gskit: protect inetsocketpair() against foreign connection.

Avoid blocking read. Drain SSL over SSL output upon close.
gskit: Implement SSL over SSL
2015-12-23 15:43:25 +01:00 · 2015-12-22 15:58:28 +01:00 · 2015-12-16 00:32:13 +01:00 · 2015-12-15 14:56:54 +01:00 · 2015-12-15 14:30:25 +01:00 · 2015-11-19 23:29:04 +01:00
907 changed files with 35836 additions and 20009 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,48 +1,51 @@
-.deps
+*.asc
 .libs
 *.lib
 *.pdb
 *.dll
 *.exe
 *.obj
 *.asc
 .*.swp
 Debug
 Release
 *.exp
 *.la
 *.lib
 *.lo
 *.o
 *.obj
 *.pdb
 *~
 .*.swp
 .cproject
 .deps
 .dirstamp
 .libs
 .project
 .settings
 /build/
 /builds/
 CHANGES.dist
 Debug
 INSTALL
 Makefile
 Makefile.in
 Release
 TAGS
 aclocal.m4
 aclocal.m4.bak
 autom4te.cache
 compile
 config.cache
 config.guess
 config.log
 config.status
 config.sub
 configure
 depcomp
 libtool
 ltmain.sh
 compile
 curl-config
 libcurl.pc
 missing
 curl-*.tar.gz
 curl-*.tar.bz2
 curl-*.tar.gz
 curl-*.tar.lzma
 curl-*.zip
-INSTALL
+curl-config
 depcomp
 install-sh
-*.o
+libcurl.pc
-*.lo
+libtool
-*.la
+ltmain.sh
 missing
 mkinstalldirs
 tags
-TAGS
+test-driver
 *~
 aclocal.m4.bak
 CHANGES.dist
 .project
 .cproject
 .settings
 .dirstamp
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,8 +1,20 @@
 os:
  - linux
  - osx
 sudo: false
 language: c
 install:
  - if [ "$TRAVIS_OS_NAME" == "osx" ]; then brew update > /dev/null; fi
  - if [ "$TRAVIS_OS_NAME" == "osx" ]; then brew install openssl libidn rtmpdump libssh2 c-ares libmetalink libressl nghttp2; fi
 before_script:
  - ./buildconf
 script: ./configure --enable-debug && make && make test-full
 compiler:
  - clang
  - gcc
--- a/14
+++ b/14
@@ -1,15 +1,7 @@
-                                  _   _ ____  _
+See http://curl.haxx.se/changes.html for the edited and human readable online
-                              ___| | | |  _ \| |
+version of what has changed over the years in different curl releases.
                             / __| | | | |_) | |
                            | (__| |_| |  _ <| |___
                             \___|\___/|_| \_\_____|
-                                  Changelog
+Generate a CHANGES file like the one present in evey release like this:
 This file no longer holds the changelog. Now you can generate it yourself
 like this:
 $ git log --pretty=fuller --no-color --date=short --decorate=full | \
  ./log2changes.pl
 The older, manually edited, changelog is found in git named CHANGES.0
--- a/CMake/CurlTests.c
+++ b/CMake/CurlTests.c
@@ -139,7 +139,7 @@ int main(void)
  rc = gethostbyname_r(address, &h, &hdata);
 #elif defined(HAVE_GETHOSTBYNAME_R_5) || \
      defined(HAVE_GETHOSTBYNAME_R_5_REENTRANT)
-  rc = gethostbyname_r(address, &h, buffer, 8192, 0, &h_errnop);
+  rc = gethostbyname_r(address, &h, buffer, 8192, &h_errnop);
  (void)hp; /* not used for test */
 #elif defined(HAVE_GETHOSTBYNAME_R_6) || \
      defined(HAVE_GETHOSTBYNAME_R_6_REENTRANT)
--- a/CMake/FindGSS.cmake
+++ b/CMake/FindGSS.cmake
@@ -155,7 +155,7 @@ message(STATUS "LDFLAGS: ${_GSS_LIB_FLAGS}")
                set(GSS_FLAVOUR "MIT")
            else()
                # prevent compiling the header - just check if we can include it
-                set(CMAKE_REQUIRED_DEFINITIONS "-D__ROKEN_H__")
+                set(CMAKE_REQUIRED_DEFINITIONS "${CMAKE_REQUIRED_DEFINITIONS} -D__ROKEN_H__")
                check_include_file( "roken.h" _GSS_HAVE_ROKEN_H)
                check_include_file( "heimdal/roken.h" _GSS_HAVE_HEIMDAL_ROKEN_H)
--- a/CMake/OtherTests.cmake
+++ b/CMake/OtherTests.cmake
@@ -10,8 +10,8 @@ endmacro(add_header_include)
 set(signature_call_conv)
 if(HAVE_WINDOWS_H)
  add_header_include(HAVE_WINDOWS_H "windows.h")
  add_header_include(HAVE_WINSOCK2_H "winsock2.h")
  add_header_include(HAVE_WINDOWS_H "windows.h")
  add_header_include(HAVE_WINSOCK_H "winsock.h")
  set(_source_epilogue
      "${_source_epilogue}\n#ifndef WIN32_LEAN_AND_MEAN\n#define WIN32_LEAN_AND_MEAN\n#endif")
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -76,6 +76,24 @@ option(BUILD_CURL_TESTS "Set to ON to build cURL tests." ON)
 option(CURL_STATICLIB "Set to ON to build libcurl with static linking." OFF)
 option(ENABLE_ARES "Set to ON to enable c-ares support" OFF)
 option(ENABLE_THREADED_RESOLVER "Set to ON to enable POSIX threaded DNS lookup" OFF)
 option(ENABLE_DEBUG "Set to ON to enable curl debug features" OFF)
 option(ENABLE_CURLDEBUG "Set to ON to build with TrackMemory feature enabled" OFF)
 if (ENABLE_DEBUG)
  # DEBUGBUILD will be defined only for Debug builds
  if(NOT CMAKE_VERSION VERSION_LESS 3.0)
    set_property(DIRECTORY APPEND PROPERTY COMPILE_DEFINITIONS $<$<CONFIG:Debug>:DEBUGBUILD>)
  else()
    set_property(DIRECTORY APPEND PROPERTY COMPILE_DEFINITIONS_DEBUG DEBUGBUILD)
  endif()
  set(ENABLE_CURLDEBUG ON)
 endif()
 if (ENABLE_CURLDEBUG)
  set_property(DIRECTORY APPEND PROPERTY COMPILE_DEFINITIONS CURLDEBUG)
 endif()
 # initialize CURL_LIBS
 set(CURL_LIBS "")
@@ -104,10 +122,10 @@ endif()
 option(CURL_HIDDEN_SYMBOLS "Set to ON to hide libcurl internal symbols (=hide all symbols that aren't officially external)." ON)
 mark_as_advanced(CURL_HIDDEN_SYMBOLS)
-# IF(WIN32)
+IF(WIN32)
-# OPTION(CURL_WINDOWS_SSPI "Use windows libraries to allow NTLM authentication without openssl" ON)
+  OPTION(CURL_WINDOWS_SSPI "Use windows libraries to allow NTLM authentication without openssl" ON)
-# MARK_AS_ADVANCED(CURL_WINDOWS_SSPI)
+  MARK_AS_ADVANCED(CURL_WINDOWS_SSPI)
-# ENDIF()
+ENDIF()
 option(HTTP_ONLY "disables all protocols except HTTP (This overrides all CURL_DISABLE_* options)" OFF)
 mark_as_advanced(HTTP_ONLY)
@@ -168,7 +186,7 @@ option(DISABLED_THREADSAFE "Set to explicitly specify we don't want to use threa
 mark_as_advanced(DISABLED_THREADSAFE)
 option(ENABLE_IPV6 "Define if you want to enable IPv6 support" ON)
 mark_as_advanced(ENABLE_IPV6)
-if(ENABLE_IPV6)
+if(ENABLE_IPV6 AND NOT WIN32)
  include(CheckStructHasMember)
  check_struct_has_member("struct sockaddr_in6" sin6_addr "netinet/in.h"
                          HAVE_SOCKADDR_IN6_SIN6_ADDR)
@@ -238,6 +256,7 @@ include (CheckCSourceCompiles)
 # On windows preload settings
 if(WIN32)
  set(CMAKE_REQUIRED_DEFINITIONS "${CMAKE_REQUIRED_DEFINITIONS} -D_WINSOCKAPI_")
  include(${CMAKE_CURRENT_SOURCE_DIR}/CMake/Platforms/WindowsCache.cmake)
 endif(WIN32)
@@ -279,7 +298,6 @@ endif()
 option(CMAKE_USE_OPENSSL "Use OpenSSL code. Experimental" ON)
 mark_as_advanced(CMAKE_USE_OPENSSL)
 set(USE_SSLEAY OFF)
 set(USE_OPENSSL OFF)
 set(HAVE_LIBCRYPTO OFF)
 set(HAVE_LIBSSL OFF)
@@ -288,32 +306,31 @@ if(CMAKE_USE_OPENSSL)
  find_package(OpenSSL)
  if(OPENSSL_FOUND)
    list(APPEND CURL_LIBS ${OPENSSL_LIBRARIES})
    set(USE_SSLEAY ON)
    set(USE_OPENSSL ON)
    set(HAVE_LIBCRYPTO ON)
    set(HAVE_LIBSSL ON)
    include_directories(${OPENSSL_INCLUDE_DIR})
    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
-    check_include_file_concat("openssl/crypto.h" HAVE_OPENSSL_CRYPTO_H)
+    check_include_file("openssl/crypto.h" HAVE_OPENSSL_CRYPTO_H)
-    check_include_file_concat("openssl/engine.h" HAVE_OPENSSL_ENGINE_H)
+    check_include_file("openssl/engine.h" HAVE_OPENSSL_ENGINE_H)
-    check_include_file_concat("openssl/err.h"    HAVE_OPENSSL_ERR_H)
+    check_include_file("openssl/err.h"    HAVE_OPENSSL_ERR_H)
-    check_include_file_concat("openssl/pem.h"    HAVE_OPENSSL_PEM_H)
+    check_include_file("openssl/pem.h"    HAVE_OPENSSL_PEM_H)
-    check_include_file_concat("openssl/pkcs12.h" HAVE_OPENSSL_PKCS12_H)
+    check_include_file("openssl/pkcs12.h" HAVE_OPENSSL_PKCS12_H)
-    check_include_file_concat("openssl/rsa.h"    HAVE_OPENSSL_RSA_H)
+    check_include_file("openssl/rsa.h"    HAVE_OPENSSL_RSA_H)
-    check_include_file_concat("openssl/ssl.h"    HAVE_OPENSSL_SSL_H)
+    check_include_file("openssl/ssl.h"    HAVE_OPENSSL_SSL_H)
-    check_include_file_concat("openssl/x509.h"   HAVE_OPENSSL_X509_H)
+    check_include_file("openssl/x509.h"   HAVE_OPENSSL_X509_H)
-    check_include_file_concat("openssl/rand.h"   HAVE_OPENSSL_RAND_H)
+    check_include_file("openssl/rand.h"   HAVE_OPENSSL_RAND_H)
  endif()
 endif()
 if(NOT CURL_DISABLE_LDAP)
  if(WIN32)
-    option(CURL_LDAP_WIN "Use Windows LDAP implementation" ON)
+    option(USE_WIN32_LDAP "Use Windows LDAP implementation" ON)
-    if(CURL_LDAP_WIN)
+    if(USE_WIN32_LDAP)
      check_library_exists("wldap32" cldap_open "" HAVE_WLDAP32)
      if(NOT HAVE_WLDAP32)
-        set(CURL_LDAP_WIN OFF)
+        set(USE_WIN32_LDAP OFF)
      endif()
    endif()
  endif()
@@ -323,12 +340,12 @@ if(NOT CURL_DISABLE_LDAP)
  set(CMAKE_LDAP_LIB "ldap" CACHE STRING "Name or full path to ldap library")
  set(CMAKE_LBER_LIB "lber" CACHE STRING "Name or full path to lber library")
-  if(CMAKE_USE_OPENLDAP AND CURL_LDAP_WIN)
+  if(CMAKE_USE_OPENLDAP AND USE_WIN32_LDAP)
-    message(FATAL_ERROR "Cannot use CURL_LDAP_WIN and CMAKE_USE_OPENLDAP at the same time")
+    message(FATAL_ERROR "Cannot use USE_WIN32_LDAP and CMAKE_USE_OPENLDAP at the same time")
  endif()
  # Now that we know, we're not using windows LDAP...
-  if(NOT CURL_LDAP_WIN)
+  if(NOT USE_WIN32_LDAP)
    # Check for LDAP
    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_LIBRARIES})
    check_library_exists_concat(${CMAKE_LDAP_LIB} ldap_init HAVE_LIBLDAP)
@@ -338,9 +355,10 @@ if(NOT CURL_DISABLE_LDAP)
    check_include_file_concat("winber.h"  HAVE_WINBER_H)
  endif()
  set(CMAKE_REQUIRED_INCLUDES_BAK ${CMAKE_REQUIRED_INCLUDES})
  set(CMAKE_LDAP_INCLUDE_DIR "" CACHE STRING "Path to LDAP include directory")
  if(CMAKE_LDAP_INCLUDE_DIR)
-    set(CMAKE_REQUIRED_INCLUDES ${CMAKE_LDAP_INCLUDE_DIR})
+    list(APPEND CMAKE_REQUIRED_INCLUDES ${CMAKE_LDAP_INCLUDE_DIR})
  endif()
  check_include_file_concat("ldap.h"           HAVE_LDAP_H)
  check_include_file_concat("lber.h"           HAVE_LBER_H)
@@ -348,9 +366,11 @@ if(NOT CURL_DISABLE_LDAP)
  if(NOT HAVE_LDAP_H)
    message(STATUS "LDAP_H not found CURL_DISABLE_LDAP set ON")
    set(CURL_DISABLE_LDAP ON CACHE BOOL "" FORCE)
    set(CMAKE_REQUIRED_INCLUDES ${CMAKE_REQUIRED_INCLUDES_BAK}) #LDAP includes won't be used
  elseif(NOT HAVE_LIBLDAP)
    message(STATUS "LDAP library '${CMAKE_LDAP_LIB}' not found CURL_DISABLE_LDAP set ON")
    set(CURL_DISABLE_LDAP ON CACHE BOOL "" FORCE)
    set(CMAKE_REQUIRED_INCLUDES ${CMAKE_REQUIRED_INCLUDES_BAK}) #LDAP includes won't be used
  else()
    if(CMAKE_USE_OPENLDAP)
      set(USE_OPENLDAP ON)
@@ -384,7 +404,7 @@ if(NOT CURL_DISABLE_LDAP)
        return 0;
      }"
    )
-    set(CMAKE_REQUIRED_DEFINITIONS "-DLDAP_DEPRECATED=1" "-DWIN32_LEAN_AND_MEAN")
+    set(CMAKE_REQUIRED_DEFINITIONS "${CMAKE_REQUIRED_DEFINITIONS} -DLDAP_DEPRECATED=1")
    list(APPEND CMAKE_REQUIRED_LIBRARIES ${CMAKE_LDAP_LIB})
    if(HAVE_LIBLBER)
      list(APPEND CMAKE_REQUIRED_LIBRARIES ${CMAKE_LBER_LIB})
@@ -431,6 +451,7 @@ if(CURL_ZLIB)
    set(HAVE_LIBZ ON)
    list(APPEND CURL_LIBS ${ZLIB_LIBRARIES})
    include_directories(${ZLIB_INCLUDE_DIRS})
    list(APPEND CMAKE_REQUIRED_INCLUDES ${ZLIB_INCLUDE_DIRS})
  endif()
 endif()
@@ -446,7 +467,7 @@ if(CMAKE_USE_LIBSSH2)
  if(LIBSSH2_FOUND)
    list(APPEND CURL_LIBS ${LIBSSH2_LIBRARY})
    set(CMAKE_REQUIRED_LIBRARIES ${LIBSSH2_LIBRARY})
-    set(CMAKE_REQUIRED_INCLUDES "${LIBSSH2_INCLUDE_DIR}")
+    list(APPEND CMAKE_REQUIRED_INCLUDES "${LIBSSH2_INCLUDE_DIR}")
    include_directories("${LIBSSH2_INCLUDE_DIR}")
    set(HAVE_LIBSSH2 ON)
    set(USE_LIBSSH2 ON)
@@ -474,12 +495,12 @@ mark_as_advanced(CMAKE_USE_GSSAPI)
 if(CMAKE_USE_GSSAPI)
  find_package(GSS)
-  set(HAVE_GSS_API ${GSS_FOUND})
+  set(HAVE_GSSAPI ${GSS_FOUND})
  if(GSS_FOUND)
    message(STATUS "Found ${GSS_FLAVOUR} GSSAPI version: \"${GSS_VERSION}\"")
-    set(CMAKE_REQUIRED_INCLUDES ${GSS_INCLUDE_DIR})
+    list(APPEND CMAKE_REQUIRED_INCLUDES ${GSS_INCLUDE_DIRECTORIES})
    check_include_file_concat("gssapi/gssapi.h"  HAVE_GSSAPI_GSSAPI_H)
    check_include_file_concat("gssapi/gssapi_generic.h" HAVE_GSSAPI_GSSAPI_GENERIC_H)
    check_include_file_concat("gssapi/gssapi_krb5.h" HAVE_GSSAPI_GSSAPI_KRB5_H)
@@ -515,7 +536,7 @@ if(CMAKE_USE_GSSAPI)
    endif()
-    include_directories(${GSS_INCLUDE_DIR})
+    include_directories(${GSS_INCLUDE_DIRECTORIES})
    link_directories(${GSS_LINK_DIRECTORIES})
    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${GSS_COMPILER_FLAGS}")
    set(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} ${GSS_LINKER_FLAGS}")
@@ -535,17 +556,28 @@ else()
  unset(USE_UNIX_SOCKETS CACHE)
 endif()
 # Check for header files
 if(NOT UNIX)
  check_include_file_concat("ws2tcpip.h"     HAVE_WS2TCPIP_H)
  check_include_file_concat("winsock2.h"     HAVE_WINSOCK2_H)
 endif(NOT UNIX)
 check_include_file_concat("stdio.h"          HAVE_STDIO_H)
 if(NOT UNIX)
  check_include_file_concat("windows.h"      HAVE_WINDOWS_H)
  check_include_file_concat("winsock.h"      HAVE_WINSOCK_H)
  check_include_file_concat("ws2tcpip.h"     HAVE_WS2TCPIP_H)
  check_include_file_concat("winsock2.h"     HAVE_WINSOCK2_H)
  if(CURL_WINDOWS_SSPI)
    set(CMAKE_REQUIRED_DEFINITIONS "${CMAKE_REQUIRED_DEFINITIONS} -DSECURITY_WIN32")
    check_include_file_concat("sspi.h"       HAVE_SSPI_H)
    if(HAVE_SSPI_H)
      check_include_file_concat("schannel.h" HAVE_SCHANNEL_H)
      set(USE_WINDOWS_SSPI ON)
      if(HAVE_SCHANNEL_H)
        set(USE_SCHANNEL ON)
        set(SSL_ENABLED ON)
      endif()
    endif()
  endif()
 endif(NOT UNIX)
 check_include_file_concat("stdio.h"          HAVE_STDIO_H)
 check_include_file_concat("inttypes.h"       HAVE_INTTYPES_H)
 check_include_file_concat("sys/filio.h"      HAVE_SYS_FILIO_H)
 check_include_file_concat("sys/ioctl.h"      HAVE_SYS_IOCTL_H)
@@ -737,7 +769,6 @@ if(CMAKE_USE_OPENSSL)
    HAVE_CRYPTO_CLEANUP_ALL_EX_DATA)
  if(HAVE_LIBCRYPTO AND HAVE_LIBSSL)
    set(USE_OPENSSL 1)
    set(USE_SSLEAY 1)
  endif(HAVE_LIBCRYPTO AND HAVE_LIBSSL)
 endif(CMAKE_USE_OPENSSL)
 check_symbol_exists(gmtime_r      "${CURL_INCLUDES}" HAVE_GMTIME_R)
@@ -1032,12 +1063,12 @@ _add_if("AsynchDNS"     USE_ARES OR USE_THREADS_POSIX)
 _add_if("IDN"           HAVE_LIBIDN)
 # TODO SSP1 (WinSSL) check is missing
 _add_if("SSPI"          USE_WINDOWS_SSPI)
-_add_if("GSS-API"       HAVE_GSS_API)
+_add_if("GSS-API"       HAVE_GSSAPI)
 # TODO SSP1 missing for SPNEGO
 _add_if("SPNEGO"        NOT CURL_DISABLE_CRYPTO_AUTH AND
-                        (HAVE_GSS_API OR USE_WINDOWS_SSPI))
+                        (HAVE_GSSAPI OR USE_WINDOWS_SSPI))
 _add_if("Kerberos"      NOT CURL_DISABLE_CRYPTO_AUTH AND
-                        (HAVE_GSS_API OR USE_WINDOWS_SSPI))
+                        (HAVE_GSSAPI OR USE_WINDOWS_SSPI))
 # NTLM support requires crypto function adaptions from various SSL libs
 # TODO alternative SSL libs tests for SSP1, GNUTLS, NSS, DARWINSSL
 if(NOT CURL_DISABLE_CRYPTO_AUTH AND (USE_OPENSSL OR
@@ -1122,7 +1153,7 @@ set(VERSIONNUM              "${CURL_VERSION_NUM}")
 # Finally generate a "curl-config" matching this config
 configure_file("${CURL_SOURCE_DIR}/curl-config.in"
               "${CURL_BINARY_DIR}/curl-config" @ONLY)
-install(FILES "${CMAKE_BINARY_DIR}/curl-config"
+install(FILES "${CURL_BINARY_DIR}/curl-config"
        DESTINATION bin
        PERMISSIONS
          OWNER_READ OWNER_WRITE OWNER_EXECUTE
@@ -1132,7 +1163,7 @@ install(FILES "${CMAKE_BINARY_DIR}/curl-config"
 # Finally generate a pkg-config file matching this config
 configure_file("${CURL_SOURCE_DIR}/libcurl.pc.in"
               "${CURL_BINARY_DIR}/libcurl.pc" @ONLY)
-install(FILES "${CMAKE_BINARY_DIR}/libcurl.pc"
+install(FILES "${CURL_BINARY_DIR}/libcurl.pc"
        DESTINATION lib/pkgconfig)
 # This needs to be run very last so other parts of the scripts can take advantage of this.
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -0,0 +1,25 @@
 How to contribute to curl
 =========================
 Join the community
 ------------------
 1. Click 'watch' on the github repo
 2. Subscribe to the suitable [mailing lists](http://curl.haxx.se/mail/)
 Read [docs/CONTRIBUTE](docs/CONTRIBUTE)
 ---------------------------------------
 Send your suggestions using one of these methods:
 -------------------------------------------------
 1. in a mail to the mailing list
 2. as a pull request on github
 3. as an issue on github
 / The cURL team!
--- a/6
+++ b/6
@@ -65,7 +65,7 @@ else
 ARCHES64='-arch x86_64'
 #We "know" that 10.4 and earlier do not support 64bit
 OLD_SDK64=`ls  $SDK_PATH|egrep -v "10.[0-4]"|head -1`
- NEW_SDK64=`ls -r $SDK_PATH|egrep -v "10.[0-4]"|head -1`
+ NEW_SDK64=`ls -r $SDK_PATH|egrep -v "10.[0-4][^0-9]" | head -1`
 if test $USE_OLD -gt 0
  then
   SDK64=$OLD_SDK64
@@ -94,7 +94,7 @@ if test ! -z $SDK32; then
  rm -r libcurl.framework
  mkdir -p libcurl.framework/${FRAMEWORK_VERSION}/Resources
  cp lib/.libs/libcurl.dylib libcurl.framework/${FRAMEWORK_VERSION}/libcurl
-  install_name_tool -id @executable_path/../Frameworks/libcurl.framework/${FRAMEWORK_VERSION}/libcurl libcurl.framework/${FRAMEWORK_VERSION}/libcurl
+  install_name_tool -id @rpath/libcurl.framework/${FRAMEWORK_VERSION}/libcurl libcurl.framework/${FRAMEWORK_VERSION}/libcurl
  /usr/bin/sed -e "s/7\.12\.3/$VERSION/" lib/libcurl.plist >libcurl.framework/${FRAMEWORK_VERSION}/Resources/Info.plist
  mkdir -p libcurl.framework/${FRAMEWORK_VERSION}/Headers/curl
  cp include/curl/*.h libcurl.framework/${FRAMEWORK_VERSION}/Headers/curl
@@ -121,7 +121,7 @@ if test ! -z $SDK32; then
    echo "----Appending 64 bit framework to 32 bit framework..."
    cp lib/.libs/libcurl.dylib libcurl.framework/${FRAMEWORK_VERSION}/libcurl64
-    install_name_tool -id @executable_path/../Frameworks/libcurl.framework/${FRAMEWORK_VERSION}/libcurl libcurl.framework/${FRAMEWORK_VERSION}/libcurl64
+    install_name_tool -id @rpath/libcurl.framework/${FRAMEWORK_VERSION}/libcurl libcurl.framework/${FRAMEWORK_VERSION}/libcurl64
    cp libcurl.framework/${FRAMEWORK_VERSION}/libcurl libcurl.framework/${FRAMEWORK_VERSION}/libcurl32
    pwd
    lipo libcurl.framework/${FRAMEWORK_VERSION}/libcurl32 libcurl.framework/${FRAMEWORK_VERSION}/libcurl64 -create -output libcurl.framework/${FRAMEWORK_VERSION}/libcurl
--- a/Makefile.am
+++ b/Makefile.am
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -30,101 +30,113 @@ CMAKE_DIST = CMakeLists.txt CMake/CMakeConfigurableFile.in	\
 include/curl/curlbuild.h.cmake CMake/Macros.cmake
 VC6_LIBTMPL = projects/Windows/VC6/lib/libcurl.tmpl
-VC6_LIBDSP = projects/Windows/VC6/lib/libcurl.dsp
+VC6_LIBDSP = projects/Windows/VC6/lib/libcurl.dsp.dist
 VC6_LIBDSP_DEPS = $(VC6_LIBTMPL) Makefile.am lib/Makefile.inc
-VC6_SRCTMPL = projects/Windows/VC6/src/curlsrc.tmpl
+VC6_SRCTMPL = projects/Windows/VC6/src/curl.tmpl
-VC6_SRCDSP = projects/Windows/VC6/src/curlsrc.dsp
+VC6_SRCDSP = projects/Windows/VC6/src/curl.dsp.dist
 VC6_SRCDSP_DEPS = $(VC6_SRCTMPL) Makefile.am src/Makefile.inc
 VC7_LIBTMPL = projects/Windows/VC7/lib/libcurl.tmpl
-VC7_LIBVCPROJ = projects/Windows/VC7/lib/libcurl.vcproj
+VC7_LIBVCPROJ = projects/Windows/VC7/lib/libcurl.vcproj.dist
 VC7_LIBVCPROJ_DEPS = $(VC7_LIBTMPL) Makefile.am lib/Makefile.inc
-VC7_SRCTMPL = projects/Windows/VC7/src/curlsrc.tmpl
+VC7_SRCTMPL = projects/Windows/VC7/src/curl.tmpl
-VC7_SRCVCPROJ = projects/Windows/VC7/src/curlsrc.vcproj
+VC7_SRCVCPROJ = projects/Windows/VC7/src/curl.vcproj.dist
 VC7_SRCVCPROJ_DEPS = $(VC7_SRCTMPL) Makefile.am src/Makefile.inc
 VC71_LIBTMPL = projects/Windows/VC7.1/lib/libcurl.tmpl
-VC71_LIBVCPROJ = projects/Windows/VC7.1/lib/libcurl.vcproj
+VC71_LIBVCPROJ = projects/Windows/VC7.1/lib/libcurl.vcproj.dist
 VC71_LIBVCPROJ_DEPS = $(VC71_LIBTMPL) Makefile.am lib/Makefile.inc
-VC71_SRCTMPL = projects/Windows/VC7.1/src/curlsrc.tmpl
+VC71_SRCTMPL = projects/Windows/VC7.1/src/curl.tmpl
-VC71_SRCVCPROJ = projects/Windows/VC7.1/src/curlsrc.vcproj
+VC71_SRCVCPROJ = projects/Windows/VC7.1/src/curl.vcproj.dist
 VC71_SRCVCPROJ_DEPS = $(VC71_SRCTMPL) Makefile.am src/Makefile.inc
 VC8_LIBTMPL = projects/Windows/VC8/lib/libcurl.tmpl
-VC8_LIBVCPROJ = projects/Windows/VC8/lib/libcurl.vcproj
+VC8_LIBVCPROJ = projects/Windows/VC8/lib/libcurl.vcproj.dist
 VC8_LIBVCPROJ_DEPS = $(VC8_LIBTMPL) Makefile.am lib/Makefile.inc
-VC8_SRCTMPL = projects/Windows/VC8/src/curlsrc.tmpl
+VC8_SRCTMPL = projects/Windows/VC8/src/curl.tmpl
-VC8_SRCVCPROJ = projects/Windows/VC8/src/curlsrc.vcproj
+VC8_SRCVCPROJ = projects/Windows/VC8/src/curl.vcproj.dist
 VC8_SRCVCPROJ_DEPS = $(VC8_SRCTMPL) Makefile.am src/Makefile.inc
 VC9_LIBTMPL = projects/Windows/VC9/lib/libcurl.tmpl
-VC9_LIBVCPROJ = projects/Windows/VC9/lib/libcurl.vcproj
+VC9_LIBVCPROJ = projects/Windows/VC9/lib/libcurl.vcproj.dist
 VC9_LIBVCPROJ_DEPS = $(VC9_LIBTMPL) Makefile.am lib/Makefile.inc
-VC9_SRCTMPL = projects/Windows/VC9/src/curlsrc.tmpl
+VC9_SRCTMPL = projects/Windows/VC9/src/curl.tmpl
-VC9_SRCVCPROJ = projects/Windows/VC9/src/curlsrc.vcproj
+VC9_SRCVCPROJ = projects/Windows/VC9/src/curl.vcproj.dist
 VC9_SRCVCPROJ_DEPS = $(VC9_SRCTMPL) Makefile.am src/Makefile.inc
 VC10_LIBTMPL = projects/Windows/VC10/lib/libcurl.tmpl
-VC10_LIBVCXPROJ = projects/Windows/VC10/lib/libcurl.vcxproj
+VC10_LIBVCXPROJ = projects/Windows/VC10/lib/libcurl.vcxproj.dist
 VC10_LIBVCXPROJ_DEPS = $(VC10_LIBTMPL) Makefile.am lib/Makefile.inc
-VC10_SRCTMPL = projects/Windows/VC10/src/curlsrc.tmpl
+VC10_SRCTMPL = projects/Windows/VC10/src/curl.tmpl
-VC10_SRCVCXPROJ = projects/Windows/VC10/src/curlsrc.vcxproj
+VC10_SRCVCXPROJ = projects/Windows/VC10/src/curl.vcxproj.dist
 VC10_SRCVCXPROJ_DEPS = $(VC10_SRCTMPL) Makefile.am src/Makefile.inc
 VC11_LIBTMPL = projects/Windows/VC11/lib/libcurl.tmpl
-VC11_LIBVCXPROJ = projects/Windows/VC11/lib/libcurl.vcxproj
+VC11_LIBVCXPROJ = projects/Windows/VC11/lib/libcurl.vcxproj.dist
 VC11_LIBVCXPROJ_DEPS = $(VC11_LIBTMPL) Makefile.am lib/Makefile.inc
-VC11_SRCTMPL = projects/Windows/VC11/src/curlsrc.tmpl
+VC11_SRCTMPL = projects/Windows/VC11/src/curl.tmpl
-VC11_SRCVCXPROJ = projects/Windows/VC11/src/curlsrc.vcxproj
+VC11_SRCVCXPROJ = projects/Windows/VC11/src/curl.vcxproj.dist
 VC11_SRCVCXPROJ_DEPS = $(VC11_SRCTMPL) Makefile.am src/Makefile.inc
 VC12_LIBTMPL = projects/Windows/VC12/lib/libcurl.tmpl
-VC12_LIBVCXPROJ = projects/Windows/VC12/lib/libcurl.vcxproj
+VC12_LIBVCXPROJ = projects/Windows/VC12/lib/libcurl.vcxproj.dist
 VC12_LIBVCXPROJ_DEPS = $(VC12_LIBTMPL) Makefile.am lib/Makefile.inc
-VC12_SRCTMPL = projects/Windows/VC12/src/curlsrc.tmpl
+VC12_SRCTMPL = projects/Windows/VC12/src/curl.tmpl
-VC12_SRCVCXPROJ = projects/Windows/VC12/src/curlsrc.vcxproj
+VC12_SRCVCXPROJ = projects/Windows/VC12/src/curl.vcxproj.dist
 VC12_SRCVCXPROJ_DEPS = $(VC12_SRCTMPL) Makefile.am src/Makefile.inc
 VC14_LIBTMPL = projects/Windows/VC14/lib/libcurl.tmpl
 VC14_LIBVCXPROJ = projects/Windows/VC14/lib/libcurl.vcxproj.dist
 VC14_LIBVCXPROJ_DEPS = $(VC14_LIBTMPL) Makefile.am lib/Makefile.inc
 VC14_SRCTMPL = projects/Windows/VC14/src/curl.tmpl
 VC14_SRCVCXPROJ = projects/Windows/VC14/src/curl.vcxproj.dist
 VC14_SRCVCXPROJ_DEPS = $(VC14_SRCTMPL) Makefile.am src/Makefile.inc
 VC_DIST = projects/README	\
 projects/build-openssl.bat	\
 projects/build-wolfssl.bat	\
 projects/checksrc.bat	\
- projects/Windows/VC6/curl.dsw	\
+ projects/Windows/VC6/curl-all.dsw	\
- projects/Windows/VC6/lib/libcurl.dsw $(VC6_LIBDSP)	\
+ projects/Windows/VC6/lib/libcurl.dsw \
- projects/Windows/VC6/src/curlsrc.dsw $(VC6_SRCDSP)	\
+ projects/Windows/VC6/src/curl.dsw \
- projects/Windows/VC7/curl.sln	\
+ projects/Windows/VC7/curl-all.sln	\
- projects/Windows/VC7/lib/libcurl.sln $(VC7_LIBVCPROJ)	\
+ projects/Windows/VC7/lib/libcurl.sln 	\
- projects/Windows/VC7/src/curlsrc.sln $(VC7_SRCVCPROJ)	\
+ projects/Windows/VC7/src/curl.sln 	\
- projects/Windows/VC7.1/curl.sln	\
+ projects/Windows/VC7.1/curl-all.sln	\
- projects/Windows/VC7.1/lib/libcurl.sln $(VC71_LIBVCPROJ)	\
+ projects/Windows/VC7.1/lib/libcurl.sln \
- projects/Windows/VC7.1/src/curlsrc.sln $(VC71_SRCVCPROJ)	\
+ projects/Windows/VC7.1/src/curl.sln \
- projects/Windows/VC8/curl.sln	\
+ projects/Windows/VC8/curl-all.sln	\
- projects/Windows/VC8/lib/libcurl.sln $(VC8_LIBVCPROJ)	\
+ projects/Windows/VC8/lib/libcurl.sln 	\
- projects/Windows/VC8/src/curlsrc.sln $(VC8_SRCVCPROJ)	\
+ projects/Windows/VC8/src/curl.sln 	\
- projects/Windows/VC9/curl.sln	\
+ projects/Windows/VC9/curl-all.sln	\
- projects/Windows/VC9/lib/libcurl.sln $(VC9_LIBVCPROJ)	\
+ projects/Windows/VC9/lib/libcurl.sln 	\
- projects/Windows/VC9/src/curlsrc.sln $(VC9_SRCVCPROJ)	\
+ projects/Windows/VC9/src/curl.sln 	\
- projects/Windows/VC10/curl.sln	\
+ projects/Windows/VC10/curl-all.sln	\
- projects/Windows/VC10/lib/libcurl.sln $(VC10_LIBVCXPROJ)	\
+ projects/Windows/VC10/lib/libcurl.sln 	\
- projects/Windows/VC10/src/curlsrc.sln $(VC10_SRCVCXPROJ)	\
+ projects/Windows/VC10/src/curl.sln  \
- projects/Windows/VC11/curl.sln	\
+ projects/Windows/VC11/curl-all.sln	\
- projects/Windows/VC11/lib/libcurl.sln $(VC11_LIBVCXPROJ)	\
+ projects/Windows/VC11/lib/libcurl.sln 	\
- projects/Windows/VC11/src/curlsrc.sln $(VC11_SRCVCXPROJ)	\
+ projects/Windows/VC11/src/curl.sln 	\
- projects/Windows/VC12/curl.sln	\
+ projects/Windows/VC12/curl-all.sln	\
- projects/Windows/VC12/lib/libcurl.sln $(VC12_LIBVCXPROJ)	\
+ projects/Windows/VC12/lib/libcurl.sln 	\
- projects/Windows/VC12/src/curlsrc.sln $(VC12_SRCVCXPROJ)
+ projects/Windows/VC12/src/curl.sln	\
 projects/Windows/VC14/curl-all.sln	\
 projects/Windows/VC14/lib/libcurl.sln 	\
 projects/Windows/VC14/src/curl.sln
 WINBUILD_DIST = winbuild/BUILD.WINDOWS.txt winbuild/gen_resp_file.bat	\
 winbuild/MakefileBuild.vc winbuild/Makefile.vc				\
 winbuild/Makefile.msvc.names
 EXTRA_DIST = CHANGES COPYING maketgz Makefile.dist curl-config.in	\
- RELEASE-NOTES buildconf libcurl.pc.in MacOSX-Framework	\
+ RELEASE-NOTES buildconf libcurl.pc.in MacOSX-Framework scripts/zsh.pl	\
 $(CMAKE_DIST) $(VC_DIST) $(WINBUILD_DIST) lib/libcurl.vers.in
 CLEANFILES = $(VC6_LIBDSP) $(VC6_SRCDSP) $(VC7_LIBVCPROJ) $(VC7_SRCVCPROJ)	\
 $(VC71_LIBVCPROJ) $(VC71_SRCVCPROJ) $(VC8_LIBVCPROJ) $(VC8_SRCVCPROJ)	\
 $(VC9_LIBVCPROJ) $(VC9_SRCVCPROJ) $(VC10_LIBVCXPROJ) $(VC10_SRCVCXPROJ)	\
- $(VC11_LIBVCXPROJ) $(VC11_SRCVCXPROJ) $(VC12_LIBVCXPROJ) $(VC12_SRCVCXPROJ)
+ $(VC11_LIBVCXPROJ) $(VC11_SRCVCXPROJ) $(VC12_LIBVCXPROJ) $(VC12_SRCVCXPROJ)	\
 $(VC14_LIBVCXPROJ) $(VC14_SRCVCXPROJ)
 bin_SCRIPTS = curl-config
@@ -153,7 +165,7 @@ html:
 pdf:
 	cd docs; make pdf
-check: test examples
+check: test examples check-docs
 if CROSSCOMPILING
 test-full: test
@@ -181,6 +193,9 @@ endif
 examples:
 	@(cd docs/examples; $(MAKE) check)
 check-docs:
 	@(cd docs/libcurl; $(MAKE) check)
 # This is a hook to have 'make clean' also clean up the docs and the tests
 # dir. The extra check for the Makefiles being present is necessary because
 # 'make distcheck' will make clean first in these directories _before_ it runs
@@ -266,7 +281,7 @@ vc-ide: $(VC6_LIBDSP_DEPS) $(VC6_SRCDSP_DEPS) $(VC7_LIBVCPROJ_DEPS)	\
 $(VC8_LIBVCPROJ_DEPS) $(VC8_SRCVCPROJ_DEPS) $(VC9_LIBVCPROJ_DEPS)	\
 $(VC9_SRCVCPROJ_DEPS) $(VC10_LIBVCXPROJ_DEPS) $(VC10_SRCVCXPROJ_DEPS)	\
 $(VC11_LIBVCXPROJ_DEPS) $(VC11_SRCVCXPROJ_DEPS) $(VC12_LIBVCXPROJ_DEPS)	\
- $(VC12_SRCVCXPROJ_DEPS)
+ $(VC12_SRCVCXPROJ_DEPS) $(VC14_LIBVCXPROJ_DEPS) $(VC14_SRCVCXPROJ_DEPS)
 	@(win32_lib_srcs='$(LIB_CFILES)'; \
 	win32_lib_hdrs='$(LIB_HFILES) config-win32.h'; \
 	win32_lib_rc='$(LIB_RCFILES)'; \
@@ -527,4 +542,22 @@ function gen_element(type, dir, file)\
 		-v src_rc="$$win32_src_rc" \
 		-v src_x_srcs="$$sorted_src_x_srcs" \
 		-v src_x_hdrs="$$sorted_src_x_hdrs" \
-		"$$awk_code" $(srcdir)/$(VC12_SRCTMPL) > $(VC12_SRCVCXPROJ) || { exit 1; };)
+		"$$awk_code" $(srcdir)/$(VC12_SRCTMPL) > $(VC12_SRCVCXPROJ) || { exit 1; }; \
 	\
 	echo "generating '$(VC14_LIBVCXPROJ)'"; \
 	awk -v proj_type=vcxproj \
 		-v lib_srcs="$$sorted_lib_srcs" \
 		-v lib_hdrs="$$sorted_lib_hdrs" \
 		-v lib_rc="$$win32_lib_rc" \
 		-v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \
 		-v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \
 		"$$awk_code" $(srcdir)/$(VC14_LIBTMPL) > $(VC14_LIBVCXPROJ) || { exit 1; }; \
 	\
 	echo "generating '$(VC14_SRCVCXPROJ)'"; \
 	awk -v proj_type=vcxproj \
 		-v src_srcs="$$sorted_src_srcs" \
 		-v src_hdrs="$$sorted_src_hdrs" \
 		-v src_rc="$$win32_src_rc" \
 		-v src_x_srcs="$$sorted_src_x_srcs" \
 		-v src_x_hdrs="$$sorted_src_x_hdrs" \
 		"$$awk_code" $(srcdir)/$(VC14_SRCTMPL) > $(VC14_SRCVCXPROJ) || { exit 1; };)
--- a/Makefile.dist
+++ b/Makefile.dist
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -566,6 +566,17 @@ src/Makefile.vc12: src/Makefile.vc6
 	@echo "generate $@"
 	@sed -e "s#/GX /DWIN32 /YX#/EHsc /DWIN32#" -e "s#/GZ#/RTC1#" -e "s/ws2_32.lib/ws2_32.lib/g" -e "s/vc6/vc12/g" -e "s/VC6/VC12/g" src/Makefile.vc6 > src/Makefile.vc12
 # VC14 makefiles are for use with VS2015
 vc14: lib/Makefile.vc14 src/Makefile.vc14
 lib/Makefile.vc14: lib/Makefile.vc6
 	@echo "generate $@"
 	@sed -e "s#/GX /DWIN32 /YX#/EHsc /DWIN32#" -e "s#/GZ#/RTC1#" -e "s/ws2_32.lib/ws2_32.lib/g" -e "s/vc6/vc14/g" -e "s/VC6/VC14/g" lib/Makefile.vc6 > lib/Makefile.vc14
 src/Makefile.vc14: src/Makefile.vc6
 	@echo "generate $@"
 	@sed -e "s#/GX /DWIN32 /YX#/EHsc /DWIN32#" -e "s#/GZ#/RTC1#" -e "s/ws2_32.lib/ws2_32.lib/g" -e "s/vc6/vc14/g" -e "s/VC6/VC14/g" src/Makefile.vc6 > src/Makefile.vc14
 ca-bundle: lib/mk-ca-bundle.pl
 	@echo "generate a fresh ca-bundle.crt"
 	@perl $< -b -l -u lib/ca-bundle.crt
--- a/4
+++ b/4
@@ -38,12 +38,12 @@ GIT
  To download the very latest source off the GIT server do this:
-    git clone git://github.com/bagder/curl.git
+    git clone https://github.com/bagder/curl.git
  (you'll get a directory named curl created, filled with the source code)
 NOTICE
  Curl contains pieces of source code that is Copyright (c) 1998, 1999
-  Kungliga Tekniska H<EFBFBD>gskolan. This notice is included here to comply with the
+  Kungliga Tekniska Högskolan. This notice is included here to comply with the
  distribution terms.
