for HTTP 1.0
 5.2 support FF3 sqlite cookie files
 5.3 Rearrange request header order
- 5.4 HTTP2/SPDY
+ 5.4 SPDY
 5.5 auth= in URLs

 6. TELNET
@@ -70,9 +71,8 @@
 12.4 Cache OpenSSL contexts
 12.5 Export session ids
 12.6 Provide callback for cert verification
- 12.7 Support other SSL libraries
- 12.8 improve configure --with-ssl
- 12.9 Support DANE
+ 12.7 improve configure --with-ssl
+ 12.8 Support DANE

 13. GnuTLS
 13.1 SSL engine stuff
@@ -87,9 +87,8 @@
 15.3 prevent file overwriting
 15.4 simultaneous parallel transfers
 15.5 provide formpost headers
- 15.6 url-specific options
- 15.7 warning when setting an option
- 15.8 IPv6 addresses with globbing
+ 15.6 warning when setting an option
+ 15.7 IPv6 addresses with globbing

 16. Build
 16.1 roffit
@@ -175,6 +174,18 @@
 Dynamically allocate buffer size depending on protocol in use in combination
 with freeing it after each individual transfer? Other suggestions?

+1.7 Detect when called from witin callbacks
+
+ We should set a state variable before calling callbacks, so that we
+ subsequently can add code within libcurl that returns error if called within
+ callbacks for when that's not supported.
+
+1.8 Allow SSL (HTTPS) to proxy
+
+ To prevent local users from snooping on your traffic to the proxy. Supported
+ by Chrome already:
+ http://www.chromium.org/developers/design-documents/secure-web-proxy
+

 2. libcurl - multi interface

@@ -231,13 +242,7 @@
 the server doesn't set the pointer to the requested index. The tricky
 (impossible?) part is to figure out if the server did the right thing or not.

-4.5 FTP proxy support
-
- Support the most common FTP proxies, Philip Newton provided a list allegedly
- from ncftp. This is not a subject without debate, and is probably not really
- suitable for libcurl.  http://curl.haxx.se/mail/archive-2003-04/0126.html
-
-4.6 ASCII support
+4.5 ASCII support

 FTP ASCII transfers do not follow RFC959. They don't convert the data
 accordingly.
@@ -267,23 +272,13 @@
 headers use a default value so only headers that need to be moved have to be
 specified.

-5.4 HTTP2/SPDY
+5.4 SPDY

- The first drafts for HTTP2 have been published
- (http://tools.ietf.org/html/draft-ietf-httpbis-http2-03) and is so far based
- on SPDY (http://www.chromium.org/spdy) designs and experiences. Chances are
- it will end up in that style. Chrome and Firefox already support SPDY and
- lots of web services do.
+ Chrome and Firefox already support SPDY and lots of web services do. There's
+ a library for us to use for this (spdylay) that has a similar API and the
+ same author as nghttp2.

- It would make sense to implement SPDY support now and later transition into
- or add HTTP2 support as well.
-
- We should base or HTTP2/SPDY work on a 3rd party library for the protocol
- fiddling. The Spindy library (http://spindly.haxx.se/) was an attempt to make
- such a library with an API suitable for use by libcurl but that effort has
- more or less stalled.  spdylay (https://github.com/tatsuhiro-t/spdylay) may
- be a better option, either used directly or wrapped with a more spindly-like
- API.
+ spdylay: https://github.com/tatsuhiro-t/spdylay

 5.5 auth= in URLs

@@ -409,17 +404,12 @@ to provide the data to send.
 certificate, but this doesn't seem to be exposed in the libcurl APIs. Could
 it be? There's so much that could be done if it were!

-12.7 Support other SSL libraries
-
- Make curl's SSL layer capable of using other free SSL libraries.  Such as
- MatrixSSL (http://www.matrixssl.org/).
-
-12.8 improve configure --with-ssl
+12.7 improve configure --with-ssl

 make the configure --with-ssl option first check for OpenSSL, then GnuTLS,
 then NSS...

-12.9 Support DANE
+12.8 Support DANE

 DNS-Based Authentication of Named Entities (DANE) is a way to provide SSL
 keys and certs over DNS using DNSSEC as an alternative to the CA model.
@@ -493,27 +483,13 @@ to provide the data to send.
 which should overwrite the program reasonable defaults (plain/text,
 8bit...)

-15.6 url-specific options
-
- Provide a way to make options bound to a specific URL among several on the
- command line. Possibly by letting ':' separate options between URLs,
- similar to this:
-
-    curl --data foo --url url.com : \
-        --url url2.com : \
-        --url url3.com --data foo3
-
- (More details: http://curl.haxx.se/mail/archive-2004-07/0133.html)
-
- The example would do a POST-GET-POST combination on a single command line.
-
-15.7 warning when setting an option
+15.6 warning when setting an option

  Display a warning when libcurl returns an error when setting an option.
  This can be useful to tell when support for a particular feature hasn't been
  compiled into the library.

-15.8 IPv6 addresses with globbing
+15.7 IPv6 addresses with globbing

  Currently the command line client needs to get url globbing disabled (with
  -g) for it to support IPv6 numerical addresses. This is a rather silly flaw
@@ -589,7 +565,7 @@ to provide the data to send.
 for applications to differentiate on TCP vs UDP and even HTTP vs FTP and
 similar.

-10. Next major release
+19. Next major release

 19.1 cleanup return codes

--- a/docs/TheArtOfHttpScripting
+++ b/docs/TheArtOfHttpScripting
@@ -1,16 +1,72 @@
-Online:  http://curl.haxx.se/docs/httpscripting.html
-Date:    Jan 19, 2011
+Updated: Dec 24, 2013 (http://curl.haxx.se/docs/httpscripting.html)
+                                  _   _ ____  _
+                              ___| | | |  _ \| |
+                             / __| | | | |_) | |
+                            | (__| |_| |  _ <| |___
+                             \___|\___/|_| \_\_____|
+

 The Art Of Scripting HTTP Requests Using Curl
-                =============================================

- This document will assume that you're familiar with HTML and general
- networking.
+ 1. HTTP Scripting
+ 1.1 Background
+ 1.2 The HTTP Protocol
+ 1.3 See the Protocol
+ 1.4 See the Timing
+ 1.5 See the Response
+ 2. URL
+ 2.1 Spec
+ 2.2 Host
+ 2.3 Port number
+ 2.4 User name and password
+ 2.5 Path part
+ 3. Fetch a page
+ 3.1 GET
+ 3.2 HEAD
+ 4. HTML forms
+ 4.1 Forms explained
+ 4.2 GET
+ 4.3 POST
+ 4.4 File Upload POST
+ 4.5 Hidden Fields
+ 4.6 Figure Out What A POST Looks Like
+ 5. HTTP upload
+ 5.1 PUT
+ 6. HTTP Authentication
+ 6.1 Basic Authentication
+ 6.2 Other Authentication
+ 6.3 Proxy Authentication
+ 6.4 Hiding credentials
+ 7. More HTTP Headers
+ 7.1 Referer
+ 7.2 User Agent
+ 8. Redirects
+ 8.1 Location header
+ 8.2 Other redirects
+ 9. Cookies
+ 9.1 Cookie Basics
+ 9.2 Cookie options
+ 10. HTTPS
+ 10.1 HTTPS is HTTP secure
+ 10.2 Certificates
+ 11. Custom Request Elements
+ 11.1 Modify method and headers
+ 11.2 More on changed methods
+ 12. Web Login
+ 12.1 Some login tricks
+ 13. Debug
+ 13.1 Some debug tricks
+ 14. References
+ 14.1 Standards
+ 14.2 Sites

- The possibility to write scripts is essential to make a good computer
- system. Unix' capability to be extended by shell scripts and various tools to
- run various automated commands and scripts is one reason why it has succeeded
- so well.
+==============================================================================
+
+1. HTTP Scripting
+
+ 1.1 Background
+
+ This document assumes that you're familiar with HTML and general networking.

 The increasing amount of applications moving to the web has made "HTTP
 Scripting" more frequently requested and wanted. To be able to automatically
@@ -27,7 +83,7 @@ Date:    Jan 19, 2011
 to glue everything together using some kind of script language or repeated
 manual invokes.

-1. The HTTP Protocol
+ 1.2 The HTTP Protocol

 HTTP is the protocol used to fetch data from web servers. It is a very simple
 protocol that is built upon TCP/IP. The protocol also allows information to
@@ -44,7 +100,7 @@ Date:    Jan 19, 2011
 well), response headers and most often also a response body. The "body" part
 is the plain data you requested, like the actual HTML or the image etc.

- 1.1 See the Protocol
+ 1.3 See the Protocol

  Using curl's option --verbose (-v as a short option) will display what kind
  of commands curl sends to the server, as well as a few other informational
@@ -59,13 +115,88 @@ Date:    Jan 19, 2011

      curl --trace-ascii debugdump.txt http://www.example.com/

+ 1.4 See the Timing
+
+  Many times you may wonder what exactly is taking all the time, or you just
+  want to know the amount of milliseconds between two points in a
+  transfer. For those, and other similar situations, the --trace-time option
+  is what you need. It'll prepend the time to each trace output line:
+
+      curl --trace-ascii d.txt --trace-time http://example.com/
+
+ 1.5 See the Response
+
+  By default curl sends the response to stdout. You need to redirect it
+  somewhere to avoid that, most often that is done with -o or -O.
+
 2. URL

+ 2.1 Spec
+
 The Uniform Resource Locator format is how you specify the address of a
 particular resource on the Internet. You know these, you've seen URLs like
- http://curl.haxx.se or https://yourbank.com a million times.
+ http://curl.haxx.se or https://yourbank.com a million times. RFC 3986 is the
+ canonical spec.

-3. GET a page
+ 2.2 Host
+
+ The host name is usually resolved using DNS or your /etc/hosts file to an IP
+ address and that's what curl will communicate with. Alternatively you specify
+ the IP address directly in the URL instead of a name.
+
+ For development and other trying out situation, you can point out a different
+ IP address for a host name than what would otherwise be used, by using curl's
+ --resolve option:
+
+      curl --resolve www.example.org:80:127.0.0.1 http://www.example.org/
+ 
+ 2.3 Port number
+
+ Each protocol curl supports operate on a default port number, be it over TCP
+ or in some cases UDP. Normally you don't have to take that into
+ consideration, but at times you run test servers on other ports or
+ similar. Then you can specify the port number in the URL with a colon and a
+ number immediately following the host name. Like when doing HTTP to port
+ 1234:
+
+      curl http://www.example.org:1234/
+
+ The port number you specify in the URL is the number that the server uses to
+ offer its services. Sometimes you may use a local proxy, and then you may
+ need to specify that proxy's port number separate on what curl needs to
+ connect to locally. Like when using a HTTP proxy on port 4321:
+
+      curl --proxy http://proxy.example.org:4321 http://remote.example.org/
+
+ 2.4 User name and password
+
+ Some services are setup to require HTTP authentication and then you need to
+ provide name and password which then is transferred to the remote site in
+ various ways depending on the exact authentication protocol used.
+
+ You can opt to either insert the user and password in the URL or you can
+ provide them separately:
+
+      curl http://user:password@example.org/
+
+ or
+
+      curl -u user:password http://example.org/
+
+ You need to pay attention that this kind of HTTP authentication is not what
+ is usually done and requested by user-oriented web sites these days. They
+ tend to use forms and cookies instead.
+
+ 2.5 Path part
+
+ The path part is just sent off to the server to request that it sends back
+ the associated response. The path is what is to the right side of the slash
+ that follows the host name and possibly port number.
+
+
+3. Fetch a page
+
+ 3.1 GET

 The simplest and most common request/operation made using HTTP is to get a
 URL. The URL could itself refer to a web page, an image or a file. The client
@@ -79,10 +210,23 @@ Date:    Jan 19, 2011

 All HTTP replies contain a set of response headers that are normally hidden,
 use curl's --include (-i) option to display them as well as the rest of the
- document. You can also ask the remote server for ONLY the headers by using
- the --head (-I) option (which will make curl issue a HEAD request).
+ document.

-4. Forms
+ 3.2 HEAD
+
+ You can ask the remote server for ONLY the headers by using the --head (-I)
+ option which will make curl issue a HEAD request. In some special cases
+ servers deny the HEAD method while others still work, which is a particular
+ kind of annoyance.
+
+ The HEAD method is defined and made so that the server returns the headers
+ exactly the way it would do for a GET, but without a body. It means that you
+ may see a Content-Length: in the response headers, but there must not be an
+ actual body in the HEAD response.
+
+4. HTML forms
+
+ 4.1 Forms explained

 Forms are the general way a web site can present a HTML page with fields for
 the user to enter data in, and then press some kind of 'OK' or 'submit'
@@ -95,7 +239,7 @@ Date:    Jan 19, 2011
 Of course there has to be some kind of program in the server end to receive
 the data you send. You cannot just invent something out of the air.

- 4.1 GET
+ 4.2 GET

  A GET-form uses the method GET, as specified in HTML like:

@@ -121,7 +265,7 @@ Date:    Jan 19, 2011

        curl "http://www.hotmail.com/when/junk.cgi?birthyear=1905&press=OK"

- 4.2 POST
+ 4.3 POST

  The GET method makes all input field names get displayed in the URL field of
  your browser. That's generally a good thing when you want to be able to
@@ -158,7 +302,7 @@ Date:    Jan 19, 2011

        curl --data-urlencode "name=I am Daniel" http://www.example.com

- 4.3 File Upload POST
+ 4.4 File Upload POST

  Back in late 1995 they defined an additional way to post data over HTTP. It
  is documented in the RFC 1867, why this method sometimes is referred to as
@@ -179,7 +323,7 @@ Date:    Jan 19, 2011

        curl --form upload=@localfilename --form press=OK [URL]

- 4.4 Hidden Fields
+ 4.5 Hidden Fields

  A very common way for HTML based application to pass state information
  between pages is to add hidden fields to the forms. Hidden fields are
@@ -200,7 +344,7 @@ Date:    Jan 19, 2011

        curl --data "birthyear=1905&press=OK&person=daniel" [URL]

- 4.5 Figure Out What A POST Looks Like
+ 4.6 Figure Out What A POST Looks Like

  When you're about fill in a form and send to a server by using curl instead
  of a browser, you're of course very interested in sending a POST exactly the
@@ -213,7 +357,9 @@ Date:    Jan 19, 2011
  You will then clearly see the data get appended to the URL, separated with a
  '?'-letter as GET forms are supposed to.

-5. PUT
+5. HTTP upload
+
+ 5.1 PUT

 The perhaps best way to upload data to a HTTP server is to use PUT. Then
 again, this of course requires that someone put a program or script on the
@@ -225,6 +371,8 @@ Date:    Jan 19, 2011

 6. HTTP Authentication

+ 6.1 Basic Authentication
+
 HTTP Authentication is the ability to tell the server your username and
 password so that it can verify that you're allowed to do the request you're
 doing. The Basic authentication used in HTTP (which is the type curl uses by
@@ -236,10 +384,14 @@ Date:    Jan 19, 2011

        curl --user name:password http://www.example.com

+ 6.2 Other Authentication
+
 The site might require a different authentication method (check the headers
 returned by the server), and then --ntlm, --digest, --negotiate or even
 --anyauth might be options that suit you.

+ 6.3 Proxy Authentication
+
 Sometimes your HTTP access is only available through the use of a HTTP
 proxy. This seems to be especially common at various companies. A HTTP proxy
 may require its own user and password to allow the client to get through to
@@ -253,6 +405,8 @@ Date:    Jan 19, 2011
 If you use any one these user+password options but leave out the password
 part, curl will prompt for the password interactively.

+ 6.4 Hiding credentials
+
 Do note that when a program is run, its parameters might be possible to see
 when listing the running processes of the system. Thus, other users may be
 able to watch your passwords if you pass them as plain command line
@@ -262,7 +416,9 @@ Date:    Jan 19, 2011
 many web sites will not use this concept when they provide logins etc. See
 the Web Login chapter further below for more details on that.

-7. Referer
+7. More HTTP Headers
+
+ 7.1 Referer

 A HTTP request may include a 'referer' field (yes it is misspelled), which
 can be used to tell from which URL the client got to this particular
@@ -276,7 +432,7 @@ Date:    Jan 19, 2011

        curl --referer http://www.example.come http://www.example.com

-8. User Agent
+ 7.2 User Agent

 Very similar to the referer field, all HTTP requests may set the User-Agent
 field. It names what user agent (client) that is being used. Many
@@ -298,7 +454,9 @@ Date:    Jan 19, 2011

  curl --user-agent "Mozilla/4.73 [en] (X11; U; Linux 2.2.15 i686)" [URL]

-9. Redirects
+8. Redirects
+
+ 8.1 Location header

 When a resource is requested from a server, the reply from the server may
 include a hint about where the browser should go next to find this page, or a
@@ -318,7 +476,16 @@ Date:    Jan 19, 2011
 only use POST in the first request, and then revert to GET in the following
 operations.

-10. Cookies
+ 8.2 Other redirects
+
+ Browser typically support at least two other ways of redirects that curl
+ doesn't: first the html may contain a meta refresh tag that asks the browser
+ to load a specific URL after a set number of seconds, or it may use
+ javascript to do it.
+
+9. Cookies
+
+ 9.1 Cookie Basics

 The way the web browsers do "client side state control" is by using
 cookies. Cookies are just names with associated contents. The cookies are
@@ -335,6 +502,8 @@ Date:    Jan 19, 2011
 must be able to record and send back cookies the way the web application
 expects them. The same way browsers deal with them.

+ 9.2 Cookie options
+
 The simplest way to send a few cookies to the server when getting a page with
 curl is to add them on the command line like:

@@ -351,7 +520,7 @@ Date:    Jan 19, 2011

 Curl has a full blown cookie parsing engine built-in that comes to use if you
 want to reconnect to a server and use cookies that were stored from a
- previous connection (or handicrafted manually to fool the server into
+ previous connection (or hand-crafted manually to fool the server into
 believing you had a previous connection). To use previously stored cookies,
 you run curl like:

@@ -366,16 +535,18 @@ Date:    Jan 19, 2011
        curl --cookie nada --location http://www.example.com

 Curl has the ability to read and write cookie files that use the same file
- format that Netscape and Mozilla do. It is a convenient way to share cookies
- between browsers and automatic scripts. The --cookie (-b) switch
- automatically detects if a given file is such a cookie file and parses it,
- and by using the --cookie-jar (-c) option you'll make curl write a new cookie
- file at the end of an operation:
+ format that Netscape and Mozilla once used. It is a convenient way to share
+ cookies between scripts or invokes. The --cookie (-b) switch automatically
+ detects if a given file is such a cookie file and parses it, and by using the
+ --cookie-jar (-c) option you'll make curl write a new cookie file at the end
+ of an operation:

        curl --cookie cookies.txt --cookie-jar newcookies.txt \
        http://www.example.com

-11. HTTPS
+10. HTTPS
+
+ 10.1 HTTPS is HTTP secure

 There are a few ways to do secure HTTP transfers. The by far most common
 protocol for doing this is what is generally known as HTTPS, HTTP over
@@ -391,7 +562,7 @@ Date:    Jan 19, 2011

        curl https://secure.example.com

- 11.1 Certificates
+ 10.2 Certificates

  In the HTTPS world, you use certificates to validate that you are the one
  you claim to be, as an addition to normal passwords. Curl supports client-
@@ -413,7 +584,9 @@ Date:    Jan 19, 2011

        http://curl.haxx.se/docs/sslcerts.html

-12. Custom Request Elements
+11. Custom Request Elements
+
+11.1 Modify method and headers

 Doing fancy stuff, you may need to add or change elements of a single curl
 request.
@@ -434,7 +607,26 @@ Date:    Jan 19, 2011

        curl --header "Destination: http://nowhere" http://example.com

-13. Web Login
+ 11.2 More on changed methods
+
+ It should be noted that curl selects which methods to use on its own
+ depending on what action to ask for. -d will do POST, -I will do HEAD and so
+ on. If you use the --request / -X option you can change the method keyword
+ curl selects, but you will not modify curl's behavior. This means that if you
+ for example use -d "data" to do a POST, you can modify the method to a
+ PROPFIND with -X and curl will still think it sends a POST. You can change
+ the normal GET to a POST method by simply adding -X POST in a command line
+ like:
+
+        curl -X POST http://example.org/
+
+ ... but curl will still think and act as if it sent a GET so it won't send any
+ request body etc.
+
+
+12. Web Login
+
+ 12.1 Some login tricks

 While not strictly just HTTP related, it still cause a lot of people problems
 so here's the executive run-down of how the vast majority of all login forms
@@ -453,7 +645,7 @@ Date:    Jan 19, 2011
 sometimes they use such code to set or modify cookie contents. Possibly they
 do that to prevent programmed logins, like this manual describes how to...
 Anyway, if reading the code isn't enough to let you repeat the behavior
- manually, capturing the HTTP requests done by your browers and analyzing the
+ manually, capturing the HTTP requests done by your browsers and analyzing the
 sent cookies is usually a working method to work out how to shortcut the
 javascript need.

@@ -463,7 +655,9 @@ Date:    Jan 19, 2011
 to do a proper login POST. Remember that the contents need to be URL encoded
 when sent in a normal POST.

-14. Debug
+13. Debug
+
+ 13.1 Some debug tricks

 Many times when you run curl on a site, you'll notice that the site doesn't
 seem to respond the same way to your curl requests as it does to your
@@ -483,25 +677,30 @@ Date:    Jan 19, 2011
 * Set referer like it is set by the browser

 * If you use POST, make sure you send all the fields and in the same order as
-   the browser does it. (See chapter 4.5 above)
+ the browser does it.

 A very good helper to make sure you do this right, is the LiveHTTPHeader tool
 that lets you view all headers you send and receive with Mozilla/Firefox
- (even when using HTTPS).
+ (even when using HTTPS). Chrome features similar functionality out of the box
+ among the developer's tools.

 A more raw approach is to capture the HTTP traffic on the network with tools
 such as ethereal or tcpdump and check what headers that were sent and
 received by the browser. (HTTPS makes this technique inefficient.)

-15. References
+14. References
+
+ 14.1 Standards

 RFC 2616 is a must to read if you want in-depth understanding of the HTTP
- protocol.
+ protocol

- RFC 3986 explains the URL syntax.
+ RFC 3986 explains the URL syntax

- RFC 2109 defines how cookies are supposed to work.
+ RFC 1867 defines the HTTP post upload format

- RFC 1867 defines the HTTP post upload format.
+ RFC 6525 defines how HTTP cookies work
+
+ 14.2 Sites

 http://curl.haxx.se is the home of the cURL project
--- a/docs/curl.1
+++ b/docs/curl.1
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -124,18 +124,38 @@ same command line option.)
 .IP "-#, --progress-bar"
 Make curl display progress as a simple progress bar instead of the standard,
 more informational, meter.
+.IP "-:, --next"
+Tells curl to use a separate operation for the following URL and associated
+options. This allows you to send several URL requests, each with their own
+specific options, for example, such as different user names or custom requests
+for each. (Added in 7.36.0)
 .IP "-0, --http1.0"
 (HTTP) Tells curl to use HTTP version 1.0 instead of using its internally
 preferred: HTTP 1.1.
 .IP "--http1.1"
 (HTTP) Tells curl to use HTTP version 1.1. This is the internal default
 version. (Added in 7.33.0)
-.IP "--http2.0"
-(HTTP) Tells curl to issue its requests using HTTP 2.0. This requires that the
+.IP "--http2"
+(HTTP) Tells curl to issue its requests using HTTP 2. This requires that the
 underlying libcurl was built to support it. (Added in 7.33.0)
+.IP "--no-npn"
+Disable the NPN TLS extension. NPN is enabled by default if libcurl was built
+with an SSL library that supports NPN. NPN is used by a libcurl that supports
+HTTP 2 to negotiate HTTP 2 support with the server during https sessions.
+
+(Added in 7.36.0)
+.IP "--no-alpn"
+Disable the ALPN TLS extension. ALPN is enabled by default if libcurl was built
+with an SSL library that supports ALPN. ALPN is used by a libcurl that supports
+HTTP 2 to negotiate HTTP 2 support with the server during https sessions.
+
+(Added in 7.36.0)
 .IP "-1, --tlsv1"
 (SSL)
-Forces curl to use TLS version 1 when negotiating with a remote TLS server.
+Forces curl to use TLS version 1.x when negotiating with a remote TLS server.
+You can use options \fI--tlsv1.0\fP, \fI--tlsv1.1\fP, and \fI--tlsv1.2\fP to
+control the TLS version more precisely (if the SSL backend in use supports such
+a level of control).
 .IP "-2, --sslv2"
 (SSL)
 Forces curl to use SSL version 2 when negotiating with a remote SSL server.
@@ -287,11 +307,11 @@ data pieces specified will be merged together with a separating
 chunk that looks like \&'name=daniel&skill=lousy'.

 If you start the data with the letter @, the rest should be a file name to
-read the data from, or - if you want curl to read the data from stdin.  The
-contents of the file must already be URL-encoded. Multiple files can also be
-specified. Posting data from a file named 'foobar' would thus be done with
-\fI--data\fP @foobar. When --data is told to read from a file like that,
-carriage returns and newlines will be stripped out.
+read the data from, or - if you want curl to read the data from
+stdin. Multiple files can also be specified. Posting data from a file
+named 'foobar' would thus be done with \fI--data\fP @foobar. When --data is
+told to read from a file like that, carriage returns and newlines will be
+stripped out.
 .IP "-D, --dump-header <file>"
 Write the protocol headers to the specified file.

