RELEASE-NOTES: 7.42.1 ready

Make the HTTP headers separated by default for improved security and
reduced risk for information leakage.

Bug: http://curl.haxx.se/docs/adv_20150429.html
Reported-by: Yehezkel Horowitz, Oren Souroujon

.gitignore

@@ -46,3 +46,6 @@ CHANGES.dist
 .cproject
 .settings
 .dirstamp
+test-driver
+/build/
+/builds/

.travis.yml

@@ -3,6 +3,8 @@ language: c
 before_script:
   - ./buildconf
 
+script: ./configure --enable-debug && make && make test-full
+
 compiler:
   - clang
   - gcc

CMakeLists.txt

@@ -76,6 +76,24 @@ option(BUILD_CURL_TESTS "Set to ON to build cURL tests." ON)
 option(CURL_STATICLIB "Set to ON to build libcurl with static linking." OFF)
 option(ENABLE_ARES "Set to ON to enable c-ares support" OFF)
 option(ENABLE_THREADED_RESOLVER "Set to ON to enable POSIX threaded DNS lookup" OFF)
+
+option(ENABLE_DEBUG "Set to ON to enable curl debug features" OFF)
+option(ENABLE_CURLDEBUG "Set to ON to build with TrackMemory feature enabled" OFF)
+
+if (ENABLE_DEBUG)
+  # DEBUGBUILD will be defined only for Debug builds
+  if(NOT CMAKE_VERSION VERSION_LESS 3.0)
+    set_property(DIRECTORY APPEND PROPERTY COMPILE_DEFINITIONS $<$<CONFIG:Debug>:DEBUGBUILD>)
+  else()
+    set_property(DIRECTORY APPEND PROPERTY COMPILE_DEFINITIONS_DEBUG DEBUGBUILD)
+  endif()
+  set(ENABLE_CURLDEBUG ON)
+endif()
+
+if (ENABLE_CURLDEBUG)
+  set_property(DIRECTORY APPEND PROPERTY COMPILE_DEFINITIONS CURLDEBUG)
+endif()
+
 # initialize CURL_LIBS
 set(CURL_LIBS "")
 
@@ -280,7 +298,6 @@ endif()
 option(CMAKE_USE_OPENSSL "Use OpenSSL code. Experimental" ON)
 mark_as_advanced(CMAKE_USE_OPENSSL)
 
-set(USE_SSLEAY OFF)
 set(USE_OPENSSL OFF)
 set(HAVE_LIBCRYPTO OFF)
 set(HAVE_LIBSSL OFF)
@@ -289,7 +306,6 @@ if(CMAKE_USE_OPENSSL)
   find_package(OpenSSL)
   if(OPENSSL_FOUND)
     list(APPEND CURL_LIBS ${OPENSSL_LIBRARIES})
-    set(USE_SSLEAY ON)
     set(USE_OPENSSL ON)
     set(HAVE_LIBCRYPTO ON)
     set(HAVE_LIBSSL ON)
@@ -736,7 +752,6 @@ if(CMAKE_USE_OPENSSL)
     HAVE_CRYPTO_CLEANUP_ALL_EX_DATA)
   if(HAVE_LIBCRYPTO AND HAVE_LIBSSL)
     set(USE_OPENSSL 1)
-    set(USE_SSLEAY 1)
   endif(HAVE_LIBCRYPTO AND HAVE_LIBSSL)
 endif(CMAKE_USE_OPENSSL)
 check_symbol_exists(gmtime_r      "${CURL_INCLUDES}" HAVE_GMTIME_R)

CONTRIBUTING.md

@@ -0,0 +1,27 @@
+How to contribute to curl
+=========================
+
+Join the community
+------------------
+
+ 1. Click 'watch' on the github repo
+
+ 2. Subscribe to the suitable [mailing lists](http://curl.haxx.se/mail/)
+
+Read [docs/CONTRIBUTE](docs/CONTRIBUTE)
+---------------------------------------
+
+Send your suggestions using one of these methods:
+-------------------------------------------------
+
+ 1. in a mail to the mailing list
+
+ 2. in the [bug tracker](https://sourceforge.net/p/curl/bugs/)
+
+ 3. as a pull request on github
+
+ 4. as an issue on github
+   
+
+/ The cURL team!
+

MacOSX-Framework

@@ -94,7 +94,7 @@ if test ! -z $SDK32; then
   rm -r libcurl.framework
   mkdir -p libcurl.framework/${FRAMEWORK_VERSION}/Resources
   cp lib/.libs/libcurl.dylib libcurl.framework/${FRAMEWORK_VERSION}/libcurl
-  install_name_tool -id @executable_path/../Frameworks/libcurl.framework/${FRAMEWORK_VERSION}/libcurl libcurl.framework/${FRAMEWORK_VERSION}/libcurl
+  install_name_tool -id @rpath/libcurl.framework/${FRAMEWORK_VERSION}/libcurl libcurl.framework/${FRAMEWORK_VERSION}/libcurl
   /usr/bin/sed -e "s/7\.12\.3/$VERSION/" lib/libcurl.plist >libcurl.framework/${FRAMEWORK_VERSION}/Resources/Info.plist
   mkdir -p libcurl.framework/${FRAMEWORK_VERSION}/Headers/curl
   cp include/curl/*.h libcurl.framework/${FRAMEWORK_VERSION}/Headers/curl
@@ -121,7 +121,7 @@ if test ! -z $SDK32; then
 
     echo "----Appending 64 bit framework to 32 bit framework..."
     cp lib/.libs/libcurl.dylib libcurl.framework/${FRAMEWORK_VERSION}/libcurl64
-    install_name_tool -id @executable_path/../Frameworks/libcurl.framework/${FRAMEWORK_VERSION}/libcurl libcurl.framework/${FRAMEWORK_VERSION}/libcurl64
+    install_name_tool -id @rpath/libcurl.framework/${FRAMEWORK_VERSION}/libcurl libcurl.framework/${FRAMEWORK_VERSION}/libcurl64
     cp libcurl.framework/${FRAMEWORK_VERSION}/libcurl libcurl.framework/${FRAMEWORK_VERSION}/libcurl32
     pwd
     lipo libcurl.framework/${FRAMEWORK_VERSION}/libcurl32 libcurl.framework/${FRAMEWORK_VERSION}/libcurl64 -create -output libcurl.framework/${FRAMEWORK_VERSION}/libcurl

Makefile.am

@@ -153,7 +153,7 @@ html:
 pdf:
 	cd docs; make pdf
 
-check: test examples
+check: test examples check-docs
 
 if CROSSCOMPILING
 test-full: test
@@ -181,6 +181,9 @@ endif
 examples:
 	@(cd docs/examples; $(MAKE) check)
 
+check-docs:
+	@(cd docs/libcurl; $(MAKE) check)
+
 # This is a hook to have 'make clean' also clean up the docs and the tests
 # dir. The extra check for the Makefiles being present is necessary because
 # 'make distcheck' will make clean first in these directories _before_ it runs

RELEASE-NOTES

@@ -1,89 +1,22 @@
-Curl and libcurl 7.41.0
+Curl and libcurl 7.42.1
 
- Public curl releases:         144
- Command line options:         163
- curl_easy_setopt() options:   209
+ Public curl releases:         146
+ Command line options:         173
+ curl_easy_setopt() options:   216
  Public functions in libcurl:  58
- Contributors:                 1233
-
-This release includes the following changes:
-
- o NetWare build: added TLS-SRP enabled build
- o winbuild: Added option to build with c-ares
- o Added --cert-status [9]
- o Added CURLOPT_SSL_VERIFYSTATUS [10]
- o sasl: implement EXTERNAL authentication mechanism
+ Contributors:                 1265
 
 This release includes the following bugfixes:
 
- o sasl_gssapi: Fixed build on NetBSD with built-in GSS-API [1]
- o FTP: fix IPv6 host using link-local address [2]
- o FTP: if EPSV fails on IPV6 connections, bail out
- o gssapi: Remove need for duplicated GSS_C_NT_HOSTBASED_SERVICE definitions
- o NSS: fix compiler error when built http2-enabled
- o mingw build: allow to pass custom CFLAGS [3]
- o add -m64 CFLAGS when targeting mingw64, add -m32/-m64 to LDFLAGS [4]
- o curl_schannel.c: mark session as removed from cache if not freed [5]
- o Curl_pretransfer: reset expected transfer sizes [6]
- o curl.h: remove extra space [7]
- o curl_endian: Fixed build when 64-bit integers are not supported [8]
- o checksrc.bat: Better detection of Perl installation
- o build-openssl.bat: Added check for Perl installation
- o http_negotiate: Return CURLcode in Curl_input_negotiate() instead of int
- o http_negotiate: Added empty decoded challenge message info text
- o vtls: Removed unimplemented overrides of curlssl_close_all()
- o sasl_gssapi: Fixed memory leak with local SPN variable
- o http_negotiate: Use dynamic buffer for SPN generation
- o ldap: Renamed the CURL_LDAP_WIN definition to USE_WIN32_LDAP
- o openssl: do public key pinning check independently [11]
- o timeval: typecast for better type (on Amiga)
- o ipv6: enclose AF_INET6 uses with proper #ifdefs for ipv6
- o SASL: common URL option and auth capabilities decoders for all protocols
- o BoringSSL: fix build
- o BoringSSL: detected by configure, switches off NTLM
- o openvms: Handle openssl/0.8.9zb version parsing
- o configure: detect libresssl
- o configure: remove detection of the old yassl emulation API
- o curl_setup: Disable SMB/CIFS support when HTTP only
- o imap: remove automatic password setting: it breaks external sasl authentication
- o sasl: remove XOAUTH2 from default enabled authentication mechanism
- o runtests: identify BoringSSL and libressl
- o security: avoid compiler warning
- o ldap: build with BoringSSL
- o des: Added Curl_des_set_odd_parity()
- o CURLOPT_SEEKFUNCTION.3: also when server closes a connection
- o CURLOPT_HTTP_VERSION.3: CURL_HTTP_VERSION_2_0 added in 7.33.0
- o build: Removed unused Visual Studio bscmake settings
- o build: Enabled DEBUGBUILD in Visual Studio debug builds
- o build: Renamed top level Visual Studio solution files
- o build: Removed Visual Studio SuppressStartupBanner directive for VC8+
- o libcurl-symbols: first basic shot for autogenerated docs
- o Makefile.am: fix 'make distcheck'
- o getpass_r: read from stdin, not stdout! [12]
- o getpass: protect include with proper #ifdef
- o opts: CURLOPT_CAINFO availability depends on SSL engine
- o more cleanup of 'CURLcode result' return code 
- o MD4: replace implementation
- o MD5: replace implementation
- o openssl: SSL_SESSION->ssl_version no longer exist [13]
- o md5: use axTLS's own MD5 functions when available
- o schannel: Removed curl_ prefix from source files
- o curl.1: add warning when using -H and redirects
- o curl.1: clarify that -X is used for all requests
- o gskit: Fix exclusive SSLv3 option
- o polarssl: Fix exclusive SSL protocol version options [14]
- o http2: Fix bug that associated stream canceled on PUSH_PROMISE
- o ftp: accept all 2xx responses to the PORT command
- o configure: allow both --with-ca-bundle and --with-ca-path [15]
- o cmake: install the dll file to the correct directory
- o nss: fix NPN/ALPN protocol negotiation
- o polarssl: fix ALPN protocol negotiation
- o cmake: Fix generation of tool_hugehelp.c on windows
- o cmake: fix winsock2 detection on windows
- o gnutls: fix build with HTTP2
- o connect: fix a spurious connect failure on dual-stacked hosts [16]
- o test: test 530 is now less timing dependent
- o telnet: invalid use of custom read function if not set
+ o CURLOPT_HEADEROPT: default to separate [5]
+ o dist: include {src,lib}/checksrc.whitelist [1]
+ o connectionexists: fix build without NTLM [2]
+ o docs: distribute the CURLOPT_PINNEDPUBLICKEY(3) man page, too
+ o curl -z: do not write empty file on unmet condition [3]
+ o openssl: fix serial number output [4]
+ o curl_easy_getinfo.3: document 'internals' in CURLINFO_TLS_SESSION
+ o sws: init http2 state properly
+ o curl.1: fix typo
 
 This release includes the following known bugs:
 
@@ -92,32 +25,17 @@ This release includes the following known bugs:
 This release would not have looked like this without help, code, reports and
 advice from friends like these:
 
-  Alessandro Ghedini, Alexander Peslyak, Ben Boeckel, Brad King, Brad Spencer,
-  Chris Young, Dan Fandrich, Daniel Stenberg, Gisle Vanem, Guenter Knauf,
-  Jean-Francois Durand, Joe Mason, John E. Malmberg, Jon Seymour, Julian Ospald,
-  Kamil Dudka, Kyle J. McKay, Leith Bade, Marc Hoersken, Michael Kaufmann,
-  Michael Wallner, Mohammad AlSaleh, Nick Zitzmann, Patrick Monnerat,
-  Ray Satiro, Rich Burridge, Sam Schanken, Sergei Nikulov, Steve Holme,
-  Tatsuhiro Tsujikawa, Thomas Klausner, Viktor Szakats, Vojtěch Král,
-  Yun SangHo
+  Alessandro Ghedini, Alexander Elgert, Daniel Stenberg, Kamil Dudka,
+  Oren Souroujon, Patrick Rapin, Viktor Szakáts, Yehezkel Horowitz,
+  (8 contributors)
 
         Thanks! (and sorry if I forgot to mention someone)
 
 References to bug reports and discussions on issues:
 
- [1] = http://curl.haxx.se/bug/view.cgi?id=1469
- [2] = http://curl.haxx.se/bug/view.cgi?id=1468
- [3] = https://github.com/bagder/curl/pull/136
- [4] = https://github.com/bagder/curl/pull/134
- [5] = http://curl.haxx.se/mail/lib-2015-01/0036.html
- [6] = http://curl.haxx.se/mail/lib-2015-01/0065.html
- [7] = https://github.com/bagder/curl/pull/137
- [8] = http://curl.haxx.se/mail/lib-2015-01/0094.html
- [9] = http://curl.haxx.se/docs/manpage.html#--cert-status
- [10] = http://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYSTATUS.html
- [11] = http://curl.haxx.se/bug/view.cgi?id=1471
- [12] = http://curl.haxx.se/bug/view.cgi?id=1476
- [13] = http://curl.haxx.se/mail/lib-2015-02/0034.html
- [14] = http://curl.haxx.se/mail/lib-2015-01/0002.html
- [15] = https://github.com/bagder/curl/pull/139
- [16] = https://bugzilla.redhat.com/1187531
+ [1] = http://curl.haxx.se/mail/archive-2015-04/0046.html
+ [2] = http://curl.haxx.se/bug/?i=231
+ [3] = https://github.com/bagder/curl/issues/237
+ [4] = https://github.com/bagder/curl/issues/235
+ [5] = http://curl.haxx.se/docs/adv_20150429.html
+ 

acinclude.m4

@@ -2615,8 +2615,8 @@ AC_HELP_STRING([--without-ca-path], [Don't use a default CA path]),
     capath="no"
   elif test "x$want_capath" != "xno" -a "x$want_capath" != "xunset"; then
     dnl --with-ca-path given
-    if test "x$OPENSSL_ENABLED" != "x1" -a "x$POLARSSL_ENABLED" != "x1"; then
-      AC_MSG_ERROR([--with-ca-path only works with openSSL or PolarSSL])
+    if test "x$OPENSSL_ENABLED" != "x1" -a "x$GNUTLS_ENABLED" != "x1" -a "x$POLARSSL_ENABLED" != "x1"; then
+      AC_MSG_ERROR([--with-ca-path only works with OpenSSL, GnuTLS or PolarSSL])
     fi
     capath="$want_capath"
     ca="no"

configure.ac

@@ -1184,6 +1184,8 @@ AC_ARG_WITH(gssapi,
   fi
 ])
 
+: ${KRB5CONFIG:="$GSSAPI_ROOT/bin/krb5-config"}
+
 save_CPPFLAGS="$CPPFLAGS"
 AC_MSG_CHECKING([if GSS-API support is requested])
 if test x"$want_gss" = xyes; then
@@ -1194,6 +1196,8 @@ if test x"$want_gss" = xyes; then
         GSSAPI_INCS=`$GSSAPI_ROOT/bin/$host_alias-krb5-config --cflags gssapi`
      elif test -f "$GSSAPI_ROOT/bin/krb5-config"; then
         GSSAPI_INCS=`$GSSAPI_ROOT/bin/krb5-config --cflags gssapi`
+     elif test -f "$KRB5CONFIG"; then
+        GSSAPI_INCS=`$KRB5CONFIG --cflags gssapi`
      elif test "$GSSAPI_ROOT" != "yes"; then
         GSSAPI_INCS="-I$GSSAPI_ROOT/include"
      fi
@@ -1283,10 +1287,10 @@ if test x"$want_gss" = xyes; then
            dnl into LIBS
            gss_libs=`$GSSAPI_ROOT/bin/$host_alias-krb5-config --libs gssapi`
            LIBS="$gss_libs $LIBS"
-        elif test -f "$GSSAPI_ROOT/bin/krb5-config"; then
+        elif test -f "$KRB5CONFIG"; then
            dnl krb5-config doesn't have --libs-only-L or similar, put everything
            dnl into LIBS
-           gss_libs=`$GSSAPI_ROOT/bin/krb5-config --libs gssapi`
+           gss_libs=`$KRB5CONFIG --libs gssapi`
            LIBS="$gss_libs $LIBS"
         else
            case $host in
@@ -1451,6 +1455,7 @@ if test "$curl_ssl_msg" = "$init_ssl_msg" && test X"$OPT_SSL" != Xno; then
       SSL_CPPFLAGS=`CURL_EXPORT_PCDIR([$OPENSSL_PCDIR]) dnl
         $PKGCONFIG --cflags-only-I openssl 2>/dev/null`
 
+      AC_SUBST(SSL_LIBS)
       AC_MSG_NOTICE([pkg-config: SSL_LIBS: "$SSL_LIBS"])
       AC_MSG_NOTICE([pkg-config: SSL_LDFLAGS: "$SSL_LDFLAGS"])
       AC_MSG_NOTICE([pkg-config: SSL_CPPFLAGS: "$SSL_CPPFLAGS"])
@@ -1527,7 +1532,7 @@ if test "$curl_ssl_msg" = "$init_ssl_msg" && test X"$OPT_SSL" != Xno; then
 
     else
 
-      dnl Have the libraries--check for SSLeay/OpenSSL headers
+      dnl Have the libraries--check for OpenSSL headers
       AC_CHECK_HEADERS(openssl/x509.h openssl/rsa.h openssl/crypto.h \
                        openssl/pem.h openssl/ssl.h openssl/err.h,
         curl_ssl_msg="enabled (OpenSSL)"
@@ -1551,17 +1556,11 @@ if test "$curl_ssl_msg" = "$init_ssl_msg" && test X"$OPT_SSL" != Xno; then
     fi
 
     if test X"$OPENSSL_ENABLED" = X"1"; then
-       AC_DEFINE(USE_SSLEAY, 1, [if SSL is enabled])
-
        dnl is there a pkcs12.h header present?
        AC_CHECK_HEADERS(openssl/pkcs12.h)
     else
        LIBS="$CLEANLIBS"
     fi
-    dnl USE_SSLEAY is the historical name for what configure calls
-    dnl OPENSSL_ENABLED; the names should really be unified
-    USE_SSLEAY="$OPENSSL_ENABLED"
-    AC_SUBST(USE_SSLEAY)
 
     if test X"$OPT_SSL" != Xoff &&
        test "$OPENSSL_ENABLED" != "1"; then
@@ -1578,8 +1577,10 @@ if test "$curl_ssl_msg" = "$init_ssl_msg" && test X"$OPT_SSL" != Xno; then
                 AC_CHECK_FUNCS( ENGINE_load_builtin_engines )
               ])
 
