RELEASE-NOTES: updated for 7.42.0

THANKS: added contributors from 7.42.0 release notes
THANKS-filter: a few more alterations to squash
2015-04-22 07:56:12 +02:00 · 2015-04-22 07:56:12 +02:00 · 2015-04-22 07:56:12 +02:00 · 2015-04-22 07:56:12 +02:00 · 2015-04-21 23:20:37 +02:00 · 2015-04-21 23:20:36 +02:00
532 changed files with 9600 additions and 11354 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -46,3 +46,6 @@ CHANGES.dist
 .cproject
 .settings
 .dirstamp
+test-driver
+/build/
+/builds/
--- a/.travis.yml
+++ b/.travis.yml
@@ -3,6 +3,8 @@ language: c
 before_script:
  - ./buildconf

+script: ./configure --enable-debug && make && make test-full
+
 compiler:
  - clang
  - gcc
--- a/CMake/FindGSS.cmake
+++ b/CMake/FindGSS.cmake
@@ -155,7 +155,7 @@ message(STATUS "LDFLAGS: ${_GSS_LIB_FLAGS}")
                set(GSS_FLAVOUR "MIT")
            else()
                # prevent compiling the header - just check if we can include it
-                set(CMAKE_REQUIRED_DEFINITIONS "-D__ROKEN_H__")
+                set(CMAKE_REQUIRED_DEFINITIONS "${CMAKE_REQUIRED_DEFINITIONS} -D__ROKEN_H__")
                check_include_file( "roken.h" _GSS_HAVE_ROKEN_H)

                check_include_file( "heimdal/roken.h" _GSS_HAVE_HEIMDAL_ROKEN_H)
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -76,6 +76,24 @@ option(BUILD_CURL_TESTS "Set to ON to build cURL tests." ON)
 option(CURL_STATICLIB "Set to ON to build libcurl with static linking." OFF)
 option(ENABLE_ARES "Set to ON to enable c-ares support" OFF)
 option(ENABLE_THREADED_RESOLVER "Set to ON to enable POSIX threaded DNS lookup" OFF)
+
+option(ENABLE_DEBUG "Set to ON to enable curl debug features" OFF)
+option(ENABLE_CURLDEBUG "Set to ON to build with TrackMemory feature enabled" OFF)
+
+if (ENABLE_DEBUG)
+  # DEBUGBUILD will be defined only for Debug builds
+  if(NOT CMAKE_VERSION VERSION_LESS 3.0)
+    set_property(DIRECTORY APPEND PROPERTY COMPILE_DEFINITIONS $<$<CONFIG:Debug>:DEBUGBUILD>)
+  else()
+    set_property(DIRECTORY APPEND PROPERTY COMPILE_DEFINITIONS_DEBUG DEBUGBUILD)
+  endif()
+  set(ENABLE_CURLDEBUG ON)
+endif()
+
+if (ENABLE_CURLDEBUG)
+  set_property(DIRECTORY APPEND PROPERTY COMPILE_DEFINITIONS CURLDEBUG)
+endif()
+
 # initialize CURL_LIBS
 set(CURL_LIBS "")

@@ -238,6 +256,7 @@ include (CheckCSourceCompiles)

 # On windows preload settings
 if(WIN32)
+  set(CMAKE_REQUIRED_DEFINITIONS "${CMAKE_REQUIRED_DEFINITIONS} -D_WINSOCKAPI_")
  include(${CMAKE_CURRENT_SOURCE_DIR}/CMake/Platforms/WindowsCache.cmake)
 endif(WIN32)

@@ -279,7 +298,6 @@ endif()
 option(CMAKE_USE_OPENSSL "Use OpenSSL code. Experimental" ON)
 mark_as_advanced(CMAKE_USE_OPENSSL)

-set(USE_SSLEAY OFF)
 set(USE_OPENSSL OFF)
 set(HAVE_LIBCRYPTO OFF)
 set(HAVE_LIBSSL OFF)
@@ -288,32 +306,31 @@ if(CMAKE_USE_OPENSSL)
  find_package(OpenSSL)
  if(OPENSSL_FOUND)
    list(APPEND CURL_LIBS ${OPENSSL_LIBRARIES})
-    set(USE_SSLEAY ON)
    set(USE_OPENSSL ON)
    set(HAVE_LIBCRYPTO ON)
    set(HAVE_LIBSSL ON)
    include_directories(${OPENSSL_INCLUDE_DIR})
    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
-    check_include_file_concat("openssl/crypto.h" HAVE_OPENSSL_CRYPTO_H)
-    check_include_file_concat("openssl/engine.h" HAVE_OPENSSL_ENGINE_H)
-    check_include_file_concat("openssl/err.h"    HAVE_OPENSSL_ERR_H)
-    check_include_file_concat("openssl/pem.h"    HAVE_OPENSSL_PEM_H)
-    check_include_file_concat("openssl/pkcs12.h" HAVE_OPENSSL_PKCS12_H)
-    check_include_file_concat("openssl/rsa.h"    HAVE_OPENSSL_RSA_H)
-    check_include_file_concat("openssl/ssl.h"    HAVE_OPENSSL_SSL_H)
-    check_include_file_concat("openssl/x509.h"   HAVE_OPENSSL_X509_H)
-    check_include_file_concat("openssl/rand.h"   HAVE_OPENSSL_RAND_H)
+    check_include_file("openssl/crypto.h" HAVE_OPENSSL_CRYPTO_H)
+    check_include_file("openssl/engine.h" HAVE_OPENSSL_ENGINE_H)
+    check_include_file("openssl/err.h"    HAVE_OPENSSL_ERR_H)
+    check_include_file("openssl/pem.h"    HAVE_OPENSSL_PEM_H)
+    check_include_file("openssl/pkcs12.h" HAVE_OPENSSL_PKCS12_H)
+    check_include_file("openssl/rsa.h"    HAVE_OPENSSL_RSA_H)
+    check_include_file("openssl/ssl.h"    HAVE_OPENSSL_SSL_H)
+    check_include_file("openssl/x509.h"   HAVE_OPENSSL_X509_H)
+    check_include_file("openssl/rand.h"   HAVE_OPENSSL_RAND_H)
  endif()
 endif()

 if(NOT CURL_DISABLE_LDAP)

  if(WIN32)
-    option(CURL_LDAP_WIN "Use Windows LDAP implementation" ON)
-    if(CURL_LDAP_WIN)
+    option(USE_WIN32_LDAP "Use Windows LDAP implementation" ON)
+    if(USE_WIN32_LDAP)
      check_library_exists("wldap32" cldap_open "" HAVE_WLDAP32)
      if(NOT HAVE_WLDAP32)
-        set(CURL_LDAP_WIN OFF)
+        set(USE_WIN32_LDAP OFF)
      endif()
    endif()
  endif()
@@ -323,12 +340,12 @@ if(NOT CURL_DISABLE_LDAP)
  set(CMAKE_LDAP_LIB "ldap" CACHE STRING "Name or full path to ldap library")
  set(CMAKE_LBER_LIB "lber" CACHE STRING "Name or full path to lber library")

-  if(CMAKE_USE_OPENLDAP AND CURL_LDAP_WIN)
-    message(FATAL_ERROR "Cannot use CURL_LDAP_WIN and CMAKE_USE_OPENLDAP at the same time")
+  if(CMAKE_USE_OPENLDAP AND USE_WIN32_LDAP)
+    message(FATAL_ERROR "Cannot use USE_WIN32_LDAP and CMAKE_USE_OPENLDAP at the same time")
  endif()
  
  # Now that we know, we're not using windows LDAP...
-  if(NOT CURL_LDAP_WIN)
+  if(NOT USE_WIN32_LDAP)
    # Check for LDAP
    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_LIBRARIES})
    check_library_exists_concat(${CMAKE_LDAP_LIB} ldap_init HAVE_LIBLDAP)
@@ -384,7 +401,7 @@ if(NOT CURL_DISABLE_LDAP)
        return 0;
      }"
    )
-    set(CMAKE_REQUIRED_DEFINITIONS "-DLDAP_DEPRECATED=1" "-DWIN32_LEAN_AND_MEAN")
+    set(CMAKE_REQUIRED_DEFINITIONS "${CMAKE_REQUIRED_DEFINITIONS} -DLDAP_DEPRECATED=1")
    list(APPEND CMAKE_REQUIRED_LIBRARIES ${CMAKE_LDAP_LIB})
    if(HAVE_LIBLBER)
      list(APPEND CMAKE_REQUIRED_LIBRARIES ${CMAKE_LBER_LIB})
@@ -537,15 +554,13 @@ endif()

 # Check for header files
 if(NOT UNIX)
+  check_include_file_concat("windows.h"      HAVE_WINDOWS_H)
+  check_include_file_concat("winsock.h"      HAVE_WINSOCK_H)
  check_include_file_concat("ws2tcpip.h"     HAVE_WS2TCPIP_H)
  check_include_file_concat("winsock2.h"     HAVE_WINSOCK2_H)
 endif(NOT UNIX)
-check_include_file_concat("stdio.h"          HAVE_STDIO_H)
-if(NOT UNIX)
-  check_include_file_concat("windows.h"      HAVE_WINDOWS_H)
-  check_include_file_concat("winsock.h"      HAVE_WINSOCK_H)
-endif(NOT UNIX)

+check_include_file_concat("stdio.h"          HAVE_STDIO_H)
 check_include_file_concat("inttypes.h"       HAVE_INTTYPES_H)
 check_include_file_concat("sys/filio.h"      HAVE_SYS_FILIO_H)
 check_include_file_concat("sys/ioctl.h"      HAVE_SYS_IOCTL_H)
@@ -737,7 +752,6 @@ if(CMAKE_USE_OPENSSL)
    HAVE_CRYPTO_CLEANUP_ALL_EX_DATA)
  if(HAVE_LIBCRYPTO AND HAVE_LIBSSL)
    set(USE_OPENSSL 1)
-    set(USE_SSLEAY 1)
  endif(HAVE_LIBCRYPTO AND HAVE_LIBSSL)
 endif(CMAKE_USE_OPENSSL)
 check_symbol_exists(gmtime_r      "${CURL_INCLUDES}" HAVE_GMTIME_R)
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -0,0 +1,27 @@
+How to contribute to curl
+=========================
+
+Join the community
+------------------
+
+ 1. Click 'watch' on the github repo
+
+ 2. Subscribe to the suitable [mailing lists](http://curl.haxx.se/mail/)
+
+Read [docs/CONTRIBUTE](docs/CONTRIBUTE)
+---------------------------------------
+
+Send your suggestions using one of these methods:
+-------------------------------------------------
+
+ 1. in a mail to the mailing list
+
+ 2. in the [bug tracker](https://sourceforge.net/p/curl/bugs/)
+
+ 3. as a pull request on github
+
+ 4. as an issue on github
+   
+
+/ The cURL team!
+
--- a/4
+++ b/4
@@ -94,7 +94,7 @@ if test ! -z $SDK32; then
  rm -r libcurl.framework
  mkdir -p libcurl.framework/${FRAMEWORK_VERSION}/Resources
  cp lib/.libs/libcurl.dylib libcurl.framework/${FRAMEWORK_VERSION}/libcurl
-  install_name_tool -id @executable_path/../Frameworks/libcurl.framework/${FRAMEWORK_VERSION}/libcurl libcurl.framework/${FRAMEWORK_VERSION}/libcurl
+  install_name_tool -id @rpath/libcurl.framework/${FRAMEWORK_VERSION}/libcurl libcurl.framework/${FRAMEWORK_VERSION}/libcurl
  /usr/bin/sed -e "s/7\.12\.3/$VERSION/" lib/libcurl.plist >libcurl.framework/${FRAMEWORK_VERSION}/Resources/Info.plist
  mkdir -p libcurl.framework/${FRAMEWORK_VERSION}/Headers/curl
  cp include/curl/*.h libcurl.framework/${FRAMEWORK_VERSION}/Headers/curl
@@ -121,7 +121,7 @@ if test ! -z $SDK32; then

    echo "----Appending 64 bit framework to 32 bit framework..."
    cp lib/.libs/libcurl.dylib libcurl.framework/${FRAMEWORK_VERSION}/libcurl64
-    install_name_tool -id @executable_path/../Frameworks/libcurl.framework/${FRAMEWORK_VERSION}/libcurl libcurl.framework/${FRAMEWORK_VERSION}/libcurl64
+    install_name_tool -id @rpath/libcurl.framework/${FRAMEWORK_VERSION}/libcurl libcurl.framework/${FRAMEWORK_VERSION}/libcurl64
    cp libcurl.framework/${FRAMEWORK_VERSION}/libcurl libcurl.framework/${FRAMEWORK_VERSION}/libcurl32
    pwd
    lipo libcurl.framework/${FRAMEWORK_VERSION}/libcurl32 libcurl.framework/${FRAMEWORK_VERSION}/libcurl64 -create -output libcurl.framework/${FRAMEWORK_VERSION}/libcurl
--- a/Makefile.am
+++ b/Makefile.am
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -30,88 +30,88 @@ CMAKE_DIST = CMakeLists.txt CMake/CMakeConfigurableFile.in	\
 include/curl/curlbuild.h.cmake CMake/Macros.cmake

 VC6_LIBTMPL = projects/Windows/VC6/lib/libcurl.tmpl
-VC6_LIBDSP = projects/Windows/VC6/lib/libcurl.dsp
+VC6_LIBDSP = projects/Windows/VC6/lib/libcurl.dsp.dist
 VC6_LIBDSP_DEPS = $(VC6_LIBTMPL) Makefile.am lib/Makefile.inc
 VC6_SRCTMPL = projects/Windows/VC6/src/curlsrc.tmpl
-VC6_SRCDSP = projects/Windows/VC6/src/curlsrc.dsp
+VC6_SRCDSP = projects/Windows/VC6/src/curlsrc.dsp.dist
 VC6_SRCDSP_DEPS = $(VC6_SRCTMPL) Makefile.am src/Makefile.inc

 VC7_LIBTMPL = projects/Windows/VC7/lib/libcurl.tmpl
-VC7_LIBVCPROJ = projects/Windows/VC7/lib/libcurl.vcproj
+VC7_LIBVCPROJ = projects/Windows/VC7/lib/libcurl.vcproj.dist
 VC7_LIBVCPROJ_DEPS = $(VC7_LIBTMPL) Makefile.am lib/Makefile.inc
 VC7_SRCTMPL = projects/Windows/VC7/src/curlsrc.tmpl
-VC7_SRCVCPROJ = projects/Windows/VC7/src/curlsrc.vcproj
+VC7_SRCVCPROJ = projects/Windows/VC7/src/curlsrc.vcproj.dist
 VC7_SRCVCPROJ_DEPS = $(VC7_SRCTMPL) Makefile.am src/Makefile.inc

 VC71_LIBTMPL = projects/Windows/VC7.1/lib/libcurl.tmpl
-VC71_LIBVCPROJ = projects/Windows/VC7.1/lib/libcurl.vcproj
+VC71_LIBVCPROJ = projects/Windows/VC7.1/lib/libcurl.vcproj.dist
 VC71_LIBVCPROJ_DEPS = $(VC71_LIBTMPL) Makefile.am lib/Makefile.inc
 VC71_SRCTMPL = projects/Windows/VC7.1/src/curlsrc.tmpl
-VC71_SRCVCPROJ = projects/Windows/VC7.1/src/curlsrc.vcproj
+VC71_SRCVCPROJ = projects/Windows/VC7.1/src/curlsrc.vcproj.dist
 VC71_SRCVCPROJ_DEPS = $(VC71_SRCTMPL) Makefile.am src/Makefile.inc

 VC8_LIBTMPL = projects/Windows/VC8/lib/libcurl.tmpl
-VC8_LIBVCPROJ = projects/Windows/VC8/lib/libcurl.vcproj
+VC8_LIBVCPROJ = projects/Windows/VC8/lib/libcurl.vcproj.dist
 VC8_LIBVCPROJ_DEPS = $(VC8_LIBTMPL) Makefile.am lib/Makefile.inc
 VC8_SRCTMPL = projects/Windows/VC8/src/curlsrc.tmpl
-VC8_SRCVCPROJ = projects/Windows/VC8/src/curlsrc.vcproj
+VC8_SRCVCPROJ = projects/Windows/VC8/src/curlsrc.vcproj.dist
 VC8_SRCVCPROJ_DEPS = $(VC8_SRCTMPL) Makefile.am src/Makefile.inc

 VC9_LIBTMPL = projects/Windows/VC9/lib/libcurl.tmpl
-VC9_LIBVCPROJ = projects/Windows/VC9/lib/libcurl.vcproj
+VC9_LIBVCPROJ = projects/Windows/VC9/lib/libcurl.vcproj.dist
 VC9_LIBVCPROJ_DEPS = $(VC9_LIBTMPL) Makefile.am lib/Makefile.inc
 VC9_SRCTMPL = projects/Windows/VC9/src/curlsrc.tmpl
-VC9_SRCVCPROJ = projects/Windows/VC9/src/curlsrc.vcproj
+VC9_SRCVCPROJ = projects/Windows/VC9/src/curlsrc.vcproj.dist
 VC9_SRCVCPROJ_DEPS = $(VC9_SRCTMPL) Makefile.am src/Makefile.inc

 VC10_LIBTMPL = projects/Windows/VC10/lib/libcurl.tmpl
-VC10_LIBVCXPROJ = projects/Windows/VC10/lib/libcurl.vcxproj
+VC10_LIBVCXPROJ = projects/Windows/VC10/lib/libcurl.vcxproj.dist
 VC10_LIBVCXPROJ_DEPS = $(VC10_LIBTMPL) Makefile.am lib/Makefile.inc
 VC10_SRCTMPL = projects/Windows/VC10/src/curlsrc.tmpl
-VC10_SRCVCXPROJ = projects/Windows/VC10/src/curlsrc.vcxproj
+VC10_SRCVCXPROJ = projects/Windows/VC10/src/curlsrc.vcxproj.dist
 VC10_SRCVCXPROJ_DEPS = $(VC10_SRCTMPL) Makefile.am src/Makefile.inc

 VC11_LIBTMPL = projects/Windows/VC11/lib/libcurl.tmpl
-VC11_LIBVCXPROJ = projects/Windows/VC11/lib/libcurl.vcxproj
+VC11_LIBVCXPROJ = projects/Windows/VC11/lib/libcurl.vcxproj.dist
 VC11_LIBVCXPROJ_DEPS = $(VC11_LIBTMPL) Makefile.am lib/Makefile.inc
 VC11_SRCTMPL = projects/Windows/VC11/src/curlsrc.tmpl
-VC11_SRCVCXPROJ = projects/Windows/VC11/src/curlsrc.vcxproj
+VC11_SRCVCXPROJ = projects/Windows/VC11/src/curlsrc.vcxproj.dist
 VC11_SRCVCXPROJ_DEPS = $(VC11_SRCTMPL) Makefile.am src/Makefile.inc

 VC12_LIBTMPL = projects/Windows/VC12/lib/libcurl.tmpl
-VC12_LIBVCXPROJ = projects/Windows/VC12/lib/libcurl.vcxproj
+VC12_LIBVCXPROJ = projects/Windows/VC12/lib/libcurl.vcxproj.dist
 VC12_LIBVCXPROJ_DEPS = $(VC12_LIBTMPL) Makefile.am lib/Makefile.inc
 VC12_SRCTMPL = projects/Windows/VC12/src/curlsrc.tmpl
-VC12_SRCVCXPROJ = projects/Windows/VC12/src/curlsrc.vcxproj
+VC12_SRCVCXPROJ = projects/Windows/VC12/src/curlsrc.vcxproj.dist
 VC12_SRCVCXPROJ_DEPS = $(VC12_SRCTMPL) Makefile.am src/Makefile.inc

 VC_DIST = projects/README	\
 projects/build-openssl.bat	\
 projects/checksrc.bat	\
- projects/Windows/VC6/curl.dsw	\
- projects/Windows/VC6/lib/libcurl.dsw $(VC6_LIBDSP)	\
- projects/Windows/VC6/src/curlsrc.dsw $(VC6_SRCDSP)	\
- projects/Windows/VC7/curl.sln	\
- projects/Windows/VC7/lib/libcurl.sln $(VC7_LIBVCPROJ)	\
- projects/Windows/VC7/src/curlsrc.sln $(VC7_SRCVCPROJ)	\
- projects/Windows/VC7.1/curl.sln	\
- projects/Windows/VC7.1/lib/libcurl.sln $(VC71_LIBVCPROJ)	\
- projects/Windows/VC7.1/src/curlsrc.sln $(VC71_SRCVCPROJ)	\
- projects/Windows/VC8/curl.sln	\
- projects/Windows/VC8/lib/libcurl.sln $(VC8_LIBVCPROJ)	\
- projects/Windows/VC8/src/curlsrc.sln $(VC8_SRCVCPROJ)	\
- projects/Windows/VC9/curl.sln	\
- projects/Windows/VC9/lib/libcurl.sln $(VC9_LIBVCPROJ)	\
- projects/Windows/VC9/src/curlsrc.sln $(VC9_SRCVCPROJ)	\
- projects/Windows/VC10/curl.sln	\
- projects/Windows/VC10/lib/libcurl.sln $(VC10_LIBVCXPROJ)	\
- projects/Windows/VC10/src/curlsrc.sln $(VC10_SRCVCXPROJ)	\
- projects/Windows/VC11/curl.sln	\
- projects/Windows/VC11/lib/libcurl.sln $(VC11_LIBVCXPROJ)	\
- projects/Windows/VC11/src/curlsrc.sln $(VC11_SRCVCXPROJ)	\
- projects/Windows/VC12/curl.sln	\
- projects/Windows/VC12/lib/libcurl.sln $(VC12_LIBVCXPROJ)	\
- projects/Windows/VC12/src/curlsrc.sln $(VC12_SRCVCXPROJ)
+ projects/Windows/VC6/curl-all.dsw	\
+ projects/Windows/VC6/lib/libcurl.dsw \
+ projects/Windows/VC6/src/curlsrc.dsw \
+ projects/Windows/VC7/curl-all.sln	\
+ projects/Windows/VC7/lib/libcurl.sln 	\
+ projects/Windows/VC7/src/curlsrc.sln 	\
+ projects/Windows/VC7.1/curl-all.sln	\
+ projects/Windows/VC7.1/lib/libcurl.sln \
+ projects/Windows/VC7.1/src/curlsrc.sln \
+ projects/Windows/VC8/curl-all.sln	\
+ projects/Windows/VC8/lib/libcurl.sln 	\
+ projects/Windows/VC8/src/curlsrc.sln 	\
+ projects/Windows/VC9/curl-all.sln	\
+ projects/Windows/VC9/lib/libcurl.sln 	\
+ projects/Windows/VC9/src/curlsrc.sln 	\
+ projects/Windows/VC10/curl-all.sln	\
+ projects/Windows/VC10/lib/libcurl.sln 	\
+ projects/Windows/VC10/src/curlsrc.sln  \
+ projects/Windows/VC11/curl-all.sln	\
+ projects/Windows/VC11/lib/libcurl.sln 	\
+ projects/Windows/VC11/src/curlsrc.sln 	\
+ projects/Windows/VC12/curl-all.sln	\
+ projects/Windows/VC12/lib/libcurl.sln 	\
+ projects/Windows/VC12/src/curlsrc.sln

 WINBUILD_DIST = winbuild/BUILD.WINDOWS.txt winbuild/gen_resp_file.bat	\
 winbuild/MakefileBuild.vc winbuild/Makefile.vc				\
@@ -153,7 +153,7 @@ html:
 pdf:
 	cd docs; make pdf

-check: test examples
+check: test examples check-docs

 if CROSSCOMPILING
 test-full: test
@@ -181,6 +181,9 @@ endif
 examples:
 	@(cd docs/examples; $(MAKE) check)

+check-docs:
+	@(cd docs/libcurl; $(MAKE) check)
+
 # This is a hook to have 'make clean' also clean up the docs and the tests
 # dir. The extra check for the Makefiles being present is necessary because
 # 'make distcheck' will make clean first in these directories _before_ it runs
--- a/333
+++ b/333
@@ -1,146 +1,141 @@
-Curl and libcurl 7.40.0
+Curl and libcurl 7.42.0

- Public curl releases:         143
- Command line options:         162
- curl_easy_setopt() options:   208
+ Public curl releases:         145
+ Command line options:         173
+ curl_easy_setopt() options:   216
 Public functions in libcurl:  58
- Contributors:                 1219
+ Contributors:                 1265

 This release includes the following changes:

- o http_digest: Added support for Windows SSPI based authentication
- o version info: Added Kerberos V5 to the supported features
- o Makefile: Added VC targets for WinIDN
- o config-win32: Introduce build targets for VS2012+
- o SSL: Add PEM format support for public key pinning
- o smtp: Added support for the conversion of Unix newlines during mail send [8]
- o smb: Added initial support for the SMB/CIFS protocol
- o Added support for HTTP over unix domain sockets, via
-   CURLOPT_UNIX_SOCKET_PATH and --unix-socket
- o sasl: Added support for GSS-API based Kerberos V5 authentication
+ o openssl: show the cipher selection to use in verbose text
+ o gtls: implement CURLOPT_CERTINFO
+ o add CURLOPT_SSL_FALSESTART option (darwinssl and NSS)
+ o curl: add --false-start option
+ o add CURLOPT_PATH_AS_IS
+ o curl: add --path-as-is option
+ o curl: create output file on successful download of an empty file [21]

 This release includes the following bugfixes:

- o darwinssl: fix session ID keys to only reuse identical sessions [18]
- o url-parsing: reject CRLFs within URLs [19]
- o OS400: Adjust specific support to last release
- o THANKS: Remove duplicate names
- o url.c: Fixed compilation warning
- o ssh: Fixed build on platforms where R_OK is not defined [1]
- o tool_strdup.c: include the tool strdup.h
- o build: Fixed Visual Studio project file generation of strdup.[c|h]
- o curl_easy_setopt.3: add CURLOPT_PINNEDPUBLICKEY [2]
- o curl.1: show zone index use in a URL
- o mk-ca-bundle.vbs: switch to new certdata.txt url
- o Makefile.dist: Added some missing SSPI configurations
- o build: Fixed no NTLM support for email when CURL_DISABLE_HTTP is defined
- o SSH: use the port number as well for known_known checks [3]
- o libssh2: detect features based on version, not configure checks
- o http2: Deal with HTTP/2 data inside Upgrade response header buffer [4]
- o multi: removed Curl_multi_set_easy_connection
- o symbol-scan.pl: do not require autotools
- o cmake: add ENABLE_THREADED_RESOLVER, rename ARES
- o cmake: build libhostname for test suite
- o cmake: fix HAVE_GETHOSTNAME definition
- o tests: fix libhostname visibility
- o tests: fix memleak in server/resolve.c
- o vtls.h: Fixed compiler warning when compiled without SSL
- o CMake: Restore order-dependent header checks
- o CMake: Restore order-dependent library checks
- o tool: Removed krb4 from the supported features
- o http2: Don't send Upgrade headers when we already do HTTP/2
- o examples: Don't call select() to sleep on windows [6]
- o win32: Updated some legacy APIs to use the newer extended versions [5]
- o easy.c: Fixed compilation warning when no verbose string support
- o connect.c: Fixed compilation warning when no verbose string support
- o build: in Makefile.m32 pass -F flag to windres
- o build: in Makefile.m32 add -m32 flag for 32bit
- o multi: when leaving for timeout, close accordingly
- o CMake: Simplify if() conditions on check result variables
- o build: in Makefile.m32 try to detect 64bit target
- o multi: inform about closed sockets before they are closed
- o multi-uv.c: close the file handle after download
- o examples: Wait recommended 100ms when no file descriptors are ready
- o ntlm: Split the SSPI based messaging code from the native messaging code
- o cmake: fix NTLM detection when CURL_DISABLE_HTTP defined
- o cmake: add Kerberos to the supported feature
- o CURLOPT_POSTFIELDS.3: mention the COPYPOSTFIELDS option
- o http: Disable pipelining for HTTP/2 and upgraded connections
- o ntlm: Fixed static'ness of local decode function
- o sasl: Reduced the need for two sets of NTLM messaging functions
- o multi.c: Fixed compilation warnings when no verbose string support
- o select.c: fix compilation for VxWorks [7]
- o multi-single.c: switch to use curl_multi_wait
- o curl_multi_wait.3: clarify numfds being used if not NULL
- o http.c: Fixed compilation warnings from features being disabled
- o NSS: enable the CAPATH option [9]
- o docs: Fix FAILONERROR typos
- o HTTP: don't abort connections with pending Negotiate authentication
- o HTTP: Free (proxy)userpwd for NTLM/Negotiate after sending a request
- o http_perhapsrewind: don't abort CONNECT requests
- o build: updated dependencies in makefiles
- o multi.c: Fixed compilation warning
- o ftp.c: Fixed compilation warnings when proxy support disabled
- o get_url_file_name: Fixed crash on OOM on debug build
- o cookie.c: Refactored cleanup code to simplify
- o OS400: enable NTLM authentication
- o ntlm: Use Windows Crypt API
- o http2: avoid logging neg "failure" if h2 was not requested
- o schannel_recv: return the correct code [10]
- o VC build: added sspi define for winssl-zlib builds
- o Curl_client_write(): chop long data, convert data only once
- o openldap: do not ignore Curl_client_write() return code
- o ldap: check Curl_client_write() return codes
- o parsedate.c: Fixed compilation warning
- o url.c: Fixed compilation warning when USE_NTLM is not defined
- o ntlm_wb_response: fix "statement not reached" [11]
- o telnet: fix "cast increases required alignment of target type"
- o smtp: Fixed dot stuffing when EOL characters at end of input buffers [12]
- o ntlm: Allow NTLM2Session messages when USE_NTRESPONSES manually defined
- o ntlm: Disable NTLM v2 when 64-bit integers are not supported
- o ntlm: Use short integer when decoding 16-bit values
- o ftp.c: Fixed compilation warning when no verbose string support
- o synctime.c: fixed timeserver URLs
- o mk-ca-bundle.pl: restored forced run again
- o ntlm: Fixed return code for bad type-2 Target Info
- o curl_schannel.c: Data may be available before connection shutdown
- o curl_schannel: Improvements to memory re-allocation strategy [13]
- o darwinssl: aprintf() to allocate the session key
- o tool_util.c: Use GetTickCount64 if it is available
- o lib: Fixed multiple code analysis warnings if SAL are available
- o tool_binmode.c: Explicitly ignore the return code of setmode
- o tool_urlglob.c: Silence warning C6293: Ill-defined for-loop
- o opts: Warn CURLOPT_TIMEOUT overrides when set after CURLOPT_TIMEOUT_MS
- o SFTP: work-around servers that return zero size on STAT [14]
- o connect: singleipconnect(): properly try other address families after failure
- o IPV6: address scope != scope id [15]
- o parseurlandfillconn(): fix improper non-numeric scope_id stripping [16]
- o secureserver.pl: make OpenSSL CApath and cert absolute path values
- o secureserver.pl: update Windows detection and fix path conversion
- o secureserver.pl: clean up formatting of config and fix verbose output
- o tests: Added Windows support using Cygwin-based OpenSSH
- o sockfilt.c: use non-Ex functions that are available before WinXP
- o VMS: Updates for 0740-0D1220
- o openssl: warn for SRP set if SSLv3 is used, not for TLS version
- o openssl: make it compile against openssl 1.1.0-DEV master branch
- o openssl: fix SSL/TLS versions in verbose output
- o curl: show size of inhibited data when using -v
- o build: Removed WIN32 definition from the Visual Studio projects
- o build: Removed WIN64 definition from the libcurl Visual Studio projects
- o vtls: Use bool for Curl_ssl_getsessionid() return type
- o sockfilt.c: Replace 100ms sleep with thread throttle
- o sockfilt.c: Reduce the number of individual memory allocations
- o vtls: Don't set cert info count until memory allocation is successful
- o nss: Don't ignore Curl_ssl_init_certinfo() OOM failure
- o nss: Don't ignore Curl_extract_certinfo() OOM failure
- o vtls: Fixed compilation warning and an ignored return code
- o sockfilt.c: Fixed compilation warnings
- o darwinssl: Fixed compilation warning
- o vtls: Use '(void) arg' for unused parameters
- o sepheaders.c: Fixed resource leak on failure
- o lib1900.c: Fixed cppcheck error [17]
- o ldap: Fixed Unicode connection details in Win32 initialsation / bind calls
- o ldap: Fixed Unicode DN, attributes and filter in Win32 search calls
+ o ConnectionExists: for NTLM re-use, require credentials to match [26]
+ o cookie: cookie parser out of boundary memory access [27]
+ o fix_hostname: zero length host name caused -1 index offset [28]
+ o http_done: close Negotiate connections when done [29]
+ o sws: timeout idle CONNECT connections
+ o nss: improve error handling in Curl_nss_random()
+ o nss: do not skip Curl_nss_seed() if data is NULL
+ o curl-config.in: eliminate double quotes around CURL_CA_BUNDLE
+ o http2: move lots of verbose output to be debug-only
+ o dist: add extern-scan.pl to the tarball
+ o http2: return recv error on unexpected EOF [1]
+ o build: Use default RandomizedBaseAddress directive in VC9+ project files
+ o build: Removed DataExecutionPrevention directive from VC9+ project files
+ o tool: Updated the warnf() function to use the GlobalConfig structure
+ o http2: Return error if stream was closed with other than NO_ERROR
+ o mprintf.h: remove #ifdef CURLDEBUG
+ o libtest: fixed linker errors on msvc [6]
+ o tool: use ENABLE_CURLX_PRINTF instead of _MPRINTF_REPLACE
+ o curl.1: fix "The the" typo
+ o cmake: handle build definitions CURLDEBUG/DEBUGBUILD
+ o openssl: remove all uses of USE_SSLEAY
+ o multi: fix memory-leak on timeout (regression) [4]
+ o curl_easy_setopt.3: added CURLOPT_SSL_VERIFYSTATUS
+ o metalink: add some error checks [3]
+ o TLS: make it possible to enable ALPN/NPN without HTTP/2
+ o http2: use CURL_HTTP_VERSION_* symbols instead of NPN_*
+ o conncontrol: only log changes to the connection bit
+ o multi: fix *getsock() with CONNECT [2]
+ o symbols.pl: handle '-' in the deprecated field [5]
+ o MacOSX-Framework: use @rpath instead of @executable_path [7]
+ o GnuTLS: add support for CURLOPT_CAPATH
+ o GnuTLS: print negotiated TLS version and full cipher suite name
+ o GnuTLS: don't print double newline after certificate dates
+ o memanalyze.pl: handle free(NULL)
+ o proxy: re-use proxy connections (regression) [8]
+ o mk-ca-bundle: Don't report SHA1 numbers with "-q"
+ o http: always send Host: header as first header [9]
+ o openssl: sort ciphers to use based on strength [10]
+ o openssl: use colons properly in the ciphers list
+ o http2: detect premature close without data transfered [11]
+ o hostip: Fix signal race in Curl_resolv_timeout
+ o closesocket: call multi socket cb on close even with custom close [12]
+ o mksymbolsmanpage.pl: use std header and generate better nroff header
+ o connect: Fix happy eyeballs logic for IPv4-only builds [13]
+ o curl_easy_perform.3: remove superfluous close brace from example
+ o HTTP: don't use Expect: headers when on HTTP/2 [14]
+ o Curl_sh_entry: remove unused 'timestamp'
+ o docs/libcurl: makefile portability fix
+ o mkhelp: Remove trailing carriage return from every line of input
+ o nss: explicitly tell NSS to disable NPN/ALPN when libcurl disables it
+ o curl_easy_setopt.3: added a few missing options
+ o metalink: fix resource leak in OOM
+ o axtls: version 1.5.2 now requires that config.h be manually included
+ o HTTP: don't switch to HTTP/2 from 1.1 until we get the 101
+ o cyassl: detect the library as renamed wolfssl
+ o CURLOPT_HTTPHEADER.3: add a "SECURITY CONCERNS" section
+ o CURLOPT_URL.3: Added "SECURITY CONCERNS
+ o openssl: try to avoid accessing OCSP structs when possible
+ o test938: added missing closing tags
+ o testcurl: Allow '=' in values given on command line
+ o tests/certs: added make target to rebuild certificates
+ o tests/certs: rebuild certificates with modified key usage bits
+ o gtls: avoid uninitialized variable
+ o gtls: dereferencing NULL pointer
+ o gtls: add check of return code
+ o test1513: eliminated race condition in test run
+ o dict: rename byte to avoid compiler shadowed declaration warning
+ o curl_easy_recv/send: make them work with the multi interface
+ o vtls: fix compile with --disable-crypto-auth but with SSL
+ o openssl: adapt to ASN1/X509 things gone opaque in 1.1
+ o openssl: verifystatus: only use the OCSP work-around <= 1.0.2a [15]
+ o curl_memory: make curl_memory.h the second-last header file loaded
+ o testcurl.pl: add the --notes option to supply more info about a build
+ o cyassl: If wolfSSL then identify as such in version string
+ o cyassl: Check for invalid length parameter in Curl_cyassl_random
+ o cyassl: default to highest possible TLS version
+ o Curl_ssl_md5sum: return CURLcode (fixes OOM)
+ o polarssl: remove dead code
+ o polarssl: called mbedTLS in 1.3.10 and later
+ o globbing: fix step parsing for character globbing ranges
+ o globbing: fix url number calculation when using range with step
+ o multi: on a request completion, check all CONNECT_PEND transfers [16]
+ o build: link curl to openssl libraries when openssl support is enabled
+ o url: Don't accept CURLOPT_SSLVERSION unless USE_SSL is defined
+ o vtls: Don't accept unknown CURLOPT_SSLVERSION values
+ o build: Fix libcurl.sln erroneous mixed configurations
+ o cyassl: remove undefined reference to CyaSSL_no_filesystem_verify
+ o cyassl: add SSL context callback support for CyaSSL
+ o tool: only set SSL options if SSL is enabled
+ o multi: remove_handle: move pending connections [17]
+ o configure: Use KRB5CONFIG for krb5-config [18]
+ o axtls: add timeout within Curl_axtls_connect
+ o CURLOPT_HTTP200ALIASES.3: Mainly SHOUTcast servers use "ICY 200"
+ o cyassl: Fix library initialization return value
+ o cookie: handle spaces after the name in Set-Cookie [19]
+ o http2: Fix missing nghttp2_session_send call in Curl_http2_switched [20]
+ o cyassl: Fix certificate load check
+ o build-openssl.bat: Fix mixed line endings
+ o checksrc.bat: Check lib\vtls source
+ o DNS: fix refreshing of obsolete dns cache entries
+ o CURLOPT_RESOLVE: actually implement removals
+ o checksrc.bat: quotes to support an SRC_DIR with spaces
+ o cyassl: Remove 'Connecting to' message from cyassl_connect_step2
+ o cyassl: Use CYASSL_MAX_ERROR_SZ for error buffer size
+ o lib/transfer.c: Remove factor of 8 from sleep time calculation
+ o lib/makefile.m32: add missing libs to build libcurl.dll
+ o build: Generate source prerequisites for Visual Studio in generate.bat
+ o cyassl: Include the CyaSSL build config
+ o firefox-db2pem: fix wildcard to find Firefox default profile
+ o BUGS: refer to the github issue tracker now as primary
+ o vtls_openssl: improve several certificate error messages
+ o cyassl: Add support for TLS extension SNI
+ o parsecfg: do not continue past a zero termination
+ o configure --with-nss=PATH: query pkg-config if available [22]
+ o configure --with-nss: drop redundant if statement
+ o cyassl: Fix include order [23]
+ o HTTP: fix PUT regression with Negotiate [24]
+ o curl_version_info.3: fixed the 'protocols' variable type [25]

 This release includes the following known bugs:

@@ -149,35 +144,49 @@ This release includes the following known bugs:
 This release would not have looked like this without help, code, reports and
 advice from friends like these:

-  Andrey Labunets, Anthon Pang, Bill Nagel, Brad Harder, Brad King, Carlo Wood,
-  Christian Hägele, Dan Fandrich, Daniel Stenberg, Dave Reisner, Frank Gevaerts,
-  Gisle Vanem, Guenter Knauf, Jan Ehrhardt, Johan Lantz, John E. Malmberg,
-  Jon Spencer, Julien Nabet, Kamil Dudka, Kyle J. McKay, Lucas Pardue,
-  Marc Hesse, Marc Hoersken, Marc Renault, Michael Osipov, Nick Zitzmann,
-  Nobuhiro Ban, Patrick Monnerat, Peter Wu, Ray Satiro, Sam Hurst,
-  Stefan Bühler, Stefan Neis, Steve Holme, Tae Hyoung Ahn, Tatsuhiro Tsujikawa,
-  Tomasz Kojm, Tor Arntsen, Waldek Kozba, Warren Menzer
+  Alessandro Ghedini, Alexander Pepper, Ben Darnell, Brad King,
+  Charles Romestant, Christian Weisgerber, Dagobert Michelsen, Dan Fandrich,
+  Daniel Stenberg, Da-Yoon Chung, Emil Lerner, Fabian Keil, Frank Gevaerts,
+  Frank Meier, Hanno Böck, Isaac Boukris, Jeroen Ooms, Jiri Dvorak,
+  John Marshall, Jonathan Cardoso Machado, Jon Seymour, Kamil Dudka,
+  Kyle L. Huff, Markus Elfring, Matthew Hall, Michael Osipov,
+  Michael Stapelberg, Michel Promonet, Mostyn Bramley-Moore, Nick Zitzmann,
+  Paras Sethia, Patrick Monnerat, Paul Howarth, Peter Laser, Rainer Canavan,
+  Ray Satiro, Richard Moore, Sergei Nikulov, Stefan Bühler, Stefan Eissing,
+  Steve Havelka, Steve Holme, Tatsuhiro Tsujikawa, Thomas Ruecker,
+  Tobias Stoeckmann, Viktor Szakáts, Yamada Yasuharu,
+  (47 contributors)

        Thanks! (and sorry if I forgot to mention someone)

 References to bug reports and discussions on issues:

- [1] = http://curl.haxx.se/mail/lib-2014-11/0035.html
- [2] = http://curl.haxx.se/mail/lib-2014-11/0078.html
- [3] = http://curl.haxx.se/bug/view.cgi?id=1448
- [4] = https://github.com/tatsuhiro-t/nghttp2/issues/103
- [5] = http://sourceforge.net/p/curl/feature-requests/82/
- [6] = http://curl.haxx.se/mail/lib-2014-11/0221.html
- [7] = http://curl.haxx.se/bug/view.cgi?id=1455
- [8] = http://curl.haxx.se/bug/view.cgi?id=1456
- [9] = http://curl.haxx.se/bug/view.cgi?id=1457
- [10] = http://curl.haxx.se/bug/view.cgi?id=1462
- [11] = http://curl.haxx.se/mail/lib-2014-12/0089.html
- [12] = http://curl.haxx.se/bug/view.cgi?id=1456
- [13] = http://curl.haxx.se/bug/view.cgi?id=1450
- [14] = http://curl.haxx.se/mail/lib-2014-12/0103.html
- [15] = http://curl.haxx.se/bug/view.cgi?id=1451
- [16] = http://curl.haxx.se/bug/view.cgi?id=1449
- [17] = https://github.com/bagder/curl/pull/133
- [18] = http://curl.haxx.se/docs/adv_20150108A.html
- [19] = http://curl.haxx.se/docs/adv_20150108B.html
+ [1] = http://curl.haxx.se/bug/view.cgi?id=1487
+ [2] = http://curl.haxx.se/mail/lib-2015-01/0170.html
+ [3] = https://github.com/bagder/curl/issues/150
+ [4] = https://github.com/bagder/curl/issues/147
+ [5] = http://curl.haxx.se/mail/lib-2015-03/0052.html
+ [6] = https://github.com/bagder/curl/pull/144
+ [7] = https://github.com/bagder/curl/pull/157
+ [8] = http://curl.haxx.se/bug/view.cgi?id=1492
+ [9] = http://curl.haxx.se/bug/view.cgi?id=1491
+ [10] = http://curl.haxx.se/bug/view.cgi?id=1487
+ [11] = https://github.com/bagder/curl/issues/166
+ [12] = http://curl.haxx.se/bug/view.cgi?id=1493
+ [13] = https://github.com/bagder/curl/pull/168
+ [14] = https://github.com/bagder/curl/issues/169
+ [15] = http://curl.haxx.se/mail/lib-2015-03/0205.html
+ [16] = http://curl.haxx.se/bug/view.cgi?id=1465
+ [17] = http://curl.haxx.se/bug/view.cgi?id=1465
+ [18] = http://curl.haxx.se/bug/view.cgi?id=1486
+ [19] = https://github.com/bagder/curl/issues/195
+ [20] = https://github.com/bagder/curl/issues/192
+ [21] = https://github.com/bagder/curl/issues/183
+ [22] = https://github.com/bagder/curl/pull/171
+ [23] = http://curl.haxx.se/mail/lib-2015-04/0069.html
+ [24] = https://github.com/bagder/curl/issues/223
+ [25] = https://github.com/bagder/curl/issues/225
+ [26] = http://curl.haxx.se/docs/adv_20150422A.html
+ [27] = http://curl.haxx.se/docs/adv_20150422C.html
+ [28] = http://curl.haxx.se/docs/adv_20150422D.html
+ [29] = http://curl.haxx.se/docs/adv_20150422B.html
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -2607,15 +2607,16 @@ AC_HELP_STRING([--without-ca-path], [Don't use a default CA path]),
  if test "x$want_ca" != "xno" -a "x$want_ca" != "xunset" -a \
          "x$want_capath" != "xno" -a "x$want_capath" != "xunset"; then
    dnl both given
-    AC_MSG_ERROR([Can't specify both --with-ca-bundle and --with-ca-path.])
+    ca="$want_ca"
+    capath="$want_capath"
  elif test "x$want_ca" != "xno" -a "x$want_ca" != "xunset"; then
    dnl --with-ca-bundle given
    ca="$want_ca"
    capath="no"
  elif test "x$want_capath" != "xno" -a "x$want_capath" != "xunset"; then
    dnl --with-ca-path given
-    if test "x$OPENSSL_ENABLED" != "x1" -a "x$POLARSSL_ENABLED" != "x1"; then
-      AC_MSG_ERROR([--with-ca-path only works with openSSL or PolarSSL])
+    if test "x$OPENSSL_ENABLED" != "x1" -a "x$GNUTLS_ENABLED" != "x1" -a "x$POLARSSL_ENABLED" != "x1"; then
+      AC_MSG_ERROR([--with-ca-path only works with OpenSSL, GnuTLS or PolarSSL])
    fi
    capath="$want_capath"
    ca="no"
@@ -2669,11 +2670,13 @@ AC_HELP_STRING([--without-ca-path], [Don't use a default CA path]),
    AC_DEFINE_UNQUOTED(CURL_CA_BUNDLE, "$ca", [Location of default ca bundle])
    AC_SUBST(CURL_CA_BUNDLE)
    AC_MSG_RESULT([$ca])
-  elif test "x$capath" != "xno"; then
+  fi
+  if test "x$capath" != "xno"; then
    CURL_CA_PATH="\"$capath\""
    AC_DEFINE_UNQUOTED(CURL_CA_PATH, "$capath", [Location of default ca path])
    AC_MSG_RESULT([$capath (capath)])
-  else
+  fi
+  if test "x$ca" == "xno" && test "x$capath" == "xno"; then
    AC_MSG_RESULT([no])
  fi
 ])
--- a/configure.ac
+++ b/configure.ac
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -1046,7 +1046,7 @@ if test x$CURL_DISABLE_LDAP != x1 ; then

  if test "$LDAPLIBNAME" = "wldap32"; then
    curl_ldap_msg="enabled (winldap)"
-    AC_DEFINE(CURL_LDAP_WIN, 1, [Use Windows LDAP implementation])
+    AC_DEFINE(USE_WIN32_LDAP, 1, [Use Windows LDAP implementation])
  else
    curl_ldap_msg="enabled (OpenLDAP)"
    if test "x$ac_cv_func_ldap_init_fd" = "xyes"; then
@@ -1184,6 +1184,8 @@ AC_ARG_WITH(gssapi,
  fi
 ])

+: ${KRB5CONFIG:="$GSSAPI_ROOT/bin/krb5-config"}
+
 save_CPPFLAGS="$CPPFLAGS"
 AC_MSG_CHECKING([if GSS-API support is requested])
 if test x"$want_gss" = xyes; then
@@ -1194,6 +1196,8 @@ if test x"$want_gss" = xyes; then
        GSSAPI_INCS=`$GSSAPI_ROOT/bin/$host_alias-krb5-config --cflags gssapi`
     elif test -f "$GSSAPI_ROOT/bin/krb5-config"; then
        GSSAPI_INCS=`$GSSAPI_ROOT/bin/krb5-config --cflags gssapi`
+     elif test -f "$KRB5CONFIG"; then
+        GSSAPI_INCS=`$KRB5CONFIG --cflags gssapi`
     elif test "$GSSAPI_ROOT" != "yes"; then
        GSSAPI_INCS="-I$GSSAPI_ROOT/include"
     fi
@@ -1283,10 +1287,10 @@ if test x"$want_gss" = xyes; then
           dnl into LIBS
           gss_libs=`$GSSAPI_ROOT/bin/$host_alias-krb5-config --libs gssapi`
           LIBS="$gss_libs $LIBS"
-        elif test -f "$GSSAPI_ROOT/bin/krb5-config"; then
+        elif test -f "$KRB5CONFIG"; then
           dnl krb5-config doesn't have --libs-only-L or similar, put everything
           dnl into LIBS
-           gss_libs=`$GSSAPI_ROOT/bin/krb5-config --libs gssapi`
+           gss_libs=`$KRB5CONFIG --libs gssapi`
           LIBS="$gss_libs $LIBS"
        else
           case $host in
@@ -1451,6 +1455,7 @@ if test "$curl_ssl_msg" = "$init_ssl_msg" && test X"$OPT_SSL" != Xno; then
      SSL_CPPFLAGS=`CURL_EXPORT_PCDIR([$OPENSSL_PCDIR]) dnl
        $PKGCONFIG --cflags-only-I openssl 2>/dev/null`

+      AC_SUBST(SSL_LIBS)
      AC_MSG_NOTICE([pkg-config: SSL_LIBS: "$SSL_LIBS"])
      AC_MSG_NOTICE([pkg-config: SSL_LDFLAGS: "$SSL_LDFLAGS"])
      AC_MSG_NOTICE([pkg-config: SSL_CPPFLAGS: "$SSL_CPPFLAGS"])
@@ -1527,7 +1532,7 @@ if test "$curl_ssl_msg" = "$init_ssl_msg" && test X"$OPT_SSL" != Xno; then

    else

-      dnl Have the libraries--check for SSLeay/OpenSSL headers
+      dnl Have the libraries--check for OpenSSL headers
      AC_CHECK_HEADERS(openssl/x509.h openssl/rsa.h openssl/crypto.h \
                       openssl/pem.h openssl/ssl.h openssl/err.h,
        curl_ssl_msg="enabled (OpenSSL)"
@@ -1551,17 +1556,11 @@ if test "$curl_ssl_msg" = "$init_ssl_msg" && test X"$OPT_SSL" != Xno; then
    fi

    if test X"$OPENSSL_ENABLED" = X"1"; then
-       AC_DEFINE(USE_SSLEAY, 1, [if SSL is enabled])
-
       dnl is there a pkcs12.h header present?
       AC_CHECK_HEADERS(openssl/pkcs12.h)
    else
       LIBS="$CLEANLIBS"
    fi
-    dnl USE_SSLEAY is the historical name for what configure calls
-    dnl OPENSSL_ENABLED; the names should really be unified
-    USE_SSLEAY="$OPENSSL_ENABLED"
-    AC_SUBST(USE_SSLEAY)

    if test X"$OPT_SSL" != Xoff &&
       test "$OPENSSL_ENABLED" != "1"; then
@@ -1578,8 +1577,11 @@ if test "$curl_ssl_msg" = "$init_ssl_msg" && test X"$OPT_SSL" != Xno; then
                AC_CHECK_FUNCS( ENGINE_load_builtin_engines )
              ])

-    dnl these can only exist if openssl exists
-    dnl yassl doesn't have SSL_get_shutdown
+    dnl These can only exist if OpenSSL exists
+    dnl Older versions of Cyassl (some time before 2.9.4) don't have
+    dnl SSL_get_shutdown (but this check won't actually detect it there
+    dnl as it's a macro that needs the header files be included)
+    dnl BoringSSL doesn't have DES_set_odd_parity

    AC_CHECK_FUNCS( RAND_status \
                    RAND_screen \
@@ -1587,28 +1589,30 @@ if test "$curl_ssl_msg" = "$init_ssl_msg" && test X"$OPT_SSL" != Xno; then
                    ENGINE_cleanup \
                    CRYPTO_cleanup_all_ex_data \
                    SSL_get_shutdown \
-                    SSLv2_client_method )
+                    SSLv2_client_method \
+                    DES_set_odd_parity )

-    dnl Make an attempt to detect if this is actually yassl's headers and
-    dnl OpenSSL emulation layer. We still leave everything else believing
-    dnl and acting like OpenSSL.
-
-    AC_MSG_CHECKING([for yaSSL using OpenSSL compatibility mode])
+    AC_MSG_CHECKING([for BoringSSL])
+    if test "x$ac_cv_func_DES_set_odd_parity" != "xyes"; then
+      curl_ssl_msg="enabled (BoringSSL)"
+      AC_DEFINE_UNQUOTED(HAVE_BORINGSSL, 1,
+        [Define to 1 if using BoringSSL.])
+      AC_MSG_RESULT([yes])
+    else
+      AC_MSG_RESULT([no])
+    fi
+    AC_MSG_CHECKING([for libressl])
    AC_COMPILE_IFELSE([
      AC_LANG_PROGRAM([[
-#include <openssl/ssl.h>
+#include <openssl/opensslv.h>
      ]],[[
-#if defined(YASSL_VERSION) && defined(OPENSSL_VERSION_NUMBER)
-        int dummy = SSL_ERROR_NONE;
-#else
-        Not the yaSSL OpenSSL compatibility header.
-#endif
+        int dummy = LIBRESSL_VERSION_NUMBER;
      ]])
    ],[
      AC_MSG_RESULT([yes])
-      AC_DEFINE_UNQUOTED(USE_YASSLEMUL, 1,
-        [Define to 1 if using yaSSL in OpenSSL compatibility mode.])
-      curl_ssl_msg="enabled (OpenSSL emulation by yaSSL)"
+      AC_DEFINE_UNQUOTED(HAVE_LIBRESSL, 1,
+        [Define to 1 if using libressl.])
+      curl_ssl_msg="enabled (libressl)"
    ],[
      AC_MSG_RESULT([no])
    ])
@@ -1672,8 +1676,8 @@ dnl ---
 if test "$OPENSSL_ENABLED" = "1"; then
  AC_CHECK_LIB(crypto, SRP_Calc_client_key,
   [
-     AC_DEFINE(HAVE_SSLEAY_SRP, 1, [if you have the function SRP_Calc_client_key])
-     AC_SUBST(HAVE_SSLEAY_SRP, [1])
+     AC_DEFINE(HAVE_OPENSSL_SRP, 1, [if you have the function SRP_Calc_client_key])
+     AC_SUBST(HAVE_OPENSSL_SRP, [1])
   ])
 fi

@@ -1943,6 +1947,10 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
      OPT_CYASSL=""
    fi

+    dnl This should be reworked to use pkg-config instead
+
+    cyassllibname=cyassl
+
    if test -z "$OPT_CYASSL" ; then
      dnl check for lib in system default first

@@ -1984,19 +1992,70 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
       [
         CPPFLAGS=$_cppflags
         LDFLAGS=$_ldflags
+         cyassllib=""
       ])
    fi