@@ -422,7 +442,7 @@ This option requires that libcurl was built with a resolver backend that
 supports this operation. The c-ares backend is the only such one.  (Added in
 7.33.0)
 .IP "-e, --referer <URL>"
-(HTTP) Sends the "Referer Page" information to the HTTP server. This can also
+(HTTP) Sends the "Referrer Page" information to the HTTP server. This can also
 be set with the \fI-H, --header\fP flag of course.  When used with
 \fI-L, --location\fP you can append ";auto" to the --referer URL to make curl
 automatically set the previous URL when it follows a Location: header. The
@@ -1404,7 +1424,7 @@ option name can still be used but will be removed in a future version.
 .IP "--ssl-allow-beast"
 (SSL) This option tells curl to not work around a security flaw in the SSL3
 and TLS1.0 protocols known as BEAST.  If this option isn't used, the SSL layer
-may use work-arounds known to cause interoperability problems with some older
+may use workarounds known to cause interoperability problems with some older
 SSL implementations. WARNING: this option loosens the SSL security, and by
 using this flag you ask for exactly that.  (Added in 7.25.0)
 .IP "--socks4 <host[:port]>"
@@ -1581,7 +1601,7 @@ will prompt for a password.

 If you use an SSPI-enabled curl binary and perform NTLM authentication, you
 can force curl to select the user name and password from your environment by
-simply specifying a single colon with this option: "-u :" or by specfying the
+simply specifying a single colon with this option: "-u :" or by specifying the
 login options on their own, for example "-u ;auth=NTLM".

 You can use the optional login options part to specify protocol specific
@@ -1803,7 +1823,7 @@ Specifies a custom POP3 command to use instead of LIST or RETR. (Added in
 7.26.0)

 (IMAP)
-Specifies a custom IMAP command to use insead of LIST. (Added in 7.30.0)
+Specifies a custom IMAP command to use instead of LIST. (Added in 7.30.0)

 (SMTP)
 Specifies a custom SMTP command to use instead of HELP or VRFY. (Added in 7.34.0)
--- a/docs/examples/.gitignore
+++ b/docs/examples/.gitignore
@@ -20,15 +20,39 @@ httpcustomheader
 httpput
 https
 imap
+imap-append
+imap-copy
+imap-create
+imap-delete
+imap-examine
+imap-fetch
+imap-list
+imap-multi
+imap-noop
+imap-search
+imap-ssl
+imap-store
+imap-tls
 multi-app
 multi-debugcallback
 multi-double
 multi-post
 multi-single
 persistant
+pop3-dele
+pop3-list
+pop3-multi
+pop3-noop
+pop3-retr
+pop3-ssl
+pop3-stat
+pop3-tls
+pop3-top
+pop3-uidl
 pop3s
 pop3slist
 post-callback
+postinmemory
 postit2
 progressfunc
 resolve
@@ -40,8 +64,12 @@ simple
 simplepost
 simplesmtp
 simplessl
+smtp-expn
+smtp-mail
 smtp-multi
+smtp-ssl
 smtp-tls
+smtp-vrfy
 url2file
 usercertinmem
 xmlstream
--- a/docs/examples/Makefile.inc
+++ b/docs/examples/Makefile.inc
@@ -4,8 +4,12 @@ check_PROGRAMS = 10-at-a-time anyauthput cookie_interface debug fileupload \
  https multi-app multi-debugcallback multi-double multi-post multi-single \
  persistant post-callback postit2 sepheaders simple simplepost simplessl  \
  sendrecv httpcustomheader certinfo chkspeed ftpgetinfo ftp-wildcard \
-  smtp-multi simplesmtp smtp-tls rtsp externalsocket resolve \
-  progressfunc pop3s pop3slist imap url2file sftpget ftpsget postinmemory
+  smtp-mail smtp-multi smtp-ssl smtp-tls smtp-vrfy smtp-expn rtsp \
+  externalsocket resolve progressfunc pop3-retr pop3-list pop3-uidl pop3-dele \
+  pop3-top pop3-stat pop3-noop pop3-ssl pop3-tls pop3-multi imap-list \
+  imap-lsub imap-fetch imap-store imap-append imap-examine imap-search \
+  imap-create imap-delete imap-copy imap-noop imap-ssl imap-tls imap-multi \
+  url2file sftpget ftpsget postinmemory

 # These examples require external dependencies that may not be commonly
 # available on POSIX systems, so don't bother attempting to compile them here.
--- a/docs/examples/evhiperfifo.c
+++ b/docs/examples/evhiperfifo.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -133,7 +133,6 @@ static void mcode_or_die(const char *where, CURLMcode code)
    const char *s;
    switch ( code )
    {
-    case CURLM_CALL_MULTI_PERFORM: s="CURLM_CALL_MULTI_PERFORM"; break;
    case CURLM_BAD_HANDLE:         s="CURLM_BAD_HANDLE";         break;
    case CURLM_BAD_EASY_HANDLE:    s="CURLM_BAD_EASY_HANDLE";    break;
    case CURLM_OUT_OF_MEMORY:      s="CURLM_OUT_OF_MEMORY";      break;
--- a/docs/examples/ghiper.c
+++ b/docs/examples/ghiper.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -104,7 +104,6 @@ static void mcode_or_die(const char *where, CURLMcode code) {
  if ( CURLM_OK != code ) {
    const char *s;
    switch (code) {
-      case     CURLM_CALL_MULTI_PERFORM: s="CURLM_CALL_MULTI_PERFORM"; break;
      case     CURLM_BAD_HANDLE:         s="CURLM_BAD_HANDLE";         break;
      case     CURLM_BAD_EASY_HANDLE:    s="CURLM_BAD_EASY_HANDLE";    break;
      case     CURLM_OUT_OF_MEMORY:      s="CURLM_OUT_OF_MEMORY";      break;
--- a/docs/examples/hiperfifo.c
+++ b/docs/examples/hiperfifo.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -125,7 +125,6 @@ static void mcode_or_die(const char *where, CURLMcode code)
  if ( CURLM_OK != code ) {
    const char *s;
    switch (code) {
-      case     CURLM_CALL_MULTI_PERFORM: s="CURLM_CALL_MULTI_PERFORM"; break;
      case     CURLM_BAD_HANDLE:         s="CURLM_BAD_HANDLE";         break;
      case     CURLM_BAD_EASY_HANDLE:    s="CURLM_BAD_EASY_HANDLE";    break;
      case     CURLM_OUT_OF_MEMORY:      s="CURLM_OUT_OF_MEMORY";      break;
--- a/docs/examples/imap-append.c
+++ b/docs/examples/imap-append.c
@@ -0,0 +1,115 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include <stdio.h>
+#include <curl/curl.h>
+
+/* This is a simple example showing how to send mail using libcurl's IMAP
+ * capabilities.
+ *
+ * Note that this example requires libcurl 7.30.0 or above.
+ */
+
+#define FROM    "<sender@example.org>"
+#define TO      "<addressee@example.net>"
+#define CC      "<info@example.org>"
+
+static const char *payload_text[] = {
+  "Date: Mon, 29 Nov 2010 21:54:29 +1100\r\n",
+  "To: " TO "\r\n",
+  "From: " FROM "(Example User)\r\n",
+  "Cc: " CC "(Another example User)\r\n",
+  "Message-ID: <dcd7cb36-11db-487a-9f3a-e652a9458efd@rfcpedant.example.org>\r\n",
+  "Subject: IMAP example message\r\n",
+  "\r\n", /* empty line to divide headers from body, see RFC5322 */
+  "The body of the message starts here.\r\n",
+  "\r\n",
+  "It could be a lot of lines, could be MIME encoded, whatever.\r\n",
+  "Check RFC5322.\r\n",
+  NULL
+};
+
+struct upload_status {
+  int lines_read;
+};
+
+static size_t payload_source(void *ptr, size_t size, size_t nmemb, void *userp)
+{
+  struct upload_status *upload_ctx = (struct upload_status *)userp;
+  const char *data;
+
+  if((size == 0) || (nmemb == 0) || ((size*nmemb) < 1)) {
+    return 0;
+  }
+
+  data = payload_text[upload_ctx->lines_read];
+
+  if(data) {
+    size_t len = strlen(data);
+    memcpy(ptr, data, len);
+    upload_ctx->lines_read++;
+
+    return len;
+  }
+
+  return 0;
+}
+
+int main(void)
+{
+  CURL *curl;
+  CURLcode res = CURLE_OK;
+  struct upload_status upload_ctx;
+
+  upload_ctx.lines_read = 0;
+
+  curl = curl_easy_init();
+  if(curl) {
+    /* Set username and password */
+    curl_easy_setopt(curl, CURLOPT_USERNAME, "user");
+    curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");
+
+    /* This will create a new message 100. Note that you should perform an
+     * EXAMINE command to obtain the UID of the next message to create and a
+     * SELECT to ensure you are creating the message in the OUTBOX. */
+    curl_easy_setopt(curl, CURLOPT_URL, "imap://imap.example.com/100");
+
+    /* In this case, we're using a callback function to specify the data. You
+     * could just use the CURLOPT_READDATA option to specify a FILE pointer to
+     * read from. */
+    curl_easy_setopt(curl, CURLOPT_READFUNCTION, payload_source);
+    curl_easy_setopt(curl, CURLOPT_READDATA, &upload_ctx);
+    curl_easy_setopt(curl, CURLOPT_UPLOAD, 1L);
+
+    /* Perform the append */
+    res = curl_easy_perform(curl);
+
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));
+
+    /* Always cleanup */
+    curl_easy_cleanup(curl);
+  }
+
+  return (int)res;
+}
--- a/docs/examples/imap-copy.c
+++ b/docs/examples/imap-copy.c
@@ -0,0 +1,65 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include <stdio.h>
+#include <curl/curl.h>
+
+/* This is a simple example showing how to copy a mail from one mailbox folder
+ * to another using libcurl's IMAP capabilities.
+ *
+ * Note that this example requires libcurl 7.30.0 or above.
+ */
+
+int main(void)
+{
+  CURL *curl;
+  CURLcode res = CURLE_OK;
+
+  curl = curl_easy_init();
+  if(curl) {
+    /* Set username and password */
+    curl_easy_setopt(curl, CURLOPT_USERNAME, "user");
+    curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");
+
+    /* This is source mailbox folder to select */
+    curl_easy_setopt(curl, CURLOPT_URL, "imap://imap.example.com/INBOX");
+
+    /* Set the COPY command specifing the message ID and destination folder */
+    curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "COPY 1 FOLDER");
+
+    /* Note that to perform a move operation you will need to perform the copy,
+     * then mark the original mail as Deleted and EXPUNGE or CLOSE. Please see
+     * imap-store.c for more information on deleting messages. */
+
+    /* Perform the custom request */
+    res = curl_easy_perform(curl);
+
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));
+
+    /* Always cleanup */
+    curl_easy_cleanup(curl);
+  }
+
+  return (int)res;
+}
--- a/docs/examples/imap-create.c
+++ b/docs/examples/imap-create.c
@@ -0,0 +1,61 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include <stdio.h>
+#include <curl/curl.h>
+
+/* This is a simple example showing how to create a new mailbox folder using
+ * libcurl's IMAP capabilities.
+ *
+ * Note that this example requires libcurl 7.30.0 or above.
+ */
+
+int main(void)
+{
+  CURL *curl;
+  CURLcode res = CURLE_OK;
+
+  curl = curl_easy_init();
+  if(curl) {
+    /* Set username and password */
+    curl_easy_setopt(curl, CURLOPT_USERNAME, "user");
+    curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");
+
+    /* This is just the server URL */
+    curl_easy_setopt(curl, CURLOPT_URL, "imap://imap.example.com");
+
+    /* Set the CREATE command specifing the new folder name */
+    curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "CREATE FOLDER");
+
+    /* Perform the custom request */
+    res = curl_easy_perform(curl);
+
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));
+
+    /* Always cleanup */
+    curl_easy_cleanup(curl);
+  }
+
+  return (int)res;
+}
--- a/docs/examples/imap-delete.c
+++ b/docs/examples/imap-delete.c
@@ -0,0 +1,61 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include <stdio.h>
+#include <curl/curl.h>
+
+/* This is a simple example showing how to delete an existing mailbox folder
+ * using libcurl's IMAP capabilities.
+ *
+ * Note that this example requires libcurl 7.30.0 or above.
+ */
+
+int main(void)
+{
+  CURL *curl;
+  CURLcode res = CURLE_OK;
+
+  curl = curl_easy_init();
+  if(curl) {
+    /* Set username and password */
+    curl_easy_setopt(curl, CURLOPT_USERNAME, "user");
+    curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");
+
+    /* This is just the server URL */
+    curl_easy_setopt(curl, CURLOPT_URL, "imap://imap.example.com");
+
+    /* Set the DELETE command specifing the existing folder */
+    curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "DELETE FOLDER");
+
+    /* Perform the custom request */
+    res = curl_easy_perform(curl);
+
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));
+
+    /* Always cleanup */
+    curl_easy_cleanup(curl);
+  }
+
+  return (int)res;
+}
--- a/docs/examples/imap-examine.c
+++ b/docs/examples/imap-examine.c
@@ -0,0 +1,61 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include <stdio.h>
+#include <curl/curl.h>
+
+/* This is a simple example showing how to obtain information about a mailbox
+ * folder using libcurl's IMAP capabilities via the EXAMINE command.
+ *
+ * Note that this example requires libcurl 7.30.0 or above.
+ */
+
+int main(void)
+{
+  CURL *curl;
+  CURLcode res = CURLE_OK;
+
+  curl = curl_easy_init();
+  if(curl) {
+    /* Set username and password */
+    curl_easy_setopt(curl, CURLOPT_USERNAME, "user");
+    curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");
+
+    /* This is just the server URL */
+    curl_easy_setopt(curl, CURLOPT_URL, "imap://imap.example.com");
+
+    /* Set the EXAMINE command specifing the mailbox folder */
+    curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "EXAMINE OUTBOX");
+
+    /* Perform the custom request */
+    res = curl_easy_perform(curl);
+
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));
+
+    /* Always cleanup */
+    curl_easy_cleanup(curl);
+  }
+
+  return (int)res;
+}
--- a/docs/examples/imap-fetch.c
+++ b/docs/examples/imap-fetch.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -22,6 +22,12 @@
 #include <stdio.h>
 #include <curl/curl.h>

+/* This is a simple example showing how to fetch mail using libcurl's IMAP
+ * capabilities.
+ *
+ * Note that this example requires libcurl 7.30.0 or above.
+ */
+
 int main(void)
 {
  CURL *curl;
@@ -30,15 +36,23 @@ int main(void)
  curl = curl_easy_init();
  if(curl) {
    /* Set username and password */
-    curl_easy_setopt(curl, CURLOPT_USERPWD, "user:password");
+    curl_easy_setopt(curl, CURLOPT_USERNAME, "user");
+    curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");

-    /* This will fetch the mailbox named "foobar" */
-    curl_easy_setopt(curl, CURLOPT_URL, "imap://imap.example.com/foobar");
+    /* This will fetch message 1 from the user's inbox */
+    curl_easy_setopt(curl, CURLOPT_URL, "imap://imap.example.com/INBOX/;UID=1");

+    /* Perform the fetch */
    res = curl_easy_perform(curl);

-    /* always cleanup */
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));
+
+    /* Always cleanup */
    curl_easy_cleanup(curl);
  }
+
  return (int)res;
 }
--- a/docs/examples/imap-list.c
+++ b/docs/examples/imap-list.c
@@ -0,0 +1,60 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include <stdio.h>
+#include <curl/curl.h>
+
+/* This is a simple example showing how to list the folders within an IMAP
+ * mailbox.
+ *
+ * Note that this example requires libcurl 7.30.0 or above.
+ */
+
+int main(void)
+{
+  CURL *curl;
+  CURLcode res = CURLE_OK;
+
+  curl = curl_easy_init();
+  if(curl) {
+    /* Set username and password */
+    curl_easy_setopt(curl, CURLOPT_USERNAME, "user");
+    curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");
+
+    /* This will list the folders within the user's mailbox. If you want to
+     * list the folders within a specific folder, for example the inbox, then
+     * specify the folder as a path in the URL such as /INBOX */
+    curl_easy_setopt(curl, CURLOPT_URL, "imap://imap.example.com");
+
+    /* Perform the list */
+    res = curl_easy_perform(curl);
+
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));
+
+    /* Always cleanup */
+    curl_easy_cleanup(curl);
+  }
+
+  return (int)res;
+}
--- a/docs/examples/imap-lsub.c
+++ b/docs/examples/imap-lsub.c
@@ -0,0 +1,62 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include <stdio.h>
+#include <curl/curl.h>
+
+/* This is a simple example showing how to list the subscribed folders within
+ * an IMAP mailbox.
+ *
+ * Note that this example requires libcurl 7.30.0 or above.
+ */
+
+int main(void)
+{
+  CURL *curl;
+  CURLcode res = CURLE_OK;
+
+  curl = curl_easy_init();
+  if(curl) {
+    /* Set username and password */
+    curl_easy_setopt(curl, CURLOPT_USERNAME, "user");
+    curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");
+
+    /* This is just the server URL */
+    curl_easy_setopt(curl, CURLOPT_URL, "imap://imap.example.com");
+
+    /* Set the LSUB command. Note the syntax is very similar to that of a LIST
+       command. */
+    curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "LSUB \"\" *");
+
+    /* Perform the custom request */
+    res = curl_easy_perform(curl);
+
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));
+
+    /* Always cleanup */
+    curl_easy_cleanup(curl);
+  }
+
+  return (int)res;
+}
--- a/docs/examples/imap-multi.c
+++ b/docs/examples/imap-multi.c
@@ -0,0 +1,145 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include <stdio.h>
+#include <curl/curl.h>
+
+/* This is a simple example showing how to fetch mail using libcurl's IMAP
+ * capabilities. It builds on the imap-fetch.c example to demonstrate how to
+ * use libcurl's multi interface.
+ *
+ * Note that this example requires libcurl 7.30.0 or above.
+ */
+
+#define MULTI_PERFORM_HANG_TIMEOUT 60 * 1000
+
+static struct timeval tvnow(void)
+{
+  struct timeval now;
+
+  /* time() returns the value of time in seconds since the epoch */
+  now.tv_sec = (long)time(NULL);
+  now.tv_usec = 0;
+
+  return now;
+}
+
+static long tvdiff(struct timeval newer, struct timeval older)
+{
+  return (newer.tv_sec - older.tv_sec) * 1000 +
+    (newer.tv_usec - older.tv_usec) / 1000;
+}
+
+int main(void)
+{
+  CURL *curl;
+  CURLM *mcurl;
+  int still_running = 1;
+  struct timeval mp_start;
+
+  curl_global_init(CURL_GLOBAL_DEFAULT);
+
+  curl = curl_easy_init();
+  if(!curl)
+    return 1;
+
+  mcurl = curl_multi_init();
+  if(!mcurl)
+    return 2;
+
+  /* Set username and password */
+  curl_easy_setopt(curl, CURLOPT_USERNAME, "user");
+  curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");
+
+  /* This will fetch message 1 from the user's inbox */
+  curl_easy_setopt(curl, CURLOPT_URL, "imap://imap.example.com/INBOX/;UID=1");
+
+  /* Tell the multi stack about our easy handle */
+  curl_multi_add_handle(mcurl, curl);
+
+  /* Record the start time which we can use later */
+  mp_start = tvnow();
+
+  /* We start some action by calling perform right away */
+  curl_multi_perform(mcurl, &still_running);
+
+  while(still_running) {
+    struct timeval timeout;
+    fd_set fdread;
+    fd_set fdwrite;
+    fd_set fdexcep;
+    int maxfd = -1;
+    int rc;
+
+    long curl_timeo = -1;
+
+    /* Initialise the file descriptors */
+    FD_ZERO(&fdread);
+    FD_ZERO(&fdwrite);
+    FD_ZERO(&fdexcep);
+
+    /* Set a suitable timeout to play around with */
+    timeout.tv_sec = 1;
+    timeout.tv_usec = 0;
+
+    curl_multi_timeout(mcurl, &curl_timeo);
+    if(curl_timeo >= 0) {
+      timeout.tv_sec = curl_timeo / 1000;
+      if(timeout.tv_sec > 1)
+        timeout.tv_sec = 1;
+      else
+        timeout.tv_usec = (curl_timeo % 1000) * 1000;
+    }
+
+    /* Get file descriptors from the transfers */
+    curl_multi_fdset(mcurl, &fdread, &fdwrite, &fdexcep, &maxfd);
+
+    /* In a real-world program you OF COURSE check the return code of the
+       function calls.  On success, the value of maxfd is guaranteed to be
+       greater or equal than -1.  We call select(maxfd + 1, ...), specially in
+       case of (maxfd == -1), we call select(0, ...), which is basically equal
+       to sleep. */
+    rc = select(maxfd + 1, &fdread, &fdwrite, &fdexcep, &timeout);
+
+    if(tvdiff(tvnow(), mp_start) > MULTI_PERFORM_HANG_TIMEOUT) {
+      fprintf(stderr,
+              "ABORTING: Since it seems that we would have run forever.\n");
+      break;
+    }
+
+    switch(rc) {
+    case -1:  /* select error */
+      break;
+    case 0:   /* timeout */
+    default:  /* action */
+      curl_multi_perform(mcurl, &still_running);
+      break;
+    }
+  }
+
+  /* Always cleanup */
+  curl_multi_remove_handle(mcurl, curl);
+  curl_multi_cleanup(mcurl);
+  curl_easy_cleanup(curl);
+  curl_global_cleanup();
+
+  return 0;
+}
--- a/docs/examples/imap-noop.c
+++ b/docs/examples/imap-noop.c
@@ -0,0 +1,61 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include <stdio.h>
+#include <curl/curl.h>
+
+/* This is a simple example showing how to perform a noop using libcurl's IMAP
+ * capabilities.
+ *
+ * Note that this example requires libcurl 7.30.0 or above.
+ */
+
+int main(void)
+{
+  CURL *curl;
+  CURLcode res = CURLE_OK;
+
+  curl = curl_easy_init();
+  if(curl) {
+    /* Set username and password */
+    curl_easy_setopt(curl, CURLOPT_USERNAME, "user");
+    curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");
+
+    /* This is just the server URL */
+    curl_easy_setopt(curl, CURLOPT_URL, "imap://imap.example.com");
+
+    /* Set the NOOP command */
+    curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "NOOP");
+
+    /* Perform the custom request */
+    res = curl_easy_perform(curl);
+
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));
+
+    /* Always cleanup */
+    curl_easy_cleanup(curl);
+  }
+
+  return (int)res;
+}
--- a/docs/examples/imap-search.c
+++ b/docs/examples/imap-search.c
@@ -0,0 +1,65 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include <stdio.h>
+#include <curl/curl.h>
+
+/* This is a simple example showing how to search for new messages using
+ * libcurl's IMAP capabilities.
+ *
+ * Note that this example requires libcurl 7.30.0 or above.
+ */
+
+int main(void)
+{
+  CURL *curl;
+  CURLcode res = CURLE_OK;
+
+  curl = curl_easy_init();
+  if(curl) {
+    /* Set username and password */
+    curl_easy_setopt(curl, CURLOPT_USERNAME, "user");
+    curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");
+
+    /* This is mailbox folder to select */
+    curl_easy_setopt(curl, CURLOPT_URL, "imap://imap.example.com/INBOX");
+
+    /* Set the SEARCH command specifing what we want to search for. Note that
+     * this can contain a message sequence set and a number of search criteria
+     * keywords including flags such as ANSWERED, DELETED, DRAFT, FLAGGED, NEW,
+     * RECENT and SEEN. For more information about the search criteria please
+     * see RFC-3501 section 6.4.4.   */
+    curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "SEARCH NEW");
+
+    /* Perform the custom request */
+    res = curl_easy_perform(curl);
+
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));
+
+    /* Always cleanup */
+    curl_easy_cleanup(curl);
+  }
+
+  return (int)res;
+}
--- a/docs/examples/pop3slist.c
+++ b/docs/examples/pop3slist.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -22,52 +22,64 @@
 #include <stdio.h>
 #include <curl/curl.h>

+/* This is a simple example showing how to fetch mail using libcurl's IMAP
+ * capabilities. It builds on the imap-fetch.c example adding transport
+ * security to protect the authentication details from being snooped.
+ *
+ * Note that this example requires libcurl 7.30.0 or above.
+ */
+
 int main(void)
 {
  CURL *curl;
-  CURLcode res;
+  CURLcode res = CURLE_OK;

  curl = curl_easy_init();
  if(curl) {
    /* Set username and password */
-    curl_easy_setopt(curl, CURLOPT_USERPWD, "user:password");
+    curl_easy_setopt(curl, CURLOPT_USERNAME, "user");
+    curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");

-    /* This will list every message of the given mailbox */
-    curl_easy_setopt(curl, CURLOPT_URL, "pop3s://user@pop.example.com/");
+    /* This will fetch message 1 from the user's inbox. Note the use of
+    * imaps:// rather than imap:// to request a SSL based connection. */
+    curl_easy_setopt(curl, CURLOPT_URL, "imaps://imap.example.com/INBOX/;UID=1");

