RELEASE-NOTES: curl 7.48.0

THANKS: 15 new contributors from 7.48.0 release
CURLINFO_TLS_SSL_PTR.3: Warn about limitations
2016-03-23 07:55:48 +01:00 · 2016-03-23 07:55:48 +01:00 · 2016-03-23 01:16:21 -04:00 · 2016-03-22 10:43:55 +01:00 · 2016-03-22 10:35:22 +01:00 · 2016-03-22 10:33:44 +01:00
1517 changed files with 36486 additions and 15876 deletions
--- a/.dir-locals.el
+++ b/.dir-locals.el
@ -0,0 +1,10 @@
+;;; Directory Local Variables
+;;; See Info node `(emacs) Directory Variables' for more information.
+
+((nil . ((indent-tabs-mode . nil)
+         (show-trailing-whitespace . t)))
+ (c-mode . ((c-basic-offset . 2)
+            ))
+ (c++-mode . ((c-basic-offset . 2)
+              ))
+ )
--- a/.github/CONTRIBUTING.md
+++ b/.github/CONTRIBUTING.md
@ -0,0 +1,23 @@
+How to contribute to curl
+=========================
+
+Join the community
+------------------
+
+ 1. Click 'watch' on the github repo
+
+ 2. Subscribe to the suitable [mailing lists](https://curl.haxx.se/mail/)
+
+Read [CONTRIBUTE](../docs/CONTRIBUTE)
+---------------------------------------
+
+Send your suggestions using one of these methods:
+-------------------------------------------------
+
+ 1. in a mail to the mailing list
+
+ 2. as a [pull request](https://github.com/curl/curl/pulls)
+
+ 3. as an [issue](https://github.com/curl/curl/issues)
+
+/ The cURL team!
--- a/.github/ISSUE_TEMPLATE
+++ b/.github/ISSUE_TEMPLATE
@ -0,0 +1,9 @@
+### I did this
+
+### I expected the following
+
+### curl/libcurl version
+
+[curl -V output perhaps?]
+
+### operating system
--- a/.gitignore
+++ b/.gitignore
@ -1,48 +1,52 @@
-.deps
-.libs
-*.lib
-*.pdb
+*.asc
 *.dll
 *.exe
-*.obj
-*.asc
-.*.swp
-Debug
-Release
 *.exp
+*.la
+*.lib
+*.lo
+*.o
+*.obj
+*.pdb
+*~
+.*.swp
+.cproject
+.deps
+.dirstamp
+.libs
+.project
+.settings
+/build/
+/builds/
+CHANGES.dist
+Debug
+INSTALL
 Makefile
 Makefile.in
+Release
+TAGS
 aclocal.m4
+aclocal.m4.bak
 autom4te.cache
+compile
 config.cache
 config.guess
 config.log
 config.status
 config.sub
 configure
-depcomp
-libtool
-ltmain.sh
-compile
-curl-config
-libcurl.pc
-missing
-curl-*.tar.gz
 curl-*.tar.bz2
+curl-*.tar.gz
 curl-*.tar.lzma
 curl-*.zip
-INSTALL
+curl-config
+depcomp
 install-sh
-*.o
-*.lo
-*.la
+libcurl.pc
+libtool
+ltmain.sh
+missing
 mkinstalldirs
 tags
-TAGS
-*~
-aclocal.m4.bak
-CHANGES.dist
-.project
-.cproject
-.settings
-.dirstamp
+test-driver
+scripts/_curl
--- a/.travis.yml
+++ b/.travis.yml
@ -1,8 +1,20 @@
+os:
+  - linux
+  - osx
+
+sudo: false
+
 language: c

+install:
+  - if [ "$TRAVIS_OS_NAME" == "osx" ]; then brew update > /dev/null; fi
+  - if [ "$TRAVIS_OS_NAME" == "osx" ]; then brew install openssl libidn rtmpdump libssh2 c-ares libmetalink libressl nghttp2; fi
+
 before_script:
  - ./buildconf

+script: ./configure --enable-debug && make && make test-full
+
 compiler:
  - clang
  - gcc
--- a/14
+++ b/14
@ -1,15 +1,7 @@
-                                  _   _ ____  _
-                              ___| | | |  _ \| |
-                             / __| | | | |_) | |
-                            | (__| |_| |  _ <| |___
-                             \___|\___/|_| \_\_____|
+See https://curl.haxx.se/changes.html for the edited and human readable online
+version of what has changed over the years in different curl releases.

-                                  Changelog
-
-This file no longer holds the changelog. Now you can generate it yourself
-like this:
+Generate a CHANGES file like the one present in evey release like this:

 $ git log --pretty=fuller --no-color --date=short --decorate=full | \
  ./log2changes.pl
-
-The older, manually edited, changelog is found in git named CHANGES.0
--- a/CHANGES.0
+++ b/CHANGES.0
--- a/CMake/CurlTests.c
+++ b/CMake/CurlTests.c
@ -9,7 +9,7 @@
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
@ -139,7 +139,7 @@ int main(void)
  rc = gethostbyname_r(address, &h, &hdata);
 #elif defined(HAVE_GETHOSTBYNAME_R_5) || \
      defined(HAVE_GETHOSTBYNAME_R_5_REENTRANT)
-  rc = gethostbyname_r(address, &h, buffer, 8192, 0, &h_errnop);
+  rc = gethostbyname_r(address, &h, buffer, 8192, &h_errnop);
  (void)hp; /* not used for test */
 #elif defined(HAVE_GETHOSTBYNAME_R_6) || \
      defined(HAVE_GETHOSTBYNAME_R_6_REENTRANT)
--- a/CMake/OtherTests.cmake
+++ b/CMake/OtherTests.cmake
@ -10,8 +10,8 @@ endmacro(add_header_include)

 set(signature_call_conv)
 if(HAVE_WINDOWS_H)
-  add_header_include(HAVE_WINDOWS_H "windows.h")
  add_header_include(HAVE_WINSOCK2_H "winsock2.h")
+  add_header_include(HAVE_WINDOWS_H "windows.h")
  add_header_include(HAVE_WINSOCK_H "winsock.h")
  set(_source_epilogue
      "${_source_epilogue}\n#ifndef WIN32_LEAN_AND_MEAN\n#define WIN32_LEAN_AND_MEAN\n#endif")
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -9,7 +9,7 @@
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
-# are also available at http://curl.haxx.se/docs/copyright.html.
+# are also available at https://curl.haxx.se/docs/copyright.html.
 #
 # You may opt to use, copy, modify, merge, publish, distribute and/or sell
 # copies of the Software, and permit persons to whom the Software is
@ -64,7 +64,7 @@ message(STATUS "curl version=[${CURL_VERSION}]")
 # SET(PACKAGE_NAME "curl")
 # SET(PACKAGE_VERSION "-")
 # SET(PACKAGE_STRING "curl-")
-# SET(PACKAGE_BUGREPORT "a suitable curl mailing list => http://curl.haxx.se/mail/")
+# SET(PACKAGE_BUGREPORT "a suitable curl mailing list => https://curl.haxx.se/mail/")
 set(OPERATING_SYSTEM "${CMAKE_SYSTEM_NAME}")
 set(OS "\"${CMAKE_SYSTEM_NAME}\"")

@ -76,6 +76,24 @@ option(BUILD_CURL_TESTS "Set to ON to build cURL tests." ON)
 option(CURL_STATICLIB "Set to ON to build libcurl with static linking." OFF)
 option(ENABLE_ARES "Set to ON to enable c-ares support" OFF)
 option(ENABLE_THREADED_RESOLVER "Set to ON to enable POSIX threaded DNS lookup" OFF)
+
+option(ENABLE_DEBUG "Set to ON to enable curl debug features" OFF)
+option(ENABLE_CURLDEBUG "Set to ON to build with TrackMemory feature enabled" OFF)
+
+if (ENABLE_DEBUG)
+  # DEBUGBUILD will be defined only for Debug builds
+  if(NOT CMAKE_VERSION VERSION_LESS 3.0)
+    set_property(DIRECTORY APPEND PROPERTY COMPILE_DEFINITIONS $<$<CONFIG:Debug>:DEBUGBUILD>)
+  else()
+    set_property(DIRECTORY APPEND PROPERTY COMPILE_DEFINITIONS_DEBUG DEBUGBUILD)
+  endif()
+  set(ENABLE_CURLDEBUG ON)
+endif()
+
+if (ENABLE_CURLDEBUG)
+  set_property(DIRECTORY APPEND PROPERTY COMPILE_DEFINITIONS CURLDEBUG)
+endif()
+
 # initialize CURL_LIBS
 set(CURL_LIBS "")

@ -104,11 +122,6 @@ endif()
 option(CURL_HIDDEN_SYMBOLS "Set to ON to hide libcurl internal symbols (=hide all symbols that aren't officially external)." ON)
 mark_as_advanced(CURL_HIDDEN_SYMBOLS)

-# IF(WIN32)
-# OPTION(CURL_WINDOWS_SSPI "Use windows libraries to allow NTLM authentication without openssl" ON)
-# MARK_AS_ADVANCED(CURL_WINDOWS_SSPI)
-# ENDIF()
-
 option(HTTP_ONLY "disables all protocols except HTTP (This overrides all CURL_DISABLE_* options)" OFF)
 mark_as_advanced(HTTP_ONLY)
 option(CURL_DISABLE_FTP "disables FTP" OFF)
@ -168,7 +181,7 @@ option(DISABLED_THREADSAFE "Set to explicitly specify we don't want to use threa
 mark_as_advanced(DISABLED_THREADSAFE)
 option(ENABLE_IPV6 "Define if you want to enable IPv6 support" ON)
 mark_as_advanced(ENABLE_IPV6)
-if(ENABLE_IPV6)
+if(ENABLE_IPV6 AND NOT WIN32)
  include(CheckStructHasMember)
  check_struct_has_member("struct sockaddr_in6" sin6_addr "netinet/in.h"
                          HAVE_SOCKADDR_IN6_SIN6_ADDR)
@ -235,6 +248,7 @@ include (CheckLibraryExists)
 include (CheckSymbolExists)
 include (CheckTypeSize)
 include (CheckCSourceCompiles)
+include (CMakeDependentOption)

 # On windows preload settings
 if(WIN32)
@ -272,15 +286,22 @@ endif(NOT NOT_NEED_LIBNSL)

 check_function_exists(gethostname HAVE_GETHOSTNAME)

+set(OPENSSL_DEFAULT ON)
 if(WIN32)
+  set(OPENSSL_DEFAULT OFF)
  check_library_exists_concat("ws2_32" getch        HAVE_LIBWS2_32)
  check_library_exists_concat("winmm"  getch        HAVE_LIBWINMM)
 endif()

-option(CMAKE_USE_OPENSSL "Use OpenSSL code. Experimental" ON)
+option(CMAKE_USE_OPENSSL "Use OpenSSL code. Experimental" ${OPENSSL_DEFAULT})
 mark_as_advanced(CMAKE_USE_OPENSSL)

-set(USE_SSLEAY OFF)
+if(WIN32)
+  CMAKE_DEPENDENT_OPTION(CURL_WINDOWS_SSPI "Use windows libraries to allow NTLM authentication without openssl" ON
+    "NOT CMAKE_USE_OPENSSL" OFF)
+  mark_as_advanced(CURL_WINDOWS_SSPI)
+endif()
+
 set(USE_OPENSSL OFF)
 set(HAVE_LIBCRYPTO OFF)
 set(HAVE_LIBSSL OFF)
@ -289,7 +310,6 @@ if(CMAKE_USE_OPENSSL)
  find_package(OpenSSL)
  if(OPENSSL_FOUND)
    list(APPEND CURL_LIBS ${OPENSSL_LIBRARIES})
-    set(USE_SSLEAY ON)
    set(USE_OPENSSL ON)
    set(HAVE_LIBCRYPTO ON)
    set(HAVE_LIBSSL ON)
@ -304,6 +324,8 @@ if(CMAKE_USE_OPENSSL)
    check_include_file("openssl/ssl.h"    HAVE_OPENSSL_SSL_H)
    check_include_file("openssl/x509.h"   HAVE_OPENSSL_X509_H)
    check_include_file("openssl/rand.h"   HAVE_OPENSSL_RAND_H)
+  elseif(WIN32)
+    set(CURL_WINDOWS_SSPI ON)
  endif()
 endif()

@ -339,9 +361,10 @@ if(NOT CURL_DISABLE_LDAP)
    check_include_file_concat("winber.h"  HAVE_WINBER_H)
  endif()
  
+  set(CMAKE_REQUIRED_INCLUDES_BAK ${CMAKE_REQUIRED_INCLUDES})
  set(CMAKE_LDAP_INCLUDE_DIR "" CACHE STRING "Path to LDAP include directory")
  if(CMAKE_LDAP_INCLUDE_DIR)
-    set(CMAKE_REQUIRED_INCLUDES ${CMAKE_LDAP_INCLUDE_DIR})
+    list(APPEND CMAKE_REQUIRED_INCLUDES ${CMAKE_LDAP_INCLUDE_DIR})
  endif()
  check_include_file_concat("ldap.h"           HAVE_LDAP_H)
  check_include_file_concat("lber.h"           HAVE_LBER_H)
@ -349,9 +372,11 @@ if(NOT CURL_DISABLE_LDAP)
  if(NOT HAVE_LDAP_H)
    message(STATUS "LDAP_H not found CURL_DISABLE_LDAP set ON")
    set(CURL_DISABLE_LDAP ON CACHE BOOL "" FORCE)
+    set(CMAKE_REQUIRED_INCLUDES ${CMAKE_REQUIRED_INCLUDES_BAK}) #LDAP includes won't be used
  elseif(NOT HAVE_LIBLDAP)
    message(STATUS "LDAP library '${CMAKE_LDAP_LIB}' not found CURL_DISABLE_LDAP set ON")
    set(CURL_DISABLE_LDAP ON CACHE BOOL "" FORCE)
+    set(CMAKE_REQUIRED_INCLUDES ${CMAKE_REQUIRED_INCLUDES_BAK}) #LDAP includes won't be used
  else()
    if(CMAKE_USE_OPENLDAP)
      set(USE_OPENLDAP ON)
@ -432,6 +457,7 @@ if(CURL_ZLIB)
    set(HAVE_LIBZ ON)
    list(APPEND CURL_LIBS ${ZLIB_LIBRARIES})
    include_directories(${ZLIB_INCLUDE_DIRS})
+    list(APPEND CMAKE_REQUIRED_INCLUDES ${ZLIB_INCLUDE_DIRS})
  endif()
 endif()

@ -447,7 +473,7 @@ if(CMAKE_USE_LIBSSH2)
  if(LIBSSH2_FOUND)
    list(APPEND CURL_LIBS ${LIBSSH2_LIBRARY})
    set(CMAKE_REQUIRED_LIBRARIES ${LIBSSH2_LIBRARY})
-    set(CMAKE_REQUIRED_INCLUDES "${LIBSSH2_INCLUDE_DIR}")
+    list(APPEND CMAKE_REQUIRED_INCLUDES "${LIBSSH2_INCLUDE_DIR}")
    include_directories("${LIBSSH2_INCLUDE_DIR}")
    set(HAVE_LIBSSH2 ON)
    set(USE_LIBSSH2 ON)
@ -475,12 +501,12 @@ mark_as_advanced(CMAKE_USE_GSSAPI)
 if(CMAKE_USE_GSSAPI)
  find_package(GSS)

-  set(HAVE_GSS_API ${GSS_FOUND})
+  set(HAVE_GSSAPI ${GSS_FOUND})
  if(GSS_FOUND)

    message(STATUS "Found ${GSS_FLAVOUR} GSSAPI version: \"${GSS_VERSION}\"")

-    set(CMAKE_REQUIRED_INCLUDES ${GSS_INCLUDE_DIR})
+    list(APPEND CMAKE_REQUIRED_INCLUDES ${GSS_INCLUDE_DIRECTORIES})
    check_include_file_concat("gssapi/gssapi.h"  HAVE_GSSAPI_GSSAPI_H)
    check_include_file_concat("gssapi/gssapi_generic.h" HAVE_GSSAPI_GSSAPI_GENERIC_H)
    check_include_file_concat("gssapi/gssapi_krb5.h" HAVE_GSSAPI_GSSAPI_KRB5_H)
@ -516,7 +542,7 @@ if(CMAKE_USE_GSSAPI)

    endif()

-    include_directories(${GSS_INCLUDE_DIR})
+    include_directories(${GSS_INCLUDE_DIRECTORIES})
    link_directories(${GSS_LINK_DIRECTORIES})
    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${GSS_COMPILER_FLAGS}")
    set(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} ${GSS_LINKER_FLAGS}")
@ -536,12 +562,25 @@ else()
  unset(USE_UNIX_SOCKETS CACHE)
 endif()

+
 # Check for header files
 if(NOT UNIX)
  check_include_file_concat("windows.h"      HAVE_WINDOWS_H)
  check_include_file_concat("winsock.h"      HAVE_WINSOCK_H)
  check_include_file_concat("ws2tcpip.h"     HAVE_WS2TCPIP_H)
  check_include_file_concat("winsock2.h"     HAVE_WINSOCK2_H)
+  if(CURL_WINDOWS_SSPI)
+    set(CMAKE_REQUIRED_DEFINITIONS "${CMAKE_REQUIRED_DEFINITIONS} -DSECURITY_WIN32")
+    check_include_file_concat("sspi.h"       HAVE_SSPI_H)
+    if(HAVE_SSPI_H)
+      check_include_file_concat("schannel.h" HAVE_SCHANNEL_H)
+      set(USE_WINDOWS_SSPI ON)
+      if(HAVE_SCHANNEL_H)
+        set(USE_SCHANNEL ON)
+        set(SSL_ENABLED ON)
+      endif()
+    endif()
+  endif()
 endif(NOT UNIX)

 check_include_file_concat("stdio.h"          HAVE_STDIO_H)
@ -736,7 +775,6 @@ if(CMAKE_USE_OPENSSL)
    HAVE_CRYPTO_CLEANUP_ALL_EX_DATA)
  if(HAVE_LIBCRYPTO AND HAVE_LIBSSL)
    set(USE_OPENSSL 1)
-    set(USE_SSLEAY 1)
  endif(HAVE_LIBCRYPTO AND HAVE_LIBSSL)
 endif(CMAKE_USE_OPENSSL)
 check_symbol_exists(gmtime_r      "${CURL_INCLUDES}" HAVE_GMTIME_R)
@ -1023,7 +1061,8 @@ endfunction()

 # Clear list and try to detect available features
 set(_items)
-_add_if("SSL"           SSL_ENABLED)
+_add_if("WinSSL"        SSL_ENABLED AND USE_WINDOWS_SSPI)
+_add_if("OpenSSL"       SSL_ENABLED AND USE_OPENSSL)
 _add_if("IPv6"          ENABLE_IPV6)
 _add_if("unix-sockets"  USE_UNIX_SOCKETS)
 _add_if("libz"          HAVE_LIBZ)
@ -1031,12 +1070,12 @@ _add_if("AsynchDNS"     USE_ARES OR USE_THREADS_POSIX)
 _add_if("IDN"           HAVE_LIBIDN)
 # TODO SSP1 (WinSSL) check is missing
 _add_if("SSPI"          USE_WINDOWS_SSPI)
-_add_if("GSS-API"       HAVE_GSS_API)
+_add_if("GSS-API"       HAVE_GSSAPI)
 # TODO SSP1 missing for SPNEGO
 _add_if("SPNEGO"        NOT CURL_DISABLE_CRYPTO_AUTH AND
-                        (HAVE_GSS_API OR USE_WINDOWS_SSPI))
+                        (HAVE_GSSAPI OR USE_WINDOWS_SSPI))
 _add_if("Kerberos"      NOT CURL_DISABLE_CRYPTO_AUTH AND
-                        (HAVE_GSS_API OR USE_WINDOWS_SSPI))
+                        (HAVE_GSSAPI OR USE_WINDOWS_SSPI))
 # NTLM support requires crypto function adaptions from various SSL libs
 # TODO alternative SSL libs tests for SSP1, GNUTLS, NSS, DARWINSSL
 if(NOT CURL_DISABLE_CRYPTO_AUTH AND (USE_OPENSSL OR
@ -1121,7 +1160,7 @@ set(VERSIONNUM              "${CURL_VERSION_NUM}")
 # Finally generate a "curl-config" matching this config
 configure_file("${CURL_SOURCE_DIR}/curl-config.in"
               "${CURL_BINARY_DIR}/curl-config" @ONLY)
-install(FILES "${CMAKE_BINARY_DIR}/curl-config"
+install(FILES "${CURL_BINARY_DIR}/curl-config"
        DESTINATION bin
        PERMISSIONS
          OWNER_READ OWNER_WRITE OWNER_EXECUTE
@ -1131,7 +1170,7 @@ install(FILES "${CMAKE_BINARY_DIR}/curl-config"
 # Finally generate a pkg-config file matching this config
 configure_file("${CURL_SOURCE_DIR}/libcurl.pc.in"
               "${CURL_BINARY_DIR}/libcurl.pc" @ONLY)
-install(FILES "${CMAKE_BINARY_DIR}/libcurl.pc"
+install(FILES "${CURL_BINARY_DIR}/libcurl.pc"
        DESTINATION lib/pkgconfig)

 # This needs to be run very last so other parts of the scripts can take advantage of this.
--- a/3
+++ b/3
@ -1,6 +1,7 @@
 COPYRIGHT AND PERMISSION NOTICE

-Copyright (c) 1996 - 2015, Daniel Stenberg, <daniel@haxx.se>.
+Copyright (c) 1996 - 2016, Daniel Stenberg, <daniel@haxx.se>, and many
+contributors, see the THANKS file.

 All rights reserved.

--- a/6
+++ b/6
@ -65,7 +65,7 @@ else
 ARCHES64='-arch x86_64'
 #We "know" that 10.4 and earlier do not support 64bit
 OLD_SDK64=`ls  $SDK_PATH|egrep -v "10.[0-4]"|head -1`
- NEW_SDK64=`ls -r $SDK_PATH|egrep -v "10.[0-4]"|head -1`
+ NEW_SDK64=`ls -r $SDK_PATH|egrep -v "10.[0-4][^0-9]" | head -1`
 if test $USE_OLD -gt 0
  then
   SDK64=$OLD_SDK64
@ -94,7 +94,7 @@ if test ! -z $SDK32; then
  rm -r libcurl.framework
  mkdir -p libcurl.framework/${FRAMEWORK_VERSION}/Resources
  cp lib/.libs/libcurl.dylib libcurl.framework/${FRAMEWORK_VERSION}/libcurl
-  install_name_tool -id @executable_path/../Frameworks/libcurl.framework/${FRAMEWORK_VERSION}/libcurl libcurl.framework/${FRAMEWORK_VERSION}/libcurl
+  install_name_tool -id @rpath/libcurl.framework/${FRAMEWORK_VERSION}/libcurl libcurl.framework/${FRAMEWORK_VERSION}/libcurl
  /usr/bin/sed -e "s/7\.12\.3/$VERSION/" lib/libcurl.plist >libcurl.framework/${FRAMEWORK_VERSION}/Resources/Info.plist
  mkdir -p libcurl.framework/${FRAMEWORK_VERSION}/Headers/curl
  cp include/curl/*.h libcurl.framework/${FRAMEWORK_VERSION}/Headers/curl
@ -121,7 +121,7 @@ if test ! -z $SDK32; then

    echo "----Appending 64 bit framework to 32 bit framework..."
    cp lib/.libs/libcurl.dylib libcurl.framework/${FRAMEWORK_VERSION}/libcurl64
-    install_name_tool -id @executable_path/../Frameworks/libcurl.framework/${FRAMEWORK_VERSION}/libcurl libcurl.framework/${FRAMEWORK_VERSION}/libcurl64
+    install_name_tool -id @rpath/libcurl.framework/${FRAMEWORK_VERSION}/libcurl libcurl.framework/${FRAMEWORK_VERSION}/libcurl64
    cp libcurl.framework/${FRAMEWORK_VERSION}/libcurl libcurl.framework/${FRAMEWORK_VERSION}/libcurl32
    pwd
    lipo libcurl.framework/${FRAMEWORK_VERSION}/libcurl32 libcurl.framework/${FRAMEWORK_VERSION}/libcurl64 -create -output libcurl.framework/${FRAMEWORK_VERSION}/libcurl
--- a/Makefile.am
+++ b/Makefile.am
@ -5,11 +5,11 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
-# are also available at http://curl.haxx.se/docs/copyright.html.
+# are also available at https://curl.haxx.se/docs/copyright.html.
 #
 # You may opt to use, copy, modify, merge, publish, distribute and/or sell
 # copies of the Software, and permit persons to whom the Software is
@ -32,103 +32,124 @@ CMAKE_DIST = CMakeLists.txt CMake/CMakeConfigurableFile.in	\
 VC6_LIBTMPL = projects/Windows/VC6/lib/libcurl.tmpl
 VC6_LIBDSP = projects/Windows/VC6/lib/libcurl.dsp.dist
 VC6_LIBDSP_DEPS = $(VC6_LIBTMPL) Makefile.am lib/Makefile.inc
-VC6_SRCTMPL = projects/Windows/VC6/src/curlsrc.tmpl
-VC6_SRCDSP = projects/Windows/VC6/src/curlsrc.dsp.dist
+VC6_SRCTMPL = projects/Windows/VC6/src/curl.tmpl
+VC6_SRCDSP = projects/Windows/VC6/src/curl.dsp.dist
 VC6_SRCDSP_DEPS = $(VC6_SRCTMPL) Makefile.am src/Makefile.inc

 VC7_LIBTMPL = projects/Windows/VC7/lib/libcurl.tmpl
 VC7_LIBVCPROJ = projects/Windows/VC7/lib/libcurl.vcproj.dist
 VC7_LIBVCPROJ_DEPS = $(VC7_LIBTMPL) Makefile.am lib/Makefile.inc
-VC7_SRCTMPL = projects/Windows/VC7/src/curlsrc.tmpl
-VC7_SRCVCPROJ = projects/Windows/VC7/src/curlsrc.vcproj.dist
+VC7_SRCTMPL = projects/Windows/VC7/src/curl.tmpl
+VC7_SRCVCPROJ = projects/Windows/VC7/src/curl.vcproj.dist
 VC7_SRCVCPROJ_DEPS = $(VC7_SRCTMPL) Makefile.am src/Makefile.inc

 VC71_LIBTMPL = projects/Windows/VC7.1/lib/libcurl.tmpl
 VC71_LIBVCPROJ = projects/Windows/VC7.1/lib/libcurl.vcproj.dist
 VC71_LIBVCPROJ_DEPS = $(VC71_LIBTMPL) Makefile.am lib/Makefile.inc
-VC71_SRCTMPL = projects/Windows/VC7.1/src/curlsrc.tmpl
-VC71_SRCVCPROJ = projects/Windows/VC7.1/src/curlsrc.vcproj.dist
+VC71_SRCTMPL = projects/Windows/VC7.1/src/curl.tmpl
+VC71_SRCVCPROJ = projects/Windows/VC7.1/src/curl.vcproj.dist
 VC71_SRCVCPROJ_DEPS = $(VC71_SRCTMPL) Makefile.am src/Makefile.inc

 VC8_LIBTMPL = projects/Windows/VC8/lib/libcurl.tmpl
 VC8_LIBVCPROJ = projects/Windows/VC8/lib/libcurl.vcproj.dist
 VC8_LIBVCPROJ_DEPS = $(VC8_LIBTMPL) Makefile.am lib/Makefile.inc
-VC8_SRCTMPL = projects/Windows/VC8/src/curlsrc.tmpl
-VC8_SRCVCPROJ = projects/Windows/VC8/src/curlsrc.vcproj.dist
+VC8_SRCTMPL = projects/Windows/VC8/src/curl.tmpl
+VC8_SRCVCPROJ = projects/Windows/VC8/src/curl.vcproj.dist
 VC8_SRCVCPROJ_DEPS = $(VC8_SRCTMPL) Makefile.am src/Makefile.inc

 VC9_LIBTMPL = projects/Windows/VC9/lib/libcurl.tmpl
 VC9_LIBVCPROJ = projects/Windows/VC9/lib/libcurl.vcproj.dist
 VC9_LIBVCPROJ_DEPS = $(VC9_LIBTMPL) Makefile.am lib/Makefile.inc
-VC9_SRCTMPL = projects/Windows/VC9/src/curlsrc.tmpl
-VC9_SRCVCPROJ = projects/Windows/VC9/src/curlsrc.vcproj.dist
+VC9_SRCTMPL = projects/Windows/VC9/src/curl.tmpl
+VC9_SRCVCPROJ = projects/Windows/VC9/src/curl.vcproj.dist
 VC9_SRCVCPROJ_DEPS = $(VC9_SRCTMPL) Makefile.am src/Makefile.inc

 VC10_LIBTMPL = projects/Windows/VC10/lib/libcurl.tmpl
 VC10_LIBVCXPROJ = projects/Windows/VC10/lib/libcurl.vcxproj.dist
 VC10_LIBVCXPROJ_DEPS = $(VC10_LIBTMPL) Makefile.am lib/Makefile.inc
-VC10_SRCTMPL = projects/Windows/VC10/src/curlsrc.tmpl
-VC10_SRCVCXPROJ = projects/Windows/VC10/src/curlsrc.vcxproj.dist
+VC10_SRCTMPL = projects/Windows/VC10/src/curl.tmpl
+VC10_SRCVCXPROJ = projects/Windows/VC10/src/curl.vcxproj.dist
 VC10_SRCVCXPROJ_DEPS = $(VC10_SRCTMPL) Makefile.am src/Makefile.inc

 VC11_LIBTMPL = projects/Windows/VC11/lib/libcurl.tmpl
 VC11_LIBVCXPROJ = projects/Windows/VC11/lib/libcurl.vcxproj.dist
 VC11_LIBVCXPROJ_DEPS = $(VC11_LIBTMPL) Makefile.am lib/Makefile.inc
-VC11_SRCTMPL = projects/Windows/VC11/src/curlsrc.tmpl
-VC11_SRCVCXPROJ = projects/Windows/VC11/src/curlsrc.vcxproj.dist
+VC11_SRCTMPL = projects/Windows/VC11/src/curl.tmpl
+VC11_SRCVCXPROJ = projects/Windows/VC11/src/curl.vcxproj.dist
 VC11_SRCVCXPROJ_DEPS = $(VC11_SRCTMPL) Makefile.am src/Makefile.inc

 VC12_LIBTMPL = projects/Windows/VC12/lib/libcurl.tmpl
 VC12_LIBVCXPROJ = projects/Windows/VC12/lib/libcurl.vcxproj.dist
 VC12_LIBVCXPROJ_DEPS = $(VC12_LIBTMPL) Makefile.am lib/Makefile.inc
-VC12_SRCTMPL = projects/Windows/VC12/src/curlsrc.tmpl
-VC12_SRCVCXPROJ = projects/Windows/VC12/src/curlsrc.vcxproj.dist
+VC12_SRCTMPL = projects/Windows/VC12/src/curl.tmpl
+VC12_SRCVCXPROJ = projects/Windows/VC12/src/curl.vcxproj.dist
 VC12_SRCVCXPROJ_DEPS = $(VC12_SRCTMPL) Makefile.am src/Makefile.inc

-VC_DIST = projects/README	\
- projects/build-openssl.bat	\
- projects/checksrc.bat	\
- projects/Windows/VC6/curl-all.dsw	\
- projects/Windows/VC6/lib/libcurl.dsw \
- projects/Windows/VC6/src/curlsrc.dsw \
- projects/Windows/VC7/curl-all.sln	\
- projects/Windows/VC7/lib/libcurl.sln 	\
- projects/Windows/VC7/src/curlsrc.sln 	\
- projects/Windows/VC7.1/curl-all.sln	\
- projects/Windows/VC7.1/lib/libcurl.sln \
- projects/Windows/VC7.1/src/curlsrc.sln \
- projects/Windows/VC8/curl-all.sln	\
- projects/Windows/VC8/lib/libcurl.sln 	\
- projects/Windows/VC8/src/curlsrc.sln 	\
- projects/Windows/VC9/curl-all.sln	\
- projects/Windows/VC9/lib/libcurl.sln 	\
- projects/Windows/VC9/src/curlsrc.sln 	\
- projects/Windows/VC10/curl-all.sln	\
- projects/Windows/VC10/lib/libcurl.sln 	\
- projects/Windows/VC10/src/curlsrc.sln  \
- projects/Windows/VC11/curl-all.sln	\
- projects/Windows/VC11/lib/libcurl.sln 	\
- projects/Windows/VC11/src/curlsrc.sln 	\
- projects/Windows/VC12/curl-all.sln	\
- projects/Windows/VC12/lib/libcurl.sln 	\
- projects/Windows/VC12/src/curlsrc.sln
+VC14_LIBTMPL = projects/Windows/VC14/lib/libcurl.tmpl
+VC14_LIBVCXPROJ = projects/Windows/VC14/lib/libcurl.vcxproj.dist
+VC14_LIBVCXPROJ_DEPS = $(VC14_LIBTMPL) Makefile.am lib/Makefile.inc
+VC14_SRCTMPL = projects/Windows/VC14/src/curl.tmpl
+VC14_SRCVCXPROJ = projects/Windows/VC14/src/curl.vcxproj.dist
+VC14_SRCVCXPROJ_DEPS = $(VC14_SRCTMPL) Makefile.am src/Makefile.inc
+
+VC_DIST = projects/README                           \
+ projects/build-openssl.bat                         \
+ projects/build-wolfssl.bat                         \
+ projects/checksrc.bat                              \
+ projects/Windows/VC6/curl-all.dsw                  \
+ projects/Windows/VC6/lib/libcurl.dsw               \
+ projects/Windows/VC6/src/curl.dsw                  \
+ projects/Windows/VC7/curl-all.sln                  \
+ projects/Windows/VC7/lib/libcurl.sln               \
+ projects/Windows/VC7/src/curl.sln                  \
+ projects/Windows/VC7.1/curl-all.sln                \
+ projects/Windows/VC7.1/lib/libcurl.sln             \
+ projects/Windows/VC7.1/src/curl.sln                \
+ projects/Windows/VC8/curl-all.sln                  \
+ projects/Windows/VC8/lib/libcurl.sln               \
+ projects/Windows/VC8/src/curl.sln                  \
+ projects/Windows/VC9/curl-all.sln                  \
+ projects/Windows/VC9/lib/libcurl.sln               \
+ projects/Windows/VC9/src/curl.sln                  \
+ projects/Windows/VC10/curl-all.sln                 \
+ projects/Windows/VC10/lib/libcurl.sln              \
+ projects/Windows/VC10/lib/libcurl.vcxproj.filters  \
+ projects/Windows/VC10/src/curl.sln                 \
+ projects/Windows/VC10/src/curl.vcxproj.filters     \
+ projects/Windows/VC11/curl-all.sln                 \
+ projects/Windows/VC11/lib/libcurl.sln              \
+ projects/Windows/VC11/lib/libcurl.vcxproj.filters  \
+ projects/Windows/VC11/src/curl.sln                 \
+ projects/Windows/VC11/src/curl.vcxproj.filters     \
+ projects/Windows/VC12/curl-all.sln                 \
+ projects/Windows/VC12/lib/libcurl.sln              \
+ projects/Windows/VC12/lib/libcurl.vcxproj.filters  \
+ projects/Windows/VC12/src/curl.sln                 \
+ projects/Windows/VC12/src/curl.vcxproj.filters     \
+ projects/Windows/VC14/curl-all.sln                 \
+ projects/Windows/VC14/lib/libcurl.sln              \
+ projects/Windows/VC14/lib/libcurl.vcxproj.filters  \
+ projects/Windows/VC14/src/curl.sln                 \
+ projects/Windows/VC14/src/curl.vcxproj.filters

 WINBUILD_DIST = winbuild/BUILD.WINDOWS.txt winbuild/gen_resp_file.bat	\
 winbuild/MakefileBuild.vc winbuild/Makefile.vc				\
 winbuild/Makefile.msvc.names

 EXTRA_DIST = CHANGES COPYING maketgz Makefile.dist curl-config.in	\
- RELEASE-NOTES buildconf libcurl.pc.in MacOSX-Framework	\
- $(CMAKE_DIST) $(VC_DIST) $(WINBUILD_DIST) lib/libcurl.vers.in
+ RELEASE-NOTES buildconf libcurl.pc.in MacOSX-Framework scripts/zsh.pl	\
+ $(CMAKE_DIST) $(VC_DIST) $(WINBUILD_DIST) lib/libcurl.vers.in          \
+ buildconf.bat

 CLEANFILES = $(VC6_LIBDSP) $(VC6_SRCDSP) $(VC7_LIBVCPROJ) $(VC7_SRCVCPROJ)	\
 $(VC71_LIBVCPROJ) $(VC71_SRCVCPROJ) $(VC8_LIBVCPROJ) $(VC8_SRCVCPROJ)	\
 $(VC9_LIBVCPROJ) $(VC9_SRCVCPROJ) $(VC10_LIBVCXPROJ) $(VC10_SRCVCXPROJ)	\
- $(VC11_LIBVCXPROJ) $(VC11_SRCVCXPROJ) $(VC12_LIBVCXPROJ) $(VC12_SRCVCXPROJ)
+ $(VC11_LIBVCXPROJ) $(VC11_SRCVCXPROJ) $(VC12_LIBVCXPROJ) $(VC12_SRCVCXPROJ)	\
+ $(VC14_LIBVCXPROJ) $(VC14_SRCVCXPROJ)

 bin_SCRIPTS = curl-config

-SUBDIRS = lib src include
+SUBDIRS = lib src include scripts
 DIST_SUBDIRS = $(SUBDIRS) tests packages docs

 pkgconfigdir = $(libdir)/pkgconfig
@ -148,12 +169,12 @@ dist-hook:
 	done)

 html:
-	cd docs; make html
+	cd docs && make html

 pdf:
-	cd docs; make pdf
+	cd docs && make pdf

-check: test examples
+check: test examples check-docs

 if CROSSCOMPILING
 test-full: test
@ -181,6 +202,9 @@ endif
 examples:
 	@(cd docs/examples; $(MAKE) check)

+check-docs:
+	@(cd docs/libcurl; $(MAKE) check)
+
 # This is a hook to have 'make clean' also clean up the docs and the tests
 # dir. The extra check for the Makefiles being present is necessary because
 # 'make distcheck' will make clean first in these directories _before_ it runs
@ -266,7 +290,7 @@ vc-ide: $(VC6_LIBDSP_DEPS) $(VC6_SRCDSP_DEPS) $(VC7_LIBVCPROJ_DEPS)	\
 $(VC8_LIBVCPROJ_DEPS) $(VC8_SRCVCPROJ_DEPS) $(VC9_LIBVCPROJ_DEPS)	\
 $(VC9_SRCVCPROJ_DEPS) $(VC10_LIBVCXPROJ_DEPS) $(VC10_SRCVCXPROJ_DEPS)	\
 $(VC11_LIBVCXPROJ_DEPS) $(VC11_SRCVCXPROJ_DEPS) $(VC12_LIBVCXPROJ_DEPS)	\
- $(VC12_SRCVCXPROJ_DEPS)
+ $(VC12_SRCVCXPROJ_DEPS) $(VC14_LIBVCXPROJ_DEPS) $(VC14_SRCVCXPROJ_DEPS)
 	@(win32_lib_srcs='$(LIB_CFILES)'; \
 	win32_lib_hdrs='$(LIB_HFILES) config-win32.h'; \
 	win32_lib_rc='$(LIB_RCFILES)'; \
@ -527,4 +551,22 @@ function gen_element(type, dir, file)\
 		-v src_rc="$$win32_src_rc" \
 		-v src_x_srcs="$$sorted_src_x_srcs" \
 		-v src_x_hdrs="$$sorted_src_x_hdrs" \
-		"$$awk_code" $(srcdir)/$(VC12_SRCTMPL) > $(VC12_SRCVCXPROJ) || { exit 1; };)
+		"$$awk_code" $(srcdir)/$(VC12_SRCTMPL) > $(VC12_SRCVCXPROJ) || { exit 1; }; \
+	\
+	echo "generating '$(VC14_LIBVCXPROJ)'"; \
+	awk -v proj_type=vcxproj \
+		-v lib_srcs="$$sorted_lib_srcs" \
+		-v lib_hdrs="$$sorted_lib_hdrs" \
+		-v lib_rc="$$win32_lib_rc" \
+		-v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \
+		-v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \
+		"$$awk_code" $(srcdir)/$(VC14_LIBTMPL) > $(VC14_LIBVCXPROJ) || { exit 1; }; \
+	\
+	echo "generating '$(VC14_SRCVCXPROJ)'"; \
+	awk -v proj_type=vcxproj \
+		-v src_srcs="$$sorted_src_srcs" \
+		-v src_hdrs="$$sorted_src_hdrs" \
+		-v src_rc="$$win32_src_rc" \
+		-v src_x_srcs="$$sorted_src_x_srcs" \
+		-v src_x_hdrs="$$sorted_src_x_hdrs" \
+		"$$awk_code" $(srcdir)/$(VC14_SRCTMPL) > $(VC14_SRCVCXPROJ) || { exit 1; };)
--- a/Makefile.dist
+++ b/Makefile.dist
@ -5,11 +5,11 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
-# are also available at http://curl.haxx.se/docs/copyright.html.
+# are also available at https://curl.haxx.se/docs/copyright.html.
 #
 # You may opt to use, copy, modify, merge, publish, distribute and/or sell
 # copies of the Software, and permit persons to whom the Software is
@ -566,6 +566,17 @@ src/Makefile.vc12: src/Makefile.vc6
 	@echo "generate $@"
 	@sed -e "s#/GX /DWIN32 /YX#/EHsc /DWIN32#" -e "s#/GZ#/RTC1#" -e "s/ws2_32.lib/ws2_32.lib/g" -e "s/vc6/vc12/g" -e "s/VC6/VC12/g" src/Makefile.vc6 > src/Makefile.vc12

+# VC14 makefiles are for use with VS2015
+vc14: lib/Makefile.vc14 src/Makefile.vc14
+
+lib/Makefile.vc14: lib/Makefile.vc6
+	@echo "generate $@"
+	@sed -e "s#/GX /DWIN32 /YX#/EHsc /DWIN32#" -e "s#/GZ#/RTC1#" -e "s/ws2_32.lib/ws2_32.lib/g" -e "s/vc6/vc14/g" -e "s/VC6/VC14/g" lib/Makefile.vc6 > lib/Makefile.vc14
+
+src/Makefile.vc14: src/Makefile.vc6
+	@echo "generate $@"
+	@sed -e "s#/GX /DWIN32 /YX#/EHsc /DWIN32#" -e "s#/GZ#/RTC1#" -e "s/ws2_32.lib/ws2_32.lib/g" -e "s/vc6/vc14/g" -e "s/VC6/VC14/g" src/Makefile.vc6 > src/Makefile.vc14
+
 ca-bundle: lib/mk-ca-bundle.pl
 	@echo "generate a fresh ca-bundle.crt"
 	@perl $< -b -l -u lib/ca-bundle.crt
--- a/8
+++ b/8
@ -24,7 +24,7 @@ README
 CONTACT

  If you have problems, questions, ideas or suggestions, please contact us
-  by posting to a suitable mailing list. See http://curl.haxx.se/mail/
+  by posting to a suitable mailing list. See https://curl.haxx.se/mail/

  All contributors to the project are listed in the THANKS document.

@ -32,18 +32,18 @@ WEB SITE

  Visit the curl web site for the latest news and downloads:

-        http://curl.haxx.se/
+        https://curl.haxx.se/

 GIT

  To download the very latest source off the GIT server do this:

-    git clone git://github.com/bagder/curl.git
+    git clone https://github.com/curl/curl.git

  (you'll get a directory named curl created, filled with the source code)

 NOTICE

  Curl contains pieces of source code that is Copyright (c) 1998, 1999
-  Kungliga Tekniska Högskolan. This notice is included here to comply with the
+  Kungliga Tekniska Högskolan. This notice is included here to comply with the
  distribution terms.
--- a/README.md
+++ b/README.md
@ -0,0 +1,45 @@
+
+Curl is a command line tool for transferring data specified with URL
+syntax. Find out how to use curl by reading [the curl.1 man
+page](https://curl.haxx.se/docs/manpage.html) or [the MANUAL
+document](https://curl.haxx.se/docs/manual.html). Find out how to install Curl
+by reading [the INSTALL document](https://curl.haxx.se/docs/install.html).
+
+libcurl is the library curl is using to do its job. It is readily available to
+be used by your software. Read [the libcurl.3 man
+page](https://curl.haxx.se/libcurl/c/libcurl.html) to learn how!
+
+You find answers to the most frequent questions we get in [the FAQ
+document](https://curl.haxx.se/docs/faq.html).
+
+Study [the COPYING file](https://curl.haxx.se/docs/copyright.html) for
+distribution terms and similar. If you distribute curl binaries or other
+binaries that involve libcurl, you might enjoy [the LICENSE-MIXING
+document](https://curl.haxx.se/legal/licmix.html).
+
+## CONTACT
+
+If you have problems, questions, ideas or suggestions, please contact us by
+posting to a suitable [mailing list](https://curl.haxx.se/mail/).
+
+All contributors to the project are listed in [the THANKS
+document](https://curl.haxx.se/docs/thanks.html).
+
+## WEB SITE
+
+Visit the [curl web site](https://curl.haxx.se/) for the latest news and
+downloads.
+
+## GIT
+
+To download the very latest source off the GIT server do this:
+
+    git clone https://github.com/curl/curl.git
+
+(you'll get a directory named curl created, filled with the source code)
+
+## NOTICE
+
+Curl contains pieces of source code that is Copyright (c) 1998, 1999 Kungliga
+Tekniska Högskolan. This notice is included here to comply with the
+distribution terms.
--- a/244
+++ b/244
@ -1,123 +1,159 @@
-Curl and libcurl 7.41.0
+Curl and libcurl 7.48.0

- Public curl releases:         144
- Command line options:         163
- curl_easy_setopt() options:   209
- Public functions in libcurl:  58
- Contributors:                 1233
+ Public curl releases:         153
+ Command line options:         179
+ curl_easy_setopt() options:   221
+ Public functions in libcurl:  61
+ Contributors:                 1364

 This release includes the following changes:

- o NetWare build: added TLS-SRP enabled build
- o winbuild: Added option to build with c-ares
- o Added --cert-status [9]
- o Added CURLOPT_SSL_VERIFYSTATUS [10]
- o sasl: implement EXTERNAL authentication mechanism
+ o configure: --with-ca-fallback: use built-in TLS CA fallback [2]
+ o TFTP: add --tftp-no-options to expose CURLOPT_TFTP_NO_OPTIONS [22]
+ o getinfo: CURLINFO_TLS_SSL_PTR supersedes CURLINFO_TLS_SESSION [25]
+ o added CODE_STYLE.md [47]

 This release includes the following bugfixes:

- o sasl_gssapi: Fixed build on NetBSD with built-in GSS-API [1]
- o FTP: fix IPv6 host using link-local address [2]
- o FTP: if EPSV fails on IPV6 connections, bail out
- o gssapi: Remove need for duplicated GSS_C_NT_HOSTBASED_SERVICE definitions
- o NSS: fix compiler error when built http2-enabled
- o mingw build: allow to pass custom CFLAGS [3]
- o add -m64 CFLAGS when targeting mingw64, add -m32/-m64 to LDFLAGS [4]
- o curl_schannel.c: mark session as removed from cache if not freed [5]
- o Curl_pretransfer: reset expected transfer sizes [6]
- o curl.h: remove extra space [7]
- o curl_endian: Fixed build when 64-bit integers are not supported [8]
- o checksrc.bat: Better detection of Perl installation
- o build-openssl.bat: Added check for Perl installation
- o http_negotiate: Return CURLcode in Curl_input_negotiate() instead of int
- o http_negotiate: Added empty decoded challenge message info text
- o vtls: Removed unimplemented overrides of curlssl_close_all()
- o sasl_gssapi: Fixed memory leak with local SPN variable
- o http_negotiate: Use dynamic buffer for SPN generation
- o ldap: Renamed the CURL_LDAP_WIN definition to USE_WIN32_LDAP
- o openssl: do public key pinning check independently [11]
- o timeval: typecast for better type (on Amiga)
- o ipv6: enclose AF_INET6 uses with proper #ifdefs for ipv6
- o SASL: common URL option and auth capabilities decoders for all protocols
- o BoringSSL: fix build
- o BoringSSL: detected by configure, switches off NTLM
- o openvms: Handle openssl/0.8.9zb version parsing
- o configure: detect libresssl
- o configure: remove detection of the old yassl emulation API
- o curl_setup: Disable SMB/CIFS support when HTTP only
- o imap: remove automatic password setting: it breaks external sasl authentication
- o sasl: remove XOAUTH2 from default enabled authentication mechanism
- o runtests: identify BoringSSL and libressl
- o security: avoid compiler warning
- o ldap: build with BoringSSL
- o des: Added Curl_des_set_odd_parity()
- o CURLOPT_SEEKFUNCTION.3: also when server closes a connection
- o CURLOPT_HTTP_VERSION.3: CURL_HTTP_VERSION_2_0 added in 7.33.0
- o build: Removed unused Visual Studio bscmake settings
- o build: Enabled DEBUGBUILD in Visual Studio debug builds
- o build: Renamed top level Visual Studio solution files
- o build: Removed Visual Studio SuppressStartupBanner directive for VC8+
- o libcurl-symbols: first basic shot for autogenerated docs
- o Makefile.am: fix 'make distcheck'
- o getpass_r: read from stdin, not stdout! [12]
- o getpass: protect include with proper #ifdef
- o opts: CURLOPT_CAINFO availability depends on SSL engine
- o more cleanup of 'CURLcode result' return code 
- o MD4: replace implementation
- o MD5: replace implementation
- o openssl: SSL_SESSION->ssl_version no longer exist [13]
- o md5: use axTLS's own MD5 functions when available
- o schannel: Removed curl_ prefix from source files
- o curl.1: add warning when using -H and redirects
- o curl.1: clarify that -X is used for all requests
- o gskit: Fix exclusive SSLv3 option
- o polarssl: Fix exclusive SSL protocol version options [14]
- o http2: Fix bug that associated stream canceled on PUSH_PROMISE
- o ftp: accept all 2xx responses to the PORT command
- o configure: allow both --with-ca-bundle and --with-ca-path [15]
- o cmake: install the dll file to the correct directory
- o nss: fix NPN/ALPN protocol negotiation
- o polarssl: fix ALPN protocol negotiation
- o cmake: Fix generation of tool_hugehelp.c on windows
- o cmake: fix winsock2 detection on windows
- o gnutls: fix build with HTTP2
- o connect: fix a spurious connect failure on dual-stacked hosts [16]
- o test: test 530 is now less timing dependent
- o telnet: invalid use of custom read function if not set
+ o Proxy-Connection: stop sending this header by default [1]
+ o os400: sync ILE/RPG definitions with latest public header files
+ o cookies: allow spaces in cookie names, cut of trailing spaces [3]
+ o tool_urlglob: Allow reserved dos device names (Windows) [4]
+ o openssl: remove most BoringSSL #ifdefs [5]
+ o tool_doswin: Support for literal path prefix \\?\
+ o mbedtls: fix ALPN usage segfault [6]
+ o mbedtls: fix memory leak when destroying SSL connection data [7]
+ o nss: do not count enabled cipher-suites
+ o examples/cookie_interface.c: add cleanup call
+ o examples: adhere to curl code style
+ o curlx_tvdiff: handle 32bit time_t overflows [8]
+ o dist: ship buildconf.bat too
+ o curl.1: --disable-{eprt,epsv} are ignored for IPv6 hosts [9]
+ o generate.bat: Fix comment bug by removing old comments [10]
+ o test1604: Add to Makefile.inc so it gets run
+ o gtls: fix for builds lacking encrypted key file support [11]
+ o SCP: use libssh2_scp_recv2 to support > 2GB files on windows [12]
+ o CURLOPT_CONNECTTIMEOUT_MS.3: Fix example to use milliseconds option [13]
+ o cookie: do not refuse cookies to localhost [14]
+ o openssl: avoid direct PKEY access with OpenSSL 1.1.0 [15]
+ o http: Don't break the header into chunks if HTTP/2 [16]
+ o http2: don't decompress gzip decoding automatically [17]
+ o curlx.c: i2s_ASN1_IA5STRING() clashes with an openssl function
+ o curl.1: add a missing dash
+ o curl.1: HTTP headers for --cookie must be Set-Cookie style [18]
+ o CURLOPT_COOKIEFILE.3: HTTP headers must be Set-Cookie style [18]
+ o curl_sasl: Fix memory leak in digest parser [19]
+ o src/Makefile.m32: add CURL_{LD,C}FLAGS_EXTRAS support [20]
+ o CURLOPT_DEBUGFUNCTION.3: Fix example
+ o runtests: Fixed usage of %PWD on MinGW64 [21]
+ o tests/sshserver.pl: use RSA instead of DSA for host auth [23]
+ o multi_remove_handle: keep the timeout list until after disconnect [24]
+ o Curl_read: check for activated HTTP/1 pipelining, not only requested
+ o configure: warn on invalid ca bundle or path [26]
+ o file: try reading from files with no size [27]
+ o getinfo: Add support for mbedTLS TLS session info
+ o formpost: fix memory leaks in AddFormData error branches [28]
+ o makefile.m32: allow to pass .dll/.exe-specific LDFLAGS [29]
+ o url: if Curl_done is premature then pipeline not in use [30]
+ o cookie: remove redundant check [31]
+ o cookie: Don't expire session cookies in remove_expired [32]
+ o makefile.m32: fix to allow -ssh2-winssl combination [33]
+ o checksrc.bat: Fixed cannot find perl if installed but not in path
+ o build-openssl.bat: Fixed cannot find perl if installed but not in path
+ o mbedtls: fix user-specified SSL protocol version
+ o makefile.m32: add missing libs for static -winssl-ssh2 builds [34]
+ o test46: change cookie expiry date [35]
+ o pipeline: Sanity check pipeline pointer before accessing it [36]
+ o openssl: use the correct OpenSSL/BoringSSL/LibreSSL in messages
+ o ftp_done: clear tunnel_state when secondary socket closes [37]
+ o opt-docs: fix heading macros [38]
+ o imap/pop3/smtp: Fixed connections upgraded with TLS are not reused [39]
+ o curl_multi_wait: never return -1 in 'numfds' [40]
+ o url.c: fix clang warning: no newline at end of file
+ o krb5: improved type handling to avoid clang compiler warnings
+ o cookies: first n/v pair in Set-Cookie: is the cookie, then parameters [41]
+ o multi: avoid blocking during CURLM_STATE_WAITPROXYCONNECT [42]
+ o multi hash: ensure modulo performed on curl_socket_t [43]
+ o curl: glob_range: no need to check unsigned variable for negative
+ o easy: add check to malloc() when running event-based
+ o CURLOPT_SSLENGINE.3: Only for OpenSSL built with engine support [44]
+ o version: thread safety
+ o openssl: verbose: show matching SAN pattern
+ o openssl: adapt to OpenSSL 1.1.0 API breakage in ERR_remove_thread_state()
+ o formdata.c: Fixed compilation warning
+ o configure: use cpp -P when needed [45]
+ o imap.c: Fixed compilation warning with /Wall enabled
+ o config-w32.h: Fixed compilation warning when /Wall enabled
+ o ftp/imap/pop3/smtp: Fixed compilation warning when /Wall enabled
+ o build: Added missing Visual Studio filter files for VC10 onwards
+ o easy: Remove poll failure check in easy_transfer
+ o mbedtls: fix compiler warning
+ o build-wolfssl: Update VS properties for wolfSSL v3.9.0
+ o Fixed various compilation warnings when verbose strings disabled

 This release includes the following known bugs:

- o see docs/KNOWN_BUGS (http://curl.haxx.se/docs/knownbugs.html)
+ o see docs/KNOWN_BUGS (https://curl.haxx.se/docs/knownbugs.html)

 This release would not have looked like this without help, code, reports and
 advice from friends like these:

-  Alessandro Ghedini, Alexander Peslyak, Ben Boeckel, Brad King, Brad Spencer,
-  Chris Young, Dan Fandrich, Daniel Stenberg, Gisle Vanem, Guenter Knauf,
-  Jean-Francois Durand, Joe Mason, John E. Malmberg, Jon Seymour, Julian Ospald,
-  Kamil Dudka, Kyle J. McKay, Leith Bade, Marc Hoersken, Michael Kaufmann,
-  Michael Wallner, Mohammad AlSaleh, Nick Zitzmann, Patrick Monnerat,
-  Ray Satiro, Rich Burridge, Sam Schanken, Sergei Nikulov, Steve Holme,
-  Tatsuhiro Tsujikawa, Thomas Klausner, Viktor Szakats, Vojtěch Král,
-  Yun SangHo
+  Anders Bakken, Brad Fitzpatrick, Clint Clayton, Dan Fandrich,
+  Daniel Stenberg, David Benjamin, David Byron, Emil Lerner, Eric S. Raymond,
+  Gisle Vanem, Jaime Fullaondo, Jeffrey Walton, Jesse Tan, Justin Ehlert,
+  Kamil Dudka, Kazuho Oku, Ludwig Nussel, Maksim Kuzevanov, Michael König,
+  Oliver Graute, Patrick Monnerat, Rafael Antonio, Ray Satiro, Seth Mos,
+  Shine Fan, Steve Holme, Tatsuhiro Tsujikawa, Timotej Lazar, Tim Rühsen,
+  Viktor Szakáts,
+  (30 contributors)

        Thanks! (and sorry if I forgot to mention someone)

 References to bug reports and discussions on issues:

- [1] = http://curl.haxx.se/bug/view.cgi?id=1469
- [2] = http://curl.haxx.se/bug/view.cgi?id=1468
- [3] = https://github.com/bagder/curl/pull/136
- [4] = https://github.com/bagder/curl/pull/134
- [5] = http://curl.haxx.se/mail/lib-2015-01/0036.html
- [6] = http://curl.haxx.se/mail/lib-2015-01/0065.html
- [7] = https://github.com/bagder/curl/pull/137
- [8] = http://curl.haxx.se/mail/lib-2015-01/0094.html
- [9] = http://curl.haxx.se/docs/manpage.html#--cert-status
- [10] = http://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYSTATUS.html
- [11] = http://curl.haxx.se/bug/view.cgi?id=1471
- [12] = http://curl.haxx.se/bug/view.cgi?id=1476
- [13] = http://curl.haxx.se/mail/lib-2015-02/0034.html
- [14] = http://curl.haxx.se/mail/lib-2015-01/0002.html
- [15] = https://github.com/bagder/curl/pull/139
- [16] = https://bugzilla.redhat.com/1187531
+ [1] = https://curl.haxx.se/bug/?i=633
+ [2] = https://curl.haxx.se/bug/?i=569
+ [3] = https://curl.haxx.se/bug/?i=639
+ [4] = https://github.com/curl/curl/commit/4520534#commitcomment-15954863
+ [5] = https://curl.haxx.se/bug/?i=640
+ [6] = https://curl.haxx.se/bug/?i=642
+ [7] = https://curl.haxx.se/bug/?i=626
+ [8] = https://curl.haxx.se/bug/?i=646
+ [9] = https://bugzilla.redhat.com/1305970
+ [10] = https://curl.haxx.se/bug/?i=649
+ [11] = https://curl.haxx.se/bug/?i=651
+ [12] = https://curl.haxx.se/bug/?i=451
+ [13] = https://curl.haxx.se/bug/?i=653
+ [14] = https://curl.haxx.se/bug/?i=658
+ [15] = https://curl.haxx.se/bug/?i=650
+ [16] = https://curl.haxx.se/bug/?i=659
+ [17] = https://curl.haxx.se/bug/?i=661
+ [18] = https://curl.haxx.se/bug/?i=666
+ [19] = https://curl.haxx.se/bug/?i=667
+ [20] = https://curl.haxx.se/bug/?i=670
+ [21] = https://curl.haxx.se/bug/?i=672
+ [22] = https://curl.haxx.se/bug/?i=481
+ [23] = https://curl.haxx.se/bug/?i=676
+ [24] = https://curl.haxx.se/mail/lib-2016-02/0097.html
+ [25] = https://curl.haxx.se/libcurl/c/CURLINFO_TLS_SSL_PTR.html
+ [26] = https://curl.haxx.se/bug/?i=404
+ [27] = https://curl.haxx.se/bug/?i=681
+ [28] = https://curl.haxx.se/bug/?i=688
+ [29] = https://curl.haxx.se/bug/?i=689
+ [30] = https://curl.haxx.se/bug/?i=690
+ [31] = https://curl.haxx.se/bug/?i=695
+ [32] = https://curl.haxx.se/bug/?i=697
+ [33] = https://curl.haxx.se/bug/?i=692
+ [34] = https://curl.haxx.se/bug/?i=693
+ [35] = https://curl.haxx.se/bug/?i=697
+ [36] = https://curl.haxx.se/bug/?i=704
+ [37] = https://curl.haxx.se/bug/?i=701
+ [38] = https://curl.haxx.se/bug/?i=705
+ [39] = https://curl.haxx.se/bug/?i=422
+ [40] = https://curl.haxx.se/bug/?i=707
+ [41] = https://curl.haxx.se/bug/?i=709
+ [42] = https://curl.haxx.se/bug/?i=703
+ [43] = https://curl.haxx.se/bug/?i=712
+ [44] = https://curl.haxx.se/mail/lib-2016-03/0150.html
+ [45] = https://curl.haxx.se/bug/?i=719
+ [47] = https://curl.haxx.se/dev/code-style.html
--- a/acinclude.m4
+++ b/acinclude.m4
@ -5,11 +5,11 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
-# are also available at http://curl.haxx.se/docs/copyright.html.
+# are also available at https://curl.haxx.se/docs/copyright.html.
 #
 # You may opt to use, copy, modify, merge, publish, distribute and/or sell
 # copies of the Software, and permit persons to whom the Software is
@ -20,7 +20,6 @@
 #
 #***************************************************************************

-
 dnl CURL_CHECK_DEF (SYMBOL, [INCLUDES], [SILENT])
 dnl -------------------------------------------------
 dnl Use the C preprocessor to find out if the given object-style symbol
@ -31,6 +30,10 @@ dnl result in a set of double-quoted strings the returned expansion will
 dnl actually be a single double-quoted string concatenating all them.

