RELEASE-NOTES: version 7.40.0

...to avoid a session ID getting cached without certificate checking and
then after a subsequent _enabling_ of the check libcurl could still
re-use the session done without cert checks.

Bug: http://curl.haxx.se/docs/adv_20150108A.html
Reported-by: Marc Hesse

.gitignore

@@ -45,5 +45,4 @@ CHANGES.dist
 .project
 .cproject
 .settings
-/[0-9]*.patch
 .dirstamp

CHANGES.0

@@ -267,7 +267,7 @@ Daniel Stenberg (16 Apr 2010)
 Daniel Stenberg (15 Apr 2010)
 - Rainer Canavan filed bug report #2987196 that identified libcurl doing
   unnecesary reverse name lookups in many cases when built to use IPv4 and
-  getaddrinfo(). The logic for ipv6 is now used for ipv4 too.
+  getaddrinfo(). The logic for IPv6 is now used for IPv4 too.
 
   (http://curl.haxx.se/bug/view.cgi?id=2963679)
 
@@ -4271,7 +4271,7 @@ Daniel S (15 Nov 2007)
   list.
 
 - Michal Marek fixed the test suite to better deal with the case when the HTTP
-  ipv6 server can't run.
+  IPv6 server can't run.
 
 Yang Tse (14 Nov 2007)
 - Fix a variable potential wrapping in add_buffer() when using absolutely
@@ -6109,7 +6109,7 @@ Daniel (22 August 2006)
 - David McCreedy fixed a remaining mistake from the August 19 TYPE change.
 
 - Peter Sylvester pointed out a flaw in the AllowServerConnect() in the FTP
-  code when doing pure ipv6 EPRT connections.
+  code when doing pure IPv6 EPRT connections.
 
 Daniel (19 August 2006)
 - Based on a patch by Armel Asselin, the FTP code no longer re-issues the TYPE
@@ -6666,8 +6666,8 @@ Daniel (24 January 2006)
 
 Daniel (20 January 2006)
 - Duane Cathey was one of our friends who reported that curl -P [IP]
-  (CURLOPT_FTPPORT) didn't work for ipv6-enabed curls if the IP wasn't a
-  "native" IP while it works fine for ipv6-disabled builds!
+  (CURLOPT_FTPPORT) didn't work for IPv6-enabed curls if the IP wasn't a
+  "native" IP while it works fine for IPv6-disabled builds!
 
   In the process of fixing this, I removed the support for LPRT since I can't
   think of many reasons to keep doing it and asking on the mailing list didn't
@@ -6676,7 +6676,7 @@ Daniel (20 January 2006)
 
 Daniel (19 January 2006)
 - Jon Turner pointed out that doing -P [hostname] (CURLOPT_FTPPORT) with curl
-  (built ipv4-only) didn't work.
+  (built IPv4-only) didn't work.
 
 Daniel (18 January 2006)
 - As reported in bug #1408742 (http://curl.haxx.se/bug/view.cgi?id=1408742),
@@ -7557,7 +7557,7 @@ Daniel (29 March 2005)
 Daniel (16 March 2005)
 - Tru64 and some IRIX boxes seem to not like test 237 as it is. Their
   inet_addr() functions seems to use &255 on all numericals in a ipv4 dotted
-  address which makes a different failure... Now I've modified the ipv4
+  address which makes a different failure... Now I've modified the IPv4
   resolve code to use inet_pton() instead in an attempt to make these systems
   better detect this as a bad IP address rather than creating a toally bogus
   address that is then passed on and used.
@@ -7750,7 +7750,7 @@ Daniel (7 February 2005)
 
 Daniel (5 February 2005)
 - Eric Vergnaud found a use of an uninitialised variable in the ftp when doing
-  PORT on ipv6-enabled hosts.
+  PORT on IPv6-enabled hosts.
 
 - David Byron pointed out we could use BUFSIZE to read data (in
   lib/transfer.c) instead of using BUFSIZE -1.
@@ -7822,7 +7822,7 @@ Daniel (28 January 2005)
   8. fetch a URL from the same server as before (re-using the connection)
 
 - Stephen More pointed out that CURLOPT_FTPPORT and the -P option didn't work
-  when built ipv6-enabled. I've now made a fix for it. Writing test cases for
+  when built IPv6-enabled. I've now made a fix for it. Writing test cases for
   custom port hosts turned too tricky so unfortunately there's none.
 
 Daniel (25 January 2005)
@@ -8560,9 +8560,9 @@ Daniel (20 August 2004)
   byte file is downloaded.
 
 Daniel (18 August 2004)
-- Ling Thio pointed out that when libcurl is built ipv6-enabled, it still did
+- Ling Thio pointed out that when libcurl is built IPv6-enabled, it still did
   reverse DNS lookups when fed with a numerical IP-address (like
-  http://127.0.0.1/), although it doesn't when built ipv6-disabled. libcurl
+  http://127.0.0.1/), although it doesn't when built IPv6-disabled. libcurl
   should never do reverse lookups.
 
 Daniel (17 August 2004)
@@ -8714,7 +8714,7 @@ Daniel (27 June 2004)
 Daniel (24 June 2004)
 - The standard curl_version() string now only includes version info about
   involved libraries and not about particular features. Thus it will no longer
-  include info about ipv6 nor GSS. That info is of course still available in
+  include info about IPv6 nor GSS. That info is of course still available in
   the feature bitmask curl_version_info() offers.
 
 - Replaced all occurances of sprintf() with snprintf(). This is mostly because
@@ -8729,8 +8729,8 @@ Daniel (24 June 2004)
 
   Internally, this means amongst other things that we can stop doing the weird
   "increase buffer size until it works" trick when resolving hosts on
-  ipv4-only with gethostbyname_r(), we support socks even on libcurls built
-  with ipv6 enabled (but only to socks servers that resolve to an ipv4
+  IPv4-only with gethostbyname_r(), we support socks even on libcurls built
+  with IPv6 enabled (but only to socks servers that resolve to an IPv4
   address) and we no longer deep-copy or relocate hostent structs (we create
   Curl_addrinfo chains instead).
 
@@ -9074,7 +9074,7 @@ Daniel (27 April 2004)
   and proxy name to the ACE encoded version to use internally for resolves and
   cookies etc. They are now using one 'struct hostname' each that keep both
   the original name and the possibly encoded name. IDN resolves work for me
-  now using ipv6, ipv4 and ares resolving. Even cookies on IDN sites seem to
+  now using IPv6, IPv4 and ares resolving. Even cookies on IDN sites seem to
   do right. I got some failures at first when CHARSET wasn't set at all which
   confused libidn completely and it decided by encoding of choice was
   'ANSI_X3.4-1968'...
@@ -9115,7 +9115,7 @@ Daniel (25 April 2004)
 
   CURLRES_ARES - is defined if libcurl is built to use c-ares for asynchronous
   name resolves. It cannot have ENABLE_IPV6 defined at the same time, as
-  c-ares has no ipv6 support. This can be Windows or *nix.
+  c-ares has no IPv6 support. This can be Windows or *nix.
 
   CURLRES_THREADED - is defined if libcurl is built to run under (native)
   Windows, and then the name resolve will be done in a new thread, and the
@@ -9132,8 +9132,8 @@ Daniel (25 April 2004)
   hostsyn.c  - functions for synchronous name resolves
   hostares.c - functions for ares-using name resolves
   hostthre.c - functions for threaded name resolves
-  hostip4.c  - ipv4-specific functions
-  hostip6.c  - ipv6-specific functions
+  hostip4.c  - IPv4 specific functions
+  hostip6.c  - IPv6 specific functions
 
   The hostip.h is the single united header file for all this. It defines the
   CURLRES_* defines based on the config*.h and setup.h defines.
@@ -9225,7 +9225,7 @@ Daniel (15 April 2004)
   for the typical (not very deep) case.
 
 Daniel (14 April 2004)
-- Asking for CURL_IPRESOLVE_V6 when ipv6 addresses can't be resolved will
+- Asking for CURL_IPRESOLVE_V6 when IPv6 addresses can't be resolved will
   now cause the resolve function to return NULL immediately. This flaw was
   pointed out by Gisle Vanem.
 
@@ -9380,7 +9380,7 @@ Daniel (29 March 2004)
 - The postit2.c source example used the wrong struct name for the post data.
 
 Daniel (26 March 2004)
-- Gisle Vanem improved ipv6 support on windows by making the curl build to use
+- Gisle Vanem improved IPv6 support on Windows by making the curl build use
   the correct getaddrinfo() function.
 
 Daniel (25 March 2004)
@@ -9673,7 +9673,7 @@ Daniel (16 February 2004)
   and re-use that same handle during the entire curl handle's life-time. It
   improves performance.
 
-- Fixed a problem when displaying verbose for ipv6-enabled libcurls and
+- Fixed a problem when displaying verbose for IPv6-enabled libcurls and
   re-used connections. Problem reported and fix verified by Grigory Entin.
 
 - Jeff Lawson fixed the version-check in the SOCKS5 code.
@@ -9725,7 +9725,7 @@ Daniel (9 February 2004)
 
 - Tor Arntsen provided a patch that makes libcurl work-around a bug in the
   AIX5 implementation of getaddrinfo(). This makes the FTP PORT stuff work on
-  ipv6-enabled AIX builds.
+  IPv6-enabled AIX builds.
 
 - Ken Rastatter provided portability fixes for the curlgtk.c example, and now
   it runs on windows with GTK as well!
@@ -9754,7 +9754,7 @@ Daniel (5 February 2004)
   verifies this functionality.
 
 - Tor Arntsen fixed a weird getaddrinfo() usage in the FTP code, preventing
-  the ipv6-code for PORT work on AIX 5.2. We now also provide (better) error
+  the IPv6-code for PORT work on AIX 5.2. We now also provide (better) error
   messages when bailing out in the that function.
 
 - Tor Arntsen now provides AIX and IRIX (using gcc, xlc and the MIPSPro
@@ -10133,10 +10133,10 @@ Daniel (13 November)
   possibly other platforms too.
 
 - Peter Sylvester identified a problem in the connect code, which made the
-  multi interface on a ipv6-enabled solaris box do bad. Test case 504 to be
+  multi interface on a IPv6-enabled Solaris box do bad. Test case 504 to be
   specific. I've spent some time to clean-up the Curl_connecthost() function
-  now to use less duplicated code for the two different sections: ipv6 and
-  ipv4.
+  now to use less duplicated code for the two different sections: IPv6 and
+  IPv4.
 
 Daniel (11 November)
 - Added CURLOPT_NETRC_FILE. Use this to tell libcurl which file to use instead
@@ -10234,7 +10234,7 @@ Daniel (29 October)
 Daniel (28 October)
 - Dan C tracked down yet another weird behavior in the glibc gethostbyname_r()
   function for some specific versions (reported on 2.2.5 and 2.1.1), and
-  provided a fix. On Linux machines with these glibc versions, non-ipv6
+  provided a fix. On Linux machines with these glibc versions, non-IPv6
   builds of libcurl would often fail to resolve perfectly resolvable host
   names.
 
@@ -10353,7 +10353,7 @@ Version 7.10.8-pre3 (8 October 2003)
 
 Daniel (8 October)
 - Frank Ticheler provided a patch that fixes how libcurl connects to multiple
-  addresses, if one of them fails (ipv4-code).
+  addresses, if one of them fails (IPv4 code).
 
 Daniel (7 October)
 - Neil Dunbar provided a patch that now makes libcurl check SSL
@@ -11865,7 +11865,7 @@ Daniel (30 Sep 2002)
   updated the man page accordingly.
 
 - Cris Bailiff found out that the pre-releases crashed on name lookups on
-  names such as "a:" or "baz:" (on Linux versions not being ipv6-enabled) due
+  names such as "a:" or "baz:" (on Linux versions not being IPv6-enabled) due
   to some weird return codes from gethostbyname_r(). I'll blame the complete
   lack of docs in that department. Cris provided a fix, which I modified only
   slightly.
@@ -17598,7 +17598,7 @@ Version 4.8.4
  - As Julian Romero Nieto reported, curl reported wrong version number.
  - As Teemu Yli-Elsila pointed out, the win32 version of 4.8 (and probably all
    other versions for win32) didn't work with binary files since I'm too used
-   to the UNIX style fopen() where binary and text don't differ...
+   to the Unix style fopen() where binary and text don't differ...
  - Ralph Beckmann brought me some changes that lets curl compile error and
    warning free with -Wall -pedantic with g++. I also took the opportunity to
    clean off some unused variables and similar.
@@ -17851,7 +17851,7 @@ Version 2.7
    rewrite the former -l kludge in an external script that'll use urlget to
    fetch multipart files like that.
  - '-f' is introduced, it means Fail without output in case of HTTP server
-   errors (return code >=300).
+   errors (return code >=400).
  - Added support for -r, ranges. Specify which part of a document you
    want, and only that part is returned. Only with HTTP/1.1-servers.
  - Split up the source in 3 parts. Now all pure URL functions are in

CMake/Macros.cmake

@@ -1,18 +1,24 @@
 #File defines convenience macros for available feature testing
 
 # This macro checks if the symbol exists in the library and if it
-# does, it appends library to the list.
+# does, it prepends library to the list.  It is intended to be called
+# multiple times with a sequence of possibly dependent libraries in
+# order of least-to-most-dependent.  Some libraries depend on others
+# to link correctly.
 macro(CHECK_LIBRARY_EXISTS_CONCAT LIBRARY SYMBOL VARIABLE)
-  check_library_exists("${CURL_LIBS};${LIBRARY}" ${SYMBOL} "${CMAKE_LIBRARY_PATH}"
+  check_library_exists("${LIBRARY};${CURL_LIBS}" ${SYMBOL} "${CMAKE_LIBRARY_PATH}"
     ${VARIABLE})
   if(${VARIABLE})
-    list(APPEND CURL_LIBS ${LIBRARY})
+    set(CURL_LIBS ${LIBRARY} ${CURL_LIBS})
   endif(${VARIABLE})
 endmacro(CHECK_LIBRARY_EXISTS_CONCAT)
 
 # Check if header file exists and add it to the list.
+# This macro is intended to be called multiple times with a sequence of
+# possibly dependent header files.  Some headers depend on others to be
+# compiled correctly.
 macro(CHECK_INCLUDE_FILE_CONCAT FILE VARIABLE)
-  check_include_file("${FILE}" ${VARIABLE})
+  check_include_files("${CURL_INCLUDES};${FILE}" ${VARIABLE})
   if(${VARIABLE})
     set(CURL_INCLUDES ${CURL_INCLUDES} ${FILE})
     set(CURL_TEST_DEFINES "${CURL_TEST_DEFINES} -D${VARIABLE}")
@@ -21,7 +27,7 @@ endmacro(CHECK_INCLUDE_FILE_CONCAT)
 
 # For other curl specific tests, use this macro.
 macro(CURL_INTERNAL_TEST CURL_TEST)
-  if("${CURL_TEST}" MATCHES "^${CURL_TEST}$")
+  if(NOT DEFINED "${CURL_TEST}")
     set(MACRO_CHECK_FUNCTION_DEFINITIONS
       "-D${CURL_TEST} ${CURL_TEST_DEFINES} ${CMAKE_REQUIRED_FLAGS}")
     if(CMAKE_REQUIRED_LIBRARIES)
@@ -49,11 +55,11 @@ macro(CURL_INTERNAL_TEST CURL_TEST)
         "Performing Curl Test ${CURL_TEST} failed with the following output:\n"
         "${OUTPUT}\n")
     endif(${CURL_TEST})
-  endif("${CURL_TEST}" MATCHES "^${CURL_TEST}$")
+  endif()
 endmacro(CURL_INTERNAL_TEST)
 
 macro(CURL_INTERNAL_TEST_RUN CURL_TEST)
-  if("${CURL_TEST}_COMPILE" MATCHES "^${CURL_TEST}_COMPILE$")
+  if(NOT DEFINED "${CURL_TEST}_COMPILE")
     set(MACRO_CHECK_FUNCTION_DEFINITIONS
       "-D${CURL_TEST} ${CMAKE_REQUIRED_FLAGS}")
     if(CMAKE_REQUIRED_LIBRARIES)
@@ -85,5 +91,5 @@ macro(CURL_INTERNAL_TEST_RUN CURL_TEST)
       file(APPEND "${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeError.log"
         "\n\n")
     endif(${CURL_TEST}_COMPILE AND NOT ${CURL_TEST})
-  endif("${CURL_TEST}_COMPILE" MATCHES "^${CURL_TEST}_COMPILE$")
+  endif()
 endmacro(CURL_INTERNAL_TEST_RUN)

CMake/Platforms/WindowsCache.cmake

@@ -5,6 +5,7 @@ if(NOT UNIX)
     set(HAVE_LIBSOCKET 0)
     set(NOT_NEED_LIBNSL 0)
     set(HAVE_LIBNSL 0)
+    set(HAVE_GETHOSTNAME 1)
     set(HAVE_LIBZ 0)
     set(HAVE_LIBCRYPTO 0)
 

CMakeLists.txt

@@ -74,12 +74,17 @@ include_directories( ${CURL_SOURCE_DIR}/include )
 option(BUILD_CURL_EXE "Set to ON to build cURL executable." ON)
 option(BUILD_CURL_TESTS "Set to ON to build cURL tests." ON)
 option(CURL_STATICLIB "Set to ON to build libcurl with static linking." OFF)
-option(CURL_USE_ARES "Set to ON to enable c-ares support" OFF)
+option(ENABLE_ARES "Set to ON to enable c-ares support" OFF)
+option(ENABLE_THREADED_RESOLVER "Set to ON to enable POSIX threaded DNS lookup" OFF)
 # initialize CURL_LIBS
 set(CURL_LIBS "")
 
-if(CURL_USE_ARES)
-  set(USE_ARES ${CURL_USE_ARES})
+if(ENABLE_THREADED_RESOLVER AND ENABLE_ARES)
+  message(FATAL_ERROR "Options ENABLE_THREADED_RESOLVER and ENABLE_ARES are mutually exclusive")
+endif()
+
+if(ENABLE_ARES)
+  set(USE_ARES 1)
   find_package(CARES REQUIRED)
   list(APPEND CURL_LIBS ${CARES_LIBRARY} )
   set(CURL_LIBS ${CURL_LIBS} ${CARES_LIBRARY})
@@ -236,6 +241,18 @@ if(WIN32)
   include(${CMAKE_CURRENT_SOURCE_DIR}/CMake/Platforms/WindowsCache.cmake)
 endif(WIN32)
 
+if(ENABLE_THREADED_RESOLVER)
+  check_include_file_concat("pthread.h" HAVE_PTHREAD_H)
+  if(HAVE_PTHREAD_H)
+    set(CMAKE_THREAD_PREFER_PTHREAD 1)
+    find_package(Threads)
+    if(CMAKE_USE_PTHREADS_INIT)
+      set(CURL_LIBS ${CURL_LIBS} ${CMAKE_THREAD_LIBS_INIT})
+      set(USE_THREADS_POSIX 1)
+    endif()
+  endif()
+endif()
+
 # Check for all needed libraries
 check_library_exists_concat("dl"     dlopen       HAVE_LIBDL)
 check_library_exists_concat("socket" connect      HAVE_LIBSOCKET)
@@ -252,6 +269,8 @@ if(NOT NOT_NEED_LIBNSL)
   check_library_exists_concat("nsl"    gethostbyname  HAVE_LIBNSL)
 endif(NOT NOT_NEED_LIBNSL)
 
+check_function_exists(gethostname HAVE_GETHOSTNAME)
+
 if(WIN32)
   check_library_exists_concat("ws2_32" getch        HAVE_LIBWS2_32)
   check_library_exists_concat("winmm"  getch        HAVE_LIBWINMM)
@@ -508,6 +527,14 @@ if(CMAKE_USE_GSSAPI)
   endif()
 endif()
 
+option(ENABLE_UNIX_SOCKETS "Define if you want Unix domain sockets support" ON)
+if(ENABLE_UNIX_SOCKETS)
+  include(CheckStructHasMember)
+  check_struct_has_member("struct sockaddr_un" sun_path "sys/un.h" USE_UNIX_SOCKETS)
+else()
+  unset(USE_UNIX_SOCKETS CACHE)
+endif()
+
 # Check for header files
 if(NOT UNIX)
   check_include_file_concat("ws2tcpip.h"     HAVE_WS2TCPIP_H)
@@ -1001,9 +1028,7 @@ _add_if("SSL"           SSL_ENABLED)
 _add_if("IPv6"          ENABLE_IPV6)
 _add_if("unix-sockets"  USE_UNIX_SOCKETS)
 _add_if("libz"          HAVE_LIBZ)
-find_package(Threads)
-# AsynchDNS depends or USE_ARES or pthreads (mutually exclusive)
-_add_if("AsynchDNS"     USE_ARES OR CMAKE_USE_PTHREADS_INIT)
+_add_if("AsynchDNS"     USE_ARES OR USE_THREADS_POSIX)
 _add_if("IDN"           HAVE_LIBIDN)
 # TODO SSP1 (WinSSL) check is missing
 _add_if("SSPI"          USE_WINDOWS_SSPI)
@@ -1011,13 +1036,15 @@ _add_if("GSS-API"       HAVE_GSS_API)
 # TODO SSP1 missing for SPNEGO
 _add_if("SPNEGO"        NOT CURL_DISABLE_CRYPTO_AUTH AND
                         (HAVE_GSS_API OR USE_WINDOWS_SSPI))
+_add_if("Kerberos"      NOT CURL_DISABLE_CRYPTO_AUTH AND
+                        (HAVE_GSS_API OR USE_WINDOWS_SSPI))
 # NTLM support requires crypto function adaptions from various SSL libs
 # TODO alternative SSL libs tests for SSP1, GNUTLS, NSS, DARWINSSL
-if(NOT CURL_DISABLE_HTTP AND NOT CURL_DISABLE_CRYPTO_AUTH AND (USE_OPENSSL OR
+if(NOT CURL_DISABLE_CRYPTO_AUTH AND (USE_OPENSSL OR
    USE_WINDOWS_SSPI OR GNUTLS_ENABLED OR NSS_ENABLED OR DARWINSSL_ENABLED))
   _add_if("NTLM"        1)
   # TODO missing option (autoconf: --enable-ntlm-wb)
-  _add_if("NTLM_WB"     NTLM_WB_ENABLED)
+  _add_if("NTLM_WB"     NOT CURL_DISABLE_HTTP AND NTLM_WB_ENABLED)
 endif()
 # TODO missing option (--enable-tls-srp), depends on GNUTLS_SRP/OPENSSL_SRP
 _add_if("TLS-SRP"       USE_TLS_SRP)

COPYING

@@ -1,6 +1,6 @@
 COPYRIGHT AND PERMISSION NOTICE
 
-Copyright (c) 1996 - 2014, Daniel Stenberg, <daniel@haxx.se>.
+Copyright (c) 1996 - 2015, Daniel Stenberg, <daniel@haxx.se>.
 
 All rights reserved.
 

Makefile.dist

@@ -130,6 +130,42 @@ vc-x64: $(VC)
 	cd ..\src
 	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release
 
+vc-sspi: $(VC)
+	cd lib
+	nmake /f Makefile.$(VC) cfg=release WINDOWS_SSPI=1
+	cd ..\src
+	nmake /f Makefile.$(VC) cfg=release WINDOWS_SSPI=1
+
+vc-x64-sspi: $(VC)
+	cd lib
+	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release WINDOWS_SSPI=1
+	cd ..\src
+	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release WINDOWS_SSPI=1
+
+vc-idn: $(VC)
+	cd lib
+	nmake /f Makefile.$(VC) cfg=release USE_IDN=1
+	cd ..\src
+	nmake /f Makefile.$(VC) cfg=release USE_IDN=1
+
+vc-x64-idn: $(VC)
+	cd lib
+	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release USE_IDN=1
+	cd ..\src
+	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release USE_IDN=1
+
+vc-idn-sspi: $(VC)
+	cd lib
+	nmake /f Makefile.$(VC) cfg=release USE_IDN=1 WINDOWS_SSPI=1
+	cd ..\src
+	nmake /f Makefile.$(VC) cfg=release USE_IDN=1 WINDOWS_SSPI=1
+
+vc-x64-idn-sspi: $(VC)
+	cd lib
+	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release USE_IDN=1 WINDOWS_SSPI=1
+	cd ..\src
+	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release USE_IDN=1 WINDOWS_SSPI=1
+
 vc-zlib: $(VC)
 	cd lib
 	nmake /f Makefile.$(VC) cfg=release-zlib
@@ -142,29 +178,89 @@ vc-x64-zlib: $(VC)
 	cd ..\src
 	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-zlib
 
+vc-zlib-sspi: $(VC)
+	cd lib
+	nmake /f Makefile.$(VC) cfg=release-zlib WINDOWS_SSPI=1
+	cd ..\src
+	nmake /f Makefile.$(VC) cfg=release-zlib WINDOWS_SSPI=1
+
+vc-x64-zlib-sspi: $(VC)
+	cd lib
+	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-zlib WINDOWS_SSPI=1
+	cd ..\src
+	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-zlib WINDOWS_SSPI=1
+
+vc-zlib-idn: $(VC)
+	cd lib
+	nmake /f Makefile.$(VC) cfg=release-zlib USE_IDN=1
+	cd ..\src
+	nmake /f Makefile.$(VC) cfg=release-zlib USE_IDN=1
+
+vc-x64-zlib-idn: $(VC)
+	cd lib
+	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-zlib USE_IDN=1
+	cd ..\src
+	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-zlib USE_IDN=1
+
+vc-zlib-idn-sspi: $(VC)
+	cd lib
+	nmake /f Makefile.$(VC) cfg=release-zlib USE_IDN=1 WINDOWS_SSPI=1
+	cd ..\src
+	nmake /f Makefile.$(VC) cfg=release-zlib USE_IDN=1 WINDOWS_SSPI=1
+
+vc-x64-zlib-idn-sspi: $(VC)
+	cd lib
+	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-zlib USE_IDN=1 WINDOWS_SSPI=1
+	cd ..\src
+	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-zlib USE_IDN=1 WINDOWS_SSPI=1
+
 vc-ssl: $(VC)
 	cd lib
 	nmake /f Makefile.$(VC) cfg=release-ssl
 	cd ..\src
 	nmake /f Makefile.$(VC) cfg=release-ssl
 
-vc-winssl: $(VC)
-	cd lib
-	nmake /f Makefile.$(VC) cfg=release-winssl WINDOWS_SSPI=1
-	cd ..\src
-	nmake /f Makefile.$(VC) cfg=release-winssl WINDOWS_SSPI=1
-
 vc-x64-ssl: $(VC)
 	cd lib
 	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-ssl
 	cd ..\src
 	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-ssl
 
-vc-x64-winssl: $(VC)
+vc-ssl-sspi: $(VC)
 	cd lib
-	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-winssl WINDOWS_SSPI=1
+	nmake /f Makefile.$(VC) cfg=release-ssl WINDOWS_SSPI=1
 	cd ..\src
-	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-winssl WINDOWS_SSPI=1
+	nmake /f Makefile.$(VC) cfg=release-ssl WINDOWS_SSPI=1
+
+vc-x64-ssl-sspi: $(VC)
+	cd lib
+	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-ssl WINDOWS_SSPI=1
+	cd ..\src
+	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-ssl WINDOWS_SSPI=1
+
+vc-ssl-idn: $(VC)
+	cd lib
+	nmake /f Makefile.$(VC) cfg=release-ssl USE_IDN=1
+	cd ..\src
+	nmake /f Makefile.$(VC) cfg=release-ssl USE_IDN=1
+
+vc-x64-ssl-idn: $(VC)
+	cd lib
+	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-ssl USE_IDN=1
+	cd ..\src
+	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-ssl USE_IDN=1
+
+vc-ssl-idn-sspi: $(VC)
+	cd lib
+	nmake /f Makefile.$(VC) cfg=release-ssl USE_IDN=1 WINDOWS_SSPI=1
+	cd ..\src
+	nmake /f Makefile.$(VC) cfg=release-ssl USE_IDN=1 WINDOWS_SSPI=1
+
+vc-x64-ssl-idn-sspi: $(VC)
+	cd lib
+	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-ssl USE_IDN=1 WINDOWS_SSPI=1
+	cd ..\src
+	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-ssl USE_IDN=1 WINDOWS_SSPI=1
 
 vc-ssl-zlib: $(VC)
 	cd lib
@@ -172,35 +268,143 @@ vc-ssl-zlib: $(VC)
 	cd ..\src
 	nmake /f Makefile.$(VC) cfg=release-ssl-zlib
 
-vc-ssl-ssh2-zlib: $(VC)
-	cd lib
-	nmake /f Makefile.$(VC) cfg=release-ssl-ssh2-zlib
-	cd ..\src
-	nmake /f Makefile.$(VC) cfg=release-ssl-ssh2-zlib
-
-vc-winssl-zlib: $(VC)
-	cd lib
-	nmake /f Makefile.$(VC) cfg=release-winssl-zlib
-	cd ..\src
-	nmake /f Makefile.$(VC) cfg=release-winssl-zlib
-
 vc-x64-ssl-zlib: $(VC)
 	cd lib
 	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-ssl-zlib
 	cd ..\src
 	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-ssl-zlib
 
+vc-ssl-zlib-sspi: $(VC)
+	cd lib
+	nmake /f Makefile.$(VC) cfg=release-ssl-zlib WINDOWS_SSPI=1
+	cd ..\src
+	nmake /f Makefile.$(VC) cfg=release-ssl-zlib WINDOWS_SSPI=1
+
+vc-x64-ssl-zlib-sspi: $(VC)
+	cd lib
+	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-ssl-zlib WINDOWS_SSPI=1
+	cd ..\src
+	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-ssl-zlib WINDOWS_SSPI=1
+
+vc-ssl-zlib-idn: $(VC)
+	cd lib
+	nmake /f Makefile.$(VC) cfg=release-ssl-zlib USE_IDN=1
+	cd ..\src
+	nmake /f Makefile.$(VC) cfg=release-ssl-zlib USE_IDN=1
+
+vc-x64-ssl-zlib-idn: $(VC)
+	cd lib
+	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-ssl-zlib USE_IDN=1
+	cd ..\src
+	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-ssl-zlib USE_IDN=1
+
+vc-ssl-zlib-idn-sspi: $(VC)
+	cd lib
+	nmake /f Makefile.$(VC) cfg=release-ssl-zlib USE_IDN=1 WINDOWS_SSPI=1
+	cd ..\src
+	nmake /f Makefile.$(VC) cfg=release-ssl-zlib USE_IDN=1 WINDOWS_SSPI=1
+
+vc-x64-ssl-zlib-idn-sspi: $(VC)
+	cd lib
+	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-ssl-zlib USE_IDN=1 WINDOWS_SSPI=1
+	cd ..\src
+	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-ssl-zlib USE_IDN=1 WINDOWS_SSPI=1
+
+vc-ssl-ssh2-zlib: $(VC)
+	cd lib
+	nmake /f Makefile.$(VC) cfg=release-ssl-ssh2-zlib
+	cd ..\src
+	nmake /f Makefile.$(VC) cfg=release-ssl-ssh2-zlib
+
 vc-x64-ssl-ssh2-zlib: $(VC)
 	cd lib
 	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-ssl-ssh2-zlib
 	cd ..\src
 	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-ssl-ssh2-zlib
 
+vc-ssl-ssh2-zlib-sspi: $(VC)
+	cd lib
+	nmake /f Makefile.$(VC) cfg=release-ssl-ssh2-zlib WINDOWS_SSPI=1
+	cd ..\src
+	nmake /f Makefile.$(VC) cfg=release-ssl-ssh2-zlib WINDOWS_SSPI=1
+
+vc-x64-ssl-ssh2-zlib-sspi: $(VC)
+	cd lib
+	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-ssl-ssh2-zlib WINDOWS_SSPI=1
+	cd ..\src
+	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-ssl-ssh2-zlib WINDOWS_SSPI=1
+
+vc-ssl-ssh2-zlib-idn: $(VC)
+	cd lib
+	nmake /f Makefile.$(VC) cfg=release-ssl-ssh2-zlib USE_IDN=1
+	cd ..\src
+	nmake /f Makefile.$(VC) cfg=release-ssl-ssh2-zlib USE_IDN=1
+
+vc-x64-ssl-ssh2-zlib-idn: $(VC)
+	cd lib
+	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-ssl-ssh2-zlib USE_IDN=1
+	cd ..\src
+	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-ssl-ssh2-zlib USE_IDN=1
+
+vc-ssl-ssh2-zlib-idn-sspi: $(VC)
+	cd lib
+	nmake /f Makefile.$(VC) cfg=release-ssl-ssh2-zlib USE_IDN=1 WINDOWS_SSPI=1
+	cd ..\src
+	nmake /f Makefile.$(VC) cfg=release-ssl-ssh2-zlib USE_IDN=1 WINDOWS_SSPI=1
+
+vc-x64-ssl-ssh2-zlib-idn-sspi: $(VC)
+	cd lib
+	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-ssl-ssh2-zlib USE_IDN=1 WINDOWS_SSPI=1
+	cd ..\src
+	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-ssl-ssh2-zlib USE_IDN=1 WINDOWS_SSPI=1
+
+vc-winssl: $(VC)
+	cd lib
+	nmake /f Makefile.$(VC) cfg=release-winssl WINDOWS_SSPI=1
+	cd ..\src
+	nmake /f Makefile.$(VC) cfg=release-winssl WINDOWS_SSPI=1
+
+vc-x64-winssl: $(VC)
+	cd lib
+	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-winssl WINDOWS_SSPI=1
+	cd ..\src
+	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-winssl WINDOWS_SSPI=1
+
+vc-winssl-idn: $(VC)
+	cd lib
+	nmake /f Makefile.$(VC) cfg=release-winssl USE_IDN=1 WINDOWS_SSPI=1
+	cd ..\src
+	nmake /f Makefile.$(VC) cfg=release-winssl USE_IDN=1 WINDOWS_SSPI=1
+
+vc-x64-winssl-idn: $(VC)
+	cd lib
+	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-winssl USE_IDN=1 WINDOWS_SSPI=1
+	cd ..\src
+	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-winssl USE_IDN=1 WINDOWS_SSPI=1
+
+vc-winssl-zlib: $(VC)
+	cd lib
+	nmake /f Makefile.$(VC) cfg=release-winssl-zlib WINDOWS_SSPI=1
+	cd ..\src
+	nmake /f Makefile.$(VC) cfg=release-winssl-zlib WINDOWS_SSPI=1
+
 vc-x64-winssl-zlib: $(VC)
 	cd lib
-	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-winssl-zlib
+	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-winssl-zlib WINDOWS_SSPI=1
 	cd ..\src
-	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-winssl-zlib
+	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-winssl-zlib WINDOWS_SSPI=1
+
+vc-winssl-zlib-idn: $(VC)
+	cd lib
+	nmake /f Makefile.$(VC) cfg=release-winssl-zlib USE_IDN=1 WINDOWS_SSPI=1
+	cd ..\src
+	nmake /f Makefile.$(VC) cfg=release-winssl-zlib USE_IDN=1 WINDOWS_SSPI=1
+
+vc-x64-winssl-zlib-idn: $(VC)
+	cd lib
+	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-winssl-zlib USE_IDN=1 WINDOWS_SSPI=1
+	cd ..\src
+	nmake /f Makefile.$(VC) MACHINE=x64 cfg=release-winssl-zlib USE_IDN=1 WINDOWS_SSPI=1
 
 vc-ssl-dll: $(VC)
 	cd lib
@@ -244,12 +448,6 @@ vc-zlib-dll: $(VC)
 	cd ..\src
 	nmake /f Makefile.$(VC) cfg=release-zlib-dll
 
-vc-sspi: $(VC)
-	cd lib
-	nmake /f Makefile.$(VC) cfg=release WINDOWS_SSPI=1
-	cd ..\src
-	nmake /f Makefile.$(VC) cfg=release WINDOWS_SSPI=1
-
 djgpp:
 	$(MAKE) -C lib -f Makefile.dj
 	$(MAKE) -C src -f Makefile.dj

RELEASE-NOTES

@@ -1,88 +1,146 @@
-Curl and libcurl 7.39.0
+Curl and libcurl 7.40.0
 
- Public curl releases:         142
+ Public curl releases:         143
  Command line options:         162
  curl_easy_setopt() options:   208
  Public functions in libcurl:  58
- Contributors:                 1216
+ Contributors:                 1219
 
 This release includes the following changes:
 
- o SSLv3 is disabled by default
- o CURLOPT_COOKIELIST: Added "RELOAD" command [5]
- o build: Added WinIDN build configuration options to Visual Studio projects
- o ssh: improve key file search
- o SSL: public key pinning. Use CURLOPT_PINNEDPUBLICKEY and --pinnedpubkey
- o vtls: remove QsoSSL support, use gskit!
- o mk-ca-bundle: added SHA-384 signature algorithm
- o docs: added many examples for libcurl opts and other doc improvements
- o build: Added VC ssh2 target to main Makefile
- o MinGW: Added support to build with nghttp2
- o NetWare: Added support to build with nghttp2
- o build: added Watcom support to build with WinSSL
- o build: Added optional specific version generation of VC project files
+ o http_digest: Added support for Windows SSPI based authentication
+ o version info: Added Kerberos V5 to the supported features
+ o Makefile: Added VC targets for WinIDN
+ o config-win32: Introduce build targets for VS2012+
+ o SSL: Add PEM format support for public key pinning
+ o smtp: Added support for the conversion of Unix newlines during mail send [8]
+ o smb: Added initial support for the SMB/CIFS protocol
+ o Added support for HTTP over unix domain sockets, via
+   CURLOPT_UNIX_SOCKET_PATH and --unix-socket
+ o sasl: Added support for GSS-API based Kerberos V5 authentication
 
 This release includes the following bugfixes:
 