+    addld=""
+    addlib=""
+    addcflags=""
+
+    if test "x$USE_CYASSL" != "xyes"; then
+      dnl libcyassl renamed to libwolfssl as of 3.4.0
+      addld=-L$OPT_CYASSL/lib$libsuff
+      addcflags=-I$OPT_CYASSL/include
+      cyassllib=$OPT_CYASSL/lib$libsuff
+
+      LDFLAGS="$LDFLAGS $addld"
+      if test "$addcflags" != "-I/usr/include"; then
+         CPPFLAGS="$CPPFLAGS $addcflags"
+      fi
+
+      cyassllibname=wolfssl
+      my_ac_save_LIBS="$LIBS"
+      LIBS="-l$cyassllibname -lm $LIBS"
+
+      AC_MSG_CHECKING([for CyaSSL_Init in -lwolfssl])
+      AC_LINK_IFELSE([
+	AC_LANG_PROGRAM([[
+/* These aren't needed for detection and confuse WolfSSL.
+   They are set up properly later if it is detected.  */
+#undef SIZEOF_LONG
+#undef SIZEOF_LONG_LONG
+#include <cyassl/ssl.h>
+	]],[[
+	  return CyaSSL_Init();
+	]])
+      ],[
+         AC_MSG_RESULT(yes)
+         AC_DEFINE(USE_CYASSL, 1, [if CyaSSL is enabled])
+         AC_SUBST(USE_CYASSL, [1])
+         CYASSL_ENABLED=1
+         USE_CYASSL="yes"
+         curl_ssl_msg="enabled (CyaSSL)"
+       ],
+       [
+         AC_MSG_RESULT(no)
+         CPPFLAGS=$_cppflags
+         LDFLAGS=$_ldflags
+         cyassllib=""
+       ])
+      LIBS="$my_ac_save_LIBS"
+    fi
+
    if test "x$USE_CYASSL" = "xyes"; then
      AC_MSG_NOTICE([detected CyaSSL])

      dnl cyassl/ctaocrypt/types.h needs SIZEOF_LONG_LONG defined!
      AC_CHECK_SIZEOF(long long)

+      dnl Versions since at least 2.6.0 may have options.h
+      AC_CHECK_HEADERS(cyassl/options.h)
+
      dnl Versions since at least 2.9.4 renamed error.h to error-ssl.h
      AC_CHECK_HEADERS(cyassl/error-ssl.h)

-      LIBS="-lcyassl -lm $LIBS"
+      LIBS="-l$cyassllibname -lm $LIBS"

      if test -n "$cyassllib"; then
        dnl when shared libs were found in a path that the run-time
@@ -2063,57 +2122,73 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
        fi
      fi
    else
-        # Without pkg-config, we'll kludge in some defaults
-        addlib="-L$OPT_NSS/lib -lssl3 -lsmime3 -lnss3 -lplds4 -lplc4 -lnspr4 -lpthread -ldl"
-        addcflags="-I$OPT_NSS/include"
-        version="unknown"
-        nssprefix=$OPT_NSS
-    fi
-
-    if test -n "$addlib"; then
-
-      CLEANLIBS="$LIBS"
-      CLEANCPPFLAGS="$CPPFLAGS"
-
-      LIBS="$addlib $LIBS"
-      if test "$addcflags" != "-I/usr/include"; then
-         CPPFLAGS="$CPPFLAGS $addcflags"
-      fi
-
-      dnl The function SSL_VersionRangeSet() is needed to enable TLS > 1.0
-      AC_CHECK_LIB(nss3, SSL_VersionRangeSet,
-       [
-       AC_DEFINE(USE_NSS, 1, [if NSS is enabled])
-       AC_SUBST(USE_NSS, [1])
-       USE_NSS="yes"
-       NSS_ENABLED=1
-       curl_ssl_msg="enabled (NSS)"
-       ],
-       [
-         LIBS="$CLEANLIBS"
-         CPPFLAGS="$CLEANCPPFLAGS"
-       ])
-
-      if test "x$USE_NSS" = "xyes"; then
-        AC_MSG_NOTICE([detected NSS version $version])
-
-        dnl needed when linking the curl tool without USE_EXPLICIT_LIB_DEPS
-        NSS_LIBS=$addlib
-        AC_SUBST([NSS_LIBS])
-
-        dnl when shared libs were found in a path that the run-time
-        dnl linker doesn't search through, we need to add it to
-        dnl LD_LIBRARY_PATH to prevent further configure tests to fail
-        dnl due to this
-        if test "x$cross_compiling" != "xyes"; then
-          LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$nssprefix/lib$libsuff"
-          export LD_LIBRARY_PATH
-          AC_MSG_NOTICE([Added $nssprefix/lib$libsuff to LD_LIBRARY_PATH])
+      NSS_PCDIR="$OPT_NSS/lib/pkgconfig"
+      if test -f "$NSS_PCDIR/nss.pc"; then
+        CURL_CHECK_PKGCONFIG(nss, [$NSS_PCDIR])
+        if test "$PKGCONFIG" != "no" ; then
+          addld=`CURL_EXPORT_PCDIR([$NSS_PCDIR]) $PKGCONFIG --libs-only-L nss`
+          addlib=`CURL_EXPORT_PCDIR([$NSS_PCDIR]) $PKGCONFIG --libs-only-l nss`
+          addcflags=`CURL_EXPORT_PCDIR([$NSS_PCDIR]) $PKGCONFIG --cflags nss`
+          version=`CURL_EXPORT_PCDIR([$NSS_PCDIR]) $PKGCONFIG --modversion nss`
+          nssprefix=`CURL_EXPORT_PCDIR([$NSS_PCDIR]) $PKGCONFIG --variable=prefix nss`
        fi
      fi
-
    fi

+    if test -z "$addlib"; then
+      # Without pkg-config, we'll kludge in some defaults
+      AC_MSG_WARN([Using hard-wired libraries and compilation flags for NSS.])
+      addld="-L$OPT_NSS/lib"
+      addlib="-lssl3 -lsmime3 -lnss3 -lplds4 -lplc4 -lnspr4"
+      addcflags="-I$OPT_NSS/include"
+      version="unknown"
+      nssprefix=$OPT_NSS
+    fi
+
+    CLEANLDFLAGS="$LDFLAGS"
+    CLEANLIBS="$LIBS"
+    CLEANCPPFLAGS="$CPPFLAGS"
+
+    LDFLAGS="$addld $LDFLAGS"
+    LIBS="$addlib $LIBS"
+    if test "$addcflags" != "-I/usr/include"; then
+       CPPFLAGS="$CPPFLAGS $addcflags"
+    fi
+
+    dnl The function SSL_VersionRangeSet() is needed to enable TLS > 1.0
+    AC_CHECK_LIB(nss3, SSL_VersionRangeSet,
+     [
+     AC_DEFINE(USE_NSS, 1, [if NSS is enabled])
+     AC_SUBST(USE_NSS, [1])
+     USE_NSS="yes"
+     NSS_ENABLED=1
+     curl_ssl_msg="enabled (NSS)"
+     ],
+     [
+       LDFLAGS="$CLEANLDFLAGS"
+       LIBS="$CLEANLIBS"
+       CPPFLAGS="$CLEANCPPFLAGS"
+     ])
+
+    if test "x$USE_NSS" = "xyes"; then
+      AC_MSG_NOTICE([detected NSS version $version])
+
+      dnl needed when linking the curl tool without USE_EXPLICIT_LIB_DEPS
+      NSS_LIBS=$addlib
+      AC_SUBST([NSS_LIBS])
+
+      dnl when shared libs were found in a path that the run-time
+      dnl linker doesn't search through, we need to add it to
+      dnl LD_LIBRARY_PATH to prevent further configure tests to fail
+      dnl due to this
+      if test "x$cross_compiling" != "xyes"; then
+        LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$nssprefix/lib$libsuff"
+        export LD_LIBRARY_PATH
+        AC_MSG_NOTICE([Added $nssprefix/lib$libsuff to LD_LIBRARY_PATH])
+      fi
+
+    fi dnl NSS found
+
  fi dnl NSS not disabled

 fi dnl curl_ssl_msg = init_ssl_msg
@@ -3268,7 +3343,7 @@ AC_HELP_STRING([--disable-tls-srp],[Disable TLS-SRP authentication]),
       want_tls_srp=yes
 )

-if test "$want_tls_srp" = "yes" && ( test "x$HAVE_GNUTLS_SRP" = "x1" || test "x$HAVE_SSLEAY_SRP" = "x1") ; then
+if test "$want_tls_srp" = "yes" && ( test "x$HAVE_GNUTLS_SRP" = "x1" || test "x$HAVE_OPENSSL_SRP" = "x1") ; then
   AC_DEFINE(USE_TLS_SRP, 1, [Use TLS-SRP authentication])
   USE_TLS_SRP=1
   curl_tls_srp_msg="enabled"
@@ -3382,7 +3457,7 @@ dnl For keeping supported features and protocols also in pkg-config file
 dnl since it is more cross-compile friendly than curl-config
 dnl

-if test "x$USE_SSLEAY" = "x1"; then
+if test "x$OPENSSL_ENABLED" = "x1"; then
  SUPPORT_FEATURES="$SUPPORT_FEATURES SSL"
 elif test -n "$SSL_ENABLED"; then
  SUPPORT_FEATURES="$SUPPORT_FEATURES SSL"
@@ -3421,7 +3496,7 @@ if test "x$CURL_DISABLE_CRYPTO_AUTH" != "x1" -a \
 fi

 if test "x$CURL_DISABLE_CRYPTO_AUTH" != "x1"; then
-  if test "x$USE_SSLEAY" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \
+  if test "x$OPENSSL_ENABLED" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \
      -o "x$GNUTLS_ENABLED" = "x1" -o "x$NSS_ENABLED" = "x1" \
      -o "x$DARWINSSL_ENABLED" = "x1"; then
    SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM"
@@ -3494,7 +3569,7 @@ if test "x$CURL_DISABLE_IMAP" != "x1"; then
 fi
 if test "x$CURL_DISABLE_SMB" != "x1" \
    -a "x$CURL_DISABLE_CRYPTO_AUTH" != "x1" \
-    -a \( "x$USE_SSLEAY" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \
+    -a \( "x$OPENSSL_ENABLED" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \
      -o "x$GNUTLS_ENABLED" = "x1" -o "x$NSS_ENABLED" = "x1" \
      -o "x$DARWINSSL_ENABLED" = "x1" \); then
  SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SMB"
--- a/contributors.sh
+++ b/contributors.sh
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 2013-2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 2013-2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -33,7 +33,8 @@
 start=$1

 if test -z "$start"; then
-  echo "Usage: $0 <since this tag/hash>"
+    echo "Usage: $0 <since this tag/hash> [--releasenotes]"
+    exit
 fi

 # filter out Author:, Commit: and *by: lines
@@ -59,7 +60,7 @@ if echo "$*" | grep -qw -- '--releasenotes';then
    # grep out the list of names from RELEASE-NOTES
    # split on ", "
    # remove leading white spaces
-grep "^  [^ ]" RELEASE-NOTES| \
+grep "^  [^ \(]" RELEASE-NOTES| \
 sed 's/, */\n/g'| \
 sed 's/^ *//'
 fi
--- a/contrithanks.sh
+++ b/contrithanks.sh
@@ -0,0 +1,57 @@
+#!/bin/sh
+#***************************************************************************
+#                                  _   _ ____  _
+#  Project                     ___| | | |  _ \| |
+#                             / __| | | | |_) | |
+#                            | (__| |_| |  _ <| |___
+#                             \___|\___/|_| \_\_____|
+#
+# Copyright (C) 2013-2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+#
+# This software is licensed as described in the file COPYING, which
+# you should have received as part of this distribution. The terms
+# are also available at http://curl.haxx.se/docs/copyright.html.
+#
+# You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# copies of the Software, and permit persons to whom the Software is
+# furnished to do so, under the terms of the COPYING file.
+#
+# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# KIND, either express or implied.
+#
+###########################################################################
+
+#
+# This script shows all mentioned contributors from <hash> until HEAD and
+# puts them at the end of the THANKS document on stdout
+#
+
+start=$1
+
+if test -z "$start"; then
+  echo "Usage: $0 <since this tag/hash>"
+fi
+
+cat ./docs/THANKS
+
+(
+git log $start..HEAD | \
+egrep -i '(Author|Commit|by):' | \
+cut -d: -f2- | \
+cut '-d<' -f1 | \
+tr , '\012' | \
+sed 's/ and /\n/' | \
+sed -e 's/^ //' -e 's/ $//g'
+
+# grep out the list of names from RELEASE-NOTES
+# split on ", "
+# remove leading white spaces
+grep "^  [^ (]" RELEASE-NOTES| \
+sed 's/, */\n/g'| \
+sed 's/^ *//'
+
+)| \
+sed -f ./docs/THANKS-filter | \
+grep ' ' | \
+sort -fu | \
+grep -xvf ./docs/THANKS 
--- a/curl-config.in
+++ b/curl-config.in
@@ -71,7 +71,7 @@ while test $# -gt 0; do
        ;;

    --ca)
-        echo "@CURL_CA_BUNDLE@"
+        echo @CURL_CA_BUNDLE@
        ;;

    --cc)
--- a/docs/BINDINGS
+++ b/docs/BINDINGS
@@ -90,6 +90,11 @@ Guile:
  Written by Michael L. Gran
  http://www.lonelycactus.com/guile-curl.html

+Harbour
+
+  Written by Viktor Szakáts
+  https://github.com/vszakats/harbour-core/tree/master/contrib/hbcurl
+
 Haskell

  Written by Galois, Inc
@@ -115,7 +120,7 @@ Lua
  luacurl by Alexander Marinov
  http://luacurl.luaforge.net/

-  Lua-cURL by J<EFBFBD>rgen H<EFBFBD>tzel
+  Lua-cURL by Jürgen Hötzel
  http://luaforge.net/projects/lua-curl/

 Mono
@@ -219,8 +224,8 @@ SPL

 Tcl

-  Tclcurl by Andr<EFBFBD>s Garc<EFBFBD>a
-  http://personal1.iddeo.es/andresgarci/tclcurl/english/docs.html
+  Tclcurl by Andrés García
+  http://mirror.yellow5.com/tclcurl/

 Visual Basic

--- a/docs/BUGS
+++ b/docs/BUGS
@@ -35,11 +35,9 @@ BUGS
  have a go at a solution. You can optionally also post your bug/problem at
  curl's bug tracking system over at

-        https://sourceforge.net/p/curl/bugs/
+        https://github.com/bagder/curl/issues

-  Please read the rest of this document below first before doing that! Also,
-  you need to login to your sourceforge account before being able to submit a
-  bug report (necessary evil done to avoid spam).
+  Please read the rest of this document below first before doing that!

  If you feel you need to ask around first, find a suitable mailing list and
  post there. The lists are available on http://curl.haxx.se/mail/
--- a/docs/CONTRIBUTE
+++ b/docs/CONTRIBUTE
@@ -34,7 +34,7 @@
 3.3 How To Make a Patch without git
 3.4 How to get your changes into the main sources
 3.5 Write good commit messages
- 3.6 Please don't send pull requests
+ 3.6 About pull requests

 ==============================================================================

@@ -52,6 +52,10 @@

 We also hang out on IRC in #curl on irc.freenode.net

+ If you're at all interested in the code side of things, consider clicking
+ 'watch' on the curl repo at github to get notified on pull requests and new
+ issues posted there.
+
 1.2. License

 When contributing with code, you agree to put your changes and new code under
@@ -78,10 +82,10 @@

 1.3 What To Read

- Source code, the man pages, the INTERNALS document, TODO, KNOWN_BUGS, the
- most recent CHANGES. Just lurking on the curl-library mailing list is gonna
- give you a lot of insights on what's going on right now. Asking there is a
- good idea too.
+ Source code, the man pages, the INTERNALS document, TODO, KNOWN_BUGS and the
+ most recent changes in the git log. Just lurking on the curl-library mailing
+ list is gonna give you a lot of insights on what's going on right now. Asking
+ there is a good idea too.

 2. cURL Coding Standards

@@ -288,27 +292,15 @@
 and make sure that you have your own user and email setup correctly in git
 before you commit

-3.6 Please don't send pull requests
+3.6 About pull requests

 With git (and especially github) it is easy and tempting to send a pull
- request to one or more people in the curl project to have changes merged this
- way instead of mailing patches to the curl-library mailing list.
+ request to the curl project to have changes merged this way instead of
+ mailing patches to the curl-library mailing list.

- We don't like that. We want them mailed for these reasons:
+ We used to dislike this but we're trying to change that and accept that this
+ is a frictionless way for people to contribute to the project. We now welcome
+ pull requests!

- - Peer review. Anyone and everyone on the list can review, comment and
-   improve on the patch. Pull requests limit this ability.
-
- - Anyone can merge the patch into their own trees for testing and those who
-   have push rights can push it to the main repo. It doesn't have to be anyone
-   the patch author knows beforehand.
-
- - Commit messages can be tweaked and changed if merged locally instead of
-   using github. Merges directly on github requires the changes to be perfect
-   already, which they seldom are.
-
- - Merges on github prevents rebases and even enforces --no-ff which is a git
-   style we don't otherwise use in the project
-
- However: once patches have been reviewed and deemed fine on list they are
- perfectly OK to be pulled from a published git tree.
+ We will continue to avoid using github's merge tools to make the history
+ linear and to make sure commits follow our style guidelines.
--- a/docs/FAQ
+++ b/docs/FAQ
@@ -81,6 +81,7 @@ FAQ
  4.18 file:// URLs containing drive letters (Windows, NetWare)
  4.19 Why doesn't cURL return an error when the network cable is unplugged?
  4.20 curl doesn't return error for HTTP non-200 responses!
+  4.21 Why is there a HTTP/1.1 in my HTTP/2 request?

 5. libcurl Issues
  5.1 Is libcurl thread-safe?
@@ -764,8 +765,9 @@ FAQ
  request-body in a GET request with something like "curl -X GET -d data
  [URL]"

-  Note that -X doesn't change curl's behavior. It only modifies the actual
-  string sent in the request.
+  Note that -X doesn't actually change curl's behavior as it only modifies the
+  actual string sent in the request, but that may of course trigger a
+  different set of events.

  Accordingly, by using -XPOST on a command line that for example would follow
  a 303 redirect, you will effectively prevent curl from behaving
@@ -1115,6 +1117,16 @@ FAQ
  You can also use the -w option and the variable %{response_code} to extract
  the exact response code that was return in the response.

+  4.21 Why is there a HTTP/1.1 in my HTTP/2 request?
+
+  If you use verbose to see the HTTP request when you send off a HTTP/2
+  request, it will still say 1.1.
+
+  The reason for this is that we first generate the request to send using the
+  old 1.1 style and show that request in the verbose output, and then we
+  convert it over to the binary header-compressed HTTP/2 style. The actual
+  "1.1" part from that request is then not actually used in the transfer. The
+  binary HTTP/2 headers are not human readable.

 5. libcurl Issues

--- a/docs/FEATURES
+++ b/docs/FEATURES
@@ -134,8 +134,8 @@ SMB
 - authentication with NTLMv1

 SMTP
- - authentication: Plain, Login, CRAM-MD5, Digest-MD5, NTLM (*9) and Kerberos 5
-   (*4)
+ - authentication: Plain, Login, CRAM-MD5, Digest-MD5, NTLM (*9), Kerberos 5
+   (*4) and External.
 - send e-mails
 - mail from support
 - mail size support
@@ -150,8 +150,8 @@ SMTPS (*1)

 POP3
 - authentication: Clear Text, APOP and SASL
- - SASL based authentication: Plain, Login, CRAM-MD5, Digest-MD5, NTLM (*9) and
-   Kerberos 5 (*4)
+ - SASL based authentication: Plain, Login, CRAM-MD5, Digest-MD5, NTLM (*9),
+   Kerberos 5 (*4) and External.
 - list e-mails
 - retrieve e-mails
 - enhanced command support for: CAPA, DELE, TOP, STAT, UIDL and NOOP via
@@ -165,8 +165,8 @@ POP3S (*1)

 IMAP
 - authentication: Clear Text and SASL
- - SASL based authentication: Plain, Login, CRAM-MD5, Digest-MD5, NTLM (*9) and
-   Kerberos 5 (*4)
+ - SASL based authentication: Plain, Login, CRAM-MD5, Digest-MD5, NTLM (*9),
+   Kerberos 5 (*4) and External.
 - list the folders of a mailbox
 - select a mailbox with support for verifying the UIDVALIDITY
 - fetch e-mails with support for specifying the UID and SECTION
--- a/docs/KNOWN_BUGS
+++ b/docs/KNOWN_BUGS
@@ -3,6 +3,15 @@ join in and help us correct one or more of these! Also be sure to check the
 changelog of the current development status, as one or more of these problems
 may have been fixed since this was written!

+90. IMAP "SEARCH ALL" truncates output on large boxes. "A quick search of the
+  code reveals that pingpong.c contains some truncation code, at line 408,
+  when it deems the server response to be too large truncating it to 40
+  characters"
+  http://curl.haxx.se/bug/view.cgi?id=1366
+
+89. Disabling HTTP Pipelining when there are ongoing transfers can lead to
+  heap corruption and crash. http://curl.haxx.se/bug/view.cgi?id=1411
+
 88. libcurl doesn't support CURLINFO_FILETIME for SFTP transfers and thus
  curl's -R option also doesn't work then.

--- a/docs/RELEASE-PROCEDURE
+++ b/docs/RELEASE-PROCEDURE
@@ -84,11 +84,12 @@ Coming dates
 Based on the description above, here are some planned release dates (at the
 time of this writing):

- November 5, 2014 (version 7.39.0)
- December 31, 2014
- February 25, 2015
+- February 25, 2015 (version 7.41.0)
 - April 22, 2015
 - June 17, 2015
 - August 12, 2015
 - October 7, 2015
 - December 2, 2015
+- January 27, 2016
+- March 23, 2016
+- May 18, 2016
--- a/docs/ROADMAP.md
+++ b/docs/ROADMAP.md
@@ -8,38 +8,39 @@ possible participation.
 New stuff - libcurl
 -------------------

-1. http2 test suite
+1. HTTP/2

-2. http2 multiplexing/pipelining
+ - test suite
+ - http2 multiplexing/pipelining
+ - provide option for HTTP/2 "prior knowledge" over clear text
+ - provide option to allow curl to default to HTTP/2 only when using HTTPS

-3. SPDY
+2. SRV records

-4. SRV records
+3. HTTPS to proxy

-5. HTTPS to proxy
-
-6. make sure there's an easy handle passed in to `curl_formadd()`,
+4. make sure there's an easy handle passed in to `curl_formadd()`,
   `curl_formget()` and `curl_formfree()` by adding replacement functions and
   deprecating the old ones to allow custom mallocs and more

-7. add support for third-party SASL libraries such as Cyrus SASL - may need to
+5. add support for third-party SASL libraries such as Cyrus SASL - may need to
   move existing native and SSPI based authentication into vsasl folder after
   reworking HTTP and SASL code

-8. SASL authentication in LDAP
+6. SASL authentication in LDAP

-9. Simplify the SMTP email interface so that programmers don't have to
+7. Simplify the SMTP email interface so that programmers don't have to
   construct the body of an email that contains all the headers, alternative
   content, images and attachments - maintain raw interface so that
   programmers that want to do this can

-10. Allow the email protocols to return the capabilities before
+8. Allow the email protocols to return the capabilities before
    authenticating. This will allow an application to decide on the best
    authentication mechanism

-11. Allow Windows threading model to be replaced by Win32 pthreads port
+9. Allow Windows threading model to be replaced by Win32 pthreads port

-12. Implement a dynamic buffer size to allow SFTP to use much larger buffers
+10. Implement a dynamic buffer size to allow SFTP to use much larger buffers
    and possibly allow the size to be customizable by applications. Use less
    memory when handles are not in use?

@@ -66,7 +67,6 @@ Improve

 4. docs (considered "bad" by users but how do we make it better?)

-  - split up `curl_easy_setopt.3`
  - split up curl.1

 5. authentication framework (consider merging HTTP and SASL authentication to
@@ -79,7 +79,5 @@ Improve
 Remove
 ------