-    dnl these can only exist if openssl exists
-    dnl Cyassl doesn't have SSL_get_shutdown
+    dnl These can only exist if OpenSSL exists
+    dnl Older versions of Cyassl (some time before 2.9.4) don't have
+    dnl SSL_get_shutdown (but this check won't actually detect it there
+    dnl as it's a macro that needs the header files be included)
     dnl BoringSSL doesn't have DES_set_odd_parity
 
     AC_CHECK_FUNCS( RAND_status \
@@ -1675,8 +1676,8 @@ dnl ---
 if test "$OPENSSL_ENABLED" = "1"; then
   AC_CHECK_LIB(crypto, SRP_Calc_client_key,
    [
-     AC_DEFINE(HAVE_SSLEAY_SRP, 1, [if you have the function SRP_Calc_client_key])
-     AC_SUBST(HAVE_SSLEAY_SRP, [1])
+     AC_DEFINE(HAVE_OPENSSL_SRP, 1, [if you have the function SRP_Calc_client_key])
+     AC_SUBST(HAVE_OPENSSL_SRP, [1])
    ])
 fi
 
@@ -1946,6 +1947,10 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
       OPT_CYASSL=""
     fi
 
+    dnl This should be reworked to use pkg-config instead
+
+    cyassllibname=cyassl
+
     if test -z "$OPT_CYASSL" ; then
       dnl check for lib in system default first
 
@@ -1987,19 +1992,70 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
        [
          CPPFLAGS=$_cppflags
          LDFLAGS=$_ldflags
+         cyassllib=""
        ])
     fi
 
+    addld=""
+    addlib=""
+    addcflags=""
+
+    if test "x$USE_CYASSL" != "xyes"; then
+      dnl libcyassl renamed to libwolfssl as of 3.4.0
+      addld=-L$OPT_CYASSL/lib$libsuff
+      addcflags=-I$OPT_CYASSL/include
+      cyassllib=$OPT_CYASSL/lib$libsuff
+
+      LDFLAGS="$LDFLAGS $addld"
+      if test "$addcflags" != "-I/usr/include"; then
+         CPPFLAGS="$CPPFLAGS $addcflags"
+      fi
+
+      cyassllibname=wolfssl
+      my_ac_save_LIBS="$LIBS"
+      LIBS="-l$cyassllibname -lm $LIBS"
+
+      AC_MSG_CHECKING([for CyaSSL_Init in -lwolfssl])
+      AC_LINK_IFELSE([
+	AC_LANG_PROGRAM([[
+/* These aren't needed for detection and confuse WolfSSL.
+   They are set up properly later if it is detected.  */
+#undef SIZEOF_LONG
+#undef SIZEOF_LONG_LONG
+#include <cyassl/ssl.h>
+	]],[[
+	  return CyaSSL_Init();
+	]])
+      ],[
+         AC_MSG_RESULT(yes)
+         AC_DEFINE(USE_CYASSL, 1, [if CyaSSL is enabled])
+         AC_SUBST(USE_CYASSL, [1])
+         CYASSL_ENABLED=1
+         USE_CYASSL="yes"
+         curl_ssl_msg="enabled (CyaSSL)"
+       ],
+       [
+         AC_MSG_RESULT(no)
+         CPPFLAGS=$_cppflags
+         LDFLAGS=$_ldflags
+         cyassllib=""
+       ])
+      LIBS="$my_ac_save_LIBS"
+    fi
+
     if test "x$USE_CYASSL" = "xyes"; then
       AC_MSG_NOTICE([detected CyaSSL])
 
       dnl cyassl/ctaocrypt/types.h needs SIZEOF_LONG_LONG defined!
       AC_CHECK_SIZEOF(long long)
 
+      dnl Versions since at least 2.6.0 may have options.h
+      AC_CHECK_HEADERS(cyassl/options.h)
+
       dnl Versions since at least 2.9.4 renamed error.h to error-ssl.h
       AC_CHECK_HEADERS(cyassl/error-ssl.h)
 
-      LIBS="-lcyassl -lm $LIBS"
+      LIBS="-l$cyassllibname -lm $LIBS"
 
       if test -n "$cyassllib"; then
         dnl when shared libs were found in a path that the run-time
@@ -2066,57 +2122,73 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
         fi
       fi
     else
-        # Without pkg-config, we'll kludge in some defaults
-        addlib="-L$OPT_NSS/lib -lssl3 -lsmime3 -lnss3 -lplds4 -lplc4 -lnspr4 -lpthread -ldl"
-        addcflags="-I$OPT_NSS/include"
-        version="unknown"
-        nssprefix=$OPT_NSS
-    fi
-
-    if test -n "$addlib"; then
-
-      CLEANLIBS="$LIBS"
-      CLEANCPPFLAGS="$CPPFLAGS"
-
-      LIBS="$addlib $LIBS"
-      if test "$addcflags" != "-I/usr/include"; then
-         CPPFLAGS="$CPPFLAGS $addcflags"
-      fi
-
-      dnl The function SSL_VersionRangeSet() is needed to enable TLS > 1.0
-      AC_CHECK_LIB(nss3, SSL_VersionRangeSet,
-       [
-       AC_DEFINE(USE_NSS, 1, [if NSS is enabled])
-       AC_SUBST(USE_NSS, [1])
-       USE_NSS="yes"
-       NSS_ENABLED=1
-       curl_ssl_msg="enabled (NSS)"
-       ],
-       [
-         LIBS="$CLEANLIBS"
-         CPPFLAGS="$CLEANCPPFLAGS"
-       ])
-
-      if test "x$USE_NSS" = "xyes"; then
-        AC_MSG_NOTICE([detected NSS version $version])
-
-        dnl needed when linking the curl tool without USE_EXPLICIT_LIB_DEPS
-        NSS_LIBS=$addlib
-        AC_SUBST([NSS_LIBS])
-
-        dnl when shared libs were found in a path that the run-time
-        dnl linker doesn't search through, we need to add it to
-        dnl LD_LIBRARY_PATH to prevent further configure tests to fail
-        dnl due to this
-        if test "x$cross_compiling" != "xyes"; then
-          LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$nssprefix/lib$libsuff"
-          export LD_LIBRARY_PATH
-          AC_MSG_NOTICE([Added $nssprefix/lib$libsuff to LD_LIBRARY_PATH])
+      NSS_PCDIR="$OPT_NSS/lib/pkgconfig"
+      if test -f "$NSS_PCDIR/nss.pc"; then
+        CURL_CHECK_PKGCONFIG(nss, [$NSS_PCDIR])
+        if test "$PKGCONFIG" != "no" ; then
+          addld=`CURL_EXPORT_PCDIR([$NSS_PCDIR]) $PKGCONFIG --libs-only-L nss`
+          addlib=`CURL_EXPORT_PCDIR([$NSS_PCDIR]) $PKGCONFIG --libs-only-l nss`
+          addcflags=`CURL_EXPORT_PCDIR([$NSS_PCDIR]) $PKGCONFIG --cflags nss`
+          version=`CURL_EXPORT_PCDIR([$NSS_PCDIR]) $PKGCONFIG --modversion nss`
+          nssprefix=`CURL_EXPORT_PCDIR([$NSS_PCDIR]) $PKGCONFIG --variable=prefix nss`
         fi
       fi
-
     fi
 
+    if test -z "$addlib"; then
+      # Without pkg-config, we'll kludge in some defaults
+      AC_MSG_WARN([Using hard-wired libraries and compilation flags for NSS.])
+      addld="-L$OPT_NSS/lib"
+      addlib="-lssl3 -lsmime3 -lnss3 -lplds4 -lplc4 -lnspr4"
+      addcflags="-I$OPT_NSS/include"
+      version="unknown"
+      nssprefix=$OPT_NSS
+    fi
+
+    CLEANLDFLAGS="$LDFLAGS"
+    CLEANLIBS="$LIBS"
+    CLEANCPPFLAGS="$CPPFLAGS"
+
+    LDFLAGS="$addld $LDFLAGS"
+    LIBS="$addlib $LIBS"
+    if test "$addcflags" != "-I/usr/include"; then
+       CPPFLAGS="$CPPFLAGS $addcflags"
+    fi
+
+    dnl The function SSL_VersionRangeSet() is needed to enable TLS > 1.0
+    AC_CHECK_LIB(nss3, SSL_VersionRangeSet,
+     [
+     AC_DEFINE(USE_NSS, 1, [if NSS is enabled])
+     AC_SUBST(USE_NSS, [1])
+     USE_NSS="yes"
+     NSS_ENABLED=1
+     curl_ssl_msg="enabled (NSS)"
+     ],
+     [
+       LDFLAGS="$CLEANLDFLAGS"
+       LIBS="$CLEANLIBS"
+       CPPFLAGS="$CLEANCPPFLAGS"
+     ])
+
+    if test "x$USE_NSS" = "xyes"; then
+      AC_MSG_NOTICE([detected NSS version $version])
+
+      dnl needed when linking the curl tool without USE_EXPLICIT_LIB_DEPS
+      NSS_LIBS=$addlib
+      AC_SUBST([NSS_LIBS])
+
+      dnl when shared libs were found in a path that the run-time
+      dnl linker doesn't search through, we need to add it to
+      dnl LD_LIBRARY_PATH to prevent further configure tests to fail
+      dnl due to this
+      if test "x$cross_compiling" != "xyes"; then
+        LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$nssprefix/lib$libsuff"
+        export LD_LIBRARY_PATH
+        AC_MSG_NOTICE([Added $nssprefix/lib$libsuff to LD_LIBRARY_PATH])
+      fi
+
+    fi dnl NSS found
+
   fi dnl NSS not disabled
 
 fi dnl curl_ssl_msg = init_ssl_msg
@@ -3271,7 +3343,7 @@ AC_HELP_STRING([--disable-tls-srp],[Disable TLS-SRP authentication]),
        want_tls_srp=yes
 )
 
-if test "$want_tls_srp" = "yes" && ( test "x$HAVE_GNUTLS_SRP" = "x1" || test "x$HAVE_SSLEAY_SRP" = "x1") ; then
+if test "$want_tls_srp" = "yes" && ( test "x$HAVE_GNUTLS_SRP" = "x1" || test "x$HAVE_OPENSSL_SRP" = "x1") ; then
    AC_DEFINE(USE_TLS_SRP, 1, [Use TLS-SRP authentication])
    USE_TLS_SRP=1
    curl_tls_srp_msg="enabled"
@@ -3385,7 +3457,7 @@ dnl For keeping supported features and protocols also in pkg-config file
 dnl since it is more cross-compile friendly than curl-config
 dnl
 
-if test "x$USE_SSLEAY" = "x1"; then
+if test "x$OPENSSL_ENABLED" = "x1"; then
   SUPPORT_FEATURES="$SUPPORT_FEATURES SSL"
 elif test -n "$SSL_ENABLED"; then
   SUPPORT_FEATURES="$SUPPORT_FEATURES SSL"
@@ -3424,7 +3496,7 @@ if test "x$CURL_DISABLE_CRYPTO_AUTH" != "x1" -a \
 fi
 
 if test "x$CURL_DISABLE_CRYPTO_AUTH" != "x1"; then
-  if test "x$USE_SSLEAY" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \
+  if test "x$OPENSSL_ENABLED" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \
       -o "x$GNUTLS_ENABLED" = "x1" -o "x$NSS_ENABLED" = "x1" \
       -o "x$DARWINSSL_ENABLED" = "x1"; then
     SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM"
@@ -3497,7 +3569,7 @@ if test "x$CURL_DISABLE_IMAP" != "x1"; then
 fi
 if test "x$CURL_DISABLE_SMB" != "x1" \
     -a "x$CURL_DISABLE_CRYPTO_AUTH" != "x1" \
-    -a \( "x$USE_SSLEAY" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \
+    -a \( "x$OPENSSL_ENABLED" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \
       -o "x$GNUTLS_ENABLED" = "x1" -o "x$NSS_ENABLED" = "x1" \
       -o "x$DARWINSSL_ENABLED" = "x1" \); then
   SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SMB"

contributors.sh

@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 2013-2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 2013-2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -33,7 +33,8 @@
 start=$1
 
 if test -z "$start"; then
-  echo "Usage: $0 <since this tag/hash>"
+    echo "Usage: $0 <since this tag/hash> [--releasenotes]"
+    exit
 fi
 
 # filter out Author:, Commit: and *by: lines
@@ -59,7 +60,7 @@ if echo "$*" | grep -qw -- '--releasenotes';then
     # grep out the list of names from RELEASE-NOTES
     # split on ", "
     # remove leading white spaces
-grep "^  [^ ]" RELEASE-NOTES| \
+grep "^  [^ \(]" RELEASE-NOTES| \
 sed 's/, */\n/g'| \
 sed 's/^ *//'
 fi

contrithanks.sh

@@ -0,0 +1,57 @@
+#!/bin/sh
+#***************************************************************************
+#                                  _   _ ____  _
+#  Project                     ___| | | |  _ \| |
+#                             / __| | | | |_) | |
+#                            | (__| |_| |  _ <| |___
+#                             \___|\___/|_| \_\_____|
+#
+# Copyright (C) 2013-2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+#
+# This software is licensed as described in the file COPYING, which
+# you should have received as part of this distribution. The terms
+# are also available at http://curl.haxx.se/docs/copyright.html.
+#
+# You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# copies of the Software, and permit persons to whom the Software is
+# furnished to do so, under the terms of the COPYING file.
+#
+# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# KIND, either express or implied.
+#
+###########################################################################
+
+#
+# This script shows all mentioned contributors from <hash> until HEAD and
+# puts them at the end of the THANKS document on stdout
+#
+
+start=$1
+
+if test -z "$start"; then
+  echo "Usage: $0 <since this tag/hash>"
+fi
+
+cat ./docs/THANKS
+
+(
+git log $start..HEAD | \
+egrep -i '(Author|Commit|by):' | \
+cut -d: -f2- | \
+cut '-d<' -f1 | \
+tr , '\012' | \
+sed 's/ and /\n/' | \
+sed -e 's/^ //' -e 's/ $//g'
+
+# grep out the list of names from RELEASE-NOTES
+# split on ", "
+# remove leading white spaces
+grep "^  [^ (]" RELEASE-NOTES| \
+sed 's/, */\n/g'| \
+sed 's/^ *//'
+
+)| \
+sed -f ./docs/THANKS-filter | \
+grep ' ' | \
+sort -fu | \
+grep -xvf ./docs/THANKS 

curl-config.in

@@ -71,7 +71,7 @@ while test $# -gt 0; do
         ;;
 
     --ca)
-        echo "@CURL_CA_BUNDLE@"
+        echo @CURL_CA_BUNDLE@
         ;;
 
     --cc)

docs/BINDINGS

@@ -90,6 +90,11 @@ Guile:
   Written by Michael L. Gran
   http://www.lonelycactus.com/guile-curl.html
 
+Harbour
+
+  Written by Viktor Szakáts
+  https://github.com/vszakats/harbour-core/tree/master/contrib/hbcurl
+
 Haskell
 
   Written by Galois, Inc
@@ -115,7 +120,7 @@ Lua
   luacurl by Alexander Marinov
   http://luacurl.luaforge.net/
 
-  Lua-cURL by J<EFBFBD>rgen H<EFBFBD>tzel
+  Lua-cURL by Jürgen Hötzel
   http://luaforge.net/projects/lua-curl/
 
 Mono
@@ -219,8 +224,8 @@ SPL
 
 Tcl
 
-  Tclcurl by Andr<EFBFBD>s Garc<EFBFBD>a
-  http://personal1.iddeo.es/andresgarci/tclcurl/english/docs.html
+  Tclcurl by Andrés García
+  http://mirror.yellow5.com/tclcurl/
 
 Visual Basic
 

docs/BUGS

@@ -35,11 +35,9 @@ BUGS
   have a go at a solution. You can optionally also post your bug/problem at
   curl's bug tracking system over at
 
-        https://sourceforge.net/p/curl/bugs/
+        https://github.com/bagder/curl/issues
 
-  Please read the rest of this document below first before doing that! Also,
-  you need to login to your sourceforge account before being able to submit a
-  bug report (necessary evil done to avoid spam).
+  Please read the rest of this document below first before doing that!
 
   If you feel you need to ask around first, find a suitable mailing list and
   post there. The lists are available on http://curl.haxx.se/mail/

docs/CONTRIBUTE

@@ -34,7 +34,7 @@
  3.3 How To Make a Patch without git
  3.4 How to get your changes into the main sources
  3.5 Write good commit messages
- 3.6 Please don't send pull requests
+ 3.6 About pull requests
 
 ==============================================================================
 
@@ -52,6 +52,10 @@
 
  We also hang out on IRC in #curl on irc.freenode.net
 
+ If you're at all interested in the code side of things, consider clicking
+ 'watch' on the curl repo at github to get notified on pull requests and new
+ issues posted there.
+
 1.2. License
 
  When contributing with code, you agree to put your changes and new code under
@@ -78,10 +82,10 @@
 
 1.3 What To Read
 
- Source code, the man pages, the INTERNALS document, TODO, KNOWN_BUGS, the
- most recent CHANGES. Just lurking on the curl-library mailing list is gonna
- give you a lot of insights on what's going on right now. Asking there is a
- good idea too.
+ Source code, the man pages, the INTERNALS document, TODO, KNOWN_BUGS and the
+ most recent changes in the git log. Just lurking on the curl-library mailing
+ list is gonna give you a lot of insights on what's going on right now. Asking
+ there is a good idea too.
 
 2. cURL Coding Standards
 
@@ -288,27 +292,15 @@
  and make sure that you have your own user and email setup correctly in git
  before you commit
 
-3.6 Please don't send pull requests
+3.6 About pull requests
 
  With git (and especially github) it is easy and tempting to send a pull
- request to one or more people in the curl project to have changes merged this
- way instead of mailing patches to the curl-library mailing list.
+ request to the curl project to have changes merged this way instead of
+ mailing patches to the curl-library mailing list.
 
- We don't like that. We want them mailed for these reasons:
+ We used to dislike this but we're trying to change that and accept that this
+ is a frictionless way for people to contribute to the project. We now welcome
+ pull requests!
 
- - Peer review. Anyone and everyone on the list can review, comment and
-   improve on the patch. Pull requests limit this ability.
-
- - Anyone can merge the patch into their own trees for testing and those who
-   have push rights can push it to the main repo. It doesn't have to be anyone
-   the patch author knows beforehand.
-
- - Commit messages can be tweaked and changed if merged locally instead of
-   using github. Merges directly on github requires the changes to be perfect
-   already, which they seldom are.
-
- - Merges on github prevents rebases and even enforces --no-ff which is a git
-   style we don't otherwise use in the project
-
- However: once patches have been reviewed and deemed fine on list they are
- perfectly OK to be pulled from a published git tree.
+ We will continue to avoid using github's merge tools to make the history
+ linear and to make sure commits follow our style guidelines.

docs/FAQ

@@ -81,6 +81,7 @@ FAQ
   4.18 file:// URLs containing drive letters (Windows, NetWare)
   4.19 Why doesn't cURL return an error when the network cable is unplugged?
   4.20 curl doesn't return error for HTTP non-200 responses!
+  4.21 Why is there a HTTP/1.1 in my HTTP/2 request?
 