-#ifdef SKIP_PEER_VERIFICATION
-    /*
-     * If you want to connect to a site who isn't using a certificate that is
+    /* If you want to connect to a site who isn't using a certificate that is
     * signed by one of the certs in the CA bundle you have, you can skip the
     * verification of the server's certificate. This makes the connection
     * A LOT LESS SECURE.
     *
     * If you have a CA cert for the server stored someplace else than in the
     * default bundle, then the CURLOPT_CAPATH option might come handy for
-     * you.
-     */
+     * you. */
+#ifdef SKIP_PEER_VERIFICATION
    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
 #endif

-#ifdef SKIP_HOSTNAME_VERFICATION
-    /*
-     * If the site you're connecting to uses a different host name that what
+    /* If the site you're connecting to uses a different host name that what
     * they have mentioned in their server certificate's commonName (or
     * subjectAltName) fields, libcurl will refuse to connect. You can skip
-     * this check, but this will make the connection less secure.
-     */
+     * this check, but this will make the connection less secure. */
+#ifdef SKIP_HOSTNAME_VERFICATION
    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
 #endif

-    /* Perform the request, res will get the return code */
+    /* Since the traffic will be encrypted, it is very useful to turn on debug
+     * information within libcurl to see what is happening during the
+     * transfer */
+    curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
+
+    /* Perform the fetch */
    res = curl_easy_perform(curl);
+
    /* Check for errors */
    if(res != CURLE_OK)
      fprintf(stderr, "curl_easy_perform() failed: %s\n",
              curl_easy_strerror(res));

-    /* always cleanup */
+    /* Always cleanup */
    curl_easy_cleanup(curl);
  }
-  return 0;
+
+  return (int)res;
 }
--- a/docs/examples/imap-store.c
+++ b/docs/examples/imap-store.c
@@ -0,0 +1,76 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include <stdio.h>
+#include <curl/curl.h>
+
+/* This is a simple example showing how to modify an existing mail using
+ * libcurl's IMAP capabilities with the STORE command.
+ *
+ * Note that this example requires libcurl 7.30.0 or above.
+ */
+
+int main(void)
+{
+  CURL *curl;
+  CURLcode res = CURLE_OK;
+
+  curl = curl_easy_init();
+  if(curl) {
+    /* Set username and password */
+    curl_easy_setopt(curl, CURLOPT_USERNAME, "user");
+    curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");
+
+    /* This is the mailbox folder to select */
+    curl_easy_setopt(curl, CURLOPT_URL, "imap://imap.example.com/INBOX");
+
+    /* Set the STORE command with the Deleted flag for message 1. Note that
+     * you can use the STORE command to set other flags such as Seen, Answered,
+     * Flagged, Draft and Recent. */
+    curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "STORE 1 +Flags \\Deleted");
+
+    /* Perform the custom request */
+    res = curl_easy_perform(curl);
+
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));
+    else {
+      /* Set the EXPUNGE command, although you can use the CLOSE command if you
+       * don't want to know the result of the STORE */
+      curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "EXPUNGE");
+
+      /* Perform the second custom request */
+      res = curl_easy_perform(curl);
+
+      /* Check for errors */
+      if(res != CURLE_OK)
+        fprintf(stderr, "curl_easy_perform() failed: %s\n",
+                curl_easy_strerror(res));
+    }
+
+    /* Always cleanup */
+    curl_easy_cleanup(curl);
+  }
+
+  return (int)res;
+}
--- a/docs/examples/imap-tls.c
+++ b/docs/examples/imap-tls.c
@@ -0,0 +1,84 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include <stdio.h>
+#include <curl/curl.h>
+
+/* This is a simple example showing how to fetch mail using libcurl's IMAP
+ * capabilities. It builds on the imap-fetch.c example adding transport
+ * security to protect the authentication details from being snooped.
+ *
+ * Note that this example requires libcurl 7.30.0 or above.
+ */
+
+int main(void)
+{
+  CURL *curl;
+  CURLcode res = CURLE_OK;
+
+  curl = curl_easy_init();
+  if(curl) {
+    /* Set username and password */
+    curl_easy_setopt(curl, CURLOPT_USERNAME, "user");
+    curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");
+
+    /* This will fetch message 1 from the user's inbox */
+    curl_easy_setopt(curl, CURLOPT_URL, "imap://imap.example.com/INBOX/;UID=1");
+
+    /* In this example, we'll start with a plain text connection, and upgrade
+     * to Transport Layer Security (TLS) using the STARTTLS command. Be careful
+     * of using CURLUSESSL_TRY here, because if TLS upgrade fails, the transfer
+     * will continue anyway - see the security discussion in the libcurl
+     * tutorial for more details. */
+    curl_easy_setopt(curl, CURLOPT_USE_SSL, (long)CURLUSESSL_ALL);
+
+    /* If your server doesn't have a valid certificate, then you can disable
+     * part of the Transport Layer Security protection by setting the
+     * CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST options to 0 (false).
+     *   curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
+     *   curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
+     * That is, in general, a bad idea. It is still better than sending your
+     * authentication details in plain text though.
+     * Instead, you should get the issuer certificate (or the host certificate
+     * if the certificate is self-signed) and add it to the set of certificates
+     * that are known to libcurl using CURLOPT_CAINFO and/or CURLOPT_CAPATH. See
+     * docs/SSLCERTS for more information. */
+    curl_easy_setopt(curl, CURLOPT_CAINFO, "/path/to/certificate.pem");
+
+    /* Since the traffic will be encrypted, it is very useful to turn on debug
+     * information within libcurl to see what is happening during the
+     * transfer */
+    curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
+
+    /* Perform the fetch */
+    res = curl_easy_perform(curl);
+
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));
+
+    /* Always cleanup */
+    curl_easy_cleanup(curl);
+  }
+
+  return (int)res;
+}
--- a/docs/examples/pop3-dele.c
+++ b/docs/examples/pop3-dele.c
@@ -0,0 +1,64 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include <stdio.h>
+#include <curl/curl.h>
+
+/* This is a simple example showing how to delete an existing mail using
+ * libcurl's POP3 capabilities.
+ *
+ * Note that this example requires libcurl 7.26.0 or above.
+ */
+
+int main(void)
+{
+  CURL *curl;
+  CURLcode res = CURLE_OK;
+
+  curl = curl_easy_init();
+  if(curl) {
+    /* Set username and password */
+    curl_easy_setopt(curl, CURLOPT_USERNAME, "user");
+    curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");
+
+    /* You can specify the message either in the URL or DELE command */
+    curl_easy_setopt(curl, CURLOPT_URL, "pop3://pop.example.com/1");
+
+    /* Set the DELE command */
+    curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "DELE");
+
+    /* Do not perform a transfer as DELE returns no data */
+    curl_easy_setopt(curl, CURLOPT_NOBODY, 1L);
+
+    /* Perform the custom request */
+    res = curl_easy_perform(curl);
+
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));
+
+    /* Always cleanup */
+    curl_easy_cleanup(curl);
+  }
+
+  return (int)res;
+}
--- a/docs/examples/pop3-list.c
+++ b/docs/examples/pop3-list.c
@@ -0,0 +1,58 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include <stdio.h>
+#include <curl/curl.h>
+
+/* This is a simple example using libcurl's POP3 capabilities to list the
+ * contents of a mailbox.
+ *
+ * Note that this example requires libcurl 7.20.0 or above.
+ */
+
+int main(void)
+{
+  CURL *curl;
+  CURLcode res = CURLE_OK;
+
+  curl = curl_easy_init();
+  if(curl) {
+    /* Set username and password */
+    curl_easy_setopt(curl, CURLOPT_USERNAME, "user");
+    curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");
+
+    /* This will list every message of the given mailbox */
+    curl_easy_setopt(curl, CURLOPT_URL, "pop3://pop.example.com");
+
+    /* Perform the list */
+    res = curl_easy_perform(curl);
+
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));
+
+    /* Always cleanup */
+    curl_easy_cleanup(curl);
+  }
+
+  return (int)res;
+}
--- a/docs/examples/pop3-multi.c
+++ b/docs/examples/pop3-multi.c
@@ -0,0 +1,145 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include <stdio.h>
+#include <curl/curl.h>
+
+/* This is a simple example showing how to retrieve mail using libcurl's POP3
+ * capabilities. It builds on the pop3-retr.c example to demonstrate how to use
+ * libcurl's multi interface.
+ *
+ * Note that this example requires libcurl 7.20.0 or above.
+ */
+
+#define MULTI_PERFORM_HANG_TIMEOUT 60 * 1000
+
+static struct timeval tvnow(void)
+{
+  struct timeval now;
+
+  /* time() returns the value of time in seconds since the epoch */
+  now.tv_sec = (long)time(NULL);
+  now.tv_usec = 0;
+
+  return now;
+}
+
+static long tvdiff(struct timeval newer, struct timeval older)
+{
+  return (newer.tv_sec - older.tv_sec) * 1000 +
+    (newer.tv_usec - older.tv_usec) / 1000;
+}
+
+int main(void)
+{
+  CURL *curl;
+  CURLM *mcurl;
+  int still_running = 1;
+  struct timeval mp_start;
+
+  curl_global_init(CURL_GLOBAL_DEFAULT);
+
+  curl = curl_easy_init();
+  if(!curl)
+    return 1;
+
+  mcurl = curl_multi_init();
+  if(!mcurl)
+    return 2;
+
+  /* Set username and password */
+  curl_easy_setopt(curl, CURLOPT_USERNAME, "user");
+  curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");
+
+  /* This will retreive message 1 from the user's mailbox */
+  curl_easy_setopt(curl, CURLOPT_URL, "pop3://pop.example.com/1");
+
+  /* Tell the multi stack about our easy handle */
+  curl_multi_add_handle(mcurl, curl);
+
+  /* Record the start time which we can use later */
+  mp_start = tvnow();
+
+  /* We start some action by calling perform right away */
+  curl_multi_perform(mcurl, &still_running);
+
+  while(still_running) {
+    struct timeval timeout;
+    fd_set fdread;
+    fd_set fdwrite;
+    fd_set fdexcep;
+    int maxfd = -1;
+    int rc;
+
+    long curl_timeo = -1;
+
+    /* Initialise the file descriptors */
+    FD_ZERO(&fdread);
+    FD_ZERO(&fdwrite);
+    FD_ZERO(&fdexcep);
+
+    /* Set a suitable timeout to play around with */
+    timeout.tv_sec = 1;
+    timeout.tv_usec = 0;
+
+    curl_multi_timeout(mcurl, &curl_timeo);
+    if(curl_timeo >= 0) {
+      timeout.tv_sec = curl_timeo / 1000;
+      if(timeout.tv_sec > 1)
+        timeout.tv_sec = 1;
+      else
+        timeout.tv_usec = (curl_timeo % 1000) * 1000;
+    }
+
+    /* Get file descriptors from the transfers */
+    curl_multi_fdset(mcurl, &fdread, &fdwrite, &fdexcep, &maxfd);
+
+    /* In a real-world program you OF COURSE check the return code of the
+       function calls. On success, the value of maxfd is guaranteed to be
+       greater or equal than -1. We call select(maxfd + 1, ...), specially in
+       case of (maxfd == -1), we call select(0, ...), which is basically equal
+       to sleep. */
+    rc = select(maxfd + 1, &fdread, &fdwrite, &fdexcep, &timeout);
+
+    if(tvdiff(tvnow(), mp_start) > MULTI_PERFORM_HANG_TIMEOUT) {
+      fprintf(stderr,
+              "ABORTING: Since it seems that we would have run forever.\n");
+      break;
+    }
+
+    switch(rc) {
+    case -1:  /* select error */
+      break;
+    case 0:   /* timeout */
+    default:  /* action */
+      curl_multi_perform(mcurl, &still_running);
+      break;
+    }
+  }
+
+  /* Always cleanup */
+  curl_multi_remove_handle(mcurl, curl);
+  curl_multi_cleanup(mcurl);
+  curl_easy_cleanup(curl);
+  curl_global_cleanup();
+
+  return 0;
+}
--- a/docs/examples/pop3-noop.c
+++ b/docs/examples/pop3-noop.c
@@ -0,0 +1,64 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include <stdio.h>
+#include <curl/curl.h>
+
+/* This is a simple example showing how to perform a noop using libcurl's POP3
+ * capabilities.
+ *
+ * Note that this example requires libcurl 7.26.0 or above.
+ */
+
+int main(void)
+{
+  CURL *curl;
+  CURLcode res = CURLE_OK;
+
+  curl = curl_easy_init();
+  if(curl) {
+    /* Set username and password */
+    curl_easy_setopt(curl, CURLOPT_USERNAME, "user");
+    curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");
+
+    /* This is just the server URL */
+    curl_easy_setopt(curl, CURLOPT_URL, "pop3://pop.example.com");
+
+    /* Set the NOOP command */
+    curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "NOOP");
+
+    /* Do not perform a transfer as NOOP returns no data */
+    curl_easy_setopt(curl, CURLOPT_NOBODY, 1L);
+
+    /* Perform the custom request */
+    res = curl_easy_perform(curl);
+
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));
+
+    /* Always cleanup */
+    curl_easy_cleanup(curl);
+  }
+
+  return (int)res;
+}
--- a/docs/examples/pop3-retr.c
+++ b/docs/examples/pop3-retr.c
@@ -0,0 +1,58 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include <stdio.h>
+#include <curl/curl.h>
+
+/* This is a simple example showing how to retrieve mail using libcurl's POP3
+ * capabilities.
+ *
+ * Note that this example requires libcurl 7.20.0 or above.
+ */
+
+int main(void)
+{
+  CURL *curl;
+  CURLcode res = CURLE_OK;
+
+  curl = curl_easy_init();
+  if(curl) {
+    /* Set username and password */
+    curl_easy_setopt(curl, CURLOPT_USERNAME, "user");
+    curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");
+
+    /* This will retreive message 1 from the user's mailbox */
+    curl_easy_setopt(curl, CURLOPT_URL, "pop3://pop.example.com/1");
+
+    /* Perform the retr */
+    res = curl_easy_perform(curl);
+
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));
+
+    /* Always cleanup */
+    curl_easy_cleanup(curl);
+  }
+
+  return (int)res;
+}
--- a/docs/examples/pop3-ssl.c
+++ b/docs/examples/pop3-ssl.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -22,52 +22,64 @@
 #include <stdio.h>
 #include <curl/curl.h>

+/* This is a simple example showing how to retrieve mail using libcurl's POP3
+ * capabilities. It builds on the pop3-retr.c example adding transport
+ * security to protect the authentication details from being snooped.
+ *
+ * Note that this example requires libcurl 7.20.0 or above.
+ */
+
 int main(void)
 {
  CURL *curl;
-  CURLcode res;
+  CURLcode res = CURLE_OK;

  curl = curl_easy_init();
  if(curl) {
    /* Set username and password */
-    curl_easy_setopt(curl, CURLOPT_USERPWD, "user:password");
+    curl_easy_setopt(curl, CURLOPT_USERNAME, "user");
+    curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");

-    /* This will only fetch the message with ID "1" of the given mailbox */
-    curl_easy_setopt(curl, CURLOPT_URL, "pop3s://user@pop.example.com/1");
+    /* This will retreive message 1 from the user's mailbox. Note the use of
+     * pop3s:// rather than pop3:// to request a SSL based connection. */
+    curl_easy_setopt(curl, CURLOPT_URL, "pop3s://pop.example.com/1");

-#ifdef SKIP_PEER_VERIFICATION
-    /*
-     * If you want to connect to a site who isn't using a certificate that is
+    /* If you want to connect to a site who isn't using a certificate that is
     * signed by one of the certs in the CA bundle you have, you can skip the
     * verification of the server's certificate. This makes the connection
     * A LOT LESS SECURE.
     *
     * If you have a CA cert for the server stored someplace else than in the
     * default bundle, then the CURLOPT_CAPATH option might come handy for
-     * you.
-     */
+     * you. */
+#ifdef SKIP_PEER_VERIFICATION
    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
 #endif

-#ifdef SKIP_HOSTNAME_VERFICATION
-    /*
-     * If the site you're connecting to uses a different host name that what
+    /* If the site you're connecting to uses a different host name that what
     * they have mentioned in their server certificate's commonName (or
     * subjectAltName) fields, libcurl will refuse to connect. You can skip
-     * this check, but this will make the connection less secure.
-     */
+     * this check, but this will make the connection less secure. */
+#ifdef SKIP_HOSTNAME_VERFICATION
    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
 #endif

-    /* Perform the request, res will get the return code */
+    /* Since the traffic will be encrypted, it is very useful to turn on debug
+     * information within libcurl to see what is happening during the
+     * transfer */
+    curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
+
+    /* Perform the retr */
    res = curl_easy_perform(curl);
+
    /* Check for errors */
    if(res != CURLE_OK)
      fprintf(stderr, "curl_easy_perform() failed: %s\n",
              curl_easy_strerror(res));

-    /* always cleanup */
+    /* Always cleanup */
    curl_easy_cleanup(curl);
  }
-  return 0;
+
+  return (int)res;
 }
--- a/docs/examples/pop3-stat.c
+++ b/docs/examples/pop3-stat.c
@@ -0,0 +1,64 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include <stdio.h>
+#include <curl/curl.h>
+
+/* This is a simple example showing how to obtain message statistics using
+ * libcurl's POP3 capabilities.
+ *
+ * Note that this example requires libcurl 7.26.0 or above.
+ */
+
+int main(void)
+{
+  CURL *curl;
+  CURLcode res = CURLE_OK;
+
+  curl = curl_easy_init();
+  if(curl) {
+    /* Set username and password */
+    curl_easy_setopt(curl, CURLOPT_USERNAME, "user");
+    curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");
+
+    /* This is just the server URL */
+    curl_easy_setopt(curl, CURLOPT_URL, "pop3://pop.example.com");
+
+    /* Set the STAT command */
+    curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "STAT");
+
+    /* Do not perform a transfer as the data is in the response */
+    curl_easy_setopt(curl, CURLOPT_NOBODY, 1L);
+
+    /* Perform the custom request */
+    res = curl_easy_perform(curl);
+
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));
+
+    /* Always cleanup */
+    curl_easy_cleanup(curl);
+  }
+
+  return (int)res;
+}
--- a/docs/examples/pop3-tls.c
+++ b/docs/examples/pop3-tls.c
@@ -0,0 +1,84 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include <stdio.h>
+#include <curl/curl.h>
+
+/* This is a simple example showing how to retrieve mail using libcurl's POP3
+ * capabilities. It builds on the pop3-retr.c example adding transport
+ * security to protect the authentication details from being snooped.
+ *
+ * Note that this example requires libcurl 7.20.0 or above.
+ */
+
+int main(void)
+{
+  CURL *curl;
+  CURLcode res = CURLE_OK;
+
+  curl = curl_easy_init();
+  if(curl) {
+    /* Set username and password */
+    curl_easy_setopt(curl, CURLOPT_USERNAME, "user");
+    curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");
+
+    /* This will retreive message 1 from the user's mailbox */
+    curl_easy_setopt(curl, CURLOPT_URL, "pop3://pop.example.com/1");
+
+    /* In this example, we'll start with a plain text connection, and upgrade
+     * to Transport Layer Security (TLS) using the STLS command. Be careful of
+     * using CURLUSESSL_TRY here, because if TLS upgrade fails, the transfer
+     * will continue anyway - see the security discussion in the libcurl
+     * tutorial for more details. */
+    curl_easy_setopt(curl, CURLOPT_USE_SSL, (long)CURLUSESSL_ALL);
+
+    /* If your server doesn't have a valid certificate, then you can disable
+     * part of the Transport Layer Security protection by setting the
+     * CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST options to 0 (false).
+     *   curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
+     *   curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
+     * That is, in general, a bad idea. It is still better than sending your
+     * authentication details in plain text though.
+     * Instead, you should get the issuer certificate (or the host certificate
+     * if the certificate is self-signed) and add it to the set of certificates
+     * that are known to libcurl using CURLOPT_CAINFO and/or CURLOPT_CAPATH. See
+     * docs/SSLCERTS for more information. */
+    curl_easy_setopt(curl, CURLOPT_CAINFO, "/path/to/certificate.pem");
+
+    /* Since the traffic will be encrypted, it is very useful to turn on debug
+     * information within libcurl to see what is happening during the
+     * transfer */
+    curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
+
+    /* Perform the retr */
+    res = curl_easy_perform(curl);
+
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));
+
+    /* Always cleanup */
+    curl_easy_cleanup(curl);
+  }
+
+  return (int)res;
+}
--- a/docs/examples/pop3-top.c
+++ b/docs/examples/pop3-top.c
@@ -0,0 +1,61 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include <stdio.h>
+#include <curl/curl.h>
+
+/* This is a simple example showing how to retrieve only the headers of a mail
+ * using libcurl's POP3 capabilities.
+ *
+ * Note that this example requires libcurl 7.26.0 or above.
+ */
+
+int main(void)
+{
+  CURL *curl;
+  CURLcode res = CURLE_OK;
+
+  curl = curl_easy_init();
+  if(curl) {
+    /* Set username and password */
+    curl_easy_setopt(curl, CURLOPT_USERNAME, "user");
+    curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");
+
+    /* This is just the server URL */
+    curl_easy_setopt(curl, CURLOPT_URL, "pop3://pop.example.com");
+
+    /* Set the TOP command for message 1 to only include the headers */
+    curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "TOP 1 0");
+
+    /* Perform the custom request */
+    res = curl_easy_perform(curl);
+
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));
+
+    /* Always cleanup */
+    curl_easy_cleanup(curl);
+  }
+
+  return (int)res;
+}
--- a/docs/examples/pop3-uidl.c
+++ b/docs/examples/pop3-uidl.c
@@ -0,0 +1,61 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include <stdio.h>
+#include <curl/curl.h>
+
+/* This is a simple example using libcurl's POP3 capabilities to list the
+ * contents of a mailbox by unique ID.
+ *
+ * Note that this example requires libcurl 7.26.0 or above.
+ */
+
+int main(void)
+{
+  CURL *curl;
+  CURLcode res = CURLE_OK;
+
+  curl = curl_easy_init();
+  if(curl) {
+    /* Set username and password */
+    curl_easy_setopt(curl, CURLOPT_USERNAME, "user");
+    curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");
+
+    /* This is just the server URL */
+    curl_easy_setopt(curl, CURLOPT_URL, "pop3://pop.example.com");
+
+    /* Set the UIDL command */
+    curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "UIDL");
+
+    /* Perform the custom request */
+    res = curl_easy_perform(curl);
+
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));
+
+    /* Always cleanup */
+    curl_easy_cleanup(curl);
+  }
+
+  return (int)res;
+}
--- a/docs/examples/simplesmtp.c
+++ b/docs/examples/simplesmtp.c
@@ -1,87 +0,0 @@
-/***************************************************************************
- *                                  _   _ ____  _
- *  Project                     ___| | | |  _ \| |
- *                             / __| | | | |_) | |
- *                            | (__| |_| |  _ <| |___
- *                             \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- ***************************************************************************/
-#include <stdio.h>
-#include <string.h>
-#include <curl/curl.h>
-
-int main(void)
-{
-  CURL *curl;
-  CURLcode res;
-  struct curl_slist *recipients = NULL;
-
-  /* value for envelope reverse-path */
-  static const char *from = "<bradh@example.com>";
-
-  /* this becomes the envelope forward-path */
-  static const char *to = "<bradh@example.net>";
-
-  curl = curl_easy_init();
-  if(curl) {
-    /* this is the URL for your mailserver - you can also use an smtps:// URL
-     * here */
-    curl_easy_setopt(curl, CURLOPT_URL, "smtp://mail.example.net.");
-
-    /* Note that this option isn't strictly required, omitting it will result in
-     * libcurl will sent the MAIL FROM command with no sender data. All
-     * autoresponses should have an empty reverse-path, and should be directed
-     * to the address in the reverse-path which triggered them. Otherwise, they
-     * could cause an endless loop. See RFC 5321 Section 4.5.5 for more details.
-     */
-    curl_easy_setopt(curl, CURLOPT_MAIL_FROM, from);
-
-    /* Note that the CURLOPT_MAIL_RCPT takes a list, not a char array.  */
-    recipients = curl_slist_append(recipients, to);
-    curl_easy_setopt(curl, CURLOPT_MAIL_RCPT, recipients);
-
-    /* You provide the payload (headers and the body of the message) as the
-     * "data" element. There are two choices, either:
-     * - provide a callback function and specify the function name using the
-     * CURLOPT_READFUNCTION option; or
-     * - just provide a FILE pointer that can be used to read the data from.
-     * The easiest case is just to read from standard input, (which is available
-     * as a FILE pointer) as shown here.
-     */
-    curl_easy_setopt(curl, CURLOPT_READDATA, stdin);
-
-    /* send the message (including headers) */
-    res = curl_easy_perform(curl);
-    /* Check for errors */
-    if(res != CURLE_OK)
-      fprintf(stderr, "curl_easy_perform() failed: %s\n",
-              curl_easy_strerror(res));
-
-    /* free the list of recipients */
-    curl_slist_free_all(recipients);
-
-    /* curl won't send the QUIT command until you call cleanup, so you should be
-     * able to re-use this connection for additional messages (setting
-     * CURLOPT_MAIL_FROM and CURLOPT_MAIL_RCPT as required, and calling
-     * curl_easy_perform() again. It may not be a good idea to keep the
-     * connection open for a very long time though (more than a few minutes may
-     * result in the server timing out the connection), and you do want to clean
-     * up in the end.
-     */
-    curl_easy_cleanup(curl);
-  }
-  return 0;
-}
--- a/docs/examples/smtp-expn.c
+++ b/docs/examples/smtp-expn.c
@@ -0,0 +1,73 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include <stdio.h>
+#include <string.h>
+#include <curl/curl.h>
+
+/* This is a simple example showing how to expand an email mailing list.
+ *
+ * Notes:
+ *
+ * 1) This example requires libcurl 7.34.0 or above.
+ * 2) Not all email servers support this command.
+ */
+
+int main(void)
+{
+  CURL *curl;
+  CURLcode res;
+  struct curl_slist *recipients = NULL;
+
+  curl = curl_easy_init();
+  if(curl) {
+    /* This is the URL for your mailserver */
+    curl_easy_setopt(curl, CURLOPT_URL, "smtp://mail.example.com");
+
+    /* Note that the CURLOPT_MAIL_RCPT takes a list, not a char array  */
+    recipients = curl_slist_append(recipients, "Friends");
+    curl_easy_setopt(curl, CURLOPT_MAIL_RCPT, recipients);
+
+    /* Set the EXPN command */
+    curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "EXPN");
+
+    /* Perform the custom request */
+    res = curl_easy_perform(curl);
+
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));
+
+    /* Free the list of recipients */
+    curl_slist_free_all(recipients);
+
+    /* Curl won't send the QUIT command until you call cleanup, so you should
+     * be able to re-use this connection for additional requests. It may not be
+     * a good idea to keep the connection open for a very long time though
+     * (more than a few minutes may result in the server timing out the
+     * connection) and you do want to clean up in the end.
+     */
+    curl_easy_cleanup(curl);
+  }
+
+  return 0;
+}
--- a/docs/examples/smtp-mail.c
+++ b/docs/examples/smtp-mail.c
@@ -0,0 +1,137 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include <stdio.h>
+#include <string.h>
+#include <curl/curl.h>
+
+/* This is a simple example showing how to send mail using libcurl's SMTP
+ * capabilities. For an exmaple of using the multi interface please see
+ * smtp-multi.c.
+ *
+ * Note that this example requires libcurl 7.20.0 or above.
+ */
+
+#define FROM    "<sender@example.org>"
+#define TO      "<addressee@example.net>"
+#define CC      "<info@example.org>"
+
+static const char *payload_text[] = {
+  "Date: Mon, 29 Nov 2010 21:54:29 +1100\r\n",
+  "To: " TO "\r\n",
+  "From: " FROM "(Example User)\r\n",
+  "Cc: " CC "(Another example User)\r\n",
+  "Message-ID: <dcd7cb36-11db-487a-9f3a-e652a9458efd@rfcpedant.example.org>\r\n",
+  "Subject: SMTP example message\r\n",
+  "\r\n", /* empty line to divide headers from body, see RFC5322 */
+  "The body of the message starts here.\r\n",
+  "\r\n",
+  "It could be a lot of lines, could be MIME encoded, whatever.\r\n",
+  "Check RFC5322.\r\n",
+  NULL
+};
+
+struct upload_status {
+  int lines_read;
+};
+
+static size_t payload_source(void *ptr, size_t size, size_t nmemb, void *userp)
+{
+  struct upload_status *upload_ctx = (struct upload_status *)userp;
+  const char *data;
+
+  if((size == 0) || (nmemb == 0) || ((size*nmemb) < 1)) {
+    return 0;
+  }
+
+  data = payload_text[upload_ctx->lines_read];
+
+  if(data) {
+    size_t len = strlen(data);
+    memcpy(ptr, data, len);
+    upload_ctx->lines_read++;
+
+    return len;
+  }
+
+  return 0;
+}
+
+int main(void)
+{
+  CURL *curl;
+  CURLcode res = CURLE_OK;
+  struct curl_slist *recipients = NULL;
+  struct upload_status upload_ctx;
+
+  upload_ctx.lines_read = 0;
+
+  curl = curl_easy_init();
+  if(curl) {
+    /* This is the URL for your mailserver */
+    curl_easy_setopt(curl, CURLOPT_URL, "smtp://mail.example.com");
+
+    /* Note that this option isn't strictly required, omitting it will result in
+     * libcurl sending the MAIL FROM command with empty sender data. All
+     * autoresponses should have an empty reverse-path, and should be directed
+     * to the address in the reverse-path which triggered them. Otherwise, they
+     * could cause an endless loop. See RFC 5321 Section 4.5.5 for more details.
+     */
+    curl_easy_setopt(curl, CURLOPT_MAIL_FROM, FROM);
+
+    /* Add two recipients, in this particular case they correspond to the
+     * To: and Cc: addressees in the header, but they could be any kind of
+     * recipient. */
+    recipients = curl_slist_append(recipients, TO);
+    recipients = curl_slist_append(recipients, CC);
+    curl_easy_setopt(curl, CURLOPT_MAIL_RCPT, recipients);
+
+    /* We're using a callback function to specify the payload (the headers and
+     * body of the message). You could just use the CURLOPT_READDATA option to
+     * specify a FILE pointer to read from. */
+    curl_easy_setopt(curl, CURLOPT_READFUNCTION, payload_source);
+    curl_easy_setopt(curl, CURLOPT_READDATA, &upload_ctx);
+    curl_easy_setopt(curl, CURLOPT_UPLOAD, 1L);
+
+    /* Send the message */
+    res = curl_easy_perform(curl);
+
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));
+
+    /* Free the list of recipients */
+    curl_slist_free_all(recipients);
+
+    /* curl won't send the QUIT command until you call cleanup, so you should be
+     * able to re-use this connection for additional messages (setting
+     * CURLOPT_MAIL_FROM and CURLOPT_MAIL_RCPT as required, and calling
+     * curl_easy_perform() again. It may not be a good idea to keep the
+     * connection open for a very long time though (more than a few minutes may
+     * result in the server timing out the connection), and you do want to clean
+     * up in the end.
+     */
+    curl_easy_cleanup(curl);
+  }
+
+  return (int)res;
+}
--- a/docs/examples/smtp-multi.c
+++ b/docs/examples/smtp-multi.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -19,68 +19,71 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
-/* This is an example application source code sending SMTP mail using the
- * multi interface.
- */
-
 #include <string.h>
 #include <curl/curl.h>