- o curl_easy_duphandle: CURLOPT_COPYPOSTFIELDS read out of bounds [9]
- o openssl: build fix for versions < 0.9.8e [1]
- o newlines: fix mixed newlines to LF-only [2]
- o ntlm: Fixed HTTP proxy authentication when using Windows SSPI [3]
- o sasl_sspi: Fixed Unicode build [4]
- o file: reject paths using embedded %00
- o threaded-resolver: revert Curl_expire_latest() switch [6]
- o configure: allow --with-ca-path with PolarSSL too
- o HTTP/2: Fix busy loop when EOF is encountered
- o CURLOPT_CAPATH: return failure if set without backend support
- o nss: do not fail if a CRL is already cached
- o smtp: Fixed intermittent "SSL3_WRITE_PENDING: bad write retry" error
- o fixed 20+ nits/memory leaks identified by Coverity scans
- o curl_schannel.c: Fixed possible memory or handle leak
- o multi-uv.c: call curl_multi_info_read() better
- o Cmake: Check for OpenSSL before OpenLDAP
- o Cmake: Fix library list provided to cURL tests
- o Cmake: Avoid cycle directory dependencies
- o Cmake: Build with GSS-API libraries (MIT or Heimdal)
- o vtls: provide backend defines for internal source code
- o nss: fix a connection failure when FTPS handle is reused
- o tests/http_pipe.py: Python 3 support
- o cmake: build tool_hugehelp (ENABLE_MANUAL)
- o cmake: enable IPv6 by default if available
- o tests: move TESTCASES to Makefile.inc, add show for cmake
- o ntlm: Avoid unnecessary buffer allocation for SSPI based type-2 token
- o ntlm: Fixed empty/bad base-64 decoded buffer return codes
- o ntlm: Fixed empty type-2 decoded message info text
- o cmake: add CMake/Macros.cmake to the release tarball
- o cmake: add SUPPORT_FEATURES and SUPPORT_PROTOCOLS
- o cmake: use LIBCURL_VERSION from curlver.h
- o cmake: generate pkg-config and curl-config
- o fixed several superfluous variable assignements identified by cppcheck
- o cleanup of 'CURLcode result' return code
- o pipelining: only output "is not blacklisted" in debug builds
- o SSL: Remove SSLv3 from SSL default due to POODLE attack
- o gskit.c: remove SSLv3 from SSL default
- o darwinssl: detect possible future removal of SSLv3 from the framework
- o ntlm: Only define ntlm data structure when USE_NTLM is defined
- o ntlm: Return CURLcode from Curl_ntlm_core_mk_lm_hash()
- o ntlm: Return all errors from Curl_ntlm_core_mk_nt_hash()
- o sspi: Only call CompleteAuthToken() when complete is needed
- o http_negotiate: Fixed missing check for USE_SPNEGO
- o HTTP: return larger than 3 digit response codes too [7]
- o openssl: Check for NPN / ALPN via OpenSSL version number
- o openssl: enable NPN separately from ALPN
- o sasl_sspi: Allow DIGEST-MD5 to use current windows credentials
- o sspi: Return CURLE_LOGIN_DENIED on AcquireCredentialsHandle() failure
- o resume: consider a resume from [content-length] to be OK [8]
- o sasl: Fixed Kerberos V5 inclusion when CURL_DISABLE_CRYPTO_AUTH is used
- o build-openssl.bat: Fix x64 release build
- o cmake: drop _BSD_SOURCE macro usage
- o cmake: fix gethostby{addr,name}_r in CurlTests
- o cmake: clean OtherTests, fixing -Werror
- o cmake: fix struct sockaddr_storage check
- o Curl_single_getsock: fix hold/pause sock handling
- o SSL: PolarSSL default min SSL version TLS 1.0
- o cmake: fix ZLIB_INCLUDE_DIRS use [10]
- o buildconf: stop checking for libtool
+ o darwinssl: fix session ID keys to only reuse identical sessions [18]
+ o url-parsing: reject CRLFs within URLs [19]
+ o OS400: Adjust specific support to last release
+ o THANKS: Remove duplicate names
+ o url.c: Fixed compilation warning
+ o ssh: Fixed build on platforms where R_OK is not defined [1]
+ o tool_strdup.c: include the tool strdup.h
+ o build: Fixed Visual Studio project file generation of strdup.[c|h]
+ o curl_easy_setopt.3: add CURLOPT_PINNEDPUBLICKEY [2]
+ o curl.1: show zone index use in a URL
+ o mk-ca-bundle.vbs: switch to new certdata.txt url
+ o Makefile.dist: Added some missing SSPI configurations
+ o build: Fixed no NTLM support for email when CURL_DISABLE_HTTP is defined
+ o SSH: use the port number as well for known_known checks [3]
+ o libssh2: detect features based on version, not configure checks
+ o http2: Deal with HTTP/2 data inside Upgrade response header buffer [4]
+ o multi: removed Curl_multi_set_easy_connection
+ o symbol-scan.pl: do not require autotools
+ o cmake: add ENABLE_THREADED_RESOLVER, rename ARES
+ o cmake: build libhostname for test suite
+ o cmake: fix HAVE_GETHOSTNAME definition
+ o tests: fix libhostname visibility
+ o tests: fix memleak in server/resolve.c
+ o vtls.h: Fixed compiler warning when compiled without SSL
+ o CMake: Restore order-dependent header checks
+ o CMake: Restore order-dependent library checks
+ o tool: Removed krb4 from the supported features
+ o http2: Don't send Upgrade headers when we already do HTTP/2
+ o examples: Don't call select() to sleep on windows [6]
+ o win32: Updated some legacy APIs to use the newer extended versions [5]
+ o easy.c: Fixed compilation warning when no verbose string support
+ o connect.c: Fixed compilation warning when no verbose string support
+ o build: in Makefile.m32 pass -F flag to windres
+ o build: in Makefile.m32 add -m32 flag for 32bit
+ o multi: when leaving for timeout, close accordingly
+ o CMake: Simplify if() conditions on check result variables
+ o build: in Makefile.m32 try to detect 64bit target
+ o multi: inform about closed sockets before they are closed
+ o multi-uv.c: close the file handle after download
+ o examples: Wait recommended 100ms when no file descriptors are ready
+ o ntlm: Split the SSPI based messaging code from the native messaging code
+ o cmake: fix NTLM detection when CURL_DISABLE_HTTP defined
+ o cmake: add Kerberos to the supported feature
+ o CURLOPT_POSTFIELDS.3: mention the COPYPOSTFIELDS option
+ o http: Disable pipelining for HTTP/2 and upgraded connections
+ o ntlm: Fixed static'ness of local decode function
+ o sasl: Reduced the need for two sets of NTLM messaging functions
+ o multi.c: Fixed compilation warnings when no verbose string support
+ o select.c: fix compilation for VxWorks [7]
+ o multi-single.c: switch to use curl_multi_wait
+ o curl_multi_wait.3: clarify numfds being used if not NULL
+ o http.c: Fixed compilation warnings from features being disabled
+ o NSS: enable the CAPATH option [9]
+ o docs: Fix FAILONERROR typos
+ o HTTP: don't abort connections with pending Negotiate authentication
+ o HTTP: Free (proxy)userpwd for NTLM/Negotiate after sending a request
+ o http_perhapsrewind: don't abort CONNECT requests
+ o build: updated dependencies in makefiles
+ o multi.c: Fixed compilation warning
+ o ftp.c: Fixed compilation warnings when proxy support disabled
+ o get_url_file_name: Fixed crash on OOM on debug build
+ o cookie.c: Refactored cleanup code to simplify
+ o OS400: enable NTLM authentication
+ o ntlm: Use Windows Crypt API
+ o http2: avoid logging neg "failure" if h2 was not requested
+ o schannel_recv: return the correct code [10]
+ o VC build: added sspi define for winssl-zlib builds
+ o Curl_client_write(): chop long data, convert data only once
+ o openldap: do not ignore Curl_client_write() return code
+ o ldap: check Curl_client_write() return codes
+ o parsedate.c: Fixed compilation warning
+ o url.c: Fixed compilation warning when USE_NTLM is not defined
+ o ntlm_wb_response: fix "statement not reached" [11]
+ o telnet: fix "cast increases required alignment of target type"
+ o smtp: Fixed dot stuffing when EOL characters at end of input buffers [12]
+ o ntlm: Allow NTLM2Session messages when USE_NTRESPONSES manually defined
+ o ntlm: Disable NTLM v2 when 64-bit integers are not supported
+ o ntlm: Use short integer when decoding 16-bit values
+ o ftp.c: Fixed compilation warning when no verbose string support
+ o synctime.c: fixed timeserver URLs
+ o mk-ca-bundle.pl: restored forced run again
+ o ntlm: Fixed return code for bad type-2 Target Info
+ o curl_schannel.c: Data may be available before connection shutdown
+ o curl_schannel: Improvements to memory re-allocation strategy [13]
+ o darwinssl: aprintf() to allocate the session key
+ o tool_util.c: Use GetTickCount64 if it is available
+ o lib: Fixed multiple code analysis warnings if SAL are available
+ o tool_binmode.c: Explicitly ignore the return code of setmode
+ o tool_urlglob.c: Silence warning C6293: Ill-defined for-loop
+ o opts: Warn CURLOPT_TIMEOUT overrides when set after CURLOPT_TIMEOUT_MS
+ o SFTP: work-around servers that return zero size on STAT [14]
+ o connect: singleipconnect(): properly try other address families after failure
+ o IPV6: address scope != scope id [15]
+ o parseurlandfillconn(): fix improper non-numeric scope_id stripping [16]
+ o secureserver.pl: make OpenSSL CApath and cert absolute path values
+ o secureserver.pl: update Windows detection and fix path conversion
+ o secureserver.pl: clean up formatting of config and fix verbose output
+ o tests: Added Windows support using Cygwin-based OpenSSH
+ o sockfilt.c: use non-Ex functions that are available before WinXP
+ o VMS: Updates for 0740-0D1220
+ o openssl: warn for SRP set if SSLv3 is used, not for TLS version
+ o openssl: make it compile against openssl 1.1.0-DEV master branch
+ o openssl: fix SSL/TLS versions in verbose output
+ o curl: show size of inhibited data when using -v
+ o build: Removed WIN32 definition from the Visual Studio projects
+ o build: Removed WIN64 definition from the libcurl Visual Studio projects
+ o vtls: Use bool for Curl_ssl_getsessionid() return type
+ o sockfilt.c: Replace 100ms sleep with thread throttle
+ o sockfilt.c: Reduce the number of individual memory allocations
+ o vtls: Don't set cert info count until memory allocation is successful
+ o nss: Don't ignore Curl_ssl_init_certinfo() OOM failure
+ o nss: Don't ignore Curl_extract_certinfo() OOM failure
+ o vtls: Fixed compilation warning and an ignored return code
+ o sockfilt.c: Fixed compilation warnings
+ o darwinssl: Fixed compilation warning
+ o vtls: Use '(void) arg' for unused parameters
+ o sepheaders.c: Fixed resource leak on failure
+ o lib1900.c: Fixed cppcheck error [17]
+ o ldap: Fixed Unicode connection details in Win32 initialsation / bind calls
+ o ldap: Fixed Unicode DN, attributes and filter in Win32 search calls
 
 This release includes the following known bugs:
 
@@ -91,26 +149,35 @@ This release includes the following known bugs:
 This release would not have looked like this without help, code, reports and
 advice from friends like these:
 
-  Askar Safin, Balaji Salunke, Bill Nagel, Bruno Thomsen, Carlo Wood,
-  Catalin Patulea, Dan Fandrich, Daniel Stenberg, Dimitar Boevski, Fabian Keil,
-  Guenter Knauf, Jakub Zakrzewski, Jeremy Lin, Jonathan Cardoso Machado,
-  Kamil Dudka, K. R. Walker, Luan Cestari, Lucas Pardue, Marcel Raad,
-  Marc Hoersken, Michael Wallner, Nick Zitzmann, Patrick Monnerat,
-  Paul Howarth, Peter Wu, Ray Satiro, Steve Holme, Symeon Paraschoudis,
-  Tatsuhiro Tsujikawa, Ulrich Telle, Viktor Szakáts, Waldek Kozba,
-  Yousuke Kimoto,
+  Andrey Labunets, Anthon Pang, Bill Nagel, Brad Harder, Brad King, Carlo Wood,
+  Christian Hägele, Dan Fandrich, Daniel Stenberg, Dave Reisner, Frank Gevaerts,
+  Gisle Vanem, Guenter Knauf, Jan Ehrhardt, Johan Lantz, John E. Malmberg,
+  Jon Spencer, Julien Nabet, Kamil Dudka, Kyle J. McKay, Lucas Pardue,
+  Marc Hesse, Marc Hoersken, Marc Renault, Michael Osipov, Nick Zitzmann,
+  Nobuhiro Ban, Patrick Monnerat, Peter Wu, Ray Satiro, Sam Hurst,
+  Stefan Bühler, Stefan Neis, Steve Holme, Tae Hyoung Ahn, Tatsuhiro Tsujikawa,
+  Tomasz Kojm, Tor Arntsen, Waldek Kozba, Warren Menzer
 
         Thanks! (and sorry if I forgot to mention someone)
 
 References to bug reports and discussions on issues:
 
- [1] = http://curl.haxx.se/mail/lib-2014-09/0064.html
- [2] = http://curl.haxx.se/mail/lib-2014-09/0075.html
- [3] = http://curl.haxx.se/mail/lib-2014-08/0273.html
- [4] = http://curl.haxx.se/bug/view.cgi?id=1422
- [5] = http://curl.haxx.se/libcurl/c/CURLOPT_COOKIELIST.html
- [6] = http://curl.haxx.se/bug/view.cgi?id=1426
- [7] = http://curl.haxx.se/bug/view.cgi?id=1441
- [8] = http://curl.haxx.se/bug/view.cgi?id=1443
- [9] = http://curl.haxx.se/docs/adv_20141105.html
- [10] = https://github.com/bagder/curl/pull/123
+ [1] = http://curl.haxx.se/mail/lib-2014-11/0035.html
+ [2] = http://curl.haxx.se/mail/lib-2014-11/0078.html
+ [3] = http://curl.haxx.se/bug/view.cgi?id=1448
+ [4] = https://github.com/tatsuhiro-t/nghttp2/issues/103
+ [5] = http://sourceforge.net/p/curl/feature-requests/82/
+ [6] = http://curl.haxx.se/mail/lib-2014-11/0221.html
+ [7] = http://curl.haxx.se/bug/view.cgi?id=1455
+ [8] = http://curl.haxx.se/bug/view.cgi?id=1456
+ [9] = http://curl.haxx.se/bug/view.cgi?id=1457
+ [10] = http://curl.haxx.se/bug/view.cgi?id=1462
+ [11] = http://curl.haxx.se/mail/lib-2014-12/0089.html
+ [12] = http://curl.haxx.se/bug/view.cgi?id=1456
+ [13] = http://curl.haxx.se/bug/view.cgi?id=1450
+ [14] = http://curl.haxx.se/mail/lib-2014-12/0103.html
+ [15] = http://curl.haxx.se/bug/view.cgi?id=1451
+ [16] = http://curl.haxx.se/bug/view.cgi?id=1449
+ [17] = https://github.com/bagder/curl/pull/133
+ [18] = http://curl.haxx.se/docs/adv_20150108A.html
+ [19] = http://curl.haxx.se/docs/adv_20150108B.html

TODO-RELEASE

@@ -1,4 +0,0 @@
-To be addressed in ...
-=======================
-
-327 - 

configure.ac

@@ -154,6 +154,7 @@ dnl initialize all the info variables
 curl_tls_srp_msg="no      (--enable-tls-srp)"
     curl_res_msg="default (--enable-ares / --enable-threaded-resolver)"
    curl_ipv6_msg="no      (--enable-ipv6)"
+curl_unix_sockets_msg="no      (--enable-unix-sockets)"
     curl_idn_msg="no      (--with-{libidn,winidn})"
  curl_manual_msg="no      (--enable-manual)"
 curl_libcurl_msg="enabled (--disable-libcurl-option)"
@@ -574,6 +575,22 @@ AC_HELP_STRING([--disable-imap],[Disable IMAP support]),
 )
 
 
+AC_MSG_CHECKING([whether to support smb])
+AC_ARG_ENABLE(smb,
+AC_HELP_STRING([--enable-smb],[Enable SMB/CIFS support])
+AC_HELP_STRING([--disable-smb],[Disable SMB/CIFS support]),
+[ case "$enableval" in
+  no)
+       AC_MSG_RESULT(no)
+       AC_DEFINE(CURL_DISABLE_SMB, 1, [to disable SMB/CIFS])
+       AC_SUBST(CURL_DISABLE_SMB, [1])
+       ;;
+  *)   AC_MSG_RESULT(yes)
+       ;;
+  esac ],
+       AC_MSG_RESULT(yes)
+)
+
 AC_MSG_CHECKING([whether to support smtp])
 AC_ARG_ENABLE(smtp,
 AC_HELP_STRING([--enable-smtp],[Enable SMTP support])
@@ -1047,10 +1064,10 @@ dnl **********************************************************************
 dnl Checks for IPv6
 dnl **********************************************************************
 
-AC_MSG_CHECKING([whether to enable ipv6])
+AC_MSG_CHECKING([whether to enable IPv6])
 AC_ARG_ENABLE(ipv6,
-AC_HELP_STRING([--enable-ipv6],[Enable ipv6 (with ipv4) support])
-AC_HELP_STRING([--disable-ipv6],[Disable ipv6 support]),
+AC_HELP_STRING([--enable-ipv6],[Enable IPv6 (with IPv4) support])
+AC_HELP_STRING([--disable-ipv6],[Disable IPv6 support]),
 [ case "$enableval" in
   no)
        AC_MSG_RESULT(no)
@@ -2332,12 +2349,6 @@ if test X"$OPT_LIBSSH2" != Xno; then
        dnl linker doesn't search through, we need to add it to LD_LIBRARY_PATH
        dnl to prevent further configure tests to fail due to this
 
-       dnl libssh2_version is a post 1.0 addition
-       dnl libssh2_init and libssh2_exit were added in 1.2.5
-       dnl libssh2_scp_send64 was added in 1.2.6
-       dnl libssh2_session_handshake was added in 1.2.8
-       AC_CHECK_FUNCS( libssh2_version libssh2_init libssh2_exit \
-                       libssh2_scp_send64 libssh2_session_handshake)
        if test "x$cross_compiling" != "xyes"; then
          LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$DIR_SSH2"
          export LD_LIBRARY_PATH
@@ -3263,6 +3274,39 @@ if test "$want_tls_srp" = "yes" && ( test "x$HAVE_GNUTLS_SRP" = "x1" || test "x$
    curl_tls_srp_msg="enabled"
 fi
 
+dnl ************************************************************
+dnl disable Unix domain sockets support
+dnl
+AC_MSG_CHECKING([whether to enable Unix domain sockets])
+AC_ARG_ENABLE(unix-sockets,
+AC_HELP_STRING([--enable-unix-sockets],[Enable Unix domain sockets])
+AC_HELP_STRING([--disable-unix-sockets],[Disable Unix domain sockets]),
+[ case "$enableval" in
+  no)  AC_MSG_RESULT(no)
+       want_unix_sockets=no
+       ;;
+  *)   AC_MSG_RESULT(yes)
+       want_unix_sockets=yes
+       ;;
+  esac ], [
+       AC_MSG_RESULT(auto)
+       want_unix_sockets=auto
+       ]
+)
+if test "x$want_unix_sockets" != "xno"; then
+  AC_CHECK_MEMBER([struct sockaddr_un.sun_path], [
+    AC_DEFINE(USE_UNIX_SOCKETS, 1, [Use Unix domain sockets])
+    AC_SUBST(USE_UNIX_SOCKETS, [1])
+    curl_unix_sockets_msg="enabled"
+  ], [
+    if test "x$want_unix_sockets" = "xyes"; then
+      AC_MSG_ERROR([--enable-unix-sockets is not available on this platform!])
+    fi
+  ], [
+    #include <sys/un.h>
+  ])
+fi
+
 dnl ************************************************************
 dnl disable cookies support
 dnl
@@ -3346,6 +3390,9 @@ fi
 if test "x$IPV6_ENABLED" = "x1"; then
   SUPPORT_FEATURES="$SUPPORT_FEATURES IPv6"
 fi
+if test "x$USE_UNIX_SOCKETS" = "x1"; then
+  SUPPORT_FEATURES="$SUPPORT_FEATURES UnixSockets"
+fi
 if test "x$HAVE_LIBZ" = "x1"; then
   SUPPORT_FEATURES="$SUPPORT_FEATURES libz"
 fi
@@ -3368,17 +3415,24 @@ if test "x$CURL_DISABLE_CRYPTO_AUTH" != "x1" -a \
   SUPPORT_FEATURES="$SUPPORT_FEATURES SPNEGO"
 fi
 
-if test "x$CURL_DISABLE_HTTP" != "x1" -a \
-    "x$CURL_DISABLE_CRYPTO_AUTH" != "x1"; then
+if test "x$CURL_DISABLE_CRYPTO_AUTH" != "x1" -a \
+    \( "x$HAVE_GSSAPI" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \); then
+  SUPPORT_FEATURES="$SUPPORT_FEATURES Kerberos"
+fi
+
+if test "x$CURL_DISABLE_CRYPTO_AUTH" != "x1"; then
   if test "x$USE_SSLEAY" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \
       -o "x$GNUTLS_ENABLED" = "x1" -o "x$NSS_ENABLED" = "x1" \
       -o "x$DARWINSSL_ENABLED" = "x1"; then
     SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM"
-    if test "x$NTLM_WB_ENABLED" = "x1"; then
+
+    if test "x$CURL_DISABLE_HTTP" != "x1" -a \
+        "x$NTLM_WB_ENABLED" = "x1"; then
       SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM_WB"
     fi
   fi
 fi
+
 if test "x$USE_TLS_SRP" = "x1"; then
   SUPPORT_FEATURES="$SUPPORT_FEATURES TLS-SRP"
 fi
@@ -3438,6 +3492,16 @@ if test "x$CURL_DISABLE_IMAP" != "x1"; then
     SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS IMAPS"
   fi
 fi
+if test "x$CURL_DISABLE_SMB" != "x1" \
+    -a "x$CURL_DISABLE_CRYPTO_AUTH" != "x1" \
+    -a \( "x$USE_SSLEAY" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \
+      -o "x$GNUTLS_ENABLED" = "x1" -o "x$NSS_ENABLED" = "x1" \
+      -o "x$DARWINSSL_ENABLED" = "x1" \); then
+  SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SMB"
+  if test "x$SSL_ENABLED" = "x1"; then
+    SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SMBS"
+  fi
+fi
 if test "x$CURL_DISABLE_SMTP" != "x1"; then
   SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SMTP"
   if test "x$SSL_ENABLED" = "x1"; then
@@ -3536,7 +3600,8 @@ AC_MSG_NOTICE([Configured to build curl/libcurl:
   GSS-API support:  ${curl_gss_msg}
   TLS-SRP support:  ${curl_tls_srp_msg}
   resolver:         ${curl_res_msg}
-  ipv6 support:     ${curl_ipv6_msg}
+  IPv6 support:     ${curl_ipv6_msg}
+  Unix sockets support: ${curl_unix_sockets_msg}
   IDN support:      ${curl_idn_msg}
   Build libcurl:    Shared=${enable_shared}, Static=${enable_static}
   Built-in manual:  ${curl_manual_msg}

contributors.sh

@@ -25,6 +25,10 @@
 # This script shows all mentioned contributors from <hash> until HEAD. To aid
 # when writing RELEASE-NOTES and THANKS.
 #
+# Use --releasenotes to also include the names from the existing RELEASE-NOTES
+# file, which is handy when we've added names manually in there that should be
+# included in an updated list.
+#
 
 start=$1
 
@@ -35,18 +39,34 @@ fi
 # filter out Author:, Commit: and *by: lines
 # cut off the email parts
 # split list of names at comma
+# split list of names at " and "
 # cut off spaces first and last on the line
+# filter alternatives through THANKS-filter
 # only count names with a space (ie more than one word)
 # sort all unique names
 # awk them into RELEASE-NOTES format
+(
 git log $start..HEAD | \
 egrep -i '(Author|Commit|by):' | \
 cut -d: -f2- | \
 cut '-d<' -f1 | \
 tr , '\012' | \
-sed -e 's/^ //' -e 's/ $//g' | \
+sed 's/ and /\n/' | \
+sed -e 's/^ //' -e 's/ $//g'
+
+if echo "$*" | grep -qw -- '--releasenotes';then
+    # if --releasenotes was used
+    # grep out the list of names from RELEASE-NOTES
+    # split on ", "
+    # remove leading white spaces
+grep "^  [^ ]" RELEASE-NOTES| \
+sed 's/, */\n/g'| \
+sed 's/^ *//'
+fi
+)| \
+sed -f ./docs/THANKS-filter | \
 grep ' ' | \
-sort -fu |
+sort -fu | \
 awk '{
  num++;
  n = sprintf("%s%s%s,", n, length(n)?" ":"", $0);

docs/FAQ

@@ -134,7 +134,7 @@ FAQ
 
     A free and easy-to-use client-side URL transfer library, supporting DICT,
     FILE, FTP, FTPS, GOPHER, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, POP3,
-    POP3S, RTMP, RTSP, SCP, SFTP, SMTP, SMTPS, TELNET and TFTP.
+    POP3S, RTMP, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET and TFTP.
 
     libcurl supports HTTPS certificates, HTTP POST, HTTP PUT, FTP uploading,
     Kerberos, SPNEGO, HTTP form based upload, proxies, cookies, user+password
@@ -1274,7 +1274,7 @@ FAQ
   you want to change name resolver function you must rebuild libcurl and tell
   it to use a different function.
 
-  - The non-ipv6 resolver that can use one out of four host name resolve calls
+  - The non-IPv6 resolver that can use one out of four host name resolve calls
     (depending on what your system supports):
 
       A - gethostbyname()
@@ -1282,15 +1282,15 @@ FAQ
       C - gethostbyname_r() with 5 arguments
       D - gethostbyname_r() with 6 arguments
 
-  - The ipv6-resolver that uses getaddrinfo()
+  - The IPv6-resolver that uses getaddrinfo()
 
   - The c-ares based name resolver that uses the c-ares library for resolves.
     Using this offers asynchronous name resolves.
 
   - The threaded resolver (default option on Windows). It uses:
 
-      A - gethostbyname() on plain ipv4 hosts
-      B - getaddrinfo() on ipv6-enabled hosts
+      A - gethostbyname() on plain IPv4 hosts
+      B - getaddrinfo() on IPv6 enabled hosts
 
   Also note that libcurl never resolves or reverse-lookups addresses given as
   pure numbers, such as 127.0.0.1 or ::1.

docs/FEATURES

@@ -127,6 +127,12 @@ FILE
  - upload
  - resume
 
+SMB
+ - SMBv1 over TCP and SSL
+ - download
+ - upload
+ - authentication with NTLMv1
+
 SMTP
  - authentication: Plain, Login, CRAM-MD5, Digest-MD5, NTLM (*9) and Kerberos 5
    (*4)

docs/INSTALL

@@ -20,10 +20,10 @@ Building from git
    If you get your code off a git repository, see the GIT-INFO file in the
    root directory for specific instructions on how to proceed.
 
-UNIX
+Unix
 ====
 
-   A normal unix installation is made in three or four steps (after you've
+   A normal Unix installation is made in three or four steps (after you've
    unpacked the source archive):
 
         ./configure
@@ -209,7 +209,7 @@ Win32
    environment variables, for example:
 
      set ZLIB_PATH=c:\zlib-1.2.8
-     set OPENSSL_PATH=c:\openssl-0.9.8y
+     set OPENSSL_PATH=c:\openssl-0.9.8zc
      set LIBSSH2_PATH=c:\libssh2-1.4.3
 
    ATTENTION: if you want to build with libssh2 support you have to use latest
@@ -317,7 +317,7 @@ Win32
    Before running nmake define the OPENSSL_PATH environment variable with
    the root/base directory of OpenSSL, for example:
 
-     set OPENSSL_PATH=c:\openssl-0.9.8y
+     set OPENSSL_PATH=c:\openssl-0.9.8zc
 
    Then run 'nmake vc-ssl' or 'nmake vc-ssl-dll' in curl's root
    directory.  'nmake vc-ssl' will create a libcurl static and dynamic
@@ -416,15 +416,21 @@ Win32
    CURL_DISABLE_FILE     disables FILE
    CURL_DISABLE_TFTP     disables TFTP
    CURL_DISABLE_HTTP     disables HTTP
+   CURL_DISABLE_IMAP     disables IMAP
+   CURL_DISABLE_POP3     disables POP3
+   CURL_DISABLE_SMTP     disables SMTP
 
-   If you want to set any of these defines you have the following
-   possibilities:
+   If you want to set any of these defines you have the following options:
 
    - Modify lib/config-win32.h
    - Modify lib/curl_setup.h
    - Modify lib/Makefile.vc6
-   - Add defines to Project/Settings/C/C++/General/Preprocessor Definitions
-     in the vc6libcurl.dsw/vc6libcurl.dsp Visual C++ 6 IDE project.
+   - Modify the "Preprocessor Definitions" in the libcurl project
+
+   Note: The pre-processor settings can be found using the Visual Studio IDE
+   under "Project -> Settings -> C/C++ -> General" in VC6 and "Project ->
+   Properties -> Configuration Properties -> C/C++ -> Preprocessor" in later
+   versions.
 
    Using BSD-style lwIP instead of Winsock TCP/IP stack in Win32 builds
    --------------------------------------------------------------------
@@ -436,8 +442,12 @@ Win32
 
    - Modify lib/config-win32.h and src/config-win32.h
    - Modify lib/Makefile.vc6
-   - Add definition to Project/Settings/C/C++/General/Preprocessor Definitions
-     in the vc6libcurl.dsw/vc6libcurl.dsp Visual C++ 6 IDE project.
+   - Modify the "Preprocessor Definitions" in the libcurl project
+
+   Note: The pre-processor settings can be found using the Visual Studio IDE
+   under "Project -> Settings -> C/C++ -> General" in VC6 and "Project ->
+   Properties -> Configuration Properties -> C/C++ -> Preprocessor" in later
+   versions.
 
    Once that libcurl has been built with BSD-style lwIP TCP/IP stack support,
    in order to use it with your program it is mandatory that your program

docs/INTERNALS

@@ -42,7 +42,7 @@ Portability
  libidn       0.4.1
  cyassl       2.0.0
  openldap     2.0
- MIT krb5 lib 1.2.4
+ MIT Kerberos 1.2.4
  GSKit        V5R3M0
  NSS          3.14.x
  axTLS        1.2.7
@@ -252,9 +252,9 @@ Library
 
  Kerberos
 
- The kerberos support is mainly in lib/krb5.c and lib/security.c but also
- curl_sasl_sspi.c for the email protocols and socks_gssapi.c & socks_sspi.c for
- SOCKS5 proxy specifics.
+ Kerberos support is mainly in lib/krb5.c and lib/security.c but also
+ curl_sasl_sspi.c and curl_sasl_gssapi.c for the email protocols and
+ socks_gssapi.c & socks_sspi.c for SOCKS5 proxy specifics.
 
  TELNET
 
@@ -264,6 +264,10 @@ Library
 
  The file:// protocol is dealt with in lib/file.c.
 
+ SMB
+
+ The smb:// protocol is dealt with in lib/smb.c.
+
  LDAP
 
  Everything LDAP is in lib/ldap.c and lib/openldap.c

docs/KNOWN_BUGS

@@ -3,6 +3,9 @@ join in and help us correct one or more of these! Also be sure to check the
 changelog of the current development status, as one or more of these problems
 may have been fixed since this was written!
 
+88. libcurl doesn't support CURLINFO_FILETIME for SFTP transfers and thus
+  curl's -R option also doesn't work then.
+
 87. -J/--remote-header-name doesn't decode %-encoded file names. RFC6266
   details how it should be done. The can of worm is basically that we have no
   charset handling in curl and ascii >=128 is a challenge for us. Not to
@@ -197,7 +200,7 @@ may have been fixed since this was written!
   be to use a data structure other than a plain C string, one that can handle
   embedded NUL characters.  From a practical standpoint, most FTP servers
   would not meaningfully support NUL characters within RFC 959 <string>,
-  anyway (e.g., UNIX pathnames may not contain NUL).
+  anyway (e.g., Unix pathnames may not contain NUL).
 
 14. Test case 165 might fail on a system which has libidn present, but with an
   old iconv version (2.1.3 is a known bad version), since it doesn't recognize

docs/MANUAL

@@ -59,6 +59,10 @@ SIMPLE USAGE
 
         curl "http://[2001:1890:1112:1::20]/"
 
+  Get a file from an SMB server:
+
+        curl -u "domain\username:passwd" smb://server.example.com/share/file.txt
+
 DOWNLOAD TO A FILE
 
   Get a web page and store in a local file with a specific name:
@@ -228,6 +232,11 @@ UPLOADING
 
         curl --proxytunnel -x proxy:port -T localfile ftp.upload.com
 
+SMB / SMBS
+
+        curl -T file.txt -u "domain\username:passwd" 
+         smb://server.example.com/share/
+
  HTTP
 
   Upload all data on stdin to a specified HTTP site:

docs/ROADMAP.md

@@ -22,28 +22,24 @@ New stuff - libcurl
    `curl_formget()` and `curl_formfree()` by adding replacement functions and
    deprecating the old ones to allow custom mallocs and more
 
-7. HTTP Digest authentication via Windows SSPI
-
-8. SASL GSSAPI (Kerberos 5) authentication via a GSS-API library
-
-9. add support for third-party SASL libraries such as Cyrus SASL - may need to
+7. add support for third-party SASL libraries such as Cyrus SASL - may need to
    move existing native and SSPI based authentication into vsasl folder after
    reworking HTTP and SASL code
 
-10. SASL authentication in LDAP
+8. SASL authentication in LDAP
 
-11. Simplify the SMTP email interface so that programmers don't have to
-    construct the body of an email that contains all the headers, alternative
-    content, images and attachments - maintain raw interface so that
-    programmers that want to do this can
+9. Simplify the SMTP email interface so that programmers don't have to
+   construct the body of an email that contains all the headers, alternative
+   content, images and attachments - maintain raw interface so that
+   programmers that want to do this can
 
-12. Allow the email protocols to return the capabilities before
+10. Allow the email protocols to return the capabilities before
     authenticating. This will allow an application to decide on the best
     authentication mechanism
 
-13. Allow Windows threading model to be replaced by Win32 pthreads port
+11. Allow Windows threading model to be replaced by Win32 pthreads port
 
-14. Implement a dynamic buffer size to allow SFTP to use much larger buffers
+12. Implement a dynamic buffer size to allow SFTP to use much larger buffers
     and possibly allow the size to be customizable by applications. Use less
     memory when handles are not in use?
 

docs/THANKS

@@ -70,7 +70,6 @@ Andrei Benea
 Andrei Cipu
 Andrei Kurushin
 Andrej E Baranov
-Andres Garcia
 Andrew Benham
 Andrew Biggs
 Andrew Bushnell
@@ -108,6 +107,7 @@ Augustus Saunders
 Avery Fay
 Axel Tillequin
 Balaji Parasuram
+Balaji Salunke
 Balint Szilakszi
 Barry Abrahamson
 Bart Whiteley
@@ -131,6 +131,7 @@ Bill Doyle
 Bill Egert
 Bill Hoffman
 Bill Middlecamp
+Bill Nagel
 Bjoern Sikora
 Bjorn Augustsson
 Bjorn Reese
@@ -156,6 +157,7 @@ Brian R Duffy
 Brian Ulm
 Brock Noland
 Bruce Mitchener
+Bruno Thomsen
 Bruno de Carvalho
 Bryan Henderson
 Bryan Kemp
@@ -163,10 +165,10 @@ Byrial Jensen
 Cameron Kaiser
 Camille Moncelier
 Caolan McNamara
+Carlo Wood
 Carsten Lange
 Casey O'Donnell
 Catalin Patulea
-Cedric Deltheil
 Chad Monroe
 Chandrakant Bagul
 Charles Kerr
@@ -175,7 +177,6 @@ Chih-Chung Chang
 Chris "Bob Bob"
 Chris Combes
 Chris Conlon
-Chris Conroy
 Chris Deidun
 Chris Flerackers
 Chris Gaukroger
@@ -287,6 +288,7 @@ Diego Casorran
 Dilyan Palauzov
 Dima Barsky
 Dima Tisnek
+Dimitar Boevski
 Dimitre Dimitrov
 Dimitrios Siganos
 Dimitris Sarris
@@ -367,7 +369,7 @@ Feng Tu
 Florian Schoppmann
 Florian Weimer
 Forrest Cahoon
-Francois Charlier
+Frank Gevaerts
 Frank Hempel
 Frank Keeney
 Frank McGeough
@@ -413,7 +415,6 @@ Glen A Johnson Jr.
 Glen Nakamura
 Glen Scott
 Glenn Sheridan
-Gokhan Sengun
 Gordon Marler
 Gorilla Maguila
 Grant Erickson
@@ -529,6 +530,7 @@ Jeff Pohlmeyer
 Jeff Weber
 Jeremy Friesner
 Jeremy Huddleston
+Jeremy Lin
 Jeroen Koekkoek
 Jerome Muffat-Meridol
 Jerome Robert
@@ -569,7 +571,6 @@ John Joseph Bachir
 John Kelly
 John Lask
 John Lightsey
-John Malmberg
 John Marino
 John McGowan
 John P. McCaskey
@@ -614,13 +615,13 @@ Justin Karneges
 Justin Maggard
 Jörg Mueller-Tolk
 Jörn Hartroth
+K. R. Walker
 Kai Engert
 Kai Sommerfeld
 Kai-Uwe Rommel
 Kalle Vahlman
 Kamil Dudka
 Kang-Jin Lee
-Karl M
 Karl Moerder
 Karol Pietrzak
 Kaspar Brand
@@ -685,9 +686,10 @@ Liza Alenchery
 Lluís Batlle i Rossell
 Loic Dachary
 Loren Kirkby
+Luan Cestari
 Luca Altea
-Luca Alteas
 Lucas Adamski
+Lucas Pardue
 Ludek Finstrle
 Ludovico Cavedon
 Lukasz Czekierda
@@ -786,7 +788,6 @@ Michael Smith
 Michael Stillwell
 Michael Wallner
 Michal Bonino
-Michal Gorny
 Michal Marek
 Michał Górny
 Michał Kowalczyk
@@ -813,9 +814,9 @@ Mitz Wark
 Mohamed Lrhazi
 Mohammad AlSaleh
 Mohun Biswas
-Moonesamy
 Myk Taylor
 Nach M. S.
+Nagai H
 Nathan Coulter
 Nathan O'Sullivan
 Nathanael Nerode
@@ -890,7 +891,6 @@ Pawel A. Gajda
 Pawel Kierski
 Pedro Larroy
 Pedro Neves
-Pete Su
 Peter Bray
 Peter Forret
 Peter Gal
@@ -906,6 +906,7 @@ Peter Sylvester
 Peter Todd
 Peter Verhas
 Peter Wang
+Peter Wu
 Peter Wullinger
 Peteris Krumins
 Petr Bahula
@@ -1020,7 +1021,6 @@ S. Moonesamy
 Salvador Dávila
 Salvatore Sorrentino
 Sam Deane
-Sam Listopad
 Sampo Kellomaki
 Samuel Díaz García
 Samuel Listopad
@@ -1039,7 +1039,6 @@ Scott Cantor
 Scott Davis
 Scott McCreary
 Sebastian Rasmussen
-Sebastien Willemijns
 Senthil Raja Velu
 Sergei Nikulov
 Sergey Tatarincev
@@ -1096,6 +1095,7 @@ Sune Ahlgren
 Sven Anders
 Sven Neuhaus
 Sven Wegener
+Symeon Paraschoudis
 Sébastien Willemijns
 T. Bharath
 T. Yamada
@@ -1120,6 +1120,7 @@ Tim Costello
 Tim Harder
 Tim Heckman
 Tim Newsome
+Tim Ruehsen
 Tim Sneddon
 Tim Starling
 Timo Sirainen
@@ -1165,6 +1166,7 @@ Török Edwin
 Ulf Härnhammar
 Ulf Samuelsson
 Ulrich Doehner
+Ulrich Telle
 Ulrich Zadow
 Venkat Akella
 Victor Snezhko
@@ -1184,6 +1186,7 @@ Vladimir Lazarenko
 Vojtech Janota
 Vojtech Minarik
 Vsevolod Novikov
+Waldek Kozba
 Walter J. Mack
 Ward Willats
 Wayne Haigh
@@ -1200,7 +1203,6 @@ Wouter Van Rooy
 Wu Yongzheng
 Xavier Bouchoux
 Yaakov Selkowitz
-Yamada Yasuharu
 Yang Tse
 Yarram Sunil
 Yasuharu Yamada

docs/THANKS-filter

@@ -0,0 +1,48 @@
+# This is a list of names we have recorded that already are thanked
+# appropriately in THANKS. This list contains variations of their names and
+# their "canonical" name. This file is used for scripting purposes to avoid
+# duplicate entries and will not be included in release tarballs.
+# When removing dupes that aren't identical names from THANKS, add a line
+# here!
+#
+# Used-by: contributor.sh
+s/Andres Garcia/Andrés García/
+s/Chris Conroy/Christopher Conroy/
+s/Francois Charlier/François Charlier/
+s/Gokhan Sengun/Gökhan Şengün/
+s/John Malmberg/John E. Malmberg/
+s/Luca Alteas/Luca Altea/
+s/Michal Gorny/Michał Górny/
+s/Michal Górny/Michał Górny/
+s/Moonesamy/S. Moonesamy/
+s/Pete Su$/Peter Su/
+s/Sam Listopad/Samuel Listopad/
+s/Sebastien Willemijns/Sébastien Willemijns/
+s/YAMADA Yasuharu/Yasuharu Yamada/
+s/Karl M$/Karl Moerder/
+s/Bjorn Stenberg/Björn Stenberg/
+s/upstream tests 305 and 404//
+s/Gaël PORTAY/Gaël Portay/
+s/Romulo Ceccon/Romulo A. Ceccon/
+s/Nach M. S$/Nach M. S./
+s/Jay Satiro/Ray Satiro/
+s/Richard J. Moore/Richard Moore/
+s/Sergey Nikulov/Sergei Nikulov/
+s/Petr Písař/Petr Pisar/
+s/Nick Zitzmann (originally)/Nick Zitzmann/
+s/product-security at Apple//
+s/IT DOES NOT WORK//
+s/Albert Chin/Albert Chin-A-Young/
+s/Paras S/Paras Sethia/
+s/Дмитрий Фалько/Dmitry Falko/
+s/byte_bucket in the #curl IRC channel//
+s/Michal Górny and Anthony G. Basile//
+s/Alejandro Alvarez$/Alejandro Alvarez Ayllon/
+s/Ant Bryan/Anthony Bryan/
+s/Cédric Deltheil/Cédric Deltheil/
+s/Christian Hagele/Christian Hägele/
+s/douglas steinwand/Douglas Steinwand/
+s/Frank Van Uffelen and Fabian Hiernaux//
+s/Rodrigo Silva (MestreLion)/Rodrigo Silva/
+s/tetetest tetetest//
+s/Jiří Hruška/Jiri Hruska/

docs/TODO

@@ -19,10 +19,12 @@
  1.6 Modified buffer size approach
  1.7 Detect when called from within callbacks
  1.8 Allow SSL (HTTPS) to proxy
+ 1.9 Cache negative name resolves
 
  2. libcurl - multi interface
  2.1 More non-blocking
  2.2 Fix HTTP Pipelining for PUT
+ 2.3 Better support for same name resolves
 
  3. Documentation
  3.1 Update date and version in man pages
@@ -42,7 +44,6 @@
  5.3 Rearrange request header order
  5.4 SPDY
  5.5 auth= in URLs
- 5.6 Digest via Windows SSPI
 
  6. TELNET
  6.1 ditch stdin
@@ -83,7 +84,7 @@
 
  14. SASL
  14.1 Other authentication mechanisms
- 14.2 GSSAPI via GSS-API libraries
+ 14.2 Add QOP support to GSSAPI authentication
  
  15. Client
  15.1 sync
@@ -134,7 +135,7 @@
 
  Use 'struct lifreq' and SIOCGLIFADDR instead of 'struct ifreq' and
  SIOCGIFADDR on newer Solaris versions as they claim the latter is obsolete.
- To support ipv6 interface addresses for network interfaces properly.
+ To support IPv6 interface addresses for network interfaces properly.
 