 AC_DEFUN([CURL_CHECK_DEF], [
+  AC_REQUIRE([CURL_CPP_P])dnl
+  OLDCPPFLAGS=$CPPFLAGS
+  # CPPPFLAGS comes from CURL_CPP_P
+  CPPFLAGS="$CPPPFLAGS"
  AS_VAR_PUSHDEF([ac_HaveDef], [curl_cv_have_def_$1])dnl
  AS_VAR_PUSHDEF([ac_Def], [curl_cv_def_$1])dnl
  if test -z "$SED"; then
@ -67,6 +70,7 @@ CURL_DEF_TOKEN $1
  fi
  AS_VAR_POPDEF([ac_Def])dnl
  AS_VAR_POPDEF([ac_HaveDef])dnl
+  CPPFLAGS=$OLDCPPFLAGS
 ])


@ -1851,8 +1855,10 @@ AC_DEFUN([CURL_CHECK_FUNC_CLOCK_GETTIME_MONOTONIC], [
  AC_REQUIRE([AC_HEADER_TIME])dnl
  AC_CHECK_HEADERS(sys/types.h sys/time.h time.h)
  AC_MSG_CHECKING([for monotonic clock_gettime])
-  AC_COMPILE_IFELSE([
-    AC_LANG_PROGRAM([[
+  #
+  if test "x$dontwant_rt" == "xno" ; then
+    AC_COMPILE_IFELSE([
+      AC_LANG_PROGRAM([[
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
 #endif
@ -1866,17 +1872,18 @@ AC_DEFUN([CURL_CHECK_FUNC_CLOCK_GETTIME_MONOTONIC], [
 #include <time.h>
 #endif
 #endif
-    ]],[[
-      struct timespec ts;
-      (void)clock_gettime(CLOCK_MONOTONIC, &ts);
-    ]])
-  ],[
-    AC_MSG_RESULT([yes])
-    ac_cv_func_clock_gettime="yes"
-  ],[
-    AC_MSG_RESULT([no])
-    ac_cv_func_clock_gettime="no"
-  ])
+      ]],[[
+        struct timespec ts;
+        (void)clock_gettime(CLOCK_MONOTONIC, &ts);
+      ]])
+    ],[
+      AC_MSG_RESULT([yes])
+      ac_cv_func_clock_gettime="yes"
+    ],[
+      AC_MSG_RESULT([no])
+      ac_cv_func_clock_gettime="no"
+    ])
+  fi
  dnl Definition of HAVE_CLOCK_GETTIME_MONOTONIC is intentionally postponed
  dnl until library linking and run-time checks for clock_gettime succeed.
 ])
@ -2452,23 +2459,6 @@ AC_DEFUN([CURL_CHECK_FUNC_SELECT], [
 ])


-# This is only a temporary fix. This macro is here to replace the broken one
-# delivered by the automake project (including the 1.9.6 release). As soon as
-# they ship a working version we SHOULD remove this work-around.
-
-AC_DEFUN([AM_MISSING_HAS_RUN],
-[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
-test x"${MISSING+set}" = xset || MISSING="\${SHELL} \"$am_aux_dir/missing\""
-# Use eval to expand $SHELL
-if eval "$MISSING --run true"; then
-  am_missing_run="$MISSING --run "
-else
-  am_missing_run=
-  AC_MSG_WARN([`missing' script is too old or missing])
-fi
-])
-
-
 dnl CURL_VERIFY_RUNTIMELIBS
 dnl -------------------------------------------------
 dnl Verify that the shared libs found so far can be used when running
@ -2584,7 +2574,8 @@ AC_DEFUN([CURL_CHECK_CA_BUNDLE], [
  AC_MSG_CHECKING([default CA cert bundle/path])

  AC_ARG_WITH(ca-bundle,
-AC_HELP_STRING([--with-ca-bundle=FILE], [File name to use as CA bundle])
+AC_HELP_STRING([--with-ca-bundle=FILE],
+[Path to a file containing CA certificates (example: /etc/ca-bundle.crt)])
 AC_HELP_STRING([--without-ca-bundle], [Don't use a default CA bundle]),
  [
    want_ca="$withval"
@ -2594,7 +2585,11 @@ AC_HELP_STRING([--without-ca-bundle], [Don't use a default CA bundle]),
  ],
  [ want_ca="unset" ])
  AC_ARG_WITH(ca-path,
-AC_HELP_STRING([--with-ca-path=DIRECTORY], [Directory to use as CA path])
+AC_HELP_STRING([--with-ca-path=DIRECTORY],
+[Path to a directory containing CA certificates stored individually, with \
+their filenames in a hash format. This option can be used with OpenSSL, \
+GnuTLS and PolarSSL backends. Refer to OpenSSL c_rehash for details. \
+(example: /etc/certificates)])
 AC_HELP_STRING([--without-ca-path], [Don't use a default CA path]),
  [
    want_capath="$withval"
@ -2604,6 +2599,10 @@ AC_HELP_STRING([--without-ca-path], [Don't use a default CA path]),
  ],
  [ want_capath="unset"])

+  ca_warning="   (warning: certs not found)"
+  capath_warning="   (warning: certs not found)"
+  check_capath=""
+
  if test "x$want_ca" != "xno" -a "x$want_ca" != "xunset" -a \
          "x$want_capath" != "xno" -a "x$want_capath" != "xunset"; then
    dnl both given
@ -2615,8 +2614,8 @@ AC_HELP_STRING([--without-ca-path], [Don't use a default CA path]),
    capath="no"
  elif test "x$want_capath" != "xno" -a "x$want_capath" != "xunset"; then
    dnl --with-ca-path given
-    if test "x$OPENSSL_ENABLED" != "x1" -a "x$POLARSSL_ENABLED" != "x1"; then
-      AC_MSG_ERROR([--with-ca-path only works with openSSL or PolarSSL])
+    if test "x$OPENSSL_ENABLED" != "x1" -a "x$GNUTLS_ENABLED" != "x1" -a "x$POLARSSL_ENABLED" != "x1"; then
+      AC_MSG_ERROR([--with-ca-path only works with OpenSSL, GnuTLS or PolarSSL])
    fi
    capath="$want_capath"
    ca="no"
@ -2652,12 +2651,7 @@ AC_HELP_STRING([--without-ca-path], [Don't use a default CA path]),
      fi
      if test "x$want_capath" = "xunset" -a "x$ca" = "xno" -a \
              "x$OPENSSL_ENABLED" = "x1"; then
-        for a in /etc/ssl/certs/; do
-          if test -d "$a" && ls "$a"/[[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f]].0 >/dev/null 2>/dev/null; then
-            capath="$a"
-            break
-          fi
-        done
+        check_capath="/etc/ssl/certs/"
      fi
    else
      dnl no option given and cross-compiling
@ -2665,6 +2659,30 @@ AC_HELP_STRING([--without-ca-path], [Don't use a default CA path]),
    fi
  fi

+  if test "x$ca" = "xno" || test -f "$ca"; then
+    ca_warning=""
+  fi
+
+  if test "x$capath" != "xno"; then
+    check_capath="$capath"
+  fi
+
+  if test ! -z "$check_capath"; then
+    for a in "$check_capath"; do
+      if test -d "$a" && ls "$a"/[[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f]].0 >/dev/null 2>/dev/null; then
+        if test "x$capath" = "xno"; then
+          capath="$a"
+        fi
+        capath_warning=""
+        break
+      fi
+    done
+  fi
+
+  if test "x$capath" = "xno"; then
+    capath_warning=""
+  fi
+
  if test "x$ca" != "xno"; then
    CURL_CA_BUNDLE='"'$ca'"'
    AC_DEFINE_UNQUOTED(CURL_CA_BUNDLE, "$ca", [Location of default ca bundle])
@ -2676,9 +2694,27 @@ AC_HELP_STRING([--without-ca-path], [Don't use a default CA path]),
    AC_DEFINE_UNQUOTED(CURL_CA_PATH, "$capath", [Location of default ca path])
    AC_MSG_RESULT([$capath (capath)])
  fi
-  if test "x$ca" == "xno" && test "x$capath" == "xno"; then
+  if test "x$ca" = "xno" && test "x$capath" = "xno"; then
    AC_MSG_RESULT([no])
  fi
+
+  AC_MSG_CHECKING([whether to use builtin CA store of SSL library])
+  AC_ARG_WITH(ca-fallback,
+AC_HELP_STRING([--with-ca-fallback], [Use the built in CA store of the SSL library])
+AC_HELP_STRING([--without-ca-fallback], [Don't use the built in CA store of the SSL library]),
+  [
+    if test "x$with_ca_fallback" != "xyes" -a "x$with_ca_fallback" != "xno"; then
+      AC_MSG_ERROR([--with-ca-fallback only allows yes or no as parameter])
+    fi
+  ],
+  [ with_ca_fallback="no"])
+  AC_MSG_RESULT([$with_ca_fallback])
+  if test "x$with_ca_fallback" = "xyes"; then
+    if test "x$OPENSSL_ENABLED" != "x1" -a "x$GNUTLS_ENABLED" != "x1"; then
+      AC_MSG_ERROR([--with-ca-fallback only works with OpenSSL or GnuTLS])
+    fi
+    AC_DEFINE_UNQUOTED(CURL_CA_FALLBACK, 1, [define "1" to use built in CA store of SSL library ])
+  fi
 ])


@ -2851,7 +2887,6 @@ AC_DEFUN([CURL_CONFIGURE_CURL_OFF_T], [
  #
  x_LP64_long=""
  x_LP32_long=""
-  x_LP16_long=""
  #
  if test "$ac_cv_sizeof_long" -eq "8" &&
     test "$ac_cv_sizeof_voidp" -ge "8"; then
@ -2859,9 +2894,6 @@ AC_DEFUN([CURL_CONFIGURE_CURL_OFF_T], [
  elif test "$ac_cv_sizeof_long" -eq "4" &&
       test "$ac_cv_sizeof_voidp" -ge "4"; then
    x_LP32_long="long"
-  elif test "$ac_cv_sizeof_long" -eq "2" &&
-       test "$ac_cv_sizeof_voidp" -ge "2"; then
-    x_LP16_long="long"
  fi
  #
  dnl DO_CURL_OFF_T_CHECK results are stored in next 3 vars
@ -2895,17 +2927,6 @@ AC_DEFUN([CURL_CONFIGURE_CURL_OFF_T], [
    done
    AC_MSG_RESULT([$curl_typeof_curl_off_t])
  fi
-  if test "$curl_typeof_curl_off_t" = "unknown"; then
-    AC_MSG_CHECKING([for 16-bit curl_off_t data type])
-    for t2 in          \
-      "$x_LP16_long"   \
-      'int16_t'        \
-      '__int16'        \
-      'int'            ; do
-      DO_CURL_OFF_T_CHECK([$t2], [2])
-    done
-    AC_MSG_RESULT([$curl_typeof_curl_off_t])
-  fi
  if test "$curl_typeof_curl_off_t" = "unknown"; then
    AC_MSG_ERROR([cannot find data type for curl_off_t.])
  fi
@ -3066,12 +3087,14 @@ dnl Optionally PKG_CONFIG_LIBDIR may be given as $pcdir.
 dnl

 AC_DEFUN([CURL_CHECK_PKGCONFIG], [
+    if test -n "$PKG_CONFIG"; then
+      PKGCONFIG="$PKG_CONFIG"
+    else
+      AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no],
+        [$PATH:/usr/bin:/usr/local/bin])
+    fi

-    PKGCONFIG="no"
-
-    AC_PATH_TOOL( PKGCONFIG, pkg-config, no, $PATH:/usr/bin:/usr/local/bin)
-
-    if test x$PKGCONFIG != xno; then
+    if test "x$PKGCONFIG" != "xno"; then
      AC_MSG_CHECKING([for $1 options with pkg-config])
      dnl ask pkg-config about $1
      itexists=`CURL_EXPORT_PCDIR([$2]) dnl
@ -3128,3 +3151,48 @@ use vars qw(
 1;
 _EOF
 ])
+
+dnl CURL_CPP_P
+dnl
+dnl Check if $cpp -P should be used for extract define values due to gcc 5
+dnl splitting up strings and defines between line outputs. gcc by default
+dnl (without -P) will show TEST EINVAL TEST as
+dnl
+dnl # 13 "conftest.c"
+dnl TEST
+dnl # 13 "conftest.c" 3 4
+dnl     22
+dnl # 13 "conftest.c"
+dnl            TEST
+
+AC_DEFUN([CURL_CPP_P], [
+  AC_MSG_CHECKING([if cpp -P is needed])
+  AC_EGREP_CPP([TEST.*TEST], [
+ #include <errno.h>
+TEST EINVAL TEST
+  ], [cpp=no], [cpp=yes])
+  AC_MSG_RESULT([$cpp])
+
+  dnl we need cpp -P so check if it works then
+  if test "x$cpp" = "xyes"; then
+    AC_MSG_CHECKING([if cpp -P works])
+    OLDCPPFLAGS=$CPPFLAGS
+    CPPFLAGS="$CPPFLAGS -P"
+    AC_EGREP_CPP([TEST.*TEST], [
+ #include <errno.h>
+TEST EINVAL TEST
+    ], [cpp_p=yes], [cpp_p=no])
+    AC_MSG_RESULT([$cpp_p])
+
+    if test "x$cpp_p" = "xno"; then
+      AC_MSG_WARN([failed to figure out cpp -P alternative])
+      # without -P
+      CPPPFLAGS=$OLDCPPFLAGS
+    else
+      # with -P
+      CPPPFLAGS=$CPPFLAGS
+    fi
+    dnl restore CPPFLAGS
+    CPPFLAGS=$OLDCPPFLAGS
+  fi
+])
--- a/appveyor.yml
+++ b/appveyor.yml
@ -0,0 +1,35 @@
+version: 7.47.0.{build}
+
+environment:
+    matrix:
+      - PRJ_GEN: "Visual Studio 11 2012 Win64"
+        BDIR: msvc2012
+        PRJ_CFG: Release
+        OPENSSL: OFF
+      - PRJ_GEN: "Visual Studio 12 2013 Win64"
+        BDIR: msvc2013
+        PRJ_CFG: Release
+        OPENSSL: OFF
+      - PRJ_GEN: "Visual Studio 14 2015 Win64"
+        BDIR: msvc2015
+        PRJ_CFG: Release
+        OPENSSL: OFF
+      - PRJ_GEN: "Visual Studio 11 2012 Win64"
+        BDIR: msvc2012
+        PRJ_CFG: Release
+        OPENSSL: ON
+      - PRJ_GEN: "Visual Studio 12 2013 Win64"
+        BDIR: msvc2013
+        PRJ_CFG: Release
+        OPENSSL: ON
+      - PRJ_GEN: "Visual Studio 14 2015 Win64"
+        BDIR: msvc2015
+        PRJ_CFG: Release
+        OPENSSL: ON
+
+
+build_script:
+    - mkdir build.%BDIR%
+    - cd build.%BDIR%
+    - cmake .. -G"%PRJ_GEN%" -DCMAKE_USE_OPENSSL=%OPENSSL%
+    - cmake --build . --config %PRJ_CFG% --clean-first
--- a/6
+++ b/6
@ -10,7 +10,7 @@
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
-# are also available at http://curl.haxx.se/docs/copyright.html.
+# are also available at https://curl.haxx.se/docs/copyright.html.
 #
 # You may opt to use, copy, modify, merge, publish, distribute and/or sell
 # copies of the Software, and permit persons to whom the Software is
@ -318,6 +318,8 @@ for fname in .deps \
    ltsugar.m4 \
    ltversion.m4 \
    lt~obsolete.m4 \
+    missing \
+    install-sh \
    stamp-h1 \
    stamp-h2 \
    stamp-h3 ; do
@ -329,7 +331,7 @@ done
 #

 echo "buildconf: running libtoolize"
-${libtoolize} --copy --automake --force || die "libtoolize command failed"
+${libtoolize} --copy --force || die "libtoolize command failed"

 # When using libtool 1.5.X (X < 26) we copy libtool.m4 to our local m4
 # subdirectory and this local copy is patched to fix some warnings that
--- a/buildconf.bat
+++ b/buildconf.bat
@ -1,38 +1,350 @@
@echo off
-REM
-REM
-REM This batch file must be used to set up a git tree to build on
-REM systems where there is no autotools support (i.e. Microsoft).
-REM
-REM This file is not included nor needed for curl's release
-REM archives, neither for curl's daily snapshot archives.
+rem ***************************************************************************
+rem *                                  _   _ ____  _
+rem *  Project                     ___| | | |  _ \| |
+rem *                             / __| | | | |_) | |
+rem *                            | (__| |_| |  _ <| |___
+rem *                             \___|\___/|_| \_\_____|
+rem *
+rem * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
+rem *
+rem * This software is licensed as described in the file COPYING, which
+rem * you should have received as part of this distribution. The terms
+rem * are also available at https://curl.haxx.se/docs/copyright.html.
+rem *
+rem * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+rem * copies of the Software, and permit persons to whom the Software is
+rem * furnished to do so, under the terms of the COPYING file.
+rem *
+rem * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+rem * KIND, either express or implied.
+rem *
+rem ***************************************************************************

-if exist GIT-INFO goto start_doing
-ECHO ERROR: This file shall only be used with a curl git tree checkout.
-goto end_all
-:start_doing
+rem NOTES
+rem
+rem This batch file must be used to set up a git tree to build on systems where
+rem there is no autotools support (i.e. DOS and Windows).
+rem

-REM create tool_hugehelp.c
-if not exist src\tool_hugehelp.c.cvs goto end_hugehelp_c
-copy /Y src\tool_hugehelp.c.cvs src\tool_hugehelp.c
-:end_hugehelp_c
+:begin
+  rem Set our variables
+  if "%OS%" == "Windows_NT" setlocal
+  set MODE=GENERATE

-REM create Makefile
-if not exist Makefile.dist goto end_makefile
-copy /Y Makefile.dist Makefile
-:end_makefile
+  rem Switch to this batch file's directory
+  cd /d "%~0\.." 1>NUL 2>&1

-REM create curlbuild.h
-if not exist include\curl\curlbuild.h.dist goto end_curlbuild_h
-copy /Y include\curl\curlbuild.h.dist include\curl\curlbuild.h
-:end_curlbuild_h
+  rem Check we are running from a curl git repository
+  if not exist GIT-INFO goto norepo

-REM setup c-ares git tree
-if not exist ares\buildconf.bat goto end_c_ares
-cd ares
-call buildconf.bat
-cd ..
-:end_c_ares
+  rem Detect programs. HAVE_<PROGNAME>
+  rem When not found the variable is set undefined. The undefined pattern
+  rem allows for statements like "if not defined HAVE_PERL (command)"
+  groff --version <NUL 1>NUL 2>&1
+  if errorlevel 1 (set HAVE_GROFF=) else (set HAVE_GROFF=Y)
+  nroff --version <NUL 1>NUL 2>&1
+  if errorlevel 1 (set HAVE_NROFF=) else (set HAVE_NROFF=Y)
+  perl --version <NUL 1>NUL 2>&1
+  if errorlevel 1 (set HAVE_PERL=) else (set HAVE_PERL=Y)
+  gzip --version <NUL 1>NUL 2>&1
+  if errorlevel 1 (set HAVE_GZIP=) else (set HAVE_GZIP=Y)

-:end_all
+:parseArgs
+  if "%~1" == "" goto start

+  if /i "%~1" == "-clean" (
+    set MODE=CLEAN
+  ) else if /i "%~1" == "-?" (
+    goto syntax
+  ) else if /i "%~1" == "-h" (
+    goto syntax
+  ) else if /i "%~1" == "-help" (
+    goto syntax
+  ) else (
+    goto unknown
+  )
+
+  shift & goto parseArgs
+
+:start
+  if "%MODE%" == "GENERATE" (
+    echo.
+    echo Generating prerequisite files
+
+    call :generate
+    if errorlevel 4 goto nogencurlbuild
+    if errorlevel 3 goto nogenhugehelp
+    if errorlevel 2 goto nogenmakefile
+    if errorlevel 1 goto warning
+
+  ) else (
+    echo.
+    echo Removing prerequisite files
+
+    call :clean
+    if errorlevel 3 goto nocleancurlbuild
+    if errorlevel 2 goto nocleanhugehelp
+    if errorlevel 1 goto nocleanmakefile
+  )
+
+  goto success
+
+rem Main generate function.
+rem
+rem Returns:
+rem
+rem 0 - success
+rem 1 - success with simplified tool_hugehelp.c 
+rem 2 - failed to generate Makefile
+rem 3 - failed to generate tool_hugehelp.c
+rem 4 - failed to generate curlbuild.h
+rem
+:generate
+  if "%OS%" == "Windows_NT" setlocal
+  set BASIC_HUGEHELP=0
+
+  rem Create Makefile
+  echo * %CD%\Makefile
+  if exist Makefile.dist (
+    copy /Y Makefile.dist Makefile 1>NUL 2>&1
+    if errorlevel 1 (
+      if "%OS%" == "Windows_NT" endlocal
+      exit /B 2
+    )
+  )
+
+  rem Create tool_hugehelp.c
+  echo * %CD%\src\tool_hugehelp.c
+  call :genHugeHelp
+  if errorlevel 2 (
+    if "%OS%" == "Windows_NT" endlocal
+    exit /B 3
+  )
+  if errorlevel 1 (
+    set BASIC_HUGEHELP=1
+  )
+  cmd /c exit 0
+
+  rem Create curlbuild.h
+  echo * %CD%\include\curl\curlbuild.h
+  if exist include\curl\curlbuild.h.dist (
+    copy /Y include\curl\curlbuild.h.dist include\curl\curlbuild.h 1>NUL 2>&1
+    if errorlevel 1 (
+      if "%OS%" == "Windows_NT" endlocal
+      exit /B 4
+    )
+  )
+
+  rem Setup c-ares git tree
+  if exist ares\buildconf.bat (
+    echo.
+    echo Configuring c-ares build environment
+    cd ares
+    call buildconf.bat
+    cd ..
+  )
+
+  if "%BASIC_HUGEHELP%" == "1" (
+    if "%OS%" == "Windows_NT" endlocal
+    exit /B 1
+  )
+
+  if "%OS%" == "Windows_NT" endlocal
+  exit /B 0
+
+rem Main clean function.
+rem
+rem Returns:
+rem
+rem 0 - success
+rem 1 - failed to clean Makefile
+rem 2 - failed to clean tool_hugehelp.c
+rem 3 - failed to clean curlbuild.h
+rem
+:clean
+  rem Remove Makefile
+  echo * %CD%\Makefile
+  if exist Makefile (
+    del Makefile 2>NUL
+    if exist Makefile (
+      exit /B 1
+    )
+  )
+
+  rem Remove tool_hugehelp.c
+  echo * %CD%\src\tool_hugehelp.c
+  if exist src\tool_hugehelp.c (
+    del src\tool_hugehelp.c 2>NUL
+    if exist src\tool_hugehelp.c (
+      exit /B 2
+    )
+  )
+
+  rem Remove curlbuild.h
+  echo * %CD%\include\curl\curlbuild.h
+  if exist include\curl\curlbuild.h (
+    del include\curl\curlbuild.h 2>NUL
+    if exist include\curl\curlbuild.h (
+      exit /B 3
+    )
+  )
+
+  exit /B
+
+rem Function to generate src\tool_hugehelp.c
+rem
+rem Returns:
+rem
+rem 0 - full tool_hugehelp.c generated
+rem 1 - simplified tool_hugehelp.c
+rem 2 - failure
+rem
+:genHugeHelp
+  if "%OS%" == "Windows_NT" setlocal
+  set LC_ALL=C
+  set ROFFCMD=
+  set BASIC=1
+
+  if defined HAVE_PERL (
+    if defined HAVE_GROFF (
+      set ROFFCMD=groff -mtty-char -Tascii -P-c -man
+    ) else if defined HAVE_NROFF (
+      set ROFFCMD=nroff -c -Tascii -man
+    )
+  )
+
+  if defined ROFFCMD (
+    echo #include "tool_setup.h"> src\tool_hugehelp.c
+    echo #include "tool_hugehelp.h">> src\tool_hugehelp.c 
+
+    if defined HAVE_GZIP (
+      echo #ifndef HAVE_LIBZ>> src\tool_hugehelp.c
+    )
+
+    %ROFFCMD% docs\curl.1 2>NUL | perl src\mkhelp.pl docs\MANUAL >> src\tool_hugehelp.c
+    if defined HAVE_GZIP (
+      echo #else>> src\tool_hugehelp.c
+      %ROFFCMD% docs\curl.1 2>NUL | perl src\mkhelp.pl -c docs\MANUAL >> src\tool_hugehelp.c
+      echo #endif /^* HAVE_LIBZ ^*/>> src\tool_hugehelp.c
+    )
+
+    set BASIC=0
+  ) else (
+    if exist src\tool_hugehelp.c.cvs (
+      copy /Y src\tool_hugehelp.c.cvs src\tool_hugehelp.c 1>NUL 2>&1
+    ) else (
+      echo #include "tool_setup.h"> src\tool_hugehelp.c
+      echo #include "tool_hugehelp.hd">> src\tool_hugehelp.c
+      echo.>> src\tool_hugehelp.c
+      echo void hugehelp(void^)>> src\tool_hugehelp.c
+      echo {>> src\tool_hugehelp.c
+      echo #ifdef USE_MANUAL>> src\tool_hugehelp.c
+      echo   fputs("Built-in manual not included\n", stdout^);>> src\tool_hugehelp.c
+      echo #endif>> src\tool_hugehelp.c
+      echo }>> src\tool_hugehelp.c
+    )
+  )
+
+  findstr "/C:void hugehelp(void)" src\tool_hugehelp.c 1>NUL 2>&1
+  if errorlevel 1 (
+    if "%OS%" == "Windows_NT" endlocal
+    exit /B 2
+  )
+
+  if "%BASIC%" == "1" (
+    if "%OS%" == "Windows_NT" endlocal
+    exit /B 1
+  )
+
+  if "%OS%" == "Windows_NT" endlocal
+  exit /B 0
+
+rem Function to clean-up local variables under DOS, Windows 3.x and
+rem Windows 9x as setlocal isn't available until Windows NT
+rem
+:dosCleanup
+  set MODE=
+  set HAVE_GROFF=
+  set HAVE_NROFF=
+  set HAVE_PERL=
+  set HAVE_GZIP=
+  set BASIC_HUGEHELP=
+  set LC_ALL
+  set ROFFCMD=
+  set BASIC=
+
+  exit /B
+
+:syntax
+  rem Display the help
+  echo.
+  echo Usage: buildconf [-clean]
+  echo.
+  echo -clean    - Removes the files
+  goto error
+
+:unknown
+  echo.
+  echo Error: Unknown argument '%1'
+  goto error
+
+:norepo
+  echo.
+  echo Error: This batch file should only be used with a curl git repository
+  goto error
+
+:nogenmakefile
+  echo.
+  echo Error: Unable to generate Makefile
+  goto error
+
+:nogenhugehelp
+  echo.
+  echo Error: Unable to generate src\tool_hugehelp.c
+  goto error
+
+:nogencurlbuild
+  echo.
+  echo Error: Unable to generate include\curl\curlbuild.h
+  goto error
+
+:nocleanmakefile
+  echo.
+  echo Error: Unable to clean Makefile
+  goto error
+
+:nocleanhugehelp
+  echo.
+  echo Error: Unable to clean src\tool_hugehelp.c
+  goto error
+
+:nocleancurlbuild
+  echo.
+  echo Error: Unable to clean include\curl\curlbuild.h
+  goto error
+
+:warning
+  echo.
+  echo Warning: The curl manual could not be integrated in the source. This means when
+  echo you build curl the manual will not be available (curl --man^). Integration of
+  echo the manual is not required and a summary of the options will still be available
+  echo (curl --help^). To integrate the manual your PATH is required to have
+  echo groff/nroff, perl and optionally gzip for compression.
+  goto success
+
+:error
+  if "%OS%" == "Windows_NT" (
+    endlocal
+  ) else (
+    call :dosCleanup
+  )
+  exit /B 1
+
+:success
+  if "%OS%" == "Windows_NT" (
+    endlocal
+  ) else (
+    call :dosCleanup
+  )
+  exit /B 0
--- a/configure.ac
+++ b/configure.ac
@ -5,11 +5,11 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
-# are also available at http://curl.haxx.se/docs/copyright.html.
+# are also available at https://curl.haxx.se/docs/copyright.html.
 #
 # You may opt to use, copy, modify, merge, publish, distribute and/or sell
 # copies of the Software, and permit persons to whom the Software is
@ -24,14 +24,14 @@ dnl Process this file with autoconf to produce a configure script.
 AC_PREREQ(2.57)

 dnl We don't know the version number "statically" so we use a dash here
-AC_INIT([curl], [-], [a suitable curl mailing list: http://curl.haxx.se/mail/])
+AC_INIT([curl], [-], [a suitable curl mailing list: https://curl.haxx.se/mail/])

 XC_OVR_ZZ50
 XC_OVR_ZZ60
 CURL_OVERRIDE_AUTOCONF

 dnl configure script copyright
-AC_COPYRIGHT([Copyright (c) 1998 - 2014 Daniel Stenberg, <daniel@haxx.se>
+AC_COPYRIGHT([Copyright (c) 1998 - 2016 Daniel Stenberg, <daniel@haxx.se>
 This configure script may be copied, distributed and modified under the
 terms of the curl license; see COPYING for more details])

@ -39,6 +39,7 @@ AC_CONFIG_SRCDIR([lib/urldata.h])
 AC_CONFIG_HEADERS(lib/curl_config.h include/curl/curlbuild.h)
 AC_CONFIG_MACRO_DIR([m4])
 AM_MAINTAINER_MODE
+m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])

 CURL_CHECK_OPTION_DEBUG
 CURL_CHECK_OPTION_OPTIMIZE
@ -47,6 +48,7 @@ CURL_CHECK_OPTION_WERROR
 CURL_CHECK_OPTION_CURLDEBUG
 CURL_CHECK_OPTION_SYMBOL_HIDING
 CURL_CHECK_OPTION_ARES
+CURL_CHECK_OPTION_RT

 XC_CHECK_PATH_SEPARATOR

@ -147,7 +149,7 @@ AC_SUBST(PKGADD_VENDOR)

 dnl
 dnl initialize all the info variables
-    curl_ssl_msg="no      (--with-{ssl,gnutls,nss,polarssl,cyassl,axtls,winssl,darwinssl} )"
+    curl_ssl_msg="no      (--with-{ssl,gnutls,nss,polarssl,mbedtls,cyassl,axtls,winssl,darwinssl} )"
    curl_ssh_msg="no      (--with-libssh2)"
   curl_zlib_msg="no      (--with-zlib)"
    curl_gss_msg="no      (--with-gssapi)"
@ -165,6 +167,7 @@ curl_verbose_msg="enabled (--disable-verbose)"
   curl_rtsp_msg="no      (--enable-rtsp)"
   curl_rtmp_msg="no      (--with-librtmp)"
  curl_mtlnk_msg="no      (--with-libmetalink)"
+    curl_psl_msg="no      (--with-libpsl)"

    init_ssl_msg=${curl_ssl_msg}

@ -1080,7 +1083,11 @@ AC_HELP_STRING([--disable-ipv6],[Disable IPv6 support]),

  AC_TRY_RUN([ /* is AF_INET6 available? */
 #include <sys/types.h>
+#ifdef HAVE_WINSOCK2_H
+#include <winsock2.h>
+#else
 #include <sys/socket.h>
+#endif
 #include <stdlib.h> /* for exit() */
 main()
 {
@ -1094,8 +1101,8 @@ main()
  ipv6=yes,
  AC_MSG_RESULT(no)
  ipv6=no,
-  AC_MSG_RESULT(no)
-  ipv6=no
+  AC_MSG_RESULT(yes)
+  ipv6=yes
 ))

 if test "$ipv6" = "yes"; then
@ -1107,7 +1114,12 @@ if test "$ipv6" = yes; then
  AC_MSG_CHECKING([if struct sockaddr_in6 has sin6_scope_id member])
  AC_TRY_COMPILE([
 #include <sys/types.h>
-#include <netinet/in.h>] ,
+#ifdef HAVE_WINSOCK2_H
+#include <winsock2.h>
+#include <ws2tcpip.h>
+#else
+#include <netinet/in.h>
+#endif] ,
  struct sockaddr_in6 s; s.sin6_scope_id = 0; , have_sin6_scope_id=yes)
  if test "$have_sin6_scope_id" = yes; then
    AC_MSG_RESULT([yes])
@ -1184,6 +1196,8 @@ AC_ARG_WITH(gssapi,
  fi
 ])

+: ${KRB5CONFIG:="$GSSAPI_ROOT/bin/krb5-config"}
+
 save_CPPFLAGS="$CPPFLAGS"
 AC_MSG_CHECKING([if GSS-API support is requested])
 if test x"$want_gss" = xyes; then
@ -1192,8 +1206,8 @@ if test x"$want_gss" = xyes; then
  if test -z "$GSSAPI_INCS"; then
     if test -n "$host_alias" -a -f "$GSSAPI_ROOT/bin/$host_alias-krb5-config"; then
        GSSAPI_INCS=`$GSSAPI_ROOT/bin/$host_alias-krb5-config --cflags gssapi`
-     elif test -f "$GSSAPI_ROOT/bin/krb5-config"; then
-        GSSAPI_INCS=`$GSSAPI_ROOT/bin/krb5-config --cflags gssapi`
+     elif test -f "$KRB5CONFIG"; then
+        GSSAPI_INCS=`$KRB5CONFIG --cflags gssapi`
     elif test "$GSSAPI_ROOT" != "yes"; then
        GSSAPI_INCS="-I$GSSAPI_ROOT/include"
     fi
@ -1283,10 +1297,10 @@ if test x"$want_gss" = xyes; then
           dnl into LIBS
           gss_libs=`$GSSAPI_ROOT/bin/$host_alias-krb5-config --libs gssapi`
           LIBS="$gss_libs $LIBS"
-        elif test -f "$GSSAPI_ROOT/bin/krb5-config"; then
+        elif test -f "$KRB5CONFIG"; then
           dnl krb5-config doesn't have --libs-only-L or similar, put everything
           dnl into LIBS
-           gss_libs=`$GSSAPI_ROOT/bin/krb5-config --libs gssapi`
+           gss_libs=`$KRB5CONFIG --libs gssapi`
           LIBS="$gss_libs $LIBS"
        else
           case $host in
@ -1394,6 +1408,24 @@ if test "$curl_ssl_msg" = "$init_ssl_msg" && test X"$OPT_SSL" != Xno; then
  CLEANCPPFLAGS="$CPPFLAGS"
  CLEANLIBS="$LIBS"

+  dnl This is for Msys/Mingw
+  case $host in
+    *-*-msys* | *-*-mingw*)
+      AC_MSG_CHECKING([for gdi32])
+      my_ac_save_LIBS=$LIBS
+      LIBS="-lgdi32 $LIBS"
+      AC_TRY_LINK([#include <windef.h>
+                   #include <wingdi.h>],
+                   [GdiFlush();],
+                   [ dnl worked!
+                   AC_MSG_RESULT([yes])],
+                   [ dnl failed, restore LIBS
+                   LIBS=$my_ac_save_LIBS
+                   AC_MSG_RESULT(no)]
+                  )
+      ;;
+  esac
+
  case "$OPT_SSL" in
  yes)
    dnl --with-ssl (without path) used
@ -1451,6 +1483,7 @@ if test "$curl_ssl_msg" = "$init_ssl_msg" && test X"$OPT_SSL" != Xno; then
      SSL_CPPFLAGS=`CURL_EXPORT_PCDIR([$OPENSSL_PCDIR]) dnl
        $PKGCONFIG --cflags-only-I openssl 2>/dev/null`

+      AC_SUBST(SSL_LIBS)
      AC_MSG_NOTICE([pkg-config: SSL_LIBS: "$SSL_LIBS"])
      AC_MSG_NOTICE([pkg-config: SSL_LDFLAGS: "$SSL_LDFLAGS"])
      AC_MSG_NOTICE([pkg-config: SSL_CPPFLAGS: "$SSL_CPPFLAGS"])
@ -1471,31 +1504,13 @@ if test "$curl_ssl_msg" = "$init_ssl_msg" && test X"$OPT_SSL" != Xno; then
  CPPFLAGS="$CPPFLAGS $SSL_CPPFLAGS"
  LDFLAGS="$LDFLAGS $SSL_LDFLAGS"

-  dnl This is for Msys/Mingw
-  case $host in
-    *-*-msys* | *-*-mingw*)
-      AC_MSG_CHECKING([for gdi32])
-      my_ac_save_LIBS=$LIBS
-      LIBS="-lgdi32 $LIBS"
-      AC_TRY_LINK([#include <windef.h>
-                   #include <wingdi.h>],
-                   [GdiFlush();],
-                   [ dnl worked!
-                   AC_MSG_RESULT([yes])],
-                   [ dnl failed, restore LIBS
-                   LIBS=$my_ac_save_LIBS
-                   AC_MSG_RESULT(no)]
-                  )
-      ;;
-  esac
-
-  AC_CHECK_LIB(crypto, CRYPTO_lock,[
+  AC_CHECK_LIB(crypto, HMAC_Update,[
     HAVECRYPTO="yes"
     LIBS="-lcrypto $LIBS"
     ],[
     LDFLAGS="$CLEANLDFLAGS -L$LIB_OPENSSL"
     CPPFLAGS="$CLEANCPPFLAGS -I$PREFIX_OPENSSL/include/openssl -I$PREFIX_OPENSSL/include"
-     AC_CHECK_LIB(crypto, CRYPTO_add_lock,[
+     AC_CHECK_LIB(crypto, HMAC_Init_ex,[
       HAVECRYPTO="yes"
       LIBS="-lcrypto $LIBS"], [
       LDFLAGS="$CLEANLDFLAGS"
@ -1505,6 +1520,46 @@ if test "$curl_ssl_msg" = "$init_ssl_msg" && test X"$OPT_SSL" != Xno; then
    ])


+  if test X"$HAVECRYPTO" = X"yes"; then
+     AC_MSG_CHECKING([OpenSSL linking without -ldl])
+     saved_libs=$LIBS
+     AC_TRY_LINK(
+        [
+          #include <openssl/evp.h>
+        ],
+        [
+          SSLeay_add_all_algorithms();
+        ],
+        [
+          AC_MSG_RESULT(yes)
+          LIBS="$saved_libs"
+        ],
+        [
+          AC_MSG_RESULT(no)
+          AC_MSG_CHECKING([OpenSSL linking with -ldl])
+          LIBS="-ldl $LIBS"
+          AC_TRY_LINK(
+          [
+            #include <openssl/evp.h>
+          ],
+          [
+            SSLeay_add_all_algorithms();
+          ],
+          [
+            AC_MSG_RESULT(yes)
+            LIBS="$saved_libs -ldl"
+          ],
+          [
+            AC_MSG_RESULT(no)
+            LIBS="$saved_libs"
+          ]
+          )
+
+        ]
+     )
+
+  fi
+
  if test X"$HAVECRYPTO" = X"yes"; then
    dnl This is only reasonable to do if crypto actually is there: check for
    dnl SSL libs NOTE: it is important to do this AFTER the crypto lib
@ -1527,7 +1582,7 @@ if test "$curl_ssl_msg" = "$init_ssl_msg" && test X"$OPT_SSL" != Xno; then

    else

-      dnl Have the libraries--check for SSLeay/OpenSSL headers
+      dnl Have the libraries--check for OpenSSL headers
      AC_CHECK_HEADERS(openssl/x509.h openssl/rsa.h openssl/crypto.h \
                       openssl/pem.h openssl/ssl.h openssl/err.h,
        curl_ssl_msg="enabled (OpenSSL)"
@ -1551,17 +1606,11 @@ if test "$curl_ssl_msg" = "$init_ssl_msg" && test X"$OPT_SSL" != Xno; then
    fi

    if test X"$OPENSSL_ENABLED" = X"1"; then
-       AC_DEFINE(USE_SSLEAY, 1, [if SSL is enabled])
-
       dnl is there a pkcs12.h header present?
       AC_CHECK_HEADERS(openssl/pkcs12.h)
    else
       LIBS="$CLEANLIBS"
    fi
-    dnl USE_SSLEAY is the historical name for what configure calls
-    dnl OPENSSL_ENABLED; the names should really be unified
-    USE_SSLEAY="$OPENSSL_ENABLED"
-    AC_SUBST(USE_SSLEAY)

    if test X"$OPT_SSL" != Xoff &&
       test "$OPENSSL_ENABLED" != "1"; then
@ -1578,9 +1627,10 @@ if test "$curl_ssl_msg" = "$init_ssl_msg" && test X"$OPT_SSL" != Xno; then
                AC_CHECK_FUNCS( ENGINE_load_builtin_engines )
              ])

-    dnl these can only exist if openssl exists
-    dnl Cyassl doesn't have SSL_get_shutdown
-    dnl BoringSSL doesn't have DES_set_odd_parity
+    dnl These can only exist if OpenSSL exists
+    dnl Older versions of Cyassl (some time before 2.9.4) don't have
+    dnl SSL_get_shutdown (but this check won't actually detect it there
+    dnl as it's a macro that needs the header files be included)

    AC_CHECK_FUNCS( RAND_status \
                    RAND_screen \
@ -1588,18 +1638,26 @@ if test "$curl_ssl_msg" = "$init_ssl_msg" && test X"$OPT_SSL" != Xno; then
                    ENGINE_cleanup \
                    CRYPTO_cleanup_all_ex_data \
                    SSL_get_shutdown \
-                    SSLv2_client_method \
-                    DES_set_odd_parity )
+                    SSLv2_client_method )

    AC_MSG_CHECKING([for BoringSSL])
-    if test "x$ac_cv_func_DES_set_odd_parity" != "xyes"; then
-      curl_ssl_msg="enabled (BoringSSL)"
-      AC_DEFINE_UNQUOTED(HAVE_BORINGSSL, 1,
-        [Define to 1 if using BoringSSL.])
-      AC_MSG_RESULT([yes])
-    else
-      AC_MSG_RESULT([no])
-    fi
+    AC_COMPILE_IFELSE([
+        AC_LANG_PROGRAM([[
+                #include <openssl/base.h>
+                ]],[[
+                #ifndef OPENSSL_IS_BORINGSSL
+                #error not boringssl
+                #endif
+       ]])
+    ],[
+        AC_MSG_RESULT([yes])
+        AC_DEFINE_UNQUOTED(HAVE_BORINGSSL, 1,
+                           [Define to 1 if using BoringSSL.])
+        curl_ssl_msg="enabled (BoringSSL)"
+    ],[
+        AC_MSG_RESULT([no])
+    ])
+
    AC_MSG_CHECKING([for libressl])
    AC_COMPILE_IFELSE([
      AC_LANG_PROGRAM([[
@ -1675,8 +1733,8 @@ dnl ---
 if test "$OPENSSL_ENABLED" = "1"; then
  AC_CHECK_LIB(crypto, SRP_Calc_client_key,
   [
-     AC_DEFINE(HAVE_SSLEAY_SRP, 1, [if you have the function SRP_Calc_client_key])
-     AC_SUBST(HAVE_SSLEAY_SRP, [1])
+     AC_DEFINE(HAVE_OPENSSL_SRP, 1, [if you have the function SRP_Calc_client_key])
+     AC_SUBST(HAVE_OPENSSL_SRP, [1])
   ])
 fi

@ -1787,6 +1845,7 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
            AC_MSG_NOTICE([Added $gtlslib to LD_LIBRARY_PATH])
          fi
        fi
+        AC_CHECK_FUNCS(gnutls_certificate_set_x509_key_file2)
      fi

    fi
@ -1924,6 +1983,93 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then

 fi

+dnl ----------------------------------------------------
+dnl check for mbedTLS
+dnl ----------------------------------------------------
+
+OPT_MBEDTLS=no
+
+_cppflags=$CPPFLAGS
+_ldflags=$LDFLAGS
+AC_ARG_WITH(mbedtls,dnl
+AC_HELP_STRING([--with-mbedtls=PATH],[where to look for mbedTLS, PATH points to the installation root])
+AC_HELP_STRING([--without-mbedtls], [disable mbedTLS detection]),
+  OPT_MBEDTLS=$withval)
+
+if test "$curl_ssl_msg" = "$init_ssl_msg"; then
+
+  if test X"$OPT_MBEDTLS" != Xno; then
+
+    if test "$OPT_MBEDTLS" = "yes"; then
+      OPT_MBEDTLS=""
+    fi
+
+    if test -z "$OPT_MBEDTLS" ; then
+      dnl check for lib first without setting any new path
+
+      AC_CHECK_LIB(mbedtls, mbedtls_havege_init,
+      dnl libmbedtls found, set the variable
+       [
+         AC_DEFINE(USE_MBEDTLS, 1, [if mbedTLS is enabled])
+         AC_SUBST(USE_MBEDTLS, [1])
+         MBEDTLS_ENABLED=1
+         USE_MBEDTLS="yes"
+         curl_ssl_msg="enabled (mbedTLS)"
+        ], [], -lmbedx509 -lmbedcrypto)
+    fi
+
+    addld=""
+    addlib=""
+    addcflags=""
+    mbedtlslib=""
+
+    if test "x$USE_MBEDTLS" != "xyes"; then
+      dnl add the path and test again
+      addld=-L$OPT_MBEDTLS/lib$libsuff
+      addcflags=-I$OPT_MBEDTLS/include
+      mbedtlslib=$OPT_MBEDTLS/lib$libsuff
+
+      LDFLAGS="$LDFLAGS $addld"
+      if test "$addcflags" != "-I/usr/include"; then
+         CPPFLAGS="$CPPFLAGS $addcflags"
+      fi
+
+      AC_CHECK_LIB(mbedtls, mbedtls_ssl_init,
+       [
+       AC_DEFINE(USE_MBEDTLS, 1, [if mbedTLS is enabled])
+       AC_SUBST(USE_MBEDTLS, [1])
+       MBEDTLS_ENABLED=1
+       USE_MBEDTLS="yes"
+       curl_ssl_msg="enabled (mbedTLS)"
+       ],
+       [
+         CPPFLAGS=$_cppflags
+         LDFLAGS=$_ldflags
+       ], -lmbedx509 -lmbedcrypto)
+    fi
+
+    if test "x$USE_MBEDTLS" = "xyes"; then
+      AC_MSG_NOTICE([detected mbedTLS])
+
+      LIBS="-lmbedtls -lmbedx509 -lmbedcrypto $LIBS"
+
+      if test -n "$mbedtlslib"; then
+        dnl when shared libs were found in a path that the run-time
+        dnl linker doesn't search through, we need to add it to
+        dnl LD_LIBRARY_PATH to prevent further configure tests to fail
+        dnl due to this
+        if test "x$cross_compiling" != "xyes"; then
+          LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$mbedtlslib"
+          export LD_LIBRARY_PATH
+          AC_MSG_NOTICE([Added $mbedtlslib to LD_LIBRARY_PATH])
+        fi
+      fi
+    fi
+
+  fi dnl mbedTLS not disabled
+
+fi
+
 dnl ----------------------------------------------------
 dnl check for CyaSSL
 dnl ----------------------------------------------------
@ -1946,6 +2092,10 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
      OPT_CYASSL=""
    fi

+    dnl This should be reworked to use pkg-config instead
+
+    cyassllibname=cyassl
+
    if test -z "$OPT_CYASSL" ; then
      dnl check for lib in system default first

@ -1987,19 +2137,80 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
       [
         CPPFLAGS=$_cppflags
         LDFLAGS=$_ldflags
+         cyassllib=""
       ])
    fi

+    addld=""
+    addlib=""
+    addcflags=""
+
+    if test "x$USE_CYASSL" != "xyes"; then
+      dnl libcyassl renamed to libwolfssl as of 3.4.0
+      addld=-L$OPT_CYASSL/lib$libsuff
+      addcflags=-I$OPT_CYASSL/include
+      cyassllib=$OPT_CYASSL/lib$libsuff
+
+      LDFLAGS="$LDFLAGS $addld"
+      if test "$addcflags" != "-I/usr/include"; then
+         CPPFLAGS="$CPPFLAGS $addcflags"
+      fi
+
+      cyassllibname=wolfssl
+      my_ac_save_LIBS="$LIBS"
+      LIBS="-l$cyassllibname -lm $LIBS"
+
+      AC_MSG_CHECKING([for CyaSSL_Init in -lwolfssl])
+      AC_LINK_IFELSE([
+	AC_LANG_PROGRAM([[
+/* These aren't needed for detection and confuse WolfSSL.
+   They are set up properly later if it is detected.  */
+#undef SIZEOF_LONG
+#undef SIZEOF_LONG_LONG
+#include <cyassl/ssl.h>
+	]],[[
+	  return CyaSSL_Init();
+	]])
+      ],[
+         AC_MSG_RESULT(yes)
+         AC_DEFINE(USE_CYASSL, 1, [if CyaSSL/WolfSSL is enabled])
+         AC_SUBST(USE_CYASSL, [1])
+         CYASSL_ENABLED=1
+         USE_CYASSL="yes"
+         curl_ssl_msg="enabled (WolfSSL)"
+       ],
+       [
+         AC_MSG_RESULT(no)
+         CPPFLAGS=$_cppflags
+         LDFLAGS=$_ldflags
+         cyassllib=""
+       ])
+      LIBS="$my_ac_save_LIBS"
+    fi
+
    if test "x$USE_CYASSL" = "xyes"; then
-      AC_MSG_NOTICE([detected CyaSSL])
+      AC_MSG_NOTICE([detected $cyassllibname])

      dnl cyassl/ctaocrypt/types.h needs SIZEOF_LONG_LONG defined!
      AC_CHECK_SIZEOF(long long)

+      dnl Versions since at least 2.6.0 may have options.h
+      AC_CHECK_HEADERS(cyassl/options.h)
+
      dnl Versions since at least 2.9.4 renamed error.h to error-ssl.h
      AC_CHECK_HEADERS(cyassl/error-ssl.h)