--- a/253
+++ b/253
@@ -1,146 +1,73 @@
-Curl and libcurl 7.40.0
+Curl and libcurl 7.46.0
- Public curl releases:         143
+ Public curl releases:         150
- Command line options:         162
+ Command line options:         177
- curl_easy_setopt() options:   208
+ curl_easy_setopt() options:   221
- Public functions in libcurl:  58
+ Public functions in libcurl:  61
- Contributors:                 1219
+ Contributors:                 1322
 This release includes the following changes:
- o http_digest: Added support for Windows SSPI based authentication
+ o configure: build silently by default
- o version info: Added Kerberos V5 to the supported features
+ o cookies: Add support for Publix Suffix List with libpsl
- o Makefile: Added VC targets for WinIDN
+ o vtls: added support for mbedTLS [7]
- o config-win32: Introduce build targets for VS2012+
+ o Added CURLOPT_STREAM_DEPENDS [8]
- o SSL: Add PEM format support for public key pinning
+ o Added CURLOPT_STREAM_DEPENDS_E [9]
- o smtp: Added support for the conversion of Unix newlines during mail send [8]
+ o Added CURLOPT_STREAM_WEIGHT [10]
- o smb: Added initial support for the SMB/CIFS protocol
+ o Added CURLFORM_CONTENTLEN [14]
- o Added support for HTTP over unix domain sockets, via
+ o oauth2: Added support for OAUTHBEARER SASL mechanism to IMAP, POP3 and SNMP
   CURLOPT_UNIX_SOCKET_PATH and --unix-socket
 o sasl: Added support for GSS-API based Kerberos V5 authentication
 This release includes the following bugfixes:
- o darwinssl: fix session ID keys to only reuse identical sessions [18]
+ o des: Fix header conditional for Curl_des_set_odd_parity
- o url-parsing: reject CRLFs within URLs [19]
+ o ntlm: get rid of unconditional use of long long [1]
- o OS400: Adjust specific support to last release
+ o CURLOPT_CERTINFO.3: fix reference to CURLINFO_CERTINFO
- o THANKS: Remove duplicate names
+ o docs: CURLINFO_LASTSOCKET => CURLINFO_ACTIVESOCKET [2]
- o url.c: Fixed compilation warning
+ o http2: Fix http2_recv to return -1 if recv returned -1
- o ssh: Fixed build on platforms where R_OK is not defined [1]
+ o curl_global_init_mem: set function pointers before doing init
- o tool_strdup.c: include the tool strdup.h
+ o ntlm: error out without 64bit support as the code needs it [1]
- o build: Fixed Visual Studio project file generation of strdup.[c|h]
+ o openssl: Fix set up of pkcs12 certificate verification chain
- o curl_easy_setopt.3: add CURLOPT_PINNEDPUBLICKEY [2]
+ o acinclude: remove PKGCONFIG override [3]
- o curl.1: show zone index use in a URL
+ o test1531: case the size to fix the test on non-largefile builds
- o mk-ca-bundle.vbs: switch to new certdata.txt url
+ o fread_func: move callback pointer from set to state struct [4]
- o Makefile.dist: Added some missing SSPI configurations
+ o test1601: fix compilation with --enable-debug and --disable-crypto-auth
- o build: Fixed no NTLM support for email when CURL_DISABLE_HTTP is defined
+ o http2: Don't pass unitialized name+len pairs to nghttp2_submit_request [5]
- o SSH: use the port number as well for known_known checks [3]
+ o curlbuild.h: Fix non-configure compiling to mips and sh4 targets
- o libssh2: detect features based on version, not configure checks
+ o tool: Generate easysrc with last cache linked-list [6]
- o http2: Deal with HTTP/2 data inside Upgrade response header buffer [4]
+ o cmake: Fix for add_subdirectory(curl) use-case
- o multi: removed Curl_multi_set_easy_connection
+ o vtls: fix compiler warning for TLS backends without sha256
- o symbol-scan.pl: do not require autotools
+ o build: fix for MSDOS/djgpp
- o cmake: add ENABLE_THREADED_RESOLVER, rename ARES
+ o checksrc: add crude // detection
- o cmake: build libhostname for test suite
+ o http2: on_frame_recv: trust the conn/data input
- o cmake: fix HAVE_GETHOSTNAME definition
+ o ftp: allow CURLOPT_IGNORE_CONTENT_LENGTH to ignore size [11]
- o tests: fix libhostname visibility
+ o polarssl/mbedtls: fix name space pollution
- o tests: fix memleak in server/resolve.c
+ o build: Fix mingw ssl gdi32 order [12]
- o vtls.h: Fixed compiler warning when compiled without SSL
+ o build: Fix support for PKG_CONFIG
- o CMake: Restore order-dependent header checks
+ o MacOSX-Framework: sdk regex fix for sdk 10.10 and later
- o CMake: Restore order-dependent library checks
+ o socks: Fix incorrect port numbers in failed connect messages
- o tool: Removed krb4 from the supported features
+ o curl.1: -E: s/private certificate/client certificate
- o http2: Don't send Upgrade headers when we already do HTTP/2
+ o curl.h: s/HTTPPOST_/CURL_HTTPOST_ [13]
- o examples: Don't call select() to sleep on windows [6]
+ o curl_formadd: support >2GB files on windows [14]
- o win32: Updated some legacy APIs to use the newer extended versions [5]
+ o http redirects: %-encode bytes outside of ascii range [15]
- o easy.c: Fixed compilation warning when no verbose string support
+ o rawstr: Speed up Curl_raw_toupper by 40%
- o connect.c: Fixed compilation warning when no verbose string support
+ o curl_ntlm_core: fix 2 curl_off_t constant overflows.
- o build: in Makefile.m32 pass -F flag to windres
+ o getinfo: CURLINFO_ACTIVESOCKET: fix bad socket value
- o build: in Makefile.m32 add -m32 flag for 32bit
+ o tftp tests: verify sent options too
- o multi: when leaving for timeout, close accordingly
+ o imap: Don't call imap_atom() when no mailbox specified in LIST command
- o CMake: Simplify if() conditions on check result variables
+ o imap: Fixed double quote in LIST command when mailbox contains spaces
- o build: in Makefile.m32 try to detect 64bit target
+ o imap: Don't check for continuation when executing a CUSTOMREQUEST [16]
- o multi: inform about closed sockets before they are closed
+ o acinclude: Remove check for 16-bit curl_off_t
- o multi-uv.c: close the file handle after download
+ o BoringSSL: Work with stricter BIO_get_mem_data() [17]
- o examples: Wait recommended 100ms when no file descriptors are ready
+ o cmake: Add missing feature macros in config header [18]
- o ntlm: Split the SSPI based messaging code from the native messaging code
+ o sasl_sspi: fixed unicode build for digest authentication [19]
- o cmake: fix NTLM detection when CURL_DISABLE_HTTP defined
+ o sasl_sspi: fix identity memory leak in digest authentication
- o cmake: add Kerberos to the supported feature
+ o unit1602: Fixed failure in torture test
- o CURLOPT_POSTFIELDS.3: mention the COPYPOSTFIELDS option
+ o unit1603: Added unit tests for hash functions
- o http: Disable pipelining for HTTP/2 and upgraded connections
+ o vtls/openssl: remove unused traces of yassl ifdefs
- o ntlm: Fixed static'ness of local decode function
+ o openssl: remove #ifdefs for < 0.9.7 support
- o sasl: Reduced the need for two sets of NTLM messaging functions
+ o typecheck-gcc.h: add some missing options
- o multi.c: Fixed compilation warnings when no verbose string support
+ o curl: mark two more options strings for --libcurl output
- o select.c: fix compilation for VxWorks [7]
+ o openssl: Free modules on cleanup [20]
 o multi-single.c: switch to use curl_multi_wait
 o curl_multi_wait.3: clarify numfds being used if not NULL
 o http.c: Fixed compilation warnings from features being disabled
 o NSS: enable the CAPATH option [9]
 o docs: Fix FAILONERROR typos
 o HTTP: don't abort connections with pending Negotiate authentication
 o HTTP: Free (proxy)userpwd for NTLM/Negotiate after sending a request
 o http_perhapsrewind: don't abort CONNECT requests
 o build: updated dependencies in makefiles
 o multi.c: Fixed compilation warning
 o ftp.c: Fixed compilation warnings when proxy support disabled
 o get_url_file_name: Fixed crash on OOM on debug build
 o cookie.c: Refactored cleanup code to simplify
 o OS400: enable NTLM authentication
 o ntlm: Use Windows Crypt API
 o http2: avoid logging neg "failure" if h2 was not requested
 o schannel_recv: return the correct code [10]
 o VC build: added sspi define for winssl-zlib builds
 o Curl_client_write(): chop long data, convert data only once
 o openldap: do not ignore Curl_client_write() return code
 o ldap: check Curl_client_write() return codes
 o parsedate.c: Fixed compilation warning
 o url.c: Fixed compilation warning when USE_NTLM is not defined
 o ntlm_wb_response: fix "statement not reached" [11]
 o telnet: fix "cast increases required alignment of target type"
 o smtp: Fixed dot stuffing when EOL characters at end of input buffers [12]
 o ntlm: Allow NTLM2Session messages when USE_NTRESPONSES manually defined
 o ntlm: Disable NTLM v2 when 64-bit integers are not supported
 o ntlm: Use short integer when decoding 16-bit values
 o ftp.c: Fixed compilation warning when no verbose string support
 o synctime.c: fixed timeserver URLs
 o mk-ca-bundle.pl: restored forced run again
 o ntlm: Fixed return code for bad type-2 Target Info
 o curl_schannel.c: Data may be available before connection shutdown
 o curl_schannel: Improvements to memory re-allocation strategy [13]
 o darwinssl: aprintf() to allocate the session key
 o tool_util.c: Use GetTickCount64 if it is available
 o lib: Fixed multiple code analysis warnings if SAL are available
 o tool_binmode.c: Explicitly ignore the return code of setmode
 o tool_urlglob.c: Silence warning C6293: Ill-defined for-loop
 o opts: Warn CURLOPT_TIMEOUT overrides when set after CURLOPT_TIMEOUT_MS
 o SFTP: work-around servers that return zero size on STAT [14]
 o connect: singleipconnect(): properly try other address families after failure
 o IPV6: address scope != scope id [15]
 o parseurlandfillconn(): fix improper non-numeric scope_id stripping [16]
 o secureserver.pl: make OpenSSL CApath and cert absolute path values
 o secureserver.pl: update Windows detection and fix path conversion
 o secureserver.pl: clean up formatting of config and fix verbose output
 o tests: Added Windows support using Cygwin-based OpenSSH
 o sockfilt.c: use non-Ex functions that are available before WinXP
 o VMS: Updates for 0740-0D1220
 o openssl: warn for SRP set if SSLv3 is used, not for TLS version
 o openssl: make it compile against openssl 1.1.0-DEV master branch
 o openssl: fix SSL/TLS versions in verbose output
 o curl: show size of inhibited data when using -v
 o build: Removed WIN32 definition from the Visual Studio projects
 o build: Removed WIN64 definition from the libcurl Visual Studio projects
 o vtls: Use bool for Curl_ssl_getsessionid() return type
 o sockfilt.c: Replace 100ms sleep with thread throttle
 o sockfilt.c: Reduce the number of individual memory allocations
 o vtls: Don't set cert info count until memory allocation is successful
 o nss: Don't ignore Curl_ssl_init_certinfo() OOM failure
 o nss: Don't ignore Curl_extract_certinfo() OOM failure
 o vtls: Fixed compilation warning and an ignored return code
 o sockfilt.c: Fixed compilation warnings
 o darwinssl: Fixed compilation warning
 o vtls: Use '(void) arg' for unused parameters
 o sepheaders.c: Fixed resource leak on failure
 o lib1900.c: Fixed cppcheck error [17]
 o ldap: Fixed Unicode connection details in Win32 initialsation / bind calls
 o ldap: Fixed Unicode DN, attributes and filter in Win32 search calls
 This release includes the following known bugs:
@@ -149,35 +76,35 @@ This release includes the following known bugs:
 This release would not have looked like this without help, code, reports and
 advice from friends like these:
-  Andrey Labunets, Anthon Pang, Bill Nagel, Brad Harder, Brad King, Carlo Wood,
+  Anders Bakken, Dan Fandrich, Daniel Hwang, Daniel Stenberg, Dmitry S. Baikov,
-  Christian Hägele, Dan Fandrich, Daniel Stenberg, Dave Reisner, Frank Gevaerts,
+  Douglas Creager, Erik Johansson, Gisle Vanem, Javier G. Sogo, John Levon,
-  Gisle Vanem, Guenter Knauf, Jan Ehrhardt, Johan Lantz, John E. Malmberg,
+  Jonas Minnberg, Justin Ehlert, Kamil Dudka, Kang Lin, Kurt Fankhauser,
-  Jon Spencer, Julien Nabet, Kamil Dudka, Kyle J. McKay, Lucas Pardue,
+  Lauri Kasanen, Marcel Raad, Patrick Monnerat, Rainer Jung, Ray Satiro,
-  Marc Hesse, Marc Hoersken, Marc Renault, Michael Osipov, Nick Zitzmann,
+  Richard Hosking, Sebastian Pohlschmidt, Stefan Bühler, Steve Holme,
-  Nobuhiro Ban, Patrick Monnerat, Peter Wu, Ray Satiro, Sam Hurst,
+  Svyatoslav Mishyn, Tatsuhiro Tsujikawa, Tim Rühsen, xiangbin li,
-  Stefan Bühler, Stefan Neis, Steve Holme, Tae Hyoung Ahn, Tatsuhiro Tsujikawa,
+  (28 contributors)
  Tomasz Kojm, Tor Arntsen, Waldek Kozba, Warren Menzer
        Thanks! (and sorry if I forgot to mention someone)
 References to bug reports and discussions on issues:
- [1] = http://curl.haxx.se/mail/lib-2014-11/0035.html
+ [1] = http://curl.haxx.se/bug/?i=478
- [2] = http://curl.haxx.se/mail/lib-2014-11/0078.html
+ [2] = http://curl.haxx.se/bug/?i=479
- [3] = http://curl.haxx.se/bug/view.cgi?id=1448
+ [3] = http://curl.haxx.se/mail/lib-2015-10/0035.html
- [4] = https://github.com/tatsuhiro-t/nghttp2/issues/103
+ [4] = http://curl.haxx.se/bug/?i=346
- [5] = http://sourceforge.net/p/curl/feature-requests/82/
+ [5] = http://curl.haxx.se/bug/?i=493
- [6] = http://curl.haxx.se/mail/lib-2014-11/0221.html
+ [6] = http://curl.haxx.se/bug/?i=452
- [7] = http://curl.haxx.se/bug/view.cgi?id=1455
+ [7] = http://curl.haxx.se/bug/?i=496
- [8] = http://curl.haxx.se/bug/view.cgi?id=1456
+ [8] = http://curl.haxx.se/libcurl/c/CURLOPT_STREAM_DEPENDS.html
- [9] = http://curl.haxx.se/bug/view.cgi?id=1457
+ [9] = http://curl.haxx.se/libcurl/c/CURLOPT_STREAM_DEPENDS_E.html
- [10] = http://curl.haxx.se/bug/view.cgi?id=1462
+ [10] = http://curl.haxx.se/libcurl/c/CURLOPT_STREAM_WEIGHT.html
- [11] = http://curl.haxx.se/mail/lib-2014-12/0089.html
+ [11] = http://curl.haxx.se/bug/?i=480
- [12] = http://curl.haxx.se/bug/view.cgi?id=1456
+ [12] = https://github.com/bagder/curl/pull/501
- [13] = http://curl.haxx.se/bug/view.cgi?id=1450
+ [13] = http://curl.haxx.se/bug/?i=506
- [14] = http://curl.haxx.se/mail/lib-2014-12/0103.html
+ [14] = http://curl.haxx.se/bug/?i=425
- [15] = http://curl.haxx.se/bug/view.cgi?id=1451
+ [15] = http://curl.haxx.se/bug/?i=473
- [16] = http://curl.haxx.se/bug/view.cgi?id=1449
+ [16] = http://curl.haxx.se/bug/?i=486
- [17] = https://github.com/bagder/curl/pull/133
+ [17] = http://curl.haxx.se/bug/?i=524
- [18] = http://curl.haxx.se/docs/adv_20150108A.html
+ [18] = http://curl.haxx.se/bug/?i=523
- [19] = http://curl.haxx.se/docs/adv_20150108B.html
+ [19] = http://curl.haxx.se/bug/?i=525
 [20] = http://curl.haxx.se/bug/?i=526
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -1851,8 +1851,10 @@ AC_DEFUN([CURL_CHECK_FUNC_CLOCK_GETTIME_MONOTONIC], [
  AC_REQUIRE([AC_HEADER_TIME])dnl
  AC_CHECK_HEADERS(sys/types.h sys/time.h time.h)
  AC_MSG_CHECKING([for monotonic clock_gettime])
-  AC_COMPILE_IFELSE([
+  #
-    AC_LANG_PROGRAM([[
+  if test "x$dontwant_rt" == "xno" ; then
    AC_COMPILE_IFELSE([
      AC_LANG_PROGRAM([[
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
 #endif
@@ -1866,17 +1868,18 @@ AC_DEFUN([CURL_CHECK_FUNC_CLOCK_GETTIME_MONOTONIC], [
 #include <time.h>
 #endif
 #endif
-    ]],[[
+      ]],[[
-      struct timespec ts;
+        struct timespec ts;
-      (void)clock_gettime(CLOCK_MONOTONIC, &ts);
+        (void)clock_gettime(CLOCK_MONOTONIC, &ts);
-    ]])
+      ]])
-  ],[
+    ],[
-    AC_MSG_RESULT([yes])
+      AC_MSG_RESULT([yes])
-    ac_cv_func_clock_gettime="yes"
+      ac_cv_func_clock_gettime="yes"
-  ],[
+    ],[
-    AC_MSG_RESULT([no])
+      AC_MSG_RESULT([no])
-    ac_cv_func_clock_gettime="no"
+      ac_cv_func_clock_gettime="no"
-  ])
+    ])
  fi
  dnl Definition of HAVE_CLOCK_GETTIME_MONOTONIC is intentionally postponed
  dnl until library linking and run-time checks for clock_gettime succeed.
 ])
@@ -2452,23 +2455,6 @@ AC_DEFUN([CURL_CHECK_FUNC_SELECT], [
 ])
 # This is only a temporary fix. This macro is here to replace the broken one
 # delivered by the automake project (including the 1.9.6 release). As soon as
 # they ship a working version we SHOULD remove this work-around.
 AC_DEFUN([AM_MISSING_HAS_RUN],
 [AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
 test x"${MISSING+set}" = xset || MISSING="\${SHELL} \"$am_aux_dir/missing\""
 # Use eval to expand $SHELL
 if eval "$MISSING --run true"; then
  am_missing_run="$MISSING --run "
 else
  am_missing_run=
  AC_MSG_WARN([`missing' script is too old or missing])
 fi
 ])
 dnl CURL_VERIFY_RUNTIMELIBS
 dnl -------------------------------------------------
 dnl Verify that the shared libs found so far can be used when running
@@ -2607,15 +2593,16 @@ AC_HELP_STRING([--without-ca-path], [Don't use a default CA path]),
  if test "x$want_ca" != "xno" -a "x$want_ca" != "xunset" -a \
          "x$want_capath" != "xno" -a "x$want_capath" != "xunset"; then
    dnl both given
-    AC_MSG_ERROR([Can't specify both --with-ca-bundle and --with-ca-path.])
+    ca="$want_ca"
    capath="$want_capath"
  elif test "x$want_ca" != "xno" -a "x$want_ca" != "xunset"; then
    dnl --with-ca-bundle given
    ca="$want_ca"
    capath="no"
  elif test "x$want_capath" != "xno" -a "x$want_capath" != "xunset"; then
    dnl --with-ca-path given
-    if test "x$OPENSSL_ENABLED" != "x1" -a "x$POLARSSL_ENABLED" != "x1"; then
+    if test "x$OPENSSL_ENABLED" != "x1" -a "x$GNUTLS_ENABLED" != "x1" -a "x$POLARSSL_ENABLED" != "x1"; then
-      AC_MSG_ERROR([--with-ca-path only works with openSSL or PolarSSL])
+      AC_MSG_ERROR([--with-ca-path only works with OpenSSL, GnuTLS or PolarSSL])
    fi
    capath="$want_capath"
    ca="no"
@@ -2669,11 +2656,13 @@ AC_HELP_STRING([--without-ca-path], [Don't use a default CA path]),
    AC_DEFINE_UNQUOTED(CURL_CA_BUNDLE, "$ca", [Location of default ca bundle])
    AC_SUBST(CURL_CA_BUNDLE)
    AC_MSG_RESULT([$ca])
-  elif test "x$capath" != "xno"; then
+  fi
  if test "x$capath" != "xno"; then
    CURL_CA_PATH="\"$capath\""
    AC_DEFINE_UNQUOTED(CURL_CA_PATH, "$capath", [Location of default ca path])
    AC_MSG_RESULT([$capath (capath)])
-  else
+  fi
  if test "x$ca" = "xno" && test "x$capath" = "xno"; then
    AC_MSG_RESULT([no])
  fi
 ])
@@ -2848,7 +2837,6 @@ AC_DEFUN([CURL_CONFIGURE_CURL_OFF_T], [
  #
  x_LP64_long=""
  x_LP32_long=""
  x_LP16_long=""
  #
  if test "$ac_cv_sizeof_long" -eq "8" &&
     test "$ac_cv_sizeof_voidp" -ge "8"; then
@@ -2856,9 +2844,6 @@ AC_DEFUN([CURL_CONFIGURE_CURL_OFF_T], [
  elif test "$ac_cv_sizeof_long" -eq "4" &&
       test "$ac_cv_sizeof_voidp" -ge "4"; then
    x_LP32_long="long"
  elif test "$ac_cv_sizeof_long" -eq "2" &&
       test "$ac_cv_sizeof_voidp" -ge "2"; then
    x_LP16_long="long"
  fi
  #
  dnl DO_CURL_OFF_T_CHECK results are stored in next 3 vars
@@ -2892,17 +2877,6 @@ AC_DEFUN([CURL_CONFIGURE_CURL_OFF_T], [
    done
    AC_MSG_RESULT([$curl_typeof_curl_off_t])
  fi
  if test "$curl_typeof_curl_off_t" = "unknown"; then
    AC_MSG_CHECKING([for 16-bit curl_off_t data type])
    for t2 in          \
      "$x_LP16_long"   \
      'int16_t'        \
      '__int16'        \
      'int'            ; do
      DO_CURL_OFF_T_CHECK([$t2], [2])
    done
    AC_MSG_RESULT([$curl_typeof_curl_off_t])
  fi
  if test "$curl_typeof_curl_off_t" = "unknown"; then
    AC_MSG_ERROR([cannot find data type for curl_off_t.])
  fi
@@ -3063,12 +3037,14 @@ dnl Optionally PKG_CONFIG_LIBDIR may be given as $pcdir.
 dnl
 AC_DEFUN([CURL_CHECK_PKGCONFIG], [
    if test -n "$PKG_CONFIG"; then
      PKGCONFIG="$PKG_CONFIG"
    else
      AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no],
        [$PATH:/usr/bin:/usr/local/bin])
    fi
-    PKGCONFIG="no"
+    if test "x$PKGCONFIG" != "xno"; then
    AC_PATH_TOOL( PKGCONFIG, pkg-config, no, $PATH:/usr/bin:/usr/local/bin)
    if test x$PKGCONFIG != xno; then
      AC_MSG_CHECKING([for $1 options with pkg-config])
      dnl ask pkg-config about $1
      itexists=`CURL_EXPORT_PCDIR([$2]) dnl
--- a/appveyor.yml
+++ b/appveyor.yml
@@ -0,0 +1,19 @@
 version: 7.45.0.{build}
 environment:
    matrix:
      - PRJ_GEN: "Visual Studio 11 2012 Win64"
        BDIR: msvc2012
        PRJ_CFG: Release
      - PRJ_GEN: "Visual Studio 12 2013 Win64"
        BDIR: msvc2013
        PRJ_CFG: Release
      - PRJ_GEN: "Visual Studio 14 2015 Win64"
        BDIR: msvc2015
        PRJ_CFG: Release
 build_script:
    - mkdir build.%BDIR%
    - cd build.%BDIR%
    - cmake .. -G"%PRJ_GEN%"
    - cmake --build . --config %PRJ_CFG% --clean-first
--- a/4
+++ b/4
@@ -318,6 +318,8 @@ for fname in .deps \
    ltsugar.m4 \
    ltversion.m4 \
    lt~obsolete.m4 \
    missing \
    install-sh \
    stamp-h1 \
    stamp-h2 \
    stamp-h3 ; do
@@ -329,7 +331,7 @@ done
 #
 echo "buildconf: running libtoolize"
-${libtoolize} --copy --automake --force || die "libtoolize command failed"
+${libtoolize} --copy --force || die "libtoolize command failed"
 # When using libtool 1.5.X (X < 26) we copy libtool.m4 to our local m4
 # subdirectory and this local copy is patched to fix some warnings that
--- a/buildconf.bat
+++ b/buildconf.bat
@@ -1,38 +1,352 @@
@echo off
-REM
+rem ***************************************************************************
-REM
+rem *                                  _   _ ____  _
-REM This batch file must be used to set up a git tree to build on
+rem *  Project                     ___| | | |  _ \| |
-REM systems where there is no autotools support (i.e. Microsoft).
+rem *                             / __| | | | |_) | |
-REM
+rem *                            | (__| |_| |  _ <| |___
-REM This file is not included nor needed for curl's release
+rem *                             \___|\___/|_| \_\_____|
-REM archives, neither for curl's daily snapshot archives.
+rem *
 rem * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 rem *
 rem * This software is licensed as described in the file COPYING, which
 rem * you should have received as part of this distribution. The terms
 rem * are also available at http://curl.haxx.se/docs/copyright.html.
 rem *
 rem * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 rem * copies of the Software, and permit persons to whom the Software is
 rem * furnished to do so, under the terms of the COPYING file.
 rem *
 rem * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 rem * KIND, either express or implied.
 rem *
 rem ***************************************************************************
-if exist GIT-INFO goto start_doing
+rem NOTES
-ECHO ERROR: This file shall only be used with a curl git tree checkout.
+rem
-goto end_all
+rem This batch file must be used to set up a git tree to build on systems where
-:start_doing
+rem there is no autotools support (i.e. DOS and Windows).
 rem
 rem This file is not included or required for curl's release archives or daily 
 rem snapshot archives.
-REM create tool_hugehelp.c
+:begin
-if not exist src\tool_hugehelp.c.cvs goto end_hugehelp_c
+  rem Set our variables
-copy /Y src\tool_hugehelp.c.cvs src\tool_hugehelp.c
+  if "%OS%" == "Windows_NT" setlocal
-:end_hugehelp_c
+  set MODE=GENERATE
-REM create Makefile
+  rem Switch to this batch file's directory
-if not exist Makefile.dist goto end_makefile
+  cd /d "%~0\.." 1>NUL 2>&1
 copy /Y Makefile.dist Makefile
 :end_makefile
-REM create curlbuild.h
+  rem Check we are running from a curl git repository
-if not exist include\curl\curlbuild.h.dist goto end_curlbuild_h
+  if not exist GIT-INFO goto norepo
 copy /Y include\curl\curlbuild.h.dist include\curl\curlbuild.h
 :end_curlbuild_h
-REM setup c-ares git tree
+  rem Detect programs. HAVE_<PROGNAME>
-if not exist ares\buildconf.bat goto end_c_ares
+  rem When not found the variable is set undefined. The undefined pattern
-cd ares
+  rem allows for statements like "if not defined HAVE_PERL (command)"
-call buildconf.bat
+  groff --version <NUL 1>NUL 2>&1
-cd ..
+  if errorlevel 1 (set HAVE_GROFF=) else (set HAVE_GROFF=Y)
-:end_c_ares
+  nroff --version <NUL 1>NUL 2>&1
  if errorlevel 1 (set HAVE_NROFF=) else (set HAVE_NROFF=Y)
  perl --version <NUL 1>NUL 2>&1
  if errorlevel 1 (set HAVE_PERL=) else (set HAVE_PERL=Y)
  gzip --version <NUL 1>NUL 2>&1
  if errorlevel 1 (set HAVE_GZIP=) else (set HAVE_GZIP=Y)
-:end_all
+:parseArgs
  if "%~1" == "" goto start
  if /i "%~1" == "-clean" (
    set MODE=CLEAN
  ) else if /i "%~1" == "-?" (
    goto syntax
  ) else if /i "%~1" == "-h" (
    goto syntax
  ) else if /i "%~1" == "-help" (
    goto syntax
  ) else (
    goto unknown
  )
  shift & goto parseArgs
 :start
  if "%MODE%" == "GENERATE" (
    echo.
    echo Generating prerequisite files
    call :generate
    if errorlevel 4 goto nogencurlbuild
    if errorlevel 3 goto nogenhugehelp
    if errorlevel 2 goto nogenmakefile
    if errorlevel 1 goto warning
  ) else (
    echo.
    echo Removing prerequisite files
    call :clean
    if errorlevel 3 goto nocleancurlbuild
    if errorlevel 2 goto nocleanhugehelp
    if errorlevel 1 goto nocleanmakefile
  )
  goto success
 rem Main generate function.
 rem
 rem Returns:
 rem
 rem 0 - success
 rem 1 - success with simplified tool_hugehelp.c 
 rem 2 - failed to generate Makefile
 rem 3 - failed to generate tool_hugehelp.c
 rem 4 - failed to generate curlbuild.h
 rem
 :generate
  if "%OS%" == "Windows_NT" setlocal
  set BASIC_HUGEHELP=0
  rem Create Makefile
  echo * %CD%\Makefile
  if exist Makefile.dist (
    copy /Y Makefile.dist Makefile 1>NUL 2>&1
    if errorlevel 1 (
      if "%OS%" == "Windows_NT" endlocal
      exit /B 2
    )
  )
  rem Create tool_hugehelp.c
  echo * %CD%\src\tool_hugehelp.c
  call :genHugeHelp
  if errorlevel 2 (
    if "%OS%" == "Windows_NT" endlocal
    exit /B 3
  )
  if errorlevel 1 (
    set BASIC_HUGEHELP=1
  )
  cmd /c exit 0
  rem Create curlbuild.h
  echo * %CD%\include\curl\curlbuild.h
  if exist include\curl\curlbuild.h.dist (
    copy /Y include\curl\curlbuild.h.dist include\curl\curlbuild.h 1>NUL 2>&1
    if errorlevel 1 (
      if "%OS%" == "Windows_NT" endlocal
      exit /B 4
    )
  )
  rem Setup c-ares git tree
  if exist ares\buildconf.bat (
    echo.
    echo Configuring c-ares build environment
    cd ares
    call buildconf.bat
    cd ..