-/*
- * This is the list of basic details you need to tweak to get things right.
+/* This is an example showing how to send mail using libcurl's SMTP
+ * capabilities. It builds on the smtp-mail.c example to demonstrate how to use
+ * libcurl's multi interface.
+ *
+ * Note that this example requires libcurl 7.20.0 or above.
 */
-#define USERNAME "user@example.com"
-#define PASSWORD "123qwerty"
-#define SMTPSERVER "smtp.example.com"
-#define SMTPPORT ":587" /* it is a colon+port string, but you can set it
-                           to "" to use the default port */
-#define RECIPIENT "<recipient@example.com>"
-#define MAILFROM "<realuser@example.com>"
+
+#define FROM     "<sender@example.com>"
+#define TO       "<recipient@example.com>"
+#define CC       "<info@example.com>"

 #define MULTI_PERFORM_HANG_TIMEOUT 60 * 1000

-/* Note that you should include the actual meta data headers here as well if
-   you want the mail to have a Subject, another From:, show a To: or whatever
-   you think your mail should feature! */
-static const char *text[]={
-  "one\n",
-  "two\n",
-  "three\n",
-  " Hello, this is CURL email SMTP\n",
+static const char *payload_text[] = {
+  "Date: Mon, 29 Nov 2010 21:54:29 +1100\r\n",
+  "To: " TO "\r\n",
+  "From: " FROM "(Example User)\r\n",
+  "Cc: " CC "(Another example User)\r\n",
+  "Message-ID: <dcd7cb36-11db-487a-9f3a-e652a9458efd@rfcpedant.example.org>\r\n",
+  "Subject: SMTP multi example message\r\n",
+  "\r\n", /* empty line to divide headers from body, see RFC5322 */
+  "The body of the message starts here.\r\n",
+  "\r\n",
+  "It could be a lot of lines, could be MIME encoded, whatever.\r\n",
+  "Check RFC5322.\r\n",
  NULL
 };

-struct WriteThis {
-  int counter;
+struct upload_status {
+  int lines_read;
 };

-static size_t read_callback(void *ptr, size_t size, size_t nmemb, void *userp)
+static size_t payload_source(void *ptr, size_t size, size_t nmemb, void *userp)
 {
-  struct WriteThis *pooh = (struct WriteThis *)userp;
+  struct upload_status *upload_ctx = (struct upload_status *)userp;
  const char *data;

-  if(size*nmemb < 1)
+  if((size == 0) || (nmemb == 0) || ((size*nmemb) < 1)) {
    return 0;
+  }

-  data = text[pooh->counter];
+  data = payload_text[upload_ctx->lines_read];

  if(data) {
    size_t len = strlen(data);
    memcpy(ptr, data, len);
-    pooh->counter++; /* advance pointer */
+    upload_ctx->lines_read++;
+
    return len;
  }
-  return 0;                         /* no more data left to deliver */
+
+  return 0;
 }

 static struct timeval tvnow(void)
 {
-  /*
-  ** time() returns the value of time in seconds since the Epoch.
-  */
  struct timeval now;
+
+  /* time() returns the value of time in seconds since the epoch */
  now.tv_sec = (long)time(NULL);
  now.tv_usec = 0;
+
  return now;
 }

@@ -96,10 +99,10 @@ int main(void)
  CURLM *mcurl;
  int still_running = 1;
  struct timeval mp_start;
-   struct WriteThis pooh;
-   struct curl_slist* rcpt_list = NULL;
+  struct curl_slist *recipients = NULL;
+  struct upload_status upload_ctx;

-   pooh.counter = 0;
+  upload_ctx.lines_read = 0;

  curl_global_init(CURL_GLOBAL_DEFAULT);

@@ -111,47 +114,56 @@ int main(void)
  if(!mcurl)
    return 2;

-   rcpt_list = curl_slist_append(rcpt_list, RECIPIENT);
-   /* more addresses can be added here
-      rcpt_list = curl_slist_append(rcpt_list, "<others@example.com>");
-   */
+  /* This is the URL for your mailserver */
+  curl_easy_setopt(curl, CURLOPT_URL, "smtp://mail.example.com");

-   curl_easy_setopt(curl, CURLOPT_URL, "smtp://" SMTPSERVER SMTPPORT);
-   curl_easy_setopt(curl, CURLOPT_USERNAME, USERNAME);
-   curl_easy_setopt(curl, CURLOPT_PASSWORD, PASSWORD);
-   curl_easy_setopt(curl, CURLOPT_READFUNCTION, read_callback);
-   curl_easy_setopt(curl, CURLOPT_MAIL_FROM, MAILFROM);
-   curl_easy_setopt(curl, CURLOPT_MAIL_RCPT, rcpt_list);
-   curl_easy_setopt(curl, CURLOPT_USE_SSL, (long)CURLUSESSL_ALL);
-   curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
-   curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
-   curl_easy_setopt(curl, CURLOPT_READDATA, &pooh);
-   curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
-   curl_easy_setopt(curl, CURLOPT_SSLVERSION, 0L);
-   curl_easy_setopt(curl, CURLOPT_SSL_SESSIONID_CACHE, 0L);
+  /* Note that this option isn't strictly required, omitting it will result in
+   * libcurl sending the MAIL FROM command with empty sender data. All
+   * autoresponses should have an empty reverse-path, and should be directed
+   * to the address in the reverse-path which triggered them. Otherwise, they
+   * could cause an endless loop. See RFC 5321 Section 4.5.5 for more details.
+   */
+  curl_easy_setopt(curl, CURLOPT_MAIL_FROM, FROM);
+
+  /* Add two recipients, in this particular case they correspond to the
+   * To: and Cc: addressees in the header, but they could be any kind of
+   * recipient. */
+  recipients = curl_slist_append(recipients, TO);
+  recipients = curl_slist_append(recipients, CC);
+  curl_easy_setopt(curl, CURLOPT_MAIL_RCPT, recipients);
+
+  /* We're using a callback function to specify the payload (the headers and
+   * body of the message). You could just use the CURLOPT_READDATA option to
+   * specify a FILE pointer to read from. */
+  curl_easy_setopt(curl, CURLOPT_READFUNCTION, payload_source);
+  curl_easy_setopt(curl, CURLOPT_READDATA, &upload_ctx);
+  curl_easy_setopt(curl, CURLOPT_UPLOAD, 1L);
+
+  /* Tell the multi stack about our easy handle */
  curl_multi_add_handle(mcurl, curl);

+  /* Record the start time which we can use later */
  mp_start = tvnow();

-  /* we start some action by calling perform right away */
+  /* We start some action by calling perform right away */
  curl_multi_perform(mcurl, &still_running);

  while(still_running) {
    struct timeval timeout;
-    int rc; /* select() return code */
-
    fd_set fdread;
    fd_set fdwrite;
    fd_set fdexcep;
    int maxfd = -1;
+    int rc;

    long curl_timeo = -1;

+    /* Initialise the file descriptors */
    FD_ZERO(&fdread);
    FD_ZERO(&fdwrite);
    FD_ZERO(&fdexcep);

-    /* set a suitable timeout to play around with */
+    /* Set a suitable timeout to play around with */
    timeout.tv_sec = 1;
    timeout.tv_usec = 0;

@@ -164,7 +176,7 @@ int main(void)
        timeout.tv_usec = (curl_timeo % 1000) * 1000;
    }

-    /* get file descriptors from the transfers */
+    /* Get file descriptors from the transfers */
    curl_multi_fdset(mcurl, &fdread, &fdwrite, &fdexcep, &maxfd);

    /* In a real-world program you OF COURSE check the return code of the
@@ -172,18 +184,16 @@ int main(void)
       greater or equal than -1.  We call select(maxfd + 1, ...), specially in
       case of (maxfd == -1), we call select(0, ...), which is basically equal
       to sleep. */
-
    rc = select(maxfd+1, &fdread, &fdwrite, &fdexcep, &timeout);

    if(tvdiff(tvnow(), mp_start) > MULTI_PERFORM_HANG_TIMEOUT) {
-      fprintf(stderr, "ABORTING TEST, since it seems "
-              "that it would have run forever.\n");
+      fprintf(stderr,
+              "ABORTING: Since it seems that we would have run forever.\n");
      break;
    }

    switch(rc) {
-    case -1:
-      /* select error */
+    case -1:  /* select error */
      break;
    case 0:   /* timeout */
    default:  /* action */
@@ -192,12 +202,14 @@ int main(void)
    }
  }

-  curl_slist_free_all(rcpt_list);
+  /* Free the list of recipients */
+  curl_slist_free_all(recipients);
+
+  /* Always cleanup */
  curl_multi_remove_handle(mcurl, curl);
  curl_multi_cleanup(mcurl);
  curl_easy_cleanup(curl);
  curl_global_cleanup();
+
  return 0;
 }
-
-
--- a/docs/examples/smtp-ssl.c
+++ b/docs/examples/smtp-ssl.c
@@ -0,0 +1,161 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include <stdio.h>
+#include <string.h>
+#include <curl/curl.h>
+
+/* This is a simple example showing how to send mail using libcurl's SMTP
+ * capabilities. It builds on the smtp-mail.c example to add authentication
+ * and, more importantly, transport security to protect the authentication
+ * details from being snooped.
+ *
+ * Note that this example requires libcurl 7.20.0 or above.
+ */
+
+#define FROM    "<sender@example.org>"
+#define TO      "<addressee@example.net>"
+#define CC      "<info@example.org>"
+
+static const char *payload_text[] = {
+  "Date: Mon, 29 Nov 2010 21:54:29 +1100\r\n",
+  "To: " TO "\r\n",
+  "From: " FROM "(Example User)\r\n",
+  "Cc: " CC "(Another example User)\r\n",
+  "Message-ID: <dcd7cb36-11db-487a-9f3a-e652a9458efd@rfcpedant.example.org>\r\n",
+  "Subject: SMTP SSL example message\r\n",
+  "\r\n", /* empty line to divide headers from body, see RFC5322 */
+  "The body of the message starts here.\r\n",
+  "\r\n",
+  "It could be a lot of lines, could be MIME encoded, whatever.\r\n",
+  "Check RFC5322.\r\n",
+  NULL
+};
+
+struct upload_status {
+  int lines_read;
+};
+
+static size_t payload_source(void *ptr, size_t size, size_t nmemb, void *userp)
+{
+  struct upload_status *upload_ctx = (struct upload_status *)userp;
+  const char *data;
+
+  if((size == 0) || (nmemb == 0) || ((size*nmemb) < 1)) {
+    return 0;
+  }
+
+  data = payload_text[upload_ctx->lines_read];
+
+  if(data) {
+    size_t len = strlen(data);
+    memcpy(ptr, data, len);
+    upload_ctx->lines_read++;
+
+    return len;
+  }
+
+  return 0;
+}
+
+int main(void)
+{
+  CURL *curl;
+  CURLcode res = CURLE_OK;
+  struct curl_slist *recipients = NULL;
+  struct upload_status upload_ctx;
+
+  upload_ctx.lines_read = 0;
+
+  curl = curl_easy_init();
+  if(curl) {
+    /* Set username and password */
+    curl_easy_setopt(curl, CURLOPT_USERNAME, "user");
+    curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");
+
+    /* This is the URL for your mailserver. Note the use of smtps:// rather
+     * than smtp:// to request a SSL based connection. */
+    curl_easy_setopt(curl, CURLOPT_URL, "smtps://mainserver.example.net");
+
+    /* If you want to connect to a site who isn't using a certificate that is
+     * signed by one of the certs in the CA bundle you have, you can skip the
+     * verification of the server's certificate. This makes the connection
+     * A LOT LESS SECURE.
+     *
+     * If you have a CA cert for the server stored someplace else than in the
+     * default bundle, then the CURLOPT_CAPATH option might come handy for
+     * you. */
+#ifdef SKIP_PEER_VERIFICATION
+    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);
+#endif
+
+    /* If the site you're connecting to uses a different host name that what
+     * they have mentioned in their server certificate's commonName (or
+     * subjectAltName) fields, libcurl will refuse to connect. You can skip
+     * this check, but this will make the connection less secure. */
+#ifdef SKIP_HOSTNAME_VERFICATION
+    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
+#endif
+
+    /* Note that this option isn't strictly required, omitting it will result in
+     * libcurl sending the MAIL FROM command with empty sender data. All
+     * autoresponses should have an empty reverse-path, and should be directed
+     * to the address in the reverse-path which triggered them. Otherwise, they
+     * could cause an endless loop. See RFC 5321 Section 4.5.5 for more details.
+     */
+    curl_easy_setopt(curl, CURLOPT_MAIL_FROM, FROM);
+
+    /* Add two recipients, in this particular case they correspond to the
+     * To: and Cc: addressees in the header, but they could be any kind of
+     * recipient. */
+    recipients = curl_slist_append(recipients, TO);
+    recipients = curl_slist_append(recipients, CC);
+    curl_easy_setopt(curl, CURLOPT_MAIL_RCPT, recipients);
+
+    /* We're using a callback function to specify the payload (the headers and
+     * body of the message). You could just use the CURLOPT_READDATA option to
+     * specify a FILE pointer to read from. */
+    curl_easy_setopt(curl, CURLOPT_READFUNCTION, payload_source);
+    curl_easy_setopt(curl, CURLOPT_READDATA, &upload_ctx);
+    curl_easy_setopt(curl, CURLOPT_UPLOAD, 1L);
+
+    /* Since the traffic will be encrypted, it is very useful to turn on debug
+     * information within libcurl to see what is happening during the
+     * transfer */
+    curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
+
+    /* Send the message */
+    res = curl_easy_perform(curl);
+
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));
+
+    /* Free the list of recipients */
+    curl_slist_free_all(recipients);
+
+    /* Always cleanup */
+    curl_easy_cleanup(curl);
+  }
+
+  return (int)res;
+}
--- a/docs/examples/smtp-tls.c
+++ b/docs/examples/smtp-tls.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -24,8 +24,11 @@
 #include <curl/curl.h>

 /* This is a simple example showing how to send mail using libcurl's SMTP
- * capabilities. It builds on the simplesmtp.c example, adding some
- * authentication and transport security.
+ * capabilities. It builds on the smtp-mail.c example to add authentication
+ * and, more importantly, transport security to protect the authentication
+ * details from being snooped.
+ *
+ * Note that this example requires libcurl 7.20.0 or above.
 */

 #define FROM    "<sender@example.org>"
@@ -33,17 +36,17 @@
 #define CC      "<info@example.org>"

 static const char *payload_text[] = {
-  "Date: Mon, 29 Nov 2010 21:54:29 +1100\n",
-  "To: " TO "\n",
-  "From: " FROM "(Example User)\n",
-  "Cc: " CC "(Another example User)\n",
-  "Message-ID: <dcd7cb36-11db-487a-9f3a-e652a9458efd@rfcpedant.example.org>\n",
-  "Subject: SMTP TLS example message\n",
-  "\n", /* empty line to divide headers from body, see RFC5322 */
-  "The body of the message starts here.\n",
-  "\n",
-  "It could be a lot of lines, could be MIME encoded, whatever.\n",
-  "Check RFC5322.\n",
+  "Date: Mon, 29 Nov 2010 21:54:29 +1100\r\n",
+  "To: " TO "\r\n",
+  "From: " FROM "(Example User)\r\n",
+  "Cc: " CC "(Another example User)\r\n",
+  "Message-ID: <dcd7cb36-11db-487a-9f3a-e652a9458efd@rfcpedant.example.org>\r\n",
+  "Subject: SMTP TLS example message\r\n",
+  "\r\n", /* empty line to divide headers from body, see RFC5322 */
+  "The body of the message starts here.\r\n",
+  "\r\n",
+  "It could be a lot of lines, could be MIME encoded, whatever.\r\n",
+  "Check RFC5322.\r\n",
  NULL
 };

@@ -66,16 +69,17 @@ static size_t payload_source(void *ptr, size_t size, size_t nmemb, void *userp)
    size_t len = strlen(data);
    memcpy(ptr, data, len);
    upload_ctx->lines_read++;
+
    return len;
  }
+
  return 0;
 }

-
 int main(void)
 {
  CURL *curl;
-  CURLcode res;
+  CURLcode res = CURLE_OK;
  struct curl_slist *recipients = NULL;
  struct upload_status upload_ctx;

@@ -83,6 +87,10 @@ int main(void)

  curl = curl_easy_init();
  if(curl) {
+    /* Set username and password */
+    curl_easy_setopt(curl, CURLOPT_USERNAME, "user");
+    curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");
+
    /* This is the URL for your mailserver. Note the use of port 587 here,
     * instead of the normal SMTP port (25). Port 587 is commonly used for
     * secure mail submission (see RFC4403), but you should use whatever
@@ -106,18 +114,17 @@ int main(void)
     * Instead, you should get the issuer certificate (or the host certificate
     * if the certificate is self-signed) and add it to the set of certificates
     * that are known to libcurl using CURLOPT_CAINFO and/or CURLOPT_CAPATH. See
-     * docs/SSLCERTS for more information.
-     */
+     * docs/SSLCERTS for more information. */
    curl_easy_setopt(curl, CURLOPT_CAINFO, "/path/to/certificate.pem");

-    /* A common reason for requiring transport security is to protect
-     * authentication details (user names and passwords) from being "snooped"
-     * on the network. Here is how the user name and password are provided: */
-    curl_easy_setopt(curl, CURLOPT_USERNAME, "user@example.net");
-    curl_easy_setopt(curl, CURLOPT_PASSWORD, "P@ssw0rd");
-
-    /* value for envelope reverse-path */
+    /* Note that this option isn't strictly required, omitting it will result in
+     * libcurl sending the MAIL FROM command with empty sender data. All
+     * autoresponses should have an empty reverse-path, and should be directed
+     * to the address in the reverse-path which triggered them. Otherwise, they
+     * could cause an endless loop. See RFC 5321 Section 4.5.5 for more details.
+     */
    curl_easy_setopt(curl, CURLOPT_MAIL_FROM, FROM);
+
    /* Add two recipients, in this particular case they correspond to the
     * To: and Cc: addressees in the header, but they could be any kind of
     * recipient. */
@@ -125,28 +132,32 @@ int main(void)
    recipients = curl_slist_append(recipients, CC);
    curl_easy_setopt(curl, CURLOPT_MAIL_RCPT, recipients);

-    /* In this case, we're using a callback function to specify the data. You
-     * could just use the CURLOPT_READDATA option to specify a FILE pointer to
-     * read from.
-     */
+    /* We're using a callback function to specify the payload (the headers and
+     * body of the message). You could just use the CURLOPT_READDATA option to
+     * specify a FILE pointer to read from. */
    curl_easy_setopt(curl, CURLOPT_READFUNCTION, payload_source);
    curl_easy_setopt(curl, CURLOPT_READDATA, &upload_ctx);
+    curl_easy_setopt(curl, CURLOPT_UPLOAD, 1L);

    /* Since the traffic will be encrypted, it is very useful to turn on debug
     * information within libcurl to see what is happening during the transfer.
     */
    curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);

-    /* send the message (including headers) */
+    /* Send the message */
    res = curl_easy_perform(curl);
+
    /* Check for errors */
    if(res != CURLE_OK)
      fprintf(stderr, "curl_easy_perform() failed: %s\n",
              curl_easy_strerror(res));

-    /* free the list of recipients and clean up */
+    /* Free the list of recipients */
    curl_slist_free_all(recipients);
+
+    /* Always cleanup */
    curl_easy_cleanup(curl);
  }
-  return 0;
+
+  return (int)res;
 }
--- a/docs/examples/smtp-vrfy.c
+++ b/docs/examples/smtp-vrfy.c
@@ -0,0 +1,73 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include <stdio.h>
+#include <string.h>
+#include <curl/curl.h>
+
+/* This is a simple example showing how to verify an email address from an
+ * SMTP server.
+ *
+ * Notes:
+ *
+ * 1) This example requires libcurl 7.34.0 or above.
+ * 2) Not all email servers support this command and even if your email server
+ *    does support it, it may respond with a 252 response code even though the
+ *    address doesn't exist.
+ */
+
+int main(void)
+{
+  CURL *curl;
+  CURLcode res;
+  struct curl_slist *recipients = NULL;
+
+  curl = curl_easy_init();
+  if(curl) {
+    /* This is the URL for your mailserver */
+    curl_easy_setopt(curl, CURLOPT_URL, "smtp://mail.example.com");
+
+    /* Note that the CURLOPT_MAIL_RCPT takes a list, not a char array  */
+    recipients = curl_slist_append(recipients, "<recipient@example.com>");
+    curl_easy_setopt(curl, CURLOPT_MAIL_RCPT, recipients);
+
+    /* Perform the VRFY */
+    res = curl_easy_perform(curl);
+
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));
+
+    /* Free the list of recipients */
+    curl_slist_free_all(recipients);
+
+    /* Curl won't send the QUIT command until you call cleanup, so you should
+     * be able to re-use this connection for additional requests. It may not be
+     * a good idea to keep the connection open for a very long time though
+     * (more than a few minutes may result in the server timing out the
+     * connection) and you do want to clean up in the end.
+     */
+    curl_easy_cleanup(curl);
+  }
+
+  return 0;
+}
--- a/docs/libcurl/curl_easy_pause.3
+++ b/docs/libcurl/curl_easy_pause.3
@@ -31,8 +31,8 @@ curl_easy_pause - pause and unpause a connection
 Using this function, you can explicitly mark a running connection to get
 paused, and you can unpause a connection that was previously paused.