-      LIBS="-lcyassl -lm $LIBS"
+      LIBS="-l$cyassllibname -lm $LIBS"
+
+      if test "x$cyassllibname" = "xwolfssl"; then
+        dnl Recent WolfSSL versions build without SSLv3 by default
+        dnl WolfSSL needs configure --enable-opensslextra to have *get_peer*
+        AC_CHECK_FUNCS(wolfSSLv3_client_method \
+                       wolfSSL_get_peer_certificate)
+      else
+        dnl Cyassl needs configure --enable-opensslextra to have *get_peer*
+        AC_CHECK_FUNCS(CyaSSL_get_peer_certificate)
+      fi

      if test -n "$cyassllib"; then
        dnl when shared libs were found in a path that the run-time
@ -2066,57 +2277,73 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
        fi
      fi
    else
-        # Without pkg-config, we'll kludge in some defaults
-        addlib="-L$OPT_NSS/lib -lssl3 -lsmime3 -lnss3 -lplds4 -lplc4 -lnspr4 -lpthread -ldl"
-        addcflags="-I$OPT_NSS/include"
-        version="unknown"
-        nssprefix=$OPT_NSS
-    fi
-
-    if test -n "$addlib"; then
-
-      CLEANLIBS="$LIBS"
-      CLEANCPPFLAGS="$CPPFLAGS"
-
-      LIBS="$addlib $LIBS"
-      if test "$addcflags" != "-I/usr/include"; then
-         CPPFLAGS="$CPPFLAGS $addcflags"
-      fi
-
-      dnl The function SSL_VersionRangeSet() is needed to enable TLS > 1.0
-      AC_CHECK_LIB(nss3, SSL_VersionRangeSet,
-       [
-       AC_DEFINE(USE_NSS, 1, [if NSS is enabled])
-       AC_SUBST(USE_NSS, [1])
-       USE_NSS="yes"
-       NSS_ENABLED=1
-       curl_ssl_msg="enabled (NSS)"
-       ],
-       [
-         LIBS="$CLEANLIBS"
-         CPPFLAGS="$CLEANCPPFLAGS"
-       ])
-
-      if test "x$USE_NSS" = "xyes"; then
-        AC_MSG_NOTICE([detected NSS version $version])
-
-        dnl needed when linking the curl tool without USE_EXPLICIT_LIB_DEPS
-        NSS_LIBS=$addlib
-        AC_SUBST([NSS_LIBS])
-
-        dnl when shared libs were found in a path that the run-time
-        dnl linker doesn't search through, we need to add it to
-        dnl LD_LIBRARY_PATH to prevent further configure tests to fail
-        dnl due to this
-        if test "x$cross_compiling" != "xyes"; then
-          LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$nssprefix/lib$libsuff"
-          export LD_LIBRARY_PATH
-          AC_MSG_NOTICE([Added $nssprefix/lib$libsuff to LD_LIBRARY_PATH])
+      NSS_PCDIR="$OPT_NSS/lib/pkgconfig"
+      if test -f "$NSS_PCDIR/nss.pc"; then
+        CURL_CHECK_PKGCONFIG(nss, [$NSS_PCDIR])
+        if test "$PKGCONFIG" != "no" ; then
+          addld=`CURL_EXPORT_PCDIR([$NSS_PCDIR]) $PKGCONFIG --libs-only-L nss`
+          addlib=`CURL_EXPORT_PCDIR([$NSS_PCDIR]) $PKGCONFIG --libs-only-l nss`
+          addcflags=`CURL_EXPORT_PCDIR([$NSS_PCDIR]) $PKGCONFIG --cflags nss`
+          version=`CURL_EXPORT_PCDIR([$NSS_PCDIR]) $PKGCONFIG --modversion nss`
+          nssprefix=`CURL_EXPORT_PCDIR([$NSS_PCDIR]) $PKGCONFIG --variable=prefix nss`
        fi
      fi
-
    fi

+    if test -z "$addlib"; then
+      # Without pkg-config, we'll kludge in some defaults
+      AC_MSG_WARN([Using hard-wired libraries and compilation flags for NSS.])
+      addld="-L$OPT_NSS/lib"
+      addlib="-lssl3 -lsmime3 -lnss3 -lplds4 -lplc4 -lnspr4"
+      addcflags="-I$OPT_NSS/include"
+      version="unknown"
+      nssprefix=$OPT_NSS
+    fi
+
+    CLEANLDFLAGS="$LDFLAGS"
+    CLEANLIBS="$LIBS"
+    CLEANCPPFLAGS="$CPPFLAGS"
+
+    LDFLAGS="$addld $LDFLAGS"
+    LIBS="$addlib $LIBS"
+    if test "$addcflags" != "-I/usr/include"; then
+       CPPFLAGS="$CPPFLAGS $addcflags"
+    fi
+
+    dnl The function SSL_VersionRangeSet() is needed to enable TLS > 1.0
+    AC_CHECK_LIB(nss3, SSL_VersionRangeSet,
+     [
+     AC_DEFINE(USE_NSS, 1, [if NSS is enabled])
+     AC_SUBST(USE_NSS, [1])
+     USE_NSS="yes"
+     NSS_ENABLED=1
+     curl_ssl_msg="enabled (NSS)"
+     ],
+     [
+       LDFLAGS="$CLEANLDFLAGS"
+       LIBS="$CLEANLIBS"
+       CPPFLAGS="$CLEANCPPFLAGS"
+     ])
+
+    if test "x$USE_NSS" = "xyes"; then
+      AC_MSG_NOTICE([detected NSS version $version])
+
+      dnl needed when linking the curl tool without USE_EXPLICIT_LIB_DEPS
+      NSS_LIBS=$addlib
+      AC_SUBST([NSS_LIBS])
+
+      dnl when shared libs were found in a path that the run-time
+      dnl linker doesn't search through, we need to add it to
+      dnl LD_LIBRARY_PATH to prevent further configure tests to fail
+      dnl due to this
+      if test "x$cross_compiling" != "xyes"; then
+        LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$nssprefix/lib$libsuff"
+        export LD_LIBRARY_PATH
+        AC_MSG_NOTICE([Added $nssprefix/lib$libsuff to LD_LIBRARY_PATH])
+      fi
+
+    fi dnl NSS found
+
  fi dnl NSS not disabled

 fi dnl curl_ssl_msg = init_ssl_msg
@ -2177,7 +2404,7 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
  fi
 fi

-if test "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED$POLARSSL_ENABLED$AXTLS_ENABLED$CYASSL_ENABLED$WINSSL_ENABLED$DARWINSSL_ENABLED" = "x"; then
+if test "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED$POLARSSL_ENABLED$MBEDTLS_ENABLED$AXTLS_ENABLED$CYASSL_ENABLED$WINSSL_ENABLED$DARWINSSL_ENABLED" = "x"; then
  AC_MSG_WARN([SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more.])
  AC_MSG_WARN([Use --with-ssl, --with-gnutls, --with-polarssl, --with-cyassl, --with-nss, --with-axtls, --with-winssl, or --with-darwinssl to address this.])
 else
@ -2192,6 +2419,27 @@ dnl **********************************************************************

 CURL_CHECK_CA_BUNDLE

+dnl **********************************************************************
+dnl Check for libpsl
+dnl **********************************************************************
+
+AC_ARG_WITH(libpsl,
+           AS_HELP_STRING([--without-libpsl],
+           [disable support for libpsl cookie checking]),
+           with_libpsl=$withval,
+           with_libpsl=yes)
+if test $with_libpsl != "no"; then
+  AC_SEARCH_LIBS(psl_builtin, psl,
+    [curl_psl_msg="yes";
+     AC_DEFINE([USE_LIBPSL], [1], [PSL support enabled])
+     ],
+    [curl_psl_msg="no      (libpsl not found)";
+     AC_MSG_WARN([libpsl was not found])
+     ]
+  )
+fi
+AM_CONDITIONAL([USE_LIBPSL], [test "$curl_psl_msg" = "yes"])
+
 dnl **********************************************************************
 dnl Check for libmetalink
 dnl **********************************************************************
@ -2771,7 +3019,9 @@ if test X"$want_h2" != Xno; then
    CPPFLAGS="$CPPFLAGS $CPP_H2"
    LIBS="$LIB_H2 $LIBS"

-    AC_CHECK_LIB(nghttp2, nghttp2_session_callbacks_set_send_callback,
+    # use nghttp2_option_set_no_recv_client_magic to require nghttp2
+    # >= 1.0.0
+    AC_CHECK_LIB(nghttp2, nghttp2_option_set_no_recv_client_magic,
      [
       AC_CHECK_HEADERS(nghttp2/nghttp2.h,
          curl_h2_msg="enabled (nghttp2)"
@ -2797,6 +3047,31 @@ if test X"$want_h2" != Xno; then

 fi

+dnl **********************************************************************
+dnl Check for zsh completion path
+dnl **********************************************************************
+
+OPT_ZSH_FPATH=default
+AC_ARG_WITH(zsh-functions-dir,
+AC_HELP_STRING([--with-zsh-functions-dir=PATH],[Install zsh completions to PATH])
+AC_HELP_STRING([--without-zsh-functions-dir],[Do not install zsh completions]),
+  [OPT_ZSH_FPATH=$withval])
+case "$OPT_ZSH_FPATH" in
+  no)
+    dnl --without-zsh-functions-dir option used
+    ;;
+  default|yes)
+    dnl --with-zsh-functions-dir option used without path
+    ZSH_FUNCTIONS_DIR="$datarootdir/zsh/site-functions"
+    AC_SUBST(ZSH_FUNCTIONS_DIR)
+    ;;
+  *)
+    dnl --with-zsh-functions-dir option used with path
+    ZSH_FUNCTIONS_DIR="$withval"
+    AC_SUBST(ZSH_FUNCTIONS_DIR)
+    ;;
+esac
+
 dnl **********************************************************************
 dnl Back to "normal" configuring
 dnl **********************************************************************
@ -3145,7 +3420,7 @@ if test "x$want_thres" = xyes && test "x$want_ares" = xyes; then
 [Options --enable-threaded-resolver and --enable-ares are mutually exclusive])
 fi

-if test "$want_thres" = "yes"; then
+if test "$want_thres" = "yes" && test "$dontwant_rt" = "no"; then
  AC_CHECK_HEADER(pthread.h,
    [ AC_DEFINE(HAVE_PTHREAD_H, 1, [if you have <pthread.h>])
      save_CFLAGS="$CFLAGS"
@ -3271,7 +3546,7 @@ AC_HELP_STRING([--disable-tls-srp],[Disable TLS-SRP authentication]),
       want_tls_srp=yes
 )

-if test "$want_tls_srp" = "yes" && ( test "x$HAVE_GNUTLS_SRP" = "x1" || test "x$HAVE_SSLEAY_SRP" = "x1") ; then
+if test "$want_tls_srp" = "yes" && ( test "x$HAVE_GNUTLS_SRP" = "x1" || test "x$HAVE_OPENSSL_SRP" = "x1") ; then
   AC_DEFINE(USE_TLS_SRP, 1, [Use TLS-SRP authentication])
   USE_TLS_SRP=1
   curl_tls_srp_msg="enabled"
@ -3385,7 +3660,7 @@ dnl For keeping supported features and protocols also in pkg-config file
 dnl since it is more cross-compile friendly than curl-config
 dnl

-if test "x$USE_SSLEAY" = "x1"; then
+if test "x$OPENSSL_ENABLED" = "x1"; then
  SUPPORT_FEATURES="$SUPPORT_FEATURES SSL"
 elif test -n "$SSL_ENABLED"; then
  SUPPORT_FEATURES="$SUPPORT_FEATURES SSL"
@ -3413,6 +3688,10 @@ if test "x$HAVE_GSSAPI" = "x1"; then
  SUPPORT_FEATURES="$SUPPORT_FEATURES GSS-API"
 fi

+if test "x$curl_psl_msg" = "xyes"; then
+  SUPPORT_FEATURES="$SUPPORT_FEATURES PSL"
+fi
+
 if test "x$CURL_DISABLE_CRYPTO_AUTH" != "x1" -a \
    \( "x$HAVE_GSSAPI" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \); then
  SUPPORT_FEATURES="$SUPPORT_FEATURES SPNEGO"
@ -3424,7 +3703,7 @@ if test "x$CURL_DISABLE_CRYPTO_AUTH" != "x1" -a \
 fi

 if test "x$CURL_DISABLE_CRYPTO_AUTH" != "x1"; then
-  if test "x$USE_SSLEAY" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \
+  if test "x$OPENSSL_ENABLED" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \
      -o "x$GNUTLS_ENABLED" = "x1" -o "x$NSS_ENABLED" = "x1" \
      -o "x$DARWINSSL_ENABLED" = "x1"; then
    SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM"
@ -3497,7 +3776,7 @@ if test "x$CURL_DISABLE_IMAP" != "x1"; then
 fi
 if test "x$CURL_DISABLE_SMB" != "x1" \
    -a "x$CURL_DISABLE_CRYPTO_AUTH" != "x1" \
-    -a \( "x$USE_SSLEAY" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \
+    -a \( "x$OPENSSL_ENABLED" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \
      -o "x$GNUTLS_ENABLED" = "x1" -o "x$NSS_ENABLED" = "x1" \
      -o "x$DARWINSSL_ENABLED" = "x1" \); then
  SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SMB"
@ -3560,6 +3839,7 @@ AC_CONFIG_FILES([Makefile \
           include/curl/Makefile \
           src/Makefile \
           lib/Makefile \
+           scripts/Makefile \
           lib/libcurl.vers \
           tests/Makefile \
           tests/certs/Makefile \
@ -3611,13 +3891,15 @@ AC_MSG_NOTICE([Configured to build curl/libcurl:
  --libcurl option: ${curl_libcurl_msg}
  Verbose errors:   ${curl_verbose_msg}
  SSPI support:     ${curl_sspi_msg}
-  ca cert bundle:   ${ca}
-  ca cert path:     ${capath}
+  ca cert bundle:   ${ca}${ca_warning}
+  ca cert path:     ${capath}${capath_warning}
+  ca fallback:      ${with_ca_fallback}
  LDAP support:     ${curl_ldap_msg}
  LDAPS support:    ${curl_ldaps_msg}
  RTSP support:     ${curl_rtsp_msg}
  RTMP support:     ${curl_rtmp_msg}
  metalink support: ${curl_mtlnk_msg}
+  PSL support:      ${curl_psl_msg}
  HTTP2 support:    ${curl_h2_msg}
  Protocols:        ${SUPPORT_PROTOCOLS}
 ])
--- a/curl-config.in
+++ b/curl-config.in
@ -10,7 +10,7 @@
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
-# are also available at http://curl.haxx.se/docs/copyright.html.
+# are also available at https://curl.haxx.se/docs/copyright.html.
 #
 # You may opt to use, copy, modify, merge, publish, distribute and/or sell
 # copies of the Software, and permit persons to whom the Software is
@ -71,7 +71,7 @@ while test $# -gt 0; do
        ;;

    --ca)
-        echo "@CURL_CA_BUNDLE@"
+        echo @CURL_CA_BUNDLE@
        ;;

    --cc)
--- a/docs/BINDINGS
+++ b/docs/BINDINGS
@ -27,7 +27,7 @@ Basic

 C
  libcurl is a C library in itself!
-  http://curl.haxx.se/libcurl/
+  https://curl.haxx.se/libcurl/

 C++

@ -50,7 +50,7 @@ Cocoa
 D

  Written by Kenneth Bogert
-  http://curl.haxx.se/libcurl/d/
+  http://dlang.org/library/std/net/curl.html

 Dylan

@ -60,7 +60,7 @@ Dylan
 Eiffel

  Written by Eiffel Software
-  http://curl.haxx.se/libcurl/eiffel/
+  https://room.eiffel.com/library/curl

 Euphoria

@ -78,7 +78,7 @@ Ferite

 Gambas

-  http://gambas.sourceforge.net
+  http://gambas.sourceforge.net/

 glib/GTK+

@ -90,6 +90,11 @@ Guile:
  Written by Michael L. Gran
  http://www.lonelycactus.com/guile-curl.html

+Harbour
+
+  Written by Viktor Szakáts
+  https://github.com/vszakats/harbour-core/tree/master/contrib/hbcurl
+
 Haskell

  Written by Galois, Inc
@ -97,8 +102,7 @@ Haskell

 Java

-  Maintained by [blank]
-  http://curl.haxx.se/libcurl/java/
+  https://github.com/pjlegato/curl-java

 Julia

@ -115,7 +119,7 @@ Lua
  luacurl by Alexander Marinov
  http://luacurl.luaforge.net/

-  Lua-cURL by Jürgen Hötzel
+  Lua-cURL by Jürgen Hötzel
  http://luaforge.net/projects/lua-curl/

 Mono
@ -126,7 +130,7 @@ Mono
 .NET

  libcurl-net by Jeffrey Phillips
-  http://sourceforge.net/projects/libcurl-net/
+  https://sourceforge.net/projects/libcurl-net/

 node.js

@ -141,7 +145,7 @@ Object-Pascal
 O'Caml

  Written by Lars Nilsson
-  http://sourceforge.net/projects/ocurl/
+  https://sourceforge.net/projects/ocurl/

 Pascal

@ -150,13 +154,13 @@ Pascal

 Perl

-  Maintained by Cris Bailiff
-  http://curl.haxx.se/libcurl/perl/
+  Maintained by Cris Bailiff and Bálint Szilakszi
+  https://github.com/szbalint/WWW--Curl

 PHP

  Written by Sterling Hughes
-  http://curl.haxx.se/libcurl/php/
+  https://php.net/curl

 PostgreSQL

@ -170,8 +174,7 @@ Python

 R

-  RCurl by Duncan Temple Lang
-  http://www.omegahat.org/RCurl/
+  http://cran.r-project.org/package=curl

 Rexx

@ -181,7 +184,7 @@ Rexx
 RPG

  Support for ILE/RPG on OS/400 is included in source distribution
-  http://curl.haxx.se/libcurl/
+  https://curl.haxx.se/libcurl/
  See packages/OS400/README.OS400 and packages/OS400/curl.inc.in

 Ruby
@ -192,10 +195,15 @@ Ruby
  ruby-curl-multi - written by Kristjan Petursson and Keith Rarick
  http://curl-multi.rubyforge.org/

+Rust
+
+  curl-rust - by Carl Lerche
+  https://github.com/carllerche/curl-rust
+
 Scheme

  Bigloo binding by Kirill Lisovsky
-  http://curl.haxx.se/libcurl/scheme/
+  http://www.metapaper.net/lisovsky/web/curl/

 S-Lang

@ -219,13 +227,13 @@ SPL

 Tcl

-  Tclcurl by Andrés García
-  http://personal1.iddeo.es/andresgarci/tclcurl/english/docs.html
+  Tclcurl by Andrés García
+  http://mirror.yellow5.com/tclcurl/

 Visual Basic

  libcurl-vb by Jeffrey Phillips
-  http://sourceforge.net/projects/libcurl-vb/
+  https://sourceforge.net/projects/libcurl-vb/

 Visual Foxpro

@ -245,3 +253,8 @@ XBLite

  Written by David Szafranski
  http://perso.wanadoo.fr/xblite/libraries.html
+
+Xojo
+
+  Written by Andrew Lambert
+  https://github.com/charonn0/RB-libcURL
--- a/docs/BUGS
+++ b/docs/BUGS
@ -35,14 +35,12 @@ BUGS
  have a go at a solution. You can optionally also post your bug/problem at
  curl's bug tracking system over at

-        https://sourceforge.net/p/curl/bugs/
+        https://github.com/curl/curl/issues

-  Please read the rest of this document below first before doing that! Also,
-  you need to login to your sourceforge account before being able to submit a
-  bug report (necessary evil done to avoid spam).
+  Please read the rest of this document below first before doing that!

  If you feel you need to ask around first, find a suitable mailing list and
-  post there. The lists are available on http://curl.haxx.se/mail/
+  post there. The lists are available on https://curl.haxx.se/mail/

 1.3 What to report

--- a/docs/CODE_OF_CONDUCT.md
+++ b/docs/CODE_OF_CONDUCT.md
@ -0,0 +1,32 @@
+Contributor Code of Conduct
+===========================
+
+As contributors and maintainers of this project, we pledge to respect all
+people who contribute through reporting issues, posting feature requests,
+updating documentation, submitting pull requests or patches, and other
+activities.
+
+We are committed to making participation in this project a harassment-free
+experience for everyone, regardless of level of experience, gender, gender
+identity and expression, sexual orientation, disability, personal appearance,
+body size, race, ethnicity, age, or religion.
+
+Examples of unacceptable behavior by participants include the use of sexual
+language or imagery, derogatory comments or personal attacks, trolling, public
+or private harassment, insults, or other unprofessional conduct.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct. Project maintainers who do not
+follow the Code of Conduct may be removed from the project team.
+
+This code of conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community.
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by opening an issue or contacting one or more of the project
+maintainers.
+
+This Code of Conduct is adapted from the [Contributor
+Covenant](http://contributor-covenant.org), version 1.1.0, available at
+[http://contributor-covenant.org/version/1/1/0/](http://contributor-covenant.org/version/1/1/0/)
--- a/docs/CODE_STYLE.md
+++ b/docs/CODE_STYLE.md
@ -0,0 +1,185 @@
+# cURL C code style
+
+Source code that has a common style is easier to read than code that uses
+different styles in different places. It helps making the code feel like one
+single code base. Easy-to-read is a very important property of code and helps
+making it easier to review when new things are added and it helps debugging
+code when developers are trying to figure out why things go wrong. A unified
+style is more important than individual contributors having their own personal
+tastes satisfied.
+
+Our C code has a few style rules. Most of them are verified and upheld by the
+lib/checksrc.pl script. Invoked with `make checksrc` or even by default by the
+build system when built after `./configure --enable-debug` has been used.
+
+It is normally not a problem for anyone to follow the guidelines, as you just
+need to copy the style already used in the source code and there are no
+particularly unusual rules in our set of rules.
+
+We also work hard on writing code that are warning-free on all the major
+platforms and in general on as many platforms as possible. Code that obviously
+will cause warnings will not be accepted as-is.
+
+## Naming
+
+Try using a non-confusing naming scheme for your new functions and variable
+names. It doesn't necessarily have to mean that you should use the same as in
+other places of the code, just that the names should be logical,
+understandable and be named according to what they're used for. File-local
+functions should be made static. We like lower case names.
+
+See the INTERNALS document on how we name non-exported library-global symbols.
+
+## Indenting
+
+We use only spaces for indentation, never TABs. We use two spaces for each new
+open brace.
+
+    if(something_is_true) {
+      while(second_statement == fine) {
+        moo();
+      }
+    }
+
+## Comments
+
+Since we write C89 code, `//` comments are not allowed. They weren't
+introduced in the C standard until C99. We use only `/*` and `*/` comments:
+
+    /* this is a comment */
+
+## Long lines
+
+Source code in curl may never be wider than 80 columns and there are two
+reasons for maintaining this even in the modern era of very large and high
+resolution screens:
+
+1. Narrower columns are easier to read than very wide ones. There's a reason
+   newspapers have used columns for decades or centuries.
+
+2. Narrower columns allow developers to easier show multiple pieces of code
+   next to each other in different windows. I often have two or three source
+   code windows next to each other on the same screen - as well as multiple
+   terminal and debugging windows.
+
+## Braces
+
+In if/while/do/for expressions, we write the open brace on the same line as
+the keyword and we then set the closing brace on the same indentation level as
+the initial keyword. Like this:
+
+    if(age < 40) {
+      /* clearly a youngster */
+    }
+
+When we write functions however, the opening brace should be in the first
+column of the first line:
+
+    int main(int argc, char **argv)
+    {
+      return 1;
+    }
+
+## 'else' on the following line
+
+When adding an `else` clause to a conditional expression using braces, we add
+it on a new line after the closing brace. Like this:
+
+    if(age < 40) {
+      /* clearly a youngster */
+    }
+    else {
+      /* probably grumpy */
+    }
+
+## No space before parentheses
+
+When writing expressions using if/while/do/for, there shall be no space
+between the keyword and the open parenthesis. Like this:
+
+    while(1) {
+      /* loop forever */
+    }
+
+## Use boolean conditions
+
+Rather than test a conditional value such as a bool against TRUE or FALSE, a
+pointer against NULL or != NULL and an int against zero or not zero in
+if/while conditions we prefer:
+
+    result = do_something();
+    if(!result) {
+      /* something went wrong */
+      return result;
+    }
+
+## No assignments in conditions
+
+To increase readability and reduce complexity of conditionals, we avoid
+assigning variables within if/while conditions. We frown upon this style:
+
+    if((ptr = malloc(100)) == NULL)
+      return NULL;
+
+and instead we encourage the above version to be spelled out more clearly:
+
+    ptr = malloc(100);
+    if(!ptr)
+      return NULL;
+
+## New block on a new line
+
+We never write multiple statements on the same source line, even for very
+short if() conditions.
+
+    if(a)
+      return TRUE;
+    else if(b)
+      return FALSE;
+
+and NEVER:
+
+    if(a) return TRUE;
+    else if(b) return FALSE;
+
+## Space around operators
+
+Please use spaces on both sides of operators in C expressions.  Postfix `(),
+[], ->, ., ++, --` and Unary `+, - !, ~, &` operators excluded they should
+have no space.
+
+Examples:
+
+    bla = func();
+    who = name[0];
+    age += 1;
+    true = !false;
+    size += -2 + 3 * (a + b);
+    ptr->member = a++;
+    struct.field = b--;
+    ptr = &address;
+    contents = *pointer;
+    complement = ~bits;
+
+## Platform dependent code
+
+Use `#ifdef HAVE_FEATURE` to do conditional code. We avoid checking for
+particular operating systems or hardware in the #ifdef lines. The HAVE_FEATURE
+shall be generated by the configure script for unix-like systems and they are
+hard-coded in the config-[system].h files for the others.
+
+We also encourage use of macros/functions that possibly are empty or defined
+to constants when libcurl is built without that feature, to make the code
+seamless. Like this style where the `magic()` function works differently
+depending on a build-time conditional:
+
+    #ifdef HAVE_MAGIC
+    void magic(int a)
+    {
+      return a + 2;
+    }
+    #else
+    #define magic(x) 1
+    #endif
+
+    int content = magic(3);
--- a/docs/CONTRIBUTE
+++ b/docs/CONTRIBUTE
@ -15,18 +15,13 @@
 1.2 License
 1.3 What To Read

- 2. cURL Coding Standards
- 2.1 Naming
- 2.2 Indenting
- 2.3 Commenting
- 2.4 Line Lengths
- 2.5 General Style
- 2.6 Non-clobbering All Over
- 2.7 Platform Dependent Code
- 2.8 Write Separate Patches
- 2.9 Patch Against Recent Sources
- 2.10 Document
- 2.11 Test Cases
+ 2. Write a good patch
+ 2.1 Follow code style
+ 2.2 Non-clobbering All Over
+ 2.3 Write Separate Patches
+ 2.4 Patch Against Recent Sources
+ 2.5 Document
+ 2.6 Test Cases

 3. Pushing Out Your Changes
 3.1 Write Access to git Repository
@ -34,7 +29,7 @@
 3.3 How To Make a Patch without git
 3.4 How to get your changes into the main sources
 3.5 Write good commit messages
- 3.6 Please don't send pull requests
+ 3.6 About pull requests

 ==============================================================================

@ -42,16 +37,20 @@

 1.1 Join the Community

- Skip over to http://curl.haxx.se/mail/ and join the appropriate mailing
+ Skip over to https://curl.haxx.se/mail/ and join the appropriate mailing
 list(s).  Read up on details before you post questions. Read this file before
 you start sending patches! We prefer patches and discussions being held on
 the mailing list(s), not sent to individuals.

 Before posting to one of the curl mailing lists, please read up on the mailing
- list etiquette: http://curl.haxx.se/mail/etiquette.html
+ list etiquette: https://curl.haxx.se/mail/etiquette.html

 We also hang out on IRC in #curl on irc.freenode.net

+ If you're at all interested in the code side of things, consider clicking
+ 'watch' on the curl repo at github to get notified on pull requests and new
+ issues posted there.
+
 1.2. License

 When contributing with code, you agree to put your changes and new code under
@ -78,53 +77,20 @@

 1.3 What To Read

- Source code, the man pages, the INTERNALS document, TODO, KNOWN_BUGS, the
- most recent CHANGES. Just lurking on the curl-library mailing list is gonna
- give you a lot of insights on what's going on right now. Asking there is a
- good idea too.
+ Source code, the man pages, the INTERNALS document, TODO, KNOWN_BUGS and the
+ most recent changes in the git log. Just lurking on the curl-library mailing
+ list is gonna give you a lot of insights on what's going on right now. Asking
+ there is a good idea too.

-2. cURL Coding Standards
+2. Write a good patch

-2.1 Naming
+2.1 Follow code style

- Try using a non-confusing naming scheme for your new functions and variable
- names. It doesn't necessarily have to mean that you should use the same as in
- other places of the code, just that the names should be logical,
- understandable and be named according to what they're used for. File-local
- functions should be made static. We like lower case names.
+ When writing C code, follow the CODE_STYLE already established in the
+ project. Consistent style makes code easier to read and mistakes less likely
+ to happen.

- See the INTERNALS document on how we name non-exported library-global
- symbols.
-
-2.2 Indenting
-
- Use the same indenting levels and bracing method as all the other code
- already does. It makes the source code easier to follow if all of it is
- written using the same style. We don't ask you to like it, we just ask you to
- follow the tradition! ;-) This mainly means: 2-level indents, using spaces
- only (no tabs) and having the opening brace ({) on the same line as the if()
- or while().
-
- Also note that we use if() and while() with no space before the parenthesis.
-
-2.3 Commenting
-
- Comment your source code extensively using C comments (/* comment */), DO NOT
- use C++ comments (// this style). Commented code is quality code and enables
- future modifications much more. Uncommented code risk having to be completely
- replaced when someone wants to extend things, since other persons' source
- code can get quite hard to read.
-
-2.4 Line Lengths
-
- We write source lines shorter than 80 columns.
-
-2.5 General Style
-
- Keep your functions small. If they're small you avoid a lot of mistakes and
- you don't accidentally mix up variables etc.
-
-2.6 Non-clobbering All Over
+2.2 Non-clobbering All Over

 When you write new functionality or fix bugs, it is important that you don't
 fiddle all over the source files and functions. Remember that it is likely
@ -133,14 +99,7 @@
 functionality, try writing it in a new source file. If you fix bugs, try to
 fix one bug at a time and send them as separate patches.

-2.7 Platform Dependent Code
-
- Use #ifdef HAVE_FEATURE to do conditional code. We avoid checking for
- particular operating systems or hardware in the #ifdef lines. The
- HAVE_FEATURE shall be generated by the configure script for unix-like systems
- and they are hard-coded in the config-[system].h files for the others.
-
-2.8 Write Separate Patches
+2.3 Write Separate Patches

 It is annoying when you get a huge patch from someone that is said to fix 511
 odd problems, but discussions and opinions don't agree with 510 of them - or
@ -154,14 +113,14 @@
 Also, separate patches enable bisecting much better when we track problems in
 the future.

-2.9 Patch Against Recent Sources
+2.4 Patch Against Recent Sources

 Please try to get the latest available sources to make your patches
 against. It makes the life of the developers so much easier. The very best is
 if you get the most up-to-date sources from the git repository, but the
 latest release archive is quite OK as well!

-2.10 Document
+2.5 Document

 Writing docs is dead boring and one of the big problems with many open source
 projects. Someone's gotta do it. It makes it a lot easier if you submit a
@ -172,7 +131,7 @@
 ASCII files. All HTML files on the web site and in the release archives are
 generated from the nroff/ASCII versions.

-2.11 Test Cases
+2.6 Test Cases

 Since the introduction of the test suite, we can quickly verify that the main
 features are working as they're supposed to. To maintain this situation and
@ -199,7 +158,7 @@

 You need to first checkout the repository:

-     git clone git://github.com/bagder/curl.git
+     git clone https://github.com/curl/curl.git

 You then proceed and edit all the files you like and you commit them to your
 local repository:
@ -241,8 +200,8 @@

 For unix-like operating systems:

-     http://www.gnu.org/software/patch/patch.html
-     http://www.gnu.org/directory/diffutils.html
+     https://savannah.gnu.org/projects/patch/
+     https://www.gnu.org/software/diffutils/

 For Windows:

@ -288,27 +247,15 @@
 and make sure that you have your own user and email setup correctly in git
 before you commit

-3.6 Please don't send pull requests
+3.6 About pull requests

 With git (and especially github) it is easy and tempting to send a pull
- request to one or more people in the curl project to have changes merged this
- way instead of mailing patches to the curl-library mailing list.
+ request to the curl project to have changes merged this way instead of
+ mailing patches to the curl-library mailing list.

- We don't like that. We want them mailed for these reasons:
+ We used to dislike this but we're trying to change that and accept that this
+ is a frictionless way for people to contribute to the project. We now welcome
+ pull requests!

- - Peer review. Anyone and everyone on the list can review, comment and
-   improve on the patch. Pull requests limit this ability.
-
- - Anyone can merge the patch into their own trees for testing and those who
-   have push rights can push it to the main repo. It doesn't have to be anyone
-   the patch author knows beforehand.
-
- - Commit messages can be tweaked and changed if merged locally instead of
-   using github. Merges directly on github requires the changes to be perfect
-   already, which they seldom are.
-
- - Merges on github prevents rebases and even enforces --no-ff which is a git
-   style we don't otherwise use in the project
-
- However: once patches have been reviewed and deemed fine on list they are
- perfectly OK to be pulled from a published git tree.
+ We will continue to avoid using github's merge tools to make the history
+ linear and to make sure commits follow our style guidelines.
--- a/docs/DISTRO-DILEMMA
+++ b/docs/DISTRO-DILEMMA
@ -1,176 +0,0 @@
-  Date: February 11, 2007
-  Author: Daniel Stenberg <daniel@haxx.se>
-  URL: http://curl.haxx.se/legal/distro-dilemma.html
-
-Condition
-
- This document is written to describe the situation as it is right now.
- libcurl 7.16.1 is currently the latest version available. Things may of
- course change in the future.
-
- This document reflects my view and understanding of these things. Please tell
- me where and how you think I'm wrong, and I'll try to correct my mistakes.
-
-Background
-
- The Free Software Foundation has deemed the Original BSD license[1] to be
- "incompatible"[2] with GPL[3]. I'd rather say it is the other way around, but
- the point is the same: if you distribute a binary version of a GPL program,
- it MUST NOT be linked with any Original BSD-licensed parts or libraries.
- Doing so will violate the GPL license. For a long time, very many GPL
- licensed programs have avoided this license mess by adding an exception[8] to
- their license. And many others have just closed their eyes for this problem.
-
- libcurl is MIT-style[4] licensed - how on earth did this dilemma fall onto
- our plates?
-
- libcurl is only a little library. libcurl can be built to use OpenSSL for its
- SSL/TLS capabilities. OpenSSL is basically Original BSD licensed[5].
-
- If libcurl built to use OpenSSL is used by a GPL-licensed application and you
- decide to distribute a binary version of it (Linux distros - for example -
- tend to), you have a clash. GPL vs Original BSD.
-
- This dilemma is not libcurl-specific nor is it specific to any particular
- Linux distro. (This article mentions and refers to Debian several times, but
- only because Debian seems to be the only Linux distro to have faced this
- issue yet since no other distro is shipping libcurl built with two SSL
- libraries.)
-
-Part of the Operating System
-
- This would not be a problem if the used lib would be considered part of the
- underlying operating system, as then the GPL license has an exception
- clause[6] that allows applications to use such libs without having to be
- allowed to distribute it or its sources. Possibly some distros will claim
- that OpenSSL is part of their operating system.
-
- Debian does however not take this stance and has officially(?) claimed that
- OpenSSL is not a required part of the Debian operating system
-
- Some people claim that this paragraph cannot be exploited this way by a Linux
- distro, but I am not a lawyer and that is a discussion left outside of this
- document.
-
-GnuTLS
-
- Since May 2005 libcurl can get built to use GnuTLS instead of OpenSSL. GnuTLS
- is an LGPL[7] licensed library that offers a matching set of features as
- OpenSSL does. Now, you can build and distribute an TLS/SSL capable libcurl
- without including any Original BSD licensed code.
-
- I believe Debian is the first (only?) distro that provides libcurl/GnuTLS
- packages.
-
-yassl
-
- libcurl can get also get built to use yassl for the TLS/SSL layer. yassl is a
- GPL[3] licensed library.
-
-
-GnuTLS vs OpenSSL vs yassl
-
- While these three libraries offer similar features, they are not equal.
- libcurl does not (yet) offer a standardized stable ABI if you decide to
- switch from using libcurl-openssl to libcurl-gnutls or vice-versa. The GnuTLS
- and yassl support is very recent in libcurl and it has not been tested nor
- used very extensively, while the OpenSSL equivalent code has been used and
- thus matured since 1999.
-
- GnuTLS
-   - LGPL licensed
-   - supports SRP
-   - lacks SSLv2 support
-   - lacks MD2 support (used by at least some CA certs)
-   - lacks the crypto functions libcurl uses for NTLM
-
- OpenSSL
-   - Original BSD licensed
-   - lacks SRP
-   - supports SSLv2
-   - older and more widely used
-   - provides crypto functions libcurl uses for NTLM
-   - libcurl can do non-blocking connects with it in 7.15.4 and later
-
- yassl
-   - GPL licensed
-   - much untested and unproven in the real work by (lib)curl users so we don't
-     know a lot about restrictions or benefits from using this
-
-The Better License, Original BSD, GPL or LGPL?
-
- It isn't obvious or without debate to any objective interested party that
- either of these licenses are the "better" or even the "preferred" one in a
- generic situation.
-
- Instead, I think we should accept the fact that the SSL/TLS libraries and
- their different licenses will fit different applications and their authors
- differently depending on the applications' licenses and their general usage
- pattern (considering how GPL and LGPL libraries for example can be burdensome
- for embedded systems usage).
-
- In Debian land, there seems to be a common opinion that LGPL is "maximally
- compatible" with apps while Original BSD is not. Like this:
-
-        http://lists.debian.org/debian-devel/2005/09/msg01417.html
-
-More SSL Libraries
-
- In libcurl, there's no stopping us here. There are more Open Source/Free
- SSL/TLS libraries out there and we would very much like to support them as
- well, to offer application authors an even wider scope of choice.
-
-Application Angle of this Problem
-
- libcurl is built to use one SSL/TLS library. It uses a single fixed name (by
- default) on the built/created lib file, and applications are built/linked to
- use that single lib. Replacing one libcurl instance with another one that
- uses the other SSL/TLS library might break one or more applications (due to
- ABI differences and/or different feature set). You want your application to
- use the libcurl it was built for.
-
-Project cURL Angle of this Problem
-
- We distribute libcurl and everyone may build libcurl with either library at
- their choice. This problem is not directly a problem of ours. It merely
- affects users - GPL application authors only - of our lib as it comes
- included and delivered on some distros.
-
- libcurl has different ABI when built with different SSL/TLS libraries due to
- these reasons:
-
- 1. No one has worked on fixing this. The mutex/lock callbacks should be set
-    with a generic libcurl function that should use the proper underlying
-    functions.
-
- 2. The CURLOPT_SSL_CTX_FUNCTION option is not possible to "emulate" on GnuTLS
-    but simply requires OpenSSL.
-
- 3. There might be some other subtle differences just because nobody has yet
-    tried to make a fixed ABI like this.
-
-Distro Angle of this Problem
-
- To my knowledge there is only one distro that ships libcurl built with either
- OpenSSL or GnuTLS.
-
- Debian Linux is now (since mid September 2005) providing two different
- libcurl packages, one for libcurl built with OpenSSL and one built with
- GnuTLS. They use different .so names and can this both be installed in a
- single system simultaneously. This has been said to be a transitional system
- not desired to keep in the long run.
-
-Footnotes
-
- [1] = http://www.xfree86.org/3.3.6/COPYRIGHT2.html#6
- [2] = http://www.fsf.org/licensing/essays/bsd.html
- [3] = http://www.fsf.org/licensing/licenses/gpl.html
- [4] = http://curl.haxx.se/docs/copyright.html
- [5] = http://www.openssl.org/source/license.html
- [6] = http://www.fsf.org/licensing/licenses/gpl.html end of section 3
- [7] = http://www.fsf.org/licensing/licenses/lgpl.html
- [8] = http://en.wikipedia.org/wiki/OpenSSL_exception
-
-Feedback/Updates provided by
-
- Eric Cooper
--- a/docs/FAQ
+++ b/docs/FAQ
@ -21,6 +21,7 @@ FAQ
  1.12 I have a problem who can I chat with?
  1.13 curl's ECCN number?
  1.14 How do I submit my patch?
+  1.15 How do I port libcurl to my OS?

 2. Install Related Problems
  2.1 configure doesn't find OpenSSL even when it is installed
@ -29,6 +30,7 @@ FAQ
  2.2 Does curl work/build with other SSL libraries?
  2.3 Where can I find a copy of LIBEAY32.DLL?
  2.4 Does curl support SOCKS (RFC 1928) ?
+  2.5 Install libcurl for both 32bit and 64bit?

 3. Usage Problems
  3.1 curl: (1) SSL is disabled, https: not supported
@ -81,6 +83,7 @@ FAQ
  4.18 file:// URLs containing drive letters (Windows, NetWare)
  4.19 Why doesn't cURL return an error when the network cable is unplugged?
  4.20 curl doesn't return error for HTTP non-200 responses!
+  4.21 Why is there a HTTP/1.1 in my HTTP/2 request?

 5. libcurl Issues
  5.1 Is libcurl thread-safe?
@ -223,7 +226,9 @@ FAQ
  implement it for you, that is not a very friendly attitude. We spend a
  considerable time already on maintaining and developing curl. In order to
  get more out of us, you should consider trading in some of your time and
-  efforts in return.
+  efforts in return. Simply go to the GitHub repo which resides at
+  https://github.com/curl/curl, fork the project, and create pull requests
+  with your proposed changes.

  If you write the code, chances are bigger that it will get into curl faster.

@ -249,9 +254,10 @@ FAQ

  We still get help from companies. Haxx provides web site, bandwidth, mailing
  lists etc, sourceforge.net hosts project services we take advantage from,
-  like the bug tracker and github hosts the primary git repository. Also
-  again, some companies have sponsored certain parts of the development in the
-  past and I hope some will continue to do so in the future.
+  like the bug tracker, and GitHub hosts the primary git repository at
+  https://github.com/curl/curl. Also again, some companies have sponsored
+  certain parts of the development in the past and I hope some will continue to
+  do so in the future.

  If you want to support our project, consider a donation or a banner-program
  or even better: by helping us coding, documenting, testing etc.
@ -276,7 +282,7 @@ FAQ
  Please do not mail any single individual unless you really need to. Keep
  curl-related questions on a suitable mailing list. All available mailing
  lists are listed in the MANUAL document and online at
-  http://curl.haxx.se/mail/
+  https://curl.haxx.se/mail/

  Keeping curl-related questions and discussions on mailing lists allows
  others to join in and help, to share their ideas, contribute their
@ -297,7 +303,7 @@ FAQ
  your curl-related problems.

  We list available alternatives on the curl web site:
-  http://curl.haxx.se/support.html
+  https://curl.haxx.se/support.html

  1.10 How many are using curl?

@ -314,7 +320,7 @@ FAQ
  In May 2012 Daniel did a counting game and came up with a number that may
  be completely wrong or somewhat accurate. Over 500 million!

-  See http://daniel.haxx.se/blog/2012/05/16/300m-users/
+  See https://daniel.haxx.se/blog/2012/05/16/300m-users/

  1.11 Why don't you update ca-bundle.crt

@ -336,7 +342,7 @@ FAQ
  If you want the most recent collection of ca certs that Mozilla Firefox
  uses, we recommend that you extract the collection yourself from Mozilla
  Firefox (by running 'make ca-bundle), or by using our online service setup
-  for this purpose: http://curl.haxx.se/docs/caextract.html
+  for this purpose: https://curl.haxx.se/docs/caextract.html

  1.12 I have a problem who can I chat with?

@ -350,13 +356,15 @@ FAQ
  cryptography. When doing so, the Export Control Classification Number (ECCN)
  is used to identify the level of export control etc.

-  ASF gives a good explanation at http://www.apache.org/dev/crypto.html
+  Apache Software Foundation gives a good explanation of ECCNs at
+  https://www.apache.org/dev/crypto.html

  We believe curl's number might be ECCN 5D002, another possibility is
-  5D992. It seems necessary to write them, asking to confirm.
+  5D992. It seems necessary to write them (the authority that administers ECCN
+  numbers), asking to confirm.

-  Comprehensible explanations of the meaning of such numbers and how to
-  obtain them (resp.) are here
+  Comprehensible explanations of the meaning of such numbers and how to obtain
+  them (resp.) are here

  http://www.bis.doc.gov/licensing/exportingbasics.htm
  http://www.bis.doc.gov/licensing/do_i_needaneccn.html
@ -379,6 +387,19 @@ FAQ

  Lots of more details are found in the CONTRIBUTE and INTERNALS docs.

+  1.15 How do I port libcurl to my OS?
+
+  Here's a rough step-by-step:
+
+  1. copy a suitable lib/config-*.h file as a start to lib/config-[youros].h
+
+  2. edit lib/config-[youros].h to match your OS and setup
+
+  3. edit lib/curl_setup.h to include config-[youros].h when your OS is
+     detected by the preprocessor, in the style others already exist
+
+  4. compile lib/*.c and make them into a library
+

 2. Install Related Problems

@ -429,7 +450,7 @@ FAQ
  GnuTLS, yassl, NSS, PolarSSL, axTLS, Secure Transport (native iOS/OS X),
  WinSSL (native Windows) or GSKit (native IBM i). They all have their pros
  and cons, and we try to maintain a comparison of them here:
-  http://curl.haxx.se/docs/ssl-compared.html
+  https://curl.haxx.se/docs/ssl-compared.html

  2.3 Where can I find a copy of LIBEAY32.DLL?

@ -444,6 +465,32 @@ FAQ

  Yes, SOCKS 4 and 5 are supported.

+  2.5 Install libcurl for both 32bit and 64bit?
+
+  In curl's configure procedure one of the regular include files get created
+  with platform specific information. The file 'curl/curlbuild.h' in the
+  installed libcurl file tree is therefore somewhat tied to that particular
+  platform.
+
+  To allow applications to get built for either 32bit or 64bit you need to
+  install libcurl headers for both setups and unfortunately curl doesn't do
+  this automatically.
+
+  A commonly used procedure is this:
+
+     $ ./configure [32bit platform]
+     $ mv curl/curlbuild.h curl/curlbuild-32bit.h
+     $ ./configure [64bit platform]
+     $ mv curl/curlbuild.h curl/curlbuild-64bit.h
+
+  Then you make a toplevel curl/curlbuild.h replacement that only does this:
+
+     #ifdef IS_32BIT
+     #include "curlbuild-32bit.h"
+     else
+     #include "curlbuild-64bit.h"
+     #endif
+

 3. Usage problems

@ -541,7 +588,7 @@ FAQ

  Find out more about which languages that support curl directly, and how to
  install and use them, in the libcurl section of the curl web site:
-  http://curl.haxx.se/libcurl/
+  https://curl.haxx.se/libcurl/

  All the various bindings to libcurl are made by other projects and people,
  outside of the cURL project. The cURL project itself only produces libcurl
@ -674,7 +721,7 @@ FAQ
  certificate. Server certificate verification is enabled by default in curl
  and libcurl and is often the reason for problems as explained in FAQ entry
  4.12 and the SSLCERTS document
-  (http://curl.haxx.se/docs/sslcerts.html). Server certificates that are
+  (https://curl.haxx.se/docs/sslcerts.html). Server certificates that are
  "self-signed" or otherwise signed by a CA that you do not have a CA cert
  for, cannot be verified. If the verification during a connect fails, you are
  refused access. You then need to explicitly disable the verification to
@ -965,7 +1012,7 @@ FAQ
  this check.

  Details are also in the SSLCERTS file in the release archives, found online
-  here: http://curl.haxx.se/docs/sslcerts.html
+  here: https://curl.haxx.se/docs/sslcerts.html

  4.13 Why is curl -R on Windows one hour off?

@ -1027,7 +1074,7 @@ FAQ
  timeout is set.

  See option TcpMaxConnectRetransmissions on this page:
-  http://support.microsoft.com/?scid=kb%3Ben-us%3B175523&x=6&y=7
+  https://support.microsoft.com/en-us/kb/175523/en-us

  Also, even on non-Windows systems there may run a firewall or anti-virus
  software or similar that accepts the connection but does not actually do
@ -1044,7 +1091,7 @@ FAQ
  You'll find that even if D:\blah.txt does exist, cURL returns a 'file
  not found' error.

-  According to RFC 1738 (http://www.faqs.org/rfcs/rfc1738.html),
+  According to RFC 1738 (https://www.ietf.org/rfc/rfc1738.txt),
  file:// URLs must contain a host component, but it is ignored by
  most implementations. In the above example, 'D:' is treated as the
  host component, and is taken away. Thus, cURL tries to open '/blah.txt'.
@ -1072,7 +1119,7 @@ FAQ

  In such cases, the TCP/IP stack is responsible for detecting when the
  network connection is irrevocably lost. Since with some protocols it is
-  perfectly legal for the client wait indefinitely for data, the stack may
+  perfectly legal for the client to wait indefinitely for data, the stack may
  never report a problem, and even when it does, it can take up to 20 minutes
  for it to detect an issue.  The curl option --keepalive-time enables
  keep-alive support in the TCP/IP stack which makes it periodically probe the
@ -1116,6 +1163,16 @@ FAQ
  You can also use the -w option and the variable %{response_code} to extract
  the exact response code that was return in the response.

+  4.21 Why is there a HTTP/1.1 in my HTTP/2 request?
+
+  If you use verbose to see the HTTP request when you send off a HTTP/2
+  request, it will still say 1.1.
+
+  The reason for this is that we first generate the request to send using the
+  old 1.1 style and show that request in the verbose output, and then we
+  convert it over to the binary header-compressed HTTP/2 style. The actual
+  "1.1" part from that request is then not actually used in the transfer. The
+  binary HTTP/2 headers are not human readable.

 5. libcurl Issues

@ -1138,13 +1195,13 @@ FAQ
  If you use a OpenSSL-powered libcurl in a multi-threaded environment, you
  need to provide one or two locking functions:

-    http://www.openssl.org/docs/crypto/threads.html
+    https://www.openssl.org/docs/crypto/threads.html

  If you use a GnuTLS-powered libcurl in a multi-threaded environment, you
  need to provide locking function(s) for libgcrypt (which is used by GnuTLS
  for the crypto functions).

-    http://www.gnu.org/software/gnutls/manual/html_node/Multi_002dthreaded-applications.html
+    https://web.archive.org/web/20111103083330/http://www.gnu.org/software/gnutls/manual/html_node/Multi_002dthreaded-applications.html

  No special locking is needed with a NSS-powered libcurl. NSS is thread-safe.

@ -1320,7 +1377,7 @@ FAQ
  Also note that on many networks NATs or other IP-munging techniques are used
  that makes you see and use a different IP address locally than what the
  remote server will see you coming from. You may also consider using
-  http://www.torproject.org .
+  https://www.torproject.org/ .

  5.13 How do I stop an ongoing transfer?

@ -1372,7 +1429,7 @@ FAQ
  to do "LIST -a" or similar to see them.

  The application thus needs to parse the LIST output. One such existing
-  list parser is available at http://cr.yp.to/ftpparse.html  Versions of
+  list parser is available at https://cr.yp.to/ftpparse.html  Versions of
  libcurl since 7.21.0 also provide the ability to specify a wildcard to
  download multiple files from one FTP directory.

@ -1491,7 +1548,7 @@ FAQ
  notice" somewhere. Most probably like in the documentation or in the section
  where other third party dependencies already are mentioned and acknowledged.

-  As can be seen here: http://curl.haxx.se/docs/companies.html and elsewhere,
+  As can be seen here: https://curl.haxx.se/docs/companies.html and elsewhere,
  more and more companies are discovering the power of libcurl and take
  advantage of it even in commercial environments.

@ -1511,9 +1568,7 @@ FAQ

  7.2 Who wrote PHP/CURL?

-  PHP/CURL is a module that comes with the regular PHP package. It depends and
-  uses libcurl, so you need to have libcurl installed properly first before
-  PHP/CURL can be used. PHP/CURL was initially written by Sterling Hughes.
+  PHP/CURL was initially written by Sterling Hughes.

  7.3 Can I perform multiple requests using the same handle?

@ -1522,4 +1577,10 @@ FAQ
  unknown to me).

  After a transfer, you just set new options in the handle and make another
-  transfer. This will make libcurl to re-use the same connection if it can.
+  transfer. This will make libcurl re-use the same connection if it can.
+
+  7.4 Does PHP/CURL have dependencies?
+
+  PHP/CURL is a module that comes with the regular PHP package. It depends on
+  and uses libcurl, so you need to have libcurl installed properly before
+  PHP/CURL can be used.
--- a/docs/HISTORY
+++ b/docs/HISTORY
@ -65,7 +65,7 @@ OpenSSL took over where SSLeay was abandoned.
 May, first Debian package.

 August, LDAP:// and FILE:// support added. The curl web site gets 1300 visits
-weekly.
+weekly. Moved site to curl.haxx.nu.

 Released curl 6.0 in September. 15000 lines of code.

@ -81,6 +81,8 @@ the easy interface and turned out to be the beginning of actually getting
 other software and programs to get based on and powered by libcurl. Almost
 20000 lines of code.

+June 2000: the curl site moves to "curl.haxx.se"
+
 August, the curl web site gets 4000 visits weekly.

 The PHP guys adopted libcurl already the same month, when the first ever third
--- a/docs/HTTP-COOKIES
+++ b/docs/HTTP-COOKIES
@ -1,4 +1,4 @@
-Updated: July 3, 2012 (http://curl.haxx.se/docs/http-cookies.html)
+Updated: July 3, 2012 (https://curl.haxx.se/docs/http-cookies.html)
                                  _   _ ____  _
                              ___| | | |  _ \| |
                             / __| | | | |_) | |
@ -34,9 +34,9 @@ HTTP Cookies
  servers with the Cookie: header.

  For a very long time, the only spec explaining how to use cookies was the
-  original Netscape spec from 1994: http://curl.haxx.se/rfc/cookie_spec.html
+  original Netscape spec from 1994: https://curl.haxx.se/rfc/cookie_spec.html

-  In 2011, RFC6265 (http://www.ietf.org/rfc/rfc6265.txt) was finally published
+  In 2011, RFC6265 (https://www.ietf.org/rfc/rfc6265.txt) was finally published
  and details how cookies work within HTTP.

  1.2 Cookies saved to disk
--- a/docs/HTTP2.md
+++ b/docs/HTTP2.md
@ -0,0 +1,111 @@
+HTTP/2 with curl
+================
+
+[HTTP/2 Spec](https://www.rfc-editor.org/rfc/rfc7540.txt)
+[http2 explained](https://daniel.haxx.se/http2/)
+
+Build prerequisites
+-------------------
+  - nghttp2
+  - OpenSSL, NSS, GnutTLS or PolarSSL with a new enough version
+
+[nghttp2](https://nghttp2.org/)
+-------------------------------
+
+libcurl uses this 3rd party library for the low level protocol handling
+parts. The reason for this is that HTTP/2 is much more complex at that layer
+than HTTP/1.1 (which we implement on our own) and that nghttp2 is an already
+existing and well functional library.
+
+We require at least version 1.0.0.
+
+Over an http:// URL
+-------------------
+
+If `CURLOPT_HTTP_VERSION` is set to `CURL_HTTP_VERSION_2_0`, libcurl will
+include an upgrade header in the initial request to the host to allow
+upgrading to HTTP/2.
+
+Possibly we can later introduce an option that will cause libcurl to fail if
+not possible to upgrade. Possibly we introduce an option that makes libcurl
+use HTTP/2 at once over http://
+
+Over an https:// URL
+--------------------
+
+If `CURLOPT_HTTP_VERSION` is set to `CURL_HTTP_VERSION_2_0`, libcurl will use
+ALPN (or NPN) to negotiate which protocol to continue with. Possibly introduce
+an option that will cause libcurl to fail if not possible to use HTTP/2.
+
+`CURL_HTTP_VERSION_2TLS` was added in 7.47.0 as a way to ask libcurl to prefer
+HTTP/2 for HTTPS but stick to 1.1 by default for plain old HTTP connections.
+
+ALPN is the TLS extension that HTTP/2 is expected to use. The NPN extension is
+for a similar purpose, was made prior to ALPN and is used for SPDY so early
+HTTP/2 servers are implemented using NPN before ALPN support is widespread.
+
+`CURLOPT_SSL_ENABLE_ALPN` and `CURLOPT_SSL_ENABLE_NPN` are offered to allow
+applications to explicitly disable ALPN or NPN.
+
+SSL libs
+--------
+
+The challenge is the ALPN and NPN support and all our different SSL
+backends. You may need a fairly updated SSL library version for it to
+provide the necessary TLS features. Right now we support:
+
+  - OpenSSL:  ALPN and NPN
+  - NSS:      ALPN and NPN
+  - GnuTLS:   ALPN
+  - PolarSSL: ALPN
+
+Multiplexing
+------------
+
+Starting in 7.43.0, libcurl fully supports HTTP/2 multiplexing, which is the
+term for doing multiple independent transfers over the same physical TCP
+connection.
+
+To take advantage of multiplexing, you need to use the multi interface and set
+`CURLMOPT_PIPELINING` to `CURLPIPE_MULTIPLEX`. With that bit set, libcurl will
+attempt to re-use existing HTTP/2 connections and just add a new stream over
+that when doing subsequent parallel requests.
+
+While libcurl sets up a connection to a HTTP server there is a period during
+which it doesn't know if it can pipeline or do multiplexing and if you add new
+transfers in that period, libcurl will default to start new connections for
+those transfers. With the new option `CURLOPT_PIPEWAIT` (added in 7.43.0), you
+can ask that a transfer should rather wait and see in case there's a
+connection for the same host in progress that might end up being possible to
+multiplex on. It favours keeping the number of connections low to the cost of
+slightly longer time to first byte transferred.
+
+Applications
+------------
+
+We hide HTTP/2's binary nature and convert received HTTP/2 traffic to headers
+in HTTP 1.1 style. This allows applications to work unmodified.
+
+curl tool
+---------
+
+curl offers the `--http2` command line option to enable use of HTTP/2.
+
+Since 7.47.0, the curl tool enables HTTP/2 by default for HTTPS connections.
+
+HTTP Alternative Services
+-------------------------
+
+Alt-Svc is a suggested extension with a corresponding frame (ALTSVC) in HTTP/2
+that tells the client about an alternative "route" to the same content for the
+same origin server that you get the response from. A browser or long-living
+client can use that hint to create a new connection asynchronously.  For
+libcurl, we may introduce a way to bring such clues to the applicaton and/or
+let a subsequent request use the alternate route
+automatically. [Spec](https://tools.ietf.org/html/draft-ietf-httpbis-alt-svc-14)
+
+TODO
+----
+
+  - Implement "prior-knowledge" HTTP/2 connections over clear text so that
+    curl can connect with HTTP/2 at once without 1.1+Upgrade.
--- a/docs/INSTALL
+++ b/docs/INSTALL
@ -173,13 +173,13 @@ Win32
   advice given above.

