RELEASE-NOTES: 7.39.0 release (commit b387560692)

curl_easy_duphandle: CURLOPT_COPYPOSTFIELDS read out of bounds
When duplicating a handle, the data to post was duplicated using strdup() when it could be binary and contain zeroes and it was not even zero terminated! This caused read out of bounds crashes/segfaults. Since the lib/strdup.c file no longer is easily shared with the curl tool with this change, it now uses its own version instead. Bug: http://curl.haxx.se/docs/adv_20141105.html CVE: CVE-2014-3707 Reported-By: Symeon Paraschoudis
2014-11-05 08:23:00 +01:00 · 2014-11-05 08:05:14 +01:00 · 2014-11-05 08:05:14 +01:00 · 2014-11-04 23:02:09 +01:00 · 2014-11-04 19:53:44 +01:00 · 2014-11-04 14:07:55 +00:00
1037 changed files with 76175 additions and 13446 deletions
--- a/CMake/CurlCheckCSourceCompiles.cmake
+++ b/CMake/CurlCheckCSourceCompiles.cmake
@@ -1,75 +0,0 @@
-# - Check if the source code provided in the SOURCE argument compiles.
-# CURL_CHECK_C_SOURCE_COMPILES(SOURCE VAR)
-# - macro which checks if the source code compiles
-#  SOURCE   - source code to try to compile
-#  VAR      - variable to store whether the source code compiled
-#
-# The following variables may be set before calling this macro to
-# modify the way the check is run:
-#
-#  CMAKE_REQUIRED_FLAGS = string of compile command line flags
-#  CMAKE_REQUIRED_DEFINITIONS = list of macros to define (-DFOO=bar)
-#  CMAKE_REQUIRED_INCLUDES = list of include directories
-#  CMAKE_REQUIRED_LIBRARIES = list of libraries to link
-
-macro(CURL_CHECK_C_SOURCE_COMPILES SOURCE VAR)
-  if("${VAR}" MATCHES "^${VAR}$" OR "${VAR}" MATCHES "UNKNOWN")
-    set(message "${VAR}")
-    # If the number of arguments is greater than 2 (SOURCE VAR)
-    if(${ARGC} GREATER 2)
-      # then add the third argument as a message
-      set(message "${ARGV2} (${VAR})")
-    endif(${ARGC} GREATER 2)
-    set(MACRO_CHECK_FUNCTION_DEFINITIONS
-      "-D${VAR} ${CMAKE_REQUIRED_FLAGS}")
-    if(CMAKE_REQUIRED_LIBRARIES)
-      set(CURL_CHECK_C_SOURCE_COMPILES_ADD_LIBRARIES
-        "-DLINK_LIBRARIES:STRING=${CMAKE_REQUIRED_LIBRARIES}")
-    else(CMAKE_REQUIRED_LIBRARIES)
-      set(CURL_CHECK_C_SOURCE_COMPILES_ADD_LIBRARIES)
-    endif(CMAKE_REQUIRED_LIBRARIES)
-    if(CMAKE_REQUIRED_INCLUDES)
-      set(CURL_CHECK_C_SOURCE_COMPILES_ADD_INCLUDES
-        "-DINCLUDE_DIRECTORIES:STRING=${CMAKE_REQUIRED_INCLUDES}")
-    else(CMAKE_REQUIRED_INCLUDES)
-      set(CURL_CHECK_C_SOURCE_COMPILES_ADD_INCLUDES)
-    endif(CMAKE_REQUIRED_INCLUDES)
-    set(src "")
-    foreach(def ${EXTRA_DEFINES})
-      set(src "${src}#define ${def} 1\n")
-    endforeach(def)
-    foreach(inc ${HEADER_INCLUDES})
-      set(src "${src}#include <${inc}>\n")
-    endforeach(inc)
-
-    set(src "${src}\nint main() { ${SOURCE} ; return 0; }")
-    set(CMAKE_CONFIGURABLE_FILE_CONTENT "${src}")
-    configure_file(${CMAKE_CURRENT_SOURCE_DIR}/CMake/CMakeConfigurableFile.in
-      "${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeTmp/src.c"
-      IMMEDIATE)
-    message(STATUS "Performing Test ${message}")
-    try_compile(${VAR}
-      ${CMAKE_BINARY_DIR}
-      ${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeTmp/src.c
-      COMPILE_DEFINITIONS ${CMAKE_REQUIRED_DEFINITIONS}
-      CMAKE_FLAGS -DCOMPILE_DEFINITIONS:STRING=${MACRO_CHECK_FUNCTION_DEFINITIONS}
-      "${CURL_CHECK_C_SOURCE_COMPILES_ADD_LIBRARIES}"
-      "${CURL_CHECK_C_SOURCE_COMPILES_ADD_INCLUDES}"
-      OUTPUT_VARIABLE OUTPUT)
-    if(${VAR})
-      set(${VAR} 1 CACHE INTERNAL "Test ${message}")
-      message(STATUS "Performing Test ${message} - Success")
-      file(APPEND ${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeOutput.log
-        "Performing C SOURCE FILE Test ${message} succeded with the following output:\n"
-        "${OUTPUT}\n"
-        "Source file was:\n${src}\n")
-    else(${VAR})
-      message(STATUS "Performing Test ${message} - Failed")
-      set(${VAR} "" CACHE INTERNAL "Test ${message}")
-      file(APPEND ${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeError.log
-        "Performing C SOURCE FILE Test ${message} failed with the following output:\n"
-        "${OUTPUT}\n"
-        "Source file was:\n${src}\n")
-    endif(${VAR})
-  endif("${VAR}" MATCHES "^${VAR}$" OR "${VAR}" MATCHES "UNKNOWN")
-endmacro(CURL_CHECK_C_SOURCE_COMPILES)
--- a/CMake/CurlCheckCSourceRuns.cmake
+++ b/CMake/CurlCheckCSourceRuns.cmake
@@ -1,83 +0,0 @@
-# - Check if the source code provided in the SOURCE argument compiles and runs.
-# CURL_CHECK_C_SOURCE_RUNS(SOURCE VAR)
-# - macro which checks if the source code runs
-#  SOURCE   - source code to try to compile
-#  VAR - variable to store size if the type exists.
-#
-# The following variables may be set before calling this macro to
-# modify the way the check is run:
-#
-#  CMAKE_REQUIRED_FLAGS = string of compile command line flags
-#  CMAKE_REQUIRED_DEFINITIONS = list of macros to define (-DFOO=bar)
-#  CMAKE_REQUIRED_INCLUDES = list of include directories
-#  CMAKE_REQUIRED_LIBRARIES = list of libraries to link
-
-macro(CURL_CHECK_C_SOURCE_RUNS SOURCE VAR)
-  if("${VAR}" MATCHES "^${VAR}$" OR "${VAR}" MATCHES "UNKNOWN")
-    set(message "${VAR}")
-    # If the number of arguments is greater than 2 (SOURCE VAR)
-    if(${ARGC} GREATER 2)
-      # then add the third argument as a message
-      set(message "${ARGV2} (${VAR})")
-    endif(${ARGC} GREATER 2)
-    set(MACRO_CHECK_FUNCTION_DEFINITIONS
-      "-D${VAR} ${CMAKE_REQUIRED_FLAGS}")
-    if(CMAKE_REQUIRED_LIBRARIES)
-      set(CURL_CHECK_C_SOURCE_COMPILES_ADD_LIBRARIES
-        "-DLINK_LIBRARIES:STRING=${CMAKE_REQUIRED_LIBRARIES}")
-    else(CMAKE_REQUIRED_LIBRARIES)
-      set(CURL_CHECK_C_SOURCE_COMPILES_ADD_LIBRARIES)
-    endif(CMAKE_REQUIRED_LIBRARIES)
-    if(CMAKE_REQUIRED_INCLUDES)
-      set(CURL_CHECK_C_SOURCE_COMPILES_ADD_INCLUDES
-        "-DINCLUDE_DIRECTORIES:STRING=${CMAKE_REQUIRED_INCLUDES}")
-    else(CMAKE_REQUIRED_INCLUDES)
-      set(CURL_CHECK_C_SOURCE_COMPILES_ADD_INCLUDES)
-    endif(CMAKE_REQUIRED_INCLUDES)
-    set(src "")
-    foreach(def ${EXTRA_DEFINES})
-      set(src "${src}#define ${def} 1\n")
-    endforeach(def)
-    foreach(inc ${HEADER_INCLUDES})
-      set(src "${src}#include <${inc}>\n")
-    endforeach(inc)
-
-    set(src "${src}\nint main() { ${SOURCE} ; return 0; }")
-    set(CMAKE_CONFIGURABLE_FILE_CONTENT "${src}")
-    configure_file(${CMAKE_CURRENT_SOURCE_DIR}/CMake/CMakeConfigurableFile.in
-      "${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeTmp/src.c"
-      IMMEDIATE)
-    message(STATUS "Performing Test ${message}")
-    try_run(${VAR} ${VAR}_COMPILED
-      ${CMAKE_BINARY_DIR}
-      ${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeTmp/src.c
-      COMPILE_DEFINITIONS ${CMAKE_REQUIRED_DEFINITIONS}
-      CMAKE_FLAGS -DCOMPILE_DEFINITIONS:STRING=${MACRO_CHECK_FUNCTION_DEFINITIONS}
-      "${CURL_CHECK_C_SOURCE_COMPILES_ADD_LIBRARIES}"
-      "${CURL_CHECK_C_SOURCE_COMPILES_ADD_INCLUDES}"
-      OUTPUT_VARIABLE OUTPUT)
-    # if it did not compile make the return value fail code of 1
-    if(NOT ${VAR}_COMPILED)
-      set(${VAR} 1)
-    endif(NOT ${VAR}_COMPILED)
-    # if the return value was 0 then it worked
-    set(result_var ${${VAR}})
-    if("${result_var}" EQUAL 0)
-      set(${VAR} 1 CACHE INTERNAL "Test ${message}")
-      message(STATUS "Performing Test ${message} - Success")
-      file(APPEND ${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeOutput.log
-        "Performing C SOURCE FILE Test ${message} succeded with the following output:\n"
-        "${OUTPUT}\n"
-        "Return value: ${${VAR}}\n"
-        "Source file was:\n${src}\n")
-    else("${result_var}" EQUAL 0)
-      message(STATUS "Performing Test ${message} - Failed")
-      set(${VAR} "" CACHE INTERNAL "Test ${message}")
-      file(APPEND ${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeError.log
-        "Performing C SOURCE FILE Test ${message} failed with the following output:\n"
-        "${OUTPUT}\n"
-        "Return value: ${result_var}\n"
-        "Source file was:\n${src}\n")
-    endif("${result_var}" EQUAL 0)
-  endif("${VAR}" MATCHES "^${VAR}$" OR "${VAR}" MATCHES "UNKNOWN")
-endmacro(CURL_CHECK_C_SOURCE_RUNS)
--- a/CMake/CurlTests.c
+++ b/CMake/CurlTests.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -71,264 +71,88 @@ main ()
 }
 #endif

-#ifdef HAVE_GETHOSTBYADDR_R_5
+/* tests for gethostbyaddr_r or gethostbyname_r */
+#if defined(HAVE_GETHOSTBYADDR_R_5_REENTRANT) || \
+    defined(HAVE_GETHOSTBYADDR_R_7_REENTRANT) || \
+    defined(HAVE_GETHOSTBYADDR_R_8_REENTRANT) || \
+    defined(HAVE_GETHOSTBYNAME_R_3_REENTRANT) || \
+    defined(HAVE_GETHOSTBYNAME_R_5_REENTRANT) || \
+    defined(HAVE_GETHOSTBYNAME_R_6_REENTRANT)
+#   define _REENTRANT
+    /* no idea whether _REENTRANT is always set, just invent a new flag */
+#   define TEST_GETHOSTBYFOO_REENTRANT
+#endif
+#if defined(HAVE_GETHOSTBYADDR_R_5) || \
+    defined(HAVE_GETHOSTBYADDR_R_7) || \
+    defined(HAVE_GETHOSTBYADDR_R_8) || \
+    defined(HAVE_GETHOSTBYNAME_R_3) || \
+    defined(HAVE_GETHOSTBYNAME_R_5) || \
+    defined(HAVE_GETHOSTBYNAME_R_6) || \
+    defined(TEST_GETHOSTBYFOO_REENTRANT)
 #include <sys/types.h>
 #include <netdb.h>
-int
-main ()
+int main(void)
 {
-
-char * address;
-int length;
-int type;
-struct hostent h;
-struct hostent_data hdata;
-int rc;
-#ifndef gethostbyaddr_r
-  (void)gethostbyaddr_r;
+  char *address = "example.com";
+  int length = 0;
+  int type = 0;
+  struct hostent h;
+  int rc = 0;
+#if defined(HAVE_GETHOSTBYADDR_R_5) || \
+    defined(HAVE_GETHOSTBYADDR_R_5_REENTRANT) || \
+    \
+    defined(HAVE_GETHOSTBYNAME_R_3) || \
+    defined(HAVE_GETHOSTBYNAME_R_3_REENTRANT)
+  struct hostent_data hdata;
+#elif defined(HAVE_GETHOSTBYADDR_R_7) || \
+      defined(HAVE_GETHOSTBYADDR_R_7_REENTRANT) || \
+      defined(HAVE_GETHOSTBYADDR_R_8) || \
+      defined(HAVE_GETHOSTBYADDR_R_8_REENTRANT) || \
+      \
+      defined(HAVE_GETHOSTBYNAME_R_5) || \
+      defined(HAVE_GETHOSTBYNAME_R_5_REENTRANT) || \
+      defined(HAVE_GETHOSTBYNAME_R_6) || \
+      defined(HAVE_GETHOSTBYNAME_R_6_REENTRANT)
+  char buffer[8192];
+  int h_errnop;
+  struct hostent *hp;
 #endif
-rc = gethostbyaddr_r(address, length, type, &h, &hdata);
-  ;
-  return 0;
-}
-#endif
-#ifdef HAVE_GETHOSTBYADDR_R_5_REENTRANT
-#define _REENTRANT
-#include <sys/types.h>
-#include <netdb.h>
-int
-main ()
-{
-
-char * address;
-int length;q
-int type;
-struct hostent h;
-struct hostent_data hdata;
-int rc;
-#ifndef gethostbyaddr_r
-  (void)gethostbyaddr_r;
-#endif
-rc = gethostbyaddr_r(address, length, type, &h, &hdata);
-  ;
-  return 0;
-}
-#endif
-#ifdef HAVE_GETHOSTBYADDR_R_7
-#include <sys/types.h>
-#include <netdb.h>
-int
-main ()
-{
-
-char * address;
-int length;
-int type;
-struct hostent h;
-char buffer[8192];
-int h_errnop;
-struct hostent * hp;

 #ifndef gethostbyaddr_r
  (void)gethostbyaddr_r;
 #endif
-hp = gethostbyaddr_r(address, length, type, &h,
-                     buffer, 8192, &h_errnop);
-  ;
+
+#if   defined(HAVE_GETHOSTBYADDR_R_5) || \
+      defined(HAVE_GETHOSTBYADDR_R_5_REENTRANT)
+  rc = gethostbyaddr_r(address, length, type, &h, &hdata);
+#elif defined(HAVE_GETHOSTBYADDR_R_7) || \
+      defined(HAVE_GETHOSTBYADDR_R_7_REENTRANT)
+  hp = gethostbyaddr_r(address, length, type, &h, buffer, 8192, &h_errnop);
+  (void)hp;
+#elif defined(HAVE_GETHOSTBYADDR_R_8) || \
+      defined(HAVE_GETHOSTBYADDR_R_8_REENTRANT)
+  rc = gethostbyaddr_r(address, length, type, &h, buffer, 8192, &hp, &h_errnop);
+#endif
+
+#if   defined(HAVE_GETHOSTBYNAME_R_3) || \
+      defined(HAVE_GETHOSTBYNAME_R_3_REENTRANT)
+  rc = gethostbyname_r(address, &h, &hdata);
+#elif defined(HAVE_GETHOSTBYNAME_R_5) || \
+      defined(HAVE_GETHOSTBYNAME_R_5_REENTRANT)
+  rc = gethostbyname_r(address, &h, buffer, 8192, 0, &h_errnop);
+  (void)hp; /* not used for test */
+#elif defined(HAVE_GETHOSTBYNAME_R_6) || \
+      defined(HAVE_GETHOSTBYNAME_R_6_REENTRANT)
+  rc = gethostbyname_r(address, &h, buffer, 8192, &hp, &h_errnop);
+#endif
+
+  (void)length;
+  (void)type;
+  (void)rc;
  return 0;
 }
 #endif
-#ifdef HAVE_GETHOSTBYADDR_R_7_REENTRANT
-#define _REENTRANT
-#include <sys/types.h>
-#include <netdb.h>
-int
-main ()
-{

-char * address;
-int length;
-int type;
-struct hostent h;
-char buffer[8192];
-int h_errnop;
-struct hostent * hp;
-
-#ifndef gethostbyaddr_r
-  (void)gethostbyaddr_r;
-#endif
-hp = gethostbyaddr_r(address, length, type, &h,
-                     buffer, 8192, &h_errnop);
-  ;
-  return 0;
-}
-#endif
-#ifdef HAVE_GETHOSTBYADDR_R_8
-#include <sys/types.h>
-#include <netdb.h>
-int
-main ()
-{
-
-char * address;
-int length;
-int type;
-struct hostent h;
-char buffer[8192];
-int h_errnop;
-struct hostent * hp;
-int rc;
-
-#ifndef gethostbyaddr_r
-  (void)gethostbyaddr_r;
-#endif
-rc = gethostbyaddr_r(address, length, type, &h,
-                     buffer, 8192, &hp, &h_errnop);
-  ;
-  return 0;
-}
-#endif
-#ifdef HAVE_GETHOSTBYADDR_R_8_REENTRANT
-#define _REENTRANT
-#include <sys/types.h>
-#include <netdb.h>
-int
-main ()
-{
-
-char * address;
-int length;
-int type;
-struct hostent h;
-char buffer[8192];
-int h_errnop;
-struct hostent * hp;
-int rc;
-
-#ifndef gethostbyaddr_r
-  (void)gethostbyaddr_r;
-#endif
-rc = gethostbyaddr_r(address, length, type, &h,
-                     buffer, 8192, &hp, &h_errnop);
-  ;
-  return 0;
-}
-#endif
-#ifdef HAVE_GETHOSTBYNAME_R_3
-#include <string.h>
-#include <sys/types.h>
-#include <netdb.h>
-#undef NULL
-#define NULL (void *)0
-
-int
-main ()
-{
-
-struct hostent_data data;
-#ifndef gethostbyname_r
-  (void)gethostbyname_r;
-#endif
-gethostbyname_r(NULL, NULL, NULL);
-  ;
-  return 0;
-}
-#endif
-#ifdef HAVE_GETHOSTBYNAME_R_3_REENTRANT
-#define _REENTRANT
-#include <string.h>
-#include <sys/types.h>
-#include <netdb.h>
-#undef NULL
-#define NULL (void *)0
-
-int
-main ()
-{
-
-struct hostent_data data;
-#ifndef gethostbyname_r
-  (void)gethostbyname_r;
-#endif
-gethostbyname_r(NULL, NULL, NULL);
-  ;
-  return 0;
-}
-#endif
-#ifdef HAVE_GETHOSTBYNAME_R_5
-#include <sys/types.h>
-#include <netinet/in.h>
-#include <netdb.h>
-#undef NULL
-#define NULL (void *)0
-
-int
-main ()
-{
-#ifndef gethostbyname_r
-  (void)gethostbyname_r;
-#endif
-gethostbyname_r(NULL, NULL, NULL, 0, NULL);
-  ;
-  return 0;
-}
-#endif
-#ifdef HAVE_GETHOSTBYNAME_R_5_REENTRANT
-#define _REENTRANT
-#include <sys/types.h>
-#include <netdb.h>
-#undef NULL
-#define NULL (void *)0
-
-int
-main ()
-{
-
-#ifndef gethostbyname_r
-  (void)gethostbyname_r;
-#endif
-gethostbyname_r(NULL, NULL, NULL, 0, NULL);
-  ;
-  return 0;
-}
-#endif
-#ifdef HAVE_GETHOSTBYNAME_R_6
-#include <sys/types.h>
-#include <netdb.h>
-#undef NULL
-#define NULL (void *)0
-
-int
-main ()
-{
-
-#ifndef gethostbyname_r
-  (void)gethostbyname_r;
-#endif
-gethostbyname_r(NULL, NULL, NULL, 0, NULL, NULL);
-  ;
-  return 0;
-}
-#endif
-#ifdef HAVE_GETHOSTBYNAME_R_6_REENTRANT
-#define _REENTRANT
-#include <sys/types.h>
-#include <netdb.h>
-#undef NULL
-#define NULL (void *)0
-
-int
-main ()
-{
-
-#ifndef gethostbyname_r
-  (void)gethostbyname_r;
-#endif
-gethostbyname_r(NULL, NULL, NULL, 0, NULL, NULL);
-  ;
-  return 0;
-}
-#endif
 #ifdef HAVE_SOCKLEN_T
 #ifdef _WIN32
 #include <ws2tcpip.h>
--- a/CMake/FindGSS.cmake
+++ b/CMake/FindGSS.cmake
@@ -0,0 +1,289 @@
+# - Try to find the GSS Kerberos library
+# Once done this will define
+#
+#  GSS_ROOT_DIR - Set this variable to the root installation of GSS
+#
+# Read-Only variables:
+#  GSS_FOUND - system has the Heimdal library
+#  GSS_FLAVOUR - "MIT" or "Heimdal" if anything found.
+#  GSS_INCLUDE_DIR - the Heimdal include directory
+#  GSS_LIBRARIES - The libraries needed to use GSS
+#  GSS_LINK_DIRECTORIES - Directories to add to linker search path
+#  GSS_LINKER_FLAGS - Additional linker flags
+#  GSS_COMPILER_FLAGS - Additional compiler flags
+#  GSS_VERSION - This is set to version advertised by pkg-config or read from manifest.
+#                In case the library is found but no version info availabe it'll be set to "unknown"
+
+set(_MIT_MODNAME mit-krb5-gssapi)
+set(_HEIMDAL_MODNAME heimdal-gssapi)
+
+include(CheckIncludeFile)
+include(CheckIncludeFiles)
+include(CheckTypeSize)
+
+set(_GSS_ROOT_HINTS
+    "${GSS_ROOT_DIR}"
+    "$ENV{GSS_ROOT_DIR}"
+)
+
+# try to find library using system pkg-config if user didn't specify root dir
+if(NOT GSS_ROOT_DIR AND NOT "$ENV{GSS_ROOT_DIR}")
+    if(UNIX)
+        find_package(PkgConfig QUIET)
+        pkg_search_module(_GSS_PKG ${_MIT_MODNAME} ${_HEIMDAL_MODNAME})
+        list(APPEND _GSS_ROOT_HINTS "${_GSS_PKG_PREFIX}")
+    elseif(WIN32)
+        list(APPEND _GSS_ROOT_HINTS "[HKEY_LOCAL_MACHINE\\SOFTWARE\\MIT\\Kerberos;InstallDir]")
+    endif()
+endif()
+
+if(NOT _GSS_FOUND) #not found by pkg-config. Let's take more traditional approach.
+    find_file(_GSS_CONFIGURE_SCRIPT
+        NAMES
+            "krb5-config"
+        HINTS
+            ${_GSS_ROOT_HINTS}
+        PATH_SUFFIXES
+            bin
+        NO_CMAKE_PATH
+        NO_CMAKE_ENVIRONMENT_PATH
+    )
+
+    # if not found in user-supplied directories, maybe system knows better
+    find_file(_GSS_CONFIGURE_SCRIPT
+        NAMES
+            "krb5-config"
+        PATH_SUFFIXES
+            bin
+    )
+
+    if(_GSS_CONFIGURE_SCRIPT)
+        execute_process(
+            COMMAND ${_GSS_CONFIGURE_SCRIPT} "--cflags" "gssapi"
+            OUTPUT_VARIABLE _GSS_CFLAGS
+            RESULT_VARIABLE _GSS_CONFIGURE_FAILED
+        )
+message(STATUS "CFLAGS: ${_GSS_CFLAGS}")
+        if(NOT _GSS_CONFIGURE_FAILED) # 0 means success
+            # should also work in an odd case when multiple directories are given
+            string(STRIP "${_GSS_CFLAGS}" _GSS_CFLAGS)
+            string(REGEX REPLACE " +-I" ";" _GSS_CFLAGS "${_GSS_CFLAGS}")
+            string(REGEX REPLACE " +-([^I][^ \\t;]*)" ";-\\1"_GSS_CFLAGS "${_GSS_CFLAGS}")
+
+            foreach(_flag ${_GSS_CFLAGS})
+                if(_flag MATCHES "^-I.*")
+                    string(REGEX REPLACE "^-I" "" _val "${_flag}")
+                    list(APPEND _GSS_INCLUDE_DIR "${_val}")
+                else()
+                    list(APPEND _GSS_COMPILER_FLAGS "${_flag}")
+                endif()
+            endforeach()
+        endif()
+
+        execute_process(
+            COMMAND ${_GSS_CONFIGURE_SCRIPT} "--libs" "gssapi"
+            OUTPUT_VARIABLE _GSS_LIB_FLAGS
+            RESULT_VARIABLE _GSS_CONFIGURE_FAILED
+        )
+message(STATUS "LDFLAGS: ${_GSS_LIB_FLAGS}")
+        if(NOT _GSS_CONFIGURE_FAILED) # 0 means success
+            # this script gives us libraries and link directories. Blah. We have to deal with it.
+            string(STRIP "${_GSS_LIB_FLAGS}" _GSS_LIB_FLAGS)
+            string(REGEX REPLACE " +-(L|l)" ";-\\1" _GSS_LIB_FLAGS "${_GSS_LIB_FLAGS}")
+            string(REGEX REPLACE " +-([^Ll][^ \\t;]*)" ";-\\1"_GSS_LIB_FLAGS "${_GSS_LIB_FLAGS}")
+
+            foreach(_flag ${_GSS_LIB_FLAGS})
+                if(_flag MATCHES "^-l.*")
+                    string(REGEX REPLACE "^-l" "" _val "${_flag}")
+                    list(APPEND _GSS_LIBRARIES "${_val}")
+                elseif(_flag MATCHES "^-L.*")
+                    string(REGEX REPLACE "^-L" "" _val "${_flag}")
+                    list(APPEND _GSS_LINK_DIRECTORIES "${_val}")
+                else()
+                    list(APPEND _GSS_LINKER_FLAGS "${_flag}")
+                endif()
+            endforeach()
+        endif()
+
+
+        execute_process(
+            COMMAND ${_GSS_CONFIGURE_SCRIPT} "--version"
+            OUTPUT_VARIABLE _GSS_VERSION
+            RESULT_VARIABLE _GSS_CONFIGURE_FAILED
+        )
+
+        # older versions may not have the "--version" parameter. In this case we just don't care.
+        if(_GSS_CONFIGURE_FAILED)
+            set(_GSS_VERSION 0)
+        endif()
+
+
+        execute_process(
+            COMMAND ${_GSS_CONFIGURE_SCRIPT} "--vendor"
+            OUTPUT_VARIABLE _GSS_VENDOR
+            RESULT_VARIABLE _GSS_CONFIGURE_FAILED
+        )
+
+        # older versions may not have the "--vendor" parameter. In this case we just don't care.
+        if(_GSS_CONFIGURE_FAILED)
+            set(GSS_FLAVOUR "Heimdal") # most probably, shouldn't really matter
+        else()
+            if(_GSS_VENDOR MATCHES ".*H|heimdal.*")
+                set(GSS_FLAVOUR "Heimdal")
+            else()
+                set(GSS_FLAVOUR "MIT")
+            endif()
+        endif()
+
+    else() # either there is no config script or we are on platform that doesn't provide one (Windows?)
+
+        find_path(_GSS_INCLUDE_DIR
+            NAMES
+                "gssapi/gssapi.h"
+            HINTS
+                ${_GSS_ROOT_HINTS}
+            PATH_SUFFIXES
+                include
+                inc
+        )
+
+        if(_GSS_INCLUDE_DIR) #jay, we've found something
+            set(CMAKE_REQUIRED_INCLUDES "${_GSS_INCLUDE_DIR}")
+            check_include_files( "gssapi/gssapi_generic.h;gssapi/gssapi_krb5.h" _GSS_HAVE_MIT_HEADERS)
+
+            if(_GSS_HAVE_MIT_HEADERS)
+                set(GSS_FLAVOUR "MIT")
+            else()
+                # prevent compiling the header - just check if we can include it
+                set(CMAKE_REQUIRED_DEFINITIONS "-D__ROKEN_H__")
+                check_include_file( "roken.h" _GSS_HAVE_ROKEN_H)
+
+                check_include_file( "heimdal/roken.h" _GSS_HAVE_HEIMDAL_ROKEN_H)
+                if(_GSS_HAVE_ROKEN_H OR _GSS_HAVE_HEIMDAL_ROKEN_H)
+                    set(GSS_FLAVOUR "Heimdal")
+                endif()
+                set(CMAKE_REQUIRED_DEFINITIONS "")
+            endif()
+        else()
+            # I'm not convienced if this is the right way but this is what autotools do at the moment
+            find_path(_GSS_INCLUDE_DIR
+                NAMES
+                    "gssapi.h"
+                HINTS
+                    ${_GSS_ROOT_HINTS}
+                PATH_SUFFIXES
+                    include
+                    inc
+            )
+
+            if(_GSS_INCLUDE_DIR)
+                set(GSS_FLAVOUR "Heimdal")
+            endif()
+        endif()
+
+        # if we have headers, check if we can link libraries
+        if(GSS_FLAVOUR)
+            set(_GSS_LIBDIR_SUFFIXES "")
+            set(_GSS_LIBDIR_HINTS ${_GSS_ROOT_HINTS})
+            get_filename_component(_GSS_CALCULATED_POTENTIAL_ROOT "${_GSS_INCLUDE_DIR}" PATH)
+            list(APPEND _GSS_LIBDIR_HINTS ${_GSS_CALCULATED_POTENTIAL_ROOT})
+
+            if(WIN32)
+                if(CMAKE_SIZEOF_VOID_P EQUAL 8)
+                    list(APPEND _GSS_LIBDIR_SUFFIXES "lib/AMD64")
+                    if(GSS_FLAVOUR STREQUAL "MIT")
+                        set(_GSS_LIBNAME "gssapi64")
+                    else()
+                        set(_GSS_LIBNAME "libgssapi")
+                    endif()
+                else()
+                    list(APPEND _GSS_LIBDIR_SUFFIXES "lib/i386")
+                    if(GSS_FLAVOUR STREQUAL "MIT")
+                        set(_GSS_LIBNAME "gssapi32")
+                    else()
+                        set(_GSS_LIBNAME "libgssapi")
+                    endif()
+                endif()
+            else()
+                list(APPEND _GSS_LIBDIR_SUFFIXES "lib;lib64") # those suffixes are not checked for HINTS
+                if(GSS_FLAVOUR STREQUAL "MIT")
+                    set(_GSS_LIBNAME "gssapi_krb5")
+                else()
+                    set(_GSS_LIBNAME "gssapi")
+                endif()
+            endif()
+
+            find_library(_GSS_LIBRARIES
+                NAMES
+                    ${_GSS_LIBNAME}
+                HINTS
+                    ${_GSS_LIBDIR_HINTS}
+                PATH_SUFFIXES
+                    ${_GSS_LIBDIR_SUFFIXES}
+            )
+
+        endif()
+
+    endif()
+else()
+    if(_GSS_PKG_${_MIT_MODNAME}_VERSION)
+        set(GSS_FLAVOUR "MIT")
+        set(_GSS_VERSION _GSS_PKG_${_MIT_MODNAME}_VERSION)
+    else()
+        set(GSS_FLAVOUR "Heimdal")
+        set(_GSS_VERSION _GSS_PKG_${_MIT_HEIMDAL}_VERSION)
+    endif()
+endif()
+
+set(GSS_INCLUDE_DIR ${_GSS_INCLUDE_DIR})
+set(GSS_LIBRARIES ${_GSS_LIBRARIES})
+set(GSS_LINK_DIRECTORIES ${_GSS_LINK_DIRECTORIES})
+set(GSS_LINKER_FLAGS ${_GSS_LINKER_FLAGS})
+set(GSS_COMPILER_FLAGS ${_GSS_COMPILER_FLAGS})
+set(GSS_VERSION ${_GSS_VERSION})
+
+if(GSS_FLAVOUR)
+
+    if(NOT GSS_VERSION AND GSS_FLAVOUR STREQUAL "Heimdal")
+        if(CMAKE_SIZEOF_VOID_P EQUAL 8)
+            set(HEIMDAL_MANIFEST_FILE "Heimdal.Application.amd64.manifest")
+        else()
+            set(HEIMDAL_MANIFEST_FILE "Heimdal.Application.x86.manifest")
+        endif()
+
+        if(EXISTS "${GSS_INCLUDE_DIR}/${HEIMDAL_MANIFEST_FILE}")
+            file(STRINGS "${GSS_INCLUDE_DIR}/${HEIMDAL_MANIFEST_FILE}" heimdal_version_str
+                 REGEX "^.*version=\"[0-9]\\.[^\"]+\".*$")
+
+            string(REGEX MATCH "[0-9]\\.[^\"]+"
+                   GSS_VERSION "${heimdal_version_str}")
+        endif()
+
+        if(NOT GSS_VERSION)
+            set(GSS_VERSION "Heimdal Unknown")
+        endif()
+    elseif(NOT GSS_VERSION AND GSS_FLAVOUR STREQUAL "MIT")
+        get_filename_component(_MIT_VERSION "[HKEY_LOCAL_MACHINE\\SOFTWARE\\MIT\\Kerberos\\SDK\\CurrentVersion;VersionString]" NAME CACHE)
+        if(WIN32 AND _MIT_VERSION)
+            set(GSS_VERSION "${_MIT_VERSION}")
+        else()
+            set(GSS_VERSION "MIT Unknown")
+        endif()
+    endif()
+endif()
+
+
+include(FindPackageHandleStandardArgs)
+
+set(_GSS_REQUIRED_VARS GSS_LIBRARIES GSS_FLAVOUR)
+
+find_package_handle_standard_args(GSS
+    REQUIRED_VARS
+        ${_GSS_REQUIRED_VARS}
+    VERSION_VAR
+        GSS_VERSION
+    FAIL_MESSAGE
+        "Could NOT find GSS, try to set the path to GSS root folder in the system variable GSS_ROOT_DIR"
+)
+
+mark_as_advanced(GSS_INCLUDE_DIR GSS_LIBRARIES)
--- a/CMake/FindLibSSH2.cmake
+++ b/CMake/FindLibSSH2.cmake
@@ -0,0 +1,35 @@
+# - Try to find the libssh2 library
+# Once done this will define
+#
+# LIBSSH2_FOUND - system has the libssh2 library
+# LIBSSH2_INCLUDE_DIR - the libssh2 include directory
+# LIBSSH2_LIBRARY - the libssh2 library name
+
+if (LIBSSH2_INCLUDE_DIR AND LIBSSH2_LIBRARY)
+  set(LibSSH2_FIND_QUIETLY TRUE)
+endif (LIBSSH2_INCLUDE_DIR AND LIBSSH2_LIBRARY)
+
+FIND_PATH(LIBSSH2_INCLUDE_DIR libssh2.h
+)
+
+FIND_LIBRARY(LIBSSH2_LIBRARY NAMES ssh2
+)
+
+if(LIBSSH2_INCLUDE_DIR)
+  file(STRINGS "${LIBSSH2_INCLUDE_DIR}/libssh2.h" libssh2_version_str REGEX "^#define[\t ]+LIBSSH2_VERSION_NUM[\t ]+0x[0-9][0-9][0-9][0-9][0-9][0-9].*")
+
+  string(REGEX REPLACE "^.*LIBSSH2_VERSION_NUM[\t ]+0x([0-9][0-9]).*$" "\\1" LIBSSH2_VERSION_MAJOR "${libssh2_version_str}")
+  string(REGEX REPLACE "^.*LIBSSH2_VERSION_NUM[\t ]+0x[0-9][0-9]([0-9][0-9]).*$" "\\1" LIBSSH2_VERSION_MINOR  "${libssh2_version_str}")
+  string(REGEX REPLACE "^.*LIBSSH2_VERSION_NUM[\t ]+0x[0-9][0-9][0-9][0-9]([0-9][0-9]).*$" "\\1" LIBSSH2_VERSION_PATCH "${libssh2_version_str}")
+
+  string(REGEX REPLACE "^0(.+)" "\\1" LIBSSH2_VERSION_MAJOR "${LIBSSH2_VERSION_MAJOR}")
+  string(REGEX REPLACE "^0(.+)" "\\1" LIBSSH2_VERSION_MINOR "${LIBSSH2_VERSION_MINOR}")
+  string(REGEX REPLACE "^0(.+)" "\\1" LIBSSH2_VERSION_PATCH "${LIBSSH2_VERSION_PATCH}")
+
+  set(LIBSSH2_VERSION "${LIBSSH2_VERSION_MAJOR}.${LIBSSH2_VERSION_MINOR}.${LIBSSH2_VERSION_PATCH}")
+endif(LIBSSH2_INCLUDE_DIR)
+
+include(FindPackageHandleStandardArgs)
+FIND_PACKAGE_HANDLE_STANDARD_ARGS(LibSSH2 DEFAULT_MSG LIBSSH2_INCLUDE_DIR LIBSSH2_LIBRARY )
+
+MARK_AS_ADVANCED(LIBSSH2_INCLUDE_DIR LIBSSH2_LIBRARY LIBSSH2_VERSION_MAJOR LIBSSH2_VERSION_MINOR LIBSSH2_VERSION_PATCH LIBSSH2_VERSION)
--- a/CMake/FindOpenSSL.cmake
+++ b/CMake/FindOpenSSL.cmake
@@ -1,21 +0,0 @@
-# Extension of the standard FindOpenSSL.cmake
-# Adds OPENSSL_INCLUDE_DIRS and libeay32
-include("${CMAKE_ROOT}/Modules/FindOpenSSL.cmake")
-
-# starting 2.8 it is better to use standard modules
-if(CMAKE_MAJOR_VERSION EQUAL "2" AND CMAKE_MINOR_VERSION LESS "8")
-  # Bill Hoffman told that libeay32 is necessary for him:
-  find_library(SSL_LIBEAY NAMES libeay32)
-
-  if(OPENSSL_FOUND)
-    if(SSL_LIBEAY)
-      list(APPEND OPENSSL_LIBRARIES ${SSL_LIBEAY})
-    else()
-      set(OPENSSL_FOUND FALSE)
-    endif()
-  endif()
-endif() # if (CMAKE_MAJOR_VERSION EQUAL "2" AND CMAKE_MINOR_VERSION LESS "8")
-
-if(OPENSSL_FOUND)
-  set(OPENSSL_INCLUDE_DIRS ${OPENSSL_INCLUDE_DIR})
-endif()
--- a/CMake/FindZLIB.cmake
+++ b/CMake/FindZLIB.cmake
@@ -1,10 +0,0 @@
-# Locate zlib
-include("${CMAKE_ROOT}/Modules/FindZLIB.cmake")
-
-# starting 2.8 it is better to use standard modules
-if(CMAKE_MAJOR_VERSION EQUAL "2" AND CMAKE_MINOR_VERSION LESS "8")
-  find_library(ZLIB_LIBRARY_DEBUG NAMES zd zlibd zdlld zlib1d )
-  if(ZLIB_FOUND AND ZLIB_LIBRARY_DEBUG)
-    set( ZLIB_LIBRARIES optimized "${ZLIB_LIBRARY}" debug ${ZLIB_LIBRARY_DEBUG})
-  endif()
-endif()
--- a/CMake/Macros.cmake
+++ b/CMake/Macros.cmake
@@ -0,0 +1,89 @@
+#File defines convenience macros for available feature testing
+
+# This macro checks if the symbol exists in the library and if it
+# does, it appends library to the list.
+macro(CHECK_LIBRARY_EXISTS_CONCAT LIBRARY SYMBOL VARIABLE)
+  check_library_exists("${CURL_LIBS};${LIBRARY}" ${SYMBOL} "${CMAKE_LIBRARY_PATH}"
+    ${VARIABLE})
+  if(${VARIABLE})
+    list(APPEND CURL_LIBS ${LIBRARY})
+  endif(${VARIABLE})
+endmacro(CHECK_LIBRARY_EXISTS_CONCAT)
+
+# Check if header file exists and add it to the list.
+macro(CHECK_INCLUDE_FILE_CONCAT FILE VARIABLE)
+  check_include_file("${FILE}" ${VARIABLE})
+  if(${VARIABLE})
+    set(CURL_INCLUDES ${CURL_INCLUDES} ${FILE})
+    set(CURL_TEST_DEFINES "${CURL_TEST_DEFINES} -D${VARIABLE}")
+  endif(${VARIABLE})
+endmacro(CHECK_INCLUDE_FILE_CONCAT)
+
+# For other curl specific tests, use this macro.
+macro(CURL_INTERNAL_TEST CURL_TEST)
+  if("${CURL_TEST}" MATCHES "^${CURL_TEST}$")
+    set(MACRO_CHECK_FUNCTION_DEFINITIONS
+      "-D${CURL_TEST} ${CURL_TEST_DEFINES} ${CMAKE_REQUIRED_FLAGS}")
+    if(CMAKE_REQUIRED_LIBRARIES)
+      set(CURL_TEST_ADD_LIBRARIES
+        "-DLINK_LIBRARIES:STRING=${CMAKE_REQUIRED_LIBRARIES}")
+    endif(CMAKE_REQUIRED_LIBRARIES)
+
+    message(STATUS "Performing Curl Test ${CURL_TEST}")
+    try_compile(${CURL_TEST}
+      ${CMAKE_BINARY_DIR}
+      ${CMAKE_CURRENT_SOURCE_DIR}/CMake/CurlTests.c
+      CMAKE_FLAGS -DCOMPILE_DEFINITIONS:STRING=${MACRO_CHECK_FUNCTION_DEFINITIONS}
+      "${CURL_TEST_ADD_LIBRARIES}"
+      OUTPUT_VARIABLE OUTPUT)
+    if(${CURL_TEST})
+      set(${CURL_TEST} 1 CACHE INTERNAL "Curl test ${FUNCTION}")
+      message(STATUS "Performing Curl Test ${CURL_TEST} - Success")
+      file(APPEND ${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeOutput.log
+        "Performing Curl Test ${CURL_TEST} passed with the following output:\n"
+        "${OUTPUT}\n")
+    else(${CURL_TEST})
+      message(STATUS "Performing Curl Test ${CURL_TEST} - Failed")
+      set(${CURL_TEST} "" CACHE INTERNAL "Curl test ${FUNCTION}")
+      file(APPEND ${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeError.log
+        "Performing Curl Test ${CURL_TEST} failed with the following output:\n"
+        "${OUTPUT}\n")
+    endif(${CURL_TEST})
+  endif("${CURL_TEST}" MATCHES "^${CURL_TEST}$")
+endmacro(CURL_INTERNAL_TEST)
+
+macro(CURL_INTERNAL_TEST_RUN CURL_TEST)
+  if("${CURL_TEST}_COMPILE" MATCHES "^${CURL_TEST}_COMPILE$")
+    set(MACRO_CHECK_FUNCTION_DEFINITIONS
+      "-D${CURL_TEST} ${CMAKE_REQUIRED_FLAGS}")
+    if(CMAKE_REQUIRED_LIBRARIES)
+      set(CURL_TEST_ADD_LIBRARIES
+        "-DLINK_LIBRARIES:STRING=${CMAKE_REQUIRED_LIBRARIES}")
+    endif(CMAKE_REQUIRED_LIBRARIES)
+
+    message(STATUS "Performing Curl Test ${CURL_TEST}")
+    try_run(${CURL_TEST} ${CURL_TEST}_COMPILE
+      ${CMAKE_BINARY_DIR}
+      ${CMAKE_CURRENT_SOURCE_DIR}/CMake/CurlTests.c
+      CMAKE_FLAGS -DCOMPILE_DEFINITIONS:STRING=${MACRO_CHECK_FUNCTION_DEFINITIONS}
+      "${CURL_TEST_ADD_LIBRARIES}"
+      OUTPUT_VARIABLE OUTPUT)
+    if(${CURL_TEST}_COMPILE AND NOT ${CURL_TEST})
+      set(${CURL_TEST} 1 CACHE INTERNAL "Curl test ${FUNCTION}")
+      message(STATUS "Performing Curl Test ${CURL_TEST} - Success")
+    else(${CURL_TEST}_COMPILE AND NOT ${CURL_TEST})
+      message(STATUS "Performing Curl Test ${CURL_TEST} - Failed")
+      set(${CURL_TEST} "" CACHE INTERNAL "Curl test ${FUNCTION}")
+      file(APPEND "${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeError.log"
+        "Performing Curl Test ${CURL_TEST} failed with the following output:\n"
+        "${OUTPUT}")
+      if(${CURL_TEST}_COMPILE)
+        file(APPEND
+          "${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeError.log"
+          "There was a problem running this test\n")
+      endif(${CURL_TEST}_COMPILE)
+      file(APPEND "${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeError.log"
+        "\n\n")
+    endif(${CURL_TEST}_COMPILE AND NOT ${CURL_TEST})
+  endif("${CURL_TEST}_COMPILE" MATCHES "^${CURL_TEST}_COMPILE$")
+endmacro(CURL_INTERNAL_TEST_RUN)
--- a/CMake/OtherTests.cmake
+++ b/CMake/OtherTests.cmake
@@ -1,15 +1,10 @@
-include(CurlCheckCSourceCompiles)
-set(EXTRA_DEFINES "__unused1\n#undef inline\n#define __unused2")
-set(HEADER_INCLUDES)
-set(headers_hack)
+include(CheckCSourceCompiles)
+# The begin of the sources (macros and includes)
+set(_source_epilogue "#undef inline")

 macro(add_header_include check header)
  if(${check})
-    set(headers_hack
-      "${headers_hack}\n#include <${header}>")
-    #SET(HEADER_INCLUDES
-    #  ${HEADER_INCLUDES}
-    #  "${header}")
+    set(_source_epilogue "${_source_epilogue}\n#include <${header}>")
  endif(${check})
 endmacro(add_header_include)

@@ -18,22 +13,23 @@ if(HAVE_WINDOWS_H)
  add_header_include(HAVE_WINDOWS_H "windows.h")
  add_header_include(HAVE_WINSOCK2_H "winsock2.h")
  add_header_include(HAVE_WINSOCK_H "winsock.h")
-  set(EXTRA_DEFINES ${EXTRA_DEFINES}
-    "__unused7\n#ifndef WIN32_LEAN_AND_MEAN\n#define WIN32_LEAN_AND_MEAN\n#endif\n#define __unused3")
+  set(_source_epilogue
+      "${_source_epilogue}\n#ifndef WIN32_LEAN_AND_MEAN\n#define WIN32_LEAN_AND_MEAN\n#endif")
  set(signature_call_conv "PASCAL")
+  if(HAVE_LIBWS2_32)
+    set(CMAKE_REQUIRED_LIBRARIES ws2_32)
+  endif()
 else(HAVE_WINDOWS_H)
  add_header_include(HAVE_SYS_TYPES_H "sys/types.h")
  add_header_include(HAVE_SYS_SOCKET_H "sys/socket.h")
 endif(HAVE_WINDOWS_H)

-set(EXTRA_DEFINES_BACKUP "${EXTRA_DEFINES}")
-set(EXTRA_DEFINES "${EXTRA_DEFINES_BACKUP}\n${headers_hack}\n${extern_line}\n#define __unused5")
-curl_check_c_source_compiles("recv(0, 0, 0, 0)" curl_cv_recv)
+check_c_source_compiles("${_source_epilogue}
+int main(void) {
+    recv(0, 0, 0, 0);
+    return 0;
+}" curl_cv_recv)
 if(curl_cv_recv)
-  #    AC_CACHE_CHECK([types of arguments and return type for recv],
-  #[curl_cv_func_recv_args], [
-  #SET(curl_cv_func_recv_args "unknown")
-  #for recv_retv in 'int' 'ssize_t'; do
  if(NOT DEFINED curl_cv_func_recv_args OR "${curl_cv_func_recv_args}" STREQUAL "unknown")
    foreach(recv_retv "int" "ssize_t" )
      foreach(recv_arg1 "int" "ssize_t" "SOCKET")
@@ -41,17 +37,23 @@ if(curl_cv_recv)
          foreach(recv_arg3 "size_t" "int" "socklen_t" "unsigned int")
            foreach(recv_arg4 "int" "unsigned int")
              if(NOT curl_cv_func_recv_done)
-                set(curl_cv_func_recv_test "UNKNOWN")
-                set(extern_line "extern ${recv_retv} ${signature_call_conv} recv(${recv_arg1}, ${recv_arg2}, ${recv_arg3}, ${recv_arg4})\;")
-                set(EXTRA_DEFINES "${EXTRA_DEFINES_BACKUP}\n${headers_hack}\n${extern_line}\n#define __unused5")
-                curl_check_c_source_compiles("
+                unset(curl_cv_func_recv_test CACHE)
+                check_c_source_compiles("
+                  ${_source_epilogue}
+                  extern ${recv_retv} ${signature_call_conv}
+                  recv(${recv_arg1}, ${recv_arg2}, ${recv_arg3}, ${recv_arg4});
+                  int main(void) {
                    ${recv_arg1} s=0;
                    ${recv_arg2} buf=0;
                    ${recv_arg3} len=0;
                    ${recv_arg4} flags=0;
-                    ${recv_retv} res = recv(s, buf, len, flags)"
-                  curl_cv_func_recv_test
-                  "${recv_retv} recv(${recv_arg1}, ${recv_arg2}, ${recv_arg3}, ${recv_arg4})")
+                    ${recv_retv} res = recv(s, buf, len, flags);
+                    (void) res;
+                    return 0;
+                  }"
+                  curl_cv_func_recv_test)
+                message(STATUS
+                  "Tested: ${recv_retv} recv(${recv_arg1}, ${recv_arg2}, ${recv_arg3}, ${recv_arg4})")
                if(curl_cv_func_recv_test)
                  set(curl_cv_func_recv_args
                    "${recv_arg1},${recv_arg2},${recv_arg3},${recv_arg4},${recv_retv}")
@@ -69,18 +71,13 @@ if(curl_cv_recv)
        endforeach(recv_arg2)
      endforeach(recv_arg1)
    endforeach(recv_retv)
-  else(NOT DEFINED curl_cv_func_recv_args OR "${curl_cv_func_recv_args}" STREQUAL "unknown")
+  else()
    string(REGEX REPLACE "^([^,]*),[^,]*,[^,]*,[^,]*,[^,]*$" "\\1" RECV_TYPE_ARG1 "${curl_cv_func_recv_args}")
    string(REGEX REPLACE "^[^,]*,([^,]*),[^,]*,[^,]*,[^,]*$" "\\1" RECV_TYPE_ARG2 "${curl_cv_func_recv_args}")
    string(REGEX REPLACE "^[^,]*,[^,]*,([^,]*),[^,]*,[^,]*$" "\\1" RECV_TYPE_ARG3 "${curl_cv_func_recv_args}")
    string(REGEX REPLACE "^[^,]*,[^,]*,[^,]*,([^,]*),[^,]*$" "\\1" RECV_TYPE_ARG4 "${curl_cv_func_recv_args}")
    string(REGEX REPLACE "^[^,]*,[^,]*,[^,]*,[^,]*,([^,]*)$" "\\1" RECV_TYPE_RETV "${curl_cv_func_recv_args}")
-    #MESSAGE("RECV_TYPE_ARG1 ${RECV_TYPE_ARG1}")
-    #MESSAGE("RECV_TYPE_ARG2 ${RECV_TYPE_ARG2}")
-    #MESSAGE("RECV_TYPE_ARG3 ${RECV_TYPE_ARG3}")
-    #MESSAGE("RECV_TYPE_ARG4 ${RECV_TYPE_ARG4}")
-    #MESSAGE("RECV_TYPE_RETV ${RECV_TYPE_RETV}")
-  endif(NOT DEFINED curl_cv_func_recv_args OR "${curl_cv_func_recv_args}" STREQUAL "unknown")
+  endif()

  if("${curl_cv_func_recv_args}" STREQUAL "unknown")
    message(FATAL_ERROR "Cannot find proper types to use for recv args")
@@ -91,12 +88,12 @@ endif(curl_cv_recv)
 set(curl_cv_func_recv_args "${curl_cv_func_recv_args}" CACHE INTERNAL "Arguments for recv")
 set(HAVE_RECV 1)

-curl_check_c_source_compiles("send(0, 0, 0, 0)" curl_cv_send)
+check_c_source_compiles("${_source_epilogue}
+int main(void) {
+    send(0, 0, 0, 0);
+    return 0;
+}" curl_cv_send)
 if(curl_cv_send)
-  #    AC_CACHE_CHECK([types of arguments and return type for send],
-  #[curl_cv_func_send_args], [
-  #SET(curl_cv_func_send_args "unknown")
-  #for send_retv in 'int' 'ssize_t'; do
  if(NOT DEFINED curl_cv_func_send_args OR "${curl_cv_func_send_args}" STREQUAL "unknown")
    foreach(send_retv "int" "ssize_t" )
      foreach(send_arg1 "int" "ssize_t" "SOCKET")
@@ -104,19 +101,24 @@ if(curl_cv_send)
          foreach(send_arg3 "size_t" "int" "socklen_t" "unsigned int")
            foreach(send_arg4 "int" "unsigned int")
              if(NOT curl_cv_func_send_done)
-                set(curl_cv_func_send_test "UNKNOWN")
-                set(extern_line "extern ${send_retv} ${signature_call_conv} send(${send_arg1}, ${send_arg2}, ${send_arg3}, ${send_arg4})\;")
-                set(EXTRA_DEFINES "${EXTRA_DEFINES_BACKUP}\n${headers_hack}\n${extern_line}\n#define __unused5")
-                curl_check_c_source_compiles("
+                unset(curl_cv_func_send_test CACHE)
+                check_c_source_compiles("
+                  ${_source_epilogue}
+                  extern ${send_retv} ${signature_call_conv}
+                  send(${send_arg1}, ${send_arg2}, ${send_arg3}, ${send_arg4});
+                  int main(void) {
                    ${send_arg1} s=0;
                    ${send_arg2} buf=0;
                    ${send_arg3} len=0;
                    ${send_arg4} flags=0;
-                    ${send_retv} res = send(s, buf, len, flags)"
-                  curl_cv_func_send_test
-                  "${send_retv} send(${send_arg1}, ${send_arg2}, ${send_arg3}, ${send_arg4})")
+                    ${send_retv} res = send(s, buf, len, flags);
+                    (void) res;
+                    return 0;
+                  }"
+                  curl_cv_func_send_test)
+                message(STATUS
+                  "Tested: ${send_retv} send(${send_arg1}, ${send_arg2}, ${send_arg3}, ${send_arg4})")
                if(curl_cv_func_send_test)
-                  #MESSAGE("Found arguments: ${curl_cv_func_send_test}")
                  string(REGEX REPLACE "(const) .*" "\\1" send_qual_arg2 "${send_arg2}")
                  string(REGEX REPLACE "const (.*)" "\\1" send_arg2 "${send_arg2}")
                  set(curl_cv_func_send_args
@@ -135,20 +137,14 @@ if(curl_cv_send)
        endforeach(send_arg2)
      endforeach(send_arg1)
    endforeach(send_retv)
-  else(NOT DEFINED curl_cv_func_send_args OR "${curl_cv_func_send_args}" STREQUAL "unknown")
+  else()
    string(REGEX REPLACE "^([^,]*),[^,]*,[^,]*,[^,]*,[^,]*,[^,]*$" "\\1" SEND_TYPE_ARG1 "${curl_cv_func_send_args}")
    string(REGEX REPLACE "^[^,]*,([^,]*),[^,]*,[^,]*,[^,]*,[^,]*$" "\\1" SEND_TYPE_ARG2 "${curl_cv_func_send_args}")
    string(REGEX REPLACE "^[^,]*,[^,]*,([^,]*),[^,]*,[^,]*,[^,]*$" "\\1" SEND_TYPE_ARG3 "${curl_cv_func_send_args}")
    string(REGEX REPLACE "^[^,]*,[^,]*,[^,]*,([^,]*),[^,]*,[^,]*$" "\\1" SEND_TYPE_ARG4 "${curl_cv_func_send_args}")
    string(REGEX REPLACE "^[^,]*,[^,]*,[^,]*,[^,]*,([^,]*),[^,]*$" "\\1" SEND_TYPE_RETV "${curl_cv_func_send_args}")
    string(REGEX REPLACE "^[^,]*,[^,]*,[^,]*,[^,]*,[^,]*,([^,]*)$" "\\1" SEND_QUAL_ARG2 "${curl_cv_func_send_args}")
-    #MESSAGE("SEND_TYPE_ARG1 ${SEND_TYPE_ARG1}")
-    #MESSAGE("SEND_TYPE_ARG2 ${SEND_TYPE_ARG2}")
-    #MESSAGE("SEND_TYPE_ARG3 ${SEND_TYPE_ARG3}")
-    #MESSAGE("SEND_TYPE_ARG4 ${SEND_TYPE_ARG4}")
-    #MESSAGE("SEND_TYPE_RETV ${SEND_TYPE_RETV}")
-    #MESSAGE("SEND_QUAL_ARG2 ${SEND_QUAL_ARG2}")
-  endif(NOT DEFINED curl_cv_func_send_args OR "${curl_cv_func_send_args}" STREQUAL "unknown")
+  endif()

  if("${curl_cv_func_send_args}" STREQUAL "unknown")
    message(FATAL_ERROR "Cannot find proper types to use for send args")
@@ -160,88 +156,71 @@ endif(curl_cv_send)
 set(curl_cv_func_send_args "${curl_cv_func_send_args}" CACHE INTERNAL "Arguments for send")
 set(HAVE_SEND 1)