  )
  if "%BASIC_HUGEHELP%" == "1" (
    if "%OS%" == "Windows_NT" endlocal
    exit /B 1
  )
  if "%OS%" == "Windows_NT" endlocal
  exit /B 0
 rem Main clean function.
 rem
 rem Returns:
 rem
 rem 0 - success
 rem 1 - failed to clean Makefile
 rem 2 - failed to clean tool_hugehelp.c
 rem 3 - failed to clean curlbuild.h
 rem
 :clean
  rem Remove Makefile
  echo * %CD%\Makefile
  if exist Makefile (
    del Makefile 2>NUL
    if exist Makefile (
      exit /B 1
    )
  )
  rem Remove tool_hugehelp.c
  echo * %CD%\src\tool_hugehelp.c
  if exist src\tool_hugehelp.c (
    del src\tool_hugehelp.c 2>NUL
    if exist src\tool_hugehelp.c (
      exit /B 2
    )
  )
  rem Remove curlbuild.h
  echo * %CD%\include\curl\curlbuild.h
  if exist include\curl\curlbuild.h (
    del include\curl\curlbuild.h 2>NUL
    if exist include\curl\curlbuild.h (
      exit /B 3
    )
  )
  exit /B
 rem Function to generate src\tool_hugehelp.c
 rem
 rem Returns:
 rem
 rem 0 - full tool_hugehelp.c generated
 rem 1 - simplified tool_hugehelp.c
 rem 2 - failure
 rem
 :genHugeHelp
  if "%OS%" == "Windows_NT" setlocal
  set LC_ALL=C
  set ROFFCMD=
  set BASIC=1
  if defined HAVE_PERL (
    if defined HAVE_GROFF (
      set ROFFCMD=groff -mtty-char -Tascii -P-c -man
    ) else if defined HAVE_NROFF (
      set ROFFCMD=nroff -c -Tascii -man
    )
  )
  if defined ROFFCMD (
    echo #include "tool_setup.h"> src\tool_hugehelp.c
    echo #include "tool_hugehelp.h">> src\tool_hugehelp.c 
    if defined HAVE_GZIP (
      echo #ifndef HAVE_LIBZ>> src\tool_hugehelp.c
    )
    %ROFFCMD% docs\curl.1 2>NUL | perl src\mkhelp.pl docs\MANUAL >> src\tool_hugehelp.c
    if defined HAVE_GZIP (
      echo #else>> src\tool_hugehelp.c
      %ROFFCMD% docs\curl.1 2>NUL | perl src\mkhelp.pl -c docs\MANUAL >> src\tool_hugehelp.c
      echo #endif /^* HAVE_LIBZ ^*/>> src\tool_hugehelp.c
    )
    set BASIC=0
  ) else (
    if exist src\tool_hugehelp.c.cvs (
      copy /Y src\tool_hugehelp.c.cvs src\tool_hugehelp.c 1>NUL 2>&1
    ) else (
      echo #include "tool_setup.h"> src\tool_hugehelp.c
      echo #include "tool_hugehelp.hd">> src\tool_hugehelp.c
      echo.>> src\tool_hugehelp.c
      echo void hugehelp(void^)>> src\tool_hugehelp.c
      echo {>> src\tool_hugehelp.c
      echo #ifdef USE_MANUAL>> src\tool_hugehelp.c
      echo   fputs("Built-in manual not included\n", stdout^);>> src\tool_hugehelp.c
      echo #endif>> src\tool_hugehelp.c
      echo }>> src\tool_hugehelp.c
    )
  )
  findstr "/C:void hugehelp(void)" src\tool_hugehelp.c 1>NUL 2>&1
  if errorlevel 1 (
    if "%OS%" == "Windows_NT" endlocal
    exit /B 2
  )
  if "%BASIC%" == "1" (
    if "%OS%" == "Windows_NT" endlocal
    exit /B 1
  )
  if "%OS%" == "Windows_NT" endlocal
  exit /B 0
 rem Function to clean-up local variables under DOS, Windows 3.x and
 rem Windows 9x as setlocal isn't available until Windows NT
 rem
 :dosCleanup
  set MODE=
  set HAVE_GROFF=
  set HAVE_NROFF=
  set HAVE_PERL=
  set HAVE_GZIP=
  set BASIC_HUGEHELP=
  set LC_ALL
  set ROFFCMD=
  set BASIC=
  exit /B
 :syntax
  rem Display the help
  echo.
  echo Usage: buildconf [-clean]
  echo.
  echo -clean    - Removes the files
  goto error
 :unknown
  echo.
  echo Error: Unknown argument '%1'
  goto error
 :norepo
  echo.
  echo Error: This batch file should only be used with a curl git repository
  goto error
 :nogenmakefile
  echo.
  echo Error: Unable to generate Makefile
  goto error
 :nogenhugehelp
  echo.
  echo Error: Unable to generate src\tool_hugehelp.c
  goto error
 :nogencurlbuild
  echo.
  echo Error: Unable to generate include\curl\curlbuild.h
  goto error
 :nocleanmakefile
  echo.
  echo Error: Unable to clean Makefile
  goto error
 :nocleanhugehelp
  echo.
  echo Error: Unable to clean src\tool_hugehelp.c
  goto error
 :nocleancurlbuild
  echo.
  echo Error: Unable to clean include\curl\curlbuild.h
  goto error
 :warning
  echo.
  echo Warning: The curl manual could not be integrated in the source. This means when
  echo you build curl the manual will not be available (curl --man^). Integration of
  echo the manual is not required and a summary of the options will still be available
  echo (curl --help^). To integrate the manual your PATH is required to have
  echo groff/nroff, perl and optionally gzip for compression.
  goto success
 :error
  if "%OS%" == "Windows_NT" (
    endlocal
  ) else (
    call :dosCleanup
  )
  exit /B 1
 :success
  if "%OS%" == "Windows_NT" (
    endlocal
  ) else (
    call :dosCleanup
  )
  exit /B 0
--- a/configure.ac
+++ b/configure.ac
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -39,6 +39,7 @@ AC_CONFIG_SRCDIR([lib/urldata.h])
 AC_CONFIG_HEADERS(lib/curl_config.h include/curl/curlbuild.h)
 AC_CONFIG_MACRO_DIR([m4])
 AM_MAINTAINER_MODE
 m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
 CURL_CHECK_OPTION_DEBUG
 CURL_CHECK_OPTION_OPTIMIZE
@@ -47,6 +48,7 @@ CURL_CHECK_OPTION_WERROR
 CURL_CHECK_OPTION_CURLDEBUG
 CURL_CHECK_OPTION_SYMBOL_HIDING
 CURL_CHECK_OPTION_ARES
 CURL_CHECK_OPTION_RT
 XC_CHECK_PATH_SEPARATOR
@@ -147,7 +149,7 @@ AC_SUBST(PKGADD_VENDOR)
 dnl
 dnl initialize all the info variables
-    curl_ssl_msg="no      (--with-{ssl,gnutls,nss,polarssl,cyassl,axtls,winssl,darwinssl} )"
+    curl_ssl_msg="no      (--with-{ssl,gnutls,nss,polarssl,mbedtls,cyassl,axtls,winssl,darwinssl} )"
    curl_ssh_msg="no      (--with-libssh2)"
   curl_zlib_msg="no      (--with-zlib)"
    curl_gss_msg="no      (--with-gssapi)"
@@ -165,6 +167,7 @@ curl_verbose_msg="enabled (--disable-verbose)"
   curl_rtsp_msg="no      (--enable-rtsp)"
   curl_rtmp_msg="no      (--with-librtmp)"
  curl_mtlnk_msg="no      (--with-libmetalink)"
    curl_psl_msg="no      (--with-libpsl)"
    init_ssl_msg=${curl_ssl_msg}
@@ -1046,7 +1049,7 @@ if test x$CURL_DISABLE_LDAP != x1 ; then
  if test "$LDAPLIBNAME" = "wldap32"; then
    curl_ldap_msg="enabled (winldap)"
-    AC_DEFINE(CURL_LDAP_WIN, 1, [Use Windows LDAP implementation])
+    AC_DEFINE(USE_WIN32_LDAP, 1, [Use Windows LDAP implementation])
  else
    curl_ldap_msg="enabled (OpenLDAP)"
    if test "x$ac_cv_func_ldap_init_fd" = "xyes"; then
@@ -1184,6 +1187,8 @@ AC_ARG_WITH(gssapi,
  fi
 ])
 : ${KRB5CONFIG:="$GSSAPI_ROOT/bin/krb5-config"}
 save_CPPFLAGS="$CPPFLAGS"
 AC_MSG_CHECKING([if GSS-API support is requested])
 if test x"$want_gss" = xyes; then
@@ -1192,8 +1197,8 @@ if test x"$want_gss" = xyes; then
  if test -z "$GSSAPI_INCS"; then
     if test -n "$host_alias" -a -f "$GSSAPI_ROOT/bin/$host_alias-krb5-config"; then
        GSSAPI_INCS=`$GSSAPI_ROOT/bin/$host_alias-krb5-config --cflags gssapi`
-     elif test -f "$GSSAPI_ROOT/bin/krb5-config"; then
+     elif test -f "$KRB5CONFIG"; then
-        GSSAPI_INCS=`$GSSAPI_ROOT/bin/krb5-config --cflags gssapi`
+        GSSAPI_INCS=`$KRB5CONFIG --cflags gssapi`
     elif test "$GSSAPI_ROOT" != "yes"; then
        GSSAPI_INCS="-I$GSSAPI_ROOT/include"
     fi
@@ -1283,10 +1288,10 @@ if test x"$want_gss" = xyes; then
           dnl into LIBS
           gss_libs=`$GSSAPI_ROOT/bin/$host_alias-krb5-config --libs gssapi`
           LIBS="$gss_libs $LIBS"
-        elif test -f "$GSSAPI_ROOT/bin/krb5-config"; then
+        elif test -f "$KRB5CONFIG"; then
           dnl krb5-config doesn't have --libs-only-L or similar, put everything
           dnl into LIBS
-           gss_libs=`$GSSAPI_ROOT/bin/krb5-config --libs gssapi`
+           gss_libs=`$KRB5CONFIG --libs gssapi`
           LIBS="$gss_libs $LIBS"
        else
           case $host in
@@ -1394,6 +1399,24 @@ if test "$curl_ssl_msg" = "$init_ssl_msg" && test X"$OPT_SSL" != Xno; then
  CLEANCPPFLAGS="$CPPFLAGS"
  CLEANLIBS="$LIBS"
  dnl This is for Msys/Mingw
  case $host in
    *-*-msys* | *-*-mingw*)
      AC_MSG_CHECKING([for gdi32])
      my_ac_save_LIBS=$LIBS
      LIBS="-lgdi32 $LIBS"
      AC_TRY_LINK([#include <windef.h>
                   #include <wingdi.h>],
                   [GdiFlush();],
                   [ dnl worked!
                   AC_MSG_RESULT([yes])],
                   [ dnl failed, restore LIBS
                   LIBS=$my_ac_save_LIBS
                   AC_MSG_RESULT(no)]
                  )
      ;;
  esac
  case "$OPT_SSL" in
  yes)
    dnl --with-ssl (without path) used
@@ -1451,6 +1474,7 @@ if test "$curl_ssl_msg" = "$init_ssl_msg" && test X"$OPT_SSL" != Xno; then
      SSL_CPPFLAGS=`CURL_EXPORT_PCDIR([$OPENSSL_PCDIR]) dnl
        $PKGCONFIG --cflags-only-I openssl 2>/dev/null`
      AC_SUBST(SSL_LIBS)
      AC_MSG_NOTICE([pkg-config: SSL_LIBS: "$SSL_LIBS"])
      AC_MSG_NOTICE([pkg-config: SSL_LDFLAGS: "$SSL_LDFLAGS"])
      AC_MSG_NOTICE([pkg-config: SSL_CPPFLAGS: "$SSL_CPPFLAGS"])
@@ -1471,31 +1495,13 @@ if test "$curl_ssl_msg" = "$init_ssl_msg" && test X"$OPT_SSL" != Xno; then
  CPPFLAGS="$CPPFLAGS $SSL_CPPFLAGS"
  LDFLAGS="$LDFLAGS $SSL_LDFLAGS"
-  dnl This is for Msys/Mingw
+  AC_CHECK_LIB(crypto, HMAC_Update,[
  case $host in
    *-*-msys* | *-*-mingw*)
      AC_MSG_CHECKING([for gdi32])
      my_ac_save_LIBS=$LIBS
      LIBS="-lgdi32 $LIBS"
      AC_TRY_LINK([#include <windef.h>
                   #include <wingdi.h>],
                   [GdiFlush();],
                   [ dnl worked!
                   AC_MSG_RESULT([yes])],
                   [ dnl failed, restore LIBS
                   LIBS=$my_ac_save_LIBS
                   AC_MSG_RESULT(no)]
                  )
      ;;
  esac
  AC_CHECK_LIB(crypto, CRYPTO_lock,[
     HAVECRYPTO="yes"
     LIBS="-lcrypto $LIBS"
     ],[
     LDFLAGS="$CLEANLDFLAGS -L$LIB_OPENSSL"
     CPPFLAGS="$CLEANCPPFLAGS -I$PREFIX_OPENSSL/include/openssl -I$PREFIX_OPENSSL/include"
-     AC_CHECK_LIB(crypto, CRYPTO_add_lock,[
+     AC_CHECK_LIB(crypto, HMAC_Init_ex,[
       HAVECRYPTO="yes"
       LIBS="-lcrypto $LIBS"], [
       LDFLAGS="$CLEANLDFLAGS"
@@ -1505,6 +1511,46 @@ if test "$curl_ssl_msg" = "$init_ssl_msg" && test X"$OPT_SSL" != Xno; then
    ])
  if test X"$HAVECRYPTO" = X"yes"; then
     AC_MSG_CHECKING([OpenSSL linking without -ldl])
     saved_libs=$LIBS
     AC_TRY_LINK(
        [
          #include <openssl/evp.h>
        ],
        [
          SSLeay_add_all_algorithms();
        ],
        [
          AC_MSG_RESULT(yes)
          LIBS="$saved_libs"
        ],
        [
          AC_MSG_RESULT(no)
          AC_MSG_CHECKING([OpenSSL linking with -ldl])
          LIBS="-ldl $LIBS"
          AC_TRY_LINK(
          [
            #include <openssl/evp.h>
          ],
          [
            SSLeay_add_all_algorithms();
          ],
          [
            AC_MSG_RESULT(yes)
            LIBS="$saved_libs -ldl"
          ],
          [
            AC_MSG_RESULT(no)
            LIBS="$saved_libs"
          ]
          )
        ]
     )
  fi
  if test X"$HAVECRYPTO" = X"yes"; then
    dnl This is only reasonable to do if crypto actually is there: check for
    dnl SSL libs NOTE: it is important to do this AFTER the crypto lib
@@ -1527,7 +1573,7 @@ if test "$curl_ssl_msg" = "$init_ssl_msg" && test X"$OPT_SSL" != Xno; then
    else
-      dnl Have the libraries--check for SSLeay/OpenSSL headers
+      dnl Have the libraries--check for OpenSSL headers
      AC_CHECK_HEADERS(openssl/x509.h openssl/rsa.h openssl/crypto.h \
                       openssl/pem.h openssl/ssl.h openssl/err.h,
        curl_ssl_msg="enabled (OpenSSL)"
@@ -1551,17 +1597,11 @@ if test "$curl_ssl_msg" = "$init_ssl_msg" && test X"$OPT_SSL" != Xno; then
    fi
    if test X"$OPENSSL_ENABLED" = X"1"; then
       AC_DEFINE(USE_SSLEAY, 1, [if SSL is enabled])
       dnl is there a pkcs12.h header present?
       AC_CHECK_HEADERS(openssl/pkcs12.h)
    else
       LIBS="$CLEANLIBS"
    fi
    dnl USE_SSLEAY is the historical name for what configure calls
    dnl OPENSSL_ENABLED; the names should really be unified
    USE_SSLEAY="$OPENSSL_ENABLED"
    AC_SUBST(USE_SSLEAY)
    if test X"$OPT_SSL" != Xoff &&
       test "$OPENSSL_ENABLED" != "1"; then
@@ -1578,8 +1618,12 @@ if test "$curl_ssl_msg" = "$init_ssl_msg" && test X"$OPT_SSL" != Xno; then
                AC_CHECK_FUNCS( ENGINE_load_builtin_engines )
              ])
-    dnl these can only exist if openssl exists
+    dnl These can only exist if OpenSSL exists
-    dnl yassl doesn't have SSL_get_shutdown
+    dnl Older versions of Cyassl (some time before 2.9.4) don't have
    dnl SSL_get_shutdown (but this check won't actually detect it there
    dnl as it's a macro that needs the header files be included)
    dnl BoringSSL didn't have DES_set_odd_parity for a while but now it is
    dnl back again.
    AC_CHECK_FUNCS( RAND_status \
                    RAND_screen \
@@ -1587,28 +1631,38 @@ if test "$curl_ssl_msg" = "$init_ssl_msg" && test X"$OPT_SSL" != Xno; then
                    ENGINE_cleanup \
                    CRYPTO_cleanup_all_ex_data \
                    SSL_get_shutdown \
-                    SSLv2_client_method )
+                    SSLv2_client_method \
                    DES_set_odd_parity )
-    dnl Make an attempt to detect if this is actually yassl's headers and
+    AC_MSG_CHECKING([for BoringSSL])
-    dnl OpenSSL emulation layer. We still leave everything else believing
+    AC_COMPILE_IFELSE([
-    dnl and acting like OpenSSL.
+        AC_LANG_PROGRAM([[
                #include <openssl/base.h>
                ]],[[
                #ifndef OPENSSL_IS_BORINGSSL
                #error not boringssl
                #endif
       ]])
    ],[
        AC_MSG_RESULT([yes])
        AC_DEFINE_UNQUOTED(HAVE_BORINGSSL, 1,
                           [Define to 1 if using BoringSSL.])
    ],[
        AC_MSG_RESULT([no])
    ])
-    AC_MSG_CHECKING([for yaSSL using OpenSSL compatibility mode])
+    AC_MSG_CHECKING([for libressl])
    AC_COMPILE_IFELSE([
      AC_LANG_PROGRAM([[
-#include <openssl/ssl.h>
+#include <openssl/opensslv.h>
      ]],[[
-#if defined(YASSL_VERSION) && defined(OPENSSL_VERSION_NUMBER)
+        int dummy = LIBRESSL_VERSION_NUMBER;
        int dummy = SSL_ERROR_NONE;
 #else
        Not the yaSSL OpenSSL compatibility header.
 #endif
      ]])
    ],[
      AC_MSG_RESULT([yes])
-      AC_DEFINE_UNQUOTED(USE_YASSLEMUL, 1,
+      AC_DEFINE_UNQUOTED(HAVE_LIBRESSL, 1,
-        [Define to 1 if using yaSSL in OpenSSL compatibility mode.])
+        [Define to 1 if using libressl.])
-      curl_ssl_msg="enabled (OpenSSL emulation by yaSSL)"
+      curl_ssl_msg="enabled (libressl)"
    ],[
      AC_MSG_RESULT([no])
    ])
@@ -1672,8 +1726,8 @@ dnl ---
 if test "$OPENSSL_ENABLED" = "1"; then
  AC_CHECK_LIB(crypto, SRP_Calc_client_key,
   [
-     AC_DEFINE(HAVE_SSLEAY_SRP, 1, [if you have the function SRP_Calc_client_key])
+     AC_DEFINE(HAVE_OPENSSL_SRP, 1, [if you have the function SRP_Calc_client_key])
-     AC_SUBST(HAVE_SSLEAY_SRP, [1])
+     AC_SUBST(HAVE_OPENSSL_SRP, [1])
   ])
 fi
@@ -1784,6 +1838,7 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
            AC_MSG_NOTICE([Added $gtlslib to LD_LIBRARY_PATH])
          fi
        fi
        AC_CHECK_FUNCS(gnutls_certificate_set_x509_key_file2)
      fi
    fi
@@ -1921,6 +1976,93 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
 fi
 dnl ----------------------------------------------------
 dnl check for mbedTLS
 dnl ----------------------------------------------------
 OPT_MBEDTLS=no
 _cppflags=$CPPFLAGS
 _ldflags=$LDFLAGS
 AC_ARG_WITH(mbedtls,dnl
 AC_HELP_STRING([--with-mbedtls=PATH],[where to look for mbedTLS, PATH points to the installation root])
 AC_HELP_STRING([--without-mbedtls], [disable mbedTLS detection]),
  OPT_MBEDTLS=$withval)
 if test "$curl_ssl_msg" = "$init_ssl_msg"; then
  if test X"$OPT_MBEDTLS" != Xno; then
    if test "$OPT_MBEDTLS" = "yes"; then
      OPT_MBEDTLS=""
    fi
    if test -z "$OPT_MBEDTLS" ; then
      dnl check for lib first without setting any new path
      AC_CHECK_LIB(mbedtls, mbedtls_havege_init,
      dnl libmbedtls found, set the variable
       [
         AC_DEFINE(USE_MBEDTLS, 1, [if mbedTLS is enabled])
         AC_SUBST(USE_MBEDTLS, [1])
         MBEDTLS_ENABLED=1
         USE_MBEDTLS="yes"
         curl_ssl_msg="enabled (mbedTLS)"
        ], [], -lmbedx509 -lmbedcrypto)
    fi
    addld=""
    addlib=""
    addcflags=""
    mbedtlslib=""
    if test "x$USE_MBEDTLS" != "xyes"; then
      dnl add the path and test again
      addld=-L$OPT_MBEDTLS/lib$libsuff
      addcflags=-I$OPT_MBEDTLS/include
      mbedtlslib=$OPT_MBEDTLS/lib$libsuff
      LDFLAGS="$LDFLAGS $addld"
      if test "$addcflags" != "-I/usr/include"; then
         CPPFLAGS="$CPPFLAGS $addcflags"
      fi
      AC_CHECK_LIB(mbedtls, mbedtls_ssl_init,
       [
       AC_DEFINE(USE_MBEDTLS, 1, [if mbedTLS is enabled])
       AC_SUBST(USE_MBEDTLS, [1])
       MBEDTLS_ENABLED=1
       USE_MBEDTLS="yes"
       curl_ssl_msg="enabled (mbedTLS)"
       ],
       [
         CPPFLAGS=$_cppflags
         LDFLAGS=$_ldflags
       ], -lmbedx509 -lmbedcrypto)
    fi
    if test "x$USE_MBEDTLS" = "xyes"; then
      AC_MSG_NOTICE([detected mbedTLS])
      LIBS="-lmbedtls -lmbedx509 -lmbedcrypto $LIBS"
      if test -n "$mbedtlslib"; then
        dnl when shared libs were found in a path that the run-time
        dnl linker doesn't search through, we need to add it to
        dnl LD_LIBRARY_PATH to prevent further configure tests to fail
        dnl due to this
        if test "x$cross_compiling" != "xyes"; then
          LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$mbedtlslib"
          export LD_LIBRARY_PATH
          AC_MSG_NOTICE([Added $mbedtlslib to LD_LIBRARY_PATH])
        fi
      fi
    fi
  fi dnl mbedTLS not disabled
 fi
 dnl ----------------------------------------------------
 dnl check for CyaSSL
 dnl ----------------------------------------------------
@@ -1943,6 +2085,10 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
      OPT_CYASSL=""
    fi
    dnl This should be reworked to use pkg-config instead
    cyassllibname=cyassl
    if test -z "$OPT_CYASSL" ; then
      dnl check for lib in system default first
@@ -1984,19 +2130,70 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
       [
         CPPFLAGS=$_cppflags
         LDFLAGS=$_ldflags
         cyassllib=""
       ])
    fi
    addld=""
    addlib=""
    addcflags=""
    if test "x$USE_CYASSL" != "xyes"; then
      dnl libcyassl renamed to libwolfssl as of 3.4.0
      addld=-L$OPT_CYASSL/lib$libsuff
      addcflags=-I$OPT_CYASSL/include
      cyassllib=$OPT_CYASSL/lib$libsuff
      LDFLAGS="$LDFLAGS $addld"
      if test "$addcflags" != "-I/usr/include"; then
         CPPFLAGS="$CPPFLAGS $addcflags"
      fi
      cyassllibname=wolfssl
      my_ac_save_LIBS="$LIBS"
      LIBS="-l$cyassllibname -lm $LIBS"
      AC_MSG_CHECKING([for CyaSSL_Init in -lwolfssl])
      AC_LINK_IFELSE([
 	AC_LANG_PROGRAM([[
 /* These aren't needed for detection and confuse WolfSSL.
   They are set up properly later if it is detected.  */
 #undef SIZEOF_LONG
 #undef SIZEOF_LONG_LONG
 #include <cyassl/ssl.h>
 	]],[[
 	  return CyaSSL_Init();
 	]])
      ],[
         AC_MSG_RESULT(yes)
         AC_DEFINE(USE_CYASSL, 1, [if CyaSSL is enabled])
         AC_SUBST(USE_CYASSL, [1])
         CYASSL_ENABLED=1
         USE_CYASSL="yes"
         curl_ssl_msg="enabled (CyaSSL)"
       ],
       [
         AC_MSG_RESULT(no)
         CPPFLAGS=$_cppflags
         LDFLAGS=$_ldflags
         cyassllib=""
       ])
      LIBS="$my_ac_save_LIBS"
    fi
    if test "x$USE_CYASSL" = "xyes"; then
      AC_MSG_NOTICE([detected CyaSSL])
      dnl cyassl/ctaocrypt/types.h needs SIZEOF_LONG_LONG defined!
      AC_CHECK_SIZEOF(long long)
      dnl Versions since at least 2.6.0 may have options.h
      AC_CHECK_HEADERS(cyassl/options.h)
      dnl Versions since at least 2.9.4 renamed error.h to error-ssl.h
      AC_CHECK_HEADERS(cyassl/error-ssl.h)
-      LIBS="-lcyassl -lm $LIBS"
+      LIBS="-l$cyassllibname -lm $LIBS"
      if test -n "$cyassllib"; then
        dnl when shared libs were found in a path that the run-time
@@ -2063,57 +2260,73 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
        fi
      fi
    else
-        # Without pkg-config, we'll kludge in some defaults
+      NSS_PCDIR="$OPT_NSS/lib/pkgconfig"
-        addlib="-L$OPT_NSS/lib -lssl3 -lsmime3 -lnss3 -lplds4 -lplc4 -lnspr4 -lpthread -ldl"
+      if test -f "$NSS_PCDIR/nss.pc"; then
-        addcflags="-I$OPT_NSS/include"
+        CURL_CHECK_PKGCONFIG(nss, [$NSS_PCDIR])
-        version="unknown"
+        if test "$PKGCONFIG" != "no" ; then
-        nssprefix=$OPT_NSS
+          addld=`CURL_EXPORT_PCDIR([$NSS_PCDIR]) $PKGCONFIG --libs-only-L nss`
-    fi
+          addlib=`CURL_EXPORT_PCDIR([$NSS_PCDIR]) $PKGCONFIG --libs-only-l nss`
-
+          addcflags=`CURL_EXPORT_PCDIR([$NSS_PCDIR]) $PKGCONFIG --cflags nss`
-    if test -n "$addlib"; then
+          version=`CURL_EXPORT_PCDIR([$NSS_PCDIR]) $PKGCONFIG --modversion nss`
-
+          nssprefix=`CURL_EXPORT_PCDIR([$NSS_PCDIR]) $PKGCONFIG --variable=prefix nss`
      CLEANLIBS="$LIBS"
      CLEANCPPFLAGS="$CPPFLAGS"
      LIBS="$addlib $LIBS"
      if test "$addcflags" != "-I/usr/include"; then
         CPPFLAGS="$CPPFLAGS $addcflags"
      fi
      dnl The function SSL_VersionRangeSet() is needed to enable TLS > 1.0
      AC_CHECK_LIB(nss3, SSL_VersionRangeSet,
       [
       AC_DEFINE(USE_NSS, 1, [if NSS is enabled])
       AC_SUBST(USE_NSS, [1])
       USE_NSS="yes"
       NSS_ENABLED=1
       curl_ssl_msg="enabled (NSS)"
       ],
       [
         LIBS="$CLEANLIBS"
         CPPFLAGS="$CLEANCPPFLAGS"
       ])
      if test "x$USE_NSS" = "xyes"; then
        AC_MSG_NOTICE([detected NSS version $version])
        dnl needed when linking the curl tool without USE_EXPLICIT_LIB_DEPS
        NSS_LIBS=$addlib
        AC_SUBST([NSS_LIBS])
        dnl when shared libs were found in a path that the run-time
        dnl linker doesn't search through, we need to add it to
        dnl LD_LIBRARY_PATH to prevent further configure tests to fail
        dnl due to this
        if test "x$cross_compiling" != "xyes"; then
          LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$nssprefix/lib$libsuff"
          export LD_LIBRARY_PATH
          AC_MSG_NOTICE([Added $nssprefix/lib$libsuff to LD_LIBRARY_PATH])
        fi
      fi
    fi
    if test -z "$addlib"; then
      # Without pkg-config, we'll kludge in some defaults
      AC_MSG_WARN([Using hard-wired libraries and compilation flags for NSS.])
      addld="-L$OPT_NSS/lib"
      addlib="-lssl3 -lsmime3 -lnss3 -lplds4 -lplc4 -lnspr4"
      addcflags="-I$OPT_NSS/include"
      version="unknown"
      nssprefix=$OPT_NSS
    fi
    CLEANLDFLAGS="$LDFLAGS"
    CLEANLIBS="$LIBS"
    CLEANCPPFLAGS="$CPPFLAGS"
    LDFLAGS="$addld $LDFLAGS"
    LIBS="$addlib $LIBS"
    if test "$addcflags" != "-I/usr/include"; then
       CPPFLAGS="$CPPFLAGS $addcflags"
    fi
    dnl The function SSL_VersionRangeSet() is needed to enable TLS > 1.0
    AC_CHECK_LIB(nss3, SSL_VersionRangeSet,
     [
     AC_DEFINE(USE_NSS, 1, [if NSS is enabled])
     AC_SUBST(USE_NSS, [1])
     USE_NSS="yes"
     NSS_ENABLED=1
     curl_ssl_msg="enabled (NSS)"
     ],
     [
       LDFLAGS="$CLEANLDFLAGS"
       LIBS="$CLEANLIBS"
       CPPFLAGS="$CLEANCPPFLAGS"
     ])
    if test "x$USE_NSS" = "xyes"; then
      AC_MSG_NOTICE([detected NSS version $version])
      dnl needed when linking the curl tool without USE_EXPLICIT_LIB_DEPS
      NSS_LIBS=$addlib
      AC_SUBST([NSS_LIBS])
      dnl when shared libs were found in a path that the run-time
      dnl linker doesn't search through, we need to add it to
      dnl LD_LIBRARY_PATH to prevent further configure tests to fail
      dnl due to this
      if test "x$cross_compiling" != "xyes"; then
        LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$nssprefix/lib$libsuff"
        export LD_LIBRARY_PATH
        AC_MSG_NOTICE([Added $nssprefix/lib$libsuff to LD_LIBRARY_PATH])
      fi
    fi dnl NSS found
  fi dnl NSS not disabled
 fi dnl curl_ssl_msg = init_ssl_msg
@@ -2174,7 +2387,7 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
  fi
 fi
-if test "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED$POLARSSL_ENABLED$AXTLS_ENABLED$CYASSL_ENABLED$WINSSL_ENABLED$DARWINSSL_ENABLED" = "x"; then
+if test "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED$POLARSSL_ENABLED$MBEDTLS_ENABLED$AXTLS_ENABLED$CYASSL_ENABLED$WINSSL_ENABLED$DARWINSSL_ENABLED" = "x"; then
  AC_MSG_WARN([SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more.])
  AC_MSG_WARN([Use --with-ssl, --with-gnutls, --with-polarssl, --with-cyassl, --with-nss, --with-axtls, --with-winssl, or --with-darwinssl to address this.])
 else
@@ -2189,6 +2402,27 @@ dnl **********************************************************************
 CURL_CHECK_CA_BUNDLE
 dnl **********************************************************************
 dnl Check for libpsl
 dnl **********************************************************************
 AC_ARG_WITH(libpsl,
           AS_HELP_STRING([--without-libpsl],
           [disable support for libpsl cookie checking]),
           with_libpsl=$withval,
           with_libpsl=yes)
 if test $with_libpsl != "no"; then
  AC_SEARCH_LIBS(psl_builtin, psl,
    [curl_psl_msg="yes";
     AC_DEFINE([USE_LIBPSL], [1], [PSL support enabled])
     ],
    [curl_psl_msg="no      (libpsl not found)";
     AC_MSG_WARN([libpsl was not found])
     ]
  )
 fi
 AM_CONDITIONAL([USE_LIBPSL], [test "$curl_psl_msg" = "yes"])
 dnl **********************************************************************
 dnl Check for libmetalink
 dnl **********************************************************************
@@ -2768,7 +3002,9 @@ if test X"$want_h2" != Xno; then
    CPPFLAGS="$CPPFLAGS $CPP_H2"
    LIBS="$LIB_H2 $LIBS"
-    AC_CHECK_LIB(nghttp2, nghttp2_session_callbacks_set_send_callback,
+    # use nghttp2_option_set_no_recv_client_magic to require nghttp2
    # >= 1.0.0
    AC_CHECK_LIB(nghttp2, nghttp2_option_set_no_recv_client_magic,
      [
       AC_CHECK_HEADERS(nghttp2/nghttp2.h,
          curl_h2_msg="enabled (nghttp2)"
@@ -3142,7 +3378,7 @@ if test "x$want_thres" = xyes && test "x$want_ares" = xyes; then
 [Options --enable-threaded-resolver and --enable-ares are mutually exclusive])
 fi
-if test "$want_thres" = "yes"; then
+if test "$want_thres" = "yes" && test "$dontwant_rt" = "no"; then
  AC_CHECK_HEADER(pthread.h,
    [ AC_DEFINE(HAVE_PTHREAD_H, 1, [if you have <pthread.h>])
      save_CFLAGS="$CFLAGS"
@@ -3268,7 +3504,7 @@ AC_HELP_STRING([--disable-tls-srp],[Disable TLS-SRP authentication]),
       want_tls_srp=yes
 )
-if test "$want_tls_srp" = "yes" && ( test "x$HAVE_GNUTLS_SRP" = "x1" || test "x$HAVE_SSLEAY_SRP" = "x1") ; then
+if test "$want_tls_srp" = "yes" && ( test "x$HAVE_GNUTLS_SRP" = "x1" || test "x$HAVE_OPENSSL_SRP" = "x1") ; then
   AC_DEFINE(USE_TLS_SRP, 1, [Use TLS-SRP authentication])
   USE_TLS_SRP=1
   curl_tls_srp_msg="enabled"
@@ -3382,7 +3618,7 @@ dnl For keeping supported features and protocols also in pkg-config file
 dnl since it is more cross-compile friendly than curl-config
 dnl
-if test "x$USE_SSLEAY" = "x1"; then
+if test "x$OPENSSL_ENABLED" = "x1"; then
  SUPPORT_FEATURES="$SUPPORT_FEATURES SSL"
 elif test -n "$SSL_ENABLED"; then
  SUPPORT_FEATURES="$SUPPORT_FEATURES SSL"
@@ -3410,6 +3646,10 @@ if test "x$HAVE_GSSAPI" = "x1"; then
  SUPPORT_FEATURES="$SUPPORT_FEATURES GSS-API"
 fi
 if test "x$curl_psl_msg" = "xyes"; then
  SUPPORT_FEATURES="$SUPPORT_FEATURES PSL"
 fi
 if test "x$CURL_DISABLE_CRYPTO_AUTH" != "x1" -a \
    \( "x$HAVE_GSSAPI" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \); then
  SUPPORT_FEATURES="$SUPPORT_FEATURES SPNEGO"
@@ -3421,7 +3661,7 @@ if test "x$CURL_DISABLE_CRYPTO_AUTH" != "x1" -a \
 fi
 if test "x$CURL_DISABLE_CRYPTO_AUTH" != "x1"; then
-  if test "x$USE_SSLEAY" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \
+  if test "x$OPENSSL_ENABLED" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \
      -o "x$GNUTLS_ENABLED" = "x1" -o "x$NSS_ENABLED" = "x1" \
      -o "x$DARWINSSL_ENABLED" = "x1"; then
    SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM"
@@ -3494,7 +3734,7 @@ if test "x$CURL_DISABLE_IMAP" != "x1"; then
 fi
 if test "x$CURL_DISABLE_SMB" != "x1" \
    -a "x$CURL_DISABLE_CRYPTO_AUTH" != "x1" \
-    -a \( "x$USE_SSLEAY" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \
+    -a \( "x$OPENSSL_ENABLED" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \
      -o "x$GNUTLS_ENABLED" = "x1" -o "x$NSS_ENABLED" = "x1" \
      -o "x$DARWINSSL_ENABLED" = "x1" \); then
  SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SMB"
@@ -3615,6 +3855,7 @@ AC_MSG_NOTICE([Configured to build curl/libcurl:
  RTSP support:     ${curl_rtsp_msg}
  RTMP support:     ${curl_rtmp_msg}
  metalink support: ${curl_mtlnk_msg}
  PSL support:      ${curl_psl_msg}
  HTTP2 support:    ${curl_h2_msg}
  Protocols:        ${SUPPORT_PROTOCOLS}
 ])
--- a/curl-config.in
+++ b/curl-config.in
@@ -71,7 +71,7 @@ while test $# -gt 0; do
        ;;
    --ca)
-        echo "@CURL_CA_BUNDLE@"
+        echo @CURL_CA_BUNDLE@
        ;;
    --cc)
--- a/docs/BINDINGS
+++ b/docs/BINDINGS
@@ -50,7 +50,7 @@ Cocoa
 D
  Written by Kenneth Bogert
-  http://curl.haxx.se/libcurl/d/
+  http://dlang.org/library/std/net/curl.html
 Dylan
@@ -60,7 +60,7 @@ Dylan
 Eiffel
  Written by Eiffel Software
-  http://curl.haxx.se/libcurl/eiffel/
+  https://room.eiffel.com/library/curl
 Euphoria
@@ -78,7 +78,7 @@ Ferite
 Gambas
-  http://gambas.sourceforge.net
+  http://gambas.sourceforge.net/
 glib/GTK+
@@ -90,6 +90,11 @@ Guile:
  Written by Michael L. Gran
  http://www.lonelycactus.com/guile-curl.html
 Harbour
  Written by Viktor Szakáts
  https://github.com/vszakats/harbour-core/tree/master/contrib/hbcurl
 Haskell
  Written by Galois, Inc
@@ -97,8 +102,7 @@ Haskell
 Java
-  Maintained by [blank]
+  https://github.com/pjlegato/curl-java
  http://curl.haxx.se/libcurl/java/
 Julia
@@ -115,7 +119,7 @@ Lua
  luacurl by Alexander Marinov
  http://luacurl.luaforge.net/
-  Lua-cURL by J<EFBFBD>rgen H<EFBFBD>tzel
+  Lua-cURL by Jürgen Hötzel
  http://luaforge.net/projects/lua-curl/
 Mono
@@ -126,7 +130,7 @@ Mono
 .NET
  libcurl-net by Jeffrey Phillips
-  http://sourceforge.net/projects/libcurl-net/
+  https://sourceforge.net/projects/libcurl-net/
 node.js
@@ -141,7 +145,7 @@ Object-Pascal
 O'Caml
  Written by Lars Nilsson
-  http://sourceforge.net/projects/ocurl/
+  https://sourceforge.net/projects/ocurl/
 Pascal
@@ -150,13 +154,13 @@ Pascal
 Perl
-  Maintained by Cris Bailiff
+  Maintained by Cris Bailiff and Bálint Szilakszi
-  http://curl.haxx.se/libcurl/perl/
+  https://github.com/szbalint/WWW--Curl
 PHP
  Written by Sterling Hughes
-  http://curl.haxx.se/libcurl/php/
+  https://php.net/curl
 PostgreSQL
@@ -170,8 +174,7 @@ Python
 R
-  RCurl by Duncan Temple Lang
+  http://cran.r-project.org/package=curl
  http://www.omegahat.org/RCurl/
 Rexx
@@ -192,10 +195,15 @@ Ruby
  ruby-curl-multi - written by Kristjan Petursson and Keith Rarick
  http://curl-multi.rubyforge.org/
 Rust
  curl-rust - by Carl Lerche
  https://github.com/carllerche/curl-rust
 Scheme
  Bigloo binding by Kirill Lisovsky
-  http://curl.haxx.se/libcurl/scheme/
+  http://www.metapaper.net/lisovsky/web/curl/
 S-Lang
@@ -219,13 +227,13 @@ SPL
 Tcl
-  Tclcurl by Andr<EFBFBD>s Garc<EFBFBD>a
+  Tclcurl by Andrés García
-  http://personal1.iddeo.es/andresgarci/tclcurl/english/docs.html
+  http://mirror.yellow5.com/tclcurl/
 Visual Basic
  libcurl-vb by Jeffrey Phillips
-  http://sourceforge.net/projects/libcurl-vb/
+  https://sourceforge.net/projects/libcurl-vb/
 Visual Foxpro
@@ -245,3 +253,8 @@ XBLite
  Written by David Szafranski
  http://perso.wanadoo.fr/xblite/libraries.html
 Xojo
  Written by Andrew Lambert
  https://github.com/charonn0/RB-libcURL
--- a/docs/BUGS
+++ b/docs/BUGS
@@ -35,11 +35,9 @@ BUGS
  have a go at a solution. You can optionally also post your bug/problem at
  curl's bug tracking system over at
-        https://sourceforge.net/p/curl/bugs/
+        https://github.com/bagder/curl/issues
-  Please read the rest of this document below first before doing that! Also,
+  Please read the rest of this document below first before doing that!
  you need to login to your sourceforge account before being able to submit a
  bug report (necessary evil done to avoid spam).