   KB94248  - How To Use the C Run-Time
-              http://support.microsoft.com/kb/94248/en-us
+              https://support.microsoft.com/kb/94248/en-us

   KB140584 - How to link with the correct C Run-Time (CRT) library
-              http://support.microsoft.com/kb/140584/en-us
+              https://support.microsoft.com/kb/140584/en-us

   KB190799 - Potential Errors Passing CRT Objects Across DLL Boundaries
-              http://msdn.microsoft.com/en-us/library/ms235460
+              https://msdn.microsoft.com/en-us/library/ms235460

   If your app is misbehaving in some strange way, or it is suffering
   from memory corruption, before asking for further help, please try
@ -209,8 +209,8 @@ Win32
   environment variables, for example:

     set ZLIB_PATH=c:\zlib-1.2.8
-     set OPENSSL_PATH=c:\openssl-0.9.8zc
-     set LIBSSH2_PATH=c:\libssh2-1.4.3
+     set OPENSSL_PATH=c:\openssl-1.0.2c
+     set LIBSSH2_PATH=c:\libssh2-1.6.0

   ATTENTION: if you want to build with libssh2 support you have to use latest
   version 0.17 - previous versions will NOT work with 7.17.0 and later!
@ -232,7 +232,7 @@ Win32
   - optional MingW32-built OpenLDAP SDK available from:
     http://www.gknw.net/mirror/openldap/
   - optional recent Novell CLDAP SDK available from:
-     http://developer.novell.com/ndk/cldap.htm
+     https://www.novell.com/developer/ndk/ldap_libraries_for_c.html

   Cygwin
   ------
@ -254,7 +254,7 @@ Win32
   If you use MSVC 6 it is required that you use the February 2003 edition of
   the 'Platform SDK' which can be downloaded from:

-   http://www.microsoft.com/en-us/download/details.aspx?id=12261
+   https://www.microsoft.com/en-us/download/details.aspx?id=12261

   Building any software with MSVC 6 without having PSDK installed is just
   asking for trouble down the road once you have released it, you might notice
@ -263,7 +263,7 @@ Win32
   software built in such way will at some point regret having done so.

   If the compiler has been updated with the installation of a service pack as
-   those mentioned in http://support.microsoft.com/kb/194022 the compiler can be
+   those mentioned in https://support.microsoft.com/kb/194022 the compiler can be
   safely used to read source code, translate and make it object code.

   But, even with the service packs mentioned above installed, the resulting
@ -299,7 +299,7 @@ Win32
   Then run 'nmake vc' in curl's root directory.

   If you want to compile with zlib support, you will need to build
-   zlib (http://www.gzip.org/zlib/) as well. Please read the zlib
+   zlib (http://www.zlib.net/) as well. Please read the zlib
   documentation on how to compile zlib. Define the ZLIB_PATH environment
   variable to the location of zlib.h and zlib.lib, for example:

@ -471,6 +471,15 @@ Win32
   add '-DCURL_STATICLIB' to your CFLAGS.  Otherwise the linker will look for
   dynamic import symbols.

+   Legacy Windows and SSL
+   ----------------------
+
+   WinSSL (specifically SChannel from Windows SSPI), is the native SSL library
+   in Windows. However, WinSSL in Windows <= XP is unable to connect to servers
+   that no longer support the legacy handshakes and algorithms used by those
+   versions. If you will be using curl in one of those earlier versions of
+   Windows you should choose another SSL backend such as OpenSSL.
+
 Apple iOS and Mac OS X
 ======================

@ -665,12 +674,10 @@ NetWare
   - gnu make and awk running on the platform you compile on;
     native Win32 versions can be downloaded from:
     http://www.gknw.net/development/prgtools/
-   - recent Novell LibC SDK available from:
-     http://developer.novell.com/ndk/libc.htm
-   - or recent Novell CLib SDK available from:
-     http://developer.novell.com/ndk/clib.htm
+   - recent Novell LibC or Novell CLib SDK available from:
+     https://www.novell.com/developer/ndk/
   - optional recent Novell CLDAP SDK available from:
-     http://developer.novell.com/ndk/cldap.htm
+     https://www.novell.com/developer/ndk/ldap_libraries_for_c.html
   - optional zlib sources (static or dynamic linking with zlib.imp);
     sources with NetWare Makefile can be obtained from:
     http://www.gknw.net/mirror/zlib/
@ -699,7 +706,7 @@ NetWare
   Builds automatically created 8 times a day from current git are here:
   http://www.gknw.net/mirror/curl/autobuilds/
   the status of these builds can be viewed at the autobuild table:
-   http://curl.haxx.se/dev/builds.html
+   https://curl.haxx.se/dev/builds.html

 eCos
 ====
@ -825,7 +832,7 @@ VxWorks

   To build libcurl for VxWorks you need:

-      - CYGWIN (free, http://cygwin.com/)
+      - CYGWIN (free, https://cygwin.com/)
      - Wind River Workbench (commercial)

   If you have CYGWIN and Workbench installed on you machine
@ -943,9 +950,10 @@ REDUCING SIZE
   important factor.  First, be sure to set the CFLAGS variable when
   configuring with any relevant compiler optimization flags to reduce the
   size of the binary.  For gcc, this would mean at minimum the -Os option,
-   and potentially the -march=X and -mdynamic-no-pic options as well, e.g.
+   and potentially the -march=X, -mdynamic-no-pic and -flto options as well,
+   e.g.

-      ./configure CFLAGS='-Os' ...
+      ./configure CFLAGS='-Os' LDFLAGS='-Wl,-Bsymbolic'...

   Note that newer compilers often produce smaller code than older versions
   due to improved optimization.
@ -963,7 +971,9 @@ REDUCING SIZE
     --disable-ipv6 (disables support for IPv6)
     --disable-manual (disables support for the built-in documentation)
     --disable-proxy (disables support for HTTP and SOCKS proxies)
+     --disable-unix-sockets (disables support for UNIX sockets)
     --disable-verbose (eliminates debugging strings and error code strings)
+     --disable-versioned-symbols (disables support for versioned symbols)
     --enable-hidden-symbols (eliminates unneeded symbols in the shared library)
     --without-libidn (disables support for the libidn DNS library)
     --without-librtmp (disables support for RTMP)
@ -976,7 +986,7 @@ REDUCING SIZE
   configure command-line, e.g.

     CFLAGS="-Os -ffunction-sections -fdata-sections \
-             -fno-unwind-tables -fno-asynchronous-unwind-tables" \
+             -fno-unwind-tables -fno-asynchronous-unwind-tables -flto" \
     LDFLAGS="-Wl,-s -Wl,-Bsymbolic -Wl,--gc-sections"

   Be sure also to strip debugging symbols from your binaries after
@ -986,9 +996,9 @@ REDUCING SIZE
   .comment section).

   Using these techniques it is possible to create a basic HTTP-only shared
-   libcurl library for i386 Linux platforms that is only 114 KiB in size, and
-   an FTP-only library that is 115 KiB in size (as of libcurl version 7.35.0,
-   using gcc 4.8.2).
+   libcurl library for i386 Linux platforms that is only 109 KiB in size, and
+   an FTP-only library that is 109 KiB in size (as of libcurl version 7.45.0,
+   using gcc 4.9.2).

   You may find that statically linking libcurl to your application will
   result in a lower total size than dynamically linking.
@ -1086,18 +1096,18 @@ Useful URLs

 axTLS        http://axtls.sourceforge.net/
 c-ares       http://c-ares.haxx.se/
-GNU GSS      http://www.gnu.org/software/gss/
-GnuTLS       http://www.gnu.org/software/gnutls/
-Heimdal      http://www.pdc.kth.se/heimdal/
-libidn       http://www.gnu.org/software/libidn/
+GNU GSS      https://www.gnu.org/software/gss/
+GnuTLS       https://www.gnu.org/software/gnutls/
+Heimdal      http://www.h5l.org/
+libidn       https://www.gnu.org/software/libidn/
 libmetalink  https://launchpad.net/libmetalink/
 libssh2      http://www.libssh2.org/
 MIT Kerberos http://web.mit.edu/kerberos/www/dist/
-NSS          http://www.mozilla.org/projects/security/pki/nss/
+NSS          https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS
 OpenLDAP     http://www.openldap.org/
-OpenSSL      http://www.openssl.org/
-PolarSSL     http://polarssl.org/
-yassl        http://www.yassl.com/
+OpenSSL      https://www.openssl.org/
+PolarSSL     https://tls.mbed.org/
+wolfSSL      https://www.wolfssl.com/wolfSSL/
 Zlib         http://www.zlib.net/

 MingW        http://www.mingw.org/
--- a/docs/INSTALL.devcpp
+++ b/docs/INSTALL.devcpp
@ -95,7 +95,7 @@ install instructions may produce erratic behaviour in DevCpp. For further info
 check the following sites

 http://aditsu.freeunixhost.com/dev-cpp-faq.html
-http://sourceforge.net/forum/message.php?msg_id=3252213
+https://sourceforge.net/p/dev-cpp/discussion/48211/thread/2a85ea46

 As I have mentioned before I will confine this to the SSL Library compilations
 but the process is very similar for compilation of the executable - curl.exe;
@ -248,7 +248,7 @@ SSL Files
 openssl-0.9.7e-win32-bin.zip for the minimalist package of the openssl-0.9.7e
 binaries ported to MS Windows 95/98/NT/XP using the MingW32/GCC-3.1
 development environment. The file may be downloaded at
-http://curl.haxx.se/download/.
+https://curl.haxx.se/download/.

 2- Open the above zip file. You will find two files - SDL.dll,
 SDL_mixer.dll. Install them in the directory C:\WINDOWS\SYSTEM32 for Win 9x
--- a/docs/INTERNALS
+++ b/docs/INTERNALS
--- a/docs/KNOWN_BUGS
+++ b/docs/KNOWN_BUGS
@ -3,6 +3,36 @@ join in and help us correct one or more of these! Also be sure to check the
 changelog of the current development status, as one or more of these problems
 may have been fixed since this was written!

+93. It is not possible to pass a 64-bit value using CURLFORM_CONTENTLEN with
+  CURLFORM_ARRAY, when compiled on 32-bit platforms that support 64-bit
+  integers. This is because the underlying structure 'curl_forms' uses a dual
+  purpose char* for storing these values in via casting. For more information
+  see the now closed related issue:
+  https://github.com/curl/curl/issues/608
+  
+92. curl tool 7.47.1 in Windows will not --output to literal paths \\?\ or to
+  reserved dos device names unless the device prefix \\.\ is used. To send
+  output to a device that has a reserved dos device name you can use the
+  Windows device prefix (eg: --output \\.\NUL). You can also use the
+  redirection operator to send output to a literal path or a reserved device
+  name (eg: > NUL).
+  The next release of curl will support --output in Windows to literal paths
+  and to reserved device names without the device prefix.
+  https://github.com/curl/curl/commit/c3aac48
+  https://github.com/curl/curl/commit/4fc80f3
+
+91. "curl_easy_perform hangs with imap and PolarSSL"
+  https://github.com/curl/curl/issues/334
+
+90. IMAP "SEARCH ALL" truncates output on large boxes. "A quick search of the
+  code reveals that pingpong.c contains some truncation code, at line 408,
+  when it deems the server response to be too large truncating it to 40
+  characters"
+  https://curl.haxx.se/bug/view.cgi?id=1366
+
+89. Disabling HTTP Pipelining when there are ongoing transfers can lead to
+  heap corruption and crash. https://curl.haxx.se/bug/view.cgi?id=1411
+
 88. libcurl doesn't support CURLINFO_FILETIME for SFTP transfers and thus
  curl's -R option also doesn't work then.

@ -12,7 +42,7 @@ may have been fixed since this was written!
  mention that decoding also means that we need to check for nastiness that is
  attempted, like "../" sequences and the like. Probably everything to the left
  of any embedded slashes should be cut off.
-  http://curl.haxx.se/bug/view.cgi?id=1294
+  https://curl.haxx.se/bug/view.cgi?id=1294

 86. The disconnect commands (LOGOUT and QUIT) may not be sent by IMAP, POP3
  and SMTP if a failure occurs during the authentication phase of a
@ -23,7 +53,8 @@ may have been fixed since this was written!
  CURLINFO_STARTTRANSFER_TIME is wrong. While using POST
  CURLINFO_STARTTRANSFER_TIME minus CURLINFO_PRETRANSFER_TIME is near to zero
  every time.
-  http://curl.haxx.se/bug/view.cgi?id=1213
+  https://github.com/curl/curl/issues/218
+  https://curl.haxx.se/bug/view.cgi?id=1213

 84. CURLINFO_SSL_VERIFYRESULT is only implemented for the OpenSSL and NSS
  backends, so relying on this information in a generic app is flaky.
@ -31,67 +62,57 @@ may have been fixed since this was written!
 82. When building with the Windows Borland compiler, it fails because the
  "tlib" tool doesn't support hyphens (minus signs) in file names and we have
  such in the build.
-  http://curl.haxx.se/bug/view.cgi?id=1222
+  https://curl.haxx.se/bug/view.cgi?id=1222

 81. When using -J (with -O), automatically resumed downloading together with
  "-C -" fails. Without -J the same command line works! This happens because
  the resume logic is worked out before the target file name (and thus its
  pre-transfer size) has been figured out!
-  http://curl.haxx.se/bug/view.cgi?id=1169
+  https://curl.haxx.se/bug/view.cgi?id=1169

 80. Curl doesn't recognize certificates in DER format in keychain, but it
  works with PEM.
-  http://curl.haxx.se/bug/view.cgi?id=1065
+  https://curl.haxx.se/bug/view.cgi?id=1065

 79. SMTP. When sending data to multiple recipients, curl will abort and return
  failure if one of the recipients indicate failure (on the "RCPT TO"
  command). Ordinary mail programs would proceed and still send to the ones
  that can receive data. This is subject for change in the future.
-  http://curl.haxx.se/bug/view.cgi?id=1116
-
-78. curl and libcurl don't always signal the client properly when "sending"
-  zero bytes files - it makes for example the command line client not creating
-  any file at all. Like when using FTP.
-  http://curl.haxx.se/bug/view.cgi?id=1063
-
-76. The SOCKET type in Win64 is 64 bits large (and thus so is curl_socket_t on
-  that platform), and long is only 32 bits. It makes it impossible for
-  curl_easy_getinfo() to return a socket properly with the CURLINFO_LASTSOCKET
-  option as for all other operating systems.
+  https://curl.haxx.se/bug/view.cgi?id=1116

 75. NTLM authentication involving unicode user name or password only works
  properly if built with UNICODE defined together with the WinSSL/schannel
  backend. The original problem was mentioned in:
-  http://curl.haxx.se/mail/lib-2009-10/0024.html
-  http://curl.haxx.se/bug/view.cgi?id=896
+  https://curl.haxx.se/mail/lib-2009-10/0024.html
+  https://curl.haxx.se/bug/view.cgi?id=896

  The WinSSL/schannel version verified to work as mentioned in
-  http://curl.haxx.se/mail/lib-2012-07/0073.html
+  https://curl.haxx.se/mail/lib-2012-07/0073.html

 73. if a connection is made to a FTP server but the server then just never
  sends the 220 response or otherwise is dead slow, libcurl will not
  acknowledge the connection timeout during that phase but only the "real"
  timeout - which may surprise users as it is probably considered to be the
  connect phase to most people. Brought up (and is being misunderstood) in:
-  http://curl.haxx.se/bug/view.cgi?id=856
+  https://curl.haxx.se/bug/view.cgi?id=856

 72. "Pausing pipeline problems."
-  http://curl.haxx.se/mail/lib-2009-07/0214.html
+  https://curl.haxx.se/mail/lib-2009-07/0214.html

 70. Problem re-using easy handle after call to curl_multi_remove_handle
-  http://curl.haxx.se/mail/lib-2009-07/0249.html
+  https://curl.haxx.se/mail/lib-2009-07/0249.html

 68. "More questions about ares behavior".
-  http://curl.haxx.se/mail/lib-2009-08/0012.html
+  https://curl.haxx.se/mail/lib-2009-08/0012.html

 67. When creating multipart formposts. The file name part can be encoded with
  something beyond ascii but currently libcurl will only pass in the verbatim
  string the app provides. There are several browsers that already do this
  encoding. The key seems to be the updated draft to RFC2231:
-  http://tools.ietf.org/html/draft-reschke-rfc2231-in-http-02
+  https://tools.ietf.org/html/draft-reschke-rfc2231-in-http-02

 66. When using telnet, the time limitation options don't work.
-  http://curl.haxx.se/bug/view.cgi?id=846
+  https://curl.haxx.se/bug/view.cgi?id=846

 65. When doing FTP over a socks proxy or CONNECT through HTTP proxy and the
  multi interface is used, libcurl will fail if the (passive) TCP connection
@ -102,27 +123,27 @@ may have been fixed since this was written!
 63. When CURLOPT_CONNECT_ONLY is used, the handle cannot reliably be re-used
  for any further requests or transfers. The work-around is then to close that
  handle with curl_easy_cleanup() and create a new. Some more details:
-  http://curl.haxx.se/mail/lib-2009-04/0300.html
+  https://curl.haxx.se/mail/lib-2009-04/0300.html

 61. If an upload using Expect: 100-continue receives an HTTP 417 response,
  it ought to be automatically resent without the Expect:.  A workaround is
  for the client application to redo the transfer after disabling Expect:.
-  http://curl.haxx.se/mail/archive-2008-02/0043.html
+  https://curl.haxx.se/mail/archive-2008-02/0043.html

 60. libcurl closes the connection if an HTTP 401 reply is received while it
  is waiting for the the 100-continue response.
-  http://curl.haxx.se/mail/lib-2008-08/0462.html
+  https://curl.haxx.se/mail/lib-2008-08/0462.html

 58. It seems sensible to be able to use CURLOPT_NOBODY and
  CURLOPT_FAILONERROR with FTP to detect if a file exists or not, but it is
-  not working: http://curl.haxx.se/mail/lib-2008-07/0295.html
+  not working: https://curl.haxx.se/mail/lib-2008-07/0295.html

 56. When libcurl sends CURLOPT_POSTQUOTE commands when connected to a SFTP
  server using the multi interface, the commands are not being sent correctly
  and instead the connection is "cancelled" (the operation is considered done)
  prematurely. There is a half-baked (busy-looping) patch provided in the bug
  report but it cannot be accepted as-is. See
-  http://curl.haxx.se/bug/view.cgi?id=748
+  https://curl.haxx.se/bug/view.cgi?id=748

 55. libcurl fails to build with MIT Kerberos for Windows (KfW) due to KfW's
  library header files exporting symbols/macros that should be kept private
@ -131,13 +152,13 @@ may have been fixed since this was written!
 52. Gautam Kachroo's issue that identifies a problem with the multi interface
  where a connection can be re-used without actually being properly
  SSL-negotiated:
-  http://curl.haxx.se/mail/lib-2008-01/0277.html
+  https://curl.haxx.se/mail/lib-2008-01/0277.html

 49. If using --retry and the transfer timeouts (possibly due to using -m or
  -y/-Y) the next attempt doesn't resume the transfer properly from what was
  downloaded in the previous attempt but will truncate and restart at the
  original position where it was at before the previous failed attempt. See
-  http://curl.haxx.se/mail/lib-2008-01/0080.html and Mandriva bug report
+  https://curl.haxx.se/mail/lib-2008-01/0080.html and Mandriva bug report
  https://qa.mandriva.com/show_bug.cgi?id=22565

 48. If a CONNECT response-headers are larger than BUFSIZE (16KB) when the
@ -146,25 +167,25 @@ may have been fixed since this was written!
  protocol code. This should be very rare.

 43. There seems to be a problem when connecting to the Microsoft telnet server.
-  http://curl.haxx.se/bug/view.cgi?id=649
+  https://curl.haxx.se/bug/view.cgi?id=649

 41. When doing an operation over FTP that requires the ACCT command (but not
  when logging in), the operation will fail since libcurl doesn't detect this
  and thus fails to issue the correct command:
-  http://curl.haxx.se/bug/view.cgi?id=635
+  https://curl.haxx.se/bug/view.cgi?id=635

 39. Steffen Rumler's Race Condition in Curl_proxyCONNECT:
-  http://curl.haxx.se/mail/lib-2007-01/0045.html
+  https://curl.haxx.se/mail/lib-2007-01/0045.html

 38. Kumar Swamy Bhatt's problem in ftp/ssl "LIST" operation:
-  http://curl.haxx.se/mail/lib-2007-01/0103.html
+  https://curl.haxx.se/mail/lib-2007-01/0103.html

 35. Both SOCKS5 and SOCKS4 proxy connections are done blocking, which is very
  bad when used with the multi interface.

 34. The SOCKS4 connection codes don't properly acknowledge (connect) timeouts.
  Also see #12. According to bug #1556528, even the SOCKS5 connect code does
-  not do it right: http://curl.haxx.se/bug/view.cgi?id=604
+  not do it right: https://curl.haxx.se/bug/view.cgi?id=604

 31. "curl-config --libs" will include details set in LDFLAGS when configure is
  run that might be needed only for building libcurl. Further, curl-config
@ -172,7 +193,7 @@ may have been fixed since this was written!

 26. NTLM authentication using SSPI (on Windows) when (lib)curl is running in
  "system context" will make it use wrong(?) user name - at least when compared
-  to what winhttp does. See http://curl.haxx.se/bug/view.cgi?id=535
+  to what winhttp does. See https://curl.haxx.se/bug/view.cgi?id=535

 23. SOCKS-related problems:
  B) libcurl doesn't support FTPS over a SOCKS proxy.
@ -218,8 +239,8 @@ may have been fixed since this was written!
 10. To get HTTP Negotiate (SPNEGO) authentication to work fine, you need to
  provide a (fake) user name (this concerns both curl and the lib) because the
  code wrongly only considers authentication if there's a user name provided.
-  http://curl.haxx.se/bug/view.cgi?id=440 How?
-  http://curl.haxx.se/mail/lib-2004-08/0182.html
+  https://curl.haxx.se/bug/view.cgi?id=440 How?
+  https://curl.haxx.se/mail/lib-2004-08/0182.html

 8. Doing resumed upload over HTTP does not work with '-C -', because curl
  doesn't do a HEAD first to get the initial size. This needs to be done
@ -235,14 +256,4 @@ may have been fixed since this was written!
 5. libcurl doesn't treat the content-length of compressed data properly, as
  it seems HTTP servers send the *uncompressed* length in that header and
  libcurl thinks of it as the *compressed* length. Some explanations are here:
-  http://curl.haxx.se/mail/lib-2003-06/0146.html
-
-2. If a HTTP server responds to a HEAD request and includes a body (thus
-  violating the RFC2616), curl won't wait to read the response but just stop
-  reading and return back. If a second request (let's assume a GET) is then
-  immediately made to the same server again, the connection will be re-used
-  fine of course, and the second request will be sent off but when the
-  response is to get read, the previous response-body is what curl will read
-  and havoc is what happens.
-  More details on this is found in this libcurl mailing list thread:
-  http://curl.haxx.se/mail/lib-2002-08/0000.html
+  https://curl.haxx.se/mail/lib-2003-06/0146.html
--- a/docs/LIBCURL-STRUCTS
+++ b/docs/LIBCURL-STRUCTS
@ -1,245 +0,0 @@
-                                  _   _ ____  _
-                              ___| | | |  _ \| |
-                             / __| | | | |_) | |
-                            | (__| |_| |  _ <| |___
-                             \___|\___/|_| \_\_____|
-
-Structs in libcurl
-
-This document should cover 7.32.0 pretty accurately, but will make sense even
-for older and later versions as things don't change drastically that often.
-
- 1. The main structs in libcurl
-  1.1 SessionHandle
-  1.2 connectdata
-  1.3 Curl_multi
-  1.4 Curl_handler
-  1.5 conncache
-  1.6 Curl_share
-  1.7 CookieInfo
-
-==============================================================================
-
-1. The main structs in libcurl
-
-  1.1 SessionHandle
-
-  The SessionHandle handle struct is the one returned to the outside in the
-  external API as a "CURL *". This is usually known as an easy handle in API
-  documentations and examples.
-
-  Information and state that is related to the actual connection is in the
-  'connectdata' struct. When a transfer is about to be made, libcurl will
-  either create a new connection or re-use an existing one. The particular
-  connectdata that is used by this handle is pointed out by
-  SessionHandle->easy_conn.
-
-  Data and information that regard this particular single transfer is put in
-  the SingleRequest sub-struct.
-
-  When the SessionHandle struct is added to a multi handle, as it must be in
-  order to do any transfer, the ->multi member will point to the Curl_multi
-  struct it belongs to. The ->prev and ->next members will then be used by the
-  multi code to keep a linked list of SessionHandle structs that are added to
-  that same multi handle. libcurl always uses multi so ->multi *will* point to
-  a Curl_multi when a transfer is in progress.
-
-  ->mstate is the multi state of this particular SessionHandle. When
-  multi_runsingle() is called, it will act on this handle according to which
-  state it is in. The mstate is also what tells which sockets to return for a
-  specific SessionHandle when curl_multi_fdset() is called etc.
-
-  The libcurl source code generally use the name 'data' for the variable that
-  points to the SessionHandle.
-
-
-  1.2 connectdata
-
-  A general idea in libcurl is to keep connections around in a connection
-  "cache" after they have been used in case they will be used again and then
-  re-use an existing one instead of creating a new as it creates a significant
-  performance boost.
-
-  Each 'connectdata' identifies a single physical connection to a server. If
-  the connection can't be kept alive, the connection will be closed after use
-  and then this struct can be removed from the cache and freed.
-
-  Thus, the same SessionHandle can be used multiple times and each time select
-  another connectdata struct to use for the connection. Keep this in mind, as
-  it is then important to consider if options or choices are based on the
-  connection or the SessionHandle.
-
-  Functions in libcurl will assume that connectdata->data points to the
-  SessionHandle that uses this connection.
-
-  As a special complexity, some protocols supported by libcurl require a
-  special disconnect procedure that is more than just shutting down the
-  socket. It can involve sending one or more commands to the server before
-  doing so. Since connections are kept in the connection cache after use, the
-  original SessionHandle may no longer be around when the time comes to shut
-  down a particular connection. For this purpose, libcurl holds a special
-  dummy 'closure_handle' SessionHandle in the Curl_multi struct to 
-
-  FTP uses two TCP connections for a typical transfer but it keeps both in
-  this single struct and thus can be considered a single connection for most
-  internal concerns.
-
-  The libcurl source code generally use the name 'conn' for the variable that
-  points to the connectdata.
-
-
-  1.3 Curl_multi
-
-  Internally, the easy interface is implemented as a wrapper around multi
-  interface functions. This makes everything multi interface.
-
-  Curl_multi is the multi handle struct exposed as "CURLM *" in external APIs.
-
-  This struct holds a list of SessionHandle structs that have been added to
-  this handle with curl_multi_add_handle(). The start of the list is ->easyp
-  and ->num_easy is a counter of added SessionHandles.
-
-  ->msglist is a linked list of messages to send back when
-  curl_multi_info_read() is called. Basically a node is added to that list
-  when an individual SessionHandle's transfer has completed.
-
-  ->hostcache points to the name cache. It is a hash table for looking up name
-  to IP. The nodes have a limited life time in there and this cache is meant
-  to reduce the time for when the same name is wanted within a short period of
-  time.
-
-  ->timetree points to a tree of SessionHandles, sorted by the remaining time
-  until it should be checked - normally some sort of timeout. Each
-  SessionHandle has one node in the tree.
-
-  ->sockhash is a hash table to allow fast lookups of socket descriptor to
-  which SessionHandle that uses that descriptor. This is necessary for the
-  multi_socket API.
-
-  ->conn_cache points to the connection cache. It keeps track of all
-  connections that are kept after use. The cache has a maximum size.
-
-  ->closure_handle is described in the 'connectdata' section.
-
-  The libcurl source code generally use the name 'multi' for the variable that
-  points to the Curl_multi struct.
-
-
-  1.4 Curl_handler
-
-  Each unique protocol that is supported by libcurl needs to provide at least
-  one Curl_handler struct. It defines what the protocol is called and what
-  functions the main code should call to deal with protocol specific issues.
-  In general, there's a source file named [protocol].c in which there's a
-  "struct Curl_handler Curl_handler_[protocol]" declared. In url.c there's
-  then the main array with all individual Curl_handler structs pointed to from
-  a single array which is scanned through when a URL is given to libcurl to
-  work with.
-
-  ->scheme is the URL scheme name, usually spelled out in uppercase. That's
-  "HTTP" or "FTP" etc. SSL versions of the protcol need its own Curl_handler
-  setup so HTTPS separate from HTTP.
-
-  ->setup_connection is called to allow the protocol code to allocate protocol
-  specific data that then gets associated with that SessionHandle for the rest
-  of this transfer. It gets freed again at the end of the transfer. It will be
-  called before the 'connectdata' for the transfer has been selected/created.
-  Most protocols will allocate its private 'struct [PROTOCOL]' here and assign
-  SessionHandle->req.protop to point to it.
-
-  ->connect_it allows a protocol to do some specific actions after the TCP
-  connect is done, that can still be considered part of the connection phase.
-
-  Some protocols will alter the connectdata->recv[] and connectdata->send[]
-  function pointers in this function.
-
-  ->connecting is similarly a function that keeps getting called as long as the
-  protocol considers itself still in the connecting phase.
-
-  ->do_it is the function called to issue the transfer request. What we call
-  the DO action internally. If the DO is not enough and things need to be kept
-  getting done for the entire DO sequence to complete, ->doing is then usually
-  also provided. Each protocol that needs to do multiple commands or similar
-  for do/doing need to implement their own state machines (see SCP, SFTP,
-  FTP). Some protocols (only FTP and only due to historical reasons) has a
-  separate piece of the DO state called DO_MORE.
-
-  ->doing keeps getting called while issuing the transfer request command(s)
-
-  ->done gets called when the transfer is complete and DONE. That's after the
-  main data has been transferred.
-
-  ->do_more gets called during the DO_MORE state. The FTP protocol uses this
-  state when setting up the second connection.
-
-  ->proto_getsock
-  ->doing_getsock
-  ->domore_getsock
-  ->perform_getsock
-  Functions that return socket information. Which socket(s) to wait for which
-  action(s) during the particular multi state.
-
-  ->disconnect is called immediately before the TCP connection is shutdown.
-
-  ->readwrite gets called during transfer to allow the protocol to do extra
-  reads/writes
-
-  ->defport is the default report TCP or UDP port this protocol uses
-
-  ->protocol is one or more bits in the CURLPROTO_* set. The SSL versions have
-  their "base" protocol set and then the SSL variation. Like "HTTP|HTTPS".
-
-  ->flags is a bitmask with additional information about the protocol that will
-  make it get treated differently by the generic engine:
-
-    PROTOPT_SSL - will make it connect and negotiate SSL
-
-    PROTOPT_DUAL - this protocol uses two connections
-
-    PROTOPT_CLOSEACTION - this protocol has actions to do before closing the
-    connection. This flag is no longer used by code, yet still set for a bunch
-    protocol handlers.
-  
-    PROTOPT_DIRLOCK - "direction lock". The SSH protocols set this bit to
-    limit which "direction" of socket actions that the main engine will
-    concern itself about.
-
-    PROTOPT_NONETWORK - a protocol that doesn't use network (read file:)
-
-    PROTOPT_NEEDSPWD - this protocol needs a password and will use a default
-    one unless one is provided
-
-    PROTOPT_NOURLQUERY - this protocol can't handle a query part on the URL
-    (?foo=bar)
-
-
-  1.5 conncache
-
-  Is a hash table with connections for later re-use. Each SessionHandle has
-  a pointer to its connection cache. Each multi handle sets up a connection
-  cache that all added SessionHandles share by default.
-
-
-  1.6 Curl_share
-  
-  The libcurl share API allocates a Curl_share struct, exposed to the external
-  API as "CURLSH *".
-
-  The idea is that the struct can have a set of own versions of caches and
-  pools and then by providing this struct in the CURLOPT_SHARE option, those
-  specific SessionHandles will use the caches/pools that this share handle
-  holds.
-
-  Then individual SessionHandle structs can be made to share specific things
-  that they otherwise wouldn't, such as cookies.
-
-  The Curl_share struct can currently hold cookies, DNS cache and the SSL
-  session cache.
-
-  
-  1.7 CookieInfo
-
-  This is the main cookie struct. It holds all known cookies and related
-  information. Each SessionHandle has its own private CookieInfo even when
-  they are added to a multi handle. They can be made to share cookies by using
-  the share API.
--- a/docs/LICENSE-MIXING
+++ b/docs/LICENSE-MIXING
@ -18,34 +18,34 @@ accompany your license with an exception[2]. This particular problem was
 addressed when the Modified BSD license was created, which does not have the
 announcement clause that collides with GPL.

-libcurl http://curl.haxx.se/docs/copyright.html
+libcurl https://curl.haxx.se/docs/copyright.html

        Uses an MIT (or Modified BSD)-style license that is as liberal as
        possible.

-OpenSSL http://www.openssl.org/source/license.html
+OpenSSL https://www.openssl.org/source/license.html

        (May be used for SSL/TLS support) Uses an Original BSD-style license
        with an announcement clause that makes it "incompatible" with GPL. You
        are not allowed to ship binaries that link with OpenSSL that includes
        GPL code (unless that specific GPL code includes an exception for
        OpenSSL - a habit that is growing more and more common). If OpenSSL's
-        licensing is a problem for you, consider using GnuTLS or yassl
-        instead.
+        licensing is a problem for you, consider using another TLS library.

 GnuTLS  http://www.gnutls.org/

        (May be used for SSL/TLS support) Uses the LGPL[3] license. If this is
-        a problem for you, consider using OpenSSL instead. Also note that
+        a problem for you, consider using another TLS library. Also note that
        GnuTLS itself depends on and uses other libs (libgcrypt and
        libgpg-error) and they too are LGPL- or GPL-licensed.

-yassl   http://www.yassl.com/
+WolfSSL   https://www.wolfssl.com/

-        (May be used for SSL/TLS support) Uses the GPL[1] license. If this is
-        a problem for you, consider using OpenSSL or GnuTLS instead.
+        (May be used for SSL/TLS support) Uses the GPL[1] license or a
+        propietary license. If this is a problem for you, consider using
+        another TLS library.

-NSS     http://www.mozilla.org/projects/security/pki/nss/
+NSS     https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS

        (May be used for SSL/TLS support) Is covered by the MPL[4] license,
        the GPL[1] license and the LGPL[3] license. You may choose to license
@ -57,13 +57,29 @@ axTLS   http://axtls.sourceforge.net/

        (May be used for SSL/TLS support) Uses a Modified BSD-style license.

-c-ares  http://daniel.haxx.se/projects/c-ares/license.html
+mbedTLS https://tls.mbed.org/
+
+        (May be used for SSL/TLS support) Uses the GPL[1] license or a
+        propietary license. If this is a problem for you, consider using
+        another TLS library.
+
+BoringSSL https://boringssl.googlesource.com/
+
+        (May be used for SSL/TLS support) As an OpenSSL fork, it has the same
+        license as that.
+
+libressl http://www.libressl.org/
+
+        (May be used for SSL/TLS support) As an OpenSSL fork, it has the same
+        license as that.
+
+c-ares  https://daniel.haxx.se/projects/c-ares/license.html

        (Used for asynchronous name resolves) Uses an MIT license that is very
        liberal and imposes no restrictions on any other library or part you
        may link with.

-zlib    http://www.gzip.org/zlib/zlib_license.html
+zlib    http://www.zlib.net/zlib_license.html

        (Used for compressed Transfer-Encoding support) Uses an MIT-style
        license that shouldn't collide with any other library.
@ -73,12 +89,12 @@ MIT Kerberos http://web.mit.edu/kerberos/www/dist/
        (May be used for GSS support) MIT licensed, that shouldn't collide
        with any other parts.

-Heimdal http://www.pdc.kth.se/heimdal/
+Heimdal http://www.h5l.org

        (May be used for GSS support) Heimdal is Original BSD licensed with
        the announcement clause.

-GNU GSS http://www.gnu.org/software/gss/
+GNU GSS https://www.gnu.org/software/gss/

        (May be used for GSS support) GNU GSS is GPL licensed. Note that you
        may not distribute binary curl packages that uses this if you build
@ -105,10 +121,10 @@ libssh2 http://www.libssh2.org/
        (Used for scp and sftp support) libssh2 uses a Modified BSD-style
        license.

-[1] = GPL - GNU General Public License: http://www.gnu.org/licenses/gpl.html
-[2] = http://www.fsf.org/licenses/gpl-faq.html#GPLIncompatibleLibs details on
+[1] = GPL - GNU General Public License: https://www.gnu.org/licenses/gpl.html
+[2] = https://www.gnu.org/licenses/gpl-faq.html#GPLIncompatibleLibs details on
      how to write such an exception to the GPL
 [3] = LGPL - GNU Lesser General Public License:
-      http://www.gnu.org/licenses/lgpl.html
+      https://www.gnu.org/licenses/lgpl.html
 [4] = MPL - Mozilla Public License:
-      http://www.mozilla.org/MPL/
+      https://www.mozilla.org/MPL/
--- a/docs/MAIL-ETIQUETTE
+++ b/docs/MAIL-ETIQUETTE
@ -33,7 +33,7 @@ MAIL ETIQUETTE
  1.1 Mailing Lists

  The mailing lists we have are all listed and described at
-  http://curl.haxx.se/mail/
+  https://curl.haxx.se/mail/

  Each mailing list is targeted to a specific set of users and subjects,
  please use the one or the ones that suit you the most.
@ -230,7 +230,7 @@ MAIL ETIQUETTE
  Quote as little as possible. Just enough to provide the context you cannot
  leave out. A lengthy description can be found here:

-      http://www.netmeister.org/news/learn2quote.html
+      https://www.netmeister.org/news/learn2quote.html

  2.7 Digest

--- a/docs/MANUAL
+++ b/docs/MANUAL
@ -3,7 +3,7 @@ LATEST VERSION
  You always find news about what's going on as well as the latest versions
  from the curl web pages, located at:

-        http://curl.haxx.se
+        https://curl.haxx.se

 SIMPLE USAGE

@ -470,8 +470,8 @@ COOKIES
  stored cookies which match the request as it follows the location.  The
  file "empty.txt" may be a nonexistent file.

-  Alas, to both read and write cookies from a netscape cookie file, you can
-  set both -b and -c to use the same file:
+  To read and write cookies from a netscape cookie file, you can set both -b
+  and -c to use the same file:

        curl -b cookies.txt -c cookies.txt www.example.com

@ -824,7 +824,7 @@ LDAP
  Working with LDAP URLs":
  http://developer.netscape.com/docs/manuals/dirsdk/csdk30/url.htm

-  RFC 2255, "The LDAP URL Format" http://curl.haxx.se/rfc/rfc2255.txt
+  RFC 2255, "The LDAP URL Format" https://curl.haxx.se/rfc/rfc2255.txt

  To show you an example, this is how I can get all people from my local LDAP
  server that has a certain sub-domain in their email address:
@ -1011,7 +1011,7 @@ MAILING LISTS

  For your convenience, we have several open mailing lists to discuss curl,
  its development and things relevant to this. Get all info at
-  http://curl.haxx.se/mail/. Some of the lists available are:
+  https://curl.haxx.se/mail/. Some of the lists available are:

  curl-users

--- a/docs/Makefile.am
+++ b/docs/Makefile.am
@ -5,11 +5,11 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
-# are also available at http://curl.haxx.se/docs/copyright.html.
+# are also available at https://curl.haxx.se/docs/copyright.html.
 #
 # You may opt to use, copy, modify, merge, publish, distribute and/or sell
 # copies of the Software, and permit persons to whom the Software is
@ -33,22 +33,22 @@ SUBDIRS = examples libcurl

 CLEANFILES = $(GENHTMLPAGES) $(PDFPAGES)

-EXTRA_DIST = MANUAL BUGS CONTRIBUTE FAQ FEATURES INTERNALS SSLCERTS	 \
- README.win32 RESOURCES TODO TheArtOfHttpScripting THANKS VERSIONS	 \
- KNOWN_BUGS BINDINGS $(man_MANS) $(HTMLPAGES) HISTORY INSTALL		 \
- $(PDFPAGES) LICENSE-MIXING README.netware DISTRO-DILEMMA INSTALL.devcpp \
- MAIL-ETIQUETTE HTTP-COOKIES LIBCURL-STRUCTS SECURITY RELEASE-PROCEDURE  \
- SSL-PROBLEMS
+EXTRA_DIST = MANUAL BUGS CONTRIBUTE FAQ FEATURES INTERNALS SSLCERTS	\
+ README.win32 RESOURCES TODO TheArtOfHttpScripting THANKS VERSIONS	\
+ KNOWN_BUGS BINDINGS $(man_MANS) $(HTMLPAGES) HISTORY INSTALL		\
+ $(PDFPAGES) LICENSE-MIXING README.netware INSTALL.devcpp		\
+ MAIL-ETIQUETTE HTTP-COOKIES SECURITY RELEASE-PROCEDURE SSL-PROBLEMS	\
+ HTTP2.md ROADMAP.md CODE_OF_CONDUCT.md CODE_STYLE.md

 MAN2HTML= roffit < $< >$@

 SUFFIXES = .1 .html .pdf

 html: $(HTMLPAGES)
-	cd libcurl; make html
+	cd libcurl && make html

 pdf: $(PDFPAGES)
-	cd libcurl; make pdf
+	cd libcurl && make pdf

 .1.html:
 	$(MAN2HTML)
--- a/docs/RELEASE-PROCEDURE
+++ b/docs/RELEASE-PROCEDURE
@ -1,9 +1,3 @@
-                                  _   _ ____  _
-                              ___| | | |  _ \| |
-                             / __| | | | |_) | |
-                            | (__| |_| |  _ <| |___
-                             \___|\___/|_| \_\_____|
-
 curl release procedure - how to do a release
 ============================================

@ -17,8 +11,8 @@ in the source code repo
 - make sure all relevant changes are committed on the master branch

 - tag the git repo in this style: `git tag -a curl-7_34_0`. -a annotates the
-  tag and we use underscores instead of dots in the version number. 
-   
+  tag and we use underscores instead of dots in the version number.
+
 - run "./maketgz 7.34.0" to build the release tarballs. It is important that
  you run this on a machine with the correct set of autotools etc installed
  as this is what then will be shipped and used by most users on *nix like
@ -84,11 +78,10 @@ Coming dates
 Based on the description above, here are some planned release dates (at the
 time of this writing):

- November 5, 2014 (version 7.39.0)
- December 31, 2014
- February 25, 2015
- April 22, 2015
- June 17, 2015
- August 12, 2015
- October 7, 2015
+- October 7, 2015 (version 7.45.0)
 - December 2, 2015
+- January 27, 2016
+- March 23, 2016
+- May 18, 2016
+- July 13, 2016
+- September 7, 2016
--- a/docs/RESOURCES
+++ b/docs/RESOURCES
@ -36,7 +36,7 @@ This document lists documents and standards used by curl.

  RFC 2109 - HTTP State Management Mechanism (cookie stuff)
           - Also, read Netscape's specification at
-             http://curl.haxx.se/rfc/cookie_spec.html
+             https://curl.haxx.se/rfc/cookie_spec.html

  RFC 2183 - The Content-Disposition Header Field

--- a/docs/ROADMAP.md
+++ b/docs/ROADMAP.md
@ -5,44 +5,94 @@ Roadmap of things Daniel Stenberg and Steve Holme want to work on next. It is
 intended to serve as a guideline for others for information, feedback and
 possible participation.

-New stuff - libcurl
+HTTP/2
+------
+
+- test suite
+
+   Base this on existing nghttp2 server to start with to make functional
+   tests. Later on we can adopt that code or work with nghttp2 to provide ways
+   to have the http2 server respond with broken responses to make sure we deal
+   with that nicely as well.
+
+   To decide: if we need to bundle parts of the nghttp2 stuff that probably
+   won't be shipped by many distros.
+
+- provide option for HTTP/2 "prior knowledge" over clear text
+
+   As it would avoid the roundtrip-heavy Upgrade: procedures when you _know_
+   it speaks HTTP/2.
+
+HTTP cookies
+------------
+
+Two cookie drafts have been adopted by the httpwg in IETF and we should
+support them as the popular browsers will as well:
+
+[Deprecate modification of 'secure' cookies from non-secure
+origins](https://tools.ietf.org/html/draft-ietf-httpbis-cookie-alone-00)
+
+[Cookie Prefixes](https://tools.ietf.org/html/draft-ietf-httpbis-cookie-prefixes-00)
+
+[Firefox bug report about secure cookies](https://bugzilla.mozilla.org/show_bug.cgi?id=976073)
+
+SRV records
+-----------
+
+How to find services for specific domains/hosts.
+
+HTTPS to proxy
+--------------
+
+To avoid network traffic to/from the proxy getting snooped on. There's a git
+branch in the public git repository for this that we need to make sure works
+for all TLS backends and then merge!
+
+curl_formadd()
+--------------
+
+make sure there's an easy handle passed in to `curl_formadd()`,
+`curl_formget()` and `curl_formfree()` by adding replacement functions and
+deprecating the old ones to allow custom mallocs and more
+
+third-party SASL
+----------------
+
+add support for third-party SASL libraries such as Cyrus SASL - may need to
+move existing native and SSPI based authentication into vsasl folder after
+reworking HTTP and SASL code
+
+SASL authentication in LDAP
+---------------------------
+
+...
+
+Simplify the SMTP email
+-----------------------
+
+Simplify the SMTP email interface so that programmers don't have to
+construct the body of an email that contains all the headers, alternative
+content, images and attachments - maintain raw interface so that
+programmers that want to do this can
+
+email capabilities
+------------------
+
+Allow the email protocols to return the capabilities before
+authenticating. This will allow an application to decide on the best
+authentication mechanism
+
+Win32 pthreads
+--------------
+
+Allow Windows threading model to be replaced by Win32 pthreads port
+
+dynamic buffer size
 -------------------

-1. HTTP/2
-
- - test suite
- - http2 multiplexing/pipelining
- - provide option for HTTP/2 "prior knowledge" over clear text
- - provide option to allow curl to default to HTTP/2 only when using HTTPS
-
-2. SRV records
-
-3. HTTPS to proxy
-
-4. make sure there's an easy handle passed in to `curl_formadd()`,
-   `curl_formget()` and `curl_formfree()` by adding replacement functions and
-   deprecating the old ones to allow custom mallocs and more
-
-5. add support for third-party SASL libraries such as Cyrus SASL - may need to
-   move existing native and SSPI based authentication into vsasl folder after
-   reworking HTTP and SASL code
-
-6. SASL authentication in LDAP
-
-7. Simplify the SMTP email interface so that programmers don't have to
-   construct the body of an email that contains all the headers, alternative
-   content, images and attachments - maintain raw interface so that
-   programmers that want to do this can
-
-8. Allow the email protocols to return the capabilities before
-    authenticating. This will allow an application to decide on the best
-    authentication mechanism
-
-9. Allow Windows threading model to be replaced by Win32 pthreads port
-
-10. Implement a dynamic buffer size to allow SFTP to use much larger buffers
-    and possibly allow the size to be customizable by applications. Use less
-    memory when handles are not in use?
+Implement a dynamic buffer size to allow SFTP to use much larger buffers and
+possibly allow the size to be customizable by applications. Use less memory
+when handles are not in use?

 New stuff - curl
 ----------------
@ -61,7 +111,7 @@ Improve

 2. curl -h output (considered overwhelming to users)

-3. we have > 160 command line options, is there a way to redo things to
+3. we have > 170 command line options, is there a way to redo things to
   simplify or improve the situation as we are likely to keep adding
   features/options in the future too

--- a/docs/SECURITY
+++ b/docs/SECURITY
@ -14,7 +14,7 @@ Publishing Information
 ----------------------

 All known and public curl or libcurl related vulnerabilities are listed on
-[the curl web site security page](http://curl.haxx.se/docs/security.html).
+[the curl web site security page](https://curl.haxx.se/docs/security.html).

 Security vulnerabilities should not be entered in the project's public bug
 tracker unless the necessary configuration is in place to limit access to the
--- a/docs/SSL-PROBLEMS
+++ b/docs/SSL-PROBLEMS
@ -26,7 +26,7 @@ CA bundle missing intermediate certificates
  problems if your CA cert does not have the certificates for the
  intermediates in the whole trust chain.

-SSL version
+Protocol version

  Some broken servers fail to support the protocol negotiation properly that
  SSL servers are supposed to handle. This may cause the connection to fail
@ -36,7 +36,9 @@ SSL version
  An additional complication can be that modern SSL libraries sometimes are
  built with support for older SSL and TLS versions disabled!

-SSL ciphers
+  All versions of SSL are considered insecure and should be avoided. Use TLS.
+
+Ciphers

  Clients give servers a list of ciphers to select from. If the list doesn't
  include any ciphers the server wants/can use, the connection handshake
@ -51,10 +53,14 @@ SSL ciphers
  Note that these weak ciphers are identified as flawed. For example, this
  includes symmetric ciphers with less than 128 bit keys and RC4.

+  WinSSL in Windows XP is not able to connect to servers that no longer
+  support the legacy handshakes and algorithms used by those versions, so we
+  advice against building curl to use WinSSL on really old Windows versions.
+
  References:

-  http://tools.ietf.org/html/draft-popov-tls-prohibiting-rc4-01
-  
+  https://tools.ietf.org/html/draft-popov-tls-prohibiting-rc4-01
+
 Allow BEAST

  BEAST is the name of a TLS 1.0 attack that surfaced 2011. When adding means
@ -65,3 +71,17 @@ Allow BEAST
  introduced. Exactly as it sounds, it re-introduces the BEAST vulnerability
  but on the other hand it allows curl to connect to that kind of strange
  servers.
+
+Disabling certificate revocation checks
+
+  Some SSL backends may do certificate revocation checks (CRL, OCSP, etc)
+  depending on the OS or build configuration. The --ssl-no-revoke option was
+  introduced in 7.44.0 to disable revocation checking but currently is only
+  supported for WinSSL (the native Windows SSL library), with an exception in
+  the case of Windows' Untrusted Publishers blacklist which it seems can't be
+  bypassed. This option may have broader support to accommodate other SSL
+  backends in the future.
+
+  References:
+
+  https://curl.haxx.se/docs/ssl-compared.html
--- a/docs/SSLCERTS
+++ b/docs/SSLCERTS
@ -20,8 +20,8 @@ support.
 It is about trust
 -----------------

-This system is about trust. In your local CA cert bundle you have certs from
-*trusted* Certificate Authorities that you then can use to verify that the
+This system is about trust. In your local CA certificate store you have certs
+from *trusted* Certificate Authorities that you then can use to verify that the
 server certificates you see are valid. They're signed by one of the CAs you
 trust.

@ -35,16 +35,16 @@ Certificate Verification
 ------------------------

 libcurl performs peer SSL certificate verification by default.  This is done
-by using CA cert bundle that the SSL library can use to make sure the peer's
-server certificate is valid.
+by using a CA certificate store that the SSL library can use to make sure the
+peer's server certificate is valid.

 If you communicate with HTTPS, FTPS or other TLS-using servers using
-certificates that are signed by CAs present in the bundle, you can be sure
+certificates that are signed by CAs present in the store, you can be sure
 that the remote server really is the one it claims to be.

 If the remote server uses a self-signed certificate, if you don't install a CA
-cert bundle, if the server uses a certificate signed by a CA that isn't
-included in the bundle you use or if the remote host is an impostor
+cert store, if the server uses a certificate signed by a CA that isn't
+included in the store you use or if the remote host is an impostor
 impersonating your favorite site, and you want to transfer files from this
 server, do one of the following:

@ -59,12 +59,22 @@ server, do one of the following:

    With the curl command line tool: --cacert [file]

- 3. Add the CA cert for your server to the existing default CA cert bundle.
-    The default path of the CA bundle used can be changed by running configure
-    with the --with-ca-bundle option pointing out the path of your choice.
+ 3. Add the CA cert for your server to the existing default CA certificate
+    store. The default CA certificate store can changed at compile time with the
+    following configure options:

-    To do this, you need to get the CA cert for your server in PEM format and
-    then append that to your CA cert bundle.
+    --with-ca-bundle=FILE: use the specified file as CA certificate store. CA
+    certificates need to be concatenated in PEM format into this file.
+
+    --with-ca-path=PATH: use the specified path as CA certificate store. CA
+    certificates need to be stored as individual PEM files in this directory.
+    You may need to run c_rehash after adding files there.
+
+    If neither of the two options is specified, configure will try to auto-detect
+    a setting. It's also possible to explicitly not hardcode any default store
+    but rely on the built in default the crypto library may provide instead.
+    You can achieve that by passing both --without-ca-bundle and
+    --without-ca-path to the configure script.

    If you use Internet Explorer, this is one way to get extract the CA cert
    for a particular server:
@ -76,7 +86,7 @@ server, do one of the following:
     - Convert it from crt to PEM using the openssl tool:
       openssl x509 -inform DES -in yourdownloaded.crt \
       -out outcert.pem -text
-     - Append the 'outcert.pem' to the CA cert bundle or use it stand-alone
+     - Add the 'outcert.pem' to the CA certificate store or use it stand-alone
       as described below.

    If you use the 'openssl' tool, this is one way to get extract the CA cert
@ -89,9 +99,9 @@ server, do one of the following:
     - If you want to see the data in the certificate, you can do: "openssl
       x509 -inform PEM -in certfile -text -out certdata" where certfile is
       the cert you extracted from logfile. Look in certdata.
-     - If you want to trust the certificate, you can append it to your
-       cert bundle or use it stand-alone as described. Just remember that the
-       security is no better than the way you obtained the certificate.
+     - If you want to trust the certificate, you can add it to your CA
+       certificate store or use it stand-alone as described. Just remember that
+       the security is no better than the way you obtained the certificate.

 4. If you're using the curl command line tool, you can specify your own CA
    cert path by setting the environment variable `CURL_CA_BUNDLE` to the path
@ -109,13 +119,13 @@ server, do one of the following:
 5. Get a better/different/newer CA cert bundle! One option is to extract the
    one a recent Firefox browser uses by running 'make ca-bundle' in the curl
    build tree root, or possibly download a version that was generated this
-    way for you: [CA Extract](http://curl.haxx.se/docs/caextract.html)
+    way for you: [CA Extract](https://curl.haxx.se/docs/caextract.html)

 Neglecting to use one of the above methods when dealing with a server using a
 certificate that isn't signed by one of the certificates in the installed CA
-cert bundle, will cause SSL to report an error ("certificate verify failed")
-during the handshake and SSL will then refuse further communication with that
-server.
+certificate store, will cause SSL to report an error ("certificate verify
+failed") during the handshake and SSL will then refuse further communication
+with that server.

 Certificate Verification with NSS
 ---------------------------------
@ -123,8 +133,8 @@ Certificate Verification with NSS
 If libcurl was built with NSS support, then depending on the OS distribution,
 it is probably required to take some additional steps to use the system-wide
 CA cert db. RedHat ships with an additional module, libnsspem.so, which
-enables NSS to read the OpenSSL PEM CA bundle. This library is missing in
-OpenSuSE, and without it, NSS can only work with its own internal formats. NSS
+enables NSS to read the OpenSSL PEM CA bundle. On openSUSE you can install
+p11-kit-nss-trust which makes NSS use the system wide CA certificate store. NSS
 also has a new [database format](https://wiki.mozilla.org/NSS_Shared_DB).