-A connection can be paused by using this function or by letting the read
-or the write callbacks return the proper magic return code
+A connection can be paused by using this function or by letting the read or
+the write callbacks return the proper magic return code
 (\fICURL_READFUNC_PAUSE\fP and \fICURL_WRITEFUNC_PAUSE\fP). A write callback
 that returns pause signals to the library that it couldn't take care of any
 data at all, and that data will then be delivered again to the callback when
@@ -68,6 +68,10 @@ Convenience define that unpauses both directions
 CURLE_OK (zero) means that the option was set properly, and a non-zero return
 code means something wrong occurred after the new state was set.  See the
 \fIlibcurl-errors(3)\fP man page for the full list with descriptions.
+.SH LIMITATIONS
+The pausing of transfers does not work with protocols that work without
+network connectivity, like FILE://. Trying to pause such a transfer, in any
+direction, will cause problems in the worst case or an error in the best case.
 .SH AVAILABILITY
 This function was added in libcurl 7.18.0. Before this version, there was no
 explicit support for pausing transfers.
--- a/docs/libcurl/curl_easy_perform.3
+++ b/docs/libcurl/curl_easy_perform.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -25,33 +25,41 @@ curl_easy_perform - Perform a file transfer
 .SH SYNOPSIS
 .B #include <curl/curl.h>
 .sp
-.BI "CURLcode curl_easy_perform(CURL *" handle ");"
+.BI "CURLcode curl_easy_perform(CURL *" easy_handle ");"
 .ad
 .SH DESCRIPTION
-This function is called after the init and all the \fIcurl_easy_setopt(3)\fP
-calls are made, and will perform the transfer as described in the options.  It
-must be called with the same
-.I handle
-as input as the curl_easy_init call returned.
+Invoke this function after \fIcurl_easy_init(3)\fP and all the
+\fIcurl_easy_setopt(3)\fP calls are made, and will perform the transfer as
+described in the options. It must be called with the same \fBeasy_handle\fP as
+input as the \fIcurl_easy_init(3)\fP call returned.
+
+\fIcurl_easy_perform(3)\fP performs the entire request in a blocking manner
+and returns when done, or if it failed. For non-blocking behavior, see
+\fIcurl_multi_perform(3)\fP.

 You can do any amount of calls to \fIcurl_easy_perform(3)\fP while using the
-same handle. If you intend to transfer more than one file, you are even
-encouraged to do so. libcurl will then attempt to re-use the same connection
-for the following transfers, thus making the operations faster, less CPU
-intense and using less network resources. Just note that you will have to use
-\fIcurl_easy_setopt(3)\fP between the invokes to set options for the following
-curl_easy_perform.
+same \fBeasy_handle\fP. If you intend to transfer more than one file, you are
+even encouraged to do so. libcurl will then attempt to re-use the same
+connection for the following transfers, thus making the operations faster,
+less CPU intense and using less network resources. Just note that you will
+have to use \fIcurl_easy_setopt(3)\fP between the invokes to set options for
+the following curl_easy_perform.

 You must never call this function simultaneously from two places using the
-same handle. Let the function return first before invoking it another time. If
-you want parallel transfers, you must use several curl handles.
+same \fBeasy_handle\fP. Let the function return first before invoking it
+another time. If you want parallel transfers, you must use several curl
+easy_handles.
+
+While the \fBeasy_handle\fP is added to a multi handle, it cannot be used by
+\fIcurl_easy_perform(3)\fP.
 .SH RETURN VALUE
-0 means everything was ok, non-zero means an error occurred as
+CURLE_OK (0) means everything was ok, non-zero means an error occurred as
 .I <curl/curl.h>
-defines. If the CURLOPT_ERRORBUFFER was set with
-.I curl_easy_setopt
-there will be a readable error message in the error buffer when non-zero is
-returned.
+defines - see \fIlibcurl-errors(3)\fP. If the \fBCURLOPT_ERRORBUFFER\fP was
+set with \fIcurl_easy_setopt(3)\fP there will be a readable error message in
+the error buffer when non-zero is returned.
 .SH "SEE ALSO"
 .BR curl_easy_init "(3), " curl_easy_setopt "(3), "
+.BR curl_multi_add_handle "(3), " curl_multi_perform "(3), "
+.BR libcurl-errors "(3), "

--- a/docs/libcurl/curl_easy_setopt.3
+++ b/docs/libcurl/curl_easy_setopt.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -493,6 +493,10 @@ The data is header (or header-like) data sent to the peer.
 The data is protocol data received from the peer.
 .IP CURLINFO_DATA_OUT
 The data is protocol data sent to the peer.
+.IP CURLINFO_SSL_DATA_OUT
+The data is SSL/TLS (binary) data sent to the peer.
+.IP CURLINFO_SSL_DATA_IN
+The data is SSL/TLS (binary) data received from the peer.
 .RE
 .IP CURLOPT_DEBUGDATA
 Pass a pointer to whatever you want passed in to your
@@ -936,9 +940,9 @@ Set HTTP proxy to use. The parameter should be a char * to a zero terminated
 string holding the host name or dotted IP address. To specify port number in
 this string, append :[port] to the end of the host name. The proxy string may
 be prefixed with [protocol]:// since any such prefix will be ignored. The
-proxy's port number may optionally be specified with the separate option. If
-not specified, libcurl will default to using port 1080 for proxies.
-\fICURLOPT_PROXYPORT\fP.
+proxy's port number may optionally be specified with the separate option
+\fICURLOPT_PROXYPORT\fP. If not specified, libcurl will default to using port
+1080 for proxies.

 When you tell the library to use a HTTP proxy, libcurl will transparently
 convert operations to HTTP even if you specify an FTP URL etc. This may have
@@ -985,8 +989,8 @@ if one is specified.  The only wildcard available is a single * character,
 which matches all hosts, and effectively disables the proxy. Each name in this
 list is matched as either a domain which contains the hostname, or the
 hostname itself. For example, example.com would match example.com,
-example.com:80, and www.example.com, but not www.notanexample.com.  (Added in
-7.19.4)
+example.com:80, and www.example.com, but not www.notanexample.com or
+example.com.othertld.  (Added in 7.19.4)
 .IP CURLOPT_HTTPPROXYTUNNEL
 Set the parameter to 1 to make the library tunnel all operations through a
 given HTTP proxy. There is a big difference between using a proxy and to
@@ -1150,7 +1154,7 @@ connections or \fICURLOPT_LOGIN_OPTIONS\fP to control IMAP, POP3 and SMTP
 options.

 The user and password strings are not URL decoded, so there's no way to send
-in a user name containing a colon using this option. Use \fCURLOPT_USERNAME\fP
+in a user name containing a colon using this option. Use \fICURLOPT_USERNAME\fP
 for that, or include it in the URL.
 .IP CURLOPT_PROXYUSERPWD
 Pass a char * as parameter, which should be [user name]:[password] to use for
@@ -1184,7 +1188,7 @@ At present only IMAP, POP3 and SMTP support login options. For more
 information about the login options please see RFC2384, RFC5092 and IETF draft
 draft-earhart-url-smtp-00.txt

-\CURLOPT_LOGIN_OPTIONS\fP can be used to set protocol specific login options,
+\fBCURLOPT_LOGIN_OPTIONS\fP can be used to set protocol specific login options,
 such as the preferred authentication mechanism via "AUTH=NTLM" or "AUTH=*",
 and should be used in conjunction with the \fICURLOPT_USERNAME\fP option.
 .IP CURLOPT_PROXYUSERNAME
@@ -1306,8 +1310,7 @@ authentication methods it supports and then pick the best one you allow it to
 use. For some methods, this will induce an extra network round-trip. Set the
 actual name and password with the \fICURLOPT_PROXYUSERPWD\fP option. The
 bitmask can be constructed by or'ing together the bits listed above for the
-\fICURLOPT_HTTPAUTH\fP option. As of this writing, only Basic, Digest and NTLM
-work. (Added in 7.10.7)
+\fICURLOPT_HTTPAUTH\fP option. \fICURLOPT_PROXYAUTH\fP was added in 7.10.7
 .IP CURLOPT_SASL_IR
 Pass a long. If the value is 1, curl will send the initial response to the
 server in the first authentication packet in order to reduce the number of
@@ -1317,10 +1320,10 @@ mechanisms and to the IMAP, POP3 and SMTP protocols. (Added in 7.31.0)
 Note: Whilst IMAP supports this option there is no need to explicitly set it,
 as libcurl can determine the feature itself when the server supports the
 SASL-IR CAPABILITY.
-.IP CURLOPT_BEARER
-Pass a char * as parameter, which should point to the zero terminated OAUTH
-2.0 Bearer Access Token for use with IMAP. POP3 and SMTP servers that support
-the OAUTH 2.0 Authorization Framework. (Added in 7.33.0)
+.IP CURLOPT_XOAUTH2_BEARER
+Pass a char * as parameter, which should point to the zero terminated OAuth
+2.0 Bearer Access Token for use with IMAP, POP3 and SMTP servers that support
+the OAuth 2.0 Authorization Framework. (Added in 7.33.0)

 Note: The user name used to generate the Bearer Token should be supplied via
 the \fICURLOPT_USERNAME\fP option.
@@ -1620,7 +1623,8 @@ When setting \fICURLOPT_HTTPGET\fP to 1, it will automatically set
 .IP CURLOPT_HTTP_VERSION
 Pass a long, set to one of the values described below. They force libcurl to
 use the specific HTTP versions. This is not sensible to do unless you have a
-good reason.
+good reason. You have to set this option if you want to use libcurl's HTTP 2.0
+support.
 .RS
 .IP CURL_HTTP_VERSION_NONE
 We don't care about what version the library uses. libcurl will use whatever
@@ -1629,6 +1633,9 @@ it thinks fit.
 Enforce HTTP 1.0 requests.
 .IP CURL_HTTP_VERSION_1_1
 Enforce HTTP 1.1 requests.
+.IP CURL_HTTP_VERSION_2_0
+Attempt HTTP 2.0 requests. libcurl will fall back to HTTP 1.x if HTTP 2.0
+can't be negotiated with the server.
 .RE
 .IP CURLOPT_IGNORE_CONTENT_LENGTH
 Ignore the Content-Length header. This is useful for Apache 1.x (and similar
@@ -1646,6 +1653,12 @@ Pass a long to tell libcurl how to act on transfer decoding. If set to zero,
 transfer decoding will be disabled, if set to 1 it is enabled
 (default). libcurl does chunked transfer decoding by default unless this
 option is set to zero. (added in 7.16.2)
+.IP CURLOPT_EXPECT_100_TIMEOUT_MS
+Pass a long to tell libcurl the number of milliseconds to wait for a server
+response with the HTTP status 100 (Continue), 417 (Expectation Failed) or
+similar after sending a HTTP request containing an Expect: 100-continue
+header. If this times out before a response is received, the request body is
+sent anyway. By default, libcurl waits 1000 milliseconds. (Added in 7.36.0)
 .SH SMTP OPTIONS
 .IP CURLOPT_MAIL_FROM
 Pass a pointer to a zero terminated string as parameter. This should be used
@@ -2134,6 +2147,8 @@ as a long. See also \fICURLOPT_INFILESIZE_LARGE\fP.
 For uploading using SCP, this option or \fICURLOPT_INFILESIZE_LARGE\fP is
 mandatory.

+To "unset" this value again, set it to -1.
+
 When sending emails using SMTP, this command can be used to specify the
 optional SIZE parameter for the MAIL FROM command. (Added in 7.23.0)

@@ -2146,6 +2161,11 @@ as a curl_off_t. (Added in 7.11.0)

 For uploading using SCP, this option or \fICURLOPT_INFILESIZE\fP is mandatory.

+To "unset" this value again, set it to -1.
+
+When sending emails using SMTP, this command can be used to specify the
+optional SIZE parameter for the MAIL FROM command. (Added in 7.23.0)
+
 This option does not limit how much data libcurl will actually send, as that
 is controlled entirely by what the read callback returns.
 .IP CURLOPT_UPLOAD
@@ -2229,12 +2249,18 @@ it too slow and abort.
 Pass a curl_off_t as parameter.  If an upload exceeds this speed (counted in
 bytes per second) on cumulative average during the transfer, the transfer will
 pause to keep the average rate less than or equal to the parameter value.
-Defaults to unlimited speed. (Added in 7.15.5)
+Defaults to unlimited speed.
+
+This option doesn't affect transfer speeds done with FILE:// URLs. (Added in
+ 7.15.5)
 .IP CURLOPT_MAX_RECV_SPEED_LARGE
 Pass a curl_off_t as parameter.  If a download exceeds this speed (counted in
 bytes per second) on cumulative average during the transfer, the transfer will
 pause to keep the average rate less than or equal to the parameter
-value. Defaults to unlimited speed. (Added in 7.15.5)
+value. Defaults to unlimited speed.
+
+This option doesn't affect transfer speeds done with FILE:// URLs. (Added in
+7.15.5)
 .IP CURLOPT_MAXCONNECTS
 Pass a long. The set number will be the persistent connection cache size. The
 set amount will be the maximum amount of simultaneously open connections that
@@ -2439,6 +2465,20 @@ load your private key.

 (This option was known as CURLOPT_SSLKEYPASSWD up to 7.16.4 and
 CURLOPT_SSLCERTPASSWD up to 7.9.2)
+.IP CURLOPT_SSL_ENABLE_ALPN
+Pass a long as parameter, 0 or 1 where 1 is for enable and 0 for disable. By
+default, libcurl assumes a value of 1. This option enables/disables ALPN in
+the SSL handshake (if the SSL backend libcurl is built to use supports it),
+which can be used to negotiate http2.
+
+(Added in 7.36.0)
+.IP CURLOPT_SSL_ENABLE_NPN
+Pass a long as parameter, 0 or 1 where 1 is for enable and 0 for disable. By
+default, libcurl assumes a value of 1. This option enables/disables NPN in the
+SSL handshake (if the SSL backend libcurl is built to use supports it), which
+can be used to negotiate http2.
+
+(Added in 7.36.0)
 .IP CURLOPT_SSLENGINE
 Pass a pointer to a zero terminated string as parameter. It will be used as
 the identifier for the crypto engine you want to use for your private
--- a/docs/libcurl/curl_getdate.3
+++ b/docs/libcurl/curl_getdate.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -21,22 +21,17 @@
 .\" **************************************************************************
 .TH curl_getdate 3 "12 Aug 2005" "libcurl 7.0" "libcurl Manual"
 .SH NAME
-curl_getdate - Convert a date string to number of seconds since January 1,
-1970
+curl_getdate - Convert a date string to number of seconds
 .SH SYNOPSIS
 .B #include <curl/curl.h>
 .sp
 .BI "time_t curl_getdate(char *" datestring ", time_t *"now " );"
 .ad
 .SH DESCRIPTION
-This function returns the number of seconds since January 1st 1970 in the UTC
-time zone, for the date and time that the \fIdatestring\fP parameter
-specifies. The \fInow\fP parameter is not used, pass a NULL there.
-
-\fBNOTE:\fP This function was rewritten for the 7.12.2 release and this
-documentation covers the functionality of the new one. The new one is not
-feature-complete with the old one, but most of the formats supported by the
-new one was supported by the old too.
+\fIcurl_getdate(3)\fP returns the number of seconds since the Epoch, January
+1st 1970 00:00:00 in the UTC time zone, for the date and time that the
+\fIdatestring\fP parameter specifies. The \fInow\fP parameter is not used,
+pass a NULL there.
 .SH PARSING DATES AND TIMES
 A "date" is a string containing several items separated by whitespace. The
 order of the items is immaterial.  A date string may contain many flavors of
@@ -108,10 +103,3 @@ number).
 Having a 64 bit time_t is not a guarantee that dates beyond 03:14:07 UTC,
 January 19, 2038 will work fine. On systems with a 64 bit time_t but with a
 crippled mktime(), \fIcurl_getdate\fP will return -1 in this case.
-.SH REWRITE
-The former version of this function was built with yacc and was not only very
-large, it was also never quite understood and it wasn't possible to build with
-non-GNU tools since only GNU Bison could make it thread-safe!
-
-The rewrite was done for 7.12.2. The new one is much smaller and uses simpler
-code.
--- a/docs/libcurl/curl_multi_add_handle.3
+++ b/docs/libcurl/curl_multi_add_handle.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -33,8 +33,10 @@ this \fImulti_handle\fP control the specified \fIeasy_handle\fP.  Furthermore,
 libcurl now initiates the connection associated with the specified
 \fIeasy_handle\fP.

-When an easy handle has been added to a multi stack, you can not and you must
-not use \fIcurl_easy_perform(3)\fP on that handle!
+While an easy handle is added to a multi stack, you can not and you must not
+use \fIcurl_easy_perform(3)\fP on that handle. After having removed the handle
+from the multi stack again, it is perfectly fine to use it with the easy
+interface again.

 If the easy handle is not set to use a shared (CURLOPT_SHARE) or global DNS
 cache (CURLOPT_DNS_USE_GLOBAL_CACHE), it will be made to use the DNS cache
--- a/docs/libcurl/curl_multi_assign.3
+++ b/docs/libcurl/curl_multi_assign.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -28,8 +28,8 @@ curl_multi_assign \- set data to association with an internal socket
 CURLMcode curl_multi_assign(CURLM *multi_handle, curl_socket_t sockfd,
                            void *sockptr);
 .SH DESCRIPTION
-This function assigns an association in the multi handle between the given
-socket and a private pointer of the application. This is (only) useful for
+This function creates an association in the multi handle between the given
+socket and a private pointer of the application. This is designed for
 \fIcurl_multi_socket(3)\fP uses.

 When set, the \fIsockptr\fP pointer will be passed to all future socket
@@ -51,13 +51,13 @@ The standard CURLMcode for multi interface error codes.
 .SH "TYPICAL USAGE"
 In a typical application you allocate a struct or at least use some kind of
 semi-dynamic data for each socket that we must wait for action on when using
-the \fIcurl_multi_socket(3)\fP approach.
+the \fIcurl_multi_socket_action(3)\fP approach.

 When our socket-callback gets called by libcurl and we get to know about yet
 another socket to wait for, we can use \fIcurl_multi_assign(3)\fP to point out
 the particular data so that when we get updates about this same socket again,
 we don't have to find the struct associated with this socket by ourselves.
 .SH AVAILABILITY
-This function was added in libcurl 7.15.5, although not deemed stable yet.
+This function was added in libcurl 7.15.5.
 .SH "SEE ALSO"
-.BR curl_multi_setopt "(3), " curl_multi_socket "(3) "
+.BR curl_multi_setopt "(3), " curl_multi_socket_action "(3) "
--- a/docs/libcurl/curl_multi_setopt.3
+++ b/docs/libcurl/curl_multi_setopt.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -81,9 +81,9 @@ not used by libcurl but only passed-thru as-is. Set the callback pointer with
 \fICURLMOPT_TIMERFUNCTION\fP. (Added in 7.16.0)
 .IP CURLMOPT_MAXCONNECTS
 Pass a long. The set number will be used as the maximum amount of
-simultaneously open connections that libcurl may cache. Default is 10, and
-libcurl will enlarge the size for each added easy handle to make it fit 4
-times the number of added easy handles.
+simultaneously open connections that libcurl may keep in its connection cache
+after completed use. By default libcurl will enlarge the size for each added
+easy handle to make it fit 4 times the number of added easy handles.

 By setting this option, you can prevent the cache size from growing beyond the
 limit set by you.
@@ -94,6 +94,9 @@ number of open connections from increasing.
 This option is for the multi handle's use only, when using the easy interface
 you should instead use the \fICURLOPT_MAXCONNECTS\fP option.

+See \fICURLMOPT_MAX_TOTAL_CONNECTIONS\fP for limiting the number of active
+connections.
+
 (Added in 7.16.3)
 .IP CURLMOPT_MAX_HOST_CONNECTIONS
 Pass a long. The set number will be used as the maximum amount of
--- a/docs/libcurl/curl_version.3
+++ b/docs/libcurl/curl_version.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -30,6 +30,8 @@ curl_version - returns the libcurl version string
 .SH DESCRIPTION
 Returns a human readable string with the version number of libcurl and some of
 its important components (like OpenSSL version).
+
+We recommend using \fIcurl_version_info(3)\fP instead!
 .SH RETURN VALUE
 A pointer to a zero terminated string. The string resides in a statically
 allocated buffer and must not be freed by the caller.
--- a/docs/libcurl/curl_version_info.3
+++ b/docs/libcurl/curl_version_info.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -20,7 +20,7 @@
 .\" *
 .\" **************************************************************************
 .\"
-.TH curl_version_info 3 "10 June 2009" "libcurl 7.19.6" "libcurl Manual"
+.TH curl_version_info 3 "18 Feb 2014" "libcurl 7.33.0" "libcurl Manual"
 .SH NAME
 curl_version_info - returns run-time libcurl version info
 .SH SYNOPSIS
@@ -30,11 +30,12 @@ curl_version_info - returns run-time libcurl version info
 .ad
 .SH DESCRIPTION
 Returns a pointer to a filled in struct with information about various
-run-time features in libcurl. \fItype\fP should be set to the version of this
-functionality by the time you write your program. This way, libcurl will
-always return a proper struct that your program understands, while programs in
-the future might get a different struct. CURLVERSION_NOW will be the most
-recent one for the library you have installed:
+features in the running version of libcurl. \fItype\fP should be set to the
+version of this functionality by the time you write your program. This way,
+libcurl will always return a proper struct that your program understands,
+while programs in the future might get a different
+struct. \fBCURLVERSION_NOW\fP will be the most recent one for the library you
+have installed:

        data = curl_version_info(CURLVERSION_NOW);

@@ -133,6 +134,9 @@ libcurl was built with support for TLS-SRP. (Added in 7.21.4)
 .IP CURL_VERSION_NTLM_WB
 libcurl was built with support for NTLM delegation to a winbind helper.
 (Added in 7.22.0)
+.IP CURL_VERSION_HTTP2
+libcurl was built with support for HTTP2.
+(Added in 7.33.0)
 .RE
 \fIssl_version\fP is an ASCII string for the OpenSSL version used. If libcurl
 has no SSL support, this is NULL.
--- a/docs/libcurl/libcurl.3
+++ b/docs/libcurl/libcurl.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -29,22 +29,21 @@ specific man pages for each function mentioned in here. There are also the
 \fIlibcurl-share(3)\fP man page and the \fIlibcurl-tutorial(3)\fP man page for
 in-depth understanding on how to program with libcurl.

-There are more than thirty custom bindings available that bring libcurl access
-to your favourite language. Look elsewhere for documentation on those.
+There are many bindings available that bring libcurl access to your favourite
+language. Look elsewhere for documentation on those.

-libcurl has a global constant environment that you must set up and
-maintain while using libcurl.  This essentially means you call
+libcurl has a global constant environment that you must set up and maintain
+while using libcurl.  This essentially means you call
 \fIcurl_global_init(3)\fP at the start of your program and
-\fIcurl_global_cleanup(3)\fP at the end.  See GLOBAL CONSTANTS below
-for details.
+\fIcurl_global_cleanup(3)\fP at the end.  See \fBGLOBAL CONSTANTS\fP below for
+details.

-To transfer files, you always set up an "easy handle" using
-\fIcurl_easy_init(3)\fP for a single specific transfer (in either
-direction). You then set your desired set of options in that handle with
-\fIcurk_easy_setopt(3)\fP. Options you set with \fIcurl_easy_setopt(3)\fP will
-be used on every repeated use of this handle until you either call the
-function again and change the option, or you reset them all with
-\fIcurl_easy_reset(3)\fP.
+To transfer files, you create an "easy handle" using \fIcurl_easy_init(3)\fP
+for a single individual transfer (in either direction). You then set your
+desired set of options in that handle with \fIcurk_easy_setopt(3)\fP. Options
+you set with \fIcurl_easy_setopt(3)\fP stick. They will be used on every
+repeated use of this handle until you either change the option, or you reset
+them all with \fIcurl_easy_reset(3)\fP.