  If you feel you need to ask around first, find a suitable mailing list and
  post there. The lists are available on http://curl.haxx.se/mail/
--- a/docs/CODE_OF_CONDUCT.md
+++ b/docs/CODE_OF_CONDUCT.md
@@ -0,0 +1,32 @@
 Contributor Code of Conduct
 ===========================
 As contributors and maintainers of this project, we pledge to respect all
 people who contribute through reporting issues, posting feature requests,
 updating documentation, submitting pull requests or patches, and other
 activities.
 We are committed to making participation in this project a harassment-free
 experience for everyone, regardless of level of experience, gender, gender
 identity and expression, sexual orientation, disability, personal appearance,
 body size, race, ethnicity, age, or religion.
 Examples of unacceptable behavior by participants include the use of sexual
 language or imagery, derogatory comments or personal attacks, trolling, public
 or private harassment, insults, or other unprofessional conduct.
 Project maintainers have the right and responsibility to remove, edit, or
 reject comments, commits, code, wiki edits, issues, and other contributions
 that are not aligned to this Code of Conduct. Project maintainers who do not
 follow the Code of Conduct may be removed from the project team.
 This code of conduct applies both within project spaces and in public spaces
 when an individual is representing the project or its community.
 Instances of abusive, harassing, or otherwise unacceptable behavior may be
 reported by opening an issue or contacting one or more of the project
 maintainers.
 This Code of Conduct is adapted from the [Contributor
 Covenant](http://contributor-covenant.org), version 1.1.0, available at
 [http://contributor-covenant.org/version/1/1/0/](http://contributor-covenant.org/version/1/1/0/)
--- a/docs/CONTRIBUTE
+++ b/docs/CONTRIBUTE
@@ -34,7 +34,7 @@
 3.3 How To Make a Patch without git
 3.4 How to get your changes into the main sources
 3.5 Write good commit messages
- 3.6 Please don't send pull requests
+ 3.6 About pull requests
 ==============================================================================
@@ -52,6 +52,10 @@
 We also hang out on IRC in #curl on irc.freenode.net
 If you're at all interested in the code side of things, consider clicking
 'watch' on the curl repo at github to get notified on pull requests and new
 issues posted there.
 1.2. License
 When contributing with code, you agree to put your changes and new code under
@@ -78,10 +82,10 @@
 1.3 What To Read
- Source code, the man pages, the INTERNALS document, TODO, KNOWN_BUGS, the
+ Source code, the man pages, the INTERNALS document, TODO, KNOWN_BUGS and the
- most recent CHANGES. Just lurking on the curl-library mailing list is gonna
+ most recent changes in the git log. Just lurking on the curl-library mailing
- give you a lot of insights on what's going on right now. Asking there is a
+ list is gonna give you a lot of insights on what's going on right now. Asking
- good idea too.
+ there is a good idea too.
 2. cURL Coding Standards
@@ -199,7 +203,7 @@
 You need to first checkout the repository:
-     git clone git://github.com/bagder/curl.git
+     git clone https://github.com/bagder/curl.git
 You then proceed and edit all the files you like and you commit them to your
 local repository:
@@ -241,8 +245,8 @@
 For unix-like operating systems:
-     http://www.gnu.org/software/patch/patch.html
+     https://savannah.gnu.org/projects/patch/
-     http://www.gnu.org/directory/diffutils.html
+     https://www.gnu.org/software/diffutils/
 For Windows:
@@ -288,27 +292,15 @@
 and make sure that you have your own user and email setup correctly in git
 before you commit
-3.6 Please don't send pull requests
+3.6 About pull requests
 With git (and especially github) it is easy and tempting to send a pull
- request to one or more people in the curl project to have changes merged this
+ request to the curl project to have changes merged this way instead of
- way instead of mailing patches to the curl-library mailing list.
+ mailing patches to the curl-library mailing list.
- We don't like that. We want them mailed for these reasons:
+ We used to dislike this but we're trying to change that and accept that this
 is a frictionless way for people to contribute to the project. We now welcome
 pull requests!
- - Peer review. Anyone and everyone on the list can review, comment and
+ We will continue to avoid using github's merge tools to make the history
-   improve on the patch. Pull requests limit this ability.
+ linear and to make sure commits follow our style guidelines.
 - Anyone can merge the patch into their own trees for testing and those who
   have push rights can push it to the main repo. It doesn't have to be anyone
   the patch author knows beforehand.
 - Commit messages can be tweaked and changed if merged locally instead of
   using github. Merges directly on github requires the changes to be perfect
   already, which they seldom are.
 - Merges on github prevents rebases and even enforces --no-ff which is a git
   style we don't otherwise use in the project
 However: once patches have been reviewed and deemed fine on list they are
 perfectly OK to be pulled from a published git tree.
--- a/docs/DISTRO-DILEMMA
+++ b/docs/DISTRO-DILEMMA
@@ -1,176 +0,0 @@
  Date: February 11, 2007
  Author: Daniel Stenberg <daniel@haxx.se>
  URL: http://curl.haxx.se/legal/distro-dilemma.html
 Condition
 This document is written to describe the situation as it is right now.
 libcurl 7.16.1 is currently the latest version available. Things may of
 course change in the future.
 This document reflects my view and understanding of these things. Please tell
 me where and how you think I'm wrong, and I'll try to correct my mistakes.
 Background
 The Free Software Foundation has deemed the Original BSD license[1] to be
 "incompatible"[2] with GPL[3]. I'd rather say it is the other way around, but
 the point is the same: if you distribute a binary version of a GPL program,
 it MUST NOT be linked with any Original BSD-licensed parts or libraries.
 Doing so will violate the GPL license. For a long time, very many GPL
 licensed programs have avoided this license mess by adding an exception[8] to
 their license. And many others have just closed their eyes for this problem.
 libcurl is MIT-style[4] licensed - how on earth did this dilemma fall onto
 our plates?
 libcurl is only a little library. libcurl can be built to use OpenSSL for its
 SSL/TLS capabilities. OpenSSL is basically Original BSD licensed[5].
 If libcurl built to use OpenSSL is used by a GPL-licensed application and you
 decide to distribute a binary version of it (Linux distros - for example -
 tend to), you have a clash. GPL vs Original BSD.
 This dilemma is not libcurl-specific nor is it specific to any particular
 Linux distro. (This article mentions and refers to Debian several times, but
 only because Debian seems to be the only Linux distro to have faced this
 issue yet since no other distro is shipping libcurl built with two SSL
 libraries.)
 Part of the Operating System
 This would not be a problem if the used lib would be considered part of the
 underlying operating system, as then the GPL license has an exception
 clause[6] that allows applications to use such libs without having to be
 allowed to distribute it or its sources. Possibly some distros will claim
 that OpenSSL is part of their operating system.
 Debian does however not take this stance and has officially(?) claimed that
 OpenSSL is not a required part of the Debian operating system
 Some people claim that this paragraph cannot be exploited this way by a Linux
 distro, but I am not a lawyer and that is a discussion left outside of this
 document.
 GnuTLS
 Since May 2005 libcurl can get built to use GnuTLS instead of OpenSSL. GnuTLS
 is an LGPL[7] licensed library that offers a matching set of features as
 OpenSSL does. Now, you can build and distribute an TLS/SSL capable libcurl
 without including any Original BSD licensed code.
 I believe Debian is the first (only?) distro that provides libcurl/GnuTLS
 packages.
 yassl
 libcurl can get also get built to use yassl for the TLS/SSL layer. yassl is a
 GPL[3] licensed library.
 GnuTLS vs OpenSSL vs yassl
 While these three libraries offer similar features, they are not equal.
 libcurl does not (yet) offer a standardized stable ABI if you decide to
 switch from using libcurl-openssl to libcurl-gnutls or vice-versa. The GnuTLS
 and yassl support is very recent in libcurl and it has not been tested nor
 used very extensively, while the OpenSSL equivalent code has been used and
 thus matured since 1999.
 GnuTLS
   - LGPL licensed
   - supports SRP
   - lacks SSLv2 support
   - lacks MD2 support (used by at least some CA certs)
   - lacks the crypto functions libcurl uses for NTLM
 OpenSSL
   - Original BSD licensed
   - lacks SRP
   - supports SSLv2
   - older and more widely used
   - provides crypto functions libcurl uses for NTLM
   - libcurl can do non-blocking connects with it in 7.15.4 and later
 yassl
   - GPL licensed
   - much untested and unproven in the real work by (lib)curl users so we don't
     know a lot about restrictions or benefits from using this
 The Better License, Original BSD, GPL or LGPL?
 It isn't obvious or without debate to any objective interested party that
 either of these licenses are the "better" or even the "preferred" one in a
 generic situation.
 Instead, I think we should accept the fact that the SSL/TLS libraries and
 their different licenses will fit different applications and their authors
 differently depending on the applications' licenses and their general usage
 pattern (considering how GPL and LGPL libraries for example can be burdensome
 for embedded systems usage).
 In Debian land, there seems to be a common opinion that LGPL is "maximally
 compatible" with apps while Original BSD is not. Like this:
        http://lists.debian.org/debian-devel/2005/09/msg01417.html
 More SSL Libraries
 In libcurl, there's no stopping us here. There are more Open Source/Free
 SSL/TLS libraries out there and we would very much like to support them as
 well, to offer application authors an even wider scope of choice.
 Application Angle of this Problem
 libcurl is built to use one SSL/TLS library. It uses a single fixed name (by
 default) on the built/created lib file, and applications are built/linked to
 use that single lib. Replacing one libcurl instance with another one that
 uses the other SSL/TLS library might break one or more applications (due to
 ABI differences and/or different feature set). You want your application to
 use the libcurl it was built for.
 Project cURL Angle of this Problem
 We distribute libcurl and everyone may build libcurl with either library at
 their choice. This problem is not directly a problem of ours. It merely
 affects users - GPL application authors only - of our lib as it comes
 included and delivered on some distros.
 libcurl has different ABI when built with different SSL/TLS libraries due to
 these reasons:
 1. No one has worked on fixing this. The mutex/lock callbacks should be set
    with a generic libcurl function that should use the proper underlying
    functions.
 2. The CURLOPT_SSL_CTX_FUNCTION option is not possible to "emulate" on GnuTLS
    but simply requires OpenSSL.
 3. There might be some other subtle differences just because nobody has yet
    tried to make a fixed ABI like this.
 Distro Angle of this Problem
 To my knowledge there is only one distro that ships libcurl built with either
 OpenSSL or GnuTLS.
 Debian Linux is now (since mid September 2005) providing two different
 libcurl packages, one for libcurl built with OpenSSL and one built with
 GnuTLS. They use different .so names and can this both be installed in a
 single system simultaneously. This has been said to be a transitional system
 not desired to keep in the long run.
 Footnotes
 [1] = http://www.xfree86.org/3.3.6/COPYRIGHT2.html#6
 [2] = http://www.fsf.org/licensing/essays/bsd.html
 [3] = http://www.fsf.org/licensing/licenses/gpl.html
 [4] = http://curl.haxx.se/docs/copyright.html
 [5] = http://www.openssl.org/source/license.html
 [6] = http://www.fsf.org/licensing/licenses/gpl.html end of section 3
 [7] = http://www.fsf.org/licensing/licenses/lgpl.html
 [8] = http://en.wikipedia.org/wiki/OpenSSL_exception
 Feedback/Updates provided by
 Eric Cooper
--- a/docs/FAQ
+++ b/docs/FAQ
@@ -21,6 +21,7 @@ FAQ
  1.12 I have a problem who can I chat with?
  1.13 curl's ECCN number?
  1.14 How do I submit my patch?
  1.15 How do I port libcurl to my OS?
 2. Install Related Problems
  2.1 configure doesn't find OpenSSL even when it is installed
@@ -81,6 +82,7 @@ FAQ
  4.18 file:// URLs containing drive letters (Windows, NetWare)
  4.19 Why doesn't cURL return an error when the network cable is unplugged?
  4.20 curl doesn't return error for HTTP non-200 responses!
  4.21 Why is there a HTTP/1.1 in my HTTP/2 request?
 5. libcurl Issues
  5.1 Is libcurl thread-safe?
@@ -350,7 +352,7 @@ FAQ
  cryptography. When doing so, the Export Control Classification Number (ECCN)
  is used to identify the level of export control etc.
-  ASF gives a good explanation at http://www.apache.org/dev/crypto.html
+  ASF gives a good explanation at https://www.apache.org/dev/crypto.html
  We believe curl's number might be ECCN 5D002, another possibility is
  5D992. It seems necessary to write them, asking to confirm.
@@ -379,6 +381,19 @@ FAQ
  Lots of more details are found in the CONTRIBUTE and INTERNALS docs.
  1.15 How do I port libcurl to my OS?
  Here's a rough step-by-step:
  1. copy a suitable lib/config-*.h file as a start to lib/config-[youros].h
  2. edit lib/config-[youros].h to match your OS and setup
  3. edit lib/curl_setup.h to include config-[youros].h when your OS is
     detected by the preprocessor, in the style others already exist
  4. compile lib/*.c and make them into a library
 2. Install Related Problems
@@ -764,8 +779,9 @@ FAQ
  request-body in a GET request with something like "curl -X GET -d data
  [URL]"
-  Note that -X doesn't change curl's behavior. It only modifies the actual
+  Note that -X doesn't actually change curl's behavior as it only modifies the
-  string sent in the request.
+  actual string sent in the request, but that may of course trigger a
  different set of events.
  Accordingly, by using -XPOST on a command line that for example would follow
  a 303 redirect, you will effectively prevent curl from behaving
@@ -1026,7 +1042,7 @@ FAQ
  timeout is set.
  See option TcpMaxConnectRetransmissions on this page:
-  http://support.microsoft.com/?scid=kb%3Ben-us%3B175523&x=6&y=7
+  https://support.microsoft.com/en-us/kb/175523/en-us
  Also, even on non-Windows systems there may run a firewall or anti-virus
  software or similar that accepts the connection but does not actually do
@@ -1043,7 +1059,7 @@ FAQ
  You'll find that even if D:\blah.txt does exist, cURL returns a 'file
  not found' error.
-  According to RFC 1738 (http://www.faqs.org/rfcs/rfc1738.html),
+  According to RFC 1738 (https://www.ietf.org/rfc/rfc1738.txt),
  file:// URLs must contain a host component, but it is ignored by
  most implementations. In the above example, 'D:' is treated as the
  host component, and is taken away. Thus, cURL tries to open '/blah.txt'.
@@ -1115,6 +1131,16 @@ FAQ
  You can also use the -w option and the variable %{response_code} to extract
  the exact response code that was return in the response.
  4.21 Why is there a HTTP/1.1 in my HTTP/2 request?
  If you use verbose to see the HTTP request when you send off a HTTP/2
  request, it will still say 1.1.
  The reason for this is that we first generate the request to send using the
  old 1.1 style and show that request in the verbose output, and then we
  convert it over to the binary header-compressed HTTP/2 style. The actual
  "1.1" part from that request is then not actually used in the transfer. The
  binary HTTP/2 headers are not human readable.
 5. libcurl Issues
@@ -1137,13 +1163,13 @@ FAQ
  If you use a OpenSSL-powered libcurl in a multi-threaded environment, you
  need to provide one or two locking functions:
-    http://www.openssl.org/docs/crypto/threads.html
+    https://www.openssl.org/docs/crypto/threads.html
  If you use a GnuTLS-powered libcurl in a multi-threaded environment, you
  need to provide locking function(s) for libgcrypt (which is used by GnuTLS
  for the crypto functions).
-    http://www.gnu.org/software/gnutls/manual/html_node/Multi_002dthreaded-applications.html
+    https://web.archive.org/web/20111103083330/http://www.gnu.org/software/gnutls/manual/html_node/Multi_002dthreaded-applications.html
  No special locking is needed with a NSS-powered libcurl. NSS is thread-safe.
@@ -1319,7 +1345,7 @@ FAQ
  Also note that on many networks NATs or other IP-munging techniques are used
  that makes you see and use a different IP address locally than what the
  remote server will see you coming from. You may also consider using
-  http://www.torproject.org .
+  https://www.torproject.org/ .
  5.13 How do I stop an ongoing transfer?
@@ -1510,9 +1536,7 @@ FAQ
  7.2 Who wrote PHP/CURL?
-  PHP/CURL is a module that comes with the regular PHP package. It depends and
+  PHP/CURL was initially written by Sterling Hughes.
  uses libcurl, so you need to have libcurl installed properly first before
  PHP/CURL can be used. PHP/CURL was initially written by Sterling Hughes.
  7.3 Can I perform multiple requests using the same handle?
@@ -1521,4 +1545,10 @@ FAQ
  unknown to me).
  After a transfer, you just set new options in the handle and make another
-  transfer. This will make libcurl to re-use the same connection if it can.
+  transfer. This will make libcurl re-use the same connection if it can.
  7.4 Does PHP/CURL have dependencies?
  PHP/CURL is a module that comes with the regular PHP package. It depends on
  and uses libcurl, so you need to have libcurl installed properly before
  PHP/CURL can be used.
--- a/docs/FEATURES
+++ b/docs/FEATURES
@@ -134,8 +134,8 @@ SMB
 - authentication with NTLMv1
 SMTP
- - authentication: Plain, Login, CRAM-MD5, Digest-MD5, NTLM (*9) and Kerberos 5
+ - authentication: Plain, Login, CRAM-MD5, Digest-MD5, NTLM (*9), Kerberos 5
-   (*4)
+   (*4) and External.
 - send e-mails
 - mail from support
 - mail size support
@@ -150,8 +150,8 @@ SMTPS (*1)
 POP3
 - authentication: Clear Text, APOP and SASL
- - SASL based authentication: Plain, Login, CRAM-MD5, Digest-MD5, NTLM (*9) and
+ - SASL based authentication: Plain, Login, CRAM-MD5, Digest-MD5, NTLM (*9),
-   Kerberos 5 (*4)
+   Kerberos 5 (*4) and External.
 - list e-mails
 - retrieve e-mails
 - enhanced command support for: CAPA, DELE, TOP, STAT, UIDL and NOOP via
@@ -165,8 +165,8 @@ POP3S (*1)
 IMAP
 - authentication: Clear Text and SASL
- - SASL based authentication: Plain, Login, CRAM-MD5, Digest-MD5, NTLM (*9) and
+ - SASL based authentication: Plain, Login, CRAM-MD5, Digest-MD5, NTLM (*9),
-   Kerberos 5 (*4)
+   Kerberos 5 (*4) and External.
 - list the folders of a mailbox
 - select a mailbox with support for verifying the UIDVALIDITY
 - fetch e-mails with support for specifying the UID and SECTION
--- a/docs/HTTP-COOKIES
+++ b/docs/HTTP-COOKIES
@@ -36,7 +36,7 @@ HTTP Cookies
  For a very long time, the only spec explaining how to use cookies was the
  original Netscape spec from 1994: http://curl.haxx.se/rfc/cookie_spec.html
-  In 2011, RFC6265 (http://www.ietf.org/rfc/rfc6265.txt) was finally published
+  In 2011, RFC6265 (https://www.ietf.org/rfc/rfc6265.txt) was finally published
  and details how cookies work within HTTP.
  1.2 Cookies saved to disk
--- a/docs/HTTP2.md
+++ b/docs/HTTP2.md
@@ -0,0 +1,107 @@
 HTTP/2 with curl
 ================
 [HTTP/2 Spec](https://www.rfc-editor.org/rfc/rfc7540.txt)
 [http2 explained](http://daniel.haxx.se/http2/)
 Build prerequisites
 -------------------
  - nghttp2
  - OpenSSL, NSS, GnutTLS or PolarSSL with a new enough version
 [nghttp2](https://nghttp2.org/)
 -------------------------------
 libcurl uses this 3rd party library for the low level protocol handling
 parts. The reason for this is that HTTP/2 is much more complex at that layer
 than HTTP/1.1 (which we implement on our own) and that nghttp2 is an already
 existing and well functional library.
 We require at least version 1.0.0.
 Over an http:// URL
 -------------------
 If `CURLOPT_HTTP_VERSION` is set to `CURL_HTTP_VERSION_2_0`, libcurl will
 include an upgrade header in the initial request to the host to allow
 upgrading to HTTP/2.
 Possibly we can later introduce an option that will cause libcurl to fail if
 not possible to upgrade. Possibly we introduce an option that makes libcurl
 use HTTP/2 at once over http://
 Over an https:// URL
 --------------------
 If `CURLOPT_HTTP_VERSION` is set to `CURL_HTTP_VERSION_2_0`, libcurl will use
 ALPN (or NPN) to negotiate which protocol to continue with. Possibly introduce
 an option that will cause libcurl to fail if not possible to use HTTP/2.
 Consider options to explicitly disable ALPN and/or NPN.
 ALPN is the TLS extension that HTTP/2 is expected to use. The NPN extension is
 for a similar purpose, was made prior to ALPN and is used for SPDY so early
 HTTP/2 servers are implemented using NPN before ALPN support is widespread.
 SSL libs
 --------
 The challenge is the ALPN and NPN support and all our different SSL
 backends. You may need a fairly updated SSL library version for it to
 provide the necessary TLS features. Right now we support:
  - OpenSSL:  ALPN and NPN
  - NSS:      ALPN and NPN
  - GnuTLS:   ALPN
  - PolarSSL: ALPN
 Multiplexing
 ------------
 Starting in 7.43.0, libcurl fully supports HTTP/2 multiplexing, which is the
 term for doing multiple independent transfers over the same physical TCP
 connection.
 To take advantage of multiplexing, you need to use the multi interface and set
 `CURLMOPT_PIPELINING` to `CURLPIPE_MULTIPLEX`. With that bit set, libcurl will
 attempt to re-use existing HTTP/2 connections and just add a new stream over
 that when doing subsequent parallel requests.
 While libcurl sets up a connection to a HTTP server there is a period during
 which it doesn't know if it can pipeline or do multiplexing and if you add new
 transfers in that period, libcurl will default to start new connections for
 those transfers. With the new option `CURLOPT_PIPEWAIT` (added in 7.43.0), you
 can ask that a transfer should rather wait and see in case there's a
 connection for the same host in progress that might end up being possible to
 multiplex on. It favours keeping the number of connections low to the cost of
 slightly longer time to first byte transferred.
 Applications
 ------------
 We hide HTTP/2's binary nature and convert received HTTP/2 traffic to headers
 in HTTP 1.1 style. This allows applications to work unmodified.
 curl tool
 ---------
 curl offers the `--http2` command line option to enable use of HTTP/2
 HTTP Alternative Services
 -------------------------
 Alt-Svc is a suggested extension with a corresponding frame (ALTSVC) in HTTP/2
 that tells the client about an alternative "route" to the same content for the
 same origin server that you get the response from. A browser or long-living
 client can use that hint to create a new connection asynchronously.  For
 libcurl, we may introduce a way to bring such clues to the applicaton and/or
 let a subsequent request use the alternate route
 automatically. [Spec](https://tools.ietf.org/html/draft-ietf-httpbis-alt-svc-05)
 TODO
 ----
  - Provide API to set priorities / dependencies of individual streams
  - Implement "prior-knowledge" HTTP/2 connecitons over clear text so that
    curl can connect with HTTP/2 at once without 1.1+Upgrade.
--- a/docs/INSTALL
+++ b/docs/INSTALL
@@ -173,13 +173,13 @@ Win32
   advice given above.
   KB94248  - How To Use the C Run-Time
-              http://support.microsoft.com/kb/94248/en-us
+              https://support.microsoft.com/kb/94248/en-us
   KB140584 - How to link with the correct C Run-Time (CRT) library
-              http://support.microsoft.com/kb/140584/en-us
+              https://support.microsoft.com/kb/140584/en-us
   KB190799 - Potential Errors Passing CRT Objects Across DLL Boundaries
-              http://msdn.microsoft.com/en-us/library/ms235460
+              https://msdn.microsoft.com/en-us/library/ms235460
   If your app is misbehaving in some strange way, or it is suffering
   from memory corruption, before asking for further help, please try
@@ -209,8 +209,8 @@ Win32
   environment variables, for example:
     set ZLIB_PATH=c:\zlib-1.2.8
-     set OPENSSL_PATH=c:\openssl-0.9.8zc
+     set OPENSSL_PATH=c:\openssl-1.0.2c
-     set LIBSSH2_PATH=c:\libssh2-1.4.3
+     set LIBSSH2_PATH=c:\libssh2-1.6.0
   ATTENTION: if you want to build with libssh2 support you have to use latest
   version 0.17 - previous versions will NOT work with 7.17.0 and later!
@@ -232,7 +232,7 @@ Win32
   - optional MingW32-built OpenLDAP SDK available from:
     http://www.gknw.net/mirror/openldap/
   - optional recent Novell CLDAP SDK available from:
-     http://developer.novell.com/ndk/cldap.htm
+     https://www.novell.com/developer/ndk/ldap_libraries_for_c.html
   Cygwin
   ------
@@ -254,7 +254,7 @@ Win32
   If you use MSVC 6 it is required that you use the February 2003 edition of
   the 'Platform SDK' which can be downloaded from:
-   http://www.microsoft.com/en-us/download/details.aspx?id=12261
+   https://www.microsoft.com/en-us/download/details.aspx?id=12261
   Building any software with MSVC 6 without having PSDK installed is just
   asking for trouble down the road once you have released it, you might notice
@@ -263,7 +263,7 @@ Win32
   software built in such way will at some point regret having done so.
   If the compiler has been updated with the installation of a service pack as
-   those mentioned in http://support.microsoft.com/kb/194022 the compiler can be
+   those mentioned in https://support.microsoft.com/kb/194022 the compiler can be
   safely used to read source code, translate and make it object code.
   But, even with the service packs mentioned above installed, the resulting
@@ -299,7 +299,7 @@ Win32
   Then run 'nmake vc' in curl's root directory.
   If you want to compile with zlib support, you will need to build
-   zlib (http://www.gzip.org/zlib/) as well. Please read the zlib
+   zlib (http://www.zlib.net/) as well. Please read the zlib
   documentation on how to compile zlib. Define the ZLIB_PATH environment
   variable to the location of zlib.h and zlib.lib, for example:
@@ -471,6 +471,15 @@ Win32
   add '-DCURL_STATICLIB' to your CFLAGS.  Otherwise the linker will look for
   dynamic import symbols.
   Legacy Windows and SSL
   ----------------------
   WinSSL (specifically SChannel from Windows SSPI), is the native SSL library
   in Windows. However, WinSSL in Windows <= XP is unable to connect to servers
   that no longer support the legacy handshakes and algorithms used by those
   versions. If you will be using curl in one of those earlier versions of
   Windows you should choose another SSL backend such as OpenSSL.
 Apple iOS and Mac OS X
 ======================
@@ -665,12 +674,10 @@ NetWare
   - gnu make and awk running on the platform you compile on;
     native Win32 versions can be downloaded from:
     http://www.gknw.net/development/prgtools/
-   - recent Novell LibC SDK available from:
+   - recent Novell LibC or Novell CLib SDK available from:
-     http://developer.novell.com/ndk/libc.htm
+     https://www.novell.com/developer/ndk/
   - or recent Novell CLib SDK available from:
     http://developer.novell.com/ndk/clib.htm
   - optional recent Novell CLDAP SDK available from:
-     http://developer.novell.com/ndk/cldap.htm
+     https://www.novell.com/developer/ndk/ldap_libraries_for_c.html
   - optional zlib sources (static or dynamic linking with zlib.imp);
     sources with NetWare Makefile can be obtained from:
     http://www.gknw.net/mirror/zlib/
@@ -825,7 +832,7 @@ VxWorks
   To build libcurl for VxWorks you need:
-      - CYGWIN (free, http://cygwin.com/)
+      - CYGWIN (free, https://cygwin.com/)
      - Wind River Workbench (commercial)
   If you have CYGWIN and Workbench installed on you machine
@@ -943,9 +950,10 @@ REDUCING SIZE
   important factor.  First, be sure to set the CFLAGS variable when
   configuring with any relevant compiler optimization flags to reduce the
   size of the binary.  For gcc, this would mean at minimum the -Os option,
-   and potentially the -march=X and -mdynamic-no-pic options as well, e.g.
+   and potentially the -march=X, -mdynamic-no-pic and -flto options as well,
   e.g.
-      ./configure CFLAGS='-Os' ...
+      ./configure CFLAGS='-Os' LDFLAGS='-Wl,-Bsymbolic'...
   Note that newer compilers often produce smaller code than older versions
   due to improved optimization.
@@ -963,7 +971,9 @@ REDUCING SIZE
     --disable-ipv6 (disables support for IPv6)
     --disable-manual (disables support for the built-in documentation)
     --disable-proxy (disables support for HTTP and SOCKS proxies)
     --disable-unix-sockets (disables support for UNIX sockets)
     --disable-verbose (eliminates debugging strings and error code strings)
     --disable-versioned-symbols (disables support for versioned symbols)
     --enable-hidden-symbols (eliminates unneeded symbols in the shared library)
     --without-libidn (disables support for the libidn DNS library)
     --without-librtmp (disables support for RTMP)
@@ -976,7 +986,7 @@ REDUCING SIZE
   configure command-line, e.g.
     CFLAGS="-Os -ffunction-sections -fdata-sections \
-             -fno-unwind-tables -fno-asynchronous-unwind-tables" \
+             -fno-unwind-tables -fno-asynchronous-unwind-tables -flto" \
     LDFLAGS="-Wl,-s -Wl,-Bsymbolic -Wl,--gc-sections"
   Be sure also to strip debugging symbols from your binaries after
@@ -986,9 +996,9 @@ REDUCING SIZE
   .comment section).
   Using these techniques it is possible to create a basic HTTP-only shared
-   libcurl library for i386 Linux platforms that is only 114 KiB in size, and
+   libcurl library for i386 Linux platforms that is only 109 KiB in size, and
-   an FTP-only library that is 115 KiB in size (as of libcurl version 7.35.0,
+   an FTP-only library that is 109 KiB in size (as of libcurl version 7.45.0,
-   using gcc 4.8.2).
+   using gcc 4.9.2).
   You may find that statically linking libcurl to your application will
   result in a lower total size than dynamically linking.
@@ -1086,18 +1096,18 @@ Useful URLs
 axTLS        http://axtls.sourceforge.net/
 c-ares       http://c-ares.haxx.se/
-GNU GSS      http://www.gnu.org/software/gss/
+GNU GSS      https://www.gnu.org/software/gss/
-GnuTLS       http://www.gnu.org/software/gnutls/
+GnuTLS       https://www.gnu.org/software/gnutls/
-Heimdal      http://www.pdc.kth.se/heimdal/
+Heimdal      http://www.h5l.org/
-libidn       http://www.gnu.org/software/libidn/
+libidn       https://www.gnu.org/software/libidn/
 libmetalink  https://launchpad.net/libmetalink/
 libssh2      http://www.libssh2.org/
 MIT Kerberos http://web.mit.edu/kerberos/www/dist/
-NSS          http://www.mozilla.org/projects/security/pki/nss/
+NSS          https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS
 OpenLDAP     http://www.openldap.org/
-OpenSSL      http://www.openssl.org/
+OpenSSL      https://www.openssl.org/
-PolarSSL     http://polarssl.org/
+PolarSSL     https://tls.mbed.org/
-yassl        http://www.yassl.com/
+wolfSSL      https://www.wolfssl.com/wolfSSL/
 Zlib         http://www.zlib.net/
 MingW        http://www.mingw.org/
--- a/docs/INSTALL.devcpp
+++ b/docs/INSTALL.devcpp
@@ -95,7 +95,7 @@ install instructions may produce erratic behaviour in DevCpp. For further info
 check the following sites
 http://aditsu.freeunixhost.com/dev-cpp-faq.html
-http://sourceforge.net/forum/message.php?msg_id=3252213
+https://sourceforge.net/p/dev-cpp/discussion/48211/thread/2a85ea46
 As I have mentioned before I will confine this to the SSL Library compilations
 but the process is very similar for compilation of the executable - curl.exe;
--- a/docs/INTERNALS
+++ b/docs/INTERNALS
--- a/docs/KNOWN_BUGS
+++ b/docs/KNOWN_BUGS
@@ -3,6 +3,18 @@ join in and help us correct one or more of these! Also be sure to check the
 changelog of the current development status, as one or more of these problems
 may have been fixed since this was written!
 91. "curl_easy_perform hangs with imap and PolarSSL"
  https://github.com/bagder/curl/issues/334
 90. IMAP "SEARCH ALL" truncates output on large boxes. "A quick search of the
  code reveals that pingpong.c contains some truncation code, at line 408,
  when it deems the server response to be too large truncating it to 40
  characters"
  http://curl.haxx.se/bug/view.cgi?id=1366
 89. Disabling HTTP Pipelining when there are ongoing transfers can lead to
  heap corruption and crash. http://curl.haxx.se/bug/view.cgi?id=1411
 88. libcurl doesn't support CURLINFO_FILETIME for SFTP transfers and thus
  curl's -R option also doesn't work then.
@@ -23,6 +35,7 @@ may have been fixed since this was written!
  CURLINFO_STARTTRANSFER_TIME is wrong. While using POST
  CURLINFO_STARTTRANSFER_TIME minus CURLINFO_PRETRANSFER_TIME is near to zero
  every time.
  https://github.com/bagder/curl/issues/218
  http://curl.haxx.se/bug/view.cgi?id=1213
 84. CURLINFO_SSL_VERIFYRESULT is only implemented for the OpenSSL and NSS
@@ -49,16 +62,6 @@ may have been fixed since this was written!
  that can receive data. This is subject for change in the future.
  http://curl.haxx.se/bug/view.cgi?id=1116
 78. curl and libcurl don't always signal the client properly when "sending"
  zero bytes files - it makes for example the command line client not creating
  any file at all. Like when using FTP.
  http://curl.haxx.se/bug/view.cgi?id=1063
 76. The SOCKET type in Win64 is 64 bits large (and thus so is curl_socket_t on
  that platform), and long is only 32 bits. It makes it impossible for
  curl_easy_getinfo() to return a socket properly with the CURLINFO_LASTSOCKET
  option as for all other operating systems.