-set(EXTRA_DEFINES "${EXTRA_DEFINES}\n${headers_hack}\n#define __unused5")
-curl_check_c_source_compiles("int flag = MSG_NOSIGNAL" HAVE_MSG_NOSIGNAL)
+check_c_source_compiles("${_source_epilogue}
+  int main(void) {
+    int flag = MSG_NOSIGNAL;
+    (void)flag;
+    return 0;
+  }" HAVE_MSG_NOSIGNAL)

-set(EXTRA_DEFINES "__unused1\n#undef inline\n#define __unused2")
-set(HEADER_INCLUDES)
-set(headers_hack)
-
-macro(add_header_include check header)
-  if(${check})
-    set(headers_hack
-      "${headers_hack}\n#include <${header}>")
-    #SET(HEADER_INCLUDES
-    #  ${HEADER_INCLUDES}
-    #  "${header}")
-  endif(${check})
-endmacro(add_header_include header)
-
-if(HAVE_WINDOWS_H)
-  set(EXTRA_DEFINES ${EXTRA_DEFINES}
-    "__unused7\n#ifndef WIN32_LEAN_AND_MEAN\n#define WIN32_LEAN_AND_MEAN\n#endif\n#define __unused3")
-  add_header_include(HAVE_WINDOWS_H "windows.h")
-  add_header_include(HAVE_WINSOCK2_H "winsock2.h")
-  add_header_include(HAVE_WINSOCK_H "winsock.h")
-else(HAVE_WINDOWS_H)
-  add_header_include(HAVE_SYS_TYPES_H "sys/types.h")
+if(NOT HAVE_WINDOWS_H)
  add_header_include(HAVE_SYS_TIME_H "sys/time.h")
  add_header_include(TIME_WITH_SYS_TIME "time.h")
  add_header_include(HAVE_TIME_H "time.h")
-endif(HAVE_WINDOWS_H)
-set(EXTRA_DEFINES "${EXTRA_DEFINES}\n${headers_hack}\n#define __unused5")
-curl_check_c_source_compiles("struct timeval ts;\nts.tv_sec  = 0;\nts.tv_usec = 0" HAVE_STRUCT_TIMEVAL)
+endif()
+check_c_source_compiles("${_source_epilogue}
+int main(void) {
+  struct timeval ts;
+  ts.tv_sec  = 0;
+  ts.tv_usec = 0;
+  (void)ts;
+  return 0;
+}" HAVE_STRUCT_TIMEVAL)


-include(CurlCheckCSourceRuns)
-set(EXTRA_DEFINES)
-set(HEADER_INCLUDES)
+include(CheckCSourceRuns)
+set(CMAKE_REQUIRED_FLAGS)
 if(HAVE_SYS_POLL_H)
-  set(HEADER_INCLUDES "sys/poll.h")
+  set(CMAKE_REQUIRED_FLAGS "-DHAVE_SYS_POLL_H")
 endif(HAVE_SYS_POLL_H)
-curl_check_c_source_runs("return poll((void *)0, 0, 10 /*ms*/)" HAVE_POLL_FINE)
+check_c_source_runs("
+  #ifdef HAVE_SYS_POLL_H
+  #  include <sys/poll.h>
+  #endif
+  int main(void) {
+    return poll((void *)0, 0, 10 /*ms*/);
+  }" HAVE_POLL_FINE)

 set(HAVE_SIG_ATOMIC_T 1)
-set(EXTRA_DEFINES)
-set(HEADER_INCLUDES)
+set(CMAKE_REQUIRED_FLAGS)
 if(HAVE_SIGNAL_H)
-  set(HEADER_INCLUDES "signal.h")
+  set(CMAKE_REQUIRED_FLAGS "-DHAVE_SIGNAL_H")
  set(CMAKE_EXTRA_INCLUDE_FILES "signal.h")
 endif(HAVE_SIGNAL_H)
 check_type_size("sig_atomic_t" SIZEOF_SIG_ATOMIC_T)
 if(HAVE_SIZEOF_SIG_ATOMIC_T)
-  curl_check_c_source_compiles("static volatile sig_atomic_t dummy = 0" HAVE_SIG_ATOMIC_T_NOT_VOLATILE)
+  check_c_source_compiles("
+    #ifdef HAVE_SIGNAL_H
+    #  include <signal.h>
+    #endif
+    int main(void) {
+      static volatile sig_atomic_t dummy = 0;
+      (void)dummy;
+      return 0;
+    }" HAVE_SIG_ATOMIC_T_NOT_VOLATILE)
  if(NOT HAVE_SIG_ATOMIC_T_NOT_VOLATILE)
    set(HAVE_SIG_ATOMIC_T_VOLATILE 1)
  endif(NOT HAVE_SIG_ATOMIC_T_NOT_VOLATILE)
 endif(HAVE_SIZEOF_SIG_ATOMIC_T)

-set(CHECK_TYPE_SIZE_PREINCLUDE
-  "#undef inline")
-
 if(HAVE_WINDOWS_H)
-  set(CHECK_TYPE_SIZE_PREINCLUDE "${CHECK_TYPE_SIZE_PREINCLUDE}
-  #ifndef WIN32_LEAN_AND_MEAN
-  #define WIN32_LEAN_AND_MEAN
-  #endif
-  #include <windows.h>")
-  if(HAVE_WINSOCK2_H)
-    set(CHECK_TYPE_SIZE_PREINCLUDE "${CHECK_TYPE_SIZE_PREINCLUDE}\n#include <winsock2.h>")
-  endif(HAVE_WINSOCK2_H)
-else(HAVE_WINDOWS_H)
+  set(CMAKE_EXTRA_INCLUDE_FILES winsock2.h)
+else()
+  set(CMAKE_EXTRA_INCLUDE_FILES)
  if(HAVE_SYS_SOCKET_H)
-    set(CMAKE_EXTRA_INCLUDE_FILES ${CMAKE_EXTRA_INCLUDE_FILES}
-      "sys/socket.h")
+    set(CMAKE_EXTRA_INCLUDE_FILES sys/socket.h)
  endif(HAVE_SYS_SOCKET_H)
-  if(HAVE_NETINET_IN_H)
-    set(CMAKE_EXTRA_INCLUDE_FILES ${CMAKE_EXTRA_INCLUDE_FILES}
-      "netinet/in.h")
-  endif(HAVE_NETINET_IN_H)
-  if(HAVE_ARPA_INET_H)
-    set(CMAKE_EXTRA_INCLUDE_FILES ${CMAKE_EXTRA_INCLUDE_FILES}
-      "arpa/inet.h")
-  endif(HAVE_ARPA_INET_H)
-endif(HAVE_WINDOWS_H)
+endif()

 check_type_size("struct sockaddr_storage" SIZEOF_STRUCT_SOCKADDR_STORAGE)
 if(HAVE_SIZEOF_STRUCT_SOCKADDR_STORAGE)
--- a/CMake/Platforms/WindowsCache.cmake
+++ b/CMake/Platforms/WindowsCache.cmake
@@ -14,7 +14,6 @@ if(NOT UNIX)
    set(HAVE_ARPA_INET_H 0)
    set(HAVE_DLFCN_H 0)
    set(HAVE_FCNTL_H 1)
-    set(HAVE_FEATURES_H 0)
    set(HAVE_INTTYPES_H 0)
    set(HAVE_IO_H 1)
    set(HAVE_MALLOC_H 1)
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -38,36 +38,27 @@
 # To check:
 # (From Daniel Stenberg) The cmake build selected to run gcc with -fPIC on my box while the plain configure script did not.
 # (From Daniel Stenberg) The gcc command line use neither -g nor any -O options. As a developer, I also treasure our configure scripts's --enable-debug option that sets a long range of "picky" compiler options.
-cmake_minimum_required(VERSION 2.6.2 FATAL_ERROR)
+cmake_minimum_required(VERSION 2.8 FATAL_ERROR)
 set(CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/CMake;${CMAKE_MODULE_PATH}")
 include(Utilities)
+include(Macros)

 project( CURL C )

 message(WARNING "the curl cmake build system is poorly maintained. Be aware")

 file (READ ${CURL_SOURCE_DIR}/include/curl/curlver.h CURL_VERSION_H_CONTENTS)
-string (REGEX MATCH "LIBCURL_VERSION_MAJOR[ \t]+([0-9]+)"
-  LIBCURL_VERSION_MJ ${CURL_VERSION_H_CONTENTS})
-string (REGEX MATCH "([0-9]+)"
-  LIBCURL_VERSION_MJ ${LIBCURL_VERSION_MJ})
-string (REGEX MATCH
-  "LIBCURL_VERSION_MINOR[ \t]+([0-9]+)"
-  LIBCURL_VERSION_MI ${CURL_VERSION_H_CONTENTS})
-string (REGEX MATCH "([0-9]+)" LIBCURL_VERSION_MI ${LIBCURL_VERSION_MI})
-string (REGEX MATCH
-  "LIBCURL_VERSION_PATCH[ \t]+([0-9]+)"
-  LIBCURL_VERSION_PT ${CURL_VERSION_H_CONTENTS})
-string (REGEX MATCH "([0-9]+)" LIBCURL_VERSION_PT ${LIBCURL_VERSION_PT})
-set (CURL_MAJOR_VERSION ${LIBCURL_VERSION_MJ})
-set (CURL_MINOR_VERSION ${LIBCURL_VERSION_MI})
-set (CURL_PATCH_VERSION ${LIBCURL_VERSION_PT})
+string (REGEX MATCH "#define LIBCURL_VERSION \"[^\"]*"
+  CURL_VERSION ${CURL_VERSION_H_CONTENTS})
+string (REGEX REPLACE "[^\"]+\"" "" CURL_VERSION ${CURL_VERSION})
+string (REGEX MATCH "#define LIBCURL_VERSION_NUM 0x[0-9a-fA-F]+"
+  CURL_VERSION_NUM ${CURL_VERSION_H_CONTENTS})
+string (REGEX REPLACE "[^0]+0x" "" CURL_VERSION_NUM ${CURL_VERSION_NUM})

 include_regular_expression("^.*$")    # Sukender: Is it necessary?

 # Setup package meta-data
 # SET(PACKAGE "curl")
-set(CURL_VERSION ${CURL_MAJOR_VERSION}.${CURL_MINOR_VERSION}.${CURL_PATCH_VERSION})
 message(STATUS "curl version=[${CURL_VERSION}]")
 # SET(PACKAGE_TARNAME "curl")
 # SET(PACKAGE_NAME "curl")
@@ -133,6 +124,19 @@ mark_as_advanced(CURL_DISABLE_HTTP)
 option(CURL_DISABLE_LDAPS "to disable LDAPS" OFF)
 mark_as_advanced(CURL_DISABLE_LDAPS)

+option(CURL_DISABLE_RTSP "to disable RTSP" OFF)
+mark_as_advanced(CURL_DISABLE_RTSP)
+option(CURL_DISABLE_PROXY "to disable proxy" OFF)
+mark_as_advanced(CURL_DISABLE_PROXY)
+option(CURL_DISABLE_POP3 "to disable POP3" OFF)
+mark_as_advanced(CURL_DISABLE_POP3)
+option(CURL_DISABLE_IMAP "to disable IMAP" OFF)
+mark_as_advanced(CURL_DISABLE_IMAP)
+option(CURL_DISABLE_SMTP "to disable SMTP" OFF)
+mark_as_advanced(CURL_DISABLE_SMTP)
+option(CURL_DISABLE_GOPHER "to disable Gopher" OFF)
+mark_as_advanced(CURL_DISABLE_GOPHER)
+
 if(HTTP_ONLY)
  set(CURL_DISABLE_FTP ON)
  set(CURL_DISABLE_LDAP ON)
@@ -141,6 +145,11 @@ if(HTTP_ONLY)
  set(CURL_DISABLE_DICT ON)
  set(CURL_DISABLE_FILE ON)
  set(CURL_DISABLE_TFTP ON)
+  set(CURL_DISABLE_RTSP ON)
+  set(CURL_DISABLE_POP3 ON)
+  set(CURL_DISABLE_IMAP ON)
+  set(CURL_DISABLE_SMTP ON)
+  set(CURL_DISABLE_GOPHER ON)
 endif()

 option(CURL_DISABLE_COOKIES "to disable cookies support" OFF)
@@ -152,9 +161,52 @@ option(CURL_DISABLE_VERBOSE_STRINGS "to disable verbose strings" OFF)
 mark_as_advanced(CURL_DISABLE_VERBOSE_STRINGS)
 option(DISABLED_THREADSAFE "Set to explicitly specify we don't want to use thread-safe functions" OFF)
 mark_as_advanced(DISABLED_THREADSAFE)
-option(ENABLE_IPV6 "Define if you want to enable IPv6 support" OFF)
+option(ENABLE_IPV6 "Define if you want to enable IPv6 support" ON)
 mark_as_advanced(ENABLE_IPV6)
+if(ENABLE_IPV6)
+  include(CheckStructHasMember)
+  check_struct_has_member("struct sockaddr_in6" sin6_addr "netinet/in.h"
+                          HAVE_SOCKADDR_IN6_SIN6_ADDR)
+  check_struct_has_member("struct sockaddr_in6" sin6_scope_id "netinet/in.h"
+                          HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID)
+  if(NOT HAVE_SOCKADDR_IN6_SIN6_ADDR)
+    message(WARNING "struct sockaddr_in6 not available, disabling IPv6 support")
+    # Force the feature off as this name is used as guard macro...
+    set(ENABLE_IPV6 OFF
+        CACHE BOOL "Define if you want to enable IPv6 support" FORCE)
+  endif()
+endif()

+option(ENABLE_MANUAL "to provide the built-in manual" ON)
+unset(USE_MANUAL CACHE) # TODO: cache NROFF/NROFF_MANOPT/USE_MANUAL vars?
+if(ENABLE_MANUAL)
+  find_program(NROFF NAMES gnroff nroff)
+  if(NROFF)
+    # Need a way to write to stdin, this will do
+    file(WRITE "${CMAKE_CURRENT_BINARY_DIR}/nroff-input.txt" "test")
+    # Tests for a valid nroff option to generate a manpage
+    foreach(_MANOPT "-man" "-mandoc")
+      execute_process(COMMAND "${NROFF}" ${_MANOPT}
+        OUTPUT_VARIABLE NROFF_MANOPT_OUTPUT
+        INPUT_FILE "${CMAKE_CURRENT_BINARY_DIR}/nroff-input.txt"
+        ERROR_QUIET)
+      # Save the option if it was valid
+      if(NROFF_MANOPT_OUTPUT)
+        message("Found *nroff option: -- ${_MANOPT}")
+        set(NROFF_MANOPT ${_MANOPT})
+        set(USE_MANUAL 1)
+        break()
+      endif()
+    endforeach()
+    # No need for the temporary file
+    file(REMOVE "${CMAKE_CURRENT_BINARY_DIR}/nroff-input.txt")
+    if(NOT USE_MANUAL)
+      message(WARNING "Found no *nroff option to get plaintext from man pages")
+    endif()
+  else()
+    message(WARNING "Found no *nroff program")
+  endif()
+endif()

 # We need ansi c-flags, especially on HP
 set(CMAKE_C_FLAGS "${CMAKE_ANSI_CFLAGS} ${CMAKE_C_FLAGS}")
@@ -177,22 +229,13 @@ include (CheckIncludeFiles)
 include (CheckLibraryExists)
 include (CheckSymbolExists)
 include (CheckTypeSize)
+include (CheckCSourceCompiles)

 # On windows preload settings
 if(WIN32)
  include(${CMAKE_CURRENT_SOURCE_DIR}/CMake/Platforms/WindowsCache.cmake)
 endif(WIN32)

-# This macro checks if the symbol exists in the library and if it
-# does, it prepends library to the list.
-macro(CHECK_LIBRARY_EXISTS_CONCAT LIBRARY SYMBOL VARIABLE)
-  check_library_exists("${LIBRARY};${CURL_LIBS}" ${SYMBOL} "${CMAKE_LIBRARY_PATH}"
-    ${VARIABLE})
-  if(${VARIABLE})
-    set(CURL_LIBS ${LIBRARY} ${CURL_LIBS})
-  endif(${VARIABLE})
-endmacro(CHECK_LIBRARY_EXISTS_CONCAT)
-
 # Check for all needed libraries
 check_library_exists_concat("dl"     dlopen       HAVE_LIBDL)
 check_library_exists_concat("socket" connect      HAVE_LIBSOCKET)
@@ -209,89 +252,261 @@ if(NOT NOT_NEED_LIBNSL)
  check_library_exists_concat("nsl"    gethostbyname  HAVE_LIBNSL)
 endif(NOT NOT_NEED_LIBNSL)

-check_library_exists_concat("ws2_32" getch        HAVE_LIBWS2_32)
-check_library_exists_concat("winmm"  getch        HAVE_LIBWINMM)
-check_library_exists("wldap32" cldap_open "" HAVE_WLDAP32)
-
 if(WIN32)
-  set(CURL_DEFAULT_DISABLE_LDAP OFF)
-  # some windows compilers do not have wldap32
-  if(NOT HAVE_WLDAP32)
-    set(CURL_DISABLE_LDAP ON CACHE BOOL "" FORCE)
-    message(STATUS "wldap32 not found CURL_DISABLE_LDAP set ON")
-    option(CURL_LDAP_WIN "Use Windows LDAP implementation" OFF)
-  else()
-    option(CURL_LDAP_WIN "Use Windows LDAP implementation" ON)
-  endif()
-  mark_as_advanced(CURL_LDAP_WIN)
+  check_library_exists_concat("ws2_32" getch        HAVE_LIBWS2_32)
+  check_library_exists_concat("winmm"  getch        HAVE_LIBWINMM)
 endif()

+option(CMAKE_USE_OPENSSL "Use OpenSSL code. Experimental" ON)
+mark_as_advanced(CMAKE_USE_OPENSSL)

-# IF(NOT CURL_SPECIAL_LIBZ)
-#  CHECK_LIBRARY_EXISTS_CONCAT("z"      inflateEnd   HAVE_LIBZ)
-# ENDIF(NOT CURL_SPECIAL_LIBZ)
+set(USE_SSLEAY OFF)
+set(USE_OPENSSL OFF)
+set(HAVE_LIBCRYPTO OFF)
+set(HAVE_LIBSSL OFF)
+
+if(CMAKE_USE_OPENSSL)
+  find_package(OpenSSL)
+  if(OPENSSL_FOUND)
+    list(APPEND CURL_LIBS ${OPENSSL_LIBRARIES})
+    set(USE_SSLEAY ON)
+    set(USE_OPENSSL ON)
+    set(HAVE_LIBCRYPTO ON)
+    set(HAVE_LIBSSL ON)
+    include_directories(${OPENSSL_INCLUDE_DIR})
+    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
+    check_include_file_concat("openssl/crypto.h" HAVE_OPENSSL_CRYPTO_H)
+    check_include_file_concat("openssl/engine.h" HAVE_OPENSSL_ENGINE_H)
+    check_include_file_concat("openssl/err.h"    HAVE_OPENSSL_ERR_H)
+    check_include_file_concat("openssl/pem.h"    HAVE_OPENSSL_PEM_H)
+    check_include_file_concat("openssl/pkcs12.h" HAVE_OPENSSL_PKCS12_H)
+    check_include_file_concat("openssl/rsa.h"    HAVE_OPENSSL_RSA_H)
+    check_include_file_concat("openssl/ssl.h"    HAVE_OPENSSL_SSL_H)
+    check_include_file_concat("openssl/x509.h"   HAVE_OPENSSL_X509_H)
+    check_include_file_concat("openssl/rand.h"   HAVE_OPENSSL_RAND_H)
+  endif()
+endif()
+
+if(NOT CURL_DISABLE_LDAP)
+
+  if(WIN32)
+    option(CURL_LDAP_WIN "Use Windows LDAP implementation" ON)
+    if(CURL_LDAP_WIN)
+      check_library_exists("wldap32" cldap_open "" HAVE_WLDAP32)
+      if(NOT HAVE_WLDAP32)
+        set(CURL_LDAP_WIN OFF)
+      endif()
+    endif()
+  endif()
+
+  option(CMAKE_USE_OPENLDAP "Use OpenLDAP code." OFF)
+  mark_as_advanced(CMAKE_USE_OPENLDAP)
+  set(CMAKE_LDAP_LIB "ldap" CACHE STRING "Name or full path to ldap library")
+  set(CMAKE_LBER_LIB "lber" CACHE STRING "Name or full path to lber library")
+
+  if(CMAKE_USE_OPENLDAP AND CURL_LDAP_WIN)
+    message(FATAL_ERROR "Cannot use CURL_LDAP_WIN and CMAKE_USE_OPENLDAP at the same time")
+  endif()
+  
+  # Now that we know, we're not using windows LDAP...
+  if(NOT CURL_LDAP_WIN)
+    # Check for LDAP
+    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_LIBRARIES})
+    check_library_exists_concat(${CMAKE_LDAP_LIB} ldap_init HAVE_LIBLDAP)
+    check_library_exists_concat(${CMAKE_LBER_LIB} ber_init HAVE_LIBLBER)
+  else()
+    check_include_file_concat("winldap.h" HAVE_WINLDAP_H)
+    check_include_file_concat("winber.h"  HAVE_WINBER_H)
+  endif()
+  
+  set(CMAKE_LDAP_INCLUDE_DIR "" CACHE STRING "Path to LDAP include directory")
+  if(CMAKE_LDAP_INCLUDE_DIR)
+    set(CMAKE_REQUIRED_INCLUDES ${CMAKE_LDAP_INCLUDE_DIR})
+  endif()
+  check_include_file_concat("ldap.h"           HAVE_LDAP_H)
+  check_include_file_concat("lber.h"           HAVE_LBER_H)
+
+  if(NOT HAVE_LDAP_H)
+    message(STATUS "LDAP_H not found CURL_DISABLE_LDAP set ON")
+    set(CURL_DISABLE_LDAP ON CACHE BOOL "" FORCE)
+  elseif(NOT HAVE_LIBLDAP)
+    message(STATUS "LDAP library '${CMAKE_LDAP_LIB}' not found CURL_DISABLE_LDAP set ON")
+    set(CURL_DISABLE_LDAP ON CACHE BOOL "" FORCE)
+  else()
+    if(CMAKE_USE_OPENLDAP)
+      set(USE_OPENLDAP ON)
+    endif()
+    if(CMAKE_LDAP_INCLUDE_DIR)
+      include_directories(${CMAKE_LDAP_INCLUDE_DIR})
+    endif()
+    set(NEED_LBER_H ON)
+    set(_HEADER_LIST)
+    if(HAVE_WINDOWS_H)
+      list(APPEND _HEADER_LIST "windows.h")
+    endif()
+    if(HAVE_SYS_TYPES_H)
+      list(APPEND _HEADER_LIST "sys/types.h")
+    endif()
+    list(APPEND _HEADER_LIST "ldap.h")
+
+    set(_SRC_STRING "")
+    foreach(_HEADER ${_HEADER_LIST})
+      set(_INCLUDE_STRING "${_INCLUDE_STRING}#include <${_HEADER}>\n")
+    endforeach()
+
+    set(_SRC_STRING
+      "
+      ${_INCLUDE_STRING}
+      int main(int argc, char ** argv)
+      {
+        BerValue *bvp = NULL;
+        BerElement *bep = ber_init(bvp);
+        ber_free(bep, 1);
+        return 0;
+      }"
+    )
+    set(CMAKE_REQUIRED_DEFINITIONS "-DLDAP_DEPRECATED=1" "-DWIN32_LEAN_AND_MEAN")
+    list(APPEND CMAKE_REQUIRED_LIBRARIES ${CMAKE_LDAP_LIB})
+    if(HAVE_LIBLBER)
+      list(APPEND CMAKE_REQUIRED_LIBRARIES ${CMAKE_LBER_LIB})
+    endif()
+    check_c_source_compiles("${_SRC_STRING}" NOT_NEED_LBER_H)
+
+    if(NOT_NEED_LBER_H)
+      set(NEED_LBER_H OFF)
+    else()
+      set(CURL_TEST_DEFINES "${CURL_TEST_DEFINES} -DNEED_LBER_H")
+    endif()
+  endif()
+
+endif()
+
+# No ldap, no ldaps.
+if(CURL_DISABLE_LDAP)
+  if(NOT CURL_DISABLE_LDAPS)
+    message(STATUS "LDAP needs to be enabled to support LDAPS")
+    set(CURL_DISABLE_LDAPS ON CACHE BOOL "" FORCE)
+  endif()
+endif()
+
+if(NOT CURL_DISABLE_LDAPS)
+  check_include_file_concat("ldap_ssl.h" HAVE_LDAP_SSL_H)
+  check_include_file_concat("ldapssl.h"  HAVE_LDAPSSL_H)
+endif()

 # Check for idn
 check_library_exists_concat("idn" idna_to_ascii_lz HAVE_LIBIDN)

-# Check for LDAP
-check_library_exists_concat("ldap" ldap_init HAVE_LIBLDAP)
-# if(NOT HAVE_LIBLDAP)
-# SET(CURL_DISABLE_LDAP ON)
-# endif(NOT HAVE_LIBLDAP)
-
 # Check for symbol dlopen (same as HAVE_LIBDL)
 check_library_exists("${CURL_LIBS}" dlopen "" HAVE_DLOPEN)

-# For other tests to use the same libraries
-set(CMAKE_REQUIRED_LIBRARIES ${CURL_LIBS})
-
 option(CURL_ZLIB "Set to ON to enable building cURL with zlib support." ON)
 set(HAVE_LIBZ OFF)
 set(HAVE_ZLIB_H OFF)
 set(HAVE_ZLIB OFF)
-if(CURL_ZLIB)  # AND CURL_CONFIG_HAS_BEEN_RUN_BEFORE
+if(CURL_ZLIB)
  find_package(ZLIB QUIET)
  if(ZLIB_FOUND)
    set(HAVE_ZLIB_H ON)
    set(HAVE_ZLIB ON)
    set(HAVE_LIBZ ON)
    list(APPEND CURL_LIBS ${ZLIB_LIBRARIES})
+    include_directories(${ZLIB_INCLUDE_DIRS})
  endif()
 endif()

-option(CMAKE_USE_OPENSSL "Use OpenSSL code. Experimental" ON)
-mark_as_advanced(CMAKE_USE_OPENSSL)
-if(CMAKE_USE_OPENSSL)
+#libSSH2
+option(CMAKE_USE_LIBSSH2 "Use libSSH2" ON)
+mark_as_advanced(CMAKE_USE_LIBSSH2)
+set(USE_LIBSSH2 OFF)
+set(HAVE_LIBSSH2 OFF)
+set(HAVE_LIBSSH2_H OFF)

-  set(USE_SSLEAY OFF)
-  set(USE_OPENSSL OFF)
-  set(HAVE_LIBCRYPTO OFF)
-  set(HAVE_LIBSSL OFF)
+if(CMAKE_USE_LIBSSH2)
+  find_package(LibSSH2)
+  if(LIBSSH2_FOUND)
+    list(APPEND CURL_LIBS ${LIBSSH2_LIBRARY})
+    set(CMAKE_REQUIRED_LIBRARIES ${LIBSSH2_LIBRARY})
+    set(CMAKE_REQUIRED_INCLUDES "${LIBSSH2_INCLUDE_DIR}")
+    include_directories("${LIBSSH2_INCLUDE_DIR}")
+    set(HAVE_LIBSSH2 ON)
+    set(USE_LIBSSH2 ON)

-  find_package(OpenSSL)
-  if(OPENSSL_FOUND)
-    list(APPEND CURL_LIBS ${OPENSSL_LIBRARIES})
-    list(APPEND CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
-    set(USE_SSLEAY ON)
-    set(USE_OPENSSL ON)
-    set(HAVE_LIBCRYPTO ON)
-    set(HAVE_LIBSSL ON)
-  endif(OPENSSL_FOUND)
-endif(CMAKE_USE_OPENSSL)
+    # find_package has already found the headers
+    set(HAVE_LIBSSH2_H ON)
+    set(CURL_INCLUDES ${CURL_INCLUDES} "${LIBSSH2_INCLUDE_DIR}/libssh2.h")
+    set(CURL_TEST_DEFINES "${CURL_TEST_DEFINES} -DHAVE_LIBSSH2_H")

-# If we have features.h, then do the _BSD_SOURCE magic
-check_include_file("features.h"       HAVE_FEATURES_H)
+    # now check for specific libssh2 symbols as they were added in different versions
+    set(CMAKE_EXTRA_INCLUDE_FILES "libssh2.h")
+    check_function_exists(libssh2_version           HAVE_LIBSSH2_VERSION)
+    check_function_exists(libssh2_init              HAVE_LIBSSH2_INIT)
+    check_function_exists(libssh2_exit              HAVE_LIBSSH2_EXIT)
+    check_function_exists(libssh2_scp_send64        HAVE_LIBSSH2_SCP_SEND64)
+    check_function_exists(libssh2_session_handshake HAVE_LIBSSH2_SESSION_HANDSHAKE)
+    set(CMAKE_EXTRA_INCLUDE_FILES "")

-# Check if header file exists and add it to the list.
-macro(CHECK_INCLUDE_FILE_CONCAT FILE VARIABLE)
-  check_include_files("${CURL_INCLUDES};${FILE}" ${VARIABLE})
-  if(${VARIABLE})
-    set(CURL_INCLUDES ${CURL_INCLUDES} ${FILE})
-    set(CURL_TEST_DEFINES "${CURL_TEST_DEFINES} -D${VARIABLE}")
-  endif(${VARIABLE})
-endmacro(CHECK_INCLUDE_FILE_CONCAT)
+  endif(LIBSSH2_FOUND)
+endif(CMAKE_USE_LIBSSH2)

+option(CMAKE_USE_GSSAPI "Use GSSAPI implementation (right now only Heimdal is supported with CMake build)" OFF)
+mark_as_advanced(CMAKE_USE_GSSAPI)
+
+if(CMAKE_USE_GSSAPI)
+  find_package(GSS)
+
+  set(HAVE_GSS_API ${GSS_FOUND})
+  if(GSS_FOUND)
+
+    message(STATUS "Found ${GSS_FLAVOUR} GSSAPI version: \"${GSS_VERSION}\"")
+
+    set(CMAKE_REQUIRED_INCLUDES ${GSS_INCLUDE_DIR})
+    check_include_file_concat("gssapi/gssapi.h"  HAVE_GSSAPI_GSSAPI_H)
+    check_include_file_concat("gssapi/gssapi_generic.h" HAVE_GSSAPI_GSSAPI_GENERIC_H)
+    check_include_file_concat("gssapi/gssapi_krb5.h" HAVE_GSSAPI_GSSAPI_KRB5_H)
+
+    if(GSS_FLAVOUR STREQUAL "Heimdal")
+      set(HAVE_GSSHEIMDAL ON)
+    else() # MIT
+      set(HAVE_GSSMIT ON)
+      set(_INCLUDE_LIST "")
+      if(HAVE_GSSAPI_GSSAPI_H)
+        list(APPEND _INCLUDE_LIST "gssapi/gssapi.h")
+      endif()
+      if(HAVE_GSSAPI_GSSAPI_GENERIC_H)
+        list(APPEND _INCLUDE_LIST "gssapi/gssapi_generic.h")
+      endif()
+      if(HAVE_GSSAPI_GSSAPI_KRB5_H)
+        list(APPEND _INCLUDE_LIST "gssapi/gssapi_krb5.h")
+      endif()
+
+      string(REPLACE ";" " " _COMPILER_FLAGS_STR "${GSS_COMPILER_FLAGS}")
+      string(REPLACE ";" " " _LINKER_FLAGS_STR "${GSS_LINKER_FLAGS}")
+
+      foreach(_dir ${GSS_LINK_DIRECTORIES})
+        set(_LINKER_FLAGS_STR "${_LINKER_FLAGS_STR} -L\"${_dir}\"")
+      endforeach()
+
+      set(CMAKE_REQUIRED_FLAGS "${_COMPILER_FLAGS_STR} ${_LINKER_FLAGS_STR}")
+      set(CMAKE_REQUIRED_LIBRARIES ${GSS_LIBRARIES})
+      check_symbol_exists("GSS_C_NT_HOSTBASED_SERVICE" ${_INCLUDE_LIST} HAVE_GSS_C_NT_HOSTBASED_SERVICE)
+      if(NOT HAVE_GSS_C_NT_HOSTBASED_SERVICE)
+        set(HAVE_OLD_GSSMIT ON)
+      endif()
+
+    endif()
+
+    include_directories(${GSS_INCLUDE_DIR})
+    link_directories(${GSS_LINK_DIRECTORIES})
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${GSS_COMPILER_FLAGS}")
+    set(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} ${GSS_LINKER_FLAGS}")
+    set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} ${GSS_LINKER_FLAGS}")
+    list(APPEND CURL_LIBS ${GSS_LIBRARIES})
+
+  else()
+    message(WARNING "GSSAPI support has been requested but no supporting libraries found. Skipping.")
+  endif()
+endif()

 # Check for header files
 if(NOT UNIX)
@@ -328,32 +543,18 @@ check_include_file_concat("des.h"            HAVE_DES_H)
 check_include_file_concat("err.h"            HAVE_ERR_H)
 check_include_file_concat("errno.h"          HAVE_ERRNO_H)
 check_include_file_concat("fcntl.h"          HAVE_FCNTL_H)
-check_include_file_concat("gssapi/gssapi.h"  HAVE_GSSAPI_GSSAPI_H)
-check_include_file_concat("gssapi/gssapi_generic.h" HAVE_GSSAPI_GSSAPI_GENERIC_H)
-check_include_file_concat("gssapi/gssapi_krb5.h" HAVE_GSSAPI_GSSAPI_KRB5_H)
 check_include_file_concat("idn-free.h"       HAVE_IDN_FREE_H)
 check_include_file_concat("ifaddrs.h"        HAVE_IFADDRS_H)
 check_include_file_concat("io.h"             HAVE_IO_H)
 check_include_file_concat("krb.h"            HAVE_KRB_H)
 check_include_file_concat("libgen.h"         HAVE_LIBGEN_H)
-check_include_file_concat("libssh2.h"        HAVE_LIBSSH2_H)
 check_include_file_concat("limits.h"         HAVE_LIMITS_H)
 check_include_file_concat("locale.h"         HAVE_LOCALE_H)
 check_include_file_concat("net/if.h"         HAVE_NET_IF_H)
 check_include_file_concat("netdb.h"          HAVE_NETDB_H)
 check_include_file_concat("netinet/in.h"     HAVE_NETINET_IN_H)
 check_include_file_concat("netinet/tcp.h"    HAVE_NETINET_TCP_H)
-if(CMAKE_USE_OPENSSL AND OPENSSL_FOUND)
-  check_include_file_concat("openssl/crypto.h" HAVE_OPENSSL_CRYPTO_H)
-  check_include_file_concat("openssl/engine.h" HAVE_OPENSSL_ENGINE_H)
-  check_include_file_concat("openssl/err.h"    HAVE_OPENSSL_ERR_H)
-  check_include_file_concat("openssl/pem.h"    HAVE_OPENSSL_PEM_H)
-  check_include_file_concat("openssl/pkcs12.h" HAVE_OPENSSL_PKCS12_H)
-  check_include_file_concat("openssl/rsa.h"    HAVE_OPENSSL_RSA_H)
-  check_include_file_concat("openssl/ssl.h"    HAVE_OPENSSL_SSL_H)
-  check_include_file_concat("openssl/x509.h"   HAVE_OPENSSL_X509_H)
-  check_include_file_concat("openssl/rand.h"   HAVE_OPENSSL_RAND_H)
-endif(CMAKE_USE_OPENSSL AND OPENSSL_FOUND)
+
 check_include_file_concat("pem.h"            HAVE_PEM_H)
 check_include_file_concat("poll.h"           HAVE_POLL_H)
 check_include_file_concat("pwd.h"            HAVE_PWD_H)
@@ -382,25 +583,13 @@ check_include_file_concat("stddef.h"         HAVE_STDDEF_H)
 check_include_file_concat("dlfcn.h"          HAVE_DLFCN_H)
 check_include_file_concat("malloc.h"         HAVE_MALLOC_H)
 check_include_file_concat("memory.h"         HAVE_MEMORY_H)
-check_include_file_concat("ldap.h"           HAVE_LDAP_H)
 check_include_file_concat("netinet/if_ether.h" HAVE_NETINET_IF_ETHER_H)
 check_include_file_concat("stdint.h"        HAVE_STDINT_H)
 check_include_file_concat("sockio.h"        HAVE_SOCKIO_H)
 check_include_file_concat("sys/utsname.h"   HAVE_SYS_UTSNAME_H)
 check_include_file_concat("idna.h"          HAVE_IDNA_H)

-if(NOT HAVE_LDAP_H)
-  message(STATUS "LDAP_H not found CURL_DISABLE_LDAP set ON")
-  set(CURL_DISABLE_LDAP ON CACHE BOOL "" FORCE)
-endif()

-# No ldap, no ldaps.
-if(CURL_DISABLE_LDAP)
-  if(NOT CURL_DISABLE_LDAPS)
-    message(STATUS "LDAP needs to be enabled to support LDAPS")
-    set(CURL_DISABLE_LDAPS ON CACHE BOOL "" FORCE)
-  endif()
-endif()

 check_type_size(size_t  SIZEOF_SIZE_T)
 check_type_size(ssize_t  SIZEOF_SSIZE_T)
@@ -473,6 +662,12 @@ find_file(RANDOM_FILE urandom /dev)
 mark_as_advanced(RANDOM_FILE)

 # Check for some functions that are used
+if(HAVE_LIBWS2_32)
+  set(CMAKE_REQUIRED_LIBRARIES ws2_32)
+elseif(HAVE_LIBSOCKET)
+  set(CMAKE_REQUIRED_LIBRARIES socket)
+endif()
+
 check_symbol_exists(basename      "${CURL_INCLUDES}" HAVE_BASENAME)
 check_symbol_exists(socket        "${CURL_INCLUDES}" HAVE_SOCKET)
 check_symbol_exists(poll          "${CURL_INCLUDES}" HAVE_POLL)
@@ -536,6 +731,7 @@ check_symbol_exists(strerror_r     "${CURL_INCLUDES}" HAVE_STRERROR_R)
 check_symbol_exists(siginterrupt   "${CURL_INCLUDES}" HAVE_SIGINTERRUPT)
 check_symbol_exists(perror         "${CURL_INCLUDES}" HAVE_PERROR)
 check_symbol_exists(fork           "${CURL_INCLUDES}" HAVE_FORK)
+check_symbol_exists(getaddrinfo    "${CURL_INCLUDES}" HAVE_GETADDRINFO)
 check_symbol_exists(freeaddrinfo   "${CURL_INCLUDES}" HAVE_FREEADDRINFO)
 check_symbol_exists(freeifaddrs    "${CURL_INCLUDES}" HAVE_FREEIFADDRS)
 check_symbol_exists(pipe           "${CURL_INCLUDES}" HAVE_PIPE)
@@ -574,75 +770,6 @@ if(NOT HAVE_STRICMP)
  set(HAVE_LDAP_URL_PARSE 1)
 endif(NOT HAVE_STRICMP)

-# For other curl specific tests, use this macro.
-macro(CURL_INTERNAL_TEST CURL_TEST)
-  if("${CURL_TEST}" MATCHES "^${CURL_TEST}$")
-    set(MACRO_CHECK_FUNCTION_DEFINITIONS
-      "-D${CURL_TEST} ${CURL_TEST_DEFINES} ${CMAKE_REQUIRED_FLAGS}")
-    if(CMAKE_REQUIRED_LIBRARIES)
-      set(CURL_TEST_ADD_LIBRARIES
-        "-DLINK_LIBRARIES:STRING=${CMAKE_REQUIRED_LIBRARIES}")
-    endif(CMAKE_REQUIRED_LIBRARIES)
-
-    message(STATUS "Performing Curl Test ${CURL_TEST}")
-    try_compile(${CURL_TEST}
-      ${CMAKE_BINARY_DIR}
-      ${CMAKE_CURRENT_SOURCE_DIR}/CMake/CurlTests.c
-      CMAKE_FLAGS -DCOMPILE_DEFINITIONS:STRING=${MACRO_CHECK_FUNCTION_DEFINITIONS}
-      "${CURL_TEST_ADD_LIBRARIES}"
-      OUTPUT_VARIABLE OUTPUT)
-    if(${CURL_TEST})
-      set(${CURL_TEST} 1 CACHE INTERNAL "Curl test ${FUNCTION}")
-      message(STATUS "Performing Curl Test ${CURL_TEST} - Success")
-      file(APPEND ${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeOutput.log
-        "Performing Curl Test ${CURL_TEST} passed with the following output:\n"
-        "${OUTPUT}\n")
-    else(${CURL_TEST})
-      message(STATUS "Performing Curl Test ${CURL_TEST} - Failed")
-      set(${CURL_TEST} "" CACHE INTERNAL "Curl test ${FUNCTION}")
-      file(APPEND ${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeError.log
-        "Performing Curl Test ${CURL_TEST} failed with the following output:\n"
-        "${OUTPUT}\n")
-    endif(${CURL_TEST})
-  endif("${CURL_TEST}" MATCHES "^${CURL_TEST}$")
-endmacro(CURL_INTERNAL_TEST)
-
-macro(CURL_INTERNAL_TEST_RUN CURL_TEST)
-  if("${CURL_TEST}_COMPILE" MATCHES "^${CURL_TEST}_COMPILE$")
-    set(MACRO_CHECK_FUNCTION_DEFINITIONS
-      "-D${CURL_TEST} ${CMAKE_REQUIRED_FLAGS}")
-    if(CMAKE_REQUIRED_LIBRARIES)
-      set(CURL_TEST_ADD_LIBRARIES
-        "-DLINK_LIBRARIES:STRING=${CMAKE_REQUIRED_LIBRARIES}")
-    endif(CMAKE_REQUIRED_LIBRARIES)
-
-    message(STATUS "Performing Curl Test ${CURL_TEST}")
-    try_run(${CURL_TEST} ${CURL_TEST}_COMPILE
-      ${CMAKE_BINARY_DIR}
-      ${CMAKE_CURRENT_SOURCE_DIR}/CMake/CurlTests.c
-      CMAKE_FLAGS -DCOMPILE_DEFINITIONS:STRING=${MACRO_CHECK_FUNCTION_DEFINITIONS}
-      "${CURL_TEST_ADD_LIBRARIES}"
-      OUTPUT_VARIABLE OUTPUT)
-    if(${CURL_TEST}_COMPILE AND NOT ${CURL_TEST})
-      set(${CURL_TEST} 1 CACHE INTERNAL "Curl test ${FUNCTION}")
-      message(STATUS "Performing Curl Test ${CURL_TEST} - Success")
-    else(${CURL_TEST}_COMPILE AND NOT ${CURL_TEST})
-      message(STATUS "Performing Curl Test ${CURL_TEST} - Failed")
-      set(${CURL_TEST} "" CACHE INTERNAL "Curl test ${FUNCTION}")
-      file(APPEND "${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeError.log"
-        "Performing Curl Test ${CURL_TEST} failed with the following output:\n"
-        "${OUTPUT}")
-      if(${CURL_TEST}_COMPILE)
-        file(APPEND
-          "${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeError.log"
-          "There was a problem running this test\n")
-      endif(${CURL_TEST}_COMPILE)
-      file(APPEND "${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeError.log"
-        "\n\n")
-    endif(${CURL_TEST}_COMPILE AND NOT ${CURL_TEST})
-  endif("${CURL_TEST}_COMPILE" MATCHES "^${CURL_TEST}_COMPILE$")
-endmacro(CURL_INTERNAL_TEST_RUN)
-
 # Do curl specific tests
 foreach(CURL_TEST
    HAVE_FCNTL_O_NONBLOCK
@@ -830,24 +957,6 @@ if(MSVC)
  add_definitions(-D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE)
 endif(MSVC)

-# Sets up the dependencies (zlib, OpenSSL, etc.) of a cURL subproject according to options.
-# TODO This is far to be complete!
-function(SETUP_CURL_DEPENDENCIES TARGET_NAME)
-  if(CURL_ZLIB AND ZLIB_FOUND)
-    include_directories(${ZLIB_INCLUDE_DIR})
-    #ADD_DEFINITIONS( -DHAVE_ZLIB_H -DHAVE_ZLIB -DHAVE_LIBZ )
-  endif()
-
-  if(CMAKE_USE_OPENSSL AND OPENSSL_FOUND)
-    include_directories(${OPENSSL_INCLUDE_DIR})
-  endif()
-  if(CMAKE_USE_OPENSSL AND CURL_CONFIG_HAS_BEEN_RUN_BEFORE)
-    #ADD_DEFINITIONS( -DUSE_SSLEAY )
-  endif()
-
-  target_link_libraries(${TARGET_NAME} ${CURL_LIBS})
-endfunction()
-
 # Ugly (but functional) way to include "Makefile.inc" by transforming it (= regenerate it).
 function(TRANSFORM_MAKEFILE_INC INPUT_FILE OUTPUT_FILE)
  file(READ ${INPUT_FILE} MAKEFILE_INC_TEXT)
@@ -872,6 +981,133 @@ if(BUILD_CURL_TESTS)
  add_subdirectory(tests)
 endif()

+# TODO support GNUTLS, NSS, POLARSSL, AXTLS, CYASSL, WINSSL, DARWINSSL
+if(USE_OPENSSL)
+  set(SSL_ENABLED 1)
+endif()
+
+# Helper to populate a list (_items) with a label when conditions (the remaining
+# args) are satisfied
+function(_add_if label)
+  # TODO need to disable policy CMP0054 (CMake 3.1) to allow this indirection
+  if(${ARGN})
+    set(_items ${_items} "${label}" PARENT_SCOPE)
+  endif()
+endfunction()
+
+# Clear list and try to detect available features
+set(_items)
+_add_if("SSL"           SSL_ENABLED)
+_add_if("IPv6"          ENABLE_IPV6)
+_add_if("unix-sockets"  USE_UNIX_SOCKETS)
+_add_if("libz"          HAVE_LIBZ)
+find_package(Threads)
+# AsynchDNS depends or USE_ARES or pthreads (mutually exclusive)
+_add_if("AsynchDNS"     USE_ARES OR CMAKE_USE_PTHREADS_INIT)
+_add_if("IDN"           HAVE_LIBIDN)
+# TODO SSP1 (WinSSL) check is missing
+_add_if("SSPI"          USE_WINDOWS_SSPI)
+_add_if("GSS-API"       HAVE_GSS_API)
+# TODO SSP1 missing for SPNEGO
+_add_if("SPNEGO"        NOT CURL_DISABLE_CRYPTO_AUTH AND
+                        (HAVE_GSS_API OR USE_WINDOWS_SSPI))
+# NTLM support requires crypto function adaptions from various SSL libs
+# TODO alternative SSL libs tests for SSP1, GNUTLS, NSS, DARWINSSL
+if(NOT CURL_DISABLE_HTTP AND NOT CURL_DISABLE_CRYPTO_AUTH AND (USE_OPENSSL OR
+   USE_WINDOWS_SSPI OR GNUTLS_ENABLED OR NSS_ENABLED OR DARWINSSL_ENABLED))
+  _add_if("NTLM"        1)
+  # TODO missing option (autoconf: --enable-ntlm-wb)
+  _add_if("NTLM_WB"     NTLM_WB_ENABLED)
+endif()
+# TODO missing option (--enable-tls-srp), depends on GNUTLS_SRP/OPENSSL_SRP
+_add_if("TLS-SRP"       USE_TLS_SRP)
+# TODO option --with-nghttp2 tests for nghttp2 lib and nghttp2/nghttp2.h header
+_add_if("HTTP2"         USE_NGHTTP2)
+string(REPLACE ";" " " SUPPORT_FEATURES "${_items}")
+message(STATUS "Enabled features: ${SUPPORT_FEATURES}")
+
+# Clear list and try to detect available protocols
+set(_items)
+_add_if("HTTP"          NOT CURL_DISABLE_HTTP)
+_add_if("HTTPS"         NOT CURL_DISABLE_HTTP AND SSL_ENABLED)
+_add_if("FTP"           NOT CURL_DISABLE_FTP)
+_add_if("FTPS"          NOT CURL_DISABLE_FTP AND SSL_ENABLED)
+_add_if("FILE"          NOT CURL_DISABLE_FILE)
+_add_if("TELNET"        NOT CURL_DISABLE_TELNET)
+_add_if("LDAP"          NOT CURL_DISABLE_LDAP)
+# CURL_DISABLE_LDAP implies CURL_DISABLE_LDAPS
+# TODO check HAVE_LDAP_SSL (in autoconf this is enabled with --enable-ldaps)
+_add_if("LDAPS"         NOT CURL_DISABLE_LDAPS AND
+                        ((USE_OPENLDAP AND SSL_ENABLED) OR
+                        (NOT USE_OPENLDAP AND HAVE_LDAP_SSL)))
+_add_if("DICT"          NOT CURL_DISABLE_DICT)
+_add_if("TFTP"          NOT CURL_DISABLE_TFTP)
+_add_if("GOPHER"        NOT CURL_DISABLE_GOPHER)
+_add_if("POP3"          NOT CURL_DISABLE_POP3)
+_add_if("POP3S"         NOT CURL_DISABLE_POP3 AND SSL_ENABLED)
+_add_if("IMAP"          NOT CURL_DISABLE_IMAP)
+_add_if("IMAPS"         NOT CURL_DISABLE_IMAP AND SSL_ENABLED)
+_add_if("SMTP"          NOT CURL_DISABLE_SMTP)
+_add_if("SMTPS"         NOT CURL_DISABLE_SMTP AND SSL_ENABLED)
+_add_if("SCP"           USE_LIBSSH2)
+_add_if("SFTP"          USE_LIBSSH2)
+_add_if("RTSP"          NOT CURL_DISABLE_RTSP)
+_add_if("RTMP"          USE_LIBRTMP)
+list(SORT _items)
+string(REPLACE ";" " " SUPPORT_PROTOCOLS "${_items}")
+message(STATUS "Enabled protocols: ${SUPPORT_PROTOCOLS}")
+
+# curl-config needs the following options to be set.
+set(CC                      "${CMAKE_C_COMPILER}")
+# TODO probably put a -D... options here?
+set(CONFIGURE_OPTIONS       "")
+# TODO when to set "-DCURL_STATICLIB" for CPPFLAG_CURL_STATICLIB?
+set(CPPFLAG_CURL_STATICLIB  "")
+# TODO need to set this (see CURL_CHECK_CA_BUNDLE in acinclude.m4)
+set(CURL_CA_BUNDLE          "")
+set(CURLVERSION             "${CURL_VERSION}")
+set(ENABLE_SHARED           "yes")
+if(CURL_STATICLIB)
+  # Broken: LIBCURL_LIBS below; .a lib is not built
+  message(WARNING "Static linking is broken!")
+  set(ENABLE_STATIC         "no")
+else()
+  set(ENABLE_STATIC         "no")
+endif()
+set(exec_prefix             "\${prefix}")
+set(includedir              "\${prefix}/include")
+set(LDFLAGS                 "${CMAKE_SHARED_LINKER_FLAGS}")
+set(LIBCURL_LIBS            "")
+set(libdir                  "${CMAKE_INSTALL_PREFIX}/lib")
+# TODO CURL_LIBS also contains absolute paths which don't work with static -l...
+foreach(_lib ${CMAKE_C_IMPLICIT_LINK_LIBRARIES} ${CURL_LIBS})
+  set(LIBCURL_LIBS          "${LIBCURL_LIBS} -l${_lib}")
+endforeach()
+# "a" (Linux) or "lib" (Windows)
+string(REPLACE "." "" libext "${CMAKE_STATIC_LIBRARY_SUFFIX}")
+set(prefix                  "${CMAKE_INSTALL_PREFIX}")
+# Set this to "yes" to append all libraries on which -lcurl is dependent
+set(REQUIRE_LIB_DEPS        "no")
+# SUPPORT_FEATURES
+# SUPPORT_PROTOCOLS
+set(VERSIONNUM              "${CURL_VERSION_NUM}")
+
+# Finally generate a "curl-config" matching this config
+configure_file("${CURL_SOURCE_DIR}/curl-config.in"
+               "${CURL_BINARY_DIR}/curl-config" @ONLY)
+install(FILES "${CMAKE_BINARY_DIR}/curl-config"
+        DESTINATION bin
+        PERMISSIONS
+          OWNER_READ OWNER_WRITE OWNER_EXECUTE
+          GROUP_READ GROUP_EXECUTE
+          WORLD_READ WORLD_EXECUTE)
+
+# Finally generate a pkg-config file matching this config
+configure_file("${CURL_SOURCE_DIR}/libcurl.pc.in"
+               "${CURL_BINARY_DIR}/libcurl.pc" @ONLY)
+install(FILES "${CMAKE_BINARY_DIR}/libcurl.pc"
+        DESTINATION lib/pkgconfig)
+
 # This needs to be run very last so other parts of the scripts can take advantage of this.
 if(NOT CURL_CONFIG_HAS_BEEN_RUN_BEFORE)
  set(CURL_CONFIG_HAS_BEEN_RUN_BEFORE 1 CACHE INTERNAL "Flag to track whether this is the first time running CMake or if CMake has been configured before")
--- a/Makefile.am
+++ b/Makefile.am
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -25,33 +25,93 @@ AUTOMAKE_OPTIONS = foreign
 ACLOCAL_AMFLAGS = -I m4

 CMAKE_DIST = CMakeLists.txt CMake/CMakeConfigurableFile.in	\
-CMake/CurlCheckCSourceCompiles.cmake CMake/CurlCheckCSourceRuns.cmake	\
-CMake/CurlTests.c CMake/FindOpenSSL.cmake CMake/FindZLIB.cmake		\
-CMake/OtherTests.cmake CMake/Platforms/WindowsCache.cmake		\
-CMake/Utilities.cmake include/curl/curlbuild.h.cmake
+ CMake/CurlTests.c CMake/FindGSS.cmake CMake/OtherTests.cmake	\
+ CMake/Platforms/WindowsCache.cmake CMake/Utilities.cmake	\
+ include/curl/curlbuild.h.cmake CMake/Macros.cmake

-VC6LIBDSP = vs/vc6/lib/vc6libcurl.dsp
-VC6LIBDSPHEAD = vs/t/lib/vc6_libcurl_dsp.head
-VC6LIBDSPFOOT = vs/t/lib/vc6_libcurl_dsp.foot
+VC6_LIBTMPL = projects/Windows/VC6/lib/libcurl.tmpl
+VC6_LIBDSP = projects/Windows/VC6/lib/libcurl.dsp
+VC6_LIBDSP_DEPS = $(VC6_LIBTMPL) Makefile.am lib/Makefile.inc
+VC6_SRCTMPL = projects/Windows/VC6/src/curlsrc.tmpl
+VC6_SRCDSP = projects/Windows/VC6/src/curlsrc.dsp
+VC6_SRCDSP_DEPS = $(VC6_SRCTMPL) Makefile.am src/Makefile.inc

-VC8LIBPRJ = vs/vc8/lib/vc8libcurl.vcproj
-VC8LIBPRJHEAD = vs/t/lib/vc8_libcurl_prj.head
-VC8LIBPRJFOOT = vs/t/lib/vc8_libcurl_prj.foot
+VC7_LIBTMPL = projects/Windows/VC7/lib/libcurl.tmpl
+VC7_LIBVCPROJ = projects/Windows/VC7/lib/libcurl.vcproj
+VC7_LIBVCPROJ_DEPS = $(VC7_LIBTMPL) Makefile.am lib/Makefile.inc
+VC7_SRCTMPL = projects/Windows/VC7/src/curlsrc.tmpl
+VC7_SRCVCPROJ = projects/Windows/VC7/src/curlsrc.vcproj
+VC7_SRCVCPROJ_DEPS = $(VC7_SRCTMPL) Makefile.am src/Makefile.inc