 Starting with version 7.19.7, libcurl automatically adds the 'sql:' prefix to
--- a/docs/THANKS
+++ b/docs/THANKS
@ -36,10 +36,13 @@ Alex Suykov
 Alex Vinnik
 Alex aka WindEagle
 Alexander Beedie
+Alexander Dyagilev
+Alexander Elgert
 Alexander Klauer
 Alexander Kourakos
 Alexander Krasnostavsky
 Alexander Lazic
+Alexander Pepper
 Alexander Peslyak
 Alexander Zhuravlev
 Alexey Borzov
@ -53,6 +56,7 @@ Alona Rossen
 Amol Pattekar
 Amr Shahin
 Anatoli Tubman
+Anders Bakken
 Anders Gustafsson
 Anders Havn
 Andi Jahja
@ -88,6 +92,7 @@ Andy Serpa
 Andy Tsouladze
 Angus Mackay
 Anthon Pang
+Anthony Avina
 Anthony Bryan
 Anthony G. Basile
 Antoine Calando
@ -102,6 +107,7 @@ Arnaud Ebalard
 Arthur Murray
 Arve Knudsen
 Arvid Norberg
+Ashish Shukla
 Ask Bjørn Hansen
 Askar Safin
 Ates Goral
@ -125,11 +131,15 @@ Benbuck Nason
 Benjamin Gerard
 Benjamin Gilbert
 Benjamin Johnson
+Benjamin Kircher
 Benoit Neil
 Benoit Sigoure
 Bernard Leak
+Bernard Spil
 Bernhard Reutner-Fischer
+Bert Huijben
 Bertrand Demiddelaer
+Bertrand Simonnet
 Bill Doyle
 Bill Egert
 Bill Hoffman
@ -145,6 +155,7 @@ Bob Richmond
 Bob Schader
 Bogdan Nicula
 Brad Burdick
+Brad Fitzpatrick
 Brad Harder
 Brad Hards
 Brad King
@ -155,8 +166,10 @@ Brandon Wang
 Brendan Jurd
 Brent Beardsley
 Brian Akins
+Brian Chrisman
 Brian Dessent
 Brian J. Murrell
+Brian Prodoehl
 Brian R Duffy
 Brian Ulm
 Brock Noland
@ -176,9 +189,11 @@ Catalin Patulea
 Chad Monroe
 Chandrakant Bagul
 Charles Kerr
+Charles Romestant
 Chen Prog
 Chih-Chung Chang
 Chris "Bob Bob"
+Chris Araman
 Chris Combes
 Chris Conlon
 Chris Deidun
@ -194,6 +209,7 @@ Christian Krause
 Christian Kurz
 Christian Robottom Reis
 Christian Schmitz
+Christian Stewart
 Christian Vogt
 Christian Weisgerber
 Christophe Demory
@ -207,6 +223,7 @@ Claes Jakobsson
 Clarence Gardner
 Clemens Gruber
 Clifford Wolf
+Clint Clayton
 Cody Jones
 Cody Mack
 Colby Ranger
@ -223,8 +240,10 @@ Cris Bailiff
 Cristian Rodríguez
 Curt Bogmine
 Cyrill Osterwalder
+Cédric Connes
 Cédric Deltheil
 D. Flinkmann
+Da-Yoon Chung
 Dag Ekengren
 Dagobert Michelsen
 Damian Dixon
@ -240,8 +259,15 @@ Dan Zitter
 Daniel Black
 Daniel Cater
 Daniel Egger
+Daniel Hwang
 Daniel Johnson
+Daniel Kahn Gillmor
+Daniel Lee Hwang
+Daniel Melani
 Daniel Mentz
+Daniel Schauenberg
+Daniel Seither
+Daniel Shahaf
 Daniel Steinberg
 Daniel Stenberg
 Daniel Theron
@ -255,7 +281,9 @@ Dave May
 Dave Reisner
 Dave Thompson
 Dave Vasilevsky
+Davey Shafik
 David Bau
+David Benjamin
 David Binderman
 David Blaikie
 David Byron
@ -284,6 +312,7 @@ David Woodhouse
 David Wright
 David Yan
 Dengminwen
+Denis Feklushkin
 Dennis Clarke
 Derek Higgins
 Detlef Schmier
@ -302,21 +331,25 @@ Dirk Manske
 Dmitri Shubin
 Dmitriy Sergeyev
 Dmitry Bartsevich
+Dmitry Eremin-Solenikov
 Dmitry Falko
 Dmitry Kurochkin
 Dmitry Popov
 Dmitry Rechkin
+Dmitry S. Baikov
 Dolbneff A.V
 Domenico Andreoli
 Dominick Meglio
 Dominique Leuenberger
 Doug Kaufman
 Doug Porter
+Douglas Creager
 Douglas E. Wegscheid
 Douglas Kilpatrick
 Douglas R. Horner
 Douglas Steinwand
 Dov Murik
+Drake Arconis
 Duane Cathey
 Duncan Mac-Vicar Prett
 Dustin Boswell
@ -331,10 +364,12 @@ Edward Rudd
 Edward Sheldrake
 Eelco Dolstra
 Eetu Ojanen
+Egon Eckert
 Eldar Zaitov
 Ellis Pritchard
 Elmira A Semenova
 Emanuele Bovisio
+Emil Lerner
 Emil Romanus
 Emiliano Ida
 Enrico Scholz
@ -347,12 +382,14 @@ Eric Lubin
 Eric Melville
 Eric Mertens
 Eric Rautman
+Eric Ridge
 Eric S. Raymond
 Eric Thelin
 Eric Vergnaud
 Eric Wong
 Eric Young
 Erick Nuwendam
+Erik Janssen
 Erik Johansson
 Ernest Beinrohr
 Erwan Legrand
@ -367,12 +404,15 @@ Fabian Hiernaux
 Fabian Keil
 Fabrizio Ammollo
 Fedor Karpelevitch
+Feist Josselin
 Felix Yan
 Felix von Leitner
 Feng Tu
+Flavio Medeiros
 Florian Schoppmann
 Florian Weimer
 Forrest Cahoon
+Francisco Moraes
 Frank Gevaerts
 Frank Hempel
 Frank Keeney
@ -385,6 +425,7 @@ François Charlier
 Fred Machado
 Fred New
 Fred Noz
+Fred Stluka
 Frederic Lepied
 Fredrik Thulin
 Gabriel Kuri
@ -419,9 +460,11 @@ Glen A Johnson Jr.
 Glen Nakamura
 Glen Scott
 Glenn Sheridan
+Google Inc.
 Gordon Marler
 Gorilla Maguila
 Grant Erickson
+Grant Pannell
 Greg Hewgill
 Greg Morse
 Greg Onufer
@ -434,12 +477,14 @@ Guido Berhoerster
 Guillaume Arluison
 Gunter Knauf
 Gustaf Hui
+Gustavo Grieco
 Gwenole Beauchesne
 Gökhan Şengün
 Götz Babin-Ebell
 Hamish Mackenzie
 Hang Kin Lau
 Hang Su
+Hanno Böck
 Hanno Kranzhoff
 Hans Steegers
 Hans-Jurgen May
@ -477,16 +522,20 @@ Iida Yosiaki
 Ilguiz Latypov
 Ilja van Sprundel
 Immanuel Gregoire
+Inca R
 Ingmar Runge
 Ingo Ralf Blum
 Ingo Wilken
+Isaac Boukris
 Ishan SinghLevett
 Ivo Bellin Salarin
 Jack Zhang
 Jacky Lam
 Jacob Meuser
 Jacob Moshenko
+Jactry Zeng
 Jad Chamcham
+Jaime Fullaondo
 Jakub Zakrzewski
 James Bursa
 James Cheng
@ -514,6 +563,7 @@ Jason Liu
 Jason McDonald
 Jason S. Priebe
 Javier Barroso
+Javier G. Sogo
 Jay Austin
 Jayesh A Shah
 Jaz Fresh
@ -533,10 +583,13 @@ Jeff Lawson
 Jeff Phillips
 Jeff Pohlmeyer
 Jeff Weber
+Jeffrey Walton
+Jens Rantil
 Jeremy Friesner
 Jeremy Huddleston
 Jeremy Lin
 Jeroen Koekkoek
+Jeroen Ooms
 Jerome Muffat-Meridol
 Jerome Robert
 Jerome Vouillon
@ -545,11 +598,13 @@ Jerry Wu
 Jes Badwal
 Jesper Jensen
 Jesse Noller
+Jesse Tan
 Jie He
 Jim Drash
 Jim Freeman
 Jim Hollinger
 Jim Meyering
+Jiri Dvorak
 Jiri Hruska
 Jiri Jaburek
 Jiri Malak
@ -558,6 +613,7 @@ Joe Halpin
 Joe Malicki
 Joe Mason
 Joel Chen
+Joel Depooter
 Jofell Gallardo
 Johan Anderson
 Johan Lantz
@ -565,6 +621,7 @@ Johan Nilsson
 Johan van Selst
 Johannes Bauer
 Johannes Ernst
+Johannes Schindelin
 John Bradshaw
 John Coffey
 John Crow
@ -575,9 +632,12 @@ John Gardiner Myers
 John Janssen
 John Joseph Bachir
 John Kelly
+John Kohl
 John Lask
+John Levon
 John Lightsey
 John Marino
+John Marshall
 John McGowan
 John P. McCaskey
 John Suprock
@ -593,10 +653,12 @@ Jon Torrey
 Jon Travis
 Jon Turner
 Jonas Forsman
+Jonas Minnberg
 Jonas Schnelli
 Jonatan Lander
 Jonatan Vela
 Jonathan Cardoso Machado
+Jonathan Cardoso Machado Machado
 Jonathan Hseu
 Jonathan Nieder
 Jongki Suwandi
@ -620,6 +682,7 @@ Julien Nabet
 Julien Royer
 Jun-ichiro itojun Hagino
 Jurij Smakov
+Justin Ehlert
 Justin Fletcher
 Justin Karneges
 Justin Maggard
@ -631,11 +694,13 @@ Kai Sommerfeld
 Kai-Uwe Rommel
 Kalle Vahlman
 Kamil Dudka
+Kang Lin
 Kang-Jin Lee
 Karl Moerder
 Karol Pietrzak
 Kaspar Brand
 Katie Wang
+Kazuho Oku
 Kees Cook
 Keith MacDonald
 Keith McGuigan
@ -662,6 +727,7 @@ Krishnendu Majumdar
 Krister Johansen
 Kristian Gunstone
 Kristian Köhntopp
+Kurt Fankhauser
 Kyle J. McKay
 Kyle L. Huff
 Kyle Sallee
@ -678,6 +744,7 @@ Lars Nilsson
 Lars Torben Wilson
 Lau Hang Kin
 Laurent Rabret
+Lauri Kasanen
 Legoff Vincent
 Lehel Bernadt
 Leif W
@ -693,7 +760,9 @@ Linas Vepstas
 Lindley French
 Ling Thio
 Linus Nielsen Feltzing
+Lior Kaplan
 Lisa Xu
+Liviu Chircu
 Liza Alenchery
 Lluís Batlle i Rossell
 Loic Dachary
@ -704,6 +773,8 @@ Lucas Adamski
 Lucas Pardue
 Ludek Finstrle
 Ludovico Cavedon
+Ludwig Nussel
+Lukas Ruzicka
 Lukasz Czekierda
 Luke Amery
 Luke Call
@ -714,6 +785,8 @@ Maciej Karpiuk
 Maciej Puzio
 Maciej W. Rozycki
 Maks Naumov
+Maksim Kuzevanov
+Maksim Stsepanenka
 Mamoru Tasaka
 Mandy Wu
 Manfred Schwarb
@ -747,6 +820,7 @@ Mark Salisbury
 Mark Snelling
 Mark Tully
 Markus Duft
+Markus Elfring
 Markus Koetter
 Markus Moeller
 Markus Oberhumer
@ -775,6 +849,7 @@ Matt Wixson
 Matteo Rocco
 Matthew Blain
 Matthew Clarke
+Matthew Hall
 Matthias Bolte
 Maurice Barnum
 Mauro Iorio
@ -795,17 +870,23 @@ Michael Day
 Michael Goffioul
 Michael Jahn
 Michael Jerris
+Michael Kalinin
 Michael Kaufmann
+Michael König
 Michael Mealling
 Michael Mueller
 Michael Osipov
 Michael Smith
+Michael Stapelberg
 Michael Stillwell
 Michael Wallner
 Michal Bonino
 Michal Marek
+Michał Fita
 Michał Górny
 Michał Kowalczyk
+Michał Piechowski
+Michel Promonet
 Michele Bini
 Miguel Angel
 Miguel Diaz
@ -829,12 +910,14 @@ Mitz Wark
 Mohamed Lrhazi
 Mohammad AlSaleh
 Mohun Biswas
+Mostyn Bramley-Moore
 Myk Taylor
 Nach M. S.
 Nagai H
 Nathan Coulter
 Nathan O'Sullivan
 Nathanael Nerode
+Nathaniel Waisbrot
 Naveen Chandran
 Naveen Noel
 Neil Bowers
@ -861,16 +944,22 @@ Nis Jorgensen
 Nobuhiro Ban
 Nodak Sodak
 Norbert Frese
+Norbert Kett
 Norbert Novotny
+Octavio Schroeder
 Ofer
 Ola Mork
 Olaf Flebbe
 Olaf Stüben
 Oliver Gondža
+Oliver Graute
 Oliver Kuckertz
 Oliver Schindler
 Olivier Berger
+Orange Tsai
+Oren Souroujon
 Oren Tirosh
+Orgad Shaneh
 Ori Avtalion
 Oscar Koeroo
 Oscar Norlander
@ -886,6 +975,7 @@ Patricia Muscalu
 Patrick Bihan-Faou
 Patrick McManus
 Patrick Monnerat
+Patrick Rapin
 Patrick Scott
 Patrick Smith
 Patrick Watson
@ -898,6 +988,7 @@ Paul Marks
 Paul Marquis
 Paul Moore
 Paul Nolan
+Paul Oliver
 Paul Querna
 Paul Saab
 Pavel Cenek
@ -914,6 +1005,7 @@ Peter Heuchert
 Peter Hjalmarsson
 Peter Korsgaard
 Peter Lamberg
+Peter Laser
 Peter O'Gorman
 Peter Pentchev
 Peter Silva
@ -953,12 +1045,15 @@ Quanah Gibson-Mount
 Quinn Slack
 Radu Simionescu
 Rafa Muyo
+Rafael Antonio
 Rafael Sagula
+Rafayel Mkrtchyan
 Rafaël Carré
 Rainer Canavan
 Rainer Jung
 Rainer Koenig
 Rajesh Naganathan
+Rajkumar Mandal
 Ralf S. Engelschall
 Ralph Beckmann
 Ralph Mitchell
@ -968,6 +1063,7 @@ Ravi Pratap
 Ray Dassen
 Ray Pekowski
 Ray Satiro
+Razvan Cojocaru
 Reinout van Schouwen
 Remi Gacogne
 Renato Botelho
@ -988,10 +1084,12 @@ Richard Bramante
 Richard Clayton
 Richard Cooper
 Richard Gorton
+Richard Hosking
 Richard Michael
 Richard Moore
 Richard Prescott
 Richard Silverman
+Richard van den Berg
 Rick Jones
 Rick Richardson
 Rob Crittenden
@ -1015,6 +1113,7 @@ Robson Braga Araujo
 Rodney Simmons
 Rodric Glaser
 Rodrigo Silva
+Roger Leigh
 Roland Blom
 Roland Krikava
 Roland Zimmermann
@ -1039,6 +1138,7 @@ Salvador Dávila
 Salvatore Sorrentino
 Sam Deane
 Sam Hurst
+Sam Roth
 Sam Schanken
 Sampo Kellomaki
 Samuel Díaz García
@ -1057,18 +1157,22 @@ Scott Barrett
 Scott Cantor
 Scott Davis
 Scott McCreary
+Sean Boudreau
+Sebastian Pohlschmidt
 Sebastian Rasmussen
 Senthil Raja Velu
 Sergei Nikulov
 Sergey Tatarincev
 Sergio Ballestrero
 Seshubabu Pasam
+Seth Mos
 Sh Diao
 Shao Shuchao
 Sharad Gupta
 Shard
 Shawn Landden
 Shawn Poulson
+Shine Fan
 Shmulik Regev
 Siddhartha Prakash Jain
 Sidney San Martin
@ -1085,6 +1189,7 @@ Stadler Stephan
 Stan van de Burgt
 Stanislav Ivochkin
 Stefan Bühler
+Stefan Eissing
 Stefan Esser
 Stefan Krause
 Stefan Neis
@ -1099,6 +1204,7 @@ Stephen More
 Sterling Hughes
 Steve Green
 Steve H Truong
+Steve Havelka
 Steve Holme
 Steve Lhomme
 Steve Little
@ -1115,22 +1221,28 @@ Sune Ahlgren
 Sven Anders
 Sven Neuhaus
 Sven Wegener
+Svyatoslav Mishyn
 Symeon Paraschoudis
 Sébastien Willemijns
 T. Bharath
 T. Yamada
+TJ Saunders
 Tae Hyoung Ahn
 Taneli Vahakangas
 Tanguy Fautre
 Tatsuhiro Tsujikawa
 Temprimus
+Terri Oda
 Thomas Braun
+Thomas Glanzmann
 Thomas J. Moore
 Thomas Klausner
 Thomas L. Shinnick
 Thomas Lopatic
+Thomas Ruecker
 Thomas Schwinge
 Thomas Tonino
+Thorsten Schöning
 Tiit Pikma
 Till Maas
 Tim Ansell
@ -1141,17 +1253,19 @@ Tim Costello
 Tim Harder
 Tim Heckman
 Tim Newsome
-Tim Ruehsen
+Tim Rühsen
 Tim Sneddon
+Tim Stack
 Tim Starling
 Timo Sirainen
+Timotej Lazar
 Tinus van den Berg
 Tobias Markus
 Tobias Rundström
+Tobias Stoeckmann
 Toby Peterson
 Todd A Ouska
 Todd Kulesza
-Todd Ouska
 Todd Vierling
 Tom Benoist
 Tom Donovan
@ -1168,6 +1282,7 @@ Tomas Hoger
 Tomas Mlcoch
 Tomas Pospisek
 Tomas Szepe
+Tomas Tomecek
 Tomasz Kojm
 Tomasz Lacki
 Tommie Gannert
@ -1195,6 +1310,7 @@ Victor Snezhko
 Vijay Panghal
 Vikram Saxena
 Viktor Szakáts
+Ville Skyttä
 Vilmos Nebehaj
 Vincent Bronner
 Vincent Le Normand
@ -1209,6 +1325,7 @@ Vojtech Janota
 Vojtech Minarik
 Vojtěch Král
 Vsevolod Novikov
+W. Mark Kubacki
 Waldek Kozba
 Walter J. Mack
 Ward Willats
@ -1226,7 +1343,9 @@ Wojciech Zwiefka
 Wouter Van Rooy
 Wu Yongzheng
 Xavier Bouchoux
+Xiangbin Li
 Yaakov Selkowitz
+Yamada Yasuharu
 Yang Tse
 Yarram Sunil
 Yasuharu Yamada
@ -1247,4 +1366,5 @@ Zvi Har'El
 nk
 swalkaus at yahoo.com
 tommink[at]post.pl
+Štefan Kremeň
 Никита Дорохин
--- a/docs/THANKS-filter
+++ b/docs/THANKS-filter
@ -33,7 +33,8 @@ s/Nick Zitzmann (originally)/Nick Zitzmann/
 s/product-security at Apple//
 s/IT DOES NOT WORK//
 s/Albert Chin/Albert Chin-A-Young/
-s/Paras S/Paras Sethia/
+s/Paras S\z/Paras Sethia/
+s/Paras Sethiaethia/Paras Sethia/
 s/Дмитрий Фалько/Dmitry Falko/
 s/byte_bucket in the #curl IRC channel//
 s/Michal Górny and Anthony G. Basile//
@ -47,3 +48,8 @@ s/Rodrigo Silva (MestreLion)/Rodrigo Silva/
 s/tetetest tetetest//
 s/Jiří Hruška/Jiri Hruska/
 s/Viktor Szakats/Viktor Szakáts/
+s/Jonathan Cardoso/Jonathan Cardoso Machado/
+s/Linus Nielsen/Linus Nielsen Feltzing/
+s/Todd Ouska$/Todd A Ouska/
+s/Tim Ruehsen/Tim Rühsen/
+s/Michael Koenig/Michael König/
--- a/docs/TODO
+++ b/docs/TODO
@ -9,6 +9,11 @@
 Things to do in project cURL. Please tell us what you think, contribute and
 send us patches that improve things!

+ Be aware that these are things that we could do, or have once been considered
+ things we could do. If you want to work on any of these areas, please
+ consider bringing it up for discussions first on the mailing list so that we
+ all agree it is still a good idea for the project!
+
 All bugs documented in the KNOWN_BUGS document are subject for fixing!

 1. libcurl
@ -20,11 +25,19 @@
 1.7 Detect when called from within callbacks
 1.8 Allow SSL (HTTPS) to proxy
 1.9 Cache negative name resolves
+ 1.10 Support IDNA2008
+ 1.11 minimize dependencies with dynamicly loaded modules
+ 1.12 have form functions use CURL handle argument
+ 1.13 Add CURLOPT_MAIL_CLIENT option
+ 1.14 Typesafe curl_easy_setopt()
+ 1.15 TCP Fast Open
+ 1.16 Try to URL encode given URL

 2. libcurl - multi interface
 2.1 More non-blocking
- 2.2 Fix HTTP Pipelining for PUT
- 2.3 Better support for same name resolves
+ 2.2 Better support for same name resolves
+ 2.3 Non-blocking curl_multi_remove_handle()
+ 2.4 Split connect and authentication process

 3. Documentation
 3.1 Update date and version in man pages
@ -44,6 +57,8 @@
 5.3 Rearrange request header order
 5.4 SPDY
 5.5 auth= in URLs
+ 5.6 Refuse "downgrade" redirects
+ 5.7 More compressions

 6. TELNET
 6.1 ditch stdin
@ -54,22 +69,23 @@
 7. SMTP
 7.1 Pipelining
 7.2 Enhanced capability support
- 
+
 8. POP3
 8.1 Pipelining
 8.2 Enhanced capability support
- 
+
 9. IMAP
 9.1 Enhanced capability support
- 
+
 10. LDAP
 10.1 SASL based authentication mechanisms
- 
+
 11. SMB
 11.1 File listing support
 11.2 Honor file timestamps
 11.3 Use NTLMv2
- 
+ 11.4 Create remote directories
+
 12. New protocols
 12.1 RSYNC

@ -95,14 +111,20 @@
 16. SASL
 16.1 Other authentication mechanisms
 16.2 Add QOP support to GSSAPI authentication
- 
- 17. Client
+
+ 17. Command line tool
 17.1 sync
 17.2 glob posts
 17.3 prevent file overwriting
 17.4 simultaneous parallel transfers
 17.5 provide formpost headers
 17.6 warning when setting an option
+ 17.7 warning when sending binary output to terminal
+ 17.8 offer color-coded HTTP header output
+ 17.9 Choose the name of file in braces for complex URLs
+ 17.10 improve how curl works in a windows console window
+ 17.11 -w output to stderr
+ 17.12 keep running, read instructions from pipe/socket

 18. Build
 18.1 roffit
@ -113,6 +135,7 @@
 19.3 more protocols supported
 19.4 more platforms supported
 19.5 Add support for concurrent connections
+ 19.6 Use the RFC6265 test suite

 20. Next SONAME bump
 20.1 http-style HEAD output for FTP
@ -128,8 +151,6 @@
 21.6 remove CURLOPT_DNS_USE_GLOBAL_CACHE
 21.7 remove progress meter from libcurl
 21.8 remove 'curl_httppost' from public
- 21.9 have form functions use CURL handle argument
- 21.10 Add CURLOPT_MAIL_CLIENT option

 ==============================================================================

@ -154,7 +175,7 @@
 signal handler back into the library with a sigsetjmp, which effectively
 causes libcurl to continue running within the signal handler. This is
 non-portable and could cause problems on some platforms. A discussion on the
- problem is available at http://curl.haxx.se/mail/lib-2008-09/0197.html
+ problem is available at https://curl.haxx.se/mail/lib-2008-09/0197.html

 Also, alarm() provides timeout resolution only to the nearest second. alarm
 ought to be replaced by setitimer on systems that support it.
@ -199,7 +220,7 @@

 To prevent local users from snooping on your traffic to the proxy. Supported
 by Chrome already:
- http://www.chromium.org/developers/design-documents/secure-web-proxy
+ https://www.chromium.org/developers/design-documents/secure-web-proxy

 ...and by Firefox soon:
 https://bugzilla.mozilla.org/show_bug.cgi?id=378637
@ -209,6 +230,72 @@
 A name resolve that has failed is likely to fail when made again within a
 short period of time. Currently we only cache positive responses.

+1.10 Support IDNA2008
+
+ International Domain Names are supported in libcurl since years back, powered
+ by libidn. libidn implements IDNA2003 which has been superseded by IDNA2008.
+ libidn2 is an existing library offering support for IDNA2008.
+
+1.11 minimize dependencies with dynamicly loaded modules
+
+ We can create a system with loadable modules/plug-ins, where these modules
+ would be the ones that link to 3rd party libs. That would allow us to avoid
+ having to load ALL dependencies since only the necessary ones for this
+ app/invoke/used protocols would be necessary to load.  See
+ https://github.com/curl/curl/issues/349
+
+1.12 have form functions use CURL handle argument
+
+ curl_formadd() and curl_formget() both currently have no CURL handle
+ argument, but both can use a callback that is set in the easy handle, and
+ thus curl_formget() with callback cannot function without first having
+ curl_easy_perform() (or similar) called - which is hard to grasp and a design
+ mistake.
+
+ The curl_formadd() design can probably also be reconsidered to make it easier
+ to use and less error-prone. Probably easiest by splitting it into several
+ function calls.
+
+1.13 Add CURLOPT_MAIL_CLIENT option
+
+ Rather than use the URL to specify the mail client string to present in the
+ HELO and EHLO commands, libcurl should support a new CURLOPT specifically for
+ specifying this data as the URL is non-standard and to be honest a bit of a
+ hack ;-)
+
+ Please see the following thread for more information:
+ https://curl.haxx.se/mail/lib-2012-05/0178.html
+
+1.14 Typesafe curl_easy_setopt()
+
+ One of the most common problems in libcurl using applications is the lack of
+ type checks for curl_easy_setopt() which happens because it accepts varargs
+ and thus can take any type.
+
+ One possible solution to this is to introduce a few different versions of the
+ setopt version for the different kinds of data you can set.
+
+  curl_easy_set_num() - sets a long value
+
+  curl_easy_set_large() - sets a curl_off_t value
+
+  curl_easy_set_ptr() - sets a pointer
+
+  curl_easy_set_cb() - sets a callback PLUS its callback data
+
+1.15 TCP Fast Open
+
+ RFC 7413 defines how to include data already in the TCP SYN handshake to
+ reduce latency.
+
+1.16 Try to URL encode given URL
+
+ Given a URL that for example contains spaces, libcurl could have an option
+ that would try somewhat harder than it does now and convert spaces to %20 and
+ perhaps URL encoded byte values over 128 etc (basically do what the redirect
+ following code already does).
+
+ https://github.com/curl/curl/issues/514

 2. libcurl - multi interface

@ -226,13 +313,7 @@
 - The "DONE" operation (post transfer protocol-specific actions) for the
   protocols SFTP, SMTP, FTP. Fixing Curl_done() for this is a worthy task.

-2.2 Fix HTTP Pipelining for PUT
-
- HTTP Pipelining can be a way to greatly enhance performance for multiple
- serial requests and currently libcurl only supports that for HEAD and GET
- requests but it should also be possible for PUT.
-
-2.3 Better support for same name resolves
+2.2 Better support for same name resolves

 If a name resolve has been initiated for name NN and a second easy handle
 wants to resolve that name as well, make it wait for the first resolve to end
@ -240,6 +321,20 @@
 especially needed when adding many simultaneous handles using the same host
 name when the DNS resolver can get flooded.

+2.3 Non-blocking curl_multi_remove_handle()
+
+ The multi interface has a few API calls that assume a blocking behavior, like
+ add_handle() and remove_handle() which limits what we can do internally. The
+ multi API need to be moved even more into a single function that "drives"
+ everything in a non-blocking manner and signals when something is done. A
+ remove or add would then only ask for the action to get started and then
+ multi_perform() etc still be called until the add/remove is completed.
+
+2.4 Split connect and authentication process
+
+ The multi interface treats the authentication process as part of the connect
+ phase. As such any failures during authentication won't trigger the relevant
+ QUIT or LOGOFF for protocols such as IMAP, POP3 and SMTP.

 3. Documentation

@ -256,14 +351,14 @@
 HOST is a command for a client to tell which host name to use, to offer FTP
 servers named-based virtual hosting:

- http://tools.ietf.org/html/rfc7151
+ https://tools.ietf.org/html/rfc7151

 4.2 Alter passive/active on failure and retry

 When trying to connect passively to a server which only supports active
 connections, libcurl returns CURLE_FTP_WEIRD_PASV_REPLY and closes the
 connection. There could be a way to fallback to an active connection (and
- vice versa). http://curl.haxx.se/bug/feature.cgi?id=1754793
+ vice versa). https://curl.haxx.se/bug/feature.cgi?id=1754793

 4.3 Earlier bad letter detection

@ -300,13 +395,13 @@ This is not detailed in any FTP specification.
 5.1 Better persistency for HTTP 1.0

 "Better" support for persistent connections over HTTP 1.0
- http://curl.haxx.se/bug/feature.cgi?id=1089001
+ https://curl.haxx.se/bug/feature.cgi?id=1089001

 5.2 support FF3 sqlite cookie files

 Firefox 3 is changing from its former format to a a sqlite database instead.
 We should consider how (lib)curl can/should support this.
- http://curl.haxx.se/bug/feature.cgi?id=1871388
+ https://curl.haxx.se/bug/feature.cgi?id=1871388

 5.3 Rearrange request header order

@ -336,10 +431,26 @@ This is not detailed in any FTP specification.
 For example:

 http://test:pass;auth=NTLM@example.com would be equivalent to specifying --user
- test:pass;auth=NTLM or --user test:pass --ntlm from the command line. 
+ test:pass;auth=NTLM or --user test:pass --ntlm from the command line.

 Additionally this should be implemented for proxy base URLs as well.

+5.6 Refuse "downgrade" redirects
+
+ See https://github.com/curl/curl/issues/226
+
+ Consider a way to tell curl to refuse to "downgrade" protocol with a redirect
+ and/or possibly a bit that refuses redirect to change protocol completely.
+
+5.7 More compressions
+
+ Compression algorithms that perform better than gzip are being considered for
+ use and inclusion in existing browsers. For example 'brotli'. If servers
+ follow along it is a good reason for us to also allow users to take advantage
+ of this. The algorithm: https://github.com/google/brotli The Firefox bug:
+ https://bugzilla.mozilla.org/show_bug.cgi?id=366559
+
+
 6. TELNET

 6.1 ditch stdin
@ -412,12 +523,17 @@ be the same as/similar to FTP.

 11.2 Honor file timestamps

-The timestamp of the transfered file should reflect that of the original file.
+The timestamp of the transferred file should reflect that of the original file.

 11.3 Use NTLMv2

 Currently the SMB authentication uses NTLMv1.

+11.4 Create remote directories
+
+Support for creating remote directories when uploading a file to a directory
+that doesn't exist on the server, just like --ftp-create-dirs.
+
 12. New protocols

 12.1 RSYNC
@ -430,7 +546,7 @@ Currently the SMB authentication uses NTLMv1.
 13.1 Disable specific versions

 Provide an option that allows for disabling specific SSL versions, such as
- SSLv2 http://curl.haxx.se/bug/feature.cgi?id=1767276
+ SSLv2 https://curl.haxx.se/bug/feature.cgi?id=1767276

 13.2 Provide mutex locking API

@ -441,7 +557,7 @@ Currently the SMB authentication uses NTLMv1.
 13.3 Evaluate SSL patches

 Evaluate/apply Gertjan van Wingerde's SSL patches:
- http://curl.haxx.se/mail/lib-2004-03/0087.html
+ https://curl.haxx.se/mail/lib-2004-03/0087.html

 13.4 Cache OpenSSL contexts

@ -476,12 +592,12 @@ Currently the SMB authentication uses NTLMv1.

 DNS-Based Authentication of Named Entities (DANE) is a way to provide SSL
 keys and certs over DNS using DNSSEC as an alternative to the CA model.
- http://www.rfc-editor.org/rfc/rfc6698.txt
+ https://www.rfc-editor.org/rfc/rfc6698.txt

 An initial patch was posted by Suresh Krishnaswamy on March 7th 2013
- (http://curl.haxx.se/mail/lib-2013-03/0075.html) but it was a too simple
+ (https://curl.haxx.se/mail/lib-2013-03/0075.html) but it was a too simple
 approach. See Daniel's comments:
- http://curl.haxx.se/mail/lib-2013-03/0103.html . libunbound may be the
+ https://curl.haxx.se/mail/lib-2013-03/0103.html . libunbound may be the
 correct library to base this development on.

 14. GnuTLS
@ -506,7 +622,7 @@ Currently the SMB authentication uses NTLMv1.
 Therefore support for the existing -E/--cert and --key options should be
 implemented by supplying a custom certificate to the SChannel APIs, see:
 - Getting a Certificate for Schannel
-   http://msdn.microsoft.com/en-us/library/windows/desktop/aa375447.aspx
+   https://msdn.microsoft.com/en-us/library/windows/desktop/aa375447.aspx

 15.2 Add support for custom server certificate validation

@ -517,7 +633,7 @@ Currently the SMB authentication uses NTLMv1.
 Therefore support for the existing --cacert or --capath options should be
 implemented by supplying a custom certificate to the SChannel APIs, see:
 - Getting a Certificate for Schannel
-   http://msdn.microsoft.com/en-us/library/windows/desktop/aa375447.aspx
+   https://msdn.microsoft.com/en-us/library/windows/desktop/aa375447.aspx

 15.3 Add support for the --ciphers option

@ -528,7 +644,7 @@ Currently the SMB authentication uses NTLMv1.
 Therefore support for the existing --ciphers option should be implemented
 by mapping the OpenSSL/GnuTLS cipher suites to the SChannel APIs, see
 - Specifying Schannel Ciphers and Cipher Strengths
-   http://msdn.microsoft.com/en-us/library/windows/desktop/aa380161.aspx
+   https://msdn.microsoft.com/en-us/library/windows/desktop/aa380161.aspx

 16. SASL

@ -536,7 +652,7 @@ Currently the SMB authentication uses NTLMv1.

 Add support for other authentication mechanisms such as OLP,
 GSS-SPNEGO and others.
- 
+
 16.2 Add QOP support to GSSAPI authentication

 Currently the GSSAPI authentication only supports the default QOP of auth
@ -544,7 +660,7 @@ Currently the SMB authentication uses NTLMv1.
 with integrity protection) and auth-conf (Authentication with integrity and
 privacy protection).

-17. Client
+17. Command line tool

 17.1 sync

@ -573,7 +689,7 @@ Currently the SMB authentication uses NTLMv1.
 The client could be told to use maximum N simultaneous parallel transfers and
 then just make sure that happens. It should of course not make more than one
 connection to the same remote host. This would require the client to use the
- multi interface. http://curl.haxx.se/bug/feature.cgi?id=1558595
+ multi interface. https://curl.haxx.se/bug/feature.cgi?id=1558595

 17.5 provide formpost headers

@ -591,9 +707,54 @@ Currently the SMB authentication uses NTLMv1.

 17.6 warning when setting an option

-  Display a warning when libcurl returns an error when setting an option.
-  This can be useful to tell when support for a particular feature hasn't been
-  compiled into the library.
+ Display a warning when libcurl returns an error when setting an option.
+ This can be useful to tell when support for a particular feature hasn't been
+ compiled into the library.
+
+17.7 warning when sending binary output to terminal
+
+ Provide a way that prompts the user for confirmation before binary data is
+ sent to the terminal, much in the style 'less' does it.
+
+17.8 offer color-coded HTTP header output
+
+ By offering different color output on the header name and the header
+ contents, they could be made more readable and thus help users working on
+ HTTP services.
+
+17.9 Choose the name of file in braces for complex URLs
+
+ When using braces to download a list of URLs and you use complicated names
+ in the list of alternatives, it could be handy to allow curl to use other
+ names when saving.
+
+ Consider a way to offer that. Possibly like
+ {partURL1:name1,partURL2:name2,partURL3:name3} where the name following the
+ colon is the output name.
+
+ See https://github.com/curl/curl/issues/221
+
+17.10 improve how curl works in a windows console window
+
+ If you pull the scrollbar when transferring with curl in a Windows console
+ window, the transfer is interrupted and can get disconnected. This can
+ probably be improved. See https://github.com/curl/curl/issues/322
+
+17.11 -w output to stderr
+
+ -w is quite useful, but not to those of us who use curl without -o or -O
+ (such as for scripting through a higher level language). It would be nice to
+ have an option that is exactly like -w but sends it to stderr
+ instead. Proposed name: --write-stderr. See
+ https://github.com/curl/curl/issues/613
+
+17.12 keep running, read instructions from pipe/socket
+
+ Provide an option that makes curl not exit after the last URL (or even work
+ without a given URL), and then make it read instructions passed on a pipe or
+ over a socket to make further instructions so that a second subsequent curl
+ invoke can talk to the still running instance and ask for transfers to get
+ done, and thus maintain its connection pool, DNS cache and more.

 18. Build

@ -639,6 +800,16 @@ Currently the SMB authentication uses NTLMv1.
 and thus the wait for connections loop is never entered to receive the second
 connection.

+19.6 Use the RFC6265 test suite
+
+ A test suite made for HTTP cookies (RFC 6265) by Adam Barth is available at
+ https://github.com/abarth/http-state/tree/master/tests
+
+ It'd be really awesome if someone would write a script/setup that would run
+ curl with that test suite and detect deviances. Ideally, that would even be
+ incorporated into our regular test suite.
+
+
 20. Next SONAME bump

 20.1 http-style HEAD output for FTP
@ -743,22 +914,3 @@ Currently the SMB authentication uses NTLMv1.

 Changing them to return a private handle will benefit the implementation and
 allow us much greater freedoms while still maintaining a solid API and ABI.
-
-21.9 have form functions use CURL handle argument
-
- curl_formadd() and curl_formget() both currently have no CURL handle
- argument, but both can use a callback that is set in the easy handle, and
- thus curl_formget() with callback cannot function without first having
- curl_easy_perform() (or similar) called - which is hard to grasp and a design
- mistake.
-
-21.10 Add CURLOPT_MAIL_CLIENT option
-
- Rather than use the URL to specify the mail client string to present in the
- HELO and EHLO commands, libcurl should support a new CURLOPT specifically for
- specifying this data as the URL is non-standard and to be honest a bit of a
- hack ;-)
-
- Please see the following thread for more information:
- http://curl.haxx.se/mail/lib-2012-05/0178.html
- 
--- a/docs/TheArtOfHttpScripting
+++ b/docs/TheArtOfHttpScripting
@ -22,6 +22,8 @@ The Art Of Scripting HTTP Requests Using Curl
 3. Fetch a page
 3.1 GET
 3.2 HEAD
+ 3.3 Multiple URLs in a single command line
+ 3.4 Multiple HTTP methods in a single command line
 4. HTML forms
 4.1 Forms explained
 4.2 GET
@ -134,8 +136,8 @@ The Art Of Scripting HTTP Requests Using Curl

 The Uniform Resource Locator format is how you specify the address of a
 particular resource on the Internet. You know these, you've seen URLs like
- http://curl.haxx.se or https://yourbank.com a million times. RFC 3986 is the
- canonical spec.
+ https://curl.haxx.se or https://yourbank.com a million times. RFC 3986 is the
+ canonical spec. And yeah, the formal name is not URL, it is URI.

 2.2 Host

@ -192,7 +194,6 @@ The Art Of Scripting HTTP Requests Using Curl
 the associated response. The path is what is to the right side of the slash
 that follows the host name and possibly port number.

-
 3. Fetch a page

 3.1 GET
@ -202,7 +203,7 @@ The Art Of Scripting HTTP Requests Using Curl
 issues a GET request to the server and receives the document it asked for.
 If you issue the command line

-        curl http://curl.haxx.se
+        curl https://curl.haxx.se

 you get a web page returned in your terminal window. The entire HTML document
 that that URL holds.
@ -223,6 +224,46 @@ The Art Of Scripting HTTP Requests Using Curl
 may see a Content-Length: in the response headers, but there must not be an
 actual body in the HEAD response.

+ 3.3 Multiple URLs in a single command line
+
+ A single curl command line may involve one or many URLs. The most common case
+ is probably to just use one, but you can specify any amount of URLs. Yes
+ any. No limits. You'll then get requests repeated over and over for all the
+ given URLs.
+
+ Example, send two GETs:
+
+    curl http://url1.example.com http://url2.example.com
+
+ If you use --data to POST to the URL, using multiple URLs means that you send
+ that same POST to all the given URLs.
+
+ Example, send two POSTs:
+
+    curl --data name=curl http://url1.example.com http://url2.example.com
+
+
+ 3.4 Multiple HTTP methods in a single command line
+
+ Sometimes you need to operate on several URLs in a single command line and do
+ different HTTP methods on each. For this, you'll enjoy the --next option. It
+ is basically a separator that separates a bunch of options from the next. All
+ the URLs before --next will get the same method and will get all the POST
+ data merged into one.
+
+ When curl reaches the --next on the command line, it'll sort of reset the
+ method and the POST data and allow a new set.
+
+ Perhaps this is best shown with a few examples. To send first a HEAD and then
+ a GET:
+
+   curl -I http://example.com --next http://example.com
+
+ To first send a POST and then a GET:
+
+   curl -d score=10 http://example.com/post.cgi --next http://example.com/results.html
+
+
 4. HTML forms

 4.1 Forms explained
@ -301,6 +342,10 @@ The Art Of Scripting HTTP Requests Using Curl

        curl --data-urlencode "name=I am Daniel" http://www.example.com

+  If you repeat --data several times on the command line, curl will
+  concatenate all the given data pieces - and put a '&' symbol between each
+  data segment.
+
 4.4 File Upload POST

  Back in late 1995 they defined an additional way to post data over HTTP. It
@ -583,7 +628,13 @@ The Art Of Scripting HTTP Requests Using Curl
  More about server certificate verification and ca cert bundles can be read
  in the SSLCERTS document, available online here:

-        http://curl.haxx.se/docs/sslcerts.html
+        https://curl.haxx.se/docs/sslcerts.html
+
+  At times you may end up with your own CA cert store and then you can tell
+  curl to use that to verify the server's certificate:
+
+        curl --cacert ca-bundle.pem https://example.com/
+

 11. Custom Request Elements

@ -693,7 +744,7 @@ The Art Of Scripting HTTP Requests Using Curl

 14.1 Standards

- RFC 2616 is a must to read if you want in-depth understanding of the HTTP
+ RFC 7230 is a must to read if you want in-depth understanding of the HTTP
 protocol

 RFC 3986 explains the URL syntax
@ -704,4 +755,4 @@ The Art Of Scripting HTTP Requests Using Curl

 14.2 Sites

- http://curl.haxx.se is the home of the cURL project
+ https://curl.haxx.se is the home of the cURL project
--- a/docs/VERSIONS
+++ b/docs/VERSIONS
@ -1,22 +1,18 @@
-                                  _   _ ____  _
-                              ___| | | |  _ \| |
-                             / __| | | | |_) | |
-                            | (__| |_| |  _ <| |___
-                             \___|\___/|_| \_\_____|
-
 Version Numbers and Releases
+============================

 Curl is not only curl. Curl is also libcurl. They're actually individually
 versioned, but they mostly follow each other rather closely.

 The version numbering is always built up using the same system:

-        X.Y[.Z]
+        X.Y.Z

- Where
-   X is main version number
-   Y is release number
-   Z is patch number
+  - X is main version number
+  - Y is release number
+  - Z is patch number
+
+## Bumping numbers

 One of these numbers will get bumped in each new release. The numbers to the
 right of a bumped number will be reset to zero. If Z is zero, it may not be
@ -57,4 +53,4 @@ Version Numbers and Releases
 release. It makes comparisons with greater than and less than work.

 This number is also available as three separate defines:
- LIBCURL_VERSION_MAJOR, LIBCURL_VERSION_MINOR and LIBCURL_VERSION_PATCH.
+ `LIBCURL_VERSION_MAJOR`, `LIBCURL_VERSION_MINOR` and `LIBCURL_VERSION_PATCH`.
--- a/docs/curl-config.1
+++ b/docs/curl-config.1
@ -9,7 +9,7 @@
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
-.\" * are also available at http://curl.haxx.se/docs/copyright.html.
+.\" * are also available at https://curl.haxx.se/docs/copyright.html.
 .\" *
 .\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 .\" * copies of the Software, and permit persons to whom the Software is
--- a/docs/curl.1
+++ b/docs/curl.1
@ -5,11 +5,11 @@
 .\" *                            | (__| |_| |  _ <| |___
 .\" *                             \___|\___/|_| \_\_____|
 .\" *
-.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 .\" *
 .\" * This software is licensed as described in the file COPYING, which
 .\" * you should have received as part of this distribution. The terms
-.\" * are also available at http://curl.haxx.se/docs/copyright.html.
+.\" * are also available at https://curl.haxx.se/docs/copyright.html.
 .\" *
 .\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 .\" * copies of the Software, and permit persons to whom the Software is
@ -39,8 +39,7 @@ resume, Metalink, and more. As you will see below, the number of features will
 make your head spin!

 curl is powered by libcurl for all transfer-related features. See
-.BR libcurl (3)
-for details.
+\fIlibcurl(3)\fP for details.
 .SH URL
 The URL syntax is protocol-dependent. You'll find a detailed description in
 RFC 3986.
@ -172,10 +171,11 @@ a level of control).
 .IP "-2, --sslv2"
 (SSL) Forces curl to use SSL version 2 when negotiating with a remote SSL
 server. Sometimes curl is built without SSLv2 support. SSLv2 is widely
-considered insecure.
+considered insecure (see RFC 6176).
 .IP "-3, --sslv3"
 (SSL) Forces curl to use SSL version 3 when negotiating with a remote SSL
-server. Sometimes curl is built without SSLv3 support.
+server. Sometimes curl is built without SSLv3 support. SSLv3 is widely
+considered insecure (see RFC 7568).
 .IP "-4, --ipv4"
 This option tells curl to resolve names to IPv4 addresses only, and not for
 example try IPv6.
@ -213,16 +213,25 @@ be in the format "NAME1=VALUE1; NAME2=VALUE2".

 If no '=' symbol is used in the line, it is treated as a filename to use to
 read previously stored cookie lines from, which should be used in this session
-if they match. Using this method also activates the "cookie parser" which will
+if they match. Using this method also activates the cookie engine which will
 make curl record incoming cookies too, which may be handy if you're using this
 in combination with the \fI-L, --location\fP option. The file format of the
-file to read cookies from should be plain HTTP headers or the Netscape/Mozilla
-cookie file format.
+file to read cookies from should be plain HTTP headers (Set-Cookie style) or
+the Netscape/Mozilla cookie file format.

 The file specified with \fI-b, --cookie\fP is only used as input. No cookies
 will be written to the file. To store cookies, use the \fI-c, --cookie-jar\fP
 option.

+Exercise caution if you are using this option and multiple transfers may occur.
+If you use the NAME1=VALUE1; format, or in a file use the Set-Cookie format and
+don't specify a domain, then the cookie is sent for any domain (even after
+redirects are followed) and cannot be modified by a server-set cookie. If the
+cookie engine is enabled and a server sets a cookie of the same name then both
+will be sent on a future transfer to that server, likely not what you intended.
+To address these issues set a domain in Set-Cookie (doing that will include
+sub-domains) or use the Netscape format.
+
 If this option is used several times, the last one will be used.
 .IP "-B, --use-ascii"
 (FTP/LDAP) Enable ASCII transfer. For FTP, this can also be enforced by using
@ -254,6 +263,9 @@ won't fail or even report an error clearly. Using -v will get a warning
 displayed, but that is the only visible feedback you get about this possibly
 lethal situation.

+Since 7.43.0 cookies that were imported in the Set-Cookie format without a
+domain name are not exported by this option.
+
 If this option is used several times, the last specified file name will be
 used.
 .IP "-C, --continue-at <offset>"
@ -269,11 +281,11 @@ If this option is used several times, the last one will be used.
 .IP "--ciphers <list of ciphers>"
 (SSL) Specifies which ciphers to use in the connection. The list of ciphers
 must specify valid ciphers. Read up on SSL cipher list details on this URL:
-\fIhttp://www.openssl.org/docs/apps/ciphers.html\fP
+\fIhttps://www.openssl.org/docs/apps/ciphers.html\fP

 NSS ciphers are done differently than OpenSSL and GnuTLS. The full list of NSS
 ciphers is in the NSSCipherSuite entry at this URL:
-\fIhttp://git.fedorahosted.org/cgit/mod_nss.git/plain/docs/mod_nss.html#Directives\fP
+\fIhttps://git.fedorahosted.org/cgit/mod_nss.git/plain/docs/mod_nss.html#Directives\fP

 If this option is used several times, the last one will be used.
 .IP "--compressed"
@ -315,9 +327,10 @@ presses the submit button. This will cause curl to pass the data to the server
 using the content-type application/x-www-form-urlencoded.  Compare to
 \fI-F, --form\fP.

-\fI-d, --data\fP is the same as \fI--data-ascii\fP. To post data purely binary,
-you should instead use the \fI--data-binary\fP option. To URL-encode the value
-of a form field you may use \fI--data-urlencode\fP.
+\fI-d, --data\fP is the same as \fI--data-ascii\fP. \fI--data-raw\fP is almost
+the same but does not have a special interpretation of the @ character. To
+post data purely binary, you should instead use the \fI--data-binary\fP option.
+To URL-encode the value of a form field you may use \fI--data-urlencode\fP.

 If any of these options is used more than once on the same command line, the
 data pieces specified will be merged together with a separating
@ -329,7 +342,8 @@ read the data from, or - if you want curl to read the data from
 stdin. Multiple files can also be specified. Posting data from a file
 named 'foobar' would thus be done with \fI--data\fP @foobar. When --data is
 told to read from a file like that, carriage returns and newlines will be
-stripped out.
+stripped out. If you don't want the @ character to have a special
+interpretation use \fI--data-raw\fP instead.
 .IP "-D, --dump-header <file>"
 Write the protocol headers to the specified file.

@ -354,6 +368,10 @@ and carriage returns are preserved and conversions are never done.

 If this option is used several times, the ones following the first will append
 data as described in \fI-d, --data\fP.
+.IP "--data-raw <data>"
+(HTTP) This posts data similarly to \fI--data\fP but without the special
+interpretation of the @ character. See \fI-d, --data\fP.
+(Added in 7.43.0)
 .IP "--data-urlencode <data>"
 (HTTP) This posts data, similar to the other --data options with the exception
 that this performs URL-encoding. (Added in 7.18.0)
@ -412,6 +430,9 @@ the traditional PORT command.
 \fB--eprt\fP can be used to explicitly enable EPRT again and \fB--no-eprt\fP
 is an alias for \fB--disable-eprt\fP.

+If the server is an IPv6 host, this option will have no effect as EPRT is
+necessary then.
+
 Disabling EPRT only changes the active behavior. If you want to switch to
 passive mode you need to not use \fI-P, --ftp-port\fP or force it with
 \fI--ftp-pasv\fP.
@ -423,6 +444,9 @@ but with this option, it will not try using EPSV.
 \fB--epsv\fP can be used to explicitly enable EPSV again and \fB--no-epsv\fP
 is an alias for \fB--disable-epsv\fP.

+If the server is an IPv6 host, this option will have no effect as EPSV is
+necessary then.
+
 Disabling EPSV only changes the passive behavior. If you want to switch to
 active mode you need to use \fI-P, --ftp-port\fP.
 .IP "--dns-interface <interface>"
@ -470,10 +494,10 @@ If this option is used several times, the last one will be used.
 (SSL) Tells curl to use the specified client certificate file when getting a
 file with HTTPS, FTPS or another SSL-based protocol. The certificate must be
 in PKCS#12 format if using Secure Transport, or PEM format if using any other
-engine.  If the optional password isn't specified, it will be queried
-for on the terminal. Note that this option assumes a \&"certificate" file that
-is the private key and the private certificate concatenated! See \fI--cert\fP
-and \fI--key\fP to specify them independently.
+engine.  If the optional password isn't specified, it will be queried for on
+the terminal. Note that this option assumes a \&"certificate" file that is the
+private key and the client certificate concatenated! See \fI--cert\fP and
+\fI--key\fP to specify them independently.

 If curl is built against the NSS SSL library then this option can tell
 curl the nickname of the certificate to use within the NSS database defined
@ -505,6 +529,13 @@ after having run curl.
 (SSL) Specify the path name to the Entropy Gathering Daemon socket. The socket
 is used to seed the random engine for SSL connections. See also the
 \fI--random-file\fP option.
+.IP "--expect100-timeout <seconds>"
+(HTTP) Maximum time in seconds that you allow curl to wait for a 100-continue
+response when curl emits an Expects: 100-continue header in its request. By
+default curl will wait one second. This option accepts decimal values! When
+curl stops waiting, it will continue as if the response has been received.
+
+(Added in 7.47.0)
 .IP "--cert-type <type>"
 (SSL) Tells curl what certificate type the provided certificate is in. PEM,
 DER and ENG are recognized types.  If not specified, PEM is assumed.
@ -539,19 +570,22 @@ OpenSSL-powered curl to make SSL-connections much more efficiently than using

 If this option is set, the default capath value will be ignored, and if it is
 used several times, the last one will be used.
-.IP "--pinnedpubkey <pinned public key>"
-(SSL) Tells curl to use the specified public key file to verify the peer. The
-file must contain a single public key in PEM or DER format.
+.IP "--pinnedpubkey <pinned public key (hashes)>"
+(SSL) Tells curl to use the specified public key file (or hashes) to verify the
+peer. This can be a path to a file which contains a single public key in PEM or
+DER format, or any number of base64 encoded sha256 hashes preceded by
+\'sha256//\' and separated by \';\'

 When negotiating a TLS or SSL connection, the server sends a certificate
 indicating its identity. A public key is extracted from this certificate and
 if it does not exactly match the public key provided to this option, curl will
 abort the connection before sending or receiving any data.

-This is currently only implemented in the OpenSSL, GnuTLS and GSKit backends.
+Added in 7.39.0 for OpenSSL, GnuTLS and GSKit. Added in 7.43.0 for NSS and
+wolfSSL/CyaSSL. sha256 support added in 7.44.0 for OpenSSL,
+GnuTLS, NSS and wolfSSL/CyaSSL. Other SSL backends not supported.

 If this option is used several times, the last one will be used.
-(Added in 7.39.0)
 .IP "--cert-status"
 (SSL) Tells curl to verify the status of the server certificate by using the
 Certificate Status Request (aka. OCSP stapling) TLS extension.
@ -560,8 +594,18 @@ If this option is enabled and the server sends an invalid (e.g. expired)
 response, if the response suggests that the server certificate has been revoked,
 or no response at all is received, the verification fails.

-This is currently only implemented in the OpenSSL, GnuTLS and NSS backends.
+This is currently only implemented in the OpenSSL, GnuTLS and NSS backends.
 (Added in 7.41.0)
+.IP "--false-start"
+
+(SSL) Tells curl to use false start during the TLS handshake. False start is a
+mode where a TLS client will start sending application data before verifying
+the server's Finished message, thus saving a round trip when performing a full
+handshake.
+
+This is currently only implemented in the NSS and Secure Transport (on iOS 7.0
+or later, or OS X 10.9 or later) backends.
+(Added in 7.42.0)
 .IP "-f, --fail"
 (HTTP) Fail silently (no output at all) on server errors. This is mostly done
 to better enable scripts etc to better deal with failed attempts. In normal
@ -589,7 +633,9 @@ input:
 \fBcurl\fP -F password=@/etc/passwd www.mypasswords.com

 To read content from stdin instead of a file, use - as the filename. This goes
-for both @ and < constructs.
+for both @ and < constructs. Unfortunately it does not support reading the
+file from a named pipe or similar, as it needs the full size before the
+transfer starts.

 You can also tell curl what Content-Type to use by using 'type=', in a manner
 similar to:
@ -651,6 +697,7 @@ curl does one CWD with the full target directory and then operates on the file
 \&"normally" (like in the multicwd case). This is somewhat more standards
 compliant than 'nocwd' but without the full penalty of 'multicwd'.
 .RE
+.IP
 (Added in 7.15.1)
 .IP "--ftp-pasv"
 (FTP) Use passive mode for the data connection. Passive is the internal default
@ -755,10 +802,12 @@ This option can be used multiple times to add/replace/remove multiple headers.
 be the 128 bit MD5 checksum of the remote host's public key, curl will refuse
 the connection with the host unless the md5sums match. (Added in 7.17.1)
 .IP "--ignore-content-length"
-(HTTP)
-Ignore the Content-Length header. This is particularly useful for servers
-running Apache 1.x, which will report incorrect Content-Length for files
-larger than 2 gigabytes.
+For HTTP, Ignore the Content-Length header. This is particularly useful for
+servers running Apache 1.x, which will report incorrect Content-Length for
+files larger than 2 gigabytes.
+
+For FTP (since 7.46.0), skip the RETR command to figure out the size before
+downloading a file.
 .IP "-i, --include"
 (HTTP) Include the HTTP-header in the output. The HTTP-header includes things
 like server-name, date of the document, HTTP-version and more...
@ -785,8 +834,17 @@ cookies when they're closed down.
 server-specified Content-Disposition filename instead of extracting a filename
 from the URL.