 1.4 signal-based resolver timeouts
 
@@ -193,6 +194,12 @@
  ...and by Firefox soon:
  https://bugzilla.mozilla.org/show_bug.cgi?id=378637
 
+1.9 Cache negative name resolves
+
+ A name resolve that has failed is likely to fail when made again within a
+ short period of time. Currently we only cache positive responses.
+
+
 2. libcurl - multi interface
 
 2.1 More non-blocking
@@ -215,6 +222,15 @@
  serial requests and currently libcurl only supports that for HEAD and GET
  requests but it should also be possible for PUT.
 
+2.3 Better support for same name resolves
+
+ If a name resolve has been initiated for name NN and a second easy handle
+ wants to resolve that name as well, make it wait for the first resolve to end
+ up in the cache instead of doing a second separate resolve. This is
+ especially needed when adding many simultaneous handles using the same host
+ name when the DNS resolver can get flooded.
+
+
 3. Documentation
 
 3.1 Update date and version in man pages
@@ -314,12 +330,6 @@ This is not detailed in any FTP specification.
 
  Additionally this should be implemented for proxy base URLs as well.
 
-5.6 Digest via Windows SSPI
-
- libcurl already supports HTTP Digest Authentication via native routines as well
- as SASL Digest via both Windows SSPI and native routines. In addition to this
- libcurl should also support HTTP Digest Authentication via Windows SSPI.
-
 6. TELNET
 
 6.1 ditch stdin
@@ -467,10 +477,12 @@ to provide the data to send.
  Add support for other authentication mechanisms such as EXTERNAL, OLP,
  GSS-SPNEGO and others.
  
-14.2 GSSAPI via GSS-API libraries
+14.2 Add QOP support to GSSAPI authentication
 
- Add support for GSSAPI authentication via third-party GSS-API libraries, such
- as Heimdal and MIT Kerberos.
+ Currently the GSSAPI authentication only supports the default QOP of auth
+ (Authentication), whilst Kerberos V5 supports both auth-int (Authentication
+ with integrity protection) and auth-conf (Authentication with integrity and
+ privacy protection).
 
 15. Client
 

docs/curl.1

@@ -20,7 +20,7 @@
 .\" *
 .\" **************************************************************************
 .\"
-.TH curl 1 "2 Aug 2014" "Curl 7.38.0" "Curl Manual"
+.TH curl 1 "30 Nov 2014" "Curl 7.40.0" "Curl Manual"
 .SH NAME
 curl \- transfer a URL
 .SH SYNOPSIS
@@ -30,8 +30,8 @@ curl \- transfer a URL
 .B curl
 is a tool to transfer data from or to a server, using one of the supported
 protocols (DICT, FILE, FTP, FTPS, GOPHER, HTTP, HTTPS, IMAP, IMAPS, LDAP,
-LDAPS, POP3, POP3S, RTMP, RTSP, SCP, SFTP, SMTP, SMTPS, TELNET and TFTP).  The
-command is designed to work without user interaction.
+LDAPS, POP3, POP3S, RTMP, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET
+and TFTP). The command is designed to work without user interaction.
 
 curl offers a busload of useful tricks like proxy support, user
 authentication, FTP upload, HTTP post, SSL connections, cookies, file transfer
@@ -78,6 +78,11 @@ probably have to put the full URL within double quotes to avoid the shell from
 interfering with it. This also goes for other characters treated special, like
 for example '&', '?' and '*'.
 
+Provide the IPv6 zone index in the URL with an escaped percentage sign and the
+interface name. Like in
+
+  http://[fe80::3%25eth0]/
+
 If you specify URL without protocol:// prefix, curl will attempt to guess what
 protocol you might want. It will then default to HTTP but try other protocols
 based on often-used host name prefixes. For example, for host names starting
@@ -172,7 +177,7 @@ considered insecure.
 (SSL) Forces curl to use SSL version 3 when negotiating with a remote SSL
 server. Sometimes curl is built without SSLv3 support.
 .IP "-4, --ipv4"
-Tis option tells curl to resolve names to IPv4 addresses only, and not for
+This option tells curl to resolve names to IPv4 addresses only, and not for
 example try IPv6.
 .IP "-6, --ipv6"
 This option tells curl to resolve names to IPv6 addresses only, and not for
@@ -293,7 +298,9 @@ uses no dir or if the dirs it mentions already exist, no dir will be created.
 To create remote directories when using FTP or SFTP, try
 \fI--ftp-create-dirs\fP.
 .IP "--crlf"
-(FTP) Convert LF to CRLF in upload. Useful for MVS (OS/390).
+Convert LF to CRLF in upload. Useful for MVS (OS/390).
+
+(SMTP added in 7.40.0)
 .IP "--crlfile <file>"
 (HTTPS/FTPS) Provide a file using PEM format with a Certificate Revocation
 List that may specify peer certificates that are to be considered revoked.
@@ -534,14 +541,14 @@ If this option is set, the default capath value will be ignored, and if it is
 used several times, the last one will be used.
 .IP "--pinnedpubkey <pinned public key>"
 (SSL) Tells curl to use the specified public key file to verify the peer. The
-file must contain a single public key in DER format.
+file must contain a single public key in PEM or DER format.
 
 When negotiating a TLS or SSL connection, the server sends a certificate
 indicating its identity. A public key is extracted from this certificate and
 if it does not exactly match the public key provided to this option, curl will
 abort the connection before sending or receiving any data.
 
-This is currently only implemented in the OpenSSL and GnuTLS backends.
+This is currently only implemented in the OpenSSL, GnuTLS and GSKit backends.
 
 If this option is used several times, the last one will be used.
 (Added in 7.39.0)
@@ -806,12 +813,12 @@ the following places in this order:
 
 1) curl tries to find the "home dir": It first checks for the CURL_HOME and
 then the HOME environment variables. Failing that, it uses getpwuid() on
-UNIX-like systems (which returns the home dir given the current user in your
+Unix-like systems (which returns the home dir given the current user in your
 system). On Windows, it then checks for the APPDATA variable, or as a last
 resort the '%USERPROFILE%\\Application Data'.
 
 2) On windows, if there is no _curlrc file in the home dir, it checks for one
-in the same dir the curl executable is placed. On UNIX-like systems, it will
+in the same dir the curl executable is placed. On Unix-like systems, it will
 simply try to load .curlrc from the determined home dir.
 
 .nf
@@ -1019,7 +1026,7 @@ in Metalink file, hash check will fail.
 .IP "-n, --netrc"
 Makes curl scan the \fI.netrc\fP (\fI_netrc\fP on Windows) file in the user's
 home directory for login name and password. This is typically used for FTP on
-UNIX. If used with HTTP, curl will enable user authentication. See
+Unix. If used with HTTP, curl will enable user authentication. See
 .BR netrc(4)
 or
 .BR ftp(1)
@@ -1655,6 +1662,9 @@ If this option is used several times, the last one will be used.
 .IP "--trace-time"
 Prepends a time stamp to each trace or verbose line that curl displays.
 (Added in 7.14.0)
+.IP "--unix-socket <path>"
+(HTTP) Connect through this Unix domain socket, instead of using the
+network. (Added in 7.40.0)
 .IP "-u, --user <user:password>"
 Specify the user name and password to use for server authentication. Overrides
 \fI-n, --netrc\fP and \fI--netrc-optional\fP.
@@ -1679,7 +1689,7 @@ Principal Name) formats. For example, EXAMPLE\\user and user@example.com
 respectively.
 
 If you use a Windows SSPI-enabled curl binary and perform Kerberos V5,
-Negotiate, NTLM or DIGEST-MD5 authentication then you can tell curl to select
+Negotiate, NTLM or Digest authentication then you can tell curl to select
 the user name and password from your environment by specifying a single colon
 with this option: "-u :".
 

docs/examples/10-at-a-time.c

@@ -62,7 +62,6 @@ static const char *urls[] = {
   "http://www.uefa.com",
   "http://www.ieee.org",
   "http://www.apple.com",
-  "http://www.sony.com",
   "http://www.symantec.com",
   "http://www.zdnet.com",
   "http://www.fujitsu.com",

docs/examples/Makefile.inc

@@ -1,20 +1,42 @@
+#***************************************************************************
+#                                  _   _ ____  _
+#  Project                     ___| | | |  _ \| |
+#                             / __| | | | |_) | |
+#                            | (__| |_| |  _ <| |___
+#                             \___|\___/|_| \_\_____|
+#
+# Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+#
+# This software is licensed as described in the file COPYING, which
+# you should have received as part of this distribution. The terms
+# are also available at http://curl.haxx.se/docs/copyright.html.
+#
+# You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# copies of the Software, and permit persons to whom the Software is
+# furnished to do so, under the terms of the COPYING file.
+#
+# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# KIND, either express or implied.
+#
+###########################################################################
+
 # These are all libcurl example programs to be test compiled
 check_PROGRAMS = 10-at-a-time anyauthput cookie_interface debug fileupload \
   fopen ftpget ftpgetresp ftpupload getinfo getinmemory http-post httpput  \
   https multi-app multi-debugcallback multi-double multi-post multi-single \
   persistant post-callback postit2 sepheaders simple simplepost simplessl  \
-  sendrecv httpcustomheader certinfo chkspeed ftpgetinfo ftp-wildcard \
-  smtp-mail smtp-multi smtp-ssl smtp-tls smtp-vrfy smtp-expn rtsp \
-  externalsocket resolve progressfunc pop3-retr pop3-list pop3-uidl pop3-dele \
-  pop3-top pop3-stat pop3-noop pop3-ssl pop3-tls pop3-multi imap-list \
-  imap-lsub imap-fetch imap-store imap-append imap-examine imap-search \
-  imap-create imap-delete imap-copy imap-noop imap-ssl imap-tls imap-multi \
-  url2file sftpget ftpsget postinmemory
+  sendrecv httpcustomheader certinfo chkspeed ftpgetinfo ftp-wildcard      \
+  smtp-mail smtp-multi smtp-ssl smtp-tls smtp-vrfy smtp-expn rtsp          \
+  externalsocket resolve progressfunc pop3-retr pop3-list pop3-uidl        \
+  pop3-dele pop3-top pop3-stat pop3-noop pop3-ssl pop3-tls pop3-multi      \
+  imap-list imap-lsub imap-fetch imap-store imap-append imap-examine       \
+  imap-search imap-create imap-delete imap-copy imap-noop imap-ssl         \
+  imap-tls imap-multi url2file sftpget ftpsget postinmemory
 
 # These examples require external dependencies that may not be commonly
 # available on POSIX systems, so don't bother attempting to compile them here.
-COMPLICATED_EXAMPLES = curlgtk.c curlx.c htmltitle.cpp cacertinmem.c	   \
-  ftpuploadresume.c ghiper.c hiperfifo.c htmltidy.c multithread.c	   \
+COMPLICATED_EXAMPLES = curlgtk.c curlx.c htmltitle.cpp cacertinmem.c       \
+  ftpuploadresume.c ghiper.c hiperfifo.c htmltidy.c multithread.c          \
   opensslthreadlock.c sampleconv.c synctime.c threaded-ssl.c evhiperfifo.c \
-  smooth-gtk-thread.c version-check.pl href_extractor.c asiohiper.cpp \
+  smooth-gtk-thread.c version-check.pl href_extractor.c asiohiper.cpp      \
   multi-uv.c xmlstream.c usercertinmem.c sessioninfo.c

docs/examples/Makefile.m32

@@ -38,7 +38,7 @@ ZLIB_PATH = ../../../zlib-1.2.8
 endif
 # Edit the path below to point to the base of your OpenSSL package.
 ifndef OPENSSL_PATH
-OPENSSL_PATH = ../../../openssl-0.9.8y
+OPENSSL_PATH = ../../../openssl-0.9.8zc
 endif
 # Edit the path below to point to the base of your LibSSH2 package.
 ifndef LIBSSH2_PATH

docs/examples/Makefile.netware

@@ -19,7 +19,7 @@ endif
 
 # Edit the path below to point to the base of your OpenSSL package.
 ifndef OPENSSL_PATH
-OPENSSL_PATH = ../../../openssl-0.9.8y
+OPENSSL_PATH = ../../../openssl-0.9.8zc
 endif
 
 # Edit the path below to point to the base of your LibSSH2 package.

docs/examples/asiohiper.cpp

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2012 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -84,7 +84,7 @@ static int multi_timer_cb(CURLM *multi, long timeout_ms, GlobalInfo *g)
   /* cancel running timer */
   timer.cancel();
 
-  if ( timeout_ms > 0 )
+  if(timeout_ms > 0)
   {
     /* update timer */
     timer.expires_from_now(boost::posix_time::millisec(timeout_ms));
@@ -103,26 +103,44 @@ static int multi_timer_cb(CURLM *multi, long timeout_ms, GlobalInfo *g)
 /* Die if we get a bad CURLMcode somewhere */
 static void mcode_or_die(const char *where, CURLMcode code)
 {
-  if ( CURLM_OK != code )
+  if(CURLM_OK != code)
   {
     const char *s;
-    switch ( code )
+    switch(code)
     {
-    case CURLM_CALL_MULTI_PERFORM: s="CURLM_CALL_MULTI_PERFORM"; break;
-    case CURLM_BAD_HANDLE:         s="CURLM_BAD_HANDLE";         break;
-    case CURLM_BAD_EASY_HANDLE:    s="CURLM_BAD_EASY_HANDLE";    break;
-    case CURLM_OUT_OF_MEMORY:      s="CURLM_OUT_OF_MEMORY";      break;
-    case CURLM_INTERNAL_ERROR:     s="CURLM_INTERNAL_ERROR";     break;
-    case CURLM_UNKNOWN_OPTION:     s="CURLM_UNKNOWN_OPTION";     break;
-    case CURLM_LAST:               s="CURLM_LAST";               break;
-    default: s="CURLM_unknown";
+    case CURLM_CALL_MULTI_PERFORM:
+      s = "CURLM_CALL_MULTI_PERFORM";
       break;
-    case     CURLM_BAD_SOCKET:         s="CURLM_BAD_SOCKET";
+    case CURLM_BAD_HANDLE:
+      s = "CURLM_BAD_HANDLE";
+      break;
+    case CURLM_BAD_EASY_HANDLE:
+      s = "CURLM_BAD_EASY_HANDLE";
+      break;
+    case CURLM_OUT_OF_MEMORY:
+      s = "CURLM_OUT_OF_MEMORY";
+      break;
+    case CURLM_INTERNAL_ERROR:
+      s = "CURLM_INTERNAL_ERROR";
+      break;
+    case CURLM_UNKNOWN_OPTION:
+      s = "CURLM_UNKNOWN_OPTION";
+      break;
+    case CURLM_LAST:
+      s = "CURLM_LAST";
+      break;
+    default:
+      s = "CURLM_unknown";
+      break;
+    case CURLM_BAD_SOCKET:
+      s = "CURLM_BAD_SOCKET";
       fprintf(MSG_OUT, "\nERROR: %s returns %s", where, s);
       /* ignore this error */
       return;
     }
+
     fprintf(MSG_OUT, "\nERROR: %s returns %s", where, s);
+
     exit(code);
   }
 }
@@ -139,9 +157,9 @@ static void check_multi_info(GlobalInfo *g)
 
   fprintf(MSG_OUT, "\nREMAINING: %d", g->still_running);
 
-  while ((msg = curl_multi_info_read(g->multi, &msgs_left)))
+  while((msg = curl_multi_info_read(g->multi, &msgs_left)))
   {
-    if (msg->msg == CURLMSG_DONE)
+    if(msg->msg == CURLMSG_DONE)
     {
       easy = msg->easy_handle;
       res = msg->data.result;
@@ -157,17 +175,19 @@ static void check_multi_info(GlobalInfo *g)
 }
 
 /* Called by asio when there is an action on a socket */
-static void event_cb(GlobalInfo * g, boost::asio::ip::tcp::socket * tcp_socket, int action)
+static void event_cb(GlobalInfo *g, boost::asio::ip::tcp::socket *tcp_socket,
+                     int action)
 {
   fprintf(MSG_OUT, "\nevent_cb: action=%d", action);
 
   CURLMcode rc;
-  rc = curl_multi_socket_action(g->multi, tcp_socket->native_handle(), action, &g->still_running);
+  rc = curl_multi_socket_action(g->multi, tcp_socket->native_handle(), action,
+                                &g->still_running);
 
   mcode_or_die("event_cb: curl_multi_socket_action", rc);
   check_multi_info(g);
 
-  if ( g->still_running <= 0 )
+  if(g->still_running <= 0)
   {
     fprintf(MSG_OUT, "\nlast transfer done, kill timeout");
     timer.cancel();
@@ -177,7 +197,7 @@ static void event_cb(GlobalInfo * g, boost::asio::ip::tcp::socket * tcp_socket,
 /* Called by asio when our timeout expires */
 static void timer_cb(const boost::system::error_code & error, GlobalInfo *g)
 {
-  if ( !error)
+  if(!error)
   {
     fprintf(MSG_OUT, "\ntimer_cb: ");
 
@@ -194,7 +214,7 @@ static void remsock(int *f, GlobalInfo *g)
 {
   fprintf(MSG_OUT, "\nremsock: ");
 
-  if ( f )
+  if(f)
   {
     free(f);
   }
@@ -206,9 +226,10 @@ static void setsock(int *fdp, curl_socket_t s, CURL*e, int act, GlobalInfo*g)
 
   std::map<curl_socket_t, boost::asio::ip::tcp::socket *>::iterator it = socket_map.find(s);
 
-  if ( it == socket_map.end() )
+  if(it == socket_map.end())
   {
     fprintf(MSG_OUT, "\nsocket %d is a c-ares socket, ignoring", s);
+
     return;
   }
 
@@ -216,44 +237,36 @@ static void setsock(int *fdp, curl_socket_t s, CURL*e, int act, GlobalInfo*g)
 
   *fdp = act;
 
-  if ( act == CURL_POLL_IN )
+  if(act == CURL_POLL_IN)
   {
     fprintf(MSG_OUT, "\nwatching for socket to become readable");
 
     tcp_socket->async_read_some(boost::asio::null_buffers(),
-                             boost::bind(&event_cb, g,
-                               tcp_socket,
-                               act));
+                                boost::bind(&event_cb, g, tcp_socket, act));
   }
-  else if ( act == CURL_POLL_OUT )
+  else if (act == CURL_POLL_OUT)
   {
     fprintf(MSG_OUT, "\nwatching for socket to become writable");
 
     tcp_socket->async_write_some(boost::asio::null_buffers(),
-                              boost::bind(&event_cb, g,
-                                tcp_socket,
-                                act));
+                                 boost::bind(&event_cb, g, tcp_socket, act));
   }
-  else if ( act == CURL_POLL_INOUT )
+  else if(act == CURL_POLL_INOUT)
   {
     fprintf(MSG_OUT, "\nwatching for socket to become readable & writable");
 
     tcp_socket->async_read_some(boost::asio::null_buffers(),
-                             boost::bind(&event_cb, g,
-                               tcp_socket,
-                               act));
+                                boost::bind(&event_cb, g, tcp_socket, act));
 
     tcp_socket->async_write_some(boost::asio::null_buffers(),
-                              boost::bind(&event_cb, g,
-                                tcp_socket,
-                                act));
+                                 boost::bind(&event_cb, g, tcp_socket, act));
   }
 }
 
-
 static void addsock(curl_socket_t s, CURL *easy, int action, GlobalInfo *g)
 {
-  int *fdp = (int *)calloc(sizeof(int), 1); /* fdp is used to store current action */
+  /* fdp is used to store current action */
+  int *fdp = (int *) calloc(sizeof(int), 1);
 
   setsock(fdp, s, easy, action, g);
   curl_multi_assign(g->multi, s, fdp);
@@ -265,20 +278,20 @@ static int sock_cb(CURL *e, curl_socket_t s, int what, void *cbp, void *sockp)
   fprintf(MSG_OUT, "\nsock_cb: socket=%d, what=%d, sockp=%p", s, what, sockp);
 
   GlobalInfo *g = (GlobalInfo*) cbp;
-  int *actionp = (int*) sockp;
-  const char *whatstr[]={ "none", "IN", "OUT", "INOUT", "REMOVE"};
+  int *actionp = (int *) sockp;
+  const char *whatstr[] = { "none", "IN", "OUT", "INOUT", "REMOVE"};
 
   fprintf(MSG_OUT,
           "\nsocket callback: s=%d e=%p what=%s ", s, e, whatstr[what]);
 
-  if ( what == CURL_POLL_REMOVE )
+  if(what == CURL_POLL_REMOVE)
   {
     fprintf(MSG_OUT, "\n");
     remsock(actionp, g);
   }
   else
   {
-    if ( !actionp )
+    if(!actionp)
     {
       fprintf(MSG_OUT, "\nAdding data: %s", whatstr[what]);
       addsock(s, e, what, g);
@@ -291,19 +304,19 @@ static int sock_cb(CURL *e, curl_socket_t s, int what, void *cbp, void *sockp)
       setsock(actionp, s, e, what, g);
     }
   }
+
   return 0;
 }
 
-
 /* CURLOPT_WRITEFUNCTION */
 static size_t write_cb(void *ptr, size_t size, size_t nmemb, void *data)
 {
 
   size_t written = size * nmemb;
-  char* pBuffer = (char*)malloc(written + 1);
+  char* pBuffer = (char *) malloc(written + 1);
 
   strncpy(pBuffer, (const char *)ptr, written);
-  pBuffer [written] = '\0';
+  pBuffer[written] = '\0';
 
   fprintf(MSG_OUT, "%s", pBuffer);
 
@@ -312,12 +325,12 @@ static size_t write_cb(void *ptr, size_t size, size_t nmemb, void *data)
   return written;
 }
 
-
 /* CURLOPT_PROGRESSFUNCTION */
-static int prog_cb (void *p, double dltotal, double dlnow, double ult,
-                    double uln)
+static int prog_cb(void *p, double dltotal, double dlnow, double ult,
+                   double uln)
 {
   ConnInfo *conn = (ConnInfo *)p;
+
   (void)ult;
   (void)uln;
 
@@ -328,16 +341,15 @@ static int prog_cb (void *p, double dltotal, double dlnow, double ult,
 }
 
 /* CURLOPT_OPENSOCKETFUNCTION */
-static curl_socket_t opensocket(void *clientp,
-                                curlsocktype purpose,
+static curl_socket_t opensocket(void *clientp, curlsocktype purpose,
                                 struct curl_sockaddr *address)
 {
   fprintf(MSG_OUT, "\nopensocket :");
 
   curl_socket_t sockfd = CURL_SOCKET_BAD;
 
-  /* restrict to ipv4 */
-  if (purpose == CURLSOCKTYPE_IPCXN && address->family == AF_INET)
+  /* restrict to IPv4 */
+  if(purpose == CURLSOCKTYPE_IPCXN && address->family == AF_INET)
   {
     /* create a tcp socket object */
     boost::asio::ip::tcp::socket *tcp_socket = new boost::asio::ip::tcp::socket(io_service);
@@ -346,9 +358,9 @@ static curl_socket_t opensocket(void *clientp,
     boost::system::error_code ec;
     tcp_socket->open(boost::asio::ip::tcp::v4(), ec);
 
-    if (ec)
+    if(ec)
     {
-      //An error occurred
+      /* An error occurred */
       std::cout << std::endl << "Couldn't open socket [" << ec << "][" << ec.message() << "]";
       fprintf(MSG_OUT, "\nERROR: Returning CURL_SOCKET_BAD to signal error");
     }
@@ -372,7 +384,7 @@ static int closesocket(void *clientp, curl_socket_t item)
 
   std::map<curl_socket_t, boost::asio::ip::tcp::socket *>::iterator it = socket_map.find(item);
 
-  if ( it != socket_map.end() )
+  if(it != socket_map.end())
   {
     delete it->second;
     socket_map.erase(it);
@@ -382,22 +394,21 @@ static int closesocket(void *clientp, curl_socket_t item)
 }
 
 /* Create a new easy handle, and add it to the global curl_multi */
-static void new_conn(char *url, GlobalInfo *g )
+static void new_conn(char *url, GlobalInfo *g)
 {
   ConnInfo *conn;
   CURLMcode rc;
 
-  conn = (ConnInfo *)calloc(1, sizeof(ConnInfo));
-  memset(conn, 0, sizeof(ConnInfo));
-  conn->error[0]='\0';
+  conn = (ConnInfo *) calloc(1, sizeof(ConnInfo));
 
   conn->easy = curl_easy_init();
-
-  if ( !conn->easy )
+  if(!conn->easy)
   {
     fprintf(MSG_OUT, "\ncurl_easy_init() failed, exiting!");
+
     exit(2);
   }
+
   conn->global = g;
   conn->url = strdup(url);
   curl_easy_setopt(conn->easy, CURLOPT_URL, conn->url);
@@ -431,6 +442,7 @@ int main(int argc, char **argv)
 {
   GlobalInfo g;
   CURLMcode rc;
+
   (void)argc;
   (void)argv;
 
@@ -450,5 +462,6 @@ int main(int argc, char **argv)
   curl_multi_cleanup(g.multi);
 
   fprintf(MSG_OUT, "\ndone.\n");
+
   return 0;
 }

docs/examples/externalsocket.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -38,7 +38,7 @@
 #include <sys/socket.h>       /*  socket definitions        */
 #include <netinet/in.h>
 #include <arpa/inet.h>        /*  inet (3) funtions         */
-#include <unistd.h>           /*  misc. UNIX functions      */
+#include <unistd.h>           /*  misc. Unix functions      */
 #endif
 
 #include <errno.h>

docs/examples/fopen.c

@@ -128,6 +128,7 @@ static int fill_buffer(URL_FILE *file, size_t want)
   fd_set fdexcep;
   struct timeval timeout;
   int rc;
+  CURLMcode mc; /* curl_multi_fdset() return code */
 
   /* only attempt to fill buffer if transactions still running and buffer
    * doesnt exceed required size already
@@ -158,15 +159,35 @@ static int fill_buffer(URL_FILE *file, size_t want)
     }
 
     /* get file descriptors from the transfers */
-    curl_multi_fdset(multi_handle, &fdread, &fdwrite, &fdexcep, &maxfd);
+    mc = curl_multi_fdset(multi_handle, &fdread, &fdwrite, &fdexcep, &maxfd);
 
-    /* In a real-world program you OF COURSE check the return code of the
-       function calls.  On success, the value of maxfd is guaranteed to be
-       greater or equal than -1.  We call select(maxfd + 1, ...), specially
-       in case of (maxfd == -1), we call select(0, ...), which is basically
-       equal to sleep. */
+    if(mc != CURLM_OK)
+    {
+      fprintf(stderr, "curl_multi_fdset() failed, code %d.\n", mc);
+      break;
+    }
 
-    rc = select(maxfd+1, &fdread, &fdwrite, &fdexcep, &timeout);
+    /* On success the value of maxfd is guaranteed to be >= -1. We call
+       select(maxfd + 1, ...); specially in case of (maxfd == -1) there are
+       no fds ready yet so we call select(0, ...) --or Sleep() on Windows--
+       to sleep 100ms, which is the minimum suggested value in the
+       curl_multi_fdset() doc. */
+
+    if(maxfd == -1) {
+#ifdef _WIN32
+      Sleep(100);
+      rc = 0;
+#else
+      /* Portable sleep for platforms other than Windows. */
+      struct timeval wait = { 0, 100 * 1000 }; /* 100ms */
+      rc = select(0, NULL, NULL, NULL, &wait);
+#endif
+    }
+    else {
+      /* Note that on some platforms 'timeout' may be modified by select().
+         If you need access to the original value save a copy beforehand. */
+      rc = select(maxfd+1, &fdread, &fdwrite, &fdexcep, &timeout);
+    }
 
     switch(rc) {
     case -1:

docs/examples/imap-multi.c

@@ -88,6 +88,7 @@ int main(void)
     fd_set fdexcep;
     int maxfd = -1;
     int rc;
+    CURLMcode mc; /* curl_multi_fdset() return code */
 
     long curl_timeo = -1;
 
@@ -109,15 +110,36 @@ int main(void)
         timeout.tv_usec = (curl_timeo % 1000) * 1000;
     }
 
-    /* Get file descriptors from the transfers */
-    curl_multi_fdset(mcurl, &fdread, &fdwrite, &fdexcep, &maxfd);
+    /* get file descriptors from the transfers */
+    mc = curl_multi_fdset(mcurl, &fdread, &fdwrite, &fdexcep, &maxfd);
 
-    /* In a real-world program you OF COURSE check the return code of the
-       function calls.  On success, the value of maxfd is guaranteed to be
-       greater or equal than -1.  We call select(maxfd + 1, ...), specially in
-       case of (maxfd == -1), we call select(0, ...), which is basically equal
-       to sleep. */
-    rc = select(maxfd + 1, &fdread, &fdwrite, &fdexcep, &timeout);
+    if(mc != CURLM_OK)
+    {
+      fprintf(stderr, "curl_multi_fdset() failed, code %d.\n", mc);
+      break;
+    }
+
+    /* On success the value of maxfd is guaranteed to be >= -1. We call
+       select(maxfd + 1, ...); specially in case of (maxfd == -1) there are
+       no fds ready yet so we call select(0, ...) --or Sleep() on Windows--
+       to sleep 100ms, which is the minimum suggested value in the
+       curl_multi_fdset() doc. */
+
+    if(maxfd == -1) {
+#ifdef _WIN32
+      Sleep(100);
+      rc = 0;
+#else
+      /* Portable sleep for platforms other than Windows. */
+      struct timeval wait = { 0, 100 * 1000 }; /* 100ms */
+      rc = select(0, NULL, NULL, NULL, &wait);
+#endif
+    }
+    else {
+      /* Note that on some platforms 'timeout' may be modified by select().
+         If you need access to the original value save a copy beforehand. */
+      rc = select(maxfd+1, &fdread, &fdwrite, &fdexcep, &timeout);
+    }
 
     if(tvdiff(tvnow(), mp_start) > MULTI_PERFORM_HANG_TIMEOUT) {
       fprintf(stderr,

docs/examples/multi-app.c

@@ -73,6 +73,7 @@ int main(void)
   do {
     struct timeval timeout;
     int rc; /* select() return code */
+    CURLMcode mc; /* curl_multi_fdset() return code */
 
     fd_set fdread;
     fd_set fdwrite;
@@ -99,15 +100,35 @@ int main(void)
     }
 
     /* get file descriptors from the transfers */
-    curl_multi_fdset(multi_handle, &fdread, &fdwrite, &fdexcep, &maxfd);
+    mc = curl_multi_fdset(multi_handle, &fdread, &fdwrite, &fdexcep, &maxfd);
 
-    /* In a real-world program you OF COURSE check the return code of the
-       function calls.  On success, the value of maxfd is guaranteed to be
-       greater or equal than -1.  We call select(maxfd + 1, ...), specially in
-       case of (maxfd == -1), we call select(0, ...), which is basically equal
-       to sleep. */
+    if(mc != CURLM_OK)
+    {
+      fprintf(stderr, "curl_multi_fdset() failed, code %d.\n", mc);
+      break;
+    }
 
-    rc = select(maxfd+1, &fdread, &fdwrite, &fdexcep, &timeout);
+    /* On success the value of maxfd is guaranteed to be >= -1. We call
+       select(maxfd + 1, ...); specially in case of (maxfd == -1) there are
+       no fds ready yet so we call select(0, ...) --or Sleep() on Windows--
+       to sleep 100ms, which is the minimum suggested value in the
+       curl_multi_fdset() doc. */
+
+    if(maxfd == -1) {
+#ifdef _WIN32
+      Sleep(100);
+      rc = 0;
+#else
+      /* Portable sleep for platforms other than Windows. */
+      struct timeval wait = { 0, 100 * 1000 }; /* 100ms */
+      rc = select(0, NULL, NULL, NULL, &wait);
+#endif
+    }
+    else {
+      /* Note that on some platforms 'timeout' may be modified by select().
+         If you need access to the original value save a copy beforehand. */
+      rc = select(maxfd+1, &fdread, &fdwrite, &fdexcep, &timeout);
+    }
 
     switch(rc) {
     case -1:

docs/examples/multi-debugcallback.c

@@ -147,6 +147,7 @@ int main(void)
   do {
     struct timeval timeout;
     int rc; /* select() return code */
+    CURLMcode mc; /* curl_multi_fdset() return code */
 
     fd_set fdread;
     fd_set fdwrite;
@@ -173,15 +174,35 @@ int main(void)
     }
 
     /* get file descriptors from the transfers */
-    curl_multi_fdset(multi_handle, &fdread, &fdwrite, &fdexcep, &maxfd);
+    mc = curl_multi_fdset(multi_handle, &fdread, &fdwrite, &fdexcep, &maxfd);
 
-    /* In a real-world program you OF COURSE check the return code of the
-       function calls.  On success, the value of maxfd is guaranteed to be
-       greater or equal than -1.  We call select(maxfd + 1, ...), specially in
-       case of (maxfd == -1), we call select(0, ...), which is basically equal
-       to sleep. */
+    if(mc != CURLM_OK)
+    {
+      fprintf(stderr, "curl_multi_fdset() failed, code %d.\n", mc);
+      break;
+    }
 
-    rc = select(maxfd+1, &fdread, &fdwrite, &fdexcep, &timeout);
+    /* On success the value of maxfd is guaranteed to be >= -1. We call
+       select(maxfd + 1, ...); specially in case of (maxfd == -1) there are
+       no fds ready yet so we call select(0, ...) --or Sleep() on Windows--
+       to sleep 100ms, which is the minimum suggested value in the
+       curl_multi_fdset() doc. */
+
+    if(maxfd == -1) {
+#ifdef _WIN32
+      Sleep(100);
+      rc = 0;
+#else
+      /* Portable sleep for platforms other than Windows. */
+      struct timeval wait = { 0, 100 * 1000 }; /* 100ms */
+      rc = select(0, NULL, NULL, NULL, &wait);
+#endif
+    }
+    else {
+      /* Note that on some platforms 'timeout' may be modified by select().
+         If you need access to the original value save a copy beforehand. */
+      rc = select(maxfd+1, &fdread, &fdwrite, &fdexcep, &timeout);
+    }
 
     switch(rc) {
     case -1:

docs/examples/multi-double.c

@@ -62,6 +62,7 @@ int main(void)
   do {
     struct timeval timeout;
     int rc; /* select() return code */
+    CURLMcode mc; /* curl_multi_fdset() return code */
 
     fd_set fdread;
     fd_set fdwrite;
@@ -88,15 +89,35 @@ int main(void)
     }
 
     /* get file descriptors from the transfers */
-    curl_multi_fdset(multi_handle, &fdread, &fdwrite, &fdexcep, &maxfd);
+    mc = curl_multi_fdset(multi_handle, &fdread, &fdwrite, &fdexcep, &maxfd);
 
-    /* In a real-world program you OF COURSE check the return code of the
-       function calls.  On success, the value of maxfd is guaranteed to be
-       greater or equal than -1.  We call select(maxfd + 1, ...), specially in
-       case of (maxfd == -1), we call select(0, ...), which is basically equal
-       to sleep. */
+    if(mc != CURLM_OK)
+    {
+      fprintf(stderr, "curl_multi_fdset() failed, code %d.\n", mc);
+      break;
+    }
 