-VC_DIST = \
- vs/t/README \
- $(VC6LIBDSP) $(VC6LIBDSPHEAD) $(VC6LIBDSPFOOT) \
- $(VC8LIBPRJ) $(VC8LIBPRJHEAD) $(VC8LIBPRJFOOT) \
- vs/vc6/vc6curl.dsw \
- vs/vc6/lib/vc6libcurl.dsw \
- vs/vc6/src/vc6curltool.dsw \
- vs/vc6/src/vc6curltool.dsp
+VC71_LIBTMPL = projects/Windows/VC7.1/lib/libcurl.tmpl
+VC71_LIBVCPROJ = projects/Windows/VC7.1/lib/libcurl.vcproj
+VC71_LIBVCPROJ_DEPS = $(VC71_LIBTMPL) Makefile.am lib/Makefile.inc
+VC71_SRCTMPL = projects/Windows/VC7.1/src/curlsrc.tmpl
+VC71_SRCVCPROJ = projects/Windows/VC7.1/src/curlsrc.vcproj
+VC71_SRCVCPROJ_DEPS = $(VC71_SRCTMPL) Makefile.am src/Makefile.inc

-VC6LIBDSP_DEPS = $(VC6LIBDSPHEAD) $(VC6LIBDSPFOOT) \
- Makefile.am lib/Makefile.inc
+VC8_LIBTMPL = projects/Windows/VC8/lib/libcurl.tmpl
+VC8_LIBVCPROJ = projects/Windows/VC8/lib/libcurl.vcproj
+VC8_LIBVCPROJ_DEPS = $(VC8_LIBTMPL) Makefile.am lib/Makefile.inc
+VC8_SRCTMPL = projects/Windows/VC8/src/curlsrc.tmpl
+VC8_SRCVCPROJ = projects/Windows/VC8/src/curlsrc.vcproj
+VC8_SRCVCPROJ_DEPS = $(VC8_SRCTMPL) Makefile.am src/Makefile.inc

-VC8LIBPRJ_DEPS = $(VC8LIBPRJHEAD) $(VC8LIBPRJFOOT) \
- Makefile.am lib/Makefile.inc
+VC9_LIBTMPL = projects/Windows/VC9/lib/libcurl.tmpl
+VC9_LIBVCPROJ = projects/Windows/VC9/lib/libcurl.vcproj
+VC9_LIBVCPROJ_DEPS = $(VC9_LIBTMPL) Makefile.am lib/Makefile.inc
+VC9_SRCTMPL = projects/Windows/VC9/src/curlsrc.tmpl
+VC9_SRCVCPROJ = projects/Windows/VC9/src/curlsrc.vcproj
+VC9_SRCVCPROJ_DEPS = $(VC9_SRCTMPL) Makefile.am src/Makefile.inc
+
+VC10_LIBTMPL = projects/Windows/VC10/lib/libcurl.tmpl
+VC10_LIBVCXPROJ = projects/Windows/VC10/lib/libcurl.vcxproj
+VC10_LIBVCXPROJ_DEPS = $(VC10_LIBTMPL) Makefile.am lib/Makefile.inc
+VC10_SRCTMPL = projects/Windows/VC10/src/curlsrc.tmpl
+VC10_SRCVCXPROJ = projects/Windows/VC10/src/curlsrc.vcxproj
+VC10_SRCVCXPROJ_DEPS = $(VC10_SRCTMPL) Makefile.am src/Makefile.inc
+
+VC11_LIBTMPL = projects/Windows/VC11/lib/libcurl.tmpl
+VC11_LIBVCXPROJ = projects/Windows/VC11/lib/libcurl.vcxproj
+VC11_LIBVCXPROJ_DEPS = $(VC11_LIBTMPL) Makefile.am lib/Makefile.inc
+VC11_SRCTMPL = projects/Windows/VC11/src/curlsrc.tmpl
+VC11_SRCVCXPROJ = projects/Windows/VC11/src/curlsrc.vcxproj
+VC11_SRCVCXPROJ_DEPS = $(VC11_SRCTMPL) Makefile.am src/Makefile.inc
+
+VC12_LIBTMPL = projects/Windows/VC12/lib/libcurl.tmpl
+VC12_LIBVCXPROJ = projects/Windows/VC12/lib/libcurl.vcxproj
+VC12_LIBVCXPROJ_DEPS = $(VC12_LIBTMPL) Makefile.am lib/Makefile.inc
+VC12_SRCTMPL = projects/Windows/VC12/src/curlsrc.tmpl
+VC12_SRCVCXPROJ = projects/Windows/VC12/src/curlsrc.vcxproj
+VC12_SRCVCXPROJ_DEPS = $(VC12_SRCTMPL) Makefile.am src/Makefile.inc
+
+VC_DIST = projects/README	\
+ projects/build-openssl.bat	\
+ projects/checksrc.bat	\
+ projects/Windows/VC6/curl.dsw	\
+ projects/Windows/VC6/lib/libcurl.dsw $(VC6_LIBDSP)	\
+ projects/Windows/VC6/src/curlsrc.dsw $(VC6_SRCDSP)	\
+ projects/Windows/VC7/curl.sln	\
+ projects/Windows/VC7/lib/libcurl.sln $(VC7_LIBVCPROJ)	\
+ projects/Windows/VC7/src/curlsrc.sln $(VC7_SRCVCPROJ)	\
+ projects/Windows/VC7.1/curl.sln	\
+ projects/Windows/VC7.1/lib/libcurl.sln $(VC71_LIBVCPROJ)	\
+ projects/Windows/VC7.1/src/curlsrc.sln $(VC71_SRCVCPROJ)	\
+ projects/Windows/VC8/curl.sln	\
+ projects/Windows/VC8/lib/libcurl.sln $(VC8_LIBVCPROJ)	\
+ projects/Windows/VC8/src/curlsrc.sln $(VC8_SRCVCPROJ)	\
+ projects/Windows/VC9/curl.sln	\
+ projects/Windows/VC9/lib/libcurl.sln $(VC9_LIBVCPROJ)	\
+ projects/Windows/VC9/src/curlsrc.sln $(VC9_SRCVCPROJ)	\
+ projects/Windows/VC10/curl.sln	\
+ projects/Windows/VC10/lib/libcurl.sln $(VC10_LIBVCXPROJ)	\
+ projects/Windows/VC10/src/curlsrc.sln $(VC10_SRCVCXPROJ)	\
+ projects/Windows/VC11/curl.sln	\
+ projects/Windows/VC11/lib/libcurl.sln $(VC11_LIBVCXPROJ)	\
+ projects/Windows/VC11/src/curlsrc.sln $(VC11_SRCVCXPROJ)	\
+ projects/Windows/VC12/curl.sln	\
+ projects/Windows/VC12/lib/libcurl.sln $(VC12_LIBVCXPROJ)	\
+ projects/Windows/VC12/src/curlsrc.sln $(VC12_SRCVCXPROJ)

 WINBUILD_DIST = winbuild/BUILD.WINDOWS.txt winbuild/gen_resp_file.bat	\
 winbuild/MakefileBuild.vc winbuild/Makefile.vc				\
@@ -61,7 +121,10 @@ EXTRA_DIST = CHANGES COPYING maketgz Makefile.dist curl-config.in	\
 RELEASE-NOTES buildconf libcurl.pc.in MacOSX-Framework	\
 $(CMAKE_DIST) $(VC_DIST) $(WINBUILD_DIST) lib/libcurl.vers.in

-CLEANFILES = $(VC6LIBDSP) $(VC8LIBPRJ)
+CLEANFILES = $(VC6_LIBDSP) $(VC6_SRCDSP) $(VC7_LIBVCPROJ) $(VC7_SRCVCPROJ)	\
+ $(VC71_LIBVCPROJ) $(VC71_SRCVCPROJ) $(VC8_LIBVCPROJ) $(VC8_SRCVCPROJ)	\
+ $(VC9_LIBVCPROJ) $(VC9_SRCVCPROJ) $(VC10_LIBVCXPROJ) $(VC10_SRCVCXPROJ)	\
+ $(VC11_LIBVCXPROJ) $(VC11_SRCVCXPROJ) $(VC12_LIBVCXPROJ) $(VC12_SRCVCXPROJ)

 bin_SCRIPTS = curl-config

@@ -71,11 +134,9 @@ DIST_SUBDIRS = $(SUBDIRS) tests packages docs
 pkgconfigdir = $(libdir)/pkgconfig
 pkgconfig_DATA = libcurl.pc

-# List of libcurl source files required to generate VC IDE dsp and prj files
+# List of files required to generate VC IDE .dsp, .vcproj and .vcxproj files
 include lib/Makefile.inc
-
-WIN32SOURCES = $(CSOURCES)
-WIN32HEADERS = $(HHEADERS) config-win32.h
+include src/Makefile.inc

 dist-hook:
 	rm -rf $(top_builddir)/tests/log
@@ -187,96 +248,283 @@ uninstall-hook:
 	cd docs && $(MAKE) uninstall

 ca-bundle: lib/mk-ca-bundle.pl
-	@echo "generate a fresh ca-bundle.crt"
+	@echo "generating a fresh ca-bundle.crt"
 	@perl $< -b -l -u lib/ca-bundle.crt

 ca-firefox: lib/firefox-db2pem.sh
-	@echo "generate a fresh ca-bundle.crt"
+	@echo "generating a fresh ca-bundle.crt"
 	./lib/firefox-db2pem.sh lib/ca-bundle.crt

 checksrc:
 	cd lib && $(MAKE) checksrc
 	cd src && $(MAKE) checksrc

-.PHONY: vc6-ide
+.PHONY: vc-ide

-vc6-ide:
-	$(MAKE) $(VC6LIBDSP)
-
-$(VC6LIBDSP): $(VC6LIBDSP_DEPS)
-	@(echo "generating '$(VC6LIBDSP)'"; \
+vc-ide: $(VC6_LIBDSP_DEPS) $(VC6_SRCDSP_DEPS) $(VC7_LIBVCPROJ_DEPS)	\
+ $(VC7_SRCVCPROJ_DEPS) $(VC71_LIBVCPROJ_DEPS) $(VC71_SRCVCPROJ_DEPS)	\
+ $(VC8_LIBVCPROJ_DEPS) $(VC8_SRCVCPROJ_DEPS) $(VC9_LIBVCPROJ_DEPS)	\
+ $(VC9_SRCVCPROJ_DEPS) $(VC10_LIBVCXPROJ_DEPS) $(VC10_SRCVCXPROJ_DEPS)	\
+ $(VC11_LIBVCXPROJ_DEPS) $(VC11_SRCVCXPROJ_DEPS) $(VC12_LIBVCXPROJ_DEPS)	\
+ $(VC12_SRCVCXPROJ_DEPS)
+	@(win32_lib_srcs='$(LIB_CFILES)'; \
+	win32_lib_hdrs='$(LIB_HFILES) config-win32.h'; \
+	win32_lib_rc='$(LIB_RCFILES)'; \
+	win32_lib_vtls_srcs='$(LIB_VTLS_CFILES)'; \
+	win32_lib_vtls_hdrs='$(LIB_VTLS_HFILES)'; \
+	win32_src_srcs='$(CURL_CFILES)'; \
+	win32_src_hdrs='$(CURL_HFILES)'; \
+	win32_src_rc='$(CURL_RCFILES)'; \
+	win32_src_x_srcs='$(CURLX_CFILES)'; \
+	win32_src_x_hdrs='$(CURLX_HFILES) ../lib/config-win32.h'; \
 	\
-	for dir in 'vs' 'vs/vc6' 'vs/vc6/lib'; do \
-	  test -d "$$dir" || mkdir "$$dir" || exit 1; \
-	done; \
+	sorted_lib_srcs=`for file in $$win32_lib_srcs; do echo $$file; done | sort`; \
+	sorted_lib_hdrs=`for file in $$win32_lib_hdrs; do echo $$file; done | sort`; \
+	sorted_lib_vtls_srcs=`for file in $$win32_lib_vtls_srcs; do echo $$file; done | sort`; \
+	sorted_lib_vtls_hdrs=`for file in $$win32_lib_vtls_hdrs; do echo $$file; done | sort`; \
+	sorted_src_srcs=`for file in $$win32_src_srcs; do echo $$file; done | sort`; \
+	sorted_src_hdrs=`for file in $$win32_src_hdrs; do echo $$file; done | sort`; \
+	sorted_src_x_srcs=`for file in $$win32_src_x_srcs; do echo $$file; done | sort`; \
+	sorted_src_x_hdrs=`for file in $$win32_src_x_hdrs; do echo $$file; done | sort`; \
 	\
-	dir='..\..\..\lib\'; \
-	body='$(VC6LIBDSP)'.body; \
-	win32_srcs='$(WIN32SOURCES)'; \
-	win32_hdrs='$(WIN32HEADERS)'; \
-	sorted_srcs=`for file in $$win32_srcs; do echo $$file; done | sort`; \
-	sorted_hdrs=`for file in $$win32_hdrs; do echo $$file; done | sort`; \
+	awk_code='\
+function gen_element(type, dir, file)\
+{\
+  sub(/vtls\//, "", file);\
+\
+  spaces="    ";\
+  if(dir == "lib\\vtls")\
+    tabs="				";\
+  else\
+    tabs="			";\
+\
+  if(type == "dsp") {\
+    printf("# Begin Source File\r\n");\
+    printf("\r\n");\
+    printf("SOURCE=..\\..\\..\\..\\%s\\%s\r\n", dir, file);\
+    printf("# End Source File\r\n");\
+  }\
+  else if(type == "vcproj1") {\
+    printf("%s<File\r\n", tabs);\
+    printf("%s	RelativePath=\"..\\..\\..\\..\\%s\\%s\">\r\n",\
+           tabs, dir, file);\
+    printf("%s</File>\r\n", tabs);\
+  }\
+  else if(type == "vcproj2") {\
+    printf("%s<File\r\n", tabs);\
+    printf("%s	RelativePath=\"..\\..\\..\\..\\%s\\%s\"\r\n",\
+           tabs, dir, file);\
+    printf("%s>\r\n", tabs);\
+    printf("%s</File>\r\n", tabs);\
+  }\
+  else if(type == "vcxproj") {\
+    i = index(file, ".");\
+    ext = substr(file, i == 0 ? 0 : i + 1);\
+\
+    if(ext == "c")\
+      printf("%s<ClCompile Include=\"..\\..\\..\\..\\%s\\%s\" />\r\n",\
+             spaces, dir, file);\
+    else if(ext == "h")\
+      printf("%s<ClInclude Include=\"..\\..\\..\\..\\%s\\%s\" />\r\n",\
+             spaces, dir, file);\
+    else if(ext == "rc")\
+      printf("%s<ResourceCompile Include=\"..\\..\\..\\..\\%s\\%s\" />\r\n",\
+      spaces, dir, file);\
+  }\
+}\
+\
+{\
+\
+  if($$0 == "CURL_LIB_C_FILES") {\
+    split(lib_srcs, arr);\
+    for(val in arr) gen_element(proj_type, "lib", arr[val]);\
+  }\
+  else if($$0 == "CURL_LIB_H_FILES") {\
+    split(lib_hdrs, arr);\
+    for(val in arr) gen_element(proj_type, "lib", arr[val]);\
+  }\
+  else if($$0 == "CURL_LIB_RC_FILES") {\
+    split(lib_rc, arr);\
+    for(val in arr) gen_element(proj_type, "lib", arr[val]);\
+  }\
+  else if($$0 == "CURL_LIB_VTLS_C_FILES") {\
+    split(lib_vtls_srcs, arr);\
+    for(val in arr) gen_element(proj_type, "lib\\vtls", arr[val]);\
+  }\
+  else if($$0 == "CURL_LIB_VTLS_H_FILES") {\
+    split(lib_vtls_hdrs, arr);\
+    for(val in arr) gen_element(proj_type, "lib\\vtls", arr[val]);\
+  }\
+  else if($$0 == "CURL_SRC_C_FILES") {\
+    split(src_srcs, arr);\
+    for(val in arr) gen_element(proj_type, "src", arr[val]);\
+  }\
+  else if($$0 == "CURL_SRC_H_FILES") {\
+    split(src_hdrs, arr);\
+    for(val in arr) gen_element(proj_type, "src", arr[val]);\
+  }\
+  else if($$0 == "CURL_SRC_RC_FILES") {\
+    split(src_rc, arr);\
+    for(val in arr) gen_element(proj_type, "src", arr[val]);\
+  }\
+  else if($$0 == "CURL_SRC_X_C_FILES") {\
+    split(src_x_srcs, arr);\
+    for(val in arr) {\
+      sub(/..\/lib\//, "", arr[val]);\
+      gen_element(proj_type, "lib", arr[val]);\
+    }\
+  }\
+  else if($$0 == "CURL_SRC_X_H_FILES") {\
+    split(src_x_hdrs, arr);\
+    for(val in arr) {\
+      sub(/..\/lib\//, "", arr[val]);\
+      gen_element(proj_type, "lib", arr[val]);\
+    }\
+  }\
+  else\
+    printf("%s\r\n", $$0);\
+}';\
 	\
-	echo "# Begin Group \"Source Files\""  > $$body; \
-	echo ""                               >> $$body; \
-	echo "# PROP Default_Filter \"\""     >> $$body; \
-	for file in $$sorted_srcs; do \
-	  echo "# Begin Source File"          >> $$body; \
-	  echo ""                             >> $$body; \
-	  echo "SOURCE="$$dir$$file           >> $$body; \
-	  echo "# End Source File"            >> $$body; \
-	done; \
-	echo "# End Group"                    >> $$body; \
-	echo "# Begin Group \"Header Files\"" >> $$body; \
-	echo ""                               >> $$body; \
-	echo "# PROP Default_Filter \"\""     >> $$body; \
-	for file in $$sorted_hdrs; do \
-	  echo "# Begin Source File"          >> $$body; \
-	  echo ""                             >> $$body; \
-	  echo "SOURCE="$$dir$$file           >> $$body; \
-	  echo "# End Source File"            >> $$body; \
-	done; \
-	echo "# End Group"                    >> $$body; \
+	echo "generating '$(VC6_LIBDSP)'"; \
+	awk -v proj_type=dsp \
+		-v lib_srcs="$$sorted_lib_srcs" \
+		-v lib_hdrs="$$sorted_lib_hdrs" \
+		-v lib_rc="$$win32_lib_rc" \
+		-v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \
+		-v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \
+		"$$awk_code" $(srcdir)/$(VC6_LIBTMPL) > $(VC6_LIBDSP) || { exit 1; }; \
 	\
-	awk '{ printf("%s\r\n", $$0); }' \
-	  $(srcdir)/$(VC6LIBDSPHEAD) $$body $(srcdir)/$(VC6LIBDSPFOOT) \
-	  > $(VC6LIBDSP) || { rm -f $$body; exit 1; }; \
+	echo "generating '$(VC6_SRCDSP)'"; \
+	awk -v proj_type=dsp \
+		-v src_srcs="$$sorted_src_srcs" \
+		-v src_hdrs="$$sorted_src_hdrs" \
+		-v src_rc="$$win32_src_rc" \
+		-v src_x_srcs="$$sorted_src_x_srcs" \
+		-v src_x_hdrs="$$sorted_src_x_hdrs" \
+		"$$awk_code" $(srcdir)/$(VC6_SRCTMPL) > $(VC6_SRCDSP) || { exit 1; }; \
 	\
-	rm -f $$body)
-
-.PHONY: vc8-ide
-
-vc8-ide:
-	$(MAKE) $(VC8LIBPRJ)
-
-$(VC8LIBPRJ): $(VC8LIBPRJ_DEPS)
-	@(echo "generating '$(VC8LIBPRJ)'"; \
+	echo "generating '$(VC7_LIBVCPROJ)'"; \
+	awk -v proj_type=vcproj1 \
+		-v lib_srcs="$$sorted_lib_srcs" \
+		-v lib_hdrs="$$sorted_lib_hdrs" \
+		-v lib_rc="$$win32_lib_rc" \
+		-v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \
+		-v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \
+		"$$awk_code" $(srcdir)/$(VC7_LIBTMPL) > $(VC7_LIBVCPROJ) || { exit 1; }; \
 	\
-	for dir in 'vs' 'vs/vc8' 'vs/vc8/lib'; do \
-	  test -d "$$dir" || mkdir "$$dir" || exit 1; \
-	done; \
+	echo "generating '$(VC7_SRCVCPROJ)'"; \
+	awk -v proj_type=vcproj1 \
+		-v src_srcs="$$sorted_src_srcs" \
+		-v src_hdrs="$$sorted_src_hdrs" \
+		-v src_rc="$$win32_src_rc" \
+		-v src_x_srcs="$$sorted_src_x_srcs" \
+		-v src_x_hdrs="$$sorted_src_x_hdrs" \
+		"$$awk_code" $(srcdir)/$(VC7_SRCTMPL) > $(VC7_SRCVCPROJ) || { exit 1; }; \
 	\
-	dir='..\..\..\lib\'; \
-	body='$(VC8LIBPRJ)'.body; \
-	win32_srcs='$(WIN32SOURCES)'; \
-	win32_hdrs='$(WIN32HEADERS)'; \
-	sorted_srcs=`for file in $$win32_srcs; do echo $$file; done | sort`; \
-	sorted_hdrs=`for file in $$win32_hdrs; do echo $$file; done | sort`; \
+	echo "generating '$(VC71_LIBVCPROJ)'"; \
+	awk -v proj_type=vcproj1 \
+		-v lib_srcs="$$sorted_lib_srcs" \
+		-v lib_hdrs="$$sorted_lib_hdrs" \
+		-v lib_rc="$$win32_lib_rc" \
+		-v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \
+		-v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \
+		"$$awk_code" $(srcdir)/$(VC71_LIBTMPL) > $(VC71_LIBVCPROJ) || { exit 1; }; \
 	\
-	echo "%tab%%tab%<Filter Name=\"Source Files\">"  > $$body; \
-	for file in $$sorted_srcs; do \
-	  echo "%tab%%tab%%tab%<File RelativePath=\""$$dir$$file"\"></File>" >> $$body; \
-	done; \
-	echo "%tab%%tab%</Filter>"                      >> $$body; \
-	echo "%tab%%tab%<Filter Name=\"Header Files\">" >> $$body; \
-	for file in $$sorted_hdrs; do \
-	  echo "%tab%%tab%%tab%<File RelativePath=\""$$dir$$file"\"></File>" >> $$body; \
-	done; \
-	echo "%tab%%tab%</Filter>"                      >> $$body; \
+	echo "generating '$(VC71_SRCVCPROJ)'"; \
+	awk -v proj_type=vcproj1 \
+		-v src_srcs="$$sorted_src_srcs" \
+		-v src_hdrs="$$sorted_src_hdrs" \
+		-v src_rc="$$win32_src_rc" \
+		-v src_x_srcs="$$sorted_src_x_srcs" \
+		-v src_x_hdrs="$$sorted_src_x_hdrs" \
+		"$$awk_code" $(srcdir)/$(VC71_SRCTMPL) > $(VC71_SRCVCPROJ) || { exit 1; }; \
 	\
-	awk '{ gsub(/%tab%/, "\t"); printf("%s\r\n", $$0); }' \
-	  $(srcdir)/$(VC8LIBPRJHEAD) $$body $(srcdir)/$(VC8LIBPRJFOOT) \
-	  > $(VC8LIBPRJ) || { rm -f $$body; exit 1; }; \
+	echo "generating '$(VC8_LIBVCPROJ)'"; \
+	awk -v proj_type=vcproj2 \
+		-v lib_srcs="$$sorted_lib_srcs" \
+		-v lib_hdrs="$$sorted_lib_hdrs" \
+		-v lib_rc="$$win32_lib_rc" \
+		-v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \
+		-v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \
+		"$$awk_code" $(srcdir)/$(VC8_LIBTMPL) > $(VC8_LIBVCPROJ) || { exit 1; }; \
 	\
-	rm -f $$body)
-
+	echo "generating '$(VC8_SRCVCPROJ)'"; \
+	awk -v proj_type=vcproj2 \
+		-v src_srcs="$$sorted_src_srcs" \
+		-v src_hdrs="$$sorted_src_hdrs" \
+		-v src_rc="$$win32_src_rc" \
+		-v src_x_srcs="$$sorted_src_x_srcs" \
+		-v src_x_hdrs="$$sorted_src_x_hdrs" \
+		"$$awk_code" $(srcdir)/$(VC8_SRCTMPL) > $(VC8_SRCVCPROJ) || { exit 1; }; \
+	\
+	echo "generating '$(VC9_LIBVCPROJ)'"; \
+	awk -v proj_type=vcproj2 \
+		-v lib_srcs="$$sorted_lib_srcs" \
+		-v lib_hdrs="$$sorted_lib_hdrs" \
+		-v lib_rc="$$win32_lib_rc" \
+		-v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \
+		-v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \
+		"$$awk_code" $(srcdir)/$(VC9_LIBTMPL) > $(VC9_LIBVCPROJ) || { exit 1; }; \
+	\
+	echo "generating '$(VC9_SRCVCPROJ)'"; \
+	awk -v proj_type=vcproj2 \
+		-v src_srcs="$$sorted_src_srcs" \
+		-v src_hdrs="$$sorted_src_hdrs" \
+		-v src_rc="$$win32_src_rc" \
+		-v src_x_srcs="$$sorted_src_x_srcs" \
+		-v src_x_hdrs="$$sorted_src_x_hdrs" \
+		"$$awk_code" $(srcdir)/$(VC9_SRCTMPL) > $(VC9_SRCVCPROJ) || { exit 1; }; \
+	\
+	echo "generating '$(VC10_LIBVCXPROJ)'"; \
+	awk -v proj_type=vcxproj \
+		-v lib_srcs="$$sorted_lib_srcs" \
+		-v lib_hdrs="$$sorted_lib_hdrs" \
+		-v lib_rc="$$win32_lib_rc" \
+		-v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \
+		-v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \
+		"$$awk_code" $(srcdir)/$(VC10_LIBTMPL) > $(VC10_LIBVCXPROJ) || { exit 1; }; \
+	\
+	echo "generating '$(VC10_SRCVCXPROJ)'"; \
+	awk -v proj_type=vcxproj \
+		-v src_srcs="$$sorted_src_srcs" \
+		-v src_hdrs="$$sorted_src_hdrs" \
+		-v src_rc="$$win32_src_rc" \
+		-v src_x_srcs="$$sorted_src_x_srcs" \
+		-v src_x_hdrs="$$sorted_src_x_hdrs" \
+		"$$awk_code" $(srcdir)/$(VC10_SRCTMPL) > $(VC10_SRCVCXPROJ) || { exit 1; }; \
+	\
+	echo "generating '$(VC11_LIBVCXPROJ)'"; \
+	awk -v proj_type=vcxproj \
+		-v lib_srcs="$$sorted_lib_srcs" \
+		-v lib_hdrs="$$sorted_lib_hdrs" \
+		-v lib_rc="$$win32_lib_rc" \
+		-v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \
+		-v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \
+		"$$awk_code" $(srcdir)/$(VC11_LIBTMPL) > $(VC11_LIBVCXPROJ) || { exit 1; }; \
+	\
+	echo "generating '$(VC11_SRCVCXPROJ)'"; \
+	awk -v proj_type=vcxproj \
+		-v src_srcs="$$sorted_src_srcs" \
+		-v src_hdrs="$$sorted_src_hdrs" \
+		-v src_rc="$$win32_src_rc" \
+		-v src_x_srcs="$$sorted_src_x_srcs" \
+		-v src_x_hdrs="$$sorted_src_x_hdrs" \
+		"$$awk_code" $(srcdir)/$(VC11_SRCTMPL) > $(VC11_SRCVCXPROJ) || { exit 1; }; \
+	\
+	echo "generating '$(VC12_LIBVCXPROJ)'"; \
+	awk -v proj_type=vcxproj \
+		-v lib_srcs="$$sorted_lib_srcs" \
+		-v lib_hdrs="$$sorted_lib_hdrs" \
+		-v lib_rc="$$win32_lib_rc" \
+		-v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \
+		-v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \
+		"$$awk_code" $(srcdir)/$(VC12_LIBTMPL) > $(VC12_LIBVCXPROJ) || { exit 1; }; \
+	\
+	echo "generating '$(VC12_SRCVCXPROJ)'"; \
+	awk -v proj_type=vcxproj \
+		-v src_srcs="$$sorted_src_srcs" \
+		-v src_hdrs="$$sorted_src_hdrs" \
+		-v src_rc="$$win32_src_rc" \
+		-v src_x_srcs="$$sorted_src_x_srcs" \
+		-v src_x_hdrs="$$sorted_src_x_hdrs" \
+		"$$awk_code" $(srcdir)/$(VC12_SRCTMPL) > $(VC12_SRCVCXPROJ) || { exit 1; };)
--- a/Makefile.dist
+++ b/Makefile.dist
@@ -172,6 +172,12 @@ vc-ssl-zlib: $(VC)
 	cd ..\src
 	nmake /f Makefile.$(VC) cfg=release-ssl-zlib

+vc-ssl-ssh2-zlib: $(VC)
+	cd lib
+	nmake /f Makefile.$(VC) cfg=release-ssl-ssh2-zlib
+	cd ..\src
+	nmake /f Makefile.$(VC) cfg=release-ssl-ssh2-zlib
+
 vc-winssl-zlib: $(VC)
 	cd lib
 	nmake /f Makefile.$(VC) cfg=release-winssl-zlib
@@ -184,6 +190,12 @@ vc-x64-ssl-zlib: $(VC)
 	cd ..\src
 	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-ssl-zlib

+vc-x64-ssl-ssh2-zlib: $(VC)
+	cd lib
+	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-ssl-ssh2-zlib
+	cd ..\src
+	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-ssl-ssh2-zlib
+
 vc-x64-winssl-zlib: $(VC)
 	cd lib
 	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-winssl-zlib
--- a/184
+++ b/184
@@ -1,68 +1,88 @@
-Curl and libcurl 7.35.0
+Curl and libcurl 7.39.0

- Public curl releases:         137
- Command line options:         161
- curl_easy_setopt() options:   206
+ Public curl releases:         142
+ Command line options:         162
+ curl_easy_setopt() options:   208
 Public functions in libcurl:  58
- Known libcurl bindings:       42
- Contributors:                 1104
+ Contributors:                 1216

 This release includes the following changes:

- o imap/pop3/smtp: Added support for SASL authentication downgrades
- o imap/pop3/smtp: Extended the login options to support multiple auth mechanisms
- o TheArtOfHttpScripting: major update, converted layout and more
- o mprintf: Added support for I, I32 and I64 size specifiers
- o makefile: Added support for VC7, VC11 and VC12
+ o SSLv3 is disabled by default
+ o CURLOPT_COOKIELIST: Added "RELOAD" command [5]
+ o build: Added WinIDN build configuration options to Visual Studio projects
+ o ssh: improve key file search
+ o SSL: public key pinning. Use CURLOPT_PINNEDPUBLICKEY and --pinnedpubkey
+ o vtls: remove QsoSSL support, use gskit!
+ o mk-ca-bundle: added SHA-384 signature algorithm
+ o docs: added many examples for libcurl opts and other doc improvements
+ o build: Added VC ssh2 target to main Makefile
+ o MinGW: Added support to build with nghttp2
+ o NetWare: Added support to build with nghttp2
+ o build: added Watcom support to build with WinSSL
+ o build: Added optional specific version generation of VC project files

 This release includes the following bugfixes:

- o SECURITY ADVISORY: re-use of wrong HTTP NTLM connection [25]
-
- o curl_easy_setopt: Fixed OAuth 2.0 Bearer option name [1]
- o pop3: Fixed APOP being determined by CAPA response rather than by timestamp
- o Curl_pp_readresp: zero terminate line [2]
- o FILE: don't wait due to CURLOPT_MAX_RECV_SPEED_LARGE [3]
- o docs: mention CURLOPT_MAX_RECV/SEND_SPEED_LARGE don't work for FILE://
- o pop3: Fixed auth preference not being honored when CAPA not supported
- o imap: Fixed auth preference not being honored when CAPABILITY not supported
- o threaded resolver: Use pthread_t * for curl_thread_t [4]
- o FILE: we don't support paused transfers using this protocol [5]
- o connect: Try all addresses in first connection attempt [6]
- o curl_easy_setopt.3: Added SMTP information to CURLOPT_INFILESIZE_LARGE
- o OpenSSL: Fix forcing SSLv3 connections [7]
- o openssl: allow explicit sslv2 selection [8]
- o FTP parselist: fix "total" parser [9]
- o conncache: fix possible dereference of null pointer
- o multi.c: fix possible dereference of null pointer
- o mk-ca-bundle: introduces -d and warns about using this script
- o ConnectionExists: fix NTLM check for new connection [10]
- o trynextip: fix build for non-IPV6 capable systems [11]
- o Curl_updateconninfo: don't do anything for UDP "connections" [12]
- o darwinssl: un-break Leopard build after PKCS#12 change [13]
- o threaded-resolver: never use NULL hints with getaddrinf [14]
- o multi_socket: remind app if timeout didn't run
- o OpenSSL: deselect weak ciphers by default [15]
- o error message: Sensible message on timeout when transfer size unknown [16]
- o curl_easy_setopt.3: mention how to unset CURLOPT_INFILESIZE*
- o win32: Fixed use of deprecated function 'GetVersionInfoEx' for VC12 [17]
- o configure: fix gssapi linking on HP-UX [18]
- o chunked-parser: abort on overflows, allow 64 bit chunks
- o chunked parsing: relax the CR strictness [19]
- o cookie: max-age fixes [20]
- o progress bar: always update when at 100%
- o progress bar: increase update frequency to 10Hz
- o tool: Fixed incorrect return code if command line parser runs out of memory
- o tool: Fixed incorrect return code if password prompting runs out of memory
- o HTTP POST: omit Content-Length if data size is unknown [21]
- o GnuTLS: disable insecure ciphers
- o GnuTLS: honor --slv2 and the --tlsv1[.N] switches
- o multi: Fixed a memory leak on OOM condition
- o netrc: Fixed a memory and file descriptor leak on OOM
- o getpass: fix password parsing from console [22]
- o TFTP: fix crash on time-out [23]
- o hostip: don't remove DNS entries that are in use [24]
- o tests: lots of tests fixed to pass the OOM torture tests
+ o curl_easy_duphandle: CURLOPT_COPYPOSTFIELDS read out of bounds [9]
+ o openssl: build fix for versions < 0.9.8e [1]
+ o newlines: fix mixed newlines to LF-only [2]
+ o ntlm: Fixed HTTP proxy authentication when using Windows SSPI [3]
+ o sasl_sspi: Fixed Unicode build [4]
+ o file: reject paths using embedded %00
+ o threaded-resolver: revert Curl_expire_latest() switch [6]
+ o configure: allow --with-ca-path with PolarSSL too
+ o HTTP/2: Fix busy loop when EOF is encountered
+ o CURLOPT_CAPATH: return failure if set without backend support
+ o nss: do not fail if a CRL is already cached
+ o smtp: Fixed intermittent "SSL3_WRITE_PENDING: bad write retry" error
+ o fixed 20+ nits/memory leaks identified by Coverity scans
+ o curl_schannel.c: Fixed possible memory or handle leak
+ o multi-uv.c: call curl_multi_info_read() better
+ o Cmake: Check for OpenSSL before OpenLDAP
+ o Cmake: Fix library list provided to cURL tests
+ o Cmake: Avoid cycle directory dependencies
+ o Cmake: Build with GSS-API libraries (MIT or Heimdal)
+ o vtls: provide backend defines for internal source code
+ o nss: fix a connection failure when FTPS handle is reused
+ o tests/http_pipe.py: Python 3 support
+ o cmake: build tool_hugehelp (ENABLE_MANUAL)
+ o cmake: enable IPv6 by default if available
+ o tests: move TESTCASES to Makefile.inc, add show for cmake
+ o ntlm: Avoid unnecessary buffer allocation for SSPI based type-2 token
+ o ntlm: Fixed empty/bad base-64 decoded buffer return codes
+ o ntlm: Fixed empty type-2 decoded message info text
+ o cmake: add CMake/Macros.cmake to the release tarball
+ o cmake: add SUPPORT_FEATURES and SUPPORT_PROTOCOLS
+ o cmake: use LIBCURL_VERSION from curlver.h
+ o cmake: generate pkg-config and curl-config
+ o fixed several superfluous variable assignements identified by cppcheck
+ o cleanup of 'CURLcode result' return code
+ o pipelining: only output "is not blacklisted" in debug builds
+ o SSL: Remove SSLv3 from SSL default due to POODLE attack
+ o gskit.c: remove SSLv3 from SSL default
+ o darwinssl: detect possible future removal of SSLv3 from the framework
+ o ntlm: Only define ntlm data structure when USE_NTLM is defined
+ o ntlm: Return CURLcode from Curl_ntlm_core_mk_lm_hash()
+ o ntlm: Return all errors from Curl_ntlm_core_mk_nt_hash()
+ o sspi: Only call CompleteAuthToken() when complete is needed
+ o http_negotiate: Fixed missing check for USE_SPNEGO
+ o HTTP: return larger than 3 digit response codes too [7]
+ o openssl: Check for NPN / ALPN via OpenSSL version number
+ o openssl: enable NPN separately from ALPN
+ o sasl_sspi: Allow DIGEST-MD5 to use current windows credentials
+ o sspi: Return CURLE_LOGIN_DENIED on AcquireCredentialsHandle() failure
+ o resume: consider a resume from [content-length] to be OK [8]
+ o sasl: Fixed Kerberos V5 inclusion when CURL_DISABLE_CRYPTO_AUTH is used
+ o build-openssl.bat: Fix x64 release build
+ o cmake: drop _BSD_SOURCE macro usage
+ o cmake: fix gethostby{addr,name}_r in CurlTests
+ o cmake: clean OtherTests, fixing -Werror
+ o cmake: fix struct sockaddr_storage check
+ o Curl_single_getsock: fix hold/pause sock handling
+ o SSL: PolarSSL default min SSL version TLS 1.0
+ o cmake: fix ZLIB_INCLUDE_DIRS use [10]
+ o buildconf: stop checking for libtool

 This release includes the following known bugs:

@@ -71,40 +91,26 @@ This release includes the following known bugs:
 This release would not have looked like this without help, code, reports and
 advice from friends like these:

-  Abram Pousada, Barry Abrahamson, Björn Stenberg, Cédric Deltheil, Chen Prog,
-  Christian Weisgerber, Colin Hogben, Dan Fandrich, Daniel Stenberg,
-  Fabian Frank, Glenn Sheridan, Guenter Knauf, He Qin, Iida Yosiaki,
-  Jeff Hodges, Justin Maggard, Leif W, Luke Dashjr, Maks Naumov, Marc Hoersken,
-  Michael Osipov, Michal Górny and Anthony G. Basile, Mohammad AlSaleh,
-  Nick Zitzmann, Paras Sethia, Petr Novak, Priyanka Shah, Romulo A. Ceccon,
-  Steve Holme, Tobias Markus, Viktor Szakáts, Yehezkel Horowitz, Yingwei Liu
+  Askar Safin, Balaji Salunke, Bill Nagel, Bruno Thomsen, Carlo Wood,
+  Catalin Patulea, Dan Fandrich, Daniel Stenberg, Dimitar Boevski, Fabian Keil,
+  Guenter Knauf, Jakub Zakrzewski, Jeremy Lin, Jonathan Cardoso Machado,
+  Kamil Dudka, K. R. Walker, Luan Cestari, Lucas Pardue, Marcel Raad,
+  Marc Hoersken, Michael Wallner, Nick Zitzmann, Patrick Monnerat,
+  Paul Howarth, Peter Wu, Ray Satiro, Steve Holme, Symeon Paraschoudis,
+  Tatsuhiro Tsujikawa, Ulrich Telle, Viktor Szakáts, Waldek Kozba,
+  Yousuke Kimoto,

        Thanks! (and sorry if I forgot to mention someone)

 References to bug reports and discussions on issues:

- [1] = http://curl.haxx.se/bug/view.cgi?id=1313
- [2] = http://curl.haxx.se/mail/lib-2013-12/0113.html
- [3] = http://curl.haxx.se/bug/view.cgi?id=1312
- [4] = http://curl.haxx.se/bug/view.cgi?id=1314
- [5] = http://curl.haxx.se/bug/view.cgi?id=1286
- [6] = http://curl.haxx.se/bug/view.cgi?id=1315
- [7] = http://curl.haxx.se/mail/lib-2014-01/0002.html
- [8] = http://curl.haxx.se/mail/lib-2014-01/0013.html
- [9] = http://curl.haxx.se/mail/lib-2014-01/0019.html
- [10] = http://curl.haxx.se/mail/lib-2014-01/0046.html
- [11] = http://curl.haxx.se/bug/view.cgi?id=1322
- [12] = http://curl.haxx.se/mail/archive-2014-01/0016.html
- [13] = http://curl.haxx.se/mail/lib-2013-12/0150.html
- [14] = http://curl.haxx.se/mail/lib-2014-01/0061.html
- [15] = http://curl.haxx.se/bug/view.cgi?id=1323
- [16] = http://curl.haxx.se/mail/lib-2014-01/0115.html
- [17] = http://curl.haxx.se/mail/lib-2014-01/0134.html
- [18] = http://curl.haxx.se/bug/view.cgi?id=1321
- [19] = http://curl.haxx.se/mail/archive-2014-01/0000.html
- [20] = http://curl.haxx.se/mail/lib-2014-01/0130.html
- [21] = http://curl.haxx.se/mail/lib-2014-01/0103.html
- [22] = https://github.com/bagder/curl/pull/87
- [23] = http://curl.haxx.se/mail/lib-2014-01/0246.html
- [24] = http://curl.haxx.se/bug/view.cgi?id=1327
- [25] = http://curl.haxx.se/docs/adv_20140129.html
+ [1] = http://curl.haxx.se/mail/lib-2014-09/0064.html
+ [2] = http://curl.haxx.se/mail/lib-2014-09/0075.html
+ [3] = http://curl.haxx.se/mail/lib-2014-08/0273.html
+ [4] = http://curl.haxx.se/bug/view.cgi?id=1422
+ [5] = http://curl.haxx.se/libcurl/c/CURLOPT_COOKIELIST.html
+ [6] = http://curl.haxx.se/bug/view.cgi?id=1426
+ [7] = http://curl.haxx.se/bug/view.cgi?id=1441
+ [8] = http://curl.haxx.se/bug/view.cgi?id=1443
+ [9] = http://curl.haxx.se/docs/adv_20141105.html
+ [10] = https://github.com/bagder/curl/pull/123
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -2614,8 +2614,8 @@ AC_HELP_STRING([--without-ca-path], [Don't use a default CA path]),
    capath="no"
  elif test "x$want_capath" != "xno" -a "x$want_capath" != "xunset"; then
    dnl --with-ca-path given
-    if test "x$OPENSSL_ENABLED" != "x1"; then
-      AC_MSG_ERROR([--with-ca-path only works with openSSL])
+    if test "x$OPENSSL_ENABLED" != "x1" -a "x$POLARSSL_ENABLED" != "x1"; then
+      AC_MSG_ERROR([--with-ca-path only works with openSSL or PolarSSL])
    fi
    capath="$want_capath"
    ca="no"
--- a/50
+++ b/50
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -32,6 +32,7 @@ die(){
 #--------------------------------------------------------------------------
 # findtool works as 'which' but we use a different name to make it more
 # obvious we aren't using 'which'! ;-)
+# Unlike 'which' does, the current directory is ignored.
 #
 findtool(){
  file="$1"
@@ -49,7 +50,7 @@ findtool(){
  do
    IFS=$old_IFS
    # echo "checks for $file in $path" >&2
-    if test -f "$path/$file"; then
+    if test "$path" -a "$path" != '.' -a -f "$path/$file"; then
      echo "$path/$file"
      return
    fi
@@ -189,32 +190,32 @@ else
 fi

 #--------------------------------------------------------------------------
-# GNU libtool preliminary check
+# GNU libtoolize preliminary check
 #
 want_lt_major=1
 want_lt_minor=4
 want_lt_patch=2
 want_lt_version=1.4.2

-# This approach that tries 'glibtool' first is intended for systems that
-# have GNU libtool named as 'glibtool' and libtool not being GNU's.
+# This approach that tries 'glibtoolize' first is intended for systems that
+# have GNU libtool named as 'glibtoolize' and libtoolize not being GNU's.

-libtool=`findtool glibtool 2>/dev/null`
-if test ! -x "$libtool"; then
-  libtool=`findtool ${LIBTOOL:-libtool}`
+libtoolize=`findtool glibtoolize 2>/dev/null`
+if test ! -x "$libtoolize"; then
+  libtoolize=`findtool ${LIBTOOLIZE:-libtoolize}`
 fi
-if test -z "$libtool"; then
-  echo "buildconf: libtool not found."
-  echo "            You need GNU libtool $want_lt_version or newer installed."
+if test -z "$libtoolize"; then
+  echo "buildconf: libtoolize not found."
+  echo "  You need GNU libtoolize $want_lt_version or newer installed."
  exit 1
 fi

-lt_pver=`$libtool --version 2>/dev/null|head -n 1`
+lt_pver=`$libtoolize --version 2>/dev/null|head -n 1`
 lt_qver=`echo $lt_pver|sed -e "s/([^)]*)//g" -e "s/^[^0-9]*//g"`
 lt_version=`echo $lt_qver|sed -e "s/[- ].*//" -e "s/\([a-z]*\)$//"`
 if test -z "$lt_version"; then
-  echo "buildconf: libtool not found."
-  echo "            You need GNU libtool $want_lt_version or newer installed."
+  echo "buildconf: libtoolize not found."
+  echo "  You need GNU libtoolize $want_lt_version or newer installed."
  exit 1
 fi
 old_IFS=$IFS; IFS='.'; set $lt_version; IFS=$old_IFS
@@ -244,28 +245,13 @@ else
  lt_status="good"
 fi
 if test "$lt_status" != "good"; then
-  echo "buildconf: libtool version $lt_version found."
-  echo "            You need GNU libtool $want_lt_version or newer installed."
-  exit 1
-fi
-
-echo "buildconf: libtool version $lt_version (ok)"
-
-#--------------------------------------------------------------------------
-# GNU libtoolize check
-#
-if test -z "$LIBTOOLIZE"; then
-  # use (g)libtoolize from same location as (g)libtool
-  libtoolize="${libtool}ize"
-else
-  libtoolize=`findtool $LIBTOOLIZE`
-fi
-if test ! -f "$libtoolize"; then
-  echo "buildconf: libtoolize not found."
+  echo "buildconf: libtoolize version $lt_version found."
  echo "  You need GNU libtoolize $want_lt_version or newer installed."
  exit 1
 fi

+echo "buildconf: libtoolize version $lt_version (ok)"
+
 #--------------------------------------------------------------------------
 # m4 check
 #
--- a/configure.ac
+++ b/configure.ac
@@ -151,7 +151,6 @@ dnl initialize all the info variables
    curl_ssh_msg="no      (--with-libssh2)"
   curl_zlib_msg="no      (--with-zlib)"
    curl_gss_msg="no      (--with-gssapi)"
- curl_spnego_msg="no      (--with-spnego)"
 curl_tls_srp_msg="no      (--enable-tls-srp)"
    curl_res_msg="default (--enable-ares / --enable-threaded-resolver)"
   curl_ipv6_msg="no      (--enable-ipv6)"
@@ -1134,65 +1133,30 @@ no)
        ;;
 esac

-dnl **********************************************************************
-dnl Check for FBopenssl(SPNEGO) libraries
-dnl **********************************************************************
-
-AC_ARG_WITH(spnego,
-  AC_HELP_STRING([--with-spnego=DIR],
-                 [Specify location of SPNEGO library fbopenssl]), [
-  SPNEGO_ROOT="$withval"
-  if test x"$SPNEGO_ROOT" != xno; then
-    want_spnego="yes"
-  fi
-])
-
-AC_MSG_CHECKING([if SPNEGO support is requested])
-if test x"$want_spnego" = xyes; then
-
-  if test X"$SPNEGO_ROOT" = Xyes; then
-     AC_MSG_ERROR([FBOpenSSL libs and/or directories were not found where specified!])
-     AC_MSG_RESULT(no)
-  else
-     if test -z "$SPNEGO_LIB_DIR"; then
-        LDFLAGS="$LDFLAGS -L$SPNEGO_ROOT -lfbopenssl"
-     else
-        LDFLAGS="$LDFLAGS $SPNEGO_LIB_DIR"
-     fi
-
-     AC_MSG_RESULT(yes)
-     AC_DEFINE(HAVE_SPNEGO, 1,
-               [Define this if you have the SPNEGO library fbopenssl])
-     curl_spnego_msg="enabled"
-  fi
-else
-  AC_MSG_RESULT(no)
-fi
-
 dnl **********************************************************************
 dnl Check for GSS-API libraries
 dnl **********************************************************************

-dnl check for gss stuff in the /usr as default
+dnl check for GSS-API stuff in the /usr as default

 GSSAPI_ROOT="/usr"
 AC_ARG_WITH(gssapi-includes,
  AC_HELP_STRING([--with-gssapi-includes=DIR],
-                 [Specify location of GSSAPI header]),
+                 [Specify location of GSS-API headers]),
  [ GSSAPI_INCS="-I$withval"
    want_gss="yes" ]
 )

 AC_ARG_WITH(gssapi-libs,
  AC_HELP_STRING([--with-gssapi-libs=DIR],
-                 [Specify location of GSSAPI libs]),
+                 [Specify location of GSS-API libs]),
  [ GSSAPI_LIB_DIR="-L$withval"
    want_gss="yes" ]
 )

 AC_ARG_WITH(gssapi,
  AC_HELP_STRING([--with-gssapi=DIR],
-                 [Where to look for GSSAPI]), [
+                 [Where to look for GSS-API]), [
  GSSAPI_ROOT="$withval"
  if test x"$GSSAPI_ROOT" != xno; then
    want_gss="yes"
@@ -1204,12 +1168,14 @@ AC_ARG_WITH(gssapi,
 ])

 save_CPPFLAGS="$CPPFLAGS"
-AC_MSG_CHECKING([if GSSAPI support is requested])
+AC_MSG_CHECKING([if GSS-API support is requested])
 if test x"$want_gss" = xyes; then
  AC_MSG_RESULT(yes)

  if test -z "$GSSAPI_INCS"; then
-     if test -f "$GSSAPI_ROOT/bin/krb5-config"; then
+     if test -n "$host_alias" -a -f "$GSSAPI_ROOT/bin/$host_alias-krb5-config"; then
+        GSSAPI_INCS=`$GSSAPI_ROOT/bin/$host_alias-krb5-config --cflags gssapi`
+     elif test -f "$GSSAPI_ROOT/bin/krb5-config"; then
        GSSAPI_INCS=`$GSSAPI_ROOT/bin/krb5-config --cflags gssapi`
     elif test "$GSSAPI_ROOT" != "yes"; then
        GSSAPI_INCS="-I$GSSAPI_ROOT/include"
@@ -1221,7 +1187,7 @@ if test x"$want_gss" = xyes; then
  AC_CHECK_HEADER(gss.h,
    [
      dnl found in the given dirs
-      AC_DEFINE(HAVE_GSSGNU, 1, [if you have the GNU gssapi libraries])
+      AC_DEFINE(HAVE_GSSGNU, 1, [if you have GNU GSS])
      gnu_gss=yes
    ],
    [
@@ -1242,19 +1208,19 @@ AC_INCLUDES_DEFAULT
        AC_CHECK_HEADER(gssapi.h,
            [
              dnl found
-              AC_DEFINE(HAVE_GSSHEIMDAL, 1, [if you have the Heimdal gssapi libraries])
+              AC_DEFINE(HAVE_GSSHEIMDAL, 1, [if you have Heimdal])
            ],
            [
              dnl no header found, disabling GSS
              want_gss=no
-              AC_MSG_WARN(disabling GSSAPI since no header files was found)
+              AC_MSG_WARN(disabling GSS-API support since no header files were found)
            ]
          )
      else
        dnl MIT found
-        AC_DEFINE(HAVE_GSSMIT, 1, [if you have the MIT gssapi libraries])
-        dnl check if we have a really old MIT kerberos (<= 1.2)
-        AC_MSG_CHECKING([if gssapi headers declare GSS_C_NT_HOSTBASED_SERVICE])
+        AC_DEFINE(HAVE_GSSMIT, 1, [if you have MIT Kerberos])
+        dnl check if we have a really old MIT Kerberos version (<= 1.2)
+        AC_MSG_CHECKING([if GSS-API headers declare GSS_C_NT_HOSTBASED_SERVICE])
        AC_COMPILE_IFELSE([
          AC_LANG_PROGRAM([[
 #include <gssapi/gssapi.h>
@@ -1272,7 +1238,7 @@ AC_INCLUDES_DEFAULT
        ],[
          AC_MSG_RESULT([no])
          AC_DEFINE(HAVE_OLD_GSSMIT, 1,
-            [if you have an old MIT gssapi library, lacking GSS_C_NT_HOSTBASED_SERVICE])
+            [if you have an old MIT Kerberos version, lacking GSS_C_NT_HOSTBASED_SERVICE])
        ])
      fi
    ]
@@ -1281,9 +1247,9 @@ else
  AC_MSG_RESULT(no)
 fi
 if test x"$want_gss" = xyes; then
-  AC_DEFINE(HAVE_GSSAPI, 1, [if you have the gssapi libraries])
-
-  curl_gss_msg="enabled (MIT/Heimdal)"
+  AC_DEFINE(HAVE_GSSAPI, 1, [if you have GSS-API libraries])
+  HAVE_GSSAPI=1
+  curl_gss_msg="enabled (MIT Kerberos/Heimdal)"

  if test -n "$gnu_gss"; then
    curl_gss_msg="enabled (GNU GSS)"
@@ -1294,23 +1260,33 @@ if test x"$want_gss" = xyes; then
     *-*-darwin*)
        LIBS="-lgssapi_krb5 -lresolv $LIBS"
        ;;
-     *-hp-hpux*)
-        if test "$GSSAPI_ROOT" != "yes"; then
-           LDFLAGS="$LDFLAGS -L$GSSAPI_ROOT/lib$libsuff"
-        fi
-        LIBS="-lgss $LIBS"
-        ;;
     *)
-        if test -f "$GSSAPI_ROOT/bin/krb5-config"; then
+        if test -n "$host_alias" -a -f "$GSSAPI_ROOT/bin/$host_alias-krb5-config"; then
+           dnl krb5-config doesn't have --libs-only-L or similar, put everything
+           dnl into LIBS
+           gss_libs=`$GSSAPI_ROOT/bin/$host_alias-krb5-config --libs gssapi`
+           LIBS="$gss_libs $LIBS"
+        elif test -f "$GSSAPI_ROOT/bin/krb5-config"; then
           dnl krb5-config doesn't have --libs-only-L or similar, put everything
           dnl into LIBS
           gss_libs=`$GSSAPI_ROOT/bin/krb5-config --libs gssapi`
           LIBS="$gss_libs $LIBS"
-        elif test "$GSSAPI_ROOT" != "yes"; then
-           LDFLAGS="$LDFLAGS -L$GSSAPI_ROOT/lib$libsuff"
-           LIBS="-lgssapi $LIBS"
        else
-           LIBS="-lgssapi $LIBS"
+           case $host in
+           *-hp-hpux*)
+              gss_libname="gss"
+              ;;
+           *)
+              gss_libname="gssapi"
+              ;;
+           esac
+
+           if test "$GSSAPI_ROOT" != "yes"; then
+              LDFLAGS="$LDFLAGS -L$GSSAPI_ROOT/lib$libsuff"
+              LIBS="-l$gss_libname $LIBS"
+           else
+              LIBS="-l$gss_libname $LIBS"
+           fi
        fi
        ;;
     esac
@@ -2000,6 +1976,9 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
      dnl cyassl/ctaocrypt/types.h needs SIZEOF_LONG_LONG defined!
      AC_CHECK_SIZEOF(long long)

+      dnl Versions since at least 2.9.4 renamed error.h to error-ssl.h
+      AC_CHECK_HEADERS(cyassl/error-ssl.h)
+
      LIBS="-lcyassl -lm $LIBS"

      if test -n "$cyassllib"; then
@@ -2101,6 +2080,10 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
      if test "x$USE_NSS" = "xyes"; then
        AC_MSG_NOTICE([detected NSS version $version])