-1. cmake support (nobody maintains it)
-
-2. makefile.vc files as there is no point in maintaining two sets of Windows
+1. makefile.vc files as there is no point in maintaining two sets of Windows
   makefiles. Note: These are currently being used by the Windows autobuilds
--- a/docs/THANKS
+++ b/docs/THANKS
@@ -40,6 +40,8 @@ Alexander Klauer
 Alexander Kourakos
 Alexander Krasnostavsky
 Alexander Lazic
+Alexander Pepper
+Alexander Peslyak
 Alexander Zhuravlev
 Alexey Borzov
 Alexey Pesternikov
@@ -79,6 +81,7 @@ Andrew Kurushin
 Andrew Moise
 Andrew Wansink
 Andrew de los Reyes
+Andrey Labunets
 Andrii Moiseiev
 Andrés García
 Andy Cedilnik
@@ -112,6 +115,7 @@ Balint Szilakszi
 Barry Abrahamson
 Bart Whiteley
 Bas Mevissen
+Ben Boeckel
 Ben Darnell
 Ben Greear
 Ben Madsen
@@ -142,6 +146,7 @@ Bob Richmond
 Bob Schader
 Bogdan Nicula
 Brad Burdick
+Brad Harder
 Brad Hards
 Brad King
 Brad Spencer
@@ -172,6 +177,7 @@ Catalin Patulea
 Chad Monroe
 Chandrakant Bagul
 Charles Kerr
+Charles Romestant
 Chen Prog
 Chih-Chung Chang
 Chris "Bob Bob"
@@ -221,6 +227,7 @@ Curt Bogmine
 Cyrill Osterwalder
 Cédric Deltheil
 D. Flinkmann
+Da-Yoon Chung
 Dag Ekengren
 Dagobert Michelsen
 Damian Dixon
@@ -331,6 +338,7 @@ Eldar Zaitov
 Ellis Pritchard
 Elmira A Semenova
 Emanuele Bovisio
+Emil Lerner
 Emil Romanus
 Emiliano Ida
 Enrico Scholz
@@ -436,6 +444,7 @@ Götz Babin-Ebell
 Hamish Mackenzie
 Hang Kin Lau
 Hang Su
+Hanno Böck
 Hanno Kranzhoff
 Hans Steegers
 Hans-Jurgen May
@@ -476,6 +485,7 @@ Immanuel Gregoire
 Ingmar Runge
 Ingo Ralf Blum
 Ingo Wilken
+Isaac Boukris
 Ishan SinghLevett
 Ivo Bellin Salarin
 Jack Zhang
@@ -516,6 +526,7 @@ Jaz Fresh
 Jean Jacques Drouin
 Jean-Claude Chauve
 Jean-Francois Bertrand
+Jean-Francois Durand
 Jean-Louis Lemaire
 Jean-Marc Ranger
 Jean-Noël Rouvignac
@@ -532,6 +543,7 @@ Jeremy Friesner
 Jeremy Huddleston
 Jeremy Lin
 Jeroen Koekkoek
+Jeroen Ooms
 Jerome Muffat-Meridol
 Jerome Robert
 Jerome Vouillon
@@ -545,6 +557,7 @@ Jim Drash
 Jim Freeman
 Jim Hollinger
 Jim Meyering
+Jiri Dvorak
 Jiri Hruska
 Jiri Jaburek
 Jiri Malak
@@ -555,6 +568,7 @@ Joe Mason
 Joel Chen
 Jofell Gallardo
 Johan Anderson
+Johan Lantz
 Johan Nilsson
 Johan van Selst
 Johannes Bauer
@@ -572,6 +586,7 @@ John Kelly
 John Lask
 John Lightsey
 John Marino
+John Marshall
 John McGowan
 John P. McCaskey
 John Suprock
@@ -581,6 +596,8 @@ Johnny Luong
 Jon Grubbs
 Jon Nelson
 Jon Sargeant
+Jon Seymour
+Jon Spencer
 Jon Torrey
 Jon Travis
 Jon Turner
@@ -589,6 +606,7 @@ Jonas Schnelli
 Jonatan Lander
 Jonatan Vela
 Jonathan Cardoso Machado
+Jonathan Cardoso Machado Machado
 Jonathan Hseu
 Jonathan Nieder
 Jongki Suwandi
@@ -605,8 +623,10 @@ Judson Bishop
 Juergen Wilke
 Jukka Pihl
 Julian Noble
+Julian Ospald
 Julian Taylor
 Julien Chaffraix
+Julien Nabet
 Julien Royer
 Jun-ichiro itojun Hagino
 Jurij Smakov
@@ -652,6 +672,7 @@ Krishnendu Majumdar
 Krister Johansen
 Kristian Gunstone
 Kristian Köhntopp
+Kyle J. McKay
 Kyle L. Huff
 Kyle Sallee
 Lachlan O'Dea
@@ -670,6 +691,7 @@ Laurent Rabret
 Legoff Vincent
 Lehel Bernadt
 Leif W
+Leith Bade
 Len Krause
 Lenaic Lefever
 Lenny Rachitsky
@@ -709,8 +731,10 @@ Manuel Massing
 Marc Boucher
 Marc Deslauriers
 Marc Doughty
+Marc Hesse
 Marc Hoersken
 Marc Kleine-Budde
+Marc Renault
 Marcel Raad
 Marcel Roelofs
 Marcelo Juchem
@@ -733,6 +757,7 @@ Mark Salisbury
 Mark Snelling
 Mark Tully
 Markus Duft
+Markus Elfring
 Markus Koetter
 Markus Moeller
 Markus Oberhumer
@@ -761,6 +786,7 @@ Matt Wixson
 Matteo Rocco
 Matthew Blain
 Matthew Clarke
+Matthew Hall
 Matthias Bolte
 Maurice Barnum
 Mauro Iorio
@@ -781,16 +807,19 @@ Michael Day
 Michael Goffioul
 Michael Jahn
 Michael Jerris
+Michael Kaufmann
 Michael Mealling
 Michael Mueller
 Michael Osipov
 Michael Smith
+Michael Stapelberg
 Michael Stillwell
 Michael Wallner
 Michal Bonino
 Michal Marek
 Michał Górny
 Michał Kowalczyk
+Michel Promonet
 Michele Bini
 Miguel Angel
 Miguel Diaz
@@ -814,6 +843,7 @@ Mitz Wark
 Mohamed Lrhazi
 Mohammad AlSaleh
 Mohun Biswas
+Mostyn Bramley-Moore
 Myk Taylor
 Nach M. S.
 Nagai H
@@ -843,6 +873,7 @@ Nikos Mavrogiannopoulos
 Ning Dong
 Nir Soffer
 Nis Jorgensen
+Nobuhiro Ban
 Nodak Sodak
 Norbert Frese
 Norbert Novotny
@@ -898,6 +929,7 @@ Peter Heuchert
 Peter Hjalmarsson
 Peter Korsgaard
 Peter Lamberg
+Peter Laser
 Peter O'Gorman
 Peter Pentchev
 Peter Silva
@@ -963,6 +995,7 @@ Rene Rebe
 Reuven Wachtfogel
 Reza Arbab
 Ricardo Cadime
+Rich Burridge
 Rich Gray
 Rich Rauenzahn
 Richard Archer
@@ -1021,6 +1054,8 @@ S. Moonesamy
 Salvador Dávila
 Salvatore Sorrentino
 Sam Deane
+Sam Hurst
+Sam Schanken
 Sampo Kellomaki
 Samuel Díaz García
 Samuel Listopad
@@ -1065,6 +1100,8 @@ Spork Schivago
 Stadler Stephan
 Stan van de Burgt
 Stanislav Ivochkin
+Stefan Bühler
+Stefan Eissing
 Stefan Esser
 Stefan Krause
 Stefan Neis
@@ -1079,6 +1116,7 @@ Stephen More
 Sterling Hughes
 Steve Green
 Steve H Truong
+Steve Havelka
 Steve Holme
 Steve Lhomme
 Steve Little
@@ -1099,6 +1137,7 @@ Symeon Paraschoudis
 Sébastien Willemijns
 T. Bharath
 T. Yamada
+Tae Hyoung Ahn
 Taneli Vahakangas
 Tanguy Fautre
 Tatsuhiro Tsujikawa
@@ -1108,6 +1147,7 @@ Thomas J. Moore
 Thomas Klausner
 Thomas L. Shinnick
 Thomas Lopatic
+Thomas Ruecker
 Thomas Schwinge
 Thomas Tonino
 Tiit Pikma
@@ -1127,6 +1167,7 @@ Timo Sirainen
 Tinus van den Berg
 Tobias Markus
 Tobias Rundström
+Tobias Stoeckmann
 Toby Peterson
 Todd A Ouska
 Todd Kulesza
@@ -1147,6 +1188,7 @@ Tomas Hoger
 Tomas Mlcoch
 Tomas Pospisek
 Tomas Szepe
+Tomasz Kojm
 Tomasz Lacki
 Tommie Gannert
 Tommy Tam
@@ -1185,10 +1227,12 @@ Vladimir Grishchenko
 Vladimir Lazarenko
 Vojtech Janota
 Vojtech Minarik
+Vojtěch Král
 Vsevolod Novikov
 Waldek Kozba
 Walter J. Mack
 Ward Willats
+Warren Menzer
 Wayne Haigh
 Werner Koch
 Wesley Laxton
@@ -1203,6 +1247,7 @@ Wouter Van Rooy
 Wu Yongzheng
 Xavier Bouchoux
 Yaakov Selkowitz
+Yamada Yasuharu
 Yang Tse
 Yarram Sunil
 Yasuharu Yamada
@@ -1212,6 +1257,7 @@ Yi Huang
 Yingwei Liu
 Yousuke Kimoto
 Yukihiro Kawada
+Yun SangHo
 Yuriy Sosov
 Yves Arrouye
 Yves Lejeune
--- a/docs/THANKS-filter
+++ b/docs/THANKS-filter
@@ -33,7 +33,8 @@ s/Nick Zitzmann (originally)/Nick Zitzmann/
 s/product-security at Apple//
 s/IT DOES NOT WORK//
 s/Albert Chin/Albert Chin-A-Young/
-s/Paras S/Paras Sethia/
+s/Paras S\z/Paras Sethia/
+s/Paras Sethiaethia/Paras Sethia/
 s/Дмитрий Фалько/Dmitry Falko/
 s/byte_bucket in the #curl IRC channel//
 s/Michal Górny and Anthony G. Basile//
@@ -46,3 +47,5 @@ s/Frank Van Uffelen and Fabian Hiernaux//
 s/Rodrigo Silva (MestreLion)/Rodrigo Silva/
 s/tetetest tetetest//
 s/Jiří Hruška/Jiri Hruska/
+s/Viktor Szakats/Viktor Szakáts/
+s/Jonathan Cardoso/Jonathan Cardoso Machado/
--- a/docs/TODO
+++ b/docs/TODO
@@ -9,6 +9,11 @@
 Things to do in project cURL. Please tell us what you think, contribute and
 send us patches that improve things!

+ Be aware that these are things that we could do, or have once been considered
+ things we could do. If you want to work on any of these areas, please
+ consider bringing it up for discussions first on the mailing list so that we
+ all agree it is still a good idea for the project!
+
 All bugs documented in the KNOWN_BUGS document are subject for fixing!

 1. libcurl
@@ -65,61 +70,74 @@
 10. LDAP
 10.1 SASL based authentication mechanisms
 
- 11. New protocols
- 11.1 RSYNC
-
- 12. SSL
- 12.1 Disable specific versions
- 12.2 Provide mutex locking API
- 12.3 Evaluate SSL patches
- 12.4 Cache OpenSSL contexts
- 12.5 Export session ids
- 12.6 Provide callback for cert verification
- 12.7 improve configure --with-ssl
- 12.8 Support DANE
-
- 13. GnuTLS
- 13.1 SSL engine stuff
- 13.2 check connection
-
- 14. SASL
- 14.1 Other authentication mechanisms
- 14.2 Add QOP support to GSSAPI authentication
+ 11. SMB
+ 11.1 File listing support
+ 11.2 Honor file timestamps
+ 11.3 Use NTLMv2
 
- 15. Client
- 15.1 sync
- 15.2 glob posts
- 15.3 prevent file overwriting
- 15.4 simultaneous parallel transfers
- 15.5 provide formpost headers
- 15.6 warning when setting an option
+ 12. New protocols
+ 12.1 RSYNC

- 16. Build
- 16.1 roffit
+ 13. SSL
+ 13.1 Disable specific versions
+ 13.2 Provide mutex locking API
+ 13.3 Evaluate SSL patches
+ 13.4 Cache OpenSSL contexts
+ 13.5 Export session ids
+ 13.6 Provide callback for cert verification
+ 13.7 improve configure --with-ssl
+ 13.8 Support DANE

- 17. Test suite
- 17.1 SSL tunnel
- 17.2 nicer lacking perl message
- 17.3 more protocols supported
- 17.4 more platforms supported
- 17.5 Add support for concurrent connections
+ 14. GnuTLS
+ 14.1 SSL engine stuff
+ 14.2 check connection

- 18. Next SONAME bump
- 18.1 http-style HEAD output for FTP
- 18.2 combine error codes
- 18.3 extend CURLOPT_SOCKOPTFUNCTION prototype
+ 15. WinSSL/SChannel
+ 15.1 Add support for client certificate authentication
+ 15.2 Add support for custom server certificate validation
+ 15.3 Add support for the --ciphers option

- 19. Next major release
- 19.1 cleanup return codes
- 19.2 remove obsolete defines
- 19.3 size_t
- 19.4 remove several functions
- 19.5 remove CURLOPT_FAILONERROR
- 19.6 remove CURLOPT_DNS_USE_GLOBAL_CACHE
- 19.7 remove progress meter from libcurl
- 19.8 remove 'curl_httppost' from public
- 19.9 have form functions use CURL handle argument
- 19.10 Add CURLOPT_MAIL_CLIENT option
+ 16. SASL
+ 16.1 Other authentication mechanisms
+ 16.2 Add QOP support to GSSAPI authentication
+ 
+ 17. Client
+ 17.1 sync
+ 17.2 glob posts
+ 17.3 prevent file overwriting
+ 17.4 simultaneous parallel transfers
+ 17.5 provide formpost headers
+ 17.6 warning when setting an option
+ 17.7 warning when sending binary output to terminal
+ 17.8 offer color-coded HTTP header output
+ 17.9 Choose the name of file in braces for complex URLs
+
+ 18. Build
+ 18.1 roffit
+
+ 19. Test suite
+ 19.1 SSL tunnel
+ 19.2 nicer lacking perl message
+ 19.3 more protocols supported
+ 19.4 more platforms supported
+ 19.5 Add support for concurrent connections
+
+ 20. Next SONAME bump
+ 20.1 http-style HEAD output for FTP
+ 20.2 combine error codes
+ 20.3 extend CURLOPT_SOCKOPTFUNCTION prototype
+
+ 21. Next major release
+ 21.1 cleanup return codes
+ 21.2 remove obsolete defines
+ 21.3 size_t
+ 21.4 remove several functions
+ 21.5 remove CURLOPT_FAILONERROR
+ 21.6 remove CURLOPT_DNS_USE_GLOBAL_CACHE
+ 21.7 remove progress meter from libcurl
+ 21.8 remove 'curl_httppost' from public
+ 21.9 have form functions use CURL handle argument
+ 21.10 Add CURLOPT_MAIL_CLIENT option

 ==============================================================================

@@ -393,32 +411,47 @@ to provide the data to send.
 be possible to use ldap_bind_s() instead specifying the security context
 information ourselves.

-11. New protocols
+11. SMB

-11.1 RSYNC
+11.1 File listing support
+
+Add support for listing the contents of a SMB share. The output should probably
+be the same as/similar to FTP.
+
+11.2 Honor file timestamps
+
+The timestamp of the transfered file should reflect that of the original file.
+
+11.3 Use NTLMv2
+
+Currently the SMB authentication uses NTLMv1.
+
+12. New protocols
+
+12.1 RSYNC

 There's no RFC for the protocol or an URI/URL format.  An implementation
 should most probably use an existing rsync library, such as librsync.

-12. SSL
+13. SSL

-12.1 Disable specific versions
+13.1 Disable specific versions

 Provide an option that allows for disabling specific SSL versions, such as
 SSLv2 http://curl.haxx.se/bug/feature.cgi?id=1767276

-12.2 Provide mutex locking API
+13.2 Provide mutex locking API

 Provide a libcurl API for setting mutex callbacks in the underlying SSL
 library, so that the same application code can use mutex-locking
 independently of OpenSSL or GnutTLS being used.

-12.3 Evaluate SSL patches
+13.3 Evaluate SSL patches

 Evaluate/apply Gertjan van Wingerde's SSL patches:
 http://curl.haxx.se/mail/lib-2004-03/0087.html

-12.4 Cache OpenSSL contexts
+13.4 Cache OpenSSL contexts

 "Look at SSL cafile - quick traces look to me like these are done on every
 request as well, when they should only be necessary once per SSL context (or
@@ -428,7 +461,7 @@ to provide the data to send.
 style connections are re-used. It will make us use slightly more memory but
 it will libcurl do less creations and deletions of SSL contexts.

-12.5 Export session ids
+13.5 Export session ids

 Add an interface to libcurl that enables "session IDs" to get
 exported/imported. Cris Bailiff said: "OpenSSL has functions which can
@@ -436,18 +469,18 @@ to provide the data to send.
 the state from such a buffer at a later date - this is used by mod_ssl for
 apache to implement and SSL session ID cache".

-12.6 Provide callback for cert verification
+13.6 Provide callback for cert verification

 OpenSSL supports a callback for customised verification of the peer
 certificate, but this doesn't seem to be exposed in the libcurl APIs. Could
 it be? There's so much that could be done if it were!

-12.7 improve configure --with-ssl
+13.7 improve configure --with-ssl

 make the configure --with-ssl option first check for OpenSSL, then GnuTLS,
 then NSS...

-12.8 Support DANE
+13.8 Support DANE

 DNS-Based Authentication of Named Entities (DANE) is a way to provide SSL
 keys and certs over DNS using DNSSEC as an alternative to the CA model.
@@ -459,34 +492,69 @@ to provide the data to send.
 http://curl.haxx.se/mail/lib-2013-03/0103.html . libunbound may be the
 correct library to base this development on.

-13. GnuTLS
+14. GnuTLS

-13.1 SSL engine stuff
+14.1 SSL engine stuff

 Is this even possible?

-13.2 check connection
+14.2 check connection

 Add a way to check if the connection seems to be alive, to correspond to the
 SSL_peak() way we use with OpenSSL.

-14. SASL
+15. WinSSL/SChannel

-14.1 Other authentication mechanisms
+15.1 Add support for client certificate authentication

- Add support for other authentication mechanisms such as EXTERNAL, OLP,
+ WinSSL/SChannel currently makes use of the OS-level system and user
+ certificate and private key stores. This does not allow the application
+ or the user to supply a custom client certificate using curl or libcurl.
+
+ Therefore support for the existing -E/--cert and --key options should be
+ implemented by supplying a custom certificate to the SChannel APIs, see:
+ - Getting a Certificate for Schannel
+   http://msdn.microsoft.com/en-us/library/windows/desktop/aa375447.aspx
+
+15.2 Add support for custom server certificate validation
+
+ WinSSL/SChannel currently makes use of the OS-level system and user
+ certificate trust store. This does not allow the application or user to
+ customize the server certificate validation process using curl or libcurl.
+
+ Therefore support for the existing --cacert or --capath options should be
+ implemented by supplying a custom certificate to the SChannel APIs, see:
+ - Getting a Certificate for Schannel
+   http://msdn.microsoft.com/en-us/library/windows/desktop/aa375447.aspx
+
+15.3 Add support for the --ciphers option
+
+ The cipher suites used by WinSSL/SChannel are configured on an OS-level
+ instead of an application-level. This does not allow the application or
+ the user to customize the configured cipher suites using curl or libcurl.
+
+ Therefore support for the existing --ciphers option should be implemented
+ by mapping the OpenSSL/GnuTLS cipher suites to the SChannel APIs, see
+ - Specifying Schannel Ciphers and Cipher Strengths
+   http://msdn.microsoft.com/en-us/library/windows/desktop/aa380161.aspx
+
+16. SASL
+
+16.1 Other authentication mechanisms
+
+ Add support for other authentication mechanisms such as OLP,
 GSS-SPNEGO and others.
 
-14.2 Add QOP support to GSSAPI authentication
+16.2 Add QOP support to GSSAPI authentication

 Currently the GSSAPI authentication only supports the default QOP of auth
 (Authentication), whilst Kerberos V5 supports both auth-int (Authentication
 with integrity protection) and auth-conf (Authentication with integrity and
 privacy protection).

-15. Client
+17. Client

-15.1 sync
+17.1 sync

 "curl --sync http://example.com/feed[1-100].rss" or
 "curl --sync http://example.net/{index,calendar,history}.html"
@@ -495,12 +563,12 @@ to provide the data to send.
 remote file is newer than the local file. A Last-Modified HTTP date header
 should also be used to set the mod date on the downloaded file.

-15.2 glob posts
+17.2 glob posts

 Globbing support for -d and -F, as in 'curl -d "name=foo[0-9]" URL'.
 This is easily scripted though.

-15.3 prevent file overwriting
+17.3 prevent file overwriting

 Add an option that prevents cURL from overwriting existing local files. When
 used, and there already is an existing file with the target file name
@@ -508,14 +576,14 @@ to provide the data to send.
 existing). So that index.html becomes first index.html.1 and then
 index.html.2 etc.

-15.4 simultaneous parallel transfers
+17.4 simultaneous parallel transfers

 The client could be told to use maximum N simultaneous parallel transfers and
 then just make sure that happens. It should of course not make more than one
 connection to the same remote host. This would require the client to use the
 multi interface. http://curl.haxx.se/bug/feature.cgi?id=1558595

-15.5 provide formpost headers
+17.5 provide formpost headers

 Extending the capabilities of the multipart formposting. How about leaving
 the ';type=foo' syntax as it is and adding an extra tag (headers) which
@@ -529,43 +597,67 @@ to provide the data to send.
 which should overwrite the program reasonable defaults (plain/text,
 8bit...)

-15.6 warning when setting an option
+17.6 warning when setting an option

  Display a warning when libcurl returns an error when setting an option.
  This can be useful to tell when support for a particular feature hasn't been
  compiled into the library.

-16. Build
+17.7 warning when sending binary output to terminal

-16.1 roffit
+  Provide a way that prompts the user for confirmation before binary data is
+  sent to the terminal, much in the style 'less' does it.
+
+17.8 offer color-coded HTTP header output
+
+  By offering different color output on the header name and the header
+  contents, they could be made more readable and thus help users working on
+  HTTP services.
+
+17.9 Choose the name of file in braces for complex URLs
+
+  When using braces to download a list of URLs and you use complicated names
+  in the list of alternatives, it could be handy to allow curl to use other
+  names when saving.
+
+  Consider a way to offer that. Possibly like
+  {partURL1:name1,partURL2:name2,partURL3:name3} where the name following the
+  colon is the output name.
+
+  See https://github.com/bagder/curl/issues/221
+
+
+18. Build
+
+18.1 roffit

 Consider extending 'roffit' to produce decent ASCII output, and use that
 instead of (g)nroff when building src/tool_hugehelp.c

-17. Test suite
+19. Test suite

-17.1 SSL tunnel
+19.1 SSL tunnel

 Make our own version of stunnel for simple port forwarding to enable HTTPS
 and FTP-SSL tests without the stunnel dependency, and it could allow us to
 provide test tools built with either OpenSSL or GnuTLS

-17.2 nicer lacking perl message
+19.2 nicer lacking perl message

 If perl wasn't found by the configure script, don't attempt to run the tests
 but explain something nice why it doesn't.

-17.3 more protocols supported
+19.3 more protocols supported

 Extend the test suite to include more protocols. The telnet could just do FTP
 or http operations (for which we have test servers).

-17.4 more platforms supported
+19.4 more platforms supported

 Make the test suite work on more platforms. OpenBSD and Mac OS. Remove
 fork()s and it should become even more portable.

-17.5 Add support for concurrent connections
+19.5 Add support for concurrent connections

 Tests 836, 882 and 938 were designed to verify that separate connections aren't
 used when using different login credentials in protocols that shouldn't re-use
@@ -579,14 +671,14 @@ to provide the data to send.
 and thus the wait for connections loop is never entered to receive the second
 connection.

-18. Next SONAME bump
+20. Next SONAME bump

-18.1 http-style HEAD output for FTP
+20.1 http-style HEAD output for FTP

 #undef CURL_FTP_HTTPSTYLE_HEAD in lib/ftp.c to remove the HTTP-style headers
 from being output in NOBODY requests over FTP

-18.2 combine error codes
+20.2 combine error codes

 Combine some of the error codes to remove duplicates.  The original
 numbering should not be changed, and the old identifiers would be
@@ -611,29 +703,29 @@ to provide the data to send.

    CURLE_TFTP_PERM => CURLE_REMOTE_ACCESS_DENIED

-18.3 extend CURLOPT_SOCKOPTFUNCTION prototype
+20.3 extend CURLOPT_SOCKOPTFUNCTION prototype

 The current prototype only provides 'purpose' that tells what the
 connection/socket is for, but not any protocol or similar. It makes it hard
 for applications to differentiate on TCP vs UDP and even HTTP vs FTP and
 similar.

-19. Next major release
+21. Next major release

-19.1 cleanup return codes
+21.1 cleanup return codes

 curl_easy_cleanup() returns void, but curl_multi_cleanup() returns a
 CURLMcode. These should be changed to be the same.

-19.2 remove obsolete defines
+21.2 remove obsolete defines

 remove obsolete defines from curl/curl.h

-19.3 size_t
+21.3 size_t

 make several functions use size_t instead of int in their APIs

-19.4 remove several functions
+21.4 remove several functions

 remove the following functions from the public API:

@@ -654,18 +746,18 @@ to provide the data to send.

 curl_multi_socket_all

-19.5 remove CURLOPT_FAILONERROR
+21.5 remove CURLOPT_FAILONERROR

 Remove support for CURLOPT_FAILONERROR, it has gotten too kludgy and weird
 internally. Let the app judge success or not for itself.

-19.6 remove CURLOPT_DNS_USE_GLOBAL_CACHE
+21.6 remove CURLOPT_DNS_USE_GLOBAL_CACHE

 Remove support for a global DNS cache. Anything global is silly, and we
 already offer the share interface for the same functionality but done
 "right".

-19.7 remove progress meter from libcurl
+21.7 remove progress meter from libcurl

 The internally provided progress meter output doesn't belong in the library.
 Basically no application wants it (apart from curl) but instead applications
@@ -675,7 +767,7 @@ to provide the data to send.
 variable types passed to it instead of doubles so that big files work
 correctly.

-19.8 remove 'curl_httppost' from public
+21.8 remove 'curl_httppost' from public

 curl_formadd() was made to fill in a public struct, but the fact that the
 struct is public is never really used by application for their own advantage
@@ -684,7 +776,7 @@ to provide the data to send.
 Changing them to return a private handle will benefit the implementation and
 allow us much greater freedoms while still maintaining a solid API and ABI.

-19.9 have form functions use CURL handle argument
+21.9 have form functions use CURL handle argument

 curl_formadd() and curl_formget() both currently have no CURL handle
 argument, but both can use a callback that is set in the easy handle, and
@@ -692,7 +784,7 @@ to provide the data to send.
 curl_easy_perform() (or similar) called - which is hard to grasp and a design
 mistake.

-19.10 Add CURLOPT_MAIL_CLIENT option
+21.10 Add CURLOPT_MAIL_CLIENT option

 Rather than use the URL to specify the mail client string to present in the
 HELO and EHLO commands, libcurl should support a new CURLOPT specifically for
--- a/docs/TheArtOfHttpScripting
+++ b/docs/TheArtOfHttpScripting
@@ -1,4 +1,3 @@
-Updated: Dec 24, 2013 (http://curl.haxx.se/docs/httpscripting.html)
                                  _   _ ____  _
                              ___| | | |  _ \| |
                             / __| | | | |_) | |
@@ -23,6 +22,8 @@ The Art Of Scripting HTTP Requests Using Curl
 3. Fetch a page
 3.1 GET
 3.2 HEAD
+ 3.3 Multiple URLs in a single command line
+ 3.4 Multiple HTTP methods in a single command line
 4. HTML forms
 4.1 Forms explained
 4.2 GET
@@ -136,7 +137,7 @@ The Art Of Scripting HTTP Requests Using Curl
 The Uniform Resource Locator format is how you specify the address of a
 particular resource on the Internet. You know these, you've seen URLs like
 http://curl.haxx.se or https://yourbank.com a million times. RFC 3986 is the
- canonical spec.
+ canonical spec. And yeah, the formal name is not URL, it is URI.

 2.2 Host

@@ -193,7 +194,6 @@ The Art Of Scripting HTTP Requests Using Curl
 the associated response. The path is what is to the right side of the slash
 that follows the host name and possibly port number.

-
 3. Fetch a page

 3.1 GET
@@ -224,6 +224,46 @@ The Art Of Scripting HTTP Requests Using Curl
 may see a Content-Length: in the response headers, but there must not be an
 actual body in the HEAD response.

+ 3.3 Multiple URLs in a single command line
+
+ A single curl command line may involve one or many URLs. The most common case
+ is probably to just use one, but you can specify any amount of URLs. Yes
+ any. No limits. You'll then get requests repeated over and over for all the
+ given URLs.
+
+ Example, send two GETs:
+
+    curl http://url1.example.com http://url2.example.com
+
+ If you use --data to POST to the URL, using multiple URLs means that you send
+ that same POST to all the given URLs.
+
+ Example, send two POSTs:
+
+    curl --data name=curl http://url1.example.com http://url2.example.com
+
+
+ 3.4 Multiple HTTP methods in a single command line
+
+ Sometimes you need to operate on several URLs in a single command line and do
+ different HTTP methods on each. For this, you'll enjoy the --next option. It
+ is basically a separator that separates a bunch of options from the next. All
+ the URLs before --next will get the same method and will get all the POST
+ data merged into one.
+
+ When curl reaches the --next on the command line, it'll sort of reset the
+ method and the POST data and allow a new set.
+
+ Perhaps this is best shown with a few examples. To send first a HEAD and then
+ a GET:
+
+   curl -I http://example.com --next http://example.com
+
+ To first send a POST and then a GET:
+
+   curl -d score=10 http://example.com/post.cgi --next http://example.com/results.html
+
+
 4. HTML forms

 4.1 Forms explained
@@ -302,6 +342,10 @@ The Art Of Scripting HTTP Requests Using Curl

        curl --data-urlencode "name=I am Daniel" http://www.example.com

+  If you repeat --data several times on the command line, curl will
+  concatenate all the given data pieces - and put a '&' symbol between each
+  data segment.
+
 4.4 File Upload POST

  Back in late 1995 they defined an additional way to post data over HTTP. It
@@ -557,8 +601,10 @@ The Art Of Scripting HTTP Requests Using Curl
 truckload of advanced features to allow all those encryptions and key
 infrastructure mechanisms encrypted HTTP requires.

- Curl supports encrypted fetches thanks to the freely available OpenSSL
- libraries. To get a page from a HTTPS server, simply run curl like:
+ Curl supports encrypted fetches when built to use a TLS library and it can be
+ built to use one out of a fairly large set of libraries - "curl -V" will show
+ which one your curl was built to use (if any!). To get a page from a HTTPS
+ server, simply run curl like:

        curl https://secure.example.com

@@ -584,6 +630,12 @@ The Art Of Scripting HTTP Requests Using Curl

        http://curl.haxx.se/docs/sslcerts.html

+  At times you may end up with your own CA cert store and then you can tell
+  curl to use that to verify the server's certificate:
+
+        curl --cacert ca-bundle.pem https://example.com/
+
+
 11. Custom Request Elements

 11.1 Modify method and headers
@@ -692,7 +744,7 @@ The Art Of Scripting HTTP Requests Using Curl

 14.1 Standards

- RFC 2616 is a must to read if you want in-depth understanding of the HTTP
+ RFC 7230 is a must to read if you want in-depth understanding of the HTTP
 protocol

 RFC 3986 explains the URL syntax
--- a/docs/curl.1
+++ b/docs/curl.1
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -552,6 +552,26 @@ This is currently only implemented in the OpenSSL, GnuTLS and GSKit backends.