  5. libcurl Issues
   5.1 Is libcurl thread-safe?
@@ -1116,6 +1117,16 @@ FAQ
   You can also use the -w option and the variable %{response_code} to extract
   the exact response code that was return in the response.
 
+  4.21 Why is there a HTTP/1.1 in my HTTP/2 request?
+
+  If you use verbose to see the HTTP request when you send off a HTTP/2
+  request, it will still say 1.1.
+
+  The reason for this is that we first generate the request to send using the
+  old 1.1 style and show that request in the verbose output, and then we
+  convert it over to the binary header-compressed HTTP/2 style. The actual
+  "1.1" part from that request is then not actually used in the transfer. The
+  binary HTTP/2 headers are not human readable.
 
 5. libcurl Issues
 

docs/KNOWN_BUGS

@@ -3,6 +3,15 @@ join in and help us correct one or more of these! Also be sure to check the
 changelog of the current development status, as one or more of these problems
 may have been fixed since this was written!
 
+90. IMAP "SEARCH ALL" truncates output on large boxes. "A quick search of the
+  code reveals that pingpong.c contains some truncation code, at line 408,
+  when it deems the server response to be too large truncating it to 40
+  characters"
+  http://curl.haxx.se/bug/view.cgi?id=1366
+
+89. Disabling HTTP Pipelining when there are ongoing transfers can lead to
+  heap corruption and crash. http://curl.haxx.se/bug/view.cgi?id=1411
+
 88. libcurl doesn't support CURLINFO_FILETIME for SFTP transfers and thus
   curl's -R option also doesn't work then.
 

docs/RELEASE-PROCEDURE

@@ -84,11 +84,12 @@ Coming dates
 Based on the description above, here are some planned release dates (at the
 time of this writing):
 
-- November 5, 2014 (version 7.39.0)
-- December 31, 2014
-- February 25, 2015
+- February 25, 2015 (version 7.41.0)
 - April 22, 2015
 - June 17, 2015
 - August 12, 2015
 - October 7, 2015
 - December 2, 2015
+- January 27, 2016
+- March 23, 2016
+- May 18, 2016

docs/THANKS

@@ -36,10 +36,12 @@ Alex Suykov
 Alex Vinnik
 Alex aka WindEagle
 Alexander Beedie
+Alexander Elgert
 Alexander Klauer
 Alexander Kourakos
 Alexander Krasnostavsky
 Alexander Lazic
+Alexander Pepper
 Alexander Peslyak
 Alexander Zhuravlev
 Alexey Borzov
@@ -176,6 +178,7 @@ Catalin Patulea
 Chad Monroe
 Chandrakant Bagul
 Charles Kerr
+Charles Romestant
 Chen Prog
 Chih-Chung Chang
 Chris "Bob Bob"
@@ -225,6 +228,7 @@ Curt Bogmine
 Cyrill Osterwalder
 Cédric Deltheil
 D. Flinkmann
+Da-Yoon Chung
 Dag Ekengren
 Dagobert Michelsen
 Damian Dixon
@@ -335,6 +339,7 @@ Eldar Zaitov
 Ellis Pritchard
 Elmira A Semenova
 Emanuele Bovisio
+Emil Lerner
 Emil Romanus
 Emiliano Ida
 Enrico Scholz
@@ -440,6 +445,7 @@ Götz Babin-Ebell
 Hamish Mackenzie
 Hang Kin Lau
 Hang Su
+Hanno Böck
 Hanno Kranzhoff
 Hans Steegers
 Hans-Jurgen May
@@ -480,6 +486,7 @@ Immanuel Gregoire
 Ingmar Runge
 Ingo Ralf Blum
 Ingo Wilken
+Isaac Boukris
 Ishan SinghLevett
 Ivo Bellin Salarin
 Jack Zhang
@@ -537,6 +544,7 @@ Jeremy Friesner
 Jeremy Huddleston
 Jeremy Lin
 Jeroen Koekkoek
+Jeroen Ooms
 Jerome Muffat-Meridol
 Jerome Robert
 Jerome Vouillon
@@ -550,6 +558,7 @@ Jim Drash
 Jim Freeman
 Jim Hollinger
 Jim Meyering
+Jiri Dvorak
 Jiri Hruska
 Jiri Jaburek
 Jiri Malak
@@ -578,6 +587,7 @@ John Kelly
 John Lask
 John Lightsey
 John Marino
+John Marshall
 John McGowan
 John P. McCaskey
 John Suprock
@@ -597,6 +607,7 @@ Jonas Schnelli
 Jonatan Lander
 Jonatan Vela
 Jonathan Cardoso Machado
+Jonathan Cardoso Machado Machado
 Jonathan Hseu
 Jonathan Nieder
 Jongki Suwandi
@@ -747,6 +758,7 @@ Mark Salisbury
 Mark Snelling
 Mark Tully
 Markus Duft
+Markus Elfring
 Markus Koetter
 Markus Moeller
 Markus Oberhumer
@@ -775,6 +787,7 @@ Matt Wixson
 Matteo Rocco
 Matthew Blain
 Matthew Clarke
+Matthew Hall
 Matthias Bolte
 Maurice Barnum
 Mauro Iorio
@@ -800,12 +813,14 @@ Michael Mealling
 Michael Mueller
 Michael Osipov
 Michael Smith
+Michael Stapelberg
 Michael Stillwell
 Michael Wallner
 Michal Bonino
 Michal Marek
 Michał Górny
 Michał Kowalczyk
+Michel Promonet
 Michele Bini
 Miguel Angel
 Miguel Diaz
@@ -829,6 +844,7 @@ Mitz Wark
 Mohamed Lrhazi
 Mohammad AlSaleh
 Mohun Biswas
+Mostyn Bramley-Moore
 Myk Taylor
 Nach M. S.
 Nagai H
@@ -870,6 +886,7 @@ Oliver Gondža
 Oliver Kuckertz
 Oliver Schindler
 Olivier Berger
+Oren Souroujon
 Oren Tirosh
 Ori Avtalion
 Oscar Koeroo
@@ -886,6 +903,7 @@ Patricia Muscalu
 Patrick Bihan-Faou
 Patrick McManus
 Patrick Monnerat
+Patrick Rapin
 Patrick Scott
 Patrick Smith
 Patrick Watson
@@ -914,6 +932,7 @@ Peter Heuchert
 Peter Hjalmarsson
 Peter Korsgaard
 Peter Lamberg
+Peter Laser
 Peter O'Gorman
 Peter Pentchev
 Peter Silva
@@ -1085,6 +1104,7 @@ Stadler Stephan
 Stan van de Burgt
 Stanislav Ivochkin
 Stefan Bühler
+Stefan Eissing
 Stefan Esser
 Stefan Krause
 Stefan Neis
@@ -1099,6 +1119,7 @@ Stephen More
 Sterling Hughes
 Steve Green
 Steve H Truong
+Steve Havelka
 Steve Holme
 Steve Lhomme
 Steve Little
@@ -1129,6 +1150,7 @@ Thomas J. Moore
 Thomas Klausner
 Thomas L. Shinnick
 Thomas Lopatic
+Thomas Ruecker
 Thomas Schwinge
 Thomas Tonino
 Tiit Pikma
@@ -1148,6 +1170,7 @@ Timo Sirainen
 Tinus van den Berg
 Tobias Markus
 Tobias Rundström
+Tobias Stoeckmann
 Toby Peterson
 Todd A Ouska
 Todd Kulesza
@@ -1227,6 +1250,7 @@ Wouter Van Rooy
 Wu Yongzheng
 Xavier Bouchoux
 Yaakov Selkowitz
+Yamada Yasuharu
 Yang Tse
 Yarram Sunil
 Yasuharu Yamada

docs/THANKS-filter

@@ -33,7 +33,8 @@ s/Nick Zitzmann (originally)/Nick Zitzmann/
 s/product-security at Apple//
 s/IT DOES NOT WORK//
 s/Albert Chin/Albert Chin-A-Young/
-s/Paras S/Paras Sethia/
+s/Paras S\z/Paras Sethia/
+s/Paras Sethiaethia/Paras Sethia/
 s/Дмитрий Фалько/Dmitry Falko/
 s/byte_bucket in the #curl IRC channel//
 s/Michal Górny and Anthony G. Basile//
@@ -47,3 +48,4 @@ s/Rodrigo Silva (MestreLion)/Rodrigo Silva/
 s/tetetest tetetest//
 s/Jiří Hruška/Jiri Hruska/
 s/Viktor Szakats/Viktor Szakáts/
+s/Jonathan Cardoso/Jonathan Cardoso Machado/

docs/TODO

@@ -9,6 +9,11 @@
  Things to do in project cURL. Please tell us what you think, contribute and
  send us patches that improve things!
 
+ Be aware that these are things that we could do, or have once been considered
+ things we could do. If you want to work on any of these areas, please
+ consider bringing it up for discussions first on the mailing list so that we
+ all agree it is still a good idea for the project!
+
  All bugs documented in the KNOWN_BUGS document are subject for fixing!
 
  1. libcurl
@@ -103,6 +108,9 @@
  17.4 simultaneous parallel transfers
  17.5 provide formpost headers
  17.6 warning when setting an option
+ 17.7 warning when sending binary output to terminal
+ 17.8 offer color-coded HTTP header output
+ 17.9 Choose the name of file in braces for complex URLs
 
  18. Build
  18.1 roffit
@@ -595,6 +603,30 @@ Currently the SMB authentication uses NTLMv1.
   This can be useful to tell when support for a particular feature hasn't been
   compiled into the library.
 
+17.7 warning when sending binary output to terminal
+
+  Provide a way that prompts the user for confirmation before binary data is
+  sent to the terminal, much in the style 'less' does it.
+
+17.8 offer color-coded HTTP header output
+
+  By offering different color output on the header name and the header
+  contents, they could be made more readable and thus help users working on
+  HTTP services.
+
+17.9 Choose the name of file in braces for complex URLs
+
+  When using braces to download a list of URLs and you use complicated names
+  in the list of alternatives, it could be handy to allow curl to use other
+  names when saving.
+
+  Consider a way to offer that. Possibly like
+  {partURL1:name1,partURL2:name2,partURL3:name3} where the name following the
+  colon is the output name.
+
+  See https://github.com/bagder/curl/issues/221
+
+
 18. Build
 
 18.1 roffit

docs/TheArtOfHttpScripting

@@ -22,6 +22,8 @@ The Art Of Scripting HTTP Requests Using Curl
  3. Fetch a page
  3.1 GET
  3.2 HEAD
+ 3.3 Multiple URLs in a single command line
+ 3.4 Multiple HTTP methods in a single command line
  4. HTML forms
  4.1 Forms explained
  4.2 GET
@@ -135,7 +137,7 @@ The Art Of Scripting HTTP Requests Using Curl
  The Uniform Resource Locator format is how you specify the address of a
  particular resource on the Internet. You know these, you've seen URLs like
  http://curl.haxx.se or https://yourbank.com a million times. RFC 3986 is the
- canonical spec.
+ canonical spec. And yeah, the formal name is not URL, it is URI.
 
  2.2 Host
 
@@ -192,7 +194,6 @@ The Art Of Scripting HTTP Requests Using Curl
  the associated response. The path is what is to the right side of the slash
  that follows the host name and possibly port number.
 
-
 3. Fetch a page
 
  3.1 GET
@@ -223,6 +224,46 @@ The Art Of Scripting HTTP Requests Using Curl
  may see a Content-Length: in the response headers, but there must not be an
  actual body in the HEAD response.
 
+ 3.3 Multiple URLs in a single command line
+
+ A single curl command line may involve one or many URLs. The most common case
+ is probably to just use one, but you can specify any amount of URLs. Yes
+ any. No limits. You'll then get requests repeated over and over for all the
+ given URLs.
+
+ Example, send two GETs:
+
+    curl http://url1.example.com http://url2.example.com
+
+ If you use --data to POST to the URL, using multiple URLs means that you send
+ that same POST to all the given URLs.
+
+ Example, send two POSTs:
+
+    curl --data name=curl http://url1.example.com http://url2.example.com
+
+
+ 3.4 Multiple HTTP methods in a single command line
+
+ Sometimes you need to operate on several URLs in a single command line and do
+ different HTTP methods on each. For this, you'll enjoy the --next option. It
+ is basically a separator that separates a bunch of options from the next. All
+ the URLs before --next will get the same method and will get all the POST
+ data merged into one.
+
+ When curl reaches the --next on the command line, it'll sort of reset the
+ method and the POST data and allow a new set.
+
+ Perhaps this is best shown with a few examples. To send first a HEAD and then
+ a GET:
+
+   curl -I http://example.com --next http://example.com
+
+ To first send a POST and then a GET:
+
+   curl -d score=10 http://example.com/post.cgi --next http://example.com/results.html
+
+
 4. HTML forms
 
  4.1 Forms explained
@@ -301,6 +342,10 @@ The Art Of Scripting HTTP Requests Using Curl
 
         curl --data-urlencode "name=I am Daniel" http://www.example.com
 
+  If you repeat --data several times on the command line, curl will
+  concatenate all the given data pieces - and put a '&' symbol between each
+  data segment.
+
  4.4 File Upload POST
 
   Back in late 1995 they defined an additional way to post data over HTTP. It
@@ -585,6 +630,12 @@ The Art Of Scripting HTTP Requests Using Curl
 
         http://curl.haxx.se/docs/sslcerts.html
 
+  At times you may end up with your own CA cert store and then you can tell
+  curl to use that to verify the server's certificate:
+
+        curl --cacert ca-bundle.pem https://example.com/
+
+
 11. Custom Request Elements
 
 11.1 Modify method and headers
@@ -693,7 +744,7 @@ The Art Of Scripting HTTP Requests Using Curl
 
  14.1 Standards
 
- RFC 2616 is a must to read if you want in-depth understanding of the HTTP
+ RFC 7230 is a must to read if you want in-depth understanding of the HTTP
  protocol
 
  RFC 3986 explains the URL syntax

docs/curl.1

@@ -562,6 +562,16 @@ or no response at all is received, the verification fails.
 
 This is currently only implemented in the OpenSSL, GnuTLS and NSS backends.
 (Added in 7.41.0)
+.IP "--false-start"
+
+(SSL) Tells curl to use false start during the TLS handshake. False start is a
+mode where a TLS client will start sending application data before verifying
+the server's Finished message, thus saving a round trip when performing a full
+handshake.
+
+This is currently only implemented in the NSS and Secure Transport (on iOS 7.0
+or later, or OS X 10.9 or later) backends.
+(Added in 7.42.0)
 .IP "-f, --fail"
 (HTTP) Fail silently (no output at all) on server errors. This is mostly done
 to better enable scripts etc to better deal with failed attempts. In normal
@@ -1225,6 +1235,12 @@ available.
 (SSL/SSH) Passphrase for the private key
 
 If this option is used several times, the last one will be used.
+.IP "--path-as-is"
+Tell curl to not handle sequences of /../ or /./ in the given URL
+path. Normally curl will squash or merge them according to standards but with
+this option set you tell it not to do that.
+
+(Added in 7.42.0)
 .IP "--post301"
 (HTTP) Tells curl to respect RFC 2616/10.3.2 and not convert POST requests
 into GET requests when following a 301 redirection. The non-RFC behaviour is
@@ -1692,7 +1708,7 @@ impossible to use a colon in the user name with this option. The password can,
 still.
 
 When using Kerberos V5 with a Windows based server you should include the
-Windows domain name in the user name, in order for the server to succesfully
+Windows domain name in the user name, in order for the server to successfully
 obtain a Kerberos Ticket. If you don't then the initial authentication
 handshake may fail.
 
@@ -1914,10 +1930,10 @@ alter the way curl behaves. So for example if you want to make a proper HEAD
 request, using -X HEAD will not suffice. You need to use the \fI-I, --head\fP
 option.
 
-The the method string you set with -X will be used for all requests, which if
-you for example use \fB-L, --location\fP may cause unintended side-effects
-when curl doesn't change request method according to the HTTP 30x response
-codes - and similar.
+The method string you set with -X will be used for all requests, which if you
+for example use \fB-L, --location\fP may cause unintended side-effects when
+curl doesn't change request method according to the HTTP 30x response codes -
+and similar.
 