+        dnl needed when linking the curl tool without USE_EXPLICIT_LIB_DEPS
+        NSS_LIBS=$addlib
+        AC_SUBST([NSS_LIBS])
+
        dnl when shared libs were found in a path that the run-time
        dnl linker doesn't search through, we need to add it to
        dnl LD_LIBRARY_PATH to prevent further configure tests to fail
@@ -2161,10 +2144,11 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
      USE_AXTLS="yes"
      curl_ssl_msg="enabled (axTLS)"

-
+      if test "x$cross_compiling" != "xyes"; then
        LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$LIB_AXTLS"
        export LD_LIBRARY_PATH
        AC_MSG_NOTICE([Added $LIB_AXTLS to LD_LIBRARY_PATH])
+      fi
      ],[
      LDFLAGS="$CLEANLDFLAGS"
      CPPFLAGS="$CLEANCPPFLAGS"
@@ -2466,19 +2450,19 @@ AC_HELP_STRING([--disable-versioned-symbols], [Disable versioned symbols in shar
        AC_MSG_RESULT(yes)
        if test "x$OPENSSL_ENABLED" = "x1"; then
          versioned_symbols_flavour="OPENSSL_"
-        elif test "x$GNUTLS_ENABLED" == "x1"; then
+        elif test "x$GNUTLS_ENABLED" = "x1"; then
          versioned_symbols_flavour="GNUTLS_"
-        elif test "x$NSS_ENABLED" == "x1"; then
+        elif test "x$NSS_ENABLED" = "x1"; then
          versioned_symbols_flavour="NSS_"
-        elif test "x$POLARSSL_ENABLED" == "x1"; then
+        elif test "x$POLARSSL_ENABLED" = "x1"; then
          versioned_symbols_flavour="POLARSSL_"
-        elif test "x$CYASSL_ENABLED" == "x1"; then
+        elif test "x$CYASSL_ENABLED" = "x1"; then
          versioned_symbols_flavour="CYASSL_"
-        elif test "x$AXTLS_ENABLED" == "x1"; then
+        elif test "x$AXTLS_ENABLED" = "x1"; then
          versioned_symbols_flavour="AXTLS_"
-        elif test "x$WINSSL_ENABLED" == "x1"; then
+        elif test "x$WINSSL_ENABLED" = "x1"; then
          versioned_symbols_flavour="WINSSL_"
-        elif test "x$DARWINSSL_ENABLED" == "x1"; then
+        elif test "x$DARWINSSL_ENABLED" = "x1"; then
          versioned_symbols_flavour="DARWINSSL_"
        else
          versioned_symbols_flavour=""
@@ -2696,7 +2680,7 @@ if test "$want_idn" = "yes"; then
    if test "x$ac_cv_header_tld_h" = "xyes"; then
      AC_SUBST([IDN_ENABLED], [1])
      curl_idn_msg="enabled"
-      if test -n "$IDN_DIR"; then
+      if test -n "$IDN_DIR" -a "x$cross_compiling" != "xyes"; then
        LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$IDN_DIR"
        export LD_LIBRARY_PATH
        AC_MSG_NOTICE([Added $IDN_DIR to LD_LIBRARY_PATH])
@@ -2725,8 +2709,7 @@ dnl **********************************************************************
 dnl Check for nghttp2
 dnl **********************************************************************

-AC_MSG_CHECKING([whether to build with nghttp2])
-OPT_H2="no"
+OPT_H2="yes"
 AC_ARG_WITH(nghttp2,
 AC_HELP_STRING([--with-nghttp2=PATH],[Enable nghttp2 usage])
 AC_HELP_STRING([--without-nghttp2],[Disable nghttp2 usage]),
@@ -2734,63 +2717,47 @@ AC_HELP_STRING([--without-nghttp2],[Disable nghttp2 usage]),
 case "$OPT_H2" in
  no)
    dnl --without-nghttp2 option used
-    want_idn="no"
-    AC_MSG_RESULT([no])
-    ;;
-  default)
-    dnl configure option not specified
    want_h2="no"
-    want_h2_path="default"
-    AC_MSG_RESULT([no])
    ;;
  yes)
    dnl --with-nghttp2 option used without path
-    want_h2="yes"
+    want_h2="default"
    want_h2_path=""
-    AC_MSG_RESULT([yes])
    ;;
  *)
    dnl --with-nghttp2 option used with path
    want_h2="yes"
-    want_h2_path="$withval"
-    AC_MSG_RESULT([yes ($withval)])
+    want_h2_path="$withval/lib/pkgconfig"
    ;;
 esac

 curl_h2_msg="disabled (--with-nghttp2)"
-if test X"$OPT_H2" != Xno; then
-  dnl backup the pre-librtmp variables
+if test X"$want_h2" != Xno; then
+  dnl backup the pre-nghttp2 variables
  CLEANLDFLAGS="$LDFLAGS"
  CLEANCPPFLAGS="$CPPFLAGS"
  CLEANLIBS="$LIBS"

-  h2pcdir=${want_h2_path}/lib/pkgconfig
-  CURL_CHECK_PKGCONFIG(libnghttp2, $h2pcdir)
+  CURL_CHECK_PKGCONFIG(libnghttp2, $want_h2_path)

  if test "$PKGCONFIG" != "no" ; then
-    LIB_H2=`CURL_EXPORT_PCDIR([$h2pcdir])
+    LIB_H2=`CURL_EXPORT_PCDIR([$want_h2_path])
      $PKGCONFIG --libs-only-l libnghttp2`
    AC_MSG_NOTICE([-l is $LIB_H2])

-    CPP_H2=`CURL_EXPORT_PCDIR([$h2pcdir]) dnl
+    CPP_H2=`CURL_EXPORT_PCDIR([$want_h2_path]) dnl
      $PKGCONFIG --cflags-only-I libnghttp2`
    AC_MSG_NOTICE([-I is $CPP_H2])

-    LD_H2=`CURL_EXPORT_PCDIR([$h2pcdir])
+    LD_H2=`CURL_EXPORT_PCDIR([$want_h2_path])
      $PKGCONFIG --libs-only-L libnghttp2`
    AC_MSG_NOTICE([-L is $LD_H2])

-  else
-    dnl To avoid link errors, we do not allow --libnghttp2 without
-    dnl a pkgconfig file
-    AC_MSG_ERROR([--with-nghttp2 was specified but could not find libnghttp2 pkg-config file.])
-  fi
-
    LDFLAGS="$LDFLAGS $LD_H2"
    CPPFLAGS="$CPPFLAGS $CPP_H2"
    LIBS="$LIB_H2 $LIBS"

-  AC_CHECK_LIB(nghttp2, nghttp2_session_client_new,
+    AC_CHECK_LIB(nghttp2, nghttp2_session_callbacks_set_send_callback,
      [
       AC_CHECK_HEADERS(nghttp2/nghttp2.h,
          curl_h2_msg="enabled (nghttp2)"
@@ -2805,6 +2772,15 @@ if test X"$OPT_H2" != Xno; then
        LIBS=$CLEANLIBS
    )

+  else
+    dnl no nghttp2 pkg-config found, deal with it
+    if test X"$want_h2" != Xdefault; then
+      dnl To avoid link errors, we do not allow --with-nghttp2 without
+      dnl a pkgconfig file
+      AC_MSG_ERROR([--with-nghttp2 was specified but could not find libnghttp2 pkg-config file.])
+    fi
+  fi
+
 fi

 dnl **********************************************************************
@@ -3034,8 +3010,10 @@ AC_CHECK_FUNCS([fork \
  getppid \
  getprotobyname \
  getpwuid \
+  getpwuid_r \
  getrlimit \
  gettimeofday \
+  if_nametoindex \
  inet_addr \
  perror \
  pipe \
@@ -3246,6 +3224,7 @@ AC_HELP_STRING([--disable-crypto-auth],[Disable cryptographic authentication]),
  no)
       AC_MSG_RESULT(no)
       AC_DEFINE(CURL_DISABLE_CRYPTO_AUTH, 1, [to disable cryptographic authentication])
+       CURL_DISABLE_CRYPTO_AUTH=1
       ;;
  *)   AC_MSG_RESULT(yes)
       ;;
@@ -3379,7 +3358,18 @@ fi
 if test "x$USE_WINDOWS_SSPI" = "x1"; then
  SUPPORT_FEATURES="$SUPPORT_FEATURES SSPI"
 fi
-if test "x$CURL_DISABLE_HTTP" != "x1"; then
+
+if test "x$HAVE_GSSAPI" = "x1"; then
+  SUPPORT_FEATURES="$SUPPORT_FEATURES GSS-API"
+fi
+
+if test "x$CURL_DISABLE_CRYPTO_AUTH" != "x1" -a \
+    \( "x$HAVE_GSSAPI" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \); then
+  SUPPORT_FEATURES="$SUPPORT_FEATURES SPNEGO"
+fi
+
+if test "x$CURL_DISABLE_HTTP" != "x1" -a \
+    "x$CURL_DISABLE_CRYPTO_AUTH" != "x1"; then
  if test "x$USE_SSLEAY" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \
      -o "x$GNUTLS_ENABLED" = "x1" -o "x$NSS_ENABLED" = "x1" \
      -o "x$DARWINSSL_ENABLED" = "x1"; then
@@ -3498,6 +3488,7 @@ AC_CONFIG_FILES([Makefile \
           docs/Makefile \
           docs/examples/Makefile \
           docs/libcurl/Makefile \
+           docs/libcurl/opts/Makefile \
           include/Makefile \
           include/curl/Makefile \
           src/Makefile \
@@ -3542,8 +3533,7 @@ AC_MSG_NOTICE([Configured to build curl/libcurl:
  SSL support:      ${curl_ssl_msg}
  SSH support:      ${curl_ssh_msg}
  zlib support:     ${curl_zlib_msg}
-  GSSAPI support:   ${curl_gss_msg}
-  SPNEGO support:   ${curl_spnego_msg}
+  GSS-API support:  ${curl_gss_msg}
  TLS-SRP support:  ${curl_tls_srp_msg}
  resolver:         ${curl_res_msg}
  ipv6 support:     ${curl_ipv6_msg}
--- a/contributors.sh
+++ b/contributors.sh
@@ -34,17 +34,19 @@ fi

 # filter out Author:, Commit: and *by: lines
 # cut off the email parts
+# split list of names at comma
 # cut off spaces first and last on the line
 # only count names with a space (ie more than one word)
 # sort all unique names
 # awk them into RELEASE-NOTES format
 git log $start..HEAD | \
-egrep '(Author|Commit|by):' | \
+egrep -i '(Author|Commit|by):' | \
 cut -d: -f2- | \
 cut '-d<' -f1 | \
+tr , '\012' | \
 sed -e 's/^ //' -e 's/ $//g' | \
 grep ' ' | \
-sort -u |
+sort -fu |
 awk '{
 num++;
 n = sprintf("%s%s%s,", n, length(n)?" ":"", $0);
--- a/docs/BINDINGS
+++ b/docs/BINDINGS
@@ -128,6 +128,11 @@ Mono
  libcurl-net by Jeffrey Phillips
  http://sourceforge.net/projects/libcurl-net/

+node.js
+
+  node-libcurl by Jonathan Cardoso Machado
+  https://github.com/JCMais/node-libcurl
+
 Object-Pascal

  Free Pascal, Delphi and Kylix binding written by Christophe Espern.
--- a/docs/CONTRIBUTE
+++ b/docs/CONTRIBUTE
@@ -278,6 +278,10 @@
      [full description, no wider than 72 columns that describe as much as
      possible as to why this change is made, and possibly what things
      it fixes and everything else that is related]
+
+      [Bug: link to source of the report or more related discussion]
+      [Reported-by: John Doe - credit the reporter]
+      [whatever-else-by: credit all helpers, finders, doers]
      ---- stop ----

 Don't forget to use commit --author="" if you commit someone else's work,
--- a/docs/DISTRO-DILEMMA
+++ b/docs/DISTRO-DILEMMA
@@ -59,7 +59,7 @@ GnuTLS
 OpenSSL does. Now, you can build and distribute an TLS/SSL capable libcurl
 without including any Original BSD licensed code.

- I believe Debian is the first (only?) distro that provides libcurl/GnutTLS
+ I believe Debian is the first (only?) distro that provides libcurl/GnuTLS
 packages.

 yassl
@@ -72,20 +72,20 @@ GnuTLS vs OpenSSL vs yassl

 While these three libraries offer similar features, they are not equal.
 libcurl does not (yet) offer a standardized stable ABI if you decide to
- switch from using libcurl-openssl to libcurl-gnutls or vice versa. The GnuTLS
+ switch from using libcurl-openssl to libcurl-gnutls or vice-versa. The GnuTLS
 and yassl support is very recent in libcurl and it has not been tested nor
 used very extensively, while the OpenSSL equivalent code has been used and
 thus matured since 1999.

 GnuTLS
-   - LGPL licensened
+   - LGPL licensed
   - supports SRP
   - lacks SSLv2 support
   - lacks MD2 support (used by at least some CA certs)
   - lacks the crypto functions libcurl uses for NTLM

 OpenSSL
-   - Original BSD licensened
+   - Original BSD licensed
   - lacks SRP
   - supports SSLv2
   - older and more widely used
--- a/docs/FAQ
+++ b/docs/FAQ
@@ -80,6 +80,7 @@ FAQ
  4.17 Non-functional connect timeouts on Windows
  4.18 file:// URLs containing drive letters (Windows, NetWare)
  4.19 Why doesn't cURL return an error when the network cable is unplugged?
+  4.20 curl doesn't return error for HTTP non-200 responses!

 5. libcurl Issues
  5.1 Is libcurl thread-safe?
@@ -99,6 +100,7 @@ FAQ
  5.15 How do I get an FTP directory listing?
  5.16 I want a different time-out!
  5.17 Can I write a server with libcurl?
+  5.18 Does libcurl use threads?

 6. License Issues
  6.1 I have a GPL program, can I use the libcurl library?
@@ -135,11 +137,11 @@ FAQ
    POP3S, RTMP, RTSP, SCP, SFTP, SMTP, SMTPS, TELNET and TFTP.

    libcurl supports HTTPS certificates, HTTP POST, HTTP PUT, FTP uploading,
-    kerberos, HTTP form based upload, proxies, cookies, user+password
+    Kerberos, SPNEGO, HTTP form based upload, proxies, cookies, user+password
    authentication, file transfer resume, http proxy tunneling and more!

    libcurl is highly portable, it builds and works identically on numerous
-    platforms, including Solaris, NetBSD, FreeBSD, OpenBSD, Darwin, HPUX,
+    platforms, including Solaris, NetBSD, FreeBSD, OpenBSD, Darwin, HP-UX,
    IRIX, AIX, Tru64, Linux, UnixWare, HURD, Windows, Amiga, OS/2, BeOS, Mac
    OS X, Ultrix, QNX, OpenVMS, RISC OS, Novell NetWare, DOS, Symbian, OSF,
    Android, Minix, IBM TPF and more...
@@ -154,7 +156,10 @@ FAQ
    Since curl uses libcurl, curl supports the same wide range of common
    Internet protocols that libcurl does.

-  We pronounce curl and cURL with an initial k sound: [kurl].
+  We pronounce curl with an initial k sound. It rhymes with words like girl
+  and earl. This is a short WAV file to help you:
+
+     http://media.merriam-webster.com/soundc11/c/curl0001.wav

  There are numerous sub-projects and related projects that also use the word
  curl in the project names in various combinations, but you should take
@@ -237,10 +242,10 @@ FAQ
  1.6 What do you get for making curl?

  Project cURL is entirely free and open. No person gets paid for developing
-  (lib)curl on full or even part time. We do this voluntarily on our spare
-  time. Occasionally companies pay individual developers to work on curl, but
-  that's up to each company and developer. It is not controlled by nor
-  supervised in any way by the project.
+  curl on full time. We do this voluntarily, mostly on spare time.
+  Occasionally companies pay individual developers to work on curl, but that's
+  up to each company and developer. It is not controlled by nor supervised in
+  any way by the project.

  We still get help from companies. Haxx provides web site, bandwidth, mailing
  lists etc, sourceforge.net hosts project services we take advantage from,
@@ -422,7 +427,7 @@ FAQ

  curl can be built to use one of the following SSL alternatives: OpenSSL,
  GnuTLS, yassl, NSS, PolarSSL, axTLS, Secure Transport (native iOS/OS X),
-  WinSSL (native Windows) or qssl (native IBM i). They all have their pros
+  WinSSL (native Windows) or GSKit (native IBM i). They all have their pros
  and cons, and we try to maintain a comparison of them here:
  http://curl.haxx.se/docs/ssl-compared.html

@@ -1086,6 +1091,30 @@ FAQ
  by having the application monitor the network connection on its own using an
  OS-specific mechanism, then signalling libcurl to abort (see also item 5.13).

+  4.20 curl doesn't return error for HTTP non-200 responses!
+
+  Correct. Unless you use -f (--fail).
+
+  When doing HTTP transfers, curl will perform exactly what you're asking it
+  to do and if successful it will not return an error. You can use curl to
+  test your web server's "file not found" page (that gets 404 back), you can
+  use it to check your authentication protected web pages (that get a 401
+  back) and so on.
+
+  The specific HTTP response code does not constitute a problem or error for
+  curl. It simply sends and delivers HTTP as you asked and if that worked,
+  everything is fine and dandy. The response code is generally providing more
+  higher level error information that curl doesn't care about. The error was
+  not in the HTTP transfer.
+
+  If you want your command line to treat error codes in the 400 and up range
+  as errors and thus return a non-zero value and possibly show an error
+  message, curl has a dedicated option for that: -f (CURLOPT_FAILONERROR in
+  libcurl speak).
+
+  You can also use the -w option and the variable %{response_code} to extract
+  the exact response code that was return in the response.
+

 5. libcurl Issues

@@ -1098,6 +1127,12 @@ FAQ
  your system has such.  Note that you must never share the same handle in
  multiple threads.

+  libcurl's implementation of timeouts might use signals (depending on what it
+  was built to use for name resolving), and signal handling is generally not
+  thread-safe.  Multi-threaded Applicationss that call libcurl from different
+  threads (on different handles) might want to use CURLOPT_NOSIGNAL, e.g.:
+
+    curl_easy_setopt(handle, CURLOPT_NOSIGNAL, true);

  If you use a OpenSSL-powered libcurl in a multi-threaded environment, you
  need to provide one or two locking functions:
@@ -1365,6 +1400,19 @@ FAQ
  server for. And there are really good stand-alone ones that have been tested
  and proven for many years. There's no need for you to reinvent them!

+  5.18 Does libcurl use threads?
+
+  Put simply: no, libcurl will execute in the same thread you call it in. All
+  callbacks will be called in the same thread as the one you call libcurl in.
+
+  If you want to avoid your thread to be blocked by the libcurl call, you make
+  sure you use the non-blocking API which will do transfers asynchronously -
+  but still in the same single thread.
+
+  libcurl will potentially internally use threads for name resolving, if it
+  was built to work like that, but in those cases it'll create the child
+  threads by itself and they will only be used and then killed internally by
+  libcurl and never exposed to the outside.

 6. License Issues

--- a/docs/FEATURES
+++ b/docs/FEATURES
@@ -28,7 +28,7 @@ libcurl
 - selectable network interface for outgoing traffic
 - IPv6 support on unix and Windows
 - persistent connections
- - socks5 support
+ - socks 4 + 5 support, with or without local name resolving
 - supports user name and password in proxy environment variables
 - operations through proxy "tunnel" (using CONNECT)
 - support for large files (>2GB and >4GB) during upload and download
@@ -45,8 +45,8 @@ HTTP
 - POST
 - Pipelining
 - multipart formpost (RFC1867-style)
- - authentication: Basic, Digest, NTLM (*9), GSS-Negotiate/Negotiate (*3) and
-   SPNEGO (*4) to server and proxy
+ - authentication: Basic, Digest, NTLM (*9) and Negotiate (SPNEGO) (*3)
+   to server and proxy
 - resume (both GET and PUT)
 - follow redirects
 - maximum amount of redirects to follow
@@ -55,7 +55,7 @@ HTTP
 - reads/writes the netscape cookie file format
 - custom headers (replace/remove internally generated headers)
 - custom user-agent string
- - custom referer string
+ - custom referrer string
 - range
 - proxy authentication
 - time conditions
@@ -64,6 +64,7 @@ HTTP
 - Content-Encoding support for deflate and gzip
 - "Transfer-Encoding: chunked" support in uploads
 - data compression (*12)
+ - HTTP/2 (*5)

 HTTPS (*1)
 - (all the HTTP features)
@@ -76,8 +77,7 @@ HTTPS (*1)
 FTP
 - download
 - authentication
- - kerberos4 (*5)
- - kerberos5 (*3)
+ - Kerberos 5 (*14)
 - active/passive using PORT, EPRT, PASV or EPSV
 - single file size information (compare to HTTP HEAD)
 - 'type=' URL support
@@ -128,7 +128,8 @@ FILE
 - resume

 SMTP
- - authentication: Plain, Login, CRAM-MD5, Digest-MD5 and NTLM (*9)
+ - authentication: Plain, Login, CRAM-MD5, Digest-MD5, NTLM (*9) and Kerberos 5
+   (*4)
 - send e-mails
 - mail from support
 - mail size support
@@ -143,8 +144,8 @@ SMTPS (*1)

 POP3
 - authentication: Clear Text, APOP and SASL
- - SASL based authentication: Plain, Login, CRAM-MD5, Digest-MD5 and
-   NTLM (*9)
+ - SASL based authentication: Plain, Login, CRAM-MD5, Digest-MD5, NTLM (*9) and
+   Kerberos 5 (*4)
 - list e-mails
 - retrieve e-mails
 - enhanced command support for: CAPA, DELE, TOP, STAT, UIDL and NOOP via
@@ -158,11 +159,11 @@ POP3S (*1)

 IMAP
 - authentication: Clear Text and SASL
- - SASL based authentication: Plain, Login, CRAM-MD5, Digest-MD5 and
-   NTLM (*9)
+ - SASL based authentication: Plain, Login, CRAM-MD5, Digest-MD5, NTLM (*9) and
+   Kerberos 5 (*4)
 - list the folders of a mailbox
- - select a mailbox with support for verifing the UIDVALIDITY
- - fetch e-mails with support for specifing the UID and SECTION
+ - select a mailbox with support for verifying the UIDVALIDITY
+ - fetch e-mails with support for specifying the UID and SECTION
 - upload e-mails via the append command
 - enhanced command support for: EXAMINE, CREATE, DELETE, RENAME, STATUS,
   STORE, COPY and UID via custom requests
@@ -177,13 +178,15 @@ FOOTNOTES
 =========

  *1 = requires OpenSSL, GnuTLS, NSS, yassl, axTLS, PolarSSL, WinSSL (native
-       Windows), Secure Transport (native iOS/OS X) or qssl (native IBM i)
+       Windows), Secure Transport (native iOS/OS X) or GSKit (native IBM i)
  *2 = requires OpenLDAP
-  *3 = requires a GSSAPI-compliant library, such as Heimdal or similar
-  *4 = requires FBopenssl
-  *5 = requires a krb4 library, such as the MIT one or similar
+  *3 = requires a GSS-API implementation (such as Heimdal or MIT Kerberos) or
+       SSPI (native Windows)
+  *4 = requires a GSS-API implementation, however, only Windows SSPI is
+       currently supported
+  *5 = requires nghttp2 and possibly a recent TLS library
  *6 = requires c-ares
-  *7 = requires OpenSSL, NSS, qssl, WinSSL or Secure Transport; GnuTLS, for
+  *7 = requires OpenSSL, NSS, GSKit, WinSSL or Secure Transport; GnuTLS, for
       example, only supports SSLv3 and TLSv1
  *8 = requires libssh2
  *9 = requires OpenSSL, GnuTLS, NSS, yassl, Secure Transport or SSPI (native
@@ -194,3 +197,4 @@ FOOTNOTES
  *12 = requires libz
  *13 = requires libmetalink, and either an Apple or Microsoft operating
        system, or OpenSSL, or GnuTLS, or NSS
+  *14 = requires a GSS-API implementation (such as Heimdal or MIT Kerberos)
--- a/docs/HISTORY
+++ b/docs/HISTORY
@@ -4,23 +4,31 @@
                            | (__| |_| |  _ <| |___
                             \___|\___/|_| \_\_____|

-                          How cURL Became Like This
+How cURL Became Like This
+=========================

-
-Towards the end of 1996, Daniel Stenberg came up with the idea to make
+Towards the end of 1996, Daniel Stenberg was spending time writing an IRC bot
+for an Amiga related channel on EFnet. He then came up with the idea to make
 currency-exchange calculations available to Internet Relay Chat (IRC)
 users. All the necessary data are published on the Web; he just needed to
 automate their retrieval.

 Daniel simply adopted an existing command-line open-source tool, httpget, that
 Brazilian Rafael Sagula had written and recently release version 0.1 of. After
-a few minor adjustments, it did just what he needed. HttpGet 1.0 was released
-on April 8th 1997 with brand new HTTP proxy support.
+a few minor adjustments, it did just what he needed.
+
+1997
+----
+
+HttpGet 1.0 was released on April 8th 1997 with brand new HTTP proxy support.

 We soon found and fixed support for getting currencies over GOPHER.  Once FTP
 download support was added, the name of the project was changed and urlget 2.0
 was released in August 1997. The http-only days were already passed.

+1998
+----
+
 The project slowly grew bigger. When upload capabilities were added and the
 name once again was misleading, a second name change was made and on March 20,
 1998 curl 4 was released. (The version numbering from the previous names was
@@ -33,33 +41,39 @@ was revealed to us much later.)

 SSL support was added, powered by the SSLeay library.

-August 1998, first announcement of curl on freshmeat.net.
+August, first announcement of curl on freshmeat.net.

-October 1998, with the curl 4.9 release and the introduction of cookie
-support, curl was no longer released under the GPL license. Now we're at 4000
-lines of code, we switched over to the MPL license to restrict the effects of
+October, with the curl 4.9 release and the introduction of cookie support,
+curl was no longer released under the GPL license. Now we're at 4000 lines of
+code, we switched over to the MPL license to restrict the effects of
 "copyleft".

-November 1998, configure script and reported successful compiles on several
+November, configure script and reported successful compiles on several
 major operating systems. The never-quite-understood -F option was added and
 curl could now simulate quite a lot of a browser. TELNET support was added.

 Curl 5 was released in December 1998 and introduced the first ever curl man
 page. People started making Linux RPM packages out of it.

-January 1999, DICT support added.
+1999
+----
+
+January, DICT support added.

 OpenSSL took over where SSLeay was abandoned.

-May 1999, first Debian package.
+May, first Debian package.

-August 1999, LDAP:// and FILE:// support added. The curl web site gets 1300
-visits weekly.
+August, LDAP:// and FILE:// support added. The curl web site gets 1300 visits
+weekly.

 Released curl 6.0 in September. 15000 lines of code.

-December 28 1999, added the project on Sourceforge and started using its
-services for managing the project.
+December 28, added the project on Sourceforge and started using its services
+for managing the project.
+
+2000
+----

 Spring 2000, major internal overhaul to provide a suitable library interface.
 The first non-beta release was named 7.1 and arrived in August. This offered
@@ -67,19 +81,22 @@ the easy interface and turned out to be the beginning of actually getting
 other software and programs to get based on and powered by libcurl. Almost
 20000 lines of code.

-August 2000, the curl web site gets 4000 visits weekly.
+August, the curl web site gets 4000 visits weekly.

 The PHP guys adopted libcurl already the same month, when the first ever third
 party libcurl binding showed up. CURL has been a supported module in PHP since
 the release of PHP 4.0.2. This would soon get followers. More than 16
 different bindings exist at the time of this writing.

-September 2000, kerberos4 support was added.
+September, kerberos4 support was added.

-In November 2000 started the work on a test suite for curl. It was later
-re-written from scratch again. The libcurl major SONAME number was set to 1.
+In November started the work on a test suite for curl. It was later re-written
+from scratch again. The libcurl major SONAME number was set to 1.

-January 2001, Daniel released curl 7.5.2 under a new license again: MIT (or
+2001
+----
+
+January, Daniel released curl 7.5.2 under a new license again: MIT (or
 MPL). The MIT license is extremely liberal and can be used combined with GPL
 in other projects. This would finally put an end to the "complaints" from
 people involved in GPLed projects that previously were prohibited from using
@@ -92,17 +109,20 @@ code. The libcurl major SONAME number was bumped to 2 due to this overhaul.

 The first experimental ftps:// support was added in March 2001.

-August 2001. curl is bundled in Mac OS X, 10.1. It was already becoming more
-and more of a standard utility of Linux distributions and a regular in the BSD
+August. curl is bundled in Mac OS X, 10.1. It was already becoming more and
+more of a standard utility of Linux distributions and a regular in the BSD
 ports collections. The curl web site gets 8000 visits weekly. Curl Corporation
 contacted Daniel to discuss "the name issue". After Daniel's reply, they have
 never since got in touch again.

-September 2001, libcurl 7.9 introduces cookie jar and curl_formadd(). During
-the forthcoming 7.9.x releases, we introduced the multi interface slowly and
+September, libcurl 7.9 introduces cookie jar and curl_formadd(). During the
+forthcoming 7.9.x releases, we introduced the multi interface slowly and
 without much whistles.

-June 2002, the curl web site gets 13000 visits weekly. curl and libcurl is
+2002
+----
+
+June, the curl web site gets 13000 visits weekly. curl and libcurl is
 35000 lines of code. Reported successful compiles on more than 40 combinations
 of CPUs and operating systems.

@@ -111,33 +131,36 @@ impossible. Around 5000 downloaded packages each week from the main site gives
 a hint, but the packages are mirrored extensively, bundled with numerous OS
 distributions and otherwise retrieved as part of other software.

-September 2002, with the release of curl 7.10 it is released under the MIT
-license only.
+September, with the release of curl 7.10 it is released under the MIT license
+only.

-January 2003. Started working on the distributed curl tests. The autobuilds.
+2003
+----

-February 2003, the curl site averages at 20000 visits weekly. At any given
-moment, there's an average of 3 people browsing the curl.haxx.se site.
+January. Started working on the distributed curl tests. The autobuilds.
+
+February, the curl site averages at 20000 visits weekly. At any given moment,
+there's an average of 3 people browsing the curl.haxx.se site.

 Multiple new authentication schemes are supported: Digest (May), NTLM (June)
 and Negotiate (June).

-November 2003: curl 7.10.8 is released. 45000 lines of code. ~55000 unique
-visitors to the curl.haxx.se site. Five official web mirrors.
+November: curl 7.10.8 is released. 45000 lines of code. ~55000 unique visitors
+to the curl.haxx.se site. Five official web mirrors.

-December 2003, full-fledged SSL for FTP is supported.
+December, full-fledged SSL for FTP is supported.

-January 2004: curl 7.11.0 introduced large file support.
+2004
+----

-June 2004:
+January: curl 7.11.0 introduced large file support.

-  curl 7.12.0 introduced IDN support. 10 official web mirrors.
+June: curl 7.12.0 introduced IDN support. 10 official web mirrors.

-  This release bumped the major SONAME to 3 due to the removal of the
-  curl_formparse() function
+This release bumped the major SONAME to 3 due to the removal of the
+curl_formparse() function

-August 2004:
- Curl and libcurl 7.12.1
+August: Curl and libcurl 7.12.1

    Public curl release number:               82
    Releases counted from the very beginning: 109
@@ -147,52 +170,45 @@ August 2004:
    Amount of public web site mirrors:        12
    Number of known libcurl bindings:         26

-April 2005:
+2005
+----

- GnuTLS can now optionally be used for the secure layer when curl is built.
+April. GnuTLS can now optionally be used for the secure layer when curl is
+built.

-September 2005:
+September: TFTP support was added.

- TFTP support was added.
+More than 100,000 unique visitors of the curl web site. 25 mirrors.

- More than 100,000 unique visitors of the curl web site. 25 mirrors.
+December: security vulnerability: libcurl URL Buffer Overflow

-December 2005:
+2006
+----

- security vulnerability: libcurl URL Buffer Overflow
+January. We dropped support for Gopher. We found bugs in the implementation
+that turned out having been introduced years ago, so with the conclusion that
+nobody had found out in all this time we removed it instead of fixing it.

-January 2006:
+March: security vulnerability: libcurl TFTP Packet Buffer Overflow

- We dropped support for Gopher. We found bugs in the implementation that
- turned out having been introduced years ago, so with the conclusion that
- nobody had found out in all this time we removed it instead of fixing it.
+April: Added the multi_socket() API

-March 2006:
+September: The major SONAME number for libcurl was bumped to 4 due to the
+removal of ftp third party transfer support.

- security vulnerability: libcurl TFTP Packet Buffer Overflow
+November: Added SCP and SFTP support

-April 2006:
+2007
+----

- Added the multi_socket() API
+February: Added support for the Mozilla NSS library to do the SSL/TLS stuff

-September 2006:
+July: security vulnerability: libcurl GnuTLS insufficient cert verification

- The major SONAME number for libcurl was bumped to 4 due to the removal of
- ftp third party transfer support.
+2008
+----

-November 2006:
-
- Added SCP and SFTP support
-
-February 2007:
-
- Added support for the Mozilla NSS library to do the SSL/TLS stuff
-
-July 2007:
-
- security vulnerability: libcurl GnuTLS insufficient cert verification
-
-November 2008:
+November:

    Command line options:         128
    curl_easy_setopt() options:   158
@@ -202,37 +218,30 @@ November 2008:

 145,000 unique visitors. >100 GB downloaded.

-March 2009:
+2009
+----

- security vulnerability: libcurl Arbitrary File Access
+March: security vulnerability: libcurl Arbitrary File Access

-August 2009:
+August: security vulnerability: libcurl embedded zero in cert name

- security vulnerability: libcurl embedded zero in cert name
+December: Added support for IMAP, POP3 and SMTP

-December 2009:
+2010
+----

- Added support for IMAP, POP3 and SMTP
+January: Added support for RTSP

-January 2010:
+February: security vulnerability: libcurl data callback excessive length

- Added support for RTSP
+March: The project switched over to use git (hosted by github) instead of CVS
+for source code control

-February 2010:
+May: Added support for RTMP

- security vulnerability: libcurl data callback excessive length
+Added support for PolarSSL to do the SSL/TLS stuff

-March 2010:
-
- The project switched over to use git instead of CVS for source code control
-
-May 2010:
-
- Added support for RTMP
-
- Added support for PolarSSL to do the SSL/TLS stuff
-
-August 2010:
+August:

    Public curl releases:         117
    Command line options:         138
@@ -242,3 +251,32 @@ August 2010:
    Contributors:                 808

 Gopher support added (re-added actually)
+
+2012
+----
+
+ July: Added support for Schannel (native Windows TLS backend) and Darwin SSL
+ (Native Mac OS X and iOS TLS backend).
+
+ Supports metalink
+
+ October: SSH-agent support.
+
+2013
+----
+
+ February: Cleaned up internals to always uses the "multi" non-blocking
+ approach internally and only expose the blocking API with a wrapper.
+
+ September: First small steps on supporting HTTP/2 with nghttp2.
+
+ October: Removed krb4 support.
+
+ December: Happy eyeballs.
+
+2014
+----
+
+ March: first real release supporting HTTP/2
+
+ September: Web site had 245,000 unique visitors and served 236GB data
--- a/docs/INSTALL
+++ b/docs/INSTALL
@@ -22,6 +22,7 @@ Building from git

 UNIX
 ====
+
   A normal unix installation is made in three or four steps (after you've
   unpacked the source archive):

@@ -115,18 +116,6 @@ UNIX

       ./configure --disable-thread

-     To build curl with kerberos4 support enabled, curl requires the krb4 libs
-     and headers installed. You can then use a set of options to tell
-     configure where those are:
-
-          --with-krb4-includes[=DIR]   Specify location of kerberos4 headers
-          --with-krb4-libs[=DIR]       Specify location of kerberos4 libs
-          --with-krb4[=DIR]            where to look for Kerberos4
-
-     In most cases, /usr/athena is the install prefix and then it works with
-
-       ./configure --with-krb4=/usr/athena
-
     If you're a curl developer and use gcc, you might want to enable more
     debug options with the --enable-debug option.

@@ -148,8 +137,8 @@ UNIX

     To build with axTLS for SSL/TLS, use both --without-ssl and --with-axtls.

-     To get GSSAPI support, build with --with-gssapi and have the MIT or
-     Heimdal Kerberos 5 packages installed.
+     To build with GSS-API support, use --with-gssapi and have the MIT Kerberos
+     or Heimdal packages installed.

     To get support for SCP and SFTP, build with --with-libssh2 and have
     libssh2 0.16 or later installed.
@@ -159,6 +148,7 @@ UNIX

   SPECIAL CASES
   -------------
+
   Some versions of uClibc require configuring with CPPFLAGS=-D_GNU_SOURCE=1
   to get correct large file support.

@@ -167,7 +157,6 @@ UNIX
       ./configure CC=owcc AR="$WATCOM/binl/wlib" AR_FLAGS=-q \
           RANLIB=/bin/true STRIP="$WATCOM/binl/wstrip" CFLAGS=-Wextra

-
 Win32
 =====

@@ -199,7 +188,6 @@ Win32

   If you get linkage errors read section 5.7 of the FAQ document.

-
   MingW32
   -------

@@ -246,7 +234,6 @@ Win32
   - optional recent Novell CLDAP SDK available from:
     http://developer.novell.com/ndk/cldap.htm

-
   Cygwin
   ------

@@ -264,8 +251,10 @@ Win32
   MSVC 6 caveats
   --------------

-   If you use MSVC 6 it is required that you use the February 2003 edition PSDK:
-   http://www.microsoft.com/msdownload/platformsdk/sdkupdate/psdk-full.htm
+   If you use MSVC 6 it is required that you use the February 2003 edition of
+   the 'Platform SDK' which can be downloaded from:
+
+   http://www.microsoft.com/en-us/download/details.aspx?id=12261

   Building any software with MSVC 6 without having PSDK installed is just
   asking for trouble down the road once you have released it, you might notice
@@ -273,8 +262,6 @@ Win32
   choice of static vs dynamic runtime and third party libraries. Anyone using
   software built in such way will at some point regret having done so.

-   When someone uses MSVC 6 without PSDK he is using a compiler back from 1998.
-
   If the compiler has been updated with the installation of a service pack as
   those mentioned in http://support.microsoft.com/kb/194022 the compiler can be
   safely used to read source code, translate and make it object code.
@@ -284,13 +271,6 @@ Win32
   header files and libraries with bugs and security issues which have already
   been addressed and fixed long time ago.

-   In order to make use of the updated system headers and fixed libraries
-   for MSVC 6, it is required that 'Platform SDK', PSDK from now onwards,
-   is installed. The specific PSDK that must be installed for MSVC 6 is the
-   February 2003 edition, which is the latest one supporting the MSVC 6 compiler,
-   this PSDK is also known as 'Windows Server 2003 PSDK' and can be downloaded
-   from http://www.microsoft.com/msdownload/platformsdk/sdkupdate/psdk-full.htm
-
   So, building curl and libcurl with MSVC 6 without PSDK is absolutely
   discouraged for the benefit of anyone using software built in such
   environment. And it will not be supported in any way, as we could just
@@ -352,39 +332,18 @@ Win32
   at runtime.
   Run 'nmake vc-ssl-zlib' to build with both ssl and zlib support.

-   MSVC 6 IDE
-   ----------
+   MSVC IDE
+   --------

-   A minimal VC++ 6.0 reference workspace (vc6curl.dsw) is available with the
-   source distribution archive to allow proper building of the two included
-   projects, the libcurl library and the curl tool.
+   A fairly comprehensive set of Visual Studio project files are available for
+   v6.0 through v12.0 and are located in the projects folder to allow proper
+   building of both the libcurl library as well as the curl tool.

-   1) Open the vs/vc6/vc6curl.dsw workspace with MSVC6's IDE.
-   2) Select 'Build' from top menu.
-   3) Select 'Batch Build' from dropdown menu.
-   4) Make sure that the eight project configurations are 'checked'.
-   5) Click on the 'Build' button.
-   6) Once the eight project configurations are built you are done.
-
-   Dynamic and static libcurl libraries are built in debug and release flavours,
-   and can be located each one in its own subdirectory, dll-debug, dll-release,
-   lib-debug and lib-release, all of them below the 'vs/vc6/lib' subdirectory.
-
-   In the same way four curl executables are created, each using its respective
-   library. The resulting curl executables are located in its own subdirectory,
-   dll-debug, dll-release, lib-debug and lib-release, below 'vs/vc6/src' subdir.
-
-   These reference VC++ 6.0 configurations are generated using the dynamic CRT.
-
-   Intentionally, these reference VC++ 6.0 projects and configurations don't use
-   third party libraries, such as OpenSSL or Zlib, to allow proper compilation
-   and configuration for all new users without further requirements.
-
-   If you need something more 'involved' you might adjust them for your own use,
-   or explore the world of makefiles described above 'MSVC from command line'.
+   For more information about these projects and building via Visual Studio
+   please see the README file located in the projects folder.

   Borland C++ compiler
-   ---------------------
+   --------------------

   Ensure that your build environment is properly set up to use the compiler
   and associated tools. PATH environment variable must include the path to
@@ -429,7 +388,6 @@ Win32
   is required, as well as the OpenSSL libeay32.lib and ssleay32.lib
   libraries.

-
   OTHER MSVC IDEs
   ---------------

@@ -440,7 +398,6 @@ Win32
   Make the sources in the src/ drawer be a "win32 console application"
   project. Name it curl.

-
   Disabling Specific Protocols in Win32 builds
   --------------------------------------------

@@ -469,7 +426,6 @@ Win32
   - Add defines to Project/Settings/C/C++/General/Preprocessor Definitions
     in the vc6libcurl.dsw/vc6libcurl.dsp Visual C++ 6 IDE project.

-
   Using BSD-style lwIP instead of Winsock TCP/IP stack in Win32 builds
   --------------------------------------------------------------------

@@ -505,9 +461,9 @@ Win32
   add '-DCURL_STATICLIB' to your CFLAGS.  Otherwise the linker will look for
   dynamic import symbols.

-
 Apple iOS and Mac OS X
 ======================
+
   On recent Apple operating systems, curl can be built to use Apple's
   SSL/TLS implementation, Secure Transport, instead of OpenSSL. To build with
   Secure Transport for SSL/TLS, use the configure option --with-darwinssl. (It
@@ -537,9 +493,9 @@ Apple iOS and Mac OS X
      ./configure --with-darwinssl
      make

-
 IBM OS/2
 ========
+
   Building under OS/2 is not much different from building under unix.
   You need:

@@ -567,9 +523,9 @@ IBM OS/2
   If you're getting huge binaries, probably your makefiles have the -g in
   CFLAGS.

-
 VMS
 ===
+
   (The VMS section is in whole contributed by the friendly Nico Baggus)

   Curl seems to work with FTP & HTTP other protocols are not tested.  (the
@@ -614,6 +570,7 @@ VMS
   the name can be fetched from external or internal message libraries
   Error code - the err codes assigned by the application
   Sev. - severity: Even = error, off = non error
+
      0 = Warning
      1 = Success
      2 = Error
@@ -635,12 +592,13 @@ VMS
      Compaq C V6.2-003 on OpenVMS Alpha V7.1-1H2

   So far for porting notes as of:
+
   13-jul-2001
   N. Baggus

-
 QNX
 ===
+
   (This section was graciously brought to us by David Bentham)

   As QNX is targeted for resource constrained environments, the QNX headers
@@ -651,11 +609,12 @@ QNX

   A good all-round solution to this is to override the default when building
   libcurl, by overriding CFLAGS during configure, example
-   #  configure CFLAGS='-DFD_SETSIZE=64 -g -O2'

+   #  configure CFLAGS='-DFD_SETSIZE=64 -g -O2'

 RISC OS
 =======
+
   The library can be cross-compiled using gccsdk as follows:

        CC=riscos-gcc AR=riscos-ar RANLIB='riscos-ar -s' ./configure \
@@ -665,9 +624,9 @@ RISC OS
   where riscos-gcc and riscos-ar are links to the gccsdk tools.
   You can then link your program with curl/lib/.libs/libcurl.a

-
 AmigaOS
 =======
+
   (This section was graciously brought to us by Diego Casorran)

   To build cURL/libcurl on AmigaOS just type 'make amiga' ...
@@ -687,10 +646,11 @@ AmigaOS
   To enable SSL support, you need a OpenSSL native version (without ixemul),
   you can find a precompiled package at http://amiga.sourceforge.net/OpenSSL/

-
 NetWare
 =======
+
   To compile curl.nlm / libcurl.nlm you need:
+
   - either any gcc / nlmconv, or CodeWarrior 7 PDK 4 or later.
   - gnu make and awk running on the platform you compile on;
     native Win32 versions can be downloaded from:
@@ -731,9 +691,9 @@ NetWare
   the status of these builds can be viewed at the autobuild table:
   http://curl.haxx.se/dev/builds.html

-
 eCos
 ====
+
   curl does not use the eCos build system, so you must first build eCos
   separately, then link curl to the resulting eCos library.  Here's a sample
   configure line to do so on an x86 Linux box targeting x86:
@@ -801,9 +761,9 @@ eCos

   config.errors = stderr; /* default errors to stderr */

-
 Minix
 =====
+
   curl can be compiled on Minix 3 using gcc or ACK (starting with
   ver. 3.1.3).  Ensure that GNU gawk and bash are both installed and
   available in the PATH.
@@ -833,9 +793,9 @@ Minix
     make
     chmem =256000 src/curl

-
 Symbian OS
 ==========
+
   The Symbian OS port uses the Symbian build system to compile.  From the
   packages/Symbian/group/ directory, run:

@@ -846,9 +806,9 @@ Symbian OS
   SDK doesn't include support for P.I.P.S., you will need to contact
   your SDK vendor to obtain that first.

-
 VxWorks
 ========
+
   Build for VxWorks is performed using cross compilation.
   That means you build on Windows machine using VxWorks tools and
   run the built image on the VxWorks device.
@@ -872,13 +832,15 @@ VxWorks
   As a result the libcurl.a library should be created in the 'lib' folder.
   To clean the build results type 'make -f ./Makefile.vxworks clean'.

-
 Android
 =======
+
   Method using the static makefile:
+
      - see the build notes in the packages/Android/Android.mk file.

   Method using a configure cross-compile (tested with Android NDK r7c, r8):
+
      - prepare the toolchain of the Android NDK for standalone use; this can
        be done by invoking the script:
        ./build/tools/make-standalone-toolchain.sh
@@ -900,7 +862,8 @@ Android
        found in your automake folder:
        find /usr -name config.sub

-   Wrapper for pkg-config
+   Wrapper for pkg-config:
+
      - In order to make proper use of pkg-config so that configure is able to
        find all dependencies you should create a wrapper script for pkg-config;
        file /opt/arm-linux-androideabi-4.4.3/bin/arm-linux-androideabi-pkg-config:
@@ -914,9 +877,9 @@ Android

        also create a copy or symlink with name arm-unknown-linux-androideabi-pkg-config.

-
 CROSS COMPILE
 =============
+
   (This section was graciously brought to us by Jim Duey, with additions by
   Dan Fandrich)

@@ -962,9 +925,9 @@ CROSS COMPILE

       ./configure --host=ARCH-OS

-
 REDUCING SIZE
 =============
+
   There are a number of configure options that can be used to reduce the
   size of libcurl for embedded applications where binary size is an
   important factor.  First, be sure to set the CFLAGS variable when
@@ -1001,6 +964,7 @@ REDUCING SIZE
   size of the libcurl dynamic libraries on some platforms even further.
   Specify them by providing appropriate CFLAGS and LDFLAGS variables on the
   configure command-line, e.g.
+
     CFLAGS="-Os -ffunction-sections -fdata-sections \
             -fno-unwind-tables -fno-asynchronous-unwind-tables" \
     LDFLAGS="-Wl,-s -Wl,-Bsymbolic -Wl,--gc-sections"
@@ -1013,7 +977,7 @@ REDUCING SIZE

   Using these techniques it is possible to create a basic HTTP-only shared
   libcurl library for i386 Linux platforms that is only 114 KiB in size, and
-   an FTP-only library that is 115 KiB in size (as of libcurl version 7.34.1,
+   an FTP-only library that is 115 KiB in size (as of libcurl version 7.35.0,
   using gcc 4.8.2).

   You may find that statically linking libcurl to your application will
@@ -1026,13 +990,12 @@ REDUCING SIZE
   command line.  Following is a list of appropriate key words:

     --disable-cookies          !cookies
-     --disable-crypto-auth      !HTTP\ Digest\ auth !HTTP\ proxy\ Digest\ auth
     --disable-manual           !--manual
     --disable-proxy            !HTTP\ proxy !proxytunnel !SOCKS4 !SOCKS5

-
 PORTS
 =====
+
   This is a probably incomplete list of known hardware and operating systems
   that curl has been compiled for. If you know a system curl compiles and
   runs on, that isn't listed, please let us know!
--- a/docs/INSTALL.cmake
+++ b/docs/INSTALL.cmake
@@ -24,7 +24,6 @@ Current flaws in the curl CMake build
   Missing features in the cmake build:

   - Builds libcurl without large file support
-   - It doesn't build src/tool_hugehelp.c which creates the --manual output
   - Can't select which SSL library to build with, only OpenSSL
   - Doesn't build with SCP and SFTP support (libssh2)
   - Doesn't allow different resolver backends (no c-ares build support)
@@ -32,7 +31,6 @@ Current flaws in the curl CMake build
   - Doesn't allow build curl and libcurl debug enabled
   - Doesn't allow a custom CA bundle path
   - Doesn't allow you to disable specific protocols from the build
-   - Doesn't properly enable IPv6 support by default
   - Doesn't find or use krb4 or GSS
   - Rebuilds test files too eagerly, but still can't run the tests

@@ -71,7 +69,7 @@ Command Line CMake

    $ make install

-    (The teste suit does not work with the cmake build)
+    (The test suite does not work with the cmake build)

 ccmake
 =========
--- a/docs/INTERNALS
+++ b/docs/INTERNALS
@@ -14,6 +14,7 @@ INTERNALS

 GIT
 ===
+
 All changes to the sources are committed to the git repository as soon as
 they're somewhat verified to work. Changes shall be committed as independently
 as possible so that individual changes can be easier spotted and tracked
@@ -33,7 +34,7 @@ Portability
 want it to remain functional and buildable with these and later versions
 (older versions may still work but is not what we work hard to maintain):

- OpenSSL      0.9.6
+ OpenSSL      0.9.7
 GnuTLS       1.2
 zlib         1.1.4
 libssh2      0.16
@@ -42,10 +43,12 @@ Portability
 cyassl       2.0.0
 openldap     2.0
 MIT krb5 lib 1.2.4
- qsossl       V5R3M0
+ GSKit        V5R3M0
 NSS          3.14.x
 axTLS        1.2.7
+ PolarSSL     1.3.0
 Heimdal      ?
+ nghttp2      0.6.0

 On systems where configure runs, we aim at working on them all - if they have
 a suitable C compiler. On systems that don't run configure, we strive to keep
@@ -249,7 +252,9 @@ Library

 Kerberos

- The kerberos support is mainly in lib/krb4.c and lib/security.c.
+ The kerberos support is mainly in lib/krb5.c and lib/security.c but also
+ curl_sasl_sspi.c for the email protocols and socks_gssapi.c & socks_sspi.c for
+ SOCKS5 proxy specifics.

 TELNET

@@ -263,6 +268,10 @@ Library

 Everything LDAP is in lib/ldap.c and lib/openldap.c

+ E-mail
+
+ The e-mail related source code is in lib/imap.c, lib/pop3.c and lib/smtp.c.
+
 GENERAL

 URL encoding and decoding, called escaping and unescaping in the source code,
@@ -300,7 +309,7 @@ Persistent Connections
 o When libcurl is told to perform a transfer, it first checks for an already
   existing connection in the cache that we can use. Otherwise it creates a
   new one and adds that the cache. If the cache is full already when a new
-   conncetion is added added, it will first close the oldest unused one.
+   connection is added added, it will first close the oldest unused one.
 o When the transfer operation is complete, the connection is left
   open. Particular options may tell libcurl not to, and protocols may signal
   closure on connections and then they won't be kept open of course.
--- a/docs/KNOWN_BUGS
+++ b/docs/KNOWN_BUGS
@@ -6,13 +6,13 @@ may have been fixed since this was written!
 87. -J/--remote-header-name doesn't decode %-encoded file names. RFC6266
  details how it should be done. The can of worm is basically that we have no
  charset handling in curl and ascii >=128 is a challenge for us. Not to
-  mention that decoding also means that we need to check for nastyness that is
+  mention that decoding also means that we need to check for nastiness that is
  attempted, like "../" sequences and the like. Probably everything to the left
  of any embedded slashes should be cut off.
  http://curl.haxx.se/bug/view.cgi?id=1294

 86. The disconnect commands (LOGOUT and QUIT) may not be sent by IMAP, POP3
-  and SMTP if a failure occures during the authentication phase of a
+  and SMTP if a failure occurs during the authentication phase of a
  connection.

 85. Wrong STARTTRANSFER timer accounting for POST requests
@@ -25,22 +25,14 @@ may have been fixed since this was written!
 84. CURLINFO_SSL_VERIFYRESULT is only implemented for the OpenSSL and NSS
  backends, so relying on this information in a generic app is flaky.

-83. curl is unable to load non-default openssl engines, because openssl isn't
-  initialized properly. This seems to require OpenSSL_config() or
-  CONF_modules_load_file() to be used by libcurl but the first seems to not
-  work and we've gotten not reports from tests with the latter. Possibly we
-  need to discuss with OpenSSL developers how this is supposed to be done. We
-  need users with actual external openssl engines for testing to work on this.
-  http://curl.haxx.se/bug/view.cgi?id=1208
-
 82. When building with the Windows Borland compiler, it fails because the
  "tlib" tool doesn't support hyphens (minus signs) in file names and we have
  such in the build.
  http://curl.haxx.se/bug/view.cgi?id=1222

-81. When using -J (with -O), automaticly resumed downloading together with "-C
-  -" fails. Without -J the same command line works! This happens because the
-  resume logic is worked out before the target file name (and thus its
+81. When using -J (with -O), automatically resumed downloading together with
+  "-C -" fails. Without -J the same command line works! This happens because
+  the resume logic is worked out before the target file name (and thus its
  pre-transfer size) has been figured out!
  http://curl.haxx.se/bug/view.cgi?id=1169

@@ -59,10 +51,6 @@ may have been fixed since this was written!
  any file at all. Like when using FTP.
  http://curl.haxx.se/bug/view.cgi?id=1063

-77. CURLOPT_FORBID_REUSE on a handle prevents NTLM from working since it
-  "abuses" the underlying connection re-use system and if connections are
-  forced to close they break the NTLM support.
-
 76. The SOCKET type in Win64 is 64 bits large (and thus so is curl_socket_t on
  that platform), and long is only 32 bits. It makes it impossible for
  curl_easy_getinfo() to return a socket properly with the CURLINFO_LASTSOCKET
@@ -179,18 +167,6 @@ may have been fixed since this was written!
  run that might be needed only for building libcurl. Further, curl-config
  --cflags suffers from the same effects with CFLAGS/CPPFLAGS.

-30. You need to use -g to the command line tool in order to use RFC2732-style
-  IPv6 numerical addresses in URLs.
-
-29. IPv6 URLs with zone ID is not nicely supported.
-  http://www.ietf.org/internet-drafts/draft-fenner-literal-zone-02.txt (expired)
-  specifies the use of a plus sign instead of a percent when specifying zone
-  IDs in URLs to get around the problem of percent signs being
-  special. According to the reporter, Firefox deals with the URL _with_ a
-  percent letter (which seems like a blatant URL spec violation).
-  libcurl supports zone IDs where the percent sign is URL-escaped (i.e. %25):
-  http://curl.haxx.se/bug/view.cgi?id=555
-
 26. NTLM authentication using SSPI (on Windows) when (lib)curl is running in
  "system context" will make it use wrong(?) user name - at least when compared
  to what winhttp does. See http://curl.haxx.se/bug/view.cgi?id=535
@@ -236,9 +212,9 @@ may have been fixed since this was written!
  acknowledged after the actual TCP connect (during the SOCKS "negotiate"
  phase).

-10. To get HTTP Negotiate authentication to work fine, you need to provide a
-  (fake) user name (this concerns both curl and the lib) because the code
-  wrongly only considers authentication if there's a user name provided.
+10. To get HTTP Negotiate (SPNEGO) authentication to work fine, you need to
+  provide a (fake) user name (this concerns both curl and the lib) because the
+  code wrongly only considers authentication if there's a user name provided.
  http://curl.haxx.se/bug/view.cgi?id=440 How?
  http://curl.haxx.se/mail/lib-2004-08/0182.html

--- a/docs/LIBCURL-STRUCTS
+++ b/docs/LIBCURL-STRUCTS
@@ -47,7 +47,7 @@ for older and later versions as things don't change drastically that often.
  ->mstate is the multi state of this particular SessionHandle. When
  multi_runsingle() is called, it will act on this handle according to which
  state it is in. The mstate is also what tells which sockets to return for a
-  speicific SessionHandle when curl_multi_fdset() is called etc.
+  specific SessionHandle when curl_multi_fdset() is called etc.