 If this option is used several times, the last one will be used.
 (Added in 7.39.0)
+.IP "--cert-status"
+(SSL) Tells curl to verify the status of the server certificate by using the
+Certificate Status Request (aka. OCSP stapling) TLS extension.
+
+If this option is enabled and the server sends an invalid (e.g. expired)
+response, if the response suggests that the server certificate has been revoked,
+or no response at all is received, the verification fails.
+
+This is currently only implemented in the OpenSSL, GnuTLS and NSS backends.
+(Added in 7.41.0)
+.IP "--false-start"
+
+(SSL) Tells curl to use false start during the TLS handshake. False start is a
+mode where a TLS client will start sending application data before verifying
+the server's Finished message, thus saving a round trip when performing a full
+handshake.
+
+This is currently only implemented in the NSS and Secure Transport (on iOS 7.0
+or later, or OS X 10.9 or later) backends.
+(Added in 7.42.0)
 .IP "-f, --fail"
 (HTTP) Fail silently (no output at all) on server errors. This is mostly done
 to better enable scripts etc to better deal with failed attempts. In normal
@@ -733,6 +753,12 @@ Example:

 \&# curl -H "X-First-Name: Joe" http://192.168.0.1/

+\fBWARNING\fP: headers set with this option will be set in all requests - even
+after redirects are followed, like when told with \fB-L, --location\fP. This
+can lead to the header being sent to other hosts than the original host, so
+sensitive headers should be used with caution combined with following
+redirects.
+
 This option can be used multiple times to add/replace/remove multiple headers.
 .IP "--hostpubmd5 <md5>"
 (SCP/SFTP) Pass a string containing 32 hexadecimal digits. The string should
@@ -1209,6 +1235,12 @@ available.
 (SSL/SSH) Passphrase for the private key

 If this option is used several times, the last one will be used.
+.IP "--path-as-is"
+Tell curl to not handle sequences of /../ or /./ in the given URL
+path. Normally curl will squash or merge them according to standards but with
+this option set you tell it not to do that.
+
+(Added in 7.42.0)
 .IP "--post301"
 (HTTP) Tells curl to respect RFC 2616/10.3.2 and not convert POST requests
 into GET requests when following a 301 redirection. The non-RFC behaviour is
@@ -1884,7 +1916,7 @@ password.
 If this option is used several times, the last one will be used.
 .IP "-X, --request <command>"
 (HTTP) Specifies a custom request method to use when communicating with the
-HTTP server.  The specified request will be used instead of the method
+HTTP server.  The specified request method will be used instead of the method
 otherwise used (which defaults to GET). Read the HTTP 1.1 specification for
 details and explanations. Common additional HTTP requests include PUT and
 DELETE, but related technologies like WebDAV offers PROPFIND, COPY, MOVE and
@@ -1898,6 +1930,11 @@ alter the way curl behaves. So for example if you want to make a proper HEAD
 request, using -X HEAD will not suffice. You need to use the \fI-I, --head\fP
 option.

+The method string you set with -X will be used for all requests, which if you
+for example use \fB-L, --location\fP may cause unintended side-effects when
+curl doesn't change request method according to the HTTP 30x response codes -
+and similar.
+
 (FTP)
 Specifies a custom FTP command to use instead of LIST when doing file lists
 with FTP.
--- a/docs/examples/fopen.c
+++ b/docs/examples/fopen.c
@@ -210,9 +210,7 @@ static int use_buffer(URL_FILE *file,int want)
  /* sort out buffer */
  if((file->buffer_pos - want) <=0) {
    /* ditch buffer - write will recreate */
-    if(file->buffer)
-      free(file->buffer);
-
+    free(file->buffer);
    file->buffer=NULL;
    file->buffer_pos=0;
    file->buffer_len=0;
@@ -302,9 +300,7 @@ int url_fclose(URL_FILE *file)
    break;
  }

-  if(file->buffer)
-    free(file->buffer);/* free any allocated buffer space */
-
+  free(file->buffer);/* free any allocated buffer space */
  free(file);

  return ret;
@@ -435,9 +431,7 @@ void url_rewind(URL_FILE *file)
    curl_multi_add_handle(multi_handle, file->handle.curl);

    /* ditch buffer - write will recreate - resets stream pos*/
-    if(file->buffer)
-      free(file->buffer);
-
+    free(file->buffer);
    file->buffer=NULL;
    file->buffer_pos=0;
    file->buffer_len=0;
--- a/docs/examples/getinmemory.c
+++ b/docs/examples/getinmemory.c
@@ -106,8 +106,7 @@ int main(void)
  /* cleanup curl stuff */
  curl_easy_cleanup(curl_handle);

-  if(chunk.memory)
-    free(chunk.memory);
+  free(chunk.memory);

  /* we're done with libcurl, so clean it up */
  curl_global_cleanup();
--- a/docs/examples/postinmemory.c
+++ b/docs/examples/postinmemory.c
@@ -101,8 +101,7 @@ int main(void)
    /* always cleanup */
    curl_easy_cleanup(curl);

-    if(chunk.memory)
-      free(chunk.memory);
+    free(chunk.memory);

    /* we're done with libcurl, so clean it up */
    curl_global_cleanup();
--- a/docs/libcurl/Makefile.am
+++ b/docs/libcurl/Makefile.am
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -40,7 +40,7 @@ man_MANS = curl_easy_cleanup.3 curl_easy_getinfo.3 curl_easy_init.3	 \
 curl_easy_unescape.3 curl_multi_setopt.3 curl_multi_socket.3		 \
 curl_multi_timeout.3 curl_formget.3 curl_multi_assign.3		 \
 curl_easy_pause.3 curl_easy_recv.3 curl_easy_send.3			 \
- curl_multi_socket_action.3 curl_multi_wait.3
+ curl_multi_socket_action.3 curl_multi_wait.3 libcurl-symbols.3

 HTMLPAGES = curl_easy_cleanup.html curl_easy_getinfo.html		\
 curl_easy_init.html curl_easy_perform.html curl_easy_setopt.html	\
@@ -60,7 +60,7 @@ HTMLPAGES = curl_easy_cleanup.html curl_easy_getinfo.html		\
 curl_easy_unescape.html curl_multi_setopt.html curl_multi_socket.html	\
 curl_multi_timeout.html curl_formget.html curl_multi_assign.html	\
 curl_easy_pause.html curl_easy_recv.html curl_easy_send.html		\
- curl_multi_socket_action.html curl_multi_wait.html
+ curl_multi_socket_action.html curl_multi_wait.html libcurl-symbols.html

 PDFPAGES = curl_easy_cleanup.pdf curl_easy_getinfo.pdf			 \
 curl_easy_init.pdf curl_easy_perform.pdf curl_easy_setopt.pdf		 \
@@ -79,19 +79,23 @@ PDFPAGES = curl_easy_cleanup.pdf curl_easy_getinfo.pdf			 \
 curl_easy_escape.pdf curl_easy_unescape.pdf curl_multi_setopt.pdf	 \
 curl_multi_socket.pdf curl_multi_timeout.pdf curl_formget.pdf		 \
 curl_multi_assign.pdf curl_easy_pause.pdf curl_easy_recv.pdf		 \
- curl_easy_send.pdf curl_multi_socket_action.pdf curl_multi_wait.pdf
+ curl_easy_send.pdf curl_multi_socket_action.pdf curl_multi_wait.pdf     \
+ libcurl-symbols.pdf

 m4macrodir = $(datadir)/aclocal
 dist_m4macro_DATA = libcurl.m4

-CLEANFILES = $(HTMLPAGES) $(PDFPAGES)
+CLEANFILES = $(HTMLPAGES) $(PDFPAGES) $(TESTS) libcurl-symbols.3

 EXTRA_DIST = $(man_MANS) $(HTMLPAGES) index.html $(PDFPAGES) ABI \
-  symbols-in-versions symbols.pl
+  symbols-in-versions symbols.pl mksymbolsmanpage.pl
 MAN2HTML= roffit --mandir=. < $< >$@

 SUFFIXES = .3 .html

+libcurl-symbols.3: $(srcdir)/symbols-in-versions $(srcdir)/mksymbolsmanpage.pl
+	perl $(srcdir)/mksymbolsmanpage.pl < $(srcdir)/symbols-in-versions > $@
+
 html: $(HTMLPAGES)
 	cd opts; make html

@@ -107,3 +111,17 @@ pdf: $(PDFPAGES)
 	ps2pdf $$foo.ps $@; \
 	rm $$foo.ps; \
 	echo "converted $< to $@")
+
+# Make sure each option man page is referenced in the main man page
+TESTS = check-easy check-multi
+LOG_COMPILER = $(PERL)
+# The test fails if the log file contains any text
+AM_LOG_FLAGS = -p -e 'die "$$_" if ($$_);'
+
+check-easy: $(srcdir)/curl_easy_setopt.3 $(srcdir)/opts/CURLOPT*.3
+	OPTS="$$(ls $(srcdir)/opts/CURLOPT*.3 | $(SED) -e 's,^.*/,,' -e 's,\.3$$,,')" && \
+	for opt in $$OPTS; do grep "^\.IP $$opt$$" $(srcdir)/curl_easy_setopt.3 >/dev/null || echo Missing $$opt; done > $@
+
+check-multi: $(srcdir)/curl_multi_setopt.3 $(srcdir)/opts/CURLMOPT*.3
+	OPTS="$$(ls $(srcdir)/opts/CURLMOPT*.3 | $(SED) -e 's,^.*/,,' -e 's,\.3$$,,')" && \
+	for opt in $$OPTS; do grep "^\.IP $$opt$$" $(srcdir)/curl_multi_setopt.3 >/dev/null || echo Missing $$opt; done > $@
--- a/docs/libcurl/curl_easy_perform.3
+++ b/docs/libcurl/curl_easy_perform.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -66,7 +66,7 @@ if(curl) {
  curl_easy_setopt(curl, CURLOPT_URL, "http://example.com");
  res = curl_easy_perform(curl);
  curl_easy_cleanup(curl);
-}}
+}
 .fi
 .SH "SEE ALSO"
 .BR curl_easy_init "(3), " curl_easy_setopt "(3), "
--- a/docs/libcurl/curl_easy_recv.3
+++ b/docs/libcurl/curl_easy_recv.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -42,8 +42,9 @@ buffer. The variable \fBn\fP points to will receive the number of received
 bytes.

 To establish the connection, set \fBCURLOPT_CONNECT_ONLY(3)\fP option before
-calling \fIcurl_easy_perform(3)\fP. Note that \fIcurl_easy_recv(3)\fP does not
-work on connections that were created without this option.
+calling \fIcurl_easy_perform(3)\fP or \cIcurl_multi_perform(3)\fP. Note that
+\fIcurl_easy_recv(3)\fP does not work on connections that were created without
+this option.

 You must ensure that the socket has data to read before calling
 \fIcurl_easy_recv(3)\fP, otherwise the call will return \fBCURLE_AGAIN\fP -
--- a/docs/libcurl/curl_easy_send.3
+++ b/docs/libcurl/curl_easy_send.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -40,8 +40,9 @@ connection set-up.
 The variable \fBn\fP points to will receive the number of sent bytes.

 To establish the connection, set \fBCURLOPT_CONNECT_ONLY(3)\fP option before
-calling \fIcurl_easy_perform(3)\fP. Note that \fIcurl_easy_send(3)\fP will not
-work on connections that were created without this option.
+calling \fIcurl_easy_perform(3)\fP or \fIcurl_multi_perform()\fP. Note that
+\fIcurl_easy_send(3)\fP will not work on connections that were created without
+this option.

 You must ensure that the socket is writable before calling
 \fIcurl_easy_send(3)\fP, otherwise the call will return \fBCURLE_AGAIN\fP -
--- a/docs/libcurl/curl_easy_setopt.3
+++ b/docs/libcurl/curl_easy_setopt.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -145,6 +145,8 @@ Fail on HTTP 4xx errors. \fICURLOPT_FAILONERROR(3)\fP
 .SH NETWORK OPTIONS
 .IP CURLOPT_URL
 URL to work on. See \fICURLOPT_URL(3)\fP
+.IP CURLOPT_PATH_AS_IS
+Disable squashing /../ and /./ sequences in the path. See \fICURLOPT_PATH_AS_IS(3)\fP
 .IP CURLOPT_PROTOCOLS
 Allowed protocols. See \fICURLOPT_PROTOCOLS(3)\fP
 .IP CURLOPT_REDIR_PROTOCOLS
@@ -214,6 +216,8 @@ HTTP server authentication methods. See \fICURLOPT_HTTPAUTH(3)\fP
 TLS authentication user name. See \fICURLOPT_TLSAUTH_USERNAME(3)\fP
 .IP CURLOPT_TLSAUTH_PASSWORD
 TLS authentication password. See \fICURLOPT_TLSAUTH_PASSWORD(3)\fP
+.IP CURLOPT_TLSAUTH_TYPE
+TLS authentication methods. See \fICURLOPT_TLSAUTH_TYPE(3)\fP
 .IP CURLOPT_PROXYAUTH
 HTTP proxy authentication methods. See \fICURLOPT_PROXYAUTH(3)\fP
 .IP CURLOPT_SASL_IR
@@ -411,6 +415,8 @@ Bind name resolves to this interface. See \fICURLOPT_DNS_INTERFACE(3)\fP
 Bind name resolves to this IP4 address. See \fICURLOPT_DNS_LOCAL_IP4(3)\fP
 .IP CURLOPT_DNS_LOCAL_IP6
 Bind name resolves to this IP6 address. See \fICURLOPT_DNS_LOCAL_IP6(3)\fP
+.IP CURLOPT_DNS_SERVERS
+Preferred DNS servers. See \fICURLOPT_DNS_SERVERS(3)\fP
 .IP CURLOPT_ACCEPTTIMEOUT_MS
 Timeout for waiting for the server's connect back to be accepted. See \fICURLOPT_ACCEPTTIMEOUT_MS(3)\fP
 .SH SSL and SECURITY OPTIONS
@@ -432,10 +438,16 @@ Enable use of NPN. See \fICURLOPT_SSL_ENABLE_NPN(3)\fP
 Use identifier with SSL engine. See \fICURLOPT_SSLENGINE(3)\fP
 .IP CURLOPT_SSLENGINE_DEFAULT
 Default SSL engine. See \fICURLOPT_SSLENGINE_DEFAULT(3)\fP
+.IP CURLOPT_SSL_FALSESTART
+Enable TLS False Start. See \fICURLOPT_SSL_FALSESTART(3)\fP
 .IP CURLOPT_SSLVERSION
 SSL version to use. See \fICURLOPT_SSLVERSION(3)\fP
+.IP CURLOPT_SSL_VERIFYHOST
+Verify the host name in the SSL certificate. See \fICURLOPT_SSL_VERIFYHOST(3)\fP
 .IP CURLOPT_SSL_VERIFYPEER
 Verify the SSL certificate. See \fICURLOPT_SSL_VERIFYPEER(3)\fP
+.IP CURLOPT_SSL_VERIFYSTATUS
+Verify the SSL certificate's status. See \fICURLOPT_SSL_VERIFYSTATUS(3)\fP
 .IP CURLOPT_CAINFO
 CA cert bundle. See \fICURLOPT_CAINFO(3)\fP
 .IP CURLOPT_ISSUERCERT
@@ -444,8 +456,6 @@ Issuer certificate. See \fICURLOPT_ISSUERCERT(3)\fP
 Path to CA cert bundle. See \fICURLOPT_CAPATH(3)\fP
 .IP CURLOPT_CRLFILE
 Certificate Revocation List. See \fICURLOPT_CRLFILE(3)\fP
-.IP CURLOPT_SSL_VERIFYHOST
-Verify the host name in the SSL certificate. See \fICURLOPT_SSL_VERIFYHOST(3)\fP
 .IP CURLOPT_CERTINFO
 Extract certificate info. See \fICURLOPT_CERTINFO(3)\fP
 .IP CURLOPT_PINNEDPUBLICKEY
--- a/docs/libcurl/curl_multi_setopt.3
+++ b/docs/libcurl/curl_multi_setopt.3
@@ -47,6 +47,8 @@ See \fICURLMOPT_PIPELINING(3)\fP
 See \fICURLMOPT_TIMERFUNCTION(3)\fP
 .IP CURLMOPT_TIMERDATA
 See \fICURLMOPT_TIMERDATA(3)\fP
+.IP CURLMOPT_MAXCONNECTS
+See \fICURLMOPT_MAXCONNECTS(3)\fP
 .IP CURLMOPT_MAX_HOST_CONNECTIONS
 See \fICURLMOPT_MAX_HOST_CONNECTIONS(3)\fP
 .IP CURLMOPT_MAX_PIPELINE_LENGTH
--- a/docs/libcurl/curl_version_info.3
+++ b/docs/libcurl/curl_version_info.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -57,7 +57,7 @@ typedef struct {
  char *ssl_version;        /* human readable string */
  long ssl_version_num;     /* not used, always zero */
  const char *libz_version; /* human readable string */
-  const char **protocols;   /* list of protocols */
+  const char * const *protocols; /* protocols */

  /* when 'age' is 1 or higher, the members below also exist: */
  const char *ares;         /* human readable string */
--- a/docs/libcurl/mksymbolsmanpage.pl
+++ b/docs/libcurl/mksymbolsmanpage.pl
@@ -0,0 +1,93 @@
+#!/usr/bin/perl
+# ***************************************************************************
+# *                                  _   _ ____  _
+# *  Project                     ___| | | |  _ \| |
+# *                             / __| | | | |_) | |
+# *                            | (__| |_| |  _ <| |___
+# *                             \___|\___/|_| \_\_____|
+# *
+# * Copyright (C) 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+# *
+# * This software is licensed as described in the file COPYING, which
+# * you should have received as part of this distribution. The terms
+# * are also available at http://curl.haxx.se/docs/copyright.html.
+# *
+# * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# * copies of the Software, and permit persons to whom the Software is
+# * furnished to do so, under the terms of the COPYING file.
+# *
+# * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# * KIND, either express or implied.
+# *
+# ***************************************************************************
+
+my $version="7.41.0";
+
+use POSIX qw(strftime);
+my $date = strftime "%b %e, %Y", localtime;
+my $year = strftime "%Y", localtime;
+
+print <<HEADER
+.\\" **************************************************************************
+.\\" *                                  _   _ ____  _
+.\\" *  Project                     ___| | | |  _ \\| |
+.\\" *                             / __| | | | |_) | |
+.\\" *                            | (__| |_| |  _ <| |___
+.\\" *                             \\___|\\___/|_| \\_\\_____|
+.\\" *
+.\\" * Copyright (C) 1998 - $year, Daniel Stenberg, <daniel\@haxx.se>, et al.
+.\\" *
+.\\" * This software is licensed as described in the file COPYING, which
+.\\" * you should have received as part of this distribution. The terms
+.\\" * are also available at http://curl.haxx.se/docs/copyright.html.
+.\\" *
+.\\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+.\\" * copies of the Software, and permit persons to whom the Software is
+.\\" * furnished to do so, under the terms of the COPYING file.
+.\\" *
+.\\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+.\\" * KIND, either express or implied.
+.\\" *
+.\\" **************************************************************************
+.TH libcurl-symbols 3 "$date" "libcurl $version" "libcurl symbols"
+.SH NAME
+libcurl-symbols \\- libcurl symbol version information
+.SH "libcurl symbols"
+This man page details version information for public symbols provided in the
+libcurl header files. This lists the first version in which the symbol was
+introduced and for some symbols two additional information pieces:
+
+The first version in which the symbol is marked "deprecated" - meaning that
+since that version no new code should be written to use the symbol as it is
+marked for getting removed in a future.
+
+The last version that featured the specific symbol. Using the symbol in source
+code will make it no longer compile error-free after that specified version.
+
+This man page is automatically generated from the symbols-in-versions file.
+HEADER
+    ;
+
+while(<STDIN>) {
+    if($_ =~ /^(CURL[A-Z0-9_.]*) *(.*)/) {
+        my ($symbol, $rest)=($1,$2);
+        my ($intro, $dep, $rem);
+        if($rest =~ s/^([0-9.]*) *//) {
+           $intro = $1;
+        }
+        if($rest =~ s/^([0-9.]*) *//) {
+           $dep = $1;
+        }
+        if($rest =~ s/^([0-9.]*) *//) {
+           $rem = $1;
+        }
+        print ".IP $symbol\nIntroduced in $intro\n";
+        if($dep) {
+          print "Deprecated since $dep\n";
+        }
+        if($rem) {
+          print "Last used in $dep\n";
+        }
+    }
+
+}
--- a/docs/libcurl/opts/CURLMOPT_PIPELINING_SERVER_BL.3
+++ b/docs/libcurl/opts/CURLMOPT_PIPELINING_SERVER_BL.3
@@ -50,7 +50,7 @@ The default value is NULL, which means that there is no blacklist.
    NULL
  };

-  curl_multi_setopt(m, CURLMOPT_PIPELINE_SERVER_BL, server_blacklist);
+  curl_multi_setopt(m, CURLMOPT_PIPELINING_SERVER_BL, server_blacklist);
 .fi
 .SH AVAILABILITY
 Added in 7.30.0
--- a/docs/libcurl/opts/CURLMOPT_PIPELINING_SITE_BL.3
+++ b/docs/libcurl/opts/CURLMOPT_PIPELINING_SITE_BL.3
@@ -46,7 +46,7 @@ HTTP(S)
    NULL
  };

-  curl_multi_setopt(m, CURLMOPT_PIPELINE_SITE_BL, site_blacklist);
+  curl_multi_setopt(m, CURLMOPT_PIPELINING_SITE_BL, site_blacklist);
 .fi
 .SH AVAILABILITY
 Added in 7.30.0
--- a/docs/libcurl/opts/CURLMOPT_TIMERFUNCTION.3
+++ b/docs/libcurl/opts/CURLMOPT_TIMERFUNCTION.3
@@ -36,14 +36,21 @@ CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_TIMERFUNCTION, timer_callbac
 Pass a pointer to your callback function, which should match the prototype
 shown above.

-This callback function will be called when the timeout value changes. The
-\fBtimeout_ms\fP value is at what latest time the application should call one
-of the \&"performing" functions of the multi interface
-(\fIcurl_multi_socket_action(3)\fP and \fIcurl_multi_perform(3)\fP) - to allow
-libcurl to keep timeouts and retries etc to work. A \fBtimeout_ms\fP value of
-1 means that there is no timeout at all, and 0 means that the timeout is
-already expired. libcurl attempts to limit calling this only when the fixed
-future timeout time actually changes.
+Certain features, such as timeouts and retries, require you to call libcurl
+even when there is no activity on the file descriptors.
+
+Your callback function \fBtimer_callback\fP should install a non-repeating
+timer with an interval of \fBtimeout_ms\fP. Each time that timer fires, call
+either \fIcurl_multi_socket_action(3)\fP or \fIcurl_multi_perform(3)\fP,
+depending on which interface you use.
+
+A \fBtimeout_ms\fP value of -1 means you should delete your timer.
+
+A \fBtimeout_ms\fP value of 0 means you should call
+\fIcurl_multi_socket_action(3)\fP or \fIcurl_multi_perform(3)\fP (once) as soon
+as possible.
+
+\fBtimer_callback\fP will only be called when the \fBtimeout_ms\fP changes.

 The \fBuserp\fP pointer is set with \fICURLMOPT_TIMERDATA(3)\fP.

@@ -54,7 +61,38 @@ NULL
 .SH PROTOCOLS
 All
 .SH EXAMPLE
-TODO
+.nf
+static gboolean timeout_cb(gpointer user_data) {
+    if (user_data) {
+        g_free(user_data);
+        curl_multi_setopt(curl_handle, CURLMOPT_TIMERDATA, NULL);
+    }
+    int running;
+    curl_multi_socket_action(multi, CURL_SOCKET_TIMEOUT, 0, &running);
+    return G_SOURCE_REMOVE;
+}
+
+static int timerfunc(CURLM *multi, long timeout_ms, void *userp) {
+    guint *id = userp;
+
+    if (id)
+        g_source_remove(*id);
+
+    // -1 means we should just delete our timer.
+    if (timeout_ms == -1) {
+        g_free(id);
+        id = NULL;
+    } else {
+        if (!id)
+            id = g_new(guint, 1);
+        *id = g_timeout_add(timeout_ms, timeout_cb, id);
+    }
+    curl_multi_setopt(multi, CURLMOPT_TIMERDATA, id);
+    return 0;
+}
+
+curl_multi_setopt(multi, CURLMOPT_TIMERFUNCTION, timerfunc);
+.fi
 .SH AVAILABILITY
 Added in 7.16.0
 .SH RETURN VALUE
--- a/docs/libcurl/opts/CURLOPT_CAINFO.3
+++ b/docs/libcurl/opts/CURLOPT_CAINFO.3
@@ -47,7 +47,8 @@ All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
 .SH EXAMPLE
 TODO
 .SH AVAILABILITY
-If built TLS enabled
+For SSL engines that don't support certificate files the CURLOPT_CAINFO option
+is ignored. Refer to http://curl.haxx.se/docs/ssl-compared.html
 .SH RETURN VALUE
 Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or
 CURLE_OUT_OF_MEMORY if there was insufficient heap space.
--- a/docs/libcurl/opts/CURLOPT_CAPATH.3
+++ b/docs/libcurl/opts/CURLOPT_CAPATH.3
@@ -43,9 +43,8 @@ All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
 .SH EXAMPLE
 TODO
 .SH AVAILABILITY
-This option is OpenSSL-specific and does nothing if libcurl is built to use
-GnuTLS. NSS-powered libcurl provides the option only for backward
-compatibility.
+This option is supported by the OpenSSL, GnuTLS and PolarSSL backends. The NSS
+backend provides the option only for backward compatibility.
 .SH RETURN VALUE
 Returns CURLE_OK if TLS enabled, and CURLE_UNKNOWN_OPTION if not, or
 CURLE_OUT_OF_MEMORY if there was insufficient heap space.
--- a/docs/libcurl/opts/CURLOPT_CERTINFO.3
+++ b/docs/libcurl/opts/CURLOPT_CERTINFO.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -29,11 +29,10 @@ CURLOPT_CERTINFO \- request SSL certificate information
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_CERTINFO, long certinfo);
 .SH DESCRIPTION
 Pass a long set to 1 to enable libcurl's certificate chain info gatherer. With
-this enabled, libcurl (if built with OpenSSL, NSS or GSKit) will
-extract lots of information and data about the certificates in the certificate
-chain used in the SSL connection. This data may then be retrieved after a
-transfer using \fIcurl_easy_getinfo(3)\fP and its option
-\fICURLINFO_CERTINFO\fP.
+this enabled, libcurl will extract lots of information and data about the
+certificates in the certificate chain used in the SSL connection. This data may
+then be retrieved after a transfer using \fIcurl_easy_getinfo(3)\fP and its
+option \fICURLINFO_CERTINFO\fP.
 .SH DEFAULT
 0
 .SH PROTOCOLS
@@ -41,7 +40,7 @@ All TLS-based
 .SH EXAMPLE
 TODO
 .SH AVAILABILITY
-Added in 7.19.1
+This option is supported by the OpenSSL, GnuTLS, NSS and GSKit backends.
 .SH RETURN VALUE
 Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.
 .SH "SEE ALSO"
--- a/docs/libcurl/opts/CURLOPT_CONNECTTIMEOUT.3
+++ b/docs/libcurl/opts/CURLOPT_CONNECTTIMEOUT.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -41,7 +41,17 @@ In unix-like systems, this might cause signals to be used unless
 .SH PROTOCOLS
 All
 .SH EXAMPLE
-TODO
+.nf
+CURL *curl = curl_easy_init();
+if(curl) {
+  curl_easy_setopt(curl, CURLOPT_URL, "http://example.com");
+
+  /* complete connection within 10 seconds */
+  curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, 10L);
+
+  curl_easy_perform(curl);
+}
+.fi
 .SH AVAILABILITY
 Always
 .SH RETURN VALUE
--- a/docs/libcurl/opts/CURLOPT_CONNECTTIMEOUT_MS.3
+++ b/docs/libcurl/opts/CURLOPT_CONNECTTIMEOUT_MS.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -41,7 +41,17 @@ In unix-like systems, this might cause signals to be used unless
 .SH PROTOCOLS
 All
 .SH EXAMPLE
-TODO
+.nf
+CURL *curl = curl_easy_init();
+if(curl) {
+  curl_easy_setopt(curl, CURLOPT_URL, "http://example.com");
+
+  /* complete connection within 10000 milliseconds */
+  curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, 10000L);
+
+  curl_easy_perform(curl);
+}
+.fi
 .SH AVAILABILITY
 Always
 .SH RETURN VALUE
--- a/docs/libcurl/opts/CURLOPT_COOKIE.3
+++ b/docs/libcurl/opts/CURLOPT_COOKIE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -51,7 +51,16 @@ NULL, no cookies
 .SH PROTOCOLS
 HTTP
 .SH EXAMPLE
-TODO
+.nf
+CURL *curl = curl_easy_init();
+if(curl) {
+  curl_easy_setopt(curl, CURLOPT_URL, "http://example.com");
+
+  curl_easy_setopt(curl, CURLOPT_COOKIE, "tool=curl; fun=yes;");
+
+  curl_easy_perform(curl);
+}
+.fi
 .SH AVAILABILITY
 If HTTP is enabled
 .SH RETURN VALUE
--- a/docs/libcurl/opts/CURLOPT_HEADER.3
+++ b/docs/libcurl/opts/CURLOPT_HEADER.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -38,9 +38,26 @@ about the protocol in use.