+If the server specifies a file name and a file with that name already exists
+in the current working directory it will not be overwritten and an error will
+occur. If the server doesn't specify a file name then this option has no
+effect.
+
 There's no attempt to decode %-sequences (yet) in the provided file name, so
 this option may provide you with rather unexpected file names.
+
+\fBWARNING\fP: Exercise judicious use of this option, especially on Windows. A
+rogue server could send you the name of a DLL or other file that could possibly
+be loaded automatically by Windows or some third party software.
 .IP "-k, --insecure"
 (SSL) This option explicitly allows curl to perform "insecure" SSL connections
 and transfers. All SSL connections are attempted to be made secure by using
@ -794,7 +852,7 @@ the CA certificate bundle installed by default. This makes all connections
 considered "insecure" fail unless \fI-k, --insecure\fP is used.

 See this online resource for further details:
-\fBhttp://curl.haxx.se/docs/sslcerts.html\fP
+\fBhttps://curl.haxx.se/docs/sslcerts.html\fP
 .IP "-K, --config <config file>"
 Specify which config file to read curl arguments from. The config file is a
 text file in which command line arguments can be written which then will be
@ -821,7 +879,7 @@ Note that to be able to specify a URL in the config file, you need to specify
 it using the \fI--url\fP option, and not by simply writing the URL on its own
 line. So, it could look similar to this:

-url = "http://curl.haxx.se/docs/"
+url = "https://curl.haxx.se/docs/"

 When curl is invoked, it always (unless \fI-q\fP is used) checks for a default
 config file and uses it if found. The default config file is checked for in
@ -919,7 +977,7 @@ re-send the following request using the same unmodified method.

 You can tell curl to not change the non-GET request method to GET after a 30x
 response by using the dedicated options for that: \fI--post301\fP,
-\fI--post302\fP and \fI-post303\fP.
+\fI--post302\fP and \fI--post303\fP.
 .IP "--libcurl <file>"
 Append this option to any ordinary curl command line, and you will get a
 libcurl-using C source code written to the file that does the equivalent
@ -1043,13 +1101,10 @@ in Metalink file, hash check will fail.
 Makes curl scan the \fI.netrc\fP (\fI_netrc\fP on Windows) file in the user's
 home directory for login name and password. This is typically used for FTP on
 Unix. If used with HTTP, curl will enable user authentication. See
-.BR netrc(4)
-or
-.BR ftp(1)
-for details on the file format. Curl will not complain if that file
-doesn't have the right permissions (it should not be either world- or
-group-readable). The environment variable "HOME" is used to find the home
-directory.
+\fInetrc(5)\fP \fIftp(1)\fP for details on the file format. Curl will not
+complain if that file doesn't have the right permissions (it should not be
+either world- or group-readable). The environment variable "HOME" is used to
+find the home directory.

 A quick and very simple example of how to setup a \fI.netrc\fP to allow curl
 to FTP to the machine host.domain.com with user name \&'myself' and password
@ -1150,12 +1205,15 @@ output to be done to stdout.
 Write output to a local file named like the remote file we get. (Only the file
 part of the remote file is used, the path is cut off.)

-The remote file name to use for saving is extracted from the given URL,
-nothing else.
+The file will be saved in the current working directory. If you want the file
+saved in a different directory, make sure you change the current working
+directory before invoking curl with this option.

-Consequentially, the file will be saved in the current working directory. If
-you want the file saved in a different directory, make sure you change current
-working directory before you invoke curl with the \fB-O, --remote-name\fP flag!
+The remote file name to use for saving is extracted from the given URL, nothing
+else, and if it already exists it will be overwritten. If you want the server
+to be able to choose the file name refer to \fI-J, --remote-header-name\fP
+which can be used in addition to this option. If the server chooses a file name
+and that name already exists it will not be overwritten.

 There is no URL decoding done on the file name. If it has %20 or other URL
 encoded parts of the name, they will end up as-is as file name.
@ -1211,7 +1269,7 @@ i.e "my.host.domain" to specify the machine
 make curl pick the same IP address that is already used for the control
 connection
 .RE
-
+.IP
 If this option is used several times, the last one will be used. Disable the
 use of PORT with \fI--ftp-pasv\fP. Disable the attempt to use the EPRT command
 instead of PORT by using \fI--disable-eprt\fP. EPRT is really PORT++.
@ -1225,22 +1283,28 @@ available.
 (SSL/SSH) Passphrase for the private key

 If this option is used several times, the last one will be used.
+.IP "--path-as-is"
+Tell curl to not handle sequences of /../ or /./ in the given URL
+path. Normally curl will squash or merge them according to standards but with
+this option set you tell it not to do that.
+
+(Added in 7.42.0)
 .IP "--post301"
-(HTTP) Tells curl to respect RFC 2616/10.3.2 and not convert POST requests
+(HTTP) Tells curl to respect RFC 7230/6.4.2 and not convert POST requests
 into GET requests when following a 301 redirection. The non-RFC behaviour is
 ubiquitous in web browsers, so curl does the conversion by default to maintain
 consistency. However, a server may require a POST to remain a POST after such
 a redirection. This option is meaningful only when using \fI-L, --location\fP
 (Added in 7.17.1)
 .IP "--post302"
-(HTTP) Tells curl to respect RFC 2616/10.3.2 and not convert POST requests
+(HTTP) Tells curl to respect RFC 7230/6.4.3 and not convert POST requests
 into GET requests when following a 302 redirection. The non-RFC behaviour is
 ubiquitous in web browsers, so curl does the conversion by default to maintain
 consistency. However, a server may require a POST to remain a POST after such
 a redirection. This option is meaningful only when using \fI-L, --location\fP
 (Added in 7.19.1)
 .IP "--post303"
-(HTTP) Tells curl to respect RFC 2616/10.3.2 and not convert POST requests
+(HTTP) Tells curl to respect RFC 7230/6.4.4 and not convert POST requests
 into GET requests when following a 303 redirection. The non-RFC behaviour is
 ubiquitous in web browsers, so curl does the conversion by default to maintain
 consistency. However, a server may require a POST to remain a POST after such
@ -1287,9 +1351,40 @@ This option can be used multiple times, in which case the effect is the same
 as concatenating the protocols into one instance of the option.

 (Added in 7.20.2)
+.IP "--proto-default <protocol>"
+Tells curl to use \fIprotocol\fP for any URL missing a scheme name.
+
+Example:
+
+.RS
+.IP "--proto-default https ftp.mozilla.org"
+https://ftp.mozilla.org
+.RE
+
+An unknown or unsupported protocol causes error
+\fICURLE_UNSUPPORTED_PROTOCOL\fP.
+
+This option does not change the default proxy protocol (http).
+
+Without this option curl would make a guess based on the host, see \fI--url\fP
+for details.
+
+(Added in 7.45.0)
 .IP "--proto-redir <protocols>"
-Tells curl to use the listed protocols after a redirect. See --proto for
-how protocols are represented.
+Tells curl to use the listed protocols on redirect. See --proto for how
+protocols are represented.
+
+Example:
+
+.RS
+.IP "--proto-redir -all,http,https"
+Allow only HTTP and HTTPS on redirect.
+.RE
+
+By default curl will allow all protocols on redirect except several disabled
+for security reasons: Since 7.19.4 FILE and SCP are disabled, and since 7.40.0
+SMB and SMBS are also disabled. Specifying \fIall\fP or \fI+all\fP enables all
+protocols on redirect, including those disabled for security.

 (Added in 7.20.2)
 .IP "--proxy-anyauth"
@ -1310,6 +1405,11 @@ with a remote host. (Added in 7.17.1)
 .IP "--proxy-ntlm"
 Tells curl to use HTTP NTLM authentication when communicating with the given
 proxy. Use \fI--ntlm\fP for enabling NTLM with a remote host.
+.IP "--proxy-service-name <servicename>"
+This option allows you to change the service name for proxy negotiation.
+
+Examples: --proxy-negotiate proxy-name \fI--proxy-service-name\fP sockd would use
+sockd/proxy-name.  (Added in 7.43.0).
 .IP "--proxy1.0 <proxyhost[:port]>"
 Use the specified HTTP 1.0 proxy. If the port number is not specified, it is
 assumed at port 1080.
@ -1399,15 +1499,12 @@ specifies the last 500 bytes
 specifies the bytes from offset 9500 and forward
 .TP
 .B 0-0,-1
-specifies the first and last byte only(*)(H)
-.TP
-.B 500-700,600-799
-specifies 300 bytes from offset 500(H)
+specifies the first and last byte only(*)(HTTP)
 .TP
 .B 100-199,500-599
-specifies two separate 100-byte ranges(*)(H)
+specifies two separate 100-byte ranges(*) (HTTP)
 .RE
-
+.IP
 (*) = NOTE that this will cause the server to reply with a multipart
 response!

@ -1491,6 +1588,11 @@ terminal/stdout unless you redirect it.
 .IP "--sasl-ir"
 Enable initial response in SASL authentication.
 (Added in 7.31.0)
+.IP "--service-name <servicename>"
+This option allows you to change the service name for SPNEGO.
+
+Examples: --negotiate \fI--service-name\fP sockd would use
+sockd/server-name.  (Added in 7.43.0).
 .IP "-S, --show-error"
 When used with \fI-s\fP it makes curl show an error message if it fails.
 .IP "--ssl"
@ -1513,6 +1615,10 @@ and TLS1.0 protocols known as BEAST.  If this option isn't used, the SSL layer
 may use workarounds known to cause interoperability problems with some older
 SSL implementations. WARNING: this option loosens the SSL security, and by
 using this flag you ask for exactly that.  (Added in 7.25.0)
+.IP "--ssl-no-revoke"
+(WinSSL) This option tells curl to disable certificate revocation checks.
+WARNING: this option loosens the SSL security, and by using this flag you ask
+for exactly that.  (Added in 7.44.0)
 .IP "--socks4 <host[:port]>"
 Use the specified SOCKS4 proxy. If the port number is not specified, it is
 assumed at port 1080. (Added in 7.15.2)
@ -1624,6 +1730,14 @@ default 512 bytes will be used.
 If this option is used several times, the last one will be used.

 (Added in 7.20.0)
+.IP "--tftp-no-options"
+(TFTP) Tells curl not to send TFTP options requests.
+
+This option improves interop with some legacy servers that do not acknowledge
+or properly implement TFTP options. When this option is used
+\fI--tftp-blksize\fP is ignored.
+
+(Added in 7.48.0)
 .IP "--tlsauthtype <authtype>"
 Set TLS authentication type. Currently, the only supported option is "SRP",
 for TLS-SRP (RFC 5054). If \fI--tlsuser\fP and \fI--tlspassword\fP are
@ -1692,7 +1806,7 @@ impossible to use a colon in the user name with this option. The password can,
 still.

 When using Kerberos V5 with a Windows based server you should include the
-Windows domain name in the user name, in order for the server to succesfully
+Windows domain name in the user name, in order for the server to successfully
 obtain a Kerberos Ticket. If you don't then the initial authentication
 handshake may fail.

@ -1722,6 +1836,12 @@ If this option is used several times, the last one will be used.
 Specify a URL to fetch. This option is mostly handy when you want to specify
 URL(s) in a config file.

+If the given URL is missing a scheme name (such as "http://" or "ftp://" etc)
+then curl will make a guess based on the host. If the outermost sub-domain name
+matches DICT, FTP, IMAP, LDAP, POP3 or SMTP then that protocol will be used,
+otherwise HTTP will be used. Since 7.45.0 guessing can be disabled by setting a
+default protocol, see \fI--proto-default\fP for details.
+
 This option may be used any number of times. To control where this URL is
 written, use the \fI-o, --output\fP or the \fI-O, --remote-name\fP options.
 .IP "-v, --verbose"
@ -1866,7 +1986,7 @@ displayed with millisecond resolution.
 The URL that was fetched last. This is most meaningful if you've told curl
 to follow location: headers.
 .RE
-
+.IP
 If this option is used several times, the last one will be used.
 .IP "-x, --proxy <[protocol://][user:password@]proxyhost[:port]>"
 Use the specified proxy.
@ -1914,10 +2034,10 @@ alter the way curl behaves. So for example if you want to make a proper HEAD
 request, using -X HEAD will not suffice. You need to use the \fI-I, --head\fP
 option.

-The the method string you set with -X will be used for all requests, which if
-you for example use \fB-L, --location\fP may cause unintended side-effects
-when curl doesn't change request method according to the HTTP 30x response
-codes - and similar.
+The method string you set with -X will be used for all requests, which if you
+for example use \fB-L, --location\fP may cause unintended side-effects when
+curl doesn't change request method according to the HTTP 30x response codes -
+and similar.

 (FTP)
 Specifies a custom FTP command to use instead of LIST when doing file lists
@ -2241,7 +2361,7 @@ are meant to never change.
 Daniel Stenberg is the main author, but the whole list of contributors is
 found in the separate THANKS file.
 .SH WWW
-http://curl.haxx.se
+https://curl.haxx.se
 .SH FTP
 ftp://ftp.sunet.se/pub/www/utilities/curl/
 .SH "SEE ALSO"
--- a/docs/examples/.gitignore
+++ b/docs/examples/.gitignore
@ -73,3 +73,7 @@ smtp-vrfy
 url2file
 usercertinmem
 xmlstream
+http2-download
+http2-serverpush
+http2-upload
+imap-lsub
--- a/docs/examples/10-at-a-time.c
+++ b/docs/examples/10-at-a-time.c
@ -5,11 +5,11 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
@ -19,9 +19,10 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
-/* Example application source code using the multi interface to download many
- * files, but with a capped maximum amount of simultaneous transfers.
- *
+/* <DESC>
+ * Source code using the multi interface to download many
+ * files, with a capped maximum amount of simultaneous transfers.
+ * </DESC>
 * Written by Michael Wallner
 */

@ -126,41 +127,42 @@ int main(void)
     uses */
  curl_multi_setopt(cm, CURLMOPT_MAXCONNECTS, (long)MAX);

-  for (C = 0; C < MAX; ++C) {
+  for(C = 0; C < MAX; ++C) {
    init(cm, C);
  }

-  while (U) {
+  while(U) {
    curl_multi_perform(cm, &U);

-    if (U) {
+    if(U) {
      FD_ZERO(&R);
      FD_ZERO(&W);
      FD_ZERO(&E);

-      if (curl_multi_fdset(cm, &R, &W, &E, &M)) {
+      if(curl_multi_fdset(cm, &R, &W, &E, &M)) {
        fprintf(stderr, "E: curl_multi_fdset\n");
        return EXIT_FAILURE;
      }

-      if (curl_multi_timeout(cm, &L)) {
+      if(curl_multi_timeout(cm, &L)) {
        fprintf(stderr, "E: curl_multi_timeout\n");
        return EXIT_FAILURE;
      }
-      if (L == -1)
+      if(L == -1)
        L = 100;

-      if (M == -1) {
+      if(M == -1) {
 #ifdef WIN32
        Sleep(L);
 #else
-        sleep(L / 1000);
+        sleep((unsigned int)L / 1000);
 #endif
-      } else {
+      }
+      else {
        T.tv_sec = L/1000;
        T.tv_usec = (L%1000)*1000;

-        if (0 > select(M+1, &R, &W, &E, &T)) {
+        if(0 > select(M+1, &R, &W, &E, &T)) {
          fprintf(stderr, "E: select(%i,,,,%li): %i: %s\n",
              M+1, L, errno, strerror(errno));
          return EXIT_FAILURE;
@ -168,8 +170,8 @@ int main(void)
      }
    }

-    while ((msg = curl_multi_info_read(cm, &Q))) {
-      if (msg->msg == CURLMSG_DONE) {
+    while((msg = curl_multi_info_read(cm, &Q))) {
+      if(msg->msg == CURLMSG_DONE) {
        char *url;
        CURL *e = msg->easy_handle;
        curl_easy_getinfo(msg->easy_handle, CURLINFO_PRIVATE, &url);
@ -181,7 +183,7 @@ int main(void)
      else {
        fprintf(stderr, "E: CURLMsg (%d)\n", msg->msg);
      }
-      if (C < CNT) {
+      if(C < CNT) {
        init(cm, C++);
        U++; /* just to prevent it from remaining at 0 if there are more
                URLs to get */
--- a/docs/examples/Makefile.am
+++ b/docs/examples/Makefile.am
@ -5,11 +5,11 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
-# are also available at http://curl.haxx.se/docs/copyright.html.
+# are also available at https://curl.haxx.se/docs/copyright.html.
 #
 # You may opt to use, copy, modify, merge, publish, distribute and/or sell
 # copies of the Software, and permit persons to whom the Software is
@ -61,3 +61,6 @@ endif
 include Makefile.inc

 all: $(check_PROGRAMS)
+
+checksrc:
+	@@PERL@ $(top_srcdir)/lib/checksrc.pl -D$(top_srcdir)/docs/examples *.c
--- a/docs/examples/Makefile.example
+++ b/docs/examples/Makefile.example
@ -9,7 +9,7 @@
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
-# are also available at http://curl.haxx.se/docs/copyright.html.
+# are also available at https://curl.haxx.se/docs/copyright.html.
 #
 # You may opt to use, copy, modify, merge, publish, distribute and/or sell
 # copies of the Software, and permit persons to whom the Software is
--- a/docs/examples/Makefile.inc
+++ b/docs/examples/Makefile.inc
@ -5,11 +5,11 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
-# are also available at http://curl.haxx.se/docs/copyright.html.
+# are also available at https://curl.haxx.se/docs/copyright.html.
 #
 # You may opt to use, copy, modify, merge, publish, distribute and/or sell
 # copies of the Software, and permit persons to whom the Software is
@ -31,7 +31,8 @@ check_PROGRAMS = 10-at-a-time anyauthput cookie_interface debug fileupload \
  pop3-dele pop3-top pop3-stat pop3-noop pop3-ssl pop3-tls pop3-multi      \
  imap-list imap-lsub imap-fetch imap-store imap-append imap-examine       \
  imap-search imap-create imap-delete imap-copy imap-noop imap-ssl         \
-  imap-tls imap-multi url2file sftpget ftpsget postinmemory
+  imap-tls imap-multi url2file sftpget ftpsget postinmemory http2-download \
+  http2-upload http2-serverpush getredirect

 # These examples require external dependencies that may not be commonly
 # available on POSIX systems, so don't bother attempting to compile them here.
--- a/docs/examples/Makefile.m32
+++ b/docs/examples/Makefile.m32
@ -5,11 +5,11 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
-# are also available at http://curl.haxx.se/docs/copyright.html.
+# are also available at https://curl.haxx.se/docs/copyright.html.
 #
 # You may opt to use, copy, modify, merge, publish, distribute and/or sell
 # copies of the Software, and permit persons to whom the Software is
@ -21,7 +21,7 @@
 ###########################################################################
 #
 ## Makefile for building curl examples with MingW (GCC-3.2 or later)
-## and optionally OpenSSL (0.9.8), libssh2 (1.3), zlib (1.2.5), librtmp (2.3)
+## and optionally OpenSSL (1.0.2a), libssh2 (1.5), zlib (1.2.8), librtmp (2.4)
 ##
 ## Usage:   mingw32-make -f Makefile.m32 CFG=-feature1[-feature2][-feature3][...]
 ## Example: mingw32-make -f Makefile.m32 CFG=-zlib-ssl-spi-winidn
@ -38,23 +38,23 @@ ZLIB_PATH = ../../../zlib-1.2.8
 endif
 # Edit the path below to point to the base of your OpenSSL package.
 ifndef OPENSSL_PATH
-OPENSSL_PATH = ../../../openssl-0.9.8zc
+OPENSSL_PATH = ../../../openssl-1.0.2a
 endif
 # Edit the path below to point to the base of your LibSSH2 package.
 ifndef LIBSSH2_PATH
-LIBSSH2_PATH = ../../../libssh2-1.4.3
+LIBSSH2_PATH = ../../../libssh2-1.5.0
 endif
 # Edit the path below to point to the base of your librtmp package.
 ifndef LIBRTMP_PATH
-LIBRTMP_PATH = ../../../librtmp-2.3
+LIBRTMP_PATH = ../../../librtmp-2.4
 endif
 # Edit the path below to point to the base of your libidn package.
 ifndef LIBIDN_PATH
-LIBIDN_PATH = ../../../libidn-1.18
+LIBIDN_PATH = ../../../libidn-1.32
 endif
 # Edit the path below to point to the base of your MS IDN package.
 # Microsoft Internationalized Domain Names (IDN) Mitigation APIs 1.1
-# http://www.microsoft.com/downloads/en/details.aspx?FamilyID=ad6158d7-ddba-416a-9109-07607425a815
+# https://www.microsoft.com/en-us/download/details.aspx?id=734
 ifndef WINIDN_PATH
 WINIDN_PATH = ../../../Microsoft IDN Mitigation APIs
 endif
@ -62,6 +62,10 @@ endif
 ifndef LDAP_SDK
 LDAP_SDK = c:/novell/ndk/cldapsdk/win32
 endif
+# Edit the path below to point to the base of your nghttp2 package.
+ifndef NGHTTP2_PATH
+NGHTTP2_PATH = ../../../nghttp2-1.0.0
+endif

 PROOT = ../..

@ -72,14 +76,24 @@ endif

 # Edit the var below to set to your architecture or set environment var.
 ifndef ARCH
-ARCH = w32
+ifeq ($(findstring x86_64,$(shell $(CC) -dumpmachine)),x86_64)
+ARCH    = w64
+else
+ARCH    = w32
+endif
 endif

 CC	= $(CROSSPREFIX)gcc
 CFLAGS	= -g -O2 -Wall
 CFLAGS	+= -fno-strict-aliasing
 ifeq ($(ARCH),w64)
-CFLAGS	+= -D_AMD64_
+CFLAGS	+= -m64 -D_AMD64_
+LDFLAGS += -m64
+RCFLAGS += -F pe-x86-64
+else
+CFLAGS	+= -m32
+LDFLAGS += -m32
+RCFLAGS += -F pe-i386
 endif
 # comment LDFLAGS below to keep debug info
 LDFLAGS	= -s
@ -158,9 +172,12 @@ ifeq ($(findstring -metalink,$(CFG)),-metalink)
 METALINK = 1
 endif
 ifeq ($(findstring -winssl,$(CFG)),-winssl)
-SCHANNEL = 1
+WINSSL = 1
 SSPI = 1
 endif
+ifeq ($(findstring -nghttp2,$(CFG)),-nghttp2)
+NGHTTP2 = 1
+endif

 INCLUDES = -I. -I$(PROOT) -I$(PROOT)/include -I$(PROOT)/lib

@ -184,6 +201,10 @@ ifdef RTMP
  CFLAGS += -DUSE_LIBRTMP
  curl_LDADD += -L"$(LIBRTMP_PATH)/librtmp" -lrtmp -lwinmm
 endif
+ifdef NGHTTP2
+  CFLAGS += -DUSE_NGHTTP2
+  curl_LDADD += -L"$(NGHTTP2_PATH)/lib" -lnghttp2
+endif
 ifdef SSH2
  CFLAGS += -DUSE_LIBSSH2 -DHAVE_LIBSSH2_H
  curl_LDADD += -L"$(LIBSSH2_PATH)/win32" -lssh2
@ -204,7 +225,7 @@ ifdef SSL
  ifndef DYN
    OPENSSL_LIBS += -lgdi32 -lcrypt32
  endif
-  CFLAGS += -DUSE_SSLEAY
+  CFLAGS += -DUSE_OPENSSL
  curl_LDADD += -L"$(OPENSSL_LIBPATH)" $(OPENSSL_LIBS)
 endif
 ifdef ZLIB
@ -223,7 +244,7 @@ endif
 endif
 ifdef SSPI
  CFLAGS += -DUSE_WINDOWS_SSPI
-  ifdef SCHANNEL
+  ifdef WINSSL
    CFLAGS += -DUSE_SCHANNEL
  endif
 endif
--- a/docs/examples/Makefile.netware
+++ b/docs/examples/Makefile.netware
@ -19,12 +19,12 @@ endif

 # Edit the path below to point to the base of your OpenSSL package.
 ifndef OPENSSL_PATH
-OPENSSL_PATH = ../../../openssl-0.9.8zc
+OPENSSL_PATH = ../../../openssl-1.0.2a
 endif

 # Edit the path below to point to the base of your LibSSH2 package.
 ifndef LIBSSH2_PATH
-LIBSSH2_PATH = ../../../libssh2-1.4.3
+LIBSSH2_PATH = ../../../libssh2-1.5.0
 endif

 # Edit the path below to point to the base of your axTLS package.
@ -34,12 +34,12 @@ endif

 # Edit the path below to point to the base of your libidn package.
 ifndef LIBIDN_PATH
-LIBIDN_PATH = ../../../libidn-1.18
+LIBIDN_PATH = ../../../libidn-1.32
 endif

 # Edit the path below to point to the base of your librtmp package.
 ifndef LIBRTMP_PATH
-LIBRTMP_PATH = ../../../librtmp-2.3
+LIBRTMP_PATH = ../../../librtmp-2.4
 endif

 # Edit the path below to point to the base of your fbopenssl package.
--- a/docs/examples/README
+++ b/docs/examples/README
@ -32,51 +32,7 @@ actually torture our web site with your tests!  Thanks.

 EXAMPLES

-anyauthput.c   - HTTP PUT using "any" authentication method
-cacertinmem.c  - Use a built-in PEM certificate to retrieve a https page
-cookie_interface.c - shows usage of simple cookie interface
-curlgtk.c      - download using a GTK progress bar
-curlx.c        - getting file info from the remote cert data
-debug.c        - showing how to use the debug callback
-fileupload.c   - uploading to a file:// URL
-fopen.c        - fopen() layer that supports opening URLs and files
-ftpget.c       - simple getting a file from FTP
-ftpgetresp.c   - get the response strings from the FTP server
-ftpupload.c    - upload a file to an FTP server
-ftpuploadresume.c - resume an upload to an FTP server
-getinfo.c      - get the Content-Type from the recent transfer
-getinmemory.c  - download a file to memory only
-ghiper.c       - curl_multi_socket() using code with glib-2
-hiperfifo.c    - downloads all URLs written to the fifo, using
-                 curl_multi_socket() and libevent
-htmltidy.c     - download a document and use libtidy to parse the HTML
-htmltitle.cc   - download a HTML file and extract the <title> tag from a HTML
-                 page using libxml
-http-post.c    - HTTP POST
-httpput.c      - HTTP PUT a local file
-https.c        - simple HTTPS transfer
-imap.c         - simple IMAP transfer
-multi-app.c    - a multi-interface app
-multi-debugcallback.c - a multi-interface app using the debug callback
-multi-double.c - a multi-interface app doing two simultaneous transfers
-multi-post.c   - a multi-interface app doing a multipart formpost
-multi-single.c - a multi-interface app getting a single file
-multi-uv.c     - a multi-interface app using libuv
-multithread.c  - an example using multi-treading transferring multiple files
-opensslthreadlock.c - show how to do locking when using OpenSSL multi-threaded
-persistant.c   - request two URLs with a persistent connection
-pop3s.c        - POP3S transfer
-pop3slist.c    - POP3S LIST
-post-callback.c - send a HTTP POST using a callback
-postit2.c      - send a HTTP multipart formpost
-sampleconv.c   - showing how a program on a non-ASCII platform would invoke
-                 callbacks to do its own codeset conversions instead of using
-                 the built-in iconv functions in libcurl
-sepheaders.c   - download headers to a separate file
-simple.c       - the most simple download a URL source
-simplepost.c   - HTTP POST
-simplessl.c    - HTTPS example with certificates many options set
-synctime.c     - Sync local time by extracting date from remote HTTP servers
-url2file.c     - download a document and store it in a file
-xmlstream.c    - Stream-parse a document using the streaming Expat parser
-10-at-a-time.c - Download many files simultaneously, 10 at a time.
+Each example source code file is designed to be and work stand-alone and
+rather self-explanatory. The examples may at times lack the level of error
+checks you need in a real world, but that is then only for the sake of
+readability: to make the code smaller and easier to follow.
--- a/docs/examples/adddocsref.pl
+++ b/docs/examples/adddocsref.pl
@ -2,7 +2,7 @@

 # pass files as argument(s)

-my $docroot="http://curl.haxx.se/libcurl/c";
+my $docroot="https://curl.haxx.se/libcurl/c";

 for $f (@ARGV) {
    open(NEW, ">$f.new");
--- a/docs/examples/anyauthput.c
+++ b/docs/examples/anyauthput.c
@ -5,11 +5,11 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
@ -19,6 +19,11 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
+/* <DESC>
+ * HTTP PUT upload with authentiction using "any" method. libcurl picks the
+ * one the server supports/wants.
+ * </DESC>
+ */
 #include <stdio.h>
 #include <fcntl.h>
 #ifdef WIN32
@ -73,7 +78,8 @@
 /* ioctl callback function */
 static curlioerr my_ioctl(CURL *handle, curliocmd cmd, void *userp)
 {
-  intptr_t fd = (intptr_t)userp;
+  int *fdp = (int *)userp;
+  int fd = *fdp;

  (void)handle; /* not used in here */

@ -95,10 +101,11 @@ static curlioerr my_ioctl(CURL *handle, curliocmd cmd, void *userp)
 /* read callback function, fread() look alike */
 static size_t read_callback(void *ptr, size_t size, size_t nmemb, void *stream)
 {
-  size_t retcode;
+  ssize_t retcode;
  curl_off_t nread;

-  intptr_t fd = (intptr_t)stream;
+  int *fdp = (int *)stream;
+  int fd = *fdp;

  retcode = read(fd, ptr, size * nmemb);

@ -114,7 +121,7 @@ int main(int argc, char **argv)
 {
  CURL *curl;
  CURLcode res;
-  intptr_t hd ;
+  int hd;
  struct stat file_info;

  char *file;
@ -127,7 +134,7 @@ int main(int argc, char **argv)
  url = argv[2];

  /* get the file size of the local file */
-  hd = open(file, O_RDONLY) ;
+  hd = open(file, O_RDONLY);
  fstat(hd, &file_info);

  /* In windows, this will init the winsock stuff */
@ -140,20 +147,20 @@ int main(int argc, char **argv)
    curl_easy_setopt(curl, CURLOPT_READFUNCTION, read_callback);

    /* which file to upload */
-    curl_easy_setopt(curl, CURLOPT_READDATA, (void*)hd);
+    curl_easy_setopt(curl, CURLOPT_READDATA, (void*)&hd);

    /* set the ioctl function */
    curl_easy_setopt(curl, CURLOPT_IOCTLFUNCTION, my_ioctl);

    /* pass the file descriptor to the ioctl callback as well */
-    curl_easy_setopt(curl, CURLOPT_IOCTLDATA, (void*)hd);
+    curl_easy_setopt(curl, CURLOPT_IOCTLDATA, (void*)&hd);

    /* enable "uploading" (which means PUT when doing HTTP) */
-    curl_easy_setopt(curl, CURLOPT_UPLOAD, 1L) ;
+    curl_easy_setopt(curl, CURLOPT_UPLOAD, 1L);

    /* specify target URL, and note that this URL should also include a file
       name, not only a directory (as you can do with GTP uploads) */
-    curl_easy_setopt(curl,CURLOPT_URL, url);
+    curl_easy_setopt(curl, CURLOPT_URL, url);

    /* and give the size of the upload, this supports large file sizes
       on systems that have general support for it */
--- a/docs/examples/asiohiper.cpp
+++ b/docs/examples/asiohiper.cpp
@ -5,11 +5,11 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 2012 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2012 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
@ -20,11 +20,11 @@
 *
 ***************************************************************************/

+/* <DESC>
+ * demonstrate the use of multi socket interface with boost::asio
+ * </DESC>
+ */
 /*
- * file: asiohiper.cpp
- * Example program to demonstrate the use of multi socket interface
- * with boost::asio
- *
 * This program is in c++ and uses boost::asio instead of libevent/libev.
 * Requires boost::asio, boost::bind and boost::system
 *
@ -48,6 +48,7 @@
 #include <curl/curl.h>
 #include <boost/asio.hpp>
 #include <boost/bind.hpp>
+#include <iostream>

 #define MSG_OUT stdout /* Send info to stdout, change to stderr if you want */

@ -378,9 +379,9 @@ static curl_socket_t opensocket(void *clientp, curlsocktype purpose,
 }

 /* CURLOPT_CLOSESOCKETFUNCTION */
-static int closesocket(void *clientp, curl_socket_t item)
+static int close_socket(void *clientp, curl_socket_t item)
 {
-  fprintf(MSG_OUT, "\nclosesocket : %d", item);
+  fprintf(MSG_OUT, "\nclose_socket : %d", item);

  std::map<curl_socket_t, boost::asio::ip::tcp::socket *>::iterator it = socket_map.find(item);

@ -427,7 +428,7 @@ static void new_conn(char *url, GlobalInfo *g)
  curl_easy_setopt(conn->easy, CURLOPT_OPENSOCKETFUNCTION, opensocket);

  /* call this function to close a socket */
-  curl_easy_setopt(conn->easy, CURLOPT_CLOSESOCKETFUNCTION, closesocket);
+  curl_easy_setopt(conn->easy, CURLOPT_CLOSESOCKETFUNCTION, close_socket);

  fprintf(MSG_OUT,
          "\nAdding easy %p to multi %p (%s)", conn->easy, g->multi, url);
@ -441,7 +442,6 @@ static void new_conn(char *url, GlobalInfo *g)
 int main(int argc, char **argv)
 {
  GlobalInfo g;
-  CURLMcode rc;

  (void)argc;
  (void)argv;
--- a/docs/examples/cacertinmem.c
+++ b/docs/examples/cacertinmem.c
@ -5,11 +5,11 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
@ -19,25 +19,19 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
-/* Example using a "in core" PEM certificate to retrieve a https page.
- * Written by Theo Borm
+/* <DESC>
+ * CA cert in memory with OpenSSL to get a HTTPS page.
+ * </DESC>
 */

-/* on a netBSD system with OPENSSL& LIBCURL installed from
- * pkgsrc (using default paths) this program can be compiled using:
- * gcc -I/usr/pkg/include -L/usr/pkg/lib -lcurl -Wl,-R/usr/pkg/lib -lssl
- * -lcrypto -lz -o curlcacerttest curlcacerttest.c
- * on other operating systems you may want to change paths to headers
- * and libraries
-*/
 #include <openssl/ssl.h>
 #include <curl/curl.h>
 #include <stdio.h>

 size_t writefunction( void *ptr, size_t size, size_t nmemb, void *stream)
 {
-  fwrite(ptr,size,nmemb,stream);
-  return(nmemb*size);
+  fwrite(ptr, size, nmemb, stream);
+  return (nmemb*size);
 }

 static CURLcode sslctx_function(CURL * curl, void * sslctx, void * parm)
@ -93,14 +87,14 @@ static CURLcode sslctx_function(CURL * curl, void * sslctx, void * parm)
   * structure that SSL can use
   */
  PEM_read_bio_X509(bio, &cert, 0, NULL);
-  if (cert == NULL)
+  if(cert == NULL)
    printf("PEM_read_bio_X509 failed...\n");

  /* get a pointer to the X509 certificate store (which may be empty!) */
  store=SSL_CTX_get_cert_store((SSL_CTX *)sslctx);

  /* add our certificate to this store */
-  if (X509_STORE_add_cert(store, cert)==0)
+  if(X509_STORE_add_cert(store, cert)==0)
    printf("error adding certificate\n");

  /* decrease reference counts */
@ -108,7 +102,7 @@ static CURLcode sslctx_function(CURL * curl, void * sslctx, void * parm)
  BIO_free(bio);

  /* all set to go */
-  return CURLE_OK ;
+  return CURLE_OK;
 }

 int main(void)
@ -118,22 +112,22 @@ int main(void)

  rv=curl_global_init(CURL_GLOBAL_ALL);
  ch=curl_easy_init();
-  rv=curl_easy_setopt(ch,CURLOPT_VERBOSE, 0L);
-  rv=curl_easy_setopt(ch,CURLOPT_HEADER, 0L);
-  rv=curl_easy_setopt(ch,CURLOPT_NOPROGRESS, 1L);
-  rv=curl_easy_setopt(ch,CURLOPT_NOSIGNAL, 1L);
-  rv=curl_easy_setopt(ch,CURLOPT_WRITEFUNCTION, *writefunction);
-  rv=curl_easy_setopt(ch,CURLOPT_WRITEDATA, stdout);
-  rv=curl_easy_setopt(ch,CURLOPT_HEADERFUNCTION, *writefunction);
-  rv=curl_easy_setopt(ch,CURLOPT_HEADERDATA, stderr);
-  rv=curl_easy_setopt(ch,CURLOPT_SSLCERTTYPE,"PEM");
-  rv=curl_easy_setopt(ch,CURLOPT_SSL_VERIFYPEER,1L);
+  rv=curl_easy_setopt(ch, CURLOPT_VERBOSE, 0L);
+  rv=curl_easy_setopt(ch, CURLOPT_HEADER, 0L);
+  rv=curl_easy_setopt(ch, CURLOPT_NOPROGRESS, 1L);
+  rv=curl_easy_setopt(ch, CURLOPT_NOSIGNAL, 1L);
+  rv=curl_easy_setopt(ch, CURLOPT_WRITEFUNCTION, *writefunction);
+  rv=curl_easy_setopt(ch, CURLOPT_WRITEDATA, stdout);
+  rv=curl_easy_setopt(ch, CURLOPT_HEADERFUNCTION, *writefunction);
+  rv=curl_easy_setopt(ch, CURLOPT_HEADERDATA, stderr);
+  rv=curl_easy_setopt(ch, CURLOPT_SSLCERTTYPE, "PEM");
+  rv=curl_easy_setopt(ch, CURLOPT_SSL_VERIFYPEER, 1L);
  rv=curl_easy_setopt(ch, CURLOPT_URL, "https://www.example.com/");

  /* first try: retrieve page without cacerts' certificate -> will fail
   */
  rv=curl_easy_perform(ch);
-  if (rv==CURLE_OK)
+  if(rv==CURLE_OK)
    printf("*** transfer succeeded ***\n");
  else
    printf("*** transfer failed ***\n");
@ -142,9 +136,9 @@ int main(void)
   * load the certificate by installing a function doing the nescessary
   * "modifications" to the SSL CONTEXT just before link init
   */
-  rv=curl_easy_setopt(ch,CURLOPT_SSL_CTX_FUNCTION, *sslctx_function);
+  rv=curl_easy_setopt(ch, CURLOPT_SSL_CTX_FUNCTION, *sslctx_function);
  rv=curl_easy_perform(ch);
-  if (rv==CURLE_OK)
+  if(rv==CURLE_OK)
    printf("*** transfer succeeded ***\n");
  else
    printf("*** transfer failed ***\n");
--- a/docs/examples/certinfo.c
+++ b/docs/examples/certinfo.c
@ -5,11 +5,11 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
@ -19,6 +19,10 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
+/* <DESC>
+ * Extract lots of TLS certificate info.
+ * </DESC>
+ */
 #include <stdio.h>

 #include <curl/curl.h>
--- a/docs/examples/chkspeed.c
+++ b/docs/examples/chkspeed.c
@ -5,11 +5,11 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
@ -19,6 +19,10 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
+/* <DESC>
+ * Show transfer timing info after download completes.
+ * </DESC>
+ */
 /* Example source code to show how the callback function can be used to
 * download data into a chunk of memory instead of storing it in a file.
 * After successful download we use curl_easy_getinfo() calls to get the
@ -64,63 +68,78 @@ int main(int argc, char *argv[])
  const char *url = URL_1M;
  char *appname = argv[0];

-  if (argc > 1) {
+  if(argc > 1) {
    /* parse input parameters */
-    for (argc--, argv++; *argv; argc--, argv++) {
-      if (strncasecmp(*argv, "-", 1) == 0) {
-        if (strncasecmp(*argv, "-H", 2) == 0) {
+    for(argc--, argv++; *argv; argc--, argv++) {
+      if(strncasecmp(*argv, "-", 1) == 0) {
+        if(strncasecmp(*argv, "-H", 2) == 0) {
          fprintf(stderr,
                  "\rUsage: %s [-m=1|2|5|10|20|50|100] [-t] [-x] [url]\n",
                  appname);
          exit(1);
-        } else if (strncasecmp(*argv, "-V", 2) == 0) {
+        }
+        else if(strncasecmp(*argv, "-V", 2) == 0) {
          fprintf(stderr, "\r%s %s - %s\n",
                  appname, CHKSPEED_VERSION, curl_version());
          exit(1);
-        } else if (strncasecmp(*argv, "-A", 2) == 0) {
+        }
+        else if(strncasecmp(*argv, "-A", 2) == 0) {
          prtall = 1;
-        } else if (strncasecmp(*argv, "-X", 2) == 0) {
+        }
+        else if(strncasecmp(*argv, "-X", 2) == 0) {
          prtsep = 1;
-        } else if (strncasecmp(*argv, "-T", 2) == 0) {
+        }
+        else if(strncasecmp(*argv, "-T", 2) == 0) {
          prttime = 1;
-        } else if (strncasecmp(*argv, "-M=", 3) == 0) {
+        }
+        else if(strncasecmp(*argv, "-M=", 3) == 0) {
          long m = strtol((*argv)+3, NULL, 10);
          switch(m) {
-            case   1: url = URL_1M;
-                      break;
-            case   2: url = URL_2M;
-                      break;
-            case   5: url = URL_5M;
-                      break;
-            case  10: url = URL_10M;
-                      break;
-            case  20: url = URL_20M;
-                      break;
-            case  50: url = URL_50M;
-                      break;
-            case 100: url = URL_100M;
-                      break;
-            default:  fprintf(stderr, "\r%s: invalid parameter %s\n",
-                              appname, *argv + 3);
-                      exit(1);
+          case 1:
+            url = URL_1M;
+            break;
+          case 2:
+            url = URL_2M;
+            break;
+          case 5:
+            url = URL_5M;
+            break;
+          case 10:
+            url = URL_10M;
+            break;
+          case 20:
+            url = URL_20M;
+            break;
+          case 50:
+            url = URL_50M;
+            break;
+          case 100:
+            url = URL_100M;
+            break;
+          default:
+            fprintf(stderr, "\r%s: invalid parameter %s\n",
+                    appname, *argv + 3);
+            exit(1);
          }
-        } else {
+        }
+        else {
          fprintf(stderr, "\r%s: invalid or unknown option %s\n",
                  appname, *argv);
          exit(1);
        }
-      } else {
+      }
+      else {
        url = *argv;
      }
    }
  }

  /* print separator line */
-  if (prtsep) {
+  if(prtsep) {
    printf("-------------------------------------------------\n");
  }
  /* print localtime */
-  if (prttime) {
+  if(prttime) {
    time_t t = time(NULL);
    printf("Localtime: %s", ctime(&t));
  }
@ -163,7 +182,7 @@ int main(int argc, char *argv[])
    if((CURLE_OK == res) && (val>0))
      printf("Average download speed: %0.3f kbyte/sec.\n", val / 1024);

-    if (prtall) {
+    if(prtall) {
      /* check for name resolution time */
      res = curl_easy_getinfo(curl_handle, CURLINFO_NAMELOOKUP_TIME, &val);
      if((CURLE_OK == res) && (val>0))
@ -174,8 +193,8 @@ int main(int argc, char *argv[])
      if((CURLE_OK == res) && (val>0))
        printf("Connect time: %0.3f sec.\n", val);
    }
-
-  } else {
+  }
+  else {
    fprintf(stderr, "Error while fetching '%s' : %s\n",
            url, curl_easy_strerror(res));
  }
--- a/docs/examples/cookie_interface.c
+++ b/docs/examples/cookie_interface.c
@ -5,11 +5,11 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
@ -19,7 +19,10 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
-/* This example shows usage of simple cookie interface. */
+/* <DESC>
+ * Import and export cookies with COOKIELIST.
+ * </DESC>
+ */

 #include <stdio.h>
 #include <string.h>
@ -39,17 +42,18 @@ print_cookies(CURL *curl)

  printf("Cookies, curl knows:\n");
  res = curl_easy_getinfo(curl, CURLINFO_COOKIELIST, &cookies);
-  if (res != CURLE_OK) {
-    fprintf(stderr, "Curl curl_easy_getinfo failed: %s\n", curl_easy_strerror(res));
+  if(res != CURLE_OK) {
+    fprintf(stderr, "Curl curl_easy_getinfo failed: %s\n",
+            curl_easy_strerror(res));
    exit(1);
  }
  nc = cookies, i = 1;
-  while (nc) {
+  while(nc) {
    printf("[%d]: %s\n", i, nc->data);
    nc = nc->next;
    i++;
  }
-  if (i == 1) {
+  if(i == 1) {
    printf("(none)\n");
  }
  curl_slist_free_all(cookies);
@ -63,14 +67,14 @@ main(void)

  curl_global_init(CURL_GLOBAL_ALL);
  curl = curl_easy_init();
-  if (curl) {
+  if(curl) {
    char nline[256];

    curl_easy_setopt(curl, CURLOPT_URL, "http://www.example.com/");
    curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
-    curl_easy_setopt(curl, CURLOPT_COOKIEFILE, ""); /* just to start the cookie engine */
+    curl_easy_setopt(curl, CURLOPT_COOKIEFILE, ""); /* start cookie engine */
    res = curl_easy_perform(curl);
-    if (res != CURLE_OK) {
+    if(res != CURLE_OK) {
      fprintf(stderr, "Curl perform failed: %s\n", curl_easy_strerror(res));
      return 1;
    }
@ -89,30 +93,41 @@ main(void)
 #endif
    /* Netscape format cookie */
    snprintf(nline, sizeof(nline), "%s\t%s\t%s\t%s\t%lu\t%s\t%s",
-      ".google.com", "TRUE", "/", "FALSE", (unsigned long)time(NULL) + 31337UL, "PREF", "hello google, i like you very much!");
+             ".google.com", "TRUE", "/", "FALSE",
+             (unsigned long)time(NULL) + 31337UL,
+             "PREF", "hello google, i like you very much!");
    res = curl_easy_setopt(curl, CURLOPT_COOKIELIST, nline);
-    if (res != CURLE_OK) {
-      fprintf(stderr, "Curl curl_easy_setopt failed: %s\n", curl_easy_strerror(res));
+    if(res != CURLE_OK) {
+      fprintf(stderr, "Curl curl_easy_setopt failed: %s\n",
+              curl_easy_strerror(res));
      return 1;
    }

-    /* HTTP-header style cookie */
+    /* HTTP-header style cookie. If you use the Set-Cookie format and don't
+    specify a domain then the cookie is sent for any domain and will not be
+    modified, likely not what you intended. Starting in 7.43.0 any-domain
+    cookies will not be exported either. For more information refer to the
+    CURLOPT_COOKIELIST documentation.
+    */
    snprintf(nline, sizeof(nline),
      "Set-Cookie: OLD_PREF=3d141414bf4209321; "
      "expires=Sun, 17-Jan-2038 19:14:07 GMT; path=/; domain=.google.com");
    res = curl_easy_setopt(curl, CURLOPT_COOKIELIST, nline);
-    if (res != CURLE_OK) {
-      fprintf(stderr, "Curl curl_easy_setopt failed: %s\n", curl_easy_strerror(res));
+    if(res != CURLE_OK) {
+      fprintf(stderr, "Curl curl_easy_setopt failed: %s\n",
+              curl_easy_strerror(res));
      return 1;
    }

    print_cookies(curl);

    res = curl_easy_perform(curl);
-    if (res != CURLE_OK) {
+    if(res != CURLE_OK) {
      fprintf(stderr, "Curl perform failed: %s\n", curl_easy_strerror(res));
      return 1;
    }
+
+    curl_easy_cleanup(curl);
  }
  else {
    fprintf(stderr, "Curl init failed!\n");
--- a/docs/examples/curlgtk.c
+++ b/docs/examples/curlgtk.c
@ -5,9 +5,12 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
+ *  Copyright (c) 2000 David Odin (aka DindinX) for MandrakeSoft
+ */
+/* <DESC>
+ * use the libcurl in a gtk-threaded application
+ * </DESC>
 */
-/* Copyright (c) 2000 David Odin (aka DindinX) for MandrakeSoft */
-/* an attempt to use the curl library in concert with a gtk-threaded application */

 #include <stdio.h>
 #include <gtk/gtk.h>
@ -47,9 +50,9 @@ void *my_thread(void *ptr)
  gchar *url = ptr;

  curl = curl_easy_init();
-  if(curl)
-  {
-    outfile = fopen("test.curl", "w");
+  if(curl) {
+    const char *filename = "test.curl";
+    outfile = fopen(filename, "wb");

    curl_easy_setopt(curl, CURLOPT_URL, url);
    curl_easy_setopt(curl, CURLOPT_WRITEDATA, outfile);
@ -94,7 +97,7 @@ int main(int argc, char **argv)
  gtk_container_add(GTK_CONTAINER(Frame2), Bar);
  gtk_widget_show_all(Window);

-  if (!g_thread_create(&my_thread, argv[1], FALSE, NULL) != 0)
+  if(!g_thread_create(&my_thread, argv[1], FALSE, NULL) != 0)
    g_warning("can't create the thread");


--- a/docs/examples/curlx.c
+++ b/docs/examples/curlx.c
@ -9,7 +9,10 @@
  certificate presented during ssl session establishment.