  The libcurl source code generally use the name 'data' for the variable that
  points to the SessionHandle.
@@ -60,7 +60,7 @@ for older and later versions as things don't change drastically that often.
  re-use an existing one instead of creating a new as it creates a significant
  performance boost.

-  Each 'connectdata' identifies a single physical conncetion to a server. If
+  Each 'connectdata' identifies a single physical connection to a server. If
  the connection can't be kept alive, the connection will be closed after use
  and then this struct can be removed from the cache and freed.

@@ -158,18 +158,18 @@ for older and later versions as things don't change drastically that often.

  ->do_it is the function called to issue the transfer request. What we call
  the DO action internally. If the DO is not enough and things need to be kept
-  getting done for the entier DO sequence to complete, ->doing is then usually
+  getting done for the entire DO sequence to complete, ->doing is then usually
  also provided. Each protocol that needs to do multiple commands or similar
  for do/doing need to implement their own state machines (see SCP, SFTP,
  FTP). Some protocols (only FTP and only due to historical reasons) has a
  separate piece of the DO state called DO_MORE.

-  ->doing keeps getting called while issudeing the transfer request command(s)
+  ->doing keeps getting called while issuing the transfer request command(s)

  ->done gets called when the transfer is complete and DONE. That's after the
  main data has been transferred.

-  ->do_more gets called doring the DO_MORE state. The FTP protocol uses this
+  ->do_more gets called during the DO_MORE state. The FTP protocol uses this
  state when setting up the second connection.

  ->proto_getsock
--- a/docs/LICENSE-MIXING
+++ b/docs/LICENSE-MIXING
@@ -21,9 +21,7 @@ announcement clause that collides with GPL.
 libcurl http://curl.haxx.se/docs/copyright.html

        Uses an MIT (or Modified BSD)-style license that is as liberal as
-        possible.  Some of the source files that deal with KRB4 have Original
-        BSD-style announce-clause licenses. You may not distribute binaries
-        with krb4-enabled libcurl that also link with GPL-licensed code!
+        possible.

 OpenSSL http://www.openssl.org/source/license.html

@@ -70,14 +68,6 @@ zlib    http://www.gzip.org/zlib/zlib_license.html
        (Used for compressed Transfer-Encoding support) Uses an MIT-style
        license that shouldn't collide with any other library.

-krb4
-
-        While nothing in particular says that a Kerberos4 library must use any
-        particular license, the one I've tried and used successfully so far
-        (kth-krb4) is partly Original BSD-licensed with the announcement
-        clause. Some of the code in libcurl that is written to deal with
-        Kerberos4 is Modified BSD-licensed.
-
 MIT Kerberos http://web.mit.edu/kerberos/www/dist/

        (May be used for GSS support) MIT licensed, that shouldn't collide
@@ -94,12 +84,6 @@ GNU GSS http://www.gnu.org/software/gss/
        may not distribute binary curl packages that uses this if you build
        curl to also link and use any Original BSD licensed libraries!

-fbopenssl
-
-        (Used for SPNEGO support) Unclear license. Based on its name, I assume
-        that it uses the OpenSSL license and thus shares the same issues as
-        described for OpenSSL above.
-
 libidn  http://josefsson.org/libidn/

        (Used for IDNA support) Uses the GNU Lesser General Public
--- a/docs/MAIL-ETIQUETTE
+++ b/docs/MAIL-ETIQUETTE
@@ -14,6 +14,7 @@ MAIL ETIQUETTE
  1.5 Moderation of new posters
  1.6 Handling trolls and spam
  1.7 How to unsubscribe
+  1.8 I posted, now what?

 2. Sending mail
  2.1 Reply or New Mail
@@ -105,7 +106,7 @@ MAIL ETIQUETTE
  No matter what, we NEVER EVER respond to trolls or spammers on the list. If
  you believe the list admin should do something particular, contact him/her
  off-list. The subject will be taken care of as good as possible to prevent
-  repeated offences, but responding on the list to such messages never lead to
+  repeated offenses, but responding on the list to such messages never lead to
  anything good and only puts the light even more on the offender: which was
  the entire purpose of it getting to the list in the first place.

@@ -125,6 +126,42 @@ MAIL ETIQUETTE
  You NEVER EVER email the mailing list requesting someone else to get you off
  the list.

+  1.8 I posted, now what?
+
+  If you aren't subscribed with the exact same email address that you used to
+  send the email, your post will just be silently discarded.
+
+  If you posted for the first time to the mailing list, you first need to wait
+  for an administrator to allow your email to go through. This normally
+  happens very quickly but in case we're asleep, you may have to wait a few
+  hours.
+
+  Once your email goes through it is sent out to several hundred or even
+  thousand recipients.  Your email may cover an area that not that many people
+  know about or are interested in. Or possibly the person who knows about it
+  is on vacation or under a very heavy work load right now. You have to wait
+  for a response and you must not expect to get a response at all, but
+  hopefully you get an answer within a couple of days.
+
+  You do yourself and all of us a service when you include as many details as
+  possible already in your first email. Mention your operating system and
+  environment. Tell us which curl version you're using and tell us what you
+  did, what happened and what you expected would happen. Preferably, show us
+  what you did in details enough to allow others to help point out the problem
+  or repeat the same steps in their places.
+
+  Failing to include details will only delay responses and make people respond
+  and ask for the details and you have to send a follow-up email that includes
+  them.
+
+  Expect the responses to primarily help YOU debug the issue, or ask you
+  questions that can lead you or others towards a solution or explanation to
+  whatever you experience.
+
+  If you are a repeat offender to the guidelines outlined in this document,
+  chances are that people will ignore you at will and your chances to get
+  responses will greatly diminish.
+

 2. Sending mail

--- a/docs/MANUAL
+++ b/docs/MANUAL
@@ -41,16 +41,23 @@ SIMPLE USAGE

  Get a file from an SSH server using SFTP:

-        curl -u username sftp://shell.example.com/etc/issue
+        curl -u username sftp://example.com/etc/issue

-  Get a file from an SSH server using SCP using a private key to authenticate:
+  Get a file from an SSH server using SCP using a private key
+  (not password-protected) to authenticate:

-        curl -u username: --key ~/.ssh/id_dsa --pubkey ~/.ssh/id_dsa.pub \
-            scp://shell.example.com/~/personal.txt
+        curl -u username: --key ~/.ssh/id_rsa \
+             scp://example.com/~/file.txt
+
+  Get a file from an SSH server using SCP using a private key
+  (password-protected) to authenticate:
+
+        curl -u username: --key ~/.ssh/id_rsa --pass private_key_password \
+             scp://example.com/~/file.txt

  Get the main page from an IPv6 web server:

-        curl -g "http://[2001:1890:1112:1::20]/"
+        curl "http://[2001:1890:1112:1::20]/"

 DOWNLOAD TO A FILE

@@ -91,10 +98,13 @@ USING PASSWORDS

 SFTP / SCP

-   This is similar to FTP, but you can specify a private key to use instead of
-   a password. Note that the private key may itself be protected by a password
-   that is unrelated to the login password of the remote system.  If you
-   provide a private key file you must also provide a public key file.
+   This is similar to FTP, but you can use the --key option to specify a
+   private key to use instead of a password. Note that the private key may
+   itself be protected by a password that is unrelated to the login password
+   of the remote system; this password is specified using the --pass option.
+   Typically, curl will automatically extract the public key from the private
+   key file, but in cases where curl does not have the proper library support,
+   a matching public key file must be specified using the --pubkey option.

 HTTP

@@ -108,10 +118,10 @@ USING PASSWORDS
        curl -u name:passwd http://machine.domain/full/path/to/file

   HTTP offers many different methods of authentication and curl supports
-   several: Basic, Digest, NTLM and Negotiate. Without telling which method to
-   use, curl defaults to Basic. You can also ask curl to pick the most secure
-   ones out of the ones that the server accepts for the given URL, by using
-   --anyauth.
+   several: Basic, Digest, NTLM and Negotiate (SPNEGO). Without telling which
+   method to use, curl defaults to Basic. You can also ask curl to pick the
+   most secure ones out of the ones that the server accepts for the given URL,
+   by using --anyauth.

   NOTE! According to the URL specification, HTTP URLs can not contain a user
   and password, so that style will not work when using curl via a proxy, even
@@ -956,9 +966,9 @@ IPv6
  When this style is used, the -g option must be given to stop curl from
  interpreting the square brackets as special globbing characters.  Link local
  and site local addresses including a scope identifier, such as fe80::1234%1,
-  may also be used, but the scope portion must be numeric and the percent
-  character must be URL escaped. The previous example in an SFTP URL might
-  look like:
+  may also be used, but the scope portion must be numeric or match an existing
+  network interface on Linux and the percent character must be URL escaped. The
+  previous example in an SFTP URL might look like:

    sftp://[fe80::1234%251]/

--- a/docs/Makefile.am
+++ b/docs/Makefile.am
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -37,7 +37,8 @@ EXTRA_DIST = MANUAL BUGS CONTRIBUTE FAQ FEATURES INTERNALS SSLCERTS	 \
 README.win32 RESOURCES TODO TheArtOfHttpScripting THANKS VERSIONS	 \
 KNOWN_BUGS BINDINGS $(man_MANS) $(HTMLPAGES) HISTORY INSTALL		 \
 $(PDFPAGES) LICENSE-MIXING README.netware DISTRO-DILEMMA INSTALL.devcpp \
- MAIL-ETIQUETTE HTTP-COOKIES LIBCURL-STRUCTS SECURITY RELEASE-PROCEDURE
+ MAIL-ETIQUETTE HTTP-COOKIES LIBCURL-STRUCTS SECURITY RELEASE-PROCEDURE  \
+ SSL-PROBLEMS

 MAN2HTML= roffit < $< >$@

--- a/docs/README.netware
+++ b/docs/README.netware
@@ -10,7 +10,7 @@ README.netware

  Curl has been successfully compiled with gcc / nlmconv on different flavours
  of Linux as well as with the official Metrowerks CodeWarrior compiler.
-  While not being the main development target, a continously growing share of
+  While not being the main development target, a continuously growing share of
  curl users are NetWare-based, specially also consuming the lib from PHP.

  The unix-style man pages are tricky to read on windows, so therefore are all
--- a/docs/RELEASE-PROCEDURE
+++ b/docs/RELEASE-PROCEDURE
@@ -7,15 +7,16 @@
 curl release procedure - how to do a release
 ============================================

-[in the source code repo]
+in the source code repo
+-----------------------

- edit RELEASE-NOTES to be accurate
+- edit `RELEASE-NOTES` to be accurate

- update docs/THANKS
+- update `docs/THANKS`

 - make sure all relevant changes are committed on the master branch

- tag the git repo in this style: 'git tag -a curl-7_34_0'. -a annotates the
+- tag the git repo in this style: `git tag -a curl-7_34_0`. -a annotates the
  tag and we use underscores instead of dots in the version number. 
   
 - run "./maketgz 7.34.0" to build the release tarballs. It is important that
@@ -29,11 +30,14 @@ curl release procedure - how to do a release

 - upload the 8 resulting files to the primary download directory

-[data in the curl-www repo]
+in the curl-www repo
+--------------------

- edit Makefile (version number and date),
-  _newslog.html (announce the new release) and
-  _changes.html (insert changes+bugfixes from RELEASE-NOTES)
+- edit `Makefile` (version number and date),
+
+- edit `_newslog.html` (announce the new release) and
+
+- edit `_changes.html` (insert changes+bugfixes from RELEASE-NOTES)

 - commit all local changes

@@ -43,11 +47,48 @@ curl release procedure - how to do a release

  (the web site then updates its contents automatically)

-[inform]
+inform
+------

 - send an email to curl-users, curl-announce and curl-library. Insert the
  RELEASE-NOTES into the mail.

-[celebrate]
+celebrate
+---------

 - suitable beverage intake is encouraged for the festivities
+
+curl release scheduling
+=======================
+
+Basics
+------
+
+We do releases every 8 weeks on Wednesdays. If critical problems arise, we can
+insert releases outside of the schedule or we can move the release date - but
+this is very rare.
+
+Each 8 week release cycle is split in two 4-week periods.
+
+- During the first 4 weeks after a release, we allow new features and changes
+  to curl and libcurl. If we accept any such changes, we bump the minor number
+  used for the next release.
+
+- During the second 4-week period we do not merge any features or changes, we
+  then only focus on fixing bugs and polishing things to make a solid coming
+  release.
+
+Coming dates
+------------
+
+Based on the description above, here are some planned release dates (at the
+time of this writing):
+
+- November 5, 2014 (version 7.39.0)
+- December 31, 2014
+- February 25, 2015
+- April 22, 2015
+- June 17, 2015
+- August 12, 2015
+- October 7, 2015
+- December 2, 2015
--- a/docs/ROADMAP.md
+++ b/docs/ROADMAP.md
@@ -0,0 +1,89 @@
+curl the next few years - perhaps
+=================================
+
+Roadmap of things Daniel Stenberg and Steve Holme want to work on next. It is
+intended to serve as a guideline for others for information, feedback and
+possible participation.
+
+New stuff - libcurl
+-------------------
+
+1. http2 test suite
+
+2. http2 multiplexing/pipelining
+
+3. SPDY
+
+4. SRV records
+
+5. HTTPS to proxy
+
+6. make sure there's an easy handle passed in to `curl_formadd()`,
+   `curl_formget()` and `curl_formfree()` by adding replacement functions and
+   deprecating the old ones to allow custom mallocs and more
+
+7. HTTP Digest authentication via Windows SSPI
+
+8. SASL GSSAPI (Kerberos 5) authentication via a GSS-API library
+
+9. add support for third-party SASL libraries such as Cyrus SASL - may need to
+   move existing native and SSPI based authentication into vsasl folder after
+   reworking HTTP and SASL code
+
+10. SASL authentication in LDAP
+
+11. Simplify the SMTP email interface so that programmers don't have to
+    construct the body of an email that contains all the headers, alternative
+    content, images and attachments - maintain raw interface so that
+    programmers that want to do this can
+
+12. Allow the email protocols to return the capabilities before
+    authenticating. This will allow an application to decide on the best
+    authentication mechanism
+
+13. Allow Windows threading model to be replaced by Win32 pthreads port
+
+14. Implement a dynamic buffer size to allow SFTP to use much larger buffers
+    and possibly allow the size to be customizable by applications. Use less
+    memory when handles are not in use?
+
+New stuff - curl
+----------------
+
+1. Embed a language interpreter (lua?). For that middle ground where curl
+   isn’t enough and a libcurl binding feels “too much”. Build-time conditional
+   of course.
+
+2. Simplify the SMTP command line so that the headers and multi-part content
+   don't have to be constructed before calling curl
+
+Improve
+-------
+
+1. build for windows (considered hard by many users)
+
+2. curl -h output (considered overwhelming to users)
+
+3. we have > 160 command line options, is there a way to redo things to
+   simplify or improve the situation as we are likely to keep adding
+   features/options in the future too
+
+4. docs (considered "bad" by users but how do we make it better?)
+
+  - split up `curl_easy_setopt.3`
+  - split up curl.1
+
+5. authentication framework (consider merging HTTP and SASL authentication to
+   give one API for protocols to call)
+
+6. Perform some of the clean up from the TODO document, removing old
+   definitions and such like that are currently earmarked to be removed years
+   ago
+
+Remove
+------
+
+1. cmake support (nobody maintains it)
+
+2. makefile.vc files as there is no point in maintaining two sets of Windows
+   makefiles. Note: These are currently being used by the Windows autobuilds
--- a/docs/SECURITY
+++ b/docs/SECURITY
@@ -4,21 +4,24 @@
                            | (__| |_| |  _ <| |___
                             \___|\___/|_| \_\_____|

-CURL SECURITY FOR DEVELOPERS
+curl security for developers
+============================

 This document is intended to provide guidance to curl developers on how
 security vulnerabilities should be handled.

-PUBLISHING INFORMATION
+Publishing Information
+----------------------

-All known and public curl or libcurl related vulnerabilities are listed at
-http://curl.haxx.se/docs/security.html
+All known and public curl or libcurl related vulnerabilities are listed on
+[the curl web site security page](http://curl.haxx.se/docs/security.html).

 Security vulnerabilities should not be entered in the project's public bug
 tracker unless the necessary configuration is in place to limit access to the
 issue to only the reporter and the project's security team.

-VULNERABILITY HANDLING
+Vulnerability Handling
+----------------------

 The typical process for handling a new security vulnerability is as follows.

@@ -31,7 +34,7 @@ any reference to the security nature of the commit if done prior to the public
 announcement.

 - The person discovering the issue, the reporter, reports the vulnerability
-  privately to curl-security@haxx.se. That's an email alias that reaches a
+  privately to `curl-security@haxx.se`. That's an email alias that reaches a
  handful of selected and trusted people.

 - Messages that do not relate to the reporting or managing of an undisclosed
@@ -60,10 +63,10 @@ announcement.

 - Write a security advisory draft about the problem that explains what the
  problem is, its impact, which versions it affects, solutions or
-  work-arounds, when the release is out and make sure to credit all
+  workarounds, when the release is out and make sure to credit all
  contributors properly.

- Request a CVE number from distros@openwall.org[1] when also informing and
+- Request a CVE number from distros@openwall[1] when also informing and
  preparing them for the upcoming public security vulnerability announcement -
  attach the advisory draft for information. Note that 'distros' won't accept
  an embargo longer than 19 days.
@@ -85,7 +88,20 @@ announcement.
  the same manner we always announce releases. It gets sent to the
  curl-announce, curl-library and curl-users mailing lists.

- The security web page on the web site should get the new vulernability
+- The security web page on the web site should get the new vulnerability
  mentioned.

 [1] = http://oss-security.openwall.org/wiki/mailing-lists/distros
+
+CURL-SECURITY (at haxx dot se)
+------------------------------
+
+Who is on this list? There are a couple of criteria you must meet, and then we
+might ask you to join the list or you can ask to join it. It really isn't very
+formal. We basically only require that you have a long-term presence in the
+curl project and you have shown an understanding for the project and its way
+of working. You must've been around for a good while and you should have no
+plans in vanishing in the near future.
+
+We do not make the list of partipants public mostly because it tends to vary
+somewhat over time and a list somewhere will only risk getting outdated.
--- a/docs/SSL-PROBLEMS
+++ b/docs/SSL-PROBLEMS
@@ -0,0 +1,67 @@
+                                  _   _ ____  _
+                              ___| | | |  _ \| |
+                             / __| | | | |_) | |
+                            | (__| |_| |  _ <| |___
+                             \___|\___/|_| \_\_____|
+
+SSL problems
+
+  First, let's establish that we often refer to TLS and SSL interchangeably as
+  SSL here. The current protocol is called TLS, it was called SSL a long time
+  ago.
+
+  There are several known reasons why a connection that involves SSL might
+  fail. This is a document that attempts to details the most common ones and
+  how to mitigate them.
+
+CA certs
+
+  CA certs are used to digitally verify the server's certificate. You need a
+  "ca bundle" for this. See lots of more details on this in the SSLCERTS
+  document.
+
+CA bundle missing intermediate certificates
+
+  When using said CA bundle to verify a server cert, you will experience
+  problems if your CA cert does not have the certificates for the
+  intermediates in the whole trust chain.
+
+SSL version
+
+  Some broken servers fail to support the protocol negotiation properly that
+  SSL servers are supposed to handle. This may cause the connection to fail
+  completely. Sometimes you may need to explicitly select a SSL version to use
+  when connecting to make the connection succeed.
+
+  An additional complication can be that modern SSL libraries sometimes are
+  built with support for older SSL and TLS versions disabled!
+
+SSL ciphers
+
+  Clients give servers a list of ciphers to select from. If the list doesn't
+  include any ciphers the server wants/can use, the connection handshake
+  fails.
+
+  curl has recently disabled the user of a whole bunch of seriously insecure
+  ciphers from its default set (slightly depending on SSL backend in use).
+
+  You may have to explicitly provide an alternative list of ciphers for curl
+  to use to allow the server to use a WEAK cipher for you.
+
+  Note that these weak ciphers are identified as flawed. For example, this
+  includes symmetric ciphers with less than 128 bit keys and RC4.
+
+  References:
+
+  http://tools.ietf.org/html/draft-popov-tls-prohibiting-rc4-01
+  
+Allow BEAST
+
+  BEAST is the name of a TLS 1.0 attack that surfaced 2011. When adding means
+  to mitigate this attack, it turned out that some broken servers out there in
+  the wild didn't work properly with the BEAST mitigation in place.
+
+  To make such broken servers work, the --ssl-allow-beast option was
+  introduced. Exactly as it sounds, it re-introduces the BEAST vulnerability
+  but on the other hand it allows curl to connect to that kind of strange
+  servers.
--- a/docs/SSLCERTS
+++ b/docs/SSLCERTS
@@ -1,23 +1,46 @@
-                      Peer SSL Certificate Verification
-                      =================================
+SSL Certificate Verification
+============================

-(NOTE: If libcurl was built with Schannel or Secure Transport support, then
-this does not apply to you. Scroll down for details on how the OS-native
-engines handle SSL certificates. If you're not sure, then run "curl -V" and
-read the results. If the version string says "WinSSL" in it, then it was built
-with Schannel support.)
+SSL is TLS
+----------
+
+SSL is the old name. It is called TLS these days.
+
+
+Native SSL
+----------
+
+If libcurl was built with Schannel or Secure Transport support (the native SSL
+libraries included in Windows and Mac OS X), then this does not apply to
+you. Scroll down for details on how the OS-native engines handle SSL
+certificates. If you're not sure, then run "curl -V" and read the results. If
+the version string says "WinSSL" in it, then it was built with Schannel
+support.
+
+It is about trust
+-----------------
+
+This system is about trust. In your local CA cert bundle you have certs from
+*trusted* Certificate Authorities that you then can use to verify that the
+server certificates you see are valid. They're signed by one of the CAs you
+trust.
+
+Which CAs do you trust? You can decide to trust the same set of companies your
+operating system trusts, or the set one of the known browsers trust. That's
+basically trust via someone else you trust. You should just be aware that
+modern operating systems and browsers are setup to trust *hundreds* of
+companies and recent years several such CAs have been found untrustworthy.
+
+Certificate Verification
+------------------------

 libcurl performs peer SSL certificate verification by default.  This is done
 by using CA cert bundle that the SSL library can use to make sure the peer's
 server certificate is valid.

-If you communicate with HTTPS or FTPS servers using certificates that are
-signed by CAs present in the bundle, you can be sure that the remote server
-really is the one it claims to be.
-
-Until 7.18.0, curl bundled a severely outdated ca bundle file that was
-installed by default. These days, the curl archives include no ca certs at
-all. You need to get them elsewhere. See below for example.
+If you communicate with HTTPS, FTPS or other TLS-using servers using
+certificates that are signed by CAs present in the bundle, you can be sure
+that the remote server really is the one it claims to be.

 If the remote server uses a self-signed certificate, if you don't install a CA
 cert bundle, if the server uses a certificate signed by a CA that isn't
@@ -26,13 +49,13 @@ impersonating your favorite site, and you want to transfer files from this
 server, do one of the following:

 1. Tell libcurl to *not* verify the peer. With libcurl you disable this with
-    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, FALSE);
+    `curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, FALSE);`

    With the curl command line tool, you disable this with -k/--insecure.

 2. Get a CA certificate that can verify the remote server and use the proper
    option to point out this CA cert for verification when connecting. For
-    libcurl hackers: curl_easy_setopt(curl, CURLOPT_CAPATH, capath);
+    libcurl hackers: `curl_easy_setopt(curl, CURLOPT_CAPATH, capath);`

    With the curl command line tool: --cacert [file]

@@ -46,32 +69,32 @@ server, do one of the following:
    If you use Internet Explorer, this is one way to get extract the CA cert
    for a particular server:

-     o View the certificate by double-clicking the padlock
-     o Find out where the CA certificate is kept (Certificate>
+     - View the certificate by double-clicking the padlock
+     - Find out where the CA certificate is kept (Certificate>
       Authority Information Access>URL)
-     o Get a copy of the crt file using curl
-     o Convert it from crt to PEM using the openssl tool:
+     - Get a copy of the crt file using curl
+     - Convert it from crt to PEM using the openssl tool:
       openssl x509 -inform DES -in yourdownloaded.crt \
       -out outcert.pem -text
-     o Append the 'outcert.pem' to the CA cert bundle or use it stand-alone
+     - Append the 'outcert.pem' to the CA cert bundle or use it stand-alone
       as described below.

    If you use the 'openssl' tool, this is one way to get extract the CA cert
    for a particular server:

-     o openssl s_client -connect xxxxx.com:443 |tee logfile
-     o type "QUIT", followed by the "ENTER" key
-     o The certificate will have "BEGIN CERTIFICATE" and "END CERTIFICATE"
+     - `openssl s_client -connect xxxxx.com:443 |tee logfile`
+     - type "QUIT", followed by the "ENTER" key
+     - The certificate will have "BEGIN CERTIFICATE" and "END CERTIFICATE"
       markers.
-     o If you want to see the data in the certificate, you can do: "openssl
+     - If you want to see the data in the certificate, you can do: "openssl
       x509 -inform PEM -in certfile -text -out certdata" where certfile is
       the cert you extracted from logfile. Look in certdata.
-     o If you want to trust the certificate, you can append it to your
-       cert_bundle or use it stand-alone as described. Just remember that the
+     - If you want to trust the certificate, you can append it to your
+       cert bundle or use it stand-alone as described. Just remember that the
       security is no better than the way you obtained the certificate.

 4. If you're using the curl command line tool, you can specify your own CA
-    cert path by setting the environment variable CURL_CA_BUNDLE to the path
+    cert path by setting the environment variable `CURL_CA_BUNDLE` to the path
    of your choice.

    If you're using the curl command line tool on Windows, curl will search
@@ -86,9 +109,7 @@ server, do one of the following:
 5. Get a better/different/newer CA cert bundle! One option is to extract the
    one a recent Firefox browser uses by running 'make ca-bundle' in the curl
    build tree root, or possibly download a version that was generated this
-    way for you:
-
-        http://curl.haxx.se/docs/caextract.html
+    way for you: [CA Extract](http://curl.haxx.se/docs/caextract.html)

 Neglecting to use one of the above methods when dealing with a server using a
 certificate that isn't signed by one of the certificates in the installed CA
@@ -96,35 +117,29 @@ cert bundle, will cause SSL to report an error ("certificate verify failed")
 during the handshake and SSL will then refuse further communication with that
 server.

-                      Peer SSL Certificate Verification with NSS
-                      ==========================================
+Certificate Verification with NSS
+---------------------------------

 If libcurl was built with NSS support, then depending on the OS distribution,
-it is probably required to take some additional steps to use the system-wide CA
-cert db. RedHat ships with an additional module, libnsspem.so, which enables
-NSS to read the OpenSSL PEM CA bundle. This library is missing in OpenSuSE, and
-without it, NSS can only work with its own internal formats. NSS also has a new
-database format: https://wiki.mozilla.org/NSS_Shared_DB
+it is probably required to take some additional steps to use the system-wide
+CA cert db. RedHat ships with an additional module, libnsspem.so, which
+enables NSS to read the OpenSSL PEM CA bundle. This library is missing in
+OpenSuSE, and without it, NSS can only work with its own internal formats. NSS
+also has a new [database format](https://wiki.mozilla.org/NSS_Shared_DB).

-Starting with version 7.19.7, libcurl will check for the NSS version it runs,
-and automatically add the 'sql:' prefix to the certdb directory (either the
-hardcoded default /etc/pki/nssdb or the directory configured with SSL_DIR
-environment variable) if version 3.12.0 or later is detected. To check which
-ertdb format your distribution provides, examine the default
-certdb location: /etc/pki/nssdb; the new certdb format can be identified by
-the filenames cert9.db, key4.db, pkcs11.txt; filenames of older versions are
-cert8.db, key3.db, modsec.db.
+Starting with version 7.19.7, libcurl automatically adds the 'sql:' prefix to
+the certdb directory (either the hardcoded default /etc/pki/nssdb or the
+directory configured with SSL_DIR environment variable). To check which certdb
+format your distribution provides, examine the default certdb location:
+/etc/pki/nssdb; the new certdb format can be identified by the filenames
+cert9.db, key4.db, pkcs11.txt; filenames of older versions are cert8.db,
+key3.db, secmod.db.

-Usually these cert databases are empty, but NSS also has built-in CAs which are
-provided through a shared library, libnssckbi.so; if you want to use these
-built-in CAs, then create a symlink to libnssckbi.so in /etc/pki/nssdb:
-ln -s /usr/lib[64]/libnssckbi.so /etc/pki/nssdb/libnssckbi.so
+Certificate Verification with Schannel and Secure Transport
+-----------------------------------------------------------

-     Peer SSL Certificate Verification with Schannel and Secure Transport
-     ====================================================================
-
-If libcurl was built with Schannel (Microsoft's TLS/SSL engine) or Secure
-Transport (Apple's TLS/SSL engine) support, then libcurl will still perform
+If libcurl was built with Schannel (Microsoft's native TLS engine) or Secure
+Transport (Apple's native TLS engine) support, then libcurl will still perform
 peer certificate verification, but instead of using a CA cert bundle, it will
 use the certificates that are built into the OS. These are the same
 certificates that appear in the Internet Options control panel (under Windows)
--- a/docs/THANKS
+++ b/docs/THANKS
@@ -4,11 +4,14 @@

 If you have contributed but are missing here, please let us know!

+Aaro Koskinen
 Aaron Oneal
 Aaron Orenstein
+Abram Pousada
 Adam D. Moss
 Adam Light
 Adam Piggott
+Adam Sampson
 Adam Tkac
 Adrian Schuur
 Adriano Meirelles
@@ -19,7 +22,7 @@ Alan Pinstein
 Albert Chin-A-Young
 Albert Choy
 Ale Vesely
-Alejandro Alvarez
+Alejandro Alvarez Ayllon
 Aleksandar Milivojevic
 Aleksey Tulinov
 Alessandro Ghedini
@@ -45,6 +48,7 @@ Alexey Zakhlestin
 Alexis Carvalho
 Alfred Gebert
 Allen Pulsifer
+Alona Rossen
 Amol Pattekar
 Amr Shahin
 Anatoli Tubman
@@ -52,6 +56,7 @@ Anders Gustafsson
 Anders Havn
 Andi Jahja
 Andre Guibert de Bruet
+Andre Heinecke
 Andreas Damm
 Andreas Faerber
 Andreas Farber
@@ -63,6 +68,7 @@ Andreas Schuldei
 Andreas Wurf
 Andrei Benea
 Andrei Cipu
+Andrei Kurushin
 Andrej E Baranov
 Andres Garcia
 Andrew Benham
@@ -80,6 +86,7 @@ Andy Cedilnik
 Andy Serpa
 Andy Tsouladze
 Angus Mackay
+Anthon Pang
 Anthony Bryan
 Anthony G. Basile
 Antoine Calando
@@ -93,12 +100,16 @@ Arnaud Compan
 Arnaud Ebalard
 Arthur Murray
 Arve Knudsen
+Arvid Norberg
+Ask Bjørn Hansen
+Askar Safin
 Ates Goral
 Augustus Saunders
 Avery Fay
 Axel Tillequin
 Balaji Parasuram
 Balint Szilakszi
+Barry Abrahamson
 Bart Whiteley
 Bas Mevissen
 Ben Darnell
@@ -111,6 +122,7 @@ Benbuck Nason
 Benjamin Gerard
 Benjamin Gilbert
 Benjamin Johnson
+Benoit Neil
 Benoit Sigoure
 Bernard Leak
 Bernhard Reutner-Fischer
@@ -131,7 +143,9 @@ Bogdan Nicula
 Brad Burdick
 Brad Hards
 Brad King
+Brad Spencer
 Bradford Bruce
+Brandon Casey
 Brandon Wang
 Brendan Jurd
 Brent Beardsley
@@ -151,10 +165,12 @@ Camille Moncelier
 Caolan McNamara
 Carsten Lange
 Casey O'Donnell
+Catalin Patulea
 Cedric Deltheil
 Chad Monroe
 Chandrakant Bagul
 Charles Kerr
+Chen Prog
 Chih-Chung Chang
 Chris "Bob Bob"
 Chris Combes
@@ -166,6 +182,7 @@ Chris Gaukroger
 Chris Maltby
 Chris Mumford
 Chris Smowton
+Chris Young
 Christian Grothoff
 Christian Hägele
 Christian Krause
@@ -186,7 +203,9 @@ Clarence Gardner
 Clemens Gruber
 Clifford Wolf
 Cody Jones
+Cody Mack
 Colby Ranger
+Colin Blair
 Colin Hogben
 Colin Watson
 Colm Buckley
@@ -203,6 +222,7 @@ Cédric Deltheil
 D. Flinkmann
 Dag Ekengren
 Dagobert Michelsen
+Damian Dixon
 Damien Adant
 Dan Becker
 Dan C
@@ -245,24 +265,30 @@ David Kimdon
 David Lang
 David LeBlanc
 David McCreedy
+David Meyer
 David Odin
 David Phillips
 David Rosenstrauch
+David Ryskalczyk
 David Shaw
 David Strauss
 David Tarendash
 David Thiel
 David Walser
+David Woodhouse
 David Wright
 David Yan
 Dengminwen
+Dennis Clarke
 Derek Higgins
 Detlef Schmier
 Didier Brisebourg
 Diego Casorran
+Dilyan Palauzov
 Dima Barsky
 Dima Tisnek
 Dimitre Dimitrov
+Dimitrios Siganos
 Dimitris Sarris
 Dinar
 Dirk Eddelbuettel
@@ -270,6 +296,7 @@ Dirk Manske
 Dmitri Shubin
 Dmitriy Sergeyev
 Dmitry Bartsevich
+Dmitry Falko
 Dmitry Kurochkin
 Dmitry Popov
 Dmitry Rechkin
@@ -285,13 +312,13 @@ Douglas R. Horner
 Douglas Steinwand
 Dov Murik
 Duane Cathey
-Duncan
 Duncan Mac-Vicar Prett
 Dustin Boswell
 Dylan Ellicott
 Dylan Salisbury
 Early Ehlinger
 Ebenezer Ikonne
+Ed Morley
 Edin Kadribasic
 Eduard Bloch
 Edward Rudd
@@ -321,12 +348,15 @@ Eric Wong
 Eric Young
 Erick Nuwendam
 Erik Johansson
+Ernest Beinrohr
 Erwan Legrand
 Erwin Authried
+Ethan Glasser Camp
 Eugene Kotlyarov
 Evan Jordan
 Evgeny Turnaev
 Eygene Ryabinkin
+Fabian Frank
 Fabian Hiernaux
 Fabian Keil
 Fabrizio Ammollo
@@ -335,6 +365,7 @@ Felix Yan
 Felix von Leitner
 Feng Tu
 Florian Schoppmann
+Florian Weimer
 Forrest Cahoon
 Francois Charlier
 Frank Hempel
@@ -344,6 +375,7 @@ Frank Meier
 Frank Ticheler
 Frank Van Uffelen
 František Kučera
+François Charlier
 Fred Machado
 Fred New
 Fred Noz
@@ -357,6 +389,7 @@ Gautam Kachroo
 Gautam Mani
 Gavrie Philipson
 Gaz Iqbal
+Gaël Portay
 Geoff Beier
 Georg Horn
 Georg Huettenegger
@@ -376,8 +409,10 @@ Gilles Blanc
 Gisle Vanem
 Giuseppe Attardi
 Giuseppe D'Ambrosio
+Glen A Johnson Jr.
 Glen Nakamura
 Glen Scott
+Glenn Sheridan
 Gokhan Sengun
 Gordon Marler
 Gorilla Maguila
@@ -385,14 +420,17 @@ Grant Erickson
 Greg Hewgill
 Greg Morse
 Greg Onufer
+Greg Pratt
 Greg Zavertnik
 Grigory Entin
 Guenole Bescon
 Guenter Knauf
 Guido Berhoerster
 Guillaume Arluison
+Gunter Knauf
 Gustaf Hui
 Gwenole Beauchesne
+Gökhan Şengün
 Götz Babin-Ebell
 Hamish Mackenzie
 Hang Kin Lau
@@ -401,12 +439,14 @@ Hanno Kranzhoff
 Hans Steegers
 Hans-Jurgen May
 Hardeep Singh
+Haris Okanovic
 Harshal Pradhan
 Hauke Duden
 He Qin
 Heikki Korpela
 Heinrich Ko
 Heinrich Schaefer
+Helwing Lutz
 Hendrik Visage
 Henrik Storner
 Henry Ludemann
@@ -416,6 +456,7 @@ Ho-chi Chen
 Hoi-Ho Chan
 Hongli Lai
 Howard Chu
+Hubert Kario
 Hzhijun
 Ian D Allen
 Ian Ford
@@ -427,6 +468,7 @@ Ignacio Vazquez-Abrams
 Igor Franchuk
 Igor Novoseltsev
 Igor Polyakov
+Iida Yosiaki
 Ilguiz Latypov
 Ilja van Sprundel
 Immanuel Gregoire
@@ -434,11 +476,13 @@ Ingmar Runge
 Ingo Ralf Blum
 Ingo Wilken
 Ishan SinghLevett
+Ivo Bellin Salarin
 Jack Zhang
 Jacky Lam
 Jacob Meuser
 Jacob Moshenko
 Jad Chamcham
+Jakub Zakrzewski
 James Bursa
 James Cheng
 James Clancy
@@ -458,6 +502,7 @@ Jan Schaumann
 Jan Van Boghout
 Jared Jennings
 Jared Lundell
+Jari Aalto
 Jari Sundell
 Jason Glasgow
 Jason Liu
@@ -472,19 +517,21 @@ Jean-Claude Chauve
 Jean-Francois Bertrand
 Jean-Louis Lemaire
 Jean-Marc Ranger
-Jean-Noel Rouvignac
+Jean-Noël Rouvignac
 Jean-Philippe Barrette-LaPierre
 Jeff Connelly
+Jeff Hodges
 Jeff Johnson
 Jeff King
 Jeff Lawson
 Jeff Phillips
 Jeff Pohlmeyer
 Jeff Weber
-Jeffrey Pohlmeyer
 Jeremy Friesner
 Jeremy Huddleston
+Jeroen Koekkoek
 Jerome Muffat-Meridol
+Jerome Robert
 Jerome Vouillon
 Jerry Krinock
 Jerry Wu
@@ -498,6 +545,7 @@ Jim Hollinger
 Jim Meyering
 Jiri Hruska
 Jiri Jaburek
+Jiri Malak
 Jocelyn Jaubert
 Joe Halpin
 Joe Malicki
@@ -508,7 +556,9 @@ Johan Anderson
 Johan Nilsson
 Johan van Selst
 Johannes Bauer
+Johannes Ernst
 John Bradshaw
+John Coffey
 John Crow
 John Dennis
 John Dunn
@@ -519,6 +569,7 @@ John Joseph Bachir
 John Kelly
 John Lask
 John Lightsey
+John Malmberg
 John Marino
 John McGowan
 John P. McCaskey
@@ -529,14 +580,18 @@ Johnny Luong
 Jon Grubbs
 Jon Nelson
 Jon Sargeant
+Jon Torrey
 Jon Travis
 Jon Turner
 Jonas Forsman
 Jonas Schnelli
 Jonatan Lander
+Jonatan Vela
+Jonathan Cardoso Machado
 Jonathan Hseu
 Jonathan Nieder
 Jongki Suwandi
+Jose Alf
 Jose Kahan
 Josef Wolf
 Josh Kapell
@@ -556,6 +611,7 @@ Jun-ichiro itojun Hagino
 Jurij Smakov
 Justin Fletcher
 Justin Karneges
+Justin Maggard
 Jörg Mueller-Tolk
 Jörn Hartroth
 Kai Engert
@@ -600,6 +656,8 @@ Kyle Sallee
 Lachlan O'Dea
 Larry Campbell
 Larry Fahnoe
+Larry Lin
+Larry Stone
 Lars Buitinck
 Lars Gustafsson
 Lars J. Aas
@@ -610,12 +668,16 @@ Lau Hang Kin
 Laurent Rabret
 Legoff Vincent
 Lehel Bernadt
+Leif W
 Len Krause
 Lenaic Lefever
 Lenny Rachitsky
+Leon Winter
+Leonardo Rosati
 Liam Healy
 Lijo Antony
 Linas Vepstas
+Lindley French
 Ling Thio
 Linus Nielsen Feltzing
 Lisa Xu
@@ -626,13 +688,18 @@ Loren Kirkby
 Luca Altea
 Luca Alteas
 Lucas Adamski
+Ludek Finstrle
 Ludovico Cavedon
 Lukasz Czekierda
 Luke Amery
 Luke Call
+Luke Dashjr
 Luong Dinh Dung
+Lyndon Hill
 Maciej Karpiuk
+Maciej Puzio
 Maciej W. Rozycki
+Maks Naumov
 Mamoru Tasaka
 Mandy Wu
 Manfred Schwarb
@@ -684,6 +751,7 @@ Mateusz Loskot
 Mathias Axelsson
 Mats Lidell
 Matt Arsenault
+Matt Ford
 Matt Kraai
 Matt Veenstra
 Matt Witherspoon
@@ -719,10 +787,12 @@ Michael Stillwell
 Michael Wallner
 Michal Bonino
 Michal Gorny
-Michal Kowalczyk
 Michal Marek
+Michał Górny
+Michał Kowalczyk
 Michele Bini
 Miguel Angel
+Miguel Diaz
 Mihai Ionescu
 Mikael Johansson
 Mikael Sennerholm
@@ -730,14 +800,18 @@ Mike Bytnar
 Mike Crowe
 Mike Dobbs
 Mike Giancola
+Mike Hasselberg
+Mike Henshaw
 Mike Hommey
 Mike Mio
 Mike Power
 Mike Protts
 Mike Revi
 Miklos Nemeth
+Miroslav Spousta
 Mitz Wark
 Mohamed Lrhazi
+Mohammad AlSaleh
 Mohun Biswas
 Moonesamy
 Myk Taylor
@@ -772,11 +846,12 @@ Nodak Sodak
 Norbert Frese
 Norbert Novotny
 Ofer
+Ola Mork
 Olaf Flebbe
-Olaf Stueben
 Olaf Stüben
 Oliver Gondža
 Oliver Kuckertz
+Oliver Schindler
 Olivier Berger
 Oren Tirosh
 Ori Avtalion
@@ -784,15 +859,19 @@ Oscar Koeroo
 Oscar Norlander
 P R Schaffner
 Paolo Piacentini
+Paras Sethia
 Pascal Terjan
 Pasha Kuznetsov
+Pasi Karkkainen
 Pat Ray
 Patrice Guerin
 Patricia Muscalu
 Patrick Bihan-Faou
+Patrick McManus
 Patrick Monnerat
 Patrick Scott
 Patrick Smith
+Patrick Watson
 Patrik Thunstrom
 Pau Garcia i Quiles
 Paul Donohue
@@ -803,6 +882,7 @@ Paul Marquis
 Paul Moore
 Paul Nolan
 Paul Querna
+Paul Saab
 Pavel Cenek
 Pavel Orehov
 Pavel Raiskup
@@ -825,9 +905,11 @@ Peter Su
 Peter Sylvester
 Peter Todd
 Peter Verhas
+Peter Wang
 Peter Wullinger
 Peteris Krumins
 Petr Bahula
+Petr Novak
 Petr Pisar
 Phil Blundell
 Phil Karn
@@ -846,12 +928,16 @@ Pierre Joye
 Pierre Ynard
 Pooyan McSporran
 Pramod Sharma
+Prash Dush
+Priyanka Shah
 Puneet Pawaia
 Quagmire
 Quanah Gibson-Mount
 Quinn Slack
+Radu Simionescu
 Rafa Muyo
 Rafael Sagula
+Rafaël Carré
 Rainer Canavan
 Rainer Jung
 Rainer Koenig
@@ -864,7 +950,9 @@ Randy McMurchy
 Ravi Pratap
 Ray Dassen
 Ray Pekowski
+Ray Satiro
 Reinout van Schouwen
+Remi Gacogne
 Renato Botelho
 Renaud Chaillat
 Renaud Duhaut
@@ -883,11 +971,13 @@ Richard Clayton
 Richard Cooper
 Richard Gorton
 Richard Michael
+Richard Moore
 Richard Prescott
 Richard Silverman
 Rick Jones
 Rick Richardson
 Rob Crittenden
+Rob Davies
 Rob Jones
 Rob Stanzel
 Rob Ward
@@ -905,6 +995,7 @@ Robin Johnson
 Robin Kay
 Robson Braga Araujo
 Rodney Simmons
+Rodric Glaser
 Rodrigo Silva
 Roland Blom
 Roland Krikava
@@ -913,12 +1004,14 @@ Rolland Dudemaine
 Roman Koifman
 Roman Mamedov
 Romulo A. Ceccon
+Ron Parker
 Ron Zapp
 Rosimildo da Silva
 Roy Shan
 Rune Kleveland
 Ruslan Gazizov
 Rutger Hofman
+Ryan Braud
 Ryan Chan
 Ryan Nelson
 Ryan Schmidt
@@ -938,6 +1031,7 @@ Santhana Todatry
 Saqib Ali
 Sara Golemon
 Saran Neti
+Sascha Swiercy
 Saul good
 Scott Bailey
 Scott Barrett
@@ -952,6 +1046,7 @@ Sergey Tatarincev
 Sergio Ballestrero
 Seshubabu Pasam
 Sh Diao
+Shao Shuchao
 Sharad Gupta
 Shard
 Shawn Landden
@@ -967,6 +1062,7 @@ Song Ma
 Sonia Subramanian
 Spacen Jasset
 Spiridonoff A.V
+Spork Schivago
 Stadler Stephan
 Stan van de Burgt
 Stanislav Ivochkin
@@ -976,6 +1072,7 @@ Stefan Neis
 Stefan Teleman
 Stefan Tomanek
 Stefan Ulrich
+Steinar H. Gunderson
 Stephan Bergmann
 Stephen Collyer
 Stephen Kick
@@ -995,6 +1092,7 @@ Steven Gu
 Steven M. Schweda
 Steven Parkes
 Stoned Elipot
+Sune Ahlgren
 Sven Anders
 Sven Neuhaus
 Sven Wegener
@@ -1005,12 +1103,15 @@ Taneli Vahakangas
 Tanguy Fautre
 Tatsuhiro Tsujikawa
 Temprimus
+Thomas Braun
 Thomas J. Moore
 Thomas Klausner
 Thomas L. Shinnick
 Thomas Lopatic
 Thomas Schwinge
 Thomas Tonino
+Tiit Pikma
+Till Maas
 Tim Ansell
 Tim Baker
 Tim Bartley
@@ -1020,8 +1121,10 @@ Tim Harder
 Tim Heckman
 Tim Newsome
 Tim Sneddon
+Tim Starling
 Timo Sirainen
 Tinus van den Berg
+Tobias Markus
 Tobias Rundström
 Toby Peterson
 Todd A Ouska
@@ -1036,6 +1139,7 @@ Tom Mattison
 Tom Moers
 Tom Mueller
 Tom Regner
+Tom Sparrow
 Tom Wright
 Tom Zerucha
 Tomas Hoger
@@ -1057,13 +1161,16 @@ Troels Walsted Hansen
 Troy Engel
 Tupone Alfredo
 Tyler Hall
+Török Edwin
 Ulf Härnhammar
 Ulf Samuelsson
 Ulrich Doehner
 Ulrich Zadow
 Venkat Akella
 Victor Snezhko
+Vijay Panghal
 Vikram Saxena
+Viktor Szakáts
 Vilmos Nebehaj
 Vincent Bronner
 Vincent Le Normand
@@ -1087,6 +1194,7 @@ Wez Furlong
 Wilfredo Sanchez
 Will Dietz
 Willem Sparreboom
+William Ahern
 Wojciech Zwiefka
 Wouter Van Rooy
 Wu Yongzheng
@@ -1095,8 +1203,12 @@ Yaakov Selkowitz
 Yamada Yasuharu
 Yang Tse
 Yarram Sunil
+Yasuharu Yamada
+Yehezkel Horowitz
 Yehoshua Hershberg
 Yi Huang
+Yingwei Liu
+Yousuke Kimoto
 Yukihiro Kawada
 Yuriy Sosov
 Yves Arrouye
@@ -1108,3 +1220,4 @@ Zvi Har'El
 nk
 swalkaus at yahoo.com
 tommink[at]post.pl
+Никита Дорохин
--- a/docs/TODO
+++ b/docs/TODO
@@ -17,7 +17,7 @@
 1.4 signal-based resolver timeouts
 1.5 get rid of PATH_MAX
 1.6 Modified buffer size approach
- 1.7 Detect when called from witin callbacks
+ 1.7 Detect when called from within callbacks
 1.8 Allow SSL (HTTPS) to proxy

 2. libcurl - multi interface
@@ -25,7 +25,7 @@
 2.2 Fix HTTP Pipelining for PUT

 3. Documentation
- 3.1  More and better
+ 3.1 Update date and version in man pages

 4. FTP
 4.1 HOST
@@ -33,13 +33,16 @@
 4.3 Earlier bad letter detection
 4.4 REST for large files
 4.5 ASCII support
+ 4.6 GSSAPI via Windows SSPI
+ 4.7 STAT for LIST without data connection

 5. HTTP
 5.1 Better persistency for HTTP 1.0
 5.2 support FF3 sqlite cookie files
 5.3 Rearrange request header order
- 5.4 HTTP2/SPDY
+ 5.4 SPDY
 5.5 auth= in URLs
+ 5.6 Digest via Windows SSPI

 6. TELNET
 6.1 ditch stdin
@@ -80,6 +83,7 @@

 14. SASL
 14.1 Other authentication mechanisms
+ 14.2 GSSAPI via GSS-API libraries
 
 15. Client
 15.1 sync
@@ -87,9 +91,7 @@
 15.3 prevent file overwriting
 15.4 simultaneous parallel transfers
 15.5 provide formpost headers
- 15.6 url-specific options
- 15.7 warning when setting an option
- 15.8 IPv6 addresses with globbing
+ 15.6 warning when setting an option

 16. Build
 16.1 roffit
@@ -99,9 +101,10 @@
 17.2 nicer lacking perl message
 17.3 more protocols supported
 17.4 more platforms supported
+ 17.5 Add support for concurrent connections

 18. Next SONAME bump
- 18.1 http-style HEAD output for ftp
+ 18.1 http-style HEAD output for FTP
 18.2 combine error codes
 18.3 extend CURLOPT_SOCKOPTFUNCTION prototype

@@ -175,7 +178,7 @@
 Dynamically allocate buffer size depending on protocol in use in combination
 with freeing it after each individual transfer? Other suggestions?

-1.7 Detect when called from witin callbacks
+1.7 Detect when called from within callbacks

 We should set a state variable before calling callbacks, so that we
 subsequently can add code within libcurl that returns error if called within
@@ -187,6 +190,8 @@
 by Chrome already:
 http://www.chromium.org/developers/design-documents/secure-web-proxy

+ ...and by Firefox soon:
+ https://bugzilla.mozilla.org/show_bug.cgi?id=378637

 2. libcurl - multi interface

@@ -212,18 +217,20 @@

 3. Documentation

-3.1  More and better
+3.1 Update date and version in man pages

- Exactly
+ 'maketgz' or another suitable script could update the .TH sections of the man
+ pages at release time to use the current date and curl/libcurl version
+ number.

 4. FTP

 4.1 HOST

- HOST is a suggested command in the works for a client to tell which host name
- to use, to offer FTP servers named-based virtual hosting:
+ HOST is a command for a client to tell which host name to use, to offer FTP
+ servers named-based virtual hosting:

- http://tools.ietf.org/html/draft-hethmon-mcmurray-ftp-hosts-11
+ http://tools.ietf.org/html/rfc7151

 4.2 Alter passive/active on failure and retry

@@ -234,7 +241,7 @@

 4.3 Earlier bad letter detection

- Make the detection of (bad) %0d and %0a codes in FTP url parts earlier in the
+ Make the detection of (bad) %0d and %0a codes in FTP URL parts earlier in the
 process to avoid doing a resolve and connect in vain.

 4.4 REST for large files
@@ -248,6 +255,20 @@
 FTP ASCII transfers do not follow RFC959. They don't convert the data
 accordingly.

+4.6 GSSAPI via Windows SSPI
+
+In addition to currently supporting the SASL GSSAPI mechanism (Kerberos V5)
+via third-party GSS-API libraries, such as Heimdal or MIT Kerberos, also add
+support for GSSAPI authentication via Windows SSPI.
+
+4.7 STAT for LIST without data connection
+
+Some FTP servers allow STAT for listing directories instead of using LIST, and
+the response is then sent over the control connection instead of as the
+otherwise usedw data connection: http://www.nsftools.com/tips/RawFTP.htm#STAT
+
+This is not detailed in any FTP specification.
+
 5. HTTP

 5.1 Better persistency for HTTP 1.0
@@ -273,23 +294,13 @@
 headers use a default value so only headers that need to be moved have to be
 specified.

-5.4 HTTP2/SPDY
+5.4 SPDY

- The first drafts for HTTP2 have been published
- (http://tools.ietf.org/html/draft-ietf-httpbis-http2-03) and is so far based
- on SPDY (http://www.chromium.org/spdy) designs and experiences. Chances are
- it will end up in that style. Chrome and Firefox already support SPDY and
- lots of web services do.
+ Chrome and Firefox already support SPDY and lots of web services do. There's
+ a library for us to use for this (spdylay) that has a similar API and the
+ same author as nghttp2.

- It would make sense to implement SPDY support now and later transition into
- or add HTTP2 support as well.
-
- We should base or HTTP2/SPDY work on a 3rd party library for the protocol
- fiddling. The Spindy library (http://spindly.haxx.se/) was an attempt to make
- such a library with an API suitable for use by libcurl but that effort has
- more or less stalled.  spdylay (https://github.com/tatsuhiro-t/spdylay) may
- be a better option, either used directly or wrapped with a more spindly-like
- API.
+ spdylay: https://github.com/tatsuhiro-t/spdylay

 5.5 auth= in URLs

@@ -298,11 +309,17 @@

 For example:

- http://test:pass;auth=NTLM@example.com would be equivalent to specifing --user
+ http://test:pass;auth=NTLM@example.com would be equivalent to specifying --user
 test:pass;auth=NTLM or --user test:pass --ntlm from the command line. 

 Additionally this should be implemented for proxy base URLs as well.

+5.6 Digest via Windows SSPI
+
+ libcurl already supports HTTP Digest Authentication via native routines as well
+ as SASL Digest via both Windows SSPI and native routines. In addition to this
+ libcurl should also support HTTP Digest Authentication via Windows SSPI.
+
 6. TELNET

 6.1 ditch stdin
@@ -363,7 +380,7 @@ to provide the data to send.
 Currently the LDAP module only supports ldap_simple_bind_s() in order to bind
 to an LDAP server. However, this function sends username and password details
 using the simple authentication mechanism (as clear text). However, it should
- be possible to use ldap_bind_s() instead specifing the security context
+ be possible to use ldap_bind_s() instead specifying the security context
 information ourselves.

 11. New protocols
@@ -394,7 +411,7 @@ to provide the data to send.
 12.4 Cache OpenSSL contexts

 "Look at SSL cafile - quick traces look to me like these are done on every
- request as well, when they should only be necessary once per ssl context (or
+ request as well, when they should only be necessary once per SSL context (or
 once per handle)". The major improvement we can rather easily do is to make
 sure we don't create and kill a new SSL "context" for every request, but
 instead make one for every connection and re-use that SSL context in the same
@@ -447,7 +464,13 @@ to provide the data to send.

 14.1 Other authentication mechanisms

- Add support for GSSAPI to SMTP, POP3 and IMAP.
+ Add support for other authentication mechanisms such as EXTERNAL, OLP,
+ GSS-SPNEGO and others.
+ 
+14.2 GSSAPI via GSS-API libraries
+
+ Add support for GSSAPI authentication via third-party GSS-API libraries, such
+ as Heimdal and MIT Kerberos.

 15. Client

@@ -494,33 +517,12 @@ to provide the data to send.
 which should overwrite the program reasonable defaults (plain/text,
 8bit...)

-15.6 url-specific options
-
- Provide a way to make options bound to a specific URL among several on the
- command line. Possibly by letting ':' separate options between URLs,
- similar to this:
-
-    curl --data foo --url url.com : \
-        --url url2.com : \
-        --url url3.com --data foo3
-
- (More details: http://curl.haxx.se/mail/archive-2004-07/0133.html)
-
- The example would do a POST-GET-POST combination on a single command line.
-
-15.7 warning when setting an option
+15.6 warning when setting an option

  Display a warning when libcurl returns an error when setting an option.
  This can be useful to tell when support for a particular feature hasn't been
  compiled into the library.