 75. NTLM authentication involving unicode user name or password only works
  properly if built with UNICODE defined together with the WinSSL/schannel
  backend. The original problem was mentioned in:
@@ -88,7 +91,7 @@ may have been fixed since this was written!
  something beyond ascii but currently libcurl will only pass in the verbatim
  string the app provides. There are several browsers that already do this
  encoding. The key seems to be the updated draft to RFC2231:
-  http://tools.ietf.org/html/draft-reschke-rfc2231-in-http-02
+  https://tools.ietf.org/html/draft-reschke-rfc2231-in-http-02
 66. When using telnet, the time limitation options don't work.
  http://curl.haxx.se/bug/view.cgi?id=846
@@ -236,13 +239,3 @@ may have been fixed since this was written!
  it seems HTTP servers send the *uncompressed* length in that header and
  libcurl thinks of it as the *compressed* length. Some explanations are here:
  http://curl.haxx.se/mail/lib-2003-06/0146.html
 2. If a HTTP server responds to a HEAD request and includes a body (thus
  violating the RFC2616), curl won't wait to read the response but just stop
  reading and return back. If a second request (let's assume a GET) is then
  immediately made to the same server again, the connection will be re-used
  fine of course, and the second request will be sent off but when the
  response is to get read, the previous response-body is what curl will read
  and havoc is what happens.
  More details on this is found in this libcurl mailing list thread:
  http://curl.haxx.se/mail/lib-2002-08/0000.html
--- a/docs/LIBCURL-STRUCTS
+++ b/docs/LIBCURL-STRUCTS
@@ -1,245 +0,0 @@
                                  _   _ ____  _
                              ___| | | |  _ \| |
                             / __| | | | |_) | |
                            | (__| |_| |  _ <| |___
                             \___|\___/|_| \_\_____|
 Structs in libcurl
 This document should cover 7.32.0 pretty accurately, but will make sense even
 for older and later versions as things don't change drastically that often.
 1. The main structs in libcurl
  1.1 SessionHandle
  1.2 connectdata
  1.3 Curl_multi
  1.4 Curl_handler
  1.5 conncache
  1.6 Curl_share
  1.7 CookieInfo
 ==============================================================================
 1. The main structs in libcurl
  1.1 SessionHandle
  The SessionHandle handle struct is the one returned to the outside in the
  external API as a "CURL *". This is usually known as an easy handle in API
  documentations and examples.
  Information and state that is related to the actual connection is in the
  'connectdata' struct. When a transfer is about to be made, libcurl will
  either create a new connection or re-use an existing one. The particular
  connectdata that is used by this handle is pointed out by
  SessionHandle->easy_conn.
  Data and information that regard this particular single transfer is put in
  the SingleRequest sub-struct.
  When the SessionHandle struct is added to a multi handle, as it must be in
  order to do any transfer, the ->multi member will point to the Curl_multi
  struct it belongs to. The ->prev and ->next members will then be used by the
  multi code to keep a linked list of SessionHandle structs that are added to
  that same multi handle. libcurl always uses multi so ->multi *will* point to
  a Curl_multi when a transfer is in progress.
  ->mstate is the multi state of this particular SessionHandle. When
  multi_runsingle() is called, it will act on this handle according to which
  state it is in. The mstate is also what tells which sockets to return for a
  specific SessionHandle when curl_multi_fdset() is called etc.
  The libcurl source code generally use the name 'data' for the variable that
  points to the SessionHandle.
  1.2 connectdata
  A general idea in libcurl is to keep connections around in a connection
  "cache" after they have been used in case they will be used again and then
  re-use an existing one instead of creating a new as it creates a significant
  performance boost.
  Each 'connectdata' identifies a single physical connection to a server. If
  the connection can't be kept alive, the connection will be closed after use
  and then this struct can be removed from the cache and freed.
  Thus, the same SessionHandle can be used multiple times and each time select
  another connectdata struct to use for the connection. Keep this in mind, as
  it is then important to consider if options or choices are based on the
  connection or the SessionHandle.
  Functions in libcurl will assume that connectdata->data points to the
  SessionHandle that uses this connection.
  As a special complexity, some protocols supported by libcurl require a
  special disconnect procedure that is more than just shutting down the
  socket. It can involve sending one or more commands to the server before
  doing so. Since connections are kept in the connection cache after use, the
  original SessionHandle may no longer be around when the time comes to shut
  down a particular connection. For this purpose, libcurl holds a special
  dummy 'closure_handle' SessionHandle in the Curl_multi struct to 
  FTP uses two TCP connections for a typical transfer but it keeps both in
  this single struct and thus can be considered a single connection for most
  internal concerns.
  The libcurl source code generally use the name 'conn' for the variable that
  points to the connectdata.
  1.3 Curl_multi
  Internally, the easy interface is implemented as a wrapper around multi
  interface functions. This makes everything multi interface.
  Curl_multi is the multi handle struct exposed as "CURLM *" in external APIs.
  This struct holds a list of SessionHandle structs that have been added to
  this handle with curl_multi_add_handle(). The start of the list is ->easyp
  and ->num_easy is a counter of added SessionHandles.
  ->msglist is a linked list of messages to send back when
  curl_multi_info_read() is called. Basically a node is added to that list
  when an individual SessionHandle's transfer has completed.
  ->hostcache points to the name cache. It is a hash table for looking up name
  to IP. The nodes have a limited life time in there and this cache is meant
  to reduce the time for when the same name is wanted within a short period of
  time.
  ->timetree points to a tree of SessionHandles, sorted by the remaining time
  until it should be checked - normally some sort of timeout. Each
  SessionHandle has one node in the tree.
  ->sockhash is a hash table to allow fast lookups of socket descriptor to
  which SessionHandle that uses that descriptor. This is necessary for the
  multi_socket API.
  ->conn_cache points to the connection cache. It keeps track of all
  connections that are kept after use. The cache has a maximum size.
  ->closure_handle is described in the 'connectdata' section.
  The libcurl source code generally use the name 'multi' for the variable that
  points to the Curl_multi struct.
  1.4 Curl_handler
  Each unique protocol that is supported by libcurl needs to provide at least
  one Curl_handler struct. It defines what the protocol is called and what
  functions the main code should call to deal with protocol specific issues.
  In general, there's a source file named [protocol].c in which there's a
  "struct Curl_handler Curl_handler_[protocol]" declared. In url.c there's
  then the main array with all individual Curl_handler structs pointed to from
  a single array which is scanned through when a URL is given to libcurl to
  work with.
  ->scheme is the URL scheme name, usually spelled out in uppercase. That's
  "HTTP" or "FTP" etc. SSL versions of the protcol need its own Curl_handler
  setup so HTTPS separate from HTTP.
  ->setup_connection is called to allow the protocol code to allocate protocol
  specific data that then gets associated with that SessionHandle for the rest
  of this transfer. It gets freed again at the end of the transfer. It will be
  called before the 'connectdata' for the transfer has been selected/created.
  Most protocols will allocate its private 'struct [PROTOCOL]' here and assign
  SessionHandle->req.protop to point to it.
  ->connect_it allows a protocol to do some specific actions after the TCP
  connect is done, that can still be considered part of the connection phase.
  Some protocols will alter the connectdata->recv[] and connectdata->send[]
  function pointers in this function.
  ->connecting is similarly a function that keeps getting called as long as the
  protocol considers itself still in the connecting phase.
  ->do_it is the function called to issue the transfer request. What we call
  the DO action internally. If the DO is not enough and things need to be kept
  getting done for the entire DO sequence to complete, ->doing is then usually
  also provided. Each protocol that needs to do multiple commands or similar
  for do/doing need to implement their own state machines (see SCP, SFTP,
  FTP). Some protocols (only FTP and only due to historical reasons) has a
  separate piece of the DO state called DO_MORE.
  ->doing keeps getting called while issuing the transfer request command(s)
  ->done gets called when the transfer is complete and DONE. That's after the
  main data has been transferred.
  ->do_more gets called during the DO_MORE state. The FTP protocol uses this
  state when setting up the second connection.
  ->proto_getsock
  ->doing_getsock
  ->domore_getsock
  ->perform_getsock
  Functions that return socket information. Which socket(s) to wait for which
  action(s) during the particular multi state.
  ->disconnect is called immediately before the TCP connection is shutdown.
  ->readwrite gets called during transfer to allow the protocol to do extra
  reads/writes
  ->defport is the default report TCP or UDP port this protocol uses
  ->protocol is one or more bits in the CURLPROTO_* set. The SSL versions have
  their "base" protocol set and then the SSL variation. Like "HTTP|HTTPS".
  ->flags is a bitmask with additional information about the protocol that will
  make it get treated differently by the generic engine:
    PROTOPT_SSL - will make it connect and negotiate SSL
    PROTOPT_DUAL - this protocol uses two connections
    PROTOPT_CLOSEACTION - this protocol has actions to do before closing the
    connection. This flag is no longer used by code, yet still set for a bunch
    protocol handlers.
    PROTOPT_DIRLOCK - "direction lock". The SSH protocols set this bit to
    limit which "direction" of socket actions that the main engine will
    concern itself about.
    PROTOPT_NONETWORK - a protocol that doesn't use network (read file:)
    PROTOPT_NEEDSPWD - this protocol needs a password and will use a default
    one unless one is provided
    PROTOPT_NOURLQUERY - this protocol can't handle a query part on the URL
    (?foo=bar)
  1.5 conncache
  Is a hash table with connections for later re-use. Each SessionHandle has
  a pointer to its connection cache. Each multi handle sets up a connection
  cache that all added SessionHandles share by default.
  1.6 Curl_share
  The libcurl share API allocates a Curl_share struct, exposed to the external
  API as "CURLSH *".
  The idea is that the struct can have a set of own versions of caches and
  pools and then by providing this struct in the CURLOPT_SHARE option, those
  specific SessionHandles will use the caches/pools that this share handle
  holds.
  Then individual SessionHandle structs can be made to share specific things
  that they otherwise wouldn't, such as cookies.
  The Curl_share struct can currently hold cookies, DNS cache and the SSL
  session cache.
  1.7 CookieInfo
  This is the main cookie struct. It holds all known cookies and related
  information. Each SessionHandle has its own private CookieInfo even when
  they are added to a multi handle. They can be made to share cookies by using
  the share API.
--- a/docs/LICENSE-MIXING
+++ b/docs/LICENSE-MIXING
@@ -23,29 +23,29 @@ libcurl http://curl.haxx.se/docs/copyright.html
        Uses an MIT (or Modified BSD)-style license that is as liberal as
        possible.
-OpenSSL http://www.openssl.org/source/license.html
+OpenSSL https://www.openssl.org/source/license.html
        (May be used for SSL/TLS support) Uses an Original BSD-style license
        with an announcement clause that makes it "incompatible" with GPL. You
        are not allowed to ship binaries that link with OpenSSL that includes
        GPL code (unless that specific GPL code includes an exception for
        OpenSSL - a habit that is growing more and more common). If OpenSSL's
-        licensing is a problem for you, consider using GnuTLS or yassl
+        licensing is a problem for you, consider using another TLS library.
        instead.
 GnuTLS  http://www.gnutls.org/
        (May be used for SSL/TLS support) Uses the LGPL[3] license. If this is
-        a problem for you, consider using OpenSSL instead. Also note that
+        a problem for you, consider using another TLS library. Also note that
        GnuTLS itself depends on and uses other libs (libgcrypt and
        libgpg-error) and they too are LGPL- or GPL-licensed.
-yassl   http://www.yassl.com/
+WolfSSL   https://www.wolfssl.com/
-        (May be used for SSL/TLS support) Uses the GPL[1] license. If this is
+        (May be used for SSL/TLS support) Uses the GPL[1] license or a
-        a problem for you, consider using OpenSSL or GnuTLS instead.
+        propietary license. If this is a problem for you, consider using
        another TLS library.
-NSS     http://www.mozilla.org/projects/security/pki/nss/
+NSS     https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS
        (May be used for SSL/TLS support) Is covered by the MPL[4] license,
        the GPL[1] license and the LGPL[3] license. You may choose to license
@@ -57,13 +57,29 @@ axTLS   http://axtls.sourceforge.net/
        (May be used for SSL/TLS support) Uses a Modified BSD-style license.
 mbedTLS https://tls.mbed.org/
        (May be used for SSL/TLS support) Uses the GPL[1] license or a
        propietary license. If this is a problem for you, consider using
        another TLS library.
 BoringSSL https://boringssl.googlesource.com/
        (May be used for SSL/TLS support) As an OpenSSL fork, it has the same
        license as that.
 libressl http://www.libressl.org/
        (May be used for SSL/TLS support) As an OpenSSL fork, it has the same
        license as that.
 c-ares  http://daniel.haxx.se/projects/c-ares/license.html
        (Used for asynchronous name resolves) Uses an MIT license that is very
        liberal and imposes no restrictions on any other library or part you
        may link with.
-zlib    http://www.gzip.org/zlib/zlib_license.html
+zlib    http://www.zlib.net/zlib_license.html
        (Used for compressed Transfer-Encoding support) Uses an MIT-style
        license that shouldn't collide with any other library.
@@ -73,12 +89,12 @@ MIT Kerberos http://web.mit.edu/kerberos/www/dist/
        (May be used for GSS support) MIT licensed, that shouldn't collide
        with any other parts.
-Heimdal http://www.pdc.kth.se/heimdal/
+Heimdal http://www.h5l.org
        (May be used for GSS support) Heimdal is Original BSD licensed with
        the announcement clause.
-GNU GSS http://www.gnu.org/software/gss/
+GNU GSS https://www.gnu.org/software/gss/
        (May be used for GSS support) GNU GSS is GPL licensed. Note that you
        may not distribute binary curl packages that uses this if you build
@@ -105,10 +121,10 @@ libssh2 http://www.libssh2.org/
        (Used for scp and sftp support) libssh2 uses a Modified BSD-style
        license.
-[1] = GPL - GNU General Public License: http://www.gnu.org/licenses/gpl.html
+[1] = GPL - GNU General Public License: https://www.gnu.org/licenses/gpl.html
-[2] = http://www.fsf.org/licenses/gpl-faq.html#GPLIncompatibleLibs details on
+[2] = https://www.gnu.org/licenses/gpl-faq.html#GPLIncompatibleLibs details on
      how to write such an exception to the GPL
 [3] = LGPL - GNU Lesser General Public License:
-      http://www.gnu.org/licenses/lgpl.html
+      https://www.gnu.org/licenses/lgpl.html
 [4] = MPL - Mozilla Public License:
-      http://www.mozilla.org/MPL/
+      https://www.mozilla.org/MPL/
--- a/docs/MAIL-ETIQUETTE
+++ b/docs/MAIL-ETIQUETTE
@@ -230,7 +230,7 @@ MAIL ETIQUETTE
  Quote as little as possible. Just enough to provide the context you cannot
  leave out. A lengthy description can be found here:
-      http://www.netmeister.org/news/learn2quote.html
+      https://www.netmeister.org/news/learn2quote.html
  2.7 Digest
--- a/docs/MANUAL
+++ b/docs/MANUAL
@@ -470,8 +470,8 @@ COOKIES
  stored cookies which match the request as it follows the location.  The
  file "empty.txt" may be a nonexistent file.
-  Alas, to both read and write cookies from a netscape cookie file, you can
+  To read and write cookies from a netscape cookie file, you can set both -b
-  set both -b and -c to use the same file:
+  and -c to use the same file:
        curl -b cookies.txt -c cookies.txt www.example.com
--- a/docs/Makefile.am
+++ b/docs/Makefile.am
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -33,12 +33,12 @@ SUBDIRS = examples libcurl
 CLEANFILES = $(GENHTMLPAGES) $(PDFPAGES)
-EXTRA_DIST = MANUAL BUGS CONTRIBUTE FAQ FEATURES INTERNALS SSLCERTS	 \
+EXTRA_DIST = MANUAL BUGS CONTRIBUTE FAQ FEATURES INTERNALS SSLCERTS	\
- README.win32 RESOURCES TODO TheArtOfHttpScripting THANKS VERSIONS	 \
+ README.win32 RESOURCES TODO TheArtOfHttpScripting THANKS VERSIONS	\
- KNOWN_BUGS BINDINGS $(man_MANS) $(HTMLPAGES) HISTORY INSTALL		 \
+ KNOWN_BUGS BINDINGS $(man_MANS) $(HTMLPAGES) HISTORY INSTALL		\
- $(PDFPAGES) LICENSE-MIXING README.netware DISTRO-DILEMMA INSTALL.devcpp \
+ $(PDFPAGES) LICENSE-MIXING README.netware INSTALL.devcpp		\
- MAIL-ETIQUETTE HTTP-COOKIES LIBCURL-STRUCTS SECURITY RELEASE-PROCEDURE  \
+ MAIL-ETIQUETTE HTTP-COOKIES SECURITY RELEASE-PROCEDURE SSL-PROBLEMS	\
- SSL-PROBLEMS
+ HTTP2.md ROADMAP.md CODE_OF_CONDUCT.md
 MAN2HTML= roffit < $< >$@
--- a/docs/RELEASE-PROCEDURE
+++ b/docs/RELEASE-PROCEDURE
@@ -1,9 +1,3 @@
                                  _   _ ____  _
                              ___| | | |  _ \| |
                             / __| | | | |_) | |
                            | (__| |_| |  _ <| |___
                             \___|\___/|_| \_\_____|
 curl release procedure - how to do a release
 ============================================
@@ -30,6 +24,8 @@ in the source code repo
 - upload the 8 resulting files to the primary download directory
 - upload the 4 tarballs to github for the HTTPS download
 in the curl-www repo
 --------------------
@@ -84,11 +80,10 @@ Coming dates
 Based on the description above, here are some planned release dates (at the
 time of this writing):
- November 5, 2014 (version 7.39.0)
+- October 7, 2015 (version 7.45.0)
 - December 31, 2014
 - February 25, 2015
 - April 22, 2015
 - June 17, 2015
 - August 12, 2015
 - October 7, 2015
 - December 2, 2015
 - January 27, 2016
 - March 23, 2016
 - May 18, 2016
 - July 13, 2016
 - September 7, 2016
--- a/docs/ROADMAP.md
+++ b/docs/ROADMAP.md
@@ -5,43 +5,86 @@ Roadmap of things Daniel Stenberg and Steve Holme want to work on next. It is
 intended to serve as a guideline for others for information, feedback and
 possible participation.
-New stuff - libcurl
+HTTP/2
 ------
 - test suite
   Base this on existing nghttp2 server to start with to make functional
   tests. Later on we can adopt that code or work with nghttp2 to provide ways
   to have the http2 server respond with broken responses to make sure we deal
   with that nicely as well.
   To decide: if we need to bundle parts of the nghttp2 stuff that probably
   won't be shipped by many distros.
 - provide option for HTTP/2 "prior knowledge" over clear text
   As it would avoid the roundtrip-heavy Upgrade: procedures when you _know_
   it speaks HTTP/2.
 - provide option to allow curl to default to HTTP/2 only when using HTTPS
   We could switch on HTTP/2 by-default for HTTPS quite easily and it
   shouldn't hurt anyone, while HTTP/2 for HTTP by default could introduce
   lots of Upgrade: roundtrips that users won't like. So a separated option
   alternative makes sense.
 SRV records
 -----------
 How to find services for specific domains/hosts.
 HTTPS to proxy
 --------------
 To avoid network traffic to/from the proxy getting snooped on.
 curl_formadd()
 --------------
 make sure there's an easy handle passed in to `curl_formadd()`,
 `curl_formget()` and `curl_formfree()` by adding replacement functions and
 deprecating the old ones to allow custom mallocs and more
 third-party SASL
 ----------------
 add support for third-party SASL libraries such as Cyrus SASL - may need to
 move existing native and SSPI based authentication into vsasl folder after
 reworking HTTP and SASL code
 SASL authentication in LDAP
 ---------------------------
 ...
 Simplify the SMTP email
 -----------------------
 Simplify the SMTP email interface so that programmers don't have to
 construct the body of an email that contains all the headers, alternative
 content, images and attachments - maintain raw interface so that
 programmers that want to do this can
 email capabilities
 ------------------
 Allow the email protocols to return the capabilities before
 authenticating. This will allow an application to decide on the best
 authentication mechanism
 Win32 pthreads
 --------------
 Allow Windows threading model to be replaced by Win32 pthreads port
 dynamic buffer size
 -------------------
-1. http2 test suite
+Implement a dynamic buffer size to allow SFTP to use much larger buffers and
-
+possibly allow the size to be customizable by applications. Use less memory
-2. http2 multiplexing/pipelining
+when handles are not in use?
 3. SPDY
 4. SRV records
 5. HTTPS to proxy
 6. make sure there's an easy handle passed in to `curl_formadd()`,
   `curl_formget()` and `curl_formfree()` by adding replacement functions and
   deprecating the old ones to allow custom mallocs and more
 7. add support for third-party SASL libraries such as Cyrus SASL - may need to
   move existing native and SSPI based authentication into vsasl folder after
   reworking HTTP and SASL code
 8. SASL authentication in LDAP
 9. Simplify the SMTP email interface so that programmers don't have to
   construct the body of an email that contains all the headers, alternative
   content, images and attachments - maintain raw interface so that
   programmers that want to do this can
 10. Allow the email protocols to return the capabilities before
    authenticating. This will allow an application to decide on the best
    authentication mechanism
 11. Allow Windows threading model to be replaced by Win32 pthreads port
 12. Implement a dynamic buffer size to allow SFTP to use much larger buffers
    and possibly allow the size to be customizable by applications. Use less
    memory when handles are not in use?
 New stuff - curl
 ----------------
@@ -60,13 +103,12 @@ Improve
 2. curl -h output (considered overwhelming to users)
-3. we have > 160 command line options, is there a way to redo things to
+3. we have > 170 command line options, is there a way to redo things to
   simplify or improve the situation as we are likely to keep adding
   features/options in the future too
 4. docs (considered "bad" by users but how do we make it better?)
  - split up `curl_easy_setopt.3`
  - split up curl.1
 5. authentication framework (consider merging HTTP and SASL authentication to
@@ -79,7 +121,5 @@ Improve
 Remove
 ------
-1. cmake support (nobody maintains it)
+1. makefile.vc files as there is no point in maintaining two sets of Windows
 2. makefile.vc files as there is no point in maintaining two sets of Windows
   makefiles. Note: These are currently being used by the Windows autobuilds
--- a/docs/SSL-PROBLEMS
+++ b/docs/SSL-PROBLEMS
@@ -26,7 +26,7 @@ CA bundle missing intermediate certificates
  problems if your CA cert does not have the certificates for the
  intermediates in the whole trust chain.
-SSL version
+Protocol version
  Some broken servers fail to support the protocol negotiation properly that
  SSL servers are supposed to handle. This may cause the connection to fail
@@ -36,7 +36,9 @@ SSL version
  An additional complication can be that modern SSL libraries sometimes are
  built with support for older SSL and TLS versions disabled!
-SSL ciphers
+  All versions of SSL are considered insecure and should be avoided. Use TLS.
 Ciphers
  Clients give servers a list of ciphers to select from. If the list doesn't
  include any ciphers the server wants/can use, the connection handshake
@@ -51,9 +53,13 @@ SSL ciphers
  Note that these weak ciphers are identified as flawed. For example, this
  includes symmetric ciphers with less than 128 bit keys and RC4.
  WinSSL in Windows XP is not able to connect to servers that no longer
  support the legacy handshakes and algorithms used by those versions, so we
  advice against building curl to use WinSSL on really old Windows versions.
  References:
-  http://tools.ietf.org/html/draft-popov-tls-prohibiting-rc4-01
+  https://tools.ietf.org/html/draft-popov-tls-prohibiting-rc4-01
 Allow BEAST
@@ -65,3 +71,17 @@ Allow BEAST
  introduced. Exactly as it sounds, it re-introduces the BEAST vulnerability
  but on the other hand it allows curl to connect to that kind of strange
  servers.
 Disabling certificate revocation checks
  Some SSL backends may do certificate revocation checks (CRL, OCSP, etc)
  depending on the OS or build configuration. The --ssl-no-revoke option was
  introduced in 7.44.0 to disable revocation checking but currently is only
  supported for WinSSL (the native Windows SSL library), with an exception in
  the case of Windows' Untrusted Publishers blacklist which it seems can't be
  bypassed. This option may have broader support to accommodate other SSL
  backends in the future.
  References:
  http://curl.haxx.se/docs/ssl-compared.html
--- a/docs/THANKS
+++ b/docs/THANKS
@@ -36,10 +36,14 @@ Alex Suykov
 Alex Vinnik
 Alex aka WindEagle
 Alexander Beedie
 Alexander Dyagilev
 Alexander Elgert
 Alexander Klauer
 Alexander Kourakos
 Alexander Krasnostavsky
 Alexander Lazic
 Alexander Pepper
 Alexander Peslyak
 Alexander Zhuravlev
 Alexey Borzov
 Alexey Pesternikov
@@ -52,6 +56,7 @@ Alona Rossen
 Amol Pattekar
 Amr Shahin
 Anatoli Tubman
 Anders Bakken
 Anders Gustafsson
 Anders Havn
 Andi Jahja
@@ -79,6 +84,7 @@ Andrew Kurushin
 Andrew Moise
 Andrew Wansink
 Andrew de los Reyes
 Andrey Labunets
 Andrii Moiseiev
 Andrés García
 Andy Cedilnik
@@ -86,6 +92,7 @@ Andy Serpa
 Andy Tsouladze
 Angus Mackay
 Anthon Pang
 Anthony Avina
 Anthony Bryan
 Anthony G. Basile
 Antoine Calando
@@ -100,6 +107,7 @@ Arnaud Ebalard
 Arthur Murray
 Arve Knudsen
 Arvid Norberg
 Ashish Shukla
 Ask Bjørn Hansen
 Askar Safin
 Ates Goral
@@ -112,6 +120,7 @@ Balint Szilakszi
 Barry Abrahamson
 Bart Whiteley
 Bas Mevissen
 Ben Boeckel
 Ben Darnell
 Ben Greear
 Ben Madsen
@@ -122,11 +131,14 @@ Benbuck Nason
 Benjamin Gerard
 Benjamin Gilbert
 Benjamin Johnson
 Benjamin Kircher
 Benoit Neil
 Benoit Sigoure
 Bernard Leak
 Bernhard Reutner-Fischer
 Bert Huijben
 Bertrand Demiddelaer
 Bertrand Simonnet
 Bill Doyle
 Bill Egert
 Bill Hoffman
@@ -142,6 +154,7 @@ Bob Richmond
 Bob Schader
 Bogdan Nicula
 Brad Burdick
 Brad Harder
 Brad Hards
 Brad King
 Brad Spencer
@@ -151,8 +164,10 @@ Brandon Wang
 Brendan Jurd
 Brent Beardsley
 Brian Akins
 Brian Chrisman
 Brian Dessent
 Brian J. Murrell
 Brian Prodoehl
 Brian R Duffy
 Brian Ulm
 Brock Noland
@@ -172,9 +187,11 @@ Catalin Patulea
 Chad Monroe
 Chandrakant Bagul
 Charles Kerr
 Charles Romestant
 Chen Prog
 Chih-Chung Chang
 Chris "Bob Bob"
 Chris Araman
 Chris Combes
 Chris Conlon
 Chris Deidun
@@ -219,8 +236,10 @@ Cris Bailiff
 Cristian Rodríguez
 Curt Bogmine
 Cyrill Osterwalder
 Cédric Connes
 Cédric Deltheil
 D. Flinkmann
 Da-Yoon Chung
 Dag Ekengren
 Dagobert Michelsen
 Damian Dixon
@@ -236,8 +255,13 @@ Dan Zitter
 Daniel Black
 Daniel Cater
 Daniel Egger
 Daniel Hwang
 Daniel Johnson
 Daniel Kahn Gillmor
 Daniel Lee Hwang
 Daniel Melani
 Daniel Mentz
 Daniel Seither
 Daniel Steinberg
 Daniel Stenberg
 Daniel Theron
@@ -280,6 +304,7 @@ David Woodhouse
 David Wright
 David Yan
 Dengminwen
 Denis Feklushkin
 Dennis Clarke
 Derek Higgins
 Detlef Schmier
@@ -298,6 +323,7 @@ Dirk Manske
 Dmitri Shubin
 Dmitriy Sergeyev
 Dmitry Bartsevich
 Dmitry Eremin-Solenikov
 Dmitry Falko
 Dmitry Kurochkin
 Dmitry Popov
@@ -313,6 +339,7 @@ Douglas Kilpatrick
 Douglas R. Horner
 Douglas Steinwand
 Dov Murik
 Drake Arconis
 Duane Cathey
 Duncan Mac-Vicar Prett
 Dustin Boswell
@@ -327,10 +354,12 @@ Edward Rudd
 Edward Sheldrake
 Eelco Dolstra
 Eetu Ojanen
 Egon Eckert
 Eldar Zaitov
 Ellis Pritchard
 Elmira A Semenova
 Emanuele Bovisio
 Emil Lerner
 Emil Romanus
 Emiliano Ida
 Enrico Scholz
@@ -343,12 +372,14 @@ Eric Lubin
 Eric Melville
 Eric Mertens
 Eric Rautman
 Eric Ridge
 Eric S. Raymond
 Eric Thelin
 Eric Vergnaud
 Eric Wong
 Eric Young
 Erick Nuwendam
 Erik Janssen
 Erik Johansson
 Ernest Beinrohr
 Erwan Legrand
@@ -363,6 +394,7 @@ Fabian Hiernaux
 Fabian Keil
 Fabrizio Ammollo
 Fedor Karpelevitch
 Feist Josselin
 Felix Yan
 Felix von Leitner
 Feng Tu
@@ -381,6 +413,7 @@ François Charlier
 Fred Machado
 Fred New
 Fred Noz
 Fred Stluka
 Frederic Lepied
 Fredrik Thulin
 Gabriel Kuri
@@ -418,6 +451,7 @@ Glenn Sheridan
 Gordon Marler
 Gorilla Maguila
 Grant Erickson
 Grant Pannell
 Greg Hewgill
 Greg Morse
 Greg Onufer
@@ -430,12 +464,14 @@ Guido Berhoerster
 Guillaume Arluison
 Gunter Knauf
 Gustaf Hui
 Gustavo Grieco
 Gwenole Beauchesne
 Gökhan Şengün
 Götz Babin-Ebell
 Hamish Mackenzie
 Hang Kin Lau
 Hang Su
 Hanno Böck
 Hanno Kranzhoff
 Hans Steegers
 Hans-Jurgen May
@@ -473,15 +509,18 @@ Iida Yosiaki
 Ilguiz Latypov
 Ilja van Sprundel
 Immanuel Gregoire
 Inca R
 Ingmar Runge
 Ingo Ralf Blum
 Ingo Wilken
 Isaac Boukris
 Ishan SinghLevett
 Ivo Bellin Salarin
 Jack Zhang
 Jacky Lam
 Jacob Meuser
 Jacob Moshenko
 Jactry Zeng
 Jad Chamcham
 Jakub Zakrzewski
 James Bursa
@@ -516,6 +555,7 @@ Jaz Fresh
 Jean Jacques Drouin
 Jean-Claude Chauve
 Jean-Francois Bertrand
 Jean-Francois Durand
 Jean-Louis Lemaire
 Jean-Marc Ranger
 Jean-Noël Rouvignac
@@ -528,10 +568,12 @@ Jeff Lawson
 Jeff Phillips
 Jeff Pohlmeyer
 Jeff Weber
 Jens Rantil
 Jeremy Friesner
 Jeremy Huddleston
 Jeremy Lin
 Jeroen Koekkoek
 Jeroen Ooms
 Jerome Muffat-Meridol
 Jerome Robert
 Jerome Vouillon
@@ -545,6 +587,7 @@ Jim Drash
 Jim Freeman
 Jim Hollinger
 Jim Meyering
 Jiri Dvorak
 Jiri Hruska
 Jiri Jaburek
 Jiri Malak
@@ -553,8 +596,10 @@ Joe Halpin
 Joe Malicki
 Joe Mason
 Joel Chen
 Joel Depooter
 Jofell Gallardo
 Johan Anderson
 Johan Lantz
 Johan Nilsson
 Johan van Selst
 Johannes Bauer
@@ -572,6 +617,7 @@ John Kelly
 John Lask
 John Lightsey
 John Marino
 John Marshall
 John McGowan
 John P. McCaskey
 John Suprock
@@ -581,6 +627,8 @@ Johnny Luong
 Jon Grubbs
 Jon Nelson
 Jon Sargeant
 Jon Seymour
 Jon Spencer
 Jon Torrey
 Jon Travis
 Jon Turner
@@ -589,6 +637,7 @@ Jonas Schnelli
 Jonatan Lander
 Jonatan Vela
 Jonathan Cardoso Machado
 Jonathan Cardoso Machado Machado
 Jonathan Hseu
 Jonathan Nieder
 Jongki Suwandi
@@ -605,8 +654,10 @@ Judson Bishop
 Juergen Wilke
 Jukka Pihl
 Julian Noble
 Julian Ospald
 Julian Taylor
 Julien Chaffraix
 Julien Nabet
 Julien Royer
 Jun-ichiro itojun Hagino
 Jurij Smakov
@@ -652,6 +703,7 @@ Krishnendu Majumdar
 Krister Johansen
 Kristian Gunstone
 Kristian Köhntopp
 Kyle J. McKay
 Kyle L. Huff
 Kyle Sallee
 Lachlan O'Dea
@@ -670,6 +722,7 @@ Laurent Rabret
 Legoff Vincent
 Lehel Bernadt
 Leif W
 Leith Bade
 Len Krause
 Lenaic Lefever
 Lenny Rachitsky
@@ -681,7 +734,9 @@ Linas Vepstas
 Lindley French
 Ling Thio
 Linus Nielsen Feltzing
 Lior Kaplan
 Lisa Xu
 Liviu Chircu
 Liza Alenchery
 Lluís Batlle i Rossell
 Loic Dachary
@@ -702,6 +757,7 @@ Maciej Karpiuk
 Maciej Puzio
 Maciej W. Rozycki
 Maks Naumov
 Maksim Stsepanenka
 Mamoru Tasaka
 Mandy Wu
 Manfred Schwarb
@@ -709,8 +765,10 @@ Manuel Massing
 Marc Boucher
 Marc Deslauriers
 Marc Doughty
 Marc Hesse
 Marc Hoersken
 Marc Kleine-Budde
 Marc Renault
 Marcel Raad
 Marcel Roelofs
 Marcelo Juchem
@@ -733,6 +791,7 @@ Mark Salisbury
 Mark Snelling
 Mark Tully
 Markus Duft
 Markus Elfring
 Markus Koetter
 Markus Moeller
 Markus Oberhumer
@@ -761,6 +820,7 @@ Matt Wixson
 Matteo Rocco
 Matthew Blain
 Matthew Clarke
 Matthew Hall
 Matthias Bolte
 Maurice Barnum
 Mauro Iorio
@@ -781,16 +841,21 @@ Michael Day
 Michael Goffioul
 Michael Jahn
 Michael Jerris
 Michael Kalinin
 Michael Kaufmann
 Michael Mealling
 Michael Mueller
 Michael Osipov
 Michael Smith
 Michael Stapelberg
 Michael Stillwell
 Michael Wallner
 Michal Bonino
 Michal Marek
 Michał Fita
 Michał Górny
 Michał Kowalczyk
 Michel Promonet
 Michele Bini
 Miguel Angel
 Miguel Diaz
@@ -814,12 +879,14 @@ Mitz Wark
 Mohamed Lrhazi
 Mohammad AlSaleh
 Mohun Biswas
 Mostyn Bramley-Moore
 Myk Taylor
 Nach M. S.