 */
-
+/* <DESC>
+ * demonstrates use of SSL context callback, requires OpenSSL
+ * </DESC>
+ */

 /*
 * Copyright (c) 2003 The OpenEvidence Project.  All rights reserved.
@ -33,7 +36,7 @@
 *    "This product includes software developed by the Openevidence Project
 *    for use in the OpenEvidence Toolkit. (http://www.openevidence.org/)"
 *    This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *    for use in the OpenSSL Toolkit (https://www.openssl.org/)"
 *    This product includes cryptographic software written by Eric Young
 *    (eay@cryptsoft.com).  This product includes software written by Tim
 *    Hudson (tjh@cryptsoft.com)."
@ -52,7 +55,7 @@
 *    "This product includes software developed by the OpenEvidence Project
 *    for use in the OpenEvidence Toolkit (http://www.openevidence.org/)
 *    This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *    for use in the OpenSSL Toolkit (https://www.openssl.org/)"
 *    This product includes cryptographic software written by Eric Young
 *    (eay@cryptsoft.com).  This product includes software written by Tim
 *    Hudson (tjh@cryptsoft.com)."
@ -72,7 +75,7 @@
 * ====================================================================
 *
 * This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)
+ * for use in the OpenSSL Toolkit (https://www.openssl.org/)
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
@ -98,13 +101,18 @@
 static const char *curlx_usage[]={
  "usage: curlx args\n",
  " -p12 arg         - tia  file ",
-  " -envpass arg     - environement variable which content the tia private key password",
+  " -envpass arg     - environement variable which content the tia private"
+  " key password",
  " -out arg         - output file (response)- default stdout",
  " -in arg          - input file (request)- default stdin",
-  " -connect arg     - URL of the server for the connection ex: www.openevidence.org",
-  " -mimetype arg    - MIME type for data in ex : application/timestamp-query or application/dvcs -default application/timestamp-query",
-  " -acceptmime arg  - MIME type acceptable for the response ex : application/timestamp-response or application/dvcs -default none",
-  " -accesstype arg  - an Object identifier in an AIA/SIA method, e.g. AD_DVCS or ad_timestamping",
+  " -connect arg     - URL of the server for the connection ex:"
+  " www.openevidence.org",
+  " -mimetype arg    - MIME type for data in ex : application/timestamp-query"
+  " or application/dvcs -default application/timestamp-query",
+  " -acceptmime arg  - MIME type acceptable for the response ex : "
+  "application/timestamp-response or application/dvcs -default none",
+  " -accesstype arg  - an Object identifier in an AIA/SIA method, e.g."
+  " AD_DVCS or ad_timestamping",
  NULL
 };

@ -125,22 +133,22 @@ static const char *curlx_usage[]={
 /* This is a context that we pass to all callbacks */

 typedef struct sslctxparm_st {
-  unsigned char * p12file ;
-  const char * pst ;
-  PKCS12 * p12 ;
-  EVP_PKEY * pkey ;
-  X509 * usercert ;
-  STACK_OF(X509) * ca ;
+  unsigned char * p12file;
+  const char * pst;
+  PKCS12 * p12;
+  EVP_PKEY * pkey;
+  X509 * usercert;
+  STACK_OF(X509) * ca;
  CURL * curl;
  BIO * errorbio;
-  int accesstype ;
+  int accesstype;
  int verbose;

 } sslctxparm;

 /* some helper function. */

-static char *i2s_ASN1_IA5STRING( ASN1_IA5STRING *ia5)
+static char *ia5string(ASN1_IA5STRING *ia5)
 {
  char *tmp;
  if(!ia5 || !ia5->length)
@ -152,20 +160,20 @@ static char *i2s_ASN1_IA5STRING( ASN1_IA5STRING *ia5)
 }

 /* A conveniance routine to get an access URI. */
-
-static unsigned char *my_get_ext(X509 * cert, const int type, int extensiontype) {
-
+static unsigned char *my_get_ext(X509 *cert, const int type,
+                                 int extensiontype)
+{
  int i;
-  STACK_OF(ACCESS_DESCRIPTION) * accessinfo ;
-  accessinfo =  X509_get_ext_d2i(cert, extensiontype, NULL, NULL) ;
+  STACK_OF(ACCESS_DESCRIPTION) * accessinfo;
+  accessinfo =  X509_get_ext_d2i(cert, extensiontype, NULL, NULL);

-  if (!sk_ACCESS_DESCRIPTION_num(accessinfo))
+  if(!sk_ACCESS_DESCRIPTION_num(accessinfo))
    return NULL;
-  for (i = 0; i < sk_ACCESS_DESCRIPTION_num(accessinfo); i++) {
+  for(i = 0; i < sk_ACCESS_DESCRIPTION_num(accessinfo); i++) {
    ACCESS_DESCRIPTION * ad = sk_ACCESS_DESCRIPTION_value(accessinfo, i);
-    if (OBJ_obj2nid(ad->method) == type) {
-      if (ad->location->type == GEN_URI) {
-        return i2s_ASN1_IA5STRING(ad->location->d.ia5);
+    if(OBJ_obj2nid(ad->method) == type) {
+      if(ad->location->type == GEN_URI) {
+        return ia5string(ad->location->d.ia5);
      }
      return NULL;
    }
@ -184,84 +192,86 @@ static int ssl_app_verify_callback(X509_STORE_CTX *ctx, void *arg)
  sslctxparm * p = (sslctxparm *) arg;
  int ok;

-  if (p->verbose > 2)
-    BIO_printf(p->errorbio,"entering ssl_app_verify_callback\n");
+  if(p->verbose > 2)
+    BIO_printf(p->errorbio, "entering ssl_app_verify_callback\n");

-  if ((ok= X509_verify_cert(ctx)) && ctx->cert) {
-    unsigned char * accessinfo ;
-    if (p->verbose > 1)
-      X509_print_ex(p->errorbio,ctx->cert,0,0);
+  if((ok= X509_verify_cert(ctx)) && ctx->cert) {
+    unsigned char * accessinfo;
+    if(p->verbose > 1)
+      X509_print_ex(p->errorbio, ctx->cert, 0, 0);

-    if (accessinfo = my_get_ext(ctx->cert,p->accesstype ,NID_sinfo_access)) {
-      if (p->verbose)
-        BIO_printf(p->errorbio,"Setting URL from SIA to: %s\n", accessinfo);
+    if(accessinfo = my_get_ext(ctx->cert, p->accesstype, NID_sinfo_access)) {
+      if(p->verbose)
+        BIO_printf(p->errorbio, "Setting URL from SIA to: %s\n", accessinfo);

-      curl_easy_setopt(p->curl, CURLOPT_URL,accessinfo);
+      curl_easy_setopt(p->curl, CURLOPT_URL, accessinfo);
    }
-    else if (accessinfo = my_get_ext(ctx->cert,p->accesstype,
-                                     NID_info_access)) {
-      if (p->verbose)
-        BIO_printf(p->errorbio,"Setting URL from AIA to: %s\n", accessinfo);
+    else if(accessinfo = my_get_ext(ctx->cert, p->accesstype,
+                                    NID_info_access)) {
+      if(p->verbose)
+        BIO_printf(p->errorbio, "Setting URL from AIA to: %s\n", accessinfo);

-      curl_easy_setopt(p->curl, CURLOPT_URL,accessinfo);
+      curl_easy_setopt(p->curl, CURLOPT_URL, accessinfo);
    }
  }
-  if (p->verbose > 2)
-    BIO_printf(p->errorbio,"leaving ssl_app_verify_callback with %d\n", ok);
-  return(ok);
+  if(p->verbose > 2)
+    BIO_printf(p->errorbio, "leaving ssl_app_verify_callback with %d\n", ok);
+
+  return ok;
 }


-/* This is an example of an curl SSL initialisation call back. The callback sets:
+/* The SSL initialisation callback. The callback sets:
   - a private key and certificate
   - a trusted ca certificate
   - a preferred cipherlist
   - an application verification callback (the function above)
 */

-static CURLcode sslctxfun(CURL * curl, void * sslctx, void * parm) {
-
+static CURLcode sslctxfun(CURL * curl, void * sslctx, void * parm)
+{
  sslctxparm * p = (sslctxparm *) parm;
-  SSL_CTX * ctx = (SSL_CTX *) sslctx ;
+  SSL_CTX * ctx = (SSL_CTX *) sslctx;

-  if (!SSL_CTX_use_certificate(ctx,p->usercert)) {
-    BIO_printf(p->errorbio, "SSL_CTX_use_certificate problem\n"); goto err;
+  if(!SSL_CTX_use_certificate(ctx, p->usercert)) {
+    BIO_printf(p->errorbio, "SSL_CTX_use_certificate problem\n");
+    goto err;
  }
-  if (!SSL_CTX_use_PrivateKey(ctx,p->pkey)) {
-    BIO_printf(p->errorbio, "SSL_CTX_use_PrivateKey\n"); goto err;
+  if(!SSL_CTX_use_PrivateKey(ctx, p->pkey)) {
+    BIO_printf(p->errorbio, "SSL_CTX_use_PrivateKey\n");
+    goto err;
  }

-  if (!SSL_CTX_check_private_key(ctx)) {
-    BIO_printf(p->errorbio, "SSL_CTX_check_private_key\n"); goto err;
+  if(!SSL_CTX_check_private_key(ctx)) {
+    BIO_printf(p->errorbio, "SSL_CTX_check_private_key\n");
+    goto err;
  }

-  SSL_CTX_set_quiet_shutdown(ctx,1);
-  SSL_CTX_set_cipher_list(ctx,"RC4-MD5");
+  SSL_CTX_set_quiet_shutdown(ctx, 1);
+  SSL_CTX_set_cipher_list(ctx, "RC4-MD5");
  SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);

-  X509_STORE_add_cert(SSL_CTX_get_cert_store(ctx), sk_X509_value(p->ca, sk_X509_num(p->ca)-1));
-
-  SSL_CTX_set_verify_depth(ctx,2);
-
-  SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER,ZERO_NULL);
+  X509_STORE_add_cert(SSL_CTX_get_cert_store(ctx),
+                      sk_X509_value(p->ca, sk_X509_num(p->ca)-1));

+  SSL_CTX_set_verify_depth(ctx, 2);
+  SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, ZERO_NULL);
  SSL_CTX_set_cert_verify_callback(ctx, ssl_app_verify_callback, parm);

-
-  return CURLE_OK ;
+  return CURLE_OK;
  err:
  ERR_print_errors(p->errorbio);
  return CURLE_SSL_CERTPROBLEM;

 }

-int main(int argc, char **argv) {
-
+int main(int argc, char **argv)
+{
  BIO* in=NULL;
  BIO* out=NULL;

  char * outfile = NULL;
-  char * infile = NULL ;
+  char * infile = NULL;

  int tabLength=100;
  char *binaryptr;
@ -270,7 +280,7 @@ int main(int argc, char **argv) {
  char* contenttype;
  const char** pp;
  unsigned char* hostporturl = NULL;
-  BIO * p12bio ;
+  BIO * p12bio;
  char **args = argv + 1;
  unsigned char * serverurl;
  sslctxparm p;
@ -293,66 +303,91 @@ int main(int argc, char **argv) {
  OpenSSL_add_all_digests();
  ERR_load_crypto_strings();

-
-
-  while (*args && *args[0] == '-') {
-    if (!strcmp (*args, "-in")) {
-      if (args[1]) {
+  while(*args && *args[0] == '-') {
+    if(!strcmp (*args, "-in")) {
+      if(args[1]) {
        infile=*(++args);
-      } else badarg=1;
-    } else if (!strcmp (*args, "-out")) {
-      if (args[1]) {
+      }
+      else
+        badarg=1;
+    }
+    else if(!strcmp (*args, "-out")) {
+      if(args[1]) {
        outfile=*(++args);
-      } else badarg=1;
-    } else if (!strcmp (*args, "-p12")) {
-      if (args[1]) {
+      }
+      else
+        badarg=1;
+    }
+    else if(!strcmp (*args, "-p12")) {
+      if(args[1]) {
        p.p12file = *(++args);
-      } else badarg=1;
-    } else if (strcmp(*args,"-envpass") == 0) {
-      if (args[1]) {
+      }
+      else
+        badarg=1;
+    }
+    else if(strcmp(*args, "-envpass") == 0) {
+      if(args[1]) {
        p.pst = getenv(*(++args));
-      } else badarg=1;
-    } else if (strcmp(*args,"-connect") == 0) {
-      if (args[1]) {
+      }
+      else
+        badarg=1;
+    }
+    else if(strcmp(*args, "-connect") == 0) {
+      if(args[1]) {
        hostporturl = *(++args);
-      } else badarg=1;
-    } else if (strcmp(*args,"-mimetype") == 0) {
-      if (args[1]) {
+      }
+      else
+        badarg=1;
+    }
+    else if(strcmp(*args, "-mimetype") == 0) {
+      if(args[1]) {
        mimetype = *(++args);
-      } else badarg=1;
-    } else if (strcmp(*args,"-acceptmime") == 0) {
-      if (args[1]) {
+      }
+      else
+        badarg=1;
+    }
+    else if(strcmp(*args, "-acceptmime") == 0) {
+      if(args[1]) {
        mimetypeaccept = *(++args);
-      } else badarg=1;
-    } else if (strcmp(*args,"-accesstype") == 0) {
-      if (args[1]) {
-        if ((p.accesstype = OBJ_obj2nid(OBJ_txt2obj(*++args,0))) == 0) badarg=1;
-      } else badarg=1;
-    } else if (strcmp(*args,"-verbose") == 0) {
+      }
+      else
+        badarg=1;
+    }
+    else if(strcmp(*args, "-accesstype") == 0) {
+      if(args[1]) {
+        if((p.accesstype = OBJ_obj2nid(OBJ_txt2obj(*++args, 0))) == 0)
+          badarg=1;
+      }
+      else
+        badarg=1;
+    }
+    else if(strcmp(*args, "-verbose") == 0) {
      p.verbose++;
-    } else badarg=1;
+    }
+    else
+      badarg=1;
    args++;
  }

-  if (mimetype==NULL || mimetypeaccept == NULL) badarg = 1;
+  if(mimetype==NULL || mimetypeaccept == NULL)
+    badarg = 1;

-  if (badarg) {
-    for (pp=curlx_usage; (*pp != NULL); pp++)
-      BIO_printf(p.errorbio,"%s\n",*pp);
-    BIO_printf(p.errorbio,"\n");
+  if(badarg) {
+    for(pp=curlx_usage; (*pp != NULL); pp++)
+      BIO_printf(p.errorbio, "%s\n", *pp);
+    BIO_printf(p.errorbio, "\n");
    goto err;
  }

-
-
  /* set input */

-  if ((in=BIO_new(BIO_s_file())) == NULL) {
+  if((in=BIO_new(BIO_s_file())) == NULL) {
    BIO_printf(p.errorbio, "Error setting input bio\n");
    goto err;
-  } else if (infile == NULL)
-    BIO_set_fp(in,stdin,BIO_NOCLOSE|BIO_FP_TEXT);
-  else if (BIO_read_filename(in,infile) <= 0) {
+  }
+  else if(infile == NULL)
+    BIO_set_fp(in, stdin, BIO_NOCLOSE|BIO_FP_TEXT);
+  else if(BIO_read_filename(in, infile) <= 0) {
    BIO_printf(p.errorbio, "Error opening input file %s\n", infile);
    BIO_free(in);
    goto err;
@ -360,12 +395,13 @@ int main(int argc, char **argv) {

  /* set output  */

-  if ((out=BIO_new(BIO_s_file())) == NULL) {
+  if((out=BIO_new(BIO_s_file())) == NULL) {
    BIO_printf(p.errorbio, "Error setting output bio.\n");
    goto err;
-  } else if (outfile == NULL)
-    BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT);
-  else if (BIO_write_filename(out,outfile) <= 0) {
+  }
+  else if(outfile == NULL)
+    BIO_set_fp(out, stdout, BIO_NOCLOSE|BIO_FP_TEXT);
+  else if(BIO_write_filename(out, outfile) <= 0) {
    BIO_printf(p.errorbio, "Error opening output file %s\n", outfile);
    BIO_free(out);
    goto err;
@ -374,62 +410,66 @@ int main(int argc, char **argv) {

  p.errorbio = BIO_new_fp (stderr, BIO_NOCLOSE);

-  if (!(p.curl = curl_easy_init())) {
+  if(!(p.curl = curl_easy_init())) {
    BIO_printf(p.errorbio, "Cannot init curl lib\n");
    goto err;
  }

-
-
-  if (!(p12bio = BIO_new_file(p.p12file , "rb"))) {
-    BIO_printf(p.errorbio, "Error opening P12 file %s\n", p.p12file); goto err;
+  if(!(p12bio = BIO_new_file(p.p12file , "rb"))) {
+    BIO_printf(p.errorbio, "Error opening P12 file %s\n", p.p12file);
+    goto err;
  }
-  if (!(p.p12 = d2i_PKCS12_bio (p12bio, NULL))) {
-    BIO_printf(p.errorbio, "Cannot decode P12 structure %s\n", p.p12file); goto err;
+  if(!(p.p12 = d2i_PKCS12_bio (p12bio, NULL))) {
+    BIO_printf(p.errorbio, "Cannot decode P12 structure %s\n", p.p12file);
+    goto err;
  }

  p.ca= NULL;
-  if (!(PKCS12_parse (p.p12, p.pst, &(p.pkey), &(p.usercert), &(p.ca) ) )) {
-    BIO_printf(p.errorbio,"Invalid P12 structure in %s\n", p.p12file); goto err;
+  if(!(PKCS12_parse (p.p12, p.pst, &(p.pkey), &(p.usercert), &(p.ca) ) )) {
+    BIO_printf(p.errorbio, "Invalid P12 structure in %s\n", p.p12file);
+    goto err;
  }

-  if (sk_X509_num(p.ca) <= 0) {
-    BIO_printf(p.errorbio,"No trustworthy CA given.%s\n", p.p12file); goto err;
+  if(sk_X509_num(p.ca) <= 0) {
+    BIO_printf(p.errorbio, "No trustworthy CA given.%s\n", p.p12file);
+    goto err;
  }

-  if (p.verbose > 1)
-    X509_print_ex(p.errorbio,p.usercert,0,0);
+  if(p.verbose > 1)
+    X509_print_ex(p.errorbio, p.usercert, 0, 0);

  /* determine URL to go */

-  if (hostporturl) {
-    serverurl = malloc(9+strlen(hostporturl));
-    sprintf(serverurl,"https://%s",hostporturl);
+  if(hostporturl) {
+    size_t len = strlen(hostporturl) + 9;
+    serverurl = malloc(len);
+    snprintf(serverurl, len, "https://%s", hostporturl);
  }
-  else if (p.accesstype != 0) { /* see whether we can find an AIA or SIA for a given access type */
-    if (!(serverurl = my_get_ext(p.usercert,p.accesstype,NID_info_access))) {
+  else if(p.accesstype != 0) { /* see whether we can find an AIA or SIA for a
+                                  given access type */
+    if(!(serverurl = my_get_ext(p.usercert, p.accesstype, NID_info_access))) {
      int j=0;
-      BIO_printf(p.errorbio,"no service URL in user cert "
+      BIO_printf(p.errorbio, "no service URL in user cert "
                 "cherching in others certificats\n");
-      for (j=0;j<sk_X509_num(p.ca);j++) {
-        if ((serverurl = my_get_ext(sk_X509_value(p.ca,j),p.accesstype,
+      for(j=0; j<sk_X509_num(p.ca); j++) {
+        if((serverurl = my_get_ext(sk_X509_value(p.ca, j), p.accesstype,
                                    NID_info_access)))
          break;
-        if ((serverurl = my_get_ext(sk_X509_value(p.ca,j),p.accesstype,
+        if((serverurl = my_get_ext(sk_X509_value(p.ca, j), p.accesstype,
                                    NID_sinfo_access)))
          break;
      }
    }
  }

-  if (!serverurl) {
+  if(!serverurl) {
    BIO_printf(p.errorbio, "no service URL in certificats,"
               " check '-accesstype (AD_DVCS | ad_timestamping)'"
               " or use '-connect'\n");
    goto err;
  }

-  if (p.verbose)
+  if(p.verbose)
    BIO_printf(p.errorbio, "Service URL: <%s>\n", serverurl);

  curl_easy_setopt(p.curl, CURLOPT_URL, serverurl);
@ -437,38 +477,39 @@ int main(int argc, char **argv) {
  /* Now specify the POST binary data */

  curl_easy_setopt(p.curl, CURLOPT_POSTFIELDS, binaryptr);
-  curl_easy_setopt(p.curl, CURLOPT_POSTFIELDSIZE,(long)tabLength);
+  curl_easy_setopt(p.curl, CURLOPT_POSTFIELDSIZE, (long)tabLength);

  /* pass our list of custom made headers */

  contenttype = malloc(15+strlen(mimetype));
-  sprintf(contenttype,"Content-type: %s",mimetype);
-  headers = curl_slist_append(headers,contenttype);
+  snprintf(contenttype, 15+strlen(mimetype), "Content-type: %s", mimetype);
+  headers = curl_slist_append(headers, contenttype);
  curl_easy_setopt(p.curl, CURLOPT_HTTPHEADER, headers);

-  if (p.verbose)
+  if(p.verbose)
    BIO_printf(p.errorbio, "Service URL: <%s>\n", serverurl);

  {
    FILE *outfp;
-    BIO_get_fp(out,&outfp);
+    BIO_get_fp(out, &outfp);
    curl_easy_setopt(p.curl, CURLOPT_WRITEDATA, outfp);
  }

-  res = curl_easy_setopt(p.curl, CURLOPT_SSL_CTX_FUNCTION, sslctxfun)  ;
+  res = curl_easy_setopt(p.curl, CURLOPT_SSL_CTX_FUNCTION, sslctxfun);

-  if (res != CURLE_OK)
-    BIO_printf(p.errorbio,"%d %s=%d %d\n", __LINE__, "CURLOPT_SSL_CTX_FUNCTION",CURLOPT_SSL_CTX_FUNCTION,res);
+  if(res != CURLE_OK)
+    BIO_printf(p.errorbio, "%d %s=%d %d\n", __LINE__,
+               "CURLOPT_SSL_CTX_FUNCTION", CURLOPT_SSL_CTX_FUNCTION, res);

  curl_easy_setopt(p.curl, CURLOPT_SSL_CTX_DATA, &p);

  {
    int lu; int i=0;
-    while ((lu = BIO_read (in,&binaryptr[i],tabLength-i)) >0 ) {
+    while((lu = BIO_read (in, &binaryptr[i], tabLength-i)) >0 ) {
      i+=lu;
-      if (i== tabLength) {
+      if(i== tabLength) {
        tabLength+=100;
-        binaryptr=realloc(binaryptr,tabLength); /* should be more careful */
+        binaryptr=realloc(binaryptr, tabLength); /* should be more careful */
      }
    }
    tabLength = i;
@ -476,23 +517,23 @@ int main(int argc, char **argv) {
  /* Now specify the POST binary data */

  curl_easy_setopt(p.curl, CURLOPT_POSTFIELDS, binaryptr);
-  curl_easy_setopt(p.curl, CURLOPT_POSTFIELDSIZE,(long)tabLength);
+  curl_easy_setopt(p.curl, CURLOPT_POSTFIELDSIZE, (long)tabLength);


  /* Perform the request, res will get the return code */

-  BIO_printf(p.errorbio,"%d %s %d\n", __LINE__, "curl_easy_perform",
+  BIO_printf(p.errorbio, "%d %s %d\n", __LINE__, "curl_easy_perform",
             res = curl_easy_perform(p.curl));
  {
-    int result =curl_easy_getinfo(p.curl,CURLINFO_CONTENT_TYPE,&response);
-    if( mimetypeaccept && p.verbose)
-      if(!strcmp(mimetypeaccept,response))
-        BIO_printf(p.errorbio,"the response has a correct mimetype : %s\n",
+    int result =curl_easy_getinfo(p.curl, CURLINFO_CONTENT_TYPE, &response);
+    if(mimetypeaccept && p.verbose)
+      if(!strcmp(mimetypeaccept, response))
+        BIO_printf(p.errorbio, "the response has a correct mimetype : %s\n",
                   response);
      else
-        BIO_printf(p.errorbio,"the reponse doesn\'t has an acceptable "
+        BIO_printf(p.errorbio, "the response doesn\'t have an acceptable "
                   "mime type, it is %s instead of %s\n",
-                   response,mimetypeaccept);
+                   response, mimetypeaccept);
  }

  /*** code d'erreur si accept mime ***, egalement code return HTTP != 200 ***/
@ -508,6 +549,6 @@ int main(int argc, char **argv) {
  BIO_free(out);
  return (EXIT_SUCCESS);

-  err: BIO_printf(p.errorbio,"error");
+  err: BIO_printf(p.errorbio, "error");
  exit(1);
 }
--- a/docs/examples/debug.c
+++ b/docs/examples/debug.c
@ -5,11 +5,11 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
@ -19,6 +19,10 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
+/* <DESC>
+ * Show how CURLOPT_DEBUGFUNCTION can be used.
+ * </DESC>
+ */
 #include <stdio.h>
 #include <curl/curl.h>

@ -58,14 +62,14 @@ void dump(const char *text,

    for(c = 0; (c < width) && (i+c < size); c++) {
      /* check for 0D0A; if found, skip past and start a new line of output */
-      if (nohex && (i+c+1 < size) && ptr[i+c]==0x0D && ptr[i+c+1]==0x0A) {
+      if(nohex && (i+c+1 < size) && ptr[i+c]==0x0D && ptr[i+c+1]==0x0A) {
        i+=(c+2-width);
        break;
      }
      fprintf(stream, "%c",
              (ptr[i+c]>=0x20) && (ptr[i+c]<0x80)?ptr[i+c]:'.');
      /* check again for 0D0A, to avoid an extra \n if it's at width */
-      if (nohex && (i+c+2 < size) && ptr[i+c+1]==0x0D && ptr[i+c+2]==0x0A) {
+      if(nohex && (i+c+2 < size) && ptr[i+c+1]==0x0D && ptr[i+c+2]==0x0A) {
        i+=(c+3-width);
        break;
      }
--- a/docs/examples/evhiperfifo.c
+++ b/docs/examples/evhiperfifo.c
@ -5,11 +5,11 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
@ -19,6 +19,10 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
+/* <DESC>
+ * multi socket interface together with libev
+ * </DESC>
+ */
 /* Example application source code using the multi socket interface to
 * download many files at once.
 *
@ -115,12 +119,12 @@ static int multi_timer_cb(CURLM *multi, long timeout_ms, GlobalInfo *g)
 {
  DPRINT("%s %li\n", __PRETTY_FUNCTION__,  timeout_ms);
  ev_timer_stop(g->loop, &g->timer_event);
-  if (timeout_ms > 0)
-  {
+  if(timeout_ms > 0) {
    double  t = timeout_ms / 1000;
    ev_timer_init(&g->timer_event, timer_cb, t, 0.);
    ev_timer_start(g->loop, &g->timer_event);
-  }else
+  }
+  else
    timer_cb(g->loop, &g->timer_event, 0);
  return 0;
 }
@ -128,20 +132,32 @@ static int multi_timer_cb(CURLM *multi, long timeout_ms, GlobalInfo *g)
 /* Die if we get a bad CURLMcode somewhere */
 static void mcode_or_die(const char *where, CURLMcode code)
 {
-  if ( CURLM_OK != code )
-  {
+  if(CURLM_OK != code) {
    const char *s;
-    switch ( code )
-    {
-    case CURLM_BAD_HANDLE:         s="CURLM_BAD_HANDLE";         break;
-    case CURLM_BAD_EASY_HANDLE:    s="CURLM_BAD_EASY_HANDLE";    break;
-    case CURLM_OUT_OF_MEMORY:      s="CURLM_OUT_OF_MEMORY";      break;
-    case CURLM_INTERNAL_ERROR:     s="CURLM_INTERNAL_ERROR";     break;
-    case CURLM_UNKNOWN_OPTION:     s="CURLM_UNKNOWN_OPTION";     break;
-    case CURLM_LAST:               s="CURLM_LAST";               break;
-    default: s="CURLM_unknown";
+    switch (code) {
+    case CURLM_BAD_HANDLE:
+      s="CURLM_BAD_HANDLE";
      break;
-    case     CURLM_BAD_SOCKET:         s="CURLM_BAD_SOCKET";
+    case CURLM_BAD_EASY_HANDLE:
+      s="CURLM_BAD_EASY_HANDLE";
+      break;
+    case CURLM_OUT_OF_MEMORY:
+      s="CURLM_OUT_OF_MEMORY";
+      break;
+    case CURLM_INTERNAL_ERROR:
+      s="CURLM_INTERNAL_ERROR";
+      break;
+    case CURLM_UNKNOWN_OPTION:
+      s="CURLM_UNKNOWN_OPTION";
+      break;
+    case CURLM_LAST:
+      s="CURLM_LAST";
+      break;
+    default:
+      s="CURLM_unknown";
+      break;
+    case CURLM_BAD_SOCKET:
+      s="CURLM_BAD_SOCKET";
      fprintf(MSG_OUT, "ERROR: %s returns %s\n", where, s);
      /* ignore this error */
      return;
@ -164,8 +180,8 @@ static void check_multi_info(GlobalInfo *g)
  CURLcode res;

  fprintf(MSG_OUT, "REMAINING: %d\n", g->still_running);
-  while ((msg = curl_multi_info_read(g->multi, &msgs_left))) {
-    if (msg->msg == CURLMSG_DONE) {
+  while((msg = curl_multi_info_read(g->multi, &msgs_left))) {
+    if(msg->msg == CURLMSG_DONE) {
      easy = msg->easy_handle;
      res = msg->data.result;
      curl_easy_getinfo(easy, CURLINFO_PRIVATE, &conn);
@ -193,8 +209,7 @@ static void event_cb(EV_P_ struct ev_io *w, int revents)
  rc = curl_multi_socket_action(g->multi, w->fd, action, &g->still_running);
  mcode_or_die("event_cb: curl_multi_socket_action", rc);
  check_multi_info(g);
-  if ( g->still_running <= 0 )
-  {
+  if(g->still_running <= 0) {
    fprintf(MSG_OUT, "last transfer done, kill timeout\n");
    ev_timer_stop(g->loop, &g->timer_event);
  }
@ -208,7 +223,8 @@ static void timer_cb(EV_P_ struct ev_timer *w, int revents)
  GlobalInfo *g = (GlobalInfo *)w->data;
  CURLMcode rc;

-  rc = curl_multi_socket_action(g->multi, CURL_SOCKET_TIMEOUT, 0, &g->still_running);
+  rc = curl_multi_socket_action(g->multi, CURL_SOCKET_TIMEOUT, 0,
+                                &g->still_running);
  mcode_or_die("timer_cb: curl_multi_socket_action", rc);
  check_multi_info(g);
 }
@ -217,9 +233,8 @@ static void timer_cb(EV_P_ struct ev_timer *w, int revents)
 static void remsock(SockInfo *f, GlobalInfo *g)
 {
  printf("%s  \n", __PRETTY_FUNCTION__);
-  if ( f )
-  {
-    if ( f->evset )
+  if(f) {
+    if(f->evset)
      ev_io_stop(g->loop, &f->ev);
    free(f);
  }
@ -237,7 +252,7 @@ static void setsock(SockInfo*f, curl_socket_t s, CURL*e, int act, GlobalInfo*g)
  f->sockfd = s;
  f->action = act;
  f->easy = e;
-  if ( f->evset )
+  if(f->evset)
    ev_io_stop(g->loop, &f->ev);
  ev_io_init(&f->ev, event_cb, f->sockfd, kind);
  f->ev.data = g;
@ -269,18 +284,16 @@ static int sock_cb(CURL *e, curl_socket_t s, int what, void *cbp, void *sockp)

  fprintf(MSG_OUT,
          "socket callback: s=%d e=%p what=%s ", s, e, whatstr[what]);
-  if ( what == CURL_POLL_REMOVE )
-  {
+  if(what == CURL_POLL_REMOVE) {
    fprintf(MSG_OUT, "\n");
    remsock(fdp, g);
-  } else
-  {
-    if ( !fdp )
-    {
+  }
+  else {
+    if(!fdp) {
      fprintf(MSG_OUT, "Adding data: %s\n", whatstr[what]);
      addsock(s, e, what, g);
-    } else
-    {
+    }
+    else {
      fprintf(MSG_OUT,
              "Changing action from %s to %s\n",
              whatstr[fdp->action], whatstr[what]);
@ -326,8 +339,7 @@ static void new_conn(char *url, GlobalInfo *g )
  conn->error[0]='\0';

  conn->easy = curl_easy_init();
-  if ( !conn->easy )
-  {
+  if(!conn->easy) {
    fprintf(MSG_OUT, "curl_easy_init() failed, exiting!\n");
    exit(2);
  }
@ -362,16 +374,16 @@ static void fifo_cb(EV_P_ struct ev_io *w, int revents)
  int n=0;
  GlobalInfo *g = (GlobalInfo *)w->data;

-  do
-  {
+  do {
    s[0]='\0';
    rv=fscanf(g->input, "%1023s%n", s, &n);
    s[n]='\0';
-    if ( n && s[0] )
-    {
-      new_conn(s,g);  /* if we read a URL, go get it! */
-    } else break;
-  } while ( rv != EOF );
+    if(n && s[0]) {
+      new_conn(s, g);  /* if we read a URL, go get it! */
+    }
+    else
+      break;
+  } while(rv != EOF);
 }

 /* Create a named pipe and tell libevent to monitor it */
@ -382,24 +394,20 @@ static int init_fifo (GlobalInfo *g)
  curl_socket_t sockfd;

  fprintf(MSG_OUT, "Creating named pipe \"%s\"\n", fifo);
-  if ( lstat (fifo, &st) == 0 )
-  {
-    if ( (st.st_mode & S_IFMT) == S_IFREG )
-    {
+  if(lstat (fifo, &st) == 0) {
+    if((st.st_mode & S_IFMT) == S_IFREG) {
      errno = EEXIST;
      perror("lstat");
      exit (1);
    }
  }
  unlink(fifo);
-  if ( mkfifo (fifo, 0600) == -1 )
-  {
+  if(mkfifo (fifo, 0600) == -1) {
    perror("mkfifo");
    exit (1);
  }
  sockfd = open(fifo, O_RDWR | O_NONBLOCK, 0);
-  if ( sockfd == -1 )
-  {
+  if(sockfd == -1) {
    perror("open");
    exit (1);
  }
@ -408,7 +416,7 @@ static int init_fifo (GlobalInfo *g)
  fprintf(MSG_OUT, "Now, pipe some URL's into > %s\n", fifo);
  ev_io_init(&g->fifo_event, fifo_cb, sockfd, EV_READ);
  ev_io_start(g->loop, &g->fifo_event);
-  return(0);
+  return (0);
 }

 int main(int argc, char **argv)
--- a/docs/examples/externalsocket.c
+++ b/docs/examples/externalsocket.c
@ -5,11 +5,11 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
@ -19,9 +19,10 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
-/*
- * This is an example demonstrating how an application can pass in a custom
+/* <DESC>
+ * An example demonstrating how an application can pass in a custom
 * socket to libcurl to use. This example also handles the connect itself.
+ * </DESC>
 */
 #include <stdio.h>
 #include <string.h>
@ -53,7 +54,7 @@

 static size_t write_data(void *ptr, size_t size, size_t nmemb, void *stream)
 {
-  int written = fwrite(ptr, size, nmemb, (FILE *)stream);
+  size_t written = fwrite(ptr, size, nmemb, (FILE *)stream);
  return written;
 }

@ -91,7 +92,7 @@ int main(void)
  WSADATA wsaData;
  int initwsa;

-  if((initwsa = WSAStartup(MAKEWORD(2,0), &wsaData)) != 0) {
+  if((initwsa = WSAStartup(MAKEWORD(2, 0), &wsaData)) != 0) {
    printf("WSAStartup failed: %d\n", initwsa);
    return 1;
  }
@ -106,7 +107,7 @@ int main(void)
    curl_easy_setopt(curl, CURLOPT_URL, "http://99.99.99.99:9999");

    /* Create the socket "manually" */
-    if( (sockfd = socket(AF_INET, SOCK_STREAM, 0)) == CURL_SOCKET_BAD ) {
+    if((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == CURL_SOCKET_BAD ) {
      printf("Error creating listening socket.\n");
      return 3;
    }
@ -115,10 +116,10 @@ int main(void)
    servaddr.sin_family = AF_INET;
    servaddr.sin_port   = htons(PORTNUM);

-    if (INADDR_NONE == (servaddr.sin_addr.s_addr = inet_addr(IPADDR)))
+    if(INADDR_NONE == (servaddr.sin_addr.s_addr = inet_addr(IPADDR)))
      return 2;

-    if(connect(sockfd,(struct sockaddr *) &servaddr, sizeof(servaddr)) ==
+    if(connect(sockfd, (struct sockaddr *) &servaddr, sizeof(servaddr)) ==
       -1) {
      close(sockfd);
      printf("client error: connect: %s\n", strerror(errno));
--- a/docs/examples/fileupload.c
+++ b/docs/examples/fileupload.c
@ -5,11 +5,11 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
@ -19,6 +19,10 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
+/* <DESC>
+ * Upload to a file:// URL
+ * </DESC>
+ */
 #include <stdio.h>
 #include <curl/curl.h>
 #include <sys/stat.h>
--- a/docs/examples/fopen.c
+++ b/docs/examples/fopen.c
@ -42,6 +42,10 @@
 *
 * This example requires libcurl 7.9.7 or later.
 */
+/* <DESC>
+ * implements an fopen() abstraction allowing reading from URLs
+ * </DESC>
+ */

 #include <stdio.h>
 #include <string.h>
@ -76,7 +80,7 @@ struct fcurl_data
 typedef struct fcurl_data URL_FILE;

 /* exported functions */
-URL_FILE *url_fopen(const char *url,const char *operation);
+URL_FILE *url_fopen(const char *url, const char *operation);
 int url_fclose(URL_FILE *file);
 int url_feof(URL_FILE *file);
 size_t url_fread(void *ptr, size_t size, size_t nmemb, URL_FILE *file);
@ -102,13 +106,13 @@ static size_t write_callback(char *buffer,

  if(size > rembuff) {
    /* not enough space in buffer */
-    newbuff=realloc(url->buffer,url->buffer_len + (size - rembuff));
+    newbuff=realloc(url->buffer, url->buffer_len + (size - rembuff));
    if(newbuff==NULL) {
-      fprintf(stderr,"callback buffer grow failed\n");
+      fprintf(stderr, "callback buffer grow failed\n");
      size=rembuff;
    }
    else {
-      /* realloc suceeded increase buffer size*/
+      /* realloc succeeded increase buffer size*/
      url->buffer_len+=size - rembuff;
      url->buffer=newbuff;
    }
@ -131,7 +135,7 @@ static int fill_buffer(URL_FILE *file, size_t want)
  CURLMcode mc; /* curl_multi_fdset() return code */

  /* only attempt to fill buffer if transactions still running and buffer
-   * doesnt exceed required size already
+   * doesn't exceed required size already
   */
  if((!file->still_running) || (file->buffer_pos > want))
    return 0;
@ -161,8 +165,7 @@ static int fill_buffer(URL_FILE *file, size_t want)
    /* get file descriptors from the transfers */
    mc = curl_multi_fdset(multi_handle, &fdread, &fdwrite, &fdexcep, &maxfd);

-    if(mc != CURLM_OK)
-    {
+    if(mc != CURLM_OK) {
      fprintf(stderr, "curl_multi_fdset() failed, code %d.\n", mc);
      break;
    }
@ -205,14 +208,12 @@ static int fill_buffer(URL_FILE *file, size_t want)
 }

 /* use to remove want bytes from the front of a files buffer */
-static int use_buffer(URL_FILE *file,int want)
+static int use_buffer(URL_FILE *file, size_t want)
 {
  /* sort out buffer */
  if((file->buffer_pos - want) <=0) {
    /* ditch buffer - write will recreate */
-    if(file->buffer)
-      free(file->buffer);
-
+    free(file->buffer);
    file->buffer=NULL;
    file->buffer_pos=0;
    file->buffer_len=0;
@ -228,10 +229,10 @@ static int use_buffer(URL_FILE *file,int want)
  return 0;
 }

-URL_FILE *url_fopen(const char *url,const char *operation)
+URL_FILE *url_fopen(const char *url, const char *operation)
 {
  /* this code could check for URLs or types in the 'url' and
-     basicly use the real fopen() for standard files */
+     basically use the real fopen() for standard files */

  URL_FILE *file;
  (void)operation;
@ -242,7 +243,7 @@ URL_FILE *url_fopen(const char *url,const char *operation)

  memset(file, 0, sizeof(URL_FILE));

-  if((file->handle.file=fopen(url,operation)))
+  if((file->handle.file=fopen(url, operation)))
    file->type = CFTYPE_FILE; /* marked as URL */

  else {
@ -302,9 +303,7 @@ int url_fclose(URL_FILE *file)
    break;
  }

-  if(file->buffer)
-    free(file->buffer);/* free any allocated buffer space */
-
+  free(file->buffer);/* free any allocated buffer space */
  free(file);

  return ret;
@ -338,13 +337,13 @@ size_t url_fread(void *ptr, size_t size, size_t nmemb, URL_FILE *file)

  switch(file->type) {
  case CFTYPE_FILE:
-    want=fread(ptr,size,nmemb,file->handle.file);
+    want=fread(ptr, size, nmemb, file->handle.file);
    break;

  case CFTYPE_CURL:
    want = nmemb * size;

-    fill_buffer(file,want);
+    fill_buffer(file, want);

    /* check if theres data in the buffer - if not fill_buffer()
     * either errored or EOF */
@ -358,7 +357,7 @@ size_t url_fread(void *ptr, size_t size, size_t nmemb, URL_FILE *file)
    /* xfer data to caller */
    memcpy(ptr, file->buffer, want);

-    use_buffer(file,want);
+    use_buffer(file, want);

    want = want / size;     /* number of items */
    break;
@ -379,11 +378,11 @@ char *url_fgets(char *ptr, size_t size, URL_FILE *file)

  switch(file->type) {
  case CFTYPE_FILE:
-    ptr = fgets(ptr,size,file->handle.file);
+    ptr = fgets(ptr, (int)size, file->handle.file);
    break;

  case CFTYPE_CURL:
-    fill_buffer(file,want);
+    fill_buffer(file, want);

    /* check if theres data in the buffer - if not fill either errored or
     * EOF */
@ -407,7 +406,7 @@ char *url_fgets(char *ptr, size_t size, URL_FILE *file)
    memcpy(ptr, file->buffer, want);
    ptr[want]=0;/* allways null terminate */

-    use_buffer(file,want);
+    use_buffer(file, want);

    break;

@ -435,9 +434,7 @@ void url_rewind(URL_FILE *file)
    curl_multi_add_handle(multi_handle, file->handle.curl);

    /* ditch buffer - write will recreate - resets stream pos*/
-    if(file->buffer)
-      free(file->buffer);
-
+    free(file->buffer);
    file->buffer=NULL;
    file->buffer_pos=0;
    file->buffer_len=0;
@ -449,6 +446,10 @@ void url_rewind(URL_FILE *file)
  }
 }

+#define FGETSFILE "fgets.test"
+#define FREADFILE "fread.test"
+#define REWINDFILE "rewind.test"
+
 /* Small main program to retrive from a url using fgets and fread saving the
 * output to two test files (note the fgets method will corrupt binary files if
 * they contain 0 chars */
@ -457,7 +458,7 @@ int main(int argc, char *argv[])
  URL_FILE *handle;
  FILE *outf;

-  int nread;
+  size_t nread;
  char buffer[256];
  const char *url;

@ -467,7 +468,7 @@ int main(int argc, char *argv[])
    url=argv[1];/* use passed url */

  /* copy from url line by line with fgets */
-  outf=fopen("fgets.test","w+");
+  outf=fopen(FGETSFILE, "wb+");
  if(!outf) {
    perror("couldn't open fgets output file\n");
    return 1;
@ -481,8 +482,8 @@ int main(int argc, char *argv[])
  }

  while(!url_feof(handle)) {
-    url_fgets(buffer,sizeof(buffer),handle);
-    fwrite(buffer,1,strlen(buffer),outf);
+    url_fgets(buffer, sizeof(buffer), handle);
+    fwrite(buffer, 1, strlen(buffer), outf);
  }

  url_fclose(handle);
@ -491,7 +492,7 @@ int main(int argc, char *argv[])


  /* Copy from url with fread */
-  outf=fopen("fread.test","w+");
+  outf=fopen(FREADFILE, "wb+");
  if(!outf) {
    perror("couldn't open fread output file\n");
    return 1;
@ -505,8 +506,8 @@ int main(int argc, char *argv[])
  }

  do {
-    nread = url_fread(buffer, 1,sizeof(buffer), handle);
-    fwrite(buffer,1,nread,outf);
+    nread = url_fread(buffer, 1, sizeof(buffer), handle);
+    fwrite(buffer, 1, nread, outf);
  } while(nread);

  url_fclose(handle);
@ -515,7 +516,7 @@ int main(int argc, char *argv[])


  /* Test rewind */
-  outf=fopen("rewind.test","w+");
+  outf=fopen(REWINDFILE, "wb+");
  if(!outf) {
    perror("couldn't open fread output file\n");
    return 1;
@ -528,21 +529,19 @@ int main(int argc, char *argv[])
    return 2;
  }

-  nread = url_fread(buffer, 1,sizeof(buffer), handle);
-  fwrite(buffer,1,nread,outf);
+  nread = url_fread(buffer, 1, sizeof(buffer), handle);
+  fwrite(buffer, 1, nread, outf);
  url_rewind(handle);

  buffer[0]='\n';
-  fwrite(buffer,1,1,outf);
-
-  nread = url_fread(buffer, 1,sizeof(buffer), handle);
-  fwrite(buffer,1,nread,outf);
+  fwrite(buffer, 1, 1, outf);

+  nread = url_fread(buffer, 1, sizeof(buffer), handle);
+  fwrite(buffer, 1, nread, outf);

  url_fclose(handle);

  fclose(outf);

-
  return 0;/* all done */
 }
--- a/docs/examples/ftp-wildcard.c
+++ b/docs/examples/ftp-wildcard.c
@ -5,11 +5,11 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
@ -19,6 +19,10 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
+/* <DESC>
+ * FTP wildcard pattern matching
+ * </DESC>
+ */
 #include <curl/curl.h>
 #include <stdio.h>

@ -115,7 +119,7 @@ static long file_is_coming(struct curl_fileinfo *finfo,
      return CURL_CHUNK_BGN_FUNC_SKIP;
    }

-    data->output = fopen(finfo->filename, "w");
+    data->output = fopen(finfo->filename, "wb");
    if(!data->output) {
      return CURL_CHUNK_BGN_FUNC_FAIL;
    }
--- a/docs/examples/ftpget.c
+++ b/docs/examples/ftpget.c
@ -5,11 +5,11 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
@ -23,11 +23,9 @@

 #include <curl/curl.h>

-/*
- * This is an example showing how to get a single file from an FTP server.
- * It delays the actual destination file creation until the first write
- * callback so that it won't create an empty file in case the remote file
- * doesn't exist or something else fails.
+/* <DESC>
+ * Get a single file from an FTP server.
+ * </DESC>
 */

 struct FtpFile {
@ -53,7 +51,7 @@ int main(void)
  CURL *curl;
  CURLcode res;
  struct FtpFile ftpfile={
-    "curl.tar.gz", /* name to store the file as if succesful */
+    "curl.tar.gz", /* name to store the file as if successful */
    NULL
  };

@ -65,7 +63,7 @@ int main(void)
     * You better replace the URL with one that works!
     */
    curl_easy_setopt(curl, CURLOPT_URL,
-                     "ftp://ftp.example.com/pub/www/utilities/curl/curl-7.9.2.tar.gz");
+                     "ftp://ftp.example.com/curl/curl-7.9.2.tar.gz");
    /* Define our callback to get called when there's data to be written */
    curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, my_fwrite);
    /* Set a pointer to our struct to pass to the callback */
--- a/docs/examples/ftpgetinfo.c
+++ b/docs/examples/ftpgetinfo.c
@ -5,11 +5,11 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
@ -24,9 +24,9 @@

 #include <curl/curl.h>

-/*
- * This is an example showing how to check a single file's size and mtime
- * from an FTP server.
+/* <DESC>
+ * Checks a single file's size and mtime from an FTP server.
+ * </DESC>
 */

 static size_t throw_away(void *ptr, size_t size, size_t nmemb, void *data)
@ -65,16 +65,18 @@ int main(void)
    res = curl_easy_perform(curl);

    if(CURLE_OK == res) {
-      /* http://curl.haxx.se/libcurl/c/curl_easy_getinfo.html */
+      /* https://curl.haxx.se/libcurl/c/curl_easy_getinfo.html */
      res = curl_easy_getinfo(curl, CURLINFO_FILETIME, &filetime);
      if((CURLE_OK == res) && (filetime >= 0)) {
        time_t file_time = (time_t)filetime;
        printf("filetime %s: %s", filename, ctime(&file_time));
      }
-      res = curl_easy_getinfo(curl, CURLINFO_CONTENT_LENGTH_DOWNLOAD, &filesize);
+      res = curl_easy_getinfo(curl, CURLINFO_CONTENT_LENGTH_DOWNLOAD,
+                              &filesize);
      if((CURLE_OK == res) && (filesize>0.0))
        printf("filesize %s: %0.0f bytes\n", filename, filesize);
-    } else {
+    }
+    else {
      /* we failed */
      fprintf(stderr, "curl told us %d\n", res);
    }
--- a/docs/examples/ftpgetresp.c
+++ b/docs/examples/ftpgetresp.c
@ -5,11 +5,11 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
@ -23,13 +23,11 @@

 #include <curl/curl.h>

-/*
- * Similar to ftpget.c but this also stores the received response-lines
+/* <DESC>
+ * Similar to ftpget.c but also stores the received response-lines
 * in a separate file using our own callback!
- *
- * This functionality was introduced in libcurl 7.9.3.
+ * </DESC>
 */
-
 static size_t
 write_response(void *ptr, size_t size, size_t nmemb, void *data)
 {
@ -37,6 +35,9 @@ write_response(void *ptr, size_t size, size_t nmemb, void *data)
  return fwrite(ptr, size, nmemb, writehere);
 }

+#define FTPBODY "ftp-list"
+#define FTPHEADERS "ftp-responses"
+
 int main(void)
 {
  CURL *curl;
@ -45,10 +46,10 @@ int main(void)
  FILE *respfile;

  /* local file name to store the file as */
-  ftpfile = fopen("ftp-list", "wb"); /* b is binary, needed on win32 */
+  ftpfile = fopen(FTPBODY, "wb"); /* b is binary, needed on win32 */

  /* local file name to store the FTP server's response lines in */
-  respfile = fopen("ftp-responses", "wb"); /* b is binary, needed on win32 */
+  respfile = fopen(FTPHEADERS, "wb"); /* b is binary, needed on win32 */

  curl = curl_easy_init();
  if(curl) {
--- a/docs/examples/ftpsget.c
+++ b/docs/examples/ftpsget.c
@ -5,11 +5,11 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
@ -24,11 +24,9 @@

 #include <curl/curl.h>

-/*
- * This is an example showing how to get a single file from an FTPS server.
- * It delays the actual destination file creation until the first write
- * callback so that it won't create an empty file in case the remote file
- * doesn't exist or something else fails.
+/* <DESC>
+ * Get a single file from an FTPS server.
+ * </DESC>
 */

 struct FtpFile {
@ -55,7 +53,7 @@ int main(void)
  CURL *curl;
  CURLcode res;
  struct FtpFile ftpfile={
-    "yourfile.bin", /* name to store the file as if succesful */
+    "yourfile.bin", /* name to store the file as if successful */
    NULL
  };

--- a/docs/examples/ftpupload.c
+++ b/docs/examples/ftpupload.c
@ -5,11 +5,11 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
@ -33,11 +33,10 @@
 #include <unistd.h>
 #endif

-/*
- * This example shows an FTP upload, with a rename of the file just after
- * a successful upload.
- *
- * Example based on source code provided by Erick Nuwendam. Thanks!
+/* <DESC>
+ * Performs an FTP upload and renames the file just after a successful
+ * transfer.
+ * </DESC>
 */

 #define LOCAL_FILE      "/tmp/uploadthis.txt"
@ -105,7 +104,7 @@ int main(void)
    curl_easy_setopt(curl, CURLOPT_UPLOAD, 1L);

    /* specify target */
-    curl_easy_setopt(curl,CURLOPT_URL, REMOTE_URL);
+    curl_easy_setopt(curl, CURLOPT_URL, REMOTE_URL);

    /* pass in that last of FTP commands to run after the transfer */
    curl_easy_setopt(curl, CURLOPT_POSTQUOTE, headerlist);
--- a/docs/examples/ftpuploadresume.c
+++ b/docs/examples/ftpuploadresume.c
@ -5,11 +5,11 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
@ -19,13 +19,9 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
-/* Upload to FTP, resuming failed transfers
- *
- * Compile for MinGW like this:
- *  gcc -Wall -pedantic -std=c99 ftpuploadwithresume.c -o ftpuploadresume.exe
- *  -lcurl -lmsvcr70
- *
- * Written by Philip Bock
+/* <DESC>
+ * Upload to FTP, resuming failed transfers.
+ * </DESC>
 */

 #include <stdlib.h>
@ -40,7 +36,8 @@
 /* The MinGW headers are missing a few Win32 function definitions,
   you shouldn't need this if you use VC++ */
 #if defined(__MINGW32__) && !defined(__MINGW64__)
-int __cdecl _snscanf(const char * input, size_t length, const char * format, ...);
+int __cdecl _snscanf(const char * input, size_t length,
+                     const char * format, ...);
 #endif


@ -53,7 +50,7 @@ size_t getcontentlengthfunc(void *ptr, size_t size, size_t nmemb, void *stream)
  /* _snscanf() is Win32 specific */
  r = _snscanf(ptr, size * nmemb, "Content-Length: %ld\n", &len);

-  if (r) /* Microsoft: we don't read the specs */
+  if(r) /* Microsoft: we don't read the specs */
    *((long *) stream) = len;

  return size * nmemb;
@ -71,7 +68,7 @@ size_t readfunc(void *ptr, size_t size, size_t nmemb, void *stream)
  FILE *f = stream;
  size_t n;

-  if (ferror(f))
+  if(ferror(f))
    return CURL_READFUNC_ABORT;

  n = fread(ptr, size, nmemb, f) * size;
@ -89,7 +86,7 @@ int upload(CURL *curlhandle, const char * remotepath, const char * localpath,
  int c;

  f = fopen(localpath, "rb");
-  if (f == NULL) {
+  if(!f) {
    perror(NULL);
    return 0;
  }
@ -98,7 +95,7 @@ int upload(CURL *curlhandle, const char * remotepath, const char * localpath,

  curl_easy_setopt(curlhandle, CURLOPT_URL, remotepath);

-  if (timeout)
+  if(timeout)
    curl_easy_setopt(curlhandle, CURLOPT_FTP_RESPONSE_TIMEOUT, timeout);

  curl_easy_setopt(curlhandle, CURLOPT_HEADERFUNCTION, getcontentlengthfunc);
@ -109,14 +106,15 @@ int upload(CURL *curlhandle, const char * remotepath, const char * localpath,
  curl_easy_setopt(curlhandle, CURLOPT_READFUNCTION, readfunc);
  curl_easy_setopt(curlhandle, CURLOPT_READDATA, f);

-  curl_easy_setopt(curlhandle, CURLOPT_FTPPORT, "-"); /* disable passive mode */
+  /* disable passive mode */
+  curl_easy_setopt(curlhandle, CURLOPT_FTPPORT, "-");
  curl_easy_setopt(curlhandle, CURLOPT_FTP_CREATE_MISSING_DIRS, 1L);

  curl_easy_setopt(curlhandle, CURLOPT_VERBOSE, 1L);

-  for (c = 0; (r != CURLE_OK) && (c < tries); c++) {
+  for(c = 0; (r != CURLE_OK) && (c < tries); c++) {
    /* are we resuming? */
-    if (c) { /* yes */
+    if(c) { /* yes */
      /* determine the length of the file already written */

      /*
@ -131,7 +129,7 @@ int upload(CURL *curlhandle, const char * remotepath, const char * localpath,
      curl_easy_setopt(curlhandle, CURLOPT_HEADER, 1L);

      r = curl_easy_perform(curlhandle);
-      if (r != CURLE_OK)
+      if(r != CURLE_OK)
        continue;

      curl_easy_setopt(curlhandle, CURLOPT_NOBODY, 0L);
@ -150,7 +148,7 @@ int upload(CURL *curlhandle, const char * remotepath, const char * localpath,

  fclose(f);

-  if (r == CURLE_OK)
+  if(r == CURLE_OK)
    return 1;
  else {
    fprintf(stderr, "%s\n", curl_easy_strerror(r));
@ -165,7 +163,8 @@ int main(int c, char **argv)
  curl_global_init(CURL_GLOBAL_ALL);
  curlhandle = curl_easy_init();

-  upload(curlhandle, "ftp://user:pass@example.com/path/file", "C:\\file", 0, 3);
+  upload(curlhandle, "ftp://user:pass@example.com/path/file", "C:\\file",
+         0, 3);

  curl_easy_cleanup(curlhandle);
  curl_global_cleanup();
--- a/docs/examples/getinfo.c
+++ b/docs/examples/getinfo.c
@ -5,11 +5,11 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
@ -19,6 +19,10 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
+/* <DESC>
+ * Use getinfo to get content-type after completed transfer.
+ * </DESC>
+ */
 #include <stdio.h>
 #include <curl/curl.h>

@ -27,18 +31,14 @@ int main(void)
  CURL *curl;
  CURLcode res;

-  /* http://curl.haxx.se/libcurl/c/curl_easy_init.html */
  curl = curl_easy_init();
  if(curl) {
-    /* http://curl.haxx.se/libcurl/c/curl_easy_setopt.html#CURLOPTURL */
    curl_easy_setopt(curl, CURLOPT_URL, "http://www.example.com/");
-    /* http://curl.haxx.se/libcurl/c/curl_easy_perform.html */
    res = curl_easy_perform(curl);

    if(CURLE_OK == res) {
      char *ct;
      /* ask for the content-type */
-      /* http://curl.haxx.se/libcurl/c/curl_easy_getinfo.html */
      res = curl_easy_getinfo(curl, CURLINFO_CONTENT_TYPE, &ct);

      if((CURLE_OK == res) && ct)
@ -46,7 +46,6 @@ int main(void)
    }

    /* always cleanup */
-    /* http://curl.haxx.se/libcurl/c/curl_easy_cleanup.html */
    curl_easy_cleanup(curl);
  }
  return 0;
--- a/docs/examples/getinmemory.c
+++ b/docs/examples/getinmemory.c
@ -5,11 +5,11 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
@ -19,8 +19,10 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
-/* Example source code to show how the callback function can be used to
- * download data into a chunk of memory instead of storing it in a file.
+/* <DESC>
+ * Shows how the write callback function can be used to download data into a
+ * chunk of memory instead of storing it in a file.
+ * </DESC>
 */

 #include <stdio.h>
@ -34,7 +36,6 @@ struct MemoryStruct {
  size_t size;
 };

-
 static size_t
 WriteMemoryCallback(void *contents, size_t size, size_t nmemb, void *userp)
 {
@ -55,7 +56,6 @@ WriteMemoryCallback(void *contents, size_t size, size_t nmemb, void *userp)
  return realsize;
 }

-
 int main(void)
 {
  CURL *curl_handle;
@ -106,8 +106,7 @@ int main(void)
  /* cleanup curl stuff */
  curl_easy_cleanup(curl_handle);

-  if(chunk.memory)
-    free(chunk.memory);
+  free(chunk.memory);

  /* we're done with libcurl, so clean it up */
  curl_global_cleanup();
--- a/docs/examples/getredirect.c
+++ b/docs/examples/getredirect.c
@ -0,0 +1,70 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+/* <DESC>
+ * Show how to extract Location: header and URL to redirect to.
+ * </DESC>
+ */
+#include <stdio.h>
+#include <curl/curl.h>
+
+int main(void)
+{
+  CURL *curl;
+  CURLcode res;
+  char *location;
+  long response_code;
+
+  curl = curl_easy_init();
+  if(curl) {
+    curl_easy_setopt(curl, CURLOPT_URL, "http://example.com");
+
+    /* example.com is redirected, figure out the redirection! */
+
+    /* Perform the request, res will get the return code */
+    res = curl_easy_perform(curl);
+    /* Check for errors */
+    if(res != CURLE_OK)
+      fprintf(stderr, "curl_easy_perform() failed: %s\n",
+              curl_easy_strerror(res));
+    else {
+      res = curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &response_code);
+      if((res == CURLE_OK) &&
+         ((response_code / 100) != 3)) {
+        /* a redirect implies a 3xx response code */
+        fprintf(stderr, "Not a redirect.\n");
+      }
+      else {
+        res = curl_easy_getinfo(curl, CURLINFO_REDIRECT_URL, &location);
+
+        if((res == CURLE_OK) && location) {
+          /* This is the new absolute URL that you could redirect to, even if
+           * the Location: response header may have been a relative URL. */
+          printf("Redirected to: %s\n", location);
+        }
+      }
+    }
+
+    /* always cleanup */
+    curl_easy_cleanup(curl);
+  }
+  return 0;
+}
--- a/docs/examples/ghiper.c
+++ b/docs/examples/ghiper.c
@ -5,11 +5,11 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
@ -19,38 +19,41 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
+/* <DESC>
+ * multi socket API usage together with with glib2
+ * </DESC>
+ */
 /* Example application source code using the multi socket interface to
 * download many files at once.
 *
 * Written by Jeff Pohlmeyer

-Requires glib-2.x and a (POSIX?) system that has mkfifo().
+ Requires glib-2.x and a (POSIX?) system that has mkfifo().

-This is an adaptation of libcurl's "hipev.c" and libevent's "event-test.c"
-sample programs, adapted to use glib's g_io_channel in place of libevent.
+ This is an adaptation of libcurl's "hipev.c" and libevent's "event-test.c"
+ sample programs, adapted to use glib's g_io_channel in place of libevent.

-When running, the program creates the named pipe "hiper.fifo"
+ When running, the program creates the named pipe "hiper.fifo"

-Whenever there is input into the fifo, the program reads the input as a list
-of URL's and creates some new easy handles to fetch each URL via the
-curl_multi "hiper" API.
+ Whenever there is input into the fifo, the program reads the input as a list
+ of URL's and creates some new easy handles to fetch each URL via the
+ curl_multi "hiper" API.


-Thus, you can try a single URL:
-  % echo http://www.yahoo.com > hiper.fifo
+ Thus, you can try a single URL:
+ % echo http://www.yahoo.com > hiper.fifo

-Or a whole bunch of them:
-  % cat my-url-list > hiper.fifo
+ Or a whole bunch of them:
+ % cat my-url-list > hiper.fifo

-The fifo buffer is handled almost instantly, so you can even add more URL's
-while the previous requests are still being downloaded.
+ The fifo buffer is handled almost instantly, so you can even add more URL's
+ while the previous requests are still being downloaded.

-This is purely a demo app, all retrieved data is simply discarded by the write
-callback.
+ This is purely a demo app, all retrieved data is simply discarded by the write
+ callback.