 (FTP)
 Specifies a custom FTP command to use instead of LIST when doing file lists

docs/examples/fopen.c

@@ -210,9 +210,7 @@ static int use_buffer(URL_FILE *file,int want)
   /* sort out buffer */
   if((file->buffer_pos - want) <=0) {
     /* ditch buffer - write will recreate */
-    if(file->buffer)
-      free(file->buffer);
-
+    free(file->buffer);
     file->buffer=NULL;
     file->buffer_pos=0;
     file->buffer_len=0;
@@ -302,9 +300,7 @@ int url_fclose(URL_FILE *file)
     break;
   }
 
-  if(file->buffer)
-    free(file->buffer);/* free any allocated buffer space */
-
+  free(file->buffer);/* free any allocated buffer space */
   free(file);
 
   return ret;
@@ -435,9 +431,7 @@ void url_rewind(URL_FILE *file)
     curl_multi_add_handle(multi_handle, file->handle.curl);
 
     /* ditch buffer - write will recreate - resets stream pos*/
-    if(file->buffer)
-      free(file->buffer);
-
+    free(file->buffer);
     file->buffer=NULL;
     file->buffer_pos=0;
     file->buffer_len=0;

docs/examples/getinmemory.c

@@ -106,8 +106,7 @@ int main(void)
   /* cleanup curl stuff */
   curl_easy_cleanup(curl_handle);
 
-  if(chunk.memory)
-    free(chunk.memory);
+  free(chunk.memory);
 
   /* we're done with libcurl, so clean it up */
   curl_global_cleanup();

docs/examples/postinmemory.c

@@ -101,8 +101,7 @@ int main(void)
     /* always cleanup */
     curl_easy_cleanup(curl);
 
-    if(chunk.memory)
-      free(chunk.memory);
+    free(chunk.memory);
 
     /* we're done with libcurl, so clean it up */
     curl_global_cleanup();

docs/libcurl/Makefile.am

@@ -85,7 +85,7 @@ PDFPAGES = curl_easy_cleanup.pdf curl_easy_getinfo.pdf			 \
 m4macrodir = $(datadir)/aclocal
 dist_m4macro_DATA = libcurl.m4
 
-CLEANFILES = $(HTMLPAGES) $(PDFPAGES)
+CLEANFILES = $(HTMLPAGES) $(PDFPAGES) $(TESTS) libcurl-symbols.3
 
 EXTRA_DIST = $(man_MANS) $(HTMLPAGES) index.html $(PDFPAGES) ABI \
   symbols-in-versions symbols.pl mksymbolsmanpage.pl
@@ -94,7 +94,7 @@ MAN2HTML= roffit --mandir=. < $< >$@
 SUFFIXES = .3 .html
 
 libcurl-symbols.3: $(srcdir)/symbols-in-versions $(srcdir)/mksymbolsmanpage.pl
-	perl $(srcdir)/mksymbolsmanpage.pl < $< > $@
+	perl $(srcdir)/mksymbolsmanpage.pl < $(srcdir)/symbols-in-versions > $@
 
 html: $(HTMLPAGES)
 	cd opts; make html
@@ -111,3 +111,17 @@ pdf: $(PDFPAGES)
 	ps2pdf $$foo.ps $@; \
 	rm $$foo.ps; \
 	echo "converted $< to $@")
+
+# Make sure each option man page is referenced in the main man page
+TESTS = check-easy check-multi
+LOG_COMPILER = $(PERL)
+# The test fails if the log file contains any text
+AM_LOG_FLAGS = -p -e 'die "$$_" if ($$_);'
+
+check-easy: $(srcdir)/curl_easy_setopt.3 $(srcdir)/opts/CURLOPT*.3
+	OPTS="$$(ls $(srcdir)/opts/CURLOPT*.3 | $(SED) -e 's,^.*/,,' -e 's,\.3$$,,')" && \
+	for opt in $$OPTS; do grep "^\.IP $$opt$$" $(srcdir)/curl_easy_setopt.3 >/dev/null || echo Missing $$opt; done > $@
+
+check-multi: $(srcdir)/curl_multi_setopt.3 $(srcdir)/opts/CURLMOPT*.3
+	OPTS="$$(ls $(srcdir)/opts/CURLMOPT*.3 | $(SED) -e 's,^.*/,,' -e 's,\.3$$,,')" && \
+	for opt in $$OPTS; do grep "^\.IP $$opt$$" $(srcdir)/curl_multi_setopt.3 >/dev/null || echo Missing $$opt; done > $@

docs/libcurl/curl_easy_getinfo.3

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -236,6 +236,26 @@ option may not be available for all SSL backends; unsupported SSL backends
 will return 'CURLSSLBACKEND_NONE' to indicate that they are not supported;
 this does not mean that no SSL backend was used. (Added in 7.34.0)
 
+.nf
+struct curl_tlssessioninfo {
+  curl_sslbackend backend;
+  void *internals;
+};
+.fi
+
+The \fIinternals\fP struct member will point to a TLS library specific pointer
+with the following underlying types:
+.RS
+.IP OpenSSL
+SSL_CTX *
+.IP GnuTLS
+gnutls_session_t
+.IP NSS
+PRFileDesc *
+.IP gskit
+gsk_handle
+.RE
+
 .IP CURLINFO_CONDITION_UNMET
 Pass a pointer to a long to receive the number 1 if the condition provided in
 the previous request didn't match (see \fICURLOPT_TIMECONDITION(3)\fP). Alas,

docs/libcurl/curl_easy_perform.3

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -66,7 +66,7 @@ if(curl) {
   curl_easy_setopt(curl, CURLOPT_URL, "http://example.com");
   res = curl_easy_perform(curl);
   curl_easy_cleanup(curl);
-}}
+}
 .fi
 .SH "SEE ALSO"
 .BR curl_easy_init "(3), " curl_easy_setopt "(3), "

docs/libcurl/curl_easy_recv.3

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -42,8 +42,9 @@ buffer. The variable \fBn\fP points to will receive the number of received
 bytes.
 
 To establish the connection, set \fBCURLOPT_CONNECT_ONLY(3)\fP option before
-calling \fIcurl_easy_perform(3)\fP. Note that \fIcurl_easy_recv(3)\fP does not
-work on connections that were created without this option.
+calling \fIcurl_easy_perform(3)\fP or \cIcurl_multi_perform(3)\fP. Note that
+\fIcurl_easy_recv(3)\fP does not work on connections that were created without
+this option.
 
 You must ensure that the socket has data to read before calling
 \fIcurl_easy_recv(3)\fP, otherwise the call will return \fBCURLE_AGAIN\fP -

docs/libcurl/curl_easy_send.3

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -40,8 +40,9 @@ connection set-up.
 The variable \fBn\fP points to will receive the number of sent bytes.
 
 To establish the connection, set \fBCURLOPT_CONNECT_ONLY(3)\fP option before
-calling \fIcurl_easy_perform(3)\fP. Note that \fIcurl_easy_send(3)\fP will not
-work on connections that were created without this option.
+calling \fIcurl_easy_perform(3)\fP or \fIcurl_multi_perform()\fP. Note that
+\fIcurl_easy_send(3)\fP will not work on connections that were created without
+this option.
 
 You must ensure that the socket is writable before calling
 \fIcurl_easy_send(3)\fP, otherwise the call will return \fBCURLE_AGAIN\fP -

docs/libcurl/curl_easy_setopt.3

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -145,6 +145,8 @@ Fail on HTTP 4xx errors. \fICURLOPT_FAILONERROR(3)\fP
 .SH NETWORK OPTIONS
 .IP CURLOPT_URL
 URL to work on. See \fICURLOPT_URL(3)\fP
+.IP CURLOPT_PATH_AS_IS
+Disable squashing /../ and /./ sequences in the path. See \fICURLOPT_PATH_AS_IS(3)\fP
 .IP CURLOPT_PROTOCOLS
 Allowed protocols. See \fICURLOPT_PROTOCOLS(3)\fP
 .IP CURLOPT_REDIR_PROTOCOLS
@@ -214,6 +216,8 @@ HTTP server authentication methods. See \fICURLOPT_HTTPAUTH(3)\fP
 TLS authentication user name. See \fICURLOPT_TLSAUTH_USERNAME(3)\fP
 .IP CURLOPT_TLSAUTH_PASSWORD
 TLS authentication password. See \fICURLOPT_TLSAUTH_PASSWORD(3)\fP
+.IP CURLOPT_TLSAUTH_TYPE
+TLS authentication methods. See \fICURLOPT_TLSAUTH_TYPE(3)\fP
 .IP CURLOPT_PROXYAUTH
 HTTP proxy authentication methods. See \fICURLOPT_PROXYAUTH(3)\fP
 .IP CURLOPT_SASL_IR
@@ -411,6 +415,8 @@ Bind name resolves to this interface. See \fICURLOPT_DNS_INTERFACE(3)\fP
 Bind name resolves to this IP4 address. See \fICURLOPT_DNS_LOCAL_IP4(3)\fP
 .IP CURLOPT_DNS_LOCAL_IP6
 Bind name resolves to this IP6 address. See \fICURLOPT_DNS_LOCAL_IP6(3)\fP
+.IP CURLOPT_DNS_SERVERS
+Preferred DNS servers. See \fICURLOPT_DNS_SERVERS(3)\fP
 .IP CURLOPT_ACCEPTTIMEOUT_MS
 Timeout for waiting for the server's connect back to be accepted. See \fICURLOPT_ACCEPTTIMEOUT_MS(3)\fP
 .SH SSL and SECURITY OPTIONS
@@ -432,10 +438,16 @@ Enable use of NPN. See \fICURLOPT_SSL_ENABLE_NPN(3)\fP
 Use identifier with SSL engine. See \fICURLOPT_SSLENGINE(3)\fP
 .IP CURLOPT_SSLENGINE_DEFAULT
 Default SSL engine. See \fICURLOPT_SSLENGINE_DEFAULT(3)\fP
+.IP CURLOPT_SSL_FALSESTART
+Enable TLS False Start. See \fICURLOPT_SSL_FALSESTART(3)\fP
 .IP CURLOPT_SSLVERSION
 SSL version to use. See \fICURLOPT_SSLVERSION(3)\fP
+.IP CURLOPT_SSL_VERIFYHOST
+Verify the host name in the SSL certificate. See \fICURLOPT_SSL_VERIFYHOST(3)\fP
 .IP CURLOPT_SSL_VERIFYPEER
 Verify the SSL certificate. See \fICURLOPT_SSL_VERIFYPEER(3)\fP
+.IP CURLOPT_SSL_VERIFYSTATUS
+Verify the SSL certificate's status. See \fICURLOPT_SSL_VERIFYSTATUS(3)\fP
 .IP CURLOPT_CAINFO
 CA cert bundle. See \fICURLOPT_CAINFO(3)\fP
 .IP CURLOPT_ISSUERCERT
@@ -444,8 +456,6 @@ Issuer certificate. See \fICURLOPT_ISSUERCERT(3)\fP
 Path to CA cert bundle. See \fICURLOPT_CAPATH(3)\fP
 .IP CURLOPT_CRLFILE
 Certificate Revocation List. See \fICURLOPT_CRLFILE(3)\fP
-.IP CURLOPT_SSL_VERIFYHOST
-Verify the host name in the SSL certificate. See \fICURLOPT_SSL_VERIFYHOST(3)\fP
 .IP CURLOPT_CERTINFO
 Extract certificate info. See \fICURLOPT_CERTINFO(3)\fP
 .IP CURLOPT_PINNEDPUBLICKEY

docs/libcurl/curl_multi_setopt.3

@@ -47,6 +47,8 @@ See \fICURLMOPT_PIPELINING(3)\fP
 See \fICURLMOPT_TIMERFUNCTION(3)\fP
 .IP CURLMOPT_TIMERDATA
 See \fICURLMOPT_TIMERDATA(3)\fP
+.IP CURLMOPT_MAXCONNECTS
+See \fICURLMOPT_MAXCONNECTS(3)\fP
 .IP CURLMOPT_MAX_HOST_CONNECTIONS
 See \fICURLMOPT_MAX_HOST_CONNECTIONS(3)\fP
 .IP CURLMOPT_MAX_PIPELINE_LENGTH

docs/libcurl/curl_version_info.3

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -57,7 +57,7 @@ typedef struct {
   char *ssl_version;        /* human readable string */
   long ssl_version_num;     /* not used, always zero */
   const char *libz_version; /* human readable string */
-  const char **protocols;   /* list of protocols */
+  const char * const *protocols; /* protocols */
 
   /* when 'age' is 1 or higher, the members below also exist: */
   const char *ares;         /* human readable string */

docs/libcurl/mksymbolsmanpage.pl

@@ -1,4 +1,25 @@
 #!/usr/bin/perl
+# ***************************************************************************
+# *                                  _   _ ____  _
+# *  Project                     ___| | | |  _ \| |
+# *                             / __| | | | |_) | |
+# *                            | (__| |_| |  _ <| |___
+# *                             \___|\___/|_| \_\_____|
+# *
+# * Copyright (C) 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+# *
+# * This software is licensed as described in the file COPYING, which
+# * you should have received as part of this distribution. The terms
+# * are also available at http://curl.haxx.se/docs/copyright.html.
+# *
+# * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# * copies of the Software, and permit persons to whom the Software is
+# * furnished to do so, under the terms of the COPYING file.
+# *
+# * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# * KIND, either express or implied.
+# *
+# ***************************************************************************
 
 my $version="7.41.0";
 
@@ -7,30 +28,30 @@ my $date = strftime "%b %e, %Y", localtime;
 my $year = strftime "%Y", localtime;
 
 print <<HEADER
-.\" **************************************************************************
-.\" *                                  _   _ ____  _
-.\" *  Project                     ___| | | |  _ \| |
-.\" *                             / __| | | | |_) | |
-.\" *                            | (__| |_| |  _ <| |___
-.\" *                             \___|\___/|_| \_\_____|
-.\" *
-.\" * Copyright (C) 1998 - $year, Daniel Stenberg, <daniel\@haxx.se>, et al.
-.\" *
-.\" * This software is licensed as described in the file COPYING, which
-.\" * you should have received as part of this distribution. The terms
-.\" * are also available at http://curl.haxx.se/docs/copyright.html.
-.\" *
-.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell
-.\" * copies of the Software, and permit persons to whom the Software is
-.\" * furnished to do so, under the terms of the COPYING file.
-.\" *
-.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
-.\" * KIND, either express or implied.
-.\" *
-.\" **************************************************************************
+.\\" **************************************************************************
+.\\" *                                  _   _ ____  _
+.\\" *  Project                     ___| | | |  _ \\| |
+.\\" *                             / __| | | | |_) | |
+.\\" *                            | (__| |_| |  _ <| |___
+.\\" *                             \\___|\\___/|_| \\_\\_____|
+.\\" *
+.\\" * Copyright (C) 1998 - $year, Daniel Stenberg, <daniel\@haxx.se>, et al.
+.\\" *
+.\\" * This software is licensed as described in the file COPYING, which
+.\\" * you should have received as part of this distribution. The terms
+.\\" * are also available at http://curl.haxx.se/docs/copyright.html.
+.\\" *
+.\\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+.\\" * copies of the Software, and permit persons to whom the Software is
+.\\" * furnished to do so, under the terms of the COPYING file.
+.\\" *
+.\\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+.\\" * KIND, either express or implied.
+.\\" *
+.\\" **************************************************************************
 .TH libcurl-symbols 3 "$date" "libcurl $version" "libcurl symbols"
 .SH NAME
-libcurl-symbols \- libcurl symbol version information
+libcurl-symbols \\- libcurl symbol version information
 .SH "libcurl symbols"
 This man page details version information for public symbols provided in the
 libcurl header files. This lists the first version in which the symbol was

docs/libcurl/opts/CURLMOPT_PIPELINING_SERVER_BL.3

@@ -50,7 +50,7 @@ The default value is NULL, which means that there is no blacklist.
     NULL
   };
 
-  curl_multi_setopt(m, CURLMOPT_PIPELINE_SERVER_BL, server_blacklist);
+  curl_multi_setopt(m, CURLMOPT_PIPELINING_SERVER_BL, server_blacklist);
 .fi
 .SH AVAILABILITY
 Added in 7.30.0

docs/libcurl/opts/CURLMOPT_PIPELINING_SITE_BL.3

@@ -46,7 +46,7 @@ HTTP(S)
     NULL
   };
 
-  curl_multi_setopt(m, CURLMOPT_PIPELINE_SITE_BL, site_blacklist);
+  curl_multi_setopt(m, CURLMOPT_PIPELINING_SITE_BL, site_blacklist);
 .fi
 .SH AVAILABILITY
 Added in 7.30.0

docs/libcurl/opts/CURLMOPT_TIMERFUNCTION.3

@@ -36,14 +36,21 @@ CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_TIMERFUNCTION, timer_callbac
 Pass a pointer to your callback function, which should match the prototype
 shown above.
 
-This callback function will be called when the timeout value changes. The
-\fBtimeout_ms\fP value is at what latest time the application should call one
-of the \&"performing" functions of the multi interface
-(\fIcurl_multi_socket_action(3)\fP and \fIcurl_multi_perform(3)\fP) - to allow
-libcurl to keep timeouts and retries etc to work. A \fBtimeout_ms\fP value of
--1 means that there is no timeout at all, and 0 means that the timeout is
-already expired. libcurl attempts to limit calling this only when the fixed
-future timeout time actually changes.
+Certain features, such as timeouts and retries, require you to call libcurl
+even when there is no activity on the file descriptors.
+
+Your callback function \fBtimer_callback\fP should install a non-repeating
+timer with an interval of \fBtimeout_ms\fP. Each time that timer fires, call
+either \fIcurl_multi_socket_action(3)\fP or \fIcurl_multi_perform(3)\fP,
+depending on which interface you use.
+
+A \fBtimeout_ms\fP value of -1 means you should delete your timer.
+
+A \fBtimeout_ms\fP value of 0 means you should call
+\fIcurl_multi_socket_action(3)\fP or \fIcurl_multi_perform(3)\fP (once) as soon
+as possible.
+
+\fBtimer_callback\fP will only be called when the \fBtimeout_ms\fP changes.
 
 The \fBuserp\fP pointer is set with \fICURLMOPT_TIMERDATA(3)\fP.
 
@@ -54,7 +61,38 @@ NULL
 .SH PROTOCOLS
 All
 .SH EXAMPLE
-TODO
+.nf
+static gboolean timeout_cb(gpointer user_data) {
+    if (user_data) {
+        g_free(user_data);
+        curl_multi_setopt(curl_handle, CURLMOPT_TIMERDATA, NULL);
+    }
+    int running;
+    curl_multi_socket_action(multi, CURL_SOCKET_TIMEOUT, 0, &running);
+    return G_SOURCE_REMOVE;
+}
+
+static int timerfunc(CURLM *multi, long timeout_ms, void *userp) {
+    guint *id = userp;
+
+    if (id)
+        g_source_remove(*id);
+
+    // -1 means we should just delete our timer.
+    if (timeout_ms == -1) {
+        g_free(id);
+        id = NULL;
+    } else {
+        if (!id)
+            id = g_new(guint, 1);
+        *id = g_timeout_add(timeout_ms, timeout_cb, id);
+    }
+    curl_multi_setopt(multi, CURLMOPT_TIMERDATA, id);
+    return 0;
+}
+
+curl_multi_setopt(multi, CURLMOPT_TIMERFUNCTION, timerfunc);
+.fi
 .SH AVAILABILITY
 Added in 7.16.0
 .SH RETURN VALUE

docs/libcurl/opts/CURLOPT_CAPATH.3

@@ -43,9 +43,8 @@ All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
 .SH EXAMPLE
 TODO
 .SH AVAILABILITY
-This option is OpenSSL-specific and does nothing if libcurl is built to use
-GnuTLS. NSS-powered libcurl provides the option only for backward
-compatibility.
+This option is supported by the OpenSSL, GnuTLS and PolarSSL backends. The NSS
+backend provides the option only for backward compatibility.
 .SH RETURN VALUE
 Returns CURLE_OK if TLS enabled, and CURLE_UNKNOWN_OPTION if not, or
 CURLE_OUT_OF_MEMORY if there was insufficient heap space.

docs/libcurl/opts/CURLOPT_CERTINFO.3

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -29,11 +29,10 @@ CURLOPT_CERTINFO \- request SSL certificate information
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_CERTINFO, long certinfo);
 .SH DESCRIPTION
 Pass a long set to 1 to enable libcurl's certificate chain info gatherer. With
-this enabled, libcurl (if built with OpenSSL, NSS or GSKit) will
-extract lots of information and data about the certificates in the certificate
-chain used in the SSL connection. This data may then be retrieved after a
-transfer using \fIcurl_easy_getinfo(3)\fP and its option
-\fICURLINFO_CERTINFO\fP.
+this enabled, libcurl will extract lots of information and data about the
+certificates in the certificate chain used in the SSL connection. This data may
+then be retrieved after a transfer using \fIcurl_easy_getinfo(3)\fP and its
+option \fICURLINFO_CERTINFO\fP.
 .SH DEFAULT
 0
 .SH PROTOCOLS
@@ -41,7 +40,7 @@ All TLS-based
 .SH EXAMPLE
 TODO
 .SH AVAILABILITY
-Added in 7.19.1
+This option is supported by the OpenSSL, GnuTLS, NSS and GSKit backends.
 .SH RETURN VALUE
 Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.
 .SH "SEE ALSO"

docs/libcurl/opts/CURLOPT_CONNECTTIMEOUT.3

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -41,7 +41,17 @@ In unix-like systems, this might cause signals to be used unless
 .SH PROTOCOLS
 All
 .SH EXAMPLE
-TODO
+.nf
+CURL *curl = curl_easy_init();
+if(curl) {
+  curl_easy_setopt(curl, CURLOPT_URL, "http://example.com");
+
+  /* complete connection within 10 seconds */
+  curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, 10L);
+
+  curl_easy_perform(curl);
+}
+.fi
 .SH AVAILABILITY
 Always
 .SH RETURN VALUE

docs/libcurl/opts/CURLOPT_CONNECTTIMEOUT_MS.3

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -41,7 +41,17 @@ In unix-like systems, this might cause signals to be used unless
 .SH PROTOCOLS
 All
 .SH EXAMPLE
-TODO
+.nf
+CURL *curl = curl_easy_init();
+if(curl) {
+  curl_easy_setopt(curl, CURLOPT_URL, "http://example.com");
+
+  /* complete connection within 10000 milliseconds */
+  curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, 10000L);
+
+  curl_easy_perform(curl);
+}
+.fi
 .SH AVAILABILITY
 Always
 .SH RETURN VALUE

docs/libcurl/opts/CURLOPT_COOKIE.3

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -51,7 +51,16 @@ NULL, no cookies
 .SH PROTOCOLS
 HTTP
 .SH EXAMPLE
-TODO
+.nf
+CURL *curl = curl_easy_init();
+if(curl) {
+  curl_easy_setopt(curl, CURLOPT_URL, "http://example.com");
+
+  curl_easy_setopt(curl, CURLOPT_COOKIE, "tool=curl; fun=yes;");
+
+  curl_easy_perform(curl);
+}
+.fi
 .SH AVAILABILITY
 If HTTP is enabled
 .SH RETURN VALUE

docs/libcurl/opts/CURLOPT_HEADER.3

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -38,9 +38,26 @@ about the protocol in use.
 