 Nagai H
 Nathan Coulter
 Nathan O'Sullivan
 Nathanael Nerode
 Nathaniel Waisbrot
 Naveen Chandran
 Naveen Noel
 Neil Bowers
@@ -843,6 +910,7 @@ Nikos Mavrogiannopoulos
 Ning Dong
 Nir Soffer
 Nis Jorgensen
 Nobuhiro Ban
 Nodak Sodak
 Norbert Frese
 Norbert Novotny
@@ -854,7 +922,10 @@ Oliver Gondža
 Oliver Kuckertz
 Oliver Schindler
 Olivier Berger
 Orange Tsai
 Oren Souroujon
 Oren Tirosh
 Orgad Shaneh
 Ori Avtalion
 Oscar Koeroo
 Oscar Norlander
@@ -870,6 +941,7 @@ Patricia Muscalu
 Patrick Bihan-Faou
 Patrick McManus
 Patrick Monnerat
 Patrick Rapin
 Patrick Scott
 Patrick Smith
 Patrick Watson
@@ -882,6 +954,7 @@ Paul Marks
 Paul Marquis
 Paul Moore
 Paul Nolan
 Paul Oliver
 Paul Querna
 Paul Saab
 Pavel Cenek
@@ -898,6 +971,7 @@ Peter Heuchert
 Peter Hjalmarsson
 Peter Korsgaard
 Peter Lamberg
 Peter Laser
 Peter O'Gorman
 Peter Pentchev
 Peter Silva
@@ -938,11 +1012,13 @@ Quinn Slack
 Radu Simionescu
 Rafa Muyo
 Rafael Sagula
 Rafayel Mkrtchyan
 Rafaël Carré
 Rainer Canavan
 Rainer Jung
 Rainer Koenig
 Rajesh Naganathan
 Rajkumar Mandal
 Ralf S. Engelschall
 Ralph Beckmann
 Ralph Mitchell
@@ -952,6 +1028,7 @@ Ravi Pratap
 Ray Dassen
 Ray Pekowski
 Ray Satiro
 Razvan Cojocaru
 Reinout van Schouwen
 Remi Gacogne
 Renato Botelho
@@ -963,6 +1040,7 @@ Rene Rebe
 Reuven Wachtfogel
 Reza Arbab
 Ricardo Cadime
 Rich Burridge
 Rich Gray
 Rich Rauenzahn
 Richard Archer
@@ -975,6 +1053,7 @@ Richard Michael
 Richard Moore
 Richard Prescott
 Richard Silverman
 Richard van den Berg
 Rick Jones
 Rick Richardson
 Rob Crittenden
@@ -998,6 +1077,7 @@ Robson Braga Araujo
 Rodney Simmons
 Rodric Glaser
 Rodrigo Silva
 Roger Leigh
 Roland Blom
 Roland Krikava
 Roland Zimmermann
@@ -1021,6 +1101,9 @@ S. Moonesamy
 Salvador Dávila
 Salvatore Sorrentino
 Sam Deane
 Sam Hurst
 Sam Roth
 Sam Schanken
 Sampo Kellomaki
 Samuel Díaz García
 Samuel Listopad
@@ -1038,6 +1121,7 @@ Scott Barrett
 Scott Cantor
 Scott Davis
 Scott McCreary
 Sean Boudreau
 Sebastian Rasmussen
 Senthil Raja Velu
 Sergei Nikulov
@@ -1065,6 +1149,8 @@ Spork Schivago
 Stadler Stephan
 Stan van de Burgt
 Stanislav Ivochkin
 Stefan Bühler
 Stefan Eissing
 Stefan Esser
 Stefan Krause
 Stefan Neis
@@ -1079,6 +1165,7 @@ Stephen More
 Sterling Hughes
 Steve Green
 Steve H Truong
 Steve Havelka
 Steve Holme
 Steve Lhomme
 Steve Little
@@ -1095,21 +1182,27 @@ Sune Ahlgren
 Sven Anders
 Sven Neuhaus
 Sven Wegener
 Svyatoslav Mishyn
 Symeon Paraschoudis
 Sébastien Willemijns
 T. Bharath
 T. Yamada
 TJ Saunders
 Tae Hyoung Ahn
 Taneli Vahakangas
 Tanguy Fautre
 Tatsuhiro Tsujikawa
 Temprimus
 Terri Oda
 Thomas Braun
 Thomas J. Moore
 Thomas Klausner
 Thomas L. Shinnick
 Thomas Lopatic
 Thomas Ruecker
 Thomas Schwinge
 Thomas Tonino
 Thorsten Schöning
 Tiit Pikma
 Till Maas
 Tim Ansell
@@ -1122,15 +1215,16 @@ Tim Heckman
 Tim Newsome
 Tim Ruehsen
 Tim Sneddon
 Tim Stack
 Tim Starling
 Timo Sirainen
 Tinus van den Berg
 Tobias Markus
 Tobias Rundström
 Tobias Stoeckmann
 Toby Peterson
 Todd A Ouska
 Todd Kulesza
 Todd Ouska
 Todd Vierling
 Tom Benoist
 Tom Donovan
@@ -1147,6 +1241,8 @@ Tomas Hoger
 Tomas Mlcoch
 Tomas Pospisek
 Tomas Szepe
 Tomas Tomecek
 Tomasz Kojm
 Tomasz Lacki
 Tommie Gannert
 Tommy Tam
@@ -1173,6 +1269,7 @@ Victor Snezhko
 Vijay Panghal
 Vikram Saxena
 Viktor Szakáts
 Ville Skyttä
 Vilmos Nebehaj
 Vincent Bronner
 Vincent Le Normand
@@ -1185,10 +1282,13 @@ Vladimir Grishchenko
 Vladimir Lazarenko
 Vojtech Janota
 Vojtech Minarik
 Vojtěch Král
 Vsevolod Novikov
 W. Mark Kubacki
 Waldek Kozba
 Walter J. Mack
 Ward Willats
 Warren Menzer
 Wayne Haigh
 Werner Koch
 Wesley Laxton
@@ -1203,6 +1303,7 @@ Wouter Van Rooy
 Wu Yongzheng
 Xavier Bouchoux
 Yaakov Selkowitz
 Yamada Yasuharu
 Yang Tse
 Yarram Sunil
 Yasuharu Yamada
@@ -1212,6 +1313,7 @@ Yi Huang
 Yingwei Liu
 Yousuke Kimoto
 Yukihiro Kawada
 Yun SangHo
 Yuriy Sosov
 Yves Arrouye
 Yves Lejeune
@@ -1222,4 +1324,5 @@ Zvi Har'El
 nk
 swalkaus at yahoo.com
 tommink[at]post.pl
 Štefan Kremeň
 Никита Дорохин
--- a/docs/THANKS-filter
+++ b/docs/THANKS-filter
@@ -33,7 +33,8 @@ s/Nick Zitzmann (originally)/Nick Zitzmann/
 s/product-security at Apple//
 s/IT DOES NOT WORK//
 s/Albert Chin/Albert Chin-A-Young/
-s/Paras S/Paras Sethia/
+s/Paras S\z/Paras Sethia/
 s/Paras Sethiaethia/Paras Sethia/
 s/Дмитрий Фалько/Dmitry Falko/
 s/byte_bucket in the #curl IRC channel//
 s/Michal Górny and Anthony G. Basile//
@@ -46,3 +47,7 @@ s/Frank Van Uffelen and Fabian Hiernaux//
 s/Rodrigo Silva (MestreLion)/Rodrigo Silva/
 s/tetetest tetetest//
 s/Jiří Hruška/Jiri Hruska/
 s/Viktor Szakats/Viktor Szakáts/
 s/Jonathan Cardoso/Jonathan Cardoso Machado/
 s/Linus Nielsen/Linus Nielsen Feltzing/
 s/Todd Ouska$/Todd A Ouska/
--- a/docs/TODO
+++ b/docs/TODO
@@ -9,6 +9,11 @@
 Things to do in project cURL. Please tell us what you think, contribute and
 send us patches that improve things!
 Be aware that these are things that we could do, or have once been considered
 things we could do. If you want to work on any of these areas, please
 consider bringing it up for discussions first on the mailing list so that we
 all agree it is still a good idea for the project!
 All bugs documented in the KNOWN_BUGS document are subject for fixing!
 1. libcurl
@@ -20,6 +25,8 @@
 1.7 Detect when called from within callbacks
 1.8 Allow SSL (HTTPS) to proxy
 1.9 Cache negative name resolves
 1.10 Support IDNA2008
 1.11 minimize dependencies with dynamicly loaded modules
 2. libcurl - multi interface
 2.1 More non-blocking
@@ -44,6 +51,8 @@
 5.3 Rearrange request header order
 5.4 SPDY
 5.5 auth= in URLs
 5.6 Refuse "downgrade" redirects
 5.7 More compressions
 6. TELNET
 6.1 ditch stdin
@@ -65,61 +74,75 @@
 10. LDAP
 10.1 SASL based authentication mechanisms
- 11. New protocols
+ 11. SMB
- 11.1 RSYNC
+ 11.1 File listing support
 11.2 Honor file timestamps
 11.3 Use NTLMv2
- 12. SSL
+ 12. New protocols
- 12.1 Disable specific versions
+ 12.1 RSYNC
 12.2 Provide mutex locking API
 12.3 Evaluate SSL patches
 12.4 Cache OpenSSL contexts
 12.5 Export session ids
 12.6 Provide callback for cert verification
 12.7 improve configure --with-ssl
 12.8 Support DANE
- 13. GnuTLS
+ 13. SSL
- 13.1 SSL engine stuff
+ 13.1 Disable specific versions
- 13.2 check connection
+ 13.2 Provide mutex locking API
 13.3 Evaluate SSL patches
 13.4 Cache OpenSSL contexts
 13.5 Export session ids
 13.6 Provide callback for cert verification
 13.7 improve configure --with-ssl
 13.8 Support DANE
- 14. SASL
+ 14. GnuTLS
- 14.1 Other authentication mechanisms
+ 14.1 SSL engine stuff
- 14.2 Add QOP support to GSSAPI authentication
+ 14.2 check connection
- 15. Client
+ 15. WinSSL/SChannel
- 15.1 sync
+ 15.1 Add support for client certificate authentication
- 15.2 glob posts
+ 15.2 Add support for custom server certificate validation
- 15.3 prevent file overwriting
+ 15.3 Add support for the --ciphers option
 15.4 simultaneous parallel transfers
 15.5 provide formpost headers
 15.6 warning when setting an option
- 16. Build
+ 16. SASL
- 16.1 roffit
+ 16.1 Other authentication mechanisms
 16.2 Add QOP support to GSSAPI authentication
- 17. Test suite
+ 17. Client
- 17.1 SSL tunnel
+ 17.1 sync
- 17.2 nicer lacking perl message
+ 17.2 glob posts
- 17.3 more protocols supported
+ 17.3 prevent file overwriting
- 17.4 more platforms supported
+ 17.4 simultaneous parallel transfers
- 17.5 Add support for concurrent connections
+ 17.5 provide formpost headers
 17.6 warning when setting an option
 17.7 warning when sending binary output to terminal
 17.8 offer color-coded HTTP header output
 17.9 Choose the name of file in braces for complex URLs
 17.10 improve how curl works in a windows console window
- 18. Next SONAME bump
+ 18. Build
- 18.1 http-style HEAD output for FTP
+ 18.1 roffit
 18.2 combine error codes
 18.3 extend CURLOPT_SOCKOPTFUNCTION prototype
- 19. Next major release
+ 19. Test suite
- 19.1 cleanup return codes
+ 19.1 SSL tunnel
- 19.2 remove obsolete defines
+ 19.2 nicer lacking perl message
- 19.3 size_t
+ 19.3 more protocols supported
- 19.4 remove several functions
+ 19.4 more platforms supported
- 19.5 remove CURLOPT_FAILONERROR
+ 19.5 Add support for concurrent connections
- 19.6 remove CURLOPT_DNS_USE_GLOBAL_CACHE
+
- 19.7 remove progress meter from libcurl
+ 20. Next SONAME bump
- 19.8 remove 'curl_httppost' from public
+ 20.1 http-style HEAD output for FTP
- 19.9 have form functions use CURL handle argument
+ 20.2 combine error codes
- 19.10 Add CURLOPT_MAIL_CLIENT option
+ 20.3 extend CURLOPT_SOCKOPTFUNCTION prototype
 21. Next major release
 21.1 cleanup return codes
 21.2 remove obsolete defines
 21.3 size_t
 21.4 remove several functions
 21.5 remove CURLOPT_FAILONERROR
 21.6 remove CURLOPT_DNS_USE_GLOBAL_CACHE
 21.7 remove progress meter from libcurl
 21.8 remove 'curl_httppost' from public
 21.9 have form functions use CURL handle argument
 21.10 Add CURLOPT_MAIL_CLIENT option
 ==============================================================================
@@ -189,7 +212,7 @@
 To prevent local users from snooping on your traffic to the proxy. Supported
 by Chrome already:
- http://www.chromium.org/developers/design-documents/secure-web-proxy
+ https://www.chromium.org/developers/design-documents/secure-web-proxy
 ...and by Firefox soon:
 https://bugzilla.mozilla.org/show_bug.cgi?id=378637
@@ -199,6 +222,19 @@
 A name resolve that has failed is likely to fail when made again within a
 short period of time. Currently we only cache positive responses.
 1.10 Support IDNA2008
 International Domain Names are supported in libcurl since years back, powered
 by libidn. libidn implements IDNA2003 which has been superseded by IDNA2008.
 libidn2 is an existing library offering support for IDNA2008.
 1.11 minimize dependencies with dynamicly loaded modules
 We can create a system with loadable modules/plug-ins, where these modules
 would be the ones that link to 3rd party libs. That would allow us to avoid
 having to load ALL dependencies since only the necessary ones for this
 app/invoke/used protocols would be necessary to load.  See
 https://github.com/bagder/curl/issues/349
 2. libcurl - multi interface
@@ -246,7 +282,7 @@
 HOST is a command for a client to tell which host name to use, to offer FTP
 servers named-based virtual hosting:
- http://tools.ietf.org/html/rfc7151
+ https://tools.ietf.org/html/rfc7151
 4.2 Alter passive/active on failure and retry
@@ -330,6 +366,22 @@ This is not detailed in any FTP specification.
 Additionally this should be implemented for proxy base URLs as well.
 5.6 Refuse "downgrade" redirects
 See https://github.com/bagder/curl/issues/226
 Consider a way to tell curl to refuse to "downgrade" protocol with a redirect
 and/or possibly a bit that refuses redirect to change protocol completely.
 5.7 More compressions
 Compression algorithms that perform better than gzip are being considered for
 use and inclusion in existing browsers. For example 'brotli'. If servers
 follow along it is a good reason for us to also allow users to take advantage
 of this. The algorithm: https://github.com/google/brotli The Firefox bug:
 https://bugzilla.mozilla.org/show_bug.cgi?id=366559
 6. TELNET
 6.1 ditch stdin
@@ -393,32 +445,47 @@ to provide the data to send.
 be possible to use ldap_bind_s() instead specifying the security context
 information ourselves.
-11. New protocols
+11. SMB
-11.1 RSYNC
+11.1 File listing support
 Add support for listing the contents of a SMB share. The output should probably
 be the same as/similar to FTP.
 11.2 Honor file timestamps
 The timestamp of the transferred file should reflect that of the original file.
 11.3 Use NTLMv2
 Currently the SMB authentication uses NTLMv1.
 12. New protocols
 12.1 RSYNC
 There's no RFC for the protocol or an URI/URL format.  An implementation
 should most probably use an existing rsync library, such as librsync.
-12. SSL
+13. SSL
-12.1 Disable specific versions
+13.1 Disable specific versions
 Provide an option that allows for disabling specific SSL versions, such as
 SSLv2 http://curl.haxx.se/bug/feature.cgi?id=1767276
-12.2 Provide mutex locking API
+13.2 Provide mutex locking API
 Provide a libcurl API for setting mutex callbacks in the underlying SSL
 library, so that the same application code can use mutex-locking
 independently of OpenSSL or GnutTLS being used.
-12.3 Evaluate SSL patches
+13.3 Evaluate SSL patches
 Evaluate/apply Gertjan van Wingerde's SSL patches:
 http://curl.haxx.se/mail/lib-2004-03/0087.html
-12.4 Cache OpenSSL contexts
+13.4 Cache OpenSSL contexts
 "Look at SSL cafile - quick traces look to me like these are done on every
 request as well, when they should only be necessary once per SSL context (or
@@ -428,7 +495,7 @@ to provide the data to send.
 style connections are re-used. It will make us use slightly more memory but
 it will libcurl do less creations and deletions of SSL contexts.
-12.5 Export session ids
+13.5 Export session ids
 Add an interface to libcurl that enables "session IDs" to get
 exported/imported. Cris Bailiff said: "OpenSSL has functions which can
@@ -436,22 +503,22 @@ to provide the data to send.
 the state from such a buffer at a later date - this is used by mod_ssl for
 apache to implement and SSL session ID cache".
-12.6 Provide callback for cert verification
+13.6 Provide callback for cert verification
 OpenSSL supports a callback for customised verification of the peer
 certificate, but this doesn't seem to be exposed in the libcurl APIs. Could
 it be? There's so much that could be done if it were!
-12.7 improve configure --with-ssl
+13.7 improve configure --with-ssl
 make the configure --with-ssl option first check for OpenSSL, then GnuTLS,
 then NSS...
-12.8 Support DANE
+13.8 Support DANE
 DNS-Based Authentication of Named Entities (DANE) is a way to provide SSL
 keys and certs over DNS using DNSSEC as an alternative to the CA model.
- http://www.rfc-editor.org/rfc/rfc6698.txt
+ https://www.rfc-editor.org/rfc/rfc6698.txt
 An initial patch was posted by Suresh Krishnaswamy on March 7th 2013
 (http://curl.haxx.se/mail/lib-2013-03/0075.html) but it was a too simple
@@ -459,34 +526,69 @@ to provide the data to send.
 http://curl.haxx.se/mail/lib-2013-03/0103.html . libunbound may be the
 correct library to base this development on.
-13. GnuTLS
+14. GnuTLS
-13.1 SSL engine stuff
+14.1 SSL engine stuff
 Is this even possible?
-13.2 check connection
+14.2 check connection
 Add a way to check if the connection seems to be alive, to correspond to the
 SSL_peak() way we use with OpenSSL.
-14. SASL
+15. WinSSL/SChannel
-14.1 Other authentication mechanisms
+15.1 Add support for client certificate authentication
- Add support for other authentication mechanisms such as EXTERNAL, OLP,
+ WinSSL/SChannel currently makes use of the OS-level system and user
 certificate and private key stores. This does not allow the application
 or the user to supply a custom client certificate using curl or libcurl.
 Therefore support for the existing -E/--cert and --key options should be
 implemented by supplying a custom certificate to the SChannel APIs, see:
 - Getting a Certificate for Schannel
   https://msdn.microsoft.com/en-us/library/windows/desktop/aa375447.aspx
 15.2 Add support for custom server certificate validation
 WinSSL/SChannel currently makes use of the OS-level system and user
 certificate trust store. This does not allow the application or user to
 customize the server certificate validation process using curl or libcurl.
 Therefore support for the existing --cacert or --capath options should be
 implemented by supplying a custom certificate to the SChannel APIs, see:
 - Getting a Certificate for Schannel
   https://msdn.microsoft.com/en-us/library/windows/desktop/aa375447.aspx
 15.3 Add support for the --ciphers option
 The cipher suites used by WinSSL/SChannel are configured on an OS-level
 instead of an application-level. This does not allow the application or
 the user to customize the configured cipher suites using curl or libcurl.
 Therefore support for the existing --ciphers option should be implemented
 by mapping the OpenSSL/GnuTLS cipher suites to the SChannel APIs, see
 - Specifying Schannel Ciphers and Cipher Strengths
   https://msdn.microsoft.com/en-us/library/windows/desktop/aa380161.aspx
 16. SASL
 16.1 Other authentication mechanisms
 Add support for other authentication mechanisms such as OLP,
 GSS-SPNEGO and others.
-14.2 Add QOP support to GSSAPI authentication
+16.2 Add QOP support to GSSAPI authentication
 Currently the GSSAPI authentication only supports the default QOP of auth
 (Authentication), whilst Kerberos V5 supports both auth-int (Authentication
 with integrity protection) and auth-conf (Authentication with integrity and
 privacy protection).
-15. Client
+17. Client
-15.1 sync
+17.1 sync
 "curl --sync http://example.com/feed[1-100].rss" or
 "curl --sync http://example.net/{index,calendar,history}.html"
@@ -495,12 +597,12 @@ to provide the data to send.
 remote file is newer than the local file. A Last-Modified HTTP date header
 should also be used to set the mod date on the downloaded file.
-15.2 glob posts
+17.2 glob posts
 Globbing support for -d and -F, as in 'curl -d "name=foo[0-9]" URL'.
 This is easily scripted though.
-15.3 prevent file overwriting
+17.3 prevent file overwriting
 Add an option that prevents cURL from overwriting existing local files. When
 used, and there already is an existing file with the target file name
@@ -508,14 +610,14 @@ to provide the data to send.
 existing). So that index.html becomes first index.html.1 and then
 index.html.2 etc.
-15.4 simultaneous parallel transfers
+17.4 simultaneous parallel transfers
 The client could be told to use maximum N simultaneous parallel transfers and
 then just make sure that happens. It should of course not make more than one
 connection to the same remote host. This would require the client to use the
 multi interface. http://curl.haxx.se/bug/feature.cgi?id=1558595
-15.5 provide formpost headers
+17.5 provide formpost headers
 Extending the capabilities of the multipart formposting. How about leaving
 the ';type=foo' syntax as it is and adding an extra tag (headers) which
@@ -529,43 +631,73 @@ to provide the data to send.
 which should overwrite the program reasonable defaults (plain/text,
 8bit...)
-15.6 warning when setting an option
+17.6 warning when setting an option
-  Display a warning when libcurl returns an error when setting an option.
+ Display a warning when libcurl returns an error when setting an option.
-  This can be useful to tell when support for a particular feature hasn't been
+ This can be useful to tell when support for a particular feature hasn't been
-  compiled into the library.
+ compiled into the library.
-16. Build
+17.7 warning when sending binary output to terminal
-16.1 roffit
+ Provide a way that prompts the user for confirmation before binary data is
 sent to the terminal, much in the style 'less' does it.
 17.8 offer color-coded HTTP header output
 By offering different color output on the header name and the header
 contents, they could be made more readable and thus help users working on
 HTTP services.
 17.9 Choose the name of file in braces for complex URLs
 When using braces to download a list of URLs and you use complicated names
 in the list of alternatives, it could be handy to allow curl to use other
 names when saving.
 Consider a way to offer that. Possibly like
 {partURL1:name1,partURL2:name2,partURL3:name3} where the name following the
 colon is the output name.
 See https://github.com/bagder/curl/issues/221
 17.10 improve how curl works in a windows console window
 If you pull the scrollbar when transferring with curl in a Windows console
 window, the transfer is interrupted and can get disconnected. This can
 probably be improved. See https://github.com/bagder/curl/issues/322
 18. Build
 18.1 roffit
 Consider extending 'roffit' to produce decent ASCII output, and use that
 instead of (g)nroff when building src/tool_hugehelp.c
-17. Test suite
+19. Test suite
-17.1 SSL tunnel
+19.1 SSL tunnel
 Make our own version of stunnel for simple port forwarding to enable HTTPS
 and FTP-SSL tests without the stunnel dependency, and it could allow us to
 provide test tools built with either OpenSSL or GnuTLS
-17.2 nicer lacking perl message
+19.2 nicer lacking perl message
 If perl wasn't found by the configure script, don't attempt to run the tests
 but explain something nice why it doesn't.
-17.3 more protocols supported
+19.3 more protocols supported
 Extend the test suite to include more protocols. The telnet could just do FTP
 or http operations (for which we have test servers).
-17.4 more platforms supported
+19.4 more platforms supported
 Make the test suite work on more platforms. OpenBSD and Mac OS. Remove
 fork()s and it should become even more portable.
-17.5 Add support for concurrent connections
+19.5 Add support for concurrent connections
 Tests 836, 882 and 938 were designed to verify that separate connections aren't
 used when using different login credentials in protocols that shouldn't re-use
@@ -579,14 +711,14 @@ to provide the data to send.
 and thus the wait for connections loop is never entered to receive the second
 connection.
-18. Next SONAME bump
+20. Next SONAME bump
-18.1 http-style HEAD output for FTP
+20.1 http-style HEAD output for FTP
 #undef CURL_FTP_HTTPSTYLE_HEAD in lib/ftp.c to remove the HTTP-style headers
 from being output in NOBODY requests over FTP
-18.2 combine error codes
+20.2 combine error codes
 Combine some of the error codes to remove duplicates.  The original
 numbering should not be changed, and the old identifiers would be
@@ -611,29 +743,29 @@ to provide the data to send.
    CURLE_TFTP_PERM => CURLE_REMOTE_ACCESS_DENIED
-18.3 extend CURLOPT_SOCKOPTFUNCTION prototype
+20.3 extend CURLOPT_SOCKOPTFUNCTION prototype
 The current prototype only provides 'purpose' that tells what the
 connection/socket is for, but not any protocol or similar. It makes it hard
 for applications to differentiate on TCP vs UDP and even HTTP vs FTP and
 similar.
-19. Next major release
+21. Next major release
-19.1 cleanup return codes
+21.1 cleanup return codes
 curl_easy_cleanup() returns void, but curl_multi_cleanup() returns a
 CURLMcode. These should be changed to be the same.
-19.2 remove obsolete defines
+21.2 remove obsolete defines
 remove obsolete defines from curl/curl.h
-19.3 size_t
+21.3 size_t
 make several functions use size_t instead of int in their APIs
-19.4 remove several functions
+21.4 remove several functions
 remove the following functions from the public API:
@@ -654,18 +786,18 @@ to provide the data to send.
 curl_multi_socket_all
-19.5 remove CURLOPT_FAILONERROR
+21.5 remove CURLOPT_FAILONERROR
 Remove support for CURLOPT_FAILONERROR, it has gotten too kludgy and weird
 internally. Let the app judge success or not for itself.
-19.6 remove CURLOPT_DNS_USE_GLOBAL_CACHE
+21.6 remove CURLOPT_DNS_USE_GLOBAL_CACHE
 Remove support for a global DNS cache. Anything global is silly, and we
 already offer the share interface for the same functionality but done
 "right".
-19.7 remove progress meter from libcurl
+21.7 remove progress meter from libcurl
 The internally provided progress meter output doesn't belong in the library.
 Basically no application wants it (apart from curl) but instead applications
@@ -675,7 +807,7 @@ to provide the data to send.
 variable types passed to it instead of doubles so that big files work
 correctly.
-19.8 remove 'curl_httppost' from public
+21.8 remove 'curl_httppost' from public
 curl_formadd() was made to fill in a public struct, but the fact that the
 struct is public is never really used by application for their own advantage
@@ -684,7 +816,7 @@ to provide the data to send.
 Changing them to return a private handle will benefit the implementation and
 allow us much greater freedoms while still maintaining a solid API and ABI.
-19.9 have form functions use CURL handle argument
+21.9 have form functions use CURL handle argument
 curl_formadd() and curl_formget() both currently have no CURL handle
 argument, but both can use a callback that is set in the easy handle, and
@@ -692,7 +824,7 @@ to provide the data to send.
 curl_easy_perform() (or similar) called - which is hard to grasp and a design
 mistake.
-19.10 Add CURLOPT_MAIL_CLIENT option
+21.10 Add CURLOPT_MAIL_CLIENT option
 Rather than use the URL to specify the mail client string to present in the
 HELO and EHLO commands, libcurl should support a new CURLOPT specifically for
--- a/docs/TheArtOfHttpScripting
+++ b/docs/TheArtOfHttpScripting
@@ -1,4 +1,3 @@
 Updated: Dec 24, 2013 (http://curl.haxx.se/docs/httpscripting.html)
                                  _   _ ____  _
                              ___| | | |  _ \| |
                             / __| | | | |_) | |
@@ -23,6 +22,8 @@ The Art Of Scripting HTTP Requests Using Curl
 3. Fetch a page
 3.1 GET
 3.2 HEAD
 3.3 Multiple URLs in a single command line
 3.4 Multiple HTTP methods in a single command line
 4. HTML forms
 4.1 Forms explained
 4.2 GET
@@ -136,7 +137,7 @@ The Art Of Scripting HTTP Requests Using Curl
 The Uniform Resource Locator format is how you specify the address of a
 particular resource on the Internet. You know these, you've seen URLs like
 http://curl.haxx.se or https://yourbank.com a million times. RFC 3986 is the
- canonical spec.
+ canonical spec. And yeah, the formal name is not URL, it is URI.
 2.2 Host
@@ -193,7 +194,6 @@ The Art Of Scripting HTTP Requests Using Curl
 the associated response. The path is what is to the right side of the slash
 that follows the host name and possibly port number.
 3. Fetch a page
 3.1 GET
@@ -224,6 +224,46 @@ The Art Of Scripting HTTP Requests Using Curl
 may see a Content-Length: in the response headers, but there must not be an
 actual body in the HEAD response.
 3.3 Multiple URLs in a single command line
 A single curl command line may involve one or many URLs. The most common case
 is probably to just use one, but you can specify any amount of URLs. Yes
 any. No limits. You'll then get requests repeated over and over for all the
 given URLs.
 Example, send two GETs:
    curl http://url1.example.com http://url2.example.com
 If you use --data to POST to the URL, using multiple URLs means that you send
 that same POST to all the given URLs.
 Example, send two POSTs:
    curl --data name=curl http://url1.example.com http://url2.example.com
 3.4 Multiple HTTP methods in a single command line
 Sometimes you need to operate on several URLs in a single command line and do
 different HTTP methods on each. For this, you'll enjoy the --next option. It
 is basically a separator that separates a bunch of options from the next. All
 the URLs before --next will get the same method and will get all the POST
 data merged into one.
 When curl reaches the --next on the command line, it'll sort of reset the
 method and the POST data and allow a new set.
 Perhaps this is best shown with a few examples. To send first a HEAD and then
 a GET:
   curl -I http://example.com --next http://example.com
 To first send a POST and then a GET:
   curl -d score=10 http://example.com/post.cgi --next http://example.com/results.html
 4. HTML forms
 4.1 Forms explained
@@ -302,6 +342,10 @@ The Art Of Scripting HTTP Requests Using Curl
        curl --data-urlencode "name=I am Daniel" http://www.example.com
  If you repeat --data several times on the command line, curl will
  concatenate all the given data pieces - and put a '&' symbol between each
  data segment.
 4.4 File Upload POST
  Back in late 1995 they defined an additional way to post data over HTTP. It
@@ -557,8 +601,10 @@ The Art Of Scripting HTTP Requests Using Curl
 truckload of advanced features to allow all those encryptions and key
 infrastructure mechanisms encrypted HTTP requires.
- Curl supports encrypted fetches thanks to the freely available OpenSSL
+ Curl supports encrypted fetches when built to use a TLS library and it can be
- libraries. To get a page from a HTTPS server, simply run curl like:
+ built to use one out of a fairly large set of libraries - "curl -V" will show
 which one your curl was built to use (if any!). To get a page from a HTTPS
 server, simply run curl like:
        curl https://secure.example.com
@@ -584,6 +630,12 @@ The Art Of Scripting HTTP Requests Using Curl
        http://curl.haxx.se/docs/sslcerts.html
  At times you may end up with your own CA cert store and then you can tell
  curl to use that to verify the server's certificate:
        curl --cacert ca-bundle.pem https://example.com/
 11. Custom Request Elements
 11.1 Modify method and headers
@@ -692,7 +744,7 @@ The Art Of Scripting HTTP Requests Using Curl
 14.1 Standards
- RFC 2616 is a must to read if you want in-depth understanding of the HTTP
+ RFC 7230 is a must to read if you want in-depth understanding of the HTTP
 protocol
 RFC 3986 explains the URL syntax
--- a/docs/VERSIONS
+++ b/docs/VERSIONS
@@ -1,22 +1,18 @@
                                  _   _ ____  _
                              ___| | | |  _ \| |
                             / __| | | | |_) | |
                            | (__| |_| |  _ <| |___
                             \___|\___/|_| \_\_____|
 Version Numbers and Releases
 ============================
 Curl is not only curl. Curl is also libcurl. They're actually individually
 versioned, but they mostly follow each other rather closely.
 The version numbering is always built up using the same system:
-        X.Y[.Z]
+        X.Y.Z
- Where
+  - X is main version number
-   X is main version number
+  - Y is release number
-   Y is release number
+  - Z is patch number
-   Z is patch number
+
 ## Bumping numbers
 One of these numbers will get bumped in each new release. The numbers to the
 right of a bumped number will be reset to zero. If Z is zero, it may not be
@@ -57,4 +53,4 @@ Version Numbers and Releases
 release. It makes comparisons with greater than and less than work.
 This number is also available as three separate defines:
- LIBCURL_VERSION_MAJOR, LIBCURL_VERSION_MINOR and LIBCURL_VERSION_PATCH.
+ `LIBCURL_VERSION_MAJOR`, `LIBCURL_VERSION_MINOR` and `LIBCURL_VERSION_PATCH`.
--- a/docs/curl.1
+++ b/docs/curl.1
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -39,8 +39,7 @@ resume, Metalink, and more. As you will see below, the number of features will
 make your head spin!
 curl is powered by libcurl for all transfer-related features. See
-.BR libcurl (3)
+\fIlibcurl(3)\fP for details.
 for details.
 .SH URL
 The URL syntax is protocol-dependent. You'll find a detailed description in
 RFC 3986.
@@ -172,10 +171,11 @@ a level of control).
 .IP "-2, --sslv2"
 (SSL) Forces curl to use SSL version 2 when negotiating with a remote SSL
 server. Sometimes curl is built without SSLv2 support. SSLv2 is widely
-considered insecure.
+considered insecure (see RFC 6176).
 .IP "-3, --sslv3"
 (SSL) Forces curl to use SSL version 3 when negotiating with a remote SSL
-server. Sometimes curl is built without SSLv3 support.
+server. Sometimes curl is built without SSLv3 support. SSLv3 is widely
 considered insecure (see RFC 7568).
 .IP "-4, --ipv4"
 This option tells curl to resolve names to IPv4 addresses only, and not for
 example try IPv6.
@@ -213,7 +213,7 @@ be in the format "NAME1=VALUE1; NAME2=VALUE2".
 If no '=' symbol is used in the line, it is treated as a filename to use to
 read previously stored cookie lines from, which should be used in this session
-if they match. Using this method also activates the "cookie parser" which will
+if they match. Using this method also activates the cookie engine which will
 make curl record incoming cookies too, which may be handy if you're using this
 in combination with the \fI-L, --location\fP option. The file format of the
 file to read cookies from should be plain HTTP headers or the Netscape/Mozilla
@@ -223,6 +223,15 @@ The file specified with \fI-b, --cookie\fP is only used as input. No cookies
 will be written to the file. To store cookies, use the \fI-c, --cookie-jar\fP
 option.
 Exercise caution if you are using this option and multiple transfers may occur.
 If you use the NAME1=VALUE1; format, or in a file use the Set-Cookie format and
 don't specify a domain, then the cookie is sent for any domain (even after
 redirects are followed) and cannot be modified by a server-set cookie. If the
 cookie engine is enabled and a server sets a cookie of the same name then both
 will be sent on a future transfer to that server, likely not what you intended.
 To address these issues set a domain in Set-Cookie (doing that will include
 sub-domains) or use the Netscape format.
 If this option is used several times, the last one will be used.
 .IP "-B, --use-ascii"
 (FTP/LDAP) Enable ASCII transfer. For FTP, this can also be enforced by using
@@ -254,6 +263,9 @@ won't fail or even report an error clearly. Using -v will get a warning
 displayed, but that is the only visible feedback you get about this possibly
 lethal situation.
 Since 7.43.0 cookies that were imported in the Set-Cookie format without a
 domain name are not exported by this option.
 If this option is used several times, the last specified file name will be
 used.
 .IP "-C, --continue-at <offset>"
@@ -269,11 +281,11 @@ If this option is used several times, the last one will be used.
 .IP "--ciphers <list of ciphers>"
 (SSL) Specifies which ciphers to use in the connection. The list of ciphers
 must specify valid ciphers. Read up on SSL cipher list details on this URL:
-\fIhttp://www.openssl.org/docs/apps/ciphers.html\fP
+\fIhttps://www.openssl.org/docs/apps/ciphers.html\fP
 NSS ciphers are done differently than OpenSSL and GnuTLS. The full list of NSS
 ciphers is in the NSSCipherSuite entry at this URL:
-\fIhttp://git.fedorahosted.org/cgit/mod_nss.git/plain/docs/mod_nss.html#Directives\fP
+\fIhttps://git.fedorahosted.org/cgit/mod_nss.git/plain/docs/mod_nss.html#Directives\fP
 If this option is used several times, the last one will be used.
 .IP "--compressed"
@@ -315,9 +327,10 @@ presses the submit button. This will cause curl to pass the data to the server
 using the content-type application/x-www-form-urlencoded.  Compare to
 \fI-F, --form\fP.
-\fI-d, --data\fP is the same as \fI--data-ascii\fP. To post data purely binary,
+\fI-d, --data\fP is the same as \fI--data-ascii\fP. \fI--data-raw\fP is almost
-you should instead use the \fI--data-binary\fP option. To URL-encode the value
+the same but does not have a special interpretation of the @ character. To
-of a form field you may use \fI--data-urlencode\fP.
+post data purely binary, you should instead use the \fI--data-binary\fP option.
 To URL-encode the value of a form field you may use \fI--data-urlencode\fP.
 If any of these options is used more than once on the same command line, the
 data pieces specified will be merged together with a separating
@@ -329,7 +342,8 @@ read the data from, or - if you want curl to read the data from
 stdin. Multiple files can also be specified. Posting data from a file
 named 'foobar' would thus be done with \fI--data\fP @foobar. When --data is
 told to read from a file like that, carriage returns and newlines will be
-stripped out.
+stripped out. If you don't want the @ character to have a special
 interpretation use \fI--data-raw\fP instead.
 .IP "-D, --dump-header <file>"
 Write the protocol headers to the specified file.
@@ -354,6 +368,10 @@ and carriage returns are preserved and conversions are never done.
 If this option is used several times, the ones following the first will append
 data as described in \fI-d, --data\fP.
 .IP "--data-raw <data>"
 (HTTP) This posts data similarly to \fI--data\fP but without the special
 interpretation of the @ character. See \fI-d, --data\fP.
 (Added in 7.43.0)
 .IP "--data-urlencode <data>"
 (HTTP) This posts data, similar to the other --data options with the exception
 that this performs URL-encoding. (Added in 7.18.0)
@@ -470,10 +488,10 @@ If this option is used several times, the last one will be used.
 (SSL) Tells curl to use the specified client certificate file when getting a
 file with HTTPS, FTPS or another SSL-based protocol. The certificate must be
 in PKCS#12 format if using Secure Transport, or PEM format if using any other
-engine.  If the optional password isn't specified, it will be queried
+engine.  If the optional password isn't specified, it will be queried for on
-for on the terminal. Note that this option assumes a \&"certificate" file that
+the terminal. Note that this option assumes a \&"certificate" file that is the
-is the private key and the private certificate concatenated! See \fI--cert\fP
+private key and the client certificate concatenated! See \fI--cert\fP and
-and \fI--key\fP to specify them independently.
+\fI--key\fP to specify them independently.
 If curl is built against the NSS SSL library then this option can tell
 curl the nickname of the certificate to use within the NSS database defined
@@ -539,19 +557,42 @@ OpenSSL-powered curl to make SSL-connections much more efficiently than using
 If this option is set, the default capath value will be ignored, and if it is
 used several times, the last one will be used.
-.IP "--pinnedpubkey <pinned public key>"
+.IP "--pinnedpubkey <pinned public key (hashes)>"
-(SSL) Tells curl to use the specified public key file to verify the peer. The
+(SSL) Tells curl to use the specified public key file (or hashes) to verify the
-file must contain a single public key in PEM or DER format.
+peer. This can be a path to a file which contains a single public key in PEM or
 DER format, or any number of base64 encoded sha256 hashes preceded by
 \'sha256//\' and separated by \';\'
 When negotiating a TLS or SSL connection, the server sends a certificate
 indicating its identity. A public key is extracted from this certificate and
 if it does not exactly match the public key provided to this option, curl will
 abort the connection before sending or receiving any data.