 It is often better to use \fICURLOPT_HEADERFUNCTION(3)\fP to get the header
 data separately.
+
+While named confusingly similar, \fICURLOPT_HTTPHEADER(3)\fP is used to set
+custom HTTP headers!
 .SH DEFAULT
 0
+.SH PROTOCOLS
+Most
+.SH EXAMPLE
+.nf
+CURL *curl = curl_easy_init();
+if(curl) {
+  curl_easy_setopt(curl, CURLOPT_URL, "http://example.com");
+
+  curl_easy_setopt(curl, CURLOPT_HEADER, 1L);
+
+  curl_easy_perform(curl);
+}
+.fi
 .SH RETURN VALUE
 Returns CURLE_OK.
 .SH "SEE ALSO"
 .BR CURLOPT_HEADERFUNCTION "(3), "
+.BR CURLOPT_HTTPHEADER "(3), "
--- a/docs/libcurl/opts/CURLOPT_HEADERFUNCTION.3
+++ b/docs/libcurl/opts/CURLOPT_HEADERFUNCTION.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -39,14 +39,14 @@ shown above.
 This function gets called by libcurl as soon as it has received header
 data. The header callback will be called once for each header and only
 complete header lines are passed on to the callback. Parsing headers is very
-easy using this. The size of the data pointed to by \fIptr\fP is \fIsize\fP
+easy using this. The size of the data pointed to by \fIbuffer\fP is \fIsize\fP
 multiplied with \fInmemb\fP. Do not assume that the header line is zero
 terminated! The pointer named \fIuserdata\fP is the one you set with the
 \fICURLOPT_HEADERDATA(3)\fP option. This callback function must return the
 number of bytes actually taken care of. If that amount differs from the amount
 passed in to your function, it'll signal an error to the library. This will
 cause the transfer to get aborted and the libcurl function in progress will
-return \fICURL_WRITE_ERROR\fP.
+return \fICURLE_WRITE_ERROR\fP.

 A complete HTTP header that is passed to this function can be up to
 \fICURL_MAX_HTTP_HEADER\fP (100K) bytes.
@@ -80,7 +80,24 @@ Nothing.
 Used for all protocols with headers or meta-data concept: HTTP, FTP, POP3,
 IMAP, SMTP and more.
 .SH EXAMPLE
-TODO
+.nf
+static size_t header_callback(char *buffer, size_t size,
+                              size_t nitems, void *userdata)
+{
+  /* received header is nitems * size long in 'buffer' NOT ZERO TERMINATED */
+  /* 'userdata' is set with CURLOPT_WRITEDATA */
+  return nitems * size;
+}
+
+CURL *curl = curl_easy_init();
+if(curl) {
+  curl_easy_setopt(curl, CURLOPT_URL, "http://example.com");
+
+  curl_easy_setopt(curl, CURLOPT_HEADERFUNCTION, header_callback);
+
+  curl_easy_perform(curl);
+}
+.fi
 .SH AVAILABILITY
 Always
 .SH RETURN VALUE
--- a/docs/libcurl/opts/CURLOPT_HTTP200ALIASES.3
+++ b/docs/libcurl/opts/CURLOPT_HTTP200ALIASES.3
@@ -32,9 +32,11 @@ CURLcode curl_easy_setopt(CURL *handle, CURLOPT_HTTP200ALIASES,
 .SH DESCRIPTION
 Pass a pointer to a linked list of \fIaliases\fP to be treated as valid HTTP
 200 responses.  Some servers respond with a custom header response line.  For
-example, IceCast servers respond with "ICY 200 OK".  By including this string
-in your list of aliases, the response will be treated as a valid HTTP header
-line such as "HTTP/1.0 200 OK".
+example, SHOUTcast servers respond with "ICY 200 OK". Also some very old
+Icecast 1.3.x servers will respond like that for certain user agent headers or
+in absence of such. By including this string in your list of aliases,
+the response will be treated as a valid HTTP header line such as
+"HTTP/1.0 200 OK".

 The linked list should be a fully valid list of struct curl_slist structs, and
 be properly filled in.  Use \fIcurl_slist_append(3)\fP to create the list and
--- a/docs/libcurl/opts/CURLOPT_HTTPHEADER.3
+++ b/docs/libcurl/opts/CURLOPT_HTTPHEADER.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -63,21 +63,48 @@ Pass a NULL to this option to reset back to no custom headers.

 The most commonly replaced headers have "shortcuts" in the options
 \fICURLOPT_COOKIE(3)\fP, \fICURLOPT_USERAGENT(3)\fP and
-\fICURLOPT_REFERER(3)\fP.
+\fICURLOPT_REFERER(3)\fP. We recommend using those.

 There's an alternative option that sets or replaces headers only for requests
 that are sent with CONNECT to a proxy: \fICURLOPT_PROXYHEADER(3)\fP. Use
 \fICURLOPT_HEADEROPT(3)\fP to control the behavior.
+.SH SECURITY CONCERNS
+By default, this option makes libcurl send the given headers in all HTTP
+requests done by this handle. You should therefore use this option with
+caution if you for example connect to the remote site using a proxy and a
+CONNECT request, you should to consider if that proxy is supposed to also get
+the headers. They may be private or otherwise sensitive to leak.
+
+Use \fICURLOPT_HEADEROPT(3)\fP to make the headers only get sent to where you
+intend them to get sent.
 .SH DEFAULT
 NULL
 .SH PROTOCOLS
 HTTP
 .SH EXAMPLE
-TODO
+.nf
+CURL *curl = curl_easy_init();
+
+struct curl_slist *list = NULL;
+
+if(curl) {
+  curl_easy_setopt(curl, CURLOPT_URL, "http://example.com");
+
+  list = curl_slist_append(list, "Shoesize: 10");
+  list = curl_slist_append(list, "Accept:");
+
+  curl_easy_setopt(curl, CURLOPT_HTTPHEADER, list);
+
+  curl_easy_perform(curl);
+
+  curl_slist_free_all(list); /* free the list again */
+}
+.fi
+
 .SH AVAILABILITY
 As long as HTTP is enabled
 .SH RETURN VALUE
 Returns CURLE_OK if HTTP is supported, and CURLE_UNKNOWN_OPTION if not.
 .SH "SEE ALSO"
 .BR CURLOPT_CUSTOMREQUEST "(3), " CURLOPT_HEADEROPT "(3), "
-.BR CURLOPT_PROXYHEADER "(3)"
+.BR CURLOPT_PROXYHEADER "(3), " CURLOPT_HEADER "(3)"
--- a/docs/libcurl/opts/CURLOPT_HTTP_VERSION.3
+++ b/docs/libcurl/opts/CURLOPT_HTTP_VERSION.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -41,8 +41,8 @@ Enforce HTTP 1.0 requests.
 .IP CURL_HTTP_VERSION_1_1
 Enforce HTTP 1.1 requests.
 .IP CURL_HTTP_VERSION_2_0
-Attempt HTTP 2.0 requests. libcurl will fall back to HTTP 1.x if HTTP 2.0
-can't be negotiated with the server.
+Attempt HTTP 2 requests. libcurl will fall back to HTTP 1.x if HTTP 2 can't be
+negotiated with the server. (Added in 7.33.0)
 .SH DEFAULT
 CURL_HTTP_VERSION_NONE
 .SH PROTOCOLS
--- a/docs/libcurl/opts/CURLOPT_IGNORE_CONTENT_LENGTH.3
+++ b/docs/libcurl/opts/CURLOPT_IGNORE_CONTENT_LENGTH.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -42,7 +42,17 @@ Only use this option if strictly necessary.
 .SH PROTOCOLS
 HTTP
 .SH EXAMPLE
-TODO
+.nf
+CURL *curl = curl_easy_init();
+if(curl) {
+  curl_easy_setopt(curl, CURLOPT_URL, "http://example.com");
+
+  /* we know the server is silly, ignore content-length */
+  curl_easy_setopt(curl, CURLOPT_IGNORE_CONTENT_LENGTH, 1L);
+
+  curl_easy_perform(curl);
+}
+.fi
 .SH AVAILABILITY
 Added in 7.14.1
 .SH RETURN VALUE
--- a/docs/libcurl/opts/CURLOPT_INFILESIZE.3
+++ b/docs/libcurl/opts/CURLOPT_INFILESIZE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -49,7 +49,20 @@ Unset
 .SH PROTOCOLS
 Many
 .SH EXAMPLE
-TODO
+.nf
+CURL *curl = curl_easy_init();
+if(curl) {
+  long uploadsize = FILE_SIZE;
+
+  curl_easy_setopt(curl, CURLOPT_URL, "ftp://example.com/destination.tar.gz");
+
+  curl_easy_setopt(curl, CURLOPT_UPLOAD, 1L);
+
+  curl_easy_setopt(curl, CURLOPT_INFILESIZE, uploadsize);
+
+  curl_easy_perform(curl);
+}
+.fi
 .SH AVAILABILITY
 SMTP support added in 7.23.0
 .SH RETURN VALUE
--- a/docs/libcurl/opts/CURLOPT_INFILESIZE_LARGE.3
+++ b/docs/libcurl/opts/CURLOPT_INFILESIZE_LARGE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -50,7 +50,20 @@ Unset
 .SH PROTOCOLS
 Many
 .SH EXAMPLE
-TODO
+.nf
+CURL *curl = curl_easy_init();
+if(curl) {
+  curl_off_t uploadsize = FILE_SIZE;
+
+  curl_easy_setopt(curl, CURLOPT_URL, "ftp://example.com/destination.tar.gz");
+
+  curl_easy_setopt(curl, CURLOPT_UPLOAD, 1L);
+
+  curl_easy_setopt(curl, CURLOPT_INFILESIZE_LARGE, uploadsize);
+
+  curl_easy_perform(curl);
+}
+.fi
 .SH AVAILABILITY
 SMTP support added in 7.23.0
 .SH RETURN VALUE
--- a/docs/libcurl/opts/CURLOPT_PATH_AS_IS.3
+++ b/docs/libcurl/opts/CURLOPT_PATH_AS_IS.3
@@ -0,0 +1,63 @@
+.\" **************************************************************************
+.\" *                                  _   _ ____  _
+.\" *  Project                     ___| | | |  _ \| |
+.\" *                             / __| | | | |_) | |
+.\" *                            | (__| |_| |  _ <| |___
+.\" *                             \___|\___/|_| \_\_____|
+.\" *
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" *
+.\" * This software is licensed as described in the file COPYING, which
+.\" * you should have received as part of this distribution. The terms
+.\" * are also available at http://curl.haxx.se/docs/copyright.html.
+.\" *
+.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+.\" * copies of the Software, and permit persons to whom the Software is
+.\" * furnished to do so, under the terms of the COPYING file.
+.\" *
+.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+.\" * KIND, either express or implied.
+.\" *
+.\" **************************************************************************
+.\"
+.TH CURLOPT_PATH_AS_IS 3 "17 Jun 2014" "libcurl 7.42.0" "curl_easy_setopt options"
+.SH NAME
+CURLOPT_PATH_AS_IS \- do not handle dot dot sequences
+.SH SYNOPSIS
+#include <curl/curl.h>
+
+CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PATH_AS_IS, long leaveit);
+.SH DESCRIPTION
+By setting the long \fIleavit\fP to 1, to explicitly tell libcurl to not alter
+the given path before passing it on to the server.
+
+This tells libcurl to NOT squash sequences of "/../" or "/./" that may exist
+in the URL's path part and that is supposed to be removed according to RFC
+3986 section 5.2.4.
+
+Some server implementations are known to (erroneously) require the dot dot
+sequences to remain in the path and some clients want to pass these on in
+order to try out server implementations.
+
+By default libcurl will merge such sequences before using the path.
+.SH DEFAULT
+0
+.SH PROTOCOLS
+All 
+.SH EXAMPLE
+.nf
+CURL *curl = curl_easy_init();
+if(curl) {
+  curl_easy_setopt(curl, CURLOPT_URL, "http://example.com/../../etc/password");
+
+  curl_easy_setopt(curl, CURLOPT_PATH_AS_IS, 1L);
+
+  curl_easy_perform(curl);
+}
+.fi
+.SH AVAILABILITY
+Aded in 7.42.0
+.SH RETURN VALUE
+Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.
+.SH "SEE ALSO"
+.BR CURLOPT_STDERR "(3), " CURLOPT_DEBUGFUNCTION "(3), "
--- a/docs/libcurl/opts/CURLOPT_PRIVATE.3
+++ b/docs/libcurl/opts/CURLOPT_PRIVATE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -37,7 +37,22 @@ NULL
 .SH PROTOCOLS
 All
 .SH EXAMPLE
-TODO
+.nf
+CURL *curl = curl_easy_init();
+struct private secrets;
+if(curl) {
+  struct private *extracted;
+  curl_easy_setopt(curl, CURLOPT_URL, "http://example.com");
+
+  /* store a pointer to our private struct */
+  curl_easy_setopt(curl, CURLOPT_PRIVATE, &secrets);
+
+  curl_easy_perform(curl);
+
+  /* we can extract the private pointer again too */
+  curl_easy_getinfo(curl, CURLINFO_PRIVATE, &extracted);
+}
+.fi
 .SH AVAILABILITY
 Added in 7.10.3
 .SH RETURN VALUE
--- a/docs/libcurl/opts/CURLOPT_READDATA.3
+++ b/docs/libcurl/opts/CURLOPT_READDATA.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -42,7 +42,19 @@ By default, this is a FILE * to stdin.
 .SH PROTOCOLS
 This is used for all protocols when sending data.
 .SH EXAMPLE
-TODO
+.nf
+CURL *curl = curl_easy_init();
+struct MyData this;
+if(curl) {
+  curl_easy_setopt(curl, CURLOPT_URL, "http://example.com");
+
+  /* pass pointer that gets passed in to the
+     CURLOPT_READFUNCTION callback */
+  curl_easy_setopt(curl, CURLOPT_READDATA, &this);
+
+  curl_easy_perform(curl);
+}
+.fi
 .SH AVAILABILITY
 This option was once known by the older name \fICURLOPT_INFILE\fP, the name
 \fICURLOPT_READDATA\fP was introduced in 7.9.7.
--- a/docs/libcurl/opts/CURLOPT_READFUNCTION.3
+++ b/docs/libcurl/opts/CURLOPT_READFUNCTION.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -34,9 +34,10 @@ CURLcode curl_easy_setopt(CURL *handle, CURLOPT_READFUNCTION, read_callback);
 Pass a pointer to your callback function, as the prototype shows above.

 This callback function gets called by libcurl as soon as it needs to read data
-in order to send it to the peer. The data area pointed at by the pointer
-\fIbuffer\fP should be filled up with at most \fIsize\fP multiplied with
-\fInmemb\fP number of bytes by your function.
+in order to send it to the peer - like if you ask it to upload or post data to
+the server. The data area pointed at by the pointer \fIbuffer\fP should be
+filled up with at most \fIsize\fP multiplied with \fInmemb\fP number of bytes
+by your function.

 Your function must then return the actual number of bytes that it stored in
 that memory area. Returning 0 will signal end-of-file to the library and cause
@@ -75,4 +76,4 @@ was added in 7.12.1.
 This will return CURLE_OK.
 .SH "SEE ALSO"
 .BR CURLOPT_READDATA "(3), " CURLOPT_WRITEFUNCTION "(3), "
-.BR CURLOPT_SEEKFUNCTION "(3), "
+.BR CURLOPT_SEEKFUNCTION "(3), " CURLOPT_UPLOAD "(3), " CURLOPT_POST "(3), "
--- a/docs/libcurl/opts/CURLOPT_REFERER.3
+++ b/docs/libcurl/opts/CURLOPT_REFERER.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -37,7 +37,17 @@ NULL
 .SH PROTOCOLS
 HTTP
 .SH EXAMPLE
-TODO
+.nf
+CURL *curl = curl_easy_init();
+if(curl) {
+  curl_easy_setopt(curl, CURLOPT_URL, "http://example.com");
+
+  /* tell it where we found the link to this place */
+  curl_easy_setopt(curl, CURLOPT_REFERER, "http://example.com/aboutme.html");
+
+  curl_easy_perform(curl);
+}
+.fi
 .SH AVAILABILITY
 If built with HTTP support
 .SH RETURN VALUE
--- a/docs/libcurl/opts/CURLOPT_SEEKFUNCTION.3
+++ b/docs/libcurl/opts/CURLOPT_SEEKFUNCTION.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -43,10 +43,13 @@ shown above.
 This function gets called by libcurl to seek to a certain position in the
 input stream and can be used to fast forward a file in a resumed upload
 (instead of reading all uploaded bytes with the normal read
-function/callback). It is also called to rewind a stream when doing a HTTP PUT
-or POST with a multi-pass authentication method. The function shall work like
-fseek(3) or lseek(3) and it gets SEEK_SET, SEEK_CUR or SEEK_END as argument
-for \fIorigin\fP, although libcurl currently only passes SEEK_SET.
+function/callback). It is also called to rewind a stream when data has already
+been sent to the server and needs to be sent again. This may happen when doing
+a HTTP PUT or POST with a multi-pass authentication method, or when an
+existing HTTP connection is reused too late and the server closes the
+connection. The function shall work like fseek(3) or lseek(3) and it gets
+SEEK_SET, SEEK_CUR or SEEK_END as argument for \fIorigin\fP, although libcurl
+currently only passes SEEK_SET.

 \fIuserp\fP is the pointer you set with \fICURLOPT_SEEKDATA(3)\fP.

--- a/docs/libcurl/opts/CURLOPT_SSL_CTX_DATA.3
+++ b/docs/libcurl/opts/CURLOPT_SSL_CTX_DATA.3
@@ -38,7 +38,8 @@ All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
 .SH EXAMPLE
 TODO
 .SH AVAILABILITY
-Added in 7.11.0. Only used with the OpenSSL backend.
+Added in 7.11.0 for OpenSSL. Added in 7.42.0 for wolfSSL/CyaSSL. Other SSL
+backends not supported.
 .SH RETURN VALUE
 Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.
 .SH "SEE ALSO"
--- a/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3
+++ b/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3
@@ -22,7 +22,7 @@
 .\"
 .TH CURLOPT_SSL_CTX_FUNCTION 3 "19 Jun 2014" "libcurl 7.37.0" "curl_easy_setopt options"
 .SH NAME
-CURLOPT_SSL_CTX_FUNCTION \- openssl specific callback to do SSL magic
+CURLOPT_SSL_CTX_FUNCTION \- SSL context callback for OpenSSL or wolfSSL/CyaSSL
 .SH SYNOPSIS
 .nf
 #include <curl/curl.h>
@@ -32,28 +32,28 @@ CURLcode ssl_ctx_callback(CURL *curl, void *ssl_ctx, void *userptr);
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_CTX_FUNCTION,
                          ssl_ctx_callback);
 .SH DESCRIPTION
-This option only works for libcurl powered by OpenSSL. If libcurl was built
-against another SSL library, this functionality is absent.
+This option only works for libcurl powered by OpenSSL or wolfSSL/CyaSSL. If
+libcurl was built against another SSL library this functionality is absent.

 Pass a pointer to your callback function, which should match the prototype
 shown above.

 This callback function gets called by libcurl just before the initialization
-of a SSL connection after having processed all other SSL related options to
-give a last chance to an application to modify the behaviour of openssl's ssl
-initialization. The \fIsslctx\fP parameter is actually a pointer to an openssl
-\fISSL_CTX\fP. If an error is returned from the callback, no attempt to
-establish a connection is made and the perform operation will return the error
-code.  Set the \fIuserptr\fP argument with the \fICURLOPT_SSL_CTX_DATA(3)\fP
-option.
+of an SSL connection after having processed all other SSL related options to
+give a last chance to an application to modify the behaviour of the SSL
+initialization. The \fIssl_ctx\fP parameter is actually a pointer to the SSL
+library's \fISSL_CTX\fP. If an error is returned from the callback no attempt
+to establish a connection is made and the perform operation will return the
+callback's error code. Set the \fIuserptr\fP argument with the
+\fICURLOPT_SSL_CTX_DATA(3)\fP option.

 This function will get called on all new connections made to a server, during
 the SSL negotiation. The SSL_CTX pointer will be a new one every time.