-    rc = select(maxfd+1, &fdread, &fdwrite, &fdexcep, &timeout);
+    /* On success the value of maxfd is guaranteed to be >= -1. We call
+       select(maxfd + 1, ...); specially in case of (maxfd == -1) there are
+       no fds ready yet so we call select(0, ...) --or Sleep() on Windows--
+       to sleep 100ms, which is the minimum suggested value in the
+       curl_multi_fdset() doc. */
+
+    if(maxfd == -1) {
+#ifdef _WIN32
+      Sleep(100);
+      rc = 0;
+#else
+      /* Portable sleep for platforms other than Windows. */
+      struct timeval wait = { 0, 100 * 1000 }; /* 100ms */
+      rc = select(0, NULL, NULL, NULL, &wait);
+#endif
+    }
+    else {
+      /* Note that on some platforms 'timeout' may be modified by select().
+         If you need access to the original value save a copy beforehand. */
+      rc = select(maxfd+1, &fdread, &fdwrite, &fdexcep, &timeout);
+    }
 
     switch(rc) {
     case -1:

docs/examples/multi-post.c

@@ -83,6 +83,7 @@ int main(void)
     do {
       struct timeval timeout;
       int rc; /* select() return code */
+      CURLMcode mc; /* curl_multi_fdset() return code */
 
       fd_set fdread;
       fd_set fdwrite;
@@ -109,15 +110,35 @@ int main(void)
       }
 
       /* get file descriptors from the transfers */
-      curl_multi_fdset(multi_handle, &fdread, &fdwrite, &fdexcep, &maxfd);
+      mc = curl_multi_fdset(multi_handle, &fdread, &fdwrite, &fdexcep, &maxfd);
 
-      /* In a real-world program you OF COURSE check the return code of the
-         function calls.  On success, the value of maxfd is guaranteed to be
-         greater or equal than -1.  We call select(maxfd + 1, ...), specially in
-         case of (maxfd == -1), we call select(0, ...), which is basically equal
-         to sleep. */
+      if(mc != CURLM_OK)
+      {
+        fprintf(stderr, "curl_multi_fdset() failed, code %d.\n", mc);
+        break;
+      }
 
-      rc = select(maxfd+1, &fdread, &fdwrite, &fdexcep, &timeout);
+      /* On success the value of maxfd is guaranteed to be >= -1. We call
+         select(maxfd + 1, ...); specially in case of (maxfd == -1) there are
+         no fds ready yet so we call select(0, ...) --or Sleep() on Windows--
+         to sleep 100ms, which is the minimum suggested value in the
+         curl_multi_fdset() doc. */
+
+      if(maxfd == -1) {
+#ifdef _WIN32
+        Sleep(100);
+        rc = 0;
+#else
+        /* Portable sleep for platforms other than Windows. */
+        struct timeval wait = { 0, 100 * 1000 }; /* 100ms */
+        rc = select(0, NULL, NULL, NULL, &wait);
+#endif
+      }
+      else {
+        /* Note that on some platforms 'timeout' may be modified by select().
+           If you need access to the original value save a copy beforehand. */
+        rc = select(maxfd+1, &fdread, &fdwrite, &fdexcep, &timeout);
+      }
 
       switch(rc) {
       case -1:

docs/examples/multi-single.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -31,6 +31,15 @@
 /* curl stuff */
 #include <curl/curl.h>
 
+#ifdef _WIN32
+#define WAITMS(x) Sleep(x)
+#else
+/* Portable sleep for platforms other than Windows. */
+#define WAITMS(x)                               \
+  struct timeval wait = { 0, (x) * 1000 };      \
+  (void)select(0, NULL, NULL, NULL, &wait);
+#endif
+
 /*
  * Simply download a HTTP file.
  */
@@ -40,6 +49,7 @@ int main(void)
   CURLM *multi_handle;
 
   int still_running; /* keep number of running handles */
+  int repeats = 0;
 
   curl_global_init(CURL_GLOBAL_DEFAULT);
 
@@ -58,56 +68,33 @@ int main(void)
   curl_multi_perform(multi_handle, &still_running);
 
   do {
-    struct timeval timeout;
-    int rc; /* select() return code */
+    CURLMcode mc; /* curl_multi_wait() return code */
+    int numfds;
 
-    fd_set fdread;
-    fd_set fdwrite;
-    fd_set fdexcep;
-    int maxfd = -1;
+    /* wait for activity, timeout or "nothing" */
+    mc = curl_multi_wait(multi_handle, NULL, 0, 1000, &numfds);
 
-    long curl_timeo = -1;
-
-    FD_ZERO(&fdread);
-    FD_ZERO(&fdwrite);
-    FD_ZERO(&fdexcep);
-
-    /* set a suitable timeout to play around with */
-    timeout.tv_sec = 1;
-    timeout.tv_usec = 0;
-
-    curl_multi_timeout(multi_handle, &curl_timeo);
-    if(curl_timeo >= 0) {
-      timeout.tv_sec = curl_timeo / 1000;
-      if(timeout.tv_sec > 1)
-        timeout.tv_sec = 1;
-      else
-        timeout.tv_usec = (curl_timeo % 1000) * 1000;
-    }
-
-    /* get file descriptors from the transfers */
-    curl_multi_fdset(multi_handle, &fdread, &fdwrite, &fdexcep, &maxfd);
-
-    /* In a real-world program you OF COURSE check the return code of the
-       function calls.  On success, the value of maxfd is guaranteed to be
-       greater or equal than -1.  We call select(maxfd + 1, ...), specially in
-       case of (maxfd == -1), we call select(0, ...), which is basically equal
-       to sleep. */
-
-    rc = select(maxfd+1, &fdread, &fdwrite, &fdexcep, &timeout);
-
-    switch(rc) {
-    case -1:
-      /* select error */
-      still_running = 0;
-      printf("select() returns error, this is badness\n");
-      break;
-    case 0:
-    default:
-      /* timeout or readable/writable sockets */
-      curl_multi_perform(multi_handle, &still_running);
+    if(mc != CURLM_OK)
+    {
+      fprintf(stderr, "curl_multi_fdset() failed, code %d.\n", mc);
       break;
     }
+
+    /* 'numfds' being zero means either a timeout or no file descriptors to
+       wait for. Try timeout on first occurance, then assume no file
+       descriptors and no file descriptors to wait for means wait for 100
+       milliseconds. */
+
+    if(!numfds) {
+      repeats++; /* count number of repeated zero numfds */
+      if(repeats > 1) {
+        WAITMS(100); /* sleep 100 milliseconds */
+      }
+    }
+    else
+      repeats = 0;
+
+    curl_multi_perform(multi_handle, &still_running);
   } while(still_running);
 
   curl_multi_remove_handle(multi_handle, http_handle);

docs/examples/multi-uv.c

@@ -64,13 +64,13 @@ curl_context_t* create_curl_context(curl_socket_t sockfd)
 
 void curl_close_cb(uv_handle_t *handle)
 {
-  curl_context_t* context = (curl_context_t*) handle->data;
+  curl_context_t *context = (curl_context_t *) handle->data;
   free(context);
 }
 
 void destroy_curl_context(curl_context_t *context)
 {
-  uv_close((uv_handle_t*) &context->poll_handle, curl_close_cb);
+  uv_close((uv_handle_t *) &context->poll_handle, curl_close_cb);
 }
 
 
@@ -83,13 +83,14 @@ void add_download(const char *url, int num)
   sprintf(filename, "%d.download", num);
 
   file = fopen(filename, "w");
-  if (file == NULL) {
+  if(!file) {
     fprintf(stderr, "Error opening %s\n", filename);
     return;
   }
 
   handle = curl_easy_init();
   curl_easy_setopt(handle, CURLOPT_WRITEDATA, file);
+  curl_easy_setopt(handle, CURLOPT_PRIVATE, file);
   curl_easy_setopt(handle, CURLOPT_URL, url);
   curl_multi_add_handle(curl_handle, handle);
   fprintf(stderr, "Added download %s -> %s\n", url, filename);
@@ -101,16 +102,21 @@ static void check_multi_info(void)
   char *done_url;
   CURLMsg *message;
   int pending;
+  FILE *file;
 
-  while ((message = curl_multi_info_read(curl_handle, &pending))) {
-    switch (message->msg) {
+  while((message = curl_multi_info_read(curl_handle, &pending))) {
+    switch(message->msg) {
     case CURLMSG_DONE:
       curl_easy_getinfo(message->easy_handle, CURLINFO_EFFECTIVE_URL,
                         &done_url);
+      curl_easy_getinfo(message->easy_handle, CURLINFO_PRIVATE, &file);
       printf("%s DONE\n", done_url);
 
       curl_multi_remove_handle(curl_handle, message->easy_handle);
       curl_easy_cleanup(message->easy_handle);
+      if(file) {
+        fclose(file);
+      }
       break;
 
     default:
@@ -131,12 +137,12 @@ void curl_perform(uv_poll_t *req, int status, int events)
 
   uv_timer_stop(&timeout);
 
-  if (events & UV_READABLE)
+  if(events & UV_READABLE)
     flags |= CURL_CSELECT_IN;
-  if (events & UV_WRITABLE)
+  if(events & UV_WRITABLE)
     flags |= CURL_CSELECT_OUT;
 
-  context = (curl_context_t*)req;
+  context = (curl_context_t *) req;
 
   curl_multi_socket_action(curl_handle, context->sockfd, flags,
                            &running_handles);
@@ -154,7 +160,7 @@ void on_timeout(uv_timer_t *req, int status)
 
 void start_timeout(CURLM *multi, long timeout_ms, void *userp)
 {
-  if (timeout_ms <= 0)
+  if(timeout_ms <= 0)
     timeout_ms = 1; /* 0 means directly call socket_action, but we'll do it in
                        a bit */
   uv_timer_start(&timeout, on_timeout, timeout_ms, 0);
@@ -164,9 +170,9 @@ int handle_socket(CURL *easy, curl_socket_t s, int action, void *userp,
                   void *socketp)
 {
   curl_context_t *curl_context;
-  if (action == CURL_POLL_IN || action == CURL_POLL_OUT) {
-    if (socketp) {
-      curl_context = (curl_context_t*) socketp;
+  if(action == CURL_POLL_IN || action == CURL_POLL_OUT) {
+    if(socketp) {
+      curl_context = (curl_context_t *) socketp;
     }
     else {
       curl_context = create_curl_context(s);
@@ -174,7 +180,7 @@ int handle_socket(CURL *easy, curl_socket_t s, int action, void *userp,
     curl_multi_assign(curl_handle, s, (void *) curl_context);
   }
 
-  switch (action) {
+  switch(action) {
   case CURL_POLL_IN:
     uv_poll_start(&curl_context->poll_handle, UV_READABLE, curl_perform);
     break;
@@ -182,7 +188,7 @@ int handle_socket(CURL *easy, curl_socket_t s, int action, void *userp,
     uv_poll_start(&curl_context->poll_handle, UV_WRITABLE, curl_perform);
     break;
   case CURL_POLL_REMOVE:
-    if (socketp) {
+    if(socketp) {
       uv_poll_stop(&((curl_context_t*)socketp)->poll_handle);
       destroy_curl_context((curl_context_t*) socketp);
       curl_multi_assign(curl_handle, s, NULL);
@@ -199,10 +205,10 @@ int main(int argc, char **argv)
 {
   loop = uv_default_loop();
 
-  if (argc <= 1)
+  if(argc <= 1)
     return 0;
 
-  if (curl_global_init(CURL_GLOBAL_ALL)) {
+  if(curl_global_init(CURL_GLOBAL_ALL)) {
     fprintf(stderr, "Could not init cURL\n");
     return 1;
   }
@@ -213,11 +219,12 @@ int main(int argc, char **argv)
   curl_multi_setopt(curl_handle, CURLMOPT_SOCKETFUNCTION, handle_socket);
   curl_multi_setopt(curl_handle, CURLMOPT_TIMERFUNCTION, start_timeout);
 
-  while (argc-- > 1) {
+  while(argc-- > 1) {
     add_download(argv[argc], argc);
   }
 
   uv_run(loop, UV_RUN_DEFAULT);
   curl_multi_cleanup(curl_handle);
+
   return 0;
 }

docs/examples/pop3-multi.c

@@ -88,6 +88,7 @@ int main(void)
     fd_set fdexcep;
     int maxfd = -1;
     int rc;
+    CURLMcode mc; /* curl_multi_fdset() return code */
 
     long curl_timeo = -1;
 
@@ -109,15 +110,36 @@ int main(void)
         timeout.tv_usec = (curl_timeo % 1000) * 1000;
     }
 
-    /* Get file descriptors from the transfers */
-    curl_multi_fdset(mcurl, &fdread, &fdwrite, &fdexcep, &maxfd);
+    /* get file descriptors from the transfers */
+    mc = curl_multi_fdset(mcurl, &fdread, &fdwrite, &fdexcep, &maxfd);
 
-    /* In a real-world program you OF COURSE check the return code of the
-       function calls. On success, the value of maxfd is guaranteed to be
-       greater or equal than -1. We call select(maxfd + 1, ...), specially in
-       case of (maxfd == -1), we call select(0, ...), which is basically equal
-       to sleep. */
-    rc = select(maxfd + 1, &fdread, &fdwrite, &fdexcep, &timeout);
+    if(mc != CURLM_OK)
+    {
+      fprintf(stderr, "curl_multi_fdset() failed, code %d.\n", mc);
+      break;
+    }
+
+    /* On success the value of maxfd is guaranteed to be >= -1. We call
+       select(maxfd + 1, ...); specially in case of (maxfd == -1) there are
+       no fds ready yet so we call select(0, ...) --or Sleep() on Windows--
+       to sleep 100ms, which is the minimum suggested value in the
+       curl_multi_fdset() doc. */
+
+    if(maxfd == -1) {
+#ifdef _WIN32
+      Sleep(100);
+      rc = 0;
+#else
+      /* Portable sleep for platforms other than Windows. */
+      struct timeval wait = { 0, 100 * 1000 }; /* 100ms */
+      rc = select(0, NULL, NULL, NULL, &wait);
+#endif
+    }
+    else {
+      /* Note that on some platforms 'timeout' may be modified by select().
+         If you need access to the original value save a copy beforehand. */
+      rc = select(maxfd+1, &fdread, &fdwrite, &fdexcep, &timeout);
+    }
 
     if(tvdiff(tvnow(), mp_start) > MULTI_PERFORM_HANG_TIMEOUT) {
       fprintf(stderr,

docs/examples/sepheaders.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -53,23 +53,26 @@ int main(void)
   /* send all data to this function  */
   curl_easy_setopt(curl_handle, CURLOPT_WRITEFUNCTION, write_data);
 
-  /* open the files */
-  headerfile = fopen(headerfilename,"wb");
-  if (headerfile == NULL) {
+  /* open the header file */
+  headerfile = fopen(headerfilename, "wb");
+  if(!headerfile) {
     curl_easy_cleanup(curl_handle);
     return -1;
   }
-  bodyfile = fopen(bodyfilename,"wb");
-  if (bodyfile == NULL) {
+
+  /* open the body file */
+  bodyfile = fopen(bodyfilename, "wb");
+  if(!bodyfile) {
     curl_easy_cleanup(curl_handle);
+    fclose(headerfile);
     return -1;
   }
 
   /* we want the headers be written to this file handle */
-  curl_easy_setopt(curl_handle,   CURLOPT_HEADERDATA, headerfile);
+  curl_easy_setopt(curl_handle, CURLOPT_HEADERDATA, headerfile);
 
   /* we want the body be written to this file handle instead of stdout */
-  curl_easy_setopt(curl_handle,   CURLOPT_WRITEDATA, bodyfile);
+  curl_easy_setopt(curl_handle, CURLOPT_WRITEDATA, bodyfile);
 
   /* get it! */
   curl_easy_perform(curl_handle);

docs/examples/smtp-multi.c

@@ -155,6 +155,7 @@ int main(void)
     fd_set fdexcep;
     int maxfd = -1;
     int rc;
+    CURLMcode mc; /* curl_multi_fdset() return code */
 
     long curl_timeo = -1;
 
@@ -176,15 +177,36 @@ int main(void)
         timeout.tv_usec = (curl_timeo % 1000) * 1000;
     }
 
-    /* Get file descriptors from the transfers */
-    curl_multi_fdset(mcurl, &fdread, &fdwrite, &fdexcep, &maxfd);
+    /* get file descriptors from the transfers */
+    mc = curl_multi_fdset(mcurl, &fdread, &fdwrite, &fdexcep, &maxfd);
 
-    /* In a real-world program you OF COURSE check the return code of the
-       function calls.  On success, the value of maxfd is guaranteed to be
-       greater or equal than -1.  We call select(maxfd + 1, ...), specially in
-       case of (maxfd == -1), we call select(0, ...), which is basically equal
-       to sleep. */
-    rc = select(maxfd+1, &fdread, &fdwrite, &fdexcep, &timeout);
+    if(mc != CURLM_OK)
+    {
+      fprintf(stderr, "curl_multi_fdset() failed, code %d.\n", mc);
+      break;
+    }
+
+    /* On success the value of maxfd is guaranteed to be >= -1. We call
+       select(maxfd + 1, ...); specially in case of (maxfd == -1) there are
+       no fds ready yet so we call select(0, ...) --or Sleep() on Windows--
+       to sleep 100ms, which is the minimum suggested value in the
+       curl_multi_fdset() doc. */
+
+    if(maxfd == -1) {
+#ifdef _WIN32
+      Sleep(100);
+      rc = 0;
+#else
+      /* Portable sleep for platforms other than Windows. */
+      struct timeval wait = { 0, 100 * 1000 }; /* 100ms */
+      rc = select(0, NULL, NULL, NULL, &wait);
+#endif
+    }
+    else {
+      /* Note that on some platforms 'timeout' may be modified by select().
+         If you need access to the original value save a copy beforehand. */
+      rc = select(maxfd+1, &fdread, &fdwrite, &fdexcep, &timeout);
+    }
 
     if(tvdiff(tvnow(), mp_start) > MULTI_PERFORM_HANG_TIMEOUT) {
       fprintf(stderr,

docs/examples/synctime.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -92,6 +92,8 @@
 #define MAX_STRING              256
 #define MAX_STRING1             MAX_STRING+1
 
+#define SYNCTIME_UA "synctime/1.0"
+
 typedef struct
 {
   char http_proxy[MAX_STRING1];
@@ -99,12 +101,11 @@ typedef struct
   char timeserver[MAX_STRING1];
 } conf_t;
 
-const char DefaultTimeServer[4][MAX_STRING1] =
+const char DefaultTimeServer[3][MAX_STRING1] =
 {
-  "http://nist.time.gov/timezone.cgi?UTC/s/0",
-  "http://www.google.com/",
-  "http://www.worldtimeserver.com/current_time_in_UTC.aspx",
-  "http://www.worldtime.com/cgi-bin/wt.cgi"
+  "http://pool.ntp.org/",
+  "http://nist.time.gov/",
+  "http://www.google.com/"
 };
 
 const char *DayStr[] = {"Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"};
@@ -186,9 +187,9 @@ void SyncTime_CURL_Init(CURL *curl, char *proxy_port,
   if (strlen(proxy_user_password) > 0)
     curl_easy_setopt(curl, CURLOPT_PROXYUSERPWD, proxy_user_password);
 
-  /* Trick Webserver by claiming that you are using Microsoft WinXP SP2, IE6 */
-  curl_easy_setopt(curl, CURLOPT_USERAGENT,
-                   "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)");
+#ifdef SYNCTIME_UA
+  curl_easy_setopt(curl, CURLOPT_USERAGENT, SYNCTIME_UA);
+#endif
   curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, *SyncTime_CURL_WriteOutput);
   curl_easy_setopt(curl, CURLOPT_HEADERFUNCTION, *SyncTime_CURL_WriteHeader);
 }

docs/libcurl/curl_easy_cleanup.3

@@ -52,6 +52,16 @@ safely remove all the strings you've previously told libcurl to use, as it
 won't use them anymore now.
 .SH RETURN VALUE
 None
+.SH EXAMPLE
+.nf
+CURL *curl = curl_easy_init();
+if(curl) {
+  CURLcode res;
+  curl_easy_setopt(curl, CURLOPT_URL, "http://example.com");
+  res = curl_easy_perform(curl);
+  curl_easy_cleanup(curl);
+}
+.fi
 .SH "SEE ALSO"
 .BR curl_easy_init "(3), "
 

docs/libcurl/curl_easy_escape.3

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -26,13 +26,13 @@ curl_easy_escape - URL encodes the given string
 .SH SYNOPSIS
 .B #include <curl/curl.h>
 .sp
-.BI "char *curl_easy_escape( CURL *" curl ", char *" url ", int "length " );"
+.BI "char *curl_easy_escape( CURL *" curl ", char *" string ", int "length " );"
 .ad
 .SH DESCRIPTION
-This function converts the given input string to an URL encoded string and
-returns that as a new allocated string. All input characters that are not a-z,
-A-Z, 0-9, '-', '.', '_' or '~' are converted to their "URL escaped" version
-(%NN where NN is a two-digit hexadecimal number).
+This function converts the given input \fBstring\fP to an URL encoded string
+and returns that as a new allocated string. All input characters that are not
+a-z, A-Z, 0-9, '-', '.', '_' or '~' are converted to their "URL escaped"
+version (%NN where NN is a two-digit hexadecimal number).
 
 If the \fBlength\fP argument is set to 0 (zero), \fIcurl_easy_escape(3)\fP
 uses strlen() on the input \fBurl\fP to find out the size.
@@ -42,5 +42,16 @@ You must \fIcurl_free(3)\fP the returned string when you're done with it.
 Added in 7.15.4 and replaces the old \fIcurl_escape(3)\fP function.
 .SH RETURN VALUE
 A pointer to a zero terminated string or NULL if it failed.
+.SH EXAMPLE
+.nf
+CURL *curl = curl_easy_init();
+if(curl) {
+  char *output = curl_easy_escape(curl, "data to convert", 15);
+  if(output) {
+    printf("Encoded: %s\n", output);
+    curl_free(output);
+  }
+}}
+.fi
 .SH "SEE ALSO"
-.BR curl_easy_unescape "(3), " curl_free "(3), " RFC 2396
+.BR curl_easy_unescape "(3), " curl_free "(3), " RFC 3986

docs/libcurl/curl_easy_init.3

@@ -44,5 +44,16 @@ this function.
 .SH RETURN VALUE
 If this function returns NULL, something went wrong and you cannot use the
 other curl functions.
+.SH EXAMPLE
+.nf
+CURL *curl = curl_easy_init();
+if(curl) {
+  CURLcode res;
+  curl_easy_setopt(curl, CURLOPT_URL, "http://example.com");
+  res = curl_easy_perform(curl);
+  curl_easy_cleanup(curl);
+}
+.fi
 .SH "SEE ALSO"
-.BR curl_easy_cleanup "(3), " curl_global_init "(3), " curl_easy_reset "(3)"
+.BR curl_easy_cleanup "(3), " curl_global_init "(3), " curl_easy_reset "(3), "
+.BR curl_easy_perform "(3) "

docs/libcurl/curl_easy_perform.3

@@ -21,7 +21,7 @@
 .\" **************************************************************************
 .TH curl_easy_perform 3 "5 Mar 2001" "libcurl 7.7" "libcurl Manual"
 .SH NAME
-curl_easy_perform - Perform a file transfer
+curl_easy_perform - perform a blocking file transfer
 .SH SYNOPSIS
 .B #include <curl/curl.h>
 .sp
@@ -58,6 +58,16 @@ CURLE_OK (0) means everything was ok, non-zero means an error occurred as
 defines - see \fIlibcurl-errors(3)\fP. If the \fBCURLOPT_ERRORBUFFER(3)\fP was
 set with \fIcurl_easy_setopt(3)\fP there will be a readable error message in
 the error buffer when non-zero is returned.
+.SH EXAMPLE
+.nf
+CURL *curl = curl_easy_init();
+if(curl) {
+  CURLcode res;
+  curl_easy_setopt(curl, CURLOPT_URL, "http://example.com");
+  res = curl_easy_perform(curl);
+  curl_easy_cleanup(curl);
+}}
+.fi
 .SH "SEE ALSO"
 .BR curl_easy_init "(3), " curl_easy_setopt "(3), "
 .BR curl_multi_add_handle "(3), " curl_multi_perform "(3), "

docs/libcurl/curl_easy_setopt.3

@@ -187,6 +187,8 @@ Enable TCP keep-alive. See \fICURLOPT_TCP_KEEPALIVE(3)\fP
 Idle time before sending keep-alive. See \fICURLOPT_TCP_KEEPIDLE(3)\fP
 .IP CURLOPT_TCP_KEEPINTVL
 Interval between keep-alive probes. See \fICURLOPT_TCP_KEEPINTVL(3)\fP
+.IP CURLOPT_UNIX_SOCKET_PATH
+Path to a Unix domain socket. See \fICURLOPT_UNIX_SOCKET_PATH(3)\fP
 .SH NAMES and PASSWORDS OPTIONS (Authentication)
 .IP CURLOPT_NETRC
 Enable .netrc parsing. See \fICURLOPT_NETRC(3)\fP
@@ -446,6 +448,8 @@ Certificate Revocation List. See \fICURLOPT_CRLFILE(3)\fP
 Verify the host name in the SSL certificate. See \fICURLOPT_SSL_VERIFYHOST(3)\fP
 .IP CURLOPT_CERTINFO
 Extract certificate info. See \fICURLOPT_CERTINFO(3)\fP
+.IP CURLOPT_PINNEDPUBLICKEY
+Set pinned SSL public key . See \fICURLOPT_PINNEDPUBLICKEY(3)\fP
 .IP CURLOPT_RANDOM_FILE
 Provide source for entropy random data. See \fICURLOPT_RANDOM_FILE(3)\fP
 .IP CURLOPT_EGDSOCKET
@@ -497,6 +501,16 @@ the library is too old to support it or the option was removed in a recent
 version, this function will return \fICURLE_UNKNOWN_OPTION\fP. If support for
 the option was disabled at compile-time, it will return
 \fICURLE_NOT_BUILT_IN\fP.
+.SH EXAMPLE
+.nf
+CURL *curl = curl_easy_init();
+if(curl) {
+  CURLcode res;
+  curl_easy_setopt(curl, CURLOPT_URL, "http://example.com");
+  res = curl_easy_perform(curl);
+  curl_easy_cleanup(curl);
+}}
+.fi
 .SH "SEE ALSO"
 .BR curl_easy_init "(3), " curl_easy_cleanup "(3), " curl_easy_reset "(3), "
 .BR curl_multi_setopt "(3), "

docs/libcurl/curl_multi_fdset.3

@@ -62,10 +62,10 @@ proceed and call \fIcurl_multi_perform(3)\fP anyway. How long to wait? We
 suggest 100 milliseconds at least, but you may want to test it out in your own
 particular conditions to find a suitable value.
 
-When doing select(), you should use \fBcurl_multi_timeout\fP to figure out how
-long to wait for action. Call \fIcurl_multi_perform(3)\fP even if no activity
-has been seen on the fd_sets after the timeout expires as otherwise internal
-retries and timeouts may not work as you'd think and want.
+When doing select(), you should use \fIcurl_multi_timeout(3)\fP to figure out
+how long to wait for action. Call \fIcurl_multi_perform(3)\fP even if no
+activity has been seen on the fd_sets after the timeout expires as otherwise
+internal retries and timeouts may not work as you'd think and want.
 
 If one of the sockets used by libcurl happens to be larger than what can be
 set in an fd_set, which on POSIX systems means that the file descriptor is
@@ -79,4 +79,5 @@ CURLMcode type, general libcurl multi interface error code. See
 \fIlibcurl-errors(3)\fP
 .SH "SEE ALSO"
 .BR curl_multi_cleanup "(3), " curl_multi_init "(3), "
+.BR curl_multi_wait "(3), "
 .BR curl_multi_timeout "(3), " curl_multi_perform "(3), " select "(2) "

docs/libcurl/curl_multi_perform.3

@@ -74,5 +74,6 @@ period, then it'll wait for action on the file descriptors using
 \fIcurl_multi_perform(3)\fP gets called.
 .SH "SEE ALSO"
 .BR curl_multi_cleanup "(3), " curl_multi_init "(3), "
+.BR curl_multi_wait "(3), "
 .BR curl_multi_fdset "(3), " curl_multi_info_read "(3), "
 .BR libcurl-errors "(3)"

docs/libcurl/curl_multi_wait.3

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -33,9 +33,9 @@ CURLMcode curl_multi_wait(CURLM *multi_handle,
                           int *numfds);
 .ad
 .SH DESCRIPTION
-This function polls on all file descriptors used by the curl easy handles
-contained in the given multi handle set.  It will block until activity is
-detected on at least one of the handles or \fItimeout_ms\fP has passed.
+\fIcurl_multi_wait(3)\fP polls all file descriptors used by the curl easy
+handles contained in the given multi handle set.  It will block until activity
+is detected on at least one of the handles or \fItimeout_ms\fP has passed.
 Alternatively, if the multi handle has a pending internal timeout that has a
 shorter expiry time than \fItimeout_ms\fP, that shorter time will be used
 instead to make sure timeout accuracy is reasonably kept.
@@ -43,7 +43,7 @@ instead to make sure timeout accuracy is reasonably kept.
 The calling application may pass additional curl_waitfd structures which are
 similar to \fIpoll(2)\fP's pollfd structure to be waited on in the same call.
 
-On completion, if \fInumfds\fP is supplied, it will be populated with the
+On completion, if \fInumfds\fP is non-NULL, it will be populated with the
 total number of file descriptors on which interesting events occured. This
 number can include both libcurl internal descriptors as well as descriptors
 provided in \fIextra_fds\fP.

docs/libcurl/curl_version_info.3

@@ -20,7 +20,7 @@
 .\" *
 .\" **************************************************************************
 .\"
-.TH curl_version_info 3 "2 Aug 2014" "libcurl 7.38.0" "libcurl Manual"
+.TH curl_version_info 3 "2 Nov 2014" "libcurl 7.40.0" "libcurl Manual"
 .SH NAME
 curl_version_info - returns run-time libcurl version info
 .SH SYNOPSIS
@@ -96,7 +96,10 @@ bits are:
 .IP CURL_VERSION_IPV6
 supports IPv6
 .IP CURL_VERSION_KERBEROS4
-supports kerberos4 (when using FTP)
+supports Kerberos V4 (when using FTP)
+.IP CURL_VERSION_KERBEROS5
+supports Kerberos V5 authentication for FTP, IMAP, POP3, SMTP and SOCKSv5 proxy
+(Added in 7.40.0)
 .IP CURL_VERSION_SSL
 supports SSL (HTTPS/FTPS) (Added in 7.10)
 .IP CURL_VERSION_LIBZ
@@ -125,7 +128,7 @@ letters. (Added in 7.12.0)
 .IP CURL_VERSION_SSPI
 libcurl was built with support for SSPI. This is only available on Windows and
 makes libcurl use Windows-provided functions for Kerberos, NTLM, SPNEGO and
-SASL DIGEST-MD5 authentication. It also allows libcurl to use the current user
+Digest authentication. It also allows libcurl to use the current user
 credentials without the app having to pass them on. (Added in 7.13.2)
 .IP CURL_VERSION_GSSAPI
 libcurl was built with support for GSS-API. This makes libcurl use provided
@@ -143,6 +146,9 @@ libcurl was built with support for NTLM delegation to a winbind helper.
 .IP CURL_VERSION_HTTP2
 libcurl was built with support for HTTP2.
 (Added in 7.33.0)
+.IP CURL_VERSION_UNIX_SOCKETS
+libcurl was built with support for Unix domain sockets.
+(Added in 7.40.0)
 .RE
 \fIssl_version\fP is an ASCII string for the OpenSSL version used. If libcurl
 has no SSL support, this is NULL.

docs/libcurl/libcurl-tutorial.3

@@ -40,7 +40,7 @@ refer to their respective man pages.
 
 .SH "Building"
 There are many different ways to build C programs. This chapter will assume a
-UNIX-style build process. If you use a different build system, you can still
+Unix style build process. If you use a different build system, you can still
 read this to get general information that may apply to your environment as
 well.
 .IP "Compiling the Program"
@@ -412,7 +412,7 @@ similar to the \fICURLOPT_USERPWD(3)\fP option like this:
 
  curl_easy_setopt(easyhandle, CURLOPT_PROXYUSERPWD, "myname:thesecret");
 
-There's a long time UNIX "standard" way of storing ftp user names and
+There's a long time Unix "standard" way of storing FTP user names and
 passwords, namely in the $HOME/.netrc file. The file should be made private
 so that only the user may read it (see also the "Security Considerations"
 chapter), as it might contain the password in plain text. libcurl has the
@@ -1129,9 +1129,9 @@ analyzer tool and eavesdrop on your passwords. Don't let the fact that HTTP
 Basic uses base64 encoded passwords fool you. They may not look readable at a
 first glance, but they very easily "deciphered" by anyone within seconds.
 
-To avoid this problem, use HTTP authentication methods or other protocols that
-don't let snoopers see your password: HTTP with Digest, NTLM or GSS
-authentication, HTTPS, FTPS, SCP, SFTP and FTP-Kerberos are a few examples.
+To avoid this problem, use an authentication mechanism or other protocol that
+doesn't let snoopers see your password: Digest, CRAM-MD5, Kerberos, SPNEGO or
+NTLM authentication, HTTPS, FTPS, SCP and SFTP are a few examples.
 
 .IP "Redirects"
 The \fICURLOPT_FOLLOWLOCATION(3)\fP option automatically follows HTTP
@@ -1402,7 +1402,7 @@ This happens on Windows machines when libcurl is built and used as a
 DLL. However, you can still do this on Windows if you link with a static
 library.
 .IP "[3]"
-The curl-config tool is generated at build-time (on UNIX-like systems) and
+The curl-config tool is generated at build-time (on Unix-like systems) and
 should be installed with the 'make install' or similar instruction that
 installs the library, header files, man pages etc.
 .IP "[4]"

docs/libcurl/libcurl.3

@@ -148,18 +148,16 @@ the library code.  For example, when libcurl is built for SSL
 capability via the GNU TLS library, there is an elaborate tree inside
 that library that describes the SSL protocol.
 
-\fIcurl_global_init()\fP is the function that you must call.  This may
-allocate resources (e.g. the memory for the GNU TLS tree mentioned
-above), so the companion function \fIcurl_global_cleanup()\fP releases
-them.
+\fIcurl_global_init(3)\fP is the function that you must call.  This may
+allocate resources (e.g. the memory for the GNU TLS tree mentioned above), so
+the companion function \fIcurl_global_cleanup(3)\fP releases them.
 
-The basic rule for constructing a program that uses libcurl is this:
-Call \fIcurl_global_init()\fP, with a \fICURL_GLOBAL_ALL\fP argument,
-immediately after the program starts, while it is still only one
-thread and before it uses libcurl at all.  Call
-\fIcurl_global_cleanup()\fP immediately before the program exits, when
-the program is again only one thread and after its last use of
-libcurl.
+The basic rule for constructing a program that uses libcurl is this: Call
+\fIcurl_global_init(3)\fP, with a \fICURL_GLOBAL_ALL\fP argument, immediately
+after the program starts, while it is still only one thread and before it uses
+libcurl at all.  Call \fIcurl_global_cleanup(3)\fP immediately before the
+program exits, when the program is again only one thread and after its last
+use of libcurl.
 
 You can call both of these multiple times, as long as all calls meet
 these requirements and the number of calls to each is the same.
@@ -184,48 +182,42 @@ your code doesn't know about other parts of the program -- it doesn't
 know whether they use libcurl or not.  And its code doesn't necessarily
 run at the start and end of the whole program.
 
-A module like this must have global constant functions of its own,
-just like \fIcurl_global_init()\fP and \fIcurl_global_cleanup()\fP.
-The module thus has control at the beginning and end of the program
-and has a place to call the libcurl functions.  Note that if multiple
-modules in the program use libcurl, they all will separately call the
-libcurl functions, and that's OK because only the first
-\fIcurl_global_init()\fP and the last \fIcurl_global_cleanup()\fP in a
-program change anything.  (libcurl uses a reference count in static
-memory).
+A module like this must have global constant functions of its own, just like
+\fIcurl_global_init(3)\fP and \fIcurl_global_cleanup(3)\fP.  The module thus
+has control at the beginning and end of the program and has a place to call
+the libcurl functions.  Note that if multiple modules in the program use
+libcurl, they all will separately call the libcurl functions, and that's OK
+because only the first \fIcurl_global_init(3)\fP and the last
+\fIcurl_global_cleanup(3)\fP in a program change anything.  (libcurl uses a
+reference count in static memory).
 
-In a C++ module, it is common to deal with the global constant
-situation by defining a special class that represents the global
-constant environment of the module.  A program always has exactly one
-object of the class, in static storage.  That way, the program
-automatically calls the constructor of the object as the program
-starts up and the destructor as it terminates.  As the author of this
-libcurl-using module, you can make the constructor call
-\fIcurl_global_init()\fP and the destructor call
-\fIcurl_global_cleanup()\fP and satisfy libcurl's requirements without
-your user having to think about it.
+In a C++ module, it is common to deal with the global constant situation by
+defining a special class that represents the global constant environment of
+the module.  A program always has exactly one object of the class, in static
+storage.  That way, the program automatically calls the constructor of the
+object as the program starts up and the destructor as it terminates.  As the
+author of this libcurl-using module, you can make the constructor call
+\fIcurl_global_init(3)\fP and the destructor call \fIcurl_global_cleanup(3)\fP
+and satisfy libcurl's requirements without your user having to think about it.
 
-\fIcurl_global_init()\fP has an argument that tells what particular
-parts of the global constant environment to set up.  In order to
-successfully use any value except \fICURL_GLOBAL_ALL\fP (which says to
-set up the whole thing), you must have specific knowledge of internal
-workings of libcurl and all other parts of the program of which it is
-part.
+\fIcurl_global_init(3)\fP has an argument that tells what particular parts of
+the global constant environment to set up.  In order to successfully use any
+value except \fICURL_GLOBAL_ALL\fP (which says to set up the whole thing), you
+must have specific knowledge of internal workings of libcurl and all other
+parts of the program of which it is part.
 
-A special part of the global constant environment is the identity of
-the memory allocator.  \fIcurl_global_init()\fP selects the system
-default memory allocator, but you can use \fIcurl_global_init_mem()\fP
-to supply one of your own.  However, there is no way to use
-\fIcurl_global_init_mem()\fP in a modular program -- all modules in
-the program that might use libcurl would have to agree on one
-allocator.
+A special part of the global constant environment is the identity of the
+memory allocator.  \fIcurl_global_init(3)\fP selects the system default memory
+allocator, but you can use \fIcurl_global_init_mem(3)\fP to supply one of your
+own.  However, there is no way to use \fIcurl_global_init_mem(3)\fP in a
+modular program -- all modules in the program that might use libcurl would
+have to agree on one allocator.
 
-There is a failsafe in libcurl that makes it usable in simple
-situations without you having to worry about the global constant
-environment at all: \fIcurl_easy_init()\fP sets up the environment
-itself if it hasn't been done yet.  The resources it acquires to do so
-get released by the operating system automatically when the program
-exits.
+There is a failsafe in libcurl that makes it usable in simple situations
+without you having to worry about the global constant environment at all:
+\fIcurl_easy_init(3)\fP sets up the environment itself if it hasn't been done
+yet.  The resources it acquires to do so get released by the operating system
+automatically when the program exits.
 