-15.8 IPv6 addresses with globbing
-
-  Currently the command line client needs to get url globbing disabled (with
-  -g) for it to support IPv6 numerical addresses. This is a rather silly flaw
-  that should be corrected. It probably involves a smarter detection of the
-  '[' and ']' letters.
-
 16. Build

 16.1 roffit
@@ -543,7 +545,7 @@ to provide the data to send.

 17.3 more protocols supported

- Extend the test suite to include more protocols. The telnet could just do ftp
+ Extend the test suite to include more protocols. The telnet could just do FTP
 or http operations (for which we have test servers).

 17.4 more platforms supported
@@ -551,12 +553,26 @@ to provide the data to send.
 Make the test suite work on more platforms. OpenBSD and Mac OS. Remove
 fork()s and it should become even more portable.

+17.5 Add support for concurrent connections
+
+ Tests 836, 882 and 938 were designed to verify that separate connections aren't
+ used when using different login credentials in protocols that shouldn't re-use
+ a connection under such circumstances.
+
+ Unfortunately, ftpserver.pl doesn't appear to support multiple concurrent
+ connections. The read while() loop seems to loop until it receives a disconnect
+ from the client, where it then enters the waiting for connections loop. When
+ the client opens a second connection to the server, the first connection hasn't
+ been dropped (unless it has been forced - which we shouldn't do in these tests)
+ and thus the wait for connections loop is never entered to receive the second
+ connection.
+
 18. Next SONAME bump

-18.1 http-style HEAD output for ftp
+18.1 http-style HEAD output for FTP

 #undef CURL_FTP_HTTPSTYLE_HEAD in lib/ftp.c to remove the HTTP-style headers
- from being output in NOBODY requests over ftp
+ from being output in NOBODY requests over FTP

 18.2 combine error codes

@@ -590,7 +606,7 @@ to provide the data to send.
 for applications to differentiate on TCP vs UDP and even HTTP vs FTP and
 similar.

-10. Next major release
+19. Next major release

 19.1 cleanup return codes

@@ -654,7 +670,7 @@ to provide the data to send.
 but instead often restricts how the form functions can or can't be modified.

 Changing them to return a private handle will benefit the implementation and
- allow us much greater freedoms while still maintining a solid API and ABI.
+ allow us much greater freedoms while still maintaining a solid API and ABI.

 19.9 have form functions use CURL handle argument

@@ -668,7 +684,7 @@ to provide the data to send.

 Rather than use the URL to specify the mail client string to present in the
 HELO and EHLO commands, libcurl should support a new CURLOPT specifically for
- specifing this data as the URL is non-standard and to be honest a bit of a
+ specifying this data as the URL is non-standard and to be honest a bit of a
 hack ;-)

 Please see the following thread for more information:
--- a/docs/TheArtOfHttpScripting
+++ b/docs/TheArtOfHttpScripting
@@ -171,7 +171,7 @@ The Art Of Scripting HTTP Requests Using Curl
 2.4 User name and password

 Some services are setup to require HTTP authentication and then you need to
- provide name and password which then is transfered to the remote site in
+ provide name and password which then is transferred to the remote site in
 various ways depending on the exact authentication protocol used.

 You can opt to either insert the user and password in the URL or you can
@@ -520,7 +520,7 @@ The Art Of Scripting HTTP Requests Using Curl

 Curl has a full blown cookie parsing engine built-in that comes to use if you
 want to reconnect to a server and use cookies that were stored from a
- previous connection (or handicrafted manually to fool the server into
+ previous connection (or hand-crafted manually to fool the server into
 believing you had a previous connection). To use previously stored cookies,
 you run curl like:

@@ -645,7 +645,7 @@ The Art Of Scripting HTTP Requests Using Curl
 sometimes they use such code to set or modify cookie contents. Possibly they
 do that to prevent programmed logins, like this manual describes how to...
 Anyway, if reading the code isn't enough to let you repeat the behavior
- manually, capturing the HTTP requests done by your browers and analyzing the
+ manually, capturing the HTTP requests done by your browsers and analyzing the
 sent cookies is usually a working method to work out how to shortcut the
 javascript need.

--- a/docs/curl.1
+++ b/docs/curl.1
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -20,7 +20,7 @@
 .\" *
 .\" **************************************************************************
 .\"
-.TH curl 1 "27 July 2012" "Curl 7.27.0" "Curl Manual"
+.TH curl 1 "2 Aug 2014" "Curl 7.38.0" "Curl Manual"
 .SH NAME
 curl \- transfer a URL
 .SH SYNOPSIS
@@ -53,7 +53,9 @@ braces as in:
 or you can get sequences of alphanumeric series by using [] as in:

  ftp://ftp.numericals.com/file[1-100].txt
+
  ftp://ftp.numericals.com/file[001-100].txt    (with leading zeros)
+
  ftp://ftp.letters.com/file[a-z].txt

 Nested sequences are not supported, but you can use several ones next to each
@@ -68,8 +70,14 @@ You can specify a step counter for the ranges to get every Nth number or
 letter:

  http://www.numericals.com/file[1-100:10].txt
+
  http://www.letters.com/file[a-z:2].txt

+When using [] or {} sequences when invoked from a command line prompt, you
+probably have to put the full URL within double quotes to avoid the shell from
+interfering with it. This also goes for other characters treated special, like
+for example '&', '?' and '*'.
+
 If you specify URL without protocol:// prefix, curl will attempt to guess what
 protocol you might want. It will then default to HTTP but try other protocols
 based on often-used host name prefixes. For example, for host names starting
@@ -103,8 +111,8 @@ any response data to the terminal.
 If you prefer a progress "bar" instead of the regular meter, \fI-#\fP is your
 friend.
 .SH OPTIONS
-Options start with one or two dashes. Many of the options require an addition
-value next to it.
+Options start with one or two dashes. Many of the options require an
+additional value next to them.

 The short "single-dash" form of the options, -d for example, may be used with
 or without a space between it and its value, although a space is a recommended
@@ -124,36 +132,56 @@ same command line option.)
 .IP "-#, --progress-bar"
 Make curl display progress as a simple progress bar instead of the standard,
 more informational, meter.
+.IP "-:, --next"
+Tells curl to use a separate operation for the following URL and associated
+options. This allows you to send several URL requests, each with their own
+specific options, for example, such as different user names or custom requests
+for each. (Added in 7.36.0)
 .IP "-0, --http1.0"
 (HTTP) Tells curl to use HTTP version 1.0 instead of using its internally
 preferred: HTTP 1.1.
 .IP "--http1.1"
 (HTTP) Tells curl to use HTTP version 1.1. This is the internal default
 version. (Added in 7.33.0)
-.IP "--http2.0"
-(HTTP) Tells curl to issue its requests using HTTP 2.0. This requires that the
+.IP "--http2"
+(HTTP) Tells curl to issue its requests using HTTP 2. This requires that the
 underlying libcurl was built to support it. (Added in 7.33.0)
+.IP "--no-npn"
+Disable the NPN TLS extension. NPN is enabled by default if libcurl was built
+with an SSL library that supports NPN. NPN is used by a libcurl that supports
+HTTP 2 to negotiate HTTP 2 support with the server during https sessions.
+
+(Added in 7.36.0)
+.IP "--no-alpn"
+Disable the ALPN TLS extension. ALPN is enabled by default if libcurl was built
+with an SSL library that supports ALPN. ALPN is used by a libcurl that supports
+HTTP 2 to negotiate HTTP 2 support with the server during https sessions.
+
+(Added in 7.36.0)
 .IP "-1, --tlsv1"
 (SSL)
-Forces curl to use TLS version 1 when negotiating with a remote TLS server.
+Forces curl to use TLS version 1.x when negotiating with a remote TLS server.
+You can use options \fI--tlsv1.0\fP, \fI--tlsv1.1\fP, and \fI--tlsv1.2\fP to
+control the TLS version more precisely (if the SSL backend in use supports such
+a level of control).
 .IP "-2, --sslv2"
-(SSL)
-Forces curl to use SSL version 2 when negotiating with a remote SSL server.
+(SSL) Forces curl to use SSL version 2 when negotiating with a remote SSL
+server. Sometimes curl is built without SSLv2 support. SSLv2 is widely
+considered insecure.
 .IP "-3, --sslv3"
-(SSL)
-Forces curl to use SSL version 3 when negotiating with a remote SSL server.
+(SSL) Forces curl to use SSL version 3 when negotiating with a remote SSL
+server. Sometimes curl is built without SSLv3 support.
 .IP "-4, --ipv4"
-If curl is capable of resolving an address to multiple IP versions (which it
-is if it is IPv6-capable), this option tells curl to resolve names to IPv4
-addresses only.
+Tis option tells curl to resolve names to IPv4 addresses only, and not for
+example try IPv6.
 .IP "-6, --ipv6"
-If curl is capable of resolving an address to multiple IP versions (which it
-is if it is IPv6-capable), this option tells curl to resolve names to IPv6
-addresses only.
+This option tells curl to resolve names to IPv6 addresses only, and not for
+example try IPv4.
 .IP "-a, --append"
-(FTP/SFTP) When used in an upload, this will tell curl to append to the target
-file instead of overwriting it. If the file doesn't exist, it will be created.
-Note that this flag is ignored by some SSH servers (including OpenSSH).
+(FTP/SFTP) When used in an upload, this makes curl append to the target file
+instead of overwriting it. If the remote file doesn't exist, it will be
+created.  Note that this flag is ignored by some SFTP servers (including
+OpenSSH).
 .IP "-A, --user-agent <agent string>"
 (HTTP) Specify the User-Agent string to send to the HTTP server. Some badly
 done CGIs fail if this field isn't set to "Mozilla/4.0". To encode blanks in
@@ -174,10 +202,9 @@ since it may require data to be sent twice and then the client must be able to
 rewind. If the need should arise when uploading from stdin, the upload
 operation will fail.
 .IP "-b, --cookie <name=data>"
-(HTTP)
-Pass the data to the HTTP server as a cookie. It is supposedly the
-data previously received from the server in a "Set-Cookie:" line.
-The data should be in the format "NAME1=VALUE1; NAME2=VALUE2".
+(HTTP) Pass the data to the HTTP server as a cookie. It is supposedly the data
+previously received from the server in a "Set-Cookie:" line.  The data should
+be in the format "NAME1=VALUE1; NAME2=VALUE2".

 If no '=' symbol is used in the line, it is treated as a filename to use to
 read previously stored cookie lines from, which should be used in this session
@@ -187,26 +214,29 @@ in combination with the \fI-L, --location\fP option. The file format of the
 file to read cookies from should be plain HTTP headers or the Netscape/Mozilla
 cookie file format.

-\fBNOTE\fP that the file specified with \fI-b, --cookie\fP is only used as
-input. No cookies will be stored in the file. To store cookies, use the
-\fI-c, --cookie-jar\fP option or you could even save the HTTP headers to a file
-using \fI-D, --dump-header\fP!
+The file specified with \fI-b, --cookie\fP is only used as input. No cookies
+will be written to the file. To store cookies, use the \fI-c, --cookie-jar\fP
+option.

 If this option is used several times, the last one will be used.
 .IP "-B, --use-ascii"
-(FTP/LDAP) Enable ASCII transfer. For FTP, this can also be
-enforced by using an URL that ends with ";type=A". This option causes data
-sent to stdout to be in text mode for win32 systems.
+(FTP/LDAP) Enable ASCII transfer. For FTP, this can also be enforced by using
+an URL that ends with ";type=A". This option causes data sent to stdout to be
+in text mode for win32 systems.
 .IP "--basic"
-(HTTP) Tells curl to use HTTP Basic authentication. This is the default and
-this option is usually pointless, unless you use it to override a previously
-set option that sets a different authentication method (such as \fI--ntlm\fP,
-\fI--digest\fP, or \fI--negotiate\fP).
+(HTTP) Tells curl to use HTTP Basic authentication with the remote host. This
+is the default and this option is usually pointless, unless you use it to
+override a previously set option that sets a different authentication method
+(such as \fI--ntlm\fP, \fI--digest\fP, or \fI--negotiate\fP).
+
+Used together with \fI-u, --user\fP and \fI-x, --proxy\fP.
+
+See also \fI--proxy-basic\fP.
 .IP "-c, --cookie-jar <file name>"
 (HTTP) Specify to which file you want curl to write all cookies after a
 completed operation. Curl writes all cookies previously read from a specified
 file as well as all cookies received from remote server(s). If no cookies are
-known, no file will be written. The file will be written using the Netscape
+known, no data will be written. The file will be written using the Netscape
 cookie file format. If you set the file name to a single dash, "-", the
 cookies will be written to stdout.

@@ -246,11 +276,12 @@ If this option is used several times, the last one will be used.
 supports, and save the uncompressed document.  If this option is used and the
 server sends an unsupported encoding, curl will report an error.
 .IP "--connect-timeout <seconds>"
-Maximum time in seconds that you allow the connection to the server to take.
-This only limits the connection phase, once curl has connected this option is
-of no more use.  Since 7.32.0, this option accepts decimal values, but the
-actual timeout will decrease in accuracy as the specified timeout increases in
-decimal precision. See also the \fI-m, --max-time\fP option.
+Maximum time in seconds that you allow curl's connection to take.  This only
+limits the connection phase, so if curl connects within the given period it
+will continue - if not it will exit.  Since version 7.32.0, this option
+accepts decimal values.
+
+See also the \fI-m, --max-time\fP option.

 If this option is used several times, the last one will be used.
 .IP "--create-dirs"
@@ -298,13 +329,12 @@ Write the protocol headers to the specified file.
 This option is handy to use when you want to store the headers that an HTTP
 site sends to you. Cookies from the headers could then be read in a second
 curl invocation by using the \fI-b, --cookie\fP option! The
-\fI-c, --cookie-jar\fP option is however a better way to store cookies.
+\fI-c, --cookie-jar\fP option is a better way to store cookies.

 When used in FTP, the FTP server response lines are considered being "headers"
 and thus are saved there.

 If this option is used several times, the last one will be used.
-
 .IP "--data-ascii <data>"
 See \fI-d, --data\fP.
 .IP "--data-binary <data>"
@@ -422,7 +452,7 @@ This option requires that libcurl was built with a resolver backend that
 supports this operation. The c-ares backend is the only such one.  (Added in
 7.33.0)
 .IP "-e, --referer <URL>"
-(HTTP) Sends the "Referer Page" information to the HTTP server. This can also
+(HTTP) Sends the "Referrer Page" information to the HTTP server. This can also
 be set with the \fI-H, --header\fP flag of course.  When used with
 \fI-L, --location\fP you can append ";auto" to the --referer URL to make curl
 automatically set the previous URL when it follows a Location: header. The
@@ -502,12 +532,25 @@ OpenSSL-powered curl to make SSL-connections much more efficiently than using

 If this option is set, the default capath value will be ignored, and if it is
 used several times, the last one will be used.
+.IP "--pinnedpubkey <pinned public key>"
+(SSL) Tells curl to use the specified public key file to verify the peer. The
+file must contain a single public key in DER format.
+
+When negotiating a TLS or SSL connection, the server sends a certificate
+indicating its identity. A public key is extracted from this certificate and
+if it does not exactly match the public key provided to this option, curl will
+abort the connection before sending or receiving any data.
+
+This is currently only implemented in the OpenSSL and GnuTLS backends.
+
+If this option is used several times, the last one will be used.
+(Added in 7.39.0)
 .IP "-f, --fail"
 (HTTP) Fail silently (no output at all) on server errors. This is mostly done
-to better enable scripts etc to better deal with failed attempts. In
-normal cases when an HTTP server fails to deliver a document, it returns an
-HTML document stating so (which often also describes why and more). This flag
-will prevent curl from outputting that and return error 22.
+to better enable scripts etc to better deal with failed attempts. In normal
+cases when an HTTP server fails to deliver a document, it returns an HTML
+document stating so (which often also describes why and more). This flag will
+prevent curl from outputting that and return error 22.

 This method is not fail-safe and there are occasions where non-successful
 response codes will slip through, especially when authentication is involved
@@ -516,11 +559,11 @@ response codes will slip through, especially when authentication is involved
 (HTTP) This lets curl emulate a filled-in form in which a user has pressed the
 submit button. This causes curl to POST data using the Content-Type
 multipart/form-data according to RFC 2388. This enables uploading of binary
-files etc. To force the 'content' part to be a file, prefix the file name
-with an @ sign. To just get the content part from a file, prefix the file name
-with the symbol <. The difference between @ and < is then that @ makes a file
-get attached in the post as a file upload, while the < makes a text field and
-just get the contents for that text field from a file.
+files etc. To force the 'content' part to be a file, prefix the file name with
+an @ sign. To just get the content part from a file, prefix the file name with
+the symbol <. The difference between @ and < is then that @ makes a file get
+attached in the post as a file upload, while the < makes a text field and just
+get the contents for that text field from a file.

 Example, to send your password file to the server, where
 \&'password' is the name of the form-field to which /etc/passwd will be the
@@ -658,16 +701,16 @@ If this option is used several times, only the first one is used. This is
 because undoing a GET doesn't make sense, but you should then instead enforce
 the alternative method you prefer.
 .IP "-H, --header <header>"
-(HTTP) Extra header to use when getting a web page. You may specify any number
-of extra headers. Note that if you should add a custom header that has the
-same name as one of the internal ones curl would use, your externally set
-header will be used instead of the internal one. This allows you to make even
-trickier stuff than curl would normally do. You should not replace internally
-set headers without knowing perfectly well what you're doing. Remove an
-internal header by giving a replacement without content on the right side of
-the colon, as in: -H \&"Host:". If you send the custom header with no-value
-then its header must be terminated with a semicolon, such as \-H
-\&"X-Custom-Header;" to send "X-Custom-Header:".
+(HTTP) Extra header to include in the request when sending HTTP to a
+server. You may specify any number of extra headers. Note that if you should
+add a custom header that has the same name as one of the internal ones curl
+would use, your externally set header will be used instead of the internal
+one. This allows you to make even trickier stuff than curl would normally
+do. You should not replace internally set headers without knowing perfectly
+well what you're doing. Remove an internal header by giving a replacement
+without content on the right side of the colon, as in: -H \&"Host:". If you
+send the custom header with no-value then its header must be terminated with a
+semicolon, such as \-H \&"X-Custom-Header;" to send "X-Custom-Header:".

 curl will make sure that each header you add/replace is sent with the proper
 end-of-line marker, you should thus \fBnot\fP add that as a part of the header
@@ -676,6 +719,13 @@ for you.

 See also the \fI-A, --user-agent\fP and \fI-e, --referer\fP options.

+Starting in 7.37.0, you need \fI--proxy-header\fP to send custom headers
+intended for a proxy.
+
+Example:
+
+\&# curl -H "X-First-Name: Joe" http://192.168.0.1/
+
 This option can be used multiple times to add/replace/remove multiple headers.
 .IP "--hostpubmd5 <md5>"
 (SCP/SFTP) Pass a string containing 32 hexadecimal digits. The string should
@@ -790,7 +840,8 @@ If this option is used several times, the last one will be used. If
 unspecified, the option defaults to 60 seconds.
 .IP "--key <key>"
 (SSL/SSH) Private key file name. Allows you to provide your private key in this
-separate file.
+separate file. For SSH, if not specified, curl tries the following candidates
+in order: '~/.ssh/id_rsa', '~/.ssh/id_dsa', './id_rsa', './id_dsa'.

 If this option is used several times, the last one will be used.
 .IP "--key-type <type>"
@@ -804,9 +855,8 @@ If this option is used several times, the last one will be used.
 should be one of 'clear', 'safe', 'confidential', or 'private'. Should you use
 a level that is not one of these, 'private' will instead be used.

-This option requires a library built with kerberos4 or GSSAPI
-(GSS-Negotiate) support. This is not very common. Use \fI-V, --version\fP to
-see if your curl supports it.
+This option requires a library built with kerberos4 support. This is not
+very common. Use \fI-V, --version\fP to see if your curl supports it.

 If this option is used several times, the last one will be used.
 .IP "-l, --list-only"
@@ -843,6 +893,10 @@ When curl follows a redirect and the request is not a plain GET (for example
 POST or PUT), it will do the following request with a GET if the HTTP response
 was 301, 302, or 303. If the response code was any other 3xx code, curl will
 re-send the following request using the same unmodified method.
+
+You can tell curl to not change the non-GET request method to GET after a 30x
+response by using the dedicated options for that: \fI--post301\fP,
+\fI--post302\fP and \fI-post303\fP.
 .IP "--libcurl <file>"
 Append this option to any ordinary curl command line, and you will get a
 libcurl-using C source code written to the file that does the equivalent
@@ -851,9 +905,10 @@ of what your command-line operation does!
 If this option is used several times, the last given file name will be
 used. (Added in 7.16.1)
 .IP "--limit-rate <speed>"
-Specify the maximum transfer rate you want curl to use. This feature is useful
-if you have a limited pipe and you'd like your transfer not to use your entire
-bandwidth.
+Specify the maximum transfer rate you want curl to use - for both downloads
+and uploads. This feature is useful if you have a limited pipe and you'd like
+your transfer not to use your entire bandwidth. To make it slower than it
+otherwise would be.

 The given speed is measured in bytes/second, unless a suffix is appended.
 Appending 'k' or 'K' will count the number as kilobytes, 'm' or M' makes it
@@ -887,6 +942,16 @@ values, but the actual timeout will decrease in accuracy as the specified
 timeout increases in decimal precision.  See also the \fI--connect-timeout\fP
 option.

+If this option is used several times, the last one will be used.
+.IP "--login-options <options>"
+Specify the login options to use during server authentication.
+
+You can use the login options to specify protocol specific options that may
+be used during authentication. At present only IMAP, POP3 and SMTP support
+login options. For more information about the login options please see
+RFC 2384, RFC 5092 and IETF draft draft-earhart-url-smtp-00.txt (Added in
+7.34.0).
+
 If this option is used several times, the last one will be used.
 .IP "--mail-auth <address>"
 (SMTP) Specify a single address. This will be used to specify the
@@ -991,18 +1056,13 @@ Very similar to \fI--netrc\fP, but this option makes the .netrc usage
 \fBoptional\fP and not mandatory as the \fI--netrc\fP option does.

 .IP "--negotiate"
-(HTTP) Enables GSS-Negotiate authentication. The GSS-Negotiate method was
-designed by Microsoft and is used in their web applications. It is primarily
-meant as a support for Kerberos5 authentication but may be also used along
-with another authentication method. For more information see IETF draft
-draft-brezak-spnego-http-04.txt.
+(HTTP) Enables Negotiate (SPNEGO) authentication.

-If you want to enable Negotiate for your proxy authentication, then use
+If you want to enable Negotiate (SPNEGO) for proxy authentication, then use
 \fI--proxy-negotiate\fP.

-This option requires a library built with GSSAPI support. This is
-not very common. Use \fI-V, --version\fP to see if your version supports
-GSS-Negotiate.
+This option requires a library built with GSS-API or SSPI support. Use \fI-V,
+--version\fP to see if your curl supports GSS-API/SSPI and SPNEGO.

 When using this option, you must also provide a fake \fI-u, --user\fP option to
 activate the authentication code properly. Sending a '-u :' is enough as the
@@ -1087,6 +1147,24 @@ is used in conjunction with the user name which can be specified as part of the
 The Bearer Token and user name are formatted according to RFC 6750.

 If this option is used several times, the last one will be used.
+.IP "--proxy-header <header>"
+(HTTP) Extra header to include in the request when sending HTTP to a
+proxy. You may specify any number of extra headers. This is the equivalent
+option to \fI-H, --header\fP but is for proxy communication only like in
+CONNECT requests when you want a separate header sent to the proxy to what is
+sent to the actual remote host.
+
+curl will make sure that each header you add/replace is sent with the proper
+end-of-line marker, you should thus \fBnot\fP add that as a part of the header
+content: do not add newlines or carriage returns, they will only mess things
+up for you.
+
+Headers specified with this option will not be included in requests that curl
+knows will not be sent to a proxy.
+
+This option can be used multiple times to add/replace/remove multiple headers.
+
+(Added in 7.37.0)
 .IP "-p, --proxytunnel"
 When an HTTP proxy is used (\fI-x, --proxy\fP), this option will cause non-HTTP
 protocols to attempt to tunnel through the proxy instead of merely using it to
@@ -1203,8 +1281,8 @@ the default authentication method curl uses with proxies.
 Tells curl to use HTTP Digest authentication when communicating with the given
 proxy. Use \fI--digest\fP for enabling HTTP Digest with a remote host.
 .IP "--proxy-negotiate"
-Tells curl to use HTTP Negotiate authentication when communicating
-with the given proxy. Use \fI--negotiate\fP for enabling HTTP Negotiate
+Tells curl to use HTTP Negotiate (SPNEGO) authentication when communicating
+with the given proxy. Use \fI--negotiate\fP for enabling HTTP Negotiate (SPNEGO)
 with a remote host. (Added in 7.17.1)
 .IP "--proxy-ntlm"
 Tells curl to use HTTP NTLM authentication when communicating with the given
@@ -1221,6 +1299,11 @@ protocol instead of the default HTTP 1.1.
 separate file.

 If this option is used several times, the last one will be used.
+
+(As of 7.39.0, curl attempts to automatically extract the public key from the
+private key file, so passing this option is generally not required. Note that
+this public key extraction requires libcurl to be linked against a copy of
+libssh2 1.2.8 or higher that is itself linked against OpenSSL.)
 .IP "-q"
 If used as the first parameter on the command line, the \fIcurlrc\fP config
 file will not be read and used. See the \fI-K, --config\fP for details on the
@@ -1404,7 +1487,7 @@ option name can still be used but will be removed in a future version.
 .IP "--ssl-allow-beast"
 (SSL) This option tells curl to not work around a security flaw in the SSL3
 and TLS1.0 protocols known as BEAST.  If this option isn't used, the SSL layer
-may use work-arounds known to cause interoperability problems with some older
+may use workarounds known to cause interoperability problems with some older
 SSL implementations. WARNING: this option loosens the SSL security, and by
 using this flag you ask for exactly that.  (Added in 7.25.0)
 .IP "--socks4 <host[:port]>"
@@ -1467,7 +1550,7 @@ sockd/proxy-name --socks5 proxy-name \fI--socks5-gssapi-service\fP
 sockd/real-name would use sockd/real-name for cases where the proxy-name does
 not match the principal name.  (Added in 7.19.4).
 .IP "--socks5-gssapi-nec"
-As part of the gssapi negotiation a protection mode is negotiated. RFC 1961
+As part of the GSS-API negotiation a protection mode is negotiated. RFC 1961
 says in section 4.3/4.4 it should be protected, but the NEC reference
 implementation does not.  The option \fI--socks5-gssapi-nec\fP allows the
 unprotected exchange of the protection mode negotiation. (Added in 7.19.4).
@@ -1572,31 +1655,41 @@ If this option is used several times, the last one will be used.
 .IP "--trace-time"
 Prepends a time stamp to each trace or verbose line that curl displays.
 (Added in 7.14.0)
-.IP "-u, --user <user:password;options>"
-Specify the user name, password and optional login options to use for server
-authentication. Overrides \fI-n, --netrc\fP and \fI--netrc-optional\fP.
+.IP "-u, --user <user:password>"
+Specify the user name and password to use for server authentication. Overrides
+\fI-n, --netrc\fP and \fI--netrc-optional\fP.

-If you simply specify the user name, with or without the login options, curl
-will prompt for a password.
+If you simply specify the user name, curl will prompt for a password.

-If you use an SSPI-enabled curl binary and perform NTLM authentication, you
-can force curl to select the user name and password from your environment by
-simply specifying a single colon with this option: "-u :" or by specfying the
-login options on their own, for example "-u ;auth=NTLM".
+The user name and passwords are split up on the first colon, which makes it
+impossible to use a colon in the user name with this option. The password can,
+still.

-You can use the optional login options part to specify protocol specific
-options that may be used during authentication. At present only IMAP, POP3 and
-SMTP support login options as part of the user login information. For more
-information about the login options please see RFC 2384, RFC 5092 and IETF
-draft draft-earhart-url-smtp-00.txt (Added in 7.31.0). 
+When using Kerberos V5 with a Windows based server you should include the
+Windows domain name in the user name, in order for the server to succesfully
+obtain a Kerberos Ticket. If you don't then the initial authentication
+handshake may fail.
+
+When using NTLM, the user name can be specified simply as the user name,
+without the domain, if there is a single domain and forest in your setup
+for example.
+
+To specify the domain name use either Down-Level Logon Name or UPN (User
+Principal Name) formats. For example, EXAMPLE\\user and user@example.com
+respectively.
+
+If you use a Windows SSPI-enabled curl binary and perform Kerberos V5,
+Negotiate, NTLM or DIGEST-MD5 authentication then you can tell curl to select
+the user name and password from your environment by specifying a single colon
+with this option: "-u :".

 If this option is used several times, the last one will be used.
 .IP "-U, --proxy-user <user:password>"
 Specify the user name and password to use for proxy authentication.

-If you use an SSPI-enabled curl binary and do NTLM authentication, you can
-force curl to pick up the user name and password from your environment by
-simply specifying a single colon with this option: "-U :".
+If you use a Windows SSPI-enabled curl binary and do either Negotiate or NTLM
+authentication then you can tell curl to select the user name and password
+from your environment by specifying a single colon with this option: "-U :".

 If this option is used several times, the last one will be used.
 .IP "--url <URL>"
@@ -1606,10 +1699,11 @@ URL(s) in a config file.
 This option may be used any number of times. To control where this URL is
 written, use the \fI-o, --output\fP or the \fI-O, --remote-name\fP options.
 .IP "-v, --verbose"
-Makes the fetching more verbose/talkative. Mostly useful for debugging. A line
-starting with '>' means "header data" sent by curl, '<' means "header data"
-received by curl that is hidden in normal cases, and a line starting with '*'
-means additional info provided by curl.
+Be more verbose/talkative during the operation. Useful for debugging and
+seeing what's going on "under the hood". A line starting with '>' means
+"header data" sent by curl, '<' means "header data" received by curl that is
+hidden in normal cases, and a line starting with '*' means additional info
+provided by curl.

 Note that if you only want HTTP headers in the output, \fI-i, --include\fP
 might be the option you're looking for.
@@ -1621,10 +1715,10 @@ This option overrides previous uses of \fI--trace-ascii\fP or \fI--trace\fP.

 Use \fI-s, --silent\fP to make curl quiet.
 .IP "-w, --write-out <format>"
-Defines what to display on stdout after a completed and successful
-operation. The format is a string that may contain plain text mixed with any
-number of variables. The string can be specified as "string", to get read from
-a particular file you specify it "@filename" and to tell curl to read the
+Make curl display information on stdout after a completed transfer. The format
+is a string that may contain plain text mixed with any number of
+variables. The format can be specified as a literal "string", or you can have
+curl read the format from a file with "@filename" and to tell curl to read the
 format from stdin you write "@-".

 The variables present in the output format will be substituted by the value or
@@ -1803,7 +1897,7 @@ Specifies a custom POP3 command to use instead of LIST or RETR. (Added in
 7.26.0)

 (IMAP)
-Specifies a custom IMAP command to use insead of LIST. (Added in 7.30.0)
+Specifies a custom IMAP command to use instead of LIST. (Added in 7.30.0)

 (SMTP)
 Specifies a custom SMTP command to use instead of HELP or VRFY. (Added in 7.34.0)
@@ -1845,7 +1939,8 @@ than the specified date/time.

 If this option is used several times, the last one will be used.
 .IP "-h, --help"
-Usage help.
+Usage help. This lists all current command line options with a short
+description.
 .IP "-M, --manual"
 Manual. Display the huge help text.
 .IP "-V, --version"
@@ -1865,29 +1960,32 @@ You can use IPv6 with this.
 .IP "krb4"
 Krb4 for FTP is supported.
 .IP "SSL"
-HTTPS and FTPS are supported.
+SSL versions of various protocols are supported, such as HTTPS, FTPS, POP3S
+and so on.
 .IP "libz"
 Automatic decompression of compressed files over HTTP is supported.
 .IP "NTLM"
 NTLM authentication is supported.
-.IP "GSS-Negotiate"
-Negotiate authentication and krb5 for FTP is supported.
 .IP "Debug"
 This curl uses a libcurl built with Debug. This enables more error-tracking
 and memory debugging etc. For curl-developers only!
 .IP "AsynchDNS"
-This curl uses asynchronous name resolves.
+This curl uses asynchronous name resolves. Asynchronous name resolves can be
+done using either the c-ares or the threaded resolver backends.
 .IP "SPNEGO"
-SPNEGO Negotiate authentication is supported.
+SPNEGO authentication is supported.
 .IP "Largefile"
 This curl supports transfers of large files, files larger than 2GB.
 .IP "IDN"
 This curl supports IDN - international domain names.
+.IP "GSS-API"
+GSS-API is supported.
 .IP "SSPI"
-SSPI is supported. If you use NTLM and set a blank user name, curl will
-authenticate with your current user and password.
+SSPI is supported.
 .IP "TLS-SRP"
 SRP (Secure Remote Password) authentication is supported for TLS.
+.IP "HTTP2"
+HTTP/2 support has been built-in.
 .IP "Metalink"
 This curl supports Metalink (both version 3 and 4 (RFC 5854)), which
 describes mirrors and hashes.  curl will use mirrors for failover if
@@ -2103,6 +2201,8 @@ unable to parse FTP file list
 FTP chunk callback reported error
 .IP 89
 No connection available, the session will be queued
+.IP 90
+SSL public key does not matched pinned public key
 .IP XX
 More error codes will appear here in future releases. The existing ones
 are meant to never change.
--- a/docs/examples/.gitignore
+++ b/docs/examples/.gitignore
@@ -20,15 +20,39 @@ httpcustomheader
 httpput
 https
 imap
+imap-append
+imap-copy
+imap-create
+imap-delete
+imap-examine
+imap-fetch
+imap-list
+imap-multi
+imap-noop
+imap-search
+imap-ssl
+imap-store
+imap-tls
 multi-app
 multi-debugcallback
 multi-double
 multi-post
 multi-single
 persistant
+pop3-dele
+pop3-list
+pop3-multi
+pop3-noop
+pop3-retr
+pop3-ssl
+pop3-stat
+pop3-tls
+pop3-top
+pop3-uidl
 pop3s
 pop3slist
 post-callback
+postinmemory
 postit2
 progressfunc
 resolve
@@ -40,8 +64,12 @@ simple
 simplepost
 simplesmtp
 simplessl
+smtp-expn
+smtp-mail
 smtp-multi
+smtp-ssl
 smtp-tls
+smtp-vrfy
 url2file
 usercertinmem
 xmlstream
--- a/docs/examples/Makefile.inc
+++ b/docs/examples/Makefile.inc
@@ -7,9 +7,9 @@ check_PROGRAMS = 10-at-a-time anyauthput cookie_interface debug fileupload \
  smtp-mail smtp-multi smtp-ssl smtp-tls smtp-vrfy smtp-expn rtsp \
  externalsocket resolve progressfunc pop3-retr pop3-list pop3-uidl pop3-dele \
  pop3-top pop3-stat pop3-noop pop3-ssl pop3-tls pop3-multi imap-list \
-  imap-fetch imap-store imap-append imap-examine imap-search imap-create \
-  imap-delete imap-copy imap-noop imap-ssl imap-tls imap-multi url2file \
-  sftpget ftpsget postinmemory
+  imap-lsub imap-fetch imap-store imap-append imap-examine imap-search \
+  imap-create imap-delete imap-copy imap-noop imap-ssl imap-tls imap-multi \
+  url2file sftpget ftpsget postinmemory

 # These examples require external dependencies that may not be commonly
 # available on POSIX systems, so don't bother attempting to compile them here.
--- a/docs/examples/Makefile.m32
+++ b/docs/examples/Makefile.m32
@@ -148,9 +148,6 @@ endif
 ifeq ($(findstring -sspi,$(CFG)),-sspi)
 SSPI = 1
 endif
-ifeq ($(findstring -spnego,$(CFG)),-spnego)
-SPNEGO = 1
-endif
 ifeq ($(findstring -ldaps,$(CFG)),-ldaps)
 LDAPS = 1
 endif
@@ -230,9 +227,6 @@ ifdef SSPI
    CFLAGS += -DUSE_SCHANNEL
  endif
 endif
-ifdef SPNEGO
-  CFLAGS += -DHAVE_SPNEGO
-endif
 ifdef IPV6
  CFLAGS += -DENABLE_IPV6 -D_WIN32_WINNT=0x0501
 endif
--- a/docs/examples/Makefile.netware
+++ b/docs/examples/Makefile.netware
@@ -211,9 +211,6 @@ endif
 ifeq ($(findstring -idn,$(CFG)),-idn)
 WITH_IDN = 1
 endif
-ifeq ($(findstring -spnego,$(CFG)),-spnego)
-WITH_SPNEGO = 1
-endif
 ifeq ($(findstring -ipv6,$(CFG)),-ipv6)
 ENABLE_IPV6 = 1
 endif
@@ -247,10 +244,6 @@ ifdef WITH_SSL
 	LDLIBS += $(OPENSSL_PATH)/out_nw_$(LIBARCH_L)/ssl.$(LIBEXT)
 	LDLIBS += $(OPENSSL_PATH)/out_nw_$(LIBARCH_L)/crypto.$(LIBEXT)
 	IMPORTS += GetProcessSwitchCount RunningProcess
-ifdef WITH_SPNEGO
-	# INCLUDES += -I$(FBOPENSSL_PATH)/include
-	LDLIBS += $(FBOPENSSL_PATH)/nw/fbopenssl.$(LIBEXT)
-endif
 else
 ifdef WITH_AXTLS
 	INCLUDES += -I$(AXTLS_PATH)/inc
--- a/docs/examples/cacertinmem.c
+++ b/docs/examples/cacertinmem.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -103,6 +103,10 @@ static CURLcode sslctx_function(CURL * curl, void * sslctx, void * parm)
  if (X509_STORE_add_cert(store, cert)==0)
    printf("error adding certificate\n");

+  /* decrease reference counts */
+  X509_free(cert);
+  BIO_free(bio);
+
  /* all set to go */
  return CURLE_OK ;
 }
@@ -121,7 +125,7 @@ int main(void)
  rv=curl_easy_setopt(ch,CURLOPT_WRITEFUNCTION, *writefunction);
  rv=curl_easy_setopt(ch,CURLOPT_WRITEDATA, stdout);
  rv=curl_easy_setopt(ch,CURLOPT_HEADERFUNCTION, *writefunction);
-  rv=curl_easy_setopt(ch,CURLOPT_WRITEHEADER, stderr);
+  rv=curl_easy_setopt(ch,CURLOPT_HEADERDATA, stderr);
  rv=curl_easy_setopt(ch,CURLOPT_SSLCERTTYPE,"PEM");
  rv=curl_easy_setopt(ch,CURLOPT_SSL_VERIFYPEER,1L);
  rv=curl_easy_setopt(ch, CURLOPT_URL, "https://www.example.com/");
--- a/docs/examples/evhiperfifo.c
+++ b/docs/examples/evhiperfifo.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -133,7 +133,6 @@ static void mcode_or_die(const char *where, CURLMcode code)
    const char *s;
    switch ( code )
    {
-    case CURLM_CALL_MULTI_PERFORM: s="CURLM_CALL_MULTI_PERFORM"; break;
    case CURLM_BAD_HANDLE:         s="CURLM_BAD_HANDLE";         break;
    case CURLM_BAD_EASY_HANDLE:    s="CURLM_BAD_EASY_HANDLE";    break;
    case CURLM_OUT_OF_MEMORY:      s="CURLM_OUT_OF_MEMORY";      break;
--- a/docs/examples/ftp-wildcard.c
+++ b/docs/examples/ftp-wildcard.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -26,7 +26,7 @@ struct callback_data {
  FILE *output;
 };

-static long file_is_comming(struct curl_fileinfo *finfo,
+static long file_is_coming(struct curl_fileinfo *finfo,
                           struct callback_data *data,
                           int remains);

@@ -61,7 +61,7 @@ int main(int argc, char **argv)
  curl_easy_setopt(handle, CURLOPT_WILDCARDMATCH, 1L);

  /* callback is called before download of concrete file started */
-  curl_easy_setopt(handle, CURLOPT_CHUNK_BGN_FUNCTION, file_is_comming);
+  curl_easy_setopt(handle, CURLOPT_CHUNK_BGN_FUNCTION, file_is_coming);

  /* callback is called after data from the file have been transferred */
  curl_easy_setopt(handle, CURLOPT_CHUNK_END_FUNCTION, file_is_downloaded);
@@ -89,7 +89,7 @@ int main(int argc, char **argv)
  return rc;
 }

-static long file_is_comming(struct curl_fileinfo *finfo,
+static long file_is_coming(struct curl_fileinfo *finfo,
                           struct callback_data *data,
                           int remains)
 {
--- a/docs/examples/ftpgetresp.c
+++ b/docs/examples/ftpgetresp.c
@@ -58,7 +58,7 @@ int main(void)
    /* If you intend to use this on windows with a libcurl DLL, you must use
       CURLOPT_WRITEFUNCTION as well */
    curl_easy_setopt(curl, CURLOPT_HEADERFUNCTION, write_response);
-    curl_easy_setopt(curl, CURLOPT_WRITEHEADER, respfile);
+    curl_easy_setopt(curl, CURLOPT_HEADERDATA, respfile);
    res = curl_easy_perform(curl);
    /* Check for errors */
    if(res != CURLE_OK)
--- a/docs/examples/ghiper.c
+++ b/docs/examples/ghiper.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -104,7 +104,6 @@ static void mcode_or_die(const char *where, CURLMcode code) {
  if ( CURLM_OK != code ) {
    const char *s;
    switch (code) {
-      case     CURLM_CALL_MULTI_PERFORM: s="CURLM_CALL_MULTI_PERFORM"; break;
      case     CURLM_BAD_HANDLE:         s="CURLM_BAD_HANDLE";         break;
      case     CURLM_BAD_EASY_HANDLE:    s="CURLM_BAD_EASY_HANDLE";    break;
      case     CURLM_OUT_OF_MEMORY:      s="CURLM_OUT_OF_MEMORY";      break;
--- a/docs/examples/hiperfifo.c
+++ b/docs/examples/hiperfifo.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -125,7 +125,6 @@ static void mcode_or_die(const char *where, CURLMcode code)
  if ( CURLM_OK != code ) {
    const char *s;
    switch (code) {
-      case     CURLM_CALL_MULTI_PERFORM: s="CURLM_CALL_MULTI_PERFORM"; break;
      case     CURLM_BAD_HANDLE:         s="CURLM_BAD_HANDLE";         break;
      case     CURLM_BAD_EASY_HANDLE:    s="CURLM_BAD_EASY_HANDLE";    break;
      case     CURLM_OUT_OF_MEMORY:      s="CURLM_OUT_OF_MEMORY";      break;
--- a/docs/examples/href_extractor.c
+++ b/docs/examples/href_extractor.c
@@ -74,7 +74,7 @@ int main(int argc, char *argv[])
  curl_easy_setopt(curl, CURLOPT_URL, argv[1]);
  curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_callback);
  curl_easy_setopt(curl, CURLOPT_WRITEDATA, hsp);
-  curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1);
+  curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L);

  curl_easy_perform(curl);

--- a/docs/examples/httpcustomheader.c
+++ b/docs/examples/httpcustomheader.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -31,20 +31,25 @@ int main(void)
  if(curl) {
    struct curl_slist *chunk = NULL;

-    chunk = curl_slist_append(chunk, "Accept: moo");
+    /* Remove a header curl would otherwise add by itself */
+    chunk = curl_slist_append(chunk, "Accept:");
+
+    /* Add a custom header */
    chunk = curl_slist_append(chunk, "Another: yes");

-    /* request with the built-in Accept: */
+    /* Modify a header curl otherwise adds differently */
+    chunk = curl_slist_append(chunk, "Host: example.com");
+
+    /* Add a header with "blank" contents to the right of the colon. Note that
+       we're then using a semicolon in the string we pass to curl! */
+    chunk = curl_slist_append(chunk, "X-silly-header;");
+
+    /* set our custom set of headers */
+    res = curl_easy_setopt(curl, CURLOPT_HTTPHEADER, chunk);
+
    curl_easy_setopt(curl, CURLOPT_URL, "localhost");
    curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
-    res = curl_easy_perform(curl);
-    /* Check for errors */
-    if(res != CURLE_OK)
-      fprintf(stderr, "curl_easy_perform() failed: %s\n",
-              curl_easy_strerror(res));

-    /* redo request with our own custom Accept: */
-    res = curl_easy_setopt(curl, CURLOPT_HTTPHEADER, chunk);
    res = curl_easy_perform(curl);
    /* Check for errors */
    if(res != CURLE_OK)
--- a/docs/examples/imap-append.c
+++ b/docs/examples/imap-append.c
@@ -20,6 +20,7 @@
 *
 ***************************************************************************/
 #include <stdio.h>
+#include <string.h>
 #include <curl/curl.h>

 /* This is a simple example showing how to send mail using libcurl's IMAP
--- a/docs/examples/imap-lsub.c
+++ b/docs/examples/imap-lsub.c
@@ -0,0 +1,62 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include <stdio.h>
+#include <curl/curl.h>
+
+/* This is a simple example showing how to list the subscribed folders within
+ * an IMAP mailbox.
+ *
+ * Note that this example requires libcurl 7.30.0 or above.
+ */
+
+int main(void)
+{
+  CURL *curl;
+  CURLcode res = CURLE_OK;
+
+  curl = curl_easy_init();
+  if(curl) {
+    /* Set username and password */
+    curl_easy_setopt(curl, CURLOPT_USERNAME, "user");
+    curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");
+
+    /* This is just the server URL */
+    curl_easy_setopt(curl, CURLOPT_URL, "imap://imap.example.com");
+
+    /* Set the LSUB command. Note the syntax is very similar to that of a LIST
+       command. */
+    curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "LSUB \"\" *");
+
+    /* Perform the custom request */
+    res = curl_easy_perform(curl);
+
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));
+
+    /* Always cleanup */
+    curl_easy_cleanup(curl);
+  }
+
+  return (int)res;
+}
--- a/docs/examples/multi-uv.c
+++ b/docs/examples/multi-uv.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -95,6 +95,31 @@ void add_download(const char *url, int num)
  fprintf(stderr, "Added download %s -> %s\n", url, filename);
 }

+static void check_multi_info(void)
+{
+  int running_handles;
+  char *done_url;
+  CURLMsg *message;
+  int pending;
+
+  while ((message = curl_multi_info_read(curl_handle, &pending))) {
+    switch (message->msg) {
+    case CURLMSG_DONE:
+      curl_easy_getinfo(message->easy_handle, CURLINFO_EFFECTIVE_URL,
+                        &done_url);
+      printf("%s DONE\n", done_url);
+
+      curl_multi_remove_handle(curl_handle, message->easy_handle);
+      curl_easy_cleanup(message->easy_handle);
+      break;
+
+    default:
+      fprintf(stderr, "CURLMSG default\n");
+      break;
+    }
+  }
+}
+
 void curl_perform(uv_poll_t *req, int status, int events)
 {
  int running_handles;
@@ -116,22 +141,7 @@ void curl_perform(uv_poll_t *req, int status, int events)
  curl_multi_socket_action(curl_handle, context->sockfd, flags,
                           &running_handles);

-  while ((message = curl_multi_info_read(curl_handle, &pending))) {
-    switch (message->msg) {
-    case CURLMSG_DONE:
-      curl_easy_getinfo(message->easy_handle, CURLINFO_EFFECTIVE_URL,
-                        &done_url);
-      printf("%s DONE\n", done_url);
-
-      curl_multi_remove_handle(curl_handle, message->easy_handle);
-      curl_easy_cleanup(message->easy_handle);
-
-      break;
-    default:
-      fprintf(stderr, "CURLMSG default\n");
-      abort();
-    }
-  }
+  check_multi_info();
 }

 void on_timeout(uv_timer_t *req, int status)
@@ -139,6 +149,7 @@ void on_timeout(uv_timer_t *req, int status)
  int running_handles;
  curl_multi_socket_action(curl_handle, CURL_SOCKET_TIMEOUT, 0,
                           &running_handles);
+  check_multi_info();
 }

 void start_timeout(CURLM *multi, long timeout_ms, void *userp)
--- a/docs/examples/rtsp.c
+++ b/docs/examples/rtsp.c
@@ -224,7 +224,7 @@ int main(int argc, char * const argv[])
      if (curl != NULL) {
        my_curl_easy_setopt(curl, CURLOPT_VERBOSE, 0L);
        my_curl_easy_setopt(curl, CURLOPT_NOPROGRESS, 1L);
-        my_curl_easy_setopt(curl, CURLOPT_WRITEHEADER, stdout);
+        my_curl_easy_setopt(curl, CURLOPT_HEADERDATA, stdout);
        my_curl_easy_setopt(curl, CURLOPT_URL, url);

        /* request server options */
--- a/docs/examples/sepheaders.c
+++ b/docs/examples/sepheaders.c
@@ -66,7 +66,7 @@ int main(void)
  }

  /* we want the headers be written to this file handle */
-  curl_easy_setopt(curl_handle,   CURLOPT_WRITEHEADER, headerfile);
+  curl_easy_setopt(curl_handle,   CURLOPT_HEADERDATA, headerfile);

  /* we want the body be written to this file handle instead of stdout */
  curl_easy_setopt(curl_handle,   CURLOPT_WRITEDATA, bodyfile);
--- a/docs/examples/simplessl.c
+++ b/docs/examples/simplessl.c
@@ -75,7 +75,7 @@ int main(void)
  if(curl) {
    /* what call to write: */
    curl_easy_setopt(curl, CURLOPT_URL, "HTTPS://your.favourite.ssl.site");
-    curl_easy_setopt(curl, CURLOPT_WRITEHEADER, headerfile);
+    curl_easy_setopt(curl, CURLOPT_HEADERDATA, headerfile);

    for(i = 0; i < 1; i++) /* single-iteration loop, just to break out from */
    {
--- a/docs/examples/url2file.c
+++ b/docs/examples/url2file.c
@@ -63,9 +63,8 @@ int main(int argc, char *argv[])
  pagefile = fopen(pagefilename, "wb");
  if (pagefile) {

-    /* write the page body to this file handle. CURLOPT_FILE is also known as
-       CURLOPT_WRITEDATA*/
-    curl_easy_setopt(curl_handle, CURLOPT_FILE, pagefile);
+    /* write the page body to this file handle */
+    curl_easy_setopt(curl_handle, CURLOPT_WRITEDATA, pagefile);

    /* get it! */
    curl_easy_perform(curl_handle);
--- a/docs/examples/usercertinmem.c
+++ b/docs/examples/usercertinmem.c
@@ -184,7 +184,7 @@ int main(void)
  rv = curl_easy_setopt(ch,CURLOPT_WRITEFUNCTION, *writefunction);
  rv = curl_easy_setopt(ch,CURLOPT_WRITEDATA, stdout);
  rv = curl_easy_setopt(ch,CURLOPT_HEADERFUNCTION, *writefunction);
-  rv = curl_easy_setopt(ch,CURLOPT_WRITEHEADER, stderr);
+  rv = curl_easy_setopt(ch,CURLOPT_HEADERDATA, stderr);
  rv = curl_easy_setopt(ch,CURLOPT_SSLCERTTYPE,"PEM");

  /* both VERIFYPEER and VERIFYHOST are set to 0 in this case because there is
--- a/docs/libcurl/ABI
+++ b/docs/libcurl/ABI
@@ -7,16 +7,16 @@
                          libcurl's binary interface

 ABI - Application Binary Interface
+----------------------------------

-  First, allow me to define the word for this context: ABI describes the
-  low-level interface between an application program and a library. Calling
-  conventions, function arguments, return values, struct sizes/defines and
-  more.
+  "ABI" describes the low-level interface between an application program and a
+  library. Calling conventions, function arguments, return values, struct
+  sizes/defines and more.

-  For a longer description, see
-  http://en.wikipedia.org/wiki/Application_binary_interface
+  [Wikipedia has a longer description](http://en.wikipedia.org/wiki/Application_binary_interface)

 Upgrades
+--------

  In the vast majority of all cases, a typical libcurl upgrade does not break
  the ABI at all. Your application can remain using libcurl just as before,
@@ -26,11 +26,13 @@ Upgrades
  it now is defined to work.

 Version Numbers
+---------------

  In libcurl land, you really can't tell by the libcurl version number if that
  libcurl is binary compatible or not with another libcurl version.

 Soname Bumps
+------------

  Whenever there are changes done to the library that will cause an ABI
  breakage, that may require your application to get attention or possibly be
@@ -43,7 +45,11 @@ Soname Bumps
  During the first seven years of libcurl releases, there have only been four
  ABI breakages.

+  We are determined to bump the SONAME as rarely as possible.  Ideally, we
+  never do it again.
+
 Downgrades
+----------

  Going to an older libcurl version from one you're currently using can be a
  tricky thing. Mostly we add features and options to newer libcurls as that
@@ -54,6 +60,7 @@ Downgrades
  soname, and then your application may need to adapt to the modified ABI.

 History
+-------

  The previous major library soname number bumps (breaking backwards
  compatibility) have happened the following times:
--- a/docs/libcurl/Makefile.am
+++ b/docs/libcurl/Makefile.am
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -22,6 +22,8 @@

 AUTOMAKE_OPTIONS = foreign no-dependencies

+SUBDIRS = opts
+
 man_MANS = curl_easy_cleanup.3 curl_easy_getinfo.3 curl_easy_init.3	 \
 curl_easy_perform.3 curl_easy_setopt.3 curl_easy_duphandle.3		 \
 curl_formadd.3 curl_formfree.3 curl_getdate.3 curl_getenv.3		 \
@@ -91,11 +93,13 @@ MAN2HTML= roffit --mandir=. < $< >$@
 SUFFIXES = .3 .html

 html: $(HTMLPAGES)
+	cd opts; make html

 .3.html:
 	$(MAN2HTML)

 pdf: $(PDFPAGES)
+	cd opts; make pdf

 .3.pdf:
 	@(foo=`echo $@ | sed -e 's/\.[0-9]$$//g'`; \
--- a/docs/libcurl/curl_easy_cleanup.3
+++ b/docs/libcurl/curl_easy_cleanup.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -22,20 +22,20 @@
 .\"
 .TH curl_easy_cleanup 3 "22 aug 2007" "libcurl 7.17.0" "libcurl Manual"
 .SH NAME
-curl_easy_cleanup - End a libcurl easy session
+curl_easy_cleanup - End a libcurl easy handle
 .SH SYNOPSIS
 .B #include <curl/curl.h>

 .BI "void curl_easy_cleanup(CURL *" handle ");"
-
 .SH DESCRIPTION
 This function must be the last function to call for an easy session. It is the
 opposite of the \fIcurl_easy_init(3)\fP function and must be called with the
-same \fIhandle\fP as input that the curl_easy_init call returned.
+same \fIhandle\fP as input that a \fIcurl_easy_init(3)\fP call returned.

-This will effectively close all connections this handle has used and possibly
-has kept open until now. Don't call this function if you intend to transfer
-more files.
+This might close all connections this handle has used and possibly has kept
+open until now - unless it was attached to a multi handle while doing the
+transfers. Don't call this function if you intend to transfer more files,
+re-using handles is a key to good performance with libcurl.

 Occasionally you may get your progress callback or header callback called from
 within \fIcurl_easy_cleanup(3)\fP (if previously set for the handle using
@@ -43,13 +43,13 @@ within \fIcurl_easy_cleanup(3)\fP (if previously set for the handle using
 connection and the protocol is of a kind that requires a command/response
 sequence before disconnect. Examples of such protocols are FTP, POP3 and IMAP.

-Any uses of the \fBhandle\fP after this function has been called and have
-returned, are illegal. This kills the handle and all memory associated with
-it!
+Any use of the \fBhandle\fP after this function has been called and have
+returned, is illegal. \fIcurl_easy_cleanup(3)\fP kills the handle and all
+memory associated with it!