-To use this properly, a non-trivial amount of knowledge of the openssl
-libraries is necessary. For example, using this function allows you to use
-openssl callbacks to add additional validation code for certificates, and even
-to change the actual URI of a HTTPS request (example used in the lib509 test
+To use this properly, a non-trivial amount of knowledge of your SSL library
+is necessary. For example, you can use this function to call library-specific
+callbacks to add additional validation code for certificates, and even to
+change the actual URI of a HTTPS request (example used in the lib509 test
 case).  See also the example section for a replacement of the key, certificate
 and trust file settings.
 .SH DEFAULT
@@ -63,7 +63,8 @@ All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
 .SH EXAMPLE
 TODO
 .SH AVAILABILITY
-Added in 7.11.0. Only supported when built with OpenSSL.
+Added in 7.11.0 for OpenSSL. Added in 7.42.0 for wolfSSL/CyaSSL. Other SSL
+backends not supported.
 .SH RETURN VALUE
 Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.
 .SH "SEE ALSO"
--- a/docs/libcurl/opts/CURLOPT_SSL_FALSESTART.3
+++ b/docs/libcurl/opts/CURLOPT_SSL_FALSESTART.3
@@ -0,0 +1,48 @@
+.\" **************************************************************************
+.\" *                                  _   _ ____  _
+.\" *  Project                     ___| | | |  _ \| |
+.\" *                             / __| | | | |_) | |
+.\" *                            | (__| |_| |  _ <| |___
+.\" *                             \___|\___/|_| \_\_____|
+.\" *
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" *
+.\" * This software is licensed as described in the file COPYING, which
+.\" * you should have received as part of this distribution. The terms
+.\" * are also available at http://curl.haxx.se/docs/copyright.html.
+.\" *
+.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+.\" * copies of the Software, and permit persons to whom the Software is
+.\" * furnished to do so, under the terms of the COPYING file.
+.\" *
+.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+.\" * KIND, either express or implied.
+.\" *
+.\" **************************************************************************
+.\"
+.TH CURLOPT_SSL_FALSESTART 3 "14 Feb 2015" "libcurl 7.41.0" "curl_easy_setopt options"
+.SH NAME
+CURLOPT_SSL_FALSESTART \- enable TLS false start
+.SH SYNOPSIS
+#include <curl/curl.h>
+
+CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_FALSESTART, long enable);
+.SH DESCRIPTION
+Pass a long as parameter set to 1 to enable or 0 to disable.
+
+This option determines whether libcurl should use false start during the TLS
+handshake. False start is a mode where a TLS client will start sending
+application data before verifying the server's Finished message, thus saving a
+round trip when performing a full handshake.
+.SH DEFAULT
+0
+.SH PROTOCOLS
+All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
+.SH EXAMPLE
+TODO
+.SH AVAILABILITY
+Added in 7.42.0. This option is currently only supported by the NSS and
+Secure Transport (on iOS 7.0 or later, or OS X 10.9 or later) TLS backends.
+.SH RETURN VALUE
+Returns CURLE_OK if false start is supported by the SSL backend, otherwise
+returns CURLE_NOT_BUILT_IN.
--- a/docs/libcurl/opts/CURLOPT_SSL_VERIFYHOST.3
+++ b/docs/libcurl/opts/CURLOPT_SSL_VERIFYHOST.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -66,7 +66,17 @@ also set to zero and cannot be overridden.
 .SH PROTOCOLS
 All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
 .SH EXAMPLE
-TODO
+.nf
+CURL *curl = curl_easy_init();
+if(curl) {
+  curl_easy_setopt(curl, CURLOPT_URL, "https://example.com");
+
+  /* Set the default value: strict name check please */
+  curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2L);
+
+  curl_easy_perform(curl);
+}
+.fi
 .SH AVAILABILITY
 If built TLS enabled.
 .SH RETURN VALUE
--- a/docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.3
+++ b/docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -62,7 +62,17 @@ By default, curl assumes a value of 1.
 .SH PROTOCOLS
 All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
 .SH EXAMPLE
-TODO
+.nf
+CURL *curl = curl_easy_init();
+if(curl) {
+  curl_easy_setopt(curl, CURLOPT_URL, "https://example.com");
+
+  /* Set the default value: strict certificate check please */
+  curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1L);
+
+  curl_easy_perform(curl);
+}
+.fi
 .SH AVAILABILITY
 If built TLS enabled.
 .SH RETURN VALUE
--- a/docs/libcurl/opts/CURLOPT_SSL_VERIFYSTATUS.3
+++ b/docs/libcurl/opts/CURLOPT_SSL_VERIFYSTATUS.3
@@ -0,0 +1,53 @@
+.\" **************************************************************************
+.\" *                                  _   _ ____  _
+.\" *  Project                     ___| | | |  _ \| |
+.\" *                             / __| | | | |_) | |
+.\" *                            | (__| |_| |  _ <| |___
+.\" *                             \___|\___/|_| \_\_____|
+.\" *
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" *
+.\" * This software is licensed as described in the file COPYING, which
+.\" * you should have received as part of this distribution. The terms
+.\" * are also available at http://curl.haxx.se/docs/copyright.html.
+.\" *
+.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+.\" * copies of the Software, and permit persons to whom the Software is
+.\" * furnished to do so, under the terms of the COPYING file.
+.\" *
+.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+.\" * KIND, either express or implied.
+.\" *
+.\" **************************************************************************
+.\"
+.TH CURLOPT_SSL_VERIFYSTATUS 3 "04 Dec 2014" "libcurl 7.40.0" "curl_easy_setopt options"
+.SH NAME
+CURLOPT_SSL_VERIFYSTATUS \- verify the certificate's status
+.SH SYNOPSIS
+#include <curl/curl.h>
+
+CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_VERIFYSTATUS, long verify);
+.SH DESCRIPTION
+Pass a long as parameter set to 1 to enable or 0 to disable.
+
+This option determines whether libcurl verifies the status of the server cert
+using the "Certificate Status Request" TLS extension (aka. OCSP stapling).
+
+Note that if this option is enabled but the server does not support the TLS
+extension, the verification will fail.
+.SH DEFAULT
+0
+.SH PROTOCOLS
+All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
+.SH EXAMPLE
+TODO
+.SH AVAILABILITY
+Added in 7.41.0. This option is currently only supported by the OpenSSL, GnuTLS
+and NSS TLS backends.
+.SH RETURN VALUE
+Returns CURLE_OK if OCSP stapling is supported by the SSL backend, otherwise
+returns CURLE_NOT_BUILT_IN.
+.SH "SEE ALSO"
+.BR CURLOPT_SSL_VERIFYHOST "(3), "
+.BR CURLOPT_SSL_VERIFYPEER "(3), "
+.BR CURLOPT_CAINFO "(3), "
--- a/docs/libcurl/opts/CURLOPT_STDERR.3
+++ b/docs/libcurl/opts/CURLOPT_STDERR.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -36,7 +36,16 @@ stderr
 .SH PROTOCOLS
 All
 .SH EXAMPLE
-TODO
+.nf
+CURL *curl = curl_easy_init();
+FILE *filep = fopen("dump", "wb");
+if(curl) {
+  curl_easy_setopt(curl, CURLOPT_URL, "http://example.com");
+  curl_easy_setopt(curl, CURLOPT_STDERR, filep);
+
+  curl_easy_perform(curl);
+}
+.fi
 .SH AVAILABILITY
 Always
 .SH RETURN VALUE
--- a/docs/libcurl/opts/CURLOPT_TCP_KEEPALIVE.3
+++ b/docs/libcurl/opts/CURLOPT_TCP_KEEPALIVE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -38,7 +38,23 @@ disable keepalive probes
 .SH PROTOCOLS
 All
 .SH EXAMPLE
-TODO
+.nf
+CURL *curl = curl_easy_init();
+if(curl) {
+  curl_easy_setopt(curl, CURLOPT_URL, "http://example.com");
+
+  /* enable TCP keep-alive for this transfer */
+  curl_easy_setopt(curl, CURLOPT_TCP_KEEPALIVE, 1L);
+
+  /* keep-alive idle time to 120 seconds */
+  curl_easy_setopt(curl, CURLOPT_TCP_KEEPIDLE, 120L);
+
+  /* interval time between keep-alive probes: 60 seconds */
+  curl_easy_setopt(curl, CURLOPT_TCP_KEEPIDLE, 60L);
+
+  curl_easy_perform(curl);
+}
+.fi
 .SH AVAILABILITY
 Added in 7.25.0
 .SH RETURN VALUE
--- a/docs/libcurl/opts/CURLOPT_TCP_KEEPIDLE.3
+++ b/docs/libcurl/opts/CURLOPT_TCP_KEEPIDLE.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -36,7 +36,23 @@ operating systems support this option.
 .SH PROTOCOLS
 All
 .SH EXAMPLE
-TODO
+.nf
+CURL *curl = curl_easy_init();
+if(curl) {
+  curl_easy_setopt(curl, CURLOPT_URL, "http://example.com");
+
+  /* enable TCP keep-alive for this transfer */
+  curl_easy_setopt(curl, CURLOPT_TCP_KEEPALIVE, 1L);
+
+  /* set keep-alive idle time to 120 seconds */
+  curl_easy_setopt(curl, CURLOPT_TCP_KEEPIDLE, 120L);
+
+  /* interval time between keep-alive probes: 60 seconds */
+  curl_easy_setopt(curl, CURLOPT_TCP_KEEPIDLE, 60L);
+
+  curl_easy_perform(curl);
+}
+.fi
 .SH AVAILABILITY
 Added in 7.25.0
 .SH RETURN VALUE
--- a/docs/libcurl/opts/CURLOPT_TCP_KEEPINTVL.3
+++ b/docs/libcurl/opts/CURLOPT_TCP_KEEPINTVL.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -34,7 +34,23 @@ option. (Added in 7.25.0)
 .SH DEFAULT
 .SH PROTOCOLS
 .SH EXAMPLE
-TODO
+.nf
+CURL *curl = curl_easy_init();
+if(curl) {
+  curl_easy_setopt(curl, CURLOPT_URL, "http://example.com");
+
+  /* enable TCP keep-alive for this transfer */
+  curl_easy_setopt(curl, CURLOPT_TCP_KEEPALIVE, 1L);
+
+  /* keep-alive idle time to 120 seconds */
+  curl_easy_setopt(curl, CURLOPT_TCP_KEEPIDLE, 120L);
+
+  /* interval time between keep-alive probes: 60 seconds */
+  curl_easy_setopt(curl, CURLOPT_TCP_KEEPIDLE, 60L);
+
+  curl_easy_perform(curl);
+}
+.fi
 .SH AVAILABILITY
 Always
 .SH RETURN VALUE
--- a/docs/libcurl/opts/CURLOPT_TIMEOUT.3
+++ b/docs/libcurl/opts/CURLOPT_TIMEOUT.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -50,7 +50,17 @@ Default timeout is 0 (zero) which means it never times out during transfer.
 .SH PROTOCOLS
 All
 .SH EXAMPLE
-TODO
+.nf
+CURL *curl = curl_easy_init();
+if(curl) {
+  curl_easy_setopt(curl, CURLOPT_URL, "http://example.com");
+
+  /* complete within 20 seconds */
+  curl_easy_setopt(curl, CURLOPT_TIMEOUT, 20L);
+
+  curl_easy_perform(curl);
+}
+.fi
 .SH AVAILABILITY
 Always
 .SH RETURN VALUE
--- a/docs/libcurl/opts/CURLOPT_TIMEOUT_MS.3
+++ b/docs/libcurl/opts/CURLOPT_TIMEOUT_MS.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -54,7 +54,17 @@ Default timeout is 0 (zero) which means it never times out during transfer.
 .SH PROTOCOLS
 All
 .SH EXAMPLE
-TODO
+.nf
+CURL *curl = curl_easy_init();
+if(curl) {
+  curl_easy_setopt(curl, CURLOPT_URL, "http://example.com");
+
+  /* complete within 20000 milliseconds */
+  curl_easy_setopt(curl, CURLOPT_TIMEOUT_MS, 20000L);
+
+  curl_easy_perform(curl);
+}
+.fi
 .SH AVAILABILITY
 Always
 .SH RETURN VALUE
--- a/docs/libcurl/opts/CURLOPT_URL.3
+++ b/docs/libcurl/opts/CURLOPT_URL.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -284,6 +284,29 @@ escape it by providing it as backslash and its ASCII value in hexadecimal:
 .SH DEFAULT
 There is no default URL. If this option isn't set, no transfer can be
 performed.
+.SH SECURITY CONCERNS
+Applications may at times find it convenient to allow users to specify URLs
+for various purposes and that string would then end up fed to this option.
+
+Getting a URL from an external untrusted party will bring reasons for several
+security concerns:
+
+If you have an application that runs as or in a server application, getting an
+unfiltered URL can easily trick your application to access a local resource
+instead of a remote. Protecting yourself against localhost accesses is very
+hard when accepting user provided URLs.
+
+Such custom URLs can also access other ports than you planned as port numbers
+are part of the regular URL format. The combination of a local host and a
+custom port number can allow external users to play tricks with your local
+services.
+
+Accepting external URLs may also use other protocols than http:// or other
+common ones. Restrict what accept with \fICURLOPT_PROTOCOLS(3)\fP.
+
+User provided URLs can also be made to point to sites that redirect further on
+(possibly to other protocols too). Consider your
+\fICURLOPT_FOLLOWLOCATION(3)\fP and \fICURLOPT_REDIR_PROTOCOLS(3)\fP settings.
 .SH PROTOCOLS
 All
 .SH EXAMPLE
--- a/docs/libcurl/opts/CURLOPT_USERAGENT.3
+++ b/docs/libcurl/opts/CURLOPT_USERAGENT.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -37,7 +37,16 @@ NULL, no User-Agent: header is used by default.
 .SH PROTOCOLS
 HTTP, HTTPS
 .SH EXAMPLE
-TODO
+.nf
+CURL *curl = curl_easy_init();
+if(curl) {
+  curl_easy_setopt(curl, CURLOPT_URL, "http://example.com");
+
+  curl_easy_setopt(curl, CURLOPT_USERAGENT, "Dark Secret Ninja/1.0");
+
+  curl_easy_perform(curl);
+}
+.fi
 .SH AVAILABILITY
 As long as HTTP is supported
 .SH RETURN VALUE
--- a/docs/libcurl/opts/CURLOPT_WRITEDATA.3
+++ b/docs/libcurl/opts/CURLOPT_WRITEDATA.3
@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -46,12 +46,14 @@ By default, this is a FILE * to stdout.
 Used for all protocols.
 .SH EXAMPLE
 A common technique is to use the write callback to store the incoming data
-into a dynamically growing allocated buffer, and then this CURLOPT_WRITEDATA
-is used to point to a struct or the buffer to store data in. Like in the
-getinmemory example: http://curl.haxx.se/libcurl/c/getinmemory.html
+into a dynamically growing allocated buffer, and then this
+\fICURLOPT_WRITEDATA(3)\fP is used to point to a struct or the buffer to store
+data in. Like in the getinmemory example:
+http://curl.haxx.se/libcurl/c/getinmemory.html
 .SH AVAILABILITY
 Available in all libcurl versions. This option was formerly known as
-\fICURLOPT_FILE\fP, the name \fICURLOPT_WRITEDATA\fP was introduced in 7.9.7.
+\fICURLOPT_FILE\fP, the name \fICURLOPT_WRITEDATA(3)\fP was introduced in
+7.9.7.
 .SH RETURN VALUE
 This will return CURLE_OK.
 .SH "SEE ALSO"
--- a/docs/libcurl/opts/Makefile.am
+++ b/docs/libcurl/opts/Makefile.am
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -90,17 +90,18 @@ man_MANS = CURLOPT_ACCEPT_ENCODING.3 CURLOPT_ACCEPTTIMEOUT_MS.3		\
 CURLOPT_SSLCERT.3 CURLOPT_SSLCERTTYPE.3 CURLOPT_SSL_CIPHER_LIST.3	\
 CURLOPT_SSL_CTX_DATA.3 CURLOPT_SSL_CTX_FUNCTION.3			\
 CURLOPT_SSL_ENABLE_ALPN.3 CURLOPT_SSL_ENABLE_NPN.3 CURLOPT_SSLENGINE.3	\
- CURLOPT_SSLENGINE_DEFAULT.3 CURLOPT_SSLKEY.3 CURLOPT_SSLKEYTYPE.3	\
- CURLOPT_SSL_OPTIONS.3 CURLOPT_SSL_SESSIONID_CACHE.3			\
- CURLOPT_SSL_VERIFYHOST.3 CURLOPT_SSL_VERIFYPEER.3 CURLOPT_SSLVERSION.3	\
- CURLOPT_STDERR.3 CURLOPT_TCP_KEEPALIVE.3 CURLOPT_TCP_KEEPIDLE.3	\
- CURLOPT_TCP_KEEPINTVL.3 CURLOPT_TCP_NODELAY.3 CURLOPT_TELNETOPTIONS.3	\
- CURLOPT_TFTP_BLKSIZE.3 CURLOPT_TIMECONDITION.3 CURLOPT_TIMEOUT.3	\
- CURLOPT_TIMEOUT_MS.3 CURLOPT_TIMEVALUE.3 CURLOPT_TLSAUTH_PASSWORD.3	\
- CURLOPT_TLSAUTH_TYPE.3 CURLOPT_TLSAUTH_USERNAME.3			\
- CURLOPT_TRANSFER_ENCODING.3 CURLOPT_TRANSFERTEXT.3			\
- CURLOPT_UNRESTRICTED_AUTH.3 CURLOPT_UPLOAD.3 CURLOPT_URL.3		\
- CURLOPT_USERAGENT.3 CURLOPT_USERNAME.3 CURLOPT_USERPWD.3		\
+ CURLOPT_SSLENGINE_DEFAULT.3 CURLOPT_SSL_FALSESTART.3 CURLOPT_SSLKEY.3	\
+ CURLOPT_SSLKEYTYPE.3 CURLOPT_SSL_OPTIONS.3				\
+ CURLOPT_SSL_SESSIONID_CACHE.3 CURLOPT_SSL_VERIFYHOST.3			\
+ CURLOPT_SSL_VERIFYPEER.3 CURLOPT_SSL_VERIFYSTATUS.3			\
+ CURLOPT_SSLVERSION.3 CURLOPT_STDERR.3 CURLOPT_TCP_KEEPALIVE.3		\
+ CURLOPT_TCP_KEEPIDLE.3 CURLOPT_TCP_KEEPINTVL.3 CURLOPT_TCP_NODELAY.3	\
+ CURLOPT_TELNETOPTIONS.3 CURLOPT_TFTP_BLKSIZE.3 CURLOPT_TIMECONDITION.3	\
+ CURLOPT_TIMEOUT.3 CURLOPT_TIMEOUT_MS.3 CURLOPT_TIMEVALUE.3		\
+ CURLOPT_TLSAUTH_PASSWORD.3 CURLOPT_TLSAUTH_TYPE.3			\
+ CURLOPT_TLSAUTH_USERNAME.3 CURLOPT_TRANSFER_ENCODING.3			\
+ CURLOPT_TRANSFERTEXT.3 CURLOPT_UNRESTRICTED_AUTH.3 CURLOPT_UPLOAD.3	\
+ CURLOPT_URL.3 CURLOPT_USERAGENT.3 CURLOPT_USERNAME.3 CURLOPT_USERPWD.3	\
 CURLOPT_USE_SSL.3 CURLOPT_VERBOSE.3 CURLOPT_WILDCARDMATCH.3		\
 CURLOPT_WRITEDATA.3 CURLOPT_WRITEFUNCTION.3 CURLOPT_XFERINFODATA.3	\
 CURLOPT_XFERINFOFUNCTION.3 CURLOPT_XOAUTH2_BEARER.3			\
@@ -110,8 +111,8 @@ man_MANS = CURLOPT_ACCEPT_ENCODING.3 CURLOPT_ACCEPTTIMEOUT_MS.3		\
 CURLMOPT_MAX_TOTAL_CONNECTIONS.3 CURLMOPT_PIPELINING.3			\
 CURLMOPT_PIPELINING_SERVER_BL.3 CURLMOPT_PIPELINING_SITE_BL.3		\
 CURLMOPT_SOCKETDATA.3 CURLMOPT_SOCKETFUNCTION.3 CURLMOPT_TIMERDATA.3	\
- CURLMOPT_TIMERFUNCTION.3 CURLOPT_UNIX_SOCKET_PATH.3
-
+ CURLMOPT_TIMERFUNCTION.3 CURLOPT_UNIX_SOCKET_PATH.3			\
+ CURLOPT_PATH_AS_IS.3

 HTMLPAGES = CURLOPT_ACCEPT_ENCODING.html CURLOPT_ACCEPTTIMEOUT_MS.html	\
 CURLOPT_ADDRESS_SCOPE.html CURLOPT_APPEND.html				\
@@ -193,11 +194,11 @@ HTMLPAGES = CURLOPT_ACCEPT_ENCODING.html CURLOPT_ACCEPTTIMEOUT_MS.html	\
 CURLOPT_SSL_CIPHER_LIST.html CURLOPT_SSL_CTX_DATA.html			\
 CURLOPT_SSL_CTX_FUNCTION.html CURLOPT_SSL_ENABLE_ALPN.html		\
 CURLOPT_SSL_ENABLE_NPN.html CURLOPT_SSLENGINE.html			\
- CURLOPT_SSLENGINE_DEFAULT.html CURLOPT_SSLKEY.html			\
- CURLOPT_SSLKEYTYPE.html CURLOPT_SSL_OPTIONS.html			\
+ CURLOPT_SSLENGINE_DEFAULT.html CURLOPT_SSL_FALSESTART.html		\
+ CURLOPT_SSLKEY.html CURLOPT_SSLKEYTYPE.html CURLOPT_SSL_OPTIONS.html	\
 CURLOPT_SSL_SESSIONID_CACHE.html CURLOPT_SSL_VERIFYHOST.html		\
- CURLOPT_SSL_VERIFYPEER.html CURLOPT_SSLVERSION.html			\
- CURLOPT_STDERR.html CURLOPT_TCP_KEEPALIVE.html				\
+ CURLOPT_SSL_VERIFYPEER.html CURLOPT_SSL_VERIFYSTATUS.html		\
+ CURLOPT_SSLVERSION.html CURLOPT_STDERR.html CURLOPT_TCP_KEEPALIVE.html	\
 CURLOPT_TCP_KEEPIDLE.html CURLOPT_TCP_KEEPINTVL.html			\
 CURLOPT_TCP_NODELAY.html CURLOPT_TELNETOPTIONS.html			\
 CURLOPT_TFTP_BLKSIZE.html CURLOPT_TIMECONDITION.html			\
@@ -217,7 +218,7 @@ HTMLPAGES = CURLOPT_ACCEPT_ENCODING.html CURLOPT_ACCEPTTIMEOUT_MS.html	\
 CURLMOPT_PIPELINING_SERVER_BL.html CURLMOPT_PIPELINING_SITE_BL.html	\
 CURLMOPT_SOCKETDATA.html CURLMOPT_SOCKETFUNCTION.html			\
 CURLMOPT_TIMERDATA.html CURLMOPT_TIMERFUNCTION.html			\
- CURLOPT_UNIX_SOCKET_PATH.html
+ CURLOPT_UNIX_SOCKET_PATH.html CURLOPT_PATH_AS_IS.html

 PDFPAGES = CURLOPT_ACCEPT_ENCODING.pdf CURLOPT_ACCEPTTIMEOUT_MS.pdf	\
 CURLOPT_ADDRESS_SCOPE.pdf CURLOPT_APPEND.pdf CURLOPT_AUTOREFERER.pdf	\
@@ -296,30 +297,31 @@ PDFPAGES = CURLOPT_ACCEPT_ENCODING.pdf CURLOPT_ACCEPTTIMEOUT_MS.pdf	\
 CURLOPT_SSL_CIPHER_LIST.pdf CURLOPT_SSL_CTX_DATA.pdf			\
 CURLOPT_SSL_CTX_FUNCTION.pdf CURLOPT_SSL_ENABLE_ALPN.pdf		\
 CURLOPT_SSL_ENABLE_NPN.pdf CURLOPT_SSLENGINE.pdf			\
- CURLOPT_SSLENGINE_DEFAULT.pdf CURLOPT_SSLKEY.pdf			\
- CURLOPT_SSLKEYTYPE.pdf CURLOPT_SSL_OPTIONS.pdf				\
+ CURLOPT_SSLENGINE_DEFAULT.pdf CURLOPT_SSL_FALSESTART.pdf		\
+ CURLOPT_SSLKEY.pdf CURLOPT_SSLKEYTYPE.pdf CURLOPT_SSL_OPTIONS.pdf	\
 CURLOPT_SSL_SESSIONID_CACHE.pdf CURLOPT_SSL_VERIFYHOST.pdf		\
- CURLOPT_SSL_VERIFYPEER.pdf CURLOPT_SSLVERSION.pdf CURLOPT_STDERR.pdf	\
- CURLOPT_TCP_KEEPALIVE.pdf CURLOPT_TCP_KEEPIDLE.pdf			\
- CURLOPT_TCP_KEEPINTVL.pdf CURLOPT_TCP_NODELAY.pdf			\
- CURLOPT_TELNETOPTIONS.pdf CURLOPT_TFTP_BLKSIZE.pdf			\
- CURLOPT_TIMECONDITION.pdf CURLOPT_TIMEOUT.pdf CURLOPT_TIMEOUT_MS.pdf	\
- CURLOPT_TIMEVALUE.pdf CURLOPT_TLSAUTH_PASSWORD.pdf			\
- CURLOPT_TLSAUTH_TYPE.pdf CURLOPT_TLSAUTH_USERNAME.pdf			\
- CURLOPT_TRANSFER_ENCODING.pdf CURLOPT_TRANSFERTEXT.pdf			\
- CURLOPT_UNRESTRICTED_AUTH.pdf CURLOPT_UPLOAD.pdf CURLOPT_URL.pdf	\
- CURLOPT_USERAGENT.pdf CURLOPT_USERNAME.pdf CURLOPT_USERPWD.pdf		\
- CURLOPT_USE_SSL.pdf CURLOPT_VERBOSE.pdf CURLOPT_WILDCARDMATCH.pdf	\
- CURLOPT_WRITEDATA.pdf CURLOPT_WRITEFUNCTION.pdf			\
- CURLOPT_XFERINFODATA.pdf CURLOPT_XFERINFOFUNCTION.pdf			\
- CURLOPT_XOAUTH2_BEARER.pdf CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE.pdf	\
+ CURLOPT_SSL_VERIFYPEER.pdf CURLOPT_SSL_VERIFYSTATUS.pdf		\
+ CURLOPT_SSLVERSION.pdf CURLOPT_STDERR.pdf CURLOPT_TCP_KEEPALIVE.pdf	\
+ CURLOPT_TCP_KEEPIDLE.pdf CURLOPT_TCP_KEEPINTVL.pdf			\
+ CURLOPT_TCP_NODELAY.pdf CURLOPT_TELNETOPTIONS.pdf			\
+ CURLOPT_TFTP_BLKSIZE.pdf CURLOPT_TIMECONDITION.pdf CURLOPT_TIMEOUT.pdf	\
+ CURLOPT_TIMEOUT_MS.pdf CURLOPT_TIMEVALUE.pdf				\
+ CURLOPT_TLSAUTH_PASSWORD.pdf CURLOPT_TLSAUTH_TYPE.pdf			\
+ CURLOPT_TLSAUTH_USERNAME.pdf CURLOPT_TRANSFER_ENCODING.pdf		\
+ CURLOPT_TRANSFERTEXT.pdf CURLOPT_UNRESTRICTED_AUTH.pdf			\
+ CURLOPT_UPLOAD.pdf CURLOPT_URL.pdf CURLOPT_USERAGENT.pdf		\
+ CURLOPT_USERNAME.pdf CURLOPT_USERPWD.pdf CURLOPT_USE_SSL.pdf		\
+ CURLOPT_VERBOSE.pdf CURLOPT_WILDCARDMATCH.pdf CURLOPT_WRITEDATA.pdf	\
+ CURLOPT_WRITEFUNCTION.pdf CURLOPT_XFERINFODATA.pdf			\
+ CURLOPT_XFERINFOFUNCTION.pdf CURLOPT_XOAUTH2_BEARER.pdf		\
+ CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE.pdf					\
 CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE.pdf CURLMOPT_MAXCONNECTS.pdf	\
 CURLMOPT_MAX_HOST_CONNECTIONS.pdf CURLMOPT_MAX_PIPELINE_LENGTH.pdf	\
 CURLMOPT_MAX_TOTAL_CONNECTIONS.pdf CURLMOPT_PIPELINING.pdf		\
 CURLMOPT_PIPELINING_SERVER_BL.pdf CURLMOPT_PIPELINING_SITE_BL.pdf	\
 CURLMOPT_SOCKETDATA.pdf CURLMOPT_SOCKETFUNCTION.pdf			\
 CURLMOPT_TIMERDATA.pdf CURLMOPT_TIMERFUNCTION.pdf			\
- CURLOPT_UNIX_SOCKET_PATH.pdf
+ CURLOPT_UNIX_SOCKET_PATH.pdf CURLOPT_PATH_AS_IS.pdf

 CLEANFILES = $(HTMLPAGES) $(PDFPAGES)

--- a/docs/libcurl/symbols-in-versions
+++ b/docs/libcurl/symbols-in-versions
@@ -118,6 +118,7 @@ CURLE_SSL_CRL_BADFILE           7.19.0
 CURLE_SSL_ENGINE_INITFAILED     7.12.3
 CURLE_SSL_ENGINE_NOTFOUND       7.9.3
 CURLE_SSL_ENGINE_SETFAILED      7.9.3
+CURLE_SSL_INVALIDCERTSTATUS     7.41.0
 CURLE_SSL_ISSUER_ERROR          7.19.0
 CURLE_SSL_PEER_CERTIFICATE      7.8           7.17.1
 CURLE_SSL_PINNEDPUBKEYNOTMATCH  7.39.0
@@ -430,6 +431,7 @@ CURLOPT_PASSWDDATA              7.4.2         7.11.1      7.15.5
 CURLOPT_PASSWDFUNCTION          7.4.2         7.11.1      7.15.5
 CURLOPT_PASSWORD                7.19.1
 CURLOPT_PASV_HOST               7.12.1        7.16.0      7.15.5
+CURLOPT_PATH_AS_IS              7.42.0
 CURLOPT_PINNEDPUBLICKEY         7.39.0
 CURLOPT_PORT                    7.1
 CURLOPT_POST                    7.1
@@ -509,10 +511,12 @@ CURLOPT_SSL_CTX_DATA            7.10.6
 CURLOPT_SSL_CTX_FUNCTION        7.10.6
 CURLOPT_SSL_ENABLE_ALPN         7.36.0
 CURLOPT_SSL_ENABLE_NPN          7.36.0
+CURLOPT_SSL_FALSESTART          7.42.0
 CURLOPT_SSL_OPTIONS             7.25.0
 CURLOPT_SSL_SESSIONID_CACHE     7.16.0
 CURLOPT_SSL_VERIFYHOST          7.8.1
 CURLOPT_SSL_VERIFYPEER          7.4.2
+CURLOPT_SSL_VERIFYSTATUS        7.41.0
 CURLOPT_STDERR                  7.1
 CURLOPT_TCP_KEEPALIVE           7.25.0
 CURLOPT_TCP_KEEPIDLE            7.25.0
--- a/docs/libcurl/symbols.pl
+++ b/docs/libcurl/symbols.pl
@@ -71,7 +71,7 @@ while(<F>) {
        my $dep;

        # is there removed info?
-        if($vers =~ /([\d.]+)[ \t-]+([\d.]+)[ \t]+([\d.]+)/) {
+        if($vers =~ /([\d.]+)[ \t-]+([\d.-]+)[ \t]+([\d.]+)/) {
            ($intr, $dep, $rm)=($1, $2, $3);
        }
        # is it a dep-only line?
--- a/include/curl/curl.h
+++ b/include/curl/curl.h
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -523,6 +523,7 @@ typedef enum {
                                    session will be queued */
  CURLE_SSL_PINNEDPUBKEYNOTMATCH, /* 90 - specified pinned public key did not
                                     match */
+  CURLE_SSL_INVALIDCERTSTATUS,   /* 91 - invalid certificate status */
  CURL_LAST /* never use! */
 } CURLcode;

@@ -845,7 +846,7 @@ typedef enum {
  CINIT(WRITEDATA, OBJECTPOINT, 1),

  /* The full URL to get/put */
-  CINIT(URL,  OBJECTPOINT, 2),
+  CINIT(URL, OBJECTPOINT, 2),

  /* Port number to connect to, if other than default. */
  CINIT(PORT, LONG, 3),
@@ -1622,6 +1623,15 @@ typedef enum {
  /* Path to Unix domain socket */
  CINIT(UNIX_SOCKET_PATH, OBJECTPOINT, 231),

+  /* Set if we should verify the certificate status. */
+  CINIT(SSL_VERIFYSTATUS, LONG, 232),
+
+  /* Set if we should enable TLS false start. */
+  CINIT(SSL_FALSESTART, LONG, 233),
+
+  /* Do not squash dot-dot sequences */
+  CINIT(PATH_AS_IS, LONG, 234),
+
  CURLOPT_LASTENTRY /* the last unused */
 } CURLoption;

--- a/include/curl/curlver.h
+++ b/include/curl/curlver.h
@@ -30,12 +30,12 @@

 /* This is the version number of the libcurl package from which this header
   file origins: */
-#define LIBCURL_VERSION "7.40.0-DEV"
+#define LIBCURL_VERSION "7.42.0-DEV"

 /* The numeric version number is also available "in parts" by using these
   defines: */
 #define LIBCURL_VERSION_MAJOR 7
-#define LIBCURL_VERSION_MINOR 40
+#define LIBCURL_VERSION_MINOR 42
 #define LIBCURL_VERSION_PATCH 0

 /* This is the numeric version of the libcurl version number, meant for easier
@@ -53,7 +53,7 @@
   and it is always a greater number in a more recent release. It makes
   comparisons with greater than and less than work.
 */
-#define LIBCURL_VERSION_NUM 0x072800
+#define LIBCURL_VERSION_NUM 0x072A00