 This failsafe feature exists mainly for backward compatibility because
 there was a time when the global functions didn't exist.  Because it

docs/libcurl/opts/CURLOPT_CRLF.3

@@ -40,7 +40,7 @@ All
 .SH EXAMPLE
 TODO
 .SH AVAILABILITY
-Always
+SMTP since 7.40.0, other protocols since they were introduced
 .SH RETURN VALUE
 Returns CURLE_OK
 .SH "SEE ALSO"

docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3

@@ -29,7 +29,7 @@ CURLOPT_PINNEDPUBLICKEY \- set pinned public key
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PINNEDPUBLICKEY, char *pinnedpubkey);
 .SH DESCRIPTION
 Pass a pointer to a zero terminated string as parameter. The string should be
-the file name of your pinned public key. The format expected is "DER".
+the file name of your pinned public key. The format expected is "PEM" or "DER".
 
 When negotiating a TLS or SSL connection, the server sends a certificate
 indicating its identity. A public key is extracted from this certificate and

docs/libcurl/opts/CURLOPT_POSTFIELDS.3

@@ -35,6 +35,8 @@ way. For example, the web server may assume that this data is url-encoded.
 
 The data pointed to is NOT copied by the library: as a consequence, it must be
 preserved by the calling application until the associated transfer finishes.
+This behaviour can be changed (so libcurl does copy the data) by setting the
+\fICURLOPT_COPYPOSTFIELDS(3)\fP option.
 
 This POST is a normal application/x-www-form-urlencoded kind (and libcurl will
 set that Content-Type by default when this option is used), which is commonly

docs/libcurl/opts/CURLOPT_PROTOCOLS.3

@@ -59,6 +59,7 @@ CURLPROTO_RTMPTS
 CURLPROTO_RTSP
 CURLPROTO_SCP
 CURLPROTO_SFTP
+CURLPROTO_SMB
 CURLPROTO_SMTP
 CURLPROTO_SMTPS
 CURLPROTO_TELNET

docs/libcurl/opts/CURLOPT_REDIR_PROTOCOLS.3

@@ -59,13 +59,14 @@ CURLPROTO_RTMPTS
 CURLPROTO_RTSP
 CURLPROTO_SCP
 CURLPROTO_SFTP
+CURLPROTO_SMB
 CURLPROTO_SMTP
 CURLPROTO_SMTPS
 CURLPROTO_TELNET
 CURLPROTO_TFTP
 .fi
 .SH DEFAULT
-All protocols except for FILE and SCP
+All protocols except for FILE, SCP and SMB.
 .SH PROTOCOLS
 All
 .SH EXAMPLE

docs/libcurl/opts/CURLOPT_TIMEOUT.3

@@ -37,6 +37,9 @@ libcurl to use the SIGALRM signal to timeout system calls.
 In unix-like systems, this might cause signals to be used unless
 \fICURLOPT_NOSIGNAL(3)\fP is set.
 
+If both \fICURLOPT_TIMEOUT(3)\fP and \fICURLOPT_TIMEOUT_MS(3)\fP are set, the
+value set last will be used.
+
 Since this puts a hard limit for how long time a request is allowed to take,
 it has limited use in dynamic use cases with varying transfer times. You are
 then advised to explore \fICURLOPT_LOW_SPEED_LIMIT(3)\fP,

docs/libcurl/opts/CURLOPT_UNIX_SOCKET_PATH.3

@@ -0,0 +1,78 @@
+.\" **************************************************************************
+.\" *                                  _   _ ____  _
+.\" *  Project                     ___| | | |  _ \| |
+.\" *                             / __| | | | |_) | |
+.\" *                            | (__| |_| |  _ <| |___
+.\" *                             \___|\___/|_| \_\_____|
+.\" *
+.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" *
+.\" * This software is licensed as described in the file COPYING, which
+.\" * you should have received as part of this distribution. The terms
+.\" * are also available at http://curl.haxx.se/docs/copyright.html.
+.\" *
+.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+.\" * copies of the Software, and permit persons to whom the Software is
+.\" * furnished to do so, under the terms of the COPYING file.
+.\" *
+.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+.\" * KIND, either express or implied.
+.\" *
+.\" **************************************************************************
+.\"
+.TH CURLOPT_UNIX_SOCKET_PATH 3 "09 Oct 2014" "libcurl 7.40.0" "curl_easy_setopt options"
+.SH NAME
+CURLOPT_UNIX_SOCKET_PATH \- set Unix domain socket
+.SH SYNOPSIS
+#include <curl/curl.h>
+
+CURLcode curl_easy_setopt(CURL *handle, CURLOPT_UNIX_SOCKET_PATH, char *path);
+.SH DESCRIPTION
+Enables the use of Unix domain sockets as connection endpoint and sets the path
+to \fIpath\fP. If \fIpath\fP is NULL, then Unix domain sockets are disabled. An
+empty string will result in an error at some point, it will not disable use of
+Unix domain sockets.
+
+When enabled, cURL will connect to the Unix domain socket instead of
+establishing a TCP connection to a host. Since no TCP connection is created,
+cURL does not need to resolve the DNS hostname in the URL.
+
+The maximum path length on Cygwin, Linux and Solaris is 107. On other platforms
+it might be even less.
+
+Proxy and TCP options such as
+.BR CURLOPT_TCP_NODELAY "(3)
+are not supported. Proxy options such as
+.BR CURLOPT_PROXY "(3)
+have no effect either as these are TCP-oriented, and asking a proxy server to
+connect to a certain Unix domain socket is not possible.
+.SH DEFAULT
+Default is NULL, meaning that no Unix domain sockets are used.
+.SH PROTOCOLS
+All protocols except for file:// and FTP are supported in theory. HTTP, IMAP,
+POP3 and SMTP should in particular work (including their SSL/TLS variants).
+.SH EXAMPLE
+Given that you have an nginx server running, listening on /tmp/nginx.sock, you
+can request a HTTP resource with:
+
+.nf
+    curl_easy_setopt(curl_handle, CURLOPT_UNIX_SOCKET_PATH, "/tmp/nginx.sock");
+    curl_easy_setopt(curl_handle, CURLOPT_URL, "http://localhost/");
+.fi
+
+If you are on Linux and somehow have a need for paths larger than 107 bytes, you
+could use the proc filesystem to bypass the limitation:
+
+.nf
+    int dirfd = open(long_directory_path_to_socket, O_DIRECTORY | O_RDONLY);
+    char path[108];
+    snprintf(path, sizeof(path), "/proc/self/fd/%d/nginx.sock", dirfd);
+    curl_easy_setopt(curl_handle, CURLOPT_UNIX_SOCKET_PATH, path);
+    /* Be sure to keep dirfd valid until you discard the handle */
+.fi
+.SH AVAILABILITY
+Since 7.40.0.
+.SH RETURN VALUE
+Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.
+.SH "SEE ALSO"
+.BR CURLOPT_OPENSOCKETFUNCTION "(3), " unix "(7), "

docs/libcurl/opts/CURLOPT_URL.3

@@ -80,6 +80,8 @@ http://user:password@www.example.com
 
 ftp://user:password@ftp.example.com
 
+smb://domain%2fuser:password@server.example.com
+
 imap://user:password;options@mail.example.com
 
 pop3://user:password;options@mail.example.com
@@ -236,6 +238,20 @@ user's home directory
 sftp://ssh.example.com/~/Documents/ - This requests a directory listing
 of the Documents directory under the user's home directory
 
+.IP SMB
+The path part of a SMB request specifies the file to retrieve and from what
+share and directory or the share to upload to and as such, may not be omitted.
+If the user name is not embedded in the URL, it can be set with the
+\fICURLOPT_USERPWD(3)\fP or \fICURLOPT_USERNAME(3)\fP option. If the user name
+is embedded in the URL then it must contain the domain name and as such, the
+backslash must be URL encoded as %2f.
+
+smb://server.example.com/files/issue - This specifies the file "issue" located
+in the root of the "files" share
+
+smb://server.example.com/files/ -T issue - This specifies the file "issue" will
+be uploaded to the root of the "files" share.
+
 .IP LDAP
 The path part of a LDAP request can be used to specify the: Distinguished
 Name, Attributes, Scope, Filter and Extension for a LDAP search. Each field

docs/libcurl/opts/Makefile.am

@@ -110,7 +110,7 @@ man_MANS = CURLOPT_ACCEPT_ENCODING.3 CURLOPT_ACCEPTTIMEOUT_MS.3		\
  CURLMOPT_MAX_TOTAL_CONNECTIONS.3 CURLMOPT_PIPELINING.3			\
  CURLMOPT_PIPELINING_SERVER_BL.3 CURLMOPT_PIPELINING_SITE_BL.3		\
  CURLMOPT_SOCKETDATA.3 CURLMOPT_SOCKETFUNCTION.3 CURLMOPT_TIMERDATA.3	\
- CURLMOPT_TIMERFUNCTION.3
+ CURLMOPT_TIMERFUNCTION.3 CURLOPT_UNIX_SOCKET_PATH.3
 
 
 HTMLPAGES = CURLOPT_ACCEPT_ENCODING.html CURLOPT_ACCEPTTIMEOUT_MS.html	\
@@ -216,7 +216,8 @@ HTMLPAGES = CURLOPT_ACCEPT_ENCODING.html CURLOPT_ACCEPTTIMEOUT_MS.html	\
  CURLMOPT_MAX_TOTAL_CONNECTIONS.html CURLMOPT_PIPELINING.html		\
  CURLMOPT_PIPELINING_SERVER_BL.html CURLMOPT_PIPELINING_SITE_BL.html	\
  CURLMOPT_SOCKETDATA.html CURLMOPT_SOCKETFUNCTION.html			\
- CURLMOPT_TIMERDATA.html CURLMOPT_TIMERFUNCTION.html
+ CURLMOPT_TIMERDATA.html CURLMOPT_TIMERFUNCTION.html			\
+ CURLOPT_UNIX_SOCKET_PATH.html
 
 PDFPAGES = CURLOPT_ACCEPT_ENCODING.pdf CURLOPT_ACCEPTTIMEOUT_MS.pdf	\
  CURLOPT_ADDRESS_SCOPE.pdf CURLOPT_APPEND.pdf CURLOPT_AUTOREFERER.pdf	\
@@ -317,7 +318,8 @@ PDFPAGES = CURLOPT_ACCEPT_ENCODING.pdf CURLOPT_ACCEPTTIMEOUT_MS.pdf	\
  CURLMOPT_MAX_TOTAL_CONNECTIONS.pdf CURLMOPT_PIPELINING.pdf		\
  CURLMOPT_PIPELINING_SERVER_BL.pdf CURLMOPT_PIPELINING_SITE_BL.pdf	\
  CURLMOPT_SOCKETDATA.pdf CURLMOPT_SOCKETFUNCTION.pdf			\
- CURLMOPT_TIMERDATA.pdf CURLMOPT_TIMERFUNCTION.pdf
+ CURLMOPT_TIMERDATA.pdf CURLMOPT_TIMERFUNCTION.pdf			\
+ CURLOPT_UNIX_SOCKET_PATH.pdf
 
 CLEANFILES = $(HTMLPAGES) $(PDFPAGES)
 

docs/libcurl/symbols-in-versions

@@ -529,6 +529,7 @@ CURLOPT_TLSAUTH_TYPE            7.21.4
 CURLOPT_TLSAUTH_USERNAME        7.21.4
 CURLOPT_TRANSFERTEXT            7.1.1
 CURLOPT_TRANSFER_ENCODING       7.21.6
+CURLOPT_UNIX_SOCKET_PATH        7.40.0
 CURLOPT_UNRESTRICTED_AUTH       7.10.4
 CURLOPT_UPLOAD                  7.1
 CURLOPT_URL                     7.1
@@ -574,6 +575,8 @@ CURLPROTO_RTMPTS                7.21.0
 CURLPROTO_RTSP                  7.20.0
 CURLPROTO_SCP                   7.19.4
 CURLPROTO_SFTP                  7.19.4
+CURLPROTO_SMB                   7.40.0
+CURLPROTO_SMBS                  7.40.0
 CURLPROTO_SMTP                  7.20.0
 CURLPROTO_SMTPS                 7.20.0
 CURLPROTO_TELNET                7.19.4
@@ -738,6 +741,7 @@ CURL_VERSION_HTTP2              7.33.0
 CURL_VERSION_IDN                7.12.0
 CURL_VERSION_IPV6               7.10
 CURL_VERSION_KERBEROS4          7.10          7.33.0
+CURL_VERSION_KERBEROS5          7.40.0
 CURL_VERSION_LARGEFILE          7.11.1
 CURL_VERSION_LIBZ               7.10
 CURL_VERSION_NTLM               7.10.6
@@ -746,6 +750,7 @@ CURL_VERSION_SPNEGO             7.10.8
 CURL_VERSION_SSL                7.10
 CURL_VERSION_SSPI               7.13.2
 CURL_VERSION_TLSAUTH_SRP        7.21.4
+CURL_VERSION_UNIX_SOCKETS       7.40.0
 CURL_WAIT_POLLIN                7.28.0
 CURL_WAIT_POLLOUT               7.28.0
 CURL_WAIT_POLLPRI               7.28.0

include/curl/curl.h

@@ -805,6 +805,8 @@ typedef enum {
 #define CURLPROTO_RTMPS  (1<<23)
 #define CURLPROTO_RTMPTS (1<<24)
 #define CURLPROTO_GOPHER (1<<25)
+#define CURLPROTO_SMB    (1<<26)
+#define CURLPROTO_SMBS   (1<<27)
 #define CURLPROTO_ALL    (~0) /* enable everything */
 
 /* long may be 32 or 64 bits, but we should never depend on anything else
@@ -987,7 +989,7 @@ typedef enum {
   CINIT(HEADER, LONG, 42),       /* throw the header out too */
   CINIT(NOPROGRESS, LONG, 43),   /* shut off the progress meter */
   CINIT(NOBODY, LONG, 44),       /* use HEAD to get http document */
-  CINIT(FAILONERROR, LONG, 45),  /* no output on http error codes >= 300 */
+  CINIT(FAILONERROR, LONG, 45),  /* no output on http error codes >= 400 */
   CINIT(UPLOAD, LONG, 46),       /* this is an upload */
   CINIT(POST, LONG, 47),         /* HTTP POST method */
   CINIT(DIRLISTONLY, LONG, 48),  /* bare names when listing directories */
@@ -1617,6 +1619,9 @@ typedef enum {
      this option is used only if SSL_VERIFYPEER is true */
   CINIT(PINNEDPUBLICKEY, OBJECTPOINT, 230),
 
+  /* Path to Unix domain socket */
+  CINIT(UNIX_SOCKET_PATH, OBJECTPOINT, 231),
+
   CURLOPT_LASTENTRY /* the last unused */
 } CURLoption;
 
@@ -1653,8 +1658,8 @@ typedef enum {
      option might be handy to force libcurl to use a specific IP version. */
 #define CURL_IPRESOLVE_WHATEVER 0 /* default, resolves addresses to all IP
                                      versions that your system allows */
-#define CURL_IPRESOLVE_V4       1 /* resolve to ipv4 addresses */
-#define CURL_IPRESOLVE_V6       2 /* resolve to ipv6 addresses */
+#define CURL_IPRESOLVE_V4       1 /* resolve to IPv4 addresses */
+#define CURL_IPRESOLVE_V6       2 /* resolve to IPv6 addresses */
 
   /* three convenient "aliases" that follow the name scheme better */
 #define CURLOPT_RTSPHEADER CURLOPT_HTTPHEADER
@@ -2241,26 +2246,30 @@ typedef struct {
 
 } curl_version_info_data;
 
-#define CURL_VERSION_IPV6      (1<<0)  /* IPv6-enabled */
-#define CURL_VERSION_KERBEROS4 (1<<1)  /* Kerberos V4 auth is supported
-                                          (deprecated) */
-#define CURL_VERSION_SSL       (1<<2)  /* SSL options are present */
-#define CURL_VERSION_LIBZ      (1<<3)  /* libz features are present */
-#define CURL_VERSION_NTLM      (1<<4)  /* NTLM auth is supported */
-#define CURL_VERSION_GSSNEGOTIATE (1<<5) /* Negotiate auth support
-                                            (deprecated) */
-#define CURL_VERSION_DEBUG     (1<<6)  /* built with debug capabilities */
-#define CURL_VERSION_ASYNCHDNS (1<<7)  /* asynchronous dns resolves */
-#define CURL_VERSION_SPNEGO    (1<<8)  /* SPNEGO auth is supported */
-#define CURL_VERSION_LARGEFILE (1<<9)  /* supports files bigger than 2GB */
-#define CURL_VERSION_IDN       (1<<10) /* International Domain Names support */
-#define CURL_VERSION_SSPI      (1<<11) /* SSPI is supported */
-#define CURL_VERSION_CONV      (1<<12) /* character conversions supported */
-#define CURL_VERSION_CURLDEBUG (1<<13) /* debug memory tracking supported */
-#define CURL_VERSION_TLSAUTH_SRP (1<<14) /* TLS-SRP auth is supported */
-#define CURL_VERSION_NTLM_WB   (1<<15) /* NTLM delegating to winbind helper */
-#define CURL_VERSION_HTTP2     (1<<16) /* HTTP2 support built-in */
-#define CURL_VERSION_GSSAPI    (1<<17) /* GSS-API is supported */
+#define CURL_VERSION_IPV6         (1<<0)  /* IPv6-enabled */
+#define CURL_VERSION_KERBEROS4    (1<<1)  /* Kerberos V4 auth is supported
+                                             (deprecated) */
+#define CURL_VERSION_SSL          (1<<2)  /* SSL options are present */
+#define CURL_VERSION_LIBZ         (1<<3)  /* libz features are present */
+#define CURL_VERSION_NTLM         (1<<4)  /* NTLM auth is supported */
+#define CURL_VERSION_GSSNEGOTIATE (1<<5)  /* Negotiate auth is supported
+                                             (deprecated) */
+#define CURL_VERSION_DEBUG        (1<<6)  /* Built with debug capabilities */
+#define CURL_VERSION_ASYNCHDNS    (1<<7)  /* Asynchronous DNS resolves */
+#define CURL_VERSION_SPNEGO       (1<<8)  /* SPNEGO auth is supported */
+#define CURL_VERSION_LARGEFILE    (1<<9)  /* Supports files larger than 2GB */
+#define CURL_VERSION_IDN          (1<<10) /* Internationized Domain Names are
+                                             supported */
+#define CURL_VERSION_SSPI         (1<<11) /* Built against Windows SSPI */
+#define CURL_VERSION_CONV         (1<<12) /* Character conversions supported */
+#define CURL_VERSION_CURLDEBUG    (1<<13) /* Debug memory tracking supported */
+#define CURL_VERSION_TLSAUTH_SRP  (1<<14) /* TLS-SRP auth is supported */
+#define CURL_VERSION_NTLM_WB      (1<<15) /* NTLM delegation to winbind helper
+                                             is suported */
+#define CURL_VERSION_HTTP2        (1<<16) /* HTTP2 support built-in */
+#define CURL_VERSION_GSSAPI       (1<<17) /* Built against a GSS-API library */
+#define CURL_VERSION_KERBEROS5    (1<<18) /* Kerberos V5 auth is supported */
+#define CURL_VERSION_UNIX_SOCKETS (1<<19) /* Unix domain sockets support */
 
  /*
  * NAME curl_version_info()

include/curl/curlver.h

@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -26,17 +26,17 @@
    a script at release-time. This was made its own header file in 7.11.2 */
 
 /* This is the global package copyright */
-#define LIBCURL_COPYRIGHT "1996 - 2014 Daniel Stenberg, <daniel@haxx.se>."
+#define LIBCURL_COPYRIGHT "1996 - 2015 Daniel Stenberg, <daniel@haxx.se>."
 
 /* This is the version number of the libcurl package from which this header
    file origins: */
-#define LIBCURL_VERSION "7.38.1-DEV"
+#define LIBCURL_VERSION "7.40.0-DEV"
 
 /* The numeric version number is also available "in parts" by using these
    defines: */
 #define LIBCURL_VERSION_MAJOR 7
-#define LIBCURL_VERSION_MINOR 38
-#define LIBCURL_VERSION_PATCH 1
+#define LIBCURL_VERSION_MINOR 40
+#define LIBCURL_VERSION_PATCH 0
 
 /* This is the numeric version of the libcurl version number, meant for easier
    parsing and comparions by programs. The LIBCURL_VERSION_NUM define will
@@ -53,7 +53,7 @@
    and it is always a greater number in a more recent release. It makes
    comparisons with greater than and less than work.
 */
-#define LIBCURL_VERSION_NUM 0x072601
+#define LIBCURL_VERSION_NUM 0x072800
 
 /*
  * This is the date and time when the full source package was created. The

lib/CMakeLists.txt

@@ -57,7 +57,7 @@ include_directories(${CMAKE_CURRENT_SOURCE_DIR}/../include)
 include_directories(${CMAKE_CURRENT_BINARY_DIR}/..)
 include_directories(${CMAKE_CURRENT_SOURCE_DIR})
 include_directories(${CMAKE_CURRENT_BINARY_DIR})
-if(CURL_USE_ARES)
+if(USE_ARES)
   include_directories(${CARES_INCLUDE_DIR})
 endif()
 

lib/Makefile.Watcom

@@ -113,7 +113,7 @@ LIBRTMP_ROOT = ../../rtmpdump-2.3
 !ifdef %openssl_root
 OPENSSL_ROOT = $(%openssl_root)
 !else
-OPENSSL_ROOT = ../../openssl-0.9.8y
+OPENSSL_ROOT = ../../openssl-0.9.8zc
 !endif
 
 !ifdef %ares_root

lib/Makefile.b32

@@ -27,7 +27,7 @@ ZLIB_PATH = ..\..\zlib-1.2.8
 
 # Edit the path below to point to the base of your OpenSSL package.
 !ifndef OPENSSL_PATH
-OPENSSL_PATH = ..\..\openssl-0.9.8y
+OPENSSL_PATH = ..\..\openssl-0.9.8zc
 !endif
 
 # Set libcurl static lib, dll and import lib

lib/Makefile.inc

@@ -20,50 +20,50 @@
 #
 ###########################################################################
 
-LIB_VTLS_CFILES = vtls/openssl.c vtls/gtls.c vtls/vtls.c vtls/nss.c	\
-  vtls/polarssl.c vtls/polarssl_threadlock.c vtls/axtls.c		\
+LIB_VTLS_CFILES = vtls/openssl.c vtls/gtls.c vtls/vtls.c vtls/nss.c     \
+  vtls/polarssl.c vtls/polarssl_threadlock.c vtls/axtls.c               \
   vtls/cyassl.c vtls/curl_schannel.c vtls/curl_darwinssl.c vtls/gskit.c
 
-LIB_VTLS_HFILES = vtls/openssl.h vtls/vtls.h vtls/gtls.h		\
-  vtls/nssg.h vtls/polarssl.h vtls/polarssl_threadlock.h vtls/axtls.h	\
+LIB_VTLS_HFILES = vtls/openssl.h vtls/vtls.h vtls/gtls.h                \
+  vtls/nssg.h vtls/polarssl.h vtls/polarssl_threadlock.h vtls/axtls.h   \
   vtls/cyassl.h vtls/curl_schannel.h vtls/curl_darwinssl.h vtls/gskit.h
 
-LIB_CFILES = file.c timeval.c base64.c hostip.c progress.c formdata.c	\
-  cookie.c http.c sendf.c ftp.c url.c dict.c if2ip.c speedcheck.c	\
-  ldap.c version.c getenv.c escape.c mprintf.c telnet.c netrc.c		\
-  getinfo.c transfer.c strequal.c easy.c security.c curl_fnmatch.c	\
-  fileinfo.c ftplistparser.c wildcard.c krb5.c memdebug.c http_chunks.c	\
-  strtok.c connect.c llist.c hash.c multi.c content_encoding.c share.c	\
-  http_digest.c md4.c md5.c http_negotiate.c inet_pton.c strtoofft.c	\
-  strerror.c amigaos.c hostasyn.c hostip4.c hostip6.c hostsyn.c		\
-  inet_ntop.c parsedate.c select.c tftp.c splay.c strdup.c socks.c	\
-  ssh.c rawstr.c curl_addrinfo.c socks_gssapi.c socks_sspi.c		\
-  curl_sspi.c slist.c nonblock.c curl_memrchr.c imap.c pop3.c smtp.c	\
-  pingpong.c rtsp.c curl_threads.c warnless.c hmac.c curl_rtmp.c	\
-  openldap.c curl_gethostname.c gopher.c idn_win32.c			\
-  http_negotiate_sspi.c http_proxy.c non-ascii.c asyn-ares.c		\
-  asyn-thread.c curl_gssapi.c curl_ntlm.c curl_ntlm_wb.c		\
-  curl_ntlm_core.c curl_ntlm_msgs.c curl_sasl.c curl_multibyte.c	\
-  hostcheck.c bundles.c conncache.c pipeline.c dotdot.c x509asn1.c	\
-  http2.c curl_sasl_sspi.c
+LIB_CFILES = file.c timeval.c base64.c hostip.c progress.c formdata.c   \
+  cookie.c http.c sendf.c ftp.c url.c dict.c if2ip.c speedcheck.c       \
+  ldap.c version.c getenv.c escape.c mprintf.c telnet.c netrc.c         \
+  getinfo.c transfer.c strequal.c easy.c security.c curl_fnmatch.c      \
+  fileinfo.c ftplistparser.c wildcard.c krb5.c memdebug.c http_chunks.c \
+  strtok.c connect.c llist.c hash.c multi.c content_encoding.c share.c  \
+  http_digest.c md4.c md5.c http_negotiate.c inet_pton.c strtoofft.c    \
+  strerror.c amigaos.c hostasyn.c hostip4.c hostip6.c hostsyn.c         \
+  inet_ntop.c parsedate.c select.c tftp.c splay.c strdup.c socks.c      \
+  ssh.c rawstr.c curl_addrinfo.c socks_gssapi.c socks_sspi.c            \
+  curl_sspi.c slist.c nonblock.c curl_memrchr.c imap.c pop3.c smtp.c    \
+  pingpong.c rtsp.c curl_threads.c warnless.c hmac.c curl_rtmp.c        \
+  openldap.c curl_gethostname.c gopher.c idn_win32.c                    \
+  http_negotiate_sspi.c http_proxy.c non-ascii.c asyn-ares.c            \
+  asyn-thread.c curl_gssapi.c curl_ntlm.c curl_ntlm_wb.c                \
+  curl_ntlm_core.c curl_ntlm_msgs.c curl_sasl.c curl_multibyte.c        \
+  hostcheck.c bundles.c conncache.c pipeline.c dotdot.c x509asn1.c      \
+  http2.c curl_sasl_sspi.c smb.c curl_sasl_gssapi.c curl_endian.c
 
-LIB_HFILES = arpa_telnet.h netrc.h file.h timeval.h hostip.h progress.h	\
-  formdata.h cookie.h http.h sendf.h ftp.h url.h dict.h if2ip.h		\
-  speedcheck.h urldata.h curl_ldap.h escape.h telnet.h getinfo.h	\
-  strequal.h curl_sec.h memdebug.h http_chunks.h curl_fnmatch.h		\
-  wildcard.h fileinfo.h ftplistparser.h strtok.h connect.h llist.h	\
-  hash.h content_encoding.h share.h curl_md4.h curl_md5.h http_digest.h	\
-  http_negotiate.h inet_pton.h amigaos.h strtoofft.h strerror.h		\
-  inet_ntop.h curlx.h curl_memory.h curl_setup.h transfer.h select.h	\
-  easyif.h multiif.h parsedate.h tftp.h sockaddr.h splay.h strdup.h	\
-  socks.h ssh.h curl_base64.h rawstr.h curl_addrinfo.h curl_sspi.h	\
-  slist.h nonblock.h curl_memrchr.h imap.h pop3.h smtp.h pingpong.h	\
-  rtsp.h curl_threads.h warnless.h curl_hmac.h curl_rtmp.h		\
-  curl_gethostname.h gopher.h http_proxy.h non-ascii.h asyn.h		\
-  curl_ntlm.h curl_gssapi.h curl_ntlm_wb.h curl_ntlm_core.h		\
-  curl_ntlm_msgs.h curl_sasl.h curl_multibyte.h hostcheck.h bundles.h	\
-  conncache.h curl_setup_once.h multihandle.h setup-vms.h pipeline.h	\
-  dotdot.h x509asn1.h http2.h sigpipe.h
+LIB_HFILES = arpa_telnet.h netrc.h file.h timeval.h hostip.h progress.h \
+  formdata.h cookie.h http.h sendf.h ftp.h url.h dict.h if2ip.h         \
+  speedcheck.h urldata.h curl_ldap.h escape.h telnet.h getinfo.h        \
+  strequal.h curl_sec.h memdebug.h http_chunks.h curl_fnmatch.h         \
+  wildcard.h fileinfo.h ftplistparser.h strtok.h connect.h llist.h      \
+  hash.h content_encoding.h share.h curl_md4.h curl_md5.h http_digest.h \
+  http_negotiate.h inet_pton.h amigaos.h strtoofft.h strerror.h         \
+  inet_ntop.h curlx.h curl_memory.h curl_setup.h transfer.h select.h    \
+  easyif.h multiif.h parsedate.h tftp.h sockaddr.h splay.h strdup.h     \
+  socks.h ssh.h curl_base64.h rawstr.h curl_addrinfo.h curl_sspi.h      \
+  slist.h nonblock.h curl_memrchr.h imap.h pop3.h smtp.h pingpong.h     \
+  rtsp.h curl_threads.h warnless.h curl_hmac.h curl_rtmp.h              \
+  curl_gethostname.h gopher.h http_proxy.h non-ascii.h asyn.h           \
+  curl_ntlm.h curl_gssapi.h curl_ntlm_wb.h curl_ntlm_core.h             \
+  curl_ntlm_msgs.h curl_sasl.h curl_multibyte.h hostcheck.h bundles.h   \
+  conncache.h curl_setup_once.h multihandle.h setup-vms.h pipeline.h    \
+  dotdot.h x509asn1.h http2.h sigpipe.h smb.h curl_endian.h
 
 LIB_RCFILES = libcurl.rc
 

lib/Makefile.m32

@@ -18,7 +18,7 @@ ZLIB_PATH = ../../zlib-1.2.8
 endif
 # Edit the path below to point to the base of your OpenSSL package.
 ifndef OPENSSL_PATH
-OPENSSL_PATH = ../../openssl-0.9.8y
+OPENSSL_PATH = ../../openssl-0.9.8zc
 endif
 # Edit the path below to point to the base of your LibSSH2 package.
 ifndef LIBSSH2_PATH
@@ -44,7 +44,7 @@ LDAP_SDK = c:/novell/ndk/cldapsdk/win32
 endif
 # Edit the path below to point to the base of your nghttp2 package.
 ifndef NGHTTP2_PATH
-NGHTTP2_PATH = ../../nghttp2-0.6.4
+NGHTTP2_PATH = ../../nghttp2-0.6.7
 endif
 
 PROOT = ..
@@ -54,25 +54,34 @@ ifndef LIBCARES_PATH
 LIBCARES_PATH = $(PROOT)/ares
 endif
 
-# Edit the var below to set to your architecture or set environment var.
-ifndef ARCH
-ARCH = w32
-endif
-
 CC	= $(CROSSPREFIX)gcc
 CFLAGS	= -g -O2 -Wall
 CFLAGS	+= -fno-strict-aliasing
-ifeq ($(ARCH),w64)
-CFLAGS	+= -D_AMD64_
-endif
 # comment LDFLAGS below to keep debug info
 LDFLAGS	= -s
 AR	= $(CROSSPREFIX)ar
 RANLIB	= $(CROSSPREFIX)ranlib
 RC	= $(CROSSPREFIX)windres
-RCFLAGS	= --include-dir=$(PROOT)/include -DDEBUGBUILD=0 -O COFF -i
+RCFLAGS	= --include-dir=$(PROOT)/include -DDEBUGBUILD=0 -O COFF
 STRIP	= $(CROSSPREFIX)strip -g
 
+# Set environment var ARCH to your architecture to override autodetection.
+ifndef ARCH
+ifeq ($(findstring x86_64,$(shell $(CC) -dumpmachine)),x86_64)
+ARCH	= w64
+else
+ARCH	= w32
+endif
+endif
+
+ifeq ($(ARCH),w64)
+CFLAGS  += -D_AMD64_
+RCFLAGS += -F pe-x86-64
+else
+CFLAGS  += -m32
+RCFLAGS += -F pe-i386
+endif
+
 # Platform-dependent helper tool macros
 ifeq ($(findstring /sh,$(SHELL)),/sh)
 DEL	= rm -f $1
@@ -297,7 +306,7 @@ $(libcurl_dll_LIBRARY): $(libcurl_a_OBJECTS) $(RESOURCE) $(libcurl_dll_DEPENDENC
 	$(CC) $(INCLUDES) $(CFLAGS) -c $< -o $@
 
 %.res: %.rc
-	$(RC) $(RCFLAGS) $< -o $@
+	$(RC) $(RCFLAGS) -i $< -o $@
 
 clean:
 ifeq "$(wildcard $(PROOT)/include/curl/curlbuild.h.dist)" "$(PROOT)/include/curl/curlbuild.h.dist"

lib/Makefile.netware

@@ -19,7 +19,7 @@ endif
 
 # Edit the path below to point to the base of your OpenSSL package.
 ifndef OPENSSL_PATH
-OPENSSL_PATH = ../../openssl-0.9.8y
+OPENSSL_PATH = ../../openssl-0.9.8zc
 endif
 
 # Edit the path below to point to the base of your LibSSH2 package.
@@ -44,7 +44,7 @@ endif
 
 # Edit the path below to point to the base of your nghttp2 package.
 ifndef NGHTTP2_PATH
-NGHTTP2_PATH = ../../nghttp2-0.6.4
+NGHTTP2_PATH = ../../nghttp2-0.6.7
 endif
 
 # Edit the path below to point to the base of your fbopenssl package.
@@ -711,9 +711,9 @@ else
 	@echo c-ares support:  no
 endif
 ifdef ENABLE_IPV6
-	@echo ipv6 support:    enabled
+	@echo IPv6 support:    enabled
 else
-	@echo ipv6 support:    no
+	@echo IPv6 support:    no
 endif
 
 $(CURL_INC)/curl/curlbuild.h: Makefile.netware FORCE

lib/Makefile.vc6

@@ -65,7 +65,7 @@
 !INCLUDE ..\winbuild\Makefile.msvc.names
 
 !IFNDEF OPENSSL_PATH
-OPENSSL_PATH   = ../../openssl-0.9.8y
+OPENSSL_PATH   = ../../openssl-0.9.8zc
 !ENDIF
 
 !IFNDEF LIBSSH2_PATH
@@ -130,6 +130,10 @@ CFLAGS = $(CFLAGS) /DUSE_WINDOWS_SSPI /I$(WINDOWS_SDK_PATH)\include
 CFLAGS = $(CFLAGS) /DUSE_IPV6
 !ENDIF
 
+!IFDEF USE_IDN
+CFLAGS = $(CFLAGS) /DUSE_WIN32_IDN /DWANT_IDN_PROTOTYPES
+!ENDIF
+
 ##############################################################
 # Runtime library configuration
 
@@ -531,6 +535,7 @@ X_OBJS= \
 	$(DIROBJ)\cookie.obj \
 	$(DIROBJ)\curl_addrinfo.obj \
 	$(DIROBJ)\curl_darwinssl.obj \
+	$(DIROBJ)\curl_endian.obj \
 	$(DIROBJ)\curl_fnmatch.obj \
 	$(DIROBJ)\curl_gethostname.obj \
 	$(DIROBJ)\curl_gssapi.obj \
@@ -542,6 +547,7 @@ X_OBJS= \
 	$(DIROBJ)\curl_ntlm_wb.obj \
 	$(DIROBJ)\curl_rtmp.obj \
 	$(DIROBJ)\curl_sasl.obj \
+	$(DIROBJ)\curl_sasl_gssapi.obj \
 	$(DIROBJ)\curl_sasl_sspi.obj \
 	$(DIROBJ)\curl_schannel.obj \
 	$(DIROBJ)\curl_sspi.obj \
@@ -606,6 +612,7 @@ X_OBJS= \
 	$(DIROBJ)\sendf.obj \
 	$(DIROBJ)\share.obj \
 	$(DIROBJ)\slist.obj \
+	$(DIROBJ)\smb.obj \
 	$(DIROBJ)\smtp.obj \
 	$(DIROBJ)\socks.obj \
 	$(DIROBJ)\socks_gssapi.obj \

lib/Makefile.vxworks

@@ -33,8 +33,8 @@ BUILD_TYPE := debug
 USER_CFLAGS:=
 
 # directories where to seek for includes and libraries
-OPENSSL_INC := D:/libraries/openssl/openssl-0.9.8y-vxWorks6.3/include
-OPENSSL_LIB := D:/libraries/openssl/openssl-0.9.8y-vxWorks6.3
+OPENSSL_INC := D:/libraries/openssl/openssl-0.9.8zc-vxWorks6.3/include
+OPENSSL_LIB := D:/libraries/openssl/openssl-0.9.8zc-vxWorks6.3
 ZLIB_INC    := D:/libraries/zlib/zlib-1.2.8-VxWorks6.3/zlib-1.2.8
 ZLIB_LIB    := D:/libraries/zlib/zlib-1.2.8-VxWorks6.3/binaries/vxworks_3.1_gnu/Debug/lib
 ARES_INC    :=

lib/README.hostip

@@ -28,8 +28,8 @@
  hostsyn.c     - functions for synchronous name resolves
  asyn-ares.c   - functions for asynchronous name resolves using c-ares
  asyn-thread.c - functions for asynchronous name resolves using threads
- hostip4.c     - ipv4-specific functions
- hostip6.c     - ipv6-specific functions
+ hostip4.c     - IPv4 specific functions
+ hostip6.c     - IPv6 specific functions
 
  The hostip.h is the single united header file for all this. It defines the
  CURLRES_* defines based on the config*.h and curl_setup.h defines.

lib/asyn-ares.c

@@ -315,7 +315,7 @@ CURLcode Curl_resolver_is_resolved(struct connectdata *conn,
   struct SessionHandle *data = conn->data;
   struct ResolverResults *res = (struct ResolverResults *)
     conn->async.os_specific;
-  CURLcode rc = CURLE_OK;
+  CURLcode result = CURLE_OK;
 
   *dns = NULL;
 
@@ -329,7 +329,7 @@ CURLcode Curl_resolver_is_resolved(struct connectdata *conn,
     if(!conn->async.dns) {
       failf(data, "Could not resolve: %s (%s)",
             conn->async.hostname, ares_strerror(conn->async.status));
-      rc = conn->bits.proxy?CURLE_COULDNT_RESOLVE_PROXY:
+      result = conn->bits.proxy?CURLE_COULDNT_RESOLVE_PROXY:
         CURLE_COULDNT_RESOLVE_HOST;
     }
     else
@@ -338,7 +338,7 @@ CURLcode Curl_resolver_is_resolved(struct connectdata *conn,
     destroy_async_data(&conn->async);
   }
 