 */

-
 #include <glib.h>
 #include <sys/stat.h>
 #include <unistd.h>
@ -60,13 +63,10 @@ callback.
 #include <errno.h>
 #include <curl/curl.h>

-
 #define MSG_OUT g_print   /* Change to "g_error" to write to stderr */
 #define SHOW_VERBOSE 0    /* Set to non-zero for libcurl messages */
 #define SHOW_PROGRESS 0   /* Set to non-zero to enable progress callback */

-
-
 /* Global information, common to all connections */
 typedef struct _GlobalInfo {
  CURLM *multi;
@ -74,8 +74,6 @@ typedef struct _GlobalInfo {
  int still_running;
 } GlobalInfo;

-
-
 /* Information associated with a specific easy handle */
 typedef struct _ConnInfo {
  CURL *easy;
@ -84,7 +82,6 @@ typedef struct _ConnInfo {
  char error[CURL_ERROR_SIZE];
 } ConnInfo;

-
 /* Information associated with a specific socket */
 typedef struct _SockInfo {
  curl_socket_t sockfd;
@ -96,30 +93,25 @@ typedef struct _SockInfo {
  GlobalInfo *global;
 } SockInfo;

-
-
-
 /* Die if we get a bad CURLMcode somewhere */
 static void mcode_or_die(const char *where, CURLMcode code) {
-  if ( CURLM_OK != code ) {
+  if(CURLM_OK != code) {
    const char *s;
    switch (code) {
-      case     CURLM_BAD_HANDLE:         s="CURLM_BAD_HANDLE";         break;
-      case     CURLM_BAD_EASY_HANDLE:    s="CURLM_BAD_EASY_HANDLE";    break;
-      case     CURLM_OUT_OF_MEMORY:      s="CURLM_OUT_OF_MEMORY";      break;
-      case     CURLM_INTERNAL_ERROR:     s="CURLM_INTERNAL_ERROR";     break;
-      case     CURLM_BAD_SOCKET:         s="CURLM_BAD_SOCKET";         break;
-      case     CURLM_UNKNOWN_OPTION:     s="CURLM_UNKNOWN_OPTION";     break;
-      case     CURLM_LAST:               s="CURLM_LAST";               break;
-      default: s="CURLM_unknown";
+    case     CURLM_BAD_HANDLE:         s="CURLM_BAD_HANDLE";         break;
+    case     CURLM_BAD_EASY_HANDLE:    s="CURLM_BAD_EASY_HANDLE";    break;
+    case     CURLM_OUT_OF_MEMORY:      s="CURLM_OUT_OF_MEMORY";      break;
+    case     CURLM_INTERNAL_ERROR:     s="CURLM_INTERNAL_ERROR";     break;
+    case     CURLM_BAD_SOCKET:         s="CURLM_BAD_SOCKET";         break;
+    case     CURLM_UNKNOWN_OPTION:     s="CURLM_UNKNOWN_OPTION";     break;
+    case     CURLM_LAST:               s="CURLM_LAST";               break;
+    default: s="CURLM_unknown";
    }
    MSG_OUT("ERROR: %s returns %s\n", where, s);
    exit(code);
  }
 }

-
-
 /* Check for completed transfers, and remove their easy handles */
 static void check_multi_info(GlobalInfo *g)
 {
@ -131,8 +123,8 @@ static void check_multi_info(GlobalInfo *g)
  CURLcode res;

  MSG_OUT("REMAINING: %d\n", g->still_running);
-  while ((msg = curl_multi_info_read(g->multi, &msgs_left))) {
-    if (msg->msg == CURLMSG_DONE) {
+  while((msg = curl_multi_info_read(g->multi, &msgs_left))) {
+    if(msg->msg == CURLMSG_DONE) {
      easy = msg->easy_handle;
      res = msg->data.result;
      curl_easy_getinfo(easy, CURLINFO_PRIVATE, &conn);
@ -146,8 +138,6 @@ static void check_multi_info(GlobalInfo *g)
  }
 }

-
-
 /* Called by glib when our timeout expires */
 static gboolean timer_cb(gpointer data)
 {
@ -155,14 +145,12 @@ static gboolean timer_cb(gpointer data)
  CURLMcode rc;

  rc = curl_multi_socket_action(g->multi,
-                                  CURL_SOCKET_TIMEOUT, 0, &g->still_running);
+                                CURL_SOCKET_TIMEOUT, 0, &g->still_running);
  mcode_or_die("timer_cb: curl_multi_socket_action", rc);
  check_multi_info(g);
  return FALSE;
 }

-
-
 /* Update the event timer after curl_multi library calls */
 static int update_timeout_cb(CURLM *multi, long timeout_ms, void *userp)
 {
@ -172,15 +160,12 @@ static int update_timeout_cb(CURLM *multi, long timeout_ms, void *userp)
  timeout.tv_usec = (timeout_ms%1000)*1000;

  MSG_OUT("*** update_timeout_cb %ld => %ld:%ld ***\n",
-              timeout_ms, timeout.tv_sec, timeout.tv_usec);
+          timeout_ms, timeout.tv_sec, timeout.tv_usec);

  g->timer_event = g_timeout_add(timeout_ms, timer_cb, g);
  return 0;
 }

-
-
-
 /* Called by glib when we get action on a multi socket */
 static gboolean event_cb(GIOChannel *ch, GIOCondition condition, gpointer data)
 {
@ -198,41 +183,43 @@ static gboolean event_cb(GIOChannel *ch, GIOCondition condition, gpointer data)
  check_multi_info(g);
  if(g->still_running) {
    return TRUE;
-  } else {
+  }
+  else {
    MSG_OUT("last transfer done, kill timeout\n");
-    if (g->timer_event) { g_source_remove(g->timer_event); }
+    if(g->timer_event) {
+      g_source_remove(g->timer_event);
+    }
    return FALSE;
  }
 }

-
-
 /* Clean up the SockInfo structure */
 static void remsock(SockInfo *f)
 {
-  if (!f) { return; }
-  if (f->ev) { g_source_remove(f->ev); }
+  if(!f) {
+    return;
+  }
+  if(f->ev) {
+    g_source_remove(f->ev);
+  }
  g_free(f);
 }

-
-
 /* Assign information to a SockInfo structure */
 static void setsock(SockInfo*f, curl_socket_t s, CURL*e, int act, GlobalInfo*g)
 {
  GIOCondition kind =
-     (act&CURL_POLL_IN?G_IO_IN:0)|(act&CURL_POLL_OUT?G_IO_OUT:0);
+    (act&CURL_POLL_IN?G_IO_IN:0)|(act&CURL_POLL_OUT?G_IO_OUT:0);

  f->sockfd = s;
  f->action = act;
  f->easy = e;
-  if (f->ev) { g_source_remove(f->ev); }
-  f->ev=g_io_add_watch(f->ch, kind, event_cb,g);
-
+  if(f->ev) {
+    g_source_remove(f->ev);
+  }
+  f->ev=g_io_add_watch(f->ch, kind, event_cb, g);
 }

-
-
 /* Initialize a new SockInfo structure */
 static void addsock(curl_socket_t s, CURL *easy, int action, GlobalInfo *g)
 {
@ -244,8 +231,6 @@ static void addsock(curl_socket_t s, CURL *easy, int action, GlobalInfo *g)
  curl_multi_assign(g->multi, s, fdp);
 }

-
-
 /* CURLMOPT_SOCKETFUNCTION */
 static int sock_cb(CURL *e, curl_socket_t s, int what, void *cbp, void *sockp)
 {
@ -254,14 +239,15 @@ static int sock_cb(CURL *e, curl_socket_t s, int what, void *cbp, void *sockp)
  static const char *whatstr[]={ "none", "IN", "OUT", "INOUT", "REMOVE" };

  MSG_OUT("socket callback: s=%d e=%p what=%s ", s, e, whatstr[what]);
-  if (what == CURL_POLL_REMOVE) {
+  if(what == CURL_POLL_REMOVE) {
    MSG_OUT("\n");
    remsock(fdp);
-  } else {
-    if (!fdp) {
+  }
+  else {
+    if(!fdp) {
      MSG_OUT("Adding data: %s%s\n",
-             what&CURL_POLL_IN?"READ":"",
-             what&CURL_POLL_OUT?"WRITE":"" );
+              what&CURL_POLL_IN?"READ":"",
+              what&CURL_POLL_OUT?"WRITE":"" );
      addsock(s, e, what, g);
    }
    else {
@ -273,8 +259,6 @@ static int sock_cb(CURL *e, curl_socket_t s, int what, void *cbp, void *sockp)
  return 0;
 }

-
-
 /* CURLOPT_WRITEFUNCTION */
 static size_t write_cb(void *ptr, size_t size, size_t nmemb, void *data)
 {
@ -285,18 +269,15 @@ static size_t write_cb(void *ptr, size_t size, size_t nmemb, void *data)
  return realsize;
 }

-
-
 /* CURLOPT_PROGRESSFUNCTION */
-static int prog_cb (void *p, double dltotal, double dlnow, double ult, double uln)
+static int prog_cb (void *p, double dltotal, double dlnow, double ult,
+                    double uln)
 {
  ConnInfo *conn = (ConnInfo *)p;
  MSG_OUT("Progress: %s (%g/%g)\n", conn->url, dlnow, dltotal);
  return 0;
 }

-
-
 /* Create a new easy handle, and add it to the global curl_multi */
 static void new_conn(char *url, GlobalInfo *g )
 {
@ -304,11 +285,9 @@ static void new_conn(char *url, GlobalInfo *g )
  CURLMcode rc;

  conn = g_malloc0(sizeof(ConnInfo));
-
  conn->error[0]='\0';
-
  conn->easy = curl_easy_init();
-  if (!conn->easy) {
+  if(!conn->easy) {
    MSG_OUT("curl_easy_init() failed, exiting!\n");
    exit(2);
  }
@ -336,93 +315,90 @@ static void new_conn(char *url, GlobalInfo *g )
     that the necessary socket_action() call will be called by this app */
 }

-
 /* This gets called by glib whenever data is received from the fifo */
 static gboolean fifo_cb (GIOChannel *ch, GIOCondition condition, gpointer data)
 {
-  #define BUF_SIZE 1024
+#define BUF_SIZE 1024
  gsize len, tp;
  gchar *buf, *tmp, *all=NULL;
  GIOStatus rv;

  do {
    GError *err=NULL;
-    rv = g_io_channel_read_line (ch,&buf,&len,&tp,&err);
-    if ( buf ) {
-      if (tp) { buf[tp]='\0'; }
-      new_conn(buf,(GlobalInfo*)data);
+    rv = g_io_channel_read_line(ch, &buf, &len, &tp, &err);
+    if(buf) {
+      if(tp) {
+        buf[tp]='\0';
+      }
+      new_conn(buf, (GlobalInfo*)data);
      g_free(buf);
-    } else {
+    }
+    else {
      buf = g_malloc(BUF_SIZE+1);
-      while (TRUE) {
+      while(TRUE) {
        buf[BUF_SIZE]='\0';
-        g_io_channel_read_chars(ch,buf,BUF_SIZE,&len,&err);
-        if (len) {
+        g_io_channel_read_chars(ch, buf, BUF_SIZE, &len, &err);
+        if(len) {
          buf[len]='\0';
-          if (all) {
+          if(all) {
            tmp=all;
            all=g_strdup_printf("%s%s", tmp, buf);
            g_free(tmp);
-          } else {
+          }
+          else {
            all = g_strdup(buf);
          }
-        } else {
-           break;
+        }
+        else {
+          break;
        }
      }
-      if (all) {
-        new_conn(all,(GlobalInfo*)data);
+      if(all) {
+        new_conn(all, (GlobalInfo*)data);
        g_free(all);
      }
      g_free(buf);
    }
-    if ( err ) {
+    if(err) {
      g_error("fifo_cb: %s", err->message);
      g_free(err);
      break;
    }
-  } while ( (len) && (rv == G_IO_STATUS_NORMAL) );
+  } while((len) && (rv == G_IO_STATUS_NORMAL));
  return TRUE;
 }

-
-
-
 int init_fifo(void)
 {
- struct stat st;
- const char *fifo = "hiper.fifo";
- int socket;
+  struct stat st;
+  const char *fifo = "hiper.fifo";
+  int socket;

- if (lstat (fifo, &st) == 0) {
-  if ((st.st_mode & S_IFMT) == S_IFREG) {
-   errno = EEXIST;
-   perror("lstat");
-   exit (1);
+  if(lstat (fifo, &st) == 0) {
+    if((st.st_mode & S_IFMT) == S_IFREG) {
+      errno = EEXIST;
+      perror("lstat");
+      exit (1);
+    }
  }
- }

- unlink (fifo);
- if (mkfifo (fifo, 0600) == -1) {
-  perror("mkfifo");
-  exit (1);
- }
+  unlink (fifo);
+  if(mkfifo (fifo, 0600) == -1) {
+    perror("mkfifo");
+    exit (1);
+  }

- socket = open (fifo, O_RDWR | O_NONBLOCK, 0);
+  socket = open (fifo, O_RDWR | O_NONBLOCK, 0);

- if (socket == -1) {
-  perror("open");
-  exit (1);
- }
- MSG_OUT("Now, pipe some URL's into > %s\n", fifo);
-
- return socket;
+  if(socket == -1) {
+    perror("open");
+    exit (1);
+  }
+  MSG_OUT("Now, pipe some URL's into > %s\n", fifo);

+  return socket;
 }

-
-
-
 int main(int argc, char **argv)
 {
  GlobalInfo *g;
@ -434,8 +410,8 @@ int main(int argc, char **argv)

  fd=init_fifo();
  ch=g_io_channel_unix_new(fd);
-  g_io_add_watch(ch,G_IO_IN,fifo_cb,g);
-  gmain=g_main_loop_new(NULL,FALSE);
+  g_io_add_watch(ch, G_IO_IN, fifo_cb, g);
+  gmain=g_main_loop_new(NULL, FALSE);
  g->multi = curl_multi_init();
  curl_multi_setopt(g->multi, CURLMOPT_SOCKETFUNCTION, sock_cb);
  curl_multi_setopt(g->multi, CURLMOPT_SOCKETDATA, g);
--- a/docs/examples/hiperfifo.c
+++ b/docs/examples/hiperfifo.c
@ -5,11 +5,11 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
@ -19,6 +19,10 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
+/* <DESC>
+ * multi socket API usage with libevent 2
+ * </DESC>
+ */
 /* Example application source code using the multi socket interface to
   download many files at once.

@ -122,7 +126,7 @@ static int multi_timer_cb(CURLM *multi, long timeout_ms, GlobalInfo *g)
 /* Die if we get a bad CURLMcode somewhere */
 static void mcode_or_die(const char *where, CURLMcode code)
 {
-  if ( CURLM_OK != code ) {
+  if(CURLM_OK != code) {
    const char *s;
    switch (code) {
      case     CURLM_BAD_HANDLE:         s="CURLM_BAD_HANDLE";         break;
@ -156,8 +160,8 @@ static void check_multi_info(GlobalInfo *g)
  CURLcode res;

  fprintf(MSG_OUT, "REMAINING: %d\n", g->still_running);
-  while ((msg = curl_multi_info_read(g->multi, &msgs_left))) {
-    if (msg->msg == CURLMSG_DONE) {
+  while((msg = curl_multi_info_read(g->multi, &msgs_left))) {
+    if(msg->msg == CURLMSG_DONE) {
      easy = msg->easy_handle;
      res = msg->data.result;
      curl_easy_getinfo(easy, CURLINFO_PRIVATE, &conn);
@ -187,9 +191,9 @@ static void event_cb(int fd, short kind, void *userp)
  mcode_or_die("event_cb: curl_multi_socket_action", rc);

  check_multi_info(g);
-  if ( g->still_running <= 0 ) {
+  if(g->still_running <= 0 ) {
    fprintf(MSG_OUT, "last transfer done, kill timeout\n");
-    if (evtimer_pending(g->timer_event, NULL)) {
+    if(evtimer_pending(g->timer_event, NULL)) {
      evtimer_del(g->timer_event);
    }
  }
@ -216,8 +220,8 @@ static void timer_cb(int fd, short kind, void *userp)
 /* Clean up the SockInfo structure */
 static void remsock(SockInfo *f)
 {
-  if (f) {
-    if (f->evset)
+  if(f) {
+    if(f->evset)
      event_free(f->ev);
    free(f);
  }
@ -234,7 +238,7 @@ static void setsock(SockInfo*f, curl_socket_t s, CURL*e, int act, GlobalInfo*g)
  f->sockfd = s;
  f->action = act;
  f->easy = e;
-  if (f->evset)
+  if(f->evset)
    event_free(f->ev);
  f->ev = event_new(g->evbase, f->sockfd, kind, event_cb, g);
  f->evset = 1;
@ -262,12 +266,12 @@ static int sock_cb(CURL *e, curl_socket_t s, int what, void *cbp, void *sockp)

  fprintf(MSG_OUT,
          "socket callback: s=%d e=%p what=%s ", s, e, whatstr[what]);
-  if (what == CURL_POLL_REMOVE) {
+  if(what == CURL_POLL_REMOVE) {
    fprintf(MSG_OUT, "\n");
    remsock(fdp);
  }
  else {
-    if (!fdp) {
+    if(!fdp) {
      fprintf(MSG_OUT, "Adding data: %s\n", whatstr[what]);
      addsock(s, e, what, g);
    }
@ -318,7 +322,7 @@ static void new_conn(char *url, GlobalInfo *g )
  conn->error[0]='\0';

  conn->easy = curl_easy_init();
-  if (!conn->easy) {
+  if(!conn->easy) {
    fprintf(MSG_OUT, "curl_easy_init() failed, exiting!\n");
    exit(2);
  }
@ -326,7 +330,7 @@ static void new_conn(char *url, GlobalInfo *g )
  conn->url = strdup(url);
  curl_easy_setopt(conn->easy, CURLOPT_URL, conn->url);
  curl_easy_setopt(conn->easy, CURLOPT_WRITEFUNCTION, write_cb);
-  curl_easy_setopt(conn->easy, CURLOPT_WRITEDATA, &conn);
+  curl_easy_setopt(conn->easy, CURLOPT_WRITEDATA, conn);
  curl_easy_setopt(conn->easy, CURLOPT_VERBOSE, 1L);
  curl_easy_setopt(conn->easy, CURLOPT_ERRORBUFFER, conn->error);
  curl_easy_setopt(conn->easy, CURLOPT_PRIVATE, conn);
@ -356,10 +360,12 @@ static void fifo_cb(int fd, short event, void *arg)
    s[0]='\0';
    rv=fscanf(g->input, "%1023s%n", s, &n);
    s[n]='\0';
-    if ( n && s[0] ) {
-      new_conn(s,arg);  /* if we read a URL, go get it! */
-    } else break;
-  } while ( rv != EOF);
+    if(n && s[0] ) {
+      new_conn(s, arg);  /* if we read a URL, go get it! */
+    }
+    else
+      break;
+  } while(rv != EOF);
 }

 /* Create a named pipe and tell libevent to monitor it */
@ -370,20 +376,20 @@ static int init_fifo (GlobalInfo *g)
  curl_socket_t sockfd;

  fprintf(MSG_OUT, "Creating named pipe \"%s\"\n", fifo);
-  if (lstat (fifo, &st) == 0) {
-    if ((st.st_mode & S_IFMT) == S_IFREG) {
+  if(lstat (fifo, &st) == 0) {
+    if((st.st_mode & S_IFMT) == S_IFREG) {
      errno = EEXIST;
      perror("lstat");
      exit (1);
    }
  }
  unlink(fifo);
-  if (mkfifo (fifo, 0600) == -1) {
+  if(mkfifo (fifo, 0600) == -1) {
    perror("mkfifo");
    exit (1);
  }
  sockfd = open(fifo, O_RDWR | O_NONBLOCK, 0);
-  if (sockfd == -1) {
+  if(sockfd == -1) {
    perror("open");
    exit (1);
  }
--- a/docs/examples/href_extractor.c
+++ b/docs/examples/href_extractor.c
@ -5,11 +5,11 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2012 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
@ -20,13 +20,13 @@
 *
 ***************************************************************************/

+/* <DESC>
+ * Uses the "Streaming HTML parser" to extract the href pieces in a streaming
+ * manner from a downloaded HTML.
+ * </DESC>
+ */
 /*
- * This example uses the "Streaming HTML parser" to extract the href pieces in
- * a streaming manner from a downloaded HTML. Kindly donated by Michał
- * Kowalczyk.
- *
- * The parser is found at
- * http://code.google.com/p/htmlstreamparser/
+ * The HTML parser is found at http://code.google.com/p/htmlstreamparser/
 */

 #include <stdio.h>
@ -38,11 +38,11 @@ static size_t write_callback(void *buffer, size_t size, size_t nmemb,
                             void *hsp)
 {
  size_t realsize = size * nmemb, p;
-  for (p = 0; p < realsize; p++) {
+  for(p = 0; p < realsize; p++) {
    html_parser_char_parse(hsp, ((char *)buffer)[p]);
-    if (html_parser_cmp_tag(hsp, "a", 1))
-      if (html_parser_cmp_attr(hsp, "href", 4))
-        if (html_parser_is_in(hsp, HTML_VALUE_ENDED)) {
+    if(html_parser_cmp_tag(hsp, "a", 1))
+      if(html_parser_cmp_attr(hsp, "href", 4))
+        if(html_parser_is_in(hsp, HTML_VALUE_ENDED)) {
          html_parser_val(hsp)[html_parser_val_length(hsp)] = '\0';
          printf("%s\n", html_parser_val(hsp));
        }
@ -56,7 +56,7 @@ int main(int argc, char *argv[])
  CURL *curl;
  HTMLSTREAMPARSER *hsp;

-  if (argc != 2) {
+  if(argc != 2) {
    printf("Usage: %s URL\n", argv[0]);
    return EXIT_FAILURE;
  }
--- a/docs/examples/htmltidy.c
+++ b/docs/examples/htmltidy.c
@ -5,11 +5,11 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
@ -19,13 +19,12 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
-/* Download a document and use libtidy to parse the HTML.
- * Written by Jeff Pohlmeyer
- *
+/* <DESC>
+ * Download a document and use libtidy to parse the HTML.
+ * </DESC>
+ */
+/*
 * LibTidy => http://tidy.sourceforge.net
- *
- * gcc -Wall -I/usr/local/include tidycurl.c -lcurl -ltidy -o tidycurl
- *
 */

 #include <stdio.h>
@ -39,23 +38,21 @@ uint write_cb(char *in, uint size, uint nmemb, TidyBuffer *out)
  uint r;
  r = size * nmemb;
  tidyBufAppend( out, in, r );
-  return(r);
+  return r;
 }

 /* Traverse the document tree */
 void dumpNode(TidyDoc doc, TidyNode tnod, int indent )
 {
  TidyNode child;
-  for ( child = tidyGetChild(tnod); child; child = tidyGetNext(child) )
-  {
+  for(child = tidyGetChild(tnod); child; child = tidyGetNext(child) ) {
    ctmbstr name = tidyNodeGetName( child );
-    if ( name )
-    {
+    if(name) {
      /* if it has a name, then it's an HTML tag ... */
      TidyAttr attr;
      printf( "%*.*s%s ", indent, indent, "<", name);
      /* walk the attribute list */
-      for ( attr=tidyAttrFirst(child); attr; attr=tidyAttrNext(attr) ) {
+      for(attr=tidyAttrFirst(child); attr; attr=tidyAttrNext(attr) ) {
        printf(tidyAttrName(attr));
        tidyAttrValue(attr)?printf("=\"%s\" ",
                                   tidyAttrValue(attr)):printf(" ");
@ -83,7 +80,7 @@ int main(int argc, char **argv )
  TidyBuffer docbuf = {0};
  TidyBuffer tidy_errbuf = {0};
  int err;
-  if ( argc == 2) {
+  if(argc == 2) {
    curl = curl_easy_init();
    curl_easy_setopt(curl, CURLOPT_URL, argv[1]);
    curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, curl_errbuf);
@ -99,13 +96,13 @@ int main(int argc, char **argv )

    curl_easy_setopt(curl, CURLOPT_WRITEDATA, &docbuf);
    err=curl_easy_perform(curl);
-    if ( !err ) {
+    if(!err) {
      err = tidyParseBuffer(tdoc, &docbuf); /* parse the input */
-      if ( err >= 0 ) {
+      if(err >= 0) {
        err = tidyCleanAndRepair(tdoc); /* fix any problems */
-        if ( err >= 0 ) {
+        if(err >= 0) {
          err = tidyRunDiagnostics(tdoc); /* load tidy error buffer */
-          if ( err >= 0 ) {
+          if(err >= 0) {
            dumpNode( tdoc, tidyGetRoot(tdoc), 0 ); /* walk the tree */
            fprintf(stderr, "%s\n", tidy_errbuf.bp); /* show errors */
          }
@ -120,11 +117,11 @@ int main(int argc, char **argv )
    tidyBufFree(&docbuf);
    tidyBufFree(&tidy_errbuf);
    tidyRelease(tdoc);
-    return(err);
+    return err;

  }
  else
    printf( "usage: %s <url>\n", argv[0] );

-  return(0);
+  return 0;
 }
--- a/docs/examples/htmltitle.cpp
+++ b/docs/examples/htmltitle.cpp
@ -5,11 +5,11 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
@ -19,8 +19,10 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
-// Get a web page, parse it with libxml.
-//
+/* <DESC>
+ * Get a web page, extract the title with libxml.
+ * </DESC>
+ */
 // Written by Lars Nilsson
 //
 // GNU C++ compile command line suggestion (edit paths accordingly):
@ -40,7 +42,7 @@
 //

 #ifdef _MSC_VER
-#define COMPARE(a, b) (!stricmp((a), (b)))
+#define COMPARE(a, b) (!_stricmp((a), (b)))
 #else
 #define COMPARE(a, b) (!strcasecmp((a), (b)))
 #endif
--- a/docs/examples/http-post.c
+++ b/docs/examples/http-post.c
@ -5,11 +5,11 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
@ -19,6 +19,10 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
+/* <DESC>
+ * simple HTTP POST using the easy interface
+ * </DESC>
+ */
 #include <stdio.h>
 #include <curl/curl.h>

--- a/docs/examples/http2-download.c
+++ b/docs/examples/http2-download.c
@ -0,0 +1,292 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+/* <DESC>
+ * Multiplexed HTTP/2 downloads over a single connection
+ * </DESC>
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+/* somewhat unix-specific */
+#include <sys/time.h>
+#include <unistd.h>
+
+/* curl stuff */
+#include <curl/curl.h>
+
+#ifndef CURLPIPE_MULTIPLEX
+/* This little trick will just make sure that we don't enable pipelining for
+   libcurls old enough to not have this symbol. It is _not_ defined to zero in
+   a recent libcurl header. */
+#define CURLPIPE_MULTIPLEX 0
+#endif
+
+#define NUM_HANDLES 1000
+
+void *curl_hnd[NUM_HANDLES];
+int num_transfers;
+
+/* a handle to number lookup, highly ineffective when we do many
+   transfers... */
+static int hnd2num(CURL *hnd)
+{
+  int i;
+  for(i=0; i< num_transfers; i++) {
+    if(curl_hnd[i] == hnd)
+      return i;
+  }
+  return 0; /* weird, but just a fail-safe */
+}
+
+static
+void dump(const char *text, int num, unsigned char *ptr, size_t size,
+          char nohex)
+{
+  size_t i;
+  size_t c;
+
+  unsigned int width=0x10;
+
+  if(nohex)
+    /* without the hex output, we can fit more on screen */
+    width = 0x40;
+
+  fprintf(stderr, "%d %s, %ld bytes (0x%lx)\n",
+          num, text, (long)size, (long)size);
+
+  for(i=0; i<size; i+= width) {
+
+    fprintf(stderr, "%4.4lx: ", (long)i);
+
+    if(!nohex) {
+      /* hex not disabled, show it */
+      for(c = 0; c < width; c++)
+        if(i+c < size)
+          fprintf(stderr, "%02x ", ptr[i+c]);
+        else
+          fputs("   ", stderr);
+    }
+
+    for(c = 0; (c < width) && (i+c < size); c++) {
+      /* check for 0D0A; if found, skip past and start a new line of output */
+      if(nohex && (i+c+1 < size) && ptr[i+c]==0x0D && ptr[i+c+1]==0x0A) {
+        i+=(c+2-width);
+        break;
+      }
+      fprintf(stderr, "%c",
+              (ptr[i+c]>=0x20) && (ptr[i+c]<0x80)?ptr[i+c]:'.');
+      /* check again for 0D0A, to avoid an extra \n if it's at width */
+      if(nohex && (i+c+2 < size) && ptr[i+c+1]==0x0D && ptr[i+c+2]==0x0A) {
+        i+=(c+3-width);
+        break;
+      }
+    }
+    fputc('\n', stderr); /* newline */
+  }
+}
+
+static
+int my_trace(CURL *handle, curl_infotype type,
+             char *data, size_t size,
+             void *userp)
+{
+  const char *text;
+  int num = hnd2num(handle);
+  (void)handle; /* prevent compiler warning */
+  (void)userp;
+  switch (type) {
+  case CURLINFO_TEXT:
+    fprintf(stderr, "== %d Info: %s", num, data);
+  default: /* in case a new one is introduced to shock us */
+    return 0;
+
+  case CURLINFO_HEADER_OUT:
+    text = "=> Send header";
+    break;
+  case CURLINFO_DATA_OUT:
+    text = "=> Send data";
+    break;
+  case CURLINFO_SSL_DATA_OUT:
+    text = "=> Send SSL data";
+    break;
+  case CURLINFO_HEADER_IN:
+    text = "<= Recv header";
+    break;
+  case CURLINFO_DATA_IN:
+    text = "<= Recv data";
+    break;
+  case CURLINFO_SSL_DATA_IN:
+    text = "<= Recv SSL data";
+    break;
+  }
+
+  dump(text, num, (unsigned char *)data, size, 1);
+  return 0;
+}
+
+static void setup(CURL *hnd, int num)
+{
+  FILE *out;
+  char filename[128];
+
+  snprintf(filename, 128, "dl-%d", num);
+
+  out = fopen(filename, "wb");
+
+  /* write to this file */
+  curl_easy_setopt(hnd, CURLOPT_WRITEDATA, out);
+
+  /* set the same URL */
+  curl_easy_setopt(hnd, CURLOPT_URL, "https://localhost:8443/index.html");
+
+  /* send it verbose for max debuggaility */
+  curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L);
+  curl_easy_setopt(hnd, CURLOPT_DEBUGFUNCTION, my_trace);
+
+  /* HTTP/2 please */
+  curl_easy_setopt(hnd, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_2_0);
+
+  /* we use a self-signed test server, skip verification during debugging */
+  curl_easy_setopt(hnd, CURLOPT_SSL_VERIFYPEER, 0L);
+  curl_easy_setopt(hnd, CURLOPT_SSL_VERIFYHOST, 0L);
+
+#if (CURLPIPE_MULTIPLEX > 0)
+  /* wait for pipe connection to confirm */
+  curl_easy_setopt(hnd, CURLOPT_PIPEWAIT, 1L);
+#endif
+
+  curl_hnd[num] = hnd;
+}
+
+/*
+ * Simply download two files over HTTP/2, using the same physical connection!
+ */
+int main(int argc, char **argv)
+{
+  CURL *easy[NUM_HANDLES];
+  CURLM *multi_handle;
+  int i;
+  int still_running; /* keep number of running handles */
+
+  if(argc > 1)
+    /* if given a number, do that many transfers */
+    num_transfers = atoi(argv[1]);
+
+  if(!num_transfers || (num_transfers > NUM_HANDLES))
+    num_transfers = 3; /* a suitable low default */
+
+  /* init a multi stack */
+  multi_handle = curl_multi_init();
+
+  for(i=0; i<num_transfers; i++) {
+    easy[i] = curl_easy_init();
+    /* set options */
+    setup(easy[i], i);
+
+    /* add the individual transfer */
+    curl_multi_add_handle(multi_handle, easy[i]);
+  }
+
+  curl_multi_setopt(multi_handle, CURLMOPT_PIPELINING, CURLPIPE_MULTIPLEX);
+
+  /* we start some action by calling perform right away */
+  curl_multi_perform(multi_handle, &still_running);
+
+  do {
+    struct timeval timeout;
+    int rc; /* select() return code */
+    CURLMcode mc; /* curl_multi_fdset() return code */
+
+    fd_set fdread;
+    fd_set fdwrite;
+    fd_set fdexcep;
+    int maxfd = -1;
+
+    long curl_timeo = -1;
+
+    FD_ZERO(&fdread);
+    FD_ZERO(&fdwrite);
+    FD_ZERO(&fdexcep);
+
+    /* set a suitable timeout to play around with */
+    timeout.tv_sec = 1;
+    timeout.tv_usec = 0;
+
+    curl_multi_timeout(multi_handle, &curl_timeo);
+    if(curl_timeo >= 0) {
+      timeout.tv_sec = curl_timeo / 1000;
+      if(timeout.tv_sec > 1)
+        timeout.tv_sec = 1;
+      else
+        timeout.tv_usec = (curl_timeo % 1000) * 1000;
+    }
+
+    /* get file descriptors from the transfers */
+    mc = curl_multi_fdset(multi_handle, &fdread, &fdwrite, &fdexcep, &maxfd);
+
+    if(mc != CURLM_OK) {
+      fprintf(stderr, "curl_multi_fdset() failed, code %d.\n", mc);
+      break;
+    }
+
+    /* On success the value of maxfd is guaranteed to be >= -1. We call
+       select(maxfd + 1, ...); specially in case of (maxfd == -1) there are
+       no fds ready yet so we call select(0, ...) --or Sleep() on Windows--
+       to sleep 100ms, which is the minimum suggested value in the
+       curl_multi_fdset() doc. */
+
+    if(maxfd == -1) {
+#ifdef _WIN32
+      Sleep(100);
+      rc = 0;
+#else
+      /* Portable sleep for platforms other than Windows. */
+      struct timeval wait = { 0, 100 * 1000 }; /* 100ms */
+      rc = select(0, NULL, NULL, NULL, &wait);
+#endif
+    }
+    else {
+      /* Note that on some platforms 'timeout' may be modified by select().
+         If you need access to the original value save a copy beforehand. */
+      rc = select(maxfd+1, &fdread, &fdwrite, &fdexcep, &timeout);
+    }
+
+    switch(rc) {
+    case -1:
+      /* select error */
+      break;
+    case 0:
+    default:
+      /* timeout or readable/writable sockets */
+      curl_multi_perform(multi_handle, &still_running);
+      break;
+    }
+  } while(still_running);
+
+  curl_multi_cleanup(multi_handle);
+
+  for(i=0; i<num_transfers; i++)
+    curl_easy_cleanup(easy[i]);
+
+  return 0;
+}
--- a/docs/examples/http2-serverpush.c
+++ b/docs/examples/http2-serverpush.c
@ -0,0 +1,320 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+/* <DESC>
+ * HTTP/2 server push
+ * </DESC>
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+/* somewhat unix-specific */
+#include <sys/time.h>
+#include <unistd.h>
+
+/* curl stuff */
+#include <curl/curl.h>
+
+#ifndef CURLPIPE_MULTIPLEX
+#error "too old libcurl, can't do HTTP/2 server push!"
+#endif
+
+static
+void dump(const char *text, unsigned char *ptr, size_t size,
+          char nohex)
+{
+  size_t i;
+  size_t c;
+
+  unsigned int width=0x10;
+
+  if(nohex)
+    /* without the hex output, we can fit more on screen */
+    width = 0x40;
+
+  fprintf(stderr, "%s, %ld bytes (0x%lx)\n",
+          text, (long)size, (long)size);
+
+  for(i=0; i<size; i+= width) {
+
+    fprintf(stderr, "%4.4lx: ", (long)i);
+
+    if(!nohex) {
+      /* hex not disabled, show it */
+      for(c = 0; c < width; c++)
+        if(i+c < size)
+          fprintf(stderr, "%02x ", ptr[i+c]);
+        else
+          fputs("   ", stderr);
+    }
+
+    for(c = 0; (c < width) && (i+c < size); c++) {
+      /* check for 0D0A; if found, skip past and start a new line of output */
+      if(nohex && (i+c+1 < size) && ptr[i+c]==0x0D && ptr[i+c+1]==0x0A) {
+        i+=(c+2-width);
+        break;
+      }
+      fprintf(stderr, "%c",
+              (ptr[i+c]>=0x20) && (ptr[i+c]<0x80)?ptr[i+c]:'.');
+      /* check again for 0D0A, to avoid an extra \n if it's at width */
+      if(nohex && (i+c+2 < size) && ptr[i+c+1]==0x0D && ptr[i+c+2]==0x0A) {
+        i+=(c+3-width);
+        break;
+      }
+    }
+    fputc('\n', stderr); /* newline */
+  }
+}
+
+static
+int my_trace(CURL *handle, curl_infotype type,
+             char *data, size_t size,
+             void *userp)
+{
+  const char *text;
+  (void)handle; /* prevent compiler warning */
+  (void)userp;
+  switch (type) {
+  case CURLINFO_TEXT:
+    fprintf(stderr, "== Info: %s", data);
+  default: /* in case a new one is introduced to shock us */
+    return 0;
+
+  case CURLINFO_HEADER_OUT:
+    text = "=> Send header";
+    break;
+  case CURLINFO_DATA_OUT:
+    text = "=> Send data";
+    break;
+  case CURLINFO_SSL_DATA_OUT:
+    text = "=> Send SSL data";
+    break;
+  case CURLINFO_HEADER_IN:
+    text = "<= Recv header";
+    break;
+  case CURLINFO_DATA_IN:
+    text = "<= Recv data";
+    break;
+  case CURLINFO_SSL_DATA_IN:
+    text = "<= Recv SSL data";
+    break;
+  }
+
+  dump(text, (unsigned char *)data, size, 1);
+  return 0;
+}
+
+#define OUTPUTFILE "dl"
+
+static void setup(CURL *hnd)
+{
+  FILE *out = fopen(OUTPUTFILE, "wb");
+
+  /* write to this file */
+  curl_easy_setopt(hnd, CURLOPT_WRITEDATA, out);
+
+  /* set the same URL */
+  curl_easy_setopt(hnd, CURLOPT_URL, "https://localhost:8443/index.html");
+
+  /* send it verbose for max debuggaility */
+  curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L);
+  curl_easy_setopt(hnd, CURLOPT_DEBUGFUNCTION, my_trace);
+
+  /* HTTP/2 please */
+  curl_easy_setopt(hnd, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_2_0);
+
+  /* we use a self-signed test server, skip verification during debugging */
+  curl_easy_setopt(hnd, CURLOPT_SSL_VERIFYPEER, 0L);
+  curl_easy_setopt(hnd, CURLOPT_SSL_VERIFYHOST, 0L);
+
+#if (CURLPIPE_MULTIPLEX > 0)
+  /* wait for pipe connection to confirm */
+  curl_easy_setopt(hnd, CURLOPT_PIPEWAIT, 1L);
+#endif
+
+}
+
+/* called when there's an incoming push */
+static int server_push_callback(CURL *parent,
+                                CURL *easy,
+                                size_t num_headers,
+                                struct curl_pushheaders *headers,
+                                void *userp)
+{
+  char *headp;
+  size_t i;
+  int *transfers = (int *)userp;
+  char filename[128];
+  FILE *out;
+  static unsigned int count = 0;
+
+  (void)parent; /* we have no use for this */
+
+  snprintf(filename, 128, "push%u", count++);
+
+  /* here's a new stream, save it in a new file for each new push */
+  out = fopen(filename, "wb");
+
+  /* write to this file */
+  curl_easy_setopt(easy, CURLOPT_WRITEDATA, out);
+
+  fprintf(stderr, "**** push callback approves stream %u, got %d headers!\n",
+          count, (int)num_headers);
+
+  for(i=0; i<num_headers; i++) {
+    headp = curl_pushheader_bynum(headers, i);
+    fprintf(stderr, "**** header %u: %s\n", (int)i, headp);
+  }
+
+  headp = curl_pushheader_byname(headers, ":path");
+  if(headp) {
+    fprintf(stderr, "**** The PATH is %s\n", headp /* skip :path + colon */ );
+  }
+
+  (*transfers)++; /* one more */
+  return CURL_PUSH_OK;
+}
+
+
+/*
+ * Download a file over HTTP/2, take care of server push.
+ */
+int main(void)
+{
+  CURL *easy;
+  CURLM *multi_handle;
+  int still_running; /* keep number of running handles */
+  int transfers=1; /* we start with one */
+  struct CURLMsg *m;
+
+  /* init a multi stack */
+  multi_handle = curl_multi_init();
+
+  easy = curl_easy_init();
+
+  /* set options */
+  setup(easy);
+
+  /* add the easy transfer */
+  curl_multi_add_handle(multi_handle, easy);
+
+  curl_multi_setopt(multi_handle, CURLMOPT_PIPELINING, CURLPIPE_MULTIPLEX);
+  curl_multi_setopt(multi_handle, CURLMOPT_PUSHFUNCTION, server_push_callback);
+  curl_multi_setopt(multi_handle, CURLMOPT_PUSHDATA, &transfers);
+
+  /* we start some action by calling perform right away */
+  curl_multi_perform(multi_handle, &still_running);
+
+  do {
+    struct timeval timeout;
+    int rc; /* select() return code */
+    CURLMcode mc; /* curl_multi_fdset() return code */
+
+    fd_set fdread;
+    fd_set fdwrite;
+    fd_set fdexcep;
+    int maxfd = -1;
+
+    long curl_timeo = -1;
+
+    FD_ZERO(&fdread);
+    FD_ZERO(&fdwrite);
+    FD_ZERO(&fdexcep);
+
+    /* set a suitable timeout to play around with */
+    timeout.tv_sec = 1;
+    timeout.tv_usec = 0;
+
+    curl_multi_timeout(multi_handle, &curl_timeo);
+    if(curl_timeo >= 0) {
+      timeout.tv_sec = curl_timeo / 1000;
+      if(timeout.tv_sec > 1)
+        timeout.tv_sec = 1;
+      else
+        timeout.tv_usec = (curl_timeo % 1000) * 1000;
+    }
+
+    /* get file descriptors from the transfers */
+    mc = curl_multi_fdset(multi_handle, &fdread, &fdwrite, &fdexcep, &maxfd);
+
+    if(mc != CURLM_OK) {
+      fprintf(stderr, "curl_multi_fdset() failed, code %d.\n", mc);
+      break;
+    }
+
+    /* On success the value of maxfd is guaranteed to be >= -1. We call
+       select(maxfd + 1, ...); specially in case of (maxfd == -1) there are
+       no fds ready yet so we call select(0, ...) --or Sleep() on Windows--
+       to sleep 100ms, which is the minimum suggested value in the
+       curl_multi_fdset() doc. */
+
+    if(maxfd == -1) {
+#ifdef _WIN32
+      Sleep(100);
+      rc = 0;
+#else
+      /* Portable sleep for platforms other than Windows. */
+      struct timeval wait = { 0, 100 * 1000 }; /* 100ms */
+      rc = select(0, NULL, NULL, NULL, &wait);
+#endif
+    }
+    else {
+      /* Note that on some platforms 'timeout' may be modified by select().
+         If you need access to the original value save a copy beforehand. */
+      rc = select(maxfd+1, &fdread, &fdwrite, &fdexcep, &timeout);
+    }
+
+    switch(rc) {
+    case -1:
+      /* select error */
+      break;
+    case 0:
+    default:
+      /* timeout or readable/writable sockets */
+      curl_multi_perform(multi_handle, &still_running);
+      break;
+    }
+
+    /*
+     * A little caution when doing server push is that libcurl itself has
+     * created and added one or more easy handles but we need to clean them up
+     * when we are done.
+     */
+
+    do {
+      int msgq = 0;;
+      m = curl_multi_info_read(multi_handle, &msgq);
+      if(m && (m->msg == CURLMSG_DONE)) {
+        CURL *e = m->easy_handle;
+        transfers--;
+        curl_multi_remove_handle(multi_handle, e);
+        curl_easy_cleanup(e);
+      }
+    } while(m);
+
+  } while(transfers); /* as long as we have transfers going */
+
+  curl_multi_cleanup(multi_handle);
+
+
+  return 0;
+}
--- a/docs/examples/http2-upload.c
+++ b/docs/examples/http2-upload.c
@ -0,0 +1,356 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+/* <DESC>
+ * Multiplexed HTTP/2 uploads over a single connection
+ * </DESC>
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <fcntl.h>
+#include <sys/stat.h>
+
+/* somewhat unix-specific */
+#include <sys/time.h>
+#include <unistd.h>
+
+/* curl stuff */
+#include <curl/curl.h>
+
+#ifndef CURLPIPE_MULTIPLEX
+/* This little trick will just make sure that we don't enable pipelining for
+   libcurls old enough to not have this symbol. It is _not_ defined to zero in
+   a recent libcurl header. */
+#define CURLPIPE_MULTIPLEX 0
+#endif
+
+#define NUM_HANDLES 1000
+
+void *curl_hnd[NUM_HANDLES];
+int num_transfers;
+
+/* a handle to number lookup, highly ineffective when we do many
+   transfers... */
+static int hnd2num(CURL *hnd)
+{
+  int i;
+  for(i=0; i< num_transfers; i++) {
+    if(curl_hnd[i] == hnd)
+      return i;
+  }
+  return 0; /* weird, but just a fail-safe */
+}
+
+static
+void dump(const char *text, int num, unsigned char *ptr, size_t size,
+          char nohex)
+{
+  size_t i;
+  size_t c;
+  unsigned int width=0x10;
+
+  if(nohex)
+    /* without the hex output, we can fit more on screen */
+    width = 0x40;
+
+  fprintf(stderr, "%d %s, %ld bytes (0x%lx)\n",
+          num, text, (long)size, (long)size);
+
+  for(i=0; i<size; i+= width) {
+
+    fprintf(stderr, "%4.4lx: ", (long)i);
+
+    if(!nohex) {
+      /* hex not disabled, show it */
+      for(c = 0; c < width; c++)
+        if(i+c < size)
+          fprintf(stderr, "%02x ", ptr[i+c]);
+        else
+          fputs("   ", stderr);
+    }
+
+    for(c = 0; (c < width) && (i+c < size); c++) {
+      /* check for 0D0A; if found, skip past and start a new line of output */
+      if(nohex && (i+c+1 < size) && ptr[i+c]==0x0D && ptr[i+c+1]==0x0A) {
+        i+=(c+2-width);
+        break;
+      }
+      fprintf(stderr, "%c",
+              (ptr[i+c]>=0x20) && (ptr[i+c]<0x80)?ptr[i+c]:'.');
+      /* check again for 0D0A, to avoid an extra \n if it's at width */
+      if(nohex && (i+c+2 < size) && ptr[i+c+1]==0x0D && ptr[i+c+2]==0x0A) {
+        i+=(c+3-width);
+        break;
+      }
+    }
+    fputc('\n', stderr); /* newline */
+  }
+}
+
+static
+int my_trace(CURL *handle, curl_infotype type,
+             char *data, size_t size,
+             void *userp)
+{
+  char timebuf[20];
+  const char *text;
+  int num = hnd2num(handle);
+  static time_t epoch_offset;
+  static int    known_offset;
+  struct timeval tv;
+  time_t secs;
+  struct tm *now;
+
+  (void)handle; /* prevent compiler warning */
+  (void)userp;
+
+  gettimeofday(&tv, NULL);
+  if(!known_offset) {
+    epoch_offset = time(NULL) - tv.tv_sec;
+    known_offset = 1;
+  }
+  secs = epoch_offset + tv.tv_sec;
+  now = localtime(&secs);  /* not thread safe but we don't care */
+  snprintf(timebuf, sizeof(timebuf), "%02d:%02d:%02d.%06ld",
+           now->tm_hour, now->tm_min, now->tm_sec, (long)tv.tv_usec);
+
+  switch (type) {
+  case CURLINFO_TEXT:
+    fprintf(stderr, "%s [%d] Info: %s", timebuf, num, data);
+  default: /* in case a new one is introduced to shock us */
+    return 0;
+
+  case CURLINFO_HEADER_OUT:
+    text = "=> Send header";
+    break;
+  case CURLINFO_DATA_OUT:
+    text = "=> Send data";
+    break;
+  case CURLINFO_SSL_DATA_OUT:
+    text = "=> Send SSL data";
+    break;
+  case CURLINFO_HEADER_IN:
+    text = "<= Recv header";
+    break;
+  case CURLINFO_DATA_IN:
+    text = "<= Recv data";
+    break;
+  case CURLINFO_SSL_DATA_IN:
+    text = "<= Recv SSL data";
+    break;
+  }
+
+  dump(text, num, (unsigned char *)data, size, 1);
+  return 0;
+}
+
+struct input {
+  FILE *in;
+  size_t bytes_read; /* count up */
+  CURL *hnd;
+};
+
+static size_t read_callback(void *ptr, size_t size, size_t nmemb, void *userp)
+{
+  struct input *i = userp;
+  size_t retcode = fread(ptr, size, nmemb, i->in);
+  i->bytes_read += retcode;
+  return retcode;
+}
+
+struct input indata[NUM_HANDLES];
+
+static void setup(CURL *hnd, int num, const char *upload)
+{
+  FILE *out;
+  char url[256];
+  char filename[128];
+  struct stat file_info;
+  curl_off_t uploadsize;
+
+  snprintf(filename, 128, "dl-%d", num);
+  out = fopen(filename, "wb");
+
+  snprintf(url, 256, "https://localhost:8443/upload-%d", num);
+
+  /* get the file size of the local file */
+  stat(upload, &file_info);
+  uploadsize = file_info.st_size;
+
+  indata[num].in = fopen(upload, "rb");
+  indata[num].hnd = hnd;
+
+  /* write to this file */
+  curl_easy_setopt(hnd, CURLOPT_WRITEDATA, out);
+
+  /* we want to use our own read function */
+  curl_easy_setopt(hnd, CURLOPT_READFUNCTION, read_callback);
+  /* read from this file */
+  curl_easy_setopt(hnd, CURLOPT_READDATA, &indata[num]);
+  /* provide the size of the upload */
+  curl_easy_setopt(hnd, CURLOPT_INFILESIZE_LARGE, uploadsize);
+
+  /* send in the URL to store the upload as */
+  curl_easy_setopt(hnd, CURLOPT_URL, url);
+
+  /* upload please */
+  curl_easy_setopt(hnd, CURLOPT_UPLOAD, 1L);
+
+  /* send it verbose for max debuggaility */
+  curl_easy_setopt(hnd, CURLOPT_VERBOSE, 1L);
+  curl_easy_setopt(hnd, CURLOPT_DEBUGFUNCTION, my_trace);
+
+  /* HTTP/2 please */
+  curl_easy_setopt(hnd, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_2_0);
+
+  /* we use a self-signed test server, skip verification during debugging */
+  curl_easy_setopt(hnd, CURLOPT_SSL_VERIFYPEER, 0L);
+  curl_easy_setopt(hnd, CURLOPT_SSL_VERIFYHOST, 0L);
+
+#if (CURLPIPE_MULTIPLEX > 0)
+  /* wait for pipe connection to confirm */
+  curl_easy_setopt(hnd, CURLOPT_PIPEWAIT, 1L);
+#endif
+
+  curl_hnd[num] = hnd;
+}
+
+/*
+ * Upload all files over HTTP/2, using the same physical connection!
+ */
+int main(int argc, char **argv)
+{
+  CURL *easy[NUM_HANDLES];
+  CURLM *multi_handle;
+  int i;
+  int still_running; /* keep number of running handles */
+  const char *filename = "index.html";
+
+  if(argc > 1)
+    /* if given a number, do that many transfers */
+    num_transfers = atoi(argv[1]);
+
+  if(argc > 2)
+    /* if given a file name, upload this! */
+    filename = argv[2];
+
+  if(!num_transfers || (num_transfers > NUM_HANDLES))
+    num_transfers = 3; /* a suitable low default */
+
+  /* init a multi stack */
+  multi_handle = curl_multi_init();
+
+  for(i=0; i<num_transfers; i++) {
+    easy[i] = curl_easy_init();
+    /* set options */
+    setup(easy[i], i, filename);
+
+    /* add the individual transfer */
+    curl_multi_add_handle(multi_handle, easy[i]);
+  }
+
+  curl_multi_setopt(multi_handle, CURLMOPT_PIPELINING, CURLPIPE_MULTIPLEX);
+
+  /* We do HTTP/2 so let's stick to one connection per host */
+  curl_multi_setopt(multi_handle, CURLMOPT_MAX_HOST_CONNECTIONS, 1L);
+
+  /* we start some action by calling perform right away */
+  curl_multi_perform(multi_handle, &still_running);
+
+  do {
+    struct timeval timeout;
+    int rc; /* select() return code */
+    CURLMcode mc; /* curl_multi_fdset() return code */
+
+    fd_set fdread;
+    fd_set fdwrite;
+    fd_set fdexcep;
+    int maxfd = -1;
+
+    long curl_timeo = -1;
+
+    FD_ZERO(&fdread);
+    FD_ZERO(&fdwrite);
+    FD_ZERO(&fdexcep);
+
+    /* set a suitable timeout to play around with */
+    timeout.tv_sec = 1;
+    timeout.tv_usec = 0;
+
+    curl_multi_timeout(multi_handle, &curl_timeo);
+    if(curl_timeo >= 0) {
+      timeout.tv_sec = curl_timeo / 1000;
+      if(timeout.tv_sec > 1)
+        timeout.tv_sec = 1;
+      else
+        timeout.tv_usec = (curl_timeo % 1000) * 1000;
+    }
+
+    /* get file descriptors from the transfers */
+    mc = curl_multi_fdset(multi_handle, &fdread, &fdwrite, &fdexcep, &maxfd);
+
+    if(mc != CURLM_OK) {
+      fprintf(stderr, "curl_multi_fdset() failed, code %d.\n", mc);
+      break;
+    }
+
+    /* On success the value of maxfd is guaranteed to be >= -1. We call
+       select(maxfd + 1, ...); specially in case of (maxfd == -1) there are
+       no fds ready yet so we call select(0, ...) --or Sleep() on Windows--
+       to sleep 100ms, which is the minimum suggested value in the
+       curl_multi_fdset() doc. */
+
+    if(maxfd == -1) {
+#ifdef _WIN32
+      Sleep(100);
+      rc = 0;
+#else
+      /* Portable sleep for platforms other than Windows. */
+      struct timeval wait = { 0, 100 * 1000 }; /* 100ms */
+      rc = select(0, NULL, NULL, NULL, &wait);
+#endif
+    }
+    else {
+      /* Note that on some platforms 'timeout' may be modified by select().
+         If you need access to the original value save a copy beforehand. */
+      rc = select(maxfd+1, &fdread, &fdwrite, &fdexcep, &timeout);
+    }
+
+    switch(rc) {
+    case -1:
+      /* select error */
+      break;
+    case 0:
+    default:
+      /* timeout or readable/writable sockets */
+      curl_multi_perform(multi_handle, &still_running);
+      break;
+    }
+  } while(still_running);
+
+  curl_multi_cleanup(multi_handle);
+
+  for(i=0; i<num_transfers; i++)
+    curl_easy_cleanup(easy[i]);
+
+  return 0;
+}
--- a/docs/examples/httpcustomheader.c
+++ b/docs/examples/httpcustomheader.c
@ -5,11 +5,11 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
@ -19,6 +19,10 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
+/* <DESC>
+ * HTTP request with custom modified, removed and added headers
+ * </DESC>
+ */
 #include <stdio.h>
 #include <curl/curl.h>

--- a/docs/examples/httpput.c
+++ b/docs/examples/httpput.c
@ -5,11 +5,11 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
@ -19,6 +19,10 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
+/* <DESC>
+ * HTTP PUT with easy interface and read callback
+ * </DESC>
+ */
 #include <stdio.h>
 #include <fcntl.h>
 #include <sys/stat.h>
@ -56,7 +60,7 @@ int main(int argc, char **argv)
 {
  CURL *curl;
  CURLcode res;
-  FILE * hd_src ;
+  FILE * hd_src;
  struct stat file_info;

  char *file;
--- a/docs/examples/https.c
+++ b/docs/examples/https.c
@ -5,11 +5,11 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
@ -19,6 +19,10 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
+/* <DESC>
+ * Simple HTTPS GET
+ * </DESC>
+ */
 #include <stdio.h>
 #include <curl/curl.h>

--- a/docs/examples/imap-append.c
+++ b/docs/examples/imap-append.c
@ -5,11 +5,11 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
- * are also available at http://curl.haxx.se/docs/copyright.html.
+ * are also available at https://curl.haxx.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
@ -19,6 +19,12 @@
 * KIND, either express or implied.
 *
 ***************************************************************************/
+
+/* <DESC>
+ * IMAP example showing how to send e-mails
+ * </DESC>
+ */
+
 #include <stdio.h>
 #include <string.h>
 #include <curl/curl.h>
@ -38,7 +44,8 @@ static const char *payload_text[] = {
  "To: " TO "\r\n",
  "From: " FROM "(Example User)\r\n",
  "Cc: " CC "(Another example User)\r\n",
-  "Message-ID: <dcd7cb36-11db-487a-9f3a-e652a9458efd@rfcpedant.example.org>\r\n",
+  "Message-ID: "
+  "<dcd7cb36-11db-487a-9f3a-e652a9458efd@rfcpedant.example.org>\r\n",
  "Subject: IMAP example message\r\n",
  "\r\n", /* empty line to divide headers from body, see RFC5322 */
  "The body of the message starts here.\r\n",
--- a/Show More
+++ b/Show More