 It is often better to use \fICURLOPT_HEADERFUNCTION(3)\fP to get the header
 data separately.
+
+While named confusingly similar, \fICURLOPT_HTTPHEADER(3)\fP is used to set
+custom HTTP headers!
 .SH DEFAULT
 0
+.SH PROTOCOLS
+Most
+.SH EXAMPLE
+.nf
+CURL *curl = curl_easy_init();
+if(curl) {
+  curl_easy_setopt(curl, CURLOPT_URL, "http://example.com");
+
+  curl_easy_setopt(curl, CURLOPT_HEADER, 1L);
+
+  curl_easy_perform(curl);
+}
+.fi
 .SH RETURN VALUE
 Returns CURLE_OK.
 .SH "SEE ALSO"
 .BR CURLOPT_HEADERFUNCTION "(3), "
+.BR CURLOPT_HTTPHEADER "(3), "

docs/libcurl/opts/CURLOPT_HEADERFUNCTION.3

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -39,14 +39,14 @@ shown above.
 This function gets called by libcurl as soon as it has received header
 data. The header callback will be called once for each header and only
 complete header lines are passed on to the callback. Parsing headers is very
-easy using this. The size of the data pointed to by \fIptr\fP is \fIsize\fP
+easy using this. The size of the data pointed to by \fIbuffer\fP is \fIsize\fP
 multiplied with \fInmemb\fP. Do not assume that the header line is zero
 terminated! The pointer named \fIuserdata\fP is the one you set with the
 \fICURLOPT_HEADERDATA(3)\fP option. This callback function must return the
 number of bytes actually taken care of. If that amount differs from the amount
 passed in to your function, it'll signal an error to the library. This will
 cause the transfer to get aborted and the libcurl function in progress will
-return \fICURL_WRITE_ERROR\fP.
+return \fICURLE_WRITE_ERROR\fP.
 
 A complete HTTP header that is passed to this function can be up to
 \fICURL_MAX_HTTP_HEADER\fP (100K) bytes.
@@ -80,7 +80,24 @@ Nothing.
 Used for all protocols with headers or meta-data concept: HTTP, FTP, POP3,
 IMAP, SMTP and more.
 .SH EXAMPLE
-TODO
+.nf
+static size_t header_callback(char *buffer, size_t size,
+                              size_t nitems, void *userdata)
+{
+  /* received header is nitems * size long in 'buffer' NOT ZERO TERMINATED */
+  /* 'userdata' is set with CURLOPT_WRITEDATA */
+  return nitems * size;
+}
+
+CURL *curl = curl_easy_init();
+if(curl) {
+  curl_easy_setopt(curl, CURLOPT_URL, "http://example.com");
+
+  curl_easy_setopt(curl, CURLOPT_HEADERFUNCTION, header_callback);
+
+  curl_easy_perform(curl);
+}
+.fi
 .SH AVAILABILITY
 Always
 .SH RETURN VALUE

docs/libcurl/opts/CURLOPT_HEADEROPT.3

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -31,10 +31,10 @@ CURLcode curl_easy_setopt(CURL *handle, CURLOPT_HEADEROPT, long bitmask);
 Pass a long that is a bitmask of options of how to deal with headers. The two
 mutually exclusive options are:
 
-\fBCURLHEADER_UNIFIED\fP - keep working as before. This means
-\fICURLOPT_HTTPHEADER(3)\fP headers will be used in requests both to servers
-and proxies. With this option enabled, \fICURLOPT_PROXYHEADER(3)\fP will not
-have any effect.
+\fBCURLHEADER_UNIFIED\fP - the headers specified in
+\fICURLOPT_HTTPHEADER(3)\fP will be used in requests both to servers and
+proxies. With this option enabled, \fICURLOPT_PROXYHEADER(3)\fP will not have
+any effect.
 
 \fBCURLHEADER_SEPARATE\fP - makes \fICURLOPT_HTTPHEADER(3)\fP headers only get
 sent to a server and not to a proxy. Proxy headers must be set with
@@ -44,7 +44,7 @@ headers. When doing CONNECT, libcurl will send \fICURLOPT_PROXYHEADER(3)\fP
 headers only to the proxy and then \fICURLOPT_HTTPHEADER(3)\fP headers only to
 the server.
 .SH DEFAULT
-CURLHEADER_UNIFIED
+CURLHEADER_SEPARATE (changed in 7.42.1, ased CURLHEADER_UNIFIED before then)
 .SH PROTOCOLS
 HTTP
 .SH EXAMPLE

docs/libcurl/opts/CURLOPT_HTTP200ALIASES.3

@@ -32,9 +32,11 @@ CURLcode curl_easy_setopt(CURL *handle, CURLOPT_HTTP200ALIASES,
 .SH DESCRIPTION
 Pass a pointer to a linked list of \fIaliases\fP to be treated as valid HTTP
 200 responses.  Some servers respond with a custom header response line.  For
-example, IceCast servers respond with "ICY 200 OK".  By including this string
-in your list of aliases, the response will be treated as a valid HTTP header
-line such as "HTTP/1.0 200 OK".
+example, SHOUTcast servers respond with "ICY 200 OK". Also some very old
+Icecast 1.3.x servers will respond like that for certain user agent headers or
+in absence of such. By including this string in your list of aliases,
+the response will be treated as a valid HTTP header line such as
+"HTTP/1.0 200 OK".
 
 The linked list should be a fully valid list of struct curl_slist structs, and
 be properly filled in.  Use \fIcurl_slist_append(3)\fP to create the list and

docs/libcurl/opts/CURLOPT_HTTPHEADER.3

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -63,21 +63,48 @@ Pass a NULL to this option to reset back to no custom headers.
 
 The most commonly replaced headers have "shortcuts" in the options
 \fICURLOPT_COOKIE(3)\fP, \fICURLOPT_USERAGENT(3)\fP and
-\fICURLOPT_REFERER(3)\fP.
+\fICURLOPT_REFERER(3)\fP. We recommend using those.
 
 There's an alternative option that sets or replaces headers only for requests
 that are sent with CONNECT to a proxy: \fICURLOPT_PROXYHEADER(3)\fP. Use
 \fICURLOPT_HEADEROPT(3)\fP to control the behavior.
+.SH SECURITY CONCERNS
+By default, this option makes libcurl send the given headers in all HTTP
+requests done by this handle. You should therefore use this option with
+caution if you for example connect to the remote site using a proxy and a
+CONNECT request, you should to consider if that proxy is supposed to also get
+the headers. They may be private or otherwise sensitive to leak.
+
+Use \fICURLOPT_HEADEROPT(3)\fP to make the headers only get sent to where you
+intend them to get sent.
 .SH DEFAULT
 NULL
 .SH PROTOCOLS
 HTTP
 .SH EXAMPLE
-TODO
+.nf
+CURL *curl = curl_easy_init();
+
+struct curl_slist *list = NULL;
+
+if(curl) {
+  curl_easy_setopt(curl, CURLOPT_URL, "http://example.com");
+
+  list = curl_slist_append(list, "Shoesize: 10");
+  list = curl_slist_append(list, "Accept:");
+
+  curl_easy_setopt(curl, CURLOPT_HTTPHEADER, list);
+
+  curl_easy_perform(curl);
+
+  curl_slist_free_all(list); /* free the list again */
+}
+.fi
+
 .SH AVAILABILITY
 As long as HTTP is enabled
 .SH RETURN VALUE
 Returns CURLE_OK if HTTP is supported, and CURLE_UNKNOWN_OPTION if not.
 .SH "SEE ALSO"
 .BR CURLOPT_CUSTOMREQUEST "(3), " CURLOPT_HEADEROPT "(3), "
-.BR CURLOPT_PROXYHEADER "(3)"
+.BR CURLOPT_PROXYHEADER "(3), " CURLOPT_HEADER "(3)"

docs/libcurl/opts/CURLOPT_IGNORE_CONTENT_LENGTH.3

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -42,7 +42,17 @@ Only use this option if strictly necessary.
 .SH PROTOCOLS
 HTTP
 .SH EXAMPLE
-TODO
+.nf
+CURL *curl = curl_easy_init();
+if(curl) {
+  curl_easy_setopt(curl, CURLOPT_URL, "http://example.com");
+
+  /* we know the server is silly, ignore content-length */
+  curl_easy_setopt(curl, CURLOPT_IGNORE_CONTENT_LENGTH, 1L);
+
+  curl_easy_perform(curl);
+}
+.fi
 .SH AVAILABILITY
 Added in 7.14.1
 .SH RETURN VALUE

docs/libcurl/opts/CURLOPT_INFILESIZE.3

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -49,7 +49,20 @@ Unset
 .SH PROTOCOLS
 Many
 .SH EXAMPLE
-TODO
+.nf
+CURL *curl = curl_easy_init();
+if(curl) {
+  long uploadsize = FILE_SIZE;
+
+  curl_easy_setopt(curl, CURLOPT_URL, "ftp://example.com/destination.tar.gz");
+
+  curl_easy_setopt(curl, CURLOPT_UPLOAD, 1L);
+
+  curl_easy_setopt(curl, CURLOPT_INFILESIZE, uploadsize);
+
+  curl_easy_perform(curl);
+}
+.fi
 .SH AVAILABILITY
 SMTP support added in 7.23.0
 .SH RETURN VALUE

docs/libcurl/opts/CURLOPT_INFILESIZE_LARGE.3

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -50,7 +50,20 @@ Unset
 .SH PROTOCOLS
 Many
 .SH EXAMPLE
-TODO
+.nf
+CURL *curl = curl_easy_init();
+if(curl) {
+  curl_off_t uploadsize = FILE_SIZE;
+
+  curl_easy_setopt(curl, CURLOPT_URL, "ftp://example.com/destination.tar.gz");
+
+  curl_easy_setopt(curl, CURLOPT_UPLOAD, 1L);
+
+  curl_easy_setopt(curl, CURLOPT_INFILESIZE_LARGE, uploadsize);
+
+  curl_easy_perform(curl);
+}
+.fi
 .SH AVAILABILITY
 SMTP support added in 7.23.0
 .SH RETURN VALUE

docs/libcurl/opts/CURLOPT_PATH_AS_IS.3

@@ -0,0 +1,63 @@
+.\" **************************************************************************
+.\" *                                  _   _ ____  _
+.\" *  Project                     ___| | | |  _ \| |
+.\" *                             / __| | | | |_) | |
+.\" *                            | (__| |_| |  _ <| |___
+.\" *                             \___|\___/|_| \_\_____|
+.\" *
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" *
+.\" * This software is licensed as described in the file COPYING, which
+.\" * you should have received as part of this distribution. The terms
+.\" * are also available at http://curl.haxx.se/docs/copyright.html.
+.\" *
+.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+.\" * copies of the Software, and permit persons to whom the Software is
+.\" * furnished to do so, under the terms of the COPYING file.
+.\" *
+.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+.\" * KIND, either express or implied.
+.\" *
+.\" **************************************************************************
+.\"
+.TH CURLOPT_PATH_AS_IS 3 "17 Jun 2014" "libcurl 7.42.0" "curl_easy_setopt options"
+.SH NAME
+CURLOPT_PATH_AS_IS \- do not handle dot dot sequences
+.SH SYNOPSIS
+#include <curl/curl.h>
+
+CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PATH_AS_IS, long leaveit);
+.SH DESCRIPTION
+By setting the long \fIleavit\fP to 1, to explicitly tell libcurl to not alter
+the given path before passing it on to the server.
+
+This tells libcurl to NOT squash sequences of "/../" or "/./" that may exist
+in the URL's path part and that is supposed to be removed according to RFC
+3986 section 5.2.4.
+
+Some server implementations are known to (erroneously) require the dot dot
+sequences to remain in the path and some clients want to pass these on in
+order to try out server implementations.
+
+By default libcurl will merge such sequences before using the path.
+.SH DEFAULT
+0
+.SH PROTOCOLS
+All 
+.SH EXAMPLE
+.nf
+CURL *curl = curl_easy_init();
+if(curl) {
+  curl_easy_setopt(curl, CURLOPT_URL, "http://example.com/../../etc/password");
+
+  curl_easy_setopt(curl, CURLOPT_PATH_AS_IS, 1L);
+
+  curl_easy_perform(curl);
+}
+.fi
+.SH AVAILABILITY
+Aded in 7.42.0
+.SH RETURN VALUE
+Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.
+.SH "SEE ALSO"
+.BR CURLOPT_STDERR "(3), " CURLOPT_DEBUGFUNCTION "(3), "

docs/libcurl/opts/CURLOPT_PRIVATE.3

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -37,7 +37,22 @@ NULL
 .SH PROTOCOLS
 All
 .SH EXAMPLE
-TODO
+.nf
+CURL *curl = curl_easy_init();
+struct private secrets;
+if(curl) {
+  struct private *extracted;
+  curl_easy_setopt(curl, CURLOPT_URL, "http://example.com");
+
+  /* store a pointer to our private struct */
+  curl_easy_setopt(curl, CURLOPT_PRIVATE, &secrets);
+
+  curl_easy_perform(curl);
+
+  /* we can extract the private pointer again too */
+  curl_easy_getinfo(curl, CURLINFO_PRIVATE, &extracted);
+}
+.fi
 .SH AVAILABILITY
 Added in 7.10.3
 .SH RETURN VALUE

docs/libcurl/opts/CURLOPT_READDATA.3

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -42,7 +42,19 @@ By default, this is a FILE * to stdin.
 .SH PROTOCOLS
 This is used for all protocols when sending data.
 .SH EXAMPLE
-TODO
+.nf
+CURL *curl = curl_easy_init();
+struct MyData this;
+if(curl) {
+  curl_easy_setopt(curl, CURLOPT_URL, "http://example.com");
+
+  /* pass pointer that gets passed in to the
+     CURLOPT_READFUNCTION callback */
+  curl_easy_setopt(curl, CURLOPT_READDATA, &this);
+
+  curl_easy_perform(curl);
+}
+.fi
 .SH AVAILABILITY
 This option was once known by the older name \fICURLOPT_INFILE\fP, the name
 \fICURLOPT_READDATA\fP was introduced in 7.9.7.

docs/libcurl/opts/CURLOPT_READFUNCTION.3

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -34,9 +34,10 @@ CURLcode curl_easy_setopt(CURL *handle, CURLOPT_READFUNCTION, read_callback);
 Pass a pointer to your callback function, as the prototype shows above.
 
 This callback function gets called by libcurl as soon as it needs to read data
-in order to send it to the peer. The data area pointed at by the pointer
-\fIbuffer\fP should be filled up with at most \fIsize\fP multiplied with
-\fInmemb\fP number of bytes by your function.
+in order to send it to the peer - like if you ask it to upload or post data to
+the server. The data area pointed at by the pointer \fIbuffer\fP should be
+filled up with at most \fIsize\fP multiplied with \fInmemb\fP number of bytes
+by your function.
 
 Your function must then return the actual number of bytes that it stored in
 that memory area. Returning 0 will signal end-of-file to the library and cause
@@ -75,4 +76,4 @@ was added in 7.12.1.
 This will return CURLE_OK.
 .SH "SEE ALSO"
 .BR CURLOPT_READDATA "(3), " CURLOPT_WRITEFUNCTION "(3), "
-.BR CURLOPT_SEEKFUNCTION "(3), "
+.BR CURLOPT_SEEKFUNCTION "(3), " CURLOPT_UPLOAD "(3), " CURLOPT_POST "(3), "

docs/libcurl/opts/CURLOPT_REFERER.3

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -37,7 +37,17 @@ NULL
 .SH PROTOCOLS
 HTTP
 .SH EXAMPLE
-TODO
+.nf
+CURL *curl = curl_easy_init();
+if(curl) {
+  curl_easy_setopt(curl, CURLOPT_URL, "http://example.com");
+
+  /* tell it where we found the link to this place */
+  curl_easy_setopt(curl, CURLOPT_REFERER, "http://example.com/aboutme.html");
+
+  curl_easy_perform(curl);
+}
+.fi
 .SH AVAILABILITY
 If built with HTTP support
 .SH RETURN VALUE

docs/libcurl/opts/CURLOPT_SSL_CTX_DATA.3

@@ -38,7 +38,8 @@ All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
 .SH EXAMPLE
 TODO
 .SH AVAILABILITY
-Added in 7.11.0. Only used with the OpenSSL backend.
+Added in 7.11.0 for OpenSSL. Added in 7.42.0 for wolfSSL/CyaSSL. Other SSL
+backends not supported.
 .SH RETURN VALUE
 Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.
 .SH "SEE ALSO"

docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3

@@ -22,7 +22,7 @@
 .\"
 .TH CURLOPT_SSL_CTX_FUNCTION 3 "19 Jun 2014" "libcurl 7.37.0" "curl_easy_setopt options"
 .SH NAME
-CURLOPT_SSL_CTX_FUNCTION \- openssl specific callback to do SSL magic
+CURLOPT_SSL_CTX_FUNCTION \- SSL context callback for OpenSSL or wolfSSL/CyaSSL
 .SH SYNOPSIS
 .nf
 #include <curl/curl.h>
@@ -32,28 +32,28 @@ CURLcode ssl_ctx_callback(CURL *curl, void *ssl_ctx, void *userptr);
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_CTX_FUNCTION,
                           ssl_ctx_callback);
 .SH DESCRIPTION
-This option only works for libcurl powered by OpenSSL. If libcurl was built
-against another SSL library, this functionality is absent.
+This option only works for libcurl powered by OpenSSL or wolfSSL/CyaSSL. If
+libcurl was built against another SSL library this functionality is absent.
 
 Pass a pointer to your callback function, which should match the prototype
 shown above.
 
 This callback function gets called by libcurl just before the initialization
-of a SSL connection after having processed all other SSL related options to
-give a last chance to an application to modify the behaviour of openssl's ssl
-initialization. The \fIsslctx\fP parameter is actually a pointer to an openssl
-\fISSL_CTX\fP. If an error is returned from the callback, no attempt to
-establish a connection is made and the perform operation will return the error
-code.  Set the \fIuserptr\fP argument with the \fICURLOPT_SSL_CTX_DATA(3)\fP
-option.
+of an SSL connection after having processed all other SSL related options to
+give a last chance to an application to modify the behaviour of the SSL
+initialization. The \fIssl_ctx\fP parameter is actually a pointer to the SSL
+library's \fISSL_CTX\fP. If an error is returned from the callback no attempt
+to establish a connection is made and the perform operation will return the
+callback's error code. Set the \fIuserptr\fP argument with the
+\fICURLOPT_SSL_CTX_DATA(3)\fP option.
 