 /*
 * This is the date and time when the full source package was created. The
--- a/include/curl/mprintf.h
+++ b/include/curl/mprintf.h
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -57,15 +57,8 @@ CURL_EXTERN char *curl_mvaprintf(const char *format, va_list args);
 # undef vaprintf
 # define printf curl_mprintf
 # define fprintf curl_mfprintf
-#ifdef CURLDEBUG
-/* When built with CURLDEBUG we define away the sprintf functions since we
-   don't want internal code to be using them */
-# define sprintf sprintf_was_used
-# define vsprintf vsprintf_was_used
-#else
 # define sprintf curl_msprintf
 # define vsprintf curl_mvsprintf
-#endif
 # define snprintf curl_msnprintf
 # define vprintf curl_mvprintf
 # define vfprintf curl_mvfprintf
--- a/lib/CMakeLists.txt
+++ b/lib/CMakeLists.txt
@@ -98,4 +98,7 @@ if(WIN32)
  endif()
 endif()

-install(TARGETS ${LIB_NAME} DESTINATION lib)
+install(TARGETS ${LIB_NAME}
+  ARCHIVE DESTINATION lib
+  LIBRARY DESTINATION lib
+  RUNTIME DESTINATION bin)
--- a/lib/Makefile.b32
+++ b/lib/Makefile.b32
@@ -74,7 +74,7 @@ LINKLIB  = $(LINKLIB) $(ZLIB_PATH)\zlib.lib

 # SSL support is enabled setting WITH_SSL=1
 !ifdef WITH_SSL
-DEFINES  = $(DEFINES) -DUSE_SSLEAY
+DEFINES  = $(DEFINES) -DUSE_OPENSSL
 INCDIRS  = $(INCDIRS);$(OPENSSL_PATH)\inc32;$(OPENSSL_PATH)\inc32\openssl
 LINKLIB  = $(LINKLIB) $(OPENSSL_PATH)\out32\ssleay32.lib $(OPENSSL_PATH)\out32\libeay32.lib
 !endif
--- a/lib/Makefile.inc
+++ b/lib/Makefile.inc
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -22,11 +22,11 @@

 LIB_VTLS_CFILES = vtls/openssl.c vtls/gtls.c vtls/vtls.c vtls/nss.c     \
  vtls/polarssl.c vtls/polarssl_threadlock.c vtls/axtls.c               \
-  vtls/cyassl.c vtls/curl_schannel.c vtls/curl_darwinssl.c vtls/gskit.c
+  vtls/cyassl.c vtls/schannel.c vtls/darwinssl.c vtls/gskit.c

 LIB_VTLS_HFILES = vtls/openssl.h vtls/vtls.h vtls/gtls.h                \
  vtls/nssg.h vtls/polarssl.h vtls/polarssl_threadlock.h vtls/axtls.h   \
-  vtls/cyassl.h vtls/curl_schannel.h vtls/curl_darwinssl.h vtls/gskit.h
+  vtls/cyassl.h vtls/schannel.h vtls/darwinssl.h vtls/gskit.h

 LIB_CFILES = file.c timeval.c base64.c hostip.c progress.c formdata.c   \
  cookie.c http.c sendf.c ftp.c url.c dict.c if2ip.c speedcheck.c       \
@@ -45,7 +45,8 @@ LIB_CFILES = file.c timeval.c base64.c hostip.c progress.c formdata.c   \
  asyn-thread.c curl_gssapi.c curl_ntlm.c curl_ntlm_wb.c                \
  curl_ntlm_core.c curl_ntlm_msgs.c curl_sasl.c curl_multibyte.c        \
  hostcheck.c bundles.c conncache.c pipeline.c dotdot.c x509asn1.c      \
-  http2.c curl_sasl_sspi.c smb.c curl_sasl_gssapi.c curl_endian.c
+  http2.c curl_sasl_sspi.c smb.c curl_sasl_gssapi.c curl_endian.c       \
+  curl_des.c

 LIB_HFILES = arpa_telnet.h netrc.h file.h timeval.h hostip.h progress.h \
  formdata.h cookie.h http.h sendf.h ftp.h url.h dict.h if2ip.h         \
@@ -63,7 +64,8 @@ LIB_HFILES = arpa_telnet.h netrc.h file.h timeval.h hostip.h progress.h \
  curl_ntlm.h curl_gssapi.h curl_ntlm_wb.h curl_ntlm_core.h             \
  curl_ntlm_msgs.h curl_sasl.h curl_multibyte.h hostcheck.h bundles.h   \
  conncache.h curl_setup_once.h multihandle.h setup-vms.h pipeline.h    \
-  dotdot.h x509asn1.h http2.h sigpipe.h smb.h curl_endian.h
+  dotdot.h x509asn1.h http2.h sigpipe.h smb.h curl_endian.h curl_des.h  \
+  curl_printf.h

 LIB_RCFILES = libcurl.rc

--- a/lib/Makefile.m32
+++ b/lib/Makefile.m32
@@ -55,7 +55,7 @@ LIBCARES_PATH = $(PROOT)/ares
 endif

 CC	= $(CROSSPREFIX)gcc
-CFLAGS	= -g -O2 -Wall
+CFLAGS	= $(CURL_CFLAG_EXTRAS) -g -O2 -Wall
 CFLAGS	+= -fno-strict-aliasing
 # comment LDFLAGS below to keep debug info
 LDFLAGS	= -s
@@ -75,7 +75,7 @@ endif
 endif

 ifeq ($(ARCH),w64)
-CFLAGS  += -D_AMD64_
+CFLAGS  += -m64 -D_AMD64_
 RCFLAGS += -F pe-x86-64
 else
 CFLAGS  += -m32
@@ -214,14 +214,17 @@ ifdef SSL
      OPENSSL_LIBS = -lcrypto -lssl
    endif
  endif
+  ifndef DYN
+    OPENSSL_LIBS += -lgdi32 -lcrypt32
+  endif
  INCLUDES += -I"$(OPENSSL_INCLUDE)"
-  CFLAGS += -DUSE_SSLEAY -DUSE_OPENSSL -DHAVE_OPENSSL_ENGINE_H -DHAVE_OPENSSL_PKCS12_H \
+  CFLAGS += -DUSE_OPENSSL -DHAVE_OPENSSL_ENGINE_H -DHAVE_OPENSSL_PKCS12_H \
            -DHAVE_ENGINE_LOAD_BUILTIN_ENGINES -DOPENSSL_NO_KRB5 \
            -DCURL_WANTS_CA_BUNDLE_ENV
  DLL_LIBS += -L"$(OPENSSL_LIBPATH)" $(OPENSSL_LIBS)
  ifdef SRP
    ifeq "$(wildcard $(OPENSSL_INCLUDE)/openssl/srp.h)" "$(OPENSSL_INCLUDE)/openssl/srp.h"
-      CFLAGS += -DHAVE_SSLEAY_SRP -DUSE_TLS_SRP
+      CFLAGS += -DHAVE_OPENSSL_SRP -DUSE_TLS_SRP
    endif
  endif
 endif
@@ -323,5 +326,3 @@ $(PROOT)/include/curl/curlbuild.h:

 $(LIBCARES_PATH)/libcares.a:
 	$(MAKE) -C $(LIBCARES_PATH) -f Makefile.m32
-
-
--- a/lib/Makefile.netware
+++ b/lib/Makefile.netware
@@ -214,6 +214,11 @@ WITH_SSL =
 else
 ifeq ($(findstring -ssl,$(CFG)),-ssl)
 WITH_SSL = 1
+ifeq ($(findstring -srp,$(CFG)),-srp)
+ifeq "$(wildcard $(OPENSSL_PATH)/outinc_nw_$(LIBARCH_L)/openssl/srp.h)" "$(OPENSSL_PATH)/outinc_nw_$(LIBARCH_L)/openssl/srp.h"
+WITH_SRP = 1
+endif
+endif
 endif
 endif
 ifeq ($(findstring -zlib,$(CFG)),-zlib)
@@ -638,6 +643,10 @@ ifdef WITH_SSL
 	@echo $(DL)#define HAVE_LIBSSL 1$(DL) >> $@
 	@echo $(DL)#define HAVE_LIBCRYPTO 1$(DL) >> $@
 	@echo $(DL)#define OPENSSL_NO_KRB5 1$(DL) >> $@
+ifdef WITH_SRP
+	@echo $(DL)#define HAVE_SSLEAY_SRP 1$(DL) >> $@
+	@echo $(DL)#define USE_TLS_SRP 1$(DL) >> $@
+endif
 ifdef WITH_SPNEGO
 	@echo $(DL)#define HAVE_SPNEGO 1$(DL) >> $@
 endif
@@ -690,6 +699,11 @@ ifdef WITH_SSL
 else
 	@echo SSL support:     no
 endif
+ifdef WITH_SRP
+	@echo SRP support:     enabled
+else
+	@echo SRP support:     no
+endif
 ifdef WITH_SSH2
 	@echo SSH2 support:    enabled (libssh2)
 else
--- a/lib/Makefile.vc6
+++ b/lib/Makefile.vc6
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1999 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1999 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -105,7 +105,7 @@ WINDOWS_SDK_PATH = "$(PROGRAMFILES)\Microsoft SDK"

 CCNODBG      = cl.exe /O2 /DNDEBUG
 CCDEBUG      = cl.exe /Od /Gm /Zi /D_DEBUG /GZ
-CFLAGSSSL    = /DUSE_SSLEAY /DUSE_OPENSSL /I "$(OPENSSL_PATH)/inc32" /I "$(OPENSSL_PATH)/inc32/openssl"
+CFLAGSSSL    = /DUSE_OPENSSL /I "$(OPENSSL_PATH)/inc32" /I "$(OPENSSL_PATH)/inc32/openssl"
 CFLAGSWINSSL = /DUSE_SCHANNEL
 CFLAGSSSH2   = /DUSE_LIBSSH2 /DCURL_DISABLE_LDAP /DHAVE_LIBSSH2 /DHAVE_LIBSSH2_H /DLIBSSH2_WIN32 /DLIBSSH2_LIBRARY /I "$(LIBSSH2_PATH)/include"
 CFLAGSZLIB   = /DHAVE_ZLIB_H /DHAVE_ZLIB /DHAVE_LIBZ /I "$(ZLIB_PATH)"
@@ -534,7 +534,7 @@ X_OBJS= \
 	$(DIROBJ)\content_encoding.obj \
 	$(DIROBJ)\cookie.obj \
 	$(DIROBJ)\curl_addrinfo.obj \
-	$(DIROBJ)\curl_darwinssl.obj \
+	$(DIROBJ)\curl_des.obj \
 	$(DIROBJ)\curl_endian.obj \
 	$(DIROBJ)\curl_fnmatch.obj \
 	$(DIROBJ)\curl_gethostname.obj \
@@ -549,10 +549,10 @@ X_OBJS= \
 	$(DIROBJ)\curl_sasl.obj \
 	$(DIROBJ)\curl_sasl_gssapi.obj \
 	$(DIROBJ)\curl_sasl_sspi.obj \
-	$(DIROBJ)\curl_schannel.obj \
 	$(DIROBJ)\curl_sspi.obj \
 	$(DIROBJ)\curl_threads.obj \
 	$(DIROBJ)\cyassl.obj \
+	$(DIROBJ)\darwinssl.obj \
 	$(DIROBJ)\dict.obj \
 	$(DIROBJ)\dotdot.obj \
 	$(DIROBJ)\easy.obj \
@@ -607,6 +607,7 @@ X_OBJS= \
 	$(DIROBJ)\progress.obj \
 	$(DIROBJ)\rawstr.obj \
 	$(DIROBJ)\rtsp.obj \
+	$(DIROBJ)\schannel.obj \
 	$(DIROBJ)\security.obj \
 	$(DIROBJ)\select.obj \
 	$(DIROBJ)\sendf.obj \
--- a/lib/README.http2
+++ b/lib/README.http2
@@ -1,8 +1,9 @@
-
 HTTP2 with libcurl

 Spec: http://tools.ietf.org/html/draft-ietf-httpbis-http2

+ Document explaining it: http://daniel.haxx.se/http2/
+
 Build prerequisites
  - nghttp2
  - OpenSSL, NSS, GnutTLS or PolarSSL with a new enough version
@@ -10,8 +11,8 @@ HTTP2 with libcurl
 nghttp2 (https://github.com/tatsuhiro-t/nghttp2)

  libcurl uses this 3rd party library for the low level protocol handling
-  parts. The reason for this is that HTTP2 is much more complex at that layer
-  than HTTP1.1 (which we implement on our own) and that nghttp2 is an already
+  parts. The reason for this is that HTTP/2 is much more complex at that layer
+  than HTTP/1.1 (which we implement on our own) and that nghttp2 is an already
  existing and well functional library.

  Right now, nghttp2 implements http2 draft-14
@@ -20,9 +21,9 @@ HTTP2 with libcurl

 Over an http:// URL

-  If CURLOPT_HTTP_VERSION is set to CURL_HTTP_VERSION_2, libcurl will include
-  an upgrade header in the initial request to the host to allow upgrading to
-  http2.
+  If CURLOPT_HTTP_VERSION is set to CURL_HTTP_VERSION_2_0, libcurl will
+  include an upgrade header in the initial request to the host to allow
+  upgrading to http2.

  Possibly we can later introduce an option that will cause libcurl to fail if
  not possible to upgrade. Possibly we introduce an option that makes libcurl
@@ -30,10 +31,10 @@ HTTP2 with libcurl

 Over an https:// URL

-  If CURLOPT_HTTP_VERSION is set to CURL_HTTP_VERSION_2, libcurl will use ALPN
-  (or NPN) to negotiate which protocol to continue with. Possibly introduce an
-  option that will cause libcurl to fail if not possible to use http2.
-  Consider options to explicitly disable ALPN and/or NPN.
+  If CURLOPT_HTTP_VERSION is set to CURL_HTTP_VERSION_2_0, libcurl will use
+  ALPN (or NPN) to negotiate which protocol to continue with. Possibly
+  introduce an option that will cause libcurl to fail if not possible to use
+  http2.  Consider options to explicitly disable ALPN and/or NPN.

  ALPN is the TLS extension that http2 is expected to use. The NPN extension
  is for a similar purpose, was made prior to ALPN and is used for SPDY so
@@ -51,15 +52,16 @@ SSL libs
    GnuTLS:   ALPN
    PolarSSL: ALPN

-Alt-Svc
+HTTP Alternative Services

-  Alt-Svc is a suggested new header with a corresponding frame (ALTSVC) in
+  Alt-Svc is a suggested extension with a corresponding frame (ALTSVC) in
  http2 that tells the client about an alternative "route" to the same content
  for the same origin server that you get the response from. A browser or
  long-living client can use that hint to create a new connection
  asynchronously.  For libcurl, we may introduce a way to bring such clues to
  the applicaton and/or let a subsequent request use the alternate route
-  automatically.
+  automatically. Spec:
+  http://tools.ietf.org/html/draft-ietf-httpbis-alt-svc-05

 Applications

@@ -70,8 +72,16 @@ curl tool

  curl offers the --http2 command line option to enable use of http2

-To consider:
+TODO:
+
+  - Implement multiplexing

  - How to tell libcurl when using the multi interface that all or some of the
    handles are allowed to re-use the same physical connection. Can we just
    re-use existing pipelining logic?
+
+  - Provide API to set priorities / dependencies of individual streams
+
+  - Implement "prior-knowledge" HTTP/2 connecitons over clear text so that
+    curl can connect with HTTP/2 at once without 1.1+Upgrade.
+
--- a/lib/amigaos.c
+++ b/lib/amigaos.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -71,7 +71,7 @@ bool Curl_amiga_init()
 }

 #ifdef __libnix__
-ADD2EXIT(Curl_amiga_cleanup,-50);
+ADD2EXIT(Curl_amiga_cleanup, -50);
 #endif

 #endif /* __AMIGA__ && ! __ixemul__ */
--- a/lib/asyn-ares.c
+++ b/lib/asyn-ares.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -68,9 +68,7 @@
 #include "connect.h"
 #include "select.h"
 #include "progress.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
+#include "curl_printf.h"

 #  if defined(CURL_STATICLIB) && !defined(CARES_STATICLIB) && \
     (defined(WIN32) || defined(_WIN32) || defined(__SYMBIAN32__))
@@ -166,7 +164,7 @@ void Curl_resolver_cleanup(void *resolver)
 int Curl_resolver_duphandle(void **to, void *from)
 {
  /* Clone the ares channel for the new handle */
-  if(ARES_SUCCESS != ares_dup((ares_channel*)to,(ares_channel)from))
+  if(ARES_SUCCESS != ares_dup((ares_channel*)to, (ares_channel)from))
    return CURLE_FAILED_INIT;
  return CURLE_OK;
 }
@@ -188,8 +186,7 @@ void Curl_resolver_cancel(struct connectdata *conn)
 */
 static void destroy_async_data (struct Curl_async *async)
 {
-  if(async->hostname)
-    free(async->hostname);
+  free(async->hostname);

  if(async->os_specific) {
    struct ResolverResults *res = (struct ResolverResults *)async->os_specific;
@@ -388,7 +385,7 @@ CURLcode Curl_resolver_wait_resolv(struct connectdata *conn,
      timeout_ms = 1000;

    waitperform(conn, timeout_ms);
-    Curl_resolver_is_resolved(conn,&temp_entry);
+    Curl_resolver_is_resolved(conn, &temp_entry);

    if(conn->async.done)
      break;
@@ -536,15 +533,15 @@ Curl_addrinfo *Curl_resolver_getaddrinfo(struct connectdata *conn,
  bufp = strdup(hostname);
  if(bufp) {
    struct ResolverResults *res = NULL;
-    Curl_safefree(conn->async.hostname);
+    free(conn->async.hostname);
    conn->async.hostname = bufp;
    conn->async.port = port;
    conn->async.done = FALSE;   /* not done */
    conn->async.status = 0;     /* clear */
    conn->async.dns = NULL;     /* clear */
-    res = calloc(sizeof(struct ResolverResults),1);
+    res = calloc(sizeof(struct ResolverResults), 1);
    if(!res) {
-      Curl_safefree(conn->async.hostname);
+      free(conn->async.hostname);
      conn->async.hostname = NULL;
      return NULL;
    }
--- a/lib/asyn-thread.c
+++ b/lib/asyn-thread.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -69,11 +69,9 @@
 #include "inet_ntop.h"
 #include "curl_threads.h"
 #include "connect.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
+#include "curl_printf.h"
 #include "curl_memory.h"
+
 /* The last #include file should be: */
 #include "memdebug.h"

@@ -192,13 +190,12 @@ void destroy_thread_sync_data(struct thread_sync_data * tsd)
    free(tsd->mtx);
  }

-  if(tsd->hostname)
-    free(tsd->hostname);
+  free(tsd->hostname);

  if(tsd->res)
    Curl_freeaddrinfo(tsd->res);

-  memset(tsd,0,sizeof(*tsd));
+  memset(tsd, 0, sizeof(*tsd));
 }

 /* Initialize resolver thread synchronization data */
@@ -366,9 +363,7 @@ static void destroy_async_data (struct Curl_async *async)
  }
  async->os_specific = NULL;

-  if(async->hostname)
-    free(async->hostname);
-
+  free(async->hostname);
  async->hostname = NULL;
 }

@@ -398,7 +393,7 @@ static bool init_resolve_thread (struct connectdata *conn,
  if(!init_thread_sync_data(td, hostname, port, hints))
    goto err_exit;

-  Curl_safefree(conn->async.hostname);
+  free(conn->async.hostname);
  conn->async.hostname = strdup(hostname);
  if(!conn->async.hostname)
    goto err_exit;
--- a/lib/base64.c
+++ b/lib/base64.c
@@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -23,17 +23,14 @@
 /* Base64 encoding/decoding */

 #include "curl_setup.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
+#include "curl_printf.h"
 #include "urldata.h" /* for the SessionHandle definition */
 #include "warnless.h"
 #include "curl_base64.h"
-#include "curl_memory.h"
 #include "non-ascii.h"

-/* include memdebug.h last */
+/* The last #include files should be: */
+#include "curl_memory.h"
 #include "memdebug.h"

 /* ---- Base64 Encoding/Decoding Table --- */
@@ -152,7 +149,7 @@ CURLcode Curl_base64_decode(const char *src,
  for(i = 0; i < numQuantums; i++) {
    size_t result = decodeQuantum(pos, src);
    if(!result) {
-      Curl_safefree(newstr);
+      free(newstr);

      return CURLE_BAD_CONTENT_ENCODING;
    }
@@ -255,8 +252,7 @@ static CURLcode base64_encode(const char *table64,
  *output = '\0';
  *outptr = base64data; /* return pointer to new data, allocated memory */

-  if(convbuf)
-    free(convbuf);
+  free(convbuf);

  *outlen = strlen(base64data); /* return the length of the new data */

--- a/lib/bundles.c
+++ b/lib/bundles.c
@@ -6,7 +6,7 @@
 *                             \___|\___/|_| \_\_____|
 *
 * Copyright (C) 2012, Linus Nielsen Feltzing, <linus@haxx.se>
- * Copyright (C) 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2012-2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -74,7 +74,7 @@ void Curl_bundle_destroy(struct connectbundle *cb_ptr)
    Curl_llist_destroy(cb_ptr->conn_list, NULL);
    cb_ptr->conn_list = NULL;
  }
-  Curl_safefree(cb_ptr);
+  free(cb_ptr);
 }

 /* Add a connection to a bundle */
--- a/lib/checksrc.pl
+++ b/lib/checksrc.pl
@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 2011 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 2011 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -26,13 +26,32 @@ my $indent = 2;

 my $warnings;
 my $errors;
+my $supressed; # whitelisted problems
 my $file;
 my $dir=".";
 my $wlist;
+my $windows_os = $^O eq 'MSWin32' || $^O eq 'msys' || $^O eq 'cygwin';
+
+my %whitelist;
+
+sub readwhitelist {
+    open(W, "<$dir/checksrc.whitelist");
+    my @all=<W>;
+    for(@all) {
+        $windows_os ? $_ =~ s/\r?\n$// : chomp;
+        $whitelist{$_}=1;
+    }
+    close(W);
+}

 sub checkwarn {
    my ($num, $col, $file, $line, $msg, $error) = @_;

+    if($whitelist{$line}) {
+        $supressed++;
+        return;
+    }
+    
    my $w=$error?"error":"warning";

    if($w) {
@@ -78,6 +97,8 @@ if(!$file) {
    exit;
 }

+readwhitelist();
+
 do {
    if("$wlist" !~ / $file /) {
        my $fullname = $file;
@@ -100,7 +121,7 @@ sub scanfile {
    my $copyright=0;

    while(<R>) {
-        chomp;
+        $windows_os ? $_ =~ s/\r?\n$// : chomp;
        my $l = $_;
        my $column = 0;

@@ -144,6 +165,49 @@ sub scanfile {
            }
        }

+        # check for "return(" without space
+        if($l =~ /^(.*)return\(/) {
+            if($1 =~ / *\#/) {
+                # this is a #if, treat it differently
+            }
+            else {
+                checkwarn($line, length($1)+6, $file, $l,
+                          "return without space before paren");
+            }
+        }
+
+        # check for comma without space
+        if($l =~ /^(.*),[^ \n]/) {
+            my $pref=$1;
+            my $ign=0;
+            if($pref =~ / *\#/) {
+                # this is a #if, treat it differently
+                $ign=1;
+            }
+            elsif($pref =~ /\/\*/) {
+                # this is a comment
+                $ign=1;
+            }
+            elsif($pref =~ /[\"\']/) {
+                $ign = 1;
+                # There is a quote here, figure out whether the comma is
+                # within a string or '' or not.
+                if($pref =~ /\"/) {
+                    # withing a string
+                }
+                elsif($pref =~ /\'$/) {
+                    # a single letter
+                }
+                else {
+                    $ign = 0;
+                }
+            }
+            if(!$ign) {
+                checkwarn($line, length($pref)+1, $file, $l,
+                          "comma without following space");
+            }
+        }
+        
        # check for "} else"
        if($l =~ /^(.*)\} *else/) {
            checkwarn($line, length($1), $file, $l, "else after closing brace on same line");
@@ -153,6 +217,11 @@ sub scanfile {
            checkwarn($line, length($1)+1, $file, $l, "missing space after close paren");
        }

+        # check for space before the semicolon last in a line
+        if($l =~ /^(.*[^ ].*) ;$/) {
+            checkwarn($line, length($1), $file, $l, "space before last semicolon");
+        }
+
        # scan for use of banned functions
        if($l =~ /^(.*\W)(sprintf|vsprintf|strcat|strncat|gets)\s*\(/) {
            checkwarn($line, length($1), $file, $l,
--- a/lib/checksrc.whitelist
+++ b/lib/checksrc.whitelist
@@ -0,0 +1,6 @@
+    227 Entering Passive Mode (a1,a2,a3,a4,p1,p2)
+    228 Entering Long Passive Mode (4,4,a1,a2,a3,a4,2,p1,p2)
+      150 ASCII data connection for /bin/ls (137.167.104.91,37445) (0 bytes).
+      150 Opening ASCII mode data connection for [file] (0.0.0.0,0) (545 bytes)
+   * no_proxy=domain1.dom,host.domain2.dom
+     Default values are (0,0) initialized by calloc.
--- a/lib/config-amigaos.h
+++ b/lib/config-amigaos.h
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -93,7 +93,6 @@

 #define USE_MANUAL 1
 #define USE_OPENSSL 1
-#define USE_SSLEAY 1
 #define CURL_DISABLE_LDAP 1

 #define OS "AmigaOS"
--- a/lib/config-dos.h
+++ b/lib/config-dos.h
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -132,12 +132,11 @@
  #define HAVE_LIBZ              1
 #endif

-/* USE_SSLEAY on cmd-line */
-#ifdef USE_SSLEAY
+/* USE_OPENSSL on cmd-line */
+#ifdef USE_OPENSSL
  #define HAVE_CRYPTO_CLEANUP_ALL_EX_DATA 1
  #define HAVE_OPENSSL_ENGINE_H  1
  #define OPENSSL_NO_KRB5        1
-  #define USE_OPENSSL            1
 #endif

 /* to disable LDAP */
@@ -163,11 +162,6 @@
  #define HAVE_TERMIOS_H  1
  #define HAVE_VARIADIC_MACROS_GCC 1

-  /* Because djgpp <= 2.03 doesn't have snprintf() etc. */
-  #if (DJGPP_MINOR < 4)
-    #define _MPRINTF_REPLACE
-  #endif
-
 #elif defined(__WATCOMC__)
  #define HAVE_STRCASECMP 1

--- a/lib/config-mac.h
+++ b/lib/config-mac.h
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -70,7 +70,6 @@
 #define HAVE_SIG_ATOMIC_T       1

 #ifdef MACOS_SSL_SUPPORT
-#  define USE_SSLEAY            1
 #  define USE_OPENSSL           1
 #endif

--- a/lib/config-symbian.h
+++ b/lib/config-symbian.h
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -69,7 +69,7 @@
 /* #undef CURL_EXTERN_SYMBOL */

 /* Use Windows LDAP implementation */
-/* #undef CURL_LDAP_WIN */
+/* #undef USE_WIN32_LDAP */

 /* your Entropy Gathering Daemon socket pathname */
 /* #undef EGD_SOCKET */
@@ -808,10 +808,4 @@
 #define HAVE_ZLIB_H 1
 #endif

-/* Enable appropriate definitions only when OpenSSL support is enabled */
-#ifdef USE_SSLEAY
-/* if OpenSSL is in use */
-#define USE_OPENSSL
-#endif
-
 #endif /* HEADER_CURL_CONFIG_SYMBIAN_H */
--- a/lib/config-tpf.h
+++ b/lib/config-tpf.h
@@ -7,7 +7,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@@ -646,7 +646,7 @@
 /* #undef USE_OPENSSL */

 /* if SSL is enabled */
-/* #undef USE_SSLEAY */
+/* #undef USE_OPENSSL */

 /* to enable SSPI support */
 /* #undef USE_WINDOWS_SSPI */
--- a/Show More
+++ b/Show More