-With libcurl versions prior to 7.17.: when you've called this, you can safely
-remove all the strings you've previously told libcurl to use, as it won't use
-them anymore now.
+For libcurl versions before 7.17,: after you've called this function, you can
+safely remove all the strings you've previously told libcurl to use, as it
+won't use them anymore now.
 .SH RETURN VALUE
 None
 .SH "SEE ALSO"
--- a/docs/libcurl/curl_easy_duphandle.3
+++ b/docs/libcurl/curl_easy_duphandle.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -19,7 +19,7 @@
 .\" * KIND, either express or implied.
 .\" *
 .\" **************************************************************************
-.TH curl_easy_duphandle 3 "18 September 2001" "libcurl 7.9" "libcurl Manual"
+.TH curl_easy_duphandle 3 "19 Sep 2014" "libcurl" "libcurl Manual"
 .SH NAME
 curl_easy_duphandle - Clone a libcurl session handle
 .SH SYNOPSIS
@@ -47,5 +47,4 @@ in a synchronous way, the input handle may not be in use when cloned.
 If this function returns NULL, something went wrong and no valid handle was
 returned.
 .SH "SEE ALSO"
-.BR curl_easy_init "(3)," curl_easy_cleanup "(3)," curl_global_init "(3)
-
+.BR curl_easy_init "(3)," curl_easy_cleanup "(3)," curl_global_init "(3)"
--- a/docs/libcurl/curl_easy_getinfo.3
+++ b/docs/libcurl/curl_easy_getinfo.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -60,9 +60,9 @@ Pass a pointer to a long to receive the remote time of the retrieved document
 -1, it can be because of many reasons (unknown, the server hides it or the
 server doesn't support the command that tells document time etc) and the time
 of the document is unknown. Note that you must tell the server to collect this
-information before the transfer is made, by using the CURLOPT_FILETIME option
-to \fIcurl_easy_setopt(3)\fP or you will unconditionally get a -1 back. (Added
-in 7.5)
+information before the transfer is made, by using the
+\fICURLOPT_FILETIME(3)\fP option to \fIcurl_easy_setopt(3)\fP or you will
+unconditionally get a -1 back. (Added in 7.5)
 .IP CURLINFO_TOTAL_TIME
 Pass a pointer to a double to receive the total time in seconds for the
 previous transfer, including name resolving, TCP connect etc.
@@ -76,8 +76,8 @@ start until the connect to the remote host (or proxy) was completed.
 Pass a pointer to a double to receive the time, in seconds, it took from the
 start until the SSL/SSH connect/handshake to the remote host was completed.
 This time is most often very near to the PRETRANSFER time, except for cases
-such as HTTP pippelining where the pretransfer time can be delayed due to
-waits in line for the pipeline and more. (Added in 7.19.0)
+such as HTTP pipelining where the pretransfer time can be delayed due to waits
+in line for the pipeline and more. (Added in 7.19.0)
 .IP CURLINFO_PRETRANSFER_TIME
 Pass a pointer to a double to receive the time, in seconds, it took from the
 start until the file transfer is just about to begin. This includes all
@@ -99,17 +99,19 @@ Pass a pointer to a long to receive the total number of redirections that were
 actually followed.  (Added in 7.9.7)
 .IP CURLINFO_REDIRECT_URL
 Pass a pointer to a char pointer to receive the URL a redirect \fIwould\fP
-take you to if you would enable CURLOPT_FOLLOWLOCATION. This can come very
-handy if you think using the built-in libcurl redirect logic isn't good enough
-for you but you would still prefer to avoid implementing all the magic of
-figuring out the new URL. (Added in 7.18.2)
+take you to if you would enable \fICURLOPT_FOLLOWLOCATION(3)\fP. This can come
+very handy if you think using the built-in libcurl redirect logic isn't good
+enough for you but you would still prefer to avoid implementing all the magic
+of figuring out the new URL. (Added in 7.18.2)
 .IP CURLINFO_SIZE_UPLOAD
 Pass a pointer to a double to receive the total amount of bytes that were
 uploaded.
 .IP CURLINFO_SIZE_DOWNLOAD
 Pass a pointer to a double to receive the total amount of bytes that were
 downloaded. The amount is only for the latest transfer and will be reset again
-for each new transfer.
+for each new transfer. This counts actual payload data, what's also commonly
+called body. All meta and header data are excluded and will not be counted in
+this number.
 .IP CURLINFO_SPEED_DOWNLOAD
 Pass a pointer to a double to receive the average download speed that curl
 measured for the complete download. Measured in bytes/second.
@@ -125,8 +127,8 @@ requests. This is so far only for HTTP requests. Note that this may be more
 than one request if FOLLOWLOCATION is true.
 .IP CURLINFO_SSL_VERIFYRESULT
 Pass a pointer to a long to receive the result of the certification
-verification that was requested (using the CURLOPT_SSL_VERIFYPEER option to
-\fIcurl_easy_setopt(3)\fP).
+verification that was requested (using the \fICURLOPT_SSL_VERIFYPEER(3)\fP
+option to \fIcurl_easy_setopt(3)\fP).
 .IP CURLINFO_SSL_ENGINES
 Pass the address of a 'struct curl_slist *' to receive a linked-list of
 OpenSSL crypto-engines supported. Note that engines are normally implemented
@@ -148,14 +150,15 @@ it means that the server didn't send a valid Content-Type header or that the
 protocol used doesn't support this.
 .IP CURLINFO_PRIVATE
 Pass a pointer to a char pointer to receive the pointer to the private data
-associated with the curl handle (set with the CURLOPT_PRIVATE option to
-\fIcurl_easy_setopt(3)\fP). Please note that for internal reasons, the
+associated with the curl handle (set with the \fICURLOPT_PRIVATE(3)\fP option
+to \fIcurl_easy_setopt(3)\fP). Please note that for internal reasons, the
 value is returned as a char pointer, although effectively being a 'void *'.
 (Added in 7.10.3)
 .IP CURLINFO_HTTPAUTH_AVAIL
 Pass a pointer to a long to receive a bitmask indicating the authentication
 method(s) available. The meaning of the bits is explained in the
-CURLOPT_HTTPAUTH option for \fIcurl_easy_setopt(3)\fP.  (Added in 7.10.8)
+\fICURLOPT_HTTPAUTH(3)\fP option for \fIcurl_easy_setopt(3)\fP.  (Added in
+7.10.8)
 .IP CURLINFO_PROXYAUTH_AVAIL
 Pass a pointer to a long to receive a bitmask indicating the authentication
 method(s) available for your proxy authentication.  (Added in 7.10.8)
@@ -199,8 +202,8 @@ Pass a pointer to a long to receive the last socket used by this curl
 session. If the socket is no longer valid, -1 is returned. When you finish
 working with the socket, you must call curl_easy_cleanup() as usual and let
 libcurl close the socket and cleanup other resources associated with the
-handle. This is typically used in combination with \fICURLOPT_CONNECT_ONLY\fP.
-(Added in 7.15.2)
+handle. This is typically used in combination with
+\fICURLOPT_CONNECT_ONLY(3)\fP.  (Added in 7.15.2)

 NOTE: this API is not really working on win64, since the SOCKET type on win64
 is 64 bit large while its 'long' is only 32 bits.
@@ -214,18 +217,18 @@ Also works for SFTP since 7.21.4
 .IP CURLINFO_CERTINFO
 Pass a pointer to a 'struct curl_certinfo *' and you'll get it set to point to
 struct that holds a number of linked lists with info about the certificate
-chain, assuming you had CURLOPT_CERTINFO enabled when the previous request was
-done. The struct reports how many certs it found and then you can extract info
-for each of those certs by following the linked lists. The info chain is
-provided in a series of data in the format "name:content" where the content is
-for the specific named data. See also the certinfo.c example. NOTE: this
-option is only available in libcurl built with OpenSSL, NSS, GSKit or QsoSSL
+chain, assuming you had \fICURLOPT_CERTINFO(3)\fP enabled when the previous
+request was done. The struct reports how many certs it found and then you can
+extract info for each of those certs by following the linked lists. The info
+chain is provided in a series of data in the format "name:content" where the
+content is for the specific named data. See also the certinfo.c example. NOTE:
+this option is only available in libcurl built with OpenSSL, NSS or GSKit
 support. (Added in 7.19.1)
 .IP CURLINFO_TLS_SESSION
-Pass a pointer to a 'struct curl_tlsinfo *'.  The pointer will be initialized
-to refer to a 'struct curl_tlsinfo *' that will contain an enum indicating the
-SSL library used for the handshake and the respective internal TLS session
-structure of this underlying SSL library.
+Pass a pointer to a 'struct curl_tlssessioninfo *'.  The pointer will be
+initialized to refer to a 'struct curl_tlssessioninfo *' that will contain an
+enum indicating the SSL library used for the handshake and the respective
+internal TLS session structure of this underlying SSL library.

 This may then be used to extract certificate information in a format
 convenient for further processing, such as manual validation. NOTE: this
@@ -235,8 +238,8 @@ this does not mean that no SSL backend was used. (Added in 7.34.0)

 .IP CURLINFO_CONDITION_UNMET
 Pass a pointer to a long to receive the number 1 if the condition provided in
-the previous request didn't match (see \fICURLOPT_TIMECONDITION\fP). Alas, if
-this returns a 1 you know that the reason you didn't get data in return is
+the previous request didn't match (see \fICURLOPT_TIMECONDITION(3)\fP). Alas,
+if this returns a 1 you know that the reason you didn't get data in return is
 because it didn't fulfill the condition. The long ths argument points to will
 get a zero stored if the condition instead was met. (Added in 7.19.4)
 .IP CURLINFO_RTSP_SESSION_ID
--- a/docs/libcurl/curl_easy_init.3
+++ b/docs/libcurl/curl_easy_init.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -26,24 +26,21 @@ curl_easy_init - Start a libcurl easy session
 .B #include <curl/curl.h>

 .BI "CURL *curl_easy_init( );"
-
 .SH DESCRIPTION
 This function must be the first function to call, and it returns a CURL easy
-handle that you must use as input to other easy-functions. curl_easy_init
-initializes curl and this call \fBMUST\fP have a corresponding call to
+handle that you must use as input to other functions in the easy
+interface. This call \fBMUST\fP have a corresponding call to
 \fIcurl_easy_cleanup(3)\fP when the operation is complete.

-If you did not already call \fIcurl_global_init(3)\fP,
-\fIcurl_easy_init(3)\fP does it automatically.
-This may be lethal in multi-threaded cases, since \fIcurl_global_init(3)\fP is
-not thread-safe, and it may result in resource problems because there is
-no corresponding cleanup.
-
-You are strongly advised to not allow this automatic behaviour, by
-calling \fIcurl_global_init(3)\fP yourself properly.
-See the description in \fBlibcurl\fP(3) of global environment
-requirements for details of how to use this function.
+If you did not already call \fIcurl_global_init(3)\fP, \fIcurl_easy_init(3)\fP
+does it automatically.  This may be lethal in multi-threaded cases, since
+\fIcurl_global_init(3)\fP is not thread-safe, and it may result in resource
+problems because there is no corresponding cleanup.

+You are strongly advised to not allow this automatic behaviour, by calling
+\fIcurl_global_init(3)\fP yourself properly.  See the description in
+\fBlibcurl\fP(3) of global environment requirements for details of how to use
+this function.
 .SH RETURN VALUE
 If this function returns NULL, something went wrong and you cannot use the
 other curl functions.
--- a/docs/libcurl/curl_easy_pause.3
+++ b/docs/libcurl/curl_easy_pause.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -40,9 +40,8 @@ the writing is later unpaused.

 While it may feel tempting, take care and notice that you cannot call this
 function from another thread. To unpause, you may for example call it from the
-progress callback (see \fIcurl_easy_setopt(3)\fP's
-\fICURLOPT_PROGRESSFUNCTION\fP), which gets called at least once per second,
-even if the connection is paused.
+progress callback (\fICURLOPT_PROGRESSFUNCTION(3)\fP), which gets called at
+least once per second, even if the connection is paused.

 When this function is called to unpause reading, the chance is high that you
 will get your write callback called before this function returns.
@@ -55,11 +54,11 @@ connection. The following bits can be used:
 .IP CURLPAUSE_RECV
 Pause receiving data. There will be no data received on this connection until
 this function is called again without this bit set. Thus, the write callback
-(\fICURLOPT_WRITEFUNCTION\fP) won't be called.
+(\fICURLOPT_WRITEFUNCTION(3)\fP) won't be called.
 .IP CURLPAUSE_SEND
 Pause sending data. There will be no data sent on this connection until this
 function is called again without this bit set. Thus, the read callback
-(\fICURLOPT_READFUNCTION\fP) won't be called.
+(\fICURLOPT_READFUNCTION(3)\fP) won't be called.
 .IP CURLPAUSE_ALL
 Convenience define that pauses both directions.
 .IP CURLPAUSE_CONT
--- a/docs/libcurl/curl_easy_perform.3
+++ b/docs/libcurl/curl_easy_perform.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -25,33 +25,41 @@ curl_easy_perform - Perform a file transfer
 .SH SYNOPSIS
 .B #include <curl/curl.h>
 .sp
-.BI "CURLcode curl_easy_perform(CURL *" handle ");"
+.BI "CURLcode curl_easy_perform(CURL *" easy_handle ");"
 .ad
 .SH DESCRIPTION
-This function is called after the init and all the \fIcurl_easy_setopt(3)\fP
-calls are made, and will perform the transfer as described in the options.  It
-must be called with the same
-.I handle
-as input as the curl_easy_init call returned.
+Invoke this function after \fIcurl_easy_init(3)\fP and all the
+\fIcurl_easy_setopt(3)\fP calls are made, and will perform the transfer as
+described in the options. It must be called with the same \fBeasy_handle\fP as
+input as the \fIcurl_easy_init(3)\fP call returned.
+
+\fIcurl_easy_perform(3)\fP performs the entire request in a blocking manner
+and returns when done, or if it failed. For non-blocking behavior, see
+\fIcurl_multi_perform(3)\fP.

 You can do any amount of calls to \fIcurl_easy_perform(3)\fP while using the
-same handle. If you intend to transfer more than one file, you are even
-encouraged to do so. libcurl will then attempt to re-use the same connection
-for the following transfers, thus making the operations faster, less CPU
-intense and using less network resources. Just note that you will have to use
-\fIcurl_easy_setopt(3)\fP between the invokes to set options for the following
-curl_easy_perform.
+same \fBeasy_handle\fP. If you intend to transfer more than one file, you are
+even encouraged to do so. libcurl will then attempt to re-use the same
+connection for the following transfers, thus making the operations faster,
+less CPU intense and using less network resources. Just note that you will
+have to use \fIcurl_easy_setopt(3)\fP between the invokes to set options for
+the following curl_easy_perform.

 You must never call this function simultaneously from two places using the
-same handle. Let the function return first before invoking it another time. If
-you want parallel transfers, you must use several curl handles.
+same \fBeasy_handle\fP. Let the function return first before invoking it
+another time. If you want parallel transfers, you must use several curl
+easy_handles.
+
+While the \fBeasy_handle\fP is added to a multi handle, it cannot be used by
+\fIcurl_easy_perform(3)\fP.
 .SH RETURN VALUE
-0 means everything was ok, non-zero means an error occurred as
+CURLE_OK (0) means everything was ok, non-zero means an error occurred as
 .I <curl/curl.h>
-defines. If the CURLOPT_ERRORBUFFER was set with
-.I curl_easy_setopt
-there will be a readable error message in the error buffer when non-zero is
-returned.
+defines - see \fIlibcurl-errors(3)\fP. If the \fBCURLOPT_ERRORBUFFER(3)\fP was
+set with \fIcurl_easy_setopt(3)\fP there will be a readable error message in
+the error buffer when non-zero is returned.
 .SH "SEE ALSO"
 .BR curl_easy_init "(3), " curl_easy_setopt "(3), "
+.BR curl_multi_add_handle "(3), " curl_multi_perform "(3), "
+.BR libcurl-errors "(3), "

--- a/docs/libcurl/curl_easy_recv.3
+++ b/docs/libcurl/curl_easy_recv.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -41,7 +41,7 @@ data. \fBbuflen\fP is the maximum amount of data you can get in that
 buffer. The variable \fBn\fP points to will receive the number of received
 bytes.

-To establish the connection, set \fBCURLOPT_CONNECT_ONLY\fP option before
+To establish the connection, set \fBCURLOPT_CONNECT_ONLY(3)\fP option before
 calling \fIcurl_easy_perform(3)\fP. Note that \fIcurl_easy_recv(3)\fP does not
 work on connections that were created without this option.

--- a/docs/libcurl/curl_easy_reset.3
+++ b/docs/libcurl/curl_easy_reset.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -39,5 +39,6 @@ This function was added in libcurl 7.12.1
 .SH RETURN VALUE
 Nothing
 .SH "SEE ALSO"
-.BR curl_easy_init "(3)," curl_easy_cleanup "(3)," curl_easy_setopt "(3)
+.BR curl_easy_init "(3)," curl_easy_cleanup "(3)," curl_easy_setopt "(3),"
+.BR curl_easy_duphandle "(3)"

--- a/docs/libcurl/curl_easy_send.3
+++ b/docs/libcurl/curl_easy_send.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -39,7 +39,7 @@ connection set-up.
 \fBbuffer\fP is a pointer to the data of length \fBbuflen\fP that you want sent.
 The variable \fBn\fP points to will receive the number of sent bytes.

-To establish the connection, set \fBCURLOPT_CONNECT_ONLY\fP option before
+To establish the connection, set \fBCURLOPT_CONNECT_ONLY(3)\fP option before
 calling \fIcurl_easy_perform(3)\fP. Note that \fIcurl_easy_send(3)\fP will not
 work on connections that were created without this option.

--- a/docs/libcurl/curl_easy_setopt.3
+++ b/docs/libcurl/curl_easy_setopt.3
--- a/docs/libcurl/curl_easy_strerror.3
+++ b/docs/libcurl/curl_easy_strerror.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -27,8 +27,11 @@ curl_easy_strerror - return string describing error code

 const char *curl_easy_strerror(CURLcode errornum);
 .SH DESCRIPTION
-The curl_easy_strerror() function returns a string describing the CURLcode
-error code passed in the argument \fIerrornum\fP.
+The \fIcurl_easy_strerror(3)\fP function returns a string describing the
+CURLcode error code passed in the argument \fIerrornum\fP.
+
+Typically applications also appreciate \fICURLOPT_ERRORBUFFER(3)\fP for more
+specific error descriptions generated at run-time.
 .SH AVAILABILITY
 This function was added in libcurl 7.12.0
 .SH RETURN VALUE
--- a/docs/libcurl/curl_easy_unescape.3
+++ b/docs/libcurl/curl_easy_unescape.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2008, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -48,4 +48,4 @@ Added in 7.15.4 and replaces the old \fIcurl_unescape(3)\fP function.
 .SH RETURN VALUE
 A pointer to a zero terminated string or NULL if it failed.
 .SH "SEE ALSO"
-.I curl_easy_escape(3), curl_free(3), RFC 2396
+.BR curl_easy_escape "(3), " curl_free "(3)," RFC 2396
--- a/docs/libcurl/curl_formadd.3
+++ b/docs/libcurl/curl_formadd.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -32,7 +32,7 @@ curl_formadd - add a section to a multipart/formdata HTTP POST
 curl_formadd() is used to append sections when building a multipart/formdata
 HTTP POST (sometimes referred to as RFC2388-style posts). Append one section
 at a time until you've added all the sections you want included and then you
-pass the \fIfirstitem\fP pointer as parameter to \fBCURLOPT_HTTPPOST\fP.
+pass the \fIfirstitem\fP pointer as parameter to \fBCURLOPT_HTTPPOST(3)\fP.
 \fIlastitem\fP is set after each \fIcurl_formadd(3)\fP call and on repeated
 invokes it should be left as set to allow repeated invokes to find the end of
 the list faster.
@@ -45,7 +45,7 @@ the function itself. You must call \fIcurl_formfree(3)\fP on the
 \fIfirstitem\fP after the form post has been done to free the resources.

 Using POST with HTTP 1.1 implies the use of a "Expect: 100-continue" header.
-You can disable this header with \fICURLOPT_HTTPHEADER\fP as usual.
+You can disable this header with \fICURLOPT_HTTPHEADER(3)\fP as usual.

 First, there are some basics you need to understand about multipart/formdata
 posts. Each part consists of at least a NAME and a CONTENTS part. If the part
@@ -86,6 +86,10 @@ you must set its length  with \fBCURLFORM_CONTENTSLENGTH\fP.
 .IP CURLFORM_CONTENTSLENGTH
 followed by a long giving the length of the contents. Note that for
 \fICURLFORM_STREAM\fP contents, this option is mandatory.
+
+If you pass a 0 (zero) for this option, libcurl will instead do a strlen() on
+the contents to figure out the size. If you really want to send a zero byte
+content then you must make sure strlen() on the data pointer returns zero.
 .IP CURLFORM_FILECONTENT
 followed by a filename, causes that file to be read and its contents used
 as data in this part. This part does \fInot\fP automatically become a file
@@ -121,12 +125,13 @@ to the buffer to be uploaded. This buffer must not be freed until after
 is used in combination with \fICURLFORM_BUFFER\fP. The parameter is a
 long which gives the length of the buffer.
 .IP CURLFORM_STREAM
-Tells libcurl to use the \fICURLOPT_READFUNCTION\fP callback to get data. The
-parameter you pass to \fICURLFORM_STREAM\fP is the pointer passed on to the
-read callback's fourth argument. If you want the part to look like a file
-upload one, set the \fICURLFORM_FILENAME\fP parameter as well. Note that when
-using \fICURLFORM_STREAM\fP, \fICURLFORM_CONTENTSLENGTH\fP must also be set
-with the total expected length of the part. (Option added in libcurl 7.18.2)
+Tells libcurl to use the \fICURLOPT_READFUNCTION(3)\fP callback to get
+data. The parameter you pass to \fICURLFORM_STREAM\fP is the pointer passed on
+to the read callback's fourth argument. If you want the part to look like a
+file upload one, set the \fICURLFORM_FILENAME\fP parameter as well. Note that
+when using \fICURLFORM_STREAM\fP, \fICURLFORM_CONTENTSLENGTH\fP must also be
+set with the total expected length of the part. (Option added in libcurl
+7.18.2)
 .IP CURLFORM_ARRAY
 Another possibility to send options to curl_formadd() is the
 \fBCURLFORM_ARRAY\fP option, that passes a struct curl_forms array pointer as
@@ -142,7 +147,7 @@ the POST occurs, if you free it before the post completes you may experience
 problems.

 When you've passed the HttpPost pointer to \fIcurl_easy_setopt(3)\fP (using
-the \fICURLOPT_HTTPPOST\fP option), you must not free the list until after
+the \fICURLOPT_HTTPPOST(3)\fP option), you must not free the list until after
 you've called \fIcurl_easy_cleanup(3)\fP for the curl handle.

 See example below.
--- a/docs/libcurl/curl_formfree.3
+++ b/docs/libcurl/curl_formfree.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -33,8 +33,8 @@ curl_formfree() is used to clean up data previously built/appended with
 typically means after \fIcurl_easy_perform(3)\fP has been called.

 The pointer to free is the same pointer you passed to the
-\fBCURLOPT_HTTPPOST\fP option, which is the \fIfirstitem\fP pointer from the
-\fIcurl_formadd(3)\fP invoke(s).
+\fBCURLOPT_HTTPPOST(3)\fP option, which is the \fIfirstitem\fP pointer from
+the \fIcurl_formadd(3)\fP invoke(s).

 \fBform\fP is the pointer as returned from a previous call to
 \fIcurl_formadd(3)\fP and may be NULL.
--- a/docs/libcurl/curl_free.3
+++ b/docs/libcurl/curl_free.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -29,7 +29,7 @@ curl_free - reclaim memory that has been obtained through a libcurl call
 .ad
 .SH DESCRIPTION
 curl_free reclaims memory that has been obtained through a libcurl call.  Use
-curl_free() instead of free() to avoid anomalies that can result from
+\fIcurl_free(3)\fP instead of free() to avoid anomalies that can result from
 differences in memory management between your application and libcurl.
 .SH "SEE ALSO"
-.I curl_unescape(3)
+.BR curl_easy_unescape "(3), " curl_easy_escape "(3) "
--- a/docs/libcurl/curl_getdate.3
+++ b/docs/libcurl/curl_getdate.3
@@ -102,4 +102,7 @@ number).

 Having a 64 bit time_t is not a guarantee that dates beyond 03:14:07 UTC,
 January 19, 2038 will work fine. On systems with a 64 bit time_t but with a
-crippled mktime(), \fIcurl_getdate\fP will return -1 in this case.
+crippled mktime(), \fIcurl_getdate(3)\fP will return -1 in this case.
+.SH "SEE ALSO"
+.BR curl_easy_escape "(3), " curl_easy_unescape "(3), "
+.BR CURLOPT_TIMECONDITION "(3), " CURLOPT_TIMEVALUE "(3) "
--- a/docs/libcurl/curl_global_init.3
+++ b/docs/libcurl/curl_global_init.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -46,11 +46,11 @@ libcurl.
 \fBThis function is not thread safe.\fP You must not call it when any other
 thread in the program (i.e. a thread sharing the same memory) is running.
 This doesn't just mean no other thread that is using libcurl.  Because
-\fIcurl_global_init()\fP calls functions of other libraries that are similarly
-thread unsafe, it could conflict with any other thread that uses these other
-libraries.
+\fIcurl_global_init(3)\fP calls functions of other libraries that are
+similarly thread unsafe, it could conflict with any other thread that uses
+these other libraries.

-See the description in \fBlibcurl\fP(3) of global environment requirements for
+See the description in \fBlibcurl(3)\fP of global environment requirements for
 details of how to use this function.

 .SH FLAGS
@@ -74,7 +74,8 @@ the functionality of the \fBCURL_GLOBAL_ALL\fP mask.
 .TP
 .B CURL_GLOBAL_ACK_EINTR
 When this flag is set, curl will acknowledge EINTR condition when connecting
-or when waiting for data.  Otherwise, curl waits until full timeout elapses.
+or when waiting for data.  Otherwise, curl waits until full timeout
+elapses. (Added in 7.30.0)
 .SH RETURN VALUE
 If this function returns non-zero, something went wrong and you cannot use the
 other curl functions.
--- a/docs/libcurl/curl_multi_add_handle.3
+++ b/docs/libcurl/curl_multi_add_handle.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -29,17 +29,22 @@ CURLMcode curl_multi_add_handle(CURLM *multi_handle, CURL *easy_handle);
 .ad
 .SH DESCRIPTION
 Adds a standard easy handle to the multi stack. This function call will make
-this \fImulti_handle\fP control the specified \fIeasy_handle\fP.  Furthermore,
-libcurl now initiates the connection associated with the specified
-\fIeasy_handle\fP.
+this \fImulti_handle\fP control the specified \fIeasy_handle\fP.

-When an easy handle has been added to a multi stack, you can not and you must
-not use \fIcurl_easy_perform(3)\fP on that handle!
+While an easy handle is added to a multi stack, you can not and you must not
+use \fIcurl_easy_perform(3)\fP on that handle. After having removed the easy
+handle from the multi stack again, it is perfectly fine to use it with the
+easy interface again.

-If the easy handle is not set to use a shared (CURLOPT_SHARE) or global DNS
-cache (CURLOPT_DNS_USE_GLOBAL_CACHE), it will be made to use the DNS cache
-that is shared between all easy handles within the multi handle when
-\fIcurl_multi_add_handle(3)\fP is called.
+If the easy handle is not set to use a shared (\fICURLOPT_SHARE(3)\fP) or
+global DNS cache (\fICURLOPT_DNS_USE_GLOBAL_CACHE(3)\fP), it will be made to
+use the DNS cache that is shared between all easy handles within the multi
+handle when \fIcurl_multi_add_handle(3)\fP is called.
+
+When an easy interface is added to a multi handle, it will use a shared
+connection cache owned by the multi handle. Removing and adding new easy
+handles will not affect the pool of connections or the ability to do
+connection re-use.

 If you have CURLMOPT_TIMERFUNCTION set in the multi handle (and you really
 should if you're working event-based with \fIcurl_multi_socket_action(3)\fP
@@ -47,10 +52,12 @@ and friends), that callback will be called from within this function to ask
 for an updated timer so that your main event loop will get the activity on
 this handle to get started.

-The easy handle will remain added until you remove it again with
-\fIcurl_multi_remove_handle(3)\fP. You should remove the easy handle from the
-multi stack before you terminate first the easy handle and then the multi
-handle:
+The easy handle will remain added to the multi handle until you remove it
+again with \fIcurl_multi_remove_handle(3)\fP - even when a transfer with that
+specific easy handle is completed.
+
+You should remove the easy handle from the multi stack before you terminate
+first the easy handle and then the multi handle:

 1 - \fIcurl_multi_remove_handle(3)\fP

@@ -60,4 +67,5 @@ handle:
 .SH RETURN VALUE
 CURLMcode type, general libcurl multi interface error code.
 .SH "SEE ALSO"
-.BR curl_multi_cleanup "(3)," curl_multi_init "(3)"
+.BR curl_multi_cleanup "(3)," curl_multi_init "(3), "
+.BR curl_multi_setopt "(3), " curl_multi_socket_action "(3) "
--- a/docs/libcurl/curl_multi_assign.3
+++ b/docs/libcurl/curl_multi_assign.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -21,16 +21,16 @@
 .\" **************************************************************************
 .TH curl_multi_assign 3 "9 Jul 2006" "libcurl 7.16.0" "libcurl Manual"
 .SH NAME
-curl_multi_assign \- set data to association with an internal socket
+curl_multi_assign \- set data to associate with an internal socket
 .SH SYNOPSIS
 #include <curl/curl.h>

 CURLMcode curl_multi_assign(CURLM *multi_handle, curl_socket_t sockfd,
                            void *sockptr);
 .SH DESCRIPTION
-This function assigns an association in the multi handle between the given
-socket and a private pointer of the application. This is (only) useful for
-\fIcurl_multi_socket(3)\fP uses.
+This function creates an association in the multi handle between the given
+socket and a private pointer of the application. This is designed for
+\fIcurl_multi_socket_action(3)\fP uses.

 When set, the \fIsockptr\fP pointer will be passed to all future socket
 callbacks for the specific \fIsockfd\fP socket.
@@ -51,13 +51,13 @@ The standard CURLMcode for multi interface error codes.
 .SH "TYPICAL USAGE"
 In a typical application you allocate a struct or at least use some kind of
 semi-dynamic data for each socket that we must wait for action on when using
-the \fIcurl_multi_socket(3)\fP approach.
+the \fIcurl_multi_socket_action(3)\fP approach.

 When our socket-callback gets called by libcurl and we get to know about yet
 another socket to wait for, we can use \fIcurl_multi_assign(3)\fP to point out
 the particular data so that when we get updates about this same socket again,
 we don't have to find the struct associated with this socket by ourselves.
 .SH AVAILABILITY
-This function was added in libcurl 7.15.5, although not deemed stable yet.
+This function was added in libcurl 7.15.5.
 .SH "SEE ALSO"
-.BR curl_multi_setopt "(3), " curl_multi_socket "(3) "
+.BR curl_multi_setopt "(3), " curl_multi_socket_action "(3) "
--- a/docs/libcurl/curl_multi_fdset.3
+++ b/docs/libcurl/curl_multi_fdset.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -37,22 +37,34 @@ This function extracts file descriptor information from a given multi_handle.
 libcurl returns its fd_set sets. The application can use these to select() on,
 but be sure to FD_ZERO them before calling this function as
 \fIcurl_multi_fdset(3)\fP only adds its own descriptors, it doesn't zero or
-otherwise remove any others. The \fIcurl_multi_perform(3)\fP function should be
-called as soon as one of them is ready to be read from or written to.
+otherwise remove any others. The \fIcurl_multi_perform(3)\fP function should
+be called as soon as one of them is ready to be read from or written to.
+
+If the \fIread_fd_set\fP argument is not a null pointer, it points to an
+object of type fd_set that on returns specifies the file descriptors to be
+checked for being ready to read.
+
+If the \fIwrite_fd_set\fP argument is not a null pointer, it points to an
+object of type fd_set that on return specifies the file descriptors to be
+checked for being ready to write.
+
+If the \fIexc_fd_set\fP argument is not a null pointer, it points to an object
+of type fd_set that on return specifies the file descriptors to be checked for
+error conditions pending.

 If no file descriptors are set by libcurl, \fImax_fd\fP will contain -1 when
-this function returns. Otherwise it will contain the higher descriptor number
+this function returns. Otherwise it will contain the highest descriptor number
 libcurl set. When libcurl returns -1 in \fImax_fd\fP, it is because libcurl
 currently does something that isn't possible for your application to monitor
 with a socket and unfortunately you can then not know exactly when the current
-action is completed using select(). When max_fd returns with -1, you need to
-wait a while and then proceed and call \fIcurl_multi_perform\fP anyway. How
-long to wait? I would suggest 100 milliseconds at least, but you may want to
-test it out in your own particular conditions to find a suitable value.
+action is completed using select(). You then need to wait a while before you
+proceed and call \fIcurl_multi_perform(3)\fP anyway. How long to wait? We
+suggest 100 milliseconds at least, but you may want to test it out in your own
+particular conditions to find a suitable value.

 When doing select(), you should use \fBcurl_multi_timeout\fP to figure out how
-long to wait for action. Call \fIcurl_multi_perform\fP even if no activity has
-been seen on the fd_sets after the timeout expires as otherwise internal
+long to wait for action. Call \fIcurl_multi_perform(3)\fP even if no activity
+has been seen on the fd_sets after the timeout expires as otherwise internal
 retries and timeouts may not work as you'd think and want.

 If one of the sockets used by libcurl happens to be larger than what can be
@@ -67,4 +79,4 @@ CURLMcode type, general libcurl multi interface error code. See
 \fIlibcurl-errors(3)\fP
 .SH "SEE ALSO"
 .BR curl_multi_cleanup "(3), " curl_multi_init "(3), "
-.BR curl_multi_timeout "(3), " curl_multi_perform "(3) "
+.BR curl_multi_timeout "(3), " curl_multi_perform "(3), " select "(2) "
--- a/docs/libcurl/curl_multi_perform.3
+++ b/docs/libcurl/curl_multi_perform.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -34,7 +34,7 @@ in an non-blocking fashion.
 When an application has found out there's data available for the multi_handle
 or a timeout has elapsed, the application should call this function to
 read/write whatever there is to read or write right now etc.
-curl_multi_perform() returns as soon as the reads/writes are done. This
+\fIcurl_multi_perform(3)\fP returns as soon as the reads/writes are done. This
 function does not require that there actually is any data available for
 reading or that data can be written, it can be called just in case. It will
 write the number of handles that still transfer data in the second argument's
@@ -53,7 +53,7 @@ there is no longer any transfers in progress.
 CURLMcode type, general libcurl multi interface error code.

 Before version 7.20.0: If you receive \fICURLM_CALL_MULTI_PERFORM\fP, this
-basically means that you should call \fIcurl_multi_perform\fP again, before
+basically means that you should call \fIcurl_multi_perform(3)\fP again, before
 you select() on more actions. You don't have to do it immediately, but the
 return code means that libcurl may have more data available to return or that
 there may be more data to send off before it is "satisfied". Do note that
--- a/docs/libcurl/curl_multi_remove_handle.3
+++ b/docs/libcurl/curl_multi_remove_handle.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -28,16 +28,17 @@ curl_multi_remove_handle - remove an easy handle from a multi session
 CURLMcode curl_multi_remove_handle(CURLM *multi_handle, CURL *easy_handle);
 .ad
 .SH DESCRIPTION
-Removes a given easy_handle from the multi_handle. This will make the
-specified easy handle be removed from this multi handle's control.
+Removes a given \fIeasy_handle\fI from the \fImulti_handle\fI. This will make
+the specified easy handle be removed from this multi handle's control.

 When the easy handle has been removed from a multi stack, it is again
-perfectly legal to invoke \fIcurl_easy_perform()\fP on this easy handle.
+perfectly legal to invoke \fIcurl_easy_perform(3)\fP on this easy handle.

-Removing an easy handle while being used, will effectively halt the transfer
-in progress involving that easy handle. All other easy handles and transfers
-will remain unaffected.
+Removing an easy handle while being used is perfectly legal and will
+effectively halt the transfer in progress involving that easy handle. All
+other easy handles and transfers will remain unaffected.
 .SH RETURN VALUE
 CURLMcode type, general libcurl multi interface error code.
 .SH "SEE ALSO"
-.BR curl_multi_cleanup "(3)," curl_multi_init "(3)"
+.BR curl_multi_cleanup "(3)," curl_multi_init "(3), "
+.BR curl_multi_add_handle "(3) "
--- a/docs/libcurl/curl_multi_setopt.3
+++ b/docs/libcurl/curl_multi_setopt.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -19,7 +19,7 @@
 .\" * KIND, either express or implied.
 .\" *
 .\" **************************************************************************
-.TH curl_multi_setopt 3 "10 Oct 2006" "libcurl 7.16.0" "libcurl Manual"
+.TH curl_multi_setopt 3 "4 Nov 2014" "libcurl 7.39.0" "libcurl Manual"
 .SH NAME
 curl_multi_setopt \- set options for a curl multi handle
 .SH SYNOPSIS
@@ -27,180 +27,40 @@ curl_multi_setopt \- set options for a curl multi handle

 CURLMcode curl_multi_setopt(CURLM * multi_handle, CURLMoption option, param);
 .SH DESCRIPTION
-curl_multi_setopt() is used to tell a libcurl multi handle how to behave. By
-using the appropriate options to \fIcurl_multi_setopt(3)\fP, you can change
-libcurl's behaviour when using that multi handle.  All options are set with
-the \fIoption\fP followed by the parameter \fIparam\fP. That parameter can be
-a \fBlong\fP, a \fBfunction pointer\fP, an \fBobject pointer\fP or a
-\fBcurl_off_t\fP type, depending on what the specific option expects. Read
-this manual carefully as bad input values may cause libcurl to behave badly!
-You can only set one option in each function call.
+\fIcurl_multi_setopt(3)\fP is used to tell a libcurl multi handle how to
+behave. By using the appropriate options to \fIcurl_multi_setopt(3)\fP, you
+can change libcurl's behaviour when using that multi handle.  All options are
+set with the \fIoption\fP followed by the parameter \fIparam\fP. That
+parameter can be a \fBlong\fP, a \fBfunction pointer\fP, an \fBobject
+pointer\fP or a \fBcurl_off_t\fP type, depending on what the specific option
+expects. Read this manual carefully as bad input values may cause libcurl to
+behave badly!  You can only set one option in each function call.

 .SH OPTIONS
 .IP CURLMOPT_SOCKETFUNCTION
-Pass a pointer to a function matching the \fBcurl_socket_callback\fP
-prototype. The \fIcurl_multi_socket_action(3)\fP function informs the
-application about updates in the socket (file descriptor) status by doing
-none, one, or multiple calls to the curl_socket_callback given in the
-\fBparam\fP argument. They update the status with changes since the previous
-time a \fIcurl_multi_socket(3)\fP function was called. If the given callback
-pointer is NULL, no callback will be called. Set the callback's \fBuserp\fP
-argument with \fICURLMOPT_SOCKETDATA\fP.  See \fIcurl_multi_socket(3)\fP for
-more callback details.
+See \fICURLMOPT_SOCKETFUNCTION(3)\fP
 .IP CURLMOPT_SOCKETDATA
-Pass a pointer to whatever you want passed to the \fBcurl_socket_callback\fP's
-fourth argument, the userp pointer. This is not used by libcurl but only
-passed-thru as-is. Set the callback pointer with
-\fICURLMOPT_SOCKETFUNCTION\fP.
+See \fICURLMOPT_SOCKETDATA(3)\fP
 .IP CURLMOPT_PIPELINING
-Pass a long set to 1 to enable or 0 to disable. Enabling pipelining on a multi
-handle will make it attempt to perform HTTP Pipelining as far as possible for
-transfers using this handle. This means that if you add a second request that
-can use an already existing connection, the second request will be \&"piped"
-on the same connection rather than being executed in parallel. (Added in
-7.16.0)
+See \fICURLMOPT_PIPELINING(3)\fP
 .IP CURLMOPT_TIMERFUNCTION
-Pass a pointer to a function matching the \fBcurl_multi_timer_callback\fP
-prototype: int curl_multi_timer_callback(CURLM *multi /* multi handle */,
-long timeout_ms /* timeout in milliseconds */, void *userp /* TIMERDATA */).
-This function will then be called when the timeout value
-changes. The timeout value is at what latest time the application should call
-one of the \&"performing" functions of the multi interface
-(\fIcurl_multi_socket_action(3)\fP and \fIcurl_multi_perform(3)\fP) - to allow
-libcurl to keep timeouts and retries etc to work. A timeout value of -1 means
-that there is no timeout at all, and 0 means that the timeout is already
-reached. Libcurl attempts to limit calling this only when the fixed future
-timeout time actually changes. See also \fICURLMOPT_TIMERDATA\fP. The callback
-should return 0 on success, and -1 on error. This
-callback can be used instead of, or in addition to,
-\fIcurl_multi_timeout(3)\fP. (Added in 7.16.0)
+See \fICURLMOPT_TIMERFUNCTION(3)\fP
 .IP CURLMOPT_TIMERDATA
-Pass a pointer to whatever you want passed to the
-\fBcurl_multi_timer_callback\fP's third argument, the userp pointer.  This is
-not used by libcurl but only passed-thru as-is. Set the callback pointer with
-\fICURLMOPT_TIMERFUNCTION\fP. (Added in 7.16.0)
-.IP CURLMOPT_MAXCONNECTS
-Pass a long. The set number will be used as the maximum amount of
-simultaneously open connections that libcurl may cache. Default is 10, and
-libcurl will enlarge the size for each added easy handle to make it fit 4
-times the number of added easy handles.
-
-By setting this option, you can prevent the cache size from growing beyond the
-limit set by you.
-
-When the cache is full, curl closes the oldest one in the cache to prevent the
-number of open connections from increasing.
-
-This option is for the multi handle's use only, when using the easy interface
-you should instead use the \fICURLOPT_MAXCONNECTS\fP option.
-
-(Added in 7.16.3)
+See \fICURLMOPT_TIMERDATA(3)\fP
 .IP CURLMOPT_MAX_HOST_CONNECTIONS
-Pass a long. The set number will be used as the maximum amount of
-simultaneously open connections to a single host. For each new session to
-a host, libcurl will open a new connection up to the limit set by
-CURLMOPT_MAX_HOST_CONNECTIONS. When the limit is reached, the sessions will
-be pending until there are available connections. If CURLMOPT_PIPELINING is
-1, libcurl will try to pipeline if the host is capable of it.
-
-The default value is 0, which means that there is no limit.
-However, for backwards compatibility, setting it to 0 when CURLMOPT_PIPELINING
-is 1 will not be treated as unlimited. Instead it will open only 1 connection
-and try to pipeline on it.
-
-(Added in 7.30.0)
+See \fICURLMOPT_MAX_HOST_CONNECTIONS(3)\fP
 .IP CURLMOPT_MAX_PIPELINE_LENGTH
-Pass a long. The set number will be used as the maximum amount of requests
-in a pipelined connection. When this limit is reached, libcurl will use another
-connection to the same host (see CURLMOPT_MAX_HOST_CONNECTIONS), or queue the
-requests until one of the pipelines to the host is ready to accept a request.
-Thus, the total number of requests in-flight is CURLMOPT_MAX_HOST_CONNECTIONS *
-CURLMOPT_MAX_PIPELINE_LENGTH.
-The default value is 5.
-
-(Added in 7.30.0)
+See \fICURLMOPT_MAX_PIPELINE_LENGTH(3)\fP
 .IP CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE
-Pass a long. If a pipelined connection is currently processing a request
-with a Content-Length larger than CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE, that
-connection will not be considered for additional requests, even if it is
-shorter than CURLMOPT_MAX_PIPELINE_LENGTH.
-The default value is 0, which means that the penalization is inactive.
-
-(Added in 7.30.0)
+See \fICURLMOPT_CONTENT_LENGTH_PENALTY_SIZE(3)\fP
 .IP CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE
-Pass a long. If a pipelined connection is currently processing a
-chunked (Transfer-encoding: chunked) request with a current chunk length
-larger than CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE, that connection will not be
-considered for additional requests, even if it is shorter than
-CURLMOPT_MAX_PIPELINE_LENGTH.
-The default value is 0, which means that the penalization is inactive.
-
-(Added in 7.30.0)
+See \fICURLMOPT_CHUNK_LENGTH_PENALTY_SIZE(3)\fP
 .IP CURLMOPT_PIPELINING_SITE_BL
-Pass an array of char *, ending with NULL. This is a list of sites that are
-blacklisted from pipelining, i.e sites that are known to not support HTTP
-pipelining. The array is copied by libcurl.
-
-The default value is NULL, which means that there is no blacklist.
-
-Pass a NULL pointer to clear the blacklist.
-
-Example:
-
-.nf
-  site_blacklist[] =
-  {
-    "www.haxx.se",
-    "www.example.com:1234",
-    NULL
-  };
-
-  curl_multi_setopt(m, CURLMOPT_PIPELINE_SITE_BL, site_blacklist);
-.fi
-
-(Added in 7.30.0)
+See \fICURLMOPT_PIPELINING_SITE_BL(3)\fP
 .IP CURLMOPT_PIPELINING_SERVER_BL
-Pass an array of char *, ending with NULL. This is a list of server types
-prefixes (in the Server: HTTP header) that are blacklisted from pipelining,
-i.e server types that are known to not support HTTP pipelining. The array is
-copied by libcurl.
-
-Note that the comparison matches if the Server: header begins with the string
-in the blacklist, i.e "Server: Ninja 1.2.3" and "Server: Ninja 1.4.0" can 
-both be blacklisted by having "Ninja" in the backlist.
-
-The default value is NULL, which means that there is no blacklist.
-
-Pass a NULL pointer to clear the blacklist.
-
-Example:
-
-.nf
-  server_blacklist[] =
-  {
-    "Microsoft-IIS/6.0",
-    "nginx/0.8.54",
-    NULL
-  };
-
-  curl_multi_setopt(m, CURLMOPT_PIPELINE_SERVER_BL, server_blacklist);
-.fi
-
-(Added in 7.30.0)
+See \fICURLMOPT_PIPELINING_SERVER_BL(3)\fP
 .IP CURLMOPT_MAX_TOTAL_CONNECTIONS
-Pass a long. The set number will be used as the maximum amount of
-simultaneously open connections in total. For each new session, libcurl
-will open a new connection up to the limit set by
-CURLMOPT_MAX_TOTAL_CONNECTIONS. When the limit is reached, the sessions will
-be pending until there are available connections. If CURLMOPT_PIPELINING is
-1, libcurl will try to pipeline if the host is capable of it.
-
-The default value is 0, which means that there is no limit.
-However, for backwards compatibility, setting it to 0 when CURLMOPT_PIPELINING
-is 1 will not be treated as unlimited. Instead it will open only 1 connection
-and try to pipeline on it.
-
-(Added in 7.30.0)
+See \fICURLMOPT_MAX_TOTAL_CONNECTIONS(3)\fP
 .SH RETURNS
 The standard CURLMcode for multi interface error codes. Note that it returns a
 CURLM_UNKNOWN_OPTION if you try setting an option that this version of libcurl
--- a/docs/libcurl/curl_share_init.3
+++ b/docs/libcurl/curl_share_init.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -33,9 +33,9 @@ share-functions, sometimes referred to as a share handle in some places in the
 documentation. This init call MUST have a corresponding call to
 \fIcurl_share_cleanup\fP when all operations using the share are complete.

-This \fIshare handle\fP is what you pass to curl using the \fICURLOPT_SHARE\fP
-option with \fIcurl_easy_setopt(3)\fP, to make that specific curl handle use
-the data in this share.
+This \fIshare handle\fP is what you pass to curl using the
+\fICURLOPT_SHARE(3)\fP option with \fIcurl_easy_setopt(3)\fP, to make that
+specific curl handle use the data in this share.
 .SH RETURN VALUE
 If this function returns NULL, something went wrong (out of memory, etc.)
 and therefore the share object was not created.
--- a/docs/libcurl/curl_unescape.3
+++ b/docs/libcurl/curl_unescape.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -38,11 +38,11 @@ converted to their plain text versions.
 If the 'length' argument is set to 0, curl_unescape() will use strlen() on the
 input 'url' string to find out the size.

-You must curl_free() the returned string when you're done with it.
+You must \fIcurl_free(3)\fP the returned string when you're done with it.
 .SH AVAILABILITY
 Since 7.15.4, \fIcurl_easy_unescape(3)\fP should be used. This function will
 be removed in a future release.
 .SH RETURN VALUE
 A pointer to a zero terminated string or NULL if it failed.
 .SH "SEE ALSO"
-.I curl_easy_escape(3), curl_easy_unescape(3), curl_free(3), RFC 2396
+.br curl_easy_escape "(3)," curl_easy_unescape "(3)," curl_free "(3)," RFC 2396
--- a/docs/libcurl/curl_version.3
+++ b/docs/libcurl/curl_version.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -30,6 +30,8 @@ curl_version - returns the libcurl version string
 .SH DESCRIPTION
 Returns a human readable string with the version number of libcurl and some of
 its important components (like OpenSSL version).
+
+We recommend using \fIcurl_version_info(3)\fP instead!
 .SH RETURN VALUE
 A pointer to a zero terminated string. The string resides in a statically
 allocated buffer and must not be freed by the caller.
--- a/docs/libcurl/curl_version_info.3
+++ b/docs/libcurl/curl_version_info.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -20,7 +20,7 @@
 .\" *
 .\" **************************************************************************
 .\"
-.TH curl_version_info 3 "10 June 2009" "libcurl 7.19.6" "libcurl Manual"
+.TH curl_version_info 3 "2 Aug 2014" "libcurl 7.38.0" "libcurl Manual"
 .SH NAME
 curl_version_info - returns run-time libcurl version info
 .SH SYNOPSIS
@@ -29,12 +29,13 @@ curl_version_info - returns run-time libcurl version info
 .BI "curl_version_info_data *curl_version_info( CURLversion "type ");"
 .ad
 .SH DESCRIPTION
-Returns a pointer to a filled in struct with information about various
-run-time features in libcurl. \fItype\fP should be set to the version of this
-functionality by the time you write your program. This way, libcurl will
-always return a proper struct that your program understands, while programs in
-the future might get a different struct. CURLVERSION_NOW will be the most
-recent one for the library you have installed:
+Returns a pointer to a filled in static struct with information about various
+features in the running version of libcurl. \fItype\fP should be set to the
+version of this functionality by the time you write your program. This way,
+libcurl will always return a proper struct that your program understands,
+while programs in the future might get a different
+struct. \fBCURLVERSION_NOW\fP will be the most recent one for the library you
+have installed:

        data = curl_version_info(CURLVERSION_NOW);

@@ -65,7 +66,8 @@ typedef struct {
  /* when 'age' is 2 or higher, the member below also exists: */
  const char *libidn;       /* human readable string */

-  /* when 'age' is 3 or higher, the members below also exist: */
+  /* when 'age' is 3 or higher (7.16.1 or later), the members below also
+     exist  */
  int iconv_ver_num;       /* '_libiconv_version' if iconv support enabled */

  const char *libssh_version; /* human readable string */
@@ -122,9 +124,14 @@ libcurl was built with support for IDNA, domain names with international
 letters. (Added in 7.12.0)
 .IP CURL_VERSION_SSPI
 libcurl was built with support for SSPI. This is only available on Windows and
-makes libcurl use Windows-provided functions for NTLM authentication. It also
-allows libcurl to use the current user and the current user's password without
-the app having to pass them on. (Added in 7.13.2)
+makes libcurl use Windows-provided functions for Kerberos, NTLM, SPNEGO and
+SASL DIGEST-MD5 authentication. It also allows libcurl to use the current user
+credentials without the app having to pass them on. (Added in 7.13.2)
+.IP CURL_VERSION_GSSAPI
+libcurl was built with support for GSS-API. This makes libcurl use provided
+functions for Kerberos and SPNEGO authentication. It also allows libcurl
+to use the current user credentials without the app having to pass them on.
+(Added in 7.38.0)
 .IP CURL_VERSION_CONV
 libcurl was built with support for character conversions, as provided by the
 CURLOPT_CONV_* callbacks. (Added in 7.15.4)
@@ -133,12 +140,14 @@ libcurl was built with support for TLS-SRP. (Added in 7.21.4)
 .IP CURL_VERSION_NTLM_WB
 libcurl was built with support for NTLM delegation to a winbind helper.
 (Added in 7.22.0)
+.IP CURL_VERSION_HTTP2
+libcurl was built with support for HTTP2.
+(Added in 7.33.0)
 .RE
 \fIssl_version\fP is an ASCII string for the OpenSSL version used. If libcurl
 has no SSL support, this is NULL.

-\fIssl_version_num\fP is the numerical OpenSSL version value as defined by the
-OpenSSL project. If libcurl has no SSL support, this is 0.
+\fIssl_version_num\fP is always 0.

 \fIlibz_version\fP is an ASCII string (there is no numerical version). If
 libcurl has no libz support, this is NULL.
--- a/docs/libcurl/getinfo-times
+++ b/docs/libcurl/getinfo-times
@@ -1,6 +1,6 @@
 An overview of the six time values available from curl_easy_getinfo()

-curk_easy_perform()
+curl_easy_perform()
    |
    |--NT
    |--|--CT
--- a/docs/libcurl/libcurl-easy.3
+++ b/docs/libcurl/libcurl-easy.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -19,7 +19,7 @@
 .\" * KIND, either express or implied.
 .\" *
 .\" **************************************************************************
-.TH libcurl 3 "12 Aug 2003" "libcurl 7.10.7" "libcurl easy interface"
+.TH libcurl 3 "19 Sep 2014" "libcurl" "libcurl easy interface"
 .SH NAME
 libcurl-easy \- easy interface overview
 .SH DESCRIPTION
@@ -33,6 +33,17 @@ without a specified URL as you may have figured out yourself). You might want
 to set some callbacks as well that will be called from the library when data
 is available etc. \fIcurl_easy_setopt(3)\fP is used for all this.

+\fICURLOPT_URL(3)\fP is only option you really must set, as otherwise there
+can be no transfer. Another commonly used option is \fICURLOPT_VERBOSE(3)\fP
+that will help you see what libcurl is doing under the hood, very useful when
+debugging for example. The \fIcurl_easy_setopt(3)\fP man page has a full index
+of the over 200 available options.
+
+If you at any point would like to blank all previously set options for a
+single easy handle, you can call \fIcurl_easy_reset(3)\fP and you can also
+make a clone of an easy handle (with all its set options) using
+\fIcurl_easy_duphandle(3)\fP.
+
 When all is setup, you tell libcurl to perform the transfer using
 \fIcurl_easy_perform(3)\fP.  It will then do the entire operation and won't
 return until it is done (successfully or not).
@@ -42,4 +53,6 @@ transfer, or if you're done, cleanup the session by calling
 \fIcurl_easy_cleanup(3)\fP. If you want persistent connections, you don't
 cleanup immediately, but instead run ahead and perform other transfers using
 the same easy handle.
-
+.SH "SEE ALSO"
+.BR curl_easy_init "(3)," curl_easy_cleanup "(3)," curl_easy_setopt "(3), "
+.BR libcurl-errors "(3), " libcurl-multi "(3), " libcurl "(3) "
--- a/docs/libcurl/libcurl-errors.3
+++ b/docs/libcurl/libcurl-errors.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -28,11 +28,11 @@ This man page includes most, if not all, available error codes in libcurl.
 Why they occur and possibly what you can do to fix the problem are also included.
 .SH "CURLcode"
 Almost all "easy" interface functions return a CURLcode error code. No matter
-what, using the \fIcurl_easy_setopt(3)\fP option \fICURLOPT_ERRORBUFFER\fP is
-a good idea as it will give you a human readable error string that may offer
-more details about the cause of the error than just the error code.
-\fIcurl_easy_strerror(3)\fP can be called to get an error string from a
-given CURLcode number.
+what, using the \fIcurl_easy_setopt(3)\fP option \fICURLOPT_ERRORBUFFER(3)\fP
+is a good idea as it will give you a human readable error string that may
+offer more details about the cause of the error than just the error code.
+\fIcurl_easy_strerror(3)\fP can be called to get an error string from a given
+CURLcode number.