 This function will get called on all new connections made to a server, during
 the SSL negotiation. The SSL_CTX pointer will be a new one every time.
 
-To use this properly, a non-trivial amount of knowledge of the openssl
-libraries is necessary. For example, using this function allows you to use
-openssl callbacks to add additional validation code for certificates, and even
-to change the actual URI of a HTTPS request (example used in the lib509 test
+To use this properly, a non-trivial amount of knowledge of your SSL library
+is necessary. For example, you can use this function to call library-specific
+callbacks to add additional validation code for certificates, and even to
+change the actual URI of a HTTPS request (example used in the lib509 test
 case).  See also the example section for a replacement of the key, certificate
 and trust file settings.
 .SH DEFAULT
@@ -63,7 +63,8 @@ All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
 .SH EXAMPLE
 TODO
 .SH AVAILABILITY
-Added in 7.11.0. Only supported when built with OpenSSL.
+Added in 7.11.0 for OpenSSL. Added in 7.42.0 for wolfSSL/CyaSSL. Other SSL
+backends not supported.
 .SH RETURN VALUE
 Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.
 .SH "SEE ALSO"

docs/libcurl/opts/CURLOPT_SSL_FALSESTART.3

@@ -0,0 +1,48 @@
+.\" **************************************************************************
+.\" *                                  _   _ ____  _
+.\" *  Project                     ___| | | |  _ \| |
+.\" *                             / __| | | | |_) | |
+.\" *                            | (__| |_| |  _ <| |___
+.\" *                             \___|\___/|_| \_\_____|
+.\" *
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" *
+.\" * This software is licensed as described in the file COPYING, which
+.\" * you should have received as part of this distribution. The terms
+.\" * are also available at http://curl.haxx.se/docs/copyright.html.
+.\" *
+.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+.\" * copies of the Software, and permit persons to whom the Software is
+.\" * furnished to do so, under the terms of the COPYING file.
+.\" *
+.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+.\" * KIND, either express or implied.
+.\" *
+.\" **************************************************************************
+.\"
+.TH CURLOPT_SSL_FALSESTART 3 "14 Feb 2015" "libcurl 7.41.0" "curl_easy_setopt options"
+.SH NAME
+CURLOPT_SSL_FALSESTART \- enable TLS false start
+.SH SYNOPSIS
+#include <curl/curl.h>
+
+CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_FALSESTART, long enable);
+.SH DESCRIPTION
+Pass a long as parameter set to 1 to enable or 0 to disable.
+
+This option determines whether libcurl should use false start during the TLS
+handshake. False start is a mode where a TLS client will start sending
+application data before verifying the server's Finished message, thus saving a
+round trip when performing a full handshake.
+.SH DEFAULT
+0
+.SH PROTOCOLS
+All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
+.SH EXAMPLE
+TODO
+.SH AVAILABILITY
+Added in 7.42.0. This option is currently only supported by the NSS and
+Secure Transport (on iOS 7.0 or later, or OS X 10.9 or later) TLS backends.
+.SH RETURN VALUE
+Returns CURLE_OK if false start is supported by the SSL backend, otherwise
+returns CURLE_NOT_BUILT_IN.

docs/libcurl/opts/CURLOPT_SSL_VERIFYHOST.3

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -66,7 +66,17 @@ also set to zero and cannot be overridden.
 .SH PROTOCOLS
 All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
 .SH EXAMPLE
-TODO
+.nf
+CURL *curl = curl_easy_init();
+if(curl) {
+  curl_easy_setopt(curl, CURLOPT_URL, "https://example.com");
+
+  /* Set the default value: strict name check please */
+  curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2L);
+
+  curl_easy_perform(curl);
+}
+.fi
 .SH AVAILABILITY
 If built TLS enabled.
 .SH RETURN VALUE

docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.3

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -62,7 +62,17 @@ By default, curl assumes a value of 1.
 .SH PROTOCOLS
 All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
 .SH EXAMPLE
-TODO
+.nf
+CURL *curl = curl_easy_init();
+if(curl) {
+  curl_easy_setopt(curl, CURLOPT_URL, "https://example.com");
+
+  /* Set the default value: strict certificate check please */
+  curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1L);
+
+  curl_easy_perform(curl);
+}
+.fi
 .SH AVAILABILITY
 If built TLS enabled.
 .SH RETURN VALUE

docs/libcurl/opts/CURLOPT_STDERR.3

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -36,7 +36,16 @@ stderr
 .SH PROTOCOLS
 All
 .SH EXAMPLE
-TODO
+.nf
+CURL *curl = curl_easy_init();
+FILE *filep = fopen("dump", "wb");
+if(curl) {
+  curl_easy_setopt(curl, CURLOPT_URL, "http://example.com");
+  curl_easy_setopt(curl, CURLOPT_STDERR, filep);
+
+  curl_easy_perform(curl);
+}
+.fi
 .SH AVAILABILITY
 Always
 .SH RETURN VALUE

docs/libcurl/opts/CURLOPT_TCP_KEEPALIVE.3

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -38,7 +38,23 @@ disable keepalive probes
 .SH PROTOCOLS
 All
 .SH EXAMPLE
-TODO
+.nf
+CURL *curl = curl_easy_init();
+if(curl) {
+  curl_easy_setopt(curl, CURLOPT_URL, "http://example.com");
+
+  /* enable TCP keep-alive for this transfer */
+  curl_easy_setopt(curl, CURLOPT_TCP_KEEPALIVE, 1L);
+
+  /* keep-alive idle time to 120 seconds */
+  curl_easy_setopt(curl, CURLOPT_TCP_KEEPIDLE, 120L);
+
+  /* interval time between keep-alive probes: 60 seconds */
+  curl_easy_setopt(curl, CURLOPT_TCP_KEEPIDLE, 60L);
+
+  curl_easy_perform(curl);
+}
+.fi
 .SH AVAILABILITY
 Added in 7.25.0
 .SH RETURN VALUE

docs/libcurl/opts/CURLOPT_TCP_KEEPIDLE.3

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -36,7 +36,23 @@ operating systems support this option.
 .SH PROTOCOLS
 All
 .SH EXAMPLE
-TODO
+.nf
+CURL *curl = curl_easy_init();
+if(curl) {
+  curl_easy_setopt(curl, CURLOPT_URL, "http://example.com");
+
+  /* enable TCP keep-alive for this transfer */
+  curl_easy_setopt(curl, CURLOPT_TCP_KEEPALIVE, 1L);
+
+  /* set keep-alive idle time to 120 seconds */
+  curl_easy_setopt(curl, CURLOPT_TCP_KEEPIDLE, 120L);
+
+  /* interval time between keep-alive probes: 60 seconds */
+  curl_easy_setopt(curl, CURLOPT_TCP_KEEPIDLE, 60L);
+
+  curl_easy_perform(curl);
+}
+.fi
 .SH AVAILABILITY
 Added in 7.25.0
 .SH RETURN VALUE

docs/libcurl/opts/CURLOPT_TCP_KEEPINTVL.3

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -34,7 +34,23 @@ option. (Added in 7.25.0)
 .SH DEFAULT
 .SH PROTOCOLS
 .SH EXAMPLE
-TODO
+.nf
+CURL *curl = curl_easy_init();
+if(curl) {
+  curl_easy_setopt(curl, CURLOPT_URL, "http://example.com");
+
+  /* enable TCP keep-alive for this transfer */
+  curl_easy_setopt(curl, CURLOPT_TCP_KEEPALIVE, 1L);
+
+  /* keep-alive idle time to 120 seconds */
+  curl_easy_setopt(curl, CURLOPT_TCP_KEEPIDLE, 120L);
+
+  /* interval time between keep-alive probes: 60 seconds */
+  curl_easy_setopt(curl, CURLOPT_TCP_KEEPIDLE, 60L);
+
+  curl_easy_perform(curl);
+}
+.fi
 .SH AVAILABILITY
 Always
 .SH RETURN VALUE

docs/libcurl/opts/CURLOPT_TIMEOUT.3

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -50,7 +50,17 @@ Default timeout is 0 (zero) which means it never times out during transfer.
 .SH PROTOCOLS
 All
 .SH EXAMPLE
-TODO
+.nf
+CURL *curl = curl_easy_init();
+if(curl) {
+  curl_easy_setopt(curl, CURLOPT_URL, "http://example.com");
+
+  /* complete within 20 seconds */
+  curl_easy_setopt(curl, CURLOPT_TIMEOUT, 20L);
+
+  curl_easy_perform(curl);
+}
+.fi
 .SH AVAILABILITY
 Always
 .SH RETURN VALUE

docs/libcurl/opts/CURLOPT_TIMEOUT_MS.3

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -54,7 +54,17 @@ Default timeout is 0 (zero) which means it never times out during transfer.
 .SH PROTOCOLS
 All
 .SH EXAMPLE
-TODO
+.nf
+CURL *curl = curl_easy_init();
+if(curl) {
+  curl_easy_setopt(curl, CURLOPT_URL, "http://example.com");
+
+  /* complete within 20000 milliseconds */
+  curl_easy_setopt(curl, CURLOPT_TIMEOUT_MS, 20000L);
+
+  curl_easy_perform(curl);
+}
+.fi
 .SH AVAILABILITY
 Always
 .SH RETURN VALUE

docs/libcurl/opts/CURLOPT_URL.3

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -284,6 +284,29 @@ escape it by providing it as backslash and its ASCII value in hexadecimal:
 .SH DEFAULT
 There is no default URL. If this option isn't set, no transfer can be
 performed.
+.SH SECURITY CONCERNS
+Applications may at times find it convenient to allow users to specify URLs
+for various purposes and that string would then end up fed to this option.
+
+Getting a URL from an external untrusted party will bring reasons for several
+security concerns:
+
+If you have an application that runs as or in a server application, getting an
+unfiltered URL can easily trick your application to access a local resource
+instead of a remote. Protecting yourself against localhost accesses is very
+hard when accepting user provided URLs.
+
+Such custom URLs can also access other ports than you planned as port numbers
+are part of the regular URL format. The combination of a local host and a
+custom port number can allow external users to play tricks with your local
+services.
+
+Accepting external URLs may also use other protocols than http:// or other
+common ones. Restrict what accept with \fICURLOPT_PROTOCOLS(3)\fP.
+
+User provided URLs can also be made to point to sites that redirect further on
+(possibly to other protocols too). Consider your
+\fICURLOPT_FOLLOWLOCATION(3)\fP and \fICURLOPT_REDIR_PROTOCOLS(3)\fP settings.
 .SH PROTOCOLS
 All
 .SH EXAMPLE

docs/libcurl/opts/CURLOPT_USERAGENT.3

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -37,7 +37,16 @@ NULL, no User-Agent: header is used by default.
 .SH PROTOCOLS
 HTTP, HTTPS
 .SH EXAMPLE
-TODO
+.nf
+CURL *curl = curl_easy_init();
+if(curl) {
+  curl_easy_setopt(curl, CURLOPT_URL, "http://example.com");
+
+  curl_easy_setopt(curl, CURLOPT_USERAGENT, "Dark Secret Ninja/1.0");
+
+  curl_easy_perform(curl);
+}
+.fi
 .SH AVAILABILITY
 As long as HTTP is supported
 .SH RETURN VALUE

docs/libcurl/opts/CURLOPT_WRITEDATA.3

@@ -5,7 +5,7 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
@@ -46,12 +46,14 @@ By default, this is a FILE * to stdout.
 Used for all protocols.
 .SH EXAMPLE
 A common technique is to use the write callback to store the incoming data
-into a dynamically growing allocated buffer, and then this CURLOPT_WRITEDATA
-is used to point to a struct or the buffer to store data in. Like in the
-getinmemory example: http://curl.haxx.se/libcurl/c/getinmemory.html
+into a dynamically growing allocated buffer, and then this
+\fICURLOPT_WRITEDATA(3)\fP is used to point to a struct or the buffer to store
+data in. Like in the getinmemory example:
+http://curl.haxx.se/libcurl/c/getinmemory.html
 .SH AVAILABILITY
 Available in all libcurl versions. This option was formerly known as
-\fICURLOPT_FILE\fP, the name \fICURLOPT_WRITEDATA\fP was introduced in 7.9.7.
+\fICURLOPT_FILE\fP, the name \fICURLOPT_WRITEDATA(3)\fP was introduced in
+7.9.7.
 .SH RETURN VALUE
 This will return CURLE_OK.
 .SH "SEE ALSO"

docs/libcurl/opts/Makefile.am

@@ -66,7 +66,8 @@ man_MANS = CURLOPT_ACCEPT_ENCODING.3 CURLOPT_ACCEPTTIMEOUT_MS.3		\
  CURLOPT_NEW_DIRECTORY_PERMS.3 CURLOPT_NEW_FILE_PERMS.3			\
  CURLOPT_NOBODY.3 CURLOPT_NOPROGRESS.3 CURLOPT_NOPROXY.3		\
  CURLOPT_NOSIGNAL.3 CURLOPT_OPENSOCKETDATA.3				\
- CURLOPT_OPENSOCKETFUNCTION.3 CURLOPT_PASSWORD.3 CURLOPT_PORT.3		\
+ CURLOPT_OPENSOCKETFUNCTION.3 CURLOPT_PASSWORD.3 			\
+ CURLOPT_PINNEDPUBLICKEY.3 CURLOPT_PORT.3				\
  CURLOPT_POST.3 CURLOPT_POSTFIELDS.3 CURLOPT_POSTFIELDSIZE.3		\
  CURLOPT_POSTFIELDSIZE_LARGE.3 CURLOPT_POSTQUOTE.3 CURLOPT_POSTREDIR.3	\
  CURLOPT_PREQUOTE.3 CURLOPT_PRIVATE.3 CURLOPT_PROGRESSDATA.3		\
@@ -90,14 +91,15 @@ man_MANS = CURLOPT_ACCEPT_ENCODING.3 CURLOPT_ACCEPTTIMEOUT_MS.3		\
  CURLOPT_SSLCERT.3 CURLOPT_SSLCERTTYPE.3 CURLOPT_SSL_CIPHER_LIST.3	\
  CURLOPT_SSL_CTX_DATA.3 CURLOPT_SSL_CTX_FUNCTION.3			\
  CURLOPT_SSL_ENABLE_ALPN.3 CURLOPT_SSL_ENABLE_NPN.3 CURLOPT_SSLENGINE.3	\
- CURLOPT_SSLENGINE_DEFAULT.3 CURLOPT_SSLKEY.3 CURLOPT_SSLKEYTYPE.3	\
- CURLOPT_SSL_OPTIONS.3 CURLOPT_SSL_SESSIONID_CACHE.3			\
- CURLOPT_SSL_VERIFYHOST.3 CURLOPT_SSL_VERIFYPEER.3			\
- CURLOPT_SSL_VERIFYSTATUS.3 CURLOPT_SSLVERSION.3 CURLOPT_STDERR.3	\
- CURLOPT_TCP_KEEPALIVE.3 CURLOPT_TCP_KEEPIDLE.3 CURLOPT_TCP_KEEPINTVL.3	\
- CURLOPT_TCP_NODELAY.3 CURLOPT_TELNETOPTIONS.3 CURLOPT_TFTP_BLKSIZE.3	\
- CURLOPT_TIMECONDITION.3 CURLOPT_TIMEOUT.3 CURLOPT_TIMEOUT_MS.3		\
- CURLOPT_TIMEVALUE.3 CURLOPT_TLSAUTH_PASSWORD.3 CURLOPT_TLSAUTH_TYPE.3	\
+ CURLOPT_SSLENGINE_DEFAULT.3 CURLOPT_SSL_FALSESTART.3 CURLOPT_SSLKEY.3	\
+ CURLOPT_SSLKEYTYPE.3 CURLOPT_SSL_OPTIONS.3				\
+ CURLOPT_SSL_SESSIONID_CACHE.3 CURLOPT_SSL_VERIFYHOST.3			\
+ CURLOPT_SSL_VERIFYPEER.3 CURLOPT_SSL_VERIFYSTATUS.3			\
+ CURLOPT_SSLVERSION.3 CURLOPT_STDERR.3 CURLOPT_TCP_KEEPALIVE.3		\
+ CURLOPT_TCP_KEEPIDLE.3 CURLOPT_TCP_KEEPINTVL.3 CURLOPT_TCP_NODELAY.3	\
+ CURLOPT_TELNETOPTIONS.3 CURLOPT_TFTP_BLKSIZE.3 CURLOPT_TIMECONDITION.3	\
+ CURLOPT_TIMEOUT.3 CURLOPT_TIMEOUT_MS.3 CURLOPT_TIMEVALUE.3		\
+ CURLOPT_TLSAUTH_PASSWORD.3 CURLOPT_TLSAUTH_TYPE.3			\
  CURLOPT_TLSAUTH_USERNAME.3 CURLOPT_TRANSFER_ENCODING.3			\
  CURLOPT_TRANSFERTEXT.3 CURLOPT_UNRESTRICTED_AUTH.3 CURLOPT_UPLOAD.3	\
  CURLOPT_URL.3 CURLOPT_USERAGENT.3 CURLOPT_USERNAME.3 CURLOPT_USERPWD.3	\
@@ -110,8 +112,8 @@ man_MANS = CURLOPT_ACCEPT_ENCODING.3 CURLOPT_ACCEPTTIMEOUT_MS.3		\
  CURLMOPT_MAX_TOTAL_CONNECTIONS.3 CURLMOPT_PIPELINING.3			\
  CURLMOPT_PIPELINING_SERVER_BL.3 CURLMOPT_PIPELINING_SITE_BL.3		\
  CURLMOPT_SOCKETDATA.3 CURLMOPT_SOCKETFUNCTION.3 CURLMOPT_TIMERDATA.3	\
- CURLMOPT_TIMERFUNCTION.3 CURLOPT_UNIX_SOCKET_PATH.3
-
+ CURLMOPT_TIMERFUNCTION.3 CURLOPT_UNIX_SOCKET_PATH.3			\
+ CURLOPT_PATH_AS_IS.3
 