 To actually transfer data you have the option of using the "easy" interface,
 or the "multi" interface.
@@ -98,6 +97,8 @@ Unix-like operating system that ship libcurl as part of their distributions
 often don't provide the curl-config tool, but simply install the library and
 headers in the common path for this purpose.

+Many Linux and similar sytems use pkg-config to provide build and link options
+about libraries and libcurl supports that as well.
 .SH "LIBCURL SYMBOL NAMES"
 All public functions in the libcurl interface are prefixed with 'curl_' (with
 a lowercase c). You can find other functions in the library source code, but
@@ -115,8 +116,8 @@ several threads. libcurl is thread-safe and can be used in any number of
 threads, but you must use separate curl handles if you want to use libcurl in
 more than one thread simultaneously.

-The global environment functions are not thread-safe.  See GLOBAL CONSTANTS
-below for details.
+The global environment functions are not thread-safe.  See \fBGLOBAL
+CONSTANTS\fP below for details.

 .SH "PERSISTENT CONNECTIONS"
 Persistent connections means that libcurl can re-use the same connection for
--- a/docs/libcurl/symbols-in-versions
+++ b/docs/libcurl/symbols-in-versions
@@ -341,6 +341,7 @@ CURLOPT_DNS_USE_GLOBAL_CACHE    7.9.3         7.11.1
 CURLOPT_EGDSOCKET               7.7
 CURLOPT_ENCODING                7.10
 CURLOPT_ERRORBUFFER             7.1
+CURLOPT_EXPECT_100_TIMEOUT_MS   7.36.0
 CURLOPT_FAILONERROR             7.1
 CURLOPT_FILE                    7.1           7.9.7
 CURLOPT_FILETIME                7.5
@@ -495,6 +496,8 @@ CURLOPT_SSLKEY                  7.9.3
 CURLOPT_SSLKEYPASSWD            7.9.3         7.17.0
 CURLOPT_SSLKEYTYPE              7.9.3
 CURLOPT_SSLVERSION              7.1
+CURLOPT_SSL_ENABLE_ALPN         7.36.0
+CURLOPT_SSL_ENABLE_NPN          7.36.0
 CURLOPT_SSL_CIPHER_LIST         7.9
 CURLOPT_SSL_CTX_DATA            7.10.6
 CURLOPT_SSL_CTX_FUNCTION        7.10.6
--- a/docs/mk-ca-bundle.1
+++ b/docs/mk-ca-bundle.1
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 2008 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 2008 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -20,7 +20,7 @@
 .\" *
 .\" **************************************************************************
 .\"
-.TH mk-ca-bundle 1 "5 Jan 2013" "version 1.17" "mk-ca-bundle manual"
+.TH mk-ca-bundle 1 "5 Jan 2013" "version 1.20" "mk-ca-bundle manual"
 .SH NAME
 mk-ca-bundle \- convert mozilla's certdata.txt to PEM format
 .SH SYNOPSIS
@@ -42,6 +42,10 @@ curl, wget and more.
 The following options are supported:
 .IP -b
 backup an existing version of \fIoutputfilename\fP
+.IP -d [name]
+specify which Mozilla tree to pull certdata.txt from (or a custom URL). Valid
+names are: aurora, beta, central, mozilla, nss, release (default). They are
+shortcuts for which source tree to get the cert data from.
 .IP -f
 force rebuild even if certdata.txt is current (Added in version 1.17)
 .IP -i
--- a/include/curl/curl.h
+++ b/include/curl/curl.h
@@ -1571,6 +1571,16 @@ typedef enum {
  /* Set authentication options directly */
  CINIT(LOGIN_OPTIONS, OBJECTPOINT, 224),

+  /* Enable/disable TLS NPN extension (http2 over ssl might fail without) */
+  CINIT(SSL_ENABLE_NPN, LONG, 225),
+
+  /* Enable/disable TLS ALPN extension (http2 over ssl might fail without) */
+  CINIT(SSL_ENABLE_ALPN, LONG, 226),
+
+  /* Time to wait for a response to a HTTP request containing an
+   * Expect: 100-continue header before sending the data anyway. */
+  CINIT(EXPECT_100_TIMEOUT_MS, LONG, 227),
+
  CURLOPT_LASTENTRY /* the last unused */
 } CURLoption;

--- a/include/curl/curlver.h
+++ b/include/curl/curlver.h
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -26,16 +26,16 @@
   a script at release-time. This was made its own header file in 7.11.2 */

 /* This is the global package copyright */
-#define LIBCURL_COPYRIGHT "1996 - 2013 Daniel Stenberg, <daniel@haxx.se>."
+#define LIBCURL_COPYRIGHT "1996 - 2014 Daniel Stenberg, <daniel@haxx.se>."

 /* This is the version number of the libcurl package from which this header
   file origins: */
-#define LIBCURL_VERSION "7.34.0-DEV"
+#define LIBCURL_VERSION "7.36.0-DEV"

 /* The numeric version number is also available "in parts" by using these
   defines: */
 #define LIBCURL_VERSION_MAJOR 7
-#define LIBCURL_VERSION_MINOR 34
+#define LIBCURL_VERSION_MINOR 36
 #define LIBCURL_VERSION_PATCH 0

 /* This is the numeric version of the libcurl version number, meant for easier
@@ -53,7 +53,7 @@
   and it is always a greater number in a more recent release. It makes
   comparisons with greater than and less than work.
 */
-#define LIBCURL_VERSION_NUM 0x072200
+#define LIBCURL_VERSION_NUM 0x072400

 /*
 * This is the date and time when the full source package was created. The
--- a/lib/Makefile.Watcom
+++ b/lib/Makefile.Watcom
@@ -3,16 +3,31 @@
 #  G. Vanem <gvanem@broadpark.no>
 #

+.ERASE
+
+!if $(__VERSION__) < 1280
+!message !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!message ! This Open Watcom version is too old and is no longer supported !
+!message !     Please download latest version from www.openwatcom.org     !
+!message !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!error Unsupported version of Open Watcom
+!endif
+
 !ifndef %watcom
 !error WATCOM environment variable not set!
 !endif

+# In order to process Makefile.inc wmake must be called with -u switch!
+!ifndef %MAKEFLAGS
+!error You MUST call wmake with the -u switch!
+!endif
+
 !ifdef %libname
 LIBNAME = $(%libname)
 !else
 LIBNAME = libcurl
 !endif
-TARGETS = $(LIBNAME).dll $(LIBNAME)_imp.lib $(LIBNAME).lib
+TARGETS = $(LIBNAME).dll $(LIBNAME).lib

 CC = wcc386
 LD = wlink
@@ -23,37 +38,29 @@ RC = wrc
 !  loaddll wcc386  wccd386
 !  loaddll wpp386  wppd386
 !  loaddll wlib    wlibd
-!  if $(__VERSION__) > 1270
 !  loaddll wlink   wlinkd
-!  else
-!    loaddll wlink   wlink
-!  endif
 !endif

 !ifdef __LINUX__
-DS = /
 CP = cp
 MD = mkdir -p
-RD = rmdir -p
-RM = rm -f
 !else
-DS = $(X)\$(X)
 CP = copy 2>NUL
 MD = mkdir
-RD = rmdir /q /s 2>NUL
-!if $(__VERSION__) < 1250
-RM = del /q /f 2>NUL
-!else
-RM = rm -f
 !endif
+!if $(__VERSION__) > 1290
+RD = rm -rf
+!else ifdef __UNIX__
+RD = rm -rf
+!else
+RD = rmdir /q /s 2>NUL
 !endif

-SYS_INCL = -I$(%watcom)$(DS)h$(DS)nt -I$(%watcom)$(DS)h
-SYS_LIBS = $(%watcom)$(DS)lib386$(DS)nt;$(%watcom)$(DS)lib386
+SYS_INCL = -I"$(%watcom)/h/nt" -I"$(%watcom)/h"

 CFLAGS = -3r -mf -hc -zff -zgf -zq -zm -zc -s -fr=con -w2 -fpi -oilrtfm &
         -wcd=201 -bt=nt -d+ -dWIN32 -dCURL_WANTS_CA_BUNDLE_ENV         &
-         -dBUILDING_LIBCURL -dHAVE_SPNEGO=1 -I. -I..$(DS)include $(SYS_INCL)
+         -dBUILDING_LIBCURL -dHAVE_SPNEGO=1 -I. -I"../include" $(SYS_INCL)

 !ifdef %debug
 DEBUG  = -dDEBUG=1 -dDEBUGBUILD
@@ -83,169 +90,162 @@ CFLAGS += -dWANT_IDN_PROTOTYPES
 !ifdef %zlib_root
 ZLIB_ROOT = $(%zlib_root)
 !else
-ZLIB_ROOT = ..$(DS)..$(DS)zlib-1.2.8
+ZLIB_ROOT = ../../zlib-1.2.8
 !endif

 !ifdef %libssh2_root
 LIBSSH2_ROOT = $(%libssh2_root)
 !else
-LIBSSH2_ROOT = ..$(DS)..$(DS)libssh2-1.4.3
+LIBSSH2_ROOT = ../../libssh2-1.4.3
 !endif

 !ifdef %librtmp_root
 LIBRTMP_ROOT = $(%librtmp_root)
 !else
-LIBRTMP_ROOT = ..$(DS)..$(DS)rtmpdump-2.3
+LIBRTMP_ROOT = ../../rtmpdump-2.3
 !endif

 !ifdef %openssl_root
 OPENSSL_ROOT = $(%openssl_root)
 !else
-OPENSSL_ROOT = ..$(DS)..$(DS)openssl-0.9.8y
+OPENSSL_ROOT = ../../openssl-0.9.8y
 !endif

 !ifdef %ares_root
 ARES_ROOT = $(%ares_root)
 !else
-ARES_ROOT = ..$(DS)ares
+ARES_ROOT = ../ares
 !endif

 !ifdef %use_zlib
-CFLAGS += -dHAVE_ZLIB_H -dHAVE_LIBZ -I$(ZLIB_ROOT)
+CFLAGS += -dHAVE_ZLIB_H -dHAVE_LIBZ -I"$(ZLIB_ROOT)"
 !endif

 !ifdef %use_rtmp
-CFLAGS += -dUSE_LIBRTMP -I$(LIBRTMP_ROOT)
+CFLAGS += -dUSE_LIBRTMP -I"$(LIBRTMP_ROOT)"
 !endif

 !ifdef %use_ssh2
-CFLAGS += -DUSE_LIBSSH2 -DHAVE_LIBSSH2_H -I$(LIBSSH2_ROOT)$(DS)include -I$(LIBSSH2_ROOT)$(DS)win32
+CFLAGS += -DUSE_LIBSSH2 -DHAVE_LIBSSH2_H -I"$(LIBSSH2_ROOT)/include" -I"$(LIBSSH2_ROOT)/win32"
 !endif

 !ifdef %use_ssl
-CFLAGS += -wcd=138 -dUSE_OPENSSL -dUSE_SSLEAY -I$(OPENSSL_ROOT)$(DS)inc32
+CFLAGS += -wcd=138 -dUSE_OPENSSL -dUSE_SSLEAY -I"$(OPENSSL_ROOT)/inc32"
 !endif

 !ifdef %use_ares
-CFLAGS += -dUSE_ARES -I$(ARES_ROOT)
+CFLAGS += -dUSE_ARES -I"$(ARES_ROOT)"
 !endif

 !ifdef %use_watt32
-CFLAGS += -dUSE_WATT32 -I$(%watt_root)$(DS)inc
+CFLAGS += -dUSE_WATT32 -I"$(%watt_root)/inc"
 !endif

 OBJ_BASE = WC_Win32.obj
-LINK_ARG = $(OBJ_BASE)$(DS)dyn$(DS)wlink.arg
-LIB_ARG  = $(OBJ_BASE)$(DS)stat$(DS)wlib.arg
-
-# In order to process Makefile.inc wmake must be called with -u switch!
-!ifndef %MAKEFLAGS
-!error You MUST call wmake with the -u switch!
+!if $(__VERSION__) > 1290
+OBJ_STAT = $(OBJ_BASE)/stat
+OBJ_DYN  = $(OBJ_BASE)/dyn
+!else ifdef __UNIX__
+OBJ_STAT = $(OBJ_BASE)/stat
+OBJ_DYN  = $(OBJ_BASE)/dyn
 !else
+OBJ_STAT = $(OBJ_BASE)\stat
+OBJ_DYN  = $(OBJ_BASE)\dyn
+!endif
+
+LINK_ARG = $(OBJ_DYN)/wlink.arg
+LIB_ARG  = $(OBJ_STAT)/wlib.arg
+
 !include Makefile.inc
-!endif

-OBJS = $(CSOURCES:.c=.obj)
-!ifdef __LINUX__
-OBJS = $OBJ_DIR/$(OBJS: = $OBJ_DIR/)
+OBJS1 = ./$(CSOURCES:.c=.obj)
+OBJS2 = $(OBJS1:vtls/=)
+OBJS3 = $(OBJS2: = ./)
+OBJS_STAT = $(OBJS3:./=$(OBJ_STAT)/)
+OBJS_DYN  = $(OBJS3:./=$(OBJ_DYN)/)

-!else
-OBJS = $OBJ_DIR\$(OBJS: = $OBJ_DIR\)
-!endif
+CURLBUILDH = ../include/curl/curlbuild.h
+RESOURCE   = $(OBJ_DYN)/libcurl.res

-#
-# Use $(OBJS) as a template to generate $(OBJS_STAT) and $(OBJS_DYN).
-#
-OBJ_DIR    = $(OBJ_BASE)$(DS)stat
-OBJS_STAT  = $+ $(OBJS) $-
+DIRS = $(OBJ_BASE) $(OBJ_BASE)/stat $(OBJ_BASE)/dyn

-OBJ_DIR    = $(OBJ_BASE)$(DS)dyn
-OBJS_DYN   = $+ $(OBJS) $-
+.c : vtls

-CURLBUILDH = ..$(DS)include$(DS)curl$(DS)curlbuild.h
-RESOURCE   = $(OBJ_BASE)$(DS)dyn$(DS)libcurl.res
-
-all: $(CURLBUILDH) $(OBJ_BASE) $(TARGETS) .SYMBOLIC
+all: $(CURLBUILDH) $(DIRS) $(TARGETS) .SYMBOLIC
 	@echo Welcome to libcurl

 clean: .SYMBOLIC
-	-$(RM) $(OBJS_STAT)
-	-$(RM) $(OBJS_DYN)
-	-$(RM) $(RESOURCE) $(LINK_ARG) $(LIB_ARG)
+	-rm -f $(OBJS_STAT)
+	-rm -f $(OBJS_DYN)
+	-rm -f $(RESOURCE) $(LINK_ARG) $(LIB_ARG)

 vclean distclean: clean .SYMBOLIC
-	-$(RM) $(TARGETS) $(LIBNAME).map $(LIBNAME).sym
-	-$(RD) $(OBJ_BASE)$(DS)stat
-	-$(RD) $(OBJ_BASE)$(DS)dyn
+	-rm -f $(TARGETS) $(LIBNAME).map $(LIBNAME).sym
+	-$(RD) $(OBJ_STAT)
+	-$(RD) $(OBJ_DYN)
 	-$(RD) $(OBJ_BASE)

-$(OBJ_BASE):
+$(DIRS):
 	-$(MD) $^@
-	-$(MD) $^@$(DS)stat
-	-$(MD) $^@$(DS)dyn

 $(CURLBUILDH): .EXISTSONLY
 	$(CP) $^@.dist $^@

-$(LIBNAME).dll: $(OBJS_DYN) $(RESOURCE) $(LINK_ARG)
-	$(LD) name $^@ @$]@
-
-$(LIBNAME).lib: $(OBJS_STAT) $(LIB_ARG)
-	$(AR) -q -b -c $^@ @$]@
-
-.ERASE
-$(RESOURCE): libcurl.rc
-	$(RC) $(DEBUG) -q -r -zm -bt=nt -I..$(DS)include $(SYS_INCL) $[@ -fo=$^@
-
-.ERASE
-.c{$(OBJ_BASE)$(DS)dyn}.obj:
-	$(CC) $(CFLAGS) -bd -br $[@ -fo=$^@
-
-.ERASE
-.c{$(OBJ_BASE)$(DS)stat}.obj:
-	$(CC) $(CFLAGS) -DCURL_STATICLIB $[@ -fo=$^@
-
-$(LINK_ARG): $(__MAKEFILES__)
-	%create $^@
-	@%append $^@ system nt dll
-	@%append $^@ file { $(OBJS_DYN) }
+$(LIBNAME).dll: $(OBJS_DYN) $(RESOURCE) $(__MAKEFILES__)
+	%create $(LINK_ARG)
+	@%append $(LINK_ARG) system nt dll
 !ifdef %debug
-	@%append $^@ debug all
-	@%append $^@ option symfile
+	@%append $(LINK_ARG) debug all
+	@%append $(LINK_ARG) option symfile
 !endif
-	@%append $^@ option quiet, map, caseexact, eliminate, implib=$(LIBNAME)_imp.lib,
-	@%append $^@ res=$(RESOURCE) libpath $(SYS_LIBS)
-	@%append $^@ library wldap32.lib
+	@%append $(LINK_ARG) option quiet, caseexact, eliminate
+	@%append $(LINK_ARG) option map=$(OBJ_DYN)/$(LIBNAME).map
+	@%append $(LINK_ARG) option implib=$(LIBNAME)_imp.lib
+	@%append $(LINK_ARG) option res=$(RESOURCE)
+	@for %f in ($(OBJS_DYN)) do @%append $(LINK_ARG) file %f
+	@%append $(LINK_ARG) library wldap32.lib
 !ifdef %use_watt32
-	@%append $^@ library $(%watt_root)$(DS)lib$(DS)wattcpw_imp.lib
+	@%append $(LINK_ARG) library '$(%watt_root)/lib/wattcpw_imp.lib'
 !else
-	@%append $^@ library ws2_32.lib
+	@%append $(LINK_ARG) library ws2_32.lib
 !endif
 !ifdef %use_zlib
-	@%append $^@ library $(ZLIB_ROOT)$(DS)zlib.lib
+	@%append $(LINK_ARG) library '$(ZLIB_ROOT)/zlib.lib'
 !endif
 !ifdef %use_rtmp
-	@%append $^@ library $(LIBRTMP_ROOT)$(DS)librtmp$(DS)librtmp.lib
+	@%append $(LINK_ARG) library '$(LIBRTMP_ROOT)/librtmp/librtmp.lib'
 !endif
 !ifdef %use_ssh2
-	@%append $^@ library $(LIBSSH2_ROOT)$(DS)win32$(DS)libssh2.lib
+	@%append $(LINK_ARG) library '$(LIBSSH2_ROOT)/win32/libssh2.lib'
 !endif
 !ifdef %use_ssl
-	@%append $^@ library $(OPENSSL_ROOT)$(DS)out32$(DS)libeay32.lib, $(OPENSSL_ROOT)$(DS)out32$(DS)ssleay32.lib
+	@%append $(LINK_ARG) library '$(OPENSSL_ROOT)/out32/libeay32.lib'
+	@%append $(LINK_ARG) library '$(OPENSSL_ROOT)/out32/ssleay32.lib'
 !endif
 !ifdef %use_ares
-	@%append $^@ library $(ARES_ROOT)$(DS)cares.lib
+	@%append $(LINK_ARG) library '$(ARES_ROOT)/cares.lib'
 !endif
 !ifdef %use_winidn
 !  if $(__VERSION__) > 1290
-	@%append $^@ library normaliz.lib
+	@%append $(LINK_ARG) library normaliz.lib
 !  else
-	@%append $^@ import '_IdnToAscii@20' 'NORMALIZ.DLL'.'IdnToAscii'
-	@%append $^@ import '_IdnToUnicode@20' 'NORMALIZ.DLL'.'IdnToUnicode'
+	@%append $(LINK_ARG) import '_IdnToAscii@20' 'NORMALIZ.DLL'.'IdnToAscii'
+	@%append $(LINK_ARG) import '_IdnToUnicode@20' 'NORMALIZ.DLL'.'IdnToUnicode'
 !  endif
 !endif
+	$(LD) name $^@ @$(LINK_ARG)

-$(LIB_ARG): $(__MAKEFILES__)
-	%create $^@
-	@for %f in ($(OBJS_STAT)) do @%append $^@ +- %f
+$(LIBNAME).lib: $(OBJS_STAT)
+	%create $(LIB_ARG)
+	@for %f in ($<) do @%append $(LIB_ARG) +- %f
+	$(AR) -q -b -c -pa $^@ @$(LIB_ARG)
+
+$(RESOURCE): libcurl.rc
+	$(RC) $(DEBUG) -q -r -zm -bt=nt -I"../include" $(SYS_INCL) $[@ -fo=$^@
+
+.c{$(OBJ_DYN)}.obj:
+	$(CC) $(CFLAGS) -bd -br $[@ -fo=$^@
+
+.c{$(OBJ_STAT)}.obj:
+	$(CC) $(CFLAGS) -DCURL_STATICLIB $[@ -fo=$^@
 	
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -60,20 +60,15 @@ CFLAGS += @CURL_CFLAG_EXTRAS@
 # $(top_builddir)/ares is for in-tree c-ares's generated ares_build.h file
 # $(top_srcdir)/ares is for in-tree c-ares's external include files

-if USE_EMBEDDED_ARES
-AM_CPPFLAGS = -I$(top_builddir)/include/curl \
-              -I$(top_builddir)/include      \
-              -I$(top_srcdir)/include        \
-              -I$(top_builddir)/lib          \
-              -I$(top_srcdir)/lib            \
-              -I$(top_builddir)/ares         \
-              -I$(top_srcdir)/ares
-else
 AM_CPPFLAGS = -I$(top_builddir)/include/curl \
              -I$(top_builddir)/include      \
              -I$(top_srcdir)/include        \
              -I$(top_builddir)/lib          \
              -I$(top_srcdir)/lib
+
+if USE_EMBEDDED_ARES
+AM_CPPFLAGS += -I$(top_builddir)/ares        \
+               -I$(top_srcdir)/ares
 endif

 # Prevent LIBS from being used for all link targets
--- a/lib/Makefile.inc
+++ b/lib/Makefile.inc
@@ -1,49 +1,65 @@
-# ./lib/Makefile.inc
-# Using the backslash as line continuation character might be problematic
-# with some make flavours, as Watcom's wmake showed us already. If we
-# ever want to change this in a portable manner then we should consider
-# this idea (posted to the libcurl list by Adam Kellas):
-# CSRC1 = file1.c file2.c file3.c
-# CSRC2 = file4.c file5.c file6.c
-# CSOURCES = $(CSRC1) $(CSRC2)
+#***************************************************************************
+#                                  _   _ ____  _
+#  Project                     ___| | | |  _ \| |
+#                             / __| | | | |_) | |
+#                            | (__| |_| |  _ <| |___
+#                             \___|\___/|_| \_\_____|
+#
+# Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+#
+# This software is licensed as described in the file COPYING, which
+# you should have received as part of this distribution. The terms
+# are also available at http://curl.haxx.se/docs/copyright.html.
+#
+# You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# copies of the Software, and permit persons to whom the Software is
+# furnished to do so, under the terms of the COPYING file.
+#
+# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# KIND, either express or implied.
+#
+###########################################################################
+
+VSOURCES=vtls/openssl.c vtls/gtls.c vtls/vtls.c vtls/nss.c vtls/qssl.c	\
+  vtls/polarssl.c vtls/polarssl_threadlock.c vtls/axtls.c vtls/cyassl.c	\
+  vtls/curl_schannel.c vtls/curl_darwinssl.c vtls/gskit.c
+VHEADERS= vtls/qssl.h vtls/openssl.h vtls/vtls.h vtls/gtls.h		\
+  vtls/nssg.h vtls/polarssl.h vtls/polarssl_threadlock.h vtls/axtls.h	\
+  vtls/cyassl.h vtls/curl_schannel.h vtls/curl_darwinssl.h vtls/gskit.h