-  return rc;
+  return result;
 }
 
 /*
@@ -355,7 +355,7 @@ CURLcode Curl_resolver_is_resolved(struct connectdata *conn,
 CURLcode Curl_resolver_wait_resolv(struct connectdata *conn,
                                    struct Curl_dns_entry **entry)
 {
-  CURLcode rc=CURLE_OK;
+  CURLcode result = CURLE_OK;
   struct SessionHandle *data = conn->data;
   long timeout;
   struct timeval now = Curl_tvnow();
@@ -394,7 +394,7 @@ CURLcode Curl_resolver_wait_resolv(struct connectdata *conn,
       break;
 
     if(Curl_pgrsUpdate(conn)) {
-      rc = CURLE_ABORTED_BY_CALLBACK;
+      result = CURLE_ABORTED_BY_CALLBACK;
       timeout = -1; /* trigger the cancel below */
     }
     else {
@@ -403,6 +403,7 @@ CURLcode Curl_resolver_wait_resolv(struct connectdata *conn,
       timeout -= timediff?timediff:1; /* always deduct at least 1 */
       now = now2; /* for next loop */
     }
+
     if(timeout < 0) {
       /* our timeout, so we cancel the ares operation */
       ares_cancel((ares_channel)data->state.resolver);
@@ -412,18 +413,17 @@ CURLcode Curl_resolver_wait_resolv(struct connectdata *conn,
 
   /* Operation complete, if the lookup was successful we now have the entry
      in the cache. */
-
   if(entry)
     *entry = conn->async.dns;
 
-  if(rc)
+  if(result)
     /* close the connection, since we can't return failure here without
        cleaning up this connection properly.
        TODO: remove this action from here, it is not a name resolver decision.
     */
     connclose(conn, "c-ares resolve failed");
 
-  return rc;
+  return result;
 }
 
 /* Connects results to the list */

lib/asyn-thread.c

@@ -434,19 +434,21 @@ static bool init_resolve_thread (struct connectdata *conn,
 static CURLcode resolver_error(struct connectdata *conn)
 {
   const char *host_or_proxy;
-  CURLcode rc;
+  CURLcode result;
+
   if(conn->bits.httpproxy) {
     host_or_proxy = "proxy";
-    rc = CURLE_COULDNT_RESOLVE_PROXY;
+    result = CURLE_COULDNT_RESOLVE_PROXY;
   }
   else {
     host_or_proxy = "host";
-    rc = CURLE_COULDNT_RESOLVE_HOST;
+    result = CURLE_COULDNT_RESOLVE_HOST;
   }
 
   failf(conn->data, "Could not resolve %s: %s", host_or_proxy,
         conn->async.hostname);
-  return rc;
+
+  return result;
 }
 
 /*
@@ -463,13 +465,13 @@ CURLcode Curl_resolver_wait_resolv(struct connectdata *conn,
                                    struct Curl_dns_entry **entry)
 {
   struct thread_data   *td = (struct thread_data*) conn->async.os_specific;
-  CURLcode rc = CURLE_OK;
+  CURLcode result = CURLE_OK;
 
   DEBUGASSERT(conn && td);
 
   /* wait for the thread to resolve the name */
   if(Curl_thread_join(&td->thread_hnd))
-    rc = getaddrinfo_complete(conn);
+    result = getaddrinfo_complete(conn);
   else
     DEBUGASSERT(0);
 
@@ -480,14 +482,14 @@ CURLcode Curl_resolver_wait_resolv(struct connectdata *conn,
 
   if(!conn->async.dns)
     /* a name was not resolved, report error */
-    rc = resolver_error(conn);
+    result = resolver_error(conn);
 
   destroy_async_data(&conn->async);
 
   if(!conn->async.dns)
     connclose(conn, "asynch resolve failed");
 
-  return (rc);
+  return result;
 }
 
 /*
@@ -517,9 +519,9 @@ CURLcode Curl_resolver_is_resolved(struct connectdata *conn,
     getaddrinfo_complete(conn);
 
     if(!conn->async.dns) {
-      CURLcode rc = resolver_error(conn);
+      CURLcode result = resolver_error(conn);
       destroy_async_data(&conn->async);
-      return rc;
+      return result;
     }
     destroy_async_data(&conn->async);
     *entry = conn->async.dns;
@@ -633,7 +635,7 @@ Curl_addrinfo *Curl_resolver_getaddrinfo(struct connectdata *conn,
   }
 
   if((pf != PF_INET) && !Curl_ipv6works())
-    /* the stack seems to be a non-ipv6 one */
+    /* The stack seems to be a non-IPv6 one */
     pf = PF_INET;
 
 #endif /* CURLRES_IPV6 */

lib/config-os400.h

@@ -540,6 +540,12 @@
 /* Define to use the GSKit package. */
 #define USE_GSKIT
 
+/* Define to use the OS/400 crypto library. */
+#define USE_OS400CRYPTO
+
+/* Define to use Unix sockets. */
+#define USE_UNIX_SOCKETS
+
 /* Use the system keyring as the default CA bundle. */
 #define CURL_CA_BUNDLE  "/QIBM/UserData/ICSS/Cert/Server/DEFAULT.KDB"
 

lib/config-win32.h

@@ -502,26 +502,39 @@
 #  endif
 #endif
 
-/* Officially, Microsoft's Windows SDK versions 6.X do not support Windows
-   2000 as a supported build target. VS2008 default installations provide
-   an embedded Windows SDK v6.0A along with the claim that Windows 2000 is
-   a valid build target for VS2008. Popular belief is that binaries built
-   with VS2008 using Windows SDK versions 6.X and Windows 2000 as a build
-   target are functional. */
-#if defined(_MSC_VER) && (_MSC_VER >= 1500)
+/* Define some minimum and default build targets for Visual Studio */
+#if defined(_MSC_VER)
+   /* Officially, Microsoft's Windows SDK versions 6.X does not support Windows
+      2000 as a supported build target. VS2008 default installations provides
+      an embedded Windows SDK v6.0A along with the claim that Windows 2000 is a
+      valid build target for VS2008. Popular belief is that binaries built with
+      VS2008 using Windows SDK versions v6.X and Windows 2000 as a build target
+      are functional. */
 #  define VS2008_MIN_TARGET 0x0500
-#endif
 
-/* When no build target is specified VS2008 default build target is Windows
-   Vista, which leaves out even Winsows XP. If no build target has been given
-   for VS2008 we will target the minimum Officially supported build target,
-   which happens to be Windows XP. */
-#if defined(_MSC_VER) && (_MSC_VER >= 1500)
-#  define VS2008_DEF_TARGET  0x0501
+   /* The minimum build target for VS2012 is Vista unless Update 1 is installed
+      and the v110_xp toolset is choosen. */
+#  if defined(_USING_V110_SDK71_)
+#    define VS2012_MIN_TARGET 0x0501
+#  else
+#    define VS2012_MIN_TARGET 0x0600
+#  endif
+
+   /* VS2008 default build target is Windows Vista. We override default target
+      to be Windows XP. */
+#  define VS2008_DEF_TARGET 0x0501
+
+   /* VS2012 default build target is Windows Vista unless Update 1 is installed
+      and the v110_xp toolset is choosen. */
+#  if defined(_USING_V110_SDK71_)
+#    define VS2012_DEF_TARGET 0x0501
+#  else
+#    define VS2012_DEF_TARGET 0x0600
+#  endif
 #endif
 
 /* VS2008 default target settings and minimum build target check. */
-#if defined(_MSC_VER) && (_MSC_VER >= 1500)
+#if defined(_MSC_VER) && (_MSC_VER >= 1500) && (_MSC_VER <= 1600)
 #  ifndef _WIN32_WINNT
 #    define _WIN32_WINNT VS2008_DEF_TARGET
 #  endif
@@ -533,6 +546,24 @@
 #  endif
 #endif
 
+/* VS2012 default target settings and minimum build target check. */
+#if defined(_MSC_VER) && (_MSC_VER >= 1700)
+#  ifndef _WIN32_WINNT
+#    define _WIN32_WINNT VS2012_DEF_TARGET
+#  endif
+#  ifndef WINVER
+#    define WINVER VS2012_DEF_TARGET
+#  endif
+#  if (_WIN32_WINNT < VS2012_MIN_TARGET) || (WINVER < VS2012_MIN_TARGET)
+#    if defined(_USING_V110_SDK71_)
+#      error VS2012 does not support Windows build targets prior to Windows XP
+#    else
+#      error VS2012 does not support Windows build targets prior to Windows \
+Vista
+#    endif
+#  endif
+#endif
+
 /* When no build target is specified Pelles C 5.00 and later default build
    target is Windows Vista. We override default target to be Windows 2000. */
 #if defined(__POCC__) && (__POCC__ >= 500)
@@ -669,6 +700,11 @@
 #  define CURL_DISABLE_LDAP 1
 #endif
 
+/* Define to use the Windows crypto library. */
+#if !defined(USE_SSLEAY) && !defined(USE_NSS)
+#define USE_WIN32_CRYPTO
+#endif
+
 /* ---------------------------------------------------------------- */
 /*                       ADDITIONAL DEFINITIONS                     */
 /* ---------------------------------------------------------------- */

lib/conncache.c

@@ -152,6 +152,10 @@ CURLcode Curl_conncache_add_conn(struct conncache *connc,
   conn->connection_id = connc->next_connection_id++;
   connc->num_connections++;
 
+  DEBUGF(infof(conn->data, "Added connection %ld. "
+               "The cache now contains %" CURL_FORMAT_CURL_OFF_TU " members\n",
+               conn->connection_id, (curl_off_t) connc->num_connections));
+
   return CURLE_OK;
 }
 
@@ -171,8 +175,9 @@ void Curl_conncache_remove_conn(struct conncache *connc,
     if(connc) {
       connc->num_connections--;
 
-      DEBUGF(infof(conn->data, "The cache now contains %d members\n",
-                   connc->num_connections));
+      DEBUGF(infof(conn->data, "The cache now contains %"
+                   CURL_FORMAT_CURL_OFF_TU " members\n",
+                   (curl_off_t) connc->num_connections));
     }
   }
 }

lib/connect.c

@@ -238,7 +238,7 @@ long Curl_timeleft(struct SessionHandle *data,
 }
 
 static CURLcode bindlocal(struct connectdata *conn,
-                          curl_socket_t sockfd, int af)
+                          curl_socket_t sockfd, int af, unsigned int scope)
 {
   struct SessionHandle *data = conn->data;
 
@@ -286,7 +286,8 @@ static CURLcode bindlocal(struct connectdata *conn,
 
     /* interface */
     if(!is_host) {
-      switch(Curl_if2ip(af, conn->scope, dev, myhost, sizeof(myhost))) {
+      switch(Curl_if2ip(af, scope, conn->scope_id, dev,
+                        myhost, sizeof(myhost))) {
         case IF2IP_NOT_FOUND:
           if(is_interface) {
             /* Do not fall back to treating it as a host name */
@@ -375,7 +376,7 @@ static CURLcode bindlocal(struct connectdata *conn,
 
     if(done > 0) {
 #ifdef ENABLE_IPV6
-      /* ipv6 address */
+      /* IPv6 address */
       if(af == AF_INET6) {
 #ifdef HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID
         char *scope_ptr = strchr(myhost, '%');
@@ -398,7 +399,7 @@ static CURLcode bindlocal(struct connectdata *conn,
       }
       else
 #endif
-      /* ipv4 address */
+      /* IPv4 address */
       if((af == AF_INET) &&
          (Curl_inet_pton(AF_INET, myhost, &si4->sin_addr) > 0)) {
         si4->sin_family = AF_INET;
@@ -679,6 +680,7 @@ void Curl_updateconninfo(struct connectdata *conn, curl_socket_t sockfd)
     }
 
     len = sizeof(struct Curl_sockaddr_storage);
+    memset(&ssloc, 0, sizeof(ssloc));
     if(getsockname(sockfd, (struct sockaddr*) &ssloc, &len)) {
       error = SOCKERRNO;
       failf(data, "getsockname() failed with errno %d: %s",
@@ -991,6 +993,7 @@ static CURLcode singleipconnect(struct connectdata *conn,
   CURLcode result;
   char ipaddress[MAX_IPADR_LEN];
   long port;
+  bool is_tcp;
 
   *sockp = CURL_SOCKET_BAD;
 
@@ -1013,14 +1016,16 @@ static CURLcode singleipconnect(struct connectdata *conn,
   }
   infof(data, "  Trying %s...\n", ipaddress);
 
-  if(data->set.tcp_nodelay)
+  is_tcp = (addr.family == AF_INET || addr.family == AF_INET6) &&
+           addr.socktype == SOCK_STREAM;
+  if(is_tcp && data->set.tcp_nodelay)
     tcpnodelay(conn, sockfd);
 
   nosigpipe(conn, sockfd);
 
   Curl_sndbufset(sockfd);
 
-  if(data->set.tcp_keepalive)
+  if(is_tcp && data->set.tcp_keepalive)
     tcpkeepalive(data, sockfd);
 
   if(data->set.fsockopt) {
@@ -1038,16 +1043,18 @@ static CURLcode singleipconnect(struct connectdata *conn,
   }
 
   /* possibly bind the local end to an IP, interface or port */
-  result = bindlocal(conn, sockfd, addr.family);
-  if(result) {
-    Curl_closesocket(conn, sockfd); /* close socket and bail out */
-    if(result == CURLE_UNSUPPORTED_PROTOCOL) {
-      /* The address family is not supported on this interface.
-         We can continue trying addresses */
-      return CURLE_OK;
+  if(addr.family == AF_INET || addr.family == AF_INET6) {
+    result = bindlocal(conn, sockfd, addr.family,
+                       Curl_ipv6_scope((struct sockaddr*)&addr.sa_addr));
+    if(result) {
+      Curl_closesocket(conn, sockfd); /* close socket and bail out */
+      if(result == CURLE_UNSUPPORTED_PROTOCOL) {
+        /* The address family is not supported on this interface.
+           We can continue trying addresses */
+        return CURLE_COULDNT_CONNECT;
+      }
+      return result;
     }
-
-    return result;
   }
 
   /* set socket non-blocking */
@@ -1244,12 +1251,13 @@ int Curl_closesocket(struct connectdata *conn,
     else
       return conn->fclosesocket(conn->closesocket_client, sock);
   }
-  sclose(sock);
 
   if(conn)
     /* tell the multi-socket code about this */
     Curl_multi_closed(conn, sock);
 
+  sclose(sock);
+
   return 0;
 }
 
@@ -1313,9 +1321,9 @@ CURLcode Curl_socket(struct connectdata *conn,
     return CURLE_COULDNT_CONNECT;
 
 #if defined(ENABLE_IPV6) && defined(HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID)
-  if(conn->scope && (addr->family == AF_INET6)) {
+  if(conn->scope_id && (addr->family == AF_INET6)) {
     struct sockaddr_in6 * const sa6 = (void *)&addr->sa_addr;
-    sa6->sin6_scope_id = conn->scope;
+    sa6->sin6_scope_id = conn->scope_id;
   }
 #endif
 
@@ -1326,15 +1334,20 @@ CURLcode Curl_socket(struct connectdata *conn,
 #ifdef CURLDEBUG
 /*
  * Curl_conncontrol() is used to set the conn->bits.close bit on or off. It
- * MUST be called with the connclose() or connclose() macros with a stated
+ * MUST be called with the connclose() or connkeep() macros with a stated
  * reason. The reason is only shown in debug builds but helps to figure out
  * decision paths when connections are or aren't re-used as expected.
  */
 void Curl_conncontrol(struct connectdata *conn, bool closeit,
                       const char *reason)
 {
+#if defined(CURL_DISABLE_VERBOSE_STRINGS)
+  (void) reason;
+#endif
+
   infof(conn->data, "Marked for [%s]: %s\n", closeit?"closure":"keep alive",
         reason);
+
   conn->bits.close = closeit; /* the only place in the source code that should
                                  assign this bit */
 }

lib/connect.h

@@ -41,7 +41,7 @@ long Curl_timeleft(struct SessionHandle *data,
 
 #define DEFAULT_CONNECT_TIMEOUT 300000 /* milliseconds == five minutes */
 #define HAPPY_EYEBALLS_TIMEOUT     200 /* milliseconds to wait between
-                                          ipv4/ipv6 connection attempts */
+                                          IPv4/IPv6 connection attempts */
 
 /*
  * Used to extract socket and connectdata struct for the most recent

lib/cookie.c

@@ -26,14 +26,17 @@
 RECEIVING COOKIE INFORMATION
 ============================
 
-struct CookieInfo *cookie_init(char *file);
+struct CookieInfo *Curl_cookie_init(struct SessionHandle *data,
+                    const char *file, struct CookieInfo *inc, bool newsession);
 
         Inits a cookie struct to store data in a local file. This is always
         called before any cookies are set.
 
-int cookies_set(struct CookieInfo *cookie, char *cookie_line);
+struct Cookie *Curl_cookie_add(struct SessionHandle *data,
+                 struct CookieInfo *c, bool httpheader, char *lineptr,
+                 const char *domain, const char *path);
 
-        The 'cookie_line' parameter is a full "Set-cookie:" line as
+        The 'lineptr' parameter is a full "Set-cookie:" line as
         received from a server.
 
         The function need to replace previously stored lines that this new
@@ -47,8 +50,8 @@ int cookies_set(struct CookieInfo *cookie, char *cookie_line);
 SENDING COOKIE INFORMATION
 ==========================
 
-struct Cookies *cookie_getlist(struct CookieInfo *cookie,
-                               char *host, char *path, bool secure);
+struct Cookies *Curl_cookie_getlist(struct CookieInfo *cookie,
+                                    char *host, char *path, bool secure);
 
         For a given host and path, return a linked list of cookies that
         the client should send to the server if used now. The secure
@@ -259,6 +262,8 @@ static char *sanitize_cookie_path(const char *cookie_path)
 
 /*
  * Load cookies from all given cookie files (CURLOPT_COOKIEFILE).
+ *
+ * NOTE: OOM or cookie parsing failures are ignored.
  */
 void Curl_cookie_loadfiles(struct SessionHandle *data)
 {
@@ -266,10 +271,17 @@ void Curl_cookie_loadfiles(struct SessionHandle *data)
   if(list) {
     Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE);
     while(list) {
-      data->cookies = Curl_cookie_init(data,
-                                       list->data,
-                                       data->cookies,
-                                       data->set.cookiesession);
+      struct CookieInfo *newcookies = Curl_cookie_init(data,
+                                        list->data,
+                                        data->cookies,
+                                        data->set.cookiesession);
+      if(!newcookies)
+        /* Failure may be due to OOM or a bad cookie; both are ignored
+         * but only the first should be
+         */
+        infof(data, "ignoring failed cookie_init for %s\n", list->data);
+      else
+        data->cookies = newcookies;
       list = list->next;
     }
     curl_slist_free_all(data->change.cookielist); /* clean up list */
@@ -351,6 +363,8 @@ static bool isip(const char *domain)
  * Be aware that sometimes we get an IP-only host name, and that might also be
  * a numerical IPv6 address.
  *
+ * Returns NULL on out of memory or invalid cookie. This is suboptimal,
+ * as they should be treated separately.
  ***************************************************************************/
 
 struct Cookie *
@@ -882,6 +896,7 @@ Curl_cookie_add(struct SessionHandle *data,
  *
  * If 'newsession' is TRUE, discard all "session cookies" on read from file.
  *
+ * Returns NULL on out of memory. Invalid cookies are ignored.
  ****************************************************************************/
 struct CookieInfo *Curl_cookie_init(struct SessionHandle *data,
                                     const char *file,
@@ -889,8 +904,9 @@ struct CookieInfo *Curl_cookie_init(struct SessionHandle *data,
                                     bool newsession)
 {
   struct CookieInfo *c;
-  FILE *fp;
+  FILE *fp = NULL;
   bool fromfile=TRUE;
+  char *line = NULL;
 
   if(NULL == inc) {
     /* we didn't get a struct, create one */
@@ -898,6 +914,8 @@ struct CookieInfo *Curl_cookie_init(struct SessionHandle *data,
     if(!c)
       return NULL; /* failed to get memory */
     c->filename = strdup(file?file:"none"); /* copy the name just in case */
+    if(!c->filename)
+      goto fail; /* failed to get memory */
   }
   else {
     /* we got an already existing one, use that */
@@ -922,25 +940,26 @@ struct CookieInfo *Curl_cookie_init(struct SessionHandle *data,
     char *lineptr;
     bool headerline;
 
-    char *line = malloc(MAX_COOKIE_LINE);
-    if(line) {
-      while(fgets(line, MAX_COOKIE_LINE, fp)) {
-        if(checkprefix("Set-Cookie:", line)) {
-          /* This is a cookie line, get it! */
-          lineptr=&line[11];
-          headerline=TRUE;
-        }
-        else {
-          lineptr=line;
-          headerline=FALSE;
-        }
-        while(*lineptr && ISBLANK(*lineptr))
-          lineptr++;
-
-        Curl_cookie_add(data, c, headerline, lineptr, NULL, NULL);
+    line = malloc(MAX_COOKIE_LINE);
+    if(!line)
+      goto fail;
+    while(fgets(line, MAX_COOKIE_LINE, fp)) {
+      if(checkprefix("Set-Cookie:", line)) {
+        /* This is a cookie line, get it! */
+        lineptr=&line[11];
+        headerline=TRUE;
       }
-      free(line); /* free the line buffer */
+      else {
+        lineptr=line;
+        headerline=FALSE;
+      }
+      while(*lineptr && ISBLANK(*lineptr))
+        lineptr++;
+
+      Curl_cookie_add(data, c, headerline, lineptr, NULL, NULL);
     }
+    free(line); /* free the line buffer */
+
     if(fromfile)
       fclose(fp);
   }
@@ -948,6 +967,16 @@ struct CookieInfo *Curl_cookie_init(struct SessionHandle *data,
   c->running = TRUE;          /* now, we're running */
 
   return c;
+
+fail:
+  Curl_safefree(line);
+  if(!inc)
+    /* Only clean up if we allocated it here, as the original could still be in
+     * use by a share handle */
+    Curl_cookie_cleanup(c);
+  if(fromfile && fp)
+    fclose(fp);
+  return NULL; /* out of memory */
 }
 
 /* sort this so that the longest path gets before the shorter path */
@@ -1127,16 +1156,14 @@ void Curl_cookie_clearall(struct CookieInfo *cookies)
 void Curl_cookie_freelist(struct Cookie *co, bool cookiestoo)
 {
   struct Cookie *next;
-  if(co) {
-    while(co) {
-      next = co->next;
-      if(cookiestoo)
-        freecookie(co);
-      else
-        free(co); /* we only free the struct since the "members" are all just
-                     pointed out in the main cookie list! */
-      co = next;
-    }
+  while(co) {
+    next = co->next;
+    if(cookiestoo)
+      freecookie(co);
+    else
+      free(co); /* we only free the struct since the "members" are all just
+                   pointed out in the main cookie list! */
+    co = next;
   }
 }
 
@@ -1183,23 +1210,15 @@ void Curl_cookie_clearsess(struct CookieInfo *cookies)
  *
  * Curl_cookie_cleanup()
  *
- * Free a "cookie object" previous created with cookie_init().
+ * Free a "cookie object" previous created with Curl_cookie_init().
  *
  ****************************************************************************/
 void Curl_cookie_cleanup(struct CookieInfo *c)
 {
-  struct Cookie *co;
-  struct Cookie *next;
   if(c) {
     if(c->filename)
       free(c->filename);
-    co = c->cookies;
-
-    while(co) {
-      next = co->next;
-      freecookie(co);
-      co = next;
-    }
+    Curl_cookie_freelist(c->cookies, TRUE);
     free(c); /* free the base struct as well */
   }
 }

lib/curl_addrinfo.c

@@ -33,6 +33,9 @@
 #ifdef HAVE_ARPA_INET_H
 #  include <arpa/inet.h>
 #endif
+#ifdef HAVE_SYS_UN_H
+#  include <sys/un.h>
+#endif
 
 #ifdef __VMS
 #  include <in.h>
@@ -477,6 +480,42 @@ Curl_addrinfo *Curl_str2addr(char *address, int port)
   return NULL; /* bad input format */
 }
 
+#ifdef USE_UNIX_SOCKETS
+/**
+ * Given a path to a Unix domain socket, return a newly allocated Curl_addrinfo
+ * struct initialized with this path.
+ */
+Curl_addrinfo *Curl_unix2addr(const char *path)
+{
+  Curl_addrinfo *ai;
+  struct sockaddr_un *sa_un;
+  size_t path_len;
+
+  ai = calloc(1, sizeof(Curl_addrinfo));
+  if(!ai)
+    return NULL;
+  if((ai->ai_addr = calloc(1, sizeof(struct sockaddr_un))) == NULL) {
+    free(ai);
+    return NULL;
+  }
+  /* sun_path must be able to store the NUL-terminated path */
+  path_len = strlen(path);
+  if(path_len >= sizeof(sa_un->sun_path)) {
+    free(ai->ai_addr);
+    free(ai);
+    return NULL;
+  }
+
+  ai->ai_family = AF_UNIX;
+  ai->ai_socktype = SOCK_STREAM; /* assume reliable transport for HTTP */
+  ai->ai_addrlen = (curl_socklen_t) sizeof(struct sockaddr_un);
+  sa_un = (void *) ai->ai_addr;
+  sa_un->sun_family = AF_UNIX;
+  memcpy(sa_un->sun_path, path, path_len + 1); /* copy NUL byte */
+  return ai;
+}
+#endif
+
 #if defined(CURLDEBUG) && defined(HAVE_FREEADDRINFO)
 /*
  * curl_dofreeaddrinfo()

lib/curl_addrinfo.h

@@ -79,6 +79,10 @@ Curl_ip2addr(int af, const void *inaddr, const char *hostname, int port);
 
 Curl_addrinfo *Curl_str2addr(char *dotted, int port);
 
+#ifdef USE_UNIX_SOCKETS
+Curl_addrinfo *Curl_unix2addr(const char *path);
+#endif
+
 #if defined(CURLDEBUG) && defined(HAVE_FREEADDRINFO)
 void
 curl_dofreeaddrinfo(struct addrinfo *freethis,

lib/curl_config.h.cmake

@@ -467,6 +467,9 @@
 /* Define to 1 if you have a working POSIX-style strerror_r function. */
 #cmakedefine HAVE_POSIX_STRERROR_R 1
 
+/* Define to 1 if you have the <pthread.h> header file */
+#cmakedefine HAVE_PTHREAD_H 1
+
 /* Define to 1 if you have the <pwd.h> header file. */
 #cmakedefine HAVE_PWD_H 1
 
@@ -879,6 +882,9 @@
 /* Define if you want to enable c-ares support */
 #cmakedefine USE_ARES 1
 
+/* Define if you want to enable POSIX threaded DNS lookup */
+#cmakedefine USE_THREADS_POSIX 1
+
 /* Define to disable non-blocking sockets. */
 #cmakedefine USE_BLOCKING_SOCKETS 1
 
@@ -906,6 +912,9 @@
 /* if SSL is enabled */
 #cmakedefine USE_SSLEAY 1
 
+/* if Unix domain sockets are enabled  */
+#cmakedefine USE_UNIX_SOCKETS
+
 /* Define to 1 if you are building a Windows target without large file
    support. */
 #cmakedefine USE_WIN32_LARGE_FILES 1

lib/curl_endian.c

@@ -0,0 +1,230 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+#include "curl_setup.h"
+
+#include "curl_endian.h"
+
+/*
+ * Curl_read16_le()
+ *
+ * This function converts a 16-bit integer from the little endian format, as
+ * used in the incoming package to whatever endian format we're using
+ * natively.
+ *
+ * Parameters:
+ *
+ * buf      [in]     - A pointer to a 2 byte buffer.
+ *
+ * Returns the integer.
+ */
+unsigned short Curl_read16_le(unsigned char *buf)
+{
+  return (unsigned short)(((unsigned short)buf[0]) |
+                          ((unsigned short)buf[1] << 8));
+}
+
+/*
+ * Curl_read32_le()
+ *
+ * This function converts a 32-bit integer from the little endian format, as
+ * used in the incoming package to whatever endian format we're using
+ * natively.
+ *
+ * Parameters:
+ *
+ * buf      [in]     - A pointer to a 4 byte buffer.
+ *
+ * Returns the integer.
+ */
+unsigned int Curl_read32_le(unsigned char *buf)
+{
+  return ((unsigned int)buf[0]) | ((unsigned int)buf[1] << 8) |
+         ((unsigned int)buf[2] << 16) | ((unsigned int)buf[3] << 24);
+}
+
+/*
+ * Curl_read64_le()
+ *
+ * This function converts a 64-bit integer from the little endian format, as
+ * used in the incoming package to whatever endian format we're using
+ * natively.
+ *
+ * Parameters:
+ *
+ * buf      [in]     - A pointer to a 8 byte buffer.
+ *
+ * Returns the integer.
+ */
+#if defined(HAVE_LONGLONG)
+unsigned long long Curl_read64_le(unsigned char *buf)
+{
+  return ((unsigned long long)buf[0]) |
+         ((unsigned long long)buf[1] << 8) |
+         ((unsigned long long)buf[2] << 16) |
+         ((unsigned long long)buf[3] << 24) |
+         ((unsigned long long)buf[4] << 32) |
+         ((unsigned long long)buf[5] << 40) |
+         ((unsigned long long)buf[6] << 48) |
+         ((unsigned long long)buf[7] << 56);
+}
+#else
+unsigned __int64 Curl_read64_le(unsigned char *buf)
+{
+  return ((unsigned __int64)buf[0]) | ((unsigned __int64)buf[1] << 8) |
+         ((unsigned __int64)buf[2] << 16) | ((unsigned __int64)buf[3] << 24) |
+         ((unsigned __int64)buf[4] << 32) | ((unsigned __int64)buf[5] << 40) |
+         ((unsigned __int64)buf[6] << 48) | ((unsigned __int64)buf[7] << 56);
+}
+#endif
+
+/*
+ * Curl_read16_be()
+ *
+ * This function converts a 16-bit integer from the big endian format, as
+ * used in the incoming package to whatever endian format we're using
+ * natively.
+ *
+ * Parameters:
+ *
+ * buf      [in]     - A pointer to a 2 byte buffer.
+ *
+ * Returns the integer.
+ */
+unsigned short Curl_read16_be(unsigned char *buf)
+{
+  return (unsigned short)(((unsigned short)buf[0] << 8) |
+                          ((unsigned short)buf[1]));
+}
+
+/*
+ * Curl_read32_be()
+ *
+ * This function converts a 32-bit integer from the big endian format, as
+ * used in the incoming package to whatever endian format we're using
+ * natively.
+ *
+ * Parameters:
+ *
+ * buf      [in]     - A pointer to a 4 byte buffer.
+ *
+ * Returns the integer.
+ */
+unsigned int Curl_read32_be(unsigned char *buf)
+{
+  return ((unsigned int)buf[0] << 24) | ((unsigned int)buf[1] << 16) |
+         ((unsigned int)buf[2] << 8) | ((unsigned int)buf[3]);
+}
+
+/*
+ * Curl_read64_be()
+ *
+ * This function converts a 64-bit integer from the big endian format, as
+ * used in the incoming package to whatever endian format we're using
+ * natively.
+ *
+ * Parameters:
+ *
+ * buf      [in]     - A pointer to a 8 byte buffer.
+ *
+ * Returns the integer.
+ */
+#if defined(HAVE_LONGLONG)
+unsigned long long Curl_read64_be(unsigned char *buf)
+{
+  return ((unsigned long long)buf[0] << 56) |
+         ((unsigned long long)buf[1] << 48) |
+         ((unsigned long long)buf[2] << 40) |
+         ((unsigned long long)buf[3] << 32) |
+         ((unsigned long long)buf[4] << 24) |
+         ((unsigned long long)buf[5] << 16) |
+         ((unsigned long long)buf[6] << 8) |
+         ((unsigned long long)buf[7]);
+}
+#else
+unsigned __int64 Curl_read64_be(unsigned char *buf)
+{
+  return ((unsigned __int64)buf[0] << 56) | ((unsigned __int64)buf[1] << 48) |
+         ((unsigned __int64)buf[2] << 40) | ((unsigned __int64)buf[3] << 32) |
+         ((unsigned __int64)buf[4] << 24) | ((unsigned __int64)buf[5] << 16) |
+         ((unsigned __int64)buf[6] << 8) | ((unsigned __int64)buf[7]);
+}
+#endif
+
+/*
+ * Curl_write16_le()
+ *
+ * This function converts a 16-bit integer from the native endian format,
+ * to little endian format ready for sending down the wire.
+ *
+ * Parameters:
+ *
+ * value    [in]     - The 16-bit integer value.
+ * buffer   [in]     - A pointer to the output buffer.
+ */
+void Curl_write16_le(const short value, unsigned char *buffer)
+{
+  buffer[0] = (char)(value & 0x00FF);
+  buffer[1] = (char)((value & 0xFF00) >> 8);
+}
+
+/*
+ * Curl_write32_le()
+ *
+ * This function converts a 32-bit integer from the native endian format,
+ * to little endian format ready for sending down the wire.
+ *
+ * Parameters:
+ *
+ * value    [in]     - The 32-bit integer value.
+ * buffer   [in]     - A pointer to the output buffer.
+ */
+void Curl_write32_le(const int value, unsigned char *buffer)
+{
+  buffer[0] = (char)(value & 0x000000FF);
+  buffer[1] = (char)((value & 0x0000FF00) >> 8);
+  buffer[2] = (char)((value & 0x00FF0000) >> 16);
+  buffer[3] = (char)((value & 0xFF000000) >> 24);
+}
+
+#if (CURL_SIZEOF_CURL_OFF_T > 4)
+/*
+ * Curl_write64_le()
+ *
+ * This function converts a 64-bit integer from the native endian format,
+ * to little endian format ready for sending down the wire.
+ *
+ * Parameters:
+ *
+ * value    [in]     - The 64-bit integer value.
+ * buffer   [in]     - A pointer to the output buffer.
+ */
+#if defined(HAVE_LONGLONG)
+void Curl_write64_le(const long long value, unsigned char *buffer)
+#else
+void Curl_write64_le(const __int64 value, unsigned char *buffer)
+#endif
+{
+  Curl_write32_le((int)value, buffer);
+  Curl_write32_le((int)(value >> 32), buffer + 4);
+}
+#endif

lib/curl_endian.h

@@ -0,0 +1,70 @@
+#ifndef HEADER_CURL_ENDIAN_H
+#define HEADER_CURL_ENDIAN_H
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at http://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+
+/* Converts a 16-bit integer from little endian */
+unsigned short Curl_read16_le(unsigned char *buf);
+
+/* Converts a 32-bit integer from little endian */
+unsigned int Curl_read32_le(unsigned char *buf);
+
+#if (CURL_SIZEOF_CURL_OFF_T > 4)
+/* Converts a 64-bit integer from little endian */
+#if defined(HAVE_LONGLONG)
+unsigned long long Curl_read64_le(unsigned char *buf);
+#else
+unsigned __int64 Curl_read64_le(unsigned char *buf);
+#endif
+#endif
+
+/* Converts a 16-bit integer from big endian */
+unsigned short Curl_read16_be(unsigned char *buf);
+
+/* Converts a 32-bit integer from big endian */
+unsigned int Curl_read32_be(unsigned char *buf);
+
+#if (CURL_SIZEOF_CURL_OFF_T > 4)
+/* Converts a 64-bit integer from big endian */
+#if defined(HAVE_LONGLONG)
+unsigned long long Curl_read64_be(unsigned char *buf);
+#else
+unsigned __int64 Curl_read64_be(unsigned char *buf);
+#endif
+#endif
+
+/* Converts a 16-bit integer to little endian */
+void Curl_write16_le(const short value, unsigned char *buffer);
+
+/* Converts a 32-bit integer to little endian */
+void Curl_write32_le(const int value, unsigned char *buffer);
+
+#if (CURL_SIZEOF_CURL_OFF_T > 4)
+/* Converts a 64-bit integer to little endian */
+#if defined(HAVE_LONGLONG)
+void Curl_write64_le(const long long value, unsigned char *buffer);
+#else
+void Curl_write64_le(const __int64 value, unsigned char *buffer);
+#endif
+#endif
+
+#endif /* HEADER_CURL_ENDIAN_H */

lib/curl_gssapi.c

@@ -41,9 +41,13 @@ OM_uint32 Curl_gss_init_sec_context(
     gss_channel_bindings_t input_chan_bindings,
     gss_buffer_t input_token,
     gss_buffer_t output_token,
+    const bool mutual_auth,
     OM_uint32 *ret_flags)
 {
-  OM_uint32 req_flags = GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG;
+  OM_uint32 req_flags = GSS_C_REPLAY_FLAG;
+
+  if(mutual_auth)
+    req_flags |= GSS_C_MUTUAL_FLAG;
 
   if(data->set.gssapi_delegation & CURLGSSAPI_DELEGATION_POLICY_FLAG) {
 #ifdef GSS_C_DELEG_POLICY_FLAG
@@ -72,4 +76,45 @@ OM_uint32 Curl_gss_init_sec_context(
                               NULL /* time_rec */);
 }
 
+/*
+ * Curl_gss_log_error()
+ *
+ * This is used to log a GSS-API error status.
+ *
+ * Parameters:
+ *
+ * data    [in] - The session handle.
+ * status  [in] - The status code.
+ * prefix  [in] - The prefix of the log message.
+ */
+void Curl_gss_log_error(struct SessionHandle *data, OM_uint32 status,
+                        const char *prefix)
+{
+  OM_uint32 maj_stat;
+  OM_uint32 min_stat;
+  OM_uint32 msg_ctx = 0;
+  gss_buffer_desc status_string;
+  char buf[1024];
+  size_t len;
+
+  snprintf(buf, sizeof(buf), "%s", prefix);
+  len = strlen(buf);
+  do {
+    maj_stat = gss_display_status(&min_stat,
+                                  status,
+                                  GSS_C_MECH_CODE,
+                                  GSS_C_NO_OID,
+                                  &msg_ctx,
+                                  &status_string);
+    if(sizeof(buf) > len + status_string.length + 1) {
+      snprintf(buf + len, sizeof(buf) - len,
+        ": %s", (char*)status_string.value);
+      len += status_string.length;
+    }
+    gss_release_buffer(&min_stat, &status_string);
+  } while(!GSS_ERROR(maj_stat) && msg_ctx != 0);
+
+  infof(data, "%s\n", buf);
+}
+
 #endif /* HAVE_GSSAPI */

lib/curl_gssapi.h

@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2011 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -43,7 +43,6 @@ extern gss_OID_desc Curl_spnego_mech_oid;
 extern gss_OID_desc Curl_krb5_mech_oid;
 
 /* Common method for using GSS-API */
-
 OM_uint32 Curl_gss_init_sec_context(
     struct SessionHandle *data,
     OM_uint32 *minor_status,
@@ -53,8 +52,13 @@ OM_uint32 Curl_gss_init_sec_context(
     gss_channel_bindings_t input_chan_bindings,
     gss_buffer_t input_token,
     gss_buffer_t output_token,
+    const bool mutual_auth,
     OM_uint32 *ret_flags);
 