 HTMLPAGES = CURLOPT_ACCEPT_ENCODING.html CURLOPT_ACCEPTTIMEOUT_MS.html	\
  CURLOPT_ADDRESS_SCOPE.html CURLOPT_APPEND.html				\
@@ -166,7 +168,8 @@ HTMLPAGES = CURLOPT_ACCEPT_ENCODING.html CURLOPT_ACCEPTTIMEOUT_MS.html	\
  CURLOPT_NEW_FILE_PERMS.html CURLOPT_NOBODY.html			\
  CURLOPT_NOPROGRESS.html CURLOPT_NOPROXY.html CURLOPT_NOSIGNAL.html	\
  CURLOPT_OPENSOCKETDATA.html CURLOPT_OPENSOCKETFUNCTION.html		\
- CURLOPT_PASSWORD.html CURLOPT_PORT.html CURLOPT_POST.html		\
+ CURLOPT_PASSWORD.html CURLOPT_PINNEDPUBLICKEY.html CURLOPT_PORT.html	\
+ CURLOPT_POST.html							\
  CURLOPT_POSTFIELDS.html CURLOPT_POSTFIELDSIZE.html			\
  CURLOPT_POSTFIELDSIZE_LARGE.html CURLOPT_POSTQUOTE.html		\
  CURLOPT_POSTREDIR.html CURLOPT_PREQUOTE.html CURLOPT_PRIVATE.html	\
@@ -193,8 +196,8 @@ HTMLPAGES = CURLOPT_ACCEPT_ENCODING.html CURLOPT_ACCEPTTIMEOUT_MS.html	\
  CURLOPT_SSL_CIPHER_LIST.html CURLOPT_SSL_CTX_DATA.html			\
  CURLOPT_SSL_CTX_FUNCTION.html CURLOPT_SSL_ENABLE_ALPN.html		\
  CURLOPT_SSL_ENABLE_NPN.html CURLOPT_SSLENGINE.html			\
- CURLOPT_SSLENGINE_DEFAULT.html CURLOPT_SSLKEY.html			\
- CURLOPT_SSLKEYTYPE.html CURLOPT_SSL_OPTIONS.html			\
+ CURLOPT_SSLENGINE_DEFAULT.html CURLOPT_SSL_FALSESTART.html		\
+ CURLOPT_SSLKEY.html CURLOPT_SSLKEYTYPE.html CURLOPT_SSL_OPTIONS.html	\
  CURLOPT_SSL_SESSIONID_CACHE.html CURLOPT_SSL_VERIFYHOST.html		\
  CURLOPT_SSL_VERIFYPEER.html CURLOPT_SSL_VERIFYSTATUS.html		\
  CURLOPT_SSLVERSION.html CURLOPT_STDERR.html CURLOPT_TCP_KEEPALIVE.html	\
@@ -217,7 +220,7 @@ HTMLPAGES = CURLOPT_ACCEPT_ENCODING.html CURLOPT_ACCEPTTIMEOUT_MS.html	\
  CURLMOPT_PIPELINING_SERVER_BL.html CURLMOPT_PIPELINING_SITE_BL.html	\
  CURLMOPT_SOCKETDATA.html CURLMOPT_SOCKETFUNCTION.html			\
  CURLMOPT_TIMERDATA.html CURLMOPT_TIMERFUNCTION.html			\
- CURLOPT_UNIX_SOCKET_PATH.html
+ CURLOPT_UNIX_SOCKET_PATH.html CURLOPT_PATH_AS_IS.html
 
 PDFPAGES = CURLOPT_ACCEPT_ENCODING.pdf CURLOPT_ACCEPTTIMEOUT_MS.pdf	\
  CURLOPT_ADDRESS_SCOPE.pdf CURLOPT_APPEND.pdf CURLOPT_AUTOREFERER.pdf	\
@@ -269,7 +272,8 @@ PDFPAGES = CURLOPT_ACCEPT_ENCODING.pdf CURLOPT_ACCEPTTIMEOUT_MS.pdf	\
  CURLOPT_NEW_DIRECTORY_PERMS.pdf CURLOPT_NEW_FILE_PERMS.pdf		\
  CURLOPT_NOBODY.pdf CURLOPT_NOPROGRESS.pdf CURLOPT_NOPROXY.pdf		\
  CURLOPT_NOSIGNAL.pdf CURLOPT_OPENSOCKETDATA.pdf			\
- CURLOPT_OPENSOCKETFUNCTION.pdf CURLOPT_PASSWORD.pdf CURLOPT_PORT.pdf	\
+ CURLOPT_OPENSOCKETFUNCTION.pdf CURLOPT_PASSWORD.pdf 			\
+ CURLOPT_PINNEDPUBLICKEY.pdf CURLOPT_PORT.pdf				\
  CURLOPT_POST.pdf CURLOPT_POSTFIELDS.pdf CURLOPT_POSTFIELDSIZE.pdf	\
  CURLOPT_POSTFIELDSIZE_LARGE.pdf CURLOPT_POSTQUOTE.pdf			\
  CURLOPT_POSTREDIR.pdf CURLOPT_PREQUOTE.pdf CURLOPT_PRIVATE.pdf		\
@@ -296,8 +300,8 @@ PDFPAGES = CURLOPT_ACCEPT_ENCODING.pdf CURLOPT_ACCEPTTIMEOUT_MS.pdf	\
  CURLOPT_SSL_CIPHER_LIST.pdf CURLOPT_SSL_CTX_DATA.pdf			\
  CURLOPT_SSL_CTX_FUNCTION.pdf CURLOPT_SSL_ENABLE_ALPN.pdf		\
  CURLOPT_SSL_ENABLE_NPN.pdf CURLOPT_SSLENGINE.pdf			\
- CURLOPT_SSLENGINE_DEFAULT.pdf CURLOPT_SSLKEY.pdf			\
- CURLOPT_SSLKEYTYPE.pdf CURLOPT_SSL_OPTIONS.pdf				\
+ CURLOPT_SSLENGINE_DEFAULT.pdf CURLOPT_SSL_FALSESTART.pdf		\
+ CURLOPT_SSLKEY.pdf CURLOPT_SSLKEYTYPE.pdf CURLOPT_SSL_OPTIONS.pdf	\
  CURLOPT_SSL_SESSIONID_CACHE.pdf CURLOPT_SSL_VERIFYHOST.pdf		\
  CURLOPT_SSL_VERIFYPEER.pdf CURLOPT_SSL_VERIFYSTATUS.pdf		\
  CURLOPT_SSLVERSION.pdf CURLOPT_STDERR.pdf CURLOPT_TCP_KEEPALIVE.pdf	\
@@ -320,7 +324,7 @@ PDFPAGES = CURLOPT_ACCEPT_ENCODING.pdf CURLOPT_ACCEPTTIMEOUT_MS.pdf	\
  CURLMOPT_PIPELINING_SERVER_BL.pdf CURLMOPT_PIPELINING_SITE_BL.pdf	\
  CURLMOPT_SOCKETDATA.pdf CURLMOPT_SOCKETFUNCTION.pdf			\
  CURLMOPT_TIMERDATA.pdf CURLMOPT_TIMERFUNCTION.pdf			\
- CURLOPT_UNIX_SOCKET_PATH.pdf
+ CURLOPT_UNIX_SOCKET_PATH.pdf CURLOPT_PATH_AS_IS.pdf
 
 CLEANFILES = $(HTMLPAGES) $(PDFPAGES)
 

docs/libcurl/symbols-in-versions

@@ -431,6 +431,7 @@ CURLOPT_PASSWDDATA              7.4.2         7.11.1      7.15.5
 CURLOPT_PASSWDFUNCTION          7.4.2         7.11.1      7.15.5
 CURLOPT_PASSWORD                7.19.1
 CURLOPT_PASV_HOST               7.12.1        7.16.0      7.15.5
+CURLOPT_PATH_AS_IS              7.42.0
 CURLOPT_PINNEDPUBLICKEY         7.39.0
 CURLOPT_PORT                    7.1
 CURLOPT_POST                    7.1
@@ -510,6 +511,7 @@ CURLOPT_SSL_CTX_DATA            7.10.6
 CURLOPT_SSL_CTX_FUNCTION        7.10.6
 CURLOPT_SSL_ENABLE_ALPN         7.36.0
 CURLOPT_SSL_ENABLE_NPN          7.36.0
+CURLOPT_SSL_FALSESTART          7.42.0
 CURLOPT_SSL_OPTIONS             7.25.0
 CURLOPT_SSL_SESSIONID_CACHE     7.16.0
 CURLOPT_SSL_VERIFYHOST          7.8.1

docs/libcurl/symbols.pl

@@ -71,7 +71,7 @@ while(<F>) {
         my $dep;
 
         # is there removed info?
-        if($vers =~ /([\d.]+)[ \t-]+([\d.]+)[ \t]+([\d.]+)/) {
+        if($vers =~ /([\d.]+)[ \t-]+([\d.-]+)[ \t]+([\d.]+)/) {
             ($intr, $dep, $rm)=($1, $2, $3);
         }
         # is it a dep-only line?

include/curl/curl.h

@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -1626,6 +1626,12 @@ typedef enum {
   /* Set if we should verify the certificate status. */
   CINIT(SSL_VERIFYSTATUS, LONG, 232),
 
+  /* Set if we should enable TLS false start. */
+  CINIT(SSL_FALSESTART, LONG, 233),
+
+  /* Do not squash dot-dot sequences */
+  CINIT(PATH_AS_IS, LONG, 234),
+
   CURLOPT_LASTENTRY /* the last unused */
 } CURLoption;
 

include/curl/curlver.h

@@ -30,12 +30,12 @@
 
 /* This is the version number of the libcurl package from which this header
    file origins: */
-#define LIBCURL_VERSION "7.41.0-DEV"
+#define LIBCURL_VERSION "7.42.0-DEV"
 
 /* The numeric version number is also available "in parts" by using these
    defines: */
 #define LIBCURL_VERSION_MAJOR 7
-#define LIBCURL_VERSION_MINOR 41
+#define LIBCURL_VERSION_MINOR 42
 #define LIBCURL_VERSION_PATCH 0
 
 /* This is the numeric version of the libcurl version number, meant for easier
@@ -53,7 +53,7 @@
    and it is always a greater number in a more recent release. It makes
    comparisons with greater than and less than work.
 */
-#define LIBCURL_VERSION_NUM 0x072900
+#define LIBCURL_VERSION_NUM 0x072A00
 
 /*
  * This is the date and time when the full source package was created. The

include/curl/mprintf.h

@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -57,15 +57,8 @@ CURL_EXTERN char *curl_mvaprintf(const char *format, va_list args);
 # undef vaprintf
 # define printf curl_mprintf
 # define fprintf curl_mfprintf
-#ifdef CURLDEBUG
-/* When built with CURLDEBUG we define away the sprintf functions since we
-   don't want internal code to be using them */
-# define sprintf sprintf_was_used
-# define vsprintf vsprintf_was_used
-#else
 # define sprintf curl_msprintf
 # define vsprintf curl_mvsprintf
-#endif
 # define snprintf curl_msnprintf
 # define vprintf curl_mvprintf
 # define vfprintf curl_mvfprintf

lib/Makefile.am

@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -34,7 +34,7 @@ EXTRA_DIST = Makefile.b32 Makefile.m32 Makefile.vc6 config-win32.h	\
  config-os400.h setup-os400.h config-symbian.h Makefile.Watcom		\
  config-tpf.h $(DOCS) mk-ca-bundle.pl mk-ca-bundle.vbs $(CMAKE_DIST)	\
  firefox-db2pem.sh config-vxworks.h Makefile.vxworks checksrc.pl	\
- objnames-test08.sh objnames-test10.sh objnames.inc
+ objnames-test08.sh objnames-test10.sh objnames.inc checksrc.whitelist
 
 lib_LTLIBRARIES = libcurl.la
 

lib/Makefile.b32

@@ -74,7 +74,7 @@ LINKLIB  = $(LINKLIB) $(ZLIB_PATH)\zlib.lib
 
 # SSL support is enabled setting WITH_SSL=1
 !ifdef WITH_SSL
-DEFINES  = $(DEFINES) -DUSE_SSLEAY
+DEFINES  = $(DEFINES) -DUSE_OPENSSL
 INCDIRS  = $(INCDIRS);$(OPENSSL_PATH)\inc32;$(OPENSSL_PATH)\inc32\openssl
 LINKLIB  = $(LINKLIB) $(OPENSSL_PATH)\out32\ssleay32.lib $(OPENSSL_PATH)\out32\libeay32.lib
 !endif

lib/Makefile.inc

@@ -64,7 +64,8 @@ LIB_HFILES = arpa_telnet.h netrc.h file.h timeval.h hostip.h progress.h \
   curl_ntlm.h curl_gssapi.h curl_ntlm_wb.h curl_ntlm_core.h             \
   curl_ntlm_msgs.h curl_sasl.h curl_multibyte.h hostcheck.h bundles.h   \
   conncache.h curl_setup_once.h multihandle.h setup-vms.h pipeline.h    \
-  dotdot.h x509asn1.h http2.h sigpipe.h smb.h curl_endian.h curl_des.h
+  dotdot.h x509asn1.h http2.h sigpipe.h smb.h curl_endian.h curl_des.h  \
+  curl_printf.h
 
 LIB_RCFILES = libcurl.rc
 

lib/Makefile.m32

@@ -214,14 +214,17 @@ ifdef SSL
       OPENSSL_LIBS = -lcrypto -lssl
     endif
   endif
+  ifndef DYN
+    OPENSSL_LIBS += -lgdi32 -lcrypt32
+  endif
   INCLUDES += -I"$(OPENSSL_INCLUDE)"
-  CFLAGS += -DUSE_SSLEAY -DUSE_OPENSSL -DHAVE_OPENSSL_ENGINE_H -DHAVE_OPENSSL_PKCS12_H \
+  CFLAGS += -DUSE_OPENSSL -DHAVE_OPENSSL_ENGINE_H -DHAVE_OPENSSL_PKCS12_H \
             -DHAVE_ENGINE_LOAD_BUILTIN_ENGINES -DOPENSSL_NO_KRB5 \
             -DCURL_WANTS_CA_BUNDLE_ENV
   DLL_LIBS += -L"$(OPENSSL_LIBPATH)" $(OPENSSL_LIBS)
   ifdef SRP
     ifeq "$(wildcard $(OPENSSL_INCLUDE)/openssl/srp.h)" "$(OPENSSL_INCLUDE)/openssl/srp.h"
-      CFLAGS += -DHAVE_SSLEAY_SRP -DUSE_TLS_SRP
+      CFLAGS += -DHAVE_OPENSSL_SRP -DUSE_TLS_SRP
     endif
   endif
 endif

lib/Makefile.vc6

@@ -105,7 +105,7 @@ WINDOWS_SDK_PATH = "$(PROGRAMFILES)\Microsoft SDK"
 
 CCNODBG      = cl.exe /O2 /DNDEBUG
 CCDEBUG      = cl.exe /Od /Gm /Zi /D_DEBUG /GZ
-CFLAGSSSL    = /DUSE_SSLEAY /DUSE_OPENSSL /I "$(OPENSSL_PATH)/inc32" /I "$(OPENSSL_PATH)/inc32/openssl"
+CFLAGSSSL    = /DUSE_OPENSSL /I "$(OPENSSL_PATH)/inc32" /I "$(OPENSSL_PATH)/inc32/openssl"
 CFLAGSWINSSL = /DUSE_SCHANNEL
 CFLAGSSSH2   = /DUSE_LIBSSH2 /DCURL_DISABLE_LDAP /DHAVE_LIBSSH2 /DHAVE_LIBSSH2_H /DLIBSSH2_WIN32 /DLIBSSH2_LIBRARY /I "$(LIBSSH2_PATH)/include"
 CFLAGSZLIB   = /DHAVE_ZLIB_H /DHAVE_ZLIB /DHAVE_LIBZ /I "$(ZLIB_PATH)"

lib/README.http2

@@ -1,8 +1,9 @@
-
 HTTP2 with libcurl
 
  Spec: http://tools.ietf.org/html/draft-ietf-httpbis-http2
 
+ Document explaining it: http://daniel.haxx.se/http2/
+
  Build prerequisites
   - nghttp2
   - OpenSSL, NSS, GnutTLS or PolarSSL with a new enough version
@@ -10,8 +11,8 @@ HTTP2 with libcurl
  nghttp2 (https://github.com/tatsuhiro-t/nghttp2)
 
   libcurl uses this 3rd party library for the low level protocol handling
-  parts. The reason for this is that HTTP2 is much more complex at that layer
-  than HTTP1.1 (which we implement on our own) and that nghttp2 is an already
+  parts. The reason for this is that HTTP/2 is much more complex at that layer
+  than HTTP/1.1 (which we implement on our own) and that nghttp2 is an already
   existing and well functional library.
 
   Right now, nghttp2 implements http2 draft-14
@@ -20,9 +21,9 @@ HTTP2 with libcurl
 
  Over an http:// URL
 
-  If CURLOPT_HTTP_VERSION is set to CURL_HTTP_VERSION_2, libcurl will include
-  an upgrade header in the initial request to the host to allow upgrading to
-  http2.
+  If CURLOPT_HTTP_VERSION is set to CURL_HTTP_VERSION_2_0, libcurl will
+  include an upgrade header in the initial request to the host to allow
+  upgrading to http2.
 
   Possibly we can later introduce an option that will cause libcurl to fail if
   not possible to upgrade. Possibly we introduce an option that makes libcurl
@@ -30,10 +31,10 @@ HTTP2 with libcurl
 
  Over an https:// URL
 
-  If CURLOPT_HTTP_VERSION is set to CURL_HTTP_VERSION_2, libcurl will use ALPN
-  (or NPN) to negotiate which protocol to continue with. Possibly introduce an
-  option that will cause libcurl to fail if not possible to use http2.
-  Consider options to explicitly disable ALPN and/or NPN.
+  If CURLOPT_HTTP_VERSION is set to CURL_HTTP_VERSION_2_0, libcurl will use
+  ALPN (or NPN) to negotiate which protocol to continue with. Possibly
+  introduce an option that will cause libcurl to fail if not possible to use
+  http2.  Consider options to explicitly disable ALPN and/or NPN.
 