 CSOURCES = file.c timeval.c base64.c hostip.c progress.c formdata.c	\
  cookie.c http.c sendf.c ftp.c url.c dict.c if2ip.c speedcheck.c	\
-  ldap.c ssluse.c version.c getenv.c escape.c mprintf.c telnet.c	\
-  netrc.c getinfo.c transfer.c strequal.c easy.c security.c      	\
-  curl_fnmatch.c fileinfo.c ftplistparser.c wildcard.c krb5.c		\
-  memdebug.c http_chunks.c strtok.c connect.c llist.c hash.c multi.c	\
-  content_encoding.c share.c http_digest.c md4.c md5.c	\
-  http_negotiate.c inet_pton.c strtoofft.c strerror.c amigaos.c		\
-  hostasyn.c hostip4.c hostip6.c hostsyn.c inet_ntop.c parsedate.c	\
-  select.c gtls.c sslgen.c tftp.c splay.c strdup.c socks.c ssh.c nss.c	\
-  qssl.c rawstr.c curl_addrinfo.c socks_gssapi.c socks_sspi.c		\
+  ldap.c version.c getenv.c escape.c mprintf.c telnet.c netrc.c		\
+  getinfo.c transfer.c strequal.c easy.c security.c curl_fnmatch.c	\
+  fileinfo.c ftplistparser.c wildcard.c krb5.c memdebug.c http_chunks.c	\
+  strtok.c connect.c llist.c hash.c multi.c content_encoding.c share.c	\
+  http_digest.c md4.c md5.c http_negotiate.c inet_pton.c strtoofft.c	\
+  strerror.c amigaos.c hostasyn.c hostip4.c hostip6.c hostsyn.c		\
+  inet_ntop.c parsedate.c select.c tftp.c splay.c strdup.c socks.c	\
+  ssh.c rawstr.c curl_addrinfo.c socks_gssapi.c socks_sspi.c		\
  curl_sspi.c slist.c nonblock.c curl_memrchr.c imap.c pop3.c smtp.c	\
-  pingpong.c rtsp.c curl_threads.c warnless.c hmac.c polarssl.c		\
-  polarssl_threadlock.c curl_rtmp.c openldap.c curl_gethostname.c	\
-  gopher.c axtls.c idn_win32.c http_negotiate_sspi.c cyassl.c		\
-  http_proxy.c non-ascii.c asyn-ares.c asyn-thread.c curl_gssapi.c	\
-  curl_ntlm.c curl_ntlm_wb.c curl_ntlm_core.c curl_ntlm_msgs.c		\
-  curl_sasl.c curl_schannel.c curl_multibyte.c curl_darwinssl.c		\
+  pingpong.c rtsp.c curl_threads.c warnless.c hmac.c curl_rtmp.c	\
+  openldap.c curl_gethostname.c gopher.c idn_win32.c			\
+  http_negotiate_sspi.c http_proxy.c non-ascii.c asyn-ares.c		\
+  asyn-thread.c curl_gssapi.c curl_ntlm.c curl_ntlm_wb.c		\
+  curl_ntlm_core.c curl_ntlm_msgs.c curl_sasl.c curl_multibyte.c	\
  hostcheck.c bundles.c conncache.c pipeline.c dotdot.c x509asn1.c	\
-  gskit.c http2.c
+  http2.c $(VSOURCES)

-HHEADERS = arpa_telnet.h netrc.h file.h timeval.h qssl.h hostip.h	\
-  progress.h formdata.h cookie.h http.h sendf.h ftp.h url.h dict.h	\
-  if2ip.h speedcheck.h urldata.h curl_ldap.h ssluse.h escape.h telnet.h	\
-  getinfo.h strequal.h curl_sec.h memdebug.h http_chunks.h		\
-  curl_fnmatch.h wildcard.h fileinfo.h ftplistparser.h strtok.h		\
-  connect.h llist.h hash.h content_encoding.h share.h curl_md4.h	\
-  curl_md5.h http_digest.h http_negotiate.h inet_pton.h amigaos.h	\
-  strtoofft.h strerror.h inet_ntop.h curlx.h curl_memory.h curl_setup.h	\
-  transfer.h select.h easyif.h multiif.h parsedate.h sslgen.h gtls.h	\
-  tftp.h sockaddr.h splay.h strdup.h socks.h ssh.h nssg.h curl_base64.h	\
-  rawstr.h curl_addrinfo.h curl_sspi.h slist.h nonblock.h		\
-  curl_memrchr.h imap.h pop3.h smtp.h pingpong.h rtsp.h curl_threads.h	\
-  warnless.h curl_hmac.h polarssl.h polarssl_threadlock.h curl_rtmp.h	\
-  curl_gethostname.h gopher.h axtls.h cyassl.h http_proxy.h non-ascii.h	\
-  asyn.h curl_ntlm.h curl_gssapi.h curl_ntlm_wb.h curl_ntlm_core.h	\
-  curl_ntlm_msgs.h curl_sasl.h curl_schannel.h curl_multibyte.h		\
-  curl_darwinssl.h hostcheck.h bundles.h conncache.h curl_setup_once.h	\
-  multihandle.h setup-vms.h pipeline.h dotdot.h x509asn1.h gskit.h	\
-  http2.h sigpipe.h
+HHEADERS = arpa_telnet.h netrc.h file.h timeval.h hostip.h progress.h	\
+  formdata.h cookie.h http.h sendf.h ftp.h url.h dict.h if2ip.h		\
+  speedcheck.h urldata.h curl_ldap.h escape.h telnet.h getinfo.h	\
+  strequal.h curl_sec.h memdebug.h http_chunks.h curl_fnmatch.h		\
+  wildcard.h fileinfo.h ftplistparser.h strtok.h connect.h llist.h	\
+  hash.h content_encoding.h share.h curl_md4.h curl_md5.h http_digest.h	\
+  http_negotiate.h inet_pton.h amigaos.h strtoofft.h strerror.h		\
+  inet_ntop.h curlx.h curl_memory.h curl_setup.h transfer.h select.h	\
+  easyif.h multiif.h parsedate.h tftp.h sockaddr.h splay.h strdup.h	\
+  socks.h ssh.h curl_base64.h rawstr.h curl_addrinfo.h curl_sspi.h	\
+  slist.h nonblock.h curl_memrchr.h imap.h pop3.h smtp.h pingpong.h	\
+  rtsp.h curl_threads.h warnless.h curl_hmac.h curl_rtmp.h		\
+  curl_gethostname.h gopher.h http_proxy.h non-ascii.h asyn.h		\
+  curl_ntlm.h curl_gssapi.h curl_ntlm_wb.h curl_ntlm_core.h		\
+  curl_ntlm_msgs.h curl_sasl.h curl_multibyte.h hostcheck.h bundles.h	\
+  conncache.h curl_setup_once.h multihandle.h setup-vms.h pipeline.h	\
+  dotdot.h x509asn1.h http2.h sigpipe.h $(VHEADERS)
--- a/lib/Makefile.m32
+++ b/lib/Makefile.m32
@@ -285,7 +285,7 @@ $(libcurl_dll_LIBRARY): $(libcurl_a_OBJECTS) $(RESOURCE) $(libcurl_dll_DEPENDENC
 	  $(libcurl_a_OBJECTS) $(RESOURCE) $(DLL_LIBS)

 %.o: %.c $(PROOT)/include/curl/curlbuild.h
-	$(CC) $(INCLUDES) $(CFLAGS) -c $<
+	$(CC) $(INCLUDES) $(CFLAGS) -c $< -o $@

 %.res: %.rc
 	$(RC) $(RCFLAGS) $< -o $@
--- a/lib/Makefile.netware
+++ b/lib/Makefile.netware
@@ -315,10 +315,12 @@ endif
 # Makefile.inc provides the CSOURCES and HHEADERS defines
 include Makefile.inc

-OBJS	:= $(patsubst %.c,$(OBJDIR)/%.o,$(strip $(CSOURCES))) $(OBJDIR)/nwos.o
+OBJS	:= $(patsubst %.c,$(OBJDIR)/%.o,$(strip $(notdir $(CSOURCES)))) $(OBJDIR)/nwos.o

 OBJL	= $(OBJS) $(OBJDIR)/nwlib.o $(LDLIBS)

+vpath %.c . vtls
+
 all: lib nlm

 nlm: prebuild $(TARGET).nlm
--- a/lib/Makefile.vc6
+++ b/lib/Makefile.vc6
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1999 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1999 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -165,6 +165,18 @@ CC       = $(CCNODBG) $(RTLIB) $(CFLAGSSSL) $(CFLAGSLIB)
 CFGSET   = TRUE
 !ENDIF

+######################
+# release-winssl
+
+!IF "$(CFG)" == "release-winssl"
+TARGET   = $(LIBCURL_STA_LIB_REL)
+DIROBJ   = $(CFG)
+LFLAGSZLIB = "/LIBPATH:$(ZLIB_PATH)"
+LNK      = $(LNKLIB) /out:$(DIROBJ)\$(TARGET)
+CC       = $(CCNODBG) $(RTLIB) $(CFLAGSWINSSL) $(CFLAGSLIB)
+CFGSET   = TRUE
+!ENDIF
+
 ######################
 # release-zlib

@@ -601,8 +613,8 @@ X_OBJS= \
 	$(DIROBJ)\speedcheck.obj \
 	$(DIROBJ)\splay.obj \
 	$(DIROBJ)\ssh.obj \
-	$(DIROBJ)\sslgen.obj \
-	$(DIROBJ)\ssluse.obj \
+	$(DIROBJ)\vtls.obj \
+	$(DIROBJ)\openssl.obj \
 	$(DIROBJ)\strdup.obj \
 	$(DIROBJ)\strequal.obj \
 	$(DIROBJ)\strerror.obj \
@@ -641,6 +653,9 @@ $(DIROBJ):
 {.\}.c{$(DIROBJ)\}.obj:
 	$(CC) $(CFLAGS) /Fo"$@"  $<

+{.\vtls\}.c{$(DIROBJ)\}.obj:
+	$(CC) $(CFLAGS) /Fo"$@"  $<
+
 debug-dll\libcurl.res \
 debug-dll-ssl-dll\libcurl.res \
 debug-dll-zlib-dll\libcurl.res \
--- a/lib/README.http2
+++ b/lib/README.http2
@@ -1,28 +1,63 @@

 HTTP2 with libcurl

- Spec: http://tools.ietf.org/html/draft-ietf-httpbis-http2-06
+ Spec: http://tools.ietf.org/html/draft-ietf-httpbis-http2
+
+ Build prerequisites
+  - nghttp2
+  - OpenSSL or NSS or GnutTLS with a new enough version

 nghttp2 (https://github.com/tatsuhiro-t/nghttp2)

-  We're depending on this 3rd party library for the actual low level protocol
-  handling parts. The reason for this is that HTTP2 is much more complex at
-  that layer than HTTP1.1 (which we implement on our own) and that nghttp2 is
-  an already existing and well functional library.
+  libcurl uses this 3rd party library for the low level protocol handling
+  parts. The reason for this is that HTTP2 is much more complex at that layer
+  than HTTP1.1 (which we implement on our own) and that nghttp2 is an already
+  existing and well functional library.
+
+  Right now, nghttp2 implements http2 draft-09
+
+  We require at least version 0.3.0

 Over an http:// URL

  If CURLOPT_HTTP_VERSION is set to CURL_HTTP_VERSION_2, libcurl will include
  an upgrade header in the initial request to the host to allow upgrading to
-  http2. Possibly introduce an option that will cause libcurl to fail if not
-  possible to upgrade. Possibly introduce an option that makes libcurl use
-  http2 at once over http://
+  http2.
+
+  Possibly we can later introduce an option that will cause libcurl to fail if
+  not possible to upgrade. Possibly we introduce an option that makes libcurl
+  use http2 at once over http://

 Over an https:// URL

  If CURLOPT_HTTP_VERSION is set to CURL_HTTP_VERSION_2, libcurl will use ALPN
  (or NPN) to negotiate which protocol to continue with. Possibly introduce an
  option that will cause libcurl to fail if not possible to use http2.
+  Consider options to explicitly disable ALPN and/or NPN.
+
+  ALPN is the TLS extension that http2 is expected to use. The NPN extension
+  is for a similar purpose, was made prior to ALPN and is used for SPDY so
+  early http2 servers are implemented using NPN before ALPN support is
+  widespread.
+
+SSL libs
+
+  The challenge is the ALPN and NPN support and all our different SSL
+  backends. You may need a fairly updated SSL library version for it to
+  provide the necessary TLS features. Right now we support:
+
+    OpenSSL: ALPN and NPN
+    NSS:     ALPN and NPN
+    GnuTLS:  ALPN
+
+Applications
+
+  We hide http2's binary nature and convert received http2 traffic to headers
+  in HTTP 1.1 style. This allows applications to work unmodified.
+
+curl tool
+
+  curl offers the --http2 command line option to enable use of http2

 To consider:

--- a/lib/asyn-thread.c
+++ b/lib/asyn-thread.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -209,7 +209,7 @@ int init_thread_sync_data(struct thread_sync_data * tsd,
  memset(tsd, 0, sizeof(*tsd));

  tsd->port = port;
-#ifdef CURLRES_IPV6
+#ifdef HAVE_GETADDRINFO
  DEBUGASSERT(hints);
  tsd->hints = *hints;
 #else
--- a/lib/conncache.c
+++ b/lib/conncache.c
@@ -6,7 +6,7 @@
 *                             \___|\___/|_| \_\_____|
 *
 * Copyright (C) 2012, Linus Nielsen Feltzing, <linus@haxx.se>
- * Copyright (C) 2012 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2012 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -166,12 +166,15 @@ void Curl_conncache_remove_conn(struct conncache *connc,
    if(bundle->num_connections == 0) {
      conncache_remove_bundle(connc, bundle);
    }
+
+    if(connc) {
      connc->num_connections--;

      DEBUGF(infof(conn->data, "The cache now contains %d members\n",
                   connc->num_connections));
    }
  }
+}

 /* This function iterates the entire connection cache and calls the
   function func() with the connection pointer as the first argument
--- a/lib/connect.c
+++ b/lib/connect.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -71,7 +71,7 @@
 #include "sockaddr.h" /* required for Curl_sockaddr_storage */
 #include "inet_ntop.h"
 #include "inet_pton.h"
-#include "sslgen.h" /* for Curl_ssl_check_cxn() */
+#include "vtls/vtls.h" /* for Curl_ssl_check_cxn() */
 #include "progress.h"
 #include "warnless.h"
 #include "conncache.h"
@@ -556,7 +556,11 @@ static CURLcode trynextip(struct connectdata *conn,
    else {
      /* happy eyeballs - try the other protocol family */
      int firstfamily = conn->tempaddr[0]->ai_family;
+#ifdef ENABLE_IPV6
      family = (firstfamily == AF_INET) ? AF_INET6 : AF_INET;
+#else
+      family = firstfamily;
+#endif
      ai = conn->tempaddr[0]->ai_next;
    }

@@ -566,11 +570,11 @@ static CURLcode trynextip(struct connectdata *conn,

      if(ai) {
        rc = singleipconnect(conn, ai, &conn->tempsock[tempindex]);
-        conn->tempaddr[tempindex] = ai;
        if(rc == CURLE_COULDNT_CONNECT) {
          ai = ai->ai_next;
          continue;
        }
+        conn->tempaddr[tempindex] = ai;
      }
      break;
    }
@@ -653,6 +657,10 @@ void Curl_updateconninfo(struct connectdata *conn, curl_socket_t sockfd)
  struct Curl_sockaddr_storage ssloc;
  struct SessionHandle *data = conn->data;

+  if(conn->socktype == SOCK_DGRAM)
+    /* there's no connection! */
+    return;
+
  if(!conn->bits.reuse) {

    len = sizeof(struct Curl_sockaddr_storage);
@@ -908,19 +916,40 @@ void Curl_sndbufset(curl_socket_t sockfd)
  int val = CURL_MAX_WRITE_SIZE + 32;
  int curval = 0;
  int curlen = sizeof(curval);
+  DWORD majorVersion = 6;

-  OSVERSIONINFO osver;
  static int detectOsState = DETECT_OS_NONE;

  if(detectOsState == DETECT_OS_NONE) {
+#if !defined(_WIN32_WINNT) || !defined(_WIN32_WINNT_WIN2K) || \
+    (_WIN32_WINNT < _WIN32_WINNT_WIN2K)
+    OSVERSIONINFO osver;
+
    memset(&osver, 0, sizeof(osver));
    osver.dwOSVersionInfoSize = sizeof(osver);
+
    detectOsState = DETECT_OS_PREVISTA;
    if(GetVersionEx(&osver)) {
-      if(osver.dwMajorVersion >= 6)
+      if(osver.dwMajorVersion >= majorVersion)
        detectOsState = DETECT_OS_VISTA_OR_LATER;
    }
+#else
+    ULONGLONG majorVersionMask;
+    OSVERSIONINFOEX osver;
+
+    memset(&osver, 0, sizeof(osver));
+    osver.dwOSVersionInfoSize = sizeof(osver);
+    osver.dwMajorVersion = majorVersion;
+    majorVersionMask = VerSetConditionMask(0, VER_MAJORVERSION,
+                                           VER_GREATER_EQUAL);
+
+    if(VerifyVersionInfo(&osver, VER_MAJORVERSION, majorVersionMask))
+      detectOsState = DETECT_OS_VISTA_OR_LATER;
+    else
+      detectOsState = DETECT_OS_PREVISTA;
+#endif
  }
+
  if(detectOsState == DETECT_OS_VISTA_OR_LATER)
    return;

@@ -932,7 +961,6 @@ void Curl_sndbufset(curl_socket_t sockfd)
 }
 #endif

-
 /*
 * singleipconnect()
 *
@@ -1081,7 +1109,7 @@ CURLcode Curl_connecthost(struct connectdata *conn,  /* context */
 {
  struct SessionHandle *data = conn->data;
  struct timeval before = Curl_tvnow();
-  CURLcode res;
+  CURLcode res = CURLE_COULDNT_CONNECT;

  long timeout_ms = Curl_timeleft(data, &before, TRUE);

@@ -1096,20 +1124,19 @@ CURLcode Curl_connecthost(struct connectdata *conn,  /* context */
  conn->tempaddr[1] = NULL;
  conn->tempsock[0] = CURL_SOCKET_BAD;
  conn->tempsock[1] = CURL_SOCKET_BAD;
-  Curl_expire(conn->data,
-              HAPPY_EYEBALLS_TIMEOUT + (MULTI_TIMEOUT_INACCURACY/1000));
+  Curl_expire(conn->data, HAPPY_EYEBALLS_TIMEOUT);

  /* Max time for the next connection attempt */
  conn->timeoutms_per_addr =
    conn->tempaddr[0]->ai_next == NULL ? timeout_ms : timeout_ms / 2;

  /* start connecting to first IP */
+  while(conn->tempaddr[0]) {
    res = singleipconnect(conn, conn->tempaddr[0], &(conn->tempsock[0]));
-  while(res != CURLE_OK &&
-        conn->tempaddr[0] &&
-        conn->tempaddr[0]->ai_next &&
-        conn->tempsock[0] == CURL_SOCKET_BAD)
-    res = trynextip(conn, FIRSTSOCKET, 0);
+    if(res == CURLE_OK)
+        break;
+    conn->tempaddr[0] = conn->tempaddr[0]->ai_next;
+  }

  if(conn->tempsock[0] == CURL_SOCKET_BAD)
    return res;
--- a/lib/cookie.c
+++ b/lib/cookie.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -489,9 +489,6 @@ Curl_cookie_add(struct SessionHandle *data,
            badcookie = TRUE;
            break;
          }
-          co->expires =
-            strtol((*co->maxage=='\"')?&co->maxage[1]:&co->maxage[0],NULL,10)
-            + (long)now;
        }
        else if(Curl_raw_equal("expires", name)) {
          strstore(&co->expirestr, whatptr);
@@ -499,17 +496,6 @@ Curl_cookie_add(struct SessionHandle *data,
            badcookie = TRUE;
            break;
          }
-          /* Note that if the date couldn't get parsed for whatever reason,
-             the cookie will be treated as a session cookie */
-          co->expires = curl_getdate(what, &now);
-
-          /* Session cookies have expires set to 0 so if we get that back
-             from the date parser let's add a second to make it a
-             non-session cookie */
-          if(co->expires == 0)
-            co->expires = 1;
-          else if(co->expires < 0)
-            co->expires = 0;
        }
        else if(!co->name) {
          co->name = strdup(name);
@@ -544,6 +530,30 @@ Curl_cookie_add(struct SessionHandle *data,
        semiptr=strchr(ptr, '\0');
    } while(semiptr);

+    if(co->maxage) {
+      co->expires =
+        curlx_strtoofft((*co->maxage=='\"')?
+                        &co->maxage[1]:&co->maxage[0], NULL, 10);
+      if(CURL_OFF_T_MAX - now < co->expires)
+        /* avoid overflow */
+        co->expires = CURL_OFF_T_MAX;
+      else
+        co->expires += now;
+    }
+    else if(co->expirestr) {
+      /* Note that if the date couldn't get parsed for whatever reason,
+         the cookie will be treated as a session cookie */
+      co->expires = curl_getdate(co->expirestr, NULL);
+
+      /* Session cookies have expires set to 0 so if we get that back
+         from the date parser let's add a second to make it a
+         non-session cookie */
+      if(co->expires == 0)
+        co->expires = 1;
+      else if(co->expires < 0)
+        co->expires = 0;
+    }
+
    if(!badcookie && !co->domain) {
      if(domain) {
        /* no domain was given in the header line, set the default */
@@ -815,7 +825,7 @@ Curl_cookie_add(struct SessionHandle *data,
  if(c->running)
    /* Only show this when NOT reading the cookies from a file */
    infof(data, "%s cookie %s=\"%s\" for domain %s, path %s, "
-          "expire %" FORMAT_OFF_T "\n",
+          "expire %" CURL_FORMAT_CURL_OFF_T "\n",
          replace_old?"Replaced":"Added", co->name, co->value,
          co->domain, co->path, co->expires);

@@ -1172,7 +1182,7 @@ static char *get_netscape_format(const struct Cookie *co)
    "%s\t"   /* tailmatch */
    "%s\t"   /* path */
    "%s\t"   /* secure */
-    "%" FORMAT_OFF_T "\t"   /* expires */
+    "%" CURL_FORMAT_CURL_OFF_T "\t"   /* expires */
    "%s\t"   /* name */
    "%s",    /* value */
    co->httponly?"#HttpOnly_":"",
--- a/lib/curl_ntlm.c
+++ b/lib/curl_ntlm.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -46,7 +46,7 @@
 #include <curl/mprintf.h>

 #if defined(USE_NSS)
-#include "nssg.h"
+#include "vtls/nssg.h"
 #elif defined(USE_WINDOWS_SSPI)
 #include "curl_sspi.h"
 #endif
@@ -235,6 +235,14 @@ void Curl_http_ntlm_cleanup(struct connectdata *conn)
 #else
  (void)conn;
 #endif
+
+#ifndef USE_WINDOWS_SSPI
+  Curl_safefree(conn->ntlm.target_info);
+  conn->ntlm.target_info_len = 0;
+
+  Curl_safefree(conn->proxyntlm.target_info);
+  conn->proxyntlm.target_info_len = 0;
+#endif
 }

 #endif /* USE_NTLM */
--- a/lib/curl_ntlm_core.c
+++ b/lib/curl_ntlm_core.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -96,6 +96,9 @@
 #include "rawstr.h"
 #include "curl_memory.h"
 #include "curl_ntlm_core.h"
+#include "curl_md5.h"
+#include "curl_hmac.h"
+#include "warnless.h"

 #define _MPRINTF_REPLACE /* use our functions only */
 #include <curl/mprintf.h>
@@ -103,6 +106,10 @@
 /* The last #include file should be: */
 #include "memdebug.h"

+#define NTLM_HMAC_MD5_LEN     (16)
+#define NTLMv2_BLOB_SIGNATURE "\x01\x01\x00\x00"
+#define NTLMv2_BLOB_LEN       (44 -16 + ntlm->target_info_len + 4)
+
 #ifdef USE_SSLEAY
 /*
 * Turns a 56 bit key into the 64 bit, odd parity key and sets the key.  The
@@ -377,6 +384,30 @@ static void ascii_to_unicode_le(unsigned char *dest, const char *src,
  }
 }