-This is currently only implemented in the OpenSSL, GnuTLS and GSKit backends.
+Added in 7.39.0 for OpenSSL, GnuTLS and GSKit. Added in 7.43.0 for NSS and
 wolfSSL/CyaSSL. sha256 support added in 7.44.0 for OpenSSL,
 GnuTLS, NSS and wolfSSL/CyaSSL. Other SSL backends not supported.
 If this option is used several times, the last one will be used.
-(Added in 7.39.0)
+.IP "--cert-status"
 (SSL) Tells curl to verify the status of the server certificate by using the
 Certificate Status Request (aka. OCSP stapling) TLS extension.
 If this option is enabled and the server sends an invalid (e.g. expired)
 response, if the response suggests that the server certificate has been revoked,
 or no response at all is received, the verification fails.
 This is currently only implemented in the OpenSSL, GnuTLS and NSS backends.
 (Added in 7.41.0)
 .IP "--false-start"
 (SSL) Tells curl to use false start during the TLS handshake. False start is a
 mode where a TLS client will start sending application data before verifying
 the server's Finished message, thus saving a round trip when performing a full
 handshake.
 This is currently only implemented in the NSS and Secure Transport (on iOS 7.0
 or later, or OS X 10.9 or later) backends.
 (Added in 7.42.0)
 .IP "-f, --fail"
 (HTTP) Fail silently (no output at all) on server errors. This is mostly done
 to better enable scripts etc to better deal with failed attempts. In normal
@@ -579,7 +620,9 @@ input:
 \fBcurl\fP -F password=@/etc/passwd www.mypasswords.com
 To read content from stdin instead of a file, use - as the filename. This goes
-for both @ and < constructs.
+for both @ and < constructs. Unfortunately it does not support reading the
 file from a named pipe or similar, as it needs the full size before the
 transfer starts.
 You can also tell curl what Content-Type to use by using 'type=', in a manner
 similar to:
@@ -641,6 +684,7 @@ curl does one CWD with the full target directory and then operates on the file
 \&"normally" (like in the multicwd case). This is somewhat more standards
 compliant than 'nocwd' but without the full penalty of 'multicwd'.
 .RE
 .IP
 (Added in 7.15.1)
 .IP "--ftp-pasv"
 (FTP) Use passive mode for the data connection. Passive is the internal default
@@ -733,16 +777,24 @@ Example:
 \&# curl -H "X-First-Name: Joe" http://192.168.0.1/
 \fBWARNING\fP: headers set with this option will be set in all requests - even
 after redirects are followed, like when told with \fB-L, --location\fP. This
 can lead to the header being sent to other hosts than the original host, so
 sensitive headers should be used with caution combined with following
 redirects.
 This option can be used multiple times to add/replace/remove multiple headers.
 .IP "--hostpubmd5 <md5>"
 (SCP/SFTP) Pass a string containing 32 hexadecimal digits. The string should
 be the 128 bit MD5 checksum of the remote host's public key, curl will refuse
 the connection with the host unless the md5sums match. (Added in 7.17.1)
 .IP "--ignore-content-length"
-(HTTP)
+For HTTP, Ignore the Content-Length header. This is particularly useful for
-Ignore the Content-Length header. This is particularly useful for servers
+servers running Apache 1.x, which will report incorrect Content-Length for
-running Apache 1.x, which will report incorrect Content-Length for files
+files larger than 2 gigabytes.
-larger than 2 gigabytes.
+
 For FTP (since 7.46.0), skip the RETR command to figure out the size before
 downloading a file.
 .IP "-i, --include"
 (HTTP) Include the HTTP-header in the output. The HTTP-header includes things
 like server-name, date of the document, HTTP-version and more...
@@ -1027,13 +1079,10 @@ in Metalink file, hash check will fail.
 Makes curl scan the \fI.netrc\fP (\fI_netrc\fP on Windows) file in the user's
 home directory for login name and password. This is typically used for FTP on
 Unix. If used with HTTP, curl will enable user authentication. See
-.BR netrc(4)
+\fInetrc(5)\fP \fIftp(1)\fP for details on the file format. Curl will not
-or
+complain if that file doesn't have the right permissions (it should not be
-.BR ftp(1)
+either world- or group-readable). The environment variable "HOME" is used to
-for details on the file format. Curl will not complain if that file
+find the home directory.
 doesn't have the right permissions (it should not be either world- or
 group-readable). The environment variable "HOME" is used to find the home
 directory.
 A quick and very simple example of how to setup a \fI.netrc\fP to allow curl
 to FTP to the machine host.domain.com with user name \&'myself' and password
@@ -1195,7 +1244,7 @@ i.e "my.host.domain" to specify the machine
 make curl pick the same IP address that is already used for the control
 connection
 .RE
-
+.IP
 If this option is used several times, the last one will be used. Disable the
 use of PORT with \fI--ftp-pasv\fP. Disable the attempt to use the EPRT command
 instead of PORT by using \fI--disable-eprt\fP. EPRT is really PORT++.
@@ -1209,22 +1258,28 @@ available.
 (SSL/SSH) Passphrase for the private key
 If this option is used several times, the last one will be used.
 .IP "--path-as-is"
 Tell curl to not handle sequences of /../ or /./ in the given URL
 path. Normally curl will squash or merge them according to standards but with
 this option set you tell it not to do that.
 (Added in 7.42.0)
 .IP "--post301"
-(HTTP) Tells curl to respect RFC 2616/10.3.2 and not convert POST requests
+(HTTP) Tells curl to respect RFC 7230/6.4.2 and not convert POST requests
 into GET requests when following a 301 redirection. The non-RFC behaviour is
 ubiquitous in web browsers, so curl does the conversion by default to maintain
 consistency. However, a server may require a POST to remain a POST after such
 a redirection. This option is meaningful only when using \fI-L, --location\fP
 (Added in 7.17.1)
 .IP "--post302"
-(HTTP) Tells curl to respect RFC 2616/10.3.2 and not convert POST requests
+(HTTP) Tells curl to respect RFC 7230/6.4.3 and not convert POST requests
 into GET requests when following a 302 redirection. The non-RFC behaviour is
 ubiquitous in web browsers, so curl does the conversion by default to maintain
 consistency. However, a server may require a POST to remain a POST after such
 a redirection. This option is meaningful only when using \fI-L, --location\fP
 (Added in 7.19.1)
 .IP "--post303"
-(HTTP) Tells curl to respect RFC 2616/10.3.2 and not convert POST requests
+(HTTP) Tells curl to respect RFC 7230/6.4.4 and not convert POST requests
 into GET requests when following a 303 redirection. The non-RFC behaviour is
 ubiquitous in web browsers, so curl does the conversion by default to maintain
 consistency. However, a server may require a POST to remain a POST after such
@@ -1271,9 +1326,40 @@ This option can be used multiple times, in which case the effect is the same
 as concatenating the protocols into one instance of the option.
 (Added in 7.20.2)
 .IP "--proto-default <protocol>"
 Tells curl to use \fIprotocol\fP for any URL missing a scheme name.
 Example:
 .RS
 .IP "--proto-default https ftp.mozilla.org"
 https://ftp.mozilla.org
 .RE
 An unknown or unsupported protocol causes error
 \fICURLE_UNSUPPORTED_PROTOCOL\fP.
 This option does not change the default proxy protocol (http).
 Without this option curl would make a guess based on the host, see \fI--url\fP
 for details.
 (Added in 7.45.0)
 .IP "--proto-redir <protocols>"
-Tells curl to use the listed protocols after a redirect. See --proto for
+Tells curl to use the listed protocols on redirect. See --proto for how
-how protocols are represented.
+protocols are represented.
 Example:
 .RS
 .IP "--proto-redir -all,http,https"
 Allow only HTTP and HTTPS on redirect.
 .RE
 By default curl will allow all protocols on redirect except several disabled
 for security reasons: Since 7.19.4 FILE and SCP are disabled, and since 7.40.0
 SMB and SMBS are also disabled. Specifying \fIall\fP or \fI+all\fP enables all
 protocols on redirect, including those disabled for security.
 (Added in 7.20.2)
 .IP "--proxy-anyauth"
@@ -1294,6 +1380,11 @@ with a remote host. (Added in 7.17.1)
 .IP "--proxy-ntlm"
 Tells curl to use HTTP NTLM authentication when communicating with the given
 proxy. Use \fI--ntlm\fP for enabling NTLM with a remote host.
 .IP "--proxy-service-name <servicename>"
 This option allows you to change the service name for proxy negotiation.
 Examples: --proxy-negotiate proxy-name \fI--proxy-service-name\fP sockd would use
 sockd/proxy-name.  (Added in 7.43.0).
 .IP "--proxy1.0 <proxyhost[:port]>"
 Use the specified HTTP 1.0 proxy. If the port number is not specified, it is
 assumed at port 1080.
@@ -1383,15 +1474,12 @@ specifies the last 500 bytes
 specifies the bytes from offset 9500 and forward
 .TP
 .B 0-0,-1
-specifies the first and last byte only(*)(H)
+specifies the first and last byte only(*)(HTTP)
 .TP
 .B 500-700,600-799
 specifies 300 bytes from offset 500(H)
 .TP
 .B 100-199,500-599
-specifies two separate 100-byte ranges(*)(H)
+specifies two separate 100-byte ranges(*) (HTTP)
 .RE
-
+.IP
 (*) = NOTE that this will cause the server to reply with a multipart
 response!
@@ -1475,6 +1563,11 @@ terminal/stdout unless you redirect it.
 .IP "--sasl-ir"
 Enable initial response in SASL authentication.
 (Added in 7.31.0)
 .IP "--service-name <servicename>"
 This option allows you to change the service name for SPNEGO.
 Examples: --negotiate \fI--service-name\fP sockd would use
 sockd/server-name.  (Added in 7.43.0).
 .IP "-S, --show-error"
 When used with \fI-s\fP it makes curl show an error message if it fails.
 .IP "--ssl"
@@ -1497,6 +1590,10 @@ and TLS1.0 protocols known as BEAST.  If this option isn't used, the SSL layer
 may use workarounds known to cause interoperability problems with some older
 SSL implementations. WARNING: this option loosens the SSL security, and by
 using this flag you ask for exactly that.  (Added in 7.25.0)
 .IP "--ssl-no-revoke"
 (WinSSL) This option tells curl to disable certificate revocation checks.
 WARNING: this option loosens the SSL security, and by using this flag you ask
 for exactly that.  (Added in 7.44.0)
 .IP "--socks4 <host[:port]>"
 Use the specified SOCKS4 proxy. If the port number is not specified, it is
 assumed at port 1080. (Added in 7.15.2)
@@ -1676,7 +1773,7 @@ impossible to use a colon in the user name with this option. The password can,
 still.
 When using Kerberos V5 with a Windows based server you should include the
-Windows domain name in the user name, in order for the server to succesfully
+Windows domain name in the user name, in order for the server to successfully
 obtain a Kerberos Ticket. If you don't then the initial authentication
 handshake may fail.
@@ -1706,6 +1803,12 @@ If this option is used several times, the last one will be used.
 Specify a URL to fetch. This option is mostly handy when you want to specify
 URL(s) in a config file.
 If the given URL is missing a scheme name (such as "http://" or "ftp://" etc)
 then curl will make a guess based on the host. If the outermost sub-domain name
 matches DICT, FTP, IMAP, LDAP, POP3 or SMTP then that protocol will be used,
 otherwise HTTP will be used. Since 7.45.0 guessing can be disabled by setting a
 default protocol, see \fI--proto-default\fP for details.
 This option may be used any number of times. To control where this URL is
 written, use the \fI-o, --output\fP or the \fI-O, --remote-name\fP options.
 .IP "-v, --verbose"
@@ -1850,7 +1953,7 @@ displayed with millisecond resolution.
 The URL that was fetched last. This is most meaningful if you've told curl
 to follow location: headers.
 .RE
-
+.IP
 If this option is used several times, the last one will be used.
 .IP "-x, --proxy <[protocol://][user:password@]proxyhost[:port]>"
 Use the specified proxy.
@@ -1884,7 +1987,7 @@ password.
 If this option is used several times, the last one will be used.
 .IP "-X, --request <command>"
 (HTTP) Specifies a custom request method to use when communicating with the
-HTTP server.  The specified request will be used instead of the method
+HTTP server.  The specified request method will be used instead of the method
 otherwise used (which defaults to GET). Read the HTTP 1.1 specification for
 details and explanations. Common additional HTTP requests include PUT and
 DELETE, but related technologies like WebDAV offers PROPFIND, COPY, MOVE and
@@ -1898,6 +2001,11 @@ alter the way curl behaves. So for example if you want to make a proper HEAD
 request, using -X HEAD will not suffice. You need to use the \fI-I, --head\fP
 option.
 The method string you set with -X will be used for all requests, which if you
 for example use \fB-L, --location\fP may cause unintended side-effects when
 curl doesn't change request method according to the HTTP 30x response codes -
 and similar.
 (FTP)
 Specifies a custom FTP command to use instead of LIST when doing file lists
 with FTP.
--- a/docs/examples/10-at-a-time.c
+++ b/docs/examples/10-at-a-time.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -19,9 +19,10 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
-/* Example application source code using the multi interface to download many
+/* <DESC>
- * files, but with a capped maximum amount of simultaneous transfers.
+ * Source code using the multi interface to download many
- *
+ * files, with a capped maximum amount of simultaneous transfers.
 * </DESC>
 * Written by Michael Wallner
 */
--- a/docs/examples/Makefile.inc
+++ b/docs/examples/Makefile.inc
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -31,7 +31,8 @@ check_PROGRAMS = 10-at-a-time anyauthput cookie_interface debug fileupload \
  pop3-dele pop3-top pop3-stat pop3-noop pop3-ssl pop3-tls pop3-multi      \
  imap-list imap-lsub imap-fetch imap-store imap-append imap-examine       \
  imap-search imap-create imap-delete imap-copy imap-noop imap-ssl         \
-  imap-tls imap-multi url2file sftpget ftpsget postinmemory
+  imap-tls imap-multi url2file sftpget ftpsget postinmemory http2-download \
  http2-upload http2-serverpush
 # These examples require external dependencies that may not be commonly
 # available on POSIX systems, so don't bother attempting to compile them here.
--- a/docs/examples/Makefile.m32
+++ b/docs/examples/Makefile.m32
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -21,7 +21,7 @@
 ###########################################################################
 #
 ## Makefile for building curl examples with MingW (GCC-3.2 or later)
-## and optionally OpenSSL (0.9.8), libssh2 (1.3), zlib (1.2.5), librtmp (2.3)
+## and optionally OpenSSL (1.0.2a), libssh2 (1.5), zlib (1.2.8), librtmp (2.4)
 ##
 ## Usage:   mingw32-make -f Makefile.m32 CFG=-feature1[-feature2][-feature3][...]
 ## Example: mingw32-make -f Makefile.m32 CFG=-zlib-ssl-spi-winidn
@@ -38,23 +38,23 @@ ZLIB_PATH = ../../../zlib-1.2.8
 endif
 # Edit the path below to point to the base of your OpenSSL package.
 ifndef OPENSSL_PATH
-OPENSSL_PATH = ../../../openssl-0.9.8zc
+OPENSSL_PATH = ../../../openssl-1.0.2a
 endif
 # Edit the path below to point to the base of your LibSSH2 package.
 ifndef LIBSSH2_PATH
-LIBSSH2_PATH = ../../../libssh2-1.4.3
+LIBSSH2_PATH = ../../../libssh2-1.5.0
 endif
 # Edit the path below to point to the base of your librtmp package.
 ifndef LIBRTMP_PATH
-LIBRTMP_PATH = ../../../librtmp-2.3
+LIBRTMP_PATH = ../../../librtmp-2.4
 endif
 # Edit the path below to point to the base of your libidn package.
 ifndef LIBIDN_PATH
-LIBIDN_PATH = ../../../libidn-1.18
+LIBIDN_PATH = ../../../libidn-1.32
 endif
 # Edit the path below to point to the base of your MS IDN package.
 # Microsoft Internationalized Domain Names (IDN) Mitigation APIs 1.1
-# http://www.microsoft.com/downloads/en/details.aspx?FamilyID=ad6158d7-ddba-416a-9109-07607425a815
+# https://www.microsoft.com/en-us/download/details.aspx?id=734
 ifndef WINIDN_PATH
 WINIDN_PATH = ../../../Microsoft IDN Mitigation APIs
 endif
@@ -62,6 +62,10 @@ endif
 ifndef LDAP_SDK
 LDAP_SDK = c:/novell/ndk/cldapsdk/win32
 endif
 # Edit the path below to point to the base of your nghttp2 package.
 ifndef NGHTTP2_PATH
 NGHTTP2_PATH = ../../../nghttp2-1.0.0
 endif
 PROOT = ../..
@@ -72,14 +76,24 @@ endif
 # Edit the var below to set to your architecture or set environment var.
 ifndef ARCH
-ARCH = w32
+ifeq ($(findstring x86_64,$(shell $(CC) -dumpmachine)),x86_64)
 ARCH    = w64
 else
 ARCH    = w32
 endif
 endif
 CC	= $(CROSSPREFIX)gcc
 CFLAGS	= -g -O2 -Wall
 CFLAGS	+= -fno-strict-aliasing
 ifeq ($(ARCH),w64)
-CFLAGS	+= -D_AMD64_
+CFLAGS	+= -m64 -D_AMD64_
 LDFLAGS += -m64
 RCFLAGS += -F pe-x86-64
 else
 CFLAGS	+= -m32
 LDFLAGS += -m32
 RCFLAGS += -F pe-i386
 endif
 # comment LDFLAGS below to keep debug info
 LDFLAGS	= -s
@@ -158,9 +172,12 @@ ifeq ($(findstring -metalink,$(CFG)),-metalink)
 METALINK = 1
 endif
 ifeq ($(findstring -winssl,$(CFG)),-winssl)
-SCHANNEL = 1
+WINSSL = 1
 SSPI = 1
 endif
 ifeq ($(findstring -nghttp2,$(CFG)),-nghttp2)
 NGHTTP2 = 1
 endif
 INCLUDES = -I. -I$(PROOT) -I$(PROOT)/include -I$(PROOT)/lib
@@ -184,6 +201,10 @@ ifdef RTMP
  CFLAGS += -DUSE_LIBRTMP
  curl_LDADD += -L"$(LIBRTMP_PATH)/librtmp" -lrtmp -lwinmm
 endif
 ifdef NGHTTP2
  CFLAGS += -DUSE_NGHTTP2
  curl_LDADD += -L"$(NGHTTP2_PATH)/lib" -lnghttp2
 endif
 ifdef SSH2
  CFLAGS += -DUSE_LIBSSH2 -DHAVE_LIBSSH2_H
  curl_LDADD += -L"$(LIBSSH2_PATH)/win32" -lssh2
@@ -204,7 +225,7 @@ ifdef SSL
  ifndef DYN
    OPENSSL_LIBS += -lgdi32 -lcrypt32
  endif
-  CFLAGS += -DUSE_SSLEAY
+  CFLAGS += -DUSE_OPENSSL
  curl_LDADD += -L"$(OPENSSL_LIBPATH)" $(OPENSSL_LIBS)
 endif
 ifdef ZLIB
@@ -223,7 +244,7 @@ endif
 endif
 ifdef SSPI
  CFLAGS += -DUSE_WINDOWS_SSPI
-  ifdef SCHANNEL
+  ifdef WINSSL
    CFLAGS += -DUSE_SCHANNEL
  endif
 endif
--- a/docs/examples/Makefile.netware
+++ b/docs/examples/Makefile.netware
@@ -19,12 +19,12 @@ endif
 # Edit the path below to point to the base of your OpenSSL package.
 ifndef OPENSSL_PATH
-OPENSSL_PATH = ../../../openssl-0.9.8zc
+OPENSSL_PATH = ../../../openssl-1.0.2a
 endif
 # Edit the path below to point to the base of your LibSSH2 package.
 ifndef LIBSSH2_PATH
-LIBSSH2_PATH = ../../../libssh2-1.4.3
+LIBSSH2_PATH = ../../../libssh2-1.5.0
 endif
 # Edit the path below to point to the base of your axTLS package.
@@ -34,12 +34,12 @@ endif
 # Edit the path below to point to the base of your libidn package.
 ifndef LIBIDN_PATH
-LIBIDN_PATH = ../../../libidn-1.18
+LIBIDN_PATH = ../../../libidn-1.32
 endif
 # Edit the path below to point to the base of your librtmp package.
 ifndef LIBRTMP_PATH
-LIBRTMP_PATH = ../../../librtmp-2.3
+LIBRTMP_PATH = ../../../librtmp-2.4
 endif
 # Edit the path below to point to the base of your fbopenssl package.
--- a/docs/examples/anyauthput.c
+++ b/docs/examples/anyauthput.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -19,6 +19,11 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
 /* <DESC>
 * HTTP PUT upload with authentiction using "any" method. libcurl picks the
 * one the server supports/wants.
 * </DESC>
 */
 #include <stdio.h>
 #include <fcntl.h>
 #ifdef WIN32
--- a/docs/examples/asiohiper.cpp
+++ b/docs/examples/asiohiper.cpp
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 2012 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2012 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -20,11 +20,11 @@
 *
 ***************************************************************************/
 /* <DESC>
 * demonstrate the use of multi socket interface with boost::asio
 * </DESC>
 */
 /*
 * file: asiohiper.cpp
 * Example program to demonstrate the use of multi socket interface
 * with boost::asio
 *
 * This program is in c++ and uses boost::asio instead of libevent/libev.
 * Requires boost::asio, boost::bind and boost::system
 *
--- a/docs/examples/cacertinmem.c
+++ b/docs/examples/cacertinmem.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -19,17 +19,11 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
-/* Example using a "in core" PEM certificate to retrieve a https page.
+/* <DESC>
- * Written by Theo Borm
+ * CA cert in memory with OpenSSL to get a HTTPS page.
 * </DESC>
 */
 /* on a netBSD system with OPENSSL& LIBCURL installed from
 * pkgsrc (using default paths) this program can be compiled using:
 * gcc -I/usr/pkg/include -L/usr/pkg/lib -lcurl -Wl,-R/usr/pkg/lib -lssl
 * -lcrypto -lz -o curlcacerttest curlcacerttest.c
 * on other operating systems you may want to change paths to headers
 * and libraries
 */
 #include <openssl/ssl.h>
 #include <curl/curl.h>
 #include <stdio.h>
--- a/docs/examples/certinfo.c
+++ b/docs/examples/certinfo.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -19,6 +19,10 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
 /* <DESC>
 * Extract lots of TLS certificate info.
 * </DESC>
 */
 #include <stdio.h>
 #include <curl/curl.h>
--- a/docs/examples/chkspeed.c
+++ b/docs/examples/chkspeed.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -19,6 +19,10 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
 /* <DESC>
 * Show transfer timing info after download completes.
 * </DESC>
 */
 /* Example source code to show how the callback function can be used to
 * download data into a chunk of memory instead of storing it in a file.
 * After successful download we use curl_easy_getinfo() calls to get the
--- a/docs/examples/cookie_interface.c
+++ b/docs/examples/cookie_interface.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -19,7 +19,10 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
-/* This example shows usage of simple cookie interface. */
+/* <DESC>
 * Import and export cookies with COOKIELIST.
 * </DESC>
 */
 #include <stdio.h>
 #include <string.h>
@@ -96,7 +99,12 @@ main(void)
      return 1;
    }
-    /* HTTP-header style cookie */
+    /* HTTP-header style cookie. If you use the Set-Cookie format and don't
    specify a domain then the cookie is sent for any domain and will not be
    modified, likely not what you intended. Starting in 7.43.0 any-domain
    cookies will not be exported either. For more information refer to the
    CURLOPT_COOKIELIST documentation.
    */
    snprintf(nline, sizeof(nline),
      "Set-Cookie: OLD_PREF=3d141414bf4209321; "
      "expires=Sun, 17-Jan-2038 19:14:07 GMT; path=/; domain=.google.com");
--- a/docs/examples/curlgtk.c
+++ b/docs/examples/curlgtk.c
@@ -5,9 +5,12 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
 *  Copyright (c) 2000 David Odin (aka DindinX) for MandrakeSoft
 */
 /* <DESC>
 * use the libcurl in a gtk-threaded application
 * </DESC>
 */
 /* Copyright (c) 2000 David Odin (aka DindinX) for MandrakeSoft */
 /* an attempt to use the curl library in concert with a gtk-threaded application */
 #include <stdio.h>
 #include <gtk/gtk.h>
--- a/docs/examples/curlx.c
+++ b/docs/examples/curlx.c
@@ -9,7 +9,10 @@
  certificate presented during ssl session establishment.
 */
-
+/* <DESC>
 * demonstrates use of SSL context callback, requires OpenSSL
 * </DESC>
 */
 /*
 * Copyright (c) 2003 The OpenEvidence Project.  All rights reserved.
@@ -490,7 +493,7 @@ int main(int argc, char **argv) {
        BIO_printf(p.errorbio,"the response has a correct mimetype : %s\n",
                   response);
      else
-        BIO_printf(p.errorbio,"the reponse doesn\'t has an acceptable "
+        BIO_printf(p.errorbio,"the response doesn\'t have an acceptable "
                   "mime type, it is %s instead of %s\n",
                   response,mimetypeaccept);
  }
--- a/docs/examples/debug.c
+++ b/docs/examples/debug.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -19,6 +19,10 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
 /* <DESC>
 * Show how CURLOPT_DEBUGFUNCTION can be used.
 * </DESC>
 */
 #include <stdio.h>
 #include <curl/curl.h>
--- a/docs/examples/evhiperfifo.c
+++ b/docs/examples/evhiperfifo.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -19,6 +19,10 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
 /* <DESC>
 * multi socket interface together with libev
 * </DESC>
 */
 /* Example application source code using the multi socket interface to
 * download many files at once.
 *
--- a/docs/examples/externalsocket.c
+++ b/docs/examples/externalsocket.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -19,9 +19,10 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
-/*
+/* <DESC>
- * This is an example demonstrating how an application can pass in a custom
+ * An example demonstrating how an application can pass in a custom
 * socket to libcurl to use. This example also handles the connect itself.
 * </DESC>
 */
 #include <stdio.h>
 #include <string.h>
--- a/docs/examples/fileupload.c
+++ b/docs/examples/fileupload.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -19,6 +19,10 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
 /* <DESC>
 * Upload to a file:// URL
 * </DESC>
 */
 #include <stdio.h>
 #include <curl/curl.h>
 #include <sys/stat.h>
--- a/docs/examples/fopen.c
+++ b/docs/examples/fopen.c
@@ -42,6 +42,10 @@
 *
 * This example requires libcurl 7.9.7 or later.
 */
 /* <DESC>
 * implements an fopen() abstraction allowing reading from URLs
 * </DESC>
 */
 #include <stdio.h>
 #include <string.h>
@@ -108,7 +112,7 @@ static size_t write_callback(char *buffer,
      size=rembuff;
    }
    else {
-      /* realloc suceeded increase buffer size*/
+      /* realloc succeeded increase buffer size*/
      url->buffer_len+=size - rembuff;
      url->buffer=newbuff;
    }
@@ -131,7 +135,7 @@ static int fill_buffer(URL_FILE *file, size_t want)
  CURLMcode mc; /* curl_multi_fdset() return code */
  /* only attempt to fill buffer if transactions still running and buffer
-   * doesnt exceed required size already
+   * doesn't exceed required size already
   */
  if((!file->still_running) || (file->buffer_pos > want))
    return 0;
@@ -205,14 +209,12 @@ static int fill_buffer(URL_FILE *file, size_t want)
 }
 /* use to remove want bytes from the front of a files buffer */
-static int use_buffer(URL_FILE *file,int want)
+static int use_buffer(URL_FILE *file, size_t want)
 {
  /* sort out buffer */
  if((file->buffer_pos - want) <=0) {
    /* ditch buffer - write will recreate */
-    if(file->buffer)
+    free(file->buffer);
      free(file->buffer);
    file->buffer=NULL;
    file->buffer_pos=0;
    file->buffer_len=0;
@@ -231,7 +233,7 @@ static int use_buffer(URL_FILE *file,int want)
 URL_FILE *url_fopen(const char *url,const char *operation)
 {
  /* this code could check for URLs or types in the 'url' and
-     basicly use the real fopen() for standard files */
+     basically use the real fopen() for standard files */
  URL_FILE *file;
  (void)operation;
@@ -302,9 +304,7 @@ int url_fclose(URL_FILE *file)
    break;
  }
-  if(file->buffer)
+  free(file->buffer);/* free any allocated buffer space */
    free(file->buffer);/* free any allocated buffer space */
  free(file);
  return ret;
@@ -379,7 +379,7 @@ char *url_fgets(char *ptr, size_t size, URL_FILE *file)
  switch(file->type) {
  case CFTYPE_FILE:
-    ptr = fgets(ptr,size,file->handle.file);
+    ptr = fgets(ptr, (int)size, file->handle.file);
    break;
  case CFTYPE_CURL:
@@ -435,9 +435,7 @@ void url_rewind(URL_FILE *file)
    curl_multi_add_handle(multi_handle, file->handle.curl);
    /* ditch buffer - write will recreate - resets stream pos*/
-    if(file->buffer)
+    free(file->buffer);
      free(file->buffer);
    file->buffer=NULL;
    file->buffer_pos=0;
    file->buffer_len=0;
@@ -457,7 +455,7 @@ int main(int argc, char *argv[])
  URL_FILE *handle;
  FILE *outf;
-  int nread;
+  size_t nread;
  char buffer[256];
  const char *url;
@@ -505,7 +503,7 @@ int main(int argc, char *argv[])
  }
  do {
-    nread = url_fread(buffer, 1,sizeof(buffer), handle);
+    nread = url_fread(buffer, 1, sizeof(buffer), handle);
    fwrite(buffer,1,nread,outf);
  } while(nread);
--- a/docs/examples/ftp-wildcard.c
+++ b/docs/examples/ftp-wildcard.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -19,6 +19,10 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
 /* <DESC>
 * FTP wildcard pattern matching
 * </DESC>
 */
 #include <curl/curl.h>
 #include <stdio.h>
--- a/docs/examples/ftpget.c
+++ b/docs/examples/ftpget.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -23,11 +23,9 @@
 #include <curl/curl.h>
-/*
+/* <DESC>
- * This is an example showing how to get a single file from an FTP server.
+ * Get a single file from an FTP server.
- * It delays the actual destination file creation until the first write
+ * </DESC>
 * callback so that it won't create an empty file in case the remote file
 * doesn't exist or something else fails.
 */
 struct FtpFile {
@@ -53,7 +51,7 @@ int main(void)
  CURL *curl;
  CURLcode res;
  struct FtpFile ftpfile={
-    "curl.tar.gz", /* name to store the file as if succesful */
+    "curl.tar.gz", /* name to store the file as if successful */
    NULL
  };
--- a/docs/examples/ftpgetinfo.c
+++ b/docs/examples/ftpgetinfo.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -24,9 +24,9 @@
 #include <curl/curl.h>
-/*
+/* <DESC>
- * This is an example showing how to check a single file's size and mtime
+ * Checks a single file's size and mtime from an FTP server.
- * from an FTP server.
+ * </DESC>
 */
 static size_t throw_away(void *ptr, size_t size, size_t nmemb, void *data)
--- a/docs/examples/ftpgetresp.c
+++ b/docs/examples/ftpgetresp.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -23,13 +23,11 @@
 #include <curl/curl.h>
-/*
+/* <DESC>
- * Similar to ftpget.c but this also stores the received response-lines
+ * Similar to ftpget.c but also stores the received response-lines
 * in a separate file using our own callback!
- *
+ * </DESC>
 * This functionality was introduced in libcurl 7.9.3.
 */
 static size_t
 write_response(void *ptr, size_t size, size_t nmemb, void *data)
 {
--- a/docs/examples/ftpsget.c
+++ b/docs/examples/ftpsget.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -24,11 +24,9 @@
 #include <curl/curl.h>
-/*
+/* <DESC>
- * This is an example showing how to get a single file from an FTPS server.
+ * Get a single file from an FTPS server.
- * It delays the actual destination file creation until the first write
+ * </DESC>
 * callback so that it won't create an empty file in case the remote file
 * doesn't exist or something else fails.
 */
 struct FtpFile {
@@ -55,7 +53,7 @@ int main(void)
  CURL *curl;
  CURLcode res;
  struct FtpFile ftpfile={
-    "yourfile.bin", /* name to store the file as if succesful */
+    "yourfile.bin", /* name to store the file as if successful */
    NULL
  };
--- a/docs/examples/ftpupload.c
+++ b/docs/examples/ftpupload.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -33,11 +33,10 @@
 #include <unistd.h>
 #endif
-/*
+/* <DESC>
- * This example shows an FTP upload, with a rename of the file just after
+ * Performs an FTP upload and renames the file just after a successful
- * a successful upload.
+ * transfer.
- *
+ * </DESC>
 * Example based on source code provided by Erick Nuwendam. Thanks!
 */
 #define LOCAL_FILE      "/tmp/uploadthis.txt"
--- a/docs/examples/ftpuploadresume.c
+++ b/docs/examples/ftpuploadresume.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -19,13 +19,9 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
-/* Upload to FTP, resuming failed transfers
+/* <DESC>
- *
+ * Upload to FTP, resuming failed transfers.
- * Compile for MinGW like this:
+ * </DESC>
 *  gcc -Wall -pedantic -std=c99 ftpuploadwithresume.c -o ftpuploadresume.exe
 *  -lcurl -lmsvcr70
 *
 * Written by Philip Bock
 */
 #include <stdlib.h>
--- a/docs/examples/getinfo.c
+++ b/docs/examples/getinfo.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -19,6 +19,10 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
 /* <DESC>
 * Use getinfo to get content-type after completed transfer.
 * </DESC>
 */
 #include <stdio.h>
 #include <curl/curl.h>
@@ -27,18 +31,14 @@ int main(void)
  CURL *curl;
  CURLcode res;
  /* http://curl.haxx.se/libcurl/c/curl_easy_init.html */
  curl = curl_easy_init();
  if(curl) {
    /* http://curl.haxx.se/libcurl/c/curl_easy_setopt.html#CURLOPTURL */
    curl_easy_setopt(curl, CURLOPT_URL, "http://www.example.com/");
    /* http://curl.haxx.se/libcurl/c/curl_easy_perform.html */
    res = curl_easy_perform(curl);
    if(CURLE_OK == res) {
      char *ct;
      /* ask for the content-type */
      /* http://curl.haxx.se/libcurl/c/curl_easy_getinfo.html */
      res = curl_easy_getinfo(curl, CURLINFO_CONTENT_TYPE, &ct);
      if((CURLE_OK == res) && ct)
@@ -46,7 +46,6 @@ int main(void)
    }
    /* always cleanup */
    /* http://curl.haxx.se/libcurl/c/curl_easy_cleanup.html */
    curl_easy_cleanup(curl);
  }
  return 0;
--- a/docs/examples/getinmemory.c
+++ b/docs/examples/getinmemory.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -19,8 +19,10 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
-/* Example source code to show how the callback function can be used to
+/* <DESC>
- * download data into a chunk of memory instead of storing it in a file.
+ * Shows how the write callback function can be used to download data into a
 * chunk of memory instead of storing it in a file.
 * </DESC>
 */
 #include <stdio.h>
@@ -34,7 +36,6 @@ struct MemoryStruct {
  size_t size;
 };
 static size_t
 WriteMemoryCallback(void *contents, size_t size, size_t nmemb, void *userp)
 {
@@ -55,7 +56,6 @@ WriteMemoryCallback(void *contents, size_t size, size_t nmemb, void *userp)
  return realsize;
 }
 int main(void)
 {
  CURL *curl_handle;
@@ -106,8 +106,7 @@ int main(void)
  /* cleanup curl stuff */
  curl_easy_cleanup(curl_handle);
-  if(chunk.memory)
+  free(chunk.memory);
    free(chunk.memory);
  /* we're done with libcurl, so clean it up */
  curl_global_cleanup();
--- a/docs/examples/ghiper.c
+++ b/docs/examples/ghiper.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -19,6 +19,10 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
 /* <DESC>
 * multi socket API usage together with with glib2
 * </DESC>
 */
 /* Example application source code using the multi socket interface to
 * download many files at once.
 *
--- a/docs/examples/hiperfifo.c
+++ b/docs/examples/hiperfifo.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -19,6 +19,10 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
 /* <DESC>
 * multi socket API usage with libevent 2
 * </DESC>
 */
 /* Example application source code using the multi socket interface to
   download many files at once.
@@ -326,7 +330,7 @@ static void new_conn(char *url, GlobalInfo *g )
  conn->url = strdup(url);
  curl_easy_setopt(conn->easy, CURLOPT_URL, conn->url);
  curl_easy_setopt(conn->easy, CURLOPT_WRITEFUNCTION, write_cb);
-  curl_easy_setopt(conn->easy, CURLOPT_WRITEDATA, &conn);
+  curl_easy_setopt(conn->easy, CURLOPT_WRITEDATA, conn);
  curl_easy_setopt(conn->easy, CURLOPT_VERBOSE, 1L);
  curl_easy_setopt(conn->easy, CURLOPT_ERRORBUFFER, conn->error);
  curl_easy_setopt(conn->easy, CURLOPT_PRIVATE, conn);
--- a/docs/examples/href_extractor.c
+++ b/docs/examples/href_extractor.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2012 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -20,13 +20,13 @@
 *
 ***************************************************************************/
 /* <DESC>
 * Uses the "Streaming HTML parser" to extract the href pieces in a streaming
 * manner from a downloaded HTML.
 * </DESC>
 */
 /*
- * This example uses the "Streaming HTML parser" to extract the href pieces in
+ * The HTML parser is found at http://code.google.com/p/htmlstreamparser/
 * a streaming manner from a downloaded HTML. Kindly donated by Michał
 * Kowalczyk.