   ALPN is the TLS extension that http2 is expected to use. The NPN extension
   is for a similar purpose, was made prior to ALPN and is used for SPDY so
@@ -51,15 +52,16 @@ SSL libs
     GnuTLS:   ALPN
     PolarSSL: ALPN
 
-Alt-Svc
+HTTP Alternative Services
 
-  Alt-Svc is a suggested new header with a corresponding frame (ALTSVC) in
+  Alt-Svc is a suggested extension with a corresponding frame (ALTSVC) in
   http2 that tells the client about an alternative "route" to the same content
   for the same origin server that you get the response from. A browser or
   long-living client can use that hint to create a new connection
   asynchronously.  For libcurl, we may introduce a way to bring such clues to
   the applicaton and/or let a subsequent request use the alternate route
-  automatically.
+  automatically. Spec:
+  http://tools.ietf.org/html/draft-ietf-httpbis-alt-svc-05
 
 Applications
 
@@ -70,8 +72,16 @@ curl tool
 
   curl offers the --http2 command line option to enable use of http2
 
-To consider:
+TODO:
+
+  - Implement multiplexing
 
   - How to tell libcurl when using the multi interface that all or some of the
     handles are allowed to re-use the same physical connection. Can we just
     re-use existing pipelining logic?
+
+  - Provide API to set priorities / dependencies of individual streams
+
+  - Implement "prior-knowledge" HTTP/2 connecitons over clear text so that
+    curl can connect with HTTP/2 at once without 1.1+Upgrade.
+

lib/amigaos.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -71,7 +71,7 @@ bool Curl_amiga_init()
 }
 
 #ifdef __libnix__
-ADD2EXIT(Curl_amiga_cleanup,-50);
+ADD2EXIT(Curl_amiga_cleanup, -50);
 #endif
 
 #endif /* __AMIGA__ && ! __ixemul__ */

lib/asyn-ares.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -68,9 +68,7 @@
 #include "connect.h"
 #include "select.h"
 #include "progress.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
+#include "curl_printf.h"
 
 #  if defined(CURL_STATICLIB) && !defined(CARES_STATICLIB) && \
      (defined(WIN32) || defined(_WIN32) || defined(__SYMBIAN32__))
@@ -166,7 +164,7 @@ void Curl_resolver_cleanup(void *resolver)
 int Curl_resolver_duphandle(void **to, void *from)
 {
   /* Clone the ares channel for the new handle */
-  if(ARES_SUCCESS != ares_dup((ares_channel*)to,(ares_channel)from))
+  if(ARES_SUCCESS != ares_dup((ares_channel*)to, (ares_channel)from))
     return CURLE_FAILED_INIT;
   return CURLE_OK;
 }
@@ -188,8 +186,7 @@ void Curl_resolver_cancel(struct connectdata *conn)
  */
 static void destroy_async_data (struct Curl_async *async)
 {
-  if(async->hostname)
-    free(async->hostname);
+  free(async->hostname);
 
   if(async->os_specific) {
     struct ResolverResults *res = (struct ResolverResults *)async->os_specific;
@@ -388,7 +385,7 @@ CURLcode Curl_resolver_wait_resolv(struct connectdata *conn,
       timeout_ms = 1000;
 
     waitperform(conn, timeout_ms);
-    Curl_resolver_is_resolved(conn,&temp_entry);
+    Curl_resolver_is_resolved(conn, &temp_entry);
 
     if(conn->async.done)
       break;
@@ -536,15 +533,15 @@ Curl_addrinfo *Curl_resolver_getaddrinfo(struct connectdata *conn,
   bufp = strdup(hostname);
   if(bufp) {
     struct ResolverResults *res = NULL;
-    Curl_safefree(conn->async.hostname);
+    free(conn->async.hostname);
     conn->async.hostname = bufp;
     conn->async.port = port;
     conn->async.done = FALSE;   /* not done */
     conn->async.status = 0;     /* clear */
     conn->async.dns = NULL;     /* clear */
-    res = calloc(sizeof(struct ResolverResults),1);
+    res = calloc(sizeof(struct ResolverResults), 1);
     if(!res) {
-      Curl_safefree(conn->async.hostname);
+      free(conn->async.hostname);
       conn->async.hostname = NULL;
       return NULL;
     }

lib/asyn-thread.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -69,11 +69,9 @@
 #include "inet_ntop.h"
 #include "curl_threads.h"
 #include "connect.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
+#include "curl_printf.h"
 #include "curl_memory.h"
+
 /* The last #include file should be: */
 #include "memdebug.h"
 
@@ -192,13 +190,12 @@ void destroy_thread_sync_data(struct thread_sync_data * tsd)
     free(tsd->mtx);
   }
 
-  if(tsd->hostname)
-    free(tsd->hostname);
+  free(tsd->hostname);
 
   if(tsd->res)
     Curl_freeaddrinfo(tsd->res);
 
-  memset(tsd,0,sizeof(*tsd));
+  memset(tsd, 0, sizeof(*tsd));
 }
 
 /* Initialize resolver thread synchronization data */
@@ -366,9 +363,7 @@ static void destroy_async_data (struct Curl_async *async)
   }
   async->os_specific = NULL;
 
-  if(async->hostname)
-    free(async->hostname);
-
+  free(async->hostname);
   async->hostname = NULL;
 }
 
@@ -398,7 +393,7 @@ static bool init_resolve_thread (struct connectdata *conn,
   if(!init_thread_sync_data(td, hostname, port, hints))
     goto err_exit;
 
-  Curl_safefree(conn->async.hostname);
+  free(conn->async.hostname);
   conn->async.hostname = strdup(hostname);
   if(!conn->async.hostname)
     goto err_exit;

lib/base64.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -23,17 +23,14 @@
 /* Base64 encoding/decoding */
 
 #include "curl_setup.h"
-
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
+#include "curl_printf.h"
 #include "urldata.h" /* for the SessionHandle definition */
 #include "warnless.h"
 #include "curl_base64.h"
-#include "curl_memory.h"
 #include "non-ascii.h"
 
-/* include memdebug.h last */
+/* The last #include files should be: */
+#include "curl_memory.h"
 #include "memdebug.h"
 
 /* ---- Base64 Encoding/Decoding Table --- */
@@ -152,7 +149,7 @@ CURLcode Curl_base64_decode(const char *src,
   for(i = 0; i < numQuantums; i++) {
     size_t result = decodeQuantum(pos, src);
     if(!result) {
-      Curl_safefree(newstr);
+      free(newstr);
 
       return CURLE_BAD_CONTENT_ENCODING;
     }
@@ -255,8 +252,7 @@ static CURLcode base64_encode(const char *table64,
   *output = '\0';
   *outptr = base64data; /* return pointer to new data, allocated memory */
 
-  if(convbuf)
-    free(convbuf);
+  free(convbuf);
 
   *outlen = strlen(base64data); /* return the length of the new data */
 

lib/bundles.c

@@ -6,7 +6,7 @@
  *                             \___|\___/|_| \_\_____|
  *
  * Copyright (C) 2012, Linus Nielsen Feltzing, <linus@haxx.se>
- * Copyright (C) 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2012-2015, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -74,7 +74,7 @@ void Curl_bundle_destroy(struct connectbundle *cb_ptr)
     Curl_llist_destroy(cb_ptr->conn_list, NULL);
     cb_ptr->conn_list = NULL;
   }
-  Curl_safefree(cb_ptr);
+  free(cb_ptr);
 }
 
 /* Add a connection to a bundle */

lib/checksrc.pl

@@ -6,7 +6,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 2011 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 2011 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -26,13 +26,32 @@ my $indent = 2;
 
 my $warnings;
 my $errors;
+my $supressed; # whitelisted problems
 my $file;
 my $dir=".";
 my $wlist;
+my $windows_os = $^O eq 'MSWin32' || $^O eq 'msys' || $^O eq 'cygwin';
+
+my %whitelist;
+
+sub readwhitelist {
+    open(W, "<$dir/checksrc.whitelist");
+    my @all=<W>;
+    for(@all) {
+        $windows_os ? $_ =~ s/\r?\n$// : chomp;
+        $whitelist{$_}=1;
+    }
+    close(W);
+}
 
 sub checkwarn {
     my ($num, $col, $file, $line, $msg, $error) = @_;
 
+    if($whitelist{$line}) {
+        $supressed++;
+        return;
+    }
+    
     my $w=$error?"error":"warning";
 
     if($w) {
@@ -78,6 +97,8 @@ if(!$file) {
     exit;
 }
 
+readwhitelist();
+
 do {
     if("$wlist" !~ / $file /) {
         my $fullname = $file;
@@ -100,7 +121,7 @@ sub scanfile {
     my $copyright=0;
 
     while(<R>) {
-        chomp;
+        $windows_os ? $_ =~ s/\r?\n$// : chomp;
         my $l = $_;
         my $column = 0;
 
@@ -144,6 +165,49 @@ sub scanfile {
             }
         }
 
+        # check for "return(" without space
+        if($l =~ /^(.*)return\(/) {
+            if($1 =~ / *\#/) {
+                # this is a #if, treat it differently
+            }
+            else {
+                checkwarn($line, length($1)+6, $file, $l,
+                          "return without space before paren");
+            }
+        }
+
+        # check for comma without space
+        if($l =~ /^(.*),[^ \n]/) {
+            my $pref=$1;
+            my $ign=0;
+            if($pref =~ / *\#/) {
+                # this is a #if, treat it differently
+                $ign=1;
+            }
+            elsif($pref =~ /\/\*/) {
+                # this is a comment
+                $ign=1;
+            }
+            elsif($pref =~ /[\"\']/) {
+                $ign = 1;
+                # There is a quote here, figure out whether the comma is
+                # within a string or '' or not.
+                if($pref =~ /\"/) {
+                    # withing a string
+                }
+                elsif($pref =~ /\'$/) {
+                    # a single letter
+                }
+                else {
+                    $ign = 0;
+                }
+            }
+            if(!$ign) {
+                checkwarn($line, length($pref)+1, $file, $l,
+                          "comma without following space");
+            }
+        }
+        
         # check for "} else"
         if($l =~ /^(.*)\} *else/) {
             checkwarn($line, length($1), $file, $l, "else after closing brace on same line");
@@ -153,6 +217,11 @@ sub scanfile {
             checkwarn($line, length($1)+1, $file, $l, "missing space after close paren");
         }
 
+        # check for space before the semicolon last in a line
+        if($l =~ /^(.*[^ ].*) ;$/) {
+            checkwarn($line, length($1), $file, $l, "space before last semicolon");
+        }
+
         # scan for use of banned functions
         if($l =~ /^(.*\W)(sprintf|vsprintf|strcat|strncat|gets)\s*\(/) {
             checkwarn($line, length($1), $file, $l,

lib/checksrc.whitelist

@@ -0,0 +1,6 @@
+    227 Entering Passive Mode (a1,a2,a3,a4,p1,p2)
+    228 Entering Long Passive Mode (4,4,a1,a2,a3,a4,2,p1,p2)
+      150 ASCII data connection for /bin/ls (137.167.104.91,37445) (0 bytes).
+      150 Opening ASCII mode data connection for [file] (0.0.0.0,0) (545 bytes)
+   * no_proxy=domain1.dom,host.domain2.dom
+     Default values are (0,0) initialized by calloc.

lib/config-amigaos.h

@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -93,7 +93,6 @@
 
 #define USE_MANUAL 1
 #define USE_OPENSSL 1
-#define USE_SSLEAY 1
 #define CURL_DISABLE_LDAP 1
 
 #define OS "AmigaOS"

lib/config-dos.h

@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -132,12 +132,11 @@
   #define HAVE_LIBZ              1
 #endif
 
-/* USE_SSLEAY on cmd-line */
-#ifdef USE_SSLEAY
+/* USE_OPENSSL on cmd-line */
+#ifdef USE_OPENSSL
   #define HAVE_CRYPTO_CLEANUP_ALL_EX_DATA 1
   #define HAVE_OPENSSL_ENGINE_H  1
   #define OPENSSL_NO_KRB5        1
-  #define USE_OPENSSL            1
 #endif
 
 /* to disable LDAP */
@@ -163,11 +162,6 @@
   #define HAVE_TERMIOS_H  1
   #define HAVE_VARIADIC_MACROS_GCC 1
 
-  /* Because djgpp <= 2.03 doesn't have snprintf() etc. */
-  #if (DJGPP_MINOR < 4)
-    #define _MPRINTF_REPLACE
-  #endif
-
 #elif defined(__WATCOMC__)
   #define HAVE_STRCASECMP 1
 

lib/config-mac.h

@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -70,7 +70,6 @@
 #define HAVE_SIG_ATOMIC_T       1
 
 #ifdef MACOS_SSL_SUPPORT
-#  define USE_SSLEAY            1
 #  define USE_OPENSSL           1
 #endif
 

lib/config-symbian.h

@@ -808,10 +808,4 @@
 #define HAVE_ZLIB_H 1
 #endif
 
-/* Enable appropriate definitions only when OpenSSL support is enabled */
-#ifdef USE_SSLEAY
-/* if OpenSSL is in use */
-#define USE_OPENSSL
-#endif
-
 #endif /* HEADER_CURL_CONFIG_SYMBIAN_H */

lib/config-tpf.h

@@ -7,7 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -646,7 +646,7 @@
 /* #undef USE_OPENSSL */
 
 /* if SSL is enabled */
-/* #undef USE_SSLEAY */
+/* #undef USE_OPENSSL */
 
 /* to enable SSPI support */
 /* #undef USE_WINDOWS_SSPI */

lib/config-vxworks.h

@@ -883,9 +883,6 @@
 /* if OpenSSL is in use */
 #define USE_OPENSSL 1
 
-/* if SSL is enabled */
-#define USE_SSLEAY 1
-
 /* Define to 1 if you are building a Windows target without large file
    support. */
 /* #undef USE_WIN32_LARGE_FILES */

lib/config-win32.h

@@ -701,7 +701,7 @@ Vista
 #endif
 
 /* Define to use the Windows crypto library. */
-#if !defined(USE_SSLEAY) && !defined(USE_NSS)
+#if !defined(USE_OPENSSL) && !defined(USE_NSS)
 #define USE_WIN32_CRYPTO
 #endif
 

lib/config-win32ce.h

@@ -443,6 +443,6 @@
 #define ENOMEM 2
 #define EAGAIN 3
 
-extern int stat(const char *path,struct stat *buffer );
+extern int stat(const char *path, struct stat *buffer);
 
 #endif /* HEADER_CURL_CONFIG_WIN32CE_H */

lib/conncache.c

@@ -6,7 +6,7 @@
  *                             \___|\___/|_| \_\_____|
  *
  * Copyright (C) 2012, Linus Nielsen Feltzing, <linus@haxx.se>
- * Copyright (C) 2012 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2012 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -73,11 +73,13 @@ void Curl_conncache_destroy(struct conncache *connc)
   }
 }
 
-struct connectbundle *Curl_conncache_find_bundle(struct conncache *connc,
-                                                 char *hostname)
+struct connectbundle *Curl_conncache_find_bundle(struct connectdata *conn,
+                                                 struct conncache *connc)
 {
   struct connectbundle *bundle = NULL;
 
+  char *hostname = conn->bits.proxy?conn->proxy.name:conn->host.name;
+
   if(connc)
     bundle = Curl_hash_pick(connc->hash, hostname, strlen(hostname)+1);
 
@@ -127,15 +129,15 @@ CURLcode Curl_conncache_add_conn(struct conncache *connc,
   struct connectbundle *new_bundle = NULL;
   struct SessionHandle *data = conn->data;
 
-  bundle = Curl_conncache_find_bundle(data->state.conn_cache,
-                                      conn->host.name);
+  bundle = Curl_conncache_find_bundle(conn, data->state.conn_cache);
   if(!bundle) {
+    char *hostname = conn->bits.proxy?conn->proxy.name:conn->host.name;
+
     result = Curl_bundle_create(data, &new_bundle);
     if(result)
       return result;
 
-    if(!conncache_add_bundle(data->state.conn_cache,
-                             conn->host.name, new_bundle)) {
+    if(!conncache_add_bundle(data->state.conn_cache, hostname, new_bundle)) {
       Curl_bundle_destroy(new_bundle);
       return CURLE_OUT_OF_MEMORY;
     }

lib/conncache.h

@@ -7,6 +7,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
+ * Copyright (C) 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
  * Copyright (C) 2012 - 2014, Linus Nielsen Feltzing, <linus@haxx.se>
  *
  * This software is licensed as described in the file COPYING, which
@@ -33,8 +34,9 @@ struct conncache *Curl_conncache_init(int size);
 
 void Curl_conncache_destroy(struct conncache *connc);
 
-struct connectbundle *Curl_conncache_find_bundle(struct conncache *connc,
-                                                 char *hostname);
+/* return the correct bundle, to a host or a proxy */
+struct connectbundle *Curl_conncache_find_bundle(struct connectdata *conn,
+                                                 struct conncache *connc);
 
 CURLcode Curl_conncache_add_conn(struct conncache *connc,
                                  struct connectdata *conn);

lib/connect.c

@@ -56,15 +56,12 @@
 #include <inet.h>
 #endif
 
-#define _MPRINTF_REPLACE /* use our functions only */
-#include <curl/mprintf.h>
-
+#include "curl_printf.h"
 #include "urldata.h"
 #include "sendf.h"
 #include "if2ip.h"
 #include "strerror.h"
 #include "connect.h"
-#include "curl_memory.h"
 #include "select.h"
 #include "url.h" /* for Curl_safefree() */
 #include "multiif.h"
@@ -77,7 +74,8 @@
 #include "conncache.h"
 #include "multihandle.h"
 
-/* The last #include file should be: */
+/* The last #include files should be: */
+#include "curl_memory.h"
 #include "memdebug.h"
 
 #ifdef __SYMBIAN32__
@@ -561,16 +559,14 @@ static CURLcode trynextip(struct connectdata *conn,
       family = conn->tempaddr[tempindex]->ai_family;
       ai = conn->tempaddr[tempindex]->ai_next;
     }
+#ifdef ENABLE_IPV6
     else if(conn->tempaddr[0]) {
       /* happy eyeballs - try the other protocol family */
       int firstfamily = conn->tempaddr[0]->ai_family;
-#ifdef ENABLE_IPV6
       family = (firstfamily == AF_INET) ? AF_INET6 : AF_INET;
-#else
-      family = firstfamily;
-#endif
       ai = conn->tempaddr[0]->ai_next;
     }
+#endif
 
     while(ai) {
       if(conn->tempaddr[other]) {
@@ -887,7 +883,7 @@ static void tcpnodelay(struct connectdata *conn,
     infof(data, "Could not set TCP_NODELAY: %s\n",
           Curl_strerror(conn, SOCKERRNO));
   else
-    infof(data,"TCP_NODELAY set\n");
+    infof(data, "TCP_NODELAY set\n");
 #else
   (void)conn;
   (void)sockfd;
@@ -1115,7 +1111,7 @@ static CURLcode singleipconnect(struct connectdata *conn,
     default:
       /* unknown error, fallthrough and try another address! */
       infof(data, "Immediate connect fail for %s: %s\n",
-            ipaddress, Curl_strerror(conn,error));
+            ipaddress, Curl_strerror(conn, error));
       data->state.os_errno = error;
 
       /* connect failed */
@@ -1206,15 +1202,20 @@ curl_socket_t Curl_getconnectinfo(struct SessionHandle *data,
 
   DEBUGASSERT(data);
 
-  /* this only works for an easy handle that has been used for
-     curl_easy_perform()! */
-  if(data->state.lastconnect && data->multi_easy) {
+  /* this works for an easy handle:
+   * - that has been used for curl_easy_perform()
+   * - that is associated with a multi handle, and whose connection
+   *   was detached with CURLOPT_CONNECT_ONLY
+   */
+  if(data->state.lastconnect && (data->multi_easy || data->multi)) {
     struct connectdata *c = data->state.lastconnect;
     struct connfind find;
     find.tofind = data->state.lastconnect;
     find.found = FALSE;
 
-    Curl_conncache_foreach(data->multi_easy->conn_cache, &find, conn_is_conn);
+    Curl_conncache_foreach(data->multi_easy?
+                           data->multi_easy->conn_cache:
+                           data->multi->conn_cache, &find, conn_is_conn);
 
     if(!find.found) {
       data->state.lastconnect = NULL;
@@ -1265,8 +1266,10 @@ int Curl_closesocket(struct connectdata *conn,
          accept, then we MUST NOT call the callback but clear the accepted
          status */
       conn->sock_accepted[SECONDARYSOCKET] = FALSE;
-    else
+    else {
+      Curl_multi_closed(conn, sock);
       return conn->fclosesocket(conn->closesocket_client, sock);
+    }
   }
 
   if(conn)
@@ -1361,11 +1364,12 @@ void Curl_conncontrol(struct connectdata *conn, bool closeit,
 #if defined(CURL_DISABLE_VERBOSE_STRINGS)
   (void) reason;
 #endif
+  if(closeit != conn->bits.close) {
+    infof(conn->data, "Marked for [%s]: %s\n", closeit?"closure":"keep alive",
+          reason);
 
-  infof(conn->data, "Marked for [%s]: %s\n", closeit?"closure":"keep alive",
-        reason);
-
-  conn->bits.close = closeit; /* the only place in the source code that should
-                                 assign this bit */
+    conn->bits.close = closeit; /* the only place in the source code that
+                                   should assign this bit */
+  }
 }
 #endif