 CURLcode is one of the following:
 .IP "CURLE_OK (0)"
@@ -74,7 +74,7 @@ After having sent the FTP password to the server, libcurl expects a proper
 reply. This error code indicates that an unexpected code was returned.
 .IP "CURLE_FTP_ACCEPT_TIMEOUT (12)"
 During an active FTP session while waiting for the server to connect, the
-\fICURLOPT_ACCEPTTIMOUT_MS\fP (or the internal default) timeout expired.
+\fICURLOPT_ACCEPTTIMOUT_MS(3)\fP (or the internal default) timeout expired.
 .IP "CURLE_FTP_WEIRD_PASV_REPLY (13)"
 libcurl failed to get a sensible result back from the server as a response to
 either a PASV or a EPSV command. The server is flawed.
@@ -83,6 +83,9 @@ FTP servers return a 227-line as a response to a PASV command. If libcurl
 fails to parse that line, this return code is passed back.
 .IP "CURLE_FTP_CANT_GET_HOST (15)"
 An internal failure to lookup the host used for the new connection.
+.IP "CURLE_HTTP2 (16)"
+A problem was detected in the HTTP2 framing layer. This is somewhat generic
+and can be one out of several problems, see the error buffer for details.
 .IP "CURLE_FTP_COULDNT_SET_TYPE (17)"
 Received an error when trying to set the transfer mode to binary or ASCII.
 .IP "CURLE_PARTIAL_FILE (18)"
@@ -97,8 +100,8 @@ When sending custom "QUOTE" commands to the remote server, one of the commands
 returned an error code that was 400 or higher (for FTP) or otherwise
 indicated unsuccessful completion of the command.
 .IP "CURLE_HTTP_RETURNED_ERROR (22)"
-This is returned if CURLOPT_FAILONERROR is set TRUE and the HTTP server
-returns an error code that is >= 400.
+This is returned if \fICURLOPT_FAILONERROR(3)\fP is set TRUE and the HTTP
+server returns an error code that is >= 400.
 .IP "CURLE_WRITE_ERROR (23)"
 An error occurred when writing received data to a local file, or an error was
 returned to libcurl from a write callback.
@@ -116,7 +119,8 @@ Operation timeout. The specified time-out period was reached according to the
 conditions.
 .IP "CURLE_FTP_PORT_FAILED (30)"
 The FTP PORT command returned error. This mostly happens when you haven't
-specified a good enough address for libcurl to use. See \fICURLOPT_FTPPORT\fP.
+specified a good enough address for libcurl to use. See
+\fICURLOPT_FTPPORT(3)\fP.
 .IP "CURLE_FTP_COULDNT_USE_REST (31)"
 The FTP REST command returned error. This should never happen if the server is
 sane.
@@ -148,10 +152,10 @@ Internal error. A function was called with a bad parameter.
 .IP "CURLE_INTERFACE_FAILED (45)"
 Interface error. A specified outgoing interface could not be used. Set which
 interface to use for outgoing connections' source IP address with
-CURLOPT_INTERFACE.
+\fICURLOPT_INTERFACE(3)\fP.
 .IP "CURLE_TOO_MANY_REDIRECTS (47)"
 Too many redirects. When following redirects, libcurl hit the maximum amount.
-Set your limit with CURLOPT_MAXREDIRS.
+Set your limit with \fICURLOPT_MAXREDIRS(3)\fP.
 .IP "CURLE_UNKNOWN_OPTION (48)"
 An option passed to libcurl is not recognized/known. Refer to the appropriate
 documentation. This is most likely a problem in the program that uses
@@ -229,7 +233,7 @@ Failed to load CRL file (Added in 7.19.0)
 Issuer check failed (Added in 7.19.0)
 .IP "CURLE_FTP_PRET_FAILED (84)"
 The FTP server does not understand the PRET command at all or does not support
-the given argument. Be careful when using \fICURLOPT_CUSTOMREQUEST\fP, a
+the given argument. Be careful when using \fICURLOPT_CUSTOMREQUEST(3)\fP, a
 custom LIST command will be sent with PRET CMD before PASV as well. (Added in
 7.20.0)
 .IP "CURLE_RTSP_CSEQ_ERROR (85)"
@@ -293,3 +297,7 @@ Not enough memory was available.
 .IP "CURLSHE_NOT_BUILT_IN (5)"
 The requested sharing could not be done because the library you use don't have
 that particular feature enabled. (Added in 7.23.0)
+.SH "SEE ALSO"
+.BR curl_easy_strerror "(3), " curl_multi_strerror "(3), "
+.BR curl_share_strerror "(3), " CURLOPT_ERRORBUFFER "(3), "
+.BR CURLOPT_VERBOSE "(3), " CURLOPT_DEBUGFUNCTION "(3) "
--- a/docs/libcurl/libcurl-multi.3
+++ b/docs/libcurl/libcurl-multi.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -20,7 +20,7 @@
 .\" *
 .\" **************************************************************************
 .\"
-.TH libcurl-multi 3 "3 Feb 2007" "libcurl 7.16.0" "libcurl multi interface"
+.TH libcurl-multi 3 "19 Sep 2014" "libcurl" "libcurl multi interface"
 .SH NAME
 libcurl-multi \- how to use the multi interface
 .SH DESCRIPTION
@@ -43,18 +43,28 @@ complicated for the application.

 3. Enable the application to wait for action on its own file descriptors and
 curl's file descriptors simultaneous easily.
+
+4. Enable event-based handling and scaling transfers up to and beyond
+thousands of parallel connections.
 .SH "ONE MULTI HANDLE MANY EASY HANDLES"
 To use the multi interface, you must first create a 'multi handle' with
 \fIcurl_multi_init(3)\fP. This handle is then used as input to all further
 curl_multi_* functions.

-Each single transfer is built up with an easy handle. You must create them,
-and setup the appropriate options for each easy handle, as outlined in the
-\fIlibcurl(3)\fP man page, using \fIcurl_easy_setopt(3)\fP.
+With a multi handle and the multi interface you can do any amount of
+simultaneous transfers in parallel. Each single transfer is built up around an
+easy handle. You must create the easy handles you need, and setup the
+appropriate options for each easy handle, as outlined in the \fIlibcurl(3)\fP
+man page, using \fIcurl_easy_setopt(3)\fP.

-When the easy handle is setup for a transfer, then instead of using
-\fIcurl_easy_perform(3)\fP (as when using the easy interface for transfers),
-you should instead add the easy handle to the multi handle using
+There are two flavours of the multi interface, the select() oriented one and
+the event based one we called multi_socket. You will benefit from reading
+through the description of both versions to full understand how they work and
+differentiate. We start out with the select() oriented version.
+
+When an easy handle is setup for a transfer, then instead of using
+\fIcurl_easy_perform(3)\fP like when using the easy interface for transfers,
+you should add the easy handle to the multi handle with
 \fIcurl_multi_add_handle(3)\fP. The multi handle is sometimes referred to as a
 \'multi stack\' because of the fact that it may hold a large amount of easy
 handles.
@@ -71,7 +81,8 @@ application drive. You drive the transfers by invoking
 anything available to transfer. It'll use the callbacks and everything else
 you have setup in the individual easy handles. It'll transfer data on all
 current transfers in the multi stack that are ready to transfer anything. It
-may be all, it may be none.
+may be all, it may be none. When there's nothing more to do for now, it
+returns back to the calling application.

 Your application can acquire knowledge from libcurl when it would like to get
 invoked to transfer data, so that you don't have to busy-loop and call that
@@ -80,7 +91,9 @@ interface using which you can extract fd_sets from libcurl to use in select()
 or poll() calls in order to get to know when the transfers in the multi stack
 might need attention. This also makes it very easy for your program to wait
 for input on your own private file descriptors at the same time or perhaps
-timeout every now and then, should you want that.
+timeout every now and then, should you want that. \fIcurl_multi_timeout(3)\fP
+also helps you with providing a suitable timeout period for your select()
+call.

 \fIcurl_multi_perform(3)\fP stores the number of still running transfers in
 one of its input arguments, and by reading that you can figure out when all
@@ -121,21 +134,39 @@ using large numbers of simultaneous connections.
 When using this API, you add easy handles to the multi handle just as with the
 normal multi interface. Then you also set two callbacks with the
 CURLMOPT_SOCKETFUNCTION and CURLMOPT_TIMERFUNCTION options to
-\fIcurl_multi_setopt(3)\fP.
+\fIcurl_multi_setopt(3)\fP. They are two callback functions that libcurl will
+call with information about what sockets to wait for, and for what activity,
+and what the curret timeout time is - if that expires libcurl should be
+notified.

-The API is then designed to inform your application about which sockets
-libcurl is currently using and for what activities (read and/or write) on
-those sockets your application is expected to wait for.
+The multi_socket API is designed to inform your application about which
+sockets libcurl is currently using and for what activities (read and/or write)
+on those sockets your application is expected to wait for.

-Your application must then make sure to receive all sockets informed about in
-the CURLMOPT_SOCKETFUNCTION callback and make sure it reacts on the given
-activity on them. When a socket has the given activity, you call
+Your application must make sure to receive all sockets informed about in the
+CURLMOPT_SOCKETFUNCTION callback and make sure it reacts on the given activity
+on them. When a socket has the given activity, you call
 \fIcurl_multi_socket_action(3)\fP specifying which socket and action there
 are.

 The CURLMOPT_TIMERFUNCTION callback is called to set a timeout. When that
 timeout expires, your application should call the
 \fIcurl_multi_socket_action(3)\fP function saying it was due to a timeout.
+
+This API is typically used with an event-driven underlying functionality (like
+libevent, libev, kqueue, epoll or similar) which which the application
+"subscribes" on socket changes. This allows applications and libcurl to much
+better scale upward and beyond thousands of simultaneous transfers without
+losing performance.
+
+When you've added your initial set of handles, you call
+\fIcurl_multi_socket_action(3)\fP with CURL_SOCKET_TIMEOUT set in the sockfd
+argument, and you'll get callbacks call that sets you up and you then continue
+to call \fIcurl_multi_socket_action(3)\fP accordingly when you get activity on
+the sockets you've been asked to wait on, or if the timeout timer expires.
+
+You can poll \fIcurl_multi_info_read(3)\fP to see if any transfer has
+completed, as it then has a message saying so.
 .SH "BLOCKING"
 A few areas in the code are still using blocking code, even when used from the
 multi interface. While we certainly want and intend for these to get fixed in
@@ -149,3 +180,5 @@ the future, you should be aware of the following current restrictions:
 - file:// transfers
 - TELNET transfers
 .fi
+.SH "SEE ALSO"
+.BR libcurl-errors "(3), " libcurl-easy "(3), " libcurl "(3) "
--- a/docs/libcurl/libcurl-share.3
+++ b/docs/libcurl/libcurl-share.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -51,14 +51,16 @@ using this multi-threaded. You set lock and unlock functions with
 \fIcurl_share_setopt(3)\fP too.

 Then, you make an easy handle to use this share, you set the
-\fICURLOPT_SHARE\fP option with \fIcurl_easy_setopt(3)\fP, and pass in share
-handle. You can make any number of easy handles share the same share handle.
+\fICURLOPT_SHARE(3)\fP option with \fIcurl_easy_setopt(3)\fP, and pass in
+share handle. You can make any number of easy handles share the same share
+handle.

 To make an easy handle stop using that particular share, you set
-\fICURLOPT_SHARE\fP to NULL for that easy handle. To make a handle stop
+\fICURLOPT_SHARE(3)\fP to NULL for that easy handle. To make a handle stop
 sharing a particular data, you can \fICURLSHOPT_UNSHARE\fP it.

 When you're done using the share, make sure that no easy handle is still using
 it, and call \fIcurl_share_cleanup(3)\fP on the handle.
 .SH "SEE ALSO"
 .BR curl_share_init "(3), " curl_share_setopt "(3), " curl_share_cleanup "(3)"
+.BR libcurl-errors "(3), " libcurl-easy "(3), " libcurl-multi "(3) "
--- a/docs/libcurl/libcurl-tutorial.3
+++ b/docs/libcurl/libcurl-tutorial.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -20,7 +20,7 @@
 .\" *
 .\" **************************************************************************
 .\"
-.TH libcurl-tutorial 3 "4 Mar 2009" "libcurl" "libcurl programming"
+.TH libcurl-tutorial 3 "19 Sep 2014" "libcurl" "libcurl programming"
 .SH NAME
 libcurl-tutorial \- libcurl programming tutorial
 .SH "Objective"
@@ -137,15 +137,17 @@ rather than at build-time (if possible of course). By calling
 struct, your program can figure out exactly what the currently running libcurl
 supports.

-.SH "Handle the Easy libcurl"
+.SH "Two Interfaces"
 libcurl first introduced the so called easy interface. All operations in the
-easy interface are prefixed with 'curl_easy'.
-
-Recent libcurl versions also offer the multi interface. More about that
-interface, what it is targeted for and how to use it is detailed in a separate
-chapter further down. You still need to understand the easy interface first,
-so please continue reading for better understanding.
+easy interface are prefixed with 'curl_easy'. The easy interface lets you do
+single transfers with a synchronous and blocking function call.

+libcurl also offers another interface that allows multiple simultaneous
+transfers in a single thread, the so called multi interface. More about that
+interface is detailed in a separate chapter further down. You still need to
+understand the easy interface first, so please continue reading for better
+understanding.
+.SH "Handle the Easy libcurl"
 To use the easy interface, you must first create yourself an easy handle. You
 need one handle for each easy session you want to perform. Basically, you
 should use one handle for every thread you plan to use for transferring. You
@@ -162,16 +164,21 @@ transfer or series of transfers.
 You set properties and options for this handle using
 \fIcurl_easy_setopt(3)\fP. They control how the subsequent transfer or
 transfers will be made. Options remain set in the handle until set again to
-something different. Alas, multiple requests using the same handle will use
-the same options.
+something different. They are sticky. Multiple requests using the same handle
+will use the same options.
+
+If you at any point would like to blank all previously set options for a
+single easy handle, you can call \fIcurl_easy_reset(3)\fP and you can also
+make a clone of an easy handle (with all its set options) using
+\fIcurl_easy_duphandle(3)\fP.

 Many of the options you set in libcurl are "strings", pointers to data
 terminated with a zero byte. When you set strings with
-\fIcurl_easy_setopt(3)\fP, libcurl makes its own copy so that they don't
-need to be kept around in your application after being set[4].
+\fIcurl_easy_setopt(3)\fP, libcurl makes its own copy so that they don't need
+to be kept around in your application after being set[4].

-One of the most basic properties to set in the handle is the URL. You set
-your preferred URL to transfer with CURLOPT_URL in a manner similar to:
+One of the most basic properties to set in the handle is the URL. You set your
+preferred URL to transfer with \fICURLOPT_URL(3)\fP in a manner similar to:

 .nf
 curl_easy_setopt(handle, CURLOPT_URL, "http://domain.com/");
@@ -197,27 +204,27 @@ by setting another property:

 Using that property, you can easily pass local data between your application
 and the function that gets invoked by libcurl. libcurl itself won't touch the
-data you pass with \fICURLOPT_WRITEDATA\fP.
+data you pass with \fICURLOPT_WRITEDATA(3)\fP.

-libcurl offers its own default internal callback that will take care of the data
-if you don't set the callback with \fICURLOPT_WRITEFUNCTION\fP. It will then
-simply output the received data to stdout. You can have the default callback
-write the data to a different file handle by passing a 'FILE *' to a file
-opened for writing with the \fICURLOPT_WRITEDATA\fP option.
+libcurl offers its own default internal callback that will take care of the
+data if you don't set the callback with \fICURLOPT_WRITEFUNCTION(3)\fP. It
+will then simply output the received data to stdout. You can have the default
+callback write the data to a different file handle by passing a 'FILE *' to a
+file opened for writing with the \fICURLOPT_WRITEDATA(3)\fP option.

 Now, we need to take a step back and have a deep breath. Here's one of those
 rare platform-dependent nitpicks. Did you spot it? On some platforms[2],
 libcurl won't be able to operate on files opened by the program. Thus, if you
 use the default callback and pass in an open file with
-\fICURLOPT_WRITEDATA\fP, it will crash. You should therefore avoid this to
+\fICURLOPT_WRITEDATA(3)\fP, it will crash. You should therefore avoid this to
 make your program run fine virtually everywhere.

-(\fICURLOPT_WRITEDATA\fP was formerly known as \fICURLOPT_FILE\fP. Both names
-still work and do the same thing).
+(\fICURLOPT_WRITEDATA(3)\fP was formerly known as \fICURLOPT_FILE\fP. Both
+names still work and do the same thing).

 If you're using libcurl as a win32 DLL, you MUST use the
-\fICURLOPT_WRITEFUNCTION\fP if you set \fICURLOPT_WRITEDATA\fP - or you will
-experience crashes.
+\fICURLOPT_WRITEFUNCTION(3)\fP if you set \fICURLOPT_WRITEDATA(3)\fP - or you
+will experience crashes.

 There are of course many more options you can set, and we'll get back to a few
 of them later. Let's instead continue to the actual transfer:
@@ -234,8 +241,8 @@ passed to it, libcurl will abort the operation and return with an error code.

 When the transfer is complete, the function returns a return code that informs
 you if it succeeded in its mission or not. If a return code isn't enough for
-you, you can use the CURLOPT_ERRORBUFFER to point libcurl to a buffer of yours
-where it'll store a human readable error message as well.
+you, you can use the \fICURLOPT_ERRORBUFFER(3)\fP to point libcurl to a buffer
+of yours where it'll store a human readable error message as well.

 If you then want to transfer another file, the handle is ready to be used
 again. Mind you, it is even preferred that you re-use an existing handle if
@@ -257,7 +264,7 @@ than one thread at any given time.

 libcurl is completely thread safe, except for two issues: signals and SSL/TLS
 handlers. Signals are used for timing out name resolves (during DNS lookup) -
-when built without c-ares support and not on Windows.
+when built without using either the c-ares or threaded resolver backends.

 If you are accessing HTTPS or FTPS URLs in a multi-threaded manner, you are
 then of course using the underlying SSL library multi-threaded and those libs
@@ -271,7 +278,7 @@ OpenSSL

 GnuTLS

- http://www.gnu.org/software/gnutls/manual/html_node/Multi_002dthreaded-applications.html
+ http://gnutls.org/manual/html_node/Thread-safety.html

 NSS

@@ -293,14 +300,14 @@ Secure Transport

 The engine is fully thread-safe, and no additional steps are required.

-When using multiple threads you should set the CURLOPT_NOSIGNAL option to 1
-for all handles. Everything will or might work fine except that timeouts are
-not honored during the DNS lookup - which you can work around by building
-libcurl with c-ares support. c-ares is a library that provides asynchronous
-name resolves. On some platforms, libcurl simply will not function properly
-multi-threaded unless this option is set.
+When using multiple threads you should set the \fICURLOPT_NOSIGNAL(3)\fP
+option to 1 for all handles. Everything will or might work fine except that
+timeouts are not honored during the DNS lookup - which you can work around by
+building libcurl with c-ares support. c-ares is a library that provides
+asynchronous name resolves. On some platforms, libcurl simply will not
+function properly multi-threaded unless this option is set.

-Also, note that CURLOPT_DNS_USE_GLOBAL_CACHE is not thread-safe.
+Also, note that \fICURLOPT_DNS_USE_GLOBAL_CACHE(3)\fP is not thread-safe.

 .SH "When It Doesn't Work"
 There will always be times when the transfer fails for some reason. You might
@@ -308,23 +315,23 @@ have set the wrong libcurl option or misunderstood what the libcurl option
 actually does, or the remote server might return non-standard replies that
 confuse the library which then confuses your program.

-There's one golden rule when these things occur: set the CURLOPT_VERBOSE
-option to 1. It'll cause the library to spew out the entire protocol
-details it sends, some internal info and some received protocol data as well
-(especially when using FTP). If you're using HTTP, adding the headers in the
-received output to study is also a clever way to get a better understanding
-why the server behaves the way it does. Include headers in the normal body
-output with CURLOPT_HEADER set 1.
+There's one golden rule when these things occur: set the
+\fICURLOPT_VERBOSE(3)\fP option to 1. It'll cause the library to spew out the
+entire protocol details it sends, some internal info and some received
+protocol data as well (especially when using FTP). If you're using HTTP,
+adding the headers in the received output to study is also a clever way to get
+a better understanding why the server behaves the way it does. Include headers
+in the normal body output with \fICURLOPT_HEADER(3)\fP set 1.

-Of course, there are bugs left. We need to know about them to be able
-to fix them, so we're quite dependent on your bug reports! When you do report
-suspected bugs in libcurl, please include as many details as you possibly can: a
-protocol dump that CURLOPT_VERBOSE produces, library version, as much as
-possible of your code that uses libcurl, operating system name and version,
-compiler name and version etc.
+Of course, there are bugs left. We need to know about them to be able to fix
+them, so we're quite dependent on your bug reports! When you do report
+suspected bugs in libcurl, please include as many details as you possibly can:
+a protocol dump that \fICURLOPT_VERBOSE(3)\fP produces, library version, as
+much as possible of your code that uses libcurl, operating system name and
+version, compiler name and version etc.

-If CURLOPT_VERBOSE is not enough, you increase the level of debug data your
-application receive by using the CURLOPT_DEBUGFUNCTION.
+If \fICURLOPT_VERBOSE(3)\fP is not enough, you increase the level of debug
+data your application receive by using the \fICURLOPT_DEBUGFUNCTION(3)\fP.

 Getting some in-depth knowledge about the protocols involved is never wrong,
 and if you're trying to do funny things, you might very well understand
@@ -363,7 +370,7 @@ Tell libcurl that we want to upload:

 A few protocols won't behave properly when uploads are done without any prior
 knowledge of the expected file size. So, set the upload file size using the
-CURLOPT_INFILESIZE_LARGE for all known file sizes like this[1]:
+\fICURLOPT_INFILESIZE_LARGE(3)\fP for all known file sizes like this[1]:

 .nf
 /* in this example, file_size must be an curl_off_t variable */
@@ -393,15 +400,15 @@ them URL encoded, as %XX where XX is a two-digit hexadecimal number.

 libcurl also provides options to set various passwords. The user name and
 password as shown embedded in the URL can instead get set with the
-CURLOPT_USERPWD option. The argument passed to libcurl should be a char * to
-a string in the format "user:password". In a manner like this:
+\fICURLOPT_USERPWD(3)\fP option. The argument passed to libcurl should be a
+char * to a string in the format "user:password". In a manner like this:

 curl_easy_setopt(easyhandle, CURLOPT_USERPWD, "myname:thesecret");

 Another case where name and password might be needed at times, is for those
 users who need to authenticate themselves to a proxy they use. libcurl offers
-another option for this, the CURLOPT_PROXYUSERPWD. It is used quite similar
-to the CURLOPT_USERPWD option like this:
+another option for this, the \fICURLOPT_PROXYUSERPWD(3)\fP. It is used quite
+similar to the \fICURLOPT_USERPWD(3)\fP option like this:

 curl_easy_setopt(easyhandle, CURLOPT_PROXYUSERPWD, "myname:thesecret");

@@ -412,7 +419,7 @@ chapter), as it might contain the password in plain text. libcurl has the
 ability to use this file to figure out what set of user name and password to
 use for a particular host. As an extension to the normal functionality,
 libcurl also supports this file for non-FTP protocols such as HTTP. To make
-curl use this file, use the CURLOPT_NETRC option:
+curl use this file, use the \fICURLOPT_NETRC(3)\fP option:

 curl_easy_setopt(easyhandle, CURLOPT_NETRC, 1L);

@@ -442,13 +449,13 @@ authentication method is called 'Basic', which is sending the name and
 password in clear-text in the HTTP request, base64-encoded. This is insecure.

 At the time of this writing, libcurl can be built to use: Basic, Digest, NTLM,
-Negotiate, GSS-Negotiate and SPNEGO. You can tell libcurl which one to use
-with CURLOPT_HTTPAUTH as in:
+Negotiate (SPNEGO). You can tell libcurl which one to use
+with \fICURLOPT_HTTPAUTH(3)\fP as in:

 curl_easy_setopt(easyhandle, CURLOPT_HTTPAUTH, CURLAUTH_DIGEST);

 And when you send authentication to a proxy, you can also set authentication
-type the same way but instead with CURLOPT_PROXYAUTH:
+type the same way but instead with \fICURLOPT_PROXYAUTH(3)\fP:

 curl_easy_setopt(easyhandle, CURLOPT_PROXYAUTH, CURLAUTH_NTLM);

@@ -484,8 +491,8 @@ libcurl to post it all to the remote site:
 .fi

 Simple enough, huh? Since you set the POST options with the
-CURLOPT_POSTFIELDS, this automatically switches the handle to use POST in the
-upcoming request.
+\fICURLOPT_POSTFIELDS(3)\fP, this automatically switches the handle to use
+POST in the upcoming request.

 Ok, so what if you want to post binary data that also requires you to set the
 Content-Type: header of the post? Well, binary posts prevent libcurl from
@@ -576,14 +583,14 @@ post handle:

 Since all options on an easyhandle are "sticky", they remain the same until
 changed even if you do call \fIcurl_easy_perform(3)\fP, you may need to tell
-curl to go back to a plain GET request if you intend to do one as your
-next request. You force an easyhandle to go back to GET by using the
-CURLOPT_HTTPGET option:
+curl to go back to a plain GET request if you intend to do one as your next
+request. You force an easyhandle to go back to GET by using the
+\fICURLOPT_HTTPGET(3)\fP option:

 curl_easy_setopt(easyhandle, CURLOPT_HTTPGET, 1L);

-Just setting CURLOPT_POSTFIELDS to "" or NULL will *not* stop libcurl from
-doing a POST. It will just make it POST without any data to send!
+Just setting \fICURLOPT_POSTFIELDS(3)\fP to "" or NULL will *not* stop libcurl
+from doing a POST. It will just make it POST without any data to send!

 .SH "Showing Progress"

@@ -591,16 +598,16 @@ For historical and traditional reasons, libcurl has a built-in progress meter
 that can be switched on and then makes it present a progress meter in your
 terminal.

-Switch on the progress meter by, oddly enough, setting CURLOPT_NOPROGRESS to
-zero. This option is set to 1 by default.
+Switch on the progress meter by, oddly enough, setting
+\fICURLOPT_NOPROGRESS(3)\fP to zero. This option is set to 1 by default.

 For most applications however, the built-in progress meter is useless and
 what instead is interesting is the ability to specify a progress
 callback. The function pointer you pass to libcurl will then be called on
 irregular intervals with information about the current transfer.

-Set the progress callback by using CURLOPT_PROGRESSFUNCTION. And pass a
-pointer to a function that matches this prototype:
+Set the progress callback by using \fICURLOPT_PROGRESSFUNCTION(3)\fP. And pass
+a pointer to a function that matches this prototype:

 .nf
 int progress_callback(void *clientp,
@@ -612,7 +619,7 @@ pointer to a function that matches this prototype:

 If any of the input arguments is unknown, a 0 will be passed. The first
 argument, the 'clientp' is the pointer you pass to libcurl with
-CURLOPT_PROGRESSDATA. libcurl won't touch it.
+\fICURLOPT_PROGRESSDATA(3)\fP. libcurl won't touch it.

 .SH "libcurl with C++"

@@ -671,11 +678,12 @@ pass that information similar to this:

 curl_easy_setopt(easyhandle, CURLOPT_PROXYUSERPWD, "user:password");

-If you want to, you can specify the host name only in the CURLOPT_PROXY
-option, and set the port number separately with CURLOPT_PROXYPORT.
+If you want to, you can specify the host name only in the
+\fICURLOPT_PROXY(3)\fP option, and set the port number separately with
+\fICURLOPT_PROXYPORT(3)\fP.

-Tell libcurl what kind of proxy it is with CURLOPT_PROXYTYPE (if not, it will
-default to assume a HTTP proxy):
+Tell libcurl what kind of proxy it is with \fICURLOPT_PROXYTYPE(3)\fP (if not,
+it will default to assume a HTTP proxy):

 curl_easy_setopt(easyhandle, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS4);

@@ -704,7 +712,8 @@ variable may say so. If 'no_proxy' is a plain asterisk ("*") it matches all
 hosts.

 To explicitly disable libcurl's checking for and using the proxy environment
-variables, set the proxy name to "" - an empty string - with CURLOPT_PROXY.
+variables, set the proxy name to "" - an empty string - with
+\fICURLOPT_PROXY(3)\fP.
 .IP "SSL and Proxies"

 SSL is for secure point-to-point connections. This involves strong encryption
@@ -800,21 +809,21 @@ may also be added in the future.

 Each easy handle will attempt to keep the last few connections alive for a
 while in case they are to be used again. You can set the size of this "cache"
-with the CURLOPT_MAXCONNECTS option. Default is 5. There is very seldom any
-point in changing this value, and if you think of changing this it is often
-just a matter of thinking again.
+with the \fICURLOPT_MAXCONNECTS(3)\fP option. Default is 5. There is very
+seldom any point in changing this value, and if you think of changing this it
+is often just a matter of thinking again.

 To force your upcoming request to not use an already existing connection (it
 will even close one first if there happens to be one alive to the same host
-you're about to operate on), you can do that by setting CURLOPT_FRESH_CONNECT
-to 1. In a similar spirit, you can also forbid the upcoming request to be
-"lying" around and possibly get re-used after the request by setting
-CURLOPT_FORBID_REUSE to 1.
+you're about to operate on), you can do that by setting
+\fICURLOPT_FRESH_CONNECT(3)\fP to 1. In a similar spirit, you can also forbid
+the upcoming request to be "lying" around and possibly get re-used after the
+request by setting \fICURLOPT_FORBID_REUSE(3)\fP to 1.

 .SH "HTTP Headers Used by libcurl"
 When you use libcurl to do HTTP requests, it'll pass along a series of headers
 automatically. It might be good for you to know and understand these. You
-can replace or remove them by using the CURLOPT_HTTPHEADER option.
+can replace or remove them by using the \fICURLOPT_HTTPHEADER(3)\fP option.

 .IP "Host"
 This header is required by HTTP 1.1 and even many 1.0 servers and should be
@@ -843,8 +852,8 @@ libcurl is your friend here too.

 .IP CUSTOMREQUEST
 If just changing the actual HTTP request keyword is what you want, like when
-GET, HEAD or POST is not good enough for you, CURLOPT_CUSTOMREQUEST is there
-for you. It is very simple to use:
+GET, HEAD or POST is not good enough for you, \fICURLOPT_CUSTOMREQUEST(3)\fP
+is there for you. It is very simple to use:

 curl_easy_setopt(easyhandle, CURLOPT_CUSTOMREQUEST, "MYOWNREQUEST");

@@ -939,28 +948,29 @@ A little example that deletes a given file before an operation:

 If you would instead want this operation (or chain of operations) to happen
 _after_ the data transfer took place the option to \fIcurl_easy_setopt(3)\fP
-would instead be called CURLOPT_POSTQUOTE and used the exact same way.
+would instead be called \fICURLOPT_POSTQUOTE(3)\fP and used the exact same
+way.

 The custom FTP command will be issued to the server in the same order they are
 added to the list, and if a command gets an error code returned back from the
 server, no more commands will be issued and libcurl will bail out with an
-error code (CURLE_QUOTE_ERROR). Note that if you use CURLOPT_QUOTE to send
-commands before a transfer, no transfer will actually take place when a quote
-command has failed.
+error code (CURLE_QUOTE_ERROR). Note that if you use \fICURLOPT_QUOTE(3)\fP to
+send commands before a transfer, no transfer will actually take place when a
+quote command has failed.

-If you set the CURLOPT_HEADER to 1, you will tell libcurl to get
+If you set the \fICURLOPT_HEADER(3)\fP to 1, you will tell libcurl to get
 information about the target file and output "headers" about it. The headers
 will be in "HTTP-style", looking like they do in HTTP.

 The option to enable headers or to run custom FTP commands may be useful to
-combine with CURLOPT_NOBODY. If this option is set, no actual file content
-transfer will be performed.
+combine with \fICURLOPT_NOBODY(3)\fP. If this option is set, no actual file
+content transfer will be performed.

 .IP "FTP Custom CUSTOMREQUEST"
-If you do want to list the contents of a FTP directory using your own defined FTP
-command, CURLOPT_CUSTOMREQUEST will do just that. "NLST" is the default one
-for listing directories but you're free to pass in your idea of a good
-alternative.
+If you do want to list the contents of a FTP directory using your own defined
+FTP command, \fICURLOPT_CUSTOMREQUEST(3)\fP will do just that. "NLST" is the
+default one for listing directories but you're free to pass in your idea of a
+good alternative.

 .SH "Cookies Without Chocolate Chips"
 In the HTTP sense, a cookie is a name with an associated value. A server sends
@@ -975,8 +985,8 @@ update them. Server use cookies to "track" users and to keep "sessions".
 Cookies are sent from server to clients with the header Set-Cookie: and
 they're sent from clients to servers with the Cookie: header.

-To just send whatever cookie you want to a server, you can use CURLOPT_COOKIE
-to set a cookie string like this:
+To just send whatever cookie you want to a server, you can use
+\fICURLOPT_COOKIE(3)\fP to set a cookie string like this:

 curl_easy_setopt(easyhandle, CURLOPT_COOKIE, "name1=var1; name2=var2;");

@@ -987,29 +997,30 @@ are then used accordingly on later requests.
 One way to do this, is to save all headers you receive in a plain file and
 when you make a request, you tell libcurl to read the previous headers to
 figure out which cookies to use. Set the header file to read cookies from with
-CURLOPT_COOKIEFILE.
+\fICURLOPT_COOKIEFILE(3)\fP.

-The CURLOPT_COOKIEFILE option also automatically enables the cookie parser in
-libcurl. Until the cookie parser is enabled, libcurl will not parse or
-understand incoming cookies and they will just be ignored. However, when the
-parser is enabled the cookies will be understood and the cookies will be kept
-in memory and used properly in subsequent requests when the same handle is
-used. Many times this is enough, and you may not have to save the cookies to
-disk at all. Note that the file you specify to CURLOPT_COOKIEFILE doesn't have
-to exist to enable the parser, so a common way to just enable the parser and
-not read any cookies is to use the name of a file you know doesn't exist.
+The \fICURLOPT_COOKIEFILE(3)\fP option also automatically enables the cookie
+parser in libcurl. Until the cookie parser is enabled, libcurl will not parse
+or understand incoming cookies and they will just be ignored. However, when
+the parser is enabled the cookies will be understood and the cookies will be
+kept in memory and used properly in subsequent requests when the same handle
+is used. Many times this is enough, and you may not have to save the cookies
+to disk at all. Note that the file you specify to \ICURLOPT_COOKIEFILE(3)\fP
+doesn't have to exist to enable the parser, so a common way to just enable the
+parser and not read any cookies is to use the name of a file you know doesn't
+exist.

 If you would rather use existing cookies that you've previously received with
 your Netscape or Mozilla browsers, you can make libcurl use that cookie file
-as input. The CURLOPT_COOKIEFILE is used for that too, as libcurl will
-automatically find out what kind of file it is and act accordingly.
+as input. The \fICURLOPT_COOKIEFILE(3)\fP is used for that too, as libcurl
+will automatically find out what kind of file it is and act accordingly.

 Perhaps the most advanced cookie operation libcurl offers, is saving the
 entire internal cookie state back into a Netscape/Mozilla formatted cookie
 file. We call that the cookie-jar. When you set a file name with
-CURLOPT_COOKIEJAR, that file name will be created and all received cookies
-will be stored in it when \fIcurl_easy_cleanup(3)\fP is called. This enables
-cookies to get passed on properly between multiple handles without any
+\fICURLOPT_COOKIEJAR(3)\fP, that file name will be created and all received
+cookies will be stored in it when \fIcurl_easy_cleanup(3)\fP is called. This
+enables cookies to get passed on properly between multiple handles without any
 information getting lost.

 .SH "FTP Peculiarities We Need"
@@ -1028,36 +1039,36 @@ work it tries PASV instead. (EPSV is an extension to the original FTP spec
 and does not exist nor work on all FTP servers.)

 You can prevent libcurl from first trying the EPSV command by setting
-CURLOPT_FTP_USE_EPSV to zero.
+\fICURLOPT_FTP_USE_EPSV(3)\fP to zero.

 In some cases, you will prefer to have the server connect back to you for the
 second connection. This might be when the server is perhaps behind a firewall
 or something and only allows connections on a single port. libcurl then
 informs the remote server which IP address and port number to connect to.
-This is made with the CURLOPT_FTPPORT option. If you set it to "-", libcurl
-will use your system's "default IP address". If you want to use a particular
-IP, you can set the full IP address, a host name to resolve to an IP address
-or even a local network interface name that libcurl will get the IP address
-from.
+This is made with the \fICURLOPT_FTPPORT(3)\fP option. If you set it to "-",
+libcurl will use your system's "default IP address". If you want to use a
+particular IP, you can set the full IP address, a host name to resolve to an
+IP address or even a local network interface name that libcurl will get the IP
+address from.

 When doing the "PORT" approach, libcurl will attempt to use the EPRT and the
 LPRT before trying PORT, as they work with more protocols. You can disable
-this behavior by setting CURLOPT_FTP_USE_EPRT to zero.
+this behavior by setting \fICURLOPT_FTP_USE_EPRT(3)\fP to zero.

 .SH "Headers Equal Fun"

 Some protocols provide "headers", meta-data separated from the normal
-data. These headers are by default not included in the normal data stream,
-but you can make them appear in the data stream by setting CURLOPT_HEADER to
-1.
+data. These headers are by default not included in the normal data stream, but
+you can make them appear in the data stream by setting \fICURLOPT_HEADER(3)\fP
+to 1.

 What might be even more useful, is libcurl's ability to separate the headers
 from the data and thus make the callbacks differ. You can for example set a
 different pointer to pass to the ordinary write callback by setting
-CURLOPT_WRITEHEADER.
+\fICURLOPT_HEADERDATA(3)\fP.

-Or, you can set an entirely separate function to receive the headers, by
-using CURLOPT_HEADERFUNCTION.
+Or, you can set an entirely separate function to receive the headers, by using
+\fICURLOPT_HEADERFUNCTION(3)\fP.

 The headers are passed to the callback function one by one, and you can
 depend on that fact. It makes it easier for you to add custom header parsers
@@ -1123,13 +1134,13 @@ don't let snoopers see your password: HTTP with Digest, NTLM or GSS
 authentication, HTTPS, FTPS, SCP, SFTP and FTP-Kerberos are a few examples.

 .IP "Redirects"
-The CURLOPT_FOLLOWLOCATION option automatically follows HTTP redirects sent
-by a remote server.  These redirects can refer to any kind of URL, not just
-HTTP.  A redirect to a file: URL would cause the libcurl to read (or write)
-arbitrary files from the local filesystem.  If the application returns
-the data back to the user (as would happen in some kinds of CGI scripts),
-an attacker could leverage this to read otherwise forbidden data (e.g.
-file://localhost/etc/passwd).
+The \fICURLOPT_FOLLOWLOCATION(3)\fP option automatically follows HTTP
+redirects sent by a remote server.  These redirects can refer to any kind of
+URL, not just HTTP.  A redirect to a file: URL would cause the libcurl to read
+(or write) arbitrary files from the local filesystem.  If the application
+returns the data back to the user (as would happen in some kinds of CGI
+scripts), an attacker could leverage this to read otherwise forbidden data
+(e.g.  file://localhost/etc/passwd).

 If authentication credentials are stored in the ~/.netrc file, or Kerberos
 is in use, any other URL type (not just file:) that requires
@@ -1142,19 +1153,20 @@ the user running the libcurl application, SCP: or SFTP: URLs could access
 password or private-key protected resources,
 e.g. sftp://user@some-internal-server/etc/passwd

-The CURLOPT_REDIR_PROTOCOLS and CURLOPT_NETRC options can be used to
-mitigate against this kind of attack.
+The \fICURLOPT_REDIR_PROTOCOLS(3)\fP and \fICURLOPT_NETRC(3)\fP options can be
+used to mitigate against this kind of attack.

 A redirect can also specify a location available only on the machine running
 libcurl, including servers hidden behind a firewall from the attacker.
 e.g. http://127.0.0.1/ or http://intranet/delete-stuff.cgi?delete=all or
 tftp://bootp-server/pc-config-data

-Apps can mitigate against this by disabling CURLOPT_FOLLOWLOCATION and
-handling redirects itself, sanitizing URLs as necessary. Alternately, an
-app could leave CURLOPT_FOLLOWLOCATION enabled but set CURLOPT_REDIR_PROTOCOLS
-and install a CURLOPT_OPENSOCKETFUNCTION callback function in which addresses
-are sanitized before use.
+Apps can mitigate against this by disabling \fICURLOPT_FOLLOWLOCATION(3)\fP
+and handling redirects itself, sanitizing URLs as necessary. Alternately, an
+app could leave \fICURLOPT_FOLLOWLOCATION(3)\fP enabled but set
+\fICURLOPT_REDIR_PROTOCOLS(3)\fP and install a
+\fICURLOPT_OPENSOCKETFUNCTION(3)\fP callback function in which addresses are
+sanitized before use.

 .IP "Private Resources"
 A user who can control the DNS server of a domain being passed in within a URL
@@ -1162,21 +1174,21 @@ can change the address of the host to a local, private address which a
 server-side libcurl-using application could then use. e.g. the innocuous URL
 http://fuzzybunnies.example.com/ could actually resolve to the IP address of a
 server behind a firewall, such as 127.0.0.1 or 10.1.2.3.  Apps can mitigate
-against this by setting a CURLOPT_OPENSOCKETFUNCTION and checking the address
-before a connection.
+against this by setting a \fICURLOPT_OPENSOCKETFUNCTION(3)\fP and checking the
+address before a connection.

-All the malicious scenarios regarding redirected URLs apply just as well
-to non-redirected URLs, if the user is allowed to specify an arbitrary URL
-that could point to a private resource. For example, a web app providing
-a translation service might happily translate file://localhost/etc/passwd
-and display the result.  Apps can mitigate against this with the
-CURLOPT_PROTOCOLS option as well as by similar mitigation techniques for
-redirections.
+All the malicious scenarios regarding redirected URLs apply just as well to
+non-redirected URLs, if the user is allowed to specify an arbitrary URL that
+could point to a private resource. For example, a web app providing a
+translation service might happily translate file://localhost/etc/passwd and
+display the result.  Apps can mitigate against this with the
+\fICURLOPT_PROTOCOLS(3)\fP option as well as by similar mitigation techniques
+for redirections.

-A malicious FTP server could in response to the PASV command return an
-IP address and port number for a server local to the app running libcurl
-but behind a firewall.  Apps can mitigate against this by using the
-CURLOPT_FTP_SKIP_PASV_IP option or CURLOPT_FTPPORT.
+A malicious FTP server could in response to the PASV command return an IP
+address and port number for a server local to the app running libcurl but
+behind a firewall.  Apps can mitigate against this by using the
+\fICURLOPT_FTP_SKIP_PASV_IP(3)\fP option or \fICURLOPT_FTPPORT(3)\fP.

 .IP "IPv6 Addresses"
 libcurl will normally handle IPv6 addresses transparently and just as easily
@@ -1193,25 +1205,25 @@ can be used to limit resolved addresses to IPv4 only and bypass these issues.

 .IP Uploads
 When uploading, a redirect can cause a local (or remote) file to be
-overwritten.  Apps must not allow any unsanitized URL to be passed in
-for uploads.  Also, CURLOPT_FOLLOWLOCATION should not be used on uploads.
+overwritten.  Apps must not allow any unsanitized URL to be passed in for
+uploads.  Also, \fICURLOPT_FOLLOWLOCATION(3)\fP should not be used on uploads.
 Instead, the app should handle redirects itself, sanitizing each URL first.

 .IP Authentication
-Use of CURLOPT_UNRESTRICTED_AUTH could cause authentication information to
-be sent to an unknown second server.  Apps can mitigate against this
-by disabling CURLOPT_FOLLOWLOCATION and handling redirects itself,
-sanitizing where necessary.
+Use of \fICURLOPT_UNRESTRICTED_AUTH(3)\fP could cause authentication
+information to be sent to an unknown second server.  Apps can mitigate against
+this by disabling \fICURLOPT_FOLLOWLOCATION(3)\fP and handling redirects
+itself, sanitizing where necessary.

-Use of the CURLAUTH_ANY option to CURLOPT_HTTPAUTH could result in user
-name and password being sent in clear text to an HTTP server.  Instead,
-use CURLAUTH_ANYSAFE which ensures that the password is encrypted over
-the network, or else fail the request.
+Use of the CURLAUTH_ANY option to \fICURLOPT_HTTPAUTH(3)\fP could result in
+user name and password being sent in clear text to an HTTP server.  Instead,
+use CURLAUTH_ANYSAFE which ensures that the password is encrypted over the
+network, or else fail the request.

-Use of the CURLUSESSL_TRY option to CURLOPT_USE_SSL could result in user
-name and password being sent in clear text to an FTP server.  Instead,
-use CURLUSESSL_CONTROL to ensure that an encrypted connection is used or
-else fail the request.
+Use of the CURLUSESSL_TRY option to \fICURLOPT_USE_SSL(3)\fP could result in
+user name and password being sent in clear text to an FTP server.  Instead,
+use CURLUSESSL_CONTROL to ensure that an encrypted connection is used or else
+fail the request.

 .IP Cookies
 If cookies are enabled and cached, then a user could craft a URL which
@@ -1227,34 +1239,35 @@ scp://user:pass@host/a;date >/tmp/test;
 Apps must not allow unsanitized SCP: URLs to be passed in for downloads.

 .IP "Denial of Service"
-A malicious server could cause libcurl to effectively hang by sending
-a trickle of data through, or even no data at all but just keeping the TCP
+A malicious server could cause libcurl to effectively hang by sending a
+trickle of data through, or even no data at all but just keeping the TCP
 connection open.  This could result in a denial-of-service attack. The
-CURLOPT_TIMEOUT and/or CURLOPT_LOW_SPEED_LIMIT options can be used to
-mitigate against this.
+\fICURLOPT_TIMEOUT(3)\fP and/or \fICURLOPT_LOW_SPEED_LIMIT(3)\fP options can
+be used to mitigate against this.

-A malicious server could cause libcurl to effectively hang by starting to
-send data, then severing the connection without cleanly closing the
-TCP connection.  The app could install a CURLOPT_SOCKOPTFUNCTION callback
-function and set the TCP SO_KEEPALIVE option to mitigate against this.
-Setting one of the timeout options would also work against this attack.
+A malicious server could cause libcurl to effectively hang by starting to send
+data, then severing the connection without cleanly closing the TCP connection.
+The app could install a \fICURLOPT_SOCKOPTFUNCTION(3)\fP callback function and
+set the TCP SO_KEEPALIVE option to mitigate against this.  Setting one of the
+timeout options would also work against this attack.

-A malicious server could cause libcurl to download an infinite amount of
-data, potentially causing all of memory or disk to be filled. Setting
-the CURLOPT_MAXFILESIZE_LARGE option is not sufficient to guard against this.
-Instead, the app should monitor the amount of data received within the
+A malicious server could cause libcurl to download an infinite amount of data,
+potentially causing all of memory or disk to be filled. Setting the
+\fICURLOPT_MAXFILESIZE_LARGE(3)\fP option is not sufficient to guard against
+this.  Instead, the app should monitor the amount of data received within the
 write or progress callback and abort once the limit is reached.

 A malicious HTTP server could cause an infinite redirection loop, causing a
-denial-of-service. This can be mitigated by using the CURLOPT_MAXREDIRS
-option.
+denial-of-service. This can be mitigated by using the
+\fICURLOPT_MAXREDIRS(3)\fP option.

 .IP "Arbitrary Headers"
 User-supplied data must be sanitized when used in options like
-CURLOPT_USERAGENT, CURLOPT_HTTPHEADER, CURLOPT_POSTFIELDS and others that
-are used to generate structured data. Characters like embedded carriage
-returns or ampersands could allow the user to create additional headers or
-fields that could cause malicious transactions.
+\fICURLOPT_USERAGENT(3)\fP, \fICURLOPT_HTTPHEADER(3)\fP,
+\fICURLOPT_POSTFIELDS(3)\fP and others that are used to generate structured
+data. Characters like embedded carriage returns or ampersands could allow the
+user to create additional headers or fields that could cause malicious
+transactions.

 .IP "Server-supplied Names"
 A server can supply data which the application may, in some cases, use as
@@ -1266,9 +1279,9 @@ names to avoid the possibility of a malicious server supplying one like
 "/etc/passwd", "\\autoexec.bat", "prn:" or even ".bashrc".

 .IP "Server Certificates"
-A secure application should never use the CURLOPT_SSL_VERIFYPEER option to
-disable certificate validation. There are numerous attacks that are enabled
-by apps that fail to properly validate server TLS/SSL certificates,
+A secure application should never use the \fICURLOPT_SSL_VERIFYPEER(3)\fP
+option to disable certificate validation. There are numerous attacks that are
+enabled by apps that fail to properly validate server TLS/SSL certificates,
 thus enabling a malicious server to spoof a legitimate one. HTTPS without
 validated certificates is potentially as insecure as a plain HTTP connection.

@@ -1289,39 +1302,44 @@ To avoid this problem, you must of course use your common sense. Often, you
 can just edit out the sensitive data or just search/replace your true
 information with faked data.

-.SH "Multiple Transfers Using the multi Interface"
-
+.SH "The multi Interface"
 The easy interface as described in detail in this document is a synchronous
 interface that transfers one file at a time and doesn't return until it is
 done.

 The multi interface, on the other hand, allows your program to transfer
-multiple files in both directions at the same time, without forcing you
-to use multiple threads.  The name might make it seem that the multi
-interface is for multi-threaded programs, but the truth is almost the
-reverse.  The multi interface can allow a single-threaded application
-to perform the same kinds of multiple, simultaneous transfers that
-multi-threaded programs can perform.  It allows many of the benefits
-of multi-threaded transfers without the complexity of managing and
-synchronizing many threads.
+multiple files in both directions at the same time, without forcing you to use
+multiple threads.  The name might make it seem that the multi interface is for
+multi-threaded programs, but the truth is almost the reverse.  The multi
+interface allows a single-threaded application to perform the same kinds of
+multiple, simultaneous transfers that multi-threaded programs can perform.  It
+allows many of the benefits of multi-threaded transfers without the complexity
+of managing and synchronizing many threads.
+
+To complicate matters somewhat more, there are even two versions of the multi
+interface. The event based one, also called multi_socket and the "normal one"
+designed for using with select(). See the libcurl-multi.3 man page for details
+on the multi_socket event based API, this description here is for the select()
+oriented one.

 To use this interface, you are better off if you first understand the basics
 of how to use the easy interface. The multi interface is simply a way to make
 multiple transfers at the same time by adding up multiple easy handles into
 a "multi stack".

-You create the easy handles you want and you set all the options just like you
-have been told above, and then you create a multi handle with
-\fIcurl_multi_init(3)\fP and add all those easy handles to that multi handle
-with \fIcurl_multi_add_handle(3)\fP.
+You create the easy handles you want, one for each concurrent transfer, and
+you set all the options just like you learned above, and then you create a
+multi handle with \fIcurl_multi_init(3)\fP and add all those easy handles to
+that multi handle with \fIcurl_multi_add_handle(3)\fP.

 When you've added the handles you have for the moment (you can still add new
 ones at any time), you start the transfers by calling
 \fIcurl_multi_perform(3)\fP.

-\fIcurl_multi_perform(3)\fP is asynchronous. It will only execute as little as
-possible and then return back control to your program. It is designed to never
-block.
+\fIcurl_multi_perform(3)\fP is asynchronous. It will only perform what can be
+done now and then return back control to your program. It is designed to never
+block. You need to keep calling the function until all transfers are
+completed.

 The best usage of this interface is when you do a select() on all possible
 file descriptors or sockets to know when to call libcurl again. This also
@@ -1334,11 +1352,12 @@ When you then call select(), it'll return when one of the file handles signal
 action and you then call \fIcurl_multi_perform(3)\fP to allow libcurl to do
 what it wants to do. Take note that libcurl does also feature some time-out
 code so we advise you to never use very long timeouts on select() before you
-call \fIcurl_multi_perform(3)\fP, which thus should be called unconditionally
-every now and then even if none of its file descriptors have signaled
-ready. Another precaution you should use: always call
-\fIcurl_multi_fdset(3)\fP immediately before the select() call since the
-current set of file descriptors may change when calling a curl function.
+call \fIcurl_multi_perform(3)\fP again. \fIcurl_multi_timeout(3)\fP is
+provided to help you get a suitable timeout period.
+
+Another precaution you should use: always call \fIcurl_multi_fdset(3)\fP
+immediately before the select() call since the current set of file descriptors
+may change in any curl function invoke.

 If you want to stop the transfer of one of the easy handles in the stack, you
 can use \fIcurl_multi_remove_handle(3)\fP to remove individual easy
@@ -1389,3 +1408,5 @@ installs the library, header files, man pages etc.
 .IP "[4]"
 This behavior was different in versions before 7.17.0, where strings had to
 remain valid past the end of the \fIcurl_easy_setopt(3)\fP call.
+.SH "SEE ALSO"
+.BR libcurl-errors "(3), " libcurl-multi "(3), " libcurl-easy "(3) "
--- a/docs/libcurl/libcurl.3
+++ b/docs/libcurl/libcurl.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -29,22 +29,21 @@ specific man pages for each function mentioned in here. There are also the
 \fIlibcurl-share(3)\fP man page and the \fIlibcurl-tutorial(3)\fP man page for
 in-depth understanding on how to program with libcurl.

-There are more than thirty custom bindings available that bring libcurl access
-to your favourite language. Look elsewhere for documentation on those.
+There are many bindings available that bring libcurl access to your favourite
+language. Look elsewhere for documentation on those.

-libcurl has a global constant environment that you must set up and
-maintain while using libcurl.  This essentially means you call
+libcurl has a global constant environment that you must set up and maintain
+while using libcurl.  This essentially means you call
 \fIcurl_global_init(3)\fP at the start of your program and
-\fIcurl_global_cleanup(3)\fP at the end.  See GLOBAL CONSTANTS below
-for details.
+\fIcurl_global_cleanup(3)\fP at the end.  See \fBGLOBAL CONSTANTS\fP below for
+details.

-To transfer files, you always set up an "easy handle" using
-\fIcurl_easy_init(3)\fP for a single specific transfer (in either
-direction). You then set your desired set of options in that handle with
-\fIcurk_easy_setopt(3)\fP. Options you set with \fIcurl_easy_setopt(3)\fP will
-be used on every repeated use of this handle until you either call the
-function again and change the option, or you reset them all with
-\fIcurl_easy_reset(3)\fP.
+To transfer files, you create an "easy handle" using \fIcurl_easy_init(3)\fP
+for a single individual transfer (in either direction). You then set your
+desired set of options in that handle with \fIcurl_easy_setopt(3)\fP. Options
+you set with \fIcurl_easy_setopt(3)\fP stick. They will be used on every
+repeated use of this handle until you either change the option, or you reset
+them all with \fIcurl_easy_reset(3)\fP.

 To actually transfer data you have the option of using the "easy" interface,
 or the "multi" interface.
@@ -98,6 +97,8 @@ Unix-like operating system that ship libcurl as part of their distributions
 often don't provide the curl-config tool, but simply install the library and
 headers in the common path for this purpose.

+Many Linux and similar sytems use pkg-config to provide build and link options
+about libraries and libcurl supports that as well.
 .SH "LIBCURL SYMBOL NAMES"
 All public functions in the libcurl interface are prefixed with 'curl_' (with
 a lowercase c). You can find other functions in the library source code, but
@@ -115,8 +116,8 @@ several threads. libcurl is thread-safe and can be used in any number of
 threads, but you must use separate curl handles if you want to use libcurl in
 more than one thread simultaneously.

-The global environment functions are not thread-safe.  See GLOBAL CONSTANTS
-below for details.
+The global environment functions are not thread-safe.  See \fBGLOBAL
+CONSTANTS\fP below for details.

 .SH "PERSISTENT CONNECTIONS"
 Persistent connections means that libcurl can re-use the same connection for
--- a/docs/libcurl/libcurl.m4
+++ b/docs/libcurl/libcurl.m4
@@ -1,3 +1,24 @@
+#***************************************************************************
+#                                  _   _ ____  _
+#  Project                     ___| | | |  _ \| |
+#                             / __| | | | |_) | |
+#                            | (__| |_| |  _ <| |___
+#                             \___|\___/|_| \_\_____|
+#
+# Copyright (C) 2006, David Shaw <dshaw@jabberwocky.com>
+#
+# This software is licensed as described in the file COPYING, which
+# you should have received as part of this distribution. The terms
+# are also available at http://curl.haxx.se/docs/copyright.html.
+#
+# You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# copies of the Software, and permit persons to whom the Software is
+# furnished to do so, under the terms of the COPYING file.
+#
+# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# KIND, either express or implied.
+#
+###########################################################################
 # LIBCURL_CHECK_CONFIG ([DEFAULT-ACTION], [MINIMUM-VERSION],
 #                       [ACTION-IF-YES], [ACTION-IF-NO])
 # ----------------------------------------------------------
@@ -153,7 +174,7 @@ int x;
 curl_easy_setopt(NULL,CURLOPT_URL,NULL);
 x=CURL_ERROR_SIZE;
 x=CURLOPT_WRITEFUNCTION;
-x=CURLOPT_FILE;
+x=CURLOPT_WRITEDATA;
 x=CURLOPT_ERRORBUFFER;
 x=CURLOPT_STDERR;
 x=CURLOPT_VERBOSE;
--- a/Show More
+++ b/Show More