 *
 * The parser is found at
 * http://code.google.com/p/htmlstreamparser/
 */
 #include <stdio.h>
--- a/docs/examples/htmltidy.c
+++ b/docs/examples/htmltidy.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -19,13 +19,12 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
-/* Download a document and use libtidy to parse the HTML.
+/* <DESC>
- * Written by Jeff Pohlmeyer
+ * Download a document and use libtidy to parse the HTML.
- *
+ * </DESC>
 */
 /*
 * LibTidy => http://tidy.sourceforge.net
 *
 * gcc -Wall -I/usr/local/include tidycurl.c -lcurl -ltidy -o tidycurl
 *
 */
 #include <stdio.h>
--- a/docs/examples/htmltitle.cpp
+++ b/docs/examples/htmltitle.cpp
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -19,8 +19,10 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
-// Get a web page, parse it with libxml.
+/* <DESC>
-//
+ * Get a web page, extract the title with libxml.
 * </DESC>
 */
 // Written by Lars Nilsson
 //
 // GNU C++ compile command line suggestion (edit paths accordingly):
--- a/docs/examples/http-post.c
+++ b/docs/examples/http-post.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -19,6 +19,10 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
 /* <DESC>
 * simple HTTP POST using the easy interface
 * </DESC>
 */
 #include <stdio.h>
 #include <curl/curl.h>
--- a/docs/examples/http2-download.c
+++ b/docs/examples/http2-download.c
@@ -0,0 +1,292 @@
 /***************************************************************************
 *                                  _   _ ____  _
 *  Project                     ___| | | |  _ \| |
 *                             / __| | | | |_) | |
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
 * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
 * are also available at http://curl.haxx.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
 * furnished to do so, under the terms of the COPYING file.
 *
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 * KIND, either express or implied.
 *
 ***************************************************************************/
 /* <DESC>
 * Multiplexed HTTP/2 downloads over a single connection
 * </DESC>
 */
 #include <stdio.h>
 #include <stdlib.h>
 /* somewhat unix-specific */
 #include <sys/time.h>
 #include <unistd.h>
 /* curl stuff */
 #include <curl/curl.h>
 #ifndef CURLPIPE_MULTIPLEX
 /* This little trick will just make sure that we don't enable pipelining for
   libcurls old enough to not have this symbol. It is _not_ defined to zero in
   a recent libcurl header. */
 #define CURLPIPE_MULTIPLEX 0
 #endif
 #define NUM_HANDLES 1000
 void *curl_hnd[NUM_HANDLES];
 int num_transfers;
 /* a handle to number lookup, highly ineffective when we do many
   transfers... */
 static int hnd2num(CURL *hnd)
 {
  int i;
  for(i=0; i< num_transfers; i++) {
    if(curl_hnd[i] == hnd)
      return i;
  }
  return 0; /* weird, but just a fail-safe */
 }
 static
 void dump(const char *text, int num, unsigned char *ptr, size_t size,
          char nohex)
 {
  size_t i;
  size_t c;
  unsigned int width=0x10;
  if(nohex)
    /* without the hex output, we can fit more on screen */
    width = 0x40;
  fprintf(stderr, "%d %s, %ld bytes (0x%lx)\n",
          num, text, (long)size, (long)size);
  for(i=0; i<size; i+= width) {
    fprintf(stderr, "%4.4lx: ", (long)i);
    if(!nohex) {
      /* hex not disabled, show it */
      for(c = 0; c < width; c++)
        if(i+c < size)
          fprintf(stderr, "%02x ", ptr[i+c]);
        else
          fputs("   ", stderr);
    }
    for(c = 0; (c < width) && (i+c < size); c++) {
      /* check for 0D0A; if found, skip past and start a new line of output */
      if (nohex && (i+c+1 < size) && ptr[i+c]==0x0D && ptr[i+c+1]==0x0A) {
        i+=(c+2-width);
        break;
      }
      fprintf(stderr, "%c",
              (ptr[i+c]>=0x20) && (ptr[i+c]<0x80)?ptr[i+c]:'.');
      /* check again for 0D0A, to avoid an extra \n if it's at width */
      if (nohex && (i+c+2 < size) && ptr[i+c+1]==0x0D && ptr[i+c+2]==0x0A) {
        i+=(c+3-width);
        break;
      }
    }
    fputc('\n', stderr); /* newline */
  }
 }
 static
 int my_trace(CURL *handle, curl_infotype type,
             char *data, size_t size,
             void *userp)
 {
  const char *text;
  int num = hnd2num(handle);
  (void)handle; /* prevent compiler warning */
  (void)userp;
  switch (type) {
  case CURLINFO_TEXT:
    fprintf(stderr, "== %d Info: %s", num, data);
  default: /* in case a new one is introduced to shock us */
    return 0;
  case CURLINFO_HEADER_OUT:
    text = "=> Send header";
    break;
  case CURLINFO_DATA_OUT:
    text = "=> Send data";
    break;
  case CURLINFO_SSL_DATA_OUT:
    text = "=> Send SSL data";
    break;
  case CURLINFO_HEADER_IN:
    text = "<= Recv header";
    break;
  case CURLINFO_DATA_IN:
    text = "<= Recv data";
    break;
  case CURLINFO_SSL_DATA_IN:
    text = "<= Recv SSL data";
    break;
  }
  dump(text, num, (unsigned char *)data, size, 1);
  return 0;
 }
 static void setup(CURL *hnd, int num)
 {
  FILE *out;
  char filename[128];
  sprintf(filename, "dl-%d", num);
  out = fopen(filename, "wb");
  /* write to this file */
  curl_easy_setopt(hnd, CURLOPT_WRITEDATA, out);
  /* set the same URL */
  curl_easy_setopt(hnd, CURLOPT_URL, "https://localhost:8443/index.html");
  /* send it verbose for max debuggaility */
  curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L);
  curl_easy_setopt(hnd, CURLOPT_DEBUGFUNCTION, my_trace);
  /* HTTP/2 please */
  curl_easy_setopt(hnd, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_2_0);
  /* we use a self-signed test server, skip verification during debugging */
  curl_easy_setopt(hnd, CURLOPT_SSL_VERIFYPEER, 0L);
  curl_easy_setopt(hnd, CURLOPT_SSL_VERIFYHOST, 0L);
 #if (CURLPIPE_MULTIPLEX > 0)
  /* wait for pipe connection to confirm */
  curl_easy_setopt(hnd, CURLOPT_PIPEWAIT, 1L);
 #endif
  curl_hnd[num] = hnd;
 }
 /*
 * Simply download two files over HTTP/2, using the same physical connection!
 */
 int main(int argc, char **argv)
 {
  CURL *easy[NUM_HANDLES];
  CURLM *multi_handle;
  int i;
  int still_running; /* keep number of running handles */
  if(argc > 1)
    /* if given a number, do that many transfers */
    num_transfers = atoi(argv[1]);
  if(!num_transfers || (num_transfers > NUM_HANDLES))
    num_transfers = 3; /* a suitable low default */
  /* init a multi stack */
  multi_handle = curl_multi_init();
  for(i=0; i<num_transfers; i++) {
    easy[i] = curl_easy_init();
    /* set options */
    setup(easy[i], i);
    /* add the individual transfer */
    curl_multi_add_handle(multi_handle, easy[i]);
  }
  curl_multi_setopt(multi_handle, CURLMOPT_PIPELINING, CURLPIPE_MULTIPLEX);
  /* we start some action by calling perform right away */
  curl_multi_perform(multi_handle, &still_running);
  do {
    struct timeval timeout;
    int rc; /* select() return code */
    CURLMcode mc; /* curl_multi_fdset() return code */
    fd_set fdread;
    fd_set fdwrite;
    fd_set fdexcep;
    int maxfd = -1;
    long curl_timeo = -1;
    FD_ZERO(&fdread);
    FD_ZERO(&fdwrite);
    FD_ZERO(&fdexcep);
    /* set a suitable timeout to play around with */
    timeout.tv_sec = 1;
    timeout.tv_usec = 0;
    curl_multi_timeout(multi_handle, &curl_timeo);
    if(curl_timeo >= 0) {
      timeout.tv_sec = curl_timeo / 1000;
      if(timeout.tv_sec > 1)
        timeout.tv_sec = 1;
      else
        timeout.tv_usec = (curl_timeo % 1000) * 1000;
    }
    /* get file descriptors from the transfers */
    mc = curl_multi_fdset(multi_handle, &fdread, &fdwrite, &fdexcep, &maxfd);
    if(mc != CURLM_OK)
    {
      fprintf(stderr, "curl_multi_fdset() failed, code %d.\n", mc);
      break;
    }
    /* On success the value of maxfd is guaranteed to be >= -1. We call
       select(maxfd + 1, ...); specially in case of (maxfd == -1) there are
       no fds ready yet so we call select(0, ...) --or Sleep() on Windows--
       to sleep 100ms, which is the minimum suggested value in the
       curl_multi_fdset() doc. */
    if(maxfd == -1) {
 #ifdef _WIN32
      Sleep(100);
      rc = 0;
 #else
      /* Portable sleep for platforms other than Windows. */
      struct timeval wait = { 0, 100 * 1000 }; /* 100ms */
      rc = select(0, NULL, NULL, NULL, &wait);
 #endif
    }
    else {
      /* Note that on some platforms 'timeout' may be modified by select().
         If you need access to the original value save a copy beforehand. */
      rc = select(maxfd+1, &fdread, &fdwrite, &fdexcep, &timeout);
    }
    switch(rc) {
    case -1:
      /* select error */
      break;
    case 0:
    default:
      /* timeout or readable/writable sockets */
      curl_multi_perform(multi_handle, &still_running);
      break;
    }
  } while(still_running);
  curl_multi_cleanup(multi_handle);
  for(i=0; i<num_transfers; i++)
    curl_easy_cleanup(easy[i]);
  return 0;
 }
--- a/docs/examples/http2-serverpush.c
+++ b/docs/examples/http2-serverpush.c
@@ -0,0 +1,317 @@
 /***************************************************************************
 *                                  _   _ ____  _
 *  Project                     ___| | | |  _ \| |
 *                             / __| | | | |_) | |
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
 * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
 * are also available at http://curl.haxx.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
 * furnished to do so, under the terms of the COPYING file.
 *
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 * KIND, either express or implied.
 *
 ***************************************************************************/
 /* <DESC>
 * HTTP/2 server push
 * </DESC>
 */
 #include <stdio.h>
 #include <stdlib.h>
 /* somewhat unix-specific */
 #include <sys/time.h>
 #include <unistd.h>
 /* curl stuff */
 #include <curl/curl.h>
 #ifndef CURLPIPE_MULTIPLEX
 #error "too old libcurl, can't do HTTP/2 server push!"
 #endif
 static
 void dump(const char *text, unsigned char *ptr, size_t size,
          char nohex)
 {
  size_t i;
  size_t c;
  unsigned int width=0x10;
  if(nohex)
    /* without the hex output, we can fit more on screen */
    width = 0x40;
  fprintf(stderr, "%s, %ld bytes (0x%lx)\n",
          text, (long)size, (long)size);
  for(i=0; i<size; i+= width) {
    fprintf(stderr, "%4.4lx: ", (long)i);
    if(!nohex) {
      /* hex not disabled, show it */
      for(c = 0; c < width; c++)
        if(i+c < size)
          fprintf(stderr, "%02x ", ptr[i+c]);
        else
          fputs("   ", stderr);
    }
    for(c = 0; (c < width) && (i+c < size); c++) {
      /* check for 0D0A; if found, skip past and start a new line of output */
      if (nohex && (i+c+1 < size) && ptr[i+c]==0x0D && ptr[i+c+1]==0x0A) {
        i+=(c+2-width);
        break;
      }
      fprintf(stderr, "%c",
              (ptr[i+c]>=0x20) && (ptr[i+c]<0x80)?ptr[i+c]:'.');
      /* check again for 0D0A, to avoid an extra \n if it's at width */
      if (nohex && (i+c+2 < size) && ptr[i+c+1]==0x0D && ptr[i+c+2]==0x0A) {
        i+=(c+3-width);
        break;
      }
    }
    fputc('\n', stderr); /* newline */
  }
 }
 static
 int my_trace(CURL *handle, curl_infotype type,
             char *data, size_t size,
             void *userp)
 {
  const char *text;
  (void)handle; /* prevent compiler warning */
  (void)userp;
  switch (type) {
  case CURLINFO_TEXT:
    fprintf(stderr, "== Info: %s", data);
  default: /* in case a new one is introduced to shock us */
    return 0;
  case CURLINFO_HEADER_OUT:
    text = "=> Send header";
    break;
  case CURLINFO_DATA_OUT:
    text = "=> Send data";
    break;
  case CURLINFO_SSL_DATA_OUT:
    text = "=> Send SSL data";
    break;
  case CURLINFO_HEADER_IN:
    text = "<= Recv header";
    break;
  case CURLINFO_DATA_IN:
    text = "<= Recv data";
    break;
  case CURLINFO_SSL_DATA_IN:
    text = "<= Recv SSL data";
    break;
  }
  dump(text, (unsigned char *)data, size, 1);
  return 0;
 }
 static void setup(CURL *hnd)
 {
  FILE *out = fopen("dl", "wb");
  /* write to this file */
  curl_easy_setopt(hnd, CURLOPT_WRITEDATA, out);
  /* set the same URL */
  curl_easy_setopt(hnd, CURLOPT_URL, "https://localhost:8443/index.html");
  /* send it verbose for max debuggaility */
  curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L);
  curl_easy_setopt(hnd, CURLOPT_DEBUGFUNCTION, my_trace);
  /* HTTP/2 please */
  curl_easy_setopt(hnd, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_2_0);
  /* we use a self-signed test server, skip verification during debugging */
  curl_easy_setopt(hnd, CURLOPT_SSL_VERIFYPEER, 0L);
  curl_easy_setopt(hnd, CURLOPT_SSL_VERIFYHOST, 0L);
 #if (CURLPIPE_MULTIPLEX > 0)
  /* wait for pipe connection to confirm */
  curl_easy_setopt(hnd, CURLOPT_PIPEWAIT, 1L);
 #endif
 }
 /* called when there's an incoming push */
 static int server_push_callback(CURL *parent,
                                CURL *easy,
                                size_t num_headers,
                                struct curl_pushheaders *headers,
                                void *userp)
 {
  char *headp;
  size_t i;
  int *transfers = (int *)userp;
  char filename[128];
  FILE *out;
  static unsigned int count = 0;
  (void)parent; /* we have no use for this */
  sprintf(filename, "push%u", count++);
  /* here's a new stream, save it in a new file for each new push */
  out = fopen(filename, "wb");
  /* write to this file */
  curl_easy_setopt(easy, CURLOPT_WRITEDATA, out);
  fprintf(stderr, "**** push callback approves stream %u, got %d headers!\n",
          count, (int)num_headers);
  for(i=0; i<num_headers; i++) {
    headp = curl_pushheader_bynum(headers, i);
    fprintf(stderr, "**** header %u: %s\n", (int)i, headp);
  }
  headp = curl_pushheader_byname(headers, ":path");
  if(headp) {
    fprintf(stderr, "**** The PATH is %s\n", headp /* skip :path + colon */ );
  }
  (*transfers)++; /* one more */
  return CURL_PUSH_OK;
 }
 /*
 * Download a file over HTTP/2, take care of server push.
 */
 int main(void)
 {
  CURL *easy;
  CURLM *multi_handle;
  int still_running; /* keep number of running handles */
  int transfers=1; /* we start with one */
  struct CURLMsg *m;
  /* init a multi stack */
  multi_handle = curl_multi_init();
  easy = curl_easy_init();
  /* set options */
  setup(easy);
  /* add the easy transfer */
  curl_multi_add_handle(multi_handle, easy);
  curl_multi_setopt(multi_handle, CURLMOPT_PIPELINING, CURLPIPE_MULTIPLEX);
  curl_multi_setopt(multi_handle, CURLMOPT_PUSHFUNCTION, server_push_callback);
  curl_multi_setopt(multi_handle, CURLMOPT_PUSHDATA, &transfers);
  /* we start some action by calling perform right away */
  curl_multi_perform(multi_handle, &still_running);
  do {
    struct timeval timeout;
    int rc; /* select() return code */
    CURLMcode mc; /* curl_multi_fdset() return code */
    fd_set fdread;
    fd_set fdwrite;
    fd_set fdexcep;
    int maxfd = -1;
    long curl_timeo = -1;
    FD_ZERO(&fdread);
    FD_ZERO(&fdwrite);
    FD_ZERO(&fdexcep);
    /* set a suitable timeout to play around with */
    timeout.tv_sec = 1;
    timeout.tv_usec = 0;
    curl_multi_timeout(multi_handle, &curl_timeo);
    if(curl_timeo >= 0) {
      timeout.tv_sec = curl_timeo / 1000;
      if(timeout.tv_sec > 1)
        timeout.tv_sec = 1;
      else
        timeout.tv_usec = (curl_timeo % 1000) * 1000;
    }
    /* get file descriptors from the transfers */
    mc = curl_multi_fdset(multi_handle, &fdread, &fdwrite, &fdexcep, &maxfd);
    if(mc != CURLM_OK) {
      fprintf(stderr, "curl_multi_fdset() failed, code %d.\n", mc);
      break;
    }
    /* On success the value of maxfd is guaranteed to be >= -1. We call
       select(maxfd + 1, ...); specially in case of (maxfd == -1) there are
       no fds ready yet so we call select(0, ...) --or Sleep() on Windows--
       to sleep 100ms, which is the minimum suggested value in the
       curl_multi_fdset() doc. */
    if(maxfd == -1) {
 #ifdef _WIN32
      Sleep(100);
      rc = 0;
 #else
      /* Portable sleep for platforms other than Windows. */
      struct timeval wait = { 0, 100 * 1000 }; /* 100ms */
      rc = select(0, NULL, NULL, NULL, &wait);
 #endif
    }
    else {
      /* Note that on some platforms 'timeout' may be modified by select().
         If you need access to the original value save a copy beforehand. */
      rc = select(maxfd+1, &fdread, &fdwrite, &fdexcep, &timeout);
    }
    switch(rc) {
    case -1:
      /* select error */
      break;
    case 0:
    default:
      /* timeout or readable/writable sockets */
      curl_multi_perform(multi_handle, &still_running);
      break;
    }
    /*
     * A little caution when doing server push is that libcurl itself has
     * created and added one or more easy handles but we need to clean them up
     * when we are done.
     */
    do {
      int msgq = 0;;
      m = curl_multi_info_read(multi_handle, &msgq);
      if(m && (m->msg == CURLMSG_DONE)) {
        CURL *e = m->easy_handle;
        transfers--;
        curl_multi_remove_handle(multi_handle, e);
        curl_easy_cleanup(e);
      }
    } while(m);
  } while(transfers); /* as long as we have transfers going */
  curl_multi_cleanup(multi_handle);
  return 0;
 }
--- a/docs/examples/http2-upload.c
+++ b/docs/examples/http2-upload.c
@@ -0,0 +1,356 @@
 /***************************************************************************
 *                                  _   _ ____  _
 *  Project                     ___| | | |  _ \| |
 *                             / __| | | | |_) | |
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
 * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
 * are also available at http://curl.haxx.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
 * furnished to do so, under the terms of the COPYING file.
 *
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 * KIND, either express or implied.
 *
 ***************************************************************************/
 /* <DESC>
 * Multiplexed HTTP/2 uploads over a single connection
 * </DESC>
 */
 #include <stdio.h>
 #include <stdlib.h>
 #include <fcntl.h>
 #include <sys/stat.h>
 /* somewhat unix-specific */
 #include <sys/time.h>
 #include <unistd.h>
 /* curl stuff */
 #include <curl/curl.h>
 #ifndef CURLPIPE_MULTIPLEX
 /* This little trick will just make sure that we don't enable pipelining for
   libcurls old enough to not have this symbol. It is _not_ defined to zero in
   a recent libcurl header. */
 #define CURLPIPE_MULTIPLEX 0
 #endif
 #define NUM_HANDLES 1000
 void *curl_hnd[NUM_HANDLES];
 int num_transfers;
 /* a handle to number lookup, highly ineffective when we do many
   transfers... */
 static int hnd2num(CURL *hnd)
 {
  int i;
  for(i=0; i< num_transfers; i++) {
    if(curl_hnd[i] == hnd)
      return i;
  }
  return 0; /* weird, but just a fail-safe */
 }
 static
 void dump(const char *text, int num, unsigned char *ptr, size_t size,
          char nohex)
 {
  size_t i;
  size_t c;
  unsigned int width=0x10;
  if(nohex)
    /* without the hex output, we can fit more on screen */
    width = 0x40;
  fprintf(stderr, "%d %s, %ld bytes (0x%lx)\n",
          num, text, (long)size, (long)size);
  for(i=0; i<size; i+= width) {
    fprintf(stderr, "%4.4lx: ", (long)i);
    if(!nohex) {
      /* hex not disabled, show it */
      for(c = 0; c < width; c++)
        if(i+c < size)
          fprintf(stderr, "%02x ", ptr[i+c]);
        else
          fputs("   ", stderr);
    }
    for(c = 0; (c < width) && (i+c < size); c++) {
      /* check for 0D0A; if found, skip past and start a new line of output */
      if (nohex && (i+c+1 < size) && ptr[i+c]==0x0D && ptr[i+c+1]==0x0A) {
        i+=(c+2-width);
        break;
      }
      fprintf(stderr, "%c",
              (ptr[i+c]>=0x20) && (ptr[i+c]<0x80)?ptr[i+c]:'.');
      /* check again for 0D0A, to avoid an extra \n if it's at width */
      if (nohex && (i+c+2 < size) && ptr[i+c+1]==0x0D && ptr[i+c+2]==0x0A) {
        i+=(c+3-width);
        break;
      }
    }
    fputc('\n', stderr); /* newline */
  }
 }
 static
 int my_trace(CURL *handle, curl_infotype type,
             char *data, size_t size,
             void *userp)
 {
  char timebuf[20];
  const char *text;
  int num = hnd2num(handle);
  static time_t epoch_offset;
  static int    known_offset;
  struct timeval tv;
  time_t secs;
  struct tm *now;
  (void)handle; /* prevent compiler warning */
  (void)userp;
  gettimeofday(&tv, NULL);
  if(!known_offset) {
    epoch_offset = time(NULL) - tv.tv_sec;
    known_offset = 1;
  }
  secs = epoch_offset + tv.tv_sec;
  now = localtime(&secs);  /* not thread safe but we don't care */
  snprintf(timebuf, sizeof(timebuf), "%02d:%02d:%02d.%06ld",
           now->tm_hour, now->tm_min, now->tm_sec, (long)tv.tv_usec);
  switch (type) {
  case CURLINFO_TEXT:
    fprintf(stderr, "%s [%d] Info: %s", timebuf, num, data);
  default: /* in case a new one is introduced to shock us */
    return 0;
  case CURLINFO_HEADER_OUT:
    text = "=> Send header";
    break;
  case CURLINFO_DATA_OUT:
    text = "=> Send data";
    break;
  case CURLINFO_SSL_DATA_OUT:
    text = "=> Send SSL data";
    break;
  case CURLINFO_HEADER_IN:
    text = "<= Recv header";
    break;
  case CURLINFO_DATA_IN:
    text = "<= Recv data";
    break;
  case CURLINFO_SSL_DATA_IN:
    text = "<= Recv SSL data";
    break;
  }
  dump(text, num, (unsigned char *)data, size, 1);
  return 0;
 }
 struct input {
  FILE *in;
  size_t bytes_read; /* count up */
  CURL *hnd;
 };
 static size_t read_callback(void *ptr, size_t size, size_t nmemb, void *userp)
 {
  struct input *i = userp;
  size_t retcode = fread(ptr, size, nmemb, i->in);
  i->bytes_read += retcode;
  return retcode;
 }
 struct input indata[NUM_HANDLES];
 static void setup(CURL *hnd, int num, const char *upload)
 {
  FILE *out;
  char url[256];
  char filename[128];
  struct stat file_info;
  curl_off_t uploadsize;
  sprintf(filename, "dl-%d", num);
  out = fopen(filename, "wb");
  sprintf(url, "https://localhost:8443/upload-%d", num);
  /* get the file size of the local file */
  stat(upload, &file_info);
  uploadsize = file_info.st_size;
  indata[num].in = fopen(upload, "rb");
  indata[num].hnd = hnd;
  /* write to this file */
  curl_easy_setopt(hnd, CURLOPT_WRITEDATA, out);
  /* we want to use our own read function */
  curl_easy_setopt(hnd, CURLOPT_READFUNCTION, read_callback);
  /* read from this file */
  curl_easy_setopt(hnd, CURLOPT_READDATA, &indata[num]);
  /* provide the size of the upload */
  curl_easy_setopt(hnd, CURLOPT_INFILESIZE_LARGE, uploadsize);
  /* send in the URL to store the upload as */
  curl_easy_setopt(hnd, CURLOPT_URL, url);
  /* upload please */
  curl_easy_setopt(hnd, CURLOPT_UPLOAD, 1L);
  /* send it verbose for max debuggaility */
  curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L);
  curl_easy_setopt(hnd, CURLOPT_DEBUGFUNCTION, my_trace);
  /* HTTP/2 please */
  curl_easy_setopt(hnd, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_2_0);
  /* we use a self-signed test server, skip verification during debugging */
  curl_easy_setopt(hnd, CURLOPT_SSL_VERIFYPEER, 0L);
  curl_easy_setopt(hnd, CURLOPT_SSL_VERIFYHOST, 0L);
 #if (CURLPIPE_MULTIPLEX > 0)
  /* wait for pipe connection to confirm */
  curl_easy_setopt(hnd, CURLOPT_PIPEWAIT, 1L);
 #endif
  curl_hnd[num] = hnd;
 }
 /*
 * Upload all files over HTTP/2, using the same physical connection!
 */
 int main(int argc, char **argv)
 {
  CURL *easy[NUM_HANDLES];
  CURLM *multi_handle;
  int i;
  int still_running; /* keep number of running handles */
  const char *filename = "index.html";
  if(argc > 1)
    /* if given a number, do that many transfers */
    num_transfers = atoi(argv[1]);
  if(argc > 2)
    /* if given a file name, upload this! */
    filename = argv[2];
  if(!num_transfers || (num_transfers > NUM_HANDLES))
    num_transfers = 3; /* a suitable low default */
  /* init a multi stack */
  multi_handle = curl_multi_init();
  for(i=0; i<num_transfers; i++) {
    easy[i] = curl_easy_init();
    /* set options */
    setup(easy[i], i, filename);
    /* add the individual transfer */
    curl_multi_add_handle(multi_handle, easy[i]);
  }
  curl_multi_setopt(multi_handle, CURLMOPT_PIPELINING, CURLPIPE_MULTIPLEX);
  /* We do HTTP/2 so let's stick to one connection per host */
  curl_multi_setopt(multi_handle, CURLMOPT_MAX_HOST_CONNECTIONS, 1L);
  /* we start some action by calling perform right away */
  curl_multi_perform(multi_handle, &still_running);
  do {
    struct timeval timeout;
    int rc; /* select() return code */
    CURLMcode mc; /* curl_multi_fdset() return code */
    fd_set fdread;
    fd_set fdwrite;
    fd_set fdexcep;
    int maxfd = -1;
    long curl_timeo = -1;
    FD_ZERO(&fdread);
    FD_ZERO(&fdwrite);
    FD_ZERO(&fdexcep);
    /* set a suitable timeout to play around with */
    timeout.tv_sec = 1;
    timeout.tv_usec = 0;
    curl_multi_timeout(multi_handle, &curl_timeo);
    if(curl_timeo >= 0) {
      timeout.tv_sec = curl_timeo / 1000;
      if(timeout.tv_sec > 1)
        timeout.tv_sec = 1;
      else
        timeout.tv_usec = (curl_timeo % 1000) * 1000;
    }
    /* get file descriptors from the transfers */
    mc = curl_multi_fdset(multi_handle, &fdread, &fdwrite, &fdexcep, &maxfd);
    if(mc != CURLM_OK)
    {
      fprintf(stderr, "curl_multi_fdset() failed, code %d.\n", mc);
      break;
    }
    /* On success the value of maxfd is guaranteed to be >= -1. We call
       select(maxfd + 1, ...); specially in case of (maxfd == -1) there are
       no fds ready yet so we call select(0, ...) --or Sleep() on Windows--
       to sleep 100ms, which is the minimum suggested value in the
       curl_multi_fdset() doc. */
    if(maxfd == -1) {
 #ifdef _WIN32
      Sleep(100);
      rc = 0;
 #else
      /* Portable sleep for platforms other than Windows. */
      struct timeval wait = { 0, 100 * 1000 }; /* 100ms */
      rc = select(0, NULL, NULL, NULL, &wait);
 #endif
    }
    else {
      /* Note that on some platforms 'timeout' may be modified by select().
         If you need access to the original value save a copy beforehand. */
      rc = select(maxfd+1, &fdread, &fdwrite, &fdexcep, &timeout);
    }
    switch(rc) {
    case -1:
      /* select error */
      break;
    case 0:
    default:
      /* timeout or readable/writable sockets */
      curl_multi_perform(multi_handle, &still_running);
      break;
    }
  } while(still_running);
  curl_multi_cleanup(multi_handle);
  for(i=0; i<num_transfers; i++)
    curl_easy_cleanup(easy[i]);
  return 0;
 }
--- a/docs/examples/httpcustomheader.c
+++ b/docs/examples/httpcustomheader.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -19,6 +19,10 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
 /* <DESC>
 * HTTP request with custom modified, removed and added headers
 * </DESC>
 */
 #include <stdio.h>
 #include <curl/curl.h>
--- a/docs/examples/httpput.c
+++ b/docs/examples/httpput.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -19,6 +19,10 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
 /* <DESC>
 * HTTP PUT with easy interface and read callback
 * </DESC>
 */
 #include <stdio.h>
 #include <fcntl.h>
 #include <sys/stat.h>
--- a/docs/examples/https.c
+++ b/docs/examples/https.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -19,6 +19,10 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
 /* <DESC>
 * Simple HTTPS GET
 * </DESC>
 */
 #include <stdio.h>
 #include <curl/curl.h>
--- a/docs/examples/imap-append.c
+++ b/docs/examples/imap-append.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -19,6 +19,10 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
 /* <DESC>
 * Simple IMAP APPEND use
 * </DESC>
 */
 #include <stdio.h>
 #include <string.h>
 #include <curl/curl.h>
--- a/docs/examples/imap-ssl.c
+++ b/docs/examples/imap-ssl.c
@@ -60,7 +60,7 @@ int main(void)
     * they have mentioned in their server certificate's commonName (or
     * subjectAltName) fields, libcurl will refuse to connect. You can skip
     * this check, but this will make the connection less secure. */
-#ifdef SKIP_HOSTNAME_VERFICATION
+#ifdef SKIP_HOSTNAME_VERIFICATION
    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
 #endif
--- a/docs/examples/makefile.dj
+++ b/docs/examples/makefile.dj
@@ -19,10 +19,6 @@
 # KIND, either express or implied.
 #
 ###########################################################################
 #
 #  Adapted for djgpp / Watt-32 / DOS by
 #  Gisle Vanem <gvanem@broadpark.no>
 #
 TOPDIR = ../..
--- a/docs/examples/multi-debugcallback.c
+++ b/docs/examples/multi-debugcallback.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -19,7 +19,10 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
-/* This is an example showing the multi interface and the debug callback. */
+/* <DESC>
 * multi interface and debug callback
 * </DESC>
 */
 #include <stdio.h>
 #include <string.h>
--- a/docs/examples/multi-double.c
+++ b/docs/examples/multi-double.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -19,6 +19,10 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
 /* <DESC>
 * multi interface code doing two parallel HTTP transfers
 * </DESC>
 */
 #include <stdio.h>
 #include <string.h>
--- a/docs/examples/multi-post.c
+++ b/docs/examples/multi-post.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -19,8 +19,11 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
-/* This is an example application source code using the multi interface
+/* <DESC>
- * to do a multipart formpost without "blocking". */
+ * using the multi interface to do a multipart formpost without blocking
 * </DESC>
 */
 #include <stdio.h>
 #include <string.h>
 #include <sys/time.h>
@@ -64,7 +67,7 @@ int main(void)
  curl = curl_easy_init();
  multi_handle = curl_multi_init();
-  /* initalize custom header list (stating that Expect: 100-continue is not
+  /* initialize custom header list (stating that Expect: 100-continue is not
     wanted */
  headerlist = curl_slist_append(headerlist, buf);
  if(curl && multi_handle) {
--- a/docs/examples/multi-single.c
+++ b/docs/examples/multi-single.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -19,7 +19,10 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
-/* This is a very simple example using the multi interface. */
+/* <DESC>
 * using the multi interface to do a single download
 * </DESC>
 */
 #include <stdio.h>
 #include <string.h>
@@ -76,12 +79,12 @@ int main(void)
    if(mc != CURLM_OK)
    {
-      fprintf(stderr, "curl_multi_fdset() failed, code %d.\n", mc);
+      fprintf(stderr, "curl_multi_wait() failed, code %d.\n", mc);
      break;
    }
    /* 'numfds' being zero means either a timeout or no file descriptors to
-       wait for. Try timeout on first occurance, then assume no file
+       wait for. Try timeout on first occurrence, then assume no file
       descriptors and no file descriptors to wait for means wait for 100
       milliseconds. */
--- a/docs/examples/multi-uv.c
+++ b/docs/examples/multi-uv.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -20,6 +20,10 @@
 *
 ***************************************************************************/
 /* <DESC>
 * multi_socket API using libuv
 * </DESC>
 */
 /* Example application code using the multi socket interface to download
   multiple files at once, but instead of using curl_multi_perform and
   curl_multi_wait, which uses select(), we use libuv.
--- a/docs/examples/multithread.c
+++ b/docs/examples/multithread.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -19,8 +19,10 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
-/* A multi-threaded example that uses pthreads extensively to fetch
+/* <DESC>
- * X remote files at once */
+ * A multi-threaded example that uses pthreads to fetch several files at once
 * </DESC>
 */
 #include <stdio.h>
 #include <pthread.h>
--- a/docs/examples/opensslthreadlock.c
+++ b/docs/examples/opensslthreadlock.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -19,16 +19,17 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
-/* Example source code to show one way to set the necessary OpenSSL locking
+/* <DESC>
- * callbacks if you want to do multi-threaded transfers with HTTPS/FTPS with
+ * one way to set the necessary OpenSSL locking callbacks if you want to do
- * libcurl built to use OpenSSL.
+ * multi-threaded transfers with HTTPS/FTPS with libcurl built to use OpenSSL.
- *
+ * </DESC>
 */
 /*
 * This is not a complete stand-alone example.
 *
 * Author: Jeremy Brown
 */
 #include <stdio.h>
 #include <pthread.h>
 #include <openssl/err.h>
--- a/docs/examples/persistant.c
+++ b/docs/examples/persistant.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -19,6 +19,10 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
 /* <DESC>
 * re-using handles to do HTTP persistent connections
 * </DESC>
 */
 #include <stdio.h>
 #include <unistd.h>
 #include <curl/curl.h>
--- a/docs/examples/pop3-multi.c
+++ b/docs/examples/pop3-multi.c
@@ -69,7 +69,7 @@ int main(void)
  curl_easy_setopt(curl, CURLOPT_USERNAME, "user");
  curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");
-  /* This will retreive message 1 from the user's mailbox */
+  /* This will retrieve message 1 from the user's mailbox */
  curl_easy_setopt(curl, CURLOPT_URL, "pop3://pop.example.com/1");
  /* Tell the multi stack about our easy handle */
--- a/docs/examples/pop3-retr.c
+++ b/docs/examples/pop3-retr.c
@@ -39,7 +39,7 @@ int main(void)
    curl_easy_setopt(curl, CURLOPT_USERNAME, "user");
    curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");
-    /* This will retreive message 1 from the user's mailbox */
+    /* This will retrieve message 1 from the user's mailbox */
    curl_easy_setopt(curl, CURLOPT_URL, "pop3://pop.example.com/1");
    /* Perform the retr */
--- a/docs/examples/pop3-ssl.c
+++ b/docs/examples/pop3-ssl.c
@@ -40,7 +40,7 @@ int main(void)
    curl_easy_setopt(curl, CURLOPT_USERNAME, "user");
    curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");
-    /* This will retreive message 1 from the user's mailbox. Note the use of
+    /* This will retrieve message 1 from the user's mailbox. Note the use of
     * pop3s:// rather than pop3:// to request a SSL based connection. */
    curl_easy_setopt(curl, CURLOPT_URL, "pop3s://pop.example.com/1");
@@ -60,7 +60,7 @@ int main(void)
     * they have mentioned in their server certificate's commonName (or
     * subjectAltName) fields, libcurl will refuse to connect. You can skip
     * this check, but this will make the connection less secure. */
-#ifdef SKIP_HOSTNAME_VERFICATION
+#ifdef SKIP_HOSTNAME_VERIFICATION
    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
 #endif
--- a/docs/examples/pop3-tls.c
+++ b/docs/examples/pop3-tls.c
@@ -40,7 +40,7 @@ int main(void)
    curl_easy_setopt(curl, CURLOPT_USERNAME, "user");
    curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret");
-    /* This will retreive message 1 from the user's mailbox */
+    /* This will retrieve message 1 from the user's mailbox */
    curl_easy_setopt(curl, CURLOPT_URL, "pop3://pop.example.com/1");
    /* In this example, we'll start with a plain text connection, and upgrade
--- a/docs/examples/post-callback.c
+++ b/docs/examples/post-callback.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -19,8 +19,10 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
-/* An example source code that issues a HTTP POST and we provide the actual
+/* <DESC>
 * An example source code that issues a HTTP POST and we provide the actual
 * data through a read callback.
 * </DESC>
 */
 #include <stdio.h>
 #include <string.h>
--- a/Show More
+++ b/Show More