+static void ascii_uppercase_to_unicode_le(unsigned char *dest,
+                                          const char *src, size_t srclen)
+{
+  size_t i;
+  for(i = 0; i < srclen; i++) {
+    dest[2 * i] = (unsigned char)(toupper(src[i]));
+    dest[2 * i + 1] = '\0';
+  }
+}
+
+static void write32_le(const int value, unsigned char *buffer)
+{
+  buffer[0] = (char)(value & 0x000000FF);
+  buffer[1] = (char)((value & 0x0000FF00) >> 8);
+  buffer[2] = (char)((value & 0x00FF0000) >> 16);
+  buffer[3] = (char)((value & 0xFF000000) >> 24);
+}
+
+static void write64_le(const long long value, unsigned char *buffer)
+{
+  write32_le((int)value, buffer);
+  write32_le((int)(value >> 32), buffer + 4);
+}
+
 /*
 * Set up nt hashed passwords
 */
@@ -431,6 +462,180 @@ CURLcode Curl_ntlm_core_mk_nt_hash(struct SessionHandle *data,

  return CURLE_OK;
 }
+
+/* This returns the HMAC MD5 digest */
+CURLcode Curl_hmac_md5(const unsigned char *key, unsigned int keylen,
+                       const unsigned char *data, unsigned int datalen,
+                       unsigned char *output)
+{
+  HMAC_context *ctxt = Curl_HMAC_init(Curl_HMAC_MD5, key, keylen);
+
+  if(!ctxt)
+    return CURLE_OUT_OF_MEMORY;
+
+  /* Update the digest with the given challenge */
+  Curl_HMAC_update(ctxt, data, datalen);
+
+  /* Finalise the digest */
+  Curl_HMAC_final(ctxt, output);
+
+  return CURLE_OK;
+}
+
+/* This creates the NTLMv2 hash by using NTLM hash as the key and Unicode
+ * (uppercase UserName + Domain) as the data
+ */
+CURLcode Curl_ntlm_core_mk_ntlmv2_hash(const char *user, size_t userlen,
+                                       const char *domain, size_t domlen,
+                                       unsigned char *ntlmhash,
+                                       unsigned char *ntlmv2hash)
+{
+  /* Unicode representation */
+  size_t identity_len = (userlen + domlen) * 2;
+  unsigned char *identity = malloc(identity_len);
+  CURLcode res = CURLE_OK;
+
+  if(!identity)
+    return CURLE_OUT_OF_MEMORY;
+
+  ascii_uppercase_to_unicode_le(identity, user, userlen);
+  ascii_to_unicode_le(identity + (userlen << 1), domain, domlen);
+
+  res = Curl_hmac_md5(ntlmhash, 16, identity, curlx_uztoui(identity_len),
+                      ntlmv2hash);
+
+  Curl_safefree(identity);
+
+  return res;
+}
+
+/*
+ * Curl_ntlm_core_mk_ntlmv2_resp()
+ *
+ * This creates the NTLMv2 response as set in the ntlm type-3 message.
+ *
+ * Parameters:
+ *
+ * ntlmv2hash       [in] - The ntlmv2 hash (16 bytes)
+ * challenge_client [in] - The client nonce (8 bytes)
+ * ntlm             [in] - The ntlm data struct being used to read TargetInfo
+                           and Server challenge received in the type-2 message
+ * ntresp          [out] - The address where a pointer to newly allocated
+ *                         memory holding the NTLMv2 response.
+ * ntresp_len      [out] - The length of the output message.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_ntlm_core_mk_ntlmv2_resp(unsigned char *ntlmv2hash,
+                                       unsigned char *challenge_client,
+                                       struct ntlmdata *ntlm,
+                                       unsigned char **ntresp,
+                                       unsigned int *ntresp_len)
+{
+/* NTLMv2 response structure :
+------------------------------------------------------------------------------
+0     HMAC MD5         16 bytes
+------BLOB--------------------------------------------------------------------
+16    Signature        0x01010000
+20    Reserved         long (0x00000000)
+24    Timestamp        LE, 64-bit signed value representing the number of
+                       tenths of a microsecond since January 1, 1601.
+32    Client Nonce     8 bytes
+40    Unknown          4 bytes
+44    Target Info      N bytes (from the type-2 message)
+44+N  Unknown          4 bytes
+------------------------------------------------------------------------------
+*/
+
+  unsigned int len = 0;
+  unsigned char *ptr = NULL;
+  unsigned char hmac_output[NTLM_HMAC_MD5_LEN];
+  long long tw;
+  CURLcode res = CURLE_OK;
+
+  /* Calculate the timestamp */
+#if defined(DEBUGBUILD)
+  tw = 11644473600ULL * 10000000ULL;
+#else
+  tw = ((long long)time(NULL) + 11644473600ULL) * 10000000ULL;
+#endif
+
+  /* Calculate the response len */
+  len = NTLM_HMAC_MD5_LEN + NTLMv2_BLOB_LEN;
+
+  /* Allocate the response */
+  ptr = malloc(len);
+  if(!ptr)
+    return CURLE_OUT_OF_MEMORY;
+
+  memset(ptr, 0, len);
+
+  /* Create the BLOB structure */
+  snprintf((char *)ptr + NTLM_HMAC_MD5_LEN, NTLMv2_BLOB_LEN,
+           NTLMv2_BLOB_SIGNATURE
+           "%c%c%c%c",  /* Reserved = 0 */
+           0, 0, 0, 0);
+
+  write64_le(tw, ptr + 24);
+  memcpy(ptr + 32, challenge_client, 8);
+  memcpy(ptr + 44, ntlm->target_info, ntlm->target_info_len);
+
+  /* Concatenate the Type 2 challenge with the BLOB and do HMAC MD5 */
+  memcpy(ptr + 8, &ntlm->nonce[0], 8);
+  res = Curl_hmac_md5(ntlmv2hash, NTLM_HMAC_MD5_LEN, ptr + 8,
+                      NTLMv2_BLOB_LEN + 8, hmac_output);
+  if(res) {
+    Curl_safefree(ptr);
+    return res;
+  }
+
+  /* Concatenate the HMAC MD5 output  with the BLOB */
+  memcpy(ptr, hmac_output, NTLM_HMAC_MD5_LEN);
+
+  /* Return the response */
+  *ntresp = ptr;
+  *ntresp_len = len;
+
+  return res;
+}
+
+/*
+ * Curl_ntlm_core_mk_lmv2_resp()
+ *
+ * This creates the LMv2 response as used in the ntlm type-3 message.
+ *
+ * Parameters:
+ *
+ * ntlmv2hash        [in] - The ntlmv2 hash (16 bytes)
+ * challenge_client  [in] - The client nonce (8 bytes)
+ * challenge_client  [in] - The server challenge (8 bytes)
+ * lmresp           [out] - The LMv2 response (24 bytes)
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode  Curl_ntlm_core_mk_lmv2_resp(unsigned char *ntlmv2hash,
+                                      unsigned char *challenge_client,
+                                      unsigned char *challenge_server,
+                                      unsigned char *lmresp)
+{
+  unsigned char data[16];
+  unsigned char hmac_output[16];
+  CURLcode res = CURLE_OK;
+
+  memcpy(&data[0], challenge_server, 8);
+  memcpy(&data[8], challenge_client, 8);
+
+  res = Curl_hmac_md5(ntlmv2hash, 16, &data[0], 16, hmac_output);
+  if(res)
+    return res;
+
+  /* Concatenate the HMAC MD5 output  with the client nonce */
+  memcpy(lmresp, hmac_output, 16);
+  memcpy(lmresp+16, challenge_client, 8);
+
+  return res;
+}
+
 #endif /* USE_NTRESPONSES */

 #endif /* USE_NTLM && !USE_WINDOWS_SSPI */
--- a/lib/curl_ntlm_core.h
+++ b/lib/curl_ntlm_core.h
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -58,9 +58,30 @@ void Curl_ntlm_core_mk_lm_hash(struct SessionHandle *data,
                               unsigned char *lmbuffer /* 21 bytes */);

 #if USE_NTRESPONSES
+CURLcode Curl_hmac_md5(const unsigned char *key, unsigned int keylen,
+                       const unsigned char *data, unsigned int datalen,
+                       unsigned char *output);
+
 CURLcode Curl_ntlm_core_mk_nt_hash(struct SessionHandle *data,
                                   const char *password,
                                   unsigned char *ntbuffer /* 21 bytes */);
+
+CURLcode Curl_ntlm_core_mk_ntlmv2_hash(const char *user, size_t userlen,
+                                       const char *domain, size_t domlen,
+                                       unsigned char *ntlmhash,
+                                       unsigned char *ntlmv2hash);
+
+CURLcode  Curl_ntlm_core_mk_ntlmv2_resp(unsigned char *ntlmv2hash,
+                                        unsigned char *challenge_client,
+                                        struct ntlmdata *ntlm,
+                                        unsigned char **ntresp,
+                                        unsigned int *ntresp_len);
+
+CURLcode  Curl_ntlm_core_mk_lmv2_resp(unsigned char *ntlmv2hash,
+                                      unsigned char *challenge_client,
+                                      unsigned char *challenge_server,
+                                      unsigned char *lmresp);
+
 #endif

 #endif /* USE_NTLM && !USE_WINDOWS_SSPI */
--- a/lib/curl_ntlm_msgs.c
+++ b/lib/curl_ntlm_msgs.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -47,7 +47,7 @@
 #  include "curl_sspi.h"
 #endif

-#include "sslgen.h"
+#include "vtls/vtls.h"

 #define BUILDING_CURL_NTLM_MSGS_C
 #include "curl_ntlm_msgs.h"
@@ -158,6 +158,68 @@ static unsigned int readint_le(unsigned char *buf)
  return ((unsigned int)buf[0]) | ((unsigned int)buf[1] << 8) |
    ((unsigned int)buf[2] << 16) | ((unsigned int)buf[3] << 24);
 }
+
+/*
+ * This function converts from the little endian format used in the incoming
+ * package to whatever endian format we're using natively. Argument is a
+ * pointer to a 2 byte buffer.
+ */
+static unsigned int readshort_le(unsigned char *buf)
+{
+  return ((unsigned int)buf[0]) | ((unsigned int)buf[1] << 8);
+}
+
+/*
+ * Curl_ntlm_decode_type2_target()
+ *
+ * This is used to decode the "target info" in the ntlm type-2 message
+ * received.
+ *
+ * Parameters:
+ *
+ * data      [in]    - Pointer to the session handle
+ * buffer    [in]    - The decoded base64 ntlm header of Type 2
+ * size      [in]    - The input buffer size, atleast 32 bytes
+ * ntlm      [in]    - Pointer to ntlm data struct being used and modified.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_ntlm_decode_type2_target(struct SessionHandle *data,
+                                       unsigned char *buffer,
+                                       size_t size,
+                                       struct ntlmdata *ntlm)
+{
+  unsigned int target_info_len = 0;
+  unsigned int target_info_offset = 0;
+
+  Curl_safefree(ntlm->target_info);
+  ntlm->target_info_len = 0;
+
+  if(size >= 48) {
+    target_info_len = readshort_le(&buffer[40]);
+    target_info_offset = readint_le(&buffer[44]);
+    if(target_info_len > 0) {
+      if(((target_info_offset + target_info_len) > size) ||
+         (target_info_offset < 48)) {
+        infof(data, "NTLM handshake failure (bad type-2 message). "
+                    "Target Info Offset Len is set incorrect by the peer\n");
+        return CURLE_REMOTE_ACCESS_DENIED;
+      }
+
+      ntlm->target_info = malloc(target_info_len);
+      if(!ntlm->target_info)
+        return CURLE_OUT_OF_MEMORY;
+
+      memcpy(ntlm->target_info, &buffer[target_info_offset], target_info_len);
+      ntlm->target_info_len = target_info_len;
+
+    }
+
+  }
+
+  return CURLE_OK;
+}
+
 #endif

 /*
@@ -257,6 +319,15 @@ CURLcode Curl_ntlm_decode_type2_message(struct SessionHandle *data,
  ntlm->flags = readint_le(&buffer[20]);
  memcpy(ntlm->nonce, &buffer[24], 8);

+  if(ntlm->flags & NTLMFLAG_NEGOTIATE_TARGET_INFO) {
+    error = Curl_ntlm_decode_type2_target(data, buffer, size, ntlm);
+    if(error) {
+      free(buffer);
+      infof(data, "NTLM handshake failure (bad type-2 message)\n");
+      return error;
+    }
+  }
+
  DEBUG_OUT({
    fprintf(stderr, "**** TYPE2 header flags=0x%08.8lx ", ntlm->flags);
    ntlm_print_flags(stderr, ntlm->flags);
@@ -292,8 +363,7 @@ void Curl_ntlm_sspi_cleanup(struct ntlmdata *ntlm)
 #ifndef USE_WINDOWS_SSPI
 /* copy the source to the destination and fill in zeroes in every
   other destination byte! */
-static void unicodecpy(unsigned char *dest,
-                       const char *src, size_t length)
+static void unicodecpy(unsigned char *dest, const char *src, size_t length)
 {
  size_t i;
  for(i = 0; i < length; i++) {
@@ -645,7 +715,10 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
  unsigned char lmresp[24]; /* fixed-size */
 #if USE_NTRESPONSES
  int ntrespoff;
+  unsigned int ntresplen = 24;
  unsigned char ntresp[24]; /* fixed-size */
+  unsigned char *ptr_ntresp = &ntresp[0];
+  unsigned char *ntlmv2resp = NULL;
 #endif
  bool unicode = (ntlm->flags & NTLMFLAG_NEGOTIATE_UNICODE) ? TRUE : FALSE;
  char host[HOSTNAME_MAX + 1] = "";
@@ -657,7 +730,7 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
  size_t hostlen = 0;
  size_t userlen = 0;
  size_t domlen = 0;
-  CURLcode res;
+  CURLcode res = CURLE_OK;

  user = strchr(userp, '\\');
  if(!user)
@@ -684,11 +757,45 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
    hostlen = strlen(host);
  }

-  if(unicode) {
-    domlen = domlen * 2;
-    userlen = userlen * 2;
-    hostlen = hostlen * 2;
+#if USE_NTRESPONSES
+  if(ntlm->target_info_len) {
+    unsigned char ntbuffer[0x18];
+    unsigned char entropy[8];
+    unsigned char ntlmv2hash[0x18];
+
+#if defined(DEBUGBUILD)
+    /* Use static client nonce in debug (Test Suite) builds */
+    memcpy(entropy, "12345678", sizeof(entropy));
+#else
+    /* Create an 8 byte random client nonce */
+    Curl_ssl_random(data, entropy, sizeof(entropy));
+#endif
+
+    res = Curl_ntlm_core_mk_nt_hash(data, passwdp, ntbuffer);
+    if(res)
+      return res;
+
+    res = Curl_ntlm_core_mk_ntlmv2_hash(user, userlen, domain, domlen,
+                                        ntbuffer, ntlmv2hash);
+    if(res)
+      return res;
+
+    /* LMv2 response */
+    res = Curl_ntlm_core_mk_lmv2_resp(ntlmv2hash, entropy, &ntlm->nonce[0],
+                                      lmresp);
+    if(res)
+      return res;
+
+    /* NTLMv2 response */
+    res = Curl_ntlm_core_mk_ntlmv2_resp(ntlmv2hash, entropy, ntlm, &ntlmv2resp,
+                                        &ntresplen);
+    if(res)
+      return res;
+
+    ptr_ntresp = ntlmv2resp;
  }
+  else
+#endif

 #if USE_NTLM2SESSION
  /* We don't support NTLM2 if we don't have USE_NTRESPONSES */
@@ -718,9 +825,11 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
    if(CURLE_OUT_OF_MEMORY ==
       Curl_ntlm_core_mk_nt_hash(data, passwdp, ntbuffer))
      return CURLE_OUT_OF_MEMORY;
+
    Curl_ntlm_core_lm_resp(ntbuffer, md5sum, ntresp);

    /* End of NTLM2 Session code */
+
  }
  else
 #endif
@@ -745,10 +854,16 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
     * See http://davenport.sourceforge.net/ntlm.html#ntlmVersion2 */
  }

+  if(unicode) {
+    domlen = domlen * 2;
+    userlen = userlen * 2;
+    hostlen = hostlen * 2;
+  }
+
  lmrespoff = 64; /* size of the message header */
 #if USE_NTRESPONSES
  ntrespoff = lmrespoff + 0x18;
-  domoff = ntrespoff + 0x18;
+  domoff = ntrespoff + ntresplen;
 #else
  domoff = lmrespoff + 0x18;
 #endif
@@ -807,8 +922,8 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
                  0x0, 0x0,

 #if USE_NTRESPONSES
-                  SHORTPAIR(0x18),  /* NT-response length, twice */
-                  SHORTPAIR(0x18),
+                  SHORTPAIR(ntresplen),  /* NT-response length, twice */
+                  SHORTPAIR(ntresplen),
                  SHORTPAIR(ntrespoff),
                  0x0, 0x0,
 #else
@@ -854,17 +969,19 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
  });

 #if USE_NTRESPONSES
-  if(size < (NTLM_BUFSIZE - 0x18)) {
+  if(size < (NTLM_BUFSIZE - ntresplen)) {
    DEBUGASSERT(size == (size_t)ntrespoff);
-    memcpy(&ntlmbuf[size], ntresp, 0x18);
-    size += 0x18;
+    memcpy(&ntlmbuf[size], ptr_ntresp, ntresplen);
+    size += ntresplen;
  }

  DEBUG_OUT({
    fprintf(stderr, "\n   ntresp=");
-    ntlm_print_hex(stderr, (char *)&ntlmbuf[ntrespoff], 0x18);
+    ntlm_print_hex(stderr, (char *)&ntlmbuf[ntrespoff], ntresplen);
  });

+  Curl_safefree(ntlmv2resp);/* Free the dynamic buffer allocated for NTLMv2 */
+
 #endif

  DEBUG_OUT({
--- a/lib/curl_ntlm_msgs.h
+++ b/lib/curl_ntlm_msgs.h
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -46,6 +46,13 @@ CURLcode Curl_ntlm_decode_type2_message(struct SessionHandle *data,
                                        const char* header,
                                        struct ntlmdata* ntlm);

+/* This is to decode target info received in NTLM type-2 message */
+CURLcode Curl_ntlm_decode_type2_target(struct SessionHandle *data,
+                                       unsigned char* buffer,
+                                       size_t size,
+                                       struct ntlmdata* ntlm);
+
+
 /* This is to clean up the ntlm data structure */
 #ifdef USE_WINDOWS_SSPI
 void Curl_ntlm_sspi_cleanup(struct ntlmdata *ntlm);
--- a/lib/curl_sasl.c
+++ b/lib/curl_sasl.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 2012 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2012 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -34,7 +34,7 @@

 #include "curl_base64.h"
 #include "curl_md5.h"
-#include "sslgen.h"
+#include "vtls/vtls.h"
 #include "curl_hmac.h"
 #include "curl_ntlm_msgs.h"
 #include "curl_sasl.h"
@@ -42,7 +42,7 @@
 #include "curl_memory.h"

 #ifdef USE_NSS
-#include "nssg.h" /* for Curl_nss_force_init() */
+#include "vtls/nssg.h" /* for Curl_nss_force_init() */
 #endif

 #define _MPRINTF_REPLACE /* use our functions only */
--- a/lib/curl_setup.h
+++ b/lib/curl_setup.h
@@ -139,29 +139,6 @@
   Error Compilation_aborted_SIZEOF_CURL_OFF_T_shall_not_be_defined
 #endif

-/*
- * Set up internal curl_off_t formatting string directives for
- * exclusive use with libcurl's internal *printf functions.
- */
-
-#ifdef FORMAT_OFF_T
-#  error "FORMAT_OFF_T shall not be defined before this point!"
-   Error Compilation_aborted_FORMAT_OFF_T_already_defined
-#endif
-
-#ifdef FORMAT_OFF_TU
-#  error "FORMAT_OFF_TU shall not be defined before this point!"
-   Error Compilation_aborted_FORMAT_OFF_TU_already_defined
-#endif
-
-#if (CURL_SIZEOF_CURL_OFF_T > CURL_SIZEOF_LONG)
-#  define FORMAT_OFF_T  "lld"
-#  define FORMAT_OFF_TU "llu"
-#else
-#  define FORMAT_OFF_T  "ld"
-#  define FORMAT_OFF_TU "lu"
-#endif
-
 /*
 * Disable other protocols when http is the only one desired.
 */
@@ -624,12 +601,14 @@ int netware_init(void);
 #define USE_SSL    /* SSL support has been enabled */
 #endif

-#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)
+#if !defined(CURL_DISABLE_CRYPTO_AUTH) && \
+    (defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI))
 #define USE_HTTP_NEGOTIATE
 #endif

 /* Single point where USE_NTLM definition might be done */
-#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_NTLM)
+#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_NTLM) && \
+    !defined(CURL_DISABLE_CRYPTO_AUTH)
 #if defined(USE_SSLEAY) || defined(USE_WINDOWS_SSPI) || \
    defined(USE_GNUTLS) || defined(USE_NSS) || defined(USE_DARWINSSL)
 #define USE_NTLM
--- a/lib/curl_sspi.c
+++ b/lib/curl_sspi.c
@@ -68,25 +68,52 @@ PSecurityFunctionTable s_pSecFn = NULL;
 */
 CURLcode Curl_sspi_global_init(void)
 {
-  OSVERSIONINFO osver;
+  bool securityDll = FALSE;
  INITSECURITYINTERFACE_FN pInitSecurityInterface;

  /* If security interface is not yet initialized try to do this */
  if(!s_hSecDll) {
-
-    /* Find out Windows version */
-    memset(&osver, 0, sizeof(osver));
-    osver.dwOSVersionInfoSize = sizeof(osver);
-    if(!GetVersionEx(&osver))
-      return CURLE_FAILED_INIT;
-
    /* Security Service Provider Interface (SSPI) functions are located in
     * security.dll on WinNT 4.0 and in secur32.dll on Win9x. Win2K and XP
     * have both these DLLs (security.dll forwards calls to secur32.dll) */
+    DWORD majorVersion = 4;
+    DWORD platformId = VER_PLATFORM_WIN32_NT;
+
+#if !defined(_WIN32_WINNT) || !defined(_WIN32_WINNT_WIN2K) || \
+    (_WIN32_WINNT < _WIN32_WINNT_WIN2K)
+    OSVERSIONINFO osver;
+
+    memset(&osver, 0, sizeof(osver));
+    osver.dwOSVersionInfoSize = sizeof(osver);
+
+    /* Find out Windows version */
+    if(!GetVersionEx(&osver))
+      return CURLE_FAILED_INIT;
+
+    /* Verify the major version number == 4 and platform id == WIN_NT */
+    if(osver.dwMajorVersion == majorVersion &&
+       osver.dwPlatformId == platformId)
+      securityDll = TRUE;
+#else
+    ULONGLONG majorVersionMask;
+    ULONGLONG platformIdMask;
+    OSVERSIONINFOEX osver;
+
+    memset(&osver, 0, sizeof(osver));
+    osver.dwOSVersionInfoSize = sizeof(osver);
+    osver.dwMajorVersion = majorVersion;
+    osver.dwPlatformId = platformId;
+    majorVersionMask = VerSetConditionMask(0, VER_MAJORVERSION, VER_EQUAL);
+    platformIdMask = VerSetConditionMask(0, VER_PLATFORMID, VER_EQUAL);
+
+    /* Verify the major version number == 4 and platform id == WIN_NT */
+    if(VerifyVersionInfo(&osver, VER_MAJORVERSION, majorVersionMask) &&
+       VerifyVersionInfo(&osver, VER_PLATFORMID, platformIdMask))
+      securityDll = TRUE;
+#endif

    /* Load SSPI dll into the address space of the calling process */
-    if(osver.dwPlatformId == VER_PLATFORM_WIN32_NT
-      && osver.dwMajorVersion == 4)
+    if(securityDll)
      s_hSecDll = LoadLibrary(TEXT("security.dll"));
    else
      s_hSecDll = LoadLibrary(TEXT("secur32.dll"));
--- a/lib/curl_threads.c
+++ b/lib/curl_threads.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -63,32 +63,38 @@ static void *curl_thread_create_thunk(void *arg)

 curl_thread_t Curl_thread_create(unsigned int (*func) (void*), void *arg)
 {
-  curl_thread_t t;
+  curl_thread_t t = malloc(sizeof(pthread_t));
  struct curl_actual_call *ac = malloc(sizeof(struct curl_actual_call));
-  if(!ac)
-    return curl_thread_t_null;
+  if(!(ac && t))
+    goto err;

  ac->func = func;
  ac->arg = arg;

-  if(pthread_create(&t, NULL, curl_thread_create_thunk, ac) != 0) {
-    free(ac);
-    return curl_thread_t_null;
-  }
+  if(pthread_create(t, NULL, curl_thread_create_thunk, ac) != 0)
+    goto err;

  return t;
+
+err:
+  Curl_safefree(t);
+  Curl_safefree(ac);
+  return curl_thread_t_null;
 }

 void Curl_thread_destroy(curl_thread_t hnd)
 {
-  if(hnd != curl_thread_t_null)
-    pthread_detach(hnd);
+  if(hnd != curl_thread_t_null) {
+    pthread_detach(*hnd);
+    free(hnd);
+  }
 }

 int Curl_thread_join(curl_thread_t *hnd)
 {
-  int ret = (pthread_join(*hnd, NULL) == 0);
+  int ret = (pthread_join(**hnd, NULL) == 0);

+  free(*hnd);
  *hnd = curl_thread_t_null;

  return ret;
--- a/lib/curl_threads.h
+++ b/lib/curl_threads.h
@@ -26,8 +26,8 @@
 #if defined(USE_THREADS_POSIX)
 #  define CURL_STDCALL
 #  define curl_mutex_t           pthread_mutex_t
-#  define curl_thread_t          pthread_t
-#  define curl_thread_t_null     (pthread_t)0
+#  define curl_thread_t          pthread_t *
+#  define curl_thread_t_null     (pthread_t *)0
 #  define Curl_mutex_init(m)     pthread_mutex_init(m, NULL)
 #  define Curl_mutex_acquire(m)  pthread_mutex_lock(m)
 #  define Curl_mutex_release(m)  pthread_mutex_unlock(m)
--- a/lib/dict.c
+++ b/lib/dict.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -122,9 +122,8 @@ static char *unescape_word(struct SessionHandle *data, const char *inputbuff)
      dictp[olen++] = byte;
    }
    dictp[olen]=0;
-
-    free(newp);
  }
+  free(newp);
  return dictp;
 }

--- a/lib/easy.c
+++ b/lib/easy.c
@@ -54,7 +54,7 @@
 #include "urldata.h"
 #include <curl/curl.h>
 #include "transfer.h"
-#include "sslgen.h"
+#include "vtls/vtls.h"
 #include "url.h"
 #include "getinfo.h"
 #include "hostip.h"
@@ -715,6 +715,15 @@ static CURLcode easy_transfer(CURLM *multi)
      }
    }
  }
+
+  /* Make sure to return some kind of error if there was a multi problem */
+  if(mcode) {
+    return (mcode == CURLM_OUT_OF_MEMORY) ? CURLE_OUT_OF_MEMORY :
+            /* The other multi errors should never happen, so return
+               something suitably generic */
+            CURLE_BAD_FUNCTION_ARGUMENT;
+  }
+
  return code;
 }

--- a/lib/escape.c
+++ b/lib/escape.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -196,7 +196,6 @@ CURLcode Curl_urldecode(struct SessionHandle *data,
    /* store output size */
    *olen = strindex;

-  if(ostring)
  /* store output string */
  *ostring = ns;

--- a/Show More
+++ b/Show More