+/* Helper to log a GSS-API error status */
+void Curl_gss_log_error(struct SessionHandle *data, OM_uint32 status,
+                        const char *prefix);
+
 #endif /* HAVE_GSSAPI */
 
 #endif /* HEADER_CURL_GSSAPI_H */

lib/curl_md4.h

@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -24,10 +24,12 @@
 
 #include "curl_setup.h"
 
-/* NSS crypto library does not provide the MD4 hash algorithm, so that we have
- * a local implementation of it */
-#ifdef USE_NSS
+/* NSS and OS/400 crypto library do not provide the MD4 hash algorithm, so
+ * that we have a local implementation of it */
+#if defined(USE_NSS) || defined(USE_OS400CRYPTO)
+
 void Curl_md4it(unsigned char *output, const unsigned char *input, size_t len);
-#endif /* USE_NSS */
+
+#endif /* defined(USE_NSS) || defined(USE_OS400CRYPTO) */
 
 #endif /* HEADER_CURL_MD4_H */

lib/curl_multibyte.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -22,7 +22,8 @@
 
 #include "curl_setup.h"
 
-#if defined(USE_WIN32_IDN) || (defined(USE_WINDOWS_SSPI) && defined(UNICODE))
+#if defined(USE_WIN32_IDN) || ((defined(USE_WINDOWS_SSPI) || \
+                                defined(CURL_LDAP_WIN)) && defined(UNICODE))
 
  /*
   * MultiByte conversions using Windows kernel32 library.
@@ -79,4 +80,4 @@ char *Curl_convert_wchar_to_UTF8(const wchar_t *str_w)
   return str_utf8;
 }
 
-#endif /* USE_WIN32_IDN || (USE_WINDOWS_SSPI && UNICODE) */
+#endif /* USE_WIN32_IDN || ((USE_WINDOWS_SSPI || CURL_LDAP_WIN) && UNICODE) */

lib/curl_multibyte.h

@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -23,7 +23,8 @@
  ***************************************************************************/
 #include "curl_setup.h"
 
-#if defined(USE_WIN32_IDN) || (defined(USE_WINDOWS_SSPI) && defined(UNICODE))
+#if defined(USE_WIN32_IDN) || ((defined(USE_WINDOWS_SSPI) || \
+                                defined(CURL_LDAP_WIN)) && defined(UNICODE))
 
  /*
   * MultiByte conversions using Windows kernel32 library.
@@ -32,10 +33,11 @@
 wchar_t *Curl_convert_UTF8_to_wchar(const char *str_utf8);
 char *Curl_convert_wchar_to_UTF8(const wchar_t *str_w);
 
-#endif /* USE_WIN32_IDN || (USE_WINDOWS_SSPI && UNICODE) */
+#endif /* USE_WIN32_IDN || ((USE_WINDOWS_SSPI || CURL_LDAP_WIN) && UNICODE) */
 
 
-#if defined(USE_WIN32_IDN) || defined(USE_WINDOWS_SSPI)
+#if defined(USE_WIN32_IDN) || defined(USE_WINDOWS_SSPI) || \
+    defined(CURL_LDAP_WIN)
 
 /*
  * Macros Curl_convert_UTF8_to_tchar(), Curl_convert_tchar_to_UTF8()
@@ -85,6 +87,6 @@ typedef union {
 
 #endif /* UNICODE */
 
-#endif /* USE_WIN32_IDN || USE_WINDOWS_SSPI */
+#endif /* USE_WIN32_IDN || USE_WINDOWS_SSPI || CURL_LDAP_WIN */
 
 #endif /* HEADER_CURL_MULTIBYTE_H */

lib/curl_ntlm.c

@@ -22,7 +22,7 @@
 
 #include "curl_setup.h"
 
-#ifdef USE_NTLM
+#if !defined(CURL_DISABLE_HTTP) && defined(USE_NTLM)
 
 /*
  * NTLM details:
@@ -39,6 +39,7 @@
 #include "curl_ntlm.h"
 #include "curl_ntlm_msgs.h"
 #include "curl_ntlm_wb.h"
+#include "curl_sasl.h"
 #include "url.h"
 #include "curl_memory.h"
 
@@ -69,12 +70,6 @@ CURLcode Curl_input_ntlm(struct connectdata *conn,
   struct ntlmdata *ntlm;
   CURLcode result = CURLE_OK;
 
-#ifdef USE_NSS
-  result = Curl_nss_force_init(conn->data);
-  if(result)
-    return result;
-#endif
-
   ntlm = proxy ? &conn->proxyntlm : &conn->ntlm;
 
   if(checkprefix("NTLM", header)) {
@@ -84,7 +79,7 @@ CURLcode Curl_input_ntlm(struct connectdata *conn,
       header++;
 
     if(*header) {
-      result = Curl_ntlm_decode_type2_message(conn->data, header, ntlm);
+      result = Curl_sasl_decode_ntlm_type2_message(conn->data, header, ntlm);
       if(result)
         return result;
 
@@ -174,8 +169,8 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy)
   case NTLMSTATE_TYPE1:
   default: /* for the weird cases we (re)start here */
     /* Create a type-1 message */
-    result = Curl_ntlm_create_type1_message(userp, passwdp, ntlm, &base64,
-                                            &len);
+    result = Curl_sasl_create_ntlm_type1_message(userp, passwdp, ntlm, &base64,
+                                                 &len);
     if(result)
       return result;
 
@@ -194,8 +189,8 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy)
 
   case NTLMSTATE_TYPE2:
     /* We already received the type-2 message, create a type-3 message */
-    result = Curl_ntlm_create_type3_message(conn->data, userp, passwdp,
-                                            ntlm, &base64, &len);
+    result = Curl_sasl_create_ntlm_type3_message(conn->data, userp, passwdp,
+                                                 ntlm, &base64, &len);
     if(result)
       return result;
 
@@ -228,22 +223,12 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy)
 
 void Curl_http_ntlm_cleanup(struct connectdata *conn)
 {
-#ifdef USE_WINDOWS_SSPI
-  Curl_ntlm_sspi_cleanup(&conn->ntlm);
-  Curl_ntlm_sspi_cleanup(&conn->proxyntlm);
-#elif defined(NTLM_WB_ENABLED)
+  Curl_sasl_ntlm_cleanup(&conn->ntlm);
+  Curl_sasl_ntlm_cleanup(&conn->proxyntlm);
+
+#if defined(NTLM_WB_ENABLED)
   Curl_ntlm_wb_cleanup(conn);
-#else
-  (void)conn;
-#endif
-
-#ifndef USE_WINDOWS_SSPI
-  Curl_safefree(conn->ntlm.target_info);
-  conn->ntlm.target_info_len = 0;
-
-  Curl_safefree(conn->proxyntlm.target_info);
-  conn->proxyntlm.target_info_len = 0;
 #endif
 }
 
-#endif /* USE_NTLM */
+#endif /* !CURL_DISABLE_HTTP && USE_NTLM */

lib/curl_ntlm.h

@@ -24,7 +24,7 @@
 
 #include "curl_setup.h"
 
-#ifdef USE_NTLM
+#if !defined(CURL_DISABLE_HTTP) && defined(USE_NTLM)
 
 /* this is for ntlm header input */
 CURLcode Curl_input_ntlm(struct connectdata *conn, bool proxy,
@@ -35,6 +35,6 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy);
 
 void Curl_http_ntlm_cleanup(struct connectdata *conn);
 
-#endif
+#endif /* !CURL_DISABLE_HTTP && USE_NTLM */
 
 #endif /* HEADER_CURL_NTLM_H */

lib/curl_ntlm_core.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -22,7 +22,7 @@
 
 #include "curl_setup.h"
 
-#if defined(USE_NTLM) && !defined(USE_WINDOWS_SSPI)
+#if defined(USE_NTLM)
 
 /*
  * NTLM details:
@@ -31,6 +31,8 @@
  * http://www.innovation.ch/java/ntlm.html
  */
 
+#if !defined(USE_WINDOWS_SSPI) || defined(USE_WIN32_CRYPTO)
+
 #ifdef USE_SSLEAY
 
 #  ifdef USE_OPENSSL
@@ -87,6 +89,11 @@
 #  include <CommonCrypto/CommonCryptor.h>
 #  include <CommonCrypto/CommonDigest.h>
 
+#elif defined(USE_OS400CRYPTO)
+#  include "cipher.mih"  /* mih/cipher */
+#  include "curl_md4.h"
+#elif defined(USE_WIN32_CRYPTO)
+#  include <wincrypt.h>
 #else
 #  error "Can't compile NTLM support without a crypto library."
 #endif
@@ -99,6 +106,7 @@
 #include "curl_md5.h"
 #include "curl_hmac.h"
 #include "warnless.h"
+#include "curl_endian.h"
 
 #define _MPRINTF_REPLACE /* use our functions only */
 #include <curl/mprintf.h>
@@ -110,34 +118,9 @@
 #define NTLMv2_BLOB_SIGNATURE "\x01\x01\x00\x00"
 #define NTLMv2_BLOB_LEN       (44 -16 + ntlm->target_info_len + 4)
 
-#ifdef USE_SSLEAY
 /*
- * Turns a 56 bit key into the 64 bit, odd parity key and sets the key.  The
- * key schedule ks is also set.
- */
-static void setup_des_key(const unsigned char *key_56,
-                          DES_key_schedule DESKEYARG(ks))
-{
-  DES_cblock key;
-
-  key[0] = key_56[0];
-  key[1] = (unsigned char)(((key_56[0] << 7) & 0xFF) | (key_56[1] >> 1));
-  key[2] = (unsigned char)(((key_56[1] << 6) & 0xFF) | (key_56[2] >> 2));
-  key[3] = (unsigned char)(((key_56[2] << 5) & 0xFF) | (key_56[3] >> 3));
-  key[4] = (unsigned char)(((key_56[3] << 4) & 0xFF) | (key_56[4] >> 4));
-  key[5] = (unsigned char)(((key_56[4] << 3) & 0xFF) | (key_56[5] >> 5));
-  key[6] = (unsigned char)(((key_56[5] << 2) & 0xFF) | (key_56[6] >> 6));
-  key[7] = (unsigned char) ((key_56[6] << 1) & 0xFF);
-
-  DES_set_odd_parity(&key);
-  DES_set_key(&key, ks);
-}
-
-#else /* defined(USE_SSLEAY) */
-
-/*
- * Turns a 56 bit key into the 64 bit, odd parity key.  Used by GnuTLS and NSS.
- */
+* Turns a 56-bit key into being 64-bit wide.
+*/
 static void extend_key_56_to_64(const unsigned char *key_56, char *key)
 {
   key[0] = key_56[0];
@@ -150,7 +133,22 @@ static void extend_key_56_to_64(const unsigned char *key_56, char *key)
   key[7] = (unsigned char) ((key_56[6] << 1) & 0xFF);
 }
 
-#if defined(USE_GNUTLS_NETTLE)
+#ifdef USE_SSLEAY
+/*
+ * Turns a 56 bit key into the 64 bit, odd parity key and sets the key.  The
+ * key schedule ks is also set.
+ */
+static void setup_des_key(const unsigned char *key_56,
+                          DES_key_schedule DESKEYARG(ks))
+{
+  DES_cblock key;
+
+  extend_key_56_to_64(key_56, (char *) key);
+  DES_set_odd_parity(&key);
+  DES_set_key(&key, ks);
+}
+
+#elif defined(USE_GNUTLS_NETTLE)
 
 static void setup_des_key(const unsigned char *key_56,
                           struct des_ctx *des)
@@ -249,9 +247,66 @@ static bool encrypt_des(const unsigned char *in, unsigned char *out,
   return err == kCCSuccess;
 }
 
-#endif /* defined(USE_DARWINSSL) */
+#elif defined(USE_OS400CRYPTO)
 
-#endif /* defined(USE_SSLEAY) */
+static bool encrypt_des(const unsigned char *in, unsigned char *out,
+                        const unsigned char *key_56)
+{
+  char key[8];
+  _CIPHER_Control_T ctl;
+
+  ctl.Func_ID = ENCRYPT_ONLY;
+  ctl.Data_Len = 8;
+  extend_key_56_to_64(key_56, ctl.Crypto_Key);
+  _CIPHER((_SPCPTR *) &out, &ctl, (_SPCPTR *) &in);
+  return TRUE;
+}
+
+#elif defined(USE_WIN32_CRYPTO)
+
+static bool encrypt_des(const unsigned char *in, unsigned char *out,
+                        const unsigned char *key_56)
+{
+  HCRYPTPROV hprov;
+  HCRYPTKEY hkey;
+  struct {
+    BLOBHEADER hdr;
+    unsigned int len;
+    char key[8];
+  } blob;
+  DWORD len = 8;
+
+  /* Acquire the crypto provider */
+  if(!CryptAcquireContext(&hprov, NULL, NULL, PROV_RSA_FULL,
+                          CRYPT_VERIFYCONTEXT))
+    return FALSE;
+
+  memset(&blob, 0, sizeof(blob));
+  extend_key_56_to_64(key_56, blob.key);
+  blob.hdr.bType = PLAINTEXTKEYBLOB;
+  blob.hdr.bVersion = 2;
+  blob.hdr.aiKeyAlg = CALG_DES;
+  blob.len = sizeof(blob.key);
+
+  /* Import the key */
+  if(!CryptImportKey(hprov, (BYTE *) &blob, sizeof(blob), 0, 0, &hkey)) {
+    CryptReleaseContext(hprov, 0);
+
+    return FALSE;
+  }
+
+  memcpy(out, in, 8);
+
+  /* Perform the encryption */
+  CryptEncrypt(hkey, 0, FALSE, 0, out, &len, len);
+
+  CryptDestroyKey(hkey);
+  CryptReleaseContext(hprov, 0);
+
+  return TRUE;
+}
+
+#endif /* defined(USE_WIN32_CRYPTO) */
 
  /*
   * takes a 21 byte array and treats it as 3 56-bit DES keys. The
@@ -301,7 +356,8 @@ void Curl_ntlm_core_lm_resp(const unsigned char *keys,
   setup_des_key(keys + 14, &des);
   gcry_cipher_encrypt(des, results + 16, 8, plaintext, 8);
   gcry_cipher_close(des);
-#elif defined(USE_NSS) || defined(USE_DARWINSSL)
+#elif defined(USE_NSS) || defined(USE_DARWINSSL) || defined(USE_OS400CRYPTO) \
+  || defined(USE_WIN32_CRYPTO)
   encrypt_des(plaintext, results, keys);
   encrypt_des(plaintext, results + 8, keys + 7);
   encrypt_des(plaintext, results + 16, keys + 14);
@@ -364,7 +420,8 @@ CURLcode Curl_ntlm_core_mk_lm_hash(struct SessionHandle *data,
     setup_des_key(pw + 7, &des);
     gcry_cipher_encrypt(des, lmbuffer + 8, 8, magic, 8);
     gcry_cipher_close(des);
-#elif defined(USE_NSS) || defined(USE_DARWINSSL)
+#elif defined(USE_NSS) || defined(USE_DARWINSSL) || defined(USE_OS400CRYPTO) \
+  || defined(USE_WIN32_CRYPTO)
     encrypt_des(magic, lmbuffer, pw);
     encrypt_des(magic, lmbuffer + 8, pw + 7);
 #endif
@@ -386,6 +443,8 @@ static void ascii_to_unicode_le(unsigned char *dest, const char *src,
   }
 }
 
+#if USE_NTLM_V2 && !defined(USE_WINDOWS_SSPI)
+
 static void ascii_uppercase_to_unicode_le(unsigned char *dest,
                                           const char *src, size_t srclen)
 {
@@ -396,23 +455,7 @@ static void ascii_uppercase_to_unicode_le(unsigned char *dest,
   }
 }
 
-static void write32_le(const int value, unsigned char *buffer)
-{
-  buffer[0] = (char)(value & 0x000000FF);
-  buffer[1] = (char)((value & 0x0000FF00) >> 8);
-  buffer[2] = (char)((value & 0x00FF0000) >> 16);
-  buffer[3] = (char)((value & 0xFF000000) >> 24);
-}
-
-#if defined(HAVE_LONGLONG)
-static void write64_le(const long long value, unsigned char *buffer)
-#else
-static void write64_le(const __int64 value, unsigned char *buffer)
-#endif
-{
-  write32_le((int)value, buffer);
-  write32_le((int)(value >> 32), buffer + 4);
-}
+#endif /* USE_NTLM_V2 && !USE_WINDOWS_SSPI */
 
 /*
  * Set up nt hashed passwords
@@ -455,10 +498,23 @@ CURLcode Curl_ntlm_core_mk_nt_hash(struct SessionHandle *data,
     gcry_md_write(MD4pw, pw, 2 * len);
     memcpy (ntbuffer, gcry_md_read (MD4pw, 0), MD4_DIGEST_LENGTH);
     gcry_md_close(MD4pw);
-#elif defined(USE_NSS)
+#elif defined(USE_NSS) || defined(USE_OS400CRYPTO)
     Curl_md4it(ntbuffer, pw, 2 * len);
 #elif defined(USE_DARWINSSL)
     (void)CC_MD4(pw, (CC_LONG)(2 * len), ntbuffer);
+#elif defined(USE_WIN32_CRYPTO)
+    HCRYPTPROV hprov;
+    if(CryptAcquireContext(&hprov, NULL, NULL, PROV_RSA_FULL,
+                           CRYPT_VERIFYCONTEXT)) {
+      HCRYPTHASH hhash;
+      if(CryptCreateHash(hprov, CALG_MD4, 0, 0, &hhash)) {
+        DWORD length = 16;
+        CryptHashData(hhash, pw, (unsigned int)len * 2, 0);
+        CryptGetHashParam(hhash, HP_HASHVAL, ntbuffer, &length, 0);
+        CryptDestroyHash(hhash);
+      }
+      CryptReleaseContext(hprov, 0);
+    }
 #endif
 
     memset(ntbuffer + 16, 0, 21 - 16);
@@ -469,6 +525,8 @@ CURLcode Curl_ntlm_core_mk_nt_hash(struct SessionHandle *data,
   return CURLE_OK;
 }
 
+#if USE_NTLM_V2 && !defined(USE_WINDOWS_SSPI)
+
 /* This returns the HMAC MD5 digest */
 CURLcode Curl_hmac_md5(const unsigned char *key, unsigned int keylen,
                        const unsigned char *data, unsigned int datalen,
@@ -588,7 +646,7 @@ CURLcode Curl_ntlm_core_mk_ntlmv2_resp(unsigned char *ntlmv2hash,
            "%c%c%c%c",  /* Reserved = 0 */
            0, 0, 0, 0);
 
-  write64_le(tw, ptr + 24);
+  Curl_write64_le(tw, ptr + 24);
   memcpy(ptr + 32, challenge_client, 8);
   memcpy(ptr + 44, ntlm->target_info, ntlm->target_info_len);
 
@@ -649,6 +707,10 @@ CURLcode  Curl_ntlm_core_mk_lmv2_resp(unsigned char *ntlmv2hash,
   return result;
 }
 
+#endif /* USE_NTLM_V2 && !USE_WINDOWS_SSPI */
+
 #endif /* USE_NTRESPONSES */
 
-#endif /* USE_NTLM && !USE_WINDOWS_SSPI */
+#endif /* !USE_WINDOWS_SSPI || USE_WIN32_CRYPTO */
+
+#endif /* USE_NTLM */

lib/curl_ntlm_core.h

@@ -24,7 +24,9 @@
 
 #include "curl_setup.h"
 
-#if defined(USE_NTLM) && !defined(USE_WINDOWS_SSPI)
+#if defined(USE_NTLM)
+
+#if !defined(USE_WINDOWS_SSPI) || defined(USE_WIN32_CRYPTO)
 
 #ifdef USE_SSLEAY
 #  if !defined(OPENSSL_VERSION_NUMBER) && \
@@ -34,19 +36,28 @@
 #  ifdef OPENSSL_NO_MD4
 #    define USE_NTRESPONSES 0
 #    define USE_NTLM2SESSION 0
+#    define USE_NTLM_V2 0
 #  endif
 #endif
 
-/*
- * Define USE_NTRESPONSES to 1 in order to make the type-3 message include
- * the NT response message. Define USE_NTLM2SESSION to 1 in order to make
- * the type-3 message include the NTLM2Session response message, requires
- * USE_NTRESPONSES defined to 1.
- */
-
+/* Define USE_NTRESPONSES to 1 in order to make the type-3 message include
+ * the NT response message. */
 #ifndef USE_NTRESPONSES
-#  define USE_NTRESPONSES 1
-#  define USE_NTLM2SESSION 1
+#define USE_NTRESPONSES 1
+#endif
+
+/* Define USE_NTLM2SESSION to 1 in order to make the type-3 message include the
+   NTLM2Session response message, requires USE_NTRESPONSES defined to 1 and a
+   Crypto engine that we have curl_ssl_md5sum() for. */
+#if !defined(USE_NTLM2SESSION) && USE_NTRESPONSES && !defined(USE_WIN32_CRYPTO)
+#define USE_NTLM2SESSION 1
+#endif
+
+/* Define USE_NTLM_V2 to 1 in order to allow the type-3 message to include the
+   LMv2 and NTLMv2 response messages, requires USE_NTRESPONSES defined to 1
+   and support for 64-bit integers. */
+#if !defined(USE_NTLM_V2) && USE_NTRESPONSES && (CURL_SIZEOF_CURL_OFF_T > 4)
+#define USE_NTLM_V2 1
 #endif
 
 void Curl_ntlm_core_lm_resp(const unsigned char *keys,
@@ -58,14 +69,16 @@ CURLcode Curl_ntlm_core_mk_lm_hash(struct SessionHandle *data,
                                    unsigned char *lmbuffer /* 21 bytes */);
 
 #if USE_NTRESPONSES
-CURLcode Curl_hmac_md5(const unsigned char *key, unsigned int keylen,
-                       const unsigned char *data, unsigned int datalen,
-                       unsigned char *output);
-
 CURLcode Curl_ntlm_core_mk_nt_hash(struct SessionHandle *data,
                                    const char *password,
                                    unsigned char *ntbuffer /* 21 bytes */);
 
+#if USE_NTLM_V2 && !defined(USE_WINDOWS_SSPI)
+
+CURLcode Curl_hmac_md5(const unsigned char *key, unsigned int keylen,
+                       const unsigned char *data, unsigned int datalen,
+                       unsigned char *output);
+
 CURLcode Curl_ntlm_core_mk_ntlmv2_hash(const char *user, size_t userlen,
                                        const char *domain, size_t domlen,
                                        unsigned char *ntlmhash,
@@ -82,8 +95,12 @@ CURLcode  Curl_ntlm_core_mk_lmv2_resp(unsigned char *ntlmv2hash,
                                       unsigned char *challenge_server,
                                       unsigned char *lmresp);
 
-#endif
+#endif /* USE_NTLM_V2 && !USE_WINDOWS_SSPI */
 
-#endif /* USE_NTLM && !USE_WINDOWS_SSPI */
+#endif /* USE_NTRESPONSES */
+
+#endif /* !USE_WINDOWS_SSPI || USE_WIN32_CRYPTO */
+
+#endif /* USE_NTLM */
 
 #endif /* HEADER_CURL_NTLM_CORE_H */

lib/curl_ntlm_msgs.c

@@ -22,7 +22,7 @@
 
 #include "curl_setup.h"
 
-#ifdef USE_NTLM
+#if defined(USE_NTLM) && !defined(USE_WINDOWS_SSPI)
 
 /*
  * NTLM details:
@@ -43,14 +43,16 @@
 #include "warnless.h"
 #include "curl_memory.h"
 
-#ifdef USE_WINDOWS_SSPI
-#  include "curl_sspi.h"
-#endif
-
 #include "vtls/vtls.h"
 
+#ifdef USE_NSS
+#include "vtls/nssg.h" /* for Curl_nss_force_init() */
+#endif
+
 #define BUILDING_CURL_NTLM_MSGS_C
 #include "curl_ntlm_msgs.h"
+#include "curl_sasl.h"
+#include "curl_endian.h"
 
 #define _MPRINTF_REPLACE /* use our functions only */
 #include <curl/mprintf.h>
@@ -147,63 +149,38 @@ static void ntlm_print_hex(FILE *handle, const char *buf, size_t len)
 # define DEBUG_OUT(x) Curl_nop_stmt
 #endif
 
-#ifndef USE_WINDOWS_SSPI
 /*
- * This function converts from the little endian format used in the
- * incoming package to whatever endian format we're using natively.
- * Argument is a pointer to a 4 byte buffer.
- */
-static unsigned int readint_le(unsigned char *buf)
-{
-  return ((unsigned int)buf[0]) | ((unsigned int)buf[1] << 8) |
-    ((unsigned int)buf[2] << 16) | ((unsigned int)buf[3] << 24);
-}
-
-/*
- * This function converts from the little endian format used in the incoming
- * package to whatever endian format we're using natively. Argument is a
- * pointer to a 2 byte buffer.
- */
-static unsigned int readshort_le(unsigned char *buf)
-{
-  return ((unsigned int)buf[0]) | ((unsigned int)buf[1] << 8);
-}
-
-/*
- * Curl_ntlm_decode_type2_target()
+ * ntlm_decode_type2_target()
  *
  * This is used to decode the "target info" in the ntlm type-2 message
  * received.
  *
  * Parameters:
  *
- * data      [in]    - Pointer to the session handle
- * buffer    [in]    - The decoded base64 ntlm header of Type 2
- * size      [in]    - The input buffer size, atleast 32 bytes
- * ntlm      [in]    - Pointer to ntlm data struct being used and modified.
+ * data      [in]     - The session handle.
+ * buffer    [in]     - The decoded type-2 message.
+ * size      [in]     - The input buffer size, at least 32 bytes.
+ * ntlm      [in/out] - The ntlm data struct being used and modified.
  *
  * Returns CURLE_OK on success.
  */
-CURLcode Curl_ntlm_decode_type2_target(struct SessionHandle *data,
-                                       unsigned char *buffer,
-                                       size_t size,
-                                       struct ntlmdata *ntlm)
+static CURLcode ntlm_decode_type2_target(struct SessionHandle *data,
+                                         unsigned char *buffer,
+                                         size_t size,
+                                         struct ntlmdata *ntlm)
 {
-  unsigned int target_info_len = 0;
+  unsigned short target_info_len = 0;
   unsigned int target_info_offset = 0;
 
-  Curl_safefree(ntlm->target_info);
-  ntlm->target_info_len = 0;
-
   if(size >= 48) {
-    target_info_len = readshort_le(&buffer[40]);
-    target_info_offset = readint_le(&buffer[44]);
+    target_info_len = Curl_read16_le(&buffer[40]);
+    target_info_offset = Curl_read32_le(&buffer[44]);
     if(target_info_len > 0) {
       if(((target_info_offset + target_info_len) > size) ||
          (target_info_offset < 48)) {
         infof(data, "NTLM handshake failure (bad type-2 message). "
                     "Target Info Offset Len is set incorrect by the peer\n");
-        return CURLE_REMOTE_ACCESS_DENIED;
+        return CURLE_BAD_CONTENT_ENCODING;
       }
 
       ntlm->target_info = malloc(target_info_len);
@@ -211,17 +188,14 @@ CURLcode Curl_ntlm_decode_type2_target(struct SessionHandle *data,
         return CURLE_OUT_OF_MEMORY;
 
       memcpy(ntlm->target_info, &buffer[target_info_offset], target_info_len);
-      ntlm->target_info_len = target_info_len;
-
     }
-
   }
 
+  ntlm->target_info_len = target_info_len;
+
   return CURLE_OK;
 }
 
-#endif
-
 /*
   NTLM message structure notes:
 
@@ -239,29 +213,26 @@ CURLcode Curl_ntlm_decode_type2_target(struct SessionHandle *data,
 */
 
 /*
- * Curl_ntlm_decode_type2_message()
+ * Curl_sasl_decode_ntlm_type2_message()
  *
- * This is used to decode a ntlm type-2 message received from a HTTP or SASL
- * based (such as SMTP, POP3 or IMAP) server. The message is first decoded
- * from a base64 string into a raw ntlm message and checked for validity
- * before the appropriate data for creating a type-3 message is written to
- * the given ntlm data structure.
+ * This is used to decode an already encoded NTLM type-2 message. The message
+ * is first decoded from a base64 string into a raw NTLM message and checked
+ * for validity before the appropriate data for creating a type-3 message is
+ * written to the given NTLM data structure.
  *
  * Parameters:
  *
- * data    [in]     - Pointer to session handle.
- * header  [in]     - Pointer to the input buffer.
- * ntlm    [in]     - Pointer to ntlm data struct being used and modified.
+ * data     [in]     - The session handle.
+ * type2msg [in]     - The base64 encoded type-2 message.
+ * ntlm     [in/out] - The ntlm data struct being used and modified.
  *
  * Returns CURLE_OK on success.
  */
-CURLcode Curl_ntlm_decode_type2_message(struct SessionHandle *data,
-                                        const char *header,
-                                        struct ntlmdata *ntlm)
+CURLcode Curl_sasl_decode_ntlm_type2_message(struct SessionHandle *data,
+                                             const char *type2msg,
+                                             struct ntlmdata *ntlm)
 {
-#ifndef USE_WINDOWS_SSPI
   static const char type2_marker[] = { 0x02, 0x00, 0x00, 0x00 };
-#endif
 
   /* NTLM type-2 message structure:
 
@@ -279,47 +250,52 @@ CURLcode Curl_ntlm_decode_type2_message(struct SessionHandle *data,
                                         (*) -> Optional
   */
 
-  size_t size = 0;
-  unsigned char *buffer = NULL;
-  CURLcode error;
+  CURLcode result = CURLE_OK;
+  unsigned char *type2 = NULL;
+  size_t type2_len = 0;
 
-#if defined(CURL_DISABLE_VERBOSE_STRINGS) || defined(USE_WINDOWS_SSPI)
+#if defined(USE_NSS)
+  /* Make sure the crypto backend is initialized */
+  result = Curl_nss_force_init(data);
+  if(result)
+    return result;
+#elif defined(CURL_DISABLE_VERBOSE_STRINGS)
   (void)data;
 #endif
 
-  error = Curl_base64_decode(header, &buffer, &size);
-  if(error)
-    return error;
+  /* Decode the base-64 encoded type-2 message */
+  if(strlen(type2msg) && *type2msg != '=') {
+    result = Curl_base64_decode(type2msg, &type2, &type2_len);
+    if(result)
+      return result;
+  }
 
-  if(!buffer) {
+  /* Ensure we have a valid type-2 message */
+  if(!type2) {
     infof(data, "NTLM handshake failure (empty type-2 message)\n");
     return CURLE_BAD_CONTENT_ENCODING;
   }
 
-#ifdef USE_WINDOWS_SSPI
-  ntlm->input_token = buffer;
-  ntlm->input_token_len = size;
-#else
   ntlm->flags = 0;
 
-  if((size < 32) ||
-     (memcmp(buffer, NTLMSSP_SIGNATURE, 8) != 0) ||
-     (memcmp(buffer + 8, type2_marker, sizeof(type2_marker)) != 0)) {
+  if((type2_len < 32) ||
+     (memcmp(type2, NTLMSSP_SIGNATURE, 8) != 0) ||
+     (memcmp(type2 + 8, type2_marker, sizeof(type2_marker)) != 0)) {
     /* This was not a good enough type-2 message */
-    free(buffer);
+    free(type2);
     infof(data, "NTLM handshake failure (bad type-2 message)\n");
     return CURLE_BAD_CONTENT_ENCODING;
   }
 
-  ntlm->flags = readint_le(&buffer[20]);
-  memcpy(ntlm->nonce, &buffer[24], 8);
+  ntlm->flags = Curl_read32_le(&type2[20]);
+  memcpy(ntlm->nonce, &type2[24], 8);
 
   if(ntlm->flags & NTLMFLAG_NEGOTIATE_TARGET_INFO) {
-    error = Curl_ntlm_decode_type2_target(data, buffer, size, ntlm);
-    if(error) {
-      free(buffer);
+    result = ntlm_decode_type2_target(data, type2, type2_len, ntlm);
+    if(result) {
+      free(type2);
       infof(data, "NTLM handshake failure (bad type-2 message)\n");
-      return error;
+      return result;
     }
   }
 
@@ -332,43 +308,11 @@ CURLcode Curl_ntlm_decode_type2_message(struct SessionHandle *data,
     fprintf(stderr, "**** Header %s\n ", header);
   });
 
-  free(buffer);
-#endif
+  free(type2);
 
-  return CURLE_OK;
+  return result;
 }
 
-#ifdef USE_WINDOWS_SSPI
-void Curl_ntlm_sspi_cleanup(struct ntlmdata *ntlm)
-{
-  /* Free our security context */
-  if(ntlm->context) {
-    s_pSecFn->DeleteSecurityContext(ntlm->context);
-    free(ntlm->context);
-    ntlm->context = NULL;
-  }
-
-  /* Free our credentials handle */
-  if(ntlm->credentials) {
-    s_pSecFn->FreeCredentialsHandle(ntlm->credentials);
-    free(ntlm->credentials);
-    ntlm->credentials = NULL;
-  }
-
-  /* Free our identity */
-  Curl_sspi_free_identity(ntlm->p_identity);
-  ntlm->p_identity = NULL;
-
-  /* Free the input and output tokens */
-  Curl_safefree(ntlm->input_token);
-  Curl_safefree(ntlm->output_token);
-
-  /* Reset any variables */
-  ntlm->token_max = 0;
-}
-#endif
-
-#ifndef USE_WINDOWS_SSPI
 /* copy the source to the destination and fill in zeroes in every
    other destination byte! */
 static void unicodecpy(unsigned char *dest, const char *src, size_t length)
@@ -379,14 +323,12 @@ static void unicodecpy(unsigned char *dest, const char *src, size_t length)
     dest[2 * i + 1] = '\0';
   }
 }
-#endif
 
 /*
- * Curl_ntlm_create_type1_message()
+ * Curl_sasl_create_ntlm_type1_message()
  *
  * This is used to generate an already encoded NTLM type-1 message ready for
- * sending to the recipient, be it a HTTP or SASL based (such as SMTP, POP3
- * or IMAP) server, using the appropriate compile time crypo API.
+ * sending to the recipient using the appropriate compile time crypto API.
  *
  * Parameters:
  *
@@ -399,11 +341,10 @@ static void unicodecpy(unsigned char *dest, const char *src, size_t length)
  *
  * Returns CURLE_OK on success.
  */
-CURLcode Curl_ntlm_create_type1_message(const char *userp,
-                                        const char *passwdp,
-                                        struct ntlmdata *ntlm,
-                                        char **outptr,
-                                        size_t *outlen)
+CURLcode Curl_sasl_create_ntlm_type1_message(const char *userp,
+                                             const char *passwdp,
+                                             struct ntlmdata *ntlm,
+                                             char **outptr, size_t *outlen)
 {
   /* NTLM type-1 message structure:
 
@@ -421,97 +362,6 @@ CURLcode Curl_ntlm_create_type1_message(const char *userp,
 
   size_t size;
 
-#ifdef USE_WINDOWS_SSPI
-
-  PSecPkgInfo SecurityPackage;
-  SecBuffer type_1_buf;
-  SecBufferDesc type_1_desc;
-  SECURITY_STATUS status;
-  unsigned long attrs;
-  TimeStamp expiry; /* For Windows 9x compatibility of SSPI calls */
-
-  Curl_ntlm_sspi_cleanup(ntlm);
-
-  /* Query the security package for NTLM */
-  status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT("NTLM"),
-                                              &SecurityPackage);
-  if(status != SEC_E_OK)
-    return CURLE_NOT_BUILT_IN;
-
-  ntlm->token_max = SecurityPackage->cbMaxToken;
-
-  /* Release the package buffer as it is not required anymore */
-  s_pSecFn->FreeContextBuffer(SecurityPackage);
-
-  /* Allocate our output buffer */
-  ntlm->output_token = malloc(ntlm->token_max);
-  if(!ntlm->output_token)
-    return CURLE_OUT_OF_MEMORY;
-
-  if(userp && *userp) {
-    CURLcode result;
-
-    /* Populate our identity structure */
-    result = Curl_create_sspi_identity(userp, passwdp, &ntlm->identity);
-    if(result)
-      return result;
-
-    /* Allow proper cleanup of the identity structure */
-    ntlm->p_identity = &ntlm->identity;
-  }
-  else
-    /* Use the current Windows user */
-    ntlm->p_identity = NULL;
-
-  /* Allocate our credentials handle */
-  ntlm->credentials = malloc(sizeof(CredHandle));
-  if(!ntlm->credentials)
-    return CURLE_OUT_OF_MEMORY;
-
-  memset(ntlm->credentials, 0, sizeof(CredHandle));
-
-  /* Acquire our credentials handle */
-  status = s_pSecFn->AcquireCredentialsHandle(NULL,
-                                              (TCHAR *) TEXT("NTLM"),
-                                              SECPKG_CRED_OUTBOUND, NULL,
-                                              ntlm->p_identity, NULL, NULL,
-                                              ntlm->credentials, &expiry);
-  if(status != SEC_E_OK)
-    return CURLE_LOGIN_DENIED;
-
-  /* Allocate our new context handle */
-  ntlm->context = malloc(sizeof(CtxtHandle));
-  if(!ntlm->context)
-    return CURLE_OUT_OF_MEMORY;
-
-  memset(ntlm->context, 0, sizeof(CtxtHandle));
-
-  /* Setup the type-1 "output" security buffer */
-  type_1_desc.ulVersion = SECBUFFER_VERSION;
-  type_1_desc.cBuffers  = 1;
-  type_1_desc.pBuffers  = &type_1_buf;
-  type_1_buf.BufferType = SECBUFFER_TOKEN;
-  type_1_buf.pvBuffer   = ntlm->output_token;
-  type_1_buf.cbBuffer   = curlx_uztoul(ntlm->token_max);
-
-  /* Generate our type-1 message */
-  status = s_pSecFn->InitializeSecurityContext(ntlm->credentials, NULL,
-                                               (TCHAR *) TEXT(""),
-                                               0, 0, SECURITY_NETWORK_DREP,
-                                               NULL, 0,
-                                               ntlm->context, &type_1_desc,
-                                               &attrs, &expiry);
-
-  if(status == SEC_I_COMPLETE_NEEDED ||
-     status == SEC_I_COMPLETE_AND_CONTINUE)
-    s_pSecFn->CompleteAuthToken(ntlm->context, &type_1_desc);
-  else if(status != SEC_E_OK && status != SEC_I_CONTINUE_NEEDED)
-    return CURLE_RECV_ERROR;
-
-  size = type_1_buf.cbBuffer;
-
-#else
-
   unsigned char ntlmbuf[NTLM_BUFSIZE];
   const char *host = "";              /* empty */
   const char *domain = "";            /* empty */
@@ -522,9 +372,11 @@ CURLcode Curl_ntlm_create_type1_message(const char *userp,
                                          domain are empty */
   (void)userp;
   (void)passwdp;
-  (void)ntlm;
 
-#if USE_NTLM2SESSION
+  /* Clean up any former leftovers and initialise to defaults */
+  Curl_sasl_ntlm_cleanup(ntlm);
+
+#if USE_NTRESPONSES && USE_NTLM2SESSION
 #define NTLM2FLAG NTLMFLAG_NEGOTIATE_NTLM2_KEY
 #else
 #define NTLM2FLAG 0
@@ -565,8 +417,6 @@ CURLcode Curl_ntlm_create_type1_message(const char *userp,
   /* Initial packet length */
   size = 32 + hostlen + domlen;
 
-#endif
-
   DEBUG_OUT({
     fprintf(stderr, "* TYPE1 header flags=0x%02.2x%02.2x%02.2x%02.2x "
             "0x%08.8x ",
@@ -590,20 +440,14 @@ CURLcode Curl_ntlm_create_type1_message(const char *userp,
   });
 
   /* Return with binary blob encoded into base64 */
-#ifdef USE_WINDOWS_SSPI
-  return Curl_base64_encode(NULL, (char *)ntlm->output_token, size,
-                            outptr, outlen);
-#else
   return Curl_base64_encode(NULL, (char *)ntlmbuf, size, outptr, outlen);
-#endif
 }
 
 /*
- * Curl_ntlm_create_type3_message()
+ * Curl_sasl_create_ntlm_type3_message()
  *
  * This is used to generate an already encoded NTLM type-3 message ready for
- * sending to the recipient, be it a HTTP or SASL based (such as SMTP, POP3
- * or IMAP) server, using the appropriate compile time crypo API.
+ * sending to the recipient using the appropriate compile time crypto API.
  *
  * Parameters:
  *
@@ -617,12 +461,12 @@ CURLcode Curl_ntlm_create_type1_message(const char *userp,
  *
  * Returns CURLE_OK on success.
  */
-CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
-                                        const char *userp,
-                                        const char *passwdp,
-                                        struct ntlmdata *ntlm,
-                                        char **outptr,
-                                        size_t *outlen)
+CURLcode Curl_sasl_create_ntlm_type3_message(struct SessionHandle *data,
+                                             const char *userp,
+                                             const char *passwdp,
+                                             struct ntlmdata *ntlm,
+                                             char **outptr, size_t *outlen)
+
 {
   /* NTLM type-3 message structure:
 
@@ -644,63 +488,6 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
 
   CURLcode result = CURLE_OK;
   size_t size;
-
-#ifdef USE_WINDOWS_SSPI
-  SecBuffer type_2_buf;
-  SecBuffer type_3_buf;
-  SecBufferDesc type_2_desc;
-  SecBufferDesc type_3_desc;
-  SECURITY_STATUS status;
-  unsigned long attrs;
-  TimeStamp expiry; /* For Windows 9x compatibility of SSPI calls */
-
-  (void)passwdp;
-  (void)userp;
-
-  /* Setup the type-2 "input" security buffer */
-  type_2_desc.ulVersion = SECBUFFER_VERSION;
-  type_2_desc.cBuffers  = 1;
-  type_2_desc.pBuffers  = &type_2_buf;
-  type_2_buf.BufferType = SECBUFFER_TOKEN;
-  type_2_buf.pvBuffer   = ntlm->input_token;
-  type_2_buf.cbBuffer   = curlx_uztoul(ntlm->input_token_len);
-
-  /* Setup the type-3 "output" security buffer */
-  type_3_desc.ulVersion = SECBUFFER_VERSION;
-  type_3_desc.cBuffers  = 1;
-  type_3_desc.pBuffers  = &type_3_buf;
-  type_3_buf.BufferType = SECBUFFER_TOKEN;
-  type_3_buf.pvBuffer   = ntlm->output_token;
-  type_3_buf.cbBuffer   = curlx_uztoul(ntlm->token_max);
-
-  /* Generate our type-3 message */
-  status = s_pSecFn->InitializeSecurityContext(ntlm->credentials,
-                                               ntlm->context,
-                                               (TCHAR *) TEXT(""),
-                                               0, 0, SECURITY_NETWORK_DREP,
-                                               &type_2_desc,
-                                               0, ntlm->context,
-                                               &type_3_desc,
-                                               &attrs, &expiry);
-  if(status != SEC_E_OK) {
-    infof(data, "NTLM handshake failure (type-3 message): Status=%x\n",
-          status);
-
-    return CURLE_RECV_ERROR;
-  }
-
-  size = type_3_buf.cbBuffer;
-
-  /* Return with binary blob encoded into base64 */
-  result = Curl_base64_encode(NULL, (char *)ntlm->output_token, size,
-                              outptr, outlen);
-
-  Curl_ntlm_sspi_cleanup(ntlm);
-
-  return result;
-
-#else
-
   unsigned char ntlmbuf[NTLM_BUFSIZE];
   int lmrespoff;
   unsigned char lmresp[24]; /* fixed-size */
@@ -747,7 +534,7 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
     hostlen = strlen(host);
   }
 
-#if USE_NTRESPONSES
+#if USE_NTRESPONSES && USE_NTLM_V2
   if(ntlm->target_info_len) {
     unsigned char ntbuffer[0x18];
     unsigned int entropy[2];
@@ -784,7 +571,7 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
   else
 #endif
 
-#if USE_NTLM2SESSION
+#if USE_NTRESPONSES && USE_NTLM2SESSION
   /* We don't support NTLM2 if we don't have USE_NTRESPONSES */
   if(ntlm->flags & NTLMFLAG_NEGOTIATE_NTLM2_KEY) {
     unsigned char ntbuffer[0x18];
@@ -1022,8 +809,11 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
     return CURLE_CONV_FAILED;
 
   /* Return with binary blob encoded into base64 */
-  return Curl_base64_encode(NULL, (char *)ntlmbuf, size, outptr, outlen);
-#endif
+  result = Curl_base64_encode(NULL, (char *)ntlmbuf, size, outptr, outlen);
+
+  Curl_sasl_ntlm_cleanup(ntlm);
+
+  return result;
 }
 
-#endif /* USE_NTLM */
+#endif /* USE_NTLM && !USE_WINDOWS_SSPI */

lib/curl_ntlm_msgs.h

@@ -26,40 +26,6 @@
 
 #ifdef USE_NTLM
 
-/* This is to generate a base64 encoded NTLM type-1 message */
-CURLcode Curl_ntlm_create_type1_message(const char *userp,
-                                        const char *passwdp,
-                                        struct ntlmdata *ntlm,
-                                        char **outptr,
-                                        size_t *outlen);
-
-/* This is to generate a base64 encoded NTLM type-3 message */
-CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
-                                        const char *userp,
-                                        const char *passwdp,
-                                        struct ntlmdata *ntlm,
-                                        char **outptr,
-                                        size_t *outlen);
-
-/* This is to decode a NTLM type-2 message */
-CURLcode Curl_ntlm_decode_type2_message(struct SessionHandle *data,
-                                        const char* header,
-                                        struct ntlmdata* ntlm);
-
-/* This is to decode target info received in NTLM type-2 message */
-CURLcode Curl_ntlm_decode_type2_target(struct SessionHandle *data,
-                                       unsigned char* buffer,
-                                       size_t size,
-                                       struct ntlmdata* ntlm);
-
-
-/* This is to clean up the ntlm data structure */
-#ifdef USE_WINDOWS_SSPI
-void Curl_ntlm_sspi_cleanup(struct ntlmdata *ntlm);
-#else
-#define Curl_ntlm_sspi_cleanup(x)
-#endif
-
 /* NTLM buffer fixed size, large enough for long user + host + domain */
 #define NTLM_BUFSIZE 1024
 

lib/curl_ntlm_wb.c

@@ -22,7 +22,8 @@
 
 #include "curl_setup.h"
 
-#if defined(USE_NTLM) && defined(NTLM_WB_ENABLED)
+#if !defined(CURL_DISABLE_HTTP) && defined(USE_NTLM) && \
+    defined(NTLM_WB_ENABLED)
 
 /*
  * NTLM details:
@@ -293,7 +294,7 @@ static CURLcode ntlm_wb_response(struct connectdata *conn,
     len_out += size;
     if(buf[len_out - 1] == '\n') {
       buf[len_out - 1] = '\0';
-      goto wrfinish;
+      break;
     }
     newbuf = realloc(buf, len_out + NTLM_BUFSIZE);
     if(!newbuf) {
@@ -302,8 +303,7 @@ static CURLcode ntlm_wb_response(struct connectdata *conn,
     }
     buf = newbuf;
   }
-  goto done;
-wrfinish:
+
   /* Samba/winbind installed but not configured */
   if(state == NTLMSTATE_TYPE1 &&
      len_out == 3 &&
@@ -432,4 +432,4 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn,
   return CURLE_OK;
 }
 
-#endif /* USE_NTLM && NTLM_WB_ENABLED */
+#endif /* !CURL_DISABLE_HTTP && USE_NTLM && NTLM_WB_ENABLED */

lib/curl_ntlm_wb.h

@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -24,7 +24,8 @@
 
 #include "curl_setup.h"
 
-#if defined(USE_NTLM) && defined(NTLM_WB_ENABLED)
+#if !defined(CURL_DISABLE_HTTP) && defined(USE_NTLM) && \
+    defined(NTLM_WB_ENABLED)
 
 /* this is for creating ntlm header output by delegating challenge/response
    to Samba's winbind daemon helper ntlm_auth */
@@ -32,6 +33,6 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn, bool proxy);
 
 void Curl_ntlm_wb_cleanup(struct connectdata *conn);
 
-#endif /* USE_NTLM && NTLM_WB_ENABLED */
+#endif /* !CURL_DISABLE_HTTP && USE_NTLM && NTLM_WB_ENABLED */
 
 #endif /* HEADER_CURL_NTLM_WB_H */

lib/curl_rtmp.c

@@ -49,7 +49,7 @@
 
 #define DEF_BUFTIME    (2*60*60*1000)    /* 2 hours */
 
-static CURLcode rtmp_setup(struct connectdata *conn);
+static CURLcode rtmp_setup_connection(struct connectdata *conn);
 static CURLcode rtmp_do(struct connectdata *conn, bool *done);
 static CURLcode rtmp_done(struct connectdata *conn, CURLcode, bool premature);
 static CURLcode rtmp_connect(struct connectdata *conn, bool *done);
@@ -64,7 +64,7 @@ static Curl_send rtmp_send;
 
 const struct Curl_handler Curl_handler_rtmp = {
   "RTMP",                               /* scheme */
-  rtmp_setup,                           /* setup_connection */
+  rtmp_setup_connection,                /* setup_connection */
   rtmp_do,                              /* do_it */
   rtmp_done,                            /* done */
   ZERO_NULL,                            /* do_more */
@@ -84,7 +84,7 @@ const struct Curl_handler Curl_handler_rtmp = {
 
 const struct Curl_handler Curl_handler_rtmpt = {
   "RTMPT",                              /* scheme */
-  rtmp_setup,                           /* setup_connection */
+  rtmp_setup_connection,                /* setup_connection */
   rtmp_do,                              /* do_it */
   rtmp_done,                            /* done */
   ZERO_NULL,                            /* do_more */
@@ -104,7 +104,7 @@ const struct Curl_handler Curl_handler_rtmpt = {
 
 const struct Curl_handler Curl_handler_rtmpe = {
   "RTMPE",                              /* scheme */
-  rtmp_setup,                           /* setup_connection */
+  rtmp_setup_connection,                /* setup_connection */
   rtmp_do,                              /* do_it */
   rtmp_done,                            /* done */
   ZERO_NULL,                            /* do_more */
@@ -124,7 +124,7 @@ const struct Curl_handler Curl_handler_rtmpe = {
 
 const struct Curl_handler Curl_handler_rtmpte = {
   "RTMPTE",                             /* scheme */
-  rtmp_setup,                           /* setup_connection */
+  rtmp_setup_connection,                /* setup_connection */
   rtmp_do,                              /* do_it */
   rtmp_done,                            /* done */
   ZERO_NULL,                            /* do_more */
@@ -144,7 +144,7 @@ const struct Curl_handler Curl_handler_rtmpte = {
 
 const struct Curl_handler Curl_handler_rtmps = {
   "RTMPS",                              /* scheme */
-  rtmp_setup,                           /* setup_connection */
+  rtmp_setup_connection,                /* setup_connection */
   rtmp_do,                              /* do_it */
   rtmp_done,                            /* done */
   ZERO_NULL,                            /* do_more */
@@ -164,7 +164,7 @@ const struct Curl_handler Curl_handler_rtmps = {
 
 const struct Curl_handler Curl_handler_rtmpts = {
   "RTMPTS",                             /* scheme */
-  rtmp_setup,                           /* setup_connection */
+  rtmp_setup_connection,                /* setup_connection */
   rtmp_do,                              /* do_it */
   rtmp_done,                            /* done */
   ZERO_NULL,                            /* do_more */
@@ -182,10 +182,9 @@ const struct Curl_handler Curl_handler_rtmpts = {
   PROTOPT_NONE                          /* flags*/
 };
 
-static CURLcode rtmp_setup(struct connectdata *conn)
+static CURLcode rtmp_setup_connection(struct connectdata *conn)
 {
   RTMP *r = RTMP_Alloc();
-
   if(!r)
     return CURLE_OUT_OF_MEMORY;
 

lib/curl_sasl.c

@@ -19,6 +19,7 @@
  * KIND, either express or implied.
  *
  * RFC2195 CRAM-MD5 authentication
+ * RFC2617 Basic and Digest Access Authentication
  * RFC2831 DIGEST-MD5 authentication
  * RFC4422 Simple Authentication and Security Layer (SASL)
  * RFC4616 PLAIN authentication
@@ -36,16 +37,12 @@
 #include "curl_md5.h"
 #include "vtls/vtls.h"
 #include "curl_hmac.h"
-#include "curl_ntlm_msgs.h"
 #include "curl_sasl.h"
 #include "warnless.h"
 #include "curl_memory.h"
 #include "strtok.h"
 #include "rawstr.h"
-
-#ifdef USE_NSS
-#include "vtls/nssg.h" /* for Curl_nss_force_init() */
-#endif
+#include "non-ascii.h" /* included for Curl_convert_... prototypes */
 
 #define _MPRINTF_REPLACE /* use our functions only */
 #include <curl/mprintf.h>
@@ -53,10 +50,6 @@
 /* The last #include file should be: */
 #include "memdebug.h"
 
-#if defined(USE_KRB5)
-extern void Curl_sasl_gssapi_cleanup(struct kerberos5data *krb5);
-#endif
-
 #if !defined(CURL_DISABLE_CRYPTO_AUTH) && !defined(USE_WINDOWS_SSPI)
 #define DIGEST_QOP_VALUE_AUTH             (1 << 0)
 #define DIGEST_QOP_VALUE_AUTH_INT         (1 << 1)
@@ -66,6 +59,129 @@ extern void Curl_sasl_gssapi_cleanup(struct kerberos5data *krb5);
 #define DIGEST_QOP_VALUE_STRING_AUTH_INT  "auth-int"
 #define DIGEST_QOP_VALUE_STRING_AUTH_CONF "auth-conf"
 
+#define DIGEST_MAX_VALUE_LENGTH           256
+#define DIGEST_MAX_CONTENT_LENGTH         1024
+
+/* The CURL_OUTPUT_DIGEST_CONV macro below is for non-ASCII machines.
+   It converts digest text to ASCII so the MD5 will be correct for
+   what ultimately goes over the network.
+*/
+#define CURL_OUTPUT_DIGEST_CONV(a, b) \
+  result = Curl_convert_to_network(a, (char *)b, strlen((const char*)b)); \
+  if(result) { \
+    free(b); \
+    return result; \
+  }
+
+/*
+ * Return 0 on success and then the buffers are filled in fine.
+ *
+ * Non-zero means failure to parse.
+ */
+static int sasl_digest_get_pair(const char *str, char *value, char *content,
+                                const char **endptr)
+{
+  int c;
+  bool starts_with_quote = FALSE;
+  bool escape = FALSE;
+
+  for(c = DIGEST_MAX_VALUE_LENGTH - 1; (*str && (*str != '=') && c--); )
+    *value++ = *str++;
+  *value = 0;
+
+  if('=' != *str++)
+    /* eek, no match */
+    return 1;
+
+  if('\"' == *str) {
+    /* this starts with a quote so it must end with one as well! */
+    str++;
+    starts_with_quote = TRUE;
+  }
+
+  for(c = DIGEST_MAX_CONTENT_LENGTH - 1; *str && c--; str++) {
+    switch(*str) {
+    case '\\':
+      if(!escape) {
+        /* possibly the start of an escaped quote */
+        escape = TRUE;
+        *content++ = '\\'; /* even though this is an escape character, we still
+                              store it as-is in the target buffer */
+        continue;
+      }
+      break;
+    case ',':
+      if(!starts_with_quote) {
+        /* this signals the end of the content if we didn't get a starting
+           quote and then we do "sloppy" parsing */
+        c = 0; /* the end */
+        continue;
+      }
+      break;
+    case '\r':
+    case '\n':
+      /* end of string */
+      c = 0;
+      continue;
+    case '\"':
+      if(!escape && starts_with_quote) {
+        /* end of string */
+        c = 0;
+        continue;
+      }
+      break;
+    }
+    escape = FALSE;
+    *content++ = *str;
+  }
+  *content = 0;
+
+  *endptr = str;
+
+  return 0; /* all is fine! */
+}
+
+/* Convert md5 chunk to RFC2617 (section 3.1.3) -suitable ascii string*/
+static void sasl_digest_md5_to_ascii(unsigned char *source, /* 16 bytes */
+                                     unsigned char *dest) /* 33 bytes */
+{
+  int i;
+  for(i = 0; i < 16; i++)
+    snprintf((char *)&dest[i*2], 3, "%02x", source[i]);
+}
+
+/* Perform quoted-string escaping as described in RFC2616 and its errata */
+static char *sasl_digest_string_quoted(const char *source)
+{
+  char *dest, *d;
+  const char *s = source;
+  size_t n = 1; /* null terminator */
+
+  /* Calculate size needed */
+  while(*s) {
+    ++n;
+    if(*s == '"' || *s == '\\') {
+      ++n;
+    }
+    ++s;
+  }
+
+  dest = malloc(n);
+  if(dest) {
+    s = source;
+    d = dest;
+    while(*s) {
+      if(*s == '"' || *s == '\\') {
+        *d++ = '\\';
+      }
+      *d++ = *s++;
+    }
+    *d = 0;
+  }
+
+  return dest;
+}
+
 /* Retrieves the value for a corresponding key from the challenge string
  * returns TRUE if the key could be found, FALSE if it does not exists
  */
@@ -122,7 +238,7 @@ static CURLcode sasl_digest_get_qop_values(const char *options, int *value)
 
   return CURLE_OK;
 }
-#endif
+#endif /* !CURL_DISABLE_CRYPTO_AUTH && !USE_WINDOWS_SSPI */
 
 #if !defined(USE_WINDOWS_SSPI)
 /*
@@ -133,7 +249,7 @@ static CURLcode sasl_digest_get_qop_values(const char *options, int *value)
  * Parameters:
  *
  * serivce  [in] - The service type such as www, smtp, pop or imap.
- * instance [in] - The instance name such as the host nme or realm.
+ * host     [in] - The host name or realm.
  *
  * Returns a pointer to the newly allocated SPN.
  */
@@ -241,7 +357,7 @@ CURLcode Curl_sasl_create_login_message(struct SessionHandle *data,
  *
  * Parameters:
  *
- * chlg64  [in]     - Pointer to the base64 encoded challenge message.
+ * chlg64  [in]     - The base64 encoded challenge message.
  * outptr  [in/out] - The address where a pointer to newly allocated memory
  *                    holding the result will be stored upon completion.
  * outlen  [out]    - The length of the output message.
@@ -338,7 +454,7 @@ CURLcode Curl_sasl_create_cram_md5_message(struct SessionHandle *data,
  *
  * Parameters:
  *
- * chlg64  [in]     - Pointer to the base64 encoded challenge message.
+ * chlg64  [in]     - The base64 encoded challenge message.
  * nonce   [in/out] - The buffer where the nonce will be stored.
  * nlen    [in]     - The length of the nonce buffer.
  * realm   [in/out] - The buffer where the realm will be stored.
@@ -410,7 +526,7 @@ static CURLcode sasl_decode_digest_md5_message(const char *chlg64,
  * Parameters:
  *
  * data    [in]     - The session handle.
- * chlg64  [in]     - Pointer to the base64 encoded challenge message.
+ * chlg64  [in]     - The base64 encoded challenge message.
  * userp   [in]     - The user name.
  * passdwp [in]     - The user's password.
  * service [in]     - The service type such as www, smtp, pop or imap.
@@ -580,96 +696,418 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
 
   return result;
 }
+
+/*
+ * Curl_sasl_decode_digest_http_message()
+ *
+ * This is used to decode a HTTP DIGEST challenge message into the seperate
+ * attributes.
+ *
+ * Parameters:
+ *
+ * chlg    [in]     - The challenge message.
+ * digest  [in/out] - The digest data struct being used and modified.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_sasl_decode_digest_http_message(const char *chlg,
+                                              struct digestdata *digest)
+{
+  bool before = FALSE; /* got a nonce before */
+  bool foundAuth = FALSE;
+  bool foundAuthInt = FALSE;
+  char *token = NULL;
+  char *tmp = NULL;
+
+  /* If we already have received a nonce, keep that in mind */
+  if(digest->nonce)
+    before = TRUE;
+
+  /* Clean up any former leftovers and initialise to defaults */
+  Curl_sasl_digest_cleanup(digest);
+
+  for(;;) {
+    char value[DIGEST_MAX_VALUE_LENGTH];
+    char content[DIGEST_MAX_CONTENT_LENGTH];
+
+    /* Pass all additional spaces here */
+    while(*chlg && ISSPACE(*chlg))
+      chlg++;
+
+    /* Extract a value=content pair */
+    if(!sasl_digest_get_pair(chlg, value, content, &chlg)) {
+      if(Curl_raw_equal(value, "nonce")) {
+        digest->nonce = strdup(content);
+        if(!digest->nonce)
+          return CURLE_OUT_OF_MEMORY;
+      }
+      else if(Curl_raw_equal(value, "stale")) {
+        if(Curl_raw_equal(content, "true")) {
+          digest->stale = TRUE;
+          digest->nc = 1; /* we make a new nonce now */
+        }
+      }
+      else if(Curl_raw_equal(value, "realm")) {
+        digest->realm = strdup(content);
+        if(!digest->realm)
+          return CURLE_OUT_OF_MEMORY;
+      }
+      else if(Curl_raw_equal(value, "opaque")) {
+        digest->opaque = strdup(content);
+        if(!digest->opaque)
+          return CURLE_OUT_OF_MEMORY;
+      }
+      else if(Curl_raw_equal(value, "qop")) {
+        char *tok_buf;
+        /* Tokenize the list and choose auth if possible, use a temporary
+            clone of the buffer since strtok_r() ruins it */
+        tmp = strdup(content);
+        if(!tmp)
+          return CURLE_OUT_OF_MEMORY;
+
+        token = strtok_r(tmp, ",", &tok_buf);
+        while(token != NULL) {
+          if(Curl_raw_equal(token, DIGEST_QOP_VALUE_STRING_AUTH)) {
+            foundAuth = TRUE;
+          }
+          else if(Curl_raw_equal(token, DIGEST_QOP_VALUE_STRING_AUTH_INT)) {
+            foundAuthInt = TRUE;
+          }
+          token = strtok_r(NULL, ",", &tok_buf);
+        }
+
+        free(tmp);
+
+        /* Select only auth or auth-int. Otherwise, ignore */
+        if(foundAuth) {
+          digest->qop = strdup(DIGEST_QOP_VALUE_STRING_AUTH);
+          if(!digest->qop)
+            return CURLE_OUT_OF_MEMORY;
+        }
+        else if(foundAuthInt) {
+          digest->qop = strdup(DIGEST_QOP_VALUE_STRING_AUTH_INT);
+          if(!digest->qop)
+            return CURLE_OUT_OF_MEMORY;
+        }
+      }
+      else if(Curl_raw_equal(value, "algorithm")) {
+        digest->algorithm = strdup(content);
+        if(!digest->algorithm)
+          return CURLE_OUT_OF_MEMORY;
+
+        if(Curl_raw_equal(content, "MD5-sess"))
+          digest->algo = CURLDIGESTALGO_MD5SESS;
+        else if(Curl_raw_equal(content, "MD5"))
+          digest->algo = CURLDIGESTALGO_MD5;
+        else
+          return CURLE_BAD_CONTENT_ENCODING;
+      }
+      else {
+        /* unknown specifier, ignore it! */
+      }
+    }
+    else
+      break; /* we're done here */
+
+    /* Pass all additional spaces here */
+    while(*chlg && ISSPACE(*chlg))
+      chlg++;
+
+    /* Allow the list to be comma-separated */
+    if(',' == *chlg)
+      chlg++;
+  }
+
+  /* We had a nonce since before, and we got another one now without
+     'stale=true'. This means we provided bad credentials in the previous
+     request */
+  if(before && !digest->stale)
+    return CURLE_BAD_CONTENT_ENCODING;
+
+  /* We got this header without a nonce, that's a bad Digest line! */
+  if(!digest->nonce)
+    return CURLE_BAD_CONTENT_ENCODING;
+
+  return CURLE_OK;
+}
+
+/*
+ * Curl_sasl_create_digest_http_message()
+ *
+ * This is used to generate a HTTP DIGEST response message ready for sending
+ * to the recipient.
+ *
+ * Parameters:
+ *
+ * data    [in]     - The session handle.
+ * userp   [in]     - The user name.
+ * passdwp [in]     - The user's password.
+ * request [in]     - The HTTP request.
+ * uripath [in]     - The path of the HTTP uri.
+ * digest  [in/out] - The digest data struct being used and modified.
+ * outptr  [in/out] - The address where a pointer to newly allocated memory
+ *                    holding the result will be stored upon completion.
+ * outlen  [out]    - The length of the output message.
+ *
+ * Returns CURLE_OK on success.
+ */
+CURLcode Curl_sasl_create_digest_http_message(struct SessionHandle *data,
+                                              const char *userp,
+                                              const char *passwdp,
+                                              const unsigned char *request,
+                                              const unsigned char *uripath,
+                                              struct digestdata *digest,
+                                              char **outptr, size_t *outlen)
+{
+  CURLcode result;
+  unsigned char md5buf[16]; /* 16 bytes/128 bits */
+  unsigned char request_digest[33];
+  unsigned char *md5this;
+  unsigned char ha1[33];/* 32 digits and 1 zero byte */
+  unsigned char ha2[33];/* 32 digits and 1 zero byte */
+  char cnoncebuf[33];
+  char *cnonce = NULL;
+  size_t cnonce_sz = 0;
+  char *userp_quoted;
+  char *response = NULL;
+  char *tmp = NULL;
+
+  if(!digest->nc)
+    digest->nc = 1;
+
+  if(!digest->cnonce) {
+    snprintf(cnoncebuf, sizeof(cnoncebuf), "%08x%08x%08x%08x",
+             Curl_rand(data), Curl_rand(data),
+             Curl_rand(data), Curl_rand(data));
+
+    result = Curl_base64_encode(data, cnoncebuf, strlen(cnoncebuf),
+                                &cnonce, &cnonce_sz);
+    if(result)
+      return result;
+
+    digest->cnonce = cnonce;
+  }
+
+  /*
+    if the algorithm is "MD5" or unspecified (which then defaults to MD5):
+
+    A1 = unq(username-value) ":" unq(realm-value) ":" passwd
+
+    if the algorithm is "MD5-sess" then:
+
+    A1 = H( unq(username-value) ":" unq(realm-value) ":" passwd )
+         ":" unq(nonce-value) ":" unq(cnonce-value)
+  */
+
+  md5this = (unsigned char *)
+    aprintf("%s:%s:%s", userp, digest->realm, passwdp);
+  if(!md5this)
+    return CURLE_OUT_OF_MEMORY;
+
+  CURL_OUTPUT_DIGEST_CONV(data, md5this); /* convert on non-ASCII machines */
+  Curl_md5it(md5buf, md5this);
+  Curl_safefree(md5this);
+  sasl_digest_md5_to_ascii(md5buf, ha1);
+
+  if(digest->algo == CURLDIGESTALGO_MD5SESS) {
+    /* nonce and cnonce are OUTSIDE the hash */
+    tmp = aprintf("%s:%s:%s", ha1, digest->nonce, digest->cnonce);
+    if(!tmp)
+      return CURLE_OUT_OF_MEMORY;
+
+    CURL_OUTPUT_DIGEST_CONV(data, tmp); /* convert on non-ASCII machines */
+    Curl_md5it(md5buf, (unsigned char *)tmp);
+    Curl_safefree(tmp);
+    sasl_digest_md5_to_ascii(md5buf, ha1);
+  }
+
+  /*
+    If the "qop" directive's value is "auth" or is unspecified, then A2 is:
+
+      A2       = Method ":" digest-uri-value
+
+          If the "qop" value is "auth-int", then A2 is:
+
+      A2       = Method ":" digest-uri-value ":" H(entity-body)
+
+    (The "Method" value is the HTTP request method as specified in section
+    5.1.1 of RFC 2616)
+  */
+
+  md5this = (unsigned char *)aprintf("%s:%s", request, uripath);
+
+  if(digest->qop && Curl_raw_equal(digest->qop, "auth-int")) {
+    /* We don't support auth-int for PUT or POST at the moment.
+       TODO: replace md5 of empty string with entity-body for PUT/POST */
+    unsigned char *md5this2 = (unsigned char *)
+      aprintf("%s:%s", md5this, "d41d8cd98f00b204e9800998ecf8427e");
+    Curl_safefree(md5this);
+    md5this = md5this2;
+  }
+
+  if(!md5this)
+    return CURLE_OUT_OF_MEMORY;
+
+  CURL_OUTPUT_DIGEST_CONV(data, md5this); /* convert on non-ASCII machines */
+  Curl_md5it(md5buf, md5this);
+  Curl_safefree(md5this);
+  sasl_digest_md5_to_ascii(md5buf, ha2);
+
+  if(digest->qop) {
+    md5this = (unsigned char *)aprintf("%s:%s:%08x:%s:%s:%s",
+                                       ha1,
+                                       digest->nonce,
+                                       digest->nc,
+                                       digest->cnonce,
+                                       digest->qop,
+                                       ha2);
+  }
+  else {
+    md5this = (unsigned char *)aprintf("%s:%s:%s",
+                                       ha1,
+                                       digest->nonce,
+                                       ha2);
+  }
+
+  if(!md5this)
+    return CURLE_OUT_OF_MEMORY;
+
+  CURL_OUTPUT_DIGEST_CONV(data, md5this); /* convert on non-ASCII machines */
+  Curl_md5it(md5buf, md5this);
+  Curl_safefree(md5this);
+  sasl_digest_md5_to_ascii(md5buf, request_digest);
+
+  /* for test case 64 (snooped from a Mozilla 1.3a request)
+
+    Authorization: Digest username="testuser", realm="testrealm", \
+    nonce="1053604145", uri="/64", response="c55f7f30d83d774a3d2dcacf725abaca"
+
+    Digest parameters are all quoted strings.  Username which is provided by
+    the user will need double quotes and backslashes within it escaped.  For
+    the other fields, this shouldn't be an issue.  realm, nonce, and opaque
+    are copied as is from the server, escapes and all.  cnonce is generated
+    with web-safe characters.  uri is already percent encoded.  nc is 8 hex
+    characters.  algorithm and qop with standard values only contain web-safe
+    chracters.
+  */
+  userp_quoted = sasl_digest_string_quoted(userp);
+  if(!userp_quoted)
+    return CURLE_OUT_OF_MEMORY;
+
+  if(digest->qop) {
+    response = aprintf("username=\"%s\", "
+                       "realm=\"%s\", "
+                       "nonce=\"%s\", "
+                       "uri=\"%s\", "
+                       "cnonce=\"%s\", "
+                       "nc=%08x, "
+                       "qop=%s, "
+                       "response=\"%s\"",
+                       userp_quoted,
+                       digest->realm,
+                       digest->nonce,
+                       uripath,
+                       digest->cnonce,
+                       digest->nc,
+                       digest->qop,
+                       request_digest);
+
+    if(Curl_raw_equal(digest->qop, "auth"))
+      digest->nc++; /* The nc (from RFC) has to be a 8 hex digit number 0
+                       padded which tells to the server how many times you are
+                       using the same nonce in the qop=auth mode */
+  }
+  else {
+    response = aprintf("username=\"%s\", "
+                       "realm=\"%s\", "
+                       "nonce=\"%s\", "
+                       "uri=\"%s\", "
+                       "response=\"%s\"",
+                       userp_quoted,
+                       digest->realm,
+                       digest->nonce,
+                       uripath,
+                       request_digest);
+  }
+  Curl_safefree(userp_quoted);
+  if(!response)
+    return CURLE_OUT_OF_MEMORY;
+
+  /* Add the optional fields */
+  if(digest->opaque) {
+    /* Append the opaque */
+    tmp = aprintf("%s, opaque=\"%s\"", response, digest->opaque);
+    free(response);
+    if(!tmp)
+      return CURLE_OUT_OF_MEMORY;
+
+    response = tmp;
+  }
+
+  if(digest->algorithm) {
+    /* Append the algorithm */
+    tmp = aprintf("%s, algorithm=\"%s\"", response, digest->algorithm);
+    free(response);
+    if(!tmp)
+      return CURLE_OUT_OF_MEMORY;
+
+    response = tmp;
+  }
+
+  /* Return the output */
+  *outptr = response;
+  *outlen = strlen(response);
+
+  return CURLE_OK;
+}
+
+/*
+ * Curl_sasl_digest_cleanup()
+ *
+ * This is used to clean up the digest specific data.
+ *
+ * Parameters:
+ *
+ * digest    [in/out] - The digest data struct being cleaned up.
+ *
+ */
+void Curl_sasl_digest_cleanup(struct digestdata *digest)
+{
+  Curl_safefree(digest->nonce);
+  Curl_safefree(digest->cnonce);
+  Curl_safefree(digest->realm);
+  Curl_safefree(digest->opaque);
+  Curl_safefree(digest->qop);
+  Curl_safefree(digest->algorithm);
+
+  digest->nc = 0;
+  digest->algo = CURLDIGESTALGO_MD5; /* default algorithm */
+  digest->stale = FALSE; /* default means normal, not stale */
+}
 #endif  /* !USE_WINDOWS_SSPI */
 
 #endif  /* CURL_DISABLE_CRYPTO_AUTH */
 
-#ifdef USE_NTLM
+#if defined(USE_NTLM) && !defined(USE_WINDOWS_SSPI)
 /*
- * Curl_sasl_create_ntlm_type1_message()
+ * Curl_sasl_ntlm_cleanup()
  *
- * This is used to generate an already encoded NTLM type-1 message ready for
- * sending to the recipient.
- *
- * Note: This is a simple wrapper of the NTLM function which means that any
- * SASL based protocols don't have to include the NTLM functions directly.
+ * This is used to clean up the ntlm specific data.
  *
  * Parameters:
  *
- * userp   [in]     - The user name in the format User or Domain\User.
- * passdwp [in]     - The user's password.
- * ntlm    [in/out] - The ntlm data struct being used and modified.
- * outptr  [in/out] - The address where a pointer to newly allocated memory
- *                    holding the result will be stored upon completion.
- * outlen  [out]    - The length of the output message.
+ * ntlm    [in/out] - The ntlm data struct being cleaned up.
  *
- * Returns CURLE_OK on success.
  */
-CURLcode Curl_sasl_create_ntlm_type1_message(const char *userp,
-                                             const char *passwdp,
-                                             struct ntlmdata *ntlm,
-                                             char **outptr, size_t *outlen)
+void Curl_sasl_ntlm_cleanup(struct ntlmdata *ntlm)
 {
-  return Curl_ntlm_create_type1_message(userp, passwdp, ntlm, outptr, outlen);
+  /* Free the target info */
+  Curl_safefree(ntlm->target_info);
+
+  /* Reset any variables */
+  ntlm->target_info_len = 0;
 }
-
-/*
- * Curl_sasl_decode_ntlm_type2_message()
- *
- * This is used to decode an already encoded NTLM type-2 message.
- *
- * Parameters:
- *
- * data     [in]     - Pointer to session handle.
- * type2msg [in]     - Pointer to the base64 encoded type-2 message.
- * ntlm     [in/out] - The ntlm data struct being used and modified.
- *
- * Returns CURLE_OK on success.
- */
-CURLcode Curl_sasl_decode_ntlm_type2_message(struct SessionHandle *data,
-                                             const char *type2msg,
-                                             struct ntlmdata *ntlm)
-{
-#ifdef USE_NSS
-  CURLcode result;
-
-  /* make sure the crypto backend is initialized */
-  result = Curl_nss_force_init(data);
-  if(result)
-    return result;
-#endif
-
-  return Curl_ntlm_decode_type2_message(data, type2msg, ntlm);
-}
-
-/*
- * Curl_sasl_create_ntlm_type3_message()
- *
- * This is used to generate an already encoded NTLM type-3 message ready for
- * sending to the recipient.
- *
- * Parameters:
- *
- * data    [in]     - Pointer to session handle.
- * userp   [in]     - The user name in the format User or Domain\User.
- * passdwp [in]     - The user's password.
- * ntlm    [in/out] - The ntlm data struct being used and modified.
- * outptr  [in/out] - The address where a pointer to newly allocated memory
- *                    holding the result will be stored upon completion.
- * outlen  [out]    - The length of the output message.
- *
- * Returns CURLE_OK on success.
- */
-CURLcode Curl_sasl_create_ntlm_type3_message(struct SessionHandle *data,
-                                             const char *userp,
-                                             const char *passwdp,
-                                             struct ntlmdata *ntlm,
-                                             char **outptr, size_t *outlen)
-{
-  return Curl_ntlm_create_type3_message(data, userp, passwdp, ntlm, outptr,
-                                        outlen);
-}
-#endif /* USE_NTLM */
+#endif /* USE_NTLM && !USE_WINDOWS_SSPI*/
 
 /*
  * Curl_sasl_create_xoauth2_message()
@@ -717,23 +1155,26 @@ CURLcode Curl_sasl_create_xoauth2_message(struct SessionHandle *data,
  *
  * Parameters:
  *
- * conn     [in]     - Pointer to the connection data.
+ * conn     [in]     - The connection data.
  * authused [in]     - The authentication mechanism used.
  */
 void Curl_sasl_cleanup(struct connectdata *conn, unsigned int authused)
 {
-#if defined(USE_KRB5)
+#if defined(USE_KERBEROS5)
   /* Cleanup the gssapi structure */
   if(authused == SASL_MECH_GSSAPI) {
     Curl_sasl_gssapi_cleanup(&conn->krb5);
   }
-#ifdef USE_NTLM
+#endif
+
+#if defined(USE_NTLM)
   /* Cleanup the ntlm structure */
-  else if(authused == SASL_MECH_NTLM) {
-    Curl_ntlm_sspi_cleanup(&conn->ntlm);
+  if(authused == SASL_MECH_NTLM) {
+    Curl_sasl_ntlm_cleanup(&conn->ntlm);
   }
 #endif
-#else
+
+#if !defined(USE_KERBEROS5) && !defined(USE_NTLM)
   /* Reserved for future use */
   (void)conn;
   